pax_global_header00006660000000000000000000000064132776404010014516gustar00rootroot0000000000000052 comment=66fefc9c71cc7ceb3e64e85a1098dfdf1b7d0afe xl2tpd-1.3.12/000077500000000000000000000000001327764040100130175ustar00rootroot00000000000000xl2tpd-1.3.12/.gitignore000066400000000000000000000000541327764040100150060ustar00rootroot00000000000000*.o *~ *.bak xl2tpd xl2tpd-control pfc tags xl2tpd-1.3.12/.travis.yml000066400000000000000000000003761327764040100151360ustar00rootroot00000000000000os: - linux language: c compiler: - gcc sudo: false addons: apt: packages: - make - gcc-multilib - libpcap0.8 - libpcap0.8-dev cache: directories: - $HOME/.ccache before_script: make clean script: make xl2tpd-1.3.12/BUGS000066400000000000000000000001131327764040100134750ustar00rootroot00000000000000Please see (and report) bugs at https://github.com/xelerance/xl2tpd/issues xl2tpd-1.3.12/CHANGES000066400000000000000000000455161327764040100140250ustar00rootroot00000000000000v1.3.12 (May 18, 2018) * TOS value to copy to the tunnel header (Yurkovskyy) * Fix for ENODEV (No such device) error with Linux kernel 4.15 (Douglas Kosovic) * Update xl2tpd.init (bogdik) * fix version number and upload (Samuel Thibault) * import wheezy changes (Samuel Thibault) v1.3.11 (March 7, 2018) * Build packages for Xenial by default (Simon Deziel) * Bump d/compat to 9 (Simon Deziel) * Drop d/repack.sh script and refresh d/watch (Simon Deziel) * Refresh d/control by partly sync'ing from Debian (Simon Deziel) * Use HTTPS URL in d/copyright (Simon Deziel) v1.3.10.1 (November 16, 2017) * Have max retries as a configuration [Samir Hussain] * Add more into to "select timeout" debug message [Samir Hussain] v1.3.10 (August 2, 2017) * Update STRLEN in file.h to 100 (from 80) [Samir Hussain] * xl2tpd-control: fix xl2tpd hanged up in "fopen" [wendy2001011] * Update version in spec and opewnrt Makefile. [Samir Hussain] v1.3.9 (February 8, 2017) * Add xl2tpd-control man pages (Samir Hussain) * Update spec file with newest Soure0 and version (Samir Hussain) * Update License file (Samir Hussain) * Display PID for call in the logs (Samir Hussain) * Use left shift rather than pow() function. (Samir Hussain) * Enable Travis integration (Samir Hussain) * Remove unnecessary casting of malloc() results (Andrew Clayton) * Remove an unused line of code in init_config() (Andrew Clayton) * Fix some undefined behaviour in read_result() (Andrew Clayton) * Fix feature test macro deprecation warnings (Andrew Clayton) v1.3.8 (August 11, 2016) * Another one fix for control buf handling in udp_xmit (Sergey Ryazanov) * Fixing minor bug in Linux that was introduced by 90368 (Samir Hussain) * Fix control buffer handling in udp_xmit (rsa9000) * Avoid using IP_PKTINFO with non-Linux systems (Sergey Ryazanov) * Remove duplicated UDP checksum disabling (Sergey Ryazanov) * Handle LDLIBS carefully (Sergey Ryazanov) * Avoid false-positive warning message from not smart compilers (Sergey Ryazanov) * Correctly activate XPG4v2 support (Sergey Ryazanov) * Simplify signal header inclusion (Sergey Ryazanov) * Adding info on the mailing lists (Samir Hussain) * Fixing minor spelling typo in code. (Samir Hussain) * Fixing minor spelling mistakes in xl2tpd.conf.5 and l2tpd.conf.sample (Samir Hussain) * Removing -fno-builtin from CFLAGS (Samir Hussain) v1.3.7 (March 29, 2016) * Adding defensive code to deal with error when pppd exits (Samir Hussain) * Minor compilation fixes (Yousong Zhou) * Refresh debian/ from Debian. Thanks! (Simon Deziel) * Update URL (Simon Deziel) * Update copyright year (Simon Deziel) * Add local ip range option. (Patch by by Peter W Morreale) * Drop RFC 2661 copy. (Simon Deziel) * debian/control drop legacy Replaces (Simon Deziel) * Typo fix (Simon Deziel) * Fix #98 by checking if a valid PID is being killed (Pieter Jordaan) * Avoid problems with bad avp lengths and remaining hidlen from previous iteration (Cristi Cimpianu) * Fix minor grammar issues in xl2tpd.conf(5) (kballou) * Fix possible NULL reference when removing lac (Yousong Zhou) * Describe autodial option in xl2tpd.conf manpage (Anton Leontiev) * Update URL in BUGS file (Anton Leontiev) * Add size optimization (Cristi Cimpianu) * Remove useless returns from magic_lac_tunnel (Cristi Cimpianu) * Remove duplicate xmit for ZLBs (Cristi Cimpianu) * Fix segfault on lac remove (Cristi Cimpianu) * Fix paths in man pages (Taiki Sugawara) * Stop sending ZLB in response to out of order ZLB from check_control (Cristi Cimpianu) * Add exponential backoff retransmits (Pieter Willem Jordaan) * Fix build errors caused by inline function with gcc 5 (Kai Kang) * Fix memory leaks and accessing free'd memory (Yousong Zhou) * Fix double-free on dial_no_tmp; (Yousong Zhou) * Change handle_special to return a value indicating if it frees the buffer (Cristi Cimpianu) * Remove unnecessary NULL check on lac. (Yousong Zhou) * xl2tpd-control: show all available commands in --help. (Yousong Zhou) * Ignore SIGPIPE signal. (Yousong Zhou) * Unlink result file to prevent leftover a regular file. (Yousong Zhou) * Introduce new option -l for using syslog as the logging facility. (Yousong Zhou) * start_pppd: place opts after "plugin pppol2tp.so". (Yousong Zhou) * Fix typo in reporting available lns count. (Yousong Zhou) * xl2tpd-control: enhance output of print_error(). (Yousong Zhou) * xl2tpd-control: cleaup result file atexit(). (Yousong Zhou) * xl2tpd-control: open control file with O_NONBLOCK. (Yousong Zhou) * xl2tpd-control: define _GNU_SOURCE to use fmemopen() and friends. (Yousong Zhou) * xl2tpd-control: check end-of-file when reading pipe to avoid dead loop. (Yousong Zhou) * Correct CDN message result range (Constantin Calotescu) * place the PPP frame buffer to the call structure (rsa9000) * Place the pty read buffer to the call structure (rsa9000) * Pass pointer to call structure to read_packet() (rsa9000) * Remove convert arg of read_packet() function (rsa9000) * Remove dead code (rsa9000) * Fix the list of ignored files (rsa9000) * Add checks before closing sockets (Cristi Cimpianu) * Add a bit more info about existing tunnels and calls (Cristi Cimpianu) * Fix endless loop (Cristi Cimpianu) * Add fix for socket leak to fork children (Cristi Cimpianu) * Random fixes (Constantin Calotescu) * Solve some memory leaks that show up after several days of running with flapping tunnels and calls. (Cristi Cimpianu) * Fix for avoiding xltpd occasionally going into an endless loop. (Damian Ivereigh) * Fixed issue with strtok modifying contents when pushing details for ppd plugins (Michael Lawson) * Added the ability to add a pppd plugin and params to an lns (Michael Lawson) * Modified lns_remove to close each call rather than just calling destroy_tunnel() (Michael Lawson) * Added control method to remove an lns (Michael Lawson) * Refactored the do_control() method to use a handler approach for processing (Michael Lawson) * Fixed potential null pointer when creating a new lns (Michael Lawson) * Added status control command for lns, this returns tunnel and call information via the control socket (Michael Lawson) * Added control support for adding lns and status command in xl2tp-control (Michael Lawson) * Added control pipe method CONTROL_PIPE_REQ_LNS_ADD_MODIFY to modify LNS configuration (Michael Lawson) * Introduced shared control request types (Michael Lawson) * Fixed typo in xl2tpd.conf.5 (paina) * Some malloc/free sanity patches. (Patrick Naubert) * Better NETBSD support. (Patrick Naubert) * Prevent a DEBUG message from being sent to syslog when not debugging. (Patrick Naubert) v1.3.6 (Jan 15, 2014) * I keep screwing up the version number. Changes to CHANGES and l2tp.h * Fix the size of the lenght param for AVP headers. This should fix Android support no matter how the compiler optimizes. v1.3.5 (Jan 15, 2014) * Re-define the add_header() function as the compiler was screwing up the lenght|MBIT logic. THIS RE-ENABLES ANDROID SUPPORT which had been broken since 1.2.7 v1.3.4 (Jan 13, 2014) * Revert "Patches from Fedora to use Openssl MD5 instead of our own" This patch forced us to ask for a license exception, which we cannot do. * Revert "Add a license exception to link xl2tpd with OpenSSL" Without the OpenSSL MD5 requirement, we no longer need to ask for a license exception. v1.3.3 (Jan 3, 2014) * License exception for linking with OpenSSL (this is because we do not use our MD5 anymore) * Check write return code on control socket (fixes FTBFS with -Wall) [Simon Deziel] v1.3.2 (Nov 15, 2013) * Remove unused variables reported by gcc -Wunused [Paul Wouters] * Retain password when redial is enabled [Ted Phelps] * Respect LDFLAGS, original author unknown [Jeremy Olexa] * Turn off UDP checksums [mcr] * Respect CFLAGS for xl2tpd-control [Mike Gilbert] * Patches from Fedora to use Openssl MD5 instead of our own [Patrick Naubert] * Cosmetic fix log warning about IPsec SAref kernel mod support [Pavel Kopchyk] * Upgrade options (in global contex) according to their keyword words in 'file.c' [Pavel Kopchyk] * Actually force userspace when using SAref [Sergey Fionov] * Enable kernel-mode by default [Sergey Fionov] * Fix kernel support for 2.6.23+ [Sergey Fionov] * Remove if_pppol2tp.h header [Sergey Fionov] * Tell pppd to set LNS mode flag on kernel pppol2tp session socket. [Sergey Fionov] * Wrap connect_pppol2tp() with ifdef [Sergey Fionov] * Check for existence of SO_NO_CHECK before using it [Stuart Henderson] * Check that argv[1] isn't null before strncmp() [Stuart Henderson] * Set a valid msg_controllen, OpenBSD needs it [Stuart Henderson] * Avoid type punning: it makes gcc grumpy. [Ted Phelps] * Cope with comment lines that extend beyond 120 characters. BZ#806963. [Ted Phelps] * Document the default duration of the redial timeout option. [Ted Phelps] * Don't call grantpt(). [Ted Phelps] * Fix an uninitialize memory access. [Ted Phelps] * Fix udp_xmit to work on Linux *and* OpenBSD [Ted Phelps] * Increase the size of the buffer used to read config file lines. [Ted Phelps] * Make it possible to prevent xl2tpd from overwriting ppp's ipparam [Ted Phelps] * Quash more valgrind warnings. [Ted Phelps] * Set msgh.msg_controllen before calling CMSG_FIRSTHDR [Ted Phelps] * + use address from the last received UDP packet in UDP messages response [Tomas Chmelar] * Clean up samples [Tuomo] * Don't mark some AVPs as mandatory [wangxiaoguang] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680146 * Remove a 'sleep' in control_finish [wangxiaoguang] v1.3.1 (Oct 6, 2011) * Suse updated to spec and init files [Shinichi Furuso] * SAREF: Changed IP_IPSEC_REFINFO to global option "saref refinfo" [Paul] * Updated configuration examples with SAref [Paul] * samples: cleaned up samples and removed broken ones [Tuomo] v1.3.0 (July 23, 2011) * Added xl2tpd-control [Alexander Dorokhov] * Added 'a' (add) and 'd' (delete) control options [Alexander Dorokhov] * Refresh debian/ from Debian. [Roberto C. Snchez] * Buffer overrun in reading >16 char l2tp-secrets [Matt Domsch] (https://bugzilla.redhat.com/show_bug.cgi?id=689178) * xl2tpd may leaks file descriptors [Steve Barth] * xl2tpd: field o_pad in "struct payload_hdr" unnecessary. RFC 2661 [Ilya] * Fix logging in write_packet() [Ilya] * Bug tracker bugs fixed: #1119 Segfault upon config error [Andrey Cherny] #1223 Gentoo QA warning: dereferencing pointer [Andrey Cherny] #1236 xl2tpd hungs and wont redial after communication fail [Andrey Cherny] #1237 delayed null pointer check [Andrey Cherny] v1.2.8 * Makefile: fix compilation with --as-needed linker flag [Vladimir V. Kamarzin] * Workaround for apple clients missing htons() [Brian Mastenbrook] * Log destination ip and port in case of send failure [Mika Ilmaranta] * Added Default-Stop: to fedora initscript [Paul] * Bug tracker bugs fixed: #1078 xl2tpd doesn't pass 'ipparam' to pppd and pppd won't get client ip (Xiaoguang WANG) v1.2.7 * Reduce time in signal handlers where we cannot log [Shinichi Furuso] * Add rx/tx bps speed setting options [Tony Hoyle] (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578070) * Rename FFLAGS to IPFLAGS to avoid clashing on debian [Paul] * spelling fix (dont -> don't) [Paul] v1.2.6 * Partial fix for compiling on OpenBSD [synapse] * add missing setting of logopen=1 in init_log() [Shingo Yamawaki] * xltpd could deadlock on syslog() call in signal handler [Bart Trojanowski] * fix fedora/centos spec file [Paul] v1.2.5 * Fix initscript for https://bugzilla.redhat.com/show_bug.cgi?id=247100 * Fix for two Windows machines behind the same NAT with the samed number of l2tp connection attempts since boot [Shinichi Furuso] v1.2.4 * Fixes to Suse spec file [Shingo Yamawaki] * unclutter logs for 'select timeout' [Shingo Yamawaki] * Make sure child_handler and destroy_call won't conflict when pppd is killed [Mika Ilmaranta/ Tuomo] * Workaround for broken kernels that send duplicate pids to waitpid() See: https://bugzilla.redhat.com/show_bug.cgi?id=486945 [Mika / Tuomo] * Fix pppd option from legacy -detach to nodetach [Tuomo] v1.2.3 * Fixes for prefix/destdir and spec files [paul/tuomo] * Use pcap not pcap-devel on suse, rhel and centos [paul/tuomo/shingo] * Added pfc to contrib. pfc is a tool to compile active-filters for pppd, which can be used for dial-on-demand filters [paul/roberto] * Bug tracker bugs fixed # 998: xl2tpd-1.2.2 Makefile sets wrong path for mandir v1.2.2 * PPP CHAP authentication using plugin passwordfd.so failed [tgohad@mvista.com] * Use SIGALRM only in select(). This prevents a problem where a pppd child (eg ntpd via ppp-up.d/ script) is using signaling too. [Shingo Yamawaki] * A file descriptor is left opened when exec'ing pppd. [Shingo Yamawaki] * When select() is interrupted, readfds should not be used. [Shingo Yamawaki] * Modifications to Makefile to support DESTDIR [paul] * Modifications to compile on OpenBSD [Stephen Ayotte] * Bug tracker bugs fixed #955: refuse authentication is backward for LAC sections [Dean Scarff] v1.2.1 * Fixes to Suse init file and spec file [paul] * Changed some build defaults in Makefile [paul] v1.2.0 * Synchronised IP_IPSEC_REFINFO define with KLIPSNG patch [paul] * Fixed versioning and bumped to 1.2.0 [paul] v1.1.12 * Fix for dropped packets and wrong disconnects. [Ray Overland / Tuomo] * Included debian directory from Roberto C. Sanchez v1.1.11 * Support for passwordfd when using xl2tpd as client. Patch by David MacKinnon * Add DEBUG_AUTH comments to the Makefile [paul] * Workaround for Cisco routers that do not send transmit speed or framing type [paul] * Fix two old l2tpd references to xl2tpd (syslog used wrong name) [paul] v1.1.10 * add pid to pppd logging [tuomo] * don't specify compiler flags (overrides packaging flags in rpm) [tuomo] * minor documentation fixes [tuomo/paul] v1.1.09 * Forgot to bump version number, so to avoid confusing, I bumped everything to 1.1.09 v1.1.08 * Confirmed pppd bug of not always terminating on SIGTERM. The new define TRUST_PPPD_TO_DIE determins whether we send SIGTERM or SIGKILL, with SIGKILL being the (new) default. (ppp-2.4.2-6.4.RHEL4 is known to be broken) v1.1.07 * Fix for unaligned header field accesses crashes on RISC by Dave S. Miller (# 735) * Added and enabled pppd debugging code to assist locating a serious xl2tpd infinite loop when pppd does not die after a SIGTERM. * Complete support for pppol2tp's kernel mode L2TP. Patch by Cedric * Make spec file Fedora Extras compliant * Added pppol2tp-linux-2.4.27.patch to contrib/ * Pidfile fixes (by Tuomo) * Fix creation of pid file if /var/run/xl2tpd does not exist. * Fix compile without SANITY defined (Charlie Brady ) * Fix configuration filename for the ppp options file (#725 by Tuomo) * Fixes to compile with all DEBUG_* statements enabled * Documented all DEBUG_* statements in Makefile v1.1.06 * Build xl2tpd and use /etc/xl2tpd/xl2tpd.* configuration files with fallback to /etc/l2tpd/l2tpd.* configuration files. * Support for pppol2tp's kernel mode L2TP. Patch by Cedric Schieli * Documented IPsec SA reference tracking for use with Openswan * Added patents documentation. * Migration support on xl2tpd.spec for l2tpd -> xl2tpd v1.1.05 * Changed versioning scheme to match Xelerance standards * IPsec SA reference tracking added (used with Openswan's IPsec transport mode) This adds support for multiple clients behind the same NAT router, and multiple clients on the same internal IP behind different NAT routers. * Fix for Windows clients that send the wrong tunnel ID for closing tunnels v1.04 * actually, 1.03 tag in GIT was in the wrong place. This is the right release. v1.03 * fixes for gcc 4.xx compilation v1.02 * udpated CHNANGELOG v1.01 * various debugging added, but debugging should not be on by default * async/sync conversion routines must be ready for possibility that the read will block due to routing loops * refactored control socket handling. * use man page in doc/ * move all logic about pty usage to pty.c try ptmx first. if it fails try legacy ptys * rename log() to l2tp_log(), as "log" is a math function. v1.00 * First version managed by Xelerance, called xl2tpd. * If we aren't deamonized, then log to stderr. * added install: and DESTDIR support 0.70 -- Change path for config files from /etc/l2tp to /etc/l2tpd (jacco2@dds.nl) Turn of echo no ptys to pppd (Damien de Soto) Add pty name to command line passed to pppd (Chris Wilson) Added listen-addr parameter to l2tpd.conf (jacco2@dds.nl) Close stdin when in daemon mode (jacco2@dds.nl) Improve interoperability with MSL2TP (jacco2@dds.nl) Eliminate some warnings (jacco2@dds.nl) 0.69 -- Edited l2tpd.conf.5 man page to correct some information Added l2tpd.8 and l2tp-secrets.5 man pages Zero'ed out memory malloced to hold challenge, otherwise we may pass wrong challenge to md5 code 0.68 -- Updated copyright notice on all relevent files Changed vendor name as it appears in AVP's Add new sources of randomness, reading /dev/urandom Seed rand() with time() Stubs available for egd randomness source, not implemented yet though Don't close fd 0 as workaround for signal problems in daemon mode Fix some off by 6 errors in avp handling 0.67 -- close pty connecting to pppd in child_handler() Add code to daemonize correctly Add command line options -D to not daemonize -p to specify a pidfile -c to specify a config file -s to specify a secrets file Catch a SIGHUP that's coming from who-knows-where and do nothing 0.66 -- Fixed tunnel authentication mechanism so that it works! Fixed several segfaults...some in debugging code 0.65.1 -- Reformatted all .c and .h files using GNU indent 0.65 -- Fix to handling SLI packets reformatted some code in a few small places Added valid, new (since L2TP draft days) result codes autodialed calls switched to be "Incoming calls" rather than "Outgoing" Re-arranged some header declarations Remote systems may use the same Tunnel ID...this is OK Look for l2tpd.conf in /etc/l2tp and in /etc/l2tpd...look for l2tp-secrets int he same directory Portability enhancement (act.sa_restorer only used on i386?) (Jean-Francois Dive) 0.64 -- Too many that I lost track... Scaleability improvements from Huiban Yoann at Siemens Rudimentary Outgoing Call Request system As in CREDITS, "an uncountable amount of little bug fixes" 0.63 -- Syslog support added!!! Improved data sequencing & flow control serial number checking Removed call flow/session control serial number checking in ICRQ -- Did we do this already and we're going mindless? :D Removed checking of now-defunct R bit Changed PPP framing to always sync Various and asundry other fixes NOW OPERABLE WITH CISCO IOS 12.1 Continued interoperability improvements with Windows 2000 clients 0.62 -- Removed call flow/session control (inapplicable as of RFC spec draft 13) Corrected invalid Receive Window Size AVP in ICCN Corrected Bearer Capabilities non-requirement in SCCRQ & SCCRP Verified operability with Cisco 3000 series 0.61 -- Fixed shutdown of PPPd from SIGKILL to SIGTERM Beginning code cleanup and interoperability testing xl2tpd-1.3.12/CREDITS000066400000000000000000000036261327764040100140460ustar00rootroot00000000000000* Xelerance has forked l2tpd into xl2tpd. * Michael Richardson , for adding IPsec SAref tracking * Paul Wouters , for packaging, debugging and support. * Tuomo Soini for various packaging and initscript patches * Shingo Yamawaki & Shinichi Furuso for SAref related patches. Thanks to Jacco de Leeuw for his maintenance of the 0.69 version of l2tpd. Original credits follow. Mark Spencer was the primary author of this work. He would like to thank the following people for their contributions: * Peter Brackett, Adtran, for supporting the creation of this free software * Alan Cox, RedHat, for architectural suggestions and moral support :) * Kyle Farnsworth, Adtran, for helping me get started and for providing me with the Adtran LAC for initial testing * Ashish Lal, Midnight Networks, for thorughly evaluating compliance of l2tpd to the published l2tp specification * Rich Martin, Deltacom, for loaning me a Cisco 3000 router for interoperability testing * Kevin Schneider, Adtran, for initially pointing me in the direction of doing l2tp support for Linux * Mark Townsley, Cisco Systems, for helping answer a variety of questions (particularly relating to authentication) and for aiding with interoperability testing with Cisco l2tp software. The MD5 code was written by Colin Plumb, and is without copyright (public domain). This project was forked January 12, 2001 by Scott Balmos and David Stipp due to the apparent inactivity of the project. We also would like to thank the following people who helped us after the fork: * Jeff McAdams, IgLou Internet Services, for being our own Alan Cox clone. * Huiban Yoann, Siemens, for some scaleability improvements. * Jens Zerbst, for initial implementation of a rudimentary Outgoing Call Request system * Everyone out there who have submitted an uncountable amount of little bug fixes. Thanks all!!! xl2tpd-1.3.12/LICENSE000066400000000000000000000432541327764040100140340ustar00rootroot00000000000000 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. xl2tpd-1.3.12/Makefile000066400000000000000000000120211327764040100144530ustar00rootroot00000000000000# # Layer Two Tunneling Protocol Daemon # Copyright (C)1998 Adtran, Inc. # # Mark Spencer # # This is free software. You may distribute it under # the terms of the GNU General Public License, # version 2, or at your option any later version. # # Note on debugging flags: # -DDEBUG_ZLB shows all ZLB exchange traffic # -DDEBUG_HELLO debugs when hello messages are sent # -DDEBUG_CLOSE debugs call and tunnel closing # -DDEBUG_FLOW debugs flow control system # -DDEBUG_FILE debugs file format # -DDEBUG_AAA debugs authentication, accounting, and access control # -DDEBUG_PAYLOAD shows info on every payload packet # -DDEBUG_CONTROL shows info on every control packet and the l2tp-control pipe # -DDEBUG_PPPD shows the command line of pppd and how we signal pppd (see below) # -DDEBUG_HIDDEN debugs hidden AVP's # -DDEBUG_ENTROPY debug entropy generation # -DDEBUG_CONTROL_XMIT # -DDEBUG_MAGIC # -DDEBUG_FLOW_MORE # -DDEBUG_AUTH # # -DTEST_HIDDEN makes Assigned Call ID sent as a hidden AVP # # -DTRUST_PPPD_TO_DIE # # Defining TRUST_PPPD_TO_DIE disables a workaround for broken pppds. Do NOT # define this unless you fully trust your version of pppd to honour SIGTERM. # However, if you experience hanging pppd's, which cause xl2tpd to also hang, # enable this. # The cost of not trusting pppd to die (and shoot it down hard), is that your # pppd's ip-down scripts will not have a chance to run. # # For more details see: http://bugs.xelerance.com/view.php?id=739 # # Confirmed bad versions of pppd: # - ppp-2.4.2-6.4.RHEL4 # Confirmed good version of pppd: # - recent Ubuntu/Debian pppd's # # ppp 2.4.3 sends a SIGTERM after 5 seconds, so it should be safe to # trust pppd. This work around will be removed in the near future. # DFLAGS= -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH DFLAGS?= -DDEBUG_PPPD -DTRUST_PPPD_TO_DIE # Uncomment the next line for Linux. KERNELSRC is needed for if_pppol2tp.h, # but we use a local copy if we don't find it. # #KERNELSRC=/lib/modules/`uname -r`/build/ KERNELSRC?=./linux OSFLAGS?= -DLINUX -I$(KERNELSRC)/include/ # # Uncomment the following to use the kernel interface under Linux # This requires the pppol2tp-linux-2.4.27.patch patch from contrib # or a 2.6.23+ kernel. On some distributions kernel include files # are packages seperately (eg kernel-headers on Fedora) # Note: 2.6.23+ support still needs some changes in the xl2tpd source # OSFLAGS+= -DUSE_KERNEL # # # Uncomment the next line for FreeBSD # #OSFLAGS?= -DFREEBSD # # Uncomment the next three lines for NetBSD # #OSFLAGS?= -DNETBSD #CFLAGS+= -D_NETBSD_SOURCE #LDLIBS?= -lutil # # Uncomment the next line for Solaris. For solaris, at least, # we don't want to specify -I/usr/include because it is in # the basic search path, and will over-ride some gcc-specific # include paths and cause problems. # #CC?=gcc # Change /opt/sfw/ to whereever your pcap library/include files are #OSFLAGS?= -DSOLARIS -DPPPD=\"/usr/bin/pppd\" -std=c99 -pedantic -D__EXTENSIONS__ -D_XPG4_2 -D_XPG6 -I/opt/sfw/include #OSLIBS?= -lnsl -lsocket # Uncomment the next two lines for OpenBSD # #OSFLAGS?= -DOPENBSD #LDLIBS?= -lutil # Feature flags # # Comment the following line to disable xl2tpd maintaining IP address # pools to pass to pppd to control IP address allocation IPFLAGS?= -DIP_ALLOCATION CFLAGS+= $(DFLAGS) -Os -Wall -DSANITY $(OSFLAGS) $(IPFLAGS) HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h md5.h OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o md5.o SRCS=${OBJS:.o=.c} ${HDRS} CONTROL_SRCS=xl2tpd-control.c #LIBS= $(OSLIBS) # -lefence # efence for malloc checking EXEC=xl2tpd CONTROL_EXEC=xl2tpd-control PREFIX?=/usr/local SBINDIR?=$(DESTDIR)${PREFIX}/sbin BINDIR?=$(DESTDIR)${PREFIX}/bin MANDIR?=$(DESTDIR)${PREFIX}/share/man all: $(EXEC) pfc $(CONTROL_EXEC) clean: rm -f $(OBJS) $(EXEC) pfc.o pfc $(CONTROL_EXEC) $(EXEC): $(OBJS) $(HDRS) $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LDLIBS) $(CONTROL_EXEC): $(CONTROL_SRCS) $(CC) $(CFLAGS) $(LDFLAGS) $(CONTROL_SRCS) -o $@ pfc: $(CC) $(CFLAGS) -c contrib/pfc.c $(CC) $(LDFLAGS) -o pfc pfc.o -lpcap $(LDLIBS) romfs: $(ROMFSINST) /bin/$(EXEC) install: ${EXEC} pfc ${CONTROL_EXEC} install -d -m 0755 ${SBINDIR} install -m 0755 $(EXEC) ${SBINDIR}/$(EXEC) install -d -m 0755 ${MANDIR}/man5 install -d -m 0755 ${MANDIR}/man8 install -m 0644 doc/xl2tpd.8 ${MANDIR}/man8/ install -m 0644 doc/xl2tpd-control.8 ${MANDIR}/man8/ install -m 0644 doc/xl2tpd.conf.5 doc/l2tp-secrets.5 \ ${MANDIR}/man5/ # pfc install -d -m 0755 ${BINDIR} install -m 0755 pfc ${BINDIR}/pfc install -d -m 0755 ${MANDIR}/man1 install -m 0644 contrib/pfc.1 ${MANDIR}/man1/ # control exec install -d -m 0755 ${SBINDIR} install -m 0755 $(CONTROL_EXEC) ${SBINDIR}/$(CONTROL_EXEC) # openbsd # install -d -m 0755 /var/run/xl2tpd # mkfifo /var/run/l2tp-control TAGS: ${SRCS} etags ${SRCS} xl2tpd-1.3.12/README.xl2tpd000066400000000000000000000035331327764040100151170ustar00rootroot00000000000000URL : https://www.xelerance.com/software/xl2tpd/ Summary : Layer 2 Tunnelling Protocol Daemon (RFC 2661) Description : xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661). L2TP allows you to tunnel PPP over UDP. Some ISPs use L2TP to tunnel user sessions from dial-in servers (modem banks, ADSL DSLAMs) to back-end PPP servers. Another important application is Virtual Private Networks where the IPsec protocol is used to secure the L2TP connection (L2TP/IPsec, RFC 3193). The L2TP/IPsec protocol is mainly used by Windows and Mac OS X clients. On Linux, xl2tpd can be used in combination with IPsec implementations such as Openswan. Example configuration files for such a setup are included in this RPM. xl2tpd works by opening a pseudo-tty for communicating with pppd. It runs completely in userspace but supports kernel mode L2TP. xl2tpd supports IPsec SA Reference tracking to enable overlapping internak NAT'ed IP's by different clients (eg all clients connecting from their linksys internal IP 192.168.1.101) as well as multiple clients behind the same NAT router. xl2tpd supports the pppol2tp kernel mode operations on 2.6.23 or higher, or via a patch in contrib for 2.4.x kernels. Note that kernel mode and IPsec SA Reference tracking do not yet work together. Xl2tpd is based on the 0.69 L2TP by Jeff McAdams It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. NOTE: In Linux kernel 4.15+ there is a kernel bug with ancillary IP_PKTINFO. As such, for Linux kernel 4.15+ we recommend the community use the 1.3.12 branch as a temporary solution until the branch is merged into the master branch. Mailing Lists : https://lists.openswan.org/cgi-bin/mailman/listinfo/xl2tpd is home of the mailing list. Note: This is a closed list - you *must* be subscribed to post. xl2tpd-1.3.12/TODO000066400000000000000000000013651327764040100135140ustar00rootroot00000000000000Critical: * Improved performance * Rate Adaptive Timeouts * Fork processing code into a kernel module(?) * Fix protocol correctness issues * Are we sending valid and no invalid AVPs in various message types Other: * Support tie breakers * Support proxy authentication * Support LCP initial/final states * Maybe do something with private groups * Tunnel and call lookups should be hashes, not lists * Meaningful error message about pppd problems...for either not installed, or no kernel support (if possible) Niceties: * Improve success/fail result codes for some commands of xl2tpd-control * Extend xl2tpd-control to support all available commands * Add xl2tpd-control status command to see/watch tunnel status Way-down-the-line: * GUI configuration xl2tpd-1.3.12/aaa.c000066400000000000000000000353601327764040100137140ustar00rootroot00000000000000/* * Layer Two Tunnelling Protocol Daemon * Copyright (C) 1998 Adtran, Inc. * Copyright (C) 2002 Jeff McAdams * * Mark Spencer * * This software is distributed under the terms * of the GPL, which you should have received * along with this source. * * Authorization, Accounting, and Access control * */ #include #include #include #include #include #include #include "l2tp.h" extern void bufferDump (char *, int); /* FIXME: Accounting? */ struct addr_ent *uaddr[ADDR_HASH_SIZE]; void init_addr () { int x; for (x = 0; x < ADDR_HASH_SIZE; x++) uaddr[x] = NULL; } static int ip_used (unsigned int addr) { struct addr_ent *tmp; tmp = uaddr[addr % ADDR_HASH_SIZE]; while (tmp) { if (tmp->addr == addr) return -1; tmp = tmp->next; } return 0; } void mk_challenge (unsigned char *c, int length) { get_entropy(c, length); /* int x; int *s = (int *) c; for (x = 0; x < length / sizeof (int); x++) s[x] = rand (); */ } void reserve_addr (unsigned int addr) { /* Mark this address as in use */ struct addr_ent *tmp, *tmp2; addr = ntohl (addr); if (ip_used (addr)) return; tmp = uaddr[addr % ADDR_HASH_SIZE]; tmp2 = malloc (sizeof (struct addr_ent)); uaddr[addr % ADDR_HASH_SIZE] = tmp2; tmp2->next = tmp; tmp2->addr = addr; } void unreserve_addr (unsigned int addr) { struct addr_ent *tmp, *last = NULL, *z; addr = ntohl (addr); tmp = uaddr[addr % ADDR_HASH_SIZE]; while (tmp) { if (tmp->addr == addr) { if (last) { last->next = tmp->next; } else { uaddr[addr % ADDR_HASH_SIZE] = tmp->next; } z = tmp; tmp = tmp->next; free (z); } else { last = tmp; tmp = tmp->next; } } } unsigned int get_addr (struct iprange *ipr) { unsigned int x, y; int status; struct iprange *ipr2; while (ipr) { if (ipr->sense == SENSE_ALLOW) for (x = ntohl (ipr->start); x <= ntohl (ipr->end); x++) { /* Found an IP in an ALLOW range, check to be sure it is consistent through the remaining regions */ if (!ip_used (x)) { status = SENSE_ALLOW; ipr2 = ipr->next; while (ipr2) { if ((x >= ntohl (ipr2->start)) && (x <= ntohl (ipr2->end))) status = ipr2->sense; ipr2 = ipr2->next; } y = htonl (x); if (status == SENSE_ALLOW) return y; } }; ipr = ipr->next; } return 0; } static int get_secret (char *us, char *them, unsigned char *secret, int size) { FILE *f; char buf[STRLEN]; char *u, *t, *s; int num = 0; f = fopen (gconfig.authfile, "r"); if (!f) { l2tp_log (LOG_WARNING, "%s : Unable to open '%s' for authentication\n", __FUNCTION__, gconfig.authfile); return 0; } while (!feof (f)) { num++; if (NULL == fgets (buf, sizeof (buf), f)) { /* Error or EOF */ break; } /* Strip comments */ for (t = buf; *t; t++) *t = ((*t == '#') || (*t == ';')) ? 0 : *t; /* Strip trailing whitespace */ for (t = buf + strlen (buf) - 1; (t >= buf) && (*t < 33); t--) *t = 0; if (!strlen (buf)) continue; /* Empty line */ u = buf; while (*u && (*u < 33)) u++; /* us */ if (!*u) { l2tp_log (LOG_WARNING, "%s: Invalid authentication info (no us), line %d\n", __FUNCTION__, num); continue; } t = u; while (*t > 32) t++; *(t++) = 0; while (*t && (*t < 33)) t++; /* them */ if (!*t) { l2tp_log (LOG_WARNING, "%s: Invalid authentication info (nothem), line %d\n", __FUNCTION__, num); continue; } s = t; while (*s > 33) s++; *(s++) = 0; while (*s && (*s < 33)) s++; if (!*s) { l2tp_log (LOG_WARNING, "%s: Invalid authentication info (no secret), line %d\n", __FUNCTION__, num); continue; } if ((!strcasecmp (u, us) || !strcasecmp (u, "*")) && (!strcasecmp (t, them) || !strcasecmp (t, "*"))) { #ifdef DEBUG_AUTH l2tp_log (LOG_DEBUG, "%s: we are '%s', they are '%s', secret is '%s'\n", __FUNCTION__, u, t, s); #endif strncpy ((char *)secret, s, size); fclose(f); return -1; } } fclose(f); return 0; } int handle_challenge (struct tunnel *t, struct challenge *chal) { char *us; char *them; if (!t->lns && !t->lac) { l2tp_log (LOG_DEBUG, "%s: No LNS or LAC to handle challenge!\n", __FUNCTION__); return -1; } #ifdef DEBUG_AUTH l2tp_log (LOG_DEBUG, "%s: making response for tunnel: %d\n", __FUNCTION__, t->ourtid); #endif if (t->lns) { if (t->lns->hostname[0]) us = t->lns->hostname; else us = hostname; if (t->lns->peername[0]) them = t->lns->peername; else them = t->hostname; } else { if (t->lac->hostname[0]) us = t->lac->hostname; else us = hostname; if (t->lac->peername[0]) them = t->lac->peername; else them = t->hostname; } if (!get_secret (us, them, chal->secret, sizeof (chal->secret))) { l2tp_log (LOG_DEBUG, "%s: no secret found for us='%s' and them='%s'\n", __FUNCTION__, us, them); return -1; } #if DEBUG_AUTH l2tp_log (LOG_DEBUG, "*%s: Here comes the chal->ss:\n", __FUNCTION__); bufferDump (&chal->ss, 1); l2tp_log (LOG_DEBUG, "%s: Here comes the secret\n", __FUNCTION__); bufferDump (chal->secret, strlen (chal->secret)); l2tp_log (LOG_DEBUG, "%s: Here comes the challenge\n", __FUNCTION__); bufferDump (chal->challenge, chal->chal_len); #endif memset (chal->response, 0, MD_SIG_SIZE); MD5Init (&chal->md5); MD5Update (&chal->md5, &chal->ss, 1); MD5Update (&chal->md5, chal->secret, strlen ((char *)chal->secret)); MD5Update (&chal->md5, chal->challenge, chal->chal_len); MD5Final (chal->response, &chal->md5); #ifdef DEBUG_AUTH l2tp_log (LOG_DEBUG, "response is %X%X%X%X to '%s' and %X%X%X%X, %d\n", *((int *) &chal->response[0]), *((int *) &chal->response[4]), *((int *) &chal->response[8]), *((int *) &chal->response[12]), chal->secret, *((int *) &chal->challenge[0]), *((int *) &chal->challenge[4]), *((int *) &chal->challenge[8]), *((int *) &chal->challenge[12]), chal->ss); #endif chal->state = STATE_CHALLENGED; return 0; } struct lns *get_lns (struct tunnel *t) { /* * Look through our list of LNS's and * find a reasonable LNS for this call * if one is available */ struct lns *lns; struct iprange *ipr; int allow, checkdefault = 0; /* If access control is disabled, we give the default otherwise, we give nothing */ allow = 0; lns = lnslist; if (!lns) { lns = deflns; checkdefault = -1; } while (lns) { ipr = lns->lacs; while (ipr) { if ((ntohl (t->peer.sin_addr.s_addr) >= ntohl (ipr->start)) && (ntohl (t->peer.sin_addr.s_addr) <= ntohl (ipr->end))) { #ifdef DEBUG_AAA l2tp_log (LOG_DEBUG, "$s: Rule %s to %s, sense %s matched %s\n", __FUNCTION__, IPADDY (ipr->start), IPADDY (ipr->end), (ipr->sense ? "allow" : "deny"), IPADDY (t->peer.sin_addr.s_addr)); #endif allow = ipr->sense; } ipr = ipr->next; } if (allow) return lns; lns = lns->next; if (!lns && !checkdefault) { lns = deflns; checkdefault = -1; } } if (gconfig.accesscontrol) return NULL; else return deflns; } #ifdef DEBUG_HIDDEN static void print_md5 (void * const md5) { int *i = (int *) md5; l2tp_log (LOG_DEBUG, "%X%X%X%X\n", i[0], i[1], i[2], i[3], i[4]); } static inline void print_challenge (struct challenge *chal) { l2tp_log (LOG_DEBUG, "vector: "); print_md5 (chal->vector); l2tp_log (LOG_DEBUG, "secret: %s\n", chal->secret); } #endif void encrypt_avp (struct buffer *buf, _u16 len, struct tunnel *t) { /* Encrypts an AVP of len, at data. We assume there are two "spare bytes" before the data pointer,l but otherwise this is just a normal AVP that is about to be returned from an avpsend routine */ struct avp_hdr *new_hdr = (struct avp_hdr *) (buf->start + buf->len - len); struct avp_hdr *old_hdr = (struct avp_hdr *) (buf->start + buf->len - len + 2); _u16 length, flags, attr; /* New length, old flags */ unsigned char *ptr, *end; int cnt; unsigned char digest[MD_SIG_SIZE]; unsigned char *previous_segment; /* FIXME: Should I pad more randomly? Right now I pad to nearest 16 bytes */ length = ((len - sizeof (struct avp_hdr) + 1) / 16 + 1) * 16 + sizeof (struct avp_hdr); flags = htons (old_hdr->length) & 0xF000; new_hdr->length = htons (length | flags | HBIT); new_hdr->vendorid = old_hdr->vendorid; new_hdr->attr = attr = old_hdr->attr; /* This is really the length field of the hidden sub-format */ old_hdr->attr = htons (len - sizeof (struct avp_hdr)); /* Okay, now we've rewritten the header, as it should be. Let's start encrypting the actual data now */ buf->len -= len; buf->len += length; /* Back to the beginning of real data, including the original length AVP */ MD5Init (&t->chal_them.md5); MD5Update (&t->chal_them.md5, (void *) &attr, 2); MD5Update (&t->chal_them.md5, t->chal_them.secret, strlen ((char *)t->chal_them.secret)); MD5Update (&t->chal_them.md5, t->chal_them.vector, VECTOR_SIZE); MD5Final (digest, &t->chal_them.md5); /* Though not a "MUST" in the spec, our subformat length is always a multiple of 16 */ ptr = ((unsigned char *) new_hdr) + sizeof (struct avp_hdr); end = ((unsigned char *) new_hdr) + length; previous_segment = ptr; while (ptr < end) { #if DEBUG_HIDDEN l2tp_log (LOG_DEBUG, "%s: The digest to be XOR'ed\n", __FUNCTION__); bufferDump (digest, MD_SIG_SIZE); l2tp_log (LOG_DEBUG, "%s: The plaintext to be XOR'ed\n", __FUNCTION__); bufferDump (ptr, MD_SIG_SIZE); #endif for (cnt = 0; cnt < MD_SIG_SIZE; cnt++, ptr++) { *ptr = *ptr ^ digest[cnt]; } #if DEBUG_HIDDEN l2tp_log (LOG_DEBUG, "%s: The result of XOR\n", __FUNCTION__); bufferDump (previous_segment, MD_SIG_SIZE); #endif if (ptr < end) { MD5Init (&t->chal_them.md5); MD5Update (&t->chal_them.md5, t->chal_them.secret, strlen ((char *)t->chal_them.secret)); MD5Update (&t->chal_them.md5, previous_segment, MD_SIG_SIZE); MD5Final (digest, &t->chal_them.md5); } previous_segment = ptr; } } int decrypt_avp (char *buf, struct tunnel *t) { /* Decrypts a hidden AVP pointed to by buf. The new header will be expected to be two characters offset from the old */ int cnt = 0; int len, olen, flags; unsigned char digest[MD_SIG_SIZE]; char *ptr, *end; _u16 attr; struct avp_hdr *old_hdr = (struct avp_hdr *) buf; struct avp_hdr *new_hdr = (struct avp_hdr *) (buf + 2); int saved_segment_len; /* maybe less 16; may be used if the cipher is longer than 16 octets */ unsigned char saved_segment[MD_SIG_SIZE]; ptr = ((char *) old_hdr) + sizeof (struct avp_hdr); olen = old_hdr->length & 0x0FFF; end = buf + olen; if (!t->chal_us.vector) { l2tp_log (LOG_DEBUG, "%s: Hidden bit set, but no random vector specified!\n", __FUNCTION__); return -EINVAL; } /* First, let's decrypt all the data. We're not guaranteed that it will be padded to a 16 byte boundary, so we have to be more careful than when encrypting */ attr = ntohs (old_hdr->attr); MD5Init (&t->chal_us.md5); MD5Update (&t->chal_us.md5, (void *) &attr, 2); MD5Update (&t->chal_us.md5, t->chal_us.secret, strlen ((char *)t->chal_us.secret)); MD5Update (&t->chal_us.md5, t->chal_us.vector, t->chal_us.vector_len); MD5Final (digest, &t->chal_us.md5); #ifdef DEBUG_HIDDEN l2tp_log (LOG_DEBUG, "attribute is %d and challenge is: ", attr); print_challenge (&t->chal_us); l2tp_log (LOG_DEBUG, "md5 is: "); print_md5 (digest); #endif while (ptr < end) { if (cnt >= MD_SIG_SIZE) { MD5Init (&t->chal_us.md5); MD5Update (&t->chal_us.md5, t->chal_us.secret, strlen ((char *)t->chal_us.secret)); MD5Update (&t->chal_us.md5, saved_segment, MD_SIG_SIZE); MD5Final (digest, &t->chal_us.md5); cnt = 0; } /* at the beginning of each segment, we save the current segment (16 octets or less) of cipher * so that the next round of MD5 (if there is a next round) hash could use it */ if (cnt == 0) { saved_segment_len = (end - ptr < MD_SIG_SIZE) ? (end - ptr) : MD_SIG_SIZE; memcpy (saved_segment, ptr, saved_segment_len); } *ptr = *ptr ^ digest[cnt++]; ptr++; } /* Hopefully we're all nice and decrypted now. Let's rewrite the header. First save the old flags, and get the new stuff */ flags = old_hdr->length & 0xF000 & ~HBIT; len = ntohs (new_hdr->attr) + sizeof (struct avp_hdr); if (len > olen - 2) { l2tp_log (LOG_DEBUG, "%s: Decrypted length is too long (%d > %d)\n", __FUNCTION__, len, olen - 2); return -EINVAL; } new_hdr->attr = old_hdr->attr; new_hdr->vendorid = old_hdr->vendorid; new_hdr->length = len | flags; return 0; } xl2tpd-1.3.12/aaa.h000066400000000000000000000027741327764040100137240ustar00rootroot00000000000000/* * Layer Two Tunnelling Protocol Daemon * Copyright (C) 1998 Adtran, Inc. * Copyright (C) 2002 Jeff McAdams * * Mark Spencer * * This software is distributed under the terms * of the GPL, which you should have received * along with this source. * * Authorization, Accounting, and Access control * */ #ifndef _AAA_H #define _AAA_H #include "md5.h" #define ADDR_HASH_SIZE 256 #define MD_SIG_SIZE 16 #define MAX_VECTOR_SIZE 1024 #define VECTOR_SIZE 16 #define STATE_NONE 0 #define STATE_CHALLENGED 1 #define STATE_COMPLETE 2 struct addr_ent { unsigned int addr; struct addr_ent *next; }; struct challenge { struct MD5Context md5; unsigned char ss; /* State we're sending in */ unsigned char secret[MAXSTRLEN]; /* The shared secret */ unsigned char *challenge; /* The original challenge */ unsigned int chal_len; /* The length of the original challenge */ unsigned char response[MD_SIG_SIZE]; /* What we expect as a respsonse */ unsigned char reply[MD_SIG_SIZE]; /* What the peer sent */ unsigned char *vector; unsigned int vector_len; int state; /* What state is challenge in? */ }; extern struct lns *get_lns (struct tunnel *); extern unsigned int get_addr (struct iprange *); extern void reserve_addr (unsigned int); extern void unreserve_addr (unsigned int); extern void init_addr (); extern int handle_challenge (struct tunnel *, struct challenge *); extern void mk_challenge (unsigned char *, int); #endif xl2tpd-1.3.12/avp.c000066400000000000000000001453751327764040100137700ustar00rootroot00000000000000/* * Layer Two Tunnelling Protocol Daemon * Copyright (C) 1998 Adtran, Inc. * Copyright (C) 2002 Jeff McAdams * * Mark Spencer * * This software is distributed under the terms * of the GPL, which you should have received * along with this source. * * Attribute Value Pair handler routines */ #include #include #include #include #include #include "l2tp.h" #define AVP_MAX 39 struct avp avps[] = { {0, 1, &message_type_avp, "Message Type"}, {1, 1, &result_code_avp, "Result Code"}, {2, 1, &protocol_version_avp, "Protocol Version"}, {3, 1, &framing_caps_avp, "Framing Capabilities"}, {4, 1, &bearer_caps_avp, "Bearer Capabilities"}, {5, 0, NULL, "Tie Breaker"}, {6, 0, &firmware_rev_avp, "Firmware Revision"}, {7, 0, &hostname_avp, "Host Name"}, {8, 1, &vendor_avp, "Vendor Name"}, {9, 1, &assigned_tunnel_avp, "Assigned Tunnel ID"}, {10, 1, &receive_window_size_avp, "Receive Window Size"}, {11, 1, &challenge_avp, "Challenge"}, {12, 0, NULL, "Q.931 Cause Code"}, {13, 1, &chalresp_avp, "Challenge Response"}, {14, 1, &assigned_call_avp, "Assigned Call ID"}, {15, 1, &call_serno_avp, "Call Serial Number"}, {16, 1, NULL, "Minimum BPS"}, {17, 1, NULL, "Maximum BPS"}, {18, 1, &bearer_type_avp, "Bearer Type"}, {19, 1, &frame_type_avp, "Framing Type"}, {20, 1, &packet_delay_avp, "Packet Processing Delay"}, {21, 1, &dialed_number_avp, "Dialed Number"}, {22, 1, &dialing_number_avp, "Dialing Number"}, {23, 1, &sub_address_avp, "Sub-Address"}, {24, 1, &tx_speed_avp, "Transmit Connect Speed"}, {25, 1, &call_physchan_avp, "Physical channel ID"}, {26, 0, NULL, "Initial Received LCP Confreq"}, {27, 0, NULL, "Last Sent LCP Confreq"}, {28, 0, NULL, "Last Received LCP Confreq"}, {29, 1, &ignore_avp, "Proxy Authen Type"}, {30, 0, &ignore_avp, "Proxy Authen Name"}, {31, 0, &ignore_avp, "Proxy Authen Challenge"}, {32, 0, &ignore_avp, "Proxy Authen ID"}, {33, 1, &ignore_avp, "Proxy Authen Response"}, {34, 1, NULL, "Call Errors"}, {35, 1, &ignore_avp, "ACCM"}, {36, 1, &rand_vector_avp, "Random Vector"}, {37, 1, NULL, "Private Group ID"}, {38, 0, &rx_speed_avp, "Receive Connect Speed"}, {39, 1, &seq_reqd_avp, "Sequencing Required"} }; char *msgtypes[] = { NULL, "Start-Control-Connection-Request", "Start-Control-Connection-Reply", "Start-Control-Connection-Connected", "Stop-Control-Connection-Notification", NULL, "Hello", "Outgoing-Call-Request", "Outgoing-Call-Reply", "Outgoing-Call-Connected", "Incoming-Call-Request", "Incoming-Call-Reply", "Incoming-Call-Connected", NULL, "Call-Disconnect-Notify", "WAN-Error-Notify", "Set-Link-Info" }; char *stopccn_result_codes[] = { "Reserved", "General request to clear control connection", "General error--Error Code indicates the problem", "Control channel already exists", "Requester is not authorized to establish a control channel", "The protocol version of the requester is not supported--Error Code indicates the highest version supported", "Requester is being shut down", "Finite State Machine error" }; char *cdn_result_codes[] = { "Reserved", "Call disconnected due to loss of carrier", "Call disconnected for the reason indicated in error code", "Call disconnected for administrative reasons", "Call failed due to lack of appropriate facilities being available (temporary condition)", "Call failed due to lack of appropriate facilities being available (permanent condition)", "Invalid destination", "Call failed due to no carrier detected", "Call failed due to detection of a busy signal", "Call failed due to lack of a dial tone", "Call was no established within time allotted by LAC", "Call was connected but no appropriate framing was detect" }; void wrong_length (struct call *c, char *field, int expected, int found, int min) { if (min) snprintf (c->errormsg, sizeof (c->errormsg), "%s: expected at least %d, got %d", field, expected, found); else snprintf (c->errormsg, sizeof (c->errormsg), "%s: expected %d, got %d", field, expected, found); c->error = ERROR_LENGTH; c->result = RESULT_ERROR; c->needclose = -1; } struct unaligned_u16 { _u16 s; } __attribute__((packed)); /* * t, c, data, and datalen may be assumed to be defined for all AVP's */ int message_type_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * This will be with every control message. It is critical that this * procedure check for the validity of sending this kind of a message * (assuming sanity check) */ struct unaligned_u16 *raw = data; c->msgtype = ntohs (raw[3].s); if (datalen != 8) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: wrong size (%d != 8)\n", __FUNCTION__, datalen); wrong_length (c, "Message Type", 8, datalen, 0); return -EINVAL; } if ((c->msgtype > MAX_MSG) || (!msgtypes[c->msgtype])) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: unknown message type %d\n", __FUNCTION__, c->msgtype); return -EINVAL; } if (gconfig.debug_avp) if (DEBUG) l2tp_log (LOG_DEBUG, "%s: message type %d (%s)\n", __FUNCTION__, c->msgtype, msgtypes[c->msgtype]); #ifdef SANITY if (t->sanity) { /* * Look out our state for each message and make sure everything * make sense... */ if ((c != t->self) && (c->msgtype < Hello)) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: attempting to negotiate tunnel inside a call!\n", __FUNCTION__); return -EINVAL; } switch (c->msgtype) { case SCCRQ: if ((t->state != 0) && (t->state != SCCRQ)) { /* * When we handle tie breaker AVP's, then we'll check * to see if we've both requested tunnels */ if (DEBUG) l2tp_log (LOG_DEBUG, "%s: attempting to negotiate SCCRQ with state != 0\n", __FUNCTION__); return -EINVAL; } break; case SCCRP: if (t->state != SCCRQ) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: attempting to negotiate SCCRP with state != SCCRQ!\n", __FUNCTION__); return -EINVAL; } break; case SCCCN: if (t->state != SCCRP) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: attempting to negotiate SCCCN with state != SCCRP!\n", __FUNCTION__); return -EINVAL; } break; case ICRQ: if (t->state != SCCCN) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: attempting to negotiate ICRQ when state != SCCCN\n", __FUNCTION__); return -EINVAL; } if (c != t->self) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: attempting to negotiate ICRQ on a call!\n", __FUNCTION__); return -EINVAL; } break; case ICRP: if (t->state != SCCCN) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: attempting to negotiate ICRP on tunnel!=SCCCN\n", __FUNCTION__); return -EINVAL; } if (c->state != ICRQ) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: attempting to negotiate ICRP when state != ICRQ\n", __FUNCTION__); return -EINVAL; } break; case ICCN: if (c->state != ICRP) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: attempting to negotiate ICCN when state != ICRP\n", __FUNCTION__); return -EINVAL; } break; case SLI: if (c->state != ICCN) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: attempting to negotiate SLI when state != ICCN\n", __FUNCTION__); return -EINVAL; } break; case OCRP: /* jz: case for ORCP */ if (t->state != SCCCN) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: attempting to negotiate OCRP on tunnel!=SCCCN\n", __FUNCTION__); return -EINVAL; } if (c->state != OCRQ) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: attempting to negotiate OCRP when state != OCRQ\n", __FUNCTION__); return -EINVAL; } break; case OCCN: /* jz: case for OCCN */ if (c->state != OCRQ) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: attempting to negotiate OCCN when state != OCRQ\n", __FUNCTION__); return -EINVAL; } break; case StopCCN: case CDN: case Hello: break; default: l2tp_log (LOG_WARNING, "%s: i don't know how to handle %s messages\n", __FUNCTION__, msgtypes[c->msgtype]); return -EINVAL; } } #endif if (c->msgtype == ICRQ) { struct call *tmp; if (gconfig.debug_avp) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: new incoming call\n", __FUNCTION__); } tmp = new_call (t); if (!tmp) { l2tp_log (LOG_WARNING, "%s: unable to create new call\n", __FUNCTION__); return -EINVAL; } tmp->next = t->call_head; t->call_head = tmp; t->count++; /* * Is this still safe to assume that the head will always * be the most recent call being negotiated? * Probably... FIXME anyway... */ } return 0; } int rand_vector_avp (struct tunnel *t, struct call *c, void *data, int datalen) { int size; struct unaligned_u16 *raw = data; size = raw[0].s & 0x03FF; size -= sizeof (struct avp_hdr); #ifdef SANITY if (t->sanity) { if (size < 0) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Random vector too small (%d < 0)\n", __FUNCTION__, size); wrong_length (c, "Random Vector", 6, datalen, 1); return -EINVAL; } if (size > MAX_VECTOR_SIZE) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Random vector too large (%d > %d)\n", __FUNCTION__, datalen, MAX_VECTOR_SIZE); wrong_length (c, "Random Vector", 6, datalen, 1); return -EINVAL; } } #endif if (gconfig.debug_avp) l2tp_log (LOG_DEBUG, "%s: Random Vector of %d octets\n", __FUNCTION__, size); t->chal_us.vector = (unsigned char *) &raw[3].s; t->chal_us.vector_len = size; return 0; } int ignore_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * The spec says we have to accept authentication information * even if we just ignore it, so that's exactly what * we're going to do at this point. Proxy authentication is such * a ridiculous security threat anyway except from local * controlled machines. * * FIXME: I need to handle proxy authentication as an option. * One option is to simply change the options we pass to pppd. * */ if (gconfig.debug_avp) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s : Ignoring AVP\n", __FUNCTION__); } return 0; } int seq_reqd_avp (struct tunnel *t, struct call *c, void *data, int datalen) { #ifdef SANITY if (t->sanity) { if (datalen != 6) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is incorrect size. %d != 6\n", __FUNCTION__, datalen); wrong_length (c, "Sequencing Required", 6, datalen, 1); return -EINVAL; } switch (c->msgtype) { case ICCN: break; default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: sequencing required not appropriate for %s!\n", __FUNCTION__, msgtypes[c->msgtype]); return -EINVAL; } } #endif if (gconfig.debug_avp) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: peer requires sequencing.\n", __FUNCTION__); } c->seq_reqd = -1; return 0; } int result_code_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * Find out what version of L2TP the other side is using. * I'm not sure what we're supposed to do with this but whatever.. */ int error; int result; struct unaligned_u16 *raw = data; #ifdef SANITY if (t->sanity) { if (datalen < 10) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is incorrect size. %d < 10\n", __FUNCTION__, datalen); wrong_length (c, "Result Code", 10, datalen, 1); return -EINVAL; } switch (c->msgtype) { case CDN: case StopCCN: break; default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: result code not appropriate for %s. Ignoring.\n", __FUNCTION__, msgtypes[c->msgtype]); return 0; } } #endif result = ntohs (raw[3].s); error = ntohs (raw[4].s); /* * from prepare_StopCCN and prepare_CDN, note missing htons() call * http://www.opensource.apple.com/source/ppp/ppp-412.3/Drivers/L2TP/L2TP-plugin/l2tp.c */ if (((result & 0xFF) == 0) && (result >> 8 != 0)) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: result code endianness fix for buggy Apple client. network=%d, le=%d\n", __FUNCTION__, result, result >> 8); result >>= 8; } if (((error & 0xFF) == 0) && (error >> 8 != 0)) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: error code endianness fix for buggy Apple client. network=%d, le=%d\n", __FUNCTION__, error, error >> 8); error >>= 8; } if ((c->msgtype == StopCCN) && ((result > 7) || (result < 1))) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: result code out of range (%d %d %d). Ignoring.\n", __FUNCTION__, result, error, datalen); return 0; } if ((c->msgtype == CDN) && ((result > 11) || (result < 1))) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: result code out of range (%d %d %d). Ignoring.\n", __FUNCTION__, result, error, datalen); return 0; } c->error = error; c->result = result; safe_copy (c->errormsg, (char *) &raw[5].s, datalen - 10); if (gconfig.debug_avp) { if (DEBUG && (c->msgtype == StopCCN)) { l2tp_log (LOG_DEBUG, "%s: peer closing for reason %d (%s), error = %d (%s)\n", __FUNCTION__, result, stopccn_result_codes[result], error, c->errormsg); } else { l2tp_log (LOG_DEBUG, "%s: peer closing for reason %d (%s), error = %d (%s)\n", __FUNCTION__, result, cdn_result_codes[result], error, c->errormsg); } } return 0; } int protocol_version_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * Find out what version of L2TP the other side is using. * I'm not sure what we're supposed to do with this but whatever.. */ int ver; struct unaligned_u16 *raw = data; #ifdef SANITY if (t->sanity) { if (datalen != 8) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is incorrect size. %d != 8\n", __FUNCTION__, datalen); wrong_length (c, "Protocol Version", 8, datalen, 1); return -EINVAL; } switch (c->msgtype) { case SCCRP: case SCCRQ: break; default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: protocol version not appropriate for %s. Ignoring.\n", __FUNCTION__, msgtypes[c->msgtype]); return 0; } } #endif ver = ntohs (raw[3].s); if (gconfig.debug_avp) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: peer is using version %d, revision %d.\n", __FUNCTION__, (ver >> 8), ver & 0xFF); } return 0; } int framing_caps_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * Retrieve the framing capabilities * from the peer */ int caps; struct unaligned_u16 *raw = data; #ifdef SANITY if (t->sanity) { switch (c->msgtype) { case SCCRP: case SCCRQ: break; default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: framing capabilities not appropriate for %s. Ignoring.\n", __FUNCTION__, msgtypes[c->msgtype]); return 0; } if (datalen != 10) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is incorrect size. %d != 10\n", __FUNCTION__, datalen); wrong_length (c, "Framming Capabilities", 10, datalen, 0); return -EINVAL; } } #endif caps = ntohs (raw[4].s); if (gconfig.debug_avp) if (DEBUG) l2tp_log (LOG_DEBUG, "%s: supported peer frames:%s%s\n", __FUNCTION__, caps & ASYNC_FRAMING ? " async" : "", caps & SYNC_FRAMING ? " sync" : ""); t->fc = caps & (ASYNC_FRAMING | SYNC_FRAMING); return 0; } int bearer_caps_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * What kind of bearer channels does our peer support? */ int caps; struct unaligned_u16 *raw = data; #ifdef SANITY if (t->sanity) { switch (c->msgtype) { case SCCRP: case SCCRQ: break; default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: bearer capabilities not appropriate for message %s. Ignoring.\n", __FUNCTION__, msgtypes[c->msgtype]); return 0; } if (datalen != 10) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is incorrect size. %d != 10\n", __FUNCTION__, datalen); wrong_length (c, "Bearer Capabilities", 10, datalen, 0); return -EINVAL; } } #endif caps = ntohs (raw[4].s); if (gconfig.debug_avp) { if (DEBUG) { l2tp_log (LOG_DEBUG, "%s: supported peer bearers:%s%s\n", __FUNCTION__, caps & ANALOG_BEARER ? " analog" : "", caps & DIGITAL_BEARER ? " digital" : ""); } } t->bc = caps & (ANALOG_BEARER | DIGITAL_BEARER); return 0; } /* FIXME: I need to handle tie breakers eventually */ int firmware_rev_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * Report and record remote firmware version */ int ver; struct unaligned_u16 *raw = data; #ifdef SANITY if (t->sanity) { switch (c->msgtype) { case SCCRP: case SCCRQ: break; default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: firmware revision not appropriate for message %s. Ignoring.\n", __FUNCTION__, msgtypes[c->msgtype]); return 0; } if (datalen != 8) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is incorrect size. %d != 8\n", __FUNCTION__, datalen); wrong_length (c, "Firmware Revision", 8, datalen, 0); return -EINVAL; } } #endif ver = ntohs (raw[3].s); if (gconfig.debug_avp) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: peer reports firmware version %d (0x%.4x)\n", __FUNCTION__, ver, ver); } t->firmware = ver; return 0; } int bearer_type_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * What kind of bearer channel is the call on? */ int b; struct unaligned_u16 *raw = data; #ifdef SANITY if (t->sanity) { switch (c->msgtype) { case ICRQ: case OCRQ: break; default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: bearer type not appropriate for message %s. Ignoring.\n", __FUNCTION__, msgtypes[c->msgtype]); return 0; } if (datalen != 10) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is incorrect size. %d != 10\n", __FUNCTION__, datalen); wrong_length (c, "Bearer Type", 10, datalen, 0); return -EINVAL; } } #endif b = ntohs (raw[4].s); if (gconfig.debug_avp) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: peer bears:%s\n", __FUNCTION__, b & ANALOG_BEARER ? " analog" : "digital"); } t->call_head->bearer = b; return 0; } int frame_type_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * What kind of frame channel is the call on? */ int b; struct unaligned_u16 *raw = data; #ifdef SANITY if (t->sanity) { switch (c->msgtype) { case ICCN: case OCRQ: case OCCN: break; default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: frame type not appropriate for message %s. Ignoring.\n", __FUNCTION__, msgtypes[c->msgtype]); return 0; } if (datalen != 10) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is incorrect size. %d != 10\n", __FUNCTION__, datalen); wrong_length (c, "Frame Type", 10, datalen, 0); return -EINVAL; } } #endif b = ntohs (raw[4].s); if (gconfig.debug_avp) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: peer uses:%s frames\n", __FUNCTION__, b & ASYNC_FRAMING ? " async" : "sync"); } c->frame = b; return 0; } int hostname_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * What is the peer's name? */ int size; struct unaligned_u16 *raw = data; #ifdef SANITY if (t->sanity) { switch (c->msgtype) { case SCCRP: case SCCRQ: break; default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: hostname not appropriate for message %s. Ignoring.\n", __FUNCTION__, msgtypes[c->msgtype]); return 0; } if (datalen < 6) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is too small. %d < 6\n", __FUNCTION__, datalen); wrong_length (c, "Hostname", 6, datalen, 1); return -EINVAL; } } #endif size = raw[0].s & 0x03FF; size -= sizeof (struct avp_hdr); if (size > MAXSTRLEN - 1) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: truncating reported hostname (size is %d)\n", __FUNCTION__, size); size = MAXSTRLEN - 1; } safe_copy (t->hostname, (char *) &raw[3].s, size); if (gconfig.debug_avp) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: peer reports hostname '%s'\n", __FUNCTION__, t->hostname); } return 0; } int dialing_number_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * What is the peer's name? */ int size; struct unaligned_u16 *raw = data; #ifdef SANITY if (t->sanity) { switch (c->msgtype) { case ICRQ: break; default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: dialing number not appropriate for message %s. Ignoring.\n", __FUNCTION__, msgtypes[c->msgtype]); return 0; } if (datalen < 6) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is too small. %d < 6\n", __FUNCTION__, datalen); wrong_length (c, "Dialing Number", 6, datalen, 1); return -EINVAL; } } #endif size = raw[0].s & 0x03FF; size -= sizeof (struct avp_hdr); if (size > MAXSTRLEN - 1) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: truncating reported dialing number (size is %d)\n", __FUNCTION__, size); size = MAXSTRLEN - 1; } safe_copy (t->call_head->dialing, (char *) &raw[3].s, size); if (gconfig.debug_avp) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: peer reports dialing number '%s'\n", __FUNCTION__, t->call_head->dialing); } return 0; } int dialed_number_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * What is the peer's name? */ int size; struct unaligned_u16 *raw = data; #ifdef SANITY if (t->sanity) { switch (c->msgtype) { case OCRQ: case ICRQ: break; default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: dialed number not appropriate for message %s. Ignoring.\n", __FUNCTION__, msgtypes[c->msgtype]); return 0; } if (datalen < 6) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is too small. %d < 6\n", __FUNCTION__, datalen); wrong_length (c, "Dialed Number", 6, datalen, 1); return -EINVAL; } } #endif size = raw[0].s & 0x03FF; size -= sizeof (struct avp_hdr); if (size > MAXSTRLEN - 1) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: truncating reported dialed number (size is %d)\n", __FUNCTION__, size); size = MAXSTRLEN - 1; } safe_copy (t->call_head->dialed, (char *) &raw[3].s, size); if (gconfig.debug_avp) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: peer reports dialed number '%s'\n", __FUNCTION__, t->call_head->dialed); } return 0; } int sub_address_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * What is the peer's name? */ int size; struct unaligned_u16 *raw = data; #ifdef SANITY if (t->sanity) { switch (c->msgtype) { case OCRP: case ICRQ: break; default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: sub_address not appropriate for message %s. Ignoring.\n", __FUNCTION__, msgtypes[c->msgtype]); return 0; } if (datalen < 6) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is too small. %d < 6\n", __FUNCTION__, datalen); wrong_length (c, "Sub-address", 6, datalen, 1); return -EINVAL; } } #endif size = raw[0].s & 0x03FF; size -= sizeof (struct avp_hdr); if (size > MAXSTRLEN - 1) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: truncating reported sub address (size is %d)\n", __FUNCTION__, size); size = MAXSTRLEN - 1; } safe_copy (t->call_head->subaddy, (char *) &raw[3].s, size); if (gconfig.debug_avp) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: peer reports subaddress '%s'\n", __FUNCTION__, t->call_head->subaddy); } return 0; } int vendor_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * What vendor makes the other end? */ int size; struct unaligned_u16 *raw = data; #ifdef SANITY if (t->sanity) { switch (c->msgtype) { case SCCRP: case SCCRQ: break; default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: vendor not appropriate for message %s. Ignoring.\n", __FUNCTION__, msgtypes[c->msgtype]); return 0; } if (datalen < 6) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is too small. %d < 6\n", __FUNCTION__, datalen); wrong_length (c, "Vendor", 6, datalen, 1); return -EINVAL; } } #endif size = raw[0].s & 0x03FF; size -= sizeof (struct avp_hdr); if (size > MAXSTRLEN - 1) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: truncating reported vendor (size is %d)\n", __FUNCTION__, size); size = MAXSTRLEN - 1; } safe_copy (t->vendor, (char *) &raw[3].s, size); if (gconfig.debug_avp) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: peer reports vendor '%s'\n", __FUNCTION__, t->vendor); } return 0; } int challenge_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * We are sent a challenge */ struct unaligned_u16 *raw = data; int size; #ifdef SANITY if (t->sanity) { switch (c->msgtype) { case SCCRP: case SCCRQ: break; default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: challenge not appropriate for message %s. Ignoring.\n", __FUNCTION__, msgtypes[c->msgtype]); return 0; } if (datalen < 6) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is too small. %d < 6\n", __FUNCTION__, datalen); wrong_length (c, "challenge", 6, datalen, 1); return -EINVAL; } } #endif /* size = raw[0].s & 0x0FFF; */ /* length field of AVP's is only 10 bits long, not 12 */ size = raw[0].s & 0x03FF; size -= sizeof (struct avp_hdr); /* if (size != MD_SIG_SIZE) { l2tp_log (LOG_DEBUG, "%s: Challenge is not the right length (%d != %d)\n", __FUNCTION__, size, MD_SIG_SIZE); return -EINVAL; } */ if (t->chal_us.challenge) free(t->chal_us.challenge); t->chal_us.challenge = malloc(size); if (t->chal_us.challenge == NULL) { return -ENOMEM; } bcopy (&raw[3].s, (t->chal_us.challenge), size); t->chal_us.chal_len = size; t->chal_us.state = STATE_CHALLENGED; if (gconfig.debug_avp) { l2tp_log (LOG_DEBUG, "%s: challenge avp found\n", __FUNCTION__); } return 0; } int chalresp_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * We are sent a challenge */ struct unaligned_u16 *raw = data; int size; #ifdef SANITY if (t->sanity) { switch (c->msgtype) { case SCCRP: case SCCCN: break; default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: challenge response not appropriate for message %s. Ignoring.\n", __FUNCTION__, msgtypes[c->msgtype]); return 0; } if (datalen < 6) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is too small. %d < 6\n", __FUNCTION__, datalen); wrong_length (c, "challenge", 6, datalen, 1); return -EINVAL; } } #endif size = raw[0].s & 0x03FF; size -= sizeof (struct avp_hdr); if (size != MD_SIG_SIZE) { l2tp_log (LOG_DEBUG, "%s: Challenge is not the right length (%d != %d)\n", __FUNCTION__, size, MD_SIG_SIZE); return -EINVAL; } bcopy (&raw[3].s, t->chal_them.reply, MD_SIG_SIZE); if (gconfig.debug_avp) { l2tp_log (LOG_DEBUG, "%s: Challenge reply found\n", __FUNCTION__); } return 0; } int assigned_tunnel_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * What is their TID that we must use from now on? */ struct unaligned_u16 *raw = data; #ifdef SANITY if (t->sanity) { switch (c->msgtype) { case SCCRP: case SCCRQ: case StopCCN: break; default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: tunnel ID not appropriate for message %s. Ignoring.\n", __FUNCTION__, msgtypes[c->msgtype]); return 0; } if (datalen != 8) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is wrong size. %d != 8\n", __FUNCTION__, datalen); wrong_length (c, "Assigned Tunnel ID", 8, datalen, 0); return -EINVAL; } } #endif if (c->msgtype == StopCCN) { t->qtid = ntohs (raw[3].s); } else { t->tid = ntohs (raw[3].s); } if (gconfig.debug_avp) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: using peer's tunnel %d\n", __FUNCTION__, ntohs (raw[3].s)); } return 0; } int assigned_call_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * What is their CID that we must use from now on? */ struct unaligned_u16 *raw = data; #ifdef SANITY if (t->sanity) { switch (c->msgtype) { case CDN: case ICRP: case ICRQ: case OCRP: /* jz: deleting the debug message */ break; case OCRQ: default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: call ID not appropriate for message %s. Ignoring.\n", __FUNCTION__, msgtypes[c->msgtype]); return 0; } if (datalen != 8) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is wrong size. %d != 8\n", __FUNCTION__, datalen); wrong_length (c, "Assigned Call ID", 8, datalen, 0); return -EINVAL; } } #endif if (c->msgtype == CDN) { c->qcid = ntohs (raw[3].s); } else if (c->msgtype == ICRQ) { t->call_head->cid = ntohs (raw[3].s); } else if (c->msgtype == ICRP) { c->cid = ntohs (raw[3].s); } else if (c->msgtype == OCRP) { /* jz: copy callid to c->cid */ c->cid = ntohs (raw[3].s); } else { l2tp_log (LOG_DEBUG, "%s: Dunno what to do when it's state %s!\n", __FUNCTION__, msgtypes[c->msgtype]); } if (gconfig.debug_avp) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: using peer's call %d\n", __FUNCTION__, ntohs (raw[3].s)); } return 0; } int packet_delay_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * What is their CID that we must use from now on? */ struct unaligned_u16 *raw = data; #ifdef SANITY if (t->sanity) { switch (c->msgtype) { case ICRP: case OCRQ: case ICCN: case OCRP: case OCCN: break; default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: packet delay not appropriate for message %s. Ignoring.\n", __FUNCTION__, msgtypes[c->msgtype]); return 0; } if (datalen != 8) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is wrong size. %d != 8\n", __FUNCTION__, datalen); wrong_length (c, "Assigned Call ID", 8, datalen, 0); return -EINVAL; } } #endif c->ppd = ntohs (raw[3].s); if (gconfig.debug_avp) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: peer's delay is %d 1/10's of a second\n", __FUNCTION__, ntohs (raw[3].s)); } return 0; } int call_serno_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * What is the serial number of the call? */ struct unaligned_u16 *raw = data; #ifdef SANITY if (t->sanity) { switch (c->msgtype) { case ICRQ: case OCRQ: break; default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: call ID not appropriate for message %s. Ignoring.\n", __FUNCTION__, msgtypes[c->msgtype]); return 0; } if (datalen != 10) { #ifdef STRICT if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is wrong size. %d != 10\n", __FUNCTION__, datalen); wrong_length (c, "Serial Number", 10, datalen, 0); return -EINVAL; #else l2tp_log (LOG_DEBUG, "%s: peer is using old style serial number. Will be invalid.\n", __FUNCTION__); #endif } } #endif t->call_head->serno = (((unsigned int) ntohs (raw[3].s)) << 16) | ((unsigned int) ntohs (raw[4].s)); if (gconfig.debug_avp) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: serial number is %d\n", __FUNCTION__, t->call_head->serno); } return 0; } int rx_speed_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * What is the received baud rate of the call? */ struct unaligned_u16 *raw = data; #ifdef SANITY if (t->sanity) { switch (c->msgtype) { case ICCN: case OCCN: case OCRP: break; default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: rx connect speed not appropriate for message %s. Ignoring.\n", __FUNCTION__, msgtypes[c->msgtype]); return 0; } if (datalen != 10) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is wrong size. %d != 10\n", __FUNCTION__, datalen); wrong_length (c, "Connect Speed (RX)", 10, datalen, 0); return -EINVAL; } } #endif c->rxspeed = (((unsigned int) ntohs (raw[3].s)) << 16) | ((unsigned int) ntohs (raw[4].s)); if (gconfig.debug_avp) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: receive baud rate is %d\n", __FUNCTION__, c->rxspeed); } return 0; } int tx_speed_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * What is the transmit baud rate of the call? */ struct unaligned_u16 *raw = data; #ifdef SANITY if (t->sanity) { switch (c->msgtype) { case ICCN: case OCCN: case OCRP: break; default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: tx connect speed not appropriate for message %s. Ignoring.\n", __FUNCTION__, msgtypes[c->msgtype]); return 0; } if (datalen != 10) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is wrong size. %d != 10\n", __FUNCTION__, datalen); wrong_length (c, "Connect Speed (tx)", 10, datalen, 0); return -EINVAL; } } #endif c->txspeed = (((unsigned int) ntohs (raw[3].s)) << 16) | ((unsigned int) ntohs (raw[4].s)); if (gconfig.debug_avp) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: transmit baud rate is %d\n", __FUNCTION__, c->txspeed); } return 0; } int call_physchan_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * What is the physical channel? */ struct unaligned_u16 *raw = data; #ifdef SANITY if (t->sanity) { switch (c->msgtype) { case ICRQ: case OCRQ: case OCRP: case OCCN: break; default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: physical channel not appropriate for message %s. Ignoring.\n", __FUNCTION__, msgtypes[c->msgtype]); return 0; } if (datalen != 10) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is wrong size. %d != 10\n", __FUNCTION__, datalen); wrong_length (c, "Physical Channel", 10, datalen, 0); return -EINVAL; } } #endif t->call_head->physchan = (((unsigned int) ntohs (raw[3].s)) << 16) | ((unsigned int) ntohs (raw[4].s)); if (gconfig.debug_avp) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: physical channel is %d\n", __FUNCTION__, t->call_head->physchan); } return 0; } int receive_window_size_avp (struct tunnel *t, struct call *c, void *data, int datalen) { /* * What is their RWS? */ struct unaligned_u16 *raw = data; #ifdef SANITY if (t->sanity) { switch (c->msgtype) { case SCCRP: case SCCRQ: case OCRP: /* jz */ case OCCN: /* jz */ case StopCCN: /* case ICRP: case ICCN: */ break; default: if (DEBUG) l2tp_log (LOG_DEBUG, "%s: RWS not appropriate for message %s. Ignoring.\n", __FUNCTION__, msgtypes[c->msgtype]); return 0; } if (datalen != 8) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: avp is wrong size. %d != 8\n", __FUNCTION__, datalen); wrong_length (c, "Receive Window Size", 8, datalen, 0); return -EINVAL; } } #endif t->rws = ntohs (raw[3].s); /* if (c->rws >= 0) c->fbit = FBIT; */ if (gconfig.debug_avp) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: peer wants RWS of %d. Will use flow control.\n", __FUNCTION__, t->rws); } return 0; } int handle_avps (struct buffer *buf, struct tunnel *t, struct call *c) { /* * buf's start should point to the beginning of a packet. We assume it's * a valid packet and has had check_control done to it, so no error * checking is done at this point. */ struct avp_hdr *avp; int len = buf->len - sizeof (struct control_hdr); int firstavp = -1; int hidlen = 0; char *data = buf->start + sizeof (struct control_hdr); avp = (struct avp_hdr *) data; /* I had to comment out the following since Valgrind tells me it leaks like my bathroom faucet if (gconfig.debug_avp) l2tp_log (LOG_DEBUG, "%s: handling avp's for tunnel %d, call %d\n", __FUNCTION__, t->ourtid, c->ourcid); */ while (len > 0) { hidlen = 0; /* Go ahead and byte-swap the header */ swaps (avp, sizeof (struct avp_hdr)); if (avp->attr > AVP_MAX) { if (AMBIT (avp->length)) { l2tp_log (LOG_WARNING, "%s: don't know how to handle mandatory attribute %d. Closing %s.\n", __FUNCTION__, avp->attr, (c != t->self) ? "call" : "tunnel"); set_error (c, VENDOR_ERROR, "mandatory attribute %d cannot be handled", avp->attr); c->needclose = -1; return -EINVAL; } else { if (DEBUG) l2tp_log (LOG_WARNING, "%s: don't know how to handle attribute %d.\n", __FUNCTION__, avp->attr); goto next; } } if (ALENGTH (avp->length) > len) { l2tp_log (LOG_WARNING, "%s: AVP received with length > remaining packet length!\n", __FUNCTION__); set_error (c, ERROR_LENGTH, "Invalid AVP length"); c->needclose = -1; return -EINVAL; } if (avp->attr && firstavp) { l2tp_log (LOG_WARNING, "%s: First AVP was not message type.\n", __FUNCTION__); set_error (c, VENDOR_ERROR, "First AVP must be message type"); c->needclose = -1; return -EINVAL; } if (ALENGTH (avp->length) < sizeof (struct avp_hdr)) { l2tp_log (LOG_WARNING, "%s: AVP with too small of size (%d).\n", __FUNCTION__, ALENGTH (avp->length)); set_error (c, ERROR_LENGTH, "AVP too small"); c->needclose = -1; return -EINVAL; } if (AZBITS (avp->length)) { l2tp_log (LOG_WARNING, "%s: %sAVP has reserved bits set.\n", __FUNCTION__, AMBIT (avp->length) ? "Mandatory " : ""); if (AMBIT (avp->length)) { set_error (c, ERROR_RESERVED, "reserved bits set in AVP"); c->needclose = -1; return -EINVAL; } goto next; } if (AHBIT (avp->length)) { #ifdef DEBUG_HIDDEN l2tp_log (LOG_DEBUG, "%s: Hidden bit set on AVP.\n", __FUNCTION__); #endif /* We want to rewrite the AVP as an unhidden AVP and then pass it along as normal. Remember how long the AVP was in the first place though! */ hidlen = avp->length; if (decrypt_avp (data, t)) { if (gconfig.debug_avp) l2tp_log (LOG_WARNING, "%s: Unable to handle hidden %sAVP\n:", __FUNCTION__, (AMBIT (avp->length) ? "mandatory " : "")); if (AMBIT (avp->length)) { set_error (c, VENDOR_ERROR, "Invalid Hidden AVP"); c->needclose = -1; return -EINVAL; } goto next; }; len -= 2; hidlen -= 2; data += 2; avp = (struct avp_hdr *) data; /* Now we should look like a normal AVP */ } else hidlen = 0; if (avps[avp->attr].handler) { if (avps[avp->attr].handler (t, c, avp, ALENGTH (avp->length))) { if (AMBIT (avp->length)) { l2tp_log (LOG_WARNING, "%s: Bad exit status handling attribute %d (%s) on mandatory packet.\n", __FUNCTION__, avp->attr, avps[avp->attr].description); c->needclose = -1; return -EINVAL; } else { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Bad exit status handling attribute %d (%s).\n", __FUNCTION__, avp->attr, avps[avp->attr].description); } } } else { if (AMBIT (avp->length)) { l2tp_log (LOG_WARNING, "%s: No handler for mandatory attribute %d (%s). Closing %s.\n", __FUNCTION__, avp->attr, avps[avp->attr].description, (c != t->self) ? "call" : "tunnel"); set_error (c, VENDOR_ERROR, "No handler for attr %d (%s)\n", avp->attr, avps[avp->attr].description); return -EINVAL; } else { if (DEBUG) l2tp_log (LOG_WARNING, "%s: no handler for attribute %d (%s).