From d90161d18c91b9639362237bea4380fc66a5c9bb Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Wed, 15 Nov 2023 18:23:35 +0100
Subject: [PATCH 01/40] router: The beginings of a new benchmark using an
 isolated router.

---
 BUILD.bazel                                   |   1 +
 acceptance/router_newbenchmark/BUILD.bazel    |  39 ++++
 acceptance/router_newbenchmark/conf/br.toml   |  14 ++
 .../router_newbenchmark/conf/keys/master0.key |   1 +
 .../router_newbenchmark/conf/keys/master1.key |   1 +
 .../router_newbenchmark/conf/prometheus.yml   |  10 +
 .../router_newbenchmark/conf/topology.json    |  56 ++++++
 acceptance/router_newbenchmark/pause.tar      | Bin 0 -> 258560 bytes
 acceptance/router_newbenchmark/test.py        | 172 ++++++++++++++++++
 tools/brload/BUILD.bazel                      |  33 ++++
 tools/brload/cases.go                         | 133 ++++++++++++++
 tools/brload/main.go                          | 160 ++++++++++++++++
 12 files changed, 620 insertions(+)
 create mode 100644 acceptance/router_newbenchmark/BUILD.bazel
 create mode 100644 acceptance/router_newbenchmark/conf/br.toml
 create mode 100644 acceptance/router_newbenchmark/conf/keys/master0.key
 create mode 100644 acceptance/router_newbenchmark/conf/keys/master1.key
 create mode 100644 acceptance/router_newbenchmark/conf/prometheus.yml
 create mode 100644 acceptance/router_newbenchmark/conf/topology.json
 create mode 100644 acceptance/router_newbenchmark/pause.tar
 create mode 100644 acceptance/router_newbenchmark/test.py
 create mode 100644 tools/brload/BUILD.bazel
 create mode 100644 tools/brload/cases.go
 create mode 100644 tools/brload/main.go

