pax_global_header00006660000000000000000000000064147431627620014526gustar00rootroot0000000000000052 comment=192b3aba82460fe887a9fb6b0125e3794de87a4b natlog-3.01.00/000077500000000000000000000000001474316276200131535ustar00rootroot00000000000000natlog-3.01.00/CLASSES000066400000000000000000000004041474316276200141710ustar00rootroot00000000000000rotatingstreambuf rotatingstream nic options storage showseconds record ipbase tcp udp icmp producer producersignals pcaprecord pcap pcapfilter devicesproducer conntrackrecord conntrackproducer tcpdumprecord tcpdumpproducer connectionsconsumer natfork natlog-3.01.00/INSTALL000066400000000000000000000075031474316276200142110ustar00rootroot00000000000000To install natlog by hand instead of using a binary distribution perform the following steps: 0. natlog and its construction depends, in addition to the normally standard available system software on specific software and versions which is documented in the file `required'. (If you compile the bobcat library yourself, note that natlog does not use the SSL, Milter and Xpointer classes; they may --as far as natlog is concerned-- be left out of the library by running './build light') 1. It is expected you use icmake for the package construction. For this a top-level script (build) and support scripts in the ./icmake/ directory are available. By default, the 'build' script echoes the commands it executes to the standard output stream. By specifying the option -q (e.g., ./build -q ...) this is prevented, significantly reducing the output generated by 'build'. 2. Inspect the values of the variables in the file INSTALL.im Modify these when necessary. 3. Run ./build program [strip] to compile natlog. The argument `strip' is optional and strips symbolic information from the final executable. 4. If you installed Yodl then you can create the documentation: ./build man builds the man-page. 5. Before installing the components of natlog, consider defining the environment variable NATLOG, defining its value as the (preferably absolute) filename of a file on which installed files and directories are logged. Defining the NATLOG environment variable as ~/.natlog usually works well. 6. Run (probably as root) ./build install 'what' 'base' to install. Here, 'what' specifies what you want to install. Specify: x, to install all components, or specify a combination of: b (binary program), d (standard documentation), m (man-pages) E.g., use ./build install bm 'base' if you only want to be able to run natlog, and want its man-page to be installed below 'base'. ./build install's last argument 'base' is optional: the base directory below which the requested files are installed. This base directory is prepended to the paths #defined in the INSTALL.im file. If 'base' is not specified, then INSTALL.im's #defined paths are used as-is. When requesting non-existing elements (e.g., './build install x' was requested, but the man-pages weren't constructed) then these non-existing elements are silently ignored by the installation process. If the environment variable NATLOG was defined when issuing the `./build install ...' command then a log of all installed files is written to the file indicated by the NATLOG environment variable (see also the next item). Defining the NATLOG environment variable as ~/.natlog usually works well. 7. Uninstalling previously installed components of natlog is easy if the environment variable NATLOG was defined before issuing the `./build install ...' command. In that case, run the command ./build uninstall logfile where 'logfile' is the file that was written by ./build install. Modified files and non-empty directories are not removed, but the logfile itself is removed following the uninstallation. 8. Following the installation nothing in the directory tree which contains this file (i.e., INSTALL) is required for the proper functioning of natlog, so consider removing it. If you only want to remove left-over files from the build-process, just run ./build distclean natlog-3.01.00/INSTALL.im000066400000000000000000000030411474316276200146060ustar00rootroot00000000000000#define PROGRAM "natlog" #define CXX "ccache g++" #define CXXFLAGS "-Wall -Werror -O2 -pthread "\ "-fdiagnostics-color=never" #define LDFLAGS "" // The following /bin/cp option is used to keep, rather than follow // symbolic references. If your installation doesn't support these flags, // then change them into available ones. // -P, --no-dereference // never follow symbolic links in SOURCE // --preserve[=ATTR_LIST] // preserve the specified attributes (default: // mode,ownership,timestamps), if possible additional // attributes: context, links, all // -d same as --no-dereference --preserve=links #define CPOPTS "-d" // COMPONENTS TO INSTALL // ===================== // For an operational non-Debian installation, you probably must be // `root'. // If necessary, adapt DOC, HDR, LIB and MAN (below) to your situation. // The provided locations are used by Debian Linux. // With 'build install' you can dynamically specify a location to prepend // to the locations configured here, and select which components you want // to install // ONLY USE ABSOLUTE DIRECTORY NAMES: // the final program #define BINARY "/usr/bin/"${PROGRAM} // the directory where the standard documentation is stored #define DOC "/usr/share/doc/"${PROGRAM} // the directory whre the manual page is stored #define MAN "/usr/share/man/man1" natlog-3.01.00/LICENSE000066400000000000000000001045151474316276200141660ustar00rootroot00000000000000 GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The GNU General Public License is a free, copyleft license for software and other kinds of works. The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. The precise terms and conditions for copying, distribution and modification follow. TERMS AND CONDITIONS 0. Definitions. "This License" refers to version 3 of the GNU General Public License. "Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. "The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. A "covered work" means either the unmodified Program or a work based on the Program. To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. 1. Source Code. The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. The Corresponding Source for a work in source code form is that same work. 2. Basic Permissions. All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. 3. Protecting Users' Legal Rights From Anti-Circumvention Law. No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. 4. Conveying Verbatim Copies. You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. 5. Conveying Modified Source Versions. You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: a) The work must carry prominent notices stating that you modified it, and giving a relevant date. b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. 6. Conveying Non-Source Forms. You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. "Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. 7. Additional Terms. "Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or d) Limiting the use for publicity purposes of names of licensors or authors of the material; or e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. 8. Termination. You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. 9. Acceptance Not Required for Having Copies. You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. 10. Automatic Licensing of Downstream Recipients. Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. 11. Patents. A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. 12. No Surrender of Others' Freedom. If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. 13. Use with the GNU Affero General Public License. Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. 14. Revised Versions of this License. The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. 15. Disclaimer of Warranty. THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. Limitation of Liability. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 17. Interpretation of Sections 15 and 16. If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: Copyright (C) This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see . The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read . natlog-3.01.00/README000066400000000000000000000014461474316276200140400ustar00rootroot00000000000000IP packet related enum and struct definitions are in iptypes/iptypes.h ------------------------------------------------------------------------------ The organization of the program's flow is described in documentation/README.flow An annotated example of tcp communication is available in documentation/README.tcp Information describing the format of the file written by tcpdump is found in documentation/README.tcpdump An annotated example of udp communication and the instructions of how to set up a demo-udp connection is available in documentation/README.udp The organization of pcap packets is described in documentation/README.packet An example of the information made available by the conntrack program for tcp, udp, and icmp connections is available in documentation/README.conntrack natlog-3.01.00/README.signals000066400000000000000000000037641474316276200155040ustar00rootroot00000000000000When NatLog runs it starts the ConnectionConsumer and either the ConntrackProducer or the DevicesProducer. Ending the program: =================== The ConntrackProducer starts conntrack as a separate process which is killed when the program ends, either (non-daemon) via ^C or (daemon) via option --terminate. The DevicesProducer uses threads which are ended when its mutex 'd_signaled' is notified by the signalHandler member when SIGTERM (or SIGKILL) is received. ProducerSignals: both ConntrackProducer and DevicesProducer are derived from ProducerSignals, which is derived from Producer and FBB::SignalHandler. ProducerSignals adds signals for SIGINT and SIGTERM, and ConntrackProducer and DevicesProducer override the FBB::SignalHandler::signalHandler member to terminate either 'conntrack' or the DevicesProducer's threads. Rotating log files (see also natfork/README.logging) ================== classes UDP, TCP and ICMP receive the logDataStream NatFork::childProcess defines 'ConnectionsConsumer connections' It remains in existence for as long as NatLog runs (either as daemon or as forground program). The stream receiving the std log messages is d_stdMsg, additional msg are inserted by imsg, when -V is specified. ConnectionConsumer's constructor defines RotatingStream d_logDataStream, and opens it, opening RotatingStreambuf::open. The RotatingStreambuf object is assigned to s_dataRotate.rotationStreambuf. The standard log stream's RotatingStreambuf is assigned to s_stdRotate.rotationStreambuf when NatFork::setupStdMsg is called from NatFork's constructor. When calling 'natfork --rotate' the signal SIGHUP is sent to the running natlog process. When calling 'natfork --rotate-data' the signal SIGALRM is sent to the running natlog process. These signals are recognized by NatFork::childProcess, and are received by NatFork::signalHandler. At SIGHUP RotatingStreambuf::logRotate is called, rotating the standard log file, At SIGALRM RotatingStreambuf::dataRotate is called, rotating the log-data file, natlog-3.01.00/VERSION000066400000000000000000000001551474316276200142240ustar00rootroot00000000000000#define AUTHOR "Frank B. Brokken (f.b.brokken@rug.nl)"; #define VERSION "3.01.00" #define YEARS "2012-2025" natlog-3.01.00/VERSION.h000066400000000000000000000001041474316276200144440ustar00rootroot00000000000000#include "VERSION" SUBST(_CurVers_)(VERSION) SUBST(_CurYrs_)(YEARS) natlog-3.01.00/build000077500000000000000000000067321474316276200142100ustar00rootroot00000000000000#!/usr/bin/icmake -t. #define LOGENV "NATLOG" string g_logPath = getenv(LOGENV)[1], g_cwd = chdir(""); // initial working directory, ends in / int g_echo = ON; #include "icmconf" #include "icmake/cuteoln" #include "icmake/backtick" #include "icmake/setopt" #include "icmake/run" #include "icmake/md" #include "icmake/findall" #include "icmake/logfile" #include "icmake/logzip" #include "icmake/uninstall" #include "icmake/loginstall" #include "icmake/special" #include "icmake/pathfile" #include "icmake/clean" #include "icmake/manpage" #include "icmake/install" #include "icmake/gitlab" void main(int argc, list argv) { string option; int idx; int strip = 0; for (idx = listlen(argv); idx--; ) { if (argv[idx] == "-q") { g_echo = OFF; argv -= (list)"-q"; } } echo(g_echo); option = argv[1]; if (option == "clean") clean(0); if (option == "distclean") clean(1); if (option != "") special(); if (option == "install") install(argv[2], argv[3]); if (option == "uninstall") uninstall(argv[2]); if (option == "gitlab") gitlab(); if (option == "man") manpage(); if ("VERSION" younger "version/version.h") system("touch version/version.h `grep -l Icmbuild:: *.cc`"); if (option == "library") { system("icmbuild library"); exit(0); } if (argv[2] == "strip") // in preparation for 9.03.00: strip = 1; // changed strip-handling if (option == "program") { system("icmbuild program"); if (strip) system("strip " TMP_DIR "/bin/binary"); exit(0); } if (option == "xref") { system("icmbuild program"); run("oxref -r replacements -t main -fxs tmp/lib" LIBRARY ".a tmp/main.o > " PROGRAM ".xref"); exit(0); } printf("Usage: build [-q -P] what\n" "Where\n" " [-q]: run quietly, do not show executed commands\n" "`what' is one of:\n" " clean - clean up remnants of previous " "compilations\n" " distclean - clean + fully remove tmp/\n" " library - build " PROGRAM "'s library\n" " man - build the man-page (requires Yodl)\n" " program - build " PROGRAM "\n" " xref - same a `program', also builds xref file\n" " using oxref\n" " install selection [base] - to install the software in the \n" " locations defined in the INSTALL.im file,\n" " optionally below base\n" " selection can be\n" " x, to install all components,\n" " or a combination of:\n" " b (binary program),\n" " d (documentation),\n" " m (man-page)\n" " uninstall logfile - remove files and empty directories listed\n" " in the file 'logfile'\n" " gitlab - prepare gitlab's web-pages update\n" " (internal use only)\n" "\n" ); exit(1); } natlog-3.01.00/build-depends000066400000000000000000000002721474316276200156160ustar00rootroot00000000000000Build-Depends: g++ (>= 4.7.1), icmake (>= 7.19.00), libbobcat-dev (>= 3.01.00), libpcap-dev, yodl (>= 3.00.0) natlog-3.01.00/changelog000066400000000000000000000303451474316276200150320ustar00rootroot00000000000000natlog (3.01.00) * Requires bobcat >= 6.07.00 and icmake >= 13.00,03. * Changed ArgConfig::None into ArgConfig::NoArg. * Building uses a SPCH and multi-compilation. * The compiler is called using the value of the ${ICMAKE_CPPSTD} environment variable specifying the C++ standard to use. * Calling natlog without arguments or with the --help option provides usage info, with the --version option the current version is written to the std. output stream -- Frank B. Brokken Sun, 19 Jan 2025 12:17:43 +0100 natlog (3.00.01) * Ready for libbobcat6 * Added 'c++std' defining the c++ standard to use for compilation. Compilation commands also use -Werror -- Frank B. Brokken Mon, 12 Sep 2022 08:36:37 +0200 natlog (3.00.00) * With mode 'conntrack' natlog writes 1 to /proc/sys/net/netfilter/nf_conntrack_acct unless `no-bytes' was specified. * --verbose does not imply --stdout anymore. * conntrack supports protocol subselections (e.g., tcp:udp). * added option --no-dst suppressing destination entries in the log-files. * added option --rotate to force log file rotation. * added option --rotate-data to force log-data file rotation. * added class ProducerSignals as common baseclass for ConntrackProducer and DevicesProducer providing the Producer class and the signals required for --terminate. * All class-specific icmconf files are now soft-links to the base directory's icmconf.lib file. -- Frank B. Brokken Tue, 07 Jun 2022 12:59:20 +0200 natlog (2.04.02) * Added missing option entries to the etc/natlog.conf file * Included options S and terminate in the manpage's list of options that cannot be specified in the natlog.conf file. -- Frank B. Brokken Fri, 15 Apr 2022 21:09:32 +0200 natlog (2.04.01) * Changed the std version c++2a to c++20. -- Frank B. Brokken Thu, 21 Oct 2021 12:00:05 +0200 natlog (2.04.00) * Added option --no-via to suppress 'via' entries in the log files. * Added option --no-bytes to suppress the sent/received counts in the log files. * Fixed several flaws in the default configuration file * Updated the man-page; added information about how to use Natlog if source-natting is not used. * Repaired flaw in icmake/findall: it now checks for 'backtick' returning a single, empty element. -- Frank B. Brokken Mon, 06 Sep 2021 20:15:17 +0200 natlog (2.03.00) * Fixed erroneously thrown 'bool' value in ipbase/destroy.cc when observing a DESTROY action of an unknown record. * Fixed missing sent/receive counts in mode conntrack * Fixed handling stripping in 'build' * Added main's call-tree to oxref's output * Added cross reference listing (natlog.xref) * Added icmconf files for internal use to natlog's directories -- Frank B. Brokken Tue, 07 Jan 2020 20:50:34 +0100 natlog (2.02.00) * Requires bobcat >= 5.00.00 -- Frank B. Brokken Wed, 24 Apr 2019 12:15:01 +0200 natlog (2.01.01) * Migrated from Github to Gitlab -- Frank B. Brokken Mon, 25 Jun 2018 11:44:12 +0200 natlog (2.01.00) * Simplified ConnectionsConsumer, added classes IPbase, TCP, UDP, and ICMP. * Redefined the RecordMap key handling, now using 64-bit keys. This should solve the incorrect handling of TCP connections observed with version 2.00.00. * Commas instead of colons are used to separate IP-addresses from port numbers with TCP and UDP connections. * Using detached Pcap threads, to avoid long waiting times caused by pcap_loop's waiting for one additional packet after calling pcap_breakloop. * Repaired flaws in the byte-counting procedures * The Storage now contains pointers to Records. Once retrieved they are handled by unique_ptrs, guaranteeing their eventual destructions. * Using C++-17 attributes ([[maybe_unused]]) where applicable. * The file documentation/simplified.def relates types used by objdump(1) to types used in natlog's source files. E.g., objdump reports std::__cxx11::basic_string, std::allocator > while std::string is used in natlog's source files. This information can be used by other programs, like oxref(1) to improve the readability of their output. * Added option -S to be used as natlog's first argument in systemd's natlog.service file's ExecStart= specifications. * Added option --debug writing information about memory consumption to the log file -- Frank B. Brokken Thu, 22 Mar 2018 16:38:24 +0100 natlog (2.00.00) * Added mode tcpdump processing captured tcpdump files * Modes tcpdump, conntrack and device (formerly known as mode pcap) log files show numbers of bytes that were sent and received. * To use byte-accounting in mode conntrack the following command must have been issued (after starting iptables): /bin/echo "1" > /proc/sys/net/netfilter/nf_conntrack_acct * Added option --contrack-device, by default set to /proc/net/nf_conntrack. Older systems may still use /proc/net/ip_conntrack, which may be selected using this option. * Added option --ip-header-size, correcting for the IP header sizes which are added by conntrack to its logs. * Added option --log, replacing the former --no-syslog option. --log can be used to specify a log-file instead of using syslog facilities. * Added option --log-data, specifying a path to a log file to contain a table that can be used by statistical software. * Added option --log-rotate, specifying time-interval between log-file rotations and number of log-files to rotate. * Option --protocol can be used to process tcp, udp, and/or icmp protocols for all three modes. To process all three protocols '--protocol all' can be specified. With mode conntrack only a single protocol or 'all' can be used. * Added option --terminate terminating a running natlog daemon process. * Added option --ttl for udp/icmp and/or tcp connections -- Frank B. Brokken Thu, 08 Feb 2018 19:36:39 +0100 natlog (1.03.00) * Fixed bug when setting syslog-facility in options/setSyslogFacility: instead of using the assignment operator (=) to set the facility the comparison operator (==) was written... :-( * The --verbose option can be abbreviated to -V. When specified twice, the actual configuration parameters are shown. When specified more often, natlog ends after showing the configuration parameters. -- Frank B. Brokken Thu, 26 Jan 2017 12:27:40 +0100 natlog (1.02.03) * Adapted natlog's build scripts to icmake >= 8.00.03 -- Frank B. Brokken Fri, 11 Dec 2015 17:17:43 +0100 natlog (1.02.02) * Kevin Brodsky observed that the installation scripts used 'chdir' rather than 'cd'. Fixed in this release. * Kevin Brodsky also observed that the combined size of all precompiled headers might exceed some disks capacities. The option -P was added to the ./build script to prevent the use of precompiled headers. -- Frank B. Brokken Mon, 05 Oct 2015 21:06:54 +0200 natlog (1.02.01) * Standardized the (de)installation procedures. See INSTALL for details. -- Frank B. Brokken Sun, 04 Oct 2015 16:09:21 +0200 natlog (1.02.00) * Conntrack(8) has two modes: when -p is specified conntrack shows connections of protocol . When -p is not specified connections of all protocols are shown. When multiple -p options are specified only the last specified protocol is selected. Conntrack commands generated by natlog before 1.02.00 erroneously specified multiple -p options. This was fixed in version 1.02.00. * The man-page shows `:syslogtag, isequal, "NATLOG:" stop' rather than (the now deprecated) `:syslogtag, isequal, "NATLOG:" ~'. * The previously discontinued option conntrack-path is no longer recognized. * The --protocol option can also be specified as -P. * Added the file 'required' to the source distribution summarizing the required software for building natlog. -- Frank B. Brokken Mon, 23 Feb 2015 11:05:53 +0100 natlog (1.01.0) * Added configuration option `conntrack-command'. With the `conntrack' command the icmp, udp and tcp layer four protocols are monitored. By default natlog's `conntrack' command monitors the tcp protocol. * Added configuration option `conntrack-restart, to specify how often conntrack may be restarted if its process prematurely ends. * The configuration option `conntrack-path' is discontinued, and `conntrack-command' should be used instead. See the man-page for details. * Added configuration option `protocol', to specify which layer four protocols to monitor with the `conntrack' command. * The default pid file path is set to `/run/natlog.pid'. * Replaced FBB::Errno calls by FBB::Exception -- Frank B. Brokken Mon, 10 Feb 2014 20:21:27 +0100 natlog (1.00.2) * Added a missing #include to the showseconds.ih header, required by g++ 8.4.2. -- Frank B. Brokken Sun, 01 Dec 2013 18:15:46 +0100 natlog (1.00.1) * Natlog's version bumped to 1.00.1, after 1 year of active use. * Removed the class Signal from natlog's classes as it's available in Bobcat. * Explicitly including previously implicitly included bobcat/errno * Cleanup of icmconf file -- Frank B. Brokken Sat, 08 Jun 2013 10:57:34 +0200 natlog (0.91.3) * Natlog returns 0 for options --help and --version * Catching Errno exceptions is replaced by catching std::exception exceptions -- Frank B. Brokken Fri, 25 Jan 2013 08:58:07 +0100 natlog (0.91.2) * Added build-depends file and INSTALL files. -- Frank B. Brokken Wed, 07 Nov 2012 12:03:53 +0100 natlog (0.91.1) * build script recognizes CXX, CXXFLAGS, LDFLAGS environment variables -- Frank B. Brokken Sun, 15 Jul 2012 14:40:11 +0200 natlog (0.91.0) * Normal end of program (e.g., the starting daemon or ending natfork/childprocess) now returns 0, otherwise 1 * Checking whether conntrack runs is implemented by inspecting the access rights for /proc/net/ip_conntrack * Reorganized message handling: all messages generated by the daemon are sent to the syslog daemon, unless --no-syslog was specified * General code cleanup -- Frank B. Brokken Thu, 21 Jun 2012 13:45:11 +0200 natlog (0.90.0) * Updated sourceforge's `excluded' file. * Added the --pid-file option defining the location of a file holding the daemon's PID. By default the pid-file is /var/run/natlog.pid. -- Frank B. Brokken Sat, 16 Jun 2012 12:03:01 +0200 natlog (0.80.0) * Added auto-detection of devices without Ethernet packet headers * Natlog's pcap mode now writes syslog messages * Added option --stdout (-s) writing syslog-equivalent messages to the standard ouput * General code cleanup and reorganization -- Frank B. Brokken Fri, 15 Jun 2012 17:01:08 +0200 natlog (0.30.0) * Initial implementation of 'natlog in out', performing direct packet capturing on the `in' and `out' devices. -- Frank B. Brokken Thu, 14 Jun 2012 14:37:42 +0200 natlog (0.20.0) * NATLOG writes incomplete connections to syslog when terminated by a SIGTERM signal. -- Frank B. Brokken Mon, 11 Jun 2012 16:42:40 +0200 natlog (0.10.0) * NATLOG now hosted at sourceforge (http://natlog.sourceforge.net/). * Added maintenance files to handle uploads to sourceforge -- Frank B. Brokken Sat, 09 Jun 2012 16:39:34 +0200 natlog (0.03.0) * Syslog message and man-page cleanup -- Frank B. Brokken Thu, 07 Jun 2012 17:20:04 +0200 natlog (0.02.0) * Processed elements are now removed from `record' in conntrack/run.cc -- Frank B. Brokken Thu, 07 Jun 2012 14:10:19 +0200 natlog (0.01.0) * Project Start. -- Frank B. Brokken Tue, 05 Jun 2012 22:17:08 +0200 natlog-3.01.00/connectionsconsumer/000077500000000000000000000000001474316276200172515ustar00rootroot00000000000000natlog-3.01.00/connectionsconsumer/cleanupicmpudp.cc000066400000000000000000000002321474316276200225660ustar00rootroot00000000000000#include "connectionsconsumer.ih" void ConnectionsConsumer::cleanupICMP_UDP(time_t now_ttl) { d_icmp.cleanup(now_ttl); d_udp.cleanup(now_ttl); } natlog-3.01.00/connectionsconsumer/cleanupwrap.cc000066400000000000000000000012071474316276200221010ustar00rootroot00000000000000#include "connectionsconsumer.ih" // static void ConnectionsConsumer::cleanupWrap(ConnectionsConsumer *consumer) { // if lastUsed + ttl < now then log and remove the record // so: if lastUsed < now - ttl log and remove the record while (not consumer->d_storage.empty()) { this_thread::sleep_for(chrono::seconds(3)); consumer->cleanupICMP_UDP(time(0) - consumer->d_ttl); IPbase::setLogType(IPbase::EXPIRED); consumer->d_tcp.cleanup(time(0) - Options::instance().ttlTCP()); IPbase::setLogType(IPbase::COMPLETE); } consumer->d_stdMsg << "cleanupWrap thread ends" << endl; } natlog-3.01.00/connectionsconsumer/connectionsconsumer.h000066400000000000000000000024661474316276200235300ustar00rootroot00000000000000#ifndef INCLUDED_CONNECTIONSCONSUMER_ #define INCLUDED_CONNECTIONSCONSUMER_ #include #include #include #include "../rotatingstream/rotatingstream.h" #include "../icmp/icmp.h" #include "../udp/udp.h" #include "../tcp/tcp.h" #include "../record/record.h" class Storage; // ConnectionsConsumer object constructed in natfork/childprocess class ConnectionsConsumer: public FBB::SignalHandler { RotatingStream d_logDataStream; std::ostream &d_stdMsg; Storage &d_storage; ICMP d_icmp; UDP d_udp; TCP d_tcp; std::unordered_map< Record::Protocol, IPbase * > d_handler; time_t d_ttl; public: ConnectionsConsumer(std::ostream &stdMsg, Storage &storage); ~ConnectionsConsumer() override; void run(); // process all connections: // start the producer thread // and consume the produced data private: void signalHandler(size_t signum) override; static void cleanupWrap(ConnectionsConsumer *consumer); void cleanupICMP_UDP(time_t now_ttl); // clean up completed // connections. static void header(std::ostream &log); }; #endif natlog-3.01.00/connectionsconsumer/connectionsconsumer.ih000066400000000000000000000004731474316276200236750ustar00rootroot00000000000000#include "connectionsconsumer.h" #include #include #include #include #include #include #include "../showseconds/showseconds.h" #include "../storage/storage.h" #include "../options/options.h" using namespace std; using namespace FBB; natlog-3.01.00/connectionsconsumer/connectionsconsumer1.cc000066400000000000000000000013561474316276200237440ustar00rootroot00000000000000#include "connectionsconsumer.ih" ConnectionsConsumer::ConnectionsConsumer(ostream &stdMsg, Storage &storage) : d_logDataStream(header), d_stdMsg(stdMsg), d_storage(storage), d_icmp(stdMsg, d_logDataStream), d_udp(stdMsg, d_logDataStream), d_tcp(stdMsg, d_logDataStream), d_handler { { Record::ICMP, &d_icmp }, { Record::TCP, &d_tcp }, { Record::UDP, &d_udp }, }, d_ttl(Options::instance().ttl()) { if ( string logData = Options::instance().logData(); not logData.empty() ) d_logDataStream.open(logData, false); // prepare for data log Signal::instance().add(SIGINT, *this); Signal::instance().add(SIGTERM, *this); } natlog-3.01.00/connectionsconsumer/destructor.cc000066400000000000000000000002771474316276200217640ustar00rootroot00000000000000#include "connectionsconsumer.ih" //f: ConnectionsConsumer::~ConnectionsConsumer() //c: ConnectionsConsumer::signalHandler(unsigned long) ConnectionsConsumer::~ConnectionsConsumer() {} natlog-3.01.00/connectionsconsumer/frame000066400000000000000000000000751474316276200202700ustar00rootroot00000000000000#include "connectionsconsumer.ih" ConnectionsConsumer:: { } natlog-3.01.00/connectionsconsumer/header.cc000066400000000000000000000017771474316276200210240ustar00rootroot00000000000000#include "connectionsconsumer.ih" void ConnectionsConsumer::header(ostream &log) { log << "type," << setw(11) << "srcNr" << ',' << setw(16) << "srcIP" << ',' << setw(8) << "srcPort" << ','; if (Options::instance().showDst()) log << setw(11) << "dstNr" << ',' << setw(16) << "dstIP" << ',' << setw(8) << "dstPort" << ','; if (Options::instance().showVia()) log << setw(11) << "viaNr" << ',' << setw(16) << "viaIP" << ',' << setw(8) << "viaPort" << ','; if (Options::instance().byteCounts()) log << setw(11) << "sent" << ',' << setw(11) << "recvd" << ','; log << setw(11) << "begin" << ',' << setw(11) << "end" << ", " << setw(22) << "beginTime" << ", " << setw(22) << "endTime" << ", status" << endl; // 1234567890 } natlog-3.01.00/connectionsconsumer/icmconf000077700000000000000000000000001474316276200231262../icmconf.libustar00rootroot00000000000000natlog-3.01.00/connectionsconsumer/run.cc000066400000000000000000000030531474316276200203650ustar00rootroot00000000000000#include "connectionsconsumer.ih" void ConnectionsConsumer::run() { thread cleanupThread; // when logging in Conntrack-mode or Device-mode (realTime) // inspect the TTL of the incoming packages in the background. bool realTime = Options::instance().realTime(); if (realTime) cleanupThread = thread{ &ConnectionsConsumer::cleanupWrap, this }; while (true) { d_storage.consumeWait(); if (d_storage.empty()) break; Record *record = d_storage.fetch(); // makes available the next // record-> Since this is the // only thread fetching records // there's no need to copy the // record at this point d_storage.produceNotify(); // process incoming protocol data, calls ipbase::process() // which calls inDev, outDev, insert, or destroy. // inDev, outDev are overridden by the classes TCP, UDP and ICMP // (cf, directories tcp/, udp/, icmp/) // tcp::process(), udp::process() or icmp::process() through // d_handler[record->protocol()]->process( RecordPtr{ record } ); } if (realTime) cleanupThread.join(); time_t eop = time(0) + 1; cleanupICMP_UDP(eop); // what's still in the maps is // there at EOP d_tcp.cleanup(eop); } natlog-3.01.00/connectionsconsumer/signalhandler.cc000066400000000000000000000002251474316276200223720ustar00rootroot00000000000000#include "connectionsconsumer.ih" void ConnectionsConsumer::signalHandler([[maybe_unused]] size_t signum) { IPbase::setLogType(IPbase::EOP); } natlog-3.01.00/conntrackproducer/000077500000000000000000000000001474316276200167015ustar00rootroot00000000000000natlog-3.01.00/conntrackproducer/activatebytecounts.cc000066400000000000000000000003621474316276200231310ustar00rootroot00000000000000#include "conntrackproducer.ih" void ConntrackProducer::activateByteCounts() const { ofstream out = Exception::factory(s_nfConntrackAcct, ios::in | ios::out); out.put('1'); } natlog-3.01.00/conntrackproducer/childprocess.cc000066400000000000000000000006121474316276200216710ustar00rootroot00000000000000#include "conntrackproducer.ih" void ConntrackProducer::childProcess() { vector cmd(String::split(static_cast(0), d_options.conntrackCommand())); char const **args = String::argv(cmd); execv(args[0], const_cast(args)); throw 0; // this should not be reached, but if so main properly ends. } natlog-3.01.00/conntrackproducer/childredirections.cc000066400000000000000000000002361474316276200227070ustar00rootroot00000000000000#include "conntrackproducer.ih" void ConntrackProducer::childRedirections() { int fd[] = {STDOUT_FILENO, STDERR_FILENO}; d_pipe.writtenBy(fd, 2); } natlog-3.01.00/conntrackproducer/conntrackproducer.h000066400000000000000000000033141474316276200226010ustar00rootroot00000000000000#ifndef INCLUDED_CONNTRACKPRODUCER_ #define INCLUDED_CONNTRACKPRODUCER_ #include #include #include #include #include "../producersignals/producersignals.h" class Options; class Storage; namespace FBB { class Pattern; } class ConntrackProducer: public ProducerSignals, public FBB::Fork { FBB::Pipe d_pipe; Options &d_options; std::ostream &d_stdMsg; Storage &d_storage; bool d_signaled = false; bool (ConntrackProducer::*d_tcpUdp)(std::string const &line); bool (ConntrackProducer::*d_icmp)(std::string const &line); static FBB::Pattern s_tcpudp; static FBB::Pattern s_icmp; static char const s_nfConntrackAcct[]; public: ConntrackProducer(std::ostream &stdMsg, Storage &storage); ~ConntrackProducer(); private: void activateByteCounts() const; bool icmp(std::string const &line); // process ICMP connections bool notUsed(std::string const &line); // false: used for unused // connection types void process(std::string const &line); // process the conntrack info void setTcpUdp(size_t protocolType, // set d_tcpUdp for TCP/UDP char const *label); bool tcpUdp(std::string const &line); // process TCP/UDP connections void childProcess() override; void childRedirections() override; void parentProcess() override; void parentRedirections() override; void run() override; void signalHandler(size_t signum) override; }; #endif natlog-3.01.00/conntrackproducer/conntrackproducer.ih000066400000000000000000000005651474316276200227570ustar00rootroot00000000000000#include "conntrackproducer.h" #include #include #include #include #include #include #include #include #include "../options/options.h" #include "../storage/storage.h" #include "../conntrackrecord/conntrackrecord.h" using namespace std; using namespace FBB; natlog-3.01.00/conntrackproducer/conntrackproducer1.cc000066400000000000000000000013401474316276200230150ustar00rootroot00000000000000#include "conntrackproducer.ih" ConntrackProducer::ConntrackProducer(ostream &stdMsg, Storage &storage) : d_options(Options::instance()), d_stdMsg(stdMsg), d_storage(storage), d_tcpUdp(&ConntrackProducer::notUsed) { if (access(d_options.conntrackDevice(), R_OK) != 0) throw Exception{} << "Cannot read " << d_options.conntrackDevice(); if (d_options.byteCounts()) activateByteCounts(); setTcpUdp(IP_Types::TCP, "TCP"); setTcpUdp(IP_Types::UDP, "UDP"); if (not d_options.hasProtocol(IP_Types::ICMP)) d_icmp = &ConntrackProducer::notUsed; else { imsg << "conntrack reports ICMP connections" << endl; d_icmp = &ConntrackProducer::icmp; } } natlog-3.01.00/conntrackproducer/data.cc000066400000000000000000000057561474316276200201360ustar00rootroot00000000000000#include "conntrackproducer.ih" char const ConntrackProducer::s_nfConntrackAcct[] = "/proc/sys/net/netfilter/nf_conntrack_acct"; // [1338987414.52626 ] [NEW] tcp 6 120 SYN_SENT // src=192.168.1.4 dst=129.125.14.80 sport=59783 dport=22 // [UNREPLIED] // packets=7 bytes=450 // src=129.125.14.80 dst=129.125.100.246 sport=22 dport=59783 // packets=7 bytes=450 .... Pattern ConntrackProducer::s_tcpudp { R"(\[(\d+)\.(\d+).*\[(NEW|DESTROY)\]\s+(tcp|udp).*)" // 1 2 3 4 time: [1338899277.41469 ] R"(src=(\S+)\s+dst=(\S+)\s+)" // source to nat, dest // 5 6 R"(sport=(\d+)\s+dport=(\d+))" // source from, dest port // 7 8 R"((\s+packets=(\d+)\s+bytes=(\d+))?.*)" // maybe sent packets/bytes //9 10 11 R"(dst=(\S+).*)" // natted source (key) // 12 (was: 9) R"(dport=(\d+))" // natted dport (key) // 13 (was: 10) R"((\s+packets=(\d+)\s+bytes=(\d+))?)", // maybe recv'd packets/bytes //14 15 16 true, static_cast(CTtcpudp::nFields) }; // If packets/bytes are not provided then the final #14 thru #16 are not // available, and end() returns 14, otherwise 17. /////////////////////////////////////////////////////////////////////////// // [1387190207.153486] [NEW] icmp 1 30 // src=192.168.17.7 dst=129.125.3.162 type=8 code=0 id=7016 // [UNREPLIED] // packets=1 bytes=84 <-- maybe // src=129.125.3.162 dst=129.125.100.246 type=0 code=0 id=7016 // packets=1 bytes=84 <-- maybe Pattern ConntrackProducer::s_icmp { // [1514579857.235298] [DESTROY] icmp 1 R"(\[(\d+)\.(\d+).*\[(NEW|DESTROY)\]\s+icmp.*)" // 1 2 3 //src=192.168.17.6 dst=129.125.3.162 R"(src=(\S+)\s+dst=(\S+)\s+)" // source to nat, dest // 4 5 // type=8 code=0 id=3269 R"(\S+\s+\S+\s+id=(\d+)\s+)" // id= (key) // 6 // packets=4 bytes=336 R"((packets=(\d+)\s+bytes=(\d+)\s+)?)" // maybe sent packets/bytes // 7 8 9 // src=129.125.3.162 dst=192.168.8.17 type=0 code=0 id=3269 R"(.*dst=(\S+).*id=\d+)" // natted source // 10 (was: 7) // packets=4 bytes=336 R"((\s+packets=(\d+)\s+bytes=(\d+))?)", // maybe rev'd packets/bytes // 11 12 13 true, static_cast(CTicmp::nFields) }; // If packets/bytes are not provided then the final #11 thru #13 are not // available, and end() returns 11, otherwise 14. natlog-3.01.00/conntrackproducer/destructor.cc000066400000000000000000000003511474316276200214050ustar00rootroot00000000000000#include "conntrackproducer.ih" //f: ConntrackProducer::~ConntrackProducer() //c: ConntrackProducer::signalHandler(unsigned long) ConntrackProducer::~ConntrackProducer() { d_stdMsg << "monitoring conntrack ends" << endl; } natlog-3.01.00/conntrackproducer/frame000066400000000000000000000000711474316276200177140ustar00rootroot00000000000000#include "conntrackproducer.ih" ConntrackProducer:: { } natlog-3.01.00/conntrackproducer/icmconf000077700000000000000000000000001474316276200225562../icmconf.libustar00rootroot00000000000000natlog-3.01.00/conntrackproducer/icmp.cc000066400000000000000000000010751474316276200201430ustar00rootroot00000000000000#include "conntrackproducer.ih" bool ConntrackProducer::icmp(string const &line) { if (not (s_icmp << line)) // this is not an ICMP connection return false; // (maybe there are other than icmp, // tcp and udp connections, hence the // check) // if not requested then notUsed() instead of icmp() is called d_storage.push( new ConntrackRecord{ Record::ICMP, s_icmp } ); return true; // not used (see process()) } natlog-3.01.00/conntrackproducer/notused.cc000066400000000000000000000002751474316276200206750ustar00rootroot00000000000000#include "conntrackproducer.ih" // see conntrackproducer1.cc bool ConntrackProducer::notUsed([[maybe_unused]] string const &line) { return false; } natlog-3.01.00/conntrackproducer/parentprocess.cc000066400000000000000000000005371474316276200221050ustar00rootroot00000000000000#include "conntrackproducer.ih" // See also README.conntrack void ConntrackProducer::parentProcess() { string line; // co-used for retrieving the IP Header size while (getline(cin, line)) process(line); waitForChild(); if (not d_signaled) d_stdMsg << "conntrack terminated" << endl; } natlog-3.01.00/conntrackproducer/parentredirections.cc000066400000000000000000000001651474316276200231160ustar00rootroot00000000000000#include "conntrackproducer.ih" void ConntrackProducer::parentRedirections() { d_pipe.readFrom(STDIN_FILENO); } natlog-3.01.00/conntrackproducer/process.cc000066400000000000000000000025321474316276200206700ustar00rootroot00000000000000#include "conntrackproducer.ih" void ConntrackProducer::process(string const &line) { imsg << "LINE: " << line << endl; if ((this->*d_tcpUdp)(line) or (this->*d_icmp)(line)) return; imsg << " (not matched)" << endl; // if (s_tcpudp << line) // if this is a UDP or TCP conn. // { // process them. // if (not (this->*d_tcp)()) // At TCP and unhandled tcp: // (this->*d_udp)(); // true is returned // return; // } // // if ((this->*d_icmp)(line)) // return; // // if (s_icmp << line) // or try an ICMP connection // { // (this->*d_icmp)(); // return; // } } // if (s_tcpudp << line) // try to match UDP or TCP // { // if ( d_options.hasProtocol( // s_tcpudp[ static_cast(CTtcpudp::PROTOCOL) ] ) // ) // d_storage.push( new ConntrackRecord{ // (also for UDP) // Record::TCP, s_tcpudp } ); // return; // } // // // or try to match ICMP // if (s_icmp << line and d_options.hasProtocol(Record::ICMP)) // { // d_storage.push( new ConntrackRecord{ Record::ICMP, s_icmp } ); // return; // } natlog-3.01.00/conntrackproducer/run.cc000066400000000000000000000016011474316276200200120ustar00rootroot00000000000000#include "conntrackproducer.ih" //f: ConntrackProducer::run() //c: ConntrackProducer::childProcess() //c: ConntrackProducer::parentProcess() //c: ConntrackProducer::childRedirections() //c: ConntrackProducer::parentRedirections() void ConntrackProducer::run() { size_t max = d_options.conntrackRestart(); d_stdMsg << "Starting `" << d_options.conntrackCommand() << "' (max " << max << " restarts)" << endl; ++max; // restarts, so add 1 for initial startup. for (size_t idx = 0; idx != max; ) { ++idx; try { d_pipe = Pipe(); fork(); return; } catch (Options::ExitStatus status) { d_stdMsg << "conntrack run " << idx << " ended" << endl; } } d_stdMsg << "conntrack started " << max << " times, giving up" << endl; } natlog-3.01.00/conntrackproducer/settcpudp.cc000066400000000000000000000004421474316276200212230ustar00rootroot00000000000000#include "conntrackproducer.ih" void ConntrackProducer::setTcpUdp(size_t protocolType , char const *label) { if (not d_options.hasProtocol(protocolType)) return; imsg << "conntrack reports " << label << " connections" << endl; d_tcpUdp = &ConntrackProducer::tcpUdp; } natlog-3.01.00/conntrackproducer/signalhandler.cc000066400000000000000000000004741474316276200220300ustar00rootroot00000000000000#include "conntrackproducer.ih" void ConntrackProducer::signalHandler(size_t signum) { d_stdMsg << "received signal " << signum << " (" << (signum == SIGINT ? "SIGINT" : "SIGTERM") << ')' << endl; d_signaled = true; kill(pid(), SIGTERM); kill(pid(), SIGTERM); kill(pid(), SIGKILL); } natlog-3.01.00/conntrackproducer/tcpudp.cc000066400000000000000000000014551474316276200205140ustar00rootroot00000000000000#include "conntrackproducer.ih" // false is returned when line does not contain TCP or UDP info // (or, via notUsed, if neither TCP or UDP should be logged) // true is otherwise returned. If the udp or tcp protocol is handled // then handled protocol records are pushed into the storage bool ConntrackProducer::tcpUdp(string const &line) { if (not (s_tcpudp << line)) // if this is not an UDP or TCP connection return false; if ( // if UDP/TCP is requested: push it d_options.hasProtocol( s_tcpudp[ static_cast(CTtcpudp::PROTOCOL) ] ) ) d_storage.push( new ConntrackRecord{ Record::TCP, s_tcpudp } ); return true; // see process() } natlog-3.01.00/conntrackrecord/000077500000000000000000000000001474316276200163345ustar00rootroot00000000000000natlog-3.01.00/conntrackrecord/conntrackrecord.h000066400000000000000000000026141474316276200216710ustar00rootroot00000000000000#ifndef INCLUDED_CONNTRACKRECORD_ #define INCLUDED_CONNTRACKRECORD_ // CTtcpudp and CTicmp: see below #include #include "../record/record.h" namespace FBB { class Pattern; } class ConntrackRecord: public Record { FBB::Pattern const &d_pattern; public: ConntrackRecord(Protocol protocol, FBB::Pattern const &pattern); // ~ConntrackRecord() override; private: void initTCP_UDP(FBB::Pattern const &pattern); void initICMP(FBB::Pattern const &pattern); template std::string pat(Enum value) const; }; // Indices when matching conntrackproducer entries with Pattern for tcp/udp enum class CTtcpudp { SECONDS = 1, // 1st three entries are common with CTicmp MU_SECONDS, TYPE, // NEW, DESTROY PROTOCOL, // tcp/udp SRC, DST, SPORT, DPORT, SENTPACKETTEXT, SENTPACKETS, SENTBYTES, NATSRC, NATPORT, RECVDPACKETTEXT, RECVDPACKETS, RECVDBYTES, nFields, }; // Indices when matching conntrackproducer entries with Pattern for tcp/udp enum class CTicmp { SECONDS = 1, MU_SECONDS, TYPE, // NEW, DESTROY SRC, DST, ID, SENTPACKETTEXT, SENTPACKETS, SENTBYTES, NATSRC, RECVDPACKETTEXT, RECVDPACKETS, RECVDBYTES, nFields, }; #endif natlog-3.01.00/conntrackrecord/conntrackrecord.ih000066400000000000000000000004751474316276200220450ustar00rootroot00000000000000#include "conntrackrecord.h" #include #include #include #include "../options/options.h" using namespace std; using namespace FBB; template inline std::string ConntrackRecord::pat(Enum value) const { return d_pattern[ static_cast(value) ]; } natlog-3.01.00/conntrackrecord/conntrackrecord1.cc000066400000000000000000000006301474316276200221040ustar00rootroot00000000000000#include "conntrackrecord.ih" ConntrackRecord::ConntrackRecord(Protocol type, Pattern const &pattern) : d_pattern(pattern) { setLastUsed(::time(0)); setType(pat(CTicmp::TYPE) == "NEW" ? NEW : DESTROY); setAllTimes(stoul(pat(CTicmp::SECONDS)), stoul(pat(CTicmp::MU_SECONDS))); if (type == ICMP) initICMP(pattern); else initTCP_UDP(pattern); } natlog-3.01.00/conntrackrecord/frame000066400000000000000000000000651474316276200173520ustar00rootroot00000000000000#include "conntrackrecord.ih" ConntrackRecord:: { } natlog-3.01.00/conntrackrecord/icmconf000077700000000000000000000000001474316276200222112../icmconf.libustar00rootroot00000000000000natlog-3.01.00/conntrackrecord/initicmp.cc000066400000000000000000000015471474316276200204660ustar00rootroot00000000000000#include "conntrackrecord.ih" void ConntrackRecord::initICMP(Pattern const &pattern) { setSourceIP( aton(pat(CTicmp::SRC)) ); setDestIP( aton(pat(CTicmp::DST)) ); setViaIP( aton(pat(CTicmp::NATSRC)) ); setProtocol(ICMP); setIDKey( stoul(pat(CTicmp::ID)), 0 ); // no sequence nr available if (type() == DESTROY) { if (pattern.end() == static_cast(CTicmp::nFields)) { size_t ipHeaderSize = Options::instance().IPheaderSize(); if (ipHeaderSize != 0) ipHeaderSize *= stoul(pat(CTicmp::RECVDPACKETS)); size_t nBytes = stoul(pat(CTicmp::SENTBYTES)); setSentBytes( nBytes ? nBytes - ipHeaderSize : 0 ); nBytes = stoul(pat(CTicmp::RECVDBYTES)); setReceivedBytes( nBytes ? nBytes - ipHeaderSize : 0 ); } }; } natlog-3.01.00/conntrackrecord/inittcpudp.cc000066400000000000000000000021321474316276200210240ustar00rootroot00000000000000#include "conntrackrecord.ih" void ConntrackRecord::initTCP_UDP(Pattern const &pattern) { setSourceIP( aton(pat(CTtcpudp::SRC)) ); setDestIP( aton(pat(CTtcpudp::DST)) ); setViaIP( aton(pat(CTtcpudp::NATSRC)) ); setPorts( stoul(pat(CTtcpudp::SPORT)), stoul(pat(CTtcpudp::DPORT)) ); setViaPort( stoul(pat(CTtcpudp::NATPORT)) ); setProtocol( pat(CTtcpudp::PROTOCOL) == "tcp" ? TCP : UDP ); setSrcKey(); if (type() == DESTROY) // DESTROY records may have sent/received { // byte counts if (pattern.end() == static_cast(CTtcpudp::nFields)) { size_t ipHeaderSize = Options::instance().IPheaderSize(); if (ipHeaderSize != 0) ipHeaderSize *= stoul(pat(CTtcpudp::RECVDPACKETS)); size_t nBytes = stoul(pat(CTtcpudp::SENTBYTES)); setSentBytes( nBytes ? nBytes - ipHeaderSize : 0 ); nBytes = stoul(pat(CTtcpudp::RECVDBYTES)); setReceivedBytes( nBytes ? nBytes - ipHeaderSize : 0 ); } }; } natlog-3.01.00/devicesproducer/000077500000000000000000000000001474316276200163415ustar00rootroot00000000000000natlog-3.01.00/devicesproducer/destructor.cc000066400000000000000000000004641474316276200210520ustar00rootroot00000000000000#include "devicesproducer.ih" //f: DevicesProducer::~DevicesProducer() //c: DevicesProducer::signalHandler(unsigned long) DevicesProducer::~DevicesProducer() { if (not d_endSignal) d_stdMsg << "monitoring " << d_inName << " and " << d_outName << " ends" << endl; } natlog-3.01.00/devicesproducer/devicesproducer.h000066400000000000000000000012511474316276200216770ustar00rootroot00000000000000#ifndef INCLUDED_DEVICESPRODUCER_ #define INCLUDED_DEVICESPRODUCER_ #include #include #include "../producersignals/producersignals.h" class Storage; class DevicesProducer: public ProducerSignals//, public FBB::SignalHandler { std::ostream &d_stdMsg; Storage &d_storage; FBB::Semaphore d_signaled; bool d_endSignal = false; char const *d_inName; char const *d_outName; public: DevicesProducer(std::ostream &stdMsg, Storage &storage); ~DevicesProducer() override; private: void run() override; void signalHandler(size_t signum) override; }; #endif natlog-3.01.00/devicesproducer/devicesproducer.ih000066400000000000000000000003571474316276200220560ustar00rootroot00000000000000#include "devicesproducer.h" #include #include #include "../options/options.h" #include "../storage/storage.h" #include "../pcapfilter/pcapfilter.h" #include "../nic/nic.h" using namespace std; using namespace FBB; natlog-3.01.00/devicesproducer/devicesproducer1.cc000066400000000000000000000005401474316276200221160ustar00rootroot00000000000000#include "devicesproducer.ih" DevicesProducer::DevicesProducer(ostream &stdMsg, Storage &storage) : d_stdMsg(stdMsg), d_storage(storage), d_signaled(0) { Options const &options = Options::instance(); d_inName = options[0]; d_outName = options[1]; g_nic.set(Record::IN, d_inName); g_nic.set(Record::OUT, d_outName); } natlog-3.01.00/devicesproducer/frame000066400000000000000000000000651474316276200173570ustar00rootroot00000000000000#include "devicesproducer.ih" DevicesProducer:: { } natlog-3.01.00/devicesproducer/icmconf000077700000000000000000000000001474316276200222162../icmconf.libustar00rootroot00000000000000natlog-3.01.00/devicesproducer/run.cc000066400000000000000000000007561474316276200174640ustar00rootroot00000000000000#include "devicesproducer.ih" void DevicesProducer::run() { PcapFilter in{ d_inName, Record::IN, d_stdMsg, d_storage }; PcapFilter out{ d_outName, Record::OUT, d_stdMsg, d_storage }; thread { in }.detach(); thread { out }.detach(); d_stdMsg << "starting capturing " << d_inName << " and " << d_outName << endl; d_signaled.wait(); d_endSignal = true; in.stop(); out.stop(); } natlog-3.01.00/devicesproducer/signalhandler.cc000066400000000000000000000003531474316276200214640ustar00rootroot00000000000000#include "devicesproducer.ih" void DevicesProducer::signalHandler(size_t signum) { d_stdMsg << "received signal " << signum << " (" << (signum == SIGINT ? "SIGINT" : "SIGTERM") << ')' << endl; d_signaled.notify(); } natlog-3.01.00/documentation/000077500000000000000000000000001474316276200160245ustar00rootroot00000000000000natlog-3.01.00/documentation/README.conntrack000066400000000000000000000064501474316276200206720ustar00rootroot00000000000000On Debian Linux systems conntrack uses the /proc/net/nf_conntrack device. This device may not be available in other Linux variants (e.g., Ubuntu). Sebastian Monte provided information about how conntrack can be used in those cases. See README.no_nf_conntrack for a description of his findings. Conntrack byte counts add the sizes of the IP headers (usually 20 bytes) to the byte counts. So, icmp packets are usually reported as having size 84, even though ping etc reports the payload (64 bytes). Since the actual size of the IP headers cannot be determined from conntrack's output, the sizes reported via natlog's conntrack mode are as reported, and are therefore not corrected for IP header lengths. Example conntrack lines: The 'maybe' entries appear if the command $ echo 1 > /proc/sys/net/netfilter/nf_conntrack_acct has been issued before starting natlog. [1338987414.52626 ] [NEW] tcp 6 120 SYN_SENT src=192.168.1.4 dst=129.125.14.80 sport=59783 dport=22 [UNREPLIED] src=129.125.14.80 dst=129.125.100.246 sport=22 dport=59783 [1387190223.487711] [DESTROY] tcp 6 src=192.168.17.21 dst=192.87.23.111 sport=50029 dport=443 packets=7 bytes=450 <-- maybe src=192.87.23.111 dst=129.125.100.246 sport=443 dport=50029 packets=5 bytes=1679 <-- maybe [ASSURED] [1515751941.057688] [NEW] tcp 6 120 SYN_SENT src=192.168.17.6 dst=129.125.3.162 sport=49590 dport=22 [UNREPLIED] src=129.125.3.162 dst=192.168.8.17 sport=22 dport=49590 [1515752071.886964] [DESTROY] tcp 6 src=192.168.17.6 dst=129.125.3.162 sport=49590 dport=22 packets=29 bytes=4840 src=129.125.3.162 dst=192.168.8.17 sport=22 dport=49590 packets=30 bytes=5132 [ASSURED] With conntrack records the source port and unique port combinations (1st line) are unique and are used as the key. ------------------------------------------------------------------------------- [1387190207.172139] [NEW] udp 17 30 src=10.4.0.6 dst=129.125.4.6 sport=42998 dport=53 [UNREPLIED] src=129.125.4.6 dst=129.125.100.246 sport=53 dport=42998 [1387190187.423829] [DESTROY] udp 17 src=10.4.0.6 dst=216.239.34.10 sport=60840 dport=53 packets=1 bytes=138 <-- maybe src=216.239.34.10 dst=129.125.100.246 sport=53 dport=60840 packets=1 bytes=524 <-- maybe Note that the tcp and udp lines are identically organized With conntrack records the source port and unique port combinations (1st line) are unique and are used as the key. ------------------------------------------------------------------------------- [1387190207.153486] [NEW] icmp 1 30 src=192.168.17.7 dst=129.125.3.162 type=8 code=0 id=7016 [UNREPLIED] src=129.125.3.162 dst=129.125.100.246 type=0 code=0 id=7016 [1387190237.151720] [DESTROY] icmp 1 src=192.168.17.7 dst=129.125.3.162 type=8 code=0 id=7016 packets=1 bytes=84 <-- maybe src=129.125.3.162 dst=129.125.100.246 type=0 code=0 id=7016 packets=1 bytes=84 <-- maybe With conntrack records the IDs are unique and are used as the key. ------------------------------------------------------------------------------- natlog-3.01.00/documentation/README.key000066400000000000000000000001511474316276200174700ustar00rootroot00000000000000ICMP: src -> dst id, seq id + seq is used as key nat -> dst dst -> nat dst -> src natlog-3.01.00/documentation/README.no_nf_conntrack000066400000000000000000000025521474316276200220500ustar00rootroot00000000000000On Debian Linux systems conntrack uses the /proc/net/nf_conntrack device. This device may not be available in other Linux variants (e.g., Ubuntu). Sebastian Monte provided information about how conntrack can be used in those cases. His findings are summarized below: If you want to use conntrack with Ubuntu issue the following commands: 1: apt install pkg-config libfuse-dev 2: mkdir /opt/scriptfs 3: cd /opt/scriptfs 4: wget https://github.com/frodonh/scriptfs/archive/refs/heads/master.zip 5: unzip master.zip 6: cd scriptfs-master 7: make 8: ln -s /opt/scriptfs/scriptfs-master/scriptfs /usr/bin/scriptfs 9: mkdir executable 10: mkdir conntrack 11: echo 'conntrack -E' > executable/conntrack.sh 12: chmod +x executable/conntrack.sh Now we have a directory /opt/scriptfs which looks like this: drwxr-xr-x 2 root root 4096 Apr 16 18:34 conntrack drwxr-xr-x 2 root root 4096 Apr 16 18:34 executable -rw-r--r-- 1 root root 57065 Apr 16 17:53 master.zip drwxr-xr-x 2 root root 4096 Apr 16 18:02 scriptfs-master Finally do: 13: insert #!/bin/bash at the first line of /opt/scriptfs/executable/conntrack.sh 14: scriptfs /opt/scriptfs/executable /opt/scriptfs/conntrack 15: in etc/natlog.conf specify conntrack-device: /opt/scriptfs/conntrack/conntrack.sh natlog-3.01.00/documentation/README.packet000066400000000000000000000126021474316276200201530ustar00rootroot00000000000000 struct pcap_pkthdr { struct timeval ts; /* time stamp */ bpf_u_int32 caplen; /* length of portion present */ bpf_u_int32 len; /* length this packet (off wire) */ }; These values should be fairly self explanatory. The last argument is a pointer to a u_char, and it points to the first byte of a chunk of data containing the entire packet, as sniffed by pcap_loop(). The following are the structure definitions that I use to describe a TCP/IP packet over Ethernet. /* Ethernet addresses are 6 bytes */ /* Ethernet header */ struct sniff_ethernet { u_char ether_dhost[6]; /* Destination host address */ u_char ether_shost[6]; /* Source host address */ u_short ether_type; /* IP? ARP? RARP? etc */ }; /* IP header */ struct sniff_ip { u_char ip_vhl; /* version << 4 | header length >> 2 */ u_char ip_tos; /* type of service */ u_short ip_len; /* total length */ u_short ip_id; /* identification */ u_short ip_off; /* fragment offset field */ #define IP_RF 0x8000 /* reserved fragment flag */ #define IP_DF 0x4000 /* dont fragment flag */ #define IP_MF 0x2000 /* more fragments flag */ #define IP_OFFMASK 0x1fff /* mask for fragmenting bits */ u_char ip_ttl; /* time to live */ u_char ip_p; /* protocol */ u_short ip_sum; /* checksum */ struct in_addr ip_src,ip_dst; /* source and dest address */ }; #define IP_HL(ip) (((ip)->ip_vhl) & 0x0f) #define IP_V(ip) (((ip)->ip_vhl) >> 4) /* TCP header */ struct sniff_tcp { u_short th_sport; /* source port */ u_short th_dport; /* destination port */ tcp_seq th_seq; /* sequence number */ tcp_seq th_ack; /* acknowledgement number */ u_char th_offx2; /* data offset, rsvd */ #define TH_OFF(th) (((th)->th_offx2 & 0xf0) >> 4) u_char th_flags; #define TH_FIN 0x01 #define TH_SYN 0x02 #define TH_RST 0x04 #define TH_PUSH 0x08 #define TH_ACK 0x10 #define TH_URG 0x20 #define TH_ECE 0x40 #define TH_CWR 0x80 #define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR) u_short th_win; /* window */ u_short th_sum; /* checksum */ u_short th_urp; /* urgent pointer */ }; we're going to assume that we are dealing with a TCP/IP packet over Ethernet. This same technique applies to any packet; the only difference is the structure types that you actually use. So let's begin by defining the variables and compile-time definitions we will need to deconstruct the packet data. /* ethernet headers are always exactly 14 bytes */ #define SIZE_ETHERNET 14 const struct sniff_ethernet *ethernet; /* The ethernet header */ const struct sniff_ip *ip; /* The IP header */ const struct sniff_tcp *tcp; /* The TCP header */ const char *payload; /* Packet payload */ u_int size_ip; u_int size_tcp; And now we do our magical typecasting: ethernet = (struct sniff_ethernet*)(packet); ip = (struct sniff_ip*)(packet + SIZE_ETHERNET); size_ip = IP_HL(ip)*4; if (size_ip < 20) { printf(" * Invalid IP header length: %u bytes\n", size_ip); return; } tcp = (struct sniff_tcp*)(packet + SIZE_ETHERNET + size_ip); size_tcp = TH_OFF(tcp)*4; if (size_tcp < 20) { printf(" * Invalid TCP header length: %u bytes\n", size_tcp); return; } payload = (u_char *)(packet + SIZE_ETHERNET + size_ip + size_tcp); For the sake of simplicity, we'll say that the address this pointer is set to is the value X. Well, if our three structures are just sitting in line, the first of them (sniff_ethernet) being located in memory at the address X, then we can easily find the address of the structure after it; that address is X plus the length of the Ethernet header, which is 14, or SIZE_ETHERNET. Similarly if we have the address of that header, the address of the structure after it is the address of that header plus the length of that header. The IP header, unlike the Ethernet header, does not have a fixed length; its length is given, as a count of 4-byte words, by the header length field of the IP header. As it's a count of 4-byte words, it must be multiplied by 4 to give the size in bytes. The minimum length of that header is 20 bytes. The TCP header also has a variable length; its length is given, as a number of 4-byte words, by the "data offset" field of the TCP header, and its minimum length is also 20 bytes. So let's make a chart: Variable Location (in bytes) sniff_ethernet X sniff_ip X + SIZE_ETHERNET sniff_tcp X + SIZE_ETHERNET + {IP header length} payload X + SIZE_ETHERNET + {IP header length} + {TCP header length} The sniff_ethernet structure, being the first in line, is simply at location X. sniff_ip, who follows directly after sniff_ethernet, is at the location X, plus however much space the Ethernet header consumes (14 bytes, or SIZE_ETHERNET). sniff_tcp is after both sniff_ip and sniff_ethernet, so it is location at X plus the sizes of the Ethernet and IP headers (14 bytes, and 4 times the IP header length, respectively). Lastly, the payload (which doesn't have a single structure corresponding to it, as its contents depends on the protocol being used atop TCP) is located after all of them. natlog-3.01.00/documentation/README.tcp000066400000000000000000000507471474316276200175060ustar00rootroot00000000000000An example of TCP communication as processed by Pcap (DevicesProducer and TcpdumpProducer) Note: usually cport and nport are identical, but that's not necessarily so, so cport and nport cannot be used to identify the nathost and nat-port (nport) Here is an example of the TCP communication: SYN: ==== start connection at the client computer: 09:42:20.615902 br0 (IN) client.cport > remote.22: Flags [S], seq 442193845, win 29200, options [mss 1460,sackOK,TS val 918415591 ecr 0,nop,wscale 7], length 0 NAT: nathost is the natting host on the outbound interface 09:42:20.616029 eth1 (OUT) nathost.nport > remote.22: Flags [S], seq 442193845, win 29200, options [mss 1460,sackOK,TS val 918415591 ecr 0,nop,wscale 7], length 0 Initially, on the IN and OUT devices the seq. nrs are identical, and are used to match the two SYN records. This is only required once: to determine the nathost's address and port. SYN connections start the connection, so when a SYN is received on the IN device, then the src and sport values as well as the dst and dport values are known. The NAT host receives the same sequence number and thus obtains the nathost and nport values. Thereafter, the key is computed from the IN packets: SYN: then a new connections -> key from src and sport if existing: old connection is ended (logged as expired) FIN: existing: connections ends and is logged otherwise: ignore otherwise: existing: bytes are sent key(dst, dport) exists: recvd otherwise: uknown, ignore not existing: key must be dst, dport: recvd ----------------------------------------------------------- SYN ACK: ======== reply from remote -> nathost 09:42:20.665832 eth1 (OUT) remote.22 > nathost.nport: Flags [S.], seq 3499515712 ack 442193846 win 65535, options [mss 1409,nop,wscale 7,sackOK,TS val 1600635341 ecr 918415591 = previous val length 0 remote reply forwarded by nathost to client 09:42:20.665882 br0 (IN) remote.22 > client.cport: Flags [S.], seq 3499515712, ack 442193846, win 65535, options [mss 1409,nop,wscale 7,sackOK,TS val 1600635341 ecr 918415591 = previous val length 0 These SYN ACK records do not contain useful information (for us). E.g., no length ----------------------------------------------------------- ACK: ==== client sends ACK to remote 09:42:20.666158 br0 (IN) client.cport > remote.22: Flags [.], ack 1, win 229, options [nop,nop,TS val 918415641 ecr 1600635341], length 0 nathost forwards ACK to remote: 09:42:20.666202 eth1 (OUT) nathost.nport > remote.22: Flags [.], ack 1, win 229, options [nop,nop,TS val 918415641 ecr 1600635341], length 0 Same ----------------------------------------------------------- Data: ===== client sends data packet: 09:42:20.666543 br0 (IN) client.cport > remote.22: Flags [P.], seq 1:33, ack 1, win 229, options [nop,nop,TS val 918415642 ecr 1600635341 = previous val length 32 Using cport|22 as key, the #sent bytes is updated if the record's source port is equal to the record[key]'s source port ----------------------------------------------------------- nathost forwards data to remote: 09:42:20.666583 eth1 (OUT) nathost.nport > remote.22: Flags [P.], seq 1:33, ack 1, win 229, options [nop,nop,TS val 918415642 ecr 1600635341], length 32 Since this is mere forwarding, no administration is required. ----------------------------------------------------------- remote: data to nathost 09:42:20.695657 eth1 (OUT) remote.22 > nathost.nport: Flags [P.], seq 1:33, ack 33, win 1023, options [nop,nop,TS val 1600635344 ecr 918415642], length 32 Incoming data, which can also be ignored, since it'll arrive at the client ----------------------------------------------------------- nathost forwards to client: 09:42:20.695704 br0 (IN) remote.22 > client.cport: Flags [P.], seq 1:33, ack 33, win 1023, options [nop,nop,TS val 1600635344 ecr 918415642], length 32 Data arriving at the client: using cport|22 as key, the #received bytes is updated if the record's dest port is equal to the record[key]'s source port ----------------------------------------------------------- client sends ACK to remote 09:42:20.695976 br0 (IN) client.cport > remote.22: Flags [.], ack 33, win 229, options [nop,nop,TS val 918415671 ecr 1600635344] , length 0 nathost forwards ACK to remote 09:42:20.696019 eth1 (OUT) nathost.nport > remote.22: Flags [.], ack 33, win 229, options [nop,nop,TS val 918415671 ecr 1600635344 ], length 0 09:42:20.696687 br0 (IN) client.cport > remote.22: Flags [P.], seq 33:1393, ack 33, win 229, options [nop,nop,TS val 918415672 ecr 1600635344], length 1360 09:42:20.696730 eth1 (OUT) nathost.nport > remote.22: Flags [P.], seq 33:1393, ack 33, win 229, options [nop,nop,TS val 918415672 ecr 1600635344], length 1360 09:42:20.699595 eth1 (OUT) remote.22 > nathost.nport: Flags [.], ack 33, win 1024, options [nop,nop,TS val 1600635344 ecr 918415642], length 0 09:42:20.699634 br0 (IN) remote.22 > client.cport: Flags [.], ack 33, win 1024, options [nop,nop,TS val 1600635344 ecr 918415642], length 0 09:42:20.704898 eth1 (OUT) remote.22 > nathost.nport: Flags [P.], seq 33:929, ack 33, win 1024, options [nop,nop,TS val 1600635345 ecr 918415642], length 896 09:42:20.704939 br0 (IN) remote.22 > client.cport: Flags [P.], seq 33:929, ack 33, win 1024, options [nop,nop,TS val 1600635345 ecr 918415642], length 896 09:42:20.737513 eth1 (OUT) remote.22 > nathost.nport: Flags [.], ack 1393, win 1024, options [nop,nop,TS val 1600635348 ecr 918415672], length 0 09:42:20.737555 br0 (IN) remote.22 > client.cport: Flags [.], ack 1393, win 1024, options [nop,nop,TS val 1600635348 ecr 918415672], length 0 09:42:20.737821 br0 (IN) client.cport > remote.22: Flags [P.], seq 1393:1441, ack 929, win 251, options [nop,nop,TS val 918415713 ecr 1600635345], length 48 09:42:20.737864 eth1 (OUT) nathost.nport > remote.22: Flags [P.], seq 1393:1441, ack 929, win 251, options [nop,nop,TS val 918415713 ecr 1600635345], length 48 09:42:20.783898 eth1 (OUT) remote.22 > nathost.nport: Flags [P.], seq 929:1469, ack 1441, win 1024, options [nop,nop,TS val 1600635353 ecr 918415713], length 540 09:42:20.783988 br0 (IN) remote.22 > client.cport: Flags [P.], seq 929:1469, ack 1441, win 1024, options [nop,nop,TS val 1600635353 ecr 918415713], length 540 09:42:20.790159 br0 (IN) client.cport > remote.22: Flags [P.], seq 1441:1457, ack 1469, win 265, options [nop,nop,TS val 918415765 ecr 1600635353], length 16 09:42:20.790211 eth1 (OUT) nathost.nport > remote.22: Flags [P.], seq 1441:1457, ack 1469, win 265, options [nop,nop,TS val 918415765 ecr 1600635353], length 16 09:42:20.928624 eth1 (OUT) remote.22 > nathost.nport: Flags [.], ack 1457, win 1024, options [nop,nop,TS