\n", __FUNCTION__, avp->attr, avps[avp->attr].description); } } next: if (hidlen && ALENGTH(hidlen)) { /* Skip over the complete length of the hidden AVP */ len -= ALENGTH (hidlen); data += ALENGTH (hidlen); } else if (ALENGTH(avp->length)) { len -= ALENGTH (avp->length); data += ALENGTH (avp->length); /* Next AVP, please */ } else { l2tp_log (LOG_WARNING, "%s: broken avp->length zero %d\n", __FUNCTION__,avp->length); break; } avp = (struct avp_hdr *) data; firstavp = 0; } if (len != 0) { l2tp_log (LOG_WARNING, "%s: negative overall packet length\n", __FUNCTION__); return -EINVAL; } return 0; } xl2tpd-1.3.12/avp.h000066400000000000000000000136021327764040100137600ustar00rootroot00000000000000/* * Layer Two Tunnelling Protocol Daemon * Copyright (C) 1998 Adtran, Inc. * Copyright (C) 2002 Jeff McAdams * * Mark Spencer * * This software is distributed under the terms * of the GPL, which you should have received * along with this source. * * Attribute Value Pair structures and * definitions */ #include "common.h" struct avp_hdr { _u16 length; _u16 vendorid; _u16 attr; } __attribute__((packed)); struct avp { int num; /* Number of AVP */ int m; /* Set M? */ int (*handler) (struct tunnel *, struct call *, void *, int); /* This should handle the AVP taking a tunnel, call, the data, and the length of the AVP as parameters. Should return 0 upon success */ char *description; /* A name, for debugging */ }; extern int handle_avps (struct buffer *buf, struct tunnel *t, struct call *c); extern char *msgtypes[]; #define VENDOR_ID 0 /* We don't have any extensions so we shoouldn't have to worry about this */ /* * Macros to extract information from length field of AVP */ #define AMBIT(len) (len & 0x8000) /* Mandatory bit: If this is set on an unknown AVP, we MUST terminate */ #define AHBIT(len) (len & 0x4000) /* Hidden bit: Specifies information hiding */ #define AZBITS(len) (len & 0x3C00) /* Reserved bits: We must drop anything with any of these set. */ #define ALENGTH(len) (len & 0x03FF) /* Length: Lenth of AVP */ #define MAXAVPSIZE 1023 #define MAXTIME 300 /* time to wait before checking Ns and Nr, in ms */ #define MBIT 0x8000 /* for setting */ #define HBIT 0x4000 /* Set on hidden avp's */ #define ASYNC_FRAMING 2 #define SYNC_FRAMING 1 #define ANALOG_BEARER 2 #define DIGITAL_BEARER 1 #define VENDOR_ERROR 6 #define ERROR_RESERVED 3 #define ERROR_LENGTH 2 #define ERROR_NOTEXIST 1 #define ERROR_NORES 4 #define ERROR_INVALID 6 #define RESULT_CLEAR 1 #define RESULT_ERROR 2 #define RESULT_EXISTS 3 extern void encrypt_avp (struct buffer *, _u16, struct tunnel *); extern int decrypt_avp (char *, struct tunnel *); extern int message_type_avp (struct tunnel *, struct call *, void *, int); extern int protocol_version_avp (struct tunnel *, struct call *, void *, int); extern int framing_caps_avp (struct tunnel *, struct call *, void *, int); extern int bearer_caps_avp (struct tunnel *, struct call *, void *, int); extern int firmware_rev_avp (struct tunnel *, struct call *, void *, int); extern int hostname_avp (struct tunnel *, struct call *, void *, int); extern int vendor_avp (struct tunnel *, struct call *, void *, int); extern int assigned_tunnel_avp (struct tunnel *, struct call *, void *, int); extern int receive_window_size_avp (struct tunnel *, struct call *, void *, int); extern int result_code_avp (struct tunnel *, struct call *, void *, int); extern int assigned_call_avp (struct tunnel *, struct call *, void *, int); extern int call_serno_avp (struct tunnel *, struct call *, void *, int); extern int bearer_type_avp (struct tunnel *, struct call *, void *, int); extern int call_physchan_avp (struct tunnel *, struct call *, void *, int); extern int dialed_number_avp (struct tunnel *, struct call *, void *, int); extern int dialing_number_avp (struct tunnel *, struct call *, void *, int); extern int sub_address_avp (struct tunnel *, struct call *, void *, int); extern int frame_type_avp (struct tunnel *, struct call *, void *, int); extern int rx_speed_avp (struct tunnel *, struct call *, void *, int); extern int tx_speed_avp (struct tunnel *, struct call *, void *, int); extern int packet_delay_avp (struct tunnel *, struct call *, void *, int); extern int ignore_avp (struct tunnel *, struct call *, void *, int); extern int seq_reqd_avp (struct tunnel *, struct call *, void *, int); extern int challenge_avp (struct tunnel *, struct call *, void *, int); extern int chalresp_avp (struct tunnel *, struct call *, void *, int); extern int rand_vector_avp (struct tunnel *, struct call *, void *, int); extern int add_challenge_avp (struct buffer *, unsigned char *, int); extern int add_avp_rws (struct buffer *, _u16); extern int add_tunnelid_avp (struct buffer *, _u16); extern int add_vendor_avp (struct buffer *); extern int add_hostname_avp (struct buffer *, const char *); extern int add_firmware_avp (struct buffer *); extern int add_bearer_caps_avp (struct buffer *buf, _u16 caps); extern int add_frame_caps_avp (struct buffer *buf, _u16 caps); extern int add_protocol_avp (struct buffer *buf); extern int add_message_type_avp (struct buffer *buf, _u16 type); extern int add_result_code_avp (struct buffer *buf, _u16, _u16, char *, int); extern int add_bearer_avp (struct buffer *, int); extern int add_frame_avp (struct buffer *, int); extern int add_rxspeed_avp (struct buffer *, int); extern int add_txspeed_avp (struct buffer *, int); extern int add_serno_avp (struct buffer *, unsigned int); #ifdef TEST_HIDDEN extern int add_callid_avp (struct buffer *, _u16, struct tunnel *); #else extern int add_callid_avp (struct buffer *, _u16); #endif extern int add_ppd_avp (struct buffer *, _u16); extern int add_seqreqd_avp (struct buffer *); extern int add_chalresp_avp (struct buffer *, unsigned char *, int); extern int add_randvect_avp (struct buffer *, unsigned char *, int); extern int add_minbps_avp (struct buffer *buf, int speed); /* jz: needed for outgoing call */ extern int add_maxbps_avp (struct buffer *buf, int speed); /* jz: needed for outgoing call */ extern int add_number_avp (struct buffer *buf, char *no); /* jz: needed for outgoing call */ xl2tpd-1.3.12/avpsend.c000066400000000000000000000202261327764040100146250ustar00rootroot00000000000000/* * Layer Two Tunnelling Protocol Daemon * Copyright (C) 1998 Adtran, Inc. * Copyright (C) 2002 Jeff McAdams * * Mark Spencer * * This software is distributed under the terms * of the GPL, which you should have received * along with this source. * * Attribute Value Pair creating routines */ #include #include #include #include #include "l2tp.h" struct half_words { _u16 s0; _u16 s1; _u16 s2; _u16 s3; } __attribute__ ((packed)); void add_nonmandatory_header(struct buffer *buf, _u16 length, _u16 type) { struct avp_hdr *avp = (struct avp_hdr *) (buf->start + buf->len); avp->length = htons (length); avp->vendorid = htons (VENDOR_ID); avp->attr = htons (type); } void add_header(struct buffer *buf, _u16 length, _u16 type) { add_nonmandatory_header(buf, length|MBIT, type); } /* * These routines should add AVP's to a buffer * to be sent */ /* FIXME: If SANITY is on, we should check for buffer overruns */ int add_message_type_avp (struct buffer *buf, _u16 type) { struct half_words *ptr = (struct half_words *) (buf->start + buf->len + sizeof(struct avp_hdr)); add_header(buf, 0x8, 0); ptr->s0 = htons(type); buf->len += 0x8; return 0; } int add_protocol_avp (struct buffer *buf) { struct half_words *ptr = (struct half_words *) (buf->start + buf->len + sizeof(struct avp_hdr)); add_header(buf, 0x8, 0x2); /* Length and M bit */ ptr->s0 = htons (OUR_L2TP_VERSION); buf->len += 0x8; return 0; } int add_frame_caps_avp (struct buffer *buf, _u16 caps) { struct half_words *ptr = (struct half_words *) (buf->start + buf->len + sizeof(struct avp_hdr)); add_header(buf, 0xA, 0x3); ptr->s0 = 0; ptr->s1 = htons (caps); buf->len += 0xA; return 0; } int add_bearer_caps_avp (struct buffer *buf, _u16 caps) { struct half_words *ptr = (struct half_words *) (buf->start + buf->len + sizeof(struct avp_hdr)); add_header(buf, 0xA, 0x4); ptr->s0 = 0; ptr->s1 = htons (caps); buf->len += 0xA; return 0; } /* FIXME: I need to send tie breaker AVP's */ int add_firmware_avp (struct buffer *buf) { struct half_words *ptr = (struct half_words *) (buf->start + buf->len + sizeof(struct avp_hdr)); add_nonmandatory_header(buf, 0x8, 0x6); ptr->s0 = htons (FIRMWARE_REV); buf->len += 0x8; return 0; } int add_hostname_avp (struct buffer *buf, const char *hostname) { size_t namelen = strlen(hostname); if (namelen > MAXAVPSIZE - 6) { namelen = MAXAVPSIZE - 6; } add_header(buf, 0x6 + namelen, 0x7); strncpy ((char *) (buf->start + buf->len + sizeof(struct avp_hdr)), hostname, namelen); buf->len += 0x6 + namelen; return 0; } int add_vendor_avp (struct buffer *buf) { add_nonmandatory_header(buf, 0x6 + strlen (VENDOR_NAME), 0x8); strcpy ((char *) (buf->start + buf->len + sizeof(struct avp_hdr)), VENDOR_NAME); buf->len += 0x6 + strlen (VENDOR_NAME); return 0; } int add_tunnelid_avp (struct buffer *buf, _u16 tid) { struct half_words *ptr = (struct half_words *) (buf->start + buf->len + sizeof(struct avp_hdr)); add_header(buf, 0x8, 0x9); ptr->s0 = htons (tid); buf->len += 0x8; return 0; } int add_avp_rws (struct buffer *buf, _u16 rws) { struct half_words *ptr = (struct half_words *) (buf->start + buf->len + sizeof(struct avp_hdr)); add_header(buf, 0x8, 0xA); ptr->s0 = htons (rws); buf->len += 0x8; return 0; } int add_challenge_avp (struct buffer *buf, unsigned char *c, int len) { add_header(buf, (0x6 + len), 0xB); memcpy((char *) (buf->start + buf->len + sizeof(struct avp_hdr)), c, len); buf->len += 0x6 + len; return 0; } int add_chalresp_avp (struct buffer *buf, unsigned char *c, int len) { add_header(buf, (0x6 + len), 0xD); memcpy((char *) (buf->start + buf->len + sizeof(struct avp_hdr)), c, len); buf->len += 0x6 + len; return 0; } int add_randvect_avp (struct buffer *buf, unsigned char *c, int len) { add_header(buf, (0x6 + len), 0x24); memcpy((char *) (buf->start + buf->len + sizeof(struct avp_hdr)), c, len); buf->len += 0x6 + len; return 0; } int add_result_code_avp (struct buffer *buf, _u16 result, _u16 error, char *msg, int len) { struct half_words *ptr = (struct half_words *) (buf->start + buf->len + sizeof(struct avp_hdr)); add_header(buf, (0xA + len), 0x1); ptr->s0 = htons (result); ptr->s1 = htons (error); memcpy ((char *) &ptr->s2, msg, len); buf->len += 0xA + len; return 0; } #ifdef TEST_HIDDEN int add_callid_avp (struct buffer *buf, _u16 callid, struct tunnel *t) { #else int add_callid_avp (struct buffer *buf, _u16 callid) { #endif struct half_words *ptr = (struct half_words *) (buf->start + buf->len + sizeof(struct avp_hdr)); #ifdef TEST_HIDDEN if (t->hbit) raw++; #endif add_header(buf, 0x8, 0xE); ptr->s0 = htons (callid); buf->len += 0x8; #ifdef TEST_HIDDEN if (t->hbit) encrypt_avp (buf, 8, t); #endif return 0; } int add_serno_avp (struct buffer *buf, unsigned int serno) { struct half_words *ptr = (struct half_words *) (buf->start + buf->len + sizeof(struct avp_hdr)); add_header(buf, 0xA, 0xF); ptr->s0 = htons ((serno >> 16) & 0xFFFF); ptr->s1 = htons (serno & 0xFFFF); buf->len += 0xA; return 0; } int add_bearer_avp (struct buffer *buf, int bearer) { struct half_words *ptr = (struct half_words *) (buf->start + buf->len + sizeof(struct avp_hdr)); add_header(buf, 0xA, 0x12); ptr->s0 = htons ((bearer >> 16) & 0xFFFF); ptr->s1 = htons (bearer & 0xFFFF); buf->len += 0xA; return 0; } int add_frame_avp (struct buffer *buf, int frame) { struct half_words *ptr = (struct half_words *) (buf->start + buf->len + sizeof(struct avp_hdr)); add_header(buf, 0xA, 0x13); ptr->s0 = htons ((frame >> 16) & 0xFFFF); ptr->s1 = htons (frame & 0xFFFF); buf->len += 0xA; return 0; } int add_txspeed_avp (struct buffer *buf, int speed) { struct half_words *ptr = (struct half_words *) (buf->start + buf->len + sizeof(struct avp_hdr)); add_header(buf, 0xA, 0x18); ptr->s0 = htons ((speed >> 16) & 0xFFFF); ptr->s1 = htons (speed & 0xFFFF); buf->len += 0xA; return 0; } int add_rxspeed_avp (struct buffer *buf, int speed) { struct half_words *ptr = (struct half_words *) (buf->start + buf->len + sizeof(struct avp_hdr)); add_nonmandatory_header(buf, 0xA, 0x26); ptr->s0 = htons ((speed >> 16) & 0xFFFF); ptr->s1 = htons (speed & 0xFFFF); buf->len += 0xA; return 0; } int add_physchan_avp (struct buffer *buf, unsigned int physchan) { struct half_words *ptr = (struct half_words *) (buf->start + buf->len + sizeof(struct avp_hdr)); add_nonmandatory_header(buf, 0xA, 0x19); ptr->s0 = htons ((physchan >> 16) & 0xFFFF); ptr->s1 = htons (physchan & 0xFFFF); buf->len += 0xA; return 0; } int add_ppd_avp (struct buffer *buf, _u16 ppd) { struct half_words *ptr = (struct half_words *) (buf->start + buf->len + sizeof(struct avp_hdr)); add_header(buf, 0x8, 0x14); ptr->s0 = htons (ppd); buf->len += 0x8; return 0; } int add_seqreqd_avp (struct buffer *buf) { add_header(buf, 0x6, 0x27); buf->len += 0x6; return 0; } /* jz: options dor the outgoing call */ /* jz: Minimum BPS - 16 */ int add_minbps_avp (struct buffer *buf, int speed) { struct half_words *ptr = (struct half_words *) (buf->start + buf->len + sizeof(struct avp_hdr)); add_header(buf, 0xA, 0x10); ptr->s0 = htons ((speed >> 16) & 0xFFFF); ptr->s1 = htons (speed & 0xFFFF); buf->len += 0xA; return 0; } /* jz: Maximum BPS - 17 */ int add_maxbps_avp (struct buffer *buf, int speed) { struct half_words *ptr = (struct half_words *) (buf->start + buf->len + sizeof(struct avp_hdr)); add_header(buf, 0xA, 0x11); ptr->s0 = htons ((speed >> 16) & 0xFFFF); ptr->s1 = htons (speed & 0xFFFF); buf->len += 0xA; return 0; } /* jz: Dialed Number 21 */ int add_number_avp (struct buffer *buf, char *no) { add_header(buf, (0x6 + strlen (no)), 0x15); strncpy ((char *) (buf->start + buf->len + sizeof(struct avp_hdr)), no, strlen (no)); buf->len += 0x6 + strlen (no); return 0; } xl2tpd-1.3.12/call.c000066400000000000000000000452061327764040100141050ustar00rootroot00000000000000/* * Layer Two Tunnelling Protocol Daemon * Copyright (C) 1998 Adtran, Inc. * Copyright (C) 2002 Jeff McAdams * * Mark Spencer * * This software is distributed under the terms * of the GPL, which you should have received * along with this source. * * Handle a call as a separate thread */ #include #include #include #include #include #include #include #include #include #include #include #include #include "l2tp.h" #include "ipsecmast.h" struct buffer *new_payload (struct sockaddr_in peer) { struct buffer *tmp = new_buf (MAX_RECV_SIZE); if (!tmp) return NULL; tmp->peer = peer; tmp->start += sizeof (struct payload_hdr); tmp->len = 0; return tmp; } inline void recycle_payload (struct buffer *buf, struct sockaddr_in peer) { buf->start = buf->rstart + sizeof (struct payload_hdr); buf->len = 0; buf->peer = peer; } void add_payload_hdr (struct tunnel *t, struct call *c, struct buffer *buf) { struct payload_hdr *p; buf->start -= sizeof (struct payload_hdr); buf->len += sizeof (struct payload_hdr); /* Account for no offset */ buf->start += 2; buf->len -= 2; if (!c->fbit && !c->ourfbit) { /* Forget about Ns and Nr fields then */ buf->start += 4; buf->len -= 4; } if (!c->lbit) { /* Forget about specifying the length */ buf->start += 2; buf->len -= 2; } p = (struct payload_hdr *) buf->start; /* p->ver = htons(c->lbit | c->rbit | c->fbit | c->ourfbit | VER_L2TP); */ p->ver = htons (c->lbit | c->fbit | c->ourfbit | VER_L2TP); if (c->lbit) { p->length = htons ((_u16) buf->len); } else { p = (struct payload_hdr *) (((char *) p) - 2); } p->tid = htons (t->tid); p->cid = htons (c->cid); if (c->fbit || c->ourfbit) { p->Ns = htons (c->data_seq_num); p->Nr = htons (c->data_rec_seq_num); } c->data_seq_num++; /* c->rbit=0; */ } int read_packet (struct call *c) { struct buffer *buf = c->ppp_buf; unsigned char ch; unsigned char escape = 0; unsigned char *p; int res; int errors = 0; p = buf->start + buf->len; while (1) { if (c->rbuf_pos >= c->rbuf_max) { c->rbuf_max = read(c->fd, c->rbuf, sizeof (c->rbuf)); res = c->rbuf_max; c->rbuf_pos = 0; } else { res = 1; } ch = c->rbuf[c->rbuf_pos++]; /* if there was a short read, then see what is about */ if (res < 1) { if (res == 0) { /* * Hmm.. Nothing to read. It happens */ return 0; } else if ((errno == EIO) || (errno == EINTR) || (errno == EAGAIN)) { /* * Oops, we were interrupted! * Or, we ran out of data too soon * anyway, we discarded whatever it is we * have */ return 0; } errors++; l2tp_log (LOG_DEBUG, "%s: Error %d (%s)\n", __FUNCTION__, errno, strerror (errno)); if (errors > 10) { l2tp_log (LOG_DEBUG, "%s: Too many errors. Declaring call dead.\n", __FUNCTION__); c->rbuf_pos = 0; c->rbuf_max = 0; return -errno; } continue; } switch (ch) { case PPP_FLAG: if (escape) { l2tp_log (LOG_DEBUG, "%s: got an escaped PPP_FLAG\n", __FUNCTION__); c->rbuf_pos = 0; c->rbuf_max = 0; return -EINVAL; } if (buf->len >= 2) { /* must be the end, drop the FCS */ buf->len -= 2; } else if (buf->len == 1) { /* Do nothing, just return the single character*/ } else { /* if the buffer is empty, then we have the beginning * of a packet, not the end */ break; } /* return what we have now */ return buf->len; case PPP_ESCAPE: escape = PPP_TRANS; break; default: ch ^= escape; escape = 0; if (buf->len < buf->maxlen) { *p = ch; p++; buf->len++; break; } l2tp_log (LOG_WARNING, "%s: read overrun\n", __FUNCTION__); c->rbuf_pos = 0; c->rbuf_max = 0; return -EINVAL; } } /* I should never get here */ l2tp_log (LOG_WARNING, "%s: You should not see this message. If you do, please enter " "a bug report at http://lists.xelerance.com/mailman/listinfo/xl2tpd", __FUNCTION__); return -EINVAL; } void call_close (struct call *c) { struct buffer *buf; struct schedule_entry *se, *ose; struct call *tmp, *tmp2; if (!c || !c->container) { l2tp_log (LOG_DEBUG, "%s: called on null call or containerless call\n", __FUNCTION__); return; } if (c == c->container->self) { /* * We're actually closing the * entire tunnel */ /* First de-schedule any remaining packet transmissions for this tunnel. That means Hello's and any remaining packets scheduled for transmission. This is a very nasty little piece of code here. */ se = events; ose = NULL; while (se) { if ((((struct buffer *) se->data)->tunnel == c->container) || ((struct tunnel *) se->data == c->container)) { #ifdef DEBUG_CLOSE l2tp_log (LOG_DEBUG, "%s: Descheduling event\n", __FUNCTION__); #endif if (ose) { ose->next = se->next; if ((struct tunnel *) se->data != c->container) toss ((struct buffer *) (se->data)); free (se); se = ose->next; } else { events = se->next; if ((struct tunnel *) se->data != c->container) toss ((struct buffer *) (se->data)); free (se); se = events; } } else { ose = se; se = se->next; } } if (c->closing) { /* Really close this tunnel, as our StopCCN has been ACK'd */ #ifdef DEBUG_CLOSE l2tp_log (LOG_DEBUG, "%s: Actually closing tunnel %d\n", __FUNCTION__, c->container->ourtid); #endif destroy_tunnel (c->container); return; } /* * We need to close, but need to provide reliable delivery * of the final StopCCN. We record our state to know when * we have actually received an ACK on our StopCCN */ c->closeSs = c->container->control_seq_num; buf = new_outgoing (c->container); add_message_type_avp (buf, StopCCN); if (c->container->hbit) { mk_challenge (c->container->chal_them.vector, VECTOR_SIZE); add_randvect_avp (buf, c->container->chal_them.vector, VECTOR_SIZE); } add_tunnelid_avp (buf, c->container->ourtid); if (c->result < 0) c->result = RESULT_CLEAR; if (c->error < 0) c->error = 0; add_result_code_avp (buf, c->result, c->error, c->errormsg, strlen (c->errormsg)); add_control_hdr (c->container, c, buf); if (gconfig.packet_dump) do_packet_dump (buf); #ifdef DEBUG_CLOSE l2tp_log (LOG_DEBUG, "%s: enqueing close message for tunnel\n", __FUNCTION__); #endif control_xmit (buf); /* * We also need to stop all traffic on any calls contained * within us. */ tmp = c->container->call_head; while (tmp) { tmp2 = tmp->next; tmp->needclose = 0; tmp->closing = -1; call_close (tmp); tmp = tmp2; } l2tp_log (LOG_INFO, "Connection %d closed to %s, port %d (%s)\n", c->container->tid, IPADDY (c->container->peer.sin_addr), ntohs (c->container->peer.sin_port), c->errormsg); } else { /* * Just close a call */ if (c->zlb_xmit) deschedule (c->zlb_xmit); /* if (c->dethrottle) deschedule(c->dethrottle); */ if (c->closing) { #ifdef DEBUG_CLOSE l2tp_log (LOG_DEBUG, "%s: Actually closing call %d\n", __FUNCTION__, c->ourcid); #endif destroy_call (c); return; } c->closeSs = c->container->control_seq_num; buf = new_outgoing (c->container); add_message_type_avp (buf, CDN); if (c->container->hbit) { mk_challenge (c->container->chal_them.vector, VECTOR_SIZE); add_randvect_avp (buf, c->container->chal_them.vector, VECTOR_SIZE); } if (c->result < 0) c->result = RESULT_CLEAR; if (c->error < 0) c->error = 0; add_result_code_avp (buf, c->result, c->error, c->errormsg, strlen (c->errormsg)); #ifdef TEST_HIDDEN add_callid_avp (buf, c->ourcid, c->container); #else add_callid_avp (buf, c->ourcid); #endif add_control_hdr (c->container, c, buf); if (gconfig.packet_dump) do_packet_dump (buf); #ifdef DEBUG_CLOSE l2tp_log (LOG_DEBUG, "%s: enqueuing close message for call %d\n", __FUNCTION__, c->ourcid); #endif control_xmit (buf); l2tp_log (LOG_INFO, "%s: Call %d to %s disconnected\n", __FUNCTION__, c->ourcid, IPADDY (c->container->peer.sin_addr)); } /* * Note that we're in the process of closing now */ c->closing = -1; } void destroy_call (struct call *c) { /* * Here, we unconditionally destroy a call. */ struct call *p; struct timeval tv; pid_t pid; /* * Close the tty */ if (c->fd > 0) { close (c->fd); c->fd = -1; } /* if (c->dethrottle) deschedule(c->dethrottle); */ if (c->zlb_xmit) deschedule (c->zlb_xmit); toss(c->ppp_buf); #ifdef IP_ALLOCATION if (c->addr) unreserve_addr (c->addr); if (c->lns && c->lns->localrange) unreserve_addr (c->lns->localaddr); #endif /* * Kill off PPPD and wait for it to * return to us. This should only be called * in rare cases if PPPD hasn't already died * voluntarily */ pid = c->pppd; if (pid > 0) { /* Set c->pppd to zero to prevent recursion with child_handler */ c->pppd = 0; /* * There is a bug in some PPPD versions where sending a SIGTERM * does not actually seem to kill PPPD, and xl2tpd waits indefinately * using waitpid, not accepting any new connections either. Therefor * we now use some more force and send it a SIGKILL instead of SIGTERM. * One confirmed buggy version of pppd is ppp-2.4.2-6.4.RHEL4 * See http://bugs.xelerance.com/view.php?id=739 * * Sometimes pppd takes 7 sec to go down! We don't have that much time, * since all other calls are suspended while doing this. */ #ifdef TRUST_PPPD_TO_DIE #ifdef DEBUG_PPPD l2tp_log (LOG_DEBUG, "Terminating pppd: sending TERM signal to pid %d\n", pid); #endif kill (pid, SIGTERM); #else #ifdef DEBUG_PPPD l2tp_log (LOG_DEBUG, "Terminating pppd: sending KILL signal to pid %d\n", pid); #endif kill (pid, SIGKILL); #endif } if (c->container) { p = c->container->call_head; /* * Remove us from the call list, although * we might not actually be there */ if (p) { if (p == c) { c->container->call_head = c->next; c->container->count--; } else { while (p->next && (p->next != c)) p = p->next; if (p->next) { p->next = c->next; c->container->count--; } } } } if (c->lac) { c->lac->c = NULL; if (c->lac->redial && (c->lac->rtimeout > 0) && !c->lac->rsched && c->lac->active) { #ifdef DEBUG_MAGIC l2tp_log (LOG_DEBUG, "Will redial in %d seconds\n", c->lac->rtimeout); #endif tv.tv_sec = c->lac->rtimeout; tv.tv_usec = 0; c->lac->rsched = schedule (tv, magic_lac_dial, c->lac); } } if(c->oldptyconf) free(c->oldptyconf); free (c); } struct call *new_call (struct tunnel *parent) { unsigned char entropy_buf[2] = "\0"; struct call *tmp = calloc (1,sizeof (struct call)); if (!tmp) return NULL; tmp->tx_pkts = 0; tmp->rx_pkts = 0; tmp->tx_bytes = 0; tmp->rx_bytes = 0; tmp->zlb_xmit = NULL; /* tmp->throttle = 0; */ /* tmp->dethrottle=NULL; */ tmp->prx = 0; /* tmp->rbit = 0; */ tmp->msgtype = 0; /* tmp->timeout = 0; */ tmp->data_seq_num = 0; tmp->data_rec_seq_num = 0; tmp->pLr = -1; tmp->nego = 0; tmp->debug = 0; tmp->seq_reqd = 0; tmp->state = 0; /* Nothing so far */ if (parent->self) { #ifndef TESTING /* while(get_call(parent->ourtid, (tmp->ourcid = (rand() && 0xFFFF)),0,0)); */ /* FIXME: What about possibility of multiple random #'s??? */ /* tmp->ourcid = (rand () & 0xFFFF); */ get_entropy(entropy_buf, 2); { unsigned short *temp; temp = (unsigned short *)entropy_buf; tmp->ourcid = *temp & 0xFFFF; #ifdef DEBUG_ENTROPY l2tp_log(LOG_DEBUG, "ourcid = %u, entropy_buf = %hx\n", tmp->ourcid, *temp); #endif } #else tmp->ourcid = 0x6227; #endif } tmp->dialed[0] = 0; tmp->dialing[0] = 0; tmp->subaddy[0] = 0; tmp->physchan = -1; tmp->serno = 0; tmp->bearer = -1; tmp->cid = -1; tmp->qcid = -1; tmp->container = parent; /* tmp->rws = -1; */ tmp->fd = -1; tmp->rbuf_pos = 0; tmp->rbuf_max = 0; tmp->ppp_buf = new_payload (parent->peer); tmp->oldptyconf = malloc (sizeof (struct termios)); tmp->pnu = 0; tmp->cnu = 0; tmp->needclose = 0; tmp->closing = 0; tmp->die = 0; tmp->pppd = 0; tmp->error = -1; tmp->result = -1; tmp->errormsg[0] = 0; tmp->fbit = 0; tmp->cid = 0; tmp->lbit = 0; /* Inherit LAC and LNS from parent */ tmp->lns = parent->lns; tmp->lac = parent->lac; tmp->addr = 0; /* tmp->ourrws = DEFAULT_RWS_SIZE; */ /* if (tmp->ourrws >= 0) tmp->ourfbit = FBIT; else */ tmp->ourfbit = 0; /* initialize to 0 since we don't actually use this value at this point anywhere in the code (I don't think) We might just be able to remove it completely */ tmp->dial_no[0] = '\0'; /* jz: dialing number for outgoing call */ return tmp; } struct call *get_tunnel (int tunnel, unsigned int addr, int port) { struct tunnel *st; if (tunnel) { st = tunnels.head; while (st) { if (st->ourtid == tunnel) { return st->self; } st = st->next; } } return NULL; } struct call *get_call (int tunnel, int call, struct in_addr addr, int port, IPsecSAref_t refme, IPsecSAref_t refhim) { /* * Figure out which call struct should handle this. * If we have tunnel and call ID's then they are unique. * Otherwise, if the tunnel is 0, look for an existing connection * or create a new tunnel. */ struct tunnel *st; struct call *sc; if (tunnel) { st = tunnels.head; while (st) { if (st->ourtid == tunnel && (gconfig.ipsecsaref==0 || (st->refhim == refhim || refhim==IPSEC_SAREF_NULL || st->refhim==IPSEC_SAREF_NULL))) { if (call) { sc = st->call_head; while (sc) { /* confirm that this is in fact a call with the right SA! */ if (sc->ourcid == call) return sc; sc = sc->next; } l2tp_log (LOG_DEBUG, "%s: can't find call %d in tunnel %d\n (ref=%d/%d)", __FUNCTION__, call, tunnel, refme, refhim); return NULL; } else { return st->self; } } st = st->next; } l2tp_log (LOG_INFO, "Can not find tunnel %u (refhim=%u)\n", tunnel, refhim); return NULL; } else { /* You can't specify a call number if you haven't specified a tunnel silly! */ if (call) { l2tp_log (LOG_WARNING, "%s: call ID specified, but no tunnel ID specified. tossing.\n", __FUNCTION__); return NULL; } /* * Well, nothing appropriate... Let's add a new tunnel, if * we are not at capacity. */ if (gconfig.debug_tunnel) { l2tp_log (LOG_DEBUG, "%s: allocating new tunnel for host %s, port %d.\n", __FUNCTION__, IPADDY (addr), ntohs (port)); } if (!(st = new_tunnel ())) { l2tp_log (LOG_WARNING, "%s: unable to allocate new tunnel for host %s, port %d.\n", __FUNCTION__, IPADDY (addr), ntohs (port)); return NULL; }; st->peer.sin_family = AF_INET; st->peer.sin_port = port; st->refme = refme; st->refhim = refhim; st->udp_fd = -1; st->pppox_fd = -1; bcopy (&addr, &st->peer.sin_addr, sizeof (addr)); st->next = tunnels.head; tunnels.head = st; tunnels.count++; return st->self; } } xl2tpd-1.3.12/call.h000066400000000000000000000116671327764040100141160ustar00rootroot00000000000000/* * Layer Two Tunnelling Protocol Daemon * Copyright (C) 1998 Adtran, Inc. * Copyright (C) 2002 Jeff McAdams * * Mark Spencer * * This software is distributed under the terms * of the GPL, which you should have received * along with this source. * * Handle a call as a separate thread (header file) */ #include #include "misc.h" #include "common.h" #include "ipsecmast.h" #define CALL_CACHE_SIZE 256 struct call { /* int rbit; Set the "R" bit on the next packet? */ int lbit; /* Should we send length field? */ /* int throttle; Throttle the connection? */ int seq_reqd; /* Sequencing required? */ int tx_pkts; /* Transmitted packets */ int rx_pkts; /* Received packets */ int tx_bytes; /* transmitted bytes */ int rx_bytes; /* received bytes */ struct schedule_entry *zlb_xmit; /* Scheduled ZLB transmission */ /* struct schedule_entry *dethrottle; */ /* Scheduled dethrottling (overrun) */ /* int timeout; Has our timeout expired? If so, we'll go ahead and transmit, full window or not, and set the R-bit on this packet. */ int prx; /* What was the last packet we sent as an Nr? Used to manage payload ZLB's */ int state; /* Current state */ int frame; /* Framing being used */ struct call *next; /* Next call, for linking */ int debug; int msgtype; /* What kind of message are we working with right now? */ int ourcid; /* Our call number */ int cid; /* Their call number */ int qcid; /* Quitting CID */ int bearer; /* Bearer type of call */ unsigned int serno; /* Call serial number */ unsigned int addr; /* Address reserved for this call */ int txspeed; /* Transmit speed */ int rxspeed; /* Receive speed */ int ppd; /* Packet processing delay (of peer) */ int physchan; /* Physical channel ID */ char dialed[MAXSTRLEN]; /* Number dialed for call */ char dialing[MAXSTRLEN]; /* Original caller ID */ char subaddy[MAXSTRLEN]; /* Sub address */ int needclose; /* Do we need to close this call? */ int closing; /* Are we actually in the process of closing? */ /* needclose closing state ========= ======= ===== 0 0 Running 1 0 Send Closing notice 1 1 Waiting for closing notice 0 1 Closing ZLB received, actulaly close */ struct tunnel *container; /* Tunnel we belong to */ int fd; /* File descriptor for pty */ unsigned char rbuf[MAX_RECV_SIZE]; /* pty read buffer */ int rbuf_pos; /* Read buffer position */ int rbuf_max; /* Read buffer data length */ struct buffer *ppp_buf; /* Packet readed from pty */ struct termios *oldptyconf; int die; int nego; /* Show negotiation? */ int pppd; /* PID of pppd */ int result; /* Result code */ int error; /* Error code */ int fbit; /* Use sequence numbers? */ int ourfbit; /* Do we want sequence numbers? */ /* int ourrws; Our RWS for the call */ int cnu; /* Do we need to send updated Ns, Nr values? */ int pnu; /* ditto for payload packet */ char errormsg[MAXSTRLEN]; /* Error message */ /* int rws; Receive window size, or -1 for none */ struct timeval lastsent; /* When did we last send something? */ _u16 data_seq_num; /* Sequence for next payload packet */ _u16 data_rec_seq_num; /* Sequence for next received payload packet */ _u16 closeSs; /* What number was in Ns when we started to close? */ int pLr; /* Last packet received by peer */ struct lns *lns; /* LNS that owns us */ struct lac *lac; /* LAC that owns us */ char dial_no[128]; /* jz: dialing number for outgoing call */ }; extern void push_handler (int); extern void toss (struct buffer *); extern struct call *get_call (int tunnel, int call, struct in_addr addr, int port, IPsecSAref_t refme, IPsecSAref_t refhim); extern struct call *get_tunnel (int, unsigned int, int); extern void destroy_call (struct call *); extern struct call *new_call (struct tunnel *); extern void set_error (struct call *, int, const char *, ...); void *call_thread_init (void *); void call_close (struct call *); xl2tpd-1.3.12/common.h000066400000000000000000000007021327764040100144570ustar00rootroot00000000000000/* * Layer 2 Tunnelling Protocol Daemon * Copyright (C) 2002 Jeff McAdams * * This software is distributed under the terms of the GPL, which you * should have receivede along with this source. * * Defines common to several different files */ #ifndef _COMMON_H_ typedef unsigned char _u8; typedef unsigned short _u16; typedef unsigned long long _u64; extern int rand_source; #ifndef LINUX # define SOL_IP 0 #endif #define _COMMON_H_ #endif xl2tpd-1.3.12/contrib/000077500000000000000000000000001327764040100144575ustar00rootroot00000000000000xl2tpd-1.3.12/contrib/pfc.1000066400000000000000000000042111327764040100153070ustar00rootroot00000000000000.\" Hey, EMACS: -*- nroff -*- .\" First parameter, NAME, should be all caps .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection .\" other parameters are allowed: see man(7), man(1) .TH PFC 1 "October 30, 2008" .\" Please adjust this date whenever revising the manpage. .\" .\" Some roff macros, for reference: .\" .nh disable hyphenation .\" .hy enable hyphenation .\" .ad l left justify .\" .ad b justify to both left and right margins .\" .nf disable filling .\" .fi enable filling .\" .br insert line break .\" .sp insert n+1 empty lines .\" for manpage-specific macros, see man(7) .SH NAME pfc \- active precompiled filters generator .SH SYNOPSIS .B pfc .RI >/etc/ppp/your.active.filter .SH DESCRIPTION This manual page documents briefly the .B pfc command. .PP .\" TeX users may be more comfortable with the \fB\fP and .\" \fI\fP escape sequences to invode bold face and italics, .\" respectively. \fBpfc\fP is the Precompiled Filter Compiler - a tool to generate "active precompiled filters". If your pppd supports this feature, you can use this utility to generate the filter files. The Active Filter allows a connect on demand pppd to determine what is 'interesting' traffic, and then initiate the PPP session. The tool allows you to create the filters, in libpcap format, for use by pppd. Common filters are used to ignore traffic (ie: ntp, various protocol keepalives, etc...) so PPP sessions are not initiated until 'real' traffic requires them. .PP Note that the generated compiled filter expression is specific to point-to-point links, and differs from the format generated by tcpdump -ddd. .PP (specify precompiled-active-filter=/etc/ppp/your.active.filter in the ppp options file) .SH EXAMPLE /usr/bin/pfc ntp and ldap > /etc/ppp/your.active.filter .SH SEE ALSO pfc is from the FLoppy Isdn 4 Linux project - see http://www.fli4l.de/en/home/news/ .SH AUTHOR This manual page was written by Roberto C. Sanchez , for the Debian project (but may be used by others). xl2tpd-1.3.12/contrib/pfc.README000066400000000000000000000006771327764040100161200ustar00rootroot00000000000000 Source: http://www.fli4l.de/en/home/news/ If pppd supports "active precompiled filters", you can use this utiliy to generate them. This is useful for preventing the pppd to bring an on-demand connection up by spurious traffic, such as ntp or routing protocol packets. usage: pfc > /etc/ppp/your.active.filter (specify precompiled-active-filter=/etc/ppp/your.active.filter in the ppp options file) example: ./pfc ntp and ldap xl2tpd-1.3.12/contrib/pfc.c000066400000000000000000000023461327764040100154000ustar00rootroot00000000000000/* * Taken from fli4l 3.0 * Make sure you compile it against the same libpcap version used in OpenWrt */ #include #include #include #include #ifdef LINUX # include # include # include #endif #if defined(FREEBSD) || defined(OPENBSD) || defined(NETBSD) || defined(SOLARIS) # include #endif #ifdef SOLARIS # define u_int32_t unsigned int #endif #include int main (int argc, char ** argv) { pcap_t *pc; /* Fake struct pcap so we can compile expr */ struct bpf_program filter; /* Filter program for link-active pkts */ u_int32_t netmask=0; int dflag = 3; if (argc == 4) { if (!strcmp (argv[1], "-d")) { dflag = atoi (argv[2]); argv += 2; argc -=2; } } if (argc != 2) { printf ("usage; %s [ -d ] expression\n", argv[0]); return 1; } pc = pcap_open_dead(DLT_PPP_PPPD, PPP_HDRLEN); if (pcap_compile(pc, &filter, argv[1], 1, netmask) == 0) { printf ("#\n# Expression: %s\n#\n", argv[1]); bpf_dump (&filter, dflag); return 0; } else { printf("error in active-filter expression: %s\n", pcap_geterr(pc)); } return 1; } xl2tpd-1.3.12/contrib/pppol2tp-2.6.23.README000066400000000000000000000002611327764040100176430ustar00rootroot00000000000000No patch is required for linux 2.6.23 and up. The kernel comes native support for kernel mode l2tp. You can verify this by looking for the file /usr/include/linux/if_pppol2tp.h xl2tpd-1.3.12/contrib/pppol2tp-linux-2.4.27.patch000066400000000000000000002562431327764040100211610ustar00rootroot00000000000000Index: linux-2.4.27-l2tp/Documentation/Configure.help =================================================================== --- linux-2.4.27-l2tp.orig/Documentation/Configure.help +++ linux-2.4.27-l2tp/Documentation/Configure.help @@ -9913,6 +9913,16 @@ CONFIG_PPPOE on cvs.samba.org. The required support will be present in the next ppp release (2.4.2). +PPP over L2TP +config PPPOL2TP + Support for PPP-over-L2TP socket family. L2TP is a protocol used by + ISPs and enterprises to tunnel PPP traffic over UDP tunnels. L2TP is + replacing PPTP for VPN uses. + + This kernel component handles only L2TP data packets: a userland + daemon handles L2TP control protocol (tunnel and session setup). One + such daemon is OpenL2TP (http://openl2tp.sourceforge.net/). + Wireless LAN (non-hamradio) CONFIG_NET_RADIO Support for wireless LANs and everything having to do with radio, Index: linux-2.4.27-l2tp/drivers/net/Config.in =================================================================== --- linux-2.4.27-l2tp.orig/drivers/net/Config.in +++ linux-2.4.27-l2tp/drivers/net/Config.in @@ -327,6 +327,7 @@ if [ ! "$CONFIG_PPP" = "n" ]; then dep_tristate ' PPP BSD-Compress compression' CONFIG_PPP_BSDCOMP $CONFIG_PPP if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then dep_tristate ' PPP over Ethernet (EXPERIMENTAL)' CONFIG_PPPOE $CONFIG_PPP + dep_tristate ' PPP over L2TP (EXPERIMENTAL)' CONFIG_PPPOL2TP $CONFIG_PPP $CONFIG_PPPOE fi if [ "$CONFIG_ATM" = "y" -o "$CONFIG_ATM" = "m" ]; then dep_tristate ' PPP over ATM (EXPERIMENTAL)' CONFIG_PPPOATM $CONFIG_PPP $CONFIG_ATM Index: linux-2.4.27-l2tp/drivers/net/Makefile =================================================================== --- linux-2.4.27-l2tp.orig/drivers/net/Makefile +++ linux-2.4.27-l2tp/drivers/net/Makefile @@ -162,6 +162,7 @@ obj-$(CONFIG_PPP_SYNC_TTY) += ppp_synctt obj-$(CONFIG_PPP_DEFLATE) += ppp_deflate.o obj-$(CONFIG_PPP_BSDCOMP) += bsd_comp.o obj-$(CONFIG_PPPOE) += pppox.o pppoe.o +obj-$(CONFIG_PPPOL2TP) += pppox.o pppol2tp.o obj-$(CONFIG_SLIP) += slip.o ifeq ($(CONFIG_SLIP_COMPRESSED),y) Index: linux-2.4.27-l2tp/drivers/net/pppol2tp.c =================================================================== --- /dev/null +++ linux-2.4.27-l2tp/drivers/net/pppol2tp.c @@ -0,0 +1,2588 @@ +/** -*- linux-c -*- *********************************************************** + * Linux PPP over L2TP (PPPoX/PPPoL2TP) Sockets + * + * PPPoX --- Generic PPP encapsulation socket family + * PPPoL2TP --- PPP over L2TP (RFC 2661) + * + * + * Version: 0.13.0 + * + * 251003 : Copied from pppoe.c version 0.6.9. + * + * Author: Martijn van Oosterhout + * Contributors: + * Michal Ostrowski + * Arnaldo Carvalho de Melo + * David S. Miller (davem@redhat.com) + * James Chapman (jchapman@katalix.com) + * + * License: + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + * + */ + +/* This driver handles only L2TP data frames; control frames are handled by a + * userspace application. + * + * To send data in an L2TP session, userspace opens a PPPoL2TP socket and + * attaches it to a bound UDP socket with local tunnel_id / session_id and + * peer tunnel_id / session_id set. Data can then be sent or received using + * regular socket sendmsg() / recvmsg() calls. Kernel parameters of the socket + * can be read or modified using ioctl() or [gs]etsockopt() calls. + * + * When a PPPoL2TP socket is connected with local and peer session_id values + * zero, the socket is treated as a special tunnel management socket. + * + * Here's example userspace code to create a socket for sending/receiving data + * over an L2TP session:- + * + * struct sockaddr_pppol2tp sax; + * int fd; + * int session_fd; + * + * fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP); + * + * sax.sa_family = AF_PPPOX; + * sax.sa_protocol = PX_PROTO_OL2TP; + * sax.pppol2tp.fd = tunnel_fd; // bound UDP socket + * sax.pppol2tp.pid = 0; // current pid owns UDP socket + * sax.pppol2tp.addr.sin_addr.s_addr = addr->sin_addr.s_addr; + * sax.pppol2tp.addr.sin_port = addr->sin_port; + * sax.pppol2tp.addr.sin_family = AF_INET; + * sax.pppol2tp.s_tunnel = tunnel_id; + * sax.pppol2tp.s_session = session_id; + * sax.pppol2tp.d_tunnel = peer_tunnel_id; + * sax.pppol2tp.d_session = peer_session_id; + * + * session_fd = connect(fd, (struct sockaddr *)&sax, sizeof(sax)); + * + */ + +#include +#include +#include + +#include +#include + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#define PPPOL2TP_DRV_VERSION "V0.13" + +/* Developer debug code. */ +#if 0 +#define DEBUG /* Define to compile in very verbose developer + * debug */ +#define DEBUG_MOD_USE_COUNT /* Define to debug module use count bugs */ +#endif + +/* Useful to debug module use_count problems */ +#ifdef DEBUG_MOD_USE_COUNT +#undef MOD_INC_USE_COUNT +#undef MOD_DEC_USE_COUNT +static int mod_use_count = 0; +#define MOD_INC_USE_COUNT do { \ + mod_use_count++; \ + printk(KERN_DEBUG "%s: INC_USE_COUNT, now %d\n", __FUNCTION__, mod_use_count); \ +} while (0) +#define MOD_DEC_USE_COUNT do { \ + mod_use_count--; \ + printk(KERN_DEBUG "%s: DEC_USE_COUNT, now %d\n", __FUNCTION__, mod_use_count); \ +} while (0) +#endif /* DEBUG_MOD_USE_COUNT */ + +/* Timeouts are specified in milliseconds to/from userspace */ +#define JIFFIES_TO_MS(t) ((t) * 1000 / HZ) +#define MS_TO_JIFFIES(j) ((j * HZ) / 1000) + +/* L2TP header constants */ +#define L2TP_HDRFLAG_T 0x8000 +#define L2TP_HDRFLAG_L 0x4000 +#define L2TP_HDRFLAG_S 0x0800 +#define L2TP_HDRFLAG_O 0x0200 +#define L2TP_HDRFLAG_P 0x0100 + +#define L2TP_HDR_VER_MASK 0x000F +#define L2TP_HDR_VER 0x0002 + +/* Space for UDP, L2TP and PPP headers */ +#define PPPOL2TP_HEADER_OVERHEAD 40 + +/* Just some random numbers */ +#define L2TP_TUNNEL_MAGIC 0x42114DDA +#define L2TP_SESSION_MAGIC 0x0C04EB7D + +#define PPPOL2TP_HASH_BITS 4 +#define PPPOL2TP_HASH_SIZE (1 << PPPOL2TP_HASH_BITS) + +/* Default trace flags */ +#ifdef DEBUG +#define PPPOL2TP_DEFAULT_DEBUG_FLAGS -1 +#else +#define PPPOL2TP_DEFAULT_DEBUG_FLAGS 0 +#endif + +/* For kernel compatability. This might not work for early 2.4 kernels */ +#ifndef dst_pmtu +#define dst_pmtu(dst) dst->pmtu +#endif + +/* Debug kernel message control. + * Verbose debug messages (L2TP_MSG_DEBUG flag) are optionally compiled in. + */ +#ifdef DEBUG +#define DPRINTK(_mask, _fmt, args...) \ + do { \ + if ((_mask) & PPPOL2TP_MSG_DEBUG) \ + printk(KERN_DEBUG "PPPOL2TP %s: " _fmt, \ + __FUNCTION__, ##args); \ + } while(0) +#else +#define DPRINTK(_mask, _fmt, args...) do { } while(0) +#endif /* DEBUG */ + +#define PRINTK(_mask, _type, _lvl, _fmt, args...) \ + do { \ + if ((_mask) & (_type)) \ + printk(_lvl "PPPOL2TP: " _fmt, ##args); \ + } while(0) + +/* Extra driver debug. Should only be enabled by developers working on + * this driver. + */ +#ifdef DEBUG +#define ENTER_FUNCTION printk(KERN_DEBUG "PPPOL2TP: --> %s\n", __FUNCTION__) +#define EXIT_FUNCTION printk(KERN_DEBUG "PPPOL2TP: <-- %s\n", __FUNCTION__) +#else +#define ENTER_FUNCTION do { } while(0) +#define EXIT_FUNCTION do { } while(0) +#endif + +#define container_of(ptr, type, member) ({ \ + const typeof( ((type *)0)->member ) *__mptr = (ptr); \ + (type *)( (char *)__mptr - offsetof(type,member) );}) + +struct pppol2tp_tunnel; + +/* Describes a session. It is the user_data field in the PPPoL2TP + * socket. Contains information to determine incoming packets and transmit + * outgoing ones. + */ +struct pppol2tp_session +{ + int magic; /* should be + * L2TP_SESSION_MAGIC */ + int owner; /* pid that opened the socket */ + + struct sock *sock; /* Pointer to the session + * PPPoX socket */ + struct sock *tunnel_sock; /* Pointer to the tunnel UDP + * socket */ + + struct pppol2tp_addr tunnel_addr; /* Description of tunnel */ + + struct pppol2tp_tunnel *tunnel; /* back pointer to tunnel + * context */ + + char name[20]; /* "sess xxxxx/yyyyy", where + * x=tunnel_id, y=session_id */ + int mtu; + int mru; + int flags; /* accessed by PPPIOCGFLAGS. + * Unused. */ + int recv_seq:1; /* expect receive packets with + * sequence numbers? */ + int send_seq:1; /* send packets with sequence + * numbers? */ + int lns_mode:1; /* behave as LNS? LAC enables + * sequence numbers under + * control of LNS. */ + int debug; /* bitmask of debug message + * categories */ + int reorder_timeout; /* configured reorder timeout + * (in jiffies) */ + u16 nr; /* session NR state (receive) */ + u16 ns; /* session NR state (send) */ + struct sk_buff_head reorder_q; /* receive reorder queue */ + struct pppol2tp_ioc_stats stats; + struct hlist_node hlist; /* Hash list node */ +}; + +/* The user_data field of the tunnel's UDP socket. It contains info to track + * all the associated sessions so incoming packets can be sorted out + */ +struct pppol2tp_tunnel +{ + int magic; /* Should be L2TP_TUNNEL_MAGIC */ + + struct proto *old_proto; /* original proto */ + struct proto l2tp_proto; /* L2TP proto */ + rwlock_t hlist_lock; /* protect session_hlist */ + struct hlist_head session_hlist[PPPOL2TP_HASH_SIZE]; + /* hashed list of sessions, + * hashed by id */ + int debug; /* bitmask of debug message + * categories */ + char name[12]; /* "tunl xxxxx" */ + struct pppol2tp_ioc_stats stats; + + void (*old_data_ready)(struct sock *, int); + void (*old_sk_destruct)(struct sock *); + + struct sock *sock; /* Parent socket */ + struct list_head list; /* Keep a list of all open + * prepared sockets */ + + atomic_t session_count; +}; + +/* Private data stored for received packets in the skb. + */ +struct pppol2tp_skb_cb { + u16 ns; + u16 nr; + int has_seq; + int length; + unsigned long expires; +}; + +#define PPPOL2TP_SKB_CB(skb) ((struct pppol2tp_skb_cb *) &skb->cb[sizeof(struct inet_skb_parm)]) + +/* Number of bytes to build transmit L2TP headers. + * Unfortunately the size is different depending on whether sequence numbers + * are enabled. + */ +#define PPPOL2TP_L2TP_HDR_SIZE_SEQ 10 +#define PPPOL2TP_L2TP_HDR_SIZE_NOSEQ 6 + + +static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb); + +static struct ppp_channel_ops pppol2tp_chan_ops = { pppol2tp_xmit , NULL }; +static struct proto_ops pppol2tp_ops; +static LIST_HEAD(pppol2tp_tunnel_list); + +/* Macros to derive session/tunnel context pointers from a socket. */ +#define SOCK_2_SESSION(sock, session, err, errval, label, quiet) \ + session = (struct pppol2tp_session *)((sock)->user_data); \ + if (!session || session->magic != L2TP_SESSION_MAGIC) { \ + if (!quiet) \ + printk(KERN_ERR "%s: %s:%d: BAD SESSION MAGIC " \ + "(" #sock "=%p) session=%p magic=%x\n", \ + __FUNCTION__, __FILE__, __LINE__, sock, \ + session, session ? session->magic : 0); \ + err = errval; \ + goto label; \ + } + +#define SOCK_2_TUNNEL(sock, tunnel, err, errval, label, quiet) \ + tunnel = (struct pppol2tp_tunnel *)((sock)->user_data); \ + if (!tunnel || tunnel->magic != L2TP_TUNNEL_MAGIC) { \ + if (!quiet) \ + printk(KERN_ERR "%s: %s:%d: BAD TUNNEL MAGIC " \ + "(" #sock "=%p) tunnel=%p magic=%x\n", \ + __FUNCTION__, __FILE__, __LINE__, sock, \ + tunnel, tunnel ? tunnel->magic : 0); \ + err = errval; \ + goto label; \ + } + +/* Session hash list. + * The session_id SHOULD be random according to RFC2661, but several + * L2TP implementations (Cisco and Microsoft) use incrementing + * session_ids. So we do a real hash on the session_id, rather than a + * simple bitmask. + */ +static inline struct hlist_head * +pppol2tp_session_id_hash(struct pppol2tp_tunnel *tunnel, u16 session_id) +{ + unsigned long hash_val = (unsigned long) session_id; + return &tunnel->session_hlist[hash_long(hash_val, PPPOL2TP_HASH_BITS)]; +} + +/* Lookup a session by id + */ +static struct pppol2tp_session * +pppol2tp_session_find(struct pppol2tp_tunnel *tunnel, u16 session_id) +{ + struct hlist_head *session_list = + pppol2tp_session_id_hash(tunnel, session_id); + struct hlist_node *tmp; + struct hlist_node *walk; + struct pppol2tp_session *session; + + hlist_for_each_safe(walk, tmp, session_list) { + session = hlist_entry(walk, struct pppol2tp_session, hlist); + if (session->tunnel_addr.s_session == session_id) { + return session; + } + } + + return NULL; +} + +/* Copied from socket.c + */ +static __inline__ void sockfd_put(struct socket *sock) +{ + fput(sock->file); +} + +/***************************************************************************** + * Receive data handling + *****************************************************************************/ + +/* Queue a skb in order. If the skb has no sequence number, queue it + * at the tail. + */ +static void pppol2tp_recv_queue_skb(struct pppol2tp_session *session, struct sk_buff *skb) +{ + struct sk_buff *next; + struct sk_buff *prev; + u16 ns = PPPOL2TP_SKB_CB(skb)->ns; + + ENTER_FUNCTION; + + spin_lock(&session->reorder_q.lock); + + prev = (struct sk_buff *) &session->reorder_q; + next = prev->next; + while (next != prev) { + if (PPPOL2TP_SKB_CB(next)->ns > ns) { + __skb_insert(skb, next->prev, next, next->list); + PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG, + "%s: pkt %hu, inserted before %hu, reorder_q len=%d\n", + session->name, ns, PPPOL2TP_SKB_CB(next)->ns, + skb_queue_len(&session->reorder_q)); + session->stats.rx_oos_packets++; + goto out; + } + next = next->next; + } + + __skb_queue_tail(&session->reorder_q, skb); + +out: + spin_unlock(&session->reorder_q.lock); + EXIT_FUNCTION; +} + +/* Dequeue a single skb, passing it either to ppp or to userspace. + */ +static void pppol2tp_recv_dequeue_skb(struct pppol2tp_session *session, struct sk_buff *skb) +{ + struct pppol2tp_tunnel *tunnel = session->tunnel; + int length = PPPOL2TP_SKB_CB(skb)->length; + struct sock *session_sock = NULL; + + ENTER_FUNCTION; + + /* We're about to requeue the skb, so unlink it and return resources + * to its current owner (a socket receive buffer). Also release the + * dst to force a route lookup on the inner IP packet since skb->dst + * currently points to the dst of the UDP tunnel. + */ + skb_unlink(skb); + skb_orphan(skb); + dst_release(skb->dst); + skb->dst = NULL; + +#ifdef CONFIG_NETFILTER + /* We need to forget conntrack info as we reuse the same skb. */ + nf_conntrack_put(skb->nfct); + skb->nfct = NULL; +#ifdef CONFIG_NETFILTER_DEBUG + skb->nf_debug = 0; +#endif +#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) + skb->nf_bridge = NULL; +#endif +#endif /* CONFIG_NETFILTER */ + + tunnel->stats.rx_packets++; + tunnel->stats.rx_bytes += length; + session->stats.rx_packets++; + session->stats.rx_bytes += length; + + if (PPPOL2TP_SKB_CB(skb)->has_seq) { + /* Bump our Nr */ + session->nr++; + PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG, + "%s: updated nr to %hu\n", session->name, session->nr); + } + + /* If the socket is bound, send it in to PPP's input queue. Otherwise + * queue it on the session socket. + */ + session_sock = session->sock; + if (session_sock->state & PPPOX_BOUND) { + PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG, + "%s: recv %d byte data frame, passing to ppp\n", + session->name, length); + ppp_input(&session_sock->protinfo.pppox->chan, skb); + } else { + PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_INFO, + "%s: socket not bound\n", session->name); + /* Not bound. Queue it now */ + if (sock_queue_rcv_skb(session_sock, skb) < 0) { + session->stats.rx_errors++; + kfree_skb(skb); + if (!session_sock->dead) + session_sock->data_ready(session_sock, 0); + } + } + + DPRINTK(session->debug, "calling sock_put; refcnt=%d\n", + session->sock->refcnt.counter); + sock_put(session->sock); + EXIT_FUNCTION; +} + +/* Dequeue skbs from the session's reorder_q, subject to packet order. + * Skbs that have been in the queue for too long are simply discarded. + */ +static void pppol2tp_recv_dequeue(struct pppol2tp_session *session) +{ + struct sk_buff *next; + struct sk_buff *prev; + + ENTER_FUNCTION; + + prev = (struct sk_buff *) &session->reorder_q; + spin_lock(&session->reorder_q.lock); + next = prev->next; + + /* If the pkt at the head of the queue has the nr that we + * expect to send up next, dequeue it and any other + * in-sequence packets behind it. + */ + while (next != prev) { + struct sk_buff *skb = next; + next = next->next; + spin_unlock(&session->reorder_q.lock); + + if (time_after(jiffies, PPPOL2TP_SKB_CB(skb)->expires)) { + session->stats.rx_seq_discards++; + session->stats.rx_errors++; + PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG, + "%s: oos pkt %hu len %d discarded (too old), waiting for %hu, reorder_q_len=%d\n", + session->name, PPPOL2TP_SKB_CB(skb)->ns, + PPPOL2TP_SKB_CB(skb)->length, session->nr, + skb_queue_len(&session->reorder_q)); + skb_unlink(skb); + kfree_skb(skb); + goto again; + } + + if (PPPOL2TP_SKB_CB(skb)->has_seq) { + if (PPPOL2TP_SKB_CB(skb)->ns != session->nr) { + PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG, + "%s: holding oos pkt %hu len %d, waiting for %hu, reorder_q_len=%d\n", + session->name, PPPOL2TP_SKB_CB(skb)->ns, + PPPOL2TP_SKB_CB(skb)->length, session->nr, + skb_queue_len(&session->reorder_q)); + goto out; + } + } + pppol2tp_recv_dequeue_skb(session, skb); +again: + spin_lock(&session->reorder_q.lock); + } + + spin_unlock(&session->reorder_q.lock); +out: + EXIT_FUNCTION; +} + +/* Internal receive frame. Do the real work of receiving an L2TP data frame + * here. + * Returns 0 if the packet was a data packet and was successfully passed on. + * Returns 1 if the packet was not a good data packet and could not be + * forwarded. All such packets are passed up to userspace to deal with. + */ +static int pppol2tp_recv_core(struct sock *sock, struct sk_buff *skb) +{ + struct pppol2tp_session *session = NULL; + int error = 0; + struct pppol2tp_tunnel *tunnel; + unsigned char *ptr; + u16 hdrflags; + u16 tunnel_id, session_id; + int length; + + ENTER_FUNCTION; + + SOCK_2_TUNNEL(sock, tunnel, error, 1, end, 0); + + /* Short packet? */ + if (skb->len < sizeof(struct udphdr)) { + PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_INFO, + "%s: recv short packet (len=%d)\n", tunnel->name, skb->len); + goto end; + } + + /* Point to L2TP header */ + ptr = skb->data + sizeof(struct udphdr); + + /* Get L2TP header flags */ + hdrflags = ntohs(*(u16*)ptr); + + /* Trace packet contents, if enabled */ + if (tunnel->debug & PPPOL2TP_MSG_DATA) { + printk(KERN_DEBUG "%s: recv: ", tunnel->name); + + for (length = 0; length < 16; length++) + printk(" %02X", ptr[length]); + printk("\n"); + } + + /* Get length of L2TP packet */ + length = ntohs(skb->h.uh->len) - sizeof(struct udphdr); + + /* Too short? */ + if (length < 12) { + PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_INFO, + "%s: recv short L2TP packet (len=%d)\n", tunnel->name, length); + goto end; + } + + /* If type is control packet, it is handled by userspace. */ + if (hdrflags & L2TP_HDRFLAG_T) { + PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG, + "%s: recv control packet, len=%d\n", tunnel->name, length); + goto end; + } + + /* Skip flags */ + ptr += 2; + + /* If length is present, skip it */ + if (hdrflags & L2TP_HDRFLAG_L) + ptr += 2; + + /* Extract tunnel and session ID */ + tunnel_id = ntohs(*(u16 *) ptr); + ptr += 2; + session_id = ntohs(*(u16 *) ptr); + ptr += 2; + + /* Find the session context */ + session = pppol2tp_session_find(tunnel, session_id); + if (!session) { + /* Not found? Pass to userspace to deal with */ + PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_INFO, + "%s: no socket found (%hu/%hu). Passing up.\n", + tunnel->name, tunnel_id, session_id); + goto end; + } + sock_hold(session->sock); + + DPRINTK(session->debug, "%s: socket rcvbuf alloc=%d\n", + session->name, atomic_read(&sock->rmem_alloc)); + + /* The ref count on the socket was increased by the above call since + * we now hold a pointer to the session. Take care to do sock_put() + * when exiting this function from now on... + */ + + /* Handle the optional sequence numbers. If we are the LAC, + * enable/disable sequence numbers under the control of the LNS. If + * no sequence numbers present but we were expecting them, discard + * frame. + */ + if (hdrflags & L2TP_HDRFLAG_S) { + u16 ns, nr; + ns = ntohs(*(u16 *) ptr); + ptr += 2; + nr = ntohs(*(u16 *) ptr); + ptr += 2; + + /* Received a packet with sequence numbers. If we're the LNS, + * check if we sre sending sequence numbers and if not, + * configure it so. + */ + if ((!session->lns_mode) && (!session->send_seq)) { + PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_INFO, + "%s: requested to enable seq numbers by LNS\n", + session->name); + session->send_seq = -1; + } + + /* Store L2TP info in the skb */ + PPPOL2TP_SKB_CB(skb)->ns = ns; + PPPOL2TP_SKB_CB(skb)->nr = nr; + PPPOL2TP_SKB_CB(skb)->has_seq = 1; + + PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG, + "%s: recv data ns=%hu, nr=%hu, session nr=%hu\n", + session->name, ns, nr, session->nr); + } else { + /* No sequence numbers. + * If user has configured mandatory sequence numbers, discard. + */ + if (session->recv_seq) { + PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_WARNING, + "%s: recv data has no seq numbers when required. " + "Discarding\n", session->name); + session->stats.rx_seq_discards++; + session->stats.rx_errors++; + goto discard; + } + + /* If we're the LAC and we're sending sequence numbers, the + * LNS has requested that we no longer send sequence numbers. + * If we're the LNS and we're sending sequence numbers, the + * LAC is broken. Discard the frame. + */ + if ((!session->lns_mode) && (session->send_seq)) { + PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_INFO, + "%s: requested to disable seq numbers by LNS\n", + session->name); + session->send_seq = 0; + } else if (session->send_seq) { + PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_WARNING, + "%s: recv data has no seq numbers when required. " + "Discarding\n", session->name); + session->stats.rx_seq_discards++; + session->stats.rx_errors++; + goto discard; + } + + /* Store L2TP info in the skb */ + PPPOL2TP_SKB_CB(skb)->has_seq = 0; + } + + /* If offset bit set, skip it. */ + if (hdrflags & L2TP_HDRFLAG_O) + ptr += 2 + ntohs(*(u16 *) ptr); + + skb_pull(skb, ptr - skb->data); + + /* Skip PPP header, if present. In testing, Microsoft L2TP clients + * don't send the PPP header (PPP header compression enabled), but + * other clients can include the header. So we cope with both cases + * here. The PPP header is always FF03 when using L2TP. + * + * Note that skb->data[] isn't dereferenced from a u16 ptr here since + * the field may be unaligned. + */ + if ((skb->data[0] == 0xff) && (skb->data[1] == 0x03)) + skb_pull(skb, 2); + + /* Prepare skb for adding to the session's reorder_q. Hold + * packets for max reorder_timeout or 1 second if not + * reordering. + */ + PPPOL2TP_SKB_CB(skb)->length = length; + PPPOL2TP_SKB_CB(skb)->expires = jiffies + + (session->reorder_timeout ? session->reorder_timeout : HZ); + + /* Add packet to the session's receive queue. Reordering is done here, if + * enabled. Saved L2TP protocol info is stored in skb->sb[]. + */ + if (PPPOL2TP_SKB_CB(skb)->has_seq) { + if (session->reorder_timeout != 0) { + /* Packet reordering enabled. Add skb to session's + * reorder queue, in order of ns. + */ + pppol2tp_recv_queue_skb(session, skb); + } else { + /* Packet reordering disabled. Discard out-of-sequence + * packets + */ + if (PPPOL2TP_SKB_CB(skb)->ns != session->nr) { + session->stats.rx_seq_discards++; + session->stats.rx_errors++; + PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG, + "%s: oos pkt %hu len %d discarded, waiting for %hu, reorder_q_len=%d\n", + session->name, PPPOL2TP_SKB_CB(skb)->ns, + PPPOL2TP_SKB_CB(skb)->length, session->nr, + skb_queue_len(&session->reorder_q)); + goto discard; + } + skb_queue_tail(&session->reorder_q, skb); + } + } else { + /* No sequence numbers. Add the skb to the tail of the + * reorder queue. This ensures that it will be + * delivered after all previous sequenced skbs. + */ + skb_queue_tail(&session->reorder_q, skb); + } + + /* Try to dequeue as many skbs from reorder_q as we can. */ + pppol2tp_recv_dequeue(session); + + EXIT_FUNCTION; + return 0; + +discard: + DPRINTK(session->debug, "discarding skb, len=%d\n", skb->len); + skb_unlink(skb); + kfree_skb(skb); + DPRINTK(session->debug, "calling sock_put; refcnt=%d\n", + session->sock->refcnt.counter); + sock_put(session->sock); + EXIT_FUNCTION; + return 0; + +end: + EXIT_FUNCTION; + return 1; +} + +/* The data_ready hook on the UDP socket. Scan the incoming packet list for + * packets to process. Only control or bad data packets are delivered to + * userspace. + */ +static void pppol2tp_data_ready(struct sock *sk, int len) +{ + int err; + struct pppol2tp_tunnel *tunnel; + struct sk_buff *skb; + + ENTER_FUNCTION; + SOCK_2_TUNNEL(sk, tunnel, err, -EBADF, end, 0); + + PRINTK(tunnel->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG, + "%s: received %d bytes\n", tunnel->name, len); + + skb = skb_dequeue(&sk->receive_queue); + if (pppol2tp_recv_core(sk, skb)) { + DPRINTK(tunnel->debug, "%s: packet passing to userspace\n", + tunnel->name); + skb_queue_head(&sk->receive_queue, skb); + tunnel->old_data_ready(sk, len); + } else { + DPRINTK(tunnel->debug, "%s: data packet received\n", + tunnel->name); + } +end: + EXIT_FUNCTION; + return; +} + +/* Receive message. This is the recvmsg for the PPPoL2TP socket. + */ +static int pppol2tp_recvmsg(struct socket *sock, struct msghdr *msg, int len, + int flags, struct scm_cookie *scm) +{ + int err = 0; + struct sk_buff *skb = NULL; + struct sock *sk = sock->sk; + + ENTER_FUNCTION; + + err = -EIO; + if (sock->state & PPPOX_BOUND) + goto error; + + msg->msg_namelen = 0; + + skb=skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, + flags & MSG_DONTWAIT, &err); + if (skb) { + err = memcpy_toiovec(msg->msg_iov, (unsigned char *) skb->data, + skb->len); + if (err < 0) + goto do_skb_free; + err = skb->len; + } +do_skb_free: + if (skb) + kfree_skb(skb); +error: + EXIT_FUNCTION; + return err; +} + +/************************************************************************ + * Transmit handling + ***********************************************************************/ + +/* Internal UDP socket transmission + */ +static int pppol2tp_udp_sock_send(struct pppol2tp_session *session, + struct pppol2tp_tunnel *tunnel, + struct msghdr *msg, int total_len) +{ + mm_segment_t fs; + int error; + + ENTER_FUNCTION; + + DPRINTK(session->debug, "%s: udp_sendmsg call...\n", session->name); +#ifdef DEBUG + /* Catch bad socket parameter errors */ + if (msg->msg_name) { + struct sockaddr_in * usin = (struct sockaddr_in*)msg->msg_name; + if (msg->msg_namelen < sizeof(*usin)) { + printk(KERN_ERR "msg->msg_namelen wrong, %d\n", msg->msg_namelen); + return -EINVAL; + } + if (usin->sin_family != AF_INET) { + if (usin->sin_family != AF_UNSPEC) { + printk(KERN_ERR "addr family wrong: %d\n", usin->sin_family); + return -EINVAL; + } + } + if ((usin->sin_addr.s_addr == 0) || (usin->sin_port == 0)) { + printk(KERN_ERR "udp addr=%x/%hu\n", usin->sin_addr.s_addr, usin->sin_port); + return -EINVAL; + } + } +#endif /* DEBUG */ + + /* Set to userspace data segment while we do a sendmsg() call. We're + * actually calling a userspace API from the kernel here... + */ + fs = get_fs(); + set_fs(get_ds()); + + /* The actual sendmsg() call... */ + error = tunnel->old_proto->sendmsg(session->tunnel_sock, msg, total_len); + if (error >= 0) { + tunnel->stats.tx_packets++; + tunnel->stats.tx_bytes += error; + session->stats.tx_packets++; + session->stats.tx_bytes += error; + } else { + tunnel->stats.tx_errors++; + session->stats.tx_errors++; + } + + /* Back to kernel space */ + set_fs(fs); + + DPRINTK(session->debug, "%s: %s: returning result %d\n", __FUNCTION__, + session->name, error); + kfree(msg->msg_iov); + kfree(msg); + + EXIT_FUNCTION; + return error; +} + +/* Build an L2TP header for the session into the buffer provided. + */ +static int pppol2tp_build_l2tp_header(struct pppol2tp_session *session, + void *buf) +{ + u16 *bufp = buf; + u16 flags = L2TP_HDR_VER; + + if (session->send_seq) { + flags |= L2TP_HDRFLAG_S; + } + + /* Setup L2TP header. + * FIXME: Can this ever be unaligned? Is direct dereferencing of + * 16-bit header fields safe here for all architectures? + */ + *bufp++ = htons(flags); + *bufp++ = htons(session->tunnel_addr.d_tunnel); + *bufp++ = htons(session->tunnel_addr.d_session); + if (session->send_seq) { + *bufp++ = htons(session->ns); + *bufp++ = 0; + session->ns++; + PRINTK(session->debug, PPPOL2TP_MSG_SEQ, KERN_DEBUG, + "%s: updated ns to %hu\n", session->name, session->ns); + } + /* This is the PPP header really */ + *bufp = htons(0xff03); + + return ((void *) bufp) - buf; +} + +/* This is the sendmsg for the PPPoL2TP pppol2tp_session socket. We come here + * when a user application does a sendmsg() on the session socket. L2TP and + * PPP headers must be inserted into the user's data. + */ +static int pppol2tp_sendmsg(struct socket *sock, struct msghdr *m, + int total_len, struct scm_cookie *scm) +{ + static unsigned char ppph[2] = { 0xff, 0x03 }; + struct sock *sk = sock->sk; + int error = 0; + u8 hdr[PPPOL2TP_L2TP_HDR_SIZE_SEQ]; + int hdr_len; + struct msghdr *msg; + struct pppol2tp_session *session; + struct pppol2tp_tunnel *tunnel; + + ENTER_FUNCTION; + + if (sk->dead || !(sk->state & PPPOX_CONNECTED)) { + error = -ENOTCONN; + goto end; + } + + /* Get session and tunnel contexts */ + SOCK_2_SESSION(sk, session, error, -EBADF, end, 0); + SOCK_2_TUNNEL(session->tunnel_sock, tunnel, error, -EBADF, end, 0); + + /* Setup L2TP header */ + hdr_len = pppol2tp_build_l2tp_header(session, &hdr); + + if (session->send_seq) + PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG, + "%s: send %d bytes, ns=%hu\n", session->name, + total_len, session->ns - 1); + else + PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG, + "%s: send %d bytes\n", session->name, total_len); + + if (session->debug & PPPOL2TP_MSG_DATA) { + int i, j, count; + + printk(KERN_DEBUG "%s: xmit:", session->name); + count = 0; + for (i = 0; i < m->msg_iovlen; i++) { + for (j = 0; j < m->msg_iov[i].iov_len; j++) { + printk(" %02X", ((unsigned char *) m->msg_iov[i].iov_base)[j]); + count++; + if (count == 15) { + printk(" ..."); + break; + } + } + } + printk("\n"); + } + + /* Unfortunately, there is no direct way for us to pass an skb to the + * UDP layer, we have to pretend to be sending ordinary data and use + * sendmsg. + * + * We add the L2TP and PPP headers here. To do so, we create a new + * struct msghdr and insert the headers as the first iovecs. + */ + msg = kmalloc(sizeof(struct msghdr), GFP_ATOMIC); + if (msg == NULL) { + error = -ENOBUFS; + tunnel->stats.tx_errors++; + session->stats.tx_errors++; + goto end; + } + + msg->msg_iov = kmalloc((m->msg_iovlen + 2) * sizeof(struct iovec), + GFP_ATOMIC); + if (msg->msg_iov == NULL) { + error = -ENOBUFS; + tunnel->stats.tx_errors++; + session->stats.tx_errors++; + kfree(msg); + goto end; + } + + msg->msg_iov[0].iov_base = &hdr; + msg->msg_iov[0].iov_len = hdr_len; + msg->msg_iov[1].iov_base = &ppph; + msg->msg_iov[1].iov_len = sizeof(ppph); + memcpy(&msg->msg_iov[2], &m->msg_iov[0], + m->msg_iovlen * sizeof(struct iovec)); + msg->msg_iovlen = m->msg_iovlen + 2; + + /* If the user calls sendto() that's just too bad */ + msg->msg_name = &session->tunnel_addr.addr; + msg->msg_namelen = sizeof(session->tunnel_addr.addr); + + msg->msg_control = m->msg_control; + msg->msg_controllen = m->msg_controllen; + msg->msg_flags = m->msg_flags; + + /* Do the real work. This always frees msg, regardless of whether + * there was an error + */ + error = pppol2tp_udp_sock_send(session, tunnel, msg, + total_len + hdr_len + sizeof(ppph)); + +end: + EXIT_FUNCTION; + return error; +} + + +/* Transmit function called by generic PPP driver. Sends PPP frame over + * PPPoL2TP socket. + * + * This is almost the same as pppol2tp_sendmsg(), but rather than being called + * with a msghdr from userspace, it is called with a skb from the kernel. + */ +static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb) +{ + static unsigned char ppph[2] = { 0xff, 0x03 }; + struct sock *sk = (struct sock *) chan->private; + int error = 0; + u8 hdr[PPPOL2TP_L2TP_HDR_SIZE_SEQ]; + int hdr_len; + struct msghdr *msg; + struct pppol2tp_session *session; + struct pppol2tp_tunnel *tunnel; + + ENTER_FUNCTION; + + if (sk->dead || !(sk->state & PPPOX_CONNECTED)) { + DPRINTK(-1, "dead=%d state=%x\n", sk->dead, sk->state); + error = -ENOTCONN; + goto end; + } + + /* Get session and tunnel contexts from the socket */ + SOCK_2_SESSION(sk, session, error, -EBADF, end, 0); + SOCK_2_TUNNEL(session->tunnel_sock, tunnel, error, -EBADF, end, 0); + + /* Setup L2TP header */ + hdr_len = pppol2tp_build_l2tp_header(session, &hdr); + + if (session->send_seq) + PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG, + "%s: send %d bytes, ns=%hu\n", + session->name, skb->len, session->ns - 1); + else + PRINTK(session->debug, PPPOL2TP_MSG_DATA, KERN_DEBUG, + "%s: send %d bytes\n", session->name, skb->len); + + if (session->debug & PPPOL2TP_MSG_DATA) { + int i; + + printk(KERN_DEBUG "%s: xmit:", session->name); + for (i = 0; i < skb->len; i++) { + printk(" %02X", skb->data[i]); + if (i == 15) { + printk(" ..."); + break; + } + } + printk("\n"); + } + + /* Unfortunatly there doesn't appear to be a way for us to pass an skb + * to the UDP layer, we have to pretend to be sending ordinary data + * and use sendmsg + */ + msg = kmalloc(sizeof(struct msghdr), GFP_ATOMIC); + if (msg == NULL) { + error = -ENOBUFS; + tunnel->stats.tx_errors++; + session->stats.tx_errors++; + goto end; + } + + msg->msg_iov = kmalloc(2 * sizeof(struct iovec), GFP_ATOMIC); + if (msg->msg_iov == NULL) { + error = -ENOBUFS; + tunnel->stats.tx_errors++; + session->stats.tx_errors++; + kfree(msg); + goto end; + } + msg->msg_iov[0].iov_base = &hdr; + msg->msg_iov[0].iov_len = hdr_len; + /* FIXME: do we need to handle skb fragments here? */ + msg->msg_iov[1].iov_base = &ppph; + msg->msg_iov[1].iov_len = sizeof(ppph); + msg->msg_iov[2].iov_base = skb->data; + msg->msg_iov[2].iov_len = skb->len; + msg->msg_iovlen = 3; + + /* If the user calls sendto() that's just too bad */ + msg->msg_name = &session->tunnel_addr.addr; + msg->msg_namelen = sizeof(session->tunnel_addr.addr); + + msg->msg_control = NULL; + msg->msg_controllen = 0; + msg->msg_flags = MSG_DONTWAIT; /* Need this to prevent blocking */ + + /* Do the real work. This always frees msg, regardless of whether + * there was an error + */ + error = pppol2tp_udp_sock_send(session, tunnel, msg, + skb->len + hdr_len + sizeof(ppph)); + + kfree_skb(skb); + +end: + EXIT_FUNCTION; + return error; +} + +/***************************************************************************** + * Session (and tunnel control) socket create/destroy. + *****************************************************************************/ + +/* When the tunnel UDP socket is closed, all the attached sockets need to go + * too. This handles that. + */ +static void pppol2tp_tunnel_closeall(struct pppol2tp_tunnel *tunnel) +{ + int hash; + struct hlist_node *walk; + struct hlist_node *tmp; + struct pppol2tp_session *session; + struct sock *sk; + + ENTER_FUNCTION; + + if (tunnel == NULL) + BUG(); + + PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: closing all sessions...\n", tunnel->name); + + for (hash = 0; hash < PPPOL2TP_HASH_SIZE; hash++) { + hlist_for_each_safe(walk, tmp, &tunnel->session_hlist[hash]) { + session = hlist_entry(walk, struct pppol2tp_session, hlist); + + sk = session->sock; + + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: closing session\n", session->name); + + write_lock_bh(&tunnel->hlist_lock); + hlist_del_init(&session->hlist); + write_unlock_bh(&tunnel->hlist_lock); + + sock_hold(sk); + + lock_sock(sk); + + if (sk->state & (PPPOX_CONNECTED | PPPOX_BOUND)) { + pppox_unbind_sock(sk); + sk->state = PPPOX_DEAD; + sk->state_change(sk); + } + + /* Purge any queued data */ + skb_queue_purge(&sk->receive_queue); + skb_queue_purge(&sk->write_queue); + + release_sock(sk); + + DPRINTK(session->debug, "calling sock_put; refcnt=%d\n", + sk->refcnt.counter); + sock_put(sk); + } + } + + EXIT_FUNCTION; +} + +/* Really kill the tunnel. + * Come here only when all sessions have been cleared from the tunnel. + */ +static void pppol2tp_tunnel_free(struct pppol2tp_tunnel *tunnel) +{ + struct sock *sk = tunnel->sock; + + ENTER_FUNCTION; + + /* Remove from socket list */ + list_del_init(&tunnel->list); + + sk->prot = tunnel->old_proto; + sk->data_ready = tunnel->old_data_ready; + sk->destruct = tunnel->old_sk_destruct; + sk->user_data = NULL; + + DPRINTK(tunnel->debug, "%s: MOD_DEC_USE_COUNT\n", tunnel->name); + kfree(tunnel); + MOD_DEC_USE_COUNT; + + EXIT_FUNCTION; +} + +/* Tunnel UDP socket destruct hook. + * The tunnel context is deleted only when all session sockets have been + * closed. + */ +static void pppol2tp_tunnel_destruct(struct sock *sk) +{ + struct pppol2tp_tunnel *tunnel; + int error = 0; + ENTER_FUNCTION; + + SOCK_2_TUNNEL(sk, tunnel, error, -EBADF, end, 0); + + PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: closing...\n", tunnel->name); + + pppol2tp_tunnel_closeall(tunnel); + +end: + EXIT_FUNCTION; + return; +} + +/* Really kill the socket. (Called from sock_put if refcnt == 0.) + */ +static void pppol2tp_session_destruct(struct sock *sk) +{ + struct pppol2tp_session *session = NULL; + int error = 0; + + ENTER_FUNCTION; + + if (sk->user_data != NULL) { + struct pppol2tp_tunnel *tunnel; + + SOCK_2_SESSION(sk, session, error, -EBADF, out, 0); + skb_queue_purge(&session->reorder_q); + + /* Don't use SOCK_2_TUNNEL() here to get the tunnel context + * because the tunnel socket might have already been closed + * (its sk->user_data will be NULL) so use the session's + * private tunnel ptr instead. + */ + tunnel = session->tunnel; + if (tunnel != NULL) { + if (tunnel->magic != L2TP_TUNNEL_MAGIC) { + printk(KERN_ERR "%s: %s:%d: BAD TUNNEL MAGIC " + "( tunnel=%p magic=%x )\n", + __FUNCTION__, __FILE__, __LINE__, + tunnel, tunnel->magic); + goto out; + } + } + + /* Delete tunnel context if this was the last session on the + * tunnel. This was allocated when the first session was + * created on the tunnel. See + * pppol2tp_prepare_tunnel_socket(). + */ + DPRINTK(tunnel->debug, "%s: session_count=%d\n", + tunnel->name, atomic_read(&tunnel->session_count)); + if (atomic_dec_and_test(&tunnel->session_count)) { + pppol2tp_tunnel_free(tunnel); + } + } + + if (session != NULL) + DPRINTK(session->debug, "%s: MOD_DEC_USE_COUNT\n", session->name); + + if (sk->protinfo.pppox) + kfree(sk->protinfo.pppox); + + if (session != NULL) + kfree(session); + MOD_DEC_USE_COUNT; + +out: + EXIT_FUNCTION; +} + +/* Called when the PPPoX socket (session) is closed. + */ +static int pppol2tp_release(struct socket *sock) +{ + struct sock *sk = sock->sk; + struct pppol2tp_session *session = NULL; + struct pppol2tp_tunnel *tunnel; + int error = 0; + ENTER_FUNCTION; + + if (!sk) + return 0; + + if (sk->dead != 0) + return -EBADF; + + if (sk->user_data) { /* Was this socket actually connected? */ + SOCK_2_SESSION(sk, session, error, -EBADF, end, 0); + + /* Don't use SOCK_2_TUNNEL() here to get the tunnel context + * because the tunnel socket might have already been closed + * (its sk->user_data will be NULL) so use the session's + * private tunnel ptr instead. + */ + tunnel = session->tunnel; + if (tunnel != NULL) { + if (tunnel->magic == L2TP_TUNNEL_MAGIC) { + /* Delete the session socket from the hash */ + write_lock_bh(&tunnel->hlist_lock); + hlist_del_init(&session->hlist); + write_unlock_bh(&tunnel->hlist_lock); + } else { + printk(KERN_ERR "%s: %s:%d: BAD TUNNEL MAGIC " + "( tunnel=%p magic=%x )\n", + __FUNCTION__, __FILE__, __LINE__, + tunnel, tunnel->magic); + goto end; + } + } + } + + lock_sock(sk); + + if (sk->state & (PPPOX_CONNECTED | PPPOX_BOUND)) + pppox_unbind_sock(sk); + + /* Signal the death of the socket. */ + sk->state = PPPOX_DEAD; + sock_orphan(sk); + sock->sk = NULL; + + /* Purge any queued data */ + skb_queue_purge(&sk->receive_queue); + skb_queue_purge(&sk->write_queue); + + release_sock(sk); + + if (session != NULL) + DPRINTK(session->debug, "calling sock_put; refcnt=%d\n", + session->sock->refcnt.counter); + sock_put(sk); + +end: + EXIT_FUNCTION; + return error; +} + +/* Copied from fget() in fs/file_table.c. + * Allows caller to specify the pid that owns the fd. + */ +static struct file *pppol2tp_fget(pid_t pid, unsigned int fd) +{ + struct file *file; + struct files_struct *files = current->files; + + if (pid != 0) { + struct task_struct *tsk = find_task_by_pid(pid); + if (tsk == NULL) + return NULL; + files = tsk->files; + } + + spin_lock(&files->file_lock); + file = fcheck_files(files, fd); + if (file) + get_file(file); + spin_unlock(&files->file_lock); + return file; +} + +/* Copied from net/socket.c */ +extern __inline__ struct socket *socki_lookup(struct inode *inode) +{ + return &inode->u.socket_i; +} + +/* Copied from sockfd_lookup() in net/socket.c. + * Allows caller to specify the pid that owns the fd. + */ +static struct socket *pppol2tp_sockfd_lookup(pid_t pid, int fd, int *err) +{ + struct file *file; + struct inode *inode; + struct socket *sock; + + if (!(file = pppol2tp_fget(pid, fd))) { + *err = -EBADF; + return NULL; + } + + inode = file->f_dentry->d_inode; + if (!inode->i_sock || !(sock = socki_lookup(inode))) { + *err = -ENOTSOCK; + fput(file); + return NULL; + } + + if (sock->file != file) { + printk(KERN_ERR "socki_lookup: socket file changed!\n"); + sock->file = file; + } + return sock; +} + +/* Internal function to prepare a tunnel (UDP) socket to have PPPoX sockets + * attached to it + */ +static struct sock *pppol2tp_prepare_tunnel_socket(pid_t pid, int fd, + u16 tunnel_id, int *error) +{ + int err; + struct socket *sock = NULL; + struct sock *sk; + struct pppol2tp_tunnel *tunnel; + struct sock *ret = NULL; + + ENTER_FUNCTION; + + /* Get the socket from the fd */ + err = -EBADF; + sock = pppol2tp_sockfd_lookup(pid, fd, &err); + if (!sock) { + PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_ERR, + "tunl %hu: sockfd_lookup(fd=%d) returned %d\n", + tunnel_id, fd, err); + goto err; + } + + /* Quick sanity checks */ + err = -ESOCKTNOSUPPORT; + if (sock->type != SOCK_DGRAM) { + PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_ERR, + "tunl %hu: fd %d wrong type, got %d, expected %d\n", + tunnel_id, fd, sock->type, SOCK_DGRAM); + goto err; + } + err = -EAFNOSUPPORT; + if (sock->ops->family!=AF_INET) { + PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_ERR, + "tunl %hu: fd %d wrong family, got %d, expected %d\n", + tunnel_id, fd, sock->ops->family, AF_INET); + goto err; + } + + err = -ENOTCONN; + sk = sock->sk; + + /* Check if this socket has already been prepped */ + tunnel = (struct pppol2tp_tunnel *)sk->user_data; + if (tunnel != NULL) { + /* User-data field already set */ + err = -EBUSY; + if (tunnel->magic != L2TP_TUNNEL_MAGIC) { + printk(KERN_ERR "%s: %s:%d: BAD TUNNEL MAGIC " + "( tunnel=%p magic=%x )\n", + __FUNCTION__, __FILE__, __LINE__, + tunnel, tunnel->magic); + goto err; + } + + /* This socket has already been prepped */ + ret = tunnel->sock; + goto out; + } + + /* This socket is available and needs prepping. Create a new tunnel + * context and init it. + */ + sk->user_data = tunnel = kmalloc(sizeof(struct pppol2tp_tunnel), GFP_KERNEL); + if (sk->user_data == NULL) { + err = -ENOMEM; + goto err; + } + + memset(tunnel, 0, sizeof(struct pppol2tp_tunnel)); + + tunnel->magic = L2TP_TUNNEL_MAGIC; + sprintf(&tunnel->name[0], "tunl %hu", tunnel_id); + + tunnel->stats.tunnel_id = tunnel_id; + + tunnel->debug = PPPOL2TP_DEFAULT_DEBUG_FLAGS; + + DPRINTK(tunnel->debug, "tunl %hu: allocated tunnel=%p, sk=%p, sock=%p\n", + tunnel_id, tunnel, sk, sock); + + /* Setup the new protocol stuff */ + tunnel->old_proto = sk->prot; + tunnel->l2tp_proto = *sk->prot; + + sk->prot = &tunnel->l2tp_proto; + + tunnel->old_data_ready = sk->data_ready; + sk->data_ready = &pppol2tp_data_ready; + + tunnel->old_sk_destruct = sk->destruct; + sk->destruct = &pppol2tp_tunnel_destruct; + + tunnel->sock = sk; + sk->allocation = GFP_ATOMIC; + + rwlock_init(&tunnel->hlist_lock); + + /* Add tunnel to our list */ + INIT_LIST_HEAD(&tunnel->list); + list_add(&tunnel->list, &pppol2tp_tunnel_list); + + ret = tunnel->sock; + + MOD_INC_USE_COUNT; + DPRINTK(-1, "tunl %hu: MOD_INC_USE_COUNT\n", tunnel_id); + + *error = 0; +out: + if (sock) + sockfd_put(sock); + EXIT_FUNCTION; + + return ret; + +err: + *error = err; + goto out; +} + +/* socket() handler. Initialize a new struct sock. + */ +static int pppol2tp_create(struct socket *sock) +{ + int error = 0; + struct sock *sk; + + ENTER_FUNCTION; + DPRINTK(-1, "sock=%p\n", sock); + + sk = sk_alloc(PF_PPPOX, GFP_KERNEL, 1); + if (!sk) + return -ENOMEM; + + MOD_INC_USE_COUNT; + DPRINTK(-1, "MOD_INC_USE_COUNT\n"); + + sock_init_data(sock, sk); + + sock->state = SS_UNCONNECTED; + sock->ops = &pppol2tp_ops; + + sk->protocol = PX_PROTO_OL2TP; + sk->family = PF_PPPOX; + + sk->next = NULL; + sk->pprev = NULL; + sk->state = PPPOX_NONE; + sk->type = SOCK_STREAM; + sk->destruct = pppol2tp_session_destruct; + sk->backlog_rcv = pppol2tp_recv_core; + + sk->protinfo.pppox = kmalloc(sizeof(struct pppox_opt), GFP_KERNEL); + if (!sk->protinfo.pppox) { + error = -ENOMEM; + goto free_sk; + } + + memset((void *) sk->protinfo.pppox, 0, sizeof(struct pppox_opt)); + sk->protinfo.pppox->sk = sk; + + sock->sk = sk; + + EXIT_FUNCTION; + return 0; + +free_sk: + sk_free(sk); + EXIT_FUNCTION; + return error; +} + +/* connect() handler.. Attach a PPPoX socket to a tunnel UDP socket + */ +int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr, + int sockaddr_len, int flags) +{ + struct sock *sk = sock->sk; + struct sockaddr_pppol2tp *sp = (struct sockaddr_pppol2tp *) uservaddr; + struct pppox_opt *po = sk->protinfo.pppox; + struct sock *tunnel_sock = NULL; + struct pppol2tp_session *session = NULL; + struct pppol2tp_tunnel *tunnel; + struct dst_entry *dst; + int error = 0; + + ENTER_FUNCTION; + + DPRINTK(-1, "sock=%p, uservaddr=%p, sockaddr_len=%d, flags=%d, addr=%x/%hu\n", + sock, uservaddr, sockaddr_len, flags, + ntohl(sp->pppol2tp.addr.sin_addr.s_addr), ntohs(sp->pppol2tp.addr.sin_port)); + lock_sock(sk); + + error = -EINVAL; + if (sp->sa_protocol != PX_PROTO_OL2TP) + goto end; + + /* Check for already bound sockets */ + error = -EBUSY; + if (sk->state & PPPOX_CONNECTED) + goto end; + + /* We don't supporting rebinding anyway */ + if (sk->user_data) + goto end; /* socket is already attached */ + + /* Don't bind if s_tunnel is 0 */ + error = -EINVAL; + if (sp->pppol2tp.s_tunnel == 0) + goto end; + + /* Look up the tunnel socket and configure it if necessary */ + tunnel_sock = pppol2tp_prepare_tunnel_socket(sp->pppol2tp.pid, + sp->pppol2tp.fd, + sp->pppol2tp.s_tunnel, + &error); + if (tunnel_sock == NULL) + goto end; + tunnel = tunnel_sock->user_data; + + /* Allocate and initialize a new session context. + */ + session = kmalloc(sizeof(struct pppol2tp_session), GFP_KERNEL); + if (session == NULL) { + error = -ENOMEM; + goto end; + } + + memset(session, 0, sizeof(struct pppol2tp_session)); + + skb_queue_head_init(&session->reorder_q); + + session->magic = L2TP_SESSION_MAGIC; + session->owner = current->pid; + session->sock = sk; + session->tunnel = tunnel; + session->tunnel_sock = tunnel_sock; + session->tunnel_addr = sp->pppol2tp; + sprintf(&session->name[0], "sess %hu/%hu", + session->tunnel_addr.s_tunnel, + session->tunnel_addr.s_session); + + session->stats.tunnel_id = session->tunnel_addr.s_tunnel; + session->stats.session_id = session->tunnel_addr.s_session; + + INIT_HLIST_NODE(&session->hlist); + + session->debug = PPPOL2TP_DEFAULT_DEBUG_FLAGS; + + /* Default MTU must allow space for UDP/L2TP/PPP + * headers. Leave some slack. + */ + session->mtu = session->mru = 1500 - PPPOL2TP_HEADER_OVERHEAD; + + /* If PMTU discovery was enabled, use the MTU that was discovered */ + dst = sk_dst_get(sk); + if (dst != NULL) { + u32 pmtu = dst_pmtu(dst); + if (pmtu != 0) { + session->mtu = session->mru = pmtu - + PPPOL2TP_HEADER_OVERHEAD; + DPRINTK(session->debug, + "%s: MTU set by Path MTU discovery: mtu=%d\n", + session->name, session->mtu); + } + dst_release(dst); + } + + /* Special case: if source & dest session_id == 0x0000, this socket is + * being created to manage the tunnel. Don't add the session to the + * session hash list, just set up the internal context for use by + * ioctl() and sockopt() handlers. + */ + if ((session->tunnel_addr.s_session == 0) && + (session->tunnel_addr.d_session == 0)) { + error = 0; + DPRINTK(session->debug, + "tunl %hu: socket created for tunnel mgmt ops\n", + session->tunnel_addr.s_tunnel); + sk->user_data = session; + goto out_no_ppp; + } + + DPRINTK(session->debug, "%s: allocated session=%p, sock=%p, owner=%d\n", + session->name, session, sk, session->owner); + + /* Add session to the tunnel's hash list */ + SOCK_2_TUNNEL(tunnel_sock, tunnel, error, -EBADF, end, 0); + write_lock_bh(&tunnel->hlist_lock); + hlist_add_head(&session->hlist, + pppol2tp_session_id_hash(tunnel, + session->tunnel_addr.s_session)); + write_unlock_bh(&tunnel->hlist_lock); + + /* This is how we get the session context from the socket. */ + sk->user_data = session; + + /* We don't store any more options in the pppox_opt, everything is in + * user_data (struct pppol2tp_session) + */ + po->sk = sk; + + /* Right now, because we don't have a way to push the incoming skb's + * straight through the UDP layer, the only header we need to worry + * about is the L2TP header. This size is different depending on + * whether sequence numbers are enabled for the data channel. + */ + po->chan.hdrlen = PPPOL2TP_L2TP_HDR_SIZE_NOSEQ; + + po->chan.private = sk; + po->chan.ops = &pppol2tp_chan_ops; + po->chan.mtu = session->mtu; + + error = ppp_register_channel(&po->chan); + if (error) + goto end; + +out_no_ppp: + atomic_inc(&tunnel->session_count); + sk->state = PPPOX_CONNECTED; + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: created\n", session->name); + +end: + release_sock(sk); + + if (error != 0) + PRINTK(session ? session->debug : -1, PPPOL2TP_MSG_CONTROL, + KERN_WARNING, "%s: connect failed: %d\n", session->name, + error); + + EXIT_FUNCTION; + + return error; +} + +/* getname() support. + */ +static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr, + int *usockaddr_len, int peer) +{ + int len = sizeof(struct sockaddr_pppol2tp); + struct sockaddr_pppol2tp sp; + int error = 0; + struct pppol2tp_session *session; + + ENTER_FUNCTION; + + error = -ENOTCONN; + if (sock->sk->state != PPPOX_CONNECTED) + goto end; + + SOCK_2_SESSION(sock->sk, session, error, -EBADF, end, 0); + + sp.sa_family = AF_PPPOX; + sp.sa_protocol = PX_PROTO_OL2TP; + memcpy(&sp.pppol2tp, &session->tunnel_addr, + sizeof(struct pppol2tp_addr)); + + memcpy(uaddr, &sp, len); + + *usockaddr_len = len; + + error = 0; +end: + EXIT_FUNCTION; + return error; +} + +/**************************************************************************** + * ioctl() handlers. + * + * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP + * sockets. However, in order to control kernel tunnel features, we allow + * userspace to create a special "tunnel" PPPoX socket which is used for + * control only. Tunnel PPPoX sockets have session_id == 0 and simply allow + * the user application to issue L2TP setsockopt(), getsockopt() and ioctl() + * calls. + ****************************************************************************/ + +/* Session ioctl helper. + */ +static int pppol2tp_session_ioctl(struct pppol2tp_session *session, + unsigned int cmd, unsigned long arg) +{ + struct ifreq ifr; + int err = 0; + struct sock *sk = session->sock; + int val = (int) arg; + + sock_hold(sk); + + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_DEBUG, + "%s: pppol2tp_session_ioctl(cmd=%#x, arg=%#lx)\n", + session->name, cmd, arg); + + switch (cmd) { + case SIOCGIFMTU: + err = -ENXIO; + if (!(sk->state & PPPOX_CONNECTED)) + break; + + err = -EFAULT; + if (copy_from_user(&ifr, (void *) arg, sizeof(struct ifreq))) + break; + ifr.ifr_mtu = session->mtu; + if (copy_to_user((void *) arg, &ifr, sizeof(struct ifreq))) + break; + + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: get mtu=%d\n", session->name, session->mtu); + err = 0; + break; + + case SIOCSIFMTU: + err = -ENXIO; + if (!(sk->state & PPPOX_CONNECTED)) + break; + + err = -EFAULT; + if (copy_from_user(&ifr, (void *) arg, sizeof(struct ifreq))) + break; + + session->mtu = ifr.ifr_mtu; +; + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: set mtu=%d\n", session->name, session->mtu); + err = 0; + break; + + case PPPIOCGMRU: + err = -ENXIO; + if (!(sk->state & PPPOX_CONNECTED)) + break; + + err = -EFAULT; + if (put_user(session->mru, (int *) arg)) + break; + + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: get mru=%d\n", session->name, session->mru); + err = 0; + break; + + case PPPIOCSMRU: + err = -ENXIO; + if (!(sk->state & PPPOX_CONNECTED)) + break; + + err = -EFAULT; + if (get_user(val,(int *) arg)) + break; + + session->mru = val; + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: set mru=%d\n", session->name, session->mru); + err = 0; + break; + + case PPPIOCGFLAGS: + err = -EFAULT; + if (put_user(session->flags, (int *) arg)) + break; + + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: get flags=%d\n", session->name, session->flags); + err = 0; + break; + + case PPPIOCSFLAGS: + err = -EFAULT; + if (get_user(val, (int *) arg)) + break; + session->flags = val; + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: set flags=%d\n", session->name, session->flags); + err = 0; + break; + + case PPPIOCGL2TPSTATS: + err = -ENXIO; + + if (!(sk->state & PPPOX_CONNECTED)) + break; + + if (copy_to_user((void *) arg, &session->stats, + sizeof(session->stats))) + break; + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: get L2TP stats\n", session->name); + err = 0; + break; + + default: + err = -ENOSYS; + break; + } + + sock_put(sk); + + return err; +} + +/* Tunnel ioctl helper. + * + * Note the special handling for PPPIOCGL2TPSTATS below. If the ioctl data + * specifies a session_id, the session ioctl handler is called. This allows an + * application to retrieve session stats via a tunnel socket. + */ +static int pppol2tp_tunnel_ioctl(struct pppol2tp_tunnel *tunnel, + unsigned int cmd, unsigned long arg) +{ + int err = 0; + struct sock *sk = tunnel->sock; + struct pppol2tp_ioc_stats stats_req; + + sock_hold(sk); + + PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_DEBUG, + "%s: pppol2tp_tunnel_ioctl(cmd=%#x, arg=%#lx)\n", tunnel->name, + cmd, arg); + + switch (cmd) { + case PPPIOCGL2TPSTATS: + err = -ENXIO; + + if (!(sk->state & PPPOX_CONNECTED)) + break; + + if (copy_from_user(&stats_req, (void *) arg, + sizeof(stats_req))) { + err = -EFAULT; + break; + } + if (stats_req.session_id != 0) { + /* resend to session ioctl handler */ + struct pppol2tp_session *session = + pppol2tp_session_find(tunnel, stats_req.session_id); + if (session != NULL) + err = pppol2tp_session_ioctl(session, cmd, arg); + else + err = -EBADR; + break; + } + if (copy_to_user((void *) arg, &tunnel->stats, + sizeof(tunnel->stats))) { + err = -EFAULT; + break; + } + PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: get L2TP stats\n", tunnel->name); + err = 0; + break; + + default: + err = -ENOSYS; + break; + } + + sock_put(sk); + + return err; +} + +/* Main ioctl() handler. + * Dispatch to tunnel or session helpers depending on the socket. + */ +static int pppol2tp_ioctl(struct socket *sock, unsigned int cmd, + unsigned long arg) +{ + struct sock *sk = sock->sk; + struct pppol2tp_session *session; + struct pppol2tp_tunnel *tunnel; + int err = 0; + + ENTER_FUNCTION; + + if (!sk) + return 0; + + if (sk->dead != 0) + return -EBADF; + + if ((sk->user_data == NULL) || + (!(sk->state & (PPPOX_CONNECTED | PPPOX_BOUND)))) { + err = -ENOTCONN; + DPRINTK(-1, "ioctl: socket %p not connected.\n", sk); + goto end; + } + + SOCK_2_SESSION(sk, session, err, -EBADF, end, 0); + SOCK_2_TUNNEL(session->tunnel_sock, tunnel, err, -EBADF, end, 1); + + /* Special case: if session's session_id is zero, treat ioctl as a + * tunnel ioctl + */ + if ((session->tunnel_addr.s_session == 0) && + (session->tunnel_addr.d_session == 0)) { + err = pppol2tp_tunnel_ioctl(tunnel, cmd, arg); + goto end; + } + + err = pppol2tp_session_ioctl(session, cmd, arg); + +end: + EXIT_FUNCTION; + return err; +} + +/***************************************************************************** + * setsockopt() / getsockopt() support. + * + * The PPPoX socket is created for L2TP sessions: tunnels have their own UDP + * sockets. In order to control kernel tunnel features, we allow userspace to + * create a special "tunnel" PPPoX socket which is used for control only. + * Tunnel PPPoX sockets have session_id == 0 and simply allow the user + * application to issue L2TP setsockopt(), getsockopt() and ioctl() calls. + *****************************************************************************/ + +/* Tunnel setsockopt() helper. + */ +static int pppol2tp_tunnel_setsockopt(struct sock *sk, + struct pppol2tp_tunnel *tunnel, + int optname, int val) +{ + int err = 0; + + switch (optname) { + case PPPOL2TP_SO_DEBUG: + tunnel->debug = val; + PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: set debug=%x\n", tunnel->name, tunnel->debug); + break; + + default: + err = -ENOPROTOOPT; + break; + } + + return err; +} + +/* Session setsockopt helper. + */ +static int pppol2tp_session_setsockopt(struct sock *sk, + struct pppol2tp_session *session, + int optname, int val) +{ + int err = 0; + + switch (optname) { + case PPPOL2TP_SO_RECVSEQ: + if ((val != 0) && (val != 1)) { + err = -EINVAL; + break; + } + session->recv_seq = val ? -1 : 0; + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: set recv_seq=%d\n", session->name, + session->recv_seq); + break; + + case PPPOL2TP_SO_SENDSEQ: + if ((val != 0) && (val != 1)) { + err = -EINVAL; + break; + } + session->send_seq = val ? -1 : 0; + { + /* FIXME: is it safe to change the ppp channel's + * hdrlen on the fly? + */ + struct sock *sk = session->sock; + struct pppox_opt *po = sk->protinfo.pppox; + po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ : + PPPOL2TP_L2TP_HDR_SIZE_NOSEQ; + } + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: set send_seq=%d\n", session->name, session->send_seq); + break; + + case PPPOL2TP_SO_LNSMODE: + if ((val != 0) && (val != 1)) { + err = -EINVAL; + break; + } + session->lns_mode = val ? -1 : 0; + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: set lns_mode=%d\n", session->name, + session->lns_mode); + break; + + case PPPOL2TP_SO_DEBUG: + session->debug = val; + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: set debug=%x\n", session->name, session->debug); + break; + + case PPPOL2TP_SO_REORDERTO: + session->reorder_timeout = MS_TO_JIFFIES(val); + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: set reorder_timeout=%d\n", session->name, + session->reorder_timeout); + break; + + default: + err = -ENOPROTOOPT; + break; + } + + return err; +} + +/* Main setsockopt() entry point. + * Does API checks, then calls either the tunnel or session setsockopt + * handler, according to whether the PPPoL2TP socket is a for a regular + * session or the special tunnel type. + */ +static int pppol2tp_setsockopt(struct socket *sock, int level, int optname, + char *optval, int optlen) +{ + struct sock *sk = sock->sk; + struct pppol2tp_session *session = sk->user_data; + struct pppol2tp_tunnel *tunnel; + int val; + int err = 0; + + if (level != SOL_PPPOL2TP) + return udp_prot.setsockopt(sk, level, optname, optval, optlen); + + if (optlenuser_data == NULL) { + err = -ENOTCONN; + DPRINTK(-1, "setsockopt: socket %p not connected.