diff --git a/BUILD.bazel b/BUILD.bazel
index c43159ca4e..106951d6ac 100644
--- a/BUILD.bazel
+++ b/BUILD.bazel
@@ -195,6 +195,7 @@ pkg_tar(
         "//acceptance/cmd/sig_ping_acceptance",
         "//pkg/private/xtest/graphupdater",
         "//tools/braccept",
+        "//tools/brload",
         "//tools/buildkite/cmd/buildkite_artifacts",
         "//tools/end2end",
         "//tools/end2end_integration",
diff --git a/acceptance/router_newbenchmark/BUILD.bazel b/acceptance/router_newbenchmark/BUILD.bazel
new file mode 100644
index 0000000000..07604a90e6
--- /dev/null
+++ b/acceptance/router_newbenchmark/BUILD.bazel
@@ -0,0 +1,39 @@
+load("@io_bazel_rules_docker//container:container.bzl", "container_image")
+load("//acceptance/common:raw.bzl", "raw_test")
+
+exports_files([
+    "conf",
+    "test.py",
+    "pause.tar",
+])
+
+args = [
+    "--executable",
+    "brload:$(location //tools/brload)",
+    "--container-loader",
+    "posix-router:latest#$(location //acceptance/router_newbenchmark:router)",
+    "--pause_tar",
+    "$(location //acceptance/router_newbenchmark:pause.tar)",
+]
+
+data = [
+    "pause.tar",
+    ":conf",
+    ":router",
+    "//tools/brload",
+]
+
+raw_test(
+    name = "test",
+    src = "test.py",
+    args = args,
+    data = data,
+    homedir = "$(rootpath :router)",
+    # This test uses sudo and accesses /var/run/netns.
+    local = True,
+)
+
+container_image(
+    name = "router",
+    base = "//docker:posix_router",
+)
diff --git a/acceptance/router_newbenchmark/conf/br.toml b/acceptance/router_newbenchmark/conf/br.toml
new file mode 100644
index 0000000000..f3857e2727
--- /dev/null
+++ b/acceptance/router_newbenchmark/conf/br.toml
@@ -0,0 +1,14 @@
+[general]
+id = "br1a"
+config_dir = "/share/conf"
+
+[metrics]
+prometheus = "192.168.0.1:30442"
+
+[features]
+
+[api]
+addr = "192.168.0.1:31142"
+
+[log.console]
+level = "error"
diff --git a/acceptance/router_newbenchmark/conf/keys/master0.key b/acceptance/router_newbenchmark/conf/keys/master0.key
new file mode 100644
index 0000000000..8bd063d0ac
--- /dev/null
+++ b/acceptance/router_newbenchmark/conf/keys/master0.key
@@ -0,0 +1 @@
+V9SOOHqV4KdAL6utGnvEtA==
\ No newline at end of file
diff --git a/acceptance/router_newbenchmark/conf/keys/master1.key b/acceptance/router_newbenchmark/conf/keys/master1.key
new file mode 100644
index 0000000000..5505c43fa4
--- /dev/null
+++ b/acceptance/router_newbenchmark/conf/keys/master1.key
@@ -0,0 +1 @@
+mdPcnujoYi4JmWALGeKbSQ==
\ No newline at end of file
diff --git a/acceptance/router_newbenchmark/conf/prometheus.yml b/acceptance/router_newbenchmark/conf/prometheus.yml
new file mode 100644
index 0000000000..d0abecdfc1
--- /dev/null
+++ b/acceptance/router_newbenchmark/conf/prometheus.yml
@@ -0,0 +1,10 @@
+global:
+  evaluation_interval: 1s
+  external_labels:
+    monitor: scion-monitor
+  scrape_interval: 1s
+scrape_configs:
+  - job_name: BR
+    static_configs:
+    - targets:
+      - 192.168.0.1:30442
diff --git a/acceptance/router_newbenchmark/conf/topology.json b/acceptance/router_newbenchmark/conf/topology.json
new file mode 100644
index 0000000000..6edf1873cd
--- /dev/null
+++ b/acceptance/router_newbenchmark/conf/topology.json
@@ -0,0 +1,56 @@
+{
+  "attributes": [
+    "core"
+  ],
+  "isd_as": "1-ff00:0:1",
+  "mtu": 1400,
+  "control_service": {
+    "cs1-ff00_0_1-1": {
+      "addr": "172.20.0.28:30252"
+    }
+  },
+  "discovery_service": {
+    "cs1-ff00_0_1-1": {
+      "addr": "172.20.0.28:30252"
+    }
+  },
+  "border_routers": {
+    "br1a": {
+      "internal_addr": "192.168.0.1:30042",
+      "interfaces": {
+        "2": {
+          "underlay": {
+            "public": "192.168.2.1:50000",
+            "remote": "192.168.2.2:50000"
+          },
+          "isd_as": "1-ff00:0:2",
+          "link_to": "child",
+          "mtu": 1280
+        },
+        "3": {
+          "underlay": {
+            "public": "192.168.3.1:50000",
+            "remote": "192.168.3.3:50000"
+          },
+          "isd_as": "1-ff00:0:3",
+          "link_to": "child",
+          "mtu": 1280
+        }
+      }
+    },
+    "br1b": {
+      "internal_addr": "192.168.0.2:30042",
+      "interfaces": {
+        "4": {
+          "underlay": {
+            "public": "192.168.4.1:50000",
+            "remote": "192.168.4.4:50000"
+          },
+          "isd_as": "2-ff00:0:4",
+          "link_to": "core",
+          "mtu": 1280
+        }
+      }
+    }
+  }
+}
diff --git a/acceptance/router_newbenchmark/pause.tar b/acceptance/router_newbenchmark/pause.tar
new file mode 100644
index 0000000000000000000000000000000000000000..da03eed189f8c5fa9423f1be5876f2ea05f3e08c
GIT binary patch
literal 258560
zcmeFa3w%`7wLd-sK?V%WRI!c~+mTK*sfd#YWFpc|Am|AMi4|?EdJBY5P#!UvAhn=@
z36;}Bl(tr_S9@uD@2$2{X{$K+xJ?L<U`q>HTdc)K?Bh%W73~Am>ioaowfC7<0@z~x
z-_P$dO6HvXTzkFu+UuMt4$m)}6DqC<m)Dn7%xMUfhvzlSof|HhUmR+fS6ni0La3yn
zAv~v~z9Li>E-NXYQ!;mcMQGlfveF6j%IZriE^;0J6AG1u%Eym)h14hao29PelF|t!
zWyNKo;*cv;Qe0kA?h1@Q{?I4hqNO=HrwJf6EnONt)@aA8&t2TH#`<4WSA3%Mzk2E?
zudJSV`LUJ+nuaEnmF3dixd-M-bLd}EK4H8o5IWYN?^WIZb^4EcU$FdMQS0P5?=c2W
zSpIKlUb^HsFda|+CzMRcm4DcRlk$HYw7w_RpC7Yu-k6KWoG2TN89S!FsbNmEK?bWR
z4_z24#{aWI#TSP{`2PaAV5_A|qH`85X=wTkuI4ZN?3jx`KgL+v99=SJaRcB$i>jrI
z(I9<)RdYj=s;P`d=hQE_GCFVJk}((0pR=gBVeFVx+0vG1|H6hQbk!|qML(Cip4r&2
zBzqjWo4KSOK<M^Umn<7|@sgHBi^h(bvKY%!m(`2sd{zT`_0mNxiyNAqnolilx^dx>
z&sHte&`w<vZTei}(uGR^m+Cun$>f%Wi&8_?%$eJ;NOxa3cFa;-j#;#DNz3vvE8i2+
zzN<k_l<*fVn)A7arg8M4j`}%{{Fn6i|4PS~g-*)<Q4xBw;v@!6V&EhO-UAGjgv*MH
zOXq~=l#U-izqo#GXx`kiin$dH730Hm%jb*_my|ZlnKy6loQAS+eQ{YueM2Z*Qrs}V
zp?q%n+<Eo$=Dlb8fA0Lt$4>}ND8~N31a~L*|L*~Lk2}N()BnBN|7X#^w5$~IpZ8^F
zdUF4NTpl^u;Qw6=oUr_#`2N47v;^_LZ22!KFF7gy?+4fE{r`!w0ru^UbDA2s*B#Rk
zDhZ7*ErTsDpIaZEFbB>B!oQ_+!xO^u>l=#4SCoZA731g6uc)XfpNopp3GhM2*O!kk
z2^E)=j4#QGC7`VA!ch5z#TBzc<rjxaE-oz@S2CfzJcMy3d^$6rfSKz{=GK>l=az-%
zj;|j-zN~b9>G*I(Jx(y-(3H=g6Rrr)DK9OppBEk<s-Ig{Utc;tG_Rs`eChlNa~dk<
z*3ZivZs7PtLq%zEX<5nq@cf2)wEkZetGITIF>}V$Nf!aG+R9nRq>Eabn=V?kw0_Q_
zi<;*yTyk;7ed;z{Aw}vImt(HiQIBiKT!h<;nipWy3%TTv7A{%ZSQMCg`K(V~Q#-Tz
z@>zjvFKV3A(%f)8`#9l|hLW<fh6$zNhLQ;l<>hn2b3<XA8BHje3m3DZBwSqFFmJ-V
z(s?D}^0Jcf1aQC{u*UrI^5XJ_c@<^l<1x`c5MBY00s<jO1zE1eO-_hq-qQLT5qVnH
z(A2zeDPl-tipPb<g)rBEv8exZw9bxj{qH2<oTmB(3!@G7(UvBL;pQx!H=zs!{QoC-
z_I@bnfAJhAs`%es{I4WbUS95;_vL=`<TTs<mzEcoPH+WE#*Mq^Uml<QKkomZsIh*}
z_W#-E|FHTe_y7N5(U;**nEvn8{y&TUa3D|m|L+I+UGRY3mw8T3^1l-UCoKObzW)zl
z50G>IUtEqfu#@q>_km^f{{KYT04{iH|9_$`8~0-;a|zz3T!IrN{JZo2kCFdZUaI{6
zZ2Lc<^kn|u`yl-;m&8r}#WOMgqrChm`M>2QWu-{=(D}cm<0oLBSR5*S-|2s%I3O3}
zliJ*#=y>l_|J$b4Tsp|@PR%yR^>G*P8oyg9Wf5Idmu}*UxWcX>_<O4B6#VDHwF`IZ
z6VX@Bw_o>jzFj`mj>X67S37sGG<3c*`*BWJqpEi`PLX!bcW+qT&b~%ZtmnJpchPy$
zPgNiHuSd6NJtMEd^|9kNPc?A*r3(JZ3qsF-DVXykYNUMiHS{sPK6UG$N8h<z^y=AS
zkS+;yR?1bNQ}wg|BfEb<w{yOT#?1bnISS97ISTKd?C!4IbzhOw-#1tF_i4I1^Elr*
z!?~_K!T$5nUqR~3puPio{>JQLS!-s|P}~rv)EFr~QzeC&jd7j3{?l^$M|A&)=G*m}
zPn}@`&V~N=<C|kT^Y=bDMQVB<R3-789KnFprvIFS%gp{8&a0Bj4d>;_cgHu=ZFv>Q
zzCC$&5(6hOa1sM2F>n$CCo%B<Fb3usR(`>uWHM<?Jon}y_N05<E+clpXFvK~UTpJq
z<*YrY{Rp=AZq6&9f6;ox6&=xfWKfH{%l_^2E|>Sz9jd}@Keo~B(l>*$hRnLbTsh;<
zQ1C1_thQh)stwC$Scb=lz2R!{8ttPCW}iO=g{K?VbdO=x`Hk3Hu9lmP?z|w~95(3q
z1RAt23VIClRl|JA_%Hlt&I<YsvnCi|gTQFjpfICB`vO#57YrNbZw&KK>|@t|2`ja(
z3mS%be{ijUa$T^NH|u#5+qS$50E7vEcg;6g1R&_Wzbha@Lk0rEmjeWc@(ooj0Y_>*
z8r-@Ja35W-z+I3DZeupM#{sZ?fy@s~IY{9Ak#~hIwrnjQ2+|POlnLqZ<3kE8I-gwr
z_$t}-K&@d#F{m{wINPvlf(s0*D%farR|UBZ0wt<~;%@W8=akUHma2erQRrMmoC`xP
ziVqqUe~Ny<u*MnYqF~6dmUws(HdygTR(y>2;LIDO!Y>sGRur)!U|0*KqEISqRur-#
zVpt2L!XUHEeqpl9u31jH)qq_sPGuJH8+?cXaN)xRrddSxUFhdU02dg4Q4j+zEaXK5
z7l3gQIdx%}EW143v2(J^Fb5kZq$IYjHbdw#F1glR`P=su!Ec!GaVtr>Zn#j<6_BSm
z5VK(3>j0M$k?Vp1yZ8>pf`E*Yf(opMw2y5Ir>4!J=k;p7LeA$R&`vKbU*z$+pwBL>
zBp@=`3QntpI<~D4qvnkF_Ll{IgD3?ERph)H;xj*Jm{sgt74+EWUy1?2JP|evV<I2m
zEE6RIJuteU_JdsUSafj~Z2$Zfbct;<x&+cLqL)O2X7Sl!!iV924C)x~=Iermt#7%a
z=#OcwPY06E5qwY1kgG6c-*-7)N2gjj;AArZB*^vIFGV<V4M(oZ9Ql01%)`jn9A)J5
zF>>N^D0z%jw(6}%uS@o}RLex0jxy01N15n!S%M(#+5H&wjdz?u-@NI{!!4iSpuOKa
z%Ag&eAoNv$o+t?rB_j#A{i&BR)b}uyA~Iw-VzieP)QVD6Xr~IEjTzaZ)-Xq7wW3CV
zA3IE10HIJ<Su_f<J;>LXF^*yu`;4OuwXp(_1OW+nT|Q}kYOf0JH72@YByDP}RR<nK
z1H)Pu?2zxaU=P2s{$c#aw6jYGkdym^n^+CHf`*R<<8l)PExBH;+95EnDmx{tN;V}E
z4xsq0`-8jnaCIDRuO4nThiffU^DoF4Zn<G<LrMTel|QVkS(>#!_eCtP{r=#+94yCj
zk~zUM_J2)c9T$;}^7d|;eROm_Y5a+Qv5z_-b^wYhuONVsh%u>gq{|ikH(`U?-?&_M
zUoS?+G%UA2&XTjh9Vuo7*paLI;nhClDDb?!gYZC5sT=qq+jxxPo$(F#QD#LY>Z<Je
zz`*r6>lwlI(Es^HuK)8B?f<aCZT}T41^<UP+5S(?c-JfZfHxo@h6y%@$@0)<u|)Kz
z&%XBzb$hf1Mhs@oXW#U0ng#4>@1|ME{wSNpw)r!W1+a49-`MWZmpaQTRel-0Ci-Yo
zJVr&QcTJHSLz!hzhmOjm8ur_fwSr8g8oX_T*bJ-2IL$D6(*-FQ=t|s7@ykfh5-|ge
z^taoyM*6PCA4dvcB(R@=bR}-46k?>7+XfnCQ|2hq>l|1@7$NM8fSV~{jsV*9U(u4R
z5k|06Xvbi;@T0yVQVZcaO3m?Z`r&)TI>9%fpmn4_($_Mb+G3NRLXxQtS=w8mM8}u5
zWGvort||sYr3~EQw~|Rnj*M$vU|2WOa|m_i(%X{x1s#!pdj3ONwPns9dsEF%TVRbe
ztV=!A0fR_M=(a2$L|l3rMQ~BTeqs$kf{g@`;s24x3|7<ve7GGs@E@eEiyg?3H*woZ
z5$b85?SVogA^@HiNRMVH)j;IUW4}B+w^^WnGoSqgo23LP2cE?W9`Gf6hSYQpJmL?4
z`zaH&AofUsY!*n51p`l2=;Yn(hh=RUf;j@<t518x`>g1TdY}tcA#ASb6@iZ~i_#dx
z6?RY%MeP4%G5yBd;Ue<}(n=r){s+u~@Of?)9_%<Qq=SK+{)<)rob@~X`>+4FQ09#P
zHdRbNdf$=_pP%p@i{7iCUt7_~{u3A>yQOS9(N}W@TdrlxZT(v2@DN+BXUqHgwH$$B
z&XO@EZL{6jujK$^KFF4r_G?+&f6Ps6Ihrj~+}Tgx?4m-89mt`NgTH?CSt9culRxik
z6-XYEuS_nr?puo*>mmNlEH|wCh$q8(NWQYF9L5%m31btj;>ZYZ<IXRrdmiUIbkUC?
zIQKoMW|6M}XAvBxW+D2N1aTJL*-K@XV+v6Ye_sEEf%tP2xGK#6_HyWhY_8iqIJ1Gl
zMf=gmzML&HsM(L6Z&O){KPK#@)tfV)Xc^HrP@&W}U)M8-pk>Z>v<$76);@-@s*@8N
zL*y?UMC?rTpaLVP;8Vu_N*SsKOwG-}`5er%gTTNV?r<v;2^{9&XOe<9M_=<yGy^|%
zL)7gt^|j9~?$<0wc<Dy@?cx2Jd9tPx-5Ic7(KJd=I=X+eLi?$H%?23Fu)o@`Sylhh
zYV9R#b}agy)8^1u?{48g(JERWG7y_cb9G@C3<aVTnI*6tpgrOZnT6J;{nkQ%W(ha6
zXcow7Mt@#Rj36OpVqnr76H{nkA!`)QnMDVYaAg=Tveh*xzQM>E*}A6Ix}i1;fLP}&
z!`yAeI%aW8lIFMwQI_Vomqkd9!*MzMwrll3@(92)`OSt`k}Zz|(9~mhzMEz~`#v^H
z(KI8D00eog4_QT6d)^M0E6cV!1u23_0jzb}QUhjua@KcnmBSyze(_GyEP%Zf*2CCR
zMPlU*iewf<uF&XwWw6nCaFQ{s&oEg~9sg1NoloBQ>L*>*-bZZ11bsE#{W69)D!Ysu
z5Bd!^y3m>WciHCa5Jt#Ib~-byxLahOKxTYuprk!DD&(;O5EVabbng%VD_&n&Rb%cn
z%;(kk3F|DwJd(P#twQ+1=Yxmf04>1Aqpt-#e+>|XuqJLs7|E?h#p^4cs@yTi-Gx6c
zK~)ZZcC`*f|IMIphQ6@@Z#MnoT4!Wf>^S<^w{r0*+H#pW^DS2M73$Ho>U8Gor;kVK
zEz+^{F()>L$lomK5E#?a@fA&%e@q{5yiM=}g+e#mT0w&fkG=Jhf|r@F5cM18CD`Xh
z85)D?w<n1_VIN_byA10i#+Gyc`|2CMv82Ui6#v+Wz2jO|=G{D%JL(R@e8DL0G|V1j
zi^F4z6A#a$r{85Hw;Rcyvd_&wG0cwut059F2cPFC_`s{QZ({H(o&)V6O9AD}`T+{i
z3>5`F;jTg8{2lcsZUbv+i8405IpaTYtE?YfH4Dty-FfP!jo33)(TzUhj+W!^plAX9
z=0(rKUk~G5`9b@$KLtr*I9xHT;e7|K;nvQ+KX@M>WOyIPvOD`;^lrvAQPA1<GcrlW
zCujZ()%@x8fpZvh<S__hb)(cC+nz6Mg>|SRhCpPQ?}&NGTpxkQMj@p)a`lHS&bwJ5
z$Gdr0xTj@A99$>`p0)0-;*P$*WWY<r06Loe*qg4FJeYU@(c|4be65FLtMMM!<2^oX
ze#Nl|%o*>L`Q4aYMtpqueA5Gr0{NC2&Kh={!DRj{_=a*gHJ~*d!zuU-J)mI?GmbN4
z4t&_OrUnGD4Gx+0q4pE%1q^EjW;@-e*hBuD0dBk!T5C^qcyR~uN8Adc`(Dc&fQ*g)
zvWElBeMUF8$cUFshS-adIMpzRBVqxHPm}dP_5RuGa|@r~VwiVaPv#uA{6)?3D!VJP
z`d@e2<6_wSV|IWu31Q&o6)-{l?ZFg-VV&_coE=B1)%ZoOd|kI3LdBFk)oxlITC}`$
z%dZs#zm)lN#{&o)4`0Itl70iC25}~H55A{)*ra9OEibAOf6-4r9K6NR@AM1I9zf&9
zKYPCSQyuu;<sD~7ug1l8b#t&~(k&CMVb)Hv87Ky|1^txPVOh#5KWH2d29-RTN{!eL
zoZ)s^BG^yg@*wPO-)6yb`cIC0&rtATDhUPmU{P-T6Zr7G3+n@bxZ1Ao4z^r!%f;kV
z00<hqO8}wu)V|*S`>10Bm;>L&&pG%bK1^-=g>V1>7=;UMuNBiWaD!L}h|fm#{Y;}E
zC1<`#?`FREG3Ntsa6YkjS*l&;%aJF4jyyrGd~63jlPOn_FCXL!r{y{Dwl8<^L;ez`
zA(E_0fdVq_R?z&{5$zb{^uJ#9N7w6UUuW?Ui=4o4oHZHxVLQS)oPs9RI@_>LGhp9P
zL~_!~I;M^1leU-Eg8fDM2C|pCZWeeU!n7iUE(2QoH$6}Yv|ECzf$()){gbo4#cDoG
zC3|rwNJxz}4cL(*P>JFVGoDCG*dArL{_A`|GLT~cxKqqb0CVO$xa?T#Tl$fH>&xlC
zOZ7h*yt2u{B53aPD*Se$P^r;E!FopQjPT{~+dqoG3y%%YQSrC^ynhaV8(WTvzYiY|
zf9<OOKZL)t{)PBE7?t&S;;tryz`^Wx-w$OCj-Ae>zti6Dw14uL?GHA~_#qs3J&dy-
zv$Fs+9~48POupGu!0c>XORP53#RBB)vhr1&714oq$2a|VCE+TFteN6U-Lz)jY~W4n
zw^g$a-gM}j-pppMFQ8_(9?f+-1OBuSly6+XPlVrRzqA1Wtq2AKw|cM<3<dyfy!Sf_
zGlnJYxd~<adRQ^)(I;V{q>HzG0#2CiYgb^!W|uDdC=Z=y1%u|E&Nn|2+dtI3C-(Bt
zqCK524>sztb=zw^cf{;~%m$M(=1#<qINw@#-~V84d^oGeQhT%1J?xsJf}}p<K8Ich
zn*{$*nEJ3ETL%z%*+RF=+))FnY~t$h9mluXQE7G-AFQg_werJ8{Vt>P<-F?lJSf_T
z$Eg1)Jipt#$?d3JvEP6f!{Y>}m34`y_{EApul$fv|6{5$KaK>4<ND$}Z_7`TT@`;`
z@q3JbLT~KIq?RW*T6><?NUBj}q54k_{4*5%v$3gKPFHckj;i2A&@EH3BA}UzTD1cE
zE%aVCvb837(Yf5gN9g;ZQA9Tivr#zRXb>BPRU-~D7<Wcz?_h*bV8&>-F@bk;WCXS>
z%g&5H6w|Wt2}CthkZ}BTn<t$%XXmsbpxCrqGcaKF2yAOWcJBTUNAU++g6Ns?pE-Sh
z^GMG4PG3wkVBgc?e{uSLOZWYuEB20O*(C4gACtqnJ7jP2TrYNCF7LXTxO?63evE!p
z=j+~U@(R|@p5n50uxvMcsjc4CK{WAh?qc&bCea8~)#6(?5jjP?RM(hdt&va8YV>Xf
z>P-Wz!n`B!bHv=a){t$c+=h9JLo8hzGI!254WE7Iso+kqOCw#v$$oaMg&Tp5<YeeP
z&OJFK-?448yExr-!OswZSQvVRjOX?n=BOY5Bq?26xK!Xa9|b-Z*gyKX+x12CG0Yt#
zYb_4w`r)NwyEk?&^Z(EQ!eJZOU&C)hSVrz&2cwR3R^2U(<-*px@A1|ycjC)*w9s@<
z!Z5eS_PdQ?dx*)MuY2ouCccKsO#7S8pIE*W%Xac79#shu*8P$T;eC9HPqx8_|1;Qu
zB^cJ{3k`R-ck}f8q^vtlP{2Feur9-~WG|c@l8dzNKfsLv!@ZsPgEAgieYW>;cx&Fr
zg%N#RF9Zrl!S1a__f*VDyiXO3_H+I~KUH59T)>NJ;LChiG61VZcJ5Ni6tS&7fII?f
z&e~Z6K*OR(a8Z~lX2b!xa8MH{2E`pNLkLStA!J1lL24UL+lT?(TI*@9G|Z=h8vq1r
zYoS{%79^YpBpA@9D49ZW>oD9^L3~dc>D=f6nto(hGvR1G!x)^&t6v(iB+%GMojt`9
z>-Av3mL>f$it}@Kr?l{K%C?6Dh$}#e{qKlKU(B$LxlThzZw{gXPPNBH$nZ{uBDrCu
zd$#PraeBz8P{eAfOr_Tl#OY8=nu<`I6G6z9fI#7o9r3lC10Nh|V^fsin254;eu8Ya
z?Lk0?EG<>h_a~#fQl4Gv`>JFS0Qq$^fOUomOK4r{=v5DP%(0i<$TRh}-7}a-1{SqC
z1-r0a1mCXY?iv8KUNE3DX)K2<*{sbG>Wq()YlTqXAfZ6YMvr&RI`mI-W&SZl`oP7+
z;J`Cfn;p55s$r`!VZy*-!o4+UrdbR+IfKQ*4vQ70SgHo;LTYi)Qj^!_4HAUAh3t3B
zqG>vyw}6{rh;B%=_%~%-F9wqMKC8%-P?Tw=#N=tFEKFSXHk65VX+)4rS~%_ouOgHZ
z;vLn*d&HmIeKa(XvYL)+m@qqgIE>*8qse!yVG<!~MG$DgKSZGE6-OtKVQwFQKx>Id
z6Cr94NVE#IuqIF_i$EFr!jXBZ9~l4z3)bd+YykR%j!vII4t*A6(g$;==@UqN8wnvf
z^a-R8dqVVqx%sE*L!u@=`}b7BUXK4X0*;<KuZFhuZl2cPiin{rG)%CH#DJl>l08IA
z*f<wThe7M`8(g_;;42F$ywTB`JK0G#s+F<^pFM(2V;Kn&Iq)oAAn<@Bi<qx5RSkD~
z{G2xJV*UERscTfFptsPwc}70eU;R$+<5$saJ$qcU-!p+M$i1k!9YKPEKZB9icHt`4
zn@8wRY5lRM^_AbWPR@739Y9!+ivtR#;ol7~MJcBP5dt7@HutEFlGxt1ol47sqe#8a
zpc;52A2%(HmET85@$)#K`CBzjShvqG-^N!25qeK^>15caQ#khrDqG)hMG+&P>M|;-
zg3F^HGm<-u*mh5v*}B=KX;-}CyTnObu$A%=g9k)|m%d>RShn`=?(ndwFcVbza$Z4K
z<P~ruM18S{3TQ@twqr<YuYhJgx7(qIw~bz&;62CZKwI+-@P+sBsoG6>*|4sMIYjUU
zK}YS0L{CfC{{i)IEhH{oXLQ<Ovm>&02mIL`#M<D<X7`NZj%xFT>R6|*#{3z+BGvG^
zo5xlHWBy3^Pz!>$LlvsdujYoK8>pHp#=P3y$+k^DH>_(hIl{j`OzeQyRRhzT!c%`x
z5;XArv5O_+ljc`o@Q})P-P-_uT6I9#fpsb`6ozF3no|>#Mxuh+^*3e7s!Ul@TI~nf
zR*{1h8KzT`GvNKH(WV5*S}j++J7f5pQn!odH){+NV_4I{#^6p&3UkkI=+Ob_zD@xS
zL1!Ky`Lnb}G=ZFuXe^2j_)pP(sw8*Hw1)(4K!TwgUW`VC5WI5jR#0<m)!JFX%ixf4
zfu71AxaEFEF&xAiuwTjn#DyV{7sI!H-N<w$dAO-P#t?ipPxEvhtt~Lj6~X0Tm-4Fc
zZg1O81QmG0X@*ye19LZuj3m5h$M|kfOB;847^>+pH5Bvg(9^r-8W|=RX{=gzE~@(P
zq8zob?sq_ZYD0B1HbGPu9&hYBC?`BEE8iV;-6aE27fw2{1Hwjxu++rBK&^-ByH4c+
zK=+6PoZ;KlI*6m7LQb)eXmzz^fEnSO9LwXnrFdX4FmJ74Vk&swX}6~mV@8fU=6RW8
znp?GNB4ZiVRz!&orAX!w<Cq~sszurjazwHc6GO^WKZ7`cW^dC8=b{SPBHa)EC^xQ`
zt(9gQh}0xKW(s;&N)GG_*tA@hPdp5hJHXZtr!IBRCI%mCU)U{v-ZD?(Y+khIl~-d2
z30Oh9MGS9~A#rOYrb&HO@MbP4g_T@nWccZS<O(nd&<E>+G5i^r@+5axeGvl4T!Omv
zav(W8v0gyqfPP93wXO)>4EwedYfR0X7fj6*z0H|G5SP+z8MBFds#EA;iDB=jq=}>U
zKUOt17=s`W(F+V~&_L8;mlU-$S-{|Z&%r_LYo(XS#U@UJI>*Y@C#}CF-+shwsP2>r
z$I`J-vECAMgh}mhMYA+_+KOhVZSe;NR;biu8QK)-7b2ZtNhE(jL?ysMpK8|MlureM
z!?_qpgOVe(`s{%E6ty|Ha+BLQre1^=hhD6pGJ^yl>ZSBzN7dS@;AK(dn;cCGO2;Pn
z0L!2N-*L6vt6Yxus-S+jh6`~-Q@g9m!$|Rkx9vM10*L~8YYtQhkbXi+VMBnD%9Sw4
zd1wzTfbGr)+tq=dqEG@<QhA28*p=2V5>qPF8_~iYdF7DVQ`4=HUobXkcZWcAj+pKz
z!KXq>lKl{Cl|LmM6iR$D%|Yzuq4VeiYbawpxVQtZ*N3{*iL!G7hHvKhxa4HjiN<F7
z55j*duNVHqB0<g?{Hd+BAeGB~)z$)hH^NK{-=?&Acf`j6=!6WkhOq&c=+;`pUt{)2
z4JF6hc4oTftV+abX`kA-n`ZjOJZ4{98apyL`e9X<7abX|a6Ij%e|NbgjB9jN!j`C<
zF6{+8%3wmZIZPG@T&X6Q3uv7l$f^LEz&f;;I2v$qBv?n61IwByP;12A22|VF8~9II
z;lsbLv3NZ9$C~!hgQ{a)@c%}$Rt0Jf{~qeK#u|l^D@SzhA8b8qxN-P}#-m`>w<4Va
zesvAFdmOnWIK#ZgGsC>XS8W2f<^ninuOY5eZ5n~}8sKR=lUKVDPgFBiBko0q8*9D_
ztdEH7Io0L|)Ht>N>h4GYfGaW!Ci)A0MR)T82Mtk(YX4YW+HZEkd+?Mbj3h^)+HZzV
zN_O}CM_L)cc~;T8;=iFLaW>2f5ez)zTsw(qX2L^DBk27x3*Te(&V&Q@9%A_W5M^Na
zcL<WbEm$scs5LN_b0eO>^Euhb!OjC&P~F&cCEkIta=0(?8g7brCjOwlcHoON<R`~I
z?7K$f6NW}V9|=i?`vKbtuMh&ZZVmciOI+W<#Fx)gjG?Qj$?)jbp>Yvc%gFeAN1_7o
z!;u3OMi;tNc4!g?$50s0@kwGm%F@|CmpB&8yi+HWLi0dHm>uZkvtRo?O$58gwne()
z)17ImF-@XLtE`;$oTJtQ_;|(uAb1gwO}g!-C}L!YYx)Q~r~kn^!3PxI3OqZE#jST{
zeeND8l}id9#VMXEI>a9J3>Jw-z<?MzQLThloEKS#tjK5IppNzfvIRV9Gj@#-I=}t7
z*OSS<T_hGhFy25oAMR0;ogRP0fv6G?sVW#L;1O=*6l^RbD(WlGC=D~*Dx5JL71bkF
zbpi#+!+Vgwa&8Y&WDv$RpmS1ld+5x<3kB}%S46T@Qk??Dfv1q>0q`K5iw~I~PZ#q8
zc5I?#`Jgq1!B{*6$8JW<gp+Skm^KwMUJm|ed`j@|kGDp-`B!WM`e}n($Sa@yhp!Vc
zlD3x9e}vP2?XmiQd!YVUgtOnh8bGN1ZjJSy!3_YEu|}{RzAuYV+qZl;zFyB@7k$-*
zU1)Z@?zSMU5I@zxidYE39`UY;p)B^4?1&i%feCV4J8NbwpK)?JIm^CGE)-daYC%H4
ze!U}^#5ghy>{`b|3Sstr`2<s%DfB6hv|n#Wd3rYMQ=Uq+@|c}C=5%+upRu+UKfC2M
z*to;5na_fN^QIPeRKkK*VSCR>R<6Jup4d&#v;j}wfEDJ!G_~hH-@BgxK<pRp=YB!q
zqsmg9Q}{#TCIS`FkI)URIKoV~DV~~&UT@piq16$`fL%iz<K@a^*4!)Fh<NA)06RF=
z8DIp5Q{8bs_hv_*$`lziYRuVSN2uK$wK(&L7&q?3bE|nHs{st0FA#J)cv=G0)qYe0
zVSnUyvD(~PQ}I%BQH^yu6bd}3s{!is-qk>4ih|y@Y6wdA6hDm;5!7;ee3Qc&|M3;B
z37I<@OO}JB={`(14`SG!w@cxTLIcmszW*vW4)7gX{uCG{WU!Jr<j7$csO1#rO!d`3
zKO^gFD#B_#(P3CpC^3@?&zg!Xq1`Qi6110+2f<E<jG`k5F>f-yW>7#Wp~m4A)R-c~
z0l<ZG>=|fj1b{Vv;xE(&01)I7Kt5;`zbN+(CwtqN*ex7#dK&(b0zbO(s9yt%xiUWU
zjI8&MTz{p=KU5wAuohmFP^}q1_NM3Nj~XU2TEVp#PiusTXawR10lt`|Jk6qn;IQfY
z41=l#p@0Z>OaX^*I%4@SXtH19xR@8K_Am=XJ~{9`{YimOR3LzqI4zYkQai0rf_LBW
z+>9)Am>p~aJVX!}XR-nfdNNf3=BFZ4b$$CY@S%d$j5V_{paJNJFoR0s7uz+AL#ai9
zx7DIRHZ-y45O-J^Zn-=ag;w^1dt0TX!SPd(=wNonI)}zyK0-li&qFF3rWvbP5PSj1
zF`qqq0283bi>mQznTKtig5kCs^*u7sL}Y(Q&%)ygVp!_8b0m-bdm$^R!<=igOj1q^
zsS+I7cc*5`!S~851mAvIzd~2bXrw<F@G-DH;*1wzxri~h8Q22tGSMcR2HGKe6dot#
zgs@wXQD62reLv#8o5%y+F?iqiI4VCm@H|~B@GRh5%jE?Tc$mBcxL$ziuK+<2OyV9G
z`g1mS_2MIW*NEv*syi<j-!A%rczNeC42N<>N=y$jXvP*mFd*l#sslPx5WK2V2LtwL
zh9Y;WuW&S8DnT~JC_a0`Q<Q(X%>yqvu_W8Romxe|E2U1D_Cljw2ii?EB|CAPMi~d|
zVDLN@h{sa<HOAl>jr;Z}<n_njN@QSwg|G|;ML^U5VxbbW(*y(p6alf~YSa)CIwf|q
zVv&qge3>JMKIf#y7s+vkl3{>KAeGE;etN8&{`)Q$_!@ceycQE=5OskjDzYvo1ulwU
z!-oxII*Tg)Qi`gDmmZg@&gcUXwu0S(&;bZrs|efugd!|%6=A_}WGC+zG6>65p_xE7
zRML176PuX~(k@q|ZFi_HYH%{56W+~i8r#+=Ze2zvK%_f4tbjQ|NOtPmDa62^9DF`7
z!=X3r4$kaD(V-$Q5LZS0;m-b432=)3SUqVEqNO;&XJ4KsoSraez6;-z`GiUKGyF)s
z;w(+R!Ms$)0p5^E(D|^-LlJraHUenxBo0dJe)w2iBlr;effepHw$LL_-iE>8kymVu
zo)?eYq&;6c(e~frLc}lCMfU%EQ4u(7B*BJ2J&v4`$lSV!&ipVrt^`H2^{{vERXPs{
zBsU2v!8y)+h$aYrArz34_Ox-7trO*BCZOd@y?%ssX~#VW-|f?7Ju*1-4_vZqQ<FN<
zE%ZjN9DoR9uNNr8<OoSkkWO3aR1lq~!6IiY?KxwZD0i7415lb*`@4XEFs|qLP$?Pj
z79t69;N3S(;a`feF-uyjHlS5f{$lEtBjYZ|d%FVZUnyidmc(N}!zELF(U7PO5Y{mo
zOhGq_d&H;s$`8q)<WsP&;+^29;6z}x`AXUZ_5+)z6SqK^(P)xy|A^3WXfEjIg7i32
zYF$K8Gp0qupwuTjogtex7VnI`;pT1gv}2Dxr~l}7JKW8TQT0eon+e_)2C^`)$NnXH
zrdNxVj%JlYIADuQL)xuw>`4^Q`Rp;xidRF4w;;7>FP|KG%%~Q6_*3*qnj6qgQ3X?i
z9v^b((J5w2+jsyW$3ON&zy@#Thzmp*)pA;Vg46uVXpW_gioG$Y<xItVgq40entJRK
z!q;EE!9`eyz)H!_f%gF#U3nx$#~0Fk@dGRcU|@rExdVb%AO>TQ$<s5(n`CC+0OL<m
z;}aiw1;U@L4+9E}d+V?r*c#e@UrwxQB-k(g9D6{pQ!uqY2QOKqxaTIkS!(A1W2#5D
z)`GqMljHWoM!)rMq{AZ5i);HG28qZlb}0!@H6eFX6<|>%9|O#+Rx=K>+C}uKu%s}9
z6(CI@#aOAufD3*0o<_BF(O32>&&krG=M6A;dRe<}mSq)o*<JJuAY1SdJFy{JiK%uQ
zMfls<cc)NW{lRFN??c>2TO2z8{f1Bv4~lBx^BX$t7Y?tN9xz}IF(3v?c-MRh;~4eN
z8w;N;lpXEpf-qBz+w)IHZu5f+Ts~?^G_dl&+FOW>aB;P?oA0w1WB;9=i+jhAxgFzT
ziqS3S#@F+eN#G^>v9`>1fC(8X@`R&|bgGHRL*RQOhU~swy&C{;-$AC~smbXcY`CrI
z`4v6Qry!1Q;()j4acQC+9D~xXb46j*kVK0;4J{1#>w|{-@x25sd3!Iv__Q_CpJAea
zPwdI~gs1HikJLewAiEDcfvisseiu&_{Dy$u8o?|m1U#1*=5xh6@$@lvv}Y$fD-tUX
z>j!SSF}=%Gbb|+=S<}=qrg_Y1`8W-$|C#rZy!PJnt3ZGb#Zg78WNr07GZyYt^cbb-
zfyB!piX3@CwONaT$7XPKv5cr!4!pan6uhKSE!e>z+QZD}MifQuq!5OaZK207@j#zh
zn1m^FKPg}oJ*kjr5s5HylU!htrUKb2(b{7i3kx7yz_S2ON7+B2$0KuCF&P8TJ_lS)
zHx?g^y*+8=yfi0b54Y7a@)5MXwGwLlR<GH!>J6Z(HMTdo=LmS-M4(U63o}umu<Eh+
zH_BchbAXfpe5_1n2}+aOF~^GgkA;u+DT0r};um9YO<H*c)8B~*P*LZqWd;SsmxtcO
z7Dm>09i9ug4)fdaw6Me=<=)>NLHr69xeEiXctkV`@10K$J<d_{!;b;NphNu3G?m;r
z2+5)O6cX{#I^epZ<RzBGGJUk1@%Bx2<egh+c6stJ3BceGGIS`r_8S<4M_CclpO#v3
zM(nMy^_j&jqj`jGpDM{?+<PgbqP-!UfBCQ#_rrP1XL|hg&}uw+Lt4BC`{{0^hM8{_
z;mLuOgYe2a>neyD;u>OYDqf>loCdLYjbZ_@MxaJXue+tNvS?E;kj3-QikDij202}v
z8W1_I#juFFRdcg%zt*78gOw@t5LW<$#&Nu}Mp?sUutcn^B_ax$=2->Krv`|-9M|-t
ztsD)L^?lQ!6~A-vyRuU78{lXd2>7{H9|U7#j-&ANoG0Q^4P+Z&7hot(4#k87l3%52
z?T1O8SUTY@XTG<Ya4aG8d?oiFprWQYHve`lhDG2UI*#iu^tN3DiL@exROM|S6$L(7
zq3&bUbN18o6wUx`2e=^*gULdOGq>QA(I+r-1kZngW{^t09Ru!nvb7g$NKPxXCd=q+
zI`opl+~?Nsq~Jqy0gBNw)0Hw4(QQ@w$R%pFO5qqqB;Vx(M#4{-?YgN|5F4os;0p~@
zm*QuEzR?mmB^tqJKC`1J*2^YP4R*cIAx~o|b78Q;D)tm0wzw98Vt?~5g85Ka`~waT
zeB@R(00t7<9hWbM9uF`lTizd(qCbbhBCt*>4NIdNI~t(-@_IF6VJ5mYi+)+^(jCc?
zf^&~1@U#F{94-RJ@#VI-QU~`x;Pv!@(EjVWoKZ&QHp;>MKZjHAU%9r-aez37Ac}@H
zHJmRS?P`H3v_EtWnvlhXPEP_~eTM+Q`T&_8fa`<iwZ^vhV&}oD(aH*fRslrz@a3mw
zHa(^dM*7;}w+K|BiN_`~RiO-+L$8fI!iycK;~2Ar>=T7vxZ{==t3hNTB1_>_4X=E>
zs^yj6zMftoJSy>l%={qct<gLvWSR};r!B%_M{$0~o%Y+OUx8J_xuW}VMtb_OI2;od
zT8FBR0H18JZiIaN4)U=GriC-Z_~W4tKqbZp&bLJK4RcCuadIN;_DY0k|7e)w_-bc#
zh~N-4+0BX-e=xdFAs7gAXULqhLT7NU(YaO=@!fEIL1E|1`3S!^*NCr=j1#{-wwj|k
z$XoIn(Lv<lxYfP3ms4dZ5-f*`BtAQR-d@KSDm;dE`jbPSb1rf88&wY8-%{~H^E{(_
zJ6a>qx|a@a#r9>V80J2sXcr|6vI{E-ck}}W$U&T8(nUefmOuwxOOV3;9DN+{RD@h2
z(f-k~BY$!BP&hKIc%kWjCu$P{d|;zc*TC>SFj3$G4^j#^BQ6964=y5{58qYz9))j#
z4d2X&9Bp4g-%ykSy%+8aDt1TDp<YN2VjmFS1^XfL30$ro0E0aUTp#GHW$JacKscr(
zW<M@N9ut(<PTzpgbP+4qEZpx<LVf4ZV<nHZQ~M+LsDeX9kVt)~M-%SZG8i4X?k!`~
z#V82@p~Md%;OmlH_NUZb#w0GHc`jsNgdm`0T)cIK-T}O_3QY2K=k9sl$u=CCIZh)B
zGzMTSPi;9n{-V?Bk<3<KW-B2c@I|C?>RfyMbcL+PPo@Q<WSWII{2lRAZNE6hDpHn<
z57i&84#6qH){6MRV30}-hE;p)hs1}|NAfxSC#nA69~g(Y1Q#lHFS|CI2^>v%42%xp
z9AG2CXw&J&;l27Y%`y%u$Y0%^{PiCJ?_CV;VWd!EoBA+-n_#T2yF-ma&f7-E66<D!
zD)S6HXT3ARf^V!>%sMTid$b@ewfIG{csh$|Rw^MWAVd9GDWCIV;jtr7kf0%sCs(f2
zEY!G+x`~8Aa4Lkr#a&L#)vOUgA~v$;Iy&3BkY|!J*O|_UdD(Ma5Fe*&6jCUiO8cCO
zSZMrur`xU;4G0z}pB#KmDi?hD=y(UXDTB$T8JH^iK!uupT|CKDC&qa83EuYMvY@%!
z>?-~n+EwiEwr|1EMm=JTGjQyY2dja_L!CI?v#V+<I$E0fq#T|Cake{nFayb1d|kp&
zn0Kt?G7pmZ3SH4iX5Vg?Ffb<S?9Ibu=+xunzvUFF+~(xe(T<+=btSosiXXQODt<A!
zLjk_-G7K2MzDd(_LsVz9Nn~k2e2w6lXzW0QydXktAjfhrU#bP0_5q@Sjv=GTKq&3m
zDL}}G-X}SO<M=)FM;b9v<4T_!A}CBHu3ZbomWt5&C0-9RSkBR)f}xxK-iOz^;)p@g
z(-ndv5*mh!K~7{yn${9Gg}8B+A32JB88Keg6DWQ*_T~q??RQ}XP_oGMe<mAt%=~%+
zyUazb<CEQ|7}n?!HrJ(Yt-KMgr+C+a1w(x4#!Q4?)r{u~2a_9crY;xB7QEG|%OjOd
zuQ-FHkc5fO!V;mb@{?N$)4D};fnwsm$*Xz>6AxTuVRE;?15x+)@fF4VP|*PeL?d6@
zLtCvM&;f3yi5>-Brs2ILlLOMeTRkf5Jhan2IjoB#{LXz}?>;;+0s4dVjNIs8^ttiY
zX3awFpNI54=G@I>pi;G*91tYn4I{Xso6VC>ehoL=)36(Y_O~X7@EkJ=-~nA~teOk}
z2Eq10mEy}JtMI5ujb~1Vio-vO+3E3J&V(-^P$>;$Ip}76n(eUb0|Cb1N}CNjys}+J
z9f#z-f|KB&%W!jN(X@~Q9ULJ7NQ9)?0?EUTB7mOWr?Ekfe%Xj;5P+{nQewH0^3%JF
zA?q2+gQCC-tydSq^3vNHa&NjYb~+1r#Lfz*wfR${2+mB8(Rl=Xuoc3W2W5cE7Z4p(
zjf#w-?MUA^f~RS{a#+8Iy6ZWcnzg`9vjk+|;VUi%1Bu7%<_!*znDwfJs<8_P5uuHE
zg+xmL(u@(<LG29jH2kossf<n>^jX)t251AAkjl+nxicg^#o3G<DC9%ZYE{1{(qr$Z
z@-Tm8410#|j?bP*41&*RlR&kXxLR)SyOYVOoe3DEU0KNKv=NN#g#01*WPR%bq7T`q
zkUKCy#rEbD6udVR8j%)c0SxzwH91UXdJ!*-l<j~uc`WZ|h^wDLfg&LNO(1;tKZyIp
zo#JUut~DxlG^IfSlQEmdrd4?j57vs}fD$?UGU){=2dH}cu{F^QRUmFgqwpe;mgYBX
zntIgpR?C^7z3PBa80XMEXqIBVG$-i?Laa9R698aE%ng=rQ@;XWfwS9!z35wGf!AT0
z#6nW+FSsk%!7)4E%p;AUzI%AyEoIQZFm247M=<2zVDvV7)B{TH-Nq!Oak#v(U!a(S
zO9%Kp0dEXx-svK~D^l0;91j!M8ZlJ>Y(N%!hl)UtFk-J9q2;LsG?;U*fnU?vz{?Bt
z;zUZeJCx#68xNwox~QW%)&T+eowwQwffH!k4~d9u%@mOr2owly>ZkH^Ma8>@Z!B@-
z#Jk3e_G+|DS*ac-gCGK>MQ;twI3<=WtU&^Z!n;-~y!?#jVXuEM*#K+;tO$X~GKf;D
z8+jnYfPzDnzdG5eaP6Q^kh}U@;5<NC25ELJI|YwW<=s4v6YnOfpqMZohSPLM${Q|w
zQB{M|Rol1}`1h9-^gfL4E!{QdOrK$1610DSy@p|S*I1anyVH+mc!wvmfxrPB(6a!j
z?`z1`?~f6#U1<jIn!mvJtwDz1dYO<eJ)@ZB!@*V*sIJFQ4j&#z<)FxudN7AW(UmK7
z9>*~(HQXgQUbzXlNX#bz(tLxx{B9%p40&qVWTlW4JEYWQbRVCVDT2&H*A{i9_{@Ah
zv$?r7v5T&}CN1Ak>G0vvs7npyZF`lDuhLT9)%%?rtX}DQrJ}sC9@Ho`<z4fXw8~Od
z(+#ulpA-U(X&Q;GiD6uWMMc%+jm?sI$Z`k<45X#Rc2Y%+9@Mu=+}gYpi@bWKun2hp
zrdl&a>WM|XQ^pX5u=-UbrNuYgseOpEZlKO#78Hq?covnQsQ#q&ojf1XegTE*fI&7!
zdz`OPE@sQme8~ehA~Z0+U<OfP;H_c<NoIJS5HEZI1HZ=nM4msPr?fy1og#$`usUJK
z=ziE@s2y0d^RY4G*)fA7csB-Isnl%|btD+8kkB$g#qWxKNhPX8O=eJf+a6%es<)LU
zRIJJ|%s~V^V3^Fy;FKo4maTrirc}UPeTC9BT8i-qK;F&pEhRGK<M#rsAsU&C7vnDr
zrGyrW@kXo!QQEg5r;>Ds(*q^6hWC+OX`$WP_pl^-Lb2-}7km&s1hEXJk%maKIGDH;
z&~TAydbC4pkXhs>ZhluJCTN3b`aB)J>&)<DAn~k&<w!X_&;n~&hJn`8_rd*cej^t;
zgmQj(U8t`ybDlop-o&c<4r5`5!GzHvftwK|K=*(sa7^n$tbql7DZrdgfhSeKj%Yy-
zhhnR`wgr9qUNvkB9??()9Ef0#(alG|IRU<lJJz-Ze}Q)R`X!sICNAB?!*8sk6;=F@
zUzV#2437oNHS%KPXb6pk6y*$vpdo=DfeM_7?Ixbjl!56f;O0SngAiStj6ens*w4!;
zR9jFjLk%KJ`9}t6C3(|;-2w1gp9*#mOk@x+lb4tLbutGI>}L89mxUQ2C%{o$rvbz<
z*lA~=0w@!RQ=RcFx-Q~VBB&-7QvI0C%j9dQeCfuAnT01c7T_fi8#V_Kw9u<*3*IYZ
zI7M_Rfc~s9*s$a}H5WwO+jg6mz~Pm`ul$`n$_I?lCnSB~`~fU-CZJ}KtL0Sg?ND0C
z2GU;Abi8fnaU2kPlS5a!FC79vkBoqwAYc^$(Z7RbxEJ6C>vFm(sB7fd_=Ohp;h?-Q
zoR2X+6|B`D@d@cWOAvhaw!Jw74e`og@16Id(%a@|6WBIy+x=uE`1szo#p-Gh$^bvg
z21h>_U$b6o;Cpy>l%m-bfcU5ajZdaSFIZPX8+HXq7Lib(o!`BJb}j)&16YON$b>S*
zwXDp9KE<`H+{CdGmO{kP!BTDYG;rhCCNY9`n&&K_w?fTW(7OwKaepw(RZYaZleos!
z^0W!=*77d)ytvw0OaL6k1)Zo?Ezzyc_i}+vq-mnk4#>6Dos|aoC*`d{PB|2miA!a~
zoMl*_hkow@4s;`VTMT$m5CSC0w@_^#DdeEjon{ij2$)1r2T}-w#5$3#-@~WoH4b-*
zHHUXjL^}+N+*9U(PgI?}x3}{S<`45l7Z~kWG>`>*Du3{JIB~5aD=1v2*i-wUc=LdI
z<g%ak*(AMa)G}02q5a1ZpzLT)2v`%#g~VFZ$2!nfqX2ud8O|c;{gc7c97j{FaU|B-
z!2%7ogCR1QVz$IK@nZBs2Cox2P5g;u835xrBj|^1jm#CI0Z$AVMt>5eGSHDB-nOTd
zB%Y!@gV>Rw-Zf3Eb$C3B|M|KvWjaX9R&a(3Pi=sY5-$r0K^qhqCiH95tE8#ou1j3e
z3OSPkS(lTn_!GgS%@J<_+k@;aIMbqP5}X|YuAht}S14f#oiO}rUK|Z1_E%6`E6vpY
z!7!oz5Bw<;3jGu-Psgx~y#y8P)XQ&xOxkmQro#F^=wi=xx>af&E8&%e892cJqS<iE
zg*e7mY9r83J;EX$GNDx&(LH?nR`;NlR<-FKE@9ggE&{lH(k3o$<0Ak>^)lyTF)sij
zdDG$1UNVme@4Hlj+B$#@#8Ob2`2o40oV48XIXiusrV>>o-y4kGt2~0ymDtBzk)sib
z)cCi91X$q`OYtSX%N~gBd+$tQo!+*Kx%k+TVcxbU6<-dIPQ?AG-Zd|=WhO7mi$oBj
zfSIP+z%I3j*m34hd`6Iyq4lH#awRhKH^_*--nO6&KFEL)rao_i`jQ)}^QL9kj38dB
zs=TX*%DAdTsr$d`-uz)-QDVqg_inCC@wRu(Hc3Fa0dKxR>1|Lsu_GV!u6bJek(-wL
z6Px7b28{4If8twmGk^hEK;eO>eOJ&H8bKV<Lv|YZ1wDN1%EBXHq8fGYlwD!0fV^=+
zc4dT!lVkR^CjjfHpwXs8<$UF09&bq+0Q29WV`x4aJS5BcpfT|-MS<bG67(;{OS>}A
zzgAGGN)-B+NeLYu!TaP4yw`}^xdeDeX$tRCrNd-}_psb70TyrZCoYhi0r1{PBsUW8
zy_7Y)Hbw67Ft?JGTx1*X1+q6BAjKSHJ2=uHAf_O0n3kr*FLI5%usi%E{@mb=%3n%}
zW}Dhaz^u^;2gC4q11ky}W=MbIg*2)FJ2h~PIP2gg7sL`#6G;p?L3jT9hqye=GvDNh
zI4AbDeNU-?k>0k`l?w2B*SswA4PZ9BYn~Ox(Kd-cl)|U!zwneU6|ggxDa#8X%w<5O
z;=xbM-^#YkZ&jkSoTiED`ta`zOM+AMAQ4UC9V)9)2^ov+gvSlHJqI@}Q(1CC+nle_
zaKgIM3PLyCgp3h_$=k%|>DQ&qlrmXs3BQ~~f8uF2T^FRyK(MLp3i2wz5eJjbjaCLt
z0^|uPf;>4ybNHwu#G%O>YUmSNKXnY&&vohDoLV9b$T@#dbqri!fv<t-y_?lGx1be8
zqRqGA0vp2(_yVtP=3lg-t##T&N22~4Qs1@_V>ovRw>$LAWEz9?#~=NoBE=_iFZNt}
zqEeu&x8X}%E%NB#UVY0RAi}}$$9d}!&Y?W1BHi7SI8#BjfiNBgsyg<<pLG(v%=C}N
zFG=~wXyBntfm;)QJ{nZD91MT-U_2cYsH8}D_aq)=ciEu6NG3IZocN<;1ZkHSJkW@l
zyth9szMta=!$7M`sBx{{f8wb3W~3VrfTY<3XSUX}vr}(ZahhsAZdt?5C&b5>fT0o-
zsjV~opu}%QH8~p(IJ0NGNd&@qpttZ9H*R9RM|eVl$gMsO@U|gCpZ)~4w{L@LxEd6_
z41c+`UF>XapSlV)sjY2#=iSO45aQ*8LnI#sPi~^$_bCD9F1-uV4ylQ}hLj#)7Rul)
zSOdsMr<SsRu~=$47Z~?n>8b)=>KlHZ>?OS47UEyy*9Xtuwnymop;-vcfTHYxgbG~H
z>r@+nRBR&g8E2dUy2>!=u8C5#eX@hI7vV~PQGe3$L5bHMJOgn-<_|!Z8%K+%8rcz5
zWIjXAI2<FX25>7oVqDkadJoINtP6C^7o3Zg(^;?z(}x}sE?p|2&C7K3wfW<0X6VRk
ztrK~z%Z$9rxXRg>ogH39(gEK?kdBiMCi7*6Nc%RV1F&C6g;Q6ECO{+%W_`c_Y~oWC
zh8W&hA_&aE-(vi{ip0Btk_a0RH(}=@#0wmg*1@pe_$<&cx}Xt<K4M(CW5&K-$F`wc
zRBT(4E#Y=lAqL&96BV%ur@2L0p?!%cEb&a(TelF^BrW(PwBKd_70D3*+Q`ip*a#m2
z@cKw^*la}4Pml8;NnjD1d3JX)xy6<u$oW3psT3esjxS?1@j5O5klRf?s9JSN!2%v*
z1(4VFapc9RJEXZ8ND^g@VPceT@8u|Y1+!TICg3+;#^U{w9&0m`LlHif2D0{5>V^Xw
ztH!1#Nlzc!i7{mr-IYE7hM5o-Ouq<*Mfl{<YvXBZ{c*KIg+f13>#@(>fe~{@$mzdW
z^#>`L+@kQ88cOi@;&$Lqp%g2BfMY@}QctdNgC((gImP$3{Ta~3d3r!>N?wdW@fKzP
z4@vfHieaOdrCWj>lhSezTBc_z73i_?<0D%Bu5^1$%CtU@{SCASjydJTJb?lUmU4XU
z=g&Kg8ou&8tX9SFjbv*NBqL5RNbK$Ci}yW`N-V_eY&>e^nVF4uqp|Hf$L;ESA+vZd
z$3XB>#<=M$R6n7}q>?vKk%Qk69}xN!Iw_X+B@!-MMD~Yeoa!_7*m#@*Kh)4;6d~aX
zU(BL`)xp6x7`g+rBvDbtxU@d1mtvp*XPJ0Z>&MuhPv^m5eFq8evwO~T6OPo%<A6GK
z4??5QPQ$&ngNsQCi={=<V<#jqLV=BKE9}CWGCw)%n*rAo@>ht-mMc1}z?XM5en8Ik
z#CPxq6)bUgRBUY?2De;po;CMic|mzE%N6nxdJ(JI=TpqZh4_(qbCDxa^W<3q5%Nn!
z>A0ewW+yIFbP!oWPiFN1BRon)x{n~_@ecyZR71QeQ2~|H&SU?E0Ei5l`7$by5`>%+
zXu!@D4y5@6bBIWb7E_yvh=EviQXwS^jcNQr2Od#}S@uYPx9Wg6!SHwJ`x;gq3?*M{
zoGQS5O>nl*5e`Grs8B7vYtDs4810Ui2qCQ_(_!I=v}Tl+uoS1M7!u<!+hqaXzYNh_
zLHdfdSx9CcBIyGaTbt_fQ%z0(22@J4Hp2B`Sx~j|{el9o2+1@mSs=27_SxAt+0O~1
z%XHkK;soPb4<v2{Cu+F|E)tj96`!dIoL*;ZE5Q+RqB-eDSpcjQh!lJ%4=4zLr9!&}
zZdbg`VU}`vXhG&i&qM{$mBM4|gR)#`mQ$_PO}K_GYXMpv#A9=alIZw!NiEjy)Gjd6
z*LC6awNab+zV^Kp{b~d0$_0gqyI83gjX6`FG(U*{vM(P*;`2bDOCcMPSYg8iqqj@?
zAzVRT6_OcX;b|Q4u^)R`))Bp&?SU9@!Tz(cOTt1XIusPQMQeKH{L2l7QUt_7vx>Ca
zXG-)KN%QeL9F+cc8XnPote<|{c&fllOG)YACwsar5i*6IZp&``W{|Neq002ETUr|@
zqXm9$WCMe{n%xwzTYA~S>3uJs9$A%8WlrxvXQk>rm%Sm`@+gPZ+PFY*5gz?>O0CxA
zD6Hseo=(MSA&W~MhRS~iF<ml20O7kj(*8{5shtM@-rH7B8+T-|x9!uoNW!mD6F5WR
zwZw1?eBUAC!}+-0`=iR`Y<?$Cf^k#^e8`63HMzieObUo^beJAQjIay2-TwY3QMKJc
zc(Xj1!RPv{>IEFU<y-OIyCYaD%-7wbs1W2}M36~nS7+mmIc~8|h>M3}6K3iMEQ?Z#
zG!tMFR4P@KCVN04pVVR&wsd%X+IOJ3#O2B>P$~!eAwUEl>z59gKQR=KMug`+EHpq9
zIlq_2QhrLRd>rj9es1)Y*pXAbYhH&`B+eG`teh<?8~sc5tYu<7s(`B;`Pel~_zg&@
zp=+HVl$<GK^@>zLP;`DT%qx~?e;p5DLk3z(sI<^NF9>(igWsD!i%{z#Uet=hv0wU|
z&QQkt{MI`!xw__m$XKHb?v?QCsDf5OI-K)saL!;&ABFc>&D3#n_2RBmmEBf7k~oV1
zumBBCt%RExR1)Y7PkNHJA0b5rJOgsVH5cs9VQwm1K`zrS`)LLcYNLwf2rPKl+aZS>
zlP=@JvSIC>JnA713`P}xLEf&ZS%-mdJqjKK#PxHD5>NxJolhG7?N!0u%3c`=|G-{R
zcS0|A@T-HPE6FoO@+3_?Y+XjdiZaiOtyAKYm8j8*ni}geUp1cns<J+VCwy-P`5u+`
z*;T??R3WVSFxq(6%!bEO$pbA{@j;||E;0bqa#F4lU}|^Ay7vg`c}lRB-_~W|D~1}N
zDr-GbgFT*i^JR6&`^JwI;g5*-YuKPx#{Q1U{!`9~Zf)YvkX)eSj>z-lTcC9|Yz+e9
ztr)7hXe-`ydZaq`vX^Obp(^~^b3I;{4vDMA`GRCS$<aP=;9c`LdQ>KVQtdvZ7|so-
zGH1N)4tY-~p{~|>`$$ve$qO>T-D?ARSWUe=GhY<5fe0zKT$#mmPgz_f4{&poV?9;Q
zBuWp^2zJzH6s6lpeBt-v>3=(9gFnh=5Y+DeT<l9g)DNrWX6Nl5-d%m}pu`!JXs3_l
zC8|E&HDf_Mryp~LC0`i%zUXHSXVRY8qpQ2ON=N*J)Ue&v<{&bHcg=l(AuF4&yF*C`
z_2)NEC%v_y-m>u}^`FR{whEAct`&*^?VT-(&$a^q%2IT%LL`>V##~Ni$iXhmPq-I_
zNE2SfP_1xQ(GP_R$rwqH7z1^sxoJ>zB7;I><sAhhjT9t!*{$qr8*5A~0!*9SP9{$L
zK|CdJ!w#5Oq-6@XVm918m9<zTk$LPsDCz#dg5{Xf7CJ82%u!s12@}fzFta*mM?^Fz
zREf7>_rW!M)EB0f&-B*I<0yaQFVAgD+>YwBJ`jIpBf=8!R|58^Q;Gb%0s~%v0X*BU
zOhrL=UXbhH43s^&fJTFz<9zY};@Q8VV#_P2bvk|r9aG}0JhZIbt5sDl^`!ciuyoNj
z00QW-@5sZJFkkk9>RqCE>EOtC#2NZ$PjJoYhp_=e&U&s_>#3!Nt`n2~A*x>lj0(|M
z_{QEc1Z$RhEGvLw+>I^piw}VJ=H6nhp`0k}F@Y~2<6Lc+uNtemxfe6cpYnYKLsp)_
z&6}0?Gk&@Ae#&<W3|WC3OPh)827VM>8iQ#wr@uHgJ=hVfxv`fJKzFo!!LZ5-0)zvc
z62gn`L{9PM4Wm#T2;@-hfR0bswfvUc7682pA|Hcq728&e+*A4-ShM|sUvXv9dQmW<
z-k|Wb^GK22iCV3Eg%AsA`rLUVHk4o--1038x=pvV5j<sASglH_r8+-2P-nK`C)t&_
zCEGT!G>3lYASMBR^lu4&nP|W&tUIWSB(fXDue{LPkK*^gkopfR7~C>R+L3pj{kz%<
z43A?LvWa@(7n)&|Ga&v_B)fmP;_OG8KdkoE%*1k%$w$U3Wh#iqy`O*p$i_Qe`B|s(
z^Qgqn)87SDxT2#n1YrYa1Ms&p9unr$6CIFISIcX-s)CRGPD{vs6*3K4@^(wRgMcr#
zb2V5sR)Wc=-^1ud!67)-x~FTU8WOA!fm#|%t2&mf9!SmJ-AW}#RU1F_tq2fX1^*Gv
z;6#EuaRDBpN~MtF!e{^W9RPcY%;LUvC;}`I703y9L1t(KuuYIz0MRhq^}T{W{G{pG
z-WIGQAtc{(JA4wj9EIo^&yyVmI))H(GAzWMQECx4cn=ITiI1#|h|qF;dsoj!&YC@+
z9t)!60kq6m6m!!Ei#@-NBjsx$h9iFg^C2EY6{)X$#xaNrb2cfp*7mZJZu#>P(Z?M>
zytdV)vwm(RwH~zZ(0ddC5%7qs0+3w<`GULx55G~)AyRNATQ_iIpp(iKPn&P?;GSH0
z=f_bFVv5p5J#}bi{Zd`e^7L?Po#B{I;A$x_fN3#xprw8PQlK2GRJIR$VGPf9*x*TK
zFlNRjH7`H7yhLBxW3UBB;}GucU&yIZ+8SVqEGLiPk~>9Q=F=>QHINu@eD<9YtOmSf
z4<+1aNVv&i8Qob-KT~bMvPMbSlz8jEJ0m?kN%)YHyO*7lwgitoifx7l3ag$E*zL+w
z6qESD5_T2%opYt^+3Ao=hmOaxXVbCeu>VFK4LZufEJkq_V(-GrQj|EBakGD@hu~2w
zNUK(mVaw{V0#a@h$Uq#~C6ZGzx?rtrQ}moxq}FgNA3cRoD^ka@9(HtKvm&!uwi{(A
zq5`4KJscEa;^UXdokra}_Bs5hcCE4TCBHIxC|{&4wX*J3iWWa)TW*|O(K)GFhoQxz
zgWtVnwn#M1to9S|EsTM02^??P@XZKT$t~TD%P}bUjLS@qsCXKnJCb#XbK^c&vU*W&
ze+q5_AKIWgkQZd-6|{0CMK*N6dT8ENFGJtB@cv^nZ`XQ}Nj{wb`&O_PcZln;5w!GI
zMN1dQ@6p;@KORA)!uI5M`&W|*iJlD3BP)RvDqutiZopmq8@fB-<-qKQOOjj|9O5X9
zbU|B?yvdg$D{@38dqEC$lFrHC$+xN81T>W{M{Nqtz1JA52SjVK89_d3hXBVGebs4?
z;$(#^5H#xocpPmiQ3$n&Avjrj3>P|-Kn+|LN6~TLjb@ujE7a8SCa!O0vzf?^6^XER
zK}Lai@QrNVp_?z~jj%Mtu9bzj-z}92SN10>LHQZ4WEzl*4x;GdS!kT%(joS*ZovJj
zZ8SBsvbLhrm*6u)+sU1biiaIqXToP*j*7HN+IJw`8O=o4GvC*?5*UPk;!AOEDg?RW
z-};q#R!&1%zIq736f7Zdzi_8Kgs`eJ08g0aNkSmv{{HL@uof)+$oN%XQJT{pTh0k_
zj1&($MQ5R?@4p4Qe(>!(Eb!rkRL39j9bnT`Pyt8~d1e_yxl=V(fUf@fF@BRw3eL1k
z7aV<%=#w1E+a_|uyhM;Ygckx$@l|Z~#yT)E{I${6GwKZFIxrWv#c~R=m2JUa%o6P2
zo2fc2KwQxSd<2^>GH_EU+Hux1kY|)preQh9zes50CkW93t%4XPpqg9L0Dy-Xf>5if
z2$d+{6EiXg*K;~TMFvKUU=(?|T{!0#-I7}s{Hr7IV!EgJunKg@SK%WQ*>mP-b&Z&O
zNY*b8?uiw{#5Oag5^Lbmv195Z3?acd*?;XK6ms4zdjTf~gC|*mqL1+jgH@gCq2FOh
z+xFi6YYarmPd%oIpI2VZ?NnAF9`Nma8|hEB6Y<D={<qjDLaN`6BYeEkus*CGzsugt
z>nHFKt;a@2KcUyXRaite^l-@W{((BYNmX_4?ogZkUSrr+sMT-LvqjX%{2*8t(J*XT
z;E0sr96}!6<72yRf_|1`7v#rdyU!=!xg_JQ4wsjf5#53n^@_v9S*WMU$dbpuX5mk@
zBx7j&@v-Mj{2?fjjVj`AV{RcfK1J{TG2Ya}%}2!{PCnFgfSEy&6rPaEGnFz<L@gqs
z#yW^1pI*xqVnKc)BTPi~t&9J=gQXFrxmYSCmeQXbe9ica;0rpOKS_xZp}-Z=pei4f
z4GA|BcsQ&*53k6|Mc?;wF-7!!Ew}J^=u2^+B<FY$n1foxZkGW!98IgA+m1%!oAoM*
z7BJHaZu#^f5_G2ePkv|wqHmW@gk{+4;N`EyT&FzbhCgX^<nqt;+=9sabmZ-p*ynH$
zE`d<3Ji^A|KM*Vnx<t~bU&~>s$7T74GDNb=yZW0_xDP^NF!dQfp@SbSP5zAgIPVu)
zb9)SoFixZ%**}ZVl*YOsvirS?k)UPt`X%_r^EnB=^=C7~MCLW^Iey6}1;fp)Ku%#-
z{7(+Pwui_^xj2xMHvpUQ$>FEBaWDe>1sG>2G!RBnF=P(Zo`+w9NaP^vB@9Kql-6H6
zysLNS7UH4HB1CK7fC_^K!sZ@K;gvmbApW7dv}HU^Kz3$iBY_`1QZGH=><WX!IAE;v
z2uH)?`+XRBFSQXAw;tIapWuufzbJ(a)f%CYy+#sGd*K0K#FG#|#YifMm9Dw@_rPhO
zE1u^JbCV2{i<j)5(<AaA+4-8~aC)oY6_F1NpoN?TrC1_UhUk0Y1LqiAp;&^aS{biE
z$IHIpA!K}V=y~BGp=ac1AQ{I1DfMCr1riNASmG)dgrF8jYc#fn5@A;%X9rG`uiws8
zhSvir*~*ZwECI3bes+RKJ;+0$7gB?_eCud~AKr~K5#!vhzOU;w=dSlvSuaSySFF*n
zI<MFe-IrpX9`#Em9v_C`FPV6ZA<2*6vcT1gZ5+Z=?7G%@JIC%ODpACrSn3e82%tcR
zWHyAfN+1ioDgNKg&D^}xk<nw3{ou-QtbyTQ`6q!ttb8GKH3aR}YMzu@UtEE|a2r;`
zTXH?=3ZO0K3t6jKuCgcg*f>ueY27C!$V3@EeNUhH0+2mAo!7DahXe~9_51QTMWDqW
z?{(gybo*G0EEtql*6Kz&i}Yk?8RqDqp$q7Rskt+9J6@zk0&8IRu}ZoDN!BWYlWOF#
zPvK@cJ%M>2TcXowQ<kWfn^cSLFsv`iKyrkoUh@MCh7|^L=syWN2#6piuc76I{DmIj
zqkte(cL(MG!o+o?kBTc_y!Nq(l=(@qfV~mHMx|bdEKhf|hxY48hulvZ@&bgw#^omT
zEq->@oAjES$AK_o#Y0{|RMSJ|qpRS1xRSSn?NB&2xmC4pLS8&o`VbHC%oYu3Arao@
zGMtM$r$){==@$`Shgb5#2eZ$3NRDa8%4=|&eggc22F4HfL!#duNBq=p$RUDrS_eVY
zAbb-8h!`3sA^}2CGBpuPrE7~x6#f8X5Sjkyg*;?ppdB0YLTt<tXT+0eXBya`hh^8E
zs+F(+)?6s7J@cEydJTLcsy94Oj9f(yqaGJ>Uegy~78&A}uchjNDO_i~;q-eXKL_gj
z2}y!a4u4$OC+mlNA%sp2G>lbmkzn4K{OED_R$&tFBhM*of;TMiNrf1mvNW+x8RzBr
zx@(AMH?@OM(%q?h{n&}I^U)+=sZcT*+&G|j-Kx#p1w{%(s8T?V7j_uUr^i3))Q(8i
za=P0_vMm-3G{dn&VompyFjs|##nh^c@(KdPtThEM<^slWA9C(#-S8$%oOiQk%f|mv
z|4{*TPcc%%5CrcRkfH`6z5xTP1O~Ie_86%m9{Y7f7LzmJI8os(plmSF86g27EXo?w
zWpz@f6JKPX=C-xq;f+ix5aYAY9idhSOyEa=I8%VMGYoSk^!N3U+6*U5-j^adxXVt3
zEWKoyajHah`CuzAtr>`cV;|a{x5F?Wlv*bA2_wzKH{P`=Y4+Vy6%J(s15ecU4^e=m
z(M)j!Fw-N*gNXoJ5n{`{ax9ZDKAA$kIVH4XN*yL{2CPTYmO)_M!DqK80(;G80itpE
z2cPj?0hF(JKt&V$(7mF`@cJ?RI$uQj`o3)-uSIj^>Kk|%X^s^E1ZE(B_CmlSjx|rQ
z?`A!)21xTW8zG{Gv~(u{6R%z$piLlipcx!UvNg44MI}Bt^0V&`m|I*NQg>CSQdnwc
za0k6M=tEjnm;C|!$uxB=WM>aa4fc_jpk9SHV*N3Sx6Okwz=?jK(mD-AEqL&q$nmJW
zYdj!`27F~Io)aDdAE0k<Mo9}!?GOxL(nm#4)60EN$yD+u2mW&u{E&aX$0)WHUg-Wq
zG@=ln{rLveF%DIlhZ@}2G0E6LEX^#N;k>sKix9;jx(@=O)n8#t13@OcRcu{$zH^-(
z0x=X30{cN3LPkXIH$Y5iik9=^leHF*i426>{31u(H5QE1i7=of-V!PmGIEBzR{nsj
zATbn3>Fxof6lF)3QYvF|u45oW&YjP`c^KC$LMlW<0%1Sd+zJl=g~Q<_6b+t;;=L3_
zM{$YJ(PDiI3@Wh|k$@Dz6o0@sB<^99p;*>yHw<1C-=HL~`)U<IB73BIstboXp;Rcs
z_@S{>|BBA0TV=0uujAKsHZNB16@%W+*u&^|Gs$tO^I9g!>e8<k>uOHrH4ERtwWP<_
zgIB`|f9_W=?LojqXFrn~G5U}CJ_F_){%rrPhzM2>S%7*C+BbgfDE4^}xSU7|q)Z@`
zzqYz~lO&`?TSgR%xlLkMBDO&ft+WZU5;2T3Tl;<Bp;$(idk%d2UJ>{roVXV0dDp<c
z<M%vZExNWVaB6o{*11#ypLb0&tfN&~2nq47`7AA^0}~ts+O6)&FxUVBfC0WtCkueo
zO7M_k1WpXw6X~%yR;bo6r%)ej>xEY;^rKrh-$}F#xZ_*Y-ZZRDVhHdH-QG0?m`jv5
z>>LhB<mV0sH6vIk+=`#(U>9V8Z&J*KAN8It&E;non$MGVH||{E*m&*D(NXZ&WrSXB
zbHGWCAE)a4sO#HrT`IX(8}YM{Fh)=|SS$3<aAO!0;^jE32Nc%j2EL74h)fY7hTWiJ
z%Yyc2afV6?6as&PHT{eXS69r$<VUCuU}vbUfH;8F&upVCM<FDJBi^Jy^|t+tIVskq
z+J@4jh5;3Dfp{p}Ot4LYeJQLv%-jk}p2EL2c`48z7F&B9&~N`9=jAB>IQ;z4=lGhG
zCZ$Dk+(|n8;7q!zU`l+Aws#dm3&kDp>rQR~$=Qi3VGTt}bNGK(FUfpBCo4fb*Zqc|
zVqn9>-8=W-E=w!r^k;Gi`WJGRkg)xWIM`%baQaoiOpv9mK+@+#7>VdjP%;sA2vg1A
z)w_{pvy}0hhV47TBM=qHllXmZ>`||S=Ab4rQBAWbq6AMF<_jc)8P&4ou|M(O1YX)p
z-Dxsm3*NU#(<{#!<iNl0Hv&I^8>>Pb&hDppC&UTz)jSi-H`dyN=aC>N$emdPXfj-A
zwGMF<u%ZZckk9_5@EKa7Xso2@Bs<k`P2X2Br%XR1to)30cl8DrYC;};BAVlDen7!A
z{Owi2Ln?V;EuvOPURbZHk$VA_-_iOF+`7@+x&J2bjVD~2?l>ematod`d0{FFiO5Ey
z;u(Umz#F@adJPJGk8S9qE*ziFbZyxyTm{AUwHwJ4Ao1D4BcE=OLm}@SL(x$zAo8we
za$XgtY?ISm;FX8Fl9mB1fw#W=RUBk*<lz`rB1Jq>Yh@d-vd3P1H|o#18n-B3E5+zF
z_A4ko{ChUq%8Uj%SB0b1=>5WX*e0{>`nv$AGq^nl^XWS%s(78w@?a4tfEiQSC4hAl
z#&X3sZHovne*3CV!vS<<0&7nu{3~&=kND9{7oO4Fuf-0`K2KH<DaZk6>6g*vVhy~B
zCon;Ca21{4dEyuAGs@Ize~Q(zQJu_z-<ahR;bAQs6aQ<@Y-ALDQ0lXH1Ofes+te1#
zfrliaJxw)Zf$X+)KZseLa>aB(fCVClx&U&nTU?M`5wfqulz9GPUgASw{^E|rVOda5
z1{)<FWf2@Y_|#w(tfYIgN4~K_=o|HRU&=XB#wQ0@(>)pbj9&=gNc)hwRU4k}$r0Y7
zvBB>hlk1oPjPbiChdF^^o@SVz%yy~N{LD)R2lEGm`Q8Utv;c|(idDT11Fy2<5goR?
z4uA^YE;whT1{%8In75oF+|C~;c#HGPCoP|Hezx*ObdmT3-D5RbOR-GG`SH`~Fdedu
zlb0PAV(}OqCxd)_0+Xk4B*>ucEKN)8N}~Z)w6uWsw|_AP^j@ah*!P}AI5A=0h75h7
zp8sIZ9e*+d`VpIhR+sD6)8c`f^<Mrn=%{LrzzpB|A#=~F&fAcb+4;s$9D#64_d~R#
zJuvs+_j4Hlm*Up%>EcZNB=a47LFS9#5SPF1!q1QBA;F}ED@EX{%pI%VAt2s6f69tO
z$sY4HnAfs%JHhBJr=b!|;$1fh6s?R?C0CgpNo4VMRsjc>NUP}C@rlkF{@u@HThzeb
zhT-Fv@z)@*f#YvfQ8~kL;Ja$0yh^}Z#?Np+vuv2LN*eXOP;Dlv;g!dd?pr^IAJoE{
ze~nWoY-6kOqT{v(nZ5@VrpjUERhj(QNV1!2s&YH4xr2%BvE-y^QGB|F4GlbTBn(N`
zg+1n6(CkJB?BAZr0NK;T4S(3`2JDyf@SEeOA>CSUrSUe)JGP-()vTz@thue!d|_25
z-#>3Y)A{B{V*77%?@>fE@uMgp+N!Qrbj|E?>n`>4R(JE&;gg!rv79ZtItDlMM%;^3
z5x&EFQqwDZnU0IUaD`c)<1e>?mO$pHID_P0L%ewue}Zt($|3TbiLo~Vw+`77Ko{tw
z`X3Wj_(?DIi&j4Z`$W1B!TpuMIh1gcivTCND28`Sxq-NWs6~#i|BW^3fnQ^GqyAYX
z3l2FUD>wvW8w8Zse2NxWXv4;d2HdWCrxg&bINdz-wb=fl?%l|_uQWRn--A+$z2oz)
z`!8Hn#<|r`+=oki^OKh6_O_t$CPtNf!LR-j*j#lW4967*lYHJNiI?bMJG5#W%er7f
zf>;J$3=zRS0v9adfH+HGa}zNJJZGhB|CUx%kU60Zg2by`@CpjLpdwa=V{iRE`pm@9
z1%F4PNVF4&`n-tOwP@vz)LIS)`(^Guycgg3cF%|5pWl;;=oTNW*as(S>`MO5TOsrJ
zZ`_G(XH`BX->UK&FHCM%ZC3o+fjFA4-v8-sn?`y7vwmlB#XGG*1!o1s>__o)^i9^F
zSTBAf1t*EI&YKzX+(fGiO%5;3nvByaLPy8wf3^bw00KVR*ggx3&cLtei|c<O`of?W
zH=9WdD=*=%x?uKNjs_%(#lU?Xm#QQhr4V|U3G9&hZGXF$qwsVUj-UL*d%*R~eG_>w
z5+IvU1|zp3D$>ad4gypR(2}tS<sNj(i{8*W%?|?a1J4V*Q0+2CMzRbFA{aQGgqWg7
z3QQNltnbjVuN6F#!6R`S9954+0xYapR%yRJ8Y|2zI0YQaf6_P;9sugRKl|sXR`1Wo
zTw+1fnT4ILSOrJSc%sR^8<0R>7MeRiMeiN=ph@wI8G-`c)4rPhkYH_9{e+A|!@lJz
z{oyG$G7{i5cG`oCEv5P+hu?dQC(`$Ov`fn)Q03fi@#+s7Z*l7n0rc}%jNskdVY9>C
zjr45zozSQ_FGO%szt~wUa32nNolg#Z-hPglIskq`#2LtlxbTu|>x=7UElAawR?9a>
z@Nw(-T5$-8ZpS0^IUb?k{woq&WDFsziVxN)EUIk?JO@C$rPfs`$PL(6!YK#ws+{pt
zqoyN@>EZ9j@Hh;pa;+@4--MTmj%D%AwEtE{HUK|VX$k-RhhRHSY1L-?K}05n-LaCK
z^)JTjjqJTpXNYX`XL)nqZ?F&b%0C%Z5RoSg@US0#<Umd`;9y|i28Fc^Jxw0-1-iEQ
zW!C(ZDE@!cy?cC|Rki=0v?)v>?F6V0q}TycNTEQAD2cQ>=>?zOGzv;Z&}b2>fYx?W
zDzqhG66kcO)*IFfT0MG1kt2GrPC+nfXj9-63dlteEvTGl3<cyG;6Q%w&)Ux|(~4jJ
z{0%Rf=h>IF*IsMwwbx#IJ$pmcS`pv>Af^RqPK1_QGS>?=WX#P18v1!z9#F5*ER+0D
zrehK&Yfv&ZFe(EKnp1WEILZ!g2;!Zb?G*-aSM+cFy|g^^X*8~I;8&5qhkV&PTV!Dr
zSiDSM=+I#HZ^dD{m&2{1{)w)BhU9QZDT^?1Mz1>r9l0^cu*d&O4NM88sm(r<kTgLc
zO)6C}x33c^M9jVMy>*x2>*Dvcjw^PSD5X;syU$}1)-kE}jVEW?<xVuL;!@Hjx>;q+
z+9Kq)?TiNh2&XIR#Cf+A^opGi1Jmr@x9%ggI^Dyl5hbJYyH(!q4oY9q$#dzEK=$@3
zBtiAxi#jg79E#^yHkp#;g2t<JoVUjjH;0racLjp{c}kX#qt~SgVbZxI4L(+SJp{Hu
z@4J)WeBp-L;zOLTgr#(BZRxu3tzKZ~0ybGKz+zOo=VWrq<Nrx^hr5c{BI1gjyVaJv
zL+PER&js+4P_2N`U={{lsTiU#hMlkSrC1@!!U@bLhXpU9U}<{z_A%ZDuc6WC7s`2<
zpuvmgXgs1r(+4YsPyl<sAfm#J(mN^3L!G~y$(4Dvk!f|+nEY$4t4@hZzsu;Y(z5id
z^sgxG-WZXe;>F-&J1^cEet<K&W}HMVeVciFYKFHCJ`q9;i*T=uNuw~4ru07wq`|8~
z^d%U{c)9af1JEU#b~7HjfNky!g{>$4_cc1uA#EB|jSRP1*2Rl-MMf8jg<|%_dNZsX
zF73WSnpl3Pu2-IIZRM)+ElVv4zX~8c#dM(%5}&<?0~NC%Wlf^c{izswvTVkeriUWg
zg1&<m?tq&L{8#UMGyMO24-81OO^a#?4~U#S=u7ZVw0$F_a&3PgZ2MOG3=TWTo1xxx
z98gl<3>zuyOoW%f>Q{l^p8qlYP{QV~lgTM71H}QUGT_6=RS8yJDZNRWG;^UY#ft!6
z|4Es@=25GFzuLjikQ^$HjXQuLqc6X0|NP&E^4l6^*X7Rj7H`8ZjDFmz1)ewMPOi7R
z<P1x)I5wn=?^5Tdz_hWD+Mcbc+MXSg=#S3QE_jKS3T-54V<OYv^}1G1n7b3#%n}$F
z?SGOG8yUPIxN5-3KNg7Jn}JLA1`(v|1STIQ^HG=!_!xlGN3JeS%&^6Ry6$la>cA|E
z%!%O?j4JW_K&Rm9SAG>O;U4vGjG(hO2{YD^k82i};v#s1R&sWrNoOc2UkmoQlKSg?
z8J&ZW-h4(4+Z;|`6yKd6*gyZjL-~P5mZ!A|xYrr-eD^1xXI;9x2W;$yF!O{T;4OX#
zKj@*{|I_g~R$81clj6J?xmD^q7A3$~$84^7+g_>2lz+sv0!s^VZs9r+BYrO~1c$W_
z9jUl$!an{2@?*BL^+5gd3Wj|pz4qK;^um&1Ftfi?BiHm{JdDu;k*)G)ephAKBQjrW
zFFqI|e5!*nk@Am6qz7>myPt?}B1FY1>?(~L{AM<qJUqilmjP|iK)~p%_jD10Tj|NE
zgnYUdLg!5iZ;u;(b^hn2-)v9KYy-7Odrb*S@NK`wrduimCM7#OtsI)Y%Q)IZFQQAy
zceutFwNfsPQK#zsF=~mSk0Qu|B7N|`s@_<V*kUL3@kS;Cp9e$-IQ~=<z}O)TZb|*U
z8ZLpdqqpsjNr7QdvUex2JEfX$3i&swjwxny_;wI)#wWSgtW~;YjUM-oU<Jyt#~Cqh
zeCf8Z)}xy0?+V{`@@BjY*tM5D3>bdI()Trry5fJ~dOfguG5<l<)49j9nIJg7BJQ0X
zi#tz)Dbg1pH!mr*7EjWa9B=w)z{L_Zbxieti87^rs24?dC~^zKJ^Xy{%cBkZ=6-(+
zt{ju9sKWNnO&|<vjwr~SI{+;c(l(M_*i@{BZgu`W+ki)3nyjVA4JKG}nyskF`JQki
zYQXKWcq8y9fC<Cukf_XnS)-z@SKxZ$j}uxQ<vG?B*2=INk(god?k2Ic;jt|B=<_AF
z^R_eOSs7Jb-X3T@Y9{6B#O<Pp;&(N$ieE9St=J`S5)BkSQ#b+-Efvi0Zl%*<o8Lgb
z?^#U|s!U0biKiE2G?Den%yGhX4kndN8l)KJ$@Xs*1ugzAh!$v$yVmkBF@}$Yy*P$m
zL@@=;9Gi<OWG#hT7dNh`c#hO`j*XGg;SosNm*IcrYm}B}mp7OG5de}RN0Wwytdqef
zEA{@<wGeLn6@j^YqZ1c~eDMT1FyW@x^5P`{(Cy2<<owt=NSWp7fnd@sOw!#SQ^~^A
z21~IK_Tq&}?8`GKVC1MAKS#njH@<7#_72)8-F*XPC4Mf(&_%hWyX8eNY7MEmA`+*%
zP~t8Ae||flv}F~#lob^%+6hV&#I3t9?CT2{KKfi;OLhODyAs6*tho4D(ih9(Z)n7(
z{Kq6|zP?ygy=PW}h%|laZ6Vz60yk=Tp!4g15vcO#0t%3ql!t3gSe}ZdAY7kS<=RW1
z2!I;Acv&U_M@ix0OMFcx?xs=6V{-U)`axpGfAIjanMF>M!21t<*bKvT_kU9$g2IFQ
zmP`8y92(P6>JEFknd(tFBgJ12bpW#laD~L2)*ID^OIjWzF?y5^`Sg&nF%zw66EHP}
ze19FgVcfK(Pue=(x*eZCPw^h4HGH7fMG;5#z>zJEZTQZh`LMhO{;`l*0x+?(GUVOc
zFJb10-X`;g?SC3(jDN@ZKn#{W{%>u<52I<V*Gc}J*GEUS-+g6B8g1Pm6X7nA5z$tA
zW^bJsmj6~*9?^S~@~`&>@b`q}k*_x?ztF*VqM*T0?A%BNjS{DIl{R2$5=;MLba*L~
zck(QTp!hT`KY%3^&LVS}$Z-@>+<ws-?gutECt_igUD4lLdkudl-wq$FBjd%frD=(F
z5fZg~9_^N<2kHJKkd;wlGn=prN*z`LszY{!7*Q0-(oFT@RH=xBpfP0${tR${J8=kK
z1-|1PzH*$`UwFsTuD<KQHuwhb3!J~HN!=x)|C>|_1K3mm<@Bq7_xkT#|7E(hV_Gg?
z2g#E&I%|uTu@-mpK3GxO6gc25BnF*bhxyERt4u|{w?Fw?gM9x0X10BRD;zQ~3*w>B
zme&r<nqW_tnI+jqEDA@3vFp2beq$J{83hRq%xY6v-WLUb+w~VG|BLQQu;M_G1rI$n
z_bFdF+P)WWED-p9Q69a4LV37PRC<$AQ?dF_EpGEJ>|M&5tVvh(%0`k32v3!0C_NN*
zaxyX}a;c*k(F}|HRHGYAoyze|eY<5gH__-=Vj2!$zv0EST?uB~)t8Lh(^vgOq+-@g
z_dLc^S#b~*{5kSA;}0n5sN;Me6i@iv{il@;3M<DTiNk!WIkT21xl>Co2YAxq^QB-&
zrzf@k_r}1f{Z|CjLpy^DxHJg_ig2=8$22xOX4bd#EkDL9OwitpPGVw09mVCfyjW3a
zsUpiBqc2ODjBR%|qqd5Dj(+nT{q&JB?Pi5NLj%)gpijeEj7a$(Fyzm5Cr&kKG&B`@
zgO1o6uJBBu7hDeV3KNA3c)*Y0U4#Ech{h!Cf8aYt{%6(p?H<*_+lm8Gl9QOBPiE@G
zig0f|Z{^Lt>aE^UoL{T`GCtx{9K)olj<;E`j0^0K=h1K6D#99W4`W4vyc@_%SU;rP
zQ2nYE(MeDFUN4!C>7}8(ERm0h$Mpjh_Q6E{qGW!?)juVX-=55GbomEcz5*%+T5VwQ
zmlXwg546??e>1_~M*Ayn`3IgI^o)@*zt)}V18FBPTqYFmC1C0NWustlz{p@A*v<?F
z#pk%EAs~yaY{xQ&i5?uc3VqzPjV>APwQq*cO<!>o9G`X{Y3C}P2F_i6wvj$}aOsFp
z6d&NQ1*EWDkc`;;JvSIeciIq=#C-X;!d+4|oJ}E9=bpgHn+&mPPHNw%5jm??Qm}k1
zff;9&|K?Hx(a^=tu4a97YHix!!R5ib)0<~C5^sG{ATeV!G8IKtDHyA63CLG|!hv_6
z?QkBe8b+VFHZuM(vg9Q}_8o1Q-WbhJ`K@98`x&~9Ajc+~v=J>q8cUPvtmtEMU)V8a
z*S&t>-s(OWw+L2A**Gc@?iy^&$+BTm(V&6ub^h|3gZ6aT`AoV8xJBj9@G$L;@?X&e
z0?j&fAAMdMRxSUOauTKZSD~*~Z=sd&zG+ZtBtKXHGRLR8e@4wXso2@eyR*?ZBy)<L
zaK@|xt^Dg_U%ty|>06VIpcL1tZ1jr3*~`0EV8GGw6ck_&7#*x>_YI~y`klavi^Dm&
zHwj?M2EnstLn|u;ROhd!sAW;aezcpkw=UMqANd0c*sibrm-&}1T-59YBt*(M<@ZU(
zWSxhw^w)^z>;zk$qYTs$Nk6+@BimN_iuPasje*EY3{Xmv1;P>84R4eLHsiU*6ZW?7
zIX^TxcbdmwVf_~7c06Iv7}P5cGnK6z!W3;PP5HGBX}*oNbV}g^M6r)7^(13M!r$nC
zqo^}NHf$w7bbk8FJ(#fR?hE)gKlGvWmyfd7GRh)9G%MZxiapFucRyqgXQsP<&4aq7
zFUb$o+#H~6z;**Y-Ho$Dz%E~w`y@beXXJ-w=iZ(lI+IVBKn7A89YmDjzH$u%%;qj>
zX4b66lRcO+gM7`!l!m(d#eTfqzE`1*%%X$D0lPxFzHjjR`JqL*cjbpZp<_-LcWg-C
zHfpW(C7l|~R|23pn<Mys@*^z0+G9lg^|V-)LI}KMz&Kt>(@Dw?Exr8W+&TH7Pw7Cs
z3v$Qghdz_;IXbQ#cjKCmVNRsTc`jWy>bdkmfH?+K$}ft04)3_|PgVHQIL9xk#XCvJ
z4=v9%<%e>)Bl1HlIdPGs;wZGTX!94kUH&mC>CM*FV_;AD8wn`77q{H4gna-0cJs68
z7VCMYe9B%K#(_-v@VzpE8dYS7%6Ev$hePFb&mM^xP=`SY5i38Y_YtkxT$?H1?lMNZ
z`yr*`YFv%$$q-%VtDm0|^DantpKrv5w(IwT7vPfHD<i=EqXutz?g^-t?iOc_a<fS;
zU&dSIc%5;Rjn_K#f4!D}cP?|bSqblowxv@3cNBvoEm68B%!BeS&)sk~LW5N3gU47g
zn?4FxDY1z&GXxB@_*YT?T30`d99`7l@$WYN-+4j$q&?}Lr5ds8KFhyBdhO(TVhYII
zneLvJOs<QPhmew68DoT7OuO%b^x3@uI6vK^i6y=675-%=ntFnqNn`YM;<T4qo?d<0
zbLpuM6n5pgIcM?RYiHM<^j!M*JE`0!0MDh*-Qk`;QZso&`z#^k4{vXIdet2|L-Hg7
zbWa4-Nhh%fvwe2WNuP3mPd-5bHwV1@Xz+SsX;RPN2VNd5Jly9`>U(ue_12)loix}~
z`t$`CTo7fBQs%c%Y_+%=stB~HO_ZHhc=(@Xouc(3r@_@U6#RVe{>I{xTl8i7MG(m6
zFF(kU=3G(RzZsgTN3LtiUv~6xKMCZ1Ebi}!63hQ&uPdR20X%y6E>|Hzpb;gOxeA?*
zc+XC|qout1FiLDsw(;z6UrTva*+E)FR-JD^L~=EgzM_>ux)0pSQ%Fy*8^yn+KZRl(
ziFoN{6Y*?+dYx{+Ed61x64!(!N)Lp2nDlNCTpH$)u-AOJ=SC<0rN4yrL`<XlOzMF>
zt9Pd$N71ysXWaX9=&#b>!fJ@Kt9GDkE}XS1#>>U7y_Mk==C>@S9#Xbuii^Y4j-muc
zt5Z~lc1KwBuz8GxP2kYU1C}49on(U5Sn1)|!_`wYMNw`k|En(<l~%Ihp@_~3NZW?*
z8VnqeNqgk6Uj*ZyiL+i?DXS-y{IE|EDNYk;EAcYN&||b53m2VfQqjNl4j%oxsi70x
zZWV%Z^sbmXypv%ht8;>_ouAX;7#@e2v@!V8n`;kQoAUaeu2I=bexHB+{EoU26}DG3
zRlKjPcxT{q@%0G8_(qs7z8DY&R4VoBV_0A4KU+AWyP3C6a9#T+{;ykI`MP4w<SOuH
zuEVa+te9AOEhL((Fl%;{YnE*^;t?`cYYz8{2~Q9US1a|$7eY!3yS?zc6<4zKb7|c2
zK=DUR`C&!Peb!$c)=%$M|C9TyFE&Gsxf$DZ62id-ORxi1!S5p-eCMT=e{8t(M<C+=
z_`Cd5b*1$u2ow@=|HLrye>#(YW<N^k|9dvmJ0h`qf6jr2*x%~gmh89HQ-rMbT_O!$
zPsf;1vmtCB@0Vv46~L0#N`2>Y2SewuLf|?zb9NJxM2(&4>AbCm*;-*{#<_j)MM$n(
z+t|Q$gK#zYRrGJh&sF8AOsV%Ig->7#YFw$Tf66%iS$|@(i!(YwlFhjJ)&&rG+aNlk
z6G0hKRb3Sb{+gewRP}O}5)j*eot3zM-2`a!A3*j$#}o0icJgR069+8@IFuG!LxA&V
zPmCR&JD8N^@C2%UgU{O^_fJLt9=qQ4Pkx)m^zUYJnEt5C=jB>O_IK!1{wZ6&MjNGX
z20ikMS9AhM$fBMgoqyr;Ccs3(Eu+lf16wZEpS!nQrauEZnE7bVpYJG9bAxIMGCMLB
zaya;tEkzaEv?Z@U?4DJQ&lwKCrm*Y&Q*3F`c!QQz(KP_8^wm^z?m~APz<#+;3N^O%
zx_$se?T_k2)P_;3=9R9e9r41y={e9wUK;J~NhTgiKC7TsOW|+Ebuwg@K-T*^m(c}R
zaPAV@dhSM|g0mQCtP=m#ENGFRczh)GeR9W!i+v%&86t`<u|`W7AkoV@e-G{XDGf3h
zlyOw+>RUJSrMYrz^c8j#u3$x3Rmw7gtS1vcuAZoD?c{b6IhsL#3NFO6z$WG29|}r{
zg!LAdw{Ev!xM!^<wRLz5l#juF2vgODPKEqj`%~9H(In%@Uz2-B>4t#JUa_ka(AKHo
z-i129g~LiqcZ7_1jSJ(f_5}m2E0g!=6gyp2A*AK)CtFYsORb+MhZooamna>wB^M?=
z9wa%JfWLJ-qW?k#z87C-_}0Ze8$6Fi%LEGsg&rk#%v$bUGm7syUP+-LG}O`ci$qC0
zjUZCHW?Ym2i)v#?(;z*JBu+eGaaXjz=O>lzU-<vt{uFCJZm{=b&;ZM_YE5)vP@TTM
zc^Ra`-@e<gkAV!H%kD^^Pr{Q8YZ*?N^m=F|$5Kk6VUWm9x-Qn>LdwcP67H=PhA5`b
ze`;_Pr2OmOA%1VuI2YUNxKwC&$m{fz;x(};K&>sT#}<;e1^BF}CkF6q?`QU546YYg
zL9{PhA66S0x2x#0Y7ZMN49}|<G3~@1`WXZ@QKiaW<MHDEH2OEj#RoqMz#3ybGtnj(
zUAk$nZPQ~R1ziq9UQIFwvMJe^e08l#)ApP`)qt#iKN|(y__Q-7*~B|>HKSNNF!KHo
zo;3n(Qd`VOr8oWq;00kgPKBG91$A2hZq+aSvF{Yl$ok<UoAjR*smbX0U*-rQL8v+#
z$<arLhsC}823%$hd6?Fa*HO}FxdBSWZwK=h!eI^@4w-h&UvU9G$_E!38>^e~k=Pwr
z34y@nEj@p5>G1CakdLJf9+igS{-EBf9k8Sk;Vf(M9MG(MD39Qq{6$nAu)Bg(xW6Jl
zX}?~}oQ{5N-d@vC<+l?}V;wu~5VYnM*yk+l5=5vv2dru*SFwd^+w^la{i9178{K?K
zx_(TZk^ucQ+mi{j?o)ZgsU$v3EM}XfB%6x!rfaj{Ybq(#nx+sWyiu%xTQ%;9+)^o|
z`EL=om@RLBkxji88*xJD_-SM@dKit<DFZEi++RZ@jFv_f?Rda3^RQCq8(Cv!Y?pjn
z1@mkX`k7NyMTe$2#5*{KLvx%y?Ut*nY-T)ym|<30tCrNe`qJA&Hh%mGp=YPeF{5~e
zZ(AW&C1axT_!K=T|B2}{8bb~K!^h(4*-RQBEA`J0)k-iQYFjy>NNkgSeCZ=$>yJMk
zMB~VMQ}}iet>UlUG-5PDsBEJIC6XPjGSC}q>!6=MkJA1-?oDQ!oz^kIPtV3Ym_GT3
z;x-%Sn~;YXMlrk8=;1uc4u|a0;ayRQ=qTCT(NUU{TKZk(-#40n&SN=X$|x$~IV16J
zaY8_QX}5PzNn$WyOcAg_3}yGDT2lUxbo9(b(A-(i(JPGYq@p^~G2UZ#g8Q`dAVO`I
z14`ui@Bp6!^de)=!6LQZOvZ^=P`m+6+FuQp;#E{dX3SUZk7KnPQm|v*ma2>!QBPux
zO4cY88{i=>te6@*#`vF1_H|f1rHbI@iD`794>b4P1f)TnVHN$qmTJfo+rn<F_<uy~
zgkENgK5`Vo=NJUsyIV4c%7!QG$xd$~4yurCx?mu?ax|&4Ru1I93&$|Qc+1xXrWgZd
zqo%2N$lmfHQK)uulPo93BfIAWAYRD$clIcMl@(Wb>)C{KcsBm=gC{pQmtvlZN;G0-
zl1;yBLHRhNg?Xg&z9Gcv$L!uqlp0yze_)BN<w>y4Z)r3uj*4$6Y`_M4b;sD!hF`Q+
zu^GDCxW7Ldqp2!4Jt`~>1_?C(#z@uq-`Qj)b6oug;!4I^4((O{Nz9l*DFd}%S90xR
zs2Tq>v-y7o40S>`h>F^;f`1o(-$1Zc7{=Kg@w)4ROIYhPj^vgEw63=_6t~=mB*Bd)
z!H1MC4z<ShkBL9hlXR`loY@Ff$$f}qs;<T=c?IxA?jgSL{rV=uSK*@S2Yd<lac{m8
zfRT+~f&Y=;b0i?y83)Bq0BL86DfFrkr^CQ0DiIC?SLQomndkqQD3jjY`D?&v>2h3D
zal55em7Kwg^G7<*kl!CF#sYWvnF&bhj{ndJ$^61u$^2NAcOltPV+j@iO0s;c^rrdk
z-%3=7HD3&4z+&9!NL3l*A^|+1^5&zXlQm4Ls1XQHl;wI~-7jc~ANeEn;kCw(OiYaf
zKPdLCVjAyg^>3T1Y-gD^c1(*)bwD#WKn~jneScz5QA_^L;{gE869)9Vs49U&aWOF;
z$LE<2(3mY7_LIJGn_q~d#O!s95_*>DPj9{=<nSS->q8-U`jHS;@d}fC3CSU)zA*pp
zFkj&?O>5T)ga!uC*SV3BoSWN(nHu}&^m^<&MlZ$*9UvYuuxLKdOvvC`D?=vT^9kPK
zmDi=rwe+PnUU)4bWi%-u+i_f!yw{?_f0o8%;JyexG3h_sW_G8UT)C{NkdbySBTL4u
zppTEu)#dOt2J&k{cTHkKtXW)VLz`=(GM#D)FQnThEhF_5m@UIQT52Y1aoI6pORv>K
zn{MLME7P4vMYa8@2tW+^-C?tF(g}MvwkT{Y0%M94<22>&rxhYhAi>2aQ^Mk6TZMez
zfR98f_f4q0jwJx&&SK&L8%&IGi+4H^3^a2E{DlGhXxO2xY%YZQ>F&Qcgra4T<v5LC
zaLh=OMNB|IVo=96NN&7;;ZYhvD5Yg|Gn!C-eRQ%ytdsU295F6&`lm*uI~>!$%i_MO
zM)5u$j+gJ@>xio-w9W&QlI_KYmdQlv-mw11s9%0Ns!Ob}pY>CQtLMHy*=YR0OKMZg
zTG<M5gDr#=Fuk(`9{1f~WmF49jaWupS2V)Mmm0(TryhhVfae3%2LJoe%70geCNRR8
zsPb-%b7op(e_zCAu>WbIW5B$gfnI^%YJC2(w;2{Tz!*XA4x8$tsR-A9bH@1w{q{FO
zM5(oeH|5#|>K;k|FGKjo_a%q$a|`LowTMvAlYP?r#GpUYSNNOcuf#`LIw$CpQcTZ2
z@Fzg$!k&Kf0bxar3kGJc9F<^@lg#04!arANTWK^jSuU)*4m6lycAyg?S`|C-3Uf|x
zZXC+pzqDEWku6o6+33xXk*T0DZQW!f=p?s0<=_7Guw)`PRFnP_EF(vB-3VZ~#PW8-
zH&p1UrjVbxw8c|~uO0u0aW57+fuQ-v{|yT=DYD>;m`F!1jMdg(In`jFbwA4dEc6pD
z6VI5eSqIZs*9K^D-_&nw@IT%v2GZ1ItAzSMQUHK7|6nu^$VQ`V?rQb5$p!9+)PejF
zV)c%As!0>P0P*E`FyGgNNbUJA95p;#-OE8o6Vmx@v;gi-EyaK;EvM>uW@kc^e>LUr
zgr0DKB?4@AULXtAnz(v-NYixBmswNz&!4O?wU<vdY>Gse1P(DfQ7(>G4y`*b(&$kH
zi`2S*+GIW0S&%Wg@NG>T(d4T2F*`oQ=eZ#Q7y!{!wi7m$htZr758t^@uKgH&TEVri
zQq{<Bg!lh)gi64cbB;;QXcsv-sG#NllNH*9c*l++_R{Z)h*X?#r+GNW$0o*Pco4gX
z?u%yK*pVT45~XzaGf4)A6qb;UFRcs5_<!HKw>Hz^g{7Z_CB8z5Xo+>|El@*Z?cXdD
zh^M-eoA})_CRi5CFdSq(<}Qx8@SFD{5X%A*Cv44=;hL0t#s<boHuf$&9PpC*<WRVV
z4pj~XS4bRLNv{93=i&5Qn5*MvvugG=n?IRt;`EZ2Xg1w#_hM_<KU<ICecx;Q9@w_>
z^T*lf?kj%+k)qYT=8s#yA|5<Nhs=VOYn=}cBXRt%Gt7Bx!^aij8cqm6XS>|Ex8W|w
zz7gX#W(>)F0PgoOq!;KLZA|0~Aw*l2n6qFqkp+WKjGKgOUqD%Kkoe$zhHmA2w|;}+
z8|(ArdhD)H60W)@F}l+J4ir#0*#3zI?FgvOYM*N@_|Dj0{Hhb6c<BF|Q|JdFZKSmV
zp~mS_Ih>1g@i8X1IbNLzw#a_71O_w0{G_IGaqlTbBJ`n`k)FdLRh;yzaB7Y9>n|Lr
z6~Fes@#65X?SfkK@qF{xmyMq8dmWn+;VxdCwL>WL1oq~{So>_4XaH;=6xPC#s?yR4
ztxnrqy<PyL&r2%#w=if=LR6<6p&Gn<U7CdTiyLGH8JSS*RO3d5_r=Bd$V#bDB$=j?
z2|u1UV0A~rW9dq%k!i6hoIAwtM-XG;ir)TG22rwaLG9%FbdPnP?`=BY5)kCFt49z7
zJd@>Td`Y>APYCG2Kzb8;#N%ngtR#A8Fhb+JwX+kd5&;Sge0sG9trPd^a^gPxZ@cwE
zsz0Pg62BwE{<N8I4avK{_-6gN*p)|Y5hL+;Kl;<!F3^d7@hC%DznE`(v3$S~A5o~-
zDIeZs=4%@wr<VQ_4EYF*D`9j0FMp46eKphx%kNUp!73`srFww~cm;Xxq<{GN<?SQM
z*GZy8Omt&t$gDW_K+1gr&5JmUbb-OlSYtRtlEJ)YtQk)y%Xq?f4HVROHDdu}0&*8x
zGjY~~h($6h4p>g4dQH5z;OaP4ksX|QzRw)I2%fjk9Be#KnrSa+W65ZXGMqCtdc}vP
zhJp?h=eF_bk^3l<D=vP_{GTl86rWQZbF(_M?20QWvPGLIMvhVSj;WuC1^MJGGkR3u
z@xxq!hLTH)kH_*aV35UoFwHZQv+AX-0XwbjaF3yZrIw**N-uU~#cBIkI|K{efoukm
zNK_9Oz`@4?n1#;zyoa$8PCU8K$Nf6{J@h2l(p&R(Bcap1g-)u5JBW6+oVLcdNKCag
z?SE;VoeDoC2K8M?6q7mZ-5GM?OEiO>I2gMLIwOf4x5qA)Iw&)EQ|ZuagSBhh4kncg
z8C*0M{@zrcKYnvko~OYC>x&V3ggoz8k@f#Od0zI}n8@KIo{;5b^Zn&@PD}WgK9%4I
zHp34gr5wHEB4>!suZqEiJo{=-z_ZdZAwzzLCK~*4$O`)#6WII{tBui#_>)-Wxb_r<
zUMlTFp~=LUXjnMWvwbAn=^d5s{y*A^Fbw*Du{{nz&U5iMdK*_Bu*$+uF8d`&8b*Dd
z*H})^pUzY>=`hg<8zxTw;|!;kZJQ<cLDK~FM0Ui$M~*`gU1}&;<r@zMvdwBcLYV!+
ztP&Uj_5G!1j|^twe{_#5^Cp!56@@=^8l*l{Bwyay(AJPdb-5w=+Lh+??B2<^iICo_
zzJ)xj9imcHCNK%(qT%5#34Vm0i+{V<G~|8;-l$~qveSetIIqG*<Rs?h7`I?Dj`{SX
zcfr4pzePlK?)8-0Z)7S%!nU&^AD2zRYmccmWy>V{io~B?OI0_4QhvXu6T}*6q0A?w
zE-v`k9-3Y9B>y}w%cXL*HF75Hl|ArSDof4dw41xMaEGSa|CC!F9}d{gT$=RVM3esP
zD^#&!GKYi}^jq)XXV_9xaG{CoD<8Hn7iL%N1NI13U0`$+(XF=Qr*^+PJ}hs+;f9P(
z?Pe#haONV9Yp0kv4cvj?&F4zQe%;G7P+}_|(@+<9Vtx$tdLX1$QhpCo=cuFwThtyG
zkuYH|E$w<+AoH(xsT^&^MT%`p<ClT#Qprg<2eNt)@wh5(wmu%xnigZF**ZB}4U&{m
zt69T`2kUc+hi0<sAm#*vK|;o;;g2(ri2ypINGy*Rqb1ZNH9WQ$77!Aj-#s*=3TXl2
z#5Lnf?+BIQulh#N(@m9P?q?X3K?Fp)`$&<I?Y-c<I&<62TLkU#vUG%?J`JeAr8iI5
zPt=JtQ_Pu5kKBe1eT2}$D>|;Gw;<RC(zaygg<H<^sP(}n$sEL**RF>)c5I%d^YTbm
zSM7U$xJ{imc!euEDQj#=jDDlCHgNqj4o>dSJj~&3Qs0T#xNSia$8U)Ca=qz^HKfjO
zdzo98p7g)+zsx3oj`q!u)@nu^jR)@U-YL4&Mtk1?V(**I{j<IAw>1ZZEdL7iXB*d#
z(2>Nig5T#!9&NoN`KRxU)bQw!;(X&%eW@7o>36>q__!no;une=f$kN~@rGx%6=$~P
zhq9~ADQz$#62<cRJ6w&r;w-W<tELUlZ{utdkAPHHZ$6K;lQ&xVAZdcVx(ciBiD9*#
z2CRI%l(k+}^k;Ra^@m;<mNcYILhjP#mTpah9k@dHkcH5UsC{81|1i2HZfj0}cYT0H
z0>WG3Qok_%(9+=7hiB0*hq+h0!u74j^{Yr93qf;ddV@D4xUrW$yY+I1f853`rv@}P
zOsaDKCIzcH5)>R(uSP1>NXBDA634>`wv3TFvtZjT{cnc<>NSaBleY!kD1Rf$EUXo^
z=N5(<Hr26L+N)S&nqrD~x&acSY4hhe+LQe51$NZ(@ueSza=Sn4yr@L}I*U8;mx0w@
z;v}bZJAx9TTiM>Vt6h7g$3xiH|8@kJ3j8h(%kTHSz^K3MP0R0b<=qm`RF5chXoNg-
zvy2u^`nKWN#@7y9Onc)jS$MaT!`qGSO(9IBO*~6&`MFbsW>Az3vM6Ja?Ka2&AhaZN
zpR_GsaeG?m=xK?b7*7khqk*S-CY213tG1L3G>Ui2`Mi=v&^Q`Sd3wm|!M}DoS$$x;
z=CG2hz=u`_xyG;_-W6l=i3k&+qw4%B=y~lbqkj`@(k=z+ve7)HtHyW9VajBa{?h!>
zbo{uG-Us4%#!Jqn+UfPx<P(TDbsw(sj!$AjxM92Z*|MQ^NqqP`+As76yKN8!SaGoK
zdV+N!wu1fY^-s!Q2tQFpIBCt;(LdU?68nyJF5a<xjg;<Q!-(_iJ~*N<<%%<#tn7OR
zW@bB~MsZ%2YbVuY;mxpoFIc)(&9~9ogyUZXxO$jb0p3g%WtonqvY*qqdQN3G6mtw^
zK{a%ZJc)lrh~)Ut7h(GJSi+GW$FV#$1hVQDqmd+RrSxoWks^%s=oRy!Hq<L{ClEys
z;dE?!GxaCPND6m%tZ7HVl)w7`u%zTLJ2?T|j_cT9pWLY?`0;2V6Y33jIdYak<LWb+
zpkYb^WG%fh>(hN|;D74_bjG?i(Ap?4BBs9_|1v<}6g`K(HDnBL706XLB!^$8Du@)Z
z<0@D=u*}Jj=`^Q}-FO`qLx^1)9zyJ5yom^FwW{IC5klyPfC9_r!kxo+GH0zhWgi_&
zmLCOER9>C18kgUlf2F$P7+dD9t+7kTOBys{p~j%!d#SpDX+jM9pKPER*2RLUn8Liq
z@@3d0h-ovU>SzDQ5%zktF{ZcjH~FVxe7?R?Aa!LgW?9_n&>_R-QqL_TNEGX{bk7gS
zLF6+g@^knGT*G8W0*dUqibY#tL#KlmtPczGG6OSH;HaLl+B`eZ0|po2L#NH70rpW(
zQBtvU14T)%qdCc@e_$`ps>?#{v2!!pQGF?QFkL{W-<RGK=KV6tV=pE2(Nxgm;!BJk
z*+eHgg|NDq?w$yq$sD7*<%}AcW1SSf2Hv>D>V*?DX3BFDEsd={p1f|;{nrPG#x1D-
z@ms(Ybv~rd2$^<LAoEo!i(>r4D075r@}Ia3LOmA}<43=Cgpym)ZDxA^Li(dCR?N%m
zOt5UfalJaX#g2e0eIo=v2k_-Vx1>+5FW0Xy`le!=xyT2F41>Dr+R5jlCgAj%G5(>D
zJT5Y%sLjBTH1fskpIbW&p5_;s0VmWL5dJLUZFmQ~S))C<Cc7G8MydAuZhED-3W&Zu
zs$Cvyc@z*4*uM!Aq;y(P++T5%>ER4$A@PAVFT?au;?y+o<)E776+gJd?AO0D1~XM1
zwPDch*~}^to!#kNNZ@ek%OU(jfp2J9fClq#O~-zy>&)QK6~8ei|H`P2(@P%?N{g#Z
zHMZmtn^P!<I)Ahf{$dDl+kZRuHkLn4L-|)mr+Yre!{E&^{nmFkw4o5({S+NJI@a}6
z6IyiIebersYlW{jOy!MJ3+Ub!txLOJsUz@q#h5MnQ@Gj=RF>j<g*hI5Z}Btfp8r<y
zrI69I^u^V~!>7BsKi$1iS-oM_C&|){QT4Rqe@J#z@$2?tkpO1&E0VtRnvME;=JI)3
zOV=4t2|8tkUeTcepL0j+Vv-2$Zk^wqfAy5~m2-Hw_wn+(`7^w=tm7VRFX7DZs(B{I
z;|by){9!C@uM(}dMV+y>evU&P=pDz$efkzjL7$SL2Om5hkv|gfk$c@aEMbtpA7UD}
z&`8PH+kQL)Ab$Hfc>~?nH+oscqt2}s`O7-*L}HX2PcxP~`Nv3TQ2A*uo$ewqmQUgw
zuV|K@NO%E95KkE19%L_joN2ScM6P&YeQ^&5l1)_w>5H0m`fS(FjW75?QlVzu;O)3k
z_(lhLYwRc$XR%Nx<f=HI&DV};F>O|3v1lm8fhZS}!U11Xg8<0%RVzgz{<jFO$Fv8e
z;U7Bfd2ZBXM~CoXAQ_J?bEE5E#zTW9dt?Bvo%JA4G;QeRn?O+;<%xh*t@u|#uW>+A
zFPT<qC%2g>uJbAFu|(G^p94xU_}>7cnY3=P9hB8HbSPW*t_FAisz$BVa6vxY)@r~9
zY(*(7WC@x1lba+(t4FV}K_fv;>XjyC6e+;b46wl`RWJNi;J@$-0{K)UP|cDGFSu<~
zpr%s3_40JHw1;~OeF&+N*6dGT^)SW#iRyCKNNk%4I~jb^D9j-CPp8AvWend@*unpN
zpRUo?Bm!FbFp?ptPR%B9$TO2=C;fn>69&zl!bE<1qmec2UZp%=j603~F~OPXU2D#8
zotrD_ECIceQ!O=#GdrgkO#;_r1--8Qyuri12|$U3Cki*3(1Ex$6;MquHDvD>CMKB{
zzEvNfT>*b*1YZP`EZ))}iN1&rOcyp6&zoNC$U?RqE&aK1G~H3J`>I;{J7{@ogMSZX
zu(E^q6&~i&<Hfxkn2r0ehNFuZ2i#QM@_ffAZdN&Ox|M%sGO%SPMdYib--!+%7|0wE
z1`~xsLaazZ{?h=%#^QO+#f8GK<qsVk5eGtFQUk$((tBZKqER1WgaV+#d8z=*-B&4~
zRY9L?KWFp@ANu3&o~$jlPDjS-igU9Jax*3*RDF-v1nVT<&+1Apd|R_6I=Y;T;mUFm
zs&a$Rc1dV`E4L=UotwQ{hkIx9&Nq_1&}};h6>hT?-r10mg#;&?7E-fYc6Qt|Z4XsC
z`0DVzCZ7KNG-6Z|YOMa|H4V&c7F~Hw73NK+)d|(Tg_&6ho`?{y=-<wZt$)q(Uu6Xj
z+sg%sheYSX;+FfDb4M(nsC=K<#|jxAzQWrAnxWoB)SDw_piPf8!qym*^w9_3aC*z>
z1~ct5$As)@?w{M@FFRyG0g0PC0?wS`lIGUp(&=-G?O8E+_4L`rh1tR*5-&a@HSxMv
zZcV7xG`r<4$ydvt-5oxyh1XiAJle{QVd&h}{G-FI_r5k~+I@3c9?8|uF8E09_FTG^
zBi=iv%`WWLYe!>iVd?b3c}^PMFZ`@W!mBlSV@b@{b}fI-{k}q^78FAS7!}*$;M}5T
z(!ZcU#*<+7QY&{vbb{8L>bv&Bto#WEYXv_}yvX>$cn_n@MsLS`oV_%#N5;MK2D85V
zOp*J0?L!n#29*>{!<GeBPHU~RJ}vP8h$jC-YykqK>JsaI6cj^HnN)%+1=1|Z<|BKO
z9J!w<Gma2rJ>R%|jw*4ie9eK`wOnQZbUm-_%ceJPYu>T^0Gk#8P}lELRwTY#)}`nI
zvg{TcpJCL5prj-t^~*V?zWQAZtd1HcqkfL)vgBoD26U`2D(E%tLZeq5;_KFcrq-8Y
z1W%m&R}SNaDw7xK6F2G21CU|SDmBdJ%D(mOiJvui8Pu(+CkFK)GZ<PfmCv7%xw}@+
zlV3+gxFLX#g58zbNDh_-P6msPw6+8PM#>-lL=1y5QxDb?hWlIYTD6%mGkJr)@><L;
z1b*E3ag!e7Azab_)t_<r!lA`?VJ=yp87FKX@n)^dNu-aRH0#w2_YXeEWptQ6iLN!{
zG=mLDgX`C#H}BV*HzQ@{AF7Vp9F^?lb?W7fao0-mV{h0?XRjd7(>S_mRDP&wS<3#l
ztk~b?F|K0VAqBa<W^Hw^cFu;krZ<nR-jVO!Rp=Z1pGy6G-V&n^-w!gs9gj%sp<be`
zO|GGIy`3_h(KraAZzPV%@8wR1!WL)x5gS|Rg(*KlORz$!Kc48*3&PYxl!}S}X0V<C
z8zP{`mzIaM9{bM_R=Q^n=AhtaxR9tt&mlDb<rf(B?$d|$Va@+gP5MB47%Mh(-4>$g
ze}Tjzs$Noc^OsqPmOk+QP6+3t1}DTjE@kG=e~Emy>8%eZx%+~eKMQLfm8|KXX^lv|
z#6?SC(U*RlB#y<iRE-9pHS)!MG_pOc`P*bo|LNz|6KYmjb;IZPVbQOss0_4HXPC5x
zr1DK#cZ9!+@iXHBu*g5vj#Ny5<VLiSXY7Vs{<Z!=s8r+L6CwCXfQMldMnRVU4HFL_
zQQ%niB*2Z~O}*W+pL?kFx6-r;)>C24T|aW*Y5@0-F!2@=CA3Yl?CgB1CjQ0y&4F8Z
zUUa%@Wok#=rQ=K0mr45}u9pS?8X-dxK%)aN06qx-mTCYF4*|3Q00gEBf#-E#)^z?|
z&@i3$bC*;kSk0!e=J0=5&1SWnDA=r;CsZU@O)spujhcRwmiPJF+xsuQzcf9}xt^TC
z{!6baO%7AOMT%`;r`O@pA1;jxGdh)#At}A?51>$bDWvJAmEmq+kiJ1CoC~SAp#(Lm
z?<?$@%->FF%>BBad*(}P*G5GOR>b!2Qks=2<Z1Q!CQlgWjHr^o(eZ#Km)w3bSyKL6
ze-0`yL^&G4v1cshzji&@Ro@CLx@@<OQSCn}yS5^GZ3O&QW!I0)&Mt8c|3G;S6?sct
zUXSvcD)Lskyw50a`pCS_O;MBcl<keo&SLuu+mn=cRz+Tu%R5+k?G<_0VXF7i&&a!|
zA}{Om9#P)Piacx})w@l3-4%IlF7JoR+fb3W$mLzByzf@zwY$8}D(||Hd7alq-Jh@Q
zn<}zzjIyUHyEmDg{!OQ(%uD~K*EKL!MgFIv$Ztm!dGe<edAOp8KEjKk^iw3VYRCzG
z74rG|CrmzdQLr=HW%#$rreBnQ<A{#4A~~0Z-Lf@za3X<=09&@&E+A`yV&0K}xu=-l
zL}S($DXKcPEHkU#|MFiLtM}+`TUi_HYsPgJCD)iZcwx9aNds(ru{yt7PwAeA(Pb_*
z-Tf;)lT&RuKMLM32&y=TM6--k+wU}UFwz=TvWC0>JO7<H$LLcQhg$mTHY(>|ZB4I#
zFAt?>LMpOlBdn4aw)tzWgU-)~C5p2}ngp*uPIiJIabR`q$1Zm6068K3Wj?j6Doy%!
zpoWj3uBPPUWNY|iUf>PP2~w!yL-(SEz}rk-?Ak=V3TlFhNh<fVHLA<@3IYC0eplWQ
ze=$P%+BmoX_YYqwAE#3<z74e^imlhOK+Bm#H()gI(micbp05U-_m^YOBnr8{0(?;!
z|Kf1zuR%GP)BbxYTfQ9?TR64Bzw@ksDLQESy(C(D@++si7xS6`DiKR}zfTo^r7=<D
zPA%;<u6tM{C@!qyako7dowPY$S0H;L-9)eWwM{CK-#X+KgHi{01xwu0d0!Svx>R+V