val 1600635367 ecr 918415765], length 0 09:42:20.928715 br0 (IN) remote.22 > client.cport: Flags [.], ack 1457, win 1024, options [nop,nop,TS val 1600635367 ecr 918415765], length 0 etc. etc. 09:42:20.928949 br0 (IN) client.cport > remote.22: Flags [P.], seq 1457:1501, ack 1469, win 265, options [nop,nop,TS val 918415904 ecr 1600635367], length 44 09:42:20.929001 eth1 (OUT) nathost.nport > remote.22: Flags [P.], seq 1457:1501, ack 1469, win 265, options [nop,nop,TS val 918415904 ecr 1600635367], length 44 09:42:20.965643 eth1 (OUT) remote.22 > nathost.nport: Flags [P.], seq 1469:1513, ack 1501, win 1024, options [nop,nop,TS val 1600635371 ecr 918415904], length 44 09:42:20.965696 br0 (IN) remote.22 > client.cport: Flags [P.], seq 1469:1513, ack 1501, win 1024, options [nop,nop,TS val 1600635371 ecr 918415904], length 44 09:42:20.966059 br0 (IN) client.cport > remote.22: Flags [P.], seq 1501:1561, ack 1513, win 265, options [nop,nop,TS val 918415941 ecr 1600635371], length 60 09:42:20.966083 eth1 (OUT) nathost.nport > remote.22: Flags [P.], seq 1501:1561, ack 1513, win 265, options [nop,nop,TS val 918415941 ecr 1600635371], length 60 09:42:21.008693 eth1 (OUT) remote.22 > nathost.nport: Flags [P.], seq 1513:1589, ack 1561, win 1024, options [nop,nop,TS val 1600635375 ecr 918415941], length 76 09:42:21.008722 br0 (IN) remote.22 > client.cport: Flags [P.], seq 1513:1589, ack 1561, win 1024, options [nop,nop,TS val 1600635375 ecr 918415941], length 76 09:42:21.009433 br0 (IN) client.cport > remote.22: Flags [P.], seq 1561:1925, ack 1589, win 265, options [nop,nop,TS val 918415984 ecr 1600635375], length 364 09:42:21.009457 eth1 (OUT) nathost.nport > remote.22: Flags [P.], seq 1561:1925, ack 1589, win 265, options [nop,nop,TS val 918415984 ecr 1600635375], length 364 09:42:21.051808 eth1 (OUT) remote.22 > nathost.nport: Flags [P.], seq 1589:1905, ack 1925, win 1024, options [nop,nop,TS val 1600635379 ecr 918415984], length 316 09:42:21.051839 br0 (IN) remote.22 > client.cport: Flags [P.], seq 1589:1905, ack 1925, win 1024, options [nop,nop,TS val 1600635379 ecr 918415984], length 316 09:42:21.057729 br0 (IN) client.cport > remote.22: Flags [P.], seq 1925:2561, ack 1905, win 279, options [nop,nop,TS val 918416033 ecr 1600635379], length 636 09:42:21.057753 eth1 (OUT) nathost.nport > remote.22: Flags [P.], seq 1925:2561, ack 1905, win 279, options [nop,nop,TS val 918416033 ecr 1600635379], length 636 09:42:21.102581 eth1 (OUT) remote.22 > nathost.nport: Flags [P.], seq 1905:1933, ack 2561, win 1024, options [nop,nop,TS val 1600635385 ecr 918416033], length 28 09:42:21.102606 br0 (IN) remote.22 > client.cport: Flags [P.], seq 1905:1933, ack 2561, win 1024, options [nop,nop,TS val 1600635385 ecr 918416033], length 28 09:42:21.103151 br0 (IN) client.cport > remote.22: Flags [P.], seq 2561:2665, ack 1933, win 279, options [nop,nop,TS val 918416078 ecr 1600635385], length 104 09:42:21.103173 eth1 (OUT) nathost.nport > remote.22: Flags [P.], seq 2561:2665, ack 1933, win 279, options [nop,nop,TS val 918416078 ecr 1600635385], length 104 09:42:21.130577 eth1 (OUT) remote.22 > nathost.nport: Flags [.], ack 2665, win 1024, options [nop,nop,TS val 1600635387 ecr 918416078], length 0 09:42:21.130596 br0 (IN) remote.22 > client.cport: Flags [.], ack 2665, win 1024, options [nop,nop,TS val 1600635387 ecr 918416078], length 0 remote sends data to client: 09:42:21.138829 eth1 (OUT) remote.22 > nathost.nport: Flags [P.], seq 1933:2585, ack 2665, win 1024, options [nop,nop,TS val 1600635388 ecr 918416078], length 652 09:42:21.138857 br0 (IN) remote.22 > client.cport: Flags [P.], seq 1933:2585, ack 2665, win 1024, options [nop,nop,TS val 1600635388 ecr 918416078], length 652 remote sends data to nathost: 09:42:21.146627 eth1 (OUT) remote.22 > nathost.nport: Flags [P.], seq 2585:2629, ack 2665, win 1024, options [nop,nop,TS val 1600635389 ecr 918416078], length 44 09:42:21.146647 br0 (IN) remote.22 > client.cport: Flags [P.], seq 2585:2629, ack 2665, win 1024, options [nop,nop,TS val 1600635389 ecr 918416078], length 44 09:42:21.146951 br0 (IN) client.cport > remote.22: Flags [.], ack 2629, win 293, options [nop,nop,TS val 918416122 ecr 1600635388], length 0 09:42:21.146974 eth1 (OUT) nathost.nport > remote.22: Flags [.], ack 2629, win 293, options [nop,nop,TS val 918416122 ecr 1600635388], length 0 client sends data to remote (via nathost) 09:42:21.151816 br0 (IN) client.cport > remote.22: Flags [P.], seq 2665:2773, ack 2629, win 293, options [nop,nop,TS val 918416127 ecr 1600635388], length 108 09:42:21.151837 eth1 (OUT) nathost.nport > remote.22: Flags [P.], seq 2665:2773, ack 2629, win 293, options [nop,nop,TS val 918416127 ecr 1600635388], length 108 09:42:21.151997 br0 (IN) client.cport > remote.22: Flags [P.], seq 2773:3209, ack 2629, win 293, options [nop,nop,TS val 918416127 ecr 1600635388], length 436 09:42:21.152019 eth1 (OUT) nathost.nport > remote.22: Flags [P.], seq 2773:3209, ack 2629, win 293, options [nop,nop,TS val 918416127 ecr 1600635388], length 436 09:42:21.192828 eth1 (OUT) remote.22 > nathost.nport: Flags [P.], seq 2629:2741, ack 3209, win 1024, options [nop,nop,TS val 1600635394 ecr 918416127], length 112 09:42:21.192886 br0 (IN) remote.22 > client.cport: Flags [P.], seq 2629:2741, ack 3209, win 1024, options [nop,nop,TS val 1600635394 ecr 918416127], length 112 09:42:21.192918 eth1 (OUT) remote.22 > nathost.nport: Flags [P.], seq 2741:2945, ack 3209, win 1024, options [nop,nop,TS val 1600635394 ecr 918416127], length 204 09:42:21.192956 br0 (IN) remote.22 > client.cport: Flags [P.], seq 2741:2945, ack 3209, win 1024, options [nop,nop,TS val 1600635394 ecr 918416127], length 204 09:42:21.193401 br0 (IN) client.cport > remote.22: Flags [.], ack 2945, win 307, options [nop,nop,TS val 918416169 ecr 1600635394], length 0 09:42:21.193446 eth1 (OUT) nathost.nport > remote.22: Flags [.], ack 2945, win 307, options [nop,nop,TS val 918416169 ecr 1600635394], length 0 09:42:21.237611 eth1 (OUT) remote.22 > nathost.nport: Flags [P.], seq 2945:3005, ack 3209, win 1024, options [nop,nop,TS val 1600635398 ecr 918416169], length 60 09:42:21.237654 br0 (IN) remote.22 > client.cport: Flags [P.], seq 2945:3005, ack 3209, win 1024, options [nop,nop,TS val 1600635398 ecr 918416169], length 60 09:42:21.238632 eth1 (OUT) remote.22 > nathost.nport: Flags [P.], seq 3005:3065, ack 3209, win 1024, options [nop,nop,TS val 1600635398 ecr 918416169], length 60 09:42:21.238670 br0 (IN) remote.22 > client.cport: Flags [P.], seq 3005:3065, ack 3209, win 1024, options [nop,nop,TS val 1600635398 ecr 918416169], length 60 09:42:21.239154 br0 (IN) client.cport > remote.22: Flags [.], ack 3065, win 307, options [nop,nop,TS val 918416214 ecr 1600635398], length 0 09:42:21.239198 eth1 (OUT) nathost.nport > remote.22: Flags [.], ack 3065, win 307, options [nop,nop,TS val 918416214 ecr 1600635398], length 0 09:42:21.247777 eth1 (OUT) remote.22 > nathost.nport: Flags [P.], seq 3065:3109, ack 3209, win 1024, options [nop,nop,TS val 1600635399 ecr 918416169], length 44 09:42:21.247816 br0 (IN) remote.22 > client.cport: Flags [P.], seq 3065:3109, ack 3209, win 1024, options [nop,nop,TS val 1600635399 ecr 918416169], length 44 09:42:21.247848 eth1 (OUT) remote.22 > nathost.nport: Flags [P.], seq 3109:3201, ack 3209, win 1024, options [nop,nop,TS val 1600635399 ecr 918416169], length 92 09:42:21.247885 br0 (IN) remote.22 > client.cport: Flags [P.], seq 3109:3201, ack 3209, win 1024, options [nop,nop,TS val 1600635399 ecr 918416169], length 92 09:42:21.248158 br0 (IN) client.cport > remote.22: Flags [.], ack 3201, win 307, options [nop,nop,TS val 918416223 ecr 1600635399], length 0 09:42:21.248199 eth1 (OUT) nathost.nport > remote.22: Flags [.], ack 3201, win 307, options [nop,nop,TS val 918416223 ecr 1600635399], length 0 09:43:22.683338 br0 (IN) client.cport > remote.22: Flags [P.], seq 3209:3237, ack 3201, win 307, options [nop,nop,TS val 918477658 ecr 1600635399], length 28 09:43:22.683443 eth1 (OUT) nathost.nport > remote.22: Flags [P.], seq 3209:3237, ack 3201, win 307, options [nop,nop,TS val 918477658 ecr 1600635399], length 28 09:43:22.726840 eth1 (OUT) remote.22 > nathost.nport: Flags [P.], seq 3201:3245, ack 3237, win 8184, options [nop,nop,TS val 1600641547 ecr 918477658], length 44 09:43:22.726897 br0 (IN) remote.22 > client.cport: Flags [P.], seq 3201:3245, ack 3237, win 8184, options [nop,nop,TS val 1600641547 ecr 918477658], length 44 09:43:22.728709 eth1 (OUT) remote.22 > nathost.nport: Flags [P.], seq 3245:3353, ack 3237, win 8184, options [nop,nop,TS val 1600641547 ecr 918477658], length 108 09:43:22.728749 br0 (IN) remote.22 > client.cport: Flags [P.], seq 3245:3353, ack 3237, win 8184, options [nop,nop,TS val 1600641547 ecr 918477658], length 108 09:43:22.729249 br0 (IN) client.cport > remote.22: Flags [.], ack 3353, win 307, options [nop,nop,TS val 918477704 ecr 1600641547], length 0 09:43:22.729293 eth1 (OUT) nathost.nport > remote.22: Flags [.], ack 3353, win 307, options [nop,nop,TS val 918477704 ecr 1600641547], length 0 09:43:22.729653 eth1 (OUT) remote.22 > nathost.nport: Flags [P.], seq 3353:3397, ack 3237, win 8184, options [nop,nop,TS val 1600641547 ecr 918477658], length 44 09:43:22.729692 br0 (IN) remote.22 > client.cport: Flags [P.], seq 3353:3397, ack 3237, win 8184, options [nop,nop,TS val 1600641547 ecr 918477658], length 44 09:43:22.730874 eth1 (OUT) remote.22 > nathost.nport: Flags [P.], seq 3397:3541, ack 3237, win 8184, options [nop,nop,TS val 1600641547 ecr 918477658], length 144 09:43:22.730912 br0 (IN) remote.22 > client.cport: Flags [P.], seq 3397:3541, ack 3237, win 8184, options [nop,nop,TS val 1600641547 ecr 918477658], length 144 09:43:22.731374 br0 (IN) client.cport > remote.22: Flags [.], ack 3541, win 321, options [nop,nop,TS val 918477707 ecr 1600641547], length 0 09:43:22.731417 eth1 (OUT) nathost.nport > remote.22: Flags [.], ack 3541, win 321, options [nop,nop,TS val 918477707 ecr 1600641547], length 0 09:43:22.731492 br0 (IN) client.cport > remote.22: Flags [P.], seq 3237:3265, ack 3541, win 321, options [nop,nop,TS val 918477707 ecr 1600641547], length 28 09:43:22.731532 eth1 (OUT) nathost.nport > remote.22: Flags [P.], seq 3237:3265, ack 3541, win 321, options [nop,nop,TS val 918477707 ecr 1600641547], length 28 09:43:22.731553 br0 (IN) client.cport > remote.22: Flags [P.], seq 3265:3325, ack 3541, win 321, options [nop,nop,TS val 918477707 ecr 1600641547], length 60 09:43:22.731591 eth1 (OUT) nathost.nport > remote.22: Flags [P.], seq 3265:3325, ack 3541, win 321, options [nop,nop,TS val 918477707 ecr 1600641547], length 60 ------------------------------------------------------------------------- FIN: client sends FIN+ACK to remote 09:43:22.731605 br0 (IN) client.cport > remote.22: Flags [F.], seq 3325, ack 3541, win 321, options [nop,nop,TS val 918477707 ecr 1600641547], length 0 once FIN is received, no further useful information arrives for this connection and the tcp-record entry is logged and erased. Any further info arriving for cport|22 is now ignored since the record matching the key no longer exists: see below for examples of additionally arriving packets: ------------------------------------------------------------------------------- nathost forwards FIN+ACK to remote 09:43:22.731645 eth1 (OUT) nathost.nport > remote.22: Flags [F.], seq 3325, ack 3541, win 321, options [nop,nop,TS val 918477707 ecr 1600641547], length 0 remote replies by sending ACK to nathost 09:43:22.759772 eth1 (OUT) remote.22 > nathost.nport: Flags [.], ack 3265, win 8184, options [nop,nop,TS val 1600641550 ecr 918477707], length 0 nathost forwards remote ACK to cient 09:43:22.759813 br0 (IN) remote.22 > client.cport: Flags [.], ack 3265, win 8184, options [nop,nop,TS val 1600641550 ecr 918477707], length 0 remote sends another ACL to nathost 09:43:22.763745 eth1 (OUT) remote.22 > nathost.nport: Flags [.], ack 3265, win 8184, options [nop,nop,TS val 1600641550 ecr 918477707,sack 1 {3325:3325},eol], length 0 nathorst forwards another ACK to client 09:43:22.763784 br0 (IN) remote.22 > client.cport: Flags [.], ack 3265, win 8184, options [nop,nop,TS val 1600641550 ecr 918477707,sack 1 {3325:3325},eol], length 0 remote sends another ACK to nathost 09:43:22.763809 eth1 (OUT) remote.22 > nathost.nport: Flags [.], ack 3325, win 8183, options [nop,nop,TS val 1600641550 ec nathost forwards ACK to client 09:43:22.763857 br0 (IN) remote.22 > client.cport: Flags [.], ack 3325, win 8183, options [nop,nop,TS val 1600641550 ec natlog-3.01.00/documentation/README.tcp.flow000066400000000000000000000161541474316276200204460ustar00rootroot00000000000000192.168.0.106.52136 > 129.125.3.162.22: [S], seq 1963498643, val 1478669495 ecr 0, length 0 129.125.3.162.22 > 192.168.0.106.52136: [S.], seq 3105777655, ack 1963498644, val 2992299246 ecr 1478669495], length 0 192.168.0.106.52136 > 129.125.3.162.22: [.], ack 1, val 1478669714 ecr 2992299246], length 0 192.168.0.106.52136 > 129.125.3.162.22: [P.], seq 1:33, ack 1, val 1478669715 ecr 2992299246], length 32 129.125.3.162.22 > 192.168.0.106.52136: [.], ack 33, val 2992299465 ecr 1478669715], length 0 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 1:33, ack 33, val 2992299469 ecr 1478669715], length 32 192.168.0.106.52136 > 129.125.3.162.22: [.], ack 33, val 1478670005 ecr 2992299469], length 0 192.168.0.106.52136 > 129.125.3.162.22: [P.], seq 33:1393, ack 33, val 1478670005 ecr 2992299469], length 1360 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 33:929, ack 33, val 2992299752 ecr 1478670005], length 896 129.125.3.162.22 > 192.168.0.106.52136: [.], ack 1393, val 2992299767 ecr 1478670005], length 0 192.168.0.106.52136 > 129.125.3.162.22: [P.], seq 1393:1441, ack 929, val 1478670250 ecr 2992299752], length 48 129.125.3.162.22 > 192.168.0.106.52136: [.], ack 1441, val 2992299998 ecr 1478670250], length 0 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 929:1469, ack 1441, val 2992300008 ecr 1478670250], length 540 192.168.0.106.52136 > 129.125.3.162.22: [P.], seq 1441:1457, ack 1469, val 1478670547 ecr 2992300008], length 16 129.125.3.162.22 > 192.168.0.106.52136: [.], ack 1457, val 2992300297 ecr 1478670547], length 0 192.168.0.106.52136 > 129.125.3.162.22: [P.], seq 1457:1501, ack 1469, val 1478670782 ecr 2992300297], length 44 129.125.3.162.22 > 192.168.0.106.52136: [.], ack 1501, val 2992300529 ecr 1478670782], length 0 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 1469:1513, ack 1501, val 2992300529 ecr 1478670782], length 44 192.168.0.106.52136 > 129.125.3.162.22: [P.], seq 1501:1561, ack 1513, val 1478671049 ecr 2992300529], length 60 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 1513:1589, ack 1561, val 2992300798 ecr 1478671049], length 76 192.168.0.106.52136 > 129.125.3.162.22: [P.], seq 1561:1925, ack 1589, val 1478671353 ecr 2992300798], length 364 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 1589:1905, ack 1925, val 2992301107 ecr 1478671353], length 316 192.168.0.106.52136 > 129.125.3.162.22: [P.], seq 1925:2561, ack 1905, val 1478671670 ecr 2992301107], length 636 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 1905:1933, ack 2561, val 2992301417 ecr 1478671670], length 28 192.168.0.106.52136 > 129.125.3.162.22: [P.], seq 2561:2665, ack 1933, val 1478671968 ecr 2992301417], length 104 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 1933:2137, ack 2665, val 2992301717 ecr 1478671968], length 204 192.168.0.106.52136 > 129.125.3.162.22: [.], ack 2137, val 1478672212 ecr 2992301717], length 0 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 2137:2181, ack 2665, val 2992301967 ecr 1478672212], length 44 192.168.0.106.52136 > 129.125.3.162.22: [.], ack 2181, val 1478672480 ecr 2992301967], length 0 192.168.0.106.52136 > 129.125.3.162.22: [P.], seq 2665:2773, ack 2181, val 1478672485 ecr 2992301967], length 108 192.168.0.106.52136 > 129.125.3.162.22: [P.], seq 2773:3225, ack 2181, val 1478672485 ecr 2992301967], length 452 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 2181:2209, ack 2773, val 2992302230 ecr 1478672485], length 28 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 2209:2293, ack 3225, val 2992302232 ecr 1478672485], length 84 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 2293:2497, ack 3225, val 2992302233 ecr 1478672485], length 204 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 2497:2557, ack 3225, val 2992302256 ecr 1478672485], length 60 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 2557:2617, ack 3225, val 2992302256 ecr 1478672485], length 60 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 2617:2677, ack 3225, val 2992302270 ecr 1478672485], length 60 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 2677:2721, ack 3225, val 2992302270 ecr 1478672485], length 44 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 2721:2813, ack 3225, val 2992302270 ecr 1478672485], length 92 192.168.0.106.52136 > 129.125.3.162.22: [.], ack 2557, val 1478672790 ecr 2992302230], length 0 192.168.0.106.52136 > 129.125.3.162.22: [.], ack 2813, val 1478672790 ecr 2992302256], length 0 192.168.0.106.52136 > 129.125.3.162.22: [P.], seq 3225:3253, ack 2813, val 1478674331 ecr 2992302256], length 28 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 2813:2857, ack 3253, val 2992304077 ecr 1478674331], length 44 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 2857:2901, ack 3253, val 2992304077 ecr 1478674331], length 44 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 2901:2993, ack 3253, val 2992304077 ecr 1478674331], length 92 192.168.0.106.52136 > 129.125.3.162.22: [.], ack 2901, val 1478674638 ecr 2992304077], length 0 192.168.0.106.52136 > 129.125.3.162.22: [.], ack 2993, val 1478674681 ecr 2992304077], length 0 192.168.0.106.52136 > 129.125.3.162.22: [P.], seq 3253:3281, ack 2993, val 1478676074 ecr 2992304077], length 28 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 2993:3037, ack 3281, val 2992305826 ecr 1478676074], length 44 192.168.0.106.52136 > 129.125.3.162.22: [.], ack 3037, val 1478676373 ecr 2992305826], length 0 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 3037:3145, ack 3281, val 2992305828 ecr 1478676074], length 108 192.168.0.106.52136 > 129.125.3.162.22: [.], ack 3145, val 1478676373 ecr 2992305828], length 0 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 3145:3189, ack 3281, val 2992305829 ecr 1478676074], length 44 192.168.0.106.52136 > 129.125.3.162.22: [.], ack 3189, val 1478676373 ecr 2992305829], length 0 129.125.3.162.22 > 192.168.0.106.52136: [P.], seq 3189:3333, ack 3281, val 2992305829 ecr 1478676074], length 144 192.168.0.106.52136 > 129.125.3.162.22: [.], ack 3333, val 1478676373 ecr 2992305829], length 0 192.168.0.106.52136 > 129.125.3.162.22: [P.], seq 3281:3309, ack 3333, val 1478676374 ecr 2992305829], length 28 192.168.0.106.52136 > 129.125.3.162.22: [FP.], seq 3309:3369, ack 3333, val 1478676374 ecr 2992305829], length 60 129.125.3.162.22 > 192.168.0.106.52136: [.], ack 3370, val 2992306127 ecr 1478676374], length 0 129.125.3.162.22 > 192.168.0.106.52136: [F.], seq 3333, ack 3370, val 2992306130 ecr 1478676374], length 0 192.168.0.106.52136 > 129.125.3.162.22: [.], ack 3334, val 1478676677 ecr 2992306130], length 0 natlog-3.01.00/documentation/README.tcpdump000066400000000000000000000202571474316276200203650ustar00rootroot00000000000000http://www.kroosec.com/2012/10/a-look-at-pcap-file-format.html Hani's blog Software/Security Engineering, Linux, Open Source and /dev/random Saturday, October 13, 2012 A look at the pcap file format A couple of days ago, someone came on #Nmap IRC channel asking about pcap file format. He was writing a parser in Haskell but had some issues, especially with extracting the timestamp values of the each packet. As I walked him through the file format, I decided to write this blog post as a quick reference, a reminder, or a clearer explanation depending on who is reading it. While detailing the file format, we will have a closer look at this capture file. A pcap file is structured in this way: Global Header | Header1 | Data1 | Header2 | Data2 | ... | HeaderN | DataN The parts in blue are added by libpcap/capture software, while the parts in red are the actual data captured on the wire. The first part of the file is the global header, which is inserted only once in the file, at the start. The global header has a fixed size of 24 bytes. kroosec@dojo:~$ hexdump -n 24 -C connection\ termination.cap | cut -c 11-59 d4 c3 b2 a1 02 00 04 00 00 00 00 00 00 00 00 00 ff ff 00 00 01 00 00 00 The first 4 bytes d4 c3 b2 a1 constitute the magic number which is used to identify pcap files. The next 4 bytes 02 00 04 00 are the Major version (2 bytes) and Minor Version (2 bytes), in our case 2.4. Why is 2 written on 2 bytes as 0x0200 and not 0x0002 ? This is called little endianess in which, the least significant byte is stored in the least significant position: This means that 2 would be written on 2 bytes as 02 00. How do we know that we are not using Big Endianness instead ? The magic number is also used to distinguish between Little and Big Endianness. The "real" value is 0xa1b2c3d4, if we read it as as a1 b2 c3 d4, it means Big E. Otherwise (0xd4c3b2a1), it means Little E. Following are the GMT timezone offset minus the timezone used in the headers in seconds (4 bytes) and the accuracy of the timestamps in the capture (4 bytes). These are set to 0 most of the time which gives us the 00 00 00 00 00 00 00 00. Next is the Snapshot Length field (4 bytes) which indicates the maximum length of the captured packets (dataX) in bytes. In our file it is set to ff ff 00 00 which equals to 65535 (0xffff), the default value for tcpdump and wireshark. The last 4 bytes in the global header specify the Link-Layer Header Type. Our file has the value of 0x1 ( 01 00 00 00 ), which indicates that the link-layer protocol is Ethernet. There are many other types such as PPPoE, USB, Frame Relay etc,. The complete list is available here. After the Global header, we have a certain number of packet header / data pairs. Taking a closer look at the first packet header: kroosec@dojo:~$ hexdump -C connection\ termination.cap -s 24 -n 16 | cut -c 11-59 c2 ba cd 4f b6 35 0f 00 36 00 00 00 36 00 00 00 The first 4 bytes are the timestamp in Seconds. This is the number of seconds since the start of 1970, also known as Unix Epoch. The value of this field in our pcap file is 0x4fcdbac2. An easy way to convert it to a human readable format: kroosec@dojo:~$ calc 0x4fcdbac2 1338882754 kroosec@dojo:~$ date --date='1970-01-01 1338882754 sec GMT' Tue Jun 5 08:52:34 CET 2012 FBB: Note that the time stamps are already in host by order. The second field (4 Bytes) is the microseconds part of the time at which the packet was captured. In our case it equals to b6 35 0f 00 or 996790 microseconds. FBB:: Note that size(pcap_pkthdr) is/can be 24. struct timeval holds at least time_t tv_sec seconds suseconds_t tv_usec microseconds where time_t is a signed int, 32 or 64 bits long, and suseconds_t probably of the same type. Also, the values written to the binary file are in host byte order. The third field is 4 bytes long and contains the size of the saved packet data in our file in bytes (the part in red following the header). The Fourth field is 4 bytes long too and contains the length of the packet as it was captured on the wire. Both fields' value is 36 00 00 00 (54 Bytes) in our file but these may have different values in cases where we set the maximum packet length (whose value is 65535 in the global header of our file) to a smaller size. After the packet header comes the data! Starting from the lower layer we see the Ethernet destination address 00:12:cf:e5:54:a0 followed by the source address 00:1f:3c:23:db:d3. To sum it up here is our file. kroosec@dojo:~$ hexdump -C connection\ termination.cap | cut -c 11-59 global header: d4 c3 b2 a1 02 00 04 00 00 00 00 00 00 00 00 00 ff ff 00 00 01 00 00 00 packet hdr: c2 ba cd 4f b6 35 0f 00 36 00 00 00 36 00 00 00 |<--------- 0x36 bytes beyond the next packet starts data: Ethernet_Header: destmac: 00 12 cf e5 54 a0 srcmac: 00 1f 3c 23 db d3 ethertype: 08 00 IP_Header: hdrLength,version: 45 tos 00 |<--------- 0x10 length: 00 28 0x28 bytes beyond the IP header's begin the next packet starts ident: 4a a6 fragmentOffset: 40 00 TTL: 40 protocol: 06 (TCP) checksum: 58 eb sourceaddr: c0 a8 0a e2 |<-- 0x10 (wrt IP_Header) destaddr: c0 a8 0b 0c |<--------- 0x20 TCP_Header: src port: 4c fb dst port: 00 17 sequence: e7 ca f8 58 ackNr: 26 13 45 de |<-- 0x20 (wrt IP_Header) data offset 50 flags: 11 |<--------- 0x30 window: 40 c7 checksum: 3e a6 urgentPtr: 00 00 packet hdr: c3 ba cd 4f 60 04 00 00 3c 00 00 00 3c 00 00 00 00 data: 1f 3c 23 db d3 00 12 cf e5 54 a0 08 00 45 00 00 28 8a f7 00 00 40 06 58 9a c0 a8 0b 0c c0 a8 0a e2 00 17 4c fb 26 13 45 de e7 ca f8 59 50 10 01 df 7d 8e 00 00 00 00 00 00 00 00 packet hdr: c3 ba cd 4f 70 2f 00 00 3c 00 00 00 3c 00 00 00 data: 00 1f 3c 23 db d3 00 12 cf e5 54 a0 08 00 45 00 00 28 26 f9 00 00 40 06 bc 98 c0 a8 0b 0c c0 a8 0a e2 00 17 4c fb 26 13 45 de e7 ca f8 59 50 11 01 df 7d 8d 00 00 00 00 00 00 00 00 packet hdr: c3 ba cd 4f db 2f 00 00 36 00 00 00 36 00 00 00 data: 00 12 cf e5 54 a0 00 1f 3c 23 db d3 08 00 45 00 00 28 4a a7 40 00 40 06 58 ea c0 a8 0a e2 c0 a8 0b 0c 4c fb 00 17 e7 ca f8 59 26 13 45 df 50 10 40 c7 3e a5 00 00 And here is what the file utility thinks of it kroosec@dojo:~$ type file file is /usr/bin/file kroosec@dojo:~$ file connection\ termination.cap connection termination.cap: tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 65535) A hexdump of a file written by tcpdump is in the file br0.hex in the current directory. natlog-3.01.00/documentation/README.udp000066400000000000000000000051511474316276200174750ustar00rootroot00000000000000Setting up a demo udp connection: On the server run (make sure the firewall accepts incoming connections for the used port: iptables -A INPUT -p udp --dport -j ACCEPT Start nc to listen on the port: nc -l -u -p Start nc on the client: nc -u server Run tcpdump -ni udp and port to inspect the flow. Example: Server (e.g., www.rug.nl): nc -l -u -p 12345 Client: nc -u www.rug.nl 12345 Tcpdump (e.g. at the client) tcpdump -ni eth0 udp and port 12345 When sending UDP packets, the ID's at the client and nat computer are identical: Client (1.2) to destination (2.51): 15:43:54.437608 IP (tos 0x0, ttl 64, id 36222, offset 0, flags [DF], proto UDP (17), length 34) 192.168.1.2.51757 > 129.125.2.51.12345: UDP, length 6 src:sport -> dst:dport, id = a 15:44:13.541867 IP (tos 0x0, ttl 52, id 18749, offset 0, flags [DF], proto UDP (17), length 38) 129.125.2.51.12345 > 192.168.1.2.51757: UDP, length 10 dst:dport -> src:sport, id = b 15:45:49.393355 IP (tos 0x0, ttl 64, id 63059, offset 0, flags [DF], proto UDP (17), length 37) 192.168.1.2.51757 > 129.125.2.51.12345: UDP, length 9 src:sport -> dst:dport, id = c 15:46:17.583739 IP (tos 0x0, ttl 52, id 24262, offset 0, flags [DF], proto UDP (17), length 40) 129.125.2.51.12345 > 192.168.1.2.51757: UDP, length 12 dst:dport -> src:sport id = d Nathost (17.6) to destination (2.51): 15:43:54.437689 IP (tos 0x0, ttl 63, id 36222, offset 0, flags [DF], proto UDP (17), length 34) 192.168.17.6.51757 > 129.125.2.51.12345: UDP, length 6 nat:nport -> dst:dport, id = a 15:44:13.541818 IP (tos 0x0, ttl 53, id 18749, offset 0, flags [DF], proto UDP (17), length 38) 129.125.2.51.12345 > 192.168.17.6.51757: UDP, length 10 dst:dport -> nat:nport, id = b 15:45:49.393444 IP (tos 0x0, ttl 63, id 63059, offset 0, flags [DF], proto UDP (17), length 37) 192.168.17.6.51757 > 129.125.2.51.12345: UDP, length 9 nat:nport -> dst:dport, id = c 15:46:17.583695 IP (tos 0x0, ttl 53, id 24262, offset 0, flags [DF], proto UDP (17), length 40) 129.125.2.51.12345 > 192.168.17.6.51757: UDP, length 12 dst:dport -> nat:nport id = d Multiple udp packets may be sent by identical processes, in which case the client and nathost computers may use different ports. The IN connections store the source, dest, IP-addresses and ports, and uses d_id (like the tcp's sequence nr) to allow association with the matching OUT packet. Once the association is made, the via IP-address and port can be set, and the d_id entry can be removed. natlog-3.01.00/documentation/README.udp.flow000066400000000000000000000022221474316276200204370ustar00rootroot00000000000000When sending UDP packets, the ID's at the client and nat computer are identical: Client (1.2) to destination (2.51): id 36222, length 34 192.168.1.2. 51757 > 129.125.2.51. 12345, length 6 id 18749, length 38 129.125.2.51. 12345 > 192.168.1.2. 51757, length 10 id 63059, length 37 192.168.1.2. 51757 > 129.125.2.51. 12345, length 9 id 24262, length 40 129.125.2.51. 12345 > 192.168.1.2. 51757, length 12 Nathost (17.6) to destination (2.51): id 36222, length 34 192.168.17.6. 51757 > 129.125.2.51. 12345, length 6 id 18749, length 38 129.125.2.51. 12345 > 192.168.17.6. 51757, length 10 id 63059, length 37 192.168.17.6. 51757 > 129.125.2.51. 12345, length 9 id 24262, length 40 129.125.2.51. 12345 > 192.168.17.6. 51757, length 12 Multiple udp packets may be sent by identical processes, in which case the client and nathost computers may use different ports. The IN connections store the source, dest, IP-addresses and ports, and uses d_id (like the tcp's sequence nr) to allow association with the matching OUT packet. Once the association is made, the via IP-address and port can be set, and the d_id entry can be removed. natlog-3.01.00/documentation/ip-header-v41.png000066400000000000000000005300551474316276200210100ustar00rootroot00000000000000‰PNG  IHDR ø–MiCCPICC ProfilexœíVYP“W=" ‹HY‚(B¨ŠˆDVEŠ¢ˆÕ*IˆKÂÏOdQP‹ ¢ (T\)®B]ª¥HA­¢Vm‹ V¬Åô!¶v¦uêsË™¹3çž¹óÍ=÷<Üh>â‘d €X"¥ü½Ü˜!¡aLµ. ` ˜óñ¤+—ËÁ;ñì:¸Æâ‘dÌ»Ïý#ÆP!¡aÁ /Rrú|%_@?QJJb)}A/ HVT ? Jh‹”¼€6_Éëh¯ˆ¤Ñ ¨êJ"£%€Z@׎Æ Çö HJ hnÀ‹c#Í‹,BBØÊkÆz³_ôü· TÑ€qÑÌ}݉Àâ­6È€`4ů°·Z òB¡œ¨ÕÔB1´G¡ÞÐ{€Æ8AµêÍÄUàßöJŸo@'@³¤¿R9¬¤NרвÓ0–£Ó¤;Gï¸#Ýð¡‘ÛøÝžMœg²Ù´ÝÌàÃðIù“[ÌiS-DÓò-ë¦ßeiΰ´ö³Ùn°+±¯v¸2óÖ,ùlš“öG&Îs纸øÌ[í~ÿƒÎ‡²ŽüXðSZÔ£€Ÿ]äÓ å¿ô>¹x>0ô\¡ñû_÷«ì|€qîÓÎÁÆ1Ø“Ëdób¢ùO*Œü£Aƒ;<ÀLØÁ6pD0<ÁlðƒhðA)„ˆ|Ÿ‘ï©0I ìX2™ŠEI™®$#d²cÅd‚THY1½%‚VL;{PöUЩÊ mfú4Ö.øÛÜßÒÈï°xnC pHYsaa¨?§i IDATxœìÝwXS×ðoCÀâ@d "n÷Þ³?µjÁ]gÝ£­u´Õªu[G­Vë¨Z÷®³î‰ˆŠÈDÀɆ¬ûûãà5&àý<}|’;Î=÷öärß{–€ã8B!„BHÞ õB!„BHqEá!„B!$Ÿ(œ „B!„ä…„B!„|¢p‚B!„’ONB!„Bò‰Â B!„BH>Q8A!„BÉ' '!„B!ùDá!„B!$Ÿ(œ „B!„ä…„B!„|¢p‚B!„’ONB!„Bò‰Â B!„BH>Q8A!„BÉ' '!„B!ùDá!„B!$Ÿ(œ „B!„ä…„B!„|¢p‚B!„’ONB!„Bò‰Â B!„BH>Q8A!„BÉ' '!„B!ùDá!„B!$ŸŒôB)îÞ½Û§OöùùóçæææüªðððV­Zå°¯H$rpppsskÖ¬ÙÈ‘# /Ÿiii¾¾¾6lØ Aƒ<íÛ¤I“˜˜«V­:thηoßž} ´±±ÉOv‹„¥¥eZZZÍš5Ÿ={¦ï¼BHICá!„hE*•ÆÇÇk\%—˳[Å‹½qãÆöíÛ×­[·aÆ:B`êÔ©þù'€ü1¯áÄëׯى¤§§çº±L&ãÏZ.—ç=§EGñ‘¾3B!%…„¢Kvvv"‘Hy‰T*å8Ž} êÖ­ÛÝ»wóú¬¯ ???KB!EƒÂ BÑ¥{÷î©7ûIMM :{öìÂ…  …T*6lØÝ»wÅb±=vìX&H!„䊺bBH¡+S¦Œ§§ç¼yóöìÙÖž?^‡‡ËåÞÞÞïß¿×aš„BH®(œ „¢3xðàêÕ«³ÏOž<ÑaÊK–,¹rå €œ;…B!ºE!¤H5oÞÜÏÏÉÇGGGpuuíÞ½{v{mÚ´I&“8p`ÕªUUÖÞ¸q㧟~0aÂ[[Ûëׯ^þóäåË—W®\ñ÷÷÷÷÷—Ë厎Ž}úôéÝ»wέ¼^¼xñ×_EDDpW­Z5;;»¾}ûvîÜY d·—T*}ðàÁ­[·nݺ%‘HجY³\3©P(®^½zÿþ}ÿ°°°Ê•+{xx :´fÍšêGGG>|@Ó¦M›7oÎqܶmÛÎœ9óâÅ‹Ý»w»¹¹iqU!¤dá!„hAù=55Uy•òð£ñññ9§3hÐ ¶åèÑ£9Ž[²d ûZ£F …B¡q—[·n±m*T¨‘‘¡²öÇÜÜÜÒÒÒ/^Ì6þñÇózŽ5jÔ`ûnݺ5×=zÄŸ5ëk®b÷îÝêwlmm;¦1M‰Dâãã£Ò—çèèxçÎ;ÆÅÅyxx¨ï2dÈ©TÊFõ­Y³¦úŽñññ]ºtÑx¸aƽ}ûVeûÿý—­7oÞ‡ÚµkÇoŸ]Þ!¤d£ÆN„R¤?~Ì>Ô©S€··7{ãu÷î]»üóÏ?ìÃ!CLLLTÖN˜0!22ÒØØxÏž=fff…•ï¼J¥cÆŒñññIII`nnÞ¤I¾RååË—_|ñÅš5kÔw3fÌîÝ»år¹@ pssëÛ·ï—_~Ù´iS¡P ""¢{÷îAAA*{={ö¬E‹þþþì«‘‘‘££#Ûeß¾} ÈnˆØk×®5lØðܹs쫽½½‡‡?+È®]»š5köúõkûÊd²>}úü÷ßy¹0„RQ8A!Egß¾}üÓ°§§';;;~ ÖJ…B¡8pàûç«W¯VÏ߶ªY³fÊË÷ïßÏ–;88¼|ùRe¯[·n±j ¨5vš7o[>xð`õff*T  ###ùå|c'•*Uº~ýz.×”BJ:ª „]jÕªUíϹººZXXØÙÙ-^¼8-- €©©éÚµkù]ú÷ï_¦L|‹ÿ¸¬R5!•J½¼¼RRRÊ•+·k×.þ¡Yï~þùç>˜={výúõUÖ ‚¥K—²ö]HMMåW½xñÂÖÖ¶zõê|÷ennnl¯ØØXåå|ç“yóæU«VMe¯fÍš 2D=µ˜˜˜U«V(_¾üºuëÔ{x7hÐ`èС ï©X¾|yË–-5®"„ÒƒFv"„] ËyƒúõëïÙ³§víÚü ‹þýûïÞ½€ŸŸŸr›%™LÆZ@y{{+§3þ|Ö×â÷ß·³³Óá)¨^½:{7ŸƒŒŒŒõå§Nb¼¼¼4îX±bÅFùûû§¤¤œ9sæË/¿dË·lÙ’Ãá®\¹Â}œYœ÷ìÙ³‡¨R¥Ê°aÃ4î8mÚ4~ºÞåË—ÓÓÓtêÔI}ÚA¦K—.ëׯàëë»`Á•µ666ÇÏ!ÄRJP8A!ºTµjUõŠ‘Häìììîî^¿~ýáÇ«w§>|8Nð¯Û\¼x‘uîÙ³§òSï… –/_ÀÛÛ{ðàÁ:?‹… òM’²óøñãzõê©,”H$‘‘‘LLL,--_¾|©qߦM›²z˜ÐÐÐìÒOLLŒˆˆˆŒŒŒŒŒ `×G¼¹»»ó]¨U¸ººª/ä!''§ì2éââ"  EXXÇq*5uëÖÍaÔZB)=(œ „] Èîmw:tèP½zõ˜˜˜ÐÐÐÀÀ@¾?¦“r‡à7oÞ 6Œã8‡7ê"×:.—ËdffÚÛÛçºý»wïT–:tèСC—/_Îî)_åpìC½>¬¬¬Ê–-›˜˜¨¼ïî²|ùr˜å ###==ï÷ÂTªT)×ìBHi@á!„èŸP(ôññYºt)???NH$6cZ¥J•z÷îÍo¼páBÖ`ôèÑê}-ØG"##Y7n##£Ö­[Åi¬jB{™™™ü縸8ŸóçÏ«lS¹råfÍš 4H¥¹€¨¨(~›ŽR®\9•p"ùT '!„0NBˆAP'~þùggÏže}š‡ªÜ’‡£?þüܱcÇŽ;”/_^½ ðõU«V=tèöÛsçíí}ᦦ¦;vìÖ­[‹-œœœØ˜­Ê¶y|ABBBv‡à8Ž«ñ¸óçÏïÙ³g®ù´´´ÌuB)(œ „ƒP»vmOOÏ»wï>}ú4((ÈÝÝ]cK'ÇwTxýúuãƳëÏ îøñã,–([¶ìÙ³g›5k¦²ë9Ýáøj uñññêSdð; …ÂæÍ›k™IB!ê(œ „C1|øp6X“ŸŸßìÙ³; Q£F 4PÞlöìÙÙ šàøñãl¢·!C†°1Rµ¦/8 ‹jÕªÅÆÆÊd²àà`õ¾ÚÌÑ£GŸ>}Ê2ɺX𭶬KPž÷ƒçââÂ>Ü»w/55•·«âÆê kÕªÅ>ðÓY¨{ûö-»’vvvlÐXB!ê(œ „C1xðàéÓ§K¥R???ww÷””hªšðððÈal¾ïD­ZµúôéSh™ÍVË–-Ùà¶7nܼy³ú±±±^^^iiiæææ“'Of ùê>BPqöìYõ…®®®UªT‰‹‹KLLܽ{÷øñãÕ·Y±b…úÂæÍ› ŽãŽ?¥±'÷âÅ‹Ùô .Ô˜%B! eÚ#B!ÖÖÖ½zõðèÑ#6\¬X,.vïÅ—-[ÆFÂݱc«lQ&•J§M›Æ¦ó8p _ŸàææÆ>ð³€+[¾|¹ÆÈD,/Z´ˆ}^´h«ñP¶eË–[·n©ïX¯^½Q£F±üÌž=[&“©lpçÎM›6022*vÿ !¤(Q8A!„ŸíÁƒz÷îÍ:"#ÎÎγgÏ™™Ù¶mÛõëׇ††r÷þýûóçÏ7oÞÜ××€­­íÊ•+ù½:vìȦq8qâÄÈ‘#¯\¹¢P(ÂÃÃwìØÑ·oßo¿ýÖÄÄ„­Éw‡5jkRÛ¦M›;w†††*ŠÇÏ™3gܸqB¡°\¹rêù\¶lYùòå8p sçÎW¯^MJJ’ËåÁÁÁ‹/nݺ5;Ä¢E‹²«0!„jìD!¥gÏžÖÖÖoß¾e_GŽ©ßüäÏܹsÃÃÃ÷íÛ—‘‘1eʦ¦¦üVVVû÷ï¯X±"¿¤I“&Ó§O_½z5>ŽI¥¼‹½½ý¡C‡V¯^½gωDâèèX¯^½ÀÀ@B¡ðŸþùâ‹/ÂÃÃß¾}ËÚ†ñ‹/>vì˜zEÅŠ÷ïßïííðßÿµmÛV ˆÅbå±køí·ßÂ"„’ƒj'!Ä€ˆÅbÖ@•*Uºwï®ßüä™™ÙÞ½{ÿþûï²e˲%|` ºvíЪU+•½–.]º`Á±X¬¼‹P(üßÿþwïÞ=éÓ§k¬gpww¿wïk'Æ°XÂÊÊjË–-ßÿ}vùìÒ¥K`` ?P,Çq|,acc³víÚýû÷ÓÔׄ’3ÇqúÎ!„’)555 àþýû!!!ÖÖÖvvv]ºtÉy¶ìÈÈÈk×®‰D"{{ûîÝ»W¯^_ûúõë›7offf6lØP½ Rhhè7\\\Z´hQ¿~}‘H¤M>Ÿ?~ÿþ}ÿÌÌL[[[ww÷.]ºQ>!„äŽÂ B!„BH>Qc'B!„BH>Q8A!„BÉ' '!„B!ùDá!„B!$Ÿ(œ „B!„ä…„B!„|¢p‚B!„’OÅ$œ8.æŸþkå„9_#5%§]n^FÜË¢Ê!„B!¥Q1™òS.Gf:Î=‚P©O1kŒÅøec¶»Ìƒ)ó1pxæ’B!„Ò¥˜„LÍÚ‰À½n\ÄýpVåàäšµMèSdf@’‰Œt„!2ÎxÏõêy@XLêd!„B1lÅ*œàedàÚô¾;ñäŽÜÈZ5ñ+tï‡Øh|x 'àè{'Ì…Ã{в#Bž NClÚ3s=fŸB!„’¡X…_u„@©aOaUß|ý½±ûw¼ŠAÕê†g°å ]pç ÆÏÁÀá8¸'ýp#Ul‘œ„žøgFNÖ÷ÉB!„Rì«f?>ãá3#'câw›`òPhÜöN8uNú¡AS8º|¶×)?4i‰¸—¸ƒð`ÔõÀÕszÈ-©Ý ˆ2L!„BH‰V¬Â e¼ ý†â·Å¸õBƒðÅ`Õ-«VGul=”õ5$ yf”B!„«X5vz‚ðg†¶aôÿ`çˆÆ-ÀÉõ›`öh´ïŽ ³6›àÃ;è=WÏáöU¸ƒ¡]xOO'@!„BH‰R¬j':¹g}¨\ ›áçß²ê(ô÷ÆÂ)˜·êÓƽaé·Hú€™?áÉ l‡Š6Hú€‘S0pDgœB!„IÀqœ¾ó  ÿÃqëŧÎ’ab x÷‘a¨á„Š6úÊ#!„B!%L±ªÐ(= ñ±Ø²#¾ù,–`UöÓç ?µƒ"„B!„èB±ê;¡Qd¾hŽZõ {*‰¸¸¸ .ÄÅÅêQ!¤àè~E).è~Uÿp¢v}¾Á/a^¦ð²mÛ6{{ûÎ;ÛÛÛoÛ¶­ðD!D÷+BHqA÷«’¡¤ô(Loß¾µµµÍÌÌd_MLL^¾|imm­ß\‘’aï޽˖-ûî»ï¼¼¼ôRÐýŠº_Ý¢ûU‰Qük' _`` _Ödffê1?¤$ùùçŸ=zôóÏ?ë;#¤„ û)g¤C")ŒãKÔ’U_BHþ¤¦¦òÿRpt¿"…‡îWD·è~Ubv8ñþ-FöAmKt©F6hR ÿñiíñh팅Sà‡‰hhƒ«çò–þÍˈ{©Ë B!„Ršp8ñ&ÿk—Qøû,BÒpç%FMÅ‚ÉXú]Ö»6¡}wüºo°ûwl=ŒŽ=óvˆ9cpõ¼Î3N!„BH)aÀóNl^ïp5 eË@•j˜ø-„Bü:Þã‘œˆ×q¨Û¡ €ô4$~@¹òxÿ—NÃÌ­:}šz"#·¯àý[x¶†m ð¿…Œt„!2Îz:IB!„BŠ1'í†÷¸¬X‚7b2–ÿ€Ëg€øX\>s ܼ[W£Re„aŲåÑ©·æ]ÒRxÓâÜ#Üz«²ø}9ªØŒ ¿+YÿÍø ÍÚê2«‰0g ºþ×Âqà^ýëXó£.AJ§3‡1ïôjŒ”¤Ü7&Do_cñ,xÇÏ°÷îŦ*æO.¤y{Hiq÷ŽîÅš8yGoâàU$¾Ã+ô-BHQ0àpbúxûÃz ô) $%b÷fü±³¯I…‰)fıýà8T³CÙò(W¦fèÒ{¶àU $ì܈½¡P€ØÞé «g >Ó„Põ£QsÙ ŽÓAâ¤4»{ !Oàì¦ï|äþM55ëk…Šèï÷o¬ÇL‘bïÎ5”±Äÿ†d}õlg7ÄÇê5O„"bÀáDu{œºä$trG­2¨[«`ý^ ›˜í."¦-Ä44·‡gu¤$gmüËïd¢¥#šTæ_±i?*U€Þƒ°ô[¬ZXЬF„ lyÔiøi‰“+^EãÝ›‚¦\<%%%:t()‰^¨ØüU8p .}gEÿ¨\éF…Š˜ý œ\?-‰Š€rô•#ý¢r¥ƒFà´?D¢¬¯¡ˆŽ@ûzÍ!¤ˆp8ÀÉ'îàáüý/nD ½|Z{ò|Æ€½¢¸¬¿…CÇâîKlüç±ÿ"lª@•j8|ƒ°û4®„¢óǶRÓ"à5¾™[Ð|†?ƒµjμIÈn .ô œ”··÷—_~éíí­“Ô ðu›”æ R¹ÒKRÙjÒ“çfU¥øï_œòCÛn¨Z½re€IQ¹Ò*¶YÝ[Œ!ÑÃíº¡NWÕ0OPWI%''1"99Y'©à ê6)RÜv8Á”·F³6¨n¯íö֕Ф¥ê›6Ž.hà “Ï–[•U]’q/a^æ³%*€$3»=~ûí·‚Ô€“zðàÿoÁà ê6)2̤r¥—¤r—øó'ç;6ÅÚ]9lh˜'HåJ/IåNl©rî^ÇÕs9lh˜'¨«¤ÂÂÂvîܦ“Ô ðu›)îŠC8aøÊUÀ«˜Ï–$¾€ õ’BÉÅñhë‚£û°xü® ¢Mñ³á÷½ƒXŒy“¨!!¥…ºPÅošòiIÜK˜˜¡Rýå‰B²±æ'Lú ]ÿ‡«a6ñSÃ'BòmÅ<ü³íÓWS3 ƒ„WˆÕ_ž!E„þŠèB§^pûʧ%ÿE›Î‹õ•#BÑ,è!Öü„¯g`ÅŸ([Nß¹!%ÅÍËømñgK‚ªØê)C„¢c¨³b/z¾&æƒ2;`ïŒõKð*ë÷è;[„¢æê9ÃÎû·¶¼[ßR;¸ÑÁ£1k–~Ÿ ÈHlj8wý†ªv,$„”DNè‚XŒ}çáÕÛ@Ùòøu+6Õw¶!DÍ«J°`²êòz)œ ù7`8Ÿaó üþ+@€/}ðuÕ%¤T p"?8Žã”º—qlÖ¼ËÁx‚Ä÷¨ß"QÖLyÙ§ Èqƒœ kÅð@  …„B¡úë¹\ή” * …¹ÐØÍèùóçþþþìÆÊ6Èk5Ebbâƒt’C}%ÅGø¡T¥ÃnR©ÔßßJ/”·§kE×*¯øk¥“Ô ðóš”Ærõüùs•Íž?~ÿþ}*WÙ¡r¥=ºVÚ ¬þ> ðóš”r¥ 'úý €B¡jš[óÇAAAùÏnqàîî^®\ñœˆ#Ÿc-e2k!žž~äÈ}ÿ_"„B)áŽ9’žžž™™Éš°Ê öx6aÂ}ç®ÐM˜0A¿ÏÀùFµŸá>¾®S|$—Ë•;íÝ»×ÍÍMO¹+6Îœ93wî\ºVÚ kE •+BHqìååÅ>³÷¹"‘ˆã8¡P(‰ð±ZuÍš5S¦LÑÉ_¼xÀÞÞ^'©iãÊ•+mÛ¶Íu3GGÇ"ÈLa pâ3,Æ‚R¥ ߌqsskÔ¨‘þ2X<ƒ®•vèZ‘Â@åŠR±×¸¬c!5611ÑÕû‘¿ÿþ[ tëÖM'©å*))é‡~·²²*š#= ­Ó+¾¬Lsº_žÄ$¼ÿ ïLB!$_øç.¾“ΡP(¶oß¾mÛ6]Mç—+__ß7oÞøúúÍáô‚ U,à›9I¥Rõ‘H5éŸ)25±Wm–^ÛƘ³ž†¢LM?—{š ºz!,Z÷ÅÀqªLž‡š­Ôv˯¦½ðó¥F!„öÐÅÀØØÎ#ŠK—.½zõêÕ«W—.]ÒmÊÙùóÏ?ùK* '>Ã×K(wÈ¦Ú KÏ@¦8iP¿ÀéH@¡Ð¼º?÷¢|Yx6€ŒL¨^'‘"-½ 9çqœ6S¾B-Z{Í IDAT!D[ì5.ß »0ê(þúë/#####£¿þúK‡Éf',,ìÖ­[nݺÅÆû*‘(œÐL9¨(²ê0’o™™øi ¦ŽÎó^¯â5¯ŠK@º¦Ø#)Ù ú÷ö=’’5¯Êî(„BáñÏ]…Q/ ))ÉÏÏO&“Éd2??¿¤¤$BÅÎ;Y‡r‘H´sçÎÂ>œ¾”úp"%Çà‡Iص Ñ‘übVšYu›Œ†²³ÿ!1 ÝÚk»}r ¼'òª5†}S>ýiÕ¶}¨Ó¶Q¶6Z|ÿnf-ƒæ}P®6Ê»câ÷ŸU˜ûç‚ÂÅ]yp'ª(ÿ^ÁûÄÏ–d¨N웋À§pv€ò¼7ÑømÛgÛ<þôyø4"|ÿ@Ì[ŽOð¿nðæ: Dç6سeÌ1y>Z÷Eø C.ÇwKѵ-æOËÛéB!¥? ÿ$¦P(”'ë, ?ÿü“ŸÄS üù矣Gç±aC^°~üWÖa£S§N…wD})ÝáÄS!•àücØÖ@f&¾h&?@~þ ?¬"ë;£%Ü™K¸vç³%™y '=EM‡Ï–<š­Ÿ-yó–„Ãg°g=úõ€™ãà{Û÷£] (8¬œ)£!¡ByôìˆEkàä‡ãìtm¿/EíöYÉ®û þ\²VY«ì›áìèÝZ{bߦ¼ !„R:ñO_B¡o狼VO|7þX¬?CÍš5u’¾:ÖOƒŸuØ p¢dIK…ßN|3¶5ÀăG NÜáê5V+–‰¶z!||¶¤B¼¥ð(}º|¶¤S+ÿ¼â¸o³FˆzGÎâìY«Þ}@x$Ô°ÅðX· ·ýÿG03€€'05AÛfYÛ»ÕDjYŸÁÒS|:Ø8+5@5W„BÉÿÜÅO:¡ÃÄY7å6T¬?âE‹txßOƒ_Â:llÚ´©äM@QŠÃ‰ç!Тç%Ž®Opu=”;ÑÈN†ïí{­FbRÓÀ£nV¨À>W²€à04ê†Ñ»3F BÈsÌ_ié03…Xü)‘èSjå¬àQ÷Ó*ºhÙ$볉Ò.„BÉò£—n‡uRîÆ |¸mÛ¶ýôÓOB¡îû+÷Óà±…ÚÂJ/J}8Q©ò§%εÞ¾fßøÁ cl¢[Õ«âY¸¶»:@ýÚèù±¾q§oVh±eªT™¿³"‡kw³6pqÄûD>EÃ:…ˆèO©ÝĤ02€´t,ß”Õð©Ô’Ëåqqq¶¶¶×róòå˪U«ÚÙÙÆM\ç¤Ritt´“““ö»¤§§?zô¨B… ÎÎÎÙ5ù}ÿþ}xx¸¹¹¹£££™™¿<&&ÆÚÚZy !„”…÷è¥ÒWxý”ûiðŠ Ã†^ƒ?ä…%.ÌÊ|ZR¡"H2•ÿß붮mûöí{öìQYmiiéå奓£L›6ÍÅÅE'Iˆ;8öï§ÿ.\SÝ M3<{®mjm›£n-,ÛÿGHIÅÆ=3«w¥ HJɪë8}ì†LŽÃ€^¨TK×#=2–oÿx8Î)©˜» ¯ß",_ÏƦ¨\Q7'žÄÄD‹ì}ýõ×…{øíٳǢzõêç<~ü¸³³s5Z´háàààää´mÛ6õÍ ¢Fß~û­nÓ\±bÅ/¿ü¢åe¿~ýº‡‡‡••U³fÍ\\\¬¬¬z÷`DDD¯^½*T¨àééY§NkkëI“&%'g4üÏ?ÿL™2E·§@Šµ¿þú+‡²wúôéìvŒ‹‹‹ŒŒÔænnn3gÎÌîÐwîÜQ_URSSCBBøwº•*UÒùÏ™2•‡.Ý>€e·ª0& `ý4Ô[Ëó6t~Dý*ŵå¬ .öß8&¾À•·†Ú|vº:fß¾}'L˜°oß¾¡C‡*/÷óóKIIùòË/urWW×÷ïßë$)±tÃg_j üÆgK:¶ÂÆJalœ{jFFðýƒÆ£q˜šÀÔ+çg Ó4Æ GÎÂΦ&p«‰=0ô4ë;'áûŽƒ•ÄÆø²º´ÍJ­aüµçâ·íHP¯6ŽþU赦¦¦óæÍcŸ¥Ré‚ <==û÷ïÏ–Ô­[7û] Ýúõ뜜֬Ycd¤z{¹sçNÿþý;wî¼eË›ˆˆˆU«V3ÆÈÈhøðáºÊ@«V­tÛ¯îÅ‹Ë–-{ðà6—}ÿþýǯT©Òš5k5j”’’rõêÕ+Vxxx;v¬I“&222¾øâ‹ÄÄÄ¿ÿþ»nݺïÞ½;~üøºu뢢¢Ž?`âĉNNNׯ_oÕJw¹“âÌÃÃ/{þþþ¾¾¾£Fâ_åðþèÛo¿½uëÖ³gÏr=DZZZ¦¦A0d2Yjjj‘õ!¼téRŸ>}>|X¿~}èôi’ …4{]zzú7*T¨@&“%%%YYYñ¤®_¿žžž®Û á#GŽX[[³SP9¢@ 8zô¨Æè½ãJ­Ëg9;pû·ó ÷orvÈ<úORRR|||dddHHȃV¬XÁ_.ÿ¶_¿~b±øýû÷Ê ›7o^¾|ùŒŒŒ&n öîÝ«“k¥=©”«Þ„;öov‘˹'ϸ«·¹‰ª«B¹—¯²>§¤r±qYŸÓÓ¹[÷¹˜X ©¥¤r7ïq÷r¸ÓVÁ¯UZZ€1cÆä;ݲµµ7nœÆU#GŽ477ûö-¿D&“U­ZµY³fE•»ü>|xÿþýUj¼ì111b±¸Q£FïÞ½S^~÷î]“ °¿‘§N°k×.åm&MšàÅ‹ìë¼yóš4i’ï<ýo6ÖÙ³gµÙxØ°a®®®Úligg7iÒ$õå[¶lpóæͼå2¿XDýðáCöÕÚÚzÎœ9Esh¢/þþþüSÖŠ+-ù÷(gd,oÞž¿:ŠtxX‰Drøða~IttôíÛ· dbb 11qÊ”)Mš4™5k_ÏÜ£G_~ù¥víÚ2™,!!aÍš5mÚ´qrrêß¿HHÛrË–-cÇŽåÓß¿Û¶m+UªÔ¸qãU«Vñ•-6l˜2eJXXØàÁƒ]]]»téžrŠ###,šuæa¡î®hÝTCM‚‹ªUÉú\ÆU?ö¯15E3ØVÕZs4oŒÆõ¡÷Žééé½{÷^»v-¿„ã¸AƒýòË/‰dÀ€çÏŸgÅÆÝÝ}ÆŒéJ³gWöÔ…††~ùå—5jÔpvv5jT||<€wïÞ 0àíÛ·çÏŸ0`€zµÞ‹/,--Y9gD"ѪU«ºtù4Ö½{÷ àêêÚ£GöÃlݺuܸqaaa£FòññéÑ£Çï¿ÿ®œøСCÙè#GŽäk®ÓÒÒ¦M›ææææææ6kÖ¬‡æz  {öìѲòdõêÕ‰dݺuåË—W^Þ¤I“)S¦<|øðܹsì:¨Xñ³&q'Nœ1cÿzØËËëÞ½{×®©5ì#DMFFÆœ9sêׯ_¹råÎ;_¹r…-ÿæ›oΟ?ÿòåË=z>>Þ¿ïáá±k×®víÚõíÛ÷àÁƒ-Z´`Ïj‰‰‰gÎœùúë¯úé'Ö–£[·n[¶lùꫯFŽÜ´iÓÔÔT<8yò$K|ÕªUƒ®]»öêÕ«;uêôý÷ßóFOž<Ù¿«V­*T¨0f̘ØØØ~ýúßö|#A®Àõ»¹oY²™™™I¥Ò•+Wò·à;wîøúúÖ¨QC&“a„„„„öíÛŸ8qÀÛ·oÏœ9Ó½{÷›7oz{{;99ýüóÏüovùòåC‡-S¦LÛ¶m7oÞÜ«W¯Ý»w'''ÛÙÙÕ©S‡åÜÙÙ™m¼gÏž~ø¡AƒMš4ñõõå›’R‚‚Šâ¡Hê@ •\ÎMñæìœ8#Å7^™éé©©©‰‰‰qqqÁÁÁ÷ïßÿõ×_ùË¥“ºªñãÇóM>Z´háììÌ>O:U$ñ ¢££Åbñ¢E‹8Žcs¯4hÐàÕ«WDZºˆM›6±-_¿~Ý´iÓ+W®°ô«U«Æq\||¼……ÅرcùCoØ°ÀÕ«WÙföïßÏVØ»woÁOP_ -RR5´\2p…ÑØi×®]®_¿Î¾Îœ9ÓÜÜ<99™E›5jÔøðá[ÅÞÊŸíèè8räȪU«6hÐ`åÊ•*Ý<ÂÃônÝš_R£F ±XÌÚ{`£0"‘H(Òœ}%€……k­ÄqÜ;w^¼xÁÇ«\]]•·¬R¥J\\œ6e‰ŠŠ’Éd*«‹‹ _¨rU³fÍI“&íÛ·/66öÔ©SU«VŸ‡”””#FkL°wïÞ*TØ¿¿¯¯¯zÕ€ „‡‡óïh£¢¢ªT©²uëÖ<ÈÅÅ%44TËáÝæÌ™`öìÙü$\̽{÷vïÞýå—_²¹),--9¢2@@ P(öööü’°°06ô>!9pww R~:¿yó¦z­Ú®]»ÌÌÌ~ÿýwSSÓ÷ïßGFFäR:u’““cbbøŸÒÉ“''Mš”sÀ‚ å?Lÿþûo¾ó@1N至³sË–-ýõWcc㯾úŠ_>þüØØØeË–¥¤¤øûûûøøìÛ·¯yóæê)xxxܽ{wÑ¢E™™™2™ìĉžžžÊÛtèÐÁÓÓsÍš5÷îÝc/€.\èééÉú½éh˜^YÇ&ý€%ë³>g÷×uú×X· ‘Ñ…ž™‚322|ø²aÆ 4mÚÔÕÕµfÍš_}õÕž={._¾œ‘‘áëëûÕW_EFFf÷H-‹¼zõê„„>&W6cÆ ±X5~üøŠ+.X° ::úõë×Ë–-›5k–£££ÆJ ^ûöí===—,Y²~ýú‡~ÿý÷¬'!ÃÚG±Úû_BHQÑg?p#—Ë333‹`d'fóæÍÔ§ÇZ½zµ‰‰ «€¶³³Û·o[Î*._¾Ìo¹qãF‘HÄ:Åöïߟ zÃìÄq\DDDÓ¦Mñ±¾¸U«V±±YÓ°?ÞÁÁAùÐÆÆÆóæÍ+ø©évT™Úí8/ ÃdQ(¸è—œÚ¸;YÞpÉ)ª %.%UuaûÜè™Çq2[ÎïÇqÜ«xÕÝ'Íå†MÍKîsSxÓرªªÆóKØÈNãÆc¯-…Baûöí=zÄo]ÙS!‘H¦M›Æ*kkkåµrÙI.—/]º”5u`Äbñ!CøIßÞ½{ÇFdyèرãÓ§OÙª3fØØØh<Çnݺ)/äGvâ8îÌ™3üô¶¶¶ü˜69HëhÁÅËaöÀTªTIù˜˜øÙ c/^d•‡GGG÷éÓÇØØØÈȨE‹7nÇqœT*mÙ²%€É“'sjÓرîRº¾¨DŸhd§€Â‰OŠ8œÈAbbâÿýwíÚµ\‡ÃKHHøï¿ÿNŸ>͆ØÓH¡P„„„œ;w.**J×9լȉͻ¸rµ9Ør–®Ü”ùœTÊq'“qÂêÜÖ=\£®l9aunøÔ¬xC"á¦ÌçL8c{®Ë`nþr®ëŽã¸ú9Ør[ξiV8ñÓj®N‡¬ÝGÏü4×õ© œØA—ÃÑÞcß›7o„Bá–-[ø%,œX¿~½B¡xôèQLLŒú^y*{.\xôè‘D"ÉSÆ’““ïÝ»wøðá«W¯*ÏÍ‹ŠŠú÷ߕ㜂Éd? Rϧ–êر#?˜¦ö"##Oœ8qÿþ}äkÌXppð‰'Ξ=«þûýã?ªU«–ï1)œ(mÒÒÒnß¾}õêU•À•ã8¹\ÃØçïïÏÇÑÑÑüÈÑù#•JÙlsíeff¦§§s·}ûv•—qqql) (œ(>µ¨&†ÃÊʪmÛ¶ÚlY©R%å÷  åa4J†}GðÍ<,ùÃài(OÇá·E à0ógü¶[cåXû'†D‡VX¼ÛÿÁÞ p«‰ßwañ:4®çö¡ï(8Øaõ¬ÄWnÆŠyèÞÛöaÑ: €¶Í –3$R\¸†þ=õtÚZÛºukÙ²e‡ ¢¾J °FüêòTöò×j΢qãÆ9ôµ°³³³³³ËGʉD"ÖY"ßZ¼xq÷îÝùå~´JmØÛÛ+w„И±ZµjÕªUK}ÇqëׯŸ?¾ò â„äÀÌÌŒUD« …Ê#%T®\¹råÊü×êÕ«ðÐFFFyj•÷êÕ« Ì›7oÊ”)¤RéŽ;6l¨¼r !†úNâê§Õèݳ' r%´o‰Ù°ÓÒ½,¾‰áa[«² ?ƒ\ŽÕ[ðÃôëÚ.ømj:fmlS&&07C›¬%“F`œì«ã§Y(c†‡AYËì`"Æ€¢=Õ<:zôh›6m.\8wî\~¢’o-Z´uÊ—Ís†‹Rƒ 4h ¾ÜÈÈèûï¿/úü”åÊ•S­°uêÔ©ÈŽEHщD­ZµRŸ+†RLQ8AŠ%ëò¨Pf¦˜:&kɽ‡8se­Ý Õ!.^G»o糫šn¬ï IDATÈYx$fŽËÏŽ„B!%…¤ˆy…cŸOsÔ®9& džØ ý{àÒ L]€Æõ‘簾ðꇿö£žZ7Åï»pýnVWl–e”T˜™æ”“WñHË@=·Ÿ!„BH‰@á)®ÜÆ•ÏæûÆýÓ˜;/ã0x"LM™‰ÁÿÆŹ¤³~&ý€¡“ÁqèÐã¼ñ4,kÕàÿaüwpoˆ[9¥òF¢O=+!„BJ9 '>@( Ôè;k¥ZÐålWm[…ÅsòöÕáðqÀO‘\Ìg›=¿™õ¡\YìÝ©±_ÏFÝ£tzõC¿îÈÈÔ°û‹;Ÿ>ûžÀ¾0ͱƒB!ù þÆ?•é;k$'Nä‚J°«ZUµ ¼ßh˜ˆñ÷zˆÅ‹À‘3XµàÓZ33˜eßÀû8p7å?·„BÉ=wGNhÆÇÄ ’]‚,›‹6ý`ÓŽvx‚ƒà3 »¯Û†‰ÃáìPXÙ#„BJ3öÄE5Å…¨Ô²Ñèï%†[M$"à ¢cѸl«æm÷ Ã`]¾prF!„”zì¡‹Z›;Nä„o´Ç/ Öc~Š‹ÈÈHöµ²«„„8$ÄåyÇؘܷÉÿV¤8¢rE).”ïTêÏ]¤X pB3¾@«ÔNxyyé1WÅ ]+íѵ"…Ê!¤xák'(¨(^(œP¥ÜÌI$±U¶éß¿åÊ•%‰\.—H$ …B.—+ Žã´<ÊÍ›7[´h‘ûv†šÇqljD"•fŽìZ:t(==ÝÌ̬ÿþär9Û^¡P°}år¹ö•˜t­JϵÊÙ©S§222LMM{öìi8¹ÒWRÙ•«øøøK—.)oÙ¡C‡Ê•+S¹Ê•+íѵÒÞ‡.^¼Ø±cÇråÊN®ô˜”òc•X,‰Db±8>>þСCÊ›ñÏ]ÊMžt’[R¨(œø +µ|¥„H$222R'ªU«æä䔑‘!“Éd2‹(-ààà “<ë%)ŽãøkÅ®òhnFFFŒŒŒø‡k±Çeåt˜+ÃLŠ®•®’R¾VOÍO0OIeW®Ô·¬\¹²££#•«ìP¹Ò]+í%$$¨V­šMÁS3ÀÌkRÂÄb±‘‘‘‘‘‘©©©úóÿÜÅWS€FÄ)(œøD9–àÿå_þ)‹Åb± '„B!ûS­}8!‰Ìr”TkzOŠ”QZ ˜ššòÏÇü£LÑäÊ0“¢kUüµÒIjx‚ùNJ¹\«¬566611¡r•*WÚ£k¥=ö/]+†²âà þQJÿÜ¥Òä‰" GáÄg”ïørÌÞÇ(366677‰D,œ022R~©¬ ‘HT¦LäY_I±W›ÇñÃéªTM²?9*oÜ ÛKû[]«Ru­rÀ_+¤f€'˜×¤4–+ö£ÌÄÄÄÜÜœÊUv¨\i®•öØs¶™™]+†ÿÃgllÌ õ×FFFê¯Û(–0|NhÆ7vbå^e­©©©¥¥¥‰‰‰\.gE^à ccc´§ÔcRü£Œò^åÙÊÊŠS¢¾—Îse˜IѵÒIRì¡Y(ê$5<Á¼&¥±\™››«lfnnΗ.õ½tž«b—•+íѵÒ^rr2KKKºVŒò+ZÖœI,›ššªlfdddllÌ7vÒI>I pâ3|¥k½Çþ誷í377/[¶,ëŠÍ°?ÕÚ·"(·Êkô%øØ€[(ZZZ²W§ÊÍÀÔwÔa® 3)ºVô(SIñŃ „B¡Æp¢|ùò|¹â·/FåJcä#‹Ë—×0ŒöçÅP¹Ò]+í}øðN(aM˜X[&F,«ß¯ø׸lšÏ®¸ pB3öœÇïÔãcl°Hƒ…¬jB½#;Û$ä¾’âÿfçð;Wo©Í^É•a&E×JWI1:IÍ0O0åJù¥±ï„òB>®(FåJcV³K*¯áÊ•öèZåŠýèXÏ¥‚§f€'˜×¤”_ײ8AãP7B%E#N¨R$( õâÎBjEðµ|‹dmŽbdddii©“ ë%)@Àšä¿ò ¡ô‹µª‰D|+ ¶=‹ÄèZ®U^(×ä<5<Á<%¥\®”ßÞiì;Á§©Üä©•+þì”3,‰,,,rÞFT®´G×J{ì–^¦LºVø^^|í‹+ÔߣñuBš}¢X¡pâ3ì¯2ðs*›‰Åbcccu°ña•›¼kC$©7Ì=&Å~ä|Åqœ™™ûÊÖš›› …B™LÆ_Xö×(OïéZ^®ŠWRüµÒIjx‚ùHŠ/Wì+Çqê»›šš+7ˆB1,W*m´Ø™À@½Ý—ö¨\i®•ö؃²Æîù`€'˜×¤øg*¾æ!»pB¹o!…Å…Ÿ*=ª5¾Àb±˜UJÈd²|„MFå;ÏzIJý] òC0ÃRcƒTf·—nse˜IѵÒURŒNR3ÌÌk¹beƒýÅå”fµSÙÌÔÔT¹*ƒ-7ür¥RßË~2r¹\e„4V‡¬2b•öuÅ<*WÚ£k•+ö"’5.xjx‚yMJ9B`}S5Þ¯T:¬ò·8d˜ '4|ì#«P(ÔËqttôÓ§OYÁÏ ¥w„¹JMM ÕIVõ•”ú_kþ«T*eÿ†„„ð缯®re˜IѵÒIRüµÒIjx‚yMŠï¸¯üzþåË—*›½|ùòéÓ§ü}Œe ÿ~ŇÊmÿØ¡Pøþýû°°0¾²‚ß ¯á•+íѵÒ^tt4ûW'Âx‚yMJùÄÏ,Á®’úfÔw¢øáÈçØد‰$###555))É××Wßÿ—!„BJ8__ߤ¤¤ÔÔÔŒŒ ‰D"“ÉøÁ3uÅß߀¿¿¿n“5¨#=ªø §ô’Oc¦½{÷º¹¹é/ƒ„’»3gÎÌ;·߯‚ƒƒ½¼¼–,YÒ½{w}ç…R ìçÌ>óÏ]Ê]X¹|u‹"E‰Â‰ÏðÁ§Ô~I¹I€››[£Fô“9BÑNpp0JÁýÊÁÁ¡dŸ !¥ {èbÝ'øЂúÎÉ õnÑ€(X…ö-Œ !„BHþðÏ]*ïv‰£Ú UÜDZ_Ù„¬Ýž¾3E!º±/pß×G¿>6ôXG§ŽœV;%¤&ðkÅ"qMëš›NÞp¸úëÀYgfm¾»Y=Í.Î]{ž{nî¾Gû"fDjþ !%{îâT ±b‹ '>÷Øcá„L&“J¥NBJ ™B–*M•+²nkiÒ´ekŒóǾ¾J~õoØ¿#L“¤Ml6QeßLyfª4õ»6ß ?›{ÛÅÚ…­M“¦þBJ,¹\.•JYüÀ‰| úLŠ…š)Ô؉R‚9–wœÚb*ÿõÇ?ÖÝPwí͵êá3¯Ý¼2â2E•;BH)Â?w©LF õøè„/Æô㿱ÒÌÚ;I$=æ‹BŠ’©±©»û‹ÄI„ã¸v >0Øysß½}W^[™œ™Ì¯Ý¸·ëή­ÿl½èò¢À¸Àa‡%¤$P(r`ˆÝJ»vÛÚýó蟂ž !¤X‘H$ìÑ‹=ƒé;;D[N"Ã0kþ=¢Òˆã8ª „”*oÓÞž ?ç\Þ¹ ‰,»ºìë£_˲yíæ¹Z»þpá‡ÑGF³U˯.ê7´Œq™¶öm7ßÝÜëï^»îN–$Xzu©ÏAk—yíæYˆ-†ú =tX§D)&X¡<Ì&?j¿¾³FrB©ß ÁÇQÉð±øÊ?¢p‚R‚½øðbãíìsÈÛ3¡g2d³[ÏÎnûúë ð©gdÅ2o½¥²Í¹ðsÃÿ³ïŸìë›´7'žŸÿÓåŸ&xNØÔg€;üØcw˜¤¶™ïcß–v-îô3€qžãÆÐϽ!¥ÿô% i|§b„ `Å<¤§aØDl\Ê(Ï¢Bá!¤d{ööÙ÷ç¾gŸÅ"±kÅÿ³wÞaQ$M¯ ì– HQ’"bBŒ˜EQQ1gŬçéy§Ÿ§\ðÔ3ÇCD}=#*bÀ¢r®ˆ€d0¢¬¤Ýï>ÇqY`%×ïñá™éî©©n{{ºº«»­ºôëàWZú~–ý˜K±5ùš%Ó\õ¿ ©$ícÚ‹·/¢3¢ %…pãÕÏÅŸýüÿ{—7ÙiòÕ¤«ä¶…N‹ÓÏO¯ _9ªý¨¶úmwÙ©¤,"R? û]%ÏFê2Þœ¸yöýÿÜ˧I€Œ!Þ{‚4lú¶êæ¦xúÿëûå.Ŏˉ ºü$øsñgC¡Žª OzŸ_v‚"iÑ×»½w/º°((*h}äz ƒ!¶CV÷Xm¬e\Ì RŸav½ÐÍ©Ѹ×N¼{óÇÁ¢uÐƾd$½¹VeDéH$’ôôôÚÖAª‹GGÜxuãĨo—¾ÍXœ1Äv ×äi@f^&òåû—ôµž†Þár–äœ{nX›a‡cù{H kŽ4$òóóïÝ»—PÚw\$½}û–\c³\À®W=¥q›‹&B+˜²P&˜Y‰Ñ2n¨ ‚«W¯Ê?¾­­mUä‹D¢øøxz[033³%K–ë#GŽ“âââÀÀ@++«ª¼(!!þΛ7ÏÒÒ²ìôRÝÜK»'|#\㱦Ÿe¿¦êM :#šDY5³€ð—átâK —ÈE±¤xÐáAçâÏið4¼¬¼¶ Ú6ÓeftFt±¤¸ÆsÐ`¹uë– òòòj[» •••œœ\F‚[·n9::jiiuêÔÉÒÒRKKkàÀYYYÌ4>>>ššš“'O†o›åÊ©ÄlŠ‘J#ÓéÂX}¡;;Ý7ÂáÈ%H{ðñ@j2¨ð@§©Ìyvµ«)RˆÅb‘HTÆn[±k×® 4(66ÖÎÎ\]][·nM¢þøã ‹   .—Ûºuë.]ºTåEíÛ·_´hѺuëÀÊÊêýû÷U‘† UÇVÏVÀ„ŇyYz½/x¿ãþŽkI׸ln~q~óÎÆÎ?EþÝÍ»}rôä¿'ÉS*U5×ÖØØ™h›$¾K<-<Ý¡yŽJ™oC*€D"‰Dƒ¶·—“çñxµ¢RåX²dÉ;wž?.76$$düøñzzzAAAyyy7nÜØ´i“££ãéÓ§;vì)))ÇŽ›0aÂâÅ‹áÛf¹r*1›b¤Ò0@[¢ш͉¸GP˜#ܘa*=¬ØÝúÿu‚Yñtw¤êÓ×iiiìÛ·/L:uêÔ©ÊzËŒ3fÌô‚Ôš|Í{ý¸6b­î]°F´qiü¥¡ÁCÍ·˜g/É>9ê䌳3^XHålìü«×¯3Ãf xXì¶xð‘Á¦›M­ûÛ¬%YŠ¯ÃþcÀÔZª´uØ›ûmÎ^’M®çv™›˜ykò­÷Ëßýîh–=R¦ÜŸzL´MN9·2ïÓŠO·n«©¨ékè  ½A{ááƒi‚G?œö0nvœ]s»ªfQ˜]»vM:5!!aâĉ@Ž#Ü¿Ô¨Q­Zµòööþå—_>}úzá³gÏFíèè8sæÌ'Ož,X°àìÙ³ëååõôéÓ•+W:88x{{_¾|ùǶ¶¶$!77wÎœ9ŽŽŽ;v\´h=¿J„¤¤¤,[¶ÌÑÑÑÉÉéûï¿'-ó¬Y³ÂÃÃÓÓÓ½¼¼âââdr±eË–¢¢¢ß~û¶%;vœ3gNllìå˗Ö/_ëÖ­[³fL³œ““äææfaa1lØ°øøø²µ-Ù#•†îwQ j[)¤|±9ÑL,¬¾þkÚ ¨––”Q¹" ±XܳgÏmÛ¶¹ººZXXÌž=›9™æêê7yòdKKË™3gÒ]ö¸¸¸WWצM›Nž<9##cèС ¦¦¦mÛ¶‡V­ZÀ™3gbccy<ž££#ÇkÞ¼¹££#‹ÅzôèÝ•ß°aÃøñã---—-[öæÍŸ}ûöÀÓ§O{öìyãÆ€€€Aƒ:uª{÷î¹¹¹jjjnnnl6ÛÔÔ´S§Nö_×póæÍ£F²µµÝ²eK¯^½–-[6~üø²Õ®¡âF<.¯³igzYM¾¦™ŽYæ§Lý ú¿GýÎãòTUT‹%ÅûcöwhÞ~ŠÏå;9 ´èhäˆnN5ŒP(|øpãÆtqEGG׶¢ˆr8xð \ºt‰¢¨ýû÷ÀÉ“'ITjjª@ °¶¶¦(ª   eË–®®®ô`ÉÖ­[@(R5mÚ4 !Q?€¿ÿþ›¢¨3gÎ@ll,‰ÒÕÕ;w.¹666ž?>¹ž={¶±±1EQYYY&L 5trrêÖ­EQ¿ÿþ»‘‘QAA 'æǵk×È­ªªêÊ•+Éõ´iÓŒŒŒ(ŠÊÎÎS¦L¡¥µoܸQ¶ÚHÃàï¿ÿ®³íÕ¨QœÕœî»»OýgjÛßÛl0ø7çߊ ‰ŽŽÆJ[ ®_¿úúú­¾åÞ½{E-X°.\XXXHÒ{xxLš4‰~Üßß_OO\÷ë×ÏÂÂ"77—ÜþöÛoðóÏ?SuåÊðóó#Q.\GGGr{çκý™;w.‡Ãyõê‰JMMåñxëÖ­£…Œ9’n{mll¼½½Éõ¸q㬬¬äæQ[[ÛÝÝ]nÔ›7o`Ú´iEݾ}¢¢¢HÝ,“¹ˆmÛþóSxýúµ‹‹KdddÙÚRß6ÅH… ?gÂÆ>|( “’’²²²rssE"Qaa!}T¶²^W“ÍcÍ¿±æiij2ÌX"MÆ%×”'Nðù|OOOrkbb2hÐ rýèÑ£¤¤$__ß¼¼¼OŸ>}úô‰$»xñ"I ¾ûî;rݦM‡ÃœWœ7nˆD¢‘#GÒ!§N"_èÙ³g§§§óùüׯ_ß¿ÿôéÓ@ï%—ÈÈȼ¼¼Ð!ò!W¢ÚRQ8|}âõž=‹%Å3\fÜz×V¯J»¨!ÅÞÞ~à·4mÚ”Dq8œ… Ò˲¯^½º{÷n‰DòêÕ«ðððèèèÂÂBH$áááÆ £'¦NÊfÓ£ S`nnμmÓ¦ Ù‰“'Ozxx4iÒ„´®ÚÚÚÎÎÎtë þþþ´3}ûöí_¼xQnîÄb±††|¼‚‚e<®¯¯¯ªªúÓO?íß¿?++«Y³fwïÞ%såj‹ –F¼A¾˜˜Ø¹sguuu:ÄØؘ '¯×Ì™3gÎœÉ|äÝ»wä‚þ ‡Ãa³Ù•Û ìå˗о}{:ÄÄÄÄÄÄ>~üøçŸþõ×_¯^½RWW'[E)"­[·ntˆ™™ÇKKKS®ÚRQ8lŽk W×®µ­HãÅ××·´¥Øººº†††ôm\\\PPPppðçÏŸ utþ;Ž055U,37¹æóùºººLQ´bf·OŠ¢ ÒÒÒRSSe–˜›t3eòx<±X\nîZ·n˜˜(7Š4Œô&{rÑÖÖ>þüêÕ«ýýýÀÎÎÎÏÏoÁ‚EEEåj‹ 4'455é~6!66–Ž€ƒzxxÈÝÜÜœÍf3ÝLKƒ¸„‡=,Œ¸9‘ ×D)hiiч ijj¶oß~„ =ª¨œÌÌL"äðáÃ2Qššš€¹ÑR3Ü»wO(®Y³¦_¿~d`‚n|š6mÚ´iÓË—/Ó‰ÃÃÃ+:$Áf³mmmoÞ¼I·®ÆÆÆK—.=tèPUÔ&çHÊx„>xðàСCÇo×®]ߺu«oß¾Ÿ>}255õ÷÷¿pá‚……ÅÝ»w«I[i 9 °hÑ".—;gÎœôôô?.[¶ŒöüiݺµÏ‘#G""" BCC}||’““Ëõ8"sô×®]“±+ ww÷.]ºüúë¯wïÞÍÌÌ\·nÝÍ›7Ç...÷ïßÏÍÍ Y±b|üø‘|¼›5köðáC™É}ggç   H$’ØØØï¿ÿÞÙÙ¹gÏž/‘H$²µµ]¿~ýúõëW¯^íâârñâEWW×ÐÐÐ É¡(J$‰D"æŽj„ãÇçåå‰D"E¼\åbkk+ÂÂÂ>|ø””´dÉ’k×®çççÀâÅ‹£¢¢f̘ñèÑ£àààiÓ¦Ub&aÕªU6lÈËË‹ŽŽöóó îܹs¹êêêfddDGGe˜´iÓfñâÅaaannnÁÁÁOŸ>½{÷nPP‡‡G‹-~ùå—²%;::Þ¿ݺu………b±øìÙ³IIIÎÎÎåj+·)FFš666ÁÁÁááá&&&:::? ¤c·oßÞ½{wuuõï¾û®Y³fgÏžUSS+[¦³³s×®]çÍ›·víZÕ8qâ„™™YçÎŒŒ~üñÇÀÀ@²ÓÒ¥Kutt¬­­›4iòÃ?\¸pÁÉÉiäÈ‘7nÜ€©S§^»v­k×®LQ,ëرcúúúÎÎÎ|>¿C‡ÆÆÆÿüóOÅÊAÊÃÆÆfîܹsçΠܳgÏ£G¬­­'Nœ¨ ÍÄÁÁáòåËôª$BHHˆƒƒƒòôE*€¦¦æ?þxþüy]]]KKËW¯^]ºt‰Ïç“¥Õ .\µjUpp°ƒƒÃÒ¥K·mÛÆçóË^å\’aÆmÙ²eÍš5ZZZNNN‘‘‘GŽ‘»Ç« #FŒÐÖÖvrrzðàAÉØŸþùرcdöíÛwîÜyéÒ¥^^^wïÞmÑ¢EÙ’ÕÔÔÖ¯_ÿûï¿khhhii }º~ýúË—/åƦ¤¤\ºtéÉ“'’™•••ŸŸ_¡GÒÓÓ~üH7Dtù •xEnnîõë×oÞ¼Io‡­‰$--Mæ¼3’““Ïž=ûðáCzë[ÉÉɹ~ýúùóç׶´¦)Ü(¶€Kˆä?A÷îÝK‹555¥I+ŽAE122¢L3aºW±X,æž*ôºpX,–¥¥¥¥¥eEu@0-[¶477_»vm·nÝúôésæÌ™Ÿ~úiãÆÚÚÚJ‘ߧO---¹cÆe£££Ó«W¯ú ´ÐÐPMMÍ>}ú?¤VàñxLï#MMûP„Y IDATMÒà 0 °°0<<œÜîÞ½›ÅbÙÛÛWâZZZe´½¥Áf³ËNÓ¢E‹r§#䢧§§§§'7ª mKkŠ¤ÁƒÎN‚ ‹M›6µnÝzÊ”)iiiÓ¦MëÞ½û¢E‹”(ßÄÄ$))©¢OI¥ÒQ£F]½zõõë×$$$$dÈ!ôHÂßßÿêÕ«­[·ž6mš§§g``àöíÛédiT 9 Ò¸ÐÐÐ8pà@JJŠƒƒC^^ÞÁƒ+±ˆ¶ TUUõõõ+ñ ··7‡Ã9qâ¼zõêîÝ»ôa‹H]cĈ/^¼X´hQaa¡››[DDÄÔ©Sk[)Aj4'A]»v2dÈ›7ofÍšU9oÒ‹ÅôN8EGGÇÓÓ3$$BCCuttúöí«DÝåÒªU«iÓ¦íÛ·oåÊ•ÌC3il 9 Ò舉‰9{ö¬@ عsgvv¶%Ÿ;wîýû÷...•{ÜÇÇ'222++ëرcÞÞÞèé„ R÷AsA¤qQXXèççײeË[·n‰D¢€€eI~õêÕŠ+LLL*}ÂÉàÁƒy<ÞÆïß¿ïãã£,Å©p¹\555‹¥,™vvv¹¹¹å…TÜÙ A¤q±bÅŠÿý÷ÚµkvvvëÖ­[´hÑÞ½{'NœX Q/_¾Ü»w/H$’”””íÛ·ܸqƒãX 455û÷ïÿûï¿7mÚ´W¯^•‚ HƒA‰†Ãáhii)W&‚æÄWX,‹Åb³Ù¬Ô¶j‚ Ê!222((( ÀÝÝæÏŸüøñyóæõìÙ“OV!¢¢¢¢¢¢Èu»víÆŒãëë[ŃçFuòäÉaÆ©¨¨TE‚ õì€ÕSÐœ(¬Ê‚4$ºwï.‘Hè[6›MÛ…)§*QEߎ9’ykooϼE¤a£Ä~WAAÁ±cÇîß¿Ÿ——צM›)S¦ÐìH¥ÒÛ·oŸ>}ZCC£gÏžŠœÅŽ”®=ShQ ‚ ‚T?¤ÇEû‰TE”H$0`ÀäÉ“£££cbb/^ܾ}ûôôtKfh###Ož<éîî¤í1hNÈ9ËÆf³•»#;‚ ‚ RÒéRŠ³ÓÁƒ#""ÂÂÂnݺõèÑ£³gϦ¦¦®^½ÂÂÂöîÝ»ÿþ;wîÄÆÆ®ZµjÁ‚èìTôR :D(Ö¢>‚ Šœœ º½"YKNNŽ‰‰©m]©Ì–ªd¿«Òܾ}»M›6}úô!· °´´¼yó&lÛ¶ÍÒÒÒÏÏD͘1cíÚµÿýwÇŽ«þÞÆ šò¡+´Ì섯¯o-j… ¢8 ¾½Z¾|ùòåËk[ A”=;Qu£¢GÞÞÞô­H$ÊÉɱµµ€øøxæfÖÚÚÚ86QÐœ…éæÄápÈ_™4Æ 300(**’H$EEER©T"‘H¥RÅ× FEEuéÒE) ×AQçÎ+((PUUíß¿ÝѪnŠÂ²R,+&EQÅápd\³³³¯]»ÆLéááa``@ÒK¥Rò¬D"QÜ‘ Ne4È,+<<¼wïÞ¤Õ•H$•Î Ö+ÅÁ²Rœ>\½zµgÏž:::uG«ZÅìVñx<‡Ããñ²³³Ož<ÉLF÷»ªnNLš4‰¾‹ÅË–-ËÍÍ>~çÎ'N¤¥ihhhkk'&&2gddtíÚµ*¯kä 9!ÚÙ‰Ô{™XUUUMMM>Ÿ/‘HˆEQQsBEEE)þ”uSùö³Ùl¥H«ƒT¢(,+ÅÁ²’îm3AÔÕÕe’©««kiiу÷2O)]+%Š’›A‚T*år¹šššl6›bPò©rÁz¥8XVŠóéÓ'ÐÔÔIJ"0‡h‰;Ç#ŒL¸\®ŠŠ íìTõ~úé§èèè7n”´ú÷ïõêÕ¼¼<@111)))?þøcU^×ÈAsâèI â½G¾I%}ûÔÕÕµµµÉRlù’)>ÉÞš†2ÀONi”ìßÐeÕ¤I™¨Jœ\ë¬VQX¯d ÕIs¢iÓ¦d¼ƒ´i$±âΙµ•Ab*k¢<ñ,%¹àr¹ZZZ$„Ãá0tè’Qð-€õJ1°¬çÇ€æâÂD|™<¯d{Eã’4U±(.^¼hgg' ™Ñjkk>|æÌ™¡¡¡?þøãÇÇß¡C‡áÇWú]šò!ß-2Ÿ^²6cƒXÄœ _²’ó¥!×'¡rÔMQ¥H«›¬œ¨’æÝ,)­æD­g°ºE°^èB·Q¥­PQQaöË«U«êÅ4œ˜P´(ÚLF+ê)õJq°¬Ê…üÉÊ¥ªK«ƒ¬¨(æp-±änuÃfPg'‘H#‹™û;€¥¥åðáÃ]]]<8iÒ¤£G€ÍéÓ§KÚ6ˆâ 9! Ó2î%“†˜ÔÄŠ g'è13EÞB¦é•¢pE`)EZÌ`¥EÑ£L‡Åb‘)W¹iª[«ú" ë‹ÅÜ •îp—üº«ªªÒµ‹ÙçfŽý+K+%Š"ó'2ý Hfƒ¹\®ºº:ÝG‘ñt"Ã=Šdë•â`Y)YT ¡¡e_ ~z‡z7Ø’K±é¹‹*.ŸÐÐÐ(...#ÁèÑ£‡þàÁCCÖ-[Vî- šß@/ò#Ÿ1zbN&ÇSQQ!0²?,ÓsWè=IªNE÷o”"­f°*¢h×r!3;!ã¾RcZÕ QX¯JBWš’“õŽL‡(¨ ±Z2Œ“(È-‡Ã¡Í ¹–U…^õJ°¬‡t”å.¨u0ƒE÷©è™‡ÒÌ Ö·(EU¹ðx<\~­,Ðœøzè‹‘;¾Åb±x<™”‹Å•0'Xò6Œª´ÎuPA)Òêf+$Šž¶búiH$¦ŠŠ íÎl@Ÿòª¨VõQ똮WdtCî×—tþJîwT÷ëU¹ª’nðe'YøÖJ¯èüÖ+ÅÁ²*R'‰ktÕ¥ÕÁ VTÓœ ¿\¹ñË]°ŠÔ}ÐœëËPR©´äÚ‰ÔÔÔgÏž+‚>2‰$VP¾H$zñâ…RT­ƒ¢È cqq±R¤ÕÁ VT”Œ9AI)+±XO'f>U!s¢”U`½’¬B†oëUzzºL²ŒŒ ¡PHÚ1¦A[÷Û«’•Ÿé¬%‰âããe~/ÀAWð‡ƒõJq°¬‡kššZÅí‰u0ƒÅ\âEŸ,!sø0ꪸv©a*ÐSi$ÐÒÑë".^¼8räÈÚÖ AA¤!êééÉ\_¡{¬v‰‰‰qttŒŽŽvpp¨m]ª œø¦_»\¦¿ÿþÛÆƦöD.\X¾|9Ö+D¹`½B¤¾  }}}É5Ýï*¹R—Asâhãé¿Ät °±±iÀÆ%Róý°±^!Êë‚ õÒé"Ë'Ð}¦Q離Ú¢ Ÿj[#AAÝï’ÛEê8hNÈ"³pB,+~Ö5‚ ‚ R9è~}@°Üd™™™‚oiÙ²¥··÷³gÏÊ}EVVVrr²’õnô ³Ó7Ð{Äœ‹ÅÅÅÅhN ‚ ‚T7‰¤¸¸˜¬š(c:²·›··wÿþý °°011ñÀ:uJHHÐ××/ãK–,¹sçÎóçÏ«CÿF šòaèì„ ‚ RÝÐý®2¦&h:vì@ßöë×ÏÓÓóìÙ³'N¬f5Y½³ÓËç°q9ÌëÁ£{t0©Ídº­¨¨¨DAi ÑžNõ 133.—›ŸŸ?pàÀ_ý•Ž¢(ê»ï¾[¿~ý¬Y³ÂÃÃÓÓÓ½¼¼âââHì_ýÕ«W/kkk??¿»wïÒOåää¹¹¹YXX 6Œ> )Iã6'".@_;Øóäd¡íÔ Nphs9¥g'AAªbEÈìѯÙÙÙëׯ×ÐÐ:t¨ššZqqñ/¿üB ¹wï^hh¨™™™ƒƒƒ¾¾¾ššš›››––L™2eÆŒêêêÓ§OÏÉÉéÑ£ÇÙ³g€¢(OOÏ;wúøøøûû …B‘H¤ô,7 ·9±f˜¶„˜l¹ r {} ˆÅÄÓIò4'AAª™ÞWÙFÅÆŒŒŒŒŒš6mÚ¼yóÇþ|Ë–-ýýý íííùå_.FlNÀ²``[€›%tm …’Ÿ¶Ó‘ôæNxŠJäýû÷¯_¿®>ùiiiùùùÕ'A¤^ðêÕ«›7ofddÔ¶"H£ *]/•N:½ÿþãÇ0vìØ”””û÷†êëë÷éÓ§ä#ZZZšššÉÉÉ©ßbee=zôˆŒŒLIIÙ»woóæÍ7mÚTõ<6H·9y ŸC pë VmX¯³Ø{ƒoOa¬Äz J°oß>Aéœ?ÞÌÌlÉ’%ÕñêÁƒ—öÞfÍšUHÿ{÷î•Œº~ýº@ ¸sçŽu–J¥½{÷ŽŽŽ.[ùrKµ µ=:gÎ%êܨ¸uë–Li4èÑ£G•&‰âãã«iƒµû÷ï ‚›7oV‡p€ââb@0sæL™ðgÏž ‚   å¾ÎÄÄdõêÕU—CQÔ?þ¨««knnîææflllmm}ñâE:žžžr¿Júúúüñ‡"õ™NW…:`b±øÊ•+]ºt!k¬ûô飯¯züøñÑ£Gs¹rÜûÛ¶mûéÓ§´´4“/„……Íœ9“Ãáܺu«oß¾Ÿ>}255õ÷÷¿pá‚……ú;•F#^;‘‘ +¦Ã øó(  ~˜ÏÞý+kÊ"00’9Ï®ºuqtt\¹r%¹ŽŽŽ 8q¢¥¥% ±´´tuumݺuu¼z̘1ij8œœüý÷ß“[¹¿=¹ˆÅb‘H$w°I“&=zôÐÖÖVŠ¶„;vp8OOÏ>”¡|¹¥š––VšÚ3fÌ°°°¸uë–«««5o$H$‘H4zôèN:€X,NHH uss{üøqË–-+$íÚµkƒ Šµ³³SºªR©T$¡C#R­ˆD¢ÂÂB™@R÷”n'+eL*•<8,,lüøñ>>>zzz/^Ÿ?oÞ¼‚‚’òÏ?ÿäóùGMM † VXXXé 6ì¹;;ié¼~ INJók—Tú…ZRñ+þþþûöí€ØØX//¯§OŸ®\¹ÒÁÁÁÛÛûòåË>|°µµõðð û%Ó”v8‹‚¼xñbøðáfff­Zµš8qbvvvE%<}útĈÏŸ?ÿßÿþG4§£âââ¼¼¼"""*¤êáÇ †ZQM*Š¯¯ïƒÐ FYØÛÛ³ÙìW¯^À®]»¦Nš0qâDúLÓîÝ»ëéé999mÞ¼™Ì„„„§3flß¾ /^lggg``лwïÈÈHæ[<Ø¥K###__ßcÇŽÑáU¯ÉRÝŸ¤œ1cFjjêÕ«WOž<™pâÄ W=ù®÷4bs¢³;èÂŽMð÷.x ×ÎÖï)í¦âžj[39œ9s†´¹oß¾½pá±"úõëåííݵk×ØØØ‘#G¾}ûvøðáÉÉÉä©ÒgQ¸¸8''§ÌÌÌU«VMŸ>ýÆ:tx÷î]…4ÏÉÉ9qâÄÛ·oííí/^¼LG:t(""¢C‡RõþýûVVV5𓶴´TQQù矪ûE„ÐÐP©TJ|ö„Bá¹sç<==Ï;gcc›7o5j”­­í–-[zõêµlÙ227mjjÚ¶m[ppphÕª•T*íÙ³çÞ½{}}}þùg55µ=züïÿ#¯Ø°aÃøñã---—-[öæÍb„+¥&#HU`î¦OÃLæêê7yòdKKË™3gN™2…DmØ°! @,¯\¹ÒÊÊjÅŠ“&M"Q111Ý»w‰‰>|xzzº‡‡³ã^F»ñ×_y{{‹D"===¦&>|HNNöôôTQQ‘É…ÏÁƒéôGŽY±b…½½}ÇŽCCC‡ FÂß¿ïèèxðàAwww²»N—.]ˆ /‘HÜÝÝ:4räȱcÇž:uªGiiiÌ·¼|ùÒÝÝ=''gáÂ…ðóÏ?ûùùYZZ®\¹R Œ3†üä_¿~}áÂ…ÜÜ\úÁ{÷îÝ¿Ÿ\_¹reíÚµ ,ppp`±XK–,qvvÞ¸qc·nݬ­­×¯_ÿûï¿Wì¿©‡ìÚµK[[{ôèÑ2ál6ÛØؘÅb‘[.—kgg×»wïæ͛ˤÔÓÓëÞ½{¿~ýZµjU×_jb ¤Îòè>ÕÇŽ2òOÚżèÆ‘H”›››•••””$ >|¸qãFº¸jËÙIWWwîܹE]¹rüüüHø… ÀÑÑ‘ÜÏŠ¢È°zPP‰’H$vvve¼ZÆ_hÀ€FFFôTcJJ ŸÏŸ3gNÉËð" ߺu‹¢(777+++:ÊÜÜ|ôèÑUÕÅÅÅÇǧ\åe¨„³EQ666¥Å*…é”BœÆŽ»uëÖ­[·nÙ²ÅÇÇGGGGSS3##ƒ¢¨ ÀÂ… ÉÄqvv¶@ ˜2e -aëÖ­pãÆ ê[g§ýû÷ÀåËÿù(’ªbll,•J³²²444&L˜@ qrrêÖ­UfMFg'¤º){=qv*((hÙ²¥««+=(K~B¡¢(¦¯”¿¿¿žž¹0`€¶¶ö§OŸÈ-iÓÈÐ{Ùíª©©)‹Åº~ýzI…Éîåzaéêêêëë¿ÿžÜ®ZµŠËå/‘¹sçr8œW¯^‘¨ÔÔT·nÝ:ê‹Õ¹sçHÔ‹/Ølöo¿ýF}qvŠ766îÖ­ÛÇI{{û=zÐï X½z5EQaaapÿþ}:ªgÏž}ûöeª—››KnÉÚÜ—/_R%•J[´h1bĈ²3ˆÔLg§7>|øP(&%%eee‰D¢ÊÉÇ'æææÌÛ6mÚ™(ãp–’öwIÄbñÅ‹}||ˆË ˜ššÚÙÙÑgLV‚qãÆœEæÙ·oß*bN¤¤¤ˆÅb777f ¥¥åµk×*­öwß}7gÎœãÇ·oßþèÑ£&&&½{÷®ªÉÉÉ"‘¨E‹•Ö¡BXXXTÈ= a²}ûö &”«««KWã—/_Ór033ãñx2.$eçΙ>d«®´´4"¤}ûötÙõ/11Qé5A* ÙC†G›dÀÌ™3eö“%.yqqqAAAÁÁÁŸ?644¤;ßÉÉÉEõìÙ“NÏáp h™e·«Ì “Ö­[³Ùl¹½íäääË—/{yy™˜˜€‘‘E†ÄbqAAAZZZjj*Ý•§KÛ¶mËìÚÛÛÓ×»wﶰ°HLLüßÿþG:¶{÷îE‹­_¿ÞÀÀ€¬© Kie‹ÅÌ ™Ÿ6›-³;"…k'êb±8??ŸËår¹Ü ™ööö̪ÅäñãÇŽŽŽÑÑÑJRAs¢~B¬ˆ²!‡³|XrÑ9$''“µXe¨Gƒæ‚(‘F¼»¡SÆá,Šòòòž>}êääT­Æÿï¿ÿîܹ3##ƒºV\UcccuuõçÏŸWEÅIHH¨Ž³ˆ“^xx8B–4tìرdÊÿý—Ù‰ŠŠÒ××733#ÿSôFaàéé9xðàjªÉ¢Dˆ?ÆÇé60//o„ B¡ðÞ½{B¡pÍš5ýúõ#ö6íhnll¬££Ãœg‹ˆˆ ·"¬Ê'`þüùqqq{öìa&''»»»—´ó™°Ùl[[Û›7oÒï566^ºté¡C‡ÀÞÞþåË—´Í“’’Ò¼yó]»v‘Û^½z©ªªîرããÇä ÑâââAƒ;wNCCÃËËkÛ¶m3gÎŒŽŽ...&³4ôvRYYY©©©åf Aê͉Ë´iÓš5k¶zõêÔÔÔׯ_oØ°aÑ¢E-[¶Tdfƒ°xñ⨨¨]»våçççääL›6Åb-Z´¨´ô¡¡¡[¿%%%E&MŸ>}ÈIõ®®®ô‰rŠ«ª¢¢Ò¥Kåše¨ýòåK4'jggç   H$’ØØØï¿ÿÞÙÙ™xqèêêÀµk×Þ¼y3þ|•yóæåääìß¿ÿÂ… ‹-âp8îîî]ºtùõ×_ïÞ½›™™¹nݺ›7oŽ7*^“¤†iݺµÏ‘#G""" BCC}||’““íììlmmAXX؇’’’–,YríÚµâââüü|²aѽ{÷þüóϼ¼¼„„„õë×Ó®€UùÌœ9ÓÍÍmÊ”)óæÍ òäÉÞ½{»víJ}Yí]6«V­ÊÈÈØ°aC^^^tt´ŸŸ_pppçÎ`Á‚<oÁ‚iii111S§Nåñxô–P„¶mÛ.X°àèÑ£gÏžUQQÑÑÑY³f ±@OŸ>Ý¡C•:p8œåË—_¹r%**ê»ï¾£÷÷D¤†Ag§K“&MΞ=ëëëkffÆb±x<ÞôéÓ7lØ ¸„ùóçgffN™2eúôé‰DWW7,,¬ŒÃ¹·lÙ"bee%s´6‡Ã3fÌæÍ›ýýý+§j¯^½~úé'ÅsQ.rÕ633{ÿþýëׯќ¨X,Ö±cÇ|||œ9ŽD"quu %±ÎÎÎ]»v7oÞË—/ÿý÷cÇŽMœ8ÑÀÀ€ÃáH¥Ò%K–}¢àĉß}÷éµðx¼ÀÀ@â­^ÑšŒ 5ÏöíÛ'OžìááÁb±ÈŠˆ²úÇ\»v­®®.‹Å1bÄ¥K—†jnnž½páÂW¯^Íš5‹¬À&§+Uù°X¬þùgÅŠüñÇo¿ýF=<<öîÝ[r1FI† ¶eË–eË–‘c+MMM9BÖ/YXXœ>}zìرÄ)ÑØØ8$$¤är¸Õ«W‡„„LŸ>½{÷î‹/~üøèÑ#‡Ó±cG™VT"‘…B²‡ÃçósrrÎœ9ÃLFë‘Q!ƒ($RƵD6MQ1ˆòt) DùPXTÓzV+hNÈÂtsâp8ä¯LCCC“ÂÂB±XLŒ ‚âæD\\œ‰‰‰R®ƒ¢H‰q8¥H«ƒ¬(Ò‡#> {~\.è¿ÆÆÆl6[,Ó}>ò¬D"Q|·¾—UÙ`½bRZ½*Ù éééc½* ¬WŠƒe¥8dƒfÍšU]ZÌ`EE‘ŸÏçr¹|>¿dÿŠîw1]ž”¢-R­ 9ñ ôh±9—Ë-YÝy<ž@ àr¹b±˜ÏçI¿ à‹8Ž@ PŠÎuP]ŒJ‘V3X!Q2£ÈÀ˜û¢J‹¥¦¦Æf³)Š¢§¹*1Š\ß˪l°^1)­^ñù|™”|>_ `½* ¬WŠƒe¥8Ÿ?uuu,+û <Ëår¹\UUUWR&éwÑÓ€;âÔÐœø Ó– ÿÒƒLx<ù ˆÅb±XÌf³É§ºBæ„šššRÔ®ƒ¢˜]äªK«ƒ¬´(ºÛÇúv/mRV,‹öHIÉéÒêѪ¾ˆÂzUÆSð¥^©¨¨ÈĪ¨¨ðù|¬W¥õJq°¬‡ö|>ËŠ@÷¬hs‚îJ1¡û]2.OõË¢HdýîÖWÐœøf÷Ž®ÇÄ…‰ŠŠŠºº:‡Ã!æ—Ëe*+‡ÃÑÐÐPŠÎuP]†J‘V3XQQd˜¢(zëa¹³$ ]‘¤R) Q¼meUX¯d[¯äÎN¨««c½* ¬WŠƒe¥8¤Ÿ­¦¦†eE ?|***Äœàóù%‡?¸\nÉá¶úeKÀ€ñµ­Aƒæ„|hg'RïebUUU555ù|¾D"!EEÍ ¥¨ZE‘Î ›ÍVŠ´:˜ÁŠŠ¢»}ÌÆQÆœÐÒÒ"ièQd™§”®U½…õJ¹õJ]]]&™ººº––Ö«ÒÀz¥8XVŠóéÓ'ÐÔÔIJ"0‡h‰;Ç+yP4—Ë% µån„S_˜ím¬¾ 9aWjI›͉o '%ˆ÷ùè–\;¡®®®­­]TTÄ\„M/sT„Ð4”~rd ý6¦µIäX_ŽJd³ÙZZZtx*Q«z' ë• rëUIß555¬W¥õJq°¬çÇ€æz»zA6Ç+9üAã’4õô<»½À³Ç7!Y9hN4JH?x”´‰±A, bN©‰’ó¥!×'¡rÔMQ¥H«›¬(ºßVF›¨¢¢"SÓyª*ZÕGQ¬W¹5DîÚ f Ö«ÒÀz¥8XVåB~tdåRÕ¥ÕÁ VTs¸–Ø r·ºa3¨wVDcÍ Y˜†H¥R¹;;©««+‚ž =’y —ËÕÔÔTŠÂuP=‚¥iu0ƒÅb±È¦œô-Œ²d؆öH!é‰ÕŠõ °^}Kiõª¤ó€ªª*qv¬WòÀz¥8XVŠChhh`Y½Ê‹ž v…ܘóhTÔÐœøb=Ó¶=1'“ŒÇ㑱d’’Þ§BK±K~õ+GUFϦÔÁ VB)Úæ¤(JMMÜ’Xzq?] É—[ñJU ­ê—(¬W%‘[¯dÒ¨©©©¨¨`½* ¬WŠƒe¥8¤£,wy@%¨ƒ¬¨(ºOEÏ<”fN0×6`sâQlÝ÷MHKèÙ­–´©2hN|ëËNtˆÜ<‹ÅãñȤ„X,®„9Á’·aT¥u®ƒ¢J‘V73X!QtkÈô3¡;v²V‡lèYÚSÊÕª>Š"`½¢“ f)ùéÅz¥ X¯˪\8_Žüò¢ÓùÞÉ݈_fÁ*i¦êïšì2¸v®Ýþ&dÒ(4'¬/kd¥RiÉzœššúìÙ3bE0ÃVüÜ ‘HôâÅ ¥¨ZE“¿J‘V3XQQ%½àè[º¬âããé‘¿²ŸU–VõNÖ+äÖ«ôôt™déééÏŸ?ÇzUX¯ËJqRSSÉ_¥t…ë`+*Š.ãd RJ%“Õ¯µ~#ÀoÄ×c†Á˜arÒ¬Ykþw­£ TZ éVcTà‹ÒH ¤£×E\¼xqäÈ‘µ­‚ ‚ HC&44ÔÓÓ“^\A¯ Pâ+bbb£££”(¶‘ƒ³ß@ïÅNŸ#!ãÂô÷ßÛØØÔž‚‚ ‚ ¡PèëëK®©o¡}Õ—™ŠF šßÀ<鉄i : š³‚ ‚ J‡tºÈò £¢¶UCÊ¢®n©:´EA;>Õ¶F‚ ‚ ºß%3¶‹ÔqpvB™…b±Xñ³®AAÊAú]´ƒSÃÞ+¶!æÄ7i5Úœ‹ÅÅÅÅhN ‚ ‚T7‰¤¸¸˜õå´;zíDmë…”:;ɇiT ³‚ ‚ HuC÷»d«IÞ€×okåÍõ˜ÆdNDße_%Âî_aÞ8X=N‡ÐÁ¤6§¢¢¢ÕAA¤ñQTTDº^¤Vó H¥Ð{D?(,%Ì^YþS¢ÏŸ5Ù[¬ù7–M£1'( ~[§Ž|ø4¹ÀoëàMœ> ³F±fù2‘SêpvAA¤º!Vs›Mz×þšQ`Ç!àpÀ³Ç·¢|(T Ë~í6XwaBujVÛo,›F`NÄÿ ›VÁ NpíœlÔÚÐD"ãáðxAùLb‡cE^"ÕWò4'AAª™ÞW ïï$ú k6é5ó¶E#0'^½„û7A]šê}.Cì}:šèp¹0a°ܦ·:Ƶ‚ ‚ 5ƒÌÚ‰^>qøÂÐ~òc}¦AèY= }FµŒš™Ù!§áû_f,‡íÿKü FL+7ð ;2n.>g.CpêÄÆ×XHI‡e?ƒ£'8õƒïf¦åÊ‘ûÆÚ¥ììÔgô0ÃîÝøž÷ f.ƒ~C¿†¤$¥Ý„iHÔ–÷‚ ‚ H£‚îzÕŠEq?¬,€Ç“{å&<~¹Ÿ`æøœA» 9 îœS#hk ÑOÁ¡´jÃÀ &†´L˜¹<†ÿq’Ràöplzºðö=\ˆ€~c@¿ŒQaí¯ ­ ¦”%§äkF`N”†N˜³âëmVý@ihJ¾ôæN¸C‚ 4E¥¥¥¥§§ššš²Ù`ŽA¤F¨Ý®×!´6/+Áë· Œ„fMØ,øy+@׎ðî:¾`× aö*p¶‡ÿr`†u+˜µNëV·îCÄqèÞàêM€v6²ý¿Ä¶îpã.,˜R–™7ÖðC@Qpü ôi™i’í¡`dʬÄ5?׆ HåÌ™3­Zµ233ëÒ¥‹¹¹¹……Åž={j[©²èÝ»·@ صkWÙÉæÏŸokk+7êöíÛl6ûÉ“'Õ ‚ È7Ètºj²FQ÷¼sbpßÿl °k)$¥Ê¦yI©à;òDð)>å§;Àňÿ¸uúÏ– ñÿè“úÚÛ‹$…äÔ)½9‘œÞ]a¡?ô Bʵ' –9Ï®vuD¤.pïÞ½aÆY[[_¾|966öÔ©Sfff“'O>pà@m«&Ÿ„„„+W®ìß¿¿ÜÄe|¶qHAš¡N$§‚(Z˜”•F·É×kž €X,›†3W€–Íÿ,ÝÞ}ø/A{›rÄ™åÊ©S4bg'ˆ¹ £{ƒyk{퀢èzÁ¬Çxº;‚ °cÇwäÈ‘¦M›€ÝÀMMM·oß>~üøÚÖNPWWŸ:ujPPPbb¢……Emk„ Rt«æÍ òæÌœ²Ò(âܪ)8ø+xt•®¸ØJÈ©E÷ìļq``§nC;:Œb@/ªE©#¼zõJSS“ÏçÓ!góæÍ}úô¡CBBBºwﮧ§çää´yófznsË–-þþþt²OŸ>yyy]¼x„B¡——W||üúõëmmmÅb1üûᅢ 222òððؼyóû÷ïégÿúë¯^½zY[[ûùùݽ{·4m¥RéÁƒ‡:yòd8|ø03V$vîܹÿþ{öì‘ùl8pÀËË«S§N‹/ÎÍÍ¥ÃwíÚ5uêÔ„„„‰'”­ONNNPP›››……Å°aÃâããiÅŽ;6zôhSSSww÷£G–Sî‚4daפQaÜÔUáù˪Êikðð ˜ý÷/ï3L˜_á3"”%§fhÄæDÚ+HŠ‡ÎîðO0„ì…½ÔÑ=¬cûXO¢k[3Aê"ÎÎÎÙÙÙ&L¸{÷.m'Œ=zݺuäzóæÍ£F²µµÝ²eK¯^½–-[FÏZ=''§GgÏž•«íÕ«WSRRüüüÚ´iÓ¾}ûC‡ÑQb±¸gÏžÛ¶msuuµ°°˜={vpp0»aÆ &¨©© 0 44t„ t”P(|( ³²²rssE"Qaa!}T¶²^'·;÷Óï”ÀòëmAÆT@à·ºm©Å?~=ucêñ¿EQÅÅT×ÁS³WRE½{O ›L1Å2¦À˜êùõìÅO™v¤f.ÿ*äÊ Œ©û¾†Œ™EY»ýw]†™7Ö:Éœ(‰DRXX(‰Ðœ@¤4^¼x±uëÖQ£FéëëÇ#æÐÐPøçŸè”ÉÉÉ°iÓ&Jsâ?þ QÅÅÅ\.wüøñtb‘Ht÷îÝ?.X°€Çã%''ü¦M›€¶ChrssÕÔÔ.\Hn_¾| 3fÌ ·ƒ âóù"‘ˆN?zôhbNIŒàà`:ŠLÐæ‡ÃÉÈÈ QeèóáÃUUU“}ûöɨ7xð`X±bÅ“'Od\i„Ôs"3›â™S×nURrV•Ÿÿõ6%ºtzò¬’Ò‘#óÆZ¤;;!‚TœÖ­[Ïœ93888##ãܹs†††³gÏÎÊÊ"]önݺÑ)ÍÌÌx<ñh’¡ä~qíÛ·'©©©b±ØÎÎŽŽRWWwqqÑÔÔ|ñâEQQ‘¹¹¹ÖàíÛ·2ÒBBBòóó÷ìÙcdddddÔ­[7‹R\\ ‰‰‰;wVWW§Ó“‹ÄÄDèÙ³'eddÄ”¬««khhH®ËÐG[[ûüùó-[¶ô÷÷744´··ÿå—_È:´Ý»w7.((¨}ûö†††S§NMOO/¯ÔAªæú0kü±¯’èªê×[S#èÓÚ•ØÇ©¢”!GæµHãÞÙ AD1222ÜÝÝ—.]:iÒ$Âáp¼¼¼.\8gÎœØØX ÈÊÊ"û>Á—Þ¶LwœðÿìÝwX×Úðw¶Rv©RD1"± vì£b¹Ø1$¶X£Ñ4ÛM¾¨Ñ«ÆD½WõÆÆ…„V¬(JPDA©vw¾?ŽŽÃ°° ¼¿ÇÇg™™}çœÃóî)“‘‘Q݉Œ€t_ …âùóçfffR©ôöíÛ|>Ÿý;;;• »wïvqqY¸p!³%))iÇŽ‘‘‘#GŽ”J¥*INbb"y!‘HàÉ“'¤ï…½KöòôéÓçܹsYYY111¿ýöÛ’%K ŲeËlllöìÙ³uëÖsçÎqwrròðð€˜˜fÅôþû…ųgÏè7³ µÜ=ÛÛÛÛÚÚÆÆÆ2[~úé'[[Û¼¼|xdd¤©©iPPÐÖ­[ÃÃÃH· Bé—ÄŽý ²r}—£±Át!„jFQÔêÕ«Ïœ9rõêÕ´´´-[¶¬^½ºK—.íÛ· ìܹsDDÄõë× Ebbâš5k:wîLùûûOŸ>ýÎ;GŽùòË/µ<ÐfùòåW¯^ݾ}ûóçÏ;¶aÆÀÀÀÖ­[‡……µhÑbõêÕYYY6lX¼xqÛ¶myU-ß½{7EQ“&Mbo´°°8pà©S§ /^,æÍ›÷äÉ“—/_®X±‚|5`ÀÿˆˆˆøøøòòòãÇ“Õl5ÒR??¿k×®}ýõ×ååår¹üÔ©S;w …_|ñéyðàÁ‰':uê$ ëòÝA!]ñó‚Îô]ˆFGß“7 NÅFi¡P(Ö¯_/•J™_"‘hâĉϟ?'dddtéÒHwA@@3kY&“9’¼«cÇŽÇŽãóùì©Øqqq̉ärùòåË™$¡wïÞOž|ø0×DQT¿~ýV®\I¦bÓ4ýàÁ2sƒ¢(›C‡k*¶­­-;¦–òüôÓOb±˜Ïç“á[cÆŒ!ëA%%%999Á›U®®®‰‰‰uûÎ „1ÙŠj¢ö¡ƒ†L©TÊß(+++++#ÙELL̲eËÈ1 ¾¾¾Úã „š°’’’¿ÿþ;++«E‹ÌL ‚¦éû÷ï?zôÈÍÍÍÑÑQå½OŸ>-,,l׮ǥ¦¦ÚÙÙ©Ä‘ËåwîÜÉÏÏïر£½½}]*’кukõ§e+ŠäääÊÊJŸû ´”§  àîÝ»¯^½ruuuqqa¶———'''çää888xyya×BͼíFj IDATÙÍ›7ýüüÈë7öïßßÔÔT$™˜˜ Þàqy$5çÓáíœnáTl„z‰Äßßßßß_ã^Š¢\]]]]]5îmÑ¢E‹-¸ŸˆÌ»P!Øë>ÕšD"éÕ«—Æ]|>ßÇLJc-å±±±±±±Qß.‹«k@„Ò»ÊJ°ô€ŒƒŸÖUÙ~÷t_/…³uv®K×áƒQøgãžüs'B!„z«´ Ê+T7*•PZº^9¢ Ât!„B!TK˜N „B!ôζÿú·ž0e\y;¥ò `Ý&zÃÌÅpäT•wí9 A“¡ë0Xú ½¬²«è%ÌûüÁûA°ø+xQøz{ê}š i`í&èÐäòz®Ø;Ât!„B¡*”JP(Tÿ±Í^ }&F0w*ä?…>ãàÔ›'M†~/X4 žÁ¸°·ņ-ºŒ`h?8| Bß>n^‚ß`Ø{zw‡Qƒáh$tyE/!*f-/¿‡vNPýJãúS±B!„ªâ×Cðë¡j÷^¼;÷CÄX0 `Þ è?Vn„aý!+î?„?ÁÐþSƒ¡•?Ä^‚àaðô9|ýL¶|ö Œ˜ÿ{óàÐ/#àÑcxmZ„Ž—عVÍ}@Q1d^{Ûz«sma:B!„P=üaJp•-Ù¹ðõ¯_‹‘FAqÉë-CúÂ’o 7àåߥ¯àÑc¸z ^É^O쎊…W29èõ[˜=ém:q,{€¥ùë˜æfÐÙ¢ãÞ¦3'b.˜N°QEQÇ£Ôè»h!„BMœú sWÖð…éà aSªlIùûm:q/**Á©›ê»ž½{[8z¶ì†¸xàQàãÂ7·Û2ú¼=ÞÁîõ ™ ç@V˜¹W-ëIE^UwL'j€¹B!„PÃh,÷]fRšÂí¿€_u² ܾ Ás`Òh¸ñ?ðp##péñz¶ƒÄàI.ؾyQâ×/D"‰`ä@ø¿ÕU í:NÅ֌ɉ¡ñ\Ù!„B¹ãÒcwží¡¸ç@k‡×ÿNÿá+χ½GÀض­?/02‚…ð0 h £@쥷qÎ\|ý‚ǃí൷[µ„åëáßG¼nïÓ TzÙtõ\w„B!TrÓÕ(F›‡M–°ú;Èʆ‚g°a ,þÚ¶:w‚2œøÊËáÚ-öàñ ¸hô/ˆØ ñ7 ¼ŽGCôÙ·1?_Ùy°a ””BÂm˜2üÝüôWIÎCŠþ0ƒö˜-©©©z,B!„PS¾³R¿ï2X–pj„| mº ÁÜ©°aÀèÁ0b„.„©óÁÔ6®„¡ýàóoaÞç°ù8¼FÍ€#haÛ7‡a¯cŽ߯†à³ @8¶„}[ gW=Ö’+L'4c.h•Þ‰=– !„B¨©RéÐW1„B kØîéVe{W?øûÜIƒügÐÑííšKB!ÿò ;¼;Ÿ05¤€¶m ! ’S¡R>ªçZ8fL„[)ÀçÃûÞ ¿=—Æ"L'T±‡9ñù|ò¿Ê1cÆŒ±³³«¨¨P(J¥R¡P(•JšŒŒã >>¾{÷î:)°†ŠŒŒ”ÉdFFFC† 1œRf(l+î°­¸ÈÍͽté{K=ìííõ[*C…×wØVÜž9s¦oß¾†S*=†bßV‰D">Ÿ/‰òòòŽ;Æ>Œ¹ï2„¤‚ ¼=4ï²³;›·_¶vxûšÏÏjcšI¡—Ú‚QÓ‰*ÈUËtJðù|@ žN8888;;Ëd2¹\.—ËIFAp<Ñ­[·œœœtRf %Èÿ:‰f€Ôa(l+î°­jÇÞÞ¾Ž1 ³‚x]5|(l+îòóóÀÁÁÁÖV 0À ¾k(Þ"‘H ###õû+澋É(WÄi 0x‹K0ÿóù|õëX$‰D" éÇ#]ÜÓ >Ÿoll¬“b`(¦%uÍ+¨ÃPØVÜa[qA~5©l©cLƒª ÎCáuŶwb±˜ümE0wVL:ÁÜJ±1÷]ì;1ÀŒÂàa:QÓ­Æ~xŠ@mÉ_¡PhbbÂçóI:!H.Á}°ŸÏ755ÕI™ 0Ó†:‰f€Ôa(l+î°­¸022RßRǘUA‡ÂëŠ;l+îÈ}¶±±1¶ÁÜS …B’NˆÅb¡P¨r˜@ PytáwB€éDu˜ÁNäºWÙkdd$•JÅb±B¡ Å»¦B¡P'ã) 3™¼ÎãñtÍ+¨ÃPØVÜa[q!‘HÔ·Ô1¦AUPç¡ðºâÛŠ»ââbJ¥ØVû#Z2œI$©ü!„B!3ØI'åD Ó‰*Ø“°IŠLÓ´úØ>sss2› iš¦i…BÁñDMàWƒø'‡;l+î°­¸Pÿ°ÐÔÔÓ -ðºâÛŠ»ÂÂBÀt‚… a"c™‘Hdbb¢~ùWeB¶N ÜØ=ÎkKÐÑP5ÃtB3’TÐ4­ñ1v$Ù ™I'Hׄz?Fux<ž˜Yý«n 3¡“h†YAl+½„"°­´P<  ëÓ *X¡¼®¸Ã¶ªùI¬ûOa€|×PìkIž q©‹¾²ˆ¢—ÐÊ>™ëW4Ðïg€¥X[|´¢âàA¼†Ã~;§ÃÎo¨TïÓ UìD”J¥úåNRj’E0½J¥’ôfp9‹@ J¥:)°†b>ÁÒI4¬ Ca[q‡mÅ…ú§}&&&uŒiPÔy(¼®¸Ã¶âŽôšššb[¹;bV¸aVƒUŸŠÍô]¨LÅnH4 ¥eP^Ñpgôê‹çÀ×K_Ÿ½ºÉþÎÝáâ5èÜpeãÓ‰*HöÌäLÇœÊa"‘H(’¬ƒ¬K¿ÁñD|>_}È`í`(fú”N¢`u ÛŠ;l+.4öNÔ1¦AUPç¡ðºâÛŠ;r£¬qz@-`ß5û¡^L^¡1 XôØGa€LŒaV,X×"õ]5˜NTAQ”ÊŒj>Ÿ¯ž$P%‰H§„\.¯E:¡qÁ¨Z—ÙC:‰f˜ĶÒK(ÛJ‹êÖq¯KLƒª`}„"ðºâÛªFä'±î?}„Vð]C±327UãBü*VÉm•¡Íɾž~‚¤»àòŒ ³'¿Þ>> ‚‡ìød>ߎñ´´{½÷î=ø*þN‡îþ6~=}À¯#ÌX pà8¤?‚ý?½>øF|¿.'@[GXú ìýz{Èhøf\¸ tiÈ× Ó ÍÈJ¥Rý:ÎÊʺ{÷.É"HRA¶sîDiié½{÷tRT UYYIþ×I4¬ Ca[q‡mÅEvv¶ú–:Æ4¨ ê<^WÜa[q—••Eþ×É­°Vð]C1í@±ž,AZIý0Cž}:ÆÌç60s"<Îð•p= vü௠tŠŠ!<^•AÄNxø.ŸHº£ m1ââ¡çP(ÀÖÞ‡ž] æ<8:@Wßקxö‚&C¯n0~lÿŒ˜wã m׶ ÀñhƒK'€FU‘µ_+**d2YiiéË—/>¬ïïB!„Pwøðá—/_––––••UTTÈårfñL]IHH€„„„êxQHC+závÉdtÛntÀHš•²åWZÑ©÷iš¦­=ikOºàÙë]«6Ò|Gº¬Œ¦izð$Ú¹;]ôòõ®¦¡½~óë/œéU_¿[FC+ú¿ÿ{ýeÒZÑ~[÷^´ïÀw®u}ÃÞ‰*hš&Ù0ýæ9sÀþýûÝÝÝõW@„B¡¦#555$$„¼V¹Ief´HOÅ­ÈÈ‚ÅaPRúzË ÞÑqàæ0b ´°z½ËÛJÈÈ‚öÎs̳7×çL†…_T{‘F |ýºƒ+Àßéo÷º¹À¹+ºªÎ`:Q“<ЬñKì!Lîîî¾¾¾šßŒB!„j‹Üt‘é*I…¾‹p/ |%„¯¬²ýyáëd±WB$Ë!+ä hïüv—X\åHö6À ‘€`?ÕÌù=8Sû*ÔL'4`2 ÒAÁ}FB!„ª澋*b ‰!•ìý{hØgʘIròßnyY OŸW{õ ì…~ žË{\ Ü` k²¼! ß¬ýJ(AÆíé»P!„BMsßE–ÍTYlSï<Ûܸ ­^ÿ+y¡ !õ¾¶wYY‚•üyîí–˜óPëZÝÞµ}s½ÁÞ‰*H·“NÈåòÊÊJL'B!„ê›B¡¨¬¬džvÇÌhø’ÜJ-¿VÙâá }?€ñÃaß15ºùÁÉøæG(}Þjˆ¶t.¬Ü­€Ù“áî=˜¿x¬N—Vpã6ÌŸ••Û6¨žQÉ*ÌáSà`ƒûÔªbõ©ÙÌ iøñkø}ŸêöÐa0c$ä>†+ç`Ù,jÙlf ø„½!„B €|’Ë^f“Yµ_ßE«ÂÑôª’Kh7t*ôðfÒöÏûðaMJÀªúµžš†Í¿Âç @,®E‘ëW3èH»ÇÀÙhHº¶-«ì:ø \9 cÁ¯(•ôÿ­¡þõOX¾–H™® L'B!„s÷EQûã]}—«®¦}†A»èß22ᯠ°m=X˜¿[ãÑ ÁìIõSĺiéÄ£t¸vLLÁÊFu×_Áðñà× €ÇƒY‹vPZL›J˜9Ù˜N „B5æ¾Ë0;%j-xÜ»ž‡+ г+|¾>èòÎA¤Ø·EóZ´z× Ò‰ÃaÀp€ÆÃÕóo·ËÊàI&ôYáêyP*¡KOzâLZ¡ årö+;!„BÕ7æÖ«)eOŸ>ýý÷ßG6¥EØ”ÚÇé÷îʤkÍ ¨Î£t.ÃüÉ AÙ+ (Þâ¯3ýÌâNMàRF!„2pMòÖ+++kÖ¬Yþþþ-Z´ÐwYê‹Av™4ŒŒ{{¶À¦}øR‹aÀÞ†ÔÍ+싸idÆ!ÌÌÌ$oH¥R//¯ÐÐÐ[·jZ«¯&¥¥¥iiiÌ¢pmÚ´Y¶l™AÔ¨ÿþ‰dçÎÚ»téÇ»}û¶Æ½­[·^½zµÎˆjTnºð¬±hÆé„@0p$  "Ã'+) xÿµçÙ鹨¡úQZZÚ¡C‡µk×®]»võêÕ]ºt‰ŽŽ8|øp]ÂÆÆƺ¹¹¥¦¦’/ÚµkgPÕÝ¿ÿ¯¿þ’Éd»wï®ñ`-ãñ#„P­5ɉÍA3ìÔª @×^o·´÷¤y|ªð9Tý‹HQ”†·#„šww÷ùóç3_æååMŸ>=00PWÓÐIœú {öì111™3gNDDăœu~ „ÒŽ¹ãÂt¢qiƽï¹€Ä þ:ývK|¥T(]=è7˜É@ú+%B¨AÙÙÙmܸ±¤¤dóæÍÌÆíÛ·÷ë×ÏÍÍmÊ”)W®\a¶çççGDDôìÙÓÙÙy̘1iiipðàÁ5kÖÀG}´mÛ6˜6mÚ¯¿þ ‰‰‰AAA™™™+V¬ðóóó÷÷_³f ó'“¦éÝ»wO˜0ÁÅÅeÔ¨Qß}÷]qq±ö€ “É–.]êíímgg׿ÿsçΑíÚÏ¥B©TîÝ»wôèÑ3g΀ÿüç?*ìÙ³'((¨k×®K—.-**bïJLLœkÖ,²ñúõëÁÁÁíÛ· Ú±c»‡š8q¢££cïÞ½ûí7f×7/^ìææÖ©S§Å‹Ëd2­ß@„P#¦2 “ŠÆ¢§&¦¶Îÿ ë—ÃÃt8}¾ù”¶o-ö¡¾K†Ò§˜™™1wƳgÏþè£LLLæΛŸŸß§OŸS§NMÓƒ Ú±cÇøñã§M›–ššÚ¥K—ÒÒRGGGOOOðõõuqq€“'O&&&À³gÏ¢¢¢?yòdgg篾ú*""‚œhÆ ³fÍ’Ëå«V­jß¾ýÊ•+g̘Z*•Ê¾}ûþòË/!!!ëׯ766îÓ§ÏÿûßÏ¥âÌ™3™™™S¦Lñðððòòú÷¿ÿÍÞ»aÆÐÐPccã¡C‡>|844”ÙuóæÍ^½zݼysìرOž< |ñâÙ•šš9hРÈÈHwww8}út@@@JJÊÌ™3]]]ÃÃÃgÏžM^¿~ý”)S\]]W­Z%‘H&MšDjqûöí=zddd,_¾¼k×®¿üòËôéÓëþ-F5˜T4tó1÷CÚ¿e•-ååôWŸÒŽí´#(;TÜN(---**ÊÍÍÍÈÈHMM½qãÆÆ™æJHHÐSéBºÇãñ&Ož¬¾ÝÃãC‡4M_¸p"""Èv…BèííMÓ4é‹Øºu+ÙUPPÐ¥K—sçÎÑ4}òäIHLL$»¬­­çÏŸOÓô_ýãÆc>{sww5jy8cÆ ¦ Ó¦M³±±!¯« Hæ9üùçŸìâµjÕJ©Tj?—ŠI“&µlÙR.—Ó4½víZˆgêebb2aÂòeeeePP$%%Ñ4=tèPssóââb²—t8¬ZµŠ¦éE‹À§Ÿ~Z^^NÓ´L&kÛ¶m@@Sž-[¶@jj*MÓ>>>}úôaÊ3kÖ¬Õ«WÓ4ýÍ7ßP•——G¶ÿöÛo½{÷®¬¬ÔX „Pc”ÀÜemܸñÆ©©©<ÈÍÍ-***---//g•­«Ó5äí\ß±á5§Þ‰­ázv•-"|þ$=…Cqp6þ#‰n逸Â!„ ˆ‘‘‘­­-;vL$=º¸¸¸¸¸¸´´tÈ!III¹¹¹¶¶¶FFFëÖ­Û½{wnnn‹-®\¹Ò³gσO›6ìååuïÞ=òúÌ™3?ÿü³B¡xôèQLLLBBByy¹öP§OŸ655íÝ»7ù’Çã=yò$33Sû¹Ø^¾|yìر>Ÿ&L¦ƒ"**êÕ«W#GŽ$_ ¦K¡¬¬,22²_¿~‰„l™>}ºX,f"óùüO?ýT$À­[·222BBBJJJHc4¢££à½÷Þ‹‹‹[µjUrr2MÓ;vìøòË/Évš¦§NSVV6~üø¸¸8 ÏúC!ÃӜ҉êXXA·ÞÐÖÕ@Ÿ4ˆjXr¹<##£sçÎpïÞ½ŠŠ '''³7–,YÏž=377ÿßÿþ׶mÛiÓ¦µlÙÒÇÇç»ï¾ã2ÕÊÚÚšy-‰är9yMF™™™999M:•YV‹ôôônݺ …Bf‹««+<~üXû¹Øø€¢¨ƒVVVÀƒ oß¾ÌñäÅÇišfïâóùvvv욶lÙ’¼&™Lxx8Ó’¤¨ÏŸ?€ŸþyêÔ©^^^-[¶œ3gΓ'O`òäÉÿüç?SSS `eetæÌ™›!„PCÂÏxB¨ŠÈÈÈ/^téÒÌÌ̤RéíÛ·É'÷ rÓܧOŸsçÎeeeÅÄÄüöÛoK–,Q(5>‚WÍ'ÁÁÁJ¥òèÑ£]ºt±²²Z±bÅÖ­[µ‡’H$999ì-)))ààà‘‘¡å\l»wïvqqY¸p!³%))iÇŽ‘‘‘#GŽ$=OžþœÉdTƒ÷îݨ¾ÝÆÆfÏž=[·n=wîÜÉ“'÷ìÙsãÆ 2}eÉ’%‹/NHHˆŽŽþå—_œ””D&c „2øy}:<<œÏç_¼xqàÀÅÅÅŽŽŽÓ¦M‹ŠŠrvvf¯ûôN®^½šššúÅ_ <ØÊÊ Ø㉫ãááqçÎvFokkÛ¦MŽçMKK»téÒŒ3ÂY6nÜ(‰Èx§Ž;@ll,ó¦ U«Vì]qqqÕõÏÙä7nÜ`Z²¤¤$44455µ²²røðá‘‘‘¦¦¦AAA[·n OHH¨¬¬\·nݲeË(Šò÷÷ÿì³Ï8PYYY÷ç "„Ò!L'BÍZzzú/¿üòË/¿ìܹóóÏ?÷÷÷ÏÈÈ8qâ&Ö¢E‹Õ«WgeelØ°añâÅmÛ¶åñx~~~×®]ûúë¯ËËËårù©S§˜!Rä½±±±OŸ>åXŒ:H$’Ó§Ofdd,[¶,66¶²²²¬¬LKÀ…  … äçç“'ÐEEE-^¼X¥/E‹Ý»wS5iÒ$öF ‹ž:uª°°pÀ€þþþñññåååÇ'³€¢¨eË–]½zõ§Ÿ~*))¹ÿþÚµkÙ#¯ØÚµk7~üø}ûöÅÅÅÉd²Ã‡?þáÇÞÞÞB¡ÐÂÂâ‹/¾ =<8qâD§N„BaÇŽ7mÚô×_Ñ4]TT´{÷n>Ÿïëë˱v!eeeëÞصkìÚµk ùM‹jO¯Á ‹B¡(//Ç•j>TÆuìØqÞ¼y—/_fsùòeòL7Š¢Äbñ‚ d2ÙõÓO?‰Åb>Ÿoll cÆŒ!«UVVöèÑ>ùäZme§k×®1Á'MšäææF^ÿðÃVVV<Ïç?>66ÖÂÂÂÖÖVK@š¦ÿûßÿZZZŸÏ§(jùòåd&íç" EëÖ­{÷î­Þ2{÷î€;vÐ4ýàÁoooÒ666‡‚7+;UTT„……‘]E}ûí·¾¾¾ÌÊN¤ðŒçÏŸ3Þ<©ªoß¾wïÞ%»’’’œœœ€Œ­ruu%ËXÉåò¡C‡€‰‰ Ç311a–ÒB5 ³²S§N@ µo@§NtR‘ê4‡•(—ò}C©TÊß(+++++#ÙELL 3:!!?C¨¹‘ËåwîÜÉÏÏïر£½½={WAAÁÝ»w_½zåêêJ ÁÈËË377722â~¢ŠŠŠ„„OOO2£ ¸¸øÅ‹Ìȥꖕ•Ý¾}»¢¢ÂÛÛÛÌ̬65¬‰B¡HNN®¬¬ôññQïxüøqzzº……E¡²²²RSS[¶lI†Q1ÊËË“““srr¼¼¼ØgIKKKOO755íر# †j2nÞ¼éççG^oܸ±ÿþ¦¦¦"‘ÈÄÄÄØؘ¹ïç2L‹Í›7“OaT¶Sõã?~òÉ'u ®©`ӾĩØ!T@@>žWgccccc£q{#ŽD"Q·nݘ/¥R)É+´466&ÇëŸÏ÷ññ©n/™ Á1”££££££úv±Xìïï¯ñ-íÛ·oß¾=Çø!¤.$$dÑ¢Eê«Ûñùü½©)Á¹!„B¨)³¶¶6l˜Ê¼2>Ÿ?lØ0ö‚Ú¨v0@!„BMÜôéÓ {‹B¡˜>}º¾ÊÓ”`:B!„š¸   •ÉWäá˜ú*OS‚éB!„jâAhh(YÍIýKT˜N „B¡¦/44”™-—ËCCCõZœ¦Ó „B!Ôôyyyy{{“çäx{{{yyé»DM¦o‘Ë‹ÇãQjô]4„B¡&NýŒ¹+ÓÕ)fÎœ©òÕ¦5À\!„B¨aÔ÷}WHHŸÏÇÇMèN@ьɉ3 „B¡úGî¸tÞ#ÁF@A^ÔGüæ Ó TzÙêø\w„B!T#rÓUߣÍñY:‡é„6Ì =fKjjª˃B!Ô”°ï¬Ôï»………wîÜÑÉÍÍÍàÒ¥KÚ“J¥8W›#L'4c.h•Þ i‡B!TTz'Ø»>ûì³mÛ¶5pyrssíììø¤¦ªØÃœø|>ù_å˜1cÆØÙÙUTT(ŠŠŠ ¥R©P(”J%MÓÏß½{wØCEFFÊd2##£!C†N© 3¶wØV\äææª|äÖ£G{{{ý–ÊCáuŶw………gÎœéÛ·¯………áñ q IDAT”J¡Ø·U"‘ˆÏç‹D¢¼¼¼cÇŽ±cî»Ô“Šˆˆˆyóæé¤äI$Ì%8Ât¢ rÕ2|>_ ¨§ÎÎÎ2™L.—Ëår’QOtëÖ-'''”ÙC‘gL D3À ê0¶wØVµcoo_ǘ†YA¼®>¶wùùùààà`kk[÷hXÁw Å{C$ @`dd¤~ÅÜw1¼¹7‹Åîîî:)9Ò9L'ÞbçÌÿ|>_} ŸH$‰D@Ò Gº&¸§|>ßØØX'Å6ÀPLKê$šVP‡¡°­¸Ã¶â‚üjRÙRǘUA‡ÂëŠ;l+îÄb1ùÛŠ`t‚¹•bcî»Øwb€klŸOÒ @@r îƒø|¾©©©NÊl€¡˜6ÔI4¬ Ca[q‡mÅ…‘‘‘ú–:Æ4¨ ê<^WÜa[qGî³±­æžJ(’tB, …B•ÃÊ£ëêo}'¤C˜NhÆ v"×½Ê^###©T*‹ É(Þ5 …:Oi˜¡Èäu§“hXA†Â¶âÛŠ ‰D¢¾¥Ž1 ª‚:…×wØVÜ€T*Ŷ"ØÑ’áL"‘Hýã@  ™ÁN:)'j˜NTÁž„MRdš¦ÕÇö™˜˜˜››“©ØMÓ4M+ Ž'j¿´À?9Üa[q‡mÅ…ú‡…¦¦¦˜Nh×wØVÜB“N'(Š‰D–––ì-ZŽ'C˜˜[,’N˜˜˜¨F>ÆU™]÷£z…é„f䊧iZãcìH²A2 ’N® õ~Œêðx<2°²î 3¡“h†YAl+½„"°­´P<  ëÓ *X¡¼®¸Ã¶ªùI¬ûOahdž]Í¥½3ýh`’'…BõßW<Ì"L'T± P*•ê½$¥&YÓ;¡T*Io—³©Tª“`(æ,D3À ê0¶wØV\¨ÚgbbRǘUA‡ÂëŠ;l+îH?¡©©iSm+2l‰ ÅÜú³gN³7’Û*ör±dú„zñÈP(•©ØÈÀa:QÉž™Ü€Ð˜N…B’uõaé78žˆÏ竬 ÅüÑI4¬ Ca[q‡mÅ…ÆÞ‰:Æ4¨ ê<^WÜa[qGÖ,Ò8=  ­‚LﳲŢýKŠµr¦úÂPä护ØGш`:QEQ*3ªù|¾z’@† ’N ¹\^‹tBã‚Qµ.³†"tÍ0+ˆm¥—P¶•Õ­ã^—˜UÁúEàuŶUÈObÝúƒª sO,±Óxó:õ\‚™;A±Õ¸P,É(Ø11£0|˜NhF.tP*•êó²²îÞ½K²’TíÜŸ;QZZzïÞ=ÕCUVV’ÿuÍ+¨ÃPØVÜa[q‘­¾¥Ž1 ª‚:…×wØVÜeee‘ÿu²<‘AU¹¹/))¹wï»ÛÁÁÁÁÒÒ’IW(Ö’¯$¿Rï¦P ÎtJf ×±þÍó@:f^Dttô¸qãô].„B!ÃÕ¢E‹èèh©TÊtÎ0–Ø]Œ3gΨÜ_8qbðàÁìc ñç7oÞôóóKHHðõõÕwYê öNTAÓ4¹j™çH¨ aÚ¿?>ã!„BˆíåË—Ü·o_xx8I$˜ÇG×Àê¯ oQŸëEÞB^³Ç;!‡éDLòÀ¿ÄÂäîîÞ„“K„B¡Ú™3gή]»¦L™baaÁ gbÒ ’°gnh †)Dc„OÔ€É(˜Oú.B!„A[±bEyyùîÝ»€Y–™‡M&¦ó«R‰@U] ªá«€jÓ U*'är9÷g]#„B5O-[¶ Û½{wII y6{'fø“à S±1‹hŒ0¨‚ vbÒ ¹\^YY‰éB!„PæÍ›÷òåËãÇËß `²×~U™išL'4c'8Ø !„B¨FmÛ¶ñõ®—EÐ×–΄Ã_ÑA~ôÝ$&{&Ÿ°w!„Bˆ£AƒYZZþù矕••ì!OÀZçFßÅDºÔ Ò‰¯¥5œKƒÿDÁõl˜0Nþg£¾˜•“ b þ´jà †7Ó'˜N:L'B!„¸àóùAAA.\ sPI.¡|‰&©©§r9$^ƒÑ“ÀÒ@ €Ð®^€W¥pdLœ ­ÚˆÅ0a•ù€ºu•yzÎ@!„z'Æ KKKËËËcÉdç*FM@SO'JŠ!| ~»%ó€…}Úµk×ââb}5_FFF¦¦¦EEEL.Áæ„·UMOóH'Þ‡Q=àÓi0x4Ä¥Âý,¬àuRA½ÚÒÔžg§B#¤J&“•––’× …¢´´tĈk×®]»ví—_~9bĈøøøž={fdd¨¿7##£{÷î'Nœ˜5kÖéÓ§/]º´eË–²²²   ÿû¿ÿãröeË– 4ˆ¼¶´´ìÓ§¹¹¹®ªF„‡‡Ï›7ÏØØXWÚµkWãaZþ¼•——¿zõê]ÏûêÕ«òòòw}G±±±nnn©©©äËþÃÌ>{=]ŒÚ5>wìKº)qqqéÓ§ÏêÕ«õ]Ô|)•J™L& É'f˜æMU3xîÄÍ+0±?8µƒÓס£ïÛívÒ¡k¯×[rŸíتÞ^àS‘Á8p`hh(óåÔ©S{ôèñóÏ?¯]»VåÈéÓ§?xðàìÙ³=zô [ºwï2pàÀ¥K—:ÔÝÝûy½½½O:UçâWyíÚµãÇë0æt ©¨ËéÄÂ… ýýýÃÃù¤Óé\rr²B¡hÕª•‚E¥k󊦤ôN,˜ vðû¥*¹tí ¦R¸|öí–?ŽÓ¡¢[öÊN8m5">>><ïÑ£G*Û¯\¹Æä„™™Ù¦M›”J%é ˆ‹‹ ÎÈÈøä“O:tè°oß>räÇóäÉ“   ”””äääààà¿ÿþ›ì½wïÞرcÛ´iãââ2}úô¼¼<²=111(((33sÅŠ~~~þþþkÖ¬©îOÈ÷ß?zôh333X´hQHH{ï¿þõ¯#FiñññóçÏïرã|°|ùòÛ·o“cRSSƒ‚‚ÒÒÒÖ®]Û¡C¹\>mÚ4fMÓ»wïž0a‚‹‹Ë¨Q£¾ûî;öh¹\¾råJOOOww÷O>ù¤º"ׯ_nß¾}PPÐŽ;´~7ÞÚ¾}{¿~ýÜÜܦL™råÊfûøñã>|øðḹ¹M˜0!''‡Ù{÷î݉'úùù…‡‡ß¾}{Ñ¢E§N:xðàš5kà£>Ú¶msð®]» àêê:qâDŽãæe2ÙÒ¥K½½½íììú÷ïîÜ9²½¢¢"888&&&""¢gÏž‹-*++•³«\ÕÔ~hÿ¾p±eË–yóæÝ¿„ íÛ·0`@dddÕT¹¤ÕÃîÝ»·{÷î!!!‡b¶k¿Ú“““W­Zåëë;jÔ¨?ÿü³°°pÖ¬Y:t dR/îGÖxºêZÕÛÛÛÍÍmóæÍïÔ’éÊþýûMMM]]]É—*#°¢éiêéÄãG‘ÝzÃñpð—·ÿ’n€‘1„̆#{á?Û¡ Ž€ŸPÎþ”–Hõ]h„jéðáÃJ¥RýóÈØØXP¹A'ºtéâèèxóæMxôèÑÑ£G_¼x1wî\KKËÉ“'oݺ|}}mmm{öìiff–ŸŸôèÑgÏž@JJŠ¿¿NNÎçŸ>wîÜóçÏwêÔéùóçðìÙ³¨¨¨ÁƒÇÇÇOž<ÙÙÙù«¯¾ŠˆˆÐXøëׯ{yy‘×ööö`ÏùöÛoÀÈÈ(99¹oß¾çÏŸŸ5kÖðáÃÿý÷^½z@QQQTTÔ¬Y³¾üòËvíÚQuòäÉÄÄDaÆ ³fÍ’Ëå«V­jß¾ýÊ•+g̘ÁÄ_±bů¿þ:vìØQ£FíܹsÀ€êíNŸ>’’2sæLWW×ðððÙ³g×øM™={öG}dbb2wîÜüüü>}ú07‹ýõ×êÕ«çϟߧOŸààà'NŒ=šìJJJêÒ¥KJJÊ!C{öì¹sçÎäädGGGOOOòqqq!ïÛ·oåÊ•>>>ï¿ÿþáÇnjSc©”Jeß¾}ùå—õë×÷éÓç¿ÿý/Èåò£GΘ1cÿþý£F0`À¿þõ¯!C†€ÊÙÙ—–€Ú/íß.RRR<`ee5sæÌìììÑ£Gß¿_{©T.i•˜6løÇ?þáêêºbÅŠ§OŸŽ?žä¥5^í$7 •5jT=Ç÷ìÙ³±cÇ’©ܬË—§§§nûú⨠ `ëÖ­½zõ¸8lsA7mGÿM;‚†?£išV(èy“iGŠvÚI ü8¤¼¬¬´´´¨¨(777###55õÆ7ndš+!!AßUBÍ×ðáÃÍÍÍÉë³gÏÀäÉ“·lÙ²eË–ï¿ÿ~üøñR©4;;[å³fÍ€¼¼y8cÆ æŒÓ¦M³±±¡išLGñöö®¨¨ »ÈgºÇ§izÑ¢E¶¶¶4MËd²¶mÛ0uÙ²e ¤¦¦ªWÇÑÑ1<<œ¦é .@DDÙ®P(½½½™âY[[/W­ZÅçóËÊÊhšyò$$&&2Almm_¼xA¾üüóÏÓ>Õ!ßë?ÿü“]°V­Z)•JÒ mÚ´),,${I?ÌéÓ§UÎξ ´Ô~T÷}a7¾vaaapðàAòeRRìß¿_{©èª—4[nn®©©ihh(³Åßßÿƒ> 9\íS¦L!»¢¢¢ÀÏÏ|I.NRHîGÖå‡ëóÏ?€û÷ï×Ø€éÖŒ3LMM·nÝúûï¿ÇÆÆÆÇÇ'''gdddgg?}ú´¤¤¤¼¼œ¬K.~¶¨¨(}_÷šü dSï32i ÿ–®àñàÇCbŒ…¤gôÿ^SoÔ´9rdÅŠ+V¬X³fÍ¥K—zöìyùòå–-[ªVYY ‰Dc™LÆÞ5eÊò‚¢¨ &<þœ|Ы‘\.ŽŽ dæO;::z{{ÇÇÇ3ÇL›6™€äååuïÞ=õ8dÀÓ¯âààпÿ#GŽ/ûí·-Z 6 >ùä“'OžˆÅâ‚‚‚k×®8q˜eŽ`æÌ™öööê§8sæÌÏ?ÿ¬P(=z“Àž-=mÚ4¡PH^“OâoܸÁ~û­[·222BBBJJJŠ‹‹‹‹‹É,ÞèèèêŽ;&‰FMÞRZZ:dȤ¤¤ÜÜ\rÀˆ#Z´hA^{{{+ŠŒŒ …B3fÌæSó9sæðªÿíÔ¯_? òšŒòzðà–RÀéÓ§MMM{÷îM¾äñxAAAOž<ÉÌÌ$[HîJ^Oœ8‘¢(’ÔÕ:`u—öï G‰äÃ?$¯=<<ø|~ZZ—RitþüùÒÒÒqãÆ1[~ÿý÷ü‘ËÕ>vìXòÂÉɉý¥‡‡°’ªñÈ:þp¹¹¹©œ¡pýúõ]»v >\"‘PEQÇ£Xô]@T/ðîÀÒº÷©jg7B†oÛ¶m/ßÈÌÌþ<ëŸ=räHöÞ¬¬,æu^^ÞóçÏÙ÷è •J`ïÞ½YU-\¸PËIÍÌ̤RéÇUÞÅܬklÒ)Án—/_>}ú´º³ðù|-eÐH"‘¨×€•™¨3fÖ“ààà#GŽüöÛo:u"ìÙ³gäÈ‘sçÎurrâñxdLj®^½šššúÅ_ <˜|’­òFö³ØÈ„‡÷ߟ}™‚|ãÆÖo”””„††2ÏÐÈÓÓ³¸¸øñãÇÌ»NŸ>®=°²²²²²b?a0&&†Öé,F;wî°oUãããmmmÛ´iC¾d_/^,++Ó¾”p5ªñûRGµ+•··7ÄÅÅ1[ 4bÄ]]íÕñt÷ïß …ï´4Bu-‰<==y<é'dg*‰fM ¦5}EmÚ´©¢¢âý÷ßÿñÇ/^¼x÷îÝ}ûö&%%íܹ“y .