\n", sk); + goto end; + } + + SOCK_2_SESSION(sk, session, err, -EBADF, end, 0); + SOCK_2_TUNNEL(session->tunnel_sock, tunnel, err, -EBADF, end, 1); + + lock_sock(sk); + + /* Special case: if session_id == 0x0000, treat as operation on tunnel + */ + if ((session->tunnel_addr.s_session == 0) && + (session->tunnel_addr.d_session == 0)) + err = pppol2tp_tunnel_setsockopt(sk, tunnel, optname, val); + else + err = pppol2tp_session_setsockopt(sk, session, optname, val); + + release_sock(sk); +end: + return err; +} + +/* Tunnel getsockopt helper. + */ +static int pppol2tp_tunnel_getsockopt(struct sock *sk, + struct pppol2tp_tunnel *tunnel, + int optname, int *val) +{ + int err = 0; + + switch (optname) { + case PPPOL2TP_SO_DEBUG: + *val = tunnel->debug; + PRINTK(tunnel->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: get debug=%x\n", tunnel->name, tunnel->debug); + break; + + default: + err = -ENOPROTOOPT; + break; + } + + return err; +} + +/* Session getsockopt helper. + */ +static int pppol2tp_session_getsockopt(struct sock *sk, + struct pppol2tp_session *session, + int optname, int *val) +{ + int err = 0; + + switch (optname) { + case PPPOL2TP_SO_RECVSEQ: + *val = session->recv_seq; + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: get recv_seq=%d\n", session->name, *val); + break; + + case PPPOL2TP_SO_SENDSEQ: + *val = session->send_seq; + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: get send_seq=%d\n", session->name, *val); + break; + + case PPPOL2TP_SO_LNSMODE: + *val = session->lns_mode; + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: get lns_mode=%d\n", session->name, *val); + break; + + case PPPOL2TP_SO_DEBUG: + *val = session->debug; + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: get debug=%d\n", session->name, *val); + break; + + case PPPOL2TP_SO_REORDERTO: + *val = JIFFIES_TO_MS(session->reorder_timeout); + PRINTK(session->debug, PPPOL2TP_MSG_CONTROL, KERN_INFO, + "%s: get reorder_timeout=%d\n", session->name, *val); + break; + + default: + err = -ENOPROTOOPT; + } + + return err; +} + +/* Main getsockopt() entry point. + * Does API checks, then calls either the tunnel or session getsockopt + * handler, according to whether the PPPoX socket is a for a regular session + * or the special tunnel type. + */ +static int pppol2tp_getsockopt(struct socket *sock, int level, + int optname, char *optval, int *optlen) +{ + struct sock *sk = sock->sk; + struct pppol2tp_session *session = sk->user_data; + struct pppol2tp_tunnel *tunnel; + int val, len; + int err = 0; + + if (level != SOL_PPPOL2TP) + return udp_prot.getsockopt(sk, level, optname, optval, optlen); + + if (get_user(len,optlen)) + return -EFAULT; + + len = min_t(unsigned int, len, sizeof(int)); + + if (len < 0) + return -EINVAL; + + if (sk->user_data == NULL) { + err = -ENOTCONN; + DPRINTK(-1, "getsockopt: socket %p not connected.\n", sk); + goto end; + } + + /* Get the session and tunnel contexts */ + SOCK_2_SESSION(sk, session, err, -EBADF, end, 0); + SOCK_2_TUNNEL(session->tunnel_sock, tunnel, err, -EBADF, end, 1); + + /* Special case: if session_id == 0x0000, treat as operation on tunnel */ + if ((session->tunnel_addr.s_session == 0) && + (session->tunnel_addr.d_session == 0)) + err = pppol2tp_tunnel_getsockopt(sk,tunnel, optname, &val); + else + err = pppol2tp_session_getsockopt(sk,session, optname, &val); + + if (put_user(len, optlen)) + return -EFAULT; + + if (copy_to_user(optval, &val, len)) + return -EFAULT; + +end: + return err; +} + +/***************************************************************************** + * /proc filesystem for debug + *****************************************************************************/ + +#ifdef CONFIG_PROC_FS + +#include + +static int pppol2tp_proc_open(struct inode *inode, struct file *file); +static void *pppol2tp_proc_start(struct seq_file *m, loff_t *_pos); +static void *pppol2tp_proc_next(struct seq_file *p, void *v, loff_t *pos); +static void pppol2tp_proc_stop(struct seq_file *p, void *v); +static int pppol2tp_proc_show(struct seq_file *m, void *v); + +static struct proc_dir_entry *pppol2tp_proc; + +static struct seq_operations pppol2tp_proc_ops = { + .start = pppol2tp_proc_start, + .next = pppol2tp_proc_next, + .stop = pppol2tp_proc_stop, + .show = pppol2tp_proc_show, +}; + +static struct file_operations pppol2tp_proc_fops = { + .open = pppol2tp_proc_open, + .read = seq_read, + .llseek = seq_lseek, + .release = seq_release, +}; + + +#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,4,26)) +static inline struct proc_dir_entry *PDE(const struct inode *inode) +{ + return (struct proc_dir_entry *)inode->u.generic_ip; +} +#endif + +static int pppol2tp_proc_open(struct inode *inode, struct file *file) +{ + struct seq_file *m; + int ret = 0; + + ENTER_FUNCTION; + ret = seq_open(file, &pppol2tp_proc_ops); + if (ret < 0) + goto out; + + m = file->private_data; + m->private = PDE(inode)->data; + +out: + EXIT_FUNCTION; + return ret; +} + +static void *pppol2tp_proc_start(struct seq_file *m, loff_t *_pos) +{ + struct pppol2tp_tunnel *tunnel = NULL; + loff_t pos = *_pos; + struct list_head *walk; + struct list_head *tmp; + + ENTER_FUNCTION; + + /* allow for the header line */ + if (!pos) { + tunnel = (void *)1; + goto out; + } + pos--; + + /* find the n'th element in the list */ + list_for_each_safe(walk, tmp, &pppol2tp_tunnel_list) { + tunnel = list_entry(walk, struct pppol2tp_tunnel, list); + if (!pos--) { + sock_hold(tunnel->sock); + goto out; + } + } + tunnel = NULL; + +out: + EXIT_FUNCTION; + + return tunnel; +} + +static void *pppol2tp_proc_next(struct seq_file *p, void *v, loff_t *pos) +{ + struct pppol2tp_tunnel *tunnel = v; + struct list_head *tmp; + struct list_head *list; + + ENTER_FUNCTION; + + (*pos)++; + + if (v == (void *)1) + list = &pppol2tp_tunnel_list; + else + list = &tunnel->list; + + tmp = list->next; + if (tmp == &pppol2tp_tunnel_list) + tunnel = NULL; + else + tunnel = list_entry(tmp, struct pppol2tp_tunnel, list); + + EXIT_FUNCTION; + + return tunnel; +} + +static void pppol2tp_proc_stop(struct seq_file *p, void *v) +{ + struct pppol2tp_tunnel *tunnel = v; + + ENTER_FUNCTION; + + if (tunnel != NULL) + sock_put(tunnel->sock); + + EXIT_FUNCTION; +} + +static int pppol2tp_proc_show(struct seq_file *m, void *v) +{ + struct pppol2tp_tunnel *tunnel = v; + struct pppol2tp_session *session; + struct hlist_node *walk; + struct hlist_node *tmp; + int i; + + ENTER_FUNCTION; + + /* display header on line 1 */ + if (v == (void *)1) { + seq_puts(m, "PPPoL2TP driver info, " PPPOL2TP_DRV_VERSION "\n"); + seq_puts(m, "TUNNEL name, user-data-ok " + "session-count magic-ok\n"); + seq_puts(m, " debug tx-pkts/bytes/errs rx-pkts/bytes/errs\n"); + seq_puts(m, " SESSION name, addr/port src-tid/sid " + "dest-tid/sid state user-data-ok magic-ok\n"); + seq_puts(m, " mtu/mru/rcvseq/sendseq/lns debug reorderto\n"); + seq_puts(m, " nr/ns tx-pkts/bytes/errs rx-pkts/bytes/errs\n"); + goto out; + } + + seq_printf(m, "TUNNEL '%s', %c %d MAGIC %s\n", + tunnel->name, + (tunnel == tunnel->sock->user_data) ? 'Y':'N', + atomic_read(&tunnel->session_count), + (tunnel->magic == L2TP_TUNNEL_MAGIC) ? "OK" : "BAD"); + seq_printf(m, " %08x %llu/%llu/%llu %llu/%llu/%llu\n", + tunnel->debug, + tunnel->stats.tx_packets, tunnel->stats.tx_bytes, + tunnel->stats.tx_errors, + tunnel->stats.rx_packets, tunnel->stats.rx_bytes, + tunnel->stats.rx_errors); + + if (tunnel->magic != L2TP_TUNNEL_MAGIC) { + seq_puts(m, "*** Aborting ***\n"); + goto out; + } + + for (i = 0; i < PPPOL2TP_HASH_SIZE; i++) { + hlist_for_each_safe(walk, tmp, &tunnel->session_hlist[i]) { + session = hlist_entry(walk, struct pppol2tp_session, hlist); + seq_printf(m, " SESSION '%s' %08X/%d %04X/%04X -> " + "%04X/%04X %d %c MAGIC %s\n", + session->name, + htonl(session->tunnel_addr.addr.sin_addr.s_addr), + htons(session->tunnel_addr.addr.sin_port), + session->tunnel_addr.s_tunnel, + session->tunnel_addr.s_session, + session->tunnel_addr.d_tunnel, + session->tunnel_addr.d_session, + session->sock->state, + (session == session->sock->user_data) ? + 'Y' : 'N', + (session->magic == L2TP_SESSION_MAGIC) ? + "OK" : "BAD"); + + seq_printf(m, " %d/%d/%c/%c/%s %08x %d\n", + session->mtu, session->mru, + session->recv_seq ? 'R' : '-', + session->send_seq ? 'S' : '-', + session->lns_mode ? "LNS" : "LAC", + session->debug, + JIFFIES_TO_MS(session->reorder_timeout)); + seq_printf(m, " %hu/%hu %llu/%llu/%llu %llu/%llu/%llu\n", + session->nr, session->ns, + session->stats.tx_packets, + session->stats.tx_bytes, + session->stats.tx_errors, + session->stats.rx_packets, + session->stats.rx_bytes, + session->stats.rx_errors); + + if (session->magic != L2TP_SESSION_MAGIC) { + seq_puts(m, "*** Aborting ***\n"); + goto out; + } + } + } +out: + seq_puts(m, "\n"); + + EXIT_FUNCTION; + + return 0; +} + +#endif /* CONFIG_PROC_FS */ + +/***************************************************************************** + * Init and cleanup + *****************************************************************************/ + +static struct proto_ops pppol2tp_ops = { + .family = AF_PPPOX, + .release = pppol2tp_release, + .bind = sock_no_bind, + .connect = pppol2tp_connect, + .socketpair = sock_no_socketpair, + .accept = sock_no_accept, + .getname = pppol2tp_getname, + .poll = datagram_poll, + .listen = sock_no_listen, + .shutdown = sock_no_shutdown, + .setsockopt = pppol2tp_setsockopt, + .getsockopt = pppol2tp_getsockopt, + .sendmsg = pppol2tp_sendmsg, + .recvmsg = pppol2tp_recvmsg, + .mmap = sock_no_mmap +}; + +struct pppox_proto pppol2tp_proto = { + .create = pppol2tp_create, + .ioctl = pppol2tp_ioctl +}; + +int __init pppol2tp_init(void) +{ + int err = register_pppox_proto(PX_PROTO_OL2TP, &pppol2tp_proto); + + if (err == 0) { +#ifdef CONFIG_PROC_FS + pppol2tp_proc = create_proc_entry("pppol2tp", 0, proc_net); + if (!pppol2tp_proc) { + return -ENOMEM; + } + pppol2tp_proc->owner = THIS_MODULE; + pppol2tp_proc->proc_fops = &pppol2tp_proc_fops; +#endif /* CONFIG_PROC_FS */ + printk(KERN_INFO "PPPoL2TP kernel driver, %s\n", + PPPOL2TP_DRV_VERSION); + } + + return err; +} + +void __exit pppol2tp_exit(void) +{ + unregister_pppox_proto(PX_PROTO_OL2TP); +#ifdef CONFIG_PROC_FS + remove_proc_entry("pppol2tp", proc_net); +#endif +#ifdef DEBUG_MOD_USE_COUNT + printk(KERN_DEBUG "%s: module use_count is %d\n", __FUNCTION__, mod_use_count); +#endif +} + +module_init(pppol2tp_init); +module_exit(pppol2tp_exit); + +MODULE_AUTHOR("Martijn van Oosterhout "); +MODULE_DESCRIPTION("PPP over L2TP over UDP, " PPPOL2TP_DRV_VERSION); +MODULE_LICENSE("GPL"); Index: linux-2.4.27-l2tp/drivers/net/pppox.c =================================================================== --- linux-2.4.27-l2tp.orig/drivers/net/pppox.c +++ linux-2.4.27-l2tp/drivers/net/pppox.c @@ -121,10 +121,17 @@ static int pppox_create(struct socket *s int err = 0; if (protocol < 0 || protocol > PX_MAX_PROTO) - return -EPROTOTYPE; + return -EPROTOTYPE; +#ifdef CONFIG_KMOD + if (proto[protocol] == NULL) { + char buffer[32]; + sprintf(buffer, "pppox-proto-%d", protocol); + request_module(buffer); + } +#endif if (proto[protocol] == NULL) - return -EPROTONOSUPPORT; + return -EPROTONOSUPPORT; err = (*proto[protocol]->create)(sock); Index: linux-2.4.27-l2tp/include/linux/hash.h =================================================================== --- /dev/null +++ linux-2.4.27-l2tp/include/linux/hash.h @@ -0,0 +1,58 @@ +#ifndef _LINUX_HASH_H +#define _LINUX_HASH_H +/* Fast hashing routine for a long. + (C) 2002 William Lee Irwin III, IBM */ + +/* + * Knuth recommends primes in approximately golden ratio to the maximum + * integer representable by a machine word for multiplicative hashing. + * Chuck Lever verified the effectiveness of this technique: + * http://www.citi.umich.edu/techreports/reports/citi-tr-00-1.pdf + * + * These primes are chosen to be bit-sparse, that is operations on + * them can use shifts and additions instead of multiplications for + * machines where multiplications are slow. + */ +#if BITS_PER_LONG == 32 +/* 2^31 + 2^29 - 2^25 + 2^22 - 2^19 - 2^16 + 1 */ +#define GOLDEN_RATIO_PRIME 0x9e370001UL +#elif BITS_PER_LONG == 64 +/* 2^63 + 2^61 - 2^57 + 2^54 - 2^51 - 2^18 + 1 */ +#define GOLDEN_RATIO_PRIME 0x9e37fffffffc0001UL +#else +#error Define GOLDEN_RATIO_PRIME for your wordsize. +#endif + +static inline unsigned long hash_long(unsigned long val, unsigned int bits) +{ + unsigned long hash = val; + +#if BITS_PER_LONG == 64 + /* Sigh, gcc can't optimise this alone like it does for 32 bits. */ + unsigned long n = hash; + n <<= 18; + hash -= n; + n <<= 33; + hash -= n; + n <<= 3; + hash += n; + n <<= 3; + hash -= n; + n <<= 4; + hash += n; + n <<= 2; + hash += n; +#else + /* On some cpus multiply is faster, on others gcc will do shifts */ + hash *= GOLDEN_RATIO_PRIME; +#endif + + /* High bits are more random, so use them. */ + return hash >> (BITS_PER_LONG - bits); +} + +static inline unsigned long hash_ptr(void *ptr, unsigned int bits) +{ + return hash_long((unsigned long)ptr, bits); +} +#endif /* _LINUX_HASH_H */ Index: linux-2.4.27-l2tp/include/linux/if_ppp.h =================================================================== --- linux-2.4.27-l2tp.orig/include/linux/if_ppp.h +++ linux-2.4.27-l2tp/include/linux/if_ppp.h @@ -107,6 +107,21 @@ struct ifpppcstatsreq { struct ppp_comp_stats stats; }; +/* For PPPIOCGL2TPSTATS */ +struct pppol2tp_ioc_stats { + __u16 tunnel_id; /* redundant */ + __u16 session_id; /* if zero, get tunnel stats */ + __u64 tx_packets; + __u64 tx_bytes; + __u64 tx_errors; + __u64 rx_packets; + __u64 rx_bytes; + __u64 rx_seq_discards; + __u64 rx_oos_packets; + __u64 rx_errors; + int using_ipsec; /* valid only for session_id == 0 */ +}; + #define ifr__name b.ifr_ifrn.ifrn_name #define stats_ptr b.ifr_ifru.ifru_data @@ -143,6 +158,7 @@ struct ifpppcstatsreq { #define PPPIOCDISCONN _IO('t', 57) /* disconnect channel */ #define PPPIOCATTCHAN _IOW('t', 56, int) /* attach to ppp channel */ #define PPPIOCGCHAN _IOR('t', 55, int) /* get ppp channel number */ +#define PPPIOCGL2TPSTATS _IOR('t', 54, struct pppol2tp_ioc_stats) #define SIOCGPPPSTATS (SIOCDEVPRIVATE + 0) #define SIOCGPPPVER (SIOCDEVPRIVATE + 1) /* NEVER change this!! */ Index: linux-2.4.27-l2tp/include/linux/if_pppol2tp.h =================================================================== --- /dev/null +++ linux-2.4.27-l2tp/include/linux/if_pppol2tp.h @@ -0,0 +1,67 @@ +/*************************************************************************** + * Linux PPP over L2TP (PPPoL2TP) Socket Implementation (RFC 2661) + * + * This file supplies definitions required by the PPP over L2TP driver + * (pppol2tp.c). All version information wrt this file is located in pppol2tp.c + * + * License: + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + * + */ + +#ifndef __LINUX_IF_PPPOL2TP_H +#define __LINUX_IF_PPPOL2TP_H + +#include + +#ifdef __KERNEL__ +#include +#endif + +/* Structure used to bind() the socket to a particular socket & tunnel */ +struct pppol2tp_addr +{ + pid_t pid; /* pid that owns the fd. + * 0 => current */ + int fd; /* FD of UDP socket to use */ + + struct sockaddr_in addr; /* IP address and port to send to */ + + __u16 s_tunnel, s_session; /* For matching incoming packets */ + __u16 d_tunnel, d_session; /* For sending outgoing packets */ +}; + +/* Socket options: + * DEBUG - bitmask of debug message categories + * SENDSEQ - 0 => don't send packets with sequence numbers + * 1 => send packets with sequence numbers + * RECVSEQ - 0 => receive packet sequence numbers are optional + * 1 => drop receive packets without sequence numbers + * LNSMODE - 0 => act as LAC. + * 1 => act as LNS. + * REORDERTO - reorder timeout (in millisecs). If 0, don't try to reorder. + */ +enum { + PPPOL2TP_SO_DEBUG = 1, + PPPOL2TP_SO_RECVSEQ = 2, + PPPOL2TP_SO_SENDSEQ = 3, + PPPOL2TP_SO_LNSMODE = 4, + PPPOL2TP_SO_REORDERTO = 5, +}; + +/* Debug message categories for the DEBUG socket option */ +enum { + PPPOL2TP_MSG_DEBUG = (1 << 0), /* verbose debug (if + * compiled in) */ + PPPOL2TP_MSG_CONTROL = (1 << 1), /* userspace - kernel + * interface */ + PPPOL2TP_MSG_SEQ = (1 << 2), /* sequence numbers */ + PPPOL2TP_MSG_DATA = (1 << 3), /* data packets */ +}; + + + +#endif Index: linux-2.4.27-l2tp/include/linux/if_pppox.h =================================================================== --- linux-2.4.27-l2tp.orig/include/linux/if_pppox.h +++ linux-2.4.27-l2tp/include/linux/if_pppox.h @@ -1,6 +1,6 @@ /*************************************************************************** * Linux PPP over X - Generic PPP transport layer sockets - * Linux PPP over Ethernet (PPPoE) Socket Implementation (RFC 2516) + * Linux PPP over Ethernet (PPPoE) Socket Implementation (RFC 2516) * * This file supplies definitions required by the PPP over Ethernet driver * (pppox.c). All version information wrt this file is located in pppox.c @@ -28,6 +28,7 @@ #include #include #endif /* __KERNEL__ */ +#include /* For user-space programs to pick up these definitions * which they wouldn't get otherwise without defining __KERNEL__ @@ -37,30 +38,48 @@ #define PF_PPPOX AF_PPPOX #endif /* !(AF_PPPOX) */ -/************************************************************************ - * PPPoE addressing definition - */ -typedef __u16 sid_t; -struct pppoe_addr{ - sid_t sid; /* Session identifier */ - unsigned char remote[ETH_ALEN]; /* Remote address */ - char dev[IFNAMSIZ]; /* Local device to use */ -}; - -/************************************************************************ - * Protocols supported by AF_PPPOX - */ +/************************************************************************ + * PPPoE addressing definition + */ +typedef __u16 sid_t; +struct pppoe_addr{ + sid_t sid; /* Session identifier */ + unsigned char remote[ETH_ALEN]; /* Remote address */ + char dev[IFNAMSIZ]; /* Local device to use */ +}; + +/************************************************************************ + * Protocols supported by AF_PPPOX + */ #define PX_PROTO_OE 0 /* Currently just PPPoE */ -#define PX_MAX_PROTO 1 - -struct sockaddr_pppox { - sa_family_t sa_family; /* address family, AF_PPPOX */ - unsigned int sa_protocol; /* protocol identifier */ - union{ - struct pppoe_addr pppoe; - }sa_addr; -}__attribute__ ((packed)); +#define PX_PROTO_OL2TP 1 /* Now L2TP also */ +#define PX_MAX_PROTO 2 +/* The use of a union isn't viable because the size of this struct + * must stay fixed over time -- applications use sizeof(struct + * sockaddr_pppox) to fill it. Use protocol specific sockaddr types + * instead. + */ +struct sockaddr_pppox { + sa_family_t sa_family; /* address family, AF_PPPOX */ + unsigned int sa_protocol; /* protocol identifier */ + union{ + struct pppoe_addr pppoe; + }sa_addr; +}__attribute__ ((packed)); /* deprecated */ + +/* Must be binary-compatible with sockaddr_pppox for backwards compatabilty */ +struct sockaddr_pppoe { + sa_family_t sa_family; /* address family, AF_PPPOX */ + unsigned int sa_protocol; /* protocol identifier */ + struct pppoe_addr pppoe; +}__attribute__ ((packed)); + +struct sockaddr_pppol2tp { + sa_family_t sa_family; /* address family, AF_PPPOX */ + unsigned int sa_protocol; /* protocol identifier */ + struct pppol2tp_addr pppol2tp; +}__attribute__ ((packed)); /********************************************************************* * Index: linux-2.4.27-l2tp/include/linux/list.h =================================================================== --- linux-2.4.27-l2tp.orig/include/linux/list.h +++ linux-2.4.27-l2tp/include/linux/list.h @@ -3,7 +3,9 @@ #if defined(__KERNEL__) || defined(_LVM_H_INCLUDE) +#include #include +#include /* * Simple doubly linked list implementation. @@ -254,6 +256,159 @@ static inline void list_splice_init(stru pos = list_entry(pos->member.next, typeof(*pos), member), \ prefetch(pos->member.next)) +/* + * These are non-NULL pointers that will result in page faults + * under normal circumstances, used to verify that nobody uses + * non-initialized list entries. + */ +#define LIST_POISON1 ((void *) 0x00100100) +#define LIST_POISON2 ((void *) 0x00200200) + +/* + * Double linked lists with a single pointer list head. + * Mostly useful for hash tables where the two pointer list head is + * too wasteful. + * You lose the ability to access the tail in O(1). + */ + +struct hlist_head { + struct hlist_node *first; +}; + +struct hlist_node { + struct hlist_node *next, **pprev; +}; + +#define HLIST_HEAD_INIT { .first = NULL } +#define HLIST_HEAD(name) struct hlist_head name = { .first = NULL } +#define INIT_HLIST_HEAD(ptr) ((ptr)->first = NULL) +#define INIT_HLIST_NODE(ptr) ((ptr)->next = NULL, (ptr)->pprev = NULL) + +static inline int hlist_unhashed(const struct hlist_node *h) +{ + return !h->pprev; +} + +static inline int hlist_empty(const struct hlist_head *h) +{ + return !h->first; +} + +static inline void __hlist_del(struct hlist_node *n) +{ + struct hlist_node *next = n->next; + struct hlist_node **pprev = n->pprev; + *pprev = next; + if (next) + next->pprev = pprev; +} + +static inline void hlist_del(struct hlist_node *n) +{ + __hlist_del(n); + n->next = LIST_POISON1; + n->pprev = LIST_POISON2; +} + +static inline void hlist_del_init(struct hlist_node *n) +{ + if (n->pprev) { + __hlist_del(n); + INIT_HLIST_NODE(n); + } +} + +static inline void hlist_add_head(struct hlist_node *n, struct hlist_head *h) +{ + struct hlist_node *first = h->first; + n->next = first; + if (first) + first->pprev = &n->next; + h->first = n; + n->pprev = &h->first; +} + +/* next must be != NULL */ +static inline void hlist_add_before(struct hlist_node *n, + struct hlist_node *next) +{ + n->pprev = next->pprev; + n->next = next; + next->pprev = &n->next; + *(n->pprev) = n; +} + +static inline void hlist_add_after(struct hlist_node *n, + struct hlist_node *next) +{ + next->next = n->next; + n->next = next; + next->pprev = &n->next; + + if(next->next) + next->next->pprev = &next->next; +} + +#define hlist_entry(ptr, type, member) container_of(ptr,type,member) + +#define hlist_for_each(pos, head) \ + for (pos = (head)->first; pos && ({ prefetch(pos->next); 1; }); \ + pos = pos->next) + +#define hlist_for_each_safe(pos, n, head) \ + for (pos = (head)->first; pos && ({ n = pos->next; 1; }); \ + pos = n) + +/** + * hlist_for_each_entry - iterate over list of given type + * @tpos: the type * to use as a loop counter. + * @pos: the &struct hlist_node to use as a loop counter. + * @head: the head for your list. + * @member: the name of the hlist_node within the struct. + */ +#define hlist_for_each_entry(tpos, pos, head, member) \ + for (pos = (head)->first; \ + pos && ({ prefetch(pos->next); 1;}) && \ + ({ tpos = hlist_entry(pos, typeof(*tpos), member); 1;}); \ + pos = pos->next) + +/** + * hlist_for_each_entry_continue - iterate over a hlist continuing after existing point + * @tpos: the type * to use as a loop counter. + * @pos: the &struct hlist_node to use as a loop counter. + * @member: the name of the hlist_node within the struct. + */ +#define hlist_for_each_entry_continue(tpos, pos, member) \ + for (pos = (pos)->next; \ + pos && ({ prefetch(pos->next); 1;}) && \ + ({ tpos = hlist_entry(pos, typeof(*tpos), member); 1;}); \ + pos = pos->next) + +/** + * hlist_for_each_entry_from - iterate over a hlist continuing from existing point + * @tpos: the type * to use as a loop counter. + * @pos: the &struct hlist_node to use as a loop counter. + * @member: the name of the hlist_node within the struct. + */ +#define hlist_for_each_entry_from(tpos, pos, member) \ + for (; pos && ({ prefetch(pos->next); 1;}) && \ + ({ tpos = hlist_entry(pos, typeof(*tpos), member); 1;}); \ + pos = pos->next) + +/** + * hlist_for_each_entry_safe - iterate over list of given type safe against removal of list entry + * @tpos: the type * to use as a loop counter. + * @pos: the &struct hlist_node to use as a loop counter. + * @n: another &struct hlist_node to use as temporary storage + * @head: the head for your list. + * @member: the name of the hlist_node within the struct. + */ +#define hlist_for_each_entry_safe(tpos, pos, n, head, member) \ + for (pos = (head)->first; \ + pos && ({ n = pos->next; 1; }) && \ + ({ tpos = hlist_entry(pos, typeof(*tpos), member); 1;}); \ + pos = n) + #endif /* __KERNEL__ || _LVM_H_INCLUDE */ #endif Index: linux-2.4.27-l2tp/include/linux/socket.h =================================================================== --- linux-2.4.27-l2tp.orig/include/linux/socket.h +++ linux-2.4.27-l2tp/include/linux/socket.h @@ -259,6 +259,7 @@ struct ucred { #define SOL_IRDA 266 #define SOL_NETBEUI 267 #define SOL_LLC 268 +#define SOL_PPPOL2TP 269 /* IPX options */ #define IPX_TYPE 1 xl2tpd-1.3.12/contrib/pppol2tp-linux-2.4.27.patch.README000066400000000000000000000001271327764040100221010ustar00rootroot00000000000000NOTE: This patch currently does not work together with xl2tpd's "ipsec saref" option. xl2tpd-1.3.12/control.c000066400000000000000000001730301327764040100146470ustar00rootroot00000000000000/* * Layer Two Tunnelling Protocol Daemon * Copyright (C) 1998 Adtran, Inc. * Copyright (C) 2002 Jeff McAdams * * Mark Spencer * * This software is distributed under the terms * of the GPL, which you should have received * along with this source. * * Control Packet Handling * */ #include #include #include #include #include #include #include #include "l2tp.h" _u16 ppp_crc16_table[256] = { 0x0000, 0x1189, 0x2312, 0x329b, 0x4624, 0x57ad, 0x6536, 0x74bf, 0x8c48, 0x9dc1, 0xaf5a, 0xbed3, 0xca6c, 0xdbe5, 0xe97e, 0xf8f7, 0x1081, 0x0108, 0x3393, 0x221a, 0x56a5, 0x472c, 0x75b7, 0x643e, 0x9cc9, 0x8d40, 0xbfdb, 0xae52, 0xdaed, 0xcb64, 0xf9ff, 0xe876, 0x2102, 0x308b, 0x0210, 0x1399, 0x6726, 0x76af, 0x4434, 0x55bd, 0xad4a, 0xbcc3, 0x8e58, 0x9fd1, 0xeb6e, 0xfae7, 0xc87c, 0xd9f5, 0x3183, 0x200a, 0x1291, 0x0318, 0x77a7, 0x662e, 0x54b5, 0x453c, 0xbdcb, 0xac42, 0x9ed9, 0x8f50, 0xfbef, 0xea66, 0xd8fd, 0xc974, 0x4204, 0x538d, 0x6116, 0x709f, 0x0420, 0x15a9, 0x2732, 0x36bb, 0xce4c, 0xdfc5, 0xed5e, 0xfcd7, 0x8868, 0x99e1, 0xab7a, 0xbaf3, 0x5285, 0x430c, 0x7197, 0x601e, 0x14a1, 0x0528, 0x37b3, 0x263a, 0xdecd, 0xcf44, 0xfddf, 0xec56, 0x98e9, 0x8960, 0xbbfb, 0xaa72, 0x6306, 0x728f, 0x4014, 0x519d, 0x2522, 0x34ab, 0x0630, 0x17b9, 0xef4e, 0xfec7, 0xcc5c, 0xddd5, 0xa96a, 0xb8e3, 0x8a78, 0x9bf1, 0x7387, 0x620e, 0x5095, 0x411c, 0x35a3, 0x242a, 0x16b1, 0x0738, 0xffcf, 0xee46, 0xdcdd, 0xcd54, 0xb9eb, 0xa862, 0x9af9, 0x8b70, 0x8408, 0x9581, 0xa71a, 0xb693, 0xc22c, 0xd3a5, 0xe13e, 0xf0b7, 0x0840, 0x19c9, 0x2b52, 0x3adb, 0x4e64, 0x5fed, 0x6d76, 0x7cff, 0x9489, 0x8500, 0xb79b, 0xa612, 0xd2ad, 0xc324, 0xf1bf, 0xe036, 0x18c1, 0x0948, 0x3bd3, 0x2a5a, 0x5ee5, 0x4f6c, 0x7df7, 0x6c7e, 0xa50a, 0xb483, 0x8618, 0x9791, 0xe32e, 0xf2a7, 0xc03c, 0xd1b5, 0x2942, 0x38cb, 0x0a50, 0x1bd9, 0x6f66, 0x7eef, 0x4c74, 0x5dfd, 0xb58b, 0xa402, 0x9699, 0x8710, 0xf3af, 0xe226, 0xd0bd, 0xc134, 0x39c3, 0x284a, 0x1ad1, 0x0b58, 0x7fe7, 0x6e6e, 0x5cf5, 0x4d7c, 0xc60c, 0xd785, 0xe51e, 0xf497, 0x8028, 0x91a1, 0xa33a, 0xb2b3, 0x4a44, 0x5bcd, 0x6956, 0x78df, 0x0c60, 0x1de9, 0x2f72, 0x3efb, 0xd68d, 0xc704, 0xf59f, 0xe416, 0x90a9, 0x8120, 0xb3bb, 0xa232, 0x5ac5, 0x4b4c, 0x79d7, 0x685e, 0x1ce1, 0x0d68, 0x3ff3, 0x2e7a, 0xe70e, 0xf687, 0xc41c, 0xd595, 0xa12a, 0xb0a3, 0x8238, 0x93b1, 0x6b46, 0x7acf, 0x4854, 0x59dd, 0x2d62, 0x3ceb, 0x0e70, 0x1ff9, 0xf78f, 0xe606, 0xd49d, 0xc514, 0xb1ab, 0xa022, 0x92b9, 0x8330, 0x7bc7, 0x6a4e, 0x58d5, 0x495c, 0x3de3, 0x2c6a, 0x1ef1, 0x0f78 }; int global_serno = 1; struct buffer *new_outgoing (struct tunnel *t) { /* * Make a new outgoing control packet */ struct buffer *tmp = new_buf (MAX_RECV_SIZE); if (!tmp) return NULL; tmp->peer = t->peer; tmp->start += sizeof (struct control_hdr); tmp->len = 0; tmp->retries = 0; tmp->tunnel = t; return tmp; } inline void recycle_outgoing (struct buffer *buf, struct sockaddr_in peer) { /* * This should only be used for ZLB's! */ buf->start = buf->rstart + sizeof (struct control_hdr); buf->peer = peer; buf->len = 0; buf->retries = -1; buf->tunnel = NULL; } void add_fcs (struct buffer *buf) { _u16 fcs = PPP_INITFCS; unsigned char *c = buf->start; int x; for (x = 0; x < buf->len; x++) { fcs = PPP_FCS (fcs, *c); c++; } fcs = fcs ^ 0xFFFF; *c = fcs & 0xFF; c++; *c = (fcs >> 8) & 0xFF; buf->len += 2; } void add_control_hdr (struct tunnel *t, struct call *c, struct buffer *buf) { struct control_hdr *h; buf->start -= sizeof (struct control_hdr); buf->len += sizeof (struct control_hdr); h = (struct control_hdr *) buf->start; h->ver = htons (TBIT | LBIT | FBIT | VER_L2TP); h->length = htons ((_u16) buf->len); h->tid = htons (t->tid); h->cid = htons (c->cid); h->Ns = htons (t->control_seq_num); h->Nr = htons (t->control_rec_seq_num); t->control_seq_num++; } void hello (void *tun) { struct buffer *buf; struct tunnel *t; struct timeval tv; tv.tv_sec = HELLO_DELAY; tv.tv_usec = 0; t = (struct tunnel *) tun; buf = new_outgoing (t); add_message_type_avp (buf, Hello); add_control_hdr (t, t->self, buf); if (gconfig.packet_dump) do_packet_dump (buf); #ifdef DEBUG_HELLO l2tp_log (LOG_DEBUG, "%s: sending Hello on %d\n", __FUNCTION__, t->ourtid); #endif control_xmit (buf); /* * Schedule another Hello in a little bit. */ #ifdef DEBUG_HELLO l2tp_log (LOG_DEBUG, "%s: scheduling another Hello on %d\n", __FUNCTION__, t->ourtid); #endif t->hello = schedule (tv, hello, (void *) t); } void control_zlb (struct buffer *buf, struct tunnel *t, struct call *c) { recycle_outgoing (buf, t->peer); add_control_hdr (t, c, buf); t->control_seq_num--; #ifdef DEBUG_ZLB l2tp_log (LOG_DEBUG, "%s: sending control ZLB on tunnel %d\n", __FUNCTION__, t->tid); #endif udp_xmit (buf, t); } /* * Get a local address from the local range, if configured. */ static int get_local_addr(struct tunnel *t, struct call *c) { #ifdef IP_ALLOCATION if (t->lns->localrange) { c->lns->localaddr = get_addr (t->lns->localrange); if (!c->lns->localaddr) { set_error (c, ERROR_NORES, "No available local IP addresses"); call_close (c); l2tp_log (LOG_DEBUG, "%s: Out of local IP addresses on tunnel %d!\n", __FUNCTION__, t->tid); return -EINVAL; } reserve_addr (c->lns->localaddr); } #endif return 0; } int control_finish (struct tunnel *t, struct call *c) { /* * After all AVP's have been handled, do anything else * which needs to be done, like prepare response * packets to go back. This is essentially the * implementation of the state machine of section 7.2.1 * * If we set c->needclose, the call (or tunnel) will * be closed upon return. */ struct buffer *buf; struct call *p, *z; struct tunnel *y; struct timeval tv; struct ppp_opts *po; char ip1[STRLEN]; char ip2[STRLEN]; char dummy_buf[128] = "/var/l2tp/"; /* jz: needed to read /etc/ppp/var.options - just kick it if you don't like */ char passwdfd_buf[32] = ""; /* buffer for the fd, not the password */ int i; int pppd_passwdfd[2]; int tmptid,tmpcid; if (c->msgtype < 0) { l2tp_log (LOG_DEBUG, "%s: Whoa... non-ZLB with no message type!\n", __FUNCTION__); return -EINVAL; } if (gconfig.debug_state) l2tp_log (LOG_DEBUG, "%s: message type is %s(%d). Tunnel is %d, call is %d.\n", __FUNCTION__, msgtypes[c->msgtype], c->msgtype, t->tid, c->cid); switch (c->msgtype) { case 0: /* * We need to initiate a connection. */ if (t->self == c) { if (t->lns) { t->ourrws = t->lns->tun_rws; t->hbit = t->lns->hbit; t->rxspeed = t->lns->rxspeed; t->txspeed = t->lns->txspeed; } else if (t->lac) { t->ourrws = t->lac->tun_rws; t->hbit = t->lac->hbit; t->rxspeed = t->lac->rxspeed; t->txspeed = t->lac->txspeed; } /* This is an attempt to bring up the tunnel */ t->state = SCCRQ; buf = new_outgoing (t); add_message_type_avp (buf, SCCRQ); if (t->hbit) { mk_challenge (t->chal_them.vector, VECTOR_SIZE); add_randvect_avp (buf, t->chal_them.vector, VECTOR_SIZE); } add_protocol_avp (buf); add_frame_caps_avp (buf, t->ourfc); add_bearer_caps_avp (buf, t->ourbc); /* FIXME: Tie breaker */ add_firmware_avp (buf); if (t->lac && t->lac->hostname && t->lac->hostname[0]) add_hostname_avp (buf, t->lac->hostname); else if (t->lns && t->lns->hostname && t->lns->hostname[0]) add_hostname_avp (buf, t->lns->hostname); else add_hostname_avp (buf, hostname); add_vendor_avp (buf); add_tunnelid_avp (buf, t->ourtid); if (t->ourrws >= 0) add_avp_rws (buf, t->ourrws); if ((t->lac && t->lac->challenge) || (t->lns && t->lns->challenge)) { if (t->chal_them.challenge) free(t->chal_them.challenge); t->chal_them.challenge = malloc(MD_SIG_SIZE); if (!(t->chal_them.challenge)) { l2tp_log (LOG_WARNING, "%s: malloc failed for challenge\n", __FUNCTION__); toss (buf); return -EINVAL; } mk_challenge (t->chal_them.challenge, MD_SIG_SIZE); t->chal_them.chal_len = MD_SIG_SIZE; add_challenge_avp (buf, t->chal_them.challenge, t->chal_them.chal_len); t->chal_them.state = STATE_CHALLENGED; /* We generate the challenge and make a note that we plan to challenge the peer, but we can't predict the response yet because we don't know their hostname AVP */ } add_control_hdr (t, c, buf); c->cnu = 0; if (gconfig.packet_dump) do_packet_dump (buf); if (gconfig.debug_state) l2tp_log (LOG_DEBUG, "%s: sending SCCRQ\n", __FUNCTION__); control_xmit (buf); } else { if (switch_io) { c->state = ICRQ; if (c->lns) { c->lbit = c->lns->lbit ? LBIT : 0; /* c->ourrws = c->lns->call_rws; if (c->ourrws > -1) c->ourfbit = FBIT; else c->ourfbit = 0; */ } else if (c->lac) { c->lbit = c->lac->lbit ? LBIT : 0; /* c->ourrws = c->lac->call_rws; if (c->ourrws > -1) c->ourfbit = FBIT; else c->ourfbit = 0; */ } buf = new_outgoing (t); add_message_type_avp (buf, ICRQ); if (t->hbit) { mk_challenge (t->chal_them.vector, VECTOR_SIZE); add_randvect_avp (buf, t->chal_them.vector, VECTOR_SIZE); } #ifdef TEST_HIDDEN add_callid_avp (buf, c->ourcid, t); #else add_callid_avp (buf, c->ourcid); #endif add_serno_avp (buf, global_serno); c->serno = global_serno; global_serno++; add_bearer_avp (buf, 0); add_control_hdr (t, c, buf); c->cnu = 0; if (gconfig.packet_dump) do_packet_dump (buf); if (gconfig.debug_state) l2tp_log (LOG_DEBUG, "%s: sending ICRQ\n", __FUNCTION__); control_xmit (buf); } else { /* jz: sending a OCRQ */ c->state = OCRQ; if (c->lns) { c->lbit = c->lns->lbit ? LBIT : 0; /* c->ourrws = c->lns->call_rws; if (c->ourrws > -1) c->ourfbit = FBIT; else c->ourfbit = 0; */ } else if (c->lac) { /* c->ourrws = c->lac->call_rws; if (c->ourrws > -1) c->ourfbit = FBIT; else c->ourfbit = 0; */ } if (t->fc & SYNC_FRAMING) c->frame = SYNC_FRAMING; else c->frame = ASYNC_FRAMING; buf = new_outgoing (t); add_message_type_avp (buf, OCRQ); #ifdef TEST_HIDDEN add_callid_avp (buf, c->ourcid, t); #else add_callid_avp (buf, c->ourcid); #endif add_serno_avp (buf, global_serno); c->serno = global_serno; global_serno++; add_minbps_avp (buf, DEFAULT_MIN_BPS); add_maxbps_avp (buf, DEFAULT_MAX_BPS); add_bearer_avp (buf, 0); add_frame_avp (buf, c->frame); add_number_avp (buf, c->dial_no); add_control_hdr (t, c, buf); c->cnu = 0; if (gconfig.packet_dump) do_packet_dump (buf); control_xmit (buf); } } break; case SCCRQ: /* * We've received a request, now let's * formulate a response. */ if (t->tid <= 0) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Peer did not specify assigned tunnel ID. Closing.\n", __FUNCTION__); set_error (c, VENDOR_ERROR, "Specify your assigned tunnel ID"); c->needclose = -1; return -EINVAL; } if (!(t->lns = get_lns (t))) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Denied connection to unauthorized peer %s\n", __FUNCTION__, IPADDY (t->peer.sin_addr)); set_error (c, VENDOR_ERROR, "No Authorization"); c->needclose = -1; return -EINVAL; } t->ourrws = t->lns->tun_rws; t->hbit = t->lns->hbit; if (t->fc < 0) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Peer did not specify framing capability. Closing.\n", __FUNCTION__); set_error (c, VENDOR_ERROR, "Specify framing capability"); c->needclose = -1; return -EINVAL; } /* FIXME: Do we need to be sure they specified a version number? * Theoretically, yes, but we don't have anything in the code * to actually *do* anything with it, so...why check at this point? * We shouldn't be requiring a bearer capabilities AVP to be present in * SCCRQ and SCCRP as they aren't required if (t->bc < 0 ) { if (DEBUG) l2tp_log(LOG_DEBUG, "%s: Peer did not specify bearer capability. Closing.\n",__FUNCTION__); set_error(c, VENDOR_ERROR, "Specify bearer capability"); c->needclose = -1; return -EINVAL; } */ if ((!strlen (t->hostname)) && ((t->chal_us.state) || ((t->lns->challenge)))) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Peer did not specify hostname. Closing.\n", __FUNCTION__); set_error (c, VENDOR_ERROR, "Specify your hostname"); c->needclose = -1; return -EINVAL; } y = tunnels.head; while (y) { if ((y->tid == t->tid) && (y->peer.sin_addr.s_addr == t->peer.sin_addr.s_addr) && (!gconfig.ipsecsaref || y->refhim == t->refhim) && (y != t)) { /* This can happen if we get a duplicate StartCCN or if they don't get our ACK packet */ /* * But it is legitimate for two different remote systems * to use the same tid */ l2tp_log (LOG_DEBUG, "%s: Peer requested tunnel %d twice, ignoring second one.\n", __FUNCTION__, t->tid); c->needclose = 0; c->closing = -1; return 0; } y = y->next; } t->state = SCCRP; buf = new_outgoing (t); add_message_type_avp (buf, SCCRP); if (t->hbit) { mk_challenge (t->chal_them.vector, VECTOR_SIZE); add_randvect_avp (buf, t->chal_them.vector, VECTOR_SIZE); } add_protocol_avp (buf); add_frame_caps_avp (buf, t->ourfc); add_bearer_caps_avp (buf, t->ourbc); add_firmware_avp (buf); if (t->lac && t->lac->hostname && t->lac->hostname[0]) add_hostname_avp (buf, t->lac->hostname); else if (t->lns && t->lns->hostname && t->lns->hostname[0]) add_hostname_avp (buf, t->lns->hostname); else add_hostname_avp (buf, hostname); add_vendor_avp (buf); add_tunnelid_avp (buf, t->ourtid); if (t->ourrws >= 0) add_avp_rws (buf, t->ourrws); if (t->chal_us.state) { t->chal_us.ss = SCCRP; handle_challenge (t, &t->chal_us); add_chalresp_avp (buf, t->chal_us.response, MD_SIG_SIZE); } if (t->lns->challenge) { if (t->chal_them.challenge) free(t->chal_them.challenge); t->chal_them.challenge = malloc(MD_SIG_SIZE); if (!(t->chal_them.challenge)) { l2tp_log (LOG_WARNING, "%s: malloc failed\n", __FUNCTION__); set_error (c, VENDOR_ERROR, "malloc failed"); toss (buf); return -EINVAL; } mk_challenge (t->chal_them.challenge, MD_SIG_SIZE); t->chal_them.chal_len = MD_SIG_SIZE; t->chal_them.ss = SCCCN; if (handle_challenge (t, &t->chal_them)) { /* We already know what to expect back */ l2tp_log (LOG_WARNING, "%s: No secret for '%s'\n", __FUNCTION__, t->hostname); set_error (c, VENDOR_ERROR, "No secret on our side"); toss (buf); return -EINVAL; }; add_challenge_avp (buf, t->chal_them.challenge, t->chal_them.chal_len); } add_control_hdr (t, c, buf); if (gconfig.packet_dump) do_packet_dump (buf); c->cnu = 0; if (gconfig.debug_state) l2tp_log (LOG_DEBUG, "%s: sending SCCRP\n", __FUNCTION__); control_xmit (buf); break; case SCCRP: /* * We have a reply. If everything is okay, send * a connected message */ if (t->fc < 0) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Peer did not specify framing capability. Closing.\n", __FUNCTION__); set_error (c, VENDOR_ERROR, "Specify framing capability"); c->needclose = -1; return -EINVAL; } /* FIXME: Do we need to be sure they specified a version number? * Theoretically, yes, but we don't have anything in the code * to actually *do* anything with it, so...why check at this point? * We shouldn't be requiring a bearer capabilities AVP to be present in * SCCRQ and SCCRP as they aren't required if (t->bc < 0 ) { if (DEBUG) log(LOG_DEBUG, "%s: Peer did not specify bearer capability. Closing.\n",__FUNCTION__); set_error(c, VENDOR_ERROR, "Specify bearer capability"); c->needclose = -1; return -EINVAL; } */ if ((!strlen (t->hostname)) && ((t->chal_them.state) || ((t->chal_us.state)))) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Peer did not specify hostname. Closing.\n", __FUNCTION__); set_error (c, VENDOR_ERROR, "Specify your hostname"); c->needclose = -1; return -EINVAL; } if (t->tid <= 0) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Peer did not specify assigned tunnel ID. Closing.\n", __FUNCTION__); set_error (c, VENDOR_ERROR, "Specify your assigned tunnel ID"); c->needclose = -1; return -EINVAL; } if (t->chal_them.state) { t->chal_them.ss = SCCRP; if (handle_challenge (t, &t->chal_them)) { set_error (c, VENDOR_ERROR, "No secret key on our side"); l2tp_log (LOG_WARNING, "%s: No secret key for authenticating '%s'\n", __FUNCTION__, t->hostname); c->needclose = -1; return -EINVAL; } if (memcmp (t->chal_them.reply, t->chal_them.response, MD_SIG_SIZE)) { set_error (c, VENDOR_ERROR, "Invalid challenge authentication"); l2tp_log (LOG_DEBUG, "%s: Invalid authentication for host '%s'\n", __FUNCTION__, t->hostname); c->needclose = -1; return -EINVAL; } } if (t->chal_us.state) { t->chal_us.ss = SCCCN; if (handle_challenge (t, &t->chal_us)) { l2tp_log (LOG_WARNING, "%s: No secret for authenticating to '%s'\n", __FUNCTION__, t->hostname); set_error (c, VENDOR_ERROR, "No secret key on our end"); c->needclose = -1; return -EINVAL; }; } t->state = SCCCN; buf = new_outgoing (t); add_message_type_avp (buf, SCCCN); if (t->hbit) { mk_challenge (t->chal_them.vector, VECTOR_SIZE); add_randvect_avp (buf, t->chal_them.vector, VECTOR_SIZE); } if (t->chal_us.state) add_chalresp_avp (buf, t->chal_us.response, MD_SIG_SIZE); add_control_hdr (t, c, buf); if (gconfig.packet_dump) do_packet_dump (buf); c->cnu = 0; if (gconfig.debug_state) l2tp_log (LOG_DEBUG, "%s: sending SCCCN\n", __FUNCTION__); control_xmit (buf); #ifdef USE_KERNEL connect_pppol2tp(t); #endif /* Schedule a HELLO */ tv.tv_sec = HELLO_DELAY; tv.tv_usec = 0; #ifdef DEBUG_HELLO l2tp_log (LOG_DEBUG, "%s: scheduling initial HELLO on %d\n", __FUNCTION__, t->ourtid); #endif t->hello = schedule (tv, hello, (void *) t); l2tp_log (LOG_NOTICE, "Connection established to %s, %d. Local: %d, Remote: %d (ref=%u/%u).\n", IPADDY (t->peer.sin_addr), ntohs (t->peer.sin_port), t->ourtid, t->tid, t->refme, t->refhim); if (t->lac) { /* This is part of a LAC, so we want to go ahead and start an ICRQ now */ magic_lac_dial (t->lac); } break; case SCCCN: if (t->chal_them.state) { if (memcmp (t->chal_them.reply, t->chal_them.response, MD_SIG_SIZE)) { set_error (c, VENDOR_ERROR, "Invalid challenge authentication"); l2tp_log (LOG_DEBUG, "%s: Invalid authentication for host '%s'\n", __FUNCTION__, t->hostname); c->needclose = -1; return -EINVAL; } } t->state = SCCCN; l2tp_log (LOG_NOTICE, "Connection established to %s, %d. Local: %d, Remote: %d (ref=%u/%u). LNS session is '%s'\n", IPADDY (t->peer.sin_addr), ntohs (t->peer.sin_port), t->ourtid, t->tid, t->refme, t->refhim, t->lns->entname); #ifdef USE_KERNEL connect_pppol2tp(t); #endif /* Schedule a HELLO */ tv.tv_sec = HELLO_DELAY; tv.tv_usec = 0; #ifdef DEBUG_HELLO l2tp_log (LOG_DEBUG, "%s: scheduling initial HELLO on %d\n", __FUNCTION__, t->ourtid); #endif t->hello = schedule (tv, hello, (void *) t); break; case StopCCN: if (t->qtid < 0) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Peer tried to disconnect without specifying tunnel ID\n", __FUNCTION__); return -EINVAL; } /* Work around bug in MSL2TP client */ if ((t->firmware == 0xff00) && (!(strncmp(t->vendor, "Deterministic Networks Inc.", 27)))) tmptid = t->ourtid; else tmptid = t->tid; if ((t->qtid != tmptid) && (tmptid > 0)) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Peer [Vendor:%s] [Firmware:%d (0x%.4x)] tried to disconnect with invalid TID (%d != %d)\n", __FUNCTION__, t->vendor, t->firmware, t->firmware, t->qtid, tmptid); return -EINVAL; } /* In case they're disconnecting immediately after SCCN */ if (!t->tid) t->tid = t->qtid; if (t->self->result < 0) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Peer tried to disconnect without specifying result code.\n", __FUNCTION__); return -EINVAL; } l2tp_log (LOG_INFO, "%s: Connection closed to %s, port %d (%s), Local: %d, Remote: %d\n", __FUNCTION__, IPADDY (t->peer.sin_addr), ntohs (t->peer.sin_port), t->self->errormsg, t->ourtid, t->tid); c->needclose = 0; c->closing = -1; break; case ICRQ: p = t->call_head; if (!p->lns) { set_error (p, ERROR_INVALID, "This tunnel cannot accept calls\n"); call_close (p); return -EINVAL; } p->lbit = p->lns->lbit ? LBIT : 0; /* p->ourrws = p->lns->call_rws; if (p->ourrws > -1) p->ourfbit = FBIT; else p->ourfbit = 0; */ if (p->cid < 0) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Peer tried to initiate call without call ID\n", __FUNCTION__); /* Here it doesn't make sense to use the needclose flag because the call p did not receive any packets */ call_close (p); return -EINVAL; } z = p->next; while (z) { if (z->cid == p->cid) { /* This can happen if we get a duplicate ICRQ or if they don't get our ACK packet */ l2tp_log (LOG_DEBUG, "%s: Peer requested call %d twice, ignoring second one.\n", __FUNCTION__, p->cid); p->needclose = 0; p->closing = -1; return 0; } z = z->next; } p = t->call_head; /* FIXME: by commenting this out, we're not checking whether the serial * number avp is included in the ICRQ at all which its required to be. * Since the serial number is only used for human debugging aid, this * isn't a big deal, but it would be nice to have *some* sort of check * for it and perhaps just log it and go on. */ /* JLM if (p->serno<1) { if (DEBUG) log(LOG_DEBUG, "%s: Peer did not specify serial number when initiating call\n", __FUNCTION__); call_close(p); return -EINVAL; } */ #ifdef IP_ALLOCATION if (t->lns->assign_ip) { p->addr = get_addr (t->lns->range); if (!p->addr) { set_error (p, ERROR_NORES, "No available IP address"); call_close (p); l2tp_log (LOG_DEBUG, "%s: Out of IP addresses on tunnel %d!\n", __FUNCTION__, t->tid); return -EINVAL; } reserve_addr (p->addr); } else p->addr = 0; #endif p->state = ICRP; buf = new_outgoing (t); add_message_type_avp (buf, ICRP); if (t->hbit) { mk_challenge (t->chal_them.vector, VECTOR_SIZE); add_randvect_avp (buf, t->chal_them.vector, VECTOR_SIZE); } #ifdef TEST_HIDDEN add_callid_avp (buf, p->ourcid, t); #else add_callid_avp (buf, p->ourcid); #endif /* if (p->ourrws >=0) add_avp_rws(buf, p->ourrws); */ /* * FIXME: I should really calculate * Packet Processing Delay */ /* add_ppd_avp(buf,ppd); */ add_control_hdr (t, p, buf); if (gconfig.packet_dump) do_packet_dump (buf); p->cnu = 0; if (gconfig.debug_state) l2tp_log (LOG_DEBUG, "%s: Sending ICRP\n", __FUNCTION__); control_xmit (buf); break; case ICRP: if (c->cid < 0) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Peer tried to negotiate ICRP without specifying call ID\n", __FUNCTION__); c->needclose = -1; return -EINVAL; } c->state = ICCN; if (t->fc & SYNC_FRAMING) c->frame = SYNC_FRAMING; else c->frame = ASYNC_FRAMING; buf = new_outgoing (t); add_message_type_avp (buf, ICCN); if (t->hbit) { mk_challenge (t->chal_them.vector, VECTOR_SIZE); add_randvect_avp (buf, t->chal_them.vector, VECTOR_SIZE); } add_txspeed_avp (buf, t->txspeed); add_frame_avp (buf, c->frame); /* if (c->ourrws >= 0) add_avp_rws(buf, c->ourrws); */ /* FIXME: Packet Processing Delay */ /* We don't need any kind of proxy PPP stuff */ /* Can we proxy authenticate ourselves??? */ add_rxspeed_avp (buf, t->rxspeed); /* add_seqreqd_avp (buf); *//* We don't have sequencing code, so * don't ask for sequencing */ add_control_hdr (t, c, buf); if (gconfig.packet_dump) do_packet_dump (buf); c->cnu = 0; if (gconfig.debug_state) l2tp_log (LOG_DEBUG, "%s: Sending ICCN\n", __FUNCTION__); l2tp_log (LOG_NOTICE, "Call established with %s, Local: %d, Remote: %d, Serial: %d (ref=%u/%u)\n", IPADDY (t->peer.sin_addr), c->ourcid, c->cid, c->serno, t->refme, t->refhim); control_xmit (buf); po = NULL; po = add_opt (po, "passive"); po = add_opt (po, "nodetach"); if (c->lac) { if (c->lac->defaultroute) po = add_opt (po, "defaultroute"); strncpy (ip1, IPADDY (c->lac->localaddr), sizeof (ip1)); strncpy (ip2, IPADDY (c->lac->remoteaddr), sizeof (ip2)); #ifdef IP_ALLOCATION po = add_opt (po, "%s:%s", c->lac->localaddr ? ip1 : "", c->lac->remoteaddr ? ip2 : ""); #endif if (c->lac->authself) { if (c->lac->pap_refuse) po = add_opt (po, "refuse-pap"); if (c->lac->chap_refuse) po = add_opt (po, "refuse-chap"); } else { po = add_opt (po, "refuse-pap"); po = add_opt (po, "refuse-chap"); } if (c->lac->authpeer) { po = add_opt (po, "auth"); if (c->lac->pap_require) po = add_opt (po, "require-pap"); if (c->lac->chap_require) po = add_opt (po, "require-chap"); } if (c->lac->authname[0]) { po = add_opt (po, "name"); po = add_opt (po, c->lac->authname); } if (c->lac->debug) po = add_opt (po, "debug"); if (c->lac->password[0]) { if (pipe (pppd_passwdfd) == -1) { l2tp_log (LOG_DEBUG, "%s: Unable to create password pipe for pppd\n", __FUNCTION__); return -EINVAL; } if (-1 == write (pppd_passwdfd[1], c->lac->password, strlen (c->lac->password))) { l2tp_log (LOG_DEBUG, "%s: Unable to write password to pipe for pppd\n", __FUNCTION__); close (pppd_passwdfd[1]); return -EINVAL; } close (pppd_passwdfd[1]); /* clear password if not redialing: paranoid? */ if (!c->lac->redial) for (i = 0; i < STRLEN; i++) c->lac->password[i] = '\0'; po = add_opt (po, "plugin"); po = add_opt (po, "passwordfd.so"); po = add_opt (po, "passwordfd"); snprintf (passwdfd_buf, 32, "%d", pppd_passwdfd[0]); po = add_opt (po, passwdfd_buf); } if (c->lac->pppoptfile[0]) { po = add_opt (po, "file"); po = add_opt (po, c->lac->pppoptfile); } }; if (c->lac->pass_peer) { po = add_opt (po, "ipparam"); po = add_opt (po, IPADDY (t->peer.sin_addr)); } start_pppd (c, po); opt_destroy (po); if (c->lac) c->lac->rtries = 0; if (c->lac->password[0]) close(pppd_passwdfd[0]); break; case ICCN: if (c == t->self) { l2tp_log (LOG_DEBUG, "%s: Peer attempted ICCN on the actual tunnel, not the call", __FUNCTION__); return -EINVAL; } if (c->txspeed < 1) { l2tp_log (LOG_DEBUG, "%s: Warning: Peer did not specify transmit speed\n", __FUNCTION__); /* don't refuse the connection over this c->needclose = -1; return -EINVAL; */ }; if (c->frame < 1) { l2tp_log (LOG_DEBUG, "%s: Warning: Peer did not specify framing type\n", __FUNCTION__); /* don't refuse the connection over this c->needclose = -1; return -EINVAL; */ } c->state = ICCN; if (get_local_addr(t, c)) return -EINVAL; strncpy (ip1, IPADDY (c->lns->localaddr), sizeof (ip1)); strncpy (ip2, IPADDY (c->addr), sizeof (ip2)); po = NULL; po = add_opt (po, "passive"); po = add_opt (po, "nodetach"); po = add_opt (po, "%s:%s", c->lns->localaddr ? ip1 : "", ip2); if (c->lns->authself) { if (c->lns->pap_refuse) po = add_opt (po, "refuse-pap"); if (c->lns->chap_refuse) po = add_opt (po, "refuse-chap"); } else { po = add_opt (po, "refuse-pap"); po = add_opt (po, "refuse-chap"); } if (c->lns->authpeer) { po = add_opt (po, "auth"); if (c->lns->pap_require) po = add_opt (po, "require-pap"); if (c->lns->chap_require) po = add_opt (po, "require-chap"); if (c->lns->passwdauth) po = add_opt (po, "login"); } if (c->lns->authname[0]) { po = add_opt (po, "name"); po = add_opt (po, c->lns->authname); } if (c->lns->debug) po = add_opt (po, "debug"); if (c->lns->pppoptfile[0]) { po = add_opt (po, "file"); po = add_opt (po, c->lns->pppoptfile); } if (c->lns->pass_peer) { po = add_opt (po, "ipparam"); po = add_opt (po, IPADDY (t->peer.sin_addr)); } start_pppd (c, po); opt_destroy (po); l2tp_log (LOG_NOTICE, "Call established with %s, PID: %d, Local: %d, Remote: %d, Serial: %d\n", IPADDY (t->peer.sin_addr), c->pppd, c->ourcid, c->cid, c->serno); break; case OCRP: /* jz: nothing to do for OCRP, waiting for OCCN */ break; case OCCN: /* jz: get OCCN, so the only thing we must do is to start the pppd */ po = NULL; po = add_opt (po, "passive"); po = add_opt (po, "nodetach"); po = add_opt (po, "file"); strcat (dummy_buf, c->dial_no); /* jz: use /etc/ppp/dialnumber.options for pppd - kick it if you don't like */ strcat (dummy_buf, ".options"); po = add_opt (po, dummy_buf); if (c->lac) { if (c->lac->defaultroute) po = add_opt (po, "defaultroute"); strncpy (ip1, IPADDY (c->lac->localaddr), sizeof (ip1)); strncpy (ip2, IPADDY (c->lac->remoteaddr), sizeof (ip2)); po = add_opt (po, "%s:%s", c->lac->localaddr ? ip1 : "", c->lac->remoteaddr ? ip2 : ""); if (c->lac->authself) { if (c->lac->pap_refuse) po = add_opt (po, "refuse-pap"); if (c->lac->chap_refuse) po = add_opt (po, "refuse-chap"); } else { po = add_opt (po, "refuse-pap"); po = add_opt (po, "refuse-chap"); } if (c->lac->authpeer) { po = add_opt (po, "auth"); if (c->lac->pap_require) po = add_opt (po, "require-pap"); if (c->lac->chap_require) po = add_opt (po, "require-chap"); } if (c->lac->authname[0]) { po = add_opt (po, "name"); po = add_opt (po, c->lac->authname); } if (c->lac->debug) po = add_opt (po, "debug"); if (c->lac->pppoptfile[0]) { po = add_opt (po, "file"); po = add_opt (po, c->lac->pppoptfile); } }; if (c->lac->pass_peer) { po = add_opt (po, "ipparam"); po = add_opt (po, IPADDY (t->peer.sin_addr)); } start_pppd (c, po); /* jz: just show some information */ l2tp_log (LOG_INFO, "parameters: Local: %d , Remote: %d , Serial: %d , Pid: %d , Tunnelid: %d , Phoneid: %s\n", c->ourcid, c->cid, c->serno, c->pppd, t->ourtid, c->dial_no); opt_destroy (po); if (c->lac) c->lac->rtries = 0; break; case CDN: if (c->qcid < 0) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Peer tried to disconnect without specifying call ID\n", __FUNCTION__); return -EINVAL; } if (c == t->self) { p = t->call_head; while (p && (p->cid != c->qcid)) p = p->next; if (!p) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Unable to determine call to be disconnected.\n", __FUNCTION__); return -EINVAL; } } else { p = c; } /* Work around bug in MSL2TP client */ if ((t->firmware == 0xff00) && (!(strncmp(t->vendor, "Deterministic Networks Inc.", 27)))) tmpcid = p->ourcid; else tmpcid = p->cid; if ((c->qcid != tmpcid) && tmpcid > 0) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Peer tried to disconnect with invalid CID (%d != %d)\n", __FUNCTION__, c->qcid, c->ourcid); return -EINVAL; } c->qcid = -1; if (c->result < 0) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Peer tried to disconnect without specifying result code.\n", __FUNCTION__); return -EINVAL; } l2tp_log (LOG_INFO, "%s: Connection closed to %s, serial %d (%s)\n", __FUNCTION__, IPADDY (t->peer.sin_addr), c->serno, c->errormsg); c->needclose = 0; c->closing = -1; break; case Hello: break; case SLI: break; default: l2tp_log (LOG_DEBUG, "%s: Don't know how to finish a message of type %d\n", __FUNCTION__, c->msgtype); set_error (c, VENDOR_ERROR, "Unimplemented message %d\n", c->msgtype); } return 0; } static inline int check_control (const struct buffer *buf, struct tunnel *t, struct call *c) { /* * Check if this is a valid control * or not. Returns 0 on success */ struct control_hdr *h = (struct control_hdr *) (buf->start); struct buffer *zlb; if (buf->len < sizeof (struct control_hdr)) { if (DEBUG) { l2tp_log (LOG_DEBUG, "%s: Received too small of packet\n", __FUNCTION__); } return -EINVAL; } #ifdef SANITY if (buf->len != h->length) { if (DEBUG) { l2tp_log (LOG_DEBUG, "%s: Reported and actual sizes differ (%d != %d)\n", __FUNCTION__, h->length, buf->len); } return -EINVAL; } /* * FIXME: H-bit handling goes here */ #ifdef DEBUG_CONTROL l2tp_log (LOG_DEBUG, "%s: control, cid = %d, Ns = %d, Nr = %d\n", __FUNCTION__, c->cid, h->Ns, h->Nr); #endif if (h->Ns != t->control_rec_seq_num) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Received out of order control packet on tunnel %d (got %d, expected %d)\n", __FUNCTION__, t->tid, h->Ns, t->control_rec_seq_num); if (((h->Ns < t->control_rec_seq_num) && ((t->control_rec_seq_num - h->Ns) < 32768)) || ((h->Ns > t->control_rec_seq_num) && ((t->control_rec_seq_num - h->Ns) > 32768))) { /* * Woopsies, they sent us a message we should have already received * so we should send them a ZLB so they know * for sure that we already have it. */ #ifdef DEBUG_ZLB if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Sending an updated ZLB in reponse\n", __FUNCTION__); #endif if (buf->len != sizeof (struct control_hdr)) { /* don't send a ZLB in response to a ZLB. it leads to a loop */ zlb = new_outgoing (t); control_zlb (zlb, t, c); /*udp_xmit (zlb, t);*/ toss (zlb); } } else if (!t->control_rec_seq_num && (t->tid == -1)) { /* We made this tunnel just for this message, so let's destroy it. */ c->needclose = 0; c->closing = -1; } return -EINVAL; } else { t->control_rec_seq_num++; c->cnu = -1; } /* * So we know what the other end has received * so far */ t->cLr = h->Nr; if (t->sanity) { if (!CTBIT (h->ver)) { if (DEBUG) { l2tp_log (LOG_DEBUG, "%s: Control bit not set\n", __FUNCTION__); } return -EINVAL; } if (!CLBIT (h->ver)) { if (DEBUG) { l2tp_log (LOG_DEBUG, "%s: Length bit not set\n", __FUNCTION__); } return -EINVAL; } if (!CFBIT (h->ver)) { if (DEBUG) { l2tp_log (LOG_DEBUG, "%s: Flow bit not set\n", __FUNCTION__); } return -EINVAL; } if (CVER (h->ver) != VER_L2TP) { if (DEBUG) { if (CVER (h->ver) == VER_PPTP) { l2tp_log (LOG_DEBUG, "%s: PPTP packet received\n", __FUNCTION__); } else if (CVER (h->ver) < VER_L2TP) { l2tp_log (LOG_DEBUG, "%s: L2F packet received\n", __FUNCTION__); } else { l2tp_log (LOG_DEBUG, "%s: Unknown version received\n", __FUNCTION__); } } return -EINVAL; } } #endif return 0; } static inline int check_payload (struct buffer *buf, struct tunnel *t, struct call *c) { /* * Check if this is a valid payload * or not. Returns 0 on success. */ int ehlen = MIN_PAYLOAD_HDR_LEN; struct payload_hdr *h = (struct payload_hdr *) (buf->start); if (!c) { if (DEBUG) { l2tp_log (LOG_DEBUG, "%s: Attempted to send payload on tunnel\n", __FUNCTION__); } return -EINVAL; } if (buf->len < MIN_PAYLOAD_HDR_LEN) { /* has to be at least MIN_PAYLOAD_HDR_LEN no matter what. we'll look more later */ if (DEBUG) { l2tp_log (LOG_DEBUG, "%s:Received to small of packet\n", __FUNCTION__); } return -EINVAL; } #ifdef SANITY if (t->sanity) { if (PTBIT (h->ver)) { if (DEBUG) { l2tp_log (LOG_DEBUG, "%s Control bit set\n", __FUNCTION__); } return -EINVAL; } if (PLBIT (h->ver)) ehlen += 2; /* Should have length information */ if (PFBIT (h->ver)) { /* if (!c->fbit && !c->ourfbit) { if (DEBUG) l2tp_log(LOG_DEBUG,"%s: flow bit set, but no RWS negotiated.\n",__FUNCTION__); return -EINVAL; } */ ehlen += 4; /* Should have Ns and Nr too */ } /* if (!PFBIT(h->ver)) { if (c->fbit || c->ourfbit) { if (DEBUG) l2tp_log(LOG_DEBUG, "%s: no flow bit, but RWS was negotiated.\n",__FUNCTION__); return -EINVAL;; } } */ if (PSBIT (h->ver)) ehlen += 2; /* Offset information */ if (PLBIT (h->ver)) ehlen += h->length; /* include length if available */ if (PVER (h->ver) != VER_L2TP) { if (DEBUG) { if (PVER (h->ver) == VER_PPTP) { l2tp_log (LOG_DEBUG, "%s: PPTP packet received\n", __FUNCTION__); } else if (CVER (h->ver) < VER_L2TP) { l2tp_log (LOG_DEBUG, "%s: L2F packet received\n", __FUNCTION__); } else { l2tp_log (LOG_DEBUG, "%s: Unknown version received\n", __FUNCTION__); } } return -EINVAL; } if ((buf->len < ehlen) && !PLBIT (h->ver)) { if (DEBUG) { l2tp_log (LOG_DEBUG, "%s payload too small (%d < %d)\n", __FUNCTION__, buf->len, ehlen); } return -EINVAL; } if ((buf->len != h->length) && PLBIT (h->ver)) { if (DEBUG) { l2tp_log (LOG_DEBUG, "%s: size mismatch (%d != %d)\n", __FUNCTION__, buf->len, h->length); } return -EINVAL; } } #endif return 0; } static inline int expand_payload (struct buffer *buf, struct tunnel *t, struct call *c) { /* * Expands payload header. Does not check for valid header, * check_payload() should already be called as a prerequisite. */ struct payload_hdr *h = (struct payload_hdr *) (buf->start); _u16 *r = (_u16 *) h; /* Nice to have raw word pointers */ struct payload_hdr *new_hdr; int ehlen = 0; /* * We first calculate our offset */ if (!PLBIT (h->ver)) ehlen += 2; /* Should have length information */ if (!PFBIT (h->ver)) ehlen += 4; /* Should have Ns and Nr too */ if (!PSBIT (h->ver)) ehlen += 2; /* Offset information */ if (ehlen) { /* * If this payload is missing any information, we'll * fill it in */ new_hdr = (struct payload_hdr *) (buf->start - ehlen); if ((void *) new_hdr < (void *) buf->rstart) { l2tp_log (LOG_WARNING, "%s: not enough space to decompress frame\n", __FUNCTION__); return -EINVAL; }; new_hdr->ver = *r; if (PLBIT (new_hdr->ver)) { r++; new_hdr->length = *r; } else { new_hdr->length = buf->len + ehlen; }; r++; new_hdr->tid = *r; r++; new_hdr->cid = *r; if (PFBIT (new_hdr->ver)) { r++; new_hdr->Ns = *r; r++; new_hdr->Nr = *r; } else { new_hdr->Nr = c->data_seq_num; new_hdr->Ns = c->data_rec_seq_num; }; if (PSBIT (new_hdr->ver)) { r++; new_hdr->o_size = *r; // r++; // new_hdr->o_pad = *r; } else { new_hdr->o_size = 0; // new_hdr->o_pad = 0; } } else new_hdr = h; /* * Handle sequence numbers * */ /* JLM if (PRBIT(new_hdr->ver)) { if (c->pSr > new_hdr->Ns) { l2tp_log(LOG_DEBUG, "%s: R-bit set with Ns < pSr!\n",__FUNCTION__); return -EINVAL; } #ifdef DEBUG_FLOW l2tp_log(LOG_DEBUG, "%s: R-bit set on packet %d\n",__FUNCTION__,new_hdr->Ns); #endif c->pSr=new_hdr->Ns; } */ #ifdef DEBUG_PAYLOAD l2tp_log (LOG_DEBUG, "%s: payload, cid = %d, Ns = %d, Nr = %d\n", __FUNCTION__, c->cid, new_hdr->Ns, new_hdr->Nr); #endif if (new_hdr->Ns != c->data_seq_num) { /* RFC1982-esque comparison of serial numbers */ if (((new_hdr->Ns < c->data_rec_seq_num) && ((c->data_rec_seq_num - new_hdr->Ns) < 32768)) || ((new_hdr->Ns > c->data_rec_seq_num) && ((c->data_rec_seq_num - new_hdr->Ns) > 32768))) { #ifdef DEBUG_FLOW if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Already seen this packet before (%d)\n", __FUNCTION__, new_hdr->Ns); #endif return -EINVAL; } else if (new_hdr->Ns <= c->data_rec_seq_num + PAYLOAD_FUDGE) { /* FIXME: I should buffer for out of order packets */ #ifdef DEBUG_FLOW if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Oops, lost a packet or two (%d). continuing...\n", __FUNCTION__, new_hdr->Ns); #endif c->data_rec_seq_num = new_hdr->Ns; } else { #ifdef DEBUG_FLOW if (DEBUG) l2tp_log (LOG_DEBUG, "%s: Received out of order payload packet (%d)\n", __FUNCTION__, new_hdr->Ns); #endif return -EINVAL; } } else { c->data_rec_seq_num++; c->pnu = -1; } /* * Check to see what the last thing * we got back was */ c->pLr = new_hdr->Nr; buf->start = new_hdr; buf->len += ehlen; return 0; } void send_zlb (void *data) { /* * Send a ZLB. This procedure should be schedule()able */ struct call *c; struct tunnel *t; struct buffer *buf; c = (struct call *) data; if (!c) { l2tp_log (LOG_WARNING, "%s: called on NULL call\n", __FUNCTION__); return; } t = c->container; if (!t) { l2tp_log (LOG_WARNING, "%s: called on call with NULL container\n", __FUNCTION__); return; } /* Update the counter so we know what Lr was when we last transmitted a ZLB */ c->prx = c->data_rec_seq_num; buf = new_payload (t->peer); add_payload_hdr (t, c, buf); c->data_seq_num--; /* We don't increment on ZLB's */ c->zlb_xmit = NULL; #ifdef DEBUG_ZLB l2tp_log (LOG_DEBUG, "%s: sending payload ZLB\n", __FUNCTION__); #endif udp_xmit (buf, t); toss (buf); } static inline int write_packet (struct buffer *buf, struct tunnel *t, struct call *c, int convert) { /* * Write a packet, doing sync->async conversion if * necessary */ int x; unsigned char e; int err; static unsigned char wbuf[MAX_RECV_SIZE]; int pos = 0; if (c->fd < 0) { if (DEBUG) l2tp_log (LOG_DEBUG, "%s: tty is not open yet.\n", __FUNCTION__); return -EIO; } /* * Skip over header */ _u16 offset = ((struct payload_hdr*)(buf->start))->o_size; // For FIXME: buf->start += sizeof(struct payload_hdr) + offset; buf->len -= sizeof(struct payload_hdr) + offset; c->rx_pkts++; c->rx_bytes += buf->len; /* * FIXME: What about offset? */ while (!convert) { /* We are given async frames, so write them directly to the tty */ err = write (c->fd, buf->start, buf->len); if (err == buf->len) { return 0; } else if (err == 0) { l2tp_log (LOG_WARNING, "%s: wrote no bytes of async packet\n", __FUNCTION__); return -EINVAL; } else if (err < 0) { if ((errno == EAGAIN) || (errno == EINTR)) { continue; } else { l2tp_log (LOG_WARNING, "%s: async write failed: %s\n", __FUNCTION__, strerror (errno)); } } else if (err < buf->len) { l2tp_log (LOG_WARNING, "%s: short write (%d of %d bytes)\n", __FUNCTION__, err, buf->len); return -EINVAL; } else if (err > buf->len) { l2tp_log (LOG_WARNING, "%s: write returned LONGER than buffer length?\n", __FUNCTION__); return -EINVAL; } } /* * sync->async conversion if we're doing sync frames * since the PPPD driver will expect async frames * Write leading flag character */ add_fcs (buf); e = PPP_FLAG; wbuf[pos++] = e; for (x = 0; x < buf->len; x++) { // we must at least still have 3 bytes left in the worst case scenario: // 1 for a possible escape, 1 for the value and 1 to end the PPP stream. if(pos >= (sizeof(wbuf) - 4)) { if(DEBUG) l2tp_log(LOG_CRIT, "%s: rx packet is too big after PPP encoding (size %u, max is %u)\n", __FUNCTION__, buf->len, MAX_RECV_SIZE); return -EINVAL; } e = *((char *) buf->start + x); if ((e < 0x20) || (e == PPP_ESCAPE) || (e == PPP_FLAG)) { /* Escape this */ e = e ^ 0x20; wbuf[pos++] = PPP_ESCAPE; } wbuf[pos++] = e; } wbuf[pos++] = PPP_FLAG; #if 0 if(DEBUG) { l2tp_log(LOG_DEBUG, "after sync->async, expanded %d->%d\n", buf->len, pos); } #endif x = 0; while ( pos != x ) { err = write (c->fd, wbuf+x, pos-x); if ( err < 0 ) { if ( errno != EINTR && errno != EAGAIN ) { l2tp_log (LOG_WARNING, "%s: %s(%d)\n", __FUNCTION__, strerror (errno), errno); /* * I guess pppd died. we'll pretend * everything ended normally */ c->needclose = -1; c->fd = -1; return -EIO; } else { continue; //goto while } } x += err; } return 0; } int handle_special (struct buffer *buf, struct call *c, _u16 call) { /* * This procedure is called when we have received a packet * on a call which doesn't exist in our tunnel. We want to * send back a ZLB to keep the tunnel alive, on that particular * call if it was a CDN, otherwise, send a CDN to notify them * that this call has been terminated. */ struct tunnel *t = c->container; /* Don't do anything unless it's a control packet */ if (!CTBIT (*((_u16 *) buf->start))) return 0; /* Temporarily, we make the tunnel have cid of call instead of 0, but we need to stop any scheduled events (like Hello's in particular) which might use this value */ c->cid = call; if (!check_control (buf, t, c)) { if (buf->len == sizeof (struct control_hdr)) { /* If it's a ZLB, we ignore it */ if (gconfig.debug_tunnel) l2tp_log (LOG_DEBUG, "%s: ZLB for closed call\n", __FUNCTION__); c->cid = 0; return 0; } /* Make a packet with the specified call number */ /* FIXME: If I'm not a CDN, I need to send a CDN */ control_zlb (buf, t, c); c->cid = 0; /*udp_xmit (buf, t);*/ toss (buf); return 1; } else { c->cid = 0; if (gconfig.debug_tunnel) l2tp_log (LOG_DEBUG, "%s: invalid control packet\n", __FUNCTION__); } return 0; } inline int handle_packet (struct buffer *buf, struct tunnel *t, struct call *c) { int res; /* tv code is commented out below #ifdef DEBUG_ZLB struct timeval tv; #endif */ if (CTBIT (*((_u16 *) buf->start))) { /* We have a control packet */ if (!check_control (buf, t, c)) { c->msgtype = -1; if (buf->len == sizeof (struct control_hdr)) { #ifdef DEBUG_ZLB l2tp_log (LOG_DEBUG, "%s: control ZLB received\n", __FUNCTION__); #endif t->control_rec_seq_num--; c->cnu = 0; if (c->needclose && c->closing) { if (c->container->cLr >= c->closeSs) { #ifdef DEBUG_ZLB l2tp_log (LOG_DEBUG, "%s: ZLB for closing message found\n", __FUNCTION__); #endif c->needclose = 0; /* Trigger final closing of call */ } } return 0; } else if (!handle_avps (buf, t, c)) { return control_finish (t, c); } else { if (gconfig.debug_tunnel) l2tp_log (LOG_DEBUG, "%s: bad AVP handling!\n", __FUNCTION__); return -EINVAL; } } else { l2tp_log (LOG_DEBUG, "%s: bad control packet!\n", __FUNCTION__); return -EINVAL; } } else { if (!check_payload (buf, t, c)) { if (!expand_payload (buf, t, c)) { if (buf->len > sizeof (struct payload_hdr)) { /* if (c->throttle) { if (c->pSs > c->pLr + c->rws) { #ifdef DEBUG_FLOW l2tp_log(LOG_DEBUG, "%s: not yet dethrottling call\n",__FUNCTION__); #endif } else { #ifdef DEBUG_FLOW l2tp_log(LOG_DEBUG, "%s: dethrottling call\n",__FUNCTION__); #endif if (c->dethrottle) deschedule(c->dethrottle); c->dethrottle=NULL; c->throttle = 0; } } */ /* JLM res = write_packet(buf,t,c, c->frame & SYNC_FRAMING); */ res = write_packet (buf, t, c, SYNC_FRAMING); if (res) return res; /* * Assuming we wrote to the ppp driver okay, we should * do something about ZLB's unless *we* requested no * window size or if they we have turned off our fbit. */ /* if (c->ourfbit && (c->ourrws > 0)) { if (c->pSr >= c->prx + c->ourrws - 2) { We've received enough to fill our receive window. At this point, we should immediately send a ZLB! #ifdef DEBUG_ZLB l2tp_log(LOG_DEBUG, "%s: Sending immediate ZLB!\n",__FUNCTION__); #endif if (c->zlb_xmit) { Deschedule any existing zlb_xmit's deschedule(c->zlb_xmit); c->zlb_xmit = NULL; } send_zlb((void *)c); } else { struct timeval tv; We need to schedule sending a ZLB. FIXME: Should be 1/4 RTT instead, when rate adaptive stuff is in place. Spec allows .5 seconds though tv.tv_sec = 0; tv.tv_usec = 500000; if (c->zlb_xmit) deschedule(c->zlb_xmit); #ifdef DEBUG_ZLB l2tp_log(LOG_DEBUG, "%s: scheduling ZLB\n",__FUNCTION__); #endif c->zlb_xmit = schedule(tv, &send_zlb, (void *)c); } } */ return 0; } else if (buf->len == sizeof (struct payload_hdr)) { #ifdef DEBUG_ZLB l2tp_log (LOG_DEBUG, "%s: payload ZLB received\n", __FUNCTION__); #endif /* if (c->throttle) { if (c->pSs > c->pLr + c->rws) { #ifdef DEBUG_FLOW l2tp_log(LOG_DEBUG, "%s: not yet dethrottling call\n",__FUNCTION__); #endif } else { #ifdef DEBUG_FLOW l2tp_log(LOG_DEBUG, "%s: dethrottling call\n",__FUNCTION__); #endif if (c->dethrottle) deschedule(c->dethrottle); c->dethrottle=NULL; c->throttle = 0; } } */ c->data_rec_seq_num--; return 0; } else { l2tp_log (LOG_DEBUG, "%s: payload too small!\n", __FUNCTION__); return -EINVAL; } } else { if (gconfig.debug_tunnel) l2tp_log (LOG_DEBUG, "%s: unable to expand payload!\n", __FUNCTION__); return -EINVAL; } } else { l2tp_log (LOG_DEBUG, "%s: invalid payload packet!\n", __FUNCTION__); return -EINVAL; } } } xl2tpd-1.3.12/control.h000066400000000000000000000043521327764040100146540ustar00rootroot00000000000000/* * Layer Two Tunnelling Protocol Daemon * Copyright (C) 1998 Adtran, Inc. * Copyright (C) 2002 Jeff McAdams * * Mark Spencer * * This software is distributed under the terms * of the GPL, which you should have received * along with this source. * * Control Packet Handling header * */ #include "common.h" /* Declaration of FIFO used for maintaining a reliable control connection, as well as for queueing stuff for the individual threads */ #ifndef _CONTROL_H #define _CONTROL_H /* Control message types for vendor-ID 0, placed in the VALUE field of AVP requests */ /* Control Connection Management */ #define SCCRQ 1 /* Start-Control-Connection-Request */ #define SCCRP 2 /* Start-Control-Connection-Reply */ #define SCCCN 3 /* Start-Control-Connection-Connected */ #define StopCCN 4 /* Stop-Control-Connection-Notification */ /* 5 is reserved */ #define Hello 6 /* Hello */ /* Call Management */ #define OCRQ 7 /* Outgoing-Call-Request */ #define OCRP 8 /* Outgoing-Call-Reply */ #define OCCN 9 /* Outgoing-Call-Connected */ #define ICRQ 10 /* Incoming-Call-Request */ #define ICRP 11 /* Incoming-Call-Reply */ #define ICCN 12 /* Incoming-Call-Connected */ /* 13 is reserved */ #define CDN 14 /* Call-Disconnect-Notify */ /* Error Reporting */ #define WEN 15 /* WAN-Error-Notify */ /* PPP Sesssion Control */ #define SLI 16 /* Set-Link-Info */ #define MAX_MSG 16 #define TBIT 0x8000 #define LBIT 0x4000 #define RBIT 0x2000 #define FBIT 0x0800 extern int handle_packet (struct buffer *, struct tunnel *, struct call *); extern struct buffer *new_outgoing (struct tunnel *); extern void add_control_hdr (struct tunnel *t, struct call *c, struct buffer *); extern int control_finish (struct tunnel *t, struct call *c); extern void control_zlb (struct buffer *, struct tunnel *, struct call *); extern void recycle_outgoing (struct buffer *, struct sockaddr_in); extern int handle_special (struct buffer *, struct call *, _u16); extern void hello (void *); extern void send_zlb (void *); extern void dethrottle (void *); #endif xl2tpd-1.3.12/debian/000077500000000000000000000000001327764040100142415ustar00rootroot00000000000000xl2tpd-1.3.12/debian/changelog000066400000000000000000000145621327764040100161230ustar00rootroot00000000000000xl2tpd (1.3.12-1) unstable; urgency=medium * New upstream release. -- Samir Hussain Fri, 18 May 2018 17:08:21 -0500 xl2tpd (1.3.11-1) unstable; urgency=medium * New upstream release. * Use HTTPS URL in d/copyright * Refresh d/control by partly sync'ing from Debian * Drop d/repack.sh script and refresh d/watch * Bump d/compat to 9 * Build packages for Xenial by default -- Samir Hussain Wed, 07 Mar 2018 14:37:21 -0500 xl2tpd (1.3.10-1) unstable; urgency=medium * New upstream release. - Drops the non-free RFC, so no need for +dfsg suffix any more. -- Samuel Thibault Sun, 22 Oct 2017 19:26:04 +0200 xl2tpd (1.3.8+dfsg-1) unstable; urgency=medium * New upstream release. * Package adopted by Samir (Closes: #786810) * control: - Bump policy version (no change). - Add missing lsb-base dependency. -- Samuel Thibault Sun, 04 Dec 2016 21:17:35 +0100 xl2tpd (1.3.6+dfsg-4) unstable; urgency=medium * QA upload. * rules: Enable USE_KERNEL, like upstream now does (Closes: #542521) -- Samuel Thibault Fri, 27 Nov 2015 22:40:47 +0100 xl2tpd (1.3.6+dfsg-3) unstable; urgency=low * Orphan package, set maintainer to Debian QA Group -- Roberto C. Sanchez Mon, 25 May 2015 14:40:47 -0400 xl2tpd (1.3.6+dfsg-2) unstable; urgency=low * Update to debhelper compatibility level 7 * Add patch series for local ip range option in the configuration, thanks to Pete Morreale. -- Roberto C. Sanchez Thu, 08 May 2014 11:57:42 -0400 xl2tpd (1.3.6+dfsg-1) unstable; urgency=low * New upstream release + Drop Build-Depends on libssl-dev (reverted by upstream) * Drop OpenSSL exception from debian/copyright (dropped by upstream) -- Roberto C. Sanchez Wed, 15 Jan 2014 22:08:27 -0500 xl2tpd (1.3.3+dfsg-1) unstable; urgency=low * New upstream release (Closes: #680146, #635472, #693316) + Now Build-Depends on libssl-dev for MD5 function * Update debian/copyright with OpenSSL linking exception * Update watch file to point to new github location * Add Vcs-Browser and Vcs-Git tags to control file * Update years in copyright file * Update copyright to conform to copyright-format 1.0 * Update to Standards-Version 3.9.5 (no changes) * Build with hardening options * Drop obselete Replaces of l2tpd * Drop 01_apply_build_flags_to_all_binaries.patch (incorporated upstream) -- Roberto C. Sanchez Fri, 03 Jan 2014 17:50:43 -0500 xl2tpd (1.3.1+dfsg-1) unstable; urgency=low * New upstream release -- Roberto C. Sanchez Mon, 10 Oct 2011 11:57:19 -0400 xl2tpd (1.3.0+dfsg-1) unstable; urgency=low * New upstream release (Closes: #611829) * Update debian/watch to account for upstream's RC numbering * Update to Standards-Version 3.9.2 (no changes) * Start when service is stopped and restart is attempted (Closes: #631369) -- Roberto C. Sanchez Tue, 13 Sep 2011 18:22:42 -0400 xl2tpd (1.2.8+dfsg-1) unstable; urgency=low * New upstream release -- Roberto C. Sanchez Thu, 03 Mar 2011 13:31:28 -0500 xl2tpd (1.2.7+dfsg-1) unstable; urgency=low * New upstream release (Closes: #578070, #589306) * Update to Standards-Version 3.9.1 (no changes) -- Roberto C. Sanchez Sat, 07 Aug 2010 21:50:55 -0400 xl2tpd (1.2.6+dfsg-1) unstable; urgency=low * New upstream release * Switch to dpkg-source 3.0 (quilt) format * Update to Standards-Version 3.8.4 (no changes) * Add $remote_fs to Required-Start/Required-Stop in init script -- Roberto C. Sanchez Sat, 05 Jun 2010 21:10:17 -0400 xl2tpd (1.2.5+dfsg-1) unstable; urgency=low * New upstream release * Remove unnecessary README.source since dpatch was dropped * Update to Standards-Version 3.8.3 -- Roberto C. Sanchez Sun, 24 Jan 2010 15:23:17 -0500 xl2tpd (1.2.4+dfsg-1) unstable; urgency=low * New upstream release (Closes: #494795) * Update to Standards-Version 3.8.1 + Add README.source + Fix watch file to use dversionmangle instead of uversionmangle * Update copyright file to new proposed format * Drop debian/patches/02_trust_pppd_to_die.dpatch (included upstream) * Add build-time dependency on libpcap0.8-dev * Make lintian happy: + Move creation of directory in /var/run to daemon start time * Drop l2tpd transitional package -- Roberto C. Sanchez Fri, 13 Mar 2009 09:58:54 -0400 xl2tpd (1.2.0+dfsg-1) unstable; urgency=low * New upstream release. * debian/patches/01_fix_makefile_bashism.dpatch: Remove, included upstream -- Roberto C. Sanchez Mon, 31 Mar 2008 17:02:47 -0400 xl2tpd (1.1.12.dfsg.1-4) unstable; urgency=low * Ship examples (Closes: #466512) * Trust pppd to die properly (Closes: #466057) * Update watch file and automate repacking upstream tarball. -- Roberto C. Sanchez Sat, 08 Mar 2008 21:25:41 -0500 xl2tpd (1.1.12.dfsg.1-3) unstable; urgency=low * Update to Standards-Version 3.7.3 (no changes required) * Fix Makefile bashism, thanks to Luca Falavigna (Closes: #453046) * Make sure conffiles are not left behind (Closes: #455023) -- Roberto C. Sanchez Sun, 20 Jan 2008 21:13:52 -0500 xl2tpd (1.1.12.dfsg.1-2) unstable; urgency=low * debian/control: Switch Homepage to be a proper control field. * debian/xl2tpd.init: Add --oknodo for stop action (Closes: #447990) -- Roberto C. Sanchez Sun, 4 Nov 2007 14:47:30 -0500 xl2tpd (1.1.12.dfsg.1-1) unstable; urgency=low * New upstream release * Repack upsteam tarball: remove non-free RFC and shipped debian/ directory -- Roberto C. Sanchez Sat, 20 Oct 2007 09:46:16 -0400 xl2tpd (1.1.11.dfsg.1-2) unstable; urgency=low * Added missing copyright notices. -- Roberto C. Sanchez Fri, 3 Aug 2007 14:13:23 -0400 xl2tpd (1.1.11.dfsg.1-1) unstable; urgency=low * Initial release (Closes: #427113, 402660) * Make l2tpd obsolete (Closes: #358799) * Repackage upstream tarball to remove non-free RFC (Closes: #393381) -- Roberto C. Sanchez Tue, 31 Jul 2007 20:57:23 -0400 Local variables: mode: debian-changelog End: xl2tpd-1.3.12/debian/compat000066400000000000000000000000031327764040100154400ustar00rootroot0000000000000010 xl2tpd-1.3.12/debian/control000066400000000000000000000015411327764040100156450ustar00rootroot00000000000000Source: xl2tpd Section: net Priority: optional Maintainer: Samir Hussain Uploaders: Samuel Thibault Homepage: https://www.xelerance.com/software/xl2tpd/ Vcs-Browser: https://github.com/xelerance/xl2tpd Vcs-Git: git://github.com/xelerance/xl2tpd.git Build-Depends: debhelper (>= 10), libpcap0.8-dev Standards-Version: 3.9.8 Package: xl2tpd Architecture: any Provides: l2tpd Depends: ${shlibs:Depends}, ${misc:Depends}, ppp, lsb-base (>= 3.0-6) Description: layer 2 tunneling protocol implementation xl2tpd is an open source implementation of the L2TP tunneling protocol (RFC2661). xl2tpd is forked from l2tpd and is maintained by Xelerance Corporation. . The main purpose of this protocol is to tunnel PPP frames through IP networks. It implements both LAC and LNS role in the L2TP networking architecture. xl2tpd-1.3.12/debian/copyright000066400000000000000000000012131327764040100161710ustar00rootroot00000000000000Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Source: http://www.xelerance.com/software/xl2tpd/ (repacked to remove non-free RFC text included in upstream distribution) Files: * Copyright: (c) 2006-2016 Xelerance Corporation License: GPL-2+ Files: debian/* Copyright: (c) 2007-2013 Roberto C. Sanchez Jean-Francois Dive License: GPL-2+ License: GPL-2+ Please see the CREDITS file for a complete copyright history of all parts of the project. . On Debian systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-2'. xl2tpd-1.3.12/debian/lintian-overrides000066400000000000000000000002531327764040100176220ustar00rootroot00000000000000# The etc/xl2tpd/l2tp-secrets file must not be readable by non-root xl2tpd: non-standard-file-perm etc/xl2tpd/l2tp-secrets 0600 != 0644 xl2tpd: hyphen-used-as-minus-sign xl2tpd-1.3.12/debian/repack.sh000077500000000000000000000014201327764040100160420ustar00rootroot00000000000000#!/bin/sh # Repackage upstream source to exclude non-distributable files # should be called as "repack sh --upstream-source # (for example, via uscan) set -e set -u FILE=$3 PKG=`dpkg-parsechangelog|grep ^Source:|sed 's/^Source: //'` VER="$2+dfsg" printf "\nRepackaging $FILE\n" DIR=`mktemp -d ./tmpRepackXXXXXX` trap "rm -rf $DIR" QUIT INT EXIT tar xzf $FILE -C $DIR TARGET=`echo $FILE |sed 's/_\(.*\)\.orig/_\1+dfsg.orig/'` REPACK=`basename $TARGET` UP_DIR=`ls -1 $DIR` ( set -e set -u cd $DIR rm -v $UP_DIR/doc/rfc2661.txt rm -rv $UP_DIR/debian/ REPACK_DIR="$PKG-$VER.orig" mv $UP_DIR $REPACK_DIR tar -c $REPACK_DIR | gzip -9 > $REPACK ) rm -v $FILE mv $DIR/$REPACK $TARGET echo "*** $FILE repackaged as $TARGET" xl2tpd-1.3.12/debian/rules000077500000000000000000000042571327764040100153310ustar00rootroot00000000000000#!/usr/bin/make -f # -*- makefile -*- # Sample debian/rules that uses debhelper. # This file was originally written by Joey Hess and Craig Small. # As a special exception, when this file is copied by dh-make into a # dh-make output file, you may use that output file without restriction. # This special exception was added by Craig Small in version 0.37 of dh-make. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 CFLAGS = -Wall -g ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) CFLAGS += -O0 else CFLAGS += -O2 endif configure: configure-stamp configure-stamp: dh_testdir touch configure-stamp build: build-arch build-indep build-arch: build-stamp build-indep: build-stamp build-stamp: configure-stamp dh_testdir $(MAKE) CFLAGS=" -DDEBUG_PPPD -DTRUST_PPPD_TO_DIE -O2 -fno-builtin -Wall -DSANITY -DLINUX -I$(KERNELSRC)/include/ -DIP_ALLOCATION -DUSE_KERNEL $(shell dpkg-buildflags --get CFLAGS)" CPPFLAGS=" -DDEBUG_PPPD -DTRUST_PPPD_TO_DIE -O2 -fno-builtin -Wall -DSANITY -DLINUX -I$(KERNELSRC)/include/ -DIP_ALLOCATION $(shell dpkg-buildflags --get CPPFLAGS)" LDFLAGS=" $(shell dpkg-buildflags --get LDFLAGS)" touch $@ clean: dh_testdir dh_testroot rm -f build-stamp configure-stamp [ ! -f Makefile ] || $(MAKE) clean dh_clean install: build dh_testdir dh_testroot dh_prep dh_installdirs $(MAKE) PREFIX=/usr DESTDIR=$(CURDIR)/debian/xl2tpd install cp $(CURDIR)/doc/l2tpd.conf.sample $(CURDIR)/debian/xl2tpd/etc/xl2tpd/xl2tpd.conf cp $(CURDIR)/doc/l2tp-secrets.sample $(CURDIR)/debian/xl2tpd/etc/xl2tpd/l2tp-secrets # Build architecture-independent files here. binary-indep: build install # Nothing to do here # Build architecture-dependent files here. binary-arch: build install dh_testdir dh_testroot dh_installchangelogs CHANGES dh_installdocs dh_installexamples # dh_install dh_installinit dh_installman cp debian/lintian-overrides \ debian/xl2tpd/usr/share/lintian/overrides/xl2tpd dh_link dh_strip dh_compress dh_fixperms chmod 600 $(CURDIR)/debian/xl2tpd/etc/xl2tpd/l2tp-secrets dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install configure xl2tpd-1.3.12/debian/source/000077500000000000000000000000001327764040100155415ustar00rootroot00000000000000xl2tpd-1.3.12/debian/source/format000066400000000000000000000000141327764040100167470ustar00rootroot000000000000003.0 (quilt) xl2tpd-1.3.12/debian/source/options000066400000000000000000000000331327764040100171530ustar00rootroot00000000000000--diff-ignore --tar-ignore xl2tpd-1.3.12/debian/watch000066400000000000000000000002161327764040100152710ustar00rootroot00000000000000version=4 opts=filenamemangle=s/.+\/v?(\d\S+)\.tar\.gz/xl2tpd-$1\.tar\.gz/ \ https://github.com/xelerance/xl2tpd/tags .*/v?(\d\S+)\.tar\.gz xl2tpd-1.3.12/debian/xl2tpd.default000066400000000000000000000004631327764040100170270ustar00rootroot00000000000000# Defaults for xl2tpd initscript # sourced by /etc/init.d/xl2tpd # installed at /etc/default/xl2tpd by the maintainer scripts # # This is a POSIX shell fragment # # Where the l2tp-control pipe is located XL2TPD_RUN_DIR="/var/run/xl2tpd" # Additional options that are passed to the Daemon. DAEMON_OPTS="" xl2tpd-1.3.12/debian/xl2tpd.dirs000066400000000000000000000000601327764040100163350ustar00rootroot00000000000000usr/sbin etc/xl2tpd usr/share/lintian/overrides xl2tpd-1.3.12/debian/xl2tpd.docs000066400000000000000000000001101327764040100163200ustar00rootroot00000000000000README.xl2tpd CREDITS contrib/pfc.README contrib/pppol2tp-2.6.23.README xl2tpd-1.3.12/debian/xl2tpd.examples000066400000000000000000000000131327764040100172100ustar00rootroot00000000000000examples/* xl2tpd-1.3.12/debian/xl2tpd.init000066400000000000000000000035171327764040100163510ustar00rootroot00000000000000#! /bin/sh ### BEGIN INIT INFO # Provides: xl2tpd l2tpd # Required-Start: $network $syslog $remote_fs # Required-Stop: $network $syslog $remote_fs # Should-Start: ipsec # Should-Stop: ipsec # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: layer 2 tunelling protocol daemon # Description: xl2tpd is usually used in conjunction with an ipsec # daemon (such as openswan). ### END INIT INFO PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/sbin/xl2tpd NAME=xl2tpd DESC=xl2tpd test -x $DAEMON || exit 0 . /lib/lsb/init-functions # Include xl2tpd defaults if available if [ -f /etc/default/xl2tpd ] ; then . /etc/default/xl2tpd fi PIDFILE=/var/run/$NAME.pid set -e case "$1" in start) echo -n "Starting $DESC: " test -d ${XL2TPD_RUN_DIR:-/var/run/xl2tpd} || mkdir -p ${XL2TPD_RUN_DIR:-/var/run/xl2tpd} start-stop-daemon --start --quiet --pidfile $PIDFILE \ --exec $DAEMON -- $DAEMON_OPTS echo "$NAME." ;; stop) echo -n "Stopping $DESC: " start-stop-daemon --oknodo --stop --quiet --pidfile $PIDFILE \ --exec $DAEMON echo "$NAME." ;; force-reload) test -d ${XL2TPD_RUN_DIR:-/var/run/xl2tpd} || mkdir -p ${XL2TPD_RUN_DIR:-/var/run/xl2tpd} # check whether $DAEMON is running. If so, restart start-stop-daemon --stop --test --quiet --pidfile \ $PIDFILE --exec $DAEMON \ && $0 restart \ || exit 0 ;; restart) test -d ${XL2TPD_RUN_DIR:-/var/run/xl2tpd} || mkdir -p ${XL2TPD_RUN_DIR:-/var/run/xl2tpd} echo -n "Restarting $DESC: " start-stop-daemon --oknodo --stop --quiet --pidfile \ $PIDFILE --exec $DAEMON sleep 1 start-stop-daemon --start --quiet --pidfile \ $PIDFILE --exec $DAEMON -- $DAEMON_OPTS echo "$NAME." ;; *) N=/etc/init.d/$NAME echo "Usage: $N {start|stop|restart|force-reload}" >&2 exit 1 ;; esac exit 0 xl2tpd-1.3.12/debian/xl2tpd.postinst000066400000000000000000000016761327764040100172750ustar00rootroot00000000000000#!