zg0w!u|M)T0eX3Eu*Vfe^*FN4zQMLPmbMKL*QZFg1law{(U#-ramVb3r?v(u43?yh^
z@#Su&6Zy>;<Llo#fBXiM!v<X|-MZ=rP@=IvDDM9%$def0e&Fo={~oAr1;xR8`6v8U
z;5*LY+bqkk-k3hno1v^@`{&!u?9R$l(;D(TC<<QD==3kZ_AoE<wO>jw1VplhwLcd)
zQ7bZ)OWB!e9CNP(flwI<8jUlC^_0<5)0?$6^eH5eu~(&F)DviN@M>P%ucCi9oNN53
z*Ac`T;=&=Nl6)OhSLNSE<uJ?d0xXCoy-9oV_jLy^ReI|egK;=t=8)?E*zD9~JTc5W
zImn|+<o!~4ZwvDd3G$Fh^1g9{$#qKOC@D{SK5F=9O6^+EsN{tQsXg4Xw!(3-llAOt
z%Y)%k<FfZ0tg@^uJg)uiSf(IDEOt{E-AAdxpgJpvOo-Qaz73Y%@ot-y7(rJ<li@$q
zcR`!BC;xhS^)WiLs_$`b!mddZ9*3It7C(TK=^<VGrMuD7s~)2_fhBZZ4Gf$1QvQwf
z>UVjIw^=uBA5hM{#SdD&;@p%D;h`YDm0oTcpH#gozkAY@U4?DK+o`z<pGcx6ZVOc|
zl=f9)Yt(dMgPM+B^PSpV#lP;nScb^6Xdw4}_Udzt-U<DCV^G^|QWguUJ>~BFlaq?u
zM|PrUcz9f6QU|tAPBJPjpSoAEPN7?jDW$STu4TWEk-W~3j5*nn7AGyd4gb2y0$Pa`
zIgfFvKi7$=BP6(@e@D9hH3F*QYY$_FyZGqfQfnv;>o=OhY3h1a3{J!h6z!@f1jyZ9
z735DTEe>jy>^L372K7|yulNB%RSbbP12pPt(fA=PIL05wK#wyvit=6k@Mbvwmq|r8
zG$NTPZV(-#(giCWy$-Jx0pr(Bx0c-nbsFQjiWn|bfjZH1I<0W$0dr}%qDrAEYNaYd
z8^piyI0?r{k3CH!$Lr2TCO>r^p#~Wv*@Os*h-A4{i8SGvAIi}CFA%H{XIOvs>a<k5
z8zNE3!XJkF@{dm{tQ{fd!$#Jq(C}I#fV@;uTB7$CX#hk@YzK}F`e`mTN+<hw-r3f_
zl@SoHxN@ae{CsLbF+JCPtuvQxvJW*fJ+EjkZk;=&*DIdaRJgaVJem_I*Vo*I!+HTD
zx8?cehuh^4{fv3sXIpV;%QsENvj4^T%cRiR3GsPEL&`oW&apY7-7-m8;x5yCKNT0E
z(>NP=PO~&x?%)M*(cUPP^3NG*BLv?inH&wcK!43>i=<pNE2sQ|437NmD>c0*=64G1
za+|}8K1_kGr*3rFfr4AoRQP#==DLV9#igefZff{ZGRZ40N|H`j7@n(+92kG;wEX?0
zYl49iLBii=eW$Boa4TJ_^Cx|eVRc(LtRDY5BJ3J0I#gtgFA1-q=hmSqyF{P2m;M-3
z(N%f=Bi90CT)33|?!JMr1^zm2q;}bU2y9jB+P>CKT%gBK+Y@0~Tw7I>=>9;bUiE9)
zxq4J#r^?S>yP)Cyxv|(2>F&FMQ~e^>?oo>SW>GJz$K0wv`E6AJDYc_=I;Q9BVz-fY
z_ByHuU9`S=g@L(?cOX`{BYR8u8|UIQ=lpBki(Alzs>FLO6h|gZHimQ0kXJyU6r@u?
zo-8nAPKE+u42mwrUD#CUXk1X3(;Rh;&?pc~bZ#H9QrUWyNN+A~;?LTJ+3mKBK{77{
zmsjG5e6R2fXI8J7?JeH!O&RbCuND4Lc&_i&N%<%CufDhM6^o8rUvrN(c8VWr`WFL*
z*`}?O`42_sBf~Mi#q3I@v>TJ&E&*?ofF}!pm4?S_AFw#IkHC$~K-}xPU2@(3CRLI^
zngyiJzY-vWTap>|TBS|d0b4eT3k3CCnI1V1mtd7_D|yA!y{-Ww2!<DO*yAjU@aKDI
zLXgnU`EO+(Vokz0_T~D$Dd_Q`)M}V}xZ9m$pBXo<^oYKz!NWUqe=ogRw`Mh`H_zLT
z=Q}V}n!K?)cpVeGHoDiE;5Fl3M+dL<?sZh~TIXJ?gV&V39$;@{>17nv4Gog|@&-a8
z>B6E?-6v(g!G_?e-#bA(p&P60oIN&QvRZN4ksFI_cUVbdNb1-l)vUMu^!DfQZGS3v
z;Fq_&su{0CE%s4^qSZ4*!3t=jEU{xSEHv7^KkDUy!DtaiEf1&N`a6J|-~Aqz9!(-Y
zD2&ZNo()@^+(`>`iA@^{<cHpx&aXp?I(cc;JuPiE%!P*5smLE%8FlCBAI=Mg)f&UR
zV)$EtQ0~Y`>JkNCMHqsD4~Ik>wOUb30ht5<HX9C?=H4GXos+ZOC2Q7>0*FA?`49a~
zb`r$CIk@VhO$|4C1-IyJAKqmRmj7-z3U@Y-5U_mjDClE=RyYLMViHfrawD=Ha{D2H
zqXzE}3ya}{|Di<(%WQ=bg*0A%@CYgj#>rt`Ixin%n2(5Yp8uWR{ky%f!cl}R>*KJn
zKz{e-#HYk1@>}<}LW5ruC*E8B0%g^>`&G#2xHgl|j7PNVCOf*3eR76RDnE2l`pXx=
z&fJ>((1P3-^FwFla=Il({bu7_;WKA*S{~A#QazU0EjyO|Md#<Su~l8QY)a|xf!{PZ
zQ!nK&{U$TbL8~+nSje2h+Dj&Fqw)#Q=w<mLP=nt?EhER+w>5VSeua2PR5E5+yMfaL
zy<;9oqtbU7!nkW7pSxv6htRj|T7FXLg0OA*6N01Z>-=Y~0fBX)JNK9Cg#gtpzs7+h
z800#@60AlXN-a<2T3Ln@>^Vr%#_@&sE%8QAu(BR)Fs)2za1j(zsu!Fg49}I;vJTRh
z`7lysU630W(ziz^Zw$;jS5uQ+eUl%$I5%E5z4UyOoN_hk;3F&uV0BmD1n8x^J4^%u
z+Wa7*&Cln$mPM0}<KT{Ji#r$Iu|zae=a?@KKq>PnoA*NbM1!LfUZL@I5uEe?Jvjeo
zx1%xdIyg5*a3=nHaE8j)GTcj>10M0M8URJnQ@=s-13|L?QW5ej*DO&X&*v>Pc~%gy
zr!ayx?9j{iw;f_R85NYkNFg_CL;!R~!?|($XlCv?S_)_^&#|#QNhy81Q|ZkMtEJ<&
zaX%9fi6WAiu1d>%J%Mlq><x2oEZ!jkyHONIpi9u_!ag<K$SK#9(QQ*)FhuBjX8CWm
zg`HhNle37bJGtWwL&htxuUyoer>+-#T5Y1n;$FSi`GqqD4@?Xw<+#bB*Q;g<q>b`B
zq&swnQUCU;lLvoML7y25j6RK`gobcN1ArI<La(%_)KyN^3_m7OuF1}`)KR?FQnC=H
z>WPzI&=&Z=s)5j{hKR9Je<f`ojzs{9A~+~#yy_a4>-y;wuUQkg?5td!ze$s)wdM+e
znei(?%@kT?|K_{?iN#HBoSl{K{$KQ%U7++Qd$`n;7=5F=_{q{eat3bM{Tp!AAn->s
zt)XX3^GNYyc=%sO*a};T51Rn*^_%u+*K0fYOJG0^N#-dAB-`{C-l3iQahY9$M_`r%
zEKah1_w_wI6jB{+&R^JDKTtEKiL&|;8r4?_GkcZkjX9M(ZK@IRcm}-v7kECUJuZZ!
z35BjUXi69t*wwC?EKE#SelKWC@;;8GQk7}nA-Kz&4Fal??s*7QT_@A)?~<DMm!11k
zFjqIhd+T9wv~HuhQ#2{mj8iuYyN0*oxN!YXbWv6!;dFNtQss}+7LN`M84*1T)jDX>
z8zCuuHf4t(8?~!z#!Uor`8bsd<u%=1Z<PWKd8|!4nmyLdc1!;5A&@Ojom@v>QSAET
zE#Bi@xCg~P)%4`FNAX?>QH7|jeoN3A4t|f;iVGLD>{xTExA=bM0vKNV7GpRQP(h1V
zWVA4+F|HymPMNc)oTpKOCjQeH%0C!~%@9jkdI2nxdUh7#3|Wln?yDuSa&_l<D7}*!
z`Js2DyFbfYtF6RtQMuNe_3whhV~*BK78D+ti=LTV=$l(y?#(THv}tZ(dE2z%1q!`N
zZyr6P6F}*!#sY;miA2wRLdI@X8?&Hg*NV)7mYvIq?Ib>`@Q61B&&Y?Gd1Hhw%$mAG
zWmWg>CU|H5sJ_SRWLVE1-S>FP9%{z!s2<?rG$1|J!Q~xuFe|s`&J)O5uh^pn1_{d#
zWVPm1Z!cdUmGw_r+P0*!)}U87uSu)E!gF4=@M<fpUNm^qK2z6Q@3NOLiAW<7;8Z<e
z5#Z5#zPESEK=~|T5EdEJ$y@8oyRoW3?hd4=)viw~f5qg>`TgmF{oo&Z_@ahI3s6+;
zF@t)^bqumqoKfz6rwRwWVn<u?Vm?lNZTSHqGcLJgLCf8j9ImtpjwK!0fE`}T5Wy-w
zRBxjPZ%*}XqPipN;P->hkBfR%y>0L>(TjS%O{Qu<nUUT8xM<+IE!UXqEdN&M+l6yX
zgjvc3hKZ@x;DSxrHST^N^rl%c0N_#6r+x~zl?|s~>BcjIPt0$A&J?7xTmHb*^sT<f
z_wyD%!VvpIzHf<b=%A$$UDMK`mo7}G^T!e$j-p5!KA4t);gj03f1et{I&hY2{5@I-
zA#(hM33dKv&LcpV+vJ|;%f37C%0GxTXh08_Iu`|fdXgmCv*}YCQv1L^@-of~+Oj#6
z#x#c-g(7Gh1+6B4*6VQ+t;!JOF*UTUAG{*rN*s<aGTMuO<4}f(FbZo`aEqy!7I`W=
z>fv|b;EH^u-3LJX&@K(bI$07>(1={r#_mA+ibuh^f)8lAfDag;u2}viih1Z^WfV^}
zw#h&8vBL9RZ;;hV*yX*iIYqiek#T0cs_xJwZ>>yrXPdPQEPH=tjy1M?QsLpkpMZY(
z4@(~nX|--0V?T)TmFaO|?-CYzOT6lBglG0n*<St}6sZ80*AghGv*jtxNU+r3a1YT$
zBBUwQN6;3f8|jpc0RN_!-;gb@vV6qt|61bVDkej>pC&i1Q>Wle!7G0WSdsx_7KX`1
z4H-q~5dn!^wR)DYEBrluTg?HQ(4!#9RDY1M84HXe*hF>jsyQI%?BP_uLSP+;Rk!|A
z5dY$Sm{vonQD|n<x8agVw9ow=dpz!N1IgyqlkAEUv&w4Fdg*3PP*7~L%U<=kQ4<4d
zz1*;}7SX4ejE{MQ7RW&5h}45D4QrSSMIMmx%RRE_ua7X*vgzVKF7+%tAWwrnK-y#z
zq?xgfc>G(Tzc|Z9@?VdfE?7ECS9o)BV^ZihQb+9k@|AkvzPmJozCqypulyd9u#ayP
zu~by~@{e1zT~!Wh=q&!?Aznd?!ZX2-Rp`xMFo}~5sEbdD{BnG#w{^+h#g|9LQ?B^E
z)}6us342xF4;CZ(b3n-xVh_K^I<-U$Un-id)b)C6$&x2RMeLzj54c8-WB8rXs8|e4
z!80;M<)yoK?=KJ>J-~c@kn^emhT83_#9#ITDN#IwzOewoE^j}*yI~V)tCxCRugW9I
zRkC=CWwJMU#WvP5XKBS^Z&_Q^t=t<MFaO&HQM{@nt;g&1nC|`}`X;QoS9_~A#FaSZ
zAgGiZE0kdU5~zFSvw*?Uugd*h*tXe#e4g)RE$u<2H7d<$>HNfVS9&d18_Ci=&r{o`
z0-V<={}v25!t6GA_@s@b!9E2GiCnStQg8vesE!z53}W{?YfwwK&s`}IHA0+gPOtW=
zH4uFk+H7n3sw;%1)_xKf|A!nANbQNGF_$<U62NTDgg`+WpmcO1f9w5&V&K+ztDvqp
zvQ!(@Cj}p=JD4QpKi-25Iw;8W@8_*NpdmDTXL$uGk88XSl;#V>y@EJ*cg%`u@)KKh
z1R|#HDO6(~uu9qRLiQZsBPmpo^6}(PyJPS+#6@2J^p!KmsQV&Lfv+;o)EU)IcJXn?
zRWD-H;{w*0?5<M{!tc{PPqB&M6?QsO4y>px&N>(GXnK9W(s3?&tn0Oa5XC%}@`w?D
zkd_V59Oudri0bgw_GU0<DAXg}^E#4e!wnbcaW13j5i+_THIamGGcp-Oz5A}{efI*+
zbCwBlE=jb#FM<C3h@6Dfp5%26>p<vq_i?t8k{2TyvS4gO#>Q>AU^F)j7;GKe;g6fB
zEz)Xx$FED<1KKBY*cAxG6*{E+Kj#x>f>&I+(qqHQ33V{A!(kT;ST}qb%phfGMA(&I
zVV}lPDEmVV{)xy=qGcKU>7M;bgd6A5!T*zZT=OqcoIVo8wm7)bHpTM2Lt^R5L`zv4
zA6_yA<paK<)=K2;qsQeYbtJ#7t~^x&+FP#XPsGODB<U4=u<i1>@X@8T6>}B`FEy99
zif54qO89b^o)9?OzvynbQ8mDa8LrzjoV?9@i8wPzV_7@Gkw*x$qfIKb)7|NwKO<rB
zAUxUz%sv5WI4+fhf=Cwn$699~eN{IZ5lP(f+ftQ>Mrjb5_O_?HXHc@VGSYCP)eDr{
zEczzp_LVN^^{6DKv6yWqd}IIWU428NSvt?h)r52Ed_wJ3g$m&iO4G^n1H+`*3yx0k
zA1Szu{A)Got2M=yE)VPcnUz_oCw#k?H>VQ|+V8asVWgoy!vX??CYIJls5*UUf+20(
zXb4A&^I-#IT6u)x{Bl%(q~g3zXnZ|H<J(qypLCa;lz)yq4fmJ-DtZ5W2$8Xz^4qPZ
z82z7QT6|r)NA7x$6N|IuPxFKlp2Q!iGbA06tKL?gY62>qmhO3%jk-Xu1v$~Y`4{H0
z()l5tTT$wv8ZGZ2OY^jJP0t~EDW1{pl<FA0A*`rbbE1-7tSdjmYy>Yx+8bm1*H4p<
zd&-l=gOVofQ;b;RZgw2a;-L7EMz8n*C?8B~QW$7^$s+b0FByB`p-~TZK{3qR*I6tF
zfdVtSCz*(THY(!yo%0+%i?pB9E-ri8d*TW6{N5I|T4SQ(srfj7Eruej=s`PwGu9Oq
zY$RnVfA@veWiJ_4ivp}5Mw46tSsCfgt-r!4vykA3IjOmvq&l~HhgV#!$40OE9&g%9
z-n2(s)4yq*Zeh1A{maoAe_*3>KQv0ZsQthLJC05yF%mPns=2129s+nTpW1-mj&1DW
z{v?!TH+$2DmC)?K4lMsDaa>Z@UiudUt@-Iy)g9wn)0?;29D1ho!pQ7V9fuPt7F4(g
zM-ptzrWO?L#vkGh4<tb^`*8$li~zB=N_XpXIeI3~Lf>v~Xr8`b6&JNw&uSRv<B_v5
z?u-YX_DgrKSNRz*@$<RQcr%#SKF{7Ai<3nC4wUVjMhR$cGEW(MI)Wz)`9RJF<}?AN
zYWtk3YGj1d%Iu$@&GodYPnHw`3JciTAN+oZ&t7>=gZY1&m$B;z|7mt(d5$b5HQoBF
z>V46W)(5r*lznLK`r10q6s*%eIZ+AaO^ozd65V;6r;4arpXX#x;@3@Ywq0PicF?N(
zW6kN`%o^n)n>!X1=hs@C4SVCvN$fzOo(Y51SLt*g`LAs#9zcoWhY`VhZ4~$`Po|Nm
z0S)DP5&B3rU-%m=Q!@Q*?u4NG2a7aXGkN%Oq4y@=gWme~5dVv`ujqDI+!o@rVIq23
z238->q{M-F1Lo~6E@Wo_YT)QX{CB7M!ag^Cc)&`odeEA}1y<ANGd8MowbApajz>U9
zl*!$zD8tdK?<BZ|_2YwH-xCO3?OQs(;8y7(N?q|lk>Eoy2|7;FC${JvX5xvEg2@?#
zMGBFC@7%Tz{tRhrGP&EYRb*j7>*CNA@h#wzE-m&%*3=-km*eQO&r2CFRjpk^B35p^
zP1r~65Y*cSufqV=@*@6K^8Xa0-%{BMos>eetds|Aea#M>6e-2Nv&ayzakffxFCEXj
zCEHHtB+wu%lo^NB49<suqGf-acvQOQDocz$K6EaYl;CnpYyaTQQm0MQoe&RRMFpA0
zGT<U-4!Fpq{68(LP`Q-G$+e4Rv6Ha|Oc@GHh#*1i30C7yvvdIju_v<MI|8@EJ3151
zMJ?4#&f@XHId(heQfN9Uf7lJYr6VQ>GAigfW17*^O;z|~?2wM!+bESds+tLq`A`RJ
zrhA%4kFbuu4oFe^kW$rJw<_~L`+1dS<})CwJ7BSqs6)mEOX&R>@_LE#y`migB*HX%
z!(Br(p+!(93z4f{p=9A+Xy;$?At<($9m8VH`rXG7kGmKhXw!0S12gjiEfPiZMfyiK
z<SqeTy?<F*P9x?X39sd$EbaJ}`qE(`&YSURB??tvt35BT`dXcI52OVWF~zM1?zZ7h
z9ZCYn+Jny`&?UAL$7G5`q+Culgh_W#qXXfRiSx#q)ewk8op;26905Fif}x{dYbU29
zEVx)Mp9a3?6UQf})F~2~E!UO&U5=coSvkT(C(Oi?2><rImb;e4IEBrp{5RgM=0j9@
zFoLA~YmOjZ>01#_EQ*GNP-mT%i_p2{;T1<#<`(`iWv%kdACq`=VQmk;M=Z>)87reE
zt9SqPJ22LI73U!npc+@NyjU-zPzt*M7#i?)LRF#5z-h{0nPDLvh5Nm}LB8qV<xL(=
zOMDQu(V7aW*^I<%P>JG<F3295Ql?U9XhI|eht32=w@Q|DG;(0x<dF9_6YMFLpxyAs
zp&oJZusZUpH<%FEGqSaa1iK<Zd-@9Vrh$yLPqQiUFEZsqde{4F-sNB~D&NDXjwl#i
zs*&!wk?Gyoo9_NGkACg<RfFcr*YLX6c)j>UQ9<W%1+9mT^VfoN!@k$~2U8!>Ft3=<
zb3Y?`Y#$!!;Nb$mV0W9gUNRy!9N*(hZx89U?!rV*5<?q|+V)Kk=|8MzjmBFU4HEEU
zOY;JFA~yA;E8BC}=NE?U98EjwrUCVDKiyH1n5$k2Pc<GD+onb|4P;i3_<RH_{(tDO
z<D|T85nGEm+xm9bdRz9q;r>&QZNXXN@Kc_qweM70fny9?P#V=?_;ibMY697l=`2YR
z^2T!>>il`{b+wzkVT<@wnI^}tDQhKCka{Xk)wl%;(6T5n{_uoaj5Pyn^z>Z|F_L!{
zCj{E>K9p%{#rR}L6y-UhC$|y(fbN?u`6ent-zVrhF?N<aGaA||?K(>9OkPab0WS6a
z2cLYS;_fy{5cE#Q^Nl;f<guCL(A#3Fg9cJ+AURIqWmZy<@-JbGiy~|iqA0Z5_hfIu
zX--}sik6i$PFALhtPZe%14vE4fr-W&TZl<CD3oJ9!CNIfsLG29SDE`<AugYV-G8es
z&YUW-<3yuj1AnqCbA2U30IZ~;u%9syLaWZqwz)06%i=JZbFg!$H+cbD>{EQS*~`z1
zUv=Kge=&<gkHOSX*xw-2gSW*Hg;4OTpx=>GjD8uB&nYzaMmBOEbVRwXzLme=^Na#B
zVCRd8bZeg&yfHT_+kNfQuE{}Zr8sSgrBVC7KdZK(YBcrb(l)8vC?>)wn{b>WUjrTc
zOrt|oF|9t==r`RSEA#q5nWv=8Qz&TIS?4skYb3wV?@4Z8Rg3;IIji?zuKya2fDyg_
z_G1oDmpvW2McHE<DcratUqj|HBT9mLe;4)g!SNH+)w;IW^{`Fo!TdR3ui^+fyMvr&
z5o*9*gB&wNh|8&RIeHCpswCUwq+E_(gPc^5Gc?7Z={3l4CIvw!E=R9Hj!i2-^IeW!
z_3PI^74ov@SfgK7%Sq&L8WXCveb5a};!-1A>kY-_mrp?mHfc?+%&I7Lh01l?r<iLt
zEzmHW>I$GCnguW7_gLn15Xi2W>*-6_sto^YCT6YSZBat6C1?UBCWuMZ4E+F+l%L-t
zHip0vAe(<V8?~oT^#-=`FUwSQGNVRUSo~P^E?JpZtzrz9+V6mbV}^$hsq!XQRXwY|
z&=!jcg%DQ%A(;22PYz4A6;Jcc9Y>U|3wwP3`IVhzIUQRSCzt*hPDnB(B*Tq5F&(lp
zWc+Ox@1wSnJ_d0_X<{L;fiKv*G2a{0xkLjQLh!u7o*$87<`no^w#Lxiq;ItJGU4%7
z!hHjxj7^sDcdu)!%fK3xP7kY2Z75|wlMM#+{#cp*S8;`z^qBcx=#oW;ct|^%Hqm~H
zbxwT+FUI1ZokuC#j}nnzh4is1&JeGI2bc}g(0#knZvEwRS)K1CpN}<AoDd!v)97?*
zccjB1FCBFk9kVXdF;@94+tOG5))3-OPM1!hr{!0{RngUFomSDiy{_%3qqNucB*mW{
znY;c}j!y!BBTSWqvs0_)mhG2(a%4%gXhp(v9_!*p3+U0*zmpK>0Cyq+O|k*((7<Ki
zr*p8P1dTVbElL1)VLhUQmv~mdrBOIo3TnS4<-d<3Fas)W4GFLS!c|j{J)ifSDyfqY
z+PtKOOoob8TOh`;b|$ZUI}G&-QycuPzF_4<_KSqN?Fr!t3TMJd>h$G#e>ynR{8_L1
zVJ(JZd7HAs5wN9i#Y$`i_L-F%_NisZigOZz>O_z-ARJ1s_^c`+^Qgk7O_2yEp{W|E
zpRJRkO`PeXx>}kajHKAOHwXcTo!BNi6tSGaTJP6?HY6KDE&6$?kn(R7g+g)!e`Ed1
zlHPaUGu0mrNxPofD8a<fut|TB`!S~5i|bO7@j|!T9FyaL=e3k6c|Qw=|3eRo6+sF1
zft8!i%a)E(i;dCa0O{o9U3pZGdstA!S1K(OWkA)wGOLq7rHAs4My}N+Ccz}8>g_<H
zjR;Crah6#<@7+FYQT2ktto9JJ7vgk<K6H!m{sj?^Dzi!W40Nia`tc2nXn|pLSrgkE
z&VB|N+B7}!^2-F)iNq`MKP_UW!G(!b;;Tw`=j?&wMVX9%y}VuHE$a<zBb`3Ko?6a+
zZ_U#ST6)txO{7`U_<49C3+1(5w)|^VL(yU`&oWa@*4N8wtX+zzGj#6vY!*EDy+yO9
ztjxVvL{-lSg|jpjZ6_A?BOJ1|edeN3>CIQ$zSG)y9}#j0%d&ROuY@AEFNaMoIQp%4
z;IhQ5_qv3lwzz8kq_wEZEqgfI`Fd6ED484WIGeH(yR7ihh)?<Nz?cpOr&vm<m1N#s
ze$aNbP`x#OQvrvYmbvPom+rymF<iPKoL15-wOt{N^D<f<OK1Ai?B!x7KV9w>t%kQ*
z=se_Vhl)EE6sn?avkDsKd$S?=Iu;AnHzD0N?un5~p;z_Wvx`RCLqs_5BlhkU79nD$
z6<LW`A6aW`&t|L3Pirws6aGY*d+`*V?f7|Veb~LG^C*NG$PRuJ9=cyVKAr#fZ4wc#
zP+<|3)k#k~!^+Q}Yt!9S_hB1zNY{2ZUaz(B3gXQm@Fz6dpM)B`@o?z%kMatx0EgOP
ztKoS;A-StEAGduaeAgi^`dfj|V@Dc3aMWDUb3VfACk%Zy1DcC@=P)Ej<!0rFM)N^W
z{*_@la^|#)8csG27fJGpE!QWVtVR%Vz7dtwv%=8S3#XWh2Dvo%pA@huxo_|Xd*L_3
z;fFZZ2I~uEK)R2RODvy0O%&H^%CRKf-Af<MtYn@-;x(Fc$KqQ~cVA16I`Ua{<cQMl
zknop&R4{B>+d(%l9wHTCu@%J&>FY%rz#k3z<dlXwhT4!s1&gO>gt3+?)@~jAuNcw;
z-V_eRI}-plL~IR~6U_PTa1<!1!A`xDFVUDV-Jac-{e0p?;};bx{3oH`q&9r0^Y8sT
zpz;+C6ok)I0*X+<@&x9TcG+3Lk}oll59-ogk9Ue#EJr`!7J>SB2QTGp4zge(3Y$o@
z^(nPQUNdstP}T8kkwx+fvjQ8G^9C40gWn<k>_&ixzY2N07)PG$FKV>~`iAjDRMzhO
zxuU1Obl|#Rin{$H;+k0tGIUrCuR2a&)6%6C@3c@Y-NRE-Ga3Gu*3FU7vVBE;>6j2m
z`kWC!T=jJKH>lutzKT2%2%R9vO6Mrqrp{*6;LA@2QjjqcUDR-@ETespXl7X?>VrV1
zMwe!@SO-p{2xUE9+$+Xry|GM3lJDCzgh^=}ya&1!9INulh~*0UjeBc_d_)#A;A9We
zp(_6>DOx8P74>%>ZuME;N>1g%2n?{gez~-(_z(;YgK0NGtMNRm)Kc3|1D5>YZcPEW
zM3q2y>RAe{Xa)hD_$K1`f7a5L72UHcfwx|Nr35p}0}xN24PrqB%mgbZiF4psVp@v9
z*5vKliZS?w1#GIkFjH46_1!qvKcxTE$x983H>x^j(d5w3TO5w38;;xE99Cn6Iu0#m
zLkt%P!?1D}`Nz+$vbxhAown!niyFMuCj^0!Sx*rV`i$pcl;Q#5lfR!gt$%o%imrOV
z<&BQ=4kS-$s7~7$hGCO_2l1pu3%j5MH%aWkP`cY3N0a!jPO+GZ^P9OyUwU@yoPMu(
zuyO8jA`lit3~cI0j_{w2&i5@1Vy=B%BrfR<=IeUg%I#rC7qbH+(W{5rvQ+ZDRO^+~
zV2S94mnPr4M1m{cWF^L_prnfNTIb)$WVZk|iqQDTrZQZcHPO@;^j)hdu!W0+mEp6n
z-CO+7++yu6ed6sczGrS>>JElAHzXlb4_ljj0nQ1L?%9XOYzvdup2*Yl;1iIeJ%p=G
z9~MRQ(^lRHbsuQgg0@Yf3=5SEqsH}V(3I=dbICt*c?Q~~dwyyFc3G1qR?$BwE2MLR
zLrUJfd3<Js^L-w*=doijFT-CJMDx(P^V;}J%z-<Hm%mwo;jb6`ZL`0{4<f&eyv;Oc
zXUHiv{8fzCYu{qyHC3t#ZTBPivd7mK7;)0Z|FN;Uuk+~kxcVSzYG?pke8QG3Up(!5
zMxvL|_r0XR&HAF`ZgR6|T|AZJ))g4=53uqIL#iap6Q;f|rA1xOUCO|D(xl=#PxrGL
z)%&S5YGAEtwN<hsZ4%w)F_5wpRS8amCQLg&l+{3TA72Ho$vj_A#VLiF1BUy9q70;g
z9)FCZ5k>~h)VQ|wq5k8nyBR|F@+}eq1h<)mb##>QuEm8ywL))k7p{m0ZTBAWqqFO4
z?)C~xuw4`yUVNu@xQA0)q@U_iK~HXDcU0TVFneM^8+D6M{evE<WGk?XwFEXJy#cMx
z;E}Gk(oW&jyUO<>UJiMvg>lFjVe<6%&5R@?+`0GZ?k|bnu7aJFz(W5E?mh0Hx^x$V
zmY&lgj{HSfXWOTNtY~8z5m|7weXJ|zG90Z92#EzSA>gOR9XneNM#pcRxuUUnggzrq
z_biKSm?rJT1pfB*-3^PBaeDP7WBd+%6w&omBkGD0;TH)%q8p62H7QnX%8GY#+-E0l
zR%Pt6A(QbmLvG1Xg@-!7|53JAyBiv)7EAv49d8T=JBx9h;?-74wG7}|cG~>kv;U_>
z@^BUvb#+6t^k}u`X*Frfx&n$0+l_c(teCig8GKF@bs+dKBfuTR_{IHq_W!}a#eW>t
zDRzdPRuo0zG#A(7xTRUd@=ACyHW@+>NOMCf!UTp{){&k8-L|;+kLY>SNc6>s!H@aT
z7V+b62N^%y3ih|w{i@5w2Bq|G*%4kBvHp8fC9sGy=DRtGmRhXEMXfc*_`7}{_}5>)
zDaiV|Wvz$+LD?*2=|Rknn1xl37z?LTBJRk1&f(mf?*LM<kvy!!QwTX2j1dDfF`%!C
zfI){GZ}!2Th1x2UN=IFF@+eyW;U$SijT_&UD!GEcH@Ny4jS0<x`UiZ>1*Y&0R*;u&
z<H86w6!Whv%U#~}N*OG2m*ii$BzIQuvS4KSM<9SS0%OtK2=X2?%;3DN@}fK&Ug53M
zvO&^%mvnrfx=h~@yKxBxHDvr2s{wL@*GO=h)X6Q&!dwh+g$$s7z}&*4NQi$DUN<>1
zpXU2An6sHn2#K(_b{D)-oiG}M02aQosD@uG&3aADRnTp8*=q%SnnqEJa((`2IdW?n
zUQ=ZP<kS#3DQ0X%)s1U!#>uXM6MztrsLSjfbEYuQ)IQ8OfXOzalJ3iPP13l7+&I!x
zp$)ZiCbn+j%+%nEu3!L<UeC-}(HZtsq;kOn06TC3pv#YVW4`B}UYe=5+Cg*ZMrF)T
z4gQTMD$cJP+@=DR`eEUCa7*rw`v-o94~<yVoahEQyb^T^eO=n#8it{@{zfY4`<Of3
zVlB^-&&aH;^Oy>ze_kJF@Y@7zkr?k^1{C2h_0tBPVfu12d9=u3*${LFTT?j0^Y*G7
zUvx~LEXBabG|!MKw$Mi;eB)M0tll(blj7D)pzWWh{zYvJs}0^{WaXwho6=RVzNx}g
zs}MrIyI<-@c!Ii`pbrv;^=7>w(*FOU7)wjf$yTXdhlEO$Hd*A7O1yQoYt(gr6)4a;
z!O%3R@{XGrope^m0XTd{(?P-Uf6I(-82HN+&_S9Do)^MpzV8a>anVV?3i@A6kb@gS
z0c41aiNKodOwl4C$V%i_QU63&KO?F&iU|H)=9!{n!kDBawVzRGN+RNY^n=p3ZZv5!
z7mw^3)uW34H+*j+OMZ=#8b=l~=+=B~;%naQAx2cR(U#R<W*ySlk+WN~0-i@K{ET4{
zw4^3MMWp<JFjos+fd%FBT>oR^)(jJZLNPuh7UTV~CIYg@3o=M%IyJid6Gks}Vs6I1
z>Dw2*UO%9M-mxe?q2~7@cm=(0b@fdfIZEk!f2xIsc}4m4uDoL38at;?KL7ezX!kLw
z>(ya^Xa2SJ)h}?w{v&oo)Fd4dHHP&ML1AZ6xbO##e!E$k^8P1|+NJ*Qup~qK{@sP`
z`=~i}y{DS~QO~M;^tE87pEh2b#8G?Iv_%{DVc~v5MI{MxQWVN#|A84g(Ui!UV2(LH
z(J%+jHCx()qW;=zxb%n{#zy7-15aAVd#2qN<*`tm!2c;sqguZX5Yj{2P!JP1hCy~<
zDQi#=v8{+$`Qs$rtZ0WpZJY74$<}5!EfXA(QvHf^v`--U(ovmK(BdB3TM6mzYVS2Z
zj%2?NkWG@LtgWJKs5Jl66EQGbnNf5qMB*FX$a@ocOnM%Ytjg1b=w`G&Z<Hiww%3fV
zVp&v$b}2l}XZA;L(W4O<V-aRaKM!fSpvoc+)0bvfRkpJ^Y|yqcoSdV!LY@|?YH)uc
zgBzGOSTG5O!)3PM(Md*B01r7eczb_OIL1HG!NY=BCI2%K*D?U8>;;wEg35SvDMCn9
zT%<WD0u2nlKJE;(m>^`e-Ar{2?F)n-X$)DXg{dn9tr$<7zY$CXOqtQ)Ev_h-1Vs&4
zo&TAjsNo63YJq`x0TQ7kxW5(jJ5oU+`KM4(tC%aMy~LqpZc~acS#iO%rPqI7Lda$i
z1EM(yFXHGyg}?s8tM2n!{-Kpx)9Ry384EZ@kmnNpqre{|KtLHZV5ZvI-?I252SA&^
zBU2FNH4Srz0~A=+DwcVD?O`4Y^#5b;ZNS|)s)PTvoe+}*EFcg;11#Wx@<C7%J`^CZ
zNuVe+p(-CmG)=QN_O)eV->cf!K`99=H37LHt)M^!q-6`V73HJiEl^RQC<KTKq!pws
zf>Kx-3QEm~{-rIV6!OmOp0juLyH~mH>%PzX{GX@yNj&<^nR905%*W2m?n<W8#uuhe
z=7VeQf+WRzotfqCxzy+--|SMJ+mF55OsY*uYn8?IGmbLn+G%T<8f_haGM;|-#%__@
zMU@*?Y=<yDwso>k(%a^fhwkm6cJj?Hri}5^3yHsEcP>v1=f-~?Pxs;!<DU5W4*M3w
zar%srO={mfh;Kbru791)b55Dl&TrcL3yF81b#fsomK_YM7yd2Dyo|>M*IYl%Awe>p
zZ2Q^6vy~Ig-4f44npIQMu}p07U>s{-J+QHMfE~6Aj(D|f*3kBoDTUp4e$GsK=50bR
zP8u7}l}+a|35*;6*?ddOiA}YT(5>4(eB11g;lvTy-@-8ww#k#((5y!9`Sg+ZOE*XV
zzVf&@OVe2K*h@x`7muLvH|$cy^iwm8I0&mYMQ*(9B&$7hhsYjL95#=ef9G-KL*Jal
z$?R;G|3vUUGq2rz%l4XMtR8-3`S5OgGQ8~_@kRPndB$zqJItBvd(E2AoE3EKp3!XW
zU3&&}V}HdQ5&h^da({S{bI;H$98a^yJu6Q$pYrC@rj>KcH=7@lGuMjoXU%ZmX_ow_
z+owDqV=jf(h?SHtw6t=9*@{_bn1OS;E!0laG;vzfVNVY>Kg&kQvwVlQ{^$6tTg;}^
zR91Xo8pTdffBQS;36tmv=ASFfyZGbBn){TswttE9QfK_ISKf0^wK~4!D)Zp?ai`lO
zF8jY(O2>a13Yx;%$?9giNia{w++?3#tlD=PPfLn)xSH-v5)GR^X9tDpLoYBNPBf)G
zB}seJW6Uk4t@qrersL2~kH+q*(#y@+!C`ZBZk$uT$xJk{(hKg1M9ZdE`<K|Hi66}k
zCQVwt>0y~X>>QT7gPB;2D^QRMRZX||ig9h?hj4B>-`qek-)#G`_$AK6Pn1&Zax3?I
zsXBhWi8WpQ{GH_s63M~McWf~`sZ!#j!<U#>3v4|On;YSWZQ0B*dYtKDdzacyG?$n{
zo@L5>wisS?$Cv%Fsi$d&E%BX;)pk%PWeOKti1RRQaf#jkN!<@$V(iD)6yuv@V49rF
zKJW0)J@NKS><NcyM&$c9_U968zUE-W{%O0f=6CoKQ!!}$p8XPkqjg+b+ST;-MBtKQ
z&%RBYwpP4;IW4*6duwF8y(U4bf780^c77B6wYs+4FWuBDzAKaCOE-hJfR6(o55CVV
zr}<aSO@ha)tw7w>ZTB^PKV`D*11GI)F+bN8FK1(y%20@pH=b>p!AzTzvPpI@d7#y-
z&Yo?ag;np{hKh$yJRUS{)?}LB;aex$Zr!qJu&Qd^k<~XT$|i|<(khcC)qm}lZ24?{
zag6OpKWH5qZ#wv+b>$oB+wp07xxF=h^Nwlx(AnFMpBa#uqDXn;j%(8&{zv0%c|PE#
zgSO>m8o1!6=Jet4ZnIN=P9gXM`xP~>G=nxXJmVEmJe^-}k9+J1(&4Y0i+J*;vQ4WK
z%FgYD*%HJuJNQ$Bl<O$Fz~A~ZJK&$@+CWpq^NVd(Q+{*$eAfx)5uh#R!ttL!D8I*)
z;0J%K3FF$@_KEB3O(j0&Oqy-ynnja2>l~)?*q_$E(ahg{w%E}?{2ec@%mWiQId_}u
zb>{B}+g`DGS9#l0AARelUE7vVIXyD>QOpN3ecKx<hklgXf7%bWEpOemt@PDT+JDT=
zvb)X3)SRLl*@17CZ~V)ZN0;Aihx@^EY(n!`@vd!ufASqp=OSaL^wry9rBppeW9aWT
z-)2%@w$(hoX401&qwwyFoFjLb`p5M#<&8^b3g&FK+UB|2xMcQ|Em}6t7)xseeOoif
z)a>XDq?VEoJkQ_(hv^wJ8ir>gEN3HP&O{`<8X=rUC~HK@60yojM26#tEZc|~HW9O&
z*vMAM-to!)-5(M6L&V95I0+FaBI3S?*oue~5OE(w9FK_O5U~Xjn-Q@I5q3LchROAI
zJeg(R-DWXA^A{iB{&?%QUvHUca}Mq8zru9n`<VZ?ng4$=Xa2d${<F(9|18^ot}U8>
zUTJ=gY~@z-|DERle=`67(2No@4*vdI=KoLa+V-Vk`Os&~8v1tg{}Jz1X60&DdZF2a
z{&?%PX8B{@Cp*<7FuUa2&HqQtO~x;*++~;5kC>Vc|H!G~ZEx(`<j%@t%);;=Y?;eH
z{IVDPbow&a+`jXId!{clC+5#ApYg-;o!^cV-*mlEyz~1<zGLca?A-aiBVV@jk68~{
zCnWVRU+`1=@Tb|nm|4rrUOy=Rft|J9l}t<V9`VcN3x0I%SIe8eUf%SzpJbAj4}IU1
z^?O^b%AwoMYZad{r{qTUKWC=2^3AcopT4~pyvJUqdrp|STAL#oQ=HznO>MRv9}n`l
ze71OIo;W4`Q56x`8k@g3{TA~<qSNY_^!fO*yEc7XT`M>1`6QRvRQ!**bmY$cqMcel
zVt?i3hh{r$*I8zgI`^J)|K0p{>bYOM^l;QWHO|rOC9vEzUF16__w4ic+m1hcyD9f6
zy@4h@*;XhmpPjh!y~oDF)#+@eJ!}Gddm>v%TRywc+Zs>T=6uCH*SxR##O?OdW(sPI
zZY}TWJD+{))66v^E}z+GY`3rK8>N~#t4R_j>ApBNo<nkzU-oady!Kao-JaR7m@<_w
z++<d>*Pb-HX_!raS)AUS!KZbwm*&;Wx;+Cko9?G?A3yPNW+i#ZJdL*VGIPFUm&x`8
z(L(vAede1`bb)LV+O4`-%bJC)m7CvxdZRs@Fe!IlruzzOC9OiwoLZaA?=TgO|C0W0
z-I4UEysgq{_MWzDf1P-H&ptq(R_;FK9}dlz-L9I;w$JT-vz=T`3r8f`Wz(CC%-MP0
zJkgeVL&l%>Z(EVPJ!*-|Qs{klCTVOj^{-84(weRMWjC2sOwZn_Fy*$VhxQqqf0a&n
z>0!^i^yWroyu-+ikCL6D`H<`($7lc0d{5#%fAfiDBknytwsGWNOrU?6`Qi5dArqVW
zW=?(W%l?OMH>;nYmT$j(vsoyZD%-DXU02VvxSMgVN!H89Y17Db{3qk(^Rv>-c(SgG
z+p;&#rZIg@cFW2ApdZ+7_ML|PB9XwPvyVC4u*;qR{Lp;ggZWA4&zqiSmv3fHv}<5<
zC(fSUmTx}o^x_F-fpoJuMm9fyP(J)MGs~H&F+TM$?KOVZ_pF{hCOv$Md<Btx*4{vJ
z;V?hPQNH<lb7*F^MYrE-PB9$2AiVw7M<#_h@%kmZ2QAs}fI9Re*L-h4lIvOJ!~b^a
zM|ST@{>q0Zm;UhXOAik(y>+^|eCto1dFdJB%MO3qeCO+lml{z5hdy2OnrE5sqBW|C
zLiw=y7J;9}3gt7tXR3VS4R4su%{Hv5qs`5Hbx^FIlqP-!dti%n?Fr+kXr3%Fk4e}w
zwA(-FTAedKY3h)CGDpg{l{X!+rzgJkgm3*RN4WOj=sfX|*$l6G$ZP>K9vVL{&SCtV
zI575c-hE=PYNEzH^Zk+LVT!<fF5je2zrT9>(6Ie0-~Q_DqvT`!xtICe&wREMv;DJU
z=9RCo^JC8*-I&9y3&tyDQ?G|up)t0h0rO~p&Afd0b#cby=a`>_Gq>IY6K8%k?6~dz
zmo7Gj%tF6^Yw{sya~kK~Zf^mZVSMBbHkC<jOvKxPTjB@Ytt-uBe~WzOQhYaDyk#V=
zm9%4>_;mig((PVkR33JZd0gea+e0fg1EXkjF}rvB1emGp$_4)?wYvNCcxafNf;l&`
zMJvZ!ae;~jXCaYPZL^o{5p%`<W4_HMPJNbnpTLZ(E6n8Z%iHVadp>7{zMau)=4V2-
z9kLB#M%crRb^BFerh3h|dS+NY+n(HIB5I*MyxKb6_t<;xdC5!6aoe^VUt<qMjT^mp
z8Xs%Yo31g#)s9)yAsaSZ<D9r_#?G|AU6XjymdAW5j9>RVwoT$Bx5N!^!KAundp~w&
zobZ<IaZydzSg+6BZSTpB4?W%v7Q1WB&Oh(_zA0q<NOJrrue}vu`bEW<jyp&-{$QR|
z+V<+Vnq!*s1^=?`#@E{qW`Z*Aicj4yxO3Z~Yi*o*%5;QysxfYQgxTz+q&~XTG@SS-
zjPp?+S*@&t+}J_m`<lmPt&zO_N^AS=ST|i`cYmf#@3HE3TWfA0zvhUAxJ2>2m2I!N
z(?(oyWZR9eUQKqbxkYMcfw))iwfVisn2o!qonB3kOzuCM!_xTR*4&LB-`AAaTo}yl
zmb5kJlyuqLs9Wp5BOf2%=j>#rni<k&Ha9oW<3VjRGf#ueADRcvQwYh>{OtH6XIW$8
z|CI#qi37|Q51KWdyy-FD`l+e)+tEL+wC`=i@8iW|^+(S2o_VeFM&r;Mo?<5G(}U2C
zusbB~zzt^VH(v>Kq->r|vn^>KiZSnHri1U0eLecHxexwt_EDjAFKfB`8;f%<Yx}-!
z_2SD~JcQ$pX1^-SS{}ds%(#!6(xrdaX{H?0<5nJP{>`tL#lZ9=^PY|U*E}vaU0Qjt
zxdfUUg9q<p?nC69+w8xaj!fl1{m4J1mXZ%@?<DgUhP82WY-3h8s{()i<Vft#c$AfG
zx=eRDZu_GpVyjAW`XO&WjK6R1o*1v0>$ts#X<ra{7+T(VJO0XpXPNoVE<Eq0Pd(}_
zwol2;(EO3l*ep0d?8}rlnG8&y^=(3H*seEiYnZ7uJ{7bL5zlERQBvXykFvzR9dFf*
zO1vCD6ERcb8ULP`d|zuJe(~ZvW>N6!_=1!aH@Prt(e1L@7TshlMUSW6csh=!UNbGo
z6z$sCJFw~PjGRv828!c5?EN3Tm>D-DuihnXV4KJ2&W!m7+iP+d+e*r2s$9LdM!G(p
z|80}T7v}y<eUBeM+`iOc?@!yGBY2m&<701eKOmTHj-N2e-!}e^*~e@<=`)FN)A$ba
z>uu>YW?CukY2)X#Y)`NkBlGJETg|PWk9OkA=xL|tEOZ6(2E>wicO`kT1?72sQXVs}
z+Qp+?x*R$9b9SQWKFkj5v(40-E>=zKP}Z;}<81UqqTSW#@s{dO<Heq}dy`ohp1pls
zk+(C<6~Rv4rsI3I8`+Lu)CD`rcf&aL*D;pQd2}*IWy`nY#cRqJ*z#@ru<2jT_#GKr
zDwOBDc0P-rmpB%G<xX5%o;!bWraXs!a+3MV5c{v0w|=r@=B;!4a@*8Af{}bf#*y!t
zZ{xYf?k`sV?mlbFDwt0w|Ak5U&8RRpZS8wsrcb%{@?fvT=5?RDZ+NL~7c-d5e}(d`
zcWo)(`rQl5_chCM8*ypx6FYwEqt|@@`Oc-={$yM}TqqwlhX%G^+L_OGBGaOG=tad&
zE#tG6l3B~B+bqqKBa+kgZ#M0Y)AKdu{oQZH{!X?%Mqi6+eiv?h!!@?|n5x9nnBB!B
zm$LKYN4ia{Sw^nLnhTs+ikJtzFD@Upk44%onmq=vHuB@+%>&)GfQ7jI-N2lSJ<R?}
zjVY_m>iRdub^FW~dxzUx5^Y64v&F3Zv#%D#ejoo_{G!$Mc5$*|{b&w6E<g8+<~fSX
zjkiq>ThooKYaM5Q{5f8O6s>ysha+2_(s=Podv7qVo+;$&_b!evvw}FM<e%~1S8d5>
z@{7+i?EXIfCdSe_x!NyligQh_X-Te?@%MjOay6}J*8rw`@zQeqcUBN*i2iiPH;tY6
z`}yK){At^5U$6;Hc(Pe!I^&z{Qqy=L@odg|);>Dvn(vSQ_nS^UJUBGibog_J?%HIJ
zB9AxNKh7LNI$m>S`_HUwITV=_!c(@J#<CAxZ8iQldHhssaNCEC9A-aYTIICFl0L6z
zbjyd1+kV{m!C$ssvZc8FGqzYq>>AVlp*}ykE3S{sH;0q@SZ9sx*VI`H_Eo#w;oD46
z&c5e1$?Z9IitcyKzQN3q{TC&J+jK9TBgY>$Kb>Lp&W;U~Z?<dWnYnfRrk}CX{^8qh
z{qbh&i07Nf$L`u<J{`1gz}<b^p}#cmtr|ZV=NdnpJhs1slGw7-RqWK{%huz{)<(7x
zX7;*ivsyg({y4(S7j_Mh`LjKItF4k*SlIiGmpj|uXa+>u#pb4u?-!bHo4nN&Xf=7p
za`LfvLlWvN<w*+VxC5Fv<+#6PI9|kL*f*c;pQf)Rm~tK500-bExCL&5LvRP&1^2*x
z@BlmnkH8Ul44#0eVDm;|{HOlg3eJJ^VEYP#{ZoDW+KK%$>&EymemcN>a+Bq08efuh
z<=c~Vn%<N6;wNY0%MzbQ`ijK&Kb@r4a#ST=?fSw~d2UkE)g)fI4sL)0a0}cP)_g<Z
zs6Si2F7$ffKI{yINA?WY{AqdhgYs7SpqvBeg|&RHu=llDyB_q);0m}3_Q5r99ozs1
z;1Jvacfs+kos6IQkPpB^@CY1%$KVNg3U*`}CehATa1NXYyWj%22rhv=a2Z?ySHV8G
z2Cjn}-~ikNx4><12=0Kp;2yXS9)O475jX;m!S>4|>|ffxVEfgUS-JfJ(JZ^*0=Nh+
zfjw{;Tme_XKDY+1gB#!g+yuA4ZDE~<Lg8vYndsDyp(If5fV<!xxDOtHhu{%70_$6{
zTAm5yQ?Pv{H`~rz!8vdq?1Bs6BDe(hz-4d+Tm}2!8n_N_fCF$7+yb}3A-DtXf_vaT
zcmN)PN8kuN22a3KuyX?1ADjc{!7jJ}E`m#74_pRUz*Vphu7T^|1~>pW!7Xqb+y@W9
zL+}V3fydwpcnWs5qW!@31$FzU^Fbc$f(zgxxCHjVWpD*t1^eI{xDIZB18@`E0=K~-
zxC8Ejd*D8J03L!z;0QbhPry^KV-K1$?Yk8me?ekKo`>887r;eu3G9K(;0m}3_Q5r9
z9ozs1;3l{QZi7Q`2iyhsz<uxlJOq!x5qJ!qfTv(b9(UF8y%lWV*|UEt&x2iX0bB%^
zz#g~^u7ImxA6x_1!3}T#Zh~9jHaG-#z+G?;+y@W9L+}V3fydwp*pc%vZO^UX95@el
z!3A&;TmpOGGPnY+f_-oeTn9J60k{cnf!p8^+yQsNJ#Zg901v?<a0DKMC*UdAkq36u
z_6O&{d9VvEfQ#S~*aMfr6>t^ogKOYAxB(8pO>hg`28ZAdxC`!q```h12p)kW@EAM+
zPr;6TxHL1LZw2STd9VvEfQ#S~*aMfr6>t^ogKOYAxB(8pO>hg`28ZAdxC`!q```h1
z2p)kW@EAM+Pr;6T7&+Vi;2by)cEJU35nKX$;4-)Zu7Z7V4O|B|zyY`kZh_n25ZnQG
z!98#vJOB^DBd}wi&(5|VI0w#yU2p+h1ed@bxD2j<t6(2o1J}U~Z~$(CTi`Z01b4t)
za1Y!E55Pn42poaO;0bsNj(`0s+y1$@JEZIL95@el!3A&;TmpOGGPnY+f_-oeTn9J6
z0k{cnf!p8^+yQsNJ#Zg901v?<a0DKMC*UdAk@t<$^&2<`&VyZW0bB%^z#g~^u7Imx
zA6x_1!3}T#Zh~9jHaG-#z+G?;+y@W9L+}V3fydwpcnWsR7X;eBwEe+3a31V}3*aKS
z1opsXa0Ofi``{Y54sL)0a1-1Dx4|K}1MY%*;68W&9)d^U2<(_Ix}0fGa1NXYyWj%2
z2rhv=a2Z?ySHV8G2Cjn}-~ikNx4><12=0Kp;2yXS9)O475jX;m!4vQl?3{x32j{?f
zunR7Li{KL21DC-Sa24!>Yv4M#0S>@Ta0}c9hu{vl3+{pY-~o6D9)Tn97(4+_!H)TY
z<(csh&Vln_7hC`r!6mQ<E`uxJD%c0tz;$o~9DtkP7Pt)#!5wfH+ynQ)1Mm<$0!QF6
zcmke+9s7Qb`Ae_o;2by)cEJU35nKX$;4-)Zj^78$l-Gy62Cjn}-~ikNx4><12=0Kp
z;2yXS9)O475jX;m!4vQl?ASNsGydEP&Vln_7hC`r!6mQ<E`uxJD%c0tz;$o~9DtkP
z7Pt)#!5wfH+ynQ)1Mm<$0!QF6cmke+ojlqfoCD{<F1P?Lf=gfzTn1ObRj?1Pf$QJ~
zH~=@nEpQtgf;-?YxCico2jC%i1dhOC@B};sJLU&R>|Z+ngLB|K*aa8BMQ{o1fy>|u
zxC-{cHE<o=00-bExCL&5LvRP&1^2*x@BlmnkH8Ul44#0eV8{F*&rJJ+bKpGK1sA|Y
za0%>z%is#Q3iiP@a2?zL2jC{S1#W{wa0lE4_rQJd06YYbz!7*1o`9!d$9`dr`Af$?
zI0w#yU2p+h1ed@bxD2j<t6(2o1J}U~Z~$(CTi`Z01b4t)a1Y!E55Pn42poaO;0bsN
zcI?;NWZNH{1LwgmxBxDKOJEON23NpUun(?*>)-}B05`!ca2p(gJK!$32kwIh;30Sf
zj=*E^1Uv;h4@dihbKpGK1sA|Ya0%>z%is#Q3iiP@a2?zL2jC{S1#W{wa0lE4_rQJd
z06YYbz!7*1o`9!d$NUDG{Y&S6a1NXYyWj%22rhv=a2Z?ySHV8G2Cjn}-~ikNx4><1
z2=0Kp;2yXS9)O475jX;m!4vQl?AR}~%C<i^2hM|CZ~<Hdm%tvl46cByU>{rq*TD^N
z0B(X?;5Ik}cfeh658MY2z(eo|9D&E+33v*2+_?Ey$3Hj+&VyZW0bB%^z#g~^u7Imx
zA6x_1!3}T#Zh~9jHaG-#z+G?;+y@W9L+}V3fydwpcnWqN<-~vK{1487^I#WT02jd}
zum>)KE8r^F2iL%La048Go8T6>4GzH_a2MPI_rU}35Ih1$;4ydto`Ri6qy51-a31V}
z3*aKS1opsXa0Ofi``{Y54sL)0a1-1Dx4|K}1MY%*;68W&9)d^U2s{Q)z*DgE7_>h)
z2hM|CZ~<Hdm%tvl46cByU>{rq*TD^N0B(X?;5Ik}cfeh658MY2z(eo|9D&E+33v*2
zwxj*QIdC5Af(zgxxCHjVWpD*t1^eI{xDIZB18@`E0=K~-xC8Ejd*D8J03L!z;0Qbh
zPry^Kb2{1|oCD{<F1P?Lf=gfzTn1ObRj?1Pf$QJ~H~=@nEpQtgf;-?YxCico2jC%i
z1dhOC@B};sJC8;CgLB|K*aa8BMQ{o1fy>|uxC-{cHE<o=00-bExCL&5LvRP&1^2*x
z@BlmnkH8Ul44#0eVCQjYe{c?*2fN?`xCkzRJ#ZOZ0aw93xCX9+8{h!k1h>F#a0u>z
zyWk$U4<3Mr;1M_ikHHi06zmkx{@@%q4|c%?a1mSrd*Cv-0<MC6a1C4sH^2e732uSg
z;1JvacfmbyA3OjL!6R@49)l;~DcCs!?GMg@^I#WT02jd}um>)KE8r^F2iL%La048G
zo8T6>4GzH_a2MPI_rU}35Ih1$;4ydto`Rh-(f;5ZI1hHg1#l5u0(;;xxB{+%eQ*t2
z2RFb0xCw57+u#t~0e8VYa34GX55XgF1RjGY;3?QS3+)fif%9M&TmTorC9nrBgDc=F
z*az3Zb#Mb5fSceJxD5`$9dH-i1NXrL@DMx#N8mAd0-l1Mv(f(G95@el!3A&;TmpOG
zGPnY+f_-oeTn9J60k{cnf!p8^+yQsNJ#Zg901v?<a0DKMC*UdAc|6)5oCD{<F1P?L
zf=gfzTn1ObRj?1Pf$QJ~H~=@nEpQtgf;-?YxCico2jC%i1dhOC@B};sJLjPN!8vdq
z?1Bs6BDe(hz-4d+Tm}2!8n_N_fCF$7+yb}3A-DtXf_vaTcmN)PN8kuN22a3Ku=518
zKR5@@gI#a|Tm+ZE9=HsyfU961Tm#p^4R8Q%f?MD=I0SdVU2qTF2M@qQ@CY1%$KVNg
z3U-QUe{c?*2fN?`xCkzRJ#ZOZ0aw93xCX9+8{h!k1h>F#a0u>zyWk$U4<3Mr;1M_i
zkHHi06zrUf_6O&{d9VvEfQ#S~*aMfr6>t^ogKOYAxB(8pO>hg`28ZAdxC`!q```h1
z2p)kW@EAM+Pr=T4Xn$}HoCmw$0=Nh+fjw{;Tme_XKDY+1gB#!g+yuA4ZEy(gfV<!x
zxDOtHhu{%70*}EH@D%KvkM;-Wz<IC>E`W>R64(Qm!4+^7?1O9II=BH2z)f%q+y;l>
z4!8^Mf&1VAcnBVWBk&kJ0Z+ls6Vd+Q95@el!3A&;TmpOGGPnY+f_-oeTn9J60k{cn
zf!p8^+yQsNJ#Zg901v?<a0DKMC*UdAc@o+moCD{<F1P?Lf=gfzTn1ObRj?1Pf$QJ~
zH~=@nEpQtgf;-?YxCico2jC%i1dhOC@B};sJ5NUYgLB|K*aa8BMQ{o1fy>|uxC-{c
zHE<o=00-bExCL&5LvRP&1^2*x@BlmnkH8Ul44#0eVCN}le{c?*2fN?`xCkzRJ#ZOZ
z0aw93xCX9+8{h!k1h>F#a0u>zyWk$U4<3Mr;1M_ikHHi06zr7H{@@%q4|c%?a1mSr
zd*Cv-0<MC6a1C4sH^2e732uSg;1JvacfmbyA3OjL!6R@49)l;~DcHFH?GMg@^I#WT
z02jd}um>)KE8r^F2iL%La048Go8T6>4GzH_a2MPI_rU}35Ih1$;4ydto`RjHqW!@+
za31V}3*aKS1opsXa0Ofi``{Y54sL)0a1-1Dx4|K}1MY%*;68W&9)d^U2s{Q)z*DgE
zG_*fB2hM|CZ~<Hdm%tvl46cByU>{rq*TD^N0B(X?;5Ik}cfeh658MY2z(eo|9D&E+
z33v*2o{shh=fHWe3od|*;1bvam%$Zq73_m+;5xVg4!})t3)}{W;10M8?t%N@0eA==
zfg|u3JONL^&V^`ya1NXYyWj%22rhv=a2Z?ySHV8G2Cjn}-~ikNx4><12=0Kp;2yXS
z9)O475jX;m!4vQl>^uYQ56*$}U>95f7r`a42QGsv;40V$*T8jf0~~;x;1;+I4#6F8
z7u*B)!2|FRJOW4HF?a%=f}Llg{lPhK9_)e(;3BvL_P}Lu1zZLD;2O9NZh!-D6Wju~
z!6CQ<?t**ZK6n5gf=A#8JO)p|Q?TQq{lPhK9_)e(;3BvL_P}Lu1zZLD;2O9NZh!-D
z6Wju~!6CQ<?t**ZK6n5gf=A#8JO)p|Q?PT96aQ^a0%t2Y2hM|CZ~<Hdm%tvl46cBy
zU>{rq*TD^N0B(X?;5Ik}cfeh658MY2z(eo|9D&E+33v*2E=K!<bKpGK1sA|Ya0%>z
z%is#Q3iiP@a2?zL2jC{S1#W{wa0lE4_rQJd06YYbz!7*1o`9!d=MuC(I0w#yU2p+h
z1ed@bxD2j<t6(2o1J}U~Z~$(CTi`Z01b4t)a1Y!E55Pn42poaO;0bsNcAkay2j{?f
zunR7Li{KL21DC-Sa24!>Yv4M#0S>@Ta0}c9hu{vl3+{pY-~o6D9)Tn97(4+_!OpYM
z{@@%q4|c%?a1mSrd*Cv-0<MC6a1C4sH^2e732uSg;1JvacfmbyA3OjL!6R@49)l;~
zDcJd0v_Cip&VyZW0bB%^z#g~^u7ImxA6x_1!3}T#Zh~9jHaG-#z+G?;+y@W9L+}V3
zfydwpcnWr&gZ2mKz<IC>E`W>R64(Qm!4+^7?1O9II=BH2z)f%q+y;l>4!8^Mf&1VA
zcnBVWBk&kJ0Z+kB8SM|wf%9M&TmTorC9nrBgDc=F*az3Zb#Mb5fSceJxD5`$9dH-i
z1NXrL@DMx#N8mAd0-l1MOVR$|95@el!3A&;TmpOGGPnY+f_-oeTn9J60k{cnf!p8^
z+yQsNJ#Zg901v?<a0DKMC*UdAc`n)?oCD{<F1P?Lf=gfzTn1ObRj?1Pf$QJ~H~=@n
zEpQtgf;-?YxCico2jC%i1dhOC@B};sJ3oi^2j{?funR7Li{KL21DC-Sa24!>Yv4M#
z0S>@Ta0}c9hu{vl3+{pY-~o6D9)Tn97(4+_!Omr9e{c?*2fN?`xCkzRJ#ZOZ0aw93
zxCX9+8{h!k1h>F#a0u>zyWk$U4<3Mr;1M_ikHHi06zp7%_6O&{d9VvEfQ#S~*aMfr
z6>t^ogKOYAxB(8pO>hg`28ZAdxC`!q```h12p)kW@EAM+Pr=Uf(Ei{YI1hHg1#l5u
z0(;;xxB{+%eQ*t22RFb0xCw57+u#t~0e8VYa34GX55XgF1RjGY;3?Sod9*(`2hM|C
zZ~<Hdm%tvl46cByU>{rq*TD^N0B(X?;5Ik}cfeh658MY2z(eo|9D&E+33v*2DrkRj
z4x9(O-~zY^E`dF88C(HZ!9KVKu7exk0Nez(z-@2{?tr`C9=H!4fQR4_I0BEs6Yv!5
z`~un^oCD{<F1P?Lf=gfzTn1ObRj?1Pf$QJ~H~=@nEpQtgf;-?YxCico2jC%i1dhOC
z@B};sJI_b^gLB|K*aa8BMQ{o1fy>|uxC-{cHE<o=00-bExCL&5LvRP&1^2*x@Blmn
zkH8Ul44#0eVCMyBe{c?*2fN?`xCkzRJ#ZOZ0aw93xCX9+8{h!k1h>F#a0u>zyWk$U
z4<3Mr;1M_ikHHi06zseZ?GMg@^I#WT02jd}um>)KE8r^F2iL%La048Go8T6>4GzH_
za2MPI_rU}35Ih1$;4ydto`Rhhq5Z)*a31V}3*aKS1opsXa0Ofi``{Y54sL)0a1-1D
zx4|K}1MY%*;68W&9)d^U2s{Q)z*DgEi)epv4x9(O-~zY^E`dF88C(HZ!9KVKu7exk
z0Nez(z-@2{?tr`C9=H!4fQR4_I0BEs6Yv!5ycq2d&Vln_7hC`r!6mQ<E`uxJD%c0t
zz;$o~9DtkP7Pt)#!5wfH+ynQ)1Mm<$0!QF6cmke+ohsTNoCD{<F1P?Lf=gfzTn1Ob
zRj?1Pf$QJ~H~=@nEpQtgf;-?YxCico2jC%i1dhOC@B};sJ1;@|gLB|K*aa8BMQ{o1
zfy>|uxC-{cHE<o=00+XyCvI>;;mXS-0s+4dA}8|A66V1!xBxB+YyKtS`U8^>YS)u^
zWqFJv{oT$w<PC5DZh~9jHaG-#z}}`LA}t@d0<MC6a19)Qo8T6>4GzH_VfDN7;H3O~
zKg0VO)C*hzSHV8G2Cjn}-~ikNx4><12=0Kp;2yXS9)O475jX;m!4vQl?3_01|E=I0
zI1hHg1#l5u0(;;xxB{+%eQ*t22RFb0xCw57+u#t~0e8VYa34GX55XgF1RjGY;3?R7
zINBea1LwgmxBxDKOJEON23NpUun(?*>)-}B05`!ca2p(gJK!$32kwIh;30Sfj=*E^
z1Uv;hk3jo_bKpGK1sA|Ya0%>z%is#Q3iiP@a2?zL2jC{S1#W{wa0lE4_rQJd06YYb
zz!7*1o`9!d=aFcCa1NXYyWj%22rhv=a9LQ_4W2CE^mpKr(*8I8>(1KpX3=rBB0|<R
z8tdu@3CaHo`Ebi@L{BR!(cY}sL3V43!{X`sP|X~tA0%XY+OOY#Rv|ZwP614NWL>YT
z8ky<I|JCwSU-Q*4{MbeD$I8c(uz0!`b63L2qY@4uorIL<9+Sie5>g&KIFWk~SzmvW
z7yXB>FZUiMatUcal6d#D_4R{?C-D;rsUJQfkq;lazJ5;YFCq2SzwBp@{QZwSam4@l
zM|;F<`2V_p=zMnKY_U@Me_g)+$v<g|{~14Nmz??V|M&i(<L|yRwOR$0Ydu#b$tR7U
z*FRK$-uPCz+WD{ASG`S8bPr#QnDud<et6Td=?D5n8|!DA#?H&%eaEroA01=<{;Q8I
zf9GAtsQ;(Orr&?xvFQi;#U*J=t^Z+O`}xOM|LFC{R{lu8$YuRvr?K<O@4n&K@(+%&
z|Afb=AAIB3%I_az{loVjTmIo~$ENQbWB(7oeQf#nkFo!|$JqbfTaT^${xRn7{Kc{5
zA0A`={bL+I{xSBS=os^lj`8~E+<0{U*Yl5)(iu@cyz1EWhc7=i{oM7(rhl~8pLz8^
z+WBjq{?U%#x%x*re&^{QZU396UpYqqw~kRiJVyQQG3p=f_|f&leK3B!cOG5;)%8Eu
z??=0SnWulO^Y_u}YyO*2e`WO##3`!&n)=K9zmc7J`nrDINMHLu(`k9s{=D^+*6)FL
z{p~}Yty>=w-FQh{H&^E0;IxF(3d@J6eR2Fr^`HCouk6k0`=TGt(RXi|)n9zt+ecab
zQ1n~Jub;pBd$aoQzvr4GS^Y@#`*ZSl{%BVJUvIze!C8Ix6^T5Wqwl?YR)6@SXT342
z?}@&1)%xWR-ZQKJg~|PvviiR0cjwjr{j>UCeg7X<v-<9968UhBeqZKiZNCS-?-&0(
zs~>3jA3mr2$p70%9({UNKNS7Roctr`Kln4d!mNH@^mF%FKY#B}X6yghQ>)ix^&`<Q
z&e0E{f9eUn$7c1NS0?r=bMzhgqD=MQ_rLzxtFrp8=-21y`_TXSZEybFtiCVp=g#rJ
zC;Jo4|Kbx)dvR9Zll=QnT;G48e9@-rfA>GXaz$3(7kzI|{{H7@{U5yXws&RqBPqW>
zM?d<fS^alTzjaeq-+gT&59a6xUzycEzEC@q)%Qg|oTDG!J*)rHO`AJe{ZRD#^Ys6I
zRzLqwZ@Vn3ABlc6N8h_+R{uX9`SD3s-_<X6ebV~v=l<2K{?g=}zsTzQs{e@f^_{<-
z)h~Xb@Z_w1B>KUe{Jl@j>c8x^6Yk3D>-n9F{6pE7`~Nnp|B2&I_?4`Fp#67V{_;h#
z+J9fMul|j!zAxv89`e`gn1APN{_nnhc}G@1)bqzDukSzqZ)Wv_H<>3jGuO{Z^Pi{x
zx3l^y?sYe2_1)h{<o=xUNB=mh|BFxf;|FE+L-AiQPao~K?ebSWC9CgC{^1<`;K#H1
zzvlmY!_Q>(L(%Wg(T|SI>N_93;_F%cNc4kw{`<RG{a^d*2fs6`@5=daG$()mo3r{S
ze#$&)o@qZ{&yOFue)|WXp4I=$Pq{PKzrOh2oulu5W>)``m)-g7Z2o$F?Lj}1@#B7P
zR{yuIdu1W3A4&Or=xhIvF#iAa+mGLt)puW)*zeErza!^cI{x~no_lsy-xq!7DeL>M
z|JB*@fA^P8{iUpaDEh5A*Uvt#pKsmtj2~w8Bb`5fc~1Vr+5GR^`x*0W%If;plk@lP
zoc!Gn%<4~9p74mQzAyU2Ir;(gJCFVHTeJFl|6u}s_qUULBk2Fir*C?5RzH;d`*Ygg
z`(Lx=zv~|_Ixnm5-Yogd(GNvm_a7I&>QlD=pX$Fh@wcz~k6GXUf!rTZ{fC@+`GKr{
zDEgHX*Voteo9h3|>9>6<s~?HJvweMiUB9UQZ{D{5AF}%HZzlD3=jexW{a5|!m4A3f
zR^J!>;DR~%%k@L`Kl`L$Mn4q&{ycq||5QK!>6bhyn|~zw&Qs^)FY}-3-`V-WiCKO3
zx03pMbLy|-PxXK2jeqy<tiCV$?v?B3-<R>H`hWBKhd(l_ABw&|Cx0D(s{hOn?QygE
zk?03=^mY8H{?}h|PARMJwvzhS=kz}vf2#kpPye>P{;l?Z(f8)~U&l{HCeST9F-v%(
zgt~v%c~+D0IWCP~6UspV?Yojt?QVwR(b`u#dVZw#^!!NeYCV+IZ^(8Hs=XIK%l$p$
z-v{?!lk}%h{d@8H{Y%dW!rxEYagAY#(B}u~p9@8<<<|2QwWH@t8~Mo-1+9nbE318F
z7wL<tFelXX>Q_ystag<(Kjn?uVSGYj@&A^8w7d@)E!*|i1N<A4_U!)J#j(hH^!n|q
z*N^D;l5}ckUig(4TxhQ^sr|m%FRgE1*Z0xekIw#od_TG~Ykw&AgL(F4{`JG7v;X1S
zf93ne{_E90k=Xa=`A60V{s#TuaTAZZ-*{Tt+V{l&6D|MI+MhEJbbkA}f4=-7)<2P)
zYwPn7A?*9IzR~MTDE`s;knQV9#O25J?sAShE-k+!_iy^JuljoZaK%45E>y0ej-Qvm
z{SQA7mtXwT*Y(w$_SN}468oG#)P8?+@~QNUg57^Uz?J#U`C!s7qB-T)^+zcE^C4=G
zp;X|dC!VyDZQq>u$C<Z2WB-{~0f~R%^N+Xt*VO;6*msZ8zRPk8Yy2%Qxu@f7+LYQa
zihU3EL#&T={#QF|vXSz?^R>^g`}YTE{}1&3<(%~w+jpLQjeq%jo_9gkKc1A|NBOmU
zx<1kIJ7;(~`aJwQN~4cw`+r632XpM}`q`EKqt`plUqih<p8k5zu8&jy`(i(wV_(<T
z{!!Zh*2?$n`ETm~Q0_l@bNuhi`q!2DVP5(5eSpp@uY8>?zjH$}uIlRlt7hl_Nar6}
zpGF(l_ry^r{Peqz&Gyeg?DyyRN7s+qKh=)<T|=FhzWw4bZ_0m)r~9i{C-v|iH(P%9
z%}IRgy-BEc=7oCw=kV71uNtrOAmg=sdcTVKxDuguRIbm*XuR52I~uR{=RFTom}8&i
zRQnpQ&kLyidG}lA+1GMzmi*Pevf9;psGs><o60|ZpL-r;`p>HZxxTcd|Flj{+PC`t
zq&?j?CZWcwKLe2~YpCV=@hjhPj_E(Y8A|^N#eV(%iT$4Fhhksj)sEh;QPxoH|HrSs
zz@ESSdZg<&v7dWjVn6>UNx37jukmU}@8>9MsQ&z`;BUX<Y~K9pP_MsYzbN(_V&8pJ
zl8?r#9i8u#HPm@^^F{CbsF^=+?2G-O*sqBFk=XaezQ(H^r<>%PvV2hg-1D|)+Vh#$
zsDC2$zt}H{ekk_q60i3BIrg>xJg$GA&zt^pD3J0`#C}Wcv_(G>`x>wIb-ksmq4whs
z{_;JMDSzIP{-fil{;;Hdr()mz-NX+XuXc33rL3X)|HAQehsOWEq5jwBFDgGH{a@B2
zq1e}WwWHTdWewH;=iGemYfSlXQvd7o8FjJW6Z?^tU*gq{&ezHss{gOL_!+y5|C{Q6
zolja~Cokt^x-Zpuwd09gSwk)V8@}}1kDKzpPRrkyb#zzkH$>l;{gB419bK;|YpC|`
z_|z}k^NWY6eMjz}d*>(qABp`??6>Zl#H$@g&ht{14@C)e9BY2c+P~C~I!}gjebabX
z4NE?%U(onDq2~ARAN%!xH}!i^y1sr@(oZYfP!HId%&FJBc&IzNzTX0YuGd|O*ZOEO
zWi7w5`b$~;rQ=BTHB|ivz3_95Z2euSfB4u9>M#2cwWr}k;<bG=ba5Th{NJ(fbM|~Z
z^}i?i_czGD{-KLC%b8H)HD3)mk7@poeBOz_k<H(i{Jj@%P=Co^?Q1xlQ?CAB&X!m6
z|NcjAzb%`8DESAM-FyD^4=46CUkw`)KjRbw;b+&+{|l{e{EN+B&(9*s-+9Kp=RcW~
z|8!3N{#)12|LxOv{ZY35&aWrwybbcN|Jj`SOFZizd~W^x@4Ne-f0WJNm;8eb@}JDf
ze>x|B=j-d|fAuF`^M#rG4@vzmzjy!F<vj*%cMTi!-fuwvD~W?tPv;MPzI3z5bso`l
zuEgtgUgHZAug@22yw3BwE|z5J`_-TQ?pgMHJ{|voj{hq*sQ*V2KWRQ1Hs-|Z_|thn
z$KS8r{c3x@lIGvn@wd_VpOepYPP~pk=KrSWTpDEaccuUJHyZzcKBxY3;{8#QUgu%0
z|C`Tv#W%D0dy>DiLI0b~$!9tzUh`-DulnH?PtE4<NdNC|F#hTvom2lg@w%Vp^KI|i
zdCKc;{yP78lE3rJd+&b}$!D{4Xbqi@CFRn7uA%NT^ggZn|05szr4MH7AL#h6-h2La
z$w&LWhK)J#j*Nf${{fHeZqDW(O8&t{?LQ}<>701~ONn3D|6cKh?Z;*F?`!*SkbnK-
zi9M~ihK)J#nm_CRuXlFemTmt?+y8m@?*ED8qwTKYy!S(NAEN8+wsZ_Fx6Z$+uko&=
z)Ax2XUgukVA4lVLzSZZfG`=i$<~{E#;xy3y**pA8-^#X6p!3rP^JDH4N&Bc@G;}3i
z%cY@SA309b0^x&}?<G&ZXkWJd`Z|AYFn+pHjxAzW!-2#jJ4g3_Y)7V3*79Bc2j8&g
z>*@UB$o|Ed^ZbeGSNe(nv|Jk2Bwo{L$Z}~vQ#nH|U+crKu=~ffe6F4!Zq)y!9NMlL
zI=3d})^^oU_puu4Jj`+_Yd=<fjpw>U>%n*(PrB|<JG!3HcrCXp87LPt!#Sba|J<+S
z?r;2eimT@zK~n#soSzjwnXs?tTf$l%4JRjDGMkg^Bh-!xE26JFFI2zWap=|d`O~z0
zBN-pToaZmp-ca(<{iBAHIr;1P#nJXd_1_=e`KQ-q{nwZN*DojjsNI(MFT5oQE5hnG
z4Tn5;(0$l>iJiWmge}q6dd>?gB2fEU-v8U{V?BS?^|_uGv7FkzpT6O3_Ws&Kb^Q{G
z|H5;U`u090{*(7ITEbc{4O`M*)lYgKo%z<~Ttw4FVvp&xe3dW0{47(xx9Is%@p>5#
zPe{sFmFFdOe^?aOa%q@*&}=(uKV!aKrW1Qir{(*z3m59ve_B3$ej}3dO+`O^TT<@f
zobpW`JX=0Z&wPic%%;=lJ(*6+_wDa}?@?L*dE!5(nAmB{^P-WIuP&^9)9|SM_mJ80
z^~K)2@?Ci0W9<78>Hf);^;5LL{8GF<@uz+*mxfh|-z*twnBHg5^J+Oy(s&L3tLuk<
zyZ%G=`O38Xq0Eo2%onV;@<ht1&o^o44w8Clxi!@Fjh53n#(HS~2%h)lc>kp1-;?p*
z$Nft!w}xFQr<Pm8XioX{x~-wsgQ3<-)6Kii>wNl_t4_Apr}X|oAmw*t{x8YCMfcCq
z>9hUQ7rFXb!+F<J-JccZ`@wQKFLp`zsKl=NC!PP~Jf(YTlFpIz>i^sR`I}!f<xk&_
z3tw|_Y$ABB*u%M-|K&uk`Dj>>bXtB5=hj2c8CoYN<<f9oJp#EN29jPw&7Yyx?^(a}
zc{@L@)=%F5@Z|lA2=&u_<{Eo){-*WPa9;fash_r!hV$y@$ho7olZGsZves|&SFXA;
zTR%tEZ-G4D+{d|L@WqSO#7sDzQ@{GwIsHn`2`7JXQEW%UBAzQv`=O-oe<De*;Y=Yi
zpyTV#2R`Q)O#R;C$n!%vxqkE?FXg%;sZaRkB<y}Z2{(%^4O_S_%)9;;H%O;`Z%I9M
z9Z`^SWU6qlAGLm`y!P-WQ@@95{i4?=<@aU%6N%mEcar#)u+~dMUcWUx3o$t<@tc-A
zl>1+rPU|<6`}3M^>t7}LYr2g>t>06ex7+>MYW-S?o&IyA9Aej%^<7<9>!soF)Y)=t
zdX{5yl<n8YJUsqCtlw{xKiAFHPrsigkoF7zI;pQO^{WVLy)?|BU3_V8)~|BESwGBc
zzb?`ZBwyN_$J&1H|IQWm{lT>TLg}BLtlxs6)KB&|MPaR%hHO8UTgy>-z|qxjlAlf2
zk$lz8MxpMb-|`2JeLm|gj=Wb}k@+S3mBhZ<@#X$`?h8qMw}?Q)F7|J(+;>-f4ZECA
zkxs{7Zi95%K5Cbt*00%l>2q!UJb8Y?m-+>B&Tl4j>Q|Tk8Ogd**GJ5^BKsFjr|T<C
zr}gW~{4y`yM)gxW=Rfp5W%GPRx<9K+{ao2MyLTq-rT5Q<a{beOsbNu`_ZUk3^t@Zk
ztzq$@Nx#r^Y-c@Z$Vq?DbY&@r+Sw@7_WRoR25+$AFKxd!B=vD*e^>aMg#EW9VOR3e
zeyQP5%B}PHyz5_!^DLf2SHHKokCypO>!s~C%q9NPd@E93O*b#p`v3NW&iG8W{`&nd
zuGar=lX{0*f3dIi*078Htt;c1`FB}=q|^FuG+%4|Cz#JFQeNguu1LfmdY`h-_dL{<
z^^ZPZ=*j+~@OMf5Bdx#K*LrJ6`}&?Z<Ga}3>wZ+zmE=PO>4HB<%Ax7B{Ndv+iKEi?
zm-1@5d7=96;+OuGeSbW?{<yDC@(Hy5UrN}O^MkI~*LrK%!nw-4^Nl*z4;<gx{{C6B
z^<uh{rDFXvX46%qyz}a<@tV)acHVuDsek%>R3P)4C-Yld?CJf<p`63&yxJGJ`a#2a
z`xZy;3k4re*6A8LcwRsFptQrslCbh;NqP-)+y@|iDCsrSdTXfl|G586`+iHhe{*Gj
z6UzQ393}ayp57-@)^H%{wEh~-^Ftu_fxCa6)Jwy8esCmx<)h*U3FrAi(?^m{LoKf-
zAKrAz5A6NLhk7?iJ>Qjt{TE&mr>J~ISk4i;Urt!BLmCDchk74T^V87Bx|r#7T=wPt
zLmk&l=Ze7y{h#TInz6iZqV^h6FBLN^NW^POFFn)xClLRn&mqhDyZ-lyKiuC*!lBqz
zzi61len-DYg86#qCVtm)>U{%Er~av9zR~<OonGHu*~hBA2<t&t6o%MuwxwQbkD=;4
z=geQQ@2{uV4?X|)#6PXCCVmOUKNGR5e$lXw>zFs^KH~)Y4j=bhbX-qxoegB((R!#K
zCuo-l`KljV*gy58UTTk__MbOyx!As+x9XqwCH`<OP1?Ep4+%%NBw<ci{i5N2_xfU^
z>#+KV*Wn1)VXdco{%pS;Nj>NnWmi7D?GcauN!CC5{fE9>e}-QZe|<d(i^A#`4b`rO
z^Uk3v+-JN~?2BUBe`Ng;>3&4cebv7DrzPt?O&7?0Urnd|Cx>)Xt(PW5sO8wy{=&nJ
zf70tyB;W7gJtgtCCw@`&XpY}&l1}}l;k@&=;Lj4j1oAr-8V<2<)cYTSocD(xNUl#B
zPLSUDXks_~izM_vn55UR$m_a1N37*(NqIEXdNb61`IUElEZ%?X{>HsN$v2YusrrqC
zU0L6@qJ;H+i-s=NWApYm-UjKkUH!9X#|!Og|8h4-r~PY)btUb&;-D7xOLL!h*_0?q
z;AnaDd3BA~{PnuHS@Kc;Yr3MuYkr!pEb*Go7uNf<8ef~EUzd2b*AiB}HuN;UBk_E0
zsEc^D+n0FN9|-IBHER42@q%jtSJQp&`VZOpPy44M*9TAbpYAs=j#IjCO~T?`NvQXu
zH0(Zbwm<29jTvvWuiPpMYt|Q%zuL=bI$S?_uA%*7DDPY7I)v%u=ir<o_WdrdH?HJ6
zL4C{OCoSJbVNnu1|At5Xe)js~%JVsW@qhSFiNF1~C1F?cQNL^W-+g_q<2-@qwd(&O
z{K|Bx|FOPG@0*ApTnUGAPNnU{bOlM*!v1_9eiHG9LF)grzxD*{fB%NWzdFA}vTm(^
zJBg3v{!8&&32Q&qu!Zv{_Af2a1nIaQ*6ZT%{uobKH|uqwi2l#@dRjiLN10CBlh2ui
zIQP=_<oHzoXgyu|P(k_ne<XeuxwdDQ>wodP+GCjCp2X<9r*h8kTK~<GK<laOO1#?9
z@~9n+FH1U&SN%Hl8%U@6fyDFq(dL}^p~UO`GPM&)Jg*z$Iq_48*XK~T2<OD0E4)=g
zt(Tyq{ZaGJNdonQ#)o29%cXY460bY~PleS^PTE!P!)Q4emL%fhTb~!tpL+e$=LTI_
zUv-XL9H-QIX>xbM`W%;rU5rbvUo?O26J3l;^<xqHHI8#VKkIIg?tYT7C+}P7yhwZc
zb9F`R%b9MQ*lQtQ-5+Z`b({=wJ>-2Yoew4$zdV0-#qb2z3*C2Wz6JSE#QiUAKTTJZ
z4_r?SrM)%XyimU%=i`6+(3|c2-<SDc$4MyH-|=^o{u1f>=R527pBDV?z9&h?{5R@n
zLm3bKi!O;(wY{D0ti6$>^Kt&fbdlOC+`By;r_RN*=>qg`9lsv(WjY<#&Iajpf^j!U
zw^b&h=*-#j@j9E+bf|Ctk7xatmvnWkBXZxHO~>|AZp(+$KhU$^Klac_*AKF<bmjhW
zW0Kg@@6E1@eI3^ts$C7|J-1oG`p8B5=={U$v*xe%b$m}Yu&3jj=P)7G<E|K{KXu$_
zzB;~J7~lH+vYJlEw}<mXwzpmff(_C=T@3phr1K<Q7yHx*>!7lvi!d*<d=*Jo#QH13
z{P03amqR-JzGo4qf&M<}Uw`_ypJMvoTU_mba=sAA^CyLWOZuNL>(`0&NBQ}4N5i_@
zSJ4bOo;BX(eUdr-Z*t#coT?t}Y5!~Ce1_??|8+M==SoJo4bo}<^W1wcpZ34v2KKc7
z`5V~tq<p~!>9k+<H%O=bD%>DlRr2lg`AM{!FX^HU($yrLyFt3Tr1LgN*U)@7s7D~_
zoDJ+XHQfgGT9U4~K|gIvy2=LqAe3~$2IcEWx;pdi%wBi8nlI9EzVB{L61u3b`~F#b
zACz=mjB}>@kfduNo&N5D6wB#JI$!Fm>y(PjH=1s4C=31%e)+Xyd;JV${?dI#U)JxH
zA1C$D`L`?fWt-q=*vEY<&Ldh5-rr(6sg}e2DEGHHF*xM9SMD=uetAuY>z#g&xu$dF
zLmk&0main~DjTHpBwZ2dxbH7Zx(U|#%(o)xa#$}gT~*R`ael#b1Ygn(u@BL97O_*4
z4;5Y)@myzJ)1iExeE*NyYsiNQ{K9o}An9`07rK}?o02ZX{U`mt9uYe&`QR64*RQN^
zTha}2z8E3jP|~>t*h9MCmvqhs>E5CCaDSZnzEkaC9pz(x@-9iY(YmoC>2g?ybA8!W
zduR`?w|bJ!f8wlPnC@ee&O<tmkG`a<-*48Qi}m0@(uMFJ(+wqEAN_#iXe8;P4bnxD
zt`5J@-dNJ*cn*vHGLdu@%vZEGm2^Y+#rwnA>y9JyJfEj)$h<CQ)&zRKmv1-h^FitT
zYdv2IWPiT(_@rI5zYN9h)5M~NUCeJBcUpi7&b@j5yj2r&ABy=XC+Ui?$9X?5={(qT
z(Jn<v=WdYhiIOgdc47OKG~EX6>`A&J`VIY8R(m+#aj@^MNID<&pr7lSFY3X38=5b!
z58Uqtnhy6VnXW16x~MPbkCvnh&zPMTnC^|5?!0?X*Vgjkx<q@oNV+2DOI+tdN$24H
zE$!(%-GZN)t|Rus4eY&F(zQ15Usuw(m@gyr`wwb8&Ykri(|t(oVL#4s)RS}p`ycY{
zOS&P(Fa0vmbhytEVI4S>banPqyuUe8dsr9g{3c>2k`G)@Fx^<v1?Z>r%S6&`bbd3H
zbP?Kve$jb9L^|esoLnD*4bp9ubUxCB@1DKh=zWa|&SN=mr1vq{|F93sZ%!(l!}Y_*
zeXRVJB;5q-UZ$%`x(d?KFKtOTL_L`97D?xvbxB+R-G{Ls=>3^K)~NydeMjs?NXLA;
znlIN+u=hbp*TTH!$#X8!ot&QLi}@vjJw4A3F@Blu8)C1H>l^Q1j3u3mdITSy?N@s4
z9l$TNHx+w*oTJl!dhQ)yeHUW=r03ot(gpC#R@n$oP+wo3>r+4L{k4tOZMy#A`n@RY
zEw!hiC-KKgguCZ}t1=t<B9~$86tY6|IS{!FH|Gp@HbE$I`B?+!%rg(}Sz0NjiTWbf
z`{HL_y}Z0Pl{!u&a(!On%*Fltm-lB9+~<-QwESlp>lvxziagaf@^hcOn!;O0e*Sr@
za(^B9lXbCXk_949%Rf^)^ZkG#PwRhRW&fU~-Dw7W%B_1c1&G#@XA2<bJ!$=B-RroJ
zpY1L!uefRUjwf<$-^Z_t;!i&0=Rh8aT<d?)-o48^GHF8OfAMuM*z;?Ps|ordSN}X~
z@#=%SpOdtyO%=iZv-j^`T3%Im968_9{Ed93d$^GQ?Eb~Y0~vi!<eGnZaiRW#>sC|v
zB3J)jws2r2Q#>aSx%R)ymUmo}G4F)1f7$Z#H3#df_WO`uzF-}=Dvx0Q@_pueHL`zl
z&Zy<P{NU0|3RmRnpUV%fEH*Ow9`v8L*qEuG5B=vI+?TDs6Np^>S6MiCVDWjY<qs)e
zHvM~XbpZE8uKt_t9j5(7uJwDt?C^1%6O+EOMe3AoI~(PST+8>uJ^L1y53WuTp2*ey
zi<XT0GcD*t|B5ST$7ircK05$Ik!$&`I`68C_Z_E?{IA-%xGUoxC!)N*u(W4K#)Pal
zwSHG&esM*v?SIwEb@j~fb3E!FTrv%~GtIykx%y{e$I6~-GX?^YYx^zi+_~Dg#!4u1
zt^dN_-KlN+p)YbR-@@KKyO%O4B9UwT%<$N|XDQP_vVLFHpPhePk*E3ZpUvMBd0PJc
zyJyCizgE85xlK6(*uQ#V)pxcUA@p&1bNbNVf#DsAT>Zae_wv4l>;+Qxe_H+>%k}Fr
z?sHtq_b;w?ev{Cn{NSvEe8_h$tSn^h2O`(<?c7m2m~Ea=<k~(vughNjO#4H=xNBiY
zrh7S&$hG|zmuCIz$a-AuFaGMm8TYs%*YcU=!_u<5S_6;zxPJJM@7lF@A=`rjk!%0l
zwRd@8C3AfaMXu|kUD?iUiqWV3(t(wQ{i{tBiCo)vm$`nemfn1l{f*Yo$amNFtfp|+
zk?+l1Ks}MGe|H_6Euc^RgG)OKXRO)}M4r~)$gj<`KqzuuUu1n}t@K5%{@GnzwQWB|
zl<%08JF-8~{CDrzeQ;s_Y9Db$uKi>8j@ka_iCq1=dq;gH2Y-$Hz|8y*tjXWBU*-Z5
zt|wnvokIE|Ps@h}jwoNg`rxjt3m$MuOlkR-_pDalNZd8@+4^}RPyKhm%)goT^C7P-
zEbZKzxj+T5Ut2g(%N8#bx%SW6;@<l1jEDOo*Y=++y=i}uZxN$=IDq7Si<aM9-dAeN
zt1fUwp6btT4;)YA>VI=}&u$MKf2};TIydwGT6t#loB3bl+CIkq>gLDPslQe~<6TpK
zk*D=LfCYe@Go<!c7Ou|v-xaym|C+^_%Y)-V|C&9s6RZ#Yy^FK+Lje8Ri?gZ!8u@|M
z$<5ZE@|o3_slUjz|Jc=8W_jW`a-ORGN#wgz7r5)n_oZ@A<l6pLe|2=4{jbP%{#w;c
zOavm=^6lHPu%ot^ns-9VXS=7<7rD0IzS`{iDH6GsZyy~j=bWkj%<A8af03(y_8ECS
z)5AQ<m-m|;*y;@9i#)BLk=HZhH(>r|eYskD)Be=Q{-h86rG<SN@0s?e+$?~y_8qw|
zp!Hue`<JZT6}kG)%CiOZD98Nki(JRg(w^+%%Zz{O@7*)g!9$U&|IO}fW{2Dtd0PJE
zmD&1>T>ZavVDI8$wgPf4t>s(Zwc2*p53b0y|7KOK+=G4{>sMdo>c9HJ{)Oxq2t=;s
zH}cHl+_b;Qb$-wG9h-k&<m#XLHM{EzE321~i1zm{UTgKzKRGu`%V$nkvK_z`x%#iZ
ze|bmt8skxaW&cXHgZU!Y^6fXv(;X|TJLmxRtvp-DP~_^L{RfwRH7&dO(5L-_ODpCY
zmL`cruJt=$W|y6*)O?Wp$J+h}7FT^|ler?-`X5-_yE{9Ddm`8J9a!8qv%dFff6wl0
z?oJ@`w0wJZXRGgoYxI9@M!(PeXHJLA_!qhMpV`%yG4-%ZVtd*?2kMJE_GH#CuE^8+
z+tpcdwFsWb)AFw@%nU$(t^Ufv%mpG?BcD0mb3&1){=IH#$7=4T{Y9RZ|GEP^%nXqx
ziA1jLyTbL4+_zQxD|<4FPh-Uud8)rRQ+OlyD4(6a9be??KO9dw!8-En0w@%@`gitp
z#MEEpT7N6AudE&+M6^G9JmEN}CGD^C+v><nT{!chDCzGfvG%;%%<1W|Xhq~(v+~S|
zX`S-=?15HG<R^*#nP-|2Z%6bw$++pxl_xXvP~<18{uSq*fBu!LhdL9HpP0(eKkv$n
zQ*#eb{GsJP6C2W^$hH3VynJ!L-E_Mzzron7h&;_-i!TRPb&+q={8M>yaMhYCPu8tn
zk>7ufesVB1oR_~G98KogmxGbqBa-^Bu`dS;MUkie)AA?H<5cG9?@l&eb&;q3Q~f>3
z!n-w3ZWorO&fR(W%SCl4@-_aIh2><fJXu)g<ojpV)L#~kMUk&5zqu{2Xxm@pYy2Y%
zhq}nu^bfi4v_ziv{{v>iJ7@LOxhwLtd<T*V?;JVUABsHfznBmvB2WEuaOuFpuEldI
zG7NL_Jgw$`@xdL}l+B)0&xMO3SNqRiTDW@e;_8uhMdbID{%P+AT$EX{)uC_Ymzo{1
zBzIct=wE8*EJ@H6xt7oB|NPZ2HEW7wULJ~E{cGjVU);O6AcwLO=wE(`-EXYskdx<n
zwfu=(YwtKkk!$;2{sJ>DSJj=0$kjiwd{y14Q@*(G1?G~OUQ}8l*Yd~r175hivamO~
zDbR)d`N`~<-nJQvT+3&S@3<yYz6tV=<(cy39-WMTt^W%b_tls8FYMP{Z&BoGKQ3CP
zfh*9zqIjh_5?ej;s;`yX9-3bAS|Zo_UvX~nyeGyJbdsbia&3Q1@6J%<TD~jJeR8a=
zhYk~wYyZFEyz{QqDacNdIr;tD)c$!-N(@K|iy}|$%jH8WP!YNM?~2*Wi&LjOTRGFm
zTa-Wf+?hKjU6H5dH*zh%y~GUH=qDNIp~*z#+CQ(DZ5}5l-~XiZ+Z8j`P5+-OPcASO
zk+0fcz4qE6Twf!%&9ALv>c6gBy=&%wk!$@Ic3!)<e`U{sMc156n>&|7k?Z`paNvNE
zFYeU)UK5dP`<nX=uD$27cpw>qxzm&WpOx=3!iC+*3{(`k=6|)lE}0|I1G4U{P=EjO
zHH%AbeUIEVs*7C9w_|x}hq<M&sO4)x-w4fudi6}SD{}3B$^C-WUHg!7dpj(1PhkT4
zvDY+n(>}S!CiU0$Uu^6!N0z%6-CYOcRdrG1+P=HY{oMWLOw+cl{i}#v%eQOK;@+K^
zn^JX=tABUx*=w4vVK)7V|63wg|HSf@<z;v8!hYKXUFye^i<{mS8j4)YpG-ckDP(eP
zJrTK<f44oa*s;3h%{?xuzs^6k<pV2rjk|OCWlOexMacK;-MhGZVXu2&aq*hC{*=!y
z51qQmb$&>fk5<|IwM4G{E0s$dbw#fAOXYH3a=0dcb2nknPWQmx<#<~^5xM%;RBgfC
zxo5w*fG*ofK3ABn|DFR^n+wS9{mTcFHZF=>{kP|U>G>;*`;yX|_7}O9-<+4a=1ki(
zaouFH)2WMG^WVF8?c!edJd<Xx8KtKF>&nkh<z10${S*E3T{D2=8*@XEYyUFCb7AjQ
zt7k?N>c{e{ue<6%vT@Fxk<@=ye<?lHDvCVKKh`%lz3pQO#tD`6<>{$aeO>u-x`Jtm
zT>ZPxEKke@I6ac-id_3oVtDnQ%uwVy{*q<y>Y>^M`R_9gXtXcaW7XW5N&VCO&3UC6
zd9r#n{a@tjpM8m3yl3h!a`lgu?=nYTi;|*F`(|p}pV^eRAYU^3lI(`QD{`&h(&FMy
zb0nD_strZ1{cmY;<z>tJuStjSMC4k2J9A!jU}0ZfmY}(_lKQKEt^8#RdseiA7e%iA
zS+X~DGKYp0k*D@Wu2W2%`nGBI?TP1>c>Gho>@F-V@6_e5(-nDIzh!sd;?6w>_qn^`
zAvzSfjxTew_Q1g%HFxLYwR?6LE0eYQvD}{P*=u0#Y}9{wpIHI!U*07HyeRUt{>ulh
zvr~LJ{zbl8z7;n+!PG^bwx7*7W1$7PnRXZVn+Zw}?Ybh@_OV4XmynvCiVa1s^*8dB
z<sHj=WqIICM6TuEZ_gt$2S&NaC-v9zS-H8RXL@l`!=lJFe=~6|n-z!_&#8z!wQtTV
zYm2Lg!u56J>EJP0wAPWYEUX@ycSWxLm9<||y{Ed)P~_VGvTH+IgNex1KdD@vo5`J%
z)PId!ZkrWFuH!q^m+MbO<jh~6TdB{nug_()=GfQg8oDA!{m-%2d3)b{DDt#@W=@Yx
z{paZK-eD#pvj)jMA*ny>C&w2~QRK{D@0(UcuImT&j~s6}^*M4m-f&tXXZdyh>581~
zqxa2*^W-wYPeji8>3y+WF{wYxFUK2BQRFP2ULYzWXZ!29dL8=ld3@%cTnqZ<s&0GM
zReDdYD{}RJMjj8Np~!XoncML@%=B4IMz3lA_2uWPJa=wV|5U%eXK88m^6C^tuKqi)
zf1jCmS9E%DDk4|^#4Go!&FO<=P#3w*FR?sx&$C7QcK;sBlPgGfuDrf%SJ1=t>}MY7
zn5-w?vwFaiI}i1b7tX6UJc}Yv%RhTO<y1tT`e*id%BhPyZ9kFgebtu8wSSwZEmz!l
z6L9sx17>~N6}h(0N^Sr0%QEdVME>^Zcz?S3H0@9OW^1u;Vd*;8_Ce#o-1$lU)BII#
zj-d7%c~Rs#KFqYUyl>y~l1zV21^PH%bLt{j|Cl-J;G(&N+lMY((|#?HYyIrnL+1wD
zg}NeF|693Pp&eLWvQpFj>*#0iNllQy)wl8;wig@y+!JTVzsj`?MUm_Hw(^7VGoQ%{
zp(66M{QLK;WN(PqMXuxHWmdkVqubP9<PVB#WA4A$i}T`6_n=*++B*&InIc&~7>fP_
zM4a9}xEu#<>#IAtCnfdQ{8Rn-`k2{B&(W`l{wd6#8|^vzEz!?WUoUWT^fY=nPhT%^
zns82-dva3$HTmlWZjPQtS496I5|R3k8&y?6*b@CU{^v#pdWu8QU(^1{3Bc+^rV0pi
zPf6<kV2Mx5&w&m-#fs>s{*!~Db992!gmc1{=xh0(>dFo+Ge^u(jiZO6|3FFf{GWY+
z8{gC2wP#0qk-8THxl&Sp)qkP6_+AvBq3u~-N>7>R8>m3vod2dvAUs;Ou924LYyC6&
zN2BfxsekU3oPyWQS0i&5%+^0Xzn#5BqDj{cE26Lc|BB4{?9p`LmguMT|F5~v8H&En
zKda}rN0Ymm|DQTL{xkY|M6hnXHL|is|G(sZrzQI8KRKIq7xtQ~+|KLVJxk_Npo=NZ
zG!qV~zkm0^eT!y+X7|}{e2}=Dd3`9OnS9JWEvdiGKlXe$UViLcJg{T`p1L_DTceYW
zsEEG$Kh`(PgT%<L<^B5>>}7WDUrY3L{)x|*W%q6lxqkIve2O+#-5H9$`fta=l6_$*
zJ^(WZ$z~QYCo+07XB{)Sr_c6(b3VOf&IZlkH@WYcd9`63ZFBx3`da^tzFms#bh9sy
ztYe`i`s)AW+#-JIYQdi3F3vnXwbsB;^iLI$=r8ZLCxpuf_nZ6l$wG3iY8;chaJK!^
zqtUns<|t(4UYutvRMzMpxW@g}gXRXFS%mJehgIoO$+{(IiN22i#m3?ebF^c-&CyKX
z&QSDq{*L>ueJJoK`o1kt?isW7kI&E3i=bTvp0RGZHL@c5TK+_T^(OYcYn%0-=xhH~
z{rIUKy@=k6k>Psfzan|U<BX&5VD6bo{k8wb`J1)N`RASO%Db2MlDlbt(O3WP*=Z)9
zJ?1Wm?ST8tQPI6Oztf`rQvKk{6U?A7!BG_78H&F8?|-*<H8FB!SNTDLM67^HB0>-Z
zdFe^V?V0ZC`u}r0<A1vu+g<5y&p2^R`_+4|s*9<vs#JB^(-~RJ0<l0Sszpe$3Il9V
zK#|3Q0SPIi5n_>5OJv0&nguHm$QyoE4Bt8TocD9Ps=Je!pb>P-u6O^={lDj)d(OG%
zMr4<Zl?X=F7%LfUqPc&Wi>Cd$ei(i<8G<?Q8csh`<a6Ph0<ZK>w{PSR;2|>}o(m`u
z(>d@ehdK`aK;U)!w0uIH5Tl_NVqWU3yfT;4<InODT0enHM?6O3v*0wWX~C=fqZL95
z2;ECa1CN{mQ-N3fPsdUgpl}9bNK0Z~qn4Tc9tgblKUOT{AIw0Ag&;`)%bmGw+OO-^
z!0(X)LPCmS0VTXmf!FyDb?N)&%JKtQg^9#7oKu0<`it!KgxCw`UxC;8pOQapgVBCW
zFJ!Km_DA)f^!B<tgQ4r~LCQtTU`C}AK}~_z@)PohNgulxq^Z!CNdQ>RsZ~Ds_x?_|
z7r4YH2ZKI!`PPCZ?}5PU_yL}-oVng3Fp-ZgnsdusO}8KLg!CaLJXr=!f!FZ^JY<I;
zJoW}I$x>%jITbV&c*Q?}$Bhl_+P$#7=Yk4RK}HHH_8eH{8_61pe+d1iR8wQ1ge!9`
z-TncT{XHgsKuP&fBsy;V1zzhP!xI^X%yzq&Nb@t99tl653`rPx1pI-(EB-*=y$0O{
zre3;qH;%X|iT2vg%=Ps8=Ndyq$UWbW#4t8k<ZlYR&i_dM!c^$-b7*=L{PE3q4g_A?
zPp5{JLBF?e2=KJ9I;wT-$lNgP*ZFH^jk~tGev;i6`@g_z`vqQ)F-Do<hyj?|<%|5{
zgzPKlK;RXB>EZi?>?<d8)3jgdZ-qZ0`^sqweANF^|A-DzMrqvTDc4ls?fReW^a}hZ
z@X`25`6p!mIGHumex)C@{U>DqI8A}q_S1?B-8<mIFePrT|D{@-_Dm1M19{To5lQ1Q
zIQ&51wg1eKY0L^pCz-*S-%O7`otT+F4n)@HHjL91wtP*2*Zt@52*+&|Q6Dq*l+{$=
ze@*g@jvgmuL>&nHX9Pam>$aerV@|MO9(Y;oMxX*mhNhKN@h9`LX}`kj`57p%Lj)XC
zkst<>I%6?3*1y1O{b|AXq2bb>?6z<Qpuz`j7aCKdPnLuw_tb`mbYTLE1!fQ8RY<$w
z_|QFW$>>1fe?|O>^Ea!=xUGHcLi5?6nOmm)`YsUI9(y2~cn4G@b`%?;X~A2(6XM?x
zO9abe_Fg;{_)kmy)923w7MgPkI}rF^O~ES@77Wb(;9RUNCW#WC%x%+t9l!MXQ{W9U
zNkGNUrogAlS0r+L^_{7}>-cf`C$GM9An>XFv*3@YzLU9=9)B+1Xy`7xX;$9M5opeX
z$E6fxfNcPdBM#zIfls!dCm*4}E~)7dH*Y=(b0F})Awz<>I|L0f9CeBN)gAbIJz}TK
zB_lKIru{m8dVcgrgYkGpxJe0lbv*LM)f9N`e}&ic=W%Srsle;}qx0iq=+BKp(s2jk
z!TN<H(kS!Tg~NX!@Y;W>Uq{_XTo{N;`_OcoOMzsXru`8-oj*^Cyik5q;D24}M*3^r
zK6)P4gir;buDu=XXGSY)M*XJ(ul>iYD}n?P1n#8_<^xmvZTNwEWpj-<hZBEqG7677
z$7H@}+OPG;`QzTTJ8SpQ={U;nKo98Xqfk@eb^ZVz!cFMl$}#4+W7JgOqxO@27pouB
zzJb|8{9k58%;-F7|Kaiz`d=<){=A*b<d@k<&wo09k^UItaauRAs_4uLGzDJgFAbe1
zU3d~U%2eQ^{s-4+gzc|~6)?tG{J0(Tz=Ds@UkM2U5JCsp&7x#7o9Xt)@cqGK+P#i|
zr4DHdysjVF@RbZhsmz3)RW$eKRN!_0jm}TO2zG-;yokVxpi3(=*YJVBYyU;?ZEv@W
zQxM~UBTkW-Ez^F*pAozv<O~lC^I#07K-v<HnGQ{X*ZHfof=h^uC&STaz^TCN`q2)<
z)b|47L|_5KM91vLqY4Lh`9lAnkbHD9chl`R?R4X5KnQ5iUzyu}f!F#AJonpieNR0&
z6?mOLG2$Xk*Rkv4DpOJ)$@F^sdtlceIKKhp$z2BwVq8EWyOtp{$s+TLX}`{&8T3D`
zg1P7Droewr^1HoBYIW|Tv8yLo8VQ$lwMeoJv4+1B*B<S+;60zXUZnfs#Z<dH-th<x
zg0@dwP2y}01pf1qDd=}I?KmG~!V1G6K<DI;dDXOkF@~pMV=)W_P$?)uhQ0kn1DXQ=
zSqV$iuZL%$O+-zPgijKX@tuZ5@y>x&|1|w7N(jsDT!~2LUb_7TJ|X}?zg0>{5rR#D
zca!a(MgPvOzB3j0=LBB)rvYfVA%;A0p2124cCe7pfmJ?87ui2l0--xd07GE0-nI5&
z=1b}J#|xjP0d(xfUGQ(+0Hg>wnj6<wUc(I#1;)22@UDbK_=~v5bdipb@T5PN447K*
z<3Stx=b&4BG7Ok%zt>9K3(zVY2)xd}X#FxFI3^-uyuaHT^q>wRDsKwP-^`ay`xhiM
zf`{}Mq6e@*#|_klh05b0a<O>XO@TkF@Hpy@iD&8J#L9QQi4@emSVl8}&8Gsd<4>21
z4#U$}9EPPL4+LJ<uhFlgR`3NPq5az+Ndv<eC(JB$rBCL*Y5$Uh>6v%d_Q_{y(J$95
zngYM7@J4Jv2n_Rur8z*KQLm;DN*B!islcxYymmEu&-L24YVOYHk@3!CPcA4OSoJ>^
z|5)oV^A*$nWhtNGqvfAcgqev3ngaiVz|WB%0+S9VkZQC-TElb&MCQO$;1w^L{m*@a
z$yPl-o`*D`k8No0Jf`B19PSe-??B+o;(tEMV3W2SYDuwh-o4FYpfUR^rStA}GHWWn
zC@;w(^~pUj{Zo<9`(#@HM+?;OLn&Y?`IjXB82{GH@%b?NojDGvN+&$eB>!A8e{{++
z^&;i1Zg!n>mt?0{Hq1jEmPC$eXY;pA|KufD&%YoUyQC_M13YP=kW{U;4;R88gPenq
z3x;uUz#XNtJLG#R`D_1txV?|{zisMYmy(|+1+EXVkfG#Xll(vA?41M2|AOQnt=}a7
z#TsQ9dknVlXO0-`+(Xkpmy`KFuMDP$zR+3pW6r2&FPUsVb<uo3E#J>wbpF#g-}(L}
zj>`Rw`M&wr=4;X)wg+U}kFo8=D4hM(_s`#ychKLHufFpV*((=&_-gN7-+6Y$p8lKi
zeNVm@#cqFOzhB-7c_?3fuT$Sq)%VBr-Ng64V|w2GBlCSI-?!xZo_yW6BwoI6$@e|^
zx_>P3@_kFb@5%S#pPG2PUz{vy<U85^027LhnP$yz3&&{_%C4~2HsPaz`O-eie6wuF
zHz6ILQ+9BJY?q9GWIKbQ-|Mq;yn{7onc_QCmD7OJ9yslR(;hhOfzuv1?Sa!CIPHPc
z9yslR(;hhOfe+9FKjS#~hd;f+OYUdy(=WciGt`UGCg9NT`}q5B{J)17a{u$l@C%;3
zdy&&V{B!eloQD+szVmVOZGP39<DdSWiRVcCi2O9Vw#0Xp`4$vs7yamca;>%AuYOa?
z|BuP{J{Bd0V_q|qUquFg*lJEP0B|^#5-%6bXQ*U_q8P>OWpk};cwupP#u0(XyKnc}
zU~c-a4JYHB1{h%GE`(+BG+8a@_ocqWq3O48ihoD^-xdGQf7isPfZ>sn8<4QkI|Sga
z!hQ*Eofypv(uQSmm@z8`{_DPbW6*HpT<HA)5)w>c*apmLl65eLoLF}dUZCl$2}x$G
zH7+H~24@}iroKjeYED2*zy26^@1V8g92sfqaBJ<(-Fw@GY{l8$eiV!c+icBQ+#MK$
zz$LN)SPT0a?~`P6TVn8>k>lcj^U4JWY}wFhdp+D1yyM+*URdk5ofZ07a=Pc76<Bg8
z6iekwwO039KGb8K`!cpVnh!XuxNF!I^{*-hl5NYx#kvnI9?~8fhwI(fFHsTO{0n|L
zl$XLdbgkdri>4dRFmO<5*jZ5Mq!y36q<J01#EoYzy0yW&|CsC$qU+3h_iZCWPQ}fT
zFVnC%kkf>Zz1PCY&|QHEwFylb<F~ps@-8h7mlucU9Q~$Sgj^srmabuwD!Qh~!?nc}
zb>>WB*EwPqyQT_|Hx38%L{fLJ;kI#S0!s&i8?#<W|3)r>x=V|}xiij5lWXra+>o*-
zs|mCs+kv}?`=zFs$KAahc-68))Fmkg)c`2Q?ZfcJ1;FyykfSvS_8IqJX=0AV*amXX
zv10-uES(G+B*j#HEVj%C(aT;ppiCs!Gm<{e1o2Urh;B#*2k}ieVZ0SJU7<h7lz{Z0
zGS%U$w=J?v1rwq!N1k!;z!8*bpi1LA_uGUpAGprq=907Q;$JqKb<nY&SlnzZ29Eo}
z;t=cE<VtsWOwM8yqCFbyx}5=CFd-eY#j9F^N#BF!z{%1l(Ba~yU3jYhNyxJ`xYC1N
zNlZqaeWcFd&|0Kuiohd$4h8y@ka`yHzEK<lh7@upogR2Ooy19d86sMoobC4BfUVXw
z9LyT$%o#3_0y(zE!53a!49rZmqVt8r3E~Er8JTLhcy_Ux$0YW}`iBfoFpSY>PQ;N|
zZg$+#;^s0&ivFKFkL_vif<rHA^aE^Jl&?$Xv|x1maU5*6+$bEz2p>xowEz1~BJfbz
zQ5=<xDb^1klictEYT#aQNDJWIx9Q!l23Gn7=e*nArC*4p_IAj@bv)zTcUGMTHcI8`
z#kcDqABQHuIS>eR<AzW+Z?stCY~pBwM}N$+NTi_k1?_rDyv!;wG*cdX5NFc-h;xdu
z2Z`LF$jQq~JEY+PAAA8niH%@Zx<oE!d2(Kib%0a_6S#yfFj2V%(Pm}}G?_|*S(5`{
zH`cc{E?v2H`O=k_9e+fR8QoalSYO|Ad~aMS3937(2XBD|G0+%y@59*pIz;nxef~}-
z5ts6zB6+GnfqshgQ*y+}d*ACPocV;ikZ>1`yI6>lvs03@TavT8nCdA=KOsIbDj3kl
zFxLSFqaXyv#xTnMPGgCALHE8xx_3(o8-}2AvTRM!$zslcwsEqI-gO<E-94+Rjk4w0
z#qn9ns^6iFER|6-xC$(>tm%nYjKbG>O3j2dt!PbfF_8p}*iuFV?CrZWpK0sF3liP0
znM(tR@xuU`w?zGMYEY2TMaVNwR;Oi_`zfjwi4q&GQUAieOIOd%INi3pKbV{a1%z~@
z2Ip>Gy9Mi2uR~(VhR9h_3x@^P^Vr*gstK1r9%mDa!(`1m7^K=tlnOe>95LJ_XjWqH
zIy>ogaaGS<>76~7gq0DK^GH-%RTD9H6+!a0fy+Qapb?;CfM(Lmb9Qp=iH6P#yA+{0
zk*Pbxr9SN9xX=Qn99-`-CX9`eacaU@o~Xui=-1n1Fx?QFw@kmRxNO6mu^F2|ot1>{
zbo9ASa~csT4KcPOf_d@k3Tpru3l~e+ywMtvcG&z)38a$|)q$Svq6Gq}BYl97D2o8d
zxy`6*28hmUuJn!d8&?=JIb;7(XA!&2jVm-sFgJl|B?uYczKkr5x%fDo?W19RV%H*a
z$G9N#HV#d1e01D_&KU|oi<WL*MstL|<8Hi#qtNzRpNvvdJNO?OOjhI*QP!X(ylqn3
z6q1?-ooGR9P?HfUG%a3D%yKC;CSGaVTi=BKJ)Z)XcDzU2gQAOdp3V&Y0d^qNSY}BU
zAcHZjAZHa<A66&W=b<(SoZ0Kq;e^a_(fW5;%gWIXmzAV*5-J{)P)@yA%aJM>C_&f-
zHuoCZ9%*+g3?V=c`Cl!I4jUcp(?RzU>7?LrjDzd|?J~i-;Trr;*vBZenZp)(4VGlP
z9eUxFNP7_Vg!NK^-18cf7}eMrt<T|L$aglW?{qwfbeGT}&NyoG{1YI}aYYQrc=vu}
zkMse^X7S+eE1xjX-7u9G2=zdh$a-x}gXxMx1xR`<!uvRb!TaEhL(4h=l&A+4sJoS+
zU|g6vC0#7R{<N;RTF{kbz5#ncMhRnL@pYVCf{^B~&f_7SY)~rjJa0cK0@4tNe3Xdx
zO+$9#ih@}IxT8;6hBPxh=33xrh1to&v4YZehd9nb4{7YS*eW}<eFBRZSO+|#rJ_+2
z%m%i?T6;vjy%s*kq{M|zbG$~EjirqVr#83a$Ag-1QIFE`)M?>ijgU@IJ{f1hLU`o)
z6CkyKJDpFkOM_l;&H);sbq)T>2nvE~4$L8adZyV}nXrXtrHra$I*d{=IY&e58NDm0
zU{M!E83^E<WQklIsUuBq$}bqu#U5xgf+xeZHj@&gKrx^?UZXoR#EJqvnHo&RFHsWQ
zEYnK~v}bbVnD2z+6Bt>1j07g5PGB2Qgiw&q`C!p;HHNT4ILbGu+y+{lL|8iMvnY>J
z6=tWBG0s6%iT)1cn_D#gr}EYK%;!zG#=GiQIQ0wML-kAio9fs6)vx8NU*es!Ql7-S
z>X-PY`Za&`OZ+?Hf0i}*xU1><Yy0NKYy0NKYy0NKKb7{(i`Vwei`Vwei`VuwUoh>O
z%GX&o{)_S*%GX^n;qQt6P4PdK??de;`Mx9HdF5xMyk|=$-)C0;YyVEqnRr*y>HN|7
z-18>BIVb)tiGOQOyuszGL^FYnp_gvb$6m`f2ZXa&#PVm<1430erC?PN#f|-)%8(`a
z?%TU!LO<F7Z330I7uW#wSbNM)MmGUQK;(uTe$*Z9;T`LUoM5tC7jnbh+#hd9`iORd
zPCh-I4k{|9LC(7#kUn-1kTBpwMP;4{K2EOmP}~9gM2PXhK(^e;n7QS=q4EBULqkM{
z9j2Y<91OIJ)ykU~M{Y0~WBB+{e-p<XDtR%BkM>9OBAfc)S8Su^DqRO#DgcSwCB@Np
zFdxNlhI`jlCIF6VcLXC$IJ2@bDCR-}lQWZ--cXC0oIMVVxJcA@LRHQKRHBpTAnmpt
zW6qgrgm^s6gp>v!DqAHQdTRmQI<Guf8W@nKexiX|Q`W>?+>D1cRgPo*J^Y4|?|e+c
zziRovF8-gB__xIWaq)l8^8dg}|0D6MyzE~s|NG+CYPo-C>SJVsj*}I?!r!*ycP;-P
zSpM&dU)%S6@oW8mXr=!b@oRm4;hUyD>i>-R)$T;Y@_*6tkHxR;`G)0x+w%W|<^Olf
z|EX`K`=@C6o0fma^8cRY|Bm>zeSc=f|E1;sTg(6VmjA%=|D)yqC(HkDmjAyj|IdCq
z-QG`H{$IBIuH}E;@|P_Ci<bYU<=?RUU$Ojc%RjXIU$gwbYx%!!`M+)X|HShDh2{S%
z%m0q$|AFQIq2>RP_;vjC3;qZ0le0xQ(8Dd<q@?W^r;|Mx8gXC6Qzw`4`ZV*fh*g5K
zP5|@U9SECnO;Hhf$LGxec(*;kp)mCTV072vy56>#3C4ROaTn>(MdwA@OgKaK8Kw^9
z5APZ0rI~qv@8b12WxNY9(LW;`+!``pMOSUG-#FZ;?I<0X^)R3gX6jXH>}`5O*-k;6
z7969jV258#!SQPsFxcr$y^$8jniNCbrbbS>0|U;Sx08bKhTB=Z`rINIvLyXV9=rMc
zOU+^+9HH=Z%?fr+-GUOi`1=^Th<$P+ODwU;n3-V$riNDV-mZk;DI8q7qRkM@bh=L&
zZ{~9vi0Wmt=!yoUVvwBQcP=^(5p|G_gCaWTI*{GbiJkas4!wgDQ4N@6{PK>NKfp|k
zr3@!b6*KLIbo-G9u;Uwv7V+0!;D7G!n50SW%8T?1243U_Q*niaJo3B}r9#j-tR8-|
zC-Or(!NU`_i&t0qpUdyj;A|hY1tL%I>kJEGh%+Z<3RWL+b8cMOqzleY2TQI8V`&(L
z5%|8;^}8!CQWzKkR;1DqY=|}<TM`QMKq(mq9wOx<G|W*^yxxhP1`luuktsOH?KVv<
zV)Eg8#$W_aVF+?|a+btdJzUUHp)skfRWs|yz{If-5OxwzkuwV0T)S~+{mwP21l?pD
zItaLVw+Yc3nZ_g41<2k*8leu}(?aChoh`x+h$f3o6!OKpYY2i45c}3{-9o&)!j?o4
zNC}27<xFq*M1@_tya8x)cNR%5-`zyxv2F|#4<Xl^s2vN0z~Nir7P9HyAtN3nc$tgj
zd%y7A-P{1*0JC!h>o6Eh41sXC@>JQ)Yd2m22gFFi4MXWschF-O#RD7+g<0SQif*n^
zZTOJ{nsJ72WnL3R?4?^9x6u~dY~6)n08+R>;MO$?l<w3zZ*IMO{TABIXa(#*@LDPD
zm7BM&;&j0VCIx?h^F){NV4o`B6zkOgAZj6DhdvEpHn-N%sf0i1;vpkUI=gVun_Gwi
z52ZEmM(78m;oz;cJ2b=e9XVb&E(`B*1~Dnt@1{~jEtUj#H*TPp@B$!YqeNkY$%s=2
z9Xv=#!EL#BrHMTJ;RG{?BsY<{Wz_lJ_02ES;RBp6KB*i|@yeFz%;@Bp?$qYS`gN9a
zArE5wT7CZN+MO#mF;3uH!b%7iVfv67x3-Q6x;ns&e~h(kE|61r^VJPv=sw2gEi7Sl
z4C4=q-TV?wOe}xM8E|);Ih2mfEIgN~u43dWMXqw>szk18<f=uky1Gia$d!*=Q5mJE
zj8araDJr8Bl~IbyC`DzIqB6=+8Re*qa#Th+Dx(~gQI5(eM`e_wGRjdI<*1BGR7NE#
zqY{--iORrpq9gBhm;M&-0nN7(Za?7;lJ0Jtew=W(hKcZmyT-vL|9Zlm&&BEU`GmWW
za2FHqQo>!1-Q7f4?Vi^eo3{A)(jT>}op4jUhHo0xK+-WF4mOnKD7DNeZ$yS>a5>&^
z?eQ)b%T%FZGw9Psf6U*F_1l;3VYOV@)ZG)T9cWlE(Sh~4n=?`Y-t1U+2%9X6ZYe!m
zHo=4^cDzGLu-2THUV6z%Df!%A96ta(awZ*0h)Zx7wTzZdXXQl+K?P{H-j6HQ@ky>l
zB2<#tv4SEfDneN>P{nkT*(jAzIw}TRehiezaL?TxuDnQ32oAYELQkMa%rf6b?`|7;
z+%|_q+<hu-7Y1{C0bv_L?PIQ695#d><?cepOjQ0@->Hg2sY58$U`X&`fTXFqQ7H9q
zDh1Jo(TH$f5wLO4HUxHmItta|!swA1RNVBOj31vAKm?Hq6$md4QtP<LK*`maF|012
zH9>|(FOLa*v<e$-FeftZ2~b4=^llnfKk6w6^qDjX()qw)8iNTC^vn9@mJyR0vH;r-
zNIRLANe^#-I;lupN|OpZjf$O=5j18gO>BaKWU<klM$wQt&?Bv^mqUvseB3!4+G)cG
zycQ-z5mlJ$$PdL3kqpreHA`EtYIHNz8-v55Dx|pdgVjzebLGWO&Q!rp6g5Y=r4BU{
zn-v5*R1Z^owAJx^*3BLgRl*Anv1n)_91CI>6e%gCxp13lz}jswtmZi6SppfVk;o%g
zjiIvQP|A?%&!;IVfc(a2EJacvt7(ZRQEZ%zX0F9DRZT2#Out>iRivH;J~b^ScB=BF
zkk=+@YK?J<v7x?AG|gPMLuVB9Okxov3e$=0qCYW2(L90O6llJ9<6aoDJ}qiSmH8|U
z*H@XBip9%MR3L8_!{W?Oco5yk5;PpuNrHvhzN#ovqGn{l)<$4@CK#vkFsCm%^-ER;
z)oMOWvCwe}g)FNs8(DcEZwi7BUB~Puj?=X4VcYiU?DtIV_Y3Uz6m0u=_Iok*`y2Lq
zFt&Ym+uo1;{)%l+``PCV-%Q_6v)_BM-!B<{KAqmSPiepR+FUm2^*)6C-n0EagKh82
zw*PC})3o2`n@atDQAX0X-<~^b>hnp7x9xM=@9{Mk)9tnGIob9BZF_O{`zIN(2e0;!
zZTq4bc`xOcw0@TTBzuC|_8IN>K5YBHwmr`2l4+mz*HiK9eHGjOrfm<<wr@GK^0VL1
zXj=A2GcsOU-t+}iALZlQ?`PQWiQE0rJa6FDUbg*ykNqBj{XU~@FR>~1JJtT2ZO`7e
z??1KP%Xlj5OXq(sZ|WDd*Rro{zZaab-e0iaQ_I-%)3P@;wd{}D_K<D+@V31=+y0$x
z&)T*xW!tN>?eEz3m~8vtnPPfA+V&4KVozD^QQGfwWVQ^v+KX&nH-5E$KehbLyCz=k
zBiipB*!C+kmOU%`eXxv-r`qeb-~Vn}?{Q4;nev~LiEP_jv+ZX$EqkiAeKXr$nQgx-
zBlBZH%4>eXl&|Y0BYwqC84F)Ft@kW!`=%MO_o@A9+n=}XNj5i3`D&jvBkj}mma*Qi
z$;f*GYEQpu;mfCjKXkn{E&J~o*}t`YO_?uhAG9g>D}uMmpIY{ir?S84LDaUFpAr1M
zXd|jq|7j1L_P}Wmoc6$xJ<zTPWjvQ&t(S}Sa?q;y<(%Kjdw#7Dw!$Fa3Tk1i7=~>>
zY$4dI7D^#qq^+0hrLbPCwz9t+Jw-jYoLoMatALlBGk^BCSSS`9<XI_{@+G8oatHv!
z*;Si`b2I)hA|^PKk5Hx2V6b;oe#gbzjXNr@k5Jqj3*HFwpgkz%LwkLpvEc3Emes=Y
z0=T5@ZfBwK#==cJ<3+cN5Q!nr7fXe9tsVMEbCpf%N*w%mAr(U^xGu5D^36T4GZz|s
zDLWAc!TsStFtwt<t-bxoy^gzr>3rC?4$HJrnrr<>3yu2=H`i}pyReGVo0qn3URa%s
zN2}nMc)itetJ`lR{E;_~;2`6LbK$}A!j;`%q0yi8ddmxIySRNr%`cQnVWn6L3ze{1
z^=hqLE$~W}LM!jL>V;Z99|o167!+#NQlVBUR%#yBO}kpnSHqxQs+Li;R|Y+(!i_a&
zQs4kj_G(x9?HVaOvka0Nw8~;|s?2)-GF`qxAUwCcR@jp)p72QRf#c3y?-yErq1GzZ
zT4ldnE*0Cwa;@&?u$b#%we8jFHLqGM`azABdCB*S<y=rNmW%C*7uInt9yP?ko9wnv
zrvOa>3<GAw>UalzvqH1}xg{7wJm+4!v$gT1<~ron?tL>*4``%5;&TN|THHCnTrTAD
zrIlQDC12mlRU5fNqgcomD%EN(U#?fajAjPJ_Z)4@8=`>7XLH#cB5=zNH#4z9@4vAi
z7pYBt#g$xTC12dimm0ZZqnyju3i)cKj#3&q0))mXu_cjsjcjAn>n1D|URijuY-M%0
zYK45MRw@?qR5dAeyM;>V=(sDsD<gC1>Q$EgHVR&`R?6k7CBM-2+g>YQ%@ry^q3Y$r
zdaYIS!$Q!m)kCix=E}uV9SfyhYPX8M*Dhdt^9sbWT|G(VlKpl}<z`KrCzv+_Ea(Nu
znkTQLfwbAQ5%9(W=|@q7w-12?VuEhFz1<BEcYgu)Itt}Vquj3MTJ3zz%hf7qY%X63
z>p%dxk{1TW7RDe~^oo^M=#}!-av58E5VXB^J_jv{qF)Ky$W?L*^A(_oYOz+R)Pdm(
zg`fpY=L3@!YK5X#5B*XhK>omN<)Bt;dAXvG4l4)cuv!2PiF5kEb$akbEj)jOHp~Bm
zRl#-NZW~$%C!ynh(&isS|K-Y%_Y3(%A6RNBmJ6r!-%r}zKNcKt_!Xh_7Cw}-0C2zt
zY@TdELxFJAYZE+!2VrhFHhW|Ps!*72v{T+PI1P#NwRXwN<?FSoU#fdJjntsF3Csl~
zg)>MYsDOY8YhJ;x=dcL?e-~QqdJd#lu@aR0Vttj-V-|!wN)K}d!sg{luG;cz70&}=
ztdxKVD>YDK*xgFCT)o_G*X#9a3lTtOrF_}1ma!ui3gtp7vjXDsMPyMdm)oH7azU$9
z2Q5`E*IHGt46F#DT+s5uQq9ko>VB95zQxN4)mF6?0MRBgd+-ET9Y1n^BaGF!i~XD)
zBls!(9k>4T&^WTzf2mSAJ^%fbh9i~j8;4dXQ5~{KK_z~``M>bw$wzR~r+VPjbJ_!^
NJ#g9s|37=+e*oxG3EBVv