¼páBIIɾ}û¶oß¾téRrïkmm@Ö e,]º4>>~çÎeeeùùùaaaE-^¼øJسgOŠ¢ØéüãÿHIIÙ³gÓ5]ºt¹víZZZZQQÑÁƒW®\ /_¾Ô~·Ý¡C‰DrúôéÂÂÂŒŒŒeË–ÅÆÆVVV2u9zôè?ÿùORÁÕ«W{yy‘ŒvíÚ?~ß¾}qqq2™ìðáÃãÇøð!¹õ¬NXXX‹-V¯^••UPP°aÆŋ·mÛ¶ÆO¦I«~ôÑG·nÝ:pà@XXó2¾%66VKqùòå=zìß¿_}×Â… …Bá‚ òóóe2ÙîÝ»£¢¢/^Ìä9Gݼyó‹/gÏžííí=tèP-g¯1 F5~_ëÖ­ëÑ£‡öWïZÍê.éÞ½{wïÞý‡~¸råJNNÎ×_}áÂ…©S§‚Ž®vîêrºôôt7772ø ¡†‘žžncccddÄçóÇ€¢(vv¡ïb6„èèèuoìÚµ víÚÅlÑ>é®1j±CôêÕëæÍ›S¦LY°`³ÑÃÃãüùó*vÎœ9sÀ€2™L*•Nš4‰¬ÁÁÁ‡ò÷÷gVî'.\˜““3{öì¹sç* kkëÓ§O¿ë kkk•t¢W¯^ï½÷^NN{‰ÛåË—‡††º¹¹QåîîNV†7nÜÙ³gÅbquñ¥Ré7ß|óÕW_Y[[SüÇŒ=ÚÉɉPiôôéÓ_ýµC‡ú.jv$ÉСC/_¾LæN°3 •ÙÍ———··7»ÊEy{{W÷p¤F­©õ¶ „jÍËËKï¿æ‚ƒƒõ[ÃáâââââBf7$@°bÅŠ>)Ò¡¶mÛjYÜ¡z5cÆŒ‘#GfeeuèÐÝ Ñ{¡Â¦Ó „B!¤`Ù²egÏžežC2öÿ͇µµõ°aÃÈÄk@0lØ°¦1™M¦!„BH7æÎkmm}ðàA…BA³@Ó4ó¢¹eÓ§O'²årùôéÓõ]œú‚éÄ[êÏo>ë „BÕ±±ñÊ•+ccc?~L¶DšÓ0'FPP••XYYé»8õÓ‰`.B!ÄÝì$˜D IDATÙ³[·n½eË&‘µ¤¢™ääAÐ$7ÁÀtB3¦§0£@!„âÌÈÈhÓ¦MW¯^‹‹cqjV‰ƒI'ô\Žú„é„ìaNäQŽú.B!„P£1bĈ!C†DDD”••1Ó'ša.^^^³fÍÒû:ìõªÉv»è„Ê 55UåA!„P3DnÄ•o0³œ9ÒËñÏŸ?ÏÉÉÙ¿ÿ'Ÿ|Âd4Ë;µ@aaá;wê¡iÂĉ/]ºTãa PÃtB3ösÙ½MuÁ`„B5äsR•%gT^T·‘Q\\laaÁÜ) ò?C(‡*Ö½_â³Ï>Û¶m[ÝënÈæλuëV}—¢60PÅæÄçóÉÿ*ÇŒ3ÆÎή¢¢B¡PTTT0y9÷•øøøîÝ»ë¤À*22R&“ 2ÄpJe˜¡°­¸Ã¶â"77Wå3°=zØÛÛë·T† ¯+î°­¸+,,Ÿ/‘Hê„Ü,ñù|' ±±1É+ÈEQ@%«©Ër±b±ØÝݽŽ%GõÓ‰·Ø¹ó?ù‘P9R$‰D" éÇS¾™fÄñ\|>ßØØX'Å6ÀPLKê$šVP‡¡°­¸Ã¶â‚üjRÙRǘUA‡ÂëŠ;l+îÄb1ù¿©¶¹A222"½B¡$ì‘N”¦gyÕýÔÈa:Q…J· ù1P_'X(š˜˜ðù|’NfÉŽ'âóù¦¦¦:)³†bÚP'Ñ °‚: …mŶFFFê[êÓ *¨óPx]q‡mŹe'~êÍ+HÒ Š¢„B!ŸÏ‰D<|Þʤ*éDÝÏ‹ ¦š1ƒÈ„Ê^###2P¡PŒâ]Ó ¡P¨«ÉûŠL^çñx:‰f€Ôa(l+î°­¸PÆ ‘HêÓ *¨óPx]q‡mÅ]qq1H¥Ò&ÙV$7 ¡H^A ò¿X,&I…X,fz-Ô'rè¢6ÈP`:QÓ)AfMPEÓ´úÜ  2›™„MÓ´B¡àx"‘HDº^wŠù“£“hXA†Â¶âÛŠ ©Tª¾¥Ž1 ª‚:…×wØVÜ€™™Y“l+’ ˆD"KKKªêÊN¤k‚`2 vO…ú=j0ÐŒüxÐ4­ñ1väçØk-¿ÓÔ"§>&¡v 0óñƒN¢`u ÛŠ;l+.ȯ&•-uŒiPÔy(¼®¸Ã¶âŽ™;Ñ´ÛJ$‘û%2ýš¼‰DÌ ödTòY-vM4I˜N¨b'@Ó´ú`'±X,•Jår9{‰X¥RIz3¸œE(š››ë¤ÀŠù“£“hXA†Â¶âÛŠ õQѦ¦¦uŒiPÔy(¼®¸Ã¶âŽ ;”H$Mµ­ÈÌR2nŠN:Èø’Wi¤ƒ‚䀃š"L'ª —8ÓÏ@Q”R©Tÿ´ÏØØØÄÄD¡P°ÿN½ÀÌÌL'e6ÀPL‡¸N¢`uªQ·UÆñb ±CïV SªFÝV ÊÄÄD}KcTuªÆëªàfÁó¤g¥Ù¥&ö&-{9˜»h»3À ê0þ rG{SSÓFÔV´’Î9Ÿýâî ù+¹ÄQÒz £Ø\¬%”P($£+UÖÃ$$¯ …Ì8(²…ñES‚éDL÷3‰‚¬t¦r˜H$211a:%j—Nèj• ¥ÛÕ? °‚: ÕxÛêUÁ«¿w§¶âl:¤†3b[5d¨úXÙÉ *¨óPÚ¯«Ôw“¶&JZKLìLIp$½Ëªnïõ¯¾Ke˜¡ðg;Ý®ìÔT*”W¿¹ü(&Óª½%% ²¢3ÓÝ°s¤Uµ©`aÁ^ “ôT¨Œ€"‰{6æM ¦š1CžàÍç1l̳U îéEQêËÃ׺¨†Šù•¡«h†VA†jŒm•û(÷zî£3e 2v¶aJÕÛªáCiœ;QǘUA‡Òr]•=/KÚšØn´k·åÝ@öBùS7¸áÜß™/Ò<Ô+¨ÃPø3ÈùI¬ûOÑÌKÈÍŒÉì±&Àeˆ äßÊûcNtÚÁ¿Éůû#W&C`§ÌkŠõ ÔL'4`_îÕMÅ666Vï”àžN8;;«I¨ ennž››knn®“hXA†b~7¢¶zžò¼øáK+g«œç9ä, S*¼®¸ @U¶Ô1¦AUPç¡´\WùWòÀ7Ôì211qÖ>q×­Š¼ k7ëz-•a†jŒ¿¯ôŠ< ÛÖÖ¶±´Õ‹;/ÆÏÑž<>œz´5w2¯x^®å¼mÛ¶%0ìvæÀ¼ ]ì1Q€ƒš®S‡›v’5tèPöÞßÿ½_¿~êG""22rË–-üñ!Cô]CסC‡ììl‡»wïê»,ïì—ï}¦v \Ó·aN‡×111cÇŽeo9zôhÿþýõUçåºÊ¾‘ýøJVç°.ïõ}ÏÿD¦ú{úù™Ò–ª ò6ú÷UÃ+**ÒÕüéPœ[,/“[¶µ$_¾xøâ?A{{¯êã=ɇËۙ܀ªŠÙ vÖ èèèÁƒ³ãDEE 4H'5B {'ª¥%o&#™/•Jeƒ”¨Ñ1bĈ#ô]ŠFF}±FAåg¡^áuÅ…úšîdf¤^ Ó(h¹®ÚtmÓ¦kæËŒ³÷þ—ö^/'KGˆ*Â+Š kkÍ]X†É²õë«:~Ó¥¬ËY9·²z9uëÅñ{­2‰ø¤r+…=MþFÐŒ¹âišV¿úɤ"æKõÑPqÄ|xÓHÿ<7d:¸Àt¢>ÈŠdç¾=›ðëV[ÿqD³mÏÆþû q!4Òr¥R®Ì¾‘u)Ómˆ;Ç7ªgì.‹êCMþF¨秲Qå ;¡ºk¤ž104˜Nè\Êñ”¨å‘@ÃàõAþ¡ï3Ÿš3¼¢š°æõü`^ÏʲʟºlþsåÃ=9&Ãä¡™Àßµ¡±S¡Z`Ï]ÓwYÞ3ÙNßAoiüø¿GµvöÛ¸sßžíâ;àËFæºy–pãÕ¨_!íb×±xÏÂw’ùRl*ö›âþûs… ­]Ó¨-¤ø!„Ò 79÷Ü·g»†uþÃÌ%PÓöðÒÃóߟcoÉ»“Rûæ¸êzWØ;BiqöOȳlcysÿMöv÷ wcKc}• ¡úàâ{rÁ‰¿¾Žñ}_.“ß9ž’æì%2ÕÍó.PÓ†éB!¤AæåGÊJeÔgÿSÙÞÒ»%¦¨‰ñ™ÐéYú³K[.]Ú|‘lñþÐ{к ý– 5M$ø÷ؽOn=žtowܼ› 4û¶iòõGýš`ûI?Ú%<=žø,ê‹ýïT6ƒæ ¦wÊ©*¬Ú?â'Ž:ÇÐÙ(éXb¯ Ç,ÇZIZNÒ±'Ù·³/WÖU¡qʹºöÊ“ÃÕ ÕTôUSN§<Üÿà³ëóµÌ´$-!tnñÙÔ3)ÊzÊÊ:Ê ¿<´kél¦ŒÌ"ÑÞí­ÑÞJí­×C¢]IKÉd(t«IR‰vÐ%t“t!¤¤¥äìL>u ¹ËagÚ¹œN š;xÐÜÁíôѼ÷¼K«.Z·žqØŸÁd%špðÎ÷·=7ѹmú•9q9/.?ç×ðÛR«ÚòÚ˜ÍÑN³œ'~? !Ä­àóËõõWm'ÚRÑ­‘—›z6uÊO¾öÓíñÓÓ¿ÿS<.™ž’ç%±_ÇÈ+·© §2§rØRWÏR¸ãïåЋÚfÚÁçf)¨*ðªxN?úäðc§œÀAb_Zu±2»ÂÎÇNÒ¢Jž—<9üØeÑб_c0Å)ÅÆüzçûÛ¾û§JZTÆõŒÔ3)n«Gº…Ždɳrîfó;úà§û®Ë†KZ”tA´·D{+A´·D{ëA´KDZѺŠn;³‹ÍRÖUf²þù‚‰Gž\½„º¶îjöìêâêãÇJÓK¥òYéWÓkJjF­qÇó‘÷rèmäl”z&…Þý(rrËÒKu,tÚX«üÇù!—CñS%m¥~öu•uå™å4ªÄVf÷ŸúÏÕcm íšâjÚuk¨k8»àôy.š&mºV™S©mÞÖ …*H,xõ׫Qáî ª !ŽgÂ÷“l&ÚÒ(ŠÁd0YLòßËë×Ò§þê'§ qêþöõ[„Õ8+|É`€V_Mn%—F­2o¾dÊ1]eɳB¦#Ítmt3£3i%]í­ÑÞJíU ¢½• Ú%"­h]E÷i jà6<¿ô¼,£|Äç#ñ’¢”¢Ìè—!ƒyr… B“¡}ðñ¥EFFFÍ/©Ì®à¨s üÛuUÛ\;÷a.·‚«¬£,iåÇmñ¶ê}%é{©”´”<6Œ¦Ný.÷BˆÆB‡€vSú“¹YEvÅ»ÜwäÉŒ†è/oÊ)ȹ¯óÈŠ¡Ôã×ðkKk9ꜧ‘O« ßk[èX{YÓë`V‘UÎ`1Ì=,òÿÎ+I+QÖS1eÖ˾íºa5%5—C/ ¥n¨þ±u† 5lØ°Æ/™4“W’|ø±¡³‘G.ãjzeNåù.4jR[V£Ö[MQãß?½Aƒ¬¿²h%]í­ÔúhoñxÕ‰ÑÞ ˆöÖëÄhoæx…Á±½5 ÚI-¯@WÑ}Ò‰ÒôÒˆþ;B"j˸ˆ ì|û7îKêø©Sîƒ7 ܆«ÜZYr¿~ý<<ôèTÈ §g%-¥¤?“ªŠ«L[¥»M(ÑÞâñª£½í4t|´7s¼‚c{ëA´“Z<^®¢û¤JÚJγQ—ÜÛwëÛ¿rîf›Ž4kcáÊÊÊ_~ùÑ915‹žR—ðÞ×!„¤2Ý^¥]H»~È{ûçÙƒðèÚ\— w]6¼¡®aï௅_µž`#éžiå-3- OKÜ:/ä jùïrß)i)Izø3u3]öh~Ì”cZ{ÛXyYg\M¯*ª"/¹µSŽ‰¶t8n×±Ð0Ãþþñ•Ù•´O÷÷Ä«¨ZO°¡÷v„Г#_\|îwpºíä~!‘@ôÓÐ=q;ïÒ8åhk„œumýµè/oÊsä-ÇZž;$ãj:^¿˜Ô§E– ˆv¬ùãD»¤ Ú[Ží­ÑNÕüñ tÝ'h Ï-ý.ÿ}{Z/ÕWqù5|ò Y]T-Ç‘“ÊœÍmqçûÛw¿¿30ÐqìWã8êÚåÜúö/>ŽŸþÓ+¯(ïä·ónev¥¤­Ï%i%µeµ{í&—T¼ªØ3h÷ä]Ÿ t¤]CÌÄÅ$ãjz}u=’°g,îÿÚgXr žÄ½ŽÖØ8„Puquê™×eÃi_CåÜÍQÔR´öþç¤Å”c:Ìxç·ßå½Ó0–ø®)†ÎFónÎò…L9&ƒÉˆšsR×F—^Ť>-²T@´·D»D Ú[ ¢½õ ÚA÷Ó£äÕ_Y!swóöþ ‹±VI&½yøÆrŒ%^’q=Ýt¤í–P©(N-¾ûý—ECÉQ´½¾ÿºúLyÊA•©f¨æõ7ÔëìÂ3…IK–“WÑ^ÞÈS”Ó2•xênû^¡Ìè—äi/ûv6b0t¬h”3£_Š¢3hv¸Ç8êÞ;^my-¹+³+ñrI‹zt !åô³9W>Ã1É­àfý•5j;ZIwZdiho=ˆöÖƒho=ˆöÖƒhÝO÷I'êÞÖ%OÂ܆‚Äü”Ó)ÖlNSÔTª.©.zV¤c©#¯(…†<Ë1–š¦š××]eïñÑì«yoW\UA•ïþim/¹-rîd3噚&šäfÁl¼m$Ä1ÐñÒª‹±[cœgðÏ/¤½¼ñr€ß¶²Ä½3ÅÎr rlìBÖlÒÎ¥Þø¿ëÖº²•Ù)QÏÞ<Èu u£1 Ðf¢~ý»;îˆD„Åh‹g§’Ó.¤:…8ј)˹“­ÚKµsäÙùöO;—zqå…¡ ‡êÙégÞ|ùübšÍ$[ŽšÄ§-3í¤Âû{ã]— ¯¯©¿´ê‚V_-z‰|lZäÑ=;±Ï+D{ëA´·D{ëA´·D;è~ºO:QUXuyÕEüX^I^ÇJ×}Çð•#¯i;¹ßó i¿ùuÖÅÙ&Cû4^AR,6+ètÈŸ~GL9Œâ¨s&íœlèÔ¦‰#Ú.÷áQƒèú†kbË{Ù÷’ôHê0°âUÅý½÷ïï‰ÇKìgØ{}ë-ŠÒe7ÅîÝ›·q;ïþýÛ#„b0†-FÇ—ƒÁ˜q8àì¢3WB/á%öþc7£W1‚ rârúÒº+•õxëñÛ¼omûëxÀŸx‰åXKz·—²ð´¾rÄíí·âvÞÔ õûéùì›J¯s­t§E–ˆöÖƒho=ˆöNÑÞzÝ>ÚAWÁ w«µ®ŽÕ%ÕªªÒ͹+^UðÞÕõØ»-½*e·’[þ²œ msíNBª¯®/K/e±YÚ:4®¨‰©Ì©¬.ªÒ±Ò•£'¿†_š^Ê{ÏÓ6×ÖìÛ¦;CU—T—g”iôÑÔìC¿œ¨9'ËÒË–vKÌ»‹õlôÚR=™ÑÞ) Ú;D{§€hÝI÷iƒÉt‚ˆÖ ×°ÛU(i)™ 5éìZˆSPU0lÜòz­£eªE£{n»b«°Iç¶>ªúªªúw‰#ãÓ"K D{§€hïí¢t'Ýð": ý(j(VUQ—ÈδÈHD;è9 ÚA[@:!ׯ_wvº ØV­×µ¶•Z/Un9—_Ã'—ÈÈ´ÈHD;è9:7Ú»Öy4éDk½|ùÒÔÔôåË—]‘.¶Uëu¹me1Ö !ôæár‰,L‹ @{€h=G'F{—;‚Æ h­ÚÚZòÐ<ØV­×å¶9-ò›oªŠª®†_©*¨¢7é 2¢ôí]î<ë¡C±ôÈæ´È´ˆvÐs@´ƒ¶€t  c¥ Ë»÷´È`í ç€h´A: £{O‹ D;è9 Ú zh‚t@¤í¢ªªªå•º îú½Úl+=œ{H'¤I(^»vmÆŒæææ]—vann>cÆŒk×® …Âή‹¬ƒm 'ƒó`Ïé„t¼xñ"<<ÜÀÀ`„ §OŸær¹’–````nn^]]M.¹té’¶ö?#¢F½cÇ„……ŹsçÄÞ›˜˜(//߸̃º¸¸HZ“fp¹ÜÓ§OO˜0¡W¯^ááá/^¼bá­¤¡¡¡ô®®®§§grrr3ëgdd<~ü¸ÃªGê¬muãÆ %%¥ŒŒ üT(öêÕËÃÃ\áÌ™3JJJoÞ¼ùHÍñññùöÛo¥SQÝš,üfÒ‰6yûöíþýûûõë·cÇŽòòr„A4Šª««ËÎÎÞ´i¹D(’iÉÒ¥Kñ/Â& '¢Éå ¾¾žFeš?¨¬¬lÇŽýúõsvvÞ¿ÿÛ·o¥û)ͨ««Ûºuë“'O?~|üøñòòr///‘Hô±õÿøãÍ›7wXõ¨:e[¹ºº644Ü»w?MHH(//‹‹{÷î^g``ЧOzåÓ o=P§ÿf&Š¥C(Þ¼yóСCçÏŸ'›ð¨my"‘èþýû-–ãââÂbý{ûúO?ýtïÞ½ÁÁÁÎÎÎbkZYYiii‘Oÿþû襤¤~ýú1‚\X__ãÆŠŠ wwwSSÓÆ÷äÉ“ÔÔT;;;'''&ó?™¤P(LHHh±ÂÔ_íøû&%%-]ºtÅŠ>>>sçÎ7nù’““ëêêZ,³E&&&FFFÔ%†††¶¶¶¡~ýúmß¾}„ ¯^½’——ÏÏÏ'7HeeeRR’±±ñëׯËËËïß¿ïêêŠ*((¸wïžššš›››ŠŠŠØg•––feeµ½Î¨c·•¡¡!™¨ªª2$>>þ³Ï>CݸqÃËËëùóç111~~~¡{÷î3¯\VVûîÝ;777;;;„@ ¸sçÎÈ‘#SSS ÆÀù|þÇß¿ïææÖä§åääЮ<€nI¢ó èÚÐ:‰‰‰¡3gά]»VGG!$'×Öd¬ªªŠ,_MM-22rÆŒÎÎ΀ ˆsçÎq8üª««ë¶mÛ‚033suuUSS6lBhÁ‚A<~ü˜Éd:ÔÊʪoß¾ŠŠŠ/^$âçŸvpp B$Íž=[^^ÞËËËÈÈhÒ¤IµµµÔo×öñRxkèèè¬]»öàÁƒm,ê›o¾¡V•ÍfGFF’O—,YÒ§O‘Htûömƒ‘››‹—oݺÕÖÖöðáÃ}ûöÕÑÑ &âäÉ“JJJƒ ÔÓÓ=z´¯¯¯šš°ŠŠ „мyóX,ÖÏ?ÿ\UU5|øpyyùAƒikkÛÚÚ~ýõ×bmïÞ½mÿ zêyðÌ™3¡ÄÄÄVþ2Z'$£¬¬¬¥¥¥®®Žû5} ‡ÃIJJj±4%%%±%»wﶵµÝ»wïÊ•+?ö.6›]PP ¢¢ráÂœßËÉɉD¢©S§†…… ‚… ._¾|Ò¤Iä[Ž;vúô霜CCêª*''§ƒ._¾œZ“Ötjtttäñxͬ ®®®¥¥ehhˆ:sæL¿~ýZ,³E8y£Ú²eËÏ?ÿLÄ›7oòòò.]ºÄ`0FŽiddtæÌ™U«V!„¢¢¢‚‚‚fÍš•‘‘ñìÙ³#GŽ”––Λ7o÷îÝóæÍC-]ºtùòåwïÞ¥–B(77÷õë×FFF[¶lyóæMVV–‰‰Ill,Ù¬AèééI»òº¥Vž•••;¬J @:!==½ðððððð„„„Ã‡;v¬¦¦†Åb‰ÍZÀd2mllh”o``ðÝwß­^½÷KiÒüùóq/O>ùDGG'!!aøðá cÅŠ C^^>88ø÷ß/..&ßrúôiWWׂ‚‚‚‚„““Stt45`±X­©°X)üF¡P¨¢¢4{öl<ò§R¦¦¦ô6B‹ÆŽ‹{.UVVÞ¼yóÓO?MNN611ùôÓOOŸ>½jÕª—/_¦¤¤\¸pú®›7o ›G!„öíÛÇãñ8¹ŽººººººT*Ù‰ÛjèСŠŠŠñññ|>¿oß¾–––úúú………/^¼¸wïÞ€tuuß¼y“œœL6,Œ5JSS3>>~êÔ©¡°°0ÜÁììÙ³&L011Ayzz7þ8MMMMMMiU@÷ ÑytiNÐäâââââqáÂ…ƒÆÄÄ0Œf·Þ¼yóŽ=º|ùò&W ï2 SSSÜOIQQQAA/733CQ'‰ÊËË«¨¨ #—888´±žL&“ ˆÑ£GöÙgS¦L¡þ(ooÆ ó÷÷Ç/^>Óp8j§X‹Õä,ˆvÐEA´ƒžC¢hKžE"î××ÐÐ  åä¤{_¤–qsDCCƒ¼¼ŸÃá´S- @ÀãñðÙlÂg&“Ùx>ˆvÐ¥A´ƒžC¢hG”D‚ìæÄçóqØËËËwÎw uÈä!Äf³qß<ê¤gR«6 §¶bÒªíG)î¼A½|Õí khï®êêê=z”••õ±¿immmEE~, :°vƒF´‹My,ø¢È8êu.ãÎí•J'À„¿RCCƒ@ zýºÉ“'kii‘³³“~üñG•¨¨(©|Š‰‰Ixx¸TŠêÈ@Å;!FíbÛD»333 --­!C†>|XÒI°¬¬,òwÔmØ°ÁÔÔ´ —}='ÚãããU>¢¦¦¦³k'âââׯ_7³B||¼“““ššš‹‹‹¥¥¥ššÚ¤I“Š‹‹©ëøûû«ªªÎ›7!ô矪¨¨544ЫR»î¡R$Q´‹µÅ‘ï­¯¯çñx2íà¶8«8tɪ¢7NéxtÆNPÄñÞËçóy<^Ïé§NzùòåóçÏÏš5‹º<22’Á`Lœ8Q*Ÿ2|øp ©Õ …B'//////äääðÜÍœu ÚÅp¹\“… â§EEE7oÞœ3g—Ë]²d‰¤¥ 0 ,,lëÖ­Ò®&BÕ××s¹Üö(¹Kè9Ñ. kkk?ùä±—ºÖ¨ððð‡fdd4ùêÉ“'gÍš¥««áèèXSS÷ý÷ß;99]¼xqРA¡ÜÜÜS§NÍž={íÚµ¡={ö˜™™EDDÐЮ{¨Ií¨ÑäNd×¾›ND>‹œaþÅO/Ž62ÛiVZ[J¾Êf±-´-– Y2kà¬ÆÝi®‡ýü÷ÏËk>ö\๠Ñ"S"sBsÚµþ=>2ËÉÉÉÉÉÉËËãî|Í_*êô‡‘i™õðÙ?üüü–.]zêÔ)j:‘———¢¤¤$•O‰ŒŒ”J9=õ²«Dy>>#FŒ˜7o^RRƒÁÀýš‚‚‚lmmBùùù“&M7n\gV½CHíd.A~èÑÞ"AmC­Pôϵn×DÝdáàWŽª‹nfÝœsn—Ï]â"~¨¯Ö×6Ô®s['ÏüÏÈKmKü*·¡ç^Ù‘:œý2 òêO‹És 9v‚  öY”nåºUUUŸèèè·oß’ OŸ>MDpp0~úË/¿xzzZ[['$$«…„„;vìÒ¥KîîîçÏŸG=yò$,,ÌÚÚzàÀaaa<¯9gÎœßÿ?æñxk×®µ··×××3fÌÝ»wÉýýý£¢¢¢¢¢ÆŽkmmPTTÔÞ[@öá“ ŽXj 7ÿ.ˆöæq8œ~ýú½yó?mÌ™™™Ó¦M311177Ÿ;wnII B¨°°ÐÛÛ›ÏçGFFâ÷6¹&ÆårW­Zeccccc–œœL¾tòäÉ‘#Gêêê:;;ïرCÆ/¥wˆvìÀ .ÌÊÊš;wîüùóBA>|8 ÀÜÜÜÇÇç‡~¨®®&×ñâÅÌ™3œœ–.]š’’zùòe„Prr²··wjjêÆñÑþÝ»wóçÏ·µµõððÀ«aïß¿_±b…““Ó AƒÂÂÂÈ“.$77wýúõNNNÎÎÎ_~ù%þ£,[¶,&&¦  ÀÛÛ;--Mì[ìܹ“ÏçïÞ½›Ì%°Aƒ­X±"999::úÊ•+6l@mݺuóæÍ~~~111~~~B¡°´´4""ÂÍÍÍÌÌlêÔ©/_¾l¾¶Mî¡2«ÑN†:Œ¢2Õ4]9l%þ·}Üöûóï›kšïz°ëcëoµq‹çê¿àÁYáB,\[ííM²t‚h4½y%vB„PpppCCùsçÈ%QQQFFF¡ ,Y²DIIiñâÅ¥¥¥îîîäéçöíÛ¿üò‹Omm­®®nJJŠ««kNNκuë\\\:4wî\¼æ¥K—ð)‘H4zôèC‡nÛ¶MQQÑÝÝüèØØØ/¾øbåÊ•îîî~~~/^ôõõíÐm!“È QøÊ«XçZ±½¢½•***¢££ÍÍÍñS±`NKKsvv.**Ú´iÓâÅ‹ãââXYY©¨¨èææÆd2]\\B[!$ GuôèÑéÓ§?ÞÝÝ=??!´cÇŽ€€[[Û;wzzz®_¿^¬·aÑŽ¥§§_½zÕËËëêÕ«666¡íÛ·ÏŸ?_ lܸÑÊÊêÿþïÿ>ûì3¼ò³gφ ’––6a„ääd77·¤¦¦"„***®_¿Ž³ˆñãÇ?xðÀÇÇÇÕÕ599yúôéÓ¦MÃ#Þ¾}ëäätäÈ‘Q£Fùøøœ9sfØ°a87Æ…à·™™™mÙ²%""!äè訧§‡÷ 555±oqûöm###77·Æ_pÚ´i¡§OŸêééYYY!„lllÌÍÍœœØl¶““BÈËËë×_õ÷÷Ÿ3gNzzú!Cjkk›©mã=T–Ií$2 ‚À}Ðñ\±Xñ®„#Ïé§×ïÍû7m)„ ˆÃI‡N˜G˜û÷ùáÞÕõÿ&óÇŸ÷Ǹ¿Øz{ë³âg!gBJkJB"‘èTê©™§fÿ`<êà¨)'Úúeº2ÜŒ†Ã•ø0mF§§ÿ¹Õ"|ˆ:yò$A+W®d±XoÞ¼Á/ååå±Ùì­[·’…LŸ>ü½kccããデ„„XYY5ùÕÕÕGÕäKååå¡E‹qÿþ}„ЃðK†††Ÿþ9A¸-bß¾}xyYYÙ!CîÞ½Û|m‰ÿLÒhçóùuuuïÞ½+---((ÈÌÌ|úôéƒbccŸ?ÞYߢsI:‚6¡›™7ñSýíúŽL ®P^[ÎùŠc»Û¶ñ{—]^†6¡šúš&K½ª·ýŸCñ·w¾•ûRnZä´CO­¹¾†½™=ýÄtüÒÿîþmB>ú¬¿¹¾÷w½¾7B›PVEA_ßþš½™½)fÓÏ~žpdó æÙ´³Òúâ]ÎóçÏcccãââž>}š™™YPPPZZúîÝ»ºº:<ø§SjEsìÑèª2‘u6‹5sæ̽{÷VTThkkS{:={–Ífûúú’­ê&LX³fMqq±BÈÍÍmäÈ‘ø¥>}ú6|øp±Ïºr劲²ò¨Q£ðS&“éíí}ëÖ­ÜÜÜ>}ú „>ùäüª½½½P(ÌÉÉÁj{,2P1ra‹ï"@´#„222Ö¯_³Ùl++«#GŽ=ú%˜Á7üýýñKÆÆÆööö<+³ù5¯]»¦¢¢2~üxü’……Ebb¢††ÆÝ»wkjj¨óLš4iÙ²e>1bD»|ù®£§E»ƒƒC¿~ý¨K´´´ð‹µzõjrXö_ý… …ùùù™™™‰‰‰õõõxILL̪U«ÈÆ… ~þùçÔ2qSB¨oß¾Ô§ø£qëÄÙ³g=<<455ñÑ^]]}ðàÁ7nÜظq#^yÎœ9ä`Ö<þ¼Åo'”••›| w…UQQiæízzzçÛo¿UTT?~¼ÙÛ¶ÅÚv 4¢ orJœ§>ëiÞ¼{óSÂOøñËŠ—×3¯ó¼5#Ö|l}ûŸìèßQÚ:Ê:<['úUô¬³~óù ?-ç–_θŒ*©)ùêöW‹/Þ7yBh³Çfï£ÞùUùxµ¨Ô(Wc×-ž[B /\paÁÓ⧾ýzhŸ ±ƒ³Œ„®†bS¥X³.*88x×®]çΛ7o^TT”“““B(33“Ïçã3UEEN' @. ***ú駟ƎËápÜÝÝ׬Y3zôhê_½z5tèPê w,--Bùùù8ÐÖÖ&_ÂçÑ;aI,\i N…hG7îÊ•+ͬ@snn®@ ë¡aiiyëÖ-±·4¿fvv¶u:<‡Ï‰'BÔÌÁÄÄ„Ífã~P=\O‹öÀÀÀ ÅÖÖÖîÕ«ù4---"""22’ËåöêÕKCC/ÏË˸µ SPP HBd9øŽQd?Œ —ŸŸŸ——'Öa‰z)GìàÜš#³……Evvv“/½zõ ¯ÐÌÛÕÕÕ¯]»öÅ_Ì™3!dooÊçó[¬m— i´‹]X%Grã~#Vm—Q‘±>úÕ#ÛJÇêȨ#Í ‡o9ž:[UAµñ:Íù !$ ó«ò3+2 ë…õ¡¸7qÜîÇ9ÿ|œ{žó¼¿rþÂOûhô¹˜qqcÌÆ€vzv¿NùUJ_±K"û R ±\ºãµõfòÔ ©KœrÚÎNž<éååõðáÃ;wâåjjjªªª)))øF†$}}ý&ËY³fMXXXbbâ7:4~üøgϞᎿ˜ŠŠŠØèjÛª6†+D»¤ðõÔÆjhh(ÑšŠŠŠb/UVV²Ùlü®ââbò:4ÎÛɽ 'ƒhÿ???‘HtæÌ™!C†hii­_¿~ß¾}!ü“šiUUU¸+©Åã*›Íf³ÙS¦LÙ±cu9uªVç=zôÅ‹èÿùçŸ cøðáÍ—àîî~÷îݼ¼¼˜˜˜'N¬Y³F(®Y³¦ÅÚv ´Ã•Ì%ºÇÄÒ5Î|Ü•à殉ùnÜwÊì¦ÛÐHi¥i÷#"S"¹ Ü^*½48ÿ$ó9osЇ™ °ÞªÿÆóù-ìzXăˆoî~£¯¬?ÅvÊî_ª‰ŸGz<¶ÅbQ3ŠÎ®TîŠMî´²ð5dJppð­[·öïßû>á…vvvÕÕÕùùùF\¹reéÒ¥bÙöí·ß†‡‡3 ggç 6DFF644<}ú”ºN¿~ýž?N=ó=xð@OOÏÄĤ]¿]÷@†në¯×B´Ó ¯¯¯­­û‹c555©©©ÎÎέéààðêÕ+²Í!77×ÀÀàÀ¸‡ILL ù.Ü…ÏÁ0ˆvªG¥§§oÞ¼yüøñ8 MLLÄ/iiiiiiEGG“+ÇÄÄHº˜L¦­­í½{÷ÈC½¡¡áºuëŽ=Ú–jãûH¬Y³†ÏçS—?~üøèÑ£Ó¦Mëß¿3o7n\uuµ±±ñœ9s®_¿nff–ÐNµíD’F;õ]©ó;á÷&îLÀ™Šu…k §ØNÁËUÙª¡¢šÒ¼zûŠ|¬«¬ûÇ´?JÃK¯]Úoê±äcSŽOéàšËÙ W‰gvúX{J÷»‚EÛ§Ÿ~JÄ÷ß?nÜ8²ñaÑ¢E:::_|ñE^^^YYÙöíÛÃÂÂLMM›¼LÕ¿ÿü166– ˆ÷ïß>|˜Åb9::R×ùüóÏåååW­ZUZZÊãñ>|ýúõ°°°&ó€5½‹jˆv©X»víƒ8PWWWZZºhÑ"ƒ†_ÕÑÑyòä îÅÑÌš¡¡¡l6;444???))iáÂ…l6{êÔ©ƒŽˆˆxüø±P(LNNþòË/,Ö3°g‚ho’­­­ŠŠÊ•+WÞ½{—““~ëÖ­†††ºº:ô!—,YòôéÓÈÈÈE‹ÑhIØ´iSaaáöíÛkjjƒƒƒ###‡Úâµµµ qe¨úõë·víÚ+W®¸¹¹EFF¦¦¦&$$DDDxxxôéÓç‡~h¾d''§¿ÿþ{ëÖ­x\òåË—srrÜbm©{¨,“4ª›,AF®òvcò¥—§oöØ<Þr¼–’B(±ðŸdÞJÇ !óêßkC7³nâ †ÉÇ&_}yU™­ìmå½oò¾¥C–&&6iÞë½Ápíb š]‚‘‘‘»»û_ýEœª©©yùòåÀÀ@ƒÁf³/^¼}ûö&K˜8q¢§§ç˜1c”””x<‡ÃÙ³gµµ5u++«S§NÍ;W__ŸÅb‰D¢ððp<‡ ²ãóÏ?/**Z°`ÁâÅ‹…B¡¶¶ö•+WÈ~Þ .üæ›o\]]‹‹‹›YÓÌÌìâÅd\K IDAT‹AAAÆÆÆ!CCÓ'Oâ1B§Nò÷÷|xTTT'~_ ãTUU¿þúë-[¶hkk3 ??¿›7oúúúöíÛ·¤¤dõêÕ<o×®]û÷ï711Ù·o_HHH󣜛:uêÎ;ׯ_¿a ŒÿüóÏ&çxãççwêÔ)ggç»wï6^Û¶mønä] p?¥ß~û­ñIJb¿ùæ›ÐÐÐ;w²Ù캺º©S§®^½ºÅÚR÷P‰6‚,#At›5€DlumUØ*W^^ñ¶ô~Ë{ûóß?ßʹ%Ç”«k¨sïë>Øpð·w¿Eì;òDʉ³ÏÏâwɳä58›om¶×·7R7ʮ̾˜~q Á@y–|³ŸÖm5ÝÆñÜñ}0¾kžRÇãñù|.—[UUUWWW[[kdd4pàÀö«k7 ž?^ZZÚ¿<»/_¾|õꕲ²rÿþýÉ®ábêêêRRRø|¾½½}‹gðôéÓüü|6›­¦¦¦¦¦¦¤¤Äf³9Ž‚‚‚œœ‹Å¢ö†h—¢²²²””===kkkêü¡êêꆆ2›YS(¦§§3™L êKAdee½yóÆÚÚçA´7‹Ïç'&&ÚÙÙ©ªª"„ª««ß¾}Kí)Z]]­ªªZ]]­¦¦vûömr½Ö«ªªzúô)‹Å4h‚‚B+ß%‰ŠŠŠz÷îMx@Ì›7oRSS{õêÕ¿rºªÖ(++{ñâ—˵´´DÞLmÅöPÙÑÞvGŸ 9r3äæX‹±!ƒÿ8÷vnå؉åW–ïMØ[³±¦É±«¯¯>–|¬$¼!´ûÁî-··¼ã½c †Ÿß¢Á‹|#}Ù,vIxIþûü%——\ϼN b°áà û ¥W–¯-ÖWÑO)IùäÏO^¿{­ÂV©á×XjYž8mo`/Ý-ÐUHíF²tUjhh€tEÍì„òòò,‹ÚU ¢tií4Lœ8±¾¾ž±zõêÊÊJrö' ›$ŠvH':_ÀO,J´Ó³ÃS?U×W¿­{k¢aB¾*"DyÎ¯‹^‡“„P½ >µ4µ¨º¨·jïúzlÓ’Õt‚ÎG2(ðSr¡”k€T5]êÓV¾A´ƒ®¢†9sæ̘1ÃÂÂb̘1999±±±û÷ï‡\BöшvÐYØrì¡Æÿ%RUPUUP-ª.røÉaã¨+†­@5'hðo^§ §àÜ[| ;ÚšÁàÝ•ÉdÂ~ d_ât!í4øùùeffFGG'$$¸¹¹mÚ´ î‡Ø%H®ŒFPLžeJ/Õ^žfž¡×CÏÇ÷iᆌ q£Dg×!é™÷“ÿãaUUUÓ§Oo* EQQQ,K,Œ›Ü!!ÚA—Ñz‰¢Dþ Ã-rrrùùùB¡°Ãª €¤pòL¶ÅÉHF!Y:AMúñŽ*''‡èêêþüóÏeeeõõõx¶‡§ ihh©;ƒî ‡"þ$//'ôàp8xÆ]]]]]]¼ÊÉɉu´Û!!Ú,ƒh=‡t£5ênÉ3èZÄ’gYh© ßÙ©qNobb¢¡¡QWWW__Ïåry<^CCŸÏçóùxB|?é~HÔßl6›ÍfËËËs8%%%EEE55µÆ9}‹»D;Aí çhh' ?ÕÑÑÙ¿YYÇÃÑŽï#Ž“g‘H„£îvÚ õðËd2qò,''§  €£Ãáèêêêèè4ÀXsé ÅÆ_FNNN^^·âlmħ¸‚Úy‘ _Áb³Ù8&ðé_µÂë0$®Ñd D;è9¤íŒF­付L¦‘‘‘ªªj]]Çkœ< ˆvЮÚ‡'ÏGQQQ]] uò†*£ºƒÑ;AîØAà]ïZ8}'÷dyyyœÓóù||í ú#‚öF¶ý‘ç²5ãp88hÉKYͤõí@–A´ƒžCºÑŽ‘ 3ÎU8þD‚ pÀ“5Ù@Ñqßô0ä¥jòÌáp”••qp’»€¼¼<¢ì[mú·±#[XäääpßY‡#‰pã8Þ dÿZ²s-ì„ ýP#“ì_‹Óz6›Ï7x!y)«5çˆv ƒ ÚAÏ!õhgPàP'ógÜ×Áyµ@ àóùx¤A8y†€íG,Ùò@¦ È}Àüïð‰Îªy›ncGM¡ÈR!&“I‹Å …øÛâ+XÐã´ê¹¼ž„Ï.øLCž„ðîÇ’p6}ˆv ; ÚAÏÑ~ю㜠²£N-Øl6f<"Kf×0i2hodVŒ£÷zÂ]ûpvÁü/IðíRg‰ÖÆû3Þ÷ÈÚ …Bü}ð ø’›ÍÆ®@ ÀgèqÚy¾a0dÖ.O/b‘?È}’ÑT_[ˆv Ë ÚAÏ!Ýh'Ë$³œŠà`ÆØ:¯“C&ÈaB8Ç€€íÇ*™$mÂ8 ;ã᤿DmèÄšÓ;³yüX(²Ùl@Àøp[ ²‹!ÙN¨{ h?d’×™ð)︹Íf3™L6›Í Œ4ýXfÑdD;è9¤í“gœEàåxÜ»IAA÷q¢Ânä¹É»Ü>õ±KÇפK#s`2§%ód24yî·NàøÆ»"Þiɪã—äääðùçúäùzÐÞÈ´ž<ë½É’l¶&z|þ@Žzí@–A´ƒžCºÑŽ1™L‘HD–,÷á¦Úl6/'û¦“}œÈhoã´ÈÔåc»êfÿØcÐŽ[Ædª@2„›&ÈÞ}ˆ2¸¨«ÝÖ±rrr ä‰_ÓÂÓ’gê4Ýlo2…î7Eþî'£6D;Y9IžÁãñBÇ·±±¡W²ŒKOO är¹Ô; ʵîÎå@,¼ÅZuh\*jWmšÙ 5ên‹÷ÉO>ù$>>þÕ«Wêêêx5¼îÙ³gãÆôóókãç"„LMM¶mÛÖö¢Z”““3~üøììì#GŽÌœ9“úR}}½žžÞìÙ³wïÞZ»ví/¿üB¾Ê`0 ½¼¼¾øâ ±bããã'L˜@]¢®®îèèøÕW_ 8PÒJÖÖÖôíÛ—ÍfKúÞÖ°³³›0aÂ÷ßOïíùùù«V­ uuu•nŨîß¿?jÔ¨¤¤¤P—‹³èíxMF;A3gÎŒÏËËCÅÇÇ{{{SßÕüßÔÒÒ²´´”|Êf³-,,-ZB£’YYYšššíôËæc ¶ Ì;÷Ì™3ä«šššŽŽŽ¾¾¾!!!4>ôĉ .<þ¼‡‡½joܸñĉYYY’¾±OŸ>sæÌÙ¼yó;w>ùä“7n :”^šôüùó &¼xñ‚Çã©««8p`öìÙ•€wySSS±]¾]£],bI?ýôSPPê´–bç‚™3gž>}ú“O>¡Æ¼´ªqüøñ Ô××s¹\|WòÎR\\Ìãñúöí+饵É價ÑÞdœ“È’¥µ1m¦æ¸]‚:ÉÆÆÆÑѱ-åË>âÃ,懻³Q3ŠÎ®L#·Ùø@n4I$°¶¦˜ØÎ}ºgÏž”””˜˜±¿:A\.7 `È!!@ðêÕ«¨¨(ww÷äädSSS‰*yçÎ)S¦$%%ÙÛÛ·õ 7…ú5%%‰fÍšu÷îÝ™3g¶ëŸŒI™ º\Šû›X´Áãñjkk™¦Ä‘èoÊårMLL,X€Ÿß¼ysÞ¼yuuuK–,‘´n Û²e ý¯÷q ±] ¾¾¾¾¾gAäååÅÅÅ}öÙg÷îÝûå—_päÖ …\.wb¦Wm¼KÒx;ña¨€¶¶¶»»»¦¦¦tCwÅŠË—/WVVær¹x‰¤åã]þéÓ§b»|»F;—ËíÕ«—ØU„Pÿþý»P¿ÚGKê¹ ??ÿôéÓ³fÍZ³f ½ïÞ|5~úé'33³;wâ[³Ñ(_Z6lØððáÃôôtIß(•íLݶM¦’Öª1j.A6V4.œ^RAmÜ ÇiP§Gëö¨¹5‹€Šæµ²-NFH'3}úôeË–EEE‘Û F^^Þ£GBBBTTT¤ò)'NœJ9­QXX¨©©9gÎœÆ/QG¡]ü+\çóÏ?ßµkWjjªƒƒCã÷zyyQ¯JΚ5ËÕÕõСCß|óD•üØ/iiÁAL¯ðmÛ¶%''£ö¬Fþ:l7k²Á±õSƒafföù矓K¾úê«þýûÿøãË–-£W™€Æ»€œœõ‰D¢°°°ˆˆàà`‰>´íQM{›o8pà•+Wè}úÇ\½zõñãÇ/^$¿ïØYÑnmm½uëÖŽùÄvB{›SÏ<@ÛÙÙµG5 &Mš4~üxz…KíH*Û¹4ùû¬qòЖt‚A&ää³Ý¾³8žD«q3¤ÓNÉs;i—Ÿªªª>>>ÑÑÑoß¾%ž>}š òÇÄ/¿üâééimmœ@®rìرK—.¹»»Ÿ?!ôäÉ“°°0kkk|å÷5DÍ™3ç÷ßÇy<ÞÚµkíííõõõÇŒs÷î]²@ÿ¨¨¨¨¨¨±cÇZ[[}¬æ'Ož9r¤®®®³³óŽ;ðþÿÿ÷—/_ær¹~~~qqq46ˆ““Bèõë×­YÙÁÁÉd¾yó!”žžîííýòåËo¾ùÆÖÖOŒÝd%Ož<ùå—_"„–,Y²ÿþf¾öüùóÉ“'÷îÝÛÃÃcÇŽä_ª™-IÛÇ¿þúkܦ™áÁƒ+W®ìß¿ÿˆ#Ö­[—’’‚—'''{{{çææ®_¿ÞÉÉÉÙÙùË/¿¤Öÿøãooo—µk×¾ÿ¾í–:êß´E§_¿~Í@ffæ´iÓLLLÌÍÍçÎ[RR‚*,,ôööæóù‘‘‘¸¨&×ĸ\îªU«llllllÂÂÂp²‡56ô0™ÌmÛ¶éëëûí·m)§ÅH8räÈ°aÃz÷îxêÔ©Æ%øúú:tˆ|zõêUooo²q 999((ÈÑÑqöìÙ?&WKMMõóóËÈÈ@íÝ»wÅŠYYYVVVcÇŽ½zõ*¹æ‹/fÎœéää´téÒ”””ÐÐÐË—/7ù]vîÜéë뫦¦F.ÿ÷ÿggggcc³|ùòêêjrMêªêêjooï7n4¹Ëw®&Ãõcû5B¨®®nݺuC† ™6mÚÉ“'Oœ8ñÅ_à—üýýÿøãÈÈÈqãƹ¸¸|÷ÝwAìÚµkèС7n¤þÝ?v6ùØÁ¿ÅM÷±Ã õ\ðÝwßmØ°!´uëÖï¾û}üT…züø±ŸŸŸ•••··÷¯¿þŠ6SÊÊJ??¿ŠŠŠ˜˜???¡PxàÀ… feeÍ;wþüùd Mîªm=ª&¿Â²eËbbb ¼½½ÓÒÒB%%%ß~û­‡‡‡­­í¼yóNŸ>M–@=ƒ¯Y³¦íÛ™Þ9W*0é¢vš"»< …B>ŸßYß®#544Ô××ã¯Lm©@” Ac#°sÿŽÍk¯ëÄÁÁÁ çÎ#—DEEáÐ ,X²d‰’’ÒâÅ‹KKKÝÝÝÉ“îíÛ·ùåŸÚÚZ]]Ý””WWלœœuëÖ¹¸¸:thîܹxÍK—.áß@"‘hôèч ܶm›¢¢¢»»;ùѱ±±_|ñÅÊ•+ÝÝÝýüü.^¼èëëÛdwìØ`kk»sçNOOÏõë×ãÎZÖÖÖzzz NNNZZZ4¶nH±°°hÍÊQQQ"‘¯üþýûëׯϟ?ÿ«¯¾²°°`0«¤±±1¾BæèèhnnÞÌ×A={ölðàÁEEEááá–––›7oÆ?@›ß’ôTUU®_¿ÞÅÅ¥™ÕRSSG7þüÉ“'Ÿ?~äÈ‘87¨¨¨¸~ýúøñãVVV!33³fNUW®\>|xZZÚ¼yó,--—.]Š;76S 6›íääÄf³ œœœ FzzúÕ«W½¼¼®^½Š‡í6³«¶~ëQ}ì+8::êééá# N€½½½wíÚåììZVV6}út2£ žÁ-,,Ú¾éseØ´Nx@v™É@ àïK½•í9²€Œ"Ú‡@ Ð××÷òòÂOsssñA ˆ{÷î!„"""È@{{{üÔØؘÁ`ܹs?ýúë¯ FII ~zâĉQ£F544¡­­½råJ‚ >ŒŠŽŽ¦hhhˆCV[[[[[»¬¬ ¿ºqãF‹UWW'Vá’’• KöîÝ‹Š‹‹#bÕªUFFFM~S|ýfþüùø)î ²cÇŽ½{÷îÝ»wË–- ÃÛÛ»ñ{ïܹƒ Â+ïܹÓßß_CCCUUµ°° ˆ‡"„ŠŠŠZ¬ä¥K—BÉÉÉ-®9~üx##£·oßâ—¶oߎ*,,l~K/]º´ÉÐŒO?ýÔÕÕU ¼xñ!Õäj?þøcïÞ½y<~Š¯øÞºu‹ ˆØØX„ÐôéÓÉcAeeeJJJxyCCýìÙ3IëÙ“'OVWWÇ[ü›ŠÑ××·³³ÛûÁŠ+ðo”C‡€ ˆ‰'öîÝ›Ëå⧹¹¹ +V¬ÀO9¾ôØüšø ýÕ«WñK™™™L&s÷îÝ͇ÍÇ@lð÷÷WPPh¼ÚæÍ›B)))­Ý¬AÄ‘#GB7oÞ$š„ââbeeåÙ³g“otvv1bA¡¡¡zzzx¡’’ÒÚµkÉuðÓ÷ïßãÍ¥®®Ž'€'_BÆn|||øÆáÿM›6|||:::žjxß8­í’%K´´´àùŠŠ ‰[·nÁCèÕÊËË rµàýòž¿w`Oº­­­©©©¡¡¡¦¦¦¼¼¼°°0//ïâÅ‹€¬¬¬¯-ã@‘••ÏÈÈÈËË+,,,//¯©©ihhhjjjkkƒcŒ¯-¦~` V'H$’««kBBœÒÃj:ÅÆÆR(GGGƒÁ`0ZZZlllrssß¿ï577·°°€ÿUUUY²dI|||[[›‹‹KRR’ˆÈL>nß¾=hРɓ'ÃC"‘hmm]UUUQQÏØÛÛËÉÉÁÿúúú§´´”KàÇ3™L[[[ôŒ6½%88xóæÍ›7o>pà@mmíúõ룣£ùŽ‰‰ƒ‚‚RSSÍÍÍÓÓÓÑC‡í•8!Ùlv||ü´iÓPOSk×®}úô)FëñMö–‹/ÆÅÅýý÷ß=à®]»¶ªªŠJ¥ÖÕÕ={ö,..€]vwwGWúôôôŠŠŠ÷îÝkmmupp€çEDDP›æ¯KßË›7o6âÒ¥K²²².\Àê· €Ífß¿Ê”)¨çDeee}}}¨Ã?äÝ»wi4ª“­¡¡‘••åààп¥€ èU^^þ3ãé6'"ü‚oß¾`óðaÃz+ç@Ðã7Å2cÆ |K_4TTT°ÙlsssìUMMÍÄÄD®[ðC¾}ûVWWû  “¨•×_¥€‹7oÞ¨ªª~þp¢Ûœ3<¶êPRRRRR ­ÊÊÊÁf$‰¤  Ðí]Xí èî.”ðË IDATÃáÀbW– T*•ŸÇ^¨€ÎU¦°YW]]]FFícù|S–ÏGGGçðáÃü®b¿N¹.--ž.À°aðöEè˜@$¹F_°ÿÑck"HåÏEߪA~Mîz{{{{{cÃCµÃ^!++‹NIôØòöLoÈ«W¯;v,))‰H$p9±åÒâãGÿ67ß8h¿k8ûÖ_àé7nÜpssC)ʘ1cLMM·mÛÖ[×8aaaþþþd2¹´´”Ë÷ýñãÇûí7@cc#W–`±Xp,5Ÿ@GY߸I€@;püUYY™žžŽaKJJJHH”••Uþ®¦ÅÏϯ´´ôùóçÛ·o/**š5k—»:Æe] [k´yæ7Gˆöþ±í7l¨¾‘î)Dp!qBÂéj¨2áp8uuu,«Ç7Ù+JJJ F`` šššššÜûÓÛÛ[MMWþÀÛ¶mó÷÷/--e0aaa\ºýˆ°*„Ö¤øÇ~VÞoÄ»Ë~H111l4440™Ì+ííí±±±ÆÆÆŸà“ÄÅÅÁsukk+WyAçh%$$À3RCC¿A¯È'}ì onnæ'l>¹¾Ü·•º}í=N®Sà”k¨þ‡ gPð—4a‡¸ÇÖDÊŸ‹>WƒÝ6U0k]¸pKB¬ë³>ÐcQäí ˜®0yyyNNNÇÏÌÌliiÉÊÊ’““ëC°››ïìJÅ—ôìÄápZZZ\]]CBBBBBÖ¯_/''wàÀ=Ä °X¬–––?BO9Xþù矖––n­ã¸Œ°…+?$ë&|ñâʼn‰‰'Nœ€ºO𤮮.ƒÁ ÓéJŸ¸}û¶··w·Õßž={üýý ‚‘‘Ñ–-["##Y,Vvv66ŒŽŽN~~>¶bJKK“——WQQ\T@||>ž_{ ga±Fáà¿eÐ$¾öÁƒøð ërêÛ§\kjj¾zõ ­m>~üøìÙ³ÞÆß«ÖD@úV òkªàš|ff&*!“É\¶lYöpàôwQ¤µ\¸pALLìĉãÆmll„‹{}HB?67ß>è+B(¾ØêÄÞÞ~ýúõëׯ Š½ÿ~IIɺuëúÕرc£¢¢°gètzjj*¿ÍøØŸ@ð¼pDñ#1°Ã 777Aöïß?cÆ Ts`ÕªUrrr•••uuu¿ÿþ»¯¯¯ššZ·ÓHÐ?4×kjj:þ<‰Dâʲ7n$“É6l¨­­moo?þü½{÷|}}{Õ¢L™2ÅØØ844ôùóç''''((ÈØظۥޯ¾pY?11±¾¾?d@@@FFÆÉ“'bccÿý÷)S¦()) þ&íìì<<<ð¥ÓÂ5w‡ ¦¥¥Å;•5a„gÏž655EEEmݺÐÜÜŒ_ÝXYY…††¦¥¥uttܸq£Éß¿ýö[ZZÚ©S§ÚÚÚjkkW­ZE |}}áU99¹ÌÌL8Ë‹rÓ¦M eÓ¦Mt:ýÅ‹+W®¤P(sçÎí¯RÀápÎ~â?þ°°°8yòä®]»fÏž :tÈÔÔ´[ež¾1yòä_~ùåðáÃOŸ>}÷îÝ®]»’““yG/FFF×®]ƒcÚ€€Ô©(t‘‘‘Æd2‹‹‹CBBz»1|á^^^ÙÙÙ‘‘‘«V­â75nnnN ¸†W¯^ýã?ª««³²²õôô …‘‘ƒÁX¾|y~~~LLÌŽ;Ðâƒ-ò½õ‹S®7lØ@&“çÏŸÿï¿ÿ&&&:::677÷6þ^µ&Xp^]ß~M•†††‹‹Ë¥K—’’’ÚÛÛ£££]\\ÊÊÊà¸Ï_p ,œÖVVVæ̶¶6cc㶶¶¸¸¸ŽŽŽgÏžÁ}i¡Þ8ûý=ÿ æpÎ'ØÊ•+±åâîÝ»³gÏÆN}Ó¦M[´hÑÍ›7±¾›ÄÉÉ µŒ…ÄÄÄÐh´3ftM/ÖpBÈFÙtóÖn‘‘‘Ø“ééé¨Y•JÝ°aêúƒË{ ›Í†ÖfâââD"Q\\üøñãðêÙ Ak×®IKKà–(Ð †õåWèºõüSZZ M`ufff†ºâé­g'&“)ÈË^€Î;Ç/œpJJJDH‹ejj X»v-~H6›€¶¸“'O®ªª‚—pÞ$öÓ((( ’FØÇåçÙéùóçp©@ Œ=:++ Σ?zô֞Ϟ=C»¹¹ikk£Ñ†™@ 2î6ðÕ=;á|S.lllø]åÍ6l@?«¬¬ìýû÷Ñ«»víUPPè1ä½{÷PÕáÇ£~Zp²àž°5Œ‚‚‚ ¸^,&pR^ÏNürBuu5ªJN¡Püüüày¬g§üü|hPA&“­­­¡“Y觳³zm‚î½÷ïß?vìØn=;aý,!B&“a0‹ õ‰UTT¢££ÅÄÄŽ=Úmº ÝÝÝᨰk×.Ô@__¿¼¼}½¨³1cÆÄÆÆ’H$èÙ‰«Èpr,ovÅ)ׂܻwO[[ ))¹zõê… ZXXÀ¹êmƒyó桇3gÎ7núP~­ NåÿêpªA~žpšª†††¹sç‚OJnS§N}ýú5¼„/—g'4CpŠªào NRRR žäãÇ;;;íííEDDˆD¢„„ÄñãÇCBBˆDâš5kžZ¢_Þów tëÔÙÙÉ`0>|øðþýûÒÒÒÜÜÜŒŒŒ¤¤¤C‡þžôßÕÐР¨¨8qâDô ÎÕ«Wqqq\çïÝ»8þ¼àQÁ:3//L&‡‡‡£çMLLÜÜܶoß@=Ô!Ÿ<;íܹóÆIII¹¹¹¥¥¥ïß¿ÿðáƒÁèìì:wú1øÿ俼qãF:îééÙÙÙ Õí***FŒqãƧOŸ†„„tvv¢ Ê‹/Æ·cÇCCC6hÐ 111 1112™L¥R©T*ºe[oÓ%äÛâkc„"äGÂÆÆfÚ´ièá¡C‡º» ííí\˶?ýõ—¼¼üÛ·oááëׯi4\u"䇻:QWWW]]]RR’“““žžžpðàA€»ïDkk«¶¶6\I>yòdßdà·:ýƒ;vLð¨àêN‡ºpp—’HIIutt@mFÞÕ‰ÀÀÀk×®%$$¤§§çää”””TWW×ÕÕ W'~$ÖvBˆ!B~ÜÝÝ>|¨¡¡±jÕª™3gúùù8q‚ß*•J=qâÄîÝ»¿Œk—o{{{ …bhhèêêêêê:iÒ$ Ô !?¼½.ô< Çâ/&&T__¯©©Ùï»*Aó-¨2×[æÌ™#""*QQQsæÌŽ˜ùSŠM~·¯EÈ÷‹p8!Dˆ!ý€““SQQ‘¯¯oGG‡¹¹yRRÒÊ•+qÂOŸ>=88¸±±ñ‹IøM¡¨¨øòåËóçÏËÈÈ(**;v îI÷µå"äËÑc7º³³sß¾}4­¨¨î ÔüóÏ? …w—'A’’š5kVTTTiié³gϸLæx~xp;!B„ù©9räÈ‘#¡I· 899 ¨<ß8RRRŽŽŽŽŽŽ_[!B¾½š’ÎËË{üø±¿¿¿···……EíËqýúõ˜˜˜ P©Ô¾Åàââ²hÑ¢#GŽÈÈÈÀ}¥ø`öÀ®Eü¨‡B„"Dˆ!_œ`iiiüñ‡———™™ÙÙ³g <<<îܹӷ‡>xð ®®ÐÚÚš••uþüù &œ';LŸ>F£Í›7ß%WW×//ÕçššJ$y÷Tîs³ÕÚÚêîî¾jÕª .üxNϸ¦äžéy‰„0—&~HJÙ‰N§ëêêräH\\Üq󛥵µµ££ --mii‰³ V¯–tÜÜÜච€ˆˆˆ²²²   x7r‰_Aã×ÒÒúiÝÈ|ƒøûû§§§CW}\ttt´¶¶Âÿfff½Ý·›mgÏž““Ó÷ür¦€qŽ9ÒÒÒ200º*òcÐÞÞ·ñp8œ––WW׉'Ølvqqqtt´¹¹ynn.:$ÆAºôsò𷜾uëVcc#Ü RUUõðáCäÓîòßÝ~¾¾5[?~466...ž8qbuuõÉ“'/]ºt÷î]"ñÇñ?‰v£á|<Ü ük õ%€c 8¨€ÿ…ÉNxzzjjj>|øPRR²©©iÆŒýõ×7>œ@Ñ×׿uëVņu –’’òîÝ»€€€¯"‰—————WÅ&äËÙÛ[ú7Û|7n422òööîÃN®B¾f̘±lÙ2ôpÉ’%¦¦¦§OŸ ùzB}‹èééåçç_¿~ÝÝÝ=3hР^mæýÓ·úçСCÅÅÅ)))¦¦¦‚íÚµëæÍ›!ä—k0€öªá`©  àkK7PÀ¤aÓ‹NG?}Øú®Gž>} ¸uëz&33óìÙ³Ý~ÿþ}HHˆ¥¥å¨Q£~ýõ×èèhxþõë׳fÍzóæÍîÝ»GÅb±ùøñãÚµkÇŽkddäããÓÐÐÀallì¬Y³òòòÐ3/_¾œ5kVbb"ÎãQVVöööF$//oÞ¼yð|vv¶›››¡¡áÒ¥KŸ={6lØ°mÛ¶õíÍØÙÙIIIq\µjÕˆ#ž?¾páBuuõiӦݿ^ÂJÂáp¢¢¢,X ¤¤daa³Ÿ.?Ož<ééé‰KMM]·n®®®™™™¿¿nn.z)??Á‚cÇŽõòòÊÍÍݸqãÍ›7>…_<ÙÙÙðClݺÕÐÐÐÁÁáßÿmllôðð5j”¥¥%Œó{&³¼¼< `ìرPO»ÇçåË—ÍÍÍåääÆwàÀ6› ˆ··÷°aà 4kÖ¬—/_rŹiÓ&yyyøÙ²e°ìþ>ÑlsùòåqãÆÌÌÌŽ?¯>{ölÞ¼yššš³fÍâÚfU¬ÞmœÝ¦¢««»nÝ:ôðöíÛžžžè^ÈB¾;fÏžVb=œ;w ¥¥…H$º¹¹ñÞËd2}}}'Nœhmm}úôéõë×kkkÃK]]]çÎsqqQWWwppØ¿ss3Ò]~ãréÒ%+++33³;wæää,^¼nܾbÅŠ¢¢"wwwüxŽ=ú믿æåå-]ºTGGgõêÕ•••)))¶¶¶šššNNNUUU½}o¦¦¦“'Ož1cÆÌ™3±çùå—… êèèÌ™3=ɯâÈ̯ÈÈȘ5kVaa!I@@ÀÖ­[áÿÅ‹_¼x1..nòäÉ×®]ƒ'ÿú믩S§jii-Z´(==+íùóçgÍš5aÂ???èbÛp@°ÍÖÑ£G×®][TTäâ⢩©9}úôÛ·owû~\]]‡ ‚ÖœP_îÌ™3‚¼ÛotWl&“ÙÐÐPSSS^^þúõ묬¬äää3gÎ|ÅîßãðáÃwïÞMNNÎÊÊzýúuyyyMMMCC“ÉîŠýÃ0 «oÞ¼™9sfZZZNNÎСC­¬¬`“À‹µµ5N_²d‰¶¶ö­[·æÏŸíääÔÔÔtïÞ=OOÏ´´´™3g„ÆÆÆñãÇøðÁÝÝ]VVöÌ™3·nÝzôè‘‚‚6Bƒû÷ï7»xñbRRœåå÷8l µµµW¯^Ý´iàÅ‹–––JJJ®®®=š2e ‡Ãé÷7öáÃkkk —“'OÚÛÛ¿~ýZMM +ÉÞ½{wîÜéïïoiiçææF¥Ry]¶ãüâÅ‹Û·oÃÿ/_¾œ:uêèÑ£===ÛÛÛÏ;wòäɲ²2))©ÜÜ\333555{{û¤¤$sss‡#//oggÇûQpâùðáý{÷ŠŠŠdeegÍšuöìÙ¨ªªÒh´ùóç_¿~}Þ¼yoÞ¼1bD¿¿Ï/ Læ¬Y³äåå-Z”––¶sçN)))øÕ<èëë»bÅ OOϼ¼¼Í›7¿xñâï¿ÿ;vlJJJgg§¹¹¹¤¤$Nü7oÞ„j‚¿O4Û(++ëêêB;¿‘#Gnß¾=wî\uuu:îííýüùóððp pVç“_ax]]Ý7n9rfee:uÊÃÃCM!ß#ÑÑÑ]]]¼ëQl6{êÔ©/_¾\µjUGGÇÚµk%$$PµŸßÿ=00ÐÁÁaÛ¶m¯_¿ÞºukFFÆ•+Wxó¿€?þøÃßßÎœ9ãÇÿ믿ÂÃÃétzPP¼¼|AAÁ;wâãã[ZZüüüðãyõêÕÕ«Woß¾=uêÔ &œ:u*))éÝ»w3fÌppp8uꔳ³srrroß ›Í^²dÉÊ•+ëëë¡á\eeezzz@@@ff& §âÈ̯¨««»wï^SSFFÔ³$%%•––¦¦¦Ž7nÈ!€+Vœ9sÆÆÆfõêÕwïÞµ´´ŒŽŽ¶³³ƒOß¼y³£££­­í¹sç"""ºM&¶ÙzõêUlllTTÔ¼yó<<<"""_½zÅ›=æÌ™yñâÅÅ‹·¶¶=z”@ X[[÷ö%³ðj:‘ÉdUUÕ°°°¦¦¦ÖÖÖ¶¶¶ÎÎÎŽŽŽÎÎN‹ÅápàPöÕ¾¶øxÀt‰ˆˆ é¢P(T*•B¡ˆ‰‰ÉÈȨ¨¨Éd2™,ÔwúáDQQÑСCýõ× .HKK766>üÚµkÆÆÆ\!+++‹‹‹###¡t‹–˜˜ˆöš***àBðŽ;ÊËËß¾}«¢¢X¶lÙÈ‘#O:µmÛ6lœêêê“&MŠ‰‰A‡QQQŽŽŽƒîñq¼lß¾@ <}ú”F£mÛ¶íÔ©Sý¾Ñ=€Á`\¸paÎœ9WWW}}ý§OŸrõ·¢££MMMwîÜ X¹råŠ+²³³y‡ œ˜˜(##“––·°Ñ××·±±JyyùäädØÍýóÏ?ׯ_½ûQpâMMM/\¸°´´œ5k–˜˜XFFÀÖÖÖÄÄ$##ã{N@ÆŒ+ÇÑ£G?yòdÓ¦MµµµÁÁÁ+V¬@}{«ªª®Y³fÕªU¿þúëãÇ[[[·lÙÒ«õê}ššš644\¼xÑÓÓS__öጟâÊ•+%%%°/¸råÊ9sæÀÿB~  5EggçÓ§Oïß¿/!!ÁëËòÒ¥K±±±°Ö =z4:œxðàÁÒ¥KOŸ> ëëë¡Â W~à YSS³cÇŽÕ«W?~ 'PètºÏž={àÞÛüâ|üøñæÍ›°M$Ïž=»wï^¨§Š ÈŸþÙÙÙÙÛ=¼»ººW­Z Wtt´¤¤äÌ™3á€_Hqd°à%%%%))ÉÂÂþ?uêThhè† ëÖ­›>}úÖ­[íììêëëwíÚµ`Á81·eË{{û»wïömmmTTô%jmm­¯¯ÿìÙ3Þá„£££§§çÒ¥K·lÙòñãÇ–––Ó§O+** òb¿}ৄc tD;ßÊÊÊC† iiiSõ¨(‡ÓÙÙ‰ œ¹ÿÚ)ÀM…Bà 貉B¡Ðh´Aƒ‰ˆˆ  ô  ïäk‹/¤#§ââb:^PP™™ÙÐЕç,XÀ;Ù©¬¬ÜÜÜlkkÛÒÒ’ŸŸ‰ÚCC<<|xVVüÿêÕ«ÐÐP8Å£¨¨8xð`~ñð YZZ ÀúÂ6löFYYYì ÿ‰ h_–5® õ>×]...îîî555mmm\¾˜q )¾Ì‚46›*;ÿÖçEEE¼+Æ>|xûö-[Ep½^~ÈÈÈ ÿao²[-J¨F§Ó%$$iii¦¦¦/^ôõõä)ß,p&¾«« «é$""Âáp`K!**J ³ûd2™Åb3¤» IDATAM'‡ó]´’p˜õàÐŽ"àR(«ï$ÜtâÇ`@†P ð>|øÀ2//ÏÉÉÉÍÍ-33SGGGTTtäÈ‘Ýf,˜<ˆ=­Q$%%bbb‚‚‚®\¹²lÙ2Øþ8¬×°³P ŸÓä¯/<ÞdÈ!ÇüøñÍ›7#""233Ÿ?Þ78rìØ1kkk•ììl###­½{÷ ÙÜÜ\__ÏOr~ñà$퇤Ûd4ðþý{´A…­µ€Í°à˜=.\¸0eÊ®ópwˆ>dõÓXWWxºbB~B$$$¸rTNNúßÉÉ©««ëêÕ«&L‘‘Ù¼y3ÔYâ…_H˜½ß½{‡v²áX—øO¸ŠËÁÁL&ÇÄÄ´¶¶ÂÅ ìUœBŠ/³ ¤¬¬Œw^")))!!‘——G"‘°çàºeUUº1%öóá HëÖÜÜüìÙ3˜LÀ/¿ü¢§§ý½'°ÀW»ÝpW 8`@õX,‹Å…à ‡ó} 'àp‘Œ®TP>A&“¡â ùµ¥ÒŸ Èç„‹¨Õ/àÁƒD"‘w%áÂ… bbb'Nœ7nœ¨¨hcc#œ%íFP"qôèÑÉÉÉJŸ>|x@@ÀÅ‹»•aéÒ¥ùùùáááÕÕÕèÌ™àƒ >|ðàÁ‰‰‰è™¤¤¤¯²·‹Åš={ö;w dmm}üøqooשּׁ,‹… &¸À«W¯1b‘HDçeddddd) ÅÇÇ£g  Ðøñã¿Š<ººº€ÌÌL´1™ÌeË–ô9«÷˜Æââb2™Ì¯û"äçAWW·¤¤¤²²vtt ÖÌÁÁÁ³fÍ‚ãR~5 NH¸¦ŠÍŠÿþû/?ab¿#))immuåÊ•9sæp­ãR™q8¸ª­­…!ß¿~^tuu NGŸ~ûömooo‰4f̶Šxøða½qqq …òúõkôL[[NÇY¤úî@u{¸l'àèípÉ|TY«8ôÍ‚¨Ÿ–#àŠ:~Àn€-TvúÁá„£££¡¡áÎ;OŸ>M§Ó÷ìÙµbÅ ì¢'ÄØظ­­-..®££ãÙ³gvvvD"‘Á`tÛݾ}{uuõï¿ÿÎd2³²²/^ibbÒ­ VVVC‡õóó333C—¿{õ8@ð÷÷ÏÈÈ c2™ÅÅÅ!!!ØÚßÎÎŽK=w€ “Ƀ†Ó{oß¾‹‹344äjŠze„ Ïž=+,,ljjŠŠŠÚºu+úüí·ßÒÒÒ¼¼¼²³³###W­Z…3‹€O?¿‚ï)S¦‡††>þœÃáäääC…YYÙêêꬬ¬¶¶¶“ja%&&Ö××khh¸¸¸\ºt)))©½½=::ÚÅÅ¥¬¬L___ðœÃ'~%%%ÚÚÚ¨ÂúùóçMMMóóó.ÉB¾M|}}EDDÖ­[WUUÕÜܼyófTéeôèÑ4íöíÛ?~,--õ÷÷OLLd±X°h`óNHKKKccã={ö=z4''góæͱ±±ü„Á¢à:tÈÔÔôýû÷½ºËÅÅ%99ùùóçØ]‰ 8…GfœÂÐÐD"mÙ²%!!!--ÍÙÙ™Êß&jÕªUrrr•••uuu¿ÿþ»¯¯¯šš‘H´²²222 MKKëèè¸qãF·†‹}CDDÄÉÉéÉ“'[·n}ýúu^^Þ† —/_Þ_øº`:A…8y ÄÅÅ D£Ñ$$$$$$¤¤¤¤¤¤¤¥¥¥¥¥edd¤¿P9¡ð0!Ð[\\&&&ëâék!ýÀ 'µk×===•••·nÝ:oÞ¼ð†ttt´··_¶l™¸¸ø´iÓ-Z´cÇŽ˜˜˜uëÖñž;wî¡C‡‚ƒƒ%%%ŒŒ?~|éÒ%ssóne ‘HnnnL&»aP¯ñññY±bÅš5k$%%µ´´\]]á$ äùóç¹¹¹½x5ŸÁo¿ýVWW§¬¬,!!1räÈ®®®óçÏ÷V`”€€€ÁƒkkkKKKïرãÞ½{FFFóçÏòä‰ÏöíÛ###ÇŽpüøq*•ŠZè Oÿ&ÿ{„@ \¹rE^^ÞØؘJ¥>üÆ𪓓“”””‘‘Q· ý…±±±©©é†  Ë—'NXXXL™2E\\ÜÙÙYNNîÖ­[bbb@àœÃ'~………è!NOKKc2™—d!ß&£FŠŒŒŒWRR}º½½ý„ P·¼HKKߺu«¬¬LEEEAA!88ØÃÃcß¾}-##cjj*&&æéé‰:sëNœ8áêêºwï^}}ýˆˆˆ={öð·¾_P;.Wªp,¿¯„„„¤¤¤¤¤¤””üEÇß8PTTr¨5'!!!&&GhzQw±ÂÕ‰ €Î"—””ÐétèК555ÕÕÕúúúP_cA_û¼477ggg“H¤ñãÇã̲ô×ã t:½¤¤ÄÀÀà뮽vtt¼|ùòÝ»wÆ ÓÓÓñ#PàÜÜÜÁƒC[AŠŠŠÔÕÕQsƒµê%%%“’’&OžÜ·x~r)...//×ÖÖVVVÆ^êêê‚_s kÕšš)))QQQxXYYYPP ¨¨È;`<«cãä—ÆÚÚZ%%¥{÷îa-8…üÌÀµe%%%h£¥³³3++KWW*Ð3ŒÆÆFX«€ÿæ7ü]]]¢¢¢çÎ Àñ„Ï×…_!Å‘§hoo/..5j” Õ2›ÍÎÏϯ­­3f ×vÝçåË—,«GG&}£ªª*??_TTTWW—Wáûõ÷ÚÕÕÕÕÕM#ººº 7E‡­&àI¸ãzËw±Ô5ª†C&¸ø€õéD¡PГ¼c…|ï ìpBÈ÷ˆ­­mGGª‚ 7 ÿ‘ÔX…|vìØñøñã„„„¯-ˆŸwïÞlÛ¶ ®6³X¬éÓ§‹ŠŠö£NŽ!}»y0çpä­±QÛë. °{ö]tÒxÍBÐAN  N¤O0|mñ…ôÂùc!ܸ»»;;;khhLŸ>½´´4!!áĉ±„ÞÂ`0Nœ8µÝ"dàPTTœ6mÚ¦M›®^½ ývÔ×× ³Ÿoè þ‡¶ˆz…gH$×@Ë×]0ÿ…È×NvØ¿¢ØBúáê„n())yðàÁÓ§OGŽiii‰ÝU@ˆ)---((°¶¶þÚ‚ùYàp8éééñññFFF¶¶¶ªªª_[(!Bø´@ÿ@÷¯èbú éa—&Àwµ:0 ¨È"°Ëð?:wú±'„"Dˆ!B´¯Å»ø€ÚT€ÿªEñÞûm‚p©0qíX‡]¾à½WÈwp8!DÈ7M[[Û›7o°ú ù–A¤ººšÅbõÖM!B~`°¶Øk/ñö͸¶×@ÏcckñµäÒï‡B„|96mÚäáá·~ëiiéÐÐP¸ñâû÷ï—-[mâ9Ž®®nxx¸©©)àÖ­[ÎÎÎãÇüø1ööqãÆÄÇÇ›ššš˜˜ ^ŒÉd²••ÕÒ¥KgÏžÝ/ ‰ŽŽnjj‚›®ÔÖÖþñÇ\~ùå—yóæq|ùòå„ ÒÓÓõõõÑ“óæÍûûï¿Ÿ?naaOuuussó½{÷B¯kÅÅÅØ»ää䜜œV¬XÑïä8p»ÀêÕ«%$$L %%eùòå………D"qäÈ‘666!!!pïð¡C‡8p`Ñ¢E0d||üüùó/^|äÈOOÏÚÚÚ¸¸8À€~¸ï‘ÆÆF6›ïPÈgÒÔÔÔÑÑîx-d@ÁŽ¸þsûÒ’}\ìT·ÿû‹Åª¬¬äu ÷u¡Óé²²²Ðëúωp“s¾´´´vvv~mAþdž Ð-ùú:>wîÜÔÔÔŠÿ'AèèèÐÐPt{Únikkc³Ù€ÆÆF##£¶¶¶ìì쎎ŽŒŒ ===kkë’’ô’ššZ^^ŽÞ›ŸŸÿêÕ«¶¶6¸;X{{»³³srrrrrr\\œ†††ƒƒv¿ó>óöíÛ€€€/^ÀC‹Uú_ºݥ«««­­k³íŽŽXÊàÕÈÈÈäää‡úúú&&&N˜0¡±±€ H[[[xx8LQXXXNNδiÓZ[[??EXvíÚUQQQ÷ èÀQÀ677;::ZXX´··Ÿ={öÚµkk×®…WÑOˆ···wss;rä@èèè@÷.¸÷ùDDDÀ­?{u×çÔ¥]]]Ó§OG·noo¿páÂÚµkÝÝÝ÷ïßßÔÔÔ‡8?ŸÔÔT"‘˜——÷9‘°Ùìøøø5kÖxzzž>}ºÛMèqªåÖÖV"‘xîܹn#Ç6ïß¿/++æ¾¾~âĉ½ý²B¤´´444týúõW®\imm%üwclì&ÙâââÀÀÀ¥K—dffb/„´´´-[¶„„„¤¦¦’¾Uº5Âîq,ÑcáÚ¿HHHŸ¿…ŠŠŠ¿¿?àÙ³g4-99™+@ßJÖåË—qv0û)àÕá¹yó& ''çk ò?–,Y21s8¸­Ä•+W"þŸœ»w$&&ℤR©§NBÄÏÏOAAÉd¢—˜LæðáÃýýý¹~ýú Aƒ,--ÿøã4@`` àñãÇ‚üöÛoØÈÇŒ³qãÆÏL‹’’Lˆ——W·.^¼hllÜÞÞÎ{)''ðâÅ ìI[[Ûùóç#òôéS@QQzéãÇ222Û¶mC¤°°ðüùsô*ÜZ;55õ3S„¥¶¶–B¡°Ùlœ08 LHH µµµè™#GŽŒ9þ—””<þ<‚ <óññAƒ-Z´hÆŒðÿ}¸~½œÏ©KÃÂÂŒá&“9uêT2™ljj ÷FTVV¦Óé}ˆö3IIIäææ~N$3gÎwppÐÒÒ,_¾œ+~µÜÒÒ8sæL·‘c‹%K–hiiõ(ϲeË6lØÐËDé™;wîFŒaii)**:eÊ”¶¶6®0]ÿåÎ;pÏlKKK8á†z˜uww'&LÐÓÓ8p€ómÐÕ½}]ø…«¬¬LBB¢¸¸¸/_AY°`Axx8‚ éé逤¤$®}+Y--- ÉÉÉ}ì{G¸:ñ=áåå11ïÝ»7;;{ b°°°ÈÉÉyùò%X[ôÆK—.…J2Aƒ•••íÞ½²Ùl—¨¨(4À•+WœœœøEØÒÒRYY ;.ŸCrrrYY¿= ËËË7nÜxéÒ¥¾m1É…”””››[lll·W H$Rÿ.ykhh|üø1%%¥¢¢‚7~eee E—Ö­[W\\Œ ×%6nÜxàÀADê¯÷=ÒÒÒìãã/\¸””tûöí”””ììì[·nUVV~]!ûÆÙ³g=z”pýúõׯ_oß¾ýÒ¥K?~Ćùœj¹ÅÆ;Æ•]…|&?~ôððppp())ILLLNNNII æ Æe©¼qãFuuõÚÚÚÄÄĺººqãÆùùùuuu‰Ä»wïž;w.""âéÓ§¹¹¹¾¾¾YYY¼¾Y¿<¼&×ýndee5räÈ>ÇéééÙçÛù•,qqqOOÏ 6ô9æïN@ï………!!!£G†ÊÏŸ?wrrÒÒÒ²¶¶GïÙ³g÷î݉‰‰óçÏWWWwpp(((À‰§©©iݺuãÆ?~¼¯¯/T„€dffúúújkkúúú¶··£—ø=ÝÅÅ%:::::ÚÊÊJ[[{Á‚ïÞ½DEE¼¼¼Nœ8¨­­ 577WWWŸ;w.œ+åbÓ¦M .Äžù믿ìíí¡$ü$çM&¿g…‡‡¯X±¼¨¨hÞ¼y***#GŽ\¾|9ºùë±cÇ`'fÁ‚ZZZVVVpv„ééé»wï>räšF ââ⪪ª‚ï¶ËápJKKykLtSÛ®®.''§œœØüçååUTTpye}ýúudddddäŸþiooßÖÖ6þüÏL‹ªªªªª*? QÅ‹÷£Jž––Vii)zxïÞ½ÈÈÈþù'00pÓ¦MVVV ýõ,@qqquuµŠŠŠ“““ªªª››‹ÅÂÀO ¿¿hh¨´´ôôéÓƒƒƒß¼yƒ ?j%Ò-ñáú‘ŠŠŠùó竨¨˜˜˜œ9sž vrrB0ÚÞPøþù‡«.ü+d.þþûïöövGGGx˜ššª££ceemmm555yunݺemmꔬ… >þœ·FúYˆ%¸„daaA&“íììØlö­[·(ʨQ£öíÛ·víZOOOØÖÖVQQqØ°aþþþ!!!ZZZƒ *--í6ž††uuu))© 6ìÚµkĈÚÚÚïß¿G$77—B¡Ì;÷ìÙ³+V¬––vuu…Àyº¬¬ì¨Q£wïÞ½eË11±‰'"’’’‹ëš5kîß¿ßÕÕehh8jÔ¨£GîܹsôèÑRRRXEȾ}ûÀu9ÔÕÕgÏž Žä¼Éä÷¬U«V 6 ÆüòåK ‰_~ù%<<|ÿþýC‡ýðá &/////¿zõê}ûöéèèP(¬ –¦¦&55µ;v¼~ýÝ9@HwÀfƒwi Tvêêꈈàìúõëd2A3f„„„ ²uëÖùóçÃUZTÙIQQq„ &L011quuMKK믴̚5‹WÙ)55UBB¢¡¡ß]P–WÙÉÙÙéNÙ Aððpeee䓲“®®.LÑäɓׯ____ß_)‚DEE-^¼¸±±A„„‰´gÏÁijjºxñ¢§§'ê¬[·ž—””8p`Îœ9C‡ÅêDq); ܇ûL ²“ŒŒŒ‰‰É¡C‡æÌ™S„ È©S§Øµ~•Ù³gsÕ¥n…Ìů¿þjdd„ž>}:&&=d2™RRR&&&\wÁÍÙ³gá!4Ö?qâ<œ9s¦­­-‚[…òÖÉ{÷î8::îرcĈÐdêcìÞ½›B¡lß¾ý¯¿þ²±±!‰±±±ø¯jÏGGG—––^¸páüùóo߾ŤZ†…]FFFQQqûöíþþþT*uâĉP½m,NŸ>mhh(''RQQÓP"âì쬪ªŠ/üÏÌêÕ«ÿþû/‚ Ðq¾}ûðoÙ¼y³´´4ö êÁêF®X±A††EEʼn'BMK'''YYÙŠŠ AÊÊÊÔÔÔ,,,àíð)))KKKÞG÷ª'†“===‰D¢]hhèŒ3DEEoÞ¼ /)++Oš4‰H$Ž?þÊ•+aË–-¨þþþ¢¢¢°:ʼn§pqw¸Ç~ÑŽ?^SS öüùsÀÅ‹‘••]¿~=Ò“²SoK‚ ,‹L&ûúúòJþ30€Ã ƒwïÞ!ÒÞÞ®¦¦fff†jÑ;v PPP€ ˆ­­-63‚”••IJJ.[¶Œ7AÖ¯_O"‘ÊËËáaee%…BÙµk‚ »wï&555ðÒåË—'OžÌb±ðŸ.+++++[WW/mÛ¶D"A½F¬¾/ìÊ?~«««›0aì´a©ªª"‰[·n…‡X&q$çJ&γ°Ã [[ÛaƵ¶¶ÂÊŠ *• ;.«V­DEEÁKÐfN‡ðâææfjjÊf³…ÉFðá‚ Û·oçº %ÐáÄ™3gôõõÑÔÔŒ‰‰áNp©à÷#Ý'ìíí¹Ú9. úP||<ö¤™™¼«ÛáÄÊ•+ç΋tg;ñ°··Ÿ:u*ö?ÅÅÅX¥^6›½mÛ6@II ‚ ’’’°r¨««SPP°³³CCâÛN|;ÀáD`` zfòäÉRRR­­­T*U¾‡Õ¬…°u)~…ÌÅ„ \\\º•„ÅbA÷Ó§Oó^UQQtÒ¥¡¡ãéèè Cp«P®:¹®®N\\|Á‚è£á2 ìñ`;sžžžØ÷Ó-p\íããC¥R%$$H$™LÆÚA R-ßÙÙ ÏÀ……7n ÿm,°ÞüJx¸}ûvÀç(¦ÿØ0™L #FTVV6Ì‚ƒÙ®[æΫ­­=ÝĽ|ùAuëÖ„‡BÕV´ö+))ÑÓÓ#AQQŽŽ‰ÄÕ4=š÷ѽê‰ñËÆp®=44žçp8S¦L‚ ÊÊÊáÑ£GðÐÜÜk¥3bÄ8Xʼn¿pqqàÀ2™ŒÚ¶áDû矲³³á%???IIÉ––DàáDoKdÔ¨QcÇŽå•üg`m'<<<† ¿hiiéÂ… ™L&ƒÁ`03gÎÀ&@^^~ÆŒ𿪪ª™™ìˆsň2eŠ´´4ŒGJJÊØØÆçT–,YßÖÖæââ’””$""ÒãÓíííåääà}}}¨g•yyyQQÑ={öœ?þýû÷rrrOŸ>577ç 6lØ°éÓ§ÇÄÄÀÃË—/ËÉÉAëXɹ’)ȳØlöýû÷§L™‚êœ(++ëë맥¥ÁCæìì ÿëèèH¤nµ³.^¼÷÷ß“H¤î¿¢¯Ä¤I“"""°š6---AAA\î_¡bÌ»wïlll¾¸˜ÿ£ªªêæ͛˗/Ç 3tèP+qHWWWNNŽ††F·á?|øeffÖϲòçôéÓ‰‰‰èaWWjC/HOž<‰õK"‘`ø>À3PKJNNîÌ™3·nÝ ë÷$|°*—ÖÖÖMMMoß¾}zÉ’%¡¡¡zzzŠŠŠ+W®„u)°›âàà0oÞ< …"&&—­?üÂÅE~~>Ö'Z999(IZZZEEØNoK5†ùÙùÏ\¸paÊ”)¼çX›i@ccc·»ÉR( …âààpðàAìytfÅÏϺ8¸ÿþÙ³ggÍš•››ÛãÓ{œ]€XZZ>~ü¸²²2>>þòåË~~~z/Æâèè(!!óñãG:îîî.ˆä½}œœÀº¯^½>|8¿Dñ6E%%% #00ëöV 4òµ––¾}û¶§§§¦¦&…Béììœ>}ú“'Ox¿‹‹‹ËíÛ·]\\¾Šœ(p#>|˜Á`L:•H$¶··«¨¨Ü»w[ÞáB%@ÐÓÓ›3gζmÛà ÿË°ÿþ††]]] …ÒÐаyóft•Oš˜˜œ={ÖÇÇÇßß_^^¾¹¹ù—_~¹ÿ~·n 8°páBìbì·‚ UUUÊÊÊðjãÀ¦×ÆÆFZZ:::šH$–——£öaé±BFöÇØZš°†‡‡/_¾Ç@yêÔ©T*õÑ£G=Z³fžžž‚‚BRRRBBT¯í± Å ]UUºËty 2dHDDÄñãÇ?~|óæ͈ˆˆÌÌL¨«ÍØ%šãëêꊈˆ|øð¡·Õ2¶gYSSÓÐЀÓƒtÛPB “ºº:¿ÕB!€/^ܺu‹F£…‡‡¯[·®GWÇ¿{÷.“ÉD¿]UU•˜˜\1èììÜ·oF+**º|ù2œ¼€[—B ÈŠ+BCCcbb|}}¥¤¤`¥ººZº¿èñËÆ’’’yyy\keÝ&\RRÒÁÁ!&&&((èÊ•+Ë–-ƒ]œHð ۧǗmÉ’%óæÍËÏÏ¿|ù²––VoW¹ûP²uuuŸãuêûf 4¨¸4Òà˜*«A^¿~=mÚ´ôôtAlmmÅÄÄP³f‹¥ªª õíx5Û Q­5AºººÜÜÜ ÊiHHVá¶Ð‘‘‘øO—••ÅÞuýúuðIi«ï›œœlee…z[ïêêRWWwttì6ùîîºÞÞÞ†††‚HΕLœga•ödee'Mš„FÈ`0H$ÒÊ•+a°#F`E"“ÉÐy?–ÖÖÖ7`väÈ‘7oÞôÁW´‚N§?}ú´Góßï‹ŽŽŽÌÌ̪ªª¯-H÷0™Ì/^ðúZ¶¶¶ÜÜÜ´´4Tõö‡ÚN vY‚¸¸¸HKK£»p¬\¹rĈ¾¾¾JJJ¨Z9¶.ů±tvvŠ‹‹/\¸=³mÛ6"‘—¶zÄÊÊ º„‚ªá®®®666d2ùáÇ0NÊU'Cmƒ¢a·/77·³³ÓÎÎîöíÛè%¸°€ÿé™L¦¤¤¤µµ5z>âÔ©S‚WËPÃzÓ‚À¹Ø[·n!ü5¼ù5”ððàÁƒd2¹££ÿÝþ´´··ëêêjiiåä䈉‰A?+ø\»v €Í!è›7o&‰ÉÉÉfff222°J„®±=ŠÞK4«suuUPP`0ðÜáñÂ… ¼¼'†“÷ìÙþëbú«„¥[YYÙÛÛûлwï W¥ÂÂBx'œÂÅ›¢… R©T´bÁ—­££CFF&00pèСXÚNô¶dALLL°7þT|‰á‚ ...rrr‰‰‰mmmW®\Ñ××9r$´ƒsEp]¯®®ÎÃÃL&gffvÔ„Û»w/ƒÁÈÌÌtss#‰ÐðôÆ¢¢¢ñññ]]]?~ôòò"‘H°!Áy:ÎpnDzøðẺºÖÖÖÁƒûùùµ··³X¬¸¸8€Í X ’.F;räˆ ’s%çYØ|¼oß>‰ÞÚÚZSSãææ&"" ¹Np'<„¦ØB„áN(((Ü¿¿®®îâÅ‹T*588 ðäÉXû '±u)‚[!s1mÚ4¬g'cccCCÃ3ÿëë Khh(@@+ÌÓ§O$%%ÑŽ>NÊU'wuu)))¥¦¦¶··_¿~]ZZm)-Zdll\YY‰ HII‰¶¶6j‹9mÚ´_ýµ[ñvíÚ%""âïï_\\=fÌeeeh*Š§Z†°oß¾ªªªÌÌL===.ÿ3‚lܸ‘F£eff¶¶¶â4”‚xyy3¦[… âããC `Æ€ûÆðÛì ¥££CCCCMMíÑ£Gt:ÝËË‹J¥>}úA¸¡õš5kyó樨(a~øðAQQQEE%<<üýû÷wîÜ7nœ¬¬,ô—œœ,""²`Á‚ââ⬬,===CCCÞœƒô²'Æ/744ÈÉÉM:µ¢¢¢¶¶vïÞ½4 “ð'Øl6´‘333COâD‚_¸¸8yò$øäÙ¢GÙñòò¢ÑhD"¦ "àp¢·% ž2dÈÎ;»Í ?<_h8ÑÐÐ0wî\ðiýzêÔ©¯_¿†—lmmQCœ‘#G¢þºý؇¢R©0eeetZ…Ífщ¸¸8‘HG#á<g8Áb±àâÚµk £R©$ jÏ;—ßNWW—ªª*…BAFáKΛL~ÏÂæãÎÎN¸a \æ“••E½c ‡B„Ο?O&“ÿüóO¨,D V­Z…úB¤««kĈ눫.Å©¹Ø³gFƒÿ™Lf·Ú¡XwXàŽnnnðÚGÂ' 8U(oüöí[hC † råÊ´¥ÈÍÍ…ÚzPmCSSÝÿ›F£¡[zsÑÑÑû¦0:::yyy¼ÁzN@·ã0}}}Ôy ¶±HIIJ\?Æi(™>}:úÆ„pñèÑ#"‘ˆúvãp8&&&Я=eee¨¨´´4\I€N¢TTTÐu†ýû÷þúë/Až={†5¸RSSÃz’üçŸP«¤Q£Fñ W=1œlœžžjôÞ†®Fò'ûNr¹\ɧpqXîܹ#H´È'o3gÎÄF"àp¢·% ¾^Àõë×»ý?<ä ÝVVV(**Ž3=igg×ÜÜüøñãšššêêê±cÇöOsssvv6‰D?~<—RraaaIIÉ AƒÆŒƒ5Gæ÷ô©©©‘’’ÔÕÕ½~ýìy\LÝÿÀÏÌÔ´ïÚJ{)$!TˆöB %%BEòàÉC{¾ö5’žzÈVJÉIû¾h_”Jû4ÓÌýýq~îë>35-Ú<îûyÝ{î¹çž{çÞsÎçœÏ’ÛÑÑ¡¢¢28õ865g¢Ÿ×ª¯¯ÏÌÌ”PSSC½àààà +]]]ééé***p* 3ÔŽmKAÿäÚÚÚñãÇGGGeí1ô¿ ¥ÓéYYY4MWW—)gWWWVVVMMŒŒÌ¤I“Уµµµ^^^wîÜé­ÌÆÆÆÌÌL™‰'öÓŠ¯G²³³¹¹¹Ùô VŽ#{ì(ëêêää䢢¢°v±8CEAAASSÓ´iÓúéG‘Á`ää䔕•ÉÊÊÂàQØ£T*599YZZZQQq 5éíÓëí5twwçääÔÕÕikk£ž6 ›BØ|\LÌŸ?_]]ëoHêÖú² ;¬ÏŸ?³ÝýWQq¢GPqbt«ƒƒƒƒóƒª««GDD  Î?ˆ——Wii)TýéX¼xñš5kШÞcœ¼zõêÅ‹£]œ^ILL433+++íºü AtttÜÝÝaà¯_\œÀÁÁÁÁùQ(Êüùó‹ŠŠÙ¸]mmmÚÚÚ=Âú£üYÈÉÉÑÔÔíZô‹ÖÖV•øøx Ñ® ;6mÚ$%%Õgt—æÁƒ‡JJJú‘eÆŸš‘pËžµkײ‰À‚ƒó‹C£ÑŠŠŠäääX=iþÔ”——Ôßè/Ëæ9pppÌž=ÛÇÇÇÒÒr¨d ??DD“3ñŸ…ŸE–|ýúõƸ,3ö9zô(kÔËQG@@àÎ;¿¬,Àð8ŠÅÁÁa"&&fóæÍÖÖÖ>>>L6úX„……oܸ·[[[×­[G&“ ‘HÔÑѹwïšsݺu<<<§OŸÆžž““ÃÃÃâð|GPPpéÒ¥‘‘‘CuGnnn7oÞDäË—/^,ôæoAëׯ£qèeee=<ÆRXXÈZCèWdýúõXÏ’lžCee%öt!!!ƒÃ‡C×"LW‘——ß±cGoÖÌ888888ÃÍè¯Nààü版ˆX±b…›››Appð“'O233{ÌÙÙÙ ƒ²3 “ööö˜˜ƒüüüààà+VpssC­t*•Ê`0îÞ½»mÛ6ôôÐÐP:ŽNåR(@kkë³gÏlmm£££¡±ìpîܹ‹/ÂhA4­¤¤{ôéÓ§|||K—.e=ñÈ‘#þŒfÐÐа²²’’’‚»ºººX?È‚hkkïرão'##CNNNKK p%88X__ë­¥¢¢‚——÷Ê•+ØÄ .ppp|ùòA“'O¢•‡|þü™D"!âïﯩ©ùƒ•gOPP‚‚\€AˆÃÃñ´´„ãxAÂÂÂøùù{Œ“PPPÈÊÊê±ðU«V-\¸éÇs€Y_¿~Í````aa^%99=”““Ãæ¥ÂÁÁÁÁÁV~a5/œ‘‚ŸŸßÊÊ nKIIñòò¦§§³?%44tùòå222ØÄèèhc2nÜ8###襕•UZZjaaÑ[™íííªªªƒ¼ +V¬8wî\š`¢¬¬lÇŽwîÜéÑSÞãÇÉd²³³36ÑÕÕµ¡¡ALL¬Ç˵´´ÐéôñãÇÿHû€€@cccSS ¶¶¶££Z5Ã<ÅÅÅãÆCý¾‚A<À·oߘ=PòòòH$ô¿Ž3¦ ÓéUUU£] œáe¤•jkk)Joâà(**aÓ ?~411‰ŠŠš={öh×g4 ƒ‚öùY>±á`¤Å Ÿ÷ïßÃx¥CŤI“¼½½á(mLÁ`0ÚÛÛétúhWgLŸŸïîŸÙg졶¶6Ô¢´´LíììÌÌ̬¬¬„‘8K—.uww/,,TQQ¹ÿ¾¿¿[[¶œäää/_¾ˆD¢¢¢bBB´t>|ñâEJJJG?|ø€®–°¿)ÀÙ³g[[[™™™‡†!Š) *}}ýúµ¨¨hÁ‚èPŒŸŸßÌÌ [æÐÆ-ÊÎÎNIIÑÑÑ™1cFkkëÓ§O‹‹‹•••ãââš››ŒŒDEE«ªª.]ºdccÓ[!³gÏÆÖŠU¸êÏs¼|ù2-- ÐÙÙ™­¨¨(((ˆžCSóððØÚÚîÛ·oî¿/DDDŒ‡Ö^eòþ¨»»ÛæŸ={VII) €5ž7SÎŽŽ…M›6ÁÝšššçÏŸ¯[·®££cóæÍ}^éŸÃ÷1ÛW2ahh¨¬¬<Úµ`¦½½}êÔ©«V­P©Ô¼¼¼§OŸ†……±Ÿ£yöì™……Å„ &L˜påÊ•™3g>}úçÈž¢¢"ggg¦VÝÅÅ%((H__¿³³óÀ'OžÜ±cÇÐÖ™øƾ}ûöÂ… [¶lAÓi4Z{{{Þ@6¯_WWW{{ûîÝ»™¤îÞf¦Æ,?Ë'6,Œ°rÕš5kTUU‡¶Lnnî½{÷m™CBo!Üq~5 Æ_ýÅÃÃãîîÞÔÔÄ&'j;¡¯¯ohhÈtF˜ª¬¬Dä·ß~[¹r%‚ fffLKKãããkoo¿qãÛ‰DBBbÍš5***fff/^DÚØØlܸ‘ÍéP(b2ADTT4 éÉvâСC€ÒÒRdDl'–-[6kÖ,tWUUÕ××·££ƒ››ÖA8ÄOIIa=½Ÿ¶}>VÛ‰ììl‰tìØ1¤'Û œÁ1äý´¤þü9Ü•••Ý´iSrJJJBÔÎÎΉ'ª¨¨ôyÑ·oß222úÌ9fûÊŸ"‘¸jÕ*lJmmí”)SøùùÙ8ëkjj’‘‘±µµ¥Óé‚$''“ÉdÔ”Ž=T*uÚ´iPzG?~ ¸uëÜÝ¿?àãÇCXç¹rå @EEEPPÛvy{{«©©Mž<ÙÛÛNÅmÙ²%66¶ªªÊÜÜ<;;;//ÏÜܼ  Àßß_CC£»»{ñâÅX·-OŸ>577ïè耻999ÖÖÖ222&&&'Ožljjª®®677§R©!!!+W®œ:ujݺuh ­­­æææÐE1ëåÍÍÍS§N6mš··7Ô™î‘ÐÐйs犋‹ëéé}Êtî‹/ÌÍÍ?}ú„¦¤¥¥™››ãÁû~Ž;vâĉ„„„sçÎõ3–çìÙ³?|ø'­Q¢¢¢Xs:::††††††Z[[·c+++–––––ÖÞÞ^SSƒº¨ªªªzôè“=Pg)66›˜œœÜØØØÛ)7nÀô››;}úttwæÌ™)))eee M×ÒÒìm‰¦? â9hjjΙ3Úñ"YYYöööp:Ÿ}Ó×Ñѱ}ûvuuuuuuoooÔXhÍš5·oß~ô葱±ñƒ@ïpzzº¹¹yVVÖÞ½{§L™bggóíÛ7 8®B¹|ùòüùóÕÔÔV¯^ýáÃ4ÝÑÑ1,,,,,ÌÔÔTMMmùòå555€¥?½t[ƒ£±±ÑÞÞ¾¡¡!66ÖÞÞ~kÔÜÜÜšššeee=½y󦹹¹Á®]»š››±‡·mÛ¦­­={öìÝ»wÃ/”µ¯D$((hùòå'N´³³;qⶵÉÍÍ]±bÅÔ©SÝÝÝ333===áÓî±íñŠ`àÿ ʺuënܸ·‡ðOr$%%=ÚÖÖvöìÙÞòM¥R±î™(,,\ºt©‚‚ÂĉáÚ8ëë7 ®^½ºiÓ&¸PãââøòåËáÇMLL4446lØð÷ßcóß½{wáÂ…³gÏ>xð`FFÆš5k &á¹sç6lØ••åä䤥¥µyóæÊÊÊwïÞYYY©ªª.[¶¬ºº-$99ÙÞÞ^UUÕÜÜŠRÞÚ½¼ÇÿÃ"NdffΚ5«¤¤d÷îÝp1eÊ ž9sæ 677GEE¹¸¸8p@YY™@ <þ»î\^^¬ŒŒ }}ýšš??¿•+W¢ˆD¢¼¼¼¼ôË—/ѨTjTTTee%€õrMMMS§N½uë–‘‘‘]xxøÌ™3áÛÏÄÉ“'—/_®¡¡qêÔ©ùóçûúú®]»ÊÎÎ 544Ý°aCuuõâÅ‹‹ŠŠ°§ëêê¾xñ"88M ~ùò¥®®îÐ=uœ±ËÅ‹·nÝ*((˜ÿoß¾±?eß¾}"""öööÐkvvöž={˜|¤Bììì ._¾ìàà0,µÇpýúõ ïLš4iñâÅçÏŸ‡‡bbbÄÅÅágØ3gÎ\±b…Oll,Fƒ–/_Î&B”¾Ð…BIÿ7ЩÑPahhššš ÈËËûçŸLLL”••%$$¾|ùB§Ó/_¾ÜÑÑÁÆ *//©’èœdÏ $$Ä$^ŽôÉ“'†††ÙÙÙ6lPQQqww‡[ ÷vïïñ¿Àp,y:tˆ@ @‡‚Ü»wÏÈÈ~Â..C] ]]Ýšš˜ÂËË‹Õ͸xñ" ¹¹A333999TQäÈ‘#€êêjäß«KNNNh /A¾~ý ¸víZ—Û¶m‰D*++ƒ»d2ùàÁƒL·óåËèÛ©# IDAT~~~¬ǹsçÀwUWWW@hh(<”‘‘€sXe'+++999è€A{{ûA=]œŸŒòòrÖïŽ)ü ªì„ Hjj*œçãã#‘H3fÌ(((““cRvBÄÚÚZ@@ ³³AaUv²hÑ"¬£Øß~ûÍÎήϳ¾}ûæêêJ$Éd2''§‚‚BppðŽ;zSvBDXXØÉÉ AÖ')//?„7ÕÜܼzõjaaa`…@äÍ›7&&&\\\"""¼¼¼èÄDo«(ïß¿G0ÊN}>‡ź¸¸HKK·´´Œ¢²œ:}ûö-¶éƒrïÓ§Oá¡ÂÂB"‘ø¿ÿýAyyy±i„áµV¯^ Á¥¹©S§Â]غ«¿yó€j£Ñét¸+&&&&&†ªvìÝ»—D"ÁÛ±é¶ú«²So~™Y•´´´Î}ÇÃÃz` d:±¾¾ž——wùòåp—F£AçPÙéÌ™3222¨›f8ow±}¥‰‰ÉúõëÑb×­['..·ÍÌÌ”””`Ï‹ Èÿþ÷?À_ý…ôÔ²¹bÿÿA&ÄÄĶmÛ† ÑŸ2T°*A455544z;kÉ’%jjjØ”cÇŽï*‘!..níÚµ|||………0O}}½ŒŒÌñãÇùóÏ?Ñ¡ZWW‰DÚ·o¶@}}ýÞ*Ðgƒ‚‚1110~;²²²èXÎÐçççÓh´I“&M˜0šL`•,--eddP'Úååå\\\p·Oe'%%¥‰ àQOOO€——lËËË?~ R(11±Í›7#R[[ çÐÇ]!ß›¬GÁ£P4…/6‚ ^^^œœœ]]] EQQÑÐÐ}pÈ———‡°m÷Øßãža1Å?~<‚ kÖ¬ñöö644ttttttì-ó† ú4¦ìîîŽýí·ßPE‘­[·š˜˜`ݧôìå"""LLLDDD ä*$$¤¯¯½wï^ì)¯^½jkk³´´DS¬¬¬¶lÙòþý{8CÉÏÏ µššš$‰uT±jÕªÇøðaÆŒIIIååå°ÆùÏÇ»ýÌŒ]ÊŸ>>###˜N$ÍÍÍãããËËË{sÏÍÁÁqõêÕY³fùùùAÑÒÝÝíèèˆ.§ÈËËëèè$&&ö³VfffXSlìS%‘H^^^d2 5ÄÚÛÛËÊÊ’’’:::àó|ýúuGGªñN&“7lØ_u:–cz!544h4ZUUU]]]II‰··7j½,FGG«©©þ ù~A†EœXµjUMMÍùóçMMM¹¹¹wîÜ eDVØø¶ƒjN€ŠŠŠîînô///VŹ7X5VÑËQ(”ÊÊÊŠŠ ¦‘S€þ決 d2®ÝDEEÑC$‰H$²^×ÆÆFPP0,,lÆŒaaa"""lâàà HKKKKKv-†~~~è€ulÂÉÉÙãjõ¸qãÐQé0ÆŸCŸôÖô}þüYKK «áƒUìP#Œ¾üPõœIùŠU………T*•ÕßkCCõb½™Á Ú¹  ¨Û.\Ø£ Ÿ?`+†NÓÒÒrþüùË—/—••ñòòb;M&²³³BBB:::¤¥¥Qaö¶Øè4\\\Lîà°½vŸWìÏ?Ø£þ§ôIwwwII ª'ÆŠ¨¨(Öl|Ÿ- Ïü±råJTæúõë±±±ÏŸ?‡–3P3¶´´”‡‡~q褤±±Š(ƒ¨sqqñŒ3°ƒxèL©²²’M´ww÷€€tP^^ÞÝÝÍäµVEE%>>¾Ÿ;v쓤„"&&†íÃÃÃÏ;÷òåK"‘¨««‹ÖêcýA1Ån’””DÛ%øB2ùC¾‡šuwwwwwÇBmÛú3äû.Sì;w–””$''ïÛ·¯°°ÐÌÌ,//o … óPØ…šK:^__:kï ønõ™L&“Éÿ+ÈBàû][[‹¦ÀÞ }M±>˜!¬M$Ï’%K`„Ý¿ÿþÛÁÁöj8888?)½5}<<<ØæÐØØÈäìô¯f½+‚‚‚¥¥¥Lå câþ†¨Ûnàš<646&æ‰'öîÝëããSRRÒÚÚŠš6±booÿúõkh S]].w@ÑZ«CZZZ˜þM,}^±Ÿ¿7ÆøŸòôéÓ¦¦&6“›²²²uuuØ—¿ªªŠ‡‡ ºT*õèÑ£üüü………÷î݃ÒÒÒ:;;çÌ™£¨¨¨¨¨xêÔ)€¢¢¢““Ÿ)Qª««ûô<Þ[ùùù±ÿ5º%`…³âïï/%%µiÓ&4®)±–†º5*233íííeee?}úÔÞÞž’’2nÜ8($À lÐð£þ¼°[·n1µ'è]†|¿ Ã"N>|ØÇLJ@ èééíÙ³'$$„F£õGïBDDÊ5o’’’’ÀʸçÏŸ—`5›nhh@ÿZ6RD"QCCãÍ›7rß‘••Ý½{7V!×d±nX Òç@§W­ZUVVvñâÅÒÒRÖ%lœÿºººÅÅÅèúmyy¹””¥ÿ0{´´´Z[[+++Ñrž¸$%%ÅÄÄ°ž©ÚÚÚ²²²ôôôúY·~rëÖ-ž‹/N:•››»©© zÀìhíùóç-_KK ðéÓ'´=ikksrrSrìdXÄ mmí3gμxñAæææ   ‰4eÊ€˜˜XuuuJJJgg'ë‰zzzÿüóÏÿþ÷¿üüüÝ»wcýíÞ½;))éòåËGŽ111‘““Œ7îÓ§OP^×ÓÓkmmuvvÎÉÉùûï¿8Àƥƾ}ûª««9ÒÖÖ–’’²zõêÖh¯&&&úúúÉÉÉt:===ý?þÐ××è’+´pòññQVV†ž"ÓÒÒfÍšÕo8888cOOO2™ìééYYY™ššºiÓ&2™¼dÉÖœýl„Ùãêê:nܸýû÷WTTÔ××9rÄÛÛ[QQ±Ï™HlĦÛ:uêÔ¬Y³° Ô£ˆ©©©žž^@@@bbbWW×Ç¡'tÈôéÓ?~üXPPÐÜÜúûï¿ZZZà` í+544øùùŸì¯øƒ°ùSF…âââÀÀÀÀÀÀ«W¯îÛ·OOO¯¤¤$22’MlP eeå-[¶¼zõªªªÊÝݽ¢¢š%&&;vlóæ͆††6lHHH¨b€jQªªªpšßÝݽ¡¡ÁÅÅ¥¸¸855uíÚµ“'OF Zç;vprrnß¾½®®ŽB¡EEEy{{÷G·±±Yºt)Ö·|s®^½ÚÙÙYWWçêêJ  8þ=Tû`ü¾ÈÈÈ®®®?ZYY‰ÄÖÖVAŒõõõ>|öìÙôôt__߈ˆˆ–¯¬¬ìèèxçΗ/_°ªŽŽŽ¥¥¥lTQ†êJ†Ã¾»»»Jä¼¼¼D"‘——÷Â… ðÐÛ·oá'ñêÕ+Ö(o999PBàää477ß=;uwwïÞ½mÔŒŒŒÐ@*äææ–””D„B¡ ‹¶ÚÚÚ$ ëÙ‰)¨Ü©S§¸¸¸ È!//Òã•””À•AøB§R‚¸ººb}I!ÂÉÉ MûY¯¿«#GŽÀÝ„„ M…ƒƒƒ3ÆaòìÔ[Ó‡ HTTjg"++‹ºa‘——wwwÇžÕ[# ¯…Æç‚ÆŽ÷î݃»ÐmKß¿¯¤¤ \\\Û·oG} ‰‰‰aý›Á`ж?bÓmA·3p”=?âÙ‰)Œ>þ G6A\\Æ¡‡w”œœ —/‚††FJJ œ†®´°}åéÓ§EEE‰D"‰DrttŒ–@„F£ùùùAk …°°0ž³gÏ"=ujl®8  êى͟2ò0ÉTÚÚÚÐi{JKKQm~®­­MYYYAAŽƒ‘ïÑ-/]ºÄt:ôc‰MÁzUWW/))ù‘:ÿóÏ?"""pxC vïÞÝÝÝÍZêÙ ›X]] £ìAÏNT*uûöíèHILL,::ÍŒ}ý˜`ÆÎÓÓ¾™*•jccÃÁÁA$.\¸àïïO$·lÙ‚ HEE…µµ5'''ÇÌ™3¡ö¬S“c¤¢î›àâOqq1‚ pú¶KóæÍËÍÍ…ÙØ·{lîñ?6•¯‚‚‚ââb>>>mmm¬å ƒÁ¨©©‘‘‘éqÝA¢¢"111ì)(mmmyyy’’’¨ÇHkk+FCOùúõë·oߘ,lz£¥¥%--D"M›6‹‹«·l°beeejjjLWï?W®\Ù²eKee¥„„ÄàJÀùÅ©«««©©QRRb£à祹¹¹ººZUUu@š*c²²2*•:qâDÖ™]*•ZRR"%%{âÿ*t:=//H$*++cm=Yég#Ìžîîœºº:mmí>½¢0õG½u[c :ž••E£Ñ°v¨(ÂÂÂP_AÂÂB%%%ðï¾’J¥¦¤¤hiiÁƤµµµ©© «åÒÚÚ* ÐÚÚ*((øòåKÔÿ+l®øãü, { ššš¦M›6$-•JMNN–––ÕDotvvfffR©TÞÜÖõŸúúúÌÌL 555¦—“i¨ö#|ùò¥ººZGG>ÏÊÊJ´E¥R© ƒ››ûÆ»wïî1žXŸTTTäååIKKC¹Ÿ á=þdŒª0ókÁ`0ôôôÐX8¿¥¥¥GŽ±¶¶öðð@Ö°TVVòô„°°0Ì }×ÀÖsÅŠ_¿~…‡ Ðü‚‚‚K—.ŒŒ¦9~ü¸èÏAÔÔT__ßõë×£³¬öxfBˆH$Šˆˆ888|úôiäo•[±bÅÕ«WÑ'Œ Èýû÷׬Y³iÓ¦°/áÏ?ÿ„ŽVßêÕ«Ñ HA ÷"‘ÈÉÉ9gθvŠ°<yyù;v SbØ'€§Üpp† ‹ùó磻§N‚Q_G±J88ý¡ººZ\\†¸A„J¥Î;öƒ3¬ —g'&vìØ¡««›““³o߾Ѯ ÎHÓÚÚ:wîÜŒŒŒE‹½|ùÃE\\üÅwÔÕÕçÏŸ·ax‡‡š™™­X±âË—/--->>p{úôéT*5!!ÁÎÎn@…‹ŠŠÙÙÙÁpEòòò¬‘ ÃwƒMMM¢¢¢µµµòòòmmm00*ÀÄÄ„B¡@‚X‚ƒƒUTT/^ŒMTQQ±¶¶~ôèÑŽ;DEEß¾}ûêÕ+4,ôË—/{«L^^‰D‚Æ88#Éĉ'Nœèêê:ÚÁÁ$ÉÐÐ:ÏÄIpqgxA¤¨¨()) UTTܱcµ?À LÑdX£ÕÜÜÜ@}}ýÇ;;;—-[6µÿ7EEEÕÕÕ ‚‚‚µµµ+W® ‚AšÐªÒÒÒLÁŒ°¸ººÂP\9sæìÙ³páÂ…5kÖÈÊÊNš4iöìÙÖÖÖ .Dí˜Gæ­­­,X ¢¢¢§§÷úõëµk×N›6B¡H¤”” *Yåää°ŠEEE؈Î(êêê䧧ç«W¯ŒŒŒ¤¥¥çÎkbb²|ùr¬AvTTTAA‚ yyyÁÁÁ¦¦¦’’’ðPXXXFFšÓÍÍÍÆÆf¨΀ÁÅ œá¥¶¶¶³³óÁƒ?~?~ü™3g\]]'OžÌ&*ÜÜÜàßÂ+ÉÉÉÐy‘HTTTLHH`ã }ÐpqqY[[Ÿ9sFXX8..náÂ…ÚÚÚ¦¦¦à{èzˆ˜˜ï%³gÏÆ:ÞA](.X° ²²òåË—111ÏŸ?¿pႶ¶ö«W¯ …ÀÈÜ`vvvJJŠŽŽÎŒ3Z[[Ÿ>}Z\\ ÝÆïܹ3;;›››ûîÝ»¼¼¼=ú?éîîî1½¢¢†Œ{ýúuaaadddBB‚‡‡‡——WDDÄÂ… aΘ“‡‡ÇÖÖkj%//u­3ä±fûN¯­­Å ŒYÚÛÛ)Êp¼™8888cšÑÖ¶ÂÁùÝ«£ÑEètº„„ÄÉ“'ÙœÂd;µê333±y¨TêªU« Zóh)ÖÛØØÌ›7¯¤¤€U°„6L°±hllLJJ¦$%%‘H$è–~ÄnpÙ²e³fÍBwUUU}}}a0—/_^¶l™‹‹ËÛ·o988*++YOß¼yó”)SXÓ¥¤¤lmmIJJÂzÈillÔ×ן:u*Ò“í–±c;qûöm(ßöh=2f),,Äúéê?Û·oWWWïON`gg7ˆ«Œmmmùùù]]]:K^^~Œ¼#Fuu5_pp0Ó¡ªª*~~~>>¾ÐÐÐÞNÿüùó©S§<<@FF†oòäÉçÎálnn^½zµ°°ð¸q㎎ŽPäÕ«WS§NÕÔÔäáá±³³£Ñh½•ÐÙÙéææÆÁÁA$¹¸¸¸¸¸ÜÜÜЊB¡lØ°H$ 7NFFÆÙÙv·c_œhhhXºt)77÷ĉ—.]ÚÝÝ}åÊ•7®[·nÆ ‚ÔÖÖúûû«««¯_¿>,, [Â;wLMM ÿüóÏôôôÕ«WùòA³gÏ®_¿>33síÚµšššnnnoß¾µ´´TQQ±··ÇF~üöíÛÖ­[§L™¢§§çåå…º$>{öìÖ­[ UTT,XeѪª*333"‘8qâD(²)A¶¶6ooossók×®mÛ¶­OqâñãÇÆÆÆ##££Gæææš™™åçç:tH]]¾-ïÞ½óððÐÒÒ244ôññÉÈÈ@OïèèðññÑ××_²dɽ{÷BBBöíÛ988ݽ{×ÔÔtúôéGe0:::¿ÿþ;S!—.]š7ožªªêªU«à7…rÿþýû÷ï/X°@UUÕÑÑ~¡÷îÝ›:u*ÀÐÐë£%99ÙËËKUUUWW×ËË«³³¦;99"rãÆ 3rrr`¶?.]ºTEEÅÌÌìòåËìŸáÍýüü888ÐГ‚TTTÿÞ†æ7nܤ¦¦¢)sçΕ——g07n´³³knn†éOŸ>µ²²Š¥Ñh|||Ø9‹´´4lo-,,TTTÐCµµµ€½f¨ÎK–,‘——WRRZ·n"³Ç—™Í烅½8ÁÚz0Œ7n8::*))ÙÚÚ?~¼¥¥Í?¬­GZZš™™YYYÙîÝ»§L™2uêÔýû÷3 ÖÖƒN§‡††._¾\NNnîܹ!!!=ÞÝ/.NààŒ•••©©©h—<h4ZNN ñ6„(mmm©©©¬DYYôJ4h ÆçÏŸ˜æÒF*•úþýûòòr¦ôÂÂB¸xÒ' %99955µGƒ¯_¿¾}û6??ê:‚´¶¶úûû úûûÓétOO¤æ6 IDATO999%%%IIÉ'N 2eÊqqq//¯+W®@ÇS¨DqôèQ€¯¯¯ŒŒŒœœFUwuu–’’Z¹r¥““‡†††°°°ƒƒƒ···¡¡!,¤±±QIIIHHhûöíœ0a‚ššú¸ººJHHHHH¸¹¹=zTSS“L&666úûûsppŸ>}š}!4múôé¼¼¼žžžîîî<<<}ŠIIIÐWÛ¦M›ÂÂÂÞ¿˜;w.''§••Uwwwff&77÷”)SNŸ>}äÈ555aaáoß¾!ÒÝÝm`` ""âæææììL&“åää 9 ‚ bbbJJJRRR»ví200èééIIIyyyAÏfðŽqqq!‰VVV .äææ~ôèZˆººº´´ô¡C‡öìÙÃÃÃc``€ ÈÛ·o¡Þ–-[¢££™n*##ƒL&/Y²$00pãÆ"""¨0&&&¶mÛ6AþùçŸMßÙ¸q#///™L†ÿéãÇÉd²ººúÑ£G·nÝÊÁÁ†¦ùCóÓ§O/Z´ÈÔÔM?uê”   8Ó£8áëë+""‚MK uuu/^¼ 7nD¤±±QZZÚÀÀ »»»±±ñСCÙÙÙè)»FYYž‚"$$dllü#uÎÊʘ9sæ•+WŽ?®¬¬,%%aÖ—™ÍçÃ{q‚µõ8|ø0ÇÒ¥KwîÜI&“—-[3wëñâÅ €†††‘‘ÑÉ“'ííí'Oždm=:D&“÷íÛwéÒ% "‘Èhè—'pppppú‹¬¬,:êéé ðòò‚òmyy¹€€ÀãÇáQèãhóæÍ‚ÔÖÖòòòº¹¹ÁC]]]óæÍÃèð×ÙÙð×_Á]///NNNx‰mÛ¶‘H$TW°¢¢‚L&ÄÇÇ#rýúuðâÅ x¨¸¸ pWLLLBBÀ†~Ê‹‹a0ãÇ···GäÍ›7€€€˜N§›˜˜èèè …ˆ‰‰¡’ðÞ½{I$œ×`£ìtèÐ!'€¹wïž‘‘œœFÅ ,þù'àúõë‚P(EEECCCtñäܹs€¼¼¼>ŸäØÍO:uãÆ ‰TWWÓ V¯^ Wz'–,YÂôþ;v |÷HáááA âââÖ®]ËÇÇWXXØã¥uuuËËË»ººH$ºxÑ×××ÐÐø‘:[ZZÊÈÈtttÀ ååå\\\HO/3›Ï‡ (N())MÄEY„¥õ@ÄÄÄdýúõèéëÖ­GF¤õ€âIJeËÐ7V]]5ǶºººXáÍÅÅeÿþý¬÷þ ‚›bãàààà ‰äååE&“òòò---–––ííí999!!!]]]€×¯_wtt¬[·žE&“á- —¥¥%Üž0a`éÒ¥pWCCƒF£Á±QDD„‰‰‰ˆˆHkkkkk«¾¾~tt4ÌÉÏÏïàà·555I$Rúul çââBCÊÉÉY[[îÉlØ°uˆ¼uëÖªª*..®úúú?FFF¨T* ::ZAAJJJfffØrLMMQïÃãÇ×ÕÕ…‘ ‚ººzii)¼#2™¼xñbxGíííP`ccõ÷:::t::dcÃøñãY³fMlllgg§££ãË—/{³¿ˆˆøã?vìØsiii%%%+W®lkkƒU‚ý§~^ìììH$Rxx8 ¬¬ìÇè+×#UUUÐõ3Š¸¸8~GŽQUUupp¸yóæ©S§˜ ܹuëÖ¤I“*++#""äåå¿|ùB§ÓY „¥ ®ÎÝÝÝÑÑÑ&&&¨³oyyy¬K ìËÌþdÅÌÌÌ t,Á¶€¸¸¸k×®Ñéô²²²ØØØ”””‘l=ëÖ­#p{Ò¤IX× (ãÇùòåÞ½{¡@xåÊ•ôvï¿?“kœ1…˜˜Ö½Xxxø¹sç^¾|I$uuuѨípðŠÆÈÈÈ`Ë‘””D;rèuhE¡P*+++**˜‚{ ¡¡q„D"‰D:ÎTaö…|þüyÆŒXÇk²²²)))}?`ÐCHKKËùóç/_¾\VVÆËË«££ƒ*))aŠï.##SVV†îbƒ´‰DÖÇ(,,¤R©p …¥¡¡žŽ …Go}ºôYµjUMMÍùóçMMM¹¹¹wî܉Š=XÒÒÒÖ¬Y³hÑ¢ãÇÃ8swwwwwÇællldѱ°°ð¢E‹BCC]]]Ä…….\˜››Û[~QQÑOŸ>aSšššPºãááùã?V®\©¢¢ÂÛ´¨¨hõêÕIIIëÖ­;räÌßðŠŠ lÎÆÆF(¢ ®ÎåååÝÝÝsæÌÁž¢¢¢‚u⇾Ì}~ƒ¬;vŒIþAaj=²³³à4„´´´°°0L™Ö°|&=~#×®]óööð÷÷—””´µµÝ¿?„àâΙ™iooÿÛo¿}úôISSmÃn^@@PSSƒŠ‹‹±ç¢ž”Ù@&“Éd²­­íÉ“'±éè”9k!‹Wö…TVVbÓÓÓÓû¬XŸœ8qÂßßÿܹsæææ iiizzzð€€@uu56óçÏŸ±»l"B‚ï7(((( ™™É” ©ÞŸÇËÊÎ;½½½SRR¢££ÍÌÌ222ÔÕÕ±yêêêlmmåååïÝ»‡^þÝ·nÝ211Áf†é?;ŽŽŽkÖ¬©­­½ÿ¾:¹Þ#²²²Ïž=kkkãçç‡)UUU<<,X°@YY999º`‚ðññ 1½!ÕÕÕ³fÍtáX¿¦¦›?;;»Ç!rŸßà`ooÏ`0ÂÃçOŸ.**êëë{áÂ0R­G?Ë¿yóæ… ^½zõèÑ£›7o~úô)99¹÷÷WvÂÁÓÐh´ÜÜÜÖÖÖÑ®Nܺu‹‡‡çâÅ‹S§Nåæænjj*--…ã]8‹f~þüù@Ë'‰oÞ¼‘ûŽ¬¬ìîÝ»ƒƒƒ‡ª--­ââbtö·«« š%ü 7oÞ´µµuss›0a‘HÄ.w¨¨¨dgg£ƒ¹oß¾}üøq åkiiµ¶¶VVV¢7õäÉwwwö¢{>ìããC ôôôöìÙB£Ñ Â= •J…V‘‘‘BBBØú>}ú„Ö§­­ÍÉÉi .Æ&666d2ùèÑ£?~tttdŸ*á¼zõ Myøðá‚ à€ÞÏÏ/333**ÊÐÐÐÝÝ,׬Y###óîÝ;¬,±°°HIIikkƒ»©©©åå僮³¤¤¤˜˜4€´µµeee¡/–!ù{$)))//ÏÏÏÏÌÌ . ŸÉØi=h4šµµõÓ§OùøøÌÍÍ/\¸àîîž’’B£ÑZŸÿ¸8ƒ3„……­]»ÖÕÕõáÇl²‰ˆˆ@cP@[[›³³3??¿–––°°°®®nhh(šóìÙ³¼ddd-Z;v {ÔÀÀàôéÓhô#œ8qÂÓ,‘§§gNNNŸ…ìÚµ‹———éQ(**2… P¼¿ÁQYY¹~ýz¦Ä°°°k×®¡»_¾|ÁÞµŸŸ_E½xñ‚——·GŽØØXwww›Ý»wýú`bbÂÛOž<)**¦(((xzzŽý¡˜¾¾~gggdddWW×Ç­¬¬ˆDbkk+‚ ÆÆÆúúú‡>{ölzzº¯¯/tV3PöíÛW]]}äÈ‘¶¶¶”””Õ«W‡„„̘1£ÏÇ÷éÓ'8­Ë¦oooªªª––___¬ºÔáÇgÍš…$ôŸéÓ§üø±   ¹¹944ô÷ß@'˜Û·oçää\¶lÙóçÏããã/^ÜÒÒ2Ðò]]]Ç·ÿþŠŠŠúúú#GŽx{{+**ö9Û µ;âããá;‰E[[ûÌ™3ÐF¼¹¹9((ˆD"1nÝÜÜÞ½{·jÕªœœœ‡ß)//WVVvtt¼sçÎË—/)JXX˜££cii)VËëçE@@ÀÂÂâÌ™3¢¢¢óçÏgŸÙÂÂBYYyË–-¯^½ªªªrww¯¨¨Ø»w/ 11ñرc›7o644 ìèè€&ÐEž‘‘QHHH ¨4åîîÞÐÐàââR\\œššºvíÚÉ“'£¦ƒ«ó®]»¯^½ÚÙÙYWWçêêJ ¼½½{,jÐß {444øùùŸÜ¸qcܸqCâ¨QPPpÙ²ek¾“›› Ó Æýû÷Áw5l ÑhâââK–,Á¦KJJ?~›rëÖ­án£à¤)ô‚R\\¬¤¤]A¢££%$$лvwwï±4hÕÇêå6<<œL&oÛ¶íСCjjjÚÚÚ‚dff¾{÷îÝ»w^^^<<<ï¾ÓØØ ˆƒƒƒá?9oÞ<™ööö¡~†É³“„„zˆJ¥ÚØØÀ˜.\ð÷÷'‰[¶lA¤¢¢ÂÚÚš“““ƒƒcæÌ™0:8êãu„ h9‡ .V \Ý!rêÔ)...¨C%//ú}g*Ažnäyóæ¡mÅÏê% î¶FK@¾Ç…è-$\ii)ª÷/""#еµµ)+++((@yAhyréÒ¥ÞæË÷ìÙsÞ½{5›VWW/))ùÁ:S©ÔíÛ·ƒïšubbb¨ã`Ö—aûù`éÓQ,¶õ@äôéÓ¢¢¢D"‘D"9::ÆÇÇ Ã<ÃÝzÀÅl4Àß~û ýð±­GFF4R‚­„ŠŠ ‚‹88à FãççGÊׯ_çææî1‚'.]ºÄËË‹¿ƒ ˆ‰‰ÉüùóáöÉ“'¥¤¤°G?þL"‘‚‚‚ñ÷÷WTTÄ=pà€œœÜÞK]]4PcJöìªêЧ8ñðáCaaá[·nqqqaã¼8áîîg•°âôhÀŠçÏŸ_¾|yŸö&N˜™™¡qp¡•*AsçÎñóóc󳆴ƒk>سÆ,µµµ)))èKRQQ,@ººº ‹ÒÀÀ@¦ÁDÿinnNHHxóæ :bî---Ø¿†M!­­­ èËÂ… {ûxû$==uRÉ`0òóó±ñ[ZZàÈÌ̬7y•=4-===&&õéÙOjkk{‹‡“ŸŸÿôéÓA‡‚)//þüyffæ Îý‘ŸŸÿþý{ÖÆsptuu½}ûöóçÏCR†ÂÈÌÌìÏ>¸o°OºººÑèu---è'ƒŒ™Ö†zôèѧOŸÝü÷Sl„Åú5gø@<°I1***ÚÚÚPד&&& ¥  ª÷Œ»Éä¿"::šB¡ôvJKK N?~|Gsss±ž1GQQ‘²²ò·oßòòòäåå`úܹsÓÓÓÛÚÚ´µµû|ÔAAAK—.uss»ÿþ¦M›~°Vƒæ?þعsçýû÷Q4¨+¿víZl΢¢"55µ¢¢¢ºº:---¬šxàçç·²²‚ÛRRR¼¼¼ééé3gÎì yyy$ N?q$%%±“ÖP<«©©ÑÕÕÝ»w¯‡‡€F£Mžý¿Äyxxlmm÷íÛ7ÈÚ nß¾½eË–ØØØòòòÍ›7[ZZö¶’6fÑÔÔò2¥¥¥³²²âââbcc¹¸¸Î;·xñbö¾Gqp~5þ­Çž!X€@¥O4…Á`€Þ+pp†¦å"‘ˆ•%tx2bPššš±±±ÐfÀÈÈÚe²AUU5&&æ?þLŸ>ýÇ€¸¸8¬SQQQ¬¿<ÿ½{÷zyyÁvVFFž5„888 áTçÍ›gii; q"((¨ªª ;Ë~ûömt xðàîÝ»ÐãøŽ;úŒŽŽ¾}ûvÿO š6mÖhdùòågÎœùðáƒÁ0Ôwh:qâÄ»wï=zÔØØèççÇÇÇ·páÂÞògffb… MMÍ‹/nݺUPP0??&JJJH ÁÁÁÁÁÁ³ ru«àkjj¦N:´•ÃÁr ¤¤¤Á`ŒŒÖÓï¿ÿ¾}ûv--­’’’E‹íÙ³§ÏSDDDž?¾iÓ&%%%>>> …¢¯¯Ÿ˜˜ÈÆóŒ°óèÑ#èî}88~üxcc£––™LnllôõõEuŸú„F£Ý¹sÆoB™1c†‚‚BppðX'888ÂÂÂvíÚ%&&ÖÙÙ)$$ã¶öˆ±±1v÷ýû÷eee~~~Øàw§OŸÞ¶mÛ°UyØijjêîì8(ÍÍÍ]]]£]œÿ‡N§×ÖÖö¹Žƒóƒºb€ P—‰Á`Ðh4¸[UU×"ppÆ&D"QVV®Wprr ‰„5®>ŠŠŠ„……Ç7 ³jjj***´´´ UîX ½½½°°PEEeìTid¨¨¨ P(JJJPƒî—…Á`À µçÏŸG±3ÁÍÍÍh¥¨¨HDD„ɧ+?~411‰ŠŠš={6Ó!›üü|tµg¸©­­¥P(0|U\\Ü‚ ’’’¦M›Æ”­¸¸xÁ‚LNiGŒÞlGG??ÿõë×ä‘ çgçÎ;6l P(T*•ƒã={ö„„„”””ÔÕÕÿ½3‡j}ø3ÃÌØ…PÊÙ*Ñr[‰V¥´*%Ú´’5íåvK{Š6u]¥T7q)Šr¯n᧤ëZZ4–HÙÍ>¿?Þ:;ÄlÕù~úô9ç=ç¼ç9Ç;3ïó>ÛäÉ“8Ð…b|´Í:!ìé„t 6›Þæ{‚žLuuuSSRØl6Ò(ð£ºS5Š¶ãª¾}ûb.û=iiévçüþ¦!2è#Nž<)&&fggW]]%¿ˆˆxõêJââ¢~\ŒŒŒ¼¼¼PÎ\ðx¼††’'ƒÁhlll—øíÁÇÇçáǘöÒÒ2œŽŽŽ¥¥ePPÐÁƒ»L6<"^,‘_ñäèÑ£ÚÚÚýyd2™Ø§©±±‘Édv‰tßí‰Èæ„t ‡Óì—>AÏ T1116›M¥Ry< œèšŒ±ß Û¶mC©®ði¸þüóϲ²2__ßî­G°aÃ33³Õ«W·où€€ ¡ÓéS¦LèE@ÐQ´'¡ ïH£àp8l6).AÂårÑXåp8ØFt·hß¿þú+ƒÁhMVÓ‚‚‚Y³fihhèèè,]ºôíÛ·PZZjooÏb±¢¢¢æÏŸÎLOO_·nÝ!CÆŒãë뛓“ó•BÖÔÔ¬]»ÖÔÔtøðá^^^>|@íOž<±··/..öóó355533Ûºu+¶fßÔÔäëëkaa1k֬˗/_ºt)((PÂû’’{{ûÜÜ\trmm­———‰‰‰™™ÙŽ;°NŒõõõ±ÌÂ8;;GDDDEEMœ8qĈûöíãóù‡9r$ªû‹õãèèˆO½ooo–y<^ttô¼yóÔÕÕÇéÒ¥–^¬' `ðàÁžžžø´ -½1ø|þùóççΫ££3cÆŒýû÷wjî‚vóþý{''§ªªª¤¤$'''4=»|ùò¸q㔕•ÍÌÌ8ðÅ9ƒÁؼy³±±±ªªª VMÕÇÇ+?Êçó—-[†]µbÅŠÎy,‚žKÛÔ |ø5Zèe±Xl6›Éd2 6›ÝIRtl6›Á` ±Êb±I ŸQ »$ èé<~üXOOï‹uÖrssÍÌÌÊÊʶlÙ²råÊ :ôýû÷’’’cÇŽ%“Éêêê(þþÙ³gÖÖÖ¦¦¦$éÀsçÎ544 ™0a‚ŸŸŸèï<ÏÚÚúìÙ³óçÏß»w¯¤¤¤¥¥åõë×@RRòÌ™3µµµ››{ãÆsçΡX©>„‡‡1,Šà;„ßÐâ.ƒÁ¨¯¯¯®®~÷î]IIIAAAnnnVVÖ«W¯ÚÔ[÷réw¾ô@þû‚í»ó¥ò_wä½ÖoåŒûÚNÎ^âKäÿÕµŽ‚üwï?n¯ôåÙu·î$^½z•••õôéÓ‚‚‚’’’wïÞUWW£úÓȼÖÝôt,,,œ…Û§L™"//íNžŸæ̉”œœŒÚ‹ŠŠ$$$† †v]\\ôôôÐ6êdþüùØ fÎœ‰í¢:*………²)))©¨¨ÔÔÔ ]¤œñù|§©©éää„IIImÞ¼»044Ð…&&&–––Ø¡åË— ¿X< `llÌb±P Ò~ÿýwÑoL++«eË–a»®®®ÊÊʧôúõë·aÃ>Ÿÿöí[wwwìбcÇàÁƒ|>ãÆ***¨]]]}õêÕ|>ÿüùópçÎÔŽôí~ýúñxÿÚµk$©¼¼¼k” ûigõ.þ§Êø•]þ7µ¸Ëá@CÛúXlhh‚”¯ï Ü•^9F6p(üã6Ÿßñï¤ëÁ}4z±b‹_„Ïççææ~1*€Ãá$&&ZYYIJJ¢uuuccãôôtá“===KJJh4ZeeåãÇoÞ¼ ,«ÝB^»vÍÊÊJAA¡®®®®®N^^ÞÜÜ<11;ÁÕÕ ”222*((€ÄÄD ,³¶¶ö¤I“DÜÅÉÉ Û644Ä[P•ÆW¯^5{¡­­-fâÐÔÔ411ÑÖÖ‰d``ÐÒUx455SRRŸ={ÆçóöoßþÅ«ÀÕÕKïãàà™™™ÐŠ7†q÷îÝÓ§Os¹Üׯ_'%%eeea»ß÷ï߯¯¯ŸT>ô¶ö«Ù`8ܼàê­Ï‡Á{'Œœ ‹àL”àº~Æpr½±`¿Âp5…Ã#Áà _ÂҰܻ͢žºœA,,Z g}nw^WnÁ•[`;ôÇÂÜ•P†ó‰ý§æ­S;Xí9ÿÀÆíp+ JËÁ~!°Xõ;Ì_ýùä̧°` èŒg¸Úf »ä­‡†+Ú%B&ZZÔ/++}*H"pZnnn³µ´öïßèããóòå˺ººãÇ„T*•J¥Î™3çÍÁ×Ç@Å+••---Å·¼xñBÄšíQYY -'†]´¤¥¯#¼ÕBYY9""¢¢¢">>~æÌ™¿þúëôéÓEô‰ñæÍlûíÛ·ïß¿WSSkÍÃprrzðàALLLUUUiii+ïKÐí dyy9ÖRPPÀb±DèÌ222Âaø¤”:88dff>~ü¸²²ÒÒÒr„ ¹¹¹OŸ>ýçŸuâǤ͡Ø9>¡µÞ–®óárÿáâC5˜N‚ Waü(˜1 bâaÔ4x[ùñ¨ýB8tÌŒ`£;TVÁì5 ¬çÀ‰øi8hk€çˆºñ¹Ï¸$øiäþ nó@w¬÷ÍåBü]°[ñwÁ 9Ý7Ã*’€•.Pñ,gí¤‡’Ó èX–£Ái ܼŽn=}“!7¬áÉs;Â#áYHJÀX “A] F ûxrÕ°_L8OƒÿåÂ4WxYÜ6!»ÌžÆçó±Õ>áQM@@Ð,ýúõ“’’úbñ8UUU%%%c€¨¯¯öì™™™™ðÉÓ§O_¹r¥––™LÎÊÊ>§õÉdCCô´´þŸèׯŸ¯¯ïÅ‹E_¨««›››‹ÍŸª««?~Ü> )ŠAû.G(((TTT`»hƒÍfO:5>>^ZZÚÞÞþĉ«W¯ÎÊÊjM*¼gKZZ >¼õoìÑ£GyyyÛ¶m›4iª ÿ•,‚.cРA””„µ Á \ŠÉóçÏñEzzºŠŠŠ††ØÙÙñx¼àà`##£Þ½{5JRRrëÖ­***"ú$øŽiuïzŽ÷ùgc“ƒ¸æþí<üùèöƒðšO“àà6\®ÁË7þÀ›R(|çB`,_Ñ'A©Üû ò:<ʆ_­pl7ä߇Ʀ2™à¹ÌMày l^Gv¡íþü[ôñz8N‚âG°É£ Oñçcÿ Al¬_ü £Ì àçÏ'TVÁÓ$X »}`“;d<Àg¨ô†´ë°ËÒnÀ/¨oPèþkA\ƘúOºG]„탫a°ÇR®“ÿ¯ío¼[á ÕaüÃ~º …2jÔ¨ÖÔ¢Þ¼yszzzxxxSSSEEÅŠ+H$’——:Ú»wïÌÌL´üoaañøñãüüüšššË—/@mmí?•õõõÇþKXXlÙ²¥´´488¸¾¾>++kÑ¢EQQQ#GŽÝÛúõë)ÊìÙ³oß¾}ïÞ=GGG”¸¡¤¤TZZš••ÕÔÔ$¢DQQ‘¾¾þ“_‰ÆÌÌìúõë‡þ÷ß}}}Qð+P(”^½zmÛ¶ ¹©¼xñâæÍ›C‡EN)ø+LLL̾}ûЃ¡…äV¾1CCC™¸¸¸êêê—/_úøøÜ»wÍf·æt/VVVæææÌÈÈàr¹Ož<Ùºu«¹¹9,$̆ (Êúõë+** Æùóç¼¼¼yMQQqĈׯ_·²²*•:vìØ7nLš4I„áŽà;æ«b'ø¸Œ±ß¨uÂÓB÷þçßä Ÿ^‹«Ñ  uõPWòr`n‰)êjPû/L¶†FxžQ¿C#˜,€˜8 QÁÎòc'ýÕ`ªíÇíì\xùæ;B}ÃÇ>íÆÀÇ>@Œ ›< ­?C×âJGû}64‚ƒ5<ýÊ?­mM›½?n.^¾.’ÀL{“ýxÈc![®äF¥À´OÅp uà³ô­€Y'07'"v‚€ ML˜0¡5êĆ <==ÝÝÝeeeUUUâââ0ÿ{÷î¡ŠÚ¾¾¾½zõÒ××WPPؾ}{BB‚™™ÙìÙ³}ºwï^ìÐæÍ›+++ÕÕÕeeeuttx<JÂÿ}±Âìر#44´_¿~fffâââ·nÝBÞk­|c²²²»víúã?”””tuu_¿~}ûöm¦¥¥õ•KÐÙH¤èèhsss6tèÐ~ýúµ”Ρ§§}çÎUUU™¥K—z{{oܸ;ÁÁÁÏç#u&L˜ŸBü ~@HmšEq¹\¤<`…&kkk›ššú÷ïollÜy²v,‘×`áZHøõó¼±íl?/þ‚¾* 5„ߎá@xžÇÎCJ:I`2Š^Ãì)pz? ±†ÞŠrõó%Þ;!öä݇_c`Ѻf„Ùº¶m‚MÛá×kðöIó‡G‚»¤ÿ#…ü¦-ؤf.y– ƒõ¡÷pu†_¶|lü=f,ƒ§w@VŒ‚°Ÿaù‚Ï—¨ÃFwð] ©^°s3ÀJ_ˆ¿ ¯}>“Ü×ÁŽ¶Çxt#OŸ>¥Óé4MVVVNNNJJŠB¡HHHÐh4qqq111ÑnÍåååššš‰‰‰–––_<¹²²2''GEEE__Ó uuul6ùÌÀÓ§O{õê…ü(ø|~AA¶¶¶¸¸x»å¬­­ÍÎÎ>|8Fký…uuu222$ÉÞÞ^GGåÓWVV¦¦¦†e…j–ŠŠŠþýû'$$ˆX÷m%|>¿°°PII {KL&óÙ³gH###ü»x±ÂäææJHHèèè´·ò±X¬¬¬¬Áƒ#]«®®îÇèGÐÃA#êõë×úúúêêê­¹¤©©)''‡ÅbcÉ„iÿ—5ü×Rߦ³“¨T RaúD8ôŸvô—ó8yÀGÈüé‚„èŒô+#+ôÿF*>yþqCVàÂ!°úïâjo7r² + 9É ö_k“ªòÇfmr2eŸ½s¡¶Þ½oñ.Â|spl  ‚öѧOŸ5kÖ=z´5ꄲ²rK³jlá_Š"‘HI–ÚœœÜ¸qãZþ©S§‚‚‚>|8`ÀÈËËKKKÃgƒ%“É͆’ :vìد×%€D"¡\:ÂÐh´fQ@èÅ 3xðàfÛ[ùƨT*ÞJVVö‹w$è! ÕÒ jIII ‹Î‰à»ák]Üð󳎧A&ƒá@H{ ýÕ>þë×|÷ÂÅ€ WARB÷‚©HHÀ‡jxõæãôz°½†7Ÿr„0™ö)¢o°@fÎç>ëaÉÈ+ü*QëA]ÐË>w— «@ôR»¢(ö‚;÷?·$=hÆóñ½j¿]ÆöíÛ333srrº[ŽdÚ´iT*uèСóæÍ›7oÞ˜1cÆ·hÑ¢6uRWWŠ4~ÚœÙIØÝü;Ö(¶¬‡Ò·| ê +­…¨0ÒÀ|(41àæm`2áq6LY d2ÔÕŸ^+@\ Ön’2¨­¿àÏÅòç©y Rþ®Üç•ðŠƆ­éÊ-8vî?ÿŠK`Å"è­AûáM)TVAð1ðÚ 4š7JàÙ¼Ò3a•dçBÔ XáûŸØ‰ÞŠ™/^·õµõ\„‡.>A@ÐVddd®]»Æ@ù¾úöíûìÙ³óçÏ+**öíÛ÷رc×®]kk8õ»wïÎ;ghØê/t‚rvúî™é!Aà þÁÀPï ‘Ç`ìÇI0Í–l—u -?Àä °åX»Žî‚¨ãàºú› Àú'ð^Wã>öºܼÁjøÖ?ÁåPøT:öË„„ ¶èiÃÄñp+æ¯ P©°Ò‚ý¾ÜÛ&`0áÐi½jpb¸¬éG=Âî#0z:”U])‚ï SSÓî¡ã‘——wtttttlw @¾R?m ÅF)q°Pl‹%Š=tèÐΓµ»¨­ƒì\ƒáÆ Ÿö¶Jß‚±áG·"z)ÈÊ€¼|4hôï ÚÍ}S y…ÐW†|UjòÿÀáÀó|¨¨‚!úÐG¥m×ÖÕƒ¬ ÔÕƒœ¤\ñ£>·³Ù ¨ÐaBv/ÙÙÙt:J¥¢Ê¯RRRT*Šý5¡Ÿ? ÄäéËÈɸR–«*w€þ¸ú’2Ò-^êj Þb1Êv".ƃÚvÉd`2!éòÇXðÓ¿ À×ÉWƈ|+TVVÊÈÈH¶ÞXLð]#¼ØJ8Ät%ÂIäD§•ë^Ú¦N„€O‡í|C¸Î9+`àO`3^Cr„î…^òÝ-V§!}J£ÑF½páBáB]222gÎœquumÓ­ ”””¾ê¾j¼-eì Ô ‚®D`N"<ÙÆO»¯µNºÄ7Ó(Hƒ;àï,;¶¬‡1ß{F85˜€€ ‹áñx \.îÝ»7uêÔ'Ož D±?ýôVêNL&³EºvíZQQÑùóç'Nœ(p¨ººÚÜܼ°°pĈ¥¥¥§NŠŒŒüã?„5Šö¥s022òòòÚ¹sgû¥'ø ðŠ„p–ŽfÏé9 ~4„ÕÀ­núÆd·Oi¾JhÖLAðm¡£:Z°¢mé¿U„Ý-Ág¢¢¢ºå¾t:]AAañâŇBBB ÿüóÏÑ£Góùü­[·îܹ366vúôé]/'A'é<¯Qðx< Ò‹tëõd2YÀ·-jô™LûÕ lB†j ‹‹‹Óét.–•€ çQVV†U¿&4 ‚¶òäÉ__ß_~ùåÒ¥Kqqqššš«W¯677÷ööNKKëӧϦM›¦L™!!!999çÎCÖÕÕÍ™3gýúõvvvXo—/_Þ·o¬ZµjÁ‚+W®tuu7nœ««kJJʱcÇ~ùå—¤¤$EEEtN³R:u*::šN§[XX¬Y³fĈÍžÆ`0‚‚‚Þ¾}kdd„ª¶ܺu«±±ÑÉÉiݺucÇŽÅ_UXX¨¬¬xðବ¬aÆéèè@ll¬¼¼<¼~ý:&&&##c̘1+W®¼}ûöÂ… kjjV­Z% ’»»û™3gV®\ùÇXZZ^¹r©4xx<žµµu~~¾———ŠŠÊõë×---cbbõõõUTT***LMM.œ1cFTTÔÅ‹-ZÔØØxôèQ‰dooßìûñóó£Ñhnnn,ëСC?NOO711INNÖ××ÇÔ‰‹/¦¤¤œ}ºoß¾Í>Qÿþý322( ÚöôôŒ6mš]LLÌÁƒÑWÍÕ«W§L™¢©©éïï¿sçÎ1cƬ[·¶oßþúõë/^hhh !uttÂÃÃoÞ¼Éf³CCCUTT\]]­­­CCC9‘ÛúkÀ;8¡ÿ•””ž>}Êápº[4‚WRRBÓi‰Äãñz‚×S›3; lˆ‹‹#+Œ¸¸¸†††¼¼|SSƒÁhlld0l6›Åb±X,T­óJ$ è 0]BLLŒJ¥R©T …"!!!%%%!!!)))///..Ž-ö3,<ª D0kÖ,´ÔlwРAðêÕ«ŽºÑ¢EƒºH$Òܹsoß¾]XX8xð`ìT¸ÚÑѱ®®µ888x{{———÷éÓßU\\œ´´ôøñãÑ.™L¶··¿wï^qq±¦fsµ>ñüùó»wïÊÉÉYYYUVVÞ½{÷ÀS¦LQUU>ÙÕÕéHOOÏÌÌÌiÓ¦-\¸ðÖ­[ÿý7R·Š‹‹>,|ùµk׬¬¬ÐãÈËË›››'&&jjjòù|//¯Ÿ~úÉÙÙÙÙÙ¹•¯‘ Y.|™x<š¢p¹\---YYÙî–Ž€ Eêêê˜L&™LFnÛÀçóÅÄÄïSwIÕÎ… 4oC¾\ …ËåR(T °§BËÃèôA%Ô ‚Îi¶hd¢)...!!!--'R0Иt2¡E´ lm-‰!?%Œf¿äÛV§««+°]^^ŽW' X,–°1¤ªªJ@(**9r$6×Ç:¤Óé¢Õ wïÞÑét4ÅLOO=zôÅ‹½¼¼„OVSû\NH[[[QQ±¼¼¦M›&''wåÊ•‘#G^¹rEAAÁÁÁAàZƒA§Óß¼y#''‡o744€… –••?~ÜÖÖVBBÂÒÒÒÛÛÛÚÚZ„ä-!ìéÄf³Ñÿ\.—0øôp¸\.›ÍF³6›M¡PÈd2~Twˬækc'°ÙZô¥P(Èô ‡ƒŽ"Eý¢Ag€>?HYP'Ð6R$íSë‰Ø ‚¶ÒŽ€¿—/_¶ãF Û®®®©¿œœœ¬¬lNNZÛÂ6ÈÈÈ”••á[rssá¿ €0µµµ?vssÖ«GeddtåÊ•fÕ‰7oÞ`Ûoß¾}ÿþ=ê_RRræÌ™111û÷ï¿zõêœ9sP <È :}útzØìÖÛÛÛËË++++11ñìÙ³“&Mzúô©ù Z‚MZ.ÁápˆŒ2=4PÅÄÄØl6•Jåñx(pâÛ‹€OËÀȼ‚t .—K¥Ri4zôxȳéýÈ:ѡ‚T2™Œ ÑhØÿ˜FA(N¯^½ªªª°u²ŒŒŒvtòèÑ£ í¤¤$†í"I§Óúé'ÔrêÔ©øøøëׯ t5hР“'O–••a¦•ôôt¥ÐRRRT*õŸþÁZšššètº¹¹y³ç?|øÛNKK€áǣ݅ ž?>44ôÕ«W˜2™lhh˜––Ö¿ÔÂçó-Zdbbâíí½gÏžšššŸþÙÌÌÌÌÌÌÖÖÖÂÂ";;›P'Ú ï˜³‚˜¨ôpuÅNˆ‹‹£Œ-ñw—TíÅÆ"Y) –OÇã¡…a¤E gFŸO,[G?ÁG°a‰T\ …‚F#R$¿FCɺ[v‚ï 33³C‡-]ºÔÛÛûùóçÛ·ooöS†ªAß»wOMM­wïÞG7lØЯ_¿¡C‡þþûï§NÚ¼y³ÀåŠ+BBB‚‚‚Ο?/!!qæ̙ݻw/[¶LØ~²aÆ3gά_¿þèÑ£rrr—.]JHHØ»w¯è__qqq''§_ý5 `áÂ…çرc>|Xºti³çÇÄÄìÛ·oáÂ…åååAAAFFF˜S“••U¿~ý|||ˆ)?лwïÌÌÌ/^hkkoÙ²eÖ¬YÁÁÁkÖ¬ÉÏÏ ‰ŠŠòðð€!C†8;;Oœ8ÑÚÚº¶¶öüùóbbbÆ €«W¯^»vMÀ¿‹ %ðá×\.—Ëå²X,êÉf³ñ±þm¥ºº:77·wïÞÚÚÚxßB‚„Íf3 ôÝ…¦1ha”L&£°ìoÀÙ ‰‹²Û"é1­{0ô”@ê>›Å&èTð)›0åHÀ»Bᔵï(<¤‰ANЕÛž Ïž=ûêÕ«çÏŸ?þü!CN:Õl&qssóÑ£G¯_¿¾¨¨èÈ‘#GÝÜÜlmm †¬¬ì‚ ¶lÙ"p‚‚‚­[·æÏŸ¯¡¡A"‘¨TêÊ•+ƒƒƒ…o¤§§½téRUUU111çãã³qãÆ/>Hhh(—ËÝ»wïž={€F£íÙ³§¥0è;v„††úøø€±±qll,ö· “ÉóæÍÛ¿¿››þÝ»w=º¼¼|æÌ™!!!~~~þþþ|>_]]=22ÕÁ˜yòäúõë%%%£G¶³³öHd±Xk×®õòò8p`›øÛ‡Ãá0™L4ÉA!hfÞ½sR›n}üÁ© (qÒ–˜L&2G ,±È€ˆ™&ˆ,± ¦ Ò+æ€Ìêæ­×>3EK`B£ èš±=ÇàöîÝ»êêê/þä¿}ûV^^_”-""bÉ’%åååòòòOž<166–””lér‡óüùóŠŠŠ!C†ˆ^¡ojjÊÉÉa±XÆÆÆÏ¢)))yþü¹„„ÄàÁƒ…kS››+!!!¡aaakÖ¬¡Óé***øöºº:6›u[[[›-&&6|øp•òüüü¢¢"iié!C†|Q ‚–À¼¯‘E‚Ëå2™Ì¦¦&&“Éb±[™éøûÀ××÷çŸÞµk—ŒŒ j©¨¨¸uëVNNΙ3g\]]ÀÓÓóرc¾¾¾]]]ä¹¾råÊÁƒûøø b27oÞ¼qãƲeËNŸ>-pÇ3gÎ(Õˆ)S¦ÄÆÆFGG»¸¸ðù| ‹¿ÿþ[^^>##C hêܹsK—.MKKÃú~^½zõþý{qqqIIIIIIäsD1ï®—ªÍêúéùPNXTk;„%t"ÊÔt*X%|’䌇þGz•J%“ÉètA!z&\µÙ!MŒp‚®D`Ðâ?-]/[»ÁÔ‰fó±~‹ðù|sss}}ýÈÈÈî–åGóqBê‡ÃijjB9î †²²òµæÔ‰ŠŠ eee¬±¡¡A[[ÛÐУDêD}}½´´´poß¾ÕÑÑ155½}û6~QÀÑÑñÆ>(T/¼¸?þü¿þúKKKK[[[__?&&FUUµ¢¢bܸqrrr¨² VòæÍ›,ë‡U' +++)Š´´4Ò(Ðô©hòÓõRµÙÙ ‹GkÀ KS…ÚÑ0r@ć:AËK¹6…"áêµcjŸožu5 ~‹@à|‚Î?hI">Ÿ ËØ°aCrrraa᯿þÚݲ| ŸäXÖF»[®îGZZZSS“N§·æ䆆†}ûöáu Ô.++ûîÝ;ó"†ß½{çîî~øða##£;wî¼{÷nß¾}hAEEeþüù[·n­¬¬TVVf2™üñèêê¢Ìl?&H&‘Hl6[RR’ËåâÅvíÅFî§ð)® Aú–1Ÿ–ˆ èTÿM‹ìH…À< ð|Ñ3sÄ‚ø:*ÍêÄP'èl,rxÍ3ÐaqAô]ÝÝ‚SSÓ={ö`Þß:Æ ÓÒÒrqqQPPènYíÌÀápÐt9iwŸh=…‚‚‚ŒŒ —Öœœ••Õ»wï‘#G ´0àÂ… _¼|ùòå @é Þ¾} FFFØÑ¡C‡@nn®¥¥¥¬¬ì½{÷àêÕ«ÍÆbý  8¤Bp8"<ª»˜ö'Šåóù˜ýz!åûéBçT‚ÎË€íbê~?Á‚¶¬×âM´555hŸµ o‹ëا# o‹œÑ•——G¡ºÝ˜ë£Ýá§ß:­œ–t%øµ!¼yùÇüê>tèrdâóùÏŸ?ONN600رcþcccü×HïÞ½QfäÂÂBѵ Eýû￧§§£]ô•uûöm,Ãò_ýÏŸ?·´´lß-¾?ðcµÙ1Ü-´§Œ Iæø„ÕªC¿dhÊ%°v ?꧔ +p'árŽ&W* e±ø¬‚<¯¼¼-™ôd úôéƒ)¤O©ù€ðz"ø±°'£ïvTwâÇ\ô¼xñ"ú­äóùåååL&sØ°a‘“&M‡bcµ%$$DdJÍîÝ»çÌ™ƒW˜››[ZZþòË/&LˆŽŽ¬‡³Nàk0;]w1í´N ß$ÌzÎÿ”.9>¡]T‚P$º¥BÀÑ&ëöKƒ3ú±QTT|òä ábKГSTTd³ÙXRoüÇ¡»¥# è`“0|^ûîªÈÌÌÄB±y<Þ¦M›:îë닳oß¾fC±õõõ333…Ûù|þ¹sç8nܸfoÿôéÓãÇãcbbÖ­[wîܹcÇŽŸ8qbîܹƒnÿ³}w u-âw»ÑNuûYB `؃a»èhyZ‚fOÜÊ¿/! Ò%0ÿZMMMyyùŽ•œ€ ©©©a0(@ˆÃá lÈÝ-AC`e—˜«Éä­[·†‡‡ã«¼‹ÀÀÀàæÍ›999Š)))Ë–-;tèPKêľ}ûôõõÇŒƒoTTT¼xñ"0™LvéÒ%qqqäE€à mv·D_£N`^O˜~˜Ô™\.·¼¼¼_¿~Ý-AóL›Œø(ÃH‘Àlâ?æ Á7„À –˜˜þ‡3VL`zõêÕ§OŸºººÖœìîî~ìØ1??¿ëׯcÞPgß¾}’’’3fÌhöª÷ïß?xð`ûöíøƼ¼¼¹s熄„X[[£¢+‘‘‘C‡%J• е߳Nà™ª««ûõëG¡PÒÓÓ àÓ—””ìß¿ßÃÃã+ˆˆXºtiuu5æÃ×DFF._¾œÉd2 áò=º}ûvaaa¿~ýœœœ† †b0ÑÑÑõõõ†††îîîÍ.o766ÊÊÊž>}•`Æ qqqùùùP^^Î`0º«àŽººúÒ¥K¾ D€—¼³ž'µoæ„YÀ1E&“‰r´ Wú$ èQ r¢H‹À‚ÙàSҳ»à „F!„¬¬lUUUkÎÔÖÖÞ³gϺuë&L˜°víÚAƒ?~üöíÛGŽi)JûîÝ»<o„ øFMMÍÒÒÒ;v :TNN.,,,11Ec`]áñÜõ|­:Ñ°råJT[ nllÄ"¶¿ÔO—<~ü¸ŽŽÎÁƒ©TªÀOrttô‚ úõ맧§wýúõàààS§N¹»»@CCôiÓ|ˆÕ´ïZÿæñ’ðù||6Ò",K Á6AOƒÃá0 qqq@A–XŠ³o1×AWÒ·oßÄÄÄGYXX|ñdOOOiii___,«ššÚÍ›7§NÚÒ%III4ÍÔÔß())ùÛo¿-\¸PYY™F£ÉÉÉ:tËòDГéĹ®®njjê¹sç:ïÝN;vìĉ…Œ===§NZTTtûö튊 mmmtèÂ… )))qqqþùgvvö­[·Þ¼yÔÖ»¯Zµ*""¢£Ëùv%GàÝ-(ð¡¥xÓFpp0ŸÏÇ—ÄFÄÇÇs¹\¤K=z”Ïç7‡ ‘HË–-+++ËËËKJJzýúuII‰]Nž<É`0„½˜lllŠŠŠþúë¯äääÒÒÒU«V _ëääÄçóÌ’Ø=–NT'-ZôÓO?y{{ ×D€ÇÛÛÛ`-~~~hÛÙÙ9"""**jâĉ#FŒØ·oŸÏ?tèÐÈ‘#MLLñ?ÅÅųgÏÖÐÐ9rä™3gðwÉÈÈprrÒÓÓ³·· ÃÚÃÃÃ=<< —.]º|ùrañ ÆæÍ›UUUmllîß¿ïß¿wrrªªªJJJrrr˜PæççWTT,[¶ -JJJ.X° ººjþúë¯AƒÙÚÚ¢“'Ož¬««›––ÖÒÛãp8ƒ600ðôôÄ\ùcÍš5III%%%öööå!oݺeooÿúõk´{àÀ{{û¢¢"´9kÖ,ô fÍš¥¡¡¡££³téRTAòòòìííóóówïÞmhhÈápàÉ“' .6lØ’%K222°Ûñx¼èèèyóæ©««?þÒ¥KÍ>&98;;_¹råÊ•+¶¶¶úúúsçÎ-++kéUt/ÈtˆÕwG™QýÔî­c˜6mšL ôîÝ[Ä…………­1…ûûû0@¸½¦¦FFFÆÏϯý¢·‘òòòW¯^¡íU«VikkwÙ­»l "¢Cr“ [Õy]Hñë h3=a ¯éGZZzĈ£Fú†Ü:ËÙ ÈdrXXØ°aü¼¼ÎŸ?/p´²²2!!+=BvyHNNÎÈÈhlltqqIMMõññ‰ŽŽ.))Y°`AqqñîÝ»•••×­[‡N7nœžžÞ† îß¿ïææV]]½iÓ&ˆ‹‹›9s¦¶¶¶››N_½zuFFR*òòòâãã“’’¼½½dãñxÖÖÖùùù^^^***ׯ_·´´Œ‰‰±µµ555½sçNŸ>}LMM¬jjjÏž=8p Úe±X)))ãÇ—’’KKK|@RCCCEE…¡¡aKoÏÏÏF£¹¹¹±X¬C‡=~ü8==D"ýïÿ‹‹‹€aÆýùçŸ,kìرrrrøk p÷î]}qúôé¼¼¼;wîèèèÀÅ‹QŽ—ÜÜÜQ£F 2dË–-555§N:thnn®¢¢bMMMBBÂòåËÓÓÓíììÐ}---û÷ï?oÞ¼ÔÔT+++L›Ú»wïŽ;|||,--oÞ¼¹`Áæèè(ðD˜äèïûôéÓšššÕ«W766ÿüùósçÎÕÑÑ™1cÆþýû[™aP-y*;vlíÚµ………sçÎÕÓÓ³µµÇŽ655ùúúZXXÌš5ëòåË—.]BJÍ:fff.X°@GGÇÆÆæöíÛ_)pO)hĶÃ9ï΄©Ð¼Oþ~È“ Á! 脇6,±!Úý¶Y3AEØ(ÑÝt¶uh4ZXX˜¥¥epp0~…^‡ƒw®@Y™LÆœˆØ÷‰DêÛ·/Önnneeeååå°zõêÕ«Wã/|ÿþ=ÚPRRÂ_ˆ§¨¨häÈ‘ø$°ººº@§Ó[Jy†ÇÊÊÊÊÊ <<<Ž92{ölT¥…Á`øøø;vÌÔÔô¯¿þ9r$:ÿôéÓ‘‘‘h;$$eÑUSSÃ:ÔÖÖVTTDOÔJNž=00ðŸþ xôèQttt»o-ÂS177÷Úµk—/_ž5k–››[DD„££cnnîÀ¹\®••U~~þܹs™L¦‹‹‹ŠŠŠŠŠÊŽ;„«ªªìííÇçìì|êÔ©iÓ¦ýóÏ?͆y|£`9UB¡4k^éɘ5¯EcG±Àî–< :ò܃OÙÅÄÄðÕßQâ2þ§Šº¢»E ÄÅÅ }‚™LÇÆ|Ñ(:]€qãÆ-[¶lïÞ½µxõê*R@ß-ÿQ,))QWWG»ÿü󨩩544À… ÐÌ£5*ddd"ƒÑr&~Š/̵k×RRR<ˆIîéé–šš:f̘¦¦¦qãÆåç燅…-]ºÿ·?räHpp0ÚîÕ«Úxóæ vÂÛ·oß¿/úî 0©©©©©©kÖ¬122RUUMIIINNž}ðC·Ûm]¤NôêÕëÈ‘#ø Ï¡C‡Š‰‰ùûûÓh4)))ŸvQ_»vm¯^½LMMnܸr" 8ÐÙÙ922rÆŒ#GŽŒÝµkWCCƒ±±ñ;Ü°aÙ3gÖ¯_ôèQ99¹K—.%$$ìÝ»W´ÁdÎœ9k×®=qâDß¾}ãããwïÞÝ·o_”z911ÑØØ8/////»D^^~Ö¬YÍö³oß¾… –——¡ Ÿò˜5kšØÀòž©¨¨œ:uª²²’Éd2™LƒÁb±°° Ìåõ»ÿþ'èFb€üîPj>qqq*•*!!A£Ñh4š²²²ŠŠ ´XŒ€ð¨îbºH€9sæ\¸pËt$%%uüøñ5kÖØØØôîÝ{ñâÅ}ûö­®®nk· % `æÌ™ $ÉÃÃ#  uss³²²BOkkëË—/ O»…ÑÓÓ‹ŽŽ^ºt©ªªª˜˜ÇóññÙ¸q£è«úôé½dÉ’aÆ¡“Ë—/+**644üïÿãp8Ñ#ººº-©;vì õññccãØØXá!âäämffvÿþ}i888lØ°óõBYªlmm±‰þ† ÊÊÊÜÝÝW®\Éår•””âââbT06mÚôúõë5kÖxzzª‚mÞ¼yÚ´iêêê222õõõºººÂy¿ð ·ßýÏI›Ü᜜œx<^LLŒ………¢¢¢ŸŸß‰'Ú}kä\'ÂSQØWý9deeKKKñí/^¼hé.-uòÝЦá*ìé„&Ol6›Ëåjjj~¥ŠH@ЩTWW755¡5Zd'“ÉøQÝì ­ì¢…B …Âår)Š–––’’R$êëë ‡Ãa±Xè³À#ŠBt2H³E#“B¡P©Tqqq ¤TÈÊÊ"MçÐÉÝ>Ñ)êD¯^½šý° ¸S{xx,^¼¸°°ÐÀÀ@ ý@å»ììlünBBÚX¼xñâÅ‹ÀÝÝýÉ“'ººº Øi 111oÞ¼ÉËËëÛ·ï!C°C8pà€ˆG˜1c†]NN‹Å266ÆvÀb„AÅãþý÷ß·oß0@GGMY¤¥¥[ï‹)%%…Þ^```nn®„„ª EÛ£G....++k6¬BOOÿWÐÔÔø£P(”ƒúûûçä䨨¨èëëcšÆˆ#„O (**211éÕ«fÇ022ÊËË{öì’ÄÈȨYÓ^r¿ïôéÓ{ø·órÚzw¸GåååýöÛo“&MB-YYY_sk”p¹žŠºººwïÞÅÜ«««?~ü••¾¦Eœ&à·æOç;³Û| *&&Æf³©T*ÇCˈ­ŒÀfoâââh–†>(w9‡ÃAG‘">?ÎoAW‚Æ*2² ¨h)( úb'ZBBB?Ëo74 •‚F]]‹¬h’’’-õ) “vÜ®YмJd2ù‹9”D£¬¬ŒOÙ$šþýû£Ph4š™™Ù׈ÑÁÏ®š=Ô-Ru%¢Ýáz÷î™™ùâÅ CCC™¸¸8{{û>œ¾1š½"F5àJU`ÎNB èáp¹\dOqqq4€1U¡¥«HŸ ;bi¸\.•J¥Ñhè‚:Ai'QÿÈ:ÑuFðC‚…Yãh4ö?¦Q`|ŸÖ ‚ïÑîp»wï=ztyyù®]»vìØ¡¤¤D"‘œœœnß¾íè訥¥…êTˆàÞ½{ÁË–-³¶¶nŸ§¢Allìºuëìììäää,X ¦¦†™ñÎí}%ß-øðkn¼;Ðÿíl#@°ÙìÜÜ\.—«««‹·utl6›Á``©c‘ž€|™PX¶6oC*òhB ÃH‹@º çS Ód9‰ »À†%RqQ' …‚ ,ˆ5 $wêN±‰OA³ ‡ƒä566ÖÖÖ655544ôïßèСÝ-cWPYY)쇨««c³Ù(0šÅbeee <E8ÔÕÕ}øðá+šõTl uuu222$ÉÞÞ^GG3€ðx<ä’×í 9]@vv6N§R©rrrrrrRRRØïZÖ»˜bË®˜E‚Éd666²X,&“©¨¨CÆ'ì IDATØš’;ÊåË——-[vãÆ †±gÏž={ö<{öLKK«£îõ×_3æÉ“'XívSYY¹lÙ²ÄÄD‹…ZfÎœyðàAôѸ{÷®Í£GÚ”¸O‰‰‰³fÍÊËËkÖŒüóúõë÷ïß‹‹‹KJJJII¡AŽ÷ ÁÇJa)°LÊHA#ŸÁ` /|¬j¾zi+³´Ò§Â)øú”O ¯q Ôˆœ î¯DÑõbÖ ‚æév]¿‡ Â_Å…J¥b•Ñ¡ÖÔxM[=O:ôðáCT>"///--ÍÉÉ ;áë¿DŒmþ§Êø™SO˜N˜A£e&Ô QD8á?ºÝ- Ó¦MÛµk×СCQVå;wîŒ7‹çþѺ¢ â2´RËf³™LfO«Xÿ­°qãƪª*|¸ŽÝèÑ£,X°k×.Ñé@Ú²§ñx< …‚jÀ£ÌN-)äOåð° *•Êf³±v …‚Üüð!ø@  øºÆQ ÿ‘^A¥RÉd2ú_ ž]wIÞÍêáQJð -êDϤo߾Ϟ=»{÷nRRF;v옣£#ªhùҾኅOòGÎ)iGRSS³eË–´´42™lii€¥û{ûöí™3gîܹS^^þÓO?Mš4 o¹Šˆˆ¸téÒû÷ïÇ/¡¸¥>ÃÃÃ322¼½½÷ìÙ#&&Ž¿*##ã?þظq£@èÿüùó333edd°–ÚÚZ//¯;w‹OŸ>}Ë–-Øß+###88øéÓ§:::ŽŽŽîîîØUÏŸ?÷ññÉÌÌÔ×ן2eÊÒ¥Kñ‰ QQQ.\ظq£­­mEEEddäµk×JJJ†ŒŠ´„„„äääœ;w]RWW7gÎœõë×ÛÙÙ;v,;;{ýúõû÷ïüøñøñãýýý‹‹‹÷ìÙ“ŸŸobbrøðáfó v=(¼D"±ÙlIII.—‹O+ W-}Fò€fl¨¹ª#Ÿ¢~˜TÝ~ ˆŒ‹”@^OøFü—|wMN:^¨©©áN0oÞ<ô+Ú£´µµ±šÙ@¥R¸jժŋ ¿¬U«V%$$ˆÈ1ÿõt 7m[Y¿~}\\ªíõõ§õLüýý£¢¢^¾|ÙÝ‚46-ë9YšE^^ÞÑÑÑÑѱ»é~†«èÄäØôÛ@åº0—ñ®¸ /v| ^¶> >¼ªªÊÕÕUIIéÌ™3·nÝJMMUUU{{{:îâ⢯¯ëÖ­Ù³g_¹riÁÁÁ~~~ŽŽŽ“'O>wî\DDDkúÌËË‹OJJjhhðööõÿûL™2Eø)ì...}úôqrrºvíÚÖ­[{õêµvíZˆ‹‹›9s¦¶¶¶››N_½zuFFFXX<}útÔ¨Q†††>>>¹¹¹Û¶mKJJúã?ðÝ^¸pÁÕÕ500ÐÖÖ–ÏçÛÙÙ1ŒÕ«Wøð!**Ê¢¤¤DZZ:'''%%»ŠÅb%$$ ×’››gmmmaaž’’RVV6qâÄéÓ§‡‡‡Ï™3'--­ ¿NÙÓ ÁápÐ"‚ð¨Æƒ­þâóAaßóHÀ2Æâ“ñ æ¶DÂ%Å[!0(<ݾÊÙñê„„„D`` Úf³ÙAAAæææ3gÎD-(¤²5¥è²²²Û·o»ºº666®ZµJà¦]³ZÐ]ß zzz>|è¨Óz&(î³»¥ha¥ŸD"½yó†ð!èÉ”••µµ`*Þõÿ¥Ús&O“'Oqtûöí¯_¿~ñâZ–Z²d‰ŽŽNxxx``à›7o £¢¢P...ýúõ»wïž““Ó»wïvîÜ9wîܨ¨(ð÷÷Ÿ6m65Ñ'ÐéôM›6íÙ³G؆VvZÂ>~üøÈÈHزe‹¡¡ajjêÚµk™L¦§§§¹¹ùƒÐ_M__Íš5›6mÒ××÷ññQTTLJJBåutt|}}ñE'Ïž=»|ùò;v º®………ÙÙÙ'NœX¹r%¬\¹ròäÉYYYÂõO¨®®ŽEJ™L>{öìÞ½{}}}€Ïç9r„Åbõ ~¬6;†›™)0 ¥@A˜ŽúÁ¼ÒÑ9=GÁ&øþ@Z16äðqø ãs·/qv¼:A£ÑÐw 455™˜˜`-ˆVz”0`ݺuØUÛ¶m2dÈ¡C‡„Õ‰ï›U«Vµæ‘[yAë!á,pqQµµµ³gÏîné¾À•+WúôéƒÕLÅÿ/|2ÿ¿à=õœÉ“§§ç Aƒð-·nÝŠ‹‹CÛ×®]³²²RPP¨««yyyssóÄÄÄÀÀ@uuuT„¤¡¡áõë×=jlld2™ÐØØ8}útÔ‰¸¸¸»»;¦NˆèÄÄÄ6mÚÔì|U@“’’úâCá}® ÿý÷_ÈÎÎ~ùò¥——W}}=:dgg‰‰‰:::III ,ÀJ•{zzZYYaTaaa»wï^´hÒ%@EEEBBbÏž=’’’“&MêÓ§ÏßÿýEÁ€F£a*Ê5kÖ,LT6›]RR‚2t/˜uŸËõ‹±hÒ†9>aµêÐL {¬65AÐeDibZ.™ø Nø¯ôïÍ:ñEZïQ*€„„Ä Aƒ[:!333$$åuÙ¼yóĉ±C§NŠŽŽ¦ÓékÖ¬Ájëv¸7m^^Þ† >|åÊ•_ý5''G à7Æ“'O|}}ùå—K—.ÅÅÅijj®^½ÚÜÜÜÛÛ;--­OŸ>›6mBkBaaa˜ÛÙÙIV\\ëYëy>Ï€ƒŸÐ¥|“lƒ¤¤¤Ž=ZUUÕÚÚ ed[ZZ ó.t4Ç;Ú’ È­iòðð@A~~~~~~))))))ø«Wƹô¯Eƒ0¼>æ÷º­°²²‚£jDEE4'ZZZJKKKJJØÂðÐM\\ÜÁƒïÝ»G¥Rµµµ‘ê1ô’ÅË—¡×ZuJHHÀ×/'êêê€ÂÂB¶C)))EEE®®®pïL£Ñà²'\ÜððððððÀŸ[[[ —FñY…„„ðIW·mÛ6bĈk×®UTTÀ«‹ŠŠÞ¼ysóæÍ‹-hiiýñÇÞÞÞœR0l¾dÒÒÒèQ…QæÈOò–CâKlÓÄ@[þ_ +þ¿ M˜‚4$H¾?lFÛZÄ¿u¢G¸÷(e£¦¦&))IYY¹»£–––S§NuttqâDXX˜——`õêÕ¦¦¦7n´¶¶$oZ@]]]qq1ç¤'†††áááccc AAÁ´´4€••Õ„ ÒÒÒ8s3UUU½{÷NRR@¥RwìØÑÒÒÖñ466æææÂI5QQÑŒŒŒüü|%%% ÃÒÒÒ=z„w$ëŽ>8κ¸¸¬^½:++K[[-""ƒg’’’.\øÏ?ÿÀ’ÕÕÕׯ_ï± xzìùA‚‚ ņSÂ0W%ÀA‰Wáj;ZpÔV‘ü—A¾puJ’£Ì©PO-_ø8uö«‰ØP©T G¡ n†ýñÇÚÚÚ¾¾¾ááá‚‚‚GŽÃô/_¾Â[ƒ}))):::ðÄ»wïrS'q{tttŒŒŒöïß¿hÑ"üküÔ©S=¾²455HéøÝ»wžžžÛ·o?~<ƒÁÀ§“?tèК5kJJJক••¼¼|@@@@@À¥K—ììì?~'//¿hÑ"WWב#GB'11±ššì[š…çÏŸ7짥oÖ/òzBkUý*ÿ ½¢©©©¥¥EBBâG7¤¿•––Ž1âgP«ªª¢Óé‚‚‚ý©„íͶXßÓŸ« ?ÀœàÞ£ôýû÷þþþð3FSUU ïNEžF£Íš5 ~†+ÑÐ5>>žF£ÙÙÙAÏWÀŒ3|}}+**É›àææÆ-p~¨ln©Ð?¸°°ó”Y³fA[ ¥¥ÕÑÑQPPÀæ9033C ôǧR©JJJ …¢®®ÞeÍœôÁqvÞ¼yëÖ­‹‹‹ÓÖÖÆ0,::zîܹðë†?Ò¥¥¥¹¹¹™™™°·¹§ÇžXÐz"†ap¸Q _¥A±s¸@á¤6IHìäé€-Z¦èNãü‚ŦM›æÌ™âééùáÇ={öDFFB=}}ýæææ«W¯ÚÛÛ¿zõÊËË‹J¥644`fff¦§§6qâD]]ÝÄÄD¼K-AÄP(”“'OjiiéëëoݺÕÀÀ ¥¥%!!açÎFFFxwÐ.9r¤££ã… lmm'L˜píÚµmÛ¶555A'???ŸcÇŽ988Ü»w/$$ÄÄÄDNNîÕ«W¨__ßóçÏ{xx˜˜˜èêꦧ§óððܼy³  ÀÍÍ  §§·wïÞÅ‹ûúú¾yó&((è'ô ÎG—óy& K'@¶³ºT›\±bR›ÔÐа²²Ú½{÷@ÝÔwÀÉÉ)&&ÆÆÆ&>>¾Ï•455•••)**ö6(̘1ø¡²²²––V@@òCñõõ=zô(ç¹fff°Í†mß¾}ïÞ½HŠFEEeß¾}l^‘ØØØ.$---á´BVVÖåË—ËÊÊ&Nœ8}útNˤ­­mÍš5ëÖ­cóúC˜››üøñܹsóçÏ煮àüOü™ÿ7€9Á½G©¹¹9òÞé´, }Üáx.77·­­sŽ¿¦¦FFFf0¼iÜ‹É"¿[Øx6W®._‚øYøßۥľ{©T*—¯lUõÁqVRRrÆŒ±±±[·nMMM-..F_hNNNXXXdd$“É”••EKóÄ &qÓó²(ТŒ‹èìì„ŽOpzÅNp)*BBÒðO&Š€þN4 Úp'^Rð§ZpfÏž½gÏÿ 6`&//áÂ(^dgg7kÖ,WWW—!C†ìܹÓÊÊjÓ¦M«W¯>pà@LLŒ­­­¡¡!…B‘””|èááD2øøø|}}·nÝÊÑ‘#GÜÜÜLLLà¬ù´iÓ¢££á|çêÕ«+++W®\¹|ùr€‘‘ÑùóçÙN§ÑhG566öññù矶oßîíí½gÏÖÜÜ<{öìuëÖbccÏœ9sæ̙ѣGC…ÛÿWÃöŸÒÜÜ<|øp6µÉ%K–´´´Àï·¹¹¹­­íWqÇÄĸººþùçŸýiöýû÷gÎœ™••…çá†ææfYYÙU«VÁÍÎÎμ¼¼ˆˆˆ7n¤§§Ãa[[[“ÉôóóCÃ3ˆŠŠ ã²±±IHHX¸p¡£££””Ô­[·¢¢¢¬¬¬nܸaaaÁvÅ“'OÞ¾}›³%²²²ZZZ/^tqqÁ0ÌÀÀ <<\TTôùóçl®4‘‘‘ÇwqqÁ»dã¹|ùòÇÏœ9caañ = ý燙Üx”ö ί æDDD„……³³³a\Ücm¨IÛó½y:!÷øvƒÁ|0——Æðá¥E¾CÛHþk ¯Y´8ÍZ¸@Á÷ dKü 2¥8;;;;;sî D›k×®]²dÉË—/yxxÆÇÏÏ÷óññ]¹råóçÏåååZZZðõèââ}ŸFŒ‘™™ùúõëööv8¯„ÿÏí®ÎÐÐÐ3[ëêꦦ¦~úô z¨ª««ãGEÓ¦Mc{EDEE¡Ïâââqqq%%%ïÞ½“••…³§ž;vlܸñÝ»wÒÒÒòòòpÿŒ3ð¡Í•+W:88¼}û–Édª¨¨ ©+~~þË—/WWWýúΡœ#GŽàÛ¶qãF$X²dÉ’%Kˆoÿ_Æ¿Lm²¬¬ °`Á‚A’#FNNŽÍïÚÚÚzÆŒ7nÜÀ÷j@@À!C8O?{ölBB®]»óá¸qãÜÝÝUUU—-[VTTÄVþæÍ›lÿqK–,ÉÍÍuttlhhððð7n\\\œ´´teeåÔ©S ÿy[[ÛÞ½{ÓÓÓ¯^½J|G¥¥¥âââ .äºþ%üs¢Ÿ¥½ESSóÂ… ¥¥¥hP{ìر7n\ºtéû{Óþ„ˆ‹‹ãpÄqÖÚÚzèСÑÑÑ1110 --íÝ»wh 33³WMúÎ=Çj0Æ † J1—#h4\”€ªšÐŠ c'H¼¬´cÑ2.P Ó­Qô!Žâ×BDDdêÔ©]’––ÆË6 7 €‡‡†{õ¶Nn••íNªGäå呵ÀN7n÷UA±¯.IJJ"Z.!V›ìNOë^á°»Ìå€kIÃ.3µw™[=!!úegddüùçŸmvqq177 õòò‚Aªèèè]»vV®\éìì ½ø¢££:ôöí[…ùóç{yyÏoⶠ"fëÖ­JJJ02¥ªªªØx¶ÒK—.]¹råÕ«Wüüü<¨®®Þµk|E0ŒùóçoÙ²VÒÚÚ ÝÝUTTrrrºkÏƯ_¿Îd2ííí׬Y3eÊ”–––Í›7'&&~þüy̘1›7oFo‚^ýùæD?=J{ËòåË÷ìÙ³yóæ3gÎœ›4'HôRqÙRÑŠ///ŒÉ¦R©4 ¯"ÐåJ…ÐUä ÉÏ ç£Ëù<8j“z’Ý)bÝg.ç^Ò3S{w¹Õ †ªªê½{÷ÔÕÕa\%A›ïÝ»WPPðäÉ]]]¶º¼¼¼¦¦fff¦ŽŽìŠÐÐPww÷¥K—fggûûû¿xñ‚Ó¯; þÍäÉ“{,ùõë×ÂÂÂ+V°ùA‰O¯¨¨XºtéæÍ›¡¹þùógð¿žêcÇŽäää CñƒØØXo@555ƒQYY©««;tèÐÎÎÎiÓ¦}øðÁÇLJÁ`\ºtÉØØ8..ÎÎÎöê¯È0'@¿=J{…¸¸øõë×çÏŸ¯  cW¬X¾‹7íׯ_SSSQRðŸsss///>>>SSÓ;v¬]»¶ÿÕ.\¸ððáÃÓ§OGóÂÂÂÛ¶mÛºu«„„…B±··¿}û¶¢¢"ü7æ¦Iýñcî-Håi“ãÇað///´% ²% D,iN œ92àZòǃ+ø¤èÛã‹´%H~-ØÌàÁ€KµI=IнÂ!Aæò^Iâ3µäV×××g±XÇwuu0aq›áMÝ»wsÎÐබöܹsK—.ÕÒÒª¬¬ tww?vì,0|øpOOÏåË—wi!ÀLVðsKKKjjê£GÜÜÜØ©µ´´ð_«¤¤äÓ§O¹— íOOOqqq”×EMM pûöm´â÷äÉÀ›7oŒ¹¬ÓÅÅåÅ‹ÅÅÅ6lœ={6555))ÉÔÔàêêjjjºjÕ*[[[x;Ýõê¯Èàš‚‚‚ݨˆ=JÜ_ˆÍÅ|Ëg ?~üû÷ïß¼ySYY9zôh£<Þ´ãÇdz°°Ø·o|°Áæ5«¢¢‚ßF›GŽA7ˆ×ØØØpSìåË—øÍÄÄDôYCC£¸¸8//OBBbèС´nØÇYί~Íš5+V¬ÈÌÌÔÔÔ„\\\ Õð^ÈMÝ÷ü`×"ÚÛÛ‘Q×+ D,²"P U@š$ƒ úqE+ÐZàãã£~KßÎÇLJ¼¡z5Æêr™‚„䧅sQb0®Â¥Ú$ž¤ŒŒLw ‡™Ë{%iˆÏÔN[Žž¹l3`Ê”)ÜŒzíÒœøôéôÈ´µµ}úô  ¢¢Âiaa"Âñôkè›ëÛ·oãããcbb•¾¾¾±±ñßÿ]YYùûï¿ß¸q&ÅêOžÜ„„„!C†ÁM*•jii™’’R\\ ­ .{õ—àǬN úãQÚ+xyy»ÓToÚ¢¢¢³gÏv©$ðó@¡PTTT¾Ïµh4>_XX˜3+vMê§s¯@ºÐZ@ÊNȪ³³“F£±-JqØ$ƒ ÛÈ ¿LÏpGÅAá.jU‹’6–––’ÂÇ$?3Ÿ>}âLÚ8àWáRm’XO²;…Ãî2—·µµõJÒŸ© ·z¯Ú ¸Ö«ÌÏÏÿ몤  @£ÑJKK»,?~üø{÷î¡ÍÆÆFõë×Ï™3ïE¶k×.ÎPì‘#GR©Ô.Uï “’’,--ñ#:<;wîüí·ßØÂâââÖ¬Ysúôéƒjii>|ØÉÉ f€éùùù&LÀBp`SZZ Í îU@~~°9ñ¯‡——÷îÝ»¢¢¢?º!$}‚Ëp¾Eq!ß'øZøx Ò– ù>p®!àÕ`¡›úÜãRåAFH}}=©Jòó#--ÿÔ• ô$¡Âa—™Ë}}}û,iH[½Wmæ8诨¨€žà›¡Âej9:äììüôéÓ.ƒRð(**Þ¾}ýF#vîÜyôèQ(]ÅIyyyDDÄŸþÉv³C‡=wî µµ•ŸŸ?**Š———m§WÐét¸Þ‚€aÜ?C¢½‡4'—aÆýè& èUM˜q|sgBv[¥Ø`’ÿœx›MÓâGW=Vˆ·Ià‡¡C‡:t¨ªªªµµµµµµ©©©­­ &mloog±Xø¥9’Á=Ð…ÆÑh´!C†ÀŒRRRC‡EOûͲB 'I pØ]æòþHçVç²Í½ºw˜799~<}úÀ½\uA>WĬ]»vÕªU'Ož„9!………‘‘‘FFFÝÚÚÛÛÙ¼ÔÞ½{%d¦M›¨/\¸0vìØþ8T5êèÑ£Ÿ>}BëE©©© £Kø_Òœ !é´¬ .Uv—ˤ-Aò}À–8íŠ.Í âzи²DEE›››[ZZ˜LfKK LßÖÖÖÑÑ,ŠA¾W’ÿ.È–àáá ˆ`ÆF!!!AA[ˆF$ IDATAQQQ(hF¡Pд=çSý} Г$P8$È\ÞgICâÜê\¶¹Ç«ÀÔº)))¿ýö›‰‰‰¾¾~XX˜¡¡¡ŽŽÎëׯ·lÙ¢¯¯O L \9©©©á¦°‡‡ÇÅ‹ÝÝÝ_¿~mmm---žž€aØñãÇ»;+99YNNŽmÙaøðáååå[·n;v¬ˆˆÈñãÇoݺ£±ûÌÚµkOž<éååuàÀ‘¨¨¨ÄÄÄ;vp/›û Aš$$=Ãö³„÷kÆ9®" £££¢¢‚\µ@؆Jø% ¶=\ÖMeAæãã£ÑhhBS¾%΃ØHH .‹(| aÆÆ!C†À‡ð™ ¢ÒZ=Ib…Ãî2—÷GÒ ·:—mî}}}CCC//¯üüüýû÷_¼xÑÑÑQ__fw4iRLL ÷½=ÖÂÃÃׯ_ߣC…B¹råÊÆ8°oß>¸ÓÄÄäÔ©Sœq  ÃîܹÃiÞ FDD,X°@JJŠŸŸ_DDdïÞ½½Ê뉪ªêÅ‹/^,--ÍÃÃÓÙÙ¹~ýzooïþÔùÓB!HHzþ_æëׯÝEzœœœXMMMeeeŠŠŠHV¢;455g̘ñ÷߳툊ŠÊËËãºá½£¢¢¢¥¥¾‘SRRÌÍÍSSSûùnˆˆpwwomme2™lJnQQQË–-»|ù2ôñUQQÁ§2¤Ñh#GŽ\¾|¹‹‹KC„'Ožefföå–——'..§Ö~]8;„Íǃ›AÊš—X,üš ƒSCCCcc#ü ×(X,V[[[{{;4$` 6ùkB2À/…ŒÌ AAAèìD§Ó………yyy…„„„„„øùù¡7ÔMF¹G¿',‹SOÒÖÖ†W8lhhøòå t€©ªªâÌ\©¯¯ï³¤a—¹Õ{Õæùüù³¨¨(œwÀ0,//¯¨¨HMM­»$ŒKccãÛ·o[[[G¢Ûû@SSÓëׯ;;;Ç?PÏLsssvvv[[›––[<ý¿‰¶:QUUE§Óû¦ðEBòÁ΄„„T_{{û–-[Æ3ÔFÝÝûèþýû666/^¼èNp Ád2ÛÚÚ8ëikkc2™ƒ÷¹aƧOŸ¾{÷àRôór‡RRR‚solcÜŽŽ&“ UwL&SAAfoTTTܾ}ÛÍÍ­¹¹%«é1ßckÇŽëãã³uëÖ¾ßÒO@—æDjƒKHÖ foäçç‡Ö”5c±XP7Ù!ýº’žÀçjD±0W#ü xpü¨Õ ž$Â!AæòþHäVÇCÐæÁmS(•ï¦  Óéúúúý¯gÈ!lQ%ýGPPÐÀÀ``ëü ùæDAA™™Y~~þ… ØrEWUU9s¿‡N§÷6Oö¡C‡Ö¯_ÏÇÇWPPÀf¤>|f’ÿòå gE<6lˆŒŒ,((ÿ;M{ÿþ}++«äädü»€“ôôt“ÄÄDn2;BfÎœÙÑÑqãÆ .Ë÷ÈÚµk‡ æããÓåÑïf̘ɓ'/[¶¬ËŒÝñüùóW¯^)++ÛÙÙ¡yýƒ~øðaõêÕ™™™Ã‡_»víŒ3àÑæææ   »wïÊËËÏ;ð7oÞlݺÕÓÓ399¹®®ÎÒÒr÷îÝ°p}}½ORR//¯Í¦M›ºü©ÎÍÍõóóKOOçãã322Ú±c‡´´tmm­»»{MMMrr²½½}tttocÑFuëÖ­.ž={6**ª¶¶ÖÈȈM1555**êÎ;bbb“'Ovvv3fLyyù’%KÚÚÚ"##óóó#""º+IÜQïÞ½[»ví¾}ûbbbΟ?ŸÍËËÛ]=YYY~~~ÿýwTTTBBÂðáÃ=<<ôõõ}}}=z$##³nÝ:”ƒö;Cù&|Lý–`Š5ÁÅ •J…ÞMÐœÀa“¡Ø$ƒ ^² -Að}šxW¨^åZ!!!é'?Àœ(--_¸p!ç¡ÜÜ\eeåq×ÑщŽŽÆ›¥¥¥Ož<ÑÑÑyñâEŸ«ÕÒÒº~ýzÿ›7¨dggûùùÑéôÝÿ:¡¡¡>>>îîîK—.ÍÎÎö÷÷ñâÅùóçååå555333utt wlHHÈæÍ›mllÞ¾}»qãÆ´´4˜’“fÏž­¤¤äææVZZêááñüùs¨k‘““=gÎ77·³gÏÚÙÙåääŒ9²££ÃÄÄäÇNNN­­­... ƒÁ`lݺUGGçñãÇmmmS¦Lùüù3ÀÅÅEFFÆÞÞ>>>~Ë–-bbb«W¯fkINNÎĉG½iÓ¦ºººcÇŽ;6''‡F£éêê&%%ÉÈÈèêêöá×½¦¦&))©K%ò;;;++«Ó§OŸ={zýúõ´iÓ444–.]ÚÒÒrúôécÇŽ N™2%99Y^^.mwWRTT” £êêê—.]ššš:}út …BPOMMMbbbnn®„„„……Å©S§’’’†N§Ó._¾}n644Ì;×ËË f¡‡°MÓb¸}ûv55µ¿þú«³³sÒ¤I‡ÎÈÈ3fÌÎ;ÕÕÕñ͸sçÎîÝ»·mÛ¦§§÷¼|ùÒßßßßß¿K'È+W®„††hkkÿõ×_ZZZÍÍͦ¦¦^^^° †aŽŽŽÚÚÚ7n䬡¹¹ÙÉÉiÕªUÝùMu9/ÛåŒr—§GDDœ9s†ÉdNŸ>ÝÆÆf÷îÝ»wïf0€ºººM›6=zôˆJ¥oܸQ\\¼Ë˱Áb±6nÜxùò厎33³¿þúKXX800ðõë×111hè¹ÿþääd'''˜ÍMíƒîçæ •••îîî({øðážžžË—/Ÿl``À3 ¨¨èСCðó‡[ZZ8uÖ«««ƒƒƒœœ"##6l˜5kÖÍ›7áÑ”””¡C‡¦¦¦ÂÈE--­3f¼xñÂØØxÆ ÁÁÁ“'O^³f qI‚Ž‚ÔÕÕÃÈE‚z`aCCÃððp€±±±………  `ZZÀÊÊj„ iii?Êœ@2(F‚F£µ··£ý|||íííüüüø 2× É`ƒ7Ä| á_hWÐh4*• ÿ¢2¤¿ É÷aP̉ÎÎÎiÓ¦}øðÁÇLJÁ`\ºtÉØØ8..ÎÎÎNMMÁ`TVVêêꢤ‰ˆ¼¼¼‘#G^½z5;;[JJjúôé0y˜5kV```||üÒ¥KážèèèY³fá½í³³³ñÙÝÛÚÚíííñõ°MÓæææÆÅÅA¯'Oždff9rä?þÐÑÑ9{öì¸qã^¿~ hkkß¹sGMM ™çλwï^TTg›Ÿ>}zïÞ={{{›'NŒ?>++KUUµ½½}÷îÝkÖ¬¯Å´´´˜˜˜™3gvyãëÖ­îÎœàœ—ínF™ó Úµk×úõëmmmÇwôèÑãÇ—––nÙ²…Á`|ùòeܸq555‹-’8yòäõë×ïß¿Ïy9NüýýùùùÝÜÜÚÚÚöîÝ›žžžšš*''ôäÉ”U'44T[[[QQ‘mjŸ`nþòàÁƒÆÆF+++´ÇÚÚÚÓÓóéÓ§œ5wïÞttt”––æææfff¶¶¶ry¡—/_øøø466Â=оuë4'èt:´%£Fâááùðá,   €ôò”””,,,ŠŠŠº»þ_CCCºÿáa±X·nÝrttD òòòZZZ©©©\Þ ž÷ïߣ¸¦ªªΖx˜˜Èd2mllà&//¯»»;2'V­ZµjÕ*@UUUaaáÕ«Wmmmœ—#(ÙcG¹¹¹!”¯8gÎø¾(Ð&ÌúTXXØÛŽ wÀÍéBãŽØà~èª-ŠÎo°‰&“ øÄ)T(Rz=áwrj%“ ƒbNœ;w.555))ÉÔÔàêêjjjºjÕ*[[[—/^w9C™——w÷îÝãÇËÉÉåçç >|˜-þKÄÅÅMMM£££¡9Q\\üìÙ³ 6<{ö¬Wõt9M‹øôéÓ­[·`ˆ³³³––VPPZîHJJNŸ>=...,, ¾Ñbcc­­­»Œ¾hhhÈÈÈÐÖÖÌŸ?_NNnëÖ­çÏŸ_°`‹‹Kjjª¡¡! &&FHHÉá¹råÊÙ³g322ÍÅÅÅÙæe f”ñ'~þü9((hÅŠ‡ZZZ–––£AAAEEE?~„jw®®®ÊÊÊ'Nœ`»'rrrÏŸ?‡m–““[µjÕµk×ìíí===ccc¡9ñìÙ³âââ¿ÿþÛÐÐ?µßãÜü"??€·h4ê1<999aaa‘‘‘L&SVV¶W:wð™ôðððððÀﯭ­…ðf!œ´ƒQ=ªªªøS~ûí7sŸ,‚F£±X,¶ÅÅÅ,‹mÉQEE%%%…ûÛA˜››'$$ôXìãǼˆ8>j}}ý¡C‡Ž;VTT$$$DlCP²ÇŽÂ+ÒöxE”ÓÙÜ·~ì ÍþBç%èàGfpggg'´"ðâ°dìÉ ‚Ü–ð¢±øUä…g`—&ð‚"+W®LLL„/Ÿ_¼Ø }V=‰ŒŒ\ºtéÕ«W{Ì^÷ýÕºÿúà?!ƒâV˜0dÈ##£ÿ¿•jiiYVVV\\Lp†aüüüNNN_¿~ÍËËËÎÎ5jÔ²eË Teptt¼wïT¯‰‰Á{1  ”>|Ò¤IÐoÏ‚ JKK¡“––V\\ìììÜemãLJ¶@VVvìر™™™;;;!!¡ØØXx(66ÖÖÖ–34¢¬¬lÉ’%»wïfs¸"Î(›˜˜ô8£üðáC&“‰$˜h4>­}||¼‰‰‰¸¸xCCCCCƒ¨¨¨¾¾~w³l,Z´Ù?0J8##CLLÌÚÚ:..Sà7ȹ&çæçÏŸßØØ/ææ¹ï„Á`È!€ŠŠ ´'77·­­ ?ØEØÛÛ?|ø0..®¦¦¦¼¼͵sŒØ/ù_,§÷0ìRaaáòòrü~â_ǽá-úô ¿3''gP“ÖÁ„²²2´'++ }Þ½{w@@Àúõë ÷'%{ÕQ=^ñ'wæfó;GÒE (X^^^$°CB2àóH@ï&>dÿЂ^”3fÌÞ½{áç_}9/6C@JJŠššZÆ`,‹K5|¯~¾ÿÿ# ÊêD~~þ„ ðäP~¸´´”Ày‰B¡dgg£ÍÑ£G¯[·nþüù7oÞìÕøakk»lÙ²¸¸¸+VDGGÛÚÚÒ-ì>H§³É*«¨¨<}ú”­Ì¬Y³DDDbbb&L˜#..ŽtuØ`h@Ÿ(:nkkšžž^TTtäÈÎÓ/^¬¢¢bii ý%ÚÚÚššš %%% ²¹ŸQ†3ø[F nii)---))aKÑ¢¡¡ÑÝuñào\IIièСp¾`Á‚¸¸¸´´´ñãÇÇÆÆΞ=›3QIsó? è»’œœ ?à³Á™ .--íÝ»wHAš‘\¢©© ÈÈÈ@Ž@ïÞ½óôôܾ};±~¶ŠŠÊÝ»w?}úçË¿~ýšžž—ú†´´´„„Ä;wážÆÆÆׯ_ãÍÎfeJIIÑÑÑ{ çäìÙ³666HŽ c Jöª£¸¿âÏå[Æw>&€;:: W-Pl2j‚ä»7tN*>™x‹¯æDº9‘|ežŒN§sÎPŽár@G‘†††¾5CTTÔÂÂ"::º   ==ÝÑÑ‘¸| œ´´´à7¿|ùÂF)((8{öl8Ë;wîÜ’’üæ›7oдî‚ Š‹‹ÓÓÓcbb †™™çéYYYOŸ>ñ÷ïß߸qcĈÄùí¹ŸQ†³àø’П'æÎË6AŽØ€¿ñÏŸ?×ÖÖÂGeÆŒâââ111ЈZ°`ç¹=ÎÍÿ(LLLôõõÞ?ÞÑÑ‘••µeË}}}¸ø WZSRRª««544ètzBBÂׯ_ Ö¯_Ÿ’’ÒÞÞÞÜÜÌÍ…FŽéèèxáÂ…{÷îµ´´ÄÄÄ8::ö¨¢ëååÅÇÇçààpûöí””;;»úúztTBB¢¼¼<33“Ëf@þüóÏÔÔÔ'N477WVV._¾œB¡t—üd@033ÓÓÓ KMMmmm½rå ~aÊÀÀ ==ýÇuuuÑÑÑP½ ¾¾%%%322àRAIâŽbƒøŠÜcjj:¨fXwàõs PBå ããモœüüüß$!dÐÆ<”w®] ¯'øР¬Syy¹¥¥%Á'ËÊÈÈpvvVVV655½}û6þ”cÇŽýþûïjjjüñ‹5“ÉôòòRWWWWW÷ññÁ¯¬FGGO:UJJJOO/44Mw999,,lÊ”)£Fòööîîeþüùs{{{UUUKKKv½eËÀÊ•+Ñ f—%‰9xðàêÕ«óòòœœœTUUÍÌÌ``g—½ZWW·zõj]]ÝqãÆùøø|ùòî÷凶oß®¡¡Áb±º«– žî¾G’aP̉Q£F½yó?îLMMe0ÄŸ±±±øÙ}(nÓŸÜŽŽŽ>Ü·oßСCa 11±ššô3ÿüùóÞÖÿæ͔ȂÅb=xð Ë…” À%…ÂÂBÎXR|mh˜ÒÖÖ–––†f²ÍÌÌ FLLLllì¼yóxy»XVzüøñ{šššïß¿G±ž]‚f”Ñ8£ŒbÇÐ}<99íA/P*•ª¡¡ñèÑ#¹o 6ÌÏÏïܹs—Fà¿ôGoSøÐD‰‹‹»xñ¢œœ[>š›G—nlltuuí³Ü@A¡P.^¼È`0ôõõùùùÇŽ;lØ°+W®À£úúú†††^^^[·nÞ¶mÛÍ›7%$$TTTŠŠŠnß¾ÍÏÏϽÂÏ‘#G¦Njbb"$$4wî\IIÉëׯ ö”r^]]ýÚµkÕÕÕÓ§O·µµÕÐÐppp@É.ìííEEEõôôzõ±víÚU«V¹»» KKK'&&&$$Œ9’ûz …B‰‰‰:t¨¡¡¡  àÒ¥K‘”ÀÏÏOLLLMMM\\<(((11QOOÏÁÁááÇ€eË–¥¤¤À$‚’ÄÅñ¹çÙ³g¯^½êGÇôüD/òP‡¦ÞÙ‰Íó„„dðà|äÐc9¨RN‚‚‚S¦L¡R©xA‘ššKKËÖÖVGGÇ/^Ìš5 ÍHº»»¯\¹RHHhÅŠ•••ÆÆÆ]*õutt;wÎÁÁaÁ‚—/_666†Áu¡¡¡NNN{öìùý÷ßýýý‘¶~NNN\\œ™™Y{{»Á‰'ÌÍÍ­¬¬† bcc“””…7X,V\\Ü’%K"""lmmÍÌÌŽ=Ú¥gDBB¤I“rrrÜÜÜTTT<<< 4"4àUOº,ILNNNttô¤I“†êææV^^ngg———ÇÙ«_¾|ÑÕÕ 722‚'N„2åH’;((häÈ‘ ¥»j êéò{$0°Aàýû÷|||sçÎýüùsssóéÓ§yxxvíÚzyyÉÉÉqžU]]=tèPŒŒŒ¦¦¦{÷î)((Œ=šÅbaöâÅ‹‰'^¸p¡Ç«‡……JKK1 khh¤R©K–,Gáda[[†ap°ëêêš““#%%E¡Pþùç ü½½ >_.˜êééõØbs"88X@@@ZZð¶¶6˜Ôº¢JHH îb£¤¤dæÌ™prhâĉ0Ì´¢¢ݳg???l¿¼¼<|·r^|壙x---ü0º³³SQQ‘B¡@£ÒÞÞg”W­Z…aXmmíìÙ³Á77ÙiÓ¦½}û–Ë^ú/sôèQƒññãG¸ùöí[:Ÿü|÷î]!!¡Ç÷³N{{{YYYøùÁƒBÿ‹¬¬¬••UFFF?¯2¨trðÝ~6s‚F£u|Ë»ÒÞÞ Ä0ÌÛÛ›F£Öãï¿ÿ q0ÂÁÁN§ãoáåË—………Ð?ùÊ•+h?Œ‡üûï¿á¥¡R3<´uëVÀ‡à&L^ôñãGøÛŠŸõhhh P([¶lÁp#8V9tèj- GÜ·oö¿æqI6ØÌ :ŽÁô—°¯ØzU^^ÞÔÔ´ǤI“&OžŒ®~àÀTAµõ`¤91h –9a“É|öìÙÇëêê¸?‹Åb½zõêþýûœÿ{ƒ:Ž±é IDATDUUçL<]MÓZYYM™2ðŠŠŠW Ž;ÆÇÇ÷ùóçÛSYYùüùóÖÖV¶ýÕÕÕT*õøñã=ÖÀ%ló²ÜÏ(·¶¶Â9õS§N!£ RWWwÿþýGµ´´_Ž“ׯ_ãm„©©©©©)ç~üÔ>Ö¹ùÿ,ååårrr"""NNNNNN3fÌà|ðH~HGåää jý}æíÛ·p­u×®]Ož—û7Ñ·ˆˆˆ°°pvv6\íGpÙDPjkki4G)ƒØDƹ1gS‹ùúõ+›º&Ò2a Mäü½æ¾$'Ýõ(èbccÃöáí*R” Ú>ÔC2 üÔ èÿÖ®]«­­ýæÍ›M›6õ­†+W®L™2eË–-6l |ldeeÿýwooo##£åË—ëèè¼ÿ~ðô›[ZZॾ¾þ¬Y³é*ÿqDEEíìì:´gÏ'''~~þÝ¢Ÿ²£ ÏŸ?¿yóæÊ•+ÙÆÍóçÏ÷ööÆ¿êëë}||´µµõôô¶nÝŠ=ˆÃ¼yófæÌ™¿ýö›‰‰Ihh(ÒuÁiii ]ª*++¡p’’ÒìÙ³aºwÀž={P†@CCƒ¥¥%”üâR§KºÛIHH€INƒƒƒwíÚÕå‰]êüdeeYZZûûûëêêêééÁ‰^€§§grrrYY™¥¥eNNÎëׯíííaú'N,[¶,//oñâÅ0I+q—ö mmm*•JË’¤G455JKK‘:HBB‚‡‡›uÐÖÖÎÏÏG‰M‹‹‹eddNœ8DÆQÉîDÆ{ŸëñãÇÍÍÍlj1Ük™ ¶êI?]¼’ÞBš}gáÂ…ÜÈèèè,Y²¤¬¬¬oÙ3ŠŠŠFFF™™™ƒ*¸É çÏŸ¿ÿþ´iÓÚÛÛW®\ùìÙ³AšðòòNž<ùĉ?&µÃIH~^¼x°¶¶æ<„6]\\îÝ»gooßÙÙ¹eË–Àýâ0¯^½Ò××ÿôéÓúõëUTT9ÅÃÃÃ,X````ff†aØôéÓ?îèè¸hÑ¢wïÞ@ììì{÷ÚÚÚá¸Kaœ.o°K±ƒUïÔÕÕ•””8OìN秦¦&11ÑÂÂ"55uÁ‚JJJ[·n…±:::  шˆˆTVV—€wïÞݸqcúôé7nÜ€¿)}ÓÛé’˜˜˜ÎÎÎA•bûuÁëJ°|ùrIIÉÍ›7—””TUU…„„øøøŒ1‚s*FYx{{—––¾xñbÙ²e4möìÙÄ"ã½"..îÀ_¾|ÉÊÊrww×ÒÒ‚2bq¼ yŸɉÁ÷ê¦M›ÊËËCBB333ÿøãÈÈÈ &ô¶Nâz¸üIzÍó³"!!!!ù•ðõõpJ´á±xY*uuõÙ³gc=‰ÃXXXÈÉÉ}ùò‚äååå(vâäÉ“T*uÛ¶m°\‹8|ø0ܬªª200€jr®®®ŠŠŠ¨ÕÕÕ=Ï¥0ÛM‹í@­¹ÔÔTÎÞ Ðùåàà€zC]]ÝÖÖ~ÆÇNà%@¼½½ëÖ­ƒì•ÞgìÄ‚ }š­IÄæ7Â8l7E,¶C`NèüÀŽB:¡†988ÀŽÂÍ 4¸ì•Þ§9! ü yyù™3gþ´?= Š ÚÛÛ³²²’’’z•a±X¯_¿~óæ › ±Èx@sâÀÙÙÙ=¾- ´L[õ„­W ]zE„aHúéìDBòÈŒŒ¤Óé(w¸’’ÇСC Îœ9ƒu•P¹  `äÈ‘ ãÒ¥Kß·Õý¢©©éÇmmmœ‡îß¿O§ÓQNCGGGaaá.3C_¸pN§ËÉÉA}Æ_…¼¼<è¯Ò[Ö®];x^…½z×À‘4)))gÎœA›xí Æb±p¤ëáá!ò ¨ ^[[[RRÂb±ðŽBBB(ÐsÛ¶mŠŠŠ×®]«¨¨€{DEEoÞ¼9bĈE‹ÉÊÊjkkïÞ½»³³“³mß2 C¤¥¥‘ÿ$tAasïáüËÏÏLž<íQPP ÑhÈñ½;`­¢¢"ºe¸ÂƒžèOÂÖQÄHHHÈÊÊ¢úA7]Úc=€#GŽ ;¤¸¸øêÕ«?­ÀÏ€°°0 &†——WKKËÔÔTFF†¸$¦¦¦††^y@¡PTTTLMMû)1B¡PFM %‘——733=z4ç!iiinJö ¶^…‚.“&MêgˆA=Ü$ÜóouÏËËÇ¿”IH~ X,VSSë0™L…eË–ÁÍOŸ>ݾ}{Ñ¢EL&såÊ•lçÆÇÇçççŸ9sÆÜÜü»6º¤¤¤Ìœ93++‹ÓãV\\ÜØØXTTP\\|ñâEWW×?ÿü“³’())………ýZbcÆŒñññ îù]š”ßhNܼy“Í¡™ÅbÍŸ?