/bin/sh # postinst script for xl2tpd # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-remove' # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in configure) ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 xl2tpd-1.3.12/debian/xl2tpd.postrm000066400000000000000000000016431327764040100167300ustar00rootroot00000000000000#!/bin/sh # postrm script for xl2tpd # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `purge' # * `upgrade' # * `failed-upgrade' # * `abort-install' # * `abort-install' # * `abort-upgrade' # * `disappear' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 xl2tpd-1.3.12/debian/xl2tpd.prerm000066400000000000000000000015561327764040100165340ustar00rootroot00000000000000#!/bin/sh # prerm script for xl2tpd # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `upgrade' # * `failed-upgrade' # * `remove' `in-favour' # * `deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in remove|upgrade|deconfigure) ;; failed-upgrade) ;; *) echo "prerm called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 xl2tpd-1.3.12/doc/000077500000000000000000000000001327764040100135645ustar00rootroot00000000000000xl2tpd-1.3.12/doc/README.passwordfd000066400000000000000000000001131327764040100166120ustar00rootroot00000000000000Usage: echo "c " > /var/run/xl2tpd/l2tp-control xl2tpd-1.3.12/doc/README.patents000066400000000000000000000035121327764040100161220ustar00rootroot00000000000000 http://www.ietf.org/ietf/IPR/CISCO-L2TP The following was received on March 2, 1999 from Andy Valencia (vandys@cisco.com) Cisco has a patent pending that may relate to this proposed standard. If this proposed standard is adopted by IETF and any patents issue to Cisco or its subsidiaries with claims that are necessary for practicing this standard, any party will be able to obtain the right to implement, use and distribute the technology or works when implementing, using or distributing technology based upon the specific specification(s) under openly specified, reasonable, non-discriminatory terms. Requests may be sent to: Robert Barr Suite 280 2882 Sand Hill Road Menlo Park Ca 94025 Phone: 650-926-6205 Note: On July 30, 1999, we were informed that the patent office had assigned the number 5,918,019 for the patent -------------------------- Cisco allows anyone to use their patent as long as it is IETF RFC compliant. This is Cisco's standard policy on patents for their IETF work. In fact, their statement was made before being awarded the patent. They complied fully with the IPR disclosure policy of the IETF. The IETF does not release RFC's that are limited or in any way discriminatory in their use. The patent holder (in this case Ciso) agree to a royalty free, unrevocable use of their patent as needed for implementing the IETF standards. If there were any limitations on the implementation and use of L2TP, the L2TP working group would not exist any more, and no new protocol additions or changes would be accepted as RFC standard. The L2TP became an IETF standard, see http://www.ietf.org/rfc/rfc2661.txt Notice the RFC was issued after the disclosure for IPR by Cisco, so the IETF fully knew about the patent and confirmed that there were no restrictions before it issued the RFC. --- Paul Wouters xl2tpd-1.3.12/doc/ipsecsaref.png000066400000000000000000004774031327764040100164350ustar00rootroot00000000000000‰PNG  IHDR;Îç3žsBIT|dˆ pHYs-×+tEXtSoftwarewww.inkscape.org›î< IDATxœìÝy|\õ}ÿû÷ì3’FÒhß,ɲäEÞÀ»±mœ „„Bs³QÒ”Ü6¥·MÓüúKn›ÒÛ4¹·éï6 …@'ŽMÁ,€ÁÆkãÝò*[¶dkßF3šõÌùý¡h‚˖בÈëù¤s¾ç{>çÌ?óxë»X$™€w°KR__Ÿ\.Wºkf‘HD¹¹¹CÁ¡Ëå’ÛíNwMÆkº 0öHAp Á!€‡RHAp Á!€‡RHAp Á!€‡RHAp Á!€‡RHAp Á!€‡RHAp Á!€‡RHAp Á!€‡RHAp Á!€‡RHAp Á!€‡RHAp Á!€‡RHAp Á!€‡RHAp Á!€‡RHAp Á!€‡RHAp Á!€‡RHAp Á!€‡RHAp Á!€‡RHAp Á!€‡RHAp Á!€‡RHAp Á!€‡RHAp Á!€‡RHAp Á!€‡RHAp Á!€‡RHAp …=ÝŒgçB=ºkÓ?êoë?¢*—^´­?6¨7mÒö®#:êÕü¼ZÝY6WË‹¦_ñý_<»K¯·ïÓÞÞSªÉ*Ñ’‚©úäÄrZ¯þkÞ[¿%Ÿ3Kß›ÿù«îK’~Ü´Qÿvøym¸íÊwy/ÚöPÿ­kÞ¡]Gå²9´(²þ¤j™ª2 ¯I-¸4‚C€«°úôfíí=¥®ÈÀEÛhÕ=o}S‡ý-Éco¶п~NÿcÆýú‡™È"˨ïKzôíè'~<¶©ãž:¹AOžÜ g—ýŠÝ¹—ÿ@¿ÓhÓš3[õ¾’ÙWÜÇ»}ïø«Ú×פ˜i\´ÝÏOoÑC¿ù®BF4yì¹–ßè_<§_.ùk­,žyÍjÀȘª pL™ÚÜÙ o\sɶ†™ÐíoþOö·è–‚©znÙW´ïŽïèg}\V‹E_?ø‹óÀÑø‡«õƒ¿–×áÑÌ{Xïüÿô³[¾¬ÉÞ2më:¢nù—+}4µ vëÁÿ~Å׿۠Ñ?7¬Ó¶®#—l»³û¸>¶íß2¢úBÝÚþþц۾¡LX¤îÈ€þhã7t.ÔsÍjÀÈqp6uÒEÚ÷«+âÕ5Ï6ïPS°CU™…Zëß%§éÎÊ­V¦Ý¥¿Üý¤þߣ/èáÚÛG5ê0ë{'^•$=³èÿÔ‡+J’¦çTj~^­æÿú¯µµóˆ~ÛsBóójGUc[¸Oß<´V¯µíÕÿÙQ]s)ÿ~ì%=×òmí<¬h">ªk¾}d½$éÓWê?æ=œ<~kQ½nóëz³ý€þãØËúæìO\“02F\†ÎþV¿8³eÔ¡¡$}ûèó’¤Ï×þQÊÚ~N¾S>g–ŽøÏêWçvª¿zS½Ñ€ês&$CÃaµÞR}¬j™$é;¿ áFãÄ@«¾{ì¥kßÿÍö£ Ï vjmó6IÒW§ÿñyçì›þ¶þ#’¤ïŸxUƒFäšÕ € cÄ!ÀeøòÔ»õ‰êåÉ¿?÷ÛÿÔÎîã#¶4"ÚÑuL’tWÙÜ”óv‹MTz³VŸÞ¬×ÛöëÎ ´y· mû%I,›wÁó*Ÿ¯ÿ<þŠ^kÛwɾ†Ý웨=ôíäß¿8³E7<;êë/äå_SĈI’ñ°–½þwm¿©ã 3¡:o©ê¼¥)çWÍ×áQO4 ==§´¤pêUÕ€‹#8¸ ež<•yò’{íž‹¶o õJ’V›fæV]°Íœ¼­>½YmáÞQÕÐîI^w!7û†ŽwGKrXm—ì3ÓîÖM¾‰É¿·tU-3-»"ù{lð’í‡ßÕܼI<ï´Ú5=g‚vtõ»À•cª2Àu4†å9½#¶>7ÜöjûÌsfIÚÀ¥#Ò7êZÓíz¼+\9‚C€ëè÷aXÖˆm†Ïv][h( |÷z‰ÃœV»²ìîóî?\w€+GppECkü9¬#¯c· M%Æ/½áGÂ43‡6qXFž‚l³XGÝçX1ªweý»ÀÕ!8¸ŽŠÜ9’¤Þh`Ä6=ÑIR±;÷’ýY-¸²wÝ…û4Ì„ü±Ð¨û+Fõ®"CçÆÓsŒW‡×ÑpÀ5RÈ'I½Ñ $©Ôã»Ì>.x¾/”)S’T6Ê>ǂѽ«¡s£}W¸r‡×ÑpŒ‡Õî¿`›SÁvI:o·æ‹)r Ì;è¸àù¦àÐñ ›KÙŽŒËª7†ßÕ©@ûˆm†Ÿm´ï WŽàà:*qçªÎ[*Iz­mßÛ¼ÒºG’´¤pê¨ú¼µhº$é×m{¯IcŲÂi’¤ÝG5ð»©Öït¨ÿŒš»ä²:47oÒ.àÁ!Àuög“Þ/Iúù™Í)çv÷žÔQÿYå:3uß„[Î;K 1EñóŽ?T³JV‹EouJÙ59nZsf«$éáÚÛÏ;g˜ …˜ÂF,9•ùj ÷7«îkVnµä×)–0´®y{ÊùŸz°ø¢;/àÚ 8¸Î>=q¥<6§^<»K7<«„9Ú5v飛ÿE’ôàÄÛä±9Ï»î¿.Ïšûµìõ¿;ïxEF¾>X6_!#ª{7?®þØ $)šˆë »~ ý}M*õøtOùÂó®{æÔ›ò¬¹_ž5÷ëø@ëU?W,a$ûûÆÁ5WÝŸ$ýyíI’¾øöµ«çDòø³Í;ôxÃ:IÒçë>pM³§»€÷ºbw®Ößúwºû­oê+û~¬oy^ež<íï;-S¦î*›«Çoúäeõù£E_Ôío~]¿é>¦Âg?¥›r'ªÁߢ`<¬"wŽ^Yñ?ä°Ú®Ó]?ÖܦƒýgôoGž×üWÿZõ9ÔÔÙP·,²èÍ{XË ëÓ]&À›¤ÿù÷ÿ÷²ÛÉ®ÄìÜj­,ž©ò‹lØQ“U¢åE3Œ‡ÕîÕé`§ä×éÁ‰·é?ç^Në…¿‹ õ=CsÞµ¦ŸÇæÔUK5(lÄ´·ï”*2òõ¡òùú¯…jzNeJ_YTâÎÕŠ¢ZQ4Cv×EŸ«Ü“§•Å34;·ú‚ç-²È"%û›˜UŸ‰„ ÃP<Wcc£Âá° •H$FUWW§E‹¥»dŒápX‡à`S‹óÜòfxR¦0 («°°P………ŠF£òûýª®®ÖòåËeµ2aཎ5Æ¡×_]2 C¿=zB_ÜÝ~EýX,¦îÍ1u‹Ï©L—SÒÐHÆá1 *«¨¨HÅÅÅ2 CÝÝÝ*//×Ê•+år¹®åc` ™ª 0ŽÄb1™¦)Ó4õÛs=WÜiZôlŸEÏöÅuwNTKrlò8ì²X,’$Ç#Ã0ÔÑÑ¡ÖÖV•””¨¤¤DÑhT?ùÉOTXX¨åË—+''çZ=Æ‚C€qdxS”ÞÞ^m \›iÃëû­ZßoêNoHK²­rÛ¬ÉÑívË0 µµµ©¥¥E¥¥¥*//—$­[·N>ŸO‹/VIIÉ5©cS•Ɖ'N¨££CGM--ºÓ©ërŸÛ³ -ÍJÈ9”ž7…9‰È0 •••©¢¢B‹E===òx<š7ožjjj®KM¸qXã`œÙ°aCr}Ã-‡Žé¯öu\×û­ÊŒki†!»iHÒy›¨D£Q†¡ŠŠ UVVÊb±¨¿¿_6›M3fÌÐÌ™3¯km¸~Xã`œ‰Åb’†¼mW±¾áhmÚµ!h×­1-sÇeÇ“S˜m6›,‹ZZZÔÔÔ¤ÊÊJUVVÊf³©¡¡A{÷îÕäÉ“µpáÂë^'®‚C€q¦»»[›ƒ6Iñr¿·zkС[ÜvÝêŽHñh2@´X,²Ùl:}ú´U]]­êêjedd¨¥¥E‡RMMn½õVY­×fMFÜLU åp8tòL³xëú¬o8óÝ1­p†” Èb±œ7…Ù0 †¡‰'ªººZN§S†a¨»»[eeeZµj•œNgÚjÀ¥±Æ!À8²aÃ*‘Hèõ} úÊ®t—¤9Ψ–;‚J$)%@L$ª­­Uuuµ\.—LÓT{{»JJJ´|ùregg§ù p!¬q0Ž ¯oǵé\_š«²;êÔî¨S3™ZiÈð÷¦´9zô¨Ž9¢ºº:Mœ8Q%%%’¤µk×ÊçóiÉ’%***ºÑ¥`q0Æ™¦©×^{M%%%jmmÕÿ±ù¤üáXºËJ1ÍÑJÛ€b}C£!ß=Q’êêêT[[«ŒŒ ICë5Z­VÝ{ï½òz½i«¿ÇˆC€qbÿþý*(($õ‡#c24”¤Ã†K‡ —&ggë6KŸb]í’†‚OI2 C jhhД)STWW§üü|mß¾=$`ì 8ã:;;URR¢D"¡#ccšòÅ‹;uLEš”—£•fb­ç7 CÔ¡C‡TQQ¡)S¦Èf³¥©ZŒ„à`Œžæ‡µ±#˜æjF¯Ñp©Q¥ª.Ì×J³SƒmgÏ;LJU__Ÿ¦ p1Öt€‘ÅãqÙl6™¦©žÞ^íH¤»¤ËÖd:õ”ʵµô&Y¼¾äñx<.Ç£yó楱:Œ„à` Û³gOr×ážÁˆ"q#Í]¹Ó©3‰ßOx1 C .d“>€1Šà` óûý²Û‡Â¶m=i®æê•Å’†6L©¬¬Lnú€±‡à` K$†¦&½ÑJs5WÇìS"à—iš2 C™™™ºùæ›Ó]F@p0FE"9™¦©~¿_ûüñt—tUfÆz’£'#‘ˆnºé&åæ榹*Œ„à`ŒÚ³gOr*o{ $#a¦¹¢«Seþþ÷ª*•””¤±\ Á!À e³Ù$IoŸíJs5WÇ Ê ôKš~íõzU__Ÿæªp1‡c”i0ìëëÓ}ãw7eIš:Ø.çï¦]‡B!M›6M¥¥¥é. Ap0 ÊívK’ü€Žú#i®èêL±‡“Ahyy¹ÊÊÊÒ\.…à` Ú³gòóó%I-ýÁ4Wsu,Ñ°äï“44M9//Oµµµi® —Bp0E"Y­V™¦©mÍé.çªÔøÏÉåtH’€jjjTSS“æªp)‡ciš2MSÝÝÝÚäOw5Wg†3šü½¬¬Låååi¬£Ep0Æôõõ)##C’4 ©98Ž×74 Yý½’†ÂТ¢"UVV¦¹(ŒÁ!ÀsèСäú†§zÇ÷pÊžÓò¸œ’$¿ß¯òòr͘1#ÍU`4Ƙh4*‹Å"Ã0ôÖ™®t—sUf»â’†F–––ª¢¢"Í`´Ƙáõ »ººõVÀ’îr®œ™+Ø+Ó4%IEEE*--MsQ-‚C€1Äï÷'×7”LåÇïˆÃÂÎÓrÛí’†Öm,))ÑܹsÓ\F‹à` 1 CËÐ(â¢"ýôwè_gäËHse—ïfwLVëÐ×ÍââbUTT$ÿÀØÇ77€1Ä4Muwwk``((t:ºmÎL­{`¹þ¯jì‘Pš+=ïàï7v)--UQQQ«À岧»€?tgÏžÕ¯~õ+…BC¡`<WCCƒÜn·æÍ›§ŒŒ y³²ô‘Ås´tr·Öî>¬gÚâ’Ý‘æÊG–ÛÕ,—Í"Ó4Õ×ק9sæhþüùé. —à Mâñ¸Ö¬Y£åææ*33S¦i*‘H$nݺUN§S‹/–ÅbQϧϮX¨œkÕS»éõ°[ÒØÛ@eŽ#,›aS"‘P~~¾***ät:Ó].S•Ò`Ó¦MúÁ~ ›Í&ŸÏ7b»¼¼‡Y­Vù|>uww«¹¹Y“&M’Ïç“ÅbQyAžõfêTg~tf@Íöë V[#ÉßKKK•ŸŸÝî€ëË"É …Br»Ýé®`Ü:qâ„6mÚ¤’’¹Ýn%‰äHÃD"¡ööv566jÆ Ú±c‡$©¸¸XÓ¦MSOOŽ?®É“'Ëår©¼¼\ååå2MS'NœPGG‡î¿ÿ~% y<¹\®d¿ï¼Ç; È4MM™2EN§3Ù688¨£}úQ[\~gæ5}ö@Ÿî5Êår©§§GË–-Ó=÷Ü£êêêkz\_ápX‡‡W# iݺuÊÈÈФI“’Ý°;vL{öìQoo¯¦Nª²²2íÙ³GøÀd·}«®®ÖË/¿,›Í¦ÌÌLåççËápÈëõj``@¿üå/URR¢%K–hppPÉk/$33S‰DBPVV–&Nœ(‹Å"·Ë¥¥úo@{:üúÅ€K±k´Ê´p§< ÃPFF†|>¡!À8ƈC€+ôꫯª««Kååå²X,ç ‡Ã:zô¨Nœ8¡§Ÿ~Z999ºãŽ;”™94ʯ­­M'OžÔ”)S”H$ÔÛÛ«ÂÂB jÓ¦M²Ùlr»ÝZ¸p¡JJJ$ m¦²nÝ:}ä#Ñĉeš¦¼^or§æw<þ=‹)(??_eeeÉs†a¨§ß¯-í½fæ*a±^ìq/é£ý‡•k3e†òòòtë­·ê®»îºê÷ €kxÄ!Á!Àe:~ü¸¶nݪ &ÈårÒ†¡ÆÆF8qB?þñÕÞÞ.I²X,Z¼x±JJJÔÛÛ+»Ý®É“'K’NŸ>-ŸÏ§œœIRoo¯žþyÕÔÔhîܹòx<êëëSVV–âñ¸vïÞ­{î¹G^¯7 Jqúòp˜‰DTVV¦ÜÜÜäñx<®ŽÞ>½ÖÕ.GÁ½k(¨Gäq»Õ×ק¥K—ê}ï{Ÿ¦M›v Þ8n$‚C€Ë õÜsÏÉçóÉçó¥s---:räˆ^|ñEåæ檶¶VƒƒƒÚ¼y³¦OŸ®ºº:ICáÞ‰'TUU•\°±±Q………ŠD"r:ª®®V<×Þ½{õöÛo+++K·ß~{r‡âH$¢õë×+‹éÑG•Õj•išÉ)Ê#>L$ ƒ’¤òòreddÈ0 % E£Qëók}¯Ôä¾¼MM¦v×ÒŒ¸‰„µråJ=ôÐC×öÀ Á‡—áW¿ú•€jkkešfrgcÓ4ÕÛÛ«ýû÷kÏž=:}ú´Î;§3fÈãñÈãñhÉ’%úío+—Ë•\³Ðãñ( ©±±Qv»]óçÏ—4ô%­µµU‰DB‡C555’¤®®.½ôÒKš={¶¼^¯BÓîi½ IDAT¡>üáËn·k×®]:qâ„>õ©O) ­eø» _hfÇ£D"¡cÇŽÉãñ¨¢¢BN§S6›Må¾}Ú5¨æ@‡žp¨ÏãÕû™êŒ'g7e€÷F\DCCƒvïÞ­šš9Ž”‘|Û¶mÓþýûÇUP04Í7èå—_Veeer³“iÓ¦Éb±¨µµUš1c†¬Ö¡5:¤‚‚eeeÉï÷k``@ÙÙÙêèèÐĉ“Ó[ZZôÒK/)kéÒ¥š:uª\.—uðàAE"y½^}àP$‘Õj=¯æ DŒF£êíí•×ëUee¥¤ßOwö ¨1ÓK†OaWƈïÈ ëþef M§¾å–[tË-·hîܹ×ùÓÀõÀˆC€‹Ð /¼ ââbÕ××'ƒ¶aÃ#ùæÍ›'«Õªõë×+‘HÈétª½½]eeeÊÏÏWKK‹¬V«Âá°Ün·<Âá°Nœ8!»Ý®@  ‰'*33S===êééQ}}½,‹JJJtìØ1% Y­V…B!Ý~ûíJ$Ú¾}»Ž?.ŸÏ§‚‚-X°@’ÇõÌ3ÏhæÌ™š5k–€\.W2¤|wýv»]TCCƒ¼^¯ÊÊʆ¦=gdhºËPY·;õ–§L†Õ‘ò®*ûZäõM‘¶Ùlòx<š3gÎõúhpƒ0âà]^|ñE†¡êêê‹®øîGvìØ¡Ÿýìg²Z­Zµj•,‹$éÈ‘#Ú»w¯222TWW—Ü0dx éS§&7=ijj’$eee)(##C>ŸOýýý²Ùl*,,”$Åb1­[·N]]]***Ò¢E‹”ŸŸ¯P(¤¶¶6y½^uvvjöìÙ*,,T(RFÆШÁw?Çðï¦iª¯¯O‡CYYYÉu‡7PéêókWĦ}ÞJ™ïØùnÿQ•8†úÍÌÌÔ’%Ktï½÷ÞÀO ×›£¼Ë¡C‡tàÀÕÕÕÉét^r“‘wŸ7MS~¿_[·nÕ–-[TYY©H$"»Ý.ŸÏ§¾¾>íÝ»WÓ¦MSnn®‚Á ü~¿rrrä÷û588¨Ù³gËb±$CÅúúzeddÈ4M>}Z‰D"¹ÃrUU•œN§Nž<©7Êív«¤¤D«V­’Íf“$:uJ[¶lÑç?ÿùäÈÇŒŒŒƒÃá¿»»»•‘‘¡‚‚‚仞ÚÜáhs,S; R"®?é= oF†ü~¿,X yóæiñâÅiþ4p¥ÞaïÞ½êîîViié¨B‘Ž ÿìííÕÆõúë¯kÉ’%ÊÊÊ’iš:s挶lÙ"—Ë¥ŠŠ -X° 9øèÑ£òx<ÊÏÏW8V[[›²³³ÇÕÞޮɓ'+//O±XLçÎSii©œN§"‘ˆvíÚ¥ŽŽuww«ººZÓ¦MS<W4Uqq±tàÀ}âŸP(JN©~Ó4‹Åä÷ûUPP ÌÌLY­ÖäÌ¡PH­Á°öõ êöò\™¦©þþ~­X±B>ø ìvVįÞá{ßûžV¬X1ªðbá»Û´··kÆ jhhaòx<š1c†,‹š››ÕÞÞ®ÊÊJ Êëõª  @:~ü¸æÏŸŸ Ož<)‡Ã¡ÒÒRIC¥ÙívuwwkáÂ…²ÛíŠD"Ú¸q£Ž?®ââbÝyçÊÌÌ”$µµµé¥—^RMMxàõ÷÷+‹Éét^ôy#‘ˆ,‹¼^¯‡,Ëy¢ÝnOŽ„\´h‘î»ï¾´}Ž¸z‡ïðøãk„ ºé¦›R¦íŽ&D¼Tûææf½òÊ+Ú¹s§/^¬‚‚‚dwðàA;wN+W®Tvv¶LÓTKK‹ÚÛÛ5a„dpWRR¢p8¬††M:U999’¤îîn…Ãa*êÔ©STKK‹¢Ñ¨êëë%I™™™š4i’‰„:$»Ý®¥K—ª¯¯O’d³Ù.ú¼Á`P.—K999²X,2M3 úý~ÕÔÔè¾ûîÓôéÓÓö9àê¼Ã·¿ým½öÚkšedd¨³³Såå媪ª’$={V’T^^.ihgㆆM˜0Añx\mmmòù| ƒÚºu«rss“£-Z”Ü0å7ÞÐ]wÝ%·Û­ÞÞ^¹\®‹Ž¤ŒÇã …B*((Pmm­>üákÒ¤Iiøäp­¼ƒišZ½zµÖ®]«h4š<¾jÕ*-X°@.—ëŠF^ìX4UCCƒ^~ùe•””¨¬¬L6›M¦iª©©I‡–ÅbÑÒ¥K“£ €“;?wwwëìÙ³ÊÏÏ—ÍfSoo¯*++år¹tîÜ9)++K’Ô×קçž{N@@UUUZ°`rss …´oß>8p@999ú¾ P(¤¾¾>¹Ý @@_ýêW5wîÜ´|n¸ö. ½½]O>ù¤¶nÝš<æv»uûí·kÆŒ²Z­#†Wºs8ÖþýûõÆo¨¶¶Vyyy’†F>îÛ·Oýýýºùæ›åt:ÕÕÕ%·Û-§Ó©'N¨²²R’¤P(¤cÇŽ©¾¾^‡Cñx\û÷ïWaa¡¤¡Ñ‰uuur¹\:zô¨vïÞ­œœ…ÃaùýþóÞCee¥V­Z¥p8¬ìììëïïï×Ã?¬»îºë}B¸Þ.¢¡¡A?üáuüøqIC# õ¾÷½O555—œ¦|¹!¢iš Ú½{·Þ~ûmM:U’¤ÁÁAíرC­­­Z¹r¥ª««“5íرC“&M’ÇãQ__ŸB¡rrrÔß߯¾¾>Ý|óÍr8 …BjmmUUU•l6› ÃЖ-[tàÀ”g/--Õ²eË”••uÞŽË <»»»µfÍù|¾öÙàú"8¸Ó4µqãF=ýôÓêêê’$ÅãqM™2EË–-Sqqñ¨ÃËÝ\¥¿¿_;wîTSS“jkkåt:%IGÕÎ;5{ölª¿¿_'NTFF†ÚÚÚÔÛÛ«éÓ§Ëb±H’öï߯ÒÒRù|>E"?~\™™™r8:yò¤Ž?®X,–|^§Ó©;ï¼Syyyòx<#Ö‹Å 5sæL}ë[ߺñ®‚C€QŠF£zöÙgµvíZ…ÃaIR,Ó‚ 4oÞ<åää\q`x±ŸÚ¹s§úûû•““£ÖÖVMž}Z»víRyy¹n¹åù|>Y­Öë‡Ãêéé‘a²Z­ÊËËÓC=DhðDpp…Nž<©'žxBû÷ïOóxô¡)???¹sò…êˆF£òûýêïï—Ãáišºûî»õÉO~29zï-‡WiÇŽzòÉ'uîÜ9ICk"iñâÅš0aˆ;-_l}ÃK…ˆ‰DB§NÒ–-[T^^®ââbÅãq566ª»»[¦iª»»[«V­JN;öûýZ·n‚Á ,‹î¸ãM˜0A999#Þ3+ &ÃÆx<®©S§êÑGÕ¤I“ÒùÚp\ñx\/½ô’V¯^­@ <6yòdÍ™3G×dºò» *ܼy³úúútÛm·ÉëõJ’NŸ>­Ã‡köìÙr:jnnÖ®]»4eÊÍ›7Oùùù²X,#Þ; ª««K±XL¦iÊëõêÓŸþ´î¸ãŽäÆ+xï"8¸†´zõj½üòËŠÇã’†Ä9s樾¾>¹áHS‘¯ts•H$¢£Gª¡¡!¹qJss³¶oß®h4*›Í&¯×«~ðƒ*((ËåñÞ‘HD}}}êîî–Ýn—$­\¹RŸùÌg”›››Î× €ˆàà:8{ö¬ž|òIýæ7¿I³Ùlš7ožêêêFÜ@åRë^j´âàà ôÖ[o©µµU¦iÊf³éÃþ°***”=bÑhT@@çΓÍf“$M˜0A<òˆfÎœ™®W €4!8¸ŽöíÛ§'žxB§NJËÌÌÔœ9sTUU%«ÕzYÓ•G»FâÀÀ€:¤ÎÎNÝtÓM*((¤ ^g†‚Á š››“»D;N}ìcÓ½÷Þ›u€?,‡×™išzýõ×õÌ3Ϩ··7y¬¸¸X³fÍRIIÉ%wUmˆøaHºp`8<-¹££C6›M>ŸO'NœÐ‚ ô¹Ï}NÅÅÅé|mH3‚C€$kíÚµzöÙgF%I†ahòäɪ««S^^Þ4¼’s±XL}}}êììÔ¬Y³ …ÔÚÚªGyD‹-Jó›ÀX@ppƒuuuéG?ú‘6mÚ”œlš¦fÎœ©ªª*eff^õHÑŽ Oc>sæŒ&Nœ¨üü|9rD‹-ÒC=ÄwA$¤É±cÇôÄO¨¡¡!yÌívkúôé*//—ÃáõtåÑŒL ƒjoo—$Õ××ëôéÓ²Ùlzì±ÇTUU•®×€1Šà ͶlÙ¢§žz*êI’ÏçS]]JJJdµZ/kc”w·‰F£êééѹsç4sæL†¡¦¦&}êSŸÒûßÿ~Y,–4>=Æ*‚C€1 ‹iýúõúÅ/~¡ÁÁAICÓ—ËÊÊ’SŠ/^hc”ÞÞ^577«¬¬L¥¥¥:räˆ&Ož¬G}T^¯7ÍO €±Œà` éïï×O~ò½úê«J$’†ÄÚÚZ•––*;;{T£€ÚÚÚ‡5kÖ,µ¶¶j``@=ö˜¦Nšæ§Àx@p09sFO<ñ„vïÞ<æp84yòdegg+;;{ÄiÉ:s挦OŸ.»Ý®ãÇëî»ïÖ}÷Ý'«ÕšÆ§ÀxBp0†½ýöÛú¯ÿú/9s&y,//O²ÙlÊÈÈÃáßï×àà :;;Õ×קeË–éèÑ£***Ò—¿üeåçç§ñ)0Œq‰DB¯¼òŠ~úÓŸª¿¿?yÜ4MeddÈ0 E£ÑóŽèK_ú’æΛŽ’ð@p0NƒA­Y³FëׯW,»`‡Ã¡~ô£ºÿþûåt:op…x/!8gÚÛÛµvíZmÛ¶-9ÑétjÑ¢EúøÇ?®òòò4W€÷‚C€q*‘H¨©©IV«U%%%|À5Ep ÅpphMw!Æ‚C€qnÆ š:uª>ûÙϦ»¼‡Œs:zô¨š››Ó] ÞC¤ 8‚à@ ‚C)¤ 8žîF+¾c§¢¯üZž¿}L·û¢m2vï‘qø¨,E…²Ï¹I¶)“%ëÅÿošhï±o¿â‡dÍΖµv’KKö«ÿÚúοËV;IÎÝuéƉ„Œ†ÃŠíØ)E"²M›*Çòe’Í6ò5†¡Ø¯_—qü„d$d««•}ñBYrs®ºvãà!EÖþ·<_|D–ü¼‹7ŽÅß·_ñ·÷H‹ìso–}ÖLÉá¸èe‰ÎN»ö(~ø°l'Ê>oŽ¬*®ºvI ÿ Yrräú“?¾&ýü! 8ãFø{?Tìò|ùKÒHÁ¡i*òäÓ =þ-™‘Èy§l³f*ë©ïËZX˜zY$¢Á¿økE_úUÊ9Û¤‰Êø§¯Ë~Ëâ+®Ý8~Báï|W®ÝÉàÐ8pPV¢³óü:fLWæw¿#Û¤‰¼.¾s—öçç³äæÈó7Éõñ?¹âÚ%)üÔ3ŠþòY¹>õqÙ.&ZÎ*ð™ÏË8|äüÚ§OSÖß“µ¼ì‚×E׬Sð+_“b±óŽ»¿øˆ<ý…d±\q퉮.…ÿ–·­ 8¸ ‡`\ˆm٦ئ͗lúçÿGáï=!Y­r}ì~ÙçÍU¢½]Ñuÿ-cÿ ÜýÇòþ÷/d-)N^c†øøƒŠ¿½[–¬L9ïºCöùó”èêRtÍ:§øôgå}alS§\~ñ¦©Ð?ý˨šÆ·ÿFÏ|Nf (ÇŠ[åX¾LÆÉSŠ¾ø²Œƒ‡üÌçä}é9Y23’× C!Ê:¡b(˜t9[ÿ¢ŒÆSüÊ×dñfÉy÷/¿v ™±õ/]ú1{zåÿà½2{ze›:EÎÝ)%LEŸAÆ¡Ãòð#ÊyóÕ”‘ÿLƒ_ýÉj•óîʾ`žŒƒ‡}î…¿ûÿË ”ñõ¯]Qí’úæ¿J†qÅ×ü¡"8cVüí=Š½µYñ·¶*¾oß%ÃãÀA…ø”d±(ëÉïËqÛŠä9×gTàO?§ø¶íŠü×äùêß$ÏE׬ ½^eýôG²ß4+yÎýgªÀƒŸUlË6 þõßÉûºQÕnúýŠmبØæ­ŠoÙªD[û¥/J$üòßÈ åþÒ#ò<ö—ÉSž¿ú õ/])ãä)E~ºZî‡?“<ùÅ/%IÖü|ål}ó÷×üå—|ìo]³N¡¯ó²‚CãPƒbonª×€yæ§C¡áä:yÿ{M2Ütýé'5pÏ}2O)ò³ŸËýÈç~QÜPø}o¨Þ¿ù+¹ÿüáä)ûŠå þùùéÏåùÒ#²äçªvs0¤Ø›ß¼U±·¶(ÑrvÔÏ €ßcs0fþ‚Âßù®âoï–â—1Yûß’aÈù¡»Î %Éâñ(óñÿ[²Zùù/e†BÉsÑç_”¤¡Šï %é³wçñQÕ÷þÇßg¶ÌdYa ;²/"à‚ŠÚº‹k½u©Z­¶·›u©Z«µu«K]®U[Õªµ·Òk]ÄDEÄ…M‘U–IÙ—ÙÏùý1dH˜É0Á„$ðz>yÌÌ9ßïw>3ÑGÓ·ßE.—ú8©ÐP€üÏÿM’ä¹ý–V3"ÌLyn¿U’äî…V¿ËÀ[oËÜY*[ÿ~­BCIrö-9O˜)òí;¡O?Sãu?‘ÿ¥|Ì8Ý–û?•ö|VC£¼=’°}xÝI’ã¨#ãÞ· (û  ½Y¡%Kåœu‚$Éܾ]’d7&n?ûàÁ‘CIÂa™ÛJd?bä~k·«Ô;n‹¾,ø·BK–&ìãé’$×ù³ãÞ÷üü'òüü'­/š–¤=ûÿ9cÿ´3²ì`÷µW˪ªŠ¾núÍÝ Û?úXæîÝ2R=rN?*æ¾ãèé2<™eå -ûDŽÓ$I7çFJ?éĸã:Ož¥à)øú›±Ÿ½ ö!ƒ[}÷Á?RðÝÿ$Õ{€n+å¿.Š>7wïÞophUVJR—¬ÌÈxå{gºøÉ4#§'ÇZ±B ‡edgÉ>|XRµÛ‡ –}Èà½õ—–í78 ¯Z-Irî ÕZúÏþ£—_~9n¿ŠÌà‹7£ÐÿâK’$[ÿ~qg$¶Å5û¬½/,k¿Áaó¬Jû„ ’ËsßHI‘}üX…–.k5Ó,-“ÔvØÛ|=ÙY›’dë[¤”«¾··ü@àà€C†}È`…×­Wxíº¸÷-¿_áuë#ÏwíŽ^O¹â²¶5MùŸ{Q’äœu¢ä°w\Á­Š³dîŽÔdäå)ðê‘CEV®Öâ¦zÝ]½[ïj;<áöèjoP —\!çiß–‘âRà­y .Z,##C©÷ý®sên.×.I’-Á‰Ë¶^‘{-O‹Žöë¿_óu«±IV“WFª§CêÀþ€C†}Ê$iî<ùÿwŽR®»Z¶¼¼V÷}?*«)²ô¹exÕËçSãO¡àÛïÈHõ(å’ïtJÝ’dU×D÷þó?ýŒ|Ï<+I2R=Z½k—>®®ÐԷΛ~´\gÇr2ÀéÒ =®àâ\üÁÞ»2þñ‚ìcFwZí’dîŠ|Ÿûž˜Ü’‘-I²*ö„¶-ÃÒ6úY™’aH–%«¢BÆÀX5!8‡ ÷å—(ðÒ?Þ¸Iõ§Ï–ç?“}ìh™å»˜óŠo¼Ý«PNg±sçË{ß2·l•­O¡Òÿò'ÙGê´Ú›4Iò=ó¬\çœ)ÏÍ¿­o_yîÿ½ôË›u„Ë­«7mUZßr]pîÞ¾å»ÔxÍ …dë] û„ñ2ì6…V~!sÇ5Þü+¥ÿé ÙúuZýV]$µ:%†'²„ܬ®ŽôiòFÃR#--~»]†Ë%Ëï—Y]#Á!ÀACpN§Òþô„ÿûg ¯Y«Æ~ÙêvÊ÷.•Y^®àÛïÈÖ»wÜ!ÌÍ[ÔxÓ­ }ü‰$É1e²Òžz\¶‚üέݱ÷Ï2çñÇ)í±‡£¯”Èžö#FI;+ä}è‘hphUרþ´sdVTÈ}ÍUòÜtýÞ=CayB¾?<®ºÓÏQæ¼7d+Œÿ¹¿)#''RO]C›m¬úzI’mÏÌC#-5àƒ²êêãw dùý{úØA/80‡àb:D™o¼"ÿœW^µZfÉvÙG”ã˜rœêÏ¿X’dë]Ó×ÿìóòÞû€,ŸO¶Aå¹éz¹N?5²T¶“µ &S®¼rD¤œ•«¢д*¡¾^¡U«#mG kÑox¤ßGKãŽüpIL‡à^ý…êϹ@õg/«Å×fþÿ#Ir?»Õì5ßÓÏH’R.û®œ§œtpŠÃu~dßBÿ¿^{ß,)‘$Ùúõ•‘ÙïÏ>vŒ$)¸h±dšqûß{_’ä7¦CëmÉ1aœìÇIÁ Bïs?¸ð=)–}ìÙGŒ^O¹è‚½56‡ -û-ø·$ÉuáùT9ÚBpŽc–‘‘!«®NÞûj5Ã.ðÏWäîÉfSÊw¿½nîÞ­ÐGK’ŒŒŒÈéË ~ZΦó¿ôÕŸ}¾êÏ>?nèÕ^)/#%E9¯Èÿâßcî‡W¬’$¹üÃè5×Y§ÉHOWxõòÞó{)ÜÛ!’÷¡Gúp‰ärÉuÞìVãÕ_ø]ÕŸ}¾|Ï<ûk—Y.©éŽß¶:%Ú,-“÷7÷´jÓÌ1uŠìCË,-SÓoïiuÏÿÜ }ü‰Œô4¹Î>³Õ½ÀÜyÑïÞª¬êúÐ{€C†áv+õîߨñ'×ËÿâßxíM9¡ðÚõ‘åˇÒ}023nsÛöèsïØï{dÍ8JFjßHß²2…–¯ŒÜ°LIöoVN¶<¿»SM·üJM·þZþgŸ—}Cv° IDAT}ô(ù-Œ¼E0(ç‰Ç+å;DûØúöUêïîTãõ7É÷§ÿ§ÀoÉ>aœd)r8ÌÎÈžŽ©·Ý,ûˆá­Þ/¼b•,ŸOö ã¿QÝÍ\ßýŽ‚‹+¸h±ê¿u–œ'Ï’(¸p‘¬Ê*9O:Q){Nƒn)õ¡ûÕpé•ò?û¼Â«VËqäd…V}9ÙÚáPê÷ÊHm½¿¡U±;úÝ[€:ÿø€ÃÁ!è §SŽiS#/ìmÿ ã:çLÉ Ë{÷ïeVT(0w¾d·Ë>n¬<7]/çqÇ´îì7))ѧö~ýöö5/ä°  Ç´©² .N<üEçËV/ïoîVxÃÆÈO}äÄaÇä‰JÿËÓ1‡ ¸Î=[ö¡ƒÕtÇïú|¹Ì·ßÙ[ãè#”zç¯ä8êȘ÷rL"+½xPš$E?g¢JŒ”¥?ó¤o¼EÁù äé#×ÓR•rÑùJ½÷·q÷ŽtLš ô—žSÓõ7+ôù …>[.)²çcê¿’óäY1}l…½÷Öär%¬ÝַӦƧHÌdy½^¹Ýî®® ã„ oÙ"«b·ìcÇÈHOëêŠÚͪ©UxÍWz|þÛºþ®»ôƒü@O=õTâ>M ¯[/™aÙG —‘‘qªÝG(¬ðW_I6[äà{r³1­šZ…¿Z+ÛÁ²äwr‘ˆÇçóÉãñ0ã¢vÙ‡‘†éêJ˜‘%ÇŒi2–Å?q8nŸ´T9&MØÃÎæ°Gni#;KŽéGuBAh/Gƒà@ ‚C1Ä 8ƒà@ ‚C1Ä 8ƒà@ ‚C1Ä 8ƒà@ ‚C1Ä 8ƒà@ ‚C1Ä 8ƒà@ ‚C1Ä 8ƒà@ ‚C1 I–×ë•ÛíîêZ‡ßï—×ëUJJŠ<OW—€CœÏç“ÇãaÆ!@OðØcéý÷ß×Â… »º&º¹ûî»O .T0”aúòË/»º$º¹††™¦©5kÖ( * vuI8 ˆApÐ͆ÑÕ%à0Dp Á!€‡btsìq€®@p Á!€‡btsìq€®@p Á!€‡btsìq€®@pÐY–¥òòòV×6mÚÔEÕàpBpÐ-]ºTÆ “iš’"¡áÚµk»¸*]]Úf†^~ùe3Fõõõª¬¬ÔŠ+ºº,IÒ²eËôõ×_kРAš6mZW—€ÆŒC€nÌï÷«¢¢B•••Ú´i“ƯË/¿¼«ËÒ—_~©ýèGêÝ»·rrr´hÑ¢®. Œà  ƒ’$Ç£1cÆ(//¯‹+ŠøôÓOôî»ïªªªJ555]]:Á!@7bNUöûý]TMÛ8ùàÐCpÐmØ°!æZ(Š9ièh‡ÝØÒ¥K5räÈèk¯×+‡Ã¡|° «Àá€S•º±;w*''G ÍfÓ矮††Mœ8±«KÀ!Žà s:ª¨¨ÍfSmm­&Nœ¨Ù³gkÇŽ]]q,UèÆB¡ ÃPVV–†ª>}útuI8Ltc@ îu˲r%8ÜtcÁ`0îu‚Ct6‚C€n¬­àèl‡ÝÀüwÿ£×Þšs¥Êè*‡]裗éäó¯Ô/-ÕÝÿ\®“λBŸ~ö¹$É4Í6gš¦y0ËÀaÈÑÕŽ¾øòKÝü»ÇTã.RöÈS”+ɲL ú뺇þOýÏèÞ[¢P(ÔÕ¥à0EppmÙ²E¿øÍCÚef+{Ø,å’iZÑ¥Çv›¡Ü#Ué’Ûþ¨ ¯¡ÞqÂC–* ³eeeºáδ½É¥¬âc•o·ï ›—[Šd‘G§Ã®œÁ“4¾ÏÚñÙÛjZ³IÅÅÅÑñÐÙ:Quuµ~y׃ÚXRÆàiÊs8eY¦LÓ’”(ü‹ˆî—O?K õuúÛ;ïéزJ :ô`•€ÃÁ!@'hllÔ¯ï}D«¶U+}ðTå¸[-InÖr–a[A¢eI©iérO:MŸÕTèû7Ý£“§ŽÔìÙ³;ûc´©¢¢¢Õëêêê.ª…S•:P ÐoîDç]w»¶8†*Ì Jq§¶hÑÆ×:HŒ•ž•«”a'è­u|Þú|ùŠ¬>9¡PH^¯W6[äOÉŠŠ •••©¬¬ì ×€ÎCpÐÂá°ùãŸuÎ÷oÖÞBå;Yî´Œ3 Ï2ܷ;Abz~ÕçOÒ÷÷Wû½©¤¤¤c>H‡^ýuuÖYJKKS}}½–,Y"¯×{Ðj@ç3$Y^¯Wn·»«kèq,ËÒ³/þCÿ·`‰Ò‡L“;3O–eÉ4Í=VtOCËŠí@Ú4/{¶,SáPPÖîšTœ¥îü¥²³³;ýs1BÙÙÙêÛ·¯2335cÆ tÒIº‚C€6lß¾]Wýì6Ýÿ»ʙx¶Òû•ŒØ?Ÿö¿¸£—+'nhíí I2Ó ´Ý9Xßýåcš}ÙuÚ¾}û~êMlÎœ9š5k–œN§êëëµvíZ9­^½ú €î…ÃQö±{÷nÝñÀåwõRúØÓdŽÈþ}->‰§õråøí:b)rËq¶ÙÛP2l fô×ꆠ¾}å-š6ª¯ºëeee%¨%¾ôôt}üñÇ1b„ü~4<<õÔSÛ=º/‚CIÚ°aƒÞœÿo­Y·Q…¿-—;Kfœ†Rûö4ŒÈRädÚÄŸÓ¨½3íy3ŠõﯛtÜy×èÌã§è×7µïæ@  ºº:ÕÔÔhøðá6l˜† ¦­[·&=º?‚CpX3MS¯½öšü~¿ÒÒÒtÄ°b÷+”×W©FïN5zý ™RX†‚¦M~9åuö’™’#ÙœÑq’Ýë¼åÊ1÷nÕ¤ÕólÓÜEÿ¥k.>K?¸òR†Ñö¸{ƒÁ¸×“é €žƒà¶/^¬-[¶¨¨¨H™™™²,K)))JKK“eY2M3æ1 ª²ªJ¥›åK~Ó.¿=MMž"É቎̞†më¸}Û ›¹ÒµË9T÷¼´XùÇëúÍ ×éÔSf%¨­íà‡‚CpØY·n–.]ªÂÂB 0  ¶ÔÖ B‡Ã¡ü¼<ååæFÅÚÚZmÛ¹Zu~S>#UM©}%WÖžþRr§+w@¸gÐý.WŽ3HØÝK%V¶~p÷_4øñgôØ=·iÜØ1qß'Ľ¾ïw€žà6***ôÔSOi„ }úhÖ¬YÚ¶m›Þzë­VKq;bßÃx÷öë£éc©ŸR+–Kaÿì{¿a{ö4L¦MÌÂêôÞ 8ZËv„õ—9sµ­¤¤íqÐc’,¯×+·Û½ßÆ=Ñ[o½¥/¾øBGësá,ËRII‰ 4vìX™¦©ÆÆF-_¾\iiiš:ujôäå¶ÝK¦eYòûýZ½~‹jŒlù²†É´$Ë2ešV‹G+ε{ƲÌ=Ï÷}Lt¯Å£eYûmÓj<3¬”ÚMÝ7KW]|¶®¼òʘï=‹Ïç“ÇãaÆ!8ôy<ž¸'†¡H’Þ}÷]•––ÊãñhÚ´iêÝ»·^}õUmݺ5áØ2Ûpß{N§SF Ñä¾)Ê,_"gÃŽx-÷¿\9Ñ’äY®œÌŒDòeÑ'Õºáþgô_ßÿ‘¼z ‚CpÈóx< …BmÞw»Ý8p ¶nݪ?üP>ŸOyyy:ñÄUUU¥×_]ßxßÃý…Œééiš6n¸†º+å)ýX2cÃÎH)Ù 1ѽŽØ÷0ÚÆæT}æpÍù´BÃŽú–®¿õ΄ß9º?‚CpÈkkÆ¡×ëUuuuôu~~¾úôé£eË–iÍš5’¤¡C‡júôéZ¶l™Þ{ï½èòb©ã÷=lÖ¿¨PGŽ(RFÙG2¼5JjßÃ6f ¶{á7 ©*sëÑW?ÓÉÇëÑ'þÔöxèÖÀ!/555îì7˲”-)²‹Y¾ûì3eggkæÌ™òù|zíµ×TSS÷ý‰É„Œ-ï9DÃ3¼r—"™á}[µ½\¹£fªAbAO¾6˜ýõÝ[ŸÐ]ýßíê €®EpyÙÙÙª¯¯OÖ9N†¡ªªªVí Ô·o_­\¹R7n”eY0`€f̘¡Õ«WkÁ‚ ‡÷ ô’—̾‰} 4uXo¥•.‘¨?Nd°[®üMg-F¥å)ËîWznR ’é€n‚àò²²²t÷ÝwÇìiØ’Ãá™h†vìØ¥h³Ù4hÐ 9N}ú駪¬¬”ÃáÐرc5bÄÍ›7O«V­’Ô1³ ãµs»Ýš>~¸òëVËQW¢[®Üû¶âpË‘–§<ï…‹¦¨ÒÊ‘‹¿<zþ|‡…ÜÜ\Ý~ûí:ùä“UVVÖ承iii’¤ÂÂBIRUUUtFazzº†ª¢¢"mß¾]@@éééš>}ºl6›^{í5UTTHêØåÊÍ6›MŽªbW¥ÜÕk›[µ=°£ONN&H4 )«¿z…Ë•“îTmŸcÞ½Iv_¥ÒÓR¼º‚CpX™9s¦î¹ç¥¦¦j×®]m¶³Ûí²ÙlJMM•ÏçSccc4ÀëÝ»·N9å¹\.íܹS’Ô§O͘1C6lмyóä÷û“®ißýµ“¤Aý‹44Ë”§êËxÚ“ ¿É¾‡©½”žâT~°DMÅß–/lÈ]·I6#z¦{\‰? º‚CpØq:úñ¬+¯¼RUUUjjjj³­ÛíVZZš*++ %)º„yÔ¨Qš>}ºª««USS#›Í¦#Fh̘1Z´h‘>ùä“è8±\¹¥¢Â| ëe“»be[uøRä6[Ù]²e÷Wžo³\…Ãåϧôº r„½²ÙlÑŸt7Á!@OBp[#FŒÐÝwß­#FhçΠú¾}ûÊåŠ_Í3MÓ”ÇãÑ´iÓT\\¬íÛ·+ ÉívkòäÉJOO×믿®’’’˜ñ:"H,,ÈÕ…yÊ?,Xn#ÜëÐ¥Èû‰Vf?e«Nyözy‡ž¡”P½Rý»Z†Í?iž„ŸÝ Á!8ì]xá…úõ¯­@  ªªª¸mìv{ôyshØò1??_Ǽ$©¬¬L’”——§iÓ¦içΚ;w®ÖÑžåÊÍy¹9Ó/Cž²O=¥£ONŽ·OcJ¦\i9Êm\¯Pñ ²ç Tž›†74´)¬Þy½öûùÐ}(ròò­·ÞªSO=UåååÑeÉñ´œqØò¹$9R“&MÒîÝ»UWW'I*..Ö¸qã´dÉ}øá‡ÑÃVÚ “ØÜ&';Kãö’§t™dEê8Єm6kncØΨì¦-JËÈ”1üÛ*4*•j5Ä„…ÍûDÚl6Ù,SE½óöûyÐ}´pÌ1Çèž{îQvv¶ÊËËã¶1M3&4lùÜívkêÔ©*,,ÔÎ;‡år¹4nÜ8åååé­·ÞÒÆ[™($L&HÌÊÌЄ!‘ð0Þ‘¾Ñ¾‡áô>r˯\ßùG«Ü^ÙÊ7Ëe·ñg¶  K} z‚C€}8]{íµºöÚkU]]­úúúV÷[†„‰Ä‚‚M›6M¡PHååå²,KYYYš:uªjjj4wî\ÕÖÖÆŒÝò1ž¶Úd¤§k\q¾RÊ—·o)ò~Ú˜ŽT…R{+³j•Œ¢IJz´†ºvËm„âÏ.ŒóãIq*7—¥Ê=‰!Éòz½r»Ý]] @·ô¯ýK|ðúôé#Ã0T\\¬ôôôhp‡£Ï[¾ny½®®NkÖ¬QJJŠRSSeY–€Ö¯_/Ã04}útÙíö˜½÷}Lt¯ùq{i¹ÖWÛåÍ&Ë4eZ–¬æ6{ž'|Œ>—|éý•Yñ‰ŒœbÙúMQG¥ 3˜ð³¶| ›QàÒý?¹PGNÓÕ¿J$ÁçóÉãñ$£¾¾^O<ñ„êëë5iÒ¤hp˜LhØòZYY™6mÚ¤Þ½{KŠ,{®¯¯×úõë5`À5*©pp÷ÖmÚª’p¾üiEm†„‰‚Ä@J®lÞJ¹Uò>Eƒ³ ¥M CÂ}?»ÛÒe³Æè¦\,Ã0ºø7€d€eË–iñâÅ>|xt†`{Â4Ó4 µqãFÕÕÕ)777ö•––jûöíš:uªrssÛ5Ë0Þµk6¨Ü=D!wîþgîé2\ò¦ä)³ôC…ûOW¯¾C5ÀÝ Ë ïwvaóóP(¤±…Nýá¦ïi@¿¢®þ• P8ÖóÏ?¯`0¨Þ½{'=ãpß×uuuÚ°aƒ<<OôÞ¦M› 5}út¹\®vÏ6lyí“Uë´;{¼L‡'ÎRäÖË“›ÜErïZ!»'SæГ4¦W@)Š]–Üæç4M¥Yºîì£tÙy§uõ¯ ˆàà*))ÑË/¿¬Þ½{Ëív·+4ly½y¦aAA¤Èòe¯×«7*//OãÇ?àeË>ŸOŸ­Ý¦šü©q—&[–%¿#Sþ`HiÕ_)8ä[Ú/OEž@Ò˯MÓT8àÕ‘ÓôàW*##½‹3ø&:È›o¾©uëÖ©OŸ>­N[n®Y–•0€ Ú²e‹|>Ÿrrr¢÷+++URR¢qãƵ¿=⮊ÝújWH9£Z‡aË®:w¥•,’U0ZYCÒØÜF³ [,KÎVnüîIšuìQ]ý«@ 8è@úË_þ"›Í¦ŒŒŒ¸a[2Ë}ëëëµyóf¥¥¥)%%%þmÛ¶MMMMš:ujôTæöˆ_mجí¶~ ¸óeZ–S eí^§Ó§Ðð34e@ªrÝÉׇezk5sd/ÝñãËäp8ºúW€BpÐ >ýôS-X°@¹¹¹2 #éý÷½VQQ¡òòråååIŠ,_öù|Ú²e‹2335a„èøÉî{øñŠµ*/8Fµ¶¥—~¨Ð 5xØHÎ7$+ù^BŸòlµúõÕ³5zäÐ.þÆÐÑ:‰išzþùçUVV¦ìììv‡†ÍσÁ JJJ¢ãX–¥ºº:mÛ¶M#FŒÐ€’Þï°©©Ió—­“+÷È“uÌ`ÒJú´dÓ4e5”ëŒ)uÝ%³»úk@'!8èd;wîÔsÏ='—Ë%—Ë•th¸ïžˆ*))‰Y¾\VV¦ºº:M™2Eééé ĺº:ƒA}QãÑÀ“®ÖÐ\G»–%‡|õ*r6è·?¾Xùy¹]ýÕ $o¿ý¶–.]ªÌÌÌý’’hOÄÊÊJUTT¨   fV¢ÇãÑĉe³ÙZ…†ÍËž‹ŠŠ4hÐ }RâWŸ‰§$? 2–­~‡¾sühý­™]ýUà 88ˆ¼^¯ž|òIÕÖÖÊãñ´+4ly=¨´´T¦iFƒH˲ÔÐР;v¨¸¸Xƒ–išjhhPSS“¦L™"»Ý.Iút{@E“¾•\pØX¥Aé~ÝþËù[à0BpÐV¬X¡9sæÈápÈf³ÅY˜L¨çõzU^^®´´4¹\®h›ªª*UVVjĈ8p Øêý?ÝR¿Éû C9ê¶éª3¦é¨Ic»è›@Wi]]Àád„ ?~¼ž{î9}ùå—JMMmó0“Dž¸\.©ººZeeeÊÏÏ—$9N¥¥¥)+++&4Œ0d³Ù$I–eµz”$Õ—kt®ô³Ÿ~_†atö×€nŒàà 3 CW\q…ÊÊÊôÄOÈçóÉáp$¶üÉÌÌ”ÇãQEE…uä‘GÊétÊçóÅs[lp(IFÈ'OýVý÷Å'iPÿ¾ãk@7gëêW………úío«“N:I^¯7zšr2¡aËë†a(//OEEE>|¸LÓŒ†ƒû2 ›l¶Ö?öúíšÑ'¤o¸œÐQÌ8èb§žzªN<ñD=üðÃÚ²e‹RRR¢{Æ ÛºÞ̲¬6ƒCËRôžá«•»±D?ÿÞÊÈH?(Ÿ=Á!@7’’¢[n¹E«V­ÒŸÿügƒÁèá)û†mÍJl¹ga[Á¡ C6Ã’Q½Q³ÆõÓÌiß9ˆŸ= K•º‘qãÆéñÇ×Ô©Såõz.SÞwÉr³DK•½U;•ß´A¿¾ò4Íœ6é`},ô@‡ÝÐ÷¿ÿ}=øàƒÊÊÊ’ßïO8ë°ù±Y¢àpl‘Gÿ}ÉYr8Xx€Äº©üü|=ôÐCºôÒK …ZžoŸÃf–eÉ0ŒVcù|>íÚµK—_~ùÁþ衺¹SO=Uýë_5räÈèò嶖)K‘àÐn·G_WTT(//O÷ÝwŸ†z°Ë@Å€ÀétêÎ;ïÔªU«ôÀ¨ªªJv»=&4”"K• ÃP0TUU•.¿ür=º ª@OÆŒC€dܸqzá…tÆgD÷>Ü—iš´IYU IDATª¯¯Wjjªî½÷^BC‚C€èºë®Ó‹/¾¨~ýúÉï÷G¯‡Ãa†¡óÎ;O?ùÉOZ-YÚÃdy½^¹Ýî®®àÍ7ßÔSO=¥††yæ™úñ,—ËÕÕe ‡òù|òx<‡‡‚P(¤·ÞzKgŸ}vW—€Žà ùàƒ …4cÆ f Sô ÙÙÙª­­Uii© »ºšƒCGƒà@ ‚C1Ä8hÁaSدƯ]}BV¸Ck[¦,Y:fÐ «&ÐØ¡cÖ›0CI··duøw€Ã›ã`½Ñع?ÕàôB-8á΄íêƒ^ýjÕß´p×ZS[¢âôÞ::o¤îÿ]õõäÐ{?ûõ¿õ–÷ôIå9m•;L?vªÎì{ä×Ò/W>¯‡×¾®ú þ®tÇ7?™zEõfMœw½ž<òZ];ô[m¶ó†ºoÍÿéÍŸjmÝ­§ê„‚1ºcìwTèÎþƵàðuP‚Ã…å«õuC¹§&l·¹¡\g,¾[kjK$Iù)™ÚX_ªõ¥š_º\¯Ï¼MGöšôûš–¥}ú´žÚ8_’”áôÈök^érÍ/]¡ßŽû/Ý6úüþ\!ŸþwëÜ?žg6-Øo›ª@ƒŽœƒ¾n(—$¥;ÜJ·{´®n‡ÖÕíЋ[ÞÓ'ß«ñÙƒ:´6>:u©r™¯F/nyO—~ôhRí¯_þ¬ÖÔ–hlö@­;ã í:÷¯ÚvöŸuRáx•ùjtÅÒÇÛõþÿÚ¾TOmœ/‡aלcnTå¹/¨ò¼ôð¤+dÉÒ¯VýMË«¿n÷çò†z§l…Îûà÷Úé­jwÿxV×lÕ]_¼¬?n˜·ß¶¿Zõ7}ÝP®ü”LýçÄ»T}þ‹*Ÿýœ^=öM̬†O—~ôH‡/ËÀá£Sf®«Û¡ >|@«k¶&Ýgc}©^ß±Ln»S¯{‹ŠÓ{K’ú§æiÎÑ7jìÛ?Õ—µÛ´ l¥N.ŸÔ˜¯}]’tÏøKt~ÿ’$§ìúùˆ³´¾n§žÚ8_Xû†žŸþÓ¤ë<çý{5oçrùÍ`Ò}yfÓýjÕK*÷Õ$Õ>d…£³_>æF_0&rÃÎî7U›]g¼÷;­®Ùªõe–ѧCêÀá¥SfVµ­±BYÎTe9Så±»öÛç6Ì•iY:¡`l44l–íJ‹®{#©>«Ú¤%»×ÊfúÞàcî_=ôIÒ?¶} ]¾Ú¤Æ”"3Ýv§²œ©Êt¦&ݯ-_7”ËD¿+‡aOØ~S}™‚fXN›]3òFÆÜÿvŸ‰ÊOÉ”$}Y»í×€ÃS§Ì8œ–7\5çÿ-úúÖÏÕ?ûsÂ>+ª7K’Nï;%îýÓ‹&ë‘uohùžvûÓ<Þ‘½†Eƒ´–&å VOŽJ½Õú²v› Üc“wÓ™OEŸïðVªß«ßOª_[î‰îIôõ ÿ¾]‹v}Ñf{»aÓÍGœ«\W†\¶Ø_ŸiYj ù%I#2û~£Úpø:h§*ïO©·Z’Ú\Z;,£H’´ËW+K– ‰Çó%O’†¤ªÔ[mÛ Íè£ûÆ_ÚæýûÖüŸšÂ~õOÍÓ¨Ì~±2:Gcȧãÿ}»®|¢~8ìÔ„m}á ^زHKv¯Õæ†rMÊ¢“ûŒ×©}&ðûÿ§|µæ•~®O*7ª_j®¦çÐeÅ'(Ýá>à1›ýèÓ?©ÜW£sÓ7K’æîüL·®|Qÿ8ú†vM(ºâãÇ6Ívmç†C_÷ ÷„w½\éqï7_Yaíö×ÇEØj•þzýîË9ZP¶’ƒU‘P§œªÜ^)¶È)Å’T¨Û¦&ØýªÈÓk¿cövgGÆóÇ/ò^ ’¤>žœvÕÛ8 »Îì{¤.p´îû}uúÿhPZ^Þö¡þµ½}ÿ•€îà?å«ôüæ…I‡†’ôðÚ×%I— š ›}gà1–ÑG»|µúÛ–ÅI÷êöµ¹¡\y)™ºfÈ)­îõvgëê=×þ°'\LÆ._­ZûšVÕléÐP’žÚ8OóK—'JRIÓn=²î BCìW·˜q(Eþ¥« 6Eü}Uï¹î´Ù•—`ùqËñ$µ9^ä^$TL&ˆì)²]iºnØ·uóŠçõnÙ*]V|BW—@»\^|¢Nê=>úú¶UÓÜŸ%ìóïòU’¤Ó‹¦Ä½FÑ‘úú×õnÙJ]9xÖ~khï´¢Éq—"ŸÙwŠîXýw-*ÿB!+œÔÞ‰ÒòµüÛG_¿[¾R7.ÿë~û%òü´Ÿ©1䋾>ê›0C ûŒÈìÛªŽ×w|¢;VÿýÕCS· ûxr´¾~§V×l{ÒÑêš­‘vî^û=Q9Ò.§U¿}…¬°ÖÖí$õ ‡¿ÿê_z¥d©.->^?jã$©~©¹’¤5›fitˆü”ÌVgä¸Ò¶oyvÂä^C⶙Ôk°$%=‹±¹Ý¤œÁqïÏ.–Í0dZ–Ê}5êëÉÝï˜.›CrŠ£¯76”&UK"û¬’Ì~‹»«U+ªÉ_·Xª,Ig÷›*Iš_º<îýæÿ²pfßøÿå`_§M–ðë‹ÚmÚé­Š¹¿¤b­jÊKÉÔ´¼XõÁW’¥+×·ù=IÒÆú2IÒðŒ¢ƒU]¦9ä3d(Û?dìÕÎR÷ºš÷¾ÍØû^íYR ô$Ý&8¼lÐ rÙz¿b–WÝêÞö¦J½²g¿¾«‡¶ÞW`[S…æ•.×¼Òå­N"êãÉÑé}'K’ÛçÔa)r2’$}¯øD¹l{'^†¬pt¼Í åòÙ>¯þZóJ—ëʵßx¬ã FK’ÞÞùyÜÙ” !ŸžÙ´@’4-oø7~?º»Ò=a`¶+­Íw½\‘mÏÊ|5ÉÙºÚÞ.­×ž­ÔÊ¼É ô4Ý&8ÌMÉÐUCNRÐ ëœÅ÷iAÙJ5†|Z¼ëKµøUúëuJáÏÔªßkÛ—éÔEwéÔEw©rŸƒP®q–†]÷¯yE®}U»|µÚX_ªŸ~öŒþY²DN®ö­V}êƒÞèxsJ–tÈgûõª—tꢻtí'O~㱧÷ÖéE“²Â:iáúó¦Z]³U_Õm׋[ÞÓ‘óoPIÓn‘Õ_ÿ=ìô¨€îÍŽL$rÚÚÞgÐa‹D -÷L$°grRËÉFû²{Æ '7&ÐÓt›=%éñÉW«.ؤ¿mY¬SÞÙêÞ ½Çê•con×xÇŒÖËÇÜ ‹>|P7.ÿk« G³]išwü¯5$½°#J?¨^9ö—ºèÃõêöuͲ?ÆÜŸÜkˆ^˜þ3¹íû?^€ž®À%iïÁªñ4žÚ|˜êþÇÌV™¯&z°j<ÕíèiJp8»ÿQ“= ºŸ@[ì†MÏOû™Îî{”>¨X£5[42³¯ŽÎ© -ÝÓçÜþÓ46{ $)¯ÅÆ©Ñ÷î7MKOù½æîüLK*ÖÊmwéèü‘:»ïT ÝgQIÊpz´pÖo%i¿¡b~JV´m¼ÚšÝ;þRÝ0ê¥;Ü Ç“¤G&_¥ê@CÂý ]6‡æs£Þ)]¡Oª6êÓªj ù52³ŸfäÔÅMj3TÍÁ]Ð «>èU†ÓÓ¦9äk>LuÿcFÂÈ*Ûadó˜Ež^íªè)JpØד›ÔéBRdsÑ ÌÐftØØ“r·y Ò¾†]ÇŒIª­ËæHªms°™Œ}—b·ÅaØuZÑdV49é±8å¥dFO8ÞÜX®qqþ¿õ–†]’¤¢ÔäB¾æYŒ›ãŸ°Ã[© –”| ô4ÝfC€a7lš‘7R’´ leÜ6o—~.I::oTRc—9œôÒqïÏÛ¹\Rd²P¼ŽÀ¡€àôxW9Y’4gÛ™–ÕêÞ¶¦ }X±VN›]—ŸÐê^Ð ËÊ¿ç0”fçõŸ®áEq@Ý¥7Ž»Mw~ñ¿ZX¾ZË«¿Vw/V4Y?y–Žì54¦Ï°ô>ºcÌE’¤i ë="³¿îsQôTè¶Ü4j¶šB~Mî5$a;IúÕè 4C*ô$`Ë„œbÝ1æ"õOÍKº†$ËëõÊíŽý—ÝCvv¶jkkUZZªÂ®.€!d…å0ìÝv< »òù|òx<ìqMòâpCp Á!€‡‡ ÆÆFÝyû­zøûäóùººô@‡‡`0¨GyH—]|¾ü5¥ªÚö•¾3ût=õÇÇ »º<ô ‡‡Ë²ô÷¿½ ‹/˜­Ý[×iæ”Q*è•©ì¬ MŸ0\W,Ñì3NÑ_Ÿý‹LÓìêrÐöpóçÏÓwÎ?G_-_¢“§SQAŽl6›ìv»l6›l6›rs25mÌ}òÞ\ñ­YúçœtuÙèæ I–×ë•ÛíîêZП~ò‰ûÃïUÜ··÷+e™ ‡Ã …B ‡Ã1?Í×C¡¶—W©´²Aÿý³tÚé§wõGIÈÎÎVmm­JKKUXXØÕåàæóùäñx{š 6è{îRa^¶F é'CV›!a¢kÁ`HÛJw«º)¤›n½]3gßÕ $@p€ƒ…à°‡)--Õ}¿ûÒ=M5XN»-©ÀpAb Ô¶²JyÃvÝq×=šrä‘]ýQ@O>ù¤ü~¿®¹æ¥¦¦vu98„öµµµzà¾{lªÓôI£åq;Û5³0Ùk>@›wì–Ó¡ßÝ÷ FÝÕ]€à°›óûýúŸGÿ ’-uÒ1S”‘æ9àpÐ4ÍV{Æ»fš‘=›|Ú¼s·²óúèÞÖ!Cºú«ÀADpØM™¦©çŸû‹>^ò¾Î˜u´òzeuجÂö´mhôjÃö Ÿ8UO<ýç®þZp4‡¶®.{½öê+ºöªË”“Öµ—œ«¢Â|Ùl¶˜»Ý~À×’mkZRYùnýëÕWÕÐÐÐÕ_ 2GWéý÷ë¹??©Óf«ëp©,+²lØ Y²Ùl²,+úcš¦ Ãhu=ÙkÉ´õùzï“/ÔÐèÕÌIÃUí ËáàÀÁã÷ûµxñb­_¿^M^ŸÊêCª ¹Uo¥ª!hhpZ“&Œ¢Fêˆl±t¡.ôÅ_豇ï×Ìi“uÛÏ CÖž¥Â’eņ†–eÉn·ðµDmC¡°>^¹^[JJ5eô åçH’*êëät:»ø›àÐÑü¿¿6 ?ØW ÐÓO?­>úH©©©²ÛíÑ{ŽÿÏÞ}Ç·UŸ‹ÿœs´e[òÞNâ Ç™d@€@ lÊ,¥¥´¥-Ý¥ãR Ý·-—ûëm{» ¥t\è`µ…° „•„IÈÞ{xÆvlÙÖÖ9ç÷‡mY²¥ÄIä8$Ï»/½Î9߯ŽSKzô<ÏÈØYÕ5žÅmÆlZÇìÊíL¯Ì惗7bóâT%=GÀþýûùŸ{Ì´Ú±\~áyX,Ú°ô+<Ò¢(º®ÆØ°m7+Öna¨b&Ž.Mšëî¦Nž{õ­ºRB!ÄÈÚ²eË÷9xð Ûwì`ó¶´ê ³ËOWw`ÃÝ4ÑMÐ ÝPÐMU°¨ © š¦`Q;9ÙYx<9äzr?f55())I9~AA………~æB!ĉ÷Úk¯ñÄO ëú¾`3PÙnŒ¢Ñ9‘KjܺΛ˥óf€Ù qjëëq(‡'P[[ÿïžQV˜Ãw¿v‡=ÔËtab6Cºmûšyyé*ò³]\waÏÖÄó=¡e!„Bàóùرcë7ocæ­´´ûF Wfv9–œbT{)Z¡ K¥ ÕbGT`¨¹û1 +¥=@м°}ê?^N›Fa^Ó'Mdê䉌?ž‚‚‚á{ÒB!Ä òøã³hÑ"rrr†œ•¯b0QÝCQ¨•'7ÎeF©Å­²ó±—øÒ‡/æ qzŒÃÀï÷ó‹Ÿý„HÀÇmý ùùyCÎ ŒÅb†qÜ+*÷mkkogÑËËÁˆ1æ, AEHî9ØÍ3//ÉË'„BŒˆmÛ¶ñ›þÀ;«ÖâE1mY(ž ´Ür\£Ðî™—hÝÑ^‡ÙYCÕñf9™1u·|è:fÎœ9"óB!ŽÕóÏ?Ï?ÿùOl6Û1Ÿ#‚•·”³[äâœ3&@û^î¼y!N§Ä:„8}‡8F±XŒßÿî~¶mZËoý••åI›¦y\À£ vûý<»x9Í[˜?³†,—#>·¾í»›»yú¥7Nô¥B!†EKKKÚÇ¢Ñ(ËÞz‹>ó";÷7s—BÑDÜEc@9ySð5«ÍæÄpÑ}« }cÊK¸ñšË8þ|ìv{Úc¥ÄY!ÄHÛ¼y3ÿýßÿËå:ì~¦› i'OíÄJ,Í^ /ëg3§ÚËäÉ“P[·ñO ó“â4 Ãadš&O<ö(/¿ð4ŸÿÄMLª­I»ïÀžƒÇšEx¸máp˜ÅËV²nÓvΚRMi7m pàmws7‹þýú‰ºtB!Ä°س°¥¥…W^}ƒÅK–Óˆ¢Õଚ-+w„f˜рྵ˜·âu[¸è¼s¸dá‚Ae͵µµ#4C!„¢çóð×¾ö5ÂáðöVˆ¡qÀ("jjŒ×¤ì¬ÆÆsæE\ScaÔØqGð¹/ÎôÔ…8åIàp˜¼òòËüåÏ¿çúgŸ5å ¦i[À0²zÝf^Zò.ã«Š™T]ž28x¸âîænž|áÕqé„Bˆa·eË¢Ñ(O=ý,ÿzî%¢VJÙtr*'£X†Ú‰ðýÅÔ£t×mÁl\]ïâ¹søð×ãv»%p(„bD=ú裼öÚk¨ªoÑ5”re…ýF19J“\¥3éñf#×Õóøäœ|ò²ì\5ÉÉÌ)‡ëiqJ’Àa†Õ8À·îüW_<ŸK/^´dü‘ôõ/<ÞÀaâö»÷ñØ3‹ÉÏq1gj5À³ Sw5wó¯ç^ÉüB!N°úúzîúî²jý6´Qg’=ö,uè¯×§ ÿþ Äö,£vt?½÷‡TWWô”„Bœ†¢Ñ(ßùÎwðù|„ÃaÜn7~¿à°­6úÄ°6­4™yŒUë“[oL ËSÃMó'¢µïâÛŸÅR„8²ªr†½µ|9ï­ZÅ¥óf¡˜0ô"}«†1h•äTÛ·Êr{G?ñ<Ñh„ËçNÁÒÀLTåˆÁÃ#eL !„'‹eÈ}Þ[½š?<üýÖ È]xzppWM…ª©ìioäª[ÿƒ\kˆÛn¹‰³Ï>;¾d" !„n‹-¢½½UU‰D"F™;w.Û¶m£µµ›Í–ös©…%ÆX¥aÐcSÕí<Ú1ŽýõÍT”°vóΘ4~XŸ“§" fˆ×ëåüY5üá¡G¸ÿOð³ÞÉ3f ¹™ºªªñbßï'n3 EQ’¶ùý~}êEvï«çüYÉv;âÁ?Ã0€ÔÂtÛûnŠªÏB!†Q4åÉEÏòä /õŒ&kâ xY#=­“Š=·û9· øÙo¢üöÏ\{ùB>xý5#=5!„§8Ó4Y±bjïçMÓ4),,ÄçóQ]]Mmm- ¬_¿žºº:¬Vk|ÿg´EªÌ:6ÖÙ¨*/fɆý8âHà0Cl6ªfaÎÔ±„ÂQn¿ûÇŒ®ªä~p¥•cŽx¼¢(CÎ,LÜDyþ•7YúÎjÎœ\Í´ gÚ¿ïë±UE‡B!Þ_žøç“üýÉç±OÖü/¡ÈkÙaiv9Ó.Ç4/eÑ–ÕüóÓ_á#7\Å·ïü:Vë©Ù÷Q!ÄÈzõÕWiooGÓ4¢Ñ(^¯—íÛ·sÝu×=ŸM«««™8q"ÍÍͬZµŠ;vF±X,Cn V­5òv[¾ˆTÓ q,$p˜!v»SQPT·ËÁ¥çN£Í×Å5ÿ2W]|>w|é6Üž¼Ãžc`aªÌÂø6EåÝ5kyô©©]Ê Ï9rðˆRª,„âdâý­^½†Ÿüò·è¥3È»øk0ö1æÏŸÏóÏ?ϦM›‡Ã(Š‚Íf´¿n* ƒ=‹ƒm}.Bœ$p˜!v»p8äåç£*Q4âà¡NF—R˜›Ã™“ÇÆøîOî'×ó0?ûÁ7¨¨®”Õ§ªj<ÛPUUüÝÝüá¯O°nÓvœ5 O–+ep°ï˜Leq!„'£EÏ<ÏC?‰½ö2ò,ééœÒlY¹äÍ¿ Û9ç’ëøêg>Ƨoý˜´3BqÔêëëÙ¿?Š¢Fq»Ýìܹ“K.¹ä¨Ïåñx8óÌ3ÉÊÊbÆ tuu‡žÏç‰ ‹UÕðunu"„8< fˆÍfÃ0ÀátŸç Ò} ˜n²sÿAšÛ:SQDŽÛÉ%çN£Óäæ/~‹ygÁÝ_ûÙù%ñsõ•,†Á¿ž~‘§ÿýgOŸ0}Lfê IDAT¤>†ÙbúU«„BˆáÕÒÒ’T’  ¹ëû?¦.–GîÂáéc8Üá°Áë>3Õ>#Í]6³tÿû¯×yðÏó¿ÿýCòóó)((f!„CòøãÇïëºN~~>¡P(e¦àPY,Ün7ø|>òóó1M›ÍFHqâÐ T«Œ(¥…¹™xBœV$*”!v»]7pØmääcë]*¾ïæFظ£ŽíûšˆÆt¼Ùn®[8‡ ¿‹Koú ÿߟˆ»€ž²ãåï¼Ë§¿ò-víÞŇ¯8QeýÍbûnŠ¢ Ú–¸]Ó´øÏéöIµ]Ó44M‹ï#„Bœ vìØÁGoûÍgã~¹,~2EÅ3ù"ô)7òé¯ÜÍŠ•«FzJB!Þ':;;Ù±cŠ¢‹Åp8ìÙ³‡³Ï>;#ç7M“ææf6lØÿ¬[g–PጋÅÐ>¦ÕŽÏÈXBœN$ã0Cl6=DwNÛ6¬Ã›í”±wÈ秣+@Ya.•%ùŒ*/bTyo,??þ_ýôͼ°l 9.;¼ä€!e±g î8E•À¡Bˆ‘÷×Gžà/-%wþÐì²âH³å{á—¸÷ÁGÙ¸e;?ýïô”„Bœä{ì1b±ªª‹Å(..¦«« ‡#õâ¡Çjâĉñûû"js5b±J8(}z…88Ì»ÝNL7°;äæçcµÙX½iå%”.ßihé ¥£‹ªÒJ ¼ÌœTÍôšÑüúáñÅ]ƒ­wYù£ ±Ó'ÙB!N @ €ßïßÜõ½Ó ”P°àóC>Ïq}핉l{3}±qüìÇI8æhg0¥ÍŠf%oîÇyi综wÅ5üñ¾_ÜívãrIW!D£Q6n܈ªªèºŽÕjeÏž=Ì™3'£ãäææât:{/U¨7 ¹4ßB,#›PFÇât!Q¡ ±Ùl膉Ãn'/?²’"r=ÙD":+×oå¯+^Üw3 Ø[ßÊúíûéô‡°Ù¬xs²pÚíGUŠ|4eÈ} ¯ õ8)Bq"ùý~Z[[immeÍšµÜòÙÛi)ž‹gʉ[E9Æ[òI”#ÞÒû>㮞C{é\~ýÍ,Yº4þûë !„O=õ@è "æåå‹Åp»Ý§¸¸8~—QN©3Œ#§€X4Bu¾5£c qº¨P†ô,ŽÒÓ€5?/«ÕJ®'›ì,%Eù´µûXµa+Ýþà €](c_ckÏÏ]?ÂTÀÃSŸ+Õ>Š¢`±h#}i…Bœ†ž~þî¼÷7äÌÿ®¢1#=qŽ‚J¼ ¾Ä7⦅¿>òÄHOG!ÄIÄ4MV®\‰¦iñlÃ}ûö1cÆŒŒŽc±X°Ùl½ ­(¬Õk8³Ø$¦Ä:›¹îâ¹OˆÓ…3IQ°Y­äççc³YAQ(/)¤º²Œœì, ò¼ì>ÐÀÚÍ;G¢)ƒv(¤èÍí:£Ápì¨C F&ÞLÀb‘oe„BœXOükÿ÷ôR |Õæééˆ!RmNŠ.úO­ØÃÿüâ7#=!„'‰W_}•ööv 'Û0''‡`0HNNNFÇé땨( {blV•ÜÞÌÆ"‡ŽÓ)ï)„8Òã0ƒTUÅn·‘›—oºz ¡™Š²bFW”ÅØßÐŒ®ëlض‹,—“š±£°Z,hªÖ8ìÏö‹÷4 u3zÌh>8¯«¦ÒÒÑÅ’wVáTbØ­–Ãö)JÿÔÛu»Ý>"×R!Ä飥¥…ÖÖV g”§–n"ïÜ[†tlº2_å8újZ¶½™®{`º¦‚JêÇÍ„þ…fŠþ‡ UoE³çDƒ†ò±ÃÈ{ÆU¬Ø´˜o~ç|óë·PPP@aáàžÏB!N}o¾ùf<ÛÐb±PWWÇôéÓ3:F4Å0ŒÞlCX£×pvq\+Ÿ¼Y² …8V’q˜AŠ¢ * A¿ŸË®º–9³gQUQJ}S -mØm6&Œ©btEy^lV++Önf×¾zTµ§g¡Ò›qØ— Øê _RÆÍ7^͹³¦á°õdæe»øÀ…s™4e-]QtÃR&á‘ú&&e?¢`³ÚFö¢ !„8müñ¡¿òÔòmxç|h¤§"ŽSÎä…¬lB2…â4·~ýzˆÅbdeeÑÕÕ…×ëÍè8Á`Ó4Q…:£]uàÉÎ"‹QáÖ)+)ÊèxBœN$p˜AŠªaѼµøYüþøàÍ,¸ør¦ÔÖP”ŸÇÞºFZuàv9©7†Ê²Š r‰Æb¼½zSOÀNIæ5´v1kÚd¬vWÊ…JJò½\µð<Ê«ÆÐÜÞÓl6SD°X¥TY!Äð»ï?òâÚz¼³¯驈 É®½•MŠ…â4öÜsÏõ. Ú“èR__ϤI“2:F  »»kïg×5ÆDfåv¢£aú[øÜ 2:ž§)UÎ ‹Å‚ÇbÒ°åm¶ê6Š+ÇqΗ°wç6²ÜÛñuv±ç@ù¹¼žl¼žlZÚډƢI™†}åšÖS|¤G‚˜€b±‚®*K )+ÊgÛ®ýìÙ€¯ ³·üŽ­„Ù4ûûD!„™â«î~ÿG÷²dWž3>vÿ¤RÜÞ è)ûí+½UJ}K•S•Ü'i€Äó¤«TN÷@Ê ƒBê¹¥“nÎñ×mÀ<ÒyÒ=ït»qVG/»v«¶¼Î·p÷þð»¸Ýn\.×0Œ&„âdR__Ïž={PU•h4Jvv6 ???£ãÔÕÕaV«•&3¿’…Çå'‹11ßBaAfÇât#‡™”ÁçtØ)v+øöodÇ–õX]YŒ®™JEÕ(&TÂ4Möh ŽP\˜OíøѽC’²þ4U‰€1 =ÂTmp ±Œ]΅瞉aqÒêóy1”t¥Ê’q(„b8øý~Z[[ùÆÝßcé¾9S/ò±ª¢ ¨½7¥'$§@ÿ6UAQÕþ[Bÿàt7UÕâ·øù in©þ—hУ}çI|íxKšOß>ýÏi %Å-y‡„9 ¬Ú¼S§óÍïü€ÖÖÖxÀX!Ä©í‰'ž@UÕx¶aCCãÆËèÝÝÝ466b±ôäD­Ñk8#ûQ,¨6¾róåOˆÓ‘3HAEÓ´¤[ž'‹ %nèj¢±¡Ž°¡aÍÊ¥¸¸˜ Õ£èòØW߈aÐÛãPI æiZO UÉUÅÔcèÑ ¨ZÏmà<˜4ngÏžNwÄäPç±QÀj“À¡Bˆáñ'±ª>BvíE#=1̲j/`U³Æ/î{`¤§"„âèîîfÛ¶m@ÏÂ%‡ƒ¶¶6ŠŠ2ÛkpãÆ躎¦i´š^ÚL/YZ”X,Fm© ¯Ç“Ññ„8Ià0ƒ5}@®ª$95¥diaš››©oí¤Ý¦¤¸ˆ±£*éìîî ÜAÒqVM‹¯èøèÎ>ðü.š£=ÁB#! ƒjEÑWkŠÊô‰c™>y"mAº¡£ b"‹£!„6läïϾAÎô+Fz*âÉšx>˶µòï—ôT„B ³GyÃ00 EQhjjbÔ¨Q£»»›-[¶$dN`º»…¨bÃjãŽ[¯ÉèxBœ®¤Ça)J_‰ojªª2câh&Œ*eɪMlÙu€X,FiQ>SúJ•{w}}­ Ãè9ÞiQYw°‹³_ÏÆðÃYÅ8¢GƒèºŽj±£¡AãZ43&' ³aÛnr³8ìÖ#ö8TT›]z !„ÈŒ––Z[[ñù||éÎïá=ÿóƒöØË0U‘­¢*¨} †i¤,ÅMÚ¢ ηô=ý’ú#fn)ÇLÓW0ñ¸£+Nè¨öŸÛLœYâÝ„ñ“ú$¦)WNÜ'qáèw3óîùåo)/-¦´´”‚‚ ‡||ß¿!à¨BqbÄb16lØ€¢(D"û÷ïgáÂ…gùòåD"ìv;íf6f!cŒ]ÄbYÌ›GV–;£ã qº’ŒÃ 2IŸÁ—xËv;¹òüÙÜrõx³¬^¿‰7ß~¯7ã09Ðfµ`ôFZÿ¯ëÙ]­Ì|b÷ï aXìDà =†jµ§œŸÍjáŒÚ±æSw°½·×Dâ¢,‰7Ó›M2…BdŽiš|ýîïãœuªU¾œ:Ý(ŠJöÙãŽïüˆh4:ÒÓB‘a1Ã䇉÷³5M“X,ÆäÉ“yçwâåËÇ+ ²lÙ2´Þ/×è˜ìh&Œ {¤;?}CFÆBHà0£Wú›êVV”Ï>z5Ÿ»ù*Ê‹“x}¥ÄICËàlû×5pÆ¿¶óR›Šb±b‘`7†i Xl)WetØlL«©ÆnwP×Ô²|ÀjK„B!ŽÅO~þküÅgbÏ-驈buy0Æ-ä‡÷þt¤§"„"ƒî{qWþç"þ±I'â‡jub·Û{ªÙ…I“&‘““Ûo¾yÜÄ%K–°X,tšnö›¥ØÃÑõçÖ–ât:3ô¬„RªœaZšr¨Ã™^;–iµc{J„’J•- º®cQ5ìZê8¯iÂ]Ë÷ó#‹Ê}ó*©µ‰FÂè‘nLEEѬ ëƒŽËr9©WE»¯‹–¶C”$•/£HÆ¡Bˆ---Ç}Ž<¹ˆ•ûºðÌJ.UJ¹0=«'§lr”++CØ7Ý>Ê‘J˜='JØ`&?Ö;NRIpºrâ¾V" Ç&>®$–'+‰åÆ û¤yN}_H3’bî™ä*›È–u»øÛ#sËÍ7¥Ü'‹ÑÔÔÄÁƒin>Èþú&öìÛO}C#áH”ÊŠrjkÆ1nt%”——ùƒ¢”8 !Dfýse=ëöwR›CÀn¡%à¢!PÈ({V#š# bš&µµµÄb1^~ùe&L˜À´iÓŽj¬h4Êâŋ㟽×ê㩱7 ÙðÆ||ó3ƒ[¡!Ž3)Ýœ£:EæŸišØ¬tô¤RåTü1ƒO¾¾Š,¿šSD¡ÙE4A×C( èÁ¤cL²Ý.²\¶µ‹êäçyzˆŠ…BÄûÊ …ištvvâóùâ·ƒ-­üå©Åä-8›ù„ÀZbüñHG 4ÛúŽMì#¨(¨½Û“x Ð%›²÷ ¢$z2&ã} Iÿ¼OD_Ãt<Ó®à¿?ÀÄ c=z4õõõ¼òÚ›,y{%¾ Žâ·ރÅíÅê®Å6þ\P56ubõÚôeo¡Û0ü‡ÐŒv‹‚ËnåšËrñ S¾—‘À¡BdŽiš,ÙPGVV.—‹@ €ßï'àtRÈÆ4 ¨0ÑühªŠÏçCQjkk‰F£<÷ÜsL:•)S¦ i¼wß}—öövìv;~œì2*˜Þ¹’ˆê䙣±Û¥jNˆL’Àa™¦yÜpÔÞ•™ûÞàÛ¬bzÏ Û‡}êº#ÜðjgeñÃ),vbá 1]G³:@Ñe š&äyr0 æ–C8=o²¥TY!D:>ŸíÛ·³fÃfÖoÞFGW€pÌD7@µ»QìnL« Ãâ›ÏÜOU NœâÏ9çß½‡qգؽ¿ÝYˆZ:•¬Y·âÑÿ6Õ–S€-§ åc‘H?¿¹’?+¶Ö³yû.<^¯ǃÓé$ôÞ\Ôr±˜”Òˆª·`Ñ4š››Q…ššO>ù$gžy&“'ON;–®ë,^¼8þ¹{>Žq¶ƒt-hÝÜõùœ¨§-ÄiC‡¤iZÚÀáŽ}MìmhaÆÄÑäf§=‡Br©²ÕjÁè ò¥+UNgåÁn®x­›ëF{ø\•†ÒuˆhÈßSúlwN@ÌÏÍAÁ¤¾é N»d !„èÑÐÐÀK¯¼Î’wWáF‰ÙÜ(žJ,¹•¸&ÞˆÍbC^5ÄÑÐngÞBª’UŸ±óª6'žÚùP;ŸÖ®CÜû·ÅðËß1ûŒ)|ôÆ먭­ÍØXBq4¾ñoðç?ÿ™îîîc:¾££#Ã3:zõÍ<úÂ6íkEEuw`¶ùhí(§»£_n>ÇÏ@ øNö ±SO‰Ñ„‹¡i@Ó4&L˜@kk+=öóçÏOù·zíÚµ´´´`·Û šv¶é£˜Ô¹¿®qù¼¬Vë\!Nm8Ì ›Í_\d ·×ï ½ÓÏöýM|äòs)ÌÍIy%!ã°§TÙJ4ë9¿vlYOíõñÔ^øRmWæл; ºÐ ‹Í FhÐ11Ý`Ty ­Ûßf[¾ƒšÙçƒ"ké!Ä©hË–-)·›¦Éºuëxö߯²qëbŽÔòédÍþY‡É°Ò«UbI²¦¢ªƒ{'žGQÕx9±9 ô·/‹ÑPú›xlü~±I%Ìé柦×_âX}½{ &ͱw²çÐÒìŸ<¼™t?éçÙ›‰¿•tÏ)±³™°—¡§é}˜nn)·=›gxˆmÙyØθ €u÷²êÞßsÏOÉ=ß»›âââ¤}% („n­­­twwsÏ=÷ðÑ~ô¨w»ÝÃ0«¡‰D"üà¾Gxé½½èªüŠ›ˆZ‰Óp0ªm+†o7]¾rüÞJ:s âD§Ó™…èb_ œ,e…zÃ@QvíÚ…Õj¥¦¦†}ûö±bÅ .¹ä&L˜ô¼¾þúëñ×Ô ÆXFYZi™”8ƒ|ós7صâT&à ²Û˜2pèv9ðu1 “7WmáC—ž“ö<‡zïyëq–Aß¿å¨ðé%LÖZуÂ. 4›S :¦»;Àkÿ~†5ï.áì—1zòœãšƒBˆ“_CCxèï¬Ý¼¥ {åLÜ\6ÒÓ⸹‹FCÑh‚¾>{ÇrÍÅsùäÇ?:¤t„"“òóóãý]ßþþô«<øô2:"Vüª—F­‚ ê&G‹`%FØâa¿1•âÀÆÜŒêkDﬤË[‰ÏãÅëõ’›››”p¹ØÓ]‰WÝ'܈ͦ ë:7nÄn·3uêT6oÞÌÒ¥K¹úê« ‡Ã466b³Ùˆ`e³>†q¾¥¢1®¿|‹„7„òÿ¬ ²Ùm@êŒÃéFÓÔê ¡¥ƒHLÇaœF­)jRæ‚Íf!`Í@ŸnÀw×"Çb忦•QØÝ„öwb**ªf´€ @kkO?öÊÊ^aþe×Sƒi]¯cíZC´£`î(|Þ"|>^¯—‚‚‚¤ìÀ;‡Ž®6 ƒ»°ê±Û­„B!–-[†Ûí&`³Ùˆba£1–ª¶%ø¢>zù‚ã^¤T‘ž3¨oÙ÷ÄÞA‰®œ?“Úê lV —Ó‘rESPSQ0MEQâ=‡,Ãð·powŒO­1'¿œ/–„Ñ[УáÞ˜í½ý“/ ²uËV¶nùO¦Ÿ1ƒùW}·wxû !„8~‰½ u]ç¯<ÎSÿ~ {ÍÅx~ý°Ç&õ5áË1Ó41zûªªï7¨ 8OüܪŠÚ»]Mè ý=õÔžI žd⇆4}ù’ŽKÓÇ/éÌiJX•T¯õ{/&œ#^M¦G¡bšÉ={÷Szß <§™fÿÄNz€Ic%×WM\„-aûÀ>‹Ç°ûûŽÅ™Eî¼Oñ^Ý&fœ{!?þöÔÖN”~‡BˆÓÖý]Ä£¯®£K·âS iTË)ÍËâÆ* N%B8 ¡(ä8m|êÂñØ,*6Må@K'¯­ÛÇÖý-™-xÌVvfŸ±njºÞÅèl!ÚQF oyID¿ßß“}ètÒÈ#êk¢8¼ 5Ò†Ýn'Ä_·cÈWº¨k>Du¯ßöá¾bBœÚ$p˜Av‡ÓLÝã°Ï¸ª’ÞCE‰7Œïû°‰õ¼ñ×MUÐÌ¿=·-Ì»mp]ùX®Îj£»­™h(@,Ãêtc00€h&«V®díê÷8{î<λâÃXYŸ›BˆÌú÷˯ð‡¿<Ž:ú\ò/>|ÀPˆÓ…»b2FQ5ßüñϹçîÛ%p(„8í,]¹–Ÿ<ôû;tÂj6 ZÎì\n¬õPä2 …B„ÃýûyL•ÿyL‰‡ùS+©oíâõµ{yaÅvÊ‚{ñ›Öå^AI`…‡6éµB 3 fÝnÇ4ãJ“VU%žmÑ—¡¡÷þWSzz ê .!Δ§êƒ<…‹/V×2-°n_;¡îNbºÝ•…©^9‰òÚâWxwùR.Xxg-¼Õj¶9 !„86kÖ®åç¿yP^ 9~%ÅJÆBœÎT›“‚ ¿Èwr?eeåÌŸwÞHOI!†]KÛ!¾ý«GXµ«…¨ê¢ÙZAqi%¹ª”ÚB+ :1v4Yº½5<ÜÙÔÉ‹ïíåòY£“ÎW^Í- §råœñ<ôò^[½‹ŠÀ|j.õE72±s)fãf"Dr«èô–Ƴ=O<€è÷û 84*°vì&/´íѲ” »÷`b©›Û?yÓ‰¿`Bœf$p˜A6»ÓôWàP1Aí-iê;®÷,Ž¢) ž /S~»;„U)æ®ê2ò[v û» vu`˜ôd ÆbƒŽéê°è_ÿàÍW_âòk>Ä´yÒT_!FBKKKÒÏ@€;îþ›šBäÌù96gúrÜ4%¾‰¯m‰åª‰Û÷Jüö¿¯VUµøþiK•ðø‘^Õe͇“Tú›.[!] sª]¥ÿÞêÃÍEðXâùÓ•'–-©¤ZIüÝ$<#Ý|«f¦$¼ù0õ„úÆ4Íä9¦9ÿû…b±Q°à |öÎñ_w}‘ùçÍMz¼°PÚ³!N †að“Ÿà™å[ð›YÊ9¨•1¥"›?ÞTŽÇÑÿ×=×eá¬1ÙL)wñÒúfÞÙÖÀ³+öÒÚÑÍÍ &£ ø°š›íàë7œÃgçwO¿Ëæ½M8­ìµ'V4“ÚÎ7XK´£€·ŠÎ΢xöab1t¹ðªEÔ´6ciÜÈ›†Éí7_yB¯—§+ fÃáDv8ìƒWL ESã‡} ¤èzÆ¡EUX2<\¢&ܳKÇk©æî*µn+¡P`g;&*V»3å Ìí>þòðŸù™…bD´¶¶Æï¯^½†{~öklÓ®Å{Ö¸”û§ X%í“&x”8L .ö—àÒT5¹pª`×  GþƬo¤þ~†1èñÒC™i‚ª©z/|¼o£÷õ¼÷ÔÁÙ㤠"&ëM¤T®AâùÍ‹Ÿ 'ñLŠ’ø…èàëj¦{NïcŠÅŠ÷¼Oq÷½¿áÎϵ1oî¹ñÇ$p(„8<ÿÚÛüê±Å4Tº•|´ j+rùô”lP-´ <ŽÁ• .›Æµ³JihëbgCxsS#­í>n˜7™ªbï cj* øÅ—®`ñ{;ùý3ï`tì!‚•YsÉËòQÒöAßAb¾rºs«èìÌÃÓ»³×ë¥0?Ÿbm7»6½‡Uµ2ÁáǨvò…ð\)!„3Èf·DyøÙ%œ3}ÓkF1;a ž€aOvF}éJsË€XJ¢ÓõdLê/˜°™¦¯aºbÜøuím3½c©iÎ(q»9`{ü±× ^ÞûóÀ}”4¥Ø‰åâFâ¸I¥Í©¯_â±zš’çS¢¨äÍ»•Ÿýö>¦L®eË–-ñÇdåe!ÄûÁ߽Ÿžy‹Cj MZçŒrpaµîP”µ{Q–[–ò5»<×Á>_ˆ6w …°©:·Í¯À‘ð^`l©—±¥^L«äO/­c˾xq=o­ßÅœ©ã8wò(ÜÎþ÷.»•{?w—þÇ‚:`bõíEéØǺ¼‰d™Îß4XM^A ïvM[ª¶’çͦ¬¬l¯˜"‘3Èn·c±Z¸bþL^_¹‰,§ƒ+ÏŸÅ»ëw²«î —œ;Ò‚Á=iª† IÃXïsUIÿn$,j3\Ùàë@QÕxÐÀér%í{É%—Û‹×…âtòðßeÑ’µä-øœD¯B¼ß)ª†sæÜýƒ{øÝ/:ÒÓBˆ!Y¿e'?~ðIv м4XÊSœÃ“·Táuõò‚5;›)+ðPâMN ë°¯=B–C#Ûj¥±-Dg0š8ìSQÍ7Ìá?x…ö®«÷u²r÷JþïÅ÷8«¦ŒyÓ«ÉÍvGhíèF øJ¢5­¥ËšÅÖ1—p†k9n%Hß×x…j'×d­ãÃühƯ•"= fÍf#Š°lÃæLíÉ8|yùzÎœ2UQxrñ ¦Œ«ä¼™±ZRgk(ŠŠªöÜ Ãè)UîÍPsDK•SêÍBP°Zû„q:œ#5#!„8íèºÎ×îúk rÏýøBG^­M•<þ'¹éÆëGz:B‘–ßàÛ¿ü omn$¨ºi²TÓ¥y©²â{U$ œ6™ãŠiíŽðïmä8ñ¸¬´‡U¢1ƒ+j³ð8z¾Ô"ö4wÒÚÞEmUARE@W Lt@@°3å¥÷vóâŠ(ÄtHT'f¤Éåùp´o'šW„¦¶±Ð¶ ݶ—ÑÅg>ýI¦Nšú8!Ä°ÀaÙív, WÌ›Ák+z2¯˜?ƒwÖïÄ4M®œ?“5[÷ò×g—rÑÙSS^4蚦€ÙS¦¥iZOyPopNƒYåpL£/29ãÐát¤;D!ÄqøýþøÏÝÝÝÜúÙ/ã+:Ï´ÁÂÓ½l(iÊ–“Új$nO³ÿPÆŠ?®ªiM§¯Ä6©7qåÞĹ ø9帉'›X¦›æ¹©œ9aŽ}G¦]9q{šUš1ÍÔeȤ¼–iJž®Úœr>éæ™rôþñ×ZpÒû~•=é"}öwœwîÊËËGz:B1Èoÿ¶ˆG_YÏpÒf© M+anYŒé…šÚañê=L®ÌÇaœÈRe£4×ÅŠº(v»†Ónáêñ*vKÿ«‚¦*Œ+õ &«w4ÒÒ©,ÈÆ4M¶Õµ±aÏA.š1†Úª|:ºCl?Ы«wáê˜@L7ÑõÔmF çón~i9…¹Yt„ü¼±y=·\yyy\zéÇ;vìp]:!D8Ì ›ÍF0á•·7rÎôñøº¼¼|gN‹‚ÂKË×3mBÇ”óï·Ö3¦¼ˆgMÂiïÿÆÇ¢j ö—* Ì“ªTÀÔc¨š–8t¸Ò"„â8øý~Z[[èêêâ¶/~eêu¸‹FÕy†8LÚžÐÛîHÁ¿Ãy¤×±¡œ´¿ßaâö4H†rî´{¤ :&Í%¡×`Rð/!è™´=>ÝAÄAÒAcõ›xžtû§¹I§L¸ŸÔ 2M/þ}LÓŒ_S-P˜JöÙ7óÍïÝÃ_ÿxÿHOE!â–­\Ïÿ<ô,{Ûct[ iÐ*˜U¦ñï[Æã²÷W†ùüa^^¹òB3Æ—&}YŽ™ln R”e'×­Òƒ½í1j ­ƒÆÓT…YÊøÙSkxä­†ÇmåG›G–£ÿ‹fŒáà ¦òпWóÒŠm®;nŽÛI~AšÍE¨½ŽŽ½ Ç,Üu×]IÕmBˆK‡d·ÛQU•ËçÍàµÉq;¹rþ,Þ^¿Ó4¹|Þ ÖnÝËîº.9w:Û÷5ò—g–rÁ™“¨­îùÖZÕTÔ‹£¨ ™']Æ¡ÞWF­$íÉ8Bˆáä÷ûùÌíw M¿GAÅHOGˆÓ†ÕåÁ_5—_Ý÷þî7#=!Äi®¥íßùåßxoW‹‡[ÝJn×v¾sÉIACÛÎÕskÙÓÜÅož[Oy¡‡"¯›–îV«•ë§ç'eúB*öbtqÙŽäðÁA_ˆ†Cݘô|qT–—•4ì“›íäë7ÎeT±‡ûŸZ>èq»EÅ[‡Ýé&Òµu mÝ"¦7G¿À¦"³$p˜A6›P8Êâwú3_yggM‡iš,~g#Ó&T‘“åâõ›7ª„‹ÎžÊÒÕ[Ù¾¯‰KΆ¦Y01ã«Jš¦ÿH= 3ÞŒÃë* !„Èœ`0Èg¿ü(S®• ¡#À=zKßz˜ 6H¯-!ĈùÓãÏó§çß¡‹,š­ch#GûòCõØmVžxm-ß¼yö ™Œ)Φ¦²·vÂÖÁf³ñ¹ó “‚†‡ÆÔQyìo ²lû! ²¬XTØÕèãPwˆçŽgRe.‘˜ÁîÆvÞÚ°—Ù+SŽ9kByR濦(x<9¸Ü."XñXCG{;!Å…¡©‹a±X’Û¨!N8 fÝnGQ®˜?ƒWÞÞ€7ÛÅófòöúí((\9&«·ìaw] Ÿ;m{X¶fófÕÒØÒΛïmESL³¿TYQ”x–¡ÂÉ·8ŠÞ[¾4pUe»,Ž"„Ã"óù¯ÜY{ ®‚QñíjB‰¯’¦Ü8Ý+HârKB)Pßâ\µZÿöAI,ÙM(©=œTå»)NŒ÷S©³{Ƶ|õÎïpÿ/~BAA………#=%!ÄiäïO¾ÈƒÏ¾C»’Ç^­ÃWÏìœý\uùDôðöæ,ß|€{þü<×/˜ÉŒ É_4¶w‡Y»·Ñ…Yä¸í´v¬ÚëãÂÚ¼¤òå>UùN67…xeó!Âá0n‹Éí—×à´õ¿'(ôô|ܼ·‰`8ÆøÊBr\v"1-ûò»EoÇ_×\v+n·]µlÙI°µŽ€–nÍX,~ÎñU%I¯CBˆO‡d·ÛñuvQ]QÌ'¯Íç­5Ûxiù:æLiš¼´|=gÔŒ&ËíˆgΛU˲ÕÛ(-ôrÁ™“xêùúž`aB©râJí$«Uîû`aÑ´¤öI6»}„f$„§®P(ÄG>ùY¢ã¯ÀY4êÈ!†Õå¡ÑõõõŒôt„§™?>»œâ¤Q+'Ú´[ÛfJÏ™ÂMÍDS‚á(_¼ŽVì`çËWžÏ¸ŠB ½Yìoõ“›ãâŽLƪõáÔÜaɦFj*ò)õ&žëì:@QzÚgEb±´ís'.aOSŸÿÅÓäg;ñuië Å°i ·4¡îvôæ÷ð+Nt[. è©›m3ùÖ—?™ñk'„8:8Ì ÒÒR4wüåŸ|ꦫ¸èì©ÔŽ­à•åëÑ4-žq¸«î —Ì=ƒ­{êy{ÝæÏ®¥¾ùËVoë š‡½$¦‰å$ ½Ü5M¥ÿEÇ!‡B‘qùÄgV_†Ó[6ÒSBÎÚ‹ùÍïÿÄûë‘žŠâ4ÒÑÑÁî-ëñŽŸƒÓ âï¬àÕ÷¶ó½ß=Ég¯¿€Ñ¥ùÜvål̨æÇ_ÂΦ.ö c³Ùp;ü¿…“’‚†Å96Š¦”±µ)È{›:)ñº°k&õí!"1˦äQ™kGUÚ¼·£‘QŪ sÍÑjQ1ÑØßÒ…®ë(¸64ÍJ(Ãl\GD‡˜=Eד² Á¤8ÇÆ/¿ûU®¾ââá¼”Bˆ!Àa)ŠÂ÷x;vìàûߺ“«/<‹sΚɭ×^À;ëwòÒۘїq¸r3ã«J˜?»¬?ãð¬)<ýb X¥/ËP‰…øýŹ{ÉN–îoÁñzÓìÉ8TU %!¨iµIÆ¡B@ €ßïÿü³_ÞÇn£˜ì¢jŒhè)£—''”'– eõä¤û‰û$”$'óH+#÷ –æÁÁÛS•D$såµéJ¥S•?'žÏìÙp?6åÊËVXVR”k'퓾Íívãr¹Nà,„§£®–Ø‹ÆP’jY%¾ºž÷ ‹×ìeËþpáìZæÍOŽÛI±×ÍþÖþ÷QÝàõu\:kÔ ¿» P[âd·…>h4Šª+Ü0̓#¡ÿaU›ª7‡ºYüÞNŠrsUì!‰±u+ϼ½p4†‚‰USЬ¦…ØÁm¡. g~O†aRÀìjŒk/˜Îƒ?ý6›m¸.Ÿâ(HàpŒ?žGÿ¹ˆ¿>ü?üùƒÜ~ë œ7s"µÕå¼´|=¡º(—œ;=žqxþìIÔ5·±|ív4Mëé ”°8JUy)›¶ïaâØ*ÊU?]PÁ›-¥|oÙNtŽà*S†AßÛsMÓ’2eUe!„8>~¿ŸÖÖV–.[΢7×7÷ã‘P°IQâ_Ú(ô•”4ÀÄí‰m0ÒÕ„}†Ò+ñˆú*楦ˆ¥•.4”äÀ ^ªÓ¤9R?À”Ã÷ÿÏx>Ã0úKìÿhšñù›‰çOØž´ÿ€Àž™€L!1Ô›4·4û§ë™d³0Ó0ýßJ3]`ô$a°_Þ÷wÝñÕø6  !†[·– ÛWá.C~ÅDòªÇÑÖá#좥+ÊSomå…•»±Ûmh+åE^Šss¨oïùü¸xC-í>.œQMy~VÒ¹›ºb´øul6 ŠÁ¨Ž?là° î5Xš—EŽkß~x)þ@˜nŠÄÐõš©£ªSì„} (]à.B±8•%cD9cL!¿û¯;™0®zØ®›âèIàp}ì·rÕÕ×ðýo}“êR7\u1½jk¶ìañ;¨]ïqXVèeþìI<ÿrJB©2@^n.^‡M;öR˜çÅ›íä<ÎóWMà÷›ñð¦zº£úf“yšiÄßÈ«šŠªöÿs²IÆ¡BdD]]ÿóÛÿ£à¢/ôT„)¸KÇñÎâƒ8ÒªEqâøÕôöVèz­x%%„b9ø»º€ž/ª 4à WΤ¶ª€pTç­­M¼²¾Í1ö½¶ŠB£Š=¸V»t\;U;)ÊR0M-~Íuä9j+sU t£è†ID]7ÑÐÑõº¢°vlÅêÈÁôVô,²eôgêzŒâ,o}þÓ|èšËOèõB ¬k>ÌrssùÍଅ×r×ý†Ý»v1{òX>yíü¡H<ãÐé°³|ívTÍ‚aô|£ßwë[,eJM59Ùn–®Ú„n˜Øc~¾<ÎÆ“—OdniÎ _qÙ–³ ©‹%~³Ú%ãP!ŽW0äëwÿïyŸDÑä»>!NV–qóøûcOŒô4„§ UUãU¦æ dËÇlßC÷žUÄÂ!ò¼ÙØÝž¤ŒñûžYɶ-Ø­N-çÛןÁ„ÒÂØ8àÓY±·›·vû D.ç¢4[ESÀ¢Bi¶Æ¼š|¼Ùn^\¹‡···°÷`7»›»xiõ>î{n-p Å40¢‘AÌÖ¸‚M8ò«PíYƒž‡Õrëåg²æŇ%h(ÄIL>…œ sçžÇYg=ÅÏÿç¿yáwùÂÇoàC—žÃæ]u¼±j E¹œæ$^xù Š’\ªÜwó<üij誓«oº•î†íø5Qªvsÿœ–*àžUhDOÈs²©ý‹4­'pØÇj•ŒC!„8Z---ñòd€oÿð^´©×asyR–áö¼V¨ý÷{·[JŒÍ4ýéÔ4å§éJ’­–ÔoRõ;4ÓTsOy¶dIÅ©‰e±Ï×ûXR îz,¦+I&MÙtÚ2à#”''ÎWKsî¤ç7ྙøüR”K›ŠoH× ÅÜÞ%–¥9Oß¿Ó4“ʯã÷URþn0MúŽPµÿy اÿ®‰a¾[bºkŸnŸLË=ƒ^ù_nûä'†q!„è‘““CYQ ­¾ø¶˜Í‹j³áhÝHÈîÅR4‹ÅAÌìù[}¨+Ì/ž\ɼI%Ì;cU…YÜ2o ÷>½%éÜþ°NDgŠ£ò\;®)•Üÿò.ü‘H„@0D4! Ž„ êÚÿgï¼ã£(ó?þž™ÝMÙM#…@B $”¡wEi¢(ŠbálwXÎîÙ°7ôg;ÅîåÄ.<ÏrvéHï„^ÒËîfëÌïÍnf“Ýd„ExÞ¼æÅfæû<ó’ÍîgžÏ÷©Þ‹Eu`Jï€×ëõ2Ô¡ºíôÏkËëO>MRRã‰UÁ±…"F£‘»î}€¢¢"¼÷NÎ5˜SNBç™ÌY²Ž…¿oAV|e½U4¾Ÿ»ïæ-åþ‡£sg_Ís·$T–ppÛ*ìÖj†X¼Ì™Å;Û­|¸µ«§¥%É[x<º’çF£E÷¥Ò$j ÁañóÜyìrXHj›íTAÈéùlÙ²…´´´h§"NîýÛEÜùÌL~åÓÚk‘‹WaÉ$6% ðx5j=0wc9‹ŠVÐ69Ńª+„N/|õûA†æ%Ó¡Mãïtµ./ªæ³A«n¶êj ¯­ŠxÇA,™PQð4˜øÄãv’i‘xìþ›6¨ß‘>% •Vå(››ËÛ|‚š˜Í½¿ˆ½¦‚³Gàô“úbP ¨š°'o/ÚÉÍ÷?EB»|Þz÷Àhè'>9ÜcÉÌ-@V ˜<6þš 3OnÏà””Vt/›u7´*+1–@ *V«•—Þ|ŸÄÞgF;@!JÛüøËüh§!N®œ2‘YÏN#'=¯Ú Þ½lÀ˜Ú‰ Ë7a³Yñz\Øìµx=T Êl^*k}Â^·vþ62›ÉÒèÞ6–jÍÌÜ~ÞPƦ¥6/û«Ü,Ú^Åìeðx5T·“ò’ƒ”•WQesSµ¶™äœ$%ø» ªz1¸ª¸ñüSøù£—…h(üÁ#£È^ÌãÏâÁ{¦Ñ93‘‹'…,˨^•êêj^™9‹¸¤4^Ÿù11M[Ss HÊÌeφ%”ìßM[jxªOzi:KV®åî¼I±µ6X@”$³ H—½ܵ•=¶Ü^ kM5²³0™ÒùmÊú’ýäe&dŽÁîöɵÖ*Ö­]Kie n§ö&+í{ô@SL8ôß.Ý.'Š³‚û§Nd¸QGù,‚Ö@‡ÇŠ¢0ýÑÇ«_çüˆÁëÄ`عéwöíÜFÏ>ýi›OºVÃC]VÔxy›Ríð.lN(IR£?J²†.-æÞGÇÔ{"’,ÞC‚?"¦ö=ønÎ|! ‚¨1¸_/~zÿz÷SÞüÏ\%=ø»š1žɶ•°c×nöÔ¤âغÄÒr’ÓHOOÇeÐpî·±¿¤Œâý{±–ÄîRi+Wй[æÔö8Ž:Ñ°kéÆëÉ=7?x”Z ´&B8<ÎX¾pmRñxAxJJJ(--eß¾},ß´›ÔãÅȲ¨1(éêY’ †@í ½mSÿ 'è½YoWÕ×5Ôí7¨¢½-4‚Ú‡!×6¨á°b‡ûûÎ>¬ë¿ÅÕpù6±¯P1þó§iªª6ÊEÓ]3ôõÃXsƒêûiZX›¸þ>•³ÂVìï3AçO_S·ZoD“ôÿûíó²\¿/M«·SëŽ[Ö]ï†yúQU5‚ë ’ÜO¡úözÃø-§C ¶M{Ö/üïaö"‡Ï5—žÏÔ‹Ïå¶é/²hÓ^2Ûçmm“MïÌÎtܳ‰í{KØ¿ßAee{vlEEAÆ‹¦ê°’eñÒ»c&YÝNÂét6 «JŸǬ7Ãl6ÍÃG!G”—•a«,Á¯Ýx<œÕ%,Zx¶òÉëУÇÎä4•)q¼¶ÃÁ 5D¡ò¦0ɾ×JÝLÊ~$Å( ß A ù¿g^ÄÒçœh§!“ZÕˆÍf_žAÔ1 <ÿðßÙ±{/w>ù:eV#íÚµŠÉÈëM‡1¸+÷²wÏ*k=Èx™ds :õ$©mÇ# kª*PjK™qÇŸéÛ«ÇÑ<4@pÂáqÄ_}FûŒ” ÁÐh4DDÇCå,9¸Žy]IµIÓj˜ÖQf•Mâͽ^* ‘ðŽ‘ê„C9xÄ¡l0…YS Ù¸i{­mÓ£Š@ 8\Òº±lÙ2N=õÔhg"têÅÇ/=ÄßÎå_ŸýHBFGbbb‚b,m;Ó;§€˜˜L&111¨ªR0t»]ؾ–Écqéä[Žæ¡‚( „ÃãˆÊâ=$ÅÅ… Ýn7^¯7ðzÏÖuì‰KaXÿ^T–—ÒËèàñܾ*­áÇNCL³û3Õ ‡%xÄ¡Ádlµc‚ã I’xbÆ+$ö½8ì̳’nöä [oƒ×rÃØ afLÖϼ¬_¯Ÿq7¢YŠÃØ–C>Jjø€É ãüý„y 4q¸¼ÂY’#™%9(•Ðp}|¸R#™Çþ IDATšî8BÙ†5I ¼n4qÖéÀù‰Ä†nVì¬æA³xûµÍZÒSàþÔÙ–%YOû·ª;ͧ°g(ÌïB8w$ç 9”Ä ¶ïÚ‹ Á±ÆÄ3FrÎé§òøËoóëš ä¶¸›×Òµm/¿ú°(O%œ áð`ïžÝ¼óú‹ >Š±§?¤>þò3mÛX%‚Æ–e½¨hIÏäŒ)׳~éÖ,]€ÑaçœD•¡æ8ÞÙog›’ˆÚDþ˜ºÏâŠÑˆÑX/ŒB8‚H™7>ÕÆ Râ€àºuAa݇sY÷:H°jïG_: {­B Š‘$ºèÛ‰‘çšÖ¤` ±p[4lÛp¹7#ªJ:Ѭa®ú‡Á»m\ðˆÑ Vb`µ^@««É¨ÏÂ_× aY8M\3ô÷s¡S.ݹñ·Õ4-¸Îc]ŒJÂÔ>Ô_|ɾ¾ä¡`ŒOä@ñ®Cj+­$IÜsÃTVUq×ÓoRì£k·‚fÛíݵµr/Mû Â!!œHá0ŠhšÆû3_§f×.QÀÚm yìÞï™2õFr;wnQ_wo&%)±Y±Ð¿Øk y’$Ñsðh:ôgÉO_P´e©Z 7eʬµ{x¯Ìˆ->9ä> uÓŽ8 šµK Mòô ¯‘Ø÷ÏÑNC !ŒñIo/v@Ð$ÉIIüóÑ[Y²r-¯|ô-Zl2= û6ŠÛ²a µû¹øô!Œx‹I&>>6È–¬.šÑ€ÁC}˜’uîåtݾßÿ‡òÒb îokâ»r;óÕdÜ1Á¹ýVe£1تnN@ ±jÕ*l1m±›/!þȦ8ªj¬ÑNC "bp¿^ î׋¢]{x}Ö7ìwƒ™8“B‚î¸hkL²¼‘ËÏÌø¡Ý±Ú¼8ý6òûžÌ¤ ›‰²vù|:´Ïˆ†þÑ…¡êúþ÷`7†$³:pþÕÝX1ï,_ø3†Z;gXTª.f•ÙßMñÝ6FÉg)26˜UYX• iJJJ(--åŽûÁÔùŒ1’,!ûËEhª×ë{­(ø ÇŠ¢Þµº8£näw¸úCJ¸ºD‘ÔýkP‹1RôuѽÖXBýµíš²;‡´þŽ=:‹ª¾w½Ý7(ÿ1écäØ\M½Fkôb½µ9”µ8ŒÝ8¬U9Œ Ùãñ^«ºx9̵×ï?TŽAödÝq¨š~»tq©á¹ÐÕP 䨳ä{ý¿7Pÿ;Ô {EÑÛÎ5]¼ÎÁí kž‚c’Üœlþ£†@ 8ÕL"«V,ç©ûnfx–—.Ù)Ü÷¯oØa%·k:w) ±cþñÉbfÏY‰9.†KÆö&ÓµG¦ÝÀï+–‡ïØã$..Ž¸¸8âãã- ·ÙÝO<ó"cÆŒaÛ¶mº“e™#ÏbÊõ÷Ò¹[ORÔj®J.çbu¦Š€†¢ù>+u#ý‹Ñ „C@ hŽÊÊJv—Z1YR¢Š@ 8Âx¼B8@p| „ã€Óéäåggó¼¹tL>ýy%ÿþa…CG‘˜”Ć ¨­­Å`0Э÷@Ê”Lyû'–­ßA§öiLדs?ä©G¬¬Qÿy…CØ_áý¯C‰‰û*j±X,lÞ¼™áÇóí·ß†Ì;!© g_r=ºì:’Û¤×CW¹’Û’ŠR¹{u5PoU‡bVe@ h–¿óÆ|1ïª@p<âöF2.Q hžë®»Ž>ø€Õ«W³nݺh§#‚aUneþ:—ùß~ʹÃò)©ð0}æ´ÏïM¼TΖ-[ÈÏÏ'55•;wâv»ÉËË#!1‰n}‡ó˶ÌYù3Wœ9}òp{<¼ûÜ$uèÉeS¯ Ì”Ù17ìœN,žû=™I&Ìññ[rC»rye å5.rss©®®føðáŒ;¶ÉcèÔ­7½½' ¿ŸÍos¿Ç[kgL¬ O¥ŒJc«²¢áP šÂãñðëâ•´9­N8ôÛ-©·‹J:+¥,Ë˱$Ë»¨$I¶²®9ŒýToáÔ›Bõ3/-|¹ë^ûÑZøT3{²ÞÒÒ^ÛTŸ‡8³n£þš›ñ¹AŽáöÚÒY¯›k§^YÜu¹©ºY˜¥Àæà™‹õt-”EZÓêïsMC q¾Ú¬ÃZ±›¹>úßômý15Ø—þXš£¡Í¾¾O·ÛÝl{ )6oÞÌwß}‡Åb!''‡²²2zöìí´@p‚!„ÃVÂjµòÆ‹OÓ%ÅË”Q=xÿ»¥l8PK¬%£ÉDÇŽñx”ø×h—úº†ºøPBm€§¿‡uõ ƒE*IR@(Ö÷£5¨eجp¨?>]-àãÐç¬ï'LíÃð÷qóõå¸DÊÊÊh×®]˜ yTUEUU<.—+ÚéàEX•[þ÷o] zÓ©S'–.]ÊŽ;0 tïÞ¸¸86lØ€ÃáúÙjµ"I]zôANïÆcïÏã‡ÅëÉh“Ä_Æbßò Ý{+»vîì» gºö?…µ;JPQ‚,Ê11±Ä&µ¥sçÎL™2…K/½´Å#’SÓ¹èoÓ˜rõ­¤¤¦`4úFƘiÓ©¸ñ!Y šâ£Ù_aÉí4A+!c±ÙlÑNCpœq¨#Ž@ 8ĈÃ#HII ïüsý²b˜|jk·îáoW3ô䑱ÿ~†ŽªªlÙ²…„„233INNf÷îÝìÛ·üüüF?ÇÆÆÒ­Ï6•³øí¹pT!}»fÓ§‹Æ×ïÌÀŸÉÔën Ô4g¯£š”1cºàÈ">o  «ò$=µ Oš€Ë’Ã?­Áåö0z`wî¾ød(ÛÌÒß~Åãñ0tèPL&‡¬¬,ºvíÊþýûYµj’$Ñ­[7, 6lÀn·DC=󺒖ןg>]¬–c‰å²q½Iµoæ‘i7²fõ臘¥sêøóX½£sRê õˆ1@9_}?sǾÑNC ´"²¦FeÒ!@p”ðzѪ«!¨FjómiÂ-Ï!¶k­¶Í^{h¹´¸MèT‡ŒªúÎ}Ksiɵòs(ÇÛ šÃf¥,,„pxéÊxVnÞOzZ*O>û¼|>o-ƒÂg eÚ…ÃðVì¢xÿ^’’’P…;v°bÅ $I¢°°íÛ·³oß>)(( ººšÍ›72÷£( Ý{¤:&‹éoÿÌâµÛÉËNg긬úî=žž~Œ>ý,Ú´is´O‰@ t¸\.Êj\(Ƙh§"Zƒ">b Ž<âaý±ƒóéì5ïÆÍMº\Ô>û<5gO¢²{*û Â3a³ý«;vb¿ÿajΙDE÷ÞTô¡úÌsq¾9óˆˆYÕ§…íÊ¿Eëúâ+l×ÞDe¿¡Tt+¤zÜœ~^ÌÔ4œ³>¥æœITô¡¢k/ªGŽý¡GѪª;w×·?PÙkî…¿5ëþuÖ+®¢²Ï *{ô£fòœï~Ðt#‡Úgž£zŸ¨èÚ‹ª¡§`»îf¼›·vîÖ /¡fÒEG¤/àh!¬ÊG¤ädÆœ=™m›7°iÃJúôìJA~'¾Y²‚C-à ;sÛÅ#Y¼¶ˆOæÌ¥ ßPÌ ^¯—mÛ¶qðàAòóó±Z­lÚ´‰ÌÌL²²²PU•­[·²6aBb" }‡±pçnæ¬ü‰ËÇ`Tÿ<\no=s/m:rÙÔkÂÛß@pTøeÞ<¤v½¢†@ heŒb°¡@pü¢ª¸f}Ú|ØÞ½X¯¸ï&Ÿ¸(g¶E³ÚPÀõ߯᪫ ÁèdÏòX§þ ­Ü7Dn›f³ã]»ûÚu8?ùŒ„O?B²˜)}ÏÂE¨»v£äth6¶öñ§q¼ú@`Þ›°O»Ï⥘Ÿ{:¸×‹õò+qÏ›ïûYQââðnÛŽwÛv\ÿù/ ³g¡tÎ=¤Ü\³>‰(Îùï·±OÜ7ÒÐhDŠ‰Á³x©oY¾ó?C°¢UVa½êZ<‹—úŽ9%õÀA\_}ƒ{î/˜_œq̨CÎÝ»i3ž•«P ºrA4JR+×µ€1§p°ÖÈÁòÆŒB»¼B>˜»‘½% é•ËS7œ¹v7[×ÿŽ$ItíÚ³Ù̦M›Ð4nݺQ[[mصkW’’’Ø»woØý¶Ëê@Ç^Cyãû¼þÅ.UHaRN»žys:Z§@ !øâ?bîØÏ÷ƒ¦ê¢išTC |uèEAQdEñÕ‹“$YÆ`4b0ÛEA’e_½DÀ`0$)°Å×õñ"ËõK˜Y·­««Ý¨_õ£ï¿n‘#ÌM–dd)|^ús IróK¸c Ê­ñÒTúc7( EAQäúÅ ÿvƒ¢`0×Ì (Áç±îÞe¥n ¬kfñßK —pñJˆ%h»Á€Ñ¿˜L&L&F£1°Þ`0èÎAýb0û7êb ŠØ—¾>£¬ûÑ_§P9*ºón¨«Xt9è wÜAëë®_dzFaS´bÄa”ñxð,]†íÖixV­n6Üvû=x7mFéY@âÏß’´d>Ék—c>Ì×Ý¢Å8ÞœÔF-.Ázñåhå†#qî÷$-]@òºXþý/ä´4¼ë7b¿ÿ᧯–”àšý¶[n(¾vÆ 8^} )) Ë{o‘¼z9É+~#~úƒ ˸fÿ×çÿ jãxå_¸çÍGŠ‹#þчH^¶€äUK°üû_(½z¢•W`»þ––[¯½^<+Wa¿ÿaÜs~i>|{ö‡¯—¸»ï yÍr’W/Ãòú+`2…ÌÀñâ+x/En›AâW³I^µ”äå¿aštšÕ†íïw Õ¶Üâ­UTâúêl×ÜÐâ¶Á±€[‘“FžÆðñ°å@ H çœ>’ýN ï|·¯ÇËE§ àÆsúR¶m%{vn'11‘nݺQSSÖ-[HOO§K—.ìܹ“;w’@VVV“û”$‰.=zcÊìÁcïÿÊ7 Ö’™šÄÔ3zS¹î'»ï6öìÞ}”΀@ ˆÞC©á"8*ì+.G6ÅE; @Њx6¢†@ 8‚ØœNeïÔLº×ìÿ4ïþþG< "YÌXÞ~%?Ï·A–‘Û· Ä9g¾4Y“ó½Ð”ü<,3_«™'IÇŽ&þùàúìs´ÊÈl¿ÞmET›@Õ€áØn¹õÀÁfÛhN'ηÞIÂ2óuŒ§œ ))‰˜Ë/Á4qB =®/¿ÀtîÙÄ\ög¤ÔT01ŽMÜ´Û|ù¬[º+ò/RÙg05ÏÇùö{µq¾94 Óyç{íÕHñq`P0ž~ñÞëë÷Í·‚ÙjõY°ó«/ ô.@JmƒùéÿC)ì…VY…ë³æ¯¿µ¤„ê³Î£²ßŸÝy{QÄm‚c !¶2111œ>ñ":ö>™-{+h›Ö†ÓÇŒäç å|:w I–xnœ<‚3z¥°mõ"ª*+hß¾=yyy±oß>òòòhÛ¶-7n¤¬¬,âýôBQm"¼õŠö3 {.™Ç—o=ÍË3žÂáp´òÑ ‚£É¸~êŸÉÉlÃ+/ÎYU=víÚ…dNv •q×V“–*êJ ŽÖ®‹(w­ª uï¾@î¡úmˆûëÿ¡UVa4À~¶ÇÝy+qwÝŽaä)õ+½^¼[·úòœpfãÜO9)1Ѻm{D¹x·oM«?÷Íüh55¸>õ š1Nn´Ý4é<0™ð®ß°$¸>™fµ¢äåb8 ¸‘Á@Ìùç> tÄØkQwìD2›}ùlj‡Ç‚?&B8MÉí6Fj×Ö»ac`V]ƒ”€¡c±ðMŒâõ=ŽT„2ôï”{Ü=w6Û&0rpâÙ!·ËYYÄ^w ±Wþ¥~¥¢ t÷ÕîóÌ_Ð8õÕk|³!J·®å`~qFPþú›¡ðn/B«­E²X0 Ôh»‡qè`_¬N|õ¬[€qtè†Æ±£}m¶n—+¢ÜåŽ9A¹Ç?óDDí‚c !e =™ _M©+–»““bLnÏ›ÿûý¥UœsJoî¸`(5»VS´u#ñññtíÚ‡ÃÁ–-[HII¡{÷îìÛ·ÚÔWèع ]òìçËxÿÛ%$Xâ¸|\o*×ñð7°níšV}—OÉ=·ß$Fü4ï7Ìí»ù~Ð k‡AC1¤ùú¥ùv-ÙÐS¤95™oh1òp––ŠŽ-:¿G‘põ%õǪ¾4n^T #¬Õn¤þœ Ø‘ˆˆÍÔË [[2„h¨èj 6ù‚;ÌI-Èpû­ÏMw”maØ £UÁ …””€z°8lŒVSã‹)) ¬Kø|ÉëV¬À ñ,^ŒV]œ–†¡_Ÿ#˜q0êþý€OøBUñnÜ„ëãÏp¾ýžeËÑ b‰™t.ÎYŸâž¿00´wÛvÏ<ø„L9«}«å®—ørï †ÐõfåÜN€¯¦d£vuÛµÉÎ Ld£–”„ŒŽWĬÊQ@–eΘ8™Šò2æ|óqF#£†÷gÍÎ|³h—Þ—kÿt2EûJ˜õó"2}V匌 vìØ¢(äææ¶x¿Š¢Ð½pÖš™ù3cûuää¾ùtí˜Á_¿ÅןÇsõ·“œœÜ G-Ž^¯—wþýÏ>ñã:Ã#ã@Sñz½èË&ÆÊü¹G-kç½ÉÀŸòükï0fìØè%~‚³û` ÆNIÑNC ´2ZÕºv|4@)ÇÊÈgAó(]»øföxÍÞ  íÚ1ñÁª9¼Û‹°M»㸱Ðð¡ÐD+ö‰™’A¡æÂK‚,½rNÌÏ>…aðÀ õ1S¯@SUj}ë”Ë‘Ú¤ ·iã¥ÇŒÂüÒs­–7Ô‹RrøÏ\þmzÑV-.nº$!%%¢•W —"73÷€@pôêÃÏß~ɾíëè‘׫½–·¾]EAv"cuçÔ~]x÷Û¥l·ÉävíI—.](++cË–-äääÓLP´Ëê€Ö>›·~^GªÉÉ_ÎÊ”1½ÙWRÎôi×3öœ‹8iÄ©­pÄ ¥Ì›7{ÿ~ y vî8%“[7Â0²”ûej\7 šó¾ø•ŠŠ Ú¶mÛÊ JJJ(--å·E‹ð&fG;£F«‰9–FÛ„È¥ÑM «¯UˆÑooÐQàDZÛJºÆúÚ†]úv^oýƒB½µWÓíKߦ{°(Õ Ñt¹išhë·ûsׯ×ï'Ôz}ª¦ö«ùíÐ [—£~»¬ëSÿ~©?VýÔ 3ª;²¢èV7>ï~¬û·rÞ)'QPP6F 8TĈÃ?r»Lâî¿û]÷á|÷Üßþ€Ò·7ZUî~ðÅtȆŠ¤´Ô°ýx×®Ãþðc1—\Lü#†µà ´ÚÚÀLÏZU% ÌÄ0|X`{ì-7`»ê:Üsça»ãÿ÷E`›óý°ßÿ0RŒ‰¸;oõÍÆl¶à]»Çs/øŽeÍZâŸx4¢IZÿß&¼áÂhnOÝ Ýß:£Á÷7 ‰ÏÖ~±7ÔßnàxFŒ8<†}ÆÙLúËÍTyãq¸¼ôíÑ™j‰W>_DYµ•¿LÊÔ±ÝÙ½~1÷í!55•.]ºpðàAvìØqHû”$‰üÏêÅõO}ˆ¦i´OOâÊ3z³ù×Üø·¿Ùƒ-bõêÕœ5z(7^v.guv0©oq¦ÈŸù¤Å©LìâæŒÎ^â `hbt¢ õX»a3rbf´Ó­ŒZ¼‰±#GD; ÁqÂœ9s‚ÄÂ5kÖ`µZ£˜‘ %Ä\| ¾Ò9µ¤÷?áY² )Þ7âÎ_çOn›Ñ¸±ÛMíSÏR}ö$<‹—"gea~áYâÿï‘V $‹ŒFß1\úç Ñ@Š‰!þ‘ð®[ºwà«ûg¿çPU,ïþ›Ø®Eé]ˆ’—‹iâ¾úrÇ\³¿Àõù[/ÿTŸ«UV†ño“tÒ¥´´ºmUáÛUU7j'œáð#..Ž .¿š¦P^+k2Ñ¿Wæ®ÝÏ¿þó©Éîüóh†æÙ²j1v›œœ²²²Øºu+%‡P¨Õáp°}ÝRîŸzfàÃɶÝ%ü´l#±’»™Ö 5(**âÒóÏâöË'0¥k O]Ð Ÿ¯(eÍ[³íÍF•±9Ævt`R±¹Á]÷àUŒX8úlݾƒØd! Ç;Zåzôèí4Ç {öì¡OŸ>ÔÔÔ°lÙ2âââ˜?~´Ó´Ãða$Îýžäß—0û#’_‚ñôÓß ÊrJ«ª¢úœóq¼ô*’Á@Ü}w‘ôË÷˜Î =Ãqk g¤`:$ôöN‘R|¶]ÿ¬Ðž¹¿‚¦a:ÃÀÆDIæøÀ,ÌîŸæ´FÚ¾ÜÒ#}ÛüÇ ×üÔ**B7òz¶r};àD@X•Qr:uæ²ëîà·_ç°jѲÒRHONà­o'9Nbòè~ êÙ‰ÓÏWW IDAT\Ζ.ò z“ŸŸOee%ŒØ†x`ßn ¶ÜÙ uO¯>ø~¥UV²R-Ä¥4=ݽ@ 8²óèýw°|ÁO\sR ÙݲPUßÄ'}r,ôÊŠcó~_ü^NÛý²ƒmFY£j-¹;®N a¬ˆKÊ0æ…®™$äê^Kèì—GJì7@µ¥§£ÅmC]7M ô£…‰ gaF’‚ödÚ Ø¢Ãä+…ˆ%ØÊÉ1…zð éúo¿–¶ êÛ£·ù66ŠG·>È>¬{t¾ô–kÝú Ù—uVl5ÌÄúãðÏX­ª2šÇAŠ%»Ýxk6›‰oÝz^‚ã—/¿ü’Î;ãp8عs'š¦Ñ¯_¿h§Å×_MQQ ==üüüh§tÌ#µIÁÐ&XL Ì\ܹ~ÒKÍéÄzÅÕx×­G霋ùÕP ºÕ\Á'¾©{÷59ºQŠ‰ñ½—Ö•rðü¾ ¥s§ðýætðÅ._q¤RmœW¨§îÜ…æp„´D{7nöå“Ù¶Q;ï¦Í!ûõnÙêûû"ËB8œpˆ‡Ç8ÃFŒâª[DIíHµÝM—œ bãxiöB–®ßÉE§ 䦉})Þ²œ=;‹HNNŽH4Ô4Ík–Ó;]ã†É§b0(Øj<7ëW¼¤'ÅoiíCø&ÏxèžÛ9ó”þzWðää<:¶ ]Ô9/#–‰}ÛbâëµUÌßjÃãUé–dç¬ì2:™C‹†~ĈãÃÝô„S’,!5°‘KuB‹¦¦[# 'þE©…KKÛ†Þ©Xšl¯»þAmÜ ã ·å®û'ë]ß²,–°ùËr` ÄëÚJ²>_}ÞºX¹n ÊEÿsƒ}*u‹¦­}Œþw$äq4è3ø„È°îßBaAìv;¥¥¥”––b³5?B\ G||<ÕÕÕ´k׎‘#GrÝu×E\Û¸5™>}:»wï&66–µk×F;cÏ﫱^úWl×Ý žÐ×L«¨Dn—‰qÄIu®OfãY¾9«= _}ÑÀ0t0žU«Cn×ÊÊQ@éée­äuÀ»m{Ø~Õ;}±¹¹acC¯žÈí2ÑœN<‹–4Ú®UVùDNIÂ8fT`½iÜXÜ¿ü²_÷Ïs|uë¬ÜÁ‰‚ÿ(ŠÂùSþÂWßF­œˆGÕèÚ1“mj˜ñÑ<.·\x*§÷Lbëªß¨¬hz¶e›Õʦó¹vBFòý1Z¸fïÿ´–üœ ,qFìNæŒ<¦ÞØŠ3v \.Ï?ó$'÷ïFê¾ïxù²î憨u‚vIF&&1¦3ìÜ{·­ ¯ªÒŒF%ˆ.qM‚ãK»|æ®ØÌ'³ÿíTÇ ªüÇC’¤cB8ô‹ãEEE˜L¦h§sL¢äçá^¸×Wßàüø“àºësÑ{ηß öÊ¿ YÌïO=p÷Üy¸çÎóMnr˜Ä\2dç¿ßAÝ ÑöÚ§Ÿ@éY}gäQéY´Ï’eÚhVŽ7ÞòŴͳtî¹óð®[ع£(˜.<çÌw=DuÎ|¼^Œ'÷MPS‡qô(äŒtÔ={qÿøs£Ü]@Ì” ƒ·••×ŸûêêÃÏ_ 8Âáˆôô ®¼i#μ˜*—‚9ÖH~Nÿ™¿žW>û•‚ÜöÜwùÚ)elZ½ ÇÓ¨=;¶AùVüë8ÒSÑ4™ÿ[A©ºvl‹¢ÈTÖªœ2a ¿w:qqqQ8RàøGUUÞ}û-÷ÊñòÞ¸²á=²Z40ÅäbhòF¤—òçB/Ë"k'F]Š‹‹‘ãS¢†@ he$ƒ‰6§^Ŭyyøÿžjröe ªˆ²,ãp8¢”MhÄ}ÉbLµÿƒÚ§gà]·÷·ß㞿ГšJÌeSm4‡#`“uüóuª†lrñ¬\hë™7ëeS±^65¤Ð×R䜘ƟŽfµR3áO¸>™w[žßc»þœÌY&þñGm”Â^Äüù"Ð4¬W\‰ã•á]»ïÖm¸fAõYç¢îÞƒÜ!›Ø® ÚŸ}Ú}X/›Jí³/vîàd¥¤$Ü?ÏÅ~ÿè»v£–”à|s&µ3^Y&æê©Á 1Wù&µÝt®o¾C³Úð¬Zío7àÝ^„’×ãØ1AÍ<«VÎ}8›³@ðGGÔ8üÒgÀ ú Ä—³?bÝÒù´MIÀérñÒ§óÉJµ0ylNìbæ׋©ÒÌäæwÇëõ²eÍ2Μˠ…ì-®à»•{èž—‹,y)¯¨Á!'rÃÝ÷“œ"¾ä ­ÅW_}É#wßÂiÝâù÷Õ… ¼^oÄ£âÝÍɉ­¢¸….8ññþè³{÷n0§Gf7Ö¡é¬ÆZ»²¦iHÚvõì¥uèk¼Õ–kan‚Èhö¼F âk‘ônŸ=$ÐÕÕ”õµë_$]+}ý@ÿýÙ ¦ ÿ'IÓ‚kúë6Ì L=GÿC©ÎN*‡P(ºXY7*(O}-CÝkýû°þ÷H ÓÖÿÖh2a0ø>Vý‰õ[—0õº[xþ©G)-- --ôtQK7nl4š¯¼¼œ•+W2~üø(eåC<€ŒŒ¸{§á]·ϲå8^|Ç‹¯ •{ÍÔÀ À@`vbõ`qó;p:l 0?ÿe\_~í¶iAÛ¤ä$â{CßÞAëã¸ÍåÂõéçÔ>ñjŸøGÐv¥gÌÏ>٢є‡‚ܾ ½CÍ”Ëq¾ó>ÎwÞ¯ßhP0ÏøÆSG4j{Í•h•U8^þ'¶¿Ýœ{×.X>|»ÕgµŽE„pøæì?]Ę3ÎჿLeÑ&²Ò¨¶9xúýŸÕ¯ ×MÁ¶=ÅÌúù7dIã¶É'‘`ö üzáF –T†õ+Àét°s y…Ã9}¹Q>*àøeÁ‚ÜsË5ô΄^Þs|\‹C/LÉRJpx´‹†‚è°gßTSb´ÓGsÇ~8,\qíßyæÑûèÔ©S´SüÁxíµ×èÛ·/»wïFÓ4vïÞMee%¿ÿþ{´S–÷g‚׋ܩcØ)6–„Ï>Ä5û?¸]€ºg/JÏü ?ý€d ®%/g¤“0뽈sPz^Fh+·ozrKããHèÖ)9t-í&æ—f`:ç,<ËWàYµ95¥°'¦óÏCñ DŠ‹ÃüÌ“Ä\úgÜßý€wÓf4› ¥k ýûaš8B<ÜŒŸñØk‘Ú4?xÅüòóàt¢ôhºþ£Ò³‰_ÎÆõýx—-G³Ù1 èqô©(½ ö‹›v†Áñ,Zì;æví0 êéÌñ!Ï™¡¿À¹Wºwk2'ã°¡$ÌzÉ,&Íü±Âáœøøx®¼á¶mÙÄì÷ß@–´Oµ°h]?-ßÌ_ÏÂ=—Õ§v¹=|æd¼n[v¤}~!çŒíô‚ã’;wòà7±qÍrNëÙ†¿ž1YÒ;oŠ4¹’Lm'ñÔb;ÁP5jl6cjØí¾ÙfuvNþ¯cþ™j¡ÝX?s¬„KôWµÑ×ó\ó ~tí‚lÂRh{ضºšªÕu¡³Õ7ÈÏ/0Hèì̺8ýñIš¾´‚¾ßº>ÃÙóõ¢F¸s)…±ùëíÉ„yÐãÿ}”5-pn šØ—WN ÍèëxéãÙ¼µˆûî¾½Qf³™øx1úDŒË墪ªŠššÚ·oOaa!ݺucçÎÑNM 'B8<Î5n<§ŒÇ{o¾Âúåóic1át¹ytæL>ÿOŒÌNeq9û+L¼ô:1ù‰@Ð ”––òØÓXùÛ^/Ã…½ŸôR}€_: ’þt£5°æK¡~}¨}júœuÂdP¾:Á/hT£¡‚„CÝì¦z±Pÿ¸'”è¨@%£±¾— ¯ª’<ä"~Þ0‡}7ÝÊ#ÜÓ(! âÔÕ¯3›ÍõŽ±÷îuÄ¡@ œHˆY•CEáò«oäï=G|z'\n•î=è‘ÛŽÍ»JHÌîɤK®¢¡@p„±ÙlL¿ÿ.Î9€±mvòù½§Ó»{g2’â¸êô /ÈäíŸ6óÕÒ]xÕƶM8içXOGû \vŸhx$øv«Ä¿–Ѣю‚#ƒÕV‹bŒv ÊX F±©¶ ÷=ühóÁ‚·;ô!Ô àh#„Ãã˜Ìví¸ãÁ'¹ðš;).«`ýÞjÆžw)½úövjÁq…Ûíæ¥çžaÄ€ît©]ÌÓÏæ”=¤Æo±m“ãøëiݘŸÎ»s·òÝʽ¨š†¬yHwl¡sÍbp!}oánxq1ä·†Hù˜­p¼cµÙMB8`î6‚-Îtîyà‘h§"8Æq¹\ÑN!,¢Æ¡@ œX«ò À ¡Ã4t¸Ï$àˆR[[ËàÞݸnL6óŸ:Å`Šhâ“Ì”8®Ý…ÝÅÕ|öÓrÆ·/%;ÅMí ×Ãœ"ž7 •‚ká Ž*v{#u6L?’¾®a×N aá gÏl¢jœà8$ì]ÓÂ÷)ìýäïN ¾wCf «5(I!ïE©AÆA–äærQ÷À¦~ôµþµW÷Z_OTÑY˜õ¿R]¼¦išˆ¾º¤&“ ƒÁ÷qÛíñàv»1w=™m[p×ýóÄô)--¥´´€´´4Ò#œà@p|Ó”p(>Ó àh"Fž@ˆÁ‘Çápе}"×ö(%¶r#šéLÉ`vîg„²ˆ+»ìgén÷e¸« ^^Å6¸q h×X€ïG§Ód0F; @p aîrEZÓî{(Ú©¢ˆªªüóÍwáU,]¾"h›¾Æ¡£ÑõшúÏ¢Š@ ÿáP UUINiƒ§Çhq©˜Šþ‡¡|!æ? `r•“U>—ä’…TVב<*jaÞNøý\;FçÖoS% ŠñfQ@’#š A œX˜ó‡±ƒlî¼çh§"ˆ~ò9£'_Íû+ªQ;âºg>ãœK¯cÇ߬ÉájšL¦°¢âÑBØ“àÄBX•à0ð=i×|ð-9Ÿƒ\YDÜîŸqZrðš;b ^;1–£TQ}ÐK’„ͯƒZ;<9Vèo—åúš†þúbÄáÑŇÕí@1…žJÓ´€'S’ꯗÔÀz¸~š&fD´ áî*-‚ûM e·‡ ~ÐlÄ¡t©ÞN/!5ÿž¥iÜš³SGJ¨Ùž3ks F’PêÖ«ªŠV¯jZà)½¢(ÁökM#¹ûvoùi÷=Ä“>„Ýn§¤¤ðͤ+f[>þøß÷?ò×fáÎèIrÏÓ|6wU#½S¬.7“oŽÂv&¬VkÈö&“)ê#@pb!„C@ 8 TUEBÃãñÔ¯´tK”êX. 6¶=šõ†ÒuØ]^G3ôIu{áÓõPë zÂÚÍ»QBí믭%FD‹ÅL¥Ë¬›’aôBD$êÌ…X' ÂÝ[{µ 1[k($†ˆ%(j’®†›ú=L’¤€0‰¸väoƒÚ¢!×ëÃõuýÂ¥.Y’Ðü1ªŠZ'"$ ­®V¢¦ªšˆ‰]†Q´ÆÆ¿Þ˜É5W^Ýnô/„Ãㇿ-búóoáLîBRáéhª†¦©u·¥ï^0 ´ÉëÇf»ƒ½•[±U:Èo`6 QÅH@ 8±¡@ ªª¢ij°pX‡'> bÛb\þ 67êÇ|©Áì¯6Ãþ‰ó{J¤Åû¾P+„˜4b×AÕÅõõ eYFÓVÓø6  ª«H‰v*àÅR0’ï~{ŸîÝpꈓ¢Žà²fÍZîyòì–Ž$õ8xð † âü¢¦A\l yÃ&P]} ËV~‹Õ¹‘.]ºÇ†UY 'B8‚Ã@UU$M )ú<Ê´’$Íš(Iswh¬+†³»Éœ[Po?ö×/܈—¾@ÌZ wo£Ñˆ$IÂåB0Œ  ÞªÚh§!Žq’†\̳ÿz‰N9Ùtìرù‚cšmÛ¶3í±ç©6fT0ŽX@ 1Ê04>Ñb±Ò$J*ŠyúÍÙ\~ÞF |L8Ž@ 8þ¡@ ¾ÌM‡ÞÐÅÍ›B/J’ÄŠý°`Œî,qãP¹QŒŸ¼?p½ï¡d-¸‰” ÑPÓ4T)8:$%šñ7#j!^꾌i4j´>D Ôv“ 0{¶¾­T+1äË&­Óž¶å†ï)ú€ cÆkZpŸš…úuÁ¶åú¦Z°]ºÂE„ÚS}Êúz‡º\aa–e9PãЫª¨^¯? ~†Âº ¬Úœr·Ý;™ÿ|€ÒÒRÒÒÒHOOoâèÇ û÷ïçÎéÏRì±”?ŠIAÓTTµñý¤eØ”˜œ†¹ß>\º‹Ï¿Ž¿_9™nݺµÖ!4ÉÒ¥Kñúïc|Ç[^^N›6m¢’@ Z1«²@ ªª"IàñxB.^oA1 zAp[…ÄK‹5¸y˜LïÌúÙ‘ý6dÿä'þ×Û%‰}À÷ƒ'ØX¢ñÜo^lŽ–å#8|’PÝŽh§!þb͘úMææ;î#¹þ`”——sÍ­÷1õWqw8™ÔüA(JÃ1Z“wsB¢%-©ó©<öÁ|λüzvïÞ}ä B–,YB^^ªªRSSCff&o¿ýöQÏC G?¤p¨9¸¿ûõÀÁȸ\xW¯Áóûjp·`ôË…gÕj<Ë–£UTZ²!ðnÜ„û—_[ÔFÝ»ÏÂE¨Å%‘5p¹|û™¿uネžÄG–ˆŠûûQwEþAEݹ Ïâ¥hV[Äm4§ÏòhÕÕ‡’eè<öîó¢ {R*ªªú~/Üî°K¤øE¾Vxu©ÆÖ2‡ÊœÜQ)úÛ(ŠXÿ;%ITk¼÷»‡¢ •çzØQ©qóPKÜ¡§‡CR¢¯[X•AdĦfcm;éÿ#Ú©"ÀjµrÛ½rù]ÏR>ˆÔîÃQ &ô`ãáMmÓE…ˆ‘$ sfö˜ò™xÃÿqå-wSYy侧4Ç—_~‰×ë%--]»v1kÖ,RRD _@ 8žùCZ•Ý?ü„íº›1¿8ÓÄ aã´²rì÷>ˆëûÀS'™L‡%þÙ'‘ÓÒB¶ó¬\EíàY¿!Hh4 èGü# ö Ù.Rl·ßV\LÒ’ùMjµ3^ÀõÉç¨{÷ÖçqÒpÌÿ÷0rn§ÆM¬6/¼„ãÍ·ƒr—³Úwß]˜ÎX¹{/ÅzåµÄ?t1½¼ÉXç¬O©}âi´²òº$d ƒb~þäv™!ÛhV+öÛïÂõýOàñà.÷‰ÃîŸçÂ5×D<Ëh— ûƒÓq}ûZYY`µd1{Ó Ä^yþ¿‚cŸ8¼UYV#á'IT9áÓuW”1Èõ–8ýHCÿ¢_ ( ²›¶Ài^¸ä'1qóp#ÔMࢠ«òQÇb± ‡C^M û 'hödÝõeaû^fµ°- Ž:QMî}0Üý/+7—þR*€ÿýZÓ‚~§%#I_N ®OýS|Y‚„ܬ^ù_>ýü Î?o"v»’ßÃc³Ù,f[>p:<öÌËü^TBBÞÚ¤ÅMFÖ˜æk6-$ÇȲ©mw–W8{émœ1¸;L»“Ét艉‰ìÚµ I’(((àÎ;ïd×®]­ºO@ D—?ÞˆCç›3› Swî¢j외¾ù)1Ó™g`:kàÑSÈ8ýû¹ndyr¿sxwöwìÙ³»ÝNii)¥¥¥Øl‘;8GÇÃÓ/ü“ ¯€"%—´Â±˜â,íþÚÇ¡ÞÒ#­iØ’ÅhBMïÉ7Ô2â¼+yõÍwZÕæî³²²èÚµëÿ³wÞñm”÷ßiKÞÛŽ¯,gïE ö(…²w eµ¥?Ve¯–½Êh)ÊÞ $Â& „ì½ãÄñH¼mÍ»ûýq’,Ù’,Ç<ï¼îeéžïóÜWŠ%ß}î;°X,âüB qáPY»׿ÿKÓYçã[¼¤Sû–›nCÛ³ãÄñ$5ÇsOáxöI’¿›‹é詨;wâ¼óÞ°9Z}-¾ÍåÂ|Âq¤,YHÂóÏ´Í;îPUZ®½¾ki·-­x¿øŠÖ;î¡ùWÇ5Çõô³xÞû9;‹ä¯>#ñ×I|s:É?|‹\TˆZ]ƒóÞÃç¼ø¾Ÿ—‚ÑHâ{o<ÿkþó,ÉKb½òrœ<¤§.weÓÜ/¿Jóù—àýâ«NíÕŠ]¸ž}Çã‘ôéL^x†äŸ¾Ç0d0jM ®'Ÿéøš_žŽ²i3r~/’çCÂËÿÆ4õ}Ð ã™ñ1¾E‹ãöÛùðcø~\„”œLÒÌ÷Húø}?HâŒ÷Høϳ`4âýü Üo¼÷šA{P•ÿ|¶† ;ë:‡±R• >X«GÞu¤ÌÃ$l¦ð‹ÎÀ$¶/tL–eš½ÏýলU%7I"'QæBÿyüŠª&šè®üK“••…ÚZ·¿Ý!‰ãÎåÖ»ìÜP°ÏÑ4¿òg^y3+YdŽ8³=¹³Y1À®§+G74Xì¸2‡ð̧k˜|ÊÌšóE'¾í‘2,D=N@ 8´9(„ÃÖ[n§ñ˜“pÞó¾Ÿujï[´ßüHvŽ'AJM ŽI 8)= ï·ß£lÚó|ðšÓ‰œ“ãéÇÁhŸ÷è?R’Q+«ðýܹx  54P?dÍ—\Žû¥éhõ ORܯ¿ €ãùg {‡äœllý3ÞÏ¿lKÁ|ßÏÀ|ì4ŒcF·ùn³a½æ $› ¼^|‹ŽËwç£OÐxä1´Þ~7ÞïæÅ5ÇýÒtð)˜O<óoæG Oƒ$á™9 µª-Gs»q¿úºþš~)-¼VŠiò$}íx#&½^<ï¾1½ÜtÌÑX/»D7ýdv|k PU•ÜT;ç^ÌÖªF^þb={Ú"•()ÌŸo‚/†ñ½à£$R¬»)·¯eº/ðØ­H¼ð£—ç~ð`4H¤'¶Í L”$VV‰úýÅxPü¹Ä@r·bØ­— ‘¼nŒ»¶€¦†Û¸Z0ÔV‚ªbܵ%âf¨ÖSú {vE—œÍÈ{ÂçíéxÓÏX¹ ÉݾSU1Vn ³‰t|äúê¨~J.Õv `NH¥5µŒ×ßzw»ò«æ­÷>âw—ÝÀ‚J3Y£NÁ’˜6,C@ëJ”aw„DÙ–B}Ê`nxf&GŸ~ ËâÉtê¿‹6lØУÇÁÅAQÜÍз¦cŽ>÷-XˆÖÔÕ^Y³NŸ7brvV‡q)) óÑSq¿õ.žwÞÃö·ëõyþôYÈaa¢ap^BÆ!ƒñ~7eÕLS&Åá¼±-j=·3áÎûÅW¨•Uú÷Ã8rx‡qó©'!êgªè¾„8ã˜Q}OLÄЯ/¾eËÑjvwê~aïð÷~ñ’°Z‘Dð™N<®Ãæ x IDAT˜Ü«ÆáCñ-Y†çíw±þé*¼Ÿ~ŽV[‡”–ŠqüØŽ~ ‹–áùl.ö=µHéi1}P+v¡µê5Å"½€žúýì¿QV¯¹–@ UUÑ4½9Êø¾iŒ-MeîŠJZ¼7"—Tk¸ý°¸¦•À´ÒŽÑ‘ž‡FÆ}ªÄëK<4{áØþVÖTû˜ý½“!´]FÈÀÕÀùK½(ªÌÙƒ£¤Ï ö™™™dff’—›M‹Õâc4ÚÒˆÛÿŸ„^x†þOi!?Cë#R‰|Ѿžø¿ß[Ì«ôÞ“ÔÜ÷ÆëI¿ç\šÎ½™–£Ï ÚXV|ýÛ÷©¿òaRžÒoòIŠCÍ|9E¨Ž$jo}äçoÄX³Õæ;NÓéÆ=j =‹õÇÙ¨‰úß;ÙÙŒf±Ó|âïqNþ-éw‰{Ðxê¯y"8_nm$ã¶S©üÏ2ÝæöÓPS²ÐŒá‘êÿüö¯ÞƼBoÖf¨­D³% úS.›Î¹ ÷8ÎsâD"FÎè9úÃ8Ã>+­ƒ®V§ «Y!zeë6 }Jâò]Jpèi±~|óæÓtNì¦"ŽË¦cŽl ËG ë°Û8~,ÊÚu¸ßû°CãeÓf|Ë–ë¾—ïæÓOÃ|úiÁçÍ\³#´VWì„MX5N™„oÉ2”mm…”ÿg¦I‡‹‹‡"çæ"¥§¡í©EÙ±c'¡æõêõ­VäüÈ'Iê–­úÚqþ_ ‘PU5Øx$ÀÔA™x|*s–íBÒ|üµ/¬Ù _mqùpÕ˜Žë´óB# C…%UƒVù¨hR9k¨™üT3UÍ ˜ðPrz™ï%ôœý‹›_x?]{-_|qœ³Ñ4 ßì.Çœû»Kpð Y8>z×È©(iá ¿T{"»ïŸ €±ºœŒ[N >¥é¬ëqŽ?!ê1\N¦ñÜ¿ŸÛÎ&éµpM89(š×-²øsÜ£¦E]§îÿžÇ—SØaã97Â97öÈqŽž†óð3b¼jÁþÂ1ê,n»ûAž{RtZþ%XðãO<ýò»8 †’5îtý^½ªF´?Ú0ÖXÕ= ˆÓŸ’Œ/±€•-Ž½ôÆÈãÑ{n&)))Æq¢³iÓ&š››™8q"µµµìܹ“ääd***p»ÝB8‚C”ƒB8ì*r¯<T¿È‰@Š²êïPëF÷djù$› ãäÃzÀÓȨþˆ@9'­© ÏdzQ–­@ݽCYLS&…¥"°œw6ž™Ÿ ¬XIë­w`>õd úáýâkܯ¼ €iòa‡ Úw¾WëQ’͆å¤DÎ΋| Ì“s²£®-gg¡ì©+bÒЧ4L°í€¦á™9 ÐS»‚½Eó7¬h_óGŽ–…ÇåâÕŸ!/)²`Ú´$Rçä@cMƒYë6Öªœ>ÄBQª!$Q¿ˆ(C-!ë§}ÐëòßK‰qøéGqÝþ€¦iÜøðÃB4ì!Fħ®Âá!„’’{äQ$M¿‡ºk;Öíݸ‡NFzá&äÚ](Yz“æ3¯'ù°»l<ª=ññCðËcIɦÆÃì9ŸsÁ¹çìowYV­^ÃCϾŠ5w™c~‹ªšWue º¸·7©ÈñØtjî¤b¾ÜêdòWpò᣸ãÆ?c2™¢Ï@SSkÖ¬ÁçóÑ»woêëëY¿~=gu§Kk ààá Ëð-[²v†ýÃÆÕ;ñ~úZˆp ßâ%4ÿþ˜Ž?iÞQ ø¤µ¶ÒtêïP6n ŽyçÌÅõÄ3X.8û·AÈ|Cÿ~$}ð¶ÞIøÕ׃5XÎ9û}wƒ¡cvO¡Vë¾K)Ñ‹EjNÄÂxæ}ûí·¸öT£67`~ãuŒ×ﵚχç÷QV¬D2™°ÖT"=÷Ü^¯'øu2eÊè@è(°5.-Qz¤DñÚ ‰_lRXQ©pÊ@ §6FìØY^«Ð pqh²Ÿ«4¦€Û«ÿÞ}7ïýóŸÈ.öaÃ>¼c©ÁÞ1°lòôÏ¡qÏ Mk”붆 úBRœé~GYA×h>å*Òo? ÛÂÙ8ÇEÏVˆ†që*¬æðó OÿQ¨ýo¡äv"7øo&:›±}÷ž’!AÑÀ5x"¦u?‘ðΣ4^tGÄã˜W/ÀX±)lŸkÄ Àµ7%©ËiÆAâ™%9Ry€xŽ&(Ivm<ög[ȪJ ®M’edÿºªª’4äX^˜þ$Ó¦\'33zv >***øòË/©oh`ùš Â'ƒ·q;^ÙŠf°‚ÑJè_×®Ô4ŒGHŒNÄÆhÃðÚÆ$£…¦„Rþ7¯œÙ'œÏåçžÄåŸw “¦¦¦àù‡Íf£´´”¾}ûâõzq»Ýq­!‚ƒCR84Žƒñ°‰øæͧù²«p<ô@°ÎoáO´Üü÷`ý;ͽã)ø›vüç%\O<£w[>ý4ÿ¼oŸúˆ8t>ð’Õ‚í¦ëôCUÅûõ·¸žÿîW_GÊH6J à[¹ ­¶Vb6#§¥êµ5 eÝzÔ={"Ö}ì)´ÝzýÃhц ×[„ðˆÃÐy‡×_×EOY–ÉÊÊâ7Þà€ñ_Ô·žâæ›{n-Á¯† /¼#<’mÛ¶±~g³nJ²ì”f‡×+“ñÒÙd¨Pºï‡r•…;Žégæº)æéË¡ì®Uè˜ ?œäjàkÑXU&£!âÂÇ>ÈGwßM…¢ åæråŸþ&¾úê«(JtÑQÐÆðáÃ;ˆ®ýúõCiض/pÁÏ›b×Þ:T\Ük¡E°Whf MÞAò 7á<±ËóÍëa¬)ÛçË- ‡Ö…³°,ûF𺑼njo{½ý24ž}™·žŠkü‰øzõé0nùy.Xìaû\Ãïô»©'éÎo¦„ÔiÃ}ý›MPŒ$µ#Õv”U5ð‚b!²ŒH‰•$´@ SMC’e¬ÃNão·ßÃÃ÷ßtM8\ºt)K—.Ûþ`fÈ!Œ¹Æu§ÓÉûï¿Åb!77—ììlúõ틪êu‹[[[il¬¢±ÅIK£·UÆmpà2§¡YÚš/îtå˜ëÅ\0;¨1•òÀëóxéÍ™ÜqÝ9þ˜£bÌÒ‰Uh2™âŽ8¼÷Þ{Ùºuk\¶‡*óçÏßß.A—8$…CÇ?î¥é‚KQ·l¥éÌóôŽÂš†ær!¥¦`9çLÜo¼œ]DóÌúçÝ÷£VìIÂvÓuX¯¾bß;ïõ‹™’Dâ»o`408d?¹°7­7ÝŠëéç°œsV0½×õøÓ8}97ÇSéMY ´¦&\Ï<ë_ÏÓtü©$¼úbØš=‰”¨UלÎèF­þö¶‹˜À¼ÖÆFÞøϸúê«÷‰AO1}út¦OŸ|þíJ8wb…é–0;>½Ð`'„Š‡+«%¾Þâcb‘‘ë&›1 Á´åPÛPrñG¥Ñv{„o¶¨(ªF»Ä|‰•ëÂçjšÆàÂBŒ;v kª$aËÎî¢|Ùe—‰h‚8¹ãŽ;:‡6› »Q¯‡"îãp™Dâ›á:¹Ks[¹(fCç”ÓÛjª*ŽÏ_%ùùÙ}ߌ0;-!•¦³n éå;©»ñ¿Öi:ÿïk >l™…lÞô=[¶l¡¸¸¸Ks?üðCîºë®}äÙÅM7ÝU8Ô4™3gÒÜÜLnn.@‡†'F£‘„„ÙªlŠ¢i­­­ìªÚN]í:<ŠŒ+-¶<4K k&–¸×3“#­i‘°z‡P¬)”kÉ\ùÀtŠŸy‰'ï»™!ƒ£—4Šv`4ãyäêëëã²=”ÉÎÎÆn·wn(‡¬p(÷. éÓ¸Z~rn¦Q#°]w-žÙzªr¤è;mO-­·Ý‰ç“Ù€Þ}×~Ë †ùE|—23aW¥^£0‚Àg9ûw¸ uW%Ê’eÈǃærázæ9$ÿzã¨më%&bûÛõhÍ͸§¿†ëÅWp<ú}ã{z:Z}CTÕ?&gµÝ%Ìk¨¬âêûîÂd2ñÛßþ6lž÷ÛïÑ0Ž¬cêŽ(+W£y½Hf3rß>Š #6aºJmm-›–/ /ÙH~ª¹CʲQRâ6ìÑøl“ÆÈ^2ÿ7Ù±æa$>^æbá&2 þ}»[T*|9$Jz$¢††¦¶ÕTüù矹ù¼ó0•—ÅFob"ýË_:ãÌ3Ïõ‹âdðàÁ÷÷-*`Cs­¨sxÒtö dÜzJ‡ÎÅ=Š,ãœp‰ï<†äu£™ÂoR8'žŒmÁÇ$̈QßWpH`|<>ýO=ò@—æ <˜³Î:kyu`1lXÇ&‚ GzmØ°üü|’’’üõ £w£4fµZ)êOo¿èr¹ØZ¾‘Úz7nÉJ«5Õo[²¬{è7Œ”®L'c[kÜ §\y7C{'óìCw’—×ñ\Û뜩e±Xâ¾¹8bÄ6mÚÔ¹á!Ìž={¨ªª¢5L!8‡¬pzƒÛÍ7`»ùýdh-¨*v¡ZSCÓig¡n/GJOÃñðƒ˜Ž:’_930 *‹l IJKtápýLǃoþhn7†Òâ0Ñ0óé§ážþÞ¯¾UÝ'™œ©Ÿ(iMMàSÀرž¢V§ße ö”3ý‚cƒ>f·ÛyóÍ7Ãæ5L<uÇNÿùÆ ãâòÇùðc¸æ/†¤t,çž…í¶¿!%$t>Q ˆ“… òŸ[ÏåØ6 ãIµQŽ] ¼þ·\eL¾Ì_&1„Ô!í,uY…êJùèõ ë]unt»D/»Ä›À¥ªF`E5ä‚áÕ{î¡zíÚ°_njò/W¯CÊng„|Wu–¦X?h¥~a´õ»ƒ8—Š&@µòy|ŽUU VÏÓ ˜ž¬/hnÑöwÁš˜NE³Æ¶mÛ¾/ Ó×3Î8ƒ3ÎøuvÍÞ¸q#O?ý4cÆŒ¡¤¤$Añ6<‰.$šÍfú–¢ª*>ŸmååÔT¯Ç)'ÐœP F[ÏvNî©tåöB¢$ÓjïÅüJ“w5GŒìËã÷ÿÄĶ¦K=‘ªüå—_Æew(sñÅóÊ+¯ìo7 niá0ŒvbÞù?`rGÒë¥ùüKQ·—c7ÇÓïÓz€ÑvnlŒjH–üBZ¾CîÜ‹¸®¿)‰¶gZSRrô&{‹”™d± ¹Ýø–.Å8ºcšˆïç%º?ùm¾èc+VE\W­®AÝY¡ÛöÎhÓ÷ëoázò_H;öîÅü›“»ôZ‚xðz½¬Ü^O¦ÅÃÐG‡qÅ==µº>Zy‰—$q\߶‹Å0A(F´áÒ /›«| ðj4Õ+$Ù$2’å°zw[€öþûÿý/›fÍ Û§¦õIÝc„ ðÔ+PvøþvE°¨‰©xŠõhRÍš€·8< Á9þLë¡YÿT³OÿŽ-Õ}½Ë0¯_Œyýâ°ýîáGà˹_N!’þÉÕŒ&œcŽÅP[ €§ßH0šƒãJF/ϾÛŸ÷yúÆöÝûŽßzìE¸†|î-臚"m,ØÏcϼÀÝ¿¿]9 QU•'Ÿ|’‚‚N>ùdÖ®]˪U«8ꨣÂnÒA|u ;³5 õ. PÓhnnfã¶å4z ÕÞ¯=+d>ôhº²BÇÌèÎÓ•ƒ«ld# ¶Þ|°¬ŽïŽ=—3Ž;Œ»n¾“É5âÐl6ÓÐ=ÛH 7‡¤p¨V×Ð8iª^#pæ{úõ WÖ­GYµ)%Ó Ç÷{>ž²f-rF ÿ{ Ébi¿ô/‚é¸i¸_ßwóáÿ:¦ j (k×m¤ ƒõ”feõ½Žc„®Ï¾å+ó{íÑ@²X0 žgâý滎¡׋ïûyaBžù„ãh½ãÔ ‘S¼_}š†qÔHä^½:wħàzü)lwÜ&DCÁ>C’$å9H¶ÁŒ%»é•bfXA[ÍEëØm¹Þï¯$ \:ÌF‰W–µ­owC€Y œd¶¨$% dü'þ¡_@‘ÿykK ¿öZÌí¢¼W\ñ Ôqý•’€Uê<Up`âí;’†¾#½IÃeÓD/¼½Ã>5%‹ÚþÓÑöü[b¯uÚ÷7üñŸÁÇu혖ì<ü œ‡·E•Õ]÷BÌãh:óº¸ìæ¤ Êë}”——Sà¿ù*èˆÓéä»ï¾cØ°aLœ8‘PPPÀ÷ßÅbaìرQçîŠÝngÈ€RTUeëöìªÜH‹=·£ýyl×=Œ%vEH4Z©6òììU|øÙoøÓ%ÑK–t%âP ‡d‘79+Cÿ~hN'Î>6¦5·Ðz½ÞE×ò»ÓÃÄA÷[ï`:ù´šÝ¨;vFÝ´–¶šêÎ œ<„ó‡P6v¿f‡éðÉÈE…øÿŒûåWÃ} ­wÜ‹ÖÒŠaàŒþƆA‘s²Ñš[pÞû`‡µ¦çëëO ïšæyÿ#œ<„ë…žéTl9G¯ŸãžþZ02€ó±§ÐZZ1Ž†¡¬-¥FJKÅ|ì´ˆëiõ ¸žÖ/Ž,çžÕa,ðÞû–-î÷~ó-jeRRÆ1£cþ_ª•U=òº¿NôT'ì™cÊHµIÌ\ZË¢-Mx}>¥M8lñÂ+Ë`ö8oœ1Œr|ÝuÛÕ´¨<5¯•4Æa)Æ$È螀—~Ê•þ_õÉC†`njêp ÍbÁᦃ ç\Öçî A'¢ѱX,`6›ùè£X¿~=6› &——ÇÇÌöíÛã슼÷6…½;¤}mõ$Tþ€ìªáuÕ=ŒUï° 6ª9‘rConyn&ÿ›ù5-ÎŽ¡Ùl ÔàæŒ8°Ý|=Mç^ŒwÎ\§ˆù´SКšñ~úʦ-†ÁzÍ•asÔõp¿4÷K±ëyÙ¸Ëygëó*«p=«Ÿ¸GÄЧ´{ÎK¶ÿ–?ý­·ß÷Ûï1M™„ÖÚŠgÖg(ËW€Á€ýÁû‚5%«û£ÿ¤ù¼‹qO eÙ LÇMCJMEY¿ÏÛï¡57#b»1<ªÀó鼟ÎÁPRŒõòßwÏwÀ8a¦iGáýü šÎ¿ëÅ ÷ÊÃûå׸_ Ìf¬7ü_‡yÖ?_…ôÕ×PšÓ…÷Ó9¨Õ5¸ßxuÛvŒÃ†b:9¼û¤ÖÐ|ïå¢BŒÃ† øÿ/µÆF<&¦¿†’b’¾žÓí×-øu¢iª¦âóé'ÝY ÓØ©hðññ²:ŠSeOƒ7V€WÕÅBGœ]–eYKWhvk¼¶Ä…Ý$±`¹›1ºPèê+‘û±T·èJ]]ÄqÉб&© g9æˆÃXüú·Ø3òÛ¢=$‰H’±ªªào¶£Ê2r Û' †ü^k£…ü¾D¯ëÖ¯B ø¤àﱄWà =T¿°[ë‡ÕhlûøŒ¶–BmBGörH4ºª* ¨XS²ØºÒÉÎ;#6²èÝ~5MÃd2QTTÄÎ;Ù¸q#ãÆ#33“©S§²aÖ,YÂÔ©Sƒ7Ϻ[÷°½M€^¹Ùäfg²nÓfª4š“ËÐ º]÷°“HÂ.§+GxM^k:nKìÙÌ‚•[IMK§o_=«+V³@ ~YáÐ8qöûïÂyïƒ(ëÖã|ðáà˜iÊ$Ï?ƒähK'Ô\.ÔÝ»÷‡«1Ÿt’ÝNËUÆ;÷K¼sÛ J‹±?òOŒÃ‡†Í1MšHÂôqÞq¾eËÃ"ðkÚþ~sØëÞW$<ÿ4ÍWýï§sh½ãžà~ÉfÃñŸg1MšØaŽa@Ï= GLŸ—æ˯ŽÇŒ&á•GLÁŽ„ºCDô~TUE¡]3e²0­¿¦V¯,…SúCr”_ßÎR“%I«À›K]´z5ÎaåÝ.R$HFï˜ àD =@ ²bèEKu ìiv’ꯑÚáµ´‚gØ°ahO½´¿Ý‡ÖAÇóÄ¿^à÷Þ¹¿]9`‘CšÍ¤¦¦’ššÊüùóINNfôèÑôéÓ‡üü|-Z„¢(Lž<9hßu#õ+éM±×ËŠuK¨Sq¦ôCC¦3‘°+éʱƺ#$j©E4©¼¿`#‹×nãŽë® {m@ 8ô8(…äÙÅeg9÷lLÇïÛy([¶`()Á8~,rnN[Éj%uû†½òÇ8jDÜs‡MŒÛÖ4õ’ÿ€²l¾%ËÀbÁ8xÆ‘ÃÁlŽ<çðɘ>ÿßâ%(ëÖ£ÖÔ`(-Å0dPÔHÈ„ž‰Ë€„WÿŸ¡ÑHÂóO£lÞ‚oÑÏh»*1Œ†qÔˆ˜] ýõ;—’ÝŽí¦ë1Ž…a@¿ˆ] åÂÞßOû}wa¿ï®ø|ºªªh¨ø|퓃ur4N¬§)ï®t³£QãœV2úç`Î"y€](lF?É7ÿ‰Ú&7Ñåó…uøô<&“‰Ìdnw KÇf:@Ð,)Ùl\¶[¤‰Æ@ŽpþXPP€Çãá³Ï>£_¿~2jÔ(jkk™5k}úô¡OŸ>æu·îaè˜Á``è€RZ[[Y¾þš¬yx{‡Ø@ÜéÊmOÚÆüûº’®·(ÉxRú°ÎëáòÛžàÈÑŸqö©±3|@pðrP ‡]AÎÈÀüÛS÷·{ä°cœ8ãÄ ñO2™0Ž‹q|ô‚Ï¿’„¡´CiI×ç X¯M>ªª¢© ^oäh=ŸÜ¹§Gv<]ÿj³•*§ ¶ðÛ¡mÉů-r¢ G‚.ú—m‡êœN/ E÷Çäóñü¿þÅ¥—^Ú©Ï‚½çÜ3Ná©™?<è¨cZhB¦¦…\CHTª¦i(þý²,ƒÿ±$IméŽ"òC°?é,e>”)½÷`¿Ï¡Qâ½FMë^êt„÷R¢-mYÒ4äÜa|ñå×ô i—™):dˆÕo6›)..¦ººšÍ›73räH’““9üðÃÙ²e 3fÌ`Ò¤I$%%E]{oÒ•Ûc³Ù;´U5»Y_>Ÿ–äþø,)íW‰OHÔs¬'ê†v`nL,åÃõ|óÓ#ü´bÞy Fã!‰)¿*Éæ(@ðK¡ª*’¦áóù"nªÒ^‹LàBP’$–Uª<1ÏCº]æÚIVJÒÛNÀ—VøX\á#]lj* ½Æa3°Ðoß䆣Dn"ké0jžÚXÛ=ÁäI“P+Wu¨eþ~¡A¨·ª¦¡*Š¾©j¸SU5¸ :? „ô %)òÖÕeB¶½ö!Æš¡kGÚ¨ˆ¤säƒYsؽ{wp´aè¤~ojj*,Z´ˆ¥K—¢ª*………Lš4‰U«V1wî\Eéñtåöd¦§1ahrÝ°Ô®%Þº‡=RÓ0›X¯ßh£.¡}°ˆ>£â©g;v’ÁÁ‹ èÂU8 íªÜ[ê4žþÁG“®dahŽþ-±´ÂËš 2zd¡]üd™ÄÅÛǺü› H<û¯íÕ{!ˆŸ Ï9÷Æï÷·àÁ?œÙŸ}¾¿Ý8 ‰&Úíz³ÀÝ»w;[,JKK©­­å‡~Àét’Àa‡†ÉdbÆŒTWW‡­ÓéÊí×ÈÎÊ`\YI• \õ!vWºr¬±} $¶ÇkË`7—³ÿïŒ>â$–,]c@ èáP ºAee%Ë+ÜìhPÃÒCƒi¢1NÌ›=ðòRøz«ÆÃÇ«Ýy\ IDAT9i€¹XØ>ÚpU… ½ƒ²†.6ªÆ¢…•.ædŸ=¾¯w ]44v Ñçã…§žêòû èœÌÌLÊÊÊ(++cìر˜\Õhþß‘@ª±"Bk!iÆZ»ôcÅ¿µ·iŸÖ  ùí´yŠHaìKºX×/ZÚ¯äÿ×qù¿ç![§~iZ‡ÔßH[ègJkwŒN’ \3Ô‡(¶¡[ ¹ýV³Ïo›X4’™Ÿ}Ë£_-Ñ„C³¿Ñ ªªX­VœNgp,==ÂÂB–/_ÎêÕ«QU•ÜÜ\&MšÄæÍ›™={6'âºÝIWµ3›ÍŒ>€ç:Ìõ#Yé¿J‘ĽŠ Œ´^Wp&²DéDZgý¡Kó@p`!„C@ èÙÙÙ Ë5Òê…ï¶Ãgçs¼ ¼µ>X g‚ß ’0Fø6n¸¬Â‡ŠÞEÙ´u,kPXѨbM’±:$ê¿T> Ú€ ÑÿØ P_ÏË/¿×ëì=ÇOBÓ¶åûÛ @p M4y ÒoPRRBMMMÔñ¬¬,EÁétv¨ [TTDBB .¤ªª Y–0`Çç›o¾aáB½¢ðÞFÆ“î<¤ ý’ÝXvýjŒ,†X"áÞ‰ñØÄò?)t¹™ «JjÿÉ1VÁŽ hš†,AŸ4˜Ôªša~¹Míšo¯‡W–Á´R¸`(ÁÚƒíŽH©ÊË*|Áu<lmVÙÚ¨`´ÊÈ ·$±=u94’&Üaý‡ XGÈO+~á°±‘W^y¥›ïŒ 3NÿÍÉø¶.Øßn‚C¹÷(fÎ5åÚsÉ%—pÑEQWWUØž¤¤$dY¦¢¢"ÌÎf³Ñ·o_X½z5N§«ÕÊèÑ£IKKcÆŒ”——=›®J^v&cûçP9ÜÍĬ{ØÓ“ãC±$`KH!ËWNKþdj]²GÚ@p0#„C@ 說"ùO›%``&ŒË‡MµðãNpûƒ¾Þ Ï/‚aÙð‡‘f‹¾f´´*ÐOÐkZU¶4(X¬iÉ\4KÍèuM@ s´®Ÿô(ÃDôˆÃ€€h[[qŠ&)û‡ÃAqq1£÷ÁÝPÑF£-M2´“rèEepÌ¿)Š‚g'ïh©ÍA·éJ·âÐÒ ûÈ°cù·°”ãДä(Ÿ‹Î:)wø…¤$wšÖÜ×!‡lÉ…Cùü›ù£Ì픕•qï½÷Ò§Oªªª"Úú_ÎÔÔTl6 ìÙ³'8ž™™É˜1cHJJbÇŽhšFzz:“&M¢ººšY³fÑÚÚ t½)J¥µKs9²,c0°Y…p(3B8‚nqØ“&Â_Æ둈ñ¢iƒ!xQ¸²ÒÇC_·ŸbÀfÖ¨^ôš‡^ô‹Xz“ƒÿ§E_€F7øT=9](Lõ?ÎBsÍñ;,ØkrrrR’ƒsÏÎýíŠ@ 82ƒi³‚Ȥ¥¥qË-·0mÚ4ª««ñù"× ´ÛíØl6ZZZHKK 3Œ7Ž²²2***p¹\˜L&†Jnn.Ÿ|ò 6lè°fW…ÄhŒ؇Œ–uZk"‹{û srD“ Sr™ž-¨¹£ñ$’Ô´#¾°†>6q(5B8‚nK8„Ø©w‘¢ C¢l¯Wxä›VÊën8ÂA’µmµ€p¨ª¦‹}½hKAÎBÓ¼°¡*wÃ( üûS  7ëžæ_ÇÞ؈£” ç¸í†kq­œµ¿Ý‡ZJ1K–‰¦Kñ0eÊî½÷^Ù½{wT»´´´àßå@‡ûÀÏÔÔTŽ8âìv;hšFRRãǧ©©‰?þ˜†¥?:+KhVVJ¦kÆÖªn§+ÓΦÓ&+€šRHºº›d›Œ»è½UØ|õ;Ûm–èÇÁ±s@ DCUÕ¸KyÅK Þ\æ"'Iæ¯SìÈQÖœ¼Ë@¢¤G Ê葃Nv×A¥ Šp¨yèMPRÑF;zÄ¡Ç?Ï4vŸ¹}ÄÈ >|xϾ@AÙÙÙôËO£¼¶[Z^ðÿUÓ´åYŠ,B‡\tJšLïôE©sh¶´]¼…^†^$Šêh‚nAœˆ˜*ÿKzÌ8Žš ¬j‘?/‘lÑ4´ÐÚ!µƒ0üuIƒ¾„>Ž‡‚’ªiX³KXðÓ·ñ­!Àd2qÕUW±~ýz^}õUÌf3v»=ª}°îlˆx¨i¥¥¥äåå±téR|>ÉÉÉÜ7iÒ¤Ø5ŒãLWý9t@)+Ön¢Jñá¶çŒz>9t·-«Ò„ݵ géñ¤(»Ið”£J ÊrÄ×!R•ààFD A7è4â°&4âÐé“xñ'3V{¹b‚³†Y£Š†¡¤ùèу} ¤zØS …NíUÉRUr  (òÛ梧,ç™è"bú]¥š+X¶tiçºÍÿ]óG\«fïo7ÁAŽ9!•í»ö·ýúõãž{¬ŒÊÊʨâ]°Ölˆhxl2™9r$¥¥¥TVVâv»1 ”••QTTÄœ9sXµjU×=Ô¯˜eææí»ŸŠb£Éf”¤Þ¤¶lÄœÙCñDò´]XqGŒ2 ‹8´áP f„p(Ý@UUänôËÔ4 Ÿ o­Pxu‰—ß 1ñû±6,Æøâ¾ì´5BIÔ`O3ìئf˜æñ‘âó‘¥@6ú ztaº¾D[—å@}DWSSÏvD%;;›>¹É¸ê*ö·+à Çé¥C“$A|œqÆÜzë­(Š1Ÿ}Äa¤èÔ”&L˜€Édb×®]hš†ÝngÔ¨Q(ŠÂ'Ÿ|Ò!5:žîö±lô)"GÝ…±9†h¼×éÊJb JiÔâx:9‰iZmL±Ð`0„¤* áP fDª²@ tƒÊÊJv4ªdGÉlêLþûtƒÆ¦zìD¸r¼%¬)J<$ G š]P·Ò½*ýƒ¦áEo–Ò„.ZÑ…B ºp˜à¬ùý´¡7YIõ¯½ÙíÆ·'‚½ÅápðÐ}wòÛ ¯ÂzÄ• IúEbàÚ_VQý÷ú$UE ˆ¡éqüÞ„vdÆùÞ¡H[t1•9ôwµÇnxìãtê€Ïa)Ì!Ç•ˆòZBDö)ÒRR.kÖ¬aРA=ê﯅””nºé&æÏŸÏŒ3HMMÅhÔ/™: C·ââb²³³ƒQ†IIIdee‘žžÎºuëhmmå°ÃÃÒ8doÒ• èS„sÕzª TSR¤+«æ$$’Vá.:Št$hÕzäe”3„P¿4MÃf’˜2vX o‚øiñ¹8â‹¿sIÉT®ê{|L[—âåÕ­_3÷Z¶4W12µ”i¹Ã8>wä^ÿ˪|ºëg~Ú³‘|{:2úsañ‘$­{½f€«½@•«žw'ÝØíµfU,æ–eÿã­Ã®§R¯˜¶‹j7òMõ*~Ú³‘Î=ôKÌcbÆ.*9£$®B8‚n‘™™I‚ì€ü$(H ¦å,(‡Å»à„~G÷‘ùp]À^ê’pètCÅ(P XQÈU4t‘ÐM›hh’Ð…Dz«ÿ±Ï¿¿Ùogôo’¢àq»ãöE°wØívìv;™™™üþœßðÒWßXv„>¸SIýTIB Ô04‚6rõÛ¢D8©`Rë/.öGIÄnMŽ]ÚD¿Pñ¦ƒí} ؇ֳ|¼ÓŠ™·`¡»Éĉ;v,/¾ø"[¶l!333LŒ&†î7›Í 6ŒššÖ¯_Ozz:²,SRR‚Óéä믿&###j-á® ‰ÃÊúðã²ìI ëÞ¥+kšlÄmÏ#¹z!Zά%¿¡ÄP ª‚¢´Ýtj/†þT‘™ïàñ/¤oIQì7[ ˆ“vþÈ¢Ú—;"¦]…³–Ó¾{÷´u7ÿ¦z­›ÁÕ}çñQ¿ï’ ¦¡qÛò×¹Õ»aûÿ·õžÝð)M¹…’„쮽˜ê<ͼ¸i.}s÷zö¼¸y.Ëê·âT<1íZó!7-Vûúûš5üwó<¾n&oOº²¤üóKpp"R• ¨ªJº &äë| Ê¡ª9ºýªxj!˜ð§qÐ'­m¬3ÑpX^Û½—ÖVÃîÝPäƒ>ŠJ¢¢`A¯u˜‚‰˜ÓV1]4t GšÑE€ˆ(¡G6š¢Ð£¤ ç¹ðüs°×­ÁÛ"Þw@°wØ2 Yø³è¬ÜFþøÇ?rùå—ÓØ؈ËåŠYç0ÚþÔÔÔ`ªr †¢ÅbaÈ!˜Íf>ùävìØÑ©?ñ‰#õ%©f1(ÞH t*$z¹¼-¤4oÂ;ðwPlmÄ(KQÓ’%)dÌ` Ù¬rûÙãøä¹Û…h(è1–Ömẟ_ŠËö7ß>À{60$¥·»ž'<Ác#/Åf0ó̆ÙÜ×N쌧ÖÏâþUïb–üsøE,?þqÞ›t£ÒJYÙ°ã¾¾+¬‰VW¨rÕsñOáV#|f÷·êåß›>çýò:µ½gåÛܸô44þÜïD¾9ê^¶œò<ÿ›ðW ™¬lØΙß?„+Ò÷‰àW…ˆ8‚n wUÖOò“ômSl.‡þmˆå 0c”eê‚aY–A9¤IJ4†çYT¥Â`+ú] lt0ýËÝënEOK†¶»E&ÿcÍo8ª (€=bqO»:L‚}Ï=·ÝÈ_îx„´#þ¸¿]!F«ƒšòÚýíÆ!EII wÝu3gÎdË–-äççG c¥2“™™É† e™ÄÄDRSSIJJbûöí¬ZµŠ &`³ÙºT÷0ÔV–e†õëÍÏëÑ9&vèlˆ¨í¸d‰5?ã+œJfn¹æÿë‹Ü-¹½šÏËa%‰<~󵤦¤Ä÷æ 1ø¹n3O¬û˜Ï+—²ËYלïjVóSíFÒ-‰Ìœr+…ŽL'÷&ÇšÊ9óá_fó·¿Å"›:]OÑT_7€'Fý+ú À”BËÀèÏ®gCÓ.>©XÄɽÆÄåc£·•»W¾Íç•ËXQ¿Ø1ÁññÊ–¯xcÛw|W½šV¥óŒ¡Fo+¯ý€ ¿ËN Ž9²82{0Cfý…• Ûùï湦† mDÄ¡@ tUU;œ”—¦Âø¨n¹›áéõ´ä+ÇÀÔâèkîÖGÂåƒ5 lØcÀФPäò`÷x0¡GîYУíè‘…¹è’Mþýf¿Mà(¡5¶üɯA[U’HÏí¹” A|ôîÝ›ÃG  yë’5³4M ^赯M¥¨*ÇnBè~EUÛ6Ÿ/¸á?ƾ®ï&8„‘¤¶-°+–m<û¥X‹üLÄý[ÁǸ ùŒhªªoš†êß´(ŸÑ¸Ö ™«…Ž…¹.! ÈRÈ?ƒ,ceŒ&3»w×°fÍÖ¬YÓõ×'ˆÊÉ'ŸÌyçÇÖ­[©««‹š¦-•YUU¬V+ƒ "##ƒŠŠ |>ôéÓ‡ ðã?ÅÆx»0‡b³ÙPNRýj}®¾@äχ$ÓšPˆ±n3 j#–Ñ2ºO½žN»%Ï[$‰ “›G®œÆ+ÿ¸^ˆ†‚ã˪åLßòUÜ¢!À£kgp~ÑáAÑ0ÀÙ…“蛘Kµ«×¶~×zîXÈ–æ*2,I\^zLØX¶5…Ëüûó‹‹ñPíjà‘µ±¼~kˆ†Ïmü”Ïv-‰K4øaÏz½­$™«#ˆ‚y¶4.(> ,å[ðëDD A7ˆÖUYd舿¾ .cEª¼½ÆÄs+“8ãÜK9KÃwsæú¸Œ.òJ2›ýû þÇò8ày Òÿ\#€ÍFRj*‚_žk®¸Œy—^‰’W†ÁdÙß ¯OÿûŠÄÄD®¹æ~úé'¾ÿþ{rss‘$).Ñ°}úrbb"Û·o§¾¾žôôtL&ýû÷§¡¡9sæпz÷îvüXBbèXjJ 9 å¸Zwá´å„…D·%µy7Ž¦%xœÂà^ dX¼( aQ†±Ž'yLÆý×]ÖèE è .*žÊÑÙmÍun]þ³*ÇœóE•^ªáļÑÇOÊÃcëf0·r—–Õ©õNÈÌ åä^£¹cÅ|]µŸ¦ÄU;±·#“%Ç=|>·j7,y¥Óy±˜>þZZ|®àóqsnÄ£ú¢Úoo© ,)G”æ.éæDê<-ÝòMpð#„C@ èªªÄ X1H`1t"ʲ?ð%¼Æá—[$þ±8… GžÈÜJjj*Ÿ±åË/Ùáó!¡GjhM9 zŠ² ˜m¶.¬ èIŒF#wÜøn{ôEÒ§üa»#2|JŒ?:‚a̘1Œ9’W_}•––RSScÖ9Œô ??Ÿ´´46oÞŒÉdÂn·“˜˜È AƒØ¹s'ëÖ­c̘1$&&Fô#V$bQA/ö¬\Óƶ¿éŠl¡ÑœFâÎïP &Urei ¨JÁ0Òq4MCUrÌÍÜõ§Ó1dÀÞ¾AL2-IdZÚ:¦š1í[|.š¼NF¥•F´™VwcÀndjIÄña)ÅÈ’„ªiT¹êéeKïtM³ldxj[ÒÆæ]qù‹öU"‰œ¡œÒk,£ëC²ÉÕfÖ.]¤=1oT·ýÜáP ºª(]è¢"®¨†{L%µx/¼õ………A³O?ÇŽeÇüùÁÚ„vôˆÃÐûüñøšÖU ÄbBB¤i‚}ˆÃÑvBG …|f÷¶~Q. }ª3š]Ð3 .¾øb¶mÛÆ;ï¼CRRf³9L<Œô8R÷å~ýú±{÷nvîÜIzz:’$‘››Kzz:K–,Ád21jÔ( †ÈÑLѾë‡ö/fáÊe4dCC¢É–i×"­õH£.fRo ‰&E‘Pýg±º%È®z~3ª€ë.ûSO½•Aù$$RL‘EÆ4³~~[éêšp˜f‰|^,Kú±j=ÍìrÖÅ%dY“ɲ&GcÛw,ܽ ‰SòÇþ‚ž D„p(Ý ³ˆÃ®\·íh„‡—$Si(àÖGbäÈ‘íî|óM¦öí‹ÙíFE¿UmiÆñ6p Ho^Ž˜LüþÏæì‹/ŽÿºÝnÇn×ïüÖÔÔpÁ¹g²dùßÙµk= yýu£šg*ºx `”¤¶š•!x¡âDçÉ3ᢋ‡,ñÖŒ´{oÕþsd¢¬)íͱüøqÃà—¤°°ë¯¿žO>ù„•+W’––5Ê0V*sJJ ‡ƒòòrZ[[IOOÇ`0P\\LSS_~ù%EEE”–ê‘T¥+ƒÁÞ¿ %»ÖQ•8{õ÷xKc`¿ÞôIÅ/hFozºžêuQ`iåþ.¤Wnö>{?‚½e—_ L1;¢FÜ¥ùÓo+]õñ­Í‘£~Ò,‰Ôzš©tƷ挪i<¸ú=n[þ:w9‡«¨[úkG4G‚n™™Å¢ÚdQš²Å#¼4º`Æ&+—|UÀIyœ÷>ù"ªh]PÀ1§žŠ4M€ ]RhãA¦M4ôúתæge1pêÔ8WìK¼ûïhkgãiiØß®‚ƒM2àõz÷·¿:N<ñD®¹æZZZhnnî’hø)IùùùäççSSS\Çn·Ó¿ššš˜;w.µµm³cE–kšFRb"æ–57©S.çÔ }(Ë2a0ân€bqïáSKxåÁ¿ ÑPpÀâVôï=“ýV©ÑŸZ0U_Ó,G¹2Hþ5•øÖ¿ö&©ÎEò§' ä@½«bû¡‘F¡q(ÆÚXgÙùt@¤- bLß‹‡¦JÆq„.ûúå-Z+Jš›æ[`‰vkt’†“ÐÔPMDMÓ´QC¦…É`ÆétvõÈ‚d̘1Œ5ŠéÓ§³mÛ6G\‡í÷'%%ÅC—ËEZZyyy¸\.æÍ›GVVeeeaÇW…ššJKKÉÉÉáÛŸVR˜n ® j=CMÅÒZÁe§N`ʸèYÁD@¸óª M^'‰¦Žþ"_®55Î5u1²Ö]Œ ¬™gKë’¿_T-çœyPãn¤—-û†ÇEGtÚ\EðëBD A`µZ¹ÿá'yñƒ¯ù¢©ŒuvT­£Ø2¿\â¤÷Sù!áTf~ù#÷ÿãÑ.‹†ÁcÚlÌÚ¶ uØ0ö 4¢‹†ñ&§i~{7zC”Íu¥¥|°té^ù#Ø·L™|G(¦iåœýíŠ@ 8ÀѼ®½þÛ"è9dYæâ‹/æ÷¿ÿ=n·—ËS4Œ”Ò¬i’$‘““Cff&555´´´ if³™ÂÂB<sçÎ¥¦¦€¦¦&™0a999~o¤N£ ƒ›«Žá©­¼|ÏB4TdX’‚‚×––ªˆ6[›«ȳÇ'ò¢£­·Ó¹¯?#$^1ò@aážõœúíÔ¸9©×h–Ÿð8)DCA„p(=È!Cøö§•L¼ànÞÝœÊÎ&ýïºÝpþìT^¨ÏK~Ã˯¿KIII·çHH॥KvçlLN&ò)Md¡¨¶ÙÈ<é$î}óÍnû$Øw\õÇß3®ÀDÓê/ö·+àFõ´œ½[¦à—%??Ÿ[o½•Q£FÑÔÔ1e9šhjc±X(((À`0PUUKLL¤¨¨ˆ 60oÞ7–ÆŒ)·;N í¡@ ô0²,s͵×ñÙüå,0L樷S¸~q_nxôMÞ™1‡!C†ôø1ÿpÛmöè£x~óêÌf<ÄN ¤Ïùdwz:iC‡rÖwÒWÔ5< q8ddd‘‘Áí7ßȈ,•Æ5_£Ñv¡©¨*ŠÏ‡âó¡jZp Ô¼ th”:zÁº =ÉÞÔ_ÝgÒ}cýž‡ÚÄcŠ$S;}ÝRŸõÝñt~&â‡ZÒ!ú€œxâ‰Ü~ûí8Ž`Ô`{‘0žú‡‰‰‰äååÑÐÐÀîÝ»Ñ4¦¦&²²²ÈÈÈ ;»cóM‹-š+™ÔKáé[.£_iñ~xw‚žá²R½ç;ÛçëìCØÞZüšµ˜d6æU\Š·ž»sNádF+Ëë·±¦qGؘ†ÆÛ¾àòÒcÂÆTMÃ¥ü?{÷Gu5~ü;Ûwµê½Z–lYîrǦ0`Z€Ð ´@Ò?Iè^J%/¼$@€qSMÇ`\q·%Û²­Þë֙ߒV³ò®´’e¯dŸÏóìãÑÌ;wÖkk÷ì=çzqùƒíŽ£ IDAT½•Üˆ„[íêϧíÍëÿìýš]íµ$[cùíÔ PFÎoh1IC!„8@rrrx}éǬ\¹’ &àtØoñæ]q\q{œ¦—^´~=Jk+Ÿ/è["ðX,’“qdf2þÆé2$h8b9uuuÜò‹Ÿrǽ`Öψ/>èªY¨u*ŒjoÝ3eé&úšiòý¢ˆE Ô”aûÐ5T]]Q”>ÿ.# :FÒj 6Æ0ãÑg·ÛùÅ/~ÁªU«x饗PUƒÁr–a ©(ŠBJJ .—‹ÊÊJŽ:ê(rssy÷ÝÐå,´îTåÀÏ=¯wñ®½üü‡ß!)qt¥Y ÊyyGò³ÕÏòUýV~±úÿx`Æe˜#uî|>ÍÏ÷òŽ ¤ ÷¸|ùÃücקä9RÙuæSý±f;çÃSÛßåìOïããEw‘nKÀ§ùùý·/óAõ:œ&—ä/ êïªÕœöÑ|¼è.ŽI›¼ß÷–ýú•Ô»[¹ªðDžž{ý~õõN÷ Ê8³ƒëW<ÙoÛ#R&pí¸“÷ëzbt“À¡B`³fÍ:¨×˹þzr®ïz3ÑÞÞÎöuëhÙ¾C–ôt’&L `òd,Kàœ¸ƒ:B1n¿å—üö®ûØ¶í œãD{8BˆÄd™##ÝÌ™3™1cÏ<ó «W¯Æb±DTÿ°oZ³Éd"))‰ÜÜÜþ/¨ô ª*Æ–rŽŸ–É) /=Àw+ÄÁc7ZxçØßrâ²ßñÇ-ÿáÙP“ÎÚ¦ø5•)Å<9çºAõù§™WRÖVÍûUkÉ~ýJJDz½µ’fo±f;ÿ=æV,£«®ìÎö®Z;ÚªÙÑÖ±#·ê•ÀáaN‡Bq‹‰‰aúüù0~´‡"€;oÿüâ–ÛÙ³'‘ØœÈjõ!}F™,<*(ŠÂ•W^IEE=öƈV_î{l šÖ8T:HõÕrã5ß úQˆ‘ùŒsf²p€Ù{³’ Y¶èNÜô:Ÿ×mf]Ó.JDz0m2wL½“mŸsÎÍOQlVÈ ÝhaÉ1·ò»õ/±¬ú[V7–‘iKâ´¬YÜT¼˜9Iãö9g¼3“ßN¹€11iýŽwR\.¿rA`Uèp~5ñl:|nf%öÛà¶ÉçãU}dØCÏ$>+gG$ ØtÕo‡7  !„£HO­CèJ[öúü‰¨šŠQÙ·¦™×ç l«ºf¬ÖÀ¦!L-´ £º”g™Ë$†bЉ³ƒHñÕ¿&#ºŽ>…?\ÿa^ó}kfuu¡õÝد鶃šèþ ¨æb?×Õ+66Ž‰åË„Ñ"++‹{7ß|“7Þx#úIаçÏhŠ‚cãV1S>w&Äð:'÷ÎÉ="¢¶ÓòùûüŸàÓü˜B¼GÒ;7w>çæ†ÿ¢Ýf4sßôK#îo\l&¿›ú½ˆÆ:)>7¢¶¿šxvDýÜ:ù»ý—„b0äûH!„b”jiiagu–¸”hE1B¨>7±±£+eNt9ýôÓyä‘GÈËËÃårõ›²<؇ÅO¶·ŒÛ¯ZÌŒ©Åán„9 òE»?!F:  !„£ÔsÏÿsÔ7Bôò¶5’•±ïªºbt°ÙlÜzë­üìg?Ãb±àñxú Í$ïGN’ïŸ{ò ÌB!$p(„BŒRÿygÎœ) ihj瀞ªßxhªx„£ÿ0ª©½!†“ ÓÜ5-╈ˆžë÷} Ð~ŸŠœݳ;Ä#T»×éGgÍΟ3p?bD+))á‰'ž`áÂ…x½Þ ••Sã°³³“¦¦&n»í6L&©R%„bð$p(„BŒBü ZÚ¤@ AÕ}¨ôëú `8A³Xt!Y‘–žÀâ`f‚õ7öÆ]Ì›;{xÆ&¢îšk®áá‡&55·Û½ÏŒÃþTWWSPPÀwÞIFFÆA±BˆC…BˆQè_xÇx)n/„¦µÕPX8ðŠ›bôÈÈÈàÑG媫®Â`0à÷ûC~!¤iŠ¢ÐÙÙImm-×]w]tQ”F-„âP!C!„bÚºc/fgb´‡!„I4‹QêØ¢/^Ì‹/¾È´iÓp»ÝûWU•ŽŽÒÓÓ¹÷Þ{;vlF)„âP#….„BˆQ¤¶¶–U«VѪÙ1´7ÒÌ>Ñ×3ôz½m}}ƒ¡÷»C£Q·: n¿ªú{Ûtm$(!"ÕóZ Uû¯{ÿ@úž*=3\/ƒNDÖ÷­{G²jmØ{Õ( k4sL—‚¬éKèÛ³ïsÒÃÝTŸ‚1UŒZ‹…»ï¾›5kÖpß}÷ÑÐЀ¦ix<êëëùõ¯Íi§ía !„8„ÈŒC!„b”Yúþ2ŒYÓ¢= !ÄÓY³ƒy³¦G{â ())ᥗ^bñâÅ477Ãý÷ß/AC!„ÃNf !„£Ì—+×3ûцb„Qšv1mʩц8ˆn¸á®¿þú YäB!Äp’À¡B1Šx½^š;<$t¯ÂÚ“L®¦™~¿¢OCÖ¥OêÓ0Uoz²Aߧ|&û©çÕt0×1Öÿ«ØŸëîW?ºæÀs (A)Ì¡žE÷ï[ë>¿·½Ò½¿Ow[-999ƒ¡å$h(„â@’ß2B!Ä(RZZ ÎŒÇEÙ'€Ø³OQ ºGO]5MÓPU5ððûý‡ž¦{1];†P/3Ôë|Øtäé ì 4þpÝlìí>Ä¿ÑpcÐõÓ÷ŠßÝAj‚sÐcBˆhÙ¾eÿýçÿáñx¢=!D?dÆ¡B1Š¬ß° â³¢= !ÄÓ¶c~çähC!TSUÁ'K^ +J2Syó™{ˆÍšÈ¢3ΗUá…$p(„BŒ"߬]=¥(ÚÃBŒ0ZÕ:Ž;öûцB„ÕÙÙÁÛ¯ü/Vw-Gåb2[ñû¼Ì*ʤ½£’—ý ùÓŽfþ±ò%ˆ#‰…BˆQd{ÙN,Óê¿Ñ~|[¯ÿ¦__ûPSÕÞm£±·ý¯$ ºú~ÃEƾ"¾f$Ç{ÆÕ] g¿þߎªkƒ¾M¨~úìÞ‘ÏÕNF¢«Õá !ÄÁ£ª*K_}Žæ½˜3q Fc~¿Ê¦]{Ñ€ 9IX-ffK¥¡âžÿÓgÌ8öL&—ÌŽöÐ…HàP!„UÚÝ~ÌJÿ%ŠÃó"Iÿ êö«ºà‡A8""ºÅ@l­Ìýê;’ d¨……4-doŸ¶!‚…}ë(öô©êú6!Ú¶ïXÁÅ’¦,„>y÷ v¬þ˜éãÒ)Ÿ¦iìªnæ›-¬³-Àd6S´íS楓CœÓÆ4›‰òåÿbõ§o²ðÌËÈÍíÛâ°&C!„béôø0G{BˆE­ÚÀÂc®Šö0„"`íŠ/Xùá¿)H³S2. £Ñ@c››w±Q+¢-í|ò’ìX­VªÜż¼c9ã·­a^qqv#éIN’}>>åOøc2ù΅ןíÛâ°$C!„b”ðx<`”_ÝBˆ^>W;Ù) ˜Íò•‚"úv•meÙkÿG¢¹“)¹ F:Ý^Öl+gs{<›c3>ÕF†µ7{!#΂qæq¬-/aëÚw˜dßͬq©XŒ0&=Ÿ¯…>r ñ¹S8ë’käÿ;!2ùô!„BŒ----Ž@*²Boj±Á`@1„HaÖ¥ûuéÆaßtëÓ™u)‘ŠÑr¿"ýYꊨ Q#ð€S]rïPÂŒ¥OºqO)MŸòÜ7…9èü®?TM£µì+~pÆILœ8q¿oC!†ª©±žÿ>ÿ´V0.+ƒÁ‰ÏçgýŽZ6ש,·˘cláË­¥;èŒ?¥;ØøÍ›LKt3-? €ÂÌ8<¥ç…sЊ̽«-{·-ãŠ_<4ˆÑ !ÄþûrÙRV¼û2©1›ì@Q µÃ͆òFv(cùºc ©7N›°ì×µbÌ06-žu­'±b×.æò-3ólÄÙÄ:,Ø}-,{þ~>}s ‹/½‘œ¼1Ãs“Bˆ€8\Û´“W3'fL¨}«·“Ueä8’)tfì÷õýšÊúær\~3 °†ç©©u·ðyí&ŽOŸJÜ0ÍYZ¹š\G2“ãó†t®ÝhaaÚäa‹Bˆ¯½½ºº:¼^/ª»-LPè J((ÀB¸ `P ÄpÁ}]Ãýs¸ ŠÅÁ¤½… jlÁ¹áÚïiÓO 1T]CMíú³½r fNÆáYÈBˆƒcËúU|ð¯¿bñÔ“î´c2™ðúü¬+«£RKfiÛ‘$ÐJ¼¥•ý ö•hñáIJeYû‰¬Ú²‰y1»˜–eÅl„$§_çnžàÇ$-á‚þŒ¸¸øa½¾‡³8¼üˇiöv°cñ“ý¶ÛÝQÇ%_þ‰Ïj7¢v¿¡J³Åó@Éå\>ö¸A_WÕ4nYûwßö6m>Vƒ™óòðäÜëp­ƒ¿?o}‹ß¯™5§þ‘é ùûÕÀöÖJNýè~^|&Îøþ Î}¦ì®üê1f'cÅÉØï±!„8¸âââмíцbðlyŸkþtW´‡!„8 TíÝÍ›Ï?B{åVâ-fTUcSy=µowÎÇ×ÞˆÃ\ –á ö•fê Ó™Á+®Öl^Íì¸:ŠÓº|KqšðU®á¡_^¸™ÇqÁ7Ê ÌB ƒ8|¿j-k›v’“Öo»Í»9þÃÛ©v5‘dqrlú¶µVòmÓ.¾¿üv´Uó»©ß‹øºg|r7oU¬Ä¤9:u“•kÖóüÎYß\Î'‹î&ÖlÒ}5zÚx¦ìƒ!Îÿl~cHçmm­àÇ+ÿ:¬cBqpÅÇÇ£¹$p(Äᮽf%ò‰‹‹‹öP„‡°¶ÖÞxîa*7/'ÁiÃé° i»k[©h…¯˜Mie3ã, °“n"¥ ‘®4PiÈáéÆbæ7®bFR'y ]™©Úuïpç 3ç„ïrÆy—”q q¨ŠZà°ÕÛɲšoy¿jÏïü8¢sîXÿ Õ®&æ§L`Ù¢;±º¾=xºô=®þúqîÙø*W;‰,{RDý½¹w%oU¬Än´ðé ÷0+©€]íµÌ}÷—¬iÜÁ_ËÞ㦠‹#¾/¿¦²¢~;ïU­áåòÏÙÝQñ¹áìj¯å½ª5,­\Í¿v9è󽪟‹¾xˆöî•B!F—ÔÔTRSSÑ4 …Þã ½iÉŠ.)3(%YO—úè÷ûÛ†0íýjïµ F]mÅ0)™J5JaÞŸúw"µz¨ý÷íOR´iuÃ;Øú…a…ym÷ô¯©jﶦoëÛêêêÏÕ÷ò\]ÿª¦áÚ¸”뼉'Ïý !„Žßïç¿/<Á¦åok…«UUiîð²³ÎE©mìôc÷íÀjµÂ~fé • ?©j «½¹|^åäغULOv“âƒA!ÞÐÎÚ·žfå²%œxþ9òØ£2N!F»¨kÝ-d½v>Í?pãnåµ¼ºû ŠÂ+Gþ24øaá‰,­\Å¿w/çÏÛÞæîiGÔçC[þÀï¦~/4“Ês®åœOïç‘-oòã¢ï`TÂ|ëcч·óq͆ˆïk -}~ýø~õqëºçYÙPÊ„¸l¶´ì¦‘ !„8ØEÁÙ¯#!Ä!ÊÕPÉļT’’"û¢\!ã£7_á«·_Ĭ¶c3PU#ŸÊöÊfc‹xµ:])³¬Ñ öeöwbs7ñaŸwXhû–©I^&0› ]•¼û×ß²ìÍW¸íOG{¸BŒ:Q š§gÏ ü\ãjæ˺-ýžóLéø5•ù)Èq$ïsü¼Ü#ù÷îå<µý݈‡Û[+YVý-çæÎßçøiY³ˆ1ÙØÙ^ÃûUk99sÆ€}ÌK."ÁøyÉÞZŒC‘eOâÌœ¹Ÿ×4î`W{mÄç¿_µ–7½Áì¤q\?þ®øê±!E!Dô™Œ2wMˆÃ™kýn¼û×цâ³æ«ùàŸOâiØÁhD5QU-{›qÇäñ_õ(Z7nAu•î߬ðÈÔYK‡×Ë’Ø)¤$•SÄ^|šŠ_S¨uQw–F{ˆBŒJQ &Zœ¼~ô-Ÿ—V®æÔîè÷œÒ¶*NÊ( yü¤Ì®ýuîZ¼®`\Ö^ @3=äªÌVƒ™…i“y«b%ÛÛª8¹ßÞzÝ_rYÐ϶—ÏÇ­y#<{_§eÍâ´¬Þ ë¿~œ¿–¾ѹuî.[þ0“•üŒ¯ê·yB!F»ÅÔ›¾ˆ>ÅW ¤+ëSõiËA+,Gp­pm‚úé³òë`ú'ÌêÏC5ÜéÆCé8Î-¡áý±1¨«»PßÔcM·JñÐ/¤…ÜÖÂl«aÚëõ¤ík=ÿõiÈôþ; JIîol@ûÎÕ?g û¾wBˆ¡Ø±u#K_x„Ú²5 (FPUvÕ¶ÓaLdeìÙìÝ[¿sŠyÆ`´ÌʵsfÎV¼mutzUÚüvªjjqšU !>÷ !6"G‰Deg#Ù!f$YœØŒf\~/•ýÙC÷j%Vu·m®øê1*;yzîõŒÍ”À¡BÆäd±µ­‹3è h(šˆ8ia‚yú „¾aDª0QÁƒˆýÔ=Ô·ï¯Ýp™s$‚EkŒ‘Š‡Þ¹xý)‘öÙOÀ0D“» üÓ´ ÚÖã qnпýk¹OPP_³PÕ=µíûò{:ÑÊ>æºÛþ¦…BD®¡¶š%ûåë>Áãq£( ƒºV7 +UYßaC†R¹ƒÏÃH&9Œ\8À½½ µÓævU5ãPˆ³v}‡£FËWsBŒ,£'pèê Þ%YœaÛ$Yb©èl ÊÕÄ„¸ìþûë&[cöé9Våjìp£îñmo³dï ÎÉ=‚« ¥¬B*Žš7‹5ï—b7;ÚCBD-+_åΛoÂh4ߢ/BˆÃŽÛåbÉßfËWïàîl üÒÖéaO“ŠZpË;Æb«©Äâõ2ôܹƒÃhP8s‚ Ên¼®N4£‰j—‰öæ:âLªJ è©š9ýBŒ,£&pXãjªØW¼ÙAEgÕúzú‹ïgfbϱ*×èšq¸¡¹œŸ¯~–l{2OÏýQ´‡#„bÍžY‚á_8âpÑ^µ©¹ L™2U?ûQ!"¤iï¼ú k>|wK=¾îÿK|~•íUí²KX™<1ÕÄùêñDy¼‘(N†E‰•øÚjQý*£“Ý5hÀç[))H&ÑÒuŸ~ÅÂœùÇEwÀBŒR£&pg¶Sçn¡ÃçÛ¦½û˜#‚åàcÍ6:üýõç ÆhÌP£Êå÷rááöûxnþû¡)„bô)((@k«y¬g’>°`2›ÛúJýŒ%¿®½ÑhìÝïïML2èj%*aRžénô}~¸™QŠ6º¿s†"’³†cþV¿×Ñ4ÜíMX»ṠBëî§ëb¡¯îïX‰à¹ôs0Ôôᾩ¾!ú Ÿ°«ï&Lºqcѧ‡­e¨{ý‡MsÖ×)ì©_¨OOÖ´Þûë{Ÿºz‡èÎUµžšˆÝ}©~\kÿÃÍ}UUIII!%%%Ì !ľ–¸„/ß|ŽŽºÝ¸<½ÿ·m¯l„|ʦþƒ»…Do=ÞQPÔ#Þ§ŽiÆÚ¼ µÓÁlgWM&_-ñ6X¹£…Uë·’—:“ØD…ä܉\ô£[),ší¡ 1*šÀaº-²¶j…Ù`Üló0‹*3ºS,ƒÛö™©–~Ù_ÿƒZ sd+ø2(âš½+æúÙùþ3¶1£0?h¦XB| &{Z\¨5ÄÛ*;cH1vMRU°%årá~ÎÄi3¢û—ò»7,'..Žf¿‘ζNãã±ÛŠhl¨§¥j;ŽÎV.ð¿@…ó$66Z†ãvƒóëI®[Ž§¾ U6ÍAuE 1f•j·÷W–26'”,~£9'žÃü ÚCâ3j‡³“Æ1=!ŸµM;¹{ëÜ>åüÀ±­­dmÓNN^ö{®*<³ÁÈ ;?áíÊUdÚùyñ™ûŒãá-Khð´ñÇ%pø~ÕZÙú&v£E‡B!"rþY§sçsïb&]Y>w'eK'Ö×ÀÜɘu«XGÊáp0cêDêêëÙöÂ/I˜q&iS¤þðáª}Ïz&&ú8ÿÜs¤®¡‡¨ÇœÇ|¿úðûý¼óï¿‘l‡â¢žzy)Ž¸®«o÷ IDATDâ} ˜¬ÔÕÖÒÒPCzv>ŽŒqxj¶’’ÉêÄÝ\AÅæ/oYÅäÂcù .¯wàkhN“ù† xvƒÇçÅh²°·Åƒ§½š8³u»ÚY¶b3s¦Œå’ESP¬±œtÁ5LŸ=?ÚCâ6ª‡§dÎàßGÿšs?½ŸÇ¶¾Åc[ß »pÌÑümþOÕ_‚%†e‹îä„Ëgµ›ø¬vSàX®#…Ž¿ƒçè©o(„âЗššJjj*ÅÅÅÜ÷è3À‚_UQºÓ ºà•>ð”Âì÷‡ìߧ›ífÔmûõõu³éŒÔJ샢(Áuì”Þzo½;C§”†Áv÷À3þ4-tJkØö}~Þ³ü5¼e_2©` qqãÕW()ÉÉ$'%±k÷'l^»”ì®!&57øïPŸ¬»Åî7\Úr8Aiíºç>l}Ë ‹éSuõ YpŸTè@ŠoèÔjŸþu®Û.…_âþpiÓªªêÒ5]Švï8U¿?0WS5ƲeüæÉGIJJ"5Uf !öµzùÇ´WogÖÄB|~?­mml-ÛE^vÿ>2ILËfÕªo((OSs;9i‰8cMy쉸êwѾéNHH¡"uŸïNxÀ Àtû^¬»—ájmDSýtbg÷ÞZâ¬*5.xëóuX-f.9ufƒŸÂY‹8çÒk#šá/„Ø?  uvvb³Ù¢=–ˆ5yÚù²~ +ê·“ëHæÈÔ‰Åf ¹?ŸægM㾨ۂËïáÈ”‰ÌN.Äjü¬±ªªªÈÌÌ$>>ž¦¦¦hG!F´K¯¼ŽõÆÉØ3@é ég½tÁ?«µ·ô†>à§_(E®>p¨o3ØÀa}Þ܇z¯ ‡A58ìѸk=5Ÿü‚ìT23ÌŒ^¯—­¥;i3&‘wÒÕ˜¬] b=¡‡û[/²›Ià0üɺ6C já‚…õAÁ8ôû|úÛ y}à0ÔÂ.=C¿ÇEÓGæÙ?ÿ‰‰‰¤¤¤HàPÒü†‹Ï[ŒßïÇãñàñx¸ýÇY¹¡”N8‰'â÷ûÙ¸q#¥¥¥8­Î=a^¯ǃÛíÆãñÐÙÙ‰êj¡½nh Yãø¤£˜mu><^¯7pŽ~[Ó4, V«5ðèùYÿ§ÍfÛgß6ãýLö­¦½º¬kµd£•­{›°i¸|ðáê¬ÞXÆÇÎdL’Gj>߽ꤤ¦ üD !ö‹ËåÂn·ÎÀ¡8tIàP!"·víZ¾÷£ÛH<òr î³{ø‡îÖFv-}Œ›Ja~Þ î}¨ZZ[ÙRº ó˜¹dqNpýC :C¿ŸÚeáÞ_ÿˆÉ“&HàPÖåg.ä¶Ûn##%¿ßÛíÆívóâ¿ÞäÃ/VRßÔ†Ñd$9Þɤqy5{ …@±ï£³£ƒ«žÎ–:Å€!k:oìJ¢¡ÝsÀ‡)±fŽMªÄXó-~ŸEQØÓ¤ÒÖ\Ílà›íµüçÃo˜5¥£§ä‚É‘§_Ìœ#öÓ/Äa£'p8ªR•…BÑ+;;›¼$+õmXb“‚ÓX»é·õ W$«Í†YUYŸÂ2 ¥:õM¹ ŠMu½Ÿ@RÈîÄÁiÐ}Ûë³¢C¬æ²/ÕOùGÇX¿•ãò±Ûí7âbc™S2…ʪl{ñפ,¸Ä±%@ð½‡Lû+‚ jPNyP¢s¿=kh¥!÷v:˜6@¨ß“ž¼?«'‡ †[U9TŸAALMëMgîs¯úößü“+Î?¹sæ^_}@Bˆ‰N+/¾ô 7Ýp5F£1ðÅàÅßýç->)0£Pÿ(ÝU×`×F|F"~¿–Æ:ëªq·ubs¤bµÄáoÙƒoïjÎuÆ°'m*K¶ ïØ ,Hi¦@ÝŠ¿¶¿êÇ£Ø)ÛSC¼U¥¡ÝËëËVãr{øÁYG“è0’Q4‡s/ÿÑAùÂN±/ Ž2š¦ñþο^~§ÓÉ/n¹©Ó¦E{XB!¢@Ó4~zÝ•üìÞ§°,¸$\£ÞM5ô »H*aƒ1á‡=A(M ì×tû‚g.uˆA#ºÛ^µ?£iõåç2uâ Ç7\23ÒIOK¥tÓ¶­\Bî‰×b‹×ÍFë¾-%‚çTÿÏäÔ¿VqnŸ.´½}¯Õ;Æ zŠõ?k}Û÷9®ïoŸmý¸ôç† ö †¸‘ UÝØÕC}ëæoþÅ÷Íàì3¾ƒÃá %%%ä8…¢‡Éh¢¹| »«ÈËHÂh4b±XÇõÿg•WÖ²»¾“â© ÈÊÊÆårÑÑÞŽÝá ''‡˜˜Êwíä£÷Þ¢vçzŒÎì¸élØKªk9×姲¬y ßìÞÿqÆy91½cg ~¿ÅdfG³¯ŽD;”VwòðßßæÌEó()HÅ›Êé—Ü@Vvîþ_\1d8EÞ{g)}òqrÓX0}<¯—Çø~ƒ›ó;ÆßÿÂìB!F—üü|R­^\-XñÑÎ!£½n{?x’ìDgNÅ× ã òÉu¹ØüÞŸðÄaÌñ?À`’šÌ£UÓÊqÞÂ)\pîÙÑŠb‰MΠuw5¯þóŸÜtÃ5( ˜L]íõ_RlÚ¾‹­•mŒ;Žß®eÓº•X Øí1hšÆW_~ŠÝd$§°˜ÓÎ:ŸÞ§tí§h+Äåaõ5ãn­e¡–¹Sòxi»“ÝõC¯EåÜñ­äkÑ<>4ƒBu»‰¦Æâ,àGÁï»ÕÂÿ»j1&“‰© sÔñ§ çÓ&„" Ž«V®äÞKfrÿX¯F4ß À¢1>ŽÍlÁ„¿_Å•í{ëH°ªÄÙ A5gc-àÌžÄÙ—Ý0"ÿ q¸’ÅQF°ÒÒR¸çâÆ妣(>Ÿ÷ê{=Û~¿ŸÏGG§‹²=5¤çpëíw–6úVš’ÅQ„bhž²˜ÎñgaŽ‰ú``Ò-vb ³hŠ¾f~ñ ýâ(ýÂ*ú:t‚j,z¬ Á`ºÿ ZCß>lG¡îÐï7D8[°âë%¸K?cBañqq3”ïÙËîšÒþ€¸¬qý‘Þ÷þ ÷wî5 ¯û§(Jð‚.!Ò{®Ñ÷Üp©¿z¾îÅKô}ì³Az²~Ûãñô;®pô}4®|3æŒåòK.”EP„ƒ¶üËÏyöîHŠµ‚-ýâ6⽿§½^/.—‹›îü3L3f̘~ûܲy“&O¡tËzœ¾ú@mD·Ûê÷oÕp·Ô`°8øª=Ÿå•¦°‹£LÍ´pÉt#évªª¢j Ûª;0xÛ±»Ê8ô|®ít{èPœ,:ç*ò %‹Nˆ‘¢gq”ÐïüETUUUñ³¯ç‰?ÞÇS ˜Z”‡ÅbÂ`0`41tØ2 A»ÍJñØ,ÌîF®ýþ÷¸ùç?•à›B&þç®Ûi^ñr´‡1*5•odë ¿&µ}3sgLUAC€¼œlæMoå ”¾ñ ÞÎÖhIô£iõ8}V>—_ra´‡"„¥Ž˜$–„,L¾6žúËcx|½_N˜Ífl6‹êêj¶më…¿ßOMm;w®‹Å‚ÅbÁl6c±X0MÔwh¸­iXíNTOs̹qR c‚¿¤Š³j\?×Ì/˜Èrj ©Ôv(lÙÓD¬ÑÝÒ‚Ð4hhWɘzWþò~  1BIàpiiiáöÿw3¸ó6fç2¯dv›uŸa¨GO@Ñ`0ã°1© ‹öÚ\|Þb~÷›[hooöí !„8€ÆŽ˱³'ÒºsM´‡2jxÚ›Øöï{Q×ý“#JŠÉÊ̈ö†Ìd21±¨i9Nªÿ{/{>} Mëœ8øš×ü‡SK²¹âò‹£=!Ä(7eÞqøü]ÿÏÛ«xúÙç‚o2›Íœ}ʱ´µ4òõ×_óî»ïÒÑѱO?{öìaÉ’%´µµ±eÃ:Òã­AACUSPQ°X,x|*•íˆIíÊ>h«â$ë Î[Ó¬rú3œ•Ä1…6LFp«F6Vt¢ºZIŠ =´vzqÛ3¹ð¦û8îT©ó*ÄH&©Ê#€ÛíæÏü‘ò²mÌ+™HlŒ-~Ü“Š¬OIì¾Ææ6vU7²è¤ÓøÉÏ~‰U—n6ÒHª²B MGG---œ|ÖEÄ}5SWm £©·œ±Y·­OO·­Og6…IsÖ —Û·¦RàÏP©Ê>Í9DêíPR˜5UeÏ'/`¨ÝDñ¸|G¸^F­êÚZJË«ˆŸ}.ÉãçDô<ééÓji½÷p©ÇºTh}ý~ýkƯO³²_—¬†K[î3æ^¯7ô=鵚~×±–¯_æ‚çrý5WÝGLLÌ!ùBXüäò3I·v`6›1’ÇqÍU?Àdìý=ýÙò•ÜóðÓlÚ¾‹„„ÒÓÓq:(ŠB{{;( ä¤%rü¼)$Ä:hhj¡]³‘œNBj&6«•¶¦zj*ÊÙ¹i%šß‹Œ8îöFòÆOâÔãAUý¨~í5hÞNìf)É~¿·ÇK]‡ù§]LÑÄÉÑzú„èIU–Àa©ªÊßžý_V,ÿŒcæ•œ;¤ a¤mkZØSÛÂ9ç_ȵ×ßXyk$‘À¡BìŸO?ûœ«ó0ÉG|èSË0LÑ& ¨„©ƒ8ÔŒz‚‚}·u炈}V!‡aÚ„.X¨S·u9-«Þ`ü˜,RS’êqTÓ4²]»©löyüq$vϨŒ .dP½¾Úka‡ÝCŽK ³?¨ŸpõuÇC]W_×PÿZ W§P_˜_ S§0(èè÷‡lÓ;^ MÕ×ô¹Ziüôî¼ùÇ\pþwCŸ+„C°ìÃ÷yõ/w’kÀd2a6qÛ3¹æš«±YzWYöx<|ðÉrÞýø öVTS][‡Ñh$59‰´”æL+&?'·ÛÛíᓵ;ÉSˆËå ,¼YQQÁ”)Sز~ õe«õcí$˜=Œ+žÌÑófP×5M$Ç(ACUU©jè ¹p'yA4Ÿ6!D„$peKÞx%o¼Ê¢#çžqP¿(Š~ŸþgŸÏ·Ï>ý£¢¦šfß¿òj.ÿÁ•agŽDƒ…bÿyÞE”ÇÍ&&-_‡Ý:*©øð)²lŒÍË šy¨s»Ýl-ÝE»-œã®ÄhéÍ<Àá vÖï¡ó›—xèžÛ™={6)))¡ÏBˆ!zâ‘ÙñÕâcºÒ‹M&.#ç_xcÆä]ÿÿ¹ÝîÀ‚'=A?ýÏ==•Õ¼ûõvRÓÒ˜7o^е֭[G^^.Û¾~‹‘@ªßÏìS_<™x«†Q ^ü¤¹ÍE›Çiß»†ØQVGXˆÃ™£ä³Ï>åoÏ<ÅÂy3˜P˜·ÏêÈû“’<¨¶>?ßn/'61·Þý0ÚOK€…bÿ­\¹’˯»‰Øc®ÅlíM<‡~¯‡Ýü•O  ó±X,õrÈjjnfkY9æqÇ1óT@‡pà‡måk±íþŒG¼—¸¸8RRR$p(„vªªrëMWÓ¾«µ7xØÜÚNê˜ÉœsÎYX­6TUí7p¨ÿùÁ§_¦Õ¥r 'PTT@YY6lÀàïdRvl m»ËØ‚ 9£ˆ¤c X¨ª*n·—½Mn¦uSf̉ò3%„, d6là±?þy3&1sêD@–ôã¡ìóx¼|¹f+uÍŒÍËá£/¿‰öÓ C!„Ø›6mbÓæÍÜrÿ¤{u`¿YW§0\]à`¡n[p †ª_¨Û¯)Š‚A \Ôôuët¸ôÇúŽ«zõR<Û>¡¸0øøø½žöVT±£²ž”#/!.§8°_ÕÄ"ÊF Æaס0µQËPSÕÞÀ]ß:ˆÝÛAÁ¿05 ÃÃì÷… † nö|HîÑ´ömŠb;xâÑ?’‘1zÝBŒüæ'? ÏéÆb±t¥-›ÍØYÝÆÑÇŸÄ‚óѺƒ‡Í>limã_o}ÈÖ•¸¼*f³™»…ôÓ‹rASq¹Ý˜ì±L›<‘I9ñ]µ u³ +êZ±¦ãä³/9¬fù q(‘ÀáAR^^΃÷ÝÅÄÂ<Ž;r.4`Øo[ŸŸU›ÊØRVNIQ.ùY©Ô´k¼ôúÒh?M8Bˆý·iÓ&þýÆøÇÇ[ˆŸ~:pø[*¶Q÷ùßÈÏH"'+3DoÂï÷³}Ç.ê>ûg;“+.»˜””RSSCö#„é¼¼œÇü=qÞâtiËf³¯ÇÃî7óŽ˜Ïœ¹sQU-là0’”æv·Œì\æga5œ–ÜÚI­ËÄqg]NrŠüÿ'ÄhÖ8y«c"êëëyàÞ;IOtrã`³Z½ž7ÃF£Q·ÚžÖïþH÷iš†Á`úYõ«ìÜ[Ë+¿%/#™³Îè}³/ßþ!Ä!ëœ3óíúؼg=19S¢=œýâooÀß\‰1>£3tº§·£…=ï?E²ÅÃüéÅAQÌh42a\¹lyï!|IãÉXð½ À±œÎÆ :¾y…_ýèJŽ\pD´‡#„8Ìäååñû?<ÎS>H]éJ2z9bb˜OKÅþüðdçpļ#ˆë·ÜDßc>UÃfgö¸²­€!€ß¯±£º•±%DZpÞ‘ô^…—Ì8füñÁûÐ<\xöiÄÅÅ°„}ë#†Z¥º¶·?ú »ÍÌQÓÇ‚Š=j;þñÚ[Q|Æ‚ÉŒC!„صµµíšš®¸î'ø'Grïì;}Pͤ¯_¨ßÖ}¹dÒÏVÔ—ô¦@ë0_J)œ®¢v^¨‡Þ¦ 6¿p+6›•„„ópL9ƒ¥»~£¦Rù嫘j7R<.Ÿ˜˜˜×áÕÕ5°m×ì“O%©xAÐß“þoS¿?ÜL½PúÎ2 ¼ U»°{OµŸÚ‡úY‰=üúqEP›Pß·~¶bÐ,Fݹû|ÀÖ4Z6}H&Õ<öà½$&&ÚÄÄÄàp8BˆƒéÝ·ÿË'ÿ}‘üD‹%xö¡ÉdÂd2Q]SO]‡FBR*)iiäçåR™CÍ8lîô‘’œÌôüÐzgúý~*j›qYÒ8å»—É—vBBdÆá0óù|<ù—?³sû&®¾ä<22Ò½ážA¨ß§?Ö³­( .—‡7>ø‚ÎŽNŽŸ3›Õh§(Jï¶Ì,BˆCŽ>5²¾¾ž?ÞwWÞðKLÇ\É „_4BO¿W8Ñ ºàŠ¾½~”ží¾‹\„¼fŸÀ¡´í\ÅbÆn·S^^Nbk+ñ{×3õt\>¶5o0~LiÓ'÷Û·/%%‰ääDvîþŠò|ô÷q¤ä„ "êtý¥’ÁiȪÚð‹àµ§iZè×M˜ýú b¸@g¸z[úñÝ«>è¨;×ÓZOëW/rÃßãÆëÿ²O!„8ØN:õ;Lž6ƒ—žý ®†ÝŒM þ¿RQrs2ÛLTÕV|¶ ÁŽÅjÇh2aµÙp:øX¬9>™X»¡+`ØÝ][§›òz7óO½”ôŒ¬(Ü©â`Àá~Ò4W^ú¾û×^~>ß?ç„ cªªb0‚|¡öõ$LàÑãñðî§+رk/ ¦#)Þôæ¼o­©þ?¾ !„8$%%ñè¿çÇ¿þqG_ƒÉ6ÊfäµV“‘‘ËåÂétÒÐÐ@{G'iê›$ÇÇ0mÖT)¼> Eal^Ù¶~ówöâÉ8öA+s‹^­[?#¦~O?t“&MŠöp„"Hvv6?¿í.öìÙÃëÿxWýn ÓCü·X,ÌžVÔ»¨ŠÁ@kkÎ;iN`†!€_Õؾ·ä‚Yœµøøƒy[Bˆ(éfûá½÷ÞåÊK¿GºCå¡;o¡h|aÐqƒÁ€Ñhì*ß( ·Ï`0„Ý×w¨}šªñÕê<ùˆ³™8ëøÙ¤&ÅØQ‘—€BrrrxøÞßÒüé“øÝíÑΠ(Žd CàCKrz¹cÆ2½¸€Âü< 3‹Å”‰ã™še§þíû©^ñŸhiDñu¶ÒðÑ“œVËÿ=ùiiiÑ’B„•““à ¿¼Ë~v7õæ\ÊêýÔµzû=Çh4’’’Ì‘³§k:V]ßʦ‹.ü)sŽ’ ¡‡™q8+¿ù†Gÿøgž|,ßscèà›>P7˜ôãÁÌ6TU•­¥å¼ùágd§%rî s€ÞÙŽú´ä}fjHª²BÒRRzQ…‡î¼•ŸÞz7)‹~„±{&™_ŸŠªKç —Î¬OùÔB¥±* JˆÙ튢µïI3UtýhšH5í9×›Jù×å8bœ$¦e2¡ Ÿ„„øA=bðâbc™[2…ʪrÊþõ[âf}—ø1ºEvú©OØWÏûNªw†Ö½bq¨>ƒVXÖí5®piËÁu u)É!†ÕR¶óÞ¯yäŽ[ÈËË üû’:†Bˆ‘.--«nø%š¦±fõ*Ö~õÞºZ’b<ä¦Æ…<§g² @§Û˦ÝL?z1sóÇÌ¡ !¢LG„mÛ¶qÿÝ¿cÁÌ)œ}Æ)X,–ÏÑ4mH‹¢è÷éAéùSUUöVTñ×ßÅb2pôÌ¢}‚„=×ïys*€XÕùõ÷¤ ’,Ž"„ΦM›€®ßg¿úýH:î: f&Sï÷ˆúm}àP¿?ì'ÝÛŠnßíp³]àPíHjÙò9®Íï‘›•Anvf¨ÓŦª*Ûw”SÓ®’zÌ°Æ¥„øéw= œè‚=_ªöÝßßµõ5½ëëaFÄ ZTן¾~gÈë5;éXû§·€«¯¸,0þ‰'ö;v!„é¶nÝŠϗákk_f|äf$‘›‘ŠÅjaÙ7ÛÈÉLÁœ\È‚ãOöp…‘,Ž2HÿûôS¼þÊ üïc÷ãŒø¼žY‡C©Wj6¢Ñh¤­µ¿¿¶”††FŽ›Ý»ð „öôj¢¤w !ÄágüøñÜÿÛ_rËÿCì‚ïcŠOŽöBòv¶Qûés¤XÜL›15(x).ƒÁ@Qa>y.›?{‚zg.é .Â`<´ÿN¼íM´­~âìxnþó$$$D{HB1¬ŠŠ&PT4!ð³ßïgã†õ¬Ú¸¿«‰6¿‘yg\%„8ŒÚïö†QSS=ÛËvò³[ïâ®[~Bê Vê úõ,ŠÒ7Õ¸ï¾pÁC·ËÅko/cݦm5£ˆä©cûMCî µ_“åQ„â°4±¸˜'º“ÿê70ã<ì)yÑRê¯a­ÛĬqùÄÄŒ²Å\a6›’)ihldË’»0Gò¤…ÑÖ°Sý^ZÖ¾E¼·š‡ný)cÇJZžâð`4™:m:S§MöP„#„#äŒqrÖq3Ø[ÛÈ)ç]ÁEß=ƒ]u¶˜ÈfꃃúYˆ¡öég ü>Ÿ|ù oøÓ'är΢Þ:†á°o1Ô>E‘À¡B.ú¦UñÙûorúYçÓÜ4›˜ü’ TM“ÙØöù|mýlu³®l‡~»¾ÒÖ4Ç]Q‚j"öèùýä)ý‚³gJí¸*)1‘ù³Ùµ{»^ûçìóq¤Ž ª‡¥êêUêÓ„Ã¥ëišH3›z¬Û­O=öë^«Aõ8õµ û©«Ø¶íK´òåüìº+8rÁ@R’…Bqø’•1"dµÙQ…Ì”DΉ´Žá`Ó—y_,„‡½ää®ÅQ~zãuL?–»üöç—]ÔÛHÒ@o IDAT/R¢_‘6ìJʺßA½M´ž6šÖ›®Ü½RnJR"õõõØl6œN' 444““C\\œ|ñ59Nf—L¦º¦–moÞƒeÒ©ÄæMB¯–RˆôdM—òŽþu.=9è2>/­[?…Êu\zÁ¹\úð?°èÒî…B!D FÈj±¡ªG v·ÆƲ ãä¤ã°qÚÑ%Ô7µqö÷Ìâ“ŽáÇ×^#.iŸ~ú {jº].^ü×>ûjGÍ,fæøl ÿ:†¡…:¨ªMWEãÁ{…BŒH=C€Ù³fñüÓò›;îeOåâKÎ@1(¨þÞ`Œ>p¨¯WTË°'(¨(Àaߺ†J`sßð‰‰‰œzê)¬Y³†o¿ý–ôôtöìÙƒÙl&77»Ý¾ß÷.†_zZ*i©)”îü‚Š-;÷"̱)¡gŒöLìyÏ¢F8 ª›¦–¡AQð»ÛiÛôææ]\}áw9éÄ¥~¡B!D?$p!«Í† 8v’°`ôwÐÒæbí–rÒS“™BjRg/šKéÎ],:ûr~uýe,>ã;-Álô«,k,ûäsþþÏ7))ÃwOš?¨@`¸ã×ó°Z­õyB1ò9NþøÀݼ÷Á2þòÜ#8ç\ˆ96åà @ì)))¡££ƒ;všš €×륬¬Œ¸¸8233ƒ™bdP…qcÇëv³yÍ‹Ô’ˆŸó] ¦èÌêó´ÔáÚü>IÆn½òRJJJ¢2!„BˆÑFÞiG¨+}EÁn·c´[i«w>ØÔÔ·PßÔFnFYiIŒ“ɸ1™¼ôúR{öþçö›˜>k.Š±ëéîIYÞ°a>ù9iIœJoÀp¸Ò ¢`“À¡Bˆ0N9éæΞÉÍ¿¹“zûX⊭€|àtýþòz½(ŠÂ‚ hhhü>ôù|øý~ZZZhii!--””I_¬V+Ó'O ©¹™Í?Š'k =(×Vý^ZJW î]C~F?þÕ•t“z™B!„‘Àa„¬V+ 1±Ž\MÕûÔÍÙ]ÕHMC+ùÙ©¤&Æ1zn¯—_ßóiI‰ÜûOÉSDee%÷<ü4~¯‡³Ž›ƒ!Â@!Dž†É~P0™ÍõyB1²ï³ï£wÿËo︛ÿýö©g`ÌëMí4{K^(ÝÁ˜Hß ÕF1Pº‡qqqÌœ9“õë×3sæL>úè#RRR°Ûí´¶¶ÒÒÒ‚Ó餦¦†ºº:rrrˆô=‹/!>žy3§²nÃZk p$g÷Ô½Ÿ •¸¬úýøôµ4õ_C÷dšF{Åfü»¾&Öäá²ÓNâä/ÅjµJJ²bØhõ ø¾Y‰iÁ(üÞÑÚ;ðoÚ„ƒqBD¸“ÖщðX0¢8cöwèøV®À4kfÄçø·—¢54b,’?`{­£uûv´ö ã 1¤ Oæ‚ÖÖ†ïó/1Íž‰¢+µ–ªâ߶­­ÓÔÉa=[­­ÿú ²21äåîç¨Mãÿ³wßáUÖ÷ÿÇŸ÷}Ÿ}²È&„°7Pâ:ÔZ[ªÕZkõ«VkÕªÕª?­mµØÖ-jÝÅ¢ 8Y 2„„0Bö>ó¿?9ä˜Híûq]ç29÷8Ÿ;á2ç¼îÏçý6ŠK°ÊÊPóú¢fe¡›±B> ;Éáp`Xn·o¯d>ØVB¿ìL¼žØeÈaÝdëŽröV×Ó?;x¯›s&£¶¾‰K®¹ÌÌt<žxN?qWäZ=± ¹3ÇØíR\!ÄÁ]òÃïqþ9Óøóc³X÷ÉçÄý>Žø¶µ|»…e ¬^½š1cÆPWW‡ßïÀç󘘈®ëTWW“’’Bii)n·›œœitqŒ ƒ466âv¹h²º¶Ÿ¿z7ÁíK°7ïåŒIùÁ¯n#%%Ef !zDðÅ—ñ?ò8 ïÿmXÇ7%Ìâš{;ú«¢7=”8/ö3§âù÷¢tP«7üþøÿò(ƶ"hõÿ1û™gà¹ëöà ²t¦ŸýÛˆaĽòÂwµ‚AüwßGhÁ‡XÕÕÑç3.Às×()mߘ•øø¡ÿ¼s£G:Ï=wa;á¸C;úÏñÝq7q/=‡}Òɼ…ÿ‘Ç >ýX !„è4¯×ËÝ·ßBYY÷>ôÕj2Éc.@éæºu-3ìv;º®³zõjE!!!ÄÄDü~?MMMÑÀ0>>žæææh­Ã­[·’””DïÞ½Q;9«Ct¿–eåõõõÑOA‰™0x8BM5øŠWBåFîÏoü ùùùò;Bô(«¾žàëot?}ù4ͼËïGÍÎÂvüx¬†Fô_z{fÑv➪Møxú9ü÷=¦‰š‘Žm XMÍèËWþ`! K—‘0ïÔ¼¾‡4þà«o`Õ×ü:›šhºâjôå_ ¸ÝاLª­C_û5¡ÿücË6Þy#fŸUWOãßÇÜS€6xjfáÏ—blÜLãE?&î¹a?mÊ!Ý ¾ør§öm¾æzBó惦a7%1}érBïÎÃ(ÜBü›ÿFé•sŒ±e+ÿ«º%)Û„0·—`n¡ùÆßb–îÂuãu¯¹£”¦™Wbl/»ۉǣææ`¬ùcë6šo¸£p îÛ~Û¥ŸƒGš‡äp80Mp¹ôJî…a‚ÛåÄåt°ak1ñ^ù}³Ñ´Ø.ÅÕuÍÔ6”—FVZ/U‹.áêjØÑöƒ'K•…B®ÔVKŒ222xûß/ðɧŸqσ`öMü “P£µ|Õ˜îÉÑ/[Ÿ°Õójë¥ÍV¤ƒnEEõõõ$&î_‡£K•·mÛ†Ûí&SWWGNN~¿ŸÝ»w“M]]uuudee‘””$õ0˲hhh  ÅnPÀ0ô˜.ÈßØ9¾Õs-¡£¥‡iܽ ³lš¿–ýûpÙ•ròÉ÷Çü~[‡2ãPÑ- }í:ôÏ—šûæî=ÜÝ h¾å6,¿Ç÷gàyð(ûjË›e{iúù/Ñ×~ÿo³ðüá÷û_fÃ&ü÷>€ëWWãþÝÍÑmæÞrš¯úúÚ¯i¾þ&âÿûV§‡oÕÔ^²ý³%ß~§SÇøn»}ùhCÿÚK(ûþ[¶Òxá06l$ðϧq]÷«è1þÂÜS†š‘NÜ+/  ̼~]=¾;î&4÷=šoú-I«–Bg›YƆ„?[Bè½ù…[zˆ¾ty$4´Û‰m6¶ñã0Ë+h<ÿ{[·œý ®ës\à‘¿aUWc7–ø×_‚}Ÿ•ƒ/¿Šï¶;ñ?ñ$Ž_‚šžÖ©¡7ßú{ŒíŨ}ûÿÚK¨Y½£×xæyü÷>@àOc?íÔÞ‰)DO’à°“œN'¦eáöxHMIŦiäfeļQ]½¾Ì´òrz·ù€ÒÐ 7SCÁBÓ´ýwÞb€ˆv‡‡B!®¥£qk3¦_È ‚¼¿àC^xí ÂIHr*šÃ bkF¿V"³ÏÐ4´–Zu¦‰ièøƒ!–-[†Ûí¦wïÞ”••‘””DQQn·›üü|;wî$--êêjìv;999„B!ü~? ìÙ³‡ŠŠ rssñz½ûgÝ‹¡(JtFhG ]ÇÐõ˜c¾ùuËï)P»‡Àε˜UÛéçdúÉ'pÚU¿&++‹ÔÔÔ˜@[!zJã¥3Ñ—­èôþ¡9s1w”¢ææÄ„†jïL¼û+ SÏ%ôú[¸o¹ Åë øÊ«ØN<>&4P33ðþí¯ÔO:}Íט»÷ fgt,úš¯i¼ð±õaª®&4o8ÄÍ~6hqþügŸEhþ‡1Áaø³¥8~tQ44P’q]w ¡¹ïaÕÔbn=àïÖš¯½Ð»ó:=v€ÀSÏàºöêhh f¤ãùóƒ4]v9Á_ÂuÍUÑpÐܽ›Ðü@Uñ>ùxôyç/!üÉg„ç@ð…—pßrãAÇ`–ì@_º €¸'ß( ®+/G_¶‚ð‡‹Í›/Á¡8¦IpØI-3Ý.)))8NªªÉÊH#!ÎKm}#( ºa²ìËõôï“MVÆþ7³š¦í»®D»*1bu}qI©¤¦$SXXHZ¼EU{.@DÁ!5…BEQ8ç¬39ç¬3Y¶bÿxöjm)Ä Ÿ†ÝsðâéížSÕ¨nçq())ˆ.E®¯¯géÒ¥ôíÛ—aÆQQQAee%~¿Ÿââbòóóq8ìÚµ‹ÔÔT,Ë¢¸¸˜¸¸8²³³£çݧeYr]]ÝÃÙHXÜñö@Ý^%X•›qÍ ”ÏÙ—ÆÈ‘7´YÕ!„GŠmô¨˜&(á…‹cj~“±i3öӦĄ†-´ý±‰¾úKÂïÏÇñƒïEŽ+*Ž¼^«°«µHSÞ˜{Ê06mîTp¨Äy±O==ú½¹sWt| ¾þ„Ã8Î=µ‡®_ýûi§Æ6y1 ¬ªªÈøÛiº¢ ÌGIHÀjhÀ¬¬D£sÁ¡6löV³×õO?Ç :Üß,¯ ¼øcgOk³Ý~Ò”¤DÌŠJ ?Â~ö™‘k~íM0 lãÆ¢ff´9ÎqÎY‘àð•W;Û#¿KÅãFÒ¶ñ€}≄?\tÐ߇G›¼sî$§Ó‰n8N’““ÉÊÌ  P²«ŒÔä$Rz%’Ò+‘Šª4U¥¶¡‘’]e ÉÏ#¥W"šª¢ª*Š [辊²o6¡e¨Û‹¿b;jÝNÌæ*¼.þy}9ñäQLœð=zõê=¿ÌBMîÛn‰ù¾nàp¬`°ÃýÍ¥\ÒªöÍ…Õ_bìÜ}N+È}S&µ{ŒÕÔ„Y ç´ý;5v-qO?ý>øül|wÝ{ÀcŸ|Dš±´Gñ¸±ýÒ°7ŽðçK ½=ûäSbϹè#¬†PնǀëÚ_Æ|_?a2Ö–Š›;w‚e¡¦¥µØiö“&zï}Œ’´Ì+lùuÔp¥åz¬ê¬¦æƒw¸v8°ŸyZ^_èàÆ—Q\R'—B-vR¤«2šë©®®âg¿ü5Ÿ´/W.§¢ª†»Êè‘Ffz*™é©ì*«Àa·Qºg/Ûvìâ”ãFD‚C‹˜à°¸¼žK.8 ·Ë‰aÑš?6M布>¨?_|µúÚ*zŹº5@„Háy!„âP ÒvÆÀ!C˜1}:Û·oç÷?ÌŠù¯¡f %nàIØ= ‘Z‡v† UMEU#o°N$¾ßxv®xOs))‰qÑ¥° 0Ã0X²d yyy““ ·mÛFFFýû÷§®®MÓp8ÑŠ999$$$ôðOè»KQššš¢Ý®;Ųh^ù®ä$† Èãôé'qÚ”ÿ£oßC+ò/„Ç"5'c_ÕsßìB«¢2úœçÞ»xÞðü FË€Ú/ï°ÇÙ‘–1©™˜{Ë ¿¿ýëõà÷GfN›ŠV0°ÍqΫ¯D_¹šÐ»ï£æäà8÷l”ôTÂó?$øôs‘}~| Jþí5÷]ÉHïpŸ–mVåþŸ½Y¾ï¸vf‘F*v;„ÃX•• í'OÄ~òÄ·[Á áFö6õ€çâh“à°“œN'†iâVì\øœÉ9 EVŸ~¬YµœÝ¥%ì)¯¤²F'§w:}szcš%»öàóØS^…¦ EÕÔè EQÐ ðzݘ–‚bß(îÐT&ŒJ³?Àò/×a…Ä{œ]©¨™q(„¢‡ôïߟ¿¾Û"Á¢cÆÝ8Ú¶ZÆdîÜEóµ7`Vµã¼ùø}÷M×·™ hŸ| qÿ~¦™WøÛ,›³Ý}Û-¸®ùEŽÝ*¯@ýÆϼ55)²ÍlZ1ÛÚ=®WfE%feÕa·VM-M?¿so9jZö“&ò¹„8$8ì¤HC“ÈÒâx+PÁºå;±Å§“W0Œä´Lâ¶l¤©±‘]eå(ªBNf:ùy¹èºiêÑ™†­gš¦é i膎ªÙ1-ÚÔÌp9ìœrÜ(›ý¬øj=n›…Çåh¶W;ñ›bô9Àî‡B!z–¢(Lœ8‘“N: ŸÏǼù xçý§h¶Ü(™ÃˆËÍé>à9œ ©dŸóJ7Pþå[ôÍèEÿþý±,‹­[·’““CRR7nÄï÷“––ÆСC)//GQêëëñù| 8—ËÅÎ;ÉÈÈ °mÛ6’’’ÈÌÌ”:zÐRÇ°¡¡¡Ã®È}ï#„ßaŽïM'ðäS˜;JiúÙ•xºmð …}°ß÷ìoVr2V]=þGÿFð¹Á²pßx}LC’ncÕ×Ð|ë¨ÉÉxî¿mø0¬ÆFÂsß#øÚ›øú jnŽ ΋9\_õ–Ï€âõ x¼Ñ€N_³¶sË|ƒY]yíÌjT#ÛÌÊê¶Ç%Æ·{ ©sYQ8vUøƒ…øî¹sç.´Áƒˆ{îŸ1X„8IpØ­›š¤'ºÑzvnÝMX󜕇«±‡ÓI0 tÏ^Ü.™i)¤§¤ ª*ê7j*­ „+(zÃÐQ4'˜m‹¾zÝN&Ÿ0ššº¾ÜPH²×Óao,@lyNj !„èI^ïþ-3îù‹«øå/®¢¦¦†…‹>bμÿ°§²+1Göâ2úÇ.eŽž¼ÙƒðfÝÆî5 Pw}Ivz2  QWWG¿~ýp:±wï^òóó3f ÅÅÅÔÔÔ°uëVúöíÛf–[]]uuudff’’’Ò£?“o«††‚¨éÕŠ¢˜˜í†Üú߇B|W(.ÞG¦éÊkпZKÙç¡ÄÇcùý ë¨}û`?á8Bót\Ñ4 ¾ðþ¿>ŽU_âtâù˃m‚ºîf…[u½Oˆ'~þ;1 Rì“NFIL$ð¯gðÿá~çž­á×|ýM„æÌE2Ï÷`;³¢ÿýúÏiÜZDÜ+/´Û€¤;(Þ¸Èu ŒF4Øt»ö‡U[‡åï¸ñJË9÷ov¶Çزßw£¯X DçxŸx´GCT!º‹‡] ìkpÒšCUÐ;‰fˆ;vÒ4±T'6·Æ€¾}ðùý”ì*ÃaÛ×E‰]ª¬(‘ó)šÿî6˜–nKGù0L ÕæÀ0ÚþÏ+1ÞˤãFQQ]ˆÂíôN‰CÓ´.ˆ¦©Ý(„BôǃÇãiw[jj*üðߣªªŠÂÂBæ/ú˜UŸÏÇgØ ¥?¶”~xRsQµØ·,I#¦¢LdÛ²×HÕIŠ÷””DII YYY$&&ÒÔÔÄÖ­[Ù¶m£F"77¯×‹ßïgïÞ½$''·ÓÞ½{©ªª"''GB­}MMMÝr.EQHJJ’åÉBˆï<Û¸±$.œ‡ÿáGÑW­Æ(.‰tS>~<îßÞ„ÿ?í×â3‹Kh¾ù6ô•«@Qp\pî[nDíÛµfc‡Bñ¸Q¼¬f®«¯l¿«òÿ]Kà©g1«ª"ו?c[¡9sQâ¼Ä=÷/Ô¬ÞÑýÕô4¼þ³¢ }ÉRBÿy§Ç–,«i‘›V]]‡ûXu‘•j«Ÿ½šš‚¹s×AŽ«ksÜA<…ÿ‘¿A(„š›ƒûæqL?¿ý›¤Bƒ$8ìUÕÚ‡-â½.NÚ‡½Uu|±¡˜šúf4U!5)žü¼\’{Åí›iHL˜íèhY¼³­Škßßŧå35ÃFpЇhv†Ñö®Ij¯DN>n$;÷”³sw½Ó’bf4(@ …B; Ä Aƒðù|¬ZµŠUkÖ³~õB|!L»¥W_l©y¸Ss±9½dL¹õn¶}ñoú¤ÆѧOl6555Øívââ⨬¬äË/¿$99™¡C‡¢uúÚ£ë:%%%x½^²³³ÿg‰†A}}}·--VU•êêj d…ÿ3””<þ1òeÅEfK-¾ŒØ™wƦÍ4þðÇX hýûá}ü/h#G±1(iiXÍ;ÚïJLdÉ®š™Y¶£p Zþ‹?À6qBLh¸ÿ ç÷/D_²”ðÂz,8TöÍh7kj;ÜǬlkÚô¸PË·oÆáºeǾIóu7zwhîßÜ€ëW¿¥Éâ[G‚Ã.PZû(;#…ééɬßRÊâåk(.ÙAB¼—“Ç@Ó4T•˜Z‡ÑÒ2qÙ5LËâW‹¶’è´óôéæ#Â…@Õ@ÑÚ4PÈÊH%#­Å¥{¨k¨##9©Ýú†­D éª,„âØäñx˜4i“&M"7¼ظq#+׬gýÚOi† ê&†bÇY@Ic=¶½%ôËÍ$!!@ €ßïGQ¼^/ |øᇠ<˜±cÇR^^NIII4óz½455Eo®577³eËRRRÈÈÈسï;β,¤îVWƒAü~?O>ù$ƒ·ÿAT!¾ÓZÿ …ÐW} €môÈèÓfe%M—]ÕЀãÂóð-!ZËŒDs×îÈ÷©—ûPzõŠì[\ÒM#mKÍ͉¼ÆŽR¬ê””¶« ŒÕ_ åäì?®¥ö—kÚ=¯¾ïÅãFídIÿýzw^dÆåb;ñøÎ_ˆÇ »Bi»T¹#£†ôcH~.‹—­åãå_²qKFB˜ªùbY.Ûþ_G}0Ìçmf@¢‹Y“ú¡øÑÃ! Ã@Ñì‘/ß -è“•ANf*[‹wašɉqˆŠ"Á¡Bˆ£.--­ÓKW?þx~öçü~?;w´”…ÛxóÍ7in¨%%%§ÓI0¤±±§Ó‰Ó餼¼œ;v0dÈN<ñDŠ‹‹9ýôÓùÉO~¼yó˜5kVLhV]]MMM ÙÙÙ$&&vß…ƒü~?ÍÍÍÝv>˲سg×]wÓ§Oï¶ó !ıL_þ—]ŽOâÇ P¾ñ·#´pqdFáðah#†GŸ¾ðfe%¶1£ðþí‘#=ì(ÇYgF:?¾Ç…mk*…[" T%ÚAZ6½ƒà @_ûudßáC{`ÔÚ€þhÇa¬ß@ø³%‘%Á­˜¥;1Š¶£¸\ا}Þ1ãB‚ϽHøó¥‘ÏÙߘ0Ô2£Òqþ¹Ð‰LÀ¬ª"ðül¼ÿ|Û¸±‡yeB=vÁ7›£ŒËéàœ)Ç1qìPJv—GCÔ}µ #až½Õÿ<¶¶³‹êL›»…IÙ‰üqL .³ =ˆ,sÖ@¸M€hYÐ/·7–iRX¼¯ÛAœÇÝ&@4M™q(„âÛÏívSPP@AAgœq×_ûKÊÊʸñÆ©¬¬Äãñ`³Ù…Bø|>zõêE8¦¤¤„={öPPPÀoû[šššØ¾};Ñ:‡¤¦¦²k×.***ÈÍÍÅårdTß.áp˜ú}]4»KEE'Nä™gž‘Ò(Bˆÿ)¶ñãPÜn¬êj³þ…û¶[¢ÛÌÝ{ðßûÎË~s\èßoà¸ðüè ¾Ž¨éi°ïÿ­Æºõ„Þ}×ÕW¢$÷:¬ñ;~ø=üú+Á7ÞÆ~Þ9Ø'ŸÝf5ûðÝqwd¿³ÏD‰‹4#±Ÿ<ÅåÂØ\HðÙp^13æœÆæB‚ÿz&²ï§Ål <õ,VU5ZA>ŽïÏ8¬±8/½ßíwxì ìgœ#–…ÿ‡"c8Î˶Ñ#ц ÆØ´™ÀÿÀõ×î{Q1Á¿¹æK/‰½®¢í„^+òº?¹4:s1ôևѠfdð÷©¸](Ò˜MÃ$8ì¥ 3[KNŠ'9)ÒÖ]ÅŠÎ8TMU±ˆÌ:ô::/+¦š IDAT^ýéîz&ï®çÒ‚T~5ÀƒåoDúÐ ›ÓÝnf Ð' ÃÔÙ²}'éÉI8ŽV¢‡B!¾›z÷îÍ«¯¾Ê²e˸ùæ›ñz½hšFRR@€@ €Ãá  ±~ýz*++ÉÏϧ¶¶6zƒ­EVVº®SQQAzz:EEE$&&Ò»w09–)Š‚išÔÕÕa´SåPÏÙÐÐ@\\Ï=÷½{·SçJ!¾ëlî[ ¯žüúÊÕ8Î= £t'áyó1Ë+°O›ŠóûC2«¡³²ßîƒ?ÜwÀ—ˆýåèÒWcS!'ÿ€ãâ fp¨$$àºîüú+M3¯Äñ½éØÆÁ¬¨ ôö;˜;JQâãqßsWô5;÷·â»ó|¸ðGŸ`›tr$L\·žà¾ Í6qΟ\óz¡¿Ž±­ûÔÓ»%8t̸à˯blØHÓ†ãÒKPÜ.Bsç^ð!Jr/\×^Ýæ8÷ïn¦éÊkðÿõ1Ìêjì“OÁØZDðÅ—"ËÇÏ9 Û˜Q1ǘ;J£?{û§î_ò¼u[ä¿…[¨Ÿ8å€ãµO=¸gþqØ×-DO‘à° ,”Ãþ€ÐÒ™¹åC‰MÛ_ëÂe;x(ùÊ–*^Ù¿“ÉÙÉ:Š¿™¯ Ã0Ñœ.,Ý×ÎÀôÉÆÐuŠv–ѧwª¦a) !„øn›0aÿùÏx饗xë­·ˆ‹‹Ãn·Çƒ·Þz+;vì`Ê”)Œ9’%K–ðì³Ï2zôhJJJÈÍÍ%##ƒÚÚZ–eQ__Off&ÉÉÉßÊú‡mo<ªp8LMM ÷Üs'žxb·W!¾œ—ýsO<…¾j5úªÕ‘ Š‚óGáyàÞ˜å°æÎÏ0<Ò\¿¾%1ß]÷zómBo¾Ýf?ï_jÓ]Ø9ó2¯ÿþä3Ÿ|¶£¦á¼ü§¸o¾¡Ç» +^ñ¯¾Hã/Gÿj-úWk£ÛÔ´4âþýÚ€þmŽ³Ÿ:™¸ý¦«MðùÙ÷-5pL?ï_îô6cTˆo°ü~ÿwnÉMO¸ò§qöI£ëÿ~ïþ£Áañ®rÎ;ëtËäÉm!îùèëNŸË®)üé¸ÞŒÐê †(6'zÀ‡iš†ÑÎCg×Þjªš¹ü×·2bÄ‘íÒu {÷î¥wïÞ$&&R·¯Ý½BѹãŽ;X·nv»=&ìs8œþù :”={ö°páBªªª°Ûíø|>t]§´´”~ýú¡ë:›7ofàÀ¨ªŠ¦idgg¯®óMMMÝv>˲(++ã’K.áç?ÿù·2DBˆžbî(%¼læîÝ؆ Åvüq‡½”øH²jëпZƒ±vJj ÚðaØF8`?«©ý˯0 ·@S3ê ØF@ÍÎ>‚# cs!úÊÕX>¶qcÑF@9Höa54 ¯þ cí:Ô¬ÞhãÇ¢õïw„-ı#àv»eÆaWh©òœÅ«Ø[UÇ©ÇeP^V‡çP•Ø‡v‡Ã4±)àÖº¶ :lXܸ|ÉN¿ŽO!#XC(Ä5¢¨¶H DÃßÞ•‘LJ¢Ö=K“„Bˆc]||ÈÅKkx´: %>\†‚>¾&ÍjÛúŒ–›6n`ö÷³dîlB¾ÆÃBñmqî¹ç²xñb¦L™‚ßï.¹mllÄëõræ™g°uëÖh¨8tèP²²²>|8‡ƒ½{÷’••…ÇãaÏž=„Ãaª««Ù´iÓ1QrÃï÷SUUÕm¡¡a”••1sæLæÌ™#¡¡B!Äwœ‡]™qØÞcÂè‚è×å5 î‡û½Ý¦¡ï› x¸Áa‹OÊšùÁJï½qÄ%ð5ô7£ØXíÔ ë«¾XÎ3þ=«¾…©wÏ !„âXf·Û¹í¶Ûxë­·ÈÈÈ@×õ6Kysssq»ÝlÚ´‰eË–aY£G&))‰ÌÌLªªªðù|äääDk"655±{÷n ñù|G¼î_8¦ªªŠæææn9ŸeY”——3bÄÞÿ}Î=÷Ün9¯B!„8¶IpØŠÒqp8(/‹Éã‡b³ÙÈLMêp?US¢³ UUÅa·GƒC—Ö½*^.nâ¢u_»ópzâ4Õ£‡‚(vg»Ý¬ü }8Ÿý¿[Ø°l–Õ}u„BˆcUZZ³gÏæOúS´qKçåòòrš››IKKÃf³±eË–,YBrr2#FŒ //¯×KYYÁ`øøx1 ŸÏGqq1%%%èºÞã×ÑÒí¹¾¾¾ÛÎÙй!:{öl~÷»ß“5…B!Dχ]`Y×88aä@Æí¦©¨Í,°¬Øæ(v† =R Iá/…8U’JF})~_3þÆ:,Àîô¢mg#ÔÕ72çõWX²x>§Ÿ÷}Œ:Ê…m…Bˆ#`ܸq,\¸_|‘§žz ÇCvv6š¦±gÏâããñz½TTT°iÓ&\.Æ # Fø|><.—‹ÚÚZÂá0¦iÒÔÔDZZiii=2±¹¹¿¿½¦h‡& QWWÇý÷ßϸqãºí¼B!„âÛCfvAK ÃŽêjš†ËéÀn³u\ãð³vápd‚£›–*·'hÂm|ÜZ™‘ÑU³a¾ÆZ ÓŠÌ@lÇÞòJf?5‹ç¾•=Û¾î±ñ !„Ç’Ÿþô§,X°€‘#Gâóùƒ¤¥¥áv» ƒ8NÜn7uuu|þùçTTT0jÔ(rrrðz½X–E Àf³áõz£³ +++Ù´i Ý6ÖP(DUUU·…†¦i²k×.Î>ûlæÏŸ/¡¡B!Äÿ0 »Àérbí›1x¨EýfphGß7ãЮö|ý£Ê Áõ› féýqöÎEAð5ÔbX€ÍÑîqEÛK˜õç?òÊãwQ½g{S!„8Ú<?ü0Ï?ÿ<Ã00 —Ë…ªªø|>TUÎ@\´h–e1nÜ8 p¹\X–Eccã¾i–e±sçNŠŠŠƒ‡46EQ0 ƒšššn !-Ë¢ººšÞ½{3wî\fÎœÙ-çB!„ß^vÝá@Q=4TUÅŠ­•¨iZt‚ã‡-66èüj«yÞáÄ¥g øð5ÔfÃj§³iZ¬]»Ž?ßýÞýÄ«Bq4ååå1gÎ~÷»ß ±,‹øøx<ªªR__Ãá@Ó46oÞ̲eËHIIaäÈ‘ddd””„±¯žqk¦i²mÛ6vïÞݦ!Ë´ÔJNKK#99ù°—=[–]æüÄOððÃãõzëœB!„â»A‚Ã.p9]4ùì*¯9äà°e©rë)ƾ ¶#¶X\æÚ]I¬ËK\¯TüM ø›Ql,%öŸˆ¢€®|±êË#>V!„âh:ýôÓY¼x1Ó¦MÃï÷ …p:¤¤¤‡ ôêÕ UUùàƒ(,,dàÀ 2„øøø6ç«®®¦¡¡††6oÞLMMM´!K{ZÞ;ÄÅÅQZZÊêÕ«©©©¡_¿~$$$Ò5…ÃaÊÊÊøå/É›o¾I¿~ýéþøc***;v, ˆY² Y¾|9+V¬Àï÷SQQAaa!>Ÿ/æ5EAÓ4âã㩨¨àµ×^cÅŠèºNII Ÿþ9†aЯ_?\.W§®Ã²,ÊËË9î¸ãX°`S§NíÖŸ“B!„ønà° œ. S'ŽÂ²àŹŸ²eÇÞêq¨ª*†™qhW•Ž»1 ïT¸WŒ:pvG¤aJsC  RVY‹iE>49[}0ùýïÛíî–G^^Þѹt!„¢ ’““yæ™gxì±ÇPU]×±Ùl¤¦¦âr¹(**ÂëõÇúõëùì³Ï0 ƒO<Ç@jj*}ûö¥¶¶–O?ý”ÊÊJ ุ˜âââh7fMÓhnnæÍ7ßäÓO?6AQÓ4 ”——³råJ²³³±ÙlŽÛ²,êëëq:¼òÊ+ÜtÓM1a¦B!„­IpØN‡ Ó4Y´b=v»ÓNÁç_òÎG«iò;·TÙ²b–)«ª­k¤* Õà0Âo*Ü·ËÉÓñÇãpG>ÜhšŠÝn>Üûžï ‰‰‰ÔÕÕõØù…Bˆî2|øpæÏŸÏ•W^‰ßï' ( ƒÆçóQ__Onn.ªªRRRÂÊ•+£µ† ÆäÉ“III!DŸ÷ù|ÑØØÀûï¿ýº5UUIOO'`………¤¤¤´;Ö@ @UUüãyúé§;ÜO!„BˆvÓåÎœ0 ]7øtõ&N;„¤//½û9k KQj±Ë”[º"B$4ÔŽâråoÚ¥¥IŠ¢`³Ù¢ÖÁá}÷݇ßïï¶GyyùQºb!„âÐ\tÑE|øᇌ?ž@ @8ÆãñЫW/vìØ C¡¡PUUq8躎Óéäøã§oß¾mÎk·ÛÙ»wo»ÍSZfêºN0$ã÷ûÛÌ 4M“={ö0cÆ Þÿ}FŽÙ3?!„BñÓñZцÃéÄ0ü,^¹‰þ9L?ŒÏ¿ÚLFJ"gŸ2†%_²¥´Œ3'Œ$%©mt¬HhhYVô¡GƒCë˜ Œ}t4EYúÔº†RK˜(„Bü/s¹\ÜÿýìÚµ‹o¼‘ÚÚZTU%///º¼¸…¢(lß¾ÄÄD1 £ÝÎ˪ªvXÿ·eõB]]]ÌÍÈ–.Ë–eQ]]ÍèÑ£yꩧp»ÝÝÑB!„â;MÒž.p¹ÜX¾:¦4šÍÛw³tí&ÊîŠ._ÏÄÑø!^[°œqCûsÂÈ|45vR§¶¯ÆaëàÐ0#5Ž¥Ê1¬È EUbÂÁž\ª,„B|›åääðÆoðÙgŸq×]wEW|S `ãÆ$''3|øp¼^o›ðPQ”;-«ûÞc¨­Þk´¼Nss3š¦ñÏþ“ÜÜÜîº4!„Bñ?F–*wÓåB× ±—ËÉäñÃX¶v+ÁΙG±¶°”Ý•µœ;y;ʪyù½%”UÕÅ,U¶°bê‹5[3ôȘ–à°åáp:òÈ„BˆcÛ)§œÂ¢E‹8ÿüóñûý톇555|ú駬_¿]×c‚@ Ãã:ÒÜÜÌu×]Ç믿.¡¡B!„8,vÓéDÎ:y ºn°dM!§Œ‚×ãbñ7¬?Ùé)Ì_²–ü>™Œ؇9‹W±ø‹è†ù °/4lÝ ¥¥î‘ʱ¶TÙ²ZBM-¶Æ¡Gf !„£ª*×^{-sçÎ¥_¿~„Ãá芃¼¼<ÒÒÒ¢ûîܹ“Å‹G›¤h¶a˹Û3}út¦L™Ò­×!„B!þ7IpØN—›nðá²ux=n¦×vÆayM=çœ2†¢]å–”qΤ±44ûyqîgTÕ5¡@ÌlÃȇ‚Èù#ÍQŽ¡_‰i‘Á©ªÓUÙápøX!„BD%&&òä“O2kÖ,¦i¢iãÇgâĉx½Þè¾­».CÇ3[?ß:`ì(PB!„¢«äe8\N;?›>_ ÄÒµÛ8õøáÄyÝ|´r#㇠'#•—¯gp¿† ÈáƒeëÈHIbâ˜Á쩬™i ÷_Á:¦–*Û,“–TSUcg:] !„]5xð`Þ}÷]®¹æ¦iǤI“?~|›fcšq¨( º®£ë:¹¹¹ÖRB!„âPIp؉‰‰¬\³‘¯‹œy"SŽʧ«7ÖM¦4ºÍŒÃm¥åœsò*kY½q;yÙé(€¦i1¢µï=¾ªX¨ÇÐRe‡²ÿʦ©ß¨q(…BˆC5}út.\Èĉ ƒ†AJJ §Ÿ~: >Ãá oß¾”••¡iÐõšˆB!„BtD‚Ã.=z4S/ü·ý¿¿Sºs'Ãòs¹â{§â°ÛXüÅŽ>€ìô>X¶ŽAyÙ îŸÍË×Ñ;­㇠`Wy Šº?0l [fjX¤{™| eÆ¡BqxwÝu¯¾ú*©©©èºŽeYÑ¥Ê-`{A`AA—^z) TVV¶{œB!„‡K‚Ã.švÖY¼üÆ;,Z]Ä“Ï¿†M±8oò8Î4–Õ›Š©¬màÜSƶ™q¸¦pGdÆ¡[ßPUUÔ}«’´Poœ=Û'"Ñi?º 83úµªÆ‡v§‡B!DwÈÌÌäå—_æ ǦiÆìÇoû[>øà¦OŸÎ›o¾ÉäɓȲfEQpÉÍ=!„BÑM$8<.—‹û|˜+®»•;ÿü+¿\ÃÀ¾½¹bÆid¤$ñÁòu é©qøáŠõd¥'sÜð|vWÔ¶iŽ¢ª*# dåÚÍBa캫úÛ˜7c$gæ¥a;ŠK—ã´ý_kÚ7jJp(„Bt«ã?žE‹qÑEE;+744DnØÙíœvÚi,Z´ˆk¯½6.Úl6î¸ãfÍšÅðáÃ9r$#FŒ8š—!„B!¾CÀòûýrwú0<ûÔ?YòÑþïç“’šÆîŠZ>\ö5ªªpâÈ|µ©„FŸŸé§Çߟy‰ï¼9Zìܲ¬è£ª¦ŽÊšzúç¦cè*_Ô*ܵ¬˜’ÿ¿®‘®g–/Å0  „¢îOÏÿÑUôîÓÿˆI!„ø_ÐÔÔÄ]wÝEAAW_}5@·[ê !„Bˆ#£åý§‡Ý¤ªªŠßÿîf†õËà{çNÅRT–½•U¶3ª / qn ÃdÞ‚¢ÁaËöˆ>¿Ÿ¿?û¿üÙEXzÃ0(N^*jâÙ{©éGìšNð9¥l†aP0xª¶?8¼à²kHÍÈ:bcB!„B!„GFKp(K•»Ijj*ÿxúyFžt·üñ1Jwìà”±CøÉy“Ø[]Ϛ 蓉ª¨¨-µ [Õ:T…O–®äÁ¿Ïæ×·üžþãÎ %§ÍfÇ®û˜™ ¯žžÇ”ÞñØŽPÑsw«¥Ê6»=¶Æ¡ÝyDÆ „B|— 4»ÝÎE]t´‡"„B!Dv³ÉSNåù¿Å⯊ùÛÓ/‘àqpÙy§0~X>¥eÕhª û£¨*;Jwrûý“UÀ“O?OŸ>}HÊÎ'oÌ©$¦õ &ÏsÈõô|óg«|Òáp|£9Š‡B!Äá*++C×uJJJŽöP„B!„hÃv´ð]äp8øýÝ÷RTTÄíwܦÂ)'(,øp!–e¡ª*MMM<ýòÛhž^üí©çq8mÎ¥Ùd >¤Ì*vn^IsC#]^œ˜Êk¥~^.ª£Ñè™ëðØ"ÉaKGåý4ÛÑïú,„B!„B!zŽÌ8ìA `ö«oÓlOáö§ºªMÕ0tw?XÌ]ù3¯¹‰Ûï¼»Ýа5OR*'œEÎÀ‘h6;6ÝÇ%™ÏLHç¤d¶X½ìT"õ[‚ÃèÃaGkUïP!„B!„B|÷Hpx\zÙOyðÑ0ëßó˜»`1¿¾ýÿ‘Üg8O=÷RtYrg(ŠBz¿a,Z¾†m»«°L‹³‘»Ûy`x"½íV·Ž»%8Ô´ØàÐnsHp(„B!