literal 0
HcmV?d00001

diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
new file mode 100644
index 0000000000..fedc9df74c
--- /dev/null
+++ b/acceptance/router_newbenchmark/test.py
@@ -0,0 +1,172 @@
+#!/usr/bin/env python3
+
+# Copyright 2021 Anapaya Systems
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+import shutil
+import time
+
+from typing import List
+from plumbum import cli
+from plumbum import cmd
+
+from acceptance.common import base
+
+import logging
+
+logger = logging.getLogger(__name__)
+
+# Those values are valid expectations only when running in the CI environment.
+EXPECTATIONS = {
+    'in': 53000,
+    'out': 26000,
+    'in_transit': 73000,
+    'out_transit': 49000,
+    'br_transit': 73000,
+}
+
+
+def exec_docker(command: str) -> str:
+    return cmd.docker(str.split(command))
+
+
+def sudo(command: str) -> str:
+    # -A, --askpass makes sure command is failing and does not wait for
+    # interactive password input.
+    return cmd.sudo("-A", str.split(command))
+
+
+def create_veth(host: str, container: str, ip: str, mac: str, ns: str, neighbors: List[str]):
+    sudo(f"ip link add {host} mtu 8000 type veth peer name {container} mtu 8000")
+    sudo(f"sysctl -qw net.ipv6.conf.{host}.disable_ipv6=1")
+    sudo(f"ip link set {host} up")
+    sudo(f"ip link set {container} netns {ns}")
+    sudo(f"ip netns exec {ns} sysctl -qw net.ipv6.conf.{container}.disable_ipv6=1")
+    sudo(f"ip netns exec {ns} ethtool -K  {container} rx off tx off")
+    sudo(f"ip netns exec {ns} ip link set {container} address {mac}")
+    sudo(f"ip netns exec {ns} ip addr add {ip} dev {container}")
+    for n in neighbors:
+        sudo(f"ip netns exec {ns} ip neigh add {n} "
+             f"lladdr f0:0d:ca:fe:be:ef nud permanent dev {container}")
+    sudo(f"ip netns exec {ns} ip link set {container} up")
+
+
+class RouterBMTest(base.TestBase):
+    """
+    Tests that the implementation of a router has sufficient performance (in terms of packets
+    per available machine*second (i.e. one accumulated second of all configured CPUs available
+    to execute the router code).
+
+    This test depends on an image called pause. This image is very thin, 250KB,
+    and is used to keep the network namespace open during the test. It is
+    stored locally by executing `docker save kubernetes/pause > pause.tar`. It
+    can be replaced at any time with any other image e.g. Alpine.
+
+    This test runs and execute a single router. The outgoing packets are not observed, the incoming
+    packets are fed directly by the test driver. The other routers in the topology are a fiction,
+    they exist only in the routers configuration.
+
+    The topology (./conf/topology.json) is the following:
+
+    AS2 (br2) ---+== (br1a) AS1 (br1b) ---- (br4) AS4
+                |
+    AS3 (br3) ---+
+
+    Only br1 is executed and observed.
+
+    Pretend traffic is injected as follows:
+
+    * from AS2 to AS3 at br1a external interface 1 to cause "br_transit" traffic.
+    * from AS2 to AS4 at br1a external interface 1 to cause "in_transit" traffic.
+    * from AS2 to AS1 at br1a external interface 1 to cause "in" traffic.
+    * from AS1 to AS2 at br1a internal interface to cause "out" traffic.
+    * from AS4 to AS2 at br1a internal interface to cause "out_transit" traffic.
+    """
+
+    ci = cli.Flag(
+        "ci",
+        help="Do extra checks for CI",
+        envname="CI"
+    )
+
+    pause_tar = cli.SwitchAttr(
+        "pause_tar",
+        str,
+        help="taball with the pause image",
+    )
+
+    def setup_prepare(self):
+        super().setup_prepare()
+
+        shutil.copytree("acceptance/router_newbenchmark/conf/", self.artifacts / "conf")
+        sudo("mkdir -p /var/run/netns")
+
+        pause_image = exec_docker(f"image load -q -i {self.pause_tar}").rsplit(' ', 1)[1]
+        exec_docker(f"run -d --network=none --name pause {pause_image}")
+        ns = exec_docker("inspect pause -f '{{.NetworkSettings.SandboxKey}}'").replace("'", "")
+
+        # WTF do we need to alias the namespace to "pause" while creating the veths?
+        sudo(f"ln -sfT {ns} /var/run/netns/pause")
+        self.create_veths("pause")
+        sudo("rm /var/run/netns/pause")
+
+    def setup_start(self):
+        super().setup_start()
+
+        envs = ["SCION_EXPERIMENTAL_BFD_DISABLE=true"]
+        exec_docker(f"run -v {self.artifacts}/conf:/share/conf "
+                    "-d "
+                    f"-e {' '.join(envs)} "
+                    "--network container:pause "
+                    "--name router "
+                    "bazel/acceptance/router_newbenchmark:router")
+
+        exec_docker(f"run -v {self.artifacts}/conf:/share/conf "
+                    "-d "
+                    "--network container:pause "
+                    "--name prometheus "
+                    "prom/prometheus:v2.47.2 "
+                    "/bin/prometheus --config_file /share/conf/prometheus.yml")
+
+        time.sleep(1)
+
+    def teardown(self):
+        cmd.docker["logs", "router"].run_fg(retcode=None)
+        exec_docker("rm -f prometheus")
+        exec_docker("rm -f router")
+        exec_docker("rm -f pause")  # veths are deleted automatically
+        sudo(f"chown -R {cmd.whoami()} {self.artifacts}")
+
+    # Wire virtual interfaces around the one router that we run.
+    def create_veths(self, ns: str):
+        # Set default TTL for outgoing packets to the common value 64, so that packets sent
+        # from router will match the expected value.
+        sudo(f"ip netns exec {ns} sysctl -w net.ipv4.ip_default_ttl=64")
+
+        create_veth("veth_int_host", "veth_int", "192.168.0.1/24", "f0:0d:ca:fe:00:01", ns,
+                    ["192.168.0.2"])
+        create_veth("veth_2_host", "veth_2", "192.168.2.1/24", "f0:0d:ca:fe:00:02", ns,
+                    ["192.168.2.2"])
+        create_veth("veth_3_host", "veth_3", "192.168.3.1/24", "f0:0d:ca:fe:00:03", ns,
+                    ["192.168.3.3"])
+
+    def _run(self):
+        logger.info("==> Starting load br-transit")
+        brload = self.get_executable("brload")
+        sudo(f"{brload.executable} -artifacts {self.artifacts} -case br_transit")
+
+
+if __name__ == "__main__":
+    base.main(RouterBMTest)
diff --git a/tools/brload/BUILD.bazel b/tools/brload/BUILD.bazel
new file mode 100644
index 0000000000..4829c719f8
--- /dev/null
+++ b/tools/brload/BUILD.bazel
@@ -0,0 +1,33 @@
+load("//tools/lint:go.bzl", "go_library")
+load("//:scion.bzl", "scion_go_binary")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "cases.go",
+        "main.go",
+    ],
+    importpath = "github.com/scionproto/scion/tools/brload",
+    visibility = ["//visibility:private"],
+    deps = [
+        "//pkg/addr:go_default_library",
+        "//pkg/log:go_default_library",
+        "//pkg/private/serrors:go_default_library",
+        "//pkg/private/util:go_default_library",
+        "//pkg/private/xtest:go_default_library",
+        "//pkg/scrypto:go_default_library",
+        "//pkg/slayers:go_default_library",
+        "//pkg/slayers/path:go_default_library",
+        "//pkg/slayers/path/scion:go_default_library",
+        "//private/keyconf:go_default_library",
+        "@com_github_google_gopacket//:go_default_library",
+        "@com_github_google_gopacket//afpacket:go_default_library",
+        "@com_github_google_gopacket//layers:go_default_library",
+    ],
+)
+
+scion_go_binary(
+    name = "brload",
+    embed = [":go_default_library"],
+    visibility = ["//visibility:public"],
+)
diff --git a/tools/brload/cases.go b/tools/brload/cases.go
new file mode 100644
index 0000000000..c6df2163ed
--- /dev/null
+++ b/tools/brload/cases.go
@@ -0,0 +1,133 @@
+// Copyright 2020 Anapaya Systems
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"hash"
+	"net"
+	"time"
+
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+
+	"github.com/scionproto/scion/pkg/addr"
+	"github.com/scionproto/scion/pkg/private/util"
+	"github.com/scionproto/scion/pkg/private/xtest"
+	"github.com/scionproto/scion/pkg/slayers"
+	"github.com/scionproto/scion/pkg/slayers/path"
+	"github.com/scionproto/scion/pkg/slayers/path/scion"
+)
+
+// BrTransit generates one packet of transit traffic over the same BR host.
+// The outcome is a packet and which interface to send it to.
+func BrTransit(mac hash.Hash) (string, []byte) {
+	options := gopacket.SerializeOptions{
+		FixLengths:       true,
+		ComputeChecksums: true,
+	}
+
+	// Ethernet: these addresses don't matter. The interfaces are not actually created.
+	ethernet := &layers.Ethernet{
+		SrcMAC:       net.HardwareAddr{0xf0, 0x0d, 0xca, 0xfe, 0x01, 0x01},
+		DstMAC:       net.HardwareAddr{0xf0, 0x0d, 0xca, 0xfe, 0x01, 0x02},
+		EthernetType: layers.EthernetTypeIPv4,
+	}
+	// These do mater. They're known neighbors of our router under test. See
+	// router_newbenchmark/topology.json.
+	// IP4: Src=192.168.2.2 Dst=192.168.2.3 NextHdr=UDP Flags=DF
+	ip := &layers.IPv4{
+		Version:  4,
+		IHL:      5,
+		TTL:      64,
+		SrcIP:    net.IP{192, 168, 2, 2},
+		DstIP:    net.IP{192, 168, 3, 3},
+		Protocol: layers.IPProtocolUDP,
+		Flags:    layers.IPv4DontFragment,
+	}
+	// 	UDP: Src=50000 Dst=50000
+	udp := &layers.UDP{
+		SrcPort: layers.UDPPort(50000),
+		DstPort: layers.UDPPort(50000),
+	}
+	_ = udp.SetNetworkLayerForChecksum(ip)
+
+	// pkt0.ParsePacket(`
+	// 	SCION: NextHdr=UDP CurrInfoF=0 CurrHopF=1 SrcType=IPv4 DstType=IPv4
+	// 		ADDR: SrcIA=1-ff00:0:2 Src=192.168.2.2 DstIA=1-ff00:0:3 Dst=192.168.3.3
+	// 		IF_2: ISD=1 Hops=2 Flags=non-ConsDir
+	// 			HF_1: ConsIngress=0 ConsEgress=0
+	// 			HF_0: ConsIngress=131 ConsEgress=141
+	// 	UDP_1: Src=40111 Dst=40222
+	// `)
+	sp := &scion.Decoded{
+		Base: scion.Base{
+			PathMeta: scion.MetaHdr{
+				CurrHF: 1,
+				SegLen: [3]uint8{2, 2, 0},
+			},
+			NumINF:  2,
+			NumHops: 4,
+		},
+		InfoFields: []path.InfoField{
+			{
+				SegID:     0x111,
+				Timestamp: util.TimeToSecs(time.Now()),
+				ConsDir:   false,
+			},
+		},
+		HopFields: []path.HopField{
+			{ConsIngress: 0, ConsEgress: 2},  // Processed here (non-consdir)
+			{ConsIngress: 22, ConsEgress: 0}, // From there (non-consdir)
+			{ConsIngress: 0, ConsEgress: 3},  // Down via this
+			{ConsIngress: 33, ConsEgress: 0}, // To there
+		},
+	}
+	sp.HopFields[1].Mac = path.MAC(mac, sp.InfoFields[0], sp.HopFields[1], nil)
+	sp.InfoFields[0].UpdateSegID(sp.HopFields[1].Mac)
+
+	scionL := &slayers.SCION{
+		Version:      0,
+		TrafficClass: 0xb8,
+		FlowID:       0xdead,
+		NextHdr:      slayers.L4UDP,
+		PathType:     scion.PathType,
+		SrcIA:        xtest.MustParseIA("1-ff00:0:2"),
+		DstIA:        xtest.MustParseIA("1-ff00:0:3"),
+		Path:         sp,
+	}
+	if err := scionL.SetSrcAddr(addr.MustParseHost("192.168.2.2")); err != nil {
+		panic(err)
+	}
+	if err := scionL.SetDstAddr(addr.MustParseHost("182.168.3.3")); err != nil {
+		panic(err)
+	}
+
+	scionudp := &slayers.UDP{}
+	scionudp.SrcPort = 50000
+	scionudp.DstPort = 50000
+	scionudp.SetNetworkLayerForChecksum(scionL)
+
+	payload := []byte("actualpayloadbytes")
+
+	// Prepare input packet
+	input := gopacket.NewSerializeBuffer()
+	if err := gopacket.SerializeLayers(input, options,
+		ethernet, ip, udp, scionL, scionudp, gopacket.Payload(payload),
+	); err != nil {
+		panic(err)
+	}
+
+	return "veth_2_host", input.Bytes()
+}
diff --git a/tools/brload/main.go b/tools/brload/main.go
new file mode 100644
index 0000000000..8a76a1f796
--- /dev/null
+++ b/tools/brload/main.go
@@ -0,0 +1,160 @@
+// Copyright 2020 Anapaya Systems
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"flag"
+	"fmt"
+	"hash"
+	"net"
+	"os"
+	"path/filepath"
+	"reflect"
+	"strings"
+
+	"github.com/google/gopacket/layers"
+
+	"github.com/google/gopacket/afpacket"
+	"github.com/scionproto/scion/pkg/log"
+	"github.com/scionproto/scion/pkg/private/serrors"
+	"github.com/scionproto/scion/pkg/scrypto"
+	"github.com/scionproto/scion/pkg/slayers"
+	"github.com/scionproto/scion/private/keyconf"
+)
+
+type Case func(mac hash.Hash) (string, []byte)
+
+var (
+	allCases = map[string]Case{
+		"br_transit": BrTransit,
+	}
+	logConsole = flag.String("log.console", "debug", "Console logging level: debug|info|error")
+	dir        = flag.String("artifacts", "", "Artifacts directory")
+	numPackets = flag.Int("num_packets", 1000, "Number of packets to send")
+	caseToRun  = flag.String("case", "",
+		fmt.Sprintf("Which traffic case to evaluate %v",
+			reflect.ValueOf(allCases).MapKeys()))
+	handles = make(map[string]*afpacket.TPacket)
+)
+
+// InitDevices inventories the available network interfaces, picks the ones that a case may inject
+// traffic into, and associates them with a AF Packet interface.
+func InitDevices() error {
+	devs, err := net.Interfaces()
+	if err != nil {
+		return serrors.WrapStr("listing network interfaces", err)
+	}
+
+	for _, dev := range devs {
+		if !strings.HasPrefix(dev.Name, "veth_") || !strings.HasSuffix(dev.Name, "_host") {
+			continue
+		}
+		handle, err := afpacket.NewTPacket(afpacket.OptInterface(dev.Name))
+		if err != nil {
+			return serrors.WrapStr("creating TPacket", err)
+		}
+		handles[dev.Name] = handle
+	}
+
+	return nil
+}
+
+func main() {
+	os.Exit(realMain())
+}
+
+func realMain() int {
+	flag.Parse()
+	logCfg := log.Config{Console: log.ConsoleConfig{Level: *logConsole}}
+	if err := log.Setup(logCfg); err != nil {
+		flag.Usage()
+		fmt.Fprintf(os.Stderr, "%s\n", err)
+		return 1
+	}
+	defer log.HandlePanic()
+
+	artifactsDir, err := os.MkdirTemp("", "brload_")
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "%s\n", err)
+		return 1
+	}
+	if *dir != "" {
+		artifactsDir = *dir
+	}
+	if v := os.Getenv("TEST_ARTIFACTS_DIR"); v != "" {
+		artifactsDir = v
+	}
+	hfMAC, err := loadKey(artifactsDir)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Loading keys failed: %v\n", err)
+		return 1
+	}
+
+	err = InitDevices()
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Loading devices failed: %v\n", err)
+		return 1
+	}
+
+	registerScionPorts()
+
+	log.Info("BRLoad acceptance tests:")
+
+	for caseName, caseFunc := range allCases {
+		caseDev, rawPkt := caseFunc(hfMAC)
+
+		writePktTo, ok := handles[caseDev]
+		if !ok {
+			log.Error("device not found", "device", caseDev)
+			return 1
+		}
+		for i := 0; i < *numPackets; i++ {
+			if err := writePktTo.WritePacketData(rawPkt); err != nil {
+				log.Error("writing input packet", "case", caseName, "error", err)
+				return 1
+			}
+		}
+
+		// For now we don't read the packets coming out. There are other tests
+		// for that. At some point we might just look at how many were dropped
+		// by the interface to get an idea of how many made it that far.
+	}
+	return 0
+}
+
+func loadKey(artifactsDir string) (hash.Hash, error) {
+	keysDir := filepath.Join(artifactsDir, "conf", "keys")
+	mk, err := keyconf.LoadMaster(keysDir)
+	if err != nil {
+		return nil, err
+	}
+	macGen, err := scrypto.HFMacFactory(mk.Key0)
+	if err != nil {
+		return nil, err
+	}
+	return macGen(), nil
+}
+
+// registerScionPorts registers the following UDP ports in gopacket such as SCION is the
+// next layer. In other words, map the following ports to expect SCION as the payload.
+func registerScionPorts() {
+	layers.RegisterUDPPortLayerType(layers.UDPPort(30041), slayers.LayerTypeSCION)
+	for i := 30000; i < 30010; i++ {
+		layers.RegisterUDPPortLayerType(layers.UDPPort(i), slayers.LayerTypeSCION)
+	}
+	for i := 50000; i < 50010; i++ {
+		layers.RegisterUDPPortLayerType(layers.UDPPort(i), slayers.LayerTypeSCION)
+	}
+}

From 9d6e29747f8b75f5de75c1f1175a7b6c45678dae Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Thu, 16 Nov 2023 18:56:43 +0100
Subject: [PATCH 02/40] router: add a check for forwarded packets.

This still has some issues but I don't like carrying unsub code on my laptop.
---
 tools/brload/cases.go |   8 +--
 tools/brload/main.go  | 115 ++++++++++++++++++++++++++++++++++--------
 2 files changed, 98 insertions(+), 25 deletions(-)

diff --git a/tools/brload/cases.go b/tools/brload/cases.go
index c6df2163ed..a02da39a8c 100644
--- a/tools/brload/cases.go
+++ b/tools/brload/cases.go
@@ -32,7 +32,7 @@ import (
 
 // BrTransit generates one packet of transit traffic over the same BR host.
 // The outcome is a packet and which interface to send it to.
-func BrTransit(mac hash.Hash) (string, []byte) {
+func BrTransit(payload string, mac hash.Hash) (string, string, []byte) {
 	options := gopacket.SerializeOptions{
 		FixLengths:       true,
 		ComputeChecksums: true,
@@ -119,15 +119,15 @@ func BrTransit(mac hash.Hash) (string, []byte) {
 	scionudp.DstPort = 50000
 	scionudp.SetNetworkLayerForChecksum(scionL)
 
-	payload := []byte("actualpayloadbytes")
+	payloadBytes := []byte(payload)
 
 	// Prepare input packet
 	input := gopacket.NewSerializeBuffer()
 	if err := gopacket.SerializeLayers(input, options,
-		ethernet, ip, udp, scionL, scionudp, gopacket.Payload(payload),
+		ethernet, ip, udp, scionL, scionudp, gopacket.Payload(payloadBytes),
 	); err != nil {
 		panic(err)
 	}
 
-	return "veth_2_host", input.Bytes()
+	return "veth_2_host", "veth_3_host", input.Bytes()
 }
diff --git a/tools/brload/main.go b/tools/brload/main.go
index 8a76a1f796..a245602d75 100644
--- a/tools/brload/main.go
+++ b/tools/brload/main.go
@@ -24,6 +24,7 @@ import (
 	"reflect"
 	"strings"
 
+	"github.com/google/gopacket"
 	"github.com/google/gopacket/layers"
 
 	"github.com/google/gopacket/afpacket"
@@ -34,7 +35,7 @@ import (
 	"github.com/scionproto/scion/private/keyconf"
 )
 
-type Case func(mac hash.Hash) (string, []byte)
+type Case func(payload string, mac hash.Hash) (string, string, []byte)
 
 var (
 	allCases = map[string]Case{
@@ -49,9 +50,9 @@ var (
 	handles = make(map[string]*afpacket.TPacket)
 )
 
-// InitDevices inventories the available network interfaces, picks the ones that a case may inject
+// initDevices inventories the available network interfaces, picks the ones that a case may inject
 // traffic into, and associates them with a AF Packet interface.
-func InitDevices() error {
+func initDevices() error {
 	devs, err := net.Interfaces()
 	if err != nil {
 		return serrors.WrapStr("listing network interfaces", err)
@@ -71,6 +72,12 @@ func InitDevices() error {
 	return nil
 }
 
+func closeDevices() {
+	for _, h := range handles {
+		h.Close()
+	}
+}
+
 func main() {
 	os.Exit(realMain())
 }
@@ -85,9 +92,16 @@ func realMain() int {
 	}
 	defer log.HandlePanic()
 
+	caseFunc, ok := allCases[*caseToRun]
+	if !ok {
+		log.Error("Unknown case", "case", *caseToRun)
+		flag.Usage()
+		return 1
+	}
+
 	artifactsDir, err := os.MkdirTemp("", "brload_")
 	if err != nil {
-		fmt.Fprintf(os.Stderr, "%s\n", err)
+		log.Error("Cannot create tmp dir", "err", err)
 		return 1
 	}
 	if *dir != "" {
@@ -98,13 +112,13 @@ func realMain() int {
 	}
 	hfMAC, err := loadKey(artifactsDir)
 	if err != nil {
-		fmt.Fprintf(os.Stderr, "Loading keys failed: %v\n", err)
+		log.Error("Loading keys failed", "err", err)
 		return 1
 	}
 
-	err = InitDevices()
+	err = initDevices()
 	if err != nil {
-		fmt.Fprintf(os.Stderr, "Loading devices failed: %v\n", err)
+		log.Error("Loading devices failed", "err", err)
 		return 1
 	}
 
@@ -112,25 +126,84 @@ func realMain() int {
 
 	log.Info("BRLoad acceptance tests:")
 
-	for caseName, caseFunc := range allCases {
-		caseDev, rawPkt := caseFunc(hfMAC)
+	payloadString := "actualpayloadbytes"
+	caseDevIn, caseDevOut, rawPkt := caseFunc(payloadString, hfMAC)
 
-		writePktTo, ok := handles[caseDev]
-		if !ok {
-			log.Error("device not found", "device", caseDev)
-			return 1
-		}
-		for i := 0; i < *numPackets; i++ {
-			if err := writePktTo.WritePacketData(rawPkt); err != nil {
-				log.Error("writing input packet", "case", caseName, "error", err)
-				return 1
+	writePktTo, ok := handles[caseDevIn]
+	if !ok {
+		log.Error("device not found", "device", caseDevIn)
+		return 1
+	}
+
+	readPktFrom, ok := handles[caseDevOut]
+	if !ok {
+		log.Error("device not found", "device", caseDevOut)
+		return 1
+	}
+
+	// Try and pick-up one packet and return the payload. If that works, we're content
+	// that this test works.
+	listenerChan := make(chan bool)
+	go func() {
+		defer log.HandlePanic()
+
+		gotOne := false
+
+		defer func() {
+			fmt.Println("********** listener channel closing")
+			listenerChan <- gotOne
+			close(listenerChan)
+		}()
+
+		packetSource := gopacket.NewPacketSource(readPktFrom, layers.LinkTypeEthernet)
+		ch := packetSource.Packets()
+
+		for {
+			fmt.Println("***** listener listening")
+			got, ok := <-ch
+			if !ok {
+				// No more packets
+				fmt.Println("***** listener bailing")
+				return
+			}
+			if err := got.ErrorLayer(); err != nil {
+				log.Error("error decoding packet", "err", err)
+			}
+			layer := got.Layer(gopacket.LayerTypePayload)
+			if layer == nil {
+				log.Error("error fetching packet payload: no PayLoad")
 			}
+			payload, ok := layer.(gopacket.Payload)
+			if !ok {
+				log.Error("error fetching packet payload: not a PayLoad!")
+			}
+			if payload.GoString() == payloadString {
+				fmt.Println("********** listener happy")
+				gotOne = true
+			}
+			fmt.Println("********** listener done")
+			return // One is all we need.
 		}
+	}()
 
-		// For now we don't read the packets coming out. There are other tests
-		// for that. At some point we might just look at how many were dropped
-		// by the interface to get an idea of how many made it that far.
+	for i := 0; i < *numPackets; i++ {
+		if err := writePktTo.WritePacketData(rawPkt); err != nil {
+			log.Error("writing input packet", "case", *caseToRun, "error", err)
+			return 1
+		}
+	}
+
+	// If our listener is still stuck there, unstick it.
+	closeDevices()
+	fmt.Println("********** devices closed")
+
+	outcome, ok := <-listenerChan
+	if !ok || !outcome {
+		log.Error("Never saw a valid packet being forwarded")
+		return 1
 	}
+
+	fmt.Println("********** main done")
 	return 0
 }
 

From 943d52713aa3169cbfdd5537ce069a5e432cc800 Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Fri, 17 Nov 2023 11:07:17 +0100
Subject: [PATCH 03/40] router: make sure brload terminates.

---
 tools/brload/main.go | 26 +++++++-------------------
 1 file changed, 7 insertions(+), 19 deletions(-)

diff --git a/tools/brload/main.go b/tools/brload/main.go
index a245602d75..4b55aac17b 100644
--- a/tools/brload/main.go
+++ b/tools/brload/main.go
@@ -72,12 +72,6 @@ func initDevices() error {
 	return nil
 }
 
-func closeDevices() {
-	for _, h := range handles {
-		h.Close()
-	}
-}
-
 func main() {
 	os.Exit(realMain())
 }
@@ -143,27 +137,24 @@ func realMain() int {
 
 	// Try and pick-up one packet and return the payload. If that works, we're content
 	// that this test works.
+	packetSource := gopacket.NewPacketSource(readPktFrom, layers.LinkTypeEthernet)
+	packetChan := packetSource.Packets()
 	listenerChan := make(chan bool)
+
 	go func() {
 		defer log.HandlePanic()
 
 		gotOne := false
 
 		defer func() {
-			fmt.Println("********** listener channel closing")
 			listenerChan <- gotOne
 			close(listenerChan)
 		}()
 
-		packetSource := gopacket.NewPacketSource(readPktFrom, layers.LinkTypeEthernet)
-		ch := packetSource.Packets()
-
 		for {
-			fmt.Println("***** listener listening")
-			got, ok := <-ch
+			got, ok := <-packetChan
 			if !ok {
 				// No more packets
-				fmt.Println("***** listener bailing")
 				return
 			}
 			if err := got.ErrorLayer(); err != nil {
@@ -178,10 +169,8 @@ func realMain() int {
 				log.Error("error fetching packet payload: not a PayLoad!")
 			}
 			if payload.GoString() == payloadString {
-				fmt.Println("********** listener happy")
 				gotOne = true
 			}
-			fmt.Println("********** listener done")
 			return // One is all we need.
 		}
 	}()
@@ -193,9 +182,9 @@ func realMain() int {
 		}
 	}
 
-	// If our listener is still stuck there, unstick it.
-	closeDevices()
-	fmt.Println("********** devices closed")
+	// If our listener is still stuck there, unstick it. Closing the devices doesn't cause the
+	// packet channel to close (presumably a bug). Close the channel ourselves.
+	close(packetChan)
 
 	outcome, ok := <-listenerChan
 	if !ok || !outcome {
@@ -203,7 +192,6 @@ func realMain() int {
 		return 1
 	}
 
-	fmt.Println("********** main done")
 	return 0
 }
 

From ef94d2b3afd9bfcb81c7e3be00958ab92380bbef Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Fri, 17 Nov 2023 18:58:01 +0100
Subject: [PATCH 04/40] router: new benchmark made to work.

Only collects br_transit metrics for now. Test runs fast so metrics window is
short only 8 seconds for 5M packets. This makes the pkt/s measurement flaky.
Will have to try and increase the window size.
---
 acceptance/common/docker.py            |   2 +-
 acceptance/router_newbenchmark/test.py | 143 ++++++++++++++++++++-----
 router/connector.go                    |   2 +-
 router/dataplane.go                    |   2 +-
 tools/brload/cases.go                  |  47 +++++---
 tools/brload/main.go                   |  42 +++++---
 6 files changed, 172 insertions(+), 66 deletions(-)

diff --git a/acceptance/common/docker.py b/acceptance/common/docker.py
index 0af9a69bc4..c6f56fb2c8 100644
--- a/acceptance/common/docker.py
+++ b/acceptance/common/docker.py
@@ -197,7 +197,7 @@ def assert_no_networks(writer=None):
             writer.write("Docker networking assertions are OFF\n")
         return
 
-    allowed_nets = ['bridge', 'host', 'none']
+    allowed_nets = ['bridge', 'host', 'none', 'benchmark']
     unexpected_nets = []
     for net in _get_networks():
         if net.name not in allowed_nets:
diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
index fedc9df74c..3be64d249f 100644
--- a/acceptance/router_newbenchmark/test.py
+++ b/acceptance/router_newbenchmark/test.py
@@ -20,47 +20,51 @@
 
 from typing import List
 from plumbum import cli
-from plumbum import cmd
+from plumbum.cmd import sudo,docker,whoami
 
 from acceptance.common import base
 
 import logging
+import json
+import yaml
+from http.client import HTTPConnection
+from urllib.parse import urlencode
 
 logger = logging.getLogger(__name__)
 
 # Those values are valid expectations only when running in the CI environment.
 EXPECTATIONS = {
-    'in': 53000,
-    'out': 26000,
-    'in_transit': 73000,
-    'out_transit': 49000,
+    # 'in': 53000,
+    # 'out': 26000,
+    # 'in_transit': 73000,
+    # 'out_transit': 49000,
     'br_transit': 73000,
 }
 
 
 def exec_docker(command: str) -> str:
-    return cmd.docker(str.split(command))
+    return docker(str.split(command))
 
 
-def sudo(command: str) -> str:
+def exec_sudo(command: str) -> str:
     # -A, --askpass makes sure command is failing and does not wait for
     # interactive password input.
-    return cmd.sudo("-A", str.split(command))
+    return sudo("-A", str.split(command))
 
 
 def create_veth(host: str, container: str, ip: str, mac: str, ns: str, neighbors: List[str]):
-    sudo(f"ip link add {host} mtu 8000 type veth peer name {container} mtu 8000")
-    sudo(f"sysctl -qw net.ipv6.conf.{host}.disable_ipv6=1")
-    sudo(f"ip link set {host} up")
-    sudo(f"ip link set {container} netns {ns}")
-    sudo(f"ip netns exec {ns} sysctl -qw net.ipv6.conf.{container}.disable_ipv6=1")
-    sudo(f"ip netns exec {ns} ethtool -K  {container} rx off tx off")
-    sudo(f"ip netns exec {ns} ip link set {container} address {mac}")
-    sudo(f"ip netns exec {ns} ip addr add {ip} dev {container}")
+    exec_sudo(f"ip link add {host} mtu 8000 type veth peer name {container} mtu 8000")
+    exec_sudo(f"sysctl -qw net.ipv6.conf.{host}.disable_ipv6=1")
+    exec_sudo(f"ip link set {host} up")
+    exec_sudo(f"ip link set {container} netns {ns}")
+    exec_sudo(f"ip netns exec {ns} sysctl -qw net.ipv6.conf.{container}.disable_ipv6=1")
+    exec_sudo(f"ip netns exec {ns} ethtool -K  {container} rx off tx off")
+    exec_sudo(f"ip netns exec {ns} ip link set {container} address {mac}")
+    exec_sudo(f"ip netns exec {ns} ip addr add {ip} dev {container}")
     for n in neighbors:
-        sudo(f"ip netns exec {ns} ip neigh add {n} "
+        exec_sudo(f"ip netns exec {ns} ip neigh add {n} "
              f"lladdr f0:0d:ca:fe:be:ef nud permanent dev {container}")
-    sudo(f"ip netns exec {ns} ip link set {container} up")
+    exec_sudo(f"ip netns exec {ns} ip link set {container} up")
 
 
 class RouterBMTest(base.TestBase):
@@ -111,16 +115,18 @@ def setup_prepare(self):
         super().setup_prepare()
 
         shutil.copytree("acceptance/router_newbenchmark/conf/", self.artifacts / "conf")
-        sudo("mkdir -p /var/run/netns")
+        exec_sudo("mkdir -p /var/run/netns")
+
+        exec_docker("network create -d bridge benchmark")
 
         pause_image = exec_docker(f"image load -q -i {self.pause_tar}").rsplit(' ', 1)[1]
-        exec_docker(f"run -d --network=none --name pause {pause_image}")
+        exec_docker(f"run -d --network=benchmark --publish 9999:9090 --name pause {pause_image}")
         ns = exec_docker("inspect pause -f '{{.NetworkSettings.SandboxKey}}'").replace("'", "")
 
         # WTF do we need to alias the namespace to "pause" while creating the veths?
-        sudo(f"ln -sfT {ns} /var/run/netns/pause")
+        exec_sudo(f"ln -sfT {ns} /var/run/netns/pause")
         self.create_veths("pause")
-        sudo("rm /var/run/netns/pause")
+        exec_sudo("rm /var/run/netns/pause")
 
     def setup_start(self):
         super().setup_start()
@@ -138,23 +144,23 @@ def setup_start(self):
                     "--network container:pause "
                     "--name prometheus "
                     "prom/prometheus:v2.47.2 "
-                    "/bin/prometheus --config_file /share/conf/prometheus.yml")
+                    "--config.file /share/conf/prometheus.yml")
 
-        time.sleep(1)
+        time.sleep(2)
 
     def teardown(self):
-        cmd.docker["logs", "router"].run_fg(retcode=None)
+        docker["logs", "router"].run_fg(retcode=None)
         exec_docker("rm -f prometheus")
         exec_docker("rm -f router")
         exec_docker("rm -f pause")  # veths are deleted automatically
-        sudo(f"chown -R {cmd.whoami()} {self.artifacts}")
+        exec_docker("network rm benchmark")
+        exec_sudo(f"chown -R {whoami()} {self.artifacts}")
 
     # Wire virtual interfaces around the one router that we run.
     def create_veths(self, ns: str):
         # Set default TTL for outgoing packets to the common value 64, so that packets sent
         # from router will match the expected value.
-        sudo(f"ip netns exec {ns} sysctl -w net.ipv4.ip_default_ttl=64")
-
+        exec_sudo(f"ip netns exec {ns} sysctl -w net.ipv4.ip_default_ttl=64")
         create_veth("veth_int_host", "veth_int", "192.168.0.1/24", "f0:0d:ca:fe:00:01", ns,
                     ["192.168.0.2"])
         create_veth("veth_2_host", "veth_2", "192.168.2.1/24", "f0:0d:ca:fe:00:02", ns,
@@ -165,7 +171,86 @@ def create_veths(self, ns: str):
     def _run(self):
         logger.info("==> Starting load br-transit")
         brload = self.get_executable("brload")
-        sudo(f"{brload.executable} -artifacts {self.artifacts} -case br_transit")
+        output = exec_sudo(f"{brload.executable} -artifacts {self.artifacts} "
+                           "-case br_transit -num_packets 5000000")
+        for line in output.splitlines():
+            print(line)
+            if line.startswith('metricsBegin'):
+                _, beg, _, end = line.split()
+
+        logger.info('==> Collecting br-transit performance metrics...')
+
+        # The raw metrics are expressed in terms of core*seconds. We convert to machine*seconds
+        # which allows us to provide a projected packet/s; ...more intuitive than packets/core*s.
+        # We're interested only in br_transit traffic. We measure the rate over 10s. For best
+        # results we sample the end of the middle 10s of the run. "beg" is the start time of the
+        # real action and "end" is the end time.
+        sampleTime = (int(beg) + int(end) + 10) / 2
+        promQuery = urlencode({
+            'time': f'{sampleTime}',
+            'query': (
+                'sum by (instance, job) ('
+                '  rate(router_output_pkts_total{job="BR", type="br_transit"}[10s])'
+                ')'
+                '/ on (instance, job) group_left()'
+                'sum by (instance, job) ('
+                '  1 - (rate(process_runnable_seconds_total[10s])'
+                '       / go_sched_maxprocs_threads)'
+                ')'
+            )
+        })
+        conn = HTTPConnection("localhost:9999")
+        conn.request('GET', f'/api/v1/query?{promQuery}')
+        resp = conn.getresponse()
+        if resp.status != 200:
+            raise RuntimeError(f'Unexpected response: {resp.status} {resp.reason}')
+
+        # There's only one router that has br_transit traffic.
+        pld = json.loads(resp.read().decode('utf-8'))
+        results = pld['data']['result']
+        rateMap = {}
+        tt = 'br_transit'
+        rateMap[tt] = 0
+        for result in results:
+            ts, val = result['value']
+            r = int(float(val))
+            if r != 0:
+                rateMap[tt] = r
+
+        # Fetch and log the number of cores used by Go. This may inform performance
+        # modeling later.
+        logger.info('==> Collecting number of cores...')
+        promQuery = urlencode({
+            'query': 'go_sched_maxprocs_threads{job="BR"}'
+        })
+
+        conn = HTTPConnection("localhost:9999")
+        conn.request('GET', f'/api/v1/query?{promQuery}')
+        resp = conn.getresponse()
+        if resp.status != 200:
+            raise RuntimeError(f'Unexpected response: {resp.status} {resp.reason}')
+
+        pld = json.loads(resp.read().decode('utf-8'))
+        results = pld['data']['result']
+        for result in results:
+            instance = result['metric']['instance']
+            _, val = result['value']
+            logger.info(f'Router Cores for {instance}: {int(val)}')
+
+        # Log and check the performance...
+        # If this is used as a CI test. Make sure that the performance is within the expected
+        # ballpark.
+        rateTooLow = []
+        for tt, exp in EXPECTATIONS.items():
+            if self.ci:
+                logger.info(f'Packets/(machine*s) for {tt}: {rateMap[tt]} expected: {exp}')
+                if rateMap[tt] < 0.8 * exp:
+                    rateTooLow.append(tt)
+            else:
+                logger.info(f'Packets/(machine*s) for {tt}: {rateMap[tt]}')
+
+        if len(rateTooLow) != 0:
+            raise RuntimeError(f'Insufficient performance for: {rateTooLow}')
 
 
 if __name__ == "__main__":
diff --git a/router/connector.go b/router/connector.go
index 7b744b2c41..cd7e5c04e2 100644
--- a/router/connector.go
+++ b/router/connector.go
@@ -85,7 +85,7 @@ func (c *Connector) AddExternalInterface(localIfID common.IFIDType, link control
 	intf := uint16(localIfID)
 	log.Debug("Adding external interface", "interface", localIfID,
 		"local_isd_as", link.Local.IA, "local_addr", link.Local.Addr,
-		"remote_isd_as", link.Remote.IA, "remote_addr", link.Remote.IA,
+		"remote_isd_as", link.Remote.IA, "remote_addr", link.Remote.Addr,
 		"owned", owned, "bfd", !link.BFD.Disable)
 
 	if !c.ia.Equal(link.Local.IA) {
diff --git a/router/dataplane.go b/router/dataplane.go
index 2a1e06e3d6..97aa7111ba 100644
--- a/router/dataplane.go
+++ b/router/dataplane.go
@@ -959,12 +959,12 @@ func (d *DataPlane) runForwarder(ifID uint16, conn BatchConn, cfg *RunConfig, c
 			}
 		}
 		written, _ := conn.WriteBatch(msgs[:toWrite], 0)
+		log.Debug("Wrote packets", "count", written)
 		if written < 0 {
 			// WriteBatch returns -1 on error, we just consider this as
 			// 0 packets written
 			written = 0
 		}
-
 		updateOutputMetrics(metrics, pkts[:written])
 
 		for _, p := range pkts[:written] {
diff --git a/tools/brload/cases.go b/tools/brload/cases.go
index a02da39a8c..9762dd0113 100644
--- a/tools/brload/cases.go
+++ b/tools/brload/cases.go
@@ -38,21 +38,22 @@ func BrTransit(payload string, mac hash.Hash) (string, string, []byte) {
 		ComputeChecksums: true,
 	}
 
-	// Ethernet: these addresses don't matter. The interfaces are not actually created.
+	// Point-to-point. Src might not mater. Dst probably must match what test.py configured
+	// for interface 2 of the router.
 	ethernet := &layers.Ethernet{
-		SrcMAC:       net.HardwareAddr{0xf0, 0x0d, 0xca, 0xfe, 0x01, 0x01},
-		DstMAC:       net.HardwareAddr{0xf0, 0x0d, 0xca, 0xfe, 0x01, 0x02},
+		SrcMAC:       net.HardwareAddr{0xf0, 0x0d, 0xca, 0xfe, 0xbe, 0xef},
+		DstMAC:       net.HardwareAddr{0xf0, 0x0d, 0xca, 0xfe, 0x00, 0x02},
 		EthernetType: layers.EthernetTypeIPv4,
 	}
-	// These do mater. They're known neighbors of our router under test. See
-	// router_newbenchmark/topology.json.
-	// IP4: Src=192.168.2.2 Dst=192.168.2.3 NextHdr=UDP Flags=DF
+
+	// Point-to-point. This is the real IP: the underlay network.
+	// IP4: Src=192.168.2.2 Dst=192.168.2.1 NextHdr=UDP Flags=DF
 	ip := &layers.IPv4{
 		Version:  4,
 		IHL:      5,
 		TTL:      64,
 		SrcIP:    net.IP{192, 168, 2, 2},
-		DstIP:    net.IP{192, 168, 3, 3},
+		DstIP:    net.IP{192, 168, 2, 1},
 		Protocol: layers.IPProtocolUDP,
 		Flags:    layers.IPv4DontFragment,
 	}
@@ -63,14 +64,7 @@ func BrTransit(payload string, mac hash.Hash) (string, string, []byte) {
 	}
 	_ = udp.SetNetworkLayerForChecksum(ip)
 
-	// pkt0.ParsePacket(`
-	// 	SCION: NextHdr=UDP CurrInfoF=0 CurrHopF=1 SrcType=IPv4 DstType=IPv4
-	// 		ADDR: SrcIA=1-ff00:0:2 Src=192.168.2.2 DstIA=1-ff00:0:3 Dst=192.168.3.3
-	// 		IF_2: ISD=1 Hops=2 Flags=non-ConsDir
-	// 			HF_1: ConsIngress=0 ConsEgress=0
-	// 			HF_0: ConsIngress=131 ConsEgress=141
-	// 	UDP_1: Src=40111 Dst=40222
-	// `)
+	// Fully correct path.
 	sp := &scion.Decoded{
 		Base: scion.Base{
 			PathMeta: scion.MetaHdr{
@@ -86,17 +80,33 @@ func BrTransit(payload string, mac hash.Hash) (string, string, []byte) {
 				Timestamp: util.TimeToSecs(time.Now()),
 				ConsDir:   false,
 			},
+			{
+				SegID:     0x222,
+				Timestamp: util.TimeToSecs(time.Now()),
+				ConsDir:   true,
+			},
 		},
 		HopFields: []path.HopField{
-			{ConsIngress: 0, ConsEgress: 2},  // Processed here (non-consdir)
 			{ConsIngress: 22, ConsEgress: 0}, // From there (non-consdir)
+			{ConsIngress: 0, ConsEgress: 2},  // <- Processed here (non-consdir)
 			{ConsIngress: 0, ConsEgress: 3},  // Down via this
 			{ConsIngress: 33, ConsEgress: 0}, // To there
 		},
 	}
+
+	// Calculate MACs...
+	// Seg0: Hops are in non-consdir.
 	sp.HopFields[1].Mac = path.MAC(mac, sp.InfoFields[0], sp.HopFields[1], nil)
 	sp.InfoFields[0].UpdateSegID(sp.HopFields[1].Mac)
+	sp.HopFields[0].Mac = path.MAC(mac, sp.InfoFields[0], sp.HopFields[0], nil)
+
+	// Seg1: in the natural order.
+	sp.HopFields[2].Mac = path.MAC(mac, sp.InfoFields[1], sp.HopFields[2], nil)
+	sp.InfoFields[1].UpdateSegID(sp.HopFields[2].Mac) // tmp
+	sp.HopFields[3].Mac = path.MAC(mac, sp.InfoFields[1], sp.HopFields[2], nil)
+	sp.InfoFields[1].SegID = 0x222 // Restore to initial.
 
+	// End-to-end. Src is the originator and Dst is the final destination.
 	scionL := &slayers.SCION{
 		Version:      0,
 		TrafficClass: 0xb8,
@@ -107,10 +117,13 @@ func BrTransit(payload string, mac hash.Hash) (string, string, []byte) {
 		DstIA:        xtest.MustParseIA("1-ff00:0:3"),
 		Path:         sp,
 	}
+
+	// These aren't necessarily IP addresses. They're host addresses within the
+	// src and dst ASes.
 	if err := scionL.SetSrcAddr(addr.MustParseHost("192.168.2.2")); err != nil {
 		panic(err)
 	}
-	if err := scionL.SetDstAddr(addr.MustParseHost("182.168.3.3")); err != nil {
+	if err := scionL.SetDstAddr(addr.MustParseHost("192.168.3.3")); err != nil {
 		panic(err)
 	}
 
diff --git a/tools/brload/main.go b/tools/brload/main.go
index 4b55aac17b..3a69dcb023 100644
--- a/tools/brload/main.go
+++ b/tools/brload/main.go
@@ -23,6 +23,7 @@ import (
 	"path/filepath"
 	"reflect"
 	"strings"
+	"time"
 
 	"github.com/google/gopacket"
 	"github.com/google/gopacket/layers"
@@ -43,7 +44,7 @@ var (
 	}
 	logConsole = flag.String("log.console", "debug", "Console logging level: debug|info|error")
 	dir        = flag.String("artifacts", "", "Artifacts directory")
-	numPackets = flag.Int("num_packets", 1000, "Number of packets to send")
+	numPackets = flag.Int("num_packets", 10, "Number of packets to send")
 	caseToRun  = flag.String("case", "",
 		fmt.Sprintf("Which traffic case to evaluate %v",
 			reflect.ValueOf(allCases).MapKeys()))
@@ -135,19 +136,18 @@ func realMain() int {
 		return 1
 	}
 
-	// Try and pick-up one packet and return the payload. If that works, we're content
+	// Try and pick-up one packet and check the payload. If that works, we're content
 	// that this test works.
 	packetSource := gopacket.NewPacketSource(readPktFrom, layers.LinkTypeEthernet)
 	packetChan := packetSource.Packets()
-	listenerChan := make(chan bool)
+	listenerChan := make(chan int)
 
 	go func() {
 		defer log.HandlePanic()
-
-		gotOne := false
+		numRcv := 0
 
 		defer func() {
-			listenerChan <- gotOne
+			listenerChan <- numRcv
 			close(listenerChan)
 		}()
 
@@ -155,43 +155,51 @@ func realMain() int {
 			got, ok := <-packetChan
 			if !ok {
 				// No more packets
+				log.Info("No more Packets")
 				return
 			}
 			if err := got.ErrorLayer(); err != nil {
 				log.Error("error decoding packet", "err", err)
+				continue
 			}
 			layer := got.Layer(gopacket.LayerTypePayload)
 			if layer == nil {
 				log.Error("error fetching packet payload: no PayLoad")
+				continue
 			}
-			payload, ok := layer.(gopacket.Payload)
-			if !ok {
-				log.Error("error fetching packet payload: not a PayLoad!")
-			}
-			if payload.GoString() == payloadString {
-				gotOne = true
+			if string(layer.LayerContents()) == payloadString {
+				// return // One is all we need. But continue and count for now.
+				numRcv++
 			}
-			return // One is all we need.
 		}
 	}()
 
+	// We started everything that could be started. So the best window for perf mertics
+	// opens somewhere around now.
+	metricsBegin := time.Now().Unix()
 	for i := 0; i < *numPackets; i++ {
 		if err := writePktTo.WritePacketData(rawPkt); err != nil {
 			log.Error("writing input packet", "case", *caseToRun, "error", err)
 			return 1
 		}
 	}
+	metricsEnd := time.Now().Unix()
+	// The test harness looks for this output.
+	fmt.Printf("metricsBegin: %d metricsEnd: %d\n", metricsBegin, metricsEnd)
+
+	time.Sleep(time.Second * time.Duration(2))
 
-	// If our listener is still stuck there, unstick it. Closing the devices doesn't cause the
+	// If our listener is still stuck there, unstick it. Closing the device doesn't cause the
 	// packet channel to close (presumably a bug). Close the channel ourselves.
 	close(packetChan)
 
-	outcome, ok := <-listenerChan
-	if !ok || !outcome {
-		log.Error("Never saw a valid packet being forwarded")
+	outcome := <-listenerChan
+	if outcome == 0 {
+		log.Error("Listener never saw a valid packet being forwarded")
 		return 1
 	}
 
+	fmt.Printf("Listener results: %d\n", outcome)
 	return 0
 }
 

From 15765c0da23898b17a3b47dfe8508c6e58bba18e Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Fri, 17 Nov 2023 19:10:07 +0100
Subject: [PATCH 05/40] router: Enlarge the test to get more stable
 measurements.

---
 acceptance/router_newbenchmark/test.py | 2 +-
 tools/brload/main.go                   | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
index 3be64d249f..5028a8009b 100644
--- a/acceptance/router_newbenchmark/test.py
+++ b/acceptance/router_newbenchmark/test.py
@@ -172,7 +172,7 @@ def _run(self):
         logger.info("==> Starting load br-transit")
         brload = self.get_executable("brload")
         output = exec_sudo(f"{brload.executable} -artifacts {self.artifacts} "
-                           "-case br_transit -num_packets 5000000")
+                           "-case br_transit -num_packets 10000000")
         for line in output.splitlines():
             print(line)
             if line.startswith('metricsBegin'):
diff --git a/tools/brload/main.go b/tools/brload/main.go
index 3a69dcb023..647d87ae10 100644
--- a/tools/brload/main.go
+++ b/tools/brload/main.go
@@ -187,7 +187,8 @@ func realMain() int {
 	// The test harness looks for this output.
 	fmt.Printf("metricsBegin: %d metricsEnd: %d\n", metricsBegin, metricsEnd)
 
-	time.Sleep(time.Second * time.Duration(2))
+	// In short tests (<1M packets), we finish sending before the first packets arrive.
+	time.Sleep(time.Second * time.Duration(1))
 
 	// If our listener is still stuck there, unstick it. Closing the device doesn't cause the
 	// packet channel to close (presumably a bug). Close the channel ourselves.

From 2a67ef0169ef03abf2e3e5ef941bc959af7de79a Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Mon, 20 Nov 2023 18:57:40 +0100
Subject: [PATCH 06/40] router: newbenchmark improvements

Mainly:
* Get rid of the "pause" container. Use the prometheus container for the same
purpose.
* Add multi paralle streams and core-count support.
* Slight cleanup of the addressing/numbering scheme and the begining
  of using it to simplify test cases.
---
 acceptance/router_newbenchmark/test.py | 74 +++++++++++++-----------
 tools/brload/cases.go                  | 80 +++++++++++++++++++++-----
 tools/brload/main.go                   |  7 ++-
 3 files changed, 111 insertions(+), 50 deletions(-)

diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
index 5028a8009b..764a21c189 100644
--- a/acceptance/router_newbenchmark/test.py
+++ b/acceptance/router_newbenchmark/test.py
@@ -18,7 +18,7 @@
 import shutil
 import time
 
-from typing import List
+from typing import List, Tuple
 from plumbum import cli
 from plumbum.cmd import sudo,docker,whoami
 
@@ -51,8 +51,8 @@ def exec_sudo(command: str) -> str:
     # interactive password input.
     return sudo("-A", str.split(command))
 
-
-def create_veth(host: str, container: str, ip: str, mac: str, ns: str, neighbors: List[str]):
+def create_veth(host: str, container: str, ip: str, mac: str, ns: str,
+                neighbors: List[Tuple[str, str]]):
     exec_sudo(f"ip link add {host} mtu 8000 type veth peer name {container} mtu 8000")
     exec_sudo(f"sysctl -qw net.ipv6.conf.{host}.disable_ipv6=1")
     exec_sudo(f"ip link set {host} up")
@@ -62,8 +62,8 @@ def create_veth(host: str, container: str, ip: str, mac: str, ns: str, neighbors
     exec_sudo(f"ip netns exec {ns} ip link set {container} address {mac}")
     exec_sudo(f"ip netns exec {ns} ip addr add {ip} dev {container}")
     for n in neighbors:
-        exec_sudo(f"ip netns exec {ns} ip neigh add {n} "
-             f"lladdr f0:0d:ca:fe:be:ef nud permanent dev {container}")
+        exec_sudo(f"ip netns exec {ns} ip neigh add {n[0]} "
+             f"lladdr {n[1]} nud permanent dev {container}")
     exec_sudo(f"ip netns exec {ns} ip link set {container} up")
 
 
@@ -85,7 +85,7 @@ class RouterBMTest(base.TestBase):
     The topology (./conf/topology.json) is the following:
 
     AS2 (br2) ---+== (br1a) AS1 (br1b) ---- (br4) AS4
-                |
+                 |
     AS3 (br3) ---+
 
     Only br1 is executed and observed.
@@ -119,41 +119,49 @@ def setup_prepare(self):
 
         exec_docker("network create -d bridge benchmark")
 
-        pause_image = exec_docker(f"image load -q -i {self.pause_tar}").rsplit(' ', 1)[1]
-        exec_docker(f"run -d --network=benchmark --publish 9999:9090 --name pause {pause_image}")
-        ns = exec_docker("inspect pause -f '{{.NetworkSettings.SandboxKey}}'").replace("'", "")
+        # This test is useless without prometheus. Also, we need a running container to have
+        # a usable network namespace that we can configuer before the router runs. So, start
+        # prometheus now and then have the router share the same network stack.
 
-        # WTF do we need to alias the namespace to "pause" while creating the veths?
-        exec_sudo(f"ln -sfT {ns} /var/run/netns/pause")
-        self.create_veths("pause")
-        exec_sudo("rm /var/run/netns/pause")
+        # FWIW, the alternative would be to start the router's container without the router,
+        # configure the interfaces, and then start the router. We'd still need prometheus, though,
+        # and we'd need to expose the router's metrics port to prometheus in some way. So, this is
+        # simpler.
+        exec_docker(f"run -v {self.artifacts}/conf:/share/conf "
+                    "-d "
+                    "--network benchmark "
+                    "--publish 9999:9090 "
+                    "--name prometheus "
+                    "prom/prometheus:v2.47.2 "
+                    "--config.file /share/conf/prometheus.yml")
 
-    def setup_start(self):
-        super().setup_start()
+        ns = exec_docker("inspect prometheus -f '{{.NetworkSettings.SandboxKey}}'").replace("'", "")
+
+        # Link that namespace to where the ip commands expect it. While at it give it a simple name.
+        # Then create all the interfaces that the router will see... the test will be using the
+        # other end of the pairs to feed it with (and possibly capture) traffic.
+        exec_sudo(f"ln -sfT {ns} /var/run/netns/benchmark")
+        self.create_veths("benchmark")
+        exec_sudo("rm /var/run/netns/benchmark")
 
-        envs = ["SCION_EXPERIMENTAL_BFD_DISABLE=true"]
+        # Then the router.
         exec_docker(f"run -v {self.artifacts}/conf:/share/conf "
                     "-d "
-                    f"-e {' '.join(envs)} "
-                    "--network container:pause "
+                    "-e SCION_EXPERIMENTAL_BFD_DISABLE=true -e GOMAXPROCS=6 "
+                    "--network container:prometheus "
                     "--name router "
                     "bazel/acceptance/router_newbenchmark:router")
 
-        exec_docker(f"run -v {self.artifacts}/conf:/share/conf "
-                    "-d "
-                    "--network container:pause "
-                    "--name prometheus "
-                    "prom/prometheus:v2.47.2 "
-                    "--config.file /share/conf/prometheus.yml")
-
         time.sleep(2)
 
+    def setup_start(self):
+        super().setup_start()
+
     def teardown(self):
         docker["logs", "router"].run_fg(retcode=None)
         exec_docker("rm -f prometheus")
         exec_docker("rm -f router")
-        exec_docker("rm -f pause")  # veths are deleted automatically
-        exec_docker("network rm benchmark")
+        exec_docker("network rm benchmark") # veths are deleted automatically
         exec_sudo(f"chown -R {whoami()} {self.artifacts}")
 
     # Wire virtual interfaces around the one router that we run.
@@ -162,17 +170,17 @@ def create_veths(self, ns: str):
         # from router will match the expected value.
         exec_sudo(f"ip netns exec {ns} sysctl -w net.ipv4.ip_default_ttl=64")
         create_veth("veth_int_host", "veth_int", "192.168.0.1/24", "f0:0d:ca:fe:00:01", ns,
-                    ["192.168.0.2"])
-        create_veth("veth_2_host", "veth_2", "192.168.2.1/24", "f0:0d:ca:fe:00:02", ns,
-                    ["192.168.2.2"])
-        create_veth("veth_3_host", "veth_3", "192.168.3.1/24", "f0:0d:ca:fe:00:03", ns,
-                    ["192.168.3.3"])
+                    [("192.168.0.2", "f0:0d:ca:fe:00:02")])
+        create_veth("veth_2_host", "veth_2", "192.168.2.1/24", "f0:0d:ca:fe:02:01", ns,
+                    [("192.168.2.2", "f0:0d:ca:fe:02:02")])
+        create_veth("veth_3_host", "veth_3", "192.168.3.1/24", "f0:0d:ca:fe:03:01", ns,
+                    [("192.168.3.3", "f0:0d:ca:fe:03:03")])
 
     def _run(self):
         logger.info("==> Starting load br-transit")
         brload = self.get_executable("brload")
         output = exec_sudo(f"{brload.executable} -artifacts {self.artifacts} "
-                           "-case br_transit -num_packets 10000000")
+                           "-case br_transit -num_packets 10000000 -num_streams 2")
         for line in output.splitlines():
             print(line)
             if line.startswith('metricsBegin'):
diff --git a/tools/brload/cases.go b/tools/brload/cases.go
index 9762dd0113..707a5e3280 100644
--- a/tools/brload/cases.go
+++ b/tools/brload/cases.go
@@ -30,9 +30,55 @@ import (
 	"github.com/scionproto/scion/pkg/slayers/path/scion"
 )
 
-// BrTransit generates one packet of transit traffic over the same BR host.
-// The outcome is a packet and which interface to send it to.
-func BrTransit(payload string, mac hash.Hash) (string, string, []byte) {
+// Topology (see accept/router_newbenchmark/conf/topology.json)
+//    AS2 (br2) ---+== (br1a) AS1 (br1b) ---- (br4) AS4
+//                 |
+//    AS3 (br3) ---+
+//
+// We're only executing and monitoring br1a. All the others are a fiction (except for the knowledge
+// about them configured in br1a) from which we construct packets that get injected at one of the
+// br1a interfaces.
+//
+// In the tests cases, the various addresses used to construct packets are:
+// originIA: the ISD/AS number of the AS of the initial sender.
+// originIP: the underlay address (and so SCION host) of the initial sender.
+// srcIP: the IP address of the router interface sending to br1a.
+// srcMac: the ethernet address of the router interface sending to br1a.
+// dstIP: the IP address of the br1a interface that should receives the packet.
+// dstMac: the ethernet address of the br1a interface that should receive the packet.
+// targetIA: the ISD/AS number of the AS of the final recipient.
+// targetIP: the underlay address (and so SCION host) of the final recipient.
+//
+// To further simplify the explicit configuration that we need, the topology follows a convention
+// to assign addresses, so that an address can be inferred from a single node and interface number.
+// ISD/AS: <1 or 2>-ff00:0:<AS index>
+// interface number: <remote AS index>
+// public IP address: 192.168.<AS_1's interface number>.<local AS index>
+// internal IP address: 192.168.0.<router index>
+// MAC Address: 0xf0, 0x0d, 0xfe, 0xbe, <last two bytes of IP>
+// Internal port: 30042
+// External port: 50000
+// As a result, children ASes (like AS2) have addresses ending in N.N and interface N where N is
+// the AS number. For br1a/b, interfaces are numbered after the child on the other side, the
+// public IPS are <childAS>.1 and the internal IP ends in 0.1 or 0.2. The MAC addresses follow.
+
+// TODO: add functions that produce the right numbers from an intuitive descriptor.
+
+// oneBrTransit generates one packet of transit traffic over the same BR host.
+// The outcome is a raw packet.
+func oneBrTransit(payload string, mac hash.Hash, flowId uint32) []byte {
+
+	var (
+		originIA = xtest.MustParseIA("1-ff00:0:2")
+		originIP = "192.168.2.2"
+		srcIP    = net.IP{192, 168, 2, 2}
+		srcMAC   = net.HardwareAddr{0xf0, 0x0d, 0xca, 0xfe, 0x02, 0x02}
+		dstIP    = net.IP{192, 168, 2, 1}
+		dstMAC   = net.HardwareAddr{0xf0, 0x0d, 0xca, 0xfe, 0x02, 0x01}
+		targetIP = "192.168.3.3"
+		targetIA = xtest.MustParseIA("1-ff00:0:3")
+	)
+
 	options := gopacket.SerializeOptions{
 		FixLengths:       true,
 		ComputeChecksums: true,
@@ -41,19 +87,18 @@ func BrTransit(payload string, mac hash.Hash) (string, string, []byte) {
 	// Point-to-point. Src might not mater. Dst probably must match what test.py configured
 	// for interface 2 of the router.
 	ethernet := &layers.Ethernet{
-		SrcMAC:       net.HardwareAddr{0xf0, 0x0d, 0xca, 0xfe, 0xbe, 0xef},
-		DstMAC:       net.HardwareAddr{0xf0, 0x0d, 0xca, 0xfe, 0x00, 0x02},
+		SrcMAC:       srcMAC,
+		DstMAC:       dstMAC,
 		EthernetType: layers.EthernetTypeIPv4,
 	}
 
 	// Point-to-point. This is the real IP: the underlay network.
-	// IP4: Src=192.168.2.2 Dst=192.168.2.1 NextHdr=UDP Flags=DF
 	ip := &layers.IPv4{
 		Version:  4,
 		IHL:      5,
 		TTL:      64,
-		SrcIP:    net.IP{192, 168, 2, 2},
-		DstIP:    net.IP{192, 168, 2, 1},
+		SrcIP:    srcIP,
+		DstIP:    dstIP,
 		Protocol: layers.IPProtocolUDP,
 		Flags:    layers.IPv4DontFragment,
 	}
@@ -110,20 +155,20 @@ func BrTransit(payload string, mac hash.Hash) (string, string, []byte) {
 	scionL := &slayers.SCION{
 		Version:      0,
 		TrafficClass: 0xb8,
-		FlowID:       0xdead,
+		FlowID:       flowId,
 		NextHdr:      slayers.L4UDP,
 		PathType:     scion.PathType,
-		SrcIA:        xtest.MustParseIA("1-ff00:0:2"),
-		DstIA:        xtest.MustParseIA("1-ff00:0:3"),
+		SrcIA:        originIA,
+		DstIA:        targetIA,
 		Path:         sp,
 	}
 
 	// These aren't necessarily IP addresses. They're host addresses within the
 	// src and dst ASes.
-	if err := scionL.SetSrcAddr(addr.MustParseHost("192.168.2.2")); err != nil {
+	if err := scionL.SetSrcAddr(addr.MustParseHost(originIP)); err != nil {
 		panic(err)
 	}
-	if err := scionL.SetDstAddr(addr.MustParseHost("192.168.3.3")); err != nil {
+	if err := scionL.SetDstAddr(addr.MustParseHost(targetIP)); err != nil {
 		panic(err)
 	}
 
@@ -141,6 +186,13 @@ func BrTransit(payload string, mac hash.Hash) (string, string, []byte) {
 	); err != nil {
 		panic(err)
 	}
+	return input.Bytes()
+}
 
-	return "veth_2_host", "veth_3_host", input.Bytes()
+func BrTransit(payload string, mac hash.Hash, numDistinct int) (string, string, [][]byte) {
+	packets := make([][]byte, numDistinct, numDistinct)
+	for i := 0; i < numDistinct; i++ {
+		packets[i] = oneBrTransit(payload, mac, uint32(i+1))
+	}
+	return "veth_2_host", "veth_3_host", packets
 }
diff --git a/tools/brload/main.go b/tools/brload/main.go
index 647d87ae10..157b10a639 100644
--- a/tools/brload/main.go
+++ b/tools/brload/main.go
@@ -36,7 +36,7 @@ import (
 	"github.com/scionproto/scion/private/keyconf"
 )
 
-type Case func(payload string, mac hash.Hash) (string, string, []byte)
+type Case func(payload string, mac hash.Hash, numDistinct int) (string, string, [][]byte)
 
 var (
 	allCases = map[string]Case{
@@ -45,6 +45,7 @@ var (
 	logConsole = flag.String("log.console", "debug", "Console logging level: debug|info|error")
 	dir        = flag.String("artifacts", "", "Artifacts directory")
 	numPackets = flag.Int("num_packets", 10, "Number of packets to send")
+	numStreams = flag.Int("num_streams", 4, "Number of independent streams (flow IDs) to use")
 	caseToRun  = flag.String("case", "",
 		fmt.Sprintf("Which traffic case to evaluate %v",
 			reflect.ValueOf(allCases).MapKeys()))
@@ -122,7 +123,7 @@ func realMain() int {
 	log.Info("BRLoad acceptance tests:")
 
 	payloadString := "actualpayloadbytes"
-	caseDevIn, caseDevOut, rawPkt := caseFunc(payloadString, hfMAC)
+	caseDevIn, caseDevOut, rawPkts := caseFunc(payloadString, hfMAC, *numStreams)
 
 	writePktTo, ok := handles[caseDevIn]
 	if !ok {
@@ -178,7 +179,7 @@ func realMain() int {
 	// opens somewhere around now.
 	metricsBegin := time.Now().Unix()
 	for i := 0; i < *numPackets; i++ {
-		if err := writePktTo.WritePacketData(rawPkt); err != nil {
+		if err := writePktTo.WritePacketData(rawPkts[i%*numStreams]); err != nil {
 			log.Error("writing input packet", "case", *caseToRun, "error", err)
 			return 1
 		}

From a1a379c6a3e412d0db3e3ceb4f6fb36c2855c29a Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Tue, 21 Nov 2023 10:28:30 +0100
Subject: [PATCH 07/40] router: move br_load into new_benchmark.

brload no-longer makes sense as a stand-alone tool; it is tightly bound to the
associated test topology, so move it in with router_newbenchmark which is in
charge of bringing up that topology. That way, at least, all the inter-dependent
pieces are in the same location.
---
 BUILD.bazel                                   |   1 -
 acceptance/router_newbenchmark/BUILD.bazel    |  47 ++++++++++++++++--
 .../router_newbenchmark}/cases.go             |   0
 .../router_newbenchmark}/main.go              |   0
 acceptance/router_newbenchmark/pause.tar      | Bin 258560 -> 0 bytes
 tools/brload/BUILD.bazel                      |  33 ------------
 6 files changed, 42 insertions(+), 39 deletions(-)
 rename {tools/brload => acceptance/router_newbenchmark}/cases.go (100%)
 rename {tools/brload => acceptance/router_newbenchmark}/main.go (100%)
 delete mode 100644 acceptance/router_newbenchmark/pause.tar
 delete mode 100644 tools/brload/BUILD.bazel

diff --git a/BUILD.bazel b/BUILD.bazel
index 106951d6ac..c43159ca4e 100644
--- a/BUILD.bazel
+++ b/BUILD.bazel
@@ -195,7 +195,6 @@ pkg_tar(
         "//acceptance/cmd/sig_ping_acceptance",
         "//pkg/private/xtest/graphupdater",
         "//tools/braccept",
-        "//tools/brload",
         "//tools/buildkite/cmd/buildkite_artifacts",
         "//tools/end2end",
         "//tools/end2end_integration",
diff --git a/acceptance/router_newbenchmark/BUILD.bazel b/acceptance/router_newbenchmark/BUILD.bazel
index 07604a90e6..b35b9478f2 100644
--- a/acceptance/router_newbenchmark/BUILD.bazel
+++ b/acceptance/router_newbenchmark/BUILD.bazel
@@ -1,5 +1,39 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_binary")
 load("@io_bazel_rules_docker//container:container.bzl", "container_image")
 load("//acceptance/common:raw.bzl", "raw_test")
+load("//tools/lint:go.bzl", "go_library")
+load("//:scion.bzl", "scion_go_binary")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "cases.go",
+        "main.go",
+    ],
+    importpath = "github.com/scionproto/scion/acceptance/router_newbenchmark",
+    visibility = ["//visibility:private"],
+    deps = [
+        "//pkg/addr:go_default_library",
+        "//pkg/log:go_default_library",
+        "//pkg/private/serrors:go_default_library",
+        "//pkg/private/util:go_default_library",
+        "//pkg/private/xtest:go_default_library",
+        "//pkg/scrypto:go_default_library",
+        "//pkg/slayers:go_default_library",
+        "//pkg/slayers/path:go_default_library",
+        "//pkg/slayers/path/scion:go_default_library",
+        "//private/keyconf:go_default_library",
+        "@com_github_google_gopacket//:go_default_library",
+        "@com_github_google_gopacket//afpacket:go_default_library",
+        "@com_github_google_gopacket//layers:go_default_library",
+    ],
+)
+
+scion_go_binary(
+    name = "brload",
+    embed = [":go_default_library"],
+    visibility = ["//visibility:public"],
+)
 
 exports_files([
     "conf",
@@ -9,18 +43,15 @@ exports_files([
 
 args = [
     "--executable",
-    "brload:$(location //tools/brload)",
+    "brload:$(location //acceptance/router_newbenchmark:brload)",
     "--container-loader",
     "posix-router:latest#$(location //acceptance/router_newbenchmark:router)",
-    "--pause_tar",
-    "$(location //acceptance/router_newbenchmark:pause.tar)",
 ]
 
 data = [
-    "pause.tar",
     ":conf",
     ":router",
-    "//tools/brload",
+    ":brload",
 ]
 