_YYÉu)>C ÓÜÜ €ËŽŽŽÚÚZ111¸yäÈsssMMMOOÏØØX¸ÓØØøÁƒ%%%ÉÉÉQQQ¾¾¾ëׯg».JWLÐ6bzÛé˜î·ÁÓ½’âß°:1f̘ÁÓ"!ùžŒ1bÍ7BBBž‹íp¯óÓ7[o‡ä…F£ýõ×_'NüÑ !ù¯ðo0'HH~,---þù§–––´´´©©éƒÐ!—óçÏ_»vÍØØøòå˽­Y@@`Ô¨Qœº7n¼~ý:“É´··øðá»wï,--?|ø°}ûv è/‘ššºf͚ѣGOž<ÙÏÏ/;;ÞÜÜìççg``0gÎœèè訨¨Í›7ÃCŽŽŽgÏžŒŒ477?~<ÌC¿wïÞ &À¬#øiò.å/a%111111fffjjjNNNP^=::zË–-€•+W9r„í¦&òfmm­½½}MMMrr²½½}GGgþüù¯¿þ211ÑÐÐpssC3ÙˆˆssóÉ“'¿zõÊÅÅ¥²²ôR?´;]΃®^½://ÏÉÉIUUÕÌÌìÆ€òòrKK˶¶¶ÈÈH¤VTWW·zõj]]ÝqãÆùøøàEQ›šš|}}'L˜0cÆŒ“'Oþ$K …ròäɶ¶6}}ý#GŽddd<~üxÆ +V¬022Z±bñéÄâ0~~~iiiÇŽ«­­ 111‘““Ã×àëë«®®îááñõëW]]ÝôôôàààÖÖV‹uýúõ‚‚}}}€žž^CCÃâÅ‹ß¼yÔO˳Ïb;Üëü°!!!Q^^ž™™ ×mºcôvH~uxyyýýýõôô~tCHþ3 RLFSSÓš5kÔÔÔÔÔÔÖ­[÷òåKt(**jÊ”)’’’ººº»wïf±Xphh¨««+*V__oaa‘˜˜ˆaØV­Z•››ëèè½ 0 +++³°° R©ÊÊÊóæͤ{!!! ££câĉ;vì8yò¤µµ5…BAq¨òòò“'O¦R©ãÆ{ôèÛ¹xù 䥥g̘/P]]- €Òy"Ξ=khh(""²}ûöׯ_ÉҩS§òññY[[³X¬ììl½{÷†„„¨©©‰‰‰}ýúÃ0‹5~üxqqñ+V,^¼˜F£ÉÉÉéêêš%$$”””dddþüóÏñãÇôôôdddÖ­[çààØ»w/,¹téR*•jmmfnn. €Ôr$$$ÔÕÕeee·mÛ¶aÃAAA˜üõñãÇüñÀÓÓóÖ­[l7…âMÓÒÒ Òå²eËbbbðe¶oß.""2iÒ¤íÛ·wttpö°ŽŽŽ””ÔºuëŽ?3– JvîÜ °µµõ÷÷ÿí·ßàPæb_¾|¹˜˜˜ŒŒÌüùó]]]yyy544ÄÄÄæÎëãã#**:iÒ$XÉõë×i4šººúÎ;W­ZÅËË»téRxhùòå ƒÁ`¬X±bçΣF¢Ñh¹¹¹µµµÛ·oçåå566†X[[«¤¤$**êå嬨¨¨¦¦VQQa0òöööððd0jjj=>ŠßŒŒ ¼³ßúõë‘gVlGGGÔ~q‹åçç‡ÆÙFFFeeeGVl¨»dÉ Ã:ÄÏÏÏÃÃ#((˜={6Ò;²±±õŒ=:>>ž‡‡…bs#ŒÃy×b;¡ØX÷:?œåììŒ:êñãÇÐßýÁƒl¡ØH“§Ç.eƒ3ûôéÓ]–$!!!éƒbN°X¬qãÆ :4 88XYYYLL¬¤¤ðݻwÜÝÝÃÃÃ}}}ùøøœáYÄZ\þH“|g`øiRRÜ„BÆ ƒyyy …rÿþý.Ïå4'455~cõêÕPÏþÔ©SœçzyyÉÉÉÁÏÐœÐÖÖF*"û÷ïÿí·ß¢œ#OIIÁ0ìäÉ“ åÎ;ðP~~>4<঄„ƒÁ¨««ƒ›"""htÕÙÙ9|øp{{{ŒPþV"!!QUU7xxx 6ȵk×YYYœw„3φ ¶víZø™­‡‹‹‹………‘ÞbKK‹„„ÄÊ•+1 «¨¨€ÚÿðPkk+œZFæàB?”X—V ½zõ 7Žáš5kxxxŠŠŠàfII F ƾ=QÈ"-))¡Óé?•9)//¿{÷î«W¯Øi¸@¦¡¡!=={5›ÊÊÊû÷ïß¼y~xªªªrss{Û6ú,¶Ã½ÎžŽŽŽÒÒRô¤3àz;$$$$Ü3(ŒáááÏŸ?¿qㆥ¥%ÀÉÉIMM->>ÞÉÉ)00ÐÝÝýرc°äðáÃ===—/_ŽWÌè’ÊÊÊèèh˜`ÈÒÒRKK+==}Þ¼y6lž)#Ì®Š¤! àòGš„ä;“ŸŸ?a¼Æm É1cÆp_›¹¹9Òm¬®®~òä —¶Û…êëëwìØ¡¨¨È`0Œ_¾|‰ÀE›: ^ÙJ¥v©¡Ù[ùK7 ˜}ƒ­‡ãââLLLètú˜1cöïß¾(ïƒ ²Ý87ú¡=êrâõyxx¨T*›J) ¥¥¥´´499YÇãÇaï}üøq„ BBB¨<ùëHBòÃé•wôY6š6lØ0bĈîŽvvvšššÂŠ^‰•WWW?M!uɵk×”••&Nœ¨¨¨¨¤¤tòäɽ¹ÿAAA)¹áÄ}}}Ù~æz þ òòòêÃ$ÂAYøøñ£¦¦&>ôM[[¸–îfû ææGš„äûC§Óaœ1"''p U¿3»wïÞ¾}ûÁƒ---^¾|‰bò`Ö[|á?â7‰5gàï ü%üð=g¤ðdggÛÛÛ;;;gddŒ5J@@@YY¾‹ tæ§OŸö(L&€à¦Í=êrrVÂ9Ú Ñh4ÍÆÆ&44¿êÞ ³½³²²zl É Ò+!ïélt´¶¶2™ÌîŽ=z”‡‡®öJ¬\YYÙØØxóæÍaaa]Öœ––6{ölSSÓãÇ3Œ‚‚‚ÐÐP777˜¡r ï&Mš„&}ðâ#GŽì§ªþ RUUÅKetÉ üä âåõµµHºí'îîQ)¼oS$$˨Q£Þ¼yƒ·(RSS †‚‚ÂlÕÙ³gmllV¬X¡¨¨H¥Rñ®2***999¨Á_¿~MOOïmýƒ-ÙgÂÃÃ9¢««+ ðåË—ÂÂBø®€“Ux­ÏÛ·o÷¶þÑå¤R©=B• 6ÌÏÏïܹsðùùù%%%°pkk+ŒT!!!ù±p/äýÓÒÔÔ¸nݺî ßãÚµk<˜——×å¹G¥Ñh.\055ÕÒÒ²±±III‘••åÔñ("##—.] ?ãÄ—-[vöìÙºÊÊ•+°¶+ƒbNhkkççç£ ¶ââb™'NKw¸R8 Éw`íÚµ|||^^^•••---gÎœILLôññù±kƒôôô>ÔÕÕEGGoܸP__a˜——ŸƒƒÃíÛ·SRRììì`°A¯èü% %%…mÆa Ð××onn¾zõjkkkzzºµµ5•JmhhÀ0ÌØØX__ÿ¯¿þ:pà@VV–¿¿|||oëï.§¤¤dFF\ Ú´iSyyyHHHcccffæü å’|||xyyW¯^]VVV__ïïï_‰µ¶¶î2S8 Éw†MÈ›S´:77wÎœ9 ÊÊÊ‹/†ITº”î²$„Édzyy©«««««ûøøà×*£££§N*%%¥§§ÊËÆùóç[ZZìììúvZZZjjjè²pQQ‘°°0> 5Ohh¨™™ ­­ÍÞÞ>999,,lÊ”)£FòööÆë hgw× ‹-:}ú4§€ø©S§ < $<<|âĉ¿ýöÛüùó/^¼ˆöw)§Îù?~_[wÝÞPø„A1'¼½½i4š··wiié‹/–-[F£ÑfÏžM,ÝÝg¥püôË—/ #""ã¾HH8QUU½xñbRR’´´4N_¼x±¯¯¯··÷m•ŸŸŸ˜˜˜ššš¸¸xPPPbb¢žžžƒƒÃÇÕÕÕ¯]»V]]=}út[[[ ‡Þæп~ýzaa¡‚‚‚´´t`` ››”a%F__ßÐÐÐËËkëÖ­}½9"ìììfÍšåêê*$$ôûï¿/X° (((66võêÕT*5>>^__ݺuãÆ»ÿ>œr£Ó齺đ#G¦Njbb"$$4wî\IIÉëׯC¡Rb–-[–’’bhh˜={öž={EDDôôô¢Ðh4êT ÝÁÄÄdãÆݺ þ®÷ò–Z=~üxccã––üµ¨¨HIIiÙ²eø+5l´œ5O:…úã?pRNNNÿ駟*++Y,ÖÂ… ÉâáˆÕ?&dMNBrww÷÷÷'¿v!XùÆÑ_ñµ%´´´Lœ8ßÅihhŒ5*44”ËåâÔææf„P=È«1žO#&'vvG•@„®®îòåËñrjñ   ‚ ***ÔÔÔ¨sš¹ºº2„N]âZ¼x±±±1Aò«]~ ð/^w5'‚‰D™™™¯_¿–ˆJ.?tw×"…Kü“täçŸ600ÈËËÃ_ß¼yÃb±p»ýËVVV¦¯¯ÿ ÑÖÖæéé9jÔ¨[ªÏ‹ôÌkÝÁØؘüGÀ'ÂÐÐPAAAý/ººº<{ö,¹‚™™™§§'þ, Èiµ0777777ü™¼[•¿æÔ©SY,uî‘´´´‚‚‚ÈÈH„Ðï¿ÿN.Ç!¼CCC‰Ž›íííjjj6l —H7'ä#AçÏŸGÝ¿¿£ŠÊÉÉ9räÈôéÓqHY&“yìØ1â¯æõÑUcc#FÛ¼y3®½‘#G6P <ß÷wT D'š¸¢p‹+..NMM¥˜Ëå&''ãÆ9¿ªÌæ„üj_¼x1‹Å"“D"ƒÁزeKGõ…é–ÈNƒÁÀÃ%ÈÝݵHá·«ÿY“&MÚ¾}»³³3~ËëééÙùp´Ÿ/6›=bĈ•+WFGGã‘ÐÕÕÕqqq»\€ÏèQ£ÈN/2‘A«‹ŠŠD"î¾H²±±‘¾àÈ_óƒÄÉ$477ã ‘:òÞcÄÓÕ××w´‚µµµµµõÒ¥KÅbñ½{÷–,Yäç燧3¢Æoe±XFFF8vvqq19冧*ê¨:‡ï£ÇÑ/B G=~üxaa¡ªªjgÆ¿áÜäTû9éÇ æøXØlvffæéÓ§uttØlö‘#Gðœt»\ÿ†óçÏ?|øpøðáB¡000 ,ù- IDAT0))©›fÖû²544¬^½ÚÉÉÉÕÕuÛ¶m%È^JJÊ”)Szõê5vìXÜ“#âôéÓÓ§O·²²òõõÝ·o5z}zzú¬Y³\\\æÎ+„ãøñã#FŒ°µµ={vRR¹\zä+ŸÇR:†¸ô2ò×ü q2IøŽ\b_WUU’š“!TVVfccCe‚Á`Œ;vÕªUx¬,^ØÚÚJݪ®®ÎÜÜÇΞ6mZñÿOˆÑQ%t¦´xêæ---øë¾}û‚ƒƒ×­[—ŸŸßØØxôèÑ÷æöÞjÿ/Ç …æÿ9ššš~~~G=pàÀôéÓ©8¾l cðàÁ›7oþõ×_å?¥™3gN||ü”)SÚÛÛ7oÞL†y¹uëÖàÁƒ_½z5þ|›¥K—’áPvïÞ½`Á‘HÜ«W¯ 6Ì›7'½xñÂÓÓóÅ‹_ýuii©··75¢ËÂ… UUU—,YÂår½¼¼nÞ¼‰“$F¾þ‹À{êêêâÎXSSSff&9ÿO'×ìZœÌŽ˜˜˜¨ªªfggÿ“CËÍÍUTT´³³“XÎf³+**¤á´··#„,,,ð×ääd2éÉ“'|>ßÎÎN~ììŽ*¡3¥ÅïâããÉ%£Gž4i’N½#]«öÿŠÜÙ Àgßôüïÿ#—ØÙÙMž<™ ˆÖÖVKKËÁƒ“]œñ Ŭ¬,‚ ¼½½çÍ›Gn ¯¯??^SSó%þ‰{-ã 7<ˆ“Äb±··wß¾}ñW‰‘¯t+CCÃqãÆÉYÁÌÌŒ:0`Ïž= ãĉ---•••3gÎTPP ‡†šššŽ;ÇZ³æ»wï˜LæÔ©S‹‹‹9Θ1cÔÔÔ ÚÛÛÝÜÜ,,,ž?.‰ÒÒÒ,,,Èr†b1ÂÕÕ•ü*=vBþ1èàà 3iïÞ½¡3f$%%ÕÖÖfgg>|XCCÃÝݽ½½@………ñx¼´´´Þ½{÷íÛW ÚµkWcccjjêÌ™3étú£GäTщ±A 8°GÏž=+++ÃÃÃà ‚˜2eŠ©©ivvv]]Ý¥K—ðHÈÈH|£þ@äØ ùÕ.?hÐøñã©×À/4't nNÄÄÄKüüüúôéC~JwôèQr$eNNBˆûN„H$*((ˆurrÒÐÐ ¢¥¥…F£á ¹Ž’’þŒcŽy†††"„p$1êÈWºÛßmN´µµ­X±ýÇRWW—æKüÿ)å¯Ù…8™rš;wî¤îBsbäÈ‘ÇIb±x×®]Ô±¬L&sÆŒ<øk(ö¢E‹ð¯t:ÝËË‹ïÀJJJ¸G–™™ÙÅ‹ß[ iN”••‘£˜Læš5kðò””„F³··çp8ø~BAýÈæ„üj—ßœ044$_$hN𔕕©©©©©©;wN"©´´”Åb©©©‘‘ã>Eê\¾|¹µµõßÍmĈjzzzžžžÑBdjjjÊÎÎÆÏ®À§7'’’’È%þþþ¶¶¶Aàn ÒpØ–ÌÌÌyóæá~Ìl6ÛÞÞ7'^¿~:räu/=zôÀÿƒÉ “233 ©»7>A\.÷Áƒ!. ©ˆ”rÖìZœL™ÊËË™L&õ窱¬TTT|ðàœuSRR®^½úøñcêâæÄáÇÛÛÛ322JJJ¤·•;»£Jè¤ÒÒÒ””jÄpLN8õŽB†v¡Úÿ º1²ÿÄ_WÉ‹/Κ5‹š…‡‹‰D¢S¸®ÂWéå½zõ¢ökï$>Ÿ¯­­½iÓ&œsIIÉíÛ·çÌ™CÄœ9säl7qâÄôôôÎÄÜÿ™sŸãG’gÏžõöö–^ŽZDGG»»»ëèè¬_¿þرcdjii)¹>Ç#;Ikhh¨««gddHÌ1ohhø €î¡¯¯'ê•&‘RΚ]‹“)“‘‘Ñwß}wøða//¯ÎoE :thGåÄX,–«««ô(Fï¤ihhxzzÊLê¨:ÉØØXæ8uê?F <ÕQÈÐ.Tû Åàpqq‰Åó˜’._¾ìââò±ŠÔÏœ9Ó… uuu,X°`Á‚… nÛ¶íÉ“'úúú/^üà% þOŸššJ¦ljjš;wnVVVrrrVVÖ–-[ÆŒƒ)’£MLL´´´¨Ñ3ãããñØMœgcccII ™ç­[·–.]*ѺtÞÖ­[SSS322þî†áááxL 9ÀðÕW_qõêUrIIIIbbâ”)S¨«Õ××/[¶¬_¿~ýû÷_½z5õIeeåÎ;½½½íííçÏŸE&q¹Üƒ:´gÏž“'O~ûö-^~àÀ€€rµÆÆƱcÇÞ½{!”••5vìØ·oßîرÃÞÞ¿‘³wù‘:I'Nœ cõøûûGFFFFFúøøØÚÚNŸ>½óñ™L&ž/ !´eË–)S¦P_†„……Mš4)""bóæÍ¡ÀÀÀððpœÔQÒööö+W®Ì˜1ÃÌÌlØ°a8(;ø7Y[[ûûû_¸p!>>¾µµ522Òßß¿   oß¾ööö,ëÖ­[uuuùùùëÖ­‹‹‹ …|>ŸF£­[·.99ùèÑ£MMM¹¹¹;vìPTTÄy.^¼XOOoÓ¦MÅÅÅUUU»wï^½zµ¥¥¥Ì×#€Î`±X111[;£ººú·ß~ërpm&“¹sçÎvmsð©ûhݬø"à~‡=z´¹üÀ8(Þ… ‚àñx={öÔÔÔ\±bEHHˆ………­­mEE^ßÅÅE__ÕªU'NœÀaì"## ‚hoowvv¶³³;|øð¶mÛìíí555›šš‚˜;w.uàŽ¥ç·Æãb==='L˜ ‰äìÃáhhhôîÝ;$$däÈ‘,KEEEæ´ÄÔiºººvvvl6{ûöí?þø£ŠŠŠ‡‡‡Ì*4h““ùµ¹¹ùÌ™3t:´ÃñþÈzôè1qâÄ'OžàÉõ¾ûî;<0ñæÍ›L&ÓÎÎnÏž=AAA ,À›lß¾ÉdnܸñçŸ7nN§Šô¬ØäØ ‚ x<ÞäÉ“Ñ_áí‡þæÍœtèÐ!:Î`0üýýãââ´´´ðhѶ¶6<-F£Ñh¡¡¡...äé÷ìÙ3EEE÷îÝ£lÁAbbbCCþÚÐÐ@žAÇÇÇ×ÖÖJg( ÓÓÓcccÉ“À'†bðaøúú.Z´(::zñâÅ………IIIÁÁÁÔbbb¼½½µµµñ|ÀšššnnnwïÞ 633khh@577&''·´´„²²òÎ;UTTÆŒcddDX¾ùóçÉßûªU«þøã???‹…×üöÛoƒ‚‚:“ÿ¤I“Èà}}ûö‹Åùùù2_…’µQSS“––véÒ%¡P©¥¥5a„èèèÐh´ÈÈH é>iiiùùù«W¯&'C=z4BèîÝ»¶¶¶æææׯ_ž>}zŸ>}¨ý À¿ÌÌÌÌÌÌLz9“É0`ùU]]:Ò™¡‚‚ŒÅ€Oô@àÃÐÒÒ=zôåË—Bø.yÔ¨QdjkkkIIÉýû÷5(žwïÞ¥Ñhø“Éœ6mZttô•+WLMM% ˜œ8¤B¡pâĉüñ‡ššÚرc;¶téR‡# »û(Í >uuõqãÆ………éèèŒ1B"uãÆeee»wïnjjâp8³gϾxñ"îMîææÆçó¯_¿.ž?>aÂ:ŽÇF÷ë×ïùóç!!!@$ݼy3??ßÍÍ !äêêÚØØøí·ß¾~ý:**jëÖ­ä ií]~¤Î…ÇãúË‘#GfÏž½k×.___²»ü¬Y³ ~þùçY³f‘/=pgª¸¸¸êêj9qHµ´´¶lÙ‚_ªäåå]¿~ÝÙÙÅ„ æÏŸÿaÿÏÇ À玌섿^¹r!4þ|ü•Ù‰ ˆ())á›~333)• ˆ¶¶¶I“&)((ÐétuuõcÇŽíرƒN§÷ÝwA=zTII‰Á`à“'OA´¶¶~õÕWøÙÁÁ!&&†Á`P#;ÅÇÇS‹*gïr"uRIDvZ»v-™tíÚ5„ÐË—/¥·4hõš£¦¦æææ"‰ÈuÚÛÛ-,,h4Znn.¹P(âmƒ‚‚¹qH_¾|iaaÂÊmllp<(‚ ÝÜÜÞó+ «heö(@wkhhHKKc0ýû÷WRR¢&UVV–••õíÛOú[RR¢®®®©©‰ªªªzóæMKK‹••u«êê꺺:kkë¸÷’’’wïÞ999iiiýÓƒì„Pll¬ÄòÊÊJMMMeeeüµ¸¸8++‹Íf;88PW™™™åååÆÆÆŽŽŽü d‚æàãËÉɱ³³‹‰‰!ß·à³Í ÀÇÔÚÚ:bĈÜÜ\KKËÄÄD9Ã?ð ‚¡Ø€IAAaÈ!¿üòË“'O -|vàí ‹àí ‹ 9è"hNºš€.‚æ ‹ 9è"hNºš€.‚æ ‹ 9è"hNºšt/±X\TTÄãñ>vAÀçJ$ÖÔÔÈLåóùÿry>_PWР9@w‹Å'Ož?~üŠ+¦L™2oÞ¼·oß~Ø]¤¥¥ÉLÊÉÉùú믥—ß¿_ú¦ª¦¦æرckÖ¬Ù»woQQ^X__±yóæ‹/ …B¼ðíÛ·‡Þµk×Ó§OÉͳ³³=º{÷îgÏžµ··w¦ä7oÞ5jÔ… ¨ 7mÚ4jÔ¨¼¼¼Ž¶ÊÈÈÈÏÏGUUU={öLfžØ„ ‚‚‚²³³;S’ÌÊé&™™™ÉÉÉK–,éhìììµk×_¿~ýôéÓ+V¬ þ­­­«W¯ž;wnG›Ë?œS§N>|øÁçä3­«={ö<þ¼ æææNŸ>!zùòe9™ïرƒü«™9sæÞ½{ÿQ¡Br/M‹P(œ5k–X,þçYº4'è.ÇŽ{ôèQxxxLLLLLŒ““Óúõ뛚š>à.¾ÿþûž={v”J„ôÂ={öÔÖÖR—ˆÅâeË–577ûúúŠD¢ï¿ÿÿóÞ¹sgnnîÈ‘#_¼x±wï^„PUUÕš5k ú÷ïàÀÇ#„ŠŠŠV¯^mddÔ»wïýû÷ÇÇÇw¦äb±XAAáþýûä’¦¦¦ÔÔT‚ d»~ýzbb"BèíÛ·§N’ÎÓÊÊê÷ßÿý÷ßOž<Éb±vîÜٙ¤+§ûõèÑCÎ ±±±§OŸ^»víîÝ»W­ZuðàA%%¥cÇŽárssóòòΟ?ßQògÔ¨Q'Nìrù?/Ÿc]‰D"‡ãääÔ…mŒŒV­ZÕ™ÌÅbñ˜1c"##¯\¹²aÆššš¥K—¶µµuµÔÿ—üKSçq8{{{ƒñϳtÆ–-[>vøq¹Ü;w†„„ØÚÚ"„”••]\\²²²LMM êêêÎœ9sýúõÂÂÂ^½z)**–––>|øÏç_¸p!==ÝÚÚZEEåÚµk­­­FFF¡ªªªˆˆ ‹k×®±X¬Ó§O{xx$$$©««óx¼ˆˆˆäädMMÍøøxKKˆ††û÷ï;::FDD$%%kjj^¼x155U ØÙÙ©¨¨à¢æääÜ»w履~êѣǠAƒ.]ºÔ³gÏêêꨨ¨£GZXXôë×oß¾}3fÌ8uꔩ©éÂ… ­¬¬ Fbb¢··wTT”¶¶ö¢E‹lmm[ZZ8ÎðáÃß[?ÙÙÙÍÍÍ•••ZZZ¡?ÿü³­­­²²rܸq:::"‘(666::úíÛ·ªªªzzzÉÉÉwïÞ­®®f2™<(((@988Pó|÷¯¢¢"‹Åb±X·oßž>}:Nçr¹7nܸqã—Ëe³Ù***qqqiiiööö¡ÄÄÄ/^p8jåGDDyòÄØظ¾¾>--MGGçìÙ³={öTUUEÕÔÔ>|·â¶lÙòüù󪪪'N]¹rÅÃÃC \¸p¡¨¨ˆN§;::J õ·NMM­­­MNNŽŽŽ®®®¶µµ¥Ñh999õõõfffçÏŸWWW‰‰¹ÿ>‹ÅÂÅC%$$\¾|ùÕ«Wúúúššš˜‘‘qöìÙˆD"|ã(Q?—.]*,,TVVNII±²²zïYÅ`0ôôô*++/\¸`cc£¬¬œœœœžžÞ…$„P]]µ®¤O­O³®8N}}}GMòO°ÆÆÆ””‡§OŸªªªfff^½zµªªÊÖÖ–N§S3øð!‹ÅòôôTVVÖ××2dȉ'tuummm¯\¹¢ªªzëÖ-¦««+Qi/^¼HKKÃ5|þüy±XÌf³E"ÑÉ“'Ÿ>}jdd$nܸ¡¬¬|îܹ¤¤$###üÇ.}½RTTÌÉɉŽŽ¾wï^{{»……>ÌK—. 4ÈÜÜü½'à#‚·t‹ììl555êÍ.“Éܶm[Ÿ>}Z[[/^œŸŸïããSZZŠß”––þüóÏ...<ï‡~@ÕÕÕ]¼xoþçŸfgg755EDDlÚ´IAA!tõêÕŠŠ >ŸX[[«§§·sçÎãÇ777#„šššÂÃÃ{öìÉårׯ_233£ÑhfffL&“,˜¦¦&ÞÞ„Ïç:::⇂ºººJJJyyyùùùÎÎÎxMss󜜄££ãóçÏ9NFFF|||¿~ý:YEA 6,..÷öö&{5Ü»wïæÍ› PWWÿá‡ZZZtttX,–ŽŽŽ¾¾¾¡¡!“É455•ÈS äåååå奦¦ž={vôèÑøöíÛÇår‡ öêÕ+ütßÆÆæøñãÉÉÉ\.wÇŽ&&&ÔÊ)(( BîÞ½ûÊ•+¡ŒŒŒ#GŽœ={V[[û½G—––¶gχcbbˆÒÑÑY»v-þu®^½ÊårByyy/^tvv~÷îݺuëðæOž<ññña2™ÑÑÑ?þø£P(TUUUPP°°°(,,TTTÔ××WRR266–y€ÔÃILL ®¬¬tss»~ý:îý’ššŠ;ŒEDDlݺÕÈÈÈÜÜ|íÚµ¥¥¥¡Ë—/‡‡‡[[[s¹ÜÀÀ@ÜÇŒ”ššºnÝ: OOϳgÏž;wN¢~RRR‚ƒƒŒŒª««øá‡ëׯwæ”(**ŠE={öìÒ¥K!tçΪªª®%ál%êJúÔú4ëêñãÇC‡íÚ ÆãñðI‹Ë\VVæààpåÊ•ˆˆù™«¨¨ØÛÛ¿zõ !tûöíM›6egg³X,éJCýú믡ººº_ýõÚµk¡×¯_'&&2™L|iª­­=}útXXXïÞ½KJJðUHæõª¡¡aýúõVVV}úô ONNFµ··§¤¤¸»»wæä|D »|™x<žŽŽŽÌ¤»w着ªîÞ½!4dÈ??¿ÔÔT„P[[Û¦M›X,–——×Ì™3ËËË}||.\¸ÐÔÔÄb±âãã}}}BÍÍÍû÷ïÇ/=È V¯^²±±Y±b^. CBB´´´¼½½'NœX__?dÈ6dÈ‹Enndd„²–––îܹÓÍÍÍÂÂâÖ­[Ô‡¬&&&¥¥¥äBccãòòòÖÖVggg“5kÖ0 ‹åááA=X‚ Z[[B4MYYY"ÉÛÛ{ß¾}›6m"SUUU7lØ`ddÔÖÖ“‘‘áááÁf³---ûöíÛØؘžž>xð`‰º-++ÛµkB¨¥¥…ËåzzzâŠ0`ÀäÉ“Bêêêk×®E™šš.Z´hÿþý¦¦¦cÆŒquuÅ…Ä•sðàAOOO<ªÁÁÁaÛ¶mÓ¦MÃeÆ·P9@Ü} ñç!C†àÕ %*ÍÕÕµ¥¥¥´´477×ÝÝ=== ‡3`ÀjnmmmÛ¶mÓÒÒ4hЄ êëëãâ⤯W999A899éééõéÓ‡F£!„233­­­%þ¬Ÿ hNÐ-Ølvqqqss³šš¹ðõë×ÚÚÚùùù}ûöÅKh4š……Eee¥¡¡!›ÍÆw3t:ÝÂÂâùóç“&M²±±IHHpvv.((ðôôär¹ªªªÔ¶B÷˜ÂŸûôéƒï9B¸kζ¹¹YºéܹsQQQ3fÌÀ÷Í:::äÃ]„P[[›žžžŽŽ~²Ž‰DêêêÊÊÊ¡¡¡ŠŠŠQQQL&óÈ‘#?ýôÓž={È KKKñÍ“¦¦&~~IåèèÈçósssß¾}ëêêŠûù`VVV—/_~ùòekkkCCƒœT–––äЂòòò… zxxXZZ²Ùìààà‚‚ƒAfåëë{ëÖ­wïÞáUnn®P(\¼x1BH,×ÖÖ „‹‹‹Äšr7QBÊÊÊdç(&“‰³"Y[[ã–'NïÝ»7‡Ã166ÖÒÒª¯¯Ç{g0<ÃáL›6íÑ£GÚÚÚ¯e˜L¦Ì¤ÂRðîÞ¾}‹3—Nµ²²ºsç΀Z[[?Žïêêêê,--©ëÚ---[ZZðø]²~ É<ûõë'Ñœè¨Ò\\\JJJššš233·nݺ{÷îššš†††^½zµ¶¶v!IºP'N­O¡®^¿~maa¡ªªÚÒÒ2oÞ¼––±Xìãã3pàÀ?ÿü³ÿþHî FmNO÷rrrššš qæ2맱±ÑÚÚšüE:ª4WW×ôôt<ŠË夦¦âV I]]_…ÔÔÔ Fss³Ÿ¸« ÂIDATÌë•«««»»ûÌ™3­¬¬¼¼¼ðH•Ç2Df!ŸhNÐ-,,,ÄbqJJÊ°aÃð>Ÿ¿fÍšððpSSSüp+--µ··çñxdÄ„PQQѨQ£B>>>>lhhF¶Ð¥VÝÜÜΟ?ïãã³hÑ¢;vXZZ._¾|ïÞ½¸Ù ‘Cnn®Ì¤"ÏŠÂÂBƒAmåRS p+!´~ýz|#(‰$ÜÔÔ”¼É.++355UWW§Ö’’9²Yâvu\i***ŽŽŽ·nÝÒ××···onn~ðà»»;FëZ’Ì ï©õ)Ôy'}ÿþ}___ÿüüü;wîüòË/^^^Æ ËËËû»'XEE…‹Å’s›. ð .D¹†È¬´àæÄŒ3²²²‹‹‹©JÿÉȼ^µµµ­\¹réÒ¥çÂ… ÍÍ͉‰‰¸Ù øÄÁØ º…ŸŸß¹sçÊËËBmmmtttìÑ£ÇСC9Nqq1BèÍ›7!ü,°¢¢wYNKK«ªªÂ£„‡ž––vçÎܺ©oß¾©©©¸wdd¤ü‚Ñét‰§ãééé ÁÁÁ@ ˆÅb[[Û‚‚‚¬¬¬öööÈÈHmmm---{{ûØØض¶¶úúúÈÈHüŽÅÔÔ411‡‚yöìÙ€¨Íƒ¡¥¥¥¥¥ÕÑ‹ooï{÷î½~ýzàÀ䦦¦²²2<&ûÍ›7dìZƒ /}AøªªªÎ;÷îÝ;ww÷ÜÜ\sssWWWeeå»wïâ§Ñ|>×®]óæÍ[±bÅ¡C‡ª««©Ùººº&''3™L Û·ooß¾½£Ûµ÷à{•——¿|ù!”ššÚØØhgg‡²··7008yò¤§§çÁƒ—-[6dÈãÇ{{{KO@!ó%jéÉ“'|>_,ß¹s§wïÞxì éÁƒ¡ººº§OŸ:99š˜˜<}úTSSSAAaûöíx…·oßâSÔÓÓ366GV}øð¡Dÿ„Pß¾}ïÝ»Ççóù|þ7:_i—/_Æ#p\\\.^¼HfÞ…$²À¤ŽN­O­®ž>}Šûò;vêÔ©!KKË%K–üòË/3gÎ$ß@vÆ£Gø|¾P(¼yó&î‹HfŽ‰Åb@ÐÚÚZTT´fÍ+++‰.‹Uš»»{rr²P(Ô××ïׯ_dd¤³³ó{Ÿbȼ^ýùçŸÛ·oWQQñôô6l—ËÍÍÍ544ÔÐÐèü‘>x;@wY¸paXXØÌ™3uuuëêêœñ3?CCCŸ¹sçöêÕ«¼¼üûï¿Çë„……µµµñx¼åË—ãñ šššÎÎι¹¹dÇiœ5kÖúõëÁ AƒäÜm <øûï¿ #£”¾|ù²ººÚÏÏ\gõêÕãÇ_¹råŠ+444D"Qhh(BÈÇÇ'11qêÔ©¸½._¾üàÁƒS§NUQQ …76kïÞ½ FÿþýÉHS!‹õõ×_/]ºTOOO__äÈ‘GŽqssëß¿ÿ¡C‡ÔÕÕ‡ÞÜܼråÊPsËÊÊÂo9ÍÍÍCBBŒŒŒ†  ‹G­¡¡qâĉææfmmí¯¾úŠN§ÇÅÅ…††îÙ³‡¬œY³fmÞ¼yÚ´i,KMMmãÆë þ–ž={†……µ¶¶VVV®]»–|š»|ùò7n,_¾ÜÜÜœÍfWVVVWW»¸¸àT2páÂ…äá „ðCeü,ëÖ­9Í™3‡Çã¹»»ã:ùñÇ7oÞ|ëÖ-7tèP|zܸq£¾¾~Û¶m>>><ð÷÷744‰DÒ½Å/^|úôéo¾ù†F£õïߟ|©õ^GÅ#þ]]]ãââpÇž®%‘&óïèÔú¤ê*??_GG¿îø[-™ÌÍÍñŸª’’ÒÞ½{©™c×®]Ã]ÎŒûõë·páB‰TG•¦¯¯¯««‹|8;;744H7–¤É¼^yyy]ºtiêÔ©&&&B¡pݺuqqqÐÓ €ÏèNMMM999¸·1ÇËÉÉøkRRÒ·ß~KDII‰P(¤®¹ÿþß~ûMÎ.êëëKJJÚÛÛE"Qcc£ŸŸŸü"I¦#|>???¿½½º°ªªŠËåJ—z8Ç«««ÃŸkjjð‡–––¶¶6‚ D"QSSSçs+))ÁÅrj€šT^^þîÝ;±X܅¿×ÿþ÷¿—/_’_KKKù|¾Ì5«ªª^½zõÞ_Mæâ{÷î={ö¬@ (++“ÞpìرEEEµµµdmcB¡ðÝ»w•••2w‡§{Ç'žtjiii]]>“oܸqèÐ!ù…ÿ—É<µ¾¤ºÊÎΦ^ÚÚÚJJJþá™,³Òº £ë•H$ÊÏÏ///ÿ'…|ðv€î¥¦¦FŽk¤ÒÖÖ–oÔÄÄ„ü\]]ýâÅ‹ÇKD’ ‰‚‚‚–,Ybbbrùòå÷>ÒÃ]·;CYY™ OÒÓÓ“^SCCãƒwK Ö&‹|‰!Ý©]>²b™L&5N®jå³ |pwïÞår¹äH„Ža*“žžžÌ:— 󩇃Glw´9õq5¦   g&2:nffÖQjZZÚíÛ·ÚÚÚ.\¸°råÊ÷–ÿß$óÔúbꪮ®îæÍ›äEEEê…¥kdVZtt½b0ÒWÀg¦±à“€Ç³:`•••ñññK–,‘s/‚RQQéÕ«WRRRrrrŸ>}¾ýö[éáà“ ³Ù;:‹jjj$:›ýsVVV"‘(>>¾´´túôé}ñ?e_@]ÕÔÔ”––.\¸úÓ×+¾<4¢sá@<t4']Í @ý¢ìÈÀ®ÅzIEND®B`‚natlog-3.01.00/documentation/man/000077500000000000000000000000001474316276200165775ustar00rootroot00000000000000natlog-3.01.00/documentation/man/natlog.yo000066400000000000000000000732201474316276200204400ustar00rootroot00000000000000NOUSERMACRO(natlog protocol) includefile(../../release.yo) htmlbodyopt(text)(#27408B) htmlbodyopt(bgcolor)(#FFFAF0) whenhtml(mailto(Frank B. Brokken: f.b.brokken@rug.nl)) DEFINEMACRO(lsoption)(2)(\ bf(--ARG1) (bf(-ARG2))\ ) DEFINEMACRO(lsaoption)(3)(\ bf(--ARG1)=tt(ARG3) (bf(-ARG2))\ ) DEFINEMACRO(laoption)(2)(\ bf(--ARG1)=tt(ARG2)\ ) DEFINEMACRO(loption)(1)(\ bf(--ARG1)\ ) DEFINEMACRO(soption)(1)(\ bf(-ARG1)\ ) DEFINEMACRO(itx)(0)() DEFINEMACRO(itemlist)(1)(ARG1) DELETEMACRO(tt) DEFINEMACRO(tt)(1)(em(ARG1)) COMMENT( man-request, section, date, distribution file, general name) manpage(natlog)(1)(_CurYrs_)(natlog._CurVers_) (natlog) COMMENT( man-request, larger title ) manpagename(natlog)(source-nat logging tool) COMMENT( all other: add after () ) manpagesynopsis() bf(natlog) [OPTIONS] tt(command) manpagesection(DESCRIPTION) Firewalls like bf(iptables)(1) may offer tt(POSTROUTING) (source network address translation, snat) facilities changing the source address of a host behind the firewall to the address of the host connected to the outer world. With tt(snat) the following combinations of IP addresses and port numbers are encountered: itemization( it() the IP address and port number used by the host protected by (i.e., behind) the firewall initiates a connection to the outer world (the source host, in this manual page referred to as tt(IPsrc, sport)); it() the IP address and port number of the host outside (i.e., before) the firewall that tt(IPsrc) connects to (the destination host, in this manual page referred to as tt(IPdst, dport)); it() the IP address and port number of the host where the firewall has been installed. This host performs the source natting, and its IP-address and the port it uses when forwarding tt(IPsrc, sport)'s requests to tt(IPdst, dport) are in this manual page referred to as tt(IPfw, fwport)). ) Source natting usually uses tt(sport) for tt(fwport), but tt(fwport) may already be in use, in which case the firewalling host must use another, available port to forward communication from tt(IPsrc, sport) to tt(IPdst, dport). The general scheme that applies to source natting, therefore, looks like this: verb( IPsrc:sport is translated by the firewall to IPfw:fwport; IPfw:fwport is used when communicating with IPdst:dport. ) From the perspective of the destination host the communication originates at tt(IPfw::fwport) and consequently all communication (e.g., incident reports) sent by the systems administrator maintaining tt(IPdst) to tt(IPfw)'s systems administrator will refer to tt(IPfw:fwport), rather than to tt(IPsrc::sport). Relating tt(IPfw:fwport) to tt(IPsrc:sport) is difficult when merely using the standard log facilities provided by tt(iptables) and tt(natlog) was developed to fill in that particular niche. tt(Natlog) provides data about source natting in various forms. The standard logging mode consists of messages sent to the syslog daemon (cf., bf(rsyslogd)(8)) and/or to the standard output stream showing the essential characteristics of connections using source natting. Here is an example of a logged message (log-entries occupy single lines; the line-breaks below are to enhance readability): verb( NATLOG: from 1338990672:55588 thru 1338990747:807100 (UTC): tcp 192.168.19.72:4467 (via: 129.125.90.132:4467) to to 200.49.219.180:443; sent: 802, received: 7669 ) The values tt(1338990672:55588) and tt(1338990747:807100) are time stamps showing the begin- and end-times in seconds:microseconds of a tcp connection since the beginning of the epoch (Jan 1, 1970, 0:00 UTC). tt(Natlog) offers the tt(--time) option for requesting human-readable time specifications like tt(Nov 2 13:29:11) rather than time representations using seconds and micro seconds. The next value (tt(192.168.19.72:4467)) represents tt(IPsrc::sport). This is followed by tt(129.125.90.132:4467), representing tt(IPfw:fwport). The third pair of values (tt(200.49.219.180:443)) represents tt(IPdst:dport). In this example, host tt(192.168.19.72), using port tt(4467), connected to host tt(200.49.219.180), port tt(443). To this latter host the connection appears to have originated from tt(129.125.90.132) port tt(4467). The log message allows us to associate this with the `real' host and port from which the connection originated: tt(192.168.19.72:4467). The final entries show the number of bytes that were sent by the source-host (tt(IPsrc)) and received from the destination-host (tt(IPdst)). When tt(natlog) is terminated it can no longer track connections that are still open. If tt(natlog) was terminated (by a tt(SIGINT) or tt(SIGTERM) signal), then it logs a `terminating' line, followed by an overview of all (potentially) still open connections. Those connections are flagged with a trailing '(EOP)' (end of program) log-element, and their end-times show tt(natlog's) termination time. Incomplete connections show tt((EXPIRED)). In addition to the standard logs the option tt(--log-data) is available. This option requires the path to a file where information is logged in tabular form, which can easily be processed by statistical software like bf(R)(1). When specifying this option information will be appended to an existing file. When the log file does not yet exist it is created. The first line of the thus written log files names the columns of the table. The column names are (all on one line): verb( type, srcNr, srcIP, srcPort, dstNr, dstIP, dstPort, sent, recvd, begin, end, beginTime, endTime, status ) Most column labels will be self-explanatory. tt(Type) indicates the connection type, logged as tt(icmp, tcp,) or tt(udp); tt(srcNr) and tt(dstNr) are the 32 bit numeric values of, respectively, the source host's IP address and the destination host's IP address (decimal representations); tt(begin) and tt(end) are the times in seconds since the beginning of the epoch, corresponding to the times displayed at, respectively, tt(beginTime) and tt(endTime); tt(status) indicates the status of the logged connection information: tt(ok) indicates a connection that was normally completed; tt(expired) indicates that the connection was recognized, but was not normally completed; tt(eop) is used for connections that were still active by the time tt(natlog) terminates. When the status equals tt(expired), the time entries show the times of receiving the first and last packets of that connection; when tt(eop), then the tt(end) and tt(endTime) entries show tt(natlog's) termination time. Log entries look like this (each entry occupies one line, header line and logged data lines are right-aligned): verb( tcp, 101820608, 192.168.17.6, 48886, 4012145084, 188.121.36.239, 80, 430, 2266, 1517387644, 1517387644, Jan 31 08:34:04:318340, Jan 31 08:34:04:383170, ok ) manpagesection(MODES AND COMMANDS) itemization( it() tt(conntrack): the `conntrack'-mode. This command can only be used on platforms using bf(iptables)(1) where bf(conntrack)(1) has also been installed. Information about snat connections is obtained from bf(conntrack)(1)'s output. In this mode all, or one of the tcp (the protocol used by default), udp, and icmp layer four protocols can be monitored. When using the tt(conntrack) mode the tt(conntrack) program will report sent and received number of bytes unless the option tt(no-bytes) has been specified. tt(Conntrack) includes the sizes of the IP headers (usually 20 bytes) in reported byte counts. Thus, tt(icmp) packets are usually reported as having size 84, even though bf(ping)(1) reports a payload of 64 bytes. Since the actual sizes of IP headers cannot be determined from conntrack's output, the sizes reported when using tt(natlog's) conntrack mode are as reported by tt(conntrack), and are therefore not corrected for IP header lengths. The option tt(--conntrack-ip-header-size) can be used to correct for the (assumed) IP header sizes. tt(Conntrack) can also be used to track all connections, not just the snat connections. If that's required omit tt(conntrack's) option tt(-n), and optionally specify option tt(no-via). See also the tt(conntrack-command) option. it() tt(indevice outdevice): the `devices'-mode. Here, tt(indevice) is the name of the device behind the firewall: addresses living behind the tt(indevice) are source-natted to the firewall host's IP address when passed on to the tt(outdevice). tt(Outdevice) is the name of the device where source-natted packets are forwarded to, and from where replies for source-natted hosts living behind the tt(indevice) are received. With this command all, or any combination of the tcp (the protocol monitored by default), udp, and icmp layer four protocols can be monitored. For example, when specifying the arguments verb( eth1 eth0 ) thene tt(eth1) is the device behind the firewall, and tt(eth0) is the device to where source-natted packets are forwared. This command can also be used to track all connections using a single device, instead of merely tracking snat connections. In that case specify the same devices for tt(indevice) and tt(outdevice), and optionally specify option tt(no-via). E.g., verb( eth0 eth0 ) it() tt(infile in-address in-mask outfile out-address out-mask): the `tcpdump'-mode. This command can be used to process bf(tcpdump)(1) generated binary files, generated on the source-natting host. If a source natting host uses interface tt(eth1) behind the firewall and tt(eth0) to connect to the outside world, then the follow tt(tcpdump) commands produce the required binary files (these commands will normally be run in the background, hence the trailing tt(&)): verb( tcpdump -wi eth0 /tmp/eth0 & tcpdump -wi eth1 /tmp/eth1 & ) To have tt(natlog) process these files, end the tt(tcpdump) processes, and transfer the files tt(/tmp/eth0) and tt(/tmp/eth1) to the host where tt(natlog) has been installed. The required addresses and masks are shown by the bf(ifconfig)(1) command. E.g., verb( eth0: flags=4163 mtu 1500 inet 129.125.1.123 netmask 255.255.0.0 broadcast 129.125.255.255 eth1: flags=4163 mtu 1500 inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1255 ) The relevant info is shown in the lines following the interface's name: the value following tt(inet) is the interface's IP address, and the value following tt(netmask) is the network's mask. Combining files and addresses, tt(natlog) is run as follows (all on one line): verb( natlog /tmp/eth0 129.125.1.123 255.255.0.0 /tmp/eth1 192.168.1.1 255.255.255.0 ) Instead of fully specifying the netmask, netmaks specifications like /24 are also accepted. In that case the number following the slash indicates the number of non-zero bits of the netmask. In practice, each value of the netmask is either 255 (8 bits are set) or 0 (0 bits are set), and so 255.255.0.0 can also be specified as /16, while 255.255.255.0 can be specified like /24. ) manpagesection(OPTIONS) See also section tt(SYSTEMD). itemization( it() lsaoption(config)(c)(config-path)nl() The argument tt(config-path) defines the path to tt(natlog's) configuration file. By default it is tt(/etc/natlog.conf). All configuration options have defaults, which are used when no configuration file and no command-line options were provided. All options, except for tt(config, help, S, terminate, verbose) and tt(version) can also be specified in the configuration file. The configuration file ignores empty lines and all information on lines beginning with a hash-mark (tt(#)). In the configuration file initial hyphens should be omitted, and option names may immediately be followed by a colon. Do not surround option values with quotes. Examples: verb( stdout syslog-facility: LOCAL0 ) Command-line options override configuration file options. it() laoption(conntrack-command)(path [options])nl() The path and options to the bf(conntrack)(1) program. By default this is verb( /usr/sbin/conntrack -p tcp -E -n -o timestamp -e NEW,DESTROY ) resulting in:nl() - Monitoring the tcp layer four protocol;nl() - Displaying real-time event logs (tt(-E));nl() - Only use snat connections (tt(-n));nl() - Displaying time stamps (tt(-o timestamp));nl() - Logging all new and destroyed (ended) events (tt(-e NEW,DESTROY));nl() - Reporting the number of bytes sent- and received by connections;nl() By default tt(tcp) is monitored. Other protocols can be configured using the tt(--protocol) option. The tt(conntrack) program must be available when requesting tt(natlog)'s tt(conntrack) command. Layer four protocols other than tcp, udp and icmp are currently not supported. A subset of the supported protocols may be requested using tt(conntrack's -p tcp, -p udp) or tt(-p icmp) options. When all connections should be logged (not just snat connections) then omit tt(conntrack's -n) option. See also option tt(--no-via) below. Unless option tt(--no-bytes) is specified the conntrack program reports the number of sent and received bytes of connections. Conntrack does so when the value 1 has been written to tt(/proc/sys/net/netfilter/nf_conntrack_acct). When tt(natlog) starts, and tt(no-bytes) has not been specified then tt(natlog) writes 1 to tt(nf_conntrack_acct). Note: when specifying the tt(conntrack-command) option in the configuration file do not sourround the command with quotes. it() laoption(conntrack-device)(dev)nl() By default tt(conntrack) monitors the information made available at the tt(/proc/net/nf_conntrack) device. When another device should be used, specify it using this option. it() laoption(conntrack-ip-header-size)(size)nl() This option is used to correct for the IP header sizes. By default, tt(conntrack) includes these sizes in reported byte counts. By specifying this option packet sizes reported by tt(conntrack) are reduced by tt(size). Commonly IP headers consist of 20 bytes (so, to correct for this specify tt(--conntrack-ip-header-size 20)). it() laoption(conntrack-restart)(max)nl() If the conntrack process prematurely ends it is restarted at most tt(max) times (these are pure em(restarts): conntrack's initial startup is not counted for this option). By default 10 restarts are allowed. it() loption(debug)nl() Write additional info to the log file. Currently, tt(--debug) writes information about memory consumption to the log file. it() loption(help) (soption(h))nl() Write basic usage information to the standard output stream and terminate. it() laoption(log)(argument)nl() By default tt(natlog) forwards log messages about tt(natlog) and connection information to the syslog daemon using the tt(DAEMON) facility with priority tt(NOTICE) (see below at the tt(syslog*) options). This is identical to specifying the argument tt(syslog). Alternatively, specify the argument tt(off) to suppress writing log messages. Any other argument is interpreted as a path-specification to a file to receive the log messages: log-messages are appended to existing files. If the log file does not yet exist it is first created. The tt(stdout) option is handled independently from the tt(log) option: log messages will appear to the standard output stream if tt(stdout) and tt(log: off) are both specified. it() laoption(log-data)(path)nl() tt(Path) specifies the pathname of the file where information about observed connections is written in tabular form. If tt(path) does not yet exist it is first created. Refer to the tt(DESCRIPTION) section for information about the format of the generated table. Specify tt("") as command-line option if the configuration file specifies a log data file, but no tabular data should be logged for that tt(natlog) run. Like the standard log file (option tt(--log)) the tt(log-data) file is not rotated if rotation is requested (cf. option tt(log-rotate))). For statistical analyses rotated log-data files can be concatenated (usually omitting the first (header) line of rotated log-data files). it() laoption(log-rotate)(spec)nl() This option specifies the frequency and the number of log-files that are rotated. By default log-files are not rotated.nl() To rotate log-files use tt(time[mhd]) or tt(time[mhd]nFiles). The 'time' specification is a number, which must be followed by tt(m) for minutes, tt(h) for hours, and tt(d) for days. tt(nFiles) specifies the max. number of rotated files. If only tt(time[mhd]) is specified, then tt(nFiles) is set to 1. By default (or if tt(time) or tt(nfiles) are specified as zero (0)) log files are not rotated. Note: when using bf(rsyslogd)(1) for logging (i.e., when specifying tt(--log syslog), see also option tt(syslog-facility) below), then it is assumed that the syslog daemon or a log-file rotation program like bf(logrotate)(8) handles the log file rotations. Rotating the tt(log-data) file is not affected by specifying tt(--log syslog). tt(Natlog) uses a built-in minimum rotation interval of 30 seconds. it() loption(no-bytes)nl() By default log-entries show numbers of sent and received bytes. Specify this option to omit these statistics from log-entries. it() loption(no-daemon)nl() By default, tt(natlog) runs in the background (a daemon). tt(Natlog) runs as an ordinary program (i.e., in the foreground when the option tt(no-daemon) is specified). When running as a daemon, tt(--stdout) (see below) is suppressed, and tt(--verbose) messages (see below) are sent to the syslog daemon, unless tt(--no-syslog) was specified. When using the tcpdump-mode tt(natlog) does not run in the background. In this case, if tt(no-daemon) is omitted a warning message is logged, and tt(natlog) continues as an ordinary program. it() loption(no-dst)nl() Normally, when snat connections are logged the destination IP addresses and port numbers are logged as 'dst' entries in log-data files and as 'to' entries in log-files. If these destination items should be omitted specify tt(no-via) as configuration parameter or as option. it() loption(no-via)nl() Normally, when snat connections are logged the host handling the address translations are logged as 'via' entries in log-files. If the 'via' entries should be omitted activate tt(no-via) as configuration parameter or as option. it() lsaoption(pid-file)(p)(path)nl() When tt(natlog) runs in the background, then tt(path) is the name of the path of the file holding the daemon's process-id. By default this file is tt(/run/natlog.pid). To end the daemon, simply call tt(natlog --terminate) (or send a tt(SIGINT) or tt(SIGTERM) signal to the process id mentioned in the tt(pid-file)). tt(Natlog) uses tt(SIGHUP) and tt(SIGALRM) signals for explicit rotations of log-files (see options tt(--rotate) and tt(--rotate-data) below. it() lsaoption(protocol)(P)(specification)nl() The protocol(s) to monitor. By default the tcp layer four protocol is monitored. Currently tt(natlog's conntrack) command can monitor the tcp, udp, and icmp layer four protocols. Using the tt(protocol) option (note: only one tt(protocol) option should be specified) any subset of these protocols can be selected by specifying a colon-separated subset of tcp, udp, and icmp (e.g., tt(--protocol udp:tcp)). The specification tt(all) can be used to monitor all three protocols (tcp, udp, and icmp). it() loption(rotate)nl() When tt(--log) has been used then this option forces rotating the log file independently from the interval specified by tt(--log-rotate). tt(Natlog) uses a built-in minimum rotation interval of 30 seconds. it() loption(rotate-data)nl() When tt(--log-data) has been used then this option forces rotating the log-data file independently from the interval specified by tt(--log-rotate). tt(Natlog) uses a built-in minimum rotation interval of 30 seconds. it() soption(S)nl() Use this option as first option, immediately following the program name, when starting tt(natlog) from a bf(systemd)(1) tt(natlog.service) file. See also section bf(SYSTEMD) below. it() loption(stdout) (soption(s))nl() Syslog-equivalent messages are sent to the standard output. This option is suppressed when tt(natlog) runs as a daemon. it() laoption(syslog-facility)(facility)nl() The facility that is used to write the syslog messages to. By default this is tt(DAEMON). For an overview of facilities and their meanings, see, e.g., bf(syslog)(3). With tt(natlog) the facilities tt(DAEMON, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7), and tt(USER) can be used. When em(rsyslog filtering) is used (see that section below) then bf(rsyslogd)(8) uses that instead of the specified facility. it() laoption(syslog-priority)(priority)nl() The priority that is used to write the syslog messages to. By default this is tt(NOTICE). For an overview of priorities and their meanings, see, e.g., bf(syslog)(3). With tt(natlog) all defined priorities can be used. E.g., tt( EMERG, ALERT, CRIT, ERR, WARNING, NOTICE, INFO) and tt(DEBUG). it() laoption(syslog-tag)(tag)nl() When syslog messages are generated they can be provided with a em(tag), which can be used to filter tt(natlog)'s syslog messages from the log-files. By default the tag tt(NATLOG) is used. See also section tt(RSYSLOG FILTERING) below. it() loption(terminate)nl() When tt(natlog) runs as a daemon, the command tt(natlog --terminate) can be issued to terminate the daemon. By default it reads the daemon's process ID from tt(natlog's) pid-file (cf. option tt(pid-file)) tt(/run/natlog.pid)). If another pid-file holds the process ID of the tt(natlog) program to terminate then specify the location of the pid-file to use using a command like verb( natlog --terminate --pid-file=/path/to/the/pid-file ) When the daemon could be terminated 0 is returned. Otherwise, an error message is displayed and 1 is returned. it() lsaoption(time)(t)(spec)nl() By default time stamps written by tt(natlog) are in raw, numeric form. E.g., verb( NATLOG: From 1338990672:55588 thru 1338990747:807100 ) These time stamps indicate times in seconds:microseconds since the beginning of the epoch, January 1, 1970, 0:00 UTC. This option can be used to change the seconds part of the time stamps to more conventional representations.nl() Specify tt(raw) (the default) for the default representation in seconds since the epoch; nl() specify tt(utc) for a representation like tt(Jun 6 13:29:11), using Universal Time Coordinated;nl() specify tt(local) for a representation like tt(Jun 6 13:29:11), using the local time zone defined by the computer running tt(natlog). it() lsaoption(ttl)(T)(secs[ui])nl() time-to-live for received connections. At most two time-to-live specifications can be provided: for udp/icmp connections a letter tt(u) must be appended to the specified seconds. By default tt(60u) is used. For tcp connections a letter tt(t) must be appended to the specified seconds. By default tt(3000t) is used. Both time-to-live specifications may be combined: tt(--ttl 120u1800t) specifies a time-to-live of two minutes for udp/icmp connections and a time-to-live of half an hour for tcp connections. Time-to-live is not used in conntrack-mode. it() lsoption(verbose)(V)nl() Additional messages about tt(natlog)'s mode of operation are sent to the standard output stream. When tt(natlog) runs as a daemon these messages are sent to the syslog daemon, unless tt(--no-syslog) was specified. When tt(--verbose) is specified twice then all actual configuration parameters are shown just before tt(natlog) starts. When tt(--verbose) is specified more often then tt(natlog) ends after reporting the configuration parameters. it() loption(version) (soption(v))nl() Write tt(natlog)'s version number to the standard output stream and terminate. COMMENT( it() loption(warn) (soption(w))nl() Warn about terminating connections not yet registered in tt(natlog)'s database. This normally only happens during a short period after starting tt(natlog), when existing connections haven't yet been noticed. END) ) manpagesection(SYSTEMD) An annoying characteristic of bf(systemd)(1) is that environment variables containing blanks are passed as single arguments to the program being called by their tt(.service) files. As a consequence, it is very hard to provide an environment variable in, e.g., tt(/etc/default/natlog) specifying tt(natlog's) arguments: in practice the number of arguments varies, and so even constructions like tt(ARG1=value1, ARG2=value2), etc. are awkward at best. As a stopgap for this unwelcome characteristic of tt(systemd) the option tt(-S) is provided. When used it em(must) be specified as tt(natlog's) first argument. tt(Natlog) will then inspect all remaining arguments, splitting arguments containing blanks into separate arguments, which are then processed by tt(natlog) as intended. Be aware that, to limit the complexity of the splitting-procedure, it is not full-proof: double- or single-quote delimited string-arguments will also be split into separate arguments. Unless filenames themselves containing blanks are passed as arguments to tt(natlog) this limitation is probably not very serious. As an example, here is an example of tt(systemd's) tt(ExecStart) specification: verb( ExecStart=/usr/bin/natlog -S -p ${PIDFILE} ${DAEMON_ARGS} ) where tt(DAEMON_ARGS) might have been specified in tt(/etc/default/natlog) as verb( DAEMON_ARGS=--log /tmp/natlog.log --log-data /dev/null conntrack ) manpagesection(RSYSLOG FILTERING) When using bf(rsyslogd)(8) property based filters may be used to filter syslog messages and write them to a file of your choice. E.g., to filter messages starting with the syslog message tag (e.g., tt(NATLOG)) use verb( :syslogtag, isequal, "NATLOG:" /var/log/natlog.log :syslogtag, isequal, "NATLOG:" stop ) Note that the colon is part of the tag, but is not specified with the tt(syslog-tag) option. This causes all messages having the tt(NATLOG:) tag to be written on tt(/var/log/natlog.log) after which they are discarded. More extensive filtering is also supported, see, e.g., tt(http://www.rsyslog.com/doc/rsyslog_conf_filter.html) and tt(http://www.rsyslog.com/doc/property_replacer.html) manpagesection(EXAMPLES) Examples of tt(natlog) activations: itemization( it() tt(natlog --no-daemon --no-syslog -s br0 eth0)nl() tt(Natlog) remains active as a foreground process, no syslog messages are written, syslog-equivalent message are written to the standard output. tt(Natlog) uses the pcap library to capture packets from the tt(br0) device, which is active behind the firewall, and to capture packets from the tt(eth0) device, which is the device to where source-natted packages are sent. it() tt(natlog conntrack)nl() Depending on the options specified in tt(/etc/natlog.conf) (or, if not available, tt(natlog)'s default options) source-natted connections are obtained from bf(conntrack)(1). By default tt(natlog) continues as a daemon process, generating syslog messages using syslog tags tt(NATLOG:), and containing information about source-natted connections. ) Here is tt(natlog)'s default configuration file. Empty lines and lines starting with hash-marks (#) are ignored. Options adhere to the following syntax: verb( option value ) Option and value are separated by white space, a colon may be appended to option names: verbinclude(../../etc/natlog.conf) manpagesection(FILES) itemization( it() tt(/etc/natlog.conf): default configuration file location; it() tt(/etc/default/natlog): arguments for startup scripts; it() tt(/etc/init.d/natlog): SysV startup script; it() tt(/etc/systemd/system/natlog.service): systemd startup script (calling tt(/etc/init.d/natlog)). ) manpagesection(SEE ALSO) bf(conntrack)(1), bf(ifconfig)(1), bf(iptables)(1), bf(logrotate)(8), bf(pcap-filter)(7), bf(ping)(1), bf(R)(1), bf(rsyslogd)(8), bf(syslog)(3), bf(systemd)(1), bf(tcpdump)(1) manpagesection(BUGS) tt(Natlog) currently can process tcp, udp and icmp layer four protocols. manpageauthor() Frank B. Brokken (f.b.brokken@rug.nl). natlog-3.01.00/documentation/simplified.def000066400000000000000000000006261474316276200206350ustar00rootroot00000000000000std::__cxx11::basic_string, std::allocator > -> std::string std::__detail::_Node_iterator, false, false> -> RecordMap::iterator [abi:cxx11] -> std::unique_ptr > -> RecordPtr natlog-3.01.00/documentation/tcp_header.png000066400000000000000000002602011474316276200206310ustar00rootroot00000000000000‰PNG  IHDR ø–MgAMAÖØÔOX2tEXtSoftwareAdobe ImageReadyqÉe<`IDATxÚì½l\çyïyHË?$K‰ h»Ù.b)nM²Q½ý#ŽÈ:Mš¢)9Þâö6mLN‹¦‹í%Ù&ź],É]$Y4í%¹U÷nSÜ’tÛ\Û5Éë¢iÝø’´ƒEâ8å(.b9pWTa»HlÀ#ia5¶Dî÷œG|õꜙáü8Î ? ƒóó9ç<|Ïû>ßóþjÛÚÚ *§ 9È @NrÈ @Nr€œ@Nr€œär€œär€œä '€œä 'öœ\.—Ïç«8±+¢à®¥¥¥³gÏjÁÜÓÓ344Tì¡ÛÐÍìxÝþþþ*îv#B ½½½;¿ººj :X§4ìŸÏ=W‰?4.[MNuѹ˜œœLZ[YY)mP{××× Þ‰Î-óÒ’%:¸¢ÇÔݺ(çxw­J/TgÜsüs@ƒÓŽ pŒ ¸ïúžú÷õõÍÏÏ×r¡¥¥%]H—ÃçÐÔÀÐì ¬OPÄo­hú#’œ:uÊ_Íf³N$tttŒ ºfERËËË:ÀVé`344Tì®ÜG÷¤qreff¦§§gdd„?" 'ö†bḢv''&&&JQdï´„ NOOÇú˜&Íd2ÖABŠB[ŠuK(vEm×]9#ãããÈ h^hìöžššrZbnn®˜HèêêZ\\´½ù|¾ºÖJ2¢KزŒ”n[€œhh¤%¬ “ýéééÅÀØؘ-/--UwÅÞ[^[[ÛÛÇ_ݦüSL «UŵbW,g쬂% 'v§ FGGËSuxxØŸUD·ÆžÞª;“É´µµ l£em)yÏÏÏ÷õõuvvº³´ÜÝÝí$Y11Ífcg—#EbW´eYscøƶìéš~݉¤säÀ®DÕ.¨-³CWW— ¯œ) ŠEØ{øÔ6†U²v¥ÄSºaíRŸTPŠì'''%* Š+;Ñõbwgff´½´)xEm7‘_ëÂ… V¡íÕ¹{ëg€–‡®Ø°ßqmê9Ý›_­`ª>ZB¡|ÕHA š$+,@·½±v_³³³®âÂÎÒéz;+!ËÉÉ7$ ìaýËÙ0Y¹ˆb÷éN”~5å¦-:×D`‰ñµ\§2gýä@5øó^×MK(¶e»•NÃWcïmkjAAöââ¢ÿÔŠõ‡‡‡­]ŽQÜïß›e2Ãõ ¢)ùtV___°=š–oÓ4ƒ¹WJÃí’e»V±Úƒ©©);16ЖNÔյ׆â-6¾–¹(v«€œØ-9‘î7ì‚¿}Ë_ZZrÝqÛ$ ²ké `JFñwLK¸`}2BË NNè¢÷ÛŒ±³¬g¹Eÿ19á†Ìš››‹]N§(ÜwÊ*öG±{Ð1n,ùÍu—? ¶RCK 'š•r"~ÁuŽwñ›’Ñ¥‹ÕÆŒŽŽZ(¯0Ý…òR¶ñرcÏ*ØNÌ]Nª `%Œn£`‡lש£„ÜÒ}šf[^^NÊ .@N´ö¿Šª ”Ëé2^pZnEÞ¶P¢Ã†u6°êa:A-q·Åº@¸Ë•˜>\×JÖä¸K´s» ñT⊀œht Fó.”¯¥ÛwéȾô ¸ jjjvv¶Ø¹.@×ñÉ€Þ:H\¸pa#µƒ*q¹žžžª )'܉™LfÇ'-¨dö|^äÀ¾À…³ú­®º  )šJ÷W1]†Î•™™™)(l”§b—«4¸w'2ýr ¡q ¶™)Fww·ߤý}ˬqÇØ1bC*:ujhh(›ÍîFè_é°W€œ¨+~|…ËåŒïd|\\ÞŒO-TQ¤>>>îæŽ|¬èÁKÏUWâÄä,ÐP0+6ìwººº\d\¢;Ï‚-T1kDƒh§Š;Ù,Ô.¾Ÿ˜˜(SK¸ÃΞ=[옂wRÝ}r`µ7çZ 666Ü„nM×Ìɵìrs®´ó‰Í/Q¾*p=°ÝÀ¯Ékl"å±-Ñ€J»ì>ÝÔ€œØüIC—n™ãèèèp:¤Y²îþTz1fggm†¸dçŠbÝ-$à :ÍÖ*±QP«.}@ Ne÷Yl* @NÔ‰ÅÅE[PÝÝÝíÚöøØçp÷~nn®éF#õç´.(œôàn„Y78•«‘’µR&ããã;^.9]L¹zžýöç(8m¶ëù]æ,°KÐàzÄ,y`!¯P´ªeE´I[›?’ÖÁM:QšD‚€M<'á¤X|ppÐ÷……W‡0==íjl¤ t˜I, *)›OtŠ¹Åf¾ ¶›Q¹Îv9ëæ®Ë¹~ËË˦%܉1äá¾¾>붡»µuðì쬫Zq:ö†-€ÅE´“““ež²¾¾¾c'cÙ a žîC”úã¸J=W9Ç»;Ñ]Åv½ñÆ¥{'=¦SŠyFbc.¢Xá"¯«Æ‘JqÏ•¼¨Nt’¦àu“ˆÖ`7 vZ¹ÂÁÊo[¯SÂÎÏÏ///'{kïðð°"àbÁñ®ô¤§0ãeŽªäî¤`i =æììl¬f`hhhtt4ùvÊøø¸ß Luüôô´]"iÍùíüùó±s¥t¢N×F»\òÏd™Õ1~O»îÄÄDRl8/Ñ¡ >´ù_°ÀGÁ±kîߪó©¹94£—#Tä7EòxóX‰9ò\‡‡Õ¥ÿUœ È @NrÈ @Nr€œ@Nr€œär€œä '*¥½9nór>xvõ¦ÿÚRG–––"´@¢€F†ü ȯ ž4Ií„ôÃ#Áý7ÔÅ+Áç炇†Šž¢ãg:8Þ›JZÏd2nuqqqhhˆ¤©ËåôÛÛÛ‹+ ­²™ü ȯ€ü êI{3Ýìc+×ÿ/®ŒŸßA\J§cvv¶Ä*@-es_Äêê*Þò+ ¿ò+@NÔ‘N…âóãÁc37¶?š çê Û¥å ªÍÐöãmá-Ô·¡@1òùëIqmm où 'ê…ôÀc³Af$\¾ûX°°-g%0¤Nô§'ÂÕÌðõöQ¦.¾ñFø_ç~*àv4ÓÍo»±|WGØwB<4¶z:— »I<µÜÝu£¿„´ª—ò×Nu‡ÂC»`¿È‰s^¯ñÇfÂJ†¥õP3œè ¾².<»v½ÊÂç…³a„UP8ûKNø<2JSŒ†mŸ†Gƒ¯,…•I¤¬ùÓu&BµÑÞÄ÷þÊFp×ÑpáCCÁ ¹°ʼnÞu'zÂ#è¿þÿDT‰q‰ÞØûJNøÓØ΄Ý'¬iÓ‘ŽPQ<6ö½¾éøµPH<4jŒG³á–Ëù°£…u±€}!'¤èÎLÝø/=ðØJ($Œ‡à V»ÏÏ]A4a…„Äñ¶à':£Q¡VÒ¿C™ýüxð@gx•L_¨XRdq>L`iåWf¯çWúUŽ P;çrá—>“]å ?†;´4MÒwâxï@¥ã‡†nªsÈŒÜè–-ÕqfqwïPe³¤Ë£Ó‘Ι »‰ë†Ý4Þ5&¡Rá‘°æÖò«g×°/Ó8jʦ>•¹>袕ƒŸ ßäø(€œhÄ,Ì:N¸¡`ëϹ\Ø \7`ù¦TD¦/ŒÿCN@m,ÎO-_Ÿâ9© ä¤<ÓϯęÉpL ÒT AiÔÏoG³rpq9°hoú'Pþ¥À]ÖV|e9üõ3͇†®·³¨‘pì²1â› ;¾ÏÍÍuttðŽÕ„‹ùö½:%]¥—¨†¯gP1±/%+é*ÍÌÊר̈́•`´¸?Aº‚ýF;.HKùÂË —ËÍÏϧrå4%;KiYka_¥ é _•…dƒÿ™cq>Œü´¥ˆœ ]‘®*ã‘°+öçÆKWV®HW€œ€Z¿[\¸p¡…M/^ÄW¤+ÒU㦫W6ÂÈ/â©¿ÄWdÒéª2~g:l20<ÖÛ*Cº"]rb¯ñG3ÔÿÓ™›š|<µ–…‹óñåŠJSåw»Ç]Tq@Crf*x¨;Ì%$Î,VT¿ PŠã½¡@}t:ü¯"{W Y@Nì¬%¤lšˆs[Á7Þˆú¤zšáS™u©þrù,.„²µ£ëÆš¶?»j‰ã½¤0h8͆C9ýÎtðÔù›¦ë¨•ÎúïcÍç.åñ rbï°!«Ï,^ʵ|z",ÿ>?j ßï:ÅîÞ²éÇfÂoo±¹ätX8xk4ÂzUMè¿3U ŒÄɼ'Tæ)¤ QŽö—X G H‹½aÒºì‰ëâ‚Ïj­Oì¤/ÙœWåŸ$ò¬…Ù蘅Pfè×-ÛX×™‘pùÑlY»>7“M3§í/œ Ît‡Eé ¹ëy_íDHð|hèú¤Å6}ÌJü4O-‡u§ õ,Úsd†ªç‘Ñ°Ô~d ,ûŽD ìÌd؃‚vtȉ=Ãj ~àWì.I =p¼-” ¡~¹±,m LBÚ"mPZ ØÜœ—óa§Ï‡ÕÒ'†ªþ&—Lî*žky8ne|í~j@SÎBZÖð¾ÂW†Jîk' ʉb“®HWø _í¹©ä“Z¾€râf†Gî'zo ·*… -Ãc¥º%œÎ„íŽ>?þJTX£¦‡ÃæOÖ?,ˆ:NHi6”8 œ—P®^½šÊûÜh¦\æ’–5|…¯ðU¬¬-('ŠÕNÈ`-e3é _á+|•®)Ë‘’ùU,¬BT 'Òà‘±°«ô#a‡léi‰¯,…(•®dxdôúÐ×:EšáþP„ý×®›ze#@Öº_Ÿè ÛDiûͽ±]™]°ðÖ–·ß~{Ë£Ò'Óéz¿ÿýï×î¤4%;.¯IžÂWøÊÿ–Qº µ=Ъ¬º`&]á+|…¯R4Õæ‘Œ ”eù™Š¢Yhkô†ký_ºN+aºÂñìjXwaþ²N±¡cï>vS[)ÙyálÜι\²õ”•Ç®]àOÿôO?ýôÓnïÑ£GìÇ~¬ ’.“‹/^ºté‡~è‡jwOš’üÇÔÂ{ÞóžT¬á+|…¯ÊG^’?¿úÑýQ|EºÂWøªALù áùçŸ÷ó«~ðƒÿ÷ßÞÞnbC[´l»666²ÙlËåsss]]]ȉVÀÕ9X‹&ý~øÃ~æ™g´«£££·—ñ: ÑÉåÂìȯ )ò«|>œñÁ|òÉ'MN8Qaº"]9!kõŒÚíéC¶°œ8@:NÊ ÷»áv©l^YYÁEÐà „m>ɯ )ò«ÕÕU[¶ ë–[nqÁLN(ÈN1CÓë™=ÎÏÏëwdd¤…ÿˆí¤ã¤–Øô°± ð À®Æ`ÖÃÛìÂ`²KKKR/ú­ÛsÍF´öß9Q4M›–Hw4(ˆÅ]ÅN‹ååe÷[666rZ@Nì#á÷Pš¾zõj*¾@1läY''ª?³ù|Þšé׺4ì6®^¢µ+(……«hSʦ±Àn`ö ×H]KQK§‚Ë»‡»J=›W!'ö8;}l ø äÀn‡a~èåÚ†¤†ùUu¨.„pmœ´ÐŠbßˉgWƒL_p¼-x ³íw²Áå¼ëíÚ;ñ†ì6®¥Ónôön nµýb=4êÖa9Q_ÎåÂ)±ïî gÅ~t:xj¹íôÃÁv?l×›Ú €]ÅÕN¸ÆNÁ®UMÛ’"®Ÿ†£n6õåÌT¨%Î,†³bgF‚Ï͵}c-xvÕ¥`?AÀîɉ˜Hw,œd[£]m}TÐx«¶wÚßrâ+K¡Špéø¡Aý¶}ãéÀâ‰ÆNuÀš„ìR'ìdÓ¦]íÏP°ê£UÇwÚÇrâ\Ô~îDÏM8ÕþÜÓ±Á¨ØUb¡WºÑW±~ »ÔŸ!ÖOÃѪPìc9q)j¾v¤£PzÞÚ¥¡‘Y(øþ@Ån`Én Ž]êÏP¢¢%+((¶pj¼ (P-ÏÔÔTggç@D___wwwönlK »-–K–fccCò‰¿>@£½Ô™L¦öw3ö‚ˬ2º´ jAÓÍ@”ýÆü ly||¼:kº·Öž„¸U£/¿^"Åè«t™¾%~ ›-Ù}âÉ7žš£úŠÔ“24²–˜œœœžžéèèP ¤-*εell¬oX÷9<<ìçÈf³ºó¡¡¡Šì,,,èÁIä õR+ Ò»©ØznnNÛ«¶{Áµ|êÔ©ZnÒ7ØÕÕ¥eý¦ë‡ÞÞ^e¼nummMWÑ‚¿±|q¢s'&&H]Í(*v#³´d¯Øüü¼^®Ô°¯½ý—×>ùù[tÀî]9Q_èŸ]»¾`<»¶õ™/ð2ï+fffÆ"lUo¸Jñ\.§0½1å„î°¿ÿF¢Õrww·JúJå4æK­°#“ÉŒë¥îèèHåéÖºá݈Ôõ°±ÌÍ"¿*ä@L±»åÕÕU%* x?±¥þFû/ˆÕ㵶¸Ýß>4,ÎßX]\ÐÏæOý|R%C S°Ñäèè¨ÿå`jjJ!»µ,ò (KðOÔª}‡ Ѳ2«Á/mGE¦¢«ß·³*͹ÜSèºÎ”\WØý(R±ût7 ƒh¿µ·–õÎvvv&Û7ú¯|__Ÿµ£H¾àɬ)›ÍÚYZð³A—Mér²lM†b͈Ÿ½”ÎvŠ]«¢ÌM :ÝœàžÔÏxu“Ú533cÙr2†Æ‡  9Ñ„œž^ÙNg¹±çÛ>?¾ù‰¿ù®÷¬÷ýýý*~TùAüÈÈÈÊÊŠ-k×ää¤m™˜˜ÐÁ*Òl×… b¡¿VµÑJ>+Dƒí:Vߎ~µlŠBGªhÔïââ¢vuttT¤(t¢Êl?*øu®~Í”•²V´Ç§ÇNÑã·X•+@ ᶶf«ŠÑ=KcXî¡Ù}Ð;®·{%B§˜H¾à±¬I‡i»NQn0á>‘¸lJ—³Ú3hF,Ðß1Û)v­rÐé.ƒ’Yç„¡¡!™u¦t˜¢½ºDoo¯}uŽÕù@3* °fú³ík¾¾²5Ô»uo°õ›Ÿ½zõê•+W.]ºôú믿úê«/½ôÒóÏ?òäIwnAËñÆoX¯ ÷WV´¾¾n{ÏŸ?oñ·;~nnN[ìÓ ±a(ì`+VUæ³c¥²¬§oDÅ¡;19Ì…Ý¡166¦suó²o¦´¬'rÇk¯™ŠÝOÁ›‡–¡??4±œ!ùG´<ÇÞqC/¾Þt÷^ë×åf:EÇ'_ðXÖ$ ~†ãR‹´Z0—ð—ýëî˜í»Vòy­K†Cët©ç÷¤îºîét®ż ™_Yù«pKA—B/` ÃŒ)$S`æúg§Bì­!CN…}ßûþ`qÝI« Õù¡)P4±ººº¶¶¦_+ɬ¤Õø]ŸULf³Ùååe+êJ3::ê>žÅìȾµ"Ð.e4~u„,—ø€°E约YÚkl­Õ™™™äý@³ |IyÂF„m9vì˜}ø·_9ÒÄÄDo„«V-Íàà Ÿºeÿô2ÎÞ1Û)v­‚u­~æf ЭW˜œ«mYå“–Z•rZýL RÙ àF\.Tz©HËd2*¡µjÍüæ@Õ•XI;Ö˜!Øe¢ü*5‹õèJAù Фèu¶HÚæÃ*Ø ÀMMMY;F­*­úÅ×…¬Õ³_Î}¦•í”Cdn óNÀ¾¦àèé*¥,^/8l¹5>zôhŠ·Q°R>˺[ ]€¦Ã¦Îíééq;Š5ѯBð7ÞxcqqÑZBV=Wƒ² ë177gí9«©¶>ÙŽeÅäoÈ €=Æ,-,,Ķ›PAe#µûCˆØrÁ~%æ¦IÚÉf³ÝÝÝAÔ0 v¢M|QÅãè®b¦´JgD€¦C’Àª‚¨Uë÷ìÞk‹ûÝàE6óŒd€ ®Zµ†ÑUlËË1UŸlÇZ„úNX^^ÖS—Ó軈J£±±1ÉŠà­à´ÁU–[—Dûuã>Ùø!¶1ˆF;±èßÊÝ“ÎÚ)î*3336NõgP)®-VRjÁõA¬3¥»ÍGhA—+Ý_B?sÇì-Ö!Ê0© 7Ù‚õ °×Ùr!×´I…­Zî¡s•ø¡|E/¸µ&²Ï+2¨ü*Ù3i°Šl§ †‡‡å7p­5-=5î*Ýy» ( )àØÜÜdd§ý‰Âw¿ÆÜ4†$äüùó~p¯dàâ—Ü6öˆ?|Š?v„Îòíø£èDÿü]eãðç{²^æÅƲpm”ÿ„‘`oGvŠ144vf}}Ýï9àçB±)ÞÜèm±¼DÖä§7s°]eqqÑ… ¾Á˜‘ò³)sÇDkãhÌ'“ù˜Ë™I`ŒìÄÈNu m‹1}=e¥$ûvÄ[o¾ù¦’r6›}î¹ç‚í&ª8ªU±ïXÅjÏ­€ë?Ü¥³ÊiÅ[ÂŽÝ@™vJ`3QEZdž‰ŠÚ¯†5€!¿j1Šåî•íªî·³œ)»¨e&% –Ÿí¤’Q—óP:’ÖPÍ’_ÙŸUrBZôàÁƒ‡º-âÖˆööv7l*IHWTöX·–Àû!Cfd'€ŸâJì-Q&UT\•88­¬M%h™¦ ªhLŠåÅ^ùê^ðØYþEK,?ÛÙÕŒz7rTØúNr€œärbGüÁÈÚ"ð @b°X†O€œØÇ*'zr¢âÔl šd P7-ASó¦ƒY±‹j ÛžÏçmx€FF™•~ɯ Yò«Ñ 'šXÛB{û œ\.700€ ) ¿€æBA—ƒáäDsË F,AßsÏ=?üð[o½õöÛo_½zõZÄæææÖÖV™ö¿÷½ï½öÚk÷Ýw_í·Ú€¦dǾ‰ÞÑzˆ¯ðÕ^™ò?pø­1m»ýþíßþí¿üË¿¸S~à~àÃþðf„V-§r™U9¥5éŠw_á«ÚMYuKÄn½õÖÛn»íñÇùå—cǸР9œhn-á+ ¥û؇¾ÿþû¯\¹â…¨HNÜ~ûí:þÞ{ï­ýnДìØÂ;ÞñŽT¬á+|…¯ü/nYyŽ+t]1¼¶¶æŸrèСãÇ»O¾œ(³´&]ñâ+|U»)Ë£D˜–8xðà“O>;LA—¯%PȉfÕ±²9Y;¡U½V+Ý_Û¦|9qÇwè]Ò‹Tû 7 )Ù±…´¬á+|…¯ü±e«¯p°ß>Ó¶[©ïk Q~QMºâÄWøªvSÊmnÙÆä„HÆW±Ú ê(M‰+km9Y6›t>|ø°^¿±“°SʹÊwÞ©÷ðèÑ£µßpš’—פb _á+|U,¿òUkï˯Ž9bZÂåQîDÒé _á«:˜² ÇÉ WA‘lbù˜Ë©üÏ€œh2\3'ÀJôÉâùСCz$'LHHTQ£ä2íKÍë-R_û­6 )÷­"-kø _á«‚ZÂ~-ƒrßðbųV-²qJ”SUÔŠ€tÅ;ˆ¯ðUí¦,§RLå*(D,¿²ÖPv@²m 'šIH^u›)Šä+!EnÚÚõî¨ï„Uº¯µÐ€¦üJÞT¬á+|…¯JȉØ0íI9qèÐ!_NTÔÒ‰tÅ;ˆ¯ðU*¦üÈÊ*(’Ÿkƒí ¿©9¢9Ñ”¸ÄíÒ},)k£Šg×;ÙÁ±LMøðá´>4”)ÿ«L*Öð¾ÂWå¨ ×ä)–_¹Ú‰êJeÒ¾ÂWøªFS®g—å„õ¯h¿âRäDSâwÅV²N–ÁÖµQ¯?XŠß.¹M¯—Ð>Öþy ÑL¹¯2iYÃWø _“Áö§;—S•¨pG•|ð#]ñâ+|U£)÷±Ã) W ‘”þàNTM 'šUK8EaZ¢àÈN’þt~îr05’ÊÐ hÊ —–5|…¯ðU1-$ª’µ.²‰\f9MºâÄWøªvS±‘3M6ÙÉv¡(ͪ%üáØ‹ìdJÃ\c§òµD°=¬²ÞÃÚï¹M¹£iYÃWø _•–SYv”,zµ*ƒöeÄ?˜tEºÂWøªÎ¦b£ð'åDàÍŠ›f‡9ÑÄŠÂ5õ+('´«ºÚ ²QŠ|…¯j7åò«ØÆØê­·ÞZΉ¤+Ò¾ÂW»š_Å"«bµ±J ´DsÄÏ}V߸~ÕúµæLýèGŸyæwÀ]wÝuâĉàæÆ]âòåË—.]ºûî»k¿Û4%;çÎÓ»ßýîT¬á+|…¯ÊG^’·zäÈ‘ãÇã+Ò¾ÂW`*&^xáq{|ðÁ/ùËVqázY¤.'VWWVVVúûûëXêrúÕ‘ûWá`rBHN|õ«_Õ®ŽŽŽÞÞ^\ ¹\.ŸÏkáø€äD¬7vêƒ;!'v;Æ£Ým”–híÔPOm+ÄwÑWàõ Ã9ÍúÆUDpóô±ÔÞÔ' s#ï'¿êr¢)t¥Ó]¡×¾‚ÆNñ¤ì°¾W¯^%Mìv ¦ +Ø.ÖUPÐê©ñ¡v¢°¢pú9P9áWP€!'š2Û‚%âkÛšv; óC/ëDÐ}9ÑL\ηδ--ø°­½¾Øml¾/¿C6>AN4fƒ§–ƒW6¯3µuÀÕNø½±‰ÁÍÃc3Á³«¶è§`†¨œˆ ×Þ  Ϲ\ð¹ñàós±4mÐØ  X“:a#'šËùàS™`x,xh(R7´ƒÔ‡XèEôÕDìûy'ÍwuNÇ´©`_±¡…ÞÞÞŽŽP7EAÖŒìïÚ ë2qf1™š¯Ž‚ °OÈårÝÝÝÙl6ŸÏ·äÃNMMµµµe2™‚ÛS¿© vÔ~½Ñr¢xe#ì2‘ $*¢®Øm¯n´?÷´¯(H"ûÉIý®¯¯[y¶¸¸¸´´Ô××תŠB,Eð×€Æ`ȉ¦’ba&xdàúɉ¥Çnýµ“,ö!óóó’ +++½½½¶ehhhnnncc£…îþþþñññÖK€œØ5èÎmÝô?6ÿÝÿüý³ÿšTÉÐò\¼x1¹QŠB·[Uح໳³³­­­»»[ Ä?ØíX]]Õo.—³íÂfMªlWuÕÈd2mv¢˜V³Ù¬íõ[^iA«v¹¾¾>_ðèmq§X?bLOO뀩©©‚{KܹžÝ–íZò†–gff´`âаz;Ò¿\ —ʈVµW»œ[ …!èBN´`R&YìN:åBX?_YY±eÅý ‹‚ÛFë.2VÔ«'&&´K DG*¶è?áÐn—~­1Õââ¢NìèèpŠÂ“®®.íšœœœp¡¶»`—3-¡]½½½Ú.›î—¨|Б²,P0^/qç.\°ÛÕ…ì–tKZMJ)mf~ÓÝÞ.•}-k¯Ž×3’DàqÿlpOœºöWÿéÊ•+—.]zýõ×_}õÕ—^zéùçŸ?yò¤ùJ!Nha»–NŠ_ÝÎÍͽñƶWËÚ~þüywüØؘ€´1ˆ¾ô»]¦@"k¹?ÂíÒF·K‡éBþ=èv»Ãt —Ù±;1 Bw¨Û)-Ûm»S´+vcÅè®ÐY2žÜ^âÎí0yÌ?ËÝ’oÄ–cÎ1¿•p©…º1çhI\ °Â-] ½€) S0¦ìêÕ«®v*øùXÝ°åȪÊjaeks3xûm\°?ŠØØØX]]][[Óïüüüìì¬Õh‹bn7Œ¬8vì˜}°·-®C ÆšBD窘ñkt ÿDÙqËnÔZ݉âlWk»vo===1ƒËËË ÓK܆Âú©©©‰‰‰J=æ¯ú Ãb$cN.æR3eƒ” ÐÈ 'nÂ>ð[ø»´´”ÉdÆÇÇ­O¶uHžráÂ?Ü-—@6ý&Le¢³b¬RÅT„ßÛaÇ(ß ç™™Þ%¯tN —@³@ß €›k"¶Ñºb»oç+¬w ÖK399™´Y‹Ád%¾Õ]”fz:œÍ3›ÍÖÁÕÖûÂDÅn¸õ¦··×5[òÑ |]GdciiI ÄÚÙªÛµ¼¼\ìBþ.É•Ø(´SSSÉ©åbXû(ÿNº»»¥´]·»´¬¸ÉG'ÎÍÍÉl‰QqK<ÔŽøf×ÖÖt99¼„KIÈ €fbttT1® 4d[r¹œVÚjW°ÝŽ||Ü‚]Â5ˆGIèWQ»Ûå·_2¡âF^òwɲ¯j!µ&'']wðb Ûä#l4Xk§466&ûö¶KË6hÕŽXUŒ?”S‰;¯ß9zLëËQÂ¥$Hä@3a㱚¢°IúúúæÚÀ¯Ávg…¼njEÛ6FjqDµÚeƒ¢úšAÆu¼íò»;ËòÜÜœBm›xAµâìûCÛ­J'tFhAFì&u®bt{„Ø®rÐÁ~'‡w^…Zs~Óš©Ò.€¦ 1}rÅæææÛoE¼ùæ›W®\Éf³Ï=÷œüå4A€¦Æ 4¤Ð¶`ê\.—Ïç»" îÒ‰ÖÃØI‘`»Ÿt±ÈÞö»b1Š¥{°J†T:!”¾óJ[Âow@kã&Û9yòäÜÜÜÁƒ:t[Ä­ííímmmi]Î&çñ3ç:<`õjká?"#;ÜÄŽAm‰ÆH%v•.ºª+ØŠ%u‘bI™–©ŽÝ±}4,4vä@ÃÐÕÕ599IÓhyhì°+r¢–ŽË͵€œäÄÞâFfcÏã€:Ä`±0 Ÿ '9±U2N ôäDÅ©Ù4É nZ‚¦æMÅÕ>¶=ŸÏÛ<ðP; ®JG_€œhbql íí7*pr¹ÜÀÀþH]~ vË-·¤®+˜c9Q?9aBˆ¥ã{î¹çá‡~ë­·Þ~ûí«W¯^‹ØÜÜÜÚÚ*Óþ÷¾÷½×^{í¾ûî«ýVДìXÎ}­÷€ø _5²©••q«ï|ç;küBºÂWø _Õnʪ["8pë­·ÞvÛm?þøË/¿;Æ…^n5Ý9F‘uÒ¾¢Pºpøðáûï¿ÿÊ•+NQˆŠäÄí·ß®ãï½÷ÞÚï¶MÉŽ-¼ãïHžÂWøª|¾þõ¯û«‡ªÑ é _á+|U»)‹©D˜–8xðà“O>;LA—ÓD¤È‰&ÖŽbµZÕk ñ`bãÚ6åˉ;î¸Cï’^¤Úo¸MÉŽ-¤e _á+|U>±/ Z­Ñ é _á+|U»)k¹d˜œÉø*V;A\ŠœhJ¶¶±åXß W<>|X¯ßØIØ)å\åÎ;ïÔ{xôèÑÚo¸MÉŽËkR±†¯ð¾ªENÔht…¯ð¾ªÑ” ''\E²ˆ ? «ñ>—––¦¦¦r¹œ–ûûû§§§{{{m×ÆÆÆøø¸ÐòÐÐÐÄÄ„ÛȉpÍœ677•ècŠBÛ:¤7Ar„„D…¶ëà2íKÍë-:räHí·Ú€¦Ü·Š´¬á+|…¯j‘5$]á+|…¯j7e¡”b*WA!bù•µ†²’mCªÓ™LFRA*"ŸÏÏÎÎ ¬¯¯wuuiUË‹‹‹:R’C«çÏŸ×Â`äD B"ðªÛLQ$_ )rÓÖ®vE}'¬ŠÐ}½¨…4åWò¦b _á+|U‹œ¨Ñ é _á+|U»)?²² ŠäçÚ`»£`Só*~r0ÁDµÝÝÝRsssóóóÒ6Ä“vuvvêxzi#'ÒÁ%n—îc Z:äz`›°ß2…iúǧõy ¡Lù_eR±†¯ð¾ªENÔht…¯ð¾ªÑ”ë’êDEA9aý+Ú=j¼ÉÕÕÕÉÉI·ÚÑÑÑÛÛ+¡åååeI7\¬viUÇ#'éàwÅV²N6ÝÓöÛo¿]¯ÖDEPvß iz½„Ò$©|h4Sî«LZÖð¾ÂWµÈ‰ ’®ð¾ÂW5š²8ÊÕ9¸:Š‚r"ÅÁVVVüù%òù|.— ¢™ÄFFFüƒ%'|íȉš´„S¦% Žì$9áO7áwà.S#© ­Ð€¦ÜyiYÃWø _•O¬xÖjIWø _á«ÚMÅFÎ4ÙPld§´f¯“BðµD&“Ñïðð°­ÒM9±[ZÂ$%âb#;™Ò°×Ø©|-l«¬÷°ö{n@SîãhZÖð¾ÂW•~ñWk4HºÂWø _¥b*6 RNÞ¬ØN{¤àÍÌÌLMMiaqqÑ×€œ¨‡¢pMý Ê íª®v‚l”"_á+äé _á«ýã«Xí„…Rk'Ò¹\.›ÍZÓ¦éééÒ5ÔWT_ôTôY}?àúUëך3}ô£}æ™gÜwÝu׉'¯§D¥>¼|ùò¥K—î¾ûîÚï¶MÉιsç´ðîw¿;kø _á«ò‘—dÇ­9räøñãøŠt…¯ðU#˜r"Á^xáq{|ðÁ/ùËVqá$GZb``Àwò;Qm¢Îþ7nlº$¯…œh}\…ƒÉ !9ñÕ¯~5ؤ‚‚þ|>¯…|à’~oìåD‰8~fff||Ü »±±ÑÝÝ=77럜@NÔ$'6·¹zõêÏþìÏšœèïïoíÔPOm¯®®šœø›¿ù@Öõ¯¨Ú¬$JggçÐÐPìCð±cǤ´·¯¯¯££ÃF†µžëëë»ô€-/'è;qn^w[¨hr:¨% Sè%!áz¥V݉bcc£¿¿_²Á´ŠÃÔ…„„âûñññL&£U©Ž¹¹9üœØ•]ét×PuèeÃfÖ>‡dCé Âl@N¤œ”ÖwâêÕ«È €ÝŽÁtÛÃÅ}5í¸  ¢ðûN ê 'h‚œhútl –ˆ¯mC‚Øí0̽ŒáäD“ðÔRé Ž·éÛïdƒËy¿¶µw"•ì66ß—Ó|ÏEN4Ï®ŸÊÇ{ƒÇV‚ÏÏO-·ÿTàõæv ¸Ú ;5û»+öc³ÁÝ]¡p<š ^Èmý7÷ù¢‚ °Ûr»ˆ¾MÂ¥|('G:ÂßËùÀâ‰ÆNuÀš„¸é¿JcÓÃùtuuŽŽÆæ­ƒ:°¿;e†ÃöN̈́˯l4Ü}lóäcƒ;¡v•XèµcôeóÓõ{hK___lÞº‚:$)E öwíDf$xj9øÜxøßdñÜSÁͳO %ê£(* À$!&&&Üêèè¨äÄì쬶ãÌz²¿k'>?|e)8=vÅþ£ÅàDï-ÿþ¿k{ñ¬k´gBEÐø¨ikkÛØØ(óx<55U盬««:qÇïmu@÷PÌúə™™äöt¿òY …µ„_/QEôÕÑÑÑÕՕχ­Öçççc9ÒÒÒÒTÄF„-¸]™LFyK6›õs9™’ËvÆÇÇË/bû†W6‚…™PKœžèÚZø¯Ú|ËŸÿ¡KÄ €¦ ¡‚DEÞØ=T .,,”8À/žªU`*VWWµ|öì٘ЪÊ°Û.-¡¤¿¿_Çwww»¢D™žÕumìëë³S9áÉ ñÀ©[Žt'zÚ^½@²h.ãvuu •vaW±î*˜qÔ‡ùùùmú"÷Qç ªv°#­FBWVVz#lA¢bffFËsssZPQbù˜}¨šžžžˆÐ.i ]·#'« V)ÐÝÝ­Óõ«|Õ, EH]ôõõiWgggµ ÅíÈ hìÿèè脇òzÅ—¦(bÒBÇ«üp_¯í#“Ž/3ðµ†4~p¿¼¼ì2uEHÞèןÛV“µƒƒƒ1SºOWºCÓ~}úÚÚš»»¨ÛUÅÀ¸vo¾‘ÉdÒ ým¬Æ™™™‚'vås«\r­žz(=o @KR°Ãƒ~cU¸VYáWÀNGHŠXî=22rþüy%:Æ5j²#m4ûb%ÕaCwàyä´ ÖƒDƒ{ ë-TUñ`ãÛCˆZ+ØØñ;¾Æðð°N—;ÒÚÕøƒZ÷ ×õÂÄŒ›3e}¸ÝK:+›ÍÛ-}uŠvYYð'vµ[U”lz“³P—ƒŒèÎ-ò¶š}-¬BIbmÃÊ9RÒ.¸¹þÄš».%µ´J’LQÈ &)ý?·íÒ‚  õèOÌl­ D¬ß”¨<ʯ¼×¶Xæ쬌ݾU%wršÁ~Ok?÷W¨jÕV‹mShKìÕøZ@_•7‹‹‹ XmÆoÅ;@¹UM¸Õ Poi+Ìt'*äܼ ~½Ý¤ÍÀ ›÷ëÖí‹še›n¢ºJV.Úü r£¼TNß HÅæH>c¬»JtùÐf~ÐÕ}×UCè×æå7ÜÍÛçC Û%×Åþ@°ØØØPn`ãmì„ )ÒF»R‡\±¹¹ùvÄ[o¾ùæ•+W4<÷ÜsÁö°08  ¹Pˆo_úÓêmlß× V;TŠnL·g ¥ î*}Ï:@¡³4F3+Uç–‚UUá½Úÿ柂…ÿ@°Û¸'Ož<977wðàÁC‡Ýqçw¶··WEŒÛôš{[KiŸ`Z;€dd'hq¬ílŠS´V¢+¸KÅÒàà Ö^¨ºû©Î-µ?{ZÞ+áºtÿÜ°W\»vM¿ÖͺŠ,¢`¿±±±°°0<<œüˆÈ €ÖǺUœ={V¡‹j³øáhI9ÑÞÞ^…–(rÎÉÉÉS§N!'R„¾MÃôôôÜÜœu.Ôï\n€=„Ú €fb$?@ƒ@í '9±·ø=~ªLªˆÁba>ANrb«dœ@èȉŠS³%h’5@Ý´MÍ›Š-ª%|l»õŽRAÁUéè M,Žm¡½ýFN.—À?©ãÏœ@N4½œ0!aÄô=÷ÜóðÿõÖ[o¿ýöÕ«W¯Elnnnmm•iÿ{ßûÞk¯½vß}÷Õ~« hJv¬羈Ö{@|…¯ÙÔÊÊŠŒ¸Õw¾ó5~!]á+|…¯j7eaÕ-¸õÖ[o»í¶Çüå—_ŽãB¯–‘½½½È‰ý¨%|E¡t;àðáÃ÷ßÿ•+Wœ¢ɉÛo¿]Çß{ï½µßmš’[xÇ;Þ‘Š5|…¯ðUù|ýë_÷W:T£AÒ¾ÂWøªvSSˆ0-qðàÁ'Ÿ|2v˜‚._K´†¢˜žžFNì;-á(V;¡U½&6®mS¾œ¸ãŽ;ô.éEªý†ДìØBZÖð¾ÂWåû¢Õ ’®ð¾ÂWµ›RìtË6&'D2¾ŠÕNЃ9Ñ”lmc˱¾®x>|ø°^¿±“°SʹÊwÞ©÷ðèÑ£µßpš’—פb _á+|U‹œ¨Ñ é _á+|U£)“NN¸ Šd. 3Pȉ¦Ä5sÚÜÜT¢) m?tèÞÉ Ú®ƒË´/5¯·èÈ‘#µßjšrß*Ò²†¯ð¾ªENÔht…¯ð¾ªÝ”…RŠ©\…ˆåWÖÊH¶ Ù[.¼|öƒg¾.ˆûï >ÖœþxpÔsÀ«Á})¸ÿ½Áï}:\µãåcáäľWÝfŠ"ùJH‘›¶vý°+ê;aU„îëE-ÔÓT™èWòÖ~cøªå}U¾|Uœ8tèP™YéŠt…¯ðÕ.™ò#+« H~® ¶k0ü¦æ *¾õbð‘OG‚O}<è‰z‹<±œùRøÿï¾J Ó¿ø›¡Æ°Õ?"”ÒÇÞ]åEuºþ¿ùȉæÄ%n—îcIYU<»Ø&$ì·Ì Ò4ýáÇÓúQ;Q*AW:Ý5Àþaொí~ßðÈûF´ÿ~~êkSKÿ´´qiC«½ïìíµ]ÆøÚxnÇí:}èG†*ºèô©i³¦]…¿@“†^6lf#L`çøË?£|) …û6+öÙ¨ÛÃ_þ‡«&Ä>ü›ß Žÿ\x®µú½O_¯å|2ì>ávIŸØ.ûÕ.è'äDÓ$e‡Róµk×®^½ŠœHÒÏLtòk“Zu[ºîêÒ¯t‚¢ÉI ñ¾½}2»öòÚ܇çìH#¥á ŒÕ—W3Odt€¿Ñßë_È!²£½0üiš4SÐlë*(ö¼ÕÓÑ#¡øÔÇÃY ¬nAË1!qÿ{Ã^÷ow„´: ãÁ÷_ûÏaÅÅËá²Nt­›´pî¯Ã]2ûsý×ë+œ… ªÊ(G± 'TQ¸ª ä@A&~r"&'ü-BÊAºbåVë;ÒóΞñµñÁtõ:Æ?q"˜™úÚTA9aFb2¬šZNØ(ü6hlãô ¢ê‚]$9ü!žbk¹Øد:ÑŸ$Û§Øö„¾7¥c[°N׶ANTÊÒ?-å^ËMŸšvZÂë“~XøöB‰s%j×ùïçgÖg¤Lô?Ù¤ÊvežÈè>W_^•z)x ža˜zY'Š ºOrÂã\.x$Ñðú©¥ ÓoÓÿ¶áàÜY¿¶µw"•TÊÚËkÉVIâü¯ž_üØb‰sÄÇDHH*H$ô¾³W÷ ÍÐ÷}’ ¶+ûdÖvé¿4ƒV'¿6i»¤"f×g­=•Eë)€º¡ Ë`‰&b?5v:3<»×ŸÊ .烅Ùö៺ö=»õ÷XK'j'ª#÷Z®Ì.ÑŠ×] /–ÿiyþÛó“?9Yìxíõ¼žßþÕuŒë€1Ú7Úù;¥pL$ÈÂÊ/¬˜ÔÑ®î?ívg鿤Ž5Ä’YíÒÁc}cüAvW;á„ÓPíªc~~^¿###ȉfFbq!ü}e#¾ka6¸»+8sýCéÖOœj{è‡Ûÿÿukòÿ ¼Á»*<üñš:nïPø^°w„ÑuWW¬ÒÃz~ǶH0Ô3’+¾]NâAšáF®ðí¨côkŒw ~r"&$mˆ§êXXX@N´Ò ™‘PQÄj'´zzòÆê‘ŽàDOÛ«oˆ';T µTL?Ñ ±¶ªÈ^¡ù–‹uÅŽ]=ˆÆÕ=Ø·KË1ùáVuK“?99³>Óý§Ý&3†ß7\°½ìÖ$$9=648û ïÄýÁé‰ðÿ‰°à±• 3|cõr>xáìÖ»Åw"MTŠBsɆ‚¬®^}韖tÝ€ÄÀô©éó¿z¾ÄÁþMJ¨X׎‘÷¬¾¼jcLñר±Ð‹è 9ÑòÉ 9œ­ýÍÿí?‡“¡|r"üïø쇿6ç¢N9ó¥pÒõßû­j/úP·è·qX¹™®®®L&ÓŒŠŒéSÓR å»ÿ´{à¯úþ¢O¿¥G‰M…ѾQ‰»¢ Ü$U  ÿº¹Ï-ýÓRçìÔÿÜk97pÓР鿆¨½öü)¡éèïûÚÚšÛ²aÀmÌ嚺S§NéwrrÒö\T %šŽý=+¶ÍDqwWðÔùðWiw{Δzò‹¿N—øw_ gF4î¿7øâT¸Qâ?}žÅ‹ÿ_¸Å-‹ž¼1O{Ë”þjww÷ÂÂÂÐÐ/jƒ³ò +¿â+Wd¯Øýâ÷/½ýèÜ=s±Ñ–* Ö‹](ˆZ1¹Ñœ¤Îÿêy›,O—°N6¦“¶Œ¼oD²Áš<éH¿w„¤Žîöìkgƒ¨½V¬¡@så¨R×?JÙ§m\^^v#̘ް¼× P)û»vâsãÁñÞ`qýFŠ"*y÷øó'ž_øô -áøÝßõÙ¿—æ“ÁÙÃÿZøíß>óûáFýþv´ð­ƒ_üÍ°í“þÿä/O¬Þ0òÌ7Ã-¶ë“×{eè¢1 IWWW>£›¬ŠÆ¾¾>k •Ífý*{•”nW&“±OnÆÌÌŒUñwvvNMM9ƒãóóó¶]Ë:Ñ¿ºNtÍ–Š ¢Ï{viÛµO—{ú‹EùÖêiâ''ô›¹Õæ’KåB6kž‹þu˜.ªÿf_¿ZÖ®ƒ„ks%ýà7¾’„°¥:Ðм úRýþF-»ï5Êîlt|åiZÖ.e³.¿õ3=å–Êî´]‡ù™­Ÿëÿ,©\Ôå™îZATm’´û*%ÍÆå|8Pì]áôvÛÿÛþèi_~¬žÉúéçB!auI´ýéo^_è8þ×Âý÷†í„~­vâ#Ÿ ë+þîOÂÿÇÞJ “ Òùõð0mÿËÿ6m’´¸x9T)1 ˆÊ!0½½½®ØS‘£Õ•••ÅÅE â­¬Ò²”€ŠIÛ¥ÂÉ ƒ©ˆ‘‘íšžžVyævé,•|*µ÷Ô©S===Zõ‹´ÙÙYé™ÒF¬ Ô‚®;77' ´!n|&¿6™y"#]¡ÿZȽ–íÅ-Ðj"?ªsp9’#,ku]'-_¸pÁò^-+—S¨Lorrr>Âi åcccÚ¥KhÕ×î,å‡&,—Öïòò²»°‘øí,­º¬À½PÍÂ~jìt÷±›ÆŠ}e#\½”w“Q´[ú×öÞ >úoëvSÿü/AOñ€^q¿õ–þÝ߸Þ[ ¶ýÏŸ¸ÞÊzTk»i)„_ü­p£ŽùäDð+ ÛM|ØÛûÏžN<\uÿӾʕ1*–\ý{6›U@¯"Ê•”*áTªY)¥@ßvuttÈ”J2-¨ Ô)®f_[¬îŠ.‰õõu[Öu •p¶ªc´WE¯~KÑ…´ª²S¿Ú¥-ÝÝÝd+ cE7¦¾6esçõ¾³×Mƒ ÐJ(;R¾¤œÊj$”ÅiÁ6*ÏÔ‚‰ŠX+S‡r<Ë~u€rc¢ÌVù¡´„2[-Û.mñ•†¶,..ºP~h¹ôÐÐ2RÛ¾¶¶¦]Nçh•­ÍÎ~ªÈŒ„M8Ž÷†«Þÿ­…•Íù§®~æ ÍõXïyWø+å yð­úŽ¿ýb¨".¼þ¿ÿÞëƒÏêÿ·¾®þõjƒ>Èêͨ”²=ØîDØÓÓãöZ4oBâرcAT™®2O‡Y5…+®¤IÜYfÐ}$³ÂÕ‰i®ç·t…NÔ–ÒF¬©€»OÆ7¶ÆGâaý—׷ƶô_ h hYñÜßo½#ô«lÊr'×ÞÉr³bYÖàà [vYœèOîë³\zxøÆЖZVi‡¹ëŽŽŽú«thvà‚=VíPɃ#…ݸÿ$ì´mÃ@iUZâôÇÃz (Ð5âƒ'ÔÒþêüü|6›µ/[ÖM¯Uw…¥+Û¦¦¦¬ ’ 0•UÚh÷åÛª‚ÐÚ;É‚ìƒYi#¾æ‰•»{‹Ât«õušEöÖ«áìٳŪ&Šaù¡ŸËù}LBÌ­VÄT.­›™õWùc ' zÜ[­BR6\¼vœøÄÇv6òàûà ;þ‰•PZ\x5lÈDË6Ns¦ŠP™wñâE_o”¨—*ϬI®Nt»Êoyiõ Ö¢W¦ìûÙŽFüŠ¶šº¢Â±«TZöCƒ`_aK| Ø ¬oC.Âeh®O…«%¨?—‹e€É#À°ÊÞ£Gš´°J­vEðÇhj˜ÆnùXØ<é·ÿ À.›hâSßÁ‚ÔˆMf';²öÅ©P¢üó¿„*B[ž¸é‹ØKÛÌ6]¡hí}ý™LÆ>¼ÙMAôaÌ:LÑW4«^÷g®°žÓ%æ²°öNÖƒÂJ¸ÒFbäø}SÁF”êëë³Ùñª<ªàDF¥}Ç‹ÍuUÝX†œi£ÇTí¨‚¨R:Ö)÷'íèOPõ£éDýÕìϧ¿£LU=•JZAØ?X>f©×}Œ°ð]¹œ²²J«¬URlÀ(_¥ø¹´ì+?t ™´ m€)•ª äÔŠ"~ €§Ÿ %àõ«a#¥3_ =öî,ÜÿÞðôON\ï´-#g_¼^#qúãaÇk3«½:FË~c'ø­›ÃQcccóóóŠY·i-[Auìر™Ûe Ú¥¢Tå–u˶²ÍºP—øÆ?::j= ] àÒFt¼–MÌèÒ±¡fkÄd’Òùóç·¶¶Þxã 9arr2Ùè«LV ÑßËÙH.Ö>e¡ÿ\sss6Xv¦§§}SúTçv%811¡¿þ‚ú;*Ù(‘¸3+ÅÔrþ¡‘¿ÅèÍrßGüï&UT X3«ñ°~bV¥Uë™­¬R¹´Þk×ÑÂdƒ 0åä‡ËÆ ¹Ù‚m677¯^½zåÊ•K—.½þú믾úêK/½ôüóÏŸòë[ûnüÿoÿíÖÓÏÝtŒÐC»tŒ;àÿâ¦sÿÍø³>ó…Ûðƒ[ö_®oÏ_ WµÑÙLݼüãmÄäv+í,6–ˆ¡RJñ¢;2ö}Ká m×¹¾xµõõõÒ7iå«»hi# 6e¥i¥Ï^ìx«cqó•µx¸ ‚höÜò·ïˆÜkçÑx»ÕÝUÁ´?ME¾2·ë7¶]!‘’\¥w¥S”$b-°KÑ󩼃ЪØ[K‡6ø’RuÁ–| üä¤Ö)X¥dRÏÖ.¿—v,«´Ä￧±UØ·¸Vá–‚.…^ À†)SH¦ÀLáYŠ—+–Ïïê¶|†L߉†àþ{¯w~øÖwÂÕ÷¼«@¥„p<øþà͸±zúãa‹‚çþÞ§Ã1dm—߉âè‘àÜ_‡Ûm`¨½e""¹ýüùó1‘ Ã nhÓMX_@k˜ëT‡² Ûk¹ëù]좥X‘,1£»J·° -å+(Wâ¶jÄoß2õ\6eŠ-ìÏQi{§b¦ª°Sð=©q`·±~e±zË’ýÁÜ‹{bõ~~~(‘`º,vÙ”}åQ.]0«4m_bšäDQb>»ZÎ-¶«–ËíÖ¯XÀW,šO%Ð/a¤Ä]U4CA›¦mZ)Ù+¶¶NðÃÃÃãããiõe·VÝ©h¼ê¦ÙÒ_К‚ º¿fÁð ¹(ñ:е9 ÁÆÆFêEr[[[2ÞÝ[qb5­nJ¢Brbii©êhÛï0m³žUáF)×Á4ˆšwë>«pÔâ⢞h~~ÞD…ÕwKZT]³4ÛR°f9)“ ˆ÷|–ŒÙÙY›@0ð&½ªZNÄÆ8rs÷VŠÍ‰î¯V'í¬í‡u —>ѯé’õŠÐYþ4aAJu/È €VCa¢ÑúLMM:uªŠæU 8m…æäÆ_ÊçóVP]”œVM‹tˆï+É Ý¡ÜnX«Àê%&&&lø¯l6«Õ*žQ§0÷4  ЈôööœO@Ñöääd*Ý‹«Ö9É«Û–cÇŽUª%¤FFFú·±oöµ›úßBT7…EìØÑÑam“ŠiE€¦ƒÚ €Fdttt```ff&Ö\gvvVýNüdÃØ+&öJ¹Iý*2µ¼¼ìštär¹………ê)5š ¢n1·˜ØóffȉÝÂï®j“ÎâØ“¨}ddd||üâÅ‹’Š>†juuuµê&7«;üquËÔ9ÙlV2Àj*´ª“©¨õŽNœŸŸOʆÁÁAßžèuÆ& Ôƒ û¾²¹ÀHäÉ,†áäTÏÜÜœbPÅ£n0­®¬¬TÝz¾àÑ•T,=£ˆ¿»»ÛmTÜ\éøBV¡ëXDã;Éøììl¬Öbo‘ç%~*îýõÿ‚6I0c1@KéÀä\6û71ö[Ûüë¿þë›o¾©âÿ¹çž `TÍfÁÂV|•–¯¬V¡ÑFswóÒ9xGì/Xpb/ÞA ´LòäÉ“óóó‡ºãŽ;nÛæÀííí)VSèZºb-ßæÈ“P;QDfmW·QÑ{NcÆëLVÕìA€Œ¾šš#'ZIKøØö|>_°õ9Ä°1pð¾Ò@9ùU‰è M,Žm¡½ýÆXº6ü<þ)|…¯€tP>~»&är¢éå„ #– ï¹çž‡~ø­·Þzûí·¯^½z-bss³ü^(ßûÞ÷^{íµûö[­§)_\ù-Ál»ÛûÝï~÷oþæo‚¨ÏnOOÏæ6Úb^rŽ*'§ÀW-ï«òíØ·öû"Zï+2å' —œ,¿zòÉ'•®Ü‘ïz×»~æg~Æ’“˦ü_—ØHW¤+|…¯vÏ”åT·D8pàÖ[o½í¶Ûüñ—_~9vŒ ½ȉæÖ~!­t;àðáÃ÷ßÿ•+Wœ¢ɉÛo¿]Çß{ï½µßm=Mùï¶ô¼î…wY€v)ƒ°cÞñŽw?~\6ÜòCä2s |Õò¾*ߎóU*ÖšÚW±´á4ªò«¯~õ«þ‘”A“©[ÛhÙ’eÌéjŸ§+|…¯vÏ”åQ"LK(wzòÉ'c‡)óµŠ9ѬZ"ó%k'´ª×ÀD¥ûkÛ”/'î¸ã½Kz‘j¿ázš*8´û,ê^~¹ž¶0GÅâcQ~6¯ZÞWåÛ±…´¬5µ¯\õ‚Ÿ_ùJÕ¡UKZ–®‚¨.Â7’\&]íÛt…¯ðÕî™RuË6&'D2¾ŠÕNPGœhJ\ çŠêXÙlÒùðáÃz üÆN¢t‘ìsçwê=;5š)çí´¬µ€¯bßí,µ$k'Ükï&Q"™µ@~UÚŽŸ_µÞâ+|Õ ¦üÈÊ*(’Ÿkƒí ¿©9¢9Ñ”¸ÄíÒ},)Û×>×;Ùq¶LMßJRü˜Æÿ*ã­.GhR_k­du¸öiÁof~+訊¤W*Ø€¦bÒ«õ°RS±æV Ê —´bzÕ×!û'¿ŠÙqï èð¾Ú%SÉ.^å„}i¿âRäDSk…œ ï´ýöÛo×kàÂã÷ ('hðCíã½2å–ñƒ`-¸Ú ¹HÙMò€Š>64©¯J§„dÃ0óUÒ3i°ÖHW;ʉ´¬µ†¯b”kèçW±¾’UÔN®xñ¾ªÅ”ëcéCgÊ!)'üÁ¨š@N4«–¼6n|ÏØ1Šýé&bmTvÄÔH*C+ì•©Xƒ—?ZQ2Ž©tzš&õU™éÁ ë[+8*Ô>IW¥íKW­ñ€Õ™JŽÎ””Îu¥¿¡®HWø _íž©ØÈ™&Šìd»PȉfÕþPîÅFvr­“µàÅSþ…Lyë=¬ýž÷Ö”kºm®°gAÖ$-ì-û·¼¯’éÁm1W8;nÁÉ°ª'µlÎNMùBã™rÞNËZËø*Öx)ùµÏ\çO4QQƒº–ɯŠÙq/f*Öð¾ÂW¥…kÅ””7+vlú&bTäD+ ×Ô¯ œÐ®êj'Z#k𣓂٨õµ*ÿÄ“þ3Ʀ s¹¤ßQÇiT§¾*ÍC-­&ÇÝ«‚4åÏ2žŠµÖð•K'±™é ~þ(ö–ù„}„Èø _¥3Ä"«bµ±J ´DsÄÏ•ØòøS‰Ys¦~ô£Ï<óŒ;à®»î:qâDø(X>—/_¾téÒÝwß]ûÝ6 )yñŵðîw¿»vk­ç+_'¤î+!S©<`£™’‘sçÎiAŽJÅZ«úJ^’·zäÈ›¶¶ê"¹µó+—®È¯ð¾ªƒ©˜Hxá…dÄí}ðÁ¿üå/Û÷5×Ë"u9±ºº:00°²²Òßß_ŸÀR—Ó¯®ˆœØG¸ “Brâ«_ýªvuttôööâ"hpr¹œ~ɯ )ò«|>¯…|à’±ÞØ©î„œØ hìTž·Qesk§h öCé-“_)ÄwÑW˜Tô«ˆàæ)œ©½¨OæFÞO~ÕäDS&èJ§»B¯}âIÙa}'®^½JšØíLAW°=Ì«  ÕSãCíDaEáô1r >r¯  CN4e:¶KÄ׶!5ìvæ‡^Ö‰" ûr¢±8— ˆo¼œÍtÇÛÚ>ôÃmÍú°­½©`·±ù¾üÙø9Ñ`œ™ ž]oüT&ÜøètðØJp¼·íûͶÿºì;Q;P\í„ß›¬)Ø]±¥ÂßW6⻞Z ·?u>¸»+L²?qªíC?ܾôØÖƒ?x# ”v[NÄ„„–SŸÆÕ"µ •C¬vâ+ËáöHKמ|)U ª‘0hìP®yÞ@N4ô‡ÿÅ™ .'Î傇†‚Åùà©åàR¾íxOð+ÿCð÷Äw"Mì*±Ð‹è 9Ñ$¼ /åƒ Ç;¤+nY\¸öŸþnë‡ßçO@A*ÙŸlDh¡···££‡ì¶¢ kFö}‹4i‰¥õ°+ö鉭Åîê8ð{ŸqöL(“ ÷«««}}}ÝÝÝÙl6ŸÏ»½mmmúMërSSSÌÑ¥s˜ÔsžrîÄ>©˵bd2—O–ÀòÕÓ¥ëù°Ð Z¯— úBN4 Žlx>Ò±õS?ßþÜÓ.“”÷!KKK*꺺ºÖ××-S›››³8öÊôJ°â¡|RÑ9ùäpÄŽ‡éÒäºûVT€5û»±Ó‰ÞZ¸‹6-ûš|>ŸÍf‡††ÝÆ‘‘© l333cccx @ô÷÷Ƕ(ÿÌår½½½%ÎRŽŠëZŒý];ñ@ØÛ£mé±kKªdØ',--IQLOO'KM.\ð…G&“±*þññqÿ`©Žîînmïì윚šòkÿµj»ô«å‚÷ k®Í€î§¯¯Ï5$P9íŽñ/ªíR;¶w~~Þ–íD]HËî–ÜaмX —Ý2?GÒíÒ+ïÚ/–)¹ìB¿n¯ËRÜeÞUWW—ÝIéìÎϾd\—Ð^]ÚÏ ìéÜ¥Ÿ"é h^ºMÈé‰pVìGlŠ¶Ó™à•kÿýÿD²Þ·¬­­uE$wÍÍÍù2#›Íööö®¬¬LNNÎD¸TH{h—Ž×v•ñ®ÌÓÁ¶K¿ZN–|2«Bqbb¢££CŪΕ’Ññ‹‹‹ÎT.Â×6«««V¸JóhYGŽŽŽZ‹µXÐ͘Š[€fG¯ÿÒÒ’²å$§NÒ»¯×\o÷b„½æ®ãA‰LÉeÃÃÃÚ«ÜFù’Œ+ÿ±še†É*ˆù§~v§ MUæ–̾tu©UݶòX-XÕÓÓcvtu[(ñ1o¿õ©¡­{ƒðÿ'N]ýžºråÊ¥K—^ýõW_}õ¥—^zþùçOžUØÌz65þ-– ÙX¨6ƒ2 Ë…ŠM£©ÜÀò™L„r ÿșҎª &NÊÇ.jy”~u‡þÜ å`ŸNô8VQSõS;5.رéìHcú:äŠÍÍÍ·#ÞŠxóÍ7¯\¹"ÙúÜsÏYÞZ¬ç´RÖÁ±Š/jÖ£à¹f¶X£…b¦‚è+c¬ì´/|Ÿƒ$’_íÛ\Ȧu³_wÌ”J L¦º<°ºì®`îçg}Õ=4~~eÅÙÉ“'çææ+5[ÂB€\(ˆÆ[XX°ï÷Áv߉XþP]L_c&ScП¼çª• Àèèh²cd@ÕDJÐØ  ‰QПËåúúúlêh-HQÐÀ'6ÓŽÛ9°_èêêZ__WTd#4hA«4ˆ½&Iå -Ôw¥š>T*s¸€}Ëàà`lpaƒj‡Ú hqlj)·ªåäp퀜øÿÙ{ຮóÎóû".°¥Ä9!!wl-nƒmIÛÑI”qÜN*.·» 5±+§Lâ¤ÒŽ@%©lÓM`ÊYœ™Dwö¶ 2Žc[Ž €$w$z`g´L´IGe mJâ:ÿwÿħÃs—wß} î{øÿ õêâ.çžóÝïœó}gB!¢qÇ;iք܉â.FÆýM$!„Bˆ:Ø`žVÝðÝuœ´¦“Ü !„B!ÊàÀœ{_-W w¢~^²„ „BѦ;%Ô5!w¢NÚL…–G!„BQ7_¢¦CÍ9eB'ª‹Šõ%\x~ii‰ûÀ !DžAa…_•WBˆF)¯¬/RÅ­··÷d@òmÚ…]îDœc¬[÷rÎÜÜ\WW—ä#„hT^ ! ]® æúÕ-ÐŽ=ZòžƒNMMé£ÈÈîNБ ž¼wïÞw¾ó/^¼téÒåË—¯\½zõÚµk)ÃöÙgÏž={×]wUÕ…pØ„pW@ó%P²’¬V+(·ÃÉóüýô§?ý/ÿò/öÈ÷~ï÷>ðÀWð/K*+¬Ò '^)JV’UåA±€Z°aÆ7nÚ´éãÿøéÓ§½{Ìôr ¨U±ìÕ5!w¢"_Âõ( ÷Þ 7ÝtÓë_ÿú^xÁ< P–;±yófÜÿÚ×¾¶òØæ0(„ÃW¾ò•U M²’¬$+·¥ÃŽQæX¥kÕðÌÌŒûȶmÛn¿ývkòp݉”£“¥Wʃ’•dUyP,£6Зغuëƒ>èÝ£Ëõ%YuV¸ê{s$®\¹~Dz¥<(YIVµÊæwmXv”×üáÚ]ò%äN4°Á1æCÃC€Æ‡{'¶oßn󰯮P Ó¼#îܹ³ò8ç0(„cÅhUB“¬$+ÉÊ2Þœìpï„ëN0„²êié•ò d%YU wÜ݉pïÎÓ£ˆ›A!äN4ŒSáNŸ»Ðr8åì #QÖĉÂʈêô6æ0(wÌhUB“¬$+ÉÊ<ÈÑJnSHä`'›,®à¥WÒ+ÉJ²ªOPîX&vP„{'pR'äN4ƒ/ÁzÚŒ(zd[ ‰ƒ={öT%4ÉJ²’¬Ò·ƒ@JÄÎïرãöÛo—¬¤W’•dµêAy­´ø}üñÇÏ;g7¼õ­oýÔ§>eã "·ælDºººð;55%wb-ºô%ð wâ‘GÁ¥Ý»w8p@"B!„¨ sssKKK8xË[Þw‚¾„í>!w¢!Ð`§ðz¼¡ð%š[„B!êlmOOO›õe˜Æ;ÉhT_†9¹‹ÀªG!„¢ÖfŒ.w˜; EòÉ3ë$‚H§‚¶ÝµB!„¨)¶!ÝÒØ"'¨w" B_YAÚ,„BQkÌz'¸l” 0¹­Í6ØéòåËÒf!„BˆZ`0ºÖ­[gcCª²¦­¨ìMœPï„B!DÜ Ú]j.w"—|x¤ðCm…Û[Š¿ÒW8¿ôò¥Ó…îŽâù{Z[þS_áÜRae¸ž¦b !„BÔÓ°éÞ_BîĪò›ƒ…º{ ÿuªð›ãEÿ᧺®_zr®x¼gñÒ¯)|îxËÏ¿“#öl…üc!„Bˆ:`vׇՂN˜;11Zô%Þ?tý_8p!&O~x¤øï‡'¯_Ú±»åýÝð7®u¼¹à¬ì$ÏX!„¢¦xvÿm‚mìÖÍþ‘NL»{^>sÏÁâï™SÅß¿?Vt*Lè~[¾ðPÁÙƒâÊ•+Ò!„BˆZÃæZ"VîDθã@q ~=cϾâH§â í7ÜOçº/>ämf'B!„¨)žé%ë«höÁN;v_ïŽ p!~¥¯°swᇞ˜»~C„>߀´Dˆ¦gnnni©¸ÃÁƒó¦B4·G!¬Y3#ÒÎ/çdî(úÿu*Ê‹¸A› ÎúNRh!‘‘‘‘–xì¶ÑÑѶ¶¶ŽŽŽ®€ÖÖV<è†~÷=z4ùÕÇÂÄ#}}}'OžLmx ÓÓÓôCøv/>5åرcˆp%! ™ˆ¿+½ÚÅŸŸ˜BÃGI)a!Dn} ­é$w"Ç|îXq¡ØÉ£…÷&g ·HÒæÀÓ* ÑèôôôL­ÐÛÛ‹3S¼g0W߆‡‡qÒ 7¸Ï8pî,ïÈ÷âB@8æøø8,lxsss%£{`ÐÛª³³³>ƒQŽ„ UÈÄÄ„ëÔ'þ»wïÆ7ò¾š¢A ` ÇXÙ ^įô§\ÿ§#7tJpÔ‰™FC˜¹öß•ZÑìàñÌÌL!4è&þèèè‘#G`ú›UJcF0¼¸ ”û,ŽÛÚÚ`7>|Ø{éÑøt`ÌÒÅxö®y2)©Ð¸/‹±±1/¥•S·ø÷÷÷CÂø¦Z&„u¦Ù{'8ÆéýÃÅ'Âœ~øpÑÙxÙñ˜ÀÏÕ󿆽d!DóÖ³ù®a “4¹'Úx$—‘‘•¹¹ª¼ÇÆÆyi—r'ò@kkkxŠÝ»w³+¸ÉÐÜ !„EàE ØvÔ·×GBä„ÈñNÙùÈ?ÚwB!ê;ë:WØø¥d†‡‡;;;óí¥¥¥ÉÉIMÂBä‡þþþ£G†OÊBQòûìÙ³gïºë®Ê£šÃ ]ð»š/’•d•ç P!û÷–[n©°–^IV’•dUyP4«ÖlØ°aãÆ›6múøÇ?~úôiï3½\ë F6 ·¦·?Õ;ÑT¾„ëQ@ï½nºé¦×¿þõ/¼ð‚y ,wbóæ͸ÿµ¯}må±ÍaP‡¯|å+«šd%YIVéyì±ÇÜ·mÛVa€Ò+ÉJ²’¬*Š6Õ†ú[·n}ðÁ½Û`t¹¾„çQÈF•;Ñ0¾„×;‘ à<ÐÙ¸²BzwbË–-ÈKÈH•G8‡A!T+4ÉJ²’¬Òãµ€àß ”^IV’•dUyP°Ö¯@w„í+¯wBÛÉhlÂzï©2N"ÿ0?°k¢ÜÁNx¹è¦›nª<¶9 Ê —j…&YIV’U%îD…J¯$+ÉJ²ª<(ñávP¸ÓSÍåˆï$äN4¤Gaž´§Í8³mÛ6ó%l¤~ÓgÂÍ›7ïر£*ù9oAY1Z­Ð$+ÉJ²ªÄ¨0@é•d%YIV•E÷ÀÆ;Ñ£ðÊ+×î’/!w¢½xî¬ xÐø°;±}ûv›‡}5àZ@ÊáqdÂ]»vUç…p¬­Jh’•d%YUâNT ôJ²’¬$«Êƒr‡~Ølì°;óô(âfP¹ ãT¸Ó'ÂîNnÛ¶Íú%Œô¯ÀãÕêmÌaP‡Õ M²’¬$«2Êô ¼+ Pz%YIV’UU‚ZçÀŠð`'žÔÄ ¹ ïK°ƒÚŒúÍ‘s'¬_Â|‰rçNT«·1oA¹cF«šd%YIVé©Å`'é•d%YIVESÊõ(ØáÝc]¶Ž< ¹ ìTP§Ý<à¹æH\[¡ÜL¨)h’•d%YU=(MÅ–^IV’U>ƒ ¯œçNØô Y¤r'Õ‘p¼]±ÍàrË®/Q–;¸aÃ[H®r¹®[U M²ÊmŸŸÿö ϼ°çG÷JVù Ê+²ðo…*žùÌéo}þ[—¿{iÃöû|ÿ+Ú_)Y)6¥¬.}ç´ýÙÿñ-ïxõÎ=ìÝù¯vV1V‘kñ‡K°–²NåN4*Phx ‘þ1«g[Ê©¬Y#ÚT­JÈaPV¸T+4É*· üÒŸ}¿¯yçk%«üv'* pçÁ/þÚ¾þ©Sûß¾Û]ÛÏ~ùì~ñÄÝ|#þ•¬”›OVýÒÌò×–öÜ¿gÛ÷m?õÉ“_Ÿ<õÖßËÝßSÝX±Œ²…ž<Ã&a‡= !w¢‘ óÀ]êà*„7lܸÑí”(«k¢ìkƒ c­•Ã ªšd•·.>µøì—¾uzúôs³g¿ç ß“üFéUƒ »¸–ó T¾ÄëÞû¯ñÇ3<úÕÿk~ÿïß´c“d%½j&Y±H¿wø¾¶{þ½ã=w|ú=Ÿzú¿?½ç¾½UŒ• ýˆëyp} uMÈh§‚gfǹ| p÷Ýwß|óÍU)ráÁÁƒ+­¹eUÝ*§n üƧ¾þüSÏã¼cSIkUzUç ªîN¬åòêùùoã÷u=ÿÚ.½¦û5 Ÿxú» ß¹é¯Ry%½j¦òêü?ŸÃïkßy;ÿÝôÊM;öì¸rárÜ{3ÇÊó(¼Kš-w¢©| „}‰ÂJgœÝ­ ±²¦ò2+oA¡ˆyì±Ç–––î¿ÿþ¦L`ƒ2EBjUuþøƒüŸyðw=ëÒ«<Ùü!YeÓ«[îúž»ßÿ†í¯xy8Ç…g^ÀïÖÝÛ"¥ªòJzÕ¸åÕÿã›ðgÿ~û‰çžùÂ3?wwÜ·®$VÞ<Õ8gCæ¨Ü‰&q*lÝXï¼·²»ðxÃÞ !¤Ê~+Š„zºòêyµïºÅ\zµ*îÄZ.¯¾ÿÍß?û÷¹ÇŸ›û½/ïØ»ãU¯•Ê+iN³–WŸÿõGàK|ó±oÞzï­÷ÞWçòJŽ„܉5Q7ÍÕÕ®†vÖ¢ìôªÂÆN|e|~ÓÎÍoû÷­M‘6~y%RqË]·lÙµåâù‹ð(þÇo|þ-zëª]BîDs©RwQõr³•ŠQVvÈ­R©¼ª g=ó¹üýùÓçÚúÀ›úïÙ¼s³TKJÕÄÜñwâ÷ž{OŒ>/j¿sïN9"50‘;P‘žüèÇÞýñ›ï¼ù§îyˇ޺f} •WMÏ#¿ö0þÜ3\ÓéüéóŽ;!„BdáüésŸûÀßß3pï}äí;jÖ@+DxéÜKpž=ýÇïν;$!wB!„È“{róÎÍ·Þ»çÌ£gÜ?^Žh2nÿñ; ØðŸ©ÞÐóG~íá=÷í‘#-Ò ¹B!Dg= ÓêØ»?î?üï„™%ùˆf*ýC¿ûÃp!¬¢íÛpF’kÈ€ýÍÇÎx'Û~䶛ï¼Ù½áMý÷Ô4Ï=þê¼4Wãk+DɤQ‰œñ›·V âbÁš·/¸sïŽÊ[‰ªûaTåí JÛ¥íUü‚9Ôpi»´½v_ðöŸ¸M¯ BîD,pNŒ>æçNŸÇ™{î¥ ÁxÌÉFÕ]û …Âç>ðY–V ý§T>âùÜãg+©ÏŸ¿{ß'9ü‘ÅèÛ>òölÄ“}ñ±.~6ZT^Ö|înáç³=þ…±ø¬îûâÙ>ÿ'sú{wt±âZ‡Ÿzß'3äjyHÑ­÷íyë‡Þj üÊóöö Þįr9ûøYT~í}ìLæIcH"ƒz_ éEAYýoóï-7œ·|è~o\õ#¿öÐKç.fû”ˆÆæ›Þ5ÿ^TûŽ=;P[dø‚øúHÚ=ý÷PºlAÕi»´]Ú.m—¶KÛEãÒÌS±oÿñ¢5.Xã YŽí œE‡¿*N§[xðéçe û+‘Qž;‘Ù•ÿÚÿµE…Ñûf@‹Õžûö ¸Aª­ %=O?ø4‚b}Ã"´3ž®$zˆFÑ骬”¹xî¥[±¿Ì]ÆóãóH=@¹!nd…§ÜøÀwE ?Vªáp×®]‘1ôöžþ{ù,¢‡À>ût¶Ô!·¬|AD Ç8¹ê™TÚ¾µ=Îì¶7Š¶G–WÒvi{-´]4 Í<›³)X¨=ù±'OŒ>ös ?o“êp²rÿþý ÿKÏ'ü™{îݳÓ xAm?r[>*²`B±bq“!oß|ç-÷ Üë–æpÒ*l]ûÜ> §kçÞŠu·Pv›¯*±öP¸¿¾¯ýå/X¬0*íœE˜_;ÑÅÉêÀ‡^ZZêíí _ +ÏKç.f«SQóya¢‡¿Õ]µCÚ^um/]^­’¶'#mÏ¿¶'—W*Û¥í´½dy%äN¬_p:Î>~}x ¨yéû…92Àòÿ† ¾Óž[‚2šY†1ˆVùÑ'P*q¹Øšr[P²ØÌ3”xõ«™üî¿è®¼ë¹íGŠ§nÿ)ûU3´¼åCo=üï´?J  ,ÄÁ[„ŽM>Ùæ#"9îÜAß–µÎ@%Zù¤›ï¼Å[üqá³OgûÓ> YYPTÑl §TwYdi»´]Ú.m—¶KÛE£ÓT½¶,3UÑ—vŒ÷nÛ´sóB¹þtåïEÞ»gàÞ£;}nçÞO|ô‰{w¸+Ó­ g;ƒâÉfz9…~Ù©† ŸüØëŒÎ<]yooåÜÓ¾ã_½ý/o wˆýâ¹—Þö‘·g É ºøOï¹o/¾#JdoýÄôP÷n{àÕ&ðMŵäOWEìa~|žAÑdksªî²ÈÒvi»´]Ú.m—¶‹Fgýððps¤dçÿ´¦¼ý}ïWýà/¿ùuïy{óIë«_qá¹ W^ºòïøje„|Ë·<3÷ÌÒ?/¢Ì /P›¹ ƒkÎfåoë¿z…+þ½ªã{ËÛ†Í~à¯).·÷XqóDéà¯w}ç¾j}¸l£<Ÿ»Þ󺫯|köÄŠbÏ,®ÖW·¢’X|z‘›¦#™{x_8{aó®-·ÿøíê€'vnÀ”­Q A!9Ï_Dê.œ½p׿{ÝÁßèÊ«/Œ=-r…ƒ¬‹ú°³²Ñ}Òvi»´]Ú.m—¶‹F¤åÚµk’‚"%ám[¸JIÊM!…¶ !mMÆ:‰@!„B!w¢¶ŒH’Õ—Õ¦›½åGr²,²Òv!QÛe3ÈXCLH’Õ—Õž{÷p“#;““e‘…¶ шÚ.›Aî„bm‘Ïe‘…¶ !m«Å‰@‘ž|.‹,„´]i»;!„h ÞÔÏÍwÜüÄÇž8óèéÛ¸ ÿjUr!mBÚ.äN!DZÚ¸­-붲BHÛ…¶‹fBs'„B!„r'„B!„õEƒªÌÒÒÒ±cÇpÐÛÛÛdI;zô(~>¼{÷n}hÉJ!„P=( ê¨"ð"úúúZ[[ñ{êÔ©æK e ¤Ë$$+!„Bõ Ü Q'Ožlkkëîî¦/ž®®®––„fg¦§§q†Ç8à&/¸-róH»ÁwâþZ49 ±H2îF¸>PPŠªäÝ4ÛUÜgUdå)")•Ô–4ÔH£„B4+«k3¹¹fii 9¤££9dtt´Z9N|äù©©©äÍB‘|¢€@êöêááák+LNNâßãxbbbfffMÉêàÁƒn’Ù,d"âîQ.BÑô6ƒ¨š;Q60ÎŽ?žÜlS²õw€{¦··÷XÀáǽ›aâf@D&Aø8Óßßon^ o¿8344­ˆ8öÆAOO7µãd@ɲ òüÜÜ\_ÂHn±Å¿ûöíã·À“Œã±±1DOAzž”–ª”qu–•çà_HQPO("ÞfŒ¤A4¨Ð.Ä ç;;;O\Åüâ©HáTKhB!šÉH_Š†çšHl)šeÕ’¼ÛÄÎð‡`à...âÌÔÔ”} BÐAÁÛ ÁÜ&üË›xÃÄy\…uˆ“ø÷3ä[œœ ÀÁÀÀ€ûvÜY­tQPU -ü!\ÑAVRÜÔñ<ˆdŽó«á'ñ‹›ñëJÉ ¼ž¹¯Z²òRÔ!™&|z$Ù‹„S€³³³¸:ã*½8@I :hä€X~q‚+.O—à]Pb£££H‹«otÞ¼¦&õN!„È\Ò¾’Ð v*›Ã°ºàWŒÁ–Št27Ù¼CÖJðF\óÇ6NÙÒLp¼¾„Ýÿ'[Ï ´H†G^…‰›Àq2ÞbpŒCí3L>œ ðE @€ôŽ¼.T VïL€ERro«Ö•U—Ä÷EÈøåëðjh,,ñuø—nXX—:;;Msâô­êBBÑ4”U ¹kŽáÈr˜é°Ìª5¦‚…YlÓjÁððp…Ãlð8Šp_OwP& bœLäÉÉIó‰![H©F<ò +NŸp;¸€¬%.+}*ê d–‡ÞAh'a­X!„"Ÿ6ƒ¨ZÙ)-¹Zy&ì¿ðüiNA¶áòaê³…Ùêʪ­­ó(ânàJD RZSz•FÔ+-+„¢¹í+‘ õN4$qk•\ ©é-BúKÉýªZ‰¨\i¤YøK!„r'„hlººº8ÐK¢B!„;!Dy¨«T!„¢Îhe'!„B!„Ü !„B!D}Ñ`§´hYÉJ²B!T -+„B!„;!„B!„;!„B!„;!„B!„;!„B!„r'„B!„r'„B!„r'„B!„r'„B!„r'„B!„Bî„B!„Bî„B!„Bî„B!„Bî„B!„B „B!„;!„B!„;!„B!„;!„B!„;!„B!„r'„B!„r'„B!„r'„B!„r'„B!„r'„B!„Bî„B!„Bî„B!„Bî„B!„Bî„B!„Bî„B!„BÈB!„BÈB!„BÈB!„BÈB!„B¹B!„B¹B!„B¹B!„B¹B!„B¹B!„B!wB!„B!wB!„B!wB!„B!wB!„B!wB!„B!äN!„B!Åp‘"ò¨è--‘ÇÒv!m—¶ i»´]¬)mÏ—;aÏò ü+DN²_ø·ÜÜ(mÒvi»¶ ѸڞGwâZ€›ëÜ/ ±ZN|Ë vìæÆ”ùPÚ.¤íÒv!m¢qµ=îÄÕ«W-ᘹŽ'¯\¹Î“Ò Qçèe³õë×ãwݺu<ÃÞŒci»¶KÛ…´]Ú.šUÛóèNX¾r³ß¯ÿú¯?ôÐCa'^9P¬®Oïþ{ÿý÷ÿê¯þª›KzöÒv!m—¶ i»$/WÛëÀ† ϸ9ðê 8¦Û$Dn¢^¹rºº.ÿâÿ&W9Òv!m—<…´]ˆÕözx>åúÜ6 ðª†ÄÜtÓMúÌ"Ï,..®XçàI”¶ i»´]HÛ…hm¯²=f=²~/]º´êö„(ÉÅ‹7lØPXi—Bƃö–l‹’¶ i»Òv!WÛsçN\s0‡þòåËêùŠZX™±d#-CJÛ…´]Ú.¤íB4“¶çÑp—8°x)@•DCøô6¾½8 ;”¶ i»´]HÛ…h\mÏ©;áºõæÍeBÑ(™°Zd-Yu¥íBÚ.a i»«í9u'Ân={^š˜“çNâ/îêÁ½íxîìÜñ>Žƒ]›w~õáý;÷Û¥¥—–pÕ{öÀ-voÞ]ÖKq?žbP8PÖJ‡ÆnØ°aýúõ¶8`Þ´}iiéرc§NÂq{{ûáÇs.UDxnnîÀ»wï®V˜ÓÓÓÅœuð`øüþ€J¢‡@pŒ3BKŽsC[#Ú^7¨Q‘x_ ¹o~~ûöíCîsµúd€_þ‡´4¬x»…‰û³)I-2šÊö5eÉTÈWž*<ô¥Âòùâñýo,¼õ ÷<ü¥Â®› ¯mñøÔ7 _ÿ—Âë_SصCÂ[}mÏ;nÈ^ÂæþxO ?:+“kt$úìÃ/=xƒ3ƒG:˜§ÑõÑ®ðããŒ÷ÞÙ›þ¥ð^¦~b ãÊZåfÂ7Bi™ÙE×?Xm¦±‹q Ëcrr’ÿæÊ8›™™**öÜ\WW×ÔÔTI»*=¿H¸çMáOƒ}U!'Ïœ>=Oe—"£‘ðTóÁ²Ìîl¼ËAK+áAØIa£ŸÄ%6ù* NxúÄ&DÏŽÃÃNâ"FÑá] 1 ‡–í3­mÏ!ô]ÇÇÇM=p€ñMaýÇ=…«pK8œÉ»DoŽ«&gðõÙó>_„5™ïS˸«<_2ªläÃ^ô>óG7t2컵è9Àa€Sqƒ–îˆ>¦B—# Nân5Òöœº–¯ÞÈZþºÇþù<‡ð,ˆ¡û††ï‹u'èQTþvö´ýI~;þ¬£õZŸ—«Éûx çGgG[F[F ?…ƒ¦w*Ì•7‡>?Ú~ìXñ“õ÷÷‡íííífƒ¶µµutttuuµ¶¶º†NKK þÅy^Åm Ó¬%œáS£££¸Ù,u„ÙÀ§8Þƒ—`ñàþ®{Gõðv Ì:ñ1›‰·áÕŒßé½XÂñÜg÷ĉ‚‘±XÙ¢Ê/|»Å?9Ú£JÁâ¥ê Á -ógZ#Úž7ð½ ŠáÜû’ç/ÅõžA… =¬p˜æ{;#L¢ûáQ¸]°ïñùìu#ìô´÷¾glv ç§~bêÚÀ5Ž¶‚ q½ò˜„ka—&Ÿ°§àT æ8ÉK…•>–æ΄æЛçDÛgffâ&Yö˜i‹{™©©)œxYFG:„KeÖ-îÍŠûy‰vŒ™ËÝÝÝ°Ý-LÜÉ0q‰C5˜v3îm49nîééñšWñ¬¥ÅÅE<244„]sQ‚}ÆÁ€K ‡LBdËkœ(8 $<2Q¥mw$ .ÚààÁƒø—®bˆ«&:ŠñIBæÏ´v´=oÄMýçÉäù0Лìäåè„©ùÖõ“¡ÌT dÉMf>‚A ñ5*ç:çˆÕìì,³-^Ä<ˆ_<599iOq^‡ÊvY2qÀ܇}ÿ£¯ÞôWÀ臿ñ;¿X<ÆïïüBqXÜü^St6æŸ*<ñ·… _.þ‚_úÏÅ_NÉØ÷}×/áæOL>twx!ˆÊµ=î„ÛEhžýZ^^)û`²w}´‹mÒ†{ïìu׆ò°›í/2 ¾ÄáW¶þ£µðéÛ¸^ÎÐÕÁïøã Ñh2ŸÞÓáügEÏaù|±·áýÿ®xrù;ÅÞ ojîÜu“_Cm¯ë²å:áC|ÿÎý‘«3M<>Á(j÷ö“çNö=ØwøÕ‡~zañgÝ…héW¸Á½ÉÖ¸sò“xjö=³ì¬hîÙØ ‹®º¶Ã ‰\æäÉ“0JöíÛG™Àž„äõImÕË—ÕÀiÅÄU<>‚v®Âxš]\\är4Éý#cXáò©\`’q³l¢Hm.r8§F$rÉÿêÆ­)µ=wMB¶Ãm_âÔˆ avvvrKʈB;X(Ìí^p†Ú²k×®ô9:}Fã ¾…€ááá£*ÛE0ý_ÿÚëk¶†ùoS¼!MOîù«ÿRø—™âÒ±÷_yªè6컵¸I…÷9í[ä\«×Užª<¬w»ê Ý74}zúèã7”Ë0Íqf c ¦¯æÎÙ=wöØ*›®Íž oúµ·þA«Í½ÆýýžïѬù0³ºÖTÛ{{{¹$¥g%à ¬Å2ð²¿:1Qr'f¶©»Ó¯]—6 —µq¯¶´´à €²¦PÄA%´†µ ûÉî¡9Uù®[‡ÜÙÌÙD‘m×—èêê2±¸ã¬Ò,¯Yݸ5¥¶ç Nbá€4÷<ÎÄ­ø”Fi‘_"ç:s/ w|ëÉP–“ çhz¿îˆ©Hº»»;::,Éìfἕí²dâøàûŠ¦¿;$‰<ü¥¢›«%ù¾Î—ד…«ðþ÷–¿SxGW1dw}X¸ÛîÖŠ±µÕö±A_¥:¶à½3§gúìÃ/,ûB0‡atvÔÌôÚAŸŽÁ‘Î#pÆfÇØçâàÞƒ8‰Xu}´ ÇÞÖˆ3bˆg;÷vÂ'Áƒªé§Oä™ÉÉI.ìˆj•=çVÂP°™Í°?p6o€=«xªdÈGŽƒÀ¹žŒkßX˜°™&·fà´c.®Š×!°x¼×ÁTr[X Á8ÄŸ¡‚–ÝBêÁ!%“`–PQ°#Å[s)¶9`hÉd´a–!]°Ø8ë çÖÈü47Ý‘*‚ë2eþLbÁ'æ¶ÓP~Úåøpî@Î…p®s W3ÃïÔÔ”ÛéAUð^f@6.$h2T‹[ìá<×*€ÆzÓ–Âàæîè9ô DRæ±fyÇÁâØ$ø;]œüÀiÓŸ˜º¾€,.•ä?¼£xó®ÅLp>üçקkãÇïú…b ö¡/Ý “ù§Šg쥢1\œ4\¹råâÅ‹.\@ItöìÙo|ãO=õÔüüüÃ?|âĉkkƒñÿwüà?wéÀŸ(AÕTÀÁð? »WgŸÅƒø­üE``z<žüÚäþ?Þ—â/]X^Øýû»ñ/¯N}cêðßFP½Ÿé]|qç1#Þ‰?܃›ûÛ}úÓŸ†®Bc¡·Ð^è04ú ­†nçAÛ`ÐÎÀ/,Z®öh,..Z³% ®ùH¸ ×Ëú3>Ž3ö/Ì<ÈU†¸ƒ/¬ Ó^ÊÝܧl49.qaJ[2•Fbˆ`-ž8°GÜø{·u8 R^ZÜÙùQà˜É™ °÷zqpCs£MYPL)%cÛ“{BðBËü™Ö”¶¯‘Úů†Olv;JÛ¥íBÚž w¢Þr#ëôó ü‡Z/VÛ(PQ=ísë›LÛ9T: m_ ÚÞ@pCkÉAÚ.D-´=§îDØ1²øû¿ÿû_ûÚ×ô™EÎMêŸýÙŸµ|XHÑ%mÒvi»¶ ѸڞSwÂsë™ ¯^½úüóÏ_ ¸ºÂµk×ø«­aDÝ0µ4åën»í6Ï­—¶ i»´]HÛ¥í¢éµ½¶.+{pÁæË+¼ôÒK/¾ø"~¿ûÝï^¸pá;ßùÎ /¼€ßW¸téÒÅ‹q's¦²¢¨uöc~Û°aæM›6nܸe…›nºiëÖ­øݶmÛöíÛ7oÞŒ“øÝ°žòò¤´]HÛ¥íBÚ.m«íu£ÒÁN–f®z‹œ†,gN2!N*ŠúgBê¤e6Àli 3gè—¶ i»´]HÛõEDci{݉ð¼%7"³!©v'N""²ÇPZ"j ’Úˆ_7û¹90<“IÚ.¤íÒv!m—¶‹&Óöœº®óäùOH*28ÉžDƒ(õÉ„ž[Ít}z7+¦É~Òv!m—¶ i»´]4®¶çÎðz$¹ iã\%&‰é„7eMcuÀ4sý ¶óü–-[6à /¥™É$mÒvi»¶KÛEãj{NÝ /2"‘…`zÏÃg&Ä%סOÈ„ÊŸ"½ú%_²ê¿Ö3¸i:ô6è0åøÚêj»ÕÊÒv!m—¶ i{C.ëæ@s˜&k&„—ZKSùSTîNœÎkóì™ë˜ý˜!½iLiªœ²´ýÚ úX¢Ö-Xnóª´]HÛ¥íBÚÞî„»ñÀ|…ô˜7o+73r96קˊʟ¢wÂõÎ-â_sß7ÜHš9LÙ´Ý4\*-ꨊÒv!m—¶ i{ƒíŠM‹ 9Ͷ£·TÑ…¢ vèÝ> ϯPþÜ ooy7S¹…6ÑUTÛ¦*Úînu$}u®uÜ­Ž¤íBÚ.mÒöÆp'ÌbóÏä™;a™Ðœ 7Oº™SYT”›Í ¡…ý]$éÓ[–s½ ס¯\Û]=—2‹úg‡°ÎKÛ…´]Ú.