„Bñ'K•¤¤$ùÛ?¸üª¯_mÞŽnZØt3R<:ÌÅx·Ã›ØÒÅn³coÕUÙáú†B!„B!„ßu2ãð[Ä4Mvâñx‡Ã躎®ëT–nå£]% Iïä8’­&ní¯°®Ùάí~ªÔCë€lÇ@Õ´èŒC˲+øBÑ} Ã`Ó¦M”––2tèPòòòŽöÄ1Â4MB¡š¦a·wî†_ Àåröë†A8"MãTõÀ÷ª[ÞÓ8‘• -çèÊ5KZ®Én—ÚÐB!„øö’‡ß"‹¼G/¯·ÛÇã‰y¸l Û6|Éʵi š`è ±ÕóçA ?L â1Ã]~=Û¾àPÓZÕ7´Û¿•oÞ…â»ä駟f„ ÄÇÇ3bÄÎ=÷\úõëGrr2gœq‹-:ÚCGÙܹsq»ÝœþùÚß4MÜn7n·;øŽ]»v‘‘‘Ûíæâ‹/>à¾Á`#Fàv»™8qb4@|æ™gp»Ý\vÙeí§ë:k×®å駟æÎ;ïäùçŸgÆ ‡=öîrÍ5×àv»yòÉ'öP„B!™‡ß"%›×’¶½^V°ukVR´« ›îã¼ÄfîËÓ¡4¢™F§_OÛ·ÔÙa·Å4G‘‡BqtTWW3cÆ ®ºê*–/_N0dÈ!œsÎ9äææR[[Ë¢E‹˜:u*7ÝtÁ`ðhYc>ýôSn¸áÞxã}¾}ûòÈ#ðæ›oòÖ[ou¸ïÝwßÍæÍ›q¹\¼ôÒKºAùå—_Ò§OFÍUW]Å}÷ÝÇå—_Έ#˜9s&UUUmŽ¹å–[¸á†ðûý‡~aB!„ÿc$8d4r}V€ëSšéj€NÔ?´G»*LJ6›Ì8Bˆ#­¾¾ž1cÆ0gÎœN'?þ8uuulܸ‘÷Þ{ÒÒRÊË˹þúë±,‹Gy„©S§ößñí4pà@n½õV.ºè¢˜ç¿úê+{ì±#2+õŠ+®à¼óÎàÚk¯¥¦¦¦Í>«V­âÏþ3=ôC‡=èy/^̤I“(++cĈÑÙ†×^{-v»_|‘‹/¾¸Í¿ý'žx‚Ç{Lu!„Bˆ.à°‡†Á ÿz‚‡oÿÿxüáC¾ËýÕ²ÉLKŽ Û[²Ü²Ýår3|܉L8ë"NŸ~‰½RÀÐdkàžœçj58CKËìD›ÃÚeÆ¡Bqwß}7;wî$++‹¥K—rÝu׳Ozz:=öo¿ý6‡ƒÏ>ûŒ—^zé(XMC‡åÁäŠ+®8ªãxꩧHII¡¼¼œn¸!f[(âòË/Ç0 Î8ã ®»îºNóÆo¤¹¹™iÓ¦ñÅ_pï½÷2sæLžxâ –/_ŽËåbñâÅ<ûì³=qIB!„ÿS$8ìAëÖ®á/ø ãÒüøŒ‘œ‘ïà_ýŽwÞz­KçÑu3ÐÔaPØÞÃÔ\œ;=2Ë #7ŸógÞÀØ“ÎÀîp¢é~¦Å7pkj TCo÷uÕ}³mߘqè‡BqD­[·Ž¿ÿýï<üðÃŒ;ö€ûϘ1ƒk®¹€Ûn»æææè¶P(m‚‘úrŸ|ò o¿ý6»wïîÔxššš¢ÇÔÖÖv¸ŸišhÍ:ˆ,·ž3gï¼ó%%%|ÚÚZ>ýôS^|ñEæÎË–-[Úìíά ‡ÃB¡P›m–eEý&]×),,dîܹ¼øâ‹,\¸ŠŠŠvÇØržÖukjjøïÿËœ9sؾ}û¯±5Ã0:5^Ó4Ûsëq´üì[¾ÿæ8[^ë@õ «««Y°`¯¾ú*_}õU§¯£µÌÌLfÍšÀìÙ³™7o^tÛ}÷ÝÇúõëéÕ«Ï?ÿ<Š¢ô|6Y’§ IDATlà믿àñÇoÓÈe̘1üâ¿"3aÿ¿ƒ–#Á`°Í÷­g!ú|>>øàæÎKeeåAÇ …Xµj¯¼ò ëÖ­k÷÷#„Bñm%Áa…B<ùèŸØüñ«\|Ê@Þúh ï}¾·ÓÁNLFpßý¾^Ó¹7áŸ.šO¿œ´65 Û[®Ü²=·ÿàh'dEQ9át¾åÍô4 €^f¿Hmà g9ÞÆJøƇ.ÕÚ×Å;ãÐf—‡Bq$=úè£èºÎøñãùÑ~Ô©cî¼óNÙ½{7¯¼òJôùQ£Fáv»ñûýÜqÇ$%%1eʾÿýï“““É'žHiii»çlnnæ'?ù ‰‰‰ÑcÒÒÒ8ùä“ÛÝõÉ'Ÿàv»¹êª«¨¯¯gÊ”)¤¥¥1cÆ ¦OŸÎ€¸âŠ+0ŒØú»áp˜›o¾™œœ&OžÌÌ™3¹à‚ 4h^xaLˆ7lØ0Ün7³gÏnóúƒ ÂívÓ¯_¿6Ûþûßÿâv»éÝ»wL°ùá‡RPPÀàÁƒ¹à‚ ˜9s&S§N%77—«®ºªMжbÅ Ün7?ýéOijjbêÔ©¤¦¦rá…2cÆ òóó¹ì²Ë:Õpä£>Âív“šš3&€… FÿÎßwß}mŽ=ÿüóq»ÝÜ~ûí@Ûæ([¶lÁívsË-·‘;n·›þð‡m·¹üòËIMM嬳ÎâG?úcǎ夓Nêt¸ÜÚE]Ä%—\ÀÕW_MCCkÖ¬áÁàÉ'Ÿ$;;»Sçj ›8p`»û yŸ³mÛ¶èë»Ýîh8˜™™‰Ûí¦°°€´´4²²²0 ƒ_üâ$%%1mÚ4.¸àÒÓÓ9묳¨®®n÷µž{î9’’’8î¸ãøñÌÈ‘#IOOç£>êÔõ!„BëlßEtŲ%Ÿ²dþ[œ|%e6þøÂbò†ŒaW(Èÿ{é#ΟPÀðÙ\š‘ÌŠÏ^ç£ïð“«®'99¹Ãs¾Zâ2Ñu=ú‡Ã1ßÛíöè×5ul+ÞC]]III1çòÆ'rÆ÷¯`ðöM|òÞTUìe ZÇïR,ªkâs+Ý“ÙyßReû¾À°…Ô8BˆýøÃzô5æÏŸ@BB·Ýv[§ËÊÊ¢¾¾žþóŸDgPM˜0µk×’––ÆСCñù|”””°bÅ † Âe—ýöî<,Êr}àøw6f†]D]6qß7Ô2—LÓNj–©YY™¶k{YÇ<¦mZj—4Óì×bš•\pß7TpAEQAvffùýAL  (R÷纸”÷YÞûä¹yžç~”:uêØç2™L|ûí·dddàèèHhh(ŽŽŽ$''³mÛ6¶mÛÆüùóéܹ³}LIrçÎDFF’››KûöíÑjµÄÇÇsùòe,X@bb"QQQöqëׯgïÞ½(•Jüýýñóó#55•óçϳbÅ >l¯Ô[òsnÚ´i;vÌ>Gnn.gÎœàâÅ‹Œ3¦ÔóüþûïøøøðÖ[oʼn¦’"...¡ÓéHNN&55•¹sçrðàAî¾ûnû</^`ß¾}DFFråÊÚµk‡^¯'!!ÔÔT¾ûî;Îœ9C—.]Ê|®^éÖµkWœœœÈÍÍe÷îÝtìØÑÞkÿû¦M›xçw쟱eËî»ï¾2÷€âDÛˆ#ˆg÷îÝ4lب¨¨rW¯>øàƒlÙ²…gžy†°°0bbbX¿~=Û·ogĈö×®*¾üòKbccINNæÅ_äÀ1lØ°ëV]¾Zpp0Ÿ~ú)ÞÞÞ®PܶmPüzôèÑ777/^ŒÅbáá‡ÆÁÁ777û‹Å°aÃøá‡h×®;v$))‰õë׳víZÚ¶mËž={ðôô´yï½÷˜4i-[¶¤sçΤ¥¥ñûï¿Ó»wïrÖB!„µ° †2[=DÕäåå1÷‹é„¸Ñ"Ì—¹¿n#9WÎÉ•ÐÐPûn/žOBe¸Ìc½ÛPÇÕ ³ÅÊêÝ'qñ‹àáÇž@¥R•š·°°­k¦a€§=ah±XÊ$¯þØ<™©3þ‹££#Ÿ~úi¹«  xÓ¾Íÿc禵 X¬V2¬:~ÊÔ’ìâÇdït®œ9A³­èØéÏ7‚Ž®x…¶¸u/¦BÔyyyüûßÿfêÔ©5Š¨åzõêÅš5k0`+V¬àƒ>°'4ºtéÂÖ­[í«ÿ³²²Ðjµ@q¢¬sçθ¹¹‘žžŽZ­æ×_å°Ï[âóÏ?ç…^`̘1Ì™3Ç~ÝjµÚÿR§NbcciÖ¬™½}åÊ•ôïߥRINNNNNU~ÆÕ«W—Jlpøðá2¿ä,ñõ×_3fÌ̲e•;æåìÙ³´nÝšÌÌL¶nÝJ§Nìmz½£ÑHfff©{ººº’›› ÀäÉ“í«6¡xkt¯^½¸p᯽öS¦LŠ“âááá2qâD¦L™bÿ¿^RR÷Þ{¯}kýÌ™3yî¹ç*¿B!ÄÂh4¢×ëeÅauˆùß*⶯a`§†œ8—ÊÄY¿áéJÓÁös’ÜÜÜðññÁ7 ›-Y«ãhPGÅОmèÕˆŒì>ô2í»ßO×î®dppp cÏسeþŽ8:jʬ0¼z¢Á`âbF>ÁÁÁäääðꫯYn•B¥RI»n÷ѸU¿ÿ²˜ãGânÍc¤k>ÇM\É(Þº¬ÑÈŠC!„(O^^S§NE¥R•JòT§œœ>ýôSÆ_jÕÜõ:tˆåË—ãââÂK/½¯üJOOÇÝÝñãÇ—YµuþüyæÏŸB¡`üøñ¸»»SPPÀgŸ}†Åbaìر宒ÿù矉‹‹#::šnݺÅIœ… 0räH‚‚‚J)iwvvæå—_ 55•9sæ T*™8q"Wä²ÙlÄÆÆb6›iÓ¦ uêÔÁl63uêTÌf3Ï=÷uëÖŠ]û÷ï§uëÖìß¿Ÿ¦M›òàƒÅ[®§OŸŽB¡à•W^ÁÑÑ€üѾÝø¯[g }ôP\¨¦Drr2óæÍàÑG%44´Ô¸’vNÇĉ˼n3gÎäÊ•+ö×´oß¾¬X±‚õë×ÛÿMFvïÞMxx8¾¾¾ÄÆƲsçN¢££?Ïò»÷Þ{Ký¼¾Q¯¿þz©¤!o…vqq!77—‹/V¸MøZúöíË}÷ÝǪU«€â*Ê% oÄÞ½{éׯ™™™DEE•ZÅZwÝuW©¤!o{þøã:t(_|ñ¯¿þ:®®®|üñÇÒ²eKû–ëAAA̘1ƒÞ½{ßô3 !„BÔ4IÞ„ŒŒ æ1Vþ:ìҘϖþŽÕÑ›v]î!;;›„„üýýiܸ1YYYÄÇÇ€³³3¡›c0˜òÝ¢›úÒ¥U8G7âhâf>Þò;ƒG=C@@ :Ž.=û·7Ê‚,¼ÜËlY.Y…˜”’CÑDHHV«•I“&•›4¼š‹›GŽçLÂaÖü´ˆË©—SfcÉ·`4‡RoDTÕð¦D!þNÔjõ-Û®œœœlO>ÿüó„„„Tzì’%KX¾|9:Îß²eËHOOçå—_®0Ù¹ÿ~ÚpêBj¶LqGGGŠÔŽ4hЀ-Z0cÆ š6mZég nÜœ§^›J·>Ñ8hí×þHªÕjô.upñ–3{„âvñ÷÷ÇÕµøìÙ„„„*(÷»† V8®ägGIq‰’"éééŒ9²Ü’•…%ç ^­*ÉNOOÏR<éÕ«“'OæÈ‘#åŽ)It•$ÐRRR8qâíÚµ#88˜ÈÈH.]ºdŽë%ÚŒF#{öìá믿æ™gž±'E¯¥Aƒ•ª |=4mÚ“ÉÄÖ­[?Ï7ŒŽŽ¦GöâF£‘;v P(èÓ§ÏMß 00°Zæ¹ZQQÇÇh4Ò¹sgœÙ²e Ó§O¿©y.\HXXÓ§OÇjµòÁðÝwßÝÐ<}O(•J"""€?¿'Nž< üYˆ¥*ó !„BÔ&²t¬Š.$ŸgáìO‰nìA뎘ûëv2Šô(=(((@£Ñ––Fvv6¾¾¾øûûcµZILLÄÉɉ€€¬V+§NÂÑÑ<½¼ÁË›e;Nà®:ÁðÞméÙ6œc!³§L$¬eîø/<<êuÏýìÞº=xÕq²¯>©0æê<+ºoß¾9r„õë×Ó³gÏR‰ÃúõëãääÄÎ;1lÛ¶ “ÉDûöí¯ù5­Š[qîõ|À¾}ûpuueéÒ¥,_¾œqãÆñöÛoÓ»woš7o^¥ù._¾Ì¨Q£Xµj …‚Áƒ3yòdÂÂÂn8ÆÊ~OX,û*Q__ß Çx{{ßp,B!„w YqX_~>_ç}ÄcÝÃhà[—-Nœm%8¼17F£Ñ••EHHááádff²ÿ~ÂÃÃqqqáøñãäççÓ°aCÜÝ݉';;€ Ð†8ù7å“Ÿöð˦ƒ8êܵ1ž†L{÷eŽÄ²ÇÒ¾swô^!ÄŸMC©T¢ÓéP9{NïÞ½o(ix5wz<:ö F>÷õýq ˆ”¤¡BÔ’óæ–,Y‚Íf«Ô˜ôôt{õÛ6mÚ”i¿téR…cK*—$EJþ²²²Ø°a~øaµYYYøÑ®[_âÎ^á\Ê‚Â" )uüÍjÔ¼Í:õ…üSBˆšòâ‹/¢V«Ù·o‹/®Ô˜wß}—ììl¼¼¼èÞ½{™öcÇŽU8öСâ_T•À(ùsëÖ­ètºr?Ìf3)))äääTõñJ1deea0€â­Ë<òsçÎåÂ… ôêÕ €Y³f•wu²-66µZm¯¨Û­[7”J%›6m²Ÿ±÷ו›»wï&!!vìØÁÔ©Siݺµýœ¼¢¢¢›z®ªèÔ©®®®ìß¿ŸuëÖa0ìIP(½Ó‡ >‹ÅBÏž=yâ‰'P(Ì;NÇáÇyûí·+=çˆ#8tè:uâÀÜ}÷Ý×T }O˜Ífû6ù’ï…’"8,wŒÕj­òÑB!„w"ÉU’^¯';ÏD§»ZÓížÞ¬Ü{ÇÏãåáÊËw#*HÃî-1øûùÑ´iSš4i‚Õj%))‰ÐÐP2228räÙÙÙøøøÆÙ³g¹páB¹]\ iÚžØDŸ.ÛÌåÌ¢"ƒЃ¥_Lb颹X­V”J%]îé‹Ö3ÏzÕr¾’Bˆ;K“&MìE^}õUvíÚuÍþK—.å믿`Á‚åVAž;w.&“©Ìõ 6pøðaT*wÝumÛ¶ÅÁÁ‹/–›\±ÙlÜwß}3þü*?ßÕæÌ™C:uJ%ÊJ8;;sÿý÷؉V¢$øÃ?pìØ1Ú´icÿÅœ»»;­[·&55Õžpük¢mçÎtéÒ¥LEe€E‹ÝÔsU…Z­¦gÏžX­VÞÿ}€r‡+W®dïÞ½øøø”»ýNðÊ+¯pòäI\\\˜;wn©¶† ÚŸoúôélÙ²åºó8q‚+V T*™?þu çTÅ_“Ñ%–.]JZZÎÎÎö-Õ]»v`ÆŒå®^±bÅ5W# !„BÔ’8¬‚{<̹, Wr ôïÝ H¾Ûp”Œ¬\ÚGóéóq6žçÔ±ƒ\¼xN‡——;vìÀï„¢ÑhäĉX,BCC©S§'Ož´oWþ«ú¾Ôo؆¹ëX¸ªøbÿ¨†D:gò餗پeá Ý®—A!D xï½÷ $55•.]º0mÚ4222JõIJJbôèÑ 6 ³ÙÌøñã+<1%%…#F”Ú"zäÈüq}ôQ‚ƒ‹‹aùùùñôÓOпÿRÛ‘- S¦LaóæͨÕê빞-Z°gÏÖ®][ª-;;›iÓ¦о}ûRm]»vÅÉɉ½{÷b³ÙÊ$K’m{öìA«ÕrÏ=÷”j/)²eËRSSKµíÚµ‹ÿûßöϯ.\v«”|ÝJª÷^ý<­Zµ¢N:8p³ÙLß¾}«ü‹Ã›]Zk×®eöìÙL›6­Ü¢+/½ôíÚµÃjµ2bĈëVmþᇰÙl„„„°}ûv¾ùæ› ?bbbÊ£¢{ÄÅÅñüóÏcµZí׶nÝÊK/½ÀøñãqssŠ+œ»ºº’À“O>YjEj\\Ï=÷Ü5ŸC!„¢¶Äauèr7-£ûŸœ…^¯gð÷q&OÏ·k`³ÙrOÆ÷o…&ÿz®®®tì؃ÁÀñãÇñô,>‡0))‰¤¤$ Çh4rêÔ),K™{* ‚5φLYº•ßw'P×Í™¡]’›°‘?x ÉçkàÕBq»¸ººràÀLQQ&LÀÓÓ“àà`î¾ûn¼¼¼hР}Åß!C˜:uj…óµoßžeË–Ñ Azè!ºvíJÛ¶mIJJ"00I“&•êÿÖ[oѨQ#iܸ1]ºtaØ°ax{{óæ›oðå—_tSÏM·nÝèÝ»7ÑÑÑ<ñÄtîÜ™zõê‘””„ŸŸŸ½òr ‡R[V+J–´]}L@Ïž=iР………DFF2lØ0&NœHß¾}éر#öâ?þ8;v츩缞>}úØ“ö$.Wù-y jÛ”Xµj¯¾ú*ß~ûmõüW®\±'¡{ôèÁSO=Un?•JÅüùóqppàÌ™3¼ð ל·¤øΩS§5jÔ5?þZ±¹äÙGÍ»ï¾KZZZ©ööíÛ3cÆ BBB:t(:t {÷§É+¯¼bï[§N>úè#”J%óæÍ#((ˆýë_tëÖöíÛ“——gß–-„BQ›IUå Óé¸û¾I>w–øýÛ ô#4È—˜ýG0ç¥Ñ¯SS^Úc§/²|Û.ê6ÂÏÏÏ^]Y«ÕŠÑh$!!zõêáíí——¹¹¹6Ñjµ„7kljŒtö.Þȃ]›Ð4¤>‘Á6b¾û ³³?ßx­V{›_!„·ƒ‡‡Ë–-càÀ|ýõ×8p€³gÏröìY øçÄ]wÝÅ”)Sèرã5çúì³Ïضmï¿ÿ>?þø#PœÄ¹ï¾ûøæ›oðôô,Õ¿^½zìÛ·^xï¾ûŽ­[·ÚÛ6lÈ”)S4hP©1%[Ž###ËA«ÕMݺßR*•|ÿý÷¼õÖ[,\¸Í›7Û«$+•J† Â|PîÕáÇ“B¡ sçÎ¥Ú:wîL·nÝ°ÙlŒ9²ÌXWWWV®\ÉSO=ÅŽ;Xºt)P¼=ú½÷Þã7Þ`úôé¼öÚk,]º”ÀÀ@¢¢¢puu%::Ú~öÝ_©Õj¢££qqq)·½">>> >œ¤¤¤RIÂC† áÊ•+( zöìY¦ÝÓÓ“èèè2ÕŠû÷ïO‹-8tèÓ§OgÀ€ >…BaO¶V´z1**Šôzýuã_¼x1ááá4jÔˆyóæ]sEdÓ¦Mùè£øå—_8}ú4ÇŽ£I“&øúúM“&Mì}=<<ÊÝÆ^ž’Õ«%&L˜ÀsÏ=GLL 111<üðÃ¥*)/[¶ŒÙ³g3sæL–-[€F£á‘GaÎœ98;;—šo̘1òÔSO‘œœÌO?ý@£FX²d )))œ>ž´´4ÂÃÃñ÷÷¿%gìæççÛ Œy{{lß*z+%%%qêÔ)üýý ·H8þ<‰‰‰4o޼ܳ#«*,,ŒÄÄD~øa–,YrÓóUVBB/^¤aÆö ÁÿùùùìÚµ 777š7oŽF£ÁÕÕ•ÜÜ\Î;G@@f³™¸¸8 iÙ²e¥~!{áÂŽ?NÓ¦MK%#…B!j+£Ñˆ^¯—Äau±X,l\ó+³ðrwäÜÅ4:ÊÃðpsÆ`*dáê=d[ m@jj*™™™„††¢Ñh8{ö,‹…J¿³X,œ=GCoÿêÑ …BAÒ¥+l;•ÉýƒGѸIù«<„Bܼ;!qXUMŠšUS‰Cñ§¿&…B!ÄŸ‰C9ã°š¨T*î¹o­¢ï')Ý€‹³½ºwdß¹¬ÚƒƒFÍÓ;1$ÊŸ¤£»ÈHOÃÛÛ›FqîÜ9Îœ9Cƒ  äøñ㤤¤Tú¾¡MZ’£õgòâMì>z† †u %nÝ·|1ýß^B!„B!„¢"’8¬fu=ëqÿQÔ kÃ…ŒBƒüèÕŽŸ¶Ÿfå–8øz2ñ‘îD¸9·‡ÂÂBBCCñõõ%>>ž¬¬,7nŒN§Ãl6Wú¾NÎ΄5»‹]ç-|¼4–‹—³èØ,ˆû›¹óÝçïòý· °Ùl·ðÉ…B!„B!Ä߉$o‘&ÍZ2ð±g0;ÖçJ®‰¶ÍâÊü5‡8|ò=Ú6æõ‡;Cú Ξ<†ƒƒ( âããÑjµ¨ÕU¯]S¯¾/~íX´)‘y+¶cµÙЩõ—ùä½—Ù±mË-xZ!„B!„Bñw#gÞ¬Yþ= c®Ž’S38qê,÷ˆ¤Ž«3iWrX¼îj7_¼|Š+ï={³ÙLhhè 8_TTDÒñô ­Kï¨âŠ„‡O]$þ²•‡‹¯oµ=£BüÕÆ3sss±X,¸¸¸\·Š¸õäŒÃš—ÍfÃÍÍí–ùB!„¨¤8J 8{ú;6¬ÂQYˆZ©àdÒ%r23y_;TJ%»žaݾ³ø†6ÅÑÉ ³ÙÌ©S§pssÃÇÇç†ï›•™IÖÅ“ è؈ˆ`l6ëö&‚[ Ž~‡j|J!„ø稉Cqg‘Ä¡B!„¸Iq”Ð $Œ‡ŸxžzamHË1âïE£†¡|³î0+7ÇÑ>2˜7†wñà‰ñ‡P*ûD0 IDAT•4nܽ^O||!„BQ;IâðäììÌȧ_¤ÿðç0*Ѩ•„øÕa[Ü9¦·:.ŽLÖw#'ãö`2™H>w†ÂÔÞy7>žnØl6¾ýý0ÙV-¡Q«¸’o¦sŸ!<ñÜ«h4šš~L!„â¶*,,¤_¿~¼÷Þ{×í{èÐ!š7oŽ§§'=zôÀßߟàà`bbbnèÞ<öØc¸ººÒ¡CZ¶l‰»»;74ß_½ýöÛ 8£ÑX-óýþûï 8µk×VË|B!„¢v’­Êw°°†yþÉlX÷?vnü wg-ÎZ ~Û^«áÉ:Òµe‹×ì!*¨Zt íJ1‡ShÙ4µÒJzfùV=O¾ü ŽŽŽ5üTB!D͘7o™™™×í·~ýz @~~>¾¾¾têÔ‰}ûöqúôiúôéüyó1bD¥ï›››Ktt4@§ÓÑ»woòóóÙ¾}{µ¬ùä“j›O!„BÔ^’8¬zÜÛ‡.Ýïaé7_qúè^¼ê8b02}ñz{3²_{ßuûѺէGÇÖF/¤Ñ:šö»Ôà!„5#==õë×ÃâÅ‹+5f„ äçç3dȾÿþûRקM›Æĉ:t(Z­¶RóÍ›7àííÍž={`÷îÝtèЛÍÆÅ‹«ô\&“‰m۶Ò%KÈÏϯÒøòÄÇÇï¿þʆ nz>!„BQû)›Á`@§ÓÕt,¢.^¸À g“‘œˆƒò ŠÈ5šéÕ˜SéÚ·o›^ÍÅ´L² •ôü5¶Bü-¥¤¤àããƒV«­¶-¢¢úìÚµ‹¨¨(l6[©ë={ödݺu厉¥[·nxzz’””Tj¥¾Õj¥M›6}ú”iwvv&##ƒÔÔTN:EXXXe»ï¾›œœ ø?u7{axx8 °¾uëÖj;Q!„BÔ^’8¬¥:tìÂ]Qùañ|vÇ®¥i³&ä¸bPÐØ“(ŠšQ!„¨Q¥Îþ›9s&ãÇ¿æ˜ÄÄDî½÷ÞrÛ{õêÅ;ï¼cïw=%ýºvíŠ^¯/Ó®V«Kõ­lâpÑ¢Eö¿'''Û·?ߨѣG3zôhûçݺu#66ö¦æB!„µŸTU®Å C†æÝOæréò¼¶§g¿A’4B!nÐ¥K—€â­ÀåñõõŠÏN4›Í7=ßÕª²UY!„BˆÛAVþ ¸ººòÆ{“k: !„¢Ö+IÞyxx”Û^·n]l6iiiöDbEJ‡ÍWÞ½…B!„¸SÈŠC!„B ;;“É€»»{¹}ôz=¨\¢ïòåËלïj©©©• U!„BˆÛB‡B!„*)9  Ü>………Tªz±‹‹Ë5ç»Ú_‹±!„BQÓ$q(„B¨T*ûVä+W®”Û'33ÓþwŸëÎéíí P© Å•™O!„BˆÛI‡B!„(Iô¥§§—Û^’tttÄÕÕµÒóU&qx½ó…B!„¸Ý¤8ŠB!Ä4hÀÑ£GÙ¹s' (Ó¾cÇ‚ƒƒ+=ÀÎ;Ëm·Ùlö¿?ùä“<óÌ3UŒ,‹ýï!!!öíÖ7£deå„ x÷Ýwoz>Qûôèу%K–ÔtB!„¨a’8B!„øÃ#<ªU«X»v-S¦L)Ó¾jÕ*† V©ùî¿ÿ~\]]INNæèÑ£DFF–j÷óóãôéÓ@åV%^OZZÚMÏqµœœrrrªuNQ;üôÓO 4ˆŸþ¹¦CB!D ’Ä¡B!Ä „‡‡`É’%¥„±±±üöÛo¨ÕjFUjÜöíÛY±bo¾ù¦½(Š££#Æ cÎœ9Lœ8‘+V TŸ“——Ç‘#GèÓ§³fͲÏg4ùüóÏèÞ½;íÛ·¯0æ””¢¢¢8zôh…EV~üñGñòò*ÿ_ :”]»v1yòäJ'IÅßGll,#GŽ¬ð¬O!„BüsHâP!„âZ­–?ü§Ÿ~š'žx‚£GÒ©S'öìÙÃÌ™3)**bâĉe ™ìÝ»—©S§ðüóÏÛ‡¯¾ú*Ë—/gÕªU 8G}”¬¬,,X`ßܳgOû¶f(.Î2gΠxûñàÁƒ+ŒY­þó¿sAAAV{Þ¸q#«W¯¦Y³fLš4隯ƒN§ nݺ¥âÿ 5‚B!îwdâ°hóV NÅiÆ'¨†_³¯yçnŠ6lÄr4Q·n…¦G4ªF +TXHáï±:ŒùðT¡!hôCÝ¢ùMÇŸ?þ%:Ž}xݾÖóÉmÚŒyçn¬¨†£}dè5ã·ž9‹éûÿÃrâ$¶¼x˜ü'ŸÁšú—³”Ôjÿý.ÚaC˲Ù0|üƳÊ4©†ãƒ¢Ž;ÎË£ þs\d”þþ¼õ†éŸ¡1…Sù‡‹_Í–‘aÆ,Ì[¶a9•Xég6üg:˜Í8Nzí¨Çì×5Ý£±¦¥aÞµÓ¼…¥‡ÆÿÎ/îÓ¹c©ä ºesTÉá W¯AŸ’Š²¾w¥â(Zƒéÿ~Ƽ}'¶¼¼J1-ù[^>ªæÍpúê Z-úæÍ°Y,˜æ/Äôßù¥‡V+ƹ p|ï-´=€*¢1êvmȹo Ö¤sŬGÓ«g¥â°ååcüü Š¶lżR [!„B!„BQ97¶·š™–|OÑÆØJ% ¡ø D¬V4Ý£K% KhG<ŠÒßËá8Ìûد›c· éÖµTÒÐ>nø°âsöÌf,ÇŽU*˹dL U)ih޵˩D”ånGÖ¿öjqÒíê•w6–Ãq8 RfŒC¿>(\]‹c:r´Ò±þò+Eë~¯tÒ³Ó‚…èž|Üž4´Ç>îYP*)Ú¼ˉ“öëE1ë±&Cáî†ö‘ÒÛ˜uëÚ¯•$+Ö™‰ñ«¹XŽ%HÒP!„B!„¢šÝ+¦ÿ[~ýó܇`+¨8‰h9~Ud“ò;(•¨[¶ 0ùæ»P·i€õÒ%ÔÍ›•?N¡@áæ†-/[vN¥bW5nˆëÿþ<ä¼ðkÊ=Ãïj¦~ÀaÐ(g‹’ºM+œ¿_&6eýúXNŸÁš|¡Ìkf¶‚|”Þ^•Š@ÿÖëèƵž÷øSX/¥TØßræLq»J…¦[—2튺¨[µÀ¼ïæm;ìÅmŠ¶íŠWT¢R•§¹§†iŸbÞµ§øüF溱+ë{—z틶ïÀðÁ”ëŽB!„B!„×wG$• ‚þrá: !-lv±YÌXÓ.Û¯9~<Œ&”þåO{òÖ Qhµ¨;FU"rPèõ¨"#þ ýà¡ëŽ±ž> €úªÄ§5ù¶‚T!! .›XPwÆrú ¦ÅKÑ>òðŸUˆm6Ló€Ù‚¢Ž{Å Õr(ýýÀßïÏ ×ìoK+.†¢ @áæVnUÓHÌû”*œR2®¢ŠËªÆŠŠ Ö´Ë(ý|¯¼FSêµ·ž?ý1B!„B!„¢RîˆÄaU•¬b³8Xn»ÍhIJ·x‹²írúŸãBC*œÓf2a˜2 u—N(õÕnÖËÅÉLE] Ÿ|ŽiÑwØ®d_ÓjÑÜ{Žï¿ƒ¢®G©qŽ¯¿ŠíR …«×Õ²=šè.(}êS´6kjJ?_œçuá+{jqìJ÷ò“†Š?ÚJž³Ô¸:î R psÅv%ëåôÊ%…B!„B!Ä-sGœqXUšÝ@©Ä¼ÿ …?üTºÑbÁðÞd{ÒÊzåÊu糦]&oèpŠ~߀²^=ô/?_ýA_¥$™iøpÆϾ@¡V£‰î‚ºMk W®"§ç}¥Vìàà€ãäI(<ê@a!E1ë1-úÎÞÏñ½·PE4¾¥±—¬àT¸W”´]´µþ±âðšãꔌ»\a!„B!„Bq{Ô·‘MÐŽz Ó¼oÈå5 cÖ£nß[n.E1ë±Géé‰5=…‹K…óØ L_ÍÃ8çklT‘8Ïÿ¥Oý[»Íh´1ï݇nܳè_oßžlM:GÞÈ'±$ž¦àíI8ý¥}¬åXyO>ƒíJ&êŽQhºuEáâŒåÈQLÿ÷3yÏ>ãûï”)>R­ ‹ÿT_ãŸÎg^}ne¥Æ)Ë'„B!„B!jD­L8¾ùJww ŸAÑÚŠÖÆ7¨Tèßy[ZÆ9s+,bÞ¶üWÞÀzá(•h‡ü ý¤wnée(ÞŠŒZ f3šÝпúb©veP ŽM&÷Á‡)Z³kz:JOOlF#¹ÿŠ-/ý[¯¡{jt©qÚÑ#Éíÿ/ ^¥‡š>÷Þšø=ë`ËÊ®°OIae=Ï«ÆyBjÚuÆeÿ1®nu„*„B!„B!nB­Üª €Z…îù±¸mÝ€Óœ/ÐOx §93qÛ‹î‰Qö-µe‡6ï~@î°‘X/\@Ó=×µ+qœ6å–' âêÈ^õpèÛ»Ü.êvmí+%-Ç0ïØ…-/UxX™¤!€*,ÝØ1–$Qo¥=q˜UaëmŠ«^ûÊËþcœ÷MÇ)„B!„B!nN­]qXBé냃¯O™ëÖÓgŠÛýüJ]/xÿCL Ÿøî›h‡»-q^MY¯Ö‹—Ê?¹šÂ³.¶Ü\{¢Í¼u;ª–Í+SR±¸(vK5Fû׸ŠWZ/]³¥Ü ÐÖä öi©qç“Ë×zù²};óÕã„B!ÄíÕ²eK–.]Š—Wù;w„BñÏQ+WZÏœÅ8ë+L —ß~>ó¡8z=šž=ì׋b·`š÷ G=®Ë¨‘¤!€ªqC,§Ëï`6Ûl%ÅNì[„Ó3*œ·¤2s…•‹«*¢ lyù˜–SÕÚlƼ­8É©nÛÆ~Y}W;Š¶l+w^óÆÍÅ󇇡pu­æ¨…B!DeÕ¯_Ÿ¡C‡Ò£GëwB!ÄßZ­LââŒá£O(x{E›6—i6þw>Ølhîï[ª8ŠiÁ"†CþK¯ùa9yÊ>´pùJ²Â›’Þ´Ôõ¥nÙu‹æX“/7â ¬çÎ7aZ² Ôi@q˜’ ÅêŽQ¨;vÀf07ê)ÌûöÛ“˜ÖÔ4ò_x•¢-ÛPètèž{ºÔýrú "+¼)y£K_¿QÚaCA©Ä´p1…¿¬°_·Ä'?áâ>YÍ©prÄaàòŸ[¼5ÀbÁðÉçű;êqô@©qE[·Û_{óÎÝÕ¿B!„B!„¸¾Z{Æ¡ãþMNŸþXO“÷è(nnØrsÁjEáìŒóü¯PEFØû[Ó.CQP¹3 @vËâwš3“¼O`Þ±‹ìÎ=PzzbÍζǨ6‡Áþ9@¡Àé“È{d$–'É8…³ kzzq½Ç)  ¹eq¨"#púä#ò_žHþó/cøÏ4NNö­×ÚaCÐŽ^fœþí×±&£hóV²ÛuFÙkÒ9l99(œq^ð_în·4v!„BQu{÷îeëÖ­Œ;FSÓá!„â6¹#‡º±Oc+,DY¿~…}”õ½qY…qÚ§mÚŒ55 UÃpÔwµCûÈPTýe€Ý‹ã*ƒ*0àÏ¿G4²UÖ­{ÍqêæMѽ8•¿ÿ5û)ý|qùù{ŒŸ}yï>ÌGãQ¸º n‰vÔchzt+;Æקø™,¢hõZ,'NbÍÊD†ºuKt/ŒCéç[fœvø0¬—/£jÐàºÏ­{|Ö¬,TÁ×îë0h gLË~ļo?¶¬lÔQw¡¹»;º'…¢Ì…N‡óü¯0|2óŽ˜ãŽ¢ôª‡¦[W´OŒB]NáUPàŸ¯ýU_“ò(ÃÃн8¥GÅEg„B!D奧§3mÚ4._¾ŒF£áÉ'Ÿäž{îáÑG­éЄBq(›Á`@§ÓÕt,7§‚ ¿µÆÆo6ƒúÈÿZ,ömÕ•VÛ¿fBˆ¼””|||ÐjµË9³Vˆë9r$ .döìÙ<ýtõ)"Du0›Í|ùå—:t'''¬V+6› ‹Å‚ÑhD­VóøãÓ©S§šU!„·€ÑhD¯××Î3ËUÛP7ÿ4„ª' ¡öÍ„B!þ†V­ZųÏ>Kbb".W,áàà€B¡àË/¿dìر\¸p¡¢B!Äíp‡d„B!„5éäÉ“Ìœ9›Í†‹‹ V««ÕZaNG~~>Ï?ÿ<¼ñÆèõúÛ±B!n5I !„Bñ–——ÇôéÓIMMÅÕÕõº ÿrtt$11‘áÇӽ{wÆŽ{ £B!Äíô÷Ùª,„B!„¨4›ÍÆüùóyå•W0™L¸»»ßð\J¥6lØÀàÁƒY³fM5F*„Bˆš"‰C!„B!þa¶nÝÊsÏ=lj'¨W¯Jeõ¼-Ðh4|ñÅŒ1‚'NT˼B!„¨²UY!„Bˆˆ‹/òÉ'Ÿ`³Ù¨W¯6›­JÛ’+K§Ó‘››ËøñãiÔ¨|ð®®®Õ~!„BÜZ’8B!„âo®°°3fpþüy{ÂÐb±Üòûêt:NŸ>ÍC=D÷îÝ™0aBµ­nB!Ä­'?µ…B!„øûñÇy饗0x{{£P(nëý † 6Я_?~øá‡Ûz!„BÜ8I !„Bñ7Ç /¼À‘#G D­®ÙÍFjµ«ÕʬY³8p û÷ï¯Ñx„Bq}²UY!„Bˆ¿‘¬¬,>þøcÌf3AAAX,–[rŽáÒjµäåå1nÜ86lÈÔ©Sñòòªé°„BQI !„Bñ7`µZ™3g‰‰‰Þ²Â'ÕE«ÕröìYú÷ïO·nÝxÿý÷qpp¨é°„BqÙª,„B!D-ÃË/¿ŒÁ` 88ø¶Ÿcx3´Z-›7o¦{÷î|õÕWwt²S!„ø§‘‡B!„BÔRgÎœaöìÙ¸»»Ó¨Q#¬Vk­L¼©T*ŒF#³fÍ¢uëÖ´k×®¦CB!’8B!n˜N§cÀ€²µNqÛðùçŸc0¿ã·%_‹ÙlF¥RÑ¿L&J¥lŠB!î’8B!n»»;Ë—/¯é0„ÿ0ß~û-G%$$Ä^©Øf³ÕtXUf³Ù(,,¤Y³føúú²nÝ:¢££kå³!„W’8B!„¢ؽ{7ÿ÷ÿGpp0µz•¡ÉdÂËË‹èèh6nÜÈ‘#GjÕÙŒB!Ä?$…B!„¸ƒ¥¥¥ñÅ_àææF«V­°X,µ6aXTT„F£aàÀÄÅÅñÓO?ÙW–$ %y(„BÜ9$q(„BÜùùù˜ÍfÜÜÜj:!D-QTTÄìÙ³ÉÊÊ¢I“&µ6ahµZ)**¢}ûöX­VV­Z…ÍfC©Tb±X€â­Ë’4B!î,’8B!n±o¾ù†ØØX, ­Zµbüøñ¨TªšKq[±b»ví"""ŸZ{Ž!€ÑhÄÏÏÈÈHbcc1¨Õj,‹=iXB¡PÔÚçB!þŽ¤d™Bq‹lß¾§žzŠ;vàè舓“GŽáñÇ租~ªéð„w „„Þ|óMÒÒÒhÛ¶-z½¾¦CºaF£¥RI¿~ý0¬Y³…BQa%ú¿nYB!DÍ“‡B!D5KIIaúôéäää ÓéJ­R©T(•J–/_ÎêÕ«7n-[¶¬áˆ…5-77—™3gâèèHTTT­>ÇÐl6SXXHçιpá+W®ÄÅÅWWWÌfsM‡'„Bˆ*Ä¡BQM ™1c'NœÀÙÙGGÇ ßø;88`µZ™2e >>>¼ñÆxyyÝ戅5)//›ÍÆÒ¥KIOO§Y³f(•ÊZ›0´Ùläç猧§'[·nE«ÕâááÕj-³êSi IDAT-¹åVKB!Dí$+…Bˆ*°Z­Ìž=›7ß|¥Riã_Ôj5EEEüç?ÿaôèÑ$%%Uû=„5Ãjµ²nÝ:¼½½íÅ’J®'%%±mÛ6Ο?G'ÞrrrÐh4DEEGrr2aaa7]ºd‹²lUB!î’8B!*é÷ßçÅ_äâÅ‹xyyÝò7·Z­–ôôtžzê)&L˜@AAÁ-½ŸâÖ;~ü8èt:{%û1f³™„„víÚEZZ6›íŽÙº[PP@nn.;w&77—;vF½zõªí’4B!î,²UY!„¸Ž³gÏ2kÖ,4 ÞÞÞ·½€ƒƒqqq 4ˆÞ½{óüóÏË›k!j©]»váää€^¯§¨¨È~¶ßÕ« GÅÍÍ àìì\S!c6›ÉÈÈ U«V$''³nÝ:7n\&æ›eµZQ*•wL¢T!„²âP!„¨Á``Ê”)|ùå—Ô­[·F߸+•J ¿ýö÷ß?+W®¬±X„7.%%…¼¼<²³³í«ˆqssÃÙÙùÿÙ»óø(Ë{ïãŸÙg²/ÈÂ’BvB«R7ì9.=õ¨Ý{NÏéyµµµÕóœ>ÖVÛZµZkëZíA¥* û²“Y !$!ٷٗç4c"[ÌÀïýzñ2ÌÜsß×ráýßuýÎh°Ô××GEE555X­Ö+>ÞÎÎNôz=IIIäçç£T*IIIA­¾|õòÁˆBá9$8B!ÎâÍ7ßäñÇG­V6ÕÃqS«ÕX­Vžyæî¹çªªª¦zHBˆ Ðétèõz”J%}}}ô÷÷c2™°Ûíøùùä^¾<ÂårÑÙÙIii)WdÿÃÞÞ^zzzX²d MMMœ8q‚¬¬,BCC/ûµ…Bá9$8B!F),,ä?þã?hnn&**êŒêO¡Ñhèììäk_û>ú(½½½S=$!ĈF£‘îînP*•øûû€¯¯ï˜ÑétÒÒÒBEE—%@4›Í´´´œœŒR©d÷îÝddd0þüI¿Ö) ©6B!<Œìq(„B§OŸæùçŸG¯×3gÎœ+¾áÅÒjµTVV²víZnºé&~üã_Ö%„BˆÉS]]MHHÓ¦MC­Vãt:1›Íî°P£Ñ R©P(î½].v»ÆÆF:::ˆŒŒ¼änÆ0¼akk+sçÎE¯×³sçN222ðññÁáp\ÑùPÂC!„ÂsÈ…BˆkšÝnç·¿ý-ÝÝÝDFFâr¹¼"0m¤Jçã?æïÿ;ÅÅÅS=$!Ä8´´´ðÉ'Ÿ””D^^*• «ÕŠÕjE­V£ÕjÑjµh4, v»›Íæ®44™LÔÖÖâççÇŒ3ÆT'ND[[†E‹±ÿ~bccYµj‡ãŠ,‹1Ò$Fš£!„žC‚C!„׬?ü‚‚¢¢¢ˆŠŠÂétzí «B¡ %%eJš'!.žËåâÈ‘#„„„ ×ëILLÄn·£V«Q*•(•JÔjµ»êp¤zô\588ÈÐÐÚ“udÃÌÌLòó󩬬äæ›o¾âá—Ë…R);) !„žD‚C!„לªª*Þxã f̘A\\œ×,K>‡ÃÁôéÓY¹r%555Sr³/„¸t!!!Øív ˜>}:óçÏÇl6388ˆ¯¯/ƒN‡F£Ál6c³Ù°Z­îÑårÑÛÛËÀÀAAAŸóZf³™¦¦&°ÙlìÝ»—믿•Jåsˆ,UB!<‡‡B!®<ÿüóhµZâãã½:0t¹\hµZn¾ùfêëëyï½÷ !$$dª‡&„8ó…býýý8NšššèììdîܹDDD`³Ù0èt:|||ðõõÀb±0888f.s8tuuÑ××GPPûXž7êëëñ÷÷'::šÂÂBrssY¼xñ”U~‘·V} !„W+ …B\õ\.¯¾úª{ãÿ‘Ǽ•Ëå"55¶mÛ†Ñht¿©Ô»éõzôz=ƒƒƒTWW»+ýýýq¹\î&)#K˜õz=‡cÌ2fÞ¿µ³³Ó½„¹££ƒþþ~RSSÙ³g*•Š»ï¾ÛcÃJ¥Ò«çg!„âj#Á¡Bˆ«ÚÎ;Ùµk111Ì›7ïŠwL‡ƒ3f™™ÉŽ;èééA¥R¡T*q8î&)BÏu¡ŸQ‡ÃJ¥ÂÏÏ€¾¾>JKK "11ÑÝUY¥R¹ƒÃ‘Çf³»Ýî>ŸÉd¢¦¦†Å‹ÓÛÛKYYëׯ÷¸À@„B$» !„¸*555ñä“OR[[KRRz½~ª‡tÑœN'†µk×¢P(øàƒ0›ÍÝAUá™æÏŸB¡ ¯¯ÏýX`` ¾¾¾tttŸŸOuuµ{C‹Å€J¥B§Ó¡×ëQ©Tc‚·S§N‘™™ÉXµj·ß~»Gsž<6!„âZ$‡B!®*f³™_|€ääd¯ÞÇÐétb·ÛÉÊÊ¢¿¿Ÿ7º÷8ó´J!!Ä¥S*•,X°‹ÅBUU‡??? ÁÁÁØívioo'::šÙ³gÓÑÑN§ÃÏϵZMPP‹“ÉDkk+YYYóõ¯—Ëåñs‡B¡¥ÊB!„‘àP!ÄUãÝwßåäÉ“ÌŸ?¥Réµ!€Õj%22’˜˜vïÞËåÂßßÿ¼Ë åf[Ïw®Šº’’222 C§Ó‘ššJoo/µµµh4ôz=jµšàà`,‹{ÿÃøøx÷žˆ.— ???t:jµ‡ÃÁÉ“'yðÁÝ[x©:B!<‡,UBáõJJJøùÏŽR©dáÂ…¨ÕÞû¹˜ÍfC¥RqÓM7ÑÕÕÅ®]»ðõõÅ`0LõЄ“à\u©©©´¶¶²gÏzzz "33“ÐÐPúúú°Ùlèt:‚ƒƒ±Ùl”••QPP€ÉdB©Tb4Àh4âïïO¿×mÕ ‚!„žÃ{fflB\ó*++yÿý÷™3gYYY^½,Ùáp`µZY²d uuu|üñÇL›6Í]54^R©#„wR©T¤¤¤`µZ©¨¨Àb±’’‚ŸŸQQQDFFrüøqzzz D¡Pàëë 7PÙ¿?aaa$%%¡T*ikkcáÂ…Oñ;£ÑHee%§N5¡V«Y´(…ÀÀÀ³«TJ]ƒBáI$8BᕶlÙÂÛo¿Í‚  ôÚ —ËÅÐб±±èõzvîÜIHH3gÎœð²B—Ëåµß!®ç ÆÚÛÛ9~ü8 .D§ÓQ^^ŽB¡`Ñ¢E æÏŸÍf£ªª ‹ÅB@@€{lkkÃf³‘™™‰Ùl¦¹¹™˜˜˜+õÖÎàp88|ø0ÍM'øú*î_eçýNþ篇É^²ìœ¯“@„BÏ!Á¡B¯³sçNÞyçiiiq7 ˜;w®WÝp áççG^^»wïF«Õ2kÖ,ìv»×ìE&„˜˜‘¥Êçš«|}}9~ü¸{ë€ÒÒRôz=ÉÉÉhµZ-ZÄÀÀ555¨T*|||P(„„„000à¾0e‡'OžäPY _Zª!ÿÿñÕ¨q}šƒß}tî9Λæp!„âZ Á¡B¯âp8زe ˜L&w³ÚÚZ‰%""£+ï¬V+f³™¥K—RRR®]»ˆŠŠÂáp\òRk¹é³çgt¤’°²²­VKff&&“‰‚‚IJJÂßߟÌÌLÚÚÚhhhÀÇÇ­V{ƹ®ôö ÝÝÝ8°Ÿ¨P ~cfÁì1ÏÿçKì¯Àn·Ÿ±íȼíÉó·Bq­‘àP!„WÙ²e jµ­V‹ÍfÃétºo2­V+UUU466GPPÐv,‡ÃAoo/IIIôöö²mÛ6¢££ Æn·Oõð„SL§Óa4ñññ>_‚|èÐ!|}}ÉÉÉ¡§§‡}ûöF||<3gÎdæÌ™ÔÕÕÑÑÑáãÎWÕx9˜Ífúúú0èõzüüüÀÏÏoL€ØÝÝMYY'OžÄl>_}Ëå388H__¹¹¹tttpôèQ’““=®Rqeœ+Û¿?}ô½½½¤¥¥ÇÀÀF£ƒƒƒq8b2™¸îºëP«ÕìÚµ‹¦¦&T*~~~c®u9ƒÃ¦¦&Þ~ûMüG¨|mˆ§ìBuŽ»‹×7ì0¸!Î ^‰°S!„ã'eB!¼ŠJ¥B­V£P(°X,¨T* J¥­V‹ËåÂjµât:q8¸\.Z[[éèè`Ö¬Y„††^‘qZ­V:::ÈÌÌäøñãìܹ“””÷žŒ—ƒÜl áùFcK–,Án·søða\.ííílܸ‘¹sç²xñb233imm¥±±ƒÁ€N§C­VŒÑh¤  €ˆˆV¬XA]]»wï>£‹òå˜úûûÙºu+Jûi>xÂDÎÓy7ZàÉ?çÿ3¾óKÕ¡Bá9$8BáU”J¥{y¯ÃápWªÕjÔj5ƒ­V‹ÝnÇb±`³Ùp¹\Øívêëëiii!**ʽwØds:´µµÁ¼yóØ·o‹-böìÙWdÉ´Üp á=|||¸é¦›HKKcçÎ466Ɉ'33“ììlêëëiooÇßß߽ϫV«¥««‹ÖÖVæÎKLL §OŸsÉœçl6{ö졦òO|UÉckzÆõºçþ7eÂÂèáß+ç—|"„Bx …Bx­žž¦M›†ÃáÀn·£ÕjÝEU*•»êpt`g±X¨««ÃÏÏððpw‚ÉÐÙÙ‰B¡ ##ƒ}ûö1{öl–.]ŠÓé”æ'BàìáþôéÓ¹çž{¨­­e÷îÝôôôàr¹¨®®¦¶¶–äädRRR˜3g555ôôô„B¡À`0`0hnn¦±±‘3f¸Ï{®ý/Æ‘#Gرý3¾¼BçéÃG?¾×uôÂï>€â—?ìBŸoHp(„Bx …Bx­íÛ·£T*¹îºë˜>}:v»¾¾> jµ___t:v»£Ñ8&¼¤¶¶–ÀÀ@ÂÂÂ.©IÉàà dggS\\LEEË—/Çn·{Dc!„ç8_˜GLL ¥¥¥äççc±X°Û픕•QUUEzz:‰‰‰Øívªªª°X,¸?ikk#))É}ÎK áZ[[ùèÈ 5rà7ƒÄδNèõ?^ ãØ%bd¬R9-„Bx …Bxµ††þò—¿pÝuב€¯¯/½½½¨Õj|||Ðëõh4´Z-CCC8÷òe—ËEoo/ýýý:¡V›ÍFCCóçÏ`ïÞ½äåå¡T*§$0”*!<ß…æ¥RIff&IIIìß¿Ÿòòr\.f³™pøða²²²HIIappšš€1MQF»ØyÁh4òñÇÓzªšç¿aåÖÅ>G] |¸*_û¸ä‚B!„÷àP!„W9ÛM·Ëå"&&†úúz\. ,@­Vc6›±Z­h4 î}m6V«—Ë…Ó餫«‹ÞÞ^BCCñ÷÷?ïœN'MMMèõz)..fñâÅîJ §Óy¹Þ¾âa0¸á†ÜûžMoo/Ó§OG£ÑœqŽŽzzzÈÈÈ`ÿþýèt:n»í¶ËÚ-y¼ …,ñÂÃMôg444”»îº‹úúzvíÚEWW0¼§ê'Ÿ|BTTÙÙÙ,^¼˜¦¦&z{{áT&z­ššÞï]rÂá?ô2-àâ¼Âj8ZïüäÌçÎ5*™¿„BÏ#Á¡Bˆ«†J¥ÂÇdzÙLcc#§OŸ&::šððpl6ðyWfFƒF£qW%Ž4Rq¹\X­Vš››1 ¡R© ¡¡””†††(--åK_ú’ûuB1 …⢖GGG3gÎÊËËÙ¿¿»£ü©S§8uêóæÍ#++ Nç¾Îx¯544Äë¯ÿ ‡±‰ÿý?ýdÆ™&<¾/ú·ßÁã÷sÖjÅsuUyL*…BÏ!Á¡Bˆ«Ž^¯G¯×344Duu5$$$ T*Ý7ÒjµN‡^?Ütd‰ñè›Y“É„Ùl¦¿¿Ÿ   fÏžMQQkÖ¬Á`0xd`(û áٔʋ\÷ûצ¥¥±`Áòóó)++s‡lÇçĉÜpà c^s¡®½½ßýöWüäŸÌüËÝ=¶Ñþ~jš†÷7¼oՙϻ8u¡ÌcB!„ç¸øÿsB!<Ì´iÓèëësß(ûúúâççÇàà ¥¥¥:tÈ]ah4éï àççç^Î<¢­­ÈÈH aýúõçlB0Õ.fi¢ÂûèõzV®\ÉW¿úUbccÝÞ2a<óÅbáw¿ý5¿~lhÒBC‡sxoÃß}w88|o×™ÇT58Ý•‘B!„ðlRq(„âªÁÌ™3©®®¦¯¯ÀÀ@p¹\tttÐ××ÇŒ3ˆÇápÐÑÑA`` jµ½^Á`Àb±`2™hii!>>žÚÚZxà)ë–<^R¥#„ç»Ø¥Êg̺uëhhh`çÎtvvžqîó]ë½wßä§÷¹cIߤŒàO› %Ö_'Û࿆)0#xøù–.èRŸ5Ô”>„BÏ#‡B!¼Ê¹n,›šš€á¥|‰‰‰,Z´£ÑÈàà ûuAAAèt:šššØ»w/MMM¨ÕjV«›Í†Ãáp/cö÷÷§¥¥…»ï¾ûŒn¥Bq1&;«©©A£Ñðàƒrã7º·_€ó/‹àpy1w-í™´±-ðßoÁÓÿþ?×ü(xìWŸó§-zÂ#çžõõ#!§|"„Bx …B\L&;vì µµ^Ê—––Ftt4ýýýîF*•ÊÝ𤦦†ƒÒÞÞŽÕjÅl6c±X°Ûí˜L&bbbÐëõøøøLå[›©Ø³)•ÊI Æš››9uêÛ·o'..Ž Œyþ\{~öÙgtt0ív¸íÇÕ‚]ý—6–§ß€»WÀܙÿW)áÏ?„-EðæV(¯Sñ‡OôDDD\Ú…„BqÅÈRe!„W…øøxæÍ›GUU555,\¸iÓ¦BHHMMM´´´àçç‡Z­F«Õ¢Õj1:t’““1 (•JÚÛÛñõõ%##cÒƨÑh Â××½^ÏÀÀÝÝÝôôô`·Û'í:BˆkG`` ÷Þ{/‡ƒ·ß~›œœàó=ÏRöôôðÑëЩLüýüß·á_ y‹`]ܱ f‡› àÓÈaìãó£ào>J•†ÔôÔ ~À!]•…BÏ!Á¡B¯r¾ζ¶6BCC‰çÈ‘#TVV’’’B`` ³fÍ"**ŠcÇŽÑÛÛK`` …Â]M800ÀþýûÉÊÊrïØÜÜL^^ÞEßÄÎœ9“øø¢¢£ ðóÃG7¼ÜÙbwÐg±¬×¢Q ÿšÌtõôPUQN~~>'OžœðõdyŸžo²«‚}||ðóóãøñãìß¿ß^HGGs¦›H˜ ץ³ßî„ü÷°a|ÿ÷Ã{Þ¾î\‰sÎ}®’cðȳ°õ— ?Ë®?\ØX”†¿¿ÿ÷Š•àP!„ð !„¸*( zzz°Ùl455‹ŸŸåååØív-Z„ŸŸñññX­V*++±ÙlàïïÙl¦µµ•ÀÀ@T*Õy÷;___‰žOh`{[{ùùñjÚi1Zi1Yé¶ W*€éz ‘>Z¢|µÄøé¹+%›ŸÞ|3§ÚOS°o/[¶l¡¯oò!¦Öd6G0›ÍL›6cÇŽõZç á\.ðùXâgAü½ð÷BÏl*„¼4¼oáì°áJÄëÓaÁl°Ø ñ4üáïpà(¼ü}H˜=öü%Çu<ôŒ®AË–§¢×륺Z!„ð2 !„¸ªŒTž†QQQ,¿~'6þûX'=yœ£õœÇ»€Óf§Í6ʺ‡x¾ª•Y¾Z¾=‡oXÊU7ðÜ/Ÿ¡ººú‚×—ŠC!®=#û·FDDÆó;/ûÃËá‘_Âßž_=l-†_½‡jA§Yapc&¼ö_à£ûüµÝƒJþõ¹v–ÚHII%1, §ÓéÑ]é…Bqv !„¸ª8N”J%~~~TUU¡ÑhHKKÃjµR\\ŒÁ` 99™€€233imm¥±±qLÓ‚‰Ül+ RÓÒHMMãÿnæ§å§p\Bˆ×4dåGšy®ª•_gÎáÉŸýœ7ßø ~øáÇ!ÍQ„ðl—ãg´³³•JuFpx¾êF…BÁ…ï)þï ÃAáu©ç?Þ傧þ:_ÿÕLlÜ\n¹%—Ë5¡*C—Ë%K•…B"Á¡Bˆ«‚Ëå"!!ªª*ŒF#AAAÀpã—ËEyy9>>>dgg300@~~>ÁÁÁ$%%Nxx8ÇŽC§û¼lf¼7ø .$6)™ÕÛªØÖ:yËŠ-'ß(¨gG[?þ§¦¿¿Ÿ­[·ž÷5Ru(„g›ì®Ê0ü‰¯¯ïYÏ{)×ÚTøyhx!Ÿðç”è|CXsK&Z­‡Ã!U†B!„—“àP!„W9W˜÷þûï³xñb’““1›ÍTUUa·Û @¡P„Ó餴´”€€òòòèèè`Ïž=ÿhbÏüùó'|“­ÑhHNIå+ûê&54ío ]Ì0hxê«ÿÂŽ;Îy#.¡¡žoôæt:±Ùlc>°¸˜ó©ÕjÇ<>ÒUù|¯s] °oS|ÿžóSß®ã_ž ¢æ”‚ÜÜ¥„††^r`(s™Bá9&¾ë»B1…FßPÆÇÇ£Ñ —ÂôööòÙgŸñÑGÑÛÛKZZóæÍc``£Ñ Wúár¹(,,d``€ë®»víÚE]]Ý„—È…††¢P*ØØÔ=yoò,Þ?ÙE¿‘‘‘ç=N–* á=6mÚÄ /¼ÀÆéî¾ø9Än·£×ëÏúÜùB8çž/N¶ wY^»äìÏ›m ¾õbYß0  NáÎ;ï",,lBã>×X%8B!<‡‡B!¼Êè`,55•‡~˜… ºkoogãÆ|öÙgdffNoo/‹•JEpp0&“‰ÂÂB×_=J¥’¡¡!÷¹ÆsóˆÃvçå½Ñ5;œ¸\.æÎ{Þã&»c«brîÖ>cÆ fΜɱcÇøÓŸþĦM›èïïŸÐù\.V««ÕzÆϾR©¼èý7@ú<=ó¹W·†ýό⾯ü3 ,¸¨k!„ÂóÉRe!„^Í××—Õ«W“––ÆÎ;9uê0ÜU¹¡¡øøx233ÉÎΦ¾¾žöövüýýQ«ÕhµZ´Z-½½½´··3kÖ, 0þF#f³­RÁMAlié½lïsÝìœ(d¿“Ñ8 IDAT0!¼ÜèpÿÞ{諒½¢¢"ŠŠŠ8zô(UUU¤¤¤““3®nïCCCX,t:ݘàðBó×ð8Î}̦B¸5gìcEµ<òk_†l~ܾîz&uÑ1ˇB!„çàP!ÄUaÆŒ¬_¿žcÇŽ±{÷núúúp¹\TWWS[[Krr2)))Ì™3‡cÇŽÑÓÓCPP …½^^¯§©© ‡ÃAhèYJlÎÁf³aq8y%7–[·WQÑcœô÷¶4ÌŸg³æb²Ù/xƒ>JÈ’e!<ÓèŸÍÙ³gsûí·“––FZZÅÅÅRVVFEE™™™dees2€Z­æwÞᡇÂjµºw¹\lÄr®Bi‹ v”Âÿy`ø÷]¾ñûv—™¸á†ë™;wîem|"]•…BÏ!Á¡Bˆ«Êüù󉥤¤„ƒbµZ±Û픕•QUUEZZIII8*++±X, Óé°ÛíÀðM÷x«^ÌvÛZû8xËB¾Sx’WŸž”÷¢þsa$O§Íæ÷5­Ü7;ø¯‘¥ÊBx>ú»ÝNVVéé餧§“––FQQ………PVVFvv6éééî=]GKKKcÛ¶m<óÌ3˜L&RRRÆ<®î|.ì­€_HŸ§àé¿Íæ7ï ž±€ÇËpÏ““Mæ.!„ÂóHp(„⪣R©X¼x1 .dß¾}>|—Ë…Ùl&??Ÿ#GŽ••EJJ CCCTWWÕ;C¡Pð/ûkÙw:Œ²£¹cvªíà“S=˜¯œñU+¹mVΟAZ¨/ë÷ãº.ÊM·žot`~~>§NâСCdff²téRwõáH€XTTÄÞ½{)..&''‡””T*•û|ÜyçÔ××SRR2¡±œ«9ʦHŽ3ÿp ÁÓÂxäÑûÑëõ8Î+²]‚ÌeB!„çàP!„W™È\nºé&÷þ‡ °cÇÊËËÉÎÎ&##ƒ®®.ªªªÜÕ‡¹–òǽvü4Ń|?)‚×–Æ¢PÀÆÆ64vq¬ÏL³ÑJul¥Ž˜®×0ËWK¬¿ž;f‡pÛ¬`,ºyø@µæq¿g›n!<Ùèyåæ›o¦¡¡W_}•²²2ÊÊÊÈÌÌdÕªUîð0==ÂÂBŠ‹‹Ù±c………,]º”… Ž9Wtt4ÑÑÑg\ë|óŦÆÎI'Nðæj] ÷Üs‘‘‘8ŽËVe8šl± „Bx …B\õ¦OŸÎ=÷ÜC]]»ví¢§§€®®.>ýôS"##ÉÎÎfÙ²eŸïQ8î›ØQ7æ=FÜW‹N¥ä–È ÖGOã•ÜB´ÃK '§†¬tšmÌ0hˆòÕ¢ûG—ÕÓ&››{¹g÷q¶¶ôb›`§æ‘½ %8Âs}qßÁ9sæ0gÎ*++yùå—ÝbVV·Ür‹{ùrzzº»qË–-——G||ü9¯¥P(ιT9((ˆýU,IèÀdSóÃ7bywK77ß²šŒŒŒ+Va(„BÏ%Á¡BˆkFll,ÑÑÑ”••qàÀ, ÍÍÍlØ°¸¸8–,Y2áóª•gŒ‡“»ù ±ƒJI„–-‘>ZB´j:-6šVZŒVZLÃMVÎG¥”PPˆ«Iqq1•••¤¤¤œœLbb"………¼ôÒK:tÈ ®[·î¬K˜ÿþ÷¿sðàAòòòˆ‰‰9ãüçûð#11‘'ÿt³c6ýZÞßÞOò¢h~ø£¯£V«§40”æ(B!„çàP!„W¹Ô¥lJ¥’ŒŒ 9pàåååî›ÔÚÚZ/^ì>v¼!FM¸AK«ÉzÎcL'ufê&¸ìxDVMˆAwÞ÷¯P(¤âÐËÄÆÆ’ÍŒ3¦z(â ý3ÜÕÕÅéÓ§Ùºu+ùùùäåå‘••EFF{öì¡°°ÜÜ\÷æûî»Ï]8Ò…¹´´” 6ÉŠ+ˆˆˆ×8–.]ÊéÓ§ykG9111|ëÛË ½¬Ý’/ddî’àP!„ð !„¸& V­ZEjj*»ví¢¾¾øüÆu$„‹ÓÅ7fðxYÓeï—fcw¹ÎÛÀE–*{ŸŸüä'üä'?™êaˆ+hôÏè]wÝENNEEE”••±iÓ&òóóY¾|9+W®Äb±°}ûvŠŠŠX²d‰»‰ÊC=ä´”²²2wâH€8þ|üqŒF£WV „²TY!„ð !„¸¦…‡‡ó‹_ü‚·ß~›}ûö±|ùràóe¿ã¡P(ø ±›‚ÎA^_Çñ/§ñ÷¦þ·¡‹Íͽ˜.Ðôä‹‚µjÖDñ𼤅øòO{Žó·†.ÖÝ•vÞ×Þˆ ÄÏÏoª‡!&Éè®Ê›7o¦»»ÛŽˆéééRTTıcÇxçwˆ‰‰aÙ²e¬_¿ž'NðÑG¹¨dff’••Å¿ýÛ¿ñÎ;ïÈ „BˆI#Á¡B¯r©ÍQ¾È`0ššÊ¾}ûؼyóE]Gùc[ŒVnþ¬’usB¸sv(¯/‹C­€Í-}ê¢ÙhåÔ•SF §M6ü5*BtjBuBujæúéXDn˜?Ý›š{ùêþZ-“úž…whmmåÉ'Ÿ¤¡¡ØØXžxâ ¦OŸ>Õ×hôܲråJvïÞMAA¹¹¹dee ŽT ÖÕÕqâÄ Xºt)<ð¼÷Þ{cªG7xRzº‘k´Z­×ŒY!„¸Hp(„⚧Õjþ£¸â®AœqïìMA8;«ÕÊ/~ñ Ñh4èt:y衇ÈÉÉá¿þë¿Ðh4S=Lq‘”J¥ûk•JÅõ×_ÙlfÛ¶mî.Ê™™™cÄÑK˜«««©©©aáÂ…ää䜜ÌÁƒyë­·(++#44”°°0\.—×Ì6›ððpV®\Iyy9k×®ê! !„â$8BqM³Ùl N¨‹ò)Ïñ2«ÓŦæ^65÷ŽyÜ_£"L¯aÀæ ÇjÇ6΄P¡¸p˜ém{š‰±þú׿òþûïãt:ÑétcözS(ìß¿Ÿ;3»îº‹x` G*&CCC $%%që­·Ò××ÇÇLqq1ÙÙÙî%È#”Gš qøða*++IIIaÉ’%dee±k×.Ž=Ê]wÝ…B¡Rz"«ÕŠ^¯gõêÕ455áççÇ‹/¾èñãB!®% !„¸æ½òÊ+èt:bbbÜMdC?íðRã.Ëø:Ø Ø£ŸZE¨A'M®Rååå<ûì³ ¡Ñhp:gý³V(Øl6Þxã >ùä¾÷½ï‘““3#kt¸_TTÄÉ“'),,$!!eË–qçwÒÖÖÆûï¿Oii©{ rff¦{ùòè ÄÒÒR***ÈÌÌ$//ÜÜ\4 ]]]€gîyêp8°X,ddd€Éd⩧ž"0ð  „BqeIp(„«Lö‡ …ƒÁ€N§sƒ=Þ D…BÍéâÁØéüª²uRÇ6Úªð@œ€N§;ç1ÞØEõZ×ÛÛËÏ~ö3ÜÇ+•Jº»»ùÑ~DLL ?ÿùωˆˆ¸#—jô¼rë­·ÒÐÐ0f rrr2¹¹¹Üwß}ÔÕÕñÆoŒÙÃp$@üâæƒRQQÁªU«ˆw_ËÓæƒ"##ÉÊÊ¢¶¶–{ÄÄÄ©–B!ÎA‚C!„×<«ÕŠZ}qÿ$º\.,vO¥Ï¦Ýlã­“<:ˆöÓñëÅs1ÛgìÃ8ÚH áiA8“Óéä7¿ù À`0àëë{QÕ¤ …‚'Nð•¯|…œœžxâ ôzýe±˜,£÷!]·nF£qLXQQÁ‘#GHOO';;›ûï¿Ÿòòr^yåÊÊÊÆtQYÂ<ÒDe÷îÝlÞ¼™ùóçO¨júJèëëC¯×³nÝ:ª««‰‰‰á»ßýîTK!„ Á¡B¯µgÏIMM½èj+…BÕjÅétž¸7€³9üŸòSüqi,k¢‚ùFþ ú'¸ù\îÊ˹1ìÀ?È0)çSkóæͼñƨÕjüüüÎúwo¢\.{÷îåÖ[oåÎ;ïäë_ÿú$V\Neee¬_¿Þ½9==ÂÂBŠ‹‹)..¦¼¼ÜÝiyÑ¢E8p€—_~Ù fee‘í®>œ3g¯¼ò ƒƒƒó‚Ùlf``€œœL&‡ƒ_ÿú×ç­žB!„çàP!„W]AÓÖÖFcc#•••DGG³|ùr¦OŸ>ásN›6íŒ%}¹éV(üº²•í­}¼•7ŠÛñZm4vs¸Ç8áñ(°dº?ÌŸÁW¢§ñ£ÒFž=ÚBû]i~­tUöX'Nœà¿øCCCøøøàr¹&uÏJ…BÉdâÏþ3Ÿ~ú)ßùÎw¸ñÆ'íübrŒžÃ>þøcúûûÏG*‹ŠŠ8pà%%%,Y²„ììl²³³Ù¹s'%%%:tÈ]¸bÅ ÒÒÒؼy3N§sÊ« ].mmmDGG“Mww7ßýîw‰ŒŒœÒq !„bb$8Báµ{ì1JJJ(**¢¾¾žúúzâããY¶lÁÁÁã:G?0±f(_4òªŠ#YŸæñ3¸sN(?Mʼn35vs´ÏDÓ…¦!+§†¬ Ú(¬UªSªÓ0×OÇš¨ ÖD U±§­ŸÜOPÜ58®qŒ†z“ÉÄÓO?M}}=½,y¼ §OŸæ‡?ü!¯½öO=õ±±±—ízbbF‡û‘‘‘üùÏSA8~qÃÝ»wSTTÄÒ¥KYµj&“‰íÛ·SRR2fÄn¸ø|N›Š†Jíííèt:n»í6ª««ÉÍÍeÙ²eW|B!„¸t !„ðZ>ø ™™™cªsjjj8vì .$77ÿ󞣫«‹ææf"##/:p7šN~UÙʯ*[ 7h¹cv0·F…p묢|´ø¨• Ùø¨”î°Ò ´­liîåÑü:¶¶ôM¸ó²ð<¯½ö;vì €   +ê* Ž;ÆúõëÉÍÍå駟ÆÏÏïŠ]_œ]`` ÇðÏvxx8wß}7µµµ¼òÊ+c*o¾ùfwå‘9®°°­[·RPPÀ²eËøÒ—¾DOOÛ·o§´´”²²2÷øñ6xšLýýýôöö²|ùrš››ñ÷÷ç7¿ù J¥òŠŽC!„“G‚C!„^kóæÍ\wÝug­Î9|ø0G%--ììl|||ÎzŽ¨¨(þð‡?°xñb:::.jçº9o5Yy±¦kÚÝkÕDùj Ók°9è¶Øé¶ÚéµÚqŽ#SºPðä‰]T¯Eùùù¼úê«hµZBCCq:SRù`·ÛÙµk7ÜpwÝuÿþïÿ.AÎZ¸p!*•jÌcqqqÄÅÅQVVÆK/½Dvv¶»‚ð¶Ûnsˆ£ç¸O?ý”‚‚òòò¸ûî»9uê»wïF«ÕrÓM7]Ñæ(6›'N°`Áâââ°Z­üìg?#00ðŠ\_!„— øéã?~ÑÝ$…Bˆ+iß¾}˜L&`x°ÎÎNl6©©©dgg3sæLÂÃÃñõõ¥»»›ºº:ÊÊÊ°Ûí̘1ãŒï"## çÀ¸\.,XÀàà :Ž àr¹ÜûÑ|=òK¥R‘¼ ßV·ar\82;œœ6Û¨´Ðl´Òmµcr8¹PÔgP)ùyúl>ùøc:::ÆŒad\†ˆˆ–-[†Á T¦B{{;?þ8EEE¢R©ÆüYgýz"¿¾øºñžÇjµRVVƆ  $!!aj¾I‚ˆˆòóóq8h4÷ãááá$&&räÈvîÜÉéÓ§ikk#((ˆo¼‘èèhÂÃɈˆÀårQWWGuu5'Nœ`Ö¬Yäåå¡Ñhf``€¹sçÒßßOllìÎ6Ÿï×èãG][[‹B¡`ùòåôööòÀpçwJwo!„ÂËÙívž~úi …Bx—ýû÷c47ñññaãÆœ>>$%%æ®LB«Õ^084›ÍÌ_°€ºA+‡º‡.Ûû¾!"Š™ÎŸ^{ ‹Å"Á¡‡±Ùl<óÌ3¼÷Þ{øûû£Óé.úþúJ‡#Çö÷÷³mÛ6¶nÝJrr2aaaSð»¶EFF²víZZ[[©©©A§Ó¹«@ ³gÏfÞ¼y’ŸŸï§M›ÆêÕ«™5kÌœ9§ÓImm-•••´´´°hÑ"üýýéîÁass3---¬ZµŠÁÁA²²²øÎw¾sQ ª„Báy$8Bá•F‡ƒ¤¤$ìv;7näÔ©S´··£T*ÉÎÎ&%%Å jµZÚÛÛ9~ü8‡F­V6fÉæèåÌã N'v«•û3°¿cÆ!ˤ¿ç`­šw—ÅP²g'öï?ç ½F£!22’¥K—Jpxmذ矗ËE@@pî oôsç;îr‡#_wttðþûïSZZÊŠ+¤Bì S(ddd°jÕ*ÊÊÊhmm3©T*bcc™={6{÷´”öövÚÚÚ˜9s&·Þz+„‡‡†ÍfãøñãÔÔÔ••EOOsæÌ™ôàp``€£G’˜˜H`` þþþüèG?"11q ¿›B!„˜l !„ðJ£ƒÃcÇŽÑÚÚÊìÙ³III¡»»›?þ˜¶¶6ÚÚÚÐjµ,]º”¤¤$÷ ¶Z­¦¥¥…cÇŽQYY‰^¯gúôégì6Þàp$€ÑkÔü g!*¥‚½í\z<^¹aþì¸!gO/üæyÌfó9oèÕj5QQQäææžsOG1y*++yâ‰'hii!$$ÄÝ-w¼ÁÝ诧"8p8Ô××ó—¿ü…ÀÀ@-Zt¥¿×ûŒõë×_ô˜Ìf3{÷îa×®LŸ>ØØX~7РYhþÑ¥Çd¡ÃlÅO­&H¯ÁG3üϱÝáàXÝ ïØÏ[¥¥477ãp8Æ}m…Bá^.+&×öíÛÙ°aÓ¦M#**ʼx#…BArr2Ë–-ã“O>áرc|ÿûߟêa‰Q”J%=ö÷Ýw¿úÕ¯8uê!!!cŽIHH !!’’Þ}÷]÷ü6²¿©B¡¸è¹Àb±°oß>bbbHMMÅf³ñÓŸþ”   K~oB!„ð. !„ðZ­­­î0--ôôtŠŠŠ())á“O>!??ŸåË—³fÍÙ¶mÅÅÅdggSVVFVV÷ß?iii¤¥¥ñöÛoSXX8©ã;uêÎ;±ÛíhµZ|||ðóóÃ`0`6›bppz{{±X,Øíö †#$0œ|<÷Üsøøø0gÎœN§×†.—‹°°0n¿ývöíÛÇ«¯¾ŠÙl>cOá9yòÉ'©ªªâå—_Æl6ãïï?昌Œ ÒÒÒØ»w/o¾ù&ÑÑѤ§§_ô5óóóQ(¬X±‚¦¦&î¾ûn’’’.õ­!„ÂKIp(„«Œ9^ýuŽ?NVV<ð€;@©>,//çÃ?dÆŒ¬X±‚;ŽŽ¶oßNii)eeeî ć~˜øøxÖ¬YsÙÆn2™¤µµ‡Ã1æ×ņ…£¹\®Kª2Ÿ3›Íüò—¿¤··×]ax©>SÅåra0¸á†èëëã7Þ```@þžx‘ ðÜsÏññdzqãFôzý˜*J¥’+V““ÃŽ;Æt‹oÐ}üøqjkkY¾|9Ç'::šï~÷»“þ^„Bá]$8Báµ:;;yá…Xºt©;ü×ýWwáH€xôèQÞ{ï=fÍšÅòåËY¿~='OždÓ¦Mîðp¤199yªßÖE $º4o¼ñ%%%Ìš5 ???¯­0„á@)%%…¸¸86oÞLWW—{IûH:ò÷E*=ß­·ÞÊš5kx饗())!$$dÌŸ›V«eõêÕtttŒëœ}}}ìܹ“äädbbbxæ™gÆ“B!„¸vIp(„Âk¥§§“ššÊÞ½{)(( 77—C‡‘™™É£>:fùrQQÕÕÕ¼õÖ[ÄÆÆ’——Çý÷ßÏÑ£Gùàƒ(++ãСCOõÛš0§Ó‰¿¿?¹¹¹444 Õj§zH^©¸¸˜·Þz‹3fçõË’gÎœÉM7ÝÄ–-[())A¥R¡V«Ï¨œ ž$pö*•Šo~ó›twwóÜsÏÑÒÒrÖyK¡Pœ7 v8lÚ´ ___/^ÌÀÀßþö·‰ŠŠºœÃB!„—‘àP!„×êééq/ѳZ­lÛ¶ÂÂBrssÉÊÊ"33“GyäŒ ÄÚÚZêêêX°`K—.塇¢  €÷Þ{éÓ§{MÕáHWÔÔÔTfÍšEww7O?ý´W†ŸS©³³“gŸ}ƒÁ@||¼W†N§½^ÏêÕ«©ªªâõ×_G£Ñ Õj/¸ÔzôòVáùBBBøÙÏ~FEEüã±Z­øùù9æ\aðÁƒ9uêK—.¥¶¶–œœòòò®Ä°…Báe$8BáµÞÿ}úûû™={6Ë—/ç–[napp­[·R\\Ì’%KÈÌÌtˆ£÷@,..¦ªªŠêêj’““ÉÉÉ!++‹ƒºÏïÉK7- 3gÎdÙ²eTVV²råJ²³³§zX^Ån·óÛßþ–ÎÎN¢££ñïçi\..—‹ììl|||ظq#v»½^ïµïIŒÏ¢E‹xþùçùðÃùôÓOñññA£Ñ¸—¤›L&÷±MMMìرƒ%K–`³ÙðóóãÙgŸ•ÐX!„ç$Á¡B¯2:Ì[¹r%åååœ|}}Q©Tãjè"K”¯wÜqk׮套^¢¬¬ŒÐÐPúûûioogÇŽ444ÅÂ… ±Z­<ñÄMõ°…Báá$8Báµ{ì1ÊÊÊ(..¦°°ºº:êêêHLLdéÒ¥¬_¿žúúzÞ}÷]÷†#ˆ#ûŽT Õoí v»£ÑHzz::³ÙÌÓO?¿¿ÿTÍ«ôõõñÄOP__Onn.*•jª‡tÑl6ƒ;½{÷òî»ïD@@€×v€—F£Ñðío›ŽŽžþy X³f jµšÐÐP:;;¹ë®»HJJšê¡ !„ÂKHp(„ÂkEDD°xñâ1`QQ•••TUU‘’’BNN÷ß?GŽáõ×_ÓA933ÓýÚôôtÞyçš››§úm¡§§‡ÈÈHV®\Icc#_ûÚט?þTËë¸\.¾ñoÐÔÔ„R©dË–-Ì;—””÷ÒNo¨Üt:8–/_NOOýë_ñ÷÷gÚ´i ¦OŸÎSO=ʼn'øýïOxx8+W®$33sª‡&„B/#Á¡B¯2:ØùãÿH^^ž»‚ð‹MP:ÄáÇÉÈÈ`ñâÅ$%%QPPÀ«¯¾Ê¡C‡Æ,aNOOgöìÙ|ýë_œN§BCCuþùçkÅŠ*++Sbbâ †Àц•ƒOÿ¼ä’KTWW§^xÁJAA?@ì {+?ûì3­[·NsçÎÕÂ… år¹´råJÿ½%%%ÊÈÈ44UXn·[ûöíÓ„ ”››+»Ý®Ûn»M‰‰‰§|.#Ýn×¾}ûd±Xd³Ù,·Û-‡Ã!§Ó)©'°]·n¢¢¢”­ˆˆÆ!­>t¹\òx<:÷ÜsµuëV½òÊ+7nœÂ pÒ†• .¸@>ø âââ$I ºúꫵ{÷nýñô/A.((Ђ ú,aî­>üðõvíZÍŸ?_]t‘ÚÚÚôþû﫸¸XÉÉÉþgÊð°²²R!!!ºôÒKµcÇ{5kÖ){þHWYY©úúzEDDÈl6Ëf³ÉjµÊb±Èn·Ëår©»»[>ŸOÍÍÍZ½zµ’’’”™™©°°0™L§öW&¯×«ŽŽM™2EV«UË—/W||¼&L˜pÒª ‡ÃþŽ8µÃJvv¶’’’ÔÔÔ¤ˆˆÿõôôt¥§§kÓ¦Mzúé§ûìa¸dÉÿòåƒ÷@|ï½÷´fÍ-X°@W]u•ª««µzõjÿ˜§"H©¯¯W[[›.\¨ÊÊJÅÄÄè»ßý.!ÎIÒ¸ù÷2 VPP ƒ¿ÂO’jjjTWW§´´4eddÈ`0œ’êÃöövEFFjþüùzï½÷d2™4iÒ$¹Ýî“VeØ»l8˜QÒÝwÝu×)ÿK:ÇkñâÅ2*--•¤>ÿ ‹×Ô©SUVV¦÷ß_õõõª­­Uhh¨Î>ûleee)))IIII Òž={TVV¦íÛ·küøñš;w®¤že«V«U“'Oö‡*^¯×ÿùá>îs¸Ï}>Ÿìv»ÊÊÊ”™™©±cÇ*88X?ùÉO”——Ghx455éõ×_—Éd’×ë•Ûíöq&“IF£Qf³YF£QAAA}¾WÍÍÍþ“˜ÃÃÃû„wnGûÙ8´ß¡÷ØívuwwkÉ’%Ú³g6lØ ¬¬,EDD øço ?‹‡~x<Í›7OÍÍͺ袋Ný7§·Û­_üâT†§‹.ºH矾žyæ­]»VÑÑÑþý ƒæÎë?¥°°PsçÎõW ^qÅ}ö@ì=Då•W^Ñœ9stæ™gž´ ,ŸÏ§Í›7+**JK–,Q]]®¿þzMœ8qП…/|ØËåòŸžìr¹$³Ùì¯<ìm;8 t¹\*++Ó¾}û”‘‘¡ØØØ>ûmž—Ë¥¶¶6ååå©©©Io¼ñ†²³³•œœ,·Û=(ÏŽÁ!`Ø2úÎw¾£k¯½V¿úÕ¯TUU¥èèh»ÉdÒâÅ‹e·ÛõÁ¨°°PsæÌñïxíµ×ú—/çååéõ×_׶mÛtæ™gJü¥Êååå²ÛíZ¼x±ÊËË•­þð‡ƒú ôïàïekk«vîÜ©ŒŒ ÅÇÇ«³³SF£QV«Õ¿ï¡Ùl–Óé”Ëå’Óé”×ë•ÔS‰ºqãFEFF*--M6›í¸O»öz½jjjR||¼rrr´jÕ*¥¤¤(??ÿ”Ÿ–ìóù-ÀÈApöÆŒ£{î¹G[¶lÑÓO?-‡ÃÑgÿÃ]rÉ%jnnÖû￯uëÖõ9DåÆoTnn®âââôÈ# úüöï߯;w*??_²X,z衇Ž;p‰s:Úºu«ººº«ÐÐPuttÈápÈd2),,Ì€Jpp°º»»ûˆ---Z¿~½ââ┚šªÐÐÐcz~[[›¼^¯-Z¤•+Wª¡¡A³fÍ:åáÁØã‡"8ŒS¦Lѯýk½ùæ›Z¶l™¿z¬WTT”¾úÕ¯ªººZ+V¬PqqqŸCTî¹ç=ûì³’ú.m=^.—KkÖ¬Qrr²æÍ›§îînýøÇ?VBB ‹cw¸ïeïIÅÛ·o—ÙlVPPÜn·ºººdµZý¢X, uwwû—û|>Õ×׫©©IIIIJLLbïA+»wïV]]’““&¯×«ÚÚZY,-\¸P+W®TRR’–,YrZ†cCŠß#Ztt´î¹çÝzë­r¹\êèèè“››«o~ó› ÒæÍ›ý×%ìkoo×òåËe45cÆ FÝ}÷ÝúÚ×¾Fh8L˜ÍfEGGËh4Êív«³³Sr»Ýr8þ Ðd2)88X‹ÅóÁìv»vîÜ©;vh÷îÝš={¶\.—>ûì3-Y²DÙÙÙCô†‡GÅ!úCÅ!`T˜>}ºüqýóŸÿÔÛo¿pnPP,X ¹sçÓ¸>ŸO+V¬ðW”566êºë®Sffæ`¿NÀ‘Â[›Íæ¯ ´X,þÓ•ív»º»»ý§.K’Ãáð/Y>¸o{{»º»»ý\o5á”)S´råJ-Y²DÁÁÁ§U…áÁ|>÷)²¬j­²#ÆjbxÒ€úïê¨S¥½A¹QéŠ0‡œðó[]v•4ïRZh¼ÒBãOx¼^kwÈáéÖYñ9'4ŽÝãTY[•šº;”ž¬ÔÄÏ&C…à0ª\~ùåºøâ‹õ»ßýN¥¥¥ŠŽŽîÓn2 ü?ëÖ­See¥.\¨Ý»w+''GK–,ì)ciC‹Å¢9sæø—GDDø÷4 Q[[›?´X,²Ûíòù|}‚ÃÈÈH9N¹ÝnÙív™ÍfÍ›7OúÊW¾rÚ-K>‡§Æç eºüã_êÁ™7è'Ù_9bß÷|¤ÛKžS£E’d0h^ìd½8÷GwÌÏÞÕQ§ë>Tkvȧžïw’-Jç}[_7ÿØ_æ ^ŸOK?ù¥ÒBãµzÉÇ5F¥½A?,þ£^¯\㟟$¥ØbtßôkõÍŒs,UŒ:&“I?øÁôàƒÊjµª¥¥¥ß~‡ SªªªôòË/+**J™™™²Ùlzà Oc‡«¦kllôŸ’œžž®Y³fÉçó©¹¹ÙÿýˆˆPxx¸\.—ºººÔÙÙ)©§ªÐétª««Ë¿„¹wÄ .¸@åååš7oÞ©yÁA@ÅáÉ÷ȶ7Ôï¾Í×7>\uŽM‹¯+ÆÎQ¤9TŸîߪ‚wo×Æ–½ÇôÜâæ]*x÷v}Ñ°]1–p]9v®²#RUÓÕ¬«?{Doؼç/{?RMWóqßßèlWî;?Ö?*¿ÅhÒÂø]5vžBŒUu5êÆ5¿Ñ[þqBsLJŠCÀ¨«{ï½W%%%zþùçÕÝÝ­ÐÐPI_.Ý<8<ìîîÖk¯½¦ØØXÍš5K’ôÃþPññƒ·Ü§–ÙlÖªU«”’’¢I“&)((H999r8Ú²e‹ÿƒÁ ÈÈHy½^µ¶¶ÊëõÊd2Éf³ÉårÉívËb±(((HqqqÚ¶m›Î=÷ÜÓºÊð`‡žÁ³£½F+jKõfU‘–×µ­£E÷nzE’ô‡YßÕ¿Oèùƒ„ÓëÒ9+ÿGŸ7”éžM¯èïgþ¿Ïá6üUMÝ:7ašÞ=çe2ô,½tÛ2ÝVòº{ãßôí ‹6à1›º;ôAÝ­¨]¯w4àûús׆¿¨ÑÙ®Œ°­ZtŸÆ†ÄJ’:ÜýlÃKz¬l™îÞø7]Ÿ¶ÐßN *£^nn®üq-^¼Xmmmþ hòäÉúè£äõzµ|ùr½ñÆ:óÌ3®Å‹ëÎ;ï$4&·T9""B‹/VHHˆV®\©òòrI’ÕjU^^ž&Nœ¨ÖÖVuuuIêÙ 3**JV«UN§SêêêRWW—º»»ÕÝÝ­ØØX566žÒ÷;>Ÿ=O’û7¿ª¬7¿«ï=3 ÐP’~»ýmu{ݺ,e–?4”$KY¯žù Az}ßÚÓY? ñ¶µUiyu±‚ƒLzyþíþÐP’~<ù2—8SvSOï|wÀﵩµBqÿ¸A_ýôa=³ó=Ù=ÎßÛŸV­•$=qÆM}‚Á0“U?͹Ræ £º½n}Ñ°ý„žŽÁ!\qÅzòÉ'•‘‘!£Ñ¨ÊÊJÕ××ë•W^QzzºRRR” ûï¿_ùùùC=]ƒC«Gåp8´hÑ"ÿa7•••’¤ÈÈHÍš5K111jjjRww·¤žJÅÈÈH™L&9uttÈn·«¡¡AiiiÇ´Wæé€=OŽô°]ž:Ëÿ‘h<ê=Ï”¿'Iºr윀¶d[´æÇeËãóêO»VhÏ–¯O>-ŒÏQ¬%" ý«ãz–Ó?³ó½'I¡F‹.M)ð¿WnTÆ€ï=T›Ëî_æœ×Ï8q–Í‹,IÚkXX Ïðú­€“Ìl6ëÖ[oÕÕW_­{ï½×¿D5$$D?ûÙÏüK™1¼épIª¯¯Wss³´hÑ"mÛ¶M+W®TNNŽ5vìX¥¦¦jûöíjjjRdd¤‚‚‚ü‡£444(,,Ì?Þ¡‡îœÎ¨4‰‡“– 7üÔÿïÿÛµRßZóä€æs(SQËÏþ™‚ %Ù¢úí³½½Z’47fòq=?‚Cú‘ 'Ÿ<¾ÿ#ŒáÇl6+**Jííí*,,Tjjª²²²´yófmÛ¶MÓ§OWtt´&Mš$—˥͛7Ëét*2²§‚,(¨gGoåžÙl²w9^ˆC¯·òÎd0*á0Õ‰)¶žPºÆ1°ÃHzÇL±ÅôÛž|`<Ÿ|ªw´úÿ}ª„-ºà0!iSw‡î,ý³jºš56$V³c'žÒ¹‚C0 4³X,²X,Ú¿¿ªªª”žž®ììlmØ°A›7oÖŒ3¡™3gª££C[¶l‘Ñøe…Öp ß¼^ïPO’jºš$IQÁ‡¯lŽ¶ô`R;ÀSŒ{ƒÃÃ|b2añ/>ÕÁaÎYù?*iÞ¥V—]RO•å‹ó~4 jH0¸Àˆw¸¥Ê½´ÿ~………Éh4Êf³Éf³©¢¢B>ŸOYYY2›ÍZ¿~½|>Ÿf̘¡°°0Íš5KµµµÚ±cGŸñ†ãžÃ5ôIö;Û$I‘Gǘ{Úê-³ÞÙ2€1{‚ÃŽy²mlÝë %Éb4Ëë#Ü`(€ïp¡XQQ‘\.—¦OŸ®ñãÇkûöíjmmUDD„ ƒÂÂzª´ÊÊÊd45cÆ y<ËjµjúôéJLL”Óé”Ãáð;Ü‚CNU>=„›m’$»»û°}:Ý=?g!&ˀƌ0‡Èái•Ý}ø“uÌ“mÏeϨÛëÖŽöjý~ç»znךööêí³ÿGùÑ™C==F‚C0*ô†y!!!²Z­r8r¹\***Ò–-[tÆghÒ¤Ir»Ý*++“ÓéTxx¸$)"¢ç4Ú 6Èf³iÖ¬Y²Ûíúâ‹/áoï}Æp[ú;܂Αªw_ÃÆî¶Ãöiîî”$%Yû?HäPñ–1ªw´ª©»£ßvŸ|jqõŒy:,S–¤0“U’4;&K³c²$IÏíú@Ïïþà€S,h¨'p²¼T9$$DÊÈÈðïOh·ÛõÉ'ŸèÕW_UUU•¦M›¦ììlÙívÙí_.™ŒŒŒTpp°Š‹‹UUU¥ùóç+%%EuuuCò^ƒ‰ŠÃ¡o#Irx\²{ú¯lìn—$%‡ ,äë #œý‡‘ÍÝòŽF&·Ï#‡Ç%·ÏsØ>W;S’´²véš8€àŒx‡†bAAA;v¬fÏž­¤¤$ÿõ––­X±Bo¼ñ†ÚÛÛ•››«qãÆ©££Ã¿Ù`0(**JƒA………jnnVbbbŸñ‡[Åáp›ïHgPèj»ÏÊúíóyÃ6IRzh€ÆLëé÷EãöÃŒ×óœK¸©ô©ôôÎ÷d{åkúÊ'¶O¸©g^U§Á!ñw8ŠÙlVVV–òóóõeµU}}½–-[¦wß}WAAA:ãŒ3«¶¶6¹\.I’ÑhTTT”º»»UQQqÊÞåd¡âpè™ F]=n¾$éÝš’€vÏ«wkJ%I׌_0 1¯=Ðï½÷ê­ê¢ýÎ:æù†³â¦H’Jšv¶ê°¤y—$iZä¸S6/ЃàŒz¡¡¡š>}º¦N*›í˪«½{÷êÕW_ÕG}¤ÈÈHÈf³©µµUOOÈa6›e2õl=\Ã7*O7M8O’ô‡òÚÞ^ݧí›_Usw‡fD¦iVÌÄ>mÏïþPw®A•-ësýì„©Ê ORuW“ÝÖ·mC˽°{Õç.éÓ¶±e¯î\ÿ‚î\ÿ‚ª©Òï® Ñë_Ð[ÕëüצFŽStp˜ªºõà–×î©s´è—[^“$]”7(óÇá(`Äh £èèhUUUiïÞ½r»Ýòù|*++Syy¹¦Nª™3g*==]eeejkkó "}yÈÈp=¸å’¤«ÇÍ”ƒSÞú†º½nuOrëâä3üó{⌛ôÍ/~­»6üE«¶iQÂt…›mÚÔ²WÏíþPm.»r£2tGö'<plÀˆw,¡˜Á`Pjjª´wï^UWWËçóÉív«´´T[·nUnn®rrräñx´mÛ69=Y ÇS• O?÷c)H/W|ªÿÉÝj4ëµ3ïÐ…ÇXywÅØ9úÛüÛtÍgê±²e}ª¿=a±ž)øî Íýx\—v–‚ƒLúÆçëíêuzû ŠDIº>m¡Îý7™ƒŒC4CF/ƒ$_WW—¬VëPÏà¤hllÔÒ¥Ký§( »Ý®òòr55õ]®¦‚‚effª¼¼\G]]]ºæšk´iÓ&-X°@'àÃív÷{ýp}½^ï1ßwp¯×{Ä{Ýn·n¸áù|>Ýwß}ƒõ%Ç ØÞ^­ÏöoU¥½Q1™š3I‘Á¡Ç=^Sw‡VïߦuÍåJ×ü¸lMK<ú§ˆÃãÒú–Ý*lÜ©ýÎVMŠHQnT†²#R‡zjŒ:‡C6›ŠC0òHU]HHˆ¦M›¦¦¦&•——Ën·K’:::ôá‡jýúõ?~¼"""†mõžÏç¶sɲ“•žNU ¯ïûBQ¯]¯ê6µïŠÚõºä£ûûñ÷kµpå]úÝŽwŽûÙõŽVÝ´ö)M~ëû²¼üUå¼}«¾Sø{5ww÷˜½:Ü%¼þoº­äÿNx¬ƒ=[¾B‘¯^§[×=;¨ãGƒUMg0”œœ¬Y³f)55Õ?î¡ÁÛp â†Û|pjPq6ž-_1 ~¿.{S·•üŸ<>¯‚ƒL²ƒõqýf}\¿Y_4n׳³¾wL›ìohÙ£K?º_öý’¤8K„¶´VjKk¥VÔ®×[ ïÒ¤ˆ”ãz'IúëžÕåé>îûûSÖV¥ÿ\÷ÇA_òù|JKKSrr²víÚ5ÔÓ9a,U@¨8œÖ<>¯Ö4n×÷‹žÑ;5%Gí_ÖV¥ÿIŸWÌø†š®|AWþY¯/¸S– ³þ¼ûCýuïÇÇ4‡›×þNöýZŸ£=—=£ú+ž×ŽKžR^T†Ê;jõ½¢gŽëÝvwÔé÷;ßÕ¹Ò°ÛëÖ5«•ÝãÔq‡³ÁÅ:;;µ}ûvµ¶¶*''G&LèÓ>Ü*øЂCÀiëç›^Vì?nÐœ÷îÐow,Ð=—ýK>ùt}ÚBÝ1å …šzöC\š:[å}Ëßg V7lÓšÆ튵DèÕ3¢ñ¡q’¤Ìð$-[ø_Š0‡heÝmlÙ;à1?¬Û¨Ì}Gÿú}§ð÷êt;|ï@ü×úUÒ¼KcÌ!ƒ:îp6Ø¡XPPn¿ýv=øàƒÚ¿¿ÿ´æáGBp8m•µUÉçóiŒ9DcÌ!2èÈáO«Ë®çw(Iúö„ÅíßH?[– ³J›wëãú͚ïËÞ”$]–R XKDŸ¶[Œ.LÊ“$=±ý­'IÕ]Íjp¶ùß+8hðvy¯¶Tn[¦Y1õÍôsmÜán0G9˜ÅbQll¬Î;ïïõ™çøÞ#ÙïlÓ7?ÿµBMýeîdÄ@}FËb±¨¢¢BGߪÑá‡"8Œ5]Í’¤ôÐx™ ý~’ž$Iªu4lÌý&¸ïPÃ’{Æëj9¦¹ž 7~ñ„j-zâŒ÷¿'z †A Çš››•••¥öövI’×ëíÓ>Ü‚8*ЂCÀˆÑòE[ÂÛ':8¬§o×уÃN·Cí®®c†õ?ÞëuŽù4taÑo¶¿¥·ª×骱ótcÆ¢!›Çéj°—*KRii©^xáÝ{ï½c·àPü} 0üFŒÚa`o8ØŸÞ ¯Öqô ÁƒÃÅèàþÃÈÞg¹}58Û<×Á´±e¯~Rú¼“³‰øœIDATRCbô̬ï ÉNwƒŠõƒV«µßp8‡½Õ˜‡8Á!`Ä0õ,Ovû<‡íãòö´ $Ø9x@ÏÛoŸÞñ:æ`sx\ºfõ£êöºõÂÜ*ê¡)×ɨbJÃ)ìÀ©Ap1¬‘’¤&gÇaû4w÷´%Ù¢Ž:^¼uŒÿó¦îþ« {¯›ƒŒŠ³FôÛçdú¥Ïisk…þ_öWtvüÔSþüáâàÏn·kóæͪ««;á°Ìétö©Öëo¸…pÃm¾858n0bÄ[z‚¾¦îǽmɶ裎g3+ÜlS»«KMÎ ‰ èÓÜÝ)©'´4èÔWŸ}X·I’ô¯ªB½S]ܧ­º«I’ôÊÏUظC’ôÚ‚;4!,ñÔNò4pðrܶ¶6544¨¡¡A{öìQzzºâããkÌÐÐPíß¿¿ÏµáÆçó _‡€#9¤' ,ï¨Q—§[6cp@ŸM-’¤”˜™dR»«K[÷jfTz@ûÆ–½=ãÙ6Þɲ¥µò°mMÝþÀÔáé>US:­\q8wî\Í›7O………Ú´i“¶nݪ½{÷*##C11û>ú|>íß¿_qqaroûp‡èÁ!`ÄÈ‹ÊPjHŒöÙõQýf]”Û§½ÑÙ®/ËdA%å hÌËSgéá­oèÝš}#íì€ö·kÖI’.M)8áùÝ'×aötüùÆ¿é÷;ßÕuigé‘Ü%I±G8qz´˜3gŽfÎœ©¼¼<ª°°P[·nÕ¦M›®ŒŒ EFFq ³Ù¬•+Wêë_ÿº¼^ï°?Uy¸Í§Á!`Ä0‚tcÆ"Ý»é=¹ý-Ÿ4³ÏòáßîX.¯Ï§óg*=,¡Ï½ÕoV—§[ɶ(MLó_ÿ÷ KôðÖ7ôfU‘vwÔõ¹oKk¥Þ¯]/“Á¨3Îí3ÞŽö•wÔJR@€y<:Ý}²«$izäxÿRë˜#¡&«$Éf´(Ñzä l¤;8Øûâ‹/4gÎÝ|óÍÊÍÍUnn®?@ܱc‡Ö¯_¯¨¨(¥§§+<¼ÿ¯¯ÅbÑš5kd6›ÕÜÜ,«µçkÝÀQ½€‘€ÃQ#ÊM–(*8LoU¯Ó÷‹þ ]uªéjÖceËt÷Æ¿)È`ÐmÙ—ÜwýçéÂU÷è¡­¯÷¹žž¬¥©³Õê²ëòO~©OöoQ§Û¡µëuéÇ¿ÃãÒuigì™ø»VêÂU÷èÂU÷ȧ¯æÚÛ¹ß?Þʺ '<ÞhsðRåââb=óÌ3úë_ÿª1cÆèæ›oÖ-·Ü¢›o¾Y_ûÚ×”‘‘¡ææfkóæÍêìì /44TÓ§O׆ ´fÍÿؽÿëõö ÷銥Ê臀elH¬Vžûs-ùðn=µc¹žÚ±Üßf2õÂÜê¼Ä™Ç4æKónÓÒO~©wkJtÖûÿÝ§íª±óô‡Yß”¹ãäé=E’"""´lÙ2­Y³FóçÏW~~¾òóóuË-·(//¯Ï把 544(!!AiiiþÊBI2™LÊÌÌTRR’ŒF£$NUÀÈBp6^ž»ÞnÍ8h)qr£2´ö¼‡õϪ5úlÿ6u¸š;Y%ç)?:³ß{þ>ÿ'rx»•ÐÏ’^«Ñ¬žõSý½bµ>Û¿U[Úöizäx—­«ÆΓÑXÀÓ„%:/©' <ÚiË?ȺX_;爬¤…ÅëÃE÷J’²#R8^¯ïL¼@—¤äèéÑÄh4j„ r¹\zå•WTXX¨¹sçúÄÞåË/a®®®V}}½’’’4~üxyðNhhhÀ3â0$ùºººúü`$ñxŸ\.—êëë#«ÕªÎÎNíÙ³G999š5k– ”ŸŸ¯ððp­]»VEEE*,,ÔÚµkU__¯   ¥¤¤hìر2›Í}žc·Ûuíµ×jõêÕºøâ‹åñx>Ünw¿×××ëõó}÷÷z½G½÷ÒK/UBB‚îºë®!úàtâp8d³Ù¨8#ßÁû÷ÕÖÖj×®]Ú¹s§ rNNŽZZZô§?ýI%%%*))Q~~¾ ”——PXYY©êêj;V©©©}–*÷~ 'Ãm¾85Àˆ×{8ŠÏçÓôéÓ•••¥ÂÂBÕÕÕ©¾¾^ÉÉÉ7nœ¦Nªêêj=ýôÓþ±·±¿%Ì{öìQuuµ233çÖp;èÁ!z«êæÏŸ¯ &ô «ªªTSS£ÔÔT;Vqqq*//WQQQŸ ÄyóæùPÉÍÍUQQ‘>ûì3mÙ²Eùùù}aN:ЂC0â¼T¹²²R7ÜpCŸ%ÈEEEZ»v­***TUU¥qãÆ)%%EIIIÚ´i“Ö­[§Ù³g«´´Tùùù:çœs”››«¼¼}ºòòò´oß>ÝxãÊÌÌêià4FpF…ÞŠÀ³Î:Kñññ***ò€›7oVXX˜2224qâD9N½ùæ›***êsŠòÍ7ßPXVV¦¢¢"ø`98%$$袋.ÒÖ­[5mÚ4ÝvÛmC=- ‡`Tñz½þ ÂCÀ 6h̘1ÊÈÈPvv¶:::ôúë¯ûA)((ðW öˆŸ}ö™^ýuµ··+$$D’N‹eË.—K&“IK—.UKK‹L&“~ó›ßÈdâ×? ¿9€Q¡7Ì+,,ÔŸÿügåçç÷[AX^^®’’EGG+==]999jnnÖ+¯¼ÒgùrAA?€Ü¶m›Ün·¤žeÊCYuèõzÕÙÙ©ÜÜ\¥¦¦Êétê§?ý©âãã‡lNžŒ’î¾ë®»øë3Ñ^xáy½^UWW«¤¤Dû÷ïWKK‹233µhÑ"%&&*99Y‘‘‘²Ûíª©©QMMìv»âââ”’’¢¦¦&}þù窬¬Tmm­ÚÚÚ4yòd™Íf­_¿^‹ES¦LѾ}û4yòdˆxð‡×ëí÷úÑúä¾––ÅÄÄè²Ë.SKK‹®¼òJ]ýõ ê/?†·Û­_üâT€Ñ%>>^.—K¯½öš 5wî\aïòåƒ+÷íÛ§ýû÷+11QiiiŠ×¾}ûôüóÏ«¤¤D%%%ŠŠŠÒwê=”åŠ+®PEE…të­·éœ0ü€Q!!!Aûöí“$™ÍfeeeÉáp襗^RQQQŸ= sssûìXTT¤ššÕÕÕ)99YãÇWrr²víÚ¥ 6hÆŒ2§üÜn·ššš4{öl™Íf =ðÀT`P€QáòË/דO>Ùçà«ÕªÉ“'«££CÏ=÷œÿ”üüü€±÷檪*ÕÔÔ(55UãÆ“ÏçÓöíÛvJOU®©©Ñ¸qã´`ÁÕÖÖêÛßþ¶&L˜pJž €Ñ=À¨““£Ù³gkýúõjllìS!¬øøx566jÕªUª­­U]]<òòòTPP ¤¤$%%%Éf³©±±Quuuª©©‘ÑhTZZšÂÃÃåv»•}R÷8¬¯¯—ÓéÔe—]&»Ý® è;ßùŽ¢££‡ð« €‘„=À¨3eʽøâ‹zã7ô§?ýIMMM}þx­èèhíÝ»WëÖ­ÓìÙ³ýK˜gÏží¯>ÌËËÓÚµkµvíZíÚµKõõõš1c†¤žSO†ÎÎNÕ××káÂ…jkk“ÅbÑc=ÆpÒð›&u–.]ªK/½T>ú¨Þyç¹Ýî>K˜•˜˜¨­[·ª°°P¥¥¥þ%ÌguVŸqÕªU***R[[›l6›$ êreÇ£íÛ·kòäÉš:uªÜn·î¸ãÅÇÇÚ3€þ$ùºººdµZ‡z.§\SS“î¾ûn•––*((( ÝëõjÏž=r»Ýš3gŽÿ‚544¨°°P·ß~»"""4fÌ-]ºTkÖ¬ÑW¾òy<ž€·ÛÝïõþ>vìØ!«Õª… j÷îݺîºë”ŸŸ?_%Œ&‡C6›ŠC0ºEGGë‰'žÐúõëõÐCiÏž=2›Íþö   eddÈåré‹/¾PQQ‘fÏž­ÒÒRåççëÒK/ÕêÕ«õþûïKê©6<¸zñxìß¿_õõõZ¼x±*++•˜˜¨[o½õ„ÆŽÁ!€¤3fè/ù‹^}õU=ÿüójnnî³ ÙlVVV–ºººôñÇûO`.--Uzzº¿ß‰,Sv:Ú¸q£rss5vìXIÒý÷߯ÐÐÐã1à8䪫®ÒÒ¥KõÈ#hÅŠûÚl6egg«½½]+V¬PII‰fÎœ)ƒÁpB•†¥¥¥ŠŽŽÖù矯††}ë[ßÒ„ 㕀㸑À(g2™tçwêå—_Ö´iÓú=)9<<\S§NUpp°V¬Xá¿~¬‡ååå*..Öy秨¨(MŸ>]<ð¡!†‡‡«'Ÿ|RÅÅÅzøá‡UQQÑgÿC©gÄèèh¹Ýn¹Ýî‡---*--Õ¼yó+›Í¦_ýêW}–GC‰ŠC€£ÈËËÓK/½¤ïÿû “ÛíèÓøõWx0¯×«>úH­­­š?¾$éŽ;îÐM7ÝDh€Ó ¿ Ð5×\£«®ºJ=ôV®\)ÇÓニ‡«:,,,”ÓéÔy秊Š ]xá…ÊÏÏ?ÙÓŽ ‡ÇÀl6ë¿ÿû¿õÒK/)''' Â°¿Ð°¢¢BË—/×ôéÓ•œœ¬ÄÄD=òÈ#„†8­$ùºººdµZ‡z.ÃΚ5kô裪ªªJAAAÊÎÎVss³.¾øbµ··ëwÞQNNŽŒF£bccuË-·(44t¨§ –ÃáÍf#8 /¾ø¢^zé%y½^hÛ¶m3fŒ&Mš¤¦¦&}ûÛßæ¤d ‡ƒÌétê¾ûîÓ† §ääd-X°@K–,ê©Fp @opÈá(@p Á!€‡@p Á!€‡@p Á!€‡`Äët;ÔévÓ=nŸgPçàñyunZû”žÛõ$)¢—CoU¯Óòšb=<óßôãÉ—÷{µºìzµòóã¾_’V7lÓåÿR Î6IR²-Zn‡Š›w©¸y—žÛõ>Y|¿ÂͶz†'–*€©º«IÏïþPßZó›õÿAÑ´£½FùÑ™ÚyéïTÅóÚ}ÙÓZ7E•öÝ´ö©czþK{?Ñs»>%ȬžõS5^ùg5^ùgÝ?ãzy}>Ý^òœ¶¶í;æ÷êt;´¼¦X_ùäàwýºìÍcz·ó?ü¹¢_û†.Zu¯>¬ÛxL÷êw;ßQ—§[Ù©zsá]Ê O–$dÐ¥)úóÜÿ”$ýy÷‡jêî8¡g`x"8#J£³]UöF1‡hŒ9DV£ù¨÷\Ô¸S’´8q†lÆà€öóg*Æ.I*n*?¡g`xbC0¢œ“0M-WýÅÿ¾¡Ÿ”>Ä{J›wK’.N>£ßöK’óõÌÎ÷Tr ßÑôŽwfÜE˜CÚçÆNRtp˜šº;´­­Jsb³4nõÒ?ù?ßÑ^£¬7¿; ûúÓê²kŒ9Dsc'õÛîöyü'A‡š¬Çý _‡`Ô«q4K’&X®{¨Ìð$IRmWóÀÆëê/©ßv£!Héa jjêP­c`c¶Ï–üòˆíÕoVKw§­‘60²°TŒj>ùTçh‘$E‡õÛ§÷z‡Û¡·ã¨cö‘‡ïà¶ÚÏ>lo¯Ö̓¹,u– 2 ñŒ0À¨Öèl—Ëë‘$EØÓïPÑÁ_^HÕaoÅáÁ÷nÌV1ž*oì[£¹ïÝ¡]uZœ8Cθa¨§€!ÂRe0ª™ Fÿ矧ß>.ŸÛÿ¹ocšƒŒÆó¶Oxò7ïÒŠÿ¤ë7K’þ#ó|ý&ÿ¦>_Œ.‡`T‹ UpIÝ^·íJ±Åôiîîðžl‹:ê˜ñ–1’¤¦îöÃöiröŒ™d‹>Ö)ªn¯[?ßô²Üòy|^Óý3®×µãÏÒy`è€Q/Þ:Fûìj:( ØãŒzɪþ6µTôÛ¾©µçzÊ«“T%nlÙÛo»ÓëÒŽöšž1C†¦âÐáqé’~¡’æ]Ê OÖšóÒm“/'4€Á!õ.K™%Iz·¶¤ßö·ª‹$I—$ h¼KS dAEM;Õè \®¼ªn“ì§Rl1ÊÊ8ÎYŸ˜çv Õ Û4.$NEç?¢é‘iC2œ¾À¨wcƹ2‚´²vƒ¶´VöiÛÝQ§Uõ‡7e. h{§¦DïÔ”È}ÐÁ*i¡ñZ’8C^ŸO¿Ý±¼Ï=>ùô›íoI’¾5a‘Œ†/sz]þñ*ìûåÝ ›vêš}Ñ°½Ïõßn[’ô£É—*Ül”g`daC0ê%Û¢u}ÚB=¿ûC]öñýzfÖw5;f¢Ö6îÐÖ=«6—]KSg++<¹Ï}¯T|¦;׿ Ij¾òEE‡úÛn˾\+ë6èç›þ¦¨àP]3~íz¬ì_z«z"ƒCuÓ„¾Ad£³]®ºG’ôÄÿ®d]|ÂïvGéŸõaÝFÍŠ™¨5ç=$Iêòtû—_?¼õ =^ö¯#ŽñòüÛ5;&ë„ç€á…à@Òf}On‡^«ü\‹>øYŸ¶ ’rõÒ¼ÛŽi¼ógê…¹?Ô7>\·®{V·®{Ößk‰Ð{çü¯Æ†ÄÊÜÕÞÎ/««»šŽÚßáqÌéà4eäëêê’Õzô†›J{ƒÊ;jk‰ÐÔ1ãŽØ×íóèÕŠÏõYÃVmhÙ«)©:3nŠ¾:nž‚ƒÿÞÚ;¶$—-“ÁÐgmã½SS¢Õ Ûf²j~Üd-M™­ô°„€¾Ý^·V7l“$M ORŠ-æ°síòtkMcÏòã³ã§¶ßú–=jîîP„9DyöSluÙUÒ¼ë_‰¾r£24Æ2àþÞ‡l6Á!€/õ‡Ž Á!€‡@p Á!€‡@p Á!€‡@p Á!€‡@p Á!€‡@p Á!€‡@p Á!€‡@p Á!€‡@p Á!€‡@p Á!€‡@p Á!€‡@p Á!€‡@p Á!€‡@p Á!€‡@p Á!€‡@p Á!€‡@p Á!€‡@p Á!€‡@p €I’œNçPÏÀi 7+4Hò íTœnþ?ó“¼ðèEIEND®B`‚xl2tpd-1.3.12/doc/l2tp-secrets.5000066400000000000000000000033421327764040100162030ustar00rootroot00000000000000.TH "l2tp-secrets" "5" "" "Jeff McAdams" "" .SH "NAME" l2tp-secrets \- L2TPD secrets file .SH "DESCRIPTION" The l2tp-secrets file contains challenge-response authentication information for xl2tpd, the implementation of l2tp protocol. The format of the file is derived from the pap and chap secrets file format used in pppd. The secrets file is composed of zero or more lines with 3 fields each. Each line represents an authentication secret. The 3 fields represent our hostname, the remote hostname and the secret used in the authentication process. The first field is for our hostname, a "*" may be used as a wildcard. The second field is for the remote system's hostname. Again, a "*" may be used as a wildcard. The third field is the secret used if the previous two fields match the hostnames of the systems involved. The secret should, ideally, be at 16 characters long (the length of an MD5 digest output), and should probably be longer to ensure sufficient security. There is no minimum length requirement, however. .SH "FILES" \fB\fR/etc/xl2tpd/xl2tpd.conf \fB\fR/etc/xl2tpd/l2tp\-secrets \fB\fR/var/run/xl2tpd/l2tp\-control .SH "BUGS" Please address bugs and comment to xl2tpd@lists.xelerance.com .SH "SEE ALSO" \fB\fRxl2tpd(8) \fB\fRxl2tpd.conf(5) .SH "AUTHORS" Michael Richardson Paul Wouters Patched contributed by: Jacco de Leeuw Cedric Schieli Previous development was hosted at sourceforge (http://www.sourceforge.net/projects/l2tpd) by: .P Scott Balmos .br David Stipp .br Jeff McAdams Based off of l2tpd version 0.60 .br Copyright (C)1998 Adtran, Inc. .br Mark Spencer xl2tpd-1.3.12/doc/l2tp-secrets.sample000066400000000000000000000001551327764040100173170ustar00rootroot00000000000000# Secrets for authenticating l2tp tunnels # us them secret # * marko blah2 # zeus marko blah # * * interop xl2tpd-1.3.12/doc/l2tp.png000066400000000000000000003734631327764040100151730ustar00rootroot00000000000000‰PNG  IHDRK0;µï cHRMz&€„ú€èu0ê`:˜pœºQ<gAMA±Ž|ûQ“sRGB®ÎébKGDÿÿÿ ½§“ pHYsÄÄ•+ IDATxÚìÝwœœwu/þ³]»ê]Vµ%YÅMî– ØÆØ`À!@HBÀ!—á’r òâ—àK7’K¸Ó|É%˜nØÆlc÷^%7[½×ÝÕj÷§ó»‘„$V¶´Òî¼ß¯×xF3Ï<Ï3ÏÎóúøœï©ŠˆŽúºªÚüoG‡<úªªªªr_íR@e@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…@…¨u ¼u[6Å ?ùñü›/Ûéù'Ö.ˆ·Ýñ¿bÞÆeqÌàIñå“ÞgŽœñ+ïïîv{;Öþ>'za À¶´yM¼íŽ¿6,ý•×>ÿôUñߧ½)þdÛísOý0þϳ×í6xëîv{;Öþ>'zmÂØÉ7þE¼oòëvûÚËŸŠN}Cyœ÷¯Yðª¶ÛÛ±ö÷9Ðû°ûÎÿ|üá”óvûÚâÍ«£¾z{³ÆÐúñ†%¯j»½kŸ½0à;¬qè_Û¼µu§·ul}UÛííXûûœè}„QcMýNÿ®­ªyUÛõä9Ðû¢‰ýG–©¾iC[sŒoþª¶ëÉs ÷DgŽ˜_yö†òøËs¯‹ÓGÌxUÛõä9Ðû¢yA|óù›£ö?~+þï ?ͼ¸ëµªÿÍ}Þnoº»ÝÞŽ@ïVµíÖ±+}TUUU¹SBBBBBBBBBBB¢Ö%8´Ì™3'ž~úé˜6mZuÔQ.û0àÑÖÖŸûÜ碡¡!fÎœ?þx<úè£qä‘GÆÉ'Ÿìðª W\qE¼þõ¯æææ˜7o^lÞ¼9ÆóçÏE‹ň#âŒ3Îp¡xÅ„‡ˆAƒE]]]TWWÇŒ3¢¥¥%^|ñÅغukŒ5*–,YW^ye >1@àðÜsÏ•oGµµµ1eÊ”7n\¬X±".\UUU±råÊRExÇw”*Bè.•‡€—^z)±xñ⨭¯!ƒ•gàĉËš‚Ù.¼nݺ˜4iR¬Y³&¾ÿýï—VâO<1† âB°W*ÙœÁ_Úغ%.¾êþøÖí÷ÅÚõþë‡[uuvØa¥Zpùòåeâpccclܸ1n¸á†¸óÎ;K{" 8ä° ûZ[[cy[UÄÀ!ñU5ñŽkˆïÞûx¬\³¶kÛl3fLLŸ>½T f(Ø¿ÿX½zuÜsÏ=qÛm·•ªAØ•6a€ƒ,ƒ»úúúò8ý'·Ôw½¶uàøöòŽøö‚9ñŽÑuñ¦écÈ€þ]¯:´ yùå—cÆ 1mÚ´X¿~}Ü~ûí¥Òð´ÓN+Õ„„ÙO<#GŽ,s]ÀjÁ¯nÔØ?þs]Äþüù¸xdM\<}bôoÜ>M8+‡ ƒŽ ”00[‰›ššJ¥`>Ÿk æsT6a ÀA–ëfp—VojŽæ¶­{Þ¸±\µ!âª_Ì7xãäÑ1dÀ€®—;+—-[Ö æš‚O>ùdÌŸ?¿L,>úè£Ë¤b*_YsssY/0C»¥Qß½754Ƶ›"®}xy¼uÈòxý„a1¨S×’\C0‡‹dûpî÷ðÃ/„ÙJœ‰sÍÁc=V(Paüú8ˆæÍ›WªùRu÷®kß·Ô5ÄÕ#®~bM\д4Î;8†í°¦`g(¸bÅŠxñÅãˆ#Žˆ!C†”0+3$<æ˜c„‚¯>€ƒ¨3 looÖ-[â'Ͻü ÕÕÅOZ·Ý^Øoé¿4^3z` è÷_U†9 $CÀÅ‹ÇsÏ=W†ŠŒ7.^zé¥ æš‚ ء倾GpmÙ²¥é×®ØÕÕqÍæƸæ¹Íq^ÓÚ8gdS êWßÕ>\WWWÖÌ©ÅÙ.œ!à¨Q£JÕàÂ… côèÑ1yòäÐ÷¢\Ï/øö±(ö㯼º¸¥uÛma{¼¦vUœ?º1kkÊKÁ`¶/Y²¤T'æ4ãl!Î*Á sÐÈÔ©S»¦Ð7’l×í Û6mÚ7¯lÝÿ©®Ž;ÚÆ/·ÇìªÕqþˆÆèW[½Ó&Y-¸fÍš¸óÎ;cìر¥20×\µjU´¶¶–öáN8Á  $¹^_çð-mmqßü%î`ÕÕqO ‹{VFœU߯ÐMÕU]/g«r®+¸lÙ²R˜•Ó§O/ƒE²}ø™gž)ë žuÖY†ôbÕ.ÀÁ‘ëVWoÿ9¶jãæW¿^`7ÝÙÚ/>·ª)®Z¹5š;ª~õâ¶sÊJÁ»îº+æÌ™S‚Â,’-Í×_}y®­­Í ò¿u’–––®û9¶ôøñ쮉8¥z}œÝTµí‡áÖ®õ3ìË0×\°`A© œ9sfÔÔÔ”öæùóç—iÄS¦L‰~ýúùcôÂ@€ƒ C¶Áƒ—Ç«W¯Ž»6V´s¹¿}`Ü¿!â¤ê qVCKÔ¶o)3ܺuk×ù.^¼8FŒÓ¦M‹þýûÇ /¼P‚Á†††˜={¶ Ľ€0à xöÙgcàÀåqë–-ñÀK+ú9=Ø> Ü< ¦µ­‰ lêæ¥:0uV f ˜áe9h$ï³Ýùºë®‹Aƒ•A#ãÇ÷8D ‚ 6Ä°aÃJÀ6ÕÚ[/°;æÖ‰¹Í³ªâŒ~£c㺮ײRpýúõ±nݺR-8jÔ¨Ò*Ü9åç?ÿyŒòñÜà$ 8:plÚ´)ÞØqHžã£íÊmzÀ8»z]t¬[]žÏöá 1s È‹/¾X&gûðG±ÓgàÐ# èa¹ÎÞðáÃK¨–v×/Ù|HŸïœèsÚûÇQƒ†Ä«£jÝê®á' æäá¼­X±¢T ^vÙeþȇ¨j— gemçðõ›[bÅÆͽ⼟joŒovŒ[NŽ¦Qc£ºººkúp¶w~®làÐ$ èa9p#ƒ´ôòÚõ½îü_ŒÆøFû˜¸sÔ1ýúw=ŸU‚gœqFTUUù#¢„=,«è²¢.×Ü»CG¯ýóÛëcËëöë×/N=õT`€C˜0 åÚzMMMåñÚµkã†Eë{íg©^² êÛ·”`sõêÕ% œ5k–?2À¡üÎ%è9O<ñD’ÖlÚk6·ôÚÏ2½jSt´·—Ç ¥*P‹0À¡MЃ6lØ555¥šnÎòµ½ú³?´_ùy:thÌœ9Óà' 8r½ÀÇš{óXu›··8¯\¹2㬳Îò‡8Ä zȼyóbðàÁåñúõëã¶%{íg9¦~K´6oO3ëëëãøãïZ €C—0 ‡¼øâ‹]aàê ›cMË–^ûYŽ­míj;vlŒ5Ê ô–––¨­­-Ú£KVôÞ²yc4lX]æárÆgøôÂ@€ÒÞÞ^‚ÀÖÖÖ¸uQï2®}c´lÞTçôà)S¦”ê@}Â@€°dÉ’4hPy¼bÅŠxtsïývfc{¹Ï`s̘11aÂ`€^BÐæÎC‡-WnØÍí½óƒli‰­Û§¯Zµ* gžy¦?0@/! è7n,SwÓƒ//ﵟcd˺hݸ¡<ζg-½‹0 dp–Ö¯_l®êµŸã¬Û'§qãÆÅèÑ£ýqza À¶fÍšèß¿y¼jõêøùÒ½óƒli‰¡ÍëÊà 5GŒQ*è=„Ø}÷݇vXyüÒšõѶ~M¯üýÖ­Œ¶ÍKeàæÍ›ËðO<Ñ `Ù"\[[[B´ÙÇÌŒÿ~ÒäèXø\DÛ–^õ9ÎjlëjwÎp3ÃÀü\ôÂ@€lÅŠÑÚÚºýÇWUUü·ÓgÅù¾xýêèxù…L {ÅçÙ¶}pȺuëbòäÉ1jÔ(\€^Fp€lÙ²%ž|òÉhhhˆþð‡±pá®×ú×ÕÄg/>7nøÈïÄñUë£cݪCú³4­\µmÛÍl>|xœ|òÉþȽŒ¾€ý,[io¼ñÆxä‘G¢¾¾¾ É*º|0î¾ûî˜={vWUÝ°†Úøêï\Ï,YŸ¾þ®˜_ÕÑØÿûL³FToªŽ­[·–s0`@ 2Ä —ìGÏ?ÿ|üøÇ?.kée+m®˜· Ëãx T žzê©e"o>7uÄøÎ{Þ·Íy1þþ–bãÈ Õ‡NÇèæµå<7nÜÓ§O/ç @ï# Ør½k®¹&–/_cÇŽêêê®a¢í(oäk÷ÜsO¬_¿>Þþö·—çÛ·n³&3?0!~pßãñÕŸ=ñ ‡‚u«–FCíÖÈO“ç;~üø8á„üÑz!a À«¡Þ 7ÜsçÎÑ£GǤI“Êsà®AàŽÿ7n\´´´”õÓ[Þò–íûlk‹‹Ÿoœ5=¾qÇCqõ‚ÕQ5lôAûŒ'T­Ë/GŽýúõ+Ó„è} x…æÌ™ÿøÿk×®--ÁMMM]¯e;íSO=U¾ªªª=î#ל:uj©&¼öÚkË:ƒj;ÚãN?6þõͧƌæåQÕ²ù |ÎMÛÿÿñ† Êç6l˜?>@/¥2`­\¹2®¼òÊäM›6­„}Õ€­­­1þüØ´iS|å+_‰SN9%Ž<òÈ2y·3ܵZ0eµÝá‡^öýÕ¯~µ´wèÚPÿëÂÙ1oéòøÊÏųýFôXëpÝŠEÛ~1®m'_BÏ)S¦ÄŒ3| z)a @7eà÷“Ÿü$,XPÚdëêêºBÀ¼_´hQ,[¶¬ y衇Jp ¹ùæ›ËóÇw\i#ÎÀ°ÓŽÁ`>:thœy晥B0ß{ÒI'u{üð¡ñ™×O,\_{zI,8ê€æýÚ£¶£¦?[„sšp†›ôNÂ@€n¸ë®»â¾ûî+aÞG±Óº€ .ŒÕ«W—ðG?úQynæÌ™qÎ9çDMMM _|ñÅøìg?[ÖÌʺ &ìõx¼åÄá\0Ÿxâ‰å˜Y]xôø1ñÅ1#âîç_Šÿ»pS4rÀ>÷ä–ÕõÕ¥E8« µônÂ@€½X²dIð‘kú{ì±;…€ÙÒ›¯gPöÅ/~±¬˜áßĉã…^(­¿G}t×{Þõ®w•í/¿üò¸à‚ Êv£FŠ¶¶¶ÝÿP«­-ácîÿ–[n)!d‹©ºª*NŸ<.fm‰[_\ß_¾íýí×Ï^µ~uŒh¬ö¶-±jÕªR¥˜Á$½—0`7rðÇ÷¾÷½Òª›•|ë¦õë×ÇË/¿\ÖÌJÀ 3$3fLœ}öÙeHsssÜqÇ%HÌ@0ƒÄÜWzùz¶4(N8ᄲž`i׶áÔ¿ÿòÞlCΡ$³gÏîVÒPWçO'ZW>·$îîQ×°_®AZÒ´ý3gh™Õ矾/@/& ØE®ñ÷ÒK/•u³º¯sMÀ ³Ý7ïï¹çžxî¹çÊú~f•_¾'+趇qÙ œëë=þøãqýõ×—Vß\soàÀqÑE•ýÜ{ï½ñÌ3ÏÄyçW·ê½ É"ƒŽG}´„Ù¶›•ˆy~Cú7Å{Ž™¬ÝW,\OÕ¾úvÞ†ö‹hÙXÖ8?~|9v^z/a À/eÐwçw–ÐkêÔ©]!`çp’uÿå_þ¥´ç4á å&Ož\B¾ óñºuëJ;pgX—­¾Ù6|ÓM7•5÷^óš×”}璜ΛûÏ*Ä 3Ìõw´kµàˆ#Êz‚y®Y‘˜ÛçñÓðñ¾ÉÕñÒš ñ£Õ j¼¢kQ½~ut´¬ŒhìW>Ëoþæo– Ez·šm·OoãJ+ƒµ¯}íkem¾ î²%·3€›7o^WÅß•W^YžÏPléÒ¥ñÚ×¾¶´çö›7o.m¿Y½—ÿ0`@©ÌǹßlÎ0ÄŸýìg¥å6Å s‚p‡Ë—/ïÿû%Ì 0oY)Øy.yßù8«³Â0÷Ûyœ¼e°˜ïÜØÇÔ·Åø-ëâùæmŸ±¦nŸ®Éøu‹ã¨þÛçœíÍgœqFW{2½Ë¥—^ZîT-÷ ÖŽ?þø¢u® ¸bÅŠÎ-^¼8{ì±xä‘GJ+oc¹6`†cÂe`€)Â’Á`îsúôéåùÜ&Ûl³}ø¨£ŽŠáÇÇý÷ß_Z„sÛ¬ìË÷åí½ï}o9n®)øÖ·¾µ„Šy¼ÎóÚUçz‚9Ñø‰'ž(b®C˜š¶=ܶcNX³6žX¿!®«[£ª[×åøÚæmÿÝ~=:ÃɬH w)ø矾m¨u¶§9sæ”`-[‚3h˵³ ÷Ö[oY³f• /' çP”aaV÷e¨—¯å{ æ{2<Ìýç±2Ì*ÄÜ6× Ìýß~ûíñì³Ï–!$¹þ`®É—Õ‰¹M/½éMo*íÅ{2’U‚f;s†”ùY²e9_4p@œÚØG¬Yo©;;†D{Õž×&¬nÙCk¶ï7÷wî¹çvžônÂ@ ¢d¥_®Ý7zôèÒšÛî°åÐ û~úÓŸ–꾬ŒËª¾\ÿoÙ²eemÁSN9¥<—á_N~øá‡Ë{3ÄËm²6ÃÀùóç—00+SN ÎiÄùz>ŸmÆfyÍ5×”ýæq2„|ýë__Îí(ïÍ 2¹§`.?C†›Ya˜Ÿó駟ŽÓN;­´/çy40ÎjnŽ™Å­íƒbnõ ÝîgÄò£ßðÚ²¿\?1CÆ (èý„@EÈ€ì»ßýn¸qÜqÇ•plO­·ùÚìÙ³K0wõÕW—[pgŸ}vi—Í/Û†3ÌP1+örÛl3Îöâ¼Ïç;§ gå_Êê½lÎ)ÂY˜Õƒ9¨$ÿ ³¢/Ûƒ3(<çœsºÖÿ7n\¼üòËe‚q¶êæ¹íM¾'Û’sÛ¬ZÌ°±3¼ÌJÅQÛŽwáúµqÚ–5qÝÖ¡±ªaàNï?yHý¶so/Žæù~øá¾D}€0èó²7×áË0ƒ»+w×rÛ)ü\·ïo|cüÇüG©ÐË꼬øË À üæÎ[¶ ó–ïÉÀ/+ó2”Ëm3ðËÇÙr›ÿ΀0·Ëí3Ì°/ÃÊ ;× Ìál+Ϊ¾C†Ù*œÃJzè¡Ò‚œAf{@®5¸í\~{ݲXÚ²*n¨›ë£jKk Ù²iÛ¯Ä~å|ßüæ7—p²³E€ÞÍ4a ÏZ²dI’¡Ý„ J —v7wOS†gÇsLi¹½ûî»ãÉ'Ÿ,m¿ë æëwÜqG© ÌÀ-Û3ÄË×3ÌŠÀ Ór»¬Ìð0oÙBœÕ{ùzv¹.`¶gH˜!^¶çökÖ¬)­º¹ è²J/ÏïÚk¯-Ac†uY½—aâ®!gÞç9å>³õ9'#ï8¤¾®.VwÄ” Kbpu{´¬Z³ÕåË{;'g¥!½—iÂ@Ÿ÷ƒü LN»¶ï­"pOÛe ÷¡}¨´ø~ýë_/\y¹à…^Xªþr¾l¯Í !^;[…3Ìë¬ÌËm3Ì -ÿíË9d$·ÏײRðmo{[9n¶ú^wÝu¥1[•;ü·¿ýíñ³Ÿý¬„ù8›ûÙÓgÈŠÄ|œç’U‡yëlE2xPÌؼ.ÆT­ª[¶?·Ïñu¯{/@Qí}Õ‰'žXÖÙÛ[Ø·«½…„;Nîýó?ÿó¸ä’KÊZ~˜577—vÝlçÍíÞ{ï-íÂY9˜_%ÉàmáÂ…eÛ¬ðËŠ½”Gžyæ™Rñ—!b†}f(˜A]†rÇ|ÙÏõ×__*W­ZUZŒs-Àw¾ó%à»ï¾ûÊš†ÙJ¼§õó3äþ³21CÆ7–ã¤l+1lhyœç™Õ€U…ô *€>+C»û·+`VÎå{Ý­ìŽl?þÌg>S¹o}ë[%ÌéÃyÜ×¼æ5%ðËöá|.«óõ Ö²²0øl]Îð.·œ0œ•„¹MžWnŸÿÎ[Nô=餓Ja†€ÙœÞ駟Þ5å8ÃÆ|ÏW\Q>gnŸad¶+ïöG`mmÙ.« 7lØP‚¿ÜžOgkñk_ûÚ²Î"}‡5€>++örG†b7ß|s¹Ï*» к³^àîîw÷\®õ—­´Yxã7–ç2ôË .C¶¬ÚË¡ ¾å:‚Þe¨—!\VñåTâlïÍ[zY•—á^†Šæv)ƒº|œí¹.aV.X° {9È$×1Ì6äÙ aæÌ™ñ¦7½©´åæ{ºÍ›7¯TÎe0Ö9 ø•TîéqVf‹mçÁ,zôåóyüœFœÇÌÊ¿\?0Cº ñ:×Ì Á£F*Af¶ñæ9æã ósä„â û^xá…R•˜CE²ð¶Ûn+Ûg%b9à$×|ä‘GJõa|9¤¤s ÀÝ}†<Üש§žêËЇ€Š‘áV®¡—ëøeËl¶áf—¡Y†u9PcÇ!;†d»þ»;U„yËýg¨wÚi§•Aòåq2lËß þ²j/ï=öØ f[q††y~¹N`…YE˜bV æ°’ü,ÙzÜ9($Žä{²Ê0«³J0Áˆdèyþùç— 1ƒÅ=}†Üg2ùèG?ZBFúŽÎ0РbdˆöÉO~2žz꩸ì²ËJe]¶Å~ç;ß)m»YÍ—­¶;zµ“ˆ³ýömo{[rÍ5×”/•à”)SJ+o®g˜U{Yí—k÷åz­­­¥Š/·ë\ï/+síÁ úrÛ|>·É0C·~¸~;š={v s›Î È]e{p;ÉsÌêÅ 1è›T'«è.¼ðÂv‚6Ì IDAT¦å@Ž ë²­7ÛrÓ¾Vîú¸óßYu—küåá\O0ŸËceE`vYù—í¼“&M*Ïe`†\v®å—Õ…Ù>œ2Ìm2¸Ëíò=èåçH8æP“ sàÈîZ¡ó–Ábî7‘áb—Y©@ߢM¨x¼åz‚Êe –ÕvK–,)v’eëpnû:Hd×mw|-·è‘íÂ>f ™A^Þ²5ø(Á_Vf€7cÆŒ²m%Ém:‡¢dÀ—mÎ[·n-mÀæ…Y˜Ÿ)Û¢óü3äÛÝùåóóçÏ/Mr¿¹í‡>ô¡¸è¢‹Êu oÑ& ÛC±÷¿ÿý%ûÖ·¾÷ÜsO ï¾ûîxôÑGãÌ3ÏŒ#Ž8¢«Uww­À¯D¶î~à(“Žó˜Àå:}\pAyœS‚3˜Ìç2üë *³í8' ç’¬L¹MN>묳bÖ¬Y]æŽëî¸.`Y™kfUáyçï}ï{KÀ@ß& ˆíáܧ>õ©xüñÇãòË//UwY¡—ëùåkÇw\LžûìøáoyË[J5bVî©0Œä`‘2zôèh¾ýío/íÄ9ˆ€Ê& 覬®ûä'?O=õT|ãß(CF,XPnÙFœS}s›=…n¯tq†‘9íwwëv>ÎÐ/§Ï;7Ž>úèÒœ-Á—\rI9'HÂ@€}”Ów;‡Œd(˜AàÓO?]^Ë¡Ù–›­ÃÙ¢Û¯fÝÁl Þ²eK™FœUŠ9™8‡ž|ö³Ÿ-kÀŽ„¯PÉðïŠ+®ˆÿøÇe ¿ åšššbúôé¥Í7Û‡wœ<¼/{“ûÉ°1§ çDà“O>¹´gKq® ¨%€Ý¼ Ù›Óy/ºè¢²žà]wÝUÖÌ!#9±7§ýfH8iÒ¤BÁôJ+3Ì©Æ9Ä$«ÿ-ZT¦ÿÝßý]© €=ì;®'xùå—Ç3Ï<+V¬(· &”m²}8×|¥2LlmmŸÿüç1uêÔ8묳ÊqÞýîw—02+`o„ûQ®'ø…/|¡vÿú¯ÿZÖï[¸pa¹å`\_0[x;CÁ½µ ïøZɪà _÷º×Åc=cÇŽo}ë[¥:ºCpdûîìÙ³ãꫯŽ+¯¼2Ö­[O>ùd©ÞËus}¿Q£FEccc×{v f˜ÃI²%øõ¯}¬ZµªÿøÇãøãw¡Ø'Â@€$ƒ¼w¼ãñÆ7¾±¬'xÓM7•õï¾ûî2d$+úÖ®][&×Öþ×ϲ sJpsss\ýõ%ô{Ó›Þ=ôP\xá…ñùÏ^K0¯ˆ0àëß¿|øÃ.AÞ7¾ñxüñÇË‘{9¤½½½Ü2Ì1+³µxâĉeɳÏ>_þò—cäÈ‘.(¯˜0 ‡Lž<9>÷¹Ï•õsÈHY½zuÜwß}]Ûdð—•fˆ¸~ýúø½ßû½xÃÞàðª zX®'˜ëf ðW\Q†Štý8ûe»pyûÛß_|qy ûƒ0à È€ïmo{[œwÞyñƒü T.[¶¬´ ŸrÊ)ñÖ·¾5;ì0 €ýJpå‘÷½ï}åZµK•Apºí¶ÛâÓŸþt¹€ýEpÊðÒK/°_  B B B B BÔºÿ¥cÆXwÁ[bð?ÛéùöeËcãû`´=õLÔ¿ñ ÑôùÏEUCC´=ð`lúÔ§cëÜç¢fú´èÿÏ_Œš#§îÓ¾Ó¦¿ùL´|÷?¢zÔÈhú‡Ïþ×{Ö¬u¾5¶Î™53gÄ€¯þsTOœÐíýçû6üч£}áKåüš>ó×Q{òI¿öµ}9wza À/µ¯Xßÿáh_°ðW^Ûü×—F¿üqÔ½þuÑö‹{¢ùK_‰ÆÿØøÑODÿÏ.jO=9ZþßwcãŸ},]wå>í»åÛ߉êÃcèÜÇc˶}oúħ"Î{my­õúŸDÓ^µ³Ž‹¶G‹ú1ðÊ+º½ÿæ˾ý.ùýhøƒ÷DóW.Ûv¬ë üööZwÏ€ÞE›0À/­ÓoFýo¿}·¯µÞrkÔ½îÜò¸öŒÙÑzÍËãÁ·ß\‚ÀÔðî߉­O?³ïû¾áƨ;ÿ¼m¿Ìª£î¬3vª¾ëX¾¢帿 ÷eÿm÷?PΫëüž™Ó­×º{îô.Â@€_xí¢á]ïØË/§_þtjÛíK–þÊË›6EÍ´©û¼ï­?m÷ÞkfëÎ{ãNxÕãë ³­·ö„ã÷iÿË–GÔÕ•ÇUƒï´ï½½¶O×€^C›0À/åz}{Rwæé¥=¸æ¸cbÓ'þ¿ˆÖÖ_Ù¦å;ß‹ÆþÙ>ﻣ¹¹„‹Cžylû„ý?#·ý¸g¿6Öÿæ;£cÓæ¨ê×/^ùý}Úî{§·µuëµîž;½‹0 š>ó7±á}ˆö—^ŠÆO}2ZrÓN¯·Ï›_†}äš‚ûþ‹¬6ÿb{ˆ˜köeè‡ÿVùwëÍ?×^]|´=ühlúä§bà5?ìö®3@ÜéßµµÝz €¾É/>€nÈ ¾ƒn¹¾<Þú‹e’p§°ÑüË£éÒ¿~Eû®9|Ri1®0àW^Ë53,?ÜN˜mO<µoç=î°2 8÷ݱqÛ1Ó­×蛄ݰöì×Gÿÿý…¨ull¹ñæ¨{íYåù¶ûˆ–Ë¿M_úâ¶_V5û´ÏÛn»­ÜÚꪢêÝ¿5ÇÏŠö…/ÅÖ¡â®mϧlÑÍ5kfΈ­O>]î÷éÇÞÉ'EË¿þ[ôûð£åÛÿ/jO<¡[¯Ð7 º¡éï.ü'Ѿ|EÔ¿ñ Ñô·Ÿ.ÏoüÓFûË‹¢õú»¶ºàÙr¿zâ‘]w•!à§?ýé¸ýöÛÿëÉ«¯Úi›³Ï>;ÎûÀbã_|²+ìÿåüµûÞQý»'6~øÏbóþw©nðõ¯tëµîî€Þ¥jÛ­cW ex饗–ÀïœsÎÙí6ùüž^€}QUUUîTDöe0=¡Ú%€Ê € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € ! € Qëô¼sÎ9g§{è Â@€ƒ CÀÙ³gÇ’%K¢­­-jký,àÀÓ& ÐÃî¿ÿþ¸à‚ béÒ¥QWW?þñ]z„0 ‡ÝrË-qÏ=÷Ä?üÃ?”`pÈ!. =BÐÃËýÚµk£¥¥Å Ç B B B B B BzXcc£‹ÀA! èaƒv8(„P!„P!„P!„P!„P!„=ìÙgŸÝéßsæÌqQèÂ@€¶qãÆþ½|ùr€! èaÏ?ÿ|\|ñÅQ[[ëÖ­‹E‹2ç¶dÉ’hnnöG裄=ìöÛo'Ÿ|2Ö¯_÷Ýw_ÔÕÕôsúçþçøÞ÷¾cÆŒ)ç@ßTëô¬šššØºukŒ1"N=õÔ˜2eÊA?§ë®»®T).[¶,N8á$€>Je @kkkÛë¿ÊÂêêhmm5kÖDGG‡?@% èA·Ýv[´··ïô\þ;Ÿ€MЃzè¡;vìNÏÕ××Çc=æâpÀ zÐ-·Üçž{nœrÊ)eíÀ–––˜3gNÜsÏ=.œ0 Mš4)n¾ùæX¸pa477—ûªªªø£?ú#€NЃ6oÞ[¶l) &LˆÉ“'»0ôa Ta Ta @êl€ƒApÜyçñÎß~W\uÕU;=¿jÕ*€ƒ¦Ö%Øxàøü?_+ú-G¼+þó/Äõ7~8>þÑ?©S§º@TÂ@€ý`É’%ñéÏ}!žÛЭ‡C:¢©£9V·‰gûOˆý¯¯Å´µÚ„8¨„¯ÂŠ+âsŸÿÇøÅsk¢ÿ´³cà°šhooŽŽØv눪mÛŒ¨oõÃgÅ]m51çÅ¢cíšòô4a À+ÐÜÜÿÅ/Å]O½µS^cO¨‰ŽþjÈ—ÏÕVuDSukÌ|ëŸÇÂçÆÃ\UUU1mÚ4€# ØG_ûæåqõíDõ¤ÓcÈÑ3JØ—Õ€ÝÑPÓ“'O‰M“>ó>ßúοLJþð½Ö GºéºnˆËþýú¨špZ :æü,ùû•°³2p×û]5Vo† ScØ#ãë7>£¯ûI̘1#ÆŒÓãŸ+×;\»vm׿Ÿ{î¹NŽ?Þ ©v öî–[n‰·¿ïOâ²[_ŠÇ^-kî˺{ û׶GØé±xÌyñŸøB|êo. 6ôèç»óÎ;cÔ¨Q]ÿÎ ð+_ùŠ?<@¤2`žyæ™øô¿[Ǧƣß±=Äkß%ìn5àîtnÛPÝk›Žˆ›µÅcü‰¸øÜ“â=¿ÿûQ[{à®=øàƒqä‘G–ÊÄ!C†ÄÃ?/½ô’/@$ ØEaŸýÒ7cuõ°èwÔUÕ¿œܱ_ª÷¦º¦:–4N‹¯Þº(®úÙŸÄÇ?ð»qÖYgÐÏ›ÃP.¿üò˜9sfLŸ>½Ü.¹ä_€>HðK¹vÞßýãWcUÕÐè7á¬hÚ!ÜÕþ¨ÜÓ{K rCÿx©ýÈøØ¿\GýçõñÉ¼ï€ ihh(·áÇÇG³fÍŠšš_€>HT¼\£ï³_ør,n®‹ÚñgFSMý>MÞÑþ «¢#ZúŠû×´Ç{>ñOqñ±| ´òhmmm¾}0¨Xx}þË_‹goŠ~ãOˆ†úþ» _MÀ·?öQ]±±ÿ¤¸êé–¸õ½ÿ#.yëÙñ¾÷üÞ~[OpÑ¢E¿òÜüùó}Aú a P‘¾ý½ÆMw?Ãf¼&9 ÇÖ|5û¨®©‹uŒ/ýäÙø×½7>ù‘?ˆ‹ÞpÞ«¾Ë—/ÿ•çæÎëKÐ €ŠòÝÿ¼:n¾ëÁ<ãìqÂEÛ«{hMÀý4vÔ6ƪ3ãã_½>¾ôõïÄÿùܧbú´#_ñ5É6éãŽ;.Ö­[Wª,XÏ>û¬/ @$ *•×\?¹ë‘hl 9þÍÛ«Ù|(Wîí½í CbÞÖqñŸüCœ:uX|éo?ùŠÖ|ùå—ã´ÓN+DrHgŸ}¶/ @$ ú¤—^z)n½õÖ².à/î{0#G[ZVFËÆåu"êó60¢jûäÜ9!ø€í£ª:¶ w,lŽ³Þù'qáY³âsõ§û´žàÒ¥Kã¹çž‹êêê˜6mZ¹­Y³Æ— }J¶¼þèG?Šúúú?~|iž0aBך€yŸ·Í­±dÅòX·a^4·uĦ-U±ikut4 ‰h¼íWR¿®}öŠ°¦>6öŸWüb~üì¢÷Äÿ·âý¿÷[¯ø:¶´´ø2ôAÂ@ OÈ Àüà±víÚ˜:ujÔÔÔì1x«ªªŠ¦†º8bìðhoÚnÙ²%¯ÚKV.ŽM­±©½6ÚGm«ªe?‡bHXÕ0 –wôK¿y}|íß®Šú›?×Ì>yŸ÷ÝÔÔäKÐ €^ï¶Ûn‹çŸ>&MšcÇŽíš ¼¯A[¶ÖŽ1(ÆXÂÁÖ-mñââ±t勱aKuDÿ1Ûn#í~‰á#ýGÄ¢mŸáw>úù8rÌÀø—¿ÿ«˜9ur·÷±iÓ&_,€>HôZ<ð@|ýë_3f”»†€»Ú×€­®¶&¦ŽSÆM-[âÙ—WÆŠE/Äæèæ–ÖÜC}]Á­ƒ&ÄSë¶ÄùïùXœ4m|üß/}&†Ôõú’%Kvû¾¬ ÌjË}Y{€C_µKôFùÈGâÆoŒw½ë]1räȸá†ÊTÜÕ²Û¯®&Ž™4"^;ëˆ8vlc ZùpÔ-~ bóšnïãÕÿUí£º&ZLŒ;çµÄ¬ó/Þÿ±ÿY‚¾ÔÜܼÛýådáÂ@ß" z¥×¼æ5¥•õ®»îŠQ£F•/Z´(n¿ýöغuk×v"¤;lÄà˜}ì”8õÈ‘1tÃ3Q¿èÞˆ+öi¯æøûb§÷Ö6Ćþ‡Çî˜SN¿(>û¥¯ÇêÕ«Ëá]å–+Vø¢ô1ú>€^)¬aÆ•µý®¹æš8å”Sâ˜cŽ)D~þóŸ—×òß{²?Bº¦ÆÆ8åè)±qãÆxjþ‚X½êÙhtøA[W°Û‡ÄšöAñ÷ß¾.¾öÿ¾[kuXÈ!CÊdfúØïh—èúõë·ýÇLuuLž<9–.]?ýéOK0–ëæZw×^{m,_¾ü€mqâô 1{æØÕ¾8j=Ѻ¡Çƒ¾}}oÇÀ±±²qJĨ™1gYK¬ÞÐÒõZ®¸§õè½T½R]]]© ìlqÍð/×¹»óÎ;c̘1¥*0ïçÎ=öXœ~úéå=é@mýúÅñSÇÆêµëãéùOÇš-µÑ1bfDUM·÷ñjŽ¿¯ïí¼¯1-¶li‰[y2^\¾)>~øåù¼~ô-*€^iܸq±fÍšØTWÇĉ£ªª*nºé¦2PdæÌ™eÚp¶?óÌ3»Ý×þÚì§}xÌÝõKˆX³`Ÿ÷ñjŽ¿¯Ê{jê¢}Ìqñüúúø𧾟ù—ï–ë@ß" z¥¬̵úv'+?üð˜?~Ü}÷ÝÑÐгgÏ.¯Ý|óÍ¥u¸;^mH7aôxí¬É1¶n]T/¼;¢uÓ>}ƃ6ÖÑ'ĵ·?ô±¿ÏüïoEkk«/@! z¥üÚê°Ã+¡aN~úé§cìرqÒI'żyóJ(˜2^õ„ÞØ{ЖUŠÇ1:Ž=bT4,¹?:VÏïö{÷Çñ_ñ{OˆM£Nˆ¿þÂe1î˜3ã;ÿy­/@ z¥Ú±;Ï?ÿ|×:‚åÇζÇY%˜²JpÅŠ¥møØc|0~øá²öà¯[W¯;ööÞQCÆkOš£ë7EÕ’G#Ú·vû½ûãøûúÞ¼&Qµí:Žœ+ú—üÉ'cê)çÅ]÷>èËЋ €^)†ìÎÈ‘#£¥¥¥Üž{î¹®çs:î„ Ê„Ü{ï½·„„'œpBÔ××ÇÏ~ö³X´hÑ^·?‚¶4ëðá1uTSÔ.~0¢e}·ß{P׬©ö1ÇÇóûÇÙoþݘ}á»âåe+} z!a Ч 4¨kÒðñÇ_Ö|â‰'º^Ï°0‡üâ¿(íÂãÇY³f•a nÞ¼yŸŽ÷J‚¶ÃGŽ“ŽkŸØ°ôÐoîÔ00¶N>7^¸>ÎxËû|Ùz!a ÐkM›6-Ö­[·Ûײ8×̶àw¾óå¹õë·WâeUàQGÍÍÍqÏ=÷”ç<òȘ:uj©¼ÿþûwÛ:¼/~]Ð6x@Sœ:mL j]±ò¹}zïþ8~wÞ»“l2)ÆIJ8þèhŒ/ @/$ z­?û³?‹SN9e¯Ó'MšO=õT¬]»¶kíÀNÆ +!à²eËJKqÿþýK•`'¹å–[JKñŽÁØþéêëjã”#GÇØQµü™mO¶wû½ûãøÝÞÇÀÃbp][ m~1V?-Ö¯[«›}z!a Ы]tÑEñ‰O|"ÚÚÚJà·'ƒŽ¹sç–Ç9…¸³J0Mœ81.¸à‚REøÒK/ŨQ£J‹ñ‚ ÊБM›6íõ^MH—UŠÇLã×DÕ’Ç¢£­uŸ÷q B¢®)†ŽQ-/DÛ¨ã¢eðÔ¨]ûBÔD{ÔÕ7øòôBÂ@ ×2dHüå_þe¼îu¯‹U«V•á!»3|øðr¿fÍšÒFœÛæš‚)’œsÎ9qÒI'•ŠÀ­[·–¶á\_ð¡‡*·[‡»c_†Ì78¦Ž5KÛiÒðÁR¶<1FU­Ž±16Ž>-6/‰ú–U%¼ÌÛ€†Z_<€^HôgŸ}v\z饥ÒooU‚Yù×98ƒ­eëðoüÆo”°0+ó~ÆŒÑÐÐ?ýéOËsé@Tã>zPL=lPÔ,}4¢­eŸÞ»¿BÊŽcb@ScŒÜü|´Ž91ª ­K£º*º‚À¼56ÔùÂôBÂ@ OÉïÝï~w\rÉ%¥ÂoOU‚)ƒ¿ û:uVþå}®%˜áb¶ç~2@<æ˜cbÑ¢EqÇwÄ–-[v»ÏWN=$fŽuKêі᎚†¨zDŒØøtô0$b©10ÖG]{ËN!`ç­¡_£/@/$ ú¤É“'Çç?ÿù8í´ÓbéÒ¥{ ïR¾Vªâ~vÞg°xâ‰'Æ”)Sâ…^ˆšššòxìرqûí·ÇO<Ñý°mBºÃF Šé‡¶½B°Z†·ƒª6ÄÈ­‹bËᯋúÇÀŽµQ³›0¯AÞjªñ%è…„@Ÿ–ëþÕ_ýU ²nݺÝn³c¸ã}çãÃ;,Î;ï¼²ŽàâÅ‹Ë´áãŽ;®ü;[‡;§ïÏnì°þ1cü°¨YòðNà¾ìã×ÙZ?(ªëc؆9±uØ´è7vfŒ©Ûu5U»­ÜñV_g€@o$ ú¼0ò¡}(Þö¶·í±JpOA`ç}š6mZ™2œá_!3fL}ôÑ¥jð¿øE×0’N¯¶’o܈1}ÜШ^òHtüš@pOûØí}TEký°ÙöR4ÕEÔù1qxcô¯jÙcø×YXnÛ:À  cÖ¬YñÙÏ~¶L^¹råN¯í-Üñ¹\cpöìÙ1zôè²~`>wÄGÄ„ âÞ{ïÇ{ì׆~ûf xø˜!Q½äѽ¾·»AckÓ˜¨iÛ#Û—ÄæÃN±“gƘ†ÍQ[³Kà·‡[{]Sœ9ûÔ˜:²Ÿ/@/$ *J®øþ÷¿?þøÿ86oÞÍÍÍåùî;Þgxꩧ–#+V¬ˆººº8ꨣÊk7ÝtS Óþhž:fPŒÜ/ª–=ýŠ÷ÑV70š;êcDó¼¨4:ÏxmÌUM5í{ ÿ:ªm·Áã¦Ç‡cb¼÷„~ñîßy§/@oü=ì•hüøññ©O}*n¼ñƸÿþûKëpUUU·‚À[‡gÎœYÖ"œ;wn 80FŽY¦Ï›7ÁÅÖs IDAT/ž}öÙ2€¤_¿~¯ºeøè‰Ã¢åùe±|õ¼è<±ûï­ª‰ÕcÐú¹1dð˜ˆá'Å1£š¢ªcklÝZ½Ûcíz~[ëúÇyÇŽcú¯Œß{×;cĈ¾@½”0¨hoxÃÊÄáo~ó›1jÔ¨tíþu'ìß¿(òòË/—õ3 œ4iR©<ÌÖáÜçŒ3v{üY7sìÀØüâªX·yuD¿!¿ö½-µƒ¢cåó1zX[´Žœ¦N‹u[Ëà“ööê¶ßݾrmÁ‰“gÄ郗ÆgMŠÙ³Ûþöî¾­ênø£mK¶†å½ãxd²I #¬Ò2Ò /J)ô¥èà¥ÚþßJ…B }K -(m!Œ0’ !{ÛqÇÛñÞ–¬ñ×9FF–¯†9q’ç›ÏýH–®îÕÊ~ç""¢SÃ@""":ã‰Fîºë.8pkÖ¬‘Õ}¢9±Rø.M‡m6ÊËËár¹`6›QTT„––¼õÖ[²±™8Jáœè¯pRFvUE¯6PëëRÐÙ~ éñÍè³$#qâ<Øuð(„€!קKÀ%Ól(NhÇç>û_re"""":õ1 $"""ú˜¨Þ+,,ÄóÏ?/G¡ ®208}ì‰eˆðèÑ£2´X,² ±uXLbDb¥¦ÃÑ°Y‘ßçAiÍxÒf"ð¡¢Ip'âa¨ßŠœìBtÇgcÞ”‰Ð«\ÍšÖ7¬oA¯ 'daž±,=™ˆˆˆˆN ‰ˆˆˆŽ´Z|á _Í}{ì1YÙ'úŒvpÿuQ(*«««ÑÝÝ-Ã@Óá÷ß_Ó§OØTWInª}.T5ìR§ÊÛzU&ôÔîCZfzR'!wÆ"¤%êäóñ÷ èÆ[qY¶“Rû°råmò½ """¢Óìx—oÑpéééxàä#þÁA‚ÿHá ˜D³`1bñ¡C‡ ×ëa4Q\\Œööv¼óÎ;(((@~~¾lVŠRH81%Ýݽhèí@s—u/RÒ3`ÊžŠÅEÙШ¼²o@¥Ç/»ß£Æ´<+¦›qÙÅ+äó!"""¢ÓÃ@"""¢0Ä#çž{®`D0 QW úov¢ÂPTŠÉn·ËpQ ÚûT˜·d1lñê!ŠB¸ŠÀD‹ ³Lõ˜?Ù‚ .¸š8ÑiŽa Q"¤»ãŽ;°gÏ9ÀˆÒà"Ñ„ƒbTa1XIeeåà#YYY²rð½÷Þ“£Ïž=[®3RSᦦ&hT$f!µ`:Î+H‡W6 vÎný^5feéå­Ä®½V>/"""":ý1 $"""ŠÒ´iÓäôç?ÿY0"F÷i• -ûž¥W4M‡ÛÚÚ›‹þ•*ùDp(ª Å %¹¹¹HéK†);G†€ž ç«z|ד­ºK±bá"Ìšõi~°DDDDg†DDDD#tÓM7¡¢¢Ï<óŒ òüŒ„e8ø~ÑÌWô'(BE‡Ã!CAÑtX\ŠÊÁƒbáÂ…ƒ£ ÂCú‰fËbÔbA£QC­V‡ˆÄO£Õar|+rãZqÍ57¨Y2‚dãÞ{ïÅ+¯¼‚]»v Þi”áàûEÿb„áššêt:Y9èt:ñî»ïÊûg̘ÚÚZY-(ª‰ R„†÷ä¥Ä#³gÎYr¶¬n$"""¢3“šoÑè]~ùå¸óÎ;e_Ô͆¯‹Ðò566ÊÛDåŸtD4~ã7°`Á‚aA <˜S«CNb­sl­˜e¬Ç­·ÜÌ ˆˆˆè ÇÊ@"""¢ã$šÛ~ûÛßÆ–-[ð¯ýk°ÙîH“¨ ¡buuµ òD“àÅ‹Ë&É¢9²§[Ä++=¾«Hh?€«V\‰ôôt~PDDDDÄ0ˆˆˆ(Væ΋Y³fá¹çž“}þù+£\D\D_‚===²/A1°ˆCñ¨ÔƒÍ„ýa Õ¨CrÛNLÉÌÁ²/ÜΆˆˆˆˆ1 $"""ŠåÁ•V‹ë¯¿^ŽøûÓŸþTVú¹\®U ŠK1ÀˆL$’À> Z5ÒÑmëA¬\¹V«• Á>‰ˆˆˆÆ€h–ûÛßþË—/ ìFZ%<°ÿ²íF’ŽmÀ‰ÜrË- ‰ˆˆˆH+‰ˆˆˆÆÐE]$ÿxâ‰'PUU5¢*Áh¨\}È÷E|g3V~ùfY™HDDDD +‰ˆˆˆÆ˜¨Ò»ûî»qÓM7Ál6ËÛ‚G†#æéÝÿ&–Θ€k®¹†A EÄ#F"""¢döìÙ˜>}:žzê)ìܹmmmÃFö_# ‡#+ª ~øa6 &"""¢¨1 $""":‘_Z­ìÓO 0òÐC¡¦¦&daÿèÂÁÄè¢é±¨„ˆˆˆˆh$ØL˜ˆˆˆè$Œ<øàƒø⿈ÄÄD9ˆ?ôW7÷×ÕÕá+_ù ƒ@""""VD+V¬Àüùóñ‡?ü}ôúúúça¡h|ÿý÷#!!o Ã@"""¢“Lôù÷Ýï~›7oÆ /¼€²²2ô÷÷Þ_TT„´´4\wÝu|³ˆˆˆˆè¸0 $"""'D… ˜~ñ‹_`ëÖ­²Y°^¯—#/Y²„o7†DDDDãÌw¾óTWWã§?ý).¿üräççóM!"""¢˜`HDDDt¬[·NNË–-“S°ììl<úè£|£ˆˆˆˆ(¦8š0ÑI ‚Àx@^( ‰ˆˆˆˆˆˆˆˆÎ ‰ˆˆˆˆˆˆˆˆÎ ‰ˆˆˆˆˆˆˆˆÎ ‰ˆˆˆˆˆˆˆˆÎ ‰ˆˆˆˆˆˆˆˆÎ ‰ˆˆˆˆˆˆˆˆÎ ‰ˆˆˆˆˆˆˆˆÎ ‰ˆˆˆˆˆˆˆˆÎÚSõ‰wô÷`ößÆ¡ËrûžöJ\õÞÏPÑ} Ó,yøÝœ/cqʤav¾pëŠf¾]m¸ùÃGäål[ž^ôM'fò›GDDDDDDDD'Ü)6ôµáª÷~ŽÃ] Ãî{pÿ¿qGñeøºoúé¾⑃¯*†|ÑÎn]ÑÌ÷…~M¿Wå,Ä_Ž¬õýý+l¹è—üæÑ wJ6ž»ú.Ü\p¾â}÷á¶Â‹äuq¹»­ò¸æ ·®hæÛséoe(Ü8a¹¬$"""""""":NÉ0póŠñ¥‰(ÞW×Û ½z àѦOÀá®úãš/ܺF2ŸÇëÅÿÛû".ÍœÃo§d3áŒx[ÈûzÝÎ!»¼îãš/ܺ¢Ïéq!õ¥ÑåêËK¾ÃoÚÓíÅkôC_ Js\óÅ‚¨@l[ù7¼Q·7mzWd/à7ˆˆˆˆˆˆˆˆN8õéö‚rM)rT_ATâeíÇ5_,]œ1ÍÎN~눈ˆˆˆˆˆˆè¤8íÂÀÅÉ“ðèÁ×åõß•½ŠEÉ“Žk¾ãU¼ê«ƒƒ†¼ßxKS¦ð[GDDDDDDDD'ÅiÞVt1ž<ô´Ï]?~wO¾BÞ®zöÊQÍJ´ó=½è›ø¿†þ+qÏ®gðÌ¢oñ[GDDDDDDDD'…Ê7y}øN@÷ß?xàÜwß}ò:ÑXR©TòBÍ·‚ˆˆˆˆˆˆˆˆèÌÀ0ˆˆˆˆˆˆˆˆè Á0ˆˆˆˆˆˆˆˆè Á0ˆˆˆˆˆˆˆˆè Á0ˆˆˆˆˆˆˆˆè Á0ˆˆˆˆˆˆˆˆè Á0ˆˆˆˆˆˆˆˆè Á0ˆˆˆˆˆˆˆN[ý=˜øÊmÃnßÓ^‰âU_…þ+qÖwâýÆŠv¾pëŠv¾hOt<´| ˆˆˆˆˆˆˆètÔÐ׆«Þû9w5 »ïÁýÿÆÅ—áë¾é§ûþ‰G¾ŠÅ)“F=_¸uE3_´':^¬ $""""""¢ÓÒÜÕwáæ‚óïÛи·^$¯‹ËÝm•Ç5_¸uE3_´':^ ‰ˆˆˆˆˆˆè´´yŃøÒÄ ï«ëm…^=Ð`Ò¦OÀá®úãš/ܺ¢™/ÚÇ/†DDDDDDDtZʈ·…¼¯×íò·Ëë>®ù­+šù¢}<ÑñbHDDDDDDDgœx~ÈßZ•æ¸æ#:U0 <¬[·ÿuýõXµjß """"""¢0rM)rô^¡ËÕ‡l£ý¸æ#:U0 < lÙ²7}ñ‹xïÍ—±xJ¶¯_ºéFlØ°o‘‚ÅÉ“ðèÁ×åõß•½ŠEÉ“Žk>¢SÃÀSئM›på•Wà…¿?…%Ó²a1½}NÄëT˜™kÆë/<…Ûn½E†…DDDDDDDô‰ÛŠ.Æ“‡Þ‚ö¹«ñçÃïàîÉWÈÛUÏ^9ªùB‰v>¢E囼>|'N!åååøùÏ{¢SòÓáèë…Ëå‚Çã‘—n·{pŠÓ«QÝÚ—Æ„;¾ö ò $""î¿ÿ~<ðÀ¸ï¾ûäu""""¢±¤R©ä…–oÅ©£«« wß}7ZpÕEgÃÑÛ ·ÛµZ-'êú/Å$ÂÁž>,z º>üú§÷Á–ž‡Ûnÿ*²³³ù†ažúúúðä“Obû–qᢙЪ dÕ_`ð§Ñh¯û§ÀûûœnØèzêðã{ïFvÁ$|íë߀ÕjåLDDDDDDDt†`ŸãœX ïéÄ•,@¼A•J-K;ýbŠæo:û]°Ç«Ð×P†oÜ~ |ð²âˆˆˆˆˆˆˆˆN¬ §DøÂ?žÅù‹fáæ«/„Ë5РW¹ Péoÿcü·‹e¥šTh:¸·Þt=–_x)nºùfhµüJË–-rIDDDDt"0ùgvìØßüúW(ÊMÇ-+WÀãÅÇM‚½Cú î0øïhC1p$ͤÂþßÂõ«_Ã+?•Ÿý,CA""¢1&B@DDDDt¢1ñ'ª««qïÿ܃ÉYøïk/†W¥øx«C†þ¦ÄâoW¿)ñ<ýÄÃxé…gñüK/óC!""""""":Í0 <ÉÚÚÚðÐC¿D_{3¾zí%ˆ‹7 cYîï~·»ËŽ"ÅfÆä\;n¿ýv<öØcü€ˆˆˆˆˆˆˆˆN# OÑ<÷‘GÁÞ[ñ¥Ï] »Ý·Û#oë*@ÿýbêu8±«´‰F=ΞŒ×Ö|•§S­à‡DDDDDDDDtšax‚‰°ï™gžÁ¯½‚/þSXyþ­ƒƒƒx<ÞRèÿ»¼ª5õ˜Q2ïnÚŠcMX2»DöWØì{žDDDDDDDÑêììÄk¯½†––455£¬¾­°ñVL+ÈÆÄ +œ5Sr,ЪU|ÈN†'кuëðì3Á•Ÿ‹ßþènxƒë*@ÿ<ÇZÛQQÕ€üìT(?Œ-;vcáŒBÄôòyª4:~XDDDDDD•ŠŠ <ùä“8zô(âââäù§`”SÐy;w4àµ]¹xêƒzÌ›˜„\{¾zÅÙˆÓ©ù` O€-[¶à'?þ®¾øüüž; Rke…`àà c]èo¼¯ü(lfº»»±yëN,š>zV®Ï/!Á„NVºººP[[‹ºº:¹ GÜßÞÞŽòŠJÔÕ7âXS3z|ûÑÖ–Vtv´A§7Àåö¢¯§køÁ•ï> D×ýH4Û|'E:Ø“’bOB’ÍŠI…`³Ùä,-- r?îw?þ86mÚƒÁ£Ñr¾\U=r½õ¨o·ãù­30;'í}ï#?Õ‚›.šÁ7’èb8†ÊËËñÈÿÅÄì<ñ³ï˜h•·‘B¼ã©ô²«ô¨ïÄÄ…¾Þ¼³sLŸë„Tù|ÄüàÞ{áíkÇ=_½&³mغRÈm3ᑈŽÔ º¶Þ·QÕcóŽ˜^”ËÎ9kÈãüÏÉ òD‚ˆˆNb¿%ö¹‡CNÑìŸwîÚw6lÆ®={q¬¹ ½N7`´#Ξcö9HšhŠésT©ÔÐ'$É)GGv´·áÃ7¶áϾM_+ò'bÞY³pÍU—#?/7âzÄ1€h–%&­–‡wDD4ö~üãËj{ntÝLÍP„µ¿O®uãÆåÅxøåíøü’B”ä$óÍ%cH¥h:¬ñnÃ_×7WŒçÖ—á˪™jç›L4†x´#«V­Â_þô8~ð/aâ•çA) 4U€"èëîs ìp%Ú[šÑPWœ4+Ï*ö8¸¨ ŠÛy"ADDã¿2°­­MŽZè'ú\õæ:¬[¿}.èÓK`-XsŽ f¯^ñÃØ(›áŽ5»^‡G†‚‰™Årê[jñø+›ñÛ?<%ûþ½`ÙR\zá2ÄÇÇËûEE ØÇ›L&~1ˆˆhLÕ××cÍš5ƒ@a–ö *<hñZdº9êèÑ?dž,Õ1´»à… ^ÜpÁ üß;eøægf!ÁÏ7›hŒ0ñ‰Ï]õÌŸ5 OþêhuqQ?.¸Êo´U€bƒƒlßí­-8X~©¶,˜^0x²\.Tûî³ÛÍü`‰ˆè¤ýùõ÷÷ËA·”ˆ}˜þzzzduàÚ÷Þ÷M›ÐÜé€.­‰3>ƒtÃ'á˜×åÿ/Ú÷šDXUí0”,|“ËÑW¶íÅóÿ¾¶Ä|êâóqÁòs‘ ßàc µ dG""¢ãñÔSO î›Å>X4ÕT8NLR…ôA‡î" ÎÑ2ßMzìxwûA,?«¿a-¾sã¥|³‰ÆÃÀH³àqöbõú-8oÉ|ÄôQ=Îø¶ Pöíç›VÖáàÁr9¡×ÓE3 e]¢RŸ€Ñ„‚¢yºù¹ÑÉåt:e¸%Fö õÞOì³vìÜ…¿<ÿìسÚ´$”\‚TÃé]§õ½¾¤¢ù€oý þ}Í6<õ·`Éâ%¸ëk·"++kp^Ñ¡»¨A!Ã@"":^{÷î•eŠóHŠýŒØ¿ˆPPÜj  Ü0ù¦ùš}höZ°Î5[^7ª>éów‘v7ž¯ÊÄä¼.¤™Ò}ûöRÌšVÂ7h,Ž'ù¿®®Nlù¨JrK÷añ’¥8Ë·ÑÒDqÐíï£o$U€þ¿«ê›°c÷>´µ4¢··“&d Cõ )t¹É‹Î:#ß#Ñ×`ú¬ðú¦Ý•»±òÖï +ÙŒ;n½S‹'Ê PS(õ3HDD4R¢{,ó`±Ÿž6mšì·VÜVZZŠŽŽ¹ßÝW„bWµc™vû°ÛEálÕ>l:àÅ‹'ãÍö3 $# c@¥Ö"?+Õw¢âÅžÛÑÖX‡÷7dàê+¯@NFjøÇF9˜Hà|Ý=زs/ªŽV £³ Ź©Ð~ü8!TØ'`¨°P¬_4Ëtü`‰ˆè„܃ƒˆ0Pô(öMbz{Ýzüçµ·á²ä!iÚå0êÙŸ<žðM–Üérrtµàž‡þ„O7¾róu¸êòKa6›‡õìÿA’ˆˆ(8zô¨¼.ªE(B? NŸ>3fÌ@ee%víÚ%¤ûqÿHö5%šJ<×<Ÿò-ߣOBuu5²³³ùæÅÃÀpô»à…ø5DüÌdßÉŠ‡ËöáÏÿ׈¢ÉÓqÙEÀl ý‹|´ƒ‡8œýøhW)ìßç;9êBQŽù鶨+£G<«ÕÊ–ˆˆNqB!ÓÀRD(n÷ÿóåUX·~>–E×ûöU<„ EŸ„Œ¹Ÿ–} >üì›xò/Ïáûßù.^¾dpÑŒKœ ô$ˆˆÎ\¯¿þºÜ'‹ý† d“áK.¹DÞ/Î['Mš$CAnݺUˆb~±ß‰f#IB;jêê‘—“í;÷0 $<’Ž«9ÍmÍXýþN,›7ùY)H·[[7}€}»waÉÒ¥X¾ôlèCt¬ØL8¸Ù°ø{ß¡*¼÷þFtv´a¢oùÒ-ò¾H•~£ Åß ‰ˆèD'¢o@1ˆ0ÄO«ßzϼø \ö˜Ï¾Á·b¿wQäLH™u±9ùÿ ¿yäøñ½w!?;Sö!h±X¢>9#"¢3›ØG‹àOì3Äy¨þÄ9£Ò>DÜVRR"CÁÚÚZ¬]»eeeò\3>>>â~ÇæmEkW2ò|×z¹"“ãD¾ÇOlÌ4-ôñF”UC¯³Ù©r ‘dK<ô¾wyÍ[obý{ïã†ë®EIáÅe( &ÒÒÑ…wÖ½‡Š£UÈM³¢(3oHŸàïG)V¡ ¼äÇJDD'ˆÅ !¢o@Ñ4Xؽg/}òiô'æ qæ•Ðè |£FÁëqCå;^H™¹®ÞÜvσ˜˜nÁ}ßù&—kšMDD¤äù矗ûâ\QüX'ªõD8¸lÙ²°Õƒ“'OÆ‘#Gd(¸{÷nyþ**ÓC l§r¢·¯W^ïq±/{¢±À00|D1”º=ÉŽ8ÐÞÕ‹¥•ÈJ±!'÷ï8[„‚ ñ:<ñÇÇœž‹[¾x=’“¬A‹ùd0‘Ž®¬Ùð!–@ªÕ„…™!ûŒu(Øëô€§\DDkƒT¹døØØ?bpoo/Z[[ñëGŸÀÑV'lÓ.ƒÉÈJõã"öïò½vC£‹CêœËQ×p×ß~7n¼þZ|‡œŒ‰ã1÷/HDDg.Ñ$XTö¤¤¤È}¹0‘HDóá™3gÊ0P47ƒ„ u*ßx¢1Ä#½Xg«4a Ý³Ûw¼í”·×6µ¡±­Ùiv¤'[ÐãèGF²æ87øÑOpöâE¸êÓŸ~]lTݾëºMÛðáæn3¡8'%êP/ÚP0R ØãìgHDD1'NDè'Â?qbá'* DøÁ‡áÉg^@\ѹH-ÌéºýM’+áB5SŠUµœÒ:ǃ„´˜s¦àë6áõÕ×âñ@jŠ}྄91 $""¿_|Qæ%ö b‘‘!ü¥K—ŽxY¹¹¹X¾|9’’’°ÿ~ÙüXˆÁHüû'tHˆÓó'C<Ò‹öö¤Y H²'¡§Ýƒ¾n×''>/ŽÖ5¡æX r3’‘™bCWO/¦d ³©wÿÏ}¸êӗᜥ‹qðH5^yýM¸=˜’—qT`ÿ‰ÆhBÁP·ûÃB""¢Xû===ò„BœLø‰fG?ü߇Pï4¶躘¸_‹f7Òý RؼÎñzÝ.$/BW >ûåoãšÏ\„•ŸºP~FâN“ÉÄ/,Éý¶mÛdPç?×LNN–ûóh«•ˆ¾qìØ1y`³Ùä…F£-žDØŒlL4–Æâ$C­‚FlíÉØ°wtj/ì6óy<¾s€ŠÚ&kéÀ„¬T$YWæ–dcëG›ðÜ¿V¡ /³“¡BbÔÍzÃUú6£"sÄ&""Š…Àý‹h,ND€¨öì/ÃïŸ|Æé—ÂjNæv¢>·KN}<’ç_¬yo­Y‡öCYØŒÛ¬àŸˆˆèÌ!úùkkk“ÁŸ¨ä}Äüùóc²|q®ÚÐÐ Ã@ñc”´Â‹Q'÷Ef6Y#’/R|D­F-+§N.F{g7vì+G¯Ã)7š“£ßuؤ}N:z0hÕr#X’—æ[ŽF†xþ)°ÁPS¸y& 5_ðí:µ†Íƒˆˆ(fù¢ PœHˆŠ@ÑLØ4ýõÙðøó«a=ûz¢©‘L áÖ9’yN1Bsò”sÑ—>ÿuûX»q§¦¦&Yµ8Ò3ÞÿýÁA.…ÔÔTy)‚»XIKK\fƒÇ†L£ï8Áã–ý §˜ø#ÑX`â‹7Q¯‡Ú唿’4˜Lpø–““,¨¨®—ƒÅ9Ð…kb‘e•ÈÑÿÐF IDATNKB~f Ä&Nqá*ýü'£i:<’JÁ–ö~¨DDbŸã¯ìèè×E°ô“_þ-º X¦_|Bž‡?|‹EàhÖÍãƺÏ‘2&eÁ¸è:|çGáÊKpë}VÞ.N-‹¼}:Ñ™aß¾}¨««“×EU Õj•#OŸ>=¦ûgÑìØ¿OÜïÉÇô4-\ujXŒ, $ ¬ ŒÅìãj>9šp|<’¬fäf¥ËËø¸8ìÜWŽÃ•µð|ÈVä5·u \¢®ôëJA1 Q,ø+Å(Á¢2pïÞ½øÆ÷îCWúB$N˜3¢“…ã9Ñð_Ž´2o´•‡§lsZ•i WâåðÍ{~ŒúúzY(šu³2ˆèÌòÎ;ï þ@%.ES^±_ýúÅŠø‘É?€HPëMC¦Y—W…G¦M›Æ‚h 0 ŒÅq³ï_¿Û{²]îrù6f:ò³3‘›%.ßnë®RTÖ6(pòÃꉆ5qfèÍ)¨mîŒY(èoº<ŸJͯž8a€‹&Á¢P\Š@pûŽøßßý ‰s?U³à˜ì£ƒ‚ÀàûFÓÜXiJë9%A¯Gö%hŸ´ý6|㞣¹¥u°¢S|ž¢:$¸OA"":½ÔÔÔàÀòºØî›ÍfTUUaòäÉ1=^çŸþªó]îB,Lï‡ZïÛÏxPdóÊjD"Š=6Ž1àF¿Ç++“ìvNÈAKk»Ü¸¥&'aJqÚ:º`Šo‡³¿›wîǤ‰y²rð“@N=ØLØ?5µu Ñ’„EófÀœ˜ïÀ{îôIظuZŽÕ"Él:îæÃÏ ñ+<‰ñ”jöà^„¢šLHâòå×VãùW×Â:g%4ºðM~"oë‰vt`¥P/VÍqÃ-'Üó õ¸hžãX¼Ž`–œ©èMHÂ7¾ÿ#<òàd_NâXA 0"¦ãE’ˆˆÆ·çŸ^V„‹ýØö‹0PŒü+FŽñáøqÉ`0À *<Xè@¿JLƒS‹'òƒ # cñ&jõPé´hijÀ箽EÅ%XýêËò—“Ú†&$˜š‹©­£Söx¸²F6ž=¥h  8Yõ{×âÆÏf“In|ý¿Àt,7=½ÅX·i;<}0'ćíkp¤¡`{k—<È'""ÀACÄôyoo;„¤ùŸ•?~–Re_4ñW¿‡[^¤@/0x œ7T éL´¯'šÐïdˆ·e@3ëÓ¸ý®âç÷“‹ ŽG|'n¢5~Äxµµµr$;±½ÝFĺ*P#ø"U“m.@o”ÇS“\ÈÏÏç‡A4FØ4rrra2Æ¡tóÛø×sOÁŸ€Ïßp Î_q Š òd“á#Uuèís ÉjAIa>&ädÂœhÄáªÚ!Í„ý'-¦D3læD¨õ¾mÍðÌÖ ×áÂ%s1gÞ4w»ÐÝ㈪ép¸æÃþÛÅó$"")ÿW¢’@„¢Ié¯~÷8ÞÚ^¤Y—… #5ÇUê÷/øïP“?MSßP̓ƒ—7’æÃ#mv<Þèl°Ï_‰;ïý_ì?xXž$:9Ê£øÌOÖ€'DD46ž~úiÔ b[/ªŶ?111fëýÑŠæÇ" UûÜ0ÑÔ·J‡dmæϚʂh ±20FDU]œAx»QºùM84fdåcéÉ(Û·–Ê#¨mhDk{'2Ò’‘™ž*§ŽÎ®Á~û› ;úœ'VÎ^xEó]]œï^ß-Cû豚Œ¸pÉ<4µµã£íû`3i¡×iOBFS)(š=„؈ƒz1‰>ÅIÃÿü4¶×öÁ>3üˆÁÑô±¢)…O¡úô ƒ+ûF#ð9‡ZF¸eVôGZN´Ïåx^OÄFƒ © WâÛÿócüúç?Ƹ8ŠjÑdÌ_ÙADD§6Q (ú ûMñÃØÆ‹æÁyyy1]Ï‘#Gû ,uçb²¥jÃ@«¸Eyz¤§§óà CL}bD "⯰Kˆƒ]ïDõ-8zä0,Éé˜8e&Mš„‚¼l46·¢¦þ˜T$/+M>Flô«ô´Zíà’Eb³^Ëw4®¸-H’9,™‹´Œ,4µu‹3ƒã¨d@DD42þ0PTˆ_ûý»ßcýžjXŠ—„Þw†©ð ¼Í¿¯ ¾Tº?Ô¾-šjÂQ„©H µÏU @cñœÆ²êPŸˆÔ+ñõ»¾=¥åhnn–Á¯¨!"¢Óÿÿýo¹mDµ¿ÛÛÛc:‡èNK´ç¼¢*p»»™º9‚pzœófMçA4Æƈ$ø€?ÕjD®Ù‹®cGÑPW&†D;&äå!;#G«ëQá›”N\œý•*­O–÷ Ç3p`/+}WÕúxßÃ?¾Œ”$,ž?¦D+êš;F º<^þCDD#&Â@qÂðÔ3ÏbÝ®J˜§^õcÃw·Vø)Í|Ÿ ¼/ÚfÆJÏ1šu…z^Ëðßx[¨÷e<5-Ö›¬Hû|ùkwãPE%Ã@"¢ÓÌÖ­[eË5Q!(ú‡miiAfffÌ×á¯(ß히 Æn¨uqÅí畘y.Jt0 ŒÉ»¨–L¥q{Qv2Κ˜ ½» hhíFo¿%…0!7óãyUƒó‹ƒýήîÁÅ¿q¤ÅÙŽ—*»áUiàu»àêë‚GÔ#j6šÁ2SíX4gœê›ÚF 6µ´²Sp""ŠŠèPB¢"P4 ~gízüë­A`ˆæ¼JZ¸Šºàyƒ´àe‡êÏ/\0í4’Ç„š7Ü{M(9BA1¨ˆuêyøÊ7¿'FÕbÔh‹–Ñ~ozzzä÷F\Š¿‰ˆèäÚ¶mZ[[åuñC? LII‰Ù:Dó`18‰û¡ÅO!R4í²*0ÃØÙÓ§ðƒ :ÆâMÔꃼP“èOpî” ¸háÄiÜ8x¸Û÷ıævy¿N;´êAýqÕŸ×ÝôD£¼þ­u‡1õÙ½Xßäò­T¯Ë—³^Ö7 ï«Gí[Vq~æÌœ‚®^ºº{à \=ADD‰èOH„A¢ið¡C‡ðËGþëìË mXiçÜHªñB­3Ü}‘‚¹PA^´Ë |J!æHƒÌ‘¼ÎXHH+€>g¾ýÀ¯å‰£8Y¡žhR Qq"Dñ½Õ¤â{DDD'×êÕ«ZŠ¹\²??±OJJŠù:üUež\¤ú ×jdw#Ë&ÙYHt‚0ù‰d»=bµ2'qå qõŠ³¡Uy°÷@yȾŽú ô"1NÿÉI—Ç‹[Þ9ŒÅÿ>„ §n`>—ng/TbÔa…‘‡EŸƒÅòP0!ÍmrãiTa""¢hø›‹_ú¿v÷ºôFht†aóEnVÖû«î£í“o¤MjGøE õ"½6¥e*½öh+ C½–P¯s,X'œ…C øå“aàHš ‹0Pœd6662 $"JKKqøðáÁm´ØwÔÔÔÄ´X¤ººeee2 ­Üv¸Š«>—ÈOèÇeç/áAt‚p4áHH0É_2F²¡,ÌËÄ·¿ôY­96$ ôèëvù6À¢ÚÏ­|PÝâtãS¯ÄT»¿šŸ zárö¡ßå†Ê?ȈÇ9ôA^ hB.¼7ö—…5!qñqÃF24èõüP‰ˆNsb{/štŽ.?½½½²yðÝ÷Ümá9Ðè†w3), l <¨åŒ‡÷OéõÞx›ÿïP÷‡z¯B|ü^ŒÕ(ÂáßR§-Ç˯<…é“ŠqÙòEHLL -4"‹ïh&,ªOFÜT8R³q""Š¬¹£ÿ·¦ ‡öí@|‚ŽžNF¹M#‹yvî܉œœäçç׺þóŸÿÈú„rO.´.¸=.¨½Zœ73‡]U@ c¤·Ï9ª_M r3O„O‚̉ ðx#÷»³·¹½^‹r̸wšjw7\ŽßFÕ µ>^w÷°ÇøîBa~6ú]NTTÕ#=Ù6D I6 ?P"¢ÓœhÎ)‚<1Om¢ºë¡‡E—¹–ä¼!÷E3x†_¤@'\µ]8JóE ÎBu¡æ ú‚<¥ù•ÁPë <6¾_)È #Ý ÙK>Ÿ?ô;œ5}² öü£PFúÞˆ@P<Só‘z¢²Dœ8Š“ÖhH""ª²©÷<½míèéÑ@o˜‰<ã1è»j|Ûç.¹]?Š¦Ââ¸aË–-2,((ñºD·¢OB±ÝUÛ\E(ÖÖÂåöbš]…+/9Ñ Ä#§Péâ›4ÀÊ@M@°hÒE>8^]Õ!§¯L¶ãÚ =àðÜõtÂíõmÀÕ¾¿=ÛߨUäggÀéìCeM=r2Ó ò­·­£‡*ÑiNÜ‹>ÞDo"”­­[·aãÞ*Øf_~_¢ÿ?ÿ}ÁóF³¬PA_¤ ÃPX¨ Ï[¨°Îÿc ¿Ò2x9¡ªƒ+ó£ •ž¯Xo¤uŒ%>¶içá[?üžüŽÂ¹½û÷c÷þC(=TÚ†&Ô×VÁáì÷£.§cà=T©Ÿ(»>±%§"##Ó¦LÂYS‹1©0_ñKtlo³ÙdÉ0ˆhä^ÙÙ‹Õ­nà‡q\PÖ“ c|22ãë¶ Þ‰}‰øñÐn·ËJÁ7Ê@°¨¨(êu‰¾ýûË#ž,´b0)â qøô‚nljN0þ‹ÑIz¨Á7\n7šÛ‘!«ïBŸÜx=Þ!a`à²&ZMQ?—?ìoÆ÷?š“‚EFßÉ]_/¼nƒPV~GªjQY]‹®î.tu´C§G¿o¾ëÙ+þ[aß8<ì W8Òª°húÈSÚ/†…Á‡j–ÖÞî_GàúB‚JË®(Tz®Á¯×¿ ÿx[ð2C­s,BcrjlÇÃOÿs'¦àíw7àà¡ tõ:Ñg‡Þ’ }B )³`Ë_.|”£M‹I¯þÞTt6£ìƒƒøûk ên„ÙhÀŒi“ñùÏ\"[O&“I¢i2ÑX[·nœFcÙ²erOJ«šñÁ΃0[,HNN–UÖ" ô‡‚å=™°Z“â¬òm‡d((ŽD±©©©²UÁúõëQXXˆÉ“'‡]—XææÍ›å6[Øå.D¾ݽ.LÉÕáüsÙW щÆ00F+½óÁ.ì?\ƒ¬T>½l.âãô¡0$ £‹ŠÑ‡ø?ØÚˆ8F†‚3õípôvÃÑÕ¯J30ÐHÐhâX\«ÕÁjIÄYf ·£ ñæd~°DD§ ±é"Ì ÕXü$öEMÿ¼ûöíÇ[wà@Ù!tvvAo¶F;¼34q&ĥ̃n‚Võ'‡Ö }aðu¥€# ò©ª-ܨÁ¡ö·ÿ÷·ÿy„š/øyøÁP¯C)p  †[g¨ç¦ŽU,}Î¥xñ™‡ðnöDè2§ÁtÖ$«Cjã| z1p›Vo„Önô}õrfwaKÕ~¬ÿÁ/‘ êòs–âªO­A €D|nµZyÂ)šDzã{":s‰ðþûïÇ»ï¾;êeŒ—0°º© e5-صÿ ª+!Ñš³Õ«Õ*CÁøøxy|àË\$™S⮇·ó˜Ü¾677Ë`P4—o¿ý6JJJ0eÊÅu¾úê«rß(ª¼+½érÐKÑglBœ×7} c@l¼B5îsºäíõÍxwë\vÎì'#a`¼oÃ(úe8ž†Ç}¾Çgs=4*üv~*Rz›àtôÉjE•ïà\¥ÕÁwCÐ Ï@?RÏ=þ Ì>ñ³êœ@G<ºÛÒá°f!Þ–ËÇ¡ 8~Õ‚•‚F”v%"91 )î¨{Zå9pUU•Ü§ˆPœC¾þúëòúôéÓ?9'íë“} Šh„­®IÈTÕ¢ÓéÄ´‰6œ»d¿`D'’b ==¾¥Ò¯ÏÙi¨nh‘×VÖ£»×‰DS\È'ÿue&?hw¹½øÒÆ&L¶ðýB õräañ+4¢RQ¬dh¥ ³ßM¼­›7b΂³1{ÙgF7&"¢S‚8øS¢p ѼçÕÕocÕk¯Cm²Ã5¦9× Nþ`¤A ¿zO©ÀPSàzC­Pë5@I¨ ,øúÀ¹7b_¸ÐQéöpM‘CÁà€0P¸p0Ú¦ÆáÁPÏûT ú(´—,‚×7m©Þ‡«n¸ —]´_¸êÄŠ P\ŠfÄÇÛŸ3Q ê‰ ÁS…8ßûåŸ^ÀªÍGÐéz4Ih4OB§Ú"ñ{ kW¦÷•ÃØq ®¶TtÛò`´&ËYDƒ•‚24¡©; iæVØݵ¾ýÆÀàO{÷î•ûY³fÉsØ—_~Y‚3gÎÄš5käóÛãCžlô"­MÇ`ŒÓá¿.œÅnˆNþÏ‹W¹ÏÀ³¦LÀžò*´uTftõöÁ’hT<¬ ”#7ɃrŒULžãþVnøÈEv îÈö­£­îþ>8]n˜};„¾îa͇NÞ[·;·|ˆEËV dÞyP©y`MD4nö?¾ƒnÿäç)XTŠQZÅß›?Ú‚—V­Fg¿ºŒ)H^~›¬¶ Üù6 ÷Ĩ&»‘ú î/ÔºüÏ7Ú¦Ç׃+é‚ï×d8¸¢Qi]Ñ4Ù ×Ì7ÒhÑ‚Çà¿£¤äT"^•9{ ¼Y“ðÚÖxã¯áö[nÄÒ³Ê P4”­!":Ý=ûò[øóÛq¬Ó §J:M&úuVd˜¢k‡ÞÝ#Zâ,Øá\†øÆݘÒuºŽ&ô·g »= Ö¤ÁæÕ‚¾©£' ]d'4Àânò­­[î[¶oß.·¿óæÍ“àîÝ»±iÓ&9à“°Û]€"M%꽸xV«‰N"†±: Ñg ÞwÛg/Z„w?Ú‡^‡iv«â|Áa N§õØùÖ5*¤%Äv@ÍNßÜ0!çZ élñmì[ÂGo]ªá}¶¶wâ•—žÇƵ«qîÅŸFÁÌ%¾ùØÑÉ&ü6û¸êõ7ñÚ›k N-A´+`×Ç+îƒÂýx{¨1‚÷…J̓ý·…ª ^VðmÁ•zJ‡þëÑ^ÑVü…È#Ôû¡4˜G¨ >ÿ¾?Üs \G¨j¿p—Jëô|O­c05’'-†kÂ,üîé—ñòkoâ—ÿï>Ym"NJÅÉ«¨laHDg‚C•øáïžÅÞFïüN…cê4´ëÒ0#M|“ýN‡ïØ¡9½vM7,ºv4§fa£{r[7 £c7tm pØrÐÑž)›+U 6÷˜QÓ‘Œ æ&è»k`ðmgE7$¢YuRR’hDŽb_WãMEŒ¨­®†\sá\VDüß#¡ú ’,‰¸ò‚OHøñaàúë‘.<=¾°sz":݉îA|ò¬ú°}0 SeF& ¹©‰X‘å;Wõ8! ¦Ý¾]Å¢’4dÚâÑÜÑ‹º–Nl/¯‡Õ݉Uj-SpÔ©Æ´öÍ0ulƒ®­=Ö\´ÛÒd h±X†Ž<Ú+}fäijap6ËJ@1@ȱcÇä2ÂVW ²Uu¨íîÄ¥gcù’…üЈNæqß‚ØUõã1Мʰ/–årõ†±m’+Öö‡#½ø«Ö‚¥ÀÖTîÛ÷ÂÙëÍ=*ñq{ÜÁC8Pö0JŠVá’ÏÝ [æD~ ˆˆNQ(¿ÆÆF ¾øŸW±öýÍ0L\ûâF†Šr?x=R_}û«ÀO©j/°™¦ÿz¨çm0©ép¸×7’CB5áõ¿.¥&ÆÇ;@H`¸©Ir4ŸY¨û•* Ã-ëT‘V·-÷?ø{”–Ä]ßúº"åþÒrøÉ÷1kæ ,»ü HÊ,à‚ˆh ˆ¾wDØ'¿À F¢™ðo­‘}ª³föèzßþDãßÁDÜÿ_ ¢ïóyUgþÛ”*þü”‚ÀàÀ)T*Ä‹Ü)-?ðµ…ÜŸŸÒò•Þ›Pýù)ý­TÉê¸ øÁ#›uE6†ê 1°ñ´ã{M]2Ïý"^Þ¸•w᱇=Øg• ×ë'"¢SÕ–­Ûðë¿­Fi3ÐãÕ¡Q›ƒO/(Â3mH2ªdÈ·§¶ûªûSy¬ }H1R1mÐi°hrLÊÄê-‡ðÏõû n=‚N­ »Œ— ¯g,u¥Ð´×ÃÝ‘…Îö´Y¬°Ùlƒ•‚¢JP†ƒ¢RÐwÝÐy)ž¨œÝØî)A‘º º:qùœ\Ì›;‡ÑIÆ00į.b ã±.ðKL¦x¼´Çj‘h´º€ÿ©Ðbšu nMé„«ê dÄÑ× µ6Z­Nöû0ôÕƒ7oÅîÝ{ñÇŸá#DDc@¢@1n‡ËÆ]÷܇®¸tØϾá“ðc‘F ª)5áU„ÁßM†ªù¬R¸¼N¥¿«â¢©Ž |Í¡^[´#ê7ß U%ê¹EH$pÙ¡Þÿmþ 0ð‡GñXq›Re_ PƒáÌSµÿÀ`¶™— ´r¾xëã×?ÿÉà÷Tük6›Ñ)©©© ?}üY|p¤ ÝNÕ)hÖ¦ã±kr±lbà`•jäÙ,˜šnÀ»šP^ë@¯K…'_ߎ/]< ©–¡ý«}ÛþKæbùÌ|<ùê¼¾¹ YÝ»|ËNÅaûtLíÞÇÑеÕÃiËEgGÌ‹¬“¨”M‡E3bßõš®\¤ö€ªÏ€Æƒ")Á€{¾|?@¢q€a`Œtv÷àÕ÷¶cò„,æ¦øñ¯gè"ZÝÇ£à‘¨?ñáÚž6'¾ÞfÀË |^S wc-\Žnô¹]ÐêMð 2"~IjééAc{7ƒ@"¢1":äîêê’'¢JPøÓ_ŸÅêuÀ6ç3H6ÙÂjB¸0›»6ùUªØ üA`àb¡úð éöàŠ¸PaWàmÁUúJp¡Þàû”ú÷iU]¸‘}•Öî3Sj–øÞD;jðé4¢p$^ Æܨ=fÄ7îú.îýî]ƒÝ²ˆJÁÄÄDn\ˆè”!öÿüË?ðÒÆC8æСK•ˆM&¦%âÓ…‰˜š®Ü?j¾=ù‹³ñü&/>:؇ºN~óâ8gFΟ]à;÷ºïŒÓkqÇ• qáÜB<ùêfl/«A\w-Êã‹áM™)z'­µè¶å¡£#íííCúÔ9Ûak*CeË1¬P5¢¿P]ê$LžTÂ’h`#âÀzêļµq7ªµbñ¬bôº¨ïvõ9É÷ýÎþ°'K'ÂÖv¶!ŸONÆôîÃrÔago'ý.X“ìènkAuc‹œ×fO|œAJL£±lÙ29éD`!&Q (š‹0PTÖÔÔà'¿ø œ–<¤s£âà ¡Â­àyBp<èÇ`¸¢Ðo^p3áHÏ%ÚAA‚Ÿƒ¿ŸB¥Ç6?^ŽÒkWªŠ îB…§…¶‚ßk¥÷*0t ´á*øüÏEiYáš!‡y8ð¾Ó…×÷GLZ[*»ZqÏÀ÷îú–PDT°ˆ~´üaöñt÷BD4ÖÞ^÷žøÏû(ov£ ¨ÓdâÚ³ópÓ’t[~T6÷!×nT\Fºõ“°°¹O…n<‚Žàüy%˜7)wØü%9Éxð¶K±vû!<ø÷uðt‚zì´œ‹$w#¼;¸I IDAT²:¶ÂÑq ýmÙèômgÛÛm2L¶$ÀT¿ë»3ð¶ó3˜¬>‚ÅÚ]¸á²³ùA cDí;+=Z‡å󧢼²Oýg=.\4=ê*AU@3aÿIÃéÒ¾é¹V=þé-Æ­¹Xjö@ëîFowŽµ´Vƒ6µAà<0ªõ‰ÇÞÿý ‰èŒ'*üsûû|uõ;xö¥—aŸ{%Ì–´Oö#ššúƒŽÀÐ'8@ ¼ áÂuƒ.TjíÁJ¯)ÜÀ#¡^»Rðø¿àçík áYitb¥×<ŠÒó>Ýsf ±Â…?=õ îúÖ×äÿ)ñúE‹èçJLDDãMEE{î5¬-mGKFu&Ú´iøá…I¸fÞ'Åb«žm¡ ¥5í0Æé‘m—·»<^”×µÃãÛÎßzA1 Z5êZ»ñÆ–#(mhCùk»°³´—-™ »yØsX>{"Šs’qǯ^±ÖN˜· KgÃÎä+PâÜ }ó~8:àlÏFgG²SºñN£›c+Ìò|wá‚ü@‰Æ †±:À4ÆcZa®¬ ,™é›²ðîÖ8\Óˆ%³'!Ññ„'ð`^¯×¢ßóñ»o“®÷ˆ9Ýî“úûUj<ÚoÛs ®> +QtºOªµÚO¾N£ òDøî»ïÊK†Dt¦ó7 nmm•ÁÅ?ý%J뻑±üß>C;¸ÿ¼ ¼0)U *UÔ.Ó_1®Ê,8¤Sj&¬4)-+\pMsãpÍpÃýê¹ø÷ÍÁÏ[¼/J¡_¸ª?ÿýU‡¡ú9ŒÔ`¸ðU©r1Ô€&£¥øTeÊ? {¬Å37\ÿÙgRR’ü<Ñx"*—ÿøô?ñêÖJÔuêTÙwßìtJ’ÜHк”·Û¾©$Ë"+ÿ¼¹¯ m]=¸n~&eYçËMIÀ¼¢T¬ÝY…n8€5û›±ãð;X:=ΟŒ$óÐê¬d î¾v9îþýËòo]_T•kqÐœOÆ5˜çÜ€®º]pvÔ¢G›„-Žó[¨oÂä©3XM4Ž0 Œ‘£û×`îÔÔ7·ã½m¥X6o ªšñ×WÖã¼ùÓ0µ0;ìÁöÐDâÐØÖ)ï‹Sy§UŸô0ÐO#ž§ï²×á&ô»3Ú¦¾¢"P„DD4P(ÂÀºº:|ûžûÐg-FòYç)îCBõkx[pà<p0Õ_à¶>Ô>Lézðúƒû"TšG)0 µ\¥×¦$\@çÿ[éõ(…šÁUxÑ,3pþÀJÃp͉#…–JÁa`ë‚PM™8(I`ŸŒ§»ÄIËñÆ{Ï!';óæΕßoÑd˜ˆh¼xeõ;øÓk[p¤ÅN•5ÚÜu^*®™“£a`ŸÜÙçÂG¥uÈÏHBŠÙ0l½ý^¸|»—Û+±‡wa%n?V.æ—¤ãÞ§ÞE}K'^øà0^Úx+Ïž€)Y˜œ—îÛO ìoòÒmC÷—¾³BmËA¸[`SòTçäb¦¦}-<xL’ªÓ Õ¸ösßåK4Ž0 Œ¡Åy²20#ÅŠÅgMÂû;Ê“nÇ%Kfcý¶ýؤç-˜Šd«rgÕ'br:~íÑiÆ× ‰¾oM‡ïÒo„ÛõI@i2%ðK@D4 ¢O@Q¡$Ž )XŒÈwèð|ý»÷A[°æÔüa 5XGðu¥ê½PMw•ÂÂPë Wé¸ ÃU„[N¸ Q齈¶<¥ðTi¡^g¤jÀÀ&ÇJÏ1ÒÈÊ¡F#Žv4àpÏ9°És¨0ótY8uþç𧧟BIq1RSSϘ ”ˆÆ·={÷á÷ÿx›v¢Ûc@&}*#V–xqóÙ©CÏÉâ´˜W’ÆNöU·"#É ­F§[…ÊN¬n˜kFœV…~·¥µí°µÈ²?gKŒ×~‚ÓwŽ÷ôÚR¸ßÞ‡8i¶h}÷—V6(?q—ššÐ]0¶œtxº›1_³É ZLðÁ×]'·µD4~0 Œq0½ë`Õ`eàûÛK±tÎdÙ§Þ[›vãœ9SÐÓׇg_ÿ‹faþ´Âa®Šès8ÇåkÕ`à€Y4¬Ñh8’0ÑhˆPô (Fâsô»kï~ÜõÃÿE´‹gN » ¥A(üB j´àÀÇ…˜#xžpŸÒ@$‘Æà… îÂ|=¸j/xÝ¡–ü~WF í"õ•îþpÍœ•ú õ|C5!öNJïÍéHtu7õRüæ‘ÇðÈoâFˆˆNª¦¦&üñ…7ñê– t8ÕhPe¢SgÇÜä^X¼õpuëÐÚå€-ax`J¢6“Oll•}¸‹é‰:¤'|rn¦Ó¨05ÇŠ^§ »Õ!ÝnAªu pMS6î=Š¢L.˜^G?v–×a§o>¡«×‰ö®Fy¬âÓRÍn³Âfð`gE ’Ýõ8+S…’ü\yå·——Ç™hœa#]ÝX¾x.Þú`7¬f#Î7í9„Dc.Z< ïï(…ÙdÄ•çÏÇ;ÊPv´çÍŸ*+å¡Ö 9Ië'Zo_ßÇ×Ô´:Ь²£A“Ž;Ï1ãšéHˆ ±½Û5Û!ÅùSò ×ÝŸV¶8 óÝ”dTÃíÛV»¼ÊÛöx½3&fàÅãG¡Vy}ëÐâûŸ[«é“ qåÒÉØ´¿ O¾ºU ­aŸ¿Ñ ƒ=9Z¯­ÕÑèè‚%7=ö?\¢qŒa`Œ8œ.òÍ(ÉEgwÞÛzgÏ*–µ¾ýáÌ™2AŽ8¼jýv,œQ½N‹×ß߉™Å¹¾û `ˆ3 k&¬×}|òÏÇM…ûÇÅkõ¸ª œ×0Ðl±ð‹@D4 ]C8e (úÜ_v¿úÃÓ°Ï»­^áªÔ”þý6TðŽæ‡(n¤ßHMƒýïAðó¾/øzð|JïE¸ð/R\p`ò…ª@ œ'T \U¨ô¾Gêÿ0°ÿÁhVÿ‰ð9\3âÓ9 ¦/X„¿½ô/,_¶ f³Y×þAsˆˆÆRiùaÜûÈó(kr¡]mC½:ßwžÕK³šp˹ӆÌk1på’)¨iîÆK`B†I‰Fø¶à8ÚæFqº _Z”ÿÖ¼±Ûƒ}Õ(H·ÈfÂÁÚ{åÈÂý.7Ιš5$ô[89óK²ñĪÍxaÝ®a÷k|‹µ§$Ãà;¯ínk‚ÊÝ®n'zº{ R'ó&çÆH’Í‚³çN¬ ¼xÉ,|°³ ¦8Î_0 ›÷òm(u¸â¼y24t¹=¸pÑtlßÝû Q«† tw T‡ˆf¹ñºñÓרö´ú.ãMñpõ2Š•N˯ÑñÚ±{/~ÿô¿¼à³²"0T€¡ü°›è† ƒ+•„j~®oÁÀõ„Í€×#UÒ+μì‘6Û ô—§Ô7 RßÁó*­'ÜhÁ?W,†ë31ø{mÀ© rðó>åøž³fÒÅøå¯~‹‡üŒF£œââØڈƆ%øþ‡ÿ‚µZÑѯ•ývzô06íC‚«nkšlš›¯öØ,» W/„{ŸÛƒÁ ›_=/yICü“Ú7YQÙÔ–¬&ï|R…ú¶^ì®hÆäl+.š•%©iêÄÎCõ˜91]á¸B…‹æ Eׂ‰ ñ0&$¢«¾ßsPùÎmEP)>#¢SÓ›˜Kz‘“žŒ¯8¶•â÷béY“ÐïvãÝ-0wZ¬ |õ½ƒ•ë|·‹ÊÀÂÜt¼µ¶~X3aµv }<Œ'¢œ\>/­8îgŸDDÇgÏþ2<úç eñ|ûí°`/T?€·ÞvJá˜üÛñH#÷†»êq—‘B£‘T'ŽfÀ‘‘ˆ¦3¸b0\¸ç Så|¤õü\­îµú7ü•…¡¾÷GS!.ÐÏTqfTÖ»°aÃ,Z´H¶z`HDcå·žÁ{û›Ð¬IE½&qíå¸if<,¦ll>àÅ®Šf|ûá—pÝŠ98{zïœkè9VYm;R-q°%¡Rkp¬¹“ÒMPÚäç&›àmqâùêå e*¯ ß¼¸&Ã'1€¨ìwy°yßQ¤&%"?=i𾶮^¼üþžm% G26Æáè¡qñ‰hhlÚ— × k"·¡DãÃÀ©méB]}ƒìð¼Ó0¹ ooÚ­F‹ÏĶý¾¤¨œ¥G‡T¶uöœ¬‰-¬oƒ.¾ÅA´F5¾›¨¨‚ú L°ØøE "¥£5µøу#mñu2²½  † •Bƒ¡߈4bn¤`RI4ƒy(ÍÕ>(ŠþG²ÌhCÂpAáÞ¥@Wé±J©~Ý‹„j~XI©u¤ ÁÓ•§ß Gæ|<úø1mÚ4$$$pƒDDcâí;ðaYúUÔª²€²×‘i×àŽ«¿,ûšÿªož5ÛÊñĪ-øÕK›ñö–ƒ8on1l ñðúÎ ëÁŒüdÜù©)ƒËlíqaýþLL7#;)~Ø:«Û>˜LŒ@,ú ¦Óªe_„ ­]¸çOÿŸ½ó€¢Lÿøo[v“Mï!¤!@½)Š‚Ø;v=ÿÞq–;õÔ;Ïrž§g9»xꩇ¨X°ˆ€Ò;„@B é=›ÍfÛß &“wfgÂ<ß|æ³»ó¾óÎ;ïÌNæýíS¾GdXjmÈ/©FK«!z/Ì¡x­h.;€Ø„8”7à¬kèÒVr¨/þë~:ÙÑË!10H<ÿÂB<ýôÓøjÍ6\Þ)蛃+Ï™†_väãûõ»0>wB-f¬ð½: /¢#¬¾÷»;,—w:¯GÅ85oû/òfw+þ9}0þ¶j/Ö7÷c5ž°fIÒ‹ÙLA„šèàñ±Ù¯óNç‘8°•••¸ú·7#é”+a4¹¯òâýùKü! 'Å…'ÐIËÕb¥ùË>¬VWŠR|¾` ÑÑ_ßÔŠhqCæ%!Q²$·‘Æ ä ~þb$JE@v¾Åö”²$wgü=ŸÇ[lôê ðF¥ Ögœq†Ðæ‚Ç#…A!"XsÆÿ¼»3ƒG-ܶ*9Cpá]ÿÁ]WÌÂÌq98utÆIÇ?ìÀç¿ìÇþå;a2™„ûÑÿÍŽì>ã´Ç„1=' …5¬Ü[‡¾Ñ!0‡Ñæòà`ƒÑ&Ü6+Mð6+¯oÅ·[Š0<3É1Ö.ý‹EQUlvG»µŸÛ)ˆ‡½Íå„d!!±¨¬µu[ë²£_œŸüï%ÄÄ‘Aôvèé&Xé{P¼ãŽ;ŸŸ=ú(fMÌÁäƒ0yä äôï‹/Wo’Œˆ–û‹+}åÙÈ;X~Ä2MÀ$¿òWÕ6úÊšŠSãÜwÁ0<³­oo?ˆ¦¶ãÁéhÏ&Ìbêè$Ö‹l› ¿àa·ÛÑØØØ‘5˜½^tåo5öBÍV–¥IQÐÓ"ÊvÈ·“º 3П¨”á÷xŽ5ï³+FùqùÅÔ’‰ÈÇN©ò8„rANêª+ð¤ÛK]ÕÎRR¥zZÅM­çBËõȶÁ¢%q$>úä3Œ?^ˆ{ÅŠ°±&1 ˆ`QU]…º‚=ˆË‰,S%JâRálªBUC þþÆ×øaÓ^œ5u$FÉÀ©£úã§]¥hi;r_ß{ðrÒc¸Ö}™qfØÝz¬-ó â¡ËéÀÅC-ˆ$G[<*{Kë°·¨¹ýR*$9PVo×ç¡Õ7Ïd[à%©,„ ND'ôñ=¿4ÁåpÈïÔ°êì¸ášóñÀí7ÑI&ˆEâ!.YYYxåÕWñÞ{ïáÑÿ~‚óNG¬ïaòŠs¦ag~ VmÜÉÈ`’Šô±CûcÙò’ö‰€D œ{ê$TÔÔa_á! 0}3îŠKŒÀ_VÀzß Û}~IgÿX,é‰Þpä2˜Cé ‚P 5L ¬««AÆŸï!Ù3a‰Jd:ꪉJÙåÉBÔé8ÝÉ$Ìsw•—ûÕ„¥Øzþ¶‘î?d!}û¡¦®6[K—v ^'Î=už¼w"¬at‚ â‚ÄÀcļyó0gÎ<üðÃ蛎‹O‹ÜiíÉBÖnÃÆâL5H° \·=ÿÈÄLf=‹¤¸´¹ÜÈ;p™}“ÐW׆×OIÆšºd<°¶ÅM­ÇåÙ¿öJ|¸µÐÃ2AO(a×lam6›°477cñ'ËqÈnA|V¼.§&w`žÐ'–‰I@ä‚Ÿ´/»°¿$j( ‰ò¤%<1HKa}Sk¯»}Ò÷òÄ+<‘MIäe–¶ã/K²Úqˆ}Àµä·š`)w!—o+O¨uìÔúÈõÕ“bk|.>üh n½å‚e`§ øAAÀ¥· Ö‚ð¼áMDxæĤõAƒÍ¶–ÆNuÇd§àNÞo+¨Æg¢Äæ¢U0<£9©‘°˜pønUûju•fÅÌ(Œ¾-N3v²!Ú LæÇBuº=Bò—oažÇÕ†6G+Õ…HNIÍÝõÍ߆=N†¤Åã¹ÿˆ!3é¤Ä ‰Çèèh<þøãBü™ûþW5ÙýÓpþiãq ¤«6ìAJB´OpéÅ]܄Ň`{‹ o~ü%Œa17í ԗ¹¬n|pƼ²»ïåUÀæòôÈqéÄ_—t]gXj{‚ ‚#0ÈD@/pÿÁ|÷Ë$Ž=OU‘[óñ6%ÑPZ&ÏÛŽWG‹XÃîä‚d°%ÑL$—V–lr÷^¥6™+äÔâÿñö¥66¼r%+Aµä&r FÞñóÊ䙊yÉF¤eJcêïüûƒ@ê ,¨½Â÷” "ØôGîgm–ßüÍìùƸþˆLohlLÙó¶'ýX»«ý’vãÌñÙÞ/¹™qX³·ßí¨Àβì«q s°0‹¿š³Ä%8̤øŒpÔ¶¸°rç!¤ÇYÚŽªÁ.Äôtß„ÀÜE‘þ/~–gûåÅ‚ã%‘®“×SÕ¬ åõ´®WʘËÕbôñ, 6ÁïØ•\pyI=x–Jâ›TlënÿxV|RW^iŸØ„ý¸¨æÎ,E)¡üÜJUc‘wî¤Ç*-ÕÄÅã% 6š’°qër\M·/‚ ‚Ìo.¹/¿û9~ÞWÕù¾gŽ€ÞKC>\ èr`2øæ]=B¼ì©hEÁW»QˆôÄ(”ÖµÂb>2?óxñáú2ŒKENZ¬à&Üiþæ+osJ,ØÛZ`kh@K}% •HKOBÂÑêhëÒg»½Cú÷Á3÷Ü€ŒÔ$:‰ñkѨhz–ö#ÿŒ<ðÂ{¸íŠ3‘”ÜñàÛØPÿ½¿ ñ}ûá¥×ßBxx¸b[£ ©CÆ#:)¥û6£©¾Ó#Ý59oر´¸ 6÷±{Öë¼ÄÀÐP KÁC*j|¿ú”µZ•ÔIøðÓg)(¾J·‘‹†Jñ¥õ”¬à”âÚ)á/fÏ Un¦”øB­/òm´ô·oùxJ-þ”²ûJÛâ¿Üú‘'†ñQ^LB-ȯ©H(¾ò¬ó¤Ÿ¥ C¤eJnÄj}á™Z|BÞxú³F<¢a«!¥¥¥BÖ> äÏÊ,LÄÑòáËÿÂÝ¿‚eë á²Õw. O‚ÕÔmGkh2¼áÉp8ÚàÕ„{­Õ‰MBÜö‹7Íê–#$¯¢Û+œX_aÄÊäfÄ !2Ì+¹ªÉ‰ójQÑè\4U•¢ºº Ž¦ZôIŒƒ)e¤àþË’ˆHq»œ0¼xèžë1÷”ÑtââW=Ñ'Ž$ùÒâ­(//ǧ_,Ç·¿ìÆÃÿz}ûöÕÜ–56 Ùæ`ñkÏ!%ÖŠ0½ קz079OîjÀ¶F'\ÐýXì@r&‚ÐË$¼ø“/?ér®˜%Ϭ$è)­gV`¬Lê¾#oS¼_ËÛã iZ¥riû„è½6r4BBÌB9ÍõÕ”ž„ž} Qát’âW ‰½–`dË–­GÕÆ’w_G\”õu5ØúóˆMÉÀÀ¬°šÝÈ iÁ³#BñA±ŸUy`G÷E»H¯£ã½ÅÜ9f %,‚N&AÄaØ/ílikk–•kÖ£ÂnBL¿”NâˆTPQré•Çõ“ ƒ<7a^]¹ë±ôU.¼ˆÖ…G+Š–þbÑõ¤ýVÁü¹:óÊyV†JÖŠþ¬ ¥Û(¹Ró² Ë­A•Ü…ÅW-çMž1: ?iï;¡Ô^ˆ„¾vêZœ‚ÈÚeßa·ÛM76‚ ‚ ôüöj\xvžyý|³«^wg‘.$& iÉfÄWìC•Ý€†fÚì…ˆŠGzZ_ä7šP²®Y1@ßÄ(Tµ…²ÿâp´4aëÖ­(+:§ï}ΰHLJ£ÕÞEl³7!ÔkÇ¢GoìL:1q@bà¯dÂY^´Ö°°ŽÉgyñ~4TBRú@¤÷I‚YgÇåIL³à¥ý-Èsšºå:i:²Á ï$¥™±‚ Nr˜5ËÜÜÜŒ¦¦&¼ü懈yNñB.ÐðDBµ8‚ò2žØ'ax¢ O\’ 4"wCf8 5Ñ)õÒ¾J…:VqZA¥ýÈ÷É‹+¨T_¾_¹U±j|y IDAT£Ü%WÞ¶´¿j‚Ÿ¸^îÖ,·8T²ú“ï_«e¨üú‘Öá]§<13¢ 1¾¿ømüøñtC#☒’’‚Gÿr Î_·/|°{k¼0£ó},:= KóPÔjEeu-š›Œää˜#q È‹ÆæjT—¡´ u‡ ““ƒÜ᧢Íéî"ºÝ.8êËqéÌQ¸éÚËéDÄI‰¿–-y‰1á_ÙÂÜwÙkáÞm(ÚoAÿA9H‰‹D]3î Ç–fþ[ìB¥ÎÜíýŒFŠCÁAÌ ÜÐЀÚÚZ¼øÆûð& †^oT%÷棵ôW¦&Ú©µ¥t¥Ç(û¤VJ†¥–b;JãàO„”Ž¡üüj±””_WòŒÌÇ*û°#,ûöí#1 ˆcâĉ²èÅøpmZ©¹…Î`BBÖ($¶6 ¸`/JZÌ(<¤GYi1t‡ÅC¯³¶º ¤úæ~sçχÉbm­››kahFyì¡Ž8„Aœ<’ó+ òà^DD„w,¬(†„„¯ÅûvâPi$úgf""Ô„Ü;`‡å-XÑd„ݸUŸ9ÔÚ!²L”@„ B"$8hllDé¡2ü¸~¢GÓI¸ )r!P.ìI‚È­À”DDiÞ"¿g«ÅÌ“£$Öñ\V»“tCK‚ÛÉ?+¹¢*õ‰çFÛÓ‚ Z™šðÅÞäÖ†ÒzJÉ=Øu'Þx‚ üº’ï›'ö©¹Oó®_éqˆ%sÙõ—­úhÅÁ6½¥¥‡èfFDsÕo.ÃÜ3ªñÆûŸauaœ¤r9: C'¦#ÇÑ„ÚChne÷E"££>}φÁ»½µ‹5`c]Œ­Õxâ—cXîPl‚8I!1ðgåŠïjðÝüÃ:‰âûNëœ-ÈÛµ Y#&!&Ä÷ÃnÇ%qL‹2cQ…»}mxýXT$›Ž¼µXŽ<°ŒÉD‚ ˆ#<ÿÚ»IÙIá¹û{/E;PI(äYJ…­‚ŒR¢ žÐ)ýÌÛŸÉ@¬Ö†´¯ò÷â¸Êã4òÜd•öÉk[kœDž&߇’ˆ§´"œôZP:¢‹·Z¿ýý(wM–ƒÒõ –A™×/%A•w­j¥º¾‰nbAXÖá;~-NÛ¼o.û­fÄÊì7,‘ñè—*€0ë>qaqNå" ËÑ‚Š;qÝ30÷´é4Àq’Cbàq¤¨p?–¾ùfͽ9c&w«êâ|X­a\«@Þ:“9 #&LÇÐœÁØúã—ÈÛ½ñ°áÖD`—½ ÿ«4¢Þ¬œ$ÞräÁº“ø§§K‰ BŽ­¥{ K‘4qŠb,?^–`-®Ã¢û°4ƒ°Rfbµä$J±Ú¤ïy.ÇþÄ95aΟ°Öl·j}ð'J÷Ã;>éXjµT” xò8‰òx{Zb ªÅÜSê [x®¹Z܇yÇ£vž”\šåûSå1í¨5qw \ýYøb%Š›¢•”Ž™]FÉÁý°WìÇ…3FcÊÄKhà‚è‰=D~~>–/y£ú˜,Y½ qÇá³­ñÙš=¸á¬q8Ïw³..¯Áãw߈³.¾CÇÏPl¯°°ñá˜õþ]„ÅìÂ56jlÜö~CÇâço–`û– Hе`A<°ÓÞŠÅV´F&õômáÕj ï$š(«0A„£§¹¹6› ½ø:¬ýÆq…é+Ï¢IP¾žgE¨ôꯌ'œðú«„¿L¶â:V[þ,æ”Ä?­ýTÛŽ'Ê݇Õbj?¹U/Ù†Òñ«¿|¿ÒX‡ìUȤIQÔÎ¥\ä ‚òíÔ’µ(%*áÏêO¬£&JA­±µŒ³Ýº: ‚è]dgg㯾eóæÍØ´u'òö6 É‚­úF›pÉ„1ÈÍ=Š EHÁ9Æ0—àO>Z W圙›‚w¾\‹&D 46CÈ •‘‘é«•‰W¾ËCŒÁŽkÏù³ã°võ'øñ»/pÅM·#<&©K»?¯[‡ñÙ Ðyœš¬Ùço6ìÀËwܯ¾ú O=õ¢££;µi Ç´s¯Ä€œQøñë¥(+-Á C#þÝ‚Ïë±ÅœŒÔDÃá‡u]'1Pšé’ âdEÌ \SSƒ«Ö aÊ|ÀíâŠ7r÷F©0!(ßV)iˆTäP³tSs“Us”¶Uj[I(SðÕú¢Å×V –j}ëðÄ=Þ>x"—VÁJ*K³ËÇÛŸ ¨$PŠ¯¼ÌÊòí¥™‡ÕÚ•_J™–¥çEÜ¿TÜä%]Q²TT²Dô7¾zk ª ¡›A½1ž AD x Yýã*l^ý5fOD¡MG}#¸'F¶ÇŸ©®®FFF†ð`žÙ  Ø=ññF M Åy§äÂÑæÄ¢ß KL*®øý±X;Ú¾lÞ<¼¿ø=¤ÅZ‘é×*°ÅáFaq)ú÷ïeË– ûÿòË/¹ýNÍÊÅ<ß²aŧX³b9Ü--8'¼“àD}¹I|‚îlh¥NÄI³ ljjÂkï.…)yp!P*B¨ ^Ò˜R+)i¬@5Ë@%ËA5Ë@ùþEÍ"QO¿ý5‹Acg ²²åUû‰i,Mhh(’““…Ïý³‡¢ÖnÇ?ßù §ï+¸76Û±ðï·aêì 0fÚ!^ãÒËæaÏž=X½q-¦Ž€·¢UàŽ¢CˆˆˆÄ@¶¯gŸ}ÖïqŒy.šŒ?_ŒÍ~FŒ»‘n7Ü`™„C:e6É2 Bä‡5?#jø¹]Dµd ò…—lD.JcJ݉åÉI±z;´îÇ_LÀ@úê/鄼M%!2XããOlRJØ¢%‰?ëJiÞzQ”ŠfR+;Þ˜I…8†\h–ÖÝ’ÕDP¹,Ïz’'æI¯kµìͼ6äïÕ2,s–M$ÝcÉ’%ؽ{7žþyTTTЀA½ƒÝÞ}çm„9kpNnÊ*kp÷›«Ÿ>Í-v”oÙ‚áÇ#1±=5 Û¯_?!¶Ôþýû…õL°câ`ÿœQØTQm…›púè \|ÚhlÚ¾[^‰ ®Z€˜ä aŸƒFVV–o¿oaÜ $D†u± tùÞ;ufAìÓ§n¼ñF„……i:¦ˆèxÌ¿CÇLÁW¿…C¥%Âz‹ÅÒa¨7Y™˜AA„m{ V„éô\·]é:iÆ_žx'(úäÉBä‰\$äáÏJJKBù~•„%"™¿>¨m§ÕÚPKb ë•D¹î&©‘[ñ2N¼¸|JíòÊüs©{1ÏÍÝŸ{²’觇PÞyvmó’žðŽC-™Š¦¸mNº±Ý¢´´TðĹí¶Ûpá…"%%…… ‚è$V¯^ü›09Ó «)Ÿ­Ú‚}5Œœ:[ú˜à—ššŠ•+W ív{‡8`À€.®Ã±qñ¾–ã±tS\ßm¼ÓGcô8|üÊ£0F&cÞoÿsX¤ Ê]yÕ5øùçŸQ°«“Gd!$ÄÙ!î-ªÜ „SO=µ“{¯V2ÄoïÊźo—âëe áì—òðhXãÓ5e?&‚8X´øcÄžÜE¼‘‹(¢€'yu¤Âž¸(YJ‘Zª¡äÂ*'1wì¼ö± ó·M0ĸ`¨u üØä‚*OŒTK<Âk_+Pt³å¹&óÄBÑ=XÌ”¬v~Õ\†•“Èû/~–[.òH±â1ñö+·(T/yX̺±Añ«‚ÄÀ ðÇ[oF‚¸ú´ö8Šw¿ø NSúöφÇ÷|É„>öËà®]»„÷uuu‚{ï¤I“„ÏÌuX*J]‡)}ÓáéÓ/,]¨\zšOðùnÁ©g]ŒQÓæ ®Ã&L@sóP|ðþ»8m|.¢Ã,ð¸=ˆJœ8A€<7(½ÁˆÉ³/FÎØiØöÓ7ˆJËÁd¦ € ˆ“i¬Vö#O~A1âÆMàº8ÊÅQ¤à ÒíDÁPÉuX-n ´<±Ç_¹k¥VK<Z2ËC«À§f]æÏòLK½@bjqEå•ó’Ž¨ÅyÔr¼J™zEqP."‹ëä±åb¢T”[îñ²óDAyùwEÚ^<@ž@ªCPûP)ã°ÒµMAñk‚ÄÀ 0ïœÓ ÷ºðÑOk1*=—Ï‚µ[ó_² ýrPßfĽ‘#G¶Ç ,/‚oݺUÈè;pà@áA÷àÁƒ°Z­®Ãµµµˆíxè9qì-6<öÎJôKÅÕçNî]«ñìw_à²ënARæ`„‡‡ãÚë~‹åË—#Lï@jB úg î’9øhˆŽKÄ´sçÓ‰'‚@{ÒvÏnnnÆÒ/W@—ÕE …5—L¹"‹#¨´^)^ T QÛ¿%‘Pm´Z-µ´'m‡—BZO‹H©$úñ&-ûVJüÁkS+JÙˆ•®i6_Þ9–ŸO©¨&Œñú$/ÕD]%Oþ*µ”~Oä’ž+eæ%ç‘/þÛô&+S‚ ‚ ˆc‰A ¤Æ†É¹é˜éùX»i'¾ZŸY£³0.7 ß®ÛO‹a¡‰°„ÇâsÙenÅiii‚Ëîwß}‡ñãÇ " ËBÉ\‡Yl?Q”fEîø騭©Ä¯|Ž)¾ý^4}–-zv„â†?Þ KDfÏž-d0[óÓO¸tä)t’‚ ŽL lllDMM ¼Q3¸õü%òPÊú+÷¤‚‰ÔeXºžC·/éû@Å;¥cè®ø¨µ}y;þ;Þ~y–”þ„ µ8ˆJ¢š?ü SþWy"%÷c^ÛraZl‡‹'&* ‚JÖ¼s'SåÖˆ<¡OnÕÈåß±žZ|AçÍ`ÐÑŽ ˆc‚·¹sÎEÔêï;Öy*«`»á&¸víAÈÜÙ{üèÌíÞX® ÑrïpçåÃ0(ÖgŸ„a`–æ¶EZ߃>1aý¦©“á)<ˆæßÝ÷Þ<† FøÂg¡OO ¨m¶mó à).úöÐ}0Žã·,¾H ]6{vïBIþ.Œ‘ƒ¶!°rÍÔ—À…3G£ª¶ßý²Q¡nllŸ¼±Ø}̹ O:Up f¬¹¹¹ñÙÂB±q‰¾å4ä—ă¯|† ¦GfŸD<}ß-;i:f]rúöí‹K/»ŒNAÄ1„ÅgeVUUU(-«DB?“¢pó ”"w×IE?©è!oOêVÌmÔD2-.ÅþPr%>Ö â$ËO†bÞøøË0«f5ÆËVëï´ZMª¹ÄŠïÝnw'¡ÌŸE¤’@']¤ @Ô2«ïZ“—ó’“È3K­å}—»=‹åb†c©Õ¤?+J9!=Ýè‚:žêjØ~»ž¢âNëí÷=ËÍ¿‡éôÓàZ³­Ï¼€Ð?ÿI(³Ý~7¬?ãø±p,z¶ÛîDäçK4·Íp¼ñ&ôñqˆÉÛ§¯ý–»ïD·æ·!ìч`1®­Û`»õD,YPÛ­/½ Ë5WÂ|íUh}á%ß¾ÞêüÔÊ´¶OD𠧛 1xHfÌ9Ô¢¬¦3'Åigœ‰·WîA~q%æÍ™„8³îª< H ¶a1™³d0wáµk× ®Ä,^ +geì³ ©4î4|¶¾¯.]…Yrî¬Ä’…÷£¢`‚ ˆbã–íÐE÷åŠ åÙ­EAZºø;&µc÷çÞ΋}©tìJ™¸¥‚ ¿qS»&Â-FAd%‚6Mg]€Ë.î²¾íÛ06Sxoœ<mŸ.ë(‹úáAd˜¯¸îÝ{j[hÿËå01‹ýÚ(XŠÖw¬-& û=,Ú¶ký¡_ýÛ³WS™Öö ‚ 1°WÂ\~Ï:ç|d‰²B,V\|öéH‹wWìBtD8þï¢h(ÙgÙ„6>|¸` ¸eËAd±§Ö¯_/üjÍÖ³xƒ,~ †ŽAòIXôÍ6ü´eFôKÀK^Áû ÿÖ†j:9AǘÖn@xê`mÿ|Dž¸!ªxBŠ’ ¢$"Æ­h¥´ï£m;â OpÒÒ–?qM^Î×x"šÒ6j‚£Zvjµ6”®9­‚ž\ô·­¡[IÈ“ZÇÊ“êøyß9-ûïM^„„„Ð Ž ˆ ñÙÇ0Ï»DéAᰂ憧¼‚[ÅÛÒCvVÀm»7o…ëçõ¨<³ævXàÇé™K¯qÔÈ€ÛöVV¦öI®.*ª“uŸZ™æq!"xú AðaÉ:ÆM™ÂÂBìß¹i q8{öLlßS€+·ãÜi£àv{ðÙªMM…3,QüXvaf X__aÆaóæÍBÜ@&jš\ŒÈÈ ½».úSrÓ09;‹žú+†ŽŠIs.…ÞHÙ ‚ Žù 7eZç‡bŽË¡\Rõx"T €þâÊ˺<Ø«Ô Ä¢Ï_’†£IṗÄP”ƲSŠ)(?fi›&¬às^ CiÛ¢K­ÔºMÞŽÔ—×/5—_¥.ò¸Òcæ%F]Õ®/i6dyŸ¥q¥}”ÇITJp"uµ–Ž«ÉÙˆ˜˜ºÁtX¼>¦)“÷`Ãð\´Üý7œ˜[Ïñæ;½ý¶€Ú­‚À½g[{ ÂûþŽð7^AØ}EÓ—ÂÛb‡ÎbAÄ’÷»Õv§Ï.—¦2­íý( ¦™ˆØé³ä9U­Œ ˆž‡¾=ÀÌSgÁårá³O>F”Þ‰9Yh‰÷VnDjpñ¬±ø|Õf8í.X’©Á¸qã„",±K*²oß>aÒŸ““£y¿sRr¦`WùlÞ»—øö³ú˱ü³qÝÍw!*¹‚8AøꫯððÃcdš܆WŸ¿ÿ{õ%¼ò¿w0xð` ã̗߯†%e°¢x(Z( 6Ý%PK»£ÙŸ?Á+Ø Ú>zb_þú¡&ŽvWŒåµ+·¾“ZÆIÅCñU*Jë+%ßg°–[¥ÊE8¹ (¿þ¤Ùƒ¥}”öO.ÊctJ ÈE?iÒ:¬ íõÈÊ:•nrAô,ƒoä·_ïÝ :2 wÜת«ÑúÊk{ð¾nµoÈÌ\ŒuááÖ3a& "Á¨pí<þ¼>5EÈÌÚöÚ|ûHIÖTFÄq¸×Ðô LÈ»à¢K‘>l*T·Áë{>iâ3‡à…%k00=çOouܵ`2@H"2aÂAd¤¦¦¢¸8ð¬JÖ¤þH2Ÿ­ÍC³Ý™£úáé¿ÿï>ÿ Üm-tr¢³nÝ:œ~úéXüßgðì7æ†oDu½ ç Òavl>Î>m2þö—»Ð*s½ z– ›6#¢OV1¥;(e{Urgå½W* ¤ÁŽÙÈ~ŽEÕâÒÍù:´¸z+ÅáSŠÅ(Ϧ«›RÍõ\xH”´¥Ï°;‰OäqÿØ{ö¬ä/î¡–cãm¯”øD÷P~-ÔW” **ŠnrAô ÓO,óàñÀ¹ü˜¦Mí(sý²ö{@è}ñM0 Ýjßtö™hûàãööÖ¬ƒiÎéíóÕÜœ#1wî†aHà?63KCÇÿÞÞ;ÞXãèQšÊ‚8 AÏ’••%,?®úÅùÛ‘†93§ ¤¢k؆ ¦CYuöî…9*-úHÁ2°©© Û¶mÃ!Cºµ_§KÍA¤ødÕ&¤$Ä Þ܆‡o¿WÞð{ô>™\‡ ¢‘ŸŸ/XºêKñè4êÊ`{ž n7 ¼Üû+6Ì€[ƹ°î›—0êýwñÜK¯aÖ¬Y4x=„ƒ½Ö5¶ÀªgçÆ°°¤äJ«&i±Ô¬Ìºc¯§T˜ äxºçPëØùÛÆ_¬Dž»l u™°%( {<Ë@±L/Oê^,Ý·tÒ6ån¹Òr¹%¡Ôm——UXêv,·ôã¹sË-åÇ©æ¦,c(;£QÔÄØ.b!Aı$ìáaûý-ðTU#dîl„ýãŽ2Û­·ÃSzm_,ïXS´Ox­KØñ^ Ë‚›ÐrÛhyè!k°õ•Ú÷ûô°Ýü§v Á!ƒa}îßÛhm;äŠËa[pìO<-X8†¿ü‚ß2­m\H êËŠÝw)S¦`Ïž=‚¥àˆ#º+¬Á„gŒö=Ô¶`ýν‡ï?y –o?ÃWÿañitrâ8ÂÂÜsÏ=رu#þ6')Ñ»_—›ÅYqw|Ë„72Ã+ñÇë.ÆÈ)gà©ç^D||< æ1¦²²²ãœ9<X¡]’ 'þ„”£r×h¥XŠjâ+/†¼ž¿˜ƒj}’®ç jíøs;–¿g¢/A‡¼=¥ø†JÇ!¶+uÙU³z• s¼ø‚ ©{¯\ÔÓ"ØJ“pëëôˆ5!!!qqq°Z­£• ˆc‚\3MŒ¨µ?pë*­çµ£´Ž¹[>ë{n錡?D~¾ä¨ÚfâbÔêïùƒB™’H!A[Èì8Â*/¼øRÌ8{ÙŒhu)ñÈ”ƒw¾ßŽÖ6.9u$,Íh-Û‹Ñ+ÄcB K0Ò—a‘O¬£PÝfBAi¦KÇO?€÷_|.{‚èaXñxœ{6f§Öaá-ð4–¡Ð /ü ña:Ü6Ú†AuŸcXîPРªªJX>_þ-ôq™LQú>”„¦£ƒášlºãrÚ¾«Y[òʺãþª$Ââf«´oÛvzÈ“¹+¹ÞòÜ€™€§äÌsµåµ­ô^Í=Zì·´ŽØ¾Ô•Xêâ+]ï/±Š’›u—ºzÌörL:UÃÃÃa2™èÆGAį{Ì‚gþµ7""mj&ö´Š¡3ž†÷¾Û&„gMȆ³l'BÝõ1…X‚ìm–iØf³uk¿‡Ê+QP\ë.˜ £AófŽE¼ÅïºYÈXJar°5 IDATDÏðÆo`Üر¨Øòþ3«Q¶|”¶XàѨ÷XMŒHpbj_ÎÌhÁàýiP{fÈ–[¶Ã•Ð­6z“u`°böï¾w7®¡Ö6ƒ%J÷H >q;¹ðÖåO&â©Å”‹€J"︔bõÉBµãTwé±ÉÅ?¹@(®Ó:Þþ¯BšK1}útÄÆÆ b YÀ¬ÆÙ"eõêÕ40AD¯€ÄÀ^sþÍõ€32vÕwr<ÈŽ2{>øn3N™Áq€£t;"M.ddd¢ Ë4Ì–@8°âõ ¸sÞT˜MíÁg×í=„WlÁ¾üÈÌ̤BǘeË–aæŒé(üé|re(¦§4ãm¾ïb mnÿ"‘Þ7M wbJ²Ñf7š4¦=I[[›°(<Kt²ªØ¤&4ÇŽ@¬ »k¨Ô†ü3OS믒`hŸ•Ä;5‹C% À@DBá¥"HúKŒÂý³X®fù¨6vr‹ÁÆÊ"á•%hr:ŠY” ‚þúõë×iÝ’%Kh`‚ ˆ^ýÄÙ 9÷¼ „_¿[þ¹ï ´&81bج˯Ãöí[qëofcÓî´´xaŒËÄÈ‘#Q[[+¸ §¥ùù·kËz\09 £²S…ÏŽ6'Þ_µû ‹‘¯'cÇŽ¥ALj 6àæ›ÿ€ÁñÀ³§ÔîkB™ÃŠØH7¦¶ÀÖêô}ßëár{0<Õ‚0ŽgZ‚¥ I!6X ´¸hL'm, ˜uI•"wæ%h z¥ØJ‰BäçR¾^ÞžZÜAéu£Ö¦¿¾óâóñú¤çP˵(½¾Åø~r¡Pm Ù6jã£$ŽJcJc*‹T÷Éw×aà€þB–P$""B°dm„Xœï’’\sÍ5‚˜Ì>·´´÷~bÇŽ‚gKjH1† ‚ NNH ì¥$''cþÕ× [þú–jD†0ã”IX¼r‡ìŒñCñÁ7?#&%‰ñIpÅƪ¶ép8P¸{n9â£Ã…u›÷ªmEÐ{]>°/mHJ‹ÅB' ‚Ì–-[„ ÁáhÆÂsLлí¨w'Î\y$9ˆÅ¤Ç)ÙQhsº°±° Í­.dÄ‘®G”ɉ ¨o!3ÀÞ‚Ãwê,~Äžµ˜\ á‰-Ç‹£Ù÷±ìwop«VJ "/ T¬멉_<LšàCkßåIAÔDH-ñ*y \ø:µ¤&ÒÌ¿ò¤#Jûá}çضò# é:^ÿ¤–†ê=˜pþ,A dÀl{62›ÍtÓ#4Á~ ÿûßÿ.¼2Ñ-::—]vÙqï×o~ó<þøã?~¼nˆÄ@‚ ˆ“{9,a{€øêË/a+Úã›uÖ"-)zcÞüj&ådéDwÜŽ˜Ôl4ºù©õ5UÐ5•â¯W¶ÇdGo~½E°(ÊJK\’ ÕaØ„S1ïŠkhà "ˆtdÞ¸÷ωÆÀ7ê½Qp ·`·âv½c2¬‚XXPÑ„ùõ¸v˜ õ-^Ô^‚Ýn‡Så_)ϲË_¢gáYÚº½šµ Â/ˮܪNK[JðÄ45‘Mj™*Ï ¬–eY¼¥â{/·ÀˤíJ3Ë…DéXÈëJ÷ÉË0,¶ÅP™€ÈîµbÛ÷çÁÞz š››«®ÐÐPÁ:‰<·c‚îv]¥¦¦bØ°aš¼wz‚‚‚!aÙÙgŸ-$%$‚ NNH <N’ш³Ï9õõ§àóÏ–ÂÒx¶†j¤¥Ä¡¸Þ‰ÒC‡0{BöÁÙìFdê Ø]GPkK÷#3 ˜{Údáó®Â ¬ÜQ†Ì>‰ˆ 7£¬²}nûÛ£HHL¢'ˆ ÁDÀ'Ÿ|ëV¯Ä­§„ãoóÃÑ F£Û7±õj‹=eÒ¹¥«Ã°´z<{È 7逽Š²²2èÂb5×ç‰F<Ë+- -xårCM¬!‚7&j–tþö©fAȳbã w¼6”\y•ÄOž¨)wög™ÇsC–¶/µÀSùñÈ-÷¤û…B©;°¸H]¥¢¡\$ëJ’ÄO½O¿ùfOÌÁ9sNÜ;ëêêàr¹a-”P„”î&ý#‚ ˆ`CO1'̽`þ•×ñGvlþUû· ¡®‰ñ±ØTPƒÆÚFÌ: ?mÞ‡Ç,ˆ‚ûw¬ÇY²0¤_¡×¿ØˆÈøL=.g”Ö`⬠0aÊt`‚,Øü£>Šÿ½þ*î>7 ·^¬Gƒ1Ížpx]Úüù¦¯Z½N­°W’_X£%\“8r´¨%“èn&Ý£9®@E:­ÛÚÇ@\r±,õç–¬æ¬$Rûs!Ö2òúR‹=­Ç¡d (í£ø^*Ê[ü”„@ñUù¢Gœ…ovþ‚;ŸÅ½wýI¨Ë\†cbb`2™H $TÙºuk—uLT^¹r%f̘ADAWè)æ¤o߾²zuj‹óPup7ê‡ekóà¶7`æøaXµq-®;sþÚ-ûõkÄ_ìA¥¬¿òúò8zjíðbðI×Ë·Qsu$þ¢RDyf_y›<T) \ô“ †ò}J“úˆå¬.³þ³&f¢-<ýçÓ¸å†ù˜9c:…X‚Ô¾zÌZ-jnÐÄÉÚ5k0þ|ß³wÂÂÂaY²õ·Ür Aq\!1ðD?¾‡Ï1cÇ"#3ßš¢ÐTº¥H‰³¢ÒæÅ=//Çí¿¿‘¡ä(…Ñ…«ÜÞ@ƒGA€¹û<øÀýÐÙÊñ÷98cb2Ú`H4zZj+†¥­ÍO·û¢”È€8vÔ×ÕÁ”á÷¼(‰{¢È^¥‚Ô'­»‰"ˆî}¯áh¾ƒZ,•¾ój.ÅZ¬ùÔbUªµ¡%ñ¯ÏJ’Zâ *ÝïÔ\’åB /S³4‰´ýöX‚10ŽŸ‡¿òZí­8ë¬3 A–i˜Y ’ë0!„áO>ù}úôARR’ ggg㦛n¢Á!‚ Ž;ôÄò+!>>óæ_‰üü|lúéïلʪ*üåŽÛàmkÂÞÂrŒšv’údÒ`D`ßµ;ï¼%ù;ñò¥1Èì7ûk¼øx}9BCô˜4(F?Æ!¸‘¦;ˆÊêß'‚ÄŸžEæ÷\øs …@¹h¨%{,Ñû4f`wÚ Ô…W«û1ÏUXZHߥ¢Ÿ?‹Cžø¦PËþäñyÉC䢤(>Jë31Gj1èv3ár¼üñÈ?X„kæÏëØ¿(Z­VÁ*‘ X¶yvM°˜ß8p °¸\˜ ‚8þø+#++KX¾úêK8Ö¬@yY)’R30ûâ¹d HA€‰€?ü0vl\ƒûÎLÀŒ rá KâS¥%¸Ñ'¶[øzSœ.7¦ N@d¨üVëAD[)ܵ¨t8‚Ö·²f$õ$† XuÇ-˜¬þ-–qjxþêò’Õ(Yû©õK©Jb¹¼%‘'V*¹L‹ñåÇ#ï«Ô=Y\ÏÄöYŒAèñ¸9ìLü˜·•O>ƒ¯¿º£?,Ã0ýÅö$‚ ‚8Þø+eÎœ3‘›; ß~û-fœ;•„ Ž’úúz<ýôÓøÏÂðÜUCðâÝ#à ï#Láîìl5qÎø ´9]X±­ 6†¤F"#! °U"¶q'êmÁ5[+tȈÑah¼o[N竧hi±#ЩþÑfþU³’"‘ðäÂ_Œ>V…jëynºJ¢ž’•¡<Ù‰ÒwWG.öI=±\nI(â‘…[[ Šõy™…¥mI¿£ÌÚO* †fŽÅŽ}kðÌ‹/ãÖßß(¸€677£¦¦F°d [èûHADo„ÄÀ_1,ãð5×\CAA`ØÐ!øÃœlì{l2̉áöx»ˆ€r zfK&Ž»öàµkqI¶=hÉAê[‡€ÄpàœÁaÒérù&Á†:a=„ÞdVÌ­d©$A´Bâ߯-Ie‚Ñ&/K±–DJ‡¼öÔê*YëñúËyâ¤<1Š4°\×É÷!w-å¢t?í1 ],#²&¡¸lþýÜBÜqëA d÷{& ²íXAâä…]C’ ‚èµó‚ ÿ NÀ]¹…3¶ÉÝŒ¨ê_ÙºuMö ô¥Í ¬,Ö32a‰G\Ù„XU:ºµ÷&xb /1o;ù¶J‚Å<ñáYŒª-´']Ç«ÃÛV©Oþú-ßÞ_{<\©¾_S\ØýN¾^m<”Úˆen½òãeåbÆ`éwל’ƒCú>xþ¥Wa³ÙË@fIÎâÅÑ÷òäàóoV`ÎycéÒ¥Ö31 ‚ z+ôsA„Ìf <Ã.®b+Œ{?âsáŽÈT¬ïu;V»¥÷Cç N°pfŒøÝÀí{=­³2Qô¸á¬ØƒÖCÛPÛê@w§~ÒI£Û·ß‹€0¾¯!Gê°Ié‘L—n„ŽJIäeJåÁ†‚òF澦!Xzv\G¾%¬DŽ+þŠ²¢|ü²q‰P7;;›“ ‚è5H¡.–òò£˜¬K'¥{«½Ø_ LÊÐcxŠþðSƒ¯ž=ƒŸº±õ ÒC…É%›dˆ±±ˆžÅl …ÝÏu#Š Z‚H'•rB.\D°éÎõ¥$îiÉ4¬ÔÏ­8ë@i_´Ô“ï‡÷]• ƒ¼vÄŒÃ1£ÏÁë&„˜(ÁM˜¹ ‹–Ülaq‰ƒ¿üëElÞSˆˆôˆÏ o¿6üÄæíÈj ú¤õClÊŸPp(ÿyíM,¸ñZ¤§§ÓÀAÇFhnFãœsµúûŽužÊ*Øn¸ ®]{2w6Â:³Y(sm؈–{€;/†AÙ°>û$ ³4·-ÒrÿCp¼ýô‰ {ìŸ0M OáA4ÿî¸÷æÁ0d0Â> }zZ@m³m›o\Oq‰Ð¿°‡îƒqì¿eR9F‚8ÑPóBÿü'¡ÌvûÝ°>þŒãDZèmØn»‘Ÿ/ÑÜ6ÃñÆ›ÐÇÇ!&o;œ¾ö[î¾Wõš܆°G‚qÄp¸¶nƒíÖ;±dq@m·¾ô*,×\ óµW¡õ…—|ûz«CðS+“¢õ âDƒ=ðóÜ„»3Ñ–.Õ-À/%^¤FéqÉ0cÇdRÉ­´HçÄ ƒë½p:qJ¿Ž iIƒµÍ”M¸Gÿ´µt užØ˳h"ˆ` %v ¿úþ’”È?ûK¨e` }–ºûË’ÌK<"öMú=5šÃ1æ"<òäsøÛ]² ³rfHô^ÞxÞûì;D¦ç":gf—˜€þîïj"¡Ùà7!®,\w÷»ï¼]ˆ'ÙS,\¸)))Ÿ™øÊ+¯àÁ¤“Oq’A¦$Ý¤é¬ rÙÅ]Ö·}»¦Óf¶?Nžˆ¶O—u”Eýð ’ W\÷î=µ-´ÿår˜Î˜ÅžF‹@ѺµÅ„@a¿‡Á@Ûv­ß ô«£{öj*“¢õ âD„Y*-NB:¬*ô¢Òœ›c¸4“0Qdn¿Ò¸R¬.‹9ÅfMRä+ÓûÖãÒãùÕ6ì,w¡¤ÞOv9Qk×aH"ÝÖ{’¸Øh¸Íõý¹ «Åä Äþ„ ‚8^ûZÞó¾oÒWñÞ«TGx€>¯U¬Ï[B¬1hŒŠç^zU°$d±ç˜Ëpmm­ ã&"8|·v ξîN|¹¥ ‰#Ï€96µ[V€¼{¾üÕäû7]Ö_—Ecþ‚»ñÚë¯ÍóÀÌp„ HLLÄ°hÑ"´EÒ3‚ âÄ…fÝ$â³ažw‰Â¨V—žò þÃï¯!;+à¶Ý›·ÂõózÔŽÆYs;,üŒãÆtoÌ¥×8jdÀm{+«“©ý7*ª“õ Z™âÊ1ĉ†3°»b 8¡lnÓáÃ]^l<ÌèoÀðcÇÄQM¾ï[D­gŸÍf3̾÷vƒý|sÒ1./–l·£ÂæÁ…Ã,–nÖKâØ‘‡¶æÚ¹þ´dxUšˆvw"KŠZï…ݹöÕ²Ëß+-RËëöG6½b=y/Ž§’ (–‡&e¡°É„µë~’ˆ466¢ªªJÙgâø²3¯—Þü ^ûl †ÍBhb¦ïë5]ëG#Š©eæxqE).ºö¬^½ú˜/{–øòË/a³Ù„>Ì;gu]A'!ä&ÜMX¼>î?Ù)“÷`Ãð\´Üý7 ­[Ïñæ;½ý¶€ÚZ[1z϶öø|÷ýáo¼‚°ûþŠ¦ .…·ÅÅ‚ˆ%ïw«íNŸ%‡Z™jÇH'õÍv”T5"9¦{.^np ø®8{áæ#–'L”.¢«™žÁDAöêûìòýém ÷x±ø#gZájkídÍBô i)Ih+,AhLŠªØÁ›$òâúÉ­ÿ”âœñöAçž8‘v2^vc%·c©[°´/òõjß_yLW¶t{e÷ofhÍ>ï,}¹Cs‹,»½=íùpLi¢ç),*Å_žx:k"NïìuJlk@Õk׎bOî|áS yÿsüå–ë÷ÝcA]]]û‹¾…%2IHH Š‚ NRH 2aÝæëþžßäðÞ{ÐöÕ×]ê°dÞú!®`àg̈Ð;Ú6³ ÛŸÿ‚ˆO>’v¸6oEË=÷"âÓ{¶X:65•ñ8ªc$ˆ^H”Õ‚k°i%Nž ƒ^›ðÂDÀµ%:¸}ÏÚç Ñ㔌ÎV$RP\o<üý×±…=¸³6òkœ¨´¹1ÄjÀù¾øu¾åŸß5áž¿ÖcDp±øî‹ ñ±Ð9vµ[„wÃ*Sk4- AH $NV”ð¾;J™¥‚ x/…A¹øÎâ¥Â Üµ˜­uæEüýÞ»1ʼnë)×PâåÕõ¸÷ñ—àÔ‡!3 @Ñ2°£ž)}[C¾IBŠË‹¸p#t¾ID„¯Îå¾Íï+s Ö'¼I*qì`>‚xûÞ×ÐÍðºÐqD éDP-Á¯Lí|’ðKô&µôëNr’`ZúË^¬Ö¥väÙ…EËnáÙ̆–¸\¼ùö»¸rþåtÁô0Íö6<øÔÑàðÀÔw$Œ&kGr£u÷í6XLর ,ÙåÀ÷Wÿ ל7×]5¿ãG£aݺuÏ RöíÛ‡3fÐEBq’Ab`i˜~:¬O?ãˆap.ÿ¦iS;Ê\¿l€ãµ7öÌ“¾‘7t«}ÓÙg¢íƒ…¬¾Ì*Ð4çôö™›Ó. ÷ÎÝÂkÀÃØ1püï-XÜÇ‹`=JS™”`#AôFĘ¡&ΛŠEõXº®§OFXˆ±SÖ]UÀþ:`F&Â&ˆG&Šò ôBùà {• „^Ë÷¶¢Õí„Ý LêcA]Ek{bÃÃmö½ð­¸ïk;þ:ÂÀö$̽Š-ß­Ž ¶.—£ÓDPšYT«H«5™ˆ´¾’¡a¼/ʆΟoþ—ïË{A—zjˆm(ÕS,±@—5 øÝÃ@ŸLÕýkÙ‡Z?¥Çy´(×Dlµ„<ÑQ*ði=©»°XÏ’<›·}ŠiEÅèÓ§}{—Ç‹ûŸ{¥%%Ï SHxP3‹m…ëÇ`BCxžùjþ÷ñÕ¸çækqöìYG5kÖ¬ÁÀQâ ‘mÛ¶¡¦¦†.‚ ˆ“ƒLØÃÂöû[੪FÈÜÙûÇe¶[o‡§ôÚ¾XÞ±.¦hŸðZ—>°ã½LŒk¹íN´<ôˆ5ØúÊ íû}ú ØnþS‡ h}îßÛhm;äŠËa[pìO<-X8†¿ü‚ß2yÛjÇH'ü¤BâÒ5¸O8&[ñí¶Cˆ 7cŠïnšç{žÞë[†%çdw<Ë?3áýÚ/ºK‰l*nžªVœ;2±V\V“o›Ð!Tç›TžW0þ ¾eoÇÁ‚‡¯ÿøc|»e V­_O'¶›0!að´ –@3xZœRö_ùÄQ-9‚\˜'U 0ˆBÑ׋¡=ˆŒí|>䢡‚¸æOtëTîrÂûÉ«Às†î‘÷U÷¯eZûx¬Ð*bx4¢£R¬N¥6yIBx1å?ê(¹)‹B TH4™—_[„I'ЗíóÔëbó¶Ýˆ4ƒ³Tcö”Ðhò¯15áƒqç‹Ÿã™—ßÄóÜ‹AÙ»5¿üò FŒøøxTTT lÒÒÒ°víZºX‚ NBH }ûöAÖ>[OAœ|HôJV®\‰x€‚8®°:boRçt:¹õ#Œ¸(Çÿ¤T*Š1Åu»+ÝØRjÇø~¸rb|§¸ŒâÚ6Xò"»q³R–s0ÒéÅö /B•'ÏÜw>þ8Ì­­ˆ:/,\H'9L; í:KTR—I¿cRļ^ÂàÑÀêÏ€ +€±3ýþV,ñ}‰‡¿ýwƒÞ¯R«Ð(åV·ò¶¤÷o¹À'ýîÊCñU^ζ3÷%_}€iS'£ÿþˆŒŒ»s{ýæ›o„ì¶ìÎGD¸É}àj«‚»ª ­z+¯)Üw"=’!8XÛvjC§G›5?;0õÒ[pæ)#ñÈ=·hŽ'ØÜÜ,¼¶úžØõÈÁììl444ÐEDqBb Ñ«`¿rfddà‡~‚8ž0QZ”Ö`Ó†§Ge²*ŠÕ-^üT؊̸\79¶c2(‡ØÍšIM!@G| ¶ôxgó¢¥M‡Añ¾m*;ïsïÞ½øäùç±è¥—ê›,µDD`ã–-ÚgÇÊB©@,22w0Þ_ó9 µL•„@ž+#Yÿõº+î„÷¾+ ËX›´sâöÉÝw;0¡;º;ž hÿþöqBŒq.Åj"ŠRœ?éýVK¶n¥¶¥H>ù÷W*øI˥⡴/¦A³ðÂK¯àž?ß.Ô èÓÉp¿æÝo¥0qëý÷߬*ÓÓÓ…u™™™¬1ÙÂê•W— ¡Á§W‡K‡¯ £ïÿ¹%^ƒYÓu¢v/ïQ‘Ђæ°4,þ©ߟ}n˜w~wÍeÝgæ.¬…§Ÿ~K—.=iÿ/Ò?G‚ ~UHô*á…=dÙÿ¨ŒŒ Ø=› b¼Bb 1n`“[6ÉXºt©Ï‚ âTðÒsÂÔT«lÜ@ƒÆîsR/øºÀûeNć—ÍçE@ÁUXIb w³ÆX#/2ºì4ÚÝØ`ÕâÜÒÅèõ W—ŠÁ2Þõõ¯ÃÀþÍÜÞÇ-6ÿçç?Wµà"Ô-LÙB32<Œ—„¥¢Ÿk>_‰CˆSÈüs¡YÿP¶wtÚŸ³šöfxŸý4ßûýØ‚ Í–-g1ëK0QÛþHÚÄ?¡=¹˜‚bëAá8Æ•xþÅWðÛ_ÿ‚wÕdÛÙxÂÄ& 2M–ñöÓO?EUUo(|—•ñÅט ®)I HJ™ëìñºhi=Šn—vK`óÙ×ÆMò‘ðDÔrßÁõ?| ù)6<ýðO05Šêv™¨ª†Ë/¿|REÌ2,´··Óý‘ ˆÓ‰q9ù£xÄxcÓš—Q˜d‘ÝZ·ßý=^ þ²Ý…dpÅt+¢ÃMÃâú¿öìQ°ˆbilÒÞïæ-nD[uHŠÐã}n1ð5WÈ,f_xê)hDB ¿øŒŒÄgœ!û»#A0xÒ’âpÔÑ Á¬¸pó'òÉ%#P³8”KHP ·þ ÞßÝ=zíŸs4V»×³Ïûã‰ß‘¾?ŸAz¾‹(‰Ò}åŠÈVWg´ Cƒ½{÷òI/l±?‰ü‰“m¼Þ¹s'^~ùe>Æ"³Æ–G"´1WãÜŒäpm2a°âDZêËÑ£ ƒ'j ïš«f<öø¡Øב†ƒí.œÿõû07?ÿxêWˆŽ´ Õkjj’ÝŸ‰Ïlnã/öà÷¾÷=¾LVØÚ„<(‚8 1 B=}(«ó +Î|Ò{.²›°›[«lªñò¾½7pí #·èО´€A)‡ëûaâv×qíôtºjÔp“{ÀŸ°°hàJ·d¿Çz›V¯r HII (6¡ŽsÏ^ˆ½¯mEdÖÌ ¥‚$êb¢â 9ïxKw©_˜Ïï®G€ßÜÌ8Sõñ'rÌÀ@D_ñ•ÚVrUs¬@÷‘î+=_ÁrM)Û0¼´¹xå¿oññ’™ÅD©ˆˆú퉸óÎ;ùDW^y%oõñÇó¢ ûÎésj…6&Äd%óõN44¡²ö ô¸õpDN×d ºÏ‰H¨Õ¡?,+û1sÕ¸rÅ™xü?ä…>·[þËøøx> ³¶$‚ &$A¨ Ülà'ÒŸ–´"3ÖÄ7Nž`3pCÐçÒ`i–QV Ž´xecÃÉ=øÃêZ¤u9‘¢× Ŧ‡…YC ®¼¬úàóu\)êh¿¾¾Ï=þ8¬}}'µ·dɤ§§Ó 1ógÏ„ö¯qÏf-Ø”„<Á¢E¼0Äá=iÒ‘*„2RMVPcÖ{\ñ[Ä —ÌýÐר>¾ZÑo¼Šƒj…½@ú»bLµ ŽåkŸ‘üî­u´yÂPVV†ââbúmË0mÚ4Þ5øƒ>àïaìO-ö}­_¿ .ä]~G+®_r|,’âbÐÑÙ‰’ŠC|¨Gd¼–¿û†âøAï«7¡Ûš‰>Ú·?¼7\u©b[ì~ÓÜÜLb AÄ$ƒÄ@‚ 0&5RÏ+ªZXw¸1F¾¸X´8Q¬÷’&àh°Œ›WÛLl¢-,‡'†`p¡‹E—Ç‹û_«AsƒgDPÌØ^ôA÷h檺ÙÜp—~îyó`ØŸÕÕÈQˆä´ÙèbŽÌ’$ ýÜ‚ŒYûhÝuOêâ&X Ée?’01QFˆSÜÝíÉ„?&2°O3ðèië/;¸c¹”czº˜£ÄÅ節»å¸ßz‚ð'…mb«A¥d£-bÄx{'Ú¹(‰€âç‚Uø¥xêl¼ýîûü½…Åìëëãÿ| $Sîd"//_|ñ?022‹/æ­öV¯^ÖÖÖ ¯­Úñ• h3óÒ0';‘í%Ð5ìã€ûì˜g(ŽËƒ3a>ÜvϽù9ºúü椤$êTA“ r&‚P9Ùv)ˆli6 ¦¦*ï÷¥åŸû¤"£µ×ƒ5Z1'3w/O@g¿ÿÚÒƒ0 ~l¯ ˆ‚Ld- ï‰és&ö±x<Ä-žZZZK5ÄÄÅÅÁìê8éÚ‹_˹Š_ ±™%Œ ˆãŠã Äx'垺o šhD<þª=¶\¥ã‰·ûz.~´Æ¤ lÛ§¼Å’ˆ°q€Y¡±bœäÝ,»²¼ë0™Å`AARSSqäÈtttð!Ûw4­ñl8cjjZPV½}Vn2`KSµo(ŽÔ¾:î;IœŽÊîV|óÞ_ã¼óVà†•óh#‚˜de A„ÊIµÔ2P\Ô,<Å1Ùë^§/nïDe‹·ž‹y™V¾ngŸÛË»y×`ö ™ÄÔÄfïÐ?øºcp^Ïâ 6vsççpQöÅ‘ÒR^ $F‡¢Ü,ôw4ø­'u ¶ … Rë@©õ œK1A„’`cSú.í«Jç0–·•?ç$M%¶ßôés°úݵhkkãÇiÇMÍýåtGI äïÜ÷Ãâ²ï’‰‚Ìu¸°°O:²eËìÞ½Ûoÿ …H—%³r‘d膶z àèU½ï) ÍQp&ÎÆšÏwâ¶{Æoþò Y¢AL"H $‚P9y‰(^ü1«¯÷ÙñÎþ\=+s3,Ä7ÿo%/21-':™›0³dщvqåsîœZz<è¶{‘¦Íä{QÌÞÕvuQl Qdå²Å°×ò)‚È%Þg" +rnþö%ˆ‰2Ž†¢Ž/!.±XxôµïH¬•ÎMI44'àóMÛx«6&öôôð®Â„<,®ÝnXÐp÷P– ÷øñãؼy3ÿzîܹˆˆˆà³———«î{ÁŠtì:NÏŠÃôœ$êvíU£çîÊ6"ÓÑ7?}ø $,ÀcϽF÷‚ ˆI‰A*'ØBi D Ü_çš’>>É ól7ë†-FÖöñ" ³dâ[²¥Ë ÒŒË@f!x ßƒÆn7¢,Z¾ÀÇ:˜½¥üÎN”•–Ò !Ì…Ïf³!>>ÅE…÷vfþ©¨'îWrbŸë)¹:dHL´q5˜:¡È¬V,‘Kø᯾x?¹dQr‰DŠ}ÚpÞ2ðOzz:ŸÉ]LTTï>ÌÁÇóá.\ÈÇdIFñp4EºÄèp,[ˆ4s/´ {¹€{ìbÛ×÷_€K6îûéƒH›u.Ö|þu2‚ ˆÓ ‚ ü°sçNôÙ]#² <Ü䓇â#t¸¸Ø‚D›~ÈJPÈ”ÈøÙ;µ`QÎÁÒɶ,d®Â̹÷p¿;ÚØ­Ó )BŸQœ-5õƒ…E28øëOÐE !b1²¿ø¼%è>qxhÁ¥äÞ+¼ïKô' ÊíG‚ *BÝ—|¹ÑJëŒÆ¹)Yù©±þógAèï3È ‚²ç˜PˆM[¶Qça±Xd·37jƱcÇx±O€YW3×a6&oÚ´ ÈÉÉÁìÙ³±cÇÞ}˜Õ_ïPŠtBüÊâŒX$Za`‡í]µ1’ãè7®ãf )³Pç²áÒ«¯Ç¬ó¿ŠšæNê„A§!$AøaÞ¼yp¸ÜØQãFW¿{È•S(¾Üiºü÷  Ý^|ïL3Rlºáƒð` A1¬5æÌÄ@&¶s¥ÎéÁ¡Nº¸†-Ò³þä…¤’ –°dâ"K8bô 8pà]ØÁÄ@æŠÆ,P˜xé…+¡m-¶Ø ‚Rë@¡ŽTT³ˆ f?‚m‚ô¤ûŒÄ%W®-‚I0‰GÔÔ“ZÊñ>æØt|±ÿu"ñ}´»[6C°ðGK²Âž766³ªd™óóóùíÛ·oçï×,–`JJ _Зëp¨„¶ô„(ÌÍMDDW9¼]õíìñC‘¡¦xg\‡VM<–_uuB‚ ˆÓ ‚ Ta1`N2PÕìknßõÙûë*½ÜÜÿÊ"-–fë†&ãB6X–Q¼\þû#hïqóÙƒ™Èâöz¼8ÖåDu· Ñ̚ФÅf¹…§ŒŸ0àà ³ ´aÀýØÃ-ªnùÆ7袆¶e‚ Õjå §åå ¿«…)²‚„øµ *‰RÑOA 1™Qç/Ð÷F+YÉpAP‹Î~ïÕ\ýõ¼U_ii雯˜„„~ìe‰FÒÒÒx+Á¦¦&þ=6n&&&ò–ûöíÃþýûŽ  ¿¿}ôÑPÝ@úV [D˜óòas6-åãÎeø$¬1Èš½IÞÔµö`ÖlÊ4Lq:Bb ADÆÅñÀáfàH ·Ð™K3ðã àŒT`I¦fÈ•W°d ?¶hÜ„å`ŽÇUÝ.ÔôºaŽ0 ‘;³‹àšrûÕòE£8¸Gæ`Å2oÈ» s #·@¢,•¡‡Å¯b.Ã÷Ü~œ'öC£3È.ºä,ÅbŸø}±*Å$Æ’ÑÎÔ+n?PqC͹©‰Ⱦ¡ü½É¹Lý9”4ûö‘õ¶˜«¯¾O>ù$Ÿ4¤®®N¶Ntt4Ÿt…ÕaÉCؘY[[;tí˜ëðÔ©SùX‚l{jj*æÌ™ƒÊÊJlØ°aèž8"»çŸ‘—€äpîZ7æ*xnc$ÇWw¿²d/@^´µ‡¶£Íƃ›•: AÄi‰A¢çFΉ@šmÀJ°bÐ+i#ð7ÇÏ.̬†/'ä‚OIüÓÖçFM§áa:ØÂõ¼Ëp?â n¿f|éö+çÌDÀˆÁÇØÁú1l±„KA·Xzá…èb†&2WáiS‹‘gÛÞ«¸p‹r‰E!PITZôùr&‹Ab4‘º¼PM²_uB•ñW©­P ‚r‰EŒÑiع¯„:”fý÷‡?ü7ÜpŸ5X'PLff&:Ä×™5kÖ°÷˜7§L™Â[ :Þj½f±÷îÝ«xÍG*Ò±k<›8dDë¡mظ·1’ãûÜ7&Ó  oÜ{8w/3BïìâÏYo0Pç#‚8 !1 "Ø… 7?ž•„D@“¸¼H‰Pž” Öü[¯/°ËîFM»½ 6´Ü¢PˆÈ™ÍõXó,d û¯žåQdKXA†0YFaÀ=8að9Ù´^ÛÔ„µk×ÒE 1âø÷Þs;:K7*Z*Åô÷¾¿…‰}D( $qF(µe ¯„ Jm©‰18ÒÏ#µ?×Íhh¥¤ J0k>& ²q¶¬¬ì¤¸½ì¾Êâ²Ø€,µ’ ÙÙÙ¸îºëÐÑÑÁ[2˽¢¢"~üþä“OPQQ¡úÚÚW R"‘—]Ã>xÝ® ûY(DB)¶üÅHtŸÀÑÚfÂc`ñtA§˜¯h¹¹ERtu:‚ ˆÓ ‚ ÔàQþ?!l@dJ iqöH±£¹Û…ç66óÏS£Œ0´¼´Ç–7nQaB ú˜Û/³ðc¢ •=1ÐËUªoØÆÄ?&üÅaÀ"0ið1|ð=K_lc¸ÀŸŒL-ÌG¼É—½ÇçΟˆ!' V‚rŠåD‰`‘ë_#MÂ1çè±}í+è‚=?5ïËYî²Âþ:qâu@ØŸiwß}7|ðAþ{ª®®>©³ÔÎÈÈàECqbá»fãçÒ¥KqöÙg£ªªŠw?fafÎœ‰ööv|øá‡|’@û—‘.#!S’mÐ5ìw“ð»oÈ­YOž‰Üh \µûጜ‚(³z¯c(±_ÜýHNM£GqBb A„ªÙµ'dM1 æ.Üë/V¶8pÛYqˆ0 w!öã‹ {¼(ÈUêm*ë½H°{±|ðý„ÁÇ ‡æÁmÌRYv”—óÔ‰Ñãûw| ¥›NZè+(ˆ]‡ÅÏ•Ä@²$& ˆoJBž?/ßš?7gi¼Ã‘üÎäDMlöíßOÃIII|,Á³Î:‹·”K0¬Yøñw,ŽÕj±X°jÕ*Þ]xÏž=¼ûqzz:Ÿy˜YnÛ¶mX’'¥kèuÎLˆDajtõ»ÆÔeØmKGfÞ4Xšö ÑŽ¸ø„y\‚ÙÜd¸hç¾—,êhA§!$AŒÑ"Wœ@äý=xcw®›ƒy™V¿u"„?&2÷ß Xúi;€š\=nœÁMôçrÛØøɃ¬3X´ î/ˆˆL l¯®æ>Äè‘—“‰h}?œ½í'-à‚±dòk0ÐÅ!A¨ÔöÍSunZJ…@Çr¹óº÷óÛ?×D¦¡¬’,ÕÂâ>þøãüó#GŽœä:,ÀbJ“6 ÏY&âk®¹†ÿ“ŒµÁ¬ ølÄëÖ­ã·ùëŠt©q(ÊJá-GÛeØk°BŸ>IÎãhhé@töL$z \‚e [B D‚ NGH $‚CöÖ:ñö¾nœ™Ž¯/ŽE¸Éÿ0Ì„<ïO° L劾è®q¢§ÍŽbn³˜›øa@ücu˜ÈD@&F¶!$a‰G˜• ¥«‹_ì£ûnÍf3îûÎíhÞûSƒý ÒÄþ,þ”„A bdë,µ( ¶ƒÕ†#ǪéB‹ÙúÀà®»îâ]‡ëëëeë‰ÇZiFwV.\È»³¬Ã |âf%È,±™ëpkk«êsR#Ò%G[P”]ýnÀãh_5Çg{9c øxƺ¦𤞌8 Â4ýC¢ßI¢Â>?AqúAb A„˜›P¿3x7a6?ÔäÁSû‘eijlH²©áØ ÍÄ?!+°Í 45zÑ]Ó‹‡ K¹¶grÛ‹ëåq%â«5¸/›Ê3ëB&²PàL,4:h§˜T£&$0!¹¦Íš1 g¡»¾âËÅ™Dü zb`µÙ€¥B"AŒW&r•;o¹¸°Âv5߃8ã¼THìésP‡ ‚ܘË\‡çÍ›Çg –º+YŠÇb6~_xá…|ÖFgg'¢££1}út=z[·n ³ K¾äh+ 3â¡­ßã7,I "¡Ç…è¤ DµíA›9i9…H4öB§h øeѹí|<âŒxJ Bq:Bb A„Ø‚‚‰»êÀÇù „.n ò߃^4t{Y¼n¤Fêyëö/¼„ìÀñÜ\¿¥ÁÚãÝHèìŶàÁ€ØǦéÌâÅ‹0a&2Wbëà6Ã`á­Ûw(XN#GãããñÐ߇»z·h󜴠“ÆÿÇT+œˆ±j„  ‰P"_/T}LM2@ã új#”™“mKZß©£¸®#à+_ù þüç?£©©i(Áˆœ¶’8ÈJjj*.¹ä~\f" {Åd"áÆqàÀ¿ñU» ÇX‘ MÝžÇ$ôh°ÇÁÚUîž>DN]üx=¬:×pÁOÉ"°«a&-^ÿߧ ×R²1‚ ˆÓ ‚ TnÒaN2PÕìknßõÙûë*=õ^\U¬ÅòœK@–iŒ1ifar&e±d¬Ûò% K"$ÝÆ>Ë­?¡ŸP†%yâ‰'pÅW ¤¤„ϬF”>2‹@–u˜¹³¬Ãì^^\\Ìóï¿ÿ>ZZZT÷_ãsNb8£Ã€Æ’€÷°Û²aõtÁÜzÚiW¡8/ ‰†UÖ€Zg¼­Çpå5×aÏ›OáìâDêDA§),Š " ã·&+iÌÜš3ð(†‰€Ì‚pY50赃.d“w­Vþ˜ÄàÝm<ÃZ»€–ÆnRïÅ\nâŸ÷_V˜¸ÇB3 ?Ïà6a¹ÉäF& Gq‹Þsî×7Xˆ±ãœ³ÎÀß~N{ æða :%±@¼8êø²*• ¬¯ ¡´x"&¬Ï(¹ÆŽ¥Ðˆ¸è¹ÉÅïd„ÒíÞŸ{±øØâów˜ãPrè222ø×,‘,à’%KðÏþ“Ï:Ì,þÔâçŒ+Vðq™ë0»ááá˜={6***x+NöÜd2¨OM‹DŸ½­mÜd"2Cõ¾.CØ4ÃZ·½9«PdMצ#»gJa&øÇöjÄÄÄáÅ¿ý ùÉÔi‚ NsÈ2 "@ôÜÈ9ƒ[“¥Ù¬«;¶ïoÞ: äÇæqrÃÉ‹?fE $2t\®^`oe?jëº0ÅíA7Q× ØLwdÍ ®¿Ì ˜¹ ›Køà#«¯Á—"à°c ¶¡£K9æüð[7‚à IDAT£õ‹·ywa¹,ÀrÛ+A!† /A*j¨IHB¾DDIâ %Á/xþÚðgQ¬‹½¯ºb+@©+4ÿœ# ö,åÝ\Y!F¸èáî½·Ür .½ôRìÞ½›O¨• +±±±X¹r%ÿœY ²÷˜Û0mwìØÍ›7ó㵯~íï<§¦†ÁâjúÚü¶áÑЖKG)\Ü]?~Ñõ83Ç‚X³Ç¿% +.nÒÑ^…®ÿ 6¾ô A“å¾H_ADp0±oV³þM:àòBðû¤‹>a¡çËBë¨+ž¤Ù(¯íA’Ét ˆvŒˆÁ›‰€ÌêµÀbZMøÒP‹“…@f („Pg" ~°^XB]È1$**žw6ÚJ·ø&†z>\†¥‹M¹B.†ÄH‘³B•mw,ÏYîwãïw¤ô»ô÷ûU#É% ÚÆÆj£ååhllä X×ûï¿ŸõXÖa‡Ã°•`__òòò°lÙ2”••ñí°ë–““÷¿~ýz”––*ö;ýÃj±  ) Æ®ãÜ Ü®ØFŸ1Úîz„5}Íôë0oîläE:]‚‡Åd¬í82âÂðñÿ=‰Ÿß|Å$‚˜D›0AÄI¦'ú^”LÀ½² ÔZO~»ÅŒƒ5íøõ¯B\û½Ø¾y3/Ú±ÂÄ>hÀÖàK«>ñsŸ ãÁ–ŽÁ}œÜbàÌK/¥ 8¢³µZ­¼KÙu—]{~‡î¦*„Ågø$Ä®¾r"…àVèKÜ¿&Wab²àËrv´ÈØ Í&<ô;üwtvP‘Qâ‚ .à…À^xÏ8ÌÄAi Vâ û£æ¬³ÎB[[öìÙÃ[Z,äææò–‡}ôŸ„ŒÅUÓ—Äñ1‘ÈõèPrüÜI³†Õwê¬ph´Ð_ç´«‘›‘ˆŒp¼ü¹ëÛzÞ×Wg~p÷m¸ñÜÔ‚ &!dH¡+èÅ?ØjµCV¶.—ÏTNÇÅ­Å+®Ä|ˆÅ‹cÙ­·²Àp¼5›¾3¹þ*ãx CX0Ç¥þÁ׆°0ÃÃéÚŽBfḸ8^|ð¾{Ð~àC¸vÙE›ØPœ©RÎzIjù§Æ%RÚAŒ­2¿Eq\¹P¢7‡™5åd„ýQsûí·óÉAXb&êɉ¾ÄA6V³qÅ$t¹\¼¥ {dc~AAïJüÉ'Ÿ ««KÕ-†eN‰‹„·þÀÀT„[ºu“à©Þ­Ûˆe÷àÜ)ÈÖøL2dÈÍ 4íÇ‘“‡O_~Œ„@‚ ˆI YA¨Zý¹ƒÞU¼ãàÅÚbüöÕ͸ó®k±}Çß¡×9_qà ØóÚkøpíZ>9;²NôHhr¶?