 raw_test(
@@ -37,3 +68,9 @@ container_image(
     name = "router",
     base = "//docker:posix_router",
 )
+
+go_binary(
+    name = "router_newbenchmark",
+    embed = [":go_default_library"],
+    visibility = ["//visibility:public"],
+)
diff --git a/tools/brload/cases.go b/acceptance/router_newbenchmark/cases.go
similarity index 100%
rename from tools/brload/cases.go
rename to acceptance/router_newbenchmark/cases.go
diff --git a/tools/brload/main.go b/acceptance/router_newbenchmark/main.go
similarity index 100%
rename from tools/brload/main.go
rename to acceptance/router_newbenchmark/main.go
diff --git a/acceptance/router_newbenchmark/pause.tar b/acceptance/router_newbenchmark/pause.tar
deleted file mode 100644
index da03eed189f8c5fa9423f1be5876f2ea05f3e08c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 258560
zcmeFa3w%`7wLd-sK?V%WRI!c~+mTK*sfd#YWFpc|Am|AMi4|?EdJBY5P#!UvAhn=@
z36;}Bl(tr_S9@uD@2$2{X{$K+xJ?L<U`q>HTdc)K?Bh%W73~Am>ioaowfC7<0@z~x
z-_P$dO6HvXTzkFu+UuMt4$m)}6DqC<m)Dn7%xMUfhvzlSof|HhUmR+fS6ni0La3yn
zAv~v~z9Li>E-NXYQ!;mcMQGlfveF6j%IZriE^;0J6AG1u%Eym)h14hao29PelF|t!
zWyNKo;*cv;Qe0kA?h1@Q{?I4hqNO=HrwJf6EnONt)@aA8&t2TH#`<4WSA3%Mzk2E?
zudJSV`LUJ+nuaEnmF3dixd-M-bLd}EK4H8o5IWYN?^WIZb^4EcU$FdMQS0P5?=c2W
zSpIKlUb^HsFda|+CzMRcm4DcRlk$HYw7w_RpC7Yu-k6KWoG2TN89S!FsbNmEK?bWR
z4_z24#{aWI#TSP{`2PaAV5_A|qH`85X=wTkuI4ZN?3jx`KgL+v99=SJaRcB$i>jrI
z(I9<)RdYj=s;P`d=hQE_GCFVJk}((0pR=gBVeFVx+0vG1|H6hQbk!|qML(Cip4r&2
zBzqjWo4KSOK<M^Umn<7|@sgHBi^h(bvKY%!m(`2sd{zT`_0mNxiyNAqnolilx^dx>
z&sHte&`w<vZTei}(uGR^m+Cun$>f%Wi&8_?%$eJ;NOxa3cFa;-j#;#DNz3vvE8i2+
zzN<k_l<*fVn)A7arg8M4j`}%{{Fn6i|4PS~g-*)<Q4xBw;v@!6V&EhO-UAGjgv*MH
zOXq~=l#U-izqo#GXx`kiin$dH730Hm%jb*_my|ZlnKy6loQAS+eQ{YueM2Z*Qrs}V
zp?q%n+<Eo$=Dlb8fA0Lt$4>}ND8~N31a~L*|L*~Lk2}N()BnBN|7X#^w5$~IpZ8^F
zdUF4NTpl^u;Qw6=oUr_#`2N47v;^_LZ22!KFF7gy?+4fE{r`!w0ru^UbDA2s*B#Rk
zDhZ7*ErTsDpIaZEFbB>B!oQ_+!xO^u>l=#4SCoZA731g6uc)XfpNopp3GhM2*O!kk
z2^E)=j4#QGC7`VA!ch5z#TBzc<rjxaE-oz@S2CfzJcMy3d^$6rfSKz{=GK>l=az-%
zj;|j-zN~b9>G*I(Jx(y-(3H=g6Rrr)DK9OppBEk<s-Ig{Utc;tG_Rs`eChlNa~dk<
z*3ZivZs7PtLq%zEX<5nq@cf2)wEkZetGITIF>}V$Nf!aG+R9nRq>Eabn=V?kw0_Q_
zi<;*yTyk;7ed;z{Aw}vImt(HiQIBiKT!h<;nipWy3%TTv7A{%ZSQMCg`K(V~Q#-Tz
z@>zjvFKV3A(%f)8`#9l|hLW<fh6$zNhLQ;l<>hn2b3<XA8BHje3m3DZBwSqFFmJ-V
z(s?D}^0Jcf1aQC{u*UrI^5XJ_c@<^l<1x`c5MBY00s<jO1zE1eO-_hq-qQLT5qVnH
z(A2zeDPl-tipPb<g)rBEv8exZw9bxj{qH2<oTmB(3!@G7(UvBL;pQx!H=zs!{QoC-
z_I@bnfAJhAs`%es{I4WbUS95;_vL=`<TTs<mzEcoPH+WE#*Mq^Uml<QKkomZsIh*}
z_W#-E|FHTe_y7N5(U;**nEvn8{y&TUa3D|m|L+I+UGRY3mw8T3^1l-UCoKObzW)zl
z50G>IUtEqfu#@q>_km^f{{KYT04{iH|9_$`8~0-;a|zz3T!IrN{JZo2kCFdZUaI{6
zZ2Lc<^kn|u`yl-;m&8r}#WOMgqrChm`M>2QWu-{=(D}cm<0oLBSR5*S-|2s%I3O3}
zliJ*#=y>l_|J$b4Tsp|@PR%yR^>G*P8oyg9Wf5Idmu}*UxWcX>_<O4B6#VDHwF`IZ
z6VX@Bw_o>jzFj`mj>X67S37sGG<3c*`*BWJqpEi`PLX!bcW+qT&b~%ZtmnJpchPy$
zPgNiHuSd6NJtMEd^|9kNPc?A*r3(JZ3qsF-DVXykYNUMiHS{sPK6UG$N8h<z^y=AS
zkS+;yR?1bNQ}wg|BfEb<w{yOT#?1bnISS97ISTKd?C!4IbzhOw-#1tF_i4I1^Elr*
z!?~_K!T$5nUqR~3puPio{>JQLS!-s|P}~rv)EFr~QzeC&jd7j3{?l^$M|A&)=G*m}
zPn}@`&V~N=<C|kT^Y=bDMQVB<R3-789KnFprvIFS%gp{8&a0Bj4d>;_cgHu=ZFv>Q
zzCC$&5(6hOa1sM2F>n$CCo%B<Fb3usR(`>uWHM<?Jon}y_N05<E+clpXFvK~UTpJq
z<*YrY{Rp=AZq6&9f6;ox6&=xfWKfH{%l_^2E|>Sz9jd}@Keo~B(l>*$hRnLbTsh;<
zQ1C1_thQh)stwC$Scb=lz2R!{8ttPCW}iO=g{K?VbdO=x`Hk3Hu9lmP?z|w~95(3q
z1RAt23VIClRl|JA_%Hlt&I<YsvnCi|gTQFjpfICB`vO#57YrNbZw&KK>|@t|2`ja(
z3mS%be{ijUa$T^NH|u#5+qS$50E7vEcg;6g1R&_Wzbha@Lk0rEmjeWc@(ooj0Y_>*
z8r-@Ja35W-z+I3DZeupM#{sZ?fy@s~IY{9Ak#~hIwrnjQ2+|POlnLqZ<3kE8I-gwr
z_$t}-K&@d#F{m{wINPvlf(s0*D%farR|UBZ0wt<~;%@W8=akUHma2erQRrMmoC`xP
ziVqqUe~Ny<u*MnYqF~6dmUws(HdygTR(y>2;LIDO!Y>sGRur)!U|0*KqEISqRur-#
zVpt2L!XUHEeqpl9u31jH)qq_sPGuJH8+?cXaN)xRrddSxUFhdU02dg4Q4j+zEaXK5
z7l3gQIdx%}EW143v2(J^Fb5kZq$IYjHbdw#F1glR`P=su!Ec!GaVtr>Zn#j<6_BSm
z5VK(3>j0M$k?Vp1yZ8>pf`E*Yf(opMw2y5Ir>4!J=k;p7LeA$R&`vKbU*z$+pwBL>
zBp@=`3QntpI<~D4qvnkF_Ll{IgD3?ERph)H;xj*Jm{sgt74+EWUy1?2JP|evV<I2m
zEE6RIJuteU_JdsUSafj~Z2$Zfbct;<x&+cLqL)O2X7Sl!!iV924C)x~=Iermt#7%a
z=#OcwPY06E5qwY1kgG6c-*-7)N2gjj;AArZB*^vIFGV<V4M(oZ9Ql01%)`jn9A)J5
zF>>N^D0z%jw(6}%uS@o}RLex0jxy01N15n!S%M(#+5H&wjdz?u-@NI{!!4iSpuOKa
z%Ag&eAoNv$o+t?rB_j#A{i&BR)b}uyA~Iw-VzieP)QVD6Xr~IEjTzaZ)-Xq7wW3CV
zA3IE10HIJ<Su_f<J;>LXF^*yu`;4OuwXp(_1OW+nT|Q}kYOf0JH72@YByDP}RR<nK
z1H)Pu?2zxaU=P2s{$c#aw6jYGkdym^n^+CHf`*R<<8l)PExBH;+95EnDmx{tN;V}E
z4xsq0`-8jnaCIDRuO4nThiffU^DoF4Zn<G<LrMTel|QVkS(>#!_eCtP{r=#+94yCj
zk~zUM_J2)c9T$;}^7d|;eROm_Y5a+Qv5z_-b^wYhuONVsh%u>gq{|ikH(`U?-?&_M
zUoS?+G%UA2&XTjh9Vuo7*paLI;nhClDDb?!gYZC5sT=qq+jxxPo$(F#QD#LY>Z<Je
zz`*r6>lwlI(Es^HuK)8B?f<aCZT}T41^<UP+5S(?c-JfZfHxo@h6y%@$@0)<u|)Kz
z&%XBzb$hf1Mhs@oXW#U0ng#4>@1|ME{wSNpw)r!W1+a49-`MWZmpaQTRel-0Ci-Yo
zJVr&QcTJHSLz!hzhmOjm8ur_fwSr8g8oX_T*bJ-2IL$D6(*-FQ=t|s7@ykfh5-|ge
z^taoyM*6PCA4dvcB(R@=bR}-46k?>7+XfnCQ|2hq>l|1@7$NM8fSV~{jsV*9U(u4R
z5k|06Xvbi;@T0yVQVZcaO3m?Z`r&)TI>9%fpmn4_($_Mb+G3NRLXxQtS=w8mM8}u5
zWGvort||sYr3~EQw~|Rnj*M$vU|2WOa|m_i(%X{x1s#!pdj3ONwPns9dsEF%TVRbe
ztV=!A0fR_M=(a2$L|l3rMQ~BTeqs$kf{g@`;s24x3|7<ve7GGs@E@eEiyg?3H*woZ
z5$b85?SVogA^@HiNRMVH)j;IUW4}B+w^^WnGoSqgo23LP2cE?W9`Gf6hSYQpJmL?4
z`zaH&AofUsY!*n51p`l2=;Yn(hh=RUf;j@<t518x`>g1TdY}tcA#ASb6@iZ~i_#dx
z6?RY%MeP4%G5yBd;Ue<}(n=r){s+u~@Of?)9_%<Qq=SK+{)<)rob@~X`>+4FQ09#P
zHdRbNdf$=_pP%p@i{7iCUt7_~{u3A>yQOS9(N}W@TdrlxZT(v2@DN+BXUqHgwH$$B
z&XO@EZL{6jujK$^KFF4r_G?+&f6Ps6Ihrj~+}Tgx?4m-89mt`NgTH?CSt9culRxik
z6-XYEuS_nr?puo*>mmNlEH|wCh$q8(NWQYF9L5%m31btj;>ZYZ<IXRrdmiUIbkUC?
zIQKoMW|6M}XAvBxW+D2N1aTJL*-K@XV+v6Ye_sEEf%tP2xGK#6_HyWhY_8iqIJ1Gl
zMf=gmzML&HsM(L6Z&O){KPK#@)tfV)Xc^HrP@&W}U)M8-pk>Z>v<$76);@-@s*@8N
zL*y?UMC?rTpaLVP;8Vu_N*SsKOwG-}`5er%gTTNV?r<v;2^{9&XOe<9M_=<yGy^|%
zL)7gt^|j9~?$<0wc<Dy@?cx2Jd9tPx-5Ic7(KJd=I=X+eLi?$H%?23Fu)o@`Sylhh
zYV9R#b}agy)8^1u?{48g(JERWG7y_cb9G@C3<aVTnI*6tpgrOZnT6J;{nkQ%W(ha6
zXcow7Mt@#Rj36OpVqnr76H{nkA!`)QnMDVYaAg=Tveh*xzQM>E*}A6Ix}i1;fLP}&
z!`yAeI%aW8lIFMwQI_Vomqkd9!*MzMwrll3@(92)`OSt`k}Zz|(9~mhzMEz~`#v^H
z(KI8D00eog4_QT6d)^M0E6cV!1u23_0jzb}QUhjua@KcnmBSyze(_GyEP%Zf*2CCR
zMPlU*iewf<uF&XwWw6nCaFQ{s&oEg~9sg1NoloBQ>L*>*-bZZ11bsE#{W69)D!Ysu
z5Bd!^y3m>WciHCa5Jt#Ib~-byxLahOKxTYuprk!DD&(;O5EVabbng%VD_&n&Rb%cn
z%;(kk3F|DwJd(P#twQ+1=Yxmf04>1Aqpt-#e+>|XuqJLs7|E?h#p^4cs@yTi-Gx6c
zK~)ZZcC`*f|IMIphQ6@@Z#MnoT4!Wf>^S<^w{r0*+H#pW^DS2M73$Ho>U8Gor;kVK
zEz+^{F()>L$lomK5E#?a@fA&%e@q{5yiM=}g+e#mT0w&fkG=Jhf|r@F5cM18CD`Xh
z85)D?w<n1_VIN_byA10i#+Gyc`|2CMv82Ui6#v+Wz2jO|=G{D%JL(R@e8DL0G|V1j
zi^F4z6A#a$r{85Hw;Rcyvd_&wG0cwut059F2cPFC_`s{QZ({H(o&)V6O9AD}`T+{i
z3>5`F;jTg8{2lcsZUbv+i8405IpaTYtE?YfH4Dty-FfP!jo33)(TzUhj+W!^plAX9
z=0(rKUk~G5`9b@$KLtr*I9xHT;e7|K;nvQ+KX@M>WOyIPvOD`;^lrvAQPA1<GcrlW
zCujZ()%@x8fpZvh<S__hb)(cC+nz6Mg>|SRhCpPQ?}&NGTpxkQMj@p)a`lHS&bwJ5
z$Gdr0xTj@A99$>`p0)0-;*P$*WWY<r06Loe*qg4FJeYU@(c|4be65FLtMMM!<2^oX
ze#Nl|%o*>L`Q4aYMtpqueA5Gr0{NC2&Kh={!DRj{_=a*gHJ~*d!zuU-J)mI?GmbN4
z4t&_OrUnGD4Gx+0q4pE%1q^EjW;@-e*hBuD0dBk!T5C^qcyR~uN8Adc`(Dc&fQ*g)
zvWElBeMUF8$cUFshS-adIMpzRBVqxHPm}dP_5RuGa|@r~VwiVaPv#uA{6)?3D!VJP
z`d@e2<6_wSV|IWu31Q&o6)-{l?ZFg-VV&_coE=B1)%ZoOd|kI3LdBFk)oxlITC}`$
z%dZs#zm)lN#{&o)4`0Itl70iC25}~H55A{)*ra9OEibAOf6-4r9K6NR@AM1I9zf&9
zKYPCSQyuu;<sD~7ug1l8b#t&~(k&CMVb)Hv87Ky|1^txPVOh#5KWH2d29-RTN{!eL
zoZ)s^BG^yg@*wPO-)6yb`cIC0&rtATDhUPmU{P-T6Zr7G3+n@bxZ1Ao4z^r!%f;kV
z00<hqO8}wu)V|*S`>10Bm;>L&&pG%bK1^-=g>V1>7=;UMuNBiWaD!L}h|fm#{Y;}E
zC1<`#?`FREG3Ntsa6YkjS*l&;%aJF4jyyrGd~63jlPOn_FCXL!r{y{Dwl8<^L;ez`
zA(E_0fdVq_R?z&{5$zb{^uJ#9N7w6UUuW?Ui=4o4oHZHxVLQS)oPs9RI@_>LGhp9P
zL~_!~I;M^1leU-Eg8fDM2C|pCZWeeU!n7iUE(2QoH$6}Yv|ECzf$()){gbo4#cDoG
zC3|rwNJxz}4cL(*P>JFVGoDCG*dArL{_A`|GLT~cxKqqb0CVO$xa?T#Tl$fH>&xlC
zOZ7h*yt2u{B53aPD*Se$P^r;E!FopQjPT{~+dqoG3y%%YQSrC^ynhaV8(WTvzYiY|
zf9<OOKZL)t{)PBE7?t&S;;tryz`^Wx-w$OCj-Ae>zti6Dw14uL?GHA~_#qs3J&dy-
zv$Fs+9~48POupGu!0c>XORP53#RBB)vhr1&714oq$2a|VCE+TFteN6U-Lz)jY~W4n
zw^g$a-gM}j-pppMFQ8_(9?f+-1OBuSly6+XPlVrRzqA1Wtq2AKw|cM<3<dyfy!Sf_
zGlnJYxd~<adRQ^)(I;V{q>HzG0#2CiYgb^!W|uDdC=Z=y1%u|E&Nn|2+dtI3C-(Bt
zqCK524>sztb=zw^cf{;~%m$M(=1#<qINw@#-~V84d^oGeQhT%1J?xsJf}}p<K8Ich
zn*{$*nEJ3ETL%z%*+RF=+))FnY~t$h9mluXQE7G-AFQg_werJ8{Vt>P<-F?lJSf_T
z$Eg1)Jipt#$?d3JvEP6f!{Y>}m34`y_{EApul$fv|6{5$KaK>4<ND$}Z_7`TT@`;`
z@q3JbLT~KIq?RW*T6><?NUBj}q54k_{4*5%v$3gKPFHckj;i2A&@EH3BA}UzTD1cE
zE%aVCvb837(Yf5gN9g;ZQA9Tivr#zRXb>BPRU-~D7<Wcz?_h*bV8&>-F@bk;WCXS>
z%g&5H6w|Wt2}CthkZ}BTn<t$%XXmsbpxCrqGcaKF2yAOWcJBTUNAU++g6Ns?pE-Sh
z^GMG4PG3wkVBgc?e{uSLOZWYuEB20O*(C4gACtqnJ7jP2TrYNCF7LXTxO?63evE!p
z=j+~U@(R|@p5n50uxvMcsjc4CK{WAh?qc&bCea8~)#6(?5jjP?RM(hdt&va8YV>Xf
z>P-Wz!n`B!bHv=a){t$c+=h9JLo8hzGI!254WE7Iso+kqOCw#v$$oaMg&Tp5<YeeP
z&OJFK-?448yExr-!OswZSQvVRjOX?n=BOY5Bq?26xK!Xa9|b-Z*gyKX+x12CG0Yt#
zYb_4w`r)NwyEk?&^Z(EQ!eJZOU&C)hSVrz&2cwR3R^2U(<-*px@A1|ycjC)*w9s@<
z!Z5eS_PdQ?dx*)MuY2ouCccKsO#7S8pIE*W%Xac79#shu*8P$T;eC9HPqx8_|1;Qu
zB^cJ{3k`R-ck}f8q^vtlP{2Feur9-~WG|c@l8dzNKfsLv!@ZsPgEAgieYW>;cx&Fr
zg%N#RF9Zrl!S1a__f*VDyiXO3_H+I~KUH59T)>NJ;LChiG61VZcJ5Ni6tS&7fII?f
z&e~Z6K*OR(a8Z~lX2b!xa8MH{2E`pNLkLStA!J1lL24UL+lT?(TI*@9G|Z=h8vq1r
zYoS{%79^YpBpA@9D49ZW>oD9^L3~dc>D=f6nto(hGvR1G!x)^&t6v(iB+%GMojt`9
z>-Av3mL>f$it}@Kr?l{K%C?6Dh$}#e{qKlKU(B$LxlThzZw{gXPPNBH$nZ{uBDrCu
zd$#PraeBz8P{eAfOr_Tl#OY8=nu<`I6G6z9fI#7o9r3lC10Nh|V^fsin254;eu8Ya
z?Lk0?EG<>h_a~#fQl4Gv`>JFS0Qq$^fOUomOK4r{=v5DP%(0i<$TRh}-7}a-1{SqC
z1-r0a1mCXY?iv8KUNE3DX)K2<*{sbG>Wq()YlTqXAfZ6YMvr&RI`mI-W&SZl`oP7+
z;J`Cfn;p55s$r`!VZy*-!o4+UrdbR+IfKQ*4vQ70SgHo;LTYi)Qj^!_4HAUAh3t3B
zqG>vyw}6{rh;B%=_%~%-F9wqMKC8%-P?Tw=#N=tFEKFSXHk65VX+)4rS~%_ouOgHZ
z;vLn*d&HmIeKa(XvYL)+m@qqgIE>*8qse!yVG<!~MG$DgKSZGE6-OtKVQwFQKx>Id
z6Cr94NVE#IuqIF_i$EFr!jXBZ9~l4z3)bd+YykR%j!vII4t*A6(g$;==@UqN8wnvf
z^a-R8dqVVqx%sE*L!u@=`}b7BUXK4X0*;<KuZFhuZl2cPiin{rG)%CH#DJl>l08IA
z*f<wThe7M`8(g_;;42F$ywTB`JK0G#s+F<^pFM(2V;Kn&Iq)oAAn<@Bi<qx5RSkD~
z{G2xJV*UERscTfFptsPwc}70eU;R$+<5$saJ$qcU-!p+M$i1k!9YKPEKZB9icHt`4
zn@8wRY5lRM^_AbWPR@739Y9!+ivtR#;ol7~MJcBP5dt7@HutEFlGxt1ol47sqe#8a
zpc;52A2%(HmET85@$)#K`CBzjShvqG-^N!25qeK^>15caQ#khrDqG)hMG+&P>M|;-
zg3F^HGm<-u*mh5v*}B=KX;-}CyTnObu$A%=g9k)|m%d>RShn`=?(ndwFcVbza$Z4K
z<P~ruM18S{3TQ@twqr<YuYhJgx7(qIw~bz&;62CZKwI+-@P+sBsoG6>*|4sMIYjUU
zK}YS0L{CfC{{i)IEhH{oXLQ<Ovm>&02mIL`#M<D<X7`NZj%xFT>R6|*#{3z+BGvG^
zo5xlHWBy3^Pz!>$LlvsdujYoK8>pHp#=P3y$+k^DH>_(hIl{j`OzeQyRRhzT!c%`x
z5;XArv5O_+ljc`o@Q})P-P-_uT6I9#fpsb`6ozF3no|>#Mxuh+^*3e7s!Ul@TI~nf
zR*{1h8KzT`GvNKH(WV5*S}j++J7f5pQn!odH){+NV_4I{#^6p&3UkkI=+Ob_zD@xS
zL1!Ky`Lnb}G=ZFuXe^2j_)pP(sw8*Hw1)(4K!TwgUW`VC5WI5jR#0<m)!JFX%ixf4
zfu71AxaEFEF&xAiuwTjn#DyV{7sI!H-N<w$dAO-P#t?ipPxEvhtt~Lj6~X0Tm-4Fc
zZg1O81QmG0X@*ye19LZuj3m5h$M|kfOB;847^>+pH5Bvg(9^r-8W|=RX{=gzE~@(P
zq8zob?sq_ZYD0B1HbGPu9&hYBC?`BEE8iV;-6aE27fw2{1Hwjxu++rBK&^-ByH4c+
zK=+6PoZ;KlI*6m7LQb)eXmzz^fEnSO9LwXnrFdX4FmJ74Vk&swX}6~mV@8fU=6RW8
znp?GNB4ZiVRz!&orAX!w<Cq~sszurjazwHc6GO^WKZ7`cW^dC8=b{SPBHa)EC^xQ`
zt(9gQh}0xKW(s;&N)GG_*tA@hPdp5hJHXZtr!IBRCI%mCU)U{v-ZD?(Y+khIl~-d2
z30Oh9MGS9~A#rOYrb&HO@MbP4g_T@nWccZS<O(nd&<E>+G5i^r@+5axeGvl4T!Omv
zav(W8v0gyqfPP93wXO)>4EwedYfR0X7fj6*z0H|G5SP+z8MBFds#EA;iDB=jq=}>U
zKUOt17=s`W(F+V~&_L8;mlU-$S-{|Z&%r_LYo(XS#U@UJI>*Y@C#}CF-+shwsP2>r
z$I`J-vECAMgh}mhMYA+_+KOhVZSe;NR;biu8QK)-7b2ZtNhE(jL?ysMpK8|MlureM
z!?_qpgOVe(`s{%E6ty|Ha+BLQre1^=hhD6pGJ^yl>ZSBzN7dS@;AK(dn;cCGO2;Pn
z0L!2N-*L6vt6Yxus-S+jh6`~-Q@g9m!$|Rkx9vM10*L~8YYtQhkbXi+VMBnD%9Sw4
zd1wzTfbGr)+tq=dqEG@<QhA28*p=2V5>qPF8_~iYdF7DVQ`4=HUobXkcZWcAj+pKz
z!KXq>lKl{Cl|LmM6iR$D%|Yzuq4VeiYbawpxVQtZ*N3{*iL!G7hHvKhxa4HjiN<F7
z55j*duNVHqB0<g?{Hd+BAeGB~)z$)hH^NK{-=?&Acf`j6=!6WkhOq&c=+;`pUt{)2
z4JF6hc4oTftV+abX`kA-n`ZjOJZ4{98apyL`e9X<7abX|a6Ij%e|NbgjB9jN!j`C<
zF6{+8%3wmZIZPG@T&X6Q3uv7l$f^LEz&f;;I2v$qBv?n61IwByP;12A22|VF8~9II
z;lsbLv3NZ9$C~!hgQ{a)@c%}$Rt0Jf{~qeK#u|l^D@SzhA8b8qxN-P}#-m`>w<4Va
zesvAFdmOnWIK#ZgGsC>XS8W2f<^ninuOY5eZ5n~}8sKR=lUKVDPgFBiBko0q8*9D_
ztdEH7Io0L|)Ht>N>h4GYfGaW!Ci)A0MR)T82Mtk(YX4YW+HZEkd+?Mbj3h^)+HZzV
zN_O}CM_L)cc~;T8;=iFLaW>2f5ez)zTsw(qX2L^DBk27x3*Te(&V&Q@9%A_W5M^Na
zcL<WbEm$scs5LN_b0eO>^Euhb!OjC&P~F&cCEkIta=0(?8g7brCjOwlcHoON<R`~I
z?7K$f6NW}V9|=i?`vKbtuMh&ZZVmciOI+W<#Fx)gjG?Qj$?)jbp>Yvc%gFeAN1_7o
z!;u3OMi;tNc4!g?$50s0@kwGm%F@|CmpB&8yi+HWLi0dHm>uZkvtRo?O$58gwne()
z)17ImF-@XLtE`;$oTJtQ_;|(uAb1gwO}g!-C}L!YYx)Q~r~kn^!3PxI3OqZE#jST{
zeeND8l}id9#VMXEI>a9J3>Jw-z<?MzQLThloEKS#tjK5IppNzfvIRV9Gj@#-I=}t7
z*OSS<T_hGhFy25oAMR0;ogRP0fv6G?sVW#L;1O=*6l^RbD(WlGC=D~*Dx5JL71bkF
zbpi#+!+Vgwa&8Y&WDv$RpmS1ld+5x<3kB}%S46T@Qk??Dfv1q>0q`K5iw~I~PZ#q8
zc5I?#`Jgq1!B{*6$8JW<gp+Skm^KwMUJm|ed`j@|kGDp-`B!WM`e}n($Sa@yhp!Vc
zlD3x9e}vP2?XmiQd!YVUgtOnh8bGN1ZjJSy!3_YEu|}{RzAuYV+qZl;zFyB@7k$-*
zU1)Z@?zSMU5I@zxidYE39`UY;p)B^4?1&i%feCV4J8NbwpK)?JIm^CGE)-daYC%H4
ze!U}^#5ghy>{`b|3Sstr`2<s%DfB6hv|n#Wd3rYMQ=Uq+@|c}C=5%+upRu+UKfC2M
z*to;5na_fN^QIPeRKkK*VSCR>R<6Jup4d&#v;j}wfEDJ!G_~hH-@BgxK<pRp=YB!q
zqsmg9Q}{#TCIS`FkI)URIKoV~DV~~&UT@piq16$`fL%iz<K@a^*4!)Fh<NA)06RF=
z8DIp5Q{8bs_hv_*$`lziYRuVSN2uK$wK(&L7&q?3bE|nHs{st0FA#J)cv=G0)qYe0
zVSnUyvD(~PQ}I%BQH^yu6bd}3s{!is-qk>4ih|y@Y6wdA6hDm;5!7;ee3Qc&|M3;B
z37I<@OO}JB={`(14`SG!w@cxTLIcmszW*vW4)7gX{uCG{WU!Jr<j7$csO1#rO!d`3
zKO^gFD#B_#(P3CpC^3@?&zg!Xq1`Qi6110+2f<E<jG`k5F>f-yW>7#Wp~m4A)R-c~
z0l<ZG>=|fj1b{Vv;xE(&01)I7Kt5;`zbN+(CwtqN*ex7#dK&(b0zbO(s9yt%xiUWU
zjI8&MTz{p=KU5wAuohmFP^}q1_NM3Nj~XU2TEVp#PiusTXawR10lt`|Jk6qn;IQfY
z41=l#p@0Z>OaX^*I%4@SXtH19xR@8K_Am=XJ~{9`{YimOR3LzqI4zYkQai0rf_LBW
z+>9)Am>p~aJVX!}XR-nfdNNf3=BFZ4b$$CY@S%d$j5V_{paJNJFoR0s7uz+AL#ai9
zx7DIRHZ-y45O-J^Zn-=ag;w^1dt0TX!SPd(=wNonI)}zyK0-li&qFF3rWvbP5PSj1
zF`qqq0283bi>mQznTKtig5kCs^*u7sL}Y(Q&%)ygVp!_8b0m-bdm$^R!<=igOj1q^
zsS+I7cc*5`!S~851mAvIzd~2bXrw<F@G-DH;*1wzxri~h8Q22tGSMcR2HGKe6dot#
zgs@wXQD62reLv#8o5%y+F?iqiI4VCm@H|~B@GRh5%jE?Tc$mBcxL$ziuK+<2OyV9G
z`g1mS_2MIW*NEv*syi<j-!A%rczNeC42N<>N=y$jXvP*mFd*l#sslPx5WK2V2LtwL
zh9Y;WuW&S8DnT~JC_a0`Q<Q(X%>yqvu_W8Romxe|E2U1D_Cljw2ii?EB|CAPMi~d|
zVDLN@h{sa<HOAl>jr;Z}<n_njN@QSwg|G|;ML^U5VxbbW(*y(p6alf~YSa)CIwf|q
zVv&qge3>JMKIf#y7s+vkl3{>KAeGE;etN8&{`)Q$_!@ceycQE=5OskjDzYvo1ulwU
z!-oxII*Tg)Qi`gDmmZg@&gcUXwu0S(&;bZrs|efugd!|%6=A_}WGC+zG6>65p_xE7
zRML176PuX~(k@q|ZFi_HYH%{56W+~i8r#+=Ze2zvK%_f4tbjQ|NOtPmDa62^9DF`7
z!=X3r4$kaD(V-$Q5LZS0;m-b432=)3SUqVEqNO;&XJ4KsoSraez6;-z`GiUKGyF)s
z;w(+R!Ms$)0p5^E(D|^-LlJraHUenxBo0dJe)w2iBlr;effepHw$LL_-iE>8kymVu
zo)?eYq&;6c(e~frLc}lCMfU%EQ4u(7B*BJ2J&v4`$lSV!&ipVrt^`H2^{{vERXPs{
zBsU2v!8y)+h$aYrArz34_Ox-7trO*BCZOd@y?%ssX~#VW-|f?7Ju*1-4_vZqQ<FN<
zE%ZjN9DoR9uNNr8<OoSkkWO3aR1lq~!6IiY?KxwZD0i7415lb*`@4XEFs|qLP$?Pj
z79t69;N3S(;a`feF-uyjHlS5f{$lEtBjYZ|d%FVZUnyidmc(N}!zELF(U7PO5Y{mo
zOhGq_d&H;s$`8q)<WsP&;+^29;6z}x`AXUZ_5+)z6SqK^(P)xy|A^3WXfEjIg7i32
zYF$K8Gp0qupwuTjogtex7VnI`;pT1gv}2Dxr~l}7JKW8TQT0eon+e_)2C^`)$NnXH
zrdNxVj%JlYIADuQL)xuw>`4^Q`Rp;xidRF4w;;7>FP|KG%%~Q6_*3*qnj6qgQ3X?i
z9v^b((J5w2+jsyW$3ON&zy@#Thzmp*)pA;Vg46uVXpW_gioG$Y<xItVgq40entJRK
z!q;EE!9`eyz)H!_f%gF#U3nx$#~0Fk@dGRcU|@rExdVb%AO>TQ$<s5(n`CC+0OL<m
z;}aiw1;U@L4+9E}d+V?r*c#e@UrwxQB-k(g9D6{pQ!uqY2QOKqxaTIkS!(A1W2#5D
z)`GqMljHWoM!)rMq{AZ5i);HG28qZlb}0!@H6eFX6<|>%9|O#+Rx=K>+C}uKu%s}9
z6(CI@#aOAufD3*0o<_BF(O32>&&krG=M6A;dRe<}mSq)o*<JJuAY1SdJFy{JiK%uQ
zMfls<cc)NW{lRFN??c>2TO2z8{f1Bv4~lBx^BX$t7Y?tN9xz}IF(3v?c-MRh;~4eN
z8w;N;lpXEpf-qBz+w)IHZu5f+Ts~?^G_dl&+FOW>aB;P?oA0w1WB;9=i+jhAxgFzT
ziqS3S#@F+eN#G^>v9`>1fC(8X@`R&|bgGHRL*RQOhU~swy&C{;-$AC~smbXcY`CrI
z`4v6Qry!1Q;()j4acQC+9D~xXb46j*kVK0;4J{1#>w|{-@x25sd3!Iv__Q_CpJAea
zPwdI~gs1HikJLewAiEDcfvisseiu&_{Dy$u8o?|m1U#1*=5xh6@$@lvv}Y$fD-tUX
z>j!SSF}=%Gbb|+=S<}=qrg_Y1`8W-$|C#rZy!PJnt3ZGb#Zg78WNr07GZyYt^cbb-
zfyB!piX3@CwONaT$7XPKv5cr!4!pan6uhKSE!e>z+QZD}MifQuq!5OaZK207@j#zh
zn1m^FKPg}oJ*kjr5s5HylU!htrUKb2(b{7i3kx7yz_S2ON7+B2$0KuCF&P8TJ_lS)
zHx?g^y*+8=yfi0b54Y7a@)5MXwGwLlR<GH!>J6Z(HMTdo=LmS-M4(U63o}umu<Eh+
zH_BchbAXfpe5_1n2}+aOF~^GgkA;u+DT0r};um9YO<H*c)8B~*P*LZqWd;SsmxtcO
z7Dm>09i9ug4)fdaw6Me=<=)>NLHr69xeEiXctkV`@10K$J<d_{!;b;NphNu3G?m;r
z2+5)O6cX{#I^epZ<RzBGGJUk1@%Bx2<egh+c6stJ3BceGGIS`r_8S<4M_CclpO#v3
zM(nMy^_j&jqj`jGpDM{?+<PgbqP-!UfBCQ#_rrP1XL|hg&}uw+Lt4BC`{{0^hM8{_
z;mLuOgYe2a>neyD;u>OYDqf>loCdLYjbZ_@MxaJXue+tNvS?E;kj3-QikDij202}v
z8W1_I#juFFRdcg%zt*78gOw@t5LW<$#&Nu}Mp?sUutcn^B_ax$=2->Krv`|-9M|-t
ztsD)L^?lQ!6~A-vyRuU78{lXd2>7{H9|U7#j-&ANoG0Q^4P+Z&7hot(4#k87l3%52
z?T1O8SUTY@XTG<Ya4aG8d?oiFprWQYHve`lhDG2UI*#iu^tN3DiL@exROM|S6$L(7
zq3&bUbN18o6wUx`2e=^*gULdOGq>QA(I+r-1kZngW{^t09Ru!nvb7g$NKPxXCd=q+
zI`opl+~?Nsq~Jqy0gBNw)0Hw4(QQ@w$R%pFO5qqqB;Vx(M#4{-?YgN|5F4os;0p~@
zm*QuEzR?mmB^tqJKC`1J*2^YP4R*cIAx~o|b78Q;D)tm0wzw98Vt?~5g85Ka`~waT
zeB@R(00t7<9hWbM9uF`lTizd(qCbbhBCt*>4NIdNI~t(-@_IF6VJ5mYi+)+^(jCc?
zf^&~1@U#F{94-RJ@#VI-QU~`x;Pv!@(EjVWoKZ&QHp;>MKZjHAU%9r-aez37Ac}@H
zHJmRS?P`H3v_EtWnvlhXPEP_~eTM+Q`T&_8fa`<iwZ^vhV&}oD(aH*fRslrz@a3mw
zHa(^dM*7;}w+K|BiN_`~RiO-+L$8fI!iycK;~2Ar>=T7vxZ{==t3hNTB1_>_4X=E>
zs^yj6zMftoJSy>l%={qct<gLvWSR};r!B%_M{$0~o%Y+OUx8J_xuW}VMtb_OI2;od
zT8FBR0H18JZiIaN4)U=GriC-Z_~W4tKqbZp&bLJK4RcCuadIN;_DY0k|7e)w_-bc#
zh~N-4+0BX-e=xdFAs7gAXULqhLT7NU(YaO=@!fEIL1E|1`3S!^*NCr=j1#{-wwj|k
z$XoIn(Lv<lxYfP3ms4dZ5-f*`BtAQR-d@KSDm;dE`jbPSb1rf88&wY8-%{~H^E{(_
zJ6a>qx|a@a#r9>V80J2sXcr|6vI{E-ck}}W$U&T8(nUefmOuwxOOV3;9DN+{RD@h2
z(f-k~BY$!BP&hKIc%kWjCu$P{d|;zc*TC>SFj3$G4^j#^BQ6964=y5{58qYz9))j#
z4d2X&9Bp4g-%ykSy%+8aDt1TDp<YN2VjmFS1^XfL30$ro0E0aUTp#GHW$JacKscr(
zW<M@N9ut(<PTzpgbP+4qEZpx<LVf4ZV<nHZQ~M+LsDeX9kVt)~M-%SZG8i4X?k!`~
z#V82@p~Md%;OmlH_NUZb#w0GHc`jsNgdm`0T)cIK-T}O_3QY2K=k9sl$u=CCIZh)B
zGzMTSPi;9n{-V?Bk<3<KW-B2c@I|C?>RfyMbcL+PPo@Q<WSWII{2lRAZNE6hDpHn<
z57i&84#6qH){6MRV30}-hE;p)hs1}|NAfxSC#nA69~g(Y1Q#lHFS|CI2^>v%42%xp
z9AG2CXw&J&;l27Y%`y%u$Y0%^{PiCJ?_CV;VWd!EoBA+-n_#T2yF-ma&f7-E66<D!
zD)S6HXT3ARf^V!>%sMTid$b@ewfIG{csh$|Rw^MWAVd9GDWCIV;jtr7kf0%sCs(f2
zEY!G+x`~8Aa4Lkr#a&L#)vOUgA~v$;Iy&3BkY|!J*O|_UdD(Ma5Fe*&6jCUiO8cCO
zSZMrur`xU;4G0z}pB#KmDi?hD=y(UXDTB$T8JH^iK!uupT|CKDC&qa83EuYMvY@%!
z>?-~n+EwiEwr|1EMm=JTGjQyY2dja_L!CI?v#V+<I$E0fq#T|Cake{nFayb1d|kp&
zn0Kt?G7pmZ3SH4iX5Vg?Ffb<S?9Ibu=+xunzvUFF+~(xe(T<+=btSosiXXQODt<A!
zLjk_-G7K2MzDd(_LsVz9Nn~k2e2w6lXzW0QydXktAjfhrU#bP0_5q@Sjv=GTKq&3m
zDL}}G-X}SO<M=)FM;b9v<4T_!A}CBHu3ZbomWt5&C0-9RSkBR)f}xxK-iOz^;)p@g
z(-ndv5*mh!K~7{yn${9Gg}8B+A32JB88Keg6DWQ*_T~q??RQ}XP_oGMe<mAt%=~%+
zyUazb<CEQ|7}n?!HrJ(Yt-KMgr+C+a1w(x4#!Q4?)r{u~2a_9crY;xB7QEG|%OjOd
zuQ-FHkc5fO!V;mb@{?N$)4D};fnwsm$*Xz>6AxTuVRE;?15x+)@fF4VP|*PeL?d6@
zLtCvM&;f3yi5>-Brs2ILlLOMeTRkf5Jhan2IjoB#{LXz}?>;;+0s4dVjNIs8^ttiY
zX3awFpNI54=G@I>pi;G*91tYn4I{Xso6VC>ehoL=)36(Y_O~X7@EkJ=-~nA~teOk}
z2Eq10mEy}JtMI5ujb~1Vio-vO+3E3J&V(-^P$>;$Ip}76n(eUb0|Cb1N}CNjys}+J
z9f#z-f|KB&%W!jN(X@~Q9ULJ7NQ9)?0?EUTB7mOWr?Ekfe%Xj;5P+{nQewH0^3%JF
zA?q2+gQCC-tydSq^3vNHa&NjYb~+1r#Lfz*wfR${2+mB8(Rl=Xuoc3W2W5cE7Z4p(
zjf#w-?MUA^f~RS{a#+8Iy6ZWcnzg`9vjk+|;VUi%1Bu7%<_!*znDwfJs<8_P5uuHE
zg+xmL(u@(<LG29jH2kossf<n>^jX)t251AAkjl+nxicg^#o3G<DC9%ZYE{1{(qr$Z
z@-Tm8410#|j?bP*41&*RlR&kXxLR)SyOYVOoe3DEU0KNKv=NN#g#01*WPR%bq7T`q
zkUKCy#rEbD6udVR8j%)c0SxzwH91UXdJ!*-l<j~uc`WZ|h^wDLfg&LNO(1;tKZyIp
zo#JUut~DxlG^IfSlQEmdrd4?j57vs}fD$?UGU){=2dH}cu{F^QRUmFgqwpe;mgYBX
zntIgpR?C^7z3PBa80XMEXqIBVG$-i?Laa9R698aE%ng=rQ@;XWfwS9!z35wGf!AT0
z#6nW+FSsk%!7)4E%p;AUzI%AyEoIQZFm247M=<2zVDvV7)B{TH-Nq!Oak#v(U!a(S
zO9%Kp0dEXx-svK~D^l0;91j!M8ZlJ>Y(N%!hl)UtFk-J9q2;LsG?;U*fnU?vz{?Bt
z;zUZeJCx#68xNwox~QW%)&T+eowwQwffH!k4~d9u%@mOr2owly>ZkH^Ma8>@Z!B@-
z#Jk3e_G+|DS*ac-gCGK>MQ;twI3<=WtU&^Z!n;-~y!?#jVXuEM*#K+;tO$X~GKf;D
z8+jnYfPzDnzdG5eaP6Q^kh}U@;5<NC25ELJI|YwW<=s4v6YnOfpqMZohSPLM${Q|w
zQB{M|Rol1}`1h9-^gfL4E!{QdOrK$1610DSy@p|S*I1anyVH+mc!wvmfxrPB(6a!j
z?`z1`?~f6#U1<jIn!mvJtwDz1dYO<eJ)@ZB!@*V*sIJFQ4j&#z<)FxudN7AW(UmK7
z9>*~(HQXgQUbzXlNX#bz(tLxx{B9%p40&qVWTlW4JEYWQbRVCVDT2&H*A{i9_{@Ah
zv$?r7v5T&}CN1Ak>G0vvs7npyZF`lDuhLT9)%%?rtX}DQrJ}sC9@Ho`<z4fXw8~Od
z(+#ulpA-U(X&Q;GiD6uWMMc%+jm?sI$Z`k<45X#Rc2Y%+9@Mu=+}gYpi@bWKun2hp
zrdl&a>WM|XQ^pX5u=-UbrNuYgseOpEZlKO#78Hq?covnQsQ#q&ojf1XegTE*fI&7!
zdz`OPE@sQme8~ehA~Z0+U<OfP;H_c<NoIJS5HEZI1HZ=nM4msPr?fy1og#$`usUJK
z=ziE@s2y0d^RY4G*)fA7csB-Isnl%|btD+8kkB$g#qWxKNhPX8O=eJf+a6%es<)LU
zRIJJ|%s~V^V3^Fy;FKo4maTrirc}UPeTC9BT8i-qK;F&pEhRGK<M#rsAsU&C7vnDr
zrGyrW@kXo!QQEg5r;>Ds(*q^6hWC+OX`$WP_pl^-Lb2-}7km&s1hEXJk%maKIGDH;
z&~TAydbC4pkXhs>ZhluJCTN3b`aB)J>&)<DAn~k&<w!X_&;n~&hJn`8_rd*cej^t;
zgmQj(U8t`ybDlop-o&c<4r5`5!GzHvftwK|K=*(sa7^n$tbql7DZrdgfhSeKj%Yy-
zhhnR`wgr9qUNvkB9??()9Ef0#(alG|IRU<lJJz-Ze}Q)R`X!sICNAB?!*8sk6;=F@
zUzV#2437oNHS%KPXb6pk6y*$vpdo=DfeM_7?Ixbjl!56f;O0SngAiStj6ens*w4!;
zR9jFjLk%KJ`9}t6C3(|;-2w1gp9*#mOk@x+lb4tLbutGI>}L89mxUQ2C%{o$rvbz<
z*lA~=0w@!RQ=RcFx-Q~VBB&-7QvI0C%j9dQeCfuAnT01c7T_fi8#V_Kw9u<*3*IYZ
zI7M_Rfc~s9*s$a}H5WwO+jg6mz~Pm`ul$`n$_I?lCnSB~`~fU-CZJ}KtL0Sg?ND0C
z2GU;Abi8fnaU2kPlS5a!FC79vkBoqwAYc^$(Z7RbxEJ6C>vFm(sB7fd_=Ohp;h?-Q
zoR2X+6|B`D@d@cWOAvhaw!Jw74e`og@16Id(%a@|6WBIy+x=uE`1szo#p-Gh$^bvg
z21h>_U$b6o;Cpy>l%m-bfcU5ajZdaSFIZPX8+HXq7Lib(o!`BJb}j)&16YON$b>S*
zwXDp9KE<`H+{CdGmO{kP!BTDYG;rhCCNY9`n&&K_w?fTW(7OwKaepw(RZYaZleos!
z^0W!=*77d)ytvw0OaL6k1)Zo?Ezzyc_i}+vq-mnk4#>6Dos|aoC*`d{PB|2miA!a~
zoMl*_hkow@4s;`VTMT$m5CSC0w@_^#DdeEjon{ij2$)1r2T}-w#5$3#-@~WoH4b-*
zHHUXjL^}+N+*9U(PgI?}x3}{S<`45l7Z~kWG>`>*Du3{JIB~5aD=1v2*i-wUc=LdI
z<g%ak*(AMa)G}02q5a1ZpzLT)2v`%#g~VFZ$2!nfqX2ud8O|c;{gc7c97j{FaU|B-
z!2%7ogCR1QVz$IK@nZBs2Cox2P5g;u835xrBj|^1jm#CI0Z$AVMt>5eGSHDB-nOTd
zB%Y!@gV>Rw-Zf3Eb$C3B|M|KvWjaX9R&a(3Pi=sY5-$r0K^qhqCiH95tE8#ou1j3e
z3OSPkS(lTn_!GgS%@J<_+k@;aIMbqP5}X|YuAht}S14f#oiO}rUK|Z1_E%6`E6vpY
z!7!oz5Bw<;3jGu-Psgx~y#y8P)XQ&xOxkmQro#F^=wi=xx>af&E8&%e892cJqS<iE
zg*e7mY9r83J;EX$GNDx&(LH?nR`;NlR<-FKE@9ggE&{lH(k3o$<0Ak>^)lyTF)sij
zdDG$1UNVme@4Hlj+B$#@#8Ob2`2o40oV48XIXiusrV>>o-y4kGt2~0ymDtBzk)sib
z)cCi91X$q`OYtSX%N~gBd+$tQo!+*Kx%k+TVcxbU6<-dIPQ?AG-Zd|=WhO7mi$oBj
zfSIP+z%I3j*m34hd`6Iyq4lH#awRhKH^_*--nO6&KFEL)rao_i`jQ)}^QL9kj38dB
zs=TX*%DAdTsr$d`-uz)-QDVqg_inCC@wRu(Hc3Fa0dKxR>1|Lsu_GV!u6bJek(-wL
z6Px7b28{4If8twmGk^hEK;eO>eOJ&H8bKV<Lv|YZ1wDN1%EBXHq8fGYlwD!0fV^=+
zc4dT!lVkR^CjjfHpwXs8<$UF09&bq+0Q29WV`x4aJS5BcpfT|-MS<bG67(;{OS>}A
zzgAGGN)-B+NeLYu!TaP4yw`}^xdeDeX$tRCrNd-}_psb70TyrZCoYhi0r1{PBsUW8
zy_7Y)Hbw67Ft?JGTx1*X1+q6BAjKSHJ2=uHAf_O0n3kr*FLI5%usi%E{@mb=%3n%}
zW}Dhaz^u^;2gC4q11ky}W=MbIg*2)FJ2h~PIP2gg7sL`#6G;p?L3jT9hqye=GvDNh
zI4AbDeNU-?k>0k`l?w2B*SswA4PZ9BYn~Ox(Kd-cl)|U!zwneU6|ggxDa#8X%w<5O
z;=xbM-^#YkZ&jkSoTiED`ta`zOM+AMAQ4UC9V)9)2^ov+gvSlHJqI@}Q(1CC+nle_
zaKgIM3PLyCgp3h_$=k%|>DQ&qlrmXs3BQ~~f8uF2T^FRyK(MLp3i2wz5eJjbjaCLt
z0^|uPf;>4ybNHwu#G%O>YUmSNKXnY&&vohDoLV9b$T@#dbqri!fv<t-y_?lGx1be8
zqRqGA0vp2(_yVtP=3lg-t##T&N22~4Qs1@_V>ovRw>$LAWEz9?#~=NoBE=_iFZNt}
zqEeu&x8X}%E%NB#UVY0RAi}}$$9d}!&Y?W1BHi7SI8#BjfiNBgsyg<<pLG(v%=C}N
zFG=~wXyBntfm;)QJ{nZD91MT-U_2cYsH8}D_aq)=ciEu6NG3IZocN<;1ZkHSJkW@l
zyth9szMta=!$7M`sBx{{f8wb3W~3VrfTY<3XSUX}vr}(ZahhsAZdt?5C&b5>fT0o-
zsjV~opu}%QH8~p(IJ0NGNd&@qpttZ9H*R9RM|eVl$gMsO@U|gCpZ)~4w{L@LxEd6_
z41c+`UF>XapSlV)sjY2#=iSO45aQ*8LnI#sPi~^$_bCD9F1-uV4ylQ}hLj#)7Rul)
zSOdsMr<SsRu~=$47Z~?n>8b)=>KlHZ>?OS47UEyy*9Xtuwnymop;-vcfTHYxgbG~H
z>r@+nRBR&g8E2dUy2>!=u8C5#eX@hI7vV~PQGe3$L5bHMJOgn-<_|!Z8%K+%8rcz5
zWIjXAI2<FX25>7oVqDkadJoINtP6C^7o3Zg(^;?z(}x}sE?p|2&C7K3wfW<0X6VRk
ztrK~z%Z$9rxXRg>ogH39(gEK?kdBiMCi7*6Nc%RV1F&C6g;Q6ECO{+%W_`c_Y~oWC
zh8W&hA_&aE-(vi{ip0Btk_a0RH(}=@#0wmg*1@pe_$<&cx}Xt<K4M(CW5&K-$F`wc
zRBT(4E#Y=lAqL&96BV%ur@2L0p?!%cEb&a(TelF^BrW(PwBKd_70D3*+Q`ip*a#m2
z@cKw^*la}4Pml8;NnjD1d3JX)xy6<u$oW3psT3esjxS?1@j5O5klRf?s9JSN!2%v*
z1(4VFapc9RJEXZ8ND^g@VPceT@8u|Y1+!TICg3+;#^U{w9&0m`LlHif2D0{5>V^Xw
ztH!1#Nlzc!i7{mr-IYE7hM5o-Ouq<*Mfl{<YvXBZ{c*KIg+f13>#@(>fe~{@$mzdW
z^#>`L+@kQ88cOi@;&$Lqp%g2BfMY@}QctdNgC((gImP$3{Ta~3d3r!>N?wdW@fKzP
z4@vfHieaOdrCWj>lhSezTBc_z73i_?<0D%Bu5^1$%CtU@{SCASjydJTJb?lUmU4XU
z=g&Kg8ou&8tX9SFjbv*NBqL5RNbK$Ci}yW`N-V_eY&>e^nVF4uqp|Hf$L;ESA+vZd
z$3XB>#<=M$R6n7}q>?vKk%Qk69}xN!Iw_X+B@!-MMD~Yeoa!_7*m#@*Kh)4;6d~aX
zU(BL`)xp6x7`g+rBvDbtxU@d1mtvp*XPJ0Z>&MuhPv^m5eFq8evwO~T6OPo%<A6GK
z4??5QPQ$&ngNsQCi={=<V<#jqLV=BKE9}CWGCw)%n*rAo@>ht-mMc1}z?XM5en8Ik
z#CPxq6)bUgRBUY?2De;po;CMic|mzE%N6nxdJ(JI=TpqZh4_(qbCDxa^W<3q5%Nn!
z>A0ewW+yIFbP!oWPiFN1BRon)x{n~_@ecyZR71QeQ2~|H&SU?E0Ei5l`7$by5`>%+
zXu!@D4y5@6bBIWb7E_yvh=EviQXwS^jcNQr2Od#}S@uYPx9Wg6!SHwJ`x;gq3?*M{
zoGQS5O>nl*5e`Grs8B7vYtDs4810Ui2qCQ_(_!I=v}Tl+uoS1M7!u<!+hqaXzYNh_
zLHdfdSx9CcBIyGaTbt_fQ%z0(22@J4Hp2B`Sx~j|{el9o2+1@mSs=27_SxAt+0O~1
z%XHkK;soPb4<v2{Cu+F|E)tj96`!dIoL*;ZE5Q+RqB-eDSpcjQh!lJ%4=4zLr9!&}
zZdbg`VU}`vXhG&i&qM{$mBM4|gR)#`mQ$_PO}K_GYXMpv#A9=alIZw!NiEjy)Gjd6
z*LC6awNab+zV^Kp{b~d0$_0gqyI83gjX6`FG(U*{vM(P*;`2bDOCcMPSYg8iqqj@?
zAzVRT6_OcX;b|Q4u^)R`))Bp&?SU9@!Tz(cOTt1XIusPQMQeKH{L2l7QUt_7vx>Ca
zXG-)KN%QeL9F+cc8XnPote<|{c&fllOG)YACwsar5i*6IZp&``W{|Neq002ETUr|@
zqXm9$WCMe{n%xwzTYA~S>3uJs9$A%8WlrxvXQk>rm%Sm`@+gPZ+PFY*5gz?>O0CxA
zD6Hseo=(MSA&W~MhRS~iF<ml20O7kj(*8{5shtM@-rH7B8+T-|x9!uoNW!mD6F5WR
zwZw1?eBUAC!}+-0`=iR`Y<?$Cf^k#^e8`63HMzieObUo^beJAQjIay2-TwY3QMKJc
zc(Xj1!RPv{>IEFU<y-OIyCYaD%-7wbs1W2}M36~nS7+mmIc~8|h>M3}6K3iMEQ?Z#
zG!tMFR4P@KCVN04pVVR&wsd%X+IOJ3#O2B>P$~!eAwUEl>z59gKQR=KMug`+EHpq9
zIlq_2QhrLRd>rj9es1)Y*pXAbYhH&`B+eG`teh<?8~sc5tYu<7s(`B;`Pel~_zg&@
zp=+HVl$<GK^@>zLP;`DT%qx~?e;p5DLk3z(sI<^NF9>(igWsD!i%{z#Uet=hv0wU|
z&QQkt{MI`!xw__m$XKHb?v?QCsDf5OI-K)saL!;&ABFc>&D3#n_2RBmmEBf7k~oV1
zumBBCt%RExR1)Y7PkNHJA0b5rJOgsVH5cs9VQwm1K`zrS`)LLcYNLwf2rPKl+aZS>
zlP=@JvSIC>JnA713`P}xLEf&ZS%-mdJqjKK#PxHD5>NxJolhG7?N!0u%3c`=|G-{R
zcS0|A@T-HPE6FoO@+3_?Y+XjdiZaiOtyAKYm8j8*ni}geUp1cns<J+VCwy-P`5u+`
z*;T??R3WVSFxq(6%!bEO$pbA{@j;||E;0bqa#F4lU}|^Ay7vg`c}lRB-_~W|D~1}N
zDr-GbgFT*i^JR6&`^JwI;g5*-YuKPx#{Q1U{!`9~Zf)YvkX)eSj>z-lTcC9|Yz+e9
ztr)7hXe-`ydZaq`vX^Obp(^~^b3I;{4vDMA`GRCS$<aP=;9c`LdQ>KVQtdvZ7|so-
zGH1N)4tY-~p{~|>`$$ve$qO>T-D?ARSWUe=GhY<5fe0zKT$#mmPgz_f4{&poV?9;Q
zBuWp^2zJzH6s6lpeBt-v>3=(9gFnh=5Y+DeT<l9g)DNrWX6Nl5-d%m}pu`!JXs3_l
zC8|E&HDf_Mryp~LC0`i%zUXHSXVRY8qpQ2ON=N*J)Ue&v<{&bHcg=l(AuF4&yF*C`
z_2)NEC%v_y-m>u}^`FR{whEAct`&*^?VT-(&$a^q%2IT%LL`>V##~Ni$iXhmPq-I_
zNE2SfP_1xQ(GP_R$rwqH7z1^sxoJ>zB7;I><sAhhjT9t!*{$qr8*5A~0!*9SP9{$L
zK|CdJ!w#5Oq-6@XVm918m9<zTk$LPsDCz#dg5{Xf7CJ82%u!s12@}fzFta*mM?^Fz
zREf7>_rW!M)EB0f&-B*I<0yaQFVAgD+>YwBJ`jIpBf=8!R|58^Q;Gb%0s~%v0X*BU
zOhrL=UXbhH43s^&fJTFz<9zY};@Q8VV#_P2bvk|r9aG}0JhZIbt5sDl^`!ciuyoNj
z00QW-@5sZJFkkk9>RqCE>EOtC#2NZ$PjJoYhp_=e&U&s_>#3!Nt`n2~A*x>lj0(|M
z_{QEc1Z$RhEGvLw+>I^piw}VJ=H6nhp`0k}F@Y~2<6Lc+uNtemxfe6cpYnYKLsp)_
z&6}0?Gk&@Ae#&<W3|WC3OPh)827VM>8iQ#wr@uHgJ=hVfxv`fJKzFo!!LZ5-0)zvc
z62gn`L{9PM4Wm#T2;@-hfR0bswfvUc7682pA|Hcq728&e+*A4-ShM|sUvXv9dQmW<
z-k|Wb^GK22iCV3Eg%AsA`rLUVHk4o--1038x=pvV5j<sASglH_r8+-2P-nK`C)t&_
zCEGT!G>3lYASMBR^lu4&nP|W&tUIWSB(fXDue{LPkK*^gkopfR7~C>R+L3pj{kz%<
z43A?LvWa@(7n)&|Ga&v_B)fmP;_OG8KdkoE%*1k%$w$U3Wh#iqy`O*p$i_Qe`B|s(
z^Qgqn)87SDxT2#n1YrYa1Ms&p9unr$6CIFISIcX-s)CRGPD{vs6*3K4@^(wRgMcr#
zb2V5sR)Wc=-^1ud!67)-x~FTU8WOA!fm#|%t2&mf9!SmJ-AW}#RU1F_tq2fX1^*Gv
z;6#EuaRDBpN~MtF!e{^W9RPcY%;LUvC;}`I703y9L1t(KuuYIz0MRhq^}T{W{G{pG
z-WIGQAtc{(JA4wj9EIo^&yyVmI))H(GAzWMQECx4cn=ITiI1#|h|qF;dsoj!&YC@+
z9t)!60kq6m6m!!Ei#@-NBjsx$h9iFg^C2EY6{)X$#xaNrb2cfp*7mZJZu#>P(Z?M>
zytdV)vwm(RwH~zZ(0ddC5%7qs0+3w<`GULx55G~)AyRNATQ_iIpp(iKPn&P?;GSH0
z=f_bFVv5p5J#}bi{Zd`e^7L?Po#B{I;A$x_fN3#xprw8PQlK2GRJIR$VGPf9*x*TK
zFlNRjH7`H7yhLBxW3UBB;}GucU&yIZ+8SVqEGLiPk~>9Q=F=>QHINu@eD<9YtOmSf
z4<+1aNVv&i8Qob-KT~bMvPMbSlz8jEJ0m?kN%)YHyO*7lwgitoifx7l3ag$E*zL+w
z6qESD5_T2%opYt^+3Ao=hmOaxXVbCeu>VFK4LZufEJkq_V(-GrQj|EBakGD@hu~2w
zNUK(mVaw{V0#a@h$Uq#~C6ZGzx?rtrQ}moxq}FgNA3cRoD^ka@9(HtKvm&!uwi{(A
zq5`4KJscEa;^UXdokra}_Bs5hcCE4TCBHIxC|{&4wX*J3iWWa)TW*|O(K)GFhoQxz
zgWtVnwn#M1to9S|EsTM02^??P@XZKT$t~TD%P}bUjLS@qsCXKnJCb#XbK^c&vU*W&
ze+q5_AKIWgkQZd-6|{0CMK*N6dT8ENFGJtB@cv^nZ`XQ}Nj{wb`&O_PcZln;5w!GI
zMN1dQ@6p;@KORA)!uI5M`&W|*iJlD3BP)RvDqutiZopmq8@fB-<-qKQOOjj|9O5X9
zbU|B?yvdg$D{@38dqEC$lFrHC$+xN81T>W{M{Nqtz1JA52SjVK89_d3hXBVGebs4?
z;$(#^5H#xocpPmiQ3$n&Avjrj3>P|-Kn+|LN6~TLjb@ujE7a8SCa!O0vzf?^6^XER
zK}Lai@QrNVp_?z~jj%Mtu9bzj-z}92SN10>LHQZ4WEzl*4x;GdS!kT%(joS*ZovJj
zZ8SBsvbLhrm*6u)+sU1biiaIqXToP*j*7HN+IJw`8O=o4GvC*?5*UPk;!AOEDg?RW
z-};q#R!&1%zIq736f7Zdzi_8Kgs`eJ08g0aNkSmv{{HL@uof)+$oN%XQJT{pTh0k_
zj1&($MQ5R?@4p4Qe(>!(Eb!rkRL39j9bnT`Pyt8~d1e_yxl=V(fUf@fF@BRw3eL1k
z7aV<%=#w1E+a_|uyhM;Ygckx$@l|Z~#yT)E{I${6GwKZFIxrWv#c~R=m2JUa%o6P2
zo2fc2KwQxSd<2^>GH_EU+Hux1kY|)preQh9zes50CkW93t%4XPpqg9L0Dy-Xf>5if
z2$d+{6EiXg*K;~TMFvKUU=(?|T{!0#-I7}s{Hr7IV!EgJunKg@SK%WQ*>mP-b&Z&O
zNY*b8?uiw{#5Oag5^Lbmv195Z3?acd*?;XK6ms4zdjTf~gC|*mqL1+jgH@gCq2FOh
z+xFi6YYarmPd%oIpI2VZ?NnAF9`Nma8|hEB6Y<D={<qjDLaN`6BYeEkus*CGzsugt
z>nHFKt;a@2KcUyXRaite^l-@W{((BYNmX_4?ogZkUSrr+sMT-LvqjX%{2*8t(J*XT
z;E0sr96}!6<72yRf_|1`7v#rdyU!=!xg_JQ4wsjf5#53n^@_v9S*WMU$dbpuX5mk@
zBx7j&@v-Mj{2?fjjVj`AV{RcfK1J{TG2Ya}%}2!{PCnFgfSEy&6rPaEGnFz<L@gqs
z#yW^1pI*xqVnKc)BTPi~t&9J=gQXFrxmYSCmeQXbe9ica;0rpOKS_xZp}-Z=pei4f
z4GA|BcsQ&*53k6|Mc?;wF-7!!Ew}J^=u2^+B<FY$n1foxZkGW!98IgA+m1%!oAoM*
z7BJHaZu#^f5_G2ePkv|wqHmW@gk{+4;N`EyT&FzbhCgX^<nqt;+=9sabmZ-p*ynH$
zE`d<3Ji^A|KM*Vnx<t~bU&~>s$7T74GDNb=yZW0_xDP^NF!dQfp@SbSP5zAgIPVu)
zb9)SoFixZ%**}ZVl*YOsvirS?k)UPt`X%_r^EnB=^=C7~MCLW^Iey6}1;fp)Ku%#-
z{7(+Pwui_^xj2xMHvpUQ$>FEBaWDe>1sG>2G!RBnF=P(Zo`+w9NaP^vB@9Kql-6H6
zysLNS7UH4HB1CK7fC_^K!sZ@K;gvmbApW7dv}HU^Kz3$iBY_`1QZGH=><WX!IAE;v
z2uH)?`+XRBFSQXAw;tIapWuufzbJ(a)f%CYy+#sGd*K0K#FG#|#YifMm9Dw@_rPhO
zE1u^JbCV2{i<j)5(<AaA+4-8~aC)oY6_F1NpoN?TrC1_UhUk0Y1LqiAp;&^aS{biE
z$IHIpA!K}V=y~BGp=ac1AQ{I1DfMCr1riNASmG)dgrF8jYc#fn5@A;%X9rG`uiws8
zhSvir*~*ZwECI3bes+RKJ;+0$7gB?_eCud~AKr~K5#!vhzOU;w=dSlvSuaSySFF*n
zI<MFe-IrpX9`#Em9v_C`FPV6ZA<2*6vcT1gZ5+Z=?7G%@JIC%ODpACrSn3e82%tcR
zWHyAfN+1ioDgNKg&D^}xk<nw3{ou-QtbyTQ`6q!ttb8GKH3aR}YMzu@UtEE|a2r;`
zTXH?=3ZO0K3t6jKuCgcg*f>ueY27C!$V3@EeNUhH0+2mAo!7DahXe~9_51QTMWDqW
z?{(gybo*G0EEtql*6Kz&i}Yk?8RqDqp$q7Rskt+9J6@zk0&8IRu}ZoDN!BWYlWOF#
zPvK@cJ%M>2TcXowQ<kWfn^cSLFsv`iKyrkoUh@MCh7|^L=syWN2#6piuc76I{DmIj
zqkte(cL(MG!o+o?kBTc_y!Nq(l=(@qfV~mHMx|bdEKhf|hxY48hulvZ@&bgw#^omT
zEq->@oAjES$AK_o#Y0{|RMSJ|qpRS1xRSSn?NB&2xmC4pLS8&o`VbHC%oYu3Arao@
zGMtM$r$){==@$`Shgb5#2eZ$3NRDa8%4=|&eggc22F4HfL!#duNBq=p$RUDrS_eVY
zAbb-8h!`3sA^}2CGBpuPrE7~x6#f8X5Sjkyg*;?ppdB0YLTt<tXT+0eXBya`hh^8E
zs+F(+)?6s7J@cEydJTLcsy94Oj9f(yqaGJ>Uegy~78&A}uchjNDO_i~;q-eXKL_gj
z2}y!a4u4$OC+mlNA%sp2G>lbmkzn4K{OED_R$&tFBhM*of;TMiNrf1mvNW+x8RzBr
zx@(AMH?@OM(%q?h{n&}I^U)+=sZcT*+&G|j-Kx#p1w{%(s8T?V7j_uUr^i3))Q(8i
za=P0_vMm-3G{dn&VompyFjs|##nh^c@(KdPtThEM<^slWA9C(#-S8$%oOiQk%f|mv
z|4{*TPcc%%5CrcRkfH`6z5xTP1O~Ie_86%m9{Y7f7LzmJI8os(plmSF86g27EXo?w
zWpz@f6JKPX=C-xq;f+ix5aYAY9idhSOyEa=I8%VMGYoSk^!N3U+6*U5-j^adxXVt3
zEWKoyajHah`CuzAtr>`cV;|a{x5F?Wlv*bA2_wzKH{P`=Y4+Vy6%J(s15ecU4^e=m
z(M)j!Fw-N*gNXoJ5n{`{ax9ZDKAA$kIVH4XN*yL{2CPTYmO)_M!DqK80(;G80itpE
z2cPj?0hF(JKt&V$(7mF`@cJ?RI$uQj`o3)-uSIj^>Kk|%X^s^E1ZE(B_CmlSjx|rQ
z?`A!)21xTW8zG{Gv~(u{6R%z$piLlipcx!UvNg44MI}Bt^0V&`m|I*NQg>CSQdnwc
za0k6M=tEjnm;C|!$uxB=WM>aa4fc_jpk9SHV*N3Sx6Okwz=?jK(mD-AEqL&q$nmJW
zYdj!`27F~Io)aDdAE0k<Mo9}!?GOxL(nm#4)60EN$yD+u2mW&u{E&aX$0)WHUg-Wq
zG@=ln{rLveF%DIlhZ@}2G0E6LEX^#N;k>sKix9;jx(@=O)n8#t13@OcRcu{$zH^-(
z0x=X30{cN3LPkXIH$Y5iik9=^leHF*i426>{31u(H5QE1i7=of-V!PmGIEBzR{nsj
zATbn3>Fxof6lF)3QYvF|u45oW&YjP`c^KC$LMlW<0%1Sd+zJl=g~Q<_6b+t;;=L3_
zM{$YJ(PDiI3@Wh|k$@Dz6o0@sB<^99p;*>yHw<1C-=HL~`)U<IB73BIstboXp;Rcs
z_@S{>|BBA0TV=0uujAKsHZNB16@%W+*u&^|Gs$tO^I9g!>e8<k>uOHrH4ERtwWP<_
zgIB`|f9_W=?LojqXFrn~G5U}CJ_F_){%rrPhzM2>S%7*C+BbgfDE4^}xSU7|q)Z@`
zzqYz~lO&`?TSgR%xlLkMBDO&ft+WZU5;2T3Tl;<Bp;$(idk%d2UJ>{roVXV0dDp<c
z<M%vZExNWVaB6o{*11#ypLb0&tfN&~2nq47`7AA^0}~ts+O6)&FxUVBfC0WtCkueo
zO7M_k1WpXw6X~%yR;bo6r%)ej>xEY;^rKrh-$}F#xZ_*Y-ZZRDVhHdH-QG0?m`jv5
z>>LhB<mV0sH6vIk+=`#(U>9V8Z&J*KAN8It&E;non$MGVH||{E*m&*D(NXZ&WrSXB
zbHGWCAE)a4sO#HrT`IX(8}YM{Fh)=|SS$3<aAO!0;^jE32Nc%j2EL74h)fY7hTWiJ
z%Yyc2afV6?6as&PHT{eXS69r$<VUCuU}vbUfH;8F&upVCM<FDJBi^Jy^|t+tIVskq
z+J@4jh5;3Dfp{p}Ot4LYeJQLv%-jk}p2EL2c`48z7F&B9&~N`9=jAB>IQ;z4=lGhG
zCZ$Dk+(|n8;7q!zU`l+Aws#dm3&kDp>rQR~$=Qi3VGTt}bNGK(FUfpBCo4fb*Zqc|
zVqn9>-8=W-E=w!r^k;Gi`WJGRkg)xWIM`%baQaoiOpv9mK+@+#7>VdjP%;sA2vg1A
z)w_{pvy}0hhV47TBM=qHllXmZ>`||S=Ab4rQBAWbq6AMF<_jc)8P&4ou|M(O1YX)p
z-Dxsm3*NU#(<{#!<iNl0Hv&I^8>>Pb&hDppC&UTz)jSi-H`dyN=aC>N$emdPXfj-A
zwGMF<u%ZZckk9_5@EKa7Xso2@Bs<k`P2X2Br%XR1to)30cl8DrYC;};BAVlDen7!A
z{Owi2Ln?V;EuvOPURbZHk$VA_-_iOF+`7@+x&J2bjVD~2?l>ematod`d0{FFiO5Ey
z;u(Umz#F@adJPJGk8S9qE*ziFbZyxyTm{AUwHwJ4Ao1D4BcE=OLm}@SL(x$zAo8we
za$XgtY?ISm;FX8Fl9mB1fw#W=RUBk*<lz`rB1Jq>Yh@d-vd3P1H|o#18n-B3E5+zF
z_A4ko{ChUq%8Uj%SB0b1=>5WX*e0{>`nv$AGq^nl^XWS%s(78w@?a4tfEiQSC4hAl
z#&X3sZHovne*3CV!vS<<0&7nu{3~&=kND9{7oO4Fuf-0`K2KH<DaZk6>6g*vVhy~B
zCon;Ca21{4dEyuAGs@Ize~Q(zQJu_z-<ahR;bAQs6aQ<@Y-ALDQ0lXH1Ofes+te1#
zfrliaJxw)Zf$X+)KZseLa>aB(fCVClx&U&nTU?M`5wfqulz9GPUgASw{^E|rVOda5
z1{)<FWf2@Y_|#w(tfYIgN4~K_=o|HRU&=XB#wQ0@(>)pbj9&=gNc)hwRU4k}$r0Y7
zvBB>hlk1oPjPbiChdF^^o@SVz%yy~N{LD)R2lEGm`Q8Utv;c|(idDT11Fy2<5goR?
z4uA^YE;whT1{%8In75oF+|C~;c#HGPCoP|Hezx*ObdmT3-D5RbOR-GG`SH`~Fdedu
zlb0PAV(}OqCxd)_0+Xk4B*>ucEKN)8N}~Z)w6uWsw|_AP^j@ah*!P}AI5A=0h75h7
zp8sIZ9e*+d`VpIhR+sD6)8c`f^<Mrn=%{LrzzpB|A#=~F&fAcb+4;s$9D#64_d~R#
zJuvs+_j4Hlm*Up%>EcZNB=a47LFS9#5SPF1!q1QBA;F}ED@EX{%pI%VAt2s6f69tO
z$sY4HnAfs%JHhBJr=b!|;$1fh6s?R?C0CgpNo4VMRsjc>NUP}C@rlkF{@u@HThzeb
zhT-Fv@z)@*f#YvfQ8~kL;Ja$0yh^}Z#?Np+vuv2LN*eXOP;Dlv;g!dd?pr^IAJoE{
ze~nWoY-6kOqT{v(nZ5@VrpjUERhj(QNV1!2s&YH4xr2%BvE-y^QGB|F4GlbTBn(N`
zg+1n6(CkJB?BAZr0NK;T4S(3`2JDyf@SEeOA>CSUrSUe)JGP-()vTz@thue!d|_25
z-#>3Y)A{B{V*77%?@>fE@uMgp+N!Qrbj|E?>n`>4R(JE&;gg!rv79ZtItDlMM%;^3
z5x&EFQqwDZnU0IUaD`c)<1e>?mO$pHID_P0L%ewue}Zt($|3TbiLo~Vw+`77Ko{tw
z`X3Wj_(?DIi&j4Z`$W1B!TpuMIh1gcivTCND28`Sxq-NWs6~#i|BW^3fnQ^GqyAYX
z3l2FUD>wvW8w8Zse2NxWXv4;d2HdWCrxg&bINdz-wb=fl?%l|_uQWRn--A+$z2oz)
z`!8Hn#<|r`+=oki^OKh6_O_t$CPtNf!LR-j*j#lW4967*lYHJNiI?bMJG5#W%er7f
zf>;J$3=zRS0v9adfH+HGa}zNJJZGhB|CUx%kU60Zg2by`@CpjLpdwa=V{iRE`pm@9
z1%F4PNVF4&`n-tOwP@vz)LIS)`(^Guycgg3cF%|5pWl;;=oTNW*as(S>`MO5TOsrJ
zZ`_G(XH`BX->UK&FHCM%ZC3o+fjFA4-v8-sn?`y7vwmlB#XGG*1!o1s>__o)^i9^F
zSTBAf1t*EI&YKzX+(fGiO%5;3nvByaLPy8wf3^bw00KVR*ggx3&cLtei|c<O`of?W
zH=9WdD=*=%x?uKNjs_%(#lU?Xm#QQhr4V|U3G9&hZGXF$qwsVUj-UL*d%*R~eG_>w
z5+IvU1|zp3D$>ad4gypR(2}tS<sNj(i{8*W%?|?a1J4V*Q0+2CMzRbFA{aQGgqWg7
z3QQNltnbjVuN6F#!6R`S9954+0xYapR%yRJ8Y|2zI0YQaf6_P;9sugRKl|sXR`1Wo
zTw+1fnT4ILSOrJSc%sR^8<0R>7MeRiMeiN=ph@wI8G-`c)4rPhkYH_9{e+A|!@lJz
z{oyG$G7{i5cG`oCEv5P+hu?dQC(`$Ov`fn)Q03fi@#+s7Z*l7n0rc}%jNskdVY9>C
zjr45zozSQ_FGO%szt~wUa32nNolg#Z-hPglIskq`#2LtlxbTu|>x=7UElAawR?9a>
z@Nw(-T5$-8ZpS0^IUb?k{woq&WDFsziVxN)EUIk?JO@C$rPfs`$PL(6!YK#ws+{pt
zqoyN@>EZ9j@Hh;pa;+@4--MTmj%D%AwEtE{HUK|VX$k-RhhRHSY1L-?K}05n-LaCK
z^)JTjjqJTpXNYX`XL)nqZ?F&b%0C%Z5RoSg@US0#<Umd`;9y|i28Fc^Jxw0-1-iEQ
zW!C(ZDE@!cy?cC|Rki=0v?)v>?F6V0q}TycNTEQAD2cQ>=>?zOGzv;Z&}b2>fYx?W
zDzqhG66kcO)*IFfT0MG1kt2GrPC+nfXj9-63dlteEvTGl3<cyG;6Q%w&)Ux|(~4jJ
z{0%Rf=h>IF*IsMwwbx#IJ$pmcS`pv>Af^RqPK1_QGS>?=WX#P18v1!z9#F5*ER+0D
zrehK&Yfv&ZFe(EKnp1WEILZ!g2;!Zb?G*-aSM+cFy|g^^X*8~I;8&5qhkV&PTV!Dr
zSiDSM=+I#HZ^dD{m&2{1{)w)BhU9QZDT^?1Mz1>r9l0^cu*d&O4NM88sm(r<kTgLc
zO)6C}x33c^M9jVMy>*x2>*Dvcjw^PSD5X;syU$}1)-kE}jVEW?<xVuL;!@Hjx>;q+
z+9Kq)?TiNh2&XIR#Cf+A^opGi1Jmr@x9%ggI^Dyl5hbJYyH(!q4oY9q$#dzEK=$@3
zBtiAxi#jg79E#^yHkp#;g2t<JoVUjjH;0racLjp{c}kX#qt~SgVbZxI4L(+SJp{Hu
z@4J)WeBp-L;zOLTgr#(BZRxu3tzKZ~0ybGKz+zOo=VWrq<Nrx^hr5c{BI1gjyVaJv
zL+PER&js+4P_2N`U={{lsTiU#hMlkSrC1@!!U@bLhXpU9U}<{z_A%ZDuc6WC7s`2<
zpuvmgXgs1r(+4YsPyl<sAfm#J(mN^3L!G~y$(4Dvk!f|+nEY$4t4@hZzsu;Y(z5id
z^sgxG-WZXe;>F-&J1^cEet<K&W}HMVeVciFYKFHCJ`q9;i*T=uNuw~4ru07wq`|8~
z^d%U{c)9af1JEU#b~7HjfNky!g{>$4_cc1uA#EB|jSRP1*2Rl-MMf8jg<|%_dNZsX
zF73WSnpl3Pu2-IIZRM)+ElVv4zX~8c#dM(%5}&<?0~NC%Wlf^c{izswvTVkeriUWg
zg1&<m?tq&L{8#UMGyMO24-81OO^a#?4~U#S=u7ZVw0$F_a&3PgZ2MOG3=TWTo1xxx
z98gl<3>zuyOoW%f>Q{l^p8qlYP{QV~lgTM71H}QUGT_6=RS8yJDZNRWG;^UY#ft!6
z|4Es@=25GFzuLjikQ^$HjXQuLqc6X0|NP&E^4l6^*X7Rj7H`8ZjDFmz1)ewMPOi7R
z<P1x)I5wn=?^5Tdz_hWD+Mcbc+MXSg=#S3QE_jKS3T-54V<OYv^}1G1n7b3#%n}$F
z?SGOG8yUPIxN5-3KNg7Jn}JLA1`(v|1STIQ^HG=!_!xlGN3JeS%&^6Ry6$la>cA|E
z%!%O?j4JW_K&Rm9SAG>O;U4vGjG(hO2{YD^k82i};v#s1R&sWrNoOc2UkmoQlKSg?
z8J&ZW-h4(4+Z;|`6yKd6*gyZjL-~P5mZ!A|xYrr-eD^1xXI;9x2W;$yF!O{T;4OX#
zKj@*{|I_g~R$81clj6J?xmD^q7A3$~$84^7+g_>2lz+sv0!s^VZs9r+BYrO~1c$W_
z9jUl$!an{2@?*BL^+5gd3Wj|pz4qK;^um&1Ftfi?BiHm{JdDu;k*)G)ephAKBQjrW
zFFqI|e5!*nk@Am6qz7>myPt?}B1FY1>?(~L{AM<qJUqilmjP|iK)~p%_jD10Tj|NE
zgnYUdLg!5iZ;u;(b^hn2-)v9KYy-7Odrb*S@NK`wrduimCM7#OtsI)Y%Q)IZFQQAy
zceutFwNfsPQK#zsF=~mSk0Qu|B7N|`s@_<V*kUL3@kS;Cp9e$-IQ~=<z}O)TZb|*U
z8ZLpdqqpsjNr7QdvUex2JEfX$3i&swjwxny_;wI)#wWSgtW~;YjUM-oU<Jyt#~Cqh
zeCf8Z)}xy0?+V{`@@BjY*tM5D3>bdI()Trry5fJ~dOfguG5<l<)49j9nIJg7BJQ0X
zi#tz)Dbg1pH!mr*7EjWa9B=w)z{L_Zbxieti87^rs24?dC~^zKJ^Xy{%cBkZ=6-(+
zt{ju9sKWNnO&|<vjwr~SI{+;c(l(M_*i@{BZgu`W+ki)3nyjVA4JKG}nyskF`JQki
zYQXKWcq8y9fC<Cukf_XnS)-z@SKxZ$j}uxQ<vG?B*2=INk(god?k2Ic;jt|B=<_AF
z^R_eOSs7Jb-X3T@Y9{6B#O<Pp;&(N$ieE9St=J`S5)BkSQ#b+-Efvi0Zl%*<o8Lgb
z?^#U|s!U0biKiE2G?Den%yGhX4kndN8l)KJ$@Xs*1ugzAh!$v$yVmkBF@}$Yy*P$m
zL@@=;9Gi<OWG#hT7dNh`c#hO`j*XGg;SosNm*IcrYm}B}mp7OG5de}RN0Wwytdqef
zEA{@<wGeLn6@j^YqZ1c~eDMT1FyW@x^5P`{(Cy2<<owt=NSWp7fnd@sOw!#SQ^~^A
z21~IK_Tq&}?8`GKVC1MAKS#njH@<7#_72)8-F*XPC4Mf(&_%hWyX8eNY7MEmA`+*%
zP~t8Ae||flv}F~#lob^%+6hV&#I3t9?CT2{KKfi;OLhODyAs6*tho4D(ih9(Z)n7(
z{Kq6|zP?ygy=PW}h%|laZ6Vz60yk=Tp!4g15vcO#0t%3ql!t3gSe}ZdAY7kS<=RW1
z2!I;Acv&U_M@ix0OMFcx?xs=6V{-U)`axpGfAIjanMF>M!21t<*bKvT_kU9$g2IFQ
zmP`8y92(P6>JEFknd(tFBgJ12bpW#laD~L2)*ID^OIjWzF?y5^`Sg&nF%zw66EHP}
ze19FgVcfK(Pue=(x*eZCPw^h4HGH7fMG;5#z>zJEZTQZh`LMhO{;`l*0x+?(GUVOc
zFJb10-X`;g?SC3(jDN@ZKn#{W{%>u<52I<V*Gc}J*GEUS-+g6B8g1Pm6X7nA5z$tA
zW^bJsmj6~*9?^S~@~`&>@b`q}k*_x?ztF*VqM*T0?A%BNjS{DIl{R2$5=;MLba*L~
zck(QTp!hT`KY%3^&LVS}$Z-@>+<ws-?gutECt_igUD4lLdkudl-wq$FBjd%frD=(F
z5fZg~9_^N<2kHJKkd;wlGn=prN*z`LszY{!7*Q0-(oFT@RH=xBpfP0${tR${J8=kK
z1-|1PzH*$`UwFsTuD<KQHuwhb3!J~HN!=x)|C>|_1K3mm<@Bq7_xkT#|7E(hV_Gg?
z2g#E&I%|uTu@-mpK3GxO6gc25BnF*bhxyERt4u|{w?Fw?gM9x0X10BRD;zQ~3*w>B
zme&r<nqW_tnI+jqEDA@3vFp2beq$J{83hRq%xY6v-WLUb+w~VG|BLQQu;M_G1rI$n
z_bFdF+P)WWED-p9Q69a4LV37PRC<$AQ?dF_EpGEJ>|M&5tVvh(%0`k32v3!0C_NN*
zaxyX}a;c*k(F}|HRHGYAoyze|eY<5gH__-=Vj2!$zv0EST?uB~)t8Lh(^vgOq+-@g
z_dLc^S#b~*{5kSA;}0n5sN;Me6i@iv{il@;3M<DTiNk!WIkT21xl>Co2YAxq^QB-&
zrzf@k_r}1f{Z|CjLpy^DxHJg_ig2=8$22xOX4bd#EkDL9OwitpPGVw09mVCfyjW3a
zsUpiBqc2ODjBR%|qqd5Dj(+nT{q&JB?Pi5NLj%)gpijeEj7a$(Fyzm5Cr&kKG&B`@
zgO1o6uJBBu7hDeV3KNA3c)*Y0U4#Ech{h!Cf8aYt{%6(p?H<*_+lm8Gl9QOBPiE@G
zig0f|Z{^Lt>aE^UoL{T`GCtx{9K)olj<;E`j0^0K=h1K6D#99W4`W4vyc@_%SU;rP
zQ2nYE(MeDFUN4!C>7}8(ERm0h$Mpjh_Q6E{qGW!?)juVX-=55GbomEcz5*%+T5VwQ
zmlXwg546??e>1_~M*Ayn`3IgI^o)@*zt)}V18FBPTqYFmC1C0NWustlz{p@A*v<?F
z#pk%EAs~yaY{xQ&i5?uc3VqzPjV>APwQq*cO<!>o9G`X{Y3C}P2F_i6wvj$}aOsFp
z6d&NQ1*EWDkc`;;JvSIeciIq=#C-X;!d+4|oJ}E9=bpgHn+&mPPHNw%5jm??Qm}k1
zff;9&|K?Hx(a^=tu4a97YHix!!R5ib)0<~C5^sG{ATeV!G8IKtDHyA63CLG|!hv_6
z?QkBe8b+VFHZuM(vg9Q}_8o1Q-WbhJ`K@98`x&~9Ajc+~v=J>q8cUPvtmtEMU)V8a
z*S&t>-s(OWw+L2A**Gc@?iy^&$+BTm(V&6ub^h|3gZ6aT`AoV8xJBj9@G$L;@?X&e
z0?j&fAAMdMRxSUOauTKZSD~*~Z=sd&zG+ZtBtKXHGRLR8e@4wXso2@eyR*?ZBy)<L
zaK@|xt^Dg_U%ty|>06VIpcL1tZ1jr3*~`0EV8GGw6ck_&7#*x>_YI~y`klavi^Dm&
zHwj?M2EnstLn|u;ROhd!sAW;aezcpkw=UMqANd0c*sibrm-&}1T-59YBt*(M<@ZU(
zWSxhw^w)^z>;zk$qYTs$Nk6+@BimN_iuPasje*EY3{Xmv1;P>84R4eLHsiU*6ZW?7
zIX^TxcbdmwVf_~7c06Iv7}P5cGnK6z!W3;PP5HGBX}*oNbV}g^M6r)7^(13M!r$nC
zqo^}NHf$w7bbk8FJ(#fR?hE)gKlGvWmyfd7GRh)9G%MZxiapFucRyqgXQsP<&4aq7
zFUb$o+#H~6z;**Y-Ho$Dz%E~w`y@beXXJ-w=iZ(lI+IVBKn7A89YmDjzH$u%%;qj>
zX4b66lRcO+gM7`!l!m(d#eTfqzE`1*%%X$D0lPxFzHjjR`JqL*cjbpZp<_-LcWg-C
zHfpW(C7l|~R|23pn<Mys@*^z0+G9lg^|V-)LI}KMz&Kt>(@Dw?Exr8W+&TH7Pw7Cs
z3v$Qghdz_;IXbQ#cjKCmVNRsTc`jWy>bdkmfH?+K$}ft04)3_|PgVHQIL9xk#XCvJ
z4=v9%<%e>)Bl1HlIdPGs;wZGTX!94kUH&mC>CM*FV_;AD8wn`77q{H4gna-0cJs68
z7VCMYe9B%K#(_-v@VzpE8dYS7%6Ev$hePFb&mM^xP=`SY5i38Y_YtkxT$?H1?lMNZ
z`yr*`YFv%$$q-%VtDm0|^DantpKrv5w(IwT7vPfHD<i=EqXutz?g^-t?iOc_a<fS;
zU&dSIc%5;Rjn_K#f4!D}cP?|bSqblowxv@3cNBvoEm68B%!BeS&)sk~LW5N3gU47g
zn?4FxDY1z&GXxB@_*YT?T30`d99`7l@$WYN-+4j$q&?}Lr5ds8KFhyBdhO(TVhYII
zneLvJOs<QPhmew68DoT7OuO%b^x3@uI6vK^i6y=675-%=ntFnqNn`YM;<T4qo?d<0
zbLpuM6n5pgIcM?RYiHM<^j!M*JE`0!0MDh*-Qk`;QZso&`z#^k4{vXIdet2|L-Hg7
zbWa4-Nhh%fvwe2WNuP3mPd-5bHwV1@Xz+SsX;RPN2VNd5Jly9`>U(ue_12)loix}~
z`t$`CTo7fBQs%c%Y_+%=stB~HO_ZHhc=(@Xouc(3r@_@U6#RVe{>I{xTl8i7MG(m6
zFF(kU=3G(RzZsgTN3LtiUv~6xKMCZ1Ebi}!63hQ&uPdR20X%y6E>|Hzpb;gOxeA?*
zc+XC|qout1FiLDsw(;z6UrTva*+E)FR-JD^L~=EgzM_>ux)0pSQ%Fy*8^yn+KZRl(
ziFoN{6Y*?+dYx{+Ed61x64!(!N)Lp2nDlNCTpH$)u-AOJ=SC<0rN4yrL`<XlOzMF>
zt9Pd$N71ysXWaX9=&#b>!fJ@Kt9GDkE}XS1#>>U7y_Mk==C>@S9#Xbuii^Y4j-muc
zt5Z~lc1KwBuz8GxP2kYU1C}49on(U5Sn1)|!_`wYMNw`k|En(<l~%Ihp@_~3NZW?*
z8VnqeNqgk6Uj*ZyiL+i?DXS-y{IE|EDNYk;EAcYN&||b53m2VfQqjNl4j%oxsi70x
zZWV%Z^sbmXypv%ht8;>_ouAX;7#@e2v@!V8n`;kQoAUaeu2I=bexHB+{EoU26}DG3
zRlKjPcxT{q@%0G8_(qs7z8DY&R4VoBV_0A4KU+AWyP3C6a9#T+{;ykI`MP4w<SOuH
zuEVa+te9AOEhL((Fl%;{YnE*^;t?`cYYz8{2~Q9US1a|$7eY!3yS?zc6<4zKb7|c2
zK=DUR`C&!Peb!$c)=%$M|C9TyFE&Gsxf$DZ62id-ORxi1!S5p-eCMT=e{8t(M<C+=
z_`Cd5b*1$u2ow@=|HLrye>#(YW<N^k|9dvmJ0h`qf6jr2*x%~gmh89HQ-rMbT_O!$
zPsf;1vmtCB@0Vv46~L0#N`2>Y2SewuLf|?zb9NJxM2(&4>AbCm*;-*{#<_j)MM$n(
z+t|Q$gK#zYRrGJh&sF8AOsV%Ig->7#YFw$Tf66%iS$|@(i!(YwlFhjJ)&&rG+aNlk
z6G0hKRb3Sb{+gewRP}O}5)j*eot3zM-2`a!A3*j$#}o0icJgR069+8@IFuG!LxA&V
zPmCR&JD8N^@C2%UgU{O^_fJLt9=qQ4Pkx)m^zUYJnEt5C=jB>O_IK!1{wZ6&MjNGX
z20ikMS9AhM$fBMgoqyr;Ccs3(Eu+lf16wZEpS!nQrauEZnE7bVpYJG9bAxIMGCMLB
zaya;tEkzaEv?Z@U?4DJQ&lwKCrm*Y&Q*3F`c!QQz(KP_8^wm^z?m~APz<#+;3N^O%
zx_$se?T_k2)P_;3=9R9e9r41y={e9wUK;J~NhTgiKC7TsOW|+Ebuwg@K-T*^m(c}R
zaPAV@dhSM|g0mQCtP=m#ENGFRczh)GeR9W!i+v%&86t`<u|`W7AkoV@e-G{XDGf3h
zlyOw+>RUJSrMYrz^c8j#u3$x3Rmw7gtS1vcuAZoD?c{b6IhsL#3NFO6z$WG29|}r{
zg!LAdw{Ev!xM!^<wRLz5l#juF2vgODPKEqj`%~9H(In%@Uz2-B>4t#JUa_ka(AKHo
z-i129g~LiqcZ7_1jSJ(f_5}m2E0g!=6gyp2A*AK)CtFYsORb+MhZooamna>wB^M?=
z9wa%JfWLJ-qW?k#z87C-_}0Ze8$6Fi%LEGsg&rk#%v$bUGm7syUP+-LG}O`ci$qC0
zjUZCHW?Ym2i)v#?(;z*JBu+eGaaXjz=O>lzU-<vt{uFCJZm{=b&;ZM_YE5)vP@TTM
zc^Ra`-@e<gkAV!H%kD^^Pr{Q8YZ*?N^m=F|$5Kk6VUWm9x-Qn>LdwcP67H=PhA5`b
ze`;_Pr2OmOA%1VuI2YUNxKwC&$m{fz;x(};K&>sT#}<;e1^BF}CkF6q?`QU546YYg
zL9{PhA66S0x2x#0Y7ZMN49}|<G3~@1`WXZ@QKiaW<MHDEH2OEj#RoqMz#3ybGtnj(
zUAk$nZPQ~R1ziq9UQIFwvMJe^e08l#)ApP`)qt#iKN|(y__Q-7*~B|>HKSNNF!KHo
zo;3n(Qd`VOr8oWq;00kgPKBG91$A2hZq+aSvF{Yl$ok<UoAjR*smbX0U*-rQL8v+#
z$<arLhsC}823%$hd6?Fa*HO}FxdBSWZwK=h!eI^@4w-h&UvU9G$_E!38>^e~k=Pwr
z34y@nEj@p5>G1CakdLJf9+igS{-EBf9k8Sk;Vf(M9MG(MD39Qq{6$nAu)Bg(xW6Jl
zX}?~}oQ{5N-d@vC<+l?}V;wu~5VYnM*yk+l5=5vv2dru*SFwd^+w^la{i9178{K?K
zx_(TZk^ucQ+mi{j?o)ZgsU$v3EM}XfB%6x!rfaj{Ybq(#nx+sWyiu%xTQ%;9+)^o|
z`EL=om@RLBkxji88*xJD_-SM@dKit<DFZEi++RZ@jFv_f?Rda3^RQCq8(Cv!Y?pjn
z1@mkX`k7NyMTe$2#5*{KLvx%y?Ut*nY-T)ym|<30tCrNe`qJA&Hh%mGp=YPeF{5~e
zZ(AW&C1axT_!K=T|B2}{8bb~K!^h(4*-RQBEA`J0)k-iQYFjy>NNkgSeCZ=$>yJMk
zMB~VMQ}}iet>UlUG-5PDsBEJIC6XPjGSC}q>!6=MkJA1-?oDQ!oz^kIPtV3Ym_GT3
z;x-%Sn~;YXMlrk8=;1uc4u|a0;ayRQ=qTCT(NUU{TKZk(-#40n&SN=X$|x$~IV16J
zaY8_QX}5PzNn$WyOcAg_3}yGDT2lUxbo9(b(A-(i(JPGYq@p^~G2UZ#g8Q`dAVO`I
z14`ui@Bp6!^de)=!6LQZOvZ^=P`m+6+FuQp;#E{dX3SUZk7KnPQm|v*ma2>!QBPux
zO4cY88{i=>te6@*#`vF1_H|f1rHbI@iD`794>b4P1f)TnVHN$qmTJfo+rn<F_<uy~
zgkENgK5`Vo=NJUsyIV4c%7!QG$xd$~4yurCx?mu?ax|&4Ru1I93&$|Qc+1xXrWgZd
zqo%2N$lmfHQK)uulPo93BfIAWAYRD$clIcMl@(Wb>)C{KcsBm=gC{pQmtvlZN;G0-
zl1;yBLHRhNg?Xg&z9Gcv$L!uqlp0yze_)BN<w>y4Z)r3uj*4$6Y`_M4b;sD!hF`Q+
zu^GDCxW7Ldqp2!4Jt`~>1_?C(#z@uq-`Qj)b6oug;!4I^4((O{Nz9l*DFd}%S90xR
zs2Tq>v-y7o40S>`h>F^;f`1o(-$1Zc7{=Kg@w)4ROIYhPj^vgEw63=_6t~=mB*Bd)
z!H1MC4z<ShkBL9hlXR`loY@Ff$$f}qs;<T=c?IxA?jgSL{rV=uSK*@S2Yd<lac{m8
zfRT+~f&Y=;b0i?y83)Bq0BL86DfFrkr^CQ0DiIC?SLQomndkqQD3jjY`D?&v>2h3D
zal55em7Kwg^G7<*kl!CF#sYWvnF&bhj{ndJ$^61u$^2NAcOltPV+j@iO0s;c^rrdk
z-%3=7HD3&4z+&9!NL3l*A^|+1^5&zXlQm4Ls1XQHl;wI~-7jc~ANeEn;kCw(OiYaf
zKPdLCVjAyg^>3T1Y-gD^c1(*)bwD#WKn~jneScz5QA_^L;{gE869)9Vs49U&aWOF;
z$LE<2(3mY7_LIJGn_q~d#O!s95_*>DPj9{=<nSS->q8-U`jHS;@d}fC3CSU)zA*pp
zFkj&?O>5T)ga!uC*SV3BoSWN(nHu}&^m^<&MlZ$*9UvYuuxLKdOvvC`D?=vT^9kPK
zmDi=rwe+PnUU)4bWi%-u+i_f!yw{?_f0o8%;JyexG3h_sW_G8UT)C{NkdbySBTL4u
zppTEu)#dOt2J&k{cTHkKtXW)VLz`=(GM#D)FQnThEhF_5m@UIQT52Y1aoI6pORv>K
zn{MLME7P4vMYa8@2tW+^-C?tF(g}MvwkT{Y0%M94<22>&rxhYhAi>2aQ^Mk6TZMez
zfR98f_f4q0jwJx&&SK&L8%&IGi+4H^3^a2E{DlGhXxO2xY%YZQ>F&Qcgra4T<v5LC
zaLh=OMNB|IVo=96NN&7;;ZYhvD5Yg|Gn!C-eRQ%ytdsU295F6&`lm*uI~>!$%i_MO
zM)5u$j+gJ@>xio-w9W&QlI_KYmdQlv-mw11s9%0Ns!Ob}pY>CQtLMHy*=YR0OKMZg
zTG<M5gDr#=Fuk(`9{1f~WmF49jaWupS2V)Mmm0(TryhhVfae3%2LJoe%70geCNRR8
zsPb-%b7op(e_zCAu>WbIW5B$gfnI^%YJC2(w;2{Tz!*XA4x8$tsR-A9bH@1w{q{FO
zM5(oeH|5#|>K;k|FGKjo_a%q$a|`LowTMvAlYP?r#GpUYSNNOcuf#`LIw$CpQcTZ2
z@Fzg$!k&Kf0bxar3kGJc9F<^@lg#04!arANTWK^jSuU)*4m6lycAyg?S`|C-3Uf|x
zZXC+pzqDEWku6o6+33xXk*T0DZQW!f=p?s0<=_7Guw)`PRFnP_EF(vB-3VZ~#PW8-
zH&p1UrjVbxw8c|~uO0u0aW57+fuQ-v{|yT=DYD>;m`F!1jMdg(In`jFbwA4dEc6pD
z6VI5eSqIZs*9K^D-_&nw@IT%v2GZ1ItAzSMQUHK7|6nu^$VQ`V?rQb5$p!9+)PejF
zV)c%As!0>P0P*E`FyGgNNbUJA95p;#-OE8o6Vmx@v;gi-EyaK;EvM>uW@kc^e>LUr
zgr0DKB?4@AULXtAnz(v-NYixBmswNz&!4O?wU<vdY>Gse1P(DfQ7(>G4y`*b(&$kH
zi`2S*+GIW0S&%Wg@NG>T(d4T2F*`oQ=eZ#Q7y!{!wi7m$htZr758t^@uKgH&TEVri
zQq{<Bg!lh)gi64cbB;;QXcsv-sG#NllNH*9c*l++_R{Z)h*X?#r+GNW$0o*Pco4gX
z?u%yK*pVT45~XzaGf4)A6qb;UFRcs5_<!HKw>Hz^g{7Z_CB8z5Xo+>|El@*Z?cXdD
zh^M-eoA})_CRi5CFdSq(<}Qx8@SFD{5X%A*Cv44=;hL0t#s<boHuf$&9PpC*<WRVV
z4pj~XS4bRLNv{93=i&5Qn5*MvvugG=n?IRt;`EZ2Xg1w#_hM_<KU<ICecx;Q9@w_>
z^T*lf?kj%+k)qYT=8s#yA|5<Nhs=VOYn=}cBXRt%Gt7Bx!^aij8cqm6XS>|Ex8W|w
zz7gX#W(>)F0PgoOq!;KLZA|0~Aw*l2n6qFqkp+WKjGKgOUqD%Kkoe$zhHmA2w|;}+
z8|(ArdhD)H60W)@F}l+J4ir#0*#3zI?FgvOYM*N@_|Dj0{Hhb6c<BF|Q|JdFZKSmV
zp~mS_Ih>1g@i8X1IbNLzw#a_71O_w0{G_IGaqlTbBJ`n`k)FdLRh;yzaB7Y9>n|Lr
z6~Fes@#65X?SfkK@qF{xmyMq8dmWn+;VxdCwL>WL1oq~{So>_4XaH;=6xPC#s?yR4
ztxnrqy<PyL&r2%#w=if=LR6<6p&Gn<U7CdTiyLGH8JSS*RO3d5_r=Bd$V#bDB$=j?
z2|u1UV0A~rW9dq%k!i6hoIAwtM-XG;ir)TG22rwaLG9%FbdPnP?`=BY5)kCFt49z7
zJd@>Td`Y>APYCG2Kzb8;#N%ngtR#A8Fhb+JwX+kd5&;Sge0sG9trPd^a^gPxZ@cwE
zsz0Pg62BwE{<N8I4avK{_-6gN*p)|Y5hL+;Kl;<!F3^d7@hC%DznE`(v3$S~A5o~-
zDIeZs=4%@wr<VQ_4EYF*D`9j0FMp46eKphx%kNUp!73`srFww~cm;Xxq<{GN<?SQM
z*GZy8Omt&t$gDW_K+1gr&5JmUbb-OlSYtRtlEJ)YtQk)y%Xq?f4HVROHDdu}0&*8x
zGjY~~h($6h4p>g4dQH5z;OaP4ksX|QzRw)I2%fjk9Be#KnrSa+W65ZXGMqCtdc}vP
zhJp?h=eF_bk^3l<D=vP_{GTl86rWQZbF(_M?20QWvPGLIMvhVSj;WuC1^MJGGkR3u
z@xxq!hLTH)kH_*aV35UoFwHZQv+AX-0XwbjaF3yZrIw**N-uU~#cBIkI|K{efoukm
zNK_9Oz`@4?n1#;zyoa$8PCU8K$Nf6{J@h2l(p&R(Bcap1g-)u5JBW6+oVLcdNKCag
z?SE;VoeDoC2K8M?6q7mZ-5GM?OEiO>I2gMLIwOf4x5qA)Iw&)EQ|ZuagSBhh4kncg
z8C*0M{@zrcKYnvko~OYC>x&V3ggoz8k@f#Od0zI}n8@KIo{;5b^Zn&@PD}WgK9%4I
zHp34gr5wHEB4>!suZqEiJo{=-z_ZdZAwzzLCK~*4$O`)#6WII{tBui#_>)-Wxb_r<
zUMlTFp~=LUXjnMWvwbAn=^d5s{y*A^Fbw*Du{{nz&U5iMdK*_Bu*$+uF8d`&8b*Dd
z*H})^pUzY>=`hg<8zxTw;|!;kZJQ<cLDK~FM0Ui$M~*`gU1}&;<r@zMvdwBcLYV!+
ztP&Uj_5G!1j|^twe{_#5^Cp!56@@=^8l*l{Bwyay(AJPdb-5w=+Lh+??B2<^iICo_
zzJ)xj9imcHCNK%(qT%5#34Vm0i+{V<G~|8;-l$~qveSetIIqG*<Rs?h7`I?Dj`{SX
zcfr4pzePlK?)8-0Z)7S%!nU&^AD2zRYmccmWy>V{io~B?OI0_4QhvXu6T}*6q0A?w
zE-v`k9-3Y9B>y}w%cXL*HF75Hl|ArSDof4dw41xMaEGSa|CC!F9}d{gT$=RVM3esP
zD^#&!GKYi}^jq)XXV_9xaG{CoD<8Hn7iL%N1NI13U0`$+(XF=Qr*^+PJ}hs+;f9P(
z?Pe#haONV9Yp0kv4cvj?&F4zQe%;G7P+}_|(@+<9Vtx$tdLX1$QhpCo=cuFwThtyG
zkuYH|E$w<+AoH(xsT^&^MT%`p<ClT#Qprg<2eNt)@wh5(wmu%xnigZF**ZB}4U&{m
zt69T`2kUc+hi0<sAm#*vK|;o;;g2(ri2ypINGy*Rqb1ZNH9WQ$77!Aj-#s*=3TXl2
z#5Lnf?+BIQulh#N(@m9P?q?X3K?Fp)`$&<I?Y-c<I&<62TLkU#vUG%?J`JeAr8iI5
zPt=JtQ_Pu5kKBe1eT2}$D>|;Gw;<RC(zaygg<H<^sP(}n$sEL**RF>)c5I%d^YTbm
zSM7U$xJ{imc!euEDQj#=jDDlCHgNqj4o>dSJj~&3Qs0T#xNSia$8U)Ca=qz^HKfjO
zdzo98p7g)+zsx3oj`q!u)@nu^jR)@U-YL4&Mtk1?V(**I{j<IAw>1ZZEdL7iXB*d#
z(2>Nig5T#!9&NoN`KRxU)bQw!;(X&%eW@7o>36>q__!no;une=f$kN~@rGx%6=$~P
zhq9~ADQz$#62<cRJ6w&r;w-W<tELUlZ{utdkAPHHZ$6K;lQ&xVAZdcVx(ciBiD9*#
z2CRI%l(k+}^k;Ra^@m;<mNcYILhjP#mTpah9k@dHkcH5UsC{81|1i2HZfj0}cYT0H
z0>WG3Qok_%(9+=7hiB0*hq+h0!u74j^{Yr93qf;ddV@D4xUrW$yY+I1f853`rv@}P
zOsaDKCIzcH5)>R(uSP1>NXBDA634>`wv3TFvtZjT{cnc<>NSaBleY!kD1Rf$EUXo^
z=N5(<Hr26L+N)S&nqrD~x&acSY4hhe+LQe51$NZ(@ueSza=Sn4yr@L}I*U8;mx0w@
z;v}bZJAx9TTiM>Vt6h7g$3xiH|8@kJ3j8h(%kTHSz^K3MP0R0b<=qm`RF5chXoNg-
zvy2u^`nKWN#@7y9Onc)jS$MaT!`qGSO(9IBO*~6&`MFbsW>Az3vM6Ja?Ka2&AhaZN
zpR_GsaeG?m=xK?b7*7khqk*S-CY213tG1L3G>Ui2`Mi=v&^Q`Sd3wm|!M}DoS$$x;
z=CG2hz=u`_xyG;_-W6l=i3k&+qw4%B=y~lbqkj`@(k=z+ve7)HtHyW9VajBa{?h!>
zbo{uG-Us4%#!Jqn+UfPx<P(TDbsw(sj!$AjxM92Z*|MQ^NqqP`+As76yKN8!SaGoK
zdV+N!wu1fY^-s!Q2tQFpIBCt;(LdU?68nyJF5a<xjg;<Q!-(_iJ~*N<<%%<#tn7OR
zW@bB~MsZ%2YbVuY;mxpoFIc)(&9~9ogyUZXxO$jb0p3g%WtonqvY*qqdQN3G6mtw^
zK{a%ZJc)lrh~)Ut7h(GJSi+GW$FV#$1hVQDqmd+RrSxoWks^%s=oRy!Hq<L{ClEys
z;dE?!GxaCPND6m%tZ7HVl)w7`u%zTLJ2?T|j_cT9pWLY?`0;2V6Y33jIdYak<LWb+
zpkYb^WG%fh>(hN|;D74_bjG?i(Ap?4BBs9_|1v<}6g`K(HDnBL706XLB!^$8Du@)Z
z<0@D=u*}Jj=`^Q}-FO`qLx^1)9zyJ5yom^FwW{IC5klyPfC9_r!kxo+GH0zhWgi_&
zmLCOER9>C18kgUlf2F$P7+dD9t+7kTOBys{p~j%!d#SpDX+jM9pKPER*2RLUn8Liq
z@@3d0h-ovU>SzDQ5%zktF{ZcjH~FVxe7?R?Aa!LgW?9_n&>_R-QqL_TNEGX{bk7gS
zLF6+g@^knGT*G8W0*dUqibY#tL#KlmtPczGG6OSH;HaLl+B`eZ0|po2L#NH70rpW(
zQBtvU14T)%qdCc@e_$`ps>?#{v2!!pQGF?QFkL{W-<RGK=KV6tV=pE2(Nxgm;!BJk
z*+eHgg|NDq?w$yq$sD7*<%}AcW1SSf2Hv>D>V*?DX3BFDEsd={p1f|;{nrPG#x1D-
z@ms(Ybv~rd2$^<LAoEo!i(>r4D075r@}Ia3LOmA}<43=Cgpym)ZDxA^Li(dCR?N%m
zOt5UfalJaX#g2e0eIo=v2k_-Vx1>+5FW0Xy`le!=xyT2F41>Dr+R5jlCgAj%G5(>D
zJT5Y%sLjBTH1fskpIbW&p5_;s0VmWL5dJLUZFmQ~S))C<Cc7G8MydAuZhED-3W&Zu
zs$Cvyc@z*4*uM!Aq;y(P++T5%>ER4$A@PAVFT?au;?y+o<)E776+gJd?AO0D1~XM1
zwPDch*~}^to!#kNNZ@ek%OU(jfp2J9fClq#O~-zy>&)QK6~8ei|H`P2(@P%?N{g#Z
zHMZmtn^P!<I)Ahf{$dDl+kZRuHkLn4L-|)mr+Yre!{E&^{nmFkw4o5({S+NJI@a}6
z6IyiIebersYlW{jOy!MJ3+Ub!txLOJsUz@q#h5MnQ@Gj=RF>j<g*hI5Z}Btfp8r<y
zrI69I^u^V~!>7BsKi$1iS-oM_C&|){QT4Rqe@J#z@$2?tkpO1&E0VtRnvME;=JI)3
zOV=4t2|8tkUeTcepL0j+Vv-2$Zk^wqfAy5~m2-Hw_wn+(`7^w=tm7VRFX7DZs(B{I
z;|by){9!C@uM(}dMV+y>evU&P=pDz$efkzjL7$SL2Om5hkv|gfk$c@aEMbtpA7UD}
z&`8PH+kQL)Ab$Hfc>~?nH+oscqt2}s`O7-*L}HX2PcxP~`Nv3TQ2A*uo$ewqmQUgw
zuV|K@NO%E95KkE19%L_joN2ScM6P&YeQ^&5l1)_w>5H0m`fS(FjW75?QlVzu;O)3k
z_(lhLYwRc$XR%Nx<f=HI&DV};F>O|3v1lm8fhZS}!U11Xg8<0%RVzgz{<jFO$Fv8e
z;U7Bfd2ZBXM~CoXAQ_J?bEE5E#zTW9dt?Bvo%JA4G;QeRn?O+;<%xh*t@u|#uW>+A
zFPT<qC%2g>uJbAFu|(G^p94xU_}>7cnY3=P9hB8HbSPW*t_FAisz$BVa6vxY)@r~9
zY(*(7WC@x1lba+(t4FV}K_fv;>XjyC6e+;b46wl`RWJNi;J@$-0{K)UP|cDGFSu<~
zpr%s3_40JHw1;~OeF&+N*6dGT^)SW#iRyCKNNk%4I~jb^D9j-CPp8AvWend@*unpN
zpRUo?Bm!FbFp?ptPR%B9$TO2=C;fn>69&zl!bE<1qmec2UZp%=j603~F~OPXU2D#8
zotrD_ECIceQ!O=#GdrgkO#;_r1--8Qyuri12|$U3Cki*3(1Ex$6;MquHDvD>CMKB{
zzEvNfT>*b*1YZP`EZ))}iN1&rOcyp6&zoNC$U?RqE&aK1G~H3J`>I;{J7{@ogMSZX
zu(E^q6&~i&<Hfxkn2r0ehNFuZ2i#QM@_ffAZdN&Ox|M%sGO%SPMdYib--!+%7|0wE
z1`~xsLaazZ{?h=%#^QO+#f8GK<qsVk5eGtFQUk$((tBZKqER1WgaV+#d8z=*-B&4~
zRY9L?KWFp@ANu3&o~$jlPDjS-igU9Jax*3*RDF-v1nVT<&+1Apd|R_6I=Y;T;mUFm
zs&a$Rc1dV`E4L=UotwQ{hkIx9&Nq_1&}};h6>hT?-r10mg#;&?7E-fYc6Qt|Z4XsC
z`0DVzCZ7KNG-6Z|YOMa|H4V&c7F~Hw73NK+)d|(Tg_&6ho`?{y=-<wZt$)q(Uu6Xj
z+sg%sheYSX;+FfDb4M(nsC=K<#|jxAzQWrAnxWoB)SDw_piPf8!qym*^w9_3aC*z>
z1~ct5$As)@?w{M@FFRyG0g0PC0?wS`lIGUp(&=-G?O8E+_4L`rh1tR*5-&a@HSxMv
zZcV7xG`r<4$ydvt-5oxyh1XiAJle{QVd&h}{G-FI_r5k~+I@3c9?8|uF8E09_FTG^
zBi=iv%`WWLYe!>iVd?b3c}^PMFZ`@W!mBlSV@b@{b}fI-{k}q^78FAS7!}*$;M}5T
z(!ZcU#*<+7QY&{vbb{8L>bv&Bto#WEYXv_}yvX>$cn_n@MsLS`oV_%#N5;MK2D85V
zOp*J0?L!n#29*>{!<GeBPHU~RJ}vP8h$jC-YykqK>JsaI6cj^HnN)%+1=1|Z<|BKO
z9J!w<Gma2rJ>R%|jw*4ie9eK`wOnQZbUm-_%ceJPYu>T^0Gk#8P}lELRwTY#)}`nI
zvg{TcpJCL5prj-t^~*V?zWQAZtd1HcqkfL)vgBoD26U`2D(E%tLZeq5;_KFcrq-8Y
z1W%m&R}SNaDw7xK6F2G21CU|SDmBdJ%D(mOiJvui8Pu(+CkFK)GZ<PfmCv7%xw}@+
zlV3+gxFLX#g58zbNDh_-P6msPw6+8PM#>-lL=1y5QxDb?hWlIYTD6%mGkJr)@><L;
z1b*E3ag!e7Azab_)t_<r!lA`?VJ=yp87FKX@n)^dNu-aRH0#w2_YXeEWptQ6iLN!{
zG=mLDgX`C#H}BV*HzQ@{AF7Vp9F^?lb?W7fao0-mV{h0?XRjd7(>S_mRDP&wS<3#l
ztk~b?F|K0VAqBa<W^Hw^cFu;krZ<nR-jVO!Rp=Z1pGy6G-V&n^-w!gs9gj%sp<be`
zO|GGIy`3_h(KraAZzPV%@8wR1!WL)x5gS|Rg(*KlORz$!Kc48*3&PYxl!}S}X0V<C
z8zP{`mzIaM9{bM_R=Q^n=AhtaxR9tt&mlDb<rf(B?$d|$Va@+gP5MB47%Mh(-4>$g
ze}Tjzs$Noc^OsqPmOk+QP6+3t1}DTjE@kG=e~Emy>8%eZx%+~eKMQLfm8|KXX^lv|
z#6?SC(U*RlB#y<iRE-9pHS)!MG_pOc`P*bo|LNz|6KYmjb;IZPVbQOss0_4HXPC5x
zr1DK#cZ9!+@iXHBu*g5vj#Ny5<VLiSXY7Vs{<Z!=s8r+L6CwCXfQMldMnRVU4HFL_
zQQ%niB*2Z~O}*W+pL?kFx6-r;)>C24T|aW*Y5@0-F!2@=CA3Yl?CgB1CjQ0y&4F8Z
zUUa%@Wok#=rQ=K0mr45}u9pS?8X-dxK%)aN06qx-mTCYF4*|3Q00gEBf#-E#)^z?|
z&@i3$bC*;kSk0!e=J0=5&1SWnDA=r;CsZU@O)spujhcRwmiPJF+xsuQzcf9}xt^TC
z{!6baO%7AOMT%`;r`O@pA1;jxGdh)#At}A?51>$bDWvJAmEmq+kiJ1CoC~SAp#(Lm
z?<?$@%->FF%>BBad*(}P*G5GOR>b!2Qks=2<Z1Q!CQlgWjHr^o(eZ#Km)w3bSyKL6
ze-0`yL^&G4v1cshzji&@Ro@CLx@@<OQSCn}yS5^GZ3O&QW!I0)&Mt8c|3G;S6?sct
zUXSvcD)Lskyw50a`pCS_O;MBcl<keo&SLuu+mn=cRz+Tu%R5+k?G<_0VXF7i&&a!|
zA}{Om9#P)Piacx})w@l3-4%IlF7JoR+fb3W$mLzByzf@zwY$8}D(||Hd7alq-Jh@Q
zn<}zzjIyUHyEmDg{!OQ(%uD~K*EKL!MgFIv$Ztm!dGe<edAOp8KEjKk^iw3VYRCzG
z74rG|CrmzdQLr=HW%#$rreBnQ<A{#4A~~0Z-Lf@za3X<=09&@&E+A`yV&0K}xu=-l
zL}S($DXKcPEHkU#|MFiLtM}+`TUi_HYsPgJCD)iZcwx9aNds(ru{yt7PwAeA(Pb_*
z-Tf;)lT&RuKMLM32&y=TM6--k+wU}UFwz=TvWC0>JO7<H$LLcQhg$mTHY(>|ZB4I#
zFAt?>LMpOlBdn4aw)tzWgU-)~C5p2}ngp*uPIiJIabR`q$1Zm6068K3Wj?j6Doy%!
zpoWj3uBPPUWNY|iUf>PP2~w!yL-(SEz}rk-?Ak=V3TlFhNh<fVHLA<@3IYC0eplWQ
ze=$P%+BmoX_YYqwAE#3<z74e^imlhOK+Bm#H()gI(micbp05U-_m^YOBnr8{0(?;!
z|Kf1zuR%GP)BbxYTfQ9?TR64Bzw@ksDLQESy(C(D@++si7xS6`DiKR}zfTo^r7=<D
zPA%;<u6tM{C@!qyako7dowPY$S0H;L-9)eWwM{CK-#X+KgHi{01xwu0d0!Svx>R+V
zg0w!u|M)T0eX3Eu*Vfe^*FN4zQMLPmbMKL*QZFg1law{(U#-ramVb3r?v(u43?yh^
z@#Su&6Zy>;<Llo#fBXiM!v<X|-MZ=rP@=IvDDM9%$def0e&Fo={~oAr1;xR8`6v8U
z;5*LY+bqkk-k3hno1v^@`{&!u?9R$l(;D(TC<<QD==3kZ_AoE<wO>jw1VplhwLcd)
zQ7bZ)OWB!e9CNP(flwI<8jUlC^_0<5)0?$6^eH5eu~(&F)DviN@M>P%ucCi9oNN53
z*Ac`T;=&=Nl6)OhSLNSE<uJ?d0xXCoy-9oV_jLy^ReI|egK;=t=8)?E*zD9~JTc5W
zImn|+<o!~4ZwvDd3G$Fh^1g9{$#qKOC@D{SK5F=9O6^+EsN{tQsXg4Xw!(3-llAOt
z%Y)%k<FfZ0tg@^uJg)uiSf(IDEOt{E-AAdxpgJpvOo-Qaz73Y%@ot-y7(rJ<li@$q
zcR`!BC;xhS^)WiLs_$`b!mddZ9*3It7C(TK=^<VGrMuD7s~)2_fhBZZ4Gf$1QvQwf
z>UVjIw^=uBA5hM{#SdD&;@p%D;h`YDm0oTcpH#gozkAY@U4?DK+o`z<pGcx6ZVOc|
zl=f9)Yt(dMgPM+B^PSpV#lP;nScb^6Xdw4}_Udzt-U<DCV^G^|QWguUJ>~BFlaq?u
zM|PrUcz9f6QU|tAPBJPjpSoAEPN7?jDW$STu4TWEk-W~3j5*nn7AGyd4gb2y0$Pa`
zIgfFvKi7$=BP6(@e@D9hH3F*QYY$_FyZGqfQfnv;>o=OhY3h1a3{J!h6z!@f1jyZ9
z735DTEe>jy>^L372K7|yulNB%RSbbP12pPt(fA=PIL05wK#wyvit=6k@Mbvwmq|r8
zG$NTPZV(-#(giCWy$-Jx0pr(Bx0c-nbsFQjiWn|bfjZH1I<0W$0dr}%qDrAEYNaYd
z8^piyI0?r{k3CH!$Lr2TCO>r^p#~Wv*@Os*h-A4{i8SGvAIi}CFA%H{XIOvs>a<k5
z8zNE3!XJkF@{dm{tQ{fd!$#Jq(C}I#fV@;uTB7$CX#hk@YzK}F`e`mTN+<hw-r3f_
zl@SoHxN@ae{CsLbF+JCPtuvQxvJW*fJ+EjkZk;=&*DIdaRJgaVJem_I*Vo*I!+HTD
zx8?cehuh^4{fv3sXIpV;%QsENvj4^T%cRiR3GsPEL&`oW&apY7-7-m8;x5yCKNT0E
z(>NP=PO~&x?%)M*(cUPP^3NG*BLv?inH&wcK!43>i=<pNE2sQ|437NmD>c0*=64G1
za+|}8K1_kGr*3rFfr4AoRQP#==DLV9#igefZff{ZGRZ40N|H`j7@n(+92kG;wEX?0
zYl49iLBii=eW$Boa4TJ_^Cx|eVRc(LtRDY5BJ3J0I#gtgFA1-q=hmSqyF{P2m;M-3
z(N%f=Bi90CT)33|?!JMr1^zm2q;}bU2y9jB+P>CKT%gBK+Y@0~Tw7I>=>9;bUiE9)
zxq4J#r^?S>yP)Cyxv|(2>F&FMQ~e^>?oo>SW>GJz$K0wv`E6AJDYc_=I;Q9BVz-fY
z_ByHuU9`S=g@L(?cOX`{BYR8u8|UIQ=lpBki(Alzs>FLO6h|gZHimQ0kXJyU6r@u?
zo-8nAPKE+u42mwrUD#CUXk1X3(;Rh;&?pc~bZ#H9QrUWyNN+A~;?LTJ+3mKBK{77{
zmsjG5e6R2fXI8J7?JeH!O&RbCuND4Lc&_i&N%<%CufDhM6^o8rUvrN(c8VWr`WFL*
z*`}?O`42_sBf~Mi#q3I@v>TJ&E&*?ofF}!pm4?S_AFw#IkHC$~K-}xPU2@(3CRLI^
zngyiJzY-vWTap>|TBS|d0b4eT3k3CCnI1V1mtd7_D|yA!y{-Ww2!<DO*yAjU@aKDI
zLXgnU`EO+(Vokz0_T~D$Dd_Q`)M}V}xZ9m$pBXo<^oYKz!NWUqe=ogRw`Mh`H_zLT
z=Q}V}n!K?)cpVeGHoDiE;5Fl3M+dL<?sZh~TIXJ?gV&V39$;@{>17nv4Gog|@&-a8
z>B6E?-6v(g!G_?e-#bA(p&P60oIN&QvRZN4ksFI_cUVbdNb1-l)vUMu^!DfQZGS3v
z;Fq_&su{0CE%s4^qSZ4*!3t=jEU{xSEHv7^KkDUy!DtaiEf1&N`a6J|-~Aqz9!(-Y
zD2&ZNo()@^+(`>`iA@^{<cHpx&aXp?I(cc;JuPiE%!P*5smLE%8FlCBAI=Mg)f&UR
zV)$EtQ0~Y`>JkNCMHqsD4~Ik>wOUb30ht5<HX9C?=H4GXos+ZOC2Q7>0*FA?`49a~
zb`r$CIk@VhO$|4C1-IyJAKqmRmj7-z3U@Y-5U_mjDClE=RyYLMViHfrawD=Ha{D2H
zqXzE}3ya}{|Di<(%WQ=bg*0A%@CYgj#>rt`Ixin%n2(5Yp8uWR{ky%f!cl}R>*KJn
zKz{e-#HYk1@>}<}LW5ruC*E8B0%g^>`&G#2xHgl|j7PNVCOf*3eR76RDnE2l`pXx=
z&fJ>((1P3-^FwFla=Il({bu7_;WKA*S{~A#QazU0EjyO|Md#<Su~l8QY)a|xf!{PZ
zQ!nK&{U$TbL8~+nSje2h+Dj&Fqw)#Q=w<mLP=nt?EhER+w>5VSeua2PR5E5+yMfaL
zy<;9oqtbU7!nkW7pSxv6htRj|T7FXLg0OA*6N01Z>-=Y~0fBX)JNK9Cg#gtpzs7+h
z800#@60AlXN-a<2T3Ln@>^Vr%#_@&sE%8QAu(BR)Fs)2za1j(zsu!Fg49}I;vJTRh
z`7lysU630W(ziz^Zw$;jS5uQ+eUl%$I5%E5z4UyOoN_hk;3F&uV0BmD1n8x^J4^%u
z+Wa7*&Cln$mPM0}<KT{Ji#r$Iu|zae=a?@KKq>PnoA*NbM1!LfUZL@I5uEe?Jvjeo
zx1%xdIyg5*a3=nHaE8j)GTcj>10M0M8URJnQ@=s-13|L?QW5ej*DO&X&*v>Pc~%gy
zr!ayx?9j{iw;f_R85NYkNFg_CL;!R~!?|($XlCv?S_)_^&#|#QNhy81Q|ZkMtEJ<&
zaX%9fi6WAiu1d>%J%Mlq><x2oEZ!jkyHONIpi9u_!ag<K$SK#9(QQ*)FhuBjX8CWm
zg`HhNle37bJGtWwL&htxuUyoer>+-#T5Y1n;$FSi`GqqD4@?Xw<+#bB*Q;g<q>b`B
zq&swnQUCU;lLvoML7y25j6RK`gobcN1ArI<La(%_)KyN^3_m7OuF1}`)KR?FQnC=H
z>WPzI&=&Z=s)5j{hKR9Je<f`ojzs{9A~+~#yy_a4>-y;wuUQkg?5td!ze$s)wdM+e
znei(?%@kT?|K_{?iN#HBoSl{K{$KQ%U7++Qd$`n;7=5F=_{q{eat3bM{Tp!AAn->s
zt)XX3^GNYyc=%sO*a};T51Rn*^_%u+*K0fYOJG0^N#-dAB-`{C-l3iQahY9$M_`r%
zEKah1_w_wI6jB{+&R^JDKTtEKiL&|;8r4?_GkcZkjX9M(ZK@IRcm}-v7kECUJuZZ!
z35BjUXi69t*wwC?EKE#SelKWC@;;8GQk7}nA-Kz&4Fal??s*7QT_@A)?~<DMm!11k
zFjqIhd+T9wv~HuhQ#2{mj8iuYyN0*oxN!YXbWv6!;dFNtQss}+7LN`M84*1T)jDX>
z8zCuuHf4t(8?~!z#!Uor`8bsd<u%=1Z<PWKd8|!4nmyLdc1!;5A&@Ojom@v>QSAET
zE#Bi@xCg~P)%4`FNAX?>QH7|jeoN3A4t|f;iVGLD>{xTExA=bM0vKNV7GpRQP(h1V
zWVA4+F|HymPMNc)oTpKOCjQeH%0C!~%@9jkdI2nxdUh7#3|Wln?yDuSa&_l<D7}*!
z`Js2DyFbfYtF6RtQMuNe_3whhV~*BK78D+ti=LTV=$l(y?#(THv}tZ(dE2z%1q!`N
zZyr6P6F}*!#sY;miA2wRLdI@X8?&Hg*NV)7mYvIq?Ib>`@Q61B&&Y?Gd1Hhw%$mAG
zWmWg>CU|H5sJ_SRWLVE1-S>FP9%{z!s2<?rG$1|J!Q~xuFe|s`&J)O5uh^pn1_{d#
zWVPm1Z!cdUmGw_r+P0*!)}U87uSu)E!gF4=@M<fpUNm^qK2z6Q@3NOLiAW<7;8Z<e
z5#Z5#zPESEK=~|T5EdEJ$y@8oyRoW3?hd4=)viw~f5qg>`TgmF{oo&Z_@ahI3s6+;
zF@t)^bqumqoKfz6rwRwWVn<u?Vm?lNZTSHqGcLJgLCf8j9ImtpjwK!0fE`}T5Wy-w
zRBxjPZ%*}XqPipN;P->hkBfR%y>0L>(TjS%O{Qu<nUUT8xM<+IE!UXqEdN&M+l6yX
zgjvc3hKZ@x;DSxrHST^N^rl%c0N_#6r+x~zl?|s~>BcjIPt0$A&J?7xTmHb*^sT<f
z_wyD%!VvpIzHf<b=%A$$UDMK`mo7}G^T!e$j-p5!KA4t);gj03f1et{I&hY2{5@I-
zA#(hM33dKv&LcpV+vJ|;%f37C%0GxTXh08_Iu`|fdXgmCv*}YCQv1L^@-of~+Oj#6
z#x#c-g(7Gh1+6B4*6VQ+t;!JOF*UTUAG{*rN*s<aGTMuO<4}f(FbZo`aEqy!7I`W=
z>fv|b;EH^u-3LJX&@K(bI$07>(1={r#_mA+ibuh^f)8lAfDag;u2}viih1Z^WfV^}
zw#h&8vBL9RZ;;hV*yX*iIYqiek#T0cs_xJwZ>>yrXPdPQEPH=tjy1M?QsLpkpMZY(
z4@(~nX|--0V?T)TmFaO|?-CYzOT6lBglG0n*<St}6sZ80*AghGv*jtxNU+r3a1YT$
zBBUwQN6;3f8|jpc0RN_!-;gb@vV6qt|61bVDkej>pC&i1Q>Wle!7G0WSdsx_7KX`1
z4H-q~5dn!^wR)DYEBrluTg?HQ(4!#9RDY1M84HXe*hF>jsyQI%?BP_uLSP+;Rk!|A
z5dY$Sm{vonQD|n<x8agVw9ow=dpz!N1IgyqlkAEUv&w4Fdg*3PP*7~L%U<=kQ4<4d
zz1*;}7SX4ejE{MQ7RW&5h}45D4QrSSMIMmx%RRE_ua7X*vgzVKF7+%tAWwrnK-y#z
zq?xgfc>G(Tzc|Z9@?VdfE?7ECS9o)BV^ZihQb+9k@|AkvzPmJozCqypulyd9u#ayP
zu~by~@{e1zT~!Wh=q&!?Aznd?!ZX2-Rp`xMFo}~5sEbdD{BnG#w{^+h#g|9LQ?B^E
z)}6us342xF4;CZ(b3n-xVh_K^I<-U$Un-id)b)C6$&x2RMeLzj54c8-WB8rXs8|e4
z!80;M<)yoK?=KJ>J-~c@kn^emhT83_#9#ITDN#IwzOewoE^j}*yI~V)tCxCRugW9I
zRkC=CWwJMU#WvP5XKBS^Z&_Q^t=t<MFaO&HQM{@nt;g&1nC|`}`X;QoS9_~A#FaSZ
zAgGiZE0kdU5~zFSvw*?Uugd*h*tXe#e4g)RE$u<2H7d<$>HNfVS9&d18_Ci=&r{o`
z0-V<={}v25!t6GA_@s@b!9E2GiCnStQg8vesE!z53}W{?YfwwK&s`}IHA0+gPOtW=
zH4uFk+H7n3sw;%1)_xKf|A!nANbQNGF_$<U62NTDgg`+WpmcO1f9w5&V&K+ztDvqp
zvQ!(@Cj}p=JD4QpKi-25Iw;8W@8_*NpdmDTXL$uGk88XSl;#V>y@EJ*cg%`u@)KKh
z1R|#HDO6(~uu9qRLiQZsBPmpo^6}(PyJPS+#6@2J^p!KmsQV&Lfv+;o)EU)IcJXn?
zRWD-H;{w*0?5<M{!tc{PPqB&M6?QsO4y>px&N>(GXnK9W(s3?&tn0Oa5XC%}@`w?D
zkd_V59Oudri0bgw_GU0<DAXg}^E#4e!wnbcaW13j5i+_THIamGGcp-Oz5A}{efI*+
zbCwBlE=jb#FM<C3h@6Dfp5%26>p<vq_i?t8k{2TyvS4gO#>Q>AU^F)j7;GKe;g6fB
zEz)Xx$FED<1KKBY*cAxG6*{E+Kj#x>f>&I+(qqHQ33V{A!(kT;ST}qb%phfGMA(&I
zVV}lPDEmVV{)xy=qGcKU>7M;bgd6A5!T*zZT=OqcoIVo8wm7)bHpTM2Lt^R5L`zv4
zA6_yA<paK<)=K2;qsQeYbtJ#7t~^x&+FP#XPsGODB<U4=u<i1>@X@8T6>}B`FEy99
zif54qO89b^o)9?OzvynbQ8mDa8LrzjoV?9@i8wPzV_7@Gkw*x$qfIKb)7|NwKO<rB
zAUxUz%sv5WI4+fhf=Cwn$699~eN{IZ5lP(f+ftQ>Mrjb5_O_?HXHc@VGSYCP)eDr{
zEczzp_LVN^^{6DKv6yWqd}IIWU428NSvt?h)r52Ed_wJ3g$m&iO4G^n1H+`*3yx0k
zA1Szu{A)Got2M=yE)VPcnUz_oCw#k?H>VQ|+V8asVWgoy!vX??CYIJls5*UUf+20(
zXb4A&^I-#IT6u)x{Bl%(q~g3zXnZ|H<J(qypLCa;lz)yq4fmJ-DtZ5W2$8Xz^4qPZ
z82z7QT6|r)NA7x$6N|IuPxFKlp2Q!iGbA06tKL?gY62>qmhO3%jk-Xu1v$~Y`4{H0
z()l5tTT$wv8ZGZ2OY^jJP0t~EDW1{pl<FA0A*`rbbE1-7tSdjmYy>Yx+8bm1*H4p<
zd&-l=gOVofQ;b;RZgw2a;-L7EMz8n*C?8B~QW$7^$s+b0FByB`p-~TZK{3qR*I6tF
zfdVtSCz*(THY(!yo%0+%i?pB9E-ri8d*TW6{N5I|T4SQ(srfj7Eruej=s`PwGu9Oq
zY$RnVfA@veWiJ_4ivp}5Mw46tSsCfgt-r!4vykA3IjOmvq&l~HhgV#!$40OE9&g%9
z-n2(s)4yq*Zeh1A{maoAe_*3>KQv0ZsQthLJC05yF%mPns=2129s+nTpW1-mj&1DW
z{v?!TH+$2DmC)?K4lMsDaa>Z@UiudUt@-Iy)g9wn)0?;29D1ho!pQ7V9fuPt7F4(g
zM-ptzrWO?L#vkGh4<tb^`*8$li~zB=N_XpXIeI3~Lf>v~Xr8`b6&JNw&uSRv<B_v5
z?u-YX_DgrKSNRz*@$<RQcr%#SKF{7Ai<3nC4wUVjMhR$cGEW(MI)Wz)`9RJF<}?AN
zYWtk3YGj1d%Iu$@&GodYPnHw`3JciTAN+oZ&t7>=gZY1&m$B;z|7mt(d5$b5HQoBF
z>V46W)(5r*lznLK`r10q6s*%eIZ+AaO^ozd65V;6r;4arpXX#x;@3@Ywq0PicF?N(
zW6kN`%o^n)n>!X1=hs@C4SVCvN$fzOo(Y51SLt*g`LAs#9zcoWhY`VhZ4~$`Po|Nm
z0S)DP5&B3rU-%m=Q!@Q*?u4NG2a7aXGkN%Oq4y@=gWme~5dVv`ujqDI+!o@rVIq23
z238->q{M-F1Lo~6E@Wo_YT)QX{CB7M!ag^Cc)&`odeEA}1y<ANGd8MowbApajz>U9
zl*!$zD8tdK?<BZ|_2YwH-xCO3?OQs(;8y7(N?q|lk>Eoy2|7;FC${JvX5xvEg2@?#
zMGBFC@7%Tz{tRhrGP&EYRb*j7>*CNA@h#wzE-m&%*3=-km*eQO&r2CFRjpk^B35p^
zP1r~65Y*cSufqV=@*@6K^8Xa0-%{BMos>eetds|Aea#M>6e-2Nv&ayzakffxFCEXj
zCEHHtB+wu%lo^NB49<suqGf-acvQOQDocz$K6EaYl;CnpYyaTQQm0MQoe&RRMFpA0
zGT<U-4!Fpq{68(LP`Q-G$+e4Rv6Ha|Oc@GHh#*1i30C7yvvdIju_v<MI|8@EJ3151
zMJ?4#&f@XHId(heQfN9Uf7lJYr6VQ>GAigfW17*^O;z|~?2wM!+bESds+tLq`A`RJ
zrhA%4kFbuu4oFe^kW$rJw<_~L`+1dS<})CwJ7BSqs6)mEOX&R>@_LE#y`migB*HX%
z!(Br(p+!(93z4f{p=9A+Xy;$?At<($9m8VH`rXG7kGmKhXw!0S12gjiEfPiZMfyiK
z<SqeTy?<F*P9x?X39sd$EbaJ}`qE(`&YSURB??tvt35BT`dXcI52OVWF~zM1?zZ7h
z9ZCYn+Jny`&?UAL$7G5`q+Culgh_W#qXXfRiSx#q)ewk8op;26905Fif}x{dYbU29
zEVx)Mp9a3?6UQf})F~2~E!UO&U5=coSvkT(C(Oi?2><rImb;e4IEBrp{5RgM=0j9@
zFoLA~YmOjZ>01#_EQ*GNP-mT%i_p2{;T1<#<`(`iWv%kdACq`=VQmk;M=Z>)87reE
zt9SqPJ22LI73U!npc+@NyjU-zPzt*M7#i?)LRF#5z-h{0nPDLvh5Nm}LB8qV<xL(=
zOMDQu(V7aW*^I<%P>JG<F3295Ql?U9XhI|eht32=w@Q|DG;(0x<dF9_6YMFLpxyAs
zp&oJZusZUpH<%FEGqSaa1iK<Zd-@9Vrh$yLPqQiUFEZsqde{4F-sNB~D&NDXjwl#i
zs*&!wk?Gyoo9_NGkACg<RfFcr*YLX6c)j>UQ9<W%1+9mT^VfoN!@k$~2U8!>Ft3=<
zb3Y?`Y#$!!;Nb$mV0W9gUNRy!9N*(hZx89U?!rV*5<?q|+V)Kk=|8MzjmBFU4HEEU
zOY;JFA~yA;E8BC}=NE?U98EjwrUCVDKiyH1n5$k2Pc<GD+onb|4P;i3_<RH_{(tDO
z<D|T85nGEm+xm9bdRz9q;r>&QZNXXN@Kc_qweM70fny9?P#V=?_;ibMY697l=`2YR
z^2T!>>il`{b+wzkVT<@wnI^}tDQhKCka{Xk)wl%;(6T5n{_uoaj5Pyn^z>Z|F_L!{
zCj{E>K9p%{#rR}L6y-UhC$|y(fbN?u`6ent-zVrhF?N<aGaA||?K(>9OkPab0WS6a
z2cLYS;_fy{5cE#Q^Nl;f<guCL(A#3Fg9cJ+AURIqWmZy<@-JbGiy~|iqA0Z5_hfIu
zX--}sik6i$PFALhtPZe%14vE4fr-W&TZl<CD3oJ9!CNIfsLG29SDE`<AugYV-G8es
z&YUW-<3yuj1AnqCbA2U30IZ~;u%9syLaWZqwz)06%i=JZbFg!$H+cbD>{EQS*~`z1
zUv=Kge=&<gkHOSX*xw-2gSW*Hg;4OTpx=>GjD8uB&nYzaMmBOEbVRwXzLme=^Na#B
zVCRd8bZeg&yfHT_+kNfQuE{}Zr8sSgrBVC7KdZK(YBcrb(l)8vC?>)wn{b>WUjrTc
zOrt|oF|9t==r`RSEA#q5nWv=8Qz&TIS?4skYb3wV?@4Z8Rg3;IIji?zuKya2fDyg_
z_G1oDmpvW2McHE<DcratUqj|HBT9mLe;4)g!SNH+)w;IW^{`Fo!TdR3ui^+fyMvr&
z5o*9*gB&wNh|8&RIeHCpswCUwq+E_(gPc^5Gc?7Z={3l4CIvw!E=R9Hj!i2-^IeW!
z_3PI^74ov@SfgK7%Sq&L8WXCveb5a};!-1A>kY-_mrp?mHfc?+%&I7Lh01l?r<iLt
zEzmHW>I$GCnguW7_gLn15Xi2W>*-6_sto^YCT6YSZBat6C1?UBCWuMZ4E+F+l%L-t
zHip0vAe(<V8?~oT^#-=`FUwSQGNVRUSo~P^E?JpZtzrz9+V6mbV}^$hsq!XQRXwY|
z&=!jcg%DQ%A(;22PYz4A6;Jcc9Y>U|3wwP3`IVhzIUQRSCzt*hPDnB(B*Tq5F&(lp
zWc+Ox@1wSnJ_d0_X<{L;fiKv*G2a{0xkLjQLh!u7o*$87<`no^w#Lxiq;ItJGU4%7
z!hHjxj7^sDcdu)!%fK3xP7kY2Z75|wlMM#+{#cp*S8;`z^qBcx=#oW;ct|^%Hqm~H
zbxwT+FUI1ZokuC#j}nnzh4is1&JeGI2bc}g(0#knZvEwRS)K1CpN}<AoDd!v)97?*
zccjB1FCBFk9kVXdF;@94+tOG5))3-OPM1!hr{!0{RngUFomSDiy{_%3qqNucB*mW{
znY;c}j!y!BBTSWqvs0_)mhG2(a%4%gXhp(v9_!*p3+U0*zmpK>0Cyq+O|k*((7<Ki
zr*p8P1dTVbElL1)VLhUQmv~mdrBOIo3TnS4<-d<3Fas)W4GFLS!c|j{J)ifSDyfqY
z+PtKOOoob8TOh`;b|$ZUI}G&-QycuPzF_4<_KSqN?Fr!t3TMJd>h$G#e>ynR{8_L1
zVJ(JZd7HAs5wN9i#Y$`i_L-F%_NisZigOZz>O_z-ARJ1s_^c`+^Qgk7O_2yEp{W|E
zpRJRkO`PeXx>}kajHKAOHwXcTo!BNi6tSGaTJP6?HY6KDE&6$?kn(R7g+g)!e`Ed1
zlHPaUGu0mrNxPofD8a<fut|TB`!S~5i|bO7@j|!T9FyaL=e3k6c|Qw=|3eRo6+sF1
zft8!i%a)E(i;dCa0O{o9U3pZGdstA!S1K(OWkA)wGOLq7rHAs4My}N+Ccz}8>g_<H
zjR;Crah6#<@7+FYQT2ktto9JJ7vgk<K6H!m{sj?^Dzi!W40Nia`tc2nXn|pLSrgkE
z&VB|N+B7}!^2-F)iNq`MKP_UW!G(!b;;Tw`=j?&wMVX9%y}VuHE$a<zBb`3Ko?6a+
zZ_U#ST6)txO{7`U_<49C3+1(5w)|^VL(yU`&oWa@*4N8wtX+zzGj#6vY!*EDy+yO9
ztjxVvL{-lSg|jpjZ6_A?BOJ1|edeN3>CIQ$zSG)y9}#j0%d&ROuY@AEFNaMoIQp%4
z;IhQ5_qv3lwzz8kq_wEZEqgfI`Fd6ED484WIGeH(yR7ihh)?<Nz?cpOr&vm<m1N#s
ze$aNbP`x#OQvrvYmbvPom+rymF<iPKoL15-wOt{N^D<f<OK1Ai?B!x7KV9w>t%kQ*
z=se_Vhl)EE6sn?avkDsKd$S?=Iu;AnHzD0N?un5~p;z_Wvx`RCLqs_5BlhkU79nD$
z6<LW`A6aW`&t|L3Pirws6aGY*d+`*V?f7|Veb~LG^C*NG$PRuJ9=cyVKAr#fZ4wc#
zP+<|3)k#k~!^+Q}Yt!9S_hB1zNY{2ZUaz(B3gXQm@Fz6dpM)B`@o?z%kMatx0EgOP
ztKoS;A-StEAGduaeAgi^`dfj|V@Dc3aMWDUb3VfACk%Zy1DcC@=P)Ej<!0rFM)N^W
z{*_@la^|#)8csG27fJGpE!QWVtVR%Vz7dtwv%=8S3#XWh2Dvo%pA@huxo_|Xd*L_3
z;fFZZ2I~uEK)R2RODvy0O%&H^%CRKf-Af<MtYn@-;x(Fc$KqQ~cVA16I`Ua{<cQMl
zknop&R4{B>+d(%l9wHTCu@%J&>FY%rz#k3z<dlXwhT4!s1&gO>gt3+?)@~jAuNcw;
z-V_eRI}-plL~IR~6U_PTa1<!1!A`xDFVUDV-Jac-{e0p?;};bx{3oH`q&9r0^Y8sT
zpz;+C6ok)I0*X+<@&x9TcG+3Lk}oll59-ogk9Ue#EJr`!7J>SB2QTGp4zge(3Y$o@
z^(nPQUNdstP}T8kkwx+fvjQ8G^9C40gWn<k>_&ixzY2N07)PG$FKV>~`iAjDRMzhO
zxuU1Obl|#Rin{$H;+k0tGIUrCuR2a&)6%6C@3c@Y-NRE-Ga3Gu*3FU7vVBE;>6j2m
z`kWC!T=jJKH>lutzKT2%2%R9vO6Mrqrp{*6;LA@2QjjqcUDR-@ETespXl7X?>VrV1
zMwe!@SO-p{2xUE9+$+Xry|GM3lJDCzgh^=}ya&1!9INulh~*0UjeBc_d_)#A;A9We
zp(_6>DOx8P74>%>ZuME;N>1g%2n?{gez~-(_z(;YgK0NGtMNRm)Kc3|1D5>YZcPEW
zM3q2y>RAe{Xa)hD_$K1`f7a5L72UHcfwx|Nr35p}0}xN24PrqB%mgbZiF4psVp@v9
z*5vKliZS?w1#GIkFjH46_1!qvKcxTE$x983H>x^j(d5w3TO5w38;;xE99Cn6Iu0#m
zLkt%P!?1D}`Nz+$vbxhAown!niyFMuCj^0!Sx*rV`i$pcl;Q#5lfR!gt$%o%imrOV
z<&BQ=4kS-$s7~7$hGCO_2l1pu3%j5MH%aWkP`cY3N0a!jPO+GZ^P9OyUwU@yoPMu(
zuyO8jA`lit3~cI0j_{w2&i5@1Vy=B%BrfR<=IeUg%I#rC7qbH+(W{5rvQ+ZDRO^+~
zV2S94mnPr4M1m{cWF^L_prnfNTIb)$WVZk|iqQDTrZQZcHPO@;^j)hdu!W0+mEp6n
z-CO+7++yu6ed6sczGrS>>JElAHzXlb4_ljj0nQ1L?%9XOYzvdup2*Yl;1iIeJ%p=G
z9~MRQ(^lRHbsuQgg0@Yf3=5SEqsH}V(3I=dbICt*c?Q~~dwyyFc3G1qR?$BwE2MLR
zLrUJfd3<Js^L-w*=doijFT-CJMDx(P^V;}J%z-<Hm%mwo;jb6`ZL`0{4<f&eyv;Oc
zXUHiv{8fzCYu{qyHC3t#ZTBPivd7mK7;)0Z|FN;Uuk+~kxcVSzYG?pke8QG3Up(!5
zMxvL|_r0XR&HAF`ZgR6|T|AZJ))g4=53uqIL#iap6Q;f|rA1xOUCO|D(xl=#PxrGL
z)%&S5YGAEtwN<hsZ4%w)F_5wpRS8amCQLg&l+{3TA72Ho$vj_A#VLiF1BUy9q70;g
z9)FCZ5k>~h)VQ|wq5k8nyBR|F@+}eq1h<)mb##>QuEm8ywL))k7p{m0ZTBAWqqFO4
z?)C~xuw4`yUVNu@xQA0)q@U_iK~HXDcU0TVFneM^8+D6M{evE<WGk?XwFEXJy#cMx
z;E}Gk(oW&jyUO<>UJiMvg>lFjVe<6%&5R@?+`0GZ?k|bnu7aJFz(W5E?mh0Hx^x$V
zmY&lgj{HSfXWOTNtY~8z5m|7weXJ|zG90Z92#EzSA>gOR9XneNM#pcRxuUUnggzrq
z_biKSm?rJT1pfB*-3^PBaeDP7WBd+%6w&omBkGD0;TH)%q8p62H7QnX%8GY#+-E0l
zR%Pt6A(QbmLvG1Xg@-!7|53JAyBiv)7EAv49d8T=JBx9h;?-74wG7}|cG~>kv;U_>
z@^BUvb#+6t^k}u`X*Frfx&n$0+l_c(teCig8GKF@bs+dKBfuTR_{IHq_W!}a#eW>t
zDRzdPRuo0zG#A(7xTRUd@=ACyHW@+>NOMCf!UTp{){&k8-L|;+kLY>SNc6>s!H@aT
z7V+b62N^%y3ih|w{i@5w2Bq|G*%4kBvHp8fC9sGy=DRtGmRhXEMXfc*_`7}{_}5>)
zDaiV|Wvz$+LD?*2=|Rknn1xl37z?LTBJRk1&f(mf?*LM<kvy!!QwTX2j1dDfF`%!C
zfI){GZ}!2Th1x2UN=IFF@+eyW;U$SijT_&UD!GEcH@Ny4jS0<x`UiZ>1*Y&0R*;u&
z<H86w6!Whv%U#~}N*OG2m*ii$BzIQuvS4KSM<9SS0%OtK2=X2?%;3DN@}fK&Ug53M
zvO&^%mvnrfx=h~@yKxBxHDvr2s{wL@*GO=h)X6Q&!dwh+g$$s7z}&*4NQi$DUN<>1
zpXU2An6sHn2#K(_b{D)-oiG}M02aQosD@uG&3aADRnTp8*=q%SnnqEJa((`2IdW?n
zUQ=ZP<kS#3DQ0X%)s1U!#>uXM6MztrsLSjfbEYuQ)IQ8OfXOzalJ3iPP13l7+&I!x
zp$)ZiCbn+j%+%nEu3!L<UeC-}(HZtsq;kOn06TC3pv#YVW4`B}UYe=5+Cg*ZMrF)T
z4gQTMD$cJP+@=DR`eEUCa7*rw`v-o94~<yVoahEQyb^T^eO=n#8it{@{zfY4`<Of3
zVlB^-&&aH;^Oy>ze_kJF@Y@7zkr?k^1{C2h_0tBPVfu12d9=u3*${LFTT?j0^Y*G7
zUvx~LEXBabG|!MKw$Mi;eB)M0tll(blj7D)pzWWh{zYvJs}0^{WaXwho6=RVzNx}g
zs}MrIyI<-@c!Ii`pbrv;^=7>w(*FOU7)wjf$yTXdhlEO$Hd*A7O1yQoYt(gr6)4a;
z!O%3R@{XGrope^m0XTd{(?P-Uf6I(-82HN+&_S9Do)^MpzV8a>anVV?3i@A6kb@gS
z0c41aiNKodOwl4C$V%i_QU63&KO?F&iU|H)=9!{n!kDBawVzRGN+RNY^n=p3ZZv5!
z7mw^3)uW34H+*j+OMZ=#8b=l~=+=B~;%naQAx2cR(U#R<W*ySlk+WN~0-i@K{ET4{
zw4^3MMWp<JFjos+fd%FBT>oR^)(jJZLNPuh7UTV~CIYg@3o=M%IyJid6Gks}Vs6I1
z>Dw2*UO%9M-mxe?q2~7@cm=(0b@fdfIZEk!f2xIsc}4m4uDoL38at;?KL7ezX!kLw
z>(ya^Xa2SJ)h}?w{v&oo)Fd4dHHP&ML1AZ6xbO##e!E$k^8P1|+NJ*Qup~qK{@sP`
z`=~i}y{DS~QO~M;^tE87pEh2b#8G?Iv_%{DVc~v5MI{MxQWVN#|A84g(Ui!UV2(LH
z(J%+jHCx()qW;=zxb%n{#zy7-15aAVd#2qN<*`tm!2c;sqguZX5Yj{2P!JP1hCy~<
zDQi#=v8{+$`Qs$rtZ0WpZJY74$<}5!EfXA(QvHf^v`--U(ovmK(BdB3TM6mzYVS2Z
zj%2?NkWG@LtgWJKs5Jl66EQGbnNf5qMB*FX$a@ocOnM%Ytjg1b=w`G&Z<Hiww%3fV
zVp&v$b}2l}XZA;L(W4O<V-aRaKM!fSpvoc+)0bvfRkpJ^Y|yqcoSdV!LY@|?YH)uc
zgBzGOSTG5O!)3PM(Md*B01r7eczb_OIL1HG!NY=BCI2%K*D?U8>;;wEg35SvDMCn9
zT%<WD0u2nlKJE;(m>^`e-Ar{2?F)n-X$)DXg{dn9tr$<7zY$CXOqtQ)Ev_h-1Vs&4
zo&TAjsNo63YJq`x0TQ7kxW5(jJ5oU+`KM4(tC%aMy~LqpZc~acS#iO%rPqI7Lda$i
z1EM(yFXHGyg}?s8tM2n!{-Kpx)9Ry384EZ@kmnNpqre{|KtLHZV5ZvI-?I252SA&^
zBU2FNH4Srz0~A=+DwcVD?O`4Y^#5b;ZNS|)s)PTvoe+}*EFcg;11#Wx@<C7%J`^CZ
zNuVe+p(-CmG)=QN_O)eV->cf!K`99=H37LHt)M^!q-6`V73HJiEl^RQC<KTKq!pws
zf>Kx-3QEm~{-rIV6!OmOp0juLyH~mH>%PzX{GX@yNj&<^nR905%*W2m?n<W8#uuhe
z=7VeQf+WRzotfqCxzy+--|SMJ+mF55OsY*uYn8?IGmbLn+G%T<8f_haGM;|-#%__@
zMU@*?Y=<yDwso>k(%a^fhwkm6cJj?Hri}5^3yHsEcP>v1=f-~?Pxs;!<DU5W4*M3w
zar%srO={mfh;Kbru791)b55Dl&TrcL3yF81b#fsomK_YM7yd2Dyo|>M*IYl%Awe>p
zZ2Q^6vy~Ig-4f44npIQMu}p07U>s{-J+QHMfE~6Aj(D|f*3kBoDTUp4e$GsK=50bR
zP8u7}l}+a|35*;6*?ddOiA}YT(5>4(eB11g;lvTy-@-8ww#k#((5y!9`Sg+ZOE*XV
zzVf&@OVe2K*h@x`7muLvH|$cy^iwm8I0&mYMQ*(9B&$7hhsYjL95#=ef9G-KL*Jal
z$?R;G|3vUUGq2rz%l4XMtR8-3`S5OgGQ8~_@kRPndB$zqJItBvd(E2AoE3EKp3!XW
zU3&&}V}HdQ5&h^da({S{bI;H$98a^yJu6Q$pYrC@rj>KcH=7@lGuMjoXU%ZmX_ow_
z+owDqV=jf(h?SHtw6t=9*@{_bn1OS;E!0laG;vzfVNVY>Kg&kQvwVlQ{^$6tTg;}^
zR91Xo8pTdffBQS;36tmv=ASFfyZGbBn){TswttE9QfK_ISKf0^wK~4!D)Zp?ai`lO
zF8jY(O2>a13Yx;%$?9giNia{w++?3#tlD=PPfLn)xSH-v5)GR^X9tDpLoYBNPBf)G
zB}seJW6Uk4t@qrersL2~kH+q*(#y@+!C`ZBZk$uT$xJk{(hKg1M9ZdE`<K|Hi66}k
zCQVwt>0y~X>>QT7gPB;2D^QRMRZX||ig9h?hj4B>-`qek-)#G`_$AK6Pn1&Zax3?I
zsXBhWi8WpQ{GH_s63M~McWf~`sZ!#j!<U#>3v4|On;YSWZQ0B*dYtKDdzacyG?$n{
zo@L5>wisS?$Cv%Fsi$d&E%BX;)pk%PWeOKti1RRQaf#jkN!<@$V(iD)6yuv@V49rF
zKJW0)J@NKS><NcyM&$c9_U968zUE-W{%O0f=6CoKQ!!}$p8XPkqjg+b+ST;-MBtKQ
z&%RBYwpP4;IW4*6duwF8y(U4bf780^c77B6wYs+4FWuBDzAKaCOE-hJfR6(o55CVV
zr}<aSO@ha)tw7w>ZTB^PKV`D*11GI)F+bN8FK1(y%20@pH=b>p!AzTzvPpI@d7#y-
z&Yo?ag;np{hKh$yJRUS{)?}LB;aex$Zr!qJu&Qd^k<~XT$|i|<(khcC)qm}lZ24?{
zag6OpKWH5qZ#wv+b>$oB+wp07xxF=h^Nwlx(AnFMpBa#uqDXn;j%(8&{zv0%c|PE#
zgSO>m8o1!6=Jet4ZnIN=P9gXM`xP~>G=nxXJmVEmJe^-}k9+J1(&4Y0i+J*;vQ4WK
z%FgYD*%HJuJNQ$Bl<O$Fz~A~ZJK&$@+CWpq^NVd(Q+{*$eAfx)5uh#R!ttL!D8I*)
z;0J%K3FF$@_KEB3O(j0&Oqy-ynnja2>l~)?*q_$E(ahg{w%E}?{2ec@%mWiQId_}u
zb>{B}+g`DGS9#l0AARelUE7vVIXyD>QOpN3ecKx<hklgXf7%bWEpOemt@PDT+JDT=
zvb)X3)SRLl*@17CZ~V)ZN0;Aihx@^EY(n!`@vd!ufASqp=OSaL^wry9rBppeW9aWT
z-)2%@w$(hoX401&qwwyFoFjLb`p5M#<&8^b3g&FK+UB|2xMcQ|Em}6t7)xseeOoif
z)a>XDq?VEoJkQ_(hv^wJ8ir>gEN3HP&O{`<8X=rUC~HK@60yojM26#tEZc|~HW9O&
z*vMAM-to!)-5(M6L&V95I0+FaBI3S?*oue~5OE(w9FK_O5U~Xjn-Q@I5q3LchROAI
zJeg(R-DWXA^A{iB{&?%QUvHUca}Mq8zru9n`<VZ?ng4$=Xa2d${<F(9|18^ot}U8>
zUTJ=gY~@z-|DERle=`67(2No@4*vdI=KoLa+V-Vk`Os&~8v1tg{}Jz1X60&DdZF2a
z{&?%PX8B{@Cp*<7FuUa2&HqQtO~x;*++~;5kC>Vc|H!G~ZEx(`<j%@t%);;=Y?;eH
z{IVDPbow&a+`jXId!{clC+5#ApYg-;o!^cV-*mlEyz~1<zGLca?A-aiBVV@jk68~{
zCnWVRU+`1=@Tb|nm|4rrUOy=Rft|J9l}t<V9`VcN3x0I%SIe8eUf%SzpJbAj4}IU1
z^?O^b%AwoMYZad{r{qTUKWC=2^3AcopT4~pyvJUqdrp|STAL#oQ=HznO>MRv9}n`l
ze71OIo;W4`Q56x`8k@g3{TA~<qSNY_^!fO*yEc7XT`M>1`6QRvRQ!**bmY$cqMcel
zVt?i3hh{r$*I8zgI`^J)|K0p{>bYOM^l;QWHO|rOC9vEzUF16__w4ic+m1hcyD9f6
zy@4h@*;XhmpPjh!y~oDF)#+@eJ!}Gddm>v%TRywc+Zs>T=6uCH*SxR##O?OdW(sPI
zZY}TWJD+{))66v^E}z+GY`3rK8>N~#t4R_j>ApBNo<nkzU-oady!Kao-JaR7m@<_w
z++<d>*Pb-HX_!raS)AUS!KZbwm*&;Wx;+Cko9?G?A3yPNW+i#ZJdL*VGIPFUm&x`8
z(L(vAede1`bb)LV+O4`-%bJC)m7CvxdZRs@Fe!IlruzzOC9OiwoLZaA?=TgO|C0W0
z-I4UEysgq{_MWzDf1P-H&ptq(R_;FK9}dlz-L9I;w$JT-vz=T`3r8f`Wz(CC%-MP0
zJkgeVL&l%>Z(EVPJ!*-|Qs{klCTVOj^{-84(weRMWjC2sOwZn_Fy*$VhxQqqf0a&n
z>0!^i^yWroyu-+ikCL6D`H<`($7lc0d{5#%fAfiDBknytwsGWNOrU?6`Qi5dArqVW
zW=?(W%l?OMH>;nYmT$j(vsoyZD%-DXU02VvxSMgVN!H89Y17Db{3qk(^Rv>-c(SgG
z+p;&#rZIg@cFW2ApdZ+7_ML|PB9XwPvyVC4u*;qR{Lp;ggZWA4&zqiSmv3fHv}<5<
zC(fSUmTx}o^x_F-fpoJuMm9fyP(J)MGs~H&F+TM$?KOVZ_pF{hCOv$Md<Btx*4{vJ
z;V?hPQNH<lb7*F^MYrE-PB9$2AiVw7M<#_h@%kmZ2QAs}fI9Re*L-h4lIvOJ!~b^a
zM|ST@{>q0Zm;UhXOAik(y>+^|eCto1dFdJB%MO3qeCO+lml{z5hdy2OnrE5sqBW|C
zLiw=y7J;9}3gt7tXR3VS4R4su%{Hv5qs`5Hbx^FIlqP-!dti%n?Fr+kXr3%Fk4e}w
zwA(-FTAedKY3h)CGDpg{l{X!+rzgJkgm3*RN4WOj=sfX|*$l6G$ZP>K9vVL{&SCtV
zI575c-hE=PYNEzH^Zk+LVT!<fF5je2zrT9>(6Ie0-~Q_DqvT`!xtICe&wREMv;DJU
z=9RCo^JC8*-I&9y3&tyDQ?G|up)t0h0rO~p&Afd0b#cby=a`>_Gq>IY6K8%k?6~dz
zmo7Gj%tF6^Yw{sya~kK~Zf^mZVSMBbHkC<jOvKxPTjB@Ytt-uBe~WzOQhYaDyk#V=
zm9%4>_;mig((PVkR33JZd0gea+e0fg1EXkjF}rvB1emGp$_4)?wYvNCcxafNf;l&`
zMJvZ!ae;~jXCaYPZL^o{5p%`<W4_HMPJNbnpTLZ(E6n8Z%iHVadp>7{zMau)=4V2-
z9kLB#M%crRb^BFerh3h|dS+NY+n(HIB5I*MyxKb6_t<;xdC5!6aoe^VUt<qMjT^mp
z8Xs%Yo31g#)s9)yAsaSZ<D9r_#?G|AU6XjymdAW5j9>RVwoT$Bx5N!^!KAundp~w&
zobZ<IaZydzSg+6BZSTpB4?W%v7Q1WB&Oh(_zA0q<NOJrrue}vu`bEW<jyp&-{$QR|
z+V<+Vnq!*s1^=?`#@E{qW`Z*Aicj4yxO3Z~Yi*o*%5;QysxfYQgxTz+q&~XTG@SS-
zjPp?+S*@&t+}J_m`<lmPt&zO_N^AS=ST|i`cYmf#@3HE3TWfA0zvhUAxJ2>2m2I!N
z(?(oyWZR9eUQKqbxkYMcfw))iwfVisn2o!qonB3kOzuCM!_xTR*4&LB-`AAaTo}yl
zmb5kJlyuqLs9Wp5BOf2%=j>#rni<k&Ha9oW<3VjRGf#ueADRcvQwYh>{OtH6XIW$8
z|CI#qi37|Q51KWdyy-FD`l+e)+tEL+wC`=i@8iW|^+(S2o_VeFM&r;Mo?<5G(}U2C
zusbB~zzt^VH(v>Kq->r|vn^>KiZSnHri1U0eLecHxexwt_EDjAFKfB`8;f%<Yx}-!
z_2SD~JcQ$pX1^-SS{}ds%(#!6(xrdaX{H?0<5nJP{>`tL#lZ9=^PY|U*E}vaU0Qjt
zxdfUUg9q<p?nC69+w8xaj!fl1{m4J1mXZ%@?<DgUhP82WY-3h8s{()i<Vft#c$AfG
zx=eRDZu_GpVyjAW`XO&WjK6R1o*1v0>$ts#X<ra{7+T(VJO0XpXPNoVE<Eq0Pd(}_
zwol2;(EO3l*ep0d?8}rlnG8&y^=(3H*seEiYnZ7uJ{7bL5zlERQBvXykFvzR9dFf*
zO1vCD6ERcb8ULP`d|zuJe(~ZvW>N6!_=1!aH@Prt(e1L@7TshlMUSW6csh=!UNbGo
z6z$sCJFw~PjGRv828!c5?EN3Tm>D-DuihnXV4KJ2&W!m7+iP+d+e*r2s$9LdM!G(p
z|80}T7v}y<eUBeM+`iOc?@!yGBY2m&<701eKOmTHj-N2e-!}e^*~e@<=`)FN)A$ba
z>uu>YW?CukY2)X#Y)`NkBlGJETg|PWk9OkA=xL|tEOZ6(2E>wicO`kT1?72sQXVs}
z+Qp+?x*R$9b9SQWKFkj5v(40-E>=zKP}Z;}<81UqqTSW#@s{dO<Heq}dy`ohp1pls
zk+(C<6~Rv4rsI3I8`+Lu)CD`rcf&aL*D;pQd2}*IWy`nY#cRqJ*z#@ru<2jT_#GKr
zDwOBDc0P-rmpB%G<xX5%o;!bWraXs!a+3MV5c{v0w|=r@=B;!4a@*8Af{}bf#*y!t
zZ{xYf?k`sV?mlbFDwt0w|Ak5U&8RRpZS8wsrcb%{@?fvT=5?RDZ+NL~7c-d5e}(d`
zcWo)(`rQl5_chCM8*ypx6FYwEqt|@@`Oc-={$yM}TqqwlhX%G^+L_OGBGaOG=tad&
zE#tG6l3B~B+bqqKBa+kgZ#M0Y)AKdu{oQZH{!X?%Mqi6+eiv?h!!@?|n5x9nnBB!B
zm$LKYN4ia{Sw^nLnhTs+ikJtzFD@Upk44%onmq=vHuB@+%>&)GfQ7jI-N2lSJ<R?}
zjVY_m>iRdub^FW~dxzUx5^Y64v&F3Zv#%D#ejoo_{G!$Mc5$*|{b&w6E<g8+<~fSX
zjkiq>ThooKYaM5Q{5f8O6s>ysha+2_(s=Podv7qVo+;$&_b!evvw}FM<e%~1S8d5>
z@{7+i?EXIfCdSe_x!NyligQh_X-Te?@%MjOay6}J*8rw`@zQeqcUBN*i2iiPH;tY6
z`}yK){At^5U$6;Hc(Pe!I^&z{Qqy=L@odg|);>Dvn(vSQ_nS^UJUBGibog_J?%HIJ
zB9AxNKh7LNI$m>S`_HUwITV=_!c(@J#<CAxZ8iQldHhssaNCEC9A-aYTIICFl0L6z
zbjyd1+kV{m!C$ssvZc8FGqzYq>>AVlp*}ykE3S{sH;0q@SZ9sx*VI`H_Eo#w;oD46
z&c5e1$?Z9IitcyKzQN3q{TC&J+jK9TBgY>$Kb>Lp&W;U~Z?<dWnYnfRrk}CX{^8qh
z{qbh&i07Nf$L`u<J{`1gz}<b^p}#cmtr|ZV=NdnpJhs1slGw7-RqWK{%huz{)<(7x
zX7;*ivsyg({y4(S7j_Mh`LjKItF4k*SlIiGmpj|uXa+>u#pb4u?-!bHo4nN&Xf=7p
za`LfvLlWvN<w*+VxC5Fv<+#6PI9|kL*f*c;pQf)Rm~tK500-bExCL&5LvRP&1^2*x
z@BlmnkH8Ul44#0eVDm;|{HOlg3eJJ^VEYP#{ZoDW+KK%$>&EymemcN>a+Bq08efuh
z<=c~Vn%<N6;wNY0%MzbQ`ijK&Kb@r4a#ST=?fSw~d2UkE)g)fI4sL)0a0}cP)_g<Z
zs6Si2F7$ffKI{yINA?WY{AqdhgYs7SpqvBeg|&RHu=llDyB_q);0m}3_Q5r99ozs1
z;1Jvacfs+kos6IQkPpB^@CY1%$KVNg3U*`}CehATa1NXYyWj%22rhv=a2Z?ySHV8G
z2Cjn}-~ikNx4><12=0Kp;2yXS9)O475jX;m!S>4|>|ffxVEfgUS-JfJ(JZ^*0=Nh+
zfjw{;Tme_XKDY+1gB#!g+yuA4ZDE~<Lg8vYndsDyp(If5fV<!xxDOtHhu{%70_$6{
zTAm5yQ?Pv{H`~rz!8vdq?1Bs6BDe(hz-4d+Tm}2!8n_N_fCF$7+yb}3A-DtXf_vaT
zcmN)PN8kuN22a3KuyX?1ADjc{!7jJ}E`m#74_pRUz*Vphu7T^|1~>pW!7Xqb+y@W9
zL+}V3fydwpcnWs5qW!@31$FzU^Fbc$f(zgxxCHjVWpD*t1^eI{xDIZB18@`E0=K~-
zxC8Ejd*D8J03L!z;0QbhPry^KV-K1$?Yk8me?ekKo`>887r;eu3G9K(;0m}3_Q5r9
z9ozs1;3l{QZi7Q`2iyhsz<uxlJOq!x5qJ!qfTv(b9(UF8y%lWV*|UEt&x2iX0bB%^
zz#g~^u7ImxA6x_1!3}T#Zh~9jHaG-#z+G?;+y@W9L+}V3fydwp*pc%vZO^UX95@el
z!3A&;TmpOGGPnY+f_-oeTn9J60k{cnf!p8^+yQsNJ#Zg901v?<a0DKMC*UdAkq36u
z_6O&{d9VvEfQ#S~*aMfr6>t^ogKOYAxB(8pO>hg`28ZAdxC`!q```h12p)kW@EAM+
zPr;6TxHL1LZw2STd9VvEfQ#S~*aMfr6>t^ogKOYAxB(8pO>hg`28ZAdxC`!q```h1
z2p)kW@EAM+Pr;6T7&+Vi;2by)cEJU35nKX$;4-)Zu7Z7V4O|B|zyY`kZh_n25ZnQG
z!98#vJOB^DBd}wi&(5|VI0w#yU2p+h1ed@bxD2j<t6(2o1J}U~Z~$(CTi`Z01b4t)
za1Y!E55Pn42poaO;0bsNj(`0s+y1$@JEZIL95@el!3A&;TmpOGGPnY+f_-oeTn9J6
z0k{cnf!p8^+yQsNJ#Zg901v?<a0DKMC*UdAk@t<$^&2<`&VyZW0bB%^z#g~^u7Imx
zA6x_1!3}T#Zh~9jHaG-#z+G?;+y@W9L+}V3fydwpcnWsR7X;eBwEe+3a31V}3*aKS
z1opsXa0Ofi``{Y54sL)0a1-1Dx4|K}1MY%*;68W&9)d^U2<(_Ix}0fGa1NXYyWj%2
z2rhv=a2Z?ySHV8G2Cjn}-~ikNx4><12=0Kp;2yXS9)O475jX;m!4vQl?3{x32j{?f
zunR7Li{KL21DC-Sa24!>Yv4M#0S>@Ta0}c9hu{vl3+{pY-~o6D9)Tn97(4+_!H)TY
z<(csh&Vln_7hC`r!6mQ<E`uxJD%c0tz;$o~9DtkP7Pt)#!5wfH+ynQ)1Mm<$0!QF6
zcmke+9s7Qb`Ae_o;2by)cEJU35nKX$;4-)Zj^78$l-Gy62Cjn}-~ikNx4><12=0Kp
z;2yXS9)O475jX;m!4vQl?ASNsGydEP&Vln_7hC`r!6mQ<E`uxJD%c0tz;$o~9DtkP
z7Pt)#!5wfH+ynQ)1Mm<$0!QF6cmke+ojlqfoCD{<F1P?Lf=gfzTn1ObRj?1Pf$QJ~
zH~=@nEpQtgf;-?YxCico2jC%i1dhOC@B};sJLU&R>|Z+ngLB|K*aa8BMQ{o1fy>|u
zxC-{cHE<o=00-bExCL&5LvRP&1^2*x@BlmnkH8Ul44#0eV8{F*&rJJ+bKpGK1sA|Y
za0%>z%is#Q3iiP@a2?zL2jC{S1#W{wa0lE4_rQJd06YYbz!7*1o`9!d$9`dr`Af$?
zI0w#yU2p+h1ed@bxD2j<t6(2o1J}U~Z~$(CTi`Z01b4t)a1Y!E55Pn42poaO;0bsN
zcI?;NWZNH{1LwgmxBxDKOJEON23NpUun(?*>)-}B05`!ca2p(gJK!$32kwIh;30Sf
zj=*E^1Uv;h4@dihbKpGK1sA|Ya0%>z%is#Q3iiP@a2?zL2jC{S1#W{wa0lE4_rQJd
z06YYbz!7*1o`9!d$NUDG{Y&S6a1NXYyWj%22rhv=a2Z?ySHV8G2Cjn}-~ikNx4><1
z2=0Kp;2yXS9)O475jX;m!4vQl?AR}~%C<i^2hM|CZ~<Hdm%tvl46cByU>{rq*TD^N
z0B(X?;5Ik}cfeh658MY2z(eo|9D&E+33v*2+_?Ey$3Hj+&VyZW0bB%^z#g~^u7Imx
zA6x_1!3}T#Zh~9jHaG-#z+G?;+y@W9L+}V3fydwpcnWqN<-~vK{1487^I#WT02jd}
zum>)KE8r^F2iL%La048Go8T6>4GzH_a2MPI_rU}35Ih1$;4ydto`Ri6qy51-a31V}
z3*aKS1opsXa0Ofi``{Y54sL)0a1-1Dx4|K}1MY%*;68W&9)d^U2s{Q)z*DgE7_>h)
z2hM|CZ~<Hdm%tvl46cByU>{rq*TD^N0B(X?;5Ik}cfeh658MY2z(eo|9D&E+33v*2
zwxj*QIdC5Af(zgxxCHjVWpD*t1^eI{xDIZB18@`E0=K~-xC8Ejd*D8J03L!z;0Qbh
zPry^Kb2{1|oCD{<F1P?Lf=gfzTn1ObRj?1Pf$QJ~H~=@nEpQtgf;-?YxCico2jC%i
z1dhOC@B};sJC8;CgLB|K*aa8BMQ{o1fy>|uxC-{cHE<o=00-bExCL&5LvRP&1^2*x
z@BlmnkH8Ul44#0eVCQjYe{c?*2fN?`xCkzRJ#ZOZ0aw93xCX9+8{h!k1h>F#a0u>z
zyWk$U4<3Mr;1M_ikHHi06zmkx{@@%q4|c%?a1mSrd*Cv-0<MC6a1C4sH^2e732uSg
z;1JvacfmbyA3OjL!6R@49)l;~DcCs!?GMg@^I#WT02jd}um>)KE8r^F2iL%La048G
zo8T6>4GzH_a2MPI_rU}35Ih1$;4ydto`Rh-(f;5ZI1hHg1#l5u0(;;xxB{+%eQ*t2
z2RFb0xCw57+u#t~0e8VYa34GX55XgF1RjGY;3?QS3+)fif%9M&TmTorC9nrBgDc=F
z*az3Zb#Mb5fSceJxD5`$9dH-i1NXrL@DMx#N8mAd0-l1Mv(f(G95@el!3A&;TmpOG
zGPnY+f_-oeTn9J60k{cnf!p8^+yQsNJ#Zg901v?<a0DKMC*UdAc|6)5oCD{<F1P?L
zf=gfzTn1ObRj?1Pf$QJ~H~=@nEpQtgf;-?YxCico2jC%i1dhOC@B};sJLjPN!8vdq
z?1Bs6BDe(hz-4d+Tm}2!8n_N_fCF$7+yb}3A-DtXf_vaTcmN)PN8kuN22a3Ku=518
zKR5@@gI#a|Tm+ZE9=HsyfU961Tm#p^4R8Q%f?MD=I0SdVU2qTF2M@qQ@CY1%$KVNg
z3U-QUe{c?*2fN?`xCkzRJ#ZOZ0aw93xCX9+8{h!k1h>F#a0u>zyWk$U4<3Mr;1M_i
zkHHi06zrUf_6O&{d9VvEfQ#S~*aMfr6>t^ogKOYAxB(8pO>hg`28ZAdxC`!q```h1
z2p)kW@EAM+Pr=T4Xn$}HoCmw$0=Nh+fjw{;Tme_XKDY+1gB#!g+yuA4ZEy(gfV<!x
zxDOtHhu{%70*}EH@D%KvkM;-Wz<IC>E`W>R64(Qm!4+^7?1O9II=BH2z)f%q+y;l>
z4!8^Mf&1VAcnBVWBk&kJ0Z+ls6Vd+Q95@el!3A&;TmpOGGPnY+f_-oeTn9J60k{cn
zf!p8^+yQsNJ#Zg901v?<a0DKMC*UdAc@o+moCD{<F1P?Lf=gfzTn1ObRj?1Pf$QJ~
zH~=@nEpQtgf;-?YxCico2jC%i1dhOC@B};sJ5NUYgLB|K*aa8BMQ{o1fy>|uxC-{c
zHE<o=00-bExCL&5LvRP&1^2*x@BlmnkH8Ul44#0eVCN}le{c?*2fN?`xCkzRJ#ZOZ
z0aw93xCX9+8{h!k1h>F#a0u>zyWk$U4<3Mr;1M_ikHHi06zr7H{@@%q4|c%?a1mSr
zd*Cv-0<MC6a1C4sH^2e732uSg;1JvacfmbyA3OjL!6R@49)l;~DcHFH?GMg@^I#WT
z02jd}um>)KE8r^F2iL%La048Go8T6>4GzH_a2MPI_rU}35Ih1$;4ydto`RjHqW!@+
za31V}3*aKS1opsXa0Ofi``{Y54sL)0a1-1Dx4|K}1MY%*;68W&9)d^U2s{Q)z*DgE
zG_*fB2hM|CZ~<Hdm%tvl46cByU>{rq*TD^N0B(X?;5Ik}cfeh658MY2z(eo|9D&E+
z33v*2o{shh=fHWe3od|*;1bvam%$Zq73_m+;5xVg4!})t3)}{W;10M8?t%N@0eA==
zfg|u3JONL^&V^`ya1NXYyWj%22rhv=a2Z?ySHV8G2Cjn}-~ikNx4><12=0Kp;2yXS
z9)O475jX;m!4vQl>^uYQ56*$}U>95f7r`a42QGsv;40V$*T8jf0~~;x;1;+I4#6F8
z7u*B)!2|FRJOW4HF?a%=f}Llg{lPhK9_)e(;3BvL_P}Lu1zZLD;2O9NZh!-D6Wju~
z!6CQ<?t**ZK6n5gf=A#8JO)p|Q?TQq{lPhK9_)e(;3BvL_P}Lu1zZLD;2O9NZh!-D
z6Wju~!6CQ<?t**ZK6n5gf=A#8JO)p|Q?PT96aQ^a0%t2Y2hM|CZ~<Hdm%tvl46cBy
zU>{rq*TD^N0B(X?;5Ik}cfeh658MY2z(eo|9D&E+33v*2E=K!<bKpGK1sA|Ya0%>z
z%is#Q3iiP@a2?zL2jC{S1#W{wa0lE4_rQJd06YYbz!7*1o`9!d=MuC(I0w#yU2p+h
z1ed@bxD2j<t6(2o1J}U~Z~$(CTi`Z01b4t)a1Y!E55Pn42poaO;0bsNcAkay2j{?f
zunR7Li{KL21DC-Sa24!>Yv4M#0S>@Ta0}c9hu{vl3+{pY-~o6D9)Tn97(4+_!OpYM
z{@@%q4|c%?a1mSrd*Cv-0<MC6a1C4sH^2e732uSg;1JvacfmbyA3OjL!6R@49)l;~
zDcJd0v_Cip&VyZW0bB%^z#g~^u7ImxA6x_1!3}T#Zh~9jHaG-#z+G?;+y@W9L+}V3
zfydwpcnWr&gZ2mKz<IC>E`W>R64(Qm!4+^7?1O9II=BH2z)f%q+y;l>4!8^Mf&1VA
zcnBVWBk&kJ0Z+kB8SM|wf%9M&TmTorC9nrBgDc=F*az3Zb#Mb5fSceJxD5`$9dH-i
z1NXrL@DMx#N8mAd0-l1MOVR$|95@el!3A&;TmpOGGPnY+f_-oeTn9J60k{cnf!p8^
z+yQsNJ#Zg901v?<a0DKMC*UdAc`n)?oCD{<F1P?Lf=gfzTn1ObRj?1Pf$QJ~H~=@n
zEpQtgf;-?YxCico2jC%i1dhOC@B};sJ3oi^2j{?funR7Li{KL21DC-Sa24!>Yv4M#
z0S>@Ta0}c9hu{vl3+{pY-~o6D9)Tn97(4+_!Omr9e{c?*2fN?`xCkzRJ#ZOZ0aw93
zxCX9+8{h!k1h>F#a0u>zyWk$U4<3Mr;1M_ikHHi06zp7%_6O&{d9VvEfQ#S~*aMfr
z6>t^ogKOYAxB(8pO>hg`28ZAdxC`!q```h12p)kW@EAM+Pr=Uf(Ei{YI1hHg1#l5u
z0(;;xxB{+%eQ*t22RFb0xCw57+u#t~0e8VYa34GX55XgF1RjGY;3?Sod9*(`2hM|C
zZ~<Hdm%tvl46cByU>{rq*TD^N0B(X?;5Ik}cfeh658MY2z(eo|9D&E+33v*2DrkRj
z4x9(O-~zY^E`dF88C(HZ!9KVKu7exk0Nez(z-@2{?tr`C9=H!4fQR4_I0BEs6Yv!5
z`~un^oCD{<F1P?Lf=gfzTn1ObRj?1Pf$QJ~H~=@nEpQtgf;-?YxCico2jC%i1dhOC
z@B};sJI_b^gLB|K*aa8BMQ{o1fy>|uxC-{cHE<o=00-bExCL&5LvRP&1^2*x@Blmn
zkH8Ul44#0eVCMyBe{c?*2fN?`xCkzRJ#ZOZ0aw93xCX9+8{h!k1h>F#a0u>zyWk$U
z4<3Mr;1M_ikHHi06zseZ?GMg@^I#WT02jd}um>)KE8r^F2iL%La048Go8T6>4GzH_
za2MPI_rU}35Ih1$;4ydto`Rhhq5Z)*a31V}3*aKS1opsXa0Ofi``{Y54sL)0a1-1D
zx4|K}1MY%*;68W&9)d^U2s{Q)z*DgEi)epv4x9(O-~zY^E`dF88C(HZ!9KVKu7exk
z0Nez(z-@2{?tr`C9=H!4fQR4_I0BEs6Yv!5ycq2d&Vln_7hC`r!6mQ<E`uxJD%c0t
zz;$o~9DtkP7Pt)#!5wfH+ynQ)1Mm<$0!QF6cmke+ohsTNoCD{<F1P?Lf=gfzTn1Ob
zRj?1Pf$QJ~H~=@nEpQtgf;-?YxCico2jC%i1dhOC@B};sJ1;@|gLB|K*aa8BMQ{o1
zfy>|uxC-{cHE<o=00+XyCvI>;;mXS-0s+4dA}8|A66V1!xBxB+YyKtS`U8^>YS)u^
zWqFJv{oT$w<PC5DZh~9jHaG-#z}}`LA}t@d0<MC6a19)Qo8T6>4GzH_VfDN7;H3O~
zKg0VO)C*hzSHV8G2Cjn}-~ikNx4><12=0Kp;2yXS9)O475jX;m!4vQl?3_01|E=I0
zI1hHg1#l5u0(;;xxB{+%eQ*t22RFb0xCw57+u#t~0e8VYa34GX55XgF1RjGY;3?R7
zINBea1LwgmxBxDKOJEON23NpUun(?*>)-}B05`!ca2p(gJK!$32kwIh;30Sfj=*E^
z1Uv;hk3jo_bKpGK1sA|Ya0%>z%is#Q3iiP@a2?zL2jC{S1#W{wa0lE4_rQJd06YYb
zz!7*1o`9!d=aFcCa1NXYyWj%22rhv=a9LQ_4W2CE^mpKr(*8I8>(1KpX3=rBB0|<R
z8tdu@3CaHo`Ebi@L{BR!(cY}sL3V43!{X`sP|X~tA0%XY+OOY#Rv|ZwP614NWL>YT
z8ky<I|JCwSU-Q*4{MbeD$I8c(uz0!`b63L2qY@4uorIL<9+Sie5>g&KIFWk~SzmvW
z7yXB>FZUiMatUcal6d#D_4R{?C-D;rsUJQfkq;lazJ5;YFCq2SzwBp@{QZwSam4@l
zM|;F<`2V_p=zMnKY_U@Me_g)+$v<g|{~14Nmz??V|M&i(<L|yRwOR$0Ydu#b$tR7U
z*FRK$-uPCz+WD{ASG`S8bPr#QnDud<et6Td=?D5n8|!DA#?H&%eaEroA01=<{;Q8I
zf9GAtsQ;(Orr&?xvFQi;#U*J=t^Z+O`}xOM|LFC{R{lu8$YuRvr?K<O@4n&K@(+%&
z|Afb=AAIB3%I_az{loVjTmIo~$ENQbWB(7oeQf#nkFo!|$JqbfTaT^${xRn7{Kc{5
zA0A`={bL+I{xSBS=os^lj`8~E+<0{U*Yl5)(iu@cyz1EWhc7=i{oM7(rhl~8pLz8^
z+WBjq{?U%#x%x*re&^{QZU396UpYqqw~kRiJVyQQG3p=f_|f&leK3B!cOG5;)%8Eu
z??=0SnWulO^Y_u}YyO*2e`WO##3`!&n)=K9zmc7J`nrDINMHLu(`k9s{=D^+*6)FL
z{p~}Yty>=w-FQh{H&^E0;IxF(3d@J6eR2Fr^`HCouk6k0`=TGt(RXi|)n9zt+ecab
zQ1n~Jub;pBd$aoQzvr4GS^Y@#`*ZSl{%BVJUvIze!C8Ix6^T5Wqwl?YR)6@SXT342
z?}@&1)%xWR-ZQKJg~|PvviiR0cjwjr{j>UCeg7X<v-<9968UhBeqZKiZNCS-?-&0(
zs~>3jA3mr2$p70%9({UNKNS7Roctr`Kln4d!mNH@^mF%FKY#B}X6yghQ>)ix^&`<Q
z&e0E{f9eUn$7c1NS0?r=bMzhgqD=MQ_rLzxtFrp8=-21y`_TXSZEybFtiCVp=g#rJ
zC;Jo4|Kbx)dvR9Zll=QnT;G48e9@-rfA>GXaz$3(7kzI|{{H7@{U5yXws&RqBPqW>
zM?d<fS^alTzjaeq-+gT&59a6xUzycEzEC@q)%Qg|oTDG!J*)rHO`AJe{ZRD#^Ys6I
zRzLqwZ@Vn3ABlc6N8h_+R{uX9`SD3s-_<X6ebV~v=l<2K{?g=}zsTzQs{e@f^_{<-
z)h~Xb@Z_w1B>KUe{Jl@j>c8x^6Yk3D>-n9F{6pE7`~Nnp|B2&I_?4`Fp#67V{_;h#
z+J9fMul|j!zAxv89`e`gn1APN{_nnhc}G@1)bqzDukSzqZ)Wv_H<>3jGuO{Z^Pi{x
zx3l^y?sYe2_1)h{<o=xUNB=mh|BFxf;|FE+L-AiQPao~K?ebSWC9CgC{^1<`;K#H1
zzvlmY!_Q>(L(%Wg(T|SI>N_93;_F%cNc4kw{`<RG{a^d*2fs6`@5=daG$()mo3r{S
ze#$&)o@qZ{&yOFue)|WXp4I=$Pq{PKzrOh2oulu5W>)``m)-g7Z2o$F?Lj}1@#B7P
zR{yuIdu1W3A4&Or=xhIvF#iAa+mGLt)puW)*zeErza!^cI{x~no_lsy-xq!7DeL>M
z|JB*@fA^P8{iUpaDEh5A*Uvt#pKsmtj2~w8Bb`5fc~1Vr+5GR^`x*0W%If;plk@lP
zoc!Gn%<4~9p74mQzAyU2Ir;(gJCFVHTeJFl|6u}s_qUULBk2Fir*C?5RzH;d`*Ygg
z`(Lx=zv~|_Ixnm5-Yogd(GNvm_a7I&>QlD=pX$Fh@wcz~k6GXUf!rTZ{fC@+`GKr{
zDEgHX*Voteo9h3|>9>6<s~?HJvweMiUB9UQZ{D{5AF}%HZzlD3=jexW{a5|!m4A3f
zR^J!>;DR~%%k@L`Kl`L$Mn4q&{ycq||5QK!>6bhyn|~zw&Qs^)FY}-3-`V-WiCKO3
zx03pMbLy|-PxXK2jeqy<tiCV$?v?B3-<R>H`hWBKhd(l_ABw&|Cx0D(s{hOn?QygE
zk?03=^mY8H{?}h|PARMJwvzhS=kz}vf2#kpPye>P{;l?Z(f8)~U&l{HCeST9F-v%(
zgt~v%c~+D0IWCP~6UspV?Yojt?QVwR(b`u#dVZw#^!!NeYCV+IZ^(8Hs=XIK%l$p$
z-v{?!lk}%h{d@8H{Y%dW!rxEYagAY#(B}u~p9@8<<<|2QwWH@t8~Mo-1+9nbE318F
z7wL<tFelXX>Q_ystag<(Kjn?uVSGYj@&A^8w7d@)E!*|i1N<A4_U!)J#j(hH^!n|q
z*N^D;l5}ckUig(4TxhQ^sr|m%FRgE1*Z0xekIw#od_TG~Ykw&AgL(F4{`JG7v;X1S
zf93ne{_E90k=Xa=`A60V{s#TuaTAZZ-*{Tt+V{l&6D|MI+MhEJbbkA}f4=-7)<2P)
zYwPn7A?*9IzR~MTDE`s;knQV9#O25J?sAShE-k+!_iy^JuljoZaK%45E>y0ej-Qvm
z{SQA7mtXwT*Y(w$_SN}468oG#)P8?+@~QNUg57^Uz?J#U`C!s7qB-T)^+zcE^C4=G
zp;X|dC!VyDZQq>u$C<Z2WB-{~0f~R%^N+Xt*VO;6*msZ8zRPk8Yy2%Qxu@f7+LYQa
zihU3EL#&T={#QF|vXSz?^R>^g`}YTE{}1&3<(%~w+jpLQjeq%jo_9gkKc1A|NBOmU
zx<1kIJ7;(~`aJwQN~4cw`+r632XpM}`q`EKqt`plUqih<p8k5zu8&jy`(i(wV_(<T
z{!!Zh*2?$n`ETm~Q0_l@bNuhi`q!2DVP5(5eSpp@uY8>?zjH$}uIlRlt7hl_Nar6}
zpGF(l_ry^r{Peqz&Gyeg?DyyRN7s+qKh=)<T|=FhzWw4bZ_0m)r~9i{C-v|iH(P%9
z%}IRgy-BEc=7oCw=kV71uNtrOAmg=sdcTVKxDuguRIbm*XuR52I~uR{=RFTom}8&i
zRQnpQ&kLyidG}lA+1GMzmi*Pevf9;psGs><o60|ZpL-r;`p>HZxxTcd|Flj{+PC`t
zq&?j?CZWcwKLe2~YpCV=@hjhPj_E(Y8A|^N#eV(%iT$4Fhhksj)sEh;QPxoH|HrSs
zz@ESSdZg<&v7dWjVn6>UNx37jukmU}@8>9MsQ&z`;BUX<Y~K9pP_MsYzbN(_V&8pJ
zl8?r#9i8u#HPm@^^F{CbsF^=+?2G-O*sqBFk=XaezQ(H^r<>%PvV2hg-1D|)+Vh#$
zsDC2$zt}H{ekk_q60i3BIrg>xJg$GA&zt^pD3J0`#C}Wcv_(G>`x>wIb-ksmq4whs
z{_;JMDSzIP{-fil{;;Hdr()mz-NX+XuXc33rL3X)|HAQehsOWEq5jwBFDgGH{a@B2
zq1e}WwWHTdWewH;=iGemYfSlXQvd7o8FjJW6Z?^tU*gq{&ezHss{gOL_!+y5|C{Q6
zolja~Cokt^x-Zpuwd09gSwk)V8@}}1kDKzpPRrkyb#zzkH$>l;{gB419bK;|YpC|`
z_|z}k^NWY6eMjz}d*>(qABp`??6>Zl#H$@g&ht{14@C)e9BY2c+P~C~I!}gjebabX
z4NE?%U(onDq2~ARAN%!xH}!i^y1sr@(oZYfP!HId%&FJBc&IzNzTX0YuGd|O*ZOEO
zWi7w5`b$~;rQ=BTHB|ivz3_95Z2euSfB4u9>M#2cwWr}k;<bG=ba5Th{NJ(fbM|~Z
z^}i?i_czGD{-KLC%b8H)HD3)mk7@poeBOz_k<H(i{Jj@%P=Co^?Q1xlQ?CAB&X!m6
z|NcjAzb%`8DESAM-FyD^4=46CUkw`)KjRbw;b+&+{|l{e{EN+B&(9*s-+9Kp=RcW~
z|8!3N{#)12|LxOv{ZY35&aWrwybbcN|Jj`SOFZizd~W^x@4Ne-f0WJNm;8eb@}JDf
ze>x|B=j-d|fAuF`^M#rG4@vzmzjy!F<vj*%cMTi!-fuwvD~W?tPv;MPzI3z5bso`l
zuEgtgUgHZAug@22yw3BwE|z5J`_-TQ?pgMHJ{|voj{hq*sQ*V2KWRQ1Hs-|Z_|thn
z$KS8r{c3x@lIGvn@wd_VpOepYPP~pk=KrSWTpDEaccuUJHyZzcKBxY3;{8#QUgu%0
z|C`Tv#W%D0dy>DiLI0b~$!9tzUh`-DulnH?PtE4<NdNC|F#hTvom2lg@w%Vp^KI|i
zdCKc;{yP78lE3rJd+&b}$!D{4Xbqi@CFRn7uA%NT^ggZn|05szr4MH7AL#h6-h2La
z$w&LWhK)J#j*Nf${{fHeZqDW(O8&t{?LQ}<>701~ONn3D|6cKh?Z;*F?`!*SkbnK-
zi9M~ihK)J#nm_CRuXlFemTmt?+y8m@?*ED8qwTKYy!S(NAEN8+wsZ_Fx6Z$+uko&=
z)Ax2XUgukVA4lVLzSZZfG`=i$<~{E#;xy3y**pA8-^#X6p!3rP^JDH4N&Bc@G;}3i
z%cY@SA309b0^x&}?<G&ZXkWJd`Z|AYFn+pHjxAzW!-2#jJ4g3_Y)7V3*79Bc2j8&g
z>*@UB$o|Ed^ZbeGSNe(nv|Jk2Bwo{L$Z}~vQ#nH|U+crKu=~ffe6F4!Zq)y!9NMlL
zI=3d})^^oU_puu4Jj`+_Yd=<fjpw>U>%n*(PrB|<JG!3HcrCXp87LPt!#Sba|J<+S
z?r;2eimT@zK~n#soSzjwnXs?tTf$l%4JRjDGMkg^Bh-!xE26JFFI2zWap=|d`O~z0
zBN-pToaZmp-ca(<{iBAHIr;1P#nJXd_1_=e`KQ-q{nwZN*DojjsNI(MFT5oQE5hnG
z4Tn5;(0$l>iJiWmge}q6dd>?gB2fEU-v8U{V?BS?^|_uGv7FkzpT6O3_Ws&Kb^Q{G
z|H5;U`u090{*(7ITEbc{4O`M*)lYgKo%z<~Ttw4FVvp&xe3dW0{47(xx9Is%@p>5#
zPe{sFmFFdOe^?aOa%q@*&}=(uKV!aKrW1Qir{(*z3m59ve_B3$ej}3dO+`O^TT<@f
zobpW`JX=0Z&wPic%%;=lJ(*6+_wDa}?@?L*dE!5(nAmB{^P-WIuP&^9)9|SM_mJ80
z^~K)2@?Ci0W9<78>Hf);^;5LL{8GF<@uz+*mxfh|-z*twnBHg5^J+Oy(s&L3tLuk<
zyZ%G=`O38Xq0Eo2%onV;@<ht1&o^o44w8Clxi!@Fjh53n#(HS~2%h)lc>kp1-;?p*
z$Nft!w}xFQr<Pm8XioX{x~-wsgQ3<-)6Kii>wNl_t4_Apr}X|oAmw*t{x8YCMfcCq
z>9hUQ7rFXb!+F<J-JccZ`@wQKFLp`zsKl=NC!PP~Jf(YTlFpIz>i^sR`I}!f<xk&_
z3tw|_Y$ABB*u%M-|K&uk`Dj>>bXtB5=hj2c8CoYN<<f9oJp#EN29jPw&7Yyx?^(a}
zc{@L@)=%F5@Z|lA2=&u_<{Eo){-*WPa9;fash_r!hV$y@$ho7olZGsZves|&SFXA;
zTR%tEZ-G4D+{d|L@WqSO#7sDzQ@{GwIsHn`2`7JXQEW%UBAzQv`=O-oe<De*;Y=Yi
zpyTV#2R`Q)O#R;C$n!%vxqkE?FXg%;sZaRkB<y}Z2{(%^4O_S_%)9;;H%O;`Z%I9M
z9Z`^SWU6qlAGLm`y!P-WQ@@95{i4?=<@aU%6N%mEcar#)u+~dMUcWUx3o$t<@tc-A
zl>1+rPU|<6`}3M^>t7}LYr2g>t>06ex7+>MYW-S?o&IyA9Aej%^<7<9>!soF)Y)=t
zdX{5yl<n8YJUsqCtlw{xKiAFHPrsigkoF7zI;pQO^{WVLy)?|BU3_V8)~|BESwGBc
zzb?`ZBwyN_$J&1H|IQWm{lT>TLg}BLtlxs6)KB&|MPaR%hHO8UTgy>-z|qxjlAlf2
zk$lz8MxpMb-|`2JeLm|gj=Wb}k@+S3mBhZ<@#X$`?h8qMw}?Q)F7|J(+;>-f4ZECA
zkxs{7Zi95%K5Cbt*00%l>2q!UJb8Y?m-+>B&Tl4j>Q|Tk8Ogd**GJ5^BKsFjr|T<C
zr}gW~{4y`yM)gxW=Rfp5W%GPRx<9K+{ao2MyLTq-rT5Q<a{beOsbNu`_ZUk3^t@Zk
ztzq$@Nx#r^Y-c@Z$Vq?DbY&@r+Sw@7_WRoR25+$AFKxd!B=vD*e^>aMg#EW9VOR3e
zeyQP5%B}PHyz5_!^DLf2SHHKokCypO>!s~C%q9NPd@E93O*b#p`v3NW&iG8W{`&nd
zuGar=lX{0*f3dIi*078Htt;c1`FB}=q|^FuG+%4|Cz#JFQeNguu1LfmdY`h-_dL{<
z^^ZPZ=*j+~@OMf5Bdx#K*LrJ6`}&?Z<Ga}3>wZ+zmE=PO>4HB<%Ax7B{Ndv+iKEi?
zm-1@5d7=96;+OuGeSbW?{<yDC@(Hy5UrN}O^MkI~*LrK%!nw-4^Nl*z4;<gx{{C6B
z^<uh{rDFXvX46%qyz}a<@tV)acHVuDsek%>R3P)4C-Yld?CJf<p`63&yxJGJ`a#2a
z`xZy;3k4re*6A8LcwRsFptQrslCbh;NqP-)+y@|iDCsrSdTXfl|G586`+iHhe{*Gj
z6UzQ393}ayp57-@)^H%{wEh~-^Ftu_fxCa6)Jwy8esCmx<)h*U3FrAi(?^m{LoKf-
zAKrAz5A6NLhk7?iJ>Qjt{TE&mr>J~ISk4i;Urt!BLmCDchk74T^V87Bx|r#7T=wPt
zLmk&l=Ze7y{h#TInz6iZqV^h6FBLN^NW^POFFn)xClLRn&mqhDyZ-lyKiuC*!lBqz
zzi61len-DYg86#qCVtm)>U{%Er~av9zR~<OonGHu*~hBA2<t&t6o%MuwxwQbkD=;4
z=geQQ@2{uV4?X|)#6PXCCVmOUKNGR5e$lXw>zFs^KH~)Y4j=bhbX-qxoegB((R!#K
zCuo-l`KljV*gy58UTTk__MbOyx!As+x9XqwCH`<OP1?Ep4+%%NBw<ci{i5N2_xfU^
z>#+KV*Wn1)VXdco{%pS;Nj>NnWmi7D?GcauN!CC5{fE9>e}-QZe|<d(i^A#`4b`rO
z^Uk3v+-JN~?2BUBe`Ng;>3&4cebv7DrzPt?O&7?0Urnd|Cx>)Xt(PW5sO8wy{=&nJ
zf70tyB;W7gJtgtCCw@`&XpY}&l1}}l;k@&=;Lj4j1oAr-8V<2<)cYTSocD(xNUl#B
zPLSUDXks_~izM_vn55UR$m_a1N37*(NqIEXdNb61`IUElEZ%?X{>HsN$v2YusrrqC
zU0L6@qJ;H+i-s=NWApYm-UjKkUH!9X#|!Og|8h4-r~PY)btUb&;-D7xOLL!h*_0?q
z;AnaDd3BA~{PnuHS@Kc;Yr3MuYkr!pEb*Go7uNf<8ef~EUzd2b*AiB}HuN;UBk_E0
zsEc^D+n0FN9|-IBHER42@q%jtSJQp&`VZOpPy44M*9TAbpYAs=j#IjCO~T?`NvQXu
zH0(Zbwm<29jTvvWuiPpMYt|Q%zuL=bI$S?_uA%*7DDPY7I)v%u=ir<o_WdrdH?HJ6
zL4C{OCoSJbVNnu1|At5Xe)js~%JVsW@qhSFiNF1~C1F?cQNL^W-+g_q<2-@qwd(&O
z{K|Bx|FOPG@0*ApTnUGAPNnU{bOlM*!v1_9eiHG9LF)grzxD*{fB%NWzdFA}vTm(^
zJBg3v{!8&&32Q&qu!Zv{_Af2a1nIaQ*6ZT%{uobKH|uqwi2l#@dRjiLN10CBlh2ui
zIQP=_<oHzoXgyu|P(k_ne<XeuxwdDQ>wodP+GCjCp2X<9r*h8kTK~<GK<laOO1#?9
z@~9n+FH1U&SN%Hl8%U@6fyDFq(dL}^p~UO`GPM&)Jg*z$Iq_48*XK~T2<OD0E4)=g
zt(Tyq{ZaGJNdonQ#)o29%cXY460bY~PleS^PTE!P!)Q4emL%fhTb~!tpL+e$=LTI_
zUv-XL9H-QIX>xbM`W%;rU5rbvUo?O26J3l;^<xqHHI8#VKkIIg?tYT7C+}P7yhwZc
zb9F`R%b9MQ*lQtQ-5+Z`b({=wJ>-2Yoew4$zdV0-#qb2z3*C2Wz6JSE#QiUAKTTJZ
z4_r?SrM)%XyimU%=i`6+(3|c2-<SDc$4MyH-|=^o{u1f>=R527pBDV?z9&h?{5R@n
zLm3bKi!O;(wY{D0ti6$>^Kt&fbdlOC+`By;r_RN*=>qg`9lsv(WjY<#&Iajpf^j!U
zw^b&h=*-#j@j9E+bf|Ctk7xatmvnWkBXZxHO~>|AZp(+$KhU$^Klac_*AKF<bmjhW
zW0Kg@@6E1@eI3^ts$C7|J-1oG`p8B5=={U$v*xe%b$m}Yu&3jj=P)7G<E|K{KXu$_
zzB;~J7~lH+vYJlEw}<mXwzpmff(_C=T@3phr1K<Q7yHx*>!7lvi!d*<d=*Jo#QH13
z{P03amqR-JzGo4qf&M<}Uw`_ypJMvoTU_mba=sAA^CyLWOZuNL>(`0&NBQ}4N5i_@
zSJ4bOo;BX(eUdr-Z*t#coT?t}Y5!~Ce1_??|8+M==SoJo4bo}<^W1wcpZ34v2KKc7
z`5V~tq<p~!>9k+<H%O=bD%>DlRr2lg`AM{!FX^HU($yrLyFt3Tr1LgN*U)@7s7D~_
zoDJ+XHQfgGT9U4~K|gIvy2=LqAe3~$2IcEWx;pdi%wBi8nlI9EzVB{L61u3b`~F#b
zACz=mjB}>@kfduNo&N5D6wB#JI$!Fm>y(PjH=1s4C=31%e)+Xyd;JV${?dI#U)JxH
zA1C$D`L`?fWt-q=*vEY<&Ldh5-rr(6sg}e2DEGHHF*xM9SMD=uetAuY>z#g&xu$dF
zLmk&0main~DjTHpBwZ2dxbH7Zx(U|#%(o)xa#$}gT~*R`ael#b1Ygn(u@BL97O_*4
z4;5Y)@myzJ)1iExeE*NyYsiNQ{K9o}An9`07rK}?o02ZX{U`mt9uYe&`QR64*RQN^
zTha}2z8E3jP|~>t*h9MCmvqhs>E5CCaDSZnzEkaC9pz(x@-9iY(YmoC>2g?ybA8!W
zduR`?w|bJ!f8wlPnC@ee&O<tmkG`a<-*48Qi}m0@(uMFJ(+wqEAN_#iXe8;P4bnxD
zt`5J@-dNJ*cn*vHGLdu@%vZEGm2^Y+#rwnA>y9JyJfEj)$h<CQ)&zRKmv1-h^FitT
zYdv2IWPiT(_@rI5zYN9h)5M~NUCeJBcUpi7&b@j5yj2r&ABy=XC+Ui?$9X?5={(qT
z(Jn<v=WdYhiIOgdc47OKG~EX6>`A&J`VIY8R(m+#aj@^MNID<&pr7lSFY3X38=5b!
z58Uqtnhy6VnXW16x~MPbkCvnh&zPMTnC^|5?!0?X*Vgjkx<q@oNV+2DOI+tdN$24H
zE$!(%-GZN)t|Rus4eY&F(zQ15Usuw(m@gyr`wwb8&Ykri(|t(oVL#4s)RS}p`ycY{
zOS&P(Fa0vmbhytEVI4S>banPqyuUe8dsr9g{3c>2k`G)@Fx^<v1?Z>r%S6&`bbd3H
zbP?Kve$jb9L^|esoLnD*4bp9ubUxCB@1DKh=zWa|&SN=mr1vq{|F93sZ%!(l!}Y_*
zeXRVJB;5q-UZ$%`x(d?KFKtOTL_L`97D?xvbxB+R-G{Ls=>3^K)~NydeMjs?NXLA;
znlIN+u=hbp*TTH!$#X8!ot&QLi}@vjJw4A3F@Blu8)C1H>l^Q1j3u3mdITSy?N@s4
z9l$TNHx+w*oTJl!dhQ)yeHUW=r03ot(gpC#R@n$oP+wo3>r+4L{k4tOZMy#A`n@RY
zEw!hiC-KKgguCZ}t1=t<B9~$86tY6|IS{!FH|Gp@HbE$I`B?+!%rg(}Sz0NjiTWbf
z`{HL_y}Z0Pl{!u&a(!On%*Fltm-lB9+~<-QwESlp>lvxziagaf@^hcOn!;O0e*Sr@
za(^B9lXbCXk_949%Rf^)^ZkG#PwRhRW&fU~-Dw7W%B_1c1&G#@XA2<bJ!$=B-RroJ
zpY1L!uefRUjwf<$-^Z_t;!i&0=Rh8aT<d?)-o48^GHF8OfAMuM*z;?Ps|ordSN}X~
z@#=%SpOdtyO%=iZv-j^`T3%Im968_9{Ed93d$^GQ?Eb~Y0~vi!<eGnZaiRW#>sC|v
zB3J)jws2r2Q#>aSx%R)ymUmo}G4F)1f7$Z#H3#df_WO`uzF-}=Dvx0Q@_pueHL`zl
z&Zy<P{NU0|3RmRnpUV%fEH*Ow9`v8L*qEuG5B=vI+?TDs6Np^>S6MiCVDWjY<qs)e
zHvM~XbpZE8uKt_t9j5(7uJwDt?C^1%6O+EOMe3AoI~(PST+8>uJ^L1y53WuTp2*ey
zi<XT0GcD*t|B5ST$7ircK05$Ik!$&`I`68C_Z_E?{IA-%xGUoxC!)N*u(W4K#)Pal
zwSHG&esM*v?SIwEb@j~fb3E!FTrv%~GtIykx%y{e$I6~-GX?^YYx^zi+_~Dg#!4u1
zt^dN_-KlN+p)YbR-@@KKyO%O4B9UwT%<$N|XDQP_vVLFHpPhePk*E3ZpUvMBd0PJc
zyJyCizgE85xlK6(*uQ#V)pxcUA@p&1bNbNVf#DsAT>Zae_wv4l>;+Qxe_H+>%k}Fr
z?sHtq_b;w?ev{Cn{NSvEe8_h$tSn^h2O`(<?c7m2m~Ea=<k~(vughNjO#4H=xNBiY
zrh7S&$hG|zmuCIz$a-AuFaGMm8TYs%*YcU=!_u<5S_6;zxPJJM@7lF@A=`rjk!%0l
zwRd@8C3AfaMXu|kUD?iUiqWV3(t(wQ{i{tBiCo)vm$`nemfn1l{f*Yo$amNFtfp|+
zk?+l1Ks}MGe|H_6Euc^RgG)OKXRO)}M4r~)$gj<`KqzuuUu1n}t@K5%{@GnzwQWB|
zl<%08JF-8~{CDrzeQ;s_Y9Db$uKi>8j@ka_iCq1=dq;gH2Y-$Hz|8y*tjXWBU*-Z5
zt|wnvokIE|Ps@h}jwoNg`rxjt3m$MuOlkR-_pDalNZd8@+4^}RPyKhm%)goT^C7P-
zEbZKzxj+T5Ut2g(%N8#bx%SW6;@<l1jEDOo*Y=++y=i}uZxN$=IDq7Si<aM9-dAeN
zt1fUwp6btT4;)YA>VI=}&u$MKf2};TIydwGT6t#loB3bl+CIkq>gLDPslQe~<6TpK
zk*D=LfCYe@Go<!c7Ou|v-xaym|C+^_%Y)-V|C&9s6RZ#Yy^FK+Lje8Ri?gZ!8u@|M
z$<5ZE@|o3_slUjz|Jc=8W_jW`a-ORGN#wgz7r5)n_oZ@A<l6pLe|2=4{jbP%{#w;c
zOavm=^6lHPu%ot^ns-9VXS=7<7rD0IzS`{iDH6GsZyy~j=bWkj%<A8af03(y_8ECS
z)5AQ<m-m|;*y;@9i#)BLk=HZhH(>r|eYskD)Be=Q{-h86rG<SN@0s?e+$?~y_8qw|
zp!Hue`<JZT6}kG)%CiOZD98Nki(JRg(w^+%%Zz{O@7*)g!9$U&|IO}fW{2Dtd0PJE
zmD&1>T>ZavVDI8$wgPf4t>s(Zwc2*p53b0y|7KOK+=G4{>sMdo>c9HJ{)Oxq2t=;s
zH}cHl+_b;Qb$-wG9h-k&<m#XLHM{EzE321~i1zm{UTgKzKRGu`%V$nkvK_z`x%#iZ
ze|bmt8skxaW&cXHgZU!Y^6fXv(;X|TJLmxRtvp-DP~_^L{RfwRH7&dO(5L-_ODpCY
zmL`cruJt=$W|y6*)O?Wp$J+h}7FT^|ler?-`X5-_yE{9Ddm`8J9a!8qv%dFff6wl0
z?oJ@`w0wJZXRGgoYxI9@M!(PeXHJLA_!qhMpV`%yG4-%ZVtd*?2kMJE_GH#CuE^8+
z+tpcdwFsWb)AFw@%nU$(t^Ufv%mpG?BcD0mb3&1){=IH#$7=4T{Y9RZ|GEP^%nXqx
ziA1jLyTbL4+_zQxD|<4FPh-Uud8)rRQ+OlyD4(6a9be??KO9dw!8-En0w@%@`gitp
z#MEEpT7N6AudE&+M6^G9JmEN}CGD^C+v><nT{!chDCzGfvG%;%%<1W|Xhq~(v+~S|
zX`S-=?15HG<R^*#nP-|2Z%6bw$++pxl_xXvP~<18{uSq*fBu!LhdL9HpP0(eKkv$n
zQ*#eb{GsJP6C2W^$hH3VynJ!L-E_Mzzron7h&;_-i!TRPb&+q={8M>yaMhYCPu8tn
zk>7ufesVB1oR_~G98KogmxGbqBa-^Bu`dS;MUkie)AA?H<5cG9?@l&eb&;q3Q~f>3
z!n-w3ZWorO&fR(W%SCl4@-_aIh2><fJXu)g<ojpV)L#~kMUk&5zqu{2Xxm@pYy2Y%
zhq}nu^bfi4v_ziv{{v>iJ7@LOxhwLtd<T*V?;JVUABsHfznBmvB2WEuaOuFpuEldI
zG7NL_Jgw$`@xdL}l+B)0&xMO3SNqRiTDW@e;_8uhMdbID{%P+AT$EX{)uC_Ymzo{1
zBzIct=wE8*EJ@H6xt7oB|NPZ2HEW7wULJ~E{cGjVU);O6AcwLO=wE(`-EXYskdx<n
zwfu=(YwtKkk!$;2{sJ>DSJj=0$kjiwd{y14Q@*(G1?G~OUQ}8l*Yd~r175hivamO~
zDbR)d`N`~<-nJQvT+3&S@3<yYz6tV=<(cy39-WMTt^W%b_tls8FYMP{Z&BoGKQ3CP
zfh*9zqIjh_5?ej;s;`yX9-3bAS|Zo_UvX~nyeGyJbdsbia&3Q1@6J%<TD~jJeR8a=
zhYk~wYyZFEyz{QqDacNdIr;tD)c$!-N(@K|iy}|$%jH8WP!YNM?~2*Wi&LjOTRGFm
zTa-Wf+?hKjU6H5dH*zh%y~GUH=qDNIp~*z#+CQ(DZ5}5l-~XiZ+Z8j`P5+-OPcASO
zk+0fcz4qE6Twf!%&9ALv>c6gBy=&%wk!$@Ic3!)<e`U{sMc156n>&|7k?Z`paNvNE
zFYeU)UK5dP`<nX=uD$27cpw>qxzm&WpOx=3!iC+*3{(`k=6|)lE}0|I1G4U{P=EjO
zHH%AbeUIEVs*7C9w_|x}hq<M&sO4)x-w4fudi6}SD{}3B$^C-WUHg!7dpj(1PhkT4
zvDY+n(>}S!CiU0$Uu^6!N0z%6-CYOcRdrG1+P=HY{oMWLOw+cl{i}#v%eQOK;@+K^
zn^JX=tABUx*=w4vVK)7V|63wg|HSf@<z;v8!hYKXUFye^i<{mS8j4)YpG-ckDP(eP
zJrTK<f44oa*s;3h%{?xuzs^6k<pV2rjk|OCWlOexMacK;-MhGZVXu2&aq*hC{*=!y
z51qQmb$&>fk5<|IwM4G{E0s$dbw#fAOXYH3a=0dcb2nknPWQmx<#<~^5xM%;RBgfC
zxo5w*fG*ofK3ABn|DFR^n+wS9{mTcFHZF=>{kP|U>G>;*`;yX|_7}O9-<+4a=1ki(
zaouFH)2WMG^WVF8?c!edJd<Xx8KtKF>&nkh<z10${S*E3T{D2=8*@XEYyUFCb7AjQ
zt7k?N>c{e{ue<6%vT@Fxk<@=ye<?lHDvCVKKh`%lz3pQO#tD`6<>{$aeO>u-x`Jtm
zT>ZPxEKke@I6ac-id_3oVtDnQ%uwVy{*q<y>Y>^M`R_9gXtXcaW7XW5N&VCO&3UC6
zd9r#n{a@tjpM8m3yl3h!a`lgu?=nYTi;|*F`(|p}pV^eRAYU^3lI(`QD{`&h(&FMy
zb0nD_strZ1{cmY;<z>tJuStjSMC4k2J9A!jU}0ZfmY}(_lKQKEt^8#RdseiA7e%iA
zS+X~DGKYp0k*D@Wu2W2%`nGBI?TP1>c>Gho>@F-V@6_e5(-nDIzh!sd;?6w>_qn^`
zAvzSfjxTew_Q1g%HFxLYwR?6LE0eYQvD}{P*=u0#Y}9{wpIHI!U*07HyeRUt{>ulh
zvr~LJ{zbl8z7;n+!PG^bwx7*7W1$7PnRXZVn+Zw}?Ybh@_OV4XmynvCiVa1s^*8dB
z<sHj=WqIICM6TuEZ_gt$2S&NaC-v9zS-H8RXL@l`!=lJFe=~6|n-z!_&#8z!wQtTV
zYm2Lg!u56J>EJP0wAPWYEUX@ycSWxLm9<||y{Ed)P~_VGvTH+IgNex1KdD@vo5`J%
z)PId!ZkrWFuH!q^m+MbO<jh~6TdB{nug_()=GfQg8oDA!{m-%2d3)b{DDt#@W=@Yx
z{paZK-eD#pvj)jMA*ny>C&w2~QRK{D@0(UcuImT&j~s6}^*M4m-f&tXXZdyh>581~
zqxa2*^W-wYPeji8>3y+WF{wYxFUK2BQRFP2ULYzWXZ!29dL8=ld3@%cTnqZ<s&0GM
zReDdYD{}RJMjj8Np~!XoncML@%=B4IMz3lA_2uWPJa=wV|5U%eXK88m^6C^tuKqi)
zf1jCmS9E%DDk4|^#4Go!&FO<=P#3w*FR?sx&$C7QcK;sBlPgGfuDrf%SJ1=t>}MY7
zn5-w?vwFaiI}i1b7tX6UJc}Yv%RhTO<y1tT`e*id%BhPyZ9kFgebtu8wSSwZEmz!l
z6L9sx17>~N6}h(0N^Sr0%QEdVME>^Zcz?S3H0@9OW^1u;Vd*;8_Ce#o-1$lU)BII#
zj-d7%c~Rs#KFqYUyl>y~l1zV21^PH%bLt{j|Cl-J;G(&N+lMY((|#?HYyIrnL+1wD
zg}NeF|693Pp&eLWvQpFj>*#0iNllQy)wl8;wig@y+!JTVzsj`?MUm_Hw(^7VGoQ%{
zp(66M{QLK;WN(PqMXuxHWmdkVqubP9<PVB#WA4A$i}T`6_n=*++B*&InIc&~7>fP_
zM4a9}xEu#<>#IAtCnfdQ{8Rn-`k2{B&(W`l{wd6#8|^vzEz!?WUoUWT^fY=nPhT%^
zns82-dva3$HTmlWZjPQtS496I5|R3k8&y?6*b@CU{^v#pdWu8QU(^1{3Bc+^rV0pi
zPf6<kV2Mx5&w&m-#fs>s{*!~Db992!gmc1{=xh0(>dFo+Ge^u(jiZO6|3FFf{GWY+
z8{gC2wP#0qk-8THxl&Sp)qkP6_+AvBq3u~-N>7>R8>m3vod2dvAUs;Ou924LYyC6&
zN2BfxsekU3oPyWQS0i&5%+^0Xzn#5BqDj{cE26Lc|BB4{?9p`LmguMT|F5~v8H&En
zKda}rN0Ymm|DQTL{xkY|M6hnXHL|is|G(sZrzQI8KRKIq7xtQ~+|KLVJxk_Npo=NZ
zG!qV~zkm0^eT!y+X7|}{e2}=Dd3`9OnS9JWEvdiGKlXe$UViLcJg{T`p1L_DTceYW
zsEEG$Kh`(PgT%<L<^B5>>}7WDUrY3L{)x|*W%q6lxqkIve2O+#-5H9$`fta=l6_$*
zJ^(WZ$z~QYCo+07XB{)Sr_c6(b3VOf&IZlkH@WYcd9`63ZFBx3`da^tzFms#bh9sy
ztYe`i`s)AW+#-JIYQdi3F3vnXwbsB;^iLI$=r8ZLCxpuf_nZ6l$wG3iY8;chaJK!^
zqtUns<|t(4UYutvRMzMpxW@g}gXRXFS%mJehgIoO$+{(IiN22i#m3?ebF^c-&CyKX
z&QSDq{*L>ueJJoK`o1kt?isW7kI&E3i=bTvp0RGZHL@c5TK+_T^(OYcYn%0-=xhH~
z{rIUKy@=k6k>Psfzan|U<BX&5VD6bo{k8wb`J1)N`RASO%Db2MlDlbt(O3WP*=Z)9
zJ?1Wm?ST8tQPI6Oztf`rQvKk{6U?A7!BG_78H&F8?|-*<H8FB!SNTDLM67^HB0>-Z
zdFe^V?V0ZC`u}r0<A1vu+g<5y&p2^R`_+4|s*9<vs#JB^(-~RJ0<l0Sszpe$3Il9V
zK#|3Q0SPIi5n_>5OJv0&nguHm$QyoE4Bt8TocD9Ps=Je!pb>P-u6O^={lDj)d(OG%
zMr4<Zl?X=F7%LfUqPc&Wi>Cd$ei(i<8G<?Q8csh`<a6Ph0<ZK>w{PSR;2|>}o(m`u
z(>d@ehdK`aK;U)!w0uIH5Tl_NVqWU3yfT;4<InODT0enHM?6O3v*0wWX~C=fqZL95
z2;ECa1CN{mQ-N3fPsdUgpl}9bNK0Z~qn4Tc9tgblKUOT{AIw0Ag&;`)%bmGw+OO-^
z!0(X)LPCmS0VTXmf!FyDb?N)&%JKtQg^9#7oKu0<`it!KgxCw`UxC;8pOQapgVBCW
zFJ!Km_DA)f^!B<tgQ4r~LCQtTU`C}AK}~_z@)PohNgulxq^Z!CNdQ>RsZ~Ds_x?_|
z7r4YH2ZKI!`PPCZ?}5PU_yL}-oVng3Fp-ZgnsdusO}8KLg!CaLJXr=!f!FZ^JY<I;
zJoW}I$x>%jITbV&c*Q?}$Bhl_+P$#7=Yk4RK}HHH_8eH{8_61pe+d1iR8wQ1ge!9`
z-TncT{XHgsKuP&fBsy;V1zzhP!xI^X%yzq&Nb@t99tl653`rPx1pI-(EB-*=y$0O{
zre3;qH;%X|iT2vg%=Ps8=Ndyq$UWbW#4t8k<ZlYR&i_dM!c^$-b7*=L{PE3q4g_A?
zPp5{JLBF?e2=KJ9I;wT-$lNgP*ZFH^jk~tGev;i6`@g_z`vqQ)F-Do<hyj?|<%|5{
zgzPKlK;RXB>EZi?>?<d8)3jgdZ-qZ0`^sqweANF^|A-DzMrqvTDc4ls?fReW^a}hZ
z@X`25`6p!mIGHumex)C@{U>DqI8A}q_S1?B-8<mIFePrT|D{@-_Dm1M19{To5lQ1Q
zIQ&51wg1eKY0L^pCz-*S-%O7`otT+F4n)@HHjL91wtP*2*Zt@52*+&|Q6Dq*l+{$=
ze@*g@jvgmuL>&nHX9Pam>$aerV@|MO9(Y;oMxX*mhNhKN@h9`LX}`kj`57p%Lj)XC
zkst<>I%6?3*1y1O{b|AXq2bb>?6z<Qpuz`j7aCKdPnLuw_tb`mbYTLE1!fQ8RY<$w
z_|QFW$>>1fe?|O>^Ea!=xUGHcLi5?6nOmm)`YsUI9(y2~cn4G@b`%?;X~A2(6XM?x
zO9abe_Fg;{_)kmy)923w7MgPkI}rF^O~ES@77Wb(;9RUNCW#WC%x%+t9l!MXQ{W9U
zNkGNUrogAlS0r+L^_{7}>-cf`C$GM9An>XFv*3@YzLU9=9)B+1Xy`7xX;$9M5opeX
z$E6fxfNcPdBM#zIfls!dCm*4}E~)7dH*Y=(b0F})Awz<>I|L0f9CeBN)gAbIJz}TK
zB_lKIru{m8dVcgrgYkGpxJe0lbv*LM)f9N`e}&ic=W%Srsle;}qx0iq=+BKp(s2jk
z!TN<H(kS!Tg~NX!@Y;W>Uq{_XTo{N;`_OcoOMzsXru`8-oj*^Cyik5q;D24}M*3^r
zK6)P4gir;buDu=XXGSY)M*XJ(ul>iYD}n?P1n#8_<^xmvZTNwEWpj-<hZBEqG7677
z$7H@}+OPG;`QzTTJ8SpQ={U;nKo98Xqfk@eb^ZVz!cFMl$}#4+W7JgOqxO@27pouB
zzJb|8{9k58%;-F7|Kaiz`d=<){=A*b<d@k<&wo09k^UItaauRAs_4uLGzDJgFAbe1
zU3d~U%2eQ^{s-4+gzc|~6)?tG{J0(Tz=Ds@UkM2U5JCsp&7x#7o9Xt)@cqGK+P#i|
zr4DHdysjVF@RbZhsmz3)RW$eKRN!_0jm}TO2zG-;yokVxpi3(=*YJVBYyU;?ZEv@W
zQxM~UBTkW-Ez^F*pAozv<O~lC^I#07K-v<HnGQ{X*ZHfof=h^uC&STaz^TCN`q2)<
z)b|47L|_5KM91vLqY4Lh`9lAnkbHD9chl`R?R4X5KnQ5iUzyu}f!F#AJonpieNR0&
z6?mOLG2$Xk*Rkv4DpOJ)$@F^sdtlceIKKhp$z2BwVq8EWyOtp{$s+TLX}`{&8T3D`
zg1P7Droewr^1HoBYIW|Tv8yLo8VQ$lwMeoJv4+1B*B<S+;60zXUZnfs#Z<dH-th<x
zg0@dwP2y}01pf1qDd=}I?KmG~!V1G6K<DI;dDXOkF@~pMV=)W_P$?)uhQ0kn1DXQ=
zSqV$iuZL%$O+-zPgijKX@tuZ5@y>x&|1|w7N(jsDT!~2LUb_7TJ|X}?zg0>{5rR#D
zca!a(MgPvOzB3j0=LBB)rvYfVA%;A0p2124cCe7pfmJ?87ui2l0--xd07GE0-nI5&
z=1b}J#|xjP0d(xfUGQ(+0Hg>wnj6<wUc(I#1;)22@UDbK_=~v5bdipb@T5PN447K*
z<3Stx=b&4BG7Ok%zt>9K3(zVY2)xd}X#FxFI3^-uyuaHT^q>wRDsKwP-^`ay`xhiM
zf`{}Mq6e@*#|_klh05b0a<O>XO@TkF@Hpy@iD&8J#L9QQi4@emSVl8}&8Gsd<4>21
z4#U$}9EPPL4+LJ<uhFlgR`3NPq5az+Ndv<eC(JB$rBCL*Y5$Uh>6v%d_Q_{y(J$95
zngYM7@J4Jv2n_Rur8z*KQLm;DN*B!islcxYymmEu&-L24YVOYHk@3!CPcA4OSoJ>^
z|5)oV^A*$nWhtNGqvfAcgqev3ngaiVz|WB%0+S9VkZQC-TElb&MCQO$;1w^L{m*@a
z$yPl-o`*D`k8No0Jf`B19PSe-??B+o;(tEMV3W2SYDuwh-o4FYpfUR^rStA}GHWWn
zC@;w(^~pUj{Zo<9`(#@HM+?;OLn&Y?`IjXB82{GH@%b?NojDGvN+&$eB>!A8e{{++
z^&;i1Zg!n>mt?0{Hq1jEmPC$eXY;pA|KufD&%YoUyQC_M13YP=kW{U;4;R88gPenq
z3x;uUz#XNtJLG#R`D_1txV?|{zisMYmy(|+1+EXVkfG#Xll(vA?41M2|AOQnt=}a7
z#TsQ9dknVlXO0-`+(Xkpmy`KFuMDP$zR+3pW6r2&FPUsVb<uo3E#J>wbpF#g-}(L}
zj>`Rw`M&wr=4;X)wg+U}kFo8=D4hM(_s`#ychKLHufFpV*((=&_-gN7-+6Y$p8lKi
zeNVm@#cqFOzhB-7c_?3fuT$Sq)%VBr-Ng64V|w2GBlCSI-?!xZo_yW6BwoI6$@e|^
zx_>P3@_kFb@5%S#pPG2PUz{vy<U85^027LhnP$yz3&&{_%C4~2HsPaz`O-eie6wuF
zHz6ILQ+9BJY?q9GWIKbQ-|Mq;yn{7onc_QCmD7OJ9yslR(;hhOfzuv1?Sa!CIPHPc
z9yslR(;hhOfe+9FKjS#~hd;f+OYUdy(=WciGt`UGCg9NT`}q5B{J)17a{u$l@C%;3
zdy&&V{B!eloQD+szVmVOZGP39<DdSWiRVcCi2O9Vw#0Xp`4$vs7yamca;>%AuYOa?
z|BuP{J{Bd0V_q|qUquFg*lJEP0B|^#5-%6bXQ*U_q8P>OWpk};cwupP#u0(XyKnc}
zU~c-a4JYHB1{h%GE`(+BG+8a@_ocqWq3O48ihoD^-xdGQf7isPfZ>sn8<4QkI|Sga
z!hQ*Eofypv(uQSmm@z8`{_DPbW6*HpT<HA)5)w>c*apmLl65eLoLF}dUZCl$2}x$G
zH7+H~24@}iroKjeYED2*zy26^@1V8g92sfqaBJ<(-Fw@GY{l8$eiV!c+icBQ+#MK$
zz$LN)SPT0a?~`P6TVn8>k>lcj^U4JWY}wFhdp+D1yyM+*URdk5ofZ07a=Pc76<Bg8
z6iekwwO039KGb8K`!cpVnh!XuxNF!I^{*-hl5NYx#kvnI9?~8fhwI(fFHsTO{0n|L
zl$XLdbgkdri>4dRFmO<5*jZ5Mq!y36q<J01#EoYzy0yW&|CsC$qU+3h_iZCWPQ}fT
zFVnC%kkf>Zz1PCY&|QHEwFylb<F~ps@-8h7mlucU9Q~$Sgj^srmabuwD!Qh~!?nc}
zb>>WB*EwPqyQT_|Hx38%L{fLJ;kI#S0!s&i8?#<W|3)r>x=V|}xiij5lWXra+>o*-
zs|mCs+kv}?`=zFs$KAahc-68))Fmkg)c`2Q?ZfcJ1;FyykfSvS_8IqJX=0AV*amXX
zv10-uES(G+B*j#HEVj%C(aT;ppiCs!Gm<{e1o2Urh;B#*2k}ieVZ0SJU7<h7lz{Z0
zGS%U$w=J?v1rwq!N1k!;z!8*bpi1LA_uGUpAGprq=907Q;$JqKb<nY&SlnzZ29Eo}
z;t=cE<VtsWOwM8yqCFbyx}5=CFd-eY#j9F^N#BF!z{%1l(Ba~yU3jYhNyxJ`xYC1N
zNlZqaeWcFd&|0Kuiohd$4h8y@ka`yHzEK<lh7@upogR2Ooy19d86sMoobC4BfUVXw
z9LyT$%o#3_0y(zE!53a!49rZmqVt8r3E~Er8JTLhcy_Ux$0YW}`iBfoFpSY>PQ;N|
zZg$+#;^s0&ivFKFkL_vif<rHA^aE^Jl&?$Xv|x1maU5*6+$bEz2p>xowEz1~BJfbz
zQ5=<xDb^1klictEYT#aQNDJWIx9Q!l23Gn7=e*nArC*4p_IAj@bv)zTcUGMTHcI8`
z#kcDqABQHuIS>eR<AzW+Z?stCY~pBwM}N$+NTi_k1?_rDyv!;wG*cdX5NFc-h;xdu
z2Z`LF$jQq~JEY+PAAA8niH%@Zx<oE!d2(Kib%0a_6S#yfFj2V%(Pm}}G?_|*S(5`{
zH`cc{E?v2H`O=k_9e+fR8QoalSYO|Ad~aMS3937(2XBD|G0+%y@59*pIz;nxef~}-
z5ts6zB6+GnfqshgQ*y+}d*ACPocV;ikZ>1`yI6>lvs03@TavT8nCdA=KOsIbDj3kl
zFxLSFqaXyv#xTnMPGgCALHE8xx_3(o8-}2AvTRM!$zslcwsEqI-gO<E-94+Rjk4w0
z#qn9ns^6iFER|6-xC$(>tm%nYjKbG>O3j2dt!PbfF_8p}*iuFV?CrZWpK0sF3liP0
znM(tR@xuU`w?zGMYEY2TMaVNwR;Oi_`zfjwi4q&GQUAieOIOd%INi3pKbV{a1%z~@
z2Ip>Gy9Mi2uR~(VhR9h_3x@^P^Vr*gstK1r9%mDa!(`1m7^K=tlnOe>95LJ_XjWqH
zIy>ogaaGS<>76~7gq0DK^GH-%RTD9H6+!a0fy+Qapb?;CfM(Lmb9Qp=iH6P#yA+{0
zk*Pbxr9SN9xX=Qn99-`-CX9`eacaU@o~Xui=-1n1Fx?QFw@kmRxNO6mu^F2|ot1>{
zbo9ASa~csT4KcPOf_d@k3Tpru3l~e+ywMtvcG&z)38a$|)q$Svq6Gq}BYl97D2o8d
zxy`6*28hmUuJn!d8&?=JIb;7(XA!&2jVm-sFgJl|B?uYczKkr5x%fDo?W19RV%H*a
z$G9N#HV#d1e01D_&KU|oi<WL*MstL|<8Hi#qtNzRpNvvdJNO?OOjhI*QP!X(ylqn3
z6q1?-ooGR9P?HfUG%a3D%yKC;CSGaVTi=BKJ)Z)XcDzU2gQAOdp3V&Y0d^qNSY}BU
zAcHZjAZHa<A66&W=b<(SoZ0Kq;e^a_(fW5;%gWIXmzAV*5-J{)P)@yA%aJM>C_&f-
zHuoCZ9%*+g3?V=c`Cl!I4jUcp(?RzU>7?LrjDzd|?J~i-;Trr;*vBZenZp)(4VGlP
z9eUxFNP7_Vg!NK^-18cf7}eMrt<T|L$aglW?{qwfbeGT}&NyoG{1YI}aYYQrc=vu}
zkMse^X7S+eE1xjX-7u9G2=zdh$a-x}gXxMx1xR`<!uvRb!TaEhL(4h=l&A+4sJoS+
zU|g6vC0#7R{<N;RTF{kbz5#ncMhRnL@pYVCf{^B~&f_7SY)~rjJa0cK0@4tNe3Xdx
zO+$9#ih@}IxT8;6hBPxh=33xrh1to&v4YZehd9nb4{7YS*eW}<eFBRZSO+|#rJ_+2
z%m%i?T6;vjy%s*kq{M|zbG$~EjirqVr#83a$Ag-1QIFE`)M?>ijgU@IJ{f1hLU`o)
z6CkyKJDpFkOM_l;&H);sbq)T>2nvE~4$L8adZyV}nXrXtrHra$I*d{=IY&e58NDm0
zU{M!E83^E<WQklIsUuBq$}bqu#U5xgf+xeZHj@&gKrx^?UZXoR#EJqvnHo&RFHsWQ
zEYnK~v}bbVnD2z+6Bt>1j07g5PGB2Qgiw&q`C!p;HHNT4ILbGu+y+{lL|8iMvnY>J
z6=tWBG0s6%iT)1cn_D#gr}EYK%;!zG#=GiQIQ0wML-kAio9fs6)vx8NU*es!Ql7-S
z>X-PY`Za&`OZ+?Hf0i}*xU1><Yy0NKYy0NKYy0NKKb7{(i`Vwei`Vwei`VuwUoh>O
z%GX&o{)_S*%GX^n;qQt6P4PdK??de;`Mx9HdF5xMyk|=$-)C0;YyVEqnRr*y>HN|7
z-18>BIVb)tiGOQOyuszGL^FYnp_gvb$6m`f2ZXa&#PVm<1430erC?PN#f|-)%8(`a
z?%TU!LO<F7Z330I7uW#wSbNM)MmGUQK;(uTe$*Z9;T`LUoM5tC7jnbh+#hd9`iORd
zPCh-I4k{|9LC(7#kUn-1kTBpwMP;4{K2EOmP}~9gM2PXhK(^e;n7QS=q4EBULqkM{
z9j2Y<91OIJ)ykU~M{Y0~WBB+{e-p<XDtR%BkM>9OBAfc)S8Su^DqRO#DgcSwCB@Np
zFdxNlhI`jlCIF6VcLXC$IJ2@bDCR-}lQWZ--cXC0oIMVVxJcA@LRHQKRHBpTAnmpt
zW6qgrgm^s6gp>v!DqAHQdTRmQI<Guf8W@nKexiX|Q`W>?+>D1cRgPo*J^Y4|?|e+c
zziRovF8-gB__xIWaq)l8^8dg}|0D6MyzE~s|NG+CYPo-C>SJVsj*}I?!r!*ycP;-P
zSpM&dU)%S6@oW8mXr=!b@oRm4;hUyD>i>-R)$T;Y@_*6tkHxR;`G)0x+w%W|<^Olf
z|EX`K`=@C6o0fma^8cRY|Bm>zeSc=f|E1;sTg(6VmjA%=|D)yqC(HkDmjAyj|IdCq
z-QG`H{$IBIuH}E;@|P_Ci<bYU<=?RUU$Ojc%RjXIU$gwbYx%!!`M+)X|HShDh2{S%
z%m0q$|AFQIq2>RP_;vjC3;qZ0le0xQ(8Dd<q@?W^r;|Mx8gXC6Qzw`4`ZV*fh*g5K
zP5|@U9SECnO;Hhf$LGxec(*;kp)mCTV072vy56>#3C4ROaTn>(MdwA@OgKaK8Kw^9
z5APZ0rI~qv@8b12WxNY9(LW;`+!``pMOSUG-#FZ;?I<0X^)R3gX6jXH>}`5O*-k;6
z7969jV258#!SQPsFxcr$y^$8jniNCbrbbS>0|U;Sx08bKhTB=Z`rINIvLyXV9=rMc
zOU+^+9HH=Z%?fr+-GUOi`1=^Th<$P+ODwU;n3-V$riNDV-mZk;DI8q7qRkM@bh=L&
zZ{~9vi0Wmt=!yoUVvwBQcP=^(5p|G_gCaWTI*{GbiJkas4!wgDQ4N@6{PK>NKfp|k
zr3@!b6*KLIbo-G9u;Uwv7V+0!;D7G!n50SW%8T?1243U_Q*niaJo3B}r9#j-tR8-|
zC-Or(!NU`_i&t0qpUdyj;A|hY1tL%I>kJEGh%+Z<3RWL+b8cMOqzleY2TQI8V`&(L
z5%|8;^}8!CQWzKkR;1DqY=|}<TM`QMKq(mq9wOx<G|W*^yxxhP1`luuktsOH?KVv<
zV)Eg8#$W_aVF+?|a+btdJzUUHp)skfRWs|yz{If-5OxwzkuwV0T)S~+{mwP21l?pD
zItaLVw+Yc3nZ_g41<2k*8leu}(?aChoh`x+h$f3o6!OKpYY2i45c}3{-9o&)!j?o4
zNC}27<xFq*M1@_tya8x)cNR%5-`zyxv2F|#4<Xl^s2vN0z~Nir7P9HyAtN3nc$tgj
zd%y7A-P{1*0JC!h>o6Eh41sXC@>JQ)Yd2m22gFFi4MXWschF-O#RD7+g<0SQif*n^
zZTOJ{nsJ72WnL3R?4?^9x6u~dY~6)n08+R>;MO$?l<w3zZ*IMO{TABIXa(#*@LDPD
zm7BM&;&j0VCIx?h^F){NV4o`B6zkOgAZj6DhdvEpHn-N%sf0i1;vpkUI=gVun_Gwi
z52ZEmM(78m;oz;cJ2b=e9XVb&E(`B*1~Dnt@1{~jEtUj#H*TPp@B$!YqeNkY$%s=2
z9Xv=#!EL#BrHMTJ;RG{?BsY<{Wz_lJ_02ES;RBp6KB*i|@yeFz%;@Bp?$qYS`gN9a
zArE5wT7CZN+MO#mF;3uH!b%7iVfv67x3-Q6x;ns&e~h(kE|61r^VJPv=sw2gEi7Sl
z4C4=q-TV?wOe}xM8E|);Ih2mfEIgN~u43dWMXqw>szk18<f=uky1Gia$d!*=Q5mJE
zj8araDJr8Bl~IbyC`DzIqB6=+8Re*qa#Th+Dx(~gQI5(eM`e_wGRjdI<*1BGR7NE#
zqY{--iORrpq9gBhm;M&-0nN7(Za?7;lJ0Jtew=W(hKcZmyT-vL|9Zlm&&BEU`GmWW
za2FHqQo>!1-Q7f4?Vi^eo3{A)(jT>}op4jUhHo0xK+-WF4mOnKD7DNeZ$yS>a5>&^
z?eQ)b%T%FZGw9Psf6U*F_1l;3VYOV@)ZG)T9cWlE(Sh~4n=?`Y-t1U+2%9X6ZYe!m
zHo=4^cDzGLu-2THUV6z%Df!%A96ta(awZ*0h)Zx7wTzZdXXQl+K?P{H-j6HQ@ky>l
zB2<#tv4SEfDneN>P{nkT*(jAzIw}TRehiezaL?TxuDnQ32oAYELQkMa%rf6b?`|7;
z+%|_q+<hu-7Y1{C0bv_L?PIQ695#d><?cepOjQ0@->Hg2sY58$U`X&`fTXFqQ7H9q
zDh1Jo(TH$f5wLO4HUxHmItta|!swA1RNVBOj31vAKm?Hq6$md4QtP<LK*`maF|012
zH9>|(FOLa*v<e$-FeftZ2~b4=^llnfKk6w6^qDjX()qw)8iNTC^vn9@mJyR0vH;r-
zNIRLANe^#-I;lupN|OpZjf$O=5j18gO>BaKWU<klM$wQt&?Bv^mqUvseB3!4+G)cG
zycQ-z5mlJ$$PdL3kqpreHA`EtYIHNz8-v55Dx|pdgVjzebLGWO&Q!rp6g5Y=r4BU{
zn-v5*R1Z^owAJx^*3BLgRl*Anv1n)_91CI>6e%gCxp13lz}jswtmZi6SppfVk;o%g
zjiIvQP|A?%&!;IVfc(a2EJacvt7(ZRQEZ%zX0F9DRZT2#Out>iRivH;J~b^ScB=BF
zkk=+@YK?J<v7x?AG|gPMLuVB9Okxov3e$=0qCYW2(L90O6llJ9<6aoDJ}qiSmH8|U
z*H@XBip9%MR3L8_!{W?Oco5yk5;PpuNrHvhzN#ovqGn{l)<$4@CK#vkFsCm%^-ER;
z)oMOWvCwe}g)FNs8(DcEZwi7BUB~Puj?=X4VcYiU?DtIV_Y3Uz6m0u=_Iok*`y2Lq
zFt&Ym+uo1;{)%l+``PCV-%Q_6v)_BM-!B<{KAqmSPiepR+FUm2^*)6C-n0EagKh82
zw*PC})3o2`n@atDQAX0X-<~^b>hnp7x9xM=@9{Mk)9tnGIob9BZF_O{`zIN(2e0;!
zZTq4bc`xOcw0@TTBzuC|_8IN>K5YBHwmr`2l4+mz*HiK9eHGjOrfm<<wr@GK^0VL1
zXj=A2GcsOU-t+}iALZlQ?`PQWiQE0rJa6FDUbg*ykNqBj{XU~@FR>~1JJtT2ZO`7e
z??1KP%Xlj5OXq(sZ|WDd*Rro{zZaab-e0iaQ_I-%)3P@;wd{}D_K<D+@V31=+y0$x
z&)T*xW!tN>?eEz3m~8vtnPPfA+V&4KVozD^QQGfwWVQ^v+KX&nH-5E$KehbLyCz=k
zBiipB*!C+kmOU%`eXxv-r`qeb-~Vn}?{Q4;nev~LiEP_jv+ZX$EqkiAeKXr$nQgx-
zBlBZH%4>eXl&|Y0BYwqC84F)Ft@kW!`=%MO_o@A9+n=}XNj5i3`D&jvBkj}mma*Qi
z$;f*GYEQpu;mfCjKXkn{E&J~o*}t`YO_?uhAG9g>D}uMmpIY{ir?S84LDaUFpAr1M
zXd|jq|7j1L_P}Wmoc6$xJ<zTPWjvQ&t(S}Sa?q;y<(%Kjdw#7Dw!$Fa3Tk1i7=~>>
zY$4dI7D^#qq^+0hrLbPCwz9t+Jw-jYoLoMatALlBGk^BCSSS`9<XI_{@+G8oatHv!
z*;Si`b2I)hA|^PKk5Hx2V6b;oe#gbzjXNr@k5Jqj3*HFwpgkz%LwkLpvEc3Emes=Y
z0=T5@ZfBwK#==cJ<3+cN5Q!nr7fXe9tsVMEbCpf%N*w%mAr(U^xGu5D^36T4GZz|s
zDLWAc!TsStFtwt<t-bxoy^gzr>3rC?4$HJrnrr<>3yu2=H`i}pyReGVo0qn3URa%s
zN2}nMc)itetJ`lR{E;_~;2`6LbK$}A!j;`%q0yi8ddmxIySRNr%`cQnVWn6L3ze{1
z^=hqLE$~W}LM!jL>V;Z99|o167!+#NQlVBUR%#yBO}kpnSHqxQs+Li;R|Y+(!i_a&
zQs4kj_G(x9?HVaOvka0Nw8~;|s?2)-GF`qxAUwCcR@jp)p72QRf#c3y?-yErq1GzZ
zT4ldnE*0Cwa;@&?u$b#%we8jFHLqGM`azABdCB*S<y=rNmW%C*7uInt9yP?ko9wnv
zrvOa>3<GAw>UalzvqH1}xg{7wJm+4!v$gT1<~ron?tL>*4``%5;&TN|THHCnTrTAD
zrIlQDC12mlRU5fNqgcomD%EN(U#?fajAjPJ_Z)4@8=`>7XLH#cB5=zNH#4z9@4vAi
z7pYBt#g$xTC12dimm0ZZqnyju3i)cKj#3&q0))mXu_cjsjcjAn>n1D|URijuY-M%0
zYK45MRw@?qR5dAeyM;>V=(sDsD<gC1>Q$EgHVR&`R?6k7CBM-2+g>YQ%@ry^q3Y$r
zdaYIS!$Q!m)kCix=E}uV9SfyhYPX8M*Dhdt^9sbWT|G(VlKpl}<z`KrCzv+_Ea(Nu
znkTQLfwbAQ5%9(W=|@q7w-12?VuEhFz1<BEcYgu)Itt}Vquj3MTJ3zz%hf7qY%X63
z>p%dxk{1TW7RDe~^oo^M=#}!-av58E5VXB^J_jv{qF)Ky$W?L*^A(_oYOz+R)Pdm(
zg`fpY=L3@!YK5X#5B*XhK>omN<)Bt;dAXvG4l4)cuv!2PiF5kEb$akbEj)jOHp~Bm
zRl#-NZW~$%C!ynh(&isS|K-Y%_Y3(%A6RNBmJ6r!-%r}zKNcKt_!Xh_7Cw}-0C2zt
zY@TdELxFJAYZE+!2VrhFHhW|Ps!*72v{T+PI1P#NwRXwN<?FSoU#fdJjntsF3Csl~
zg)>MYsDOY8YhJ;x=dcL?e-~QqdJd#lu@aR0Vttj-V-|!wN)K}d!sg{luG;cz70&}=
ztdxKVD>YDK*xgFCT)o_G*X#9a3lTtOrF_}1ma!ui3gtp7vjXDsMPyMdm)oH7azU$9
z2Q5`E*IHGt46F#DT+s5uQq9ko>VB95zQxN4)mF6?0MRBgd+-ET9Y1n^BaGF!i~XD)
zBls!(9k>4T&^WTzf2mSAJ^%fbh9i~j8;4dXQ5~{KK_z~``M>bw$wzR~r+VPjbJ_!^
NJ#g9s|37=+e*oxG3EBVv