¤íõ‹p†ìaž€ë$¸N<¬sðòåËvÛ?üÃ?¸}Ì¢ZyM”K«˜Ù~ðÐò|w·£Ð²œ×3È’³bm·«Rf±ZÙÁôYÚ.¤íÒv!mowÂÍW^ÏÎx=áÉÏþó?ù“?)µà¯ÿú¯ßüæ7»¼çÖ›£o'Ý›YÛ 7vµ©ùJÔ»wúèl"©´]HÛ¥íBÚ^7*š;Q¸q&ŽùËÁˆ\¼™Ø xäÈ‘#¢ˆj177788îô< ô90AÛí_Ù«[ën\@Ú.¤íÒv!mÏ»;ÁØ3ƒ1ïY~ ûô¨èëø”–ˆZd…<y &µ—+y=L¸›@hoݪ¹Q ˆIúh‹’²ÊP,g{Q? 3odQ6;;‹K‡ž  _azÅR9…%Žã²XB͘¾¦¨Ã'.Kòª\6Ô´ÓÃ6•d—ИQ#¨`ëÖ­ƒ²Ù|‰Ž¯ëëëCEó…°8žžždÙÍF xGî™’]É£££(å«;Ž"n, »Âݾ4¿âùpê!wDª®¶¶¶‘‘Ú¬Éã ’¯²Ÿ=î)&3|Ռť"2 B+yµáÀ× ÎvG$ ƒö÷÷WÒõŸüÓ Æ«¢ûÉ"ïGFƒÁäæJz¸¿»»ûèÑ£tøS~Çp$¢”pµ¤&™C›IýêO¹År°Óð„x W\©e:î+'¡‘¹cllŒ5”õݵ¶¶NLL ×# —˜;øF”ä(2ixTUÊš¢*ňIÏ.%äÍlU@rfofjÔ;ñâ‹/ž?N»&ž~úé'Ÿ|òÿøÕ;!jÔ;í‚ŽAÓØA݃BsÕ;ÁJ†rd*¬•‘m$L—Ûô˜Ðv‚ÝmF-ÙÆCÛñqïg33; ¬¬ç #¯)Ô ßóx¿ÝC™X}ÙÂÙÀÑ&:·ŠrÛÀø¯ë(Ç] »† µ¦ó’:ãS®¨Ý±6u›']Y™¬Æu19x"-ÙlÜ(ùÎÕ±­+Ùì—þ#òÓÄ5É'¨b\­G­ˆû"\;$î;2|oL£WDFÉÊ Wm\Ej`Y½î¥Èмh«*IÓt\,{—\Màm¦ÉÔp³8Ý2·y+Ö¸Å]\©eúÉ«‘µOdêká 徵ݮìJÞìê!ÞëõH$×8ƒø»êíVyH5û·KÖ”9#é¶ ˜ØÓg@7½ÉÙy-PswâÙgŸýÆ7¾ñOÿôOÿøÿø‡ø‡*¶DÌht š}ƒÖ­®;1‚6D‚éi{±Ds«™¸ ¨[XÕŽ‰Õ x„ű{l†ïä #+Ä#Ý w¨îg³“{N2áø5[Ê8|øpÉñ$ˆ!{( „éöª›«`°qîtÓbI k‡c~Æu*lóúp1ä°+9??ÿ{¿÷{%Ý ~ã4ƒ>E>aSÏú‰YÚƒ¦Aß uÐ=h ôpU܉È^òk)fVxõ G««âÜ ¶¹%WÂTlïD‰e¥•¿áÆ0 <Ò°ZÁéY²‡­ílíÖ‘íǬѩcÚY…{cy™&xï5ÇÆIŒ÷âŒ[I„ë’°IJCÍuíÊJrþ‰Tæw"RíælÑÃSEæ טˆ‹[Âç°˜$g 7/òqQâm®ÙäµûFj`w"!4ÍÈàN$ËÉkkwafq+P+LJ­p·Iú"4MÅÙÞï†ù8u ›×”5…Û·Ð(%û—Â,YS¸ÑóZ²˜7Ýšºd »‘Ùy°®¦c¨ +›MÚ$Šä…ÝÝÝ­­­]mmmø[ì²äBZ‘ ÀrGG.Åw>%xe___Üêi$_Ö¤‚Ù…UÝÇ4Îç)›V‘üqù½ÂƒD# e×ÃAQ;::zìØ1wèìì´c.ØÊÕ3ㆨ:tÈqÎú¯Šòœ™™aK°áMQ#_¹yqsŸåàã)ËäC“!y®X’kT¥ XÏÐDÊb9³W˜$—ZÉù(CZ†B@[Ü^Dncj–KiO—ØL™ìÕXÒ·]ÂgÀëØlj I¹ÿ–•Ìț݅”eÊ¢ƒ\"òfÙÐWÏ­dS“y„È (+`ÙT2Þ)²Â¨Š¬˜–——Ëz*ò~6áÔG°a_"‡Nd˦¯5g  ¶ÍVø)dhN\*…\î v”£ÄDep,À.Áá±cžsS¹Üž{?ü¢²FB H`¸g8õ<·<¹.dÜp§›dW9½Þ<Õ£ CÁ~ÉO€Ð, 8À¿Í½"'Çc¸âåG©nwXÁâú`ßÕ ²UÜðWðldK3¬%æÙ Y£’(eÐÀº…&’‹eW‹2ApÍ·µ%¡Ô*é3g(B©ÃÞ¹Ê*|¸ él¯–)wn U 3ÿE©ncÃÊJ&;7ì{¹2W–É@ {'ܲfçEޙЦÅEÊšFÜ48zzzXÍ WTkü›„ËíšHø–“V(Ú`s’Ïg›3Yß¼Í#WëC{CK ¾;Ä‚/Îq¥Pl å¶O°>q3nKp Q§NòNâ-õ¾‹Qø0œ2WãNŽ|5§çq'¦Å÷jB«ËîçzJá;¡ð(¯Ã]U“““ŠoŽO…2ãNÄÐÝÃ#8ƒ"ž7 ¶¸š¦Ó’qCà^ÍQöE~D˜ÜÕ•od˜8ÓeÆ#xnÀI×ÕqÄ34ÄŸ0¥<ÙÜõQا‡Ú$||úÈ|QRJüˆ”9²e›ÜŒÅ×!_¤é…¦áÛÁ,ÃÍü²xœêêö¸&g Ä otõ$s”Jj`¸ÄvÙ·oŸûŠäÐ,ÚšMQ.ábU04µ'„ ýÉÜÀÇ OØÆÊp˜MJ­’­6ÙŠPÜoÊÃ’Í„?€8Ì„kº„š‘S ¸ÄÕLávzÿ–•L܃ª7³¯ÞrzYPDýÕZÙéâÅ‹ßýîw¿õ­o}ýë_ꩧ¾üå/?òÈ#¿ýÛ¿]ˆššr¹›2Ö«Š¡Ü5jã"–9Âî欇2'¹hxjÊç)k© .0jp8w)’ôx«h#TÒÙÖwŠ[)ae'ht š}ƒÖA÷ðjè!´±ž+;!Éc°Y%\JÒ \N_óÖ¦ ¯žÇ9y:náWxs$\U_Ç]HšƒK\X–œõ»o´Ç¾¥'­/ÞÖ²ðî±Öµ¸Á¨{…•}o¡@®Ög¾“+1‹•û \õ`/,8«màqaºsÓÙqoñäy.eè&¦ÿnü½Ûâ¾oã.Kpl@Âr«q ™æ#š‚Q’ÞÍ^4Uôv¹NxÊr¥[‚!ÎîãÉYÃF#zq‘÷¢äÝæÅ0N#—ò`ÄÒ„æF[k7%“¦X濦î'öOø—ÇÖ˜‚ïå~¸R+\΄5<®¸ «b\ÍÎQèÉ™:2|…m áeÕNä¿eÕn¡ÍSݯ&º1OÎÎk–ª·àrîõ¥K—.¼ôÒK/¼ð¬º .|þóŸÿå_þe|¯++øjÅ¡¥¥¥vØ•ŒÛ"1¡92bÙ" ·µµÕF²Á5AÊJ ×‡c¸Ñåŵ³Ü§¸ 'b˜¹Û„C×fffØ­Ï|Xîô,J8ܳÙ~!!p'Þüæ7oÛ¶mûöí[·nݼyó¦€7®_¿~ݺuÍÝ.íjkkCXá 3œI›($¤dÛ¸ ¡¬!„•³¡Ö/HÓi°oß¾BÌÌE¦Æ äp*6G NLLxÍÝ}Ó{¨*C)ÂS¦úúúFGG9"+C€ì— ¹F—ipp0[Ëý‚yæ´Zp¢G‘ª\3àÀÛÚ……•®v‰H!„¨"¹h²µi=áK°D+\Pµè焇?âL†a¦\º‡ã.ŒUL]ìÕ)wÐ'W˜öN2±Õq.âà¤=‰Âà,sî…½Ylä‰B!ªÂ†Å™rØžÍXÉ—HÿëãK¼¬ÊžÖÕ?ùƒƒƒðmÂíÊ A=z”ÇsssÝÝÝœïž-´„8WZ___¹{r» üdmmmÜ®»ßÅcttÔ}·ŒÄîábeŒjkk+®• +÷&k2VWÃË}#ôÄU›UÿÔŸJ2B\J¡r{Ý¡·á䭄ϧ ¢”OXΑÚ¹5xÂuÉ\˜ÜÜ”æÈ$<ê!¹|(Wæ™sGYeox •º‘2uƒ¨œZÍ0cŽÞº˜£$wQÝZÜÜ Ó·Õò(n¸1;;ë:T)Õ>aKÔRÜß­òHV}ýÎÎNTŠÙ†&âA˜G¶Õ §Ü òðXùwñ¶Y¥=:11aû¢Ð&NØÆ÷/çæ_Üä„fèBNB_7 ÜãíP‹ó”_ Ìjj366Æ•»ê¹©M±ÌƒrÓ€tíÀñ©S§¦ 4WåxÞµ¹É=·â‚¸Ž?Ž3*AÛqâdš‚÷ÛáÙly1Á/“‰Hæp;ùööv“ M[S3®™¦|(WæÙrGYxš#Dvj´+ö… –——Ÿ{î¹3gÎ|ík_ûêW¿zâĉÌ;£ Qht š}ƒÖA÷ ÐÃ:ïŠm]X¶õ²»ymæØi¨yaf†ÖO¹›Ä'“¼)r üvÞV£…`ÝÛê~—°ü)‹v²Xh{i\\\DÂm«û5¾ mß›p[aeR–'ÞlZÍÎÏðæ»t¶¥zæ÷4ùºñº)bùÀà¸rƒj ›5¼ƒ¯{>RÛ½‘üA½‡¼À5K*)Ž¼ôæ“Èž¦|(WæU,ó3Ô8B”EMz'ÜÑ&Ö5±~ýzdªßú­ßâ>ÙÜ0¿—`ð] Y,â0EÚ°iÓ&n}Í=°¡]œ#aCžLëOÔ0kPL:t(®¡nzzzbb‚ëêöôôØjfl(éììäêÉ8À=¸Ùšx‡††¼æ1ü{üøñ¥¥%¼®¿¿ßš¾þØØ;F.¡¾ç« ÁŽŠlßM#ÃæR\µyǸ¡Ü†a›fãž<àöç°í7ãux‘ÛbÇNÞ I–†sêÔ©”G¸ß Ÿ»r˜Çì `gZÊ›!:vb$ô;Eæ‹ð=æWXà8‰Kˆ‚B ¦ðžzÄ)³G8ÈÂ|Ä2"†“ô[¸r¸]ßÈ,ÆgnZÊp˜ê’ó$^Ýîwww7ûô"¡oïGŠ† ±qýoeå.œèŽí‰šug!í,FÚÛ۽“_°áòB¶ò¡¤Ì]Y¹ý6 EŸ«{x¯·)-4‡—¨´^/núL‘ Ôˆ£pðMùR/X«é’3…ÝÆ}Y× ªÐäVsøu«¤ðÈáwA°Œs„…™ADµìD_b}ì¿7Þ}÷Ý/¾øâw¿û]üÂÀ¯çQ蓈wÂõ%¶lÙ/¿Û·oçÄkœ§²yEýAyd–Søª E`ÑÖÕÕÅóóó¬ŒQ²Õ?}€ÂÊòÇœ.K[ëaGY4/凎Ž¶âx4`aa[ °æ`ÉÞ…¬§1Á‚ÂU‚ÝU€Qa –kU³Ôæ¾éÜ8Ù—ŒÂ¿nê•ô›oPÚ6V!Ž¤Eö¯Úðk¡€ô~¾2¾nŽ”d\¾ðn£%)s®åj™Q‚òð$þEàÈb|u‚RÑr·Ðaê,SàAå¢Ã  Ç8OÿߎÅ<6¬Î‹žEÄâRÄá[ÞÉÑž‡ÓÄ} D—8Þ&!GìÚµ+›>¸» Å ÍûиäMA$Y 4PF¨¤|H–9ô„2Õ/JSôAÚˆuCÂ6´ÕJxÐî´²2EnMÁOÏuYø¹,ª!ëÃ|]B¦°Ûà!ð669!!6ŠÕv¾¢æðN׈{gð˜ÿâíì%yq'øk#ÚÍ£€Û€_ëËÃ%úr'Dw‚Š´)îÄÆèK¸3(V¥kÂÌjœ4éµ ²è‡`ƒÈQ°Ú@g<ˆ’ΊÍe”‘šÞ¨b|(þð ßÒÓÓÓÖÖ†zg¸1]‹B0½Áêœq÷x‰ ïÂmxÊÊVhMË(‘­Öç[`ê•ëN „U#âÃ$ o„pÜŠ¡½½÷³Û—(^Bò+ËÈ*ß%Ì6-nTïÞ†À½¶s„•®¶0«k ÷šK“ó…gÁ@‡”#X¨¥{ÆÔáàÕl¿LP*¾Âõd‹qLUÇ#Ð1zõÙ;áj{‘Y˜L„ŒŒéZÉxSŠpp '¬´ 0Rëô械¥€½ˆ‘ÂñÂÝ>@æÛd)ó`IfS´Û¾'4~h÷’·v±:L¨"cÊò¡,™{E.ËgzqEçï™C÷Z[[a^ÓLwçQ-Ó”´áLQÒ¿b´ùvþk‘AìXK“)˜X{jæÆ*ÒýŽ«zø.$uJ>È×fosÝ wŒ©W¾çWÐò3n0Cˆ8¥¢ÛÀE`éNpÈ= à*Þ*vP ìŽlAd‹¦ë pdcI†ÝÖØWkºƒð^94ÆÍí©w÷Na­ï%9ÃB l½CòQáA8´m#ŠËÝ57£’ÃmlúrÍ)6YÅUB\V%l–yÎCXh¸!Ÿ«Í4"Üï2ÜqWÝ|᪩T|—·}*t¬ÜÁÜhÈ,.¢àºßnÄÂY©¤‘ÊŒs%Ë3xKºY¾Kó,ûB½¦óâ„ù¡]w‚!$; MY2,rénÅ}Ü*Rmp7çuÕ’1¡¤ÌÉX´ù뾿ËËË%sk\¦‡æþ›¾ ¶w1ï_ø¹p'`½Ñ%pgMX‹2/'mF!Î\ºtɺ&äNˆ’îՉνˆÍ8v;YEaõú("[ççç=•n\ [²¡Ë«6¬lE°ìhfG|šò1šw‹ÚäF©l²âøÂʨ_¸aˆ9*EŠ«µµÕ»⢱…Û–VœƒçvûœÄ}œÁaœ¾hªV¦¢NîDáÆ©Ø0øè$ÐaàIx8oýD¾„HV*w*ŽõQlt°ñN«;Û°D[9žË˜¸ýt6â†;—¬Æ¼ý}úúú¸6…»™ƒ½¥ÜÐ8í5½ý‘¡î±uô#¯R\\4†gàœ†g÷Y¤Ú½¹Šp ,Ö3 mpY.Öqç}è4ù‚“þ9AȻĹ˜î wÌ i[G(R©Âß‘“P]s;$”ÌJÞÀ?$§\;žÝ ¯³¹(®ËQUáÕi¸P}t5Ah”¿›åa…Ç¥½¨gù\ôqJ˜ &tûL8_9ìa&—´MP¸i»³:Pý]±½°Ýe8Ø}KÀÖ­[·¯pSÀŽ;vîܹCˆ(¨TÓhÕÉ>á-îTX½ÁNf9ÙbJ¬PdÛN¨,²¹¼[ñ§ œëÉX ÁÑ̬‰Ý1!ÜPÉ{6ü†fFžŠ›Ö瘭6Pò±e¿¼Ž½—3OÜÈãfØO8Éù‹\µÖm¬Ñwä¸öf˜¹ëmwÝÊ9øvp\7M¾0— ¯Kƒ3p¡ÝGL=¨Øl/OPªpT¹äŽ}t¼×SìÈÜJ›Þˆ<^—3Õ˜œè6¸’¤—ÕÝÝíNH ®â7ýŠIîLërI?´};Üià6ÜDØz–ÉE§¸jï–ðgòÔÆ>qY™‚Ÿiu7¡OãŠ[êÂÕŸ¨:5ßw‚Cž`äqN…9W¯^µ~ œ×H'‘R¯Ü}ÖmB¿y­á­'V½ƒ‚Ö-݈²~rr•}[[›5aZ3 ÁÖÖÖäqÉ®û•{åÂM4ÄaW!9àÚ‘¸ÊµeXCpM@·w›«Kqt§^ †)wŸôÆ”³Æ*¹[0â†{Ltê6{/Ä…J2áªö\=†Iàh%\Â{9F¹¬e[ÙŽÈ5OÒ|G‹ªÍeôšuÎh­[s¡´Vß'狰郕K‘RøTŒp®A°‘&(U8žxnætHmh8÷œ†%‡BÆ‹*¢7r̉—1Ër'~ÉIÉœ‹â&yvveNî ]Å)¿é[šñu¸‡Z¶› 4®ˆ…¢‰©³ÙÀV’Ô¨ƒ±Öå|=ˇ„¢¯¿¿ß/µ• Ô‚nà[@ȼj¾húLAÇ)e%µ*°‘äÊ°*¢ëa¡Õ‚w÷És݆+WÜGôID‚;aî»|Óz×ÍX"n1ßv ñååeñîÚlg:uê·ÀÃS®A`ÇÞ[ð/G%q•U÷¥°•ax±FÁççç¹Í/µ··ãR\h¼ê†f0Îõð Ue­œÈv2΄@ÂcP_âˆÅÒùl¾ ßż ”“ªíu›Z•7=eˆlËt•Ç>+熺J—/Âp}Sï~®pO…tsAI¥ « —@¬˜#ØsBãÌ.qIO"53¬f ™F9±+qræŒgï< åTÚpÖ(©í\« n—Èê…'4÷C£8¢]k1ŒûóÜã—\¸%”å.Û\ä&}Ü©ÍγH·ÚÿBí©Àn˜é3Åèè(>_ägò¢ð¯'g »Í“@ò¿žƽ+ù_±Êî„ëXçׇõ~½ýä…HïTxÞ¯u_ä¤wb-€"¸­­Míô"?˜;ÑÐ:¹Š9‹‹7”ì`¬úWãF72ær]¯½I¬q6Ô4tìTXÈÄñNð%ð[X™œ-wB”ëN‚ þK/"ìHHVucllŒKHIBTN2áê:¿úرc):V×HånžúôùwtåKˆz¸4æà$˜åÇcz4Õ5!*ñ(Ü™Öa\ÇCÔš]»vÕßò"ÙoŽ¡h‘’f9©ª¿·þê¡C‡êÿ^‘øÂ7ÌjmÊ›·àVú% š~-*ðW N…ë?È‘B!„hw¢à s Ÿ¢Z~…û¯| !„Bˆæq'Ö‚Áõaqy»fõ+„B!DXWç÷µ4ËË˃ƒƒ¯xÅ+þMÀÝwß}Ûm·?~<‡ñœ™™Á/ÿel«øÈȈ·*ë©S§p¢pOB,89ÀƒÊ_”ŸÍ%ò7ŸJ¿^%áp¥NÞ“rߺBeÛcÅ9óÜPÉOÝp_š´U‰[®\â’Ÿp)%éuOT«„‘ò)«j•ÿq-n÷º„K)skJYe©Ê‡:qMT'_\\Ä¿ \ë`rr2Wñäbøå¿ã5 œáS» ;É}Ü(%»—Rb!ähBoo/'Mîß¿``€ºáqðàÁÙÙÙp¹7wôÂLÐ.\¢äÝÏ‘”ḟþ`@¿#‚å.Z%Ah¼3¬ŠuÎ\ I[•¸Õwß\hi¤¶[§4´Ú;oÛT"™ôº'<2Ô Qç'wÔSV å62ÚÁ gÆ4­ì¾Äê)M‰íæVWýRÊ*ƒH«^> TXm5ëäPefdd„ûvy¦·¯¯/Ï1Ï°?k,bfffìÌñãÇyÒ¶Ûd$OBJCCCé7gm,ðé‘j$Š1::Êý¡]p2Ü€uÂy<‚QTágx©»»a¢ØÅ%åü7òíccc,ë+\V²ZáT4ʶObéééÉÃ×G4ê¼NÿêÝÆ7¢ÒB?¹ÕCÂýa½åf[r$@UR&¤äÍAB¹Íz×hooÏÜGáõB _gëqÕ¯Qôj4 ®»#}µÕ|ÈÈÎÑ£GQ†'KÀ”ä>”–Ó:::ZZZZ[[akZ®Ãã¨zq~yÕÌÇÂÊB<:êëÖÓø·­­Íž²0q€Wà$.áˆÑ¢ pÌehöˆÙ ñ·«qV,·œô<àú8yèÐ!FLxz!Wt ÑfP ß¾E²¹SyG3^Á¦ $š€ÄÁ®BžP†°ƒ¤¡ ‚I„Gø T‹²—¸±üUxb €·š$ÇØÄ•}ˆRÜ¥ª¯JÉ1- ý×iú£#»Ôûhg¹¬TÄÕˆFäÎÄÍ:Ɖ0•ð(^Sx”Ša}C~‰œo–~ìCÂÜ—A ¼¡#^˜‘0ÇEÞ– ÉcT¦I#áædýLȃés\XÉ3ç—f"á»W«xIó)ãÊíS§N! 9dkRdFó,ãÇW>k4R¯¨ê)Ër³s6W Õw¹•cuS‘_Ô™……H¯d71;aÂíÆ1«=Ž  ‹,ÄVgŽ’âÜÀ;ñ/Q}­³ÿâ—-‚\^—p'{HØãƲ™¼tJ0ÂnßìÝBÐGi¡á6ë"ääòÉŽìŠL&›ÝÑ øånDîH¦.<8$RîX2»do‰‹6DWpº\ù”ûoME°CÙÅÄxšÎ ðsxÃà „”ƒd –ÈT¸ùš÷óíVX[ÄL7h‹'‡ãõ»ñI9Ø ïµòÑàG±q\î^H&=·^áçÃy×g€,9…¨ÁNÙ ÄM~Tc÷6Šˆg¨f® ÍŒ7؉¹ØêøðGot"‡ob<ð%8¶p+·®±d²‚p?‚5©ZüÃ%†—mÝ8»5—;úÅóí“ãÓ $îwwõ*¬TqÙ'½¸Ü‚ÈÕ±ä¯ µ±š½ÂQ…ÊïÄÍÝ„—Ì\á‡ïq¥jå†Ýf¥G¸< G›•f84¯H‰<ãŽdææ¸Ê.\myÕe¢¦DîD5«Ò0t¸='„êÎ\aõk³œrk,ë‘n =j^FñÁlãÅÖ2Csq‹HfÓ~¾(2ÉæB˜·c'yصpͯ!¸Å·'„„h›Ìé¹ÿ†Ëšš*‰g?Å)K(:~´cÜ«H8RA}`©éÇr(À$IÙ2½6û‚¸^\ØÈö©Ð@ü nü­Ú`ÍÄpŽéV!VfóAvA𘂵B?Ò€H-½øõrb\mQ¸q|¿UœL…¹LeçNÐØ5AÑh&w¢ †xº©œüFø¦®Û Qãßpé÷¡)vî±çNاñ†’ó_+m’-žÂÊTº1v3ÿ9í†OÿÞN‚ž›¢º—³+{ïÔ Ì°”|B|WÛã W8,iÝÚ0;‘^\|Ê&)¹¹ ùk²Zaý‚˜gûL‚gŸPí½J9;Ya¹Ð+og÷6ÖŒÞ[®¾MùסüX&®„Ìýâq•]dµååîÈ™'r'äN”0"{0̺ Ï(²öþ­‘›9yêFìAä.ë¸Hˆ­e†°ßâôÉ­)f©³´²“–";™!>K\á±Ä•)݉ôârã`Å©Ý™ü5™¬~ÉÐYÁð™vˤVS—ëNxÇaw«5ø÷6V.–#pCdÇBBhf$¸¾}\÷”Õæ röœíÈÆß¼-ÕS-6h Dæq~9Nnbb¢§§‡W½QÝiFÝ---y·Ù¿§NÂoÜ”M###Th¶ê%Ozfhî ™GÌs¦J–ééiëG8/ynn®¿¿¿Üá†ÉBˆ‹6ËŽQfùÒ××ÇÙ˜QõÀ×ïììÄÇÆÆ:::¬3yP&JFëîîDä¡ øÜöŠ@8Ó )r‡@D††9YÅDɸã¶ë3ͦqæb48ö—k»ÌÏÏ»#CL·m­UÜÀ›¬T[[t²½½vÉØBbÐXÎñÁlmbš EJŽlfJÝGGG›uÔ8ðFEN²ÂUÎ/â„Näo(sò‡†Ú#C!w0G$ ïöÊêlcÄË Y¿®Ê1†üî‘zixù4¬ùibqá6oâ™›Ù3”{È/œrŠÄ0a¨½•QV(•ŒO#W8°ÕŸE.~½¯œrÊDJqáNïC@aÒÌýÅ=ˆ¿Õ/\#•rÅ iqüøqÆ„U|Õ¥Íöµädâ$§w¢<Ἤ83#\Y×2”›–p´)œ¸XÖgõr4#+¸&@S±³»´í—`ArÀOJW!¥m<ã…ù™ÃWØòì‘aæ1«ö]»v•CZÏÌ?f·ñ$í† Æ«gg$Ì r£Í‚•·Mÿ°ë¦úIÛ(nrªWzº%;Í,ˆŽu gp–6´ &Ïë¢@ª>:›­wiyy¹°2§Ð@÷íÛ¾¥ykk+ôKɤqq-ˆ'¬Oo–Æ™î¨clÚ &XŠøE/9™I[ p©($ÔÒüá RŠ¿‘î}ò‡Þù{öA@”¸V8dÂ%1¸€DYzž9—Ñ×5*o/à´4Z¢pá–â@þ¢§g_¤ñYuâ h)„Aiq¾¦Ÿ/›ýPXY!ÆM SQ‰g…Èð·Æqšd²¡FåÌ[H††ŠëÛ»ÎÇæʧÙGˆ?oŔ܉<ÂE{¼&ÚŽ,wX¸9–4±’«%WS™i-n\Wa¢c«‰­b„Ž9B—½dsš3”ûÈ“ì–a}o )K0eè`Sº›]m!‹’Ѧï´#KŠ*‚”zêQ%K¯%Æ-ƒ Uï*•üeÍöœÒÊ×ç-wY ÄÄ‹ªýK÷+¸„ÛA‘§à@¥9–=e+ÂÂ#ª«(Mû(ÍAf:[–¦-;©Zr×%ÍMxS.ëï‚ŠÃGIÙB‰<Èj;²!°ä‡f{9LX«±>Šgß@7èöƒ=çÓl‰bƒñTˆÊ h›v‚WD.€Ž¬Ái·„¯Q|VÈÂYéµ…FRöû=½¸ØUy©^¡Ëœ !pM§’ȹÂÉŒŒ3¾¿lËPiB³8³åÐz‰tHèìu­ÀFRwÑÈ„ZÀ}5k*¶#ÈhØQ•²¶g[vÝjVn À I(Žm— ß¸N‚×ÃÀ©Üò‚a¢,c4W§Å+¨²8Ƴ®c'ÞÓ~>Åú€ñGÈ<™¡ž‰@/‹FJ(¤Ž¹‘ö\ÊhÓd±VØßtÏjÝ<Æ•¼½Ý6ì|²_ç-$‡¢)dè¹U”Cò7¢â®'ËðKº²%Ëâr´ðFwyP6êxu’IøcáÎoãÀÖBº\aÙ¤Á:>M­ÆaŠÐ(Öñ®Sgÿ–\2¼ïJæ†ÀÜarß oÍ«’†n†x9Ò©¬Íï‚«t3*ßÞÇÕ‡¸¦÷ô °êèè°¢µÀòòr‚ž‡óiš>´83×=ÃδÌiØC ““ßÂÙ‡îtÀ3ªŸœW8pªƒÕ³å¤éÅ…‚ÅÝävpÉz ß_Ó­_XÆfn_³ñN®[UÝÌåînÁZ#ÒЧ5566†û’Í„ÆqLK\çFÜÜÂdÉóª[1§7z7]š;‘ÎD…Ú` 䮯‡…{Að.cR²êåm™È¬\mà ªR¯Þ²0yÉŠ!ÌÊJ ! ym|Ä<6èfžEÎñ Vv2d°b™.D v!áo–&Úø×uxP‡Ñ¬T8ÂñçF®šð ¢‡äp® *$H’óÌ`Ó¥´¹‚Ù[ à~*§UˆI†µÆQF#<Žˆ·—[1à(Cñ±8•ÍÝ&…3q8ÎpSŠË$Î Ô7-fkƹUÜCo¤?à ž¨ &‰]8î¨àžDöáô~šq}LãɺªÂésˆuú{0ž\_BÛ!ÀÈËäÍæšé(ÙðqCæqÛŒ\}Ä$Ͷ4¶fwò,›K[œLÖsä ¤ iñ:¥ËB@ÆÄ«Ù ƒä ¨”%9GT2ž®»Eîa±ã5ÙÚü®p[ƒÌñÉ3q…Î@‘貄 M izqáNÎbûît›/ a¼—O±~A„ÍB.@´Ëí;BrhÕDÖné3—©_¤Τ±Öˆìö¡câ>¡žeÓ$ëPÆÇÞÎWTk;TV[\–!///ó£35ë¾ZÙ©j &F®ÎfK|àj%k …H“‘ñ.1’qË¥s½¿¸««¾ˆVœèrm[’ÕÌå°V„— âƒæ$Ø»ß J\JX¡ˆ;蹋±°äbŸ˜ÅÄ[Š$9[ú°°²ƒŠEÞMˆ÷j/iŒ?}Zïí8I®îZpV¦pl#”ÂÊ"W¶WžŒ¹»Hò*Ox£÷å.ŠÂ5jþöÞæ·Žä:ÿ¿ÔÈ3ã·/‡pvYpè첡¯ƒ,‘E– [³ËŠ¢wP ²™EàHÿCfeFŒqSt$N Kò ¿ÀãÁÌXšýž_“£ªîºÍË{ɾ—çY\ôí®·®>UuNÕyáC{/O‰c¨¦¿Ô á)»ÿv 1—ÿ&”c¼‚y†-Ó9†÷{ÎY¶'§ò_?KÐuM³o¿™Î甉ˆqc6•Y½”œ£ÜžIG>9xBâ ¦c|bR˜HÏÕ]ÞB‰¹¨ eêkZíÉ"2p9hZ Ø‹ .O~> „ä§{ͼµfáSn¶¢úÒ¼Îö1©Êýì—-¿ ”×î)ÀÌ‹—ƒ‰ºv l¤Ihî÷ûL1Ñ9ÀqppðèÑ£d«5èD™ b}† ZLÐ;hy`"~i}}ÝøøtW…':º¢H~0+ I¸©‰Î .¾VÙ¹M pµ˜››óºšbŒ4á_„7 ®8‘;)¸’çŒ"04Âv¢‹ÐBr||Œe¯:ÐDå1z&¸8B–tØN,,,`m%}-¥ñHo¼ñÆЊ§+T?.Ž8@àÊ€ÛÜÓÓÓÙÙYÂGŸ®3Úx/ìEkÍݬŸkèá46]ˆ@ @ ĉ@ @ âÄEðàÁƒýý}ιÞ|ó͵µµ–ñ>pLþÆoœËX™“²Ús®6G`÷ïßÏÖ,..pgö—ã[``]¸Ö¶3ħ¡××ÛÛÛóóó¾|bfãÝ<Õ”œò H;Æ «Ú@ ðºã³¿¸„Ç¡8üîÀŒß­wfÄ<0‹4׫âÄå>ò~Í õ&.·y…¦,ex§ÝãF¹®Ü}~áÓàQÁ0‡ ‰»nKÆ—òýÆçðžéugš\2'd´)[¢WôÉ]VU&00ú„ÅLhr–ŸÏ6LÉôÎTûúy9‡u]m]µ§°zïT@äæ[@?"']$ü§çó© Kfº‚þx0¡+þÆžÍõ9¬À ªö)öFbܪ`SlxÚc®N¨×i“GžüHé ÄlSò€ÿ›Ïöè jy­vSÞGÌØ~ìØ8õ¯Y‰Žß$FQžrš>Ÿþ¢×§ßDaø…32„Ñó׬5Ê$M²¤…V è"xýê ê‹k|ù¿1ÉN=ÌG6;5’os±:QÈ Â`¾ã¢_QKË(Cž2k ›GMË´Ù3Që/3þ–)–s Ò ò.<|ø0¯ÎÞÛ'ØÁ¦‘Þr$®§§§ yb»Èç«-“1¢25d4š#9cÃö_›ÍÐœD)Í’Âz´A'N'Xiö÷÷“ûš5 æwce|ì€m‰ßBÓÆv¾ ]—pfÜ÷»e^úo?­ûqH±jÌ–ƒXm†±ž&{Ò£%Û¤W®dÃ~¯Â¨êB âÓ¨jvG|wé¦ û° <¬^¹Þyç|ÝÖZvbf'A‹SéB<ÁÚ#c:³M]µðs~ Ÿ¨,½^6zQ¢ão„úšnäfšeÓ §žžœœ°Kj„aÔrÞ ¤~»§éoþ¢eâ¢^œFø¿y^-"333ùêÃ1E¹…Øìj6öFSµn$® ɧÉçƒJY…ý)H¨°Fä DUvˆf„D˜Hq¥@Øb_¼‘9i‚å²Udww— $þJ„Ð_•p÷î]öƒYõXØ vËTˆ=ÒµY;/Ø€÷¼8~H˜ XGmJ²í«Þ˛Ǭsv­ÕÕ+w Cו¯‘^ jÿièsõpP%èf¢ ÕO"ƒ¢Sž3x¶Mbg’¯L „8ײ;ø÷Pú–uY®\äæ£$‡Úâ~90[>g&Æx!IÚ‰œý£‰©G2‘B~M'¢srÔ)jQ ¢®!¨ÅûŽë¹ÕöÈ&yÛ^ažg ‰ûü­mÆââ"£;g(™ÖTˆbº/ñƒôjÆí ¼uím9W¦;ÿ•mµ½àçó“ý¸ Õ‡Së_E€„ö¼CËd°ø±°° æaàôÞ´ŽƒåÚ+t›Ñ6AÓ=^ãGY(!ñ_d{„\=>>V¶QuÇ¢/ùxÌÖ ¦‰¦@EMfÊ=çy R˜úaDk>¬öÈ[Dñú¬C,~ö³?ù‡®+AÞí-? =™˜²<'¶ì½:ëvúÓ›óY'È s3ËÁ\‡Wàítça#¥4›~ߤ4ƒ9º…¸ŠÞõGm]9AÚw!è»wßdÁ¹,îon'ÊØá‹«%æ0ÍÛZèCÓ3ÿfÊ.>¦§&¾,QD ÖØ}ïåF-~>IL±ýLå [±:ÅW½³Ó<œp蚶™#µÄ¥• …'žåj½â˜¿&ïf-¦jýàC¦âx§vˆFb #H<#%Ÿ²éóA±J3扔¢œd]ft@BÉè`0¯^ƒæ–æIßÂÂôaCäÞ{Ù»ÖaÌ‹3‡„>ËüP¦Ýrãˆ-)DÙžÿ½²÷£îª»|2‹û†GW*Â&8a i†~ AO›B·jXê¾÷7Bó0ÒðãÜZ¿H$ËåÛàñjÖK¾ÀáêÊåºÜ!O›OC‡$joÖN.¬Ð>îl¯Áói—ëm’ƒo/]ؾ³6¼E’RýØÃØgmª+'Ð÷³'OÕ¬%öȨÂó:¶üر[2.¼C§üïpÑš!?{â4¶¦ $Nxï;õ\âD¢;dSŸ¥ô'¢ÞMÂ'åkW™DÛDïâ×ß?@ÌHïÌÞÉØÐdCªi$º#? ؤìW柩»W§¶j~Þ½)Z2:ØóÄ,&H7MÎ~´z—¾……éÝîÅò²8a  zŽPè>f^4xí \g•Ð……vJ®°غ”ƒv¦t‘àCƒÝ#ûkiЀ2ŸÒžæÖMu5©¦ôêŒX¬²} ­NÇ=0Åh"ÎËnMµCó~(ch—Ç÷màä£û¼#1Ь®®1© HB!6M¼Ñä$Ô~rn…àçD~E \„8¨Áöö6†ÂW(Òôû}Îgãs@àjefqö[[[ÆK–kÞävrT¢²ÖÁ·ß~û‚¦Õ@ˆ«! LÓ÷ò±³³ƒ¢g|‹@ \9ÄÙ?zôÛEœ h‰ß"…Ë ­Å±­q"@`â!Î~oo'Ho¾ùæÚÚÚX5yp ¥ZÂÝv ĉ@ @ âD @ tYœð‰<:ëIÆGMJøp NS¯ŠvyëÖ­ÜÛOîóûµg©<ª­·ì{¡PæÀU…ªI? ,$‰~@ è:£MÑÖ¼fä ‹Òr®z 'œ„€Ó-‡Q3÷Ï9,—y‘Ó¯E×öÐqÏœ‡OjŠ‘—„,HPví_(sˆ!z—öÃÀBôeÃqu 0¹ðQqòh?å)z„AF[Z6§é¥ôÔ‚Ã~`#%%QA¯êí@`ß)qb~‘`gš 5#ã‰h ø‘g÷L6¡ÁX|ÜÓ&q¢°(&Qc“òÙ ©e 81DPœÐK%qÄ/Ø Á»EDVº üJ7 ažj¸Sà\M$‘ì†X#”Ý"s]°´òìZW›…éÍ7ß”4¥døòËò™Y8j.‡y_À5'Й±¿I Ê24e£®ã§rŽ8쯀Úõm8`<ÊåyYN,ø¼®IÙv8©@ë…¸O2ê¦Õ.Ty®ÚÕÑ÷ùHú¡Màä·+Ä  º ¸[;„ÙPH/F›Ý÷ ²È—”]SbÞûÅÙŽUòît—ISÉ”>´,âD ¸*ܘte­ƒƒïø™M¯£££^NrffÆ4òïß¿¯¿8_ëëëš²%0xû§OŸ®­­Ù•••‚Z›¶åÆ [[[Z?T¬Ýa«ž8Ð#±jXXXè÷ûËËËsssêÿtooO7õH |å\êCúyäýP†¾…ß>} ¸¦¦àÎ’ø¸~^…ÃVŒ©¬ pM/;;;…a^Hfl¢xôè³÷ƒ µ%ö&|š¸¶+4Ùªù…ƒ¸Ÿšå”+™-õšIHPI Zw”2/YÍ&à€)ñ–;¡<%ꛌ@`jm'P¨MPØ)gãçwÞ©ÝžáðÓg ÄÁs àw†`ë“›ŽMØôR–¼ÍMm+5p®bDO'òJÙÊJ4‹HL±vïÑÂ$—JCÐÊkW‚d«o$ýP.Ä‹Ð :ÍÛš: 'õ;ôÜ· x]pVŒm•.l¤û÷B2¶üyÄ…îxK3 ±ÒüéhrÖ­›8~Ð/<}ídè{€Œv1pùàˆØŸQÛ¹„J(ŸKø7¥jU¹ab —ÁÃwJœ8¯yqí)¶ŸOI€ª®×&ò<®gÜk™ø²8Ñ$¤µ0™Ð¼Ú’gýR2jì‹çffÖ €µ[n<öøñãd×£))ýÑí å&á~šÙOrÊN¬ »»»^*Pš& eT. ¤wd÷j¸Í)Õ¾ººª‰QBBm:Á¿)½j}¥fH2Qƒc^ —†É6ņCezõLªD[$< Dd‹f[ÌÝÀÞÞ^¯ÚÒâAFo»Æõ'$xô††U$öºv®×¢û±É&®œ¿“[¶ÉÅÒX±ÆÚ@ ãÐÌ©ñ«Ž½2Ì·~™Qó?'ˆ~çwÄÍ#QØ|î!FßfòdÚo“¬ ظ÷Ïî>G²Æ£ûZ$™ÔîòhžÄ¢ÚN8+¨]¡¬÷¼§d z!gècXÕÎM˃î@ ¸8&þtB“¯æeÛÈa%³­aZ'îÝ»§)^<º¦x"Tø”%+[ê´"šü kóx^¨UªTMò»wZ$t§ŠN­í÷û~•=´²²¼™f—V8l%æòÌ=/ž‹¬Üç†ë‡¦•2Žï»†¡Eîq )Ìü«7\\çïŽ)°q½ìGÐ3IJÝäÐ5ù(öw~~æÞ'ÈOŒ ÉØþ°yûâã›öø­úˆlvàÊÖZ¥‰.™¯jK@lÀTÃn.,,pÖÁ¸ð+”ßLIV+A F’‘NðoJÛMÜB;K3¿Ö‘G4@ 0mâD­K;ÍžRÓ´˜ïÕÕÕ ´r±¢£4M¦˜L¨Mßš 9©(ó¾*DY´œh5ÒJà r¨Ø|óIy™ÓõH•ê—-]¨IZBÔÚ¦ñ!8Pœð»}Õ›ªCXÀHV¨(×îî.¹ÐVïÕ¾8럺:á¥FÒ…Bzgú¶jj©Bk’$*Û¨±A'eÞKãBŸÏwñ1¢ôÅõ}•]ßZ7õ›”=ÄâÌî[bffÆHBU›¾œÚ Ñ#³‰€õÅ:AzÚFÅç2&_4÷PõQ÷ꦋҫ:ÛÈP ½ÙOÞ½lØ«+ò^Æ¿‘:ØÏù¦Ïf?¥àê”Ä$ÙXi~Ðõ— É(ÇñuÚôª¦ ¥TzûvªQ¥©({;}q­2’ˆòEiоɅ-œÚ£nT,žª»ï±^®PG©FtA“§¼©êµGºF´K’©ý*¡ÖIw Œݱ «=ù˜îÄ·©¦QuõáÇp¹g’$îmüõ5µÙç‚á0^<17ÏkÇLjZÞˆ,µ0_±¶4úp°y]¾©>n›^œãøÑöC›BàŒË!ö®99ì¿T›0ayƦšØÊ£²bÃP_‡‹B ­‘Ì9¾<‡rá=AÛ`Oš=Ð gÓËB~J±7åÝU²gòš…î­­hQöbëì#CÓc~v‚·¸Ñ6ÉäÎOk“ñM!ï>Næ. ô†C§¤åxbeš"’©÷¤ä“õê¼'%÷íÝ!ø~¿TÕúñóŽ¼ H èEiµNu½{«@ +zÑ!ø†+aëY>£ÿÛKüʼn>ôí©¸Lcá¹-#Þ`Lüã¬Ìd9ýõ¼x"®ÀÐW¹òzÑ»0G–¾ü¡Å “j+Œ,VÈùõäÎ%NäyIƒ\£Ü$NÐÆÔ’Å÷ªîÓWÞê>ILè$ïÈƹÞ=yMõ‰îë©z ى𛒽¨ü´²£¾%ô¿Qx’Kó‰Å·VD^ûEÔÆWíHô’€/M iQN­ØдàßÔ—–¼’5µ0Fˆ—Nä–X]]ßSÖ¹"Üúú:»†Ñÿ¥G¡Q†îŸzìàààääDLÆÓ§Oçææ4ä÷ööÅjè΂Ò`G;??tt¤”˜–ÒÛêöÅÅEñ@º£/îu*ðG‰~ÑÒÒZ¦Æ³³³“ÔkZ@µåŸKÙéE*‘’1¢]YYá4L™)ZæeõESvJ 0T~Ro¢¹¤bÕ™–æ-TŸRiØ®¦—èUú]m½±b‚ž@ 0¸]wïÞ´±±qiÌ=jÄ!K „8u³?Aõ\œ:®fˆÒ«\["r¨?ÍÜ[|t?tmV¶âõ•¾–Ý߬ìxÅ‘@²»» C òz -Ë?/¶*`¼!úD7‰*-$/‰Z:°\-A„fTù󧦈)QâŒHyÕW’(°:®±ÙèfffBœL{™5^Ü~÷š@lzrj´··'F_òƒw l «qÌú¦JCô«ÓÓS/–4BÁ;>.q„~¿ï½)äõZ–ß$Ùšƒ)t¨T)f²½3§Ÿ$~üø±¤—6r‚Ïew¼(¢WÐ+›ò}¯ÒéW¥C¸ec@IÊRŸ`²ÜOYÀõ‘¼ü²D ã×Ý‘1Bœ¦øY{jq¸Ä‹m…aE?§wæRLÅ1/..걤öxÁó»Õ;ó%eµäõZ–߸ùǧwñLcjÓ-½HZ@©É^0?TÁÑsm½¼¯]$‘ä WÔlû:@à2‰Üö©6} pibƒÝvíI± BEˆÀ”ceeessS¬01`gWWWq¼‹}°%–€ºÎáááúúºÒ‹Ý‡&À¢®m{^×æ(VÉ`…{g6y½ˆÛ>>>ÎË?–——=ß;S"Ò}‚y‘@Í0G±í£8[.ë¼H[Ä´Ir™ó¢ä>®K{gáìÇzU½dgqÀåÈ^øä“OtÁoîø!º+p%r…!¸¾qã¿^¨¸r‰"L±é‡XUB.ø`çâh˱Ø,W¹p8c:µ©÷¼åŸ c17t¤'Bµ³PaÏìÎ;xàåbÜ­eï9¦Ê@¢ã„8ññÇík_ûÅ/~ýè2¾ð…/ˆVmjE¢€˜¯ð€bâm'$ h=# ®þJH@]» -€CFB_Áý¯VÀUúͺV z$N½Éóc \g`<ƒ5ÎyóÝ?*˜5<‡É’%r÷_ã€$ÆÅ· ôª 'ÄŸ}ôÑG¿û»¿ûû¿ÿûÑ3.ãW¿úÕóçÏEº¯¼ò B…øj&¦AœØÛÛÓâd§[[[{nß¾­ßÇÛŽ—dƒÝÝÝÅÅEÎ ÌL“M5-ŠZµ¶é—PµöHFKGõµÍëUÊÐ{VVVXhwvvU¸ÖTýY#qð’oõQŽþ§LíTZK26[Ú˜Àű¹¹©I‰}ÍH4Aå³Pr ‰+¹s™1ž³´6Yqþ,è2D¨þ •' {U­º1Ñ}ŠkI~¡ð;©‹;wî1·Wcè/›a‰7Cn+ɲÇý!@l/­²æ+S‰Z‚k|-ÆúkN`úý>gñ'8±r”Kw°1UJ<Û(1mÓïE¼m£˜t‡5IA¢8Të¸ 4›±c"šAyuuuUëâÜÜœîë¯&Fý]XXÐÔçk'™@.?“Û#å%—¦Sj±êp·¥Z(\ LI•4ºÃS¢¿[«lY±”ºCJý Êï¾,Q+Q|T!ú'Ðq<{öL„*Š5=½Nø xÑ ÀR·¿8Cׯ¿ùV®ñ ||ÌþÙÝ»wóBž|håèEx„{Jþ65#¸ˆ8‘ä5útaD;¾©C£ãí·ßÖJ îÖ­[ãnÃІy>è+¦ò[ãù—ž×/Çå,µÓ©Ýd6c&4{0«¾å/µM˜œèñ mäÑ»x¤‰T…P …+N8(œÉ_w¬Iz¤¼zÄ:b­²e%O‰eýÍ©1Ð <ˆ'ûðÃß{ï=É¿úÕ¯~ö³Ÿ=~üø§?ýiôO ãøïÿþoѪ(Vt+ê ‹’EÏWÕª)'l…cu©-³Xqˆ*ßá˜ß'F1À$ ¿m()ÇWâD S𼔎ج±Š.”§è‰}ÔXSKÄöq1¦6À§jx泄*ոƴ`*¿5}Ëìªß6Òcq¤/þZz?×ås©>ÄL‰lÕÎð¾®díà˜Ú§ôÑ· Ç ¼Ú­«@×ĉ÷ßÿ7¿ùͯýëŸÿüç?ùÉO~ðƒà%6è2þýßÿ]´*ŠÝŠzEâä+'¦<ŒV8Më«««½*äV¢ÁÙ·Ö ³äSüé|¢deQUš››K²Ÿžžæå×a@mll ý"Â6Ñ}aaAƒ±ßï‹“{ðàضñyA$i6•ÑT±a¢Gªå@áþýûìRãe?~\;<Õkœ:Lå‡6“-´L5Ú¹VVVüßZ+m¼ùy'}eT˜˜T×××·¶¶øúM¾4^œ)èAŠ~~N¦@¢HS6¥«ÆÃÃÃaú)Ü›g´iX{î?á3òeA²«…Æ”xv¬5Ý3èô«•¶Þb̉k”´:ܪà}$àÙÙÊѵq¥z¤ågLâ[ÚM”T½²WµŸè½vvvôoÖÖòBð {F„S¶}=ŸÖï÷mÚGÓõ:ÞÄgD ›)ö¢+#‡õØ›ÙÙt_à3e%0$R¯íf±à‰@µ¼‰ÜáÝqÿªb'$Ôåw¼¸®m:²‡‡‡É}¼6ÕwÀñ$/h+1ëÐ[gPb½Úp¦ÀUAcíáÇZT$œoVèUǺsjšñÓºy?Ý`âõ{ð\_šOˆZT#-1(›éZ)ó½U ¾E~J#ŠUâQQ=O„,a^¢Àÿ5ÄÖËwÔ«Îx}MÝ[`c$KÜ«€n§8+• ~‘>¯+¶X1i™èU.ИÕV!*G½Ê+¦8(îóH£¸vOaºñüùs/Kxbq¢gžŽ<÷ éóQ Q¡ˆÉxt• å½1¼vˆ²µÈaÖ eC|æ 6‘OpÆj‚~›v›ôHLÄdôÚô+++´êi]Øûr¢çw1õ.æŠ*°ÀD€=c†’Æf| Þ™·4S-<#ܺözD^Ó)T8ÿ ºÔÏØt8g¼— µ&ÛOš<Ñkâø Téò}Ä!Œ[jºÛ÷½©D_+ÐM‰Âë;™D=ÃØѤÝrDhè!B$%pÔ0ÐÑÒˆkˆ‰RF›Ì9aˆªU¶½K?¾n_'‘%’Í”ë.N0­‹€–+ÌÍÍÁO—™‘h«ßï+‹òŠÍF‚ (ò¢upPA«ˆf|œúy žfè닦ÚõHÍSJkçMnÔ±Tæ*h˜ù½=µ\mÐ}ŠBÜ(N@ë(+h pµðÞ6ua¬©ñ~„ú{¦=|îw——––ìÜr|†×D ÕÌÏU8øK¨}ccCó§„UˆMZ, têì8Zó­×‚ãŽZ‹ØƒôKã‡'h å Fô6AÅ'gq"Ùj3Wägü¤•ýØW#Äe æÚƒLæ⸼i“ÿåì_t ÞK¬IWÞª™bãDôݬ­­µä<Þ}÷]Ls«Ñ· ±¿¢WÔ“Äës¦–¢§˜){9À62€Æ’š}zzª ¤äå|€©LäuNB|>|Xk””ƒq¡5X×ê´Z@à’G±hUÒµèu[#]&1|µCohh,‹ ÔØרIƈ@äb#„ Ò8¾µfõÿ‚¿s9–l͘63<û8šE eɇGèÁªÍhiïïï¯W û "›ójc«üÝÝ]Z¢×Wö · 'zNåéÅu˜î•,4ukhè7™®QCòw4ÐÚ‡VdÔØl“A,÷­THй†Ñ{½ áÉøj1smÏUX»WÙ±üDç¦ìWõ^6:bã7š#¯Ë\‚ä#®É)0*¨ÿÑ4»’~† b«¨–ÚÀ¾ÎÒÓxû;ÁÌÌÌ œ íäÆžWxöìÙoûÛ>øàÃ?üÍo~óÚk¯}ùË_¾V½A„ßü¾Øt; mköÎM±×ÖÖ˜Ø-J̹ ¼ ‰GAbõ„I·Ä†Ää[mf~‚½\«Oö­o}볟ýìç?ÿù×_ýÓŸþ´ˆöÕW_ýT…®¤U7cf¹dhÜj ôïîî2l¢[Ó< ø;Z zƒ#¬Ë#x»KÀÕ®åMŸ¸‰0é"iüE&ˆmâðÂîˆúÕv…‰âî---yF‘$£šæeÂñ碾—dô(9^Gä•· EšdD´@’QS¯Û†¬§ÕW û 7bB¹ä•OC…1 èCÀè™ÀÔsœ8X‹®âž‰":ú½vVÎäÞÁ¦§M~b.‘«*¡¯ñðáC<8é×IüðJYø€öw® ¼šSª/q:qÙ¸U!ú!pÝĉè„ÀTâÎ;µö'`„81p°éÝ1 5ÙI–D‘»î”Ì@|:³£xðàâÍÎζp^&¹ža^:H«q:ÀÀ»`ôä3gÑ ½ÊžÁL¨Í~“—Ë^u Aùä¾$sˆÚ•y¸Á=´yžÕ…_çýÙNÑmˆ@à%à‘i ³ð@ L+Þxã–zD¸tÓÂaŽþu!¾sê¦\*¼öÔúÞ½{˜hSŽMô*GRª ¿ü8èÇ[|¬'êßÕÉêÇs±_j â t{{{š£ŽŽö÷÷™Ê‡–Ifff ñJqrñooo« 2à¡õLVWWÇ*±§Š¼Óç$A’9º€µµµZSfÝÜÚÚ2?°æ›¾¸¹G~À‰³þ–Ï ”¦VPöããcý”@צ.% G­–w+\Oe§.âE÷éˆhZ¦7*ÇEÀ“'OÚ×%‚¾}ûvr ™ûÎ; Á÷¥joY)NÙ^݃ÈØFA$‡+GƒH£²Ç‚l­Æ/Uù8•¿zV£sM ç‚æ½,Ét¡Jñµpñ7 £ÂÇüìÙ³÷ß_¼ò/ùËÿøÇßÿþ÷ONN¾ýíoç;߉þ tßøÆ7D«¢XÑ­¨W4,J=‹ªEÛWÕªÎN¯TËÿþþ~Ë£ŒååeÎÚ´¨+ûêêjûmÅííídçrgggssSœ „?hÚt4ìî)50é0ý×­­- ¹¹9{¤ëû÷ï÷û}|ù-,,Ô:îÐø%Ê»=U9vHí£1„›¼ zèæj¨@À?Rû‰!@˜ä1MhÔÛ^Õ%3€žjÆͳ@ ã˜qˆÞLÅv§I'ÙÔlÉš‹×'ŽÉ[o½EÔ•ûʹöööæš_¤@•ÃA›~Å(HÀ(ó:jª¬f«ñµÌ™Ú“WtAâû%T£ÛŠ×pÆ£„üú‰ž•’†\£É‡ù¬b-‹‰èJ©Š4~‡ã¹qjε.üÖ@òHlý8º«Ðz@sHîº$\97˜P4ª»Zªî–8AÔôµ - ¿ÅèêáYlŠ:×x•¦¿ÆÇhí—¨¸0c3Õ/ÿ+++]µ©j*mÆñ™¶oí7Kt§_a¸ÝÙ@`´ÐBv~~~³B¯ÚwGTfxö\b ÓÓSb—šSpI,..r̨dÁ†7*ô΂q†=®D¨°^qi!f&‚n¡U; èÝv+î™bh\*F¤ì€._,‹¿©,âc¶*¨ÀõõõããcÌ%‰¥Õ«T#L~È ôöF4@òISKÄfáìL,‘x//Þ`Êv,†§J`> LÞèU6OÁQ®Èð"`‘´„m]ÌÍÍݽ{WCR¢2@Å!FRý£ Þ;8r…HnÑÀÚÓŸŠ²’ä<²&éh=–Ô£8˜ )¢÷²š“X´Ÿýìgá(%Ðqüò—¿üüç?Ÿhè]¹\Ñ-qBò²BÅÞÞžg¾s°7-áDvÄã zÕ#±Ÿžž ¬m€8'D„ Iˆø§ÂB±D÷•Ø¿‘©%‚$^ =cÐÍ'h[äŠD‘­“%ü_ }ÊTÉ×’4ÖÖÖ” ;;;˜œêjðÓ ~#`iiIµ ¨(ä–qt—j4a‰– $Wv£‚&®ï~÷»Ñ3.ãË_þò×¾ö5;LëˆE‡Ä vFÛ·!&³„¡Ë·aÆ*¹):ãÐ@»ÉZ¨6~Å6ûÆß«àe 3‡,è4@îÞ½Ûï÷Åý}Âù‰¶E±m˜rIÔ^]Œ†*juu[ •c›úZ¿%ó«Æ!‚òªÌ““ ¥Äç  ä<(ª#ûÕ«ŠØþ¸aº&N HpñÕ¯~õ‡?üᇞ={öÛßþV¿Uø¸BDÎ\Y¾Ráf…W_}õµ×^Óïë¾øÅ/ÅšÖÓÕ7»;c{{ªZ¤  DhÙMÝ_b¹Ì×Ó“'Or~Åt|’>ÑwÇP»{ªìùÁ(‰k‹òµ %^?³@G`ÆB~Xq¤P>-l³e ˜ÝÅ[‹zdía6cÝ ù{1_±‚„„çÏŸÿö ï¿ÿþ|ðÞ{ïI–ЯîèB¿ÏÏðI…'ã'>uÉ’"ôû¹Ï}Núýô§?ý™Ï|æµ3(¤$«-:t:A°t¯MqxxÈÁBÓ"]kØà·T-B»Ž6{«KKK”`"-ÔNpœ"Á€\&*ìïïKœ˜í½¬N ÏaEYIe)¢.¢Ø„à±±¾ ,Ñ«N?F~J·6Ÿ"Æq¼W ¸Ü8›ÁâÌ$i¼úê«$àQˆË'8š@œàtéÉÁè¶#ÍîŠ8+U‰~ù× ¾“÷Ý”cÇñYi*FbƒPsRù(•U§T»¸o®kÇóĸ¬IüÒè-T‘‰ ¾ñî=>>66H¸S=òEnBsh ˜&ŽÍk:™V Š%’$Q F¢Gq"z/p9"®§IÄ `÷M¨èBŠ®ˆbÍÅ['¼>|¼¹º¯… "j‰­¿¹¹iî_%BH!ĵJP9bè -Q*DY0åDÏ»6%Ç)Iiº£ZT—ÊQ¥øÙTi»»»µö j¶ÊQ–кt—³ÇW(N|êSŸB ª#V`;ñâÅ‹8\qš(‹Ì "Dxýõ×¹HÎ(Bœø?<}ú´Ö8AܶX󂾓ä 1ââÚ1™ošNø‰²bïÝ»'®]¼»¯(?v੸ÿ;wîH P®Ú BwçªÔ•@Ð:åÅ{,r$KPÔüü¼ñgJ #lÓÀå@|˜ÄÄ ]ˆEÃÒþ Å3¶£‰'ã'zgfÍ¡„Qˆ2yd6ÙWßì@` ¨vÓF€dlÌ—££Àe™ñÀl²…gÏž™Õµ9tBœøä Á2.G¢HLzLëÉì³MëÉ䊫õòâD =$*,,,4¹DCØØÞÞ¾ ŽŸdü¶a"U+œ¨cuž†›¤¦Äïs›æuŸñª½ºÃxÕ^—`à% AR¾žøµû‰,!p $H¦z‡V¿vß;;¾²fÇÀ#:~bµÍ÷@ïe‡ª^œÀÓë^VUB¯²wR bܱAOôh¬³Üòò²@0¾““ïÿªÜ¼‰"<ÿ¼T ›\W/ ^‚D¿ßÇʨW¹.ØÝÝÅWç¹/ÑÂ"DZñou¥ Ä–¼÷g½š^°}óº,K$òƒ¿H$@àJ8­ž3§¶kÑd{‰‚4XJI{ûl/H„8¸*q¢ö˜Â ¨7¢bé”%8‚xûí·u¾ÓæææÇus~~^l7f.Ï3èºHøõKðm7 }óº óƒi,ºƒÇ›Dºj\2›åå‡^å©WÙ­š$€àå„&A‚ô1Ùñ{óæMïÇ)¤ˤvOØvá°ý q"LŸ>}º½½M¨G‰Þ,ûí ºó BÄpìŒaò‚Äßþíßþã?þc/Û— î*pU w>|Alnn&ª°t©× ©íö^¥ bmÖ[(Íáá¡®•Q%ˆƒª= VuâëjK£FÓ[™ŸŸó™p’(Âô*=Þ‚«q÷jwDNÛNèCê{$ÎRò.ʳm?ÑÐ^pý>~üØørÑ>ðâââÓ ö™•WD³³³CJÉâæ¡!41ô·}›¡0ÕKÛz•á)ØŽÕt•«"ýÕM¨?™ƒj§ Ñ"Œ¹¦Q½„ئ t’{M¯ +ˆ–úNíy5-ëGGGžÐòý•¯|Eü%k½žj½î&«W µÿÏþìÏÄÿˆ ºH³k·VÛ@]§^õÌxž¿ù›¿ùú׿n*y·±û´YÙÅ,é—ÃaÎÿüå/×ê•è{©µyKh¼¾#GÍpžJì é÷ûèµöªl¥¯=÷U¯Nä*Ò¨1¢˜ä¦8o}•¦,Ožº>ï®É}‰Ü«GíZshqé¾uþ#â›üp õ.--õü¶™Š%º7^7A%˜ºË=Ž¶•~mmÍï÷ ô%mllˆÏQáp¢^q&T§G”IàFô¦¥6eïLÕBô¿½½(SÔ–c/˜¿Å@xà” á¸Ôxõ9;L(dW#ÙV÷z½ö…çææ(DÁƒGªQåç=)ÑÂïÿr3oä¹z£Ð«“½„tSÙiˆ#¶äøŒ³°^åH®é|ÍÊAH…í´«W©H q¤UPvR&&a¯cÍKú¡|Ò#Qv7öᇢéôóŸÿüG?úÑ~ðƒï}ï{ÿñÿ1ÝƒæaTV¼nƒMŵZ—¼Þ ø—ùѪ(Vt+êEßIô,ª­²Ó»"øûä›æ¼‡]ùõ‹35l®Uš×m6Õëry#‡¶=¥Aغ/¶œv¥V·§¶¯2äõÁr ¿š<à Æ‘ý­ W+Bl³¿^éÀ&ãTQ˜÷Œâp½QîՉÉ–…LI)‘½H*aÝ‹˜½—#OyiX¹Ø.JN»zU”ßѶœ!$¡Bås~²°°§@àÊw—¸0e'ïÎ*Á¬&d¿1)ŽÛ¶dZö×ùf§P;óè\§%Mµ´ÉèëÍ=çL%>ª`–½±Å±^v嘋HD1¦W…ß±}ë­­­ ÃÍwÓ0o3¸öFË^L¼8!H`ðs½€:£fé[ŠPD¦LôzJ2/r˜›°ÜœÉyº]oooïB‹Ö;8¶ †&\¹Pñɢî÷%þ`>ÿkáHÄ -" bzôëõ7TÂÜÜüiz÷\‹=ÒE­Ö‡nÎÌÌðH«€Jè÷û¥_ õBi¼¨@™\ë‘X[ôµt­-êåÎÔ­é8™¦ÓXEn¯þS΃ >€±ÅŸoAßIÐ#±(–QÜ­Òp_YŒZÊ6ñ-½Êu’~E –‘2§§§I–)[Æ¢¿¥‹”ž×hr‚ïOIPÊ«–ÈÒ[¬Iµ»_Ø¢Õ Mì£TÚ»ï¾K ½¾žxö`.*@ì‹„<qbÄÐ2 !gŒ8z‡D¹&<&ëØ6 ƒ(¯J@(G /Q™%ËpÒŽ99ÆM­_~T²Ñ:#'Ìò@d ïîiºO'˜¢m*™À½Á+¬ü“ ~Š]L­2¨g „À*‹’)1¹´å|¾)-T‘®U#E‰qÁ£Í‹ˆ+][[ƒÁ¥Iºà¯ iÚž&qÂ;q«Dщ€­”´ ^V_Yü†nz¨"ñ©Üàf`‘gdü")ÇÜáô2­“¦NîUÛÁµ"º‰â98úË_ GI ¨¾k,›¶ [À¾°ç:rœzL¼8¡ï­9Úörôuí›}³X*H–ÐM¥dïGyß®1é‘Ѷ °ÔŽÑ±"éR”?žÓ€ÁšŠG-Ðz Š W(K¼ÈP¼˜ê¸0möY8Þ¨ÀöÛXø–ÑúB!’+Ä"èW³ºå‚Oòœ=!Õ}ØSÜÈP”ŠÕ£66©p¢há³ù¥YqøË.ét‹Þ»76e§–²¦·}Pq½¦!s¯‚¾—ù]E˜È §ö0¬…Ë-Y\\„t-£ŠRÆœYoŸ²M^Õ‚¯•Ø/6”ó~ÐÐãl¡6×þþ>& þ¦õ?zeÊ »È8+˜øNP¥çKî«E‡Å&ª«çÊH¨ÂÄ»ŸD‹Ç,oÓ4Fˆ}¨…ÁS³0rwùöCa{@åHÀ5{ |„‘^4YP Mµr’~P–©¤¼@ Ð)AÂK‰—§èŸ^³—XÔV½‚“i®ê‘WŒÆvÖËâQåi- º©Gº8—ïÈZïç׊€s“k{tÉÑÄÄTìT@ÀCQz_ãÑE!¦Ñ„%´Wè7ÿ³… ™*AÄiÛ¬›››ª]áR–%ssW…z=£«Ù&^^^Vuô•jTíåêöZ•ßÿHæTéU‘> ­–z+—ÜØŽ Àµ>aßÿ}-x¿üå/üãÿ×ý×÷¾÷½ú§ú×ý×évëÔËb¡š‡ö}^ÝôÁ»×zžé5»o²M®^æÚÅ»GWÉè,åNl|“’ŠÊ§ßüæ7E«¢XÑ­¨W4,J=ã=v„žZzë2µJÁüCòqÙþÇ•SïÌ„€ó+Ÿ+‰›V[`¹‘Ä°b—†Ûè-!ªBʲg39Ìá’•ShjS±Jì{r`·+=­µsQShmí÷ýß{Ù®ƒ€wV æ~ªÉ³S¹7Fî/îjq³8 ˜j¥¦&hu÷pxx˜G%Úßß‹nݺUi”ýÈd[Ô¢×aÔÇfª5dÊ·ÛÛÛX_ÔnO“瘨w„T=PSÀkx5eôßWÉööö?~¢ï†BZí¸öýŸè­ X-¨Ù7µÇ—_èi OÛr@ §Ïž=ó§ßÿþ÷µp~ûÛßþÎw¾3ÝïξorDl‘N'Äç%ØÜ}‘ û¦V8žéñaO¥~cÕ¶f}^ÛaÓ Ã7¾ñ Ѫ(VtëO'DÕ£:q:@ ÄÊ­¯¯ëg/ºÀªÁ»áoÚÛ«««Ê+Á`ww×<‚èÑòò²©œGmnnªÌä¨AY”L”Ôâq hêòl¸š…†.âh"t!N@àZãÞ½{KKK’°‹%"·sMT#Lºw¦é!þžPJ)Y™µs÷)¹ÅÔ”Ý\6©. 0ûûûÄD“hOsN-¬j¤©zgM¾´@`䘹žú²@ 0X ìgÏž=þüÃ?|ÿý÷õû?ÿó?¯½öÚþáFºŒo~ó›Ÿýìgÿßÿû¯¿þúg>óý~êSŸzõÕWoÞ¼ùÊ+¯Ü¸q#º(+ºr:aáÞ<:îK+ ­ š¢kÀȸÑ Ú@ 0]Ù777—3ÌÍÍ™Kæîß¿ßï÷‰ o‘JËÀ™ñä•·)b¨„5Ç ñØß߯móÀ¸ëÁ^… Ü@ 0rV,ø³À” A½Àõ'z/»øÅßÅ­[·$4qóžãG{õîÝ»˜Ä ¬KÅŠ)Wz<»)K,]"÷ËòIî·˜p3cê¥ý A¸×ÛÛÛ~DˆŒÛD-U2³F ñ}ÆÝH;l¼_a¬uh¶ðRå d$PíMÅÀæu\ºq"0YâÄå+C~r»k¬í×”{¿—0_Z?0··Ù¿¾.與©Úp*{¸K<ñáOÃÇú© zÒ{Ù- 1Õó’Q[j*­)ºJ^š^äÝ µUt¿6È‹nê‘ ì¨ÀõAï,¶®ÑC™Ú…Û·o¿ýöÛÜA~® ¾3ÚáL«šÈ~TÐèÐëh$jÐ%Ž>mèiõe5ç¨vµA-IòÀæuŸ|ò aìNOOõ«_ýä'?ùÁ~ðoÿöoÿüÏÿüÝï~7Æ] ãøÖ·¾%ZÅŠnE½¢aQ2aìòhÙC;¶Q<0¶ZÇѲýšÁ”2aBÚÌÿ-w'¥j‘G– G±ÝE#„ƒƒàOãèèHT»¹¹¹³³£§’#———-1q‚,—/DPF¥¿{÷.6.Òìíím+\¼…ʤ‘vúaàKîý± þ@T¬í»è‚ˆ­!_CˆHDTÞí »,(ÇbÙ}µtccCT'"±hii ZÚÛÛSázêË!pþîïïS©hˆÍÏÏÛ " Q™D·ªT‰}3òºô ”9;;«r†³8¢”]/µ°°àµ ñ~ ;ˆšgÒÕv4Ú4¯ã[¼Â ÿ÷/-Æ] ËÐü«¿ú+‘kBÃ#¬½€îâÑnÞ‹{Ѥí'óðAèðiæït cä•â¦px×'PZYY)œ©é—@Œ^ü±UAŒørIâft¡¯›bâ €ž” FGÅŠE[0‹Ã1ŸyDñéÞ½{šƒ0ØPíìY¢µÂµ-Š(¢NÄ ¼ ê‘JC}K…è)†*?ˆøÚB”Ðï÷½Øý@u¢%0òÐHüÜ[ô_ea2)ª‘(ªtâ}%h¼ˆÞD½’tGi$l0¦t­º•Fu‘]E)%µkàhTêWw’y]Z¥Èµ»»+é%‘ŽZBá­‰mœÄ0f «òƒj¤j^3Ù}(7¯ãB…‰Ÿ|òɯýë+|r4ìÄ,¸4ÊDf¸q†W*|ñ‹_ä¯Qïå4Ië5“@>´Ñù´ è°ë‘ïâžš÷ª«Ýd,—ã_¤×Â¥Õ¾òEæÏ=ÆÓÜÛM!/e’C Mr5•–¿5Þ¢[~Ê6OCœåÂŒ ë?žgŒj@¯ùC÷•]e¸+1ì…. rܼX.1am¶6}›¡]±JƱ©jTM¬=â0Ä?‰ÉðT®_=‚÷Ó¦ràÉ <‚)‹y:s‰ë Ñ€ø{Ø}tÇN½ô—@¿‚8õZjŠê T]ˆŒ¡Rʱó:ÅÖ»€6àõWD¸°°€îé[g`‹9×êmª‹3·ÞÙ.þpk¹Õ¢‹ËWc-7àÊ›7ÇvÃAŒÚ_þå_þÅ_üÅ|ðÞ{ï}x†çÏŸ?{öì£>BÆ¡"p d)j¼yó櫯¾ú©O}êõ3|îsŸûô§?­_ÂF+Q$ª\kJ´Íi6ë6éäŪ-îÆÉ(sc¢¼@@J€å° ¾Âlê°#…¯ ¥¦b3æÔ$l{µ:vS堿ʶ¬¹®ÑÍáv6ý+¨ Mþj¼Þ×lÌÐ¥du¸šÍF­½/‹]’Ëz‰–+™}]Òr_)™¾šJkR$AáÅôDš>%ÉôW‹)…ûoâĸ˜$Ï%«ßõyô.r¶¨EˆK0èm¾ŸèRh_…çÐ-Ñð`3’;Ê”×´=Ñ1*‹‹‹"nŠ’PAhUßÐzH[lr„6ìO„çõggg?~œoœœœØ2Àù˜Ñg²%c¯_)=Ák°ˆÂ5鋆 *œ e].0m¦(bÜþû%3Hx°ía‰ºâDàòÅ hòµ×^“,ñZ 11e§D5€½?-Ó¦k Õ\“0J¤MúI™z¤¹Ô‚®WÐ*{Í´°ªš0q¤Ù'1‡S]ý~_OU»ž*¥þ²_i)5ÍbB&FH¯ f#á©št(4™kù°­LZ¨*|«H9D™‚7}KgÒc^qTÍÃqçðz„0 ö`±¦·ƒk×»ÛÎ_GTšR* 渞ÚJkR$iú”t5œ¤ÕÂë ;CÉí™Ì'Î "}ú;¢{}6ÓA:—db×KKKˆæ9õä¹$ÀˆEÓ¸‚å‚ïo:ÊI›55žÑ2GNE•Ü¿&E)qX‘vTqXŸVHFì\"šŒðiÖ{yçۣ͞~æbyðbF’%§—lŸŒ6NuÝÂ| µ¬kh(™Ñ•¨Ñ[ “\yó†%¼š“—($6ˆi³”º)‰BâºO1ã 5ê× ^–HTžF%QԪإn1ô'''šý úÉ"®ÕÅ›Ò*Àtê>uÁi7ÍUö׹Ь¢I>î"ñžd-ƒ!Î$ߢ-èP0e}©‚ŠÕ}ÛŒ§åøÙÈ\5Ih¾CØ„¥ÇT?ËUùv¸¢¬M¹ºoýœlöuèOëvrk%œÚÒšI Ÿ’®öB‹ÞŽ~ã¿k®¦Mœ¨]ªŽðÞ™áµyBÔæã‰ÑAØ͉‰UwxxˆêŸRBK["ßfèRdÔ4Ø ,èÕ¶7P%ì¬éR ;£C+¢²„XÑ´”l{àgL$m»&¢t¤Œv7ê¾è »Ãž {H>Ô_ôÞ¨`cÊÆ‚è¿M]C@%£Ù¥%Ü\±]&˜7T;ݲ±±Ñ©æ ½ œì‹iÃLŽM7?ª`Ö1—#N$¢L:á…ŠK0Ÿ¨eQÚëpÈà·9åË7@¹F\Éë-lÐ$–¹×™²EÒZÞ.a¦­Uçí:ß04©ð»ª“Í—&VPý©¾¢cÅ;%+Kû^*—Ö¤HRø”yW_c×›“þlØÚ„þ€‰}Ž¢£E(úÌp–‹,p{ñºqC Q°Dk#¢Ô_5innÎN9•RŒˆš§jGŠFýHœµÅ¢rÍág(Ñ*Â'„!æ^mÄoÒw¢W96@RE”¢›ìýxón*}*¯ÖŒ°¹£\ìA‚0”\Fd¯’qrP[—WÕ­U‘jN¢iLÓÙqíFÔ¡WÓëïïï«Û“¥Mó:%Hø£ ±e’Ä¥au sÇöüùóÏÙK#N3¼rE¯¿þú«t‡GWb“mh¯_ÐdÆyzzÚ‘.èÀBÊ:y«ò÷šŸŸ¿x;ñÃiU·|w-@Zž4÷Þ©à=g¦ÒšIÚ|Êk… 'Êö‹ú¨èŠ×xQêKÉîQ¹ã€LT‚b¢ˆU$‚®ž‰JTÅp– Û¬ÚaòÄEé&ÔÅÖ²‰RÕr5ƒä^µÁÌ©yâäDÙöR½³£ŒÄhàšÀ*ƒÉÕ…iôí ¹¸ë½šö^öHÉ’~•F÷“sÛ¤É)3‡ã~C(¯ËJ`x^¤Cʃw´C»vÁε¢Û7¯³â„ص^å—û}ôâ„ù£‰'ã¦Ìž; Ð¯é8½zŽ&Ì|âª"0¶×/ÈÝ3ˆiQÞÙÙÙ„C…ׂqOÊÇ7Q.ot( ´j8—eˆ‰‡U3áÞÃM¶´ár°VÛ¶=šJ«U$)ÊѪõ†8qÔžÁ^‹Ÿ.ЮmsÔöû{•—hS¹ëU{´ÃÖ>>V^l•Æt^r%—i5Ëž‰• vÔ`Ò‚H˜Á‰„%Y"pù…I œQx)ÂÛa#N\•ÊS€”^"—ƒ8& ÛÛÛ+++¶½±··‡××r.%ÃÕªŸã6ÃQ7Á€z—ĽéXœ(NãÞ zT¡Ö! Göæ}«û¼šÄ; €ãÚ “7¸ˆ!¸L˜À…¼ŽSÈ@ˆ@ ø8¶@¤ûûûYUÎÜ f„ñ?Ç×HÕ˜û«ôR’²òM¸~¿OôÖ²ó¥  ·nÝ"²]¡JìIq# ¸1>‰9ÁäoÒúñÇ¿òÊ+Þ^"Ž&—O¢IÐkÜxAÂE!N .QÆç*¾öôô4ñ Ì}?Ä^‹¯Å¿Þ'?~¼´´d¾DT¸žúr”æääD‰õû~tt4??oü1itGÅâK9Çš‘×…E£’ÍÎΚÀó‚ð”y|({”\%WŒ/(5 ¾zÙÅÅE½”÷‡ËgÒ۩ω‚Ô}êâh¢÷²M6b†ý “‰ÀÕJ=çë©÷r@w!Fn;1qè~¬›@ˆcj½,hb—A\ÉÞ¥(u÷îÝìÅvÁÍ‚M ŒuÎÝÕ™ï "U‹¿׋ãŽý â}%ˆM—¼³³#ÉAw”†x‘lƨNið¹¬ì*J)©]#W¼µ~‰Ÿªq‘×uçÎríîîJzÎ pœN$Ô”.é:r$µ$ÎÈËO»Ï¨ù¿€¢i&”Ê÷Õ$ìIŽÈ\£21÷‘ßlbiLLïRÛ¶«…o¶^D’9¬/›9êiÎÂ^þ§ )"¸rtå4P“˜ ýs˜.–EKT¿ß/¯Á„\QJ\q‰Ç"Üub_p´Œ4Õbs«x&µD±p]¯Ð4§«%{øð¡üäɱDbÂðŒ°æøïë½lˆ,¢õŒÂììlxUóW›%a,’ÊŽgC¬H*ÐM-ä¢üÚÑÚ²®@7å w"qç/üÃ?üþð…?ÿó?ÿÇ _ùÊW~ï÷~ïë_ÿº%ø“?ùÿ÷‚øÞ÷¾§õ;Óa¨þàþ@íUêØ¿ù›¿a—*ûŸ4úú*è«÷w§/«WK¾EÃ?w9MÆ€ ® /ºTÄ‘û›h!ß»w¯­kËH9ð÷M@\|?•W,ŽÊá/2†%f—÷ÝwßÍ˹uë–˜¤ä&|^¹Àа1‹95®ÄqnkÄL2‘·/,)¢U¤å©S‘ .F¿Cáºæ—«§¾œ;jë²Á³øEú¤¶Õ¨zm¨ZÿŒzq^™ÞH&t±lbIæ·)çc¢7{5]pôä É&ÛQÕX;!wjÁúNá“î [ì+byµ¯™ ûúFöÓu‚ßQo\í¸ÖÔWË#鼕AdÙÁYˆ¦hF/¨n¯}#ƒe× úDbM–†$¯_ DÏ£¼×]9¨UEÐ7xXLÈwÛæd.#"ýöö6¨¶Ïª¿;;;ìéZlH¢± ÈÁ µI¨€ç#ù͵µ5µ™S`UgûÇÖ€½ º ÁÌÌÌÜÜ\®ù”A8R” DuD¦Xò°\̨œ%3}¥ºž¾ÓÑÜŒ×é"V~J¬!šÉ§MÝáĬvŽÕý\£¦j)hò4ÁWD½ )4¯ü­Ëlê(Cîš–´éÒ–àóY(.;Åê©©mzkDô£¦ zë~¿¯ŒíxÉžÍúRâ†û^Êõøñã&âD+0S ×Z½õøhjS«t_ÔÈüiï¢÷JÞŽ§±ƒºŠ¦b¾±®½Ž +‚'TÅêê*Ó8+;q:щ].äÈöû.ì˜&¢'aêyŠ¨`B<„š’ýZŽA$Ý*‹æJߪ°mÎ|S¹¶Vâ÷µÛÖŽj!£Ú –³µ<ÝÛ9ÑîSú½@#Wa²Ë’ìî0ozJÉ!±ÛM?ú¬"ÝÔµÛt¡¿Ê¥qÑ2¦¨;¹ŠbB¯­ËÊW²ò d›y ¶등.{ýÚ=xë«é;š€$jéMÝz6Ô6t5+úÏÁdh{½¾4óÀ#r%;âì%ÕyÞWÝNŸç»ï¶ÅNiÞBÏG&.Ÿ«šWX^9Âòâºe;hj½á÷ÔhOSûviûÓ ìkÇšÍ9M'E£=êÔ! õÚ(¸à~öEÎÜšz»¶Ln1ßÖÉå9¾]¡e–/UH&[F´ –ÂüÇØB6D‚Ù87)v§)Þe;ÚGú¨å5¸–¤<­1H™Siªv¦ò& GÅú35Í)ùrh¯`ÊQ4ÆR*Á´Î¿I‡ñI¢O/µªµìŽíÈ êf*aðÁ07¦'ÃdË$és±Àû¹ÚËp&BŒIu 8¡B(мІdϹ+šGËUˆréÚÀj®qdì¸r«ÔÔQzAÓ#cÞ~ý¥ºB—¶ç ‚âÀuªè¸6Úp»MË4_ßw û Ü« oaO øLð<–’-cýuÁŽŒÈÒÐs‰ ñ ©¥zMªm<»Qdô7kÛSèÕ%ò°-Yq‚ýÜ|?¨6 ûµå0î âD2 l&Rœð À£–«â„ ~ÿ ¥8ûš6T%Z×Ø0e[˜”mf·¥¢°¼¬Lg•nWˆ––áÖæ‚ö‰mSÜóÙ/ÎlØD6WÃ7{>#Ù$†'{ÑîtÂ/6Ḝ¤yLïV{Ó|N›ý8ò"Y¡£’WHÚïë*tiûïØr³Üt ¼ Š_§ ¦ÂPN¡rV‰`äDÿà㎃$dóëÍŽ$)qezÿ&opÚé)ÿ\â„׶à»Ó*êmj¼™"˜F¡=¾„äR9/¥Ò؇5î®@o¤lùvôêÀOY+N$2¡þÆöÙyѹ¸œK@¬«««›››‰h»µµ…†wû.=Z__Çý%Ç^µØ™P9ÝÙÙYZZÒ+è¦òé#Š1)pã³Ð_<éÀõ¡¢Z <ƒyË1­è*èÑÊÊŠW bQ@§yooÏëPÁÁhî%¦a{áyóNøyóÐêh㡵@)1§±µ†a¼†  åf`—Žõãú[\\œÊe?ÈådZþËç&héÓ˜¶›:Šœlž8ÈÛtŸ}Uh^ÔŽC ciÄYpÒ2­zbí! {j‡5/41˜£‰r{’BôhaaAÔˆ™c¯OdÏÜݹâµì“Øê-Aÿ7Ð]1ÅÆïdr“£´‚=¤“Ì•Iˆ\‘2#ÙfXåʳôÎœmëï´¨}––™™™Ü„¡ÅL£0B…^sû¹@ ˜Pˆʧ_€}êÀ½wfvl`Ï’Gkf„^1ŒÙyôRk“ý1ž6ŒÙeSß+Êi#%Š__>æȨØ%K›Æ{滩=y!èDõΪz*ãŽF"!œ 8Â1°7ᛈ>V9|úÐ•Ó Q kCÂpëN˜8 qeCͶo¤2uGãçèèHkŒî+½…û&u¨› %á}•ÚLœà¤Á½ÊÙ?%‚«.%Ó°‰]Þ@ 05`fÖä™OÑ»»»™&ØZ”UÜsZ½Îó(šÃ}0Çž;Ä v»žæ…_<˜ -OÊA0˜Ñ6ƒÇB—ž·µÓ/¬†ýýýI î>Z°¦ûÀ”þÓóõó øs\Ù^nô)ó/‹"8ÑnSÑÀÆ·iO^šEäJÈR¹¾Â¹F«Þ¥à-Í7 ß\-åó@KtåtBl·HA¬¼Ì¥¿"ŽÄ÷bMZTIJ3ª%‹£wÈ_­(øÊ î5Ò9"²E³F´ ¶‹$u$<µ4ªªu_4í,˜È·¡é¦(¦¢_äï³1Tž·{gJ2Þ£¨ï¹¹9ÍÒèXûG’Oüq<„ ô.X/ffflù ²{"Ø,}q9J À¹mcé•Mé¨ ¬,~5ÁÿænmÏÛ¥ç-Š…•¾õ<û¸×Vx®õ*^bˆŒã¡ï—?Òìá• Ó,N°gƒDAxK"U”­µfܹsGãYYz•Ýáœ`Q-Rƒ³ç @é• í=j!¾„ý5ø•ÃW­ºPŽ¢Íj<žpüÖç€>8F LîÞ½‹Ú·æUv^4yjFÅ|¿Mv±§6—ÀÀŒÍ#ŠÕ¯&yì,}v¼+»ÔHT»r±Á$ÀørX9e^üÅÕH5ØÊDh­Aîý{µT‚¥£†îÒssöóe‰ã¤ö§è*ç,©wTïzuêÈ®åÌ6\²¿ƒÄØfˆµGûÆÚ“¢a(‚¯Í¥ò¾B› Ïk±õÜ׈P!>S{¾4&ùs ƒž0Z8—Üó×»<~B.ršü`´ô‚ŸØº+þ q0šDíeïÆO¦D17Þ[Q@Wë…3ѵ£Ûms»²#Š§Üš””Vþ›ûð±æ%qEš¿p^e{gæžm: ¿±½3Ÿ šŠmû·cÁ‡WbŸ:ñöÙDð¾sÚ8‰ ¼ä1/º`Üh@ &UZxfPæ•\ØÓ‚8a>šHó»Lº÷²ýQ‰åÆ›å'uÚƒQûißìÑM"*4•?×ÛYôÓ{W½‰´?%C[2þ\˜yq='0rpâüàÁƒ*[@ :Ž§OŸà¼qii)_ÙQ:==ŸŸ·hT½Ìؼ @¬ÂÑÑnv“”–¢Ä/λrµœ¤üfAÞ¦ñ¨ é­ñgShORH¢¨û˜k[9å¦êÑ‚¹‡jùvÖ€ÙÙY*|OöŠ>±8 ¶í¼qbŒ`øÕÎ8@ 0 Ÿ?´.ÔâD @ 0.p@q9Û²œ‡‡öyq#º @ ÐA¼óÎ;—âÑ£Gæe!p.ÄéD @ ˜|qS¤ü~nÍ“»‚d·¯‘ˆ'[¥Rlm<Š^åç›@[@ L.nv§)’%îܹ“«Ç ”Äõ›o¾é½n‰õõu ªrûömŸy⺠nIœP½µÒˆÄ $'@àú@ËÊæ榔sím]ÏV'Æ…óZÓ‹éO¯YR"øûÕ æŹ Ì&6ÐÎÎŽæÙÅÅEÏú«¨–ÁSUu­…P¸N½§±žÉ?}úôþýû—¦ê=Ñ­š8¨÷ööpúÆo¬¬¬ŒuÇPäê=Câ+rmmà裪:4)#ÁÄ›bk¼i°Yà’{÷îI`xkKŽÆä“'O’…rhÏÀÚ9÷ôÐ\ŸÔÂß¾ä@`„ŠWàZC@AãbÜ52šVk]z#\8Ô>e×pÜ—F7›ª.™"tS¿Jpûöí)£+ø`{eý»wïæs,)!Bõƒæd¦b›EI̵8ÿílæä/³k>cÄÙ|k³½#>pîõ„®ò† *Ÿ¿JÆã‰?_M¬aJl#‚b©Q÷=…Xùð¯ö.Œ_ªË;Áº½Ü*DýäØ‹šómýfdoŸ"Aæ„;·O \|{dŸ[¸cšö-Œ=φœiã 9P)߷Њµ €;¾4‚7*Ð]0âHö%Ëü/¹vMœ8W–â„`.›ü¨¡8Q»läâ“BˆËçù4õ't Ñê‘V;Q©§V8-NZMÐʤ›ú+fÎèö]yY·,î¨L•ÀºË5Kc^—•©ê†9T,‹\íÂÆ÷X3neÞ?Ò«·=}Cþ;ÿ|0â‰dÅ>.Œ²gs¹ãŠ˘L°þ¯è-¡j/lx^-™o s¯š­Â=㞈þlz§^ß°wMâ„—I¼ØÀÉséf"ˆ"•Å‰B«x/¤¾¼ì‡y,ÿXÆî{ÞÃ(Öïãx"AÜõü‰I¿žsð…]#ÃÛ€‚$ø¸ úÆ$”ãKV#½@‚tdû°^Ôa({·(0A˜lSlŽáoèž–såYïã´*0e8<éÅ–k ˆ‰w‹!”mhÄjhÙxФŒ{-<Nl‚òT)mT_‚±f p%˜ŸŸO6´À`KgkC~^—³z¶bÝe¹7µ€‰ƒÔàš››«=ghYW`² V†Ã+ͨš`%Ibm<½·(3†&Ùy5ÃÐóÊÊèËg_é"¤…Pñ…Z/¼jxLòòpÙ‡Gò²fYË¡Ÿ^Dµ« lñ¦¸f2 ½— /´ÊüŽø1W$]€}#Ï÷‹ì5ûå.雈ÖG}â±J‰¸¼Ç1½ª'âÄ°AÕï÷ñÊLH;V±MHhr3zõ‡ƒ¸jUzåR^ü5¦¢|Îâ<Û¤›^ÌРhÚÖÅŒgMˆî‚ÑÊÊŠ*=ú+†ÒÛùÕŠ4…º&´{­gt‘ë•ÙSÇMi‰¨ô¹M-çiÌ7Å»à Õ84ÜØÍÁàhÑtˆª5]ãɪÖd®ZZîžÖJº<2•¼6 ŒZGL•«àÙ©W+>¡xJ• žô¢¸©„éM}](£)ñ@è•  ­b5ôœ1õÆHjÏņ„ä’½ø Ò,--m9hòÄCL’+—[ °ùÙK I°ÆAª.q€Ù´÷”4Â+ø>þÝ1ãÑ{{ås¹vÁÔ>b{ä Îðc ð*ˆ˜‘øjhÙ˜§&S$3BÅhÉ›m ý¦Àp„8á‰æ¡=܉h€x—Dfm¦ÃäUeî <àõÒ,³¹ƒIš ¡¶.›|r æ!¦ŽB ãžå4˜g§Ä:Sojž¦rÈCl»öœ?%ï¬&qqCÙ„¾7Å®µ½Îÿz‡6ø¢1cÖ^³ë SÉ?å[h·›ðÜk0z~qæ Çgì5›b7ùða_Ì¿Ž•@ÖÉÞRÖîÚ´Šs¤Úf €nÁ+#­YˆÍ¦ÖÜ×Dh®|-M±{kŠ…íé½ì€¡Z6ÅFUÕçÂL¼Ö%fÙMàbæÅË>ÈÀôˆW½JI×ûÇ?ºÝd/Ã=ôp|Î^i¿ßÇ-ŒÅR0´§fggY~0aBO£wfè™Ôeúè_äÈ¢\Â%(r\Û¸=çØ>ñRïyª3‚pg„A?fúùØ(üí9wûIÕæ­ß×eŸ†•7)&x&ÐgåÚW4[K8jHfffÄ*M>{gŽt‘ðòÀ@÷›Âä­²Øy]&¯ƒ6æ4~ž3ºõ} x‚5?yñ Ådhñx„(x¿‚²XñÖ†Ir½¾¾®fX°+–ó:ÌÁ¹¯’• ëj”2PSô¥íוøÆødŒ2‹Ž’DJ \O„8¡E¦gwwWËO“¥@ ½èÕs‘ ÅÙÌÍÍÏ4åË­ã“7]lºDM/Œñ}%Ú™¸èâ,9Øy1AE°766Œ)÷áÛýÀIQmÐt5UeŠÑ·Àç’T>°©ÀV§)˜z=I惲çÚ!NÀKË'»˜ù¶h 0ÄÇ '>IÔ…š8ažCœÄ÷ &7£ @Lë: `¶p)Û«ôFîÝ»wM65q4¦PœŽÓ‰@  ±Sq:q"@ ΋ÑÀ%`{{{aaaÙ¡}ô®™™™î4¦ƒ(G À»ÿXkWêÃÚ~½ó1@ ĉ@ Т€µµµ&î3Ç8Ž‡nL׉ƒƒqóµâÐýû÷ÅÇ[œµ1AU,..ª‰?Õ¾ySõpËx[CCå· 9ÜúÝÊN˜êÚŽõ÷ ÆìQ ³Ñvc¡{‡ õKhX q"˜Bග¸ßïsD`yù«û,´œNøû¬Ù«««ìV<«®óÒÄà*ÙÂÂBaÍ.4F¼¸¯T…èB’Ìr% Ó5öª—&åp§_á";÷jÀÉÉIîà5=­<ƒ;H·oÞ@Ÿ˜ãƒÊÇáýH„‘îh?‡!¡øÄÉamÇúû8Ë/ƒU+/°Ë¢õÃYm›ÐíŒ@ ðˆH~À%àÎ;þ@À‚C‹•'š/Ѧ DJXS%ÓS‹ël÷>|HØT‚.S>±KóÒToɵ}c,$*A¯‰aD$xñÐÕ•\Ö°·Þz‹Gv')G÷­Uö^“;©º¶®‹‡ýî,zuá¥G>pFõEç#ÿœ„ Õû&¶¶Ãóª‰_ÆÈ_7Ž¼7˜%˜UÀ„"N'K£GŽÎÐ;‹òK iâø²·m!Nµ0Qè¾ø!´qJ\bß*1Q’Òz•^S¾#Û²1ºà Dx,QE¸õ\YYA¿‚ØÆ$¦…º^ZZòçI94˜ãŽÅÅEb0&|Ê|_rj:ãQínz!z;MJ5º_«&´··§Šr¯Çõ\U45 œ±MÕ½ÊAó_AcJ/˜‘Õ6¯¶ñ…Ž-¼T¡@{Ç&8^ŸðÌq@L4"îD pI )×⡉3­Õ†ž}G–gc&,")÷-¥…bÕ…¸‡“““µµµ§’Ò.ؘããc•¯›ËËËâTf¢ ë“”cò OÕø ý¦`çêŠ)ƒÞÚØôúvñˆˆu\RÝ"!Š¹ßÜÜ´®#ú½‡îœI¡VZïÌêÝØeÑ0!~{•é‰h‘;ëTc|Æ™™™Û·oÃìÒre†Úfj„Œ äÔT5Cµ{­Ò8ƒò“2&[Òµ1Ùj ñæõ¦ß8œËÑ2ªsÌ3f»…Ž-ôFR rù! wôVCBò”ÎG¡ßVVVÔ!– Lâ€&¸e'¯Â"úäÉt8ñGKA«¸žrÇ+;é>:E‚R¢ ;ˆº®--©÷¼á¾¥A›Â O@.ÒX ¤ôú?I9ï¼óŽ©dèú‚ 3W¨ìäõ¸ô"â™®›²“`:xpÿ<‚5D¹HýW ÑB'"ú NšBx¤BHÉ#û‚ÊâG‡®¡|ŒŒú ¹ÚŒî¨£Ik9„—4¾äCéH•ê½tÙ‰&)¥ªÖSôõW­5ÚðHÞ‘1¥¡Äp¦:ݬUþé•Pw¬%6Zn•ò—¦–;¶Ð<Ò'ìLÕZbÓïh£±GOé7»9rU´@ pyËAtA p%âÆZA±4€G¥Ðr®;¦ê ;e÷Qi°¢”^äEeó”ÖRœhjŒJ¶;b>L9[÷ÕX¥Lœ‹I9/*“ A÷ÍôbBÅ {}½H- 8Ýâ„×Ô÷ ú¢“„ð<Ó¬ñÝVäÏ‚³GN®D$àä„8Ñdr£ïŸÂ[{FœSDþóY½¼ oƒçé³fBIcxGS~2–qB¯ü–lzíh²ÃƼ¨rÇz!$éC#Lú÷_Ö’yøy,LBÙ)¸ $z ZMÙ1KÙÃÆÆýl>xð`mm &ã~’û€rL£ )­V_¢}cÄà[“Jïß¿¯fè¦ÒØÎqž žÃö•ór؉䎕s-2¯–ÀŽõË毮æM:¼2’WæÑ—M<çªsP}’ÑÔ×ïÉɉ¥9::‚K¶;âYÉ…Yû”-&Û¤*CÉSÿQàË©A—WÐoR]’ÑUÀ……e_\\T«jGŸ dûß¬à–í¼tB³}9¦Ùþc•;¶Ðʈ ”7§j»»»öÍ.{ÇüMÕìiõ§\„8\1Þ¬PàÞ/—vÁÆä,Hž¦M¥y9µÌÍt|Ákó ìmpÍBOWWWábQJ2Öâôô´—Å(Ðp˜ŸŸ®‘M²‡7lHd›b­ÄrIPÖ××½Á€ÇQY˜ƒ„‹ Ü±…Þ(|,ì¸ò2Ã4"q"\wp4ýhé‹ÓõÖφÍÍM1©ØÏpÇB7Ø †Á’ÙÙÙ^¥3*–4á†U‚ ±)Ð-„Ï.ûJJø{ì›UÚþþþ;wý>ï˜x:âïUI¤åŽ-ôFí‹ðz¤ J¦á(6œƒMœš#…ÀXÅNq“Þÿ¯x÷¹¹9¼Á¸›,á÷°—––¼V¿ÃMzÏÙëÑÌÌL›(r¨!%‚Š/Šƒ”••š‡Ure§&ÞÑä Î ØûO“D–àq…\åŽ-ô¾­L*ó‡QêÉälj{{[eb¨ëÑëS8Àˆq÷î]6¶ÅYŠãĈÂB—ܹsgggGLªØSc[…·ß~[¼µù U.ãV1ÕŽ¬2*±®uQë‰5ozîüÁøWU´±±aEÁX«yjÛâ⢠ÆÀg‹9n¤õHí\«°ZAeª‘Ê«r'Èjðîî®’©7ôRJ&¦cñ+A¹c ½¡ö///ó"Ê«\v¾a郞PùúÊ8‚k™°´Q-1pIEX£W¢SG?& DZôN®¼Ç¢¶Û¸¹2§¢vu óF [o¨¤L|h‘Ô†‹–——}`Í@ 0qe§@à*£ÉVåÒÒ’8ž!ĉ! Z|h[5ã Õ-."HˆMÜß߯u2£G‡‡‡z»±Š8<ÝÝÝÍÍŽËÍ \&p׫ÏJø944T%y¨þâ[±]NvwwãdëñLíÿnâÞ•Þ&ñýûw¢½µµ%—øIäûûû#Âüýû÷;]^ÝÈßö>{àoþoÂcŒ1¦ ¤Þä䤴;B‰¼xñb»šÿÕKH'Nf¤…hV¤'Ê'¥2É(8À Q±÷ïߧ-®â€D JvDwè]j„ú===­;C6Â%ùVQŸF«Ó m-·±ÙÑ®¤ö7»Þ;’«f³yëÖ­4&Ü :…D/ÍÇ~©;žHˆ¿ŽŽŽú? cŒ1Ƙ"’àúyäÈ‘Ó§OøðáÂ… ˆÂÇ¿yóÁG‚¡wü¨óZ­Fù»wï¨|êÔ©å êË‚*,,,p1½µµÅÙcÇŽ?~\¯±1(Q®Bê Ô1øöí[šÀ upàÓ§OgÏž¥B¸úàÁ\ÅêPN}$¸Rˆ3ØÿöíF8E¿èTWWÇô(t-ír-Þ¶8!Gã$ˆæK—.©Wq˜Þa\ùØÓ§O©Æ1>p@É—/_pK¤@¹T!Í1¨¶¹¹I¨±Æ_Lº••œÄC®¥²šæì½{÷øKdŸæâ’¸G¸ÊÏŸ?âg+)JzC ×>þ·Õ;îEÜ&Jø÷]—OMM)m ÂÌÌ np hýòå˘ÂsìcíóçÏr¦"\_2¸G8@/¸û4D ©IÓz¢x~è5gå€rb"ƒÅlG>p ¹øauŠ>âÿNû‹ÿ§0ÆcŒ)‚´* ž5÷!È)„/‡††ÐpÙ»dTòµk×PŠÓÓÓ¨1Ä(ŠPgÑvØD·!9K¬qLR¡qD.#)T‹2ˆ’«×ëTã€jú›:6<<%¨ÃÎÎÎœÿèݵŒthôþ›ÊG´ï¯.¡š##éòУîîn‚ Ü#PÎPú~}m%cR±¤FªO‹„‚>bdccË”O~Òµ°¯{„3é=RþF„[|¯¯ÚÓÓƒ›7oÊå]ëÞ©&Ñ»–¡û®» •Ô§¤Ñh`‡˜"ž<îëou¸”mª²mÔÈÚås-jx kà’ ª0‚‰Anœ ¦ñ¡8S \«ç¤Ov2ÆcŒ)iµ“¶F¨I§J‘£Ì(‘êiñˆ×¥¥¥ÁÁA JÎ"Èâý.9I*ë©€Ê ƒR®"fÅèU4gõê=ç›4¾ÎÏù¯c*”ÎÌÌàR‹K&rдæ;á!êSÒ´‡¾S?#Ï)ÆÂWi˜þFÂDŽcà3PÈO*YÖß\Hi÷è §¸)­÷.âOðežFƒ;wî¨u¸ïJuTÂO½:"”iD÷õ·:\¹ôööæ|  =]X&7 &a ¯…Ö´D}bklôÈÉ`ćü„úªÀåé3étÂcŒ1fw:;;%dS(Au­¯¯§:XQÇ¡È9@ÑJç­¬¬ Ëø‰¼Ku| Ù&©ÁÒãj°?;;K}-öˆAƒ]AwÍà:Hïr ŠåÑ¥+†I!è "[/×5\ºNï0+IÝ éš\B7®®..÷ÒàXz=11‘3B5 nä"Yš"Vt0âP=nÕ⾟¢¡RƒŬ¬:\éãųšØ¦Tä‘…ÿ2Ýäg8Yý:0ÆcŒ)A² R-…àSIª9.ê- ”ÙËlä£DpÅëÿÔ`ñå÷®hŠËàà`ä9µZ-UÞš‰„KKKi!’QóX4& ·øhÊ´G;}wHÐA}n¦SG6×­fÕŒ¯½Ý ,@½^À+J4"¡ á-Êç‹ £‹_…Ú)Ūî`+Ä°OÜwBÝl6ùIȈ4F¡ó„¥8,óKáŠV*<ùùùŠ,(÷ c0ænå*T?^;aŒ1ÆSú!¢ ÅŒÎCðéM|LÅAÑÆÌ¥‚ÈG-ØÕÄžŠ•¬Rä‘úWƲ«šÌ• §'''S‘ª9Qz=/'cµ†â¯fO¡¹Ç·á~¶þ%¥ýt0d‡%€rI/ìKUlu7Ñß„Q‡¤Â×3TazzšBå yÙÌÝ£¡¡¡t¤¢í„qî{Äîã!ž7ááa\â`§e»†‹&tL÷sÃYðêÕ«¨&#z¨¢07RÁÙH,5*•3¨4øGFnÝENcŒ1Æ”ƒòCKõööêËBh8­…ØBŸ¡ÀÐvzkºM²’˜¯¢ 91Ó©ˆDüÈȈ[+©Ðîõz}bb"’ä ¾ágÔÁ¹A?6ñG —UŸNés·ò¼-ó! Óœ*Ä4"^3Á$mù‹cwïÞÕÊŽñ¹82n=A4ˆ›œÄ„ˆŽO,Ä’ -¢ÈÙ‡¸GœÒ§Š~Ó£²ººªû^«Õ"S@ôy¨ø|Ç¥;iT‡Kùat§¸üƒPpVñÑ@ ut÷•«¨0¶ªÐì;.¡E –Žíè¡R0+’1ocgŒ1ÆSEliœ› ¢-ÉÒeÚÎLÛÆ¥ïz•cTlS \%.A䥨ݿó¹µòülòNÜô«ý´U§ZÙ\¢xÚHn ŠùlŠCÇnbT„+ö)½qòD³•rMTo„§KïK¬ÌÖ1M4R#0ÆcŒ©¥UªÆŠŸ‘¹ÊÚW[/Ñ«µ)bQë¡K7½n£ó;yÞvRm½ÿ­åÂÂNw¤õ{´49-]ÀP±0¦ÅOfí®êR¨ ÇÈ[êõºFØèlŧu=:aŒ1ÆÓJ·y¦°•´µ¼ASØÛ¸ë¶ùMhÁú»SÕƒ Z/ÑöÄIëò;²Y[‰‡Ó cŒ1ÆcÌq:aŒ1ÆcŒq:aŒ1ÆcŒq:aŒ1ÆcŒ9üG€Ó»`_ÈIEND®B`‚natlog-3.01.00/etc/000077500000000000000000000000001474316276200137265ustar00rootroot00000000000000natlog-3.01.00/etc/natlog.conf000066400000000000000000000044011474316276200160600ustar00rootroot00000000000000# This configuration file shows the default option values. # Options that are *not* active by default have an extra comment-line # showing 'not by default:' # all options and values are case sensitive # see `man natlog' for further details # the path and options of the conntrack program: # when no filtering options are specified, the tcp # protocol is monitored # the default command is shown. # Note: do not surround the conntrack command specification with quotes #conntrack-command: /usr/sbin/conntrack -E -n -o timestamp -e NEW,DESTROY # the device used by conntrack #conntrack-device: /proc/net/nf_conntrack # correction for the IP header size # (standard IP header size is 20 bytes) #conntrack-ip-header-size: 0 # max. number of conntrack restarts #conntrack-restart: 10 # write additional info to the log file # not by default: #debug # log messages are written to 'pathname'; use 'log: off' to suppress log # messages # not by default: #log: pathname # data file containing tabular logs # not by default: #log-data: pathname # tmespec: time[mhd]nFiles - specification for rotating log-files # not by default: #log-rotate: timespec # do not log the sent/received byte counts (default: counts are logged) # not by default: #no-bytes # do not run as a daemon # not by default: #no-daemon # do not log the destination entries # not by default: #no-dst # do not log the via: entries # not by default: #no-via # the path to the pid-file of natlog's daemon process #pid-file: /run/natlog.pid # the protocols that are scanned with the 'conntrack' command: # protocol: all - monitors tcp, udp, icmp # protocol: udp:tcp - monitors upd and tcp (any non-empty subset, # possibly including icmp is OK) #protocol: tcp # write messages to stdout (ignored by daemons) # not by default: #stdout # the default syslog facility: #syslog-facility: DAEMON # the default syslog priority: #syslog-priority: NOTICE # the default syslog tag: #syslog-tag: NATLOG # the default time specification (alternatives: utc, local): #time: raw # ttl: time to live (seconds) for udp/icmp connections #ttl: 60 # end of the configuration file natlog-3.01.00/hierarchy.odp000066400000000000000000000672271474316276200156530ustar00rootroot00000000000000PK.fÇT3&¬¨//mimetypeapplication/vnd.oasis.opendocument.presentationPK.fÇTConfigurations2/toolbar/PK.fÇTConfigurations2/floater/PK.fÇTConfigurations2/menubar/PK.fÇTConfigurations2/popupmenu/PK.fÇTConfigurations2/toolpanel/PK.fÇTConfigurations2/progressbar/PK.fÇTConfigurations2/statusbar/PK.fÇTConfigurations2/images/Bitmaps/PK.fÇTConfigurations2/accelerator/PK.fÇT styles.xmlí]I¯ã6¾Ï¯0Ln’µzyé×A2A2ôK‚îN€9²DÛJË¢ ÉÏïõiþÁæ0ÿo~Ép•(k1eËk«¤Ûdq©¯ŠE²X¤Þ|û²Ï N|>uU@èBÏ—Ãß>þ¨L‡ß¾ý˸Xø.xð »Yƒ0U’ô5É“š !|®Ò4z`BšªÂx924m6¢¿‡¬ŒúëÇá& “øÉCè¬Aòº¸(oæ!§uRÔÁÒ?š˜¬ý@¶L«¸p¡Z櫉b BR½lub±.7IÌ4Ã`»Ýª[“ðÿñýç))xIGœ:ŽÒ¼ìQ "§œÚs3âh„ÌsG ¸cÉHWõ¬fwåÄ©,3„¸ìóR×çe ¬^ìlekÁ´HÝÄâ(Ùâ˜V,‹ôÐmÖ¹NàfÌb=–fï4µmljû)ˆ9ù¤Žl[˜Vlê%ðÃOUº¥Ïf³Éå¤ (ÛÈK( X#ÂæñlíŒgúK¶afN czò czmqæòB$Äbép³žƒXºm'uÊz°g•3²Š41×ôx™Ù×Ü„µ/´6ðØÇYN@Š=j(¡±Ï"q°6е¦áôËØó‚*]DU›#d—Fʳ¶_ñ<€M¦$B …ëš.è#D¡€gl³1ჀëWÆ]e£*ëDñC4naô ”GÓѪf0NGO(“üïé]>$céÙÓì±û‘´5¤Ô˱JוҢ–ç a!`ßòYÑŒ¿p\ xÀ ’·oèÈ’ô7îÖãð{?MÒ8ëÁï vœ MœMůï&ßTÐÒŒá Ð.£,AˆÄ„L{òš¤`] ‰üÔEyvbŸ(ö¨¹?€?ß7Í}hÎÒ§cj:$d²ï|dÉhlFf‡N®°«®¡*R}ÄçèÜÏ0…͈e]ugT72Y:]ž¿}ƒ­62׎ç# 1 ¿˜¶ùA¼!Mb‹ ´†Nœ¥¡e!ZM_-È–…lN–á’?…2Øt†‰Ÿ"îuMû«P¨:Ç —¸uSóÀ’%Íaìá)ÑŒö2ñ‡¡ýñ}°¬¬ç'Qà¼*"É@ÈßÏìĘ-Ü*fMÛ6Ƴ‹3û2a·"»“¹;¶+ØÕÉØ0.ÎîûLO+™}ßJÇÞØ«R㙡ëàâ¬þÜ6q[ aØö¬‚á¹5™jÖ…þ°r"™ˆ›¢7AƉûò8´³ÖÜWñW‘Ë‚¹,˜­£¸lfríÄŸ@,²ø]c1áù/„¿‡ˆm  m`j4-GŸt”(:N\Úç|¦ñÀÂÙÌÏÂ'6§ H£•ï9-û­DhÁ âÔ ©­¬à'/kl;\â ¤M%{·€[T•#ê ¡‚犜Ø!š"Yx®8›&‘ƒ·¾ %u‚håðù,Ú„nº!ó3©-[üu„w"4«²2G+B´ÕEý÷Ý´0ú¡ð’{ )nxªN€ ´»AÈÁ(ÁSe}ß3rÜùK›([Ô"Ü*¤qWã©„nG n+ V¡Ÿu‹„0ÉOüÏ(ß°¢”¤Xñ%JÂf%¸h_”ƨÞß>”êUÐÀ w×°9 ®›Óд¬ž÷yÅsXk<ão?—ÛÄ‚¼ìi5£ªl7Ë]ù»-gYÿøy˜‹¬0¸¬ÄAaFãm"coØ~˜0»€Ç ª¾7‡ÎÖ÷ð6Os×ý#Šš…^P5pÑr¾ ðö’km[¢úâĸUÆã9ã ~„“¬íbÊ Æþgˆw½húK$ú?7Iê/^‰FŽ‡À F¸+ºaãÎs˜¦x^•€EJØ͈ýåJÈ¡X9ñ£ùž—¯[H¢‚Ö³ H•—"ÅÌ×ÊLÎûTÃÿ!- ~ÂÀOŠFuG‡D²<ƒ€+ó š~ÓÍÄéh’ÒŸ4KÁ~ÔÇáÿþûïLá„J#eÖ~¨Îåd²#Fu‰®Û?¼®ç0ÊX«¢Ý±l2sš8mƒqd¶Pæ`cÀA¸?„ÌÎÒ©žßBV‡Mï!»3„ ÕºK„Æ!dÞ%>“îð¹S;=í !ëNíô¬C„îÓNëZgÙ·e¨…l¶cÕm¼ ¨m´ÛYb†é.‚m!X"ßASé.¥˜–mPX2ñ¬-O]<(• çŸ%Ý‹)qÄcêÆk'ÈkIc´-¦G}! ÒµŽR#ܤ¸×ÙfOÈ"ܤ«n–+…9ÑÄVËDék´CS㬠›û] :ÝÙÏŽ¶éSæ¡iœ³"Ô|ÏXâxƒ$S߈ ¯nËÄÏëcC¤hK­ vH¼IT4-/ŒqFÕþ‘—¬;Èãù9n5^  ˜IÆ)Ë-r.€Ò@Pô5GJq†3âZ–3Šz¦3’¶³üzÆkHˆ>u´r¨b–FN ,*”>Wé`³¹]ü_{ü^pþ'pÓ­Ÿ®•Àîž:÷½:q¹§”ÜÍ>2ê_"lH÷ïÒ?|¬ûˆÿ!þ?® ÿšÎ1¼£ÅƒZÍ×1á— ¢øßb¡0̓Tzãð ¼{ßdåÙÇ7 ê'¸Ò¤ œlWOÝlKAúÕ^ìD íô¼y ÌVòºà§ÀúžsPÔvB08„?T¦•BKògYmøû;p°›·‰CFrM<­xÄŠÔ(B”.á¢5íjTi6>t¸Ôp˜ —ëáqb4\êDH†Ëy¸“ëñOŦÛÎÙ{&a“ ? _ÙÎLFåÑV®?µ\•–g<äDDŸ§)…¾É-KÜ‘ò-äž<<à®-¬§rJ'Á9ëGË~ç1vUC¸d×–AÖ!«yÉúÖ$Í݈ · ñ€ ‹´k¥@qfThÛÇÂrUé½Ï‡]}áEäóžÄs+-!lÀ¤HrfXXãgCæêd=qÞa¤jS½&ÊH#Žð?pöšm8§:Њg¶ J¤Õ2¢æÁ׈zíÎÀ8Ðzˆ ¸–AƒÇfw†F­•Ì°8ÈNˆ‹Ç–A‚‡nw†D“yÌÀ8Ô@Êà!éùc!Ü2ñhï£0z‡ú}†å|=ÃG[B”Eü®ÖÛLHïr,S€öñ)‚fqâmBHAèU–«‰MVp«lB?eÇZíÑúÁIVuÖâU¤è1®jE¾û?°èá¹ã~ZÆø¢énÿÄküÇTBšZy¾x'ôè§4[1$|¾ðܳ´lÁN¡rq 4Šª6²¡˜ HÆ{ô± 'õ€Ú•Ä& 2¹9È¥†Ø¦föv£(Äb&™0î=z¡†í»^à6™Yý„f™]äÛ¤PAãe›…€/Ð  Ù(/´dûá'œ¹ÈÖPÍ—IJ¬éRÉîeŠÆ0æÙ•EyÝä_ÿ9䪀}M®õº‰Ñ¤;½Uª¾nrˆ]M wÇ:ÔÝu“‹b¾Àu“ñ^§èîÂÉäN/ twádv—øtwÝD×®ÅP_ï}]¿-S}NÔ±a4_:鯗\™ Çê]8§vá˜Æé©aûKqá.œúC  wɉŒµ5›vm¬©`L{Wò¢C³t/©èøkT¹–Ù æÆé07'O ó’ôæá£*Ì[üï€U ¦? sót˜Öø4˜–:á?c}j›šÙ$JñÝ݇JÀîFÖé$ ú]K`Üì^‡J`Òƽ•À´ Lz *Y7˜öh-d3OñÝ»“ÛfaJϸ¤›)­}Ï db³îöïûõïûõïû]Ékÿ¾ß)\û÷ýú÷ýú÷ýú÷ýú÷ý®ü¼õÆ"c.sÜJgK~úòy¬zǪôð«?VíUûcÕnŽUoÉ¿Ò;WzçJï\é+WŠPï\é+½s¥w®ôΕëF¨w®tà\©ð˜ôΑË:Gl»wŽœØ9b•">¿çH Ûwâ½J„?"8¯È€|ß½Ó>8ŽM¤~ˆ4¬`€†Î AßÎy®d¾6¼ç厃Q5{ÊßàÃc©Ëä¿Ù¼¡kªmy"G@ÑTÃÔé„r\t4kéÖ…;± Z°êÆ¥¸D'v@}Ê_i¼‡ubÔ<žZŽ7ý£Öz¸qo¦ü`3Lu–Ëœseª¶69Y!b­N¼Ss*ÕÝDÈJ;‚‹…ï2»†Önì'~dÈ]…gðE]5è¿>ià šês5™aµ8‚#íq@tÕž‰éc¢Î¨ž2@|dÜaìsT‡ŒÑJà «T°½-ª6Uƒ ëªaLCÂÖª` ©GbPö³?yQé…ì¾ÇŸTÆdЈ‰¥óaéG'wú)û#^TDý*]ûjÕ¯ÂPåO ®€ãl;QI²€0ÝCBš 7ë¹ð±ìJBÏIÑŽÂÇü´{Wîi—¤r¶ïÕZ`Ï{GX»‘jgÆL5gq7\¹¯¤YÛØO±×ÐCý b%·B«¤+WƒVí15W‹iTÖÀ–AðåW%¯E/µéøL{uõz1<Ÿ{õÜÞêˆÿµ<àySÍ÷X¶éµwNôÊKµü£“Í7nõV7nŸ~-HIê`”ø(•ÄçwnªòÀ“Ó‡W1ÈH¾Æ˱ϩ#7_ùõAzÃ2oŠ÷òýå ªÎ-"ø±4 á® /ÕϦµ§wg{õûÈ´>2­L»„úÈ´>2­Lë#Ó.‹P™ÖG¦ÉG¦5/¶~±Ý/¶ûÅv¿Ø¾>„úÅv¿ØîÛýb»_l_7Býb[¸R0È2ÖN’’¯ÆÒTr$8¯8 טÿ¦§t™NãÍp‡ªó…¦JÐðûZRáàb œdƒCËña1N»|PÀYx¬B™.†sÕÅ`*…0ñ,a7GXò¸‚×,:¸±N/b”TAB¢À²˜‚Bp9ÈÎY©M 7©æxVŠ6UÍYÜû‚YÌ*ùw7p’äqHCèxÏI¿æð…Áˆ”BG³C4€Â ‚únÌ/m#Sj\Žÿ;âÌ[僧Õ9žº¡† ¦Yœ`XÍÖ°fÍœYãRšjŒU›†xWAKÃ9O«®´3ƒzzumV‚í\kiñ¼·_é7ôŸ_/Óo8¶Á¡Ð“:Òª$tü ¢U³&»ˆÉEÝ0EDóX® ´®kªeÙ—k~ªZ3ólÍ#m¶ôéÅÀ/5fôËí ðªÖ<|%Ä–}¸{, §lZçèÕ뽸Î)X‘tç}"yDL[ÍJöÍTéTTHq*V'c½Î´±öëneŸê-X—Q½eßËpþ©âcyÆ_Z3¬¦-ÕžZuL³>œƒm[ÞÕjA¯šØìI úDÑqÑÙB¬ý‚¡³…ØÛ@Œ,Éx²cÝTÇSiœÛ¯Êì ­ÊD¸íêLB‰§m¾ùÕY©I2iÜ_WÏ©ÝÏ4hçö5“šÛ'…¥´jM Ki¾ª“U¶*œ1"­:>Q‰^긡ÚCÔ2U·g¢–™¼XUÏY/Î2c\lyžqí=" löž‘‹€Û{HŽœƒGåI8Û; »Äü(açÄ€'{Ðݬ³ÛyÉÛÿPKz€¢ÎPK.fÇT content.xmlí][³£È‘~ß_Aȱ~2ˆºp;žÓÛ³±ݳî¶Ãá— Hbè\ü'öqÿßþ’Íâ¦* DÁáê¶æ¡{DTÖ—YY™YYÕ?üáå)OA–‡Iü¸Bš¾R‚ØKü0Þ=®þúå'Õ^ýáÿýl·¡<ø‰w<q¡zI\Àß ¼ç5I’ÇÕ¾(Ò‡õ:Iƒ¸zª%ÙnuÝYW¿Wõ;nWÇ,~HÜ<Ìb÷ä…÷À^múy8µu àð¡d°z˜ÂHö¬-ð|Há+›(à?“fA ËÏË~Ž‡ÿ–—ç¤h1x~~ÖžI9þ/Y3šZ/źi½Ë|?êj h‘õní»…«>…Áóoš7^öÅ¡ó ä8κ¤6M·Ivx©ÇÓÊ¢Tð’YÈÆãFI/¨‰¿UCi–¤§ðc{ÉÃ^ÑúïŸ>~ööÁÁ…oä…Ÿ¤œ¥Å0ÖY&YÑ´ö½¶qzÌ¢²™ï­ƒ(`Ìæk¤¡=oïf…¬ÀÊÆ‚ò<í¤uçi×£:~æ>Ë~…µ…9ſΔAöuÖ–æšwXºöÜÈk[¼FôpYã³®ž¯võœ… 8MóCP¸²}±¶‚ŽEaüµ_¿õ¤ß²¼ä‘ºMzDxÝfÑ3›Uý’í¸žs‚Â_^aˆ/h‹»‘bÙ˜;>6A&Ý7XžK=ØÊÞÃíDM4~MõÕ|Ý>Ø‚£n]/PýÀ‹ò?TÓ¡}¬T¿§«?…E^d{Pþd®òÙ¡?X6šæà|¼>®~ë¦IþûŽ¶a¥]°wÔ]ƒ˜ÁÐç¯y„&iXx £'7 K5__çñÇàW÷oÇë¼qmáé§,zâHïÉÁǬb9›¯#sÖN,9¸ñ\¬Á'·R¼±†K0÷sR$×k[ÌÅκofÖÏÝc‘° ÁSËï´S¶üS`ÞOQÛYÍsí©©» VÍ›üC5ÓdEäŠàýo\ïë.c‹¸êyX®ÑEv„e§¯Y²ù5ðŠüjs?ÌÓÈ}¿%)ز}¥IÉ]³¼oÝ(ïk«V á¡é‘aÊAt /<^ 7ûÀõFvƒßeʲËÜtzÍãÔÍXD\þP«—X ä»™ßBS¿Â£ÂЂþ²ä+¼'qPM¥ê x«QCú^þ·ªZoÃ(jÚ¶Ú¦Ûò¿šÂâàËU÷Iþ3a~‚êFá¾(Øu+6gTPËgG¸Û ÖgÄçÐgî@ï6y8„qûÄd¶áÚçucªŽ [C0¹% <‰Lq‰XD™ZlÆèB;ÿUTÑ.åcØ—òAši“eäCîò¹"C3p—|,ÍrŒeDï?°f™xùãåS9Ïa±OŽqPP7ûd*\«?fÊêüy3r]c†£G`­XžØǽ“P¡ïG£^ó®–×^]síZxs!ÃnÝ4A@`8²ö]>ächZÈsuîš S3´Œ€~—Ð$ ÑÒ§]BB÷ð|Š„,Ív¬…$tÏ'Î!k)+wЧ9r†N’Ð=DŸ"!¢aºÔš¤ß%ÄÒKM¡{:aš€tâ,$¡{>aš„ðb®Ü=£0ÍQÀÎB)tO)L‘¾ÐNå;¥:D±Ýêz‹o–þð_yn_%Óù}’éÛ+6hÇVŠ©ÙFq“FòöOsˆ‘±%Â÷°ZöÙ² Yð„°Ô¾b\Z°ooËßãì‰J»ÊÞ£ìifŸ: qøfO ⬥v…ñ=ÌžVW­…ê*ð=Ìž¶c¢Ó¥$Ôf_s‡*¦²¤ $þs„o’^Ö!ó…ÎW4ãÇ`ë£B¡ß|P=úåÛ'¹ókÆ2¦ì—KDšžÚa2¥ä»fË üÇ^ÓbD1 ßcuÞë°ƒ3é ˜½Ëx/"„ñêïÂýþÖð…Ñ*\ËcìYÆA5#[«[±yQuóÐÅ×ODvp5 ^Fcyá*»X¾3R.ë$¤®ãƒ+Ç[¯ˆ^ÀNkŽàñÂi›4—ÁóÂ}y/Í»™_¸KjÐaqY37ŒíŒÇ_.ü†å;¹_.\ˆQÝÎúòåÂ7˜8yØ,/Ȉ¼ö}V?¢ß ž‚¨v‘7Ç( ¥"²çàÀ®ªŸIeW‡<®þïÿ§÷n€å;ÌŽÜ PÚÄ¥PJ܇Jágˆ >¿6IÔpÌøVìƒÛ]¶¬'Gëzs RãßK\®tø 8ä); » ¶I4 |‘ÙBþ.¢3"d—³!„5ú]"dΆù.ñ±æÃç;µÓölÑïÔN;3"ô}ÚiÕÌ‘ñmjŽ\ûÚëÞ+WjÂ&ñ_Û|šúÃe˜Ç®í¨¾:¹ ¿ÑªÙŸxmS×åM-uI@Ñn}ߟÖ>»ïƒÿQµŽÜ×äXÔ/ýñ#ú¢¯j.¶<»ì´¼ñ£ÝÑRé¿T—š=„þã*ôº™ø úc—‘TÝV,§jt“í“—ÏN%Q”ÍCˆn¡åùÝòÁ+ÛÕ@eygÍtÉÓ&y©U7­Œg²v@íâK:„»þ+eåµlY»FÎ)üÏYGëZCÈá^ä(CƒÈa Ù¤9Ýææf”CŽ‚-¢ttd:¼úppÃxvÜH/nÆ 8ÈÖ°cœ£ch–Å££kóàèšQÖuχ Ðÿ¹yVêà¾þNÙ ÅO”8)”½û(Eò;Œ“âF‘âÕ »| Yà‚iÞD²yUÉSï”cúìfþü}ýGy+©ÆJzÌRÖeòƒbƒlX²¼Cß0:—•LåJ¸å(‹}’7,¸±䀱â¿ÈÐy3Àç²×š•2%É32ûD¡r K™f,a` „\æìæg·ø)ɾN…ÎKâ8ðŠ$ë‚Ïè…Ïìƨjýš²¬jØ ¼ ÃÒ,ÚZWę۪ ¾hO(Ñìrs¸aÎÍ€½Ë¾ZªÇ»è¨iÆlÇ¿¦°’À¶9æòqÕˆþ¶€…R`ìIu¬šÂîTþSÂŒ¢¢+Hq¬V*麴…q&gÁ4ÒÔHS£t4«¼d«QH̬þìÎÂ_æOÅ»Ï录³Oi³@[ðtÑiÐ!?ÛìðMym˜ü¤v4»<¬!¡µúðyŸ<@gü|L,ILΩaO ]‡;ƒÄÔ‚yµÒÁ<Ž³s ˜<à€Ï‚‡-‡‡!À1ì:Á$Cæ à:Y¼Õ41ƒ'†ò_²Ä?zA6 *Ž*¦€J¡çP± âè0="*l»Í+ „1øŠTb;ŽŠ±©wL]W€†Þb,ûw Ä,˜ E2éPý¤¹}æl†Ng/™?0r«ŠÙËÀKÚäü-IpÏ Š…ÝäANNÖ Â+D9Õîn™âD9Nd› Ö1s2©µI—“ á¹4ú•ëÏ¿‹*'Fh8„cIWhXƒ8‰ÛÄ…ûÏ_þû ˆ{T¢n)'ªâæÔIåD3ÈTžô»„h¤Oˆt +g›àñk¨±Ul”7rœëÐXÄ1¾UDbSãF¤k6"³!,šócDTlÙ]‘9FTÒíægI Ä¥y®ø––†Qï2MÆÁkɘLàQ!ø‚¸‘PÀ×"N¾ŒH ~[Ÿ­]•Ù ´×} q»ŒIbŒt`FFgܨ; £½)lìGw86ÄöuX BnNv‡Þ!'{uÏl`¼¨®üZi-¡ FŒÉè`¸ðfðÕ ±Á[Ùi&(y³ˆþ¨ßÉ€pë‚+KtžzýŠ±&C"]Ê› j™ŽJ«+x¢–Å"(ëMÁ“ä–"wÏÐðöuÜcsl Åj¬¸„Ø£-JºqóQ[¬Ë¹Y&±7ËÒl‚ÏܬqÁ“1Råd DL`SA°ž€n¨D7ºY¤› $üØ~“Ü®Eâ.6’¨Ôè°ƒpÝv8…kå1JáâлEmÛ%d†ÚÙÄ+¯¸´ø:ê›Ì‘Ê&³]A°.» ¬E„ضj!Ü•}š£í†ro¬nĶA}œóDˆKÁ«'øäÕ‹pÉl=ÀÛ–‚mè'ÂDEêÚ;ÃTŠÌÎÙ1/’CÅBZ¸¿hÀæ§X5Ðþ¼VPAŒŽ2˱EÄÀ|r£D¸ZÚ‘ÕíÝØ · 9EöÚšzý§ Õ qã]{qgû©´üŸ?)ìåõëÂg”ÓߺòåçÕ g×ÁúpÉ$–Ë¡áz9¢™ÆðªË@0ˆU5Ç(8k=–ÜîBâ~’ÙðÂöp 8!:ï„€:t4$u¥Ể\ÜŸÝk½Î W’ÓZ/pvmlž™/ÔŸ” #—‰¬1€K0þÀY¤RK7UY]ÎÐ,hoͪ- 1íê]À FýÛ3c!–ØT 6`Fuú{¬ÀŒvK‹Š8 69ïƒFîÛÊ$~ˆl*ØÖÀ¥Æئ*pÐÇ1bY-ÈÝÊ£}ɱ(Kø’Ê*›êr&æ(@{«39'Æ¢!@ÜÂ3=8¹[. l*ÈÖ"Õ¦©2»|P ah^h¿/ »µ&;DÃçMmØ1‰XBm&³Þ£Ó}sô9ÜÅn4ßÛŒºwV´†¸zî“îÙ͆Z› c…ƒ½Vtl^B¢ŽàR¡:p!J[5,Ú¥zŒè(@|kíà»bÌf3zËB…G–jHíP”cÓ@zD“ª†nvZPÇ4 ½å”¾ºCÁ\O¹´?¯>Ž3˜ÎG$"?µ@ÆMoÏM £bÆŠë…göeÉ*xù¦CgšÙXbÙOàuï›#Éíš÷+œä±*,!Â2‡±±5|†Ãlα³kSnž@[ò@K¥ðp©8%Öð!3xàðh°ä«=ú ƒãv£l«9ý°f¢Þé7ÖêãqVÿ‰•è™ÓÖM/¨õtº-‹IÌþbü±‡me*Ñ*h%-&f·e E՗жssr,‚ÇIc‹,`-BØ1 • ½³bˆ¦Ä·V¬Ìò™C¸øbr®õ¢gÌÀaØ,ÓC4–¡«e’­#½nˆ%àn(¦>;)‚¸™“ãš±[`q EÀ¥BX-*«¼":R‰»+¯ˆŽ Jèqÿº/¹ËÅzU<\¯ &®û ƒˆË¾3òÖþŒìí®ý2ÚÞ¸­£³ á޲ʑڇ%ª*í3,SE¶mv-1 Ь·/™b>ÄiÓô…jlÄBEu`*`Éæ­öUþÑQKÿ„û½ÊÄâi?ÅÍœ*/ý*öÇÃ&vèS(Ã)3dk&¾¬ Ô5z²Ÿå‰1*œÇ‚>W—•#¬tvQYyNuóÙj-˜1¡Ïyz安ë0@]pÇ!¸æŸëhS„·Y¤y­‹ÿê9»ƒ-r½`ŸD~ÐÜ;wfîÖg¦j})â¦ÃçLò `çër±ÓCÂ.¾{ ópÃîÁ®þá˜õé®:ñºµpQ]óËO¼#»ÒIí+àïÿPK231Æ¡PK.fÇT settings.xmlÝZ[sâ¸~?¿bŠÚSµ[§2r™˜šdË lc.ñË”l ÐD–¼²C~ý‘ d²ÄdXo:y Kß×jµº[-ý}å“Oψ‡˜Ñ›Rå³Vú„¨Ç ¦‹›ÒØ6Ï®K¿ßþë+›Ï±‡jy‘¨8 ‘²KøI§amó˜1vSZ ÔÊe ºiýÌø¢\Õ4½¼ù]ÚŽû7¥ˆÓ!kø(¬ ¯¦†îˆj?ú!E¬%nC“cTß3ùDq z pÊŽ ü±poǼÅòãű(›Þoǯ¦O¯:Œãøs|žè¯¢ëz9yºëú±²/ö”½ùu¬`ÛÕNÛ~c"ç¥Û=ìÌàöëv.›3,¯läÓ¶Y‘Ý”¤ÈµgŒâWë)¥ûë˜ Õ‚›¥ÝC±äCLEéV¿¾¸üZ~ó·°»h.ÒÀÏ.¾èznô)†b™©_]ç¾ðb™*þ…öåüâXü3g˜B´BpŸ Åé‹•Œ‘†Ã×ÇHŒâÜ3\ZBéVÙE%›&ZÃN¸ÕǼËA€–n瀄(¾ÉÝ×ñ)Ð;ሂÀfŠ¥@øX À˜†‡Xr’¨ÿ]LQ}÷;ò„ÉecÚÚ° ˜ÜDç’‹f@¢° ($(4H Öš¯2]ù厃ÅHn5RÄê4 ö1 Y'jëÊa(º4¿T¹Ô´¬³yÏUÄm×£ Ö2ðíãƒ]]Ô¥|]ºmÇ77Ù8Òõ P4K—yOþœ¢üs¨3„ô×n ï±#콈ùÓŠâ? Ùñ•k½—qs?²-—¦žÑÎGˆH„ ?)p'LLáÁbœÍ‹¤–{O6Z‰&Ä£fžh4–€.Å6‰øéiFC·Xœ¾G'W{þRj%eߘq]ÿÿå«‚åŒÊQ‰[ƒ¢ƒÒWª_2®êðòçC7e¾vPð«é0æ÷iJ”=…Ìõd˜@PÂþ3âsÂâ.Zo,¥ñíéûÐãí>½CˆÄñ¥›MCÄ“`ûwj8Fõ8Düpú(]ÇBNÔV†7¶ºê ¿üêryÞRoÄÉoåp 8*€Èi Ÿ×ù5’þ¶  Ùpø9dn6©dnÂÌàxƒùª\¨ªg¶é¤É\’26s/›Pw \&Ì(šƒˆ)ÖH¤gGÙ]lÓw4B èÈã8&ûàHšãŒ­h”1´*žèCì.1ïJò(«O·s¹.‘šŒ»BD_÷}þ‚iWžn¢”óßv!šÕiDŠÿêx”1Í\î€ýTo‹zDm¡Ž˜ªâaf„&…ŽÏ@Æßâb V˜ï[d[Ugd‘ÛŒã¹9ý~káçô—YóÒ{Äiâ™õDôa™ _=W•òêŒ=ÉÉNPÞS5•·^wä&‘‰`1Õ§ :±²¸¢¤7±(èÀ°%ØîØ ’P¥&QÈUMÂÑcâ0zþ)ô#AÞ{û(íôŠºfJlLP±†dãBäWaVFÛÂü}V±€ɼ¯€Y'ÉÄ’ËdÏéuĬÐ,8–£È÷‹ŠR‰E #@°ØWOžÂs‹xG¦IêM™uÁú½÷ÚYañ™<3©iæ¢LÙ;–öà[?yEå$¾ 8ûvý¥’o~È…çÌ!íŸ O¶<ˆ§Âÿå*p=lÿ§¬-‡3M÷Ÿ|wƦ>ô|}Þ¿óVÆÿÖß°2Ž_‚ÎØÔŽïÕɽ3³æãöϳ—ÅùƒýÚujÆåðõwÇ0±ü|reÛÈ×±Õ2µÇ‘±jÐúL/5gÖÑGf}nWL{däO´Y¥¾v+×½—fÜðuÙoA9Lõh0©?{ÔZ?N‰Öð{Ï^‹ïE[©ïnkµ„­±îøfèUÇ÷îÔ\;U=N­?ᬧ¹ çN‹»wFøЈãÍ}í´&1l-ô‡ïÃ{¯Ý ™C\ÙOÊøäøjìGÒ¿ªdØÆýج7‡U]Ê7¹€MKò7ïGÓËÎ,[öÕúd{­ÉÚ0ëK§:±Á, ý§m‹x‹zÎê’oqeµ'±+1l_Ãi»-©¶zÇjzoÜ4Ç3ÍšŒ›+sjê=[³LÓØ]öܪEú߃·zI­©EaÖ«æxFöRºH p‡ ?Ù¼‡Ö§ ÂÂ"bÛë_z¶­×e¼‹Pf¾Ê‹ØÈÈYða-¬ã–ß½”W>ôÚæíPK+bÈøø)PK.fÇTLš‚Ñù8ù8Thumbnails/thumbnail.png‰PNG  IHDRæ$ȪPLTE###,,,333;;;DDDKKKSSS[[[ccckkksss{{{þ ÿ íÿýÿ%%ÿ,,ÿ33ÿ<<ÿ,P»4e¤9i¦>l¨7Fã@n©CpªJu­Mx®Qz°Sy¸EZØCCÿKKÿTTÿ[[ÿ[eìddÿiiþbpäkuëvvÿzzÿ[‚µ`†·a‡¸c‰¹jŽ¼m½p“¿t•Àw˜ÂzšÃƒƒƒ‹‹‹“““›››£££«««³³³»»»€žÆ€šÍ……ÿŒŒÿ—ê’’ÿ—šùœœÿƒ Æ†¢È‹§Ê¨Ë’¬Í—°Ðœ´Ò™¡ïœ¤ñ°ƒÛ ¶Ó¥»Ö¨¼×ª¾Ø¢¬ê¤¤ÿ¨­ô««ÿ´´ÿ¶¹øº¾ö¼¼ÿ­ÁÚ²ÄܶÈÞ¸Éß½ÌáÔ³ëãªòþ¾þÃÃÃËËËÓÓÓÛÛÛÀÎâÀÅôÃÃþÌÌþÄÒäÉÖæÊÔêËØçÌØèÒÜêÓÓÿÛÛþÖàìÚãîÞæðÿÄÿÿÓÿÿÜÿãããëëëàæñããÿãêòéîôëëþìñöïóøþéþóóóòóýöøúÿóÿþþþÿÿÿå7 IDATxÚí “$¹u˜©éî¼ Í (z´ÊA“\/mŠaR±f"3 ›¦I“!†ì šÞ–Z«›y¬ûؾ¦[20}PÍ÷§ TÏÑGyÖ‰·[ÓUY™UYù><<¼|xøXYkùš½++++++뀠a¸úqûDªáž=Þ£Ô¨ÄÄÏÅeüöðØ*g†”N^ø… *+ß? /ŠÌ(¸(J™™PJF…<Ê   ²ˆC‘ÃpWsT…§?Áz[™))@–`>¬dvú†/†ïè§ÜŸ©œ˜A¦røPf·<· ë ’š]ð˜Wx 8¦”cFt«ÝLÒÇ( mq‡9Ò…! €t¸Ë"’øZ©[‰—GaŽÖØVŒ£ÜgnåA‚@„K—{C…kh<éò@ú iƒ"]æ(·Ðß'ôiä$E‰¯Ì۔ǂŒDQb5Ö(¿ ]Žµ6Ìcƒ§p©Ö£ò%’qÁUþÐäSS jË…Z™žÒïð!æú¯+üáXÅá&xÊ!ÖÛx¬eÑ;”3±A0Ò¯Y¸)\Ýò!Ñæ?'rx ÎÀ#z—aæÇÒj¬}ÙYî–ž ¹$1G©RªÜ¹ ,‘ŸK(¶BÉ\ȇäBî € œ÷„ S"=Óè¾C‘xø±yG ?}û¯v‘"'(U[ú ¯ÐÌSB Å«±žœ@âùX+Ð%$@Ø/Ì# žØt¾@ ŠB·ÏÕœ{ÄW$ X›i öx ÝpE -@ªŸjã}÷BËgPäXœ2Ї2Ýçä.Ñœ`_†š-í8¸$ˆ†]€ ÊIèõÛ¥~(¢O(BÈvsêÊËöß›§öÚ/%ÖÀ¾×væ6dexÁÉ“{/ⱦ?¬òU¡²—{qAe9Œý˜¸Jx&ª“åÒL;÷wq! iªÞ‚Š2W™~šJY‚* 5Œÿd&î£ ²™þ«r(TžéMúIáYä2Ž“Lœf# R“8u˜#ôàŸZµ1÷m ȉ”ø¹ÏÝRü™+7™—…”:ÃqMN¼(eøQ±™ð€mØ~àåAXFd«@Ã<‹ Š°Ö7ån¾EmåIf"wên€Ÿ$Ê SÓ@øÒ•O)w@Ä5$n’°@e„=½ ç`-À"J_ dÊDpJá™âŒ˜€_è÷†ñbWÝ‚4 xÓŠeÁ[¤¼³šŠ\ï  %^Qú%2ð8Ö,0˜PK„nŽ‘¯õÉâG.s‰¯<óž¶ûcâ™iÈž@yÒÇÔ†1 $Œùá0lH|Ý ˜ªg‚ ê¦ ;Ö¬H hlpG ã¿FPi/íê‚ÆI‰qñöidͽ YY"R/Èã÷Þ…ëÙ{.ß|·ò×Ŭ~GóÞ¬Xés£)£JÒH–œ&r“æ¡ÙÎEÂC“D‘~IÁÎÃܸŠæn0¸ æ©J -³Aš> / Qi˜@I£á—„eÂ$ÕûÆú0óHC® ÆŠ‚Æ (•Àì@ú…4/XfÀV$¹+7ŠyeŽ2Ozz|ïHsçN–! À† ±nnê  GúÉ]3º7y!9@]öJ?ôôØÑtÒÓ}’©gYº…Q’Ay€Œ}"6ÌøÑÄ‚ôX‘cswßObæà€G¾¹IàK½¢ ãÀœ‹îH¾©_ĉíf@Êdv™ «$ ‡8¾Àô÷jSw$[i˜)Gú0®µ·%Š@ïè—Qd‚C¦;q©-‘BÈ]UjåG‰ŠµÎ•¶¢¬Ô aH‹pfP.¹£x s¡6HJ÷4`-À,ðiDßZ‚1ÍL÷£  pMªÈ?I¶òØG׸̓¾|–>ÓGo‰tSî‹ ¾Qº±ÉͶè¦x–néòt?_l„~ÂÜÄsS'ÝäNº’>+Ÿeºñx±Ãæ¹ð'ÑæÐP„‰þίYd¨|뚯7üÃóÌFzÖ€‰/§Ðh{a&„Y½ÀŒîRˆ»Tÿ‡2=@¤Sĵ:š Q˜éá8“f–G )Kc ,äÚ‰§ªÌáw£@Õ ©J$y¦]ô xÈ ýb„@ªÐï«ÈŽÀMB I˜iO?V&@Tè÷õö˜ä’ÑDȼáð3ÖCÆ¢Fôè N̾1([f@(·ôøÛ\m¢p†b£H±òó@ne”yFåÊ—ž¤ŒŠ„F\z<"‘p…'‡O2HWº"Å&„Sa4»™§(¡Ê5ãE ʼ2ËM¢¡t G¢Ü/2ó¡ ™Ÿ(2™ ì“»¸PÈĆÕÑLHMÐ.3fœW·lÝÜ)‡ˆ, E}j,@¾‰Qã ‹5&&ãûa®‡†AáôLÈÁ8Pw"œγgŠ› O&¡…›ÒªvÕ° ‰A˜púa¡¿+ò8VG³€Æà(âê  0~×ÌþB9õT€E~©-€ð!+mÁ!ð%LP°Ô»sãC°‚ÒU9â*ÇA¡L€S(NÀ~Lõ禂AjB‚™Øà‰Üäy@b_)×äŽjæä¦þ>”™—$•ÖÌaùÐ##„‡¬0™Þ”ÄPbˆRbm”ö p¨"Â±Ô ?O“RïE‰™Ù›£4…Hæ˜HŽI)ˆ‰îiÏ•úX–sU‚ÍñĤã(Òý +r‡C ÀI¨4D( !ÔûrýRàXÍj(IVÿxEJßÆ„V€œ7ù€"²UV€òa`o²N‹‚3#¾AYK²( )áÒ¬ÍÓO™ðŸ†’ lÕ1¿Q”–`¼°å)ŒCˆ0’æ‘bTˆáÜ|¢LŠb,9BE‰°é:BŒÍ”„¥¹—Èô'˜;ÿFçFAÂ72ýTû˜¨-âÓ€™ƒ Á¨Ì‘ñM}=Š@Y+¤÷#&ÝjhF '%&Ø+õPOx2•®r !Ý¢”Ž,ü$”ÚBÓ\«Žþ±¥² ri‚9\¢séèaʽ ¥¾9$G’2”)Oç±5H¦ÜŒè½½\¯ú3 (sÍì" AJ$Ꮀ½ÂLAÌܵGÃO7ez…~ä›!M Az@–SÆLwFy‘Ôç. ©ËS7Ç…¦g˜„Õã~(ànHó@€+ƒwOM18ݸ,Ò‰Ð˶B“4¨»€$vH6Uⅴȱgo:Ψ ¥n¼[Ú»SNK/¦ùfIÊ0ÑægiÌxaºóMi"€Ò-q‡I®ÇòyP¸•2ŽKWR\šÇ¥ÖŸnÞa‰ nnžF¥˜J_‚°H"ÄM ²ØÒ/Qj&fzpY’Bïm'˜Ì€<‹JSëÉ â ¸Jxž¦øŸ~¨8QŠ «p¡“ À‡» ý°aé.ÆJ–I•˜OÜdóÈXðBï˜êÝ€åoŸêïH¸¶ Ã!d3óáú3dš¤ ’Då¥>\¿—E™ÕÐ ã¾mnk €ör¬5V,V,V,V,V,V,V,V,V,V,V,V,V,ó›!´†„¾ÿ6£˜AdU¶v„Zé$⌰|ƒ™9åaY&”BF¨µë€ÉT”ÅÊ8Ê+„“;eŽÌ줤õÀ¬M9à*GoÉ1PžxØZ€u€Ä4¢fú¹Àð°Ur`¡Uà ˆç‡@Œ ˆ|HÄ‹â”àÀvë3 ¤v©Ñõ€ÛYbë € € € €•uàòw¿þÕïŽo­ÞÖ€¿ÿèåà»/^X½­'Ÿ¾øè.ÿõOŽ­ÞÖ€—ýLÿ{öZíŸ[Í­#_ž½kû—û7VwkÀñÕý_Yå­W»þÛë ¬û7Üì_Z®û#Fÿçû«Â5àpoó¡ÕáZpy6æÁÁ™Õâ°?ý+«ÇUàåÄwϬ+°ÚM ûÚ!á*p9½›·Ñáà¶ÒÝ¿Ëý7V« À~Õ‘â‘MXI¾¬ºãÁ‘UèêpYgœo£Ã+À fúϹ®ûµ°CÂUà AâÇ`ßF‡W€×ÍTye£Ã«À ñ½¾j¾`l–>$ÕRB.,ËîÔ¿ ¹º[4TB%àYž(ãdÂ-sv*.R\q±#õäã¦Pøw/XžÌ€fžðŠ ð³$³ÌSÎ*Øq‚úh©c`d1˜=±"t\¾ f¸4‹\2‡øIâ‡Ò°à@©[/S.%² DD&Å1(aPP™íIB8ijœÖ"(é3¯~ÃEm1r=JÐ,0•ä‡%lÊ(qeé‡9A*^KFµv]™æ®,’HW£‚X—ªÊ`°ò!J DHEå€9ê¿Ú•m•žn½.è†aÂbÝ 0—zå®~Ûl7kÝš•ªyýQ:-‹¢Zå+ÖkùÄ…à¬Ò@.GR¸€ØE <ÊAY¸xpfX5àAŸ:*<´ÌÕè½üçÍþäQá`žÀ, °l `!̪ùŽO7·ÌQfwøè,‹ÀÑLëŸZVÛxð…£†€•wŒ -‹Àþœ°{¤ñõ»´ ÎkÛÃ%e΀yÈù§{§€ÁÅîç€5r>È/Ÿ?þ¯þÝן?ÿæÀ°vÀ`oç¿>ÿÿòw?ùáó綳³{aXàzwggo·ÿæÅo?{ñêûÏÿRo;Ñì ,=ÉåÂd^]håŸ =Ø?þ5üôÅ__ÿ|°}úŒ•7ó`1€S£üw/ÎÌÌ”Á§?þµyq²ý¾ñkS°³Ê¦`.|9ÿß}¢•zÉ·Qéw”vwï;+l æÀñœÓnöž¨óò½Iz?Sèzû‘ÆOWÓÌ€Ë9Îå_?é‘>œÑ½©b'ÛO7¦àÔ°¼#À“oPßà ü~¤ª?ùK Àò9€ÆÙßýÖуôp²èÅöõK²2¦`æÍÜxàì?–›GI©ç‡ïîLøàUð f ÀŒ3ˆ›ä¾?¾#ñäÅ`ûdªSqj¨ì„Í°„VÍÎõä³ÙbŽŽŸ¶èÓíi­Ü˜‚Ý`q€a}=m¯W#æ$½¥ÇA ¦`çÔ0Ygjÿ6²?Un÷GÝ8y†O‚ã|Íå33àõyÏ_`pRm׳ÑÑÙõdû5B Kd f @¿Ó@Ok]÷qË ¤üí^M—ÃÌ€þ€iÎþ5=•Ëñ™êcƒ“¼ÐS À{é©Ätg¿róŸ €ùªFÒB›‚ÙÐÃ,jÎþOŠEO.4%(0‰Ñ“u kàz|pw²|51õfJ jzP`œ)hë Ð¥pѼE]M©G0}Í*A%2³ ³:§­<«ãiÉè·Ó³Õ¯·[yv×; e f@7À^MgÿIóÞŸ~'ªJOu²3èà—œ¬7í‹0wÐ…WQn5W¥™û±ˆ¦`6´s†Î~ë.¤Jó‡ÊõÂ/¶»Éœ»)˜ -r€®»ºç~VqrT]u hæi fÀ«†ÀE‡­£òJòÕ;«†A33à¦É4ÐÓNèçÕû :ÞÊév·ívh .V€ý¡ÛË°_ÃÕsWÛÆ1ÞÍUZjEF§m·“ËZÖ¯ ¶û¸Ý3ÃIi½Pcèn/÷Mêe!Öžµz²ÝSsNJ[zæ]âj¥h{T“6×Ë Àœ§ÍdòõöòNì€1™¦Ù“-é¨|T´øö7 š,› â,u€Ôc‘÷` ÷Y쌸ö¸hñí5»Å¢˜*CVÿ»ÚdòG[î·I!á¨Â¥I¾ÐŒ­‘†Žôq <ì)ý7äúW¢œ(1/•O<å¡Ô ·P1ô{OÄ–@Y \5ùÒ‹¦Aå¤%a ËL@!2…#Qk+)3)(R$K/‡ân‹¶—z¿RŠŒ¦ ÀX uÈPç¥ÊR·ôKp¸C°¯ÎA©óDCЀ³ú (úJG<Èý¦?·aP€Qóo„”{Ü‘NR37MH„•Ç¼"Hq†µ1Ì¢0ARonê§.w€/Ǿ“mäxû™@‚ÃB‰SØÒ¾Ö:èGœxJÿA͸Ýo~ÈPº*kH]³ @ð^­rS ÚA‰ÂL·ϘJ±åB¾8nS©·r”úi¸ÈL¨a~H7vS?v˜FHÿåHF¡Ù,\æ J7Ùl¤‹óF3Ðd<§2E¤qúj“ @¡½¡|û Àéç×Ë@Ó@ κ)>6xëDt9Žoè9Ó {×hÀ~G¥Þã»4ˆ-ƒËÀÙk˜1ç]?ô]{FsÛv— €u °ßYå‘{§¾ÝñUY Т56à²ÃÚã÷‰‹þó±WÓ´ Å5à ÃÒÇ÷Qªíº)#÷^ŒÜcÔB¬hU¢7]Þv;hsÝö7Þgg$ö£Ç{”¹#”°Õ±7­b±s®¼þ¨Ltm?°@c > LJ#øúµ"Æ!õ¦A*|€83À(Q‡€q’ Y ÐΟ3O~»6ʃLl@†Yl2ý\~À–L§Tnépæ(SNK"À¹#JßäA­Šhy/®%BÉ™îÜ<î ¯÷êPúe`òZI: WkÛ凣<†T}Êõÿ.db¶*àUËñX5‚Š4ð 9$I™„)ašk™ ûÔzÕôµÉw R>+hœ"q•—ÇoˆžåÊ(*Â,І OhDœÒ_ pÓöfl5R7Ì âRAáò2’ŽrE¤Dùmf‘ª^¯)ˆ(—%PÒˆ)ýªà"eáf±T\C’kdQ©趟GÓrЗÆ´ŽÇUôTŽÃˆG "æ‚@á†4y´ÔÃAÞñÙŸ4‰º•7®X ý4ìj Ýx‚ˆ¥! Ü…(Q›ÚpŸ‡ÀZ$Ÿì¾¶|RYyãbøÆ]ÐÁrà@Œˆ,‘ˆp !èV’¤8À¼îÚ|]÷Üúª]–¥¸ÜEˆÆ¨GyµûêqEâ»*X²ÝâØ“¥ ‹r1ëëô·;¹:'ßZu:¹#3¿@ÐÕØ; 'äþây‹¾äôbñ8î$«¾þ÷þæ“|üIû®ýžaßþI N€ËWsi·'?øæwOÿìù×[_ › ·;ñ?þÞš|±øÌgà/Ÿ?ÿ·/¾|òƒ½¶Uº&&vRµ°Y|ÚêŸúA“: ƒoý?½øÕpêÔu«²²ƒãÞ<ø÷µ8öúdÁh½0Î!Á .ÌÏ¿÷W/~üîÕ'Í xuÓ[ëíâ3€öËãT&8JÍ™tsGV«z1, ø ñ¤YÑÁ´Æöœ-ÀÞBpÛ>#$VA £p3Ǧ@PEý?^ÞcÐĘšÅÚØÆ €@lnâP&c”—›… ¤‚x»tÐÓÊÎõÝé·÷Û 4Ø]dº¨‘˜[%*ÄyŽ“(òð²þG—ö>­µ’èQ…n£u'p²¸ÚpyÖõùUÜÁ÷K‡«í¾Wݨ҅¶õÃZsxvðà óó‘y ýO(î?Ø­6#ëXÍB­<ù¶ó‰Ý[IaâêUÜj?¡ídÁVŽÜâZ€Ãn AU¼H»÷´:my©îÀ«Š?¡åMùVŽÜÂZ€óŽë±}²SWÿUÖw™ìT¶a-ýÀÝ´]/>øÆëê¿Ú?ܳʷ1[NÜYA е°ýü›Ó=÷½‡½z՞ƹû³j‡;«gTÇgòó?ýÖT_yïÑ5–ø:±Ùë3Úù«gÎ.;?•éAõ_o7(47b­ŠF¬œеP €'ú¯»ÈŸY„ëÞg\ÖƒxÛZ€~#Ó8yÚC4X•^»Í~D?pÕ,@/‹ñM`„þ›ÃûÆƸªÇnQïkÅ,@ÀTNFµ¿£†_5tf¨ÆÕ²7ý¬:€‘úo €qþöojè›û«e.aæŒÖàà¾;з¸Š‘ÀYp:ÆÿjÀ]&ØI½µÊ§g­b$p†ŒÓÇFúð—ÊH„ßÍ´½ËÖ–¢ø°´© IbÄ"¯’¼{âåÝp:öò5à~ ãz·z5×í5°ÂSsȘä®,LÊ¢(™€’e©˜£°Ì3H¹‘å©dBøi )È"vËN¯ÿŽLBžÎ\‰»ƒYà‡™›"d~N’ºÒÉ]F—€îæQ”ú*ȼÒaq_n¤(u¡ÀY º`‚þ[p0.:Ð h“O°7sž¡-žϬP:)MÓˆdàæâŠÈc4K)¸ˆ8*Ì…$Os“†€wùC/&5žÆŒL­ä4Ko“Úo…ˆÑ L5.7Ç¥˜GiJÃÜI¨‚âneË TyŽ  LÍ+9’N˜¨ÿæŒUïÔ4²F¹Í¿“™ ò2À±tSŸPœú,¦ø€q%÷y¬9@±ô%0~êK„avÀÅdï©)–56idwm²BO.f ÀxI”î f9 œ¢ÿÆL¹ 4y’Y?p°°"jÀH ³àzÚè©!ÓSA'N2k2¦k@¿óÃ94UÿM¨txü$³&~àJp5®§w¶Í8¯úƹ & ¶ˆ]œ,_Ì€ +ÉõgÞ^ü‘™Ê n ´àzÑø‡Ô ¸®rÉP3l”;P²à*ðé‹è€A¥ÁÖQÏ`¬;P[Ÿ-|€~ Ô`ð>í€júoÀe£ M&™Õö[X€~ 4°7/oú ¢þÐ8ŸõÁ$³º~àÂNlâBÏTÕnZ”4¸ïlÏÌô›°ˆTÖZ&´¿ŸdVÓÜ]%Žú`°ýÇþÎdÐ>¡õí$³™)qẀ³^¨Þþ›ÐIM“¹YPo²àJYè€íA ºÊhìîüòz]-@Ÿ êè¿>‡Ý­4 «k2„ÐÛÕÌÞ&xæŠ~x›cœB¡úàóZ‡Ôàöp^t/™H¨’~®SÌ)E’‚þ“Šœ¥ “"®’¨t’<×»py\Bš3ÉŠ¶üq{Ð+ƒ Èö’ÀÏÎý,AŽÒ4^êäné¥Ô•[I Ê-0*Îp‰rW:Œø™Ó€Ïk¦[Í´§Np•GR'û½Mbß<,ÀV°)­Ï­CB¼¸ÀÊË„©Òžô%ÉÔÁ®¢dS…44‰¤m¸Þ®›nwT½¥Êö׊ë^p«ŒhIH 4 r *Rú d@ɤ>±MZÏ|,#0•Ð8ÇÊÍÂ!Â- SâÛ“$WŽR’Æà R ^+·`ï÷µÓ-+À‡+ŠâöË s\¦^áHO7ÃàæžR~ÈeL¸°1q6D›¬ŽÝ¹^!‰­Ô ±_ne^jÀ„xÂ%ØW(Ô6bq?ôbmÚ0¨Ÿn[ €DЗ˜íÊrB„ IR—ÆR›DÝ0œ8Ö]€À3e΃ròê mŠ¾ÏÁ(5|Hm7¥nãÚ~Jý¯ÒÿefÅóáÔ0%Í^ïv1º0³=€Ë­¢ðq"m°QîeŽré5ëL1c¿^†•“ûÚ"ÐDD4QÑ´åaw—ÊŒÖhy—"@t @áj—Uw^‰ˆ“ØÏ]„QýS+L{É@„¡€(ŒË‚ðXE¤TfÞL4%p´T`B½À˜dzA1åBÒ1[E>œåaée±Ì0Îd<㟻* ;Ѧô‡>tˆS)w+G€›læ¡*ŠŠN`ÒMˆ`LZ(Í¢œP!iXÌøçîX ð€¤ŒHÄdœ§ºÑoˆcV”ÊSn‰”«8õÒn,@»ÕÛ€Uµ(b &îL¶4"ÀˆÒR P¹‰q\aLQ€~¦3íÕº´J>À«_qÜ~Êòp–Y Š³bS[N†]€n(WfY?ýhŽMúô›?ÿÖîšZ€ß¾ø°`_ó°Êp© ˆ%aIêD¡dÆÿ×n5„™î¨U¬: ÃòVú‹çÏ4 -öZ!¢Yð›¿íxzP³nº.ŸvGÀ·Ÿ ¾ÿüç³°{‹|ÇžV6 ®>ênRÓÅÇÃöîö,,@¯"Z8‡s»¹Þ€ß½ø«Î¾únÖþõÎ ,ÀÉ‚ƒƒNK†îöÀϾóÝβXÞ*ôä¤ Ðk€vÃÀ›ý× úx»o`¿³„÷Sv«.R¹³’h¿z¿+opðOz »u?ès» pºÀœuä n?ÿÆ o:‹Ü»·S1=¼M€ÅÎ^vr&?þüzi¸_¸éó¾-@¯": ßvá ÖíÜÏ €í¹ÒDÑÑœë…@í·Ÿ.´×SFP¦ ow×€ _Î €°ýáŸ;“üç&]òÅnZÜY*^7 ×@}°èîôÿ韩cÚšr;ëbŒœ5YZ´•øǹ0­²ÅÎúX€†Þ`}îUüš÷Û¶à¾ÓS;Y`I¯ÈÉÕ#w×Ë ½Á³¾x=û.`Òú³CÖ͹ªå ÖàjŒè±·uÀD=NZWrý,@]o°—àP”"J‘Æ÷ÓLU i$Ê,.x<½ŸpNê0%¢û¹µå¸ra®úÜ+ü~×(’Ä-¢ uËûËWJ?Åæ~±‘£l“³ëš•qø™Kü´SÔ8!;d=-ÔHèÀb3Ë,¥@ù}Bm¸™Äqîð”'U±¥LÙƒéL½/3¾‚ìºZ¨neÞ&¤AŠß«á$ƒ8Æc@º%?({8MwÎ=(&0]‹c“D×ÖÜyƒ—½põx@pÈY@Cî“ûËWJ¢0J2XæÐû5.¼”†4ÚL(퀱р5¶FÎ÷oºàõÕ¸8@JÇõpZ™C–[dUœÀ*y]ã²CÖÚ ½ÁiÙÃ]PN˜jOb•41Æ Xs `dÊ\²úœ_uR•¨¸ˆëèìSkuÖµ\±§@‹äî> ̧JØÈdú×ÈBü¸m]£z¾øçöä'«ÀÈðp¿Ü~ñí&0Ö숟&‰6àt0Þàå ¸Ù‡›YýsN;ͯ&&<ž@çîßÉŽ`dxø¨÷/ñƒûU£|ùx‡™Hl*ðÓÏ)ÏÞ'¤A€Ÿ|×ßt¯vÖT`Te£NÜ¿0…Ò+8WÇžL@d茒Å)E%‡(a0ªdDUõ¿O1((‡$Ž@“»@‘g)-õfcœ€tJž@LKH"¿L@qàa©¹bÑx#“Ž:qÿ4Y¥¥S±¡\È„–ú!½|«Iu“ââ™Ú,â(ÊS\’lŽų2¢Æx–„4ß®Ùi 7sõ' ‡¹©ß/QJN‰ô‹Í¼Å¥Y' ¼àöe÷/tQ¨º)é¢<éBbÝ) {)2ƺÖ*õ†lpŒýþý~ãe¦êd ý¦«?‰Å4PéBb‘…ú+À#|¸Q ÍPû©€ r?Yà¨÷š*Á_(7äjK:ª¶~ðÓ-ÝÉ1IÕqpT8S÷ ξ@ïŠ H‰ s5 T  ÚÌ'¦BçàèÁ)]•¢$‚D?R1€+D,÷½Á;Î[Fÿcz3í`œIDˆŠQ”(ŒREp,"Pié¶ê*Ec†²8C8}âäeÀ­É;'bÊ“DÂläæˆB;§ ,Š)Ä ÄT…¸°Ü“÷ÉG-Ý¿ZR$¥WmO·òƪrjx(o ÏA/Ñ¿q–‚–wµ‘Y:à¯ßp|k =XV†ë’\õýÛùÅÏôËÏ¿ÿíoý ›Ï;nîÊ÷X `y€ÛýÿqÜçùüççÏ0€ßãùÇ]\þWŸþ´ùÁ×€™Ë`çó¯ÿhØú>Þ¹ÞÙÙii„ÿÛ‹€åàdg÷ÑíÛÓÝ£ñã?ÿI÷Ö €(bàÂðh‹s'‰¡,¸ú/å®’~êî–Œ£­FF•^"ô Lz”[œy$­|;•ûÚ‹Ý*¨tÔþ×€8(SM5.¤t+M³$fb¸qb0kÄe$¤fc¡_¹)Õ(î¥C ËÀ¦9.ª6þšNÞ‰v ªÒAªÚºù¡®ð’ ø[BJ©pcW8…~‡™;­z¯8"Ò%Ô“8 iF~‚Ò "ˆÒ‡ÀlIÑmãìNs æV¦p™G…QZ.@((ôRB¡}?™ëwd©ÿ*ã –ïöÕo+¥Rú •«R˜=Êá›Bußøk¸û]ŒQv× €™~ïNûQöøPQ7uªv,=I»Æÿ@NG¹ûÝÄ(¬èGvw:±=¼éæs­)¯ÿê·-î_ììôÜ0TôNÿ7]‘j)_¼xñÓÆ¿ÇÜ×»C—à«Î’U¬#?{ñÙ5þG.Áßü¯Îy¬#o>»ªïf÷Úø?ÈñeåP‘µmœÀJõ¤îûê³q6/ßû…íÝ[k&ÉYåT‹ÁîÎéŒ~Íñ僯mit¬˜(·ÕRƒOwvg6Ò<~l–jÝ=² öõ>^ Æ¯åÕÈáéÉnS—ÀZ€ir³»(ßtJã'«4Ë*² /8ÛÆ?YÿÃóÑœ ¬è8í žÌ¶ñ›©0Yím¨ÈZ€€ÁÓzbƒ6žWSýW­pZÝ/ìáÕºôÈœœßÙ“\Öš­RÑ/ܳT“«¾à<mýOôdz¨hïÚPÏœKão¤ÿ;—@û…§~ÿ‰ º ~X-¹{‘ô?”I¡¢þ*D¬`BÈîù»yý„«¶¥ŠOÇÜ=:µT2ÿ~7¯Ÿð²ƒÏ8ýÞ… ñG¼ÍŹܟGÕØ›ƒ®>éI¨¨¿ +ÀƒüÎz÷ˆ;‘7~ÜÅýPQ"V€ÇÉÝgG3>ýAÕJNwwv‡ÆÿÚ0¹µŒHîìßÌòìU_ÕjL”àÚ0Ñí“mqt¶ÜíÿžK°m}€ ìq—3« »´µê—€iù3ò—WÿK @•äîWGK¡ÿ<$ÙÃ-â~1ú””˜ÜŸçœdkÀ br÷,|ÁÖñŸÌ+Ë TiEɥʳ E®¸VsÁ‹!Í‘,™ë]¸„’Ó4WàB?ʉE•V€:)^‡g‹®@Ã¥|…˜pOnò Å s3Ì1ËXòŒ€r‹M–¢Ô-ÜÌI¡<é¥~ée~¹¯uS¼zö_¶:ëÜ(Sæ„äàJbæ<‚,ô©é؆l\ø _ãÕ€Ç)wˆ7®E½|4ÉïìÓì@ÿ‡Qî‚ðt7oH’0ã‘r ##~©-€ö  ‚˜ÖS)O r]hšßùêx‘õ@|ŸB‚‚<,À—Î|–@€#¯ å‰2³ž€Àšªû)ó©a…q üµ Er÷›/ûIªZúµ —€¶Éݽø‚û°Ì€’»{ð¿\zý/åwÞví Φýÿú?|ú«—ë @‡ùÝÞ#ÞW³¸,—¿zñÑoo×€Žó;o:l´3hÿ—GG—G?ísYœÅàd§óBùù‚=‡˜ÏŒò×Úè)¹ûò`áõ{öÕÁñŒVC[XövúZ%cÐ…/xÔ—~¯Žg˜Ë´˜tX¿s”´ ö£ÿ7ÇGgj¶W}è¯ñwå wß9_ux6‡°âÂpÑoãß…Ÿ-þ/ŽŽÎçS^,þ¸7›~í|ÁNõùÕáÑå¯ú"pÒQUŪ¾`Ã~üÕ뮜ýׇsUþ‚08™ñ7ò_u–œÎl¤·,Ì^šø‚gíõ¯Gz‡¯näÌÙøÍΤv\ð¬e q#½ÀüA³ñƒ÷¨ø÷Òž½…ôÏÛèÿêøàèlÑHf €«ÀIƼ‡sHð½]gtJûµLz›Û²W?9†Å“™Ná Ò-¢9R$óʼÀ\Ä$"Ê+…2¹¡\àe"¦L¹¹Û_—PÝlXfÞ#½E€98HƒÒ—EúJ3”…‰Š8z_ — äQ t¿°?L‰·/Ø@ÿ·çG‹«ü9 %E ¸H½Ü{}5¨©¯{Sê_ôŽ.Wëb­~ èÆt‡w£ŠcÓUT A½óïéyGzkÀ“®â­ãp8qŒù¶Ìì—wœé¾åj5¯È:‡‚ ZµCž8Ƽݿ…›WK>Ò³TrÞ\ǘÆ>œ_^½<ÿâèààÕ`µ·`ôÓt/W]ù+€j"-ë!~ Ÿe‚zAð®$·/-ë€'À‡„ÄÊÁÃî‚"‹˜/ÓÔ°äHù*R~‰ ’”¥~"Ý+?ÅÖ¬*Ô­‘­—$ÃÒUàÆ üMfX @y'Ò)p6ì‚B ºo°¬¾ÄÚû£*ŒÒ8™ÉSÚ d9ĪL,V,V,V,V,V,+/ Àz˯€µ6ßyiXgyùâg€u–ÿøâ;Ê°ÆrùòÌZ€µ–c°¬7· €Àv€uõ-V,V,k,inX?)³¸ä DÌ¡(Ó<€õ’$È73¿Ä9a1 âÌ·¬ ¸f ñc €˜ÙÚ€E€iSî,ë(œ‚8G$FIJ¤~a°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°b°Ò‡üüËJî1Ò´IEND®B`‚PK.fÇTmeta.xml“ÁŽ›0†ï} ÄîÕØÆ,‹°RU[µRS©·ˆØ^Ö-ØÈ6KúöivU‘8Àð3žß3Åã±m‚Wa¬Ôjâ…PLs©êmøc÷ dácù¡ÐÏÏ’ Ê5ë[¡h…«‚U–vFØ1T9Ÿ¡7ŠêÊJKUÕ K£ºjé%C}Ñ9>—ÑZoÃç: áÏÑH›Æåpþ^™ÚpÞœôÃ0DYµÖW®¯R w+Q)ÙÞzÒI{qÌ©û[LÚsÖ¶²¹•´€é¶OphÄyÎN-w½i|ÃœAш‰·G®Úc#Õïká<Ï¡ÿ{º€ÿZŸ¼³~þºµ›e†|ËûÙà‘°\§l²¬,¼qÌï>oQ”1Š1@ãï0¡˜b!œœå9*à¢àŒ®h P Ðf‡šä4΢ !£è*›« .ݸ€÷Æç*¿õ>?à/é÷¥Ê…â-Èþ°FØ2Ù¼“/ñY\ %FZ›òIŒøꛇ›ˆDI„êûŸYºO“àL°ïŒþ%˜ƒÝìeÃ^ŠüË7ç?-«Í:Éׇ‰çªWnfq˾±^[÷ò/PK­ÑúÄ,PK.fÇTMETA-INF/manifest.xml­“MjÃ0…÷9…ÑÞR6EÄɢФPí‘#FB?Á¾}%Ç.%Cv3Ìè½OiŒ®.àƒ²ØWúB*ÀÖv û†|Ÿ¾êr<ìöF ’"Ÿ‹*ŸÃpk’øtNæ…ÒŹ¤û;&ʈX™or1Ńè{öï;~PKµºâ&ÉPK.fÇT3&¬¨//mimetypePK.fÇTUConfigurations2/toolbar/PK.fÇT‹Configurations2/floater/PK.fÇTÁConfigurations2/menubar/PK.fÇT÷Configurations2/popupmenu/PK.fÇT/Configurations2/toolpanel/PK.fÇTgConfigurations2/progressbar/PK.fÇT¡Configurations2/statusbar/PK.fÇTÙConfigurations2/images/Bitmaps/PK.fÇTConfigurations2/accelerator/PK.fÇTz€¢Î Pstyles.xmlPK.fÇT231Æ¡ ‹content.xmlPK.fÇT+bÈøø) Š&settings.xmlPK.fÇTLš‚Ñù8ù8Ä-Thumbnails/thumbnail.pngPK.fÇT­ÑúÄ,ófmeta.xmlPK.fÇTµºâ&ÉíhMETA-INF/manifest.xmlPK+Vjnatlog-3.01.00/icmake/000077500000000000000000000000001474316276200144045ustar00rootroot00000000000000natlog-3.01.00/icmake/backtick000066400000000000000000000001601474316276200160770ustar00rootroot00000000000000list backtick(string arg) { list ret; echo(OFF); ret = `arg`; echo(g_echo); return ret; } natlog-3.01.00/icmake/clean000066400000000000000000000011021474316276200154030ustar00rootroot00000000000000void clean(int dist) { run("rm -rf " "build-stamp configure-stamp " "options/SKEL " "tmp/*.o" + " o */o release.yo tmp/lib*.a " "parser/grammar.output" ); if (dist) run("rm -rf spch tmp *.ih.gch */*.ih.gch"); chdir("documentation"); run("rm -rf " "man/*.1 " "man/*.3* " "man/*.html " "manual/*.html " "manual/invoking/usage " "manual/invoking/usage.txt " "usage/usage " ); exit(0); } natlog-3.01.00/icmake/cuteoln000066400000000000000000000002331474316276200157760ustar00rootroot00000000000000string cutEoln(string text) { int len; len = strlen(text) - 1; if (text[len] == "\n") text = substr(text, 0, len); return text; } natlog-3.01.00/icmake/findall000066400000000000000000000011731474316276200157420ustar00rootroot00000000000000// assuming we're in g_cwd, all entries of type 'type' matching source/pattern // are returned w/o final \n list findAll(string type, string source, string pattern) { string cmd; list entries; list ret; int idx; chdir(source); cmd = "find ./ -mindepth 1 -maxdepth 1 -type " + type; if (pattern != "") pattern = "-name '" + pattern + "'"; entries = backtick(cmd + " " + pattern + " -printf \"%f\\n\""); if (idx > 0 && strlen(entries[0]) > 0) { for (idx = listlen(entries); idx--; ) ret += (list)cutEoln(entries[idx]); } chdir(g_cwd); return ret; } natlog-3.01.00/icmake/gitlab000066400000000000000000000002221474316276200155650ustar00rootroot00000000000000void gitlab() { run("cp -r release.yo tmp/manhtml/natlogman.html ../../wip"); run("cp changelog ../../wip/changelog.txt"); exit(0); } natlog-3.01.00/icmake/install000066400000000000000000000031721474316276200160000ustar00rootroot00000000000000 void install(string request, string dest) { string target; int components = 0; list pathsplit; string base; base = "tmp/install/"; md(base); if (request == "x") components = 63; else { if (strfind(request, "b") != -1) components |= 2; if (strfind(request, "d") != -1) components |= 4; if (strfind(request, "m") != -1) components |= 8; } if (components & 2) { target = base + BINARY; pathsplit = path_file(target); printf(" installing the executable `", target, "'\n"); logFile("tmp/bin", "binary", pathsplit[0], pathsplit[1]); } if (components & (4 | 8)) { target = base + DOC "/"; if (components & 4) { printf(" installing the changelog at `", target, "\n"); logZip("", "changelog", target ); } if (components & 8) { printf(" installing the html-manual page at `", target, "\n"); logInstall("tmp/manhtml", "", target); } } if (components & 8) { target = base + MAN "/"; printf(" installing the manual page below `", target, "'\n"); logZip("tmp/man", "natlog.1", target); } chdir(g_cwd); if (dest == "") dest = "/"; else md(dest); dest = cutEoln(backtick("realpath " + dest)[0]); if (g_logPath != "") backtick("icmake/log " + dest + " " + g_logPath); run("tar cf - -Ctmp/install . | tar xf - -C" + dest); printf("\n Installation completed\n"); exit(0); } natlog-3.01.00/icmake/log000077500000000000000000000006321474316276200151140ustar00rootroot00000000000000#!/bin/bash find tmp/install -type f -exec md5sum "{}" \; | sed 's|tmp/install|'$1'|' > $2 find tmp/install -type l -exec printf "link %s\n" "{}" \; | sed 's|tmp/install|'$1'|' >> $2 find tmp/install -type d -exec printf "dir %s\n" "{}" \; | sed 's|tmp/install|'$1'|' >> $2 natlog-3.01.00/icmake/logfile000066400000000000000000000002571474316276200157540ustar00rootroot00000000000000void logFile(string srcdir, string src, string destdir, string dest) { chdir(g_cwd); md(destdir); run("cp " + srcdir + "/" + src + " " + destdir + "/" + dest); } natlog-3.01.00/icmake/loginstall000066400000000000000000000015651474316276200165060ustar00rootroot00000000000000// source and dest, absolute or reachable from g_cwd, should exist. // files and links in source matching dest (if empty: all) are copied to dest // and are logged in g_log // Before they are logged, dest is created void logInstall(string src, string pattern, string dest) { list entries; int idx; chdir(g_cwd); md(dest); src += "/"; dest += "/"; if (listlen(makelist(O_DIR, src)) == 0) { printf("Warning: ", src, " not found: can't install ", src, pattern, " at ", dest, "\n"); return; } entries = findAll("f", src, pattern); for (idx = listlen(entries); idx--; ) run("cp " + src + entries[idx] + " " + dest); chdir(g_cwd); entries = findAll("l", src, pattern); for (idx = listlen(entries); idx--; ) run("cp " CPOPTS " " + src + entries[idx] + " " + dest); } natlog-3.01.00/icmake/logzip000066400000000000000000000016561474316276200156430ustar00rootroot00000000000000// names may be a series of files in src, not a wildcard. // if it's empty then all files in src are used. // the files are gzipped and logged in dest. // src and dest do not have to end in / void logZip(string src, string names, string dest) { list files; int idx; string file; chdir(g_cwd); md(dest); dest += "/"; if (src != "") { if (listlen(makelist(O_DIR, src)) == 0) { printf("Warning: ", src, " not found: can't install ", src, names, " at ", dest, "\n"); return; } chdir(src); } if (names == "") files = makelist("*"); else files = strtok(names, " "); for (idx = listlen(files); idx--; ) { file = files[idx]; run("gzip -n -9 < " + file + " > " + file + ".gz"); } run("tar cf - *.gz | (cd " + g_cwd + "; cd " + dest + "; tar xf -)"); run("rm *.gz"); } natlog-3.01.00/icmake/manpage000066400000000000000000000004551474316276200157430ustar00rootroot00000000000000#define MANPAGE "../../tmp/man/" ${PROGRAM} ".1" #define MANHTML "../../tmp/manhtml/" ${PROGRAM} "man.html" void manpage() { md("tmp/man tmp/manhtml"); chdir("documentation/man"); run("yodl2man -o " MANPAGE " " PROGRAM); run("yodl2html -o " MANHTML " " PROGRAM); exit(0); } natlog-3.01.00/icmake/md000066400000000000000000000007401474316276200147300ustar00rootroot00000000000000// md: target should be a series of blank-delimited directories to be created // If an element is a whildcard, the directory will always be created, // using mkdir -p. // // uses: run() void md(string target) { int idx; list paths; string dir; if (!exists(target)) run("mkdir -p " + target); else if (((int)stat(target)[0] & S_IFDIR) == 0) { printf(target + " exists, but is not a directory\n"); exit(1); } } natlog-3.01.00/icmake/pathfile000066400000000000000000000005521474316276200161250ustar00rootroot00000000000000list path_file(string path) { list ret; int len; int idx; for (len = strlen(path), idx = len; idx--; ) { if (path[idx] == "/") { ret = (list)substr(path, 0, idx) + (list)substr(path, idx + 1, len); return ret; } } ret = (list)"" + (list)path; return ret; } natlog-3.01.00/icmake/remove000077500000000000000000000011701474316276200156260ustar00rootroot00000000000000#!