[v„âX‚¹S§Òuصgb `!È`V(÷|ë<õÜ«ÈXzãIB ` (ì¯äÂÈꈊ¸GŒÙB«8ñk¹íÂñü%ñ%p+ZHùù,J F#§ô;`ý”ñ}L˜1c¦M›Æ'©¬¬äŒø² TÊŸ••…ÌÌLÞM˜ „ÉÉÉ|‰ŽŽæ-£¢¢xP:®ûê‡SâÍhïêA×úÛë`Їvþ혗Á{& üq¤¢¿÷µÃÝQ?üìÌËO¡‹N1É!1 Bµ^Tu‘Á/œ=/>ê(À#ïÅ9«2±mÇù…&\y%¶nÚ„îÎNÞ­—fÊ-H’j–ž|?P0gvhÌâp½Ñˆ¯½–.ìÀ},»$+Ì}Œ ÝÝݘ?£ç.Y€-%?õìa‹7¶¸D©à'  ¥VCäL¾Çc¹çÁ¶3šV¶Zƒ….Ø!$aÖÿûßùkʬûI."ˆ‚‹-Boo/¾øâ >† »×§§§£§§~ø!ŠŠŠ––æ·_1ØŸH9qf?´˜z²ò 17ÕÀ'™‘Z¤Ê ‹7\-Ç0­0¿¹çn˜ äFA›0A„*¶}±û’°½VW€¹ؤ|sWVWGcso>Þ~ï#üú׿–n¹í6®Z…6-ÜkVĶ‰jeÁ ‰‰ÌA©‚+›¸rÉ 7à[ßÿ>]Ø1† tLd×>&&w}í¤„¹ÐQ}hH”K"]hŠ]ˆåƒÒ6Èb †ÿåž‹krÛå~¿¾, •~¯^Ðow¬aV|÷ÝwfÏžªª*þÏ›@’‹ã2ñX‚sfñ Ùø_XXÈÇÜ°a߶?˜8i5é=ó\²t6g[aÐëä“‚HKLÝÕøí}·â?¸ž„@‚ bº#A¨ mJ16¨ÆÔå×au…}*CîìHÄí²ñAG>øx~ó›ßðqãÔð‹'Ÿ„iêTtp‹ÕV Äúc‡u-YÝv®4p¥–+=QQ¸ïÿ ‹z*nºÜâLY°zæFöÐïFO·(l<î3ö˜8>•TTŠ%(”¬—H(œ\Èe° ¶ŸãNb™´Ÿ*õ[múú\Âv9!0TV´¾~_¾A¥ÏL¿ÍSËÊ•+ñ³ŸýŒ·ÖgÙœå\ƒý‰ƒÌYžsÎ9¨¨¨À±cdž,“’’°sçNÞ}˜ …Ò>À¬ÈY–b–Œdîܹ¸lQ>â#ŒÊŸ¸pw~wsfMIÄ¿žø1fç’[0A1r&‚P;`êõx쯯`éê·q÷m7ãÊÜØ ò±+ûlx¶$ˆÊijÿ|ŠE(,+áºýûñÎããŸþmÜb!‰ÛÞÚ…)Wœ;¹r”+GÂÃñ—uëèbžB!†‰Ìe˜-0YyTþ±_ýß{à—Ð-ú ,‘ñ>cJ‘.>åâŽÄxa¬.¥ø‚þâ*g .Áþ, Õ‚Äø€×ßùÎwx˾_|‘·öccw V‚ì±½½Ï*Ì2CïÞ½ |†áŒŒ ~³dÛ˜û0ƒY2Q%%a Aèó':kzš ··ã±nEzB]D‚ B² $‚‹/¹ ¿8ˆ-Ži8Ü7ÌJ¯¥_‡Gàá}YøáCÏà£? Jsé~„3ŸxûâãÑ °Ã¤J'‰u11xà¿ÿEÑÌ™tOLˆ`.]ƒ_PZ­VDDD -% ¿ýåÏѸãm8úºdE@©{°?±Â— " Ä鎿D"ÁüvåžzjÎ+T1 ‰ÐÁ\{Yx–ü£¡¡á¤±X8Èþüa}gñâż%à¾}ûøGv?`‰GØûÛ¶mã]“³³³1gÎœ!!_´ù³ôºàn:‚¥ÓÓñÂÃ÷HAø„, ‚ ‚€þÞ°e'î¿ÿ~<ûþk¸ÓÔ†µ'bp°U»îù.^¹ýöa‚GÊ7¾ýmX¸o?ü0Þ{Öþ~°¼´Bv`ÙÅå`±s‹{z:¾ö 8c0~qêa‹7&²øTl1È,N|à‡øÅÃ#íì µÚ†@©(!,Õº{ ‚‚©˜ NGÔdV+´kY8RñNzžöîvº°ãöGÎõ×_+Và駟Fss3îÁW–a9q¹³9ÄÔ©S±eË^db ÛÎ,ů¾újÙqZûåú°§£W{à6D‡›ébA~!1 "Ø”¹ ?öÖ,]ŠK.¹<ò<÷Ý|¸Ñ`Úœ9˜öúëxÿí·±õ¥—pÓúõд¶nyWe/·pqFF¢á—¿Ä¢•+‘•ŸOm!Äd L&²E]Qv*~ñ“ïâ‘?üÉg݃É2L Ä?±uŸ/1P¨ÇêB ¹ba$øÆü‰iÒ÷åÜÛÅ}Un¹Ï2`ñïIn›x»ôw(מÚïØW½ðYŽ3XÜß_r÷Õ>økÖ¬áÇUfé­”HDIliiá- ÙÏÜ/¸à>~ Ò6a’÷¼nõqýù‹°lþ4º8A„úµ,}A#ãâ‹/ÓÅÚù—]Æx¼«µÝû÷ÃÔÔÄ[ ò‹T½ÝÉɈ_²3æÌA¦ž†úñˆ°€d… Ë}}}èììD~f*îûîxì™ç‘´ðJÌáC‚ T ?WÊR*Rb2Ì8­6Æਜ/4p9úCjeN„ŽU«VaÑ¢EøÓŸþ„C‡ñâ…þâ+Ë°xÛYanÈ,f ïΨ ù>ÙU‹½~ç+ˆŽ´Ñ!‚ ‚fAŒœgåJú2&8Ì:PpfV‚s¦Zð‹{ïÂÏó{džwûÉ"Á 8!¶dÛÑ@°”å¬ I,$Æ3þ,íÔ vrõ”’}È{´cù ô¹su;úé_$"N,  Â,úþøÇ?ò׎y¨M."Íï !6 \vhšá‚3gbɼ é"AA1fƒ:½˜²úŽ“¶è¨BþšoÃøï«1çýbSÓaÙýÕÖóu¬@êmi.…æÕ+¨‡A£ÃÂÂxËV˜0ØÖPƒÄü9ŠnˆB{öÈbN EØî/£©TÐ WD"Ô J"ó©êojãl*«/×`µ‚¡/+Þ/ÏSËŸgvVâããùBŒ_fÍš…¿ÿýï˜?>Ÿ„Yz’\DmßEg Â;Ë𫻮ŒySé‹'‚ ‚fL,úÛqå†GQÑÝpÒ{z wç_„ïpå‘’×ñLÙ»83¾0èz¾ŽH½ÿÙ÷Ô;‚ ˆ1A° d.Ã,™H?ÞxïShó.ð)<ˆ”‚uŸd^h^NÜ k@b¼ãO4 Ô*Pm}_Ùºå~‹þêü¹¡³¿™é©d8ÆñoûÛ| á‡zõõõ|‚5V‚jp¶Àµ—-Äô¢óèË&‚ F̘XÎûàG¸%ç\Ù÷66•àŽÜUüsö¸¿½jDõ|Km=fèòzÆì"¬[·7ÞpÖ¬^M=’ b ¶dB +ÝÝÝhw³Œša‹F©[™T ” JÛ ât!Ð$¡þ H- …çír¿[¶»¶óŠ ò‡ÆbbžžŽ¿þõ¯¸å–[ÐÞÞÎçþ¬Ùøï Ö΂T ¦Q"0‚ "4Œ‰¸}åc¸uŠü¿Xu}m0j £á¨è®Q=_ÇR[YþvæM£þ½°àÿ_»ù«øøcn^"¶}ò6¾qÓõظq#õL‚ ˆIÌ?^~úôÙC EÁõWx.uÄzp4‚8 äw"ˆ‚þD@ֺò÷µðî§ÄÄä²Ë.ÃóÏ?œœÔÖÖò®ÃJqM&“l콊Š LŸ>7Ýt}©ADÈ7ádK´â{}nÇ°×.¯{Dõ|KM=Á*pQ\Á¨}[·nÅï}Ùɱ˜ŸŸïàâ.2Ì ›Õˆ7_z/<ÿ7|ë®ï|™ € ‚˜4ì>\c^¼Nû°#»WÉAüY•ˆÅ!&•à:LîÁÄH³äŠ“ÏȨðLr`Î4,ýµéë}_1 î~>t1qaI¡}ôQ|öÙgxꩧx×Ḹ¸aôð×ZÆò³¬¬Œ%ûðÃ#**Š¾L‚ "¤œòlÂqø it#ª7RFÓ*°¼¼þöDšµ8Ñtæü5`á18d‹4·Û‹ø¨pÄzÜxáÏ៦H|ï‡÷!77—z+AÄiŠØRdÇŽè3ÅÁ ‰E&d» â ’ÕŸ8– RÒ‰Éô;‹}‚Ù_®ž-"Œ.ÚiÂòå˱páB<óÌ3xýõ×ùŒÃ‹E¶nkk+Ÿ„äæ›oÆŠ+èË#‚ F…S.f„ÅóY}m+º]ýH³ÆŽ¨ÞHù´a?ô“¡×,£°÷ú7GÔ&‹rï~ˆ®öfœ»` zÝPÆG±»€`±!¼Nˆ ‡ÃÙ‡ÿçHÊÌÇ]÷|iiiÔk ‚ N3Øý€¹±òï7VCŸÏÝ <²"4† »Ÿ ݳ$®ŠÂs±à' ÅÇ a £á~H²™|¥Â¹Úc©µì“ûú{­´¿£§±dx:ÁÄ¿{ï½—_~9~üããرc|–h½~`9ÆÆsf9h³ÙðÜsÏ)ºAD(8åbà™q…øSÙZÜ_|ž>ò.ÅŽ¨Þˆ'"áo¤B ËùÜßÿŽ}»¶aѬDXó†b=‰…?Á*Püš¹|±G7AÈHˆF{ î»çväNÇ~ü¹ AœF°ûBoo/ÚÚÚ°§¤ ú¢bx\vh©‹QAÈ$,Ž('”B‰…âô'”Öq§"öä°˜z"]¥Œ¾ÁdÉw£¿Súûõ‡£©g®šMö4$//o¼ñÞzë-üêW¿âçü¬°?ƒ¾ûÝïò‰G‚ b´Ñžê¸#ï|xã%TVVŽù±ç}ð#Ü’sîIÛ76•àŽÜµ0{Üß^%»¿ÚzJÇ ¤Þ‘‹ÿÌ Ç:ûÚ+©óã ƒ¤½½ÿsÿñü3¿Ç×_‚•KÁh4 P­`¨$ :\nª$f+‰srîÓ¾\œ•¶ùŠèžê}¸æ¼%ˆŽŽFDD7Ä@‚ Æ‚ÖÊxç•g¡õ:P˜•Â­SuØs´ uͭر[ ’"L0Š4­ô ¦,¿mÀ§Ÿ~€KòÜÈŽp¶Y °8›°þÕÇaLÈÃ9—~QQQ£vþwäë6=ŽŸí{9á‰xcÉO¾ß_½Þëß ¨ž/ÔÖ»qó“¨êmÂëÕ[¾¼/¨Ø Æ šaˆèïïÇOrb#Œxàî›a±ÞÌÄ»P[JBá5‹ x´²^—Ç«1«03sçí/LPÅ…hA‹5LV î j,‡þRQ_î8A‡šä ¾â ²bì>Ëïà̬0!Ä@‚ F{W Ö¾ú,ª•bÚ”d QØ_Ù‚ú–N4Ùfái’L˜|D£*N‹BoÜåx¦äòK?ÁU3ÂatVKŒ4ÂÕskþöKDçÌŪ˯ ɸ&ÕæÇäâè%Ïú­«¶^(¶¿ìoÔÁˆq Í00 þí¯†½½ wßt)“뎖 ðšÅܵï0ì}=h¨o䃵,™­8Á‹‚ì tA ‚ &ˆxÀî,ü„ÝnGo¿^ÛÉ–NJE¹:¾¬¨Äâ:$ ãå7¢vÛh$& æ|•ækJŸAxnïlÆ””XÞ5˜¹S6a‚ Fw>|õ”ìßœ´xLÍND}k/öU4À””µž3ä¢MUíé¸iÂÜ84u^†Ÿ~QŠsmG°,[ó %a¬Å ωmøÇ£;0céXpÖ2ºqŠ™ôbàêwÞⓃüäž[‘™¹Êo}±È*+@öº³§‡ÊŽ¡ªºÕ'jQ”ŒüùÅ>'—RQú™ bbÀî½½½|éîî†Óéà3÷ɉ â{œÐ'X¬ûŠÿ*/¡…DE"Ôˆÿ÷G5‹} u¾ˆÈývÕº+Õ‘ž__ùFÜ|ÿ·é1ª°yÆîOþ‹ukß@|tŠ²ÑïôbwyZÜ6¼¯½‘­ýˆ1öC«1ܾͤÁü©Ù(íHÅû›ö⊴f,ÌÐŽnÄí8òÉ?±Ó{X°ê+˜>k.]‚8ELjåèÚ+.Æ’…sðÌ£¿€N§þ«• pÇÞ446áHyrÓpÞÂi>-•Š†k366–z5AÄ@ÛÚÚÐÙÙ ·ËÉÍÒÝŠ‚‚’Ë°x»/AP,<ø C%“Ô„˜` ËQ´Â“ÆTŠùçOÀS›üCíë`¿% F·£IQfDFFR‡"btÆjÇv®Å;ÿ~ZÙÉ1ðB‹G`׆áÍrôw4#ÜÔ~ä )cÌ^X óñq{6Þü¼7ä»1-–y.˜ZèõØúŸßcç§9Xvù73….AŒ1“Z ´†Ú¼ùîǸhÕ9°ø † ™œ â_0V€ü?Ê\;åUu8p°5'ênÂÊÅ3 -Âü¹K‹Þ`¦M1A`îÁ}}}¼ØÑÑ—Ë /·M,ÈÉYɹ÷ŠEB9ëA¥d $Ðzq+#®ù² ”Û_é7¢6釿6ÔìÓUºß¾åJº AŒ -U‡ñê³ µ¹SÒâaÐëñEY#Œæ0”ØÎÁ¦²vDë'¢£¬ IDATÃdb"`h³Þ&Y½ˆÊš‚Öô"¢¤7M· ÙÔÿg1jàj-Ã{Ïþ±¹sqÑußD„þ!ˆ±bR‹öÀþƒ‡QRrç,_ŽEógC§ÕúÝWœLD­ Pj›Z±mçnÔÕÖsƒ±‹f剀jÄ?¥í.7³(ÑR¯&‚˜°û›x³¬¡l w;l#» óÁˆ"â?¡¤ñ•î'¾‹@ÏÅŸh2*÷sŸá”Î7Ht·(¹ ³ßÒoËŸK±’@)·ÝÙ×É-–=(,ȇÕjåãRÈ‚ BAoã1üû즤Æ"*%Çê;ÑÙë@gâBüç°6w9¬Fk@Å{ ¼H³iÐkš‚GKìÈGn›t7òï›´N´Ùˆ¿þ|+ ]Œ ®º‰ÆA‚&õ¯L«3  ;…›Øyqäp jOÔà³ÏÖ᦯^‡¬ôT¿û«µd¯YÝ®Þ>lÞ¶ GÊÊáv90³ ÿgFi¢(L8……„?Q}‚ b‚܃¸ûKÍOz­V œZ¸Ä—h‰ 'g¨$nø²l’f¦—«?‘¬ñ"úîó=³ÔXMŸVó{P{ŽÒy˜Úd jÞ“¶ÕUº÷ÿàk|ö`›ÍÆ'1 ÔÙ‚·½k_|Ö}Œä8r’£ÐÔÑ‹£õ=H(\€ÿ­„ûX%,F=`4ŽÙyéàAj˜õŽ,ÜýY.Lvâü¬~¸ºÛø÷-;Ê×ÿ Oí^ÅÝŒEK–ÓÅ$ˆQdR‹— }ýÜ€éñ¢0;•·¬;ZVŠ'žxÓfÌƵW^‚H[„Ïɪ«@»Ã‰ÛwcϾ}pØ협—½¨žxâ+.Z­vØdT©žxÑÆ&“AÄø‡ñÌÈÈMÄÙ⟉ZîÞ0(*¹ñúÅVMZ‰¥»?ëA¡ŽXŒ!«¶‘Ê.ÄÈÅ_¹Øƒþ,劒õ ÒïR*jÚ»ZgA~^?þ 1 ˆ``"வÿÀ›¯ý&ƒ™‰‘pº½|\À”)ÅØV€òÀ¬­åç§J 0zíH´¸ñQK2Þ«lÅ5y&Ì‹n…»¯ ü­²£Ÿ¿ô¶®}+¾r'¦ÍœM— FI-Ú¸…Wwg ÞY÷ÌÈÃô¼täg%óâÝæÍ°wï.œ³|.:%L ÿš(Y ½Ýàƒ×¡··3¸öÃ,&Ÿ“G5¢ RÜ@¶Ä@‚ ˆ‰ÛÙdÜ8x‰°šáq9¨dL¬3_¢…8YƒZñ…„."˜¾zªŽ¥WP<×ò'ª‰7èÏ•¸ëÐg¸ï·ñâûc€ý!@ U{>ÆóOü ]½v¤ÅÛ¸9†»Ên‹AYÊ5øß-åpulXWšÇGœy«³v­¯‹ÅëG€oΊAª±{ô\Í¥øÓ¯îÁÿ2²²²è"Dˆ™Ü1¹Å‹^o@dTšÚ»±ûðqd¥Ä#16…YÉp:]xÿƒðéçð­[¾†éS‹eÛK&ÒÜÖŽÕk?Fee%ouh O=IðÄÃ`DA¹:ükêÓA’¸èHØkš`¶Åù”Ä á^áËâO|ÿ’¾'½É ƒj…ýG“ù{P“ÐÃW_ÉCÙ¦$Üù²ŽUÓ†¿ä!öÎfdÄE !!ž:AAÓR¾ /<ý”–CFB$"-8p¼F³=E×áßû;€£»¡qØÇéMÁco 7Üv/ª[[iÑÂ=ªÛÜhmj$! F‰É™“õˆ‹ƒIçËíAyuZ:–€Èp+òÒùŒ¿ê¤¤¤â;ß¾ I ‰ÃšÄ@VzúíX³öc.-EVJÏ.Tû|eFìsz`¢>M1!™^”‡–pÏ↠Òû€¼JN¤^ ‚ òíÏ¿¸'çJH{ä{:N›¾ÌP-Þ¦6ë®Z!ÐWjÚ—¶'=¶ØCÃ_ûrñ åÚ·)ï¢t®?½÷ÞAŠ ˆ èk­ÁK~[w@RLRcÃPÓÜ^·Ñ3/«Gc€]0Úûàçæ"çäèqvL}Ýp‡›Ðb×£¿»aÜ™·Òi1jLr1PÇ»fÄÄÄÀmï†×5ðIO¿ÊkŽœ´XLFLÏMƒÓåÂ}<ˆ³/Ä×_³Å:Ô”›¨Ö|¸›·mÇ”Ô8Ì-Î:+p°¢`¯ÝIb AÄ¥¨°†76qÏ2}Z$ âû‚ø=q’µbœX¸S²” $¾Di[¡Fì×Uca'—pMn»\=¥˜€Ò~,ôaV”öWJ4¢ô9:«öãÜE³‘OVA†££ýß“X½æ]nªåEÀŽ^'vkìÅç࣎ùp:“½N¯{\–” .ÈmG¤·.» n3z{{¡qv@¯qƒåÆÔètÑ b”˜Ôb`[G’lfÄÆÅ¢«Õ…þç°÷Û»zy×áÔøh¤'Çòqçe¡¡® ·ßó#ÜpÕ%Xµj%––ã_o¼³X8}JÀ¢žÒö@EAZpAL\’’’àéjô9žË¹2*eVJâ+ƒ½p?Q+þù:O9+²PŒëòXȽXÍ9*Ån õ=_©m5ñ'ý=éw d™çë=áRµB ¿×jÏ_é¼\Ž~hë÷á«?ü5L&ŸQ<,,Œ÷T!‚PÝNl|å¼öúëp:݈4£«×‰­‡0wÞ<4f]‰7ka°ç*;áǟŬóâŠB;íGáv9ÁÌYjz´èë·Ã¬7 =ýN> A£Ã¤žyðÁÛ :ĆŢüÈatu´##%ᤠv]Kš;º‘‘‡ä¸(>Èû‚é9ظy+þñï7QœŸ‡9CA߃õ”¶Ë% ‘Û®Ói‘––F½š b¢bïò)ˆÖI,F­pÏñ=H•„ ±H(e+')¹ûzÏŸ¨4Ak¼Æà ô¼Ô «r.­£õ'` ¸_)½§¶ ¥×j\„¥B ¿ù”’Ÿ\{þ²+—T„lÝó.îºñZ^ŒŒŒDDD/dýB„Ì8âv¢jçüãÏO¢¾¹ñ63\F=JO´#:. ÉÝŽ7ëôˆh¯†Éã€sœž¹‰nÌ3VÀÕ×ÉÝü`ÎÀm-Ðë­xþuHLHÀug¦ãxcbbãð·gŸ§N@£Ä¤ãcb A?o8sÚTìܱ{JÊ‘™š„¸˜ÈauÝ/ŽhBcK'O0Ú†ä8Ûº0§8'¤–~jö—«cÐêèŸe‚ ˆ LZb<.ètŸâ›€TׄCÁÚO*PˆãÝJ'±k¤´M_¢Ž?÷aµ"ŠŠ_´ï«í‡wâàǯ"÷¬Ë‘3kIèy*Ä.‰`Buü‘ÔÄXÍ÷H;¾„@qW#ʉ~JÙ…•ÎCü\ê¾ÜUE鱘V\³ÙÌ qqqüÜæoAHi9ð ^üË£(9Zƒ„( /oì†[£GÆŠ»°¶.1-­ˆÑô{05̃e©µ@Çq¸nèŒa8ÞÔ ƒ»F­-}v~ÌÌNOFM›wÞó},»âèôê1JLꙇÞd‚Öéàc¶7Õ£³§‰q1èæ«jøÁ(6z¸(Øçp¢¤âbl(ÈJ¶ µ¥ŸšýÅuZ;:©GAL`æÌœŠ×v•Ã–V4"ñDΕRîµÒýD\O }!µ@T#d*ÕSû¹ýµ ¡«¯«ûÞù3b .,S€š»°áÀF̽ô[°DDý9ÄÇóg(Ww$ ^B-ª©''Ê}&¥GÙä„@_}Þ—H]5çÍ܃]åëq÷£¿„Õjå-ÃÃÃy«@‚ 1=µ%xëùßaÝ¦íˆ 3!)ÚŠ-=èì÷ àÌKðž}ÚÛ‘¤ï„Ó9¾Ýh Z`Yr ¢»ÁÝÕ Ñ„Æv'\}m0y]:Øôý¸áÒs0›Ýöƒ¹{lu‚e&µ¨á8ÌÕŠe®ç&c¶ð0d¤&¢¾©:½–¬¬©G~N:¢lÃé>¿¯v° ifßPXúº¿:êÑA˜eKÎÄšÏrÏŠüZ€IïâûP0që”2ÄŠ]‡ý C& DÜ ¦ï)Çãvc×Û±§Ó³Ó`´ÚJ± ÁfÂþ7þCbf®¸Zn —e_1ûä¬6± 4ÞR¼G5Y€ÕÒmdV“\Dî˜ÒïP*îùJ¢ô{óu~Òm[ÿƒîù&xÐf³‘k0Aè®(Åêÿ{wÚ[º1múLôõt¡¦¶IùóPq9ºµN¤›ºàtzÆu\@F¾­3½{ÑßѯÇ>XÑÖؽփˆØTt6çëÕ¶ô@o¶àÁ_þÙÓSG ˆ1brÇ Ôhát{ƒ0«•ZÚow %1Ž`]8~¢V‹Ǫê ÑÖ£(7 ó@¾^&²",tƒ‹aÑÄ?×è‘”ÂOú*…EcUQP-õh‚ ˆ GÌäE¯‚$jÜn7ÿZxTì”,ç”&¹{Ž¸ ¥çþ¨e$"a .¦RŽíü•›ÞDAn&R²Nzߤ×bvAÚ{:°é…_ iúräÍ?7¤ŸSN\•>ú³ ôçÒ­ö¼Ô&È÷)û+eöÕž\»Ò$!jÎ]¼ŸXØŠÜ~r¡Ô}Ø—dë‘­8wá,Ì™5ƒÅ» ³"AL,Ö­[‡|0àý–-[Æ%^|ú!¸ì=HJŒGGw/"´&DéºqäD9âÃuˆIIA®ÖÎ>ã\Ì ëÇ´ðRØÀérBg²¢²¡zW Ì1ؼ¯ÉñZ„yœhèèÇõ_ý:ιêVh)s0AŒ)“<ˆ†™e`Jj¦墡©…·dqós2`w8QÛÐÄMú¼Øs° Q¶pLÉJƒÕlÅ.TLì³»‘•¼œL赋´”ø(­®CÅÑc0k]#·{5|ì‚ bâ’‰RG7y÷)ðø»‡¨EÉMXÎeXÎX*\’E8ÔnÂÆ®¿½þ8¿ûÄF±hÞL¿1ܢŒXXœ‰ÊÚ]ØðÂL]y¢“2¾ÞjÜ„¥ŸMzmü¹I«ý~”b>’4Cî}¹ºJI9|¹öJ÷•ö_5Ç–Æ?÷'.Jëû³”d¥¯½1Î:\sÅ÷xñÅ Œªÿqê`B?ÿüs¾Û†”/Ö¿‡Më>æE²ˆø,¸ôF˜M.t:ªQÕáB|îx:jѸÿEíAoöEØ列ߑYçÁ’è* vœö>~­Ýlס§¹áf ŽuñÉgÛ—™„¾ÎF¤çåã'Oþ¶Z¿Ä©`rÇ ä[É€CûwcÑYK‘™=ï¯ye¥‡QY] ƒAŒÔ$LÉLã-Y¶^Opë®ÈÉHÁ‚ypK‚°®nÆ7®½˜ÄÍüD‘ ü±¸:¹iIÈLŠÃ¡£ÇÑT_ƒÖ´((·½£­›?CAL,Ø}„Åc1l/½p%þðï ™¢pR²_I:¤nŒl?á^$$QŠs+N¢Ö U*J÷ 6ˆ‘DÎ"1˜ä· ûßùtÝu˜ž—°µVVbÒâ¼8òùK¨ŠÊBáÙ—Ãh¶;Ç@ÜmÕZ?*YdúÕ¸Ö*}·jÎ+ ÁþÎÓ_2@âûI÷WJ0¢tŽBiÒ,Þ¼hï…«b~ûÈÿÀf‹à…@Ö¿H$ˆ‰ò˜E ƒÝ_LO{Þù×sÜÚÒŽØŒBhŒápvœ€G«ƒ1&g,×…ÏÖü^s*² Q_y®Ý/byz>ŽÚ¡¤yüx…åYZ‘Þ±Ý5µ¼K0 œhl‡žû =^ ^Y³‘‘QX2=F½·Þý ƒ´ª'"DzØdþðééh®êF{ÕA¼Yq™…³qÞ…—¡pê ìܺ õõu¨¨ªå­âb—ήÞU˜¹3+@nÊ®^QN²R“pèhÚ[`5êC’y˜¹9Aðf¬×ób ËçÎ ë‹ÿE/ØØ>ÜIê¶ëÏ…sXè ÑsÁ²],J %QÉ_C%!1"ÁÄà $¡†@í¾ÏqbÇjþO¿¨´ü௟Nƒâ¬DôØ»±õÅ‘}Ö5H/žT–Ý‘ÆTr1¦ µâj b§¸]ÉE¤}YÎÅWmÒY…}·4N œ{³ ~ù¾M[þß=ø#ÄÅÅò1YØr &ˆ‰‹?W_µ¬[ý ·Ftbþì™xï³ÍØ¿ëòòò¸1".î}{W¶oYè¸dÃck²£»§ˆÍG¦¹UeˆF9.Ì[„ͨ=…©„ã }(tnF׉Cès¹ 7QÕÌÍ`œ­0š"°nWv(ǹ‹fÀ€~¬:ÿ|¬¼ú6èÍ”<‰ Nùúc²lA¤×ëÅ}Gv ¼Ä€ÄŒ<ÌYx6NTCxøAtuuãD}"­ˆŠŒà‹‹ìäÜ„íýBn2ÈÕᦲÇ5è´˜–›Þ´D.?½:­fD¢ ³\$‚ &æ½H Ï›ŽŽÕC?$. ü%/ØH¬…çb‹?ilÀ‘fùUJ"ÖBÚ¾/‹6µn³¾$9X»½m 8´úiDYt˜Yœï×%X-a&ÎœU€êŠÏ±qû{˜ºê눒¸Ë}çjb0úWÕX*¹s‹¿!¾öS›øCú\×/Ð"ü|eÛVzô%JÏ‘=6í|×_y²33‡\ƒY? U_#bbòÙkGaQ!¸å'4^víÚ…ÔÔÔaÙÅ»z¨+)ÖÙ‰ä¬80ß/£A‹–Žbs`ru ýÈ&L7~‚ä…ø´>zLŠ0·¥‘Üöøft÷uœ³Ë€ÎŽv˜ F”5yñâ¯aÁܸö¼¹ˆŠ²á–þ1 ©Ô bœ@b F;´`bî±³¦-}˜Â¢‘;íÍõCKk;ŽUÕ"1>©‰1'‰‚µÅÀ,›{d✻À²C«ã{ïI–‚&ƒÓò³x÷ãòã5ÐzíÃÚ DÔj)›0AÄ„¼ &¥bB û³éÊK/ÆÇüÞ°å'¹!*¹'J݃ý%uP+&JE+%!ËW¬Á@_ˆ÷ T ô'61—àÒžƒ»ù s²ø„-£AzB4Rã¢Púù‹(7Æ`æ_‡Ál (®£ËJ5m¨±~“¾''ÖªqÿU“ DÍ6¹÷”Üy}¹Ø‚Jâ ‘P.ë°ø7#lk-Y‡sæäãÂçð‹{V˜å¯ÜoŠ ˆÉEEõ Ìš5ÂppÅ…ç º¶Ï?÷’’“ù$CÝÝݨ;vÿû7°å.Bþ¢ d¿%!ÕßwáÏXIÌó÷Ý"ûúþƒyTØ”ÎÁ×gWr–s7öõ}‰3KÝ•¥Çk?ºyÑÀ·™{0Å $‚Áâ ÖÝæö%HŒ€Ñ8=÷;·Ý€g/ÄŽÝÐÚÞ ¢qó¥g#3-‘·,«kD{{LÖx¹±¤¯ÇŽž^´¸\ˆKåæ n´5T#õÈIÊÁ†ÎLi ýùÇ™œ8/î8t­Uèw ÄÓ¯nçîeÎN˜¹qîý]xkíg¸öâåXyæLL-ž†ó¯ÿ7±ÒÅ'ˆqÈä¹Ås»’º^ ¤'Æ 5>GŽ×¡¤²ývLF=âãc‘ÁïÇâ‰E»nn`\w ²½g¾rW&ãÁyÉ0»{øvøàÒܾrØ‹…9híèDMmÂÍzEQP„>gÉ0áG,>ˆE9ÑCi¹ýÅB‡/PüZNèž›’€£&n ¯Dr–Å°8FŸ¼„xî¾=£(ÌE™p‹ óŠsÐØVŽ­/þ+¿ŽÈ„tÅóWŸ{±¯ë¤Æ:PIèõeÍ(—¥X,²IíOüóe=(ÍÞ«ÆÝXIô“ŠŒrmËí#N 'w®'JñÿìxTeöÿ¿Ó“ɤ÷ÞHBïUQÄÞvWý««bÛu-k[ÛÚÛú³­«®»+ö®(Jï„@ éô^&™™üç¼áŽ7ÃL Dr>ÏsŸÌܹeæÞ›û¾ï÷~Ï9­ù¸÷ÇDh0"÷)ç dF¢±²»÷îÅYsgˆ{(EÐ=dtB b"C…øGSkk6l݃O &Í]ŠøQIй¸ —1a6u#ïP>~ovdf">4c-ºê 0UQ„Ôè|Q¤·nkeæ7!NQ sK‡õ¦gB«Y‰ŠšFèÕ@a“/¯ø^üí¶?@«Vâw7Þ Ÿh>á s3¢Å@¥Zk ÍrºŒõ£¤Ø0ĆbÓîƒØ¼în$F‡!=1J<铃 G;Ææ.„zö:?>T)¦kSCqóhO¨Íí6§ RemìB‡ OƒÜb"PS×€ŽŽhT ñ$Ⱦc.Ï Å0 Ãœ>ÄÅÅÁݼ í=äøS9qä@ìÛ³¡üW¶  Eö¢bo›©´}6Ø°ÖÁä,¬+N.Ðtw¶"ïëWai©AB\¬mõ[Aý<Ý·qò•žH>ã÷½.'Âha¸ÎÎo®ËÁ¸úìÏsb ³pðÁ¸'_Ÿ£ßÓŸ‹r0aÂÎÄBgûrT€D¢­º®uðÀÝךÁ`€ŸŸçd¦ï=Eå‚úÃ;Q=&¾¢Ý$‡ ý½p×|dÌZÎÙ¹ù8°k#›ÛÐi4ÂÏ×^!qHJJÂ-w?‚ª²<õð½pwñ·LMå04ìÃïÝé‡ò¿0Uº¯óƒ+¡6µõÞ/jÕ¶C«è†AÛEP×ØŠ‹ÏœŠ°ÐL›>s—XǸ|ïc˜“ý_êçë‹ú"å r¸P>ÁùSÇ`LR >ÿ~3ŠKËmB¢<7“°íL»húÞ7³ÊÅôÜìÌ÷±ÜÌí0uuZW±à´®0u¶³__oO˜< ¨¬ª›N.“Ùa]Ê_È0 Ãœâ óÑʾÖ6ê² ÏÊ5™0Žé#ŒHí–#qH. JŸ›eäŸËsßz ã$Ì•^;%}WI¸Œ0åLðqò Q´þ¿hÈß…è¨øD§ž4ç–Ž =Llï0"ç³ç¡‹‡ø)g; Ìñst¬ªä;”së,ߤ#×çñ<”H8P9„荒àwÉÍÕYǧ=Öû ¢¥ F1vÕkÖ~ÅÏ÷·¨ÈPx{z`éïoÎ̓O4Ãœ*cŽ‘üã©(á,Lؾ޸îÒ³QÛØl[OÆKÉÉJJÜjrº;ÖçBg]÷…˜èÖs—fëÀ *(ÕX¬ïû zh¿~>b0×PSµõf¬ÓjŽé¨ëŽ6" Ã0Ì)Ü0«ÕÂUD÷øyóæaÕ‡ŸÂ쟌¥ºàæHä±w0I¹ÿìE;¹PèLtflk›8Ãì+Û/{ú ?Ht´Ú¼í(úi‚ý}0nlúI+Æè]u3*ÕuؾüADϾ¾añÇ83O„Á„f÷çJtæÒ³í,Äv°ßQ.îÉEG³j¾¹ÿœ-ë¨ È@¡Îö×]se¥Ûñò³‹°`éÿ—Å@†aì3f >ÒzÀl½Ç4älÄþÜ4¤$FÛÆ£’ XPv J[êš1Åéö<üBPQQÂÂÂÞu­cP ;öðpCc§*x([ÑÞZ%>ÕXŒ•‡=Ñî|˜ ¥uœy~‚3"ÌP£Û:¶µ~× *j[á预Z£²Ý#›Ú»ÐfRáì‹.FLrŸ`†9ÕÆ#ýÐÓùã©îàãeDÉÅ@w,=?7šÍ¸i}!B :¼:- þ–FXºBðS©UPYO U”´'ÐÇÝÖùGjáëî ‹lààãíÉW4Ã0Ì) ¨ðå#aðêß_ŽWW­FOäô>•‚ ‚r!Î^”Ö§¿Ò­ÁŠOƒ)Ü`ïZ´Ï=×ß6å¿ëÏ)'ŸßÑP…üïÿµ©cRF‹ÁЩ@€¯7ü­ý‰ü½Ÿ¢d« I‹®öÈbt IDAT¡ÃÒos–‹q(ÇÑÙ¹êï|¶Š°½xÖß¹r´ÿ„;ûå¨ä,ŸŸ£åí¿³£<„ö9í „ô'n¶9 eé6<õÐ_m¡Áäè%!þ¿X dÆžÔIs°ý“ýhl3â‡OV âæ¿Àà·µÿ$ê¹ê´Ø'ÚÓ¼í”_ðàÁƒâA„ÆÚg; )_`u§ôtOêl€ÞX‰ë£jQ¤ŠÇ·…ÇŽWÇWMP#À­7¢ «GìÒzøè•ðÖ«ûÜKjÛ‘œ1óÎûŸT†9EÑb Bã2`ÎÀAmG–?I-sú¸ |x+Z8ou>Æø»á¡T/xXšÐe삉DAõfn¶Ðݸï@Ñú}ƒ|=Ña4¢®±Åúšž0)ÐÐØÌW4Ã0Ì)ŽÔ.‘ E…fÍš…?ùGŒÍPè}¬q³­Í鯸”¼m“ ÎB/…ËjÎÄ!Gyæú~œ½lu[y›Ûc6¡|ó¨ÉÝŽè¨Høø„Ÿz}ë E¸µíÏùò(ƒ“;u‰uP¨vx.Ž‡¡†¶‚°}=GáÊÎBl9ýœåtÎëÈUè¬Èš³‚$Ž\€önÇ>Ÿ‹Ž˜M{àÑZˆ§Ÿý»ø_%Ÿ&µ©Á0Œ&Ϙ‹>]´¡«½ÿ[þ®¿ñ&)Ë”/:w>[ýŠK+Ä}eÒ¤I#Ùªªª„+0443€‹ù˜{w›uÌØerG˜{:Ú[eÎÆ ÑžØmõ€¯«·ÎÒcB”‡(B‘n…50ww ÐCÛçÁIe½õ{÷hqÝÝOÁÕÀF†9•Ùb BéT ìèìBQE b¬7U ÉuÚ¶ôôqŠŽðÑ{o˜ûà+ûî­iÃyk­S´7nˆÔCÑÖ€îÎë×µ‹LT¥¸¯(¨U«àíÎÎn´[oò®: _Ñ Ã0§S#m½ÏÓ@à¡îÅwÜŘKÐÓí<!µI’À×_^>{1ÄQ{8%_¯¿¼vƒ—äû(„µ9*v~/ƒãÆŽ9å]X:i£ãP×P…¬÷EÀøsœÑçw÷çt–wÐÞ=×ßù”ÂÐûËçÌh_€f09 |öËæûHá¾öË;¥åÚ¶ýï¿Q¥FcþN„*jðü?ž.@‚þÒt¢˜†9½‰ˆˆÀ˜©g xÛÇâ}[M!ž{þyÜqû­âþB¸Yï%Üv žxé-ü¸~=¶lÙ‚ÈÈHQ0„¢èAáÎ;…@èáᎪ’\ĆzÃMïŠNSt>‘÷ ´ÞTh¨«AAδW¡¼UÚ>껚0[17m ÍŠ‡A§"`½uÈYXÑ ƒ =j­Ml7šPx¤‹.¸‰c§ó‰d˜Óaœ1ÒuÚ=iY»ý—VÁÃàŠ‹Î˜ OƒÞÙˆ¥èbíÌ&LØŸ6X'àÆ$?œëm„¹µ ƶ&˜­ýTNSé»}ªh¬§ADL * ²“ÄW6Ã0Ìi9Ž(ô066çž1 _feCáOêDAÅ™ÛΑØc¯<˜ÐTùûþ–Ê%7˜ªÃö˘Zjÿý›pUt#16Z ŒN'|½½àã剒‚õÈÚ¿qg\Û'tØÙ±Èqé¨ð‹£m9˜ÑŸcÏÑ|ûϤ÷ý9¥°`G׸„$êIË:sËÚï–§ÉQ¥âþ*UWíú S“"ðÜ£/ÃÅå燾$ÜÓµÈb Ã0ñ‡?Þ‚{÷l€¦§QÜ3Ì-UxýÕÿõ×ßdïõ¶iãÒ“ðâcwá£ÏWãpq ŠË±ê½ÿÁléŸ"Âè7 RGYÛB ùeuð G^a1ÌEGÄÃÄÎÎN\òûŸ½Ÿ¿ÿ¼Ý]q¤[OëýKÙÝwE<\5èîîƾë{M‚½t}Ò2V6Â?,·Þð(Tj6Ÿ0Ì鈩ç¬ê¡õ>+æ·¶ñÝæ}¸äÌ©·aŸ3ª‹¼'øÝ^Ë®ÅëÖ¿ Dº¦æ¶t¶6Âdí³ªµ.°˜ÚõÌñùÿÞBxd2¦ŸÀ¨D¾Â†aNåFZ­¶¹o¾éF|·ô"tè rqï#PÈ]_r§º½Øg/zHyؤ¶Ì™$w“ÙoÏ‘u<•o\ßbFõ¶ÐP”…¨È‘ét…ŽEdX‚ŒFä­þ?ôxG#zÆEÂå!_F~ì[gíÝ„öçÈQ˜¬£óÒ_Î?G¢b?œmWöW¥Z.:r:Úî`]¶}tQ±ñ¿X8{ ¸ó6x{{‹ÿK†a˜¡Béμäøæݧá«\uj´6Ôàï>„[o¹>¡b¹Ðà@ÜxÍehnnÁ®Ìèì4¢«»K8éä­F%ò­íEy] ª31}z_çÞ×_ùóçÃÍÃǺ¼Y,_Ùd„V©ApE5íhmë@ˆ§¦ÏC’Ö#Tzoœ}Å¥æq%Ãœ~㌑üヂ‚¬7¹‡Ëä¸p”©¯+k›PÛØŠÇ¥Òåb -1û0<¦îé}»kài½É?”ŒÐŽ*(ÌÂ)h²(àª7ÀÜÑrÌzEù(8ü bââ1ãìKáîíÏW:Ã0ÌiÀß÷èÆ^$rÊÉE@¹#½w&ðÉÇ%w¼½°äL,²Vì÷ãHh:žjÂò÷Í9Qºó+ø#-5eÄf §YJb,›šóÑðN™€Ä‰ƒÊÓH8ârcö'’õçúJ¨­3Çž3w¡\Ô–ÿ.¹#ÐQx°|[ý… ÷wÌDþÖÙü?üéæ?bñs…è(ª„af°œyö9صc3Zo†‡uDî¡× Wâï?…óÏ;SgÎaÃ!àînÀÔ‰cm¢ý•¿–îWõµ(­jBbb"üýým÷´½{÷ÂÝ G—±Z7ƒX¶¡Å­—ü#“áªîÞÓÅLÕŽÛ¬›M˜¸qc8$˜aNWF|˜0Þp&æUŠ¼Ò v \JÒSk‹è`*ஞP‘¦n3þ´»Á:<šä]C9=&´5×A­ÓCã¢ÎA{òr!?ïa¤) /€ÖÕ¯x†a˜S˜\yÁÙøßÚ-PDO;&G›ÜMåLˆ‘·YöùÝ 8Î\gÒ Cr J£³Ü€òý ¶âmw} *6­‚VaBzJò)S%x¸ñòôD†u*)Ý‚ƒÖ#bî`ðrèèx÷·¼£¿ýŸþ–s&öÙ‡÷—3о‚°|{rñÏþuûw&HÚ_×ÒëÆ’ý0Þˆ—Ÿ~éi©ÖA¹»põ°È0̉rßCO௺y æB}ÓB±zÍzlÜ´—_rÂcG‹¢DýåB•^_röL¼öî'xóÍ7…{ž\´µµ!Øß »6¬FBD LÝݨmêÀŒi“1.)î:e7`S[\}C°à’ßA©RóIb˜ÓÎè$g ±tþDìÖ»uŒí-0™Ì¢2²‚ìˆvÀîn¶oÙ„Ì][1aêLL˜w¾3f†aN=¨?~<¶lÛò–Jô¸#nHÂœÜá$ ?òϨM;¦0(W \0‘oÓÞ±&½·¯8ë,<øç›P¿ý}4Wä!.6–Ã1Š`ë@.㻨Ôú îŒk¬Ç^Ýç¼ÙŸù¹L(·ü³¡VLåaûëÁ¾Xˆ|Ûý‰ˆýVüu Êò*^KSuÖZøXêðŸÉû½¼¼àáá!B÷97 Ã0ÃÁ/¼†¿ÿín4—fŠabt¤¯õÆ­ÂÛËÿ‡ ?\pî"ø†ÅZ?X\vÕù(,)ÇáÂR»º­÷+/x»»ÁÇÓ M-Ð ¸xÚtÄúˆ€T ¤¡µ Sξ¾A‘|bf0âÅ@g9h­uþÔ1‰ƒZ_º»ë]{ÅÀ_ÍÕÖ ˜?ø¶¡¥ºfcºMfh] P*L°tuöY§½£ k¿[mÂÌyg`ìì%P(ù©6Ã0Ì©‰w”ë–„±[o¾ {ìi´iç@éêÑG,q,oçäâ$àÉó öW¨A¾}g¹¨(mîꀱ± :ß°>¹ïúº{ÐU°•ûÖÂß×éii|âí wä¨ø´¶¶âðÇOÀcÔL$Í°õIäçD~Îú=Ø÷΄ÀÁTÈèHL¾?gU«å(t芵^›S7ÊÖ¿‹9S3pãÕ· ' ýßÑ_yцa˜á྇ŸÂ¿ßx%{ÖÀ÷èè\£V"=! FðöÊU0õ¨°`Î4$'§X©Ú~ïËÑ¡ ô³…ÓÔÔnB|B$Æ'B-ë'Ð:5íð‹JÆ´™‹ùd0Ì‚ÅÀ~ÄÀÁ T(ÉHökè~y¡mMµÑ:©qCìhŒí,†¹¹±·ò°õæîâæy´òp_§`sK+>ûèlÛ° —^Š˜Ô)ÖƒÀO·†aNv¤ÊÂÔÖ´´´à¶›®Å½?÷I¿ƒBçjôDÛ$k—¤Î¾£"r7ý%ÁÑÞMf*l‚l?qDCÁ^üúuÜôð ‡oÚBèCFõYÆ\_„êŸ@«èAòèDá¾bœCטäD”WìENÎfM¹ѶÏíE7ûói³¢!Ž°¯H=Ph±½#°¿kÆ~`;áÏÑ÷röÚþwöYÎú·©4 yñÄýwcÚ¤ Ûÿ‰|M2 óKqõõ7£ o>xó9¸v7ØÒb\53*R´Ï»÷dâ»5ëà则S2†mÿ‘h&sŒ= Ìš˜„@O-×*QßÜŽ…f^x“­j=Ã0#‡Ý«¡pE?aƒÁÞ¨R«l7Ø_+ÁùëùmPôøâO‘þˆj)¹½­µÖN­µã¯uC¹í˜u*ŽTãÍ—_@Dø*,:ÿ D$M`Qaæ$¦7‰¸»ÈDíVTTþtÓuxmŇP¥Ÿ/–‘‹yöaÃö¢‰}µaiûvMÞž9úÛŸà(Q½=\tZTWW G[gc5<£ÇÁ;u” šw†Ž† ÄÆÄÀÕÕ•Oö F€7Švˆ:•Âç^-B‡‰^Ž ¶H×Á`Š€ØŸïÁVæí¯ê°ýröóû+f21ÐÑqp$h[¨ZuæÄùéðúçïÛ’ïôÿ@Å\X dæ—$&>yü5|õÑJäíZokû(¥Ê¥ûoRL0Ô á"ºkV¾ý~-tz¼}üäð@@«³ÝëšÛMPë½qN¹~˜×e2£¼¶ ãç!jT:x†¡Œx1ʨŸˆ3о€ˆ›«=Gß»«=qöù|I\¢ñ§p”¥‡Ðm쀹µÞÚ‹UCíjÚ›Y¯¨¸ÿü¿çð÷×Þë3ýúõbú5ùµ÷Ç0 s*Ab äP"£½½ 8gÎd|µé[hGŸÕ'ä×™;Ð^p¡Á\”æ9 ¶w J¯ ‚¶ŠÅf£p²ÅÆÆbÇŽèììD{G´=h«)ApP b““ù$ŸÀµÛ:\ðùÓpžß”¹Çä´?gò2Ž u ¦š´s)¾ùp9ŠnG°—Â:®üyØ®V)‘†ôÑÑâ!­SÛЂ-Ûw‰<=*-šÛ:±ôÌYÖu]úä,¯i„Å-g\y=l†áŒøGœ]]øà»­ˆƸ¤è!¯oéé;àR«Ô¢Ì; ‡›ö×ÏÉWÝiÂ_AÚQ¸#¬mŹ0wÑÕÙ¥ÆÅÚÂX§£NA­F…ªÚ&t÷¨Žq’0÷ðÃÿêßÖ¬Y˜={6ÿg2 Ãô¹É%ØÝÝsÎ9­­mØpðG(ãç (È‹zH" \(qNjï ”‡žÚÏ—ÞÛDuï÷-++oâáîfmÚjœ4š‹1 $¸¦¥ŒÆ‘#‡QôùNøN8n1}Ὠ欴}¡9΃ –„8{AÐY.¿þ–·ÿ>ò¿ö9í£wžGv} ?mÞ~õyᲔܷ Ã0¿%T¬è’knÕ€?Xñ/*</7 ¢Ž ç¥64$БaAâá „ëvå"Ì×Íæln3âPI5\x-<¼ýø3 Ãb uvçNJÁ72‘_V……SÓáå1øª…fS÷19»»ºóßu¤ ¸³Ìã<ÇâR]ËŠÐÝÙ&Ž^¾h¨«A]c¯SÐÛÏû˜õ+AŽöËb Ã0LÿHb ¹š››qÙe—¢þ•W‘™³úĹÛ:I$”çÊ•ª ;¥e¥¿ŽB†¦°{\TT2l/Ú»ÿä ½ÐQX±¶î”G²àaÐ#$9éW+®ÅôBBWRbªªªPöÕ³ðLš ÷˜ñ¶s/1Px¹}ÁÇE8,ƒvÊç÷6ì,DØQ(±ýß¾¿ÏŒºƒ›àÚQ¿ýå¤N°]§^MÂ: a†9ˆÄeWßd{ßÐЀm›~ÄÃÅP˜:QPQ9K¯Á¤ð(>X Ã8„Ä­À5[÷ ÑÏ ÄO»!=1 *¥®ÙŽñI1˜”µ“§ÄöUõ.:´5¶ôvÀ­ã*ZuRˆ„F¥uÝ»ºM}@OOþO`†9E!ƒÂ%qîοüo½õ¾Ûü´c.„²çX1Ð>GŸä”¶!‰ôZš/µyö¯í‹QؾWwZ÷}‰¦¶FDGE QŠùí …1 · üðøN¾ 7oÛµaº+c‰þªË@GÛq&úÉ?“¿w$êõç$´_Î~›Íe‡Ð’ó.¿ô"\ºäNÛÿ‹ôIHg!a˜Soooœ¹ø<> à ­À…ÓÇ`ÝölWÖ〈éÈÌ)FcK;Nƒ}Ö×ï~¾³'$!!2Øáúr1¦®.SïÁ=É¢T@“õ¯^ï K[‡m¾«+çlb†9U‘D ¹˜q×]w!éË/ñü+oB—~>z´®6— )Ï(ü¨M£Fýš·}Ž„B"ïë—‰èÄDvž$Ð9£ŠÎT‰º`Ë»€G¼Æ-…õ,:•²T(Ž\}‰{Ž„;g•ƒåëÈ9 û+0ÒZU€–Ü“2×=÷‚Ä€™*˯Iúßá¢! Ã0 ÃŒ$¸špWÖn;`sþ°ýFÇ„"5!ëwd#."£cÄX˜_Z¹“áêòs‡Ñ‘Øiì:)+…-‹“®R÷qrn†a˜S ¶/x@âÞ‚ „ï®{€ß¤K ò \’“‡ËÛ4¹À'‰A„}ž6{‡¡}(19êëêêÐemgƒƒƒYl9‰ Ø”¤Ñ¨¯¯Gáw/B=.ÑSŠnR?Gžëo0yýäôçîs´¬$J¹ ÇlSa½­—k[u!šr6#mtnzò¸é{seÑÿ¹Iä Ö Ã0 ÃŒdF|O¨¥­gLKGmc+ö.ÃâYhïè–Ì<ÌžŒn“Û²cFÆhÑÑ|ûÓõ"§ õ6…{B©êR%8lttvÚ^“(MZ‡n1 ÃœNP;DÂÇøñãñΛÿ„%g5º+ö“ó&“ÉÔ§ !_Fú\fä‚4_^PBZ·³³×ÞÒÒ‚ÜÜ\ÔÔÔ8Ì3ÇüvP!—±i)ÐÕBÓÆ7¡ê¨éó¹}®?ižý5dïâ“OŽ>—_7Ž&ùuÖ_À>×¼JΆ Tmý‰n­xûÅGñôƒET(<š& & ;U†a†éŒxg Ÿwgà·›2…30!*›öä *Ô ¦¤cÝöˆöaÄÛöFYu=æLL†‹«î˜äêZM¯ÓN 4Âu×}RüÖž£¹ »Lf›‹„¾7ç d†9½Ä@///ñÐç×_Á³Ï¿€œý_B=ê QUPîø“‡úJ"Ÿ£`GëØ‘^ûûù¡¸¸AAA¢Í¡ÕÕÕ Ø•~r@ç/&&FT¤.Êüf­\R[{ˆ.6N:çö¡¹öÅBœ uòõå¡ÈŽ–·í¿ƒ#DNÀü­˜AyAg…Cäë’;žæ‘kîܹرcJJJ„+‹æ—––ŠïÎEN"H(=j”.Ûö.t!)PEMAÏÑ {ç¨ÜM:(-ù!w: /Ëuw¢>o;º«ó„»ñÚ§ÿ&BŸ©P ýgÿt³3a†a˜‘ΈWªkë¬K .=k*vg:t.š1N¼vuÑpOv¼<ô˜™1ßþPݧš"M*MïaU+O®Î¦RÑÛ‰¦Á¡¼#¬f1aæ´ƒDIø qÄÃÃ3fÌ@BB^zùÀ?m~c¬í– N¯þ\€öù-+-?iÒ$Žºwï^!ÈË˃ŸŸŸ Ù%xò@çŠrê••• nËAx&͇ÑfûܾŠ¯œÁ8åBŸ#œ¹¥¿õ¨Ï݆žær\pÁ¸tÉ-âú!·)=ìäb Ãœ*ô´¶¢ùÌsá¹qíÏ÷Àê´]{LÙ‡ ]´úgž€âèƒ3ÓÎ]h¿ÿ!˜sC•˜·—žƒ*>nÐÛ–hÿÛ£0þç=(ü¡úqh¦O…¥¨­7Þ sN.T£GÁðÚKPF„iÛ´nëõË`)-ßOÿèƒPÏð39Cù Ãœ#^zþå7ðȽBDpfO€ÄèP|¿eŸÈ8kB’p~g}OnÀÖöNü¸ã R"ÐÕmÂæ½¹½O™• Q‰ÏV•±ûç°`åIøô™¾­\Ô»s˜0Ã0ÌéŠ$JùÒ𯾎åË—ãëïWB7=n6' ¼0ˆ¼Š°TQÖ¾j°\Ô±ÿìÈ‘#¢z-¹³²²lóÉ)Háµµµ¢ÈHhh¨ifNžk†Î™_GJóÖ¢6@0ÝÖ¿b°jçîë¯pˆyÎÀþÖ± é¡mcÑ>4äl†¿·–]q –œ5OˆÒ:tmÓ{–†9°XÛ¿¶ë–ÁRRÚg~ǃÃå–› Y0¦Í[ÑùWàzןÅgmwÜ·gž€zâx—ÿm·ß ¯>ô¶ ã;+ ôó…wnº­Ûo¿ç~!êµ.»ú'…:= ¦Ì}h»í/pÿdÕ¶Ýùú›p¹êwÐ]ý{t¾òºu_+m‚_ŸÉìodæÄñD4Z}öUŒ7¯þû=˜º¸ðŒÉ˜;)›öäB«ÑgàÁ‚ Ô6¶`ɼ hhnG}S¦gŒîôX̶Ðyþ@]w V-NÆÄœ ’ êèÍd¶ô) âÂaZ Ã0§oCom—H $±œxÒ´lÙ2<ùè0TlBÏáµ0›»)ú଀Ã`ŠC ..3 =ô(ÓçœñSfâÁ»nÇÄÔ8MTmÌ IDATdŒMElxÖlËÂ÷[³lÎÀ¯Ú‹ôQ‘ЪբˆTIGE@zßØÖ‰’ò*„ \cÄûgÆ`]U$î^—êvãoö»½Õ„õz7È ‹’„a†9ýòÚççkoo®½'þþÖ¯_ÿy‰Óa  ‘Uâh˜¦|‰‰‰BÐ!g ¥¯ 0ÏÂÂB¸»»#$$ÄVèŠùí óMÕ {w®6‘×¾²¯½€ëì½\ì³]?ÂUª`KI6ZKöZ¯Ï8üñš¥Ho[–B€é"§+]+ Ã0§"î_|,ÂtÛïº÷Ø¥±™É Ë‘*‡ë÷XÛpUBÜ·mÞ“ Ó¶hYr!”TÐëíŠp`õ„ !¼Qˆ0…ôªÇŽò¶{ªk(UïmÝz–»ûûÌýýF†aNePBó§_zß|ù9^~{®»| –Ì™€Ò#uøaë~‘3œ»ÂØÕ³gŽÅßVô†EÉŠˆœ5{2jš±~ë^ŒŠ„‡+fzšðÃÒd¼–]‹·÷•¡ÓlùÕ¹ •Š\Œj[G\¥så“Ï0 3Ò:jµUÈQµhÑ"Ìœ9+W®ÄæÍÿ†{ê™0» APúì ŠÈ‘‘Cy )T˜ŠˆPÅZüHÄ!\€åååHMM…ÑhÄöíÛ1vìXÑ.‘EŽ/ iæV¿>tH,¦I6·ˆ×_¨¯³m:ËØÑpÍ%ûÑU}!Á!XvÑ,˜uï19i]I ä|Ç ÃœÊ æÍ´)"´,½=íPXÇÄ\ÛîóÞdÔgÎèï72 3 c>ÇrÖâs1eúLÜwן1gB¦N‹«Î›ŸvÄW?î±9·ì˳9v…ý}<1sbº»MøqÛ^ŒK‰‡NmÆ-qZ,‰Jƽ›Š±»º¿E0”}‹†è]õ|Ò†aFÚ@ÄÚnQX%µcÝÝÝ"Ôò@~~>žyæYdÕÀ%a”ž¡½m‡]5aùh®ºÇ0 3ò Üj$’°"wkQ8ñ“O>M›6aùò¨9ÐÔ3aÒØÚ9û¿öB MÆ.áö£}°¢¢Bü¥Ü€DRR’(RQ\\,\‚[·nÅÔ©SEûD•‡“““Åw¡b#äÜ'QÞ+NÂÂ\§äô#aVrÿÙÓ9Þ+þÉóýõ'ÿ\eÚ‚–Š<´Õ£»¶Þžd¤¦àÌËþˆ/!“ ”þêw±c”a˜Ó ÙõXóuï}¹ ÐVIX‚ xtþëmè~ðøÚþ¨H~«0ú¶"œ˜Ð+ŒM‡iöп{h°¨4LÛîi³î#8hPŸÙs¢¿‘a˜ÁÁbà\tñ%˜1sî»çN\²`Ƥ§ââ…S°-+;äÿ2%sZÌ&|³vÖï8€'Ÿ~V8ÿèTüÃQuxڛ둡7á“Qxí`=>,¨‡ÑòËú»Œ½aÂjº¨PòÀŠaf¤!¾²GªÊJ!»$È`ÕªU(È®†>~:DêzÌÝ¢€–”/WÚ&Aóê;HðuƒÑ؉êêê>ím“À   &L.Â3f÷`ee%&Nœ(–;tè"##…øDy9ŸàðCçªÕ:@ë´ ár8@“‰Ç„üR”„J-&³±µeh*ÞîúRxyz 6&3.˜ƒéÆØΟ´¾$Jóyef¤Ó4kÜ^|j똳{õ÷ÐÌœnûÌ´}'Œo¿ý?ž³莯X’fñYèúàcQÕ—\š3ôŽS’~Îxà ø;daa|Œï®„˲`|g9ÔãÆê39Ãñ†äÿ,‚¡ÁÊ[ï¬À믽†ï^[‰Û¯¾ÓÆöÞ ßúO±mDC ¼üÃxæ÷ð‡ÿwÞ¼ñÎc¶åjðBdú 4T¢"t]͸%F‰sCCðèÞZìoúå Œ˜º{sN¸è\ú:] |’†a˜ÞŽÁÑ\‚$ÔP8(…Oš4Iäþ[¾|96¬{ > ÑåŸûôoraÐgòå8tpômõˆ ðBw÷Ïy¢££…+}ݺu"˜Âˆ%QÄÈ}ûö!**J©ªª²…4ä,$™»ÃN Ïvìžc ˆˆ¾…±UÖéLÍÕ05A`PÒ¬çnÑŸþ€ŒôäcŠ×Ø_3”K²¿e†aF ú¿?Œ¶›n…¥¦ÚE ¡ì!Ûgm·ÝKyº¾^m›ç]’'þ6DÄÛ^÷‰qí·ß‰öGŸUƒÝþõJï~_|m·üÙ&ºýßó¶u»mí•—¡mÙíèxöEáp4¼ñÊ€ŸÙo»¿ßÈ0Ìð¢èí‡õð‘$äLx쑇på931.%o½÷9®¿òBZóö‡ß ,6—^v™èØDw—y{P[^³uÀÕmQ`u ðϜԛ†ÿœÜݺAtäSÒÆ@çòsÑY‹/…p8Ÿ\†aF´$Qî8G" „ä|ïƒÑjÑÀ •w¸ÃQ‘:ÃbB}Ö»á¥×ˆí–––ŠÂ%$ðÑ{Ê H®¿ñãÇ QH Þ½{·(6BËmÛ¶Mˆƒä£‰–£0c:R•à.'‰éQv¤%Aw[ÚëÊ`io„›Á ¾Öó‰ŒôTÌŸ9‘‘Âå7H–Î+Ã0 Ã0 óËq´ß¬`gà‰‹‹Ã;ËWâÅ_Äöýߢ8¿Ÿ}óÖîÈÆcO<-r V‡ÈäÉøæ»u­Â„^&L™ä…ÿ”ñyy;:~‰¢ÃJEŸD1 Ã0:LbN‚ÎÅ_ŒY³f!33Ÿ~úröl€Î/ÝþIPüzÓfôVœ€Jø9 m-u¨ÌþÑ~z$$$Ñ‘òÒk ý¥<$R‘(˜’’"¶Am¹I,¤åÈ XSS#>£uèå!¤×ŽBž™¾Ðq#‘•Â±‡Üq´˜09Ú ~¾!HuÂC‚û83ÉMà/·äâd†a†aNNX ™ Ã0Ì !áÇÃãO5úùó狉 ðÞ>ú™™Ñ¥ÐBá¥_ Ô:7xD¤áÉÈÊüÞhDx€—©X I¾¾¾"™B… ‘––&&©"1 Z,ß7A‚!*¡m &UÇH€;b›››V ,ä$!ÖRuj†a†aN~X ü ¡ÁNMe©è<Ó †7èìÄ–õ«á…qcR¡21ÁÅŒW“tX^fÆúÆtb袠^v¦UJô•*¾ †a˜ÁCb …ð’;ÐsçÎERR’è¨rpvv66mý•5Ph]à ÏØ @㊬¬ïî¥F||¼h ÉHU&AB‰‹ŠŠD¾À &ààÁƒ"t˜ÚLû¢fLËRˆshhèˆÎ'HB ‰€CÉ Ø‰Ò2œz„a†aæä‡U ß¯>~þÞëàÅ,žØKN ÍÕXýõ—•21ÁÐv¶ãêÀœá늕‘Ó­;îÐaê¬ÿ,r§a†$ø ä#AŽÜƒT)˜¦Å‹‹ùLÎÁmÛ·¢´¼.*ê:|Qq¤q‘áBp¢õE›Hï)ÏÝ矎qãƉܽ$ô‘k\õŽ œx”OÄJZVþìt‡D@úýt̆ë\“¨JBëH:Ž Ã0 Ã0§3Ü«û )Ë϶T Bü#!\ôZšè}eq ós’>.*¡ Wb[ °¼Ò‚µë÷«ws· â*MŸà Ã0 s¢P»Bb ——×1î=÷(ì÷ª«®ïÛÛÛ…Ó ˆ¬_¿…Åň‹³…“³000ÑÑÑÂ)Hó"##‘‘‘!B†I¤6 ŒPî@rJ¢åÈ£ðc*îEÂàéÂ*‰€Ç›ð˜þ‚^/¶GÇ–r%3 Ã0 Ã0§,þF¬[»~ž®°˜M6W \”‹ƒZëthß.¤NžO%ëª1^×øH>®1a³Q“¢ÿN¸l,&˜)Tj[ea†a†ÈMFb ‰rƒÉßGâÞ´iÓ°lÙ2Ñî½úê«Ø¹s'üüü„xØÙÙ)BÇŽ+¯uëÖ¡¡¡A8§L™‚/¾øB„Ó¾ÈÁF¢!m“ 0ÙÒÒRñ]¨ ¹OÇPVrRŠt#Ãõ h[t¬ž|òI!ê2 Ã0 Ã0§,E¹Ùøtåk˜wÖ9H<ŸÊñyu¥¹p7¸ÙD@{W ½8èé鱓gcÔè$äîÝŒ½[ÖÁÐÙŽ+¼,˜ÕÝ…7*•¨Öy¡ÇÉÇS«èÓÉ· ØT,2 Ã0à ‰mâk_äc°<ðÀ"ßàm·Ý&B项 kkkE›H¢ ¹)· …Ó|rþIb˜<—!¹iYª _/÷~]òyÖž>"ÇNé³ ƒ‡7æœ÷;”æ`ÓwŸ ¾¦ ]ÌHÒñquöi`ÒèŽÙ·R©êÓÁWët|r†a˜“ª*¼zõj¼ùæ›xï½÷Dª ª*L‚˜$„Q‘ %&0**JˆZ555B ¤ðYjK)Ç -OnB)t™…´.-w*@ߟÄPÊH¿X:‚Ö>£ÔÔT¼ø⋃ ëf†a†aNm(ÑÜCVøH8!/7ÿýçsˆriÆÄä(¼õM&6dW"fôXì:TŠœÃ8Î8Døê±rÅ»¨««AbÊXŠ‘r¸=‘ؼ£®:è€SHŽ4IU~åóhªlìBE]‹È‹d‡·’2¦A£Q£²´Šî$»‘ ì@~}:µ®¤b´ºþ­•pÕ»"5mŒØ—ØŸF ïà(>Ñ Ã0ÌI U¾øâ‹EÁûI $Œ¢‘󯮮kÖ¬¡®óçÏói¢%$$R1’ææfÊLáµôŽœ‚RŽÃ“5Ÿ ‰ô›†Ë H}úí´Ý§žzJ¸7¬›a†a†95xøá‡Å@ƒV¾…’]ßaÑ„häiÆãË×ÂÍ7ññ b°àîå•{¶e梶®Î¶úJ¬xç n‰ˆ>FÌ´F| *è4ÇŠ~4¡Î¹ýü™ùxü‰§ðÃ? ))ITE”Cß%(< ©hk®GmÕ¸Y:0ѵ^ÆVn1af°+\* sqEZºL ÔêàÎ'œa†9é¡vröìÙ˜5k6oÞ,$äÌÉÉb!9xð p¹‘ø!ªÓúä ¤öæS¥bI#·…“(x2U&áú$ôýD´À0 õyäÌB†a†aF,öÃO?®ÃWÿý'fÆêì‡'Vþ€=E͘%¡‘(/>ŒÎ¶(:0Þ¥ ­ B Ôh]0æhâuš4.np÷ æ“Î0 Ãœ2P•ÛóÏ?qqqØ°aƒM¼#aD3jŸ©º0‘——'æ'&& q–%‘rîÑr$ Òk ¦¶–œ…Ô>’‹þþ–PŸƒÚ})‡©Jð\€»ï¾›E@†a†a˜‹ Ê…ÿ~õ„«j0eT ¾Øto}›‰Qiàâê*Ä8rPRs Ó¡÷„-Òhað Eu³ë7ïÂä”Ì'òíضÉc2„XG ,&rCÙc‚‡AïÔ˜WÑ„šú&èõz\xá…xú駜xûb씹ШU(.È¡Ã$’»ÀÝÓ iié61P«sÞ;ˆO>Ã0 sÊAùþ®¸â á ÌÎÎí1…½Rû)…û’pX__­[· ñ‹B‰¥å¨Ý§uýýý…èFB"­Gâ›$*’€ö[„Sèòp!A”•Ô¤(†a†afäÁb  »Y¹üm”gý„yI>P+§ÿ³ÕFW‡Š<4p 0£††TUUÁ××WˆzÔ¹®¨¨°9uzwxD`GV.æàò³&#Úß ÿ]¹Â:à¨Â¨´ñ¶ý†GÆBéê…’’b\upÑiûõM­hèÒB¡TbÎœ9¸á†ºDB_xL"’ÇMFS]5jª*­ ¼}|‘š–&¶£uqƒgh<”\Q˜a†9…™9I0¤yÔ' ü‚ÔÎSnAå¨Rñ¯Q]—¾3õ+¤¢'' ‰˜íííÂåøüóÏ 1ð·v;2 Ã0 Ã0¿,e㆟ð×`Jhâ‚ X½íVmÌGô¨t!˜‘k€rô‘K€BˆBBBàçç'æÓ{zMŽ{§ »On¾øaÓ.˜º:°tÎ8t7Uã©gž…V£ClbïSy½Þ !‘ñ(«8":ì^în¶páªf,*L›6 ,8®F®zR2¦"$< E‡ Á’rºù‡Ã=(–…@†aæ´€Ú·³Î: “&MÂÆm•w}||DN9G%Ä0úœ„²èèhá.”†É%HëQ»OÅ:ÈHm¯T½—öñKˆi´m ߥýÐ÷¤\ƒwÞy'–-[ÆU‚†a†a‰¿Üq;šËá¼ñ!ÐiTxõViìDLÒ(”jšKB9 h0áîî.ÔQó¨¢!¹Ée@.&^äð«.)€§:-jlÜ´ &Lƒþbbbàíí-ªRž4à ÷JDƒ û PAmðCYm›È8ÓºŸÉÉøìãÄöSŽæT(U‹†ÙÔªÚF$¥‚äpA— ðX±†a†9¡ßK/½¹¹¹¢ý¦6Úo ™%âÑC>JR]]-DCZ‡B‚©]§P]ÿ(¿ž”g— ÐašN4Ÿ @}‡áIT¤ßø /ˆ¨ f†a†aä°heóÖíˆ õCjb4ʺp¨¨ ã‚‘žŽš#åÈ;”ñãÇ£G¥á5R•AêlSŽ!r Ë€$ Ò2ä$áö¨tz(ÜüQX^‚Â"œ=#¾.x饗QS[ƒ´±(Áôž¾ á«”a†aNåÑœ»”jcÇŽB|#ç_dd¤ >|ø°pÒƒ7 &w¹G-ÄAZŸò’8H} Z—ÄBŠ ¶(¢›$üQ‚\ŠÃ}úîO>ù$®¾új f†a†aÂb •ä”4Ôµ™QP\Ž¸ð@D„†`OA ²r‹0{\Æ$„£´è0:šjÑÚ­„¥§·r!A ÉÉ=@ &×¹ Èi@9ÿÊÊÊDGŸ–±Ç¢qù×mÞ)W/™ ·žV|ðþ*˜”ZDD±È0 Ã0Éc6KÂU&AŽäQ***Bâµçô0B*F‘ÔæSØ1}nï$w m‡Òg0K¶C}ïè/"£×Ç[,„úÅÅÅøóŸÿŒ{ï½Wä1f†a†ag°xêäGÆ& ¯¬V RbÂï¶BgGfŽ‡Ÿ‡+ ós wÑBíê k‡?00P¸¨Nz0c ‹Pgœ¶K{r!6L‚Ü|‚aQë±co¼ :̇‚{ðê›ï ,2Nìƒa†a˜áRyPè0…ÿ’èGí7…Õ’›Û¶m¢ý&g ¹)0…ð&&&Š6^“˜'QRR"&ÉmH¢ múö¢ ½§ÏH<ܵk¶lÙ///äåå!""B|röÑvõ/¨hÙ¸qãðꫯ '#Ã0 Ã0 à ‹‘q£±aç~¨¬}øôQQ°¨Ý°í@!Ü´ Ì›8k'~çøûz£[¡@ HÎ@rÒ@‚ò‘ã’•;åô¨´P{¢¢¶ ûö¸Q8cB<¾úâ3Æ<:mœÈKÄ0 Ã0Ìð@‡/^Œœœ!⑸F…6H´#W õ ¨}§öœr“@H¹Iè£ö uhYúœ\‚´ †úKaÇÔG ñOê¸aÃQ܃ ýѾ¥¢&TÙ˜ÂÉ)è´Ï`Ý-£ïöúë¯cÑ¢E}—†a†a¦?X tu©z¯«§?ví;ƒ‹ Ña¨hêÂîƒEHŽòÇŒ± hk¬AAþa<¼aQ¨…XGsr’;0**Jä*((Îz=à¾u¨=°+뎩ÂÒ9ã0*Ø€•+ÿƒìœ|¤ωÀ†af˜ ¶{þüù˜2eŠpêQÈ-Aí9‰„$ ’{OªöK½§v‚”„J.=r’ÃÞ“àGb íƒÖýüóÏ…Q­K" å&¤è‚}ûö!%%EìÇ´OŠ6¸ûî»±lÙ²a-0Æ0 Ã0 ÃŒ X ìê`JJE›I¼Âbû„% Ø•MÕ€ã0.1 Ue…¨­®‚ÒÅJ•Z ¨°…‘pG{P(1…þ Ôqﮞ°¸xcÛ®,¦¼hj2|5ø÷òÿ¢G­Cdt,Ÿ †a†&¨í>ÿüóEÎ@ &1rùÑ|rí‘øG®?É•G¢œT ƒæ‘¨GËÓzò<Á$Ò| ?&ç =RªHLnCZŸ" -KŽCÊyH7Za†a†aŽ…ü&&¥¡¼®e•ðB`@ ~Ü[ˆºúzÌŸˆÔ˜@dîÙƒ–ÖVè ÞB¤Aƒ:L ãÀYþ@{z „ÆÃÍF`íÆmöóÀ¼Œ8”åeaãæ- ‹†»‡'Ÿ †a†&(l÷‚ .¡ÁÕÕÕB¨£‡x”ëè‘h'Am}~~¾hïé3©µýÔÞ“Ë0++K&q´?iIX¤y’H!Áä$·àóÏ?/òr„Ã0 Ã0 s"Hb šÅÀLœ4°Nßû5Zꊑ‘’€¦Öv¼óý~L„?œ3 Í­x÷«­ÐùFÀÃ/X„ÓDEhPq\Oòu5[ Ë°ãÀœ;k Ò ®Øòñk¨îñÁy_)\ Ã0 Ãœ8äæ{àDHïßÿþw‘îÃÓĉ…H¡@âŸ4ÙCtÝO IDATÛ¢\€Ï<ó âââøÄ0 Ã0 Ã0ÃÛïåC0xœ¹H$öþîËO`înÅŒ ©(¯nÀ®õÙX4!·\2 +°v÷¨}Âáéí'Ä:r PÅ@iÀ0TtÞaPz‡`ÕlPàÌéébþÛ/>† Øüþêkņa†a˜‡"^xá‘öã¾ûî9 wÛ·oÂñãÇ‹T!rwàñ@nÁ{î¹Ó¦MãÁ0 Ã0 Ãü"p˜ð!Ñ-1)n>ÁØ0îZ‚ýp ¤—`rJ&'G¢þHÊ*@¥3@£ÑŠP"‚ŠŒPè<Üh0P>A‡LZ¶ïÙcg;Ι6¾ê|úÕ÷¨ijE||Ÿ †a†&(Ì÷¢‹.ò¨0…é’ HaÁ”Ç&‚RP~`ò(Ô—JaÂTŒÄQ˜0E HëKкÿüç?E!2†a†a†n¤0aN>sœDDDàòkn‚ÂU·ÂÏË áÖyoÉǺݹ8cJ2þxöX(ë£ðÐ>10 Äâ±±±¢²`aa¡˜7T,J¸…¥ ¯Ùÿ÷¿ïáíîŠsƵ6÷ßyV®\É'‡a†a†‘3Ï<k×®!Á$ìQàŒŒ Ì›7OT– ‚#'´/vú3 Ã0 Ã0¿4,ž “§Nǵ·Ý ]P"Êk[è w¬úñ +jñ»E“pûÒ ˜jòŸ—#@ ŽŽŽ‚ å*Eùèl¨Ä/š'ÞÈ/ÃÇk¶£®²˜s2 Ã0Ì/Äc=&ºùûû ÑO¥R ApêÔ©NÿBì*PB!Ń),Æ0 Ã0 Ã0à ‹ÃÄÂEçâÚ?=ˆv¥5  ôAisÞür'šZ:ðû…cqõœXtTÆ‘Ê ±¹É-H¹ˆUܳc+æŒòÄ K&A«Vâë {ðå–Cô÷A«àDã Ã0 ó †+Vˆâ$èQ±ÊxöÙg#55õ˜¼‚$:CÊ1–a†a†ùÕ`1p¡Ðžß_®¸ñ.ÔUhiiE|T0¶æÕâ™ßÁà¢Áÿ;k &†©±oÇF.Lb 刊Š fï½—M䤻ºñÜòo‘W݉èh­cŽn3çb†a˜_ôôt¬Y³×^{­(.F¡Ã”óÏËË˶LOOÃu“’’D„… ^Ì0 Ã0 Ã0¿œ˜æÀ×Ï7üù~dí݉¯?~©£ðñ¦ÛŒ¸¸Xxë•"TI¡Ò#qìh>ø Ã0 ó+rñÅãüóÏÇwÜììlá” Â"r¼½½qã7âºë®ÅH¾øâ <ÿüó"…ˆ³jÅ Ã0 Ã0 3Ü°ø ’:f¼˜¾þôlß°ÁÞ”7H7¾Øñq¸xn:–t›±âûL,0!qt’HPøpya.n8wÂý{”ñãnÔ1kêxXLFáFh³¸ eÒl,>g t†a†ùµ;Sj5þñ ¨¨wÝu…+"\\\DÛ¾hÑ"üõ¯aÆçœs¦OŸŽ§žz »víÂäÉ“ù`2 Ã0 Ã0¿|ÿ•Á/Ï¢ó.‹—âŸ/>Ê¢<„x¢ º ;ó¶cÞ¸h\»h*Ú±|õ^tôh1jtöïß ¾z.ÔJÀd¶àÙåß 2. 3& Ëغ6 ,n!¸öº«àççÇša†a~C(UÇûï¿õë×ãñÇÇ%—\"òÒƒ;úër >ùä“|ð†a†a˜_ ­­VcÙ_@ue)ÞxéY[êàçå†m9G°~w..]0w_:™Uø`Ýf,™‚ŒøÞÊÀG(,øËíX¼p!\5@{{ª›»1iÁ—1.Ã0 ÃœDÌž=[L Ã0 Ã0 s2Âbà¯L@p8îâظæk|ùñÿ Ušáå®Ç×샥«8gûóm˺~/êºu¸ú²óa6QT^ ¸xáê[o¡G Ã0 Ãœ\Ü|óÍøòË/±xñb¼üòË|@†a†a˜“ ®&ü1}þ"<ùê ŒŸq Ëë ´áåé‰çþó¾ß²_,óÌ×"4q,.Z4K$$Ï+«Ã„yçáòknb!a†aNRH,..†a†aædƒ¿1ç^r9ž}øn8táÞ(®iÅ}o­Á}·^ µÒ‚œÂrèÜýð‡eWñc†a†a†a†aŽO†“ ÑâžÇ^@î¾íxå…§PSS„GyÝ­È+©Æ¤¹çÂ×?ˆÃ0 Ã0 Ã0 Ã0 sBp˜ðIDBÚDüã߉êÃk~Ú è°èâkXd†a†a†a†a†vž„\yíÍ|†a†a†a†a˜a‡ Ã0 Ã0 Ã0 Ã0 3B`1a†a†a†a†aF,2 Ã0 Ã0 Ã0 Ã0ÌÅ@†a†a†a†a†!°È0 Ã0 Ã0 Ã0 Ã0#†a†a†a†af„ ‰?º§µÍgž ÏkûÌ·T× íÚ`Ê>í¢…Ð?ó:øÌ´sÚïæÜÃP%&Àí¥ç ŠÒöÛÿö(ŒÿyÊèŸ~šéS{÷[TŒÖo…9'ªÑ£`xí%(#‡´mZ·õúe°”–‰ï§ôA¨Çg8?”m3 Ã0 Ã0 Ã0 Ã0§#N ´ÔÖ¢íºe°””óYǃÃå–› Y0¦Í[ÑùWàzןÅgmwÜ·gž€zâx—ÿm·ß ¯>ôöffÒÏÞ¹Yè¶n»ýžûm¢[ë²Û¡òQ¨ÓÓ`Ê܇¶Ûþ÷OV é»w¾þ&\®útWÿ¯¼nÝßJ!ú9›?”m3 Ã0 Ã0 Ã0 Ã0§#N l9{)\þt+L»vóYךup{õ¥Þ3u2Úîº×&zþø½m9Ý•—¡ý¡Ç†´ý®oVCÿȃ€R)r÷ùà!!Šý‡úÝM;vÂíé¿Û¾_Ë—õ;(Ûf†a~yÖ¯_/&æÔ§±±‘Ãüöî¼ÊÂìÿø d+¬°CdöR–ˆ8êÀQ«¸¨Vj_k_µµŽ:Z­¯UÿÚ:ê.uTQPd( {ÈÞ3ìMX „õçwÓ'$! äœóý\×¹²N’“s’žß¹(°". ,ýÕçÞ¦›ò‡G2¿BáÿŽQ…Žµ#—ò©/ø88s¶¥<ü˜•þò³}y…ˆÇ½uÚ÷ ªDhS¸«0(ˆH†2PÛn™Q_ûë‡V¬Lß$Ð’}o¿g%Ÿz<Ç_»HíZÞ^\(:ú¤y‹ðù ÇÍíà¼9¿íÕ«ú6`}ý#{~ŸªUNû~DžÂÜ?ÙÙåb¯Ì³Ã‡íÀ·#­hç Ò?vpêtK}ìI+ñø#fQErüµ‹^q©¥ úüØך8ÙŠöº8ýcQMy (‡æ/ôÙ9¥jÃýÿþÐ_ßßÿ}‹jÙâ´ï@ä¡20ƒ’Ïù$wΙ®]»ú #Â@€PC›0Îýî) 8 D€ADÂ@ B‚0ˆ„@„ "a !€ADÂ@ B"Š»/]»v=î%@€03  @fh"a !€°jÕ*{ôÑGmàÀÜD0falëÖ­öùçŸÛš5klÏž=öÕW_ùåž{î±:pa€0õÉ'ŸØ„ ,**ÊÝÆŒc;wîô Pá߉bbbüýüã­víÚöðÃ[¹rå¸ós„@˜X´h‘Mœ8Ñ6oÞlÛ·oÏ4«Q£!Œ07n´áÇÛîÝ»½ðÈ‘#>ëO/φ%K–ؽ÷ÞëKFþ÷ÿ×·€ÐC@3eÊ:t¨]{íµ–˜˜ÈÀ¾øâ [ºt©¿~¶CÀŒT¨Ödµ ·oßÞî¼óNßF Ba Äúõëí¥—^²mÛ¶YñâÅíwÞ±ZµjÙ-·ÜbUªTá"ƒ$%%ùñá\€'Òmعsgú̶mÛÚwÜA(@ˆ  xï½÷ì»ï¾³råÊYÉ’%}p¿*pT ôç?ÿÙZ·nm·Þz«õþ–-[fß|ó•-[Ö¶oßîï+\¸°:t¨ÀÜƤ·./X°Ànºé&»ð yð(à8£à1b„ <ØŠ+f+VôðÄÊ-?~¼Íž=Û:wîlW]u¡ ¦’““íƒ>ð¿û"EŠxžBÀ¼Üœ×öíÛg‹-ò%#Æ ³Þ½{{µ (˜8“à˜3gŽWJ©R¥üD?«“}…_}õ•Mœ8Ñ~þóŸs² „Uú駶aÃ+Q¢„zb  ‡€™£&L˜`Ó§O÷ï¾û.,a g‘Úýž}öYߪö¿ì„€麛7o¶×_Ý dwß}·ÅÇÇsÇ!L ƒôAll¬wÞy^ ¨ ° ÌÌ Ý^…šÚ6¬JgP0p– 0À¾ÿþ{?IÖlÀÜTü¨…pÍš5,êÄ[ócbb¸“²jÕ*¯¤S›­Ž Z¢‘¡T Ø»w¯U¯^Ý.¸à?6€‚‹0€|¦¹€£GöŠŸÊ•+g:ðLíÞ½Û~øáß8zÑEyû0ó‚MsÇŒã 8êo¶ Ï<=1¡ã™–‡hnàÈ‘#}‰ˆ~6P0q¶@>Y±b…½ýöÛþzvçž ˆkV×_|áUF×\suëÖP(`ÔB«–à;vXÑ¢Eýo7T+µÕ855ÕºtéâA¦ÂÍmÛ¶…äÏ@¤á,€<¦y€¯½öšÏ<“¹€gJAÃÚµkíÍ7ß´o¿ýÖî¼óNkРP(,Û´i“¿® P BÎÖ±!¯©%XãÔ B´`f輂náÂ…–””d5J¯À-ˆ¡ n«LU oÞ¼ÙG¨òY³Y@ø"  Úª…Z ¶¹P eÏž=Ö¾}{_f Ù_Z |Â@ ÷æÌ™cE‹õÀOmÂjÁWø®¿1Uâ*x×Ç4K°L™2ê8¢jFÝöÚµkû–à *X½zõ¨ ÁĉmüøñVµjU¿„j5 B µk¨ª—t²¯í B{07¶oßîc´\C‚ª¨S¿{÷nuìÐuÔJ¬'¶ézj>WTñ¬‹ªõ„‡Z6lè?! ‘0€£-ZdC‡õÁùªš åM EŠ±îÝ»{Ëß”)S<Tø ÷s²äÕ«Wûß•ªþT}«ãGtt´~ÚÈ«Ð-ø›S%žŒÔ¨QÃ/jÝ?›t<Óm¨Y³¦mÚ´É–-[æ‹Áq–`"a ¢©Šçÿø‡•.]:½u6T[‚ՖتU+Tá¨|j_$òžªoõw—œœìÁŸAmàUk°ªU¡«Ê;]G•wº(@T§PN×ËïPPßS! n›.+W®ô0RÇ;86ykРAÞÎ׸qc;T«µ Ts µýsÖ¬Yþ3h˜ª“¨øòñ?ÒQQéaž–‡(tSE B7…ªÔß¡Ž3zâAóÎéoVË|TQç×ÍÖa…‘ª Vh©!ZÒ¢E B@"ýÿ0Ü€H3nÜ8ûñǽ2¦råÊ!êd^³ÊT ¨JÀ`!@P ˜ÕÉþ¹œ[„Õ¨£¢üïO¡¼Â7ƒjVا0P—Ú8¬pNU‚ú¸BAU j¦§*æ«eW3=s;×SûªTÔñAU‹º-­[·>kËAô³€üî@¸Ó‰©æç}ÿý÷^£PóC9T¨àÛøáuâŸÝŠU *¤7>úè#kÚ´©uìØÑ+ýô)S ¨Öa½ÔßhP%¨ê@ý­êø¤%#;vì°Š+ú¹iVø§ÊÄ 6øÛ .R „€°§JÀéÓ§§Ÿ ¡Y(nÕÕíÖ|Cµý©¢Hž 9i¦uÈ{zÒA}bb¢‡õ U)¨0°B… ª PU‚ U%¨Öa=)ÌöS0¨ Ãàï:;t=}_:6h9ˆÚ@2*œˆ0ÖT£ômÛ¶ùI¶è¤Y[4kÕªå`(´ËªŠHêÖ­ksæÌñ0¡R¥J^At¶Zÿ/³¿;µ«úxÒ¤IƵlÙÒ¿µk×zP§ª½ ZP‚ ðTé|-½TUŸ* jîàé(PTø§¯- U È\@p* „µE‹ùÉ´B?µÒê¥æu-\¸Ð+U‰£·u)ˆô)ÐÔ’UêçQe‘ª†8wäŠBAUä1Â7ëm…~III~ÜQP§P°ZµjVµjU3>1¡ªÂuëÖù窊ðÄê¾ PO踦*áË/¿<}+:À©Pk+W®ôŠ@UÍèd<Øè©ðO5jV¸¦JA…mið½n«BÝ>Uþ(ÔÔ’*‚!«™£Z¢ ^Uú-_¾Ü—ý(Tˆ¨€OÛÁÖáàø¤ã’‚Àào\ïÓEǧ JPoëI} }+¯¼ÒƒDÚ@vÂZpÂÌêÒKHë}ª¨Ñɼ©S§úI{½zõ¼‚ð\¶ÛHUá£0S€jVPI„cô7¬Ê?,P_›6mü8³yófÌÔ“Á1*xâ"x‚"X<¢cš‚A·ºuëæÇ-Bq87aM-v:iÖ‰¸N´UY£×µD$˜ÕTÓ¨uoëÖ­V£F ¯ÀÓIúÙ t²¯à;wÚŠ+ü¶¨ò‡%@h‰ŽŽ>îoVÃzŸžh˜8q¢zší§¿ûM›6ùÇt|R¨cOÐV¬'-ôut=³tŒhÒ¤‰·s\g‚0Ö*W®|\ëN¬ê¢Jl«âFÕ6ªÀÑE¢Nε`DÃþµ¤#¿)„ÔíQ  –BÝnÍc šTe¼~ýz_^”ñ‰…z:®èïZóUõÛ A?¨*XSP¨jA§‚Š@]üÝ}÷Ý(r\gŠ"€°¦ê…yÁɸ*k¶é]'Ö ßÔf§‹*rT…' —,Yâ‹Fô9j×Ë“ï P@õRß¿Q£F=z‚aþüùú)ÐoÚ´©‡tLÉ8“4˜'¨pøðáþq…|jÖ“ÁÚ(¬—:ŽõéÓÇ¿@nPˆ:ñÖI¶r¨BP­ÃªÂQëp0«+¨Ta0OPU9 ,ð*µU‚šû•º :á×–`…:ÁWëßÙZR¥áDÁŽ7_ýµ5lØÐgªúO×K—.õÐ?c¥ ¶ëmÍÔ-[¶ô㌪ µlD«:>èu}m*@n"ƸqãÏO-¼AaNéû«*Q'öú>z]! ÂENòð ¶_µ «ºøÛo¿µóÏ??½XO6h1Ž!ªÔñEÿ:éø0kÖ,?6´k×ί«Y¦õë×÷'2Î5/-Zä3MõäHBB6!ˆ6a@DY·n½ÿþû6eÊüÀ©2O­ÃjÙÕɹ†ø+ôS«®è¤]'ë:i׉¹Z‡UÕ—“ žÁçªåX_SßSA«V­hûªÕܳgO2A­À:èI‡ÆûÇô„Äqÿ1?züÑ:ÞèÉ Q• ¶‹ŸËã„ŽãÇ·Õ˦Ûý½wÚGì³”ä$Û¸q#4!ˆÊ@@X;UµÚ÷æÌ™ã'ß äø)(TlÖI»ªU¨“a+ÔÓ×ÔI°‚=ÍóREÏé*ƒ D}M…€ª¦QÀr |鉂µk×úEˈš5kf3fÌ°™ˆYb| IDAT3gúa;tÑqGa¡ªƒ'üe<6èX£jæsqüT¥âúµËíÑ>…ì·WíNÿØsØ°ÙǶŸ€ÐBkjÃ=ÍéÒl@U¼èD[!ÞÖɹªs4GPU|jV»^ 'é ùt]…º®¾^ÆPPááš5kük©ÝXÁ£ª„È 'DÇ …‚ñññ~<™6mš+ôD„Úm«T©bIII~üÑq¤ ÌôÔmž>m²õj{ÄÆ<½ÇÊ–úé6}:ÖlÈø#V¸ÔadBa ¬eº©GŸ*sÆŒã =Ô¾«ÐOUª ªÕ®§ëjÉH0OPt]]ú©ª0˜1¨ëèsô±=zdëö:è ƒà# ØÔܼysý¦NêÇ–-ZøLA=é 'Îe¨'P¦N™l¥‹n·ÁOìµö ÷ñƒGa¿mö§[ÍžùŒÇ€PDà¤ý艷NÈuQ;¯NؽýMm½jÑSЧ%# ût=‚»víJß:,z[ƒõõRÛ‡ubß¡Cÿ:T‘Aá¿ŽM›6µU«VùV`;þ¡ f”긡PP/'MšäO:踣'#ôd‚–ŒœMzòB·cËÆöä­í¶‹÷ZT&ÓÞf_ݬKsÂ@Ba b©]OA`°1XÔò«×çÎë'ïšó¥P-ªò –ŠècªúS(¨÷«%X?š%¨vàš5kZ£F< *„?ô¹ j®]»¶/RÀ§c‰Úƒuü…‚:^è8£'FŽé××È‚5jœµÛüã?ÚœÙÓíö^…íéçwfÊžT³ç>6ügBa bÕ©SÇ«vTù§`0íê©0--Í+eTÕ£ÿ:ÉWõL0OPÁ`P%¨‹¾Ž®{íµ×ú >•€@äÐßýèÑ£ý8 j?=¡°hÑ"¯Tاc¼yóü¸l BAm'דíÛ·÷cɨQ£|éˆf æ'µ$ù­µ>ßlúk»-®â韸xùS³^mÍÞ¬U, dæ.D"ÍêÒIyµjÕ¼‚O'æ ïtÂЉº¶}ªêoìر¶zõjßîÝ»½•X'íz[¡ æ}ésuâ¯M "‹ž\èÛ·¯]tÑEþä‚èØ¡ª»AƒÙ’%Küø ŠAC4F  jAU+T›q›6mÒ[ŠóƒËÁƒ?³é‡Ú¿Üiƒÿ´!Ë pëN³7¿2{â6kB•€ˆÔ A›m­W¯žWíh¾ ‚?} µëd^'ú"“ŽZ¢cʸqã¼:PôĶ–«2PÕ ûtüÐ\@U‚ õÄ„ZŠæ5U?kQÒÂyÓíá›Ù¯.ÝuÊ–à=õo³ß\mV¥<3!ÿî@$R›^çέzõê6qâÄô“v ï×¼?ƒ:1*õR-À uÿÝwßùAµêÄ]a¡ªô9y,-ɺ(lPðéxpÉ%—x¥`“&MÒ߯Š¼áÇ۰aÃüØÑ®];?®­Å¢'!tQ(˜—æÌ™c¯½ú²Å—e ßÝa÷\‘ý pÙ:³1³Ì~w-ဳ @ÄÒ·råÊU­–•­\ÅêÆV²eKÙyE2ÎnÕÎ=¶lÃ[“´Ê6Κj«V¬`>!Pi«x¯^½|k°æ ª‚X4f@U$·mÛÖ;j#Ö\R…ƒyj£ñ—C[\…½6êÿ’­aÍ9þª |èfÅ‹ñ˜‘û`TTzë¯6x*Ô\@ ïW›_\\œÏ ÔI»æ{)ÔÆO)^¼x®8µÆ7njM72+TØfîH±ñ›vÙ E›mmJš­Ý›f{þô=Š)lUJµ¸’çY|™âÖ©YK»¾{g;|ø›0ÑF}ùEzØ à¨ZµªõéÓÇfÏžíã ‚à+VxX§E! ƒ÷éɇÜÒ1Kˆ›×ͳ—ïÞk—µ>³¶ãQ3Ì­6û×C<Ž„Íyw ’EGGûK‚III> °G^¥£™_Z.¢Vâ*UªøÇU¨17A * Û=ñ¯~ûbõv{øû%6yËÛwèp–Ÿ»hgêñÿ*dí+EÛo4±ç^¸ÐF?Æ>~¿¿Ï(P°¨BPÇ‚Ó¦MóÖ`]t¼Ñø}\mÅZ"¢÷)U9?úk»¹Ç{ü÷[sUÑ÷ðÛfÏÞeÙn)a b)ØSŽÂ9Uý‰BA]Ô¶—` .ô“rµ «¥OÕ6ª ýç”>§{‹íp©Òvш6~sî–<ú3èkèÒ¾Riûw‡vöh:öÄ£Ó: @:Þ\xá…¾lH­Ãz’At,š>}º/Ñ= ‘S ?x¿¿%ÖÝg?¼¸ÍjÆÎÕm:éXkpV¬¿uëÖ¾ X¡`°ÑSÛ@5ÓO¡ ª5óK¡ –ŽÌ˜1ÃgjëpN©5øöÉI¶uÿÁ|ù¹’ÓÚ=Ó×Z^—æéfcùCóo¿ýv»âŠ+üxPårviVèß´1ÛdîË“ÛõÆ—f·2{ñ³»^8ú=¶ÿñeë ùq„Â@@ĸøâ‹}&`@ƒû `ßÿ½oóUkžÂ@ÍÛ NÄu²«àO‹F ªUX-êÔ ÿœPàXªDqÛ˜š–¯?§¾~…2¥-&&†ZZÔ·o_ëر£·² ~ôÁ;6ð±7·eßÑCÔ‹ÍícÖïJ³Äx³{ÿqüuŒ-uÚ éœ„™àìbf bmyË–-óå Û·+uYºt©{Áð~‚zŸæû)À“bÅŽMàW((š'lÎö?ºQQ–vøˆU)QÌVíÙŸo?§¾~ê¡ÃÇ 6U!/_¾ÜÚ´icM›6õ·%«Í‹/¶´=kìÈἫ6~u°ÙÝÍjW9ööÛš5ík6à»cïOÞc6yqI«]¿Túˆ…ÉLUpvPˆ8A[ž†ø™–müøã^)¨°P¡`µjÕ|«gÆE uÙ´i“_r*ªp!{±M-+^$þ Ö×}¡u-SQNÐò Ÿþ#]8ïþŽõDÃÃ?lÍš5óùzÂ!;ÆŒcQ¶ÇZÜeV¿Ï±í¿ãç›ùw&¶î4{÷k³û2ŒU(øÊoµ ¯ÝbÖó¥-¶zc~QT"ö$¾]»v~â=sæL›6mšWथ¥ÙäÉ“mÁ‚^¡£ÖaUè(ø‹ŽŽN¯vÑ<¾3iƒSt_º¸ îv¾]?f‰í9˜w£ŽÞ6}݆eKXÉ(žïò›FäSô䄈h‰‘f˜–-[6ý㧠÷wìØaŸ>yÈ*½êäfC&˜ýâ/ÇZ}{µ5ûy·cÛ€‹ËÞíP;ð//3«rBðí½Ì>kÖáÞbV¡JmŸoÈÆrBô\ˆ»É4P3º4«K3»»ví²Ñ£GÛ!C<8T(¨6ß”””\Ï«¾[dq¥ŠÙÌ+›YûJ¥óäçh]!Ú¦]ÑÔ”-a½Ç,æBŒžˆU#7n||Õª‘SSS3ý<…‡]âXè§ ¾5Í=iv~ ³g>4+÷3³‹4ûçc•™Qëï-=öúï®;ùã|c3W•±’ek[ݺñ<`„0*a-»uUå¢mžš8vìXßÎ)[¶l±aÆyË°* õ2))é”s²²ccêë0lž=ߺ–ýpicûtÕ6û÷ò-6fã.Ûw(û­½j îZ¥ŒÝV¯’]]³¼}¸b«=<#É¢‹²E5ªܼy³WꉇŒT!¨JÁœèšxìòØ-fË×›5¼íèüÿ—Y“:f—·7¯&”ÅkÌÞvlà³w»^`þê’vçK¥må†#Ö²e+¿TÚa-X’]5jÔ°>}úØܹs}ÉHP³~ýzÂ@2¡mžà¯@PÁ`0¯kÑ¢E¶dÉoã«Y³f®¿<…‚ÿ;m•õ¨ZÖÚUŠ¶KªÇXbùRVñ¼“ÿ™NN;h³¶§Øôm{ìÞ)«ì‹ÕÛótî €s+666Ï¿¦æ^Ðô§Š¿+:»œÊëßT±ÇßI±:u«ÙÏ®là£rS Â@NAU…_|±Ï ?~¼oƒ ×®]k 6Ìö× –dFíÁC×îðKú?ÒG¯¯Ù‚­ûf+ø‹Ê°ä@h fæ¥1³Ì~suÖ×›´8Æîx¾˜.\Ú.½¬‡ϤðL–+€³‡0€,T¬XÑ®¾újŸ#¨¥"6lð÷Ÿj»çé>zŽ\½d1[µg–×U{pv®w¢ø2Ç6œªšÀÙ1eÊ?VÔ«W/W_G…÷îÝëKCòªf³–¾póÎöë×*Ø´…fmÚ¶µ*Uªxx¦Õ€ 45[L„d“No¾ùf›7ožMš4é¸e§F×)\ÈìÙ–5­óðùùv;oµ‡ØN{½ÓU*È>-þøá‡üõ *X§N,>>þŒùäädáÊ”)“'·mò³Öçÿ´,$£ÃG Û#ÄÙ»_í¶ÄÄvMïF~œÊí\@*(Ø( >ÿüs‹‹‹³;î¸ÃZ·nþþœTÐ4Ž)i\ïÛ€óš¶ _[«¼-œuÐGäѨ ¶ž={ZLLŒm۶;üòKûøã}óxv•ÆÁ&ó¼òÑ(³«:üþO'U±F¿ªj£çÆÚ7Þì›Ô©& BþïÂ]@öLŸ>Ýî¾ûn¯œ:uªo>·OXfÄ–±I—5ñð./DG±'kxÈøØÌ5N`РAöÉ'Ÿxå`VTÉ;a„L?¦–á¬*}3³'ÕlÔ ³­~zßÂue­ëkÙcýËX÷‹¯ô“–^" mÂd“rhž—Zà6mÚdÓ¦M³Î;§<»­qsw¤X›¡sì‰Ä6¨k‚-Ú™jÿ^¶ÅFmØi³¶ïÍÑmŠ/]ÜÅß4¨b[÷°KG.´µ)iö-kò€gIJJŠuìØÑZ¶li­Zµò‹fêIƒ5kÖØûï¿o矾/Ê–-›éרU«–·«Êx×®]ǵ —+W.GU†é‹Íb¢ÍãÍö싲?¾_Ǿüa¯]ع“uKHðvàܶ€ÐC@6©…nÿþý~ò¼|ùr«]»öqÏÉIõÖýíÞ)+íÅùë­OÝJÞÚû|ëZ jiˆBÁå»÷YrÚ!ùDÕÚ.¬$ Ê–°®UÊZL±"6jýNûýô$ûbõv_:R;ú<,à,Rx÷æ›oZ›6m¬k×® Á A]/^lK–,±&MšXûöíO µ|DÛ˵¹|õêÕV¿~ý\ß®ÏÆ™]×ŬÿØzöç÷öZbËvw¿vy20+yµä=Â@²I3µV­Zå'ù¢JÁÜRð÷ôœµ~‰+YÌ.¨\ÆZU(å^ûJ¥=ü‹Ê0ÛOÁàÚ½i¶1õ€=<#Ɇ¯KöJ@çŽfjž¨Ú|»téâ¡`¯^½ÒCA]ªZpîܹ¾„¨mÛ¶þþŒ-ºzý’K.±•+WæÉí6%ÊŽ‰±ÉkÊÙ-·ýÜHªa 9 ŠU÷¼óÎ;6pàÀ}nV ;ê X¹Õ/¹úÇý¿ß'/ÂJYSÕ°ªúöîÝk~ø¡·ûªBPßÕW_}R(8cÆ õRU‚-Z´°óÎû©¢·N:9úþéoý§€oÓÎRvÿ»UípÔ~»üŠŸy•!! H?_à. gvïÞm%J”8£Ï=|ļÍWù%¾LqÉfPàì™={¶ÅÆÆÚå—_î¡`ÿþý=øÓ,AU ÞxãéóƒÖáY³fy[°–µk×ÎCÁ¨¨œý÷\ã þß—{쟿N²Ý©EìéAµíÃá{ìâžì÷hãO`ädÛ9„ä6‡žÉɵNÊ 2{¶eMë<|~¾Ý¾ÛãcíÀá#§Ý>šÝe'²¶eË9r¤¿^·n]¯¸â ß(üúë¯{õßÌ™3=¼õÖ[«ÔEmÃcÇŽõ×/¸àkÚ´i¶Ã|U$þéOãì“Ñ–ºï€uî\Ï}ì*©™! DŒE‹y@Ö Aß |¦ÔΧ0ðLO²Ç”´.Œ·»&®°}‡çéϨÍÂZF•EKrZsó‹ÚC3¾DøS¸Þ©S'óV¬Xá—„„{÷îm .´W_}Õ:tè`?þø£·ÿêW¿:)Ô1J¡¢^×ìA}¬T¯^Ý^~ùeŸ3¨%$ÌY! DŒáÇ{ˆ§ ”7kÖìŒBÁ`ß™Š·OXfÿh[Ç&]ÖÄžš½Ö·ç–6 ?ؤš=иª=6sý_ËšY†È  #KÕªU½B/ã¢Í]ºt©5nÜØ.¼ðBkØ°¡‡‚¯¼òŠWÿ)T¥`¿~ýN —-[f_~ù¥õíÛ׿~Æ%#™ÑÇ5j”«')@ä D òŸ6mš%%%Ù÷ßï¯+ÌIKžN´wíÚ•«Û1wGŠµ:ÇžH¬aƒº&Ø¢©öïe[lÔ†6kûÞ}­øÒŽð7 ªø¦áKG.ôE$Y…òŽ*Ž¯ºêªô™€…¨Xz¿Ú… Nœ8Ñ&Mšä!¡A]~ýë_§¾ÂÄÏ>ûÌg+VÌþӵýäa b'ÛAõͺuë¼%O¡`çγՒ7þ|ôŸÛå[÷´{§¬´篷>u+ykïó­ky0¨å" —ïÞgÉi‡<äUÿÅ•*æ H”-a]«”µ˜bElÔúöûéI^axðÈ«}6píܹÓÞzë-õn¸áO\¢€O/ƒðOÛÅõ¤„‚A…‚jÎX)¸xñâã¾Çž={¸£@ž DŒJ•*eÚ’·iÓ&oÉÓ&Ћ.ºÈgpʪU«ì›o¾±&MšXJJJ®o“‚¿§ç¬õK\ÉbvAå2ÖªB)ôÚW*íá_Æù ×îM³©ìáI6|]²W"ô 0À&L˜`wÜq‡ÿ>"t©rïÝwߵɓ'ûì@{§ZlVØ­[7ÿüo¿ýö¸ÍúÜ~ûíþõBÍþýûmëÖ­V¥J~1( ãµ×^ó“oh­|º¨2PU;›7o¶?þØj×®ííÙ…‚7Ýt“Wòè¢þ¼¤PoÀÊ­~ÉÕ?îY,I¿^ÿ 8TöôÓO{ hñâÅí™gžñpY•«(¡I­¼—_~¹o~ã7üx„‚§[¢ëi~ॗ^ê¿C† ñ P›‡Ë•+R÷Ú˜5B¡yóæÖ¢E [³f ¿Pœ"†úkhêDýÄ_º¨úO—zõêyõŽ6tÔ¬“w…79¥JÂýiiV­xQ¯Ì/ñeŠûËäädôDaÏO<áÕa¥K—¶’%KÚáÇ}éƒ~/ï½÷^_UtéÐ礥¥Yýúõ}SoÆ‹¾Gð²LéÒÖ½FE{kÅö|û™Ÿi^ݬ[i£GŽ<îûg¼¨eºlÙ²Ö¥K~I΂¿ÿýïö /Xjjªÿøxè¢ß͉6l˜¿®í°¹M‰ü5bÄŸý·cÇûè£üx¡ãM:u|1‘–i¬€Ž'ª<®U«–Wê8£ã‘ªÿt}…‡zìõ„…@=áWD¿ šWªŠ»S_Nõ·~º÷gu¬¾¶*r+ÔϲqãF¯zÕ VPð<õÔSþ‚0Ö2†ªÜÑ ¹‚?pkN—NÞ *tѦÏÄÄÄôPPÕY ׯ_ïÕ= rôþ¢E‹žô}²ê¢P SbSëSÌ>_·Û~ä¥kâÊÙ-jØK/¾à?a๥¹€?þ¸ÿÁNV¡Œ~Ï´…vܸqþ8)ÀFÁ„Z ¢cˆB=b:®¨m¶qãƾ=XÇ=žúû×ߥªŽ/¾øâôcþµ DŸ»páBo±U ¨¶q…m ª· „ºMÛ·o÷ÊG7u›ûöík}úôIÿ=a "d ßÿ}ŸÕ¥“ê2eÊx»^… ì‹/¾ðv=…ªÚRUŽªzT¹£õ"EŠøI¾Ú÷tR¯ùAXÈn¨ëlX¿Þº49ß~Y§¼­O=hówíËõÏ©MÃnPÁþÖ¦¶½÷î»^ùxº“|ÂÀü¥0ï° ør FGþüfÊ×S›·$-‘8ÿüó½Kªí»gÏž¾„H! Â_/ êãIï—:&©­V¢W-BA}UÛés°)HT¹ÂÀµk×Zƒ Îi¨‹ªfªÂQ¡åe—]f÷Üsÿì `# D„Œa N´°¨2G¡àòåË= Tu‹ªz4¼?¨,Q¢„e: NÔuR¯“_U ê$_'È õþì†AUÍÒ¥K­|t)ëצÝY«¬U)|ȶ*döÈÑÏ_º¸ÝW£„õïT× ï·×_}Õg‘eu’O˜?ôûõÈ#øvjΪ"=1äËN\:äÁÒ˜1cü¥Â¡Œíé8·‚0P—‡zÈâââüX¡9£:è1[½zµÍ;ןhÐì@UzjyÈìÙ³ýX£ã“*ÕZ«ã‰.:þ¨eX¢žŒÐqH!\BBÂ9 õsè8Ù»wo3õ3?÷Üs¾p „Â@@DÈ^wÝu~¢®0E .ª¾QÅNЃíÀƒö÷éD^âE]ä!_0çK'Æú¸NŽ£££½•/'a .ªÒɽBÉbvÄ:׌µZÇ[¿š¥íçÕ£­]™"Ö°DaKˆ.fÕ‹}Y2ÊZ”)fWT*a7U-aÿ[¯œ½Ò1ÞîoRÝ*îÚlß|õ¥Ï,ÓmÎÎ÷' Ì[ªÞÒ„þýûûý­0G2«øËI˜±uXU† ‘T™ª6Ì<÷2¶ ëIm ב ªXO6ìÛ·ÏÛW¬XásÿT)ªMêôÔW * ur¬ùƒ9 ƒ‹‹ªÒmصc»•³ªøQx¡ŸÊÀœS¬gUÕÆ©ê<ýÞdVõwâÛyQ˜ñ¢PP¿«Ã‡÷vsÍÔœBœ=zˆ¾Ë IDAT²@ ?T(ª¸Õ1@a­¶•«²/XÒ½{÷ôcÆ (ü×±DUÁj½U5¡BDŸ¾þúk¯ ÚÍuœÒõt<ÊÏÊ@ý>é¢*hÏtœøë_ÿꕉ ôÑ& ˆÃ@l«­WÕTªÔIw°(DAJÆE!j» BAiݺµŸÐOœ8Ñ+ ÕΧ°P!¡æ„…B¨Û«pB?«6˜êgìÕ«¿$Ù¤ªÍ_|ц æ!IVËAN|;¯ÃÀà¢ÐH•\ãÇ÷×õ;¨ßGä?…s ý4ÓQ¿…‚9 *@34Š`Ïž=Ç- ѱFóõ{¥c*‚u\Ñu´ÔH¯g õñü uŒTUc³fÍü¶íرÃáè >!c¨ª>´«ÅWTZ¢ ½_og¶(D;š•¥V9Íf»ð ýcúºª ÓµÓô0P?£ªØî»ï>¿ôúÿ3€,¨ïý÷ß÷å z]í› Œ³ úN|;¿ÂÀà¢PI•j õ;Ï’‘üå³õ÷?iÒ$U)*úÑb"UàjÆ£¶+Te®B7+ž€Pè§vc…‚ºžª  ÆÆÆúë µp(¯gªY³Ju›õ¤ˆª^µhé—¿ü¥• ¼"BÆ0PaŽB=pë\3¼t’üùçŸ{{°Zö‚E!ªê NÔu„‚³fÍò“dµóé$_Áš6†Ô0PA‚B þ×ϤðS³¿|"kjûí·ý>Ôã®p-»A_v®“—Qõ§~ *ä ‚mä/-rÑ‚¢eË–y5±ž\‚XU&$$xµ ¶«ÝW¡`°($ãR#…‰ªXÖü@=~ªâUµ§Â@ýíêí¼ ÕZ®' t,ÐñKáñý÷ßïc@x" D„Œa èäW'Ûª¾Ñ댯JAµä :Ô_*L©X±¢]vÙe^Ù£“tUè(hQ¸råJoÖ6Þ`qCA µÜD§Ú›R¨ôšk®±;î¸#}1NM¡ï믿îÕXªÚ BÀœ}Ù¹N^‡Áëú]Txôý÷ß{«~¿ô;¢¥!Z$¢ Mˈ40˜'„‚:nUÉ:Þèã u f êk©JOÇQ¨ 1/Â@ÿ4ê@·U¿'ú~<ð€Aá02†W^y¥{j‰S৓bUñh£F,11Ñ4…‚ õº®¯Ï f|)$T¥Ž*°©MXï+(a . âââìÆoô $ªøÑlCœžæ(¾üòË*¼QhVÁ[A õ{ Û®ßiU»öìÙ“÷, –)à;v¬ÏßËØr«ê?µûª2ð‹/¾ðŠc…‚:.iV éoUÕú;–¼u|Ò%m@ÖhÝ®Ç{Ì+ƒÀ„7Â@@DÈÞzë­~žqQˆB= tr®“n]GÃúUU„‚:)¿âŠ+Ò?W!àòå˽Ê'Ø&¬vbµ ž«0P‹º ¿øÅ/<àÔ ¹¿ýíoþóàô´ÜAsƒå Á2ˆìo- T裊×k¯½6=ä! <ûtlP• ÂX-Qe±fufü¸fêñÒ¨U+Ôïžf“ª5]mþ’Û0PÁ¢ª\õd…¾fŸ>}ì׿þ5Û§ˆ0AÅ]ˆªøêÞ½»]}õÕÞ’§‹fviãçŒ3¼uN3õ~µÐ)HQ ¨Å:9oÓ¦_t­ë(pÓvÞsmçÎ^ѦJ@ jQTÅBKœž`ÍqÓ|6U|jþcPajú¨íöÛo÷6öz¨ çN×®]ý¢Ù“ ýÈeÜ<¬'4ÓS¿ƒjMoß¾½‡4š@³sCUºh ŽzyÛm·Q @„# „µŒ'ÝÇ·… zk°B½n¸ÁÃ@{ uQ…àäÉ“ýd\m~j¡S04zôh µTï×ç?òÈ#>kKT‘w¶)¼Z¼x±W i&œZUñóÐCñÀgØ1c<èUX¦¹€º„j¨s½zõò Õo¿ýÖC¤sñ;‰S»ë®»<ô{æ™gü8¤ê͌۞U%¨°NÕÌ uœÑãT}*èÏ.UºŽ9Òçêø Ù…¯¾úªÿŽšZôT#ݺuój¾wß}×Ûæ4ŸK¡žÚ‡ U‚º¨MxüøñªRG¡ 6óÍ7^E¨°P××\9 ÚóÎUÿ©Uùž{îñÛ«…!ª<Òœ8œž[µmª S÷—ã³ýøåU6ª²L¿Ç ‘ÔfªX•_º„âÏδ¼Ga f–¾öÚk>/P€…ƒªBÖï£æûÕªUËg Jv*<õxõÕWÞþ«åAúÍ Õ± À ¬éäXaÑð|ÍñÒòwÞy'=ØSί~õ«“BA…nª Tx¨ªÀÞ½{ûœÁ!C†øçjîWàlT•i~¡æjÓ±f*ØR¸ Ÿ §§Çü믿öûPÌ„jK°n³ó=zx°©EªS˜¤ð(¨ Ô¼LU—¡`©R¥Šýå/ñ­æo¼ñ†?N'†‚]ºtñ׃VáŒKH2£­Ñ:6iù~43R³NDk?ÿùÏý¤[áHPa#Ú¬¶J<«%O€ ƒ™€Û‡Õ¬áýj3* ¯»î:ÿܳ53PU‰sçÎõÛ¤JE…øü§·oß>Ë4[Qí“ ÑBy. ~—õ; ŸgðàÁþó©B5XbƒÐ¡ÍÁÿüç?mРA¾¼F Frìkñˆž°Ð¼K]Ô|Ë-·0œa ¬éäZ•sš§÷É'Ÿx•`ÆVÚêÕ«ûEÃû5?î‚ .HŸ د_¿“*µ±wèСã•‚‰‰‰ùzûX)¤Ô÷Ó<@U#V«VÍ~÷»ßñàfƒB@URªVa°ª«B1U{ÅÇÇ{­ß› õ3)ÔψÐtýõ×{%ßsÏ=ç~jýFœŠB`…ÁºžŽ•+W¶Çœ¹€ K„€ˆ –»N:Yÿþý=TK^fÃûU˜q{°‚ÁÌBAµî©åT_CmyùAËA4ãPÕjWV¢6"gÀ| Œ*)ƒÙy ÍBy. BmµkŽåÒ¥Ký÷Nsáô±P 7q<=¦?ü°íرßÀPÅŸÚ‰g-Ññ@Ç1UêU©R%îD-„€ÈùG/*Êî¼óN»ñÆíƒ>ðàO'ÒA(¨—jVÀ¢ÐE-ÁÁæáÌ*j E^ÓI¾*¿.¹äT)ô§?ýÉ+pjªŽÓ6èøµ[ªjN`¨ÎÔEA¶‚aµ©KÐæLKpxÒÒ£^xÁCßgŸ}ÖÇh1Œ–Žh ±‹hV©®§v`h 9:/â.DšèèhŸ xÍ5×Ø?þñ¯ÄÑûÒÿqŒŠ²®]»úÒ‘Q£Fy•™Ú‡ƒPPsûtQ›¦fùåmþ3fŒoUÛ Gm:îÞ½;Z6è¾SÕ§¶Gkž^ݺu½5X­á¡DÁŽ‚¾úõëûK̓SP­0˜ˆð§Çÿ½÷Þóy‚ÿûß}>¨ª]* VÅ0UÂàL"–Zðþú׿zÞûï¿ïÚ0Pˆ¤ÍÃjÕÕl.UèKFÔ>üàƒúr’¼ *D…‹š¦í° $µí8ã|Cœšî»àñÑëÚ¬PPŠf,³õ :ýªÝS3ãkN æÁé÷@! A`äÑ_|±/:Ò<@U(3äg€ˆTú}úé§6pà@ 3V“©"KÛƒ5'ð£>òÖa]´<$ã†â3±bÅ oUå¡NðÕ¨jÅœnt ,ð O=n ÐTe™’’â[—µôEUUjVe]A¼oÕö«JTýN%%%y•£Ú@ua9?òÈ#Ü Oð_ ü®¸â {å•W˜ªZ´hÁqÎ&''{h¢Öɽ{÷z¸¦Pp×®]>R!o½zõ¼ Wᛪsææ–ÂIUžjC°¶Zky*k×®Í\@ä Â@2ÐÖÖßÿþ÷¾äí·ßöÊ=mmÍ(>>Þ/ ää„Ÿ!C†xàwÜá!–¬?ÿùÏÜù¹ å Xu¿ªšNíÞz[*ªé:›7o¶¸¸8ŸË´…Ÿ«å úþº½šm8gο½uêÔa. òa ™PKéC=dK–,±·ÞzËÃAmÎH•9¡™v µ%xË–-¾5X3Y{š¨9ªÔT¸ªWAŸÂ]-QË°Â7UÛ­^½ÚÖ¯_ï ª=ƒÃgKPñ§y†jaÖï…*U¥È\@ä7Â@N#!!Á^xáoéÕEUf99§àiäÈ‘Þܹsgo ¾ï¾û<ŒBÞP5 Â>…¶ûöíóaƒA(¨ª;µ «RPÁŸ®»|ùrU™§ë)DÌO ùÔ¾\³fM¿-Z£ÖàFùí!ÀÙ@@6\zé¥~yóÍ7mòäÉV¶lÙ,+úJ}öÙg>›î¿ø…o‡Õâûï¿Ÿ;4i¶£Ú}uIMMõû^U øÞꢷՖ« Na¡*ôT18oÞ<¯úÔÖaU j I^Vk*|ÔmÒïZ”B*¼Te)•€8ÛÈ»ï¾Ûn»í6ßø«b…‚—ŒFŒá3ê j[pTT”=ÿüó´ç3=jÁÖB} U¨°/õRzÁ’…‚jÙÖEKcØ©eW_K×Í -0Ñc®vdµˆ«°I“&gm9ÈÙl@h  ‡ýá°­[·ÚsÏ=ç¡ŸZQ>-\¸ÐÆŒc­Zµ²ªU«ú,»ßþö·¾Ég‡B7ÍÔæ`…j V(§àV­Ãz¬T¥§ @…ªÚÓÇœmÚ´ÉW=v•*Uò÷éz9¥¯§‹ZÁծߑ¦M›zå"•€8—8Cª>SµßĉíÙgŸõ°iÕªUÖ½{w¯ìÛ·oŽ—Œ o(äS§N¡œ*ñT%¨a=nÁµ+LNNö*A…uZ¢å"š#¨àO/ƒ*>½®¥ú<]_¡®PH¨-ÓåË—÷ª@…Œ]»v¥a yY…nÁŒ@‚ õ¶6 oÞ¼ÙÃ?Uêm…|Zö¢0˜'¨Q*tT觋*U}¨ @µëcݺuËÖí»¤X‹á÷ÛòŸ½‘þ¾y;W[ïþÏVíÝlMÊÖ²WZÝe*58és³{½S}ŸÍI^e}§¼ê/[”«ktø%”®Æƒ@˜! a-˜¨0PÕº(¼S¨÷)Ü°aƒ·+ æ •‚ ùTù§¯¡…"ªþS@¨cˆIIIÖ®];o¦9±i_²õþá9[±gÓqï~áö? —Ûo^ž]𙽺tX¦!_v¯wªïs¢›&¾dnú ë]£½ý{å÷Gßþ6ý’x 3Ì a-11Ñ:m V˜' ñTݧ€O•‚jõÕëA(¨QÕƒj VȧpPáŸ**@Ô2µ_sÍ5"9ÕúÛ­oÝ‹Nzÿø- ¬_ü%þº^ÎM^éçg÷z§ú>'šwÙß=”Ûêtó A~@XSÛo‹-¬Y³f^Õ§ö_)T¨‡| Õ¬PP *×­[g[¶lñ·VªT)}¶`Íš5=\¼öÚk­aÆÜÁ8cS{>o¿¬×ã¤÷oHÝaÅ kà)W,ÚVìÙ˜éçg÷z§ú>§røÈ{fþ§vYµVW×Ñæa½/¸N\\œo‹Ž÷Ȫ%2ß4z(íøßå#‡ru½S}ŸÌ¤>hå?ëcOÌýØn¯Ó €0DÂ’Â:w&L°E‹¥‡µjÕ²:xH˜q ±fªíW×Su *uY½zµW jHݺumÕªUV¿~}î`ä›EŠÿ»\¨H®®—ª4L¾î#Úå1ûõ´7x0C„ l©½·k×®ÞUŠZ‡UA¨‹•‚ —-[æ!`ðù@~©Yª’oÿ•=÷Y\É ¹ºÞ™èUµ…mKÛ̓@" amÁ‚Þö«PPÕ‚cÇŽõJ?Që¯6k 6  FÔ¬QÛ†SRŽ…-A[0A ò[§Š ìµ¥ßøë¯,f*6ÈÕõ²+aè=éKC&lYdVjă@" aM[5ÿoÊ”)>°[·n¶wï^5j”mÜxlá‚Úµ`DU€ÁŒA 6‹6ûž óß'ä¯~õ{Ù;ËGZÔ€kí_+FÛï^þ±B_“ãëNÆë}ÐáwvÓÄ—¬Ø'×Ù#s>´;ü/aˆÉ× ìEGGûË 6ø @mV(8wî\onÒ¤‰•/_ÞÁÍ›7{H¨ 0¨òÓ‘_ >îí6åãmùÏÞÈòºÙ½^vß×®B‚Í»ìï< „9žÚ 4—«ÞWýŽ{ß¼«½­NU4-‡?àmu™ÉîõNõ}rs=˜zAµŸBÁråÊy(8cÆ «V­šoÖRI“&y«pll¬‡ƒš¨ÏÕËP¦ÊH @e YØ´/Ùzÿðœ­Ø³é¸÷?¿ð ûŸ„Ëí·G/Ï.øÌ^]:Ì:U:yfWv¯wªïs¦×‹$Ú|"µõª=XK?4#P ®§ÙA¥àÚµk-))É7 ë}Ú:œššj-Z´ðÏÓÍ e´5à¸ÿrpz­¿}ÐúÖ½è¤÷ß²ÀúÅ_â¯ëåÜäÕ™~~v¯wªïs¦×‹$«ß‚J>ÍÿVd_®X´­Ø³1ÓÏÏîõNõ}Îôz‘Jsÿ*V¬˜þ¶fþç?ÿ± &x[°Â>…ûöíK¿ŽBA]TA¸xñbKHH°ÚµkÛäÉ“Ó—Œá€6a²PµD¹Lߟz(í¸·9”«ëêûœéõ"•ªù7nlÉÉɶbÅŠôJÀùóçÛÒ¥K-11Ñ?®9‚Ë–-ó6Ú¢E‹úçíÆ UaبQ#Û¹s§þ‡§pa_Ò¶m[¯ hÛð7ß|ãU6mÚÔ¯«y‚CA lþoÌ]À™éW¿—½³|¤E ¸Öþµb´ý¾áÕé+ôñ59¾Þéd÷z8=µ k9ˆ–ˆ¨8 Ÿ}ö™=Úbcc½µøÈ‘#ǵá@OyÑvBÕ<`3fÌÈñçmÞ¼Ù—Œìß¿?ý}ª Ô,AU êýÚ.\¾|yÛµk—=ñÄ^EØ©S' µXDËI‚×õòÄË©ÞŸ“ëœîkŸîû_vÙeV¶lY{úé§ù%ˆpÿí|)Ä6a±TX¡B_&²fͯT¸6gÎ[¸p¡5kÖ̯Ã6a„ Ú„@D+R¤ˆÕ©SÇÚ´ic•+WNŸxàÀ¯6œ9s&wÂa ÀQZ Ò Akݺµ•+W.ýýªÂa @ Õܸqc+Y²dúûC5Ô D ýÿ‡Ü?Ù³gÍž=ÛŠ/îU‚qqqþþŒKFB…f mÏ€dP¦LûÛßþf>ú¨/‰‰‰ ÙŸeß¾}< 8a @QQQV´hQׯ_ï—ŒB©]øСC< 8a @Û¶móMmÁ«V­²óÎ;ïØš ¶´´4ß2*Ô& dDZkwíÚe±±±þ¶ªƒ—ÉÉÉÜAi„'ÐÜ@µ ¿óÎ;Ü+„™X³f wÂa @&‚ö` œ€°¢Š¾Õ«Wû6àÜ(_¾ü±ÿ,æ¿KQÜ \(\±b…¿®@0..ÎjÖ¬yFž6K‘"E¸c6xª„óÎ;Ïn¸á«]»¶:tÈ’’’lÊ”)¶qãF;räH¶¿NJJŠmÙ²…;a‡0„˜˜ëׯŸ_z÷î핪ð[¼x±M:Õ¶nÝš­¯3bĈ“ÿÓT¸pzµ ªhaC}ÕªUó0°eË–~Q¨‹ªçÏŸoÑÑÑoeË–Íôk”+WÎ&L˜à DtÝ ,V¬˜íرƒ;!0„ÔÔT{ã7¬]»vÖ¦MkÕªUz(8mÚ4oVuà¬Y³¼ŠPíÄ'†‚ 7nì×Uø׬Y³¾ObÂ@VFecÇŽµ=zx ضm[ƒ`0¨TЧP°bÅŠ –*U*ýkhiHýúõmß¾}á‚0„• *øËÏ?ÿܾûî;ëÙ³§‡‚ºU‚CAU êkuêÔ±âÅ‹§­Œ¯á€0„•õë×[TT”U¯^Ý *dŸ|ò‰7κuëæU‚íÛ·Ï4ܼy³o®Zµª/)Q¢w&Âa ‡²¥K—úë+V¬ðJ?{òïÿÛ&Mšd^x¡‡‚]»v=®}X3 *LÜ°aƒ‡‚µjÕbæ a šõwùå—{¨§*¿E‹ÙÚµk­^½zV·n]Û³g½õÖ[6qâDëܹ³·«Xaà‰3 j±* *á€0„ m¾óÎ;OZ2{ölÿX||¼/Ù¶m›½öÚkvìØÑ_^yå•'µOŸ>ÝÖ¬YceÊ”ñÏ—Â… sG d€°‘––f‰‰‰™ÎLNNöpOÛƒU)˜`IIIöã?Z‡ü¥BÁn¸á¸ÏýàƒìàÁƒ>‡ðÀþUüo„””{óÍ7Ó…­¿z9eÊ”ôíÁª ¬R¥ŠÕ¬YÓƒÁ¹sç¦Ïœ9s¦‡‚·Ür‹ÞêÕ«måÊ•þõ(¡Œ0„•øöàîÝ»{¨×¥K—ãBÁ RPKB‚™€ cccmòäÉ'…‚÷ß¿Ý{ï½!w?¨Š‘ð'" aEáÞ‘#Gì½÷Þ³±cÇÚE]tÜ¢Û‡µ`DËB´u¸FV¨P!ûî»ïücš'Ø°aڨʩ©©^©%)šy@XQ pÑ¢E}°ªãÞyç›0a‚c ÈNµ(DíÀëÖ­ó*ÁÚµkû×>|¸W –*U*$~ö]»vY­Zµì—¿ü¥¡ _xá~)Ž0ðÿ·w/ÀZÖuÀÿ‡‹A‹Š ´´aµr–¼Œ³´KAŤ&-"¶Êj ([’ÕèN›ƒÆ™¥,óN 9æ€k–mY:A¤@Òƶh^P0h¥¼ÁBŠ°þþí{æp8—÷v.œçó™y}oÏû<Ïû<Ïëp¾óûÿ@¯±ÿþôÐCåÊÀè`„c1\ö¦›nJ¿þõ¯s³R£Òðáx=BÁóF0¡`tÞ»wo{²¨ŒŠÆO|âéå—_NO>ùdúú׿ÞÔJ„@¯XÌÁ^TÉ=øàƒé˜cŽÉ•~o}ë[sHV [6 i>t8ŠD(XªŒ¡Çáˆ#ŽÈá`OûMSâ;G#”ønóæÍK§žzª‹€V €^ãè£NçŸþAÁÞóÏ?ŸoC‡Í•‚ FØÃcèðo~ó›<|xÎœ9‡Ì'ø»ßý.mÞ¼9 80{ì±yý2v·¨|Œæ''Ÿ|rš:ujZµjU:á„Òå—_î" ]Â@ ×ˆ¬­F!Ï=÷\Ú¹sg1bD®ŒîÁQI¡`tŽP0*/¾øâƒ>{Çw¤W^y¥Ç|Ç;väjÇèraeT?Þpà iРA.:$ z˜/ïH¸ùÖIDATæ›oΡ^4 ‰á¿¥Û¯~õ«Ü($:GU]tŽ[¿~ýr÷à5kÖ¤‰'æÏÆmîܹùsO=õT»ÛîÝ»óàÙ³g§gŸ}6ŸhP®¾¯ß¼Î‘[÷ßÚ¶m[~CfcnÀ¨Œa½“'OÎóé½éMoÊUÑdä駟N/¾øbž0¼ùÍoΕuQ øÛßþ6‡Ñ•8†Ç-ÖïwÜqéÏþsžG0ªc]qßòqó[[¯—»Ll/ÉÆÆÆtöÙgçðŒ3ÎÈC‚—.Çt¿… æ;a pØ{ôÑGsá`T®\¹2wŽP0B¼Т³p‚Æ KûöíËCn£ÓpT öïß?¿MHÖ®]›üñü~¼…–†âÆr]FßÇ?þñü8æ.ŒjÀ1cÆ8éT¤& öúôé“C³J¢ëoÌ ï»îº4nܸÜA¸½F!þEàŸ‹°-†ä._¾”‡Çœ‚Ñ¥7*òJ‡cÞÀ¨Æ‹aÆ!æܳgO ë9L8ª #„ŒêƳÎ:+mÙ²%zê©iþüù9Ì€Z™3èu"¤‹.ÂÑtã‰'žH¯½öÚAïGuß‘G™‡G%`~q‹¡Àüàs(·˜w0Å#4ŒpÀ€yq¼^Ï0póæÍ9€œ9sfÞ—W^y%]sÍ5餓NrB¨a Ð+ÅücÇŽÍv²ÅÐßä¢1HI„‚o|ãó0ÜR÷àh$r 'ä ÃR(Áa|>ª ã3Ñu¸^a` ?Ž¦'Q™ M6nܘÿ6}úôü ž4zµï.½ôÒtÞyç¥/}éK¹°ùÐá£Ò/†è~ÿûßÏÇßóž÷äùãs ÆmÛ¶m9¬—W_}5mØ°!566¦Ù³g§uëÖåù c›ÐÙT½Z„‚gžyfnCrŸþùƒª£ /æŒûÕ«WçevìØ‘ç<ùä“ӱǛƒÂzT>øàƒ¹;pt ~úé§ÓСCãby½Ð™T…•wK—.M·ß~{ºùæ›ó|‚ÍCÁhB2zôè<´ø–[nÉ]‡£‚¯A]tŽð/æ%Œ01ª#Œ†'Е„@¡œ{î¹iêÔ©é+_ùJZ³fMn6Ò<Œ¹£Š0æ\²dIîꯅX¶»wïN¿üå/ópãXO„€—\rI®8€î  ':_qŹiÈ7¿ùÍ´bÅŠÜÅ·¹:·¨è+i¹L[bhðÊ•+sâ /¼0Ýwß}iâĉyCèNÂ@ °œ>÷¹Ïå¾_ûÚ×Ò¦M›éä;dȦÇÑ]8ªýÚóFUa¬3†oÙ²%]wÝuyÎAènÂ@ ðÞö¶·¥›nº)Ý{ï½éÖ[oM[·nÍsVâ™gžiÀ£ qT6Ì Çü¿ÓN;-ߢ’ïž{îI/¿ürêÛ·o»Ÿ‰y#DŒªÁ3f¤‡~8Mž<9rÊ)(=Ž0 …OúÓécûXºêª«ÒêÕ«›šŒ¼ú꫹ qIÌøÒK/¥iÓ¦åÎÃ1Äø«_ýjÅU…ÐUüK Ñddþüùéücš7o^Ú¸qczöÙgópàŸüä'yîÀ±cÇæe£É¢E‹Ì @' hGt^¼xqZ»vmºñÆSccc®Œê¿çÌ™“ÆŒã@pX”aüøñù•‚Q8bĈԿ€ÃŠ0 Q)78õq „PÂ@(a „0 B! €‚@A  „Pý€”^zõÓ©÷ü{zâÃß8èõM/þ>½zQÚºûÙtâÑoI×ÿý¿¥ñCù|¹Ëµ·­æÖ>÷HºdýÍéá—¶åõ}÷]—¦1G¿Ù‰ &Â@ ðvì}!½úËéÉ];yïªßÝ•>y™éÓ¯ßþãá;Ó ßÝjÈWîrím«¹Ù¿º.}û?™Þ3tLºéñŸ¦]wmZÚW,jb˜0PxcïýLºð­hõ½5Ï=œ.~ûiùqÜÿÏ ¿¯i¹ö¶ÕÜcSnÊAà_Öwzúí [(j&  ï¿?xUºèm“Z}ïé=ϧ#úüe0Å1G JOîz¦¦åÚÛV[víÛ“Æeˆ0µ…7bà1m¾·çµWz¾ïÀk5-×Þ¶Ú²øñ{Ò—NžáDP3a @;ö=â çýúÖ´\¥6¿ützþÕÝéŸþúœ j& hÇßüÕÐÜý7ìÚ·7|ãq5-W‰h6rõ£ÿ•®<ù_œêBÐŽñCÓÿ4?¾þ±»Ó»†4Ö´\¹V?÷pºdý7ÓÕ§^X·*C´ãâ¿==-yâg©ßòéié“+Ógÿî¬üzòiU-×––Ë]ðËkÒÛHÿóŸó{å®Úýwçë·¯s$ —jhhÈw*  „PÂ@(a „0 B! €‚@A  „PÂ@(a „0 B! €‚@A  „PÂ@(a „0 B! €‚@A  „PÂ@(a „0 B! €‚@A  „PÂ@(a „0 B! €‚@A  „PÂ@(a „0 B! €‚@A  „PÂ@(a „0 B! €‚@A  „PÂ@(a „0 B! €‚@A  „PÂ@(a „0 B! €‚@A  „PÂ@(a „0 B! €‚@A  „PÂ@(a DÃë·ôz ýâ¿È ·jhhÈ÷ý ¨ÍÞ½{Ó¾ð…t×]w¥]»v¥ &¤Å‹§áÇ÷¨ý@f̘‘¦L™’®¾úê\…÷è£æ@pÍš5­‚›7oNÛ·oOãÆK 8è½x}ëÖ­ùóõ& € ,X° ßOœ81ßV¬X‘Ž<òÈtÑE5-3zôètÍ5פ%K–¤yóæ5½¾qãÆ4wîÜ´nݺü|Ë–-iÔ¨Qùq¬ç²Ë.K›6mÊÏ;cj?a T`áÂ…M# Œðî}ï{ß!Ë566¦;ï¼³éyTûMž<9íܹ3?ŠÁ~ýþÏ­_¿>M›6-1#GŽì”}@ "¸[»ví!¯?óÌ3iÈ!MÏ¿üå/7ßúÖ·Òœ9sšÞ‹ùKAàÏ~ö³4iÒ¤NÙ×>NTïôÓOO?þñÓÊ•+›^‹ÐïœsÎI3gÎlz-†‡¨œ5kÖAëøÅ/~‘ï#ì¬ 0¨ € 4(­Zµ*}øÃNû÷ïOGuTn²|ùòtâ‰'6-ÄÃرc›†‡Xvß¾}ùq4éLÂ@¨Q Þ°aCîÃ}ßþö·ç°¹Rà×<lþzèÛ·o§î§0€Â‰î{ßû^ºýöÛóðÝð"¼‹ª½sÏ=7ã0`@Åë°'P(Ñý÷#ùHzä‘Gòó|à餓NJ=öXúùÏžçï»öÚkÓYg•-Z”—Ù²eK5jT»ëpñ³Ÿýl~¼lÙ²¦!¿Çü!ËÅ6b™"|Ùe—5½Û¹W¯^®¼òÊü8* ï¸ãŽ4xðàC¶¹dÉ’tÛm·åDZLó†%­9,ÂÀ†††tàÀ·O¡ÚýªõótýyvÎêû»ly<[;¾¥×Z[ι ëÖ­K“'OΕ€‹/N]tQêß¿Óû{öìÉ\t÷-åŠu–æÜ»woÓë¥×š/·X&î#,yá…šžÇ|ƒóçÏÏ7nܘ&NœxÈ6ï¼óÎ,FEbGA`èña`ó?ü¡; ž:÷wÙòø¶:T#B¶hòÜC=”ÆŒsÈ2L—_~y®|ï{ß{P¨W­¥K—æûÙ³gçû &ä2º Ç\ƒW]uUSEaT#žþùùqt)Ž¡Ê±·ÜrË!a`|ŸR‡âX¶U…mUæ´WEÕ^5OË`¡µÏ”[5TnxÑÑ~—NT»ÍJŽg¥ÇºÜcSIØRÎ9oëµJªë*ÝN9ǤÒJ²ŽŽA¹ç¨’ßE{û\î¹ïè{–{=Öú»,÷»—³lkûQéuRÉuVÎûõºÎèz7ÞxcÚ¹sgúÑ~ÔjØÜ;ßùÎ<ŒwÚ´i5o7æ ¥00ªøJ¯…sÎ9§) <å”SòóA`„ƒÑ•8ªÿbžÃæÍGîºë®¦æ#3gÎ,k_úTºó-ÿ0ïèõŽž—óùj÷£Òm”»ŸÕì_¥Û¬öó•›zójÖSsZÏuVzžk¹†*ÝnG¯Uò›«ço¦^Dz+Uz¬ÚÚ÷JŽ?=Ãw¿ûÝ4lØ°tæ™g–µü”)Si"U…]iúôéù>†ÇPáæî¾ûî|?|øðÜø¤U¶Wí×RG󀕪º:ª@+·z­ù:ÛÚ—rþPo¯ú©å>•£œ ¡jª'ÛÚF%Ǧô]Jï•SaØ<„«¦ú©ÜŠÀ–Ûi¹¯]›ßJö¡ÜïÒ^ TÍú::÷mýÆʽVªýnÕTxVŽ•ûÛïèú­ôÿa•\ïÕºO4 ‰aµ—^ziÙ»EÞÔ©SsÇá’¨,ìJ“&MÊCb.Á\ ýb?JC„›WvøjÙ™¶þè.gˆb¥ï×ã3Õ†1-߯$Üèhè`¥C5Ëý|½‰j¾{¥ßµÒíÔ°Õó»–»í­¯šßL5ª2Ý×Mgêèÿa=u¿¨\)Ä‹¦•1bD·îwFâèó†x^"\n¥cèÓNFW4èêÆõw4Kèù:ëÕ{½µô®?zƒAƒåû?üá}®«‡·¦ÔP$ª7oÞœÿð‡?Ì÷Ž7®ìuÕTXIXPI‹rUÚÈ£ÖP£åpÄJö¯«ƒÀΧÊùîõ˜Ÿ°­í4*Üç·ÚïZNug5Õ¤õ>‡•\Ýõ›éjí5‹QлDE`gQ]wÅW”õ™ýû÷ç ¼îÖ¼«p4 9ï¼óš†_pÁ5éHEa`[aLµŸ©6œ(wm­£R-ç«$d¨WXQïãÝÖòmÍ+Ør_*™Ó°–cÜ•UiÕœçö–­v}õ¾†jYWµ¡a­ß½Úë½£Ðý?¬'\‡tŽRgÞï|ç;¹º.:úväþûïÏsõõ„}@0‚À{ï½7 2¤ª!¡âaÂmM¢_ÉgZþqÞÚëU&U2ÿ^GÛ¨ô{×úk9Îåìs­Û®äœWs=ÔãÚjëú©U%繜sTéuS¯ëµÖk¢Úße-¿™®ÒÑuVÏk€žå’K.ÉUt&LH»wïnwÙ˜cpÚ´i=fßKC…×­[—¾ýíoçÇ Nœ8±¢õ4üåo]ì™ ¨Î=®u{öÝ]¿to|ãiîܹiØ°aé¾ûîK£G>d™ 6¤3Î8#íر£éµ-[¶¤Q£F¥­[·¦ã?>¿öÅ/~1-X° i™¨:œ={v~¼jÕªC‚ºÒß°ÑýwéÒ¥M¯··Î’'£™I©"0ÄpáeË–Uò÷sC?—%‚”ÎQäyçºò»»~(ÇÅ_œƒµùóç§ÆÆÆô–·¼%}ô£m ún½õÖôÔSOåù#l[¾|yØ靖2eJ*\2uêÔŠ×ÓÇ%Pl$tžJ†¸ûî®_ºÎ¼yóÒ<ç|ñÅÓ•W^™æÌ™“ïãy„€QxÚi§õ¨ýnþEwä˜G°R* N5•ã{8w×/Õ7n\úÁ~oÚ´)W ><7i¯;o¼7räÈ´}ûöŠ·Õ‡Õ|®$BÊâ]…crT/VJ@¡¬X±"xâ‰9ü ñ¸\nÛ¶­Õ÷b.À¸µ%ælM„„å¼ìÚµ«éñÌ™3«úî† P1`t ŽêºŽ4oÖÑSö=ö;ª«"TP‹-ÊC"ä[·n]nÒ–ÝbÙ0`À€¦*ÂîtÛm·åûI“&å9«!  ×ûÔ§>•n¸á†¦ç3fÌ(û³Ÿÿüçs Øb^Ãõë×çÇÓ§O¯z=Â@hE€ŸùÌgÒ‚ º}_¢*°4l9º WK@¯wýõקãŽ;.-\¸0?_¶lY»C£Sot®v8n½?>-]º4ï×!Cª^0€Bˆ ¿èÜC†Ç—.¦L™R—õ(ŒY³f¥‘#Gvû€ÝE@¡D7Þ¢jxývÀ%½^Ãÿ³r|Ñ¿ä IEND®B`‚xl2tpd-1.3.12/doc/l2tp.svg000066400000000000000000013056351327764040100152030ustar00rootroot00000000000000 INTERNET 192.168.100.1 192.168.100.2 192.168.100.2 192.168.100.1 Openswan with Xl2tpd10.0.1.1 192.168.100.1 10.0.1.4 10.0.1.2 10.0.1.310.0.1.1010.0.1.1110.0.1.1210.0.1.1310.0.1.14 xl2tpd-1.3.12/doc/l2tpd-RPM.README000066400000000000000000000045401327764040100161270ustar00rootroot00000000000000 l2tpd RPM """"""""" This l2tpd RPM was originally created by Lenny Cartier and Per Øyvind Karlsen . Some details have been changed by me (see specfile changelog). Originally it only built on recent versions of Mandrake but it should now work on Red Hat, SuSE and older Mandrake versions as well. You may need to edit the specfile for non-Red Hat systems and set a flag for your distribution of choice. I don't know for what purpose Mandrakesoft included the l2tpd RPM in Mandrake Cooker (Oct 21 2002), but my objective was to use it in combination with FreeS/WAN so that Windows IPsec clients can connect to it. The original RPM by Mandrakesoft starts l2tpd at install and runs it at startup. This has been changed for this RPM to be on the safe side. The l2tpd sample config file is copied to the default l2tpd.conf but all contents are commented out. L2tpd will still start on all interfaces, though. This could be a security risk, so I decided to not start l2tpd at install. It is also not added to the startup configuration. You will have to edit the config file and start l2tpd explicitly. This RPM does not contain firewall rules. There is simply too much variation (iptables, ipchains, Lokkit, homegrown rules etc.) to make any assumptions about the particular firewall in place. The example configuration files included in this RPM reflect the following setup: ========= Internet --------- LAN +-------------------+ +------------------+ +---------------+ | Win9x + MSL2TP or | ipsec0 | Linux FreeS/WAN | | some internal | | SSH, SoftRemote |=========| l2tpd, pppd |----------| server | | or Win2000/XP | eth0 | | eth1 | | +-------------------+ +------------------+ +---------------+ 234.234.234.234 eth0=ipsec0= eth1=192.168.1.98 192.168.1.2 123.123.123.123 ppp0=192.168.1.99 internal network: 192.168.1.x (from which 192.168.1.128-192.168.1.254 are reserved for Road Warriors) More information about this RPM package can be found at: http://www.jacco2.dds.nl/networking/freeswan-l2tp.html This page contains the latest versions, source RPMs, etc. Thank you to everybody who has provided feedback! Jacco de Leeuw xl2tpd-1.3.12/doc/l2tpd.conf.sample000066400000000000000000000100771327764040100167450ustar00rootroot00000000000000; ; Sample l2tpd configuration file ; ; This example file should give you some idea of how the options for l2tpd ; should work. The best place to look for a list of all options is in ; the source code itself, until I have the time to write better documentation :) ; Specifically, the file "file.c" contains a list of commands at the end. ; ; You most definitely don't have to spell out everything as it is done here ; ; [global] ; Global parameters: ; port = 1701 ; * Bind to port 1701 ; auth file = /etc/l2tpd/l2tp-secrets ; * Where our challenge secrets are ; access control = yes ; * Refuse connections without IP match ; rand source = dev ; Source for entropy for random ; ; numbers, options are: ; ; dev - reads of /dev/urandom ; ; sys - uses rand() ; ; egd - reads from egd socket ; ; egd is not yet implemented ; ; [lns default] ; Our fallthrough LNS definition ; exclusive = no ; * Only permit one tunnel per host ; ip range = 192.168.0.1-192.168.0.20 ; * Allocate from this IP range ; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts ; ip range = 192.168.0.5 ; * But this one is okay ; ip range = lac1-lac2 ; * And anything from lac1 to lac2's IP ; lac = 192.168.1.4 - 192.168.1.8 ; * These can connect as LAC's ; no lac = untrusted.marko.net ; * This guy can't connect ; hidden bit = no ; * Use hidden AVP's? ; local ip = 192.168.1.2 ; * Our local IP to use ; local ip range = 192.168.200.0-192.168.200.20 ; Alternatively, use a range for local addressing ; length bit = yes ; * Use length bit in payload? ; require chap = yes ; * Require CHAP auth. by peer ; refuse pap = yes ; * Refuse PAP authentication ; refuse chap = no ; * Refuse CHAP authentication ; refuse authentication = no ; * Refuse authentication altogether ; require authentication = yes ; * Require peer to authenticate ; unix authentication = no ; * Use /etc/passwd for auth. ; name = myhostname ; * Report this as our hostname ; ppp debug = no ; * Turn on PPP debugging ; pppoptfile = /etc/ppp/options.l2tpd.lns ; * ppp options file ; call rws = 10 ; * RWS for call (-1 is valid) ; tunnel rws = 4 ; * RWS for tunnel (must be > 0) ; flow bit = yes ; * Include sequence numbers ; challenge = yes ; * Challenge authenticate peer ; ; rx bps = 10000000 ; Receive tunnel speed ; tx bps = 10000000 ; Transmit tunnel speed ; bps = 100000 ; Define both receive and transmit speed in one option ; [lac marko] ; Example VPN LAC definition ; lns = lns.marko.net ; * Who is our LNS? ; lns = lns2.marko.net ; * A backup LNS (not yet used) ; redial = yes ; * Redial if disconnected? ; redial timeout = 15 ; * Wait n seconds between redials ; max redials = 5 ; * Give up after n consecutive failures ; hidden bit = yes ; * User hidden AVP's? ; local ip = 192.168.1.1 ; * Force peer to use this IP for us ; remote ip = 192.168.1.2 ; * Force peer to use this as their IP ; length bit = no ; * Use length bit in payload? ; require pap = no ; * Require PAP auth. by peer ; require chap = yes ; * Require CHAP auth. by peer ; refuse pap = yes ; * Refuse PAP authentication ; refuse chap = no ; * Refuse CHAP authentication ; refuse authentication = no ; * Refuse authentication altogether ; require authentication = yes ; * Require peer to authenticate ; name = marko ; * Report this as our hostname ; ppp debug = no ; * Turn on PPP debugging ; pppoptfile = /etc/ppp/options.l2tpd.marko ; * ppp options file for this lac ; call rws = 10 ; * RWS for call (-1 is valid) ; tunnel rws = 4 ; * RWS for tunnel (must be > 0) ; flow bit = yes ; * Include sequence numbers ; challenge = yes ; * Challenge authenticate peer ; ; [lac cisco] ; Another quick LAC ; lns = cisco.marko.net ; * Required, but can take from default ; require authentication = yes xl2tpd-1.3.12/doc/origREADME000066400000000000000000000116501327764040100153300ustar00rootroot00000000000000l2tpd version 0.60 ================== Copyright (C)1998 Adtran, Inc. Mark Spencer Introduction: ------------- l2tpd is an implementation of the layer two tunneling protocol. It works in userspace completely (although kernel work is planned after the userspace version is stablized). l2tpd works by opening a pseudo-tty for communicating with pppd. Although l2tpd was written for Linux, the current version should be highly portable to other UNIX's supported by pppd. Legal: ------ l2tpd is free software, distributed under the GNU General Public License (GPL) and you should read the LICENSE File if you are not already familiar with the GPL before using the product. If you distribute l2tpd, a modified version, or a derivative product, you MUST not remove Adtran's name from the product nor modify the terms of the copyright. Adtran may license l2tpd under other terms in addition to the GPL. This way, companies who wish to use l2tpd for embedded systems or commercial applications and find the GPL too restrictive can license the technology from Adtran under more favorable terms. Bugs, Patches, and Code Contribution: ------------------------------------- Please send bug reports and patches to either the l2tp mailng list (l2tpd@marko.net) or myself (markster@marko.net). In order to contribute code, either with patches, or by direct access to the CVS tree for l2tpd, send me e-mail (markster@marko.net). The word "FIXME" is a place holder for code that needs to be in place, or checks that need to be done, but haven't been coded yet. Feel free to fix the fixme's and submit patches! Adtran requires that you not restrict the licensing of any patches or code contributions to the main l2tpd project (beyond the terms that are already there). This is to maintain our ability to distribute l2tpd as described above. It does not in any way affect your ability to use code that you have written. Of course, the above patch rules apply only to the "official" l2tpd product as distributed by Adtran. If you are unwilling to give Adtran the right to re-license your patches under other terms than GPL, you may create your own third party product which is distributed only under GPL. Release Notes ------------- Version 0.60 should be considered ALPHA. It does NOT completely implement the l2tp draft specification. Work on the high-speed kernel implementation has already begun, but a relase date is not available. The primary use of this ALPHA level code is to test the ability of l2tpd to talk with other LAC and LNS implementations. I hope that everyone who tests the software will send me results on how it worked or failed to work for them. (theoretically) implemented features ------------------------------------ * Proper payload and control packet handling * Reliable control packet delivery * Ability to recover from payload errors * Ability to handle packets with/without length set * Ability to handle flow control or no flow control * Most critical AVP's for normal operation * Challenge authentication * Hidden AVP's * Hello's to detect outages * Handles sync and async packets * Can act as LNS * Can be a source of a virtual LAC call * Reads configuration file * Automated LAC dialup via config file, including redial * Can be configured while running via a file system pipe * Access Control * Statistics report when sent a SIGUSR1 * ACCM Major unimplemented specification features ------------------------------------------ * Rate Adaptive Timeouts * Out of order packet handling * Initial/Final LCP states * Q.931 Result Codes * Tie Breakers * Minimum/Maximum BPS * Call Errors Important non-specification related features to be added -------------------------------------------------------- * More configuration options if needed * Kernel support for *much* improved performance Usage notes on /var/run/l2tp-control ------------------------------------ There aren't any command line options to l2tpd yet. Upon running l2tpd, a pipe is created in /var/run/l2tp-control. Simple commands can then be echoed to this pipe to control l2tp on the fly. The commands are: t - create a tunnel to c or - originate an l2tp call on the tunnel identified locally by , or dial the entry h - hang up a call with the local identifier d or - disconnect the tunnel locally identified by or a lac entry For example, to establish a tunnel to marko.net, one might do: echo "t marko.net" >/var/run/l2tp-control l2tpd must be running for this to work. Various other notes ------------------- The PPP options are hard coded in l2tp.h until a file format is decided upon. Sending a SIGUSR1 to l2tpd will cause it to dump its status. Mailing List ------------ If you would like to contribute to discussions of the architecture of l2tpd, file formats, etc, I encourage you to join the l2tpd mailing list by sending the word "subscribe" in the body of a message to "l2tpd-request@marko.net" xl2tpd-1.3.12/doc/xl2tpd-control.8000066400000000000000000000036431327764040100165560ustar00rootroot00000000000000.TH "xl2tpd-control" "8" "" "Alexander Dorokhov" "" .SH "NAME" xl2tpd\-control \- Layer 2 Tunnelling Protocol Daemon Contorl Utility .SH "DESCRIPTION" A Layer 2 Tunneling Protocol Daemon Control Utility for Linux. Currently maintained by Xelerance http://www.xelerance.com/software/xl2tpd/ .SH "SYNOPSIS" .HP \w'\fBipsec\fR\ 'u \fBxl2tpd-control\fR [\fI-c\fR ] \fI\fR \fI\fR [\fI\fR] .SH "OPTIONS" .TP .B -c This option specifies xl2tpd control file .TP .B -d This option specify xl2tpd-control to run in debug mode .SH "COMMANDS" .TP .B add Adds new or modify existing lac configuration. Configuration must be specified as command options in = pairs format. See available options in xl2tpd.conf(5) .TP .B connect Tries to activate the tunnel. Username and secret for the tunnel can be passed as command options. .TP .B disconnect Disconnects the tunnel. .TP .B remove .TP .B add-lac Adds new or modify existing lac configuration. .TP .B connect-lac .TP .B disconnect-lac .TP .B remove-lac .TP .B add-lns Adds new or modify existing lns configuration. .TP .B remove-lns .TP .B status .TP .B status-lns .TP .B available .SH "BUGS" Please address bugs and comment to xl2tpd@lists.xelerance.com .SH "SEE ALSO" \fB\fRxl2tpd.conf(5) .SH "AUTHORS" Forked from l2tpd by Xelerance (http://www.xelerance.com/software/xl2tpd/ Michael Richardson Paul Wouters Samir Hussain Many thanks to Jacco de Leeuw for maintaining l2tpd. Patched contributed by: Alexander Dorokhov Previous development was hosted at sourceforge (http://www.sourceforge.net/projects/l2tpd) by: .P Scott Balmos .br David Stipp .br Jeff McAdams Based off of l2tpd version 0.60 .br Copyright (C)1998 Adtran, Inc. .br Mark Spencer xl2tpd-1.3.12/doc/xl2tpd.8000066400000000000000000000036611327764040100151000ustar00rootroot00000000000000.TH "xl2tpd" "8" "" "Jeff McAdams" "" .SH "NAME" xl2tpd \- Layer 2 Tunnelling Protocol Daemon .SH "DESCRIPTION" A Layer 2 Tunneling Protocol VPN client/daemon for Linux and other POSIX-based OSs. Based off of L2TPd 0.61 from http://www.marko.net/l2tp and patches collected by Jacco de Leeuw at http://www.jacco2.dds.nl/networking/openswan-l2tp.html Currently maintained by Xelerance http://www.xelerance.com/software/xl2tpd/ xl2tpd implements the Layer 2 Tunnelling Protocol, defined by RFC 2661. .SH "OPTIONS" .TP .B -D This option prevents xl2tpd from detaching from the terminal and daemonizing. .TP .B -l This option tells xl2tpd to use syslog for logging even when \fB\-D\fR was specified. .TP .B -c Tells xl2tpd to use an alternate config file. Default is /etc/xl2tpd/xl2tpd.conf. Fallback configuration file is /etc/l2tpd/l2tpd.conf .TP .B -s Tells xl2tpd to use an alternate "secrets" file. Default is /etc/xl2tpd/l2tp-secrets .TP .B -p Tells xl2tpd to use an alternate pid file. Default is /var/run/xl2tpd/xl2tpd.pid .TP .B -C Tells xl2tpd to use an alternate control file. Default is /var/run/xl2tpd/l2tp-control .SH "FILES" \fB\fR/etc/xl2tpd/xl2tpd.conf \fB\fR/etc/xl2tpd/l2tp\-secrets \fB\fR/var/run/xl2tpd/l2tp\-control .SH "BUGS" Please address bugs and comment to xl2tpd@lists.xelerance.com .SH "SEE ALSO" \fB\fRxl2tpd.conf(5) .SH "AUTHORS" Forked from l2tpd by Xelerance (http://www.xelerance.com/software/xl2tpd/ Michael Richardson Paul Wouters Many thanks to Jacco de Leeuw for maintaining l2tpd. Previous development was hosted at sourceforge (http://www.sourceforge.net/projects/l2tpd) by: .P Scott Balmos .br David Stipp .br Jeff McAdams Based off of l2tpd version 0.60 .br Copyright (C)1998 Adtran, Inc. .br Mark Spencer xl2tpd-1.3.12/doc/xl2tpd.conf.5000066400000000000000000000170111327764040100160130ustar00rootroot00000000000000.TH "xl2tpd.conf" "5" "" "Jean-Francois Dive" "" .SH "NAME" xl2tpd.conf \- L2TPD configuration file .SH "DESCRIPTION" The xl2tpd.conf file contains configuration information for xl2tpd, the implementation of l2tp protocol. The configuration file is composed of sections and parameters. Each section has a given name which will be used when using the configuration FIFO (normally /var/run/xl2tpd/l2tp\-control). See xl2tpd.8 for more details. The specific given name .B default will specify parameters applicable for all the following sections. .SH "GLOBAL SECTION" .TP .B auth file Specify where to find the authentication file used to authenticate l2tp tunnels. The default is /etc/xl2tpd/l2tp\-secrets. .TP .B ipsec saref Use IPsec Security Association tracking. When this is enabled, packets received by xl2tpd should have to extra fields (refme and refhim) which allows tracking of multiple clients using the same internal NATed IP address, and allows tracking of multiple clients behind the same NAT router. This needs to be supported by the kernel. Currently, this only works with Openswan KLIPS in "mast" mode. (see http://www.openswan.org/) Set this to yes and the system will provide proper SAref values in the recvmsg() calls. Values can be yes or no. The default is no. .TP .B saref refinfo When using IPsec Security Association trackinng, a new setsockopt is used. Since this is not (yet?) an official Linux kernel option, we got bumped. Openswan upto 2.6.35 for linux kernels up to 2.6.35 used a saref num of 22. Linux 3.6.36+ uses 22 for IP_NODEFRAG. We moved our IP_IPSEC_REFINFO to 30. If not set, the default is to use 30. For older SAref patched kernels, use 22. .TP .B listen-addr The IP address of the interface on which the daemon listens. By default, it listens on INADDR_ANY (0.0.0.0), meaning it listens on all interfaces. .TP .B port Specify which UDP port xl2tpd should use. The default is 1701. .TP .B access control If set to yes, the xl2tpd process will only accept connections from peers addresses specified in the following sections. The default is no. .TP .B debug avp Set this to yes to enable syslog output of L2TP AVP debugging information. .TP .B debug network Set this to yes to enable syslog output of network debugging information. .TP .B debug packet Set this to yes to enable printing of L2TP packet debugging information. Note: Output goes to STDOUT, so use this only in conjunction with the .B -D command line option. .TP .B debug state Set this to yes to enable syslog output of FSM debugging information. .TP .B debug tunnel Set this to yes to enable syslog output of tunnel debugging information. .TP .B max retries Specify how many retries before a tunnel is closed. If there is no tunnel, then stop re-transmitting. The default is 5. .SH "LNS SECTION" .TP .B exclusive If set to yes, only one control tunnel will be allowed to be built between 2 peers. CHECK .TP .B (no) ip range Specify the range of ip addresses the LNS will assign to the connecting LAC PPP tunnels. Multiple ranges can be defined. Using the 'no' statement disallows the use of that particular range. Ranges are defined using the format IP \- IP (example: 1.1.1.1 \- 1.1.1.10). Note that either at least one .B ip range option must be given, or you must set .B assign ip to no. .TP .B assign ip Set this to no if xl2tpd should not assign IP addresses out of the pool defined with the .B ip range option. This can be useful if you have some other means to assign IP addresses, e. g. a pppd that supports RADIUS AAA. .TP .B (no) lac Specify the ip addresses of LAC's which are allowed to connect to xl2tpd acting as a LNS. The format is the same as the .B ip range option. .TP .B hidden bit If set to yes, xl2tpd will use the AVP hiding feature of L2TP. To get more information about hidden AVP's and AVP in general, refer to rfc2661 (add URL?) .TP .B local ip Use the following IP as xl2tpd's own ip address. .TP .B local ip range Specify the range of addresses the LNS will assign as the local address to connecting LAC PPP tunnels. This option is mutually exclusive with the .B local ip option and is useful in cases where it is desirable to have a unique IP address for each tunnel. Specify the range value exactly like the .B ip range option. Note that the .B assign ip option has no effect on this option. .TP .B length bit If set to yes, the length bit present in the l2tp packet payload will be used. .TP .B (refuse | require) chap Will require or refuse the remote peer to get authenticated via CHAP for the ppp authentication. .TP .B (refuse | require) pap Will require or refuse the remote peer to get authenticated via PAP for the ppp authentication. .TP .B (refuse | require) authentication Will require or refuse the remote peer to authenticate itself. .TP .B unix authentication If set to yes, /etc/passwd will be used for remote peer ppp authentication. .TP .B hostname Will report this as the xl2tpd hostname in negotiation. .TP .B ppp debug This will enable the debug for pppd. .TP .B pass peer Pass the peer's IP address to pppd as ipparam. Enabled by default. .TP .B pppoptfile Specify the path for a file which contains pppd configuration parameters to be used. .TP .B call rws This option is deprecated and no longer functions. It used to be used to define the flow control window size for individual L2TP calls or sessions. The L2TP standard (RFC2661) no longer defines flow control or window sizes on calls or sessions. .TP .B tunnel rws This defines the window size of the control channel. The window size is defined as the number of outstanding unacknowledged packets, not as a number of bytes. .TP .B flow bits If set to yes, sequence numbers will be included in the communication. The feature to use sequence numbers in sessions is currently broken and does not function. .TP .B challenge If set to yes, use challenge authentication to authenticate peer. .TP .B rx bps If set, the receive bandwidth maximum will be set to this value .TP .B tx bps If set, the transmit bandwidth maximum will be set to this value .SH "LAC SECTION" The following are LAC specific configuration flags. Most of those described in the LNS section may be used in a LAC context, where it makes common sense (essentially l2tp protocols tuning flags and authentication / ppp related ones). .TP .B lns Set the dns name or ip address of the LNS to connect to. .TP .B autodial If set to yes, xl2tpd will automatically dial the LAC during startup. .TP .B redial If set to yes, xl2tpd will attempt to redial if the call get disconnected. Note that, if enabled, xl2tpd will keep passwords in memory: a potential security risk. .TP .B redial timeout Wait X seconds before redial. The redial option must be set to yes to use this option. Defaults to 30 seconds. .TP .B max redials Will give up redial tries after X attempts. .SH "FILES" \fB\fR/etc/xl2tpd/xl2tpd.conf \fB\fR/etc/xl2tpd/l2tp\-secrets \fB\fR/var/run/xl2tpd/l2tp\-control .SH "BUGS" Please address bugs and comment to xl2tpdv@lists.xelerance.com .SH "SEE ALSO" \fB\fRxl2tpd(8) .SH "AUTHORS" Forked from xl2tpd by Xelerance (https://www.xelerance.com/software/xl2tpd/) Michael Richardson Paul Wouters Many thanks to Jacco de Leeuw for maintaining l2tpd. Previous development was hosted at sourceforge (http://www.sourceforge.net/projects/l2tpd) by: .P Scott Balmos .br David Stipp .br Jeff McAdams Based off of l2tpd version 0.60 .br Copyright (C)1998 Adtran, Inc. .br Mark Spencer xl2tpd-1.3.12/examples/000077500000000000000000000000001327764040100146355ustar00rootroot00000000000000xl2tpd-1.3.12/examples/README000066400000000000000000000002121327764040100155100ustar00rootroot00000000000000These are example files for use with xl2tpd. Openswan carries config examples for use with l2tp-over-ipsec. See http://www.openswan.org/ xl2tpd-1.3.12/examples/chapsecrets.sample000066400000000000000000000005041327764040100203430ustar00rootroot00000000000000# Secrets for authentication on server using CHAP # client server secret IP addresses jacco * "mysecret" 192.168.1.128/25 # Dynamic IP sam * "rumpelstiltskin" 192.168.1.5 # Static IP # # Secrets for authentication on client using CHAP # client server secret IP addresses * jacco "mysecret" * sam "rumpelstiltskin" xl2tpd-1.3.12/examples/ppp-options.xl2tpd000066400000000000000000000003321327764040100202620ustar00rootroot00000000000000ipcp-accept-local ipcp-accept-remote ms-dns 192.168.1.1 ms-dns 192.168.1.3 ms-wins 192.168.1.2 ms-wins 192.168.1.4 noccp auth crtscts idle 1800 mtu 1410 mru 1410 nodefaultroute debug lock proxyarp connect-delay 5000 xl2tpd-1.3.12/examples/xl2tpd-L2TP-CERT-orgWIN2KXP.conf000066400000000000000000000011141327764040100220000ustar00rootroot00000000000000conn L2TP-CERT-orgWIN2KXP # # Configuration for one user with the non-updated Windows 2000/XP. # # # Use a certificate. Disable Perfect Forward Secrecy. # authby=rsasig pfs=no # left=123.123.123.123 leftrsasigkey=%cert leftcert=/etc/ipsec.d/ssl/localCERT.pem # # Required for original (non-updated) Windows 2000/XP clients. leftprotoport=17/0 # # The remote user. # right=%any rightrsasigkey=%cert rightcert=/etc/ipsec.d/ssl/userCERT.pem rightprotoport=17/1701 # # Change 'ignore' to 'add' to enable the configuration for this user. # auto=ignore keyingtries=3 xl2tpd-1.3.12/examples/xl2tpd-L2TP-CERT.conf000066400000000000000000000020721327764040100201740ustar00rootroot00000000000000# /etc/ipsec.conf version 2 config setup nat_traversal=yes # example assumes we using 192.168.1.0/24 ourselves virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.1.0/24. # Only the mast stack of Openswan supports SAref tracking protostack=mast #protostack=netkey conn L2TP-CERT # # Configuration for one user with any type of IPsec/L2TP client # including the updated Windows 2000/XP (MS KB Q818043), but # excluding the non-updated Windows 2000/XP. # # # Use a certificate. Disable Perfect Forward Secrecy. # authby=rsasig pfs=no # left=123.123.123.123 leftrsasigkey=%cert leftcert=/etc/ipsec.d/ssl/localCERT.pem # leftprotoport=17/1701 # # The remote user. # right=%any rightrsasigkey=%cert rightcert=/etc/ipsec.d/ssl/userCERT.pem rightsubnet=vhost:%priv,%no rightprotoport=17/%any # # Change 'ignore' to 'add' to enable the configuration for this user. # auto=ignore keyingtries=3 # Only the mast stack with Openswan supports SAref tracking with # overlapping IP address support overlapip=yes sareftrack=yes xl2tpd-1.3.12/examples/xl2tpd-L2TP-PSK-orgWIN2KXP.conf000066400000000000000000000007331327764040100217060ustar00rootroot00000000000000conn L2TP-PSK-orgWIN2KXP # # Configuration for one user with the non-updated Windows 2000/XP. # # # Use a Preshared Key. Disable Perfect Forward Secrecy. # authby=secret pfs=no # left=123.123.123.123 # # Required for original (non-updated) Windows 2000/XP clients. leftprotoport=17/0 # # The remote user. # right=234.234.234.234 rightprotoport=17/1701 # # Change 'ignore' to 'add' to enable the configuration for this user. # auto=ignore keyingtries=3 xl2tpd-1.3.12/examples/xl2tpd-L2TP-PSK.conf000066400000000000000000000016601327764040100200760ustar00rootroot00000000000000# /etc/ipsec.conf version 2 nat_traversal=yes # example assumes we using 192.168.1.0/24 ourselves virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.1.0/24. # Only the mast stack of Openswan supports SAref tracking protostack=mast #protostack=netkey conn L2TP-PSK # # Configuration for one user with any type of IPsec/L2TP client # including the updated Windows 2000/XP (MS KB Q818043), but # excluding the non-updated Windows 2000/XP. # # # Use a Preshared Key. Disable Perfect Forward Secrecy. # authby=secret pfs=no # left=123.123.123.123 # leftprotoport=17/1701 # # The remote user. # right=%any rightprotoport=17/%any rightsubnet=vhost:%priv,%no # # Change 'ignore' to 'add' to enable the configuration for this user. # auto=ignore keyingtries=3 # Only the mast stack with Openswan supports SAref tracking with # overlapping IP address support overlapip=yes sareftrack=yes xl2tpd-1.3.12/examples/xl2tpd.conf000066400000000000000000000025701327764040100167250ustar00rootroot00000000000000; ; This is a minimal sample xl2tpd configuration file for use ; with L2TP over IPsec. ; ; The idea is to provide an L2TP daemon to which remote Windows L2TP/IPsec ; clients connect. In this example, the internal (protected) network ; is 192.168.1.0/24. A special IP range within this network is reserved ; for the remote clients: 192.168.1.128/25 ; (i.e. 192.168.1.128 ... 192.168.1.254) ; ; The listen-addr parameter can be used if you want to bind the L2TP daemon ; to a specific IP address instead of to all interfaces. For instance, ; you could bind it to the interface of the internal LAN (e.g. 192.168.1.98 ; in the example below). Yet another IP address (local ip, e.g. 192.168.1.99) ; will be used by xl2tpd as its address on pppX interfaces. [global] ; listen-addr = 192.168.1.98 ; ; requires openswan-2.5.18 or higher - Also does not yet work in combination ; with kernel mode l2tp as present in linux 2.6.23+ ; ipsec saref = yes ; Use refinfo of 22 if using an SAref kernel patch based on openswan 2.6.35 or ; when using any of the SAref kernel patches for kernels up to 2.6.35. ; saref refinfo = 30 ; ; force userspace = yes ; ; debug tunnel = yes [lns default] ip range = 192.168.1.128-192.168.1.254 local ip = 192.168.1.99 require chap = yes refuse pap = yes require authentication = yes name = LinuxVPNserver ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes xl2tpd-1.3.12/file.c000066400000000000000000001242171327764040100141110ustar00rootroot00000000000000/* * Layer Two Tunnelling Protocol Daemon * Copyright (C) 1998 Adtran, Inc. * Copyright (C) 2002 Jeff McAdams * * Mark Spencer * * This software is distributed under the terms * of the GPL, which you should have received * along with this source. * * File format handling * */ #include #include #include #include #include #include #include #include #include #include "l2tp.h" struct lns *lnslist; struct lac *laclist; struct lns *deflns; struct lac *deflac; struct global gconfig; char filerr[STRLEN]; int parse_config (FILE *); struct keyword words[]; int init_config () { FILE *f; int returnedValue; gconfig.port = UDP_LISTEN_PORT; gconfig.sarefnum = IP_IPSEC_REFINFO; /* default use the latest we know */ gconfig.ipsecsaref = 0; /* default off - requires patched KLIPS kernel module */ gconfig.forceuserspace = 0; /* default off - allow kernel decap of data packets */ gconfig.listenaddr = htonl(INADDR_ANY); /* Default is to bind (listen) to all interfaces */ gconfig.debug_avp = 0; gconfig.debug_network = 0; gconfig.packet_dump = 0; gconfig.debug_tunnel = 0; gconfig.debug_state = 0; gconfig.max_retries = DEFAULT_MAX_RETRIES; lnslist = NULL; laclist = NULL; deflac = (struct lac *) calloc (1, sizeof (struct lac)); f = fopen (gconfig.configfile, "r"); if (!f) { f = fopen (gconfig.altconfigfile, "r"); if (f) { l2tp_log (LOG_WARNING, "%s: Using old style config files %s and %s\n", __FUNCTION__, gconfig.altconfigfile, gconfig.altauthfile); strncpy (gconfig.authfile, gconfig.altauthfile, sizeof (gconfig.authfile)); } else { l2tp_log (LOG_CRIT, "%s: Unable to open config file %s or %s\n", __FUNCTION__, gconfig.configfile, gconfig.altconfigfile); return -1; } } returnedValue = parse_config (f); fclose (f); return (returnedValue); } struct lns *new_lns () { struct lns *tmp; tmp = (struct lns *) calloc (1, sizeof (struct lns)); if (!tmp) { l2tp_log (LOG_CRIT, "%s: Unable to allocate memory for new LNS\n", __FUNCTION__); return NULL; } tmp->next = NULL; tmp->exclusive = 0; tmp->localaddr = 0; tmp->tun_rws = DEFAULT_RWS_SIZE; tmp->call_rws = DEFAULT_RWS_SIZE; tmp->rxspeed = DEFAULT_RX_BPS; tmp->txspeed = DEFAULT_TX_BPS; tmp->hbit = 0; tmp->lbit = 0; tmp->authpeer = 0; tmp->authself = -1; tmp->authname[0] = 0; tmp->peername[0] = 0; tmp->hostname[0] = 0; tmp->entname[0] = 0; tmp->range = NULL; tmp->localrange = NULL; tmp->assign_ip = 1; /* default to 'yes' */ tmp->lacs = NULL; tmp->passwdauth = 0; tmp->pap_require = 0; tmp->pap_refuse = 0; tmp->chap_require = 0; tmp->chap_refuse = 0; tmp->idle = 0; tmp->pridns = 0; tmp->secdns = 0; tmp->priwins = 0; tmp->secwins = 0; tmp->proxyarp = 0; tmp->proxyauth = 0; tmp->challenge = 0; tmp->debug = 0; tmp->pass_peer = 0; tmp->pppoptfile[0] = 0; tmp->t = NULL; return tmp; } struct lac *new_lac () { struct lac *tmp; tmp = (struct lac *) calloc (1, sizeof (struct lac)); if (!tmp) { l2tp_log (LOG_CRIT, "%s: Unable to allocate memory for lac entry!\n", __FUNCTION__); return NULL; } tmp->next = NULL; tmp->rsched = NULL; tmp->localaddr = 0; tmp->remoteaddr = 0; tmp->lns = 0; tmp->tun_rws = DEFAULT_RWS_SIZE; tmp->call_rws = DEFAULT_RWS_SIZE; tmp->hbit = 0; tmp->lbit = 0; tmp->authpeer = 0; tmp->authself = -1; tmp->authname[0] = 0; tmp->peername[0] = 0; tmp->hostname[0] = 0; tmp->entname[0] = 0; tmp->pap_require = 0; tmp->pap_refuse = 0; tmp->chap_require = 0; tmp->chap_refuse = 0; tmp->t = NULL; tmp->redial = 0; tmp->rtries = 0; tmp->rmax = 0; tmp->challenge = 0; tmp->autodial = 0; tmp->rtimeout = 30; tmp->active = 0; tmp->debug = 0; tmp->pass_peer = 0; tmp->pppoptfile[0] = 0; tmp->defaultroute = 0; return tmp; } int yesno (char *value) { if (!strcasecmp (value, "yes") || !strcasecmp (value, "y") || !strcasecmp (value, "true")) return 1; else if (!strcasecmp (value, "no") || !strcasecmp (value, "n") || !strcasecmp (value, "false")) return 0; else return -1; } int set_boolean (char *word, char *value, int *ptr) { int val; #ifdef DEBUG_FILE l2tp_log (LOG_DEBUG, "set_%s: %s flag to '%s'\n", word, word, value); #endif /* ; */ if ((val = yesno (value)) < 0) { snprintf (filerr, sizeof (filerr), "%s must be 'yes' or 'no'\n", word); return -1; } *ptr = val; return 0; } int set_int (char *word, char *value, int *ptr) { int val; #ifdef DEBUG_FILE l2tp_log (LOG_DEBUG, "set_%s: %s flag to '%s'\n", word, word, value); #endif /* ; */ if ((val = atoi (value)) < 0) { snprintf (filerr, sizeof (filerr), "%s must be a number\n", word); return -1; } *ptr = val; return 0; } int set_string (char *word, char *value, char *ptr, int len) { #ifdef DEBUG_FILE l2tp_log (LOG_DEBUG, "set_%s: %s flag to '%s'\n", word, word, value); #endif /* ; */ strncpy (ptr, value, len); return 0; } int set_port (char *word, char *value, int context, void *item) { switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_GLOBAL: #ifdef DEBUG_FILE l2tp_log (LOG_DEBUG, "set_port: Setting global port number to %s\n", value); #endif set_int (word, value, &(((struct global *) item)->port)); break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_rtimeout (char *word, char *value, int context, void *item) { if (atoi (value) < 1) { snprintf (filerr, sizeof (filerr), "rtimeout value must be at least 1\n"); return -1; } switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LAC: #ifdef DEBUG_FILE l2tp_log (LOG_DEBUG, "set_rtimeout: Setting redial timeout to %s\n", value); #endif set_int (word, value, &(((struct lac *) item)->rtimeout)); break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_rws (char *word, char *value, int context, void *item) { if (atoi (value) < -1) { snprintf (filerr, sizeof (filerr), "receive window size must be at least -1\n"); return -1; } switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LAC: if (word[0] == 'c') set_int (word, value, &(((struct lac *) item)->call_rws)); if (word[0] == 't') { set_int (word, value, &(((struct lac *) item)->tun_rws)); if (((struct lac *) item)->tun_rws < 1) { snprintf (filerr, sizeof (filerr), "receive window size for tunnels must be at least 1\n"); return -1; } } break; case CONTEXT_LNS: if (word[0] == 'c') set_int (word, value, &(((struct lns *) item)->call_rws)); if (word[0] == 't') { set_int (word, value, &(((struct lns *) item)->tun_rws)); if (((struct lns *) item)->tun_rws < 1) { snprintf (filerr, sizeof (filerr), "receive window size for tunnels must be at least 1\n"); return -1; } } break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_speed (char *word, char *value, int context, void *item) { if (atoi (value) < 1 ) { snprintf (filerr, sizeof (filerr), "bps must be greater than zero\n"); return -1; } switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LAC: if (word[0] == 't') set_int (word, value, &(((struct lac *) item)->txspeed)); else if (word[0] == 'r') set_int (word, value, &(((struct lac *) item)->rxspeed)); else { set_int (word, value, &(((struct lac *) item)->rxspeed)); set_int (word, value, &(((struct lac *) item)->txspeed)); } break; case CONTEXT_LNS: if (word[0] == 't') set_int (word, value, &(((struct lns *) item)->txspeed)); else if (word[0] == 'r') set_int (word, value, &(((struct lns *) item)->rxspeed)); else { set_int (word, value, &(((struct lns *) item)->rxspeed)); set_int (word, value, &(((struct lns *) item)->txspeed)); } break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_maxretries (char *word, char *value, int context, void *item) { switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_GLOBAL: #ifdef DEBUG_FILE l2tp_log (LOG_DEBUG, "set_port: Setting global max retries to %s\n", value); #endif set_int (word, value, &(((struct global *) item)->max_retries)); break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_rmax (char *word, char *value, int context, void *item) { if (atoi (value) < 1) { snprintf (filerr, sizeof (filerr), "rmax value must be at least 1\n"); return -1; } switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LAC: #ifdef DEBUG_FILE l2tp_log (LOG_DEBUG, "set_rmax: Setting max redials to %s\n", value); #endif set_int (word, value, &(((struct lac *) item)->rmax)); break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_authfile (char *word, char *value, int context, void *item) { if (!strlen (value)) { snprintf (filerr, sizeof (filerr), "no filename specified for authentication\n"); return -1; } switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_GLOBAL: #ifdef DEBUG_FILE l2tp_log (LOG_DEBUG, "set_authfile: Setting global auth file to '%s'\n", value); #endif /* ; */ strncpy (((struct global *) item)->authfile, value, sizeof (((struct global *)item)->authfile)); break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_autodial (char *word, char *value, int context, void *item) { switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LAC: if (set_boolean (word, value, &(((struct lac *) item)->autodial))) return -1; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_flow (char *word, char *value, int context, void *item) { int v; set_boolean (word, value, &v); if (v < 0) return -1; switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LAC: if (v) { if (((struct lac *) item)->call_rws < 0) ((struct lac *) item)->call_rws = 0; } else { ((struct lac *) item)->call_rws = -1; } break; case CONTEXT_LNS: if (v) { if (((struct lns *) item)->call_rws < 0) ((struct lns *) item)->call_rws = 0; } else { ((struct lns *) item)->call_rws = -1; } break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_defaultroute (char *word, char *value, int context, void *item) { switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LAC: if (set_boolean (word, value, &(((struct lac *) item)->defaultroute))) return -1; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_authname (char *word, char *value, int context, void *item) { struct lac *l = (struct lac *) item; struct lns *n = (struct lns *) item; switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LNS: if (set_string (word, value, n->authname, sizeof (n->authname))) return -1; break; case CONTEXT_LAC: if (set_string (word, value, l->authname, sizeof (l->authname))) return -1; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_hostname (char *word, char *value, int context, void *item) { struct lac *l = (struct lac *) item; struct lns *n = (struct lns *) item; switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LNS: if (set_string (word, value, n->hostname, sizeof (n->hostname))) return -1; break; case CONTEXT_LAC: if (set_string (word, value, l->hostname, sizeof (l->hostname))) return -1; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_passwdauth (char *word, char *value, int context, void *item) { switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LNS: if (set_boolean (word, value, &(((struct lns *) item)->passwdauth))) return -1; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_hbit (char *word, char *value, int context, void *item) { switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LAC: if (set_boolean (word, value, &(((struct lac *) item)->hbit))) return -1; break; case CONTEXT_LNS: if (set_boolean (word, value, &(((struct lns *) item)->hbit))) return -1; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_challenge (char *word, char *value, int context, void *item) { switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LAC: if (set_boolean (word, value, &(((struct lac *) item)->challenge))) return -1; break; case CONTEXT_LNS: if (set_boolean (word, value, &(((struct lns *) item)->challenge))) return -1; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_lbit (char *word, char *value, int context, void *item) { switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LAC: if (set_boolean (word, value, &(((struct lac *) item)->lbit))) return -1; break; case CONTEXT_LNS: if (set_boolean (word, value, &(((struct lns *) item)->lbit))) return -1; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_debug (char *word, char *value, int context, void *item) { switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LAC: if (set_boolean (word, value, &(((struct lac *) item)->debug))) return -1; break; case CONTEXT_LNS: if (set_boolean (word, value, &(((struct lns *) item)->debug))) return -1; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_pass_peer (char *word, char *value, int context, void *item) { switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LAC: if (set_boolean (word, value, &(((struct lac *) item)->pass_peer))) return -1; break; case CONTEXT_LNS: if (set_boolean (word, value, &(((struct lns *) item)->pass_peer))) return -1; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_pppoptfile (char *word, char *value, int context, void *item) { struct lac *l = (struct lac *) item; struct lns *n = (struct lns *) item; switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LNS: if (set_string (word, value, n->pppoptfile, sizeof (n->pppoptfile))) return -1; break; case CONTEXT_LAC: if (set_string (word, value, l->pppoptfile, sizeof (l->pppoptfile))) return -1; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_papchap (char *word, char *value, int context, void *item) { int result; char *c; struct lac *l = (struct lac *) item; struct lns *n = (struct lns *) item; if (set_boolean (word, value, &result)) return -1; c = strchr (word, ' '); c++; switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LAC: if (c[0] == 'p') /* PAP */ if (word[2] == 'f') l->pap_refuse = result; else l->pap_require = result; else if (c[0] == 'a') /* Authentication */ if (word[2] == 'f') l->authself = !result; else l->authpeer = result; else /* CHAP */ if (word[2] == 'f') l->chap_refuse = result; else l->chap_require = result; break; case CONTEXT_LNS: if (c[0] == 'p') /* PAP */ if (word[2] == 'f') n->pap_refuse = result; else n->pap_require = result; else if (c[0] == 'a') /* Authentication */ if (word[2] == 'f') n->authself = !result; else n->authpeer = result; else /* CHAP */ if (word[2] == 'f') n->chap_refuse = result; else n->chap_require = result; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_redial (char *word, char *value, int context, void *item) { switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LAC: if (set_boolean (word, value, &(((struct lac *) item)->redial))) return -1; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_accesscontrol (char *word, char *value, int context, void *item) { switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_GLOBAL: if (set_boolean (word, value, &(((struct global *) item)->accesscontrol))) return -1; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_userspace (char *word, char *value, int context, void *item) { switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_GLOBAL: if (set_boolean (word, value, &(((struct global *) item)->forceuserspace))) return -1; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_debugavp (char *word, char *value, int context, void *item) { switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_GLOBAL: if (set_boolean (word, value, &(((struct global *) item)->debug_avp))) return -1; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_debugnetwork (char *word, char *value, int context, void *item) { switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_GLOBAL: if (set_boolean (word, value, &(((struct global *) item)->debug_network))) return -1; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_debugpacket (char *word, char *value, int context, void *item) { switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_GLOBAL: if (set_boolean (word, value, &(((struct global *) item)->packet_dump))) return -1; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_debugtunnel (char *word, char *value, int context, void *item) { switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_GLOBAL: if (set_boolean (word, value, &(((struct global *) item)->debug_tunnel))) return -1; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_debugstate (char *word, char *value, int context, void *item) { switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_GLOBAL: if (set_boolean (word, value, &(((struct global *) item)->debug_state))) return -1; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_assignip (char *word, char *value, int context, void *item) { switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LNS: if (set_boolean (word, value, &(((struct lns *) item)->assign_ip))) return -1; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } struct iprange *set_range (char *word, char *value, struct iprange *in) { char *c, *d = NULL, *e = NULL; struct iprange *ipr, *p; struct hostent *hp; int count = 0; c = strchr (value, '-'); if (c) { d = c + 1; *c = 0; while ((c >= value) && (*c < 33)) *(c--) = 0; while (*d && (*d < 33)) d++; } if (!strlen (value) || (c && !strlen (d))) { snprintf (filerr, sizeof (filerr), "format is '%s - '\n", word); return NULL; } ipr = malloc (sizeof (struct iprange)); ipr->next = NULL; hp = gethostbyname (value); if (!hp) { snprintf (filerr, sizeof (filerr), "Unknown host %s\n", value); free (ipr); return NULL; } bcopy (hp->h_addr, &ipr->start, sizeof (unsigned int)); if (c) { char ip_hi[16]; e = d; while(*e != '\0') { if (*e++ == '.') count++; } if (count < 3) { strcpy(ip_hi, value); for (e = ip_hi + sizeof(ip_hi); e >= ip_hi; e--) { if (*e == '.') count--; if (count < 0) { e++; break; } } /* Copy the last field + null terminator */ if (ip_hi + sizeof(ip_hi)-e > strlen(d)) { strcpy(e, d); d = ip_hi; } } hp = gethostbyname (d); if (!hp) { snprintf (filerr, sizeof (filerr), "Unknown host %s\n", d); free (ipr); return NULL; } bcopy (hp->h_addr, &ipr->end, sizeof (unsigned int)); } else ipr->end = ipr->start; if (ntohl (ipr->start) > ntohl (ipr->end)) { snprintf (filerr, sizeof (filerr), "start is greater than end!