diff --git a/tools/brload/BUILD.bazel b/tools/brload/BUILD.bazel
deleted file mode 100644
index 4829c719f8..0000000000
--- a/tools/brload/BUILD.bazel
+++ /dev/null
@@ -1,33 +0,0 @@
-load("//tools/lint:go.bzl", "go_library")
-load("//:scion.bzl", "scion_go_binary")
-
-go_library(
-    name = "go_default_library",
-    srcs = [
-        "cases.go",
-        "main.go",
-    ],
-    importpath = "github.com/scionproto/scion/tools/brload",
-    visibility = ["//visibility:private"],
-    deps = [
-        "//pkg/addr:go_default_library",
-        "//pkg/log:go_default_library",
-        "//pkg/private/serrors:go_default_library",
-        "//pkg/private/util:go_default_library",
-        "//pkg/private/xtest:go_default_library",
-        "//pkg/scrypto:go_default_library",
-        "//pkg/slayers:go_default_library",
-        "//pkg/slayers/path:go_default_library",
-        "//pkg/slayers/path/scion:go_default_library",
-        "//private/keyconf:go_default_library",
-        "@com_github_google_gopacket//:go_default_library",
-        "@com_github_google_gopacket//afpacket:go_default_library",
-        "@com_github_google_gopacket//layers:go_default_library",
-    ],
-)
-
-scion_go_binary(
-    name = "brload",
-    embed = [":go_default_library"],
-    visibility = ["//visibility:public"],
-)