/bin/bash g_echo=$2 rm_f() { [ $g_echo -ne 0 ] && echo rm $1 rm -f $1 } rm_dir() { [ $g_echo -ne 0 ] && echo rmdir $1 rmdir --ignore-fail-on-non-empty -p $1 } IFS=" " for line in `cat $1` do field1=`echo $line | awk '{printf $1}'` field2=`echo $line | awk '{printf $2}'` if [ $field1 == "link" ] ; then rm_f $field2 elif [ $field1 == "dir" ] ; then rm_dir $field2 elif [ -e "$field2" ] ; then if [ "$field1" != "`md5sum $field2 | awk '{printf $1}'`" ] ; then echo $field2 changed, not removed else rm_f $field2 fi fi done rm_f $1 natlog-3.01.00/icmake/run000066400000000000000000000001511474316276200151300ustar00rootroot00000000000000void run(string cmd) { if (g_echo == OFF) cmd += "> /dev/null 2>&1"; system(0, cmd); } natlog-3.01.00/icmake/setopt000066400000000000000000000003411474316276200156430ustar00rootroot00000000000000string setOpt(string install_im, string envvar) { list optvar; string ret; optvar = getenv(envvar); if (optvar[0] == "1") ret = optvar[1]; else ret = install_im; return ret; } natlog-3.01.00/icmake/special000066400000000000000000000003411474316276200157450ustar00rootroot00000000000000void special() { if (! exists("release.yo") || "VERSION" newer "release.yo") run("gcc -E VERSION.h | grep -v '#' | sed 's/\\\"//g' > " "release.yo"); } natlog-3.01.00/icmake/uninstall000066400000000000000000000004561474316276200163450ustar00rootroot00000000000000void uninstall(string logfile) { int idx; list entry; string dir; list line; if (!exists(logfile)) { printf("installation log file " + logfile + " not found\n"); exit(0); } run("icmake/remove " + logfile + " " + (string)g_echo); exit(0); } natlog-3.01.00/icmconf000066400000000000000000000011411474316276200145110ustar00rootroot00000000000000#include "INSTALL.im" // For more information about this file: 'man 7 icmconf' #define MULTICOMP "jobs -q" #define SPCH "" #define MAIN "main.cc" #define REFRESH #define LIBRARY "modules" #define SHAREDREQ "" #define SOURCES "*.cc" #define ADD_LIBRARIES "bobcat pcap" #define ADD_LIBRARY_PATHS "" #define USE_ECHO ON #define TMP_DIR "tmp" #define OBJ_EXT ".o" #define USE_VERSION #define USE_ALL "a" #define IH ".ih" #define DEFCOM "program" natlog-3.01.00/icmconf.lib000066400000000000000000000011041474316276200152550ustar00rootroot00000000000000#define CLS #define LIBRARY "modules" #define SOURCES "*.cc" #define OBJ_EXT ".o" #define SHAREDREQ "" #define TMP_DIR "tmp" #define USE_ECHO ON #define CXX "g++" #define CXXFLAGS " --std=c++20 -Wall -O2" \ " -fdiagnostics-color=never " #define IH ".ih" //#define PRECOMP "-x c++-header" #define REFRESH #define LDFLAGS "" #define ADD_LIBRARIES "" #define ADD_LIBRARY_PATHS "" #define DEFCOM "library" natlog-3.01.00/icmp/000077500000000000000000000000001474316276200141035ustar00rootroot00000000000000natlog-3.01.00/icmp/destructor.cc000066400000000000000000000000451474316276200166070ustar00rootroot00000000000000#include "icmp.ih" ICMP::~ICMP() {} natlog-3.01.00/icmp/frame000066400000000000000000000000371474316276200151200ustar00rootroot00000000000000#include "icmp.ih" ICMP:: { } natlog-3.01.00/icmp/icmconf000077700000000000000000000000001474316276200177602../icmconf.libustar00rootroot00000000000000natlog-3.01.00/icmp/icmp.h000066400000000000000000000013011474316276200151770ustar00rootroot00000000000000#ifndef INCLUDED_ICMP_ #define INCLUDED_ICMP_ #include "../ipbase/ipbase.h" class ICMP: public IPbase { public: ICMP(std::ostream &stdMsg, std::ostream &logDataStream); ~ICMP() override; private: void logConnection(Record const &record) const override; void outDev(RecordPtr &next) override; void received(RecordPtr &next) override; void sent(RecordPtr &next) override; void vByteCounts(Record const &record) const override; void vDst(Record const &record) const override; void vVia(Record const &record) const override; }; #endif natlog-3.01.00/icmp/icmp.ih000066400000000000000000000001761474316276200153610ustar00rootroot00000000000000#include "icmp.h" #include #include "../showseconds/showseconds.h" #include "../nic/nic.h" using namespace std; natlog-3.01.00/icmp/icmp1.cc000066400000000000000000000001711474316276200154220ustar00rootroot00000000000000#include "icmp.ih" ICMP::ICMP(std::ostream &stdMsg, std::ostream &logDataStream) : IPbase(stdMsg, logDataStream) {} natlog-3.01.00/icmp/logconnection.cc000066400000000000000000000006661474316276200172630ustar00rootroot00000000000000#include "icmp.ih" void ICMP::logConnection(Record const &record) const { stdMsg() << "from " << record.beginTime() << " thru " << record.endTime() << ShowSeconds::utcMarker() << ": icmp " << record.sourceIPstr() << " "; (this->*d_via)(record); (this->*d_dst)(record); (this->*d_byteCounts)(record); stdMsg() << logType().first << endl; logCSV(record); } natlog-3.01.00/icmp/outdev.cc000066400000000000000000000006031474316276200157170ustar00rootroot00000000000000#include "icmp.ih" void ICMP::outDev(RecordPtr &next) { auto iter = find(next->key()); if ( iter != end() // key found and the NAT-host's and // address is the source address g_nic.address(Record::OUT) == next->sourceIP() ) iter->second->setViaIP(next->sourceIP()); // then set the via-addr. } natlog-3.01.00/icmp/received.cc000066400000000000000000000006531474316276200162040ustar00rootroot00000000000000#include "icmp.ih" void ICMP::received(RecordPtr &next) { // src may not be local if (not g_nic.mask(Record::IN, next->sourceIP())) { // existing connection: // add received bytes if (auto iter = find(next->key()); iter != end()) iter->second->addReceivedBytes(*next); } } natlog-3.01.00/icmp/sent.cc000066400000000000000000000012271474316276200153650ustar00rootroot00000000000000#include "icmp.ih" // sent: dst may not be in the local net void ICMP::sent(RecordPtr &next) { // dest may not be in the local net if (not g_nic.mask(Record::IN, next->destIP())) { // existing record: add sent bytes if (auto iter = find(next->key()); iter != end()) iter->second->addSentBytes(*next); else { // or store a new connection next->addSentBytes(*next); insert(next); return; } } } natlog-3.01.00/icmp/vbytecounts.cc000066400000000000000000000003671474316276200170050ustar00rootroot00000000000000#include "icmp.ih" // overrides void ICMP::vByteCounts(Record const &record) const { stdMsg() << " " "sent: " << setw(10) << record.sentBytes() << ", " "received: " << setw(10) << record.receivedBytes(); } natlog-3.01.00/icmp/vdst.cc000066400000000000000000000002431474316276200153710ustar00rootroot00000000000000#include "icmp.ih" // overrides void ICMP::vDst(Record const &record) const { stdMsg() << " " "to " << record.destIPstr() << "; " " "; } natlog-3.01.00/icmp/vvia.cc000066400000000000000000000002231474316276200153540ustar00rootroot00000000000000#include "icmp.ih" // overrides void ICMP::vVia(Record const &record) const { stdMsg() << " (via: " << record.viaIPstr() << ") " " "; } natlog-3.01.00/ipbase/000077500000000000000000000000001474316276200144165ustar00rootroot00000000000000natlog-3.01.00/ipbase/bytecounts.cc000066400000000000000000000001501474316276200171200ustar00rootroot00000000000000#include "ipbase.ih" void IPbase::byteCounts(Record const &record) const { vByteCounts(record); } natlog-3.01.00/ipbase/bytecountsdata.cc000066400000000000000000000003241474316276200177550ustar00rootroot00000000000000#include "ipbase.ih" void IPbase::byteCountsData(Record const &record) const { d_logDataStream << setw(11) << record.sentBytes() << ',' << setw(11) << record.receivedBytes() << ','; } natlog-3.01.00/ipbase/cleanup.cc000066400000000000000000000007711474316276200163610ustar00rootroot00000000000000#include "ipbase.ih" //f: IPbase::cleanup(long) //c: IPbase::cleanupHook() //c: TCP::cleanupHook() //c: UDP::cleanupHook() void IPbase::cleanup(time_t now_ttl) { vector remove; lock_guard lg(d_mutex); for (auto &value: d_map) { if (value.second->lastUsed() < now_ttl) { log(*value.second); remove.push_back(value.first); } } for (uint64_t key: remove) erase(find(key)); cleanupHook(); } natlog-3.01.00/ipbase/cleanuphook.cc000066400000000000000000000000651474316276200172360ustar00rootroot00000000000000#include "ipbase.ih" void IPbase::cleanupHook() { } natlog-3.01.00/ipbase/data.cc000066400000000000000000000003741474316276200156420ustar00rootroot00000000000000#include "ipbase.ih" pair IPbase::s_logTypeText[] { { "", "ok" }, { " (EXPIRED)", "expired" }, { " (EOP)", "eop" } }; IPbase::LogType IPbase::s_logType = IPbase::COMPLETE; natlog-3.01.00/ipbase/destroy.cc000066400000000000000000000006121474316276200164150ustar00rootroot00000000000000#include "ipbase.ih" void IPbase::destroy(Record const &record) { // find this record's accumulated data auto iter = find(record.key()); if (iter == end()) // unknown record return; auto &accu = iter->second; accu->addSentBytes(record); accu->addReceivedBytes(record); log(*accu); erase(iter); } natlog-3.01.00/ipbase/destructor.cc000066400000000000000000000000531474316276200171210ustar00rootroot00000000000000#include "ipbase.ih" IPbase::~IPbase() {} natlog-3.01.00/ipbase/dst.cc000066400000000000000000000001311474316276200155120ustar00rootroot00000000000000#include "ipbase.ih" void IPbase::dst(Record const &record) const { vDst(record); } natlog-3.01.00/ipbase/dstdata.cc000066400000000000000000000004431474316276200163520ustar00rootroot00000000000000#include "ipbase.ih" void IPbase::dstData(Record const &record) const { d_logDataStream << setw(11) << ntohl(record.destIP()) << ',' << // see also setw(16) << record.destIPstr() << ',' << // logDataNoDst setw(8) << record.destPort() << ','; } natlog-3.01.00/ipbase/erase.cc000066400000000000000000000001451474316276200160240ustar00rootroot00000000000000#include "ipbase.ih" void IPbase::erase(RecordMap::iterator const &iter) { d_map.erase(iter); } natlog-3.01.00/ipbase/frame000066400000000000000000000000431474316276200154300ustar00rootroot00000000000000#include "ipbase.ih" IPbase:: { } natlog-3.01.00/ipbase/icmconf000077700000000000000000000000001474316276200202732../icmconf.libustar00rootroot00000000000000natlog-3.01.00/ipbase/ignore.cc000066400000000000000000000001321474316276200162040ustar00rootroot00000000000000#include "ipbase.ih" void IPbase::ignore([[maybe_unused]] Record const &record) const {} natlog-3.01.00/ipbase/indev.cc000066400000000000000000000011771474316276200160400ustar00rootroot00000000000000#include "ipbase.ih" // sent: src is local, dst is remote // received: src is remote, dst is local //f: IPbase::inDev(RecordPtr&) //c: ICMP::sent(RecordPtr&) //c: ICMP::received(RecordPtr&) //c: TCP::sent(RecordPtr&) //c: TCP::received(RecordPtr&) //c: UDP::sent(RecordPtr&) //c: UDP::received(RecordPtr&) void IPbase::inDev(RecordPtr &next) { if (g_nic.mask(Record::IN, next->sourceIP())) // package is sent sent(next); // package is received else if (g_nic.mask(Record::IN, next->destIP())) received(next); } natlog-3.01.00/ipbase/ipbase.h000066400000000000000000000122271474316276200160360ustar00rootroot00000000000000#ifndef INCLUDED_IPBASE_ #define INCLUDED_IPBASE_ #include #include #include #include "../record/record.h" // received RecordPtr objects are passed on to function that may grab // their contents. Otherwise, the Record as const & is passed to the // called function: destruction is then handled by the unique_ptr's // destruction struct IPbase { enum LogType { COMPLETE, EXPIRED, EOP }; private: std::ostream &d_stdMsg; std::ostream &d_logDataStream; typedef std::unordered_map RecordMap; std::mutex d_mutex; RecordMap d_map; void (IPbase::*d_logData)(Record const &) const; static LogType s_logType; static std::pair s_logTypeText[]; void (IPbase::*d_dstData)(Record const &) const; // as with the void (IPbase::*d_viaData)(Record const &) const; // protected data void (IPbase::*d_byteCountsData)(Record const &) const; protected: void (IPbase::*d_dst)(Record const &) const; // dst or noDst void (IPbase::*d_via)(Record const &) const; // via or noVia void (IPbase::*d_byteCounts)(Record const &) const; // byteCounts or // noByteCounts public: virtual ~IPbase(); void process(RecordPtr next); // starting point: received from // ConnectionsConsumer::run void cleanup(time_t now_ttl); static void setLogType(LogType logType); static std::pair const &logType(); protected: // KeyMap is used to associate the OUT dev. packets // with available IN dev packets in UDP/TCP connections // at a syn-packet 'expired' is set true: cleanupHook // may remove the keyMap value at cleanup time. // At an outDev packet, if the ID is new, 'expired' is set // false: maybe the next SYN packet immediately follows. struct KeyMapStruct { bool expired; uint64_t key; }; typedef std::unordered_map KeyMap; IPbase(std::ostream &stdMsg, std::ostream &logDataStream); size_t size() const; void insert(RecordPtr &next); RecordMap::iterator find(uint64_t key); RecordMap::iterator end(); void logCSV(Record const &record) const; // may call logData() // (not overridden) // also deletes the Record void erase(RecordMap::iterator const &iter); std::ostream &stdMsg() const; void setVia(RecordMap::iterator const &iter, Record const &next); void log(Record const &record) const; void keyMapCleanup(KeyMap &keyMap); void maybeSizeLog(size_t *lastSize, size_t keyMapSize, char const *label); void dst(Record const &record) const; void dstData(Record const &record) const; void via(Record const &record) const; void viaData(Record const &record) const; void byteCounts(Record const &record) const; void byteCountsData(Record const &record) const; private: virtual void cleanupHook(); // default: TCP and UDP records virtual void logConnection(Record const &record) const; virtual void inDev(RecordPtr &next); // TCP overrides virtual void sent(RecordPtr &next) = 0; virtual void received(RecordPtr &next) = 0; virtual void outDev(RecordPtr &next) = 0; virtual void vDst(Record const &record) const; virtual void vVia(Record const &record) const; virtual void vByteCounts(Record const &record) const; void ignore(Record const &record) const; // noDst, noVia, // noByteCounts, // noDataLog void destroy(Record const &record); void logData(Record const &record) const; static std::string showLeft(size_t port, char sep); }; inline size_t IPbase::size() const { return d_map.size(); } inline void IPbase::insert(RecordPtr &next) { d_map.insert( { next->key(), std::move(next) } ); } inline IPbase::RecordMap::iterator IPbase::end() { return d_map.end(); } inline IPbase::RecordMap::iterator IPbase::find(uint64_t key) { return d_map.find(key); } inline void IPbase::logCSV(Record const &record) const { (this->*d_logData) (record); } inline std::ostream &IPbase::stdMsg() const { return d_stdMsg; } // static inline std::pair const &IPbase::logType() { return s_logTypeText[s_logType]; } // static inline void IPbase::setLogType(LogType logType) { if (s_logType != EOP) s_logType = logType; } #endif natlog-3.01.00/ipbase/ipbase.ih000066400000000000000000000003451474316276200162050ustar00rootroot00000000000000#include "ipbase.h" #include #include #include "../options/options.h" #include "../showseconds/showseconds.h" #include "../nic/nic.h" extern std::ostream g_debug; using namespace std; using namespace FBB; natlog-3.01.00/ipbase/ipbase1.cc000066400000000000000000000022251474316276200162520ustar00rootroot00000000000000#include "ipbase.ih" IPbase::IPbase(std::ostream &stdMsg, std::ostream &logDataStream) : d_stdMsg(stdMsg), d_logDataStream(logDataStream) { Options const &options = Options::instance(); // no-via spec'd no-via not spec'd if (options.showVia()) { d_via = &IPbase::via; d_viaData = &IPbase::viaData; } else { d_via = &IPbase::ignore; d_viaData = &IPbase::ignore; } if (options.showDst()) { d_dst = &IPbase::dst; d_dstData = &IPbase::dstData; } else { d_dst = &IPbase::ignore; d_dstData = &IPbase::ignore; } if (options.byteCounts()) { d_byteCounts = &IPbase::byteCounts; d_byteCountsData = &IPbase::byteCountsData; } else { d_byteCounts = &IPbase::ignore; d_byteCountsData = &IPbase::ignore; } d_byteCounts = options.byteCounts() ? &IPbase::byteCounts : &IPbase::ignore; d_logData = not options.logData().empty() ? &IPbase::logData : &IPbase::ignore; } natlog-3.01.00/ipbase/keymapcleanup.cc000066400000000000000000000013611474316276200175640ustar00rootroot00000000000000#include "ipbase.ih" void IPbase::keyMapCleanup(KeyMap &keyMap) { vector remove; // see ipbase.h for details at KeyMapStruct for (auto &value: keyMap) { if (find(value.second.key) == end()) // key doesn't point to an { // existing Record if (value.second.expired) // Expired, so remove.push_back(value.first); // remove the keyMap's entry else // otherwise value.second.expired = true; // remove it at the next } // cleanup (or at FIN) } for (size_t key: remove) keyMap.erase(keyMap.find(key)); } natlog-3.01.00/ipbase/log.cc000066400000000000000000000003571474316276200155130ustar00rootroot00000000000000#include "ipbase.ih" //f: IPbase::log(Record const&) const //c: IPbase::logConnection(Record const&) const //c: ICMP::logConnection(Record const&) const void IPbase::log(Record const &record) const { logConnection(record); } natlog-3.01.00/ipbase/logconnection.cc000066400000000000000000000013211474316276200175630ustar00rootroot00000000000000#include "ipbase.ih" // logs TCP and UDP records void IPbase::logConnection(Record const &record) const { if (record.viaIP() != 0) { d_stdMsg << "from " << record.beginTime() << " thru " << record.endTime() << ShowSeconds::utcMarker() << ": " << record.protocolStr() << ' ' << record.sourceIPstr() << ',' << left << setw(5) << record.sourcePort(); (this->*d_via)(record); (this->*d_dst)(record); d_stdMsg << right; (this->*d_byteCounts)(record); d_stdMsg << s_logTypeText[s_logType].first << endl; logCSV(record); // calls *d_logData -> logData() } } natlog-3.01.00/ipbase/logdata.cc000066400000000000000000000014431474316276200163420ustar00rootroot00000000000000#include "ipbase.ih" void IPbase::logData(Record const &record) const { auto ptr = ShowSeconds::utcFormat(); d_logDataStream << record.protocolStr() << ',' << setw(11) << ntohl(record.sourceIP())<< ',' << setw(16) << record.sourceIPstr() << ',' << setw(8) << record.sourcePort() << ','; (this->*d_dstData)(record); (this->*d_viaData)(record); (this->*d_byteCountsData)(record); d_logDataStream << setw(11) << record.inSeconds() << ',' << setw(11) << record.seconds() << ", " << record.beginTime() << ", " << record.endTime() << ", " << setw(10) << s_logTypeText[s_logType].second << endl; ShowSeconds::setFormat(ptr); } natlog-3.01.00/ipbase/maybesizelog.cc000066400000000000000000000011051474316276200174140ustar00rootroot00000000000000#include "ipbase.ih" void IPbase::maybeSizeLog(size_t *lastSize, size_t keyMapSize, char const *label) { // debug and #entries have // significantly changed if (g_debug.good() && abs(static_cast(size() - *lastSize)) > 50) g_debug << label << " # entries: " << (*lastSize = size()) << ", keyMap size: " < lg(d_mutex); switch (next->type()) { case Record::IN: inDev(next); break; case Record::OUT: outDev(next); break; case Record::NEW: insert(next); break; case Record::DESTROY: destroy(*next); break; } } natlog-3.01.00/ipbase/setvia.cc000066400000000000000000000006471474316276200162270ustar00rootroot00000000000000#include "ipbase.ih" void IPbase::setVia(RecordMap::iterator const &iter, Record const &next) { RecordPtr xfer = move(iter->second); // keep the Record d_map.erase(iter); // erase the old key entry xfer->setViaIP(next.sourceIP()); // set the via-address and via-port xfer->setViaPort(next.sourcePort()); insert(xfer); // store the record with the new key } natlog-3.01.00/ipbase/showleft.cc000066400000000000000000000007131474316276200165610ustar00rootroot00000000000000#include "ipbase.ih" // static string IPbase::showLeft(size_t port, char sep) { string ret{ to_string(port) }; size_t length = 5 - ret.length(); ret += sep; ret.append(length, ' '); // the field contains 12345; // (or shorter) and must be 6 // characters wide. Called from // logConnection. return ret; } natlog-3.01.00/ipbase/vbytecounts.cc000066400000000000000000000003461474316276200173150ustar00rootroot00000000000000#include "ipbase.ih" void IPbase::vByteCounts(Record const &record) const { d_stdMsg << " " "sent: " << setw(10) << record.sentBytes() << ", " "received: " << setw(10) << record.receivedBytes(); } natlog-3.01.00/ipbase/vdst.cc000066400000000000000000000003361474316276200157070ustar00rootroot00000000000000#include "ipbase.ih" void IPbase::vDst(Record const &record) const { d_stdMsg << " " "to " << record.destIPstr() << ',' << showLeft(record.destPort(), ';'); } natlog-3.01.00/ipbase/via.cc000066400000000000000000000001321474316276200155000ustar00rootroot00000000000000#include "ipbase.ih" void IPbase::via(Record const &record) const { vVia(record); } natlog-3.01.00/ipbase/viadata.cc000066400000000000000000000004001474316276200163300ustar00rootroot00000000000000#include "ipbase.ih" void IPbase::viaData(Record const &record) const { d_logDataStream << setw(11) << ntohl(record.viaIP()) << ',' << setw(16) << record.viaIPstr() << ',' << setw(8) << record.viaPort() << ','; } natlog-3.01.00/ipbase/vvia.cc000066400000000000000000000003011474316276200156640ustar00rootroot00000000000000#include "ipbase.ih" void IPbase::vVia(Record const &record) const { d_stdMsg << " (via: " << record.viaIPstr() << ',' << showLeft(record.viaPort(), ')'); } natlog-3.01.00/iptypes/000077500000000000000000000000001474316276200146505ustar00rootroot00000000000000natlog-3.01.00/iptypes/iptypes.h000066400000000000000000000112501474316276200165150ustar00rootroot00000000000000#ifndef INCLUDED_IPSTRUCTS_ #define INCLUDED_IPSTRUCTS_ #include // struct ifaddrs { // struct ifaddrs *ifa_next; /* Next item in list */ // char *ifa_name; /* Name of interface */ // unsigned int ifa_flags; /* Flags from SIOCGIFFLAGS */ // struct sockaddr *ifa_addr; /* Address of interface */ // struct sockaddr *ifa_netmask; /* Netmask of interface */ // union { // struct sockaddr *ifu_broadaddr; // /* Broadcast address of interface */ // struct sockaddr *ifu_dstaddr; // /* Point-to-point destination address */ // }; // #define ifa_broadaddr ifa_ifu.ifu_broadaddr // #define ifa_dstaddr ifa_ifu.ifu_dstaddr // void *ifa_data; /* Address-specific data */ // }; // // struct sockaddr { // unsigned short sa_family; // address family, AF_xxx // char sa_data[14]; // 14 bytes of protocol address // }; // // // // IPv4 AF_INET sockets: // // struct sockaddr_in { // short sin_family; // e.g. AF_INET, AF_INET6 // unsigned short sin_port; // e.g. htons(3490) // struct in_addr sin_addr; // see struct in_addr, below // char sin_zero[8]; // zero this if you want to // }; // // typedef uint32_t in_addr_t; // // struct in_addr { // uint32_t s_addr; // load with inet_aton() // }; struct IP_Types { enum Protocol // update record/protocolstr.cc when modified { ICMP = 1, TCP = 6, UDP = 17 }; enum TCP_Flags { FIN = 0x01, SYN = 0x02, RST = 0x04, PUSH = 0x08, ACK = 0x10, URG = 0x20, ECE = 0x40, CWR = 0x80, TCP_Flags_MASK = (CWR << 1) - 1 }; enum class IP_Fragment { RESERVED = 0x8000, DONT_FRAGMENT = 0x4000, MORE_FRAGMENTS = 0x2000, MASK = 0x1fff }; struct Ethernet_Header // http://en.wikipedia.org/wiki/EtherType { u_char destMac[6]; // Destination host MAC address u_char srcMac[6]; // Source host MAC address u_short ether_type; // IP? ARP? RARP? etc }; struct IP_Header { u_char hdrLength:4, // in 4-byte words version:4; u_char tos; // type of service u_short length; // total length u_short identification; u_short fragmentOffset; u_char timeToLive; u_char protocol; u_short checkSum; struct in_addr sourceAddr; struct in_addr destAddr; }; struct TCP_Header { u_short sourcePort; u_short destPort; uint32_t sequenceNr; uint32_t ackNumber; u_char dataOffset; // data offset, // (((th)->th_offx2 & 0xf0) >> 4) u_char flags; u_short window; u_short checkSum; u_short urgentPtr; }; struct UDP_Header // udp header length: 8 bytes { u_short sourcePort; u_short destPort; u_short length; u_short checkSum; }; struct ICMP_Header { u_char type; u_char code; u_short chksum; u_short ident; u_short seqnum; }; // icmp header length: 8 bytes enum Offsets // offsets to the various headers { // the Ethernet header starts at `d_packet' ETHER_OFFSET = 0, IP_OFFSET = ETHER_OFFSET + sizeof(Ethernet_Header), TCP_OFFSET = IP_OFFSET + sizeof(IP_Header), UDP_OFFSET = TCP_OFFSET, ICMP_OFFSET = TCP_OFFSET, }; enum SizeofTCPheader { SIZEOF_ETHERNET_HEADER = IP_OFFSET, }; template static Type const &get(u_char const *packet); }; //static template <> inline IP_Types::IP_Header const &IP_Types::get(u_char const *packet) { return *reinterpret_cast(packet + IP_OFFSET); } //static template <> inline IP_Types::TCP_Header const &IP_Types::get(u_char const *packet) { return *reinterpret_cast(packet + TCP_OFFSET); } //static template <> inline IP_Types::UDP_Header const &IP_Types::get(u_char const *packet) { return *reinterpret_cast(packet + UDP_OFFSET); } //static template <> inline IP_Types::ICMP_Header const &IP_Types::get(u_char const *packet) { return *reinterpret_cast(packet + ICMP_OFFSET); } #endif natlog-3.01.00/logdemo/000077500000000000000000000000001474316276200146015ustar00rootroot00000000000000natlog-3.01.00/logdemo/demo.cc000066400000000000000000000114201474316276200160320ustar00rootroot00000000000000#include #include #include using namespace std; uint32_t hostlong = (192 << 24) + (168 << 16) + (17 << 8) + 6; string ipstr = "192.168.017.006"; string timestr = "Jun 3 00:00:00:000000"; string portstr = "12345"; size_t seconds = 1654252885; // input: arg1 d: dst data, v: via data, dv: beide int main(int argc, char **argv) { if (argc == 1) return 0; string arg1 = argv[1]; bool dst = arg1.find('d') != string::npos; bool via = arg1.find('v') != string::npos; // TCP/UDP output IPbase::logconnection cout << "from " << timestr << " thru " << timestr << " (UTC)" << ": " << " udp" << ' ' << ipstr << ',' << left << setw(5) << portstr << ""; // 5 - portlength; if (via) //(this->*d_via)(record); cout << " (via: " << ipstr << ',' << setw(5) << portstr << ')'; if (dst) //(this->*d_dst)(record); cout << " " "to " << ipstr << ',' << portstr << ';' << ""; // 5 - portlength cout << right; //(this->*d_byteCounts)(record); cout << " " "sent: " << setw(10) << 0 << ", " "received: " << setw(10) << 0; cout << endl; // logtypetext (default: empty) // logCSV // ICMP output: cout << "from " << timestr << " thru " << timestr << " (UTC)" << ": " << "icmp" << ' ' << ipstr << " "; // (this->*d_via)(record); if (via) //(this->*d_via)(record); cout << " (via: " << ipstr << ") " << " "; // 5 - portlength if (dst) cout << " " "to " << ipstr << "; " << " "; // 5 - portlength //(this->*d_byteCounts)(record); cout << " " "sent: " << setw(10) << 0 << ", " "received: " << setw(10) << 0; cout << endl; // logtype // logCSV // ConnectionsConsumer::header(ostream &log) cout << "\n" "====================================================\n" "type," << setw(11) << "srcNr" << ',' << setw(16) << "srcIP" << ',' << setw(8) << "srcPort" << ','; if (dst) cout << setw(11) << "dstNr" << ',' << setw(16) << "dstIP" << ',' << setw(8) << "dstPort" << ','; if (via) cout << setw(11) << "viaNr" << ',' << setw(16) << "viaIP" << ',' << setw(8) << "viaPort" << ','; cout << setw(11) << "sent" << ',' << setw(11) << "recvd" << ',' << setw(11) << "begin" << ',' << setw(11) << "end" << ", " << setw(22) << "beginTime" << ", " << setw(22) << "endTime" << ", status" << endl; // 1234567890 // logCSV calls IPbase::d_logData calls IPBase::logData cout << "icmp" << ',' << setw(11) << hostlong<< ',' << setw(16) << ipstr << ',' << setw(8) << 0 << ','; if (dst) { cout << setw(11) << hostlong<< ',' << setw(16) << ipstr << ',' << setw(8) << 0 << ','; } if (via) { cout << setw(11) << hostlong << ',' << setw(16) << ipstr << ',' << setw(8) << 0 << ','; } cout << setw(11) << 0 << ',' << setw(11) << 0 << ',' << setw(11) << seconds << ',' << setw(11) << seconds << ", " << timestr << ", " << timestr << ", " << setw(10) << "" << endl; cout << " udp" << ',' << setw(11) << hostlong<< ',' << setw(16) << ipstr << ',' << setw(8) << portstr << ','; if (dst) { cout << setw(11) << hostlong<< ',' << setw(16) << ipstr << ',' << setw(8) << portstr << ','; } if (via) { cout << setw(11) << hostlong << ',' << setw(16) << ipstr << ',' << setw(8) << portstr << ','; } cout << setw(11) << 0 << ',' << setw(11) << 0 << ',' << setw(11) << seconds << ',' << setw(11) << seconds << ", " << timestr << ", " << timestr << ", " << setw(10) << "" << endl; } natlog-3.01.00/main.cc000066400000000000000000000043111474316276200144050ustar00rootroot00000000000000#include "main.ih" namespace // the anonymous namespace can be used here { Arg::LongOption longOptions[] = { Arg::LongOption("config", 'c'), Arg::LongOption("conntrack-command", Arg::Required), Arg::LongOption("conntrack-device", Arg::Required), Arg::LongOption("conntrack-ip-header-size", Arg::Required), Arg::LongOption("conntrack-restart", Arg::Required), Arg::LongOption("debug", Arg::NoArg), Arg::LongOption("help", 'h'), Arg::LongOption("log", Arg::Required), Arg::LongOption("log-data", Arg::Required), Arg::LongOption("log-rotate", Arg::Required), Arg::LongOption("no-bytes", Arg::NoArg), Arg::LongOption("no-daemon", Arg::NoArg), Arg::LongOption("no-dst", Arg::NoArg), Arg::LongOption("no-via", Arg::NoArg), Arg::LongOption("pid-file", 'p'), Arg::LongOption("protocol", 'P'), Arg::LongOption("rotate", Arg::NoArg), Arg::LongOption("rotate-data", Arg::NoArg), Arg::LongOption("stdout", 's'), Arg::LongOption("syslog-facility", Arg::Required), Arg::LongOption("syslog-priority", Arg::Required), Arg::LongOption("syslog-tag", Arg::Required), Arg::LongOption("terminate", Arg::NoArg), Arg::LongOption("time", 't'), Arg::LongOption("ttl", 'T'), Arg::LongOption("verbose", 'V'), Arg::LongOption("version", 'v'), // Arg::LongOption("warn", 'w'), }; auto longEnd = longOptions + size(longOptions); } int main(int argc, char **argv) try { auto argVector = systemdFix(argc, argv); if (argVector.size()) { argc = argVector.size(); argv = const_cast(String::argv(argVector)); } ArgConfig &arg = ArgConfig::initialize("c:hp:P:st:T:vV", longOptions, longEnd, argc, argv); arg.versionHelp(usage, Icmbuild::version, 1); if (Options::instance().forwardOption()) return 0; arg.versionHelp(usage, Icmbuild::version, 1); NatFork natfork; natfork.run(); } catch (exception const &err) { cout << err.what() << endl; return 1; } catch (int x) { return ArgConfig::instance().option("hv") ? 0 : x; } natlog-3.01.00/main.ih000066400000000000000000000005271474316276200144250ustar00rootroot00000000000000#include #include #include #include #include #include "version/version.h" #include "natfork/natfork.h" #include "options/options.h" void usage(std::string const &progname); std::vector systemdFix(int argc, char **argv); using namespace std; using namespace FBB; natlog-3.01.00/natfork/000077500000000000000000000000001474316276200146175ustar00rootroot00000000000000natlog-3.01.00/natfork/README.logging000066400000000000000000000034241474316276200171270ustar00rootroot00000000000000NatFork's child process starts a producer (e.g., ConntrackProducer) and a consumer (ConnectionsConsumer). The producer writes information to a Storage, and the consumer reads information from the Storage. The Storage contains a queue and is created by NatFork::childProcess. The Storage object is passed as reference to the ConnectionsConsumer and to the producer. Messages are received by the ConnectionsConsumer. The ConnectionConsumer::run member receives records from the storage, and passes them on to the record's protocol handling object (ICMP, UDP, or TCP). These objects' constructors receive a reference to the 'ostream stdMsg' and to 'RotatingStream d_logDataStream'. These protocol handling objects implement a member 'process', receiving a unique_ptr to the received record. The record may indicate incoming (IN, inDev) information, outgoing (OUT, outDev) information, a new (NEW, insert) connection, or an ending (DESTROY, destroy) connection. The function inDev..destroy are virtual members overridden by the protocol-specific members. The TCP, UDP and ICMP objects handling the connections are derived from IPbase. IPbase handles the logging. IPbase::logConnection inserts the logged information into d_stdMsg, and (optionally) CSV-data into d_logDataStream, received by its constructor. d_logDataStream is a RotatingStream, which can be rotated according to the 'log-rotate' option specification. d_stdMsg is initialized by NatFork::setupStdMsg. If option 'log-file' was specified then the specified file is rotated if 'log-rotate' is also specified. E.g., when calling natlog with options '--log=/tmp/nat.log --log-rotate=5m5' then after 25 minutes the following log files are available /tmp/nat.log, /tmp/nat.log.1, /tmp/nat.log.2, /tmp/nat.log.3, /tmp/nat.log.4, /tmp/nat.log.5. natlog-3.01.00/natfork/checksyslogparam.cc000066400000000000000000000004731474316276200204710ustar00rootroot00000000000000#include "natfork.ih" void NatFork::checkSyslogParam(char const *label, string const &actual, string const &err) { if (err.length()) d_stdMsg << "[Warning] using syslog " << label << '`' << actual << "', ignoring unsupported " << label << '`' << endl; } natlog-3.01.00/natfork/childprocess.cc000066400000000000000000000031231474316276200176070ustar00rootroot00000000000000#include "natfork.ih" //f: NatFork::childProcess() //c: DevicesProducer::DevicesProducer(std::ostream&, Storage&) //c: TcpdumpProducer::TcpdumpProducer(std::ostream&, Storage&) //c: ConntrackProducer::ConntrackProducer(std::ostream&, Storage&) void NatFork::childProcess() { ShowSeconds::setFormat(); Storage storage; // Constructing of the producers may fail. At that point messages can // still be written to cout since we're busy starting the daemon. // Once the producers have been constructed, messages to cout are // suppressed by prepareDaemon below unique_ptr producer { (*s_producer[d_mode]) (d_stdMsg, storage) }; ConnectionsConsumer connections{ d_stdMsg, storage }; d_stdMsg << "processing: " << d_options.protocolNames() << endl; if (d_options.daemon()) { prepareDaemon(); // signals sent by Options::rotate[Data] // handled by NatFork::signalHandler Signal::instance().add(SIGHUP, *this); // for --rotate Signal::instance().add(SIGALRM, *this); // for --rotate-data } RotatingStreambuf::startThread(); thread producerThread{ Producer::process, producer.get(), ref(storage) }; connections.run(); producerThread.join(); d_stdMsg << "NatFork::childProcess notifying RotatingStreambuf" << endl; RotatingStreambuf::notify(); // ends the log-rotating threads. d_stdMsg << "NatFork::childProcess ends" << endl; } natlog-3.01.00/natfork/cleanuppidfile.cc000066400000000000000000000003701474316276200201120ustar00rootroot00000000000000#include "natfork.ih" void NatFork::cleanupPidFile() const { ifstream pidFile(d_options.pidFile()); pid_t pid; if (pidFile >> pid && pid == getpid()) { pidFile.close(); unlink(d_options.pidFile().c_str()); } } natlog-3.01.00/natfork/conntrackmode.cc000066400000000000000000000007311474316276200177560ustar00rootroot00000000000000#include "natfork.ih" void NatFork::conntrackMode() // check the availability of the { // conntrack device string conntrack = d_options.conntrackCommand(); size_t pos = conntrack.find_first_of(" \t"); if (pos != string::npos) conntrack.resize(pos); if (access(conntrack.c_str(), R_OK | X_OK) != 0) { d_stdMsg << "[Fatal] can't execute " << conntrack << endl; throw 1; } } natlog-3.01.00/natfork/data.cc000066400000000000000000000004251474316276200160400ustar00rootroot00000000000000#include "natfork.ih" Producer *(*NatFork::s_producer[]) (ostream &stdMsg, Storage &storage) = { Producer::alloc, // must match the Options::Mode Producer::alloc, // enum entries Producer::alloc }; natlog-3.01.00/natfork/destructor.cc000066400000000000000000000001051474316276200173200ustar00rootroot00000000000000#include "natfork.ih" NatFork::~NatFork() { cleanupPidFile(); } natlog-3.01.00/natfork/frame000066400000000000000000000000451474316276200156330ustar00rootroot00000000000000#include "natfork.ih" NatFork:: { } natlog-3.01.00/natfork/icmconf000077700000000000000000000000001474316276200204742../icmconf.libustar00rootroot00000000000000natlog-3.01.00/natfork/natfork.h000066400000000000000000000027071474316276200164420ustar00rootroot00000000000000#ifndef INCLUDED_NATFORK_ #define INCLUDED_NATFORK_ #include #include #include #include #include "../options/options.h" #include "../rotatingstream/rotatingstream.h" namespace FBB { class SyslogStream; } class Producer; class Storage; class NatFork: public FBB::Fork, public FBB::SignalHandler { Options &d_options; std::unique_ptr d_syslog; RotatingStream d_log; FBB::MultiBuf d_multiStreambuf; std::ostream d_stdMsg; Options::Mode d_mode; static Producer *(*s_producer[]) (std::ostream &stdMsg, Storage &storage); public: NatFork(); // configure and initialize data ~NatFork() override; void run(); // dameonize when running in the // background, otherwise call // 'childProcess' private: void specifications(); void setupStdMsg(); void checkSyslogParam(char const *label, std::string const &actual, std::string const &err); void setupDaemonMsg(); void setupNonDaemonMsg(); void handleChildStatus(); void conntrackMode(); void parentProcess() override; void childProcess() override; void cleanupPidFile() const; void signalHandler(size_t signum) override; }; #endif natlog-3.01.00/natfork/natfork.ih000066400000000000000000000010331474316276200166020ustar00rootroot00000000000000#include "natfork.h" #include #include #include #include #include #include #include #include #include "../showseconds/showseconds.h" #include "../storage/storage.h" #include "../devicesproducer/devicesproducer.h" #include "../conntrackproducer/conntrackproducer.h" #include "../tcpdumpproducer/tcpdumpproducer.h" #include "../connectionsconsumer/connectionsconsumer.h" using namespace std; using namespace FBB; natlog-3.01.00/natfork/natfork1.cc000066400000000000000000000011331474316276200166510ustar00rootroot00000000000000#include "natfork.ih" NatFork::NatFork() : d_options(Options::instance()), d_stdMsg(&d_multiStreambuf), d_mode(d_options.mode()) { setupStdMsg(); if (d_options.debug()) g_debug.rdbuf(d_stdMsg.rdbuf()); if (not d_options.daemon()) setupNonDaemonMsg(); else { if (not (d_options.mode() == Options::TCPDUMP)) setupDaemonMsg(); else { d_options.foreground(); setupNonDaemonMsg(); d_stdMsg << "mode TCPDUMP: ignoring daemon mode" << endl; } } specifications(); } natlog-3.01.00/natfork/parentprocess.cc000066400000000000000000000004251474316276200200170ustar00rootroot00000000000000#include "natfork.ih" // only called by NarFork::fork, starting a daemon by ending // the main program. void NatFork::parentProcess() { // write the daemon's pid-file: ofstream pidFile(Options::instance().pidFile()); pidFile << pid() << endl; } natlog-3.01.00/natfork/run.cc000066400000000000000000000006251474316276200157350ustar00rootroot00000000000000#include "natfork.ih" //f: NatFork::run() //c: NatFork::childProcess() //c: NatFork::parentProcess() void NatFork::run() { switch (d_mode) { case Options::CONNTRACK: conntrackMode(); break; case Options::DEVICE: case Options::TCPDUMP: break; } if (d_options.daemon()) fork(); else childProcess(); } natlog-3.01.00/natfork/setupdaemonmsg.cc000066400000000000000000000004561474316276200201660ustar00rootroot00000000000000#include "natfork.ih" void NatFork::setupDaemonMsg() { if (d_options.log().empty()) { imsg.off(); return; } // verbose msg via multiStreambuf if (d_options.verbose()) imsg.reset(&d_multiStreambuf); else imsg.off(); } natlog-3.01.00/natfork/setupnondaemonmsg.cc000066400000000000000000000002551474316276200206760ustar00rootroot00000000000000#include "natfork.ih" void NatFork::setupNonDaemonMsg() { if (not d_options.verbose()) imsg.off(); // if (not d_options.warnings()) // wmsg.off(); } natlog-3.01.00/natfork/setupstdmsg.cc000066400000000000000000000021531474316276200175110ustar00rootroot00000000000000#include "natfork.ih" void NatFork::setupStdMsg() { if (d_options.stdout()) // if --stdout, then messages also go d_multiStreambuf.insert(cout); // to stdout if (d_options.log().empty()) // no messages return; if (d_options.log() == "syslog") // using syslog, and return { d_syslog.reset( new SyslogStream( d_options.syslogTag().c_str(), d_options.syslogPriority(), d_options.syslogFacility() ) ); d_multiStreambuf.insert(*d_syslog); checkSyslogParam("facility", d_options.facility(), d_options.syslogFacilityError()); checkSyslogParam("priority", d_options.priority(), d_options.syslogPriorityError()); return; } // a log-file path was specified: // create the rotating stream d_log.open(d_options.log(), true); // forwards --log to RotatingStreambuf d_multiStreambuf.insert(d_log); } natlog-3.01.00/natfork/signalhandler.cc000066400000000000000000000005431474316276200177430ustar00rootroot00000000000000#include "natfork.ih" // only one signal is received. No need to check the signal void NatFork::signalHandler(size_t signum) { if (signum == SIGHUP) RotatingStreambuf::logRotate(); else // signal may also be SIGALRM, RotatingStreambuf::dataRotate(); // only 2 signals: no check needed } natlog-3.01.00/natfork/specifications.cc000066400000000000000000000112351474316276200201330ustar00rootroot00000000000000#include "natfork.ih" #include void NatFork::specifications() { if (d_options.verbose() >= 2) { d_stdMsg << left; switch (d_mode) { case Options::CONNTRACK: d_stdMsg << "CONNTRACK mode" << endl; d_stdMsg << setw(25) << setw(25) << "command: `" << d_options.conntrackCommand() << '\'' << endl; d_stdMsg << setw(25) << "conntrack device: " << d_options.conntrackDevice() << endl; if (d_options.IPheaderSize() != 0) d_stdMsg << setw(25) << "conntrack IP header size correction: " << d_options.IPheaderSize() << " bytes" << endl; else d_stdMsg << setw(25) << "no conntrack IP header size correction" << endl; d_stdMsg << setw(25) << "max # conntrack restarts: " << d_options.conntrackRestart() << endl; break; case Options::DEVICE: d_stdMsg << "DEVICE mode" << endl; d_stdMsg << setw(25) << "devices: " << d_options[0] << ' ' << d_options[1] << endl; break; case Options::TCPDUMP: d_stdMsg << "TCPDUMP mode" << endl; d_stdMsg << setw(25) << "specifications: " << d_options[0] << ' ' << d_options[1] << ' ' << d_options[2] << ' ' << d_options[3] << ' ' << d_options[4] << ' ' << d_options[5] << endl; break; } d_stdMsg << setw(25) << boolalpha; d_stdMsg << setw(25) << "config file: " << d_options.configPath() << endl; if (string const &logData = d_options.logData(); not logData.empty()) d_stdMsg << setw(25) << "log data: " << logData << endl; if (d_options.rotateFreq() != 0 and d_options.nRotations() != 0) { d_stdMsg << setw(25) << "rotating log files: " << "every"; if (d_options.rotateFreq() != 1) d_stdMsg << ' ' << d_options.rotateFreq(); d_stdMsg << d_options.rotateTimeSpec() << endl; d_stdMsg << setw(25) << "number of rotated files: " << d_options.nRotations() << endl; } d_stdMsg << setw(25) << "daemon: " << d_options.daemon() << endl; if (d_options.daemon()) d_stdMsg << setw(25) << "PID file: " << d_options.pidFile() << endl; d_stdMsg << setw(25) << "protocol(s): " << d_options.protocolNames() << endl; if (not d_options.log().empty()) { d_stdMsg << setw(25) << "using log: " << d_options.log() << endl; if (d_options.log() == "syslog") { d_stdMsg << setw(25) << " facility: " << d_options.facility() << endl; d_stdMsg << setw(25) << " priority: " << d_options.priority() << endl; d_stdMsg << setw(25) << " tag: " << d_options.syslogTag() << endl; } } d_stdMsg << setw(25) << "using stdout: " << d_options.stdout() << endl; d_stdMsg << setw(25) << "time type: " << d_options.timeTxt() << endl; if (d_mode != Options::CONNTRACK) { d_stdMsg << setw(25) << "ttl (udp, icmp): " << d_options.ttl() << " seconds" << endl; d_stdMsg << setw(25) << "ttl (tcp): " << d_options.ttlTCP() << " seconds" << endl; } d_stdMsg << setw(25) << "verbosity: " << d_options.verbose() << endl; d_stdMsg << setw(25) << noboolalpha; } if (d_options.timeSpecError().length() != 0) d_stdMsg << setw(25) << "Time specifcation `" << d_options.timeSpecError() << "' not supported. Using `" << d_options.timeTxt() << "' instead" << endl; else if (d_options.verbose() < 2) imsg << "Using time type `" << d_options.timeTxt() << '\'' << endl; if (d_options.verbose() == 2) throw 0; } natlog-3.01.00/natlog.xref000066400000000000000000002370241474316276200153350ustar00rootroot00000000000000oxref by Frank B. Brokken (f.b.brokken@rug.nl) oxref V2.00.03 2012-2022 CREATED Mon, 12 Sep 2022 06:39:51 +0000 CROSS REFERENCE FOR: -r replacements -t main -fxs tmp/libmodules.a tmp/main.o ---------------------------------------------------------------------- CROSS REFERENCE LISTING: activateByteCounts() const Full name: ConntrackProducer::activateByteCounts() const Source: activatebytecounts.cc Used By: conntrackproducer1.cc: ConntrackProducer::ConntrackProducer(std::ostream&, Storage&) addReceivedBytes(Record const&) Full name: Record::addReceivedBytes(Record const&) Source: addreceivedbytes.cc Used By: received.cc: UDP::received(std::unique_ptr&) received.cc: ICMP::received(std::unique_ptr&) destroy.cc: IPbase::destroy(Record const&) received.cc: TCP::received(std::unique_ptr&) addSentBytes(Record const&) Full name: Record::addSentBytes(Record const&) Source: addsentbytes.cc Used By: sent.cc: UDP::sent(std::unique_ptr&) sent.cc: ICMP::sent(std::unique_ptr&) destroy.cc: IPbase::destroy(Record const&) sent.cc: TCP::sent(std::unique_ptr&) aton(std::string const&) Full name: Record::aton(std::string const&) Source: aton.cc Used By: initicmp.cc: ConntrackRecord::initICMP(FBB::Pattern const&) inittcpudp.cc: ConntrackRecord::initTCP_UDP(FBB::Pattern const&) author Full name: Icmbuild::author Source: version.cc Used By: usage.cc: usage(std::string const&) before(TcpdumpProducer::Data const&) Full name: TcpdumpProducer::Data::before(TcpdumpProducer::Data const&) Source: before.cc Used By: process.cc: TcpdumpProducer::process() byteCounts(Record const&) const Full name: IPbase::byteCounts(Record const&) const Source: bytecounts.cc Used By: ipbase1.cc: IPbase::IPbase(std::ostream&, std::ostream&) byteCountsData(Record const&) const Full name: IPbase::byteCountsData(Record const&) const Source: bytecountsdata.cc Used By: ipbase1.cc: IPbase::IPbase(std::ostream&, std::ostream&) callback(PcapFilter*, pcap_pkthdr const*, unsigned char const*) Full name: PcapFilter::callback(PcapFilter*, pcap_pkthdr const*, unsigned char const*) Source: callback.cc Used By: operatorfun.cc: PcapFilter::operator()() checkSyslogParam(char const*, std::string const&, std::string const&) Full name: NatFork::checkSyslogParam(char const*, std::string const&, std::string const&) Source: checksyslogparam.cc Used By: setupstdmsg.cc: NatFork::setupStdMsg() childProcess() Full name: NatFork::childProcess() Source: childprocess.cc Used By: destructor.cc: NatFork::~NatFork() childProcess() Full name: ConntrackProducer::childProcess() Source: childprocess.cc Used By: destructor.cc: ConntrackProducer::~ConntrackProducer() childRedirections() Full name: ConntrackProducer::childRedirections() Source: childredirections.cc Used By: destructor.cc: ConntrackProducer::~ConntrackProducer() cleanup(long) Full name: IPbase::cleanup(long) Source: cleanup.cc Used By: cleanupicmpudp.cc: ConnectionsConsumer::cleanupICMP_UDP(long) cleanupwrap.cc: ConnectionsConsumer::cleanupWrap(ConnectionsConsumer*) run.cc: ConnectionsConsumer::run() cleanupHook() Full name: IPbase::cleanupHook() Source: cleanuphook.cc Used By: destructor.cc: ICMP::~ICMP() destructor.cc: IPbase::~IPbase() cleanupHook() Full name: TCP::cleanupHook() Source: cleanuphook.cc Used By: destructor.cc: TCP::~TCP() cleanupHook() Full name: UDP::cleanupHook() Source: cleanuphook.cc Used By: destructor.cc: UDP::~UDP() cleanupICMP_UDP(long) Full name: ConnectionsConsumer::cleanupICMP_UDP(long) Source: cleanupicmpudp.cc Used By: cleanupwrap.cc: ConnectionsConsumer::cleanupWrap(ConnectionsConsumer*) run.cc: ConnectionsConsumer::run() cleanupPidFile() const Full name: NatFork::cleanupPidFile() const Source: cleanuppidfile.cc Used By: destructor.cc: NatFork::~NatFork() cleanupWrap(ConnectionsConsumer*) Full name: ConnectionsConsumer::cleanupWrap(ConnectionsConsumer*) Source: cleanupwrap.cc Used By: run.cc: ConnectionsConsumer::run() computeShift(char const*) Full name: Pcap::computeShift(char const*) Source: computeshift.cc Used By: pcap1.cc: Pcap::Pcap(char const*, bool, unsigned long, unsigned long) ConnectionsConsumer(std::ostream&, Storage&) Full name: ConnectionsConsumer::ConnectionsConsumer(std::ostream&, Storage&) Source: connectionsconsumer1.cc Used By: childprocess.cc: NatFork::childProcess() conntrackMode() Full name: NatFork::conntrackMode() Source: conntrackmode.cc Used By: run.cc: NatFork::run() ConntrackProducer(std::ostream&, Storage&) Full name: ConntrackProducer::ConntrackProducer(std::ostream&, Storage&) Source: conntrackproducer1.cc Used By: data.cc: GLOBALS data.cc 23data.o ConntrackRecord(IP_Types::Protocol, FBB::Pattern const&) Full name: ConntrackRecord::ConntrackRecord(IP_Types::Protocol, FBB::Pattern const&) Source: conntrackrecord1.cc Used By: icmp.cc: ConntrackProducer::icmp(std::string const&) tcpudp.cc: ConntrackProducer::tcpUdp(std::string const&) destroy(Record const&) Full name: IPbase::destroy(Record const&) Source: destroy.cc Used By: process.cc: IPbase::process(std::unique_ptr) DevicesProducer(std::ostream&, Storage&) Full name: DevicesProducer::DevicesProducer(std::ostream&, Storage&) Source: devicesproducer1.cc Used By: data.cc: GLOBALS data.cc 23data.o dst(Record const&) const Full name: IPbase::dst(Record const&) const Source: dst.cc Used By: ipbase1.cc: IPbase::IPbase(std::ostream&, std::ostream&) dstData(Record const&) const Full name: IPbase::dstData(Record const&) const Source: dstdata.cc Used By: ipbase1.cc: IPbase::IPbase(std::ostream&, std::ostream&) erase(RecordMap::iterator const&) Full name: IPbase::erase(RecordMap::iterator const&) Source: erase.cc Used By: cleanup.cc: IPbase::cleanup(long) destroy.cc: IPbase::destroy(Record const&) fin.cc: TCP::fin(std::unique_ptr&) fetch() Full name: Storage::fetch() Source: fetch.cc Used By: run.cc: ConnectionsConsumer::run() filterProtocols() Full name: Pcap::filterProtocols() Source: filterprotocols.cc Used By: pcap1.cc: Pcap::Pcap(char const*, bool, unsigned long, unsigned long) fin(std::unique_ptr&) Full name: TCP::fin(std::unique_ptr&) Source: fin.cc Used By: data.cc: GLOBALS data.cc 9data.o forwardOption() const Full name: Options::forwardOption() const Source: forwardoption.cc Used By: main.cc: main g_debug Full name: g_debug Source: data.cc Used By: natfork1.cc: NatFork::NatFork() maybesizelog.cc: IPbase::maybeSizeLog(unsigned long*, unsigned long, char const*) g_nic Full name: g_nic Source: data.cc Used By: outdev.cc: UDP::outDev(std::unique_ptr&) received.cc: UDP::received(std::unique_ptr&) sent.cc: UDP::sent(std::unique_ptr&) outdev.cc: ICMP::outDev(std::unique_ptr&) received.cc: ICMP::received(std::unique_ptr&) sent.cc: ICMP::sent(std::unique_ptr&) devicesproducer1.cc: DevicesProducer::DevicesProducer(std::ostream&, Storage&) tcpdumpproducer1.cc: TcpdumpProducer::TcpdumpProducer(std::ostream&, Storage&) indev.cc: IPbase::inDev(std::unique_ptr&) syn.cc: TCP::syn(std::unique_ptr&) get(TcpdumpProducer::Data&) Full name: TcpdumpProducer::get(TcpdumpProducer::Data&) Source: get.cc Used By: run.cc: TcpdumpProducer::run() store.cc: TcpdumpProducer::store(Record::Type, TcpdumpProducer::Data&) hasProtocol(std::string const&) const Full name: Options::hasProtocol(std::string const&) const Source: hasprotocol.cc Used By: tcpudp.cc: ConntrackProducer::tcpUdp(std::string const&) header(std::ostream&) Full name: ConnectionsConsumer::header(std::ostream&) Source: header.cc Used By: connectionsconsumer1.cc: ConnectionsConsumer::ConnectionsConsumer(std::ostream&, Storage&) ICMP(std::ostream&, std::ostream&) Full name: ICMP::ICMP(std::ostream&, std::ostream&) Source: icmp1.cc Used By: connectionsconsumer1.cc: ConnectionsConsumer::ConnectionsConsumer(std::ostream&, Storage&) icmp(std::string const&) Full name: ConntrackProducer::icmp(std::string const&) Source: icmp.cc Used By: conntrackproducer1.cc: ConntrackProducer::ConntrackProducer(std::ostream&, Storage&) ignore(Record const&) const Full name: IPbase::ignore(Record const&) const Source: ignore.cc Used By: ipbase1.cc: IPbase::IPbase(std::ostream&, std::ostream&) ignore(std::unique_ptr&) Full name: TCP::ignore(std::unique_ptr&) Source: ignore.cc Used By: data.cc: GLOBALS data.cc 9data.o inDev(std::unique_ptr&) Full name: IPbase::inDev(std::unique_ptr&) Source: indev.cc Used By: destructor.cc: UDP::~UDP() destructor.cc: ICMP::~ICMP() destructor.cc: IPbase::~IPbase() inDev(std::unique_ptr&) Full name: TCP::inDev(std::unique_ptr&) Source: indev.cc Used By: destructor.cc: TCP::~TCP() initICMP(FBB::Pattern const&) Full name: ConntrackRecord::initICMP(FBB::Pattern const&) Source: initicmp.cc Used By: conntrackrecord1.cc: ConntrackRecord::ConntrackRecord(IP_Types::Protocol, FBB::Pattern const&) initTCP_UDP(FBB::Pattern const&) Full name: ConntrackRecord::initTCP_UDP(FBB::Pattern const&) Source: inittcpudp.cc Used By: conntrackrecord1.cc: ConntrackRecord::ConntrackRecord(IP_Types::Protocol, FBB::Pattern const&) instance() Full name: Options::instance() Source: instance.cc Used By: filterprotocols.cc: Pcap::filterProtocols() pcapfilter1.cc: PcapFilter::PcapFilter(char const*, Record::Type, std::ostream&, Storage&, bool) devicesproducer1.cc: DevicesProducer::DevicesProducer(std::ostream&, Storage&) initicmp.cc: ConntrackRecord::initICMP(FBB::Pattern const&) inittcpudp.cc: ConntrackRecord::initTCP_UDP(FBB::Pattern const&) conntrackproducer1.cc: ConntrackProducer::ConntrackProducer(std::ostream&, Storage&) rotate3.cc: RotatingStreambuf::rotate(RotatingStreambuf::RotationInfo&) rotatethread.cc: RotatingStreambuf::rotateThread() tcpdumpproducer1.cc: TcpdumpProducer::TcpdumpProducer(std::ostream&, Storage&) cleanupwrap.cc: ConnectionsConsumer::cleanupWrap(ConnectionsConsumer*) connectionsconsumer1.cc: ConnectionsConsumer::ConnectionsConsumer(std::ostream&, Storage&) header.cc: ConnectionsConsumer::header(std::ostream&) run.cc: ConnectionsConsumer::run() natfork1.cc: NatFork::NatFork() parentprocess.cc: NatFork::parentProcess() setformat.cc: ShowSeconds::setFormat() ipbase1.cc: IPbase::IPbase(std::ostream&, std::ostream&) main.cc: main inType(Record const&) Full name: TCP::inType(Record const&) Source: intype.cc Used By: indev.cc: TCP::inDev(std::unique_ptr&) IPbase(std::ostream&, std::ostream&) Full name: IPbase::IPbase(std::ostream&, std::ostream&) Source: ipbase1.cc Used By: udp1.cc: UDP::UDP(std::ostream&, std::ostream&) icmp1.cc: ICMP::ICMP(std::ostream&, std::ostream&) tcp1.cc: TCP::TCP(std::ostream&, std::ostream&) keyMapCleanup(std::unordered_map&) Full name: IPbase::keyMapCleanup(std::unordered_map&) Source: keymapcleanup.cc Used By: cleanuphook.cc: UDP::cleanupHook() cleanuphook.cc: TCP::cleanupHook() kill() const Full name: Options::kill() const Source: kill.cc Used By: forwardoption.cc: Options::forwardOption() const lockedOverflow(int) Full name: RotatingStreambuf::lockedOverflow(int) Source: lockedoverflow.cc Used By: unlockedoverflow.cc: RotatingStreambuf::unlockedOverflow(int) log(Record const&) const Full name: IPbase::log(Record const&) const Source: log.cc Used By: cleanup.cc: IPbase::cleanup(long) destroy.cc: IPbase::destroy(Record const&) fin.cc: TCP::fin(std::unique_ptr&) logConnection(Record const&) const Full name: IPbase::logConnection(Record const&) const Source: logconnection.cc Used By: destructor.cc: UDP::~UDP() destructor.cc: IPbase::~IPbase() destructor.cc: TCP::~TCP() logConnection(Record const&) const Full name: ICMP::logConnection(Record const&) const Source: logconnection.cc Used By: destructor.cc: ICMP::~ICMP() logData(Record const&) const Full name: IPbase::logData(Record const&) const Source: logdata.cc Used By: ipbase1.cc: IPbase::IPbase(std::ostream&, std::ostream&) loop(void*, void (*)(unsigned char*, pcap_pkthdr const*, unsigned char const*)) Full name: Pcap::loop(void*, void (*)(unsigned char*, pcap_pkthdr const*, unsigned char const*)) Source: loop.cc Used By: operatorfun.cc: PcapFilter::operator()() mask(Record::Type, unsigned long) const Full name: NIC::mask(Record::Type, unsigned long) const Source: mask.cc Used By: received.cc: UDP::received(std::unique_ptr&) sent.cc: UDP::sent(std::unique_ptr&) received.cc: ICMP::received(std::unique_ptr&) sent.cc: ICMP::sent(std::unique_ptr&) indev.cc: IPbase::inDev(std::unique_ptr&) syn.cc: TCP::syn(std::unique_ptr&) maybeSizeLog(unsigned long*, unsigned long, char const*) Full name: IPbase::maybeSizeLog(unsigned long*, unsigned long, char const*) Source: maybesizelog.cc Used By: cleanuphook.cc: UDP::cleanupHook() cleanuphook.cc: TCP::cleanupHook() NatFork() Full name: NatFork::NatFork() Source: natfork1.cc Used By: main.cc: main notify() Full name: RotatingStreambuf::notify() Source: notify.cc Used By: childprocess.cc: NatFork::childProcess() notUsed(std::string const&) Full name: ConntrackProducer::notUsed(std::string const&) Source: notused.cc Used By: conntrackproducer1.cc: ConntrackProducer::ConntrackProducer(std::ostream&, Storage&) ntoa(unsigned int) Full name: Record::ntoa(unsigned int) Source: ntoa.cc Used By: logconnection.cc: ICMP::logConnection(Record const&) const vdst.cc: ICMP::vDst(Record const&) const vvia.cc: ICMP::vVia(Record const&) const insertinto.cc: Record::insertInto(std::ostream&) const dstdata.cc: IPbase::dstData(Record const&) const logconnection.cc: IPbase::logConnection(Record const&) const logdata.cc: IPbase::logData(Record const&) const vdst.cc: IPbase::vDst(Record const&) const viadata.cc: IPbase::viaData(Record const&) const vvia.cc: IPbase::vVia(Record const&) const open(std::string const&, bool) Full name: RotatingStreambuf::open(std::string const&, bool) Source: open.cc Used By: connectionsconsumer1.cc: ConnectionsConsumer::ConnectionsConsumer(std::ostream&, Storage&) setupstdmsg.cc: NatFork::setupStdMsg() openConfig() Full name: Options::openConfig() Source: openconfig.cc Used By: options1.cc: Options::Options() operator()() Full name: PcapFilter::operator()() Source: operatorfun.cc Used By: run.cc: GLOBALS run.cc 17run.o operator<<(std::ostream&, ShowSeconds const&) Full name: operator<<(std::ostream&, ShowSeconds const&) Source: operatorinsert.cc Used By: time.cc: ShowSeconds::now() time.cc: Record::time(unsigned long, unsigned long) Options() Full name: Options::Options() Source: options1.cc Used By: instance.cc: Options::instance() outDev(std::unique_ptr&) Full name: ICMP::outDev(std::unique_ptr&) Source: outdev.cc Used By: destructor.cc: ICMP::~ICMP() outDev(std::unique_ptr&) Full name: TCP::outDev(std::unique_ptr&) Source: outdev.cc Used By: destructor.cc: TCP::~TCP() outDev(std::unique_ptr&) Full name: UDP::outDev(std::unique_ptr&) Source: outdev.cc Used By: destructor.cc: UDP::~UDP() overflow(int) Full name: RotatingStreambuf::overflow(int) Source: overflow.cc Used By: destructor.cc: RotatingStreambuf::~RotatingStreambuf() connectionsconsumer1.cc: ConnectionsConsumer::ConnectionsConsumer(std::ostream&, Storage&) destructor.cc: ConnectionsConsumer::~ConnectionsConsumer() destructor.cc: NatFork::~NatFork() natfork1.cc: NatFork::NatFork() rotatingstream1.cc: RotatingStream::RotatingStream(void (*)(std::ostream&)) parentProcess() Full name: NatFork::parentProcess() Source: parentprocess.cc Used By: destructor.cc: NatFork::~NatFork() parentProcess() Full name: ConntrackProducer::parentProcess() Source: parentprocess.cc Used By: destructor.cc: ConntrackProducer::~ConntrackProducer() parentRedirections() Full name: ConntrackProducer::parentRedirections() Source: parentredirections.cc Used By: destructor.cc: ConntrackProducer::~ConntrackProducer() Pcap(char const*, bool, unsigned long, unsigned long) Full name: Pcap::Pcap(char const*, bool, unsigned long, unsigned long) Source: pcap1.cc Used By: pcapfilter1.cc: PcapFilter::PcapFilter(char const*, Record::Type, std::ostream&, Storage&, bool) PcapFilter(char const*, Record::Type, std::ostream&, Storage&, bool) Full name: PcapFilter::PcapFilter(char const*, Record::Type, std::ostream&, Storage&, bool) Source: pcapfilter1.cc Used By: run.cc: DevicesProducer::run() PcapRecord(Record::Type, pcap_pkthdr const&, unsigned char const*) Full name: PcapRecord::PcapRecord(Record::Type, pcap_pkthdr const&, unsigned char const*) Source: pcaprecord1.cc Used By: callback.cc: PcapFilter::callback(PcapFilter*, pcap_pkthdr const*, unsigned char const*) process() Full name: TcpdumpProducer::process() Source: process.cc Used By: run.cc: TcpdumpProducer::run() process(Producer*, Storage&) Full name: Producer::process(Producer*, Storage&) Source: process.cc Used By: childprocess.cc: NatFork::childProcess() process(std::string const&) Full name: ConntrackProducer::process(std::string const&) Source: process.cc Used By: parentprocess.cc: ConntrackProducer::parentProcess() process(std::unique_ptr) Full name: IPbase::process(std::unique_ptr) Source: process.cc Used By: run.cc: ConnectionsConsumer::run() ProducerSignals() Full name: ProducerSignals::ProducerSignals() Source: producersignals1.cc Used By: devicesproducer1.cc: DevicesProducer::DevicesProducer(std::ostream&, Storage&) conntrackproducer1.cc: ConntrackProducer::ConntrackProducer(std::ostream&, Storage&) protocolNames() const Full name: Options::protocolNames() const Source: protocolnames.cc Used By: filterprotocols.cc: Pcap::filterProtocols() childprocess.cc: NatFork::childProcess() specifications.cc: NatFork::specifications() protocolStr() const Full name: Record::protocolStr() const Source: protocolstr.cc Used By: logconnection.cc: IPbase::logConnection(Record const&) const logdata.cc: IPbase::logData(Record const&) const push(Record*) Full name: Storage::push(Record*) Source: push.cc Used By: callback.cc: PcapFilter::callback(PcapFilter*, pcap_pkthdr const*, unsigned char const*) icmp.cc: ConntrackProducer::icmp(std::string const&) tcpudp.cc: ConntrackProducer::tcpUdp(std::string const&) store.cc: TcpdumpProducer::store(Record::Type, TcpdumpProducer::Data&) rawTime(std::ostream&, unsigned long) Full name: ShowSeconds::rawTime(std::ostream&, unsigned long) Source: time.cc Used By: data.cc: GLOBALS data.cc 6data.o setformat.cc: ShowSeconds::setFormat() readPid() const Full name: Options::readPid() const Source: readpid.cc Used By: kill.cc: Options::kill() const rotate.cc: Options::rotate() const rotatedata.cc: Options::rotateData() const received(std::unique_ptr&) Full name: TCP::received(std::unique_ptr&) Source: received.cc Used By: destructor.cc: TCP::~TCP() received(std::unique_ptr&) Full name: UDP::received(std::unique_ptr&) Source: received.cc Used By: destructor.cc: UDP::~UDP() received(std::unique_ptr&) Full name: ICMP::received(std::unique_ptr&) Source: received.cc Used By: destructor.cc: ICMP::~ICMP() Record() Full name: Record::Record() Source: record2.cc Used By: conntrackrecord1.cc: ConntrackRecord::ConntrackRecord(IP_Types::Protocol, FBB::Pattern const&) Record(Record::Type, unsigned long, unsigned long, unsigned char const*) Full name: Record::Record(Record::Type, unsigned long, unsigned long, unsigned char const*) Source: record1.cc Used By: pcaprecord1.cc: PcapRecord::PcapRecord(Record::Type, pcap_pkthdr const&, unsigned char const*) tcpdumprecord1.cc: TcpdumpRecord::TcpdumpRecord(Record::Type, TcpdumpRecord::PktHdr const&, unsigned char const*) rotate() Full name: RotatingStreambuf::rotate() Source: rotate1.cc Used By: rotatethread.cc: RotatingStreambuf::rotateThread() rotate() const Full name: Options::rotate() const Source: rotate.cc Used By: forwardoption.cc: Options::forwardOption() const rotate(RotatingStreambuf::RotationInfo&) Full name: RotatingStreambuf::rotate(RotatingStreambuf::RotationInfo&) Source: rotate3.cc Used By: rotate1.cc: RotatingStreambuf::rotate() signalhandler.cc: NatFork::signalHandler(unsigned long) rotate(unsigned long) Full name: RotatingStreambuf::rotate(unsigned long) Source: rotate2.cc Used By: rotate3.cc: RotatingStreambuf::rotate(RotatingStreambuf::RotationInfo&) rotateData() const Full name: Options::rotateData() const Source: rotatedata.cc Used By: forwardoption.cc: Options::forwardOption() const rotateThread() Full name: RotatingStreambuf::rotateThread() Source: rotatethread.cc Used By: startthread.cc: RotatingStreambuf::startThread() RotatingStream(void (*)(std::ostream&)) Full name: RotatingStream::RotatingStream(void (*)(std::ostream&)) Source: rotatingstream1.cc Used By: connectionsconsumer1.cc: ConnectionsConsumer::ConnectionsConsumer(std::ostream&, Storage&) natfork1.cc: NatFork::NatFork() run() Full name: ConntrackProducer::run() Source: run.cc Used By: destructor.cc: ConntrackProducer::~ConntrackProducer() run() Full name: NatFork::run() Source: run.cc Used By: main.cc: main run() Full name: TcpdumpProducer::run() Source: run.cc Used By: destructor.cc: TcpdumpProducer::~TcpdumpProducer() run() Full name: DevicesProducer::run() Source: run.cc Used By: destructor.cc: DevicesProducer::~DevicesProducer() run() Full name: ConnectionsConsumer::run() Source: run.cc Used By: childprocess.cc: NatFork::childProcess() s_count Full name: Record::s_count Source: data.cc Used By: destructor.cc: Record::~Record() record1.cc: Record::Record(Record::Type, unsigned long, unsigned long, unsigned char const*) record2.cc: Record::Record() maybesizelog.cc: IPbase::maybeSizeLog(unsigned long*, unsigned long, char const*) s_dataRotate Full name: RotatingStreambuf::s_dataRotate Source: data.cc Used By: notify.cc: RotatingStreambuf::notify() open.cc: RotatingStreambuf::open(std::string const&, bool) rotate1.cc: RotatingStreambuf::rotate() startthread.cc: RotatingStreambuf::startThread() signalhandler.cc: NatFork::signalHandler(unsigned long) s_defaultConfigPath Full name: Options::s_defaultConfigPath Source: data.cc Used By: usage.cc: usage(std::string const&) openconfig.cc: Options::openConfig() s_defaultConntrackArgs Full name: Options::s_defaultConntrackArgs Source: data.cc Used By: usage.cc: usage(std::string const&) setconntrack.cc: Options::setConntrack() s_defaultConntrackCommand Full name: Options::s_defaultConntrackCommand Source: data.cc Used By: usage.cc: usage(std::string const&) setconntrack.cc: Options::setConntrack() s_defaultConntrackDevice Full name: Options::s_defaultConntrackDevice Source: data.cc Used By: usage.cc: usage(std::string const&) setconntrack.cc: Options::setConntrack() s_defaultPIDfile Full name: Options::s_defaultPIDfile Source: data.cc Used By: usage.cc: usage(std::string const&) openconfig.cc: Options::openConfig() s_defaultSyslogFacility Full name: Options::s_defaultSyslogFacility Source: data.cc Used By: usage.cc: usage(std::string const&) setsyslogfacility.cc: Options::setSyslogFacility() s_defaultSyslogIdent Full name: Options::s_defaultSyslogIdent Source: data.cc Used By: usage.cc: usage(std::string const&) setlogparams.cc: Options::setLogParams() s_defaultSyslogPriority Full name: Options::s_defaultSyslogPriority Source: data.cc Used By: usage.cc: usage(std::string const&) setsyslogpriority.cc: Options::setSyslogPriority() s_icmp Full name: ConntrackProducer::s_icmp Source: data.cc Used By: icmp.cc: ConntrackProducer::icmp(std::string const&) s_logType Full name: IPbase::s_logType Source: data.cc Used By: logconnection.cc: ICMP::logConnection(Record const&) const cleanupwrap.cc: ConnectionsConsumer::cleanupWrap(ConnectionsConsumer*) signalhandler.cc: ConnectionsConsumer::signalHandler(unsigned long) logconnection.cc: IPbase::logConnection(Record const&) const logdata.cc: IPbase::logData(Record const&) const s_logTypeText Full name: IPbase::s_logTypeText Source: data.cc Used By: logconnection.cc: ICMP::logConnection(Record const&) const logconnection.cc: IPbase::logConnection(Record const&) const logdata.cc: IPbase::logData(Record const&) const s_name2protocol Full name: Options::s_name2protocol Source: data.cc Used By: hasprotocol.cc: Options::hasProtocol(std::string const&) const setprotocol.cc: Options::setProtocol() s_nfConntrackAcct Full name: ConntrackProducer::s_nfConntrackAcct Source: data.cc Used By: activatebytecounts.cc: ConntrackProducer::activateByteCounts() const s_options Full name: Options::s_options Source: data.cc Used By: instance.cc: Options::instance() s_producer Full name: NatFork::s_producer Source: data.cc Used By: childprocess.cc: NatFork::childProcess() s_protocol2name Full name: Options::s_protocol2name Source: data.cc Used By: protocolnames.cc: Options::protocolNames() const setconntrack.cc: Options::setConntrack() s_rotateThread Full name: RotatingStreambuf::s_rotateThread Source: data.cc Used By: notify.cc: RotatingStreambuf::notify() startthread.cc: RotatingStreambuf::startThread() s_semaphore Full name: RotatingStreambuf::s_semaphore Source: data.cc Used By: notify.cc: RotatingStreambuf::notify() rotatethread.cc: RotatingStreambuf::rotateThread() s_show Full name: ShowSeconds::s_show Source: data.cc Used By: operatorinsert.cc: operator<<(std::ostream&, ShowSeconds const&) setformat.cc: ShowSeconds::setFormat() utcformat.cc: ShowSeconds::utcFormat() logdata.cc: IPbase::logData(Record const&) const s_stdRotate Full name: RotatingStreambuf::s_stdRotate Source: data.cc Used By: notify.cc: RotatingStreambuf::notify() open.cc: RotatingStreambuf::open(std::string const&, bool) rotate1.cc: RotatingStreambuf::rotate() startthread.cc: RotatingStreambuf::startThread() signalhandler.cc: NatFork::signalHandler(unsigned long) s_syslogFacilities Full name: Options::s_syslogFacilities Source: data.cc Used By: setsyslogfacility.cc: Options::setSyslogFacility() s_syslogPriorities Full name: Options::s_syslogPriorities Source: data.cc Used By: setsyslogpriority.cc: Options::setSyslogPriority() s_tcpIn Full name: TCP::s_tcpIn Source: data.cc Used By: indev.cc: TCP::inDev(std::unique_ptr&) s_tcpudp Full name: ConntrackProducer::s_tcpudp Source: data.cc Used By: tcpudp.cc: ConntrackProducer::tcpUdp(std::string const&) s_time Full name: Options::s_time Source: data.cc Used By: settimespec.cc: Options::setTimeSpec() settimetype.cc: Options::setTimeType(std::string const&) s_utcMarker Full name: ShowSeconds::s_utcMarker Source: data.cc Used By: logconnection.cc: ICMP::logConnection(Record const&) const setformat.cc: ShowSeconds::setFormat() logconnection.cc: IPbase::logConnection(Record const&) const sent(std::unique_ptr&) Full name: TCP::sent(std::unique_ptr&) Source: sent.cc Used By: destructor.cc: TCP::~TCP() sent(std::unique_ptr&) Full name: ICMP::sent(std::unique_ptr&) Source: sent.cc Used By: destructor.cc: ICMP::~ICMP() sent(std::unique_ptr&) Full name: UDP::sent(std::unique_ptr&) Source: sent.cc Used By: destructor.cc: UDP::~UDP() set(Record::Type, std::string const&) Full name: NIC::set(Record::Type, std::string const&) Source: set1.cc Used By: devicesproducer1.cc: DevicesProducer::DevicesProducer(std::ostream&, Storage&) set(Record::Type, std::string const&, std::string const&) Full name: NIC::set(Record::Type, std::string const&, std::string const&) Source: set2.cc Used By: tcpdumpproducer1.cc: TcpdumpProducer::TcpdumpProducer(std::ostream&, Storage&) setAllTimes(unsigned long, unsigned long) Full name: Record::setAllTimes(unsigned long, unsigned long) Source: setalltimes.cc Used By: conntrackrecord1.cc: ConntrackRecord::ConntrackRecord(IP_Types::Protocol, FBB::Pattern const&) setBoolMembers() Full name: Options::setBoolMembers() Source: setboolmembers.cc Used By: options1.cc: Options::Options() setConntrack() Full name: Options::setConntrack() Source: setconntrack.cc Used By: options1.cc: Options::Options() setEndTime(Record const&) Full name: Record::setEndTime(Record const&) Source: setendtime.cc Used By: addreceivedbytes.cc: Record::addReceivedBytes(Record const&) addsentbytes.cc: Record::addSentBytes(Record const&) setFormat() Full name: ShowSeconds::setFormat() Source: setformat.cc Used By: childprocess.cc: NatFork::childProcess() setLogParams() Full name: Options::setLogParams() Source: setlogparams.cc Used By: options1.cc: Options::Options() setMode() Full name: Options::setMode() Source: setmode.cc Used By: options1.cc: Options::Options() setPorts(unsigned long, unsigned long) Full name: Record::setPorts(unsigned long, unsigned long) Source: setports.cc Used By: inittcpudp.cc: ConntrackRecord::initTCP_UDP(FBB::Pattern const&) record1.cc: Record::Record(Record::Type, unsigned long, unsigned long, unsigned char const*) setProtocol() Full name: Options::setProtocol() Source: setprotocol.cc Used By: options1.cc: Options::Options() setSyslogFacility() Full name: Options::setSyslogFacility() Source: setsyslogfacility.cc Used By: setlogparams.cc: Options::setLogParams() setSyslogPriority() Full name: Options::setSyslogPriority() Source: setsyslogpriority.cc Used By: setlogparams.cc: Options::setLogParams() setTcpUdp(unsigned long, char const*) Full name: ConntrackProducer::setTcpUdp(unsigned long, char const*) Source: settcpudp.cc Used By: conntrackproducer1.cc: ConntrackProducer::ConntrackProducer(std::ostream&, Storage&) setTimeSpec() Full name: Options::setTimeSpec() Source: settimespec.cc Used By: options1.cc: Options::Options() setTimeType(std::string const&) Full name: Options::setTimeType(std::string const&) Source: settimetype.cc Used By: settimespec.cc: Options::setTimeSpec() setupDaemonMsg() Full name: NatFork::setupDaemonMsg() Source: setupdaemonmsg.cc Used By: natfork1.cc: NatFork::NatFork() setupNonDaemonMsg() Full name: NatFork::setupNonDaemonMsg() Source: setupnondaemonmsg.cc Used By: natfork1.cc: NatFork::NatFork() setupStdMsg() Full name: NatFork::setupStdMsg() Source: setupstdmsg.cc Used By: natfork1.cc: NatFork::NatFork() setVia(RecordMap::iterator const&, Record const&) Full name: IPbase::setVia(RecordMap::iterator const&, Record const&) Source: setvia.cc Used By: outdev.cc: UDP::outDev(std::unique_ptr&) outdev.cc: TCP::outDev(std::unique_ptr&) setVia(unsigned long) Full name: Record::setVia(unsigned long) Source: setvia.cc Used By: sent.cc: UDP::sent(std::unique_ptr&) syn.cc: TCP::syn(std::unique_ptr&) showLeft(unsigned long, char) Full name: IPbase::showLeft(unsigned long, char) Source: showleft.cc Used By: vdst.cc: IPbase::vDst(Record const&) const vvia.cc: IPbase::vVia(Record const&) const ShowSeconds(unsigned long) Full name: ShowSeconds::ShowSeconds(unsigned long) Source: showseconds2.cc Used By: time.cc: ShowSeconds::now() time.cc: Record::time(unsigned long, unsigned long) signalHandler(unsigned long) Full name: DevicesProducer::signalHandler(unsigned long) Source: signalhandler.cc Used By: destructor.cc: DevicesProducer::~DevicesProducer() signalHandler(unsigned long) Full name: NatFork::signalHandler(unsigned long) Source: signalhandler.cc Used By: destructor.cc: NatFork::~NatFork() signalHandler(unsigned long) Full name: ConntrackProducer::signalHandler(unsigned long) Source: signalhandler.cc Used By: destructor.cc: ConntrackProducer::~ConntrackProducer() signalHandler(unsigned long) Full name: ConnectionsConsumer::signalHandler(unsigned long) Source: signalhandler.cc Used By: destructor.cc: ConnectionsConsumer::~ConnectionsConsumer() specifications() Full name: NatFork::specifications() Source: specifications.cc Used By: natfork1.cc: NatFork::NatFork() startThread() Full name: RotatingStreambuf::startThread() Source: startthread.cc Used By: childprocess.cc: NatFork::childProcess() stop() Full name: Pcap::stop() Source: stop.cc Used By: stop.cc: PcapFilter::stop() stop() Full name: PcapFilter::stop() Source: stop.cc Used By: run.cc: DevicesProducer::run() store(Record::Type, TcpdumpProducer::Data&) Full name: TcpdumpProducer::store(Record::Type, TcpdumpProducer::Data&) Source: store.cc Used By: process.cc: TcpdumpProducer::process() syn(std::unique_ptr&) Full name: TCP::syn(std::unique_ptr&) Source: syn.cc Used By: data.cc: GLOBALS data.cc 9data.o sync() Full name: RotatingStreambuf::sync() Source: sync.cc Used By: destructor.cc: RotatingStreambuf::~RotatingStreambuf() connectionsconsumer1.cc: ConnectionsConsumer::ConnectionsConsumer(std::ostream&, Storage&) destructor.cc: ConnectionsConsumer::~ConnectionsConsumer() destructor.cc: NatFork::~NatFork() natfork1.cc: NatFork::NatFork() rotatingstream1.cc: RotatingStream::RotatingStream(void (*)(std::ostream&)) systemdFix(int, char**) Full name: systemdFix(int, char**) Source: systemdfix.cc Used By: main.cc: main TCP(std::ostream&, std::ostream&) Full name: TCP::TCP(std::ostream&, std::ostream&) Source: tcp1.cc Used By: connectionsconsumer1.cc: ConnectionsConsumer::ConnectionsConsumer(std::ostream&, Storage&) TcpdumpProducer(std::ostream&, Storage&) Full name: TcpdumpProducer::TcpdumpProducer(std::ostream&, Storage&) Source: tcpdumpproducer1.cc Used By: data.cc: GLOBALS data.cc 23data.o TcpdumpRecord(Record::Type, TcpdumpRecord::PktHdr const&, unsigned char const*) Full name: TcpdumpRecord::TcpdumpRecord(Record::Type, TcpdumpRecord::PktHdr const&, unsigned char const*) Source: tcpdumprecord1.cc Used By: store.cc: TcpdumpProducer::store(Record::Type, TcpdumpProducer::Data&) tcpUdp(std::string const&) Full name: ConntrackProducer::tcpUdp(std::string const&) Source: tcpudp.cc Used By: settcpudp.cc: ConntrackProducer::setTcpUdp(unsigned long, char const*) time(unsigned long, unsigned long) Full name: Record::time(unsigned long, unsigned long) Source: time.cc Used By: logconnection.cc: ICMP::logConnection(Record const&) const insertinto.cc: Record::insertInto(std::ostream&) const logconnection.cc: IPbase::logConnection(Record const&) const logdata.cc: IPbase::logData(Record const&) const UDP(std::ostream&, std::ostream&) Full name: UDP::UDP(std::ostream&, std::ostream&) Source: udp1.cc Used By: connectionsconsumer1.cc: ConnectionsConsumer::ConnectionsConsumer(std::ostream&, Storage&) unlockedOverflow(int) Full name: RotatingStreambuf::unlockedOverflow(int) Source: unlockedoverflow.cc Used By: open.cc: RotatingStreambuf::open(std::string const&, bool) sync.cc: RotatingStreambuf::sync() usage(std::string const&) Full name: usage(std::string const&) Source: usage.cc Used By: main.cc: main utcFormat() Full name: ShowSeconds::utcFormat() Source: utcformat.cc Used By: logdata.cc: IPbase::logData(Record const&) const utcTime(std::ostream&, unsigned long) Full name: ShowSeconds::utcTime(std::ostream&, unsigned long) Source: time.cc Used By: setformat.cc: ShowSeconds::setFormat() utcformat.cc: ShowSeconds::utcFormat() vByteCounts(Record const&) const Full name: IPbase::vByteCounts(Record const&) const Source: vbytecounts.cc Used By: destructor.cc: UDP::~UDP() destructor.cc: IPbase::~IPbase() destructor.cc: TCP::~TCP() vByteCounts(Record const&) const Full name: ICMP::vByteCounts(Record const&) const Source: vbytecounts.cc Used By: destructor.cc: ICMP::~ICMP() vDst(Record const&) const Full name: ICMP::vDst(Record const&) const Source: vdst.cc Used By: destructor.cc: ICMP::~ICMP() vDst(Record const&) const Full name: IPbase::vDst(Record const&) const Source: vdst.cc Used By: destructor.cc: UDP::~UDP() destructor.cc: IPbase::~IPbase() destructor.cc: TCP::~TCP() version Full name: Icmbuild::version Source: version.cc Used By: usage.cc: usage(std::string const&) main.cc: main via(Record const&) const Full name: IPbase::via(Record const&) const Source: via.cc Used By: ipbase1.cc: IPbase::IPbase(std::ostream&, std::ostream&) viaData(Record const&) const Full name: IPbase::viaData(Record const&) const Source: viadata.cc Used By: ipbase1.cc: IPbase::IPbase(std::ostream&, std::ostream&) vVia(Record const&) const Full name: ICMP::vVia(Record const&) const Source: vvia.cc Used By: destructor.cc: ICMP::~ICMP() vVia(Record const&) const Full name: IPbase::vVia(Record const&) const Source: vvia.cc Used By: destructor.cc: UDP::~UDP() destructor.cc: IPbase::~IPbase() destructor.cc: TCP::~TCP() years Full name: Icmbuild::years Source: version.cc Used By: usage.cc: usage(std::string const&) ~ConnectionsConsumer() Full name: ConnectionsConsumer::~ConnectionsConsumer() Source: destructor.cc Used By: childprocess.cc: NatFork::childProcess() ~ICMP() Full name: ICMP::~ICMP() Source: destructor.cc Used By: connectionsconsumer1.cc: ConnectionsConsumer::ConnectionsConsumer(std::ostream&, Storage&) destructor.cc: ConnectionsConsumer::~ConnectionsConsumer() ~IPbase() Full name: IPbase::~IPbase() Source: destructor.cc Used By: destructor.cc: UDP::~UDP() destructor.cc: ICMP::~ICMP() destructor.cc: TCP::~TCP() ~NatFork() Full name: NatFork::~NatFork() Source: destructor.cc Used By: main.cc: main ~Producer() Full name: Producer::~Producer() Source: destructor.cc Used By: producersignals1.cc: ProducerSignals::ProducerSignals() destructor.cc: DevicesProducer::~DevicesProducer() devicesproducer1.cc: DevicesProducer::DevicesProducer(std::ostream&, Storage&) conntrackproducer1.cc: ConntrackProducer::ConntrackProducer(std::ostream&, Storage&) destructor.cc: ConntrackProducer::~ConntrackProducer() destructor.cc: TcpdumpProducer::~TcpdumpProducer() tcpdumpproducer1.cc: TcpdumpProducer::TcpdumpProducer(std::ostream&, Storage&) ~Record() Full name: Record::~Record() Source: destructor.cc Used By: pcaprecord1.cc: GLOBALS pcaprecord1.cc 14pcaprecord1.o conntrackrecord1.cc: GLOBALS conntrackrecord1.cc 18conntrackrecord1.o tcpdumprecord1.cc: GLOBALS tcpdumprecord1.cc 20tcpdumprecord1.o ~RotatingStreambuf() Full name: RotatingStreambuf::~RotatingStreambuf() Source: destructor.cc Used By: connectionsconsumer1.cc: GLOBALS connectionsconsumer1.cc 22connectionsconsumer1.o destructor.cc: GLOBALS destructor.cc 22destructor.o destructor.cc: GLOBALS destructor.cc 23destructor.o natfork1.cc: GLOBALS natfork1.cc 23natfork1.o rotatingstream1.cc: GLOBALS rotatingstream1.cc 2rotatingstream1.o ~TCP() Full name: TCP::~TCP() Source: destructor.cc Used By: connectionsconsumer1.cc: ConnectionsConsumer::ConnectionsConsumer(std::ostream&, Storage&) destructor.cc: ConnectionsConsumer::~ConnectionsConsumer() ~UDP() Full name: UDP::~UDP() Source: destructor.cc Used By: connectionsconsumer1.cc: ConnectionsConsumer::ConnectionsConsumer(std::ostream&, Storage&) destructor.cc: ConnectionsConsumer::~ConnectionsConsumer() ---------------------------------------------------------------------- CALL TREE FOR: main main +-systemdFix(int, char**) +-usage(std::string const&) | +-Icmbuild::author | +-Icmbuild::version | +-Icmbuild::years | +-Options::s_defaultConfigPath | +-Options::s_defaultConntrackCommand | +-Options::s_defaultConntrackArgs | +-Options::s_defaultConntrackDevice | +-Options::s_defaultPIDfile | +-Options::s_defaultSyslogIdent | +-Options::s_defaultSyslogFacility | +-Options::s_defaultSyslogPriority +-Icmbuild::version +-Options::instance() | +-Options::s_options | +-Options::Options() | +-Options::openConfig() | | +-Options::s_defaultConfigPath | | +-Options::s_defaultPIDfile | +-Options::setMode() | +-Options::setProtocol() | | +-Options::s_name2protocol | +-Options::setLogParams() | | +-Options::s_defaultSyslogIdent | | +-Options::setSyslogFacility() | | | +-Options::s_defaultSyslogFacility | | | +-Options::s_syslogFacilities | | +-Options::setSyslogPriority() | | +-Options::s_defaultSyslogPriority | | +-Options::s_syslogPriorities | +-Options::setBoolMembers() | +-Options::setTimeSpec() | | +-Options::s_time | | +-Options::setTimeType(std::string const&) | | +-Options::s_time | +-Options::setConntrack() | +-Options::s_defaultConntrackCommand | +-Options::s_defaultConntrackArgs | +-Options::s_defaultConntrackDevice | +-Options::s_protocol2name +-NatFork::~NatFork() | +-RotatingStreambuf::sync() | | +-RotatingStreambuf::unlockedOverflow(int) | | +-RotatingStreambuf::lockedOverflow(int) | +-RotatingStreambuf::overflow(int) | +-NatFork::childProcess() | | +-Producer::process(Producer*, Storage&) | | +-Options::protocolNames() const | | | +-Options::s_protocol2name | | +-RotatingStreambuf::notify() | | | +-RotatingStreambuf::s_semaphore | | | +-RotatingStreambuf::s_stdRotate | | | +-RotatingStreambuf::s_dataRotate | | | +-RotatingStreambuf::s_rotateThread | | +-RotatingStreambuf::startThread() | | | +-RotatingStreambuf::s_stdRotate | | | +-RotatingStreambuf::s_dataRotate | | | +-RotatingStreambuf::s_rotateThread | | | +-RotatingStreambuf::rotateThread() | | | +-Options::instance() | | | | +-Options::s_options | | | | +-Options::Options() | | | | +-Options::openConfig() | | | | | +-Options::s_defaultConfigPath | | | | | +-Options::s_defaultPIDfile | | | | +-Options::setMode() | | | | +-Options::setProtocol() | | | | | +-Options::s_name2protocol | | | | +-Options::setLogParams() | | | | | +-Options::s_defaultSyslogIdent | | | | | +-Options::setSyslogFacility() | | | | | | +-Options::s_defaultSyslogFacility | | | | | | +-Options::s_syslogFacilities | | | | | +-Options::setSyslogPriority() | | | | | +-Options::s_defaultSyslogPriority | | | | | +-Options::s_syslogPriorities | | | | +-Options::setBoolMembers() | | | | +-Options::setTimeSpec() | | | | | +-Options::s_time | | | | | +-Options::setTimeType(std::string const&) | | | | | +-Options::s_time | | | | +-Options::setConntrack() | | | | +-Options::s_defaultConntrackCommand | | | | +-Options::s_defaultConntrackArgs | | | | +-Options::s_defaultConntrackDevice | | | | +-Options::s_protocol2name | | | +-RotatingStreambuf::s_semaphore | | | +-RotatingStreambuf::rotate() | | | +-RotatingStreambuf::s_stdRotate | | | +-RotatingStreambuf::s_dataRotate | | | +-RotatingStreambuf::rotate(RotatingStreambuf::RotationInfo&) | | | +-Options::instance() | | | | +-Options::s_options | | | | +-Options::Options() | | | | +-Options::openConfig() | | | | | +-Options::s_defaultConfigPath | | | | | +-Options::s_defaultPIDfile | | | | +-Options::setMode() | | | | +-Options::setProtocol() | | | | | +-Options::s_name2protocol | | | | +-Options::setLogParams() | | | | | +-Options::s_defaultSyslogIdent | | | | | +-Options::setSyslogFacility() | | | | | | +-Options::s_defaultSyslogFacility | | | | | | +-Options::s_syslogFacilities | | | | | +-Options::setSyslogPriority() | | | | | +-Options::s_defaultSyslogPriority | | | | | +-Options::s_syslogPriorities | | | | +-Options::setBoolMembers() | | | | +-Options::setTimeSpec() | | | | | +-Options::s_time | | | | | +-Options::setTimeType(std::string const&) | | | | | +-Options::s_time | | | | +-Options::setConntrack() | | | | +-Options::s_defaultConntrackCommand | | | | +-Options::s_defaultConntrackArgs | | | | +-Options::s_defaultConntrackDevice | | | | +-Options::s_protocol2name | | | +-RotatingStreambuf::rotate(unsigned long) | | +-ConnectionsConsumer::ConnectionsConsumer(std::ostream&, Storage&) | | | +-UDP::~UDP() | | | | +-UDP::cleanupHook() | | | | | +-IPbase::keyMapCleanup(std::unordered_map&) | | | | | +-IPbase::maybeSizeLog(unsigned long*, unsigned long, char const*) | | | | | +-g_debug | | | | | +-Record::s_count | | | | +-IPbase::~IPbase() | | | | | +-IPbase::logConnection(Record const&) const | | | | | | +-Record::time(unsigned long, unsigned long) | | | | | | | +-operator<<(std::ostream&, ShowSeconds const&) | | | | | | | | +-ShowSeconds::s_show | | | | | | | +-ShowSeconds::ShowSeconds(unsigned long) | | | | | | +-ShowSeconds::s_utcMarker | | | | | | +-Record::ntoa(unsigned int) | | | | | | +-IPbase::s_logType | | | | | | +-IPbase::s_logTypeText | | | | | | +-Record::protocolStr() const | | | | | +-IPbase::inDev(std::unique_ptr&) | | | | | | +-g_nic | | | | | | +-NIC::mask(Record::Type, unsigned long) const | | | | | +-IPbase::vDst(Record const&) const | | | | | | +-Record::ntoa(unsigned int) | | | | | | +-IPbase::showLeft(unsigned long, char) | | | | | +-IPbase::vVia(Record const&) const | | | | | | +-Record::ntoa(unsigned int) | | | | | | +-IPbase::showLeft(unsigned long, char) | | | | | +-IPbase::vByteCounts(Record const&) const | | | | | +-IPbase::cleanupHook() | | | | +-IPbase::logConnection(Record const&) const | | | | | +-Record::time(unsigned long, unsigned long) | | | | | | +-operator<<(std::ostream&, ShowSeconds const&) | | | | | | | +-ShowSeconds::s_show | | | | | | +-ShowSeconds::ShowSeconds(unsigned long) | | | | | +-ShowSeconds::s_utcMarker | | | | | +-Record::ntoa(unsigned int) | | | | | +-IPbase::s_logType | | | | | +-IPbase::s_logTypeText | | | | | +-Record::protocolStr() const | | | | +-IPbase::inDev(std::unique_ptr&) | | | | | +-g_nic | | | | | +-NIC::mask(Record::Type, unsigned long) const | | | | +-UDP::sent(std::unique_ptr&) | | | | | +-g_nic | | | | | +-NIC::mask(Record::Type, unsigned long) const | | | | | +-Record::addSentBytes(Record const&) | | | | | | +-Record::setEndTime(Record const&) | | | | | +-Record::setVia(unsigned long) | | | | +-UDP::received(std::unique_ptr&) | | | | | +-g_nic | | | | | +-NIC::mask(Record::Type, unsigned long) const | | | | | +-Record::addReceivedBytes(Record const&) | | | | | +-Record::setEndTime(Record const&) | | | | +-UDP::outDev(std::unique_ptr&) | | | | | +-g_nic | | | | | +-IPbase::setVia(RecordMap::iterator const&, Record const&) | | | | +-IPbase::vDst(Record const&) const | | | | | +-Record::ntoa(unsigned int) | | | | | +-IPbase::showLeft(unsigned long, char) | | | | +-IPbase::vVia(Record const&) const | | | | | +-Record::ntoa(unsigned int) | | | | | +-IPbase::showLeft(unsigned long, char) | | | | +-IPbase::vByteCounts(Record const&) const | | | +-UDP::UDP(std::ostream&, std::ostream&) | | | | +-IPbase::IPbase(std::ostream&, std::ostream&) | | | | +-Options::instance() | | | | | +-Options::s_options | | | | | +-Options::Options() | | | | | +-Options::openConfig() | | | | | | +-Options::s_defaultConfigPath | | | | | | +-Options::s_defaultPIDfile | | | | | +-Options::setMode() | | | | | +-Options::setProtocol() | | | | | | +-Options::s_name2protocol | | | | | +-Options::setLogParams() | | | | | | +-Options::s_defaultSyslogIdent | | | | | | +-Options::setSyslogFacility() | | | | | | | +-Options::s_defaultSyslogFacility | | | | | | | +-Options::s_syslogFacilities | | | | | | +-Options::setSyslogPriority() | | | | | | +-Options::s_defaultSyslogPriority | | | | | | +-Options::s_syslogPriorities | | | | | +-Options::setBoolMembers() | | | | | +-Options::setTimeSpec() | | | | | | +-Options::s_time | | | | | | +-Options::setTimeType(std::string const&) | | | | | | +-Options::s_time | | | | | +-Options::setConntrack() | | | | | +-Options::s_defaultConntrackCommand | | | | | +-Options::s_defaultConntrackArgs | | | | | +-Options::s_defaultConntrackDevice | | | | | +-Options::s_protocol2name | | | | +-IPbase::byteCounts(Record const&) const | | | | +-IPbase::byteCountsData(Record const&) const | | | | +-IPbase::dst(Record const&) const | | | | +-IPbase::dstData(Record const&) const | | | | | +-Record::ntoa(unsigned int) | | | | +-IPbase::ignore(Record const&) const | | | | +-IPbase::logData(Record const&) const | | | | | +-Record::time(unsigned long, unsigned long) | | | | | | +-operator<<(std::ostream&, ShowSeconds const&) | | | | | | | +-ShowSeconds::s_show | | | | | | +-ShowSeconds::ShowSeconds(unsigned long) | | | | | +-Record::ntoa(unsigned int) | | | | | +-IPbase::s_logType | | | | | +-IPbase::s_logTypeText | | | | | +-ShowSeconds::s_show | | | | | +-ShowSeconds::utcFormat() | | | | | | +-ShowSeconds::s_show | | | | | | +-ShowSeconds::utcTime(std::ostream&, unsigned long) | | | | | +-Record::protocolStr() const | | | | +-IPbase::via(Record const&) const | | | | +-IPbase::viaData(Record const&) const | | | | +-Record::ntoa(unsigned int) | | | +-ICMP::~ICMP() | | | | +-IPbase::~IPbase() | | | | | +-IPbase::logConnection(Record const&) const | | | | | | +-Record::time(unsigned long, unsigned long) | | | | | | | +-operator<<(std::ostream&, ShowSeconds const&) | | | | | | | | +-ShowSeconds::s_show | | | | | | | +-ShowSeconds::ShowSeconds(unsigned long) | | | | | | +-ShowSeconds::s_utcMarker | | | | | | +-Record::ntoa(unsigned int) | | | | | | +-IPbase::s_logType | | | | | | +-IPbase::s_logTypeText | | | | | | +-Record::protocolStr() const | | | | | +-IPbase::inDev(std::unique_ptr&) | | | | | | +-g_nic | | | | | | +-NIC::mask(Record::Type, unsigned long) const | | | | | +-IPbase::vDst(Record const&) const | | | | | | +-Record::ntoa(unsigned int) | | | | | | +-IPbase::showLeft(unsigned long, char) | | | | | +-IPbase::vVia(Record const&) const | | | | | | +-Record::ntoa(unsigned int) | | | | | | +-IPbase::showLeft(unsigned long, char) | | | | | +-IPbase::vByteCounts(Record const&) const | | | | | +-IPbase::cleanupHook() | | | | +-IPbase::inDev(std::unique_ptr&) | | | | | +-g_nic | | | | | +-NIC::mask(Record::Type, unsigned long) const | | | | +-IPbase::cleanupHook() | | | | +-ICMP::logConnection(Record const&) const | | | | | +-Record::time(unsigned long, unsigned long) | | | | | | +-operator<<(std::ostream&, ShowSeconds const&) | | | | | | | +-ShowSeconds::s_show | | | | | | +-ShowSeconds::ShowSeconds(unsigned long) | | | | | +-ShowSeconds::s_utcMarker | | | | | +-Record::ntoa(unsigned int) | | | | | +-IPbase::s_logType | | | | | +-IPbase::s_logTypeText | | | | +-ICMP::sent(std::unique_ptr&) | | | | | +-g_nic | | | | | +-NIC::mask(Record::Type, unsigned long) const | | | | | +-Record::addSentBytes(Record const&) | | | | | +-Record::setEndTime(Record const&) | | | | +-ICMP::received(std::unique_ptr&) | | | | | +-g_nic | | | | | +-NIC::mask(Record::Type, unsigned long) const | | | | | +-Record::addReceivedBytes(Record const&) | | | | | +-Record::setEndTime(Record const&) | | | | +-ICMP::outDev(std::unique_ptr&) | | | | | +-g_nic | | | | +-ICMP::vDst(Record const&) const | | | | | +-Record::ntoa(unsigned int) | | | | +-ICMP::vVia(Record const&) const | | | | | +-Record::ntoa(unsigned int) | | | | +-ICMP::vByteCounts(Record const&) const | | | +-ICMP::ICMP(std::ostream&, std::ostream&) | | | | +-IPbase::IPbase(std::ostream&, std::ostream&) | | | | +-Options::instance() | | | | | +-Options::s_options | | | | | +-Options::Options() | | | | | +-Options::openConfig() | | | | | | +-Options::s_defaultConfigPath | | | | | | +-Options::s_defaultPIDfile | | | | | +-Options::setMode() | | | | | +-Options::setProtocol() | | | | | | +-Options::s_name2protocol | | | | | +-Options::setLogParams() | | | | | | +-Options::s_defaultSyslogIdent | | | | | | +-Options::setSyslogFacility() | | | | | | | +-Options::s_defaultSyslogFacility | | | | | | | +-Options::s_syslogFacilities | | | | | | +-Options::setSyslogPriority() | | | | | | +-Options::s_defaultSyslogPriority | | | | | | +-Options::s_syslogPriorities | | | | | +-Options::setBoolMembers() | | | | | +-Options::setTimeSpec() | | | | | | +-Options::s_time | | | | | | +-Options::setTimeType(std::string const&) | | | | | | +-Options::s_time | | | | | +-Options::setConntrack() | | | | | +-Options::s_defaultConntrackCommand | | | | | +-Options::s_defaultConntrackArgs | | | | | +-Options::s_defaultConntrackDevice | | | | | +-Options::s_protocol2name | | | | +-IPbase::byteCounts(Record const&) const | | | | +-IPbase::byteCountsData(Record const&) const | | | | +-IPbase::dst(Record const&) const | | | | +-IPbase::dstData(Record const&) const | | | | | +-Record::ntoa(unsigned int) | | | | +-IPbase::ignore(Record const&) const | | | | +-IPbase::logData(Record const&) const | | | | | +-Record::time(unsigned long, unsigned long) | | | | | | +-operator<<(std::ostream&, ShowSeconds const&) | | | | | | | +-ShowSeconds::s_show | | | | | | +-ShowSeconds::ShowSeconds(unsigned long) | | | | | +-Record::ntoa(unsigned int) | | | | | +-IPbase::s_logType | | | | | +-IPbase::s_logTypeText | | | | | +-ShowSeconds::s_show | | | | | +-ShowSeconds::utcFormat() | | | | | | +-ShowSeconds::s_show | | | | | | +-ShowSeconds::utcTime(std::ostream&, unsigned long) | | | | | +-Record::protocolStr() const | | | | +-IPbase::via(Record const&) const | | | | +-IPbase::viaData(Record const&) const | | | | +-Record::ntoa(unsigned int) | | | +-Options::instance() | | | | +-Options::s_options | | | | +-Options::Options() | | | | +-Options::openConfig() | | | | | +-Options::s_defaultConfigPath | | | | | +-Options::s_defaultPIDfile | | | | +-Options::setMode() | | | | +-Options::setProtocol() | | | | | +-Options::s_name2protocol | | | | +-Options::setLogParams() | | | | | +-Options::s_defaultSyslogIdent | | | | | +-Options::setSyslogFacility() | | | | | | +-Options::s_defaultSyslogFacility | | | | | | +-Options::s_syslogFacilities | | | | | +-Options::setSyslogPriority() | | | | | +-Options::s_defaultSyslogPriority | | | | | +-Options::s_syslogPriorities | | | | +-Options::setBoolMembers() | | | | +-Options::setTimeSpec() | | | | | +-Options::s_time | | | | | +-Options::setTimeType(std::string const&) | | | | | +-Options::s_time | | | | +-Options::setConntrack() | | | | +-Options::s_defaultConntrackCommand | | | | +-Options::s_defaultConntrackArgs | | | | +-Options::s_defaultConntrackDevice | | | | +-Options::s_protocol2name | | | +-RotatingStreambuf::sync() | | | | +-RotatingStreambuf::unlockedOverflow(int) | | | | +-RotatingStreambuf::lockedOverflow(int) | | | +-RotatingStreambuf::overflow(int) | | | +-RotatingStreambuf::open(std::string const&, bool) | | | | +-RotatingStreambuf::s_stdRotate | | | | +-RotatingStreambuf::s_dataRotate | | | | +-RotatingStreambuf::unlockedOverflow(int) | | | | +-RotatingStreambuf::lockedOverflow(int) | | | +-ConnectionsConsumer::header(std::ostream&) | | | | +-Options::instance() | | | | +-Options::s_options | | | | +-Options::Options() | | | | +-Options::openConfig() | | | | | +-Options::s_defaultConfigPath | | | | | +-Options::s_defaultPIDfile | | | | +-Options::setMode() | | | | +-Options::setProtocol() | | | | | +-Options::s_name2protocol | | | | +-Options::setLogParams() | | | | | +-Options::s_defaultSyslogIdent | | | | | +-Options::setSyslogFacility() | | | | | | +-Options::s_defaultSyslogFacility | | | | | | +-Options::s_syslogFacilities | | | | | +-Options::setSyslogPriority() | | | | | +-Options::s_defaultSyslogPriority | | | | | +-Options::s_syslogPriorities | | | | +-Options::setBoolMembers() | | | | +-Options::setTimeSpec() | | | | | +-Options::s_time | | | | | +-Options::setTimeType(std::string const&) | | | | | +-Options::s_time | | | | +-Options::setConntrack() | | | | +-Options::s_defaultConntrackCommand | | | | +-Options::s_defaultConntrackArgs | | | | +-Options::s_defaultConntrackDevice | | | | +-Options::s_protocol2name | | | +-RotatingStream::RotatingStream(void (*)(std::ostream&)) | | | | +-RotatingStreambuf::sync() | | | | | +-RotatingStreambuf::unlockedOverflow(int) | | | | | +-RotatingStreambuf::lockedOverflow(int) | | | | +-RotatingStreambuf::overflow(int) | | | +-TCP::TCP(std::ostream&, std::ostream&) | | | | +-IPbase::IPbase(std::ostream&, std::ostream&) | | | | +-Options::instance() | | | | | +-Options::s_options | | | | | +-Options::Options() | | | | | +-Options::openConfig() | | | | | | +-Options::s_defaultConfigPath | | | | | | +-Options::s_defaultPIDfile | | | | | +-Options::setMode() | | | | | +-Options::setProtocol() | | | | | | +-Options::s_name2protocol | | | | | +-Options::setLogParams() | | | | | | +-Options::s_defaultSyslogIdent | | | | | | +-Options::setSyslogFacility() | | | | | | | +-Options::s_defaultSyslogFacility | | | | | | | +-Options::s_syslogFacilities | | | | | | +-Options::setSyslogPriority() | | | | | | +-Options::s_defaultSyslogPriority | | | | | | +-Options::s_syslogPriorities | | | | | +-Options::setBoolMembers() | | | | | +-Options::setTimeSpec() | | | | | | +-Options::s_time | | | | | | +-Options::setTimeType(std::string const&) | | | | | | +-Options::s_time | | | | | +-Options::setConntrack() | | | | | +-Options::s_defaultConntrackCommand | | | | | +-Options::s_defaultConntrackArgs | | | | | +-Options::s_defaultConntrackDevice | | | | | +-Options::s_protocol2name | | | | +-IPbase::byteCounts(Record const&) const | | | | +-IPbase::byteCountsData(Record const&) const | | | | +-IPbase::dst(Record const&) const | | | | +-IPbase::dstData(Record const&) const | | | | | +-Record::ntoa(unsigned int) | | | | +-IPbase::ignore(Record const&) const | | | | +-IPbase::logData(Record const&) const | | | | | +-Record::time(unsigned long, unsigned long) | | | | | | +-operator<<(std::ostream&, ShowSeconds const&) | | | | | | | +-ShowSeconds::s_show | | | | | | +-ShowSeconds::ShowSeconds(unsigned long) | | | | | +-Record::ntoa(unsigned int) | | | | | +-IPbase::s_logType | | | | | +-IPbase::s_logTypeText | | | | | +-ShowSeconds::s_show | | | | | +-ShowSeconds::utcFormat() | | | | | | +-ShowSeconds::s_show | | | | | | +-ShowSeconds::utcTime(std::ostream&, unsigned long) | | | | | +-Record::protocolStr() const | | | | +-IPbase::via(Record const&) const | | | | +-IPbase::viaData(Record const&) const | | | | +-Record::ntoa(unsigned int) | | | +-TCP::~TCP() | | | +-IPbase::~IPbase() | | | | +-IPbase::logConnection(Record const&) const | | | | | +-Record::time(unsigned long, unsigned long) | | | | | | +-operator<<(std::ostream&, ShowSeconds const&) | | | | | | | +-ShowSeconds::s_show | | | | | | +-ShowSeconds::ShowSeconds(unsigned long) | | | | | +-ShowSeconds::s_utcMarker | | | | | +-Record::ntoa(unsigned int) | | | | | +-IPbase::s_logType | | | | | +-IPbase::s_logTypeText | | | | | +-Record::protocolStr() const | | | | +-IPbase::inDev(std::unique_ptr&) | | | | | +-g_nic | | | | | +-NIC::mask(Record::Type, unsigned long) const | | | | +-IPbase::vDst(Record const&) const | | | | | +-Record::ntoa(unsigned int) | | | | | +-IPbase::showLeft(unsigned long, char) | | | | +-IPbase::vVia(Record const&) const | | | | | +-Record::ntoa(unsigned int) | | | | | +-IPbase::showLeft(unsigned long, char) | | | | +-IPbase::vByteCounts(Record const&) const | | | | +-IPbase::cleanupHook() | | | +-IPbase::logConnection(Record const&) const | | | | +-Record::time(unsigned long, unsigned long) | | | | | +-operator<<(std::ostream&, ShowSeconds const&) | | | | | | +-ShowSeconds::s_show | | | | | +-ShowSeconds::ShowSeconds(unsigned long) | | | | +-ShowSeconds::s_utcMarker | | | | +-Record::ntoa(unsigned int) | | | | +-IPbase::s_logType | | | | +-IPbase::s_logTypeText | | | | +-Record::protocolStr() const | | | +-IPbase::vDst(Record const&) const | | | | +-Record::ntoa(unsigned int) | | | | +-IPbase::showLeft(unsigned long, char) | | | +-IPbase::vVia(Record const&) const | | | | +-Record::ntoa(unsigned int) | | | | +-IPbase::showLeft(unsigned long, char) | | | +-IPbase::vByteCounts(Record const&) const | | | +-TCP::cleanupHook() | | | | +-IPbase::keyMapCleanup(std::unordered_map&) | | | | +-IPbase::maybeSizeLog(unsigned long*, unsigned long, char const*) | | | | +-g_debug | | | | +-Record::s_count | | | +-TCP::inDev(std::unique_ptr&) | | | | +-TCP::s_tcpIn | | | | +-TCP::inType(Record const&) | | | +-TCP::sent(std::unique_ptr&) | | | | +-Record::addSentBytes(Record const&) | | | | +-Record::setEndTime(Record const&) | | | +-TCP::received(std::unique_ptr&) | | | | +-Record::addReceivedBytes(Record const&) | | | | +-Record::setEndTime(Record const&) | | | +-TCP::outDev(std::unique_ptr&) | | | +-IPbase::setVia(RecordMap::iterator const&, Record const&) | | +-ConnectionsConsumer::~ConnectionsConsumer() | | | +-UDP::~UDP() | | | | +-UDP::cleanupHook() | | | | | +-IPbase::keyMapCleanup(std::unordered_map&) | | | | | +-IPbase::maybeSizeLog(unsigned long*, unsigned long, char const*) | | | | | +-g_debug | | | | | +-Record::s_count | | | | +-IPbase::~IPbase() | | | | | +-IPbase::logConnection(Record const&) const | | | | | | +-Record::time(unsigned long, unsigned long) | | | | | | | +-operator<<(std::ostream&, ShowSeconds const&) | | | | | | | | +-ShowSeconds::s_show | | | | | | | +-ShowSeconds::ShowSeconds(unsigned long) | | | | | | +-ShowSeconds::s_utcMarker | | | | | | +-Record::ntoa(unsigned int) | | | | | | +-IPbase::s_logType | | | | | | +-IPbase::s_logTypeText | | | | | | +-Record::protocolStr() const | | | | | +-IPbase::inDev(std::unique_ptr&) | | | | | | +-g_nic | | | | | | +-NIC::mask(Record::Type, unsigned long) const | | | | | +-IPbase::vDst(Record const&) const | | | | | | +-Record::ntoa(unsigned int) | | | | | | +-IPbase::showLeft(unsigned long, char) | | | | | +-IPbase::vVia(Record const&) const | | | | | | +-Record::ntoa(unsigned int) | | | | | | +-IPbase::showLeft(unsigned long, char) | | | | | +-IPbase::vByteCounts(Record const&) const | | | | | +-IPbase::cleanupHook() | | | | +-IPbase::logConnection(Record const&) const | | | | | +-Record::time(unsigned long, unsigned long) | | | | | | +-operator<<(std::ostream&, ShowSeconds const&) | | | | | | | +-ShowSeconds::s_show | | | | | | +-ShowSeconds::ShowSeconds(unsigned long) | | | | | +-ShowSeconds::s_utcMarker | | | | | +-Record::ntoa(unsigned int) | | | | | +-IPbase::s_logType | | | | | +-IPbase::s_logTypeText | | | | | +-Record::protocolStr() const | | | | +-IPbase::inDev(std::unique_ptr&) | | | | | +-g_nic | | | | | +-NIC::mask(Record::Type, unsigned long) const | | | | +-UDP::sent(std::unique_ptr&) | | | | | +-g_nic | | | | | +-NIC::mask(Record::Type, unsigned long) const | | | | | +-Record::addSentBytes(Record const&) | | | | | | +-Record::setEndTime(Record const&) | | | | | +-Record::setVia(unsigned long) | | | | +-UDP::received(std::unique_ptr&) | | | | | +-g_nic | | | | | +-NIC::mask(Record::Type, unsigned long) const | | | | | +-Record::addReceivedBytes(Record const&) | | | | | +-Record::setEndTime(Record const&) | | | | +-UDP::outDev(std::unique_ptr&) | | | | | +-g_nic | | | | | +-IPbase::setVia(RecordMap::iterator const&, Record const&) | | | | +-IPbase::vDst(Record const&) const | | | | | +-Record::ntoa(unsigned int) | | | | | +-IPbase::showLeft(unsigned long, char) | | | | +-IPbase::vVia(Record const&) const | | | | | +-Record::ntoa(unsigned int) | | | | | +-IPbase::showLeft(unsigned long, char) | | | | +-IPbase::vByteCounts(Record const&) const | | | +-ICMP::~ICMP() | | | | +-IPbase::~IPbase() | | | | | +-IPbase::logConnection(Record const&) const | | | | | | +-Record::time(unsigned long, unsigned long) | | | | | | | +-operator<<(std::ostream&, ShowSeconds const&) | | | | | | | | +-ShowSeconds::s_show | | | | | | | +-ShowSeconds::ShowSeconds(unsigned long) | | | | | | +-ShowSeconds::s_utcMarker | | | | | | +-Record::ntoa(unsigned int) | | | | | | +-IPbase::s_logType | | | | | | +-IPbase::s_logTypeText | | | | | | +-Record::protocolStr() const | | | | | +-IPbase::inDev(std::unique_ptr&) | | | | | | +-g_nic | | | | | | +-NIC::mask(Record::Type, unsigned long) const | | | | | +-IPbase::vDst(Record const&) const | | | | | | +-Record::ntoa(unsigned int) | | | | | | +-IPbase::showLeft(unsigned long, char) | | | | | +-IPbase::vVia(Record const&) const | | | | | | +-Record::ntoa(unsigned int) | | | | | | +-IPbase::showLeft(unsigned long, char) | | | | | +-IPbase::vByteCounts(Record const&) const | | | | | +-IPbase::cleanupHook() | | | | +-IPbase::inDev(std::unique_ptr&) | | | | | +-g_nic | | | | | +-NIC::mask(Record::Type, unsigned long) const | | | | +-IPbase::cleanupHook() | | | | +-ICMP::logConnection(Record const&) const | | | | | +-Record::time(unsigned long, unsigned long) | | | | | | +-operator<<(std::ostream&, ShowSeconds const&) | | | | | | | +-ShowSeconds::s_show | | | | | | +-ShowSeconds::ShowSeconds(unsigned long) | | | | | +-ShowSeconds::s_utcMarker | | | | | +-Record::ntoa(unsigned int) | | | | | +-IPbase::s_logType | | | | | +-IPbase::s_logTypeText | | | | +-ICMP::sent(std::unique_ptr&) | | | | | +-g_nic | | | | | +-NIC::mask(Record::Type, unsigned long) const | | | | | +-Record::addSentBytes(Record const&) | | | | | +-Record::setEndTime(Record const&) | | | | +-ICMP::received(std::unique_ptr&) | | | | | +-g_nic | | | | | +-NIC::mask(Record::Type, unsigned long) const | | | | | +-Record::addReceivedBytes(Record const&) | | | | | +-Record::setEndTime(Record const&) | | | | +-ICMP::outDev(std::unique_ptr&) | | | | | +-g_nic | | | | +-ICMP::vDst(Record const&) const | | | | | +-Record::ntoa(unsigned int) | | | | +-ICMP::vVia(Record const&) const | | | | | +-Record::ntoa(unsigned int) | | | | +-ICMP::vByteCounts(Record const&) const | | | +-RotatingStreambuf::sync() | | | | +-RotatingStreambuf::unlockedOverflow(int) | | | | +-RotatingStreambuf::lockedOverflow(int) | | | +-RotatingStreambuf::overflow(int) | | | +-TCP::~TCP() | | | | +-IPbase::~IPbase() | | | | | +-IPbase::logConnection(Record const&) const | | | | | | +-Record::time(unsigned long, unsigned long) | | | | | | | +-operator<<(std::ostream&, ShowSeconds const&) | | | | | | | | +-ShowSeconds::s_show | | | | | | | +-ShowSeconds::ShowSeconds(unsigned long) | | | | | | +-ShowSeconds::s_utcMarker | | | | | | +-Record::ntoa(unsigned int) | | | | | | +-IPbase::s_logType | | | | | | +-IPbase::s_logTypeText | | | | | | +-Record::protocolStr() const | | | | | +-IPbase::inDev(std::unique_ptr&) | | | | | | +-g_nic | | | | | | +-NIC::mask(Record::Type, unsigned long) const | | | | | +-IPbase::vDst(Record const&) const | | | | | | +-Record::ntoa(unsigned int) | | | | | | +-IPbase::showLeft(unsigned long, char) | | | | | +-IPbase::vVia(Record const&) const | | | | | | +-Record::ntoa(unsigned int) | | | | | | +-IPbase::showLeft(unsigned long, char) | | | | | +-IPbase::vByteCounts(Record const&) const | | | | | +-IPbase::cleanupHook() | | | | +-IPbase::logConnection(Record const&) const | | | | | +-Record::time(unsigned long, unsigned long) | | | | | | +-operator<<(std::ostream&, ShowSeconds const&) | | | | | | | +-ShowSeconds::s_show | | | | | | +-ShowSeconds::ShowSeconds(unsigned long) | | | | | +-ShowSeconds::s_utcMarker | | | | | +-Record::ntoa(unsigned int) | | | | | +-IPbase::s_logType | | | | | +-IPbase::s_logTypeText | | | | | +-Record::protocolStr() const | | | | +-IPbase::vDst(Record const&) const | | | | | +-Record::ntoa(unsigned int) | | | | | +-IPbase::showLeft(unsigned long, char) | | | | +-IPbase::vVia(Record const&) const | | | | | +-Record::ntoa(unsigned int) | | | | | +-IPbase::showLeft(unsigned long, char) | | | | +-IPbase::vByteCounts(Record const&) const | | | | +-TCP::cleanupHook() | | | | | +-IPbase::keyMapCleanup(std::unordered_map&) | | | | | +-IPbase::maybeSizeLog(unsigned long*, unsigned long, char const*) | | | | | +-g_debug | | | | | +-Record::s_count | | | | +-TCP::inDev(std::unique_ptr&) | | | | | +-TCP::s_tcpIn | | | | | +-TCP::inType(Record const&) | | | | +-TCP::sent(std::unique_ptr&) | | | | | +-Record::addSentBytes(Record const&) | | | | | +-Record::setEndTime(Record const&) | | | | +-TCP::received(std::unique_ptr&) | | | | | +-Record::addReceivedBytes(Record const&) | | | | | +-Record::setEndTime(Record const&) | | | | +-TCP::outDev(std::unique_ptr&) | | | | +-IPbase::setVia(RecordMap::iterator const&, Record const&) | | | +-ConnectionsConsumer::signalHandler(unsigned long) | | | +-IPbase::s_logType | | +-ConnectionsConsumer::run() | | | +-Options::instance() | | | | +-Options::s_options | | | | +-Options::Options() | | | | +-Options::openConfig() | | | | | +-Options::s_defaultConfigPath | | | | | +-Options::s_defaultPIDfile | | | | +-Options::setMode() | | | | +-Options::setProtocol() | | | | | +-Options::s_name2protocol | | | | +-Options::setLogParams() | | | | | +-Options::s_defaultSyslogIdent | | | | | +-Options::setSyslogFacility() | | | | | | +-Options::s_defaultSyslogFacility | | | | | | +-Options::s_syslogFacilities | | | | | +-Options::setSyslogPriority() | | | | | +-Options::s_defaultSyslogPriority | | | | | +-Options::s_syslogPriorities | | | | +-Options::setBoolMembers() | | | | +-Options::setTimeSpec() | | | | | +-Options::s_time | | | | | +-Options::setTimeType(std::string const&) | | | | | +-Options::s_time | | | | +-Options::setConntrack() | | | | +-Options::s_defaultConntrackCommand | | | | +-Options::s_defaultConntrackArgs | | | | +-Options::s_defaultConntrackDevice | | | | +-Options::s_protocol2name | | | +-ConnectionsConsumer::cleanupICMP_UDP(long) | | | | +-IPbase::cleanup(long) | | | | +-IPbase::log(Record const&) const | | | | +-IPbase::erase(RecordMap::iterator const&) | | | +-IPbase::cleanup(long) | | | | +-IPbase::log(Record const&) const | | | | +-IPbase::erase(RecordMap::iterator const&) | | | +-ConnectionsConsumer::cleanupWrap(ConnectionsConsumer*) | | | | +-IPbase::s_logType | | | | +-Options::instance() | | | | | +-Options::s_options | | | | | +-Options::Options() | | | | | +-Options::openConfig() | | | | | | +-Options::s_defaultConfigPath | | | | | | +-Options::s_defaultPIDfile | | | | | +-Options::setMode() | | | | | +-Options::setProtocol() | | | | | | +-Options::s_name2protocol | | | | | +-Options::setLogParams() | | | | | | +-Options::s_defaultSyslogIdent | | | | | | +-Options::setSyslogFacility() | | | | | | | +-Options::s_defaultSyslogFacility | | | | | | | +-Options::s_syslogFacilities | | | | | | +-Options::setSyslogPriority() | | | | | | +-Options::s_defaultSyslogPriority | | | | | | +-Options::s_syslogPriorities | | | | | +-Options::setBoolMembers() | | | | | +-Options::setTimeSpec() | | | | | | +-Options::s_time | | | | | | +-Options::setTimeType(std::string const&) | | | | | | +-Options::s_time | | | | | +-Options::setConntrack() | | | | | +-Options::s_defaultConntrackCommand | | | | | +-Options::s_defaultConntrackArgs | | | | | +-Options::s_defaultConntrackDevice | | | | | +-Options::s_protocol2name | | | | +-ConnectionsConsumer::cleanupICMP_UDP(long) | | | | | +-IPbase::cleanup(long) | | | | | +-IPbase::log(Record const&) const | | | | | +-IPbase::erase(RecordMap::iterator const&) | | | | +-IPbase::cleanup(long) | | | | +-IPbase::log(Record const&) const | | | | +-IPbase::erase(RecordMap::iterator const&) | | | +-Storage::fetch() | | | +-IPbase::process(std::unique_ptr) | | | +-IPbase::destroy(Record const&) | | | +-Record::addReceivedBytes(Record const&) | | | | +-Record::setEndTime(Record const&) | | | +-Record::addSentBytes(Record const&) | | | | +-Record::setEndTime(Record const&) | | | +-IPbase::log(Record const&) const | | | +-IPbase::erase(RecordMap::iterator const&) | | +-ShowSeconds::setFormat() | | | +-ShowSeconds::s_utcMarker | | | +-Options::instance() | | | | +-Options::s_options | | | | +-Options::Options() | | | | +-Options::openConfig() | | | | | +-Options::s_defaultConfigPath | | | | | +-Options::s_defaultPIDfile | | | | +-Options::setMode() | | | | +-Options::setProtocol() | | | | | +-Options::s_name2protocol | | | | +-Options::setLogParams() | | | | | +-Options::s_defaultSyslogIdent | | | | | +-Options::setSyslogFacility() | | | | | | +-Options::s_defaultSyslogFacility | | | | | | +-Options::s_syslogFacilities | | | | | +-Options::setSyslogPriority() | | | | | +-Options::s_defaultSyslogPriority | | | | | +-Options::s_syslogPriorities | | | | +-Options::setBoolMembers() | | | | +-Options::setTimeSpec() | | | | | +-Options::s_time | | | | | +-Options::setTimeType(std::string const&) | | | | | +-Options::s_time | | | | +-Options::setConntrack() | | | | +-Options::s_defaultConntrackCommand | | | | +-Options::s_defaultConntrackArgs | | | | +-Options::s_defaultConntrackDevice | | | | +-Options::s_protocol2name | | | +-ShowSeconds::s_show | | | +-ShowSeconds::rawTime(std::ostream&, unsigned long) | | | +-ShowSeconds::utcTime(std::ostream&, unsigned long) | | +-NatFork::s_producer | +-NatFork::cleanupPidFile() const | +-NatFork::parentProcess() | | +-Options::instance() | | +-Options::s_options | | +-Options::Options() | | +-Options::openConfig() | | | +-Options::s_defaultConfigPath | | | +-Options::s_defaultPIDfile | | +-Options::setMode() | | +-Options::setProtocol() | | | +-Options::s_name2protocol | | +-Options::setLogParams() | | | +-Options::s_defaultSyslogIdent | | | +-Options::setSyslogFacility() | | | | +-Options::s_defaultSyslogFacility | | | | +-Options::s_syslogFacilities | | | +-Options::setSyslogPriority() | | | +-Options::s_defaultSyslogPriority | | | +-Options::s_syslogPriorities | | +-Options::setBoolMembers() | | +-Options::setTimeSpec() | | | +-Options::s_time | | | +-Options::setTimeType(std::string const&) | | | +-Options::s_time | | +-Options::setConntrack() | | +-Options::s_defaultConntrackCommand | | +-Options::s_defaultConntrackArgs | | +-Options::s_defaultConntrackDevice | | +-Options::s_protocol2name | +-NatFork::signalHandler(unsigned long) | +-RotatingStreambuf::s_stdRotate | +-RotatingStreambuf::s_dataRotate | +-RotatingStreambuf::rotate(RotatingStreambuf::RotationInfo&) | +-Options::instance() | | +-Options::s_options | | +-Options::Options() | | +-Options::openConfig() | | | +-Options::s_defaultConfigPath | | | +-Options::s_defaultPIDfile | | +-Options::setMode() | | +-Options::setProtocol() | | | +-Options::s_name2protocol | | +-Options::setLogParams() | | | +-Options::s_defaultSyslogIdent | | | +-Options::setSyslogFacility() | | | | +-Options::s_defaultSyslogFacility | | | | +-Options::s_syslogFacilities | | | +-Options::setSyslogPriority() | | | +-Options::s_defaultSyslogPriority | | | +-Options::s_syslogPriorities | | +-Options::setBoolMembers() | | +-Options::setTimeSpec() | | | +-Options::s_time | | | +-Options::setTimeType(std::string const&) | | | +-Options::s_time | | +-Options::setConntrack() | | +-Options::s_defaultConntrackCommand | | +-Options::s_defaultConntrackArgs | | +-Options::s_defaultConntrackDevice | | +-Options::s_protocol2name | +-RotatingStreambuf::rotate(unsigned long) +-NatFork::NatFork() | +-Options::instance() | | +-Options::s_options | | +-Options::Options() | | +-Options::openConfig() | | | +-Options::s_defaultConfigPath | | | +-Options::s_defaultPIDfile | | +-Options::setMode() | | +-Options::setProtocol() | | | +-Options::s_name2protocol | | +-Options::setLogParams() | | | +-Options::s_defaultSyslogIdent | | | +-Options::setSyslogFacility() | | | | +-Options::s_defaultSyslogFacility | | | | +-Options::s_syslogFacilities | | | +-Options::setSyslogPriority() | | | +-Options::s_defaultSyslogPriority | | | +-Options::s_syslogPriorities | | +-Options::setBoolMembers() | | +-Options::setTimeSpec() | | | +-Options::s_time | | | +-Options::setTimeType(std::string const&) | | | +-Options::s_time | | +-Options::setConntrack() | | +-Options::s_defaultConntrackCommand | | +-Options::s_defaultConntrackArgs | | +-Options::s_defaultConntrackDevice | | +-Options::s_protocol2name | +-RotatingStreambuf::sync() | | +-RotatingStreambuf::unlockedOverflow(int) | | +-RotatingStreambuf::lockedOverflow(int) | +-RotatingStreambuf::overflow(int) | +-RotatingStream::RotatingStream(void (*)(std::ostream&)) | | +-RotatingStreambuf::sync() | | | +-RotatingStreambuf::unlockedOverflow(int) | | | +-RotatingStreambuf::lockedOverflow(int) | | +-RotatingStreambuf::overflow(int) | +-NatFork::setupStdMsg() | | +-RotatingStreambuf::open(std::string const&, bool) | | | +-RotatingStreambuf::s_stdRotate | | | +-RotatingStreambuf::s_dataRotate | | | +-RotatingStreambuf::unlockedOverflow(int) | | | +-RotatingStreambuf::lockedOverflow(int) | | +-NatFork::checkSyslogParam(char const*, std::string const&, std::string const&) | +-NatFork::setupDaemonMsg() | +-NatFork::specifications() | | +-Options::protocolNames() const | | +-Options::s_protocol2name | +-NatFork::setupNonDaemonMsg() | +-g_debug +-NatFork::run() | +-NatFork::conntrackMode() +-Options::forwardOption() const +-Options::kill() const | +-Options::readPid() const +-Options::rotate() const | +-Options::readPid() const +-Options::rotateData() const +-Options::readPid() const natlog-3.01.00/nic/000077500000000000000000000000001474316276200137245ustar00rootroot00000000000000natlog-3.01.00/nic/data.cc000066400000000000000000000000361474316276200151430ustar00rootroot00000000000000#include "nic.ih" NIC g_nic; natlog-3.01.00/nic/frame000066400000000000000000000000351474316276200147370ustar00rootroot00000000000000#include "nic.ih" NIC:: { } natlog-3.01.00/nic/icmconf000077700000000000000000000000001474316276200176012../icmconf.libustar00rootroot00000000000000natlog-3.01.00/nic/interfaces.demo/000077500000000000000000000000001474316276200167725ustar00rootroot00000000000000natlog-3.01.00/nic/interfaces.demo/icmconf000066400000000000000000000022511474316276200203330ustar00rootroot00000000000000#define CLS //#define LIBRARY "modules" #define MAIN "main.cc" #define SOURCES "*.cc" #define OBJ_EXT ".o" //#define SHARED #define SHAREDREQ "" #define TMP_DIR "tmp" //#define USE_ALL "a" #define USE_ECHO ON // #define USE_VERSION #define CXX "g++" //#define CC "gcc" #define CXXFLAGS " --std=c++20 -Wall -O2" \ " -fdiagnostics-color=never " //#define CFLAGS " -Wall -O2" #define IH ".ih" //#define PRECOMP "-x c++-header" #define REFRESH #define LDFLAGS "" #define ADD_LIBRARIES "" #define ADD_LIBRARY_PATHS "" #define PARSER_DIR "" #define PARSGEN "bisonc++" #define PARSFLAGS "-V" #define PARSSPEC "grammar" //#define PARSFILES "" #define PARSOUT "parse.cc" #define SCANNER_DIR "" #define SCANGEN "flexc++" #define SCANFLAGS "" #define SCANSPEC "lexer" //#define SCANFILES "" #define SCANOUT "lex.cc" #define DEFCOM "program" natlog-3.01.00/nic/interfaces.demo/main.cc000066400000000000000000000027711474316276200202340ustar00rootroot00000000000000#include #include #include #include #include #include #include using namespace std; int main(int argc, char **argv) { if (argc == 1) { cout << "provide name(s) of interface(s) to inspect\n"; return 0; } ifaddrs *ifaddr; if (getifaddrs(&ifaddr) == -1) { cout << "getifaddrs failed\n"; return 1; } cout << hex; size_t n = 0; for (ifaddrs *ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next, ++n) { if (ifa->ifa_addr == 0) continue; string name = ifa->ifa_name; bool requested = false; for (size_t idx = 1, end = argc; idx != end; ++idx) { if (name == argv[idx]) { requested = true; break; } } if (not requested) continue; size_t family = ifa->ifa_addr->sa_family; if (family != AF_INET) continue; auto ptr = reinterpret_cast(ifa->ifa_addr); cout << name << "\n" " address = " << ntohl(ptr->sin_addr.s_addr) << ' ' << inet_ntoa(ptr->sin_addr) << '\n'; ptr = reinterpret_cast(ifa->ifa_netmask); cout <<" mask = " << ntohl(ptr->sin_addr.s_addr) << ' ' << inet_ntoa(ptr->sin_addr) << '\n'; } freeifaddrs(ifaddr); } natlog-3.01.00/nic/mask.cc000066400000000000000000000003111474316276200151610ustar00rootroot00000000000000#include "nic.ih" bool NIC::mask(Record::Type type, size_t address) const { return (d_nic[type].address & d_nic[type].mask) == (address & d_nic[type].mask); } natlog-3.01.00/nic/nic.h000066400000000000000000000014021474316276200146430ustar00rootroot00000000000000#ifndef INCLUDED_NIC_ #define INCLUDED_NIC_ #include #include "../record/record.h" class NIC { struct Addresses { size_t address = 0; size_t mask = 0; }; Addresses d_nic[Record::nTypes]; // modify when Record::Type is // modified public: void set(Record::Type, std::string const &name); void set(Record::Type, std::string const &address, std::string const &mask); size_t address(Record::Type) const; bool mask(Record::Type, size_t address) const; private: }; inline size_t NIC::address(Record::Type type) const { return d_nic[type].address; } extern NIC g_nic; #endif natlog-3.01.00/nic/nic.ih000066400000000000000000000003151474316276200150160ustar00rootroot00000000000000#include "nic.h" #include #include #include #include #include #include using namespace std; using namespace FBB; natlog-3.01.00/nic/set1.cc000066400000000000000000000017521474316276200151140ustar00rootroot00000000000000#include "nic.ih" void NIC::set(Record::Type type, string const &name) try { ifaddrs *ifaddr; if (getifaddrs(&ifaddr) == -1) throw 1; for (ifaddrs const *ifa = ifaddr; ifa != 0; ifa = ifa->ifa_next) { // find the requested name if ( // and family ifa->ifa_addr == 0 || name != ifa->ifa_name || ifa->ifa_addr->sa_family != AF_INET ) continue; d_nic[type] = // found it. { reinterpret_cast( ifa->ifa_addr)->sin_addr.s_addr, reinterpret_cast( ifa->ifa_netmask)->sin_addr.s_addr }; freeifaddrs(ifaddr); return; } throw 1; } catch (int) { throw Exception{} << "cannot retrieve NIC info for `" << name << '\''; } natlog-3.01.00/nic/set2.cc000066400000000000000000000006501474316276200151110ustar00rootroot00000000000000#include "nic.ih" void NIC::set(Record::Type type, string const &address, string const &maskStr) { uint32_t mask = maskStr[0] == '/' ? ~((1 << stoul(maskStr.substr(1))) - 1) : inet_network(maskStr.c_str()); d_nic[type] = // found it. { ntohl(inet_network(address.c_str())), ntohl(mask) }; } natlog-3.01.00/options/000077500000000000000000000000001474316276200146465ustar00rootroot00000000000000natlog-3.01.00/options/data.cc000066400000000000000000000040521474316276200160670ustar00rootroot00000000000000#include "options.ih" char const Options::s_defaultConfigPath[] = "/etc/natlog.conf"; char const Options::s_defaultConntrackCommand[] = "/usr/sbin/conntrack"; char const Options::s_defaultConntrackDevice[] = "/proc/net/nf_conntrack"; char const Options::s_defaultConntrackArgs[] = " -E -n -o timestamp -e NEW,DESTROY"; char const Options::s_defaultSyslogIdent[] = "NATLOG"; char const Options::s_defaultSyslogFacility[] = "DAEMON"; char const Options::s_defaultSyslogPriority[] = "NOTICE"; char const Options::s_defaultPIDfile[] = "/run/natlog.pid"; unordered_map const Options::s_time = { {"raw", RAW}, {"utc", UTC}, {"local", LT}, }; unordered_map const Options::s_syslogFacilities = { {"DAEMON", Facility::DAEMON}, {"LOCAL0", Facility::LOCAL0}, {"LOCAL1", Facility::LOCAL1}, {"LOCAL2", Facility::LOCAL2}, {"LOCAL3", Facility::LOCAL3}, {"LOCAL4", Facility::LOCAL4}, {"LOCAL5", Facility::LOCAL5}, {"LOCAL6", Facility::LOCAL6}, {"LOCAL7", Facility::LOCAL7}, {"USER", Facility::USER} }; unordered_map const Options::s_syslogPriorities = { {"EMERG", Priority::EMERG}, {"ALERT", Priority::ALERT}, {"CRIT", Priority::CRIT}, {"ERR", Priority::ERR}, {"WARNING", Priority::WARNING}, {"NOTICE", Priority::NOTICE}, {"INFO", Priority::INFO}, {"DEBUG", Priority::DEBUG} }; unordered_map const Options::s_name2protocol = { { "icmp", IP_Types::ICMP }, { "tcp", IP_Types::TCP }, { "udp", IP_Types::UDP }, }; unordered_map const Options::s_protocol2name = { { IP_Types::ICMP, "icmp" }, { IP_Types::TCP, "tcp" }, { IP_Types::UDP, "udp" }, }; unique_ptr Options::s_options; ostream g_debug(0); natlog-3.01.00/options/forwardoption.cc000066400000000000000000000002631474316276200200530ustar00rootroot00000000000000#include "options.ih" bool Options::forwardOption() const { if (kill()) return true; bool rotateRequest = rotate(); return rotateData() or rotateRequest; } natlog-3.01.00/options/frame000066400000000000000000000000451474316276200156620ustar00rootroot00000000000000#include "options.ih" Options:: { } natlog-3.01.00/options/hasprotocol.cc000066400000000000000000000003651474316276200175160ustar00rootroot00000000000000#include "options.ih" bool Options::hasProtocol(std::string const &name) const { auto iter = s_name2protocol.find(name); return iter != s_name2protocol.end() and d_protocols.find(iter->second) != d_protocols.end(); } natlog-3.01.00/options/icmconf000077700000000000000000000000001474316276200205232../icmconf.libustar00rootroot00000000000000natlog-3.01.00/options/instance.cc000066400000000000000000000005341474316276200167630ustar00rootroot00000000000000#include "options.ih" Options &Options::instance() { if (not s_options) s_options.reset(new Options); // yes, it exists until the program ends // and memory is claimed back by the // operaring system return *s_options; } natlog-3.01.00/options/kill.cc000066400000000000000000000004201474316276200161040ustar00rootroot00000000000000#include "options.ih" bool Options::kill() const { if (d_terminate) { if (::kill(readPid(), SIGTERM) != 0) throw Exception{} << "Terminating " << d_arg.basename() << " failed: " << errnodescr; } return d_terminate; } natlog-3.01.00/options/openconfig.cc000066400000000000000000000006471474316276200173130ustar00rootroot00000000000000#include "options.ih" void Options::openConfig() { // the config file is: // - where specified at 'c', or: // - ~/.natlogrc if (not d_arg.option(&d_configPath, 'c')) d_configPath = s_defaultConfigPath; if (access(d_configPath.c_str(), R_OK) == 0) d_arg.open(d_configPath); if (not d_arg.option(&d_PIDfile, 'p')) d_PIDfile = s_defaultPIDfile; } natlog-3.01.00/options/options.f000066400000000000000000000103241474316276200165100ustar00rootroot00000000000000inline bool Options::byteCounts() const { return d_byteCounts; } inline Options::Mode Options::mode() const { return d_mode; } inline bool Options::realTime() const { return d_mode != TCPDUMP; } inline size_t Options::rotationInterval() const { return d_rotationInterval; } inline bool Options::stdout() const { return d_stdout; } inline bool Options::debug() const { return d_debug; } inline bool Options::showDst() const { return d_showDst; } inline bool Options::showVia() const { return d_showVia; } inline size_t Options::verbose() const { return d_verbose; } inline bool Options::daemon() const { return d_daemon; } inline void Options::foreground() { d_daemon = false; } inline std::string const &Options::log() const { return d_log; } inline size_t Options::rotateFreq() const { return d_rotateFreq; } inline size_t Options::rotateFactor() const { return d_rotateFactor; } inline std::string const &Options::rotateTimeSpec() const { return d_rotateTimeSpec; } inline size_t Options::nRotations() const { return d_nRotations; } inline time_t Options::ttl() const { return d_ttl; } inline time_t Options::ttlTCP() const { return d_ttlTCP; } inline size_t Options::IPheaderSize() const { return d_IPheaderSize; } inline Options::Time Options::time() const { return d_time->second; } inline std::string const &Options::timeTxt() const { return d_time->first; } inline std::string const &Options::configPath() const { return d_configPath; } inline std::string const &Options::syslogTag() const { return d_syslogTag; } inline std::string const &Options::logData() const { return d_logData; } //inline size_t Options::logDataFlush() const //{ // return d_logDataFlush; //} inline std::string const &Options::pidFile() const { return d_PIDfile; } inline std::string const &Options::timeSpecError() const { return d_timeSpecError; } inline FBB::Priority Options::syslogPriority() const { return d_syslogPriority->second; } inline std::string const &Options::priority() const { return d_syslogPriority->first; } inline std::string Options::syslogPriorityError() const { return d_syslogPriorityError; } inline FBB::Facility Options::syslogFacility() const { return d_syslogFacility->second; } inline std::string Options::syslogFacilityError() const { return d_syslogFacilityError; } inline char const *Options::defaultPIDfile() { return s_defaultPIDfile; } inline char const *Options::defaultConfigPath() { return s_defaultConfigPath; } inline std::string const &Options::facility() const { return d_syslogFacility->first; } inline std::string const &Options::conntrackCommand() const { return d_conntrackCommand; } inline char const *Options::conntrackDevice() const { return d_conntrackDevice.c_str(); } inline char const *Options::operator[](size_t idx) const { return d_arg[idx]; } inline size_t Options::nArgs() const { return d_arg.nArgs(); } inline std::string const &Options::basename() const { return d_arg.basename(); } inline char const *Options::defaultConntrackArgs() { return s_defaultConntrackArgs; } inline char const *Options::defaultConntrackCommand() { return s_defaultConntrackCommand; } inline char const *Options::defaultConntrackDevice() { return s_defaultConntrackDevice; } inline char const *Options::defaultSyslogIdent() { return s_defaultSyslogIdent; } inline char const *Options::defaultSyslogFacility() { return s_defaultSyslogFacility; } inline char const *Options::defaultSyslogPriority() { return s_defaultSyslogPriority; } inline size_t Options::conntrackRestart() const { return d_conntrackRestart; } inline std::unordered_set const &Options::protocolSet() const { return d_protocols; } inline std::string const &Options::protocolName(Protocol protocol) { return s_protocol2name.find(protocol)->second; } inline bool Options::hasProtocol(size_t protocol) const { return d_protocols.find(static_cast(protocol)) != d_protocols.end(); } natlog-3.01.00/options/options.h000066400000000000000000000155051474316276200165200ustar00rootroot00000000000000#ifndef INCLUDED_OPTIONS_ #define INCLUDED_OPTIONS_ #include #include #include #include #include #include #include // for the enums #include "../iptypes/iptypes.h" extern std::ostream g_debug; struct Options: public IP_Types { enum Time { RAW, UTC, LT }; enum ExitStatus { OK, FAILED, TERM_SIGNAL, }; enum Mode // working mode: conntrack, pcap, or tcpdump { CONNTRACK, // when modified: update producer/data.cc DEVICE, TCPDUMP, }; enum { TTL = 60, // default TTL in seconds TTL_TCP = 3000 // TTL for TCP }; private: FBB::ArgConfig &d_arg; bool d_byteCounts; bool d_daemon; bool d_debug; bool d_rotate; bool d_rotateData; bool d_showDst; bool d_showVia; bool d_stdout; bool d_terminate; Mode d_mode; size_t d_IPheaderSize = 0; size_t d_verbose; size_t d_conntrackRestart = 10; size_t d_rotateFreq = 0; // rotate non-syslog logs size_t d_rotateFactor = 1; // after spec * factor minutes std::string d_rotateTimeSpec; // e.g., ' minutes' size_t d_nRotations = 0; // rotate #files size_t d_rotationInterval; // minimum interval in secs. between // log-file rotations time_t d_ttl = TTL; time_t d_ttlTCP = TTL_TCP; std::unordered_map::const_iterator d_time; std::string d_conntrackCommand; std::string d_conntrackDevice; std::string d_configPath; std::string d_syslogTag; std::string d_PIDfile; std::string d_timeSpecError; std::string d_syslogPriorityError; std::string d_syslogFacilityError; std::string d_log; std::string d_logData; std::unordered_set d_protocols; std::unordered_map::const_iterator d_syslogFacility; std::unordered_map::const_iterator d_syslogPriority; // default values: static char const s_defaultConfigPath[]; static char const s_defaultConntrackCommand[]; static char const s_defaultConntrackDevice[]; static char const s_defaultConntrackArgs[]; static char const s_defaultSyslogIdent[]; static char const s_defaultSyslogFacility[]; static char const s_defaultSyslogPriority[]; static char const s_defaultPIDfile[]; static std::unordered_map const s_time; static std::unordered_map const s_syslogFacilities; static std::unordered_map const s_syslogPriorities; static std::unordered_map const s_name2protocol; static std::unordered_map const s_protocol2name; static std::unique_ptr s_options; public: static Options &instance(); Options(Options const &other) = delete; bool daemon() const; void foreground(); // undo a default daemon request bool realTime() const; // true if the packets are received // real-time; when recorded: false. bool byteCounts() const; bool debug() const; bool forwardOption() const; // requested terminate, rotate(Data) bool showDst() const; bool showVia() const; bool stdout() const; size_t IPheaderSize() const; size_t verbose() const; size_t rotateFreq() const; // 0: no log rotation requested size_t rotateFactor() const; size_t rotationInterval() const; // seconds, smallest aceptable // rotation interval size_t nRotations() const; std::string const &rotateTimeSpec() const; time_t ttl() const; time_t ttlTCP() const; Time time() const; std::string const &timeTxt() const; Mode mode() const; std::string const &configPath() const; std::string const &timeSpecError() const; std::string const &pidFile() const; std::unordered_set const &protocolSet() const; bool hasProtocol(std::string const &protoName) const; bool hasProtocol(size_t protocol) const; // arg: a protocol value: // IPTypes: ICMP, TCP, UDP std::string const &conntrackCommand() const; char const *conntrackDevice() const; std::string const &syslogTag() const; std::string const &log() const; std::string const &logData() const; FBB::Priority syslogPriority() const; FBB::Facility syslogFacility() const; std::string const &priority() const; std::string const &facility() const; std::string syslogPriorityError() const; std::string syslogFacilityError() const; char const *operator[](size_t idx) const; // forwards ArgConfig's size_t nArgs() const; // values. std::string const &basename() const; size_t conntrackRestart() const; std::string protocolNames() const; static std::string const &protocolName(Protocol protocol); static char const *defaultConfigPath(); static char const *defaultConntrackCommand(); static char const *defaultConntrackArgs(); static char const *defaultConntrackDevice(); static char const *defaultSyslogIdent(); static char const *defaultSyslogFacility(); static char const *defaultSyslogPriority(); static char const *defaultPIDfile(); private: Options(); bool kill() const; void openConfig(); size_t readPid() const; bool rotate() const; // sends SIGHUP bool rotateData() const; // sends SIGSTOP void setBoolMembers(); void setConntrack(); void setMode(); void setLogParams(); void setSyslogFacility(); void setSyslogPriority(); void setTimeType(std::string const &time); void setTimeSpec(); void setProtocol(); }; #include "options.f" #endif natlog-3.01.00/options/options.ih000066400000000000000000000003631474316276200166650ustar00rootroot00000000000000#include "options.h" #include #include #include #include #include #include #include #include using namespace std; using namespace FBB; natlog-3.01.00/options/options1.cc000066400000000000000000000020501474316276200167260ustar00rootroot00000000000000#include "options.ih" // at this time we're not running as a daemon, and all messages are sent to // cout Options::Options() : d_arg(ArgConfig::instance()), d_rotate(d_arg.option(0, "rotate")), d_rotateData(d_arg.option(0, "rotate-data")), d_terminate(d_arg.option(0, "terminate")), d_rotationInterval(30) { openConfig(); // must be after openConfig because // config params are used by terminate // and rotate(Data) if (d_terminate or d_rotate or d_rotateData) return; d_byteCounts = not d_arg.option(0, "no-bytes"); d_showDst = not d_arg.option(0, "no-dst"); d_showVia = not d_arg.option(0, "no-via"); setMode(); // conntrack, device, tcpdump setProtocol(); if (d_mode == CONNTRACK) setConntrack(); setLogParams(); d_verbose = d_arg.option('V'); // not a bool, but a size_t setBoolMembers(); setTimeSpec(); } natlog-3.01.00/options/protocolnames.cc000066400000000000000000000004031474316276200200370ustar00rootroot00000000000000#include "options.ih" string Options::protocolNames() const { string ret; for (Protocol protocol: protocolSet()) (ret += protocolName(protocol)) += " or "; ret.resize(ret.length() - 4); // remove final ' or ' return ret; } natlog-3.01.00/options/readpid.cc000066400000000000000000000004751474316276200165730ustar00rootroot00000000000000#include "options.ih" size_t Options::readPid() const { if (d_PIDfile.empty()) throw Exception{} << "No PID file available: no daemon?"; ifstream in{ d_PIDfile }; size_t pid; if (not (in >> pid)) throw Exception{} << "No valid PID file " << d_PIDfile << " found"; return pid; } natlog-3.01.00/options/rotate.cc000066400000000000000000000002031474316276200164460ustar00rootroot00000000000000#include "options.ih" bool Options::rotate() const { if (d_rotate) ::kill(readPid(), SIGHUP); return d_rotate; } natlog-3.01.00/options/rotatedata.cc000066400000000000000000000002201474316276200172770ustar00rootroot00000000000000#include "options.ih" bool Options::rotateData() const { if (d_rotateData) ::kill(readPid(), SIGALRM); return d_rotateData; } natlog-3.01.00/options/setboolmembers.cc000066400000000000000000000003451474316276200202010ustar00rootroot00000000000000#include "options.ih" void Options::setBoolMembers() { // d_useSyslog is set in `setSyslogParams' d_daemon = not d_arg.option(0, "no-daemon"); d_stdout = d_arg.option('s'); d_debug = d_arg.option(0, "debug"); } natlog-3.01.00/options/setconntrack.cc000066400000000000000000000021461474316276200176560ustar00rootroot00000000000000#include "options.ih" void Options::setConntrack() { if (not d_arg.option(&d_conntrackDevice, "conntrack-device")) d_conntrackDevice = s_defaultConntrackDevice; if (not d_arg.option(&d_conntrackCommand, "conntrack-command")) (d_conntrackCommand = s_defaultConntrackCommand) += s_defaultConntrackArgs; // when multiple protocols are specified, conntrack's command does // not receive a -p setting, but the conntrack records only handle // the specified protocols. d_conntrackCommand += // by default: all protocols, otherwise ( // use the specified protocol d_protocols.size() == 1 ? " -p " + s_protocol2name.find(*d_protocols.begin())->second : ""s ); string value; if (d_arg.option(&value, "conntrack-restart")) d_conntrackRestart = stoul(value); if (d_arg.option(&value, "conntrack-ip-header-size")) d_IPheaderSize = stoul(value); } natlog-3.01.00/options/setlogparams.cc000066400000000000000000000036221474316276200176610ustar00rootroot00000000000000#include "options.ih" void Options::setLogParams() { // at construction time: d_rotateFreq = 0; d_arg.option(&d_logData, "log-data"); // maybe log // table data if (not d_arg.option(&d_log, "log")) // no log spec: use syslog { d_log = "syslog"; if (not d_arg.option(&d_syslogTag, "syslog-tag")) // specific or d_syslogTag = s_defaultSyslogIdent; // default log-tag setSyslogFacility(); setSyslogPriority(); return; } // log specification indicates if (d_log == "off") // no logging { d_log.clear(); return; } // path to the log-file was specified string value; if (d_arg.option(&value, "log-rotate")) // log file rotation in days { istringstream in{ value }; in >> d_rotateFreq; switch (in.get()) { case 'd': d_rotateFactor = 24 * 60; d_rotateTimeSpec = " days"; break; case 'h': d_rotateFactor = 60; d_rotateTimeSpec = " hours"; break; case 'm': d_rotateTimeSpec = " minutes"; break; default: throw Exception{} << "`log-rotate " << value << "' not supported"; } if (d_rotateFreq == 1) d_rotateTimeSpec.pop_back(); if (isdigit(in.peek())) { in >> d_nRotations; if (d_nRotations == 0) d_nRotations = 1; } else if (in.peek() == EOF) d_nRotations = 1; else throw Exception{} << "`--log-rotate " << value << "' not supported"; } } natlog-3.01.00/options/setmode.cc000066400000000000000000000004501474316276200166140ustar00rootroot00000000000000#include "options.ih" void Options::setMode() { if (d_arg[0] == "conntrack"s) d_mode = CONNTRACK; else if (d_arg.nArgs() == 2) d_mode = DEVICE; else if (d_arg.nArgs() == 6) d_mode = TCPDUMP; else throw Exception{} << "Mode specification error"; } natlog-3.01.00/options/setprotocol.cc000066400000000000000000000025141474316276200175340ustar00rootroot00000000000000#include "options.ih" void Options::setProtocol() { string spec; if (not d_arg.option(&spec, 'P')) // by default: use d_protocols.insert(TCP); // protocol TCP else if (spec == "all") // for 'all': use TCP, UDP d_protocols = { TCP, UDP, ICMP }; // and ICMP else // otherwise use the specified { // protocol(s) size_t pos = 0; size_t colon; while (true) { colon = spec.find(':', pos); string protocol = spec.substr(pos, colon - pos); // only accept known protocols auto iter = s_name2protocol.find(protocol); if (iter == s_name2protocol.end()) fmsg << "protocol `" << protocol << "' currently not supported" << noid; d_protocols.insert(iter->second); if (colon == string::npos) break; pos = colon + 1; } //FBB: NEW: multiple protocols with conntrack now OK // if (d_mode == CONNTRACK and pos != 0) // fmsg << // "multiple protocols not supported with 'conntrack'" << // noid; } } natlog-3.01.00/options/setsyslogfacility.cc000066400000000000000000000006621474316276200207420ustar00rootroot00000000000000#include "options.ih" void Options::setSyslogFacility() { d_syslogFacility = s_syslogFacilities.find(s_defaultSyslogFacility); string option; if (d_arg.option(&option, "syslog-facility")) { auto facility = s_syslogFacilities.find(option); if (facility != s_syslogFacilities.end()) d_syslogFacility = facility; else d_syslogFacilityError = option; } } natlog-3.01.00/options/setsyslogpriority.cc000066400000000000000000000006661474316276200210230ustar00rootroot00000000000000#include "options.ih" void Options::setSyslogPriority() { d_syslogPriority = s_syslogPriorities.find(s_defaultSyslogPriority); string option; if (not d_arg.option(&option, "syslog-priority")) { auto priority = s_syslogPriorities.find(option); if (priority != s_syslogPriorities.end()) d_syslogPriority = priority; else d_syslogPriorityError = option; } } natlog-3.01.00/options/settimespec.cc000066400000000000000000000015711474316276200175060ustar00rootroot00000000000000#include "options.ih" void Options::setTimeSpec() { string value; if (not d_arg.option(&value, 't')) d_time = s_time.find("raw"); else setTimeType(value); if (d_mode == CONNTRACK) // no TTL for conntrack d_ttl = ::time(0); else if (d_arg.option(&value, 'T')) { istringstream in{ value }; for (size_t count = 0; count != 2; ++count) { size_t seconds; in >> seconds; switch (in.get()) { case 'u': d_ttl = seconds; break; case 't': d_ttlTCP = seconds; break; case EOF: return; default: throw Exception{} << "`--ttl " << value << "' not supported"; } } } } natlog-3.01.00/options/settimetype.cc000066400000000000000000000003321474316276200175270ustar00rootroot00000000000000#include "options.ih" void Options::setTimeType(string const &spec) { d_time = s_time.find(spec); if (d_time == s_time.end()) { d_time = s_time.find("raw"); d_timeSpecError = spec; } } natlog-3.01.00/pcap/000077500000000000000000000000001474316276200140765ustar00rootroot00000000000000natlog-3.01.00/pcap/callback.demo000066400000000000000000000001161474316276200164760ustar00rootroot00000000000000See pcapfilter/driver/main.cc for a program reading ICMP, UDP or TCP packets. natlog-3.01.00/pcap/computeshift.cc000066400000000000000000000012061474316276200171160ustar00rootroot00000000000000#include "pcap.ih" void Pcap::computeShift(char const *device) { // see the posting by user175104 on // http://stackoverflow.com/questions/1779715/ // how-to-get-mac-address-of-your-machine-using-a-c-program ifstream mac(("/sys/class/net/"s + device) + "/address"); string address; d_shift = (mac >> address) ? 