\n"); free (ipr); return NULL; } if (word[0] == 'n') ipr->sense = SENSE_DENY; else ipr->sense = SENSE_ALLOW; p = in; if (p) { while (p->next) p = p->next; p->next = ipr; return in; } else return ipr; } int set_iprange (char *word, char *value, int context, void *item) { struct lns *lns = (struct lns *) item; switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LNS: break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } lns->range = set_range (word, value, lns->range); if (!lns->range) return -1; #ifdef DEBUG_FILE l2tp_log (LOG_DEBUG, "range start = %x, end = %x, sense=%ud\n", ntohl (lns->range->start), ntohl (lns->range->end), lns->range->sense); #endif return 0; } int set_localiprange (char *word, char *value, int context, void *item) { struct lns *lns = (struct lns *) item; switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LNS: break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } if (lns->localaddr) { snprintf (filerr, sizeof (filerr), "'local ip range' and 'local ip' are mutually exclusive\n"); return -1; } lns->localrange = set_range (word, value, lns->localrange); if (!lns->localrange) return -1; #ifdef DEBUG_FILE l2tp_log (LOG_DEBUG, "range start = %x, end = %x, sense=%ud\n", ntohl (lns->range->start), ntohl (lns->range->end), lns->range->sense); #endif return 0; } int set_lac (char *word, char *value, int context, void *item) { struct lns *lns = (struct lns *) item; switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LNS: break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } lns->lacs = set_range (word, value, lns->lacs); if (!lns->lacs) return -1; #ifdef DEBUG_FILE l2tp_log (LOG_DEBUG, "lac start = %x, end = %x, sense=%ud\n", ntohl (lns->lacs->start), ntohl (lns->lacs->end), lns->lacs->sense); #endif return 0; } int set_exclusive (char *word, char *value, int context, void *item) { switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LNS: if (set_boolean (word, value, &(((struct lns *) item)->exclusive))) return -1; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_ip (char *word, char *value, unsigned int *addr) { struct hostent *hp; hp = gethostbyname (value); if (!hp) { snprintf (filerr, sizeof (filerr), "%s: host '%s' not found\n", __FUNCTION__, value); return -1; } bcopy (hp->h_addr, addr, sizeof (unsigned int)); return 0; } int set_listenaddr (char *word, char *value, int context, void *item) { switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_GLOBAL: #ifdef DEBUG_FILE l2tp_log (LOG_DEBUG, "set_listenaddr: Setting listen address to %s\n", value); #endif if (set_ip (word, value, &(((struct global *) item)->listenaddr))) return -1; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_localaddr (char *word, char *value, int context, void *item) { struct lac *l; struct lns *n; switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LAC: l = (struct lac *) item; return set_ip (word, value, &(l->localaddr)); case CONTEXT_LNS: n = (struct lns *) item; if (n->localrange) { snprintf (filerr, sizeof (filerr), "'local ip range' and 'local ip' are mutually exclusive\n"); return -1; } return set_ip (word, value, &(n->localaddr)); default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_remoteaddr (char *word, char *value, int context, void *item) { struct lac *l; switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LAC: l = (struct lac *) item; return set_ip (word, value, &(l->remoteaddr)); default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_lns (char *word, char *value, int context, void *item) { #if 0 struct hostent *hp; #endif struct lac *l; struct host *ipr, *pos; char *d; switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_LAC: #ifdef DEBUG_FILE l2tp_log (LOG_DEBUG, "set_lns: setting LNS to '%s'\n", value); #endif l = (struct lac *) item; d = strchr (value, ':'); if (d) { d[0] = 0; d++; } #if 0 // why would you want to lookup hostnames at this time? hp = gethostbyname (value); if (!hp) { snprintf (filerr, sizeof (filerr), "no such host '%s'\n", value); return -1; } #endif ipr = malloc (sizeof (struct host)); ipr->next = NULL; pos = l->lns; if (!pos) { l->lns = ipr; } else { while (pos->next) pos = pos->next; pos->next = ipr; } strncpy (ipr->hostname, value, sizeof (ipr->hostname)); if (d) ipr->port = atoi (d); else ipr->port = UDP_LISTEN_PORT; break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_rand_sys () { l2tp_log(LOG_WARNING, "The \"rand()\" function call is not a very good source" "of randomness\n"); rand_source = RAND_SYS; return 0; } int set_ipsec_saref (char *word, char *value, int context, void *item) { struct global *g = ((struct global *) item); switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_GLOBAL: if (set_boolean (word, value, &(g->ipsecsaref))) return -1; if(g->ipsecsaref) { l2tp_log(LOG_INFO, "Enabling IPsec SAref processing for L2TP transport mode SAs\n"); } if(g->forceuserspace != 1) { l2tp_log(LOG_WARNING, "IPsec SAref does not work with L2TP kernel mode yet, enabling force userspace=yes\n"); g->forceuserspace = 1; } break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_saref_num (char *word, char *value, int context, void *item) { switch (context & ~CONTEXT_DEFAULT) { case CONTEXT_GLOBAL: l2tp_log (LOG_INFO, "Setting SAref IP_IPSEC_REFINFO number to %s\n", value); set_int (word, value, &(((struct global *) item)->sarefnum)); break; default: snprintf (filerr, sizeof (filerr), "'%s' not valid in this context\n", word); return -1; } return 0; } int set_rand_dev () { rand_source = RAND_DEV; return 0; } int set_rand_egd (char *value) { l2tp_log(LOG_WARNING, "%s: not yet implemented!\n", __FUNCTION__); rand_source = RAND_EGD; return -1; } int set_rand_source (char *word, char *value, int context, void *item) { time_t seconds; /* * We're going to go ahead and seed the rand() function with srand() * because even if we set the randomness source to dev or egd, they * can fall back to sys if they fail, so we want to make sure we at * least have *some* semblance of randomness available from the * rand() function */ /* * This is a sucky random number seed...just the result from the * time() call...but...the user requested to use the rand() * function, which is a pretty sucky source of randomness * regardless...at least we can get a almost sorta decent seed. If * you have any better suggestions for creating a seed...lemme know * :/ */ seconds = time(NULL); srand(seconds); if (context != CONTEXT_GLOBAL) { l2tp_log(LOG_WARNING, "%s: %s not valid in context %d\n", __FUNCTION__, word, context); return -1; } /* WORKING HERE */ if (strlen(value) == 0) { snprintf(filerr, sizeof (filerr), "no randomness source specified\n"); return -1; } if (strncmp(value, "egd", 3) == 0) { return set_rand_egd(value); } else if (strncmp(value, "dev", 3) == 0) { return set_rand_dev(); } else if (strncmp(value, "sys", 3) == 0) { return set_rand_sys(); } else { l2tp_log(LOG_WARNING, "%s: %s is not a valid randomness source\n", __FUNCTION__, value); return -1; } } int parse_config (FILE * f) { /* Read in the configuration file handed to us */ /* FIXME: I should check for incompatible options */ int context = 0; char buf[1024]; char *s, *d, *t; int linenum = 0; int def = 0; int in_comment = 0; int has_lf; void *data = NULL; struct lns *tl; struct lac *tc; while (!feof (f)) { if (NULL == fgets (buf, sizeof (buf), f)) { /* Error or EOL */ break; } /* Watch for continuation comments. */ has_lf = buf[strlen(buf) - 1] == '\n'; if (in_comment) { in_comment = !has_lf; continue; } linenum++; s = buf; /* Strip comments */ while (*s && *s != ';') s++; if (*s == ';' && !has_lf) in_comment = 1; *s = 0; s = buf; if (!strlen (buf)) continue; while ((*s < 33) && *s) s++; /* Skip over beginning white space */ t = s + strlen (s); while ((t >= s) && (*t < 33)) *(t--) = 0; /* Ditch trailing white space */ if (!strlen (s)) continue; if (s[0] == '[') { /* We've got a context description */ if (!(t = strchr (s, ']'))) { l2tp_log (LOG_CRIT, "parse_config: line %d: No closing bracket\n", linenum); return -1; } t[0] = 0; s++; if ((d = strchr (s, ' '))) { /* There's a parameter */ d[0] = 0; d++; } if (d && !strcasecmp (d, "default")) def = CONTEXT_DEFAULT; else def = 0; if (!strcasecmp (s, "global")) { context = CONTEXT_GLOBAL; #ifdef DEBUG_FILE l2tp_log (LOG_DEBUG, "parse_config: global context descriptor %s\n", d ? d : ""); #endif data = &gconfig; } else if (!strcasecmp (s, "lns")) { context = CONTEXT_LNS; if (def) { if (!deflns) { deflns = new_lns (); strncpy (deflns->entname, "default", sizeof (deflns->entname)); } data = deflns; continue; } data = NULL; tl = lnslist; if (d) { while (tl) { if (!strcasecmp (d, tl->entname)) break; tl = tl->next; } if (tl) data = tl; } if (!data) { data = new_lns (); if (!data) return -1; ((struct lns *) data)->next = lnslist; lnslist = (struct lns *) data; } if (d) strncpy (((struct lns *) data)->entname, d, sizeof (((struct lns *) data)->entname)); #ifdef DEBUG_FILE l2tp_log (LOG_DEBUG, "parse_config: lns context descriptor %s\n", d ? d : ""); #endif } else if (!strcasecmp (s, "lac")) { context = CONTEXT_LAC; if (def) { if (!deflac) { deflac = new_lac (); strncpy (deflac->entname, "default", sizeof (deflac->entname)); } data = deflac; continue; } data = NULL; tc = laclist; if (d) { while (tc) { if (!strcasecmp (d, tc->entname)) break; tc = tc->next; } if (tc) data = tc; } if (!data) { data = new_lac (); if (!data) return -1; ((struct lac *) data)->next = laclist; laclist = (struct lac *) data; } if (d) strncpy (((struct lac *) data)->entname, d, sizeof (((struct lac *) data)->entname)); #ifdef DEBUG_FILE l2tp_log (LOG_DEBUG, "parse_config: lac context descriptor %s\n", d ? d : ""); #endif } else { l2tp_log (LOG_WARNING, "parse_config: line %d: unknown context '%s'\n", linenum, s); return -1; } } else { if (!context) { l2tp_log (LOG_WARNING, "parse_config: line %d: data '%s' occurs with no context\n", linenum, s); return -1; } if (!(t = strchr (s, '='))) { l2tp_log (LOG_WARNING, "parse_config: line %d: line too long or no '=' in data\n", linenum); return -1; } d = t; d--; t++; while ((d >= s) && (*d < 33)) d--; d++; *d = 0; while (*t && (*t < 33)) t++; #ifdef DEBUG_FILE l2tp_log (LOG_DEBUG, "parse_config: field is %s, value is %s\n", s, t); #endif /* Okay, bit twiddling is done. Let's handle this */ switch (parse_one_option (s, t, context | def, data)) { case -1: l2tp_log (LOG_WARNING, "parse_config: line %d: %s", linenum, filerr); return -1; case -2: l2tp_log (LOG_CRIT, "parse_config: line %d: Unknown field '%s'\n", linenum, s); return -1; } } } return 0; } int parse_one_option(char *word, char *value, int context, void *item) { struct keyword *kw; for (kw = words; kw->keyword; kw++) { if (!strcasecmp (word, kw->keyword)) { if (kw->handler (word, value, context, item)) { return -1; } break; } } if (!kw->keyword) { return -2; } return 0; } struct keyword words[] = { {"listen-addr", &set_listenaddr}, {"port", &set_port}, {"saref refinfo", &set_saref_num}, {"rand source", &set_rand_source}, {"auth file", &set_authfile}, {"exclusive", &set_exclusive}, {"autodial", &set_autodial}, {"redial", &set_redial}, {"redial timeout", &set_rtimeout}, {"lns", &set_lns}, {"max redials", &set_rmax}, {"access control", &set_accesscontrol}, {"force userspace", &set_userspace}, {"ip range", &set_iprange}, {"no ip range", &set_iprange}, {"debug avp", &set_debugavp}, {"debug network", &set_debugnetwork}, {"debug packet", &set_debugpacket}, {"debug tunnel", &set_debugtunnel}, {"debug state", &set_debugstate}, {"ipsec saref", &set_ipsec_saref}, {"lac", &set_lac}, {"no lac", &set_lac}, {"assign ip", &set_assignip}, {"local ip", &set_localaddr}, {"local ip range", &set_localiprange}, {"remote ip", &set_remoteaddr}, {"defaultroute", &set_defaultroute}, {"length bit", &set_lbit}, {"hidden bit", &set_hbit}, {"require pap", &set_papchap}, {"require chap", &set_papchap}, {"require authentication", &set_papchap}, {"require auth", &set_papchap}, {"refuse pap", &set_papchap}, {"refuse chap", &set_papchap}, {"refuse authentication", &set_papchap}, {"refuse auth", &set_papchap}, {"unix authentication", &set_passwdauth}, {"unix auth", &set_passwdauth}, {"name", &set_authname}, {"hostname", &set_hostname}, {"ppp debug", &set_debug}, {"pass peer", &set_pass_peer}, {"pppoptfile", &set_pppoptfile}, {"call rws", &set_rws}, {"tunnel rws", &set_rws}, {"flow bit", &set_flow}, {"challenge", &set_challenge}, {"tx bps", &set_speed}, {"rx bps", &set_speed}, {"bps", &set_speed}, {"max retries" , &set_maxretries}, {NULL, NULL} }; xl2tpd-1.3.12/file.h000066400000000000000000000170431327764040100141140ustar00rootroot00000000000000/* * Layer Two Tunnelling Protocol Daemon * Copyright (C) 1998 Adtran, Inc. * Copyright (C) 2002 Jeff McAdams * * Mark Spencer * * This software is distributed under the terms * of the GPL, which you should have received * along with this source. * * File format handling header file * */ #ifndef _FILE_H #define _FILE_H #define STRLEN 100 /* Length of a string */ /* Definition of a keyword */ struct keyword { char *keyword; int (*handler) (char *word, char *value, int context, void *item); }; struct iprange { unsigned int start; unsigned int end; int sense; struct iprange *next; }; struct host { char hostname[STRLEN]; int port; struct host *next; }; #define CONTEXT_GLOBAL 1 #define CONTEXT_LNS 2 #define CONTEXT_LAC 3 #define CONTEXT_DEFAULT 256 #define SENSE_ALLOW -1 #define SENSE_DENY 0 #ifndef DEFAULT_AUTH_FILE #define DEFAULT_AUTH_FILE "/etc/xl2tpd/l2tp-secrets" #endif #ifndef DEFAULT_CONFIG_FILE #define DEFAULT_CONFIG_FILE "/etc/xl2tpd/xl2tpd.conf" #endif #define ALT_DEFAULT_AUTH_FILE "/etc/l2tpd/l2tp-secrets" #define ALT_DEFAULT_CONFIG_FILE "/etc/l2tp/l2tpd.conf" #define DEFAULT_PID_FILE "/var/run/xl2tpd.pid" /* Definition of an LNS */ struct lns { struct lns *next; int exclusive; /* Only one tunnel per host? */ int active; /* Is this actively in use? */ unsigned int localaddr; /* Local IP for PPP connections */ int tun_rws; /* Receive window size (tunnel) */ int call_rws; /* Call rws */ int rxspeed; /* Tunnel rx speed */ int txspeed; /* Tunnel tx speed */ int hbit; /* Permit hidden AVP's? */ int lbit; /* Use the length field? */ int challenge; /* Challenge authenticate the peer? */ int authpeer; /* Authenticate our peer? */ int authself; /* Authenticate ourselves? */ char authname[STRLEN]; /* Who we authenticate as */ char peername[STRLEN]; /* Force peer name to this */ char hostname[STRLEN]; /* Hostname to report */ char entname[STRLEN]; /* Name of this entry */ struct iprange *lacs; /* Hosts permitted to connect */ struct iprange *range; /* Range of IP's we provide */ struct iprange *localrange; /* Range of local IP's we provide */ int assign_ip; /* Do we actually provide IP addresses? */ int passwdauth; /* Authenticate by passwd file? (or PAM) */ int pap_require; /* Require PAP auth for PPP */ int chap_require; /* Require CHAP auth for PPP */ int pap_refuse; /* Refuse PAP authentication for us */ int chap_refuse; /* Refuse CHAP authentication for us */ int idle; /* Idle timeout in seconds */ unsigned int pridns; /* Primary DNS server */ unsigned int secdns; /* Secondary DNS server */ unsigned int priwins; /* Primary WINS server */ unsigned int secwins; /* Secondary WINS server */ int proxyarp; /* Use proxy-arp? */ int proxyauth; /* Allow proxy authentication? */ int debug; /* Debug PPP? */ int pass_peer; /* Pass peer IP to pppd as ipparam? */ char pppoptfile[STRLEN]; /* File containing PPP options */ struct tunnel *t; /* Tunnel of this, if it's ready */ }; struct lac { struct lac *next; struct host *lns; /* LNS's we can connect to */ struct schedule_entry *rsched; int tun_rws; /* Receive window size (tunnel) */ int call_rws; /* Call rws */ int rxspeed; /* Tunnel rx speed */ int txspeed; /* Tunnel tx speed */ int active; /* Is this connection in active use? */ int hbit; /* Permit hidden AVP's? */ int lbit; /* Use the length field? */ int challenge; /* Challenge authenticate the peer? */ unsigned int localaddr; /* Local IP address */ unsigned int remoteaddr; /* Force remote address to this */ char authname[STRLEN]; /* Who we authenticate as */ char password[STRLEN]; /* Password to authenticate with */ char peername[STRLEN]; /* Force peer name to this */ char hostname[STRLEN]; /* Hostname to report */ char entname[STRLEN]; /* Name of this entry */ int authpeer; /* Authenticate our peer? */ int authself; /* Authenticate ourselves? */ int pap_require; /* Require PAP auth for PPP */ int chap_require; /* Require CHAP auth for PPP */ int pap_refuse; /* Refuse PAP authentication for us */ int chap_refuse; /* Refuse CHAP authentication for us */ int idle; /* Idle timeout in seconds */ int autodial; /* Try to dial immediately? */ int defaultroute; /* Use as default route? */ int redial; /* Redial if disconnected */ int rmax; /* Maximum # of consecutive redials */ int rtries; /* # of tries so far */ int rtimeout; /* Redial every this many # of seconds */ int pass_peer; /* Pass peer IP to pppd as ipparam? */ char pppoptfile[STRLEN]; /* File containing PPP options */ int debug; struct tunnel *t; /* Our tunnel */ struct call *c; /* Our call */ }; struct global { unsigned int listenaddr; /* IP address to bind to */ int port; /* Port number to listen to */ char authfile[STRLEN]; /* File containing authentication info */ char altauthfile[STRLEN]; /* File containing authentication info */ char configfile[STRLEN]; /* File containing configuration info */ char altconfigfile[STRLEN]; /* File containing configuration info */ char pidfile[STRLEN]; /* File containing the pid number*/ char controlfile[STRLEN]; /* Control file name (named pipe) */ char controltos[STRLEN]; /* Control TOS value */ int daemon; /* Use daemon mode? */ int syslog; /* Use syslog for logging? */ int accesscontrol; /* Use access control? */ int forceuserspace; /* Force userspace? */ int packet_dump; /* Dump (print) all packets? */ int debug_avp; /* Print AVP debugging info? */ int debug_network; /* Print network debugging info? */ int debug_tunnel; /* Print tunnel debugging info? */ int debug_state; /* Print FSM debugging info? */ int ipsecsaref; int sarefnum; /* Value of IPSEC_REFINFO used by kernel * (we used to pick 22, but 2.6.36+ took that, so now we pick 30) * Changed in SAref patch in openswan 2.6.36 for linux 2.6.36+ */ int max_retries; /* Max retries before closing tunnel or stop re-transmitting */ }; extern struct global gconfig; /* Global configuration options */ extern struct lns *lnslist; /* All LNS entries */ extern struct lac *laclist; /* All LAC entries */ extern struct lns *deflns; /* Default LNS config */ extern struct lac *deflac; /* Default LAC config */ extern int init_config (); /* Read in the config file */ /* Tries to apply _word_ option with _value_ to _item_ in _context_ */ extern int parse_one_option (char *word, char *value, int context, void *item); /* Allocate memory and filled up new lac */ extern struct lac *new_lac (); extern struct lns *new_lns (); #endif xl2tpd-1.3.12/ipsecmast.h000066400000000000000000000005021327764040100151550ustar00rootroot00000000000000#ifndef _IPSECMAST_H #define _IPSECMAST_H #ifndef IP_IPSEC_REFINFO /* 22 has been assigned to IP_NODEFRAG in 2.6.36+ so we moved to 30 * #define IP_IPSEC_REFINFO 22 */ #define IP_IPSEC_REFINFO 30 #endif #ifndef IPSEC_SAREF_NULL typedef uint32_t IPsecSAref_t; #define IPSEC_SAREF_NULL ((IPsecSAref_t)0) #endif #endif xl2tpd-1.3.12/l2tp.h000066400000000000000000000216471327764040100140630ustar00rootroot00000000000000/* * Layer Two Tunnelling Protocol Daemon * Copyright (C) 1998 Adtran, Inc. * Copyright (C) 2002 Jeff McAdams * * Mark Spencer * * This software is distributed under the terms * of the GPL, which you should have received * along with this source. * * Protocol and implementation information, * structures and constants. */ /* typedef unsigned short _u16; typedef unsigned long long _u64; */ #ifndef _L2TP_H #define _L2TP_H #define MAXSTRLEN 120 /* Maximum length of common strings */ /* FIXME: MAX_RECV_SIZE, what is it? */ #define MAX_RECV_SIZE 4096 /* Biggest packet we'll accept */ #include #include #ifdef OPENBSD # include #endif #include "osport.h" #include "scheduler.h" #include "misc.h" #include "file.h" #include "call.h" #include "avp.h" #include "control.h" #include "aaa.h" #include "common.h" #include "ipsecmast.h" #define CONTROL_PIPE "/var/run/xl2tpd/l2tp-control" #define CONTROL_PIPE_MESSAGE_SIZE 1024 /* Control pip request types */ #define CONTROL_PIPE_REQ_LAC_REMOVE 'r' #define CONTROL_PIPE_REQ_LAC_ADD_MODIFY 'a' #define CONTROL_PIPE_REQ_LAC_STATUS 's' #define CONTROL_PIPE_REQ_LAC_DISCONNECT 'd' #define CONTROL_PIPE_REQ_LAC_HANGUP 'h' #define CONTROL_PIPE_REQ_LAC_OUTGOING_CALL 'o' #define CONTROL_PIPE_REQ_LAC_CONNECT 'c' #define CONTROL_PIPE_REQ_TUNNEL 't' #define CONTROL_PIPE_REQ_LNS_ADD_MODIFY 'z' /* Create or modify an existing LNS */ #define CONTROL_PIPE_REQ_LNS_STATUS 'y' /* Get status of LNS */ #define CONTROL_PIPE_REQ_AVAILABLE 'x' /* Get status of LNS */ #define CONTROL_PIPE_REQ_LNS_REMOVE 'w' /* Get status of LNS */ #define BINARY "xl2tpd" #define SERVER_VERSION "xl2tpd-1.3.12" #define VENDOR_NAME "xelerance.com" #ifndef PPPD #define PPPD "/usr/sbin/pppd" #endif #define CALL_PPP_OPTS "defaultroute" #define FIRMWARE_REV 0x0690 /* Revision of our firmware (software, in this case) */ #define HELLO_DELAY 60 /* How often to send a Hello message */ struct control_hdr { _u16 ver; /* Version and more */ _u16 length; /* Length field */ _u16 tid; /* Tunnel ID */ _u16 cid; /* Call ID */ _u16 Ns; /* Next sent */ _u16 Nr; /* Next received */ } __attribute__((packed)); #define CTBIT(ver) (ver & 0x8000) /* Determins if control or not */ #define CLBIT(ver) (ver & 0x4000) /* Length bit present. Must be 1 for control messages */ #define CZBITS(ver) (ver &0x37F8) /* Reserved bits: We must drop anything with these there */ #define CFBIT(ver) (ver & 0x0800) /* Presence of Ns and Nr fields flow bit? */ #define CVER(ver) (ver & 0x0007) /* Version of encapsulation */ struct payload_hdr { _u16 ver; /* Version and friends */ _u16 length; /* Optional Length */ _u16 tid; /* Tunnel ID */ _u16 cid; /* Caller ID */ _u16 Ns; /* Optional next sent */ _u16 Nr; /* Optional next received */ _u16 o_size; /* Optional offset size */ // _u16 o_pad; /* Optional offset padding */ } __attribute__((packed)); #define NZL_TIMEOUT_DIVISOR 4 /* Divide TIMEOUT by this and you know how often to send a zero byte packet */ #define PAYLOAD_BUF 10 /* Provide 10 expansion bytes so we can "decompress" the payloads and simplify coding */ #if 1 #define DEFAULT_MAX_RETRIES 5 /* Recommended value from spec */ #else #define DEFAULT_MAX_RETRIES 95 /* give us more time to debug */ #endif #define DEFAULT_RWS_SIZE 4 /* Default max outstanding control packets in queue */ #define DEFAULT_TX_BPS 10000000 /* For outgoing calls, report this speed */ #define DEFAULT_RX_BPS 10000000 #define DEFAULT_MAX_BPS 10000000 /* jz: outgoing calls max bps */ #define DEFAULT_MIN_BPS 10000 /* jz: outgoing calls min bps */ #define PAYLOAD_FUDGE 2 /* How many packets we're willing to drop */ #define MIN_PAYLOAD_HDR_LEN 6 #define UDP_LISTEN_PORT 1701 #define OUR_L2TP_VERSION 0x100 /* We support version 1, revision 0 */ #define PTBIT(ver) CTBIT(ver) /* Type bit: Must be zero for us */ #define PLBIT(ver) CLBIT(ver) /* Length specified? */ #define PFBIT(ver) CFBIT(ver) /* Flow control specified? */ #define PVER(ver) CVER(ver) /* Version */ #define PZBITS(ver) (ver & 0x14F8) /* Reserved bits */ #define PRBIT(ver) (ver & 0x2000) /* Reset Sr bit */ #define PSBIT(ver) (ver & 0x0200) /* Offset size bit */ #define PPBIT(ver) (ver & 0x0100) /* Preference bit */ struct tunnel { struct call *call_head; /* Member calls */ struct tunnel *next; /* Allows us to be linked easily */ int fc; /* Framing capabilities of peer */ struct schedule_entry *hello; int ourfc; /* Our framing capabilities */ int bc; /* Peer's bearer channels */ int hbit; /* Allow hidden AVP's? */ int ourbc; /* Our bearer channels */ _u64 tb; /* Their tie breaker */ _u64 ourtb; /* Our tie breaker */ int tid; /* Peer's tunnel identifier */ IPsecSAref_t refme; /* IPsec SA particulars */ IPsecSAref_t refhim; int ourtid; /* Our tunnel identifier */ int qtid; /* TID for disconnection */ int firmware; /* Peer's firmware revision */ #if 0 unsigned int addr; /* Remote address */ unsigned short port; /* Port on remote end */ #else struct sockaddr_in peer; /* Peer's Address */ #endif int debug; /* Are we debugging or not? */ int nego; /* Show Negotiation? */ int count; /* How many membmer calls? */ int state; /* State of tunnel */ _u16 control_seq_num; /* Sequence for next packet */ _u16 control_rec_seq_num; /* Next expected to receive */ int cLr; /* Last packet received by peer */ #ifdef SANITY int sanity; /* check for sanity? */ #endif int rws; /* Peer's Receive Window Size */ int ourrws; /* Receive Window Size */ int rxspeed; /* Receive bps */ int txspeed; /* Transmit bps */ int udp_fd; /* UDP fd */ int pppox_fd; /* PPPOX tunnel fd */ struct call *self; struct lns *lns; /* LNS that owns us */ struct lac *lac; /* LAC that owns us */ struct in_pktinfo my_addr; /* Address of my endpoint */ char hostname[MAXSTRLEN]; /* Remote hostname */ char vendor[MAXSTRLEN]; /* Vendor of remote product */ struct challenge chal_us; /* Their Challenge to us */ struct challenge chal_them; /* Our challenge to them */ char secret[MAXSTRLEN]; /* Secret to use */ }; struct tunnel_list { struct tunnel *head; int count; int calls; }; /* Values for version */ #define VER_L2TP 2 #define VER_PPTP 3 /* Some PPP sync<->async stuff */ #define fcstab ppp_crc16_table #define PPP_FLAG 0x7e #define PPP_ESCAPE 0x7d #define PPP_TRANS 0x20 #define PPP_INITFCS 0xffff #define PPP_GOODFCS 0xf0b8 #define PPP_FCS(fcs,c) (((fcs) >> 8) ^ fcstab[((fcs) ^ (c)) & 0xff]) /* Values for Randomness sources */ #define RAND_DEV 0x0 #define RAND_SYS 0x1 #define RAND_EGD 0x2 /* Error Values */ extern struct tunnel_list tunnels; extern void tunnel_close (struct tunnel *t); extern void network_thread (); extern int init_network (); extern int server_socket; extern struct tunnel *new_tunnel (); extern struct packet_queue xmit_udp; extern void destroy_tunnel (struct tunnel *); extern struct buffer *new_payload (struct sockaddr_in); extern void recycle_payload (struct buffer *, struct sockaddr_in); extern void add_payload_hdr (struct tunnel *, struct call *, struct buffer *); extern int read_packet (struct call *); extern void udp_xmit (struct buffer *buf, struct tunnel *t); extern void control_xmit (void *); extern int ppd; extern int switch_io; /* jz */ extern int control_fd; #ifdef USE_KERNEL extern int kernel_support; extern int connect_pppol2tp (struct tunnel *t); #endif extern int start_pppd (struct call *c, struct ppp_opts *); extern void magic_lac_dial (void *); extern int get_entropy (unsigned char *, int); #ifndef MIN #define MIN(a,b) (((a)<(b)) ? (a) : (b)) #endif #endif /* * This is just some stuff to take * care of kernel definitions */ #ifdef USE_KERNEL #include #include #include #include #endif xl2tpd-1.3.12/md5.c000066400000000000000000000210241327764040100136470ustar00rootroot00000000000000#ifdef FREEBSD # include #elif defined(OPENBSD) || defined(NETBSD) # define __BSD_VISIBLE 0 # include #elif defined(LINUX) # include #elif defined(SOLARIS) # include #endif #if __BYTE_ORDER == __BIG_ENDIAN #define HIGHFIRST 1 #endif /* * This code implements the MD5 message-digest algorithm. * The algorithm is due to Ron Rivest. This code was * written by Colin Plumb in 1993, no copyright is claimed. * This code is in the public domain; do with it what you wish. * * Equivalent code is available from RSA Data Security, Inc. * This code has been tested against that, and is equivalent, * except that you don't need to include two pages of legalese * with every copy. * * To compute the message digest of a chunk of bytes, declare an * MD5Context structure, pass it to MD5Init, call MD5Update as * needed on buffers full of bytes, and then call MD5Final, which * will fill a supplied 16-byte array with the digest. */ #include /* for memcpy() */ #include "md5.h" #ifndef HIGHFIRST #define byteReverse(buf, len) /* Nothing */ #else void byteReverse (unsigned char *buf, unsigned longs); #ifndef ASM_MD5 /* * Note: this code is harmless on little-endian machines. */ void byteReverse (unsigned char *buf, unsigned longs) { uint32 t; do { t = (uint32) ((unsigned) buf[3] << 8 | buf[2]) << 16 | ((unsigned) buf[1] << 8 | buf[0]); *(uint32 *) buf = t; buf += 4; } while (--longs); } #endif #endif /* * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious * initialization constants. */ void MD5Init (struct MD5Context *ctx) { ctx->buf[0] = 0x67452301; ctx->buf[1] = 0xefcdab89; ctx->buf[2] = 0x98badcfe; ctx->buf[3] = 0x10325476; ctx->bits[0] = 0; ctx->bits[1] = 0; } /* * Update context to reflect the concatenation of another buffer full * of bytes. */ void MD5Update (struct MD5Context *ctx, unsigned char const *buf, unsigned len) { uint32 t; /* Update bitcount */ t = ctx->bits[0]; if ((ctx->bits[0] = t + ((uint32) len << 3)) < t) ctx->bits[1]++; /* Carry from low to high */ ctx->bits[1] += len >> 29; t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */ /* Handle any leading odd-sized chunks */ if (t) { unsigned char *p = (unsigned char *) ctx->in + t; t = 64 - t; if (len < t) { memcpy (p, buf, len); return; } memcpy (p, buf, t); byteReverse (ctx->in, 16); MD5Transform (ctx->buf, (uint32 *) ctx->in); buf += t; len -= t; } /* Process data in 64-byte chunks */ while (len >= 64) { memcpy (ctx->in, buf, 64); byteReverse (ctx->in, 16); MD5Transform (ctx->buf, (uint32 *) ctx->in); buf += 64; len -= 64; } /* Handle any remaining bytes of data. */ memcpy (ctx->in, buf, len); } /* * Final wrapup - pad to 64-byte boundary with the bit pattern * 1 0* (64-bit count of bits processed, MSB-first) */ void MD5Final (unsigned char digest[16], struct MD5Context *ctx) { unsigned count; unsigned char *p; /* Compute number of bytes mod 64 */ count = (ctx->bits[0] >> 3) & 0x3F; /* Set the first char of padding to 0x80. This is safe since there is always at least one byte free */ p = ctx->in + count; *p++ = 0x80; /* Bytes of padding needed to make 64 bytes */ count = 64 - 1 - count; /* Pad out to 56 mod 64 */ if (count < 8) { /* Two lots of padding: Pad the first block to 64 bytes */ memset (p, 0, count); byteReverse (ctx->in, 16); MD5Transform (ctx->buf, (uint32 *) ctx->in); /* Now fill the next block with 56 bytes */ memset (ctx->in, 0, 56); } else { /* Pad block to 56 bytes */ memset (p, 0, count - 8); } byteReverse (ctx->in, 14); /* Append length in bits and transform */ memcpy(ctx->in + 14 * sizeof(uint32), ctx->bits, sizeof(ctx->bits)); MD5Transform (ctx->buf, (uint32 *) ctx->in); byteReverse ((unsigned char *) ctx->buf, 4); memcpy (digest, ctx->buf, 16); memset (ctx, 0, sizeof (*ctx)); /* In case it's sensitive */ } #ifndef ASM_MD5 /* The four core functions - F1 is optimized somewhat */ /* #define F1(x, y, z) (x & y | ~x & z) */ #define F1(x, y, z) (z ^ (x & (y ^ z))) #define F2(x, y, z) F1(z, x, y) #define F3(x, y, z) (x ^ y ^ z) #define F4(x, y, z) (y ^ (x | ~z)) /* This is the central step in the MD5 algorithm. */ #define MD5STEP(f, w, x, y, z, data, s) \ ( w += f(x, y, z) + data, w = w<>(32-s), w += x ) /* * The core of the MD5 algorithm, this alters an existing MD5 hash to * reflect the addition of 16 longwords of new data. MD5Update blocks * the data and converts bytes into longwords for this routine. */ void MD5Transform (uint32 buf[4], uint32 const in[16]) { register uint32 a, b, c, d; a = buf[0]; b = buf[1]; c = buf[2]; d = buf[3]; MD5STEP (F1, a, b, c, d, in[0] + 0xd76aa478, 7); MD5STEP (F1, d, a, b, c, in[1] + 0xe8c7b756, 12); MD5STEP (F1, c, d, a, b, in[2] + 0x242070db, 17); MD5STEP (F1, b, c, d, a, in[3] + 0xc1bdceee, 22); MD5STEP (F1, a, b, c, d, in[4] + 0xf57c0faf, 7); MD5STEP (F1, d, a, b, c, in[5] + 0x4787c62a, 12); MD5STEP (F1, c, d, a, b, in[6] + 0xa8304613, 17); MD5STEP (F1, b, c, d, a, in[7] + 0xfd469501, 22); MD5STEP (F1, a, b, c, d, in[8] + 0x698098d8, 7); MD5STEP (F1, d, a, b, c, in[9] + 0x8b44f7af, 12); MD5STEP (F1, c, d, a, b, in[10] + 0xffff5bb1, 17); MD5STEP (F1, b, c, d, a, in[11] + 0x895cd7be, 22); MD5STEP (F1, a, b, c, d, in[12] + 0x6b901122, 7); MD5STEP (F1, d, a, b, c, in[13] + 0xfd987193, 12); MD5STEP (F1, c, d, a, b, in[14] + 0xa679438e, 17); MD5STEP (F1, b, c, d, a, in[15] + 0x49b40821, 22); MD5STEP (F2, a, b, c, d, in[1] + 0xf61e2562, 5); MD5STEP (F2, d, a, b, c, in[6] + 0xc040b340, 9); MD5STEP (F2, c, d, a, b, in[11] + 0x265e5a51, 14); MD5STEP (F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); MD5STEP (F2, a, b, c, d, in[5] + 0xd62f105d, 5); MD5STEP (F2, d, a, b, c, in[10] + 0x02441453, 9); MD5STEP (F2, c, d, a, b, in[15] + 0xd8a1e681, 14); MD5STEP (F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); MD5STEP (F2, a, b, c, d, in[9] + 0x21e1cde6, 5); MD5STEP (F2, d, a, b, c, in[14] + 0xc33707d6, 9); MD5STEP (F2, c, d, a, b, in[3] + 0xf4d50d87, 14); MD5STEP (F2, b, c, d, a, in[8] + 0x455a14ed, 20); MD5STEP (F2, a, b, c, d, in[13] + 0xa9e3e905, 5); MD5STEP (F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); MD5STEP (F2, c, d, a, b, in[7] + 0x676f02d9, 14); MD5STEP (F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); MD5STEP (F3, a, b, c, d, in[5] + 0xfffa3942, 4); MD5STEP (F3, d, a, b, c, in[8] + 0x8771f681, 11); MD5STEP (F3, c, d, a, b, in[11] + 0x6d9d6122, 16); MD5STEP (F3, b, c, d, a, in[14] + 0xfde5380c, 23); MD5STEP (F3, a, b, c, d, in[1] + 0xa4beea44, 4); MD5STEP (F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); MD5STEP (F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); MD5STEP (F3, b, c, d, a, in[10] + 0xbebfbc70, 23); MD5STEP (F3, a, b, c, d, in[13] + 0x289b7ec6, 4); MD5STEP (F3, d, a, b, c, in[0] + 0xeaa127fa, 11); MD5STEP (F3, c, d, a, b, in[3] + 0xd4ef3085, 16); MD5STEP (F3, b, c, d, a, in[6] + 0x04881d05, 23); MD5STEP (F3, a, b, c, d, in[9] + 0xd9d4d039, 4); MD5STEP (F3, d, a, b, c, in[12] + 0xe6db99e5, 11); MD5STEP (F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); MD5STEP (F3, b, c, d, a, in[2] + 0xc4ac5665, 23); MD5STEP (F4, a, b, c, d, in[0] + 0xf4292244, 6); MD5STEP (F4, d, a, b, c, in[7] + 0x432aff97, 10); MD5STEP (F4, c, d, a, b, in[14] + 0xab9423a7, 15); MD5STEP (F4, b, c, d, a, in[5] + 0xfc93a039, 21); MD5STEP (F4, a, b, c, d, in[12] + 0x655b59c3, 6); MD5STEP (F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); MD5STEP (F4, c, d, a, b, in[10] + 0xffeff47d, 15); MD5STEP (F4, b, c, d, a, in[1] + 0x85845dd1, 21); MD5STEP (F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); MD5STEP (F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); MD5STEP (F4, c, d, a, b, in[6] + 0xa3014314, 15); MD5STEP (F4, b, c, d, a, in[13] + 0x4e0811a1, 21); MD5STEP (F4, a, b, c, d, in[4] + 0xf7537e82, 6); MD5STEP (F4, d, a, b, c, in[11] + 0xbd3af235, 10); MD5STEP (F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); MD5STEP (F4, b, c, d, a, in[9] + 0xeb86d391, 21); buf[0] += a; buf[1] += b; buf[2] += c; buf[3] += d; } #endif xl2tpd-1.3.12/md5.h000066400000000000000000000011541327764040100136560ustar00rootroot00000000000000#ifndef MD5_H #define MD5_H #ifdef __alpha typedef unsigned int uint32; #else #include typedef uint32_t uint32; #endif struct MD5Context { uint32 buf[4]; uint32 bits[2]; unsigned char in[64]; }; void MD5Init (struct MD5Context *context); void MD5Update (struct MD5Context *context, unsigned char const *buf, unsigned len); void MD5Final (unsigned char digest[16], struct MD5Context *context); void MD5Transform (uint32 buf[4], uint32 const in[16]); /* * This is needed to make RSAREF happy on some MS-DOS compilers. */ typedef struct MD5Context MD5_CTX; #endif /* !MD5_H */ xl2tpd-1.3.12/misc.c000066400000000000000000000164551327764040100141310ustar00rootroot00000000000000/* * Layer Two Tunnelling Protocol Daemon * Copyright (C) 1998 Adtran, Inc. * Copyright (C) 2002 Jeff McAdams * * Mark Spencer * * This software is distributed under the terms * of the GPL, which you should have received * along with this source. * * Miscellaneous but important functions * */ #include #include #include #include #include #include #include #include #include #include #if defined(SOLARIS) # include #endif #include #include "l2tp.h" /* prevent deadlock that occurs when a signal handler, which interrupted a * call to syslog(), attempts to call syslog(). */ static int syslog_nesting = 0; #define SYSLOG_CALL(code) do { \ if (++syslog_nesting < 2) { \ code; \ } \ --syslog_nesting; \ } while(0) void init_log() { static int logopen=0; if(!logopen) { SYSLOG_CALL( openlog (BINARY, LOG_PID, LOG_DAEMON) ); logopen=1; } } void l2tp_log (int level, const char *fmt, ...) { char buf[2048]; va_list args; va_start (args, fmt); vsnprintf (buf, sizeof (buf), fmt, args); va_end (args); if(gconfig.syslog) { init_log(); SYSLOG_CALL( syslog (level, "%s", buf) ); } else { fprintf(stderr, "xl2tpd[%d]: %s", getpid(), buf); } } void set_error (struct call *c, int error, const char *fmt, ...) { va_list args; va_start (args, fmt); c->error = error; c->result = RESULT_ERROR; c->needclose = -1; vsnprintf (c->errormsg, sizeof (c->errormsg), fmt, args); if (c->errormsg[strlen (c->errormsg) - 1] == '\n') c->errormsg[strlen (c->errormsg) - 1] = 0; va_end (args); } struct buffer *new_buf (int size) { struct buffer *b = NULL; if (!size || size < 0) return NULL; b = malloc (sizeof (struct buffer)); if (!b) return NULL; b->rstart = malloc (size); if (!b->rstart) { free (b); return NULL; } b->start = b->rstart; b->rend = b->rstart + size - 1; b->len = size; b->maxlen = size; return b; } inline void recycle_buf (struct buffer *b) { b->start = b->rstart; b->len = b->maxlen; } #define bufferDumpWIDTH 16 void bufferDump (unsigned char *buf, int buflen) { int i = 0, j = 0; /* we need TWO characters to DISPLAY ONE byte */ char line[2 * bufferDumpWIDTH + 1], *c; for (i = 0; i < buflen / bufferDumpWIDTH; i++) { c = line; for (j = 0; j < bufferDumpWIDTH; j++) { sprintf (c, "%02x", (buf[i * bufferDumpWIDTH + j]) & 0xff); c++; c++; /* again two characters to display ONE byte */ } *c = '\0'; l2tp_log (LOG_WARNING, "%s: buflen=%d, buffer[%d]: *%s*\n", __FUNCTION__, buflen, i, line); } c = line; for (j = 0; j < buflen % bufferDumpWIDTH; j++) { sprintf (c, "%02x", buf[(buflen / bufferDumpWIDTH) * bufferDumpWIDTH + j] & 0xff); c++; c++; } if (c != line) { *c = '\0'; l2tp_log (LOG_WARNING, "%s: buffer[%d]: *%s*\n", __FUNCTION__, i, line); } } void do_packet_dump (struct buffer *buf) { int x; unsigned char *c = buf->start; printf ("packet dump: \nHEX: { "); for (x = 0; x < buf->len; x++) { printf ("%.2X ", *c); c++; }; printf ("}\nASCII: { "); c = buf->start; for (x = 0; x < buf->len; x++) { if (*c > 31 && *c < 127) { putchar (*c); } else { putchar (' '); } c++; } printf ("}\n"); } void swaps (void *buf_v, int len) { #ifdef __alpha /* Reverse byte order alpha is little endian so lest save a step. to make things work out easier */ int x; unsigned char t1; unsigned char *tmp = (_u16 *) buf_v; for (x = 0; x < len; x += 2) { t1 = tmp[x]; tmp[x] = tmp[x + 1]; tmp[x + 1] = t1; } #else /* Reverse byte order (if proper to do so) to make things work out easier */ int x; struct hw { _u16 s; } __attribute__ ((packed)) *p = (struct hw *) buf_v; for (x = 0; x < len / 2; x++, p++) p->s = ntohs(p->s); #endif } inline void toss (struct buffer *buf) { /* * Toss a frame and free up the buffer that contained it */ free (buf->rstart); free (buf); } inline void safe_copy (char *a, char *b, int size) { /* Copies B into A (assuming A holds MAXSTRLEN bytes) safely */ strncpy (a, b, MIN (size, MAXSTRLEN - 1)); a[MIN (size, MAXSTRLEN - 1)] = '\000'; } struct ppp_opts *add_opt (struct ppp_opts *option, char *fmt, ...) { va_list args; struct ppp_opts *new, *last; new = malloc (sizeof (struct ppp_opts)); if (!new) { l2tp_log (LOG_WARNING, "%s : Unable to allocate ppp option memory. Expect a crash\n", __FUNCTION__); return option; } new->next = NULL; va_start (args, fmt); vsnprintf (new->option, sizeof (new->option), fmt, args); va_end (args); if (option) { last = option; while (last->next) last = last->next; last->next = new; return option; } else return new; } void opt_destroy (struct ppp_opts *option) { struct ppp_opts *tmp; while (option) { tmp = option->next; free (option); option = tmp; }; } int get_egd_entropy(char *buf, int count) { return -1; } int get_sys_entropy(unsigned char *buf, int count) { /* * This way of filling buf with rand() generated data is really * fairly inefficient from a function call point of view...rand() * returns four bytes of data (on most systems, sizeof(int)) * and we end up only using 1 byte of it (sizeof(char))...ah * well...it was a *whole* lot easier to code this way...suggestions * for improvements are, of course, welcome */ int counter; for (counter = 0; counter < count; counter++) { buf[counter] = (char)rand(); } #ifdef DEBUG_ENTROPY bufferDump (buf, count); #endif return count; } int get_dev_entropy(unsigned char *buf, int count) { int devrandom; ssize_t entropy_amount; devrandom = open ("/dev/urandom", O_RDONLY | O_NONBLOCK); if (devrandom == -1) { #ifdef DEBUG_ENTROPY l2tp_log(LOG_WARNING, "%s: couldn't open /dev/urandom," "falling back to rand()\n", __FUNCTION__); #endif return get_sys_entropy(buf, count); } entropy_amount = read(devrandom, buf, count); close(devrandom); return entropy_amount; } int get_entropy (unsigned char *buf, int count) { if (rand_source == RAND_SYS) { return get_sys_entropy(buf, count); } else if (rand_source == RAND_DEV) { return get_dev_entropy(buf, count); } else if (rand_source == RAND_EGD) { l2tp_log(LOG_WARNING, "%s: EGD Randomness source not yet implemented\n", __FUNCTION__); return -1; } else { l2tp_log(LOG_WARNING, "%s: Invalid Randomness source specified (%d)\n", __FUNCTION__, rand_source); return -1; } } xl2tpd-1.3.12/misc.h000066400000000000000000000034331327764040100141260ustar00rootroot00000000000000/* * Layer Two Tunnelling Protocol Daemon * Copyright (C) 1998 Adtran, Inc. * Copyright (C) 2002 Jeff McAdams * * Mark Spencer * * This software is distributed under the terms * of the GPL, which you should have received * along with this source. * * Misc stuff... */ #ifndef _MISC_H #define _MISC_H #include struct tunnel; struct buffer { int type; void *rstart; void *rend; void *start; int len; int maxlen; #if 0 unsigned int addr; int port; #else struct sockaddr_in peer; #endif struct tunnel *tunnel; /* Who owns this packet, if it's a control */ int retries; /* Again, if a control packet, how many retries? */ }; struct ppp_opts { char option[MAXSTRLEN]; struct ppp_opts *next; }; #define IPADDY(a) inet_ntoa(*((struct in_addr *)&(a))) #define DEBUG c ? c->debug || t->debug : t->debug #ifdef USE_SWAPS_INSTEAD #define SWAPS(a) ((((a) & 0xFF) << 8 ) | (((a) >> 8) & 0xFF)) #ifdef htons #undef htons #endif #ifdef ntohs #undef htons #endif #define htons(a) SWAPS(a) #define ntohs(a) SWAPS(a) #endif #define halt() printf("Halted.\n") ; for(;;) extern char hostname[]; extern void l2tp_log (int level, const char *fmt, ...); extern struct buffer *new_buf (int); extern void udppush_handler (int); extern int addfcs (struct buffer *buf); extern void swaps (void *, int); extern void do_packet_dump (struct buffer *); extern void status (const char *fmt, ...); extern void status_handler (int signal); extern int getPtyMaster(char *, int); extern void do_control (void); extern void recycle_buf (struct buffer *); extern void safe_copy (char *, char *, int); extern void opt_destroy (struct ppp_opts *); extern struct ppp_opts *add_opt (struct ppp_opts *, char *, ...); extern void process_signal (void); #endif xl2tpd-1.3.12/network.c000066400000000000000000000561351327764040100146660ustar00rootroot00000000000000/* * Layer Two Tunnelling Protocol Daemon * Copyright (C) 1998 Adtran, Inc. * Copyright (C) 2002 Jeff McAdams * * Mark Spencer * * This software is distributed under the terms * of the GPL, which you should have received * along with this source. * * Network routines for UDP handling */ #include #include #include #include #include #include #include #include #include #include #include #include #ifndef LINUX # include #endif #include "l2tp.h" #include "ipsecmast.h" #include "misc.h" /* for IPADDY macro */ char hostname[256]; struct sockaddr_in server, from; /* Server and transmitter structs */ int server_socket; /* Server socket */ #ifdef USE_KERNEL int kernel_support; /* Kernel Support there or not? */ #endif int init_network (void) { long arg; unsigned int length = sizeof (server); gethostname (hostname, sizeof (hostname)); server.sin_family = AF_INET; server.sin_addr.s_addr = gconfig.listenaddr; server.sin_port = htons (gconfig.port); int flags; if ((server_socket = socket (PF_INET, SOCK_DGRAM, 0)) < 0) { l2tp_log (LOG_CRIT, "%s: Unable to allocate socket. Terminating.\n", __FUNCTION__); return -EINVAL; }; flags = 1; setsockopt(server_socket, SOL_SOCKET, SO_REUSEADDR, &flags, sizeof(flags)); #ifdef SO_NO_CHECK setsockopt(server_socket, SOL_SOCKET, SO_NO_CHECK, &flags, sizeof(flags)); #endif if (bind (server_socket, (struct sockaddr *) &server, sizeof (server))) { close (server_socket); l2tp_log (LOG_CRIT, "%s: Unable to bind socket: %s. Terminating.\n", __FUNCTION__, strerror(errno), errno); return -EINVAL; }; if (getsockname (server_socket, (struct sockaddr *) &server, &length)) { l2tp_log (LOG_CRIT, "%s: Unable to read socket name.Terminating.\n", __FUNCTION__); return -EINVAL; } #ifdef LINUX /* * For L2TP/IPsec with KLIPSng, set the socket to receive IPsec REFINFO * values. */ if (!gconfig.ipsecsaref) { l2tp_log (LOG_INFO, "Not looking for kernel SAref support.\n"); } else { arg=1; if(setsockopt(server_socket, IPPROTO_IP, gconfig.sarefnum, &arg, sizeof(arg)) != 0) { l2tp_log(LOG_CRIT, "setsockopt recvref[%d]: %s\n", gconfig.sarefnum, strerror(errno)); gconfig.ipsecsaref=0; } else { arg=1; if(setsockopt(server_socket, IPPROTO_IP, IP_PKTINFO, (char*)&arg, sizeof(arg)) != 0) { l2tp_log(LOG_CRIT, "setsockopt IP_PKTINFO: %s\n", strerror(errno)); } } } #else l2tp_log(LOG_INFO, "No attempt being made to use IPsec SAref's since we're not on a Linux machine.\n"); #endif #ifdef USE_KERNEL if (gconfig.forceuserspace) { l2tp_log (LOG_INFO, "Not looking for kernel support.\n"); kernel_support = 0; } else { int kernel_fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP); if (kernel_fd < 0) { l2tp_log (LOG_INFO, "L2TP kernel support not detected (try modprobing l2tp_ppp and pppol2tp)\n"); kernel_support = 0; } else { close(kernel_fd); l2tp_log (LOG_INFO, "Using l2tp kernel support.\n"); kernel_support = -1; } } #else l2tp_log (LOG_INFO, "This binary does not support kernel L2TP.\n"); #endif arg = fcntl (server_socket, F_GETFL); arg |= O_NONBLOCK; fcntl (server_socket, F_SETFL, arg); gconfig.port = ntohs (server.sin_port); return 0; } static inline void extract (void *buf, int *tunnel, int *call) { /* * Extract the tunnel and call #'s, and fix the order of the * version */ struct payload_hdr *p = (struct payload_hdr *) buf; if (PLBIT (p->ver)) { *tunnel = p->tid; *call = p->cid; } else { *tunnel = p->length; *call = p->tid; } } static inline void fix_hdr (void *buf) { /* * Fix the byte order of the header */ struct payload_hdr *p = (struct payload_hdr *) buf; _u16 ver = ntohs (p->ver); if (CTBIT (p->ver)) { /* * Control headers are always * exactly 12 bytes big. */ swaps (buf, 12); } else { int len = 6; if (PSBIT (ver)) len += 2; if (PLBIT (ver)) len += 2; if (PFBIT (ver)) len += 4; swaps (buf, len); } } void dethrottle (void *call) { /* struct call *c = (struct call *)call; */ /* if (c->throttle) { #ifdef DEBUG_FLOW log(LOG_DEBUG, "%s: dethrottling call %d, and setting R-bit\n",__FUNCTION__,c->ourcid); #endif c->rbit = RBIT; c->throttle = 0; } else { log(LOG_DEBUG, "%s: call %d already dethrottled?\n",__FUNCTION__,c->ourcid); } */ } void control_xmit (void *b) { struct buffer *buf = (struct buffer *) b; struct tunnel *t; struct timeval tv; int ns; if (!buf) { l2tp_log (LOG_WARNING, "%s: called on NULL buffer!\n", __FUNCTION__); return; } t = buf->tunnel; #ifdef DEBUG_CONTROL_XMIT if(t) { l2tp_log (LOG_DEBUG, "trying to send control packet to %d\n", t->ourtid); } #endif buf->retries++; ns = ntohs (((struct control_hdr *) (buf->start))->Ns); if (t) { if (ns < t->cLr) { #ifdef DEBUG_CONTROL_XMIT l2tp_log (LOG_DEBUG, "%s: Tossing packet %d\n", __FUNCTION__, ns); #endif /* Okay, it's been received. Let's toss it now */ toss (buf); return; } } if (buf->retries > gconfig.max_retries) { /* * Too many retries. Either kill the tunnel, or * if there is no tunnel, just stop retransmitting. */ if (t) { if (t->self->needclose) { l2tp_log (LOG_DEBUG, "Unable to deliver closing message for tunnel %d. Destroying anyway.\n", t->ourtid); t->self->needclose = 0; t->self->closing = -1; } else { l2tp_log (LOG_NOTICE, "Maximum retries exceeded for tunnel %d. Closing.\n", t->ourtid); strcpy (t->self->errormsg, "Timeout"); t->self->needclose = -1; } call_close(t->self); } toss (buf); } else { /* * Adaptive timeout with exponential backoff */ tv.tv_sec = 1LL << (buf->retries-1); tv.tv_usec = 0; schedule (tv, control_xmit, buf); #ifdef DEBUG_CONTROL_XMIT l2tp_log (LOG_DEBUG, "%s: Scheduling and transmitting packet %d\n", __FUNCTION__, ns); #endif udp_xmit (buf, t); } } unsigned char* get_inner_tos_byte (struct buffer *buf) { int tos_offset = 10; unsigned char *tos_byte = buf->start+tos_offset; return tos_byte; } unsigned char* get_inner_ppp_type (struct buffer *buf) { int ppp_type_offset = 8; unsigned char *ppp_type_byte = buf->start+ppp_type_offset; return ppp_type_byte; } void udp_xmit (struct buffer *buf, struct tunnel *t) { struct cmsghdr *cmsg = NULL; char cbuf[CMSG_SPACE(sizeof (unsigned int) + sizeof (struct in_pktinfo))]; unsigned int *refp; struct msghdr msgh; int err; struct iovec iov; int finallen = 0; /* * OKAY, now send a packet with the right SAref values. */ memset(&msgh, 0, sizeof(struct msghdr)); msgh.msg_control = cbuf; msgh.msg_controllen = sizeof(cbuf); if (gconfig.ipsecsaref && t->refhim != IPSEC_SAREF_NULL) { cmsg = CMSG_FIRSTHDR(&msgh); cmsg->cmsg_level = IPPROTO_IP; cmsg->cmsg_type = gconfig.sarefnum; cmsg->cmsg_len = CMSG_LEN(sizeof(unsigned int)); if(gconfig.debug_network) { l2tp_log(LOG_DEBUG,"sending with saref=%d using sarefnum=%d\n", t->refhim, gconfig.sarefnum); } refp = (unsigned int *)CMSG_DATA(cmsg); *refp = t->refhim; finallen = cmsg->cmsg_len; } #ifdef LINUX if (t->my_addr.ipi_addr.s_addr){ struct in_pktinfo *pktinfo; if ( ! cmsg) { cmsg = CMSG_FIRSTHDR(&msgh); } else { cmsg = CMSG_NXTHDR(&msgh, cmsg); } cmsg->cmsg_level = IPPROTO_IP; cmsg->cmsg_type = IP_PKTINFO; cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo)); pktinfo = (struct in_pktinfo*) CMSG_DATA(cmsg); *pktinfo = t->my_addr; finallen += cmsg->cmsg_len; } #endif /* * Some OS don't like assigned buffer with zero length (e.g. OpenBSD), * some OS don't like empty buffer with non-zero length (e.g. Linux). * So make them all happy by assigning control buffer only if we really * have something there and zero both fields otherwise. */ msgh.msg_controllen = finallen; if (!finallen) msgh.msg_control = NULL; iov.iov_base = buf->start; iov.iov_len = buf->len; /* return packet from whence it came */ msgh.msg_name = &buf->peer; msgh.msg_namelen = sizeof(buf->peer); msgh.msg_iov = &iov; msgh.msg_iovlen = 1; msgh.msg_flags = 0; /* Receive one packet. */ if ((err = sendmsg(server_socket, &msgh, 0)) < 0) { l2tp_log(LOG_ERR, "udp_xmit failed to %s:%d with err=%d:%s\n", IPADDY(t->peer.sin_addr), ntohs(t->peer.sin_port), err,strerror(errno)); } } int build_fdset (fd_set *readfds) { struct tunnel *tun; struct call *call; int max = 0; tun = tunnels.head; FD_ZERO (readfds); while (tun) { if (tun->udp_fd > -1) { if (tun->udp_fd > max) max = tun->udp_fd; FD_SET (tun->udp_fd, readfds); } call = tun->call_head; while (call) { if (call->needclose ^ call->closing) { call_close (call); call = tun->call_head; if (!call) break; continue; } if (call->fd > -1) { if (!call->needclose && !call->closing) { if (call->fd > max) max = call->fd; FD_SET (call->fd, readfds); } } call = call->next; } /* Now that call fds have been collected, and checked for * closing, check if the tunnel needs to be closed too */ if (tun->self->needclose ^ tun->self->closing) { if (gconfig.debug_tunnel) l2tp_log (LOG_DEBUG, "%s: closing down tunnel %d\n", __FUNCTION__, tun->ourtid); call_close (tun->self); /* Reset the while loop * and check for NULL */ tun = tunnels.head; if (!tun) break; continue; } tun = tun->next; } FD_SET (server_socket, readfds); if (server_socket > max) max = server_socket; FD_SET (control_fd, readfds); if (control_fd > max) max = control_fd; return max; } void network_thread () { /* * We loop forever waiting on either data from the ppp drivers or from * our network socket. Control handling is no longer done here. */ struct sockaddr_in from; struct in_pktinfo to; unsigned int fromlen; int tunnel, call; /* Tunnel and call */ int recvsize; /* Length of data received */ struct buffer *buf; /* Payload buffer */ struct call *c, *sc; /* Call to send this off to */ struct tunnel *st; /* Tunnel */ fd_set readfds; /* Descriptors to watch for reading */ int max; /* Highest fd */ struct timeval tv, *ptv; /* Timeout for select */ struct msghdr msgh; struct iovec iov; char cbuf[256]; unsigned int refme, refhim; int * currentfd; int server_socket_processed; /* This one buffer can be recycled for everything except control packets */ buf = new_buf (MAX_RECV_SIZE); tunnel = 0; call = 0; for (;;) { int ret; process_signal(); max = build_fdset (&readfds); ptv = process_schedule(&tv); ret = select (max + 1, &readfds, NULL, NULL, ptv); if (ret <= 0) { if (ret == 0) { if (gconfig.debug_network) { l2tp_log (LOG_DEBUG, "%s: select timeout with max retries: %d for tunnel: %d\n", __FUNCTION__, gconfig.max_retries, tunnels.head->ourtid); } } else { if (gconfig.debug_network) { l2tp_log (LOG_DEBUG, "%s: select returned error %d (%s)\n", __FUNCTION__, errno, strerror (errno)); } } continue; } if (FD_ISSET (control_fd, &readfds)) { do_control (); } server_socket_processed = 0; currentfd = NULL; st = tunnels.head; while (st || !server_socket_processed) { if (st && (st->udp_fd == -1)) { st=st->next; continue; } if (st) { currentfd = &st->udp_fd; } else { currentfd = &server_socket; server_socket_processed = 1; } if (FD_ISSET (*currentfd, &readfds)) { /* * Okay, now we're ready for reading and processing new data. */ recycle_buf (buf); /* Reserve space for expanding payload packet headers */ buf->start += PAYLOAD_BUF; buf->len -= PAYLOAD_BUF; memset(&from, 0, sizeof(from)); memset(&to, 0, sizeof(to)); fromlen = sizeof(from); memset(&msgh, 0, sizeof(struct msghdr)); iov.iov_base = buf->start; iov.iov_len = buf->len; msgh.msg_control = cbuf; msgh.msg_controllen = sizeof(cbuf); msgh.msg_name = &from; msgh.msg_namelen = fromlen; msgh.msg_iov = &iov; msgh.msg_iovlen = 1; msgh.msg_flags = 0; /* Receive one packet. */ recvsize = recvmsg(*currentfd, &msgh, 0); if (recvsize < MIN_PAYLOAD_HDR_LEN) { if (recvsize < 0) { if (errno == ECONNREFUSED) { close(*currentfd); } if ((errno == ECONNREFUSED) || (errno == EBADF)) { *currentfd = -1; } if (errno != EAGAIN) l2tp_log (LOG_WARNING, "%s: recvfrom returned error %d (%s)\n", __FUNCTION__, errno, strerror (errno)); } else { l2tp_log (LOG_WARNING, "%s: received too small a packet\n", __FUNCTION__); } if (st) st=st->next; continue; } refme=refhim=0; struct cmsghdr *cmsg; /* Process auxiliary received data in msgh */ for (cmsg = CMSG_FIRSTHDR(&msgh); cmsg != NULL; cmsg = CMSG_NXTHDR(&msgh,cmsg)) { #ifdef LINUX /* extract destination(our) addr */ if (cmsg->cmsg_level == IPPROTO_IP && cmsg->cmsg_type == IP_PKTINFO) { struct in_pktinfo* pktInfo = ((struct in_pktinfo*)CMSG_DATA(cmsg)); to = *pktInfo; } else #endif /* extract IPsec info out */ if (gconfig.ipsecsaref && cmsg->cmsg_level == IPPROTO_IP && cmsg->cmsg_type == gconfig.sarefnum) { unsigned int *refp; refp = (unsigned int *)CMSG_DATA(cmsg); refme =refp[0]; refhim=refp[1]; } } /* * some logic could be added here to verify that we only * get L2TP packets inside of IPsec, or to provide different * classes of service to packets not inside of IPsec. */ buf->len = recvsize; fix_hdr (buf->start); extract (buf->start, &tunnel, &call); if (gconfig.debug_network) { l2tp_log(LOG_DEBUG, "%s: recv packet from %s, size = %d, " "tunnel = %d, call = %d ref=%u refhim=%u\n", __FUNCTION__, inet_ntoa (from.sin_addr), recvsize, tunnel, call, refme, refhim); } if (gconfig.packet_dump) { do_packet_dump (buf); } if (!(c = get_call (tunnel, call, from.sin_addr, from.sin_port, refme, refhim))) { if ((c = get_tunnel (tunnel, from.sin_addr.s_addr, from.sin_port))) { /* * It is theoretically possible that we could be sent * a control message (say a StopCCN) on a call that we * have already closed or some such nonsense. To * prevent this from closing the tunnel, if we get a * call on a valid tunnel, but not with a valid CID, * we'll just send a ZLB to ACK receiving the packet. */ if (gconfig.debug_tunnel) l2tp_log (LOG_DEBUG, "%s: no such call %d on tunnel %d. Sending special ZLB\n", __FUNCTION__); if(1==handle_special (buf, c, call)) { buf = new_buf (MAX_RECV_SIZE); } } else l2tp_log (LOG_DEBUG, "%s: unable to find call or tunnel to handle packet. call = %d, tunnel = %d Dumping.\n", __FUNCTION__, call, tunnel); } else { if (c->container) { c->container->my_addr = to; } buf->peer = from; /* Handle the packet */ c->container->chal_us.vector = NULL; if (handle_packet (buf, c->container, c)) { if (gconfig.debug_tunnel) l2tp_log (LOG_DEBUG, "%s: bad packet\n", __FUNCTION__); } if (c->cnu) { /* Send Zero Byte Packet */ control_zlb (buf, c->container, c); c->cnu = 0; } } } if (st) st=st->next; } /* * finished obvious sources, look for data from PPP connections. */ st = tunnels.head; while (st) { sc = st->call_head; while (sc) { if ((sc->fd >= 0) && FD_ISSET (sc->fd, &readfds)) { /* Got some payload to send */ int result; while ((result = read_packet (sc)) > 0) { add_payload_hdr (sc->container, sc, sc->ppp_buf); if (gconfig.packet_dump) { do_packet_dump (sc->ppp_buf); } sc->prx = sc->data_rec_seq_num; if (sc->zlb_xmit) { deschedule (sc->zlb_xmit); sc->zlb_xmit = NULL; } sc->tx_bytes += sc->ppp_buf->len; sc->tx_pkts++; unsigned char* tosval,typeval; tosval = *get_inner_tos_byte(sc->ppp_buf); typeval = *get_inner_ppp_type(sc->ppp_buf); int tosval_dec = (int)tosval; int typeval_dec = (int)typeval; if (typeval_dec != 33 ) tosval_dec=atoi(gconfig.controltos); setsockopt(server_socket, IPPROTO_IP, IP_TOS, &tosval_dec, sizeof(tosval_dec)); udp_xmit (sc->ppp_buf, st); recycle_payload (sc->ppp_buf, sc->container->peer); } if (result != 0) { l2tp_log (LOG_WARNING, "%s: tossing read packet, error = %s (%d). Closing call.\n", __FUNCTION__, strerror (-result), -result); strcpy (sc->errormsg, strerror (-result)); sc->needclose = -1; } } sc = sc->next; } st = st->next; } } } #ifdef USE_KERNEL int connect_pppol2tp(struct tunnel *t) { if (kernel_support) { int ufd = -1, fd2 = -1; int flags; struct sockaddr_pppol2tp sax; struct sockaddr_in server; memset(&server, 0, sizeof(struct sockaddr_in)); server.sin_family = AF_INET; server.sin_addr.s_addr = gconfig.listenaddr; server.sin_port = htons (gconfig.port); if ((ufd = socket (PF_INET, SOCK_DGRAM, 0)) < 0) { l2tp_log (LOG_CRIT, "%s: Unable to allocate UDP socket. Terminating.\n", __FUNCTION__); return -EINVAL; }; flags=1; setsockopt(ufd, SOL_SOCKET, SO_REUSEADDR, &flags, sizeof(flags)); #ifdef SO_NO_CHECK setsockopt(ufd, SOL_SOCKET, SO_NO_CHECK, &flags, sizeof(flags)); #endif if (bind (ufd, (struct sockaddr *) &server, sizeof (server))) { close (ufd); l2tp_log (LOG_CRIT, "%s: Unable to bind UDP socket: %s. Terminating.\n", __FUNCTION__, strerror(errno), errno); return -EINVAL; }; server = t->peer; flags = fcntl(ufd, F_GETFL); if (flags == -1 || fcntl(ufd, F_SETFL, flags | O_NONBLOCK) == -1) { l2tp_log (LOG_WARNING, "%s: Unable to set UDP socket nonblock.\n", __FUNCTION__); return -EINVAL; } if (connect (ufd, (struct sockaddr *) &server, sizeof(server)) < 0) { l2tp_log (LOG_CRIT, "%s: Unable to connect UDP peer. Terminating.\n", __FUNCTION__); close(ufd); return -EINVAL; } t->udp_fd=ufd; fd2 = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP); if (fd2 < 0) { l2tp_log (LOG_WARNING, "%s: Unable to allocate PPPoL2TP socket.\n", __FUNCTION__); return -EINVAL; } flags = fcntl(fd2, F_GETFL); if (flags == -1 || fcntl(fd2, F_SETFL, flags | O_NONBLOCK) == -1) { l2tp_log (LOG_WARNING, "%s: Unable to set PPPoL2TP socket nonblock.\n", __FUNCTION__); close(fd2); return -EINVAL; } memset(&sax, 0, sizeof(sax)); sax.sa_family = AF_PPPOX; sax.sa_protocol = PX_PROTO_OL2TP; sax.pppol2tp.fd = t->udp_fd; sax.pppol2tp.addr.sin_addr.s_addr = t->peer.sin_addr.s_addr; sax.pppol2tp.addr.sin_port = t->peer.sin_port; sax.pppol2tp.addr.sin_family = AF_INET; sax.pppol2tp.s_tunnel = t->ourtid; sax.pppol2tp.d_tunnel = t->tid; if ((connect(fd2, (struct sockaddr *)&sax, sizeof(sax))) < 0) { l2tp_log (LOG_WARNING, "%s: Unable to connect PPPoL2TP socket. %d %s\n", __FUNCTION__, errno, strerror(errno)); close(fd2); return -EINVAL; } t->pppox_fd = fd2; } return 0; } #endif xl2tpd-1.3.12/osport.h000066400000000000000000000020601327764040100145140ustar00rootroot00000000000000/* * Layer Two Tunnelling Protocol Daemon * Copyright (C) 1998 Adtran, Inc. * Copyright (C) 2002 Jeff McAdams * * Mark Spencer * * This software is distributed under the terms * of the GPL, which you should have received * along with this source. * * OS Portability header file. try to map some * "standard" routines into OS-specific routines. * */ #ifndef _OSPORT_H_ #define _OSPORT_H_ #if defined(SOLARIS) # define index(x, y) strchr(x, y) # define bcopy(S1, S2, LEN) ((void)memmove(S2, S1, LEN)) # define bzero(S1, LEN) ((void)memset(S1, 0, LEN)) # define bcmp(S1,S2,LEN) ((memcmp(S2, S1, LEN)==0)?0:1) /* pre 2.6 solaris didn't include random(), etc prototypes * (as of 2.6) has the correct prototypes. */ # if SOLARIS < 260 # define random(X) ((int)rand(X)) # define srandom(X) ((void)srand(X)) # endif /* SOLARIS < 260 */ #endif /* defined(SOLARIS) */ #if !defined(LINUX) /* Declare empty structure to make code portable and keep simple */ struct in_pktinfo { }; #endif #endif /* _OSPORT_H_ */ xl2tpd-1.3.12/packaging/000077500000000000000000000000001327764040100147435ustar00rootroot00000000000000xl2tpd-1.3.12/packaging/fedora/000077500000000000000000000000001327764040100162035ustar00rootroot00000000000000xl2tpd-1.3.12/packaging/fedora/xl2tpd.init000066400000000000000000000035341327764040100203120ustar00rootroot00000000000000#!/bin/sh # # xl2tpd This shell script takes care of starting and stopping l2tpd. # # chkconfig: - 80 30 # description: Layer 2 Tunnelling Protocol Daemon (RFC 2661) # # processname: /usr/sbin/xl2tpd # config: /etc/xl2tpd/xl2tpd.conf # pidfile: /var/run/xl2tpd.pid ### BEGIN INIT INFO # Provides: xl2tpd # Required-Start: $local_fs $network $syslog # Required-Stop: $local_fs $network $syslog # Default-Start: # Default-Stop: 0 1 2 3 4 5 6 # Short-Description: start|stop|status|restart|try-restart|reload|force-reload xl2tpd server # Description: control xl2tpd server ### END INIT INFO #Servicename SERVICE=xl2tpd PATHTOSERV=/usr/sbin/ # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network if [ "${NETWORKING}" = "no" ] then echo -n "No Networking" exit 0 fi if [ ! -x $PATHTOSERV$SERVICE ] then echo -n "No bin $SERVICE found, try to find auto" SERVICE=$(find / -name $SERVICE | grep bin) if [ ! -x $SERVICE ] then echo -n "No bin $SERVICE auto found, please check this" exit 0 fi else SERVICE=$PATHTOSERV$SERVICE fi RETVAL=0 start() { echo -n "Starting $SERVICE: " if [ ! -d /var/run/xl2tpd ] then mkdir /var/run/xl2tpd fi daemon $SERVICE RETVAL=$? echo if [ $RETVAL -eq 0 ];then touch /var/lock/subsys/$SERVICE else exit 7; fi return 0; } stop() { echo -n "Stopping $SERVICE: " killproc $SERVICE RETVAL=$? if [ $RETVAL -eq 0 ]; then rm -f /var/run/xl2tpd/$SERVICE rm -f /var/lock/subsys/$SERVICE fi echo return $RETVAL } restart() { stop start } # See how we were called. case "$1" in start) start ;; stop) stop ;; status) status $SERVICE RETVAL=$? ;; restart|reload) restart ;; condrestart) [ -f /var/lock/subsys/$SERVICE ] && restart || : ;; *) echo "Usage: $SERVICE {start|stop|status|restart|reload|condrestart}" exit 1 esac xl2tpd-1.3.12/packaging/fedora/xl2tpd.spec000066400000000000000000000311161327764040100202760ustar00rootroot00000000000000Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.12 Release: 1%{?dist} License: GPLv2 Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons Source0: https://github.com/xelerance/xl2tpd/archive/v%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: ppp BuildRequires: kernel-headers => 2.6.23 %if 0%{?el3}%{?el4} BuildRequires: libpcap %else BuildRequires: libpcap-devel %endif Obsoletes: l2tpd <= 0.69-0.6.20051030.fc6 Provides: l2tpd = 0.69-0.6.20051030.fc7 Requires(post): /sbin/chkconfig Requires(preun): /sbin/chkconfig Requires(preun): /sbin/service %description xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661). L2TP allows you to tunnel PPP over UDP. Some ISPs use L2TP to tunnel user sessions from dial-in servers (modem banks, ADSL DSLAMs) to back-end PPP servers. Another important application is Virtual Private Networks where the IPsec protocol is used to secure the L2TP connection (L2TP/IPsec, RFC 3193). The L2TP/IPsec protocol is mainly used by Windows and Mac OS X clients. On Linux, xl2tpd can be used in combination with IPsec implementations such as Openswan. Example configuration files for such a setup are included in this RPM. xl2tpd works by opening a pseudo-tty for communicating with pppd. It runs completely in userspace but supports kernel mode L2TP. xl2tpd supports IPsec SA Reference tracking to enable overlapping internak NAT'ed IP's by different clients (eg all clients connecting from their linksys internal IP 192.168.1.101) as well as multiple clients behind the same NAT router. xl2tpd supports the pppol2tp kernel mode operations on 2.6.23 or higher, or via a patch in contrib for 2.4.x kernels. Xl2tpd is based on the 0.69 L2TP by Jeff McAdams It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %prep %setup -q %build # Customer test case proved the first make line failed, the second one worked # the failing one had incoming l2tp packets, but never got a tunnel up. #make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_PPPD -DDEBUG_CONTROL -DDEBUG_ENTROPY" make DFLAGS="-g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH" %install rm -rf %{buildroot} make DESTDIR=%{buildroot} PREFIX=%{_prefix} install install -p -D -m644 examples/xl2tpd.conf %{buildroot}%{_sysconfdir}/xl2tpd/xl2tpd.conf install -p -D -m644 examples/ppp-options.xl2tpd %{buildroot}%{_sysconfdir}/ppp/options.xl2tpd install -p -D -m600 doc/l2tp-secrets.sample %{buildroot}%{_sysconfdir}/xl2tpd/l2tp-secrets install -p -D -m600 examples/chapsecrets.sample %{buildroot}%{_sysconfdir}/ppp/chap-secrets.sample install -p -D -m755 packaging/fedora/xl2tpd.init %{buildroot}%{_initrddir}/xl2tpd install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %clean rm -rf %{buildroot} %post /sbin/chkconfig --add xl2tpd # if we migrate from l2tpd to xl2tpd, copy the configs if [ -f /etc/l2tpd/l2tpd.conf ] then echo "Old /etc/l2tpd configuration found, migrating to /etc/xl2tpd" mv /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/xl2tpd.conf.rpmsave cat /etc/l2tpd/l2tpd.conf | sed "s/options.l2tpd/options.xl2tpd/" > /etc/xl2tpd/xl2tpd.conf mv /etc/ppp/options.xl2tpd /etc/ppp/options.xl2tpd.rpmsave mv /etc/ppp/options.l2tpd /etc/ppp/options.xl2tpd mv /etc/xl2tpd/l2tp-secrets /etc/xl2tpd/l2tpd-secrets.rpmsave cp -pa /etc/l2tpd/l2tp-secrets /etc/xl2tpd/l2tp-secrets fi %preun if [ $1 -eq 0 ]; then /sbin/service xl2tpd stop > /dev/null 2>&1 /sbin/chkconfig --del xl2tpd fi %postun if [ $1 -ge 1 ]; then /sbin/service xl2tpd condrestart 2>&1 >/dev/null fi %files %defattr(-,root,root) %doc BUGS CHANGES CREDITS LICENSE README.* TODO %doc doc/README.patents examples/chapsecrets.sample %attr(0755,root,root) %{_sbindir}/xl2tpd %attr(0755,root,root) %{_sbindir}/xl2tpd-control %attr(0755,root,root) %{_bindir}/pfc %{_mandir}/*/* %dir %{_sysconfdir}/xl2tpd %config(noreplace) %{_sysconfdir}/xl2tpd/* %config(noreplace) %{_sysconfdir}/ppp/* %attr(0755,root,root) %{_initrddir}/xl2tpd %dir %{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog * Sun Oct 26 2008 Paul Wouters 1.2.2-1 - Updated Suse init scripts and spec file - Added pfc for pppd's precompiled-active-filter * Tue Jun 26 2007 Paul Wouters 1.1.11-1 - Minor changes to spec file to accomodate new README files * Fri Feb 23 2007 Paul Wouters 1.1.08-1 - Upgraded to 1.1.08 - This works around the ppp-2.4.2-6.4 issue of not dying on SIGTERM * Mon Feb 19 2007 Paul Wouters 1.1.07-2 - Upgraded to 1.1.07 - Fixes from Tuomo Soini for pidfile handling with Fedora - Fix hardcoded version for Source in spec file. * Thu Dec 7 2006 Paul Wouters 1.1.06-5 - Changed space/tab replacing method * Wed Dec 6 2006 Paul Wouters 1.1.06-4 - Added -p to keep original timestamps - Added temporary hack to change space/tab in init file. - Added /sbin/service dependancy * Tue Dec 5 2006 Paul Wouters 1.1.06-3 - Added Requires(post) / Requires(preun) - changed init file to create /var/run/xl2tpd fixed a tab/space - changed control file to be within /var/run/xl2tpd/ * Tue Dec 5 2006 Paul Wouters 1.1.06-2 - Changed Mr. Karlsen's name to not be a utf8 problem - Fixed Obosoletes/Provides to be more specific wrt l2tpd. - Added dist tag which accidentally got deleted. * Mon Dec 4 2006 Paul Wouters 1.1.06-1 - Rebased spec file on Fedora Extras copy, but using xl2tpd as package name * Sun Nov 27 2005 Paul Wouters 0.69.20051030 - Pulled up sourceforget.net CVS fixes. - various debugging added, but debugging should not be on by default. - async/sync conversion routines must be ready for possibility that the read will block due to routing loops. - refactor control socket handling. - move all logic about pty usage to pty.c. Try ptmx first, if it fails try legacy ptys - rename log() to l2tp_log(), as "log" is a math function. - if we aren't deamonized, then log to stderr. - added install: and DESTDIR support. * Thu Oct 20 2005 Paul Wouters 0.69-13 - Removed suse/mandrake specifics. Comply for Fedora Extras guidelines * Tue Jun 21 2005 Jacco de Leeuw 0.69-12jdl - Added log() patch by Paul Wouters so that l2tpd compiles on FC4. * Sat Jun 4 2005 Jacco de Leeuw - l2tpd.org has been hijacked. Project moved back to SourceForge: http://l2tpd.sourceforge.net * Tue May 3 2005 Jacco de Leeuw - Small Makefile fixes. Explicitly use gcc instead of cc. Network services library was not linked on Solaris due to typo. * Thu Mar 17 2005 Jacco de Leeuw 0.69-11jdl - Choosing between SysV or BSD style ptys is now configurable through a compile-time boolean "unix98pty". * Fri Feb 4 2005 Jacco de Leeuw - Added code from Roaring Penguin (rp-l2tp) to support SysV-style ptys. Requires the N_HDLC kernel module. * Fri Nov 26 2004 Jacco de Leeuw - Updated the README. * Wed Nov 10 2004 Jacco de Leeuw 0.69-10jdl - Patch by Marald Klein and Roger Luethi. Fixes writing PID file. (http://l2tpd.graffl.net/msg01790.html) Long overdue. Rereleasing 10jdl. * Tue Nov 9 2004 Jacco de Leeuw 0.69-10jdl - [SECURITY FIX] Added fix from Debian because of a bss-based buffer overflow. (http://www.mail-archive.com/l2tpd-devel@l2tpd.org/msg01071.html) - Mandrake's FreeS/WAN, Openswan and Strongswan RPMS use configuration directories /etc/{freeswan,openswan,strongswan}. Install our configuration files to /etc/ipsec.d and create symbolic links in those directories. * Tue Aug 18 2004 Jacco de Leeuw - Removed 'leftnexthop=' lines. Not relevant for recent versions of FreeS/WAN and derivates. * Tue Jan 20 2004 Jacco de Leeuw 0.69-9jdl - Added "noccp" because of too much MPPE/CCP messages sometimes. * Wed Dec 31 2003 Jacco de Leeuw - Added patch in order to prevent StopCCN messages. * Sat Aug 23 2003 Jacco de Leeuw - MTU/MRU 1410 seems to be the lowest possible for MSL2TP. For Windows 2000/XP it doesn't seem to matter. - Typo in l2tpd.conf (192.168.128/25). * Fri Aug 8 2003 Jacco de Leeuw 0.69-8jdl - Added MTU/MRU 1400 to options.l2tpd. I don't know the optimal value but some apps had problems with the default value. * Fri Aug 1 2003 Jacco de Leeuw - Added workaround for the missing hostname bug in the MSL2TP client ('Specify your hostname', error 629: "You have been disconnected from the computer you are dialing"). * Thu Jul 20 2003 Jacco de Leeuw 0.69-7jdl - Added the "listen-addr" global parameter for l2tpd.conf. By default, the daemon listens on *all* interfaces. Use "listen-addr" if you want it to bind to one specific IP address (interface), for security reasons. (See also: http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#Firewallwarning) - Explained in l2tpd.conf that two different IP addresses should be used for 'listen-addr' and 'local ip'. - Modified init script. Upgrades should work better now. You still need to start/chkconfig l2tpd manually. - Renamed the example Openswan .conf files to better reflect the situation. There are two variants using different portselectors. Previously I thought Windows 2000/XP used portselector 17/0 and the rest used 17/1701. But with the release of an updated IPsec client by Microsoft, it turns out that 17/0 must have been a mistake: the updated client now also uses 17/1701. * Mon Apr 10 2003 Jacco de Leeuw 0.69-6jdl - Changed sample chap-secrets to be valid only for specific IP addresses. * Thu Mar 13 2003 Bernhard Thoni - Adjustments for SuSE8.x (thanks, Bernhard!) - Added sample chap-secrets. * Thu Mar 6 2003 Jacco de Leeuw 0.69-5jdl - Replaced Dominique's patch by Damion de Soto's, which does not depend on the N_HDLC kernel module. * Wed Feb 26 2003 Jacco de Leeuw 0.69-4jdl - Seperate example config files for Win9x (MSL2TP) and Win2K/XP due to left/rightprotoport differences. Fixing preun for Red Hat. * Mon Feb 3 2003 Jacco de Leeuw 0.69-3jdl - Mandrake uses /etc/freeswan/ instead of /etc/ipsec.d/ Error fixed: source6 was used for both PSK and CERT. * Wed Jan 29 2003 Jacco de Leeuw 0.69-3jdl - Added Dominique Cressatti's pty patch in another attempt to prevent the Windows 2000 Professional "loopback detected" error. Seems to work! * Wed Dec 25 2002 Jacco de Leeuw 0.69-2jdl - Added 'connect-delay' to PPP parameters in an attempt to prevent the Windows 2000 Professional "loopback detected" error. Didn't seem to work. * Fri Dec 13 2002 Jacco de Leeuw 0.69-1jdl - Did not build on Red Hat 8.0. Solved by adding comments(?!). Bug detected in spec file: chkconfig --list l2tpd does not work on Red Hat 8.0. Not important enough to look into yet. * Sun Nov 17 2002 Jacco de Leeuw 0.69-1jdl - Tested on Red Hat, required some changes. No gprintf. Used different pty patch, otherwise wouldn't run. Added buildroot sanity check. * Sun Nov 10 2002 Jacco de Leeuw - Specfile adapted from Mandrake Cooker. The original RPM can be retrieved through: http://www.rpmfind.net/linux/rpm2html/search.php?query=l2tpd - Config path changed from /etc/l2tp/ to /etc/l2tpd/ (Seems more logical and rp-l2tp already uses /etc/l2tp/). - Do not run at boot or install. The original RPM uses a config file which is completely commented out, but it still starts l2tpd on all interfaces. Could be a security risk. This RPM does not start l2tpd, the sysadmin has to edit the config file and start l2tpd explicitly. - Renamed patches to start with l2tpd- - Added dependencies for pppd, glibc-devel. - Use %%{name} as much as possible. - l2tp-secrets contains passwords, thus should not be world readable. - Removed dependency on rpm-helper. * Mon Oct 21 2002 Lenny Cartier 0.69-3mdk - from Per 0yvind Karlsen : - PreReq and Requires - Fix preun_service * Thu Oct 17 2002 Per 0yvind Karlsen 0.69-2mdk - Move l2tpd from /usr/bin to /usr/sbin - Added SysV initscript - Patch0 - Patch1 * Thu Oct 17 2002 Per 0yvind Karlsen 0.69-1mdk - Initial release xl2tpd-1.3.12/packaging/openwrt/000077500000000000000000000000001327764040100164415ustar00rootroot00000000000000xl2tpd-1.3.12/packaging/openwrt/Config.in000066400000000000000000000003741327764040100202020ustar00rootroot00000000000000config BR2_PACKAGE_XL2TPD tristate "Xl2tpd - an L2TP daemon for use with IPsec" select BR2_PACKAGE_OPENSWAN default m if CONFIG_DEVEL help Xl2tpd is an L2TP implementation for use with IPsec http://www.xelerance.com/software/xl2tpd/ xl2tpd-1.3.12/packaging/openwrt/Makefile000066400000000000000000000027351327764040100201100ustar00rootroot00000000000000 include $(TOPDIR)/rules.mk PKG_NAME:=xl2tpd PKG_VERSION:=1.3.12 PKG_RELEASE:=1 PKG_MD5SUM:=ab5656eb5a3d1973f7f69b039675332e-NEEDSUPDATING PKG_SOURCE_URL:=http://www.xelerance.com/software/xl2tpd/ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) PKG_CAT:=zcat include $(TOPDIR)/package/rules.mk $(eval $(call PKG_template,XL2TPD,xl2tpd,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) FLAGS := $(TARGET_CFLAGS) -I$(PKG_BUILD_DIR)/linux/include -L$(STAGING_DIR)/usr/lib -I$(STAGING_DIR)/usr/include $(PKG_BUILD_DIR)/.built: $(MAKE) -C $(PKG_BUILD_DIR) \ $(TARGET_CONFIGURE_OPTS) \ ARCH="mips" \ LD_LIBRARY_PATH="$(STAGING_DIR)/usr/lib" \ EXTRA_INCLUDE="-I$(STAGING_DIR)/usr/include" \ all $(IPKG_XL2TPD): $(MAKE) -C $(PKG_BUILD_DIR) \ $(TARGET_CONFIGURE_OPTS) \ DESTDIR="$(IDIR_XL2TPD)" \ ARCH="mips" \ install -$(STRIP) $(IDIR_XL2TPD)/usr/sbin/xl2tpd rm -rf $(IDIR_XL2TPD)/usr/share rm -rf $(IDIR_XL2TPD)/usr/man rm -rf $(IDIR_XL2TPD)/var rm -rf $(IDIR_XL2TPD)/etc/rc.d/rc*.d mkdir -p $(IDIR_XL2TPD)/etc/init.d mkdir -p $(IDIR_XL2TPD)/etc/ppp mkdir -p $(IDIR_XL2TPD)/etc/xl2tpd cp $(PKG_BUILD_DIR)/examples/ppp-options.xl2tpd $(IDIR_XL2TPD)/etc/ppp/options.xl2tpd cp $(PKG_BUILD_DIR)/examples/xl2tpd.conf $(IDIR_XL2TPD)/etc/xl2tpd cp $(PKG_BUILD_DIR)/packaging/openwrt $(IDIR_XL2TPD)/etc/init.d/ find $(PKG_BUILD_DIR) -name \*.old | xargs rm -rf mkdir -p $(PACKAGE_DIR) $(IPKG_BUILD) $(IDIR_XL2TPD) $(PACKAGE_DIR) xl2tpd-1.3.12/packaging/openwrt/README000066400000000000000000000007551327764040100173300ustar00rootroot00000000000000 To (re)build xl2tpd for openwrt: cat OpenWrt-SDK-Linux-i686-1.tar.bz2 | tar -xvf - cd ~/OpenWrt-SDK-Linux-i686-1 rm -r package/helloworld svn co https://svn.openwrt.org/openwrt/branches/whiterussian whiterussian cp xl2tpd-latest.tar.gz dl/ tar zxvf dl/xl2tpd-latest.tar.gz cp -av dl/xl2tpd-latest/packaging/openwrt package/xl2tpd md5sum dl/xl2tpd-latest.tar.gz [ edit package/xl2tpd/Makefile and update PKG_VERSION and PKG_MD5SUM ] make V=99 This should then give you the xl2tpd package. xl2tpd-1.3.12/packaging/openwrt/ipkg/000077500000000000000000000000001327764040100173735ustar00rootroot00000000000000xl2tpd-1.3.12/packaging/openwrt/ipkg/xl2tpd.conffiles000066400000000000000000000000601327764040100224760ustar00rootroot00000000000000/etc/xl2tpd/xl2tpd.conf /etc/ppp/options.xl2tpd xl2tpd-1.3.12/packaging/openwrt/ipkg/xl2tpd.control000066400000000000000000000001671327764040100222160ustar00rootroot00000000000000Package: xl2tpd Section: net Priority: optional Depends: openswan Obsoletes: l2tpd Description: Xelerance Xl2tp daemon xl2tpd-1.3.12/packaging/openwrt/xl2tpd.init000077500000000000000000000003321327764040100205440ustar00rootroot00000000000000#!/bin/sh /etc/rc.common START=60 BIN=xl2tpd DEFAULT=/etc/default/$BIN RUN_D=/var/run PID_F=$RUN_D/$BIN.pid start() { [ -f $DEFAULT ] && . $DEFAULT $BIN $OPTIONS } stop() { [ -f $PID_F ] && kill $(cat $PID_F) } xl2tpd-1.3.12/packaging/suse/000077500000000000000000000000001327764040100157225ustar00rootroot00000000000000xl2tpd-1.3.12/packaging/suse/README000066400000000000000000000000741327764040100166030ustar00rootroot00000000000000Suse startup files based on examples found in OpenSuse 10.3 xl2tpd-1.3.12/packaging/suse/sles10.spec000066400000000000000000000300231327764040100177030ustar00rootroot00000000000000Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.12 Release: 1%{?dist} License: GPLv2 Url: http://www.xelerance.com/software/xl2tpd/ Group: Productivity/Networking/Other Source0: https://github.com/xelerance/xl2tpd/archive/v%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: ppp >= 2.4.3 BuildRequires: libpcap Obsoletes: l2tpd < 0.69 Provides: l2tpd = 0.69 Requires(post): /sbin/chkconfig Requires(preun): /sbin/chkconfig Requires(preun): /sbin/service %description xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661). L2TP allows you to tunnel PPP over UDP. Some ISPs use L2TP to tunnel user sessions from dial-in servers (modem banks, ADSL DSLAMs) to back-end PPP servers. Another important application is Virtual Private Networks where the IPsec protocol is used to secure the L2TP connection (L2TP/IPsec, RFC 3193). The L2TP/IPsec protocol is mainly used by Windows and Mac OS X clients. On Linux, xl2tpd can be used in combination with IPsec implementations such as Openswan. Example configuration files for such a setup are included in this RPM. xl2tpd works by opening a pseudo-tty for communicating with pppd. It runs completely in userspace but supports kernel mode L2TP. xl2tpd supports IPsec SA Reference tracking to enable overlapping internak NAT'ed IP's by different clients (eg all clients connecting from their linksys internal IP 192.168.1.101) as well as multiple clients behind the same NAT router. xl2tpd supports the pppol2tp kernel mode operations on 2.6.23 or higher, or via a patch in contrib for 2.4.x kernels. Xl2tpd is based on the 0.69 L2TP by Jeff McAdams It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %prep %setup -q %build make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_PPPD -DDEBUG_CONTROL -DDEBUG_ENTROPY -DTRUST_PPPD_TO_DIE" %install make PREFIX=%{_prefix} DESTDIR=%{buildroot} MANDIR=%{buildroot}/%{_mandir} install install -p -D -m644 examples/xl2tpd.conf %{buildroot}%{_sysconfdir}/xl2tpd/xl2tpd.conf install -p -D -m644 examples/ppp-options.xl2tpd %{buildroot}%{_sysconfdir}/ppp/options.xl2tpd install -p -D -m600 doc/l2tp-secrets.sample %{buildroot}%{_sysconfdir}/xl2tpd/l2tp-secrets install -p -D -m600 examples/chapsecrets.sample %{buildroot}%{_sysconfdir}/ppp/chap-secrets.sample install -p -D -m755 packaging/suse/xl2tpd.init %{buildroot}%{_initrddir}/xl2tpd ln -sf /etc/init.d/xl2tpd $RPM_BUILD_ROOT/usr/sbin/rcxl2tpd install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %clean rm -rf %{buildroot} %post %{fillup_and_insserv xl2tpd} # if we migrate from l2tpd to xl2tpd, copy the configs if [ -f /etc/l2tpd/l2tpd.conf ] then echo "Old /etc/l2tpd configuration found, migrating to /etc/xl2tpd" mv /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/xl2tpd.conf.rpmsave cat /etc/l2tpd/l2tpd.conf | sed "s/options.l2tpd/options.xl2tpd/" > /etc/xl2tpd/xl2tpd.conf mv /etc/ppp/options.xl2tpd /etc/ppp/options.xl2tpd.rpmsave mv /etc/ppp/options.l2tpd /etc/ppp/options.xl2tpd mv /etc/xl2tpd/l2tp-secrets /etc/xl2tpd/l2tpd-secrets.rpmsave cp -pa /etc/l2tpd/l2tp-secrets /etc/xl2tpd/l2tp-secrets fi %preun %stop_on_removal xl2tpd exit 0 %postun %restart_on_update xl2tpd %insserv_cleanup exit 0 %files %defattr(-,root,root) %doc BUGS CHANGES CREDITS LICENSE README.