From c4ac9413cf0db745ad9d16a5c05c40b2c6c2f1a9 Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Tue, 21 Nov 2023 14:00:28 +0100
Subject: [PATCH 08/40] router: mild improvements to the benchmark code.

Rely on address assignment conventions to simplify concrete addresses
out of test cases.
---
 acceptance/router_newbenchmark/BUILD.bazel    |  1 +
 acceptance/router_newbenchmark/cases.go       | 55 +++++--------------
 acceptance/router_newbenchmark/conf/br.toml   |  4 +-
 .../router_newbenchmark/conf/prometheus.yml   |  2 +-
 .../router_newbenchmark/conf/topology.json    |  4 +-
 acceptance/router_newbenchmark/test.py        |  4 +-
 6 files changed, 21 insertions(+), 49 deletions(-)

diff --git a/acceptance/router_newbenchmark/BUILD.bazel b/acceptance/router_newbenchmark/BUILD.bazel
index b35b9478f2..10a6f42aca 100644
--- a/acceptance/router_newbenchmark/BUILD.bazel
+++ b/acceptance/router_newbenchmark/BUILD.bazel
@@ -9,6 +9,7 @@ go_library(
     srcs = [
         "cases.go",
         "main.go",
+        "topo.go",
     ],
     importpath = "github.com/scionproto/scion/acceptance/router_newbenchmark",
     visibility = ["//visibility:private"],
diff --git a/acceptance/router_newbenchmark/cases.go b/acceptance/router_newbenchmark/cases.go
index 707a5e3280..58563602dd 100644
--- a/acceptance/router_newbenchmark/cases.go
+++ b/acceptance/router_newbenchmark/cases.go
@@ -16,15 +16,12 @@ package main
 
 import (
 	"hash"
-	"net"
 	"time"
 
 	"github.com/google/gopacket"
 	"github.com/google/gopacket/layers"
 
-	"github.com/scionproto/scion/pkg/addr"
 	"github.com/scionproto/scion/pkg/private/util"
-	"github.com/scionproto/scion/pkg/private/xtest"
 	"github.com/scionproto/scion/pkg/slayers"
 	"github.com/scionproto/scion/pkg/slayers/path"
 	"github.com/scionproto/scion/pkg/slayers/path/scion"
@@ -34,49 +31,23 @@ import (
 //    AS2 (br2) ---+== (br1a) AS1 (br1b) ---- (br4) AS4
 //                 |
 //    AS3 (br3) ---+
-//
-// We're only executing and monitoring br1a. All the others are a fiction (except for the knowledge
-// about them configured in br1a) from which we construct packets that get injected at one of the
-// br1a interfaces.
-//
-// In the tests cases, the various addresses used to construct packets are:
-// originIA: the ISD/AS number of the AS of the initial sender.
-// originIP: the underlay address (and so SCION host) of the initial sender.
-// srcIP: the IP address of the router interface sending to br1a.
-// srcMac: the ethernet address of the router interface sending to br1a.
-// dstIP: the IP address of the br1a interface that should receives the packet.
-// dstMac: the ethernet address of the br1a interface that should receive the packet.
-// targetIA: the ISD/AS number of the AS of the final recipient.
-// targetIP: the underlay address (and so SCION host) of the final recipient.
-//
-// To further simplify the explicit configuration that we need, the topology follows a convention
-// to assign addresses, so that an address can be inferred from a single node and interface number.
-// ISD/AS: <1 or 2>-ff00:0:<AS index>
-// interface number: <remote AS index>
-// public IP address: 192.168.<AS_1's interface number>.<local AS index>
-// internal IP address: 192.168.0.<router index>
-// MAC Address: 0xf0, 0x0d, 0xfe, 0xbe, <last two bytes of IP>
-// Internal port: 30042
-// External port: 50000
-// As a result, children ASes (like AS2) have addresses ending in N.N and interface N where N is
-// the AS number. For br1a/b, interfaces are numbered after the child on the other side, the
-// public IPS are <childAS>.1 and the internal IP ends in 0.1 or 0.2. The MAC addresses follow.
-
-// TODO: add functions that produce the right numbers from an intuitive descriptor.
+// See topo.go
 
 // oneBrTransit generates one packet of transit traffic over the same BR host.
 // The outcome is a raw packet.
 func oneBrTransit(payload string, mac hash.Hash, flowId uint32) []byte {
 
 	var (
-		originIA = xtest.MustParseIA("1-ff00:0:2")
-		originIP = "192.168.2.2"
-		srcIP    = net.IP{192, 168, 2, 2}
-		srcMAC   = net.HardwareAddr{0xf0, 0x0d, 0xca, 0xfe, 0x02, 0x02}
-		dstIP    = net.IP{192, 168, 2, 1}
-		dstMAC   = net.HardwareAddr{0xf0, 0x0d, 0xca, 0xfe, 0x02, 0x01}
-		targetIP = "192.168.3.3"
-		targetIA = xtest.MustParseIA("1-ff00:0:3")
+		originIA   = isdAS(2)
+		originIP   = publicIP(2, 1)
+		originHost = hostAddr(originIP)
+		srcIP      = publicIP(2, 1)
+		srcMAC     = macAddr(srcIP)
+		dstIP      = publicIP(1, 2)
+		dstMAC     = macAddr(dstIP)
+		targetIA   = isdAS(3)
+		targetIP   = publicIP(3, 1)
+		targetHost = hostAddr(targetIP)
 	)
 
 	options := gopacket.SerializeOptions{
@@ -165,10 +136,10 @@ func oneBrTransit(payload string, mac hash.Hash, flowId uint32) []byte {
 
 	// These aren't necessarily IP addresses. They're host addresses within the
 	// src and dst ASes.
-	if err := scionL.SetSrcAddr(addr.MustParseHost(originIP)); err != nil {
+	if err := scionL.SetSrcAddr(originHost); err != nil {
 		panic(err)
 	}
-	if err := scionL.SetDstAddr(addr.MustParseHost(targetIP)); err != nil {
+	if err := scionL.SetDstAddr(targetHost); err != nil {
 		panic(err)
 	}
 
diff --git a/acceptance/router_newbenchmark/conf/br.toml b/acceptance/router_newbenchmark/conf/br.toml
index f3857e2727..d583bb7307 100644
--- a/acceptance/router_newbenchmark/conf/br.toml
+++ b/acceptance/router_newbenchmark/conf/br.toml
@@ -3,12 +3,12 @@ id = "br1a"
 config_dir = "/share/conf"
 
 [metrics]
-prometheus = "192.168.0.1:30442"
+prometheus = "192.168.10.1:30442"
 
 [features]
 
 [api]
-addr = "192.168.0.1:31142"
+addr = "192.168.10.1:31142"
 
 [log.console]
 level = "error"
diff --git a/acceptance/router_newbenchmark/conf/prometheus.yml b/acceptance/router_newbenchmark/conf/prometheus.yml
index d0abecdfc1..d35f139f99 100644
--- a/acceptance/router_newbenchmark/conf/prometheus.yml
+++ b/acceptance/router_newbenchmark/conf/prometheus.yml
@@ -7,4 +7,4 @@ scrape_configs:
   - job_name: BR
     static_configs:
     - targets:
-      - 192.168.0.1:30442
+      - 192.168.10.1:30442
diff --git a/acceptance/router_newbenchmark/conf/topology.json b/acceptance/router_newbenchmark/conf/topology.json
index 6edf1873cd..f24e967610 100644
--- a/acceptance/router_newbenchmark/conf/topology.json
+++ b/acceptance/router_newbenchmark/conf/topology.json
@@ -16,7 +16,7 @@
   },
   "border_routers": {
     "br1a": {
-      "internal_addr": "192.168.0.1:30042",
+      "internal_addr": "192.168.10.1:30042",
       "interfaces": {
         "2": {
           "underlay": {
@@ -39,7 +39,7 @@
       }
     },
     "br1b": {
-      "internal_addr": "192.168.0.2:30042",
+      "internal_addr": "192.168.10.2:30042",
       "interfaces": {
         "4": {
           "underlay": {
diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
index 764a21c189..8bf6d5794e 100644
--- a/acceptance/router_newbenchmark/test.py
+++ b/acceptance/router_newbenchmark/test.py
@@ -169,8 +169,8 @@ def create_veths(self, ns: str):
         # Set default TTL for outgoing packets to the common value 64, so that packets sent
         # from router will match the expected value.
         exec_sudo(f"ip netns exec {ns} sysctl -w net.ipv4.ip_default_ttl=64")
-        create_veth("veth_int_host", "veth_int", "192.168.0.1/24", "f0:0d:ca:fe:00:01", ns,
-                    [("192.168.0.2", "f0:0d:ca:fe:00:02")])
+        create_veth("veth_int_host", "veth_int", "192.168.10.1/24", "f0:0d:ca:fe:10:01", ns,
+                    [("192.168.10.2", "f0:0d:ca:fe:10:02")])
         create_veth("veth_2_host", "veth_2", "192.168.2.1/24", "f0:0d:ca:fe:02:01", ns,
                     [("192.168.2.2", "f0:0d:ca:fe:02:02")])
         create_veth("veth_3_host", "veth_3", "192.168.3.1/24", "f0:0d:ca:fe:03:01", ns,

From e6192961b62ddeb8450abdb50087f61f89b0711e Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Tue, 21 Nov 2023 17:42:15 +0100
Subject: [PATCH 09/40] router: cleanup newbenchmark.

Namely:
* Contained all topology knowledge in brload: test.py is told what to do by
  the --showInterfaces option of brload.
* Contained all interface names knowledge (mac addresses are next) in test.py:
  brload is told the real interface names via the -interface flag.
---
 acceptance/router_newbenchmark/cases.go |   8 +-
 acceptance/router_newbenchmark/main.go  |  27 ++++-
 acceptance/router_newbenchmark/test.py  |  99 ++++++++++--------
 acceptance/router_newbenchmark/topo.go  | 132 ++++++++++++++++++++++++
 4 files changed, 219 insertions(+), 47 deletions(-)
 create mode 100644 acceptance/router_newbenchmark/topo.go

diff --git a/acceptance/router_newbenchmark/cases.go b/acceptance/router_newbenchmark/cases.go
index 58563602dd..d11190c627 100644
--- a/acceptance/router_newbenchmark/cases.go
+++ b/acceptance/router_newbenchmark/cases.go
@@ -1,4 +1,4 @@
-// Copyright 2020 Anapaya Systems
+// Copyright 2023 SCION Association
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -160,10 +160,14 @@ func oneBrTransit(payload string, mac hash.Hash, flowId uint32) []byte {
 	return input.Bytes()
 }
 
+// BrTransit generates numDistinct packets (each with a unique flowID) with the given payload
+// constructed to cause br_transit traffic at the br1a router.
+// numDistrinct is a small number, only to enable multiple parallel streams. Each distinct packet
+// is meant to be replayed a large number of times for performance measurement.
 func BrTransit(payload string, mac hash.Hash, numDistinct int) (string, string, [][]byte) {
 	packets := make([][]byte, numDistinct, numDistinct)
 	for i := 0; i < numDistinct; i++ {
 		packets[i] = oneBrTransit(payload, mac, uint32(i+1))
 	}
-	return "veth_2_host", "veth_3_host", packets
+	return interfaceName(1, 2), interfaceName(1, 3), packets
 }
diff --git a/acceptance/router_newbenchmark/main.go b/acceptance/router_newbenchmark/main.go
index 157b10a639..90e657cafd 100644
--- a/acceptance/router_newbenchmark/main.go
+++ b/acceptance/router_newbenchmark/main.go
@@ -1,4 +1,4 @@
-// Copyright 2020 Anapaya Systems
+// Copyright 2023 SCION Association
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -36,6 +36,19 @@ import (
 	"github.com/scionproto/scion/private/keyconf"
 )
 
+// Created so that multiple inputs can be accecpted
+type arrayFlags []string
+
+func (i *arrayFlags) String() string {
+	// change this, this is just can example to satisfy the interface
+	return "A repeatable string argument"
+}
+
+func (i *arrayFlags) Set(value string) error {
+	*i = append(*i, strings.TrimSpace(value))
+	return nil
+}
+
 type Case func(payload string, mac hash.Hash, numDistinct int) (string, string, [][]byte)
 
 var (
@@ -49,7 +62,9 @@ var (
 	caseToRun  = flag.String("case", "",
 		fmt.Sprintf("Which traffic case to evaluate %v",
 			reflect.ValueOf(allCases).MapKeys()))
-	handles = make(map[string]*afpacket.TPacket)
+	showIntf  = flag.Bool("show_interfaces", false, "Show interfaces needed by the test")
+	intfNames = arrayFlags{}
+	handles   = make(map[string]*afpacket.TPacket)
 )
 
 // initDevices inventories the available network interfaces, picks the ones that a case may inject
@@ -79,7 +94,14 @@ func main() {
 }
 
 func realMain() int {
+	flag.Var(&intfNames, "interface",
+		"label=host_interface; use host_interface to send traffic to the interface named label")
 	flag.Parse()
+	if *showIntf {
+		fmt.Println(ShowInterfaces())
+		return 0
+	}
+
 	logCfg := log.Config{Console: log.ConsoleConfig{Level: *logConsole}}
 	if err := log.Setup(logCfg); err != nil {
 		flag.Usage()
@@ -112,6 +134,7 @@ func realMain() int {
 		return 1
 	}
 
+	LoadInterfaceMap(intfNames)
 	err = initDevices()
 	if err != nil {
 		log.Error("Loading devices failed", "err", err)
diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
index 8bf6d5794e..f727c0d2ad 100644
--- a/acceptance/router_newbenchmark/test.py
+++ b/acceptance/router_newbenchmark/test.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 
-# Copyright 2021 Anapaya Systems
+# Copyright 2023 SCION Association
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,6 +18,7 @@
 import shutil
 import time
 
+from collections import namedtuple
 from typing import List, Tuple
 from plumbum import cli
 from plumbum.cmd import sudo,docker,whoami
@@ -51,21 +52,25 @@ def exec_sudo(command: str) -> str:
     # interactive password input.
     return sudo("-A", str.split(command))
 
-def create_veth(host: str, container: str, ip: str, mac: str, ns: str,
-                neighbors: List[Tuple[str, str]]):
-    exec_sudo(f"ip link add {host} mtu 8000 type veth peer name {container} mtu 8000")
-    exec_sudo(f"sysctl -qw net.ipv6.conf.{host}.disable_ipv6=1")
-    exec_sudo(f"ip link set {host} up")
-    exec_sudo(f"ip link set {container} netns {ns}")
-    exec_sudo(f"ip netns exec {ns} sysctl -qw net.ipv6.conf.{container}.disable_ipv6=1")
-    exec_sudo(f"ip netns exec {ns} ethtool -K  {container} rx off tx off")
-    exec_sudo(f"ip netns exec {ns} ip link set {container} address {mac}")
-    exec_sudo(f"ip netns exec {ns} ip addr add {ip} dev {container}")
-    for n in neighbors:
-        exec_sudo(f"ip netns exec {ns} ip neigh add {n[0]} "
-             f"lladdr {n[1]} nud permanent dev {container}")
-    exec_sudo(f"ip netns exec {ns} ip link set {container} up")
 
+# Convenience type to carry interface params.
+Intf = namedtuple("Intf", "label, prefixLen, ip, mac, peerIp, peerMac")
+
+def create_interface(intf: Intf, ns: str) -> str:
+    hostIntf = f"veth_{intf.label}_host"
+    brIntf = f"veth_{intf.label}"
+    exec_sudo(f"ip link add {hostIntf} mtu 8000 type veth peer name {brIntf} mtu 8000")
+    exec_sudo(f"sysctl -qw net.ipv6.conf.{hostIntf}.disable_ipv6=1")
+    exec_sudo(f"ip link set {hostIntf} up")
+    exec_sudo(f"ip link set {brIntf} netns {ns}")
+    exec_sudo(f"ip netns exec {ns} sysctl -qw net.ipv6.conf.{brIntf}.disable_ipv6=1")
+    exec_sudo(f"ip netns exec {ns} ethtool -K  {brIntf} rx off tx off")
+    exec_sudo(f"ip netns exec {ns} ip link set {brIntf} address {intf.mac}")
+    exec_sudo(f"ip netns exec {ns} ip addr add {intf.ip}/{intf.prefixLen} dev {brIntf}")
+    exec_sudo(f"ip netns exec {ns} ip neigh add {intf.peerIp} "
+              f"lladdr {intf.peerMac} nud permanent dev {brIntf}")
+    exec_sudo(f"ip netns exec {ns} ip link set {brIntf} up")
+    return hostIntf
 
 class RouterBMTest(base.TestBase):
     """
@@ -105,18 +110,13 @@ class RouterBMTest(base.TestBase):
         envname="CI"
     )
 
-    pause_tar = cli.SwitchAttr(
-        "pause_tar",
-        str,
-        help="taball with the pause image",
-    )
-
     def setup_prepare(self):
         super().setup_prepare()
 
+        # get the config where the router can find it.
         shutil.copytree("acceptance/router_newbenchmark/conf/", self.artifacts / "conf")
-        exec_sudo("mkdir -p /var/run/netns")
 
+        # We need a custom network so can create veth interfaces of our own chosing.
         exec_docker("network create -d bridge benchmark")
 
         # This test is useless without prometheus. Also, we need a running container to have
@@ -135,16 +135,37 @@ def setup_prepare(self):
                     "prom/prometheus:v2.47.2 "
                     "--config.file /share/conf/prometheus.yml")
 
-        ns = exec_docker("inspect prometheus -f '{{.NetworkSettings.SandboxKey}}'").replace("'", "")
-
         # Link that namespace to where the ip commands expect it. While at it give it a simple name.
-        # Then create all the interfaces that the router will see... the test will be using the
-        # other end of the pairs to feed it with (and possibly capture) traffic.
+        exec_sudo("mkdir -p /var/run/netns")
+        ns = exec_docker("inspect prometheus -f '{{.NetworkSettings.SandboxKey}}'").replace("'", "")
         exec_sudo(f"ln -sfT {ns} /var/run/netns/benchmark")
-        self.create_veths("benchmark")
+
+        # Set default TTL for outgoing packets to the common value 64, so that packets sent
+        # from router will match the expected value.
+        exec_sudo("ip netns exec benchmark sysctl -w net.ipv4.ip_default_ttl=64")
+
+        # Run test brload test with --show_interfaces and set up the veth that it needs.
+        # The router uses one end and the test uses the other end to feed it with (and possibly
+        # capture) traffic.
+        # We supply the label->host-side-name mapping to brload when we start it.
+        self.intfHostMap = {}
+        brload = self.get_executable("brload")
+        output = exec_sudo(f"{brload.executable} -artifacts {self.artifacts} "
+                           "-show_interfaces")
+
+        for line in output.splitlines():
+            print(line)
+            elems = line.split(" ")
+            if len(elems) < 6:
+                continue
+            t = Intf._make(elems)
+
+            self.intfHostMap[t.label] = create_interface(t, "benchmark")
+
+        # We don't need that symlink any more
         exec_sudo("rm /var/run/netns/benchmark")
 
-        # Then the router.
+        # Now the router can start.
         exec_docker(f"run -v {self.artifacts}/conf:/share/conf "
                     "-d "
                     "-e SCION_EXPERIMENTAL_BFD_DISABLE=true -e GOMAXPROCS=6 "
@@ -154,9 +175,6 @@ def setup_prepare(self):
 
         time.sleep(2)
 
-    def setup_start(self):
-        super().setup_start()
-
     def teardown(self):
         docker["logs", "router"].run_fg(retcode=None)
         exec_docker("rm -f prometheus")
@@ -164,23 +182,18 @@ def teardown(self):
         exec_docker("network rm benchmark") # veths are deleted automatically
         exec_sudo(f"chown -R {whoami()} {self.artifacts}")
 
-    # Wire virtual interfaces around the one router that we run.
-    def create_veths(self, ns: str):
-        # Set default TTL for outgoing packets to the common value 64, so that packets sent
-        # from router will match the expected value.
-        exec_sudo(f"ip netns exec {ns} sysctl -w net.ipv4.ip_default_ttl=64")
-        create_veth("veth_int_host", "veth_int", "192.168.10.1/24", "f0:0d:ca:fe:10:01", ns,
-                    [("192.168.10.2", "f0:0d:ca:fe:10:02")])
-        create_veth("veth_2_host", "veth_2", "192.168.2.1/24", "f0:0d:ca:fe:02:01", ns,
-                    [("192.168.2.2", "f0:0d:ca:fe:02:02")])
-        create_veth("veth_3_host", "veth_3", "192.168.3.1/24", "f0:0d:ca:fe:03:01", ns,
-                    [("192.168.3.3", "f0:0d:ca:fe:03:03")])
-
     def _run(self):
+        # Build the interface mapping arg:
+        mapArgs = [f"-interface {label}={infName}" for label, infName in self.intfHostMap.items()]
+        print(mapArgs)
+
+        # At long last...
         logger.info("==> Starting load br-transit")
         brload = self.get_executable("brload")
         output = exec_sudo(f"{brload.executable} -artifacts {self.artifacts} "
+                           f"{' '.join(mapArgs)} "
                            "-case br_transit -num_packets 10000000 -num_streams 2")
+
         for line in output.splitlines():
             print(line)
             if line.startswith('metricsBegin'):
diff --git a/acceptance/router_newbenchmark/topo.go b/acceptance/router_newbenchmark/topo.go
new file mode 100644
index 0000000000..e101b37e52
--- /dev/null
+++ b/acceptance/router_newbenchmark/topo.go
@@ -0,0 +1,132 @@
+// Copyright 2023 SCION Association
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"fmt"
+	"net"
+	"net/netip"
+	"strings"
+
+	"github.com/scionproto/scion/pkg/addr"
+	"github.com/scionproto/scion/pkg/private/xtest"
+)
+
+// Topology (see accept/router_newbenchmark/conf/topology.json)
+//    AS2 (br2) ---+== (br1a) AS1 (br1b) ---- (br4) AS4
+//                 |
+//    AS3 (br3) ---+
+//
+// We're only executing and monitoring br1a. All the others are a fiction (except for the knowledge
+// about them configured in br1a) from which we construct packets that get injected at one of the
+// br1a interfaces.
+//
+// To further simplify the explicit configuration that we need, the topology follows a convention
+// to assign addresses, so that an address can be derived from a minimal descriptor. AS-1 is the hub
+// of the test.
+// All IPs are V4.
+// ISD/AS: <1 or 2>-ff00:0:<AS index>
+// interface number: <remote AS index>
+// public IP address for interfaces of AS-1: 192.168.<remote AS index>.<local AS index>
+// public IP address for interfaces of others: 192.168.<local AS index>.<local AS index>
+// internal IP address: 192.168.<AS index>*10.<router index>
+// MAC Address: 0xf0, 0x0d, 0xfe, 0xbe, <last two bytes of IP>
+// Internal port: 30042
+// External port: 50000
+// As a result, children ASes (like AS2) have addresses ending in N.N and interface N where N is
+// the AS number. For br1a/b, interfaces are numbered after the child on the other side, the
+// public IPS are <childAS>.1 and the internal IP ends in 0.1 or 0.2. The MAC addresses follow.
+//
+// The invoker of this test is in charge of configuring a router with the custom topology
+// (conf/topology.json) and to setup host-side interfaces as needed, through which this test can
+// inject traffic. This test does not control the names of the host-side interfaces; they're
+// supplied by the invoker.
+//
+// To make the invoker's life easier, this test output what host side interfaces it may need
+// (and connected to what) when invoked with --show_interfaces. If the router runs inside a network
+// namespace, the invoker must configure veths accordingly; otherwise, find which real interfaces
+// this test should use.
+
+var (
+	intfMap map[string]string = map[string]string{}
+)
+
+func LoadInterfaceMap(pairs []string) {
+	for _, pair := range pairs {
+		p := strings.Split(pair, "=")
+		intfMap[p[0]] = p[1]
+	}
+}
+
+// We give abstract names to our interfaces. These names are those used when responding to
+// --show_interfaces and used to translate --interface.
+func interfaceLabel(AS int, intf int) string {
+	return fmt.Sprintf("%d_%d", AS, intf)
+}
+
+func interfaceName(AS int, intf int) string {
+	return intfMap[interfaceLabel(AS, intf)]
+}
+
+// Local and remote AS are enough. One of them is the central AS (1). The subnet number is that of
+// the other AS. The host is always the local AS. If neither is 1, then we follow the lowest, but
+// it's an unexpected config
+func publicIP(localAS byte, remoteAS byte) net.IP {
+	if localAS < remoteAS {
+		return net.IP{192, 168, remoteAS, localAS}
+	}
+	return net.IP{192, 168, localAS, localAS}
+}
+
+func internalIP(AS byte, router byte) net.IP {
+	return net.IP{192, 168, AS * 10, router}
+}
+
+// All are in ISD-1, except AS 4.
+func isdAS(AS byte) addr.IA {
+	if AS == 4 {
+		return xtest.MustParseIA(fmt.Sprintf("2-ff00:0:%d", AS))
+	}
+	return xtest.MustParseIA(fmt.Sprintf("1-ff00:0:%d", AS))
+}
+
+// Macs derive from IP in the most straighforward manner.
+func macAddr(ip net.IP) net.HardwareAddr {
+	return net.HardwareAddr{0xf0, 0x0d, 0xca, 0xfe, ip[2], ip[3]}
+}
+
+// SCION Hosts addresses are (except for SVC addresses, a restating of the underlay public IP.
+func hostAddr(ip net.IP) addr.Host {
+	as4bytes := [4]uint8{ip[0], ip[1], ip[2], ip[3]}
+	return addr.HostIP(netip.AddrFrom4(as4bytes))
+}
+
+// Outputs a string describing the interfaces of the router under test.
+// This test needs access to interfaces that connect to them. In a container setting, it also needs
+// the container network configured accordingly, (hence the inclusion of router-side addresses.
+// The given names are only labels, the real interface names (and mac addresses associated with
+// them) shall be provided when the test is executed for real (without the --show_interfaces
+// option).
+func ShowInterfaces() string {
+	// For now, we only need:
+	// AS1 interface 0 (internal)
+	// AS1 interface 2
+	// AS1 interface 3
+	return "" +
+		interfaceLabel(1, 0) + " 24 192.168.10.1 f0:0d:ca:fe:10:01 192.168.10.2 f0:0d:ca:fe:10:02\n" +
+		interfaceLabel(1, 2) + " 24 192.168.2.1 f0:0d:ca:fe:02:01 192.168.2.2 f0:0d:ca:fe:02:02\n" +
+		interfaceLabel(1, 3) + " 24 192.168.3.1 f0:0d:ca:fe:03:01 192.168.3.3 f0:0d:ca:fe:03:03\n"
+
+}

From 45abaf245f62fd5de9bc6a19d5fe1ea636fd0e2a Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Wed, 22 Nov 2023 18:44:29 +0100
Subject: [PATCH 10/40] router: improvements to newbenchmark.