0 : PcapRecord::SIZEOF_ETHERNET_HEADER; if (d_shift == 0) imsg << "Device " << device << " has MAC address " << address << endl; else imsg << "Device " << device << " has no MAC address: packets lack " "Ethernet headers" << endl; } natlog-3.01.00/pcap/filterprotocols.cc000066400000000000000000000011041474316276200176330ustar00rootroot00000000000000#include "pcap.ih" void Pcap::filterProtocols() { enum { OPTIMIZE = true }; string filterExpr = Options::instance().protocolNames(); if (pcap_compile(d_pcap, &d_pcapFilter, filterExpr.c_str(), OPTIMIZE, d_net) == -1) fmsg << "Pcap compilation of `" << filterExpr << "' failed: " << pcap_geterr(d_pcap) << endl; if (pcap_setfilter(d_pcap, &d_pcapFilter) == -1) fmsg << "Couldn't install filter `" << filterExpr << ": " << pcap_geterr(d_pcap) << endl; } natlog-3.01.00/pcap/frame000066400000000000000000000000371474316276200151130ustar00rootroot00000000000000#include "pcap.ih" Pcap:: { } natlog-3.01.00/pcap/icmconf000077700000000000000000000000001474316276200177532../icmconf.libustar00rootroot00000000000000natlog-3.01.00/pcap/loop.cc000066400000000000000000000007711474316276200153630ustar00rootroot00000000000000#include "pcap.ih" void Pcap::loop(void *pcapFilterPtr, pcap_handler callback) { pcap_loop(d_pcap, -1, callback, reinterpret_cast(pcapFilterPtr)); } // Pcap::loop: merely calls pcap_loop: // * 1st argument pointer to the PcapFilter object defining the current // Pcap object as data member // * 2nd arg: continue until the program ends // * 3rd arg: PcapFilter::callback // * 4th arg. the address of the PcapFilter object is passed to callback natlog-3.01.00/pcap/pcap.h000066400000000000000000000012561474316276200151760ustar00rootroot00000000000000#ifndef INCLUDED_PCAP_ #define INCLUDED_PCAP_ #include class Pcap { pcap_t *d_pcap; struct bpf_program d_pcapFilter; bpf_u_int32 d_net; int d_shift; public: Pcap(char const *device, bool promisc = false, size_t snapLen = 1500, size_t timeOutMs = 1000); void loop(void *pcapFilterPtr, pcap_handler callback); void stop(); int shiftPacketBegin() const; private: void filterProtocols(); // filter interesting prot's. void computeShift(char const *device); // from Pcap(): sets d_shift }; inline int Pcap::shiftPacketBegin() const { return d_shift; } #endif natlog-3.01.00/pcap/pcap.ih000066400000000000000000000003441474316276200153440ustar00rootroot00000000000000#include "pcap.h" #include #include #include #include #include "../options/options.h" #include "../pcaprecord/pcaprecord.h" using namespace std; using namespace FBB; natlog-3.01.00/pcap/pcap1.cc000066400000000000000000000012521474316276200154110ustar00rootroot00000000000000#include "pcap.ih" Pcap::Pcap(char const *device, bool promisc, size_t snapLen, size_t timeOutMs) { computeShift(device); // determine device's MAC address char errBuf[PCAP_ERRBUF_SIZE]; // pcap-predefined constant d_pcap = pcap_open_live(device, snapLen, promisc, timeOutMs, errBuf); if (d_pcap == 0) throw Exception{} << errBuf; bpf_u_int32 netMask; // The netmask of our sniffing device if (pcap_lookupnet(device, &d_net, &netMask, errBuf) == -1) throw Exception{} << "Can't get network address of device " << device; filterProtocols(); // filter interesting protocols } natlog-3.01.00/pcap/stop.cc000066400000000000000000000001671474316276200153760ustar00rootroot00000000000000#include "pcap.ih" void Pcap::stop() { pcap_breakloop(d_pcap); // ends pcap_loop, pcap_close(d_pcap); } natlog-3.01.00/pcapfilter/000077500000000000000000000000001474316276200153045ustar00rootroot00000000000000natlog-3.01.00/pcapfilter/callback.cc000066400000000000000000000011711474316276200173470ustar00rootroot00000000000000#include "pcapfilter.ih" // static void PcapFilter::callback(PcapFilter *pf, struct pcap_pkthdr const *hdr, u_char const *packet) { if (pf->d_stop) return; // packet begin is subtracted because the ethernet header is assumed // present. If it's not then a correction the size of the ethernet // header is required when using the offsets below packet -= pf->shiftPacketBegin(); if (pf->d_options.hasProtocol( IP_Types::get(packet).protocol) ) pf->d_storage.push( new PcapRecord{ pf->d_type, *hdr, packet } ); } natlog-3.01.00/pcapfilter/frame000066400000000000000000000000531474316276200163170ustar00rootroot00000000000000#include "pcapfilter.ih" PcapFilter:: { } natlog-3.01.00/pcapfilter/icmconf000077700000000000000000000000001474316276200211612../icmconf.libustar00rootroot00000000000000natlog-3.01.00/pcapfilter/operatorfun.cc000066400000000000000000000007001474316276200201540ustar00rootroot00000000000000#include "pcapfilter.ih" void PcapFilter::operator()() { // The current PcapFilter object is passed as 1st argument to the // callback function, so that PcapFilter::callback can access its // object's data. the 'callback' cast is used because Pcap has no // knowledge about PcapFilter, and only needs to call the C function // pcap_loop. d_pcap.loop(this, reinterpret_cast(callback)); } natlog-3.01.00/pcapfilter/pcapfilter.h000066400000000000000000000014341474316276200176100ustar00rootroot00000000000000#ifndef INCLUDED_PCAPFILTER_ #define INCLUDED_PCAPFILTER_ #include #include #include #include "../pcap/pcap.h" #include "../pcaprecord/pcaprecord.h" class Storage; class Options; class PcapFilter { Options const &d_options; std::ostream &d_stdMsg; Storage &d_storage; Record::Type d_type; Pcap d_pcap; bool d_stop = false; bool d_msg; public: PcapFilter(char const *device, Record::Type, std::ostream &stdMsg, Storage &storage, bool msg = false); void operator()(); void stop(); private: static void callback(PcapFilter *pf, struct pcap_pkthdr const *hdr, u_char const *bytes); int shiftPacketBegin() const; }; #endif natlog-3.01.00/pcapfilter/pcapfilter.ih000066400000000000000000000003641474316276200177620ustar00rootroot00000000000000#include "pcapfilter.h" #include #include "../storage/storage.h" #include "../options/options.h" using namespace std; using namespace FBB; inline int PcapFilter::shiftPacketBegin() const { return d_pcap.shiftPacketBegin(); } natlog-3.01.00/pcapfilter/pcapfilter1.cc000066400000000000000000000005231474316276200200250ustar00rootroot00000000000000#include "pcapfilter.ih" PcapFilter::PcapFilter(char const *device, Record::Type type, std::ostream &stdMsg, Storage &storage ,bool msg) : d_options(Options::instance()), d_stdMsg(stdMsg), d_storage(storage), d_type(type), d_pcap(device) // see pcap.h for default arg. specs. ,d_msg(msg) {} natlog-3.01.00/pcapfilter/stop.cc000066400000000000000000000001351474316276200165770ustar00rootroot00000000000000#include "pcapfilter.ih" void PcapFilter::stop() { d_stop = true; d_pcap.stop(); } natlog-3.01.00/pcaprecord/000077500000000000000000000000001474316276200152755ustar00rootroot00000000000000natlog-3.01.00/pcaprecord/frame000066400000000000000000000000531474316276200163100ustar00rootroot00000000000000#include "pcaprecord.ih" PcapRecord:: { } natlog-3.01.00/pcaprecord/icmconf000077700000000000000000000000001474316276200211522../icmconf.libustar00rootroot00000000000000natlog-3.01.00/pcaprecord/pcaprecord.h000066400000000000000000000005141474316276200175700ustar00rootroot00000000000000#ifndef INCLUDED_PCAPRECORD_ #define INCLUDED_PCAPRECORD_ #include #include #include "../record/record.h" class PcapRecord: public Record { public: PcapRecord(Type inOut, struct pcap_pkthdr const &hdr, u_char const *packet); // ~PcapRecord() override; }; #endif natlog-3.01.00/pcaprecord/pcaprecord.ih000066400000000000000000000001371474316276200177420ustar00rootroot00000000000000#include "pcaprecord.h" #include using namespace std; using namespace FBB; natlog-3.01.00/pcaprecord/pcaprecord1.cc000066400000000000000000000003211474316276200200030ustar00rootroot00000000000000#include "pcaprecord.ih" PcapRecord::PcapRecord(Type inOut, struct pcap_pkthdr const &hdr, u_char const *packet) : Record(inOut, hdr.ts.tv_sec, hdr.ts.tv_usec, packet) {} natlog-3.01.00/producer/000077500000000000000000000000001474316276200147765ustar00rootroot00000000000000natlog-3.01.00/producer/destructor.cc000066400000000000000000000000611474316276200175000ustar00rootroot00000000000000#include "producer.ih" Producer::~Producer() {} natlog-3.01.00/producer/frame000066400000000000000000000000471474316276200160140ustar00rootroot00000000000000#include "producer.ih" Producer:: { } natlog-3.01.00/producer/icmconf000077700000000000000000000000001474316276200206532../icmconf.libustar00rootroot00000000000000natlog-3.01.00/producer/process.cc000066400000000000000000000004401474316276200167610ustar00rootroot00000000000000#include "producer.ih" //f: Producer::process(Producer*, Storage&) //c: DevicesProducer::run() //c: ConntrackProducer::run() //c: TcpdumpProducer::run() // static void Producer::process(Producer *producer, Storage &storage) { producer->run(); storage.setEmpty(); } natlog-3.01.00/producer/producer.h000066400000000000000000000010771474316276200167770ustar00rootroot00000000000000#ifndef INCLUDED_PRODUCER_ #define INCLUDED_PRODUCER_ #include class Storage; class Producer { public: virtual ~Producer(); static void process(Producer *producer, Storage &storage); template static Producer *alloc(Params &&...params); private: virtual void run() = 0; }; // static template inline Producer *Producer::alloc(Params &&...params) { return new Derived{ std::forward(params)... }; } #endif natlog-3.01.00/producer/producer.ih000066400000000000000000000001151474316276200171400ustar00rootroot00000000000000#include "producer.h" #include "../storage/storage.h" using namespace std; natlog-3.01.00/producersignals/000077500000000000000000000000001474316276200163575ustar00rootroot00000000000000natlog-3.01.00/producersignals/frame000066400000000000000000000001041474316276200173670ustar00rootroot00000000000000//#define XERR #include "producersignals.ih" ProducerSignals:: { } natlog-3.01.00/producersignals/icmconf000077700000000000000000000000001474316276200222342../icmconf.libustar00rootroot00000000000000natlog-3.01.00/producersignals/producersignals.h000066400000000000000000000004001474316276200217260ustar00rootroot00000000000000#ifndef INCLUDED_PRODUCERSIGNALS_ #define INCLUDED_PRODUCERSIGNALS_ #include #include "../producer/producer.h" class ProducerSignals: public Producer, public FBB::SignalHandler { public: ProducerSignals(); }; #endif natlog-3.01.00/producersignals/producersignals.ih000066400000000000000000000001101474316276200220750ustar00rootroot00000000000000#include "producersignals.h" using namespace std; using namespace FBB; natlog-3.01.00/producersignals/producersignals1.cc000066400000000000000000000002601474316276200221510ustar00rootroot00000000000000//#define XERR #include "producersignals.ih" ProducerSignals::ProducerSignals() //: { Signal::instance().add(SIGINT, *this); Signal::instance().add(SIGTERM, *this); } natlog-3.01.00/record/000077500000000000000000000000001474316276200144315ustar00rootroot00000000000000natlog-3.01.00/record/addreceivedbytes.cc000066400000000000000000000002771474316276200202540ustar00rootroot00000000000000#include "record.ih" void Record::addReceivedBytes(Record const &next) { // d_receivedBytes += next.payload(); d_receivedBytes += next.d_receivedBytes; setEndTime(next); } natlog-3.01.00/record/addsentbytes.cc000066400000000000000000000002531474316276200174310ustar00rootroot00000000000000#include "record.ih" void Record::addSentBytes(Record const &next) { // d_sentBytes += next.payload(); d_sentBytes += next.d_sentBytes; setEndTime(next); } natlog-3.01.00/record/aton.cc000066400000000000000000000001601474316276200156760ustar00rootroot00000000000000#include "record.ih" // static size_t Record::aton(string const &addr) { return inet_addr(addr.c_str()); } natlog-3.01.00/record/data.cc000066400000000000000000000000621474316276200156470ustar00rootroot00000000000000#include "record.ih" size_t Record::s_count = 0; natlog-3.01.00/record/destructor.cc000066400000000000000000000000731474316276200171360ustar00rootroot00000000000000#include "record.ih" Record::~Record() { --s_count; } natlog-3.01.00/record/frame000066400000000000000000000000431474316276200154430ustar00rootroot00000000000000#include "record.ih" Record:: { } natlog-3.01.00/record/icmconf000077700000000000000000000000001474316276200203062../icmconf.libustar00rootroot00000000000000natlog-3.01.00/record/insertinto.cc000066400000000000000000000012361474316276200171400ustar00rootroot00000000000000#include "record.ih" ostream &Record::insertInto(std::ostream &out) const { out << d_type << ":\n" " " << sourceIPstr() << ':' << d_sourcePort << " (via: " << viaIPstr() << ':' << d_viaPort << ") " "to " << destIPstr() << ':' << d_destPort << ";\n" " key: " << d_key.key << "; srcKey: " << srcKey() << "; dstKey " << dstKey() << ";\n" " payload: " << d_payload << ", sent: " << d_sentBytes << ", received: " << d_receivedBytes << "\n" " from " << beginTime() << " thru " << endTime() << endl; return out; } natlog-3.01.00/record/ntoa.cc000066400000000000000000000005611474316276200157030ustar00rootroot00000000000000#include "record.ih" // static string Record::ntoa(uint32_t ipAddr) { String::Type type; auto vec{ String::split(&type, inet_ntoa({ ipAddr }), String::TOK, ".") }; ostringstream os; os << setfill('0'); for (auto const &el: vec) os << setw(3) << el << '.'; string ret{ os.str() }; ret.resize(ret.length() - 1); return ret; } natlog-3.01.00/record/protocolstr.cc000066400000000000000000000005241474316276200173330ustar00rootroot00000000000000#include "record.ih" char const *Record::protocolStr() const { switch (d_protocol) { case ICMP: return "icmp"; case UDP: return " udp"; case TCP: return " tcp"; } throw Exception{} << "Internal error: unexpected protocol value " << d_protocol; } natlog-3.01.00/record/record.h000066400000000000000000000167121474316276200160670ustar00rootroot00000000000000#ifndef INCLUDED_RECORD_ #define INCLUDED_RECORD_ #include #include #include #include #include "../iptypes/iptypes.h" // all connection data are available in Record. Derived classes // themselves have no relevant data. struct Record: public IP_Types { // == and != are implemented for use by unordered_maps. They only // compare source and destination ports. friend std::ostream &operator<<(std::ostream &out, Record const &record); enum Type // update ../nic/ when altered. { IN, OUT, NEW, // Conntrack types DESTROY }; enum { nTypes = DESTROY + 1 }; private: union Key { struct { uint32_t v32; uint16_t v16; }; uint64_t key; }; Protocol d_protocol; Type d_type; Key d_key = {0}; size_t d_id = 0; // ID with UDP, sequence with TCP size_t d_seconds = 0; size_t d_microSeconds = 0; size_t d_inSeconds; size_t d_inMicroSeconds; uint32_t d_sourceIP = 0; uint32_t d_viaIP = 0; uint32_t d_destIP = 0; uint16_t d_sourcePort = 0; uint16_t d_viaPort = 0; uint16_t d_destPort = 0; size_t d_receivedBytes = 0; size_t d_sentBytes = 0; size_t d_payload = 0; size_t d_flags = 0; time_t d_lastUsed; static size_t s_count; public: virtual ~Record(); Record(Record const &other) = delete; Protocol protocol() const; // i char const *protocolStr() const; Type type() const; // i uint64_t key() const; // i - actual key uint64_t srcKey() const; // i - from src uint64_t dstKey() const; // i - from dst size_t inSeconds() const; // i size_t seconds() const; // i size_t muSeconds() const; // i std::string beginTime() const; std::string endTime() const; bool hasEndTime() const; std::string sourceIPstr() const; // i std::string viaIPstr() const; // i std::string destIPstr() const; // i size_t sourceIP() const; // i size_t viaIP() const; // i size_t destIP() const; // i size_t sourcePort() const; // i size_t viaPort() const; // i size_t destPort() const; // i size_t receivedBytes() const; // i size_t sentBytes() const; // i size_t payload() const; // i size_t id() const; // i used by UDP/TCP size_t flags() const; // i - only with TCP std::string showFlags() const; time_t lastUsed() const; // public modifiers: void addReceivedBytes(Record const &next); void addSentBytes(Record const &next); void setVia(uint64_t key); void setViaIP(size_t viaIP); // used in connections/udp.cc void setViaPort(size_t viaPort); void setSrcKey(); // i - from src static size_t count(); protected: // used for pcap and tcpdump records Record(Type type, size_t seconds, size_t muSeconds, u_char const *packet); Record(); // 2.cc - used by ConntrackRecord void setReceivedBytes(size_t nBytes); // i void setSentBytes(size_t nBytes); // i void setProtocol(Protocol protocol); // i void setType(Type type); // i void setLastUsed(time_t time); void setTime(size_t seconds, size_t microSeconds); void setAllTimes(size_t seconds, size_t microSeconds); void setSourceIP(size_t sourceIP); // i void setDestIP(size_t destIP); // i void setPorts(size_t sourcePort, size_t destPort); static size_t aton(std::string const &addr); static std::string time(size_t seconds, size_t microSeconds); void setIDKey(uint32_t id, uint16_t seq); // i - set d_id and key private: void setEndTime(Record const &record); // also updates d_lastUsed std::ostream &insertInto(std::ostream &out) const; static std::string ntoa(uint32_t ipAddr); }; typedef std::unique_ptr RecordPtr; // static inline size_t Record::count() { return s_count; } inline uint64_t Record::key() const { return d_key.key; } inline uint64_t Record::srcKey() const { return Key{ { d_sourceIP, d_sourcePort } }.key; } inline uint64_t Record::dstKey() const { return Key{ { d_destIP, d_destPort } }.key; } inline Record::Protocol Record::protocol() const { return d_protocol; } inline Record::Type Record::type() const { return d_type; } inline size_t Record::seconds() const { return d_seconds; } inline size_t Record::inSeconds() const { return d_inSeconds; } inline size_t Record::muSeconds() const { return d_microSeconds; } inline std::string Record::sourceIPstr() const { return ntoa(d_sourceIP); } inline size_t Record::sourceIP() const { return d_sourceIP; } inline size_t Record::destIP() const { return d_destIP; } inline size_t Record::viaIP() const { return d_viaIP; } inline std::string Record::viaIPstr() const { return ntoa(d_viaIP); } inline std::string Record::destIPstr() const { return ntoa(d_destIP); } inline size_t Record::sourcePort() const { return d_sourcePort; } inline size_t Record::viaPort() const { return d_viaPort; } inline size_t Record::destPort() const { return d_destPort; } inline size_t Record::receivedBytes() const { return d_receivedBytes; } inline size_t Record::sentBytes() const { return d_sentBytes; } inline size_t Record::payload() const { return d_payload; } inline size_t Record::id() const // TCP / UDP { return d_id; } inline size_t Record::flags() const // only with TCP { return d_flags; } inline void Record::setProtocol(Protocol protocol) { d_protocol = protocol; } inline void Record::setType(Type type) { d_type = type; } inline void Record::setSourceIP(size_t sourceIP) { d_sourceIP = sourceIP; } inline void Record::setViaIP(size_t viaIP) { d_viaIP = viaIP; } inline void Record::setDestIP(size_t destIP) { d_destIP = destIP; } inline void Record::setViaPort(size_t viaPort) { d_viaPort = viaPort; } inline time_t Record::lastUsed() const { return d_lastUsed; } inline std::string Record::beginTime() const { return time(d_inSeconds, d_inMicroSeconds); } inline std::string Record::endTime() const { return time(d_seconds, d_microSeconds); } inline bool Record::hasEndTime() const { return d_seconds != 0; } inline void Record::setLastUsed(time_t time) { d_lastUsed = time; } inline void Record::setSentBytes(size_t size) { d_sentBytes = size; } inline void Record::setReceivedBytes(size_t size) { d_receivedBytes = size; } inline void Record::setIDKey(uint32_t id, uint16_t seq) { d_key = Key{id, seq}; } inline void Record::setSrcKey() { d_key = Key{ { d_sourceIP, d_sourcePort } }; } inline std::ostream &operator<<(std::ostream &out, Record const &record) { return record.insertInto(out); } #endif natlog-3.01.00/record/record.ih000066400000000000000000000004421474316276200162310ustar00rootroot00000000000000#include "record.h" #include #include #include #include #include #include #include #include #include "../showseconds/showseconds.h" using namespace std; using namespace FBB; natlog-3.01.00/record/record1.cc000066400000000000000000000035511474316276200163030ustar00rootroot00000000000000#include "record.ih" Record::Record(Type type, size_t seconds, size_t muSeconds, u_char const *packet) : d_protocol(static_cast(get(packet).protocol)), d_type(type), d_seconds(seconds), d_microSeconds(muSeconds), d_inSeconds(seconds), d_inMicroSeconds(muSeconds), d_sourceIP(get(packet).sourceAddr.s_addr), d_destIP(get(packet).destAddr.s_addr), d_lastUsed(::time(0)) { ++s_count; size_t headerLength = size_t(get(packet).hdrLength << 2); size_t ipLength = ntohs(get(packet).length); // 4 most significant bits: # 32 bit words // so: shr 4 to het the # 32 bit words, and // << 2 to multiply by 4 to get the #bytes before the data size_t dataOffset = size_t(get(packet).dataOffset >> 4 << 2); switch (protocol()) { case ICMP: setIDKey(ntohs(get(packet).ident), ntohs(get(packet).seqnum)); d_payload = ipLength - headerLength; break; case UDP: { setPorts( ntohs(get(packet).sourcePort), ntohs(get(packet).destPort) ); d_id = ntohs(get(packet).identification); d_payload = ntohs(get(packet).length) - sizeof(UDP_Header); } break; case TCP: setPorts( ntohs(get(packet).sourcePort), ntohs(get(packet).destPort) ); d_id = get(packet).sequenceNr; d_flags = get(packet).flags; d_payload = ipLength - headerLength - dataOffset; break; } } natlog-3.01.00/record/record2.cc000066400000000000000000000000721474316276200162770ustar00rootroot00000000000000#include "record.ih" Record::Record() { ++s_count; } natlog-3.01.00/record/setalltimes.cc000066400000000000000000000003221474316276200172630ustar00rootroot00000000000000#include "record.ih" void Record::setAllTimes(size_t seconds, size_t microSeconds) { d_seconds = d_inSeconds = seconds; d_microSeconds = d_inMicroSeconds = microSeconds; d_lastUsed = ::time(0); } natlog-3.01.00/record/setendtime.cc000066400000000000000000000002641474316276200171030ustar00rootroot00000000000000#include "record.ih" void Record::setEndTime(Record const &other) { d_seconds = other.d_inSeconds; d_microSeconds = other.d_inMicroSeconds; d_lastUsed = ::time(0); } natlog-3.01.00/record/setports.cc000066400000000000000000000002161474316276200166220ustar00rootroot00000000000000#include "record.ih" void Record::setPorts(size_t sourcePort, size_t destPort) { d_sourcePort = sourcePort; d_destPort = destPort; } natlog-3.01.00/record/settime.cc000066400000000000000000000002251474316276200164110ustar00rootroot00000000000000#include "record.ih" void Record::setTime(size_t seconds, size_t microSeconds) { d_inSeconds = seconds; d_inMicroSeconds = microSeconds; } natlog-3.01.00/record/setvia.cc000066400000000000000000000002251474316276200162320ustar00rootroot00000000000000#include "record.ih" void Record::setVia(uint64_t key) { Key split; split.key = key; d_viaIP = split.v32; d_viaPort = split.v16; } natlog-3.01.00/record/showflags.cc000066400000000000000000000012541474316276200167370ustar00rootroot00000000000000#include "record.ih" namespace { unordered_map flagName = { { Record::FIN, "FIN " }, { Record::SYN, "SYN " }, { Record::RST, "RST " }, { Record::PUSH, "PUSH " }, { Record::ACK, "ACK " }, { Record::URG, "URG " }, { Record::ECE, "ECE " }, { Record::CWR, "CWR " }, }; } #include string Record::showFlags() const { string ret; for (size_t flag = 1; flag & Record::TCP_Flags_MASK; flag <<= 1) { if (size_t key = flag & d_flags) ret += flagName[key]; } if (ret.length()) ret.pop_back(); return ret; } natlog-3.01.00/record/time.cc000066400000000000000000000003651474316276200157020ustar00rootroot00000000000000#include "record.ih" // static string Record::time(size_t seconds, size_t microSeconds) { ostringstream out; out << ShowSeconds{ seconds } << ':' << setfill('0') << setw(6) << microSeconds; return out.str(); } natlog-3.01.00/replacements000066400000000000000000000006171474316276200155640ustar00rootroot00000000000000 #std::__cxx11::basic_string, std::allocator >#std::string# #, std::default_delete## #std::__detail::_Node_iterator >, false, false>#RecordMap::iterator# #, std::hash, std::equal_to, std::allocator >## #[abi:cxx11]## natlog-3.01.00/required000066400000000000000000000007201474316276200147150ustar00rootroot00000000000000This file lists non-standard software only. Thus, standard utilities like cp, mv, sed, etc, etc, are not explicitly mentioned. Neither is the g++ compiler explicitly mentioned, but a fairly recent one is assumed. Required software for building the natlog 1.02.00 ------------------------------------------------- libbobcat-dev (>= 4.01.03), To use the provided build-script: icmake (>= 8.00.03) To construct the man-page: yodl (>= 3.06.0) natlog-3.01.00/rotatingstream/000077500000000000000000000000001474316276200162165ustar00rootroot00000000000000natlog-3.01.00/rotatingstream/frame000066400000000000000000000000631474316276200172320ustar00rootroot00000000000000#include "rotatingstream.ih" RotatingStream:: { } natlog-3.01.00/rotatingstream/rotatingstream.h000066400000000000000000000012431474316276200214320ustar00rootroot00000000000000#ifndef INCLUDED_ROTATINGSTREAM_ #define INCLUDED_ROTATINGSTREAM_ #include #include "../rotatingstreambuf/rotatingstreambuf.h" class RotatingStream: private RotatingStreambuf, public std::ostream { public: RotatingStream(void (*header)(std::ostream &) = 0); void open(std::string const &name, // forwards to RotatingStreambuf bool stdLog); // true: std logs, false: data log static void notify(); }; inline void RotatingStream::open(std::string const &name, bool stdLog) { RotatingStreambuf::open(name, stdLog); } inline void RotatingStream::notify() { RotatingStreambuf::notify(); } #endif natlog-3.01.00/rotatingstream/rotatingstream.ih000066400000000000000000000000631474316276200216020ustar00rootroot00000000000000#include "rotatingstream.h" using namespace std; natlog-3.01.00/rotatingstream/rotatingstream1.cc000066400000000000000000000002411474316276200216460ustar00rootroot00000000000000#include "rotatingstream.ih" RotatingStream::RotatingStream(void (*header)(std::ostream &)) : RotatingStreambuf(header), std::ostream(this) {} natlog-3.01.00/rotatingstreambuf/000077500000000000000000000000001474316276200167135ustar00rootroot00000000000000natlog-3.01.00/rotatingstreambuf/data.cc000066400000000000000000000003741474316276200201370ustar00rootroot00000000000000#include "rotatingstreambuf.ih" RotatingStreambuf::RotationInfo RotatingStreambuf::s_stdRotate; RotatingStreambuf::RotationInfo RotatingStreambuf::s_dataRotate; Semaphore RotatingStreambuf::s_semaphore{ 0 }; thread RotatingStreambuf::s_rotateThread; natlog-3.01.00/rotatingstreambuf/destructor.cc000066400000000000000000000003061474316276200214170ustar00rootroot00000000000000#include "rotatingstreambuf.ih" //f: RotatingStreambuf::~RotatingStreambuf() //c: RotatingStreambuf::overflow(int) //c: RotatingStreambuf::sync() RotatingStreambuf::~RotatingStreambuf() {} natlog-3.01.00/rotatingstreambuf/frame000066400000000000000000000000711474316276200177260ustar00rootroot00000000000000#include "rotatingstreambuf.ih" RotatingStreambuf:: { } natlog-3.01.00/rotatingstreambuf/icmconf000077700000000000000000000000001474316276200225702../icmconf.libustar00rootroot00000000000000natlog-3.01.00/rotatingstreambuf/lockedoverflow.cc000066400000000000000000000001701474316276200222450ustar00rootroot00000000000000#include "rotatingstreambuf.ih" int RotatingStreambuf::lockedOverflow(int ch) { return d_out.rdbuf()->sputc(ch); } natlog-3.01.00/rotatingstreambuf/notify.cc000066400000000000000000000002651474316276200205350ustar00rootroot00000000000000#include "rotatingstreambuf.ih" void RotatingStreambuf::notify() { if (rotationsRequested()) { s_semaphore.notify(); s_rotateThread.join(); } } natlog-3.01.00/rotatingstreambuf/open.cc000066400000000000000000000011201474316276200201550ustar00rootroot00000000000000#include "rotatingstreambuf.ih" // receives --log (or --log-data) void RotatingStreambuf::open(string const &name, bool stdLog) { d_name = name; d_overflow = &RotatingStreambuf::unlockedOverflow; Exception::open(d_out, name, ios::in | ios::ate, ios::out); if (d_header and file_size(name) == 0) // the std. log files don't have (*d_header)(d_out); // header lines if (stdLog) s_stdRotate.rotationStreambuf = this; else s_dataRotate.rotationStreambuf = this; } natlog-3.01.00/rotatingstreambuf/overflow.cc000066400000000000000000000001611474316276200210630ustar00rootroot00000000000000#include "rotatingstreambuf.ih" int RotatingStreambuf::overflow(int ch) { return (this->*d_overflow)(ch); } natlog-3.01.00/rotatingstreambuf/rotate1.cc000066400000000000000000000001631474316276200206010ustar00rootroot00000000000000#include "rotatingstreambuf.ih" // static void RotatingStreambuf::rotate() { logRotate(); dataRotate(); } natlog-3.01.00/rotatingstreambuf/rotate2.cc000066400000000000000000000022111474316276200205760ustar00rootroot00000000000000#include "rotatingstreambuf.ih" // assume nRotations == 3. If the current log-file has any content then: // x.2 -> x.3 if x.2 exists, rotate // x.1 -> x.2 if x.1 exists, rotate. // x -> x.1 void RotatingStreambuf::rotate(size_t nRotations) { { lock_guard lg{ d_mutex }; if (not d_content) // no content, nothing to return; // rotate } // d_name: the name of this string name = d_name + '.'; // object's log file string newName = name + to_string(nRotations); for (; --nRotations; ) { string oldName = name + to_string(nRotations); char const *old = oldName.c_str(); if (access(old, F_OK) == 0) // file exists rename(old, newName.c_str()); // rename it. newName = move(oldName); } lock_guard lg{d_mutex}; d_out.close(); rename(d_name.c_str(), newName.c_str()); Exception::open(d_out, d_name); if (d_header) (*d_header)(d_out); d_content = false; } natlog-3.01.00/rotatingstreambuf/rotate3.cc000066400000000000000000000010731474316276200206040ustar00rootroot00000000000000#include "rotatingstreambuf.ih" // static void RotatingStreambuf::rotate(RotationInfo &info) { if (info.rotationStreambuf == 0) return; lock_guard lg{ info.rotationMutex }; size_t seconds = time(0); if (seconds < info.lastRotation + Options::instance().rotationInterval()) return; // skip the rotation if the // previous one just ended info.lastRotation = seconds; info.rotationStreambuf->rotate(Options::instance().nRotations()); } natlog-3.01.00/rotatingstreambuf/rotatethread.cc000066400000000000000000000006101474316276200217050ustar00rootroot00000000000000#include "rotatingstreambuf.ih" // static void RotatingStreambuf::rotateThread() { Options const &options = Options::instance(); size_t freq = options.rotateFreq(); if (freq == 0) // no rotation return; freq *= options.rotateFactor(); while (s_semaphore.wait_for(chrono::minutes(freq)) == cv_status::timeout) rotate(); } natlog-3.01.00/rotatingstreambuf/rotatingstreambuf.h000066400000000000000000000043431474316276200226300ustar00rootroot00000000000000#ifndef INCLUDED_ROTATABLESTREAMBUF_ #define INCLUDED_ROTATABLESTREAMBUF_ #include #include #include #include #include class RotatingStreambuf: public std::streambuf { std::mutex d_mutex; bool d_locked = false; volatile bool d_content = false; std::ofstream d_out; std::string d_name; int (RotatingStreambuf::*d_overflow)(int ch); void (*d_header)(std::ostream &); struct RotationInfo { RotatingStreambuf *rotationStreambuf; size_t lastRotation = 0; std::mutex rotationMutex; }; static RotationInfo s_stdRotate; static RotationInfo s_dataRotate; static FBB::Semaphore s_semaphore; static std::thread s_rotateThread; public: RotatingStreambuf(void (*header)(std::ostream &) = 0); ~RotatingStreambuf() override; void open(std::string const &name, bool stdLog); static void notify(); static void startThread(); static void logRotate(); // .h static void dataRotate(); // .h private: int unlockedOverflow(int ch); int lockedOverflow(int ch); // called by rotateSthread at // --log-rotate time intervals static void rotate(); // 1 void rotate(size_t nRotations); // 2 // rotates the 'info' log-file static void rotate(RotationInfo &info); // 3 static void rotateThread(); static bool rotationsRequested(); // .ih int overflow(int ch) override; int sync() override; }; inline RotatingStreambuf::RotatingStreambuf(void (*header)(std::ostream &)) : d_header(header) {} // static inline void RotatingStreambuf::logRotate() // rotate the std. log file { rotate(s_stdRotate); } // static inline void RotatingStreambuf::dataRotate() // rotate the data log file { rotate(s_dataRotate); } #endif natlog-3.01.00/rotatingstreambuf/rotatingstreambuf.ih000066400000000000000000000006741474316276200230040ustar00rootroot00000000000000#include "rotatingstreambuf.h" //#include //#include #include #include #include #include #include "../options/options.h" using namespace std; using namespace filesystem; using namespace FBB; // static inline bool RotatingStreambuf::rotationsRequested() { return s_stdRotate.rotationStreambuf != 0 or s_dataRotate.rotationStreambuf != 0; } natlog-3.01.00/rotatingstreambuf/startthread.cc000066400000000000000000000002441474316276200215470ustar00rootroot00000000000000#include "rotatingstreambuf.ih" // static void RotatingStreambuf::startThread() { if (rotationsRequested()) s_rotateThread = thread{ rotateThread }; } natlog-3.01.00/rotatingstreambuf/sync.cc000066400000000000000000000003741474316276200202020ustar00rootroot00000000000000#include "rotatingstreambuf.ih" int RotatingStreambuf::sync() { if (not d_locked) d_mutex.lock(); int ret = d_out.rdbuf()->pubsync(); d_overflow = &RotatingStreambuf::unlockedOverflow; d_mutex.unlock(); return ret; } natlog-3.01.00/rotatingstreambuf/unlockedoverflow.cc000066400000000000000000000003561474316276200226160ustar00rootroot00000000000000#include "rotatingstreambuf.ih" int RotatingStreambuf::unlockedOverflow(int ch) { d_mutex.lock(); d_locked = true; d_overflow = &RotatingStreambuf::lockedOverflow; d_content = true; return d_out.rdbuf()->sputc(ch); } natlog-3.01.00/showseconds/000077500000000000000000000000001474316276200155125ustar00rootroot00000000000000natlog-3.01.00/showseconds/data.cc000066400000000000000000000002311474316276200167260ustar00rootroot00000000000000#include "showseconds.ih" void (*ShowSeconds::s_show)(std::ostream &out, size_t time) = ShowSeconds::rawTime; string ShowSeconds::s_utcMarker; natlog-3.01.00/showseconds/frame000066400000000000000000000000551474316276200165270ustar00rootroot00000000000000#include "showseconds.ih" ShowSeconds:: { } natlog-3.01.00/showseconds/icmconf000077700000000000000000000000001474316276200213672../icmconf.libustar00rootroot00000000000000natlog-3.01.00/showseconds/operatorinsert.cc000066400000000000000000000002511474316276200210770ustar00rootroot00000000000000#include "showseconds.ih" ostream &operator<<(ostream &out, ShowSeconds const &showSeconds) { (*ShowSeconds::s_show)(out, showSeconds.d_seconds); return out; } natlog-3.01.00/showseconds/setformat.cc000066400000000000000000000004741474316276200200320ustar00rootroot00000000000000#include "showseconds.ih" void ShowSeconds::setFormat() { Options::Time time = Options::instance().time(); s_show = time == Options::RAW ? rawTime : Options::UTC ? utcTime : localTime; if (time == Options::UTC) s_utcMarker = " (UTC)"; } natlog-3.01.00/showseconds/showseconds.h000066400000000000000000000021071474316276200202220ustar00rootroot00000000000000#ifndef INCLUDED_SHOWSECONDS_ #define INCLUDED_SHOWSECONDS_ #include class ShowSeconds { friend std::ostream &operator<<(std::ostream &out, ShowSeconds const &showSeconds); size_t d_seconds; static std::string s_utcMarker; static void (*s_show)(std::ostream &out, size_t time); public: ShowSeconds(); ShowSeconds(size_t seconds); static void setFormat(); static std::string const &utcMarker(); static std::string now(); static void (*utcFormat())(std::ostream &, size_t); static void setFormat(void (*show)(std::ostream &, size_t)); private: // all in time.cc static void rawTime(std::ostream &out, size_t seconds); static void utcTime(std::ostream &out, size_t seconds); static void localTime(std::ostream &out, size_t seconds); }; inline std::string const &ShowSeconds::utcMarker() { return s_utcMarker; } inline void ShowSeconds::setFormat(void (*show)(std::ostream &, size_t)) { s_show = show; } #endif natlog-3.01.00/showseconds/showseconds.ih000066400000000000000000000003371474316276200203760ustar00rootroot00000000000000#include "showseconds.h" #include #include #include #include #include #include #include "../options/options.h" using namespace std; using namespace FBB; natlog-3.01.00/showseconds/showseconds1.cc000066400000000000000000000001221474316276200204340ustar00rootroot00000000000000#include "showseconds.ih" ShowSeconds::ShowSeconds() : d_seconds(time(0)) {} natlog-3.01.00/showseconds/showseconds2.cc000066400000000000000000000001401474316276200204350ustar00rootroot00000000000000#include "showseconds.ih" ShowSeconds::ShowSeconds(size_t seconds) : d_seconds(seconds) {} natlog-3.01.00/showseconds/time.cc000066400000000000000000000015401474316276200167570ustar00rootroot00000000000000#include "showseconds.ih" namespace { void insertTime(DateTime::TimeType type, std::ostream &out, size_t seconds) { DateTime dt(static_cast(seconds), type); ostringstream os; os << dt; // E.g., 'Sun Nov 2 13:29:11 2008' // 01234 56789 out << os.str().substr(4, os.str().length() - 9); } } void ShowSeconds::rawTime(ostream &out, size_t seconds) { out << seconds; } void ShowSeconds::utcTime(ostream &out, size_t seconds) { insertTime(DateTime::UTC, out, seconds); } void ShowSeconds::localTime(ostream &out, size_t seconds) { insertTime(DateTime::LOCALTIME, out, seconds); } string ShowSeconds::now() { ostringstream out; out << ShowSeconds{ static_cast(time(0)) } << ":000000"; return out.str(); } natlog-3.01.00/showseconds/utcformat.cc000066400000000000000000000002251474316276200200240ustar00rootroot00000000000000#include "showseconds.ih" void (*ShowSeconds::utcFormat())(std::ostream &, size_t) { auto ret = s_show; s_show = utcTime; return ret; } natlog-3.01.00/storage/000077500000000000000000000000001474316276200146175ustar00rootroot00000000000000natlog-3.01.00/storage/fetch.cc000066400000000000000000000005011474316276200162130ustar00rootroot00000000000000#include "storage.ih" Record *Storage::fetch() { lock_guard lg{ d_mutex }; // if this throws, nothing has been removed. d_record = d_queue.front(); // once we reach this point we own the queue's front element and it // can be removed d_queue.pop(); return d_record; } natlog-3.01.00/storage/frame000066400000000000000000000000451474316276200156330ustar00rootroot00000000000000#include "storage.ih" Storage:: { } natlog-3.01.00/storage/icmconf000077700000000000000000000000001474316276200204742../icmconf.libustar00rootroot00000000000000natlog-3.01.00/storage/push.cc000066400000000000000000000003101474316276200160770ustar00rootroot00000000000000#include "storage.ih" void Storage::push(Record *record) { d_available.wait(); { lock_guard lg{ d_mutex }; d_queue.push(record); } d_filled.notify(); } natlog-3.01.00/storage/storage.h000066400000000000000000000025151474316276200164370ustar00rootroot00000000000000#ifndef INCLUDED_STORAGE_ #define INCLUDED_STORAGE_ #include #include class Record; class Storage { enum { AVAIL = 1000 }; FBB::Semaphore d_available{ AVAIL }; FBB::Semaphore d_filled{ 0 }; Record *d_record; // retrieved from the queue std::mutex d_mutex; std::queue d_queue; bool d_empty = false; // indicates no more data will // arrive public: Storage() = default; Storage(Storage const &) = delete; void consumeWait(); // i void produceNotify(); // i void push(Record *src); Record *fetch(); // fetch the next record size_t size() const; // i bool empty() const; // i void setEmpty(); // i - sets d_empty to true }; inline bool Storage::empty() const { return d_empty && d_queue.empty(); } inline void Storage::setEmpty() { d_empty = true; d_filled.notify(); } inline size_t Storage::size() const { return d_queue.size(); } inline void Storage::consumeWait() { d_filled.wait(); } inline void Storage::produceNotify() { d_available.notify(); } #endif natlog-3.01.00/storage/storage.ih000066400000000000000000000001131474316276200166000ustar00rootroot00000000000000#include "storage.h" #include "../record/record.h" using namespace std; natlog-3.01.00/systemdfix.cc000066400000000000000000000017601474316276200156650ustar00rootroot00000000000000#include "main.ih" vector systemdFix(int argc, char **argv) { vector vs; if (argc == 1 || "-S"s != argv[1]) // no -S: no systemd fuck-up return vs; vs.push_back(argv[0]); // store the program name for (int idx = 2; idx != argc; ++idx) // inspect all args { string str = argv[idx]; size_t beg = 0; while (true) { // check a blank in the argument size_t end = str.find_first_of(" \t", beg); if (end == string::npos) // not found: done here break; // pick the part up to the blank vs.push_back(str.substr(beg, end - beg)); // and find the 1st char beyond beg = str.find_first_not_of(" \t", end); } vs.push_back(str.substr(beg)); // add the (rest) without blanks } return vs; } natlog-3.01.00/tcp/000077500000000000000000000000001474316276200137415ustar00rootroot00000000000000natlog-3.01.00/tcp/cleanuphook.cc000066400000000000000000000002551474316276200165620ustar00rootroot00000000000000#include "tcp.ih" namespace { size_t a_tcpSize = 50; } void TCP::cleanupHook() { keyMapCleanup(d_keyMap); maybeSizeLog(&a_tcpSize, d_keyMap.size(), "TCP"); } natlog-3.01.00/tcp/data.cc000066400000000000000000000003761474316276200151670ustar00rootroot00000000000000#include "tcp.ih" void (TCP::*TCP::s_tcpIn[]) (RecordPtr &) = { &TCP::syn, // TCP_SYN &TCP::fin, // TCP_FIN &TCP::sent, // TCP_SENT &TCP::received, // TCP_RECVD &TCP::ignore // TCP_IGNORE }; natlog-3.01.00/tcp/destructor.cc000066400000000000000000000000421474316276200164420ustar00rootroot00000000000000#include "tcp.ih" TCP::~TCP() {} natlog-3.01.00/tcp/fin.cc000066400000000000000000000005621474316276200150270ustar00rootroot00000000000000#include "tcp.ih" void TCP::fin(RecordPtr &record) { auto iter = find(record->key()); if (iter == end()) // the local host doesn't FIN iter = find(record->dstKey()); // maybe it's the remote host if (iter != end()) { log(*iter->second); erase(iter); // remove the entry } } natlog-3.01.00/tcp/frame000066400000000000000000000000351474316276200147540ustar00rootroot00000000000000#include "tcp.ih" TCP:: { } natlog-3.01.00/tcp/icmconf000077700000000000000000000000001474316276200176162../icmconf.libustar00rootroot00000000000000natlog-3.01.00/tcp/ignore.cc000066400000000000000000000001111474316276200155240ustar00rootroot00000000000000#include "tcp.ih" void TCP::ignore([[maybe_unused]] RecordPtr &next) {} natlog-3.01.00/tcp/indev.cc000066400000000000000000000004341474316276200153560ustar00rootroot00000000000000#include "tcp.ih" void TCP::inDev(RecordPtr &record) { (this->*s_tcpIn[inType(*record)])(record); // syn; // TCP_SYN // fin; // TCP_FIN // sent; // TCP_SENT // received; // TCP_RECVD // ignore; // TCP_IGNORE } natlog-3.01.00/tcp/intype.cc000066400000000000000000000006071474316276200155630ustar00rootroot00000000000000#include "tcp.ih" TCP::TCP_type TCP::inType(Record const &next) { if (next.flags() == Record::SYN) // SYN (only) record return TCP_SYN; if (next.flags() & Record::FIN) // FIN-flag set return TCP_FIN; if (find(next.srcKey()) != end()) return TCP_SENT; if (find(next.dstKey()) != end()) return TCP_RECVD; return TCP_IGNORE; } natlog-3.01.00/tcp/outdev.cc000066400000000000000000000021511474316276200155550ustar00rootroot00000000000000#include "tcp.ih" // The OUT device is used to NAT source addresses to the nathost's // address. // IN device: sends SYN src:sport -> dst:dport // OUT device: sends SYN nat:nport -> dst:dport // in that case: // new entry in the map, using a key computed from src::sport // the out-device may also send info by itself to the outside world // therefore, when cleaning up void TCP::outDev(RecordPtr &next) { if (next->flags() != Record::SYN) // ignore unless a mere SYN record return; auto idIter = d_keyMap.find(next->id()); // look for the ID if (idIter == d_keyMap.end()) // ID not yet seen { next->setSrcKey(); // src key is nathost:port d_keyMap[next->id()] = { false, next->key() }; return; } auto iter = find(idIter->second.key); // find the matching record if (iter == end()) // somehow not available return; d_keyMap.erase(idIter); // keyMap entry no longer required setVia(iter, *next); // set nat:nport as via } natlog-3.01.00/tcp/received.cc000066400000000000000000000001661474316276200160410ustar00rootroot00000000000000#include "tcp.ih" void TCP::received(RecordPtr &next) { find(next->dstKey())->second->addReceivedBytes(*next); } natlog-3.01.00/tcp/sent.cc000066400000000000000000000001561474316276200152230ustar00rootroot00000000000000#include "tcp.ih" void TCP::sent(RecordPtr &next) { find(next->srcKey())->second->addSentBytes(*next); } natlog-3.01.00/tcp/syn.cc000066400000000000000000000015341474316276200150640ustar00rootroot00000000000000#include "tcp.ih" void TCP::syn(RecordPtr &next) { if ( // package sent g_nic.mask(Record::IN, next->sourceIP()) && // and not a local not g_nic.mask(Record::IN, next->destIP()) // connection ) { auto idIter = d_keyMap.find(next->id()); // look for the ID if (idIter == d_keyMap.end()) // ID not yet seen { next->setSrcKey(); // store the key for outDev d_keyMap[next->id()] = { true, next->key() }; } else // ID already set by outDev { next->setVia(idIter->second.key); d_keyMap.erase(idIter); // so not needed anymore } insert(next); } } natlog-3.01.00/tcp/tcp.h000066400000000000000000000015661474316276200147100ustar00rootroot00000000000000#ifndef INCLUDED_TCP_ #define INCLUDED_TCP_ #include "../ipbase/ipbase.h" class TCP: public IPbase { enum TCP_type // see s_tcpIn and { TCP_SYN, TCP_FIN, TCP_SENT, TCP_RECVD, TCP_IGNORE }; KeyMap d_keyMap; static void (TCP::*s_tcpIn[]) (RecordPtr &); public: TCP(std::ostream &stdMsg, std::ostream &logDataStream); ~TCP() override; private: void inDev(RecordPtr &next) override; void sent(RecordPtr &next) override; void received(RecordPtr &next) override; void outDev(RecordPtr &next) override; void cleanupHook() override; TCP_type inType(Record const &record); void fin(RecordPtr &next); void ignore(RecordPtr &next); void syn(RecordPtr &next); }; #endif natlog-3.01.00/tcp/tcp.ih000066400000000000000000000001641474316276200150520ustar00rootroot00000000000000#include "tcp.h" #include #include "../nic/nic.h" #include "../options/options.h" using namespace std; natlog-3.01.00/tcp/tcp1.cc000066400000000000000000000001661474316276200151220ustar00rootroot00000000000000#include "tcp.ih" TCP::TCP(std::ostream &stdMsg, std::ostream &logDataStream) : IPbase(stdMsg, logDataStream) {} natlog-3.01.00/tcpdumpproducer/000077500000000000000000000000001474316276200163735ustar00rootroot00000000000000natlog-3.01.00/tcpdumpproducer/before.cc000066400000000000000000000004341474316276200201450ustar00rootroot00000000000000#include "tcpdumpproducer.ih" bool TcpdumpProducer::Data::before(Data const &other) { return hdr.seconds < other.hdr.seconds || ( hdr.seconds == other.hdr.seconds && hdr.muSeconds < other.hdr.muSeconds ); } natlog-3.01.00/tcpdumpproducer/destructor.cc000066400000000000000000000003131474316276200210750ustar00rootroot00000000000000#include "tcpdumpproducer.ih" TcpdumpProducer::~TcpdumpProducer() { delete[] d_buffer; d_stdMsg << "processed all packets from " << d_inName << " and " << d_outName << endl; } natlog-3.01.00/tcpdumpproducer/frame000066400000000000000000000000651474316276200174110ustar00rootroot00000000000000#include "tcpdumpproducer.ih" TcpdumpProducer:: { } natlog-3.01.00/tcpdumpproducer/get.cc000066400000000000000000000004431474316276200174620ustar00rootroot00000000000000#include "tcpdumpproducer.ih" // static void TcpdumpProducer::get(Data &data) { data.stream.read(reinterpret_cast(&data.hdr), sizeof(TcpdumpRecord::PktHdr)); if (not data.stream.good()) data.hdr.seconds = numeric_limits::max(); } natlog-3.01.00/tcpdumpproducer/icmconf000077700000000000000000000000001474316276200222502../icmconf.libustar00rootroot00000000000000natlog-3.01.00/tcpdumpproducer/process.cc000066400000000000000000000006061474316276200203620ustar00rootroot00000000000000#include "tcpdumpproducer.ih" void TcpdumpProducer::process() { while (d_in.stream.good() || d_out.stream.good()) { if (d_in.before(d_out)) store(Record::IN, d_in); else if (d_out.before(d_in)) store(Record::OUT, d_out); else { store(Record::IN, d_in); store(Record::OUT, d_out); } } } natlog-3.01.00/tcpdumpproducer/run.cc000066400000000000000000000011721474316276200175070ustar00rootroot00000000000000#include "tcpdumpproducer.ih" void TcpdumpProducer::run() { Exception::open(d_in.stream, d_inName); // throw exceptions on failure Exception::open(d_out.stream, d_outName); d_in.stream.ignore(24); // skip the global header, see d_out.stream.ignore(24); // pcapfile.txt d_stdMsg << "starting reading packets from " << d_inName << " and " << d_outName << endl; get(d_in); // fetch the first packets from get(d_out); // both files. process(); // process all packets. } natlog-3.01.00/tcpdumpproducer/store.cc000066400000000000000000000013711474316276200200400ustar00rootroot00000000000000#include "tcpdumpproducer.ih" void TcpdumpProducer::store(Record::Type type, Data &data) { if (data.hdr.len > d_bufLen) // ip header length already in host byte { // order delete[] d_buffer; d_buffer = new char[ d_bufLen = data.hdr.len ]; } if (not data.stream.read(d_buffer, data.hdr.len)) throw Exception{} << ": corrupted tcpdump file `" << (type == Record::IN ? d_inName : d_outName) << '\''; u_char const *buffer = reinterpret_cast(d_buffer); if (d_options.hasProtocol( IP_Types::get(buffer).protocol) ) d_storage.push( new TcpdumpRecord{ type, data.hdr, buffer } ); get(data); } natlog-3.01.00/tcpdumpproducer/tcpdumpproducer.h000066400000000000000000000016061474316276200217670ustar00rootroot00000000000000#ifndef INCLUDED_TCPDUMPPRODUCER_ #define INCLUDED_TCPDUMPPRODUCER_ #include #include "../producer/producer.h" #include "../tcpdumprecord/tcpdumprecord.h" class Options; class Storage; class TcpdumpProducer: public Producer { struct Data { std::ifstream stream; TcpdumpRecord::PktHdr hdr; size_t seconds; bool before(Data const &other); }; Options &d_options; std::ostream &d_stdMsg; Storage &d_storage; char const *d_inName; char const *d_outName; Data d_in; Data d_out; char *d_buffer = 0; size_t d_bufLen = 0; public: TcpdumpProducer(std::ostream &stdMsg, Storage &storage); ~TcpdumpProducer() override; private: void run() override; void process(); static void get(Data &data); void store(Record::Type, Data &data); }; #endif natlog-3.01.00/tcpdumpproducer/tcpdumpproducer.ih000066400000000000000000000003671474316276200221430ustar00rootroot00000000000000#include "tcpdumpproducer.h" #include #include #include #include #include "../options/options.h" #include "../storage/storage.h" #include "../nic/nic.h" using namespace std; using namespace FBB; natlog-3.01.00/tcpdumpproducer/tcpdumpproducer1.cc000066400000000000000000000006241474316276200222050ustar00rootroot00000000000000#include "tcpdumpproducer.ih" TcpdumpProducer::TcpdumpProducer(ostream &stdMsg, Storage &storage) : d_options(Options::instance()), d_stdMsg(stdMsg), d_storage(storage), d_inName(d_options[0]), d_outName(d_options[3]) { // device address mask g_nic.set(Record::IN, d_options[1], d_options[2]); g_nic.set(Record::OUT, d_options[4], d_options[5]); } natlog-3.01.00/tcpdumprecord/000077500000000000000000000000001474316276200160265ustar00rootroot00000000000000natlog-3.01.00/tcpdumprecord/frame000066400000000000000000000000611474316276200170400ustar00rootroot00000000000000#include "tcpdumprecord.ih" TcpdumpRecord:: { } natlog-3.01.00/tcpdumprecord/icmconf000077700000000000000000000000001474316276200217032../icmconf.libustar00rootroot00000000000000natlog-3.01.00/tcpdumprecord/tcpdump.pcap-fmt.txt000077700000000000000000000000001474316276200302772../documentation/pcap/pcapfile.txtustar00rootroot00000000000000natlog-3.01.00/tcpdumprecord/tcpdumprecord.h000066400000000000000000000013251474316276200210530ustar00rootroot00000000000000#ifndef INCLUDED_TCPDUMPRECORD_ #define INCLUDED_TCPDUMPRECORD_ #include "../record/record.h" class TcpdumpRecord: public Record { public: struct PktHdr // this packet hdr is used by captured files. { // pcap_pkthdr uses `struct timeval ts', which is // longer than 2 x uint32_t uint32_t seconds; // time stamp uint32_t muSeconds; // time stamp uint32_t caplen; // length of portion present uint32_t len; // length this packet (off wire) }; TcpdumpRecord(Type inOut, PktHdr const &hdr, u_char const *packet); // ~TcpdumpRecord() override; }; #endif natlog-3.01.00/tcpdumprecord/tcpdumprecord.ih000066400000000000000000000001421474316276200212200ustar00rootroot00000000000000#include "tcpdumprecord.h" #include using namespace std; using namespace FBB; natlog-3.01.00/tcpdumprecord/tcpdumprecord1.cc000066400000000000000000000003161474316276200212710ustar00rootroot00000000000000#include "tcpdumprecord.ih" TcpdumpRecord::TcpdumpRecord(Type inOut, PktHdr const &hdr, u_char const *packet) : Record(inOut, hdr.seconds, hdr.muSeconds, packet) {} natlog-3.01.00/testrun000077500000000000000000000004171474316276200146070ustar00rootroot00000000000000#!/bin/bash if [ $# -eq 0 ] ; then echo "provide (colon separated) protocol specs, or 'all'" echo "followed by 'in' 'out' device spec. or 'conntrack'" exit 0 fi rm -f /tmp/natlog tmp/bin/binary -t utc --debug --no-daemon -s --log /tmp/natlog --protocol $* natlog-3.01.00/udp/000077500000000000000000000000001474316276200137435ustar00rootroot00000000000000natlog-3.01.00/udp/cleanuphook.cc000066400000000000000000000002551474316276200165640ustar00rootroot00000000000000#include "udp.ih" namespace { size_t a_udpSize = 50; } void UDP::cleanupHook() { keyMapCleanup(d_keyMap); maybeSizeLog(&a_udpSize, d_keyMap.size(), "UDP"); } natlog-3.01.00/udp/destructor.cc000066400000000000000000000000421474316276200164440ustar00rootroot00000000000000#include "udp.ih" UDP::~UDP() {} natlog-3.01.00/udp/frame000066400000000000000000000000351474316276200147560ustar00rootroot00000000000000#include "udp.ih" UDP:: { } natlog-3.01.00/udp/icmconf000077700000000000000000000000001474316276200176202../icmconf.libustar00rootroot00000000000000natlog-3.01.00/udp/outdev.cc000066400000000000000000000020421474316276200155560ustar00rootroot00000000000000#include "udp.ih" // The OUT interface is used to NAT source addresses to the nathost's // address. // nat:nport -> dst:dport, ID in d_keyMap // or // dst:dport -> nat:nport (ignored) void UDP::outDev(RecordPtr &next) { if (next->id() == 0) // ID 0 is not used return; auto idIter = d_keyMap.find(next->id()); // look for the ID if (idIter == d_keyMap.end()) // no such ID (yet) { next->setSrcKey(); d_keyMap[next->id()] = { false, next->key() }; return; } auto iter = find(idIter->second.key); // get the matching record if ( iter == end() // somehow not available || // or src != OUT device g_nic.address(Record::OUT) != next->sourceIP() ) return; d_keyMap.erase(idIter); // ID no longer needed setVia(iter, *next); // set nat:nport as via } natlog-3.01.00/udp/received.cc000066400000000000000000000010161474316276200160360ustar00rootroot00000000000000#include "udp.ih" // source destination // dst:dport -> src::sport // source may not be local void UDP::received(RecordPtr &next) { // source may not be local if (not g_nic.mask(Record::IN, next->sourceIP())) { // existing connection: // add received bytes if (auto iter = find(next->dstKey()); iter != end()) iter->second->addReceivedBytes(*next); } } natlog-3.01.00/udp/sent.cc000066400000000000000000000022421474316276200152230ustar00rootroot00000000000000#include "udp.ih" // source destination // src:sport -> dst::dport, ID // // sent: dst may not be in the local net void UDP::sent(RecordPtr &next) { // dest may not be in the local net if (g_nic.mask(Record::IN, next->destIP())) return; // existing record: add sent bytes if (auto iter = find(next->key()); iter != end()) { iter->second->addSentBytes(*next); return; } // or store a new connection auto idIter = d_keyMap.find(next->id()); // look for the ID if (idIter == d_keyMap.end()) // ID not yet seen { next->setSrcKey(); // store the key for outDev d_keyMap[next->id()] = { true, next->key() }; } else // ID already set by outDev { next->setVia(idIter->second.key); d_keyMap.erase(idIter); // so not needed anymore } next->addSentBytes(*next); insert(next); // store the record } natlog-3.01.00/udp/udp.h000066400000000000000000000007341474316276200147100ustar00rootroot00000000000000#ifndef INCLUDED_UDP_ #define INCLUDED_UDP_ #include "../ipbase/ipbase.h" class UDP: public IPbase { KeyMap d_keyMap; public: UDP(std::ostream &stdMsg, std::ostream &logDataStream); ~UDP() override; private: void sent(RecordPtr &next) override; void received(RecordPtr &next) override; void outDev(RecordPtr &next) override; void cleanupHook() override; }; #endif natlog-3.01.00/udp/udp.ih000066400000000000000000000001641474316276200150560ustar00rootroot00000000000000#include "udp.h" #include #include "../nic/nic.h" #include "../options/options.h" using namespace std; natlog-3.01.00/udp/udp1.cc000066400000000000000000000001661474316276200151260ustar00rootroot00000000000000#include "udp.ih" UDP::UDP(std::ostream &stdMsg, std::ostream &logDataStream) : IPbase(stdMsg, logDataStream) {} natlog-3.01.00/usage.cc000066400000000000000000000152551474316276200145760ustar00rootroot00000000000000// usage.cc #include "main.ih" namespace { char const config[] = R"( Where: [options] - optional arguments (short options between parentheses): --config (-c) path - path: pathname of the configuration file (default: `)"; char const ctCommand[] = R"(') --conntrack-bytecounts: the `conntrack' program also reports the number of sent and received bytes --conntrack-command cmd - cmd: `conntrack' program call (default `)"; char const ctDevice[] = R"(') --conntrack-device dev - dev: `conntrack' data device (default `)"; char const noDaemon[] = R"(') --conntrack-ip-header-size size - size: assumed IP header sizes (default: 0, commonly encountered: 20) --conntrack-restart max - max number of times `conntrack' is restarted if prematurely ended (default 10 restarts) --debug - log debug messages (unless --log off) --help (-h) - provide this help --log type - log information about connections. Specify `type' as: syslog: (default) log messages using syslog off: no messages are logged path: messages are logged to the 'path' --log-data path - write log-data on the file `path' --log-rotate spec - rotate log- and log-data files. `Spec' is either `time[mhd]' or `time[mhd]nFiles' (m: minutes, h: hours, d: days. By default (or if 'time' or `nfiles' are zero) log files are not rotated. --no-bytes - sent and received numbers of bytes are not listed in log-entries --no-daemon - do not run )"; char const pidFile[] = R"( in the background --no-dst - do not include 'dst' entries in the log file (default: 'dst' entries are included) --no-via - do not include 'via' entries in the log file (default: 'via' entries are included) --pid-file (-p) path - `path' is the name of the file holding the daemon's PID (default `)"; char const protocol[] = R"(') --protocol (-P) spec - spec: protocols handled by )"; char const optionRot[] = R"( Use colon separated combinations of tcp (default), udp and icmp, or use `all' --rotate - the log-files of a separately running process are rotated --rotate-data - the log-data files of `)"; char const optionS[] = R"(' (a separately called process) are rotated -S - systemd fix: specify this as first argument when starting )"; char const syslogTag[] = R"( from natlog.service --stdout (-s) - write syslog-equivalent messages to the std output (implied by --verbose; only with --no-daemon) --syslog-tag id - id: identifier prefixed to syslog messages (default `)"; char const syslogFacil[] = R"(') --syslog-facility fac - fac: used syslog facility (default `)"; char const syslogPri[] = R"(') --syslog-priority pri - pri: used syslog priority (default `)"; char const ttl[] = R"(') --terminate - end a running natlog program using the PID found in the PID-file (see option --pid-file) --time (-t) spec - time specification: raw: (default) seconds since the epoch; utc: date and time in UTC local: local date and time --ttl (-T) secs - time-to-live for received connections. Format: `u' (UDP/ICMP ttl) and/or `t' (TCP ttl). Default: )"; char const trailer[] = R"(t info about a connection is logged if it is not active for `secs' seconds --verbose (-V) - write additional information: with --no-daemon: to stdout; with daemons and --no-syslog not specified: to the syslog daemon --version (-v) - show version information and terminate (suppressed by --no-daemon) command - command to execute: conntrack: use `conntrack' to find the source-nat connections in out: in, out: names of network devices (e.g., eth0) directly capture packets on the `in' and `out' devices in: source natting is applied to its source addresses out: the (natting) device connecting to the destination addresses in inAddr inMask out outAddr outMask: in, out: names of files written by tcpdump (e.g., tcpdump -i device -w filename) `in': in-device packages (source natting was applied to `in') `out' packages of the device connecting to the destination addresses `inAddr inMask': address and netmask of the in-device `outAddr outMask': address and netmask of the out-device )"; } void usage(std::string const &progname) { cout << "\n" << progname << " by " << Icmbuild::author << "\n" << progname << " V" << Icmbuild::version << " " << Icmbuild::years << "\n" "\n" "Usage: " << progname << " [options] command" << config << Options::defaultConfigPath() << ctCommand << Options::defaultConntrackCommand() << ' ' << Options::defaultConntrackArgs() << ctDevice << Options::defaultConntrackDevice() << noDaemon << progname << pidFile << Options::defaultPIDfile() << protocol << progname << optionRot << progname << optionS << progname << syslogTag << Options::defaultSyslogIdent() << syslogFacil << Options::defaultSyslogFacility() << syslogPri << Options::defaultSyslogPriority() << ttl << Options::TTL << 'u' << Options::TTL_TCP << trailer; } natlog-3.01.00/version/000077500000000000000000000000001474316276200146405ustar00rootroot00000000000000natlog-3.01.00/version/version.h000066400000000000000000000003421474316276200164750ustar00rootroot00000000000000#ifndef INCLUDED_VERSION_H_ #define INCLUDED_VERSION_H_ #include "../VERSION" namespace Icmbuild { char const version[] = VERSION; char const years[] = YEARS; char const author[] = AUTHOR; } #endif