* TODO %doc doc/README.patents examples/chapsecrets.sample %{_sbindir}/rcxl2tpd %{_sbindir}/xl2tpd %{_sbindir}/xl2tpd-control %{_bindir}/pfc %{_mandir}/*/* %dir %{_sysconfdir}/xl2tpd %config(noreplace) %{_sysconfdir}/xl2tpd/* %config(noreplace) %{_sysconfdir}/ppp/* %attr(0755,root,root) %{_initrddir}/xl2tpd %dir %{_localstatedir}/run/xl2tpd %changelog * Sun Oct 26 2008 Paul Wouters 1.2.2-1 - Updated Suse init scripts and spec file - Added pfc for pppd's precompiled-active-filter * Fri Apr 18 2008 Paul Wouters 1.2.1-1 - Updated Suse init scripts and spec file * Tue Jun 26 2007 Paul Wouters 1.1.11-1 - Minor changes to spec file to accomodate new README files * Fri Feb 23 2007 Paul Wouters 1.1.08-1 - Upgraded to 1.1.08 - This works around the ppp-2.4.2-6.4 issue of not dying on SIGTERM * Mon Feb 19 2007 Paul Wouters 1.1.07-2 - Upgraded to 1.1.07 - Fixes from Tuomo Soini for pidfile handling with Fedora - Fix hardcoded version for Source in spec file. * Thu Dec 7 2006 Paul Wouters 1.1.06-5 - Changed space/tab replacing method * Wed Dec 6 2006 Paul Wouters 1.1.06-4 - Added -p to keep original timestamps - Added temporary hack to change space/tab in init file. - Added /sbin/service dependancy * Tue Dec 5 2006 Paul Wouters 1.1.06-3 - Added Requires(post) / Requires(preun) - changed init file to create /var/run/xl2tpd fixed a tab/space - changed control file to be within /var/run/xl2tpd/ * Tue Dec 5 2006 Paul Wouters 1.1.06-2 - Changed Mr. Karlsen's name to not be a utf8 problem - Fixed Obosoletes/Provides to be more specific wrt l2tpd. - Added dist tag which accidentally got deleted. * Mon Dec 4 2006 Paul Wouters 1.1.06-1 - Rebased spec file on Fedora Extras copy, but using xl2tpd as package name * Sun Nov 27 2005 Paul Wouters 0.69.20051030 - Pulled up sourceforget.net CVS fixes. - various debugging added, but debugging should not be on by default. - async/sync conversion routines must be ready for possibility that the read will block due to routing loops. - refactor control socket handling. - move all logic about pty usage to pty.c. Try ptmx first, if it fails try legacy ptys - rename log() to l2tp_log(), as "log" is a math function. - if we aren't deamonized, then log to stderr. - added install: and DESTDIR support. * Thu Oct 20 2005 Paul Wouters 0.69-13 - Removed suse/mandrake specifics. Comply for Fedora Extras guidelines * Tue Jun 21 2005 Jacco de Leeuw 0.69-12jdl - Added log() patch by Paul Wouters so that l2tpd compiles on FC4. * Sat Jun 4 2005 Jacco de Leeuw - l2tpd.org has been hijacked. Project moved back to SourceForge: http://l2tpd.sourceforge.net * Tue May 3 2005 Jacco de Leeuw - Small Makefile fixes. Explicitly use gcc instead of cc. Network services library was not linked on Solaris due to typo. * Thu Mar 17 2005 Jacco de Leeuw 0.69-11jdl - Choosing between SysV or BSD style ptys is now configurable through a compile-time boolean "unix98pty". * Fri Feb 4 2005 Jacco de Leeuw - Added code from Roaring Penguin (rp-l2tp) to support SysV-style ptys. Requires the N_HDLC kernel module. * Fri Nov 26 2004 Jacco de Leeuw - Updated the README. * Wed Nov 10 2004 Jacco de Leeuw 0.69-10jdl - Patch by Marald Klein and Roger Luethi. Fixes writing PID file. (http://l2tpd.graffl.net/msg01790.html) Long overdue. Rereleasing 10jdl. * Tue Nov 9 2004 Jacco de Leeuw 0.69-10jdl - [SECURITY FIX] Added fix from Debian because of a bss-based buffer overflow. (http://www.mail-archive.com/l2tpd-devel@l2tpd.org/msg01071.html) - Mandrake's FreeS/WAN, Openswan and Strongswan RPMS use configuration directories /etc/{freeswan,openswan,strongswan}. Install our configuration files to /etc/ipsec.d and create symbolic links in those directories. * Tue Aug 18 2004 Jacco de Leeuw - Removed 'leftnexthop=' lines. Not relevant for recent versions of FreeS/WAN and derivates. * Tue Jan 20 2004 Jacco de Leeuw 0.69-9jdl - Added "noccp" because of too much MPPE/CCP messages sometimes. * Wed Dec 31 2003 Jacco de Leeuw - Added patch in order to prevent StopCCN messages. * Sat Aug 23 2003 Jacco de Leeuw - MTU/MRU 1410 seems to be the lowest possible for MSL2TP. For Windows 2000/XP it doesn't seem to matter. - Typo in l2tpd.conf (192.168.128/25). * Fri Aug 8 2003 Jacco de Leeuw 0.69-8jdl - Added MTU/MRU 1400 to options.l2tpd. I don't know the optimal value but some apps had problems with the default value. * Fri Aug 1 2003 Jacco de Leeuw - Added workaround for the missing hostname bug in the MSL2TP client ('Specify your hostname', error 629: "You have been disconnected from the computer you are dialing"). * Thu Jul 20 2003 Jacco de Leeuw 0.69-7jdl - Added the "listen-addr" global parameter for l2tpd.conf. By default, the daemon listens on *all* interfaces. Use "listen-addr" if you want it to bind to one specific IP address (interface), for security reasons. (See also: http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#Firewallwarning) - Explained in l2tpd.conf that two different IP addresses should be used for 'listen-addr' and 'local ip'. - Modified init script. Upgrades should work better now. You still need to start/chkconfig l2tpd manually. - Renamed the example Openswan .conf files to better reflect the situation. There are two variants using different portselectors. Previously I thought Windows 2000/XP used portselector 17/0 and the rest used 17/1701. But with the release of an updated IPsec client by Microsoft, it turns out that 17/0 must have been a mistake: the updated client now also uses 17/1701. * Mon Apr 10 2003 Jacco de Leeuw 0.69-6jdl - Changed sample chap-secrets to be valid only for specific IP addresses. * Thu Mar 13 2003 Bernhard Thoni - Adjustments for SuSE8.x (thanks, Bernhard!) - Added sample chap-secrets. * Thu Mar 6 2003 Jacco de Leeuw 0.69-5jdl - Replaced Dominique's patch by Damion de Soto's, which does not depend on the N_HDLC kernel module. * Wed Feb 26 2003 Jacco de Leeuw 0.69-4jdl - Seperate example config files for Win9x (MSL2TP) and Win2K/XP due to left/rightprotoport differences. Fixing preun for Red Hat. * Mon Feb 3 2003 Jacco de Leeuw 0.69-3jdl - Mandrake uses /etc/freeswan/ instead of /etc/ipsec.d/ Error fixed: source6 was used for both PSK and CERT. * Wed Jan 29 2003 Jacco de Leeuw 0.69-3jdl - Added Dominique Cressatti's pty patch in another attempt to prevent the Windows 2000 Professional "loopback detected" error. Seems to work! * Wed Dec 25 2002 Jacco de Leeuw 0.69-2jdl - Added 'connect-delay' to PPP parameters in an attempt to prevent the Windows 2000 Professional "loopback detected" error. Didn't seem to work. * Fri Dec 13 2002 Jacco de Leeuw 0.69-1jdl - Did not build on Red Hat 8.0. Solved by adding comments(?!). Bug detected in spec file: chkconfig --list l2tpd does not work on Red Hat 8.0. Not important enough to look into yet. * Sun Nov 17 2002 Jacco de Leeuw 0.69-1jdl - Tested on Red Hat, required some changes. No gprintf. Used different pty patch, otherwise wouldn't run. Added buildroot sanity check. * Sun Nov 10 2002 Jacco de Leeuw - Specfile adapted from Mandrake Cooker. The original RPM can be retrieved through: http://www.rpmfind.net/linux/rpm2html/search.php?query=l2tpd - Config path changed from /etc/l2tp/ to /etc/l2tpd/ (Seems more logical and rp-l2tp already uses /etc/l2tp/). - Do not run at boot or install. The original RPM uses a config file which is completely commented out, but it still starts l2tpd on all interfaces. Could be a security risk. This RPM does not start l2tpd, the sysadmin has to edit the config file and start l2tpd explicitly. - Renamed patches to start with l2tpd- - Added dependencies for pppd, glibc-devel. - Use %%{name} as much as possible. - l2tp-secrets contains passwords, thus should not be world readable. - Removed dependency on rpm-helper. * Mon Oct 21 2002 Lenny Cartier 0.69-3mdk - from Per 0yvind Karlsen : - PreReq and Requires - Fix preun_service * Thu Oct 17 2002 Per 0yvind Karlsen 0.69-2mdk - Move l2tpd from /usr/bin to /usr/sbin - Added SysV initscript - Patch0 - Patch1 * Thu Oct 17 2002 Per 0yvind Karlsen 0.69-1mdk - Initial release xl2tpd-1.3.12/packaging/suse/xl2tpd.init000066400000000000000000000124211327764040100200240ustar00rootroot00000000000000#! /bin/sh # Copyright (c) 1995-2003 Bernhard Thoni # Tronicplanet Datendienst GmbH, Simbach am INN, Germany. # All rights reserved. # Copyright (c) 2006-2008 Paul Wouters # Xeleracne Corporation # # /etc/init.d/xl2tpd # # and its symbolic link # # /usr/sbin/rcxl2tpd # # LSB compliant service control script; see http://www.linuxbase.org/spec/ # # System startup script for L2TP daemon xl2tpd # ### BEGIN INIT INFO # Provides: xl2tpd # Required-Start: $syslog $remote_fs # Required-Stop: $syslog $remote_fs # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: Start xl2tpd (to provide L2TP VPN's) # Description: Start xl2tpd to provide L2TP VPN tunnels # normally used with IPsec (openswan) ### END INIT INFO # # Note on Required-Start: It does specify the init script ordering, # not real dependencies. Depencies have to be handled by admin # resp. the configuration tools (s)he uses. # Source SuSE config (if still necessary, most info has been moved) test -r /etc/rc.config && . /etc/rc.config # Check for missing binaries (stale symlinks should not happen) XL2TPD_BIN=/usr/sbin/xl2tpd test -x $YPBIND_BIN || { echo "$YPBIND_BIN not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } # Check for existence of needed config file and read it #XL2TPD_CONFIG=/etc/sysconfig/xl2tpd #test -r $YPBIND_CONFIG || { echo "$YPBIND_CONFIG not existing"; # if [ "$1" = "stop" ]; then exit 0; else exit 6; fi; } #. $XL2TPD_CONFIG # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v ditto but be verbose in local rc status # rc_status -v -r ditto and clear the local rc status # rc_failed set local and overall rc status to failed # rc_failed set local and overall rc status to # rc_reset clear local rc status (overall remains) # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks . /etc/rc.status # First reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - insufficient privilege # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signalling is not supported) are # considered a success. case "$1" in start) echo -n "Starting xl2tpd" ## Start daemon with startproc(8). If this fails ## the echo return value is set appropriate. # NOTE: startproc returns 0, even if service is # already running to match LSB spec. startproc $XL2TPD_BIN >/dev/null 2>&1 # Remember status and be verbose rc_status -v ;; stop) echo -n "Shutting down xl2tpd" ## Stop daemon with killproc(8) and if this fails ## set echo the echo return value. killproc -TERM $XL2TPD_BIN rm -f /var/run/xl2tpd/xl2tpd.pid # Remember status and be verbose rc_status -v ;; try-restart|condrestart) ## Do a restart only if the service was active before. ## Note: try-restart is now part of LSB (as of 1.9). ## RH has a similar command named condrestart. if test "$1" = "condrestart"; then echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" fi $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi rc_status ;; restart) $0 stop sleep 1 $0 start rc_status ;; force-reload) ## Signal the daemon to reload its config. Most daemons ## do this on signal 1 (SIGHUP). ## If it does not support it, restart. echo -n "Reload service xl2tpd" ## if it supports it: killproc -HUP $XL2TPD_BIN #touch /var/run/xl2tpd/xl2tpd.pid rc_status -v ## Otherwise: #$0 stop && $0 start #rc_status ;; reload) ## Like force-reload, but if daemon does not support ## signalling, do nothing (!) # If it supports signalling: echo -n "Reload service xl2tpd" killproc -HUP $XL2TPD_BIN #touch /var/run/xl2tpd.pid rc_status -v ## Otherwise if it does not support reload: #rc_failed 3 #rc_status -v ;; status) echo -n "Checking for service xl2tpd: " ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Return value is slightly different for the status command: # 0 - service running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running # NOTE: checkproc returns LSB compliant status values. checkproc $XL2TPD_BIN rc_status -v ;; probe) ## Optional: Probe for the necessity of a reload, ## print out the argument which is required for a reload. test /etc/xl2tpd/xl2tpd.conf -nt /var/run/xltpd/xl2tpd.pid && echo reload ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" exit 1 ;; esac rc_exit xl2tpd-1.3.12/packaging/suse/xl2tpd.spec000066400000000000000000000300311327764040100200100ustar00rootroot00000000000000Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.12 Release: 1%{?dist} License: GPLv2 Url: http://www.xelerance.com/software/xl2tpd/ Group: Productivity/Networking/Other Source0: https://github.com/xelerance/xl2tpd/archive/v%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: ppp >= 2.4.3 BuildRequires: libpcap-devel Obsoletes: l2tpd < 0.69 Provides: l2tpd = 0.69 Requires(post): /sbin/chkconfig Requires(preun): /sbin/chkconfig Requires(preun): /sbin/service %description xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661). L2TP allows you to tunnel PPP over UDP. Some ISPs use L2TP to tunnel user sessions from dial-in servers (modem banks, ADSL DSLAMs) to back-end PPP servers. Another important application is Virtual Private Networks where the IPsec protocol is used to secure the L2TP connection (L2TP/IPsec, RFC 3193). The L2TP/IPsec protocol is mainly used by Windows and Mac OS X clients. On Linux, xl2tpd can be used in combination with IPsec implementations such as Openswan. Example configuration files for such a setup are included in this RPM. xl2tpd works by opening a pseudo-tty for communicating with pppd. It runs completely in userspace but supports kernel mode L2TP. xl2tpd supports IPsec SA Reference tracking to enable overlapping internak NAT'ed IP's by different clients (eg all clients connecting from their linksys internal IP 192.168.1.101) as well as multiple clients behind the same NAT router. xl2tpd supports the pppol2tp kernel mode operations on 2.6.23 or higher, or via a patch in contrib for 2.4.x kernels. Xl2tpd is based on the 0.69 L2TP by Jeff McAdams It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %prep %setup -q %build make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_PPPD -DDEBUG_CONTROL -DDEBUG_ENTROPY -DTRUST_PPPD_TO_DIE" %install make PREFIX=%{_prefix} DESTDIR=%{buildroot} MANDIR=%{buildroot}/%{_mandir} install install -p -D -m644 examples/xl2tpd.conf %{buildroot}%{_sysconfdir}/xl2tpd/xl2tpd.conf install -p -D -m644 examples/ppp-options.xl2tpd %{buildroot}%{_sysconfdir}/ppp/options.xl2tpd install -p -D -m600 doc/l2tp-secrets.sample %{buildroot}%{_sysconfdir}/xl2tpd/l2tp-secrets install -p -D -m600 examples/chapsecrets.sample %{buildroot}%{_sysconfdir}/ppp/chap-secrets.sample install -p -D -m755 packaging/suse/xl2tpd.init %{buildroot}%{_initrddir}/xl2tpd ln -sf /etc/init.d/xl2tpd $RPM_BUILD_ROOT/usr/sbin/rcxl2tpd install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %clean rm -rf %{buildroot} %post %{fillup_and_insserv xl2tpd} # if we migrate from l2tpd to xl2tpd, copy the configs if [ -f /etc/l2tpd/l2tpd.conf ] then echo "Old /etc/l2tpd configuration found, migrating to /etc/xl2tpd" mv /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/xl2tpd.conf.rpmsave cat /etc/l2tpd/l2tpd.conf | sed "s/options.l2tpd/options.xl2tpd/" > /etc/xl2tpd/xl2tpd.conf mv /etc/ppp/options.xl2tpd /etc/ppp/options.xl2tpd.rpmsave mv /etc/ppp/options.l2tpd /etc/ppp/options.xl2tpd mv /etc/xl2tpd/l2tp-secrets /etc/xl2tpd/l2tpd-secrets.rpmsave cp -pa /etc/l2tpd/l2tp-secrets /etc/xl2tpd/l2tp-secrets fi %preun %stop_on_removal xl2tpd exit 0 %postun %restart_on_update xl2tpd %insserv_cleanup exit 0 %files %defattr(-,root,root) %doc BUGS CHANGES CREDITS LICENSE README.* TODO %doc doc/README.patents examples/chapsecrets.sample %{_sbindir}/rcxl2tpd %{_sbindir}/xl2tpd %{_sbindir}/xl2tpd-control %{_bindir}/pfc %{_mandir}/*/* %dir %{_sysconfdir}/xl2tpd %config(noreplace) %{_sysconfdir}/xl2tpd/* %config(noreplace) %{_sysconfdir}/ppp/* %attr(0755,root,root) %{_initrddir}/xl2tpd %dir %{_localstatedir}/run/xl2tpd %changelog * Sun Oct 26 2008 Paul Wouters 1.2.2-1 - Updated Suse init scripts and spec file - Added pfc for pppd's precompiled-active-filter * Fri Apr 18 2008 Paul Wouters 1.2.1-1 - Updated Suse init scripts and spec file * Tue Jun 26 2007 Paul Wouters 1.1.11-1 - Minor changes to spec file to accomodate new README files * Fri Feb 23 2007 Paul Wouters 1.1.08-1 - Upgraded to 1.1.08 - This works around the ppp-2.4.2-6.4 issue of not dying on SIGTERM * Mon Feb 19 2007 Paul Wouters 1.1.07-2 - Upgraded to 1.1.07 - Fixes from Tuomo Soini for pidfile handling with Fedora - Fix hardcoded version for Source in spec file. * Thu Dec 7 2006 Paul Wouters 1.1.06-5 - Changed space/tab replacing method * Wed Dec 6 2006 Paul Wouters 1.1.06-4 - Added -p to keep original timestamps - Added temporary hack to change space/tab in init file. - Added /sbin/service dependancy * Tue Dec 5 2006 Paul Wouters 1.1.06-3 - Added Requires(post) / Requires(preun) - changed init file to create /var/run/xl2tpd fixed a tab/space - changed control file to be within /var/run/xl2tpd/ * Tue Dec 5 2006 Paul Wouters 1.1.06-2 - Changed Mr. Karlsen's name to not be a utf8 problem - Fixed Obosoletes/Provides to be more specific wrt l2tpd. - Added dist tag which accidentally got deleted. * Mon Dec 4 2006 Paul Wouters 1.1.06-1 - Rebased spec file on Fedora Extras copy, but using xl2tpd as package name * Sun Nov 27 2005 Paul Wouters 0.69.20051030 - Pulled up sourceforget.net CVS fixes. - various debugging added, but debugging should not be on by default. - async/sync conversion routines must be ready for possibility that the read will block due to routing loops. - refactor control socket handling. - move all logic about pty usage to pty.c. Try ptmx first, if it fails try legacy ptys - rename log() to l2tp_log(), as "log" is a math function. - if we aren't deamonized, then log to stderr. - added install: and DESTDIR support. * Thu Oct 20 2005 Paul Wouters 0.69-13 - Removed suse/mandrake specifics. Comply for Fedora Extras guidelines * Tue Jun 21 2005 Jacco de Leeuw 0.69-12jdl - Added log() patch by Paul Wouters so that l2tpd compiles on FC4. * Sat Jun 4 2005 Jacco de Leeuw - l2tpd.org has been hijacked. Project moved back to SourceForge: http://l2tpd.sourceforge.net * Tue May 3 2005 Jacco de Leeuw - Small Makefile fixes. Explicitly use gcc instead of cc. Network services library was not linked on Solaris due to typo. * Thu Mar 17 2005 Jacco de Leeuw 0.69-11jdl - Choosing between SysV or BSD style ptys is now configurable through a compile-time boolean "unix98pty". * Fri Feb 4 2005 Jacco de Leeuw - Added code from Roaring Penguin (rp-l2tp) to support SysV-style ptys. Requires the N_HDLC kernel module. * Fri Nov 26 2004 Jacco de Leeuw - Updated the README. * Wed Nov 10 2004 Jacco de Leeuw 0.69-10jdl - Patch by Marald Klein and Roger Luethi. Fixes writing PID file. (http://l2tpd.graffl.net/msg01790.html) Long overdue. Rereleasing 10jdl. * Tue Nov 9 2004 Jacco de Leeuw 0.69-10jdl - [SECURITY FIX] Added fix from Debian because of a bss-based buffer overflow. (http://www.mail-archive.com/l2tpd-devel@l2tpd.org/msg01071.html) - Mandrake's FreeS/WAN, Openswan and Strongswan RPMS use configuration directories /etc/{freeswan,openswan,strongswan}. Install our configuration files to /etc/ipsec.d and create symbolic links in those directories. * Tue Aug 18 2004 Jacco de Leeuw - Removed 'leftnexthop=' lines. Not relevant for recent versions of FreeS/WAN and derivates. * Tue Jan 20 2004 Jacco de Leeuw 0.69-9jdl - Added "noccp" because of too much MPPE/CCP messages sometimes. * Wed Dec 31 2003 Jacco de Leeuw - Added patch in order to prevent StopCCN messages. * Sat Aug 23 2003 Jacco de Leeuw - MTU/MRU 1410 seems to be the lowest possible for MSL2TP. For Windows 2000/XP it doesn't seem to matter. - Typo in l2tpd.conf (192.168.128/25). * Fri Aug 8 2003 Jacco de Leeuw 0.69-8jdl - Added MTU/MRU 1400 to options.l2tpd. I don't know the optimal value but some apps had problems with the default value. * Fri Aug 1 2003 Jacco de Leeuw - Added workaround for the missing hostname bug in the MSL2TP client ('Specify your hostname', error 629: "You have been disconnected from the computer you are dialing"). * Thu Jul 20 2003 Jacco de Leeuw 0.69-7jdl - Added the "listen-addr" global parameter for l2tpd.conf. By default, the daemon listens on *all* interfaces. Use "listen-addr" if you want it to bind to one specific IP address (interface), for security reasons. (See also: http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#Firewallwarning) - Explained in l2tpd.conf that two different IP addresses should be used for 'listen-addr' and 'local ip'. - Modified init script. Upgrades should work better now. You still need to start/chkconfig l2tpd manually. - Renamed the example Openswan .conf files to better reflect the situation. There are two variants using different portselectors. Previously I thought Windows 2000/XP used portselector 17/0 and the rest used 17/1701. But with the release of an updated IPsec client by Microsoft, it turns out that 17/0 must have been a mistake: the updated client now also uses 17/1701. * Mon Apr 10 2003 Jacco de Leeuw 0.69-6jdl - Changed sample chap-secrets to be valid only for specific IP addresses. * Thu Mar 13 2003 Bernhard Thoni - Adjustments for SuSE8.x (thanks, Bernhard!) - Added sample chap-secrets. * Thu Mar 6 2003 Jacco de Leeuw 0.69-5jdl - Replaced Dominique's patch by Damion de Soto's, which does not depend on the N_HDLC kernel module. * Wed Feb 26 2003 Jacco de Leeuw 0.69-4jdl - Seperate example config files for Win9x (MSL2TP) and Win2K/XP due to left/rightprotoport differences. Fixing preun for Red Hat. * Mon Feb 3 2003 Jacco de Leeuw 0.69-3jdl - Mandrake uses /etc/freeswan/ instead of /etc/ipsec.d/ Error fixed: source6 was used for both PSK and CERT. * Wed Jan 29 2003 Jacco de Leeuw 0.69-3jdl - Added Dominique Cressatti's pty patch in another attempt to prevent the Windows 2000 Professional "loopback detected" error. Seems to work! * Wed Dec 25 2002 Jacco de Leeuw 0.69-2jdl - Added 'connect-delay' to PPP parameters in an attempt to prevent the Windows 2000 Professional "loopback detected" error. Didn't seem to work. * Fri Dec 13 2002 Jacco de Leeuw 0.69-1jdl - Did not build on Red Hat 8.0. Solved by adding comments(?!). Bug detected in spec file: chkconfig --list l2tpd does not work on Red Hat 8.0. Not important enough to look into yet. * Sun Nov 17 2002 Jacco de Leeuw 0.69-1jdl - Tested on Red Hat, required some changes. No gprintf. Used different pty patch, otherwise wouldn't run. Added buildroot sanity check. * Sun Nov 10 2002 Jacco de Leeuw - Specfile adapted from Mandrake Cooker. The original RPM can be retrieved through: http://www.rpmfind.net/linux/rpm2html/search.php?query=l2tpd - Config path changed from /etc/l2tp/ to /etc/l2tpd/ (Seems more logical and rp-l2tp already uses /etc/l2tp/). - Do not run at boot or install. The original RPM uses a config file which is completely commented out, but it still starts l2tpd on all interfaces. Could be a security risk. This RPM does not start l2tpd, the sysadmin has to edit the config file and start l2tpd explicitly. - Renamed patches to start with l2tpd- - Added dependencies for pppd, glibc-devel. - Use %%{name} as much as possible. - l2tp-secrets contains passwords, thus should not be world readable. - Removed dependency on rpm-helper. * Mon Oct 21 2002 Lenny Cartier 0.69-3mdk - from Per 0yvind Karlsen : - PreReq and Requires - Fix preun_service * Thu Oct 17 2002 Per 0yvind Karlsen 0.69-2mdk - Move l2tpd from /usr/bin to /usr/sbin - Added SysV initscript - Patch0 - Patch1 * Thu Oct 17 2002 Per 0yvind Karlsen 0.69-1mdk - Initial release xl2tpd-1.3.12/pty.c000066400000000000000000000062601327764040100140030ustar00rootroot00000000000000/* * Layer Two Tunnelling Protocol Daemon * Copyright (C) 1998 Adtran, Inc. * Copyright (C) 2002 Jeff McAdams * * Mark Spencer * * This software is distributed under the terms * of the GPL, which you should have received * along with this source. * * Pseudo-pty allocation routines... Concepts and code borrowed * from pty-redir by Magosanyi Arpad. * */ #define _ISOC99_SOURCE #define _XOPEN_SOURCE #define _BSD_SOURCE #define _DEFAULT_SOURCE #define _XOPEN_SOURCE_EXTENDED #include #include #include #include #include #include #include "l2tp.h" #ifdef SOLARIS #define PTY00 "/dev/ptyXX" #define PTY10 "pqrstuvwxyz" #define PTY01 "0123456789abcdef" #endif #ifdef LINUX #define PTY00 "/dev/ptyXX" #define PTY10 "pqrstuvwxyzabcde" #define PTY01 "0123456789abcdef" #endif #if defined(FREEBSD) || defined(NETBSD) #define PTY00 "/dev/ptyXX" #define PTY10 "p" #define PTY01 "0123456789abcdefghijklmnopqrstuv" #endif #ifndef OPENBSD int getPtyMaster_pty (char *tty10, char *tty01) { char *p10; char *p01; static char dev[] = PTY00; int fd; for (p10 = PTY10; *p10; p10++) { dev[8] = *p10; for (p01 = PTY01; *p01; p01++) { dev[9] = *p01; fd = open (dev, O_RDWR | O_NONBLOCK); if (fd >= 0) { *tty10 = *p10; *tty01 = *p01; return fd; } } } l2tp_log (LOG_CRIT, "%s: No more free pseudo-tty's\n", __FUNCTION__); return -1; } int getPtyMaster_ptmx(char *ttybuf, int ttybuflen) { int fd; char *tty; fd = open("/dev/ptmx", O_RDWR); if (fd == -1) { l2tp_log (LOG_WARNING, "%s: unable to open /dev/ptmx to allocate pty\n", __FUNCTION__); return -EINVAL; } /* No need to call grantpt */ if (unlockpt(fd)) { l2tp_log (LOG_WARNING, "%s: unable to unlockpt() on pty\n", __FUNCTION__); close(fd); return -EINVAL; } tty = ptsname(fd); if (tty == NULL) { l2tp_log (LOG_WARNING, "%s: unable to obtain name of slave tty\n", __FUNCTION__); close(fd); return -EINVAL; } ttybuf[0]='\0'; strncat(ttybuf, tty, ttybuflen); return fd; } #endif #ifdef OPENBSD int getPtyMaster_ptm(char *ttybuf, int ttybuflen) { int amaster, aslave; char *tty = malloc(64); if((openpty(&amaster, &aslave, tty, NULL, NULL)) == -1) { l2tp_log (LOG_WARNING, "%s: openpty() returned %s\n", __FUNCTION__, strerror(errno)); free(tty); return -EINVAL; } ttybuf[0] = '\0'; strncat(ttybuf, tty, ttybuflen); free(tty); return amaster; } #endif /* OPENBSD */ int getPtyMaster(char *ttybuf, int ttybuflen) { int fd; #ifndef OPENBSD fd = getPtyMaster_ptmx(ttybuf, ttybuflen); char a, b; if(fd >= 0) { return fd; } l2tp_log (LOG_WARNING, "%s: failed to use pts -- using legacy ptys\n", __FUNCTION__); fd = getPtyMaster_pty(&a,&b); if(fd >= 0) { snprintf(ttybuf, ttybuflen, "/dev/tty%c%c", a, b); return fd; } #endif #ifdef OPENBSD fd = getPtyMaster_ptm(ttybuf, ttybuflen); if(fd >= 0) { return fd; } #endif /* OPENBSD */ return -EINVAL; } xl2tpd-1.3.12/scheduler.c000066400000000000000000000074421327764040100151500ustar00rootroot00000000000000/* * Layer Two Tunnelling Protocol Daemon * Copyright (C) 1998 Adtran, Inc. * Copyright (C) 2002 Jeff McAdams * * Mark Spencer * * This software is distributed under the terms * of the GPL, which you should have received * along with this source. * * Scheduler code for time based functionality * */ #include #include #include "l2tp.h" #include "scheduler.h" struct schedule_entry *events; void init_scheduler (void) { events = NULL; } struct timeval *process_schedule (struct timeval *ptv) { /* Check queue for events which should be executed right now. Execute them, then see how long we should set the next timer */ struct schedule_entry *p = events; struct timeval now; struct timeval then; while (events) { gettimeofday (&now, NULL); p = events; if (TVLESSEQ (p->tv, now)) { events = events->next; /* This needs to be executed, as it has expired. It is expected that p->func will free p->data if it is necessary */ (*p->func) (p->data); free (p); } else break; } /* When we get here, either there are no more events in the queue, or the remaining events need to happen in the future, so we should schedule another alarm */ if (events) { then.tv_sec = events->tv.tv_sec - now.tv_sec; then.tv_usec = events->tv.tv_usec - now.tv_usec; if (then.tv_usec < 0) { then.tv_sec -= 1; then.tv_usec += 1000000; } if ((then.tv_sec <= 0) && (then.tv_usec <= 0)) { l2tp_log (LOG_WARNING, "%s: Whoa... Scheduling for <=0 time???\n", __FUNCTION__); then.tv_sec = 1; then.tv_usec = 0; } *ptv = then; return ptv; } else { return NULL; } } struct schedule_entry *schedule (struct timeval tv, void (*func) (void *), void *data) { /* Schedule func to be run at relative time tv with data as arguments. If it has already expired, run it immediately. The queue should be in order of increasing time */ struct schedule_entry *p = events, *q = NULL; struct timeval diff; diff = tv; gettimeofday (&tv, NULL); tv.tv_sec += diff.tv_sec; tv.tv_usec += diff.tv_usec; if (tv.tv_usec > 1000000) { tv.tv_sec++; tv.tv_usec -= 1000000; } while (p) { if (TVLESS (tv, p->tv)) break; q = p; p = p->next; }; if (q) { q->next = malloc (sizeof (struct schedule_entry)); q = q->next; } else { q = malloc (sizeof (struct schedule_entry)); events = q; } q->tv = tv; q->func = func; q->data = data; q->next = p; return q; } inline struct schedule_entry *aschedule (struct timeval tv, void (*func) (void *), void *data) { /* Schedule func to be run at absolute time tv in the future with data as arguments */ struct timeval now; gettimeofday (&now, NULL); tv.tv_usec -= now.tv_usec; if (tv.tv_usec < 0) { tv.tv_usec += 1000000; tv.tv_sec--; } tv.tv_sec -= now.tv_sec; return schedule (tv, func, data); } void deschedule (struct schedule_entry *s) { struct schedule_entry *p = events, *q = NULL; if (!s) return; while (p) { if (p == s) { if (q) { q->next = p->next; } else { events = events->next; } free (p); break; } q = p; p = p->next; } } xl2tpd-1.3.12/scheduler.h000066400000000000000000000034701327764040100151520ustar00rootroot00000000000000/* * Layer Two Tunnelling Protocol Daemon * Copyright (C) 1998 Adtran, Inc. * Copyright (C) 2002 Jeff McAdams * * Mark Spencer * * This software is distributed under the terms * of the GPL, which you should have received * along with this source. * * Scheduler structures and functions * */ #ifndef _SCHEDULER_H #define _SCHEDULER_H #include /* * The idea is to provide a general scheduler which can schedule * events to be run periodically */ struct schedule_entry { struct timeval tv; /* Scheduled time to execute */ void (*func) (void *); /* Function to execute */ void *data; /* Data to be passed to func */ struct schedule_entry *next; /* Next entry in queue */ }; extern struct schedule_entry *events; /* Schedule func to be executed with argument data sometime tv in the future. */ struct schedule_entry *schedule (struct timeval tv, void (*func) (void *), void *data); /* Like schedule() but tv represents an absolute time in the future */ struct schedule_entry *aschedule (struct timeval tv, void (*func) (void *), void *data); /* Remove a scheduled event from the queue */ void deschedule (struct schedule_entry *); /* Initialization function */ void init_scheduler (void); /* Scheduled event processor */ struct timeval *process_schedule(struct timeval *); /* Compare two timeval functions and see if a <= b */ #define TVLESS(a,b) ((a).tv_sec == (b).tv_sec ? \ ((a).tv_usec < (b).tv_usec) : \ ((a).tv_sec < (b).tv_sec)) #define TVLESSEQ(a,b) ((a).tv_sec == (b).tv_sec ? \ ((a).tv_usec <= (b).tv_usec) : \ ((a).tv_sec <= (b).tv_sec)) #define TVGT(a,b) ((a).tv_sec == (b).tv_sec ? \ ((a).tv_usec > (b).tv_usec) : \ ((a).tv_sec > (b).tv_sec)) #endif xl2tpd-1.3.12/scripts/000077500000000000000000000000001327764040100145065ustar00rootroot00000000000000xl2tpd-1.3.12/scripts/init.suse000066400000000000000000000112371327764040100163560ustar00rootroot00000000000000#! /bin/sh # Copyright (c) 1995-2003 # Tronicplanet Datendienst GmbH, Simbach am INN, Germany. # All rights reserved. # # Author: Bernhard Thoni # # /etc/init.d/l2tpd # # and its symbolic link # # /(usr/)sbin/rcl2tpd # # LSB compliant service control script; see http://www.linuxbase.org/spec/ # # System startup script for L2TP daemon l2tpd # ### BEGIN INIT INFO # Provides: FOO # Required-Start: $syslog # Required-Stop: $syslog # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Description: Start l2tpd to allow XY and provide YZ # continued on second line by '#' ### END INIT INFO # # Note on Required-Start: It does specify the init script ordering, # not real dependencies. Depencies have to be handled by admin # resp. the configuration tools (s)he uses. # Source SuSE config (if still necessary, most info has been moved) test -r /etc/rc.config && . /etc/rc.config # Check for missing binaries (stale symlinks should not happen) L2TPD_BIN=/usr/sbin/l2tpd test -x $L2TPD_BIN || exit 5 # Check for existence of needed config file and read it #L2TPD_CONFIG=/etc/sysconfig/FOO #test -r $L2TPD_CONFIG || exit 6 #. $L2TPD_CONFIG # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v ditto but be verbose in local rc status # rc_status -v -r ditto and clear the local rc status # rc_failed set local and overall rc status to failed # rc_failed set local and overall rc status to # rc_reset clear local rc status (overall remains) # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks . /etc/rc.status # First reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - insufficient privilege # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signalling is not supported) are # considered a success. case "$1" in start) echo -n "Starting L2TPD" ## Start daemon with startproc(8). If this fails ## the echo return value is set appropriate. # NOTE: startproc returns 0, even if service is # already running to match LSB spec. startproc $L2TPD_BIN >/dev/null 2>&1 # Remember status and be verbose rc_status -v ;; stop) echo -n "Shutting down L2TPD" ## Stop daemon with killproc(8) and if this fails ## set echo the echo return value. killproc -TERM $L2TPD_BIN # Remember status and be verbose rc_status -v ;; try-restart) ## Stop the service and if this succeeds (i.e. the ## service was running before), start it again. ## Note: try-restart is not (yet) part of LSB (as of 0.7.5) $0 status >/dev/null && $0 restart # Remember status and be quiet rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start # Remember status and be quiet rc_status ;; force-reload) ## Signal the daemon to reload its config. Most daemons ## do this on signal 1 (SIGHUP). ## If it does not support it, restart. echo -n "Reload service L2TPD" ## if it supports it: killproc -HUP $L2TPD_BIN #touch /var/run/l2tpd.pid rc_status -v ## Otherwise: #$0 stop && $0 start #rc_status ;; reload) ## Like force-reload, but if daemon does not support ## signalling, do nothing (!) # If it supports signalling: echo -n "Reload service L2TPD" killproc -HUP $L2TPD_BIN #touch /var/run/l2tpd.pid rc_status -v ## Otherwise if it does not support reload: #rc_failed 3 #rc_status -v ;; status) echo -n "Checking for service L2TPD: " ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Return value is slightly different for the status command: # 0 - service running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running # NOTE: checkproc returns LSB compliant status values. checkproc $L2TPD_BIN rc_status -v ;; probe) ## Optional: Probe for the necessity of a reload, ## print out the argument which is required for a reload. test /etc/l2tpd/l2tpd.conf -nt /var/run/l2tpd.pid && echo reload ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" exit 1 ;; esac rc_exit xl2tpd-1.3.12/xl2tpd-control.c000066400000000000000000000332531327764040100160640ustar00rootroot00000000000000/* * Layer Two Tunnelling Protocol Daemon Control Utility * Copyright (C) 2011 Alexander Dorokhov * * This software is distributed under the terms * of the GPL, which you should have received * along with this source. * * xl2tpd-control client main file * */ #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include "l2tp.h" /* Paul: Alex: can we change this to use stdout, and let applications using * xl2tpd-control capture the output, instead of creating tmp files? */ /* result filename format including absolute path and formatting %i for pid */ #define RESULT_FILENAME_FORMAT "/var/run/xl2tpd/xl2tpd-control-%i.out" #define ERROR_LEVEL 1 #define DEBUG_LEVEL 2 #define TUNNEL_REQUIRED 1 #define TUNNEL_NOT_REQUIRED 0 #define TIMEOUT 1000000 //timeout is 1s char result_filename[128]; int result_fd = -1; int log_level = ERROR_LEVEL; void print_error (int level, const char *fmt, ...); int read_result(int result_fd, char* buf, ssize_t size); /* Definition of a command */ struct command_t { char *name; int (*handler) (FILE*, char* tunnel, int optc, char *optv[]); int requires_tunnel; char *help; }; int command_add_lac (FILE*, char* tunnel, int optc, char *optv[]); int command_connect_lac (FILE*, char* tunnel, int optc, char *optv[]); int command_disconnect_lac (FILE*, char* tunnel, int optc, char *optv[]); int command_remove_lac (FILE*, char* tunnel, int optc, char *optv[]); int command_add_lns (FILE*, char* tunnel, int optc, char *optv[]); int command_status_lac (FILE*, char* tunnel, int optc, char *optv[]); int command_status_lns (FILE*, char* tunnel, int optc, char *optv[]); int command_remove_lns (FILE*, char* tunnel, int optc, char *optv[]); int command_available (FILE*, char* tunnel, int optc, char *optv[]); struct command_t commands[] = { /* Keep this command mapping for backwards compat */ {"add", &command_add_lac, TUNNEL_REQUIRED, "\tadd\tadds new or modify existing lac configuration.\n" "\t\tConfiguration must be specified as command options in\n" "\t\t= pairs format.\n" "\t\tSee available options in xl2tpd.conf(5)\n" }, {"connect", &command_connect_lac, TUNNEL_REQUIRED, "\tconnect\ttries to activate the tunnel.\n" "\t\tUsername and secret for the tunnel can be passed as\n" "\t\tcommand options.\n" }, {"disconnect", &command_disconnect_lac, TUNNEL_REQUIRED, "\tdisconnect\tdisconnects the tunnel.\n" }, {"remove", &command_remove_lac, TUNNEL_REQUIRED, "\tremove\tremoves lac configuration from xl2tpd.\n" "\t\txl2tpd disconnects the tunnel before removing.\n" }, /* LAC commands */ {"add-lac", &command_add_lac, TUNNEL_REQUIRED}, {"connect-lac", &command_connect_lac, TUNNEL_REQUIRED}, {"disconnect-lac", &command_disconnect_lac, TUNNEL_REQUIRED}, {"remove-lac", &command_remove_lac, TUNNEL_REQUIRED}, /* LNS commands */ {"add-lns", &command_add_lns, TUNNEL_REQUIRED, "\tadd-lns\tadds new or modify existing lns configuration.\n" }, {"remove-lns", &command_remove_lns, TUNNEL_REQUIRED}, /* Generic commands */ {"status", &command_status_lac, TUNNEL_REQUIRED}, {"status-lns", &command_status_lns, TUNNEL_REQUIRED}, {"available", &command_available, TUNNEL_NOT_REQUIRED}, {NULL, NULL} }; void usage() { int i; printf ("\nxl2tpd server version %s\n", SERVER_VERSION); printf ("Usage: xl2tpd-control [-c ] []\n" "\n" " -c\tspecifies xl2tpd control file\n" " -d\tspecify xl2tpd-control to run in debug mode\n" "--help\tshows extended help\n" ); printf ("Available commands: "); for (i = 0; commands[i].name; i++) { struct command_t *command = &commands[i]; int last = command[1].name == NULL; printf ("%s%s", command->name, !last ? ", " : "\n"); } } void help() { int i; usage(); printf ( "\n" "Commands help:\n" ); for (i = 0; commands[i].name; i++) { struct command_t *command = &commands[i]; if (!command->help) continue; printf ("%s", command->help); } /*FIXME Ha! there is currently no manpage for xl2tpd-control */ printf ("See xl2tpd-control man page for more help\n"); } void cleanup(void) { /* cleaning up */ unlink (result_filename); if (result_fd >= 0) close (result_fd); } int main (int argc, char *argv[]) { char* control_filename = NULL; char* tunnel_name = NULL; struct command_t* command = NULL; int i; /* argv iterator */ if (argv[1] && !strncmp (argv[1], "--help", 6)) { help(); return 0; } /* parse global options */ for (i = 1; i < argc; i++) { if (!strncmp (argv[i], "-c", 2)) { control_filename = argv[++i]; } else if (!strncmp (argv[i], "-d", 2)) { log_level = DEBUG_LEVEL; } else { break; } } if (i >= argc) { print_error (ERROR_LEVEL, "error: command not specified\n"); usage(); return -1; } if (!control_filename) { control_filename = strdup (CONTROL_PIPE); } /* parse command name */ for (command = commands; command->name; command++) { if (!strcasecmp (argv[i], command->name)) { i++; break; } } if (!command->name) { print_error (ERROR_LEVEL, "error: no such command %s\n", argv[i]); return -1; } /* get tunnel name */ if(command->requires_tunnel){ if (i >= argc) { print_error (ERROR_LEVEL, "error: tunnel name not specified\n"); usage(); return -1; } tunnel_name = argv[i++]; /* check tunnel name for whitespaces */ if (strstr (tunnel_name, " ")) { print_error (ERROR_LEVEL, "error: tunnel name shouldn't include spaces\n"); usage(); return -1; } } char buf[CONTROL_PIPE_MESSAGE_SIZE] = ""; FILE* mesf = fmemopen (buf, CONTROL_PIPE_MESSAGE_SIZE, "w"); /* create result pipe for reading */ snprintf (result_filename, 128, RESULT_FILENAME_FORMAT, getpid()); unlink (result_filename); mkfifo (result_filename, 0600); atexit(cleanup); result_fd = open (result_filename, O_RDONLY | O_NONBLOCK, 0600); if (result_fd < 0) { print_error (ERROR_LEVEL, "error: unable to open %s for reading.\n", result_filename); return -2; } /* turn off O_NONBLOCK */ if (fcntl (result_fd, F_SETFL, O_RDONLY) == -1) { print_error (ERROR_LEVEL, "Can not turn off nonblocking mode for result_fd: %s\n", strerror(errno)); return -2; } /* pass result filename to command */ fprintf (mesf, "@%s ", result_filename); if (ferror (mesf)) { print_error (ERROR_LEVEL, "internal error: message buffer to short"); return -2; } /* format command with remaining arguments */ int command_res = command->handler ( mesf, tunnel_name, argc - i, argv + i ); if (command_res < 0) { print_error (ERROR_LEVEL, "error: command parse error\n"); return -1; } fflush (mesf); if (ferror (mesf)) { print_error (ERROR_LEVEL, "error: message too long (max = %i ch.)\n", CONTROL_PIPE_MESSAGE_SIZE - 1); return -1; } print_error (DEBUG_LEVEL, "command to be passed:\n%s\n", buf); /* try to open control file for writing */ int control_fd = open (control_filename, O_WRONLY | O_NONBLOCK, 0600); if (control_fd < 0) { int errorno = errno; switch (errorno) { case EACCES: print_error (ERROR_LEVEL, "Unable to open %s for writing." " Is xl2tpd running and you have appropriate permissions?\n", control_filename); break; default: print_error (ERROR_LEVEL, "Unable to open %s for writing: %s\n", control_filename, strerror (errorno)); } return -1; } /* turn off O_NONBLOCK */ if (fcntl (control_fd, F_SETFL, O_WRONLY) == -1) { print_error (ERROR_LEVEL, "Can not turn off nonblocking mode for control_fd: %s\n", strerror(errno)); return -2; } /* pass command to control pipe */ if (write (control_fd, buf, ftell (mesf)) < 0) { int errorno = errno; print_error (ERROR_LEVEL, "Unable to write to %s: %s\n", control_filename, strerror (errorno)); close (control_fd); return -1; } close (control_fd); /* read result from pipe */ char rbuf[CONTROL_PIPE_MESSAGE_SIZE] = ""; int command_result_code = read_result ( result_fd, rbuf, CONTROL_PIPE_MESSAGE_SIZE ); /* rbuf contains a newline, make it double to form a boundary. */ print_error (DEBUG_LEVEL, "command response: \n%s\n", rbuf); return command_result_code; } void print_error (int level, const char *fmt, ...) { if (level > log_level) return; va_list args; va_start (args, fmt); fprintf (stderr, "xl2tpd-control: "); vfprintf (stderr, fmt, args); va_end (args); } int read_result(int result_fd, char* buf, ssize_t size) { /* read result from result_fd */ /*FIXME: there is a chance to hang up reading. Should I create watching thread with timeout? */ ssize_t readed = 0; ssize_t len; int write_pipe = 0; struct timeval tvs; struct timeval tve; unsigned long diff; gettimeofday(&tvs, NULL); do { len = read (result_fd, buf + readed, size - readed); if (len < 0) { if (errno == EINTR) continue; print_error (ERROR_LEVEL, "error: can't read command result: %s\n", strerror (errno)); break; } else if (len == 0) { if(!write_pipe) { gettimeofday(&tve, NULL); diff = (tve.tv_sec - tvs.tv_sec) * 1000000 + (tve.tv_usec - tvs.tv_usec); if (diff >= TIMEOUT) { print_error (DEBUG_LEVEL, "error: read timout\n"); break; } else { usleep(10); continue; } } break; } else { write_pipe = 1; readed += len; if ((size - readed) <= 0) break; } } while (1); buf[readed] = '\0'; /* scan result code */ int command_result_code = -3; sscanf (buf, "%i", &command_result_code); return command_result_code; } int command_add (FILE* mesf, char* tunnel, int optc, char *optv[], int reqopt) { if (optc <= 0) { print_error (ERROR_LEVEL, "error: tunnel configuration expected\n"); return -1; } fprintf (mesf, "%c %s ", reqopt, tunnel); int i; int wait_key = 1; for (i = 0; i < optc; i++) { fprintf (mesf, "%s", optv[i]); if (wait_key) { /* try to find '=' */ char* eqv = strstr (optv[i], "="); if (eqv) { /* check is it not last symbol */ if (eqv != (optv[i] + strlen(optv[i]) - 1)) { fprintf (mesf, ";"); /* end up option */ } else { wait_key = 0; /* now we waiting for value */ } } else { /* two-word key */ fprintf (mesf, " "); /* restore space */ } } else { fprintf (mesf, ";"); /* end up option */ wait_key = 1; /* now we again waiting for key */ } } return 0; } int command_add_lac (FILE* mesf, char* tunnel, int optc, char *optv[]) { return command_add(mesf, tunnel, optc, optv, CONTROL_PIPE_REQ_LAC_ADD_MODIFY); } int command_add_lns (FILE* mesf, char* tunnel, int optc, char *optv[]) { return command_add(mesf, tunnel, optc, optv, CONTROL_PIPE_REQ_LNS_ADD_MODIFY); } int command_connect_lac (FILE* mesf, char* tunnel, int optc, char *optv[]) { fprintf (mesf, "%c %s", CONTROL_PIPE_REQ_LAC_CONNECT, tunnel); /* try to read authname and password from opts */ if (optc > 0) { if (optc == 1) fprintf (mesf, " %s", optv[0]); else // optc >= 2 fprintf (mesf, " %s %s", optv[0], optv[1]); } return 0; } int command_disconnect_lac (FILE* mesf, char* tunnel, int optc, char *optv[]) { fprintf (mesf, "%c %s", CONTROL_PIPE_REQ_LAC_DISCONNECT, tunnel); return 0; } int command_remove_lac (FILE* mesf, char* tunnel, int optc, char *optv[]) { fprintf (mesf, "%c %s", CONTROL_PIPE_REQ_LAC_REMOVE, tunnel); return 0; } int command_status_lns (FILE* mesf, char* tunnel, int optc, char *optv[]) { fprintf (mesf, "%c %s", CONTROL_PIPE_REQ_LNS_STATUS, tunnel); return 0; } int command_status_lac (FILE* mesf, char* tunnel, int optc, char *optv[]) { fprintf (mesf, "%c %s", CONTROL_PIPE_REQ_LAC_STATUS, tunnel); return 0; } int command_available (FILE* mesf, char* tunnel, int optc, char *optv[]) { fprintf (mesf, "%c %s", CONTROL_PIPE_REQ_AVAILABLE, tunnel); return 0; } int command_remove_lns (FILE* mesf, char* tunnel, int optc, char *optv[]) { fprintf (mesf, "%c %s", CONTROL_PIPE_REQ_LNS_REMOVE, tunnel); return 0; } xl2tpd-1.3.12/xl2tpd.c000066400000000000000000001516311327764040100144070ustar00rootroot00000000000000/* * Layer Two Tunnelling Protocol Daemon * Copyright (C) 1998 Adtran, Inc. * Copyright (C) 2002 Jeff McAdams * * * Mark Spencer * * This software is distributed under the terms * of the GPL, which you should have received * along with this source. * * Main Daemon source. * */ #define _ISOC99_SOURCE #define _XOPEN_SOURCE #define _BSD_SOURCE #define _DEFAULT_SOURCE #define _XOPEN_SOURCE_EXTENDED 1 #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #ifndef LINUX # include #endif #include #include #include #include #include #include #include "l2tp.h" struct tunnel_list tunnels; int rand_source; int ppd = 1; /* Packet processing delay */ int control_fd; /* descriptor of control area */ char *args; char *dial_no_tmp; /* jz: Dialnumber for Outgoing Call */ int switch_io = 0; /* jz: Switch for Incoming or Outgoing Call */ static void open_controlfd(void); volatile sig_atomic_t sigterm_received; volatile sig_atomic_t sigint_received; volatile sig_atomic_t sigchld_received; volatile sig_atomic_t sigusr1_received;; volatile sig_atomic_t sighup_received; struct control_requests_handler { char type; int (*handler) (FILE* resf, char* bufp); }; int control_handle_available(FILE* resf, char* bufp); int control_handle_lns_add_modify(FILE* resf, char* bufp); int control_handle_lns_status(FILE* resf, char* bufp); int control_handle_tunnel(FILE* respf, char* bufp); int control_handle_lac_connect(FILE* resf, char* bufp); int control_handle_lac_outgoing_call(FILE* resf, char* bufp); int control_handle_lac_hangup(FILE* resf, char* bufp); int control_handle_lac_disconnect(FILE* resf, char* bufp); int control_handle_lac_add_modify(FILE* resf, char* bufp); int control_handle_lac_remove(FILE* resf, char* bufp); int control_handle_lac_status(FILE* resf, char* bufp); int control_handle_lns_remove(FILE* resf, char* bufp); struct control_requests_handler control_handlers[] = { {CONTROL_PIPE_REQ_AVAILABLE, &control_handle_available}, {CONTROL_PIPE_REQ_LNS_ADD_MODIFY, &control_handle_lns_add_modify}, {CONTROL_PIPE_REQ_LNS_STATUS, &control_handle_lns_status}, {CONTROL_PIPE_REQ_TUNNEL, &control_handle_tunnel}, {CONTROL_PIPE_REQ_LAC_CONNECT, &control_handle_lac_connect}, {CONTROL_PIPE_REQ_LAC_OUTGOING_CALL, &control_handle_lac_outgoing_call}, {CONTROL_PIPE_REQ_LAC_HANGUP, &control_handle_lac_hangup}, {CONTROL_PIPE_REQ_LAC_DISCONNECT, &control_handle_lac_disconnect}, {CONTROL_PIPE_REQ_LAC_ADD_MODIFY, &control_handle_lac_add_modify}, {CONTROL_PIPE_REQ_LAC_REMOVE, &control_handle_lac_remove}, {CONTROL_PIPE_REQ_LAC_STATUS, &control_handle_lac_status}, {CONTROL_PIPE_REQ_LNS_REMOVE, &control_handle_lns_remove}, {0, NULL} }; void init_tunnel_list (struct tunnel_list *t) { t->head = NULL; t->count = 0; t->calls = 0; } /* Now sends to syslog instead - MvO */ void show_status (void) { struct schedule_entry *se; struct tunnel *t; struct call *c; struct lns *tlns; struct lac *tlac; struct host *h; unsigned long cnt = 0; int s = 0; l2tp_log (LOG_WARNING, "====== xl2tpd statistics ========\n"); l2tp_log (LOG_WARNING, " Scheduler entries:\n"); se = events; while (se) { s++; t = (struct tunnel *) se->data; tlac = (struct lac *) se->data; c = (struct call *) se->data; if (se->func == &hello) { l2tp_log (LOG_WARNING, "%d: HELLO to %d\n", s, t->tid); } else if (se->func == &magic_lac_dial) { l2tp_log (LOG_WARNING, "%d: Magic dial on %s\n", s, tlac->entname); } else if (se->func == &send_zlb) { l2tp_log (LOG_WARNING, "%d: Send payload ZLB on call %d:%d\n", s, c->container->tid, c->cid); } else if (se->func == &dethrottle) { l2tp_log (LOG_WARNING, "%d: Dethrottle call %d:%d\n", s, c->container->tid, c->cid); } else if (se->func == &control_xmit) { l2tp_log (LOG_WARNING, "%d: Control xmit on %d\n", s,((struct buffer *)se->data)->tunnel->tid); } else l2tp_log (LOG_WARNING, "%d: Unknown event\n", s); se = se->next; }; l2tp_log (LOG_WARNING, "Total Events scheduled: %d\n", s); l2tp_log (LOG_WARNING, "Number of tunnels open: %d\n", tunnels.count); t = tunnels.head; while (t) { l2tp_log (LOG_WARNING, "Tunnel %s, ID = %d (local), %d (remote) to %s:%d," " control_seq_num = %d, control_rec_seq_num = %d," " cLr = %d, call count = %d ref=%u/refhim=%u", (t->lac ? t->lac->entname : (t->lns ? t->lns->entname : "")), t->ourtid, t->tid, IPADDY (t->peer.sin_addr), ntohs (t->peer.sin_port), t->control_seq_num, t->control_rec_seq_num, t->cLr, t->count, t->refme, t->refhim); c = t->call_head; while (c) { cnt++; l2tp_log (LOG_WARNING, "Call %s # %lu, ID = %d (local), %d (remote), serno = %u," " data_seq_num = %d, data_rec_seq_num = %d," " pLr = %d, tx = %u bytes (%u), rx= %u bytes (%u)", (c->lac ? c->lac-> entname : (c->lns ? c->lns->entname : "")), cnt, c->ourcid, c->cid, c->serno, c->data_seq_num, c->data_rec_seq_num, c->pLr, c->tx_bytes, c->tx_pkts, c->rx_bytes, c->rx_pkts); c = c->next; } t = t->next; } l2tp_log (LOG_WARNING, "==========Config File===========\n"); tlns = lnslist; while (tlns) { l2tp_log (LOG_WARNING, "LNS entry %s\n", tlns->entname[0] ? tlns->entname : "(unnamed)"); tlns = tlns->next; }; tlac = laclist; while (tlac) { l2tp_log (LOG_WARNING, "LAC entry %s, LNS is/are:", tlac->entname[0] ? tlac->entname : "(unnamed)"); h = tlac->lns; if (h) { while (h) { l2tp_log (LOG_WARNING, " %s", h->hostname); h = h->next; } } else l2tp_log (LOG_WARNING, " [none]"); tlac = tlac->next; }; l2tp_log (LOG_WARNING, "================================\n"); } void null_handler(int sig) { /* FIXME * A sighup is received when a call is terminated, unknown origine .. * I catch it and ll looks good, but .. */ } void status_handler (int sig) { show_status (); } void child_handler (int signal) { /* * Oops, somebody we launched was killed. * It's time to reap them and close that call. * But first, we have to find out what PID died. * unfortunately, pppd will */ struct tunnel *t; struct call *c; pid_t pid; int status; /* Keep looping until all are cleared */ for(;;) { pid = waitpid (-1, &status, WNOHANG); if (pid < 1) { /* * Oh well, nobody there. Maybe we reaped it * somewhere else already */ return; } /* find the call that "owned" the pppd which just died */ t = tunnels.head; while (t) { c = t->call_head; t = t->next; while (c) { if (c->pppd == pid) { if ( WIFEXITED( status ) ) { l2tp_log (LOG_DEBUG, "%s : pppd exited for call %d with code %d\n", __FUNCTION__, c->cid, WEXITSTATUS( status ) ); } else if( WIFSIGNALED( status ) ) { l2tp_log (LOG_DEBUG, "%s : pppd terminated for call %d by signal %d\n", __FUNCTION__, c->cid, WTERMSIG( status ) ); } else { l2tp_log (LOG_DEBUG, "%s : pppd exited for call %d for unknown reason\n", __FUNCTION__, c->cid ); } c->needclose = -1; /* * OK...pppd died, we can go ahead and close the pty for * it */ #ifdef USE_KERNEL if (!kernel_support) #endif close (c->fd); c->fd = -1; /* * terminate tunnel and call loops, returning to the * for(;;) loop (and possibly get the next pid) */ t = NULL; break; } c = c->next; } } } } void death_handler (int signal) { /* * If we get here, somebody terminated us with a kill or a control-c. * we call call_close on each tunnel twice to get a StopCCN out * for each one (we can't pause to make sure it's received. * Then we close the connections */ struct tunnel *st, *st2; int sec; l2tp_log (LOG_CRIT, "%s: Fatal signal %d received\n", __FUNCTION__, signal); #ifdef USE_KERNEL if (kernel_support || signal != SIGTERM) { #else if (signal != SIGTERM) { #endif st = tunnels.head; while (st) { st2 = st->next; strcpy (st->self->errormsg, "Server closing"); sec = st->self->closing; if (st->lac) st->lac->redial = 0; call_close (st->self); if (!sec) { st->self->closing = -1; call_close (st->self); } st = st2; } } /* erase pid and control files */ unlink (gconfig.pidfile); unlink (gconfig.controlfile); free(dial_no_tmp); close(server_socket); close(control_fd); closelog(); exit (1); } void sigterm_handler(int sig) { sigterm_received = 1; } void sigint_handler(int sig) { sigint_received = 1; } void sigchld_handler(int sig) { sigchld_received = 1; } void sigusr1_handler(int sig) { sigusr1_received = 1; } void sighup_handler(int sig) { sighup_received = 1; } void process_signal(void) { if (sigterm_received) { sigterm_received = 0; death_handler(SIGTERM); } if (sigint_received) { sigint_received = 0; death_handler(SIGINT); } if (sigchld_received) { sigchld_received = 0; child_handler(SIGCHLD); } if (sigusr1_received) { sigusr1_received = 0; status_handler(SIGUSR1); } if (sighup_received) { sighup_received = 0; null_handler(SIGHUP); } } int start_pppd (struct call *c, struct ppp_opts *opts) { /* char a, b; */ char tty[512]; char *stropt[80]; #ifdef USE_KERNEL struct sockaddr_pppol2tp sax; int flags; #endif int pos = 1; int fd2 = -1; #ifdef DEBUG_PPPD int x; #endif struct termios ptyconf; struct call *sc; struct tunnel *st; stropt[0] = strdup (PPPD); if (c->pppd > 0) { l2tp_log(LOG_WARNING, "%s: PPP already started on call!\n", __FUNCTION__); return -EINVAL; } if (c->fd > -1) { l2tp_log (LOG_WARNING, "%s: file descriptor already assigned!\n", __FUNCTION__); return -EINVAL; } #ifdef USE_KERNEL if (kernel_support) { fd2 = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP); if (fd2 < 0) { l2tp_log (LOG_WARNING, "%s: Unable to allocate PPPoL2TP socket.\n", __FUNCTION__); return -EINVAL; } flags = fcntl(fd2, F_GETFL); if (flags == -1 || fcntl(fd2, F_SETFL, flags | O_NONBLOCK) == -1) { l2tp_log (LOG_WARNING, "%s: Unable to set PPPoL2TP socket nonblock.\n", __FUNCTION__); return -EINVAL; } memset(&sax, 0, sizeof(sax)); sax.sa_family = AF_PPPOX; sax.sa_protocol = PX_PROTO_OL2TP; sax.pppol2tp.fd = c->container->udp_fd; sax.pppol2tp.addr.sin_addr.s_addr = c->container->peer.sin_addr.s_addr; sax.pppol2tp.addr.sin_port = c->container->peer.sin_port; sax.pppol2tp.addr.sin_family = AF_INET; sax.pppol2tp.s_tunnel = c->container->ourtid; sax.pppol2tp.s_session = c->ourcid; sax.pppol2tp.d_tunnel = c->container->tid; sax.pppol2tp.d_session = c->cid; if (connect(fd2, (struct sockaddr *)&sax, sizeof(sax)) < 0) { l2tp_log (LOG_WARNING, "%s: Unable to connect PPPoL2TP socket.\n", __FUNCTION__); close(fd2); return -EINVAL; } stropt[pos++] = strdup ("plugin"); stropt[pos++] = strdup ("pppol2tp.so"); stropt[pos++] = strdup ("pppol2tp"); stropt[pos] = malloc (10); snprintf (stropt[pos], 10, "%d", fd2); pos++; if (c->container->lns) { stropt[pos++] = strdup ("pppol2tp_lns_mode"); stropt[pos++] = strdup ("pppol2tp_tunnel_id"); stropt[pos] = malloc (10); snprintf (stropt[pos], 10, "%d", c->container->ourtid); pos++; stropt[pos++] = strdup ("pppol2tp_session_id"); stropt[pos] = malloc (10); snprintf (stropt[pos], 10, "%d", c->ourcid); pos++; } } else #endif { if ((c->fd = getPtyMaster (tty, sizeof(tty))) < 0) { l2tp_log (LOG_WARNING, "%s: unable to allocate pty, abandoning!\n", __FUNCTION__); return -EINVAL; } /* set fd opened above to not echo so we don't see read our own packets back of the file descriptor that we just wrote them to */ tcgetattr (c->fd, &ptyconf); *(c->oldptyconf) = ptyconf; ptyconf.c_cflag &= ~(ICANON | ECHO); ptyconf.c_lflag &= ~ECHO; tcsetattr (c->fd, TCSANOW, &ptyconf); if(fcntl(c->fd, F_SETFL, O_NONBLOCK)!=0) { l2tp_log(LOG_WARNING, "failed to set nonblock: %s\n", strerror(errno)); return -EINVAL; } fd2 = open (tty, O_RDWR); if (fd2 < 0) { l2tp_log (LOG_WARNING, "unable to open tty %s, cannot start pppd", tty); return -EINVAL; } stropt[pos++] = strdup(tty); } { struct ppp_opts *p = opts; int maxn_opts = sizeof(stropt) / sizeof(stropt[0]) - 1; while (p && pos < maxn_opts) { stropt[pos] = strdup (p->option); pos++; p = p->next; } stropt[pos] = NULL; } #ifdef DEBUG_PPPD l2tp_log (LOG_DEBUG, "%s: I'm running: \n", __FUNCTION__); for (x = 0; stropt[x]; x++) { l2tp_log (LOG_DEBUG, "\"%s\" \n", stropt[x]); }; #endif #ifdef __uClinux__ c->pppd = vfork (); #else c->pppd = fork (); #endif if (c->pppd < 0) { /* parent */ l2tp_log(LOG_WARNING,"%s: unable to fork(), abandoning!\n", __FUNCTION__); close(fd2); return -EINVAL; } else if (!c->pppd) { /* child */ close (0); /* redundant; the dup2() below would do that, too */ close (1); /* ditto */ /* close (2); No, we want to keep the connection to /dev/null. */ #ifdef USE_KERNEL if (!kernel_support) #endif { /* connect the pty to stdin and stdout */ dup2 (fd2, 0); dup2 (fd2, 1); close(fd2); } /* close all the calls pty fds */ st = tunnels.head; while (st) { #ifdef USE_KERNEL if (kernel_support) { if(st->udp_fd!=-1) close(st->udp_fd); /* tunnel UDP fd */ if(st->pppox_fd!=-1) close(st->pppox_fd); /* tunnel PPPoX fd */ } else #endif { sc = st->call_head; while (sc) { if(sc->fd!=-1) close (sc->fd); /* call pty fd */ sc = sc->next; } } st = st->next; } /* close the UDP socket fd */ if(server_socket!=-1) close (server_socket); /* close the control pipe fd */ if(control_fd!=-1) close (control_fd); if( c->dialing[0] ) { setenv( "CALLER_ID", c->dialing, 1 ); } execv (PPPD, stropt); l2tp_log (LOG_WARNING, "%s: Exec of %s failed!\n", __FUNCTION__, PPPD); _exit (1); } close (fd2); pos = 0; while (stropt[pos]) { free (stropt[pos]); pos++; }; return 0; } void destroy_tunnel (struct tunnel *t) { /* * Immediately destroy a tunnel (and all its calls) * and free its resources. This may be called * by the tunnel itself,so it needs to be * "suicide safe" */ struct call *c, *me, *next; struct tunnel *p; struct timeval tv; if (!t) return; /* * Save ourselves until the very * end, since we might be calling this ourselves. * We must divorce ourself from the tunnel * structure, however, to avoid recursion * because of the logic of the destroy_call */ me = t->self; /* * Destroy all the member calls */ c = t->call_head; while (c) { next = c->next; destroy_call (c); c = next; }; /* * Remove ourselves from the list of tunnels */ if (tunnels.head == t) { tunnels.head = t->next; tunnels.count--; } else { p = tunnels.head; if (p) { while (p->next && (p->next != t)) p = p->next; if (p->next) { p->next = t->next; tunnels.count--; } else { l2tp_log (LOG_WARNING, "%s: unable to locate tunnel in tunnel list\n", __FUNCTION__); } } else { l2tp_log (LOG_WARNING, "%s: tunnel list is empty!\n", __FUNCTION__); } } if (t->lac) { t->lac->t = NULL; if (t->lac->redial && (t->lac->rtimeout > 0) && !t->lac->rsched && t->lac->active) { l2tp_log (LOG_INFO, "Will redial in %d seconds\n", t->lac->rtimeout); tv.tv_sec = t->lac->rtimeout; tv.tv_usec = 0; t->lac->rsched = schedule (tv, magic_lac_dial, t->lac); } } /* XXX L2TP/IPSec: remove relevant SAs here? NTB 20011010 * XXX But what if another tunnel is using same SA? */ if (t->lns) t->lns->t = NULL; if (t->chal_us.challenge) free (t->chal_us.challenge); if (t->chal_them.challenge) free (t->chal_them.challenge); /* we need no free(t->chal_us.vector) here because we malloc() and free() the memory pointed to by t->chal_us.vector at some other place */ if (t->chal_them.vector) free (t->chal_them.vector); if (t->pppox_fd > -1 ) close (t->pppox_fd); if (t->udp_fd > -1 ) close (t->udp_fd); destroy_call (me); free (t); } struct tunnel *l2tp_call (char *host, int port, struct lac *lac, struct lns *lns) { /* * Establish a tunnel from us to host * on port port */ struct call *tmp = NULL; struct hostent *hp; struct in_addr addr; port = htons (port); hp = gethostbyname (host); if (!hp) { l2tp_log (LOG_WARNING, "Host name lookup failed for %s.\n", host); return NULL; } bcopy (hp->h_addr, &addr.s_addr, hp->h_length); /* Force creation of a new tunnel and set it's tid to 0 to cause negotiation to occur */ /* * to do IPsec properly here, we need to set a socket policy, * and/or communicate with pluto. */ tmp = get_call (0, 0, addr, port, IPSEC_SAREF_NULL, IPSEC_SAREF_NULL); if (!tmp) { l2tp_log (LOG_WARNING, "%s: Unable to create tunnel to %s.\n", __FUNCTION__, host); return NULL; } tmp->container->tid = 0; tmp->container->lac = lac; tmp->container->lns = lns; tmp->lac = lac; tmp->lns = lns; if (lac) lac->t = tmp->container; if (lns) lns->t = tmp->container; /* * Since our state is 0, we will establish a tunnel now */ l2tp_log (LOG_NOTICE, "Connecting to host %s, port %d\n", host, ntohs (port)); control_finish (tmp->container, tmp); return tmp->container; } void magic_lac_tunnel (void *data) { struct lac *lac; lac = (struct lac *) data; if (!lac) { l2tp_log (LOG_WARNING, "%s: magic_lac_tunnel: called on NULL lac!\n", __FUNCTION__); return; } if (lac->lns) { /* FIXME: I should try different LNS's if I get failures */ l2tp_call (lac->lns->hostname, lac->lns->port, lac, NULL); } else if (deflac && deflac->lns) { l2tp_call (deflac->lns->hostname, deflac->lns->port, lac, NULL); } else { l2tp_log (LOG_WARNING, "%s: Unable to find hostname to dial for '%s'\n", __FUNCTION__, lac->entname); } } struct call *lac_call (int tid, struct lac *lac, struct lns *lns) { struct tunnel *t = tunnels.head; struct call *tmp; while (t) { if (t->ourtid == tid) { tmp = new_call (t); if (!tmp) { l2tp_log (LOG_WARNING, "%s: unable to create new call\n", __FUNCTION__); return NULL; } tmp->next = t->call_head; t->call_head = tmp; t->count++; tmp->cid = 0; tmp->lac = lac; tmp->lns = lns; if (lac) lac->c = tmp; l2tp_log (LOG_NOTICE, "Calling on tunnel %d\n", tid); strcpy (tmp->dial_no, dial_no_tmp); /* jz: copy dialnumber to tmp->dial_no */ control_finish (t, tmp); return tmp; } t = t->next; }; l2tp_log (LOG_DEBUG, "%s: No such tunnel %d to generate call.\n", __FUNCTION__, tid); return NULL; } void magic_lac_dial (void *data) { struct lac *lac; lac = (struct lac *) data; if (!lac) { l2tp_log (LOG_WARNING, "%s : called on NULL lac!\n", __FUNCTION__); return; } if (!lac->active) { l2tp_log (LOG_DEBUG, "%s: LAC %s not active", __FUNCTION__, lac->entname); return; } lac->rsched = NULL; lac->rtries++; if (lac->rmax && (lac->rtries > lac->rmax)) { l2tp_log (LOG_INFO, "%s: maximum retries exceeded.\n", __FUNCTION__); return; } if (!lac->t) { #ifdef DEGUG_MAGIC l2tp_log (LOG_DEBUG, "%s : tunnel not up! Connecting!\n", __FUNCTION__); #endif magic_lac_tunnel (lac); return; } lac_call (lac->t->ourtid, lac, NULL); } void lac_hangup (int cid) { struct tunnel *t = tunnels.head; struct call *tmp; while (t) { tmp = t->call_head; while (tmp) { if (tmp->ourcid == cid) { l2tp_log (LOG_INFO, "%s :Hanging up call %d, Local: %d, Remote: %d\n", __FUNCTION__, tmp->serno, tmp->ourcid, tmp->cid); strcpy (tmp->errormsg, "Goodbye!"); /* tmp->needclose = -1; */ kill (tmp->pppd, SIGTERM); return; } tmp = tmp->next; } t = t->next; }; l2tp_log (LOG_DEBUG, "%s : No such call %d to hang up.\n", __FUNCTION__, cid); return; } void lac_disconnect (int tid) { struct tunnel *t = tunnels.head; while (t) { if (t->ourtid == tid) { l2tp_log (LOG_INFO, "Disconnecting from %s, Local: %d, Remote: %d\n", IPADDY (t->peer.sin_addr), t->ourtid, t->tid); t->self->needclose = -1; strcpy (t->self->errormsg, "Goodbye!"); call_close (t->self); return; } t = t->next; }; l2tp_log (LOG_DEBUG, "No such tunnel %d to hang up.\n", tid); return; } struct tunnel *new_tunnel () { struct tunnel *tmp = calloc (1, sizeof (struct tunnel)); unsigned char entropy_buf[2] = "\0"; if (!tmp) return NULL; tmp->debug = -1; tmp->tid = -1; #ifndef TESTING /* while(get_call((tmp->ourtid = rand() & 0xFFFF),0,0,0)); */ /* tmp->ourtid = rand () & 0xFFFF; */ /* get_entropy((char *)&tmp->ourtid, 2); */ get_entropy(entropy_buf, 2); { unsigned short *temp; temp = (unsigned short *)entropy_buf; tmp->ourtid = *temp & 0xFFFF; #ifdef DEBUG_ENTROPY l2tp_log(LOG_DEBUG, "ourtid = %u, entropy_buf = %hx\n", tmp->ourtid, *temp); #endif } #else tmp->ourtid = 0x6227; #endif tmp->peer.sin_family = AF_INET; bzero (&(tmp->peer.sin_addr), sizeof (tmp->peer.sin_addr)); #ifdef SANITY tmp->sanity = -1; #endif tmp->qtid = -1; tmp->ourfc = ASYNC_FRAMING | SYNC_FRAMING; tmp->ourtb = (((_u64) rand ()) << 32) | ((_u64) rand ()); tmp->fc = -1; /* These really need to be specified by the peer */ tmp->bc = -1; /* And we want to know if they forgot */ if (!(tmp->self = new_call (tmp))) { free (tmp); return NULL; }; tmp->ourrws = DEFAULT_RWS_SIZE; tmp->self->ourfbit = FBIT; tmp->rxspeed = DEFAULT_RX_BPS; tmp->txspeed = DEFAULT_TX_BPS; memset (tmp->chal_us.reply, 0, MD_SIG_SIZE); memset (tmp->chal_them.reply, 0, MD_SIG_SIZE); tmp->chal_them.vector = malloc (VECTOR_SIZE); return tmp; } void write_res (FILE* res_file, const char *fmt, ...) { if (!res_file || ferror (res_file) || feof (res_file)) return; va_list args; va_start (args, fmt); vfprintf (res_file, fmt, args); va_end (args); } int parse_one_line (char* bufp, int context, void* tc) { /* FIXME: I should check for incompatible options */ char *s, *d, *t; int linenum = 0; s = strtok (bufp, ";"); // parse options token by token while (s != NULL) { linenum++; while ((*s < 33) && *s) s++; /* Skip over beginning white space */ t = s + strlen (s); while ((t >= s) && (*t < 33)) *(t--) = 0; /* Ditch trailing white space */ if (!strlen (s)) continue; if (!(t = strchr (s, '='))) { l2tp_log (LOG_WARNING, "%s: token %d: no '=' in data\n", __FUNCTION__, linenum); return -1; } d = t; d--; t++; while ((d >= s) && (*d < 33)) d--; d++; *d = 0; while (*t && (*t < 33)) t++; #ifdef DEBUG_CONTROL l2tp_log (LOG_DEBUG, "%s: field is %s, value is %s\n", __FUNCTION__, s, t); #endif /* Okay, bit twidling is done. Let's handle this */ switch (parse_one_option (s, t, context, tc)) { case -1: l2tp_log (LOG_WARNING, "%s: error token %d\n", __FUNCTION__, linenum); return -1; case -2: l2tp_log (LOG_CRIT, "%s: token %d: Unknown field '%s'\n", __FUNCTION__, linenum, s); return -1; } s = strtok (NULL, ";"); } return 0; } int parse_one_line_lac (char* bufp, struct lac *tc){ return parse_one_line(bufp, CONTEXT_LAC, tc); } int parse_one_line_lns (char* bufp, struct lns *tc){ return parse_one_line(bufp, CONTEXT_LNS, tc); } struct lns* find_lns_by_name(char* name){ struct lns *cursor; /* ml: First check to see if we are searching for default */ if(strcmp(name, "default") == 0){ return deflns; } cursor = lnslist; while (cursor) { if(strcasecmp (cursor->entname, name) ==0){ return cursor; } cursor = cursor->next; }; return NULL; /* ml: Ok we could not find anything*/ } int control_handle_available(FILE* resf, char* bufp){ struct lac *lac; struct lns *lns; write_res (resf, "%02i OK\n", 0); lns = lnslist; int lns_count = 0; while (lns) { write_res (resf, "%02i AVAILABLE lns.%d.name=%s\n", 0, lns_count, lns->entname); lns_count++; lns= lns->next; }; /* Can the default really be NULL?*/ if(deflns){ write_res (resf, "%02i AVAILABLE lns.%d.name=%s\n", 0, lns_count, deflns->entname); lns_count++; } write_res (resf, "%02i AVAILABLE lns.count=%d\n", 0, lns_count); lac = laclist; int lac_count = 0; while (lac) { write_res (resf, "%02i AVAILABLE lac.%d.name=%s\n", 0, lac_count, lac->entname); lac_count++; lac= lac->next; }; if(deflac){ write_res (resf, "%02i AVAILABLE lac.%d.name=%s\n", 0, lac_count, deflac->entname); lac_count++; } write_res (resf, "%02i AVAILABLE lac.count=%d\n", 0, lac_count); struct tunnel *st; st = tunnels.head; while (st) { write_res (resf, "%02i AVAILABLE tunnel %p, id %d, ourtid %d has %d calls and self %p\n", 0, st, st->tid, st->ourtid, st->count, st->self); st = st->next; } write_res (resf, "%02i AVAILABLE tunnels count=%d\n", 0, tunnels.count); write_res (resf, "%02i AVAILABLE calls count=%d\n", 0, tunnels.calls); return 1; } int control_handle_lns_add_modify(FILE* resf, char* bufp){ struct lns *lns; char* tunstr; char delims[] = " "; tunstr = strtok (&bufp[1], delims); lns = find_lns_by_name(tunstr); if(!lns){ lns = new_lns(); if(lns){ /* This seems a bit stupid, but new_lns() can return NULL */ /* ml: Give me a name please :) */ strncpy (lns->entname, tunstr, sizeof (lns->entname)); /* ml: Is there any good reason why I cant add it now? */ lns->next = lnslist; lnslist = lns; } } if(lns){ bufp = tunstr + strlen (tunstr) + 1; if (parse_one_line_lns (bufp, lns)) { write_res (resf, "%02i Configuration parse error\n", 3); }else{ write_res (resf, "%02i OK: Saved value\n", 0); } }else{ write_res (resf, "%02i Error: Could not find lns and could not create it\n", 1); } return 1; } int control_handle_lns_remove(FILE* resf, char* bufp){ char *tunstr; struct lns* lns; struct lns* prev_lns; struct tunnel* t; struct call* c; tunstr = strchr (bufp, ' ') + 1; lns = lnslist; prev_lns = NULL; while (lns && strcasecmp (lns->entname, tunstr) != 0) { prev_lns = lns; lns= lns->next; } if (!lns) { l2tp_log (LOG_DEBUG, "No such tunnel '%s'\n", tunstr); write_res (resf, "%02i No such tunnel '%s'\n", 1, tunstr); return 0; } /* We need to destroy the tunnels associated with this guy */ t = tunnels.head; while(t){ if(t->lns == lns){ c = t->call_head; while (c) { call_close (c); c = c->next; }; } t = t->next; } if (prev_lns == NULL){ lnslist = lns->next; }else{ prev_lns->next = lns->next; } free(lns); write_res (resf, "%02i OK\n", 0); return 1; } int control_handle_lns_status(FILE* resf, char* bufp){ struct lns *lns; char* tunstr; char delims[] = " "; tunstr = strtok (&bufp[1], delims); lns = find_lns_by_name(tunstr); if(lns){ /* Lets keep it simple, what is useful first */ write_res (resf, "%02i OK\n", 0); int active_tunnel_count = 0; struct tunnel* t = tunnels.head; while(t){ if(t->lns == lns){ /* Lets provide some information on each tunnel */ write_res (resf, "%02i STATUS tunnels.%d.id=%d\n", 0, active_tunnel_count, t->tid); write_res (resf, "%02i STATUS tunnels.%d.peer=%s:%d\n", 0, active_tunnel_count, IPADDY (t->peer.sin_addr), ntohs (t->peer.sin_port)); /* And some call stats */ struct call *c = t->call_head; int active_call_count = 0; while(c){ write_res (resf, "%02i STATUS tunnels.%d.calls.%d.id=%d\n", 0, active_tunnel_count, active_call_count, c->ourcid); write_res (resf, "%02i STATUS tunnels.%d.calls.%d.tx_bytes=%d\n", 0, active_tunnel_count, active_call_count, c->tx_bytes); write_res (resf, "%02i STATUS tunnels.%d.calls.%d.rx_bytes=%d\n", 0, active_tunnel_count, active_call_count, c->rx_bytes); write_res (resf, "%02i STATUS tunnels.%d.calls.%d.tx_pkts=%d\n", 0, active_tunnel_count, active_call_count, c->tx_pkts); write_res (resf, "%02i STATUS tunnels.%d.calls.%d.rx_pkts=%d\n", 0, active_tunnel_count, active_call_count, c->rx_pkts); c = c->next; active_call_count++; } write_res (resf, "%02i STATUS tunnels.%d.calls.count=%d\n", 0, active_tunnel_count, active_call_count); active_tunnel_count++; } t = t->next; } write_res (resf, "%02i STATUS tunnels.count=%d\n", 0, active_tunnel_count); }else{ write_res (resf, "%02i Error: Could not find lns\n", 1); } return 1; } int control_handle_tunnel(FILE* resf, char* bufp){ char* host; host = strchr (bufp, ' ') + 1; #ifdef DEBUG_CONTROL l2tp_log (LOG_DEBUG, "%s: Attempting to tunnel to %s\n", __FUNCTION__, host); #endif if (l2tp_call (host, UDP_LISTEN_PORT, NULL, NULL)) write_res (resf, "%02i OK\n", 0); else write_res (resf, "%02i Error\n", 1); return 1; } int control_handle_lac_connect(FILE* resf, char* bufp){ char* tunstr = NULL; char* authname= NULL; char* password = NULL; int tunl = 0; char delims[] = " "; struct lac* lac; switch_io = 1; /* jz: Switch for Incoming - Outgoing Calls */ tunstr = strtok (&bufp[1], delims); /* Are these passed on the command line? */ authname = strtok (NULL, delims); password = strtok (NULL, delims); lac = laclist; while (lac && strcasecmp (lac->entname, tunstr)!=0) { lac = lac->next; } if(lac) { lac->active = -1; lac->rtries = 0; if (authname != NULL) strncpy (lac->authname, authname, STRLEN); if (password != NULL) strncpy (lac->password, password, STRLEN); if (!lac->c) { magic_lac_dial (lac); write_res (resf, "%02i OK\n", 0); } else { l2tp_log (LOG_DEBUG, "Session '%s' already active!\n", lac->entname); write_res (resf, "%02i Session '%s' already active!\n", 1, lac->entname); } return 0; } /* did not find a tunnel by name, look by number */ tunl = atoi (tunstr); if (!tunl) { l2tp_log (LOG_DEBUG, "No such tunnel '%s'\n", tunstr); write_res (resf, "%02i No such tunnel '%s'\n", 1, tunstr); return 0; } #ifdef DEBUG_CONTROL l2tp_log (LOG_DEBUG, "%s: Attempting to call on tunnel %d\n", __FUNCTION__, tunl); #endif if (lac_call (tunl, NULL, NULL)) write_res (resf, "%02i OK\n", 0); else write_res (resf, "%02i Error\n", 1); return 1; } int control_handle_lac_outgoing_call(FILE* resf, char* bufp){ char* sub_str; char* tunstr; char* tmp_ptr; struct lac* lac; int tunl; switch_io = 0; /* jz: Switch for incoming - outgoing Calls */ sub_str = strchr (bufp, ' ') + 1; tunstr = strtok (sub_str, " "); /* jz: using strtok function to get */ tmp_ptr = strtok (NULL, " "); /* params out of the pipe */ strcpy (dial_no_tmp, tmp_ptr); lac = laclist; while (lac && strcasecmp (lac->entname, tunstr)!=0) { lac = lac->next; } if(lac) { lac->active = -1; lac->rtries = 0; if (!lac->c) { magic_lac_dial (lac); write_res (resf, "%02i OK\n", 0); } else { l2tp_log (LOG_DEBUG, "Session '%s' already active!\n", lac->entname); write_res (resf, "%02i Session '%s' already active!\n", 1, lac->entname); } return 0; } /* did not find a tunnel by name, look by number */ tunl = atoi (tunstr); if (!tunl) { l2tp_log (LOG_DEBUG, "No such tunnel '%s'\n", tunstr); write_res (resf, "%02i No such tunnel '%s'\n", 1, tunstr); return 0; } #ifdef DEBUG_CONTROL l2tp_log (LOG_DEBUG, "%s: Attempting to call on tunnel %d\n", __FUNCTION__, tunl); #endif if (lac_call (tunl, NULL, NULL)) write_res (resf, "%02i OK\n", 0); else write_res (resf, "%02i Error\n", 1); return 1; } int control_handle_lac_hangup(FILE* resf, char* bufp){ char* callstr; int call; callstr = strchr (bufp, ' ') + 1; call = atoi (callstr); #ifdef DEBUG_CONTROL l2tp_log (LOG_DEBUG, "%s: Attempting to hangup call %d\n", __FUNCTION__, call); #endif lac_hangup (call); write_res (resf, "%02i OK\n", 0); return 1; } int control_handle_lac_disconnect(FILE* resf, char* bufp){ char* tunstr; struct lac* lac; int tunl = 0; tunstr = strchr (bufp, ' ') + 1; lac = laclist; while (lac) { if (!strcasecmp (lac->entname, tunstr)) { lac->active = 0; lac->rtries = 0; if (lac->t) { lac_disconnect (lac->t->ourtid); write_res (resf, "%02i OK\n", 0); } else { l2tp_log (LOG_DEBUG, "Session '%s' not up\n", lac->entname); write_res (resf, "%02i Session '%s' not up\n", 1, lac->entname); } return 0; } lac = lac->next; } if (lac) return 0; tunl = atoi (tunstr); if (!tunl) { l2tp_log (LOG_DEBUG, "No such tunnel '%s'\n", tunstr); write_res (resf, "%02i No such tunnel '%s'\n", 1, tunstr); return 0; } #ifdef DEBUG_CONTROL l2tp_log (LOG_DEBUG, "%s: Attempting to disconnect tunnel %d\n", __FUNCTION__, tunl); #endif lac_disconnect (tunl); write_res (resf, "%02i OK\n", 0); return 1; } int control_handle_lac_add_modify(FILE* resf, char* bufp){ char* tunstr; struct lac* lac; char delims[] = " "; int create_new_lac = 0; tunstr = strtok (&bufp[1], delims); if ((!tunstr) || (!strlen (tunstr))) { write_res (resf, "%02i Configuration parse error: lac-name expected\n", 1); l2tp_log (LOG_CRIT, "%s: lac-name expected\n", __FUNCTION__); return 0; } /* go to the end of tunnel name*/ bufp = tunstr + strlen (tunstr) + 1; /* try to find lac with _tunstr_ name in laclist */ lac = laclist; while (lac) { if (!strcasecmp (tunstr, lac->entname)) return 0; lac = lac->next; } /* nothing found, create new lac */ lac = new_lac (); if (!lac) { write_res (resf, "%02i Could't create new lac: no memory\n", 2); l2tp_log (LOG_CRIT, "%s: Couldn't create new lac\n", __FUNCTION__); return 0; } create_new_lac = 1; strncpy (lac->entname, tunstr, sizeof (lac->entname)); if (parse_one_line_lac (bufp, lac)) { write_res (resf, "%02i Configuration parse error\n", 3); return 0; } if (create_new_lac) { lac->next = laclist; laclist = lac; } if (lac->autodial) { #ifdef DEBUG_MAGIC l2tp_log (LOG_DEBUG, "%s: Autodialing '%s'\n", __FUNCTION__, lac->entname[0] ? lac->entname : "(unnamed)"); #endif lac->active = -1; switch_io = 1; /* If we're a LAC, autodials will be ICRQ's */ magic_lac_dial (lac); /* FIXME: Should I check magic_lac_dial result somehow? */ } write_res (resf, "%02i OK\n", 0); return 1; } int control_handle_lac_remove(FILE* resf, char* bufp){ char *tunstr; struct lac* lac; struct lac* prev_lac; // find lac in laclist tunstr = strchr (bufp, ' ') + 1; lac = laclist; prev_lac = NULL; while (lac && strcasecmp (lac->entname, tunstr) != 0) { prev_lac = lac; lac = lac->next; } if (!lac) { l2tp_log (LOG_DEBUG, "No such tunnel '%s'\n", tunstr); write_res (resf, "%02i No such tunnel '%s'\n", 1, tunstr); return 0; } // disconnect lac lac->active = 0; lac->rtries = 0; if (lac->t) { lac_disconnect (lac->t->ourtid); /* destroy_tunnel may clear lac->t */ if (lac->t) { lac->t->lac = NULL; if(lac->t->self) lac->t->self->lac = NULL; } } if (lac->c) { struct call *c = lac->c; while (c) { c->lac = NULL; c = c->next; } } if (lac->lns) { struct host *t, *h = lac->lns; while (h) { t = h->next; free(h); h = t; } } // removes lac from laclist if (prev_lac == NULL) laclist = lac->next; else prev_lac->next = lac->next; free(lac); write_res (resf, "%02i OK\n", 0); return 1; } int control_handle_lac_status(FILE* resf, char* bufp){ show_status (); return 1; } void do_control () { char buf[CONTROL_PIPE_MESSAGE_SIZE]; char *bufp; /* current buffer pointer */ int cnt = -1; int done = 0; int handler_found = 0; struct control_requests_handler* handler = NULL; bzero(buf, sizeof(buf)); buf[0]='\0'; char* res_filename; /* name of file to write result of command */ FILE* resf; /* stream for write result of command */ while (!done) { cnt = read (control_fd, buf, sizeof (buf)); if (cnt <= 0) { if(cnt < 0 && errno != EINTR) { perror("controlfd"); } done = 1; break; } if (buf[cnt - 1] == '\n') buf[--cnt] = 0; #ifdef DEBUG_CONTROL l2tp_log (LOG_DEBUG, "%s: Got message %s (%d bytes long)\n", __FUNCTION__, buf, cnt); #endif bufp = buf; /* check if caller want to get result */ if (bufp[0] == '@') { /* parse filename (@/path/to/file *...), where * is command */ res_filename = &bufp[1]; int fnlength = strcspn(res_filename, " "); if ((fnlength == 0) || (res_filename[fnlength] == '\0')){ l2tp_log (LOG_DEBUG, "%s: Can't parse result filename or command\n", __FUNCTION__ ); continue; } res_filename[fnlength] = '\0'; bufp = &res_filename[fnlength + 1]; /* skip filename in bufp */ /*FIXME: check quotes to allow filenames with spaces? (do not forget quotes escaping to allow filenames with quotes)*/ resf = fopen (res_filename, "w"); if (!resf) { l2tp_log (LOG_DEBUG, "%s: Can't open result file %s\n", __FUNCTION__, res_filename); continue; } }else{ resf = NULL; res_filename = NULL; /* to avoid 'may be used unitialized' warning */ } /* Search for a handler based on request type */ for(handler = control_handlers; handler->handler; handler++){ /* If handler is found, then handle the request and set handler_found = 1 */ if(handler->type == bufp[0]){ handler->handler(resf, bufp); handler_found = 1; break; } } /* Does nto appear as though we found a handler, so respond with an error*/ if(!handler_found){ l2tp_log (LOG_DEBUG, "Unknown command %c\n", bufp[0]); write_res (resf, "%02i Unknown command %c\n", 1, bufp[0]); } if (resf) { fclose (resf); /* unlink it anyway to prevent leftover a regular file. */ unlink(res_filename); } } /* Otherwise select goes nuts. Yeah, this just seems wrong */ close (control_fd); open_controlfd(); } void usage(void) { printf("\nxl2tpd version: %s\n", SERVER_VERSION); printf("Usage: xl2tpd [-c ] [-s ] [-p ]\n" " [-C ] [-D] [-l] [-q ]\n" " [-v, --version]\n"); printf("\n"); exit(1); } void init_args(int argc, char *argv[]) { int i=0; gconfig.daemon=1; gconfig.syslog=-1; memset(gconfig.altauthfile,0,STRLEN); memset(gconfig.altconfigfile,0,STRLEN); memset(gconfig.authfile,0,STRLEN); memset(gconfig.configfile,0,STRLEN); memset(gconfig.pidfile,0,STRLEN); memset(gconfig.controlfile,0,STRLEN); memset(gconfig.controltos,0,STRLEN); strncpy(gconfig.altauthfile,ALT_DEFAULT_AUTH_FILE, sizeof(gconfig.altauthfile) - 1); strncpy(gconfig.altconfigfile,ALT_DEFAULT_CONFIG_FILE, sizeof(gconfig.altconfigfile) - 1); strncpy(gconfig.authfile,DEFAULT_AUTH_FILE, sizeof(gconfig.authfile) - 1); strncpy(gconfig.configfile,DEFAULT_CONFIG_FILE, sizeof(gconfig.configfile) - 1); strncpy(gconfig.pidfile,DEFAULT_PID_FILE, sizeof(gconfig.pidfile) - 1); strncpy(gconfig.controlfile,CONTROL_PIPE, sizeof(gconfig.controlfile) - 1); gconfig.ipsecsaref = 0; for (i = 1; i < argc; i++) { if ((! strncmp(argv[i],"--version",9)) || (! strncmp(argv[i],"-v",2))) { printf("\nxl2tpd version: %s\n",SERVER_VERSION); exit(1); } if(! strncmp(argv[i],"-c",2)) { if(++i == argc) usage(); else strncpy(gconfig.configfile,argv[i], sizeof(gconfig.configfile) - 1); } else if (! strncmp(argv[i],"-D",2)) { gconfig.daemon=0; } else if (! strncmp(argv[i],"-l",2)) { gconfig.syslog=1; } else if (! strncmp(argv[i],"-s",2)) { if(++i == argc) usage(); else strncpy(gconfig.authfile,argv[i], sizeof(gconfig.authfile) - 1); } else if (! strncmp(argv[i],"-p",2)) { if(++i == argc) usage(); else strncpy(gconfig.pidfile,argv[i], sizeof(gconfig.pidfile) - 1); } else if (! strncmp(argv[i],"-C",2)) { if(++i == argc) usage(); else strncpy(gconfig.controlfile,argv[i], sizeof(gconfig.controlfile) - 1); } else if (! strncmp(argv[i],"-q",2)) { if(++i == argc) usage(); else { strncpy(gconfig.controltos,argv[i], sizeof(gconfig.controltos) - 1); if (atoi(gconfig.controltos)<0 || atoi(gconfig.controltos)>255) { printf ("TOS value %s out of range(0-255)!\n", gconfig.controltos); usage(); } } } else { usage(); } } /* * defaults to syslog if no log facility was explicitly * specified and we are about to daemonize */ if (gconfig.syslog < 0) gconfig.syslog = gconfig.daemon; } void daemonize() { int pid=0; int i; #ifndef CONFIG_SNAPGEAR if((pid = fork()) < 0) { l2tp_log(LOG_INFO, "%s: Unable to fork ()\n",__FUNCTION__); close(server_socket); exit(1); } else if (pid) { close(server_socket); closelog(); exit(0); } close(0); i = open("/dev/null", O_RDWR); if (i == -1) { l2tp_log(LOG_INFO, "Redirect of stdin to /dev/null failed\n"); } else { if (dup2(0, 1) == -1) l2tp_log(LOG_INFO, "Redirect of stdout to /dev/null failed\n"); if (dup2(0, 2) == -1) l2tp_log(LOG_INFO, "Redirect of stderr to /dev/null failed\n"); close(i); } #endif } static void consider_pidfile() { int pid=0; int i,l; char buf[STRLEN]; /* Read previous pid file. */ i = open(gconfig.pidfile,O_RDONLY); if (i < 0) { /* l2tp_log(LOG_DEBUG, "%s: Unable to read pid file [%s]\n", __FUNCTION__, gconfig.pidfile); */ } else { l=read(i,buf,sizeof(buf)-1); close (i); if (l >= 0) { buf[l] = '\0'; pid = atoi(buf); } /* If the previous server process is still running, complain and exit immediately. */ if (pid && pid != getpid () && kill (pid, 0) == 0) { l2tp_log(LOG_INFO, "%s: There's already a xl2tpd server running.\n", __FUNCTION__); close(server_socket); exit(1); } } pid = setsid(); unlink(gconfig.pidfile); if ((i = open (gconfig.pidfile, O_WRONLY | O_CREAT, 0640)) >= 0) { snprintf (buf, sizeof(buf), "%d\n", (int)getpid()); if (-1 == write (i, buf, strlen(buf))) { l2tp_log (LOG_CRIT, "%s: Unable to write to %s.\n", __FUNCTION__, gconfig.pidfile); close (i); exit(1); } close (i); } } static void open_controlfd() { control_fd = open (gconfig.controlfile, O_RDONLY | O_NONBLOCK, 0600); if (control_fd < 0) { l2tp_log (LOG_CRIT, "%s: Unable to open %s for reading.\n", __FUNCTION__, gconfig.controlfile); exit (1); } /* turn off O_NONBLOCK */ if(fcntl(control_fd, F_SETFL, O_RDONLY)==-1) { l2tp_log(LOG_CRIT, "Can not turn off nonblocking mode for controlfd: %s\n", strerror(errno)); exit(1); } } void init (int argc,char *argv[]) { struct lac *lac; struct in_addr listenaddr; struct utsname uts; init_args (argc,argv); srand( time(NULL) ); rand_source = 0; init_addr (); if (init_config ()) { l2tp_log (LOG_CRIT, "%s: Unable to load config file\n", __FUNCTION__); exit (1); } if (uname (&uts)<0) { l2tp_log (LOG_CRIT, "%s : Unable to determine host system\n", __FUNCTION__); exit (1); } init_tunnel_list (&tunnels); if (init_network ()) exit (1); if (gconfig.daemon) daemonize (); consider_pidfile(); signal (SIGTERM, &sigterm_handler); signal (SIGINT, &sigint_handler); signal (SIGCHLD, &sigchld_handler); signal (SIGUSR1, &sigusr1_handler); signal (SIGHUP, &sighup_handler); signal (SIGPIPE, SIG_IGN); init_scheduler (); unlink(gconfig.controlfile); mkfifo (gconfig.controlfile, 0600); open_controlfd(); l2tp_log (LOG_INFO, "xl2tpd version " SERVER_VERSION " started on %s PID:%d\n", hostname, getpid ()); l2tp_log (LOG_INFO, "Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.\n"); l2tp_log (LOG_INFO, "Forked by Scott Balmos and David Stipp, (C) 2001\n"); l2tp_log (LOG_INFO, "Inherited by Jeff McAdams, (C) 2002\n"); l2tp_log (LOG_INFO, "Forked again by Xelerance (www.xelerance.com) (C) 2006-2016\n"); listenaddr.s_addr = gconfig.listenaddr; l2tp_log (LOG_INFO, "Listening on IP address %s, port %d\n", inet_ntoa(listenaddr), gconfig.port); lac = laclist; while (lac) { if (lac->autodial) { #ifdef DEBUG_MAGIC l2tp_log (LOG_DEBUG, "%s: Autodialing '%s'\n", __FUNCTION__, lac->entname[0] ? lac->entname : "(unnamed)"); #endif lac->active = -1; switch_io = 1; /* If we're a LAC, autodials will be ICRQ's */ magic_lac_dial (lac); } lac = lac->next; } } int main (int argc, char *argv[]) { init(argc,argv); dial_no_tmp = calloc (128, sizeof (char)); network_thread (); return 0; }