Moved knowledge of mac addresses outside brload. The test harness now tells
brload what the interface mac addresses are and not the other way around.
In the usual automated test context it makes no difference (the same naming
and addressing scheme is used), but in case we ever run the test on a real
self-contained machine, the test doesn't get to choose the interface names
and macs.
---
 acceptance/router_newbenchmark/cases.go |  10 +-
 acceptance/router_newbenchmark/main.go  |  18 ++-
 acceptance/router_newbenchmark/test.py  |  66 +++++----
 acceptance/router_newbenchmark/topo.go  | 189 +++++++++++++++---------
 4 files changed, 169 insertions(+), 114 deletions(-)

diff --git a/acceptance/router_newbenchmark/cases.go b/acceptance/router_newbenchmark/cases.go
index d11190c627..d14c1a559d 100644
--- a/acceptance/router_newbenchmark/cases.go
+++ b/acceptance/router_newbenchmark/cases.go
@@ -55,8 +55,7 @@ func oneBrTransit(payload string, mac hash.Hash, flowId uint32) []byte {
 		ComputeChecksums: true,
 	}
 
-	// Point-to-point. Src might not mater. Dst probably must match what test.py configured
-	// for interface 2 of the router.
+	// Point-to-point.
 	ethernet := &layers.Ethernet{
 		SrcMAC:       srcMAC,
 		DstMAC:       dstMAC,
@@ -68,8 +67,8 @@ func oneBrTransit(payload string, mac hash.Hash, flowId uint32) []byte {
 		Version:  4,
 		IHL:      5,
 		TTL:      64,
-		SrcIP:    srcIP,
-		DstIP:    dstIP,
+		SrcIP:    srcIP.AsSlice(),
+		DstIP:    dstIP.AsSlice(),
 		Protocol: layers.IPProtocolUDP,
 		Flags:    layers.IPv4DontFragment,
 	}
@@ -133,9 +132,6 @@ func oneBrTransit(payload string, mac hash.Hash, flowId uint32) []byte {
 		DstIA:        targetIA,
 		Path:         sp,
 	}
-
-	// These aren't necessarily IP addresses. They're host addresses within the
-	// src and dst ASes.
 	if err := scionL.SetSrcAddr(originHost); err != nil {
 		panic(err)
 	}
diff --git a/acceptance/router_newbenchmark/main.go b/acceptance/router_newbenchmark/main.go
index 90e657cafd..adb6fc8db9 100644
--- a/acceptance/router_newbenchmark/main.go
+++ b/acceptance/router_newbenchmark/main.go
@@ -62,9 +62,9 @@ var (
 	caseToRun  = flag.String("case", "",
 		fmt.Sprintf("Which traffic case to evaluate %v",
 			reflect.ValueOf(allCases).MapKeys()))
-	showIntf  = flag.Bool("show_interfaces", false, "Show interfaces needed by the test")
-	intfNames = arrayFlags{}
-	handles   = make(map[string]*afpacket.TPacket)
+	showIntf   = flag.Bool("show_interfaces", false, "Show interfaces needed by the test")
+	interfaces = arrayFlags{}
+	handles    = make(map[string]*afpacket.TPacket)
 )
 
 // initDevices inventories the available network interfaces, picks the ones that a case may inject
@@ -94,11 +94,14 @@ func main() {
 }
 
 func realMain() int {
-	flag.Var(&intfNames, "interface",
-		"label=host_interface; use host_interface to send traffic to the interface named label")
+	flag.Var(&interfaces, "interface",
+		`label=host_interface,mac,peer_mac where:
+    host_interface: use this to exchange traffic with interface <label>
+    mac: the mac address of interface <label>
+    peer_mac: the mac address of <host_interface>`)
 	flag.Parse()
 	if *showIntf {
-		fmt.Println(ShowInterfaces())
+		fmt.Println(listInterfaces())
 		return 0
 	}
 
@@ -134,7 +137,7 @@ func realMain() int {
 		return 1
 	}
 
-	LoadInterfaceMap(intfNames)
+	initInterfaces(interfaces)
 	err = initDevices()
 	if err != nil {
 		log.Error("Loading devices failed", "err", err)
@@ -228,6 +231,7 @@ func realMain() int {
 	return 0
 }
 
+// loadKey loads the keys that the router under test uses to sign hop fields.
 func loadKey(artifactsDir string) (hash.Hash, error) {
 	keysDir := filepath.Join(artifactsDir, "conf", "keys")
 	mk, err := keyconf.LoadMaster(keysDir)
diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
index f727c0d2ad..d4b44c3476 100644
--- a/acceptance/router_newbenchmark/test.py
+++ b/acceptance/router_newbenchmark/test.py
@@ -53,24 +53,16 @@ def exec_sudo(command: str) -> str:
     return sudo("-A", str.split(command))
 
 
-# Convenience type to carry interface params.
-Intf = namedtuple("Intf", "label, prefixLen, ip, mac, peerIp, peerMac")
-
-def create_interface(intf: Intf, ns: str) -> str:
-    hostIntf = f"veth_{intf.label}_host"
-    brIntf = f"veth_{intf.label}"
-    exec_sudo(f"ip link add {hostIntf} mtu 8000 type veth peer name {brIntf} mtu 8000")
-    exec_sudo(f"sysctl -qw net.ipv6.conf.{hostIntf}.disable_ipv6=1")
-    exec_sudo(f"ip link set {hostIntf} up")
-    exec_sudo(f"ip link set {brIntf} netns {ns}")
-    exec_sudo(f"ip netns exec {ns} sysctl -qw net.ipv6.conf.{brIntf}.disable_ipv6=1")
-    exec_sudo(f"ip netns exec {ns} ethtool -K  {brIntf} rx off tx off")
-    exec_sudo(f"ip netns exec {ns} ip link set {brIntf} address {intf.mac}")
-    exec_sudo(f"ip netns exec {ns} ip addr add {intf.ip}/{intf.prefixLen} dev {brIntf}")
-    exec_sudo(f"ip netns exec {ns} ip neigh add {intf.peerIp} "
-              f"lladdr {intf.peerMac} nud permanent dev {brIntf}")
-    exec_sudo(f"ip netns exec {ns} ip link set {brIntf} up")
-    return hostIntf
+# Convenience types to carry interface params.
+IntfReq = namedtuple("IntfReq", "label, prefixLen, ip, peerIp")
+Intf = namedtuple("Intf", "name, mac, peerMac")
+
+# Make-up an eth mac address as unique as the given IP.
+# Assumes ips in a /16 or smaller block (i.e. The last two bytes are unique within the test).
+def mac_for_ip(ip: str) -> str:
+    ipBytes = ip.split(".")
+    return 'f0:0d:ca:fe:{:02x}:{:02x}'.format(int(ipBytes[2]), int(ipBytes[3]))
+
 
 class RouterBMTest(base.TestBase):
     """
@@ -110,6 +102,26 @@ class RouterBMTest(base.TestBase):
         envname="CI"
     )
 
+    # Accepts an IntfReq records names and mac addresses into an Intf and associates it with
+    # the request label.
+    def create_interface(self, req: IntfReq, ns: str) -> Intf:
+        hostIntf = f"veth_{req.label}_host"
+        brIntf = f"veth_{req.label}"
+        peerMac = mac_for_ip(req.peerIp)
+        mac = mac_for_ip(req.ip)
+        exec_sudo(f"ip link add {hostIntf} mtu 8000 type veth peer name {brIntf} mtu 8000")
+        exec_sudo(f"sysctl -qw net.ipv6.conf.{hostIntf}.disable_ipv6=1")
+        exec_sudo(f"ip link set {hostIntf} up")
+        exec_sudo(f"ip link set {brIntf} netns {ns}")
+        exec_sudo(f"ip netns exec {ns} sysctl -qw net.ipv6.conf.{brIntf}.disable_ipv6=1")
+        exec_sudo(f"ip netns exec {ns} ethtool -K  {brIntf} rx off tx off")
+        exec_sudo(f"ip netns exec {ns} ip link set {brIntf} address {mac}")
+        exec_sudo(f"ip netns exec {ns} ip addr add {req.ip}/{req.prefixLen} dev {brIntf}")
+        exec_sudo(f"ip netns exec {ns} ip neigh add {req.peerIp} "
+                  f"lladdr {peerMac} nud permanent dev {brIntf}")
+        exec_sudo(f"ip netns exec {ns} ip link set {brIntf} up")
+        self.intfMap[req.label] = Intf(hostIntf, mac, peerMac)
+
     def setup_prepare(self):
         super().setup_prepare()
 
@@ -147,20 +159,18 @@ def setup_prepare(self):
         # Run test brload test with --show_interfaces and set up the veth that it needs.
         # The router uses one end and the test uses the other end to feed it with (and possibly
         # capture) traffic.
-        # We supply the label->host-side-name mapping to brload when we start it.
-        self.intfHostMap = {}
+        # We supply the label->(host-side-name,mac,peermac) mapping to brload when we start it.
+        self.intfMap = {}
         brload = self.get_executable("brload")
         output = exec_sudo(f"{brload.executable} -artifacts {self.artifacts} "
                            "-show_interfaces")
 
         for line in output.splitlines():
-            print(line)
-            elems = line.split(" ")
-            if len(elems) < 6:
+            elems = line.split(",")
+            if len(elems) != 4:
                 continue
-            t = Intf._make(elems)
-
-            self.intfHostMap[t.label] = create_interface(t, "benchmark")
+            t = IntfReq._make(elems)
+            self.create_interface(t, "benchmark")
 
         # We don't need that symlink any more
         exec_sudo("rm /var/run/netns/benchmark")
@@ -184,8 +194,8 @@ def teardown(self):
 
     def _run(self):
         # Build the interface mapping arg:
-        mapArgs = [f"-interface {label}={infName}" for label, infName in self.intfHostMap.items()]
-        print(mapArgs)
+        mapArgs = [f"-interface {label}={intf.name},{intf.mac},{intf.peerMac}"
+                   for label, intf in self.intfMap.items()]
 
         # At long last...
         logger.info("==> Starting load br-transit")
diff --git a/acceptance/router_newbenchmark/topo.go b/acceptance/router_newbenchmark/topo.go
index e101b37e52..6bf0652212 100644
--- a/acceptance/router_newbenchmark/topo.go
+++ b/acceptance/router_newbenchmark/topo.go
@@ -33,67 +33,53 @@ import (
 // about them configured in br1a) from which we construct packets that get injected at one of the
 // br1a interfaces.
 //
-// To further simplify the explicit configuration that we need, the topology follows a convention
-// to assign addresses, so that an address can be derived from a minimal descriptor. AS-1 is the hub
-// of the test.
-// All IPs are V4.
-// ISD/AS: <1 or 2>-ff00:0:<AS index>
-// interface number: <remote AS index>
-// public IP address for interfaces of AS-1: 192.168.<remote AS index>.<local AS index>
-// public IP address for interfaces of others: 192.168.<local AS index>.<local AS index>
-// internal IP address: 192.168.<AS index>*10.<router index>
-// MAC Address: 0xf0, 0x0d, 0xfe, 0xbe, <last two bytes of IP>
-// Internal port: 30042
-// External port: 50000
-// As a result, children ASes (like AS2) have addresses ending in N.N and interface N where N is
-// the AS number. For br1a/b, interfaces are numbered after the child on the other side, the
-// public IPS are <childAS>.1 and the internal IP ends in 0.1 or 0.2. The MAC addresses follow.
+// To reduce maintainers headaches, the topology follows a convention to assign addresses, so that
+// an address can be derived from a minimal information:
+// * AS-1 is the hub of the test. Others are hereafter called children.
+// * All IPs are V4.
+// * ISD/AS: <1 or 2>-ff00:0:<AS index>
+// * subnets are 192.168.<child AS number> except internal subnets that are 192.168.10*<AS>.<rtr>
+// * hosts are 192.168.s.<interface number>
+// * Mac addressed (when we can choose) derive from the IP
 //
-// The invoker of this test is in charge of configuring a router with the custom topology
-// (conf/topology.json) and to setup host-side interfaces as needed, through which this test can
-// inject traffic. This test does not control the names of the host-side interfaces; they're
-// supplied by the invoker.
+// Example:
+// * AS2 has only interface number 1 with IP 192.168.2.2 and mac address f0:0d:cafe:02:02 that
+//   connects to AS 1 interface number 2.
+// * AS1's interface number 2 has IP 192.168.2.1 and mac address f0:0d:cafe:02:01.
+// * AS1's 1st router interface 0 has IP 192.168.10.1 and mac address f0:0d:cafe:10:01.
 //
-// To make the invoker's life easier, this test output what host side interfaces it may need
-// (and connected to what) when invoked with --show_interfaces. If the router runs inside a network
-// namespace, the invoker must configure veths accordingly; otherwise, find which real interfaces
-// this test should use.
+// Functions are provided to generate all addresses following that scheme.
 
-var (
-	intfMap map[string]string = map[string]string{}
-)
-
-func LoadInterfaceMap(pairs []string) {
-	for _, pair := range pairs {
-		p := strings.Split(pair, "=")
-		intfMap[p[0]] = p[1]
-	}
-}
-
-// We give abstract names to our interfaces. These names are those used when responding to
-// --show_interfaces and used to translate --interface.
-func interfaceLabel(AS int, intf int) string {
-	return fmt.Sprintf("%d_%d", AS, intf)
+// intfDesc describes an interface requirement
+type intfDesc struct {
+	ip     netip.Addr
+	peerIP netip.Addr
 }
 
-func interfaceName(AS int, intf int) string {
-	return intfMap[interfaceLabel(AS, intf)]
+// publicIP returns the IP address that is assigned to external interface designated by the given
+// AS index and the peer AS (that is, the AS that this interface connects to).
+// Per our scheme, the subnet number is the largest of the two AS numbers and the host is always
+// the local AS. This works if there are no cycles. Else there could be subnet number collisions.
+func publicIP(localAS byte, remoteAS byte) netip.Addr {
+	if remoteAS > localAS {
+		return netip.AddrFrom4([4]byte{192, 168, remoteAS, localAS})
+	}
+	return netip.AddrFrom4([4]byte{192, 168, localAS, localAS})
 }
 
-// Local and remote AS are enough. One of them is the central AS (1). The subnet number is that of
-// the other AS. The host is always the local AS. If neither is 1, then we follow the lowest, but
-// it's an unexpected config
-func publicIP(localAS byte, remoteAS byte) net.IP {
-	if localAS < remoteAS {
-		return net.IP{192, 168, remoteAS, localAS}
-	}
-	return net.IP{192, 168, localAS, localAS}
+// internalIP returns the IP address that is assigned to the internal interface of the given
+// router in the AS of the given index.
+func internalIP(AS byte, routerIndex byte) netip.Addr {
+	return netip.AddrFrom4([4]byte{192, 168, AS * 10, routerIndex})
 }
 
-func internalIP(AS byte, router byte) net.IP {
-	return net.IP{192, 168, AS * 10, router}
+// interfaceLabel returns a string label for the gievn AS and interface indices.
+// Such names are those used when responding to --show_interfaces and when translating --interface.
+func interfaceLabel(AS int, intf int) string {
+	return fmt.Sprintf("%d_%d", AS, intf)
 }
 
+// isdAS returns a complete string form ISD/AS number for the given AS index.
 // All are in ISD-1, except AS 4.
 func isdAS(AS byte) addr.IA {
 	if AS == 4 {
@@ -102,31 +88,90 @@ func isdAS(AS byte) addr.IA {
 	return xtest.MustParseIA(fmt.Sprintf("1-ff00:0:%d", AS))
 }
 
-// Macs derive from IP in the most straighforward manner.
-func macAddr(ip net.IP) net.HardwareAddr {
-	return net.HardwareAddr{0xf0, 0x0d, 0xca, 0xfe, ip[2], ip[3]}
+var (
+	// intfMap lists the required interfaces. That's what we use to respond to showInterfaces
+	intfMap map[string]intfDesc = map[string]intfDesc{
+		interfaceLabel(1, 0): {internalIP(1, 1), internalIP(1, 2)},
+		interfaceLabel(1, 2): {publicIP(1, 2), publicIP(2, 1)},
+		interfaceLabel(1, 3): {publicIP(1, 3), publicIP(3, 1)},
+	}
+
+	// intfNames holds the real names of our required interfaces. It is populated from the values of
+	// the --interface options.
+	intfNames map[string]string = map[string]string{}
+
+	// macAddresses keeps the mac addresses associated with each IP. It is populated from the values
+	// of the --interface options. There are more than intfMap interfaces since we need the peer
+	// addresses too. Additional IPS not from intfMap have no known mac addresses; we are free to
+	// make them up to make credible packets.
+	macAddrs map[netip.Addr]net.HardwareAddr = map[netip.Addr]net.HardwareAddr{}
+)
+
+// initInterfaces collects the names and mac addresses for the interfaces setup by the invoker
+// according to instructions given via listInterfaces().
+// This information is indexed by our own interface labels.
+func initInterfaces(pairs []string) {
+	for _, pair := range pairs {
+		p := strings.Split(pair, "=")
+		label := p[0]
+		info := strings.Split(p[1], ",")
+		addr, err := net.ParseMAC(info[1])
+		if err != nil {
+			panic(err)
+		}
+		peerAddr, err := net.ParseMAC(info[2])
+		if err != nil {
+			panic(err)
+		}
+		intfNames[label] = info[0]                 // host-side name
+		macAddrs[intfMap[label].ip] = addr         // ip->mac
+		macAddrs[intfMap[label].peerIP] = peerAddr // peerIP->peerMAC
+	}
 }
 
-// SCION Hosts addresses are (except for SVC addresses, a restating of the underlay public IP.
-func hostAddr(ip net.IP) addr.Host {
-	as4bytes := [4]uint8{ip[0], ip[1], ip[2], ip[3]}
-	return addr.HostIP(netip.AddrFrom4(as4bytes))
+// interfaceName returns the name of the host interface that this test must use in order to exchange
+// traffic with the interface designated by the given AS and interface indices.
+func interfaceName(AS int, intf int) string {
+	return intfNames[interfaceLabel(AS, intf)]
+}
+
+// macAddr returns the mac address assigned to the interface that has the given IP address.
+// if that address is imposed by our environment it is listed in the macAddrs map and that is what
+// this function returns. Else, the address is made-up according to our scheme.
+func macAddr(ip netip.Addr) net.HardwareAddr {
+	// Look it up or make it up.
+	mac, ok := macAddrs[ip]
+	if ok {
+		return mac
+	}
+	as4 := ip.As4()
+	return net.HardwareAddr{0xf0, 0x0d, 0xca, 0xfe, as4[2], as4[3]}
 }
 
-// Outputs a string describing the interfaces of the router under test.
-// This test needs access to interfaces that connect to them. In a container setting, it also needs
-// the container network configured accordingly, (hence the inclusion of router-side addresses.
-// The given names are only labels, the real interface names (and mac addresses associated with
-// them) shall be provided when the test is executed for real (without the --show_interfaces
-// option).
-func ShowInterfaces() string {
-	// For now, we only need:
-	// AS1 interface 0 (internal)
-	// AS1 interface 2
-	// AS1 interface 3
-	return "" +
-		interfaceLabel(1, 0) + " 24 192.168.10.1 f0:0d:ca:fe:10:01 192.168.10.2 f0:0d:ca:fe:10:02\n" +
-		interfaceLabel(1, 2) + " 24 192.168.2.1 f0:0d:ca:fe:02:01 192.168.2.2 f0:0d:ca:fe:02:02\n" +
-		interfaceLabel(1, 3) + " 24 192.168.3.1 f0:0d:ca:fe:03:01 192.168.3.3 f0:0d:ca:fe:03:03\n"
+// hostAddr returns a the SCION Hosts addresse that corresponds to the given underlay address.
+// Except for SVC addresses (which we do not support here), this is a restating of the underlay
+// address.
+func hostAddr(ip netip.Addr) addr.Host {
+	return addr.HostIP(ip)
+}
+
+// ListInterfaces outputs a string describing the interfaces of the router under test.
+// The invoker of this test gets this when using the --show_interfaces option and is expected
+// to set up the network accordingly before executing the test without that option.
+// We do not choose interface names or mac addresses those will be provided by the invoker
+// via the --interfaces options.
+func listInterfaces() string {
+	var sb strings.Builder
+	for l, i := range intfMap {
+		sb.WriteString(l)
+		sb.WriteString(",")
+		sb.WriteString("24")
+		sb.WriteString(",")
+		sb.WriteString(i.ip.String())
+		sb.WriteString(",")
+		sb.WriteString(i.peerIP.String())
+		sb.WriteString("\n")
+	}
 
+	return sb.String()
 }

From f72f52edfcd7cd183aae9eaca808188385bb04cc Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Wed, 22 Nov 2023 18:49:56 +0100
Subject: [PATCH 11/40] router: comment fic in brload.

---
 acceptance/router_newbenchmark/main.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/acceptance/router_newbenchmark/main.go b/acceptance/router_newbenchmark/main.go
index adb6fc8db9..26a47b61ef 100644
--- a/acceptance/router_newbenchmark/main.go
+++ b/acceptance/router_newbenchmark/main.go
@@ -36,11 +36,10 @@ import (
 	"github.com/scionproto/scion/private/keyconf"
 )
 
-// Created so that multiple inputs can be accecpted
+// multiple values for a string flag.
 type arrayFlags []string
 
 func (i *arrayFlags) String() string {
-	// change this, this is just can example to satisfy the interface
 	return "A repeatable string argument"
 }
 

From 345ce20593130242c760c92322261eeb409fd672 Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Thu, 23 Nov 2023 10:51:53 +0100
Subject: [PATCH 12/40] router: remove leftover debug log.

---
 router/dataplane.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/router/dataplane.go b/router/dataplane.go
index 97aa7111ba..235712439a 100644
--- a/router/dataplane.go
+++ b/router/dataplane.go
@@ -959,7 +959,6 @@ func (d *DataPlane) runForwarder(ifID uint16, conn BatchConn, cfg *RunConfig, c
 			}
 		}
 		written, _ := conn.WriteBatch(msgs[:toWrite], 0)
-		log.Debug("Wrote packets", "count", written)
 		if written < 0 {
 			// WriteBatch returns -1 on error, we just consider this as
 			// 0 packets written

From 3828d1dd6e1e83dc727f7a6b949bb7abff43039d Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Thu, 23 Nov 2023 10:53:25 +0100
Subject: [PATCH 13/40] router: satisfy linter.

---
 acceptance/router_newbenchmark/cases.go | 2 +-
 acceptance/router_newbenchmark/main.go  | 2 +-
 acceptance/router_newbenchmark/test.py  | 7 +++----
 3 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/acceptance/router_newbenchmark/cases.go b/acceptance/router_newbenchmark/cases.go
index d14c1a559d..1b147e1172 100644
--- a/acceptance/router_newbenchmark/cases.go
+++ b/acceptance/router_newbenchmark/cases.go
@@ -161,7 +161,7 @@ func oneBrTransit(payload string, mac hash.Hash, flowId uint32) []byte {
 // numDistrinct is a small number, only to enable multiple parallel streams. Each distinct packet
 // is meant to be replayed a large number of times for performance measurement.
 func BrTransit(payload string, mac hash.Hash, numDistinct int) (string, string, [][]byte) {
-	packets := make([][]byte, numDistinct, numDistinct)
+	packets := make([][]byte, numDistinct)
 	for i := 0; i < numDistinct; i++ {
 		packets[i] = oneBrTransit(payload, mac, uint32(i+1))
 	}
diff --git a/acceptance/router_newbenchmark/main.go b/acceptance/router_newbenchmark/main.go
index 26a47b61ef..92e5110e0d 100644
--- a/acceptance/router_newbenchmark/main.go
+++ b/acceptance/router_newbenchmark/main.go
@@ -26,9 +26,9 @@ import (
 	"time"
 
 	"github.com/google/gopacket"
+	"github.com/google/gopacket/afpacket"
 	"github.com/google/gopacket/layers"
 
-	"github.com/google/gopacket/afpacket"
 	"github.com/scionproto/scion/pkg/log"
 	"github.com/scionproto/scion/pkg/private/serrors"
 	"github.com/scionproto/scion/pkg/scrypto"
diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
index d4b44c3476..c5ffa8e1cc 100644
--- a/acceptance/router_newbenchmark/test.py
+++ b/acceptance/router_newbenchmark/test.py
@@ -19,15 +19,13 @@
 import time
 
 from collections import namedtuple
-from typing import List, Tuple
 from plumbum import cli
-from plumbum.cmd import sudo,docker,whoami
+from plumbum.cmd import sudo, docker, whoami
 
 from acceptance.common import base
 
 import logging
 import json
-import yaml
 from http.client import HTTPConnection
 from urllib.parse import urlencode
 
@@ -57,6 +55,7 @@ def exec_sudo(command: str) -> str:
 IntfReq = namedtuple("IntfReq", "label, prefixLen, ip, peerIp")
 Intf = namedtuple("Intf", "name, mac, peerMac")
 
+
 # Make-up an eth mac address as unique as the given IP.
 # Assumes ips in a /16 or smaller block (i.e. The last two bytes are unique within the test).
 def mac_for_ip(ip: str) -> str:
@@ -189,7 +188,7 @@ def teardown(self):
         docker["logs", "router"].run_fg(retcode=None)
         exec_docker("rm -f prometheus")
         exec_docker("rm -f router")
-        exec_docker("network rm benchmark") # veths are deleted automatically
+        exec_docker("network rm benchmark")  # veths are deleted automatically
         exec_sudo(f"chown -R {whoami()} {self.artifacts}")
 
     def _run(self):

From 78996307dfb9a3591293f1f64bdd967d8313a5ad Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Thu, 23 Nov 2023 10:55:09 +0100
Subject: [PATCH 14/40] router: fully revert dataplane.go to master's.

---
 router/dataplane.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/router/dataplane.go b/router/dataplane.go
index 235712439a..2a1e06e3d6 100644
--- a/router/dataplane.go
+++ b/router/dataplane.go
@@ -964,6 +964,7 @@ func (d *DataPlane) runForwarder(ifID uint16, conn BatchConn, cfg *RunConfig, c
 			// 0 packets written
 			written = 0
 		}
+
 		updateOutputMetrics(metrics, pkts[:written])
 
 		for _, p := range pkts[:written] {

From 5e2fe0fd0a68c4bebac35b272cbaeb294fbcf10c Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Thu, 23 Nov 2023 11:15:18 +0100
Subject: [PATCH 15/40] router: relax router_benchmark's timeout; it seems to
 have become a bit too short.

---
 acceptance/router_benchmark/test.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/acceptance/router_benchmark/test.py b/acceptance/router_benchmark/test.py
index 2049d9eea3..428b58f71e 100755
--- a/acceptance/router_benchmark/test.py
+++ b/acceptance/router_benchmark/test.py
@@ -141,7 +141,7 @@ def _run(self):
             "-name", "router_benchmark",
             "-cmd", "./bin/end2endblast",
             "-attempts", 1500000,
-            "-timeout", "120s",  # Timeout is for all attempts together
+            "-timeout", "180s",  # Timeout is for all attempts together
             "-parallelism", 100,
             "-subset", "noncore#core#remoteISD"
         ].run_tee()

From e8a523af199408ee7a33f0fc8249da2d66e36c23 Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Thu, 23 Nov 2023 11:35:14 +0100
Subject: [PATCH 16/40] router: Stop consuming forwarded packets while
 benchmarking.

We still check that forwarding works, but consume only 1 paket for that purpose.
Let the others accumulate and spill.
---
 acceptance/router_newbenchmark/main.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/acceptance/router_newbenchmark/main.go b/acceptance/router_newbenchmark/main.go
index 92e5110e0d..107c73a183 100644
--- a/acceptance/router_newbenchmark/main.go
+++ b/acceptance/router_newbenchmark/main.go
@@ -194,8 +194,8 @@ func realMain() int {
 				continue
 			}
 			if string(layer.LayerContents()) == payloadString {
-				// return // One is all we need. But continue and count for now.
 				numRcv++
+				return
 			}
 		}
 	}()

From e9b1093a20df95d6e37a4482f9f24e6b3b5c3e6a Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Thu, 23 Nov 2023 11:37:29 +0100
Subject: [PATCH 17/40] router: 4 cores is just as good as 6 now that we don't
 consume packets.

4 is also 1/2 of the CI system cores which works-out nicely even with the test scaling absent.
---
 acceptance/router_newbenchmark/test.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
index c5ffa8e1cc..a3e7aff808 100644
--- a/acceptance/router_newbenchmark/test.py
+++ b/acceptance/router_newbenchmark/test.py
@@ -177,7 +177,7 @@ def setup_prepare(self):
         # Now the router can start.
         exec_docker(f"run -v {self.artifacts}/conf:/share/conf "
                     "-d "
-                    "-e SCION_EXPERIMENTAL_BFD_DISABLE=true -e GOMAXPROCS=6 "
+                    "-e SCION_EXPERIMENTAL_BFD_DISABLE=true -e GOMAXPROCS=4 "
                     "--network container:prometheus "
                     "--name router "
                     "bazel/acceptance/router_newbenchmark:router")

From 171acadacea2ec67a7020abe9be1b017decadc8e Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Thu, 23 Nov 2023 11:48:28 +0100
Subject: [PATCH 18/40] router: bump br_transit CI's expectations.

Measured at ~311K pkts/machine*s so setting expectations at 250K.
---
 acceptance/router_newbenchmark/test.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
index a3e7aff808..2beeea125e 100644
--- a/acceptance/router_newbenchmark/test.py
+++ b/acceptance/router_newbenchmark/test.py
@@ -37,7 +37,7 @@
     # 'out': 26000,
     # 'in_transit': 73000,
     # 'out_transit': 49000,
-    'br_transit': 73000,
+    'br_transit': 250000,
 }
 
 

From f84224cac48cba5d963d4dea4caf00fce9c01d1c Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Thu, 23 Nov 2023 19:04:05 +0100
Subject: [PATCH 19/40] router: newbenchmark improvements.

Moved test cases into home dir and implement a number of reviewer's suggestions.
---
 acceptance/router_newbenchmark/BUILD.bazel    |  16 +--
 .../router_newbenchmark/cases/BUILD.bazel     |  22 +++
 .../{cases.go => cases/br_transit.go}         |   2 +-
 .../router_newbenchmark/{ => cases}/topo.go   |   9 +-
 acceptance/router_newbenchmark/main.go        | 131 ++++++++++--------
 acceptance/router_newbenchmark/test.py        |   5 +-
 6 files changed, 106 insertions(+), 79 deletions(-)
 create mode 100644 acceptance/router_newbenchmark/cases/BUILD.bazel
 rename acceptance/router_newbenchmark/{cases.go => cases/br_transit.go} (99%)
 rename acceptance/router_newbenchmark/{ => cases}/topo.go (97%)

diff --git a/acceptance/router_newbenchmark/BUILD.bazel b/acceptance/router_newbenchmark/BUILD.bazel
index 10a6f42aca..e12d0b233f 100644
--- a/acceptance/router_newbenchmark/BUILD.bazel
+++ b/acceptance/router_newbenchmark/BUILD.bazel
@@ -6,14 +6,11 @@ load("//:scion.bzl", "scion_go_binary")
 
 go_library(
     name = "go_default_library",
-    srcs = [
-        "cases.go",
-        "main.go",
-        "topo.go",
-    ],
+    srcs = ["main.go"],
     importpath = "github.com/scionproto/scion/acceptance/router_newbenchmark",
     visibility = ["//visibility:private"],
     deps = [
+        "//acceptance/router_newbenchmark/cases:go_default_library",
         "//pkg/addr:go_default_library",
         "//pkg/log:go_default_library",
         "//pkg/private/serrors:go_default_library",
@@ -39,14 +36,11 @@ scion_go_binary(
 exports_files([
     "conf",
     "test.py",
-    "pause.tar",
 ])
 
 args = [
     "--executable",
     "brload:$(location //acceptance/router_newbenchmark:brload)",
-    "--container-loader",
-    "posix-router:latest#$(location //acceptance/router_newbenchmark:router)",
 ]
 
 data = [
@@ -69,9 +63,3 @@ container_image(
     name = "router",
     base = "//docker:posix_router",
 )
-
-go_binary(
-    name = "router_newbenchmark",
-    embed = [":go_default_library"],
-    visibility = ["//visibility:public"],
-)
diff --git a/acceptance/router_newbenchmark/cases/BUILD.bazel b/acceptance/router_newbenchmark/cases/BUILD.bazel
new file mode 100644
index 0000000000..3adaf30d07
--- /dev/null
+++ b/acceptance/router_newbenchmark/cases/BUILD.bazel
@@ -0,0 +1,22 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_binary")
+load("//tools/lint:go.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "br_transit.go",
+        "topo.go",
+    ],
+    visibility = ["//acceptance/router_newbenchmark:__pkg__"],
+    importpath = "github.com/scionproto/scion/acceptance/router_newbenchmark/cases",
+    deps = [
+        "//pkg/addr:go_default_library",
+        "//pkg/private/util:go_default_library",
+        "//pkg/slayers:go_default_library",
+        "//pkg/slayers/path:go_default_library",
+        "//pkg/slayers/path/scion:go_default_library",
+        "//pkg/private/xtest:go_default_library",
+        "@com_github_google_gopacket//:go_default_library",
+        "@com_github_google_gopacket//layers:go_default_library",
+    ],
+)
diff --git a/acceptance/router_newbenchmark/cases.go b/acceptance/router_newbenchmark/cases/br_transit.go
similarity index 99%
rename from acceptance/router_newbenchmark/cases.go
rename to acceptance/router_newbenchmark/cases/br_transit.go
index 1b147e1172..7bfb665bcc 100644
--- a/acceptance/router_newbenchmark/cases.go
+++ b/acceptance/router_newbenchmark/cases/br_transit.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package main
+package cases
 
 import (
 	"hash"
diff --git a/acceptance/router_newbenchmark/topo.go b/acceptance/router_newbenchmark/cases/topo.go
similarity index 97%
rename from acceptance/router_newbenchmark/topo.go
rename to acceptance/router_newbenchmark/cases/topo.go
index 6bf0652212..a994de4dd5 100644
--- a/acceptance/router_newbenchmark/topo.go
+++ b/acceptance/router_newbenchmark/cases/topo.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package main
+package cases
 
 import (
 	"fmt"
@@ -107,10 +107,10 @@ var (
 	macAddrs map[netip.Addr]net.HardwareAddr = map[netip.Addr]net.HardwareAddr{}
 )
 
-// initInterfaces collects the names and mac addresses for the interfaces setup by the invoker
+// InitInterfaces collects the names and mac addresses for the interfaces setup by the invoker
 // according to instructions given via listInterfaces().
 // This information is indexed by our own interface labels.
-func initInterfaces(pairs []string) {
+func InitInterfaces(pairs []string) {
 	for _, pair := range pairs {
 		p := strings.Split(pair, "=")
 		label := p[0]
@@ -160,7 +160,7 @@ func hostAddr(ip netip.Addr) addr.Host {
 // to set up the network accordingly before executing the test without that option.
 // We do not choose interface names or mac addresses those will be provided by the invoker
 // via the --interfaces options.
-func listInterfaces() string {
+func ListInterfaces() string {
 	var sb strings.Builder
 	for l, i := range intfMap {
 		sb.WriteString(l)
@@ -172,6 +172,7 @@ func listInterfaces() string {
 		sb.WriteString(i.peerIP.String())
 		sb.WriteString("\n")
 	}
+	// "our_label,24,<ip on router side>,<ip on far side>\n"
 
 	return sb.String()
 }
diff --git a/acceptance/router_newbenchmark/main.go b/acceptance/router_newbenchmark/main.go
index 107c73a183..ddf96d446f 100644
--- a/acceptance/router_newbenchmark/main.go
+++ b/acceptance/router_newbenchmark/main.go
@@ -29,6 +29,7 @@ import (
 	"github.com/google/gopacket/afpacket"
 	"github.com/google/gopacket/layers"
 
+	"github.com/scionproto/scion/acceptance/router_newbenchmark/cases"
 	"github.com/scionproto/scion/pkg/log"
 	"github.com/scionproto/scion/pkg/private/serrors"
 	"github.com/scionproto/scion/pkg/scrypto"
@@ -52,7 +53,7 @@ type Case func(payload string, mac hash.Hash, numDistinct int) (string, string,
 
 var (
 	allCases = map[string]Case{
-		"br_transit": BrTransit,
+		"br_transit": cases.BrTransit,
 	}
 	logConsole = flag.String("log.console", "debug", "Console logging level: debug|info|error")
 	dir        = flag.String("artifacts", "", "Artifacts directory")
@@ -63,29 +64,31 @@ var (
 			reflect.ValueOf(allCases).MapKeys()))
 	showIntf   = flag.Bool("show_interfaces", false, "Show interfaces needed by the test")
 	interfaces = arrayFlags{}
-	handles    = make(map[string]*afpacket.TPacket)
 )
 
 // initDevices inventories the available network interfaces, picks the ones that a case may inject
-// traffic into, and associates them with a AF Packet interface.
-func initDevices() error {
+// traffic into, and associates them with a AF Packet interface. It returns the packet interfaces
+// corresponding to each network interface.
+func openDevices() (map[string]*afpacket.TPacket, error) {
 	devs, err := net.Interfaces()
 	if err != nil {
-		return serrors.WrapStr("listing network interfaces", err)
+		return nil, serrors.WrapStr("listing network interfaces", err)
 	}
 
+	handles := make(map[string]*afpacket.TPacket)
+
 	for _, dev := range devs {
 		if !strings.HasPrefix(dev.Name, "veth_") || !strings.HasSuffix(dev.Name, "_host") {
 			continue
 		}
 		handle, err := afpacket.NewTPacket(afpacket.OptInterface(dev.Name))
 		if err != nil {
-			return serrors.WrapStr("creating TPacket", err)
+			return nil, serrors.WrapStr("creating TPacket", err)
 		}
 		handles[dev.Name] = handle
 	}
 
-	return nil
+	return handles, nil
 }
 
 func main() {
@@ -100,7 +103,7 @@ func realMain() int {
     peer_mac: the mac address of <host_interface>`)
 	flag.Parse()
 	if *showIntf {
-		fmt.Println(listInterfaces())
+		fmt.Println(cases.ListInterfaces())
 		return 0
 	}
 
@@ -119,25 +122,24 @@ func realMain() int {
 		return 1
 	}
 
-	artifactsDir, err := os.MkdirTemp("", "brload_")
-	if err != nil {
-		log.Error("Cannot create tmp dir", "err", err)
-		return 1
-	}
-	if *dir != "" {
-		artifactsDir = *dir
-	}
+	artifactsDir := *dir
 	if v := os.Getenv("TEST_ARTIFACTS_DIR"); v != "" {
 		artifactsDir = v
 	}
+
+	if artifactsDir == "" {
+		log.Error("Artifacts directory not configured")
+		return 1
+	}
+
 	hfMAC, err := loadKey(artifactsDir)
 	if err != nil {
 		log.Error("Loading keys failed", "err", err)
 		return 1
 	}
 
-	initInterfaces(interfaces)
-	err = initDevices()
+	cases.InitInterfaces(interfaces)
+	handles, err := openDevices()
 	if err != nil {
 		log.Error("Loading devices failed", "err", err)
 		return 1
@@ -170,34 +172,7 @@ func realMain() int {
 
 	go func() {
 		defer log.HandlePanic()
-		numRcv := 0
-
-		defer func() {
-			listenerChan <- numRcv
-			close(listenerChan)
-		}()
-
-		for {
-			got, ok := <-packetChan
-			if !ok {
-				// No more packets
-				log.Info("No more Packets")
-				return
-			}
-			if err := got.ErrorLayer(); err != nil {
-				log.Error("error decoding packet", "err", err)
-				continue
-			}
-			layer := got.Layer(gopacket.LayerTypePayload)
-			if layer == nil {
-				log.Error("error fetching packet payload: no PayLoad")
-				continue
-			}
-			if string(layer.LayerContents()) == payloadString {
-				numRcv++
-				return
-			}
-		}
+		receivePackets(packetChan, payloadString, listenerChan)
 	}()
 
 	// We started everything that could be started. So the best window for perf mertics
@@ -213,23 +188,65 @@ func realMain() int {
 	// The test harness looks for this output.
 	fmt.Printf("metricsBegin: %d metricsEnd: %d\n", metricsBegin, metricsEnd)
 
-	// In short tests (<1M packets), we finish sending before the first packets arrive.
-	time.Sleep(time.Second * time.Duration(1))
-
-	// If our listener is still stuck there, unstick it. Closing the device doesn't cause the
-	// packet channel to close (presumably a bug). Close the channel ourselves.
-	close(packetChan)
-
-	outcome := <-listenerChan
-	if outcome == 0 {
-		log.Error("Listener never saw a valid packet being forwarded")
-		return 1
+	// Get the results from the packet listener.
+	// Give it one second as in very short tests (<1M pkts) we get here before the first packet.
+	outcome := 0
+	timeout := time.After(1 * time.Second)
+	for outcome == 0 {
+		select {
+		case outcome = <-listenerChan:
+			if outcome == 0 {
+				log.Error("Listener never saw a valid packet being forwarded")
+				return 1
+			}
+		case <-timeout:
+			// If our listener is still stuck there, unstick it. Closing the device doesn't cause the
+			// packet channel to close (presumably a bug). Close the channel ourselves.
+			// After this, the next loop is guaranteed an outcome.
+			close(packetChan)
+		}
 	}
 
 	fmt.Printf("Listener results: %d\n", outcome)
 	return 0
 }
 
+// receivePkts consume some or all (at least one if it arrives) of the packets
+// arriving on the given handle and checks that they contain the given payload.
+// The number of consumed packets is returned via the given outcome channel.
+// Currently we are content with receiving a single correct packet and we terminate after
+// that.
+func receivePackets(packetChan chan gopacket.Packet, payload string, outcome chan int) {
+	numRcv := 0
+
+	defer func() {
+		outcome <- numRcv
+		close(outcome)
+	}()
+
+	for {
+		got, ok := <-packetChan
+		if !ok {
+			// No more packets
+			log.Info("No more Packets")
+			return
+		}
+		if err := got.ErrorLayer(); err != nil {
+			log.Error("error decoding packet", "err", err)
+			continue
+		}
+		layer := got.Layer(gopacket.LayerTypePayload)
+		if layer == nil {
+			log.Error("error fetching packet payload: no PayLoad")
+			continue
+		}
+		if string(layer.LayerContents()) == payload {
+			numRcv++
+			return
+		}
+	}
+}
+
 // loadKey loads the keys that the router under test uses to sign hop fields.
 func loadKey(artifactsDir string) (hash.Hash, error) {
 	keysDir := filepath.Join(artifactsDir, "conf", "keys")
diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
index 2beeea125e..47d4ccb7d1 100644
--- a/acceptance/router_newbenchmark/test.py
+++ b/acceptance/router_newbenchmark/test.py
@@ -103,7 +103,7 @@ class RouterBMTest(base.TestBase):
 
     # Accepts an IntfReq records names and mac addresses into an Intf and associates it with
     # the request label.
-    def create_interface(self, req: IntfReq, ns: str) -> Intf:
+    def create_interface(self, req: IntfReq, ns: str):
         hostIntf = f"veth_{req.label}_host"
         brIntf = f"veth_{req.label}"
         peerMac = mac_for_ip(req.peerIp)
@@ -161,8 +161,7 @@ def setup_prepare(self):
         # We supply the label->(host-side-name,mac,peermac) mapping to brload when we start it.
         self.intfMap = {}
         brload = self.get_executable("brload")
-        output = exec_sudo(f"{brload.executable} -artifacts {self.artifacts} "
-                           "-show_interfaces")
+        output = brload("-artifacts", f"{self.artifacts}", "-show_interfaces")
 
         for line in output.splitlines():
             elems = line.split(",")

From 7cf275edce6073a90dac3be222877eee9a385190 Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Fri, 24 Nov 2023 11:25:19 +0100
Subject: [PATCH 20/40] router: do not build a private router image for the
 newbenchmark test.

There's no reason to do that, we can just use the same image that's used for
everything else.
---
 acceptance/router_newbenchmark/BUILD.bazel | 9 +++------
 acceptance/router_newbenchmark/test.py     | 2 +-
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/acceptance/router_newbenchmark/BUILD.bazel b/acceptance/router_newbenchmark/BUILD.bazel
index e12d0b233f..ef661347b4 100644
--- a/acceptance/router_newbenchmark/BUILD.bazel
+++ b/acceptance/router_newbenchmark/BUILD.bazel
@@ -41,11 +41,12 @@ exports_files([
 args = [
     "--executable",
     "brload:$(location //acceptance/router_newbenchmark:brload)",
+    "--container-loader=posix-router:latest#$(location //docker:posix_router)"
 ]
 
 data = [
     ":conf",
-    ":router",
+    "//docker:posix_router",
     ":brload",
 ]
 
@@ -54,12 +55,8 @@ raw_test(
     src = "test.py",
     args = args,
     data = data,
-    homedir = "$(rootpath :router)",
+    homedir = "$(rootpath //docker:posix_router)",
     # This test uses sudo and accesses /var/run/netns.
     local = True,
 )
 
-container_image(
-    name = "router",
-    base = "//docker:posix_router",
-)
diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
index 47d4ccb7d1..866dced7d4 100644
--- a/acceptance/router_newbenchmark/test.py
+++ b/acceptance/router_newbenchmark/test.py
@@ -179,7 +179,7 @@ def setup_prepare(self):
                     "-e SCION_EXPERIMENTAL_BFD_DISABLE=true -e GOMAXPROCS=4 "
                     "--network container:prometheus "
                     "--name router "
-                    "bazel/acceptance/router_newbenchmark:router")
+                    "posix-router:latest")
 
         time.sleep(2)
 

From 165249ec3be45beb3c7e8063ef1e3d8cdcc8eead Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Fri, 24 Nov 2023 16:01:51 +0100
Subject: [PATCH 21/40] router: prettify cmdline flag management (by some
 definition of pretty)

Gazelle also reordered some stuff and I had to cater to impi's obsessive import order demands.
---
 acceptance/router_newbenchmark/BUILD.bazel    |  13 +-
 .../router_newbenchmark/cases/BUILD.bazel     |   5 +-
 acceptance/router_newbenchmark/cases/topo.go  |   5 +-
 acceptance/router_newbenchmark/main.go        | 169 +++++++++++-------
 acceptance/router_newbenchmark/test.py        |   8 +-
 5 files changed, 119 insertions(+), 81 deletions(-)

diff --git a/acceptance/router_newbenchmark/BUILD.bazel b/acceptance/router_newbenchmark/BUILD.bazel
index ef661347b4..a6b53ea468 100644
--- a/acceptance/router_newbenchmark/BUILD.bazel
+++ b/acceptance/router_newbenchmark/BUILD.bazel
@@ -11,19 +11,15 @@ go_library(
     visibility = ["//visibility:private"],
     deps = [
         "//acceptance/router_newbenchmark/cases:go_default_library",
-        "//pkg/addr:go_default_library",
         "//pkg/log:go_default_library",
         "//pkg/private/serrors:go_default_library",
-        "//pkg/private/util:go_default_library",
-        "//pkg/private/xtest:go_default_library",
         "//pkg/scrypto:go_default_library",
         "//pkg/slayers:go_default_library",
-        "//pkg/slayers/path:go_default_library",
-        "//pkg/slayers/path/scion:go_default_library",
         "//private/keyconf:go_default_library",
         "@com_github_google_gopacket//:go_default_library",
         "@com_github_google_gopacket//afpacket:go_default_library",
         "@com_github_google_gopacket//layers:go_default_library",
+        "@com_github_spf13_cobra//:go_default_library",
     ],
 )
 
@@ -41,7 +37,7 @@ exports_files([
 args = [
     "--executable",
     "brload:$(location //acceptance/router_newbenchmark:brload)",
-    "--container-loader=posix-router:latest#$(location //docker:posix_router)"
+    "--container-loader=posix-router:latest#$(location //docker:posix_router)",
 ]
 
 data = [
@@ -60,3 +56,8 @@ raw_test(
     local = True,
 )
 
+go_binary(
+    name = "router_newbenchmark",
+    embed = [":go_default_library"],
+    visibility = ["//visibility:public"],
+)
diff --git a/acceptance/router_newbenchmark/cases/BUILD.bazel b/acceptance/router_newbenchmark/cases/BUILD.bazel
index 3adaf30d07..03a29a788f 100644
--- a/acceptance/router_newbenchmark/cases/BUILD.bazel
+++ b/acceptance/router_newbenchmark/cases/BUILD.bazel
@@ -1,4 +1,3 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary")
 load("//tools/lint:go.bzl", "go_library")
 
 go_library(
@@ -7,15 +6,15 @@ go_library(
         "br_transit.go",
         "topo.go",
     ],
-    visibility = ["//acceptance/router_newbenchmark:__pkg__"],
     importpath = "github.com/scionproto/scion/acceptance/router_newbenchmark/cases",
+    visibility = ["//acceptance/router_newbenchmark:__pkg__"],
     deps = [
         "//pkg/addr:go_default_library",
         "//pkg/private/util:go_default_library",
+        "//pkg/private/xtest:go_default_library",
         "//pkg/slayers:go_default_library",
         "//pkg/slayers/path:go_default_library",
         "//pkg/slayers/path/scion:go_default_library",
-        "//pkg/private/xtest:go_default_library",
         "@com_github_google_gopacket//:go_default_library",
         "@com_github_google_gopacket//layers:go_default_library",
     ],
diff --git a/acceptance/router_newbenchmark/cases/topo.go b/acceptance/router_newbenchmark/cases/topo.go
index a994de4dd5..3118206e44 100644
--- a/acceptance/router_newbenchmark/cases/topo.go
+++ b/acceptance/router_newbenchmark/cases/topo.go
@@ -74,7 +74,8 @@ func internalIP(AS byte, routerIndex byte) netip.Addr {
 }
 
 // interfaceLabel returns a string label for the gievn AS and interface indices.
-// Such names are those used when responding to --show_interfaces and when translating --interface.
+// Such names are those used when responding to the show_interfaces command and when translating
+// the --interface option.
 func interfaceLabel(AS int, intf int) string {
 	return fmt.Sprintf("%d_%d", AS, intf)
 }
@@ -156,7 +157,7 @@ func hostAddr(ip netip.Addr) addr.Host {
 }
 
 // ListInterfaces outputs a string describing the interfaces of the router under test.
-// The invoker of this test gets this when using the --show_interfaces option and is expected
+// The invoker of this test gets this when using the show_interfaces command and is expected
 // to set up the network accordingly before executing the test without that option.
 // We do not choose interface names or mac addresses those will be provided by the invoker
 // via the --interfaces options.
diff --git a/acceptance/router_newbenchmark/main.go b/acceptance/router_newbenchmark/main.go
index ddf96d446f..00f7bf2ca1 100644
--- a/acceptance/router_newbenchmark/main.go
+++ b/acceptance/router_newbenchmark/main.go
@@ -15,7 +15,7 @@
 package main
 
 import (
-	"flag"
+	"errors"
 	"fmt"
 	"hash"
 	"net"
@@ -28,6 +28,7 @@ import (
 	"github.com/google/gopacket"
 	"github.com/google/gopacket/afpacket"
 	"github.com/google/gopacket/layers"
+	"github.com/spf13/cobra"
 
 	"github.com/scionproto/scion/acceptance/router_newbenchmark/cases"
 	"github.com/scionproto/scion/pkg/log"
@@ -37,92 +38,103 @@ import (
 	"github.com/scionproto/scion/private/keyconf"
 )
 
-// multiple values for a string flag.
-type arrayFlags []string
+type Case func(payload string, mac hash.Hash, numDistinct int) (string, string, [][]byte)
+
+type caseChoice string
 
-func (i *arrayFlags) String() string {
-	return "A repeatable string argument"
+func (c *caseChoice) String() string {
+	return string(*c)
 }
 
-func (i *arrayFlags) Set(value string) error {
-	*i = append(*i, strings.TrimSpace(value))
+func (c *caseChoice) Set(v string) error {
+	_, ok := allCases[v]
+	if !ok {
+		return errors.New("No such case")
+	}
+	*c = caseChoice(v)
 	return nil
 }
 
-type Case func(payload string, mac hash.Hash, numDistinct int) (string, string, [][]byte)
+func (c *caseChoice) Type() string {
+	return "string enum"
+}
+
+func (c *caseChoice) Allowed() string {
+	return fmt.Sprintf("One of: %v", reflect.ValueOf(allCases).MapKeys())
+}
 
 var (
 	allCases = map[string]Case{
 		"br_transit": cases.BrTransit,
 	}
-	logConsole = flag.String("log.console", "debug", "Console logging level: debug|info|error")
-	dir        = flag.String("artifacts", "", "Artifacts directory")
-	numPackets = flag.Int("num_packets", 10, "Number of packets to send")
-	numStreams = flag.Int("num_streams", 4, "Number of independent streams (flow IDs) to use")
-	caseToRun  = flag.String("case", "",
-		fmt.Sprintf("Which traffic case to evaluate %v",
-			reflect.ValueOf(allCases).MapKeys()))
-	showIntf   = flag.Bool("show_interfaces", false, "Show interfaces needed by the test")
-	interfaces = arrayFlags{}
+	logConsole string
+	dir        string
+	numPackets int
+	numStreams int
+	caseToRun  caseChoice
+	interfaces []string
 )
 
-// initDevices inventories the available network interfaces, picks the ones that a case may inject
-// traffic into, and associates them with a AF Packet interface. It returns the packet interfaces
-// corresponding to each network interface.
-func openDevices() (map[string]*afpacket.TPacket, error) {
-	devs, err := net.Interfaces()
-	if err != nil {
-		return nil, serrors.WrapStr("listing network interfaces", err)
+func main() {
+	rootCmd := &cobra.Command{
+		Use:   "brload",
+		Short: "Generates traffic into a specific router of a specific topology",
 	}
-
-	handles := make(map[string]*afpacket.TPacket)
-
-	for _, dev := range devs {
-		if !strings.HasPrefix(dev.Name, "veth_") || !strings.HasSuffix(dev.Name, "_host") {
-			continue
-		}
-		handle, err := afpacket.NewTPacket(afpacket.OptInterface(dev.Name))
-		if err != nil {
-			return nil, serrors.WrapStr("creating TPacket", err)
-		}
-		handles[dev.Name] = handle
+	intfCmd := &cobra.Command{
+		Use:   "show_interfaces",
+		Short: "Provides a terse list of the interfaces that this test requires",
+		Run: func(cmd *cobra.Command, args []string) {
+			os.Exit(showInterfaces(cmd))
+		},
 	}
-
-	return handles, nil
-}
-
-func main() {
-	os.Exit(realMain())
-}
-
-func realMain() int {
-	flag.Var(&interfaces, "interface",
+	runCmd := &cobra.Command{
+		Use:   "run",
+		Short: "Executes the test",
+		Run: func(cmd *cobra.Command, args []string) {
+			os.Exit(run(cmd))
+		},
+	}
+	runCmd.Flags().IntVar(&numPackets, "num_packets", 10, "Number of packets to send")
+	runCmd.Flags().IntVar(&numStreams, "num_streams", 4,
+		"Number of independent streams (flowID) to use")
+	runCmd.Flags().StringVar(&logConsole, "log.console", "error",
+		"Console logging level: debug|info|error|etc.")
+	runCmd.Flags().StringVar(&dir, "artifacts", "", "Artifacts directory")
+	runCmd.Flags().Var(&caseToRun, "case", "Case to run. "+caseToRun.Type())
+	runCmd.Flags().StringArrayVar(&interfaces, "interface", []string{},
 		`label=host_interface,mac,peer_mac where:
     host_interface: use this to exchange traffic with interface <label>
     mac: the mac address of interface <label>
     peer_mac: the mac address of <host_interface>`)
-	flag.Parse()
-	if *showIntf {
-		fmt.Println(cases.ListInterfaces())
-		return 0
+	runCmd.MarkFlagRequired("case")
+	runCmd.MarkFlagRequired("interface")
+
+	rootCmd.AddCommand(intfCmd)
+	rootCmd.AddCommand(runCmd)
+	rootCmd.CompletionOptions.HiddenDefaultCmd = true
+
+	if rootCmd.Execute() != nil {
+		os.Exit(1)
 	}
+	os.Exit(0)
+}
 
-	logCfg := log.Config{Console: log.ConsoleConfig{Level: *logConsole}}
+func showInterfaces(cmd *cobra.Command) int {
+	fmt.Println(cases.ListInterfaces())
+	return 0
+}
+
+func run(cmd *cobra.Command) int {
+	logCfg := log.Config{Console: log.ConsoleConfig{Level: logConsole}}
 	if err := log.Setup(logCfg); err != nil {
-		flag.Usage()
 		fmt.Fprintf(os.Stderr, "%s\n", err)
 		return 1
 	}
 	defer log.HandlePanic()
 
-	caseFunc, ok := allCases[*caseToRun]
-	if !ok {
-		log.Error("Unknown case", "case", *caseToRun)
-		flag.Usage()
-		return 1
-	}
+	caseFunc := allCases[string(caseToRun)] // key already checked.
 
-	artifactsDir := *dir
+	artifactsDir := dir
 	if v := os.Getenv("TEST_ARTIFACTS_DIR"); v != "" {
 		artifactsDir = v
 	}
@@ -150,7 +162,7 @@ func realMain() int {
 	log.Info("BRLoad acceptance tests:")
 
 	payloadString := "actualpayloadbytes"
-	caseDevIn, caseDevOut, rawPkts := caseFunc(payloadString, hfMAC, *numStreams)
+	caseDevIn, caseDevOut, rawPkts := caseFunc(payloadString, hfMAC, numStreams)
 
 	writePktTo, ok := handles[caseDevIn]
 	if !ok {
@@ -178,9 +190,9 @@ func realMain() int {
 	// We started everything that could be started. So the best window for perf mertics
 	// opens somewhere around now.
 	metricsBegin := time.Now().Unix()
-	for i := 0; i < *numPackets; i++ {
-		if err := writePktTo.WritePacketData(rawPkts[i%*numStreams]); err != nil {
-			log.Error("writing input packet", "case", *caseToRun, "error", err)
+	for i := 0; i < numPackets; i++ {
+		if err := writePktTo.WritePacketData(rawPkts[i%numStreams]); err != nil {
+			log.Error("writing input packet", "case", string(caseToRun), "error", err)
 			return 1
 		}
 	}
@@ -200,9 +212,9 @@ func realMain() int {
 				return 1
 			}
 		case <-timeout:
-			// If our listener is still stuck there, unstick it. Closing the device doesn't cause the
-			// packet channel to close (presumably a bug). Close the channel ourselves.
-			// After this, the next loop is guaranteed an outcome.
+			// If our listener is still stuck there, unstick it. Closing the device doesn't cause
+			// the packet channel to close (presumably a bug). Close the channel ourselves. After
+			// this, the next loop is guaranteed an outcome.
 			close(packetChan)
 		}
 	}
@@ -247,6 +259,31 @@ func receivePackets(packetChan chan gopacket.Packet, payload string, outcome cha
 	}
 }
 
+// initDevices inventories the available network interfaces, picks the ones that a case may inject
+// traffic into, and associates them with a AF Packet interface. It returns the packet interfaces
+// corresponding to each network interface.
+func openDevices() (map[string]*afpacket.TPacket, error) {
+	devs, err := net.Interfaces()
+	if err != nil {
+		return nil, serrors.WrapStr("listing network interfaces", err)
+	}
+
+	handles := make(map[string]*afpacket.TPacket)
+
+	for _, dev := range devs {
+		if !strings.HasPrefix(dev.Name, "veth_") || !strings.HasSuffix(dev.Name, "_host") {
+			continue
+		}
+		handle, err := afpacket.NewTPacket(afpacket.OptInterface(dev.Name))
+		if err != nil {
+			return nil, serrors.WrapStr("creating TPacket", err)
+		}
+		handles[dev.Name] = handle
+	}
+
+	return handles, nil
+}
+
 // loadKey loads the keys that the router under test uses to sign hop fields.
 func loadKey(artifactsDir string) (hash.Hash, error) {
 	keysDir := filepath.Join(artifactsDir, "conf", "keys")
diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
index 866dced7d4..6f7ae71606 100644
--- a/acceptance/router_newbenchmark/test.py
+++ b/acceptance/router_newbenchmark/test.py
@@ -161,7 +161,7 @@ def setup_prepare(self):
         # We supply the label->(host-side-name,mac,peermac) mapping to brload when we start it.
         self.intfMap = {}
         brload = self.get_executable("brload")
-        output = brload("-artifacts", f"{self.artifacts}", "-show_interfaces")
+        output = brload("show_interfaces")
 
         for line in output.splitlines():
             elems = line.split(",")
@@ -192,15 +192,15 @@ def teardown(self):
 
     def _run(self):
         # Build the interface mapping arg:
-        mapArgs = [f"-interface {label}={intf.name},{intf.mac},{intf.peerMac}"
+        mapArgs = [f"--interface {label}={intf.name},{intf.mac},{intf.peerMac}"
                    for label, intf in self.intfMap.items()]
 
         # At long last...
         logger.info("==> Starting load br-transit")
         brload = self.get_executable("brload")
-        output = exec_sudo(f"{brload.executable} -artifacts {self.artifacts} "
+        output = exec_sudo(f"{brload.executable} run --artifacts {self.artifacts} "
                            f"{' '.join(mapArgs)} "
-                           "-case br_transit -num_packets 10000000 -num_streams 2")
+                           "--case br_transit --num_packets 10000000 --num_streams 2")
 
         for line in output.splitlines():
             print(line)

From 0ee2d30c908caed6a417a364a935644bd4abb8e7 Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Fri, 24 Nov 2023 16:06:05 +0100
Subject: [PATCH 22/40] router: dropped CS/DS from the topology of
 router_newbenchmark. Not needed.

---
 acceptance/router_newbenchmark/conf/topology.json | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/acceptance/router_newbenchmark/conf/topology.json b/acceptance/router_newbenchmark/conf/topology.json
index f24e967610..a6ea582030 100644
--- a/acceptance/router_newbenchmark/conf/topology.json
+++ b/acceptance/router_newbenchmark/conf/topology.json
@@ -4,16 +4,6 @@
   ],
   "isd_as": "1-ff00:0:1",
   "mtu": 1400,
-  "control_service": {
-    "cs1-ff00_0_1-1": {
-      "addr": "172.20.0.28:30252"
-    }
-  },
-  "discovery_service": {
-    "cs1-ff00_0_1-1": {
-      "addr": "172.20.0.28:30252"
-    }
-  },
   "border_routers": {
     "br1a": {
       "internal_addr": "192.168.10.1:30042",

From 21a406bfdacba2982cc557d8469baa8d99594ce6 Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Fri, 24 Nov 2023 16:28:15 +0100
Subject: [PATCH 23/40] router: reduce newbenchmark expectations a tiny bit
 after observing a near miss.

---
 acceptance/router_newbenchmark/test.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
index 6f7ae71606..93e65686d1 100644
--- a/acceptance/router_newbenchmark/test.py
+++ b/acceptance/router_newbenchmark/test.py
@@ -37,7 +37,7 @@
     # 'out': 26000,
     # 'in_transit': 73000,
     # 'out_transit': 49000,
-    'br_transit': 250000,
+    'br_transit': 230000,
 }
 
 

From 40adc9ea08a26c423df4f5230bf40beb9c51047c Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Mon, 27 Nov 2023 12:07:06 +0100
Subject: [PATCH 24/40] router: slight cleanup of the newbenchmark test script.

Changes:
* ditched the nearly useless exec_docker helper.
* kept a helper for sudo, named sudoA that just adds the -A argument.
* made the create_interface function a little bit more intelligible and
  orderly.
---
 acceptance/router_newbenchmark/test.py | 123 +++++++++++++++----------
 1 file changed, 72 insertions(+), 51 deletions(-)

diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
index 93e65686d1..4b0eab78c4 100644
--- a/acceptance/router_newbenchmark/test.py
+++ b/acceptance/router_newbenchmark/test.py
@@ -41,14 +41,10 @@
 }
 
 
-def exec_docker(command: str) -> str:
-    return docker(str.split(command))
-
-
-def exec_sudo(command: str) -> str:
+def sudoA(*args: [str]) -> str:
     # -A, --askpass makes sure command is failing and does not wait for
     # interactive password input.
-    return sudo("-A", str.split(command))
+    return sudo("-A", *args)
 
 
 # Convenience types to carry interface params.
@@ -101,24 +97,43 @@ class RouterBMTest(base.TestBase):
         envname="CI"
     )
 
-    # Accepts an IntfReq records names and mac addresses into an Intf and associates it with
-    # the request label.
+    # Creates a pair of virtual interfaces, with one end in the given network namespace and the
+    # other in the host stack.
+    # Accepts an IntfReq, records names and mac addresses into an Intf, and associates it with the
+    # request label. In the isolated network, set default TTL for outgoing packets to the common
+    # value 64, so that packets sent from router will match the expected value.
     def create_interface(self, req: IntfReq, ns: str):
         hostIntf = f"veth_{req.label}_host"
         brIntf = f"veth_{req.label}"
         peerMac = mac_for_ip(req.peerIp)
         mac = mac_for_ip(req.ip)
-        exec_sudo(f"ip link add {hostIntf} mtu 8000 type veth peer name {brIntf} mtu 8000")
-        exec_sudo(f"sysctl -qw net.ipv6.conf.{hostIntf}.disable_ipv6=1")
-        exec_sudo(f"ip link set {hostIntf} up")
-        exec_sudo(f"ip link set {brIntf} netns {ns}")
-        exec_sudo(f"ip netns exec {ns} sysctl -qw net.ipv6.conf.{brIntf}.disable_ipv6=1")
-        exec_sudo(f"ip netns exec {ns} ethtool -K  {brIntf} rx off tx off")
-        exec_sudo(f"ip netns exec {ns} ip link set {brIntf} address {mac}")
-        exec_sudo(f"ip netns exec {ns} ip addr add {req.ip}/{req.prefixLen} dev {brIntf}")
-        exec_sudo(f"ip netns exec {ns} ip neigh add {req.peerIp} "
-                  f"lladdr {peerMac} nud permanent dev {brIntf}")
-        exec_sudo(f"ip netns exec {ns} ip link set {brIntf} up")
+
+        # The interfaces
+        sudoA("ip", "link", "add", f"{hostIntf}", "type", "veth", "peer", "name", f"{brIntf}")
+        sudoA("ip", "link", "set", f"{hostIntf}", "mtu", "8000")
+        sudoA("ip", "link", "set", f"{brIntf}", "mtu", "8000")
+        sudoA("sysctl", "-qw", f"net.ipv6.conf.{hostIntf}.disable_ipv6=1")
+        sudoA("ethtool", "-K", f"{brIntf}", "rx", "off", "tx", "off")
+        sudoA("ip", "link", "set", f"{brIntf}", "address", f"{mac}")
+
+        # The network namespace
+        sudoA("ip", "link", "set", f"{brIntf}", "netns", f"{ns}")
+        sudoA("ip", "netns", "exec", f"{ns}", "sysctl", "-w", f"net.ipv4.ip_default_ttl=64")
+
+        # The addresses (presumably must be done once the br interface is in the namespace).
+        sudoA("ip", "netns", "exec", f"{ns}",
+              "ip", "addr", "add", f"{req.ip}/{req.prefixLen}", "dev", f"{brIntf}")
+        sudoA("ip", "netns", "exec", f"{ns}",
+              "ip", "neigh", "add", f"{req.peerIp}", "lladdr", f"{peerMac}", "nud", "permanent",
+              "dev", f"{brIntf}")
+        sudoA("ip", "netns", "exec", f"{ns}",
+              "sysctl", "-qw", f"net.ipv6.conf.{brIntf}.disable_ipv6=1")
+
+        # Fit for duty.
+        sudoA("ip", "link", "set", f"{hostIntf}", "up")
+        sudoA("ip", "netns", "exec", f"{ns}",
+              "ip", "link", "set", f"{brIntf}", "up")
+
         self.intfMap[req.label] = Intf(hostIntf, mac, peerMac)
 
     def setup_prepare(self):
@@ -128,7 +143,7 @@ def setup_prepare(self):
         shutil.copytree("acceptance/router_newbenchmark/conf/", self.artifacts / "conf")
 
         # We need a custom network so can create veth interfaces of our own chosing.
-        exec_docker("network create -d bridge benchmark")
+        docker("network", "create",  "-d", "bridge", "benchmark")
 
         # This test is useless without prometheus. Also, we need a running container to have
         # a usable network namespace that we can configuer before the router runs. So, start
@@ -138,22 +153,21 @@ def setup_prepare(self):
         # configure the interfaces, and then start the router. We'd still need prometheus, though,
         # and we'd need to expose the router's metrics port to prometheus in some way. So, this is
         # simpler.
-        exec_docker(f"run -v {self.artifacts}/conf:/share/conf "
-                    "-d "
-                    "--network benchmark "
-                    "--publish 9999:9090 "
-                    "--name prometheus "
-                    "prom/prometheus:v2.47.2 "
-                    "--config.file /share/conf/prometheus.yml")
+        docker("run",
+               "-v", f"{self.artifacts}/conf:/share/conf",
+               "-d",
+               "--network", "benchmark",
+               "--publish", "9999:9090",
+               "--name", "prometheus",
+               "prom/prometheus:v2.47.2",
+               "--config.file", "/share/conf/prometheus.yml")
 
         # Link that namespace to where the ip commands expect it. While at it give it a simple name.
-        exec_sudo("mkdir -p /var/run/netns")
-        ns = exec_docker("inspect prometheus -f '{{.NetworkSettings.SandboxKey}}'").replace("'", "")
-        exec_sudo(f"ln -sfT {ns} /var/run/netns/benchmark")
-
-        # Set default TTL for outgoing packets to the common value 64, so that packets sent
-        # from router will match the expected value.
-        exec_sudo("ip netns exec benchmark sysctl -w net.ipv4.ip_default_ttl=64")
+        sudoA("mkdir", "-p", "/var/run/netns")
+        ns = docker("inspect",
+                    "prometheus",
+                    "-f", "'{{.NetworkSettings.SandboxKey}}'").replace("'", "").strip()
+        sudoA("ln", "-sfT", f"{ns}", "/var/run/netns/benchmark")
 
         # Run test brload test with --show_interfaces and set up the veth that it needs.
         # The router uses one end and the test uses the other end to feed it with (and possibly
@@ -171,36 +185,43 @@ def setup_prepare(self):
             self.create_interface(t, "benchmark")
 
         # We don't need that symlink any more
-        exec_sudo("rm /var/run/netns/benchmark")
+        sudoA("rm", "/var/run/netns/benchmark")
 
         # Now the router can start.
-        exec_docker(f"run -v {self.artifacts}/conf:/share/conf "
-                    "-d "
-                    "-e SCION_EXPERIMENTAL_BFD_DISABLE=true -e GOMAXPROCS=4 "
-                    "--network container:prometheus "
-                    "--name router "
-                    "posix-router:latest")
+        docker("run",
+               "-v", f"{self.artifacts}/conf:/share/conf",
+               "-d",
+               "-e", "SCION_EXPERIMENTAL_BFD_DISABLE=true",
+               "-e", "GOMAXPROCS=4",
+               "--network", "container:prometheus",
+               "--name", "router",
+               "posix-router:latest")
 
         time.sleep(2)
 
     def teardown(self):
         docker["logs", "router"].run_fg(retcode=None)
-        exec_docker("rm -f prometheus")
-        exec_docker("rm -f router")
-        exec_docker("network rm benchmark")  # veths are deleted automatically
-        exec_sudo(f"chown -R {whoami()} {self.artifacts}")
+        docker("rm", "-f", "prometheus")
+        docker("rm", "-f", "router")
+        docker("network", "rm", "benchmark")  # veths are deleted automatically
+        sudoA("chown", "-R", f"{whoami().strip()}", f"{self.artifacts}")
 
     def _run(self):
-        # Build the interface mapping arg:
-        mapArgs = [f"--interface {label}={intf.name},{intf.mac},{intf.peerMac}"
-                   for label, intf in self.intfMap.items()]
+        # Build the interface mapping arg
+        mapArgs = []
+        for label, intf in self.intfMap.items():
+            mapArgs.extend(["--interface", f"{label}={intf.name},{intf.mac},{intf.peerMac}"])
 
         # At long last...
         logger.info("==> Starting load br-transit")
         brload = self.get_executable("brload")
-        output = exec_sudo(f"{brload.executable} run --artifacts {self.artifacts} "
-                           f"{' '.join(mapArgs)} "
-                           "--case br_transit --num_packets 10000000 --num_streams 2")
+        output = sudoA(f"{brload.executable}",
+                       "run",
+                       "--artifacts", f"{self.artifacts}",
+                       *mapArgs,
+                       "--case", "br_transit",
+                       "--num_packets", "10000000",
+                       "--num_streams", "2")
 
         for line in output.splitlines():
             print(line)

From 55fd64b632097c2509a3f42dc8dd709d64a711bb Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Mon, 27 Nov 2023 13:38:50 +0100
Subject: [PATCH 25/40] router: Please lint and replace sudoA() with sudo().

So the sudoA() helper can be named sudo(), call cmd.sudo() explicitly
rather than importing it from cmd.
---
 acceptance/router_newbenchmark/test.py | 65 +++++++++++++-------------
 1 file changed, 33 insertions(+), 32 deletions(-)

diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
index 4b0eab78c4..4eaa182227 100644
--- a/acceptance/router_newbenchmark/test.py
+++ b/acceptance/router_newbenchmark/test.py
@@ -20,7 +20,8 @@
 
 from collections import namedtuple
 from plumbum import cli
-from plumbum.cmd import sudo, docker, whoami
+from plumbum.cmd import docker, whoami
+from plumbum import cmd
 
 from acceptance.common import base
 
@@ -41,10 +42,10 @@
 }
 
 
-def sudoA(*args: [str]) -> str:
+def sudo(*args: [str]) -> str:
     # -A, --askpass makes sure command is failing and does not wait for
     # interactive password input.
-    return sudo("-A", *args)
+    return cmd.sudo("-A", *args)
 
 
 # Convenience types to carry interface params.
@@ -109,30 +110,30 @@ def create_interface(self, req: IntfReq, ns: str):
         mac = mac_for_ip(req.ip)
 
         # The interfaces
-        sudoA("ip", "link", "add", f"{hostIntf}", "type", "veth", "peer", "name", f"{brIntf}")
-        sudoA("ip", "link", "set", f"{hostIntf}", "mtu", "8000")
-        sudoA("ip", "link", "set", f"{brIntf}", "mtu", "8000")
-        sudoA("sysctl", "-qw", f"net.ipv6.conf.{hostIntf}.disable_ipv6=1")
-        sudoA("ethtool", "-K", f"{brIntf}", "rx", "off", "tx", "off")
-        sudoA("ip", "link", "set", f"{brIntf}", "address", f"{mac}")
+        sudo("ip", "link", "add", f"{hostIntf}", "type", "veth", "peer", "name", f"{brIntf}")
+        sudo("ip", "link", "set", f"{hostIntf}", "mtu", "8000")
+        sudo("ip", "link", "set", f"{brIntf}", "mtu", "8000")
+        sudo("sysctl", "-qw", f"net.ipv6.conf.{hostIntf}.disable_ipv6=1")
+        sudo("ethtool", "-K", f"{brIntf}", "rx", "off", "tx", "off")
+        sudo("ip", "link", "set", f"{brIntf}", "address", f"{mac}")
 
         # The network namespace
-        sudoA("ip", "link", "set", f"{brIntf}", "netns", f"{ns}")
-        sudoA("ip", "netns", "exec", f"{ns}", "sysctl", "-w", f"net.ipv4.ip_default_ttl=64")
+        sudo("ip", "link", "set", f"{brIntf}", "netns", f"{ns}")
+        sudo("ip", "netns", "exec", f"{ns}", "sysctl", "-w", "net.ipv4.ip_default_ttl=64")
 
         # The addresses (presumably must be done once the br interface is in the namespace).
-        sudoA("ip", "netns", "exec", f"{ns}",
-              "ip", "addr", "add", f"{req.ip}/{req.prefixLen}", "dev", f"{brIntf}")
-        sudoA("ip", "netns", "exec", f"{ns}",
-              "ip", "neigh", "add", f"{req.peerIp}", "lladdr", f"{peerMac}", "nud", "permanent",
-              "dev", f"{brIntf}")
-        sudoA("ip", "netns", "exec", f"{ns}",
-              "sysctl", "-qw", f"net.ipv6.conf.{brIntf}.disable_ipv6=1")
+        sudo("ip", "netns", "exec", f"{ns}",
+             "ip", "addr", "add", f"{req.ip}/{req.prefixLen}", "dev", f"{brIntf}")
+        sudo("ip", "netns", "exec", f"{ns}",
+             "ip", "neigh", "add", f"{req.peerIp}", "lladdr", f"{peerMac}", "nud", "permanent",
+             "dev", f"{brIntf}")
+        sudo("ip", "netns", "exec", f"{ns}",
+             "sysctl", "-qw", f"net.ipv6.conf.{brIntf}.disable_ipv6=1")
 
         # Fit for duty.
-        sudoA("ip", "link", "set", f"{hostIntf}", "up")
-        sudoA("ip", "netns", "exec", f"{ns}",
-              "ip", "link", "set", f"{brIntf}", "up")
+        sudo("ip", "link", "set", f"{hostIntf}", "up")
+        sudo("ip", "netns", "exec", f"{ns}",
+             "ip", "link", "set", f"{brIntf}", "up")
 
         self.intfMap[req.label] = Intf(hostIntf, mac, peerMac)
 
@@ -163,11 +164,11 @@ def setup_prepare(self):
                "--config.file", "/share/conf/prometheus.yml")
 
         # Link that namespace to where the ip commands expect it. While at it give it a simple name.
-        sudoA("mkdir", "-p", "/var/run/netns")
+        sudo("mkdir", "-p", "/var/run/netns")
         ns = docker("inspect",
                     "prometheus",
                     "-f", "'{{.NetworkSettings.SandboxKey}}'").replace("'", "").strip()
-        sudoA("ln", "-sfT", f"{ns}", "/var/run/netns/benchmark")
+        sudo("ln", "-sfT", f"{ns}", "/var/run/netns/benchmark")
 
         # Run test brload test with --show_interfaces and set up the veth that it needs.
         # The router uses one end and the test uses the other end to feed it with (and possibly
@@ -185,7 +186,7 @@ def setup_prepare(self):
             self.create_interface(t, "benchmark")
 
         # We don't need that symlink any more
-        sudoA("rm", "/var/run/netns/benchmark")
+        sudo("rm", "/var/run/netns/benchmark")
 
         # Now the router can start.
         docker("run",
@@ -204,7 +205,7 @@ def teardown(self):
         docker("rm", "-f", "prometheus")
         docker("rm", "-f", "router")
         docker("network", "rm", "benchmark")  # veths are deleted automatically
-        sudoA("chown", "-R", f"{whoami().strip()}", f"{self.artifacts}")
+        sudo("chown", "-R", f"{whoami().strip()}", f"{self.artifacts}")
 
     def _run(self):
         # Build the interface mapping arg
@@ -215,13 +216,13 @@ def _run(self):
         # At long last...
         logger.info("==> Starting load br-transit")
         brload = self.get_executable("brload")
-        output = sudoA(f"{brload.executable}",
-                       "run",
-                       "--artifacts", f"{self.artifacts}",
-                       *mapArgs,
-                       "--case", "br_transit",
-                       "--num_packets", "10000000",
-                       "--num_streams", "2")
+        output = sudo(f"{brload.executable}",
+                      "run",
+                      "--artifacts", f"{self.artifacts}",
+                      *mapArgs,
+                      "--case", "br_transit",
+                      "--num_packets", "10000000",
+                      "--num_streams", "2")
 
         for line in output.splitlines():
             print(line)

From 0c746a8c4e252db24cc78df0545643552daa0dde Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Tue, 28 Nov 2023 10:41:05 +0100
Subject: [PATCH 26/40] router: implement reviewers suggestions and some more
 cleanup.

Changes:
* rename intfName to deviceName for clarity.
* assorted coding style polishings.
* remove redundant string formatings in test harness.
* in test harness, factor single test case execution in view of multiple cases.
---
 .../router_newbenchmark/cases/br_transit.go   |   2 +-
 acceptance/router_newbenchmark/cases/topo.go  |  30 ++---
 acceptance/router_newbenchmark/main.go        |  27 +++--
 acceptance/router_newbenchmark/test.py        | 110 +++++++++---------
 4 files changed, 87 insertions(+), 82 deletions(-)

diff --git a/acceptance/router_newbenchmark/cases/br_transit.go b/acceptance/router_newbenchmark/cases/br_transit.go
index 7bfb665bcc..f9e4f417cb 100644
--- a/acceptance/router_newbenchmark/cases/br_transit.go
+++ b/acceptance/router_newbenchmark/cases/br_transit.go
@@ -165,5 +165,5 @@ func BrTransit(payload string, mac hash.Hash, numDistinct int) (string, string,
 	for i := 0; i < numDistinct; i++ {
 		packets[i] = oneBrTransit(payload, mac, uint32(i+1))
 	}
-	return interfaceName(1, 2), interfaceName(1, 3), packets
+	return deviceName(1, 2), deviceName(1, 3), packets
 }
diff --git a/acceptance/router_newbenchmark/cases/topo.go b/acceptance/router_newbenchmark/cases/topo.go
index 3118206e44..1e918f5882 100644
--- a/acceptance/router_newbenchmark/cases/topo.go
+++ b/acceptance/router_newbenchmark/cases/topo.go
@@ -74,7 +74,7 @@ func internalIP(AS byte, routerIndex byte) netip.Addr {
 }
 
 // interfaceLabel returns a string label for the gievn AS and interface indices.
-// Such names are those used when responding to the show_interfaces command and when translating
+// Such names are those used when responding to the show-interfaces command and when translating
 // the --interface option.
 func interfaceLabel(AS int, intf int) string {
 	return fmt.Sprintf("%d_%d", AS, intf)
@@ -97,21 +97,23 @@ var (
 		interfaceLabel(1, 3): {publicIP(1, 3), publicIP(3, 1)},
 	}
 
-	// intfNames holds the real names of our required interfaces. It is populated from the values of
-	// the --interface options.
-	intfNames map[string]string = map[string]string{}
+	// deviceNames holds the real (os-given) names of our required network interfaces. It is
+	// created and populated from the values of the --interface options by InitInterfaces.
+	deviceNames map[string]string
 
-	// macAddresses keeps the mac addresses associated with each IP. It is populated from the values
-	// of the --interface options. There are more than intfMap interfaces since we need the peer
-	// addresses too. Additional IPS not from intfMap have no known mac addresses; we are free to
-	// make them up to make credible packets.
-	macAddrs map[netip.Addr]net.HardwareAddr = map[netip.Addr]net.HardwareAddr{}
+	// macAddresses keeps the mac addresses associated with each IP. It is created and populated
+	// from the values of the --interface options by InitInterfaces. There can be two items for each
+	// interface since we record the neighbor's addresses too. Additional IPs not from intfMap have
+	// no known mac addresses; we are free to make them up to make credible packets.
+	macAddrs map[netip.Addr]net.HardwareAddr
 )
 
 // InitInterfaces collects the names and mac addresses for the interfaces setup by the invoker
 // according to instructions given via listInterfaces().
 // This information is indexed by our own interface labels.
 func InitInterfaces(pairs []string) {
+	deviceNames = make(map[string]string, len(pairs))
+	macAddrs = make(map[netip.Addr]net.HardwareAddr, len(pairs)*2)
 	for _, pair := range pairs {
 		p := strings.Split(pair, "=")
 		label := p[0]
@@ -124,7 +126,7 @@ func InitInterfaces(pairs []string) {
 		if err != nil {
 			panic(err)
 		}
-		intfNames[label] = info[0]                 // host-side name
+		deviceNames[label] = info[0]               // host-side name
 		macAddrs[intfMap[label].ip] = addr         // ip->mac
 		macAddrs[intfMap[label].peerIP] = peerAddr // peerIP->peerMAC
 	}
@@ -132,8 +134,8 @@ func InitInterfaces(pairs []string) {
 
 // interfaceName returns the name of the host interface that this test must use in order to exchange
 // traffic with the interface designated by the given AS and interface indices.
-func interfaceName(AS int, intf int) string {
-	return intfNames[interfaceLabel(AS, intf)]
+func deviceName(AS int, intf int) string {
+	return deviceNames[interfaceLabel(AS, intf)]
 }
 
 // macAddr returns the mac address assigned to the interface that has the given IP address.
@@ -146,7 +148,7 @@ func macAddr(ip netip.Addr) net.HardwareAddr {
 		return mac
 	}
 	as4 := ip.As4()
-	return net.HardwareAddr{0xf0, 0x0d, 0xca, 0xfe, as4[2], as4[3]}
+	return net.HardwareAddr{0xde, 0xad, 0xbe, 0xef, as4[2], as4[3]}
 }
 
 // hostAddr returns a the SCION Hosts addresse that corresponds to the given underlay address.
@@ -157,7 +159,7 @@ func hostAddr(ip netip.Addr) addr.Host {
 }
 
 // ListInterfaces outputs a string describing the interfaces of the router under test.
-// The invoker of this test gets this when using the show_interfaces command and is expected
+// The invoker of this test gets this when using the show-interfaces command and is expected
 // to set up the network accordingly before executing the test without that option.
 // We do not choose interface names or mac addresses those will be provided by the invoker
 // via the --interfaces options.
diff --git a/acceptance/router_newbenchmark/main.go b/acceptance/router_newbenchmark/main.go
index 00f7bf2ca1..07f7876d5e 100644
--- a/acceptance/router_newbenchmark/main.go
+++ b/acceptance/router_newbenchmark/main.go
@@ -81,7 +81,7 @@ func main() {
 		Short: "Generates traffic into a specific router of a specific topology",
 	}
 	intfCmd := &cobra.Command{
-		Use:   "show_interfaces",
+		Use:   "show-interfaces",
 		Short: "Provides a terse list of the interfaces that this test requires",
 		Run: func(cmd *cobra.Command, args []string) {
 			os.Exit(showInterfaces(cmd))
@@ -94,13 +94,13 @@ func main() {
 			os.Exit(run(cmd))
 		},
 	}
-	runCmd.Flags().IntVar(&numPackets, "num_packets", 10, "Number of packets to send")
-	runCmd.Flags().IntVar(&numStreams, "num_streams", 4,
+	runCmd.Flags().IntVar(&numPackets, "num-packets", 10, "Number of packets to send")
+	runCmd.Flags().IntVar(&numStreams, "num-streams", 4,
 		"Number of independent streams (flowID) to use")
 	runCmd.Flags().StringVar(&logConsole, "log.console", "error",
 		"Console logging level: debug|info|error|etc.")
 	runCmd.Flags().StringVar(&dir, "artifacts", "", "Artifacts directory")
-	runCmd.Flags().Var(&caseToRun, "case", "Case to run. "+caseToRun.Type())
+	runCmd.Flags().Var(&caseToRun, "case", "Case to run. "+caseToRun.Allowed())
 	runCmd.Flags().StringArrayVar(&interfaces, "interface", []string{},
 		`label=host_interface,mac,peer_mac where:
     host_interface: use this to exchange traffic with interface <label>
@@ -184,7 +184,8 @@ func run(cmd *cobra.Command) int {
 
 	go func() {
 		defer log.HandlePanic()
-		receivePackets(packetChan, payloadString, listenerChan)
+		defer close(listenerChan)
+		listenerChan <- receivePackets(packetChan, payloadString)
 	}()
 
 	// We started everything that could be started. So the best window for perf mertics
@@ -225,23 +226,18 @@ func run(cmd *cobra.Command) int {
 
 // receivePkts consume some or all (at least one if it arrives) of the packets
 // arriving on the given handle and checks that they contain the given payload.
-// The number of consumed packets is returned via the given outcome channel.
+// The number of consumed packets is returned.
 // Currently we are content with receiving a single correct packet and we terminate after
 // that.
-func receivePackets(packetChan chan gopacket.Packet, payload string, outcome chan int) {
+func receivePackets(packetChan chan gopacket.Packet, payload string) int {
 	numRcv := 0
 
-	defer func() {
-		outcome <- numRcv
-		close(outcome)
-	}()
-
 	for {
 		got, ok := <-packetChan
 		if !ok {
 			// No more packets
 			log.Info("No more Packets")
-			return
+			return numRcv
 		}
 		if err := got.ErrorLayer(); err != nil {
 			log.Error("error decoding packet", "err", err)
@@ -253,8 +249,11 @@ func receivePackets(packetChan chan gopacket.Packet, payload string, outcome cha
 			continue
 		}
 		if string(layer.LayerContents()) == payload {
+			// To return the count of all packets received, just remove the "return" below.
+			// Return will occur once packetChan closes (which happens after a short timeout at
+			// the end of the test.
 			numRcv++
-			return
+			return numRcv
 		}
 	}
 }
diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
index 4eaa182227..1a92440b49 100644
--- a/acceptance/router_newbenchmark/test.py
+++ b/acceptance/router_newbenchmark/test.py
@@ -33,11 +33,11 @@
 logger = logging.getLogger(__name__)
 
 # Those values are valid expectations only when running in the CI environment.
-EXPECTATIONS = {
-    # 'in': 53000,
-    # 'out': 26000,
-    # 'in_transit': 73000,
-    # 'out_transit': 49000,
+TEST_CASES = {
+    # 'in': 0,  # 53000,
+    # 'out': 0,  # 26000,
+    # 'in_transit': 0,  # 73000,
+    # 'out_transit': 0,  # 49000,
     'br_transit': 230000,
 }
 
@@ -110,30 +110,30 @@ def create_interface(self, req: IntfReq, ns: str):
         mac = mac_for_ip(req.ip)
 
         # The interfaces
-        sudo("ip", "link", "add", f"{hostIntf}", "type", "veth", "peer", "name", f"{brIntf}")
-        sudo("ip", "link", "set", f"{hostIntf}", "mtu", "8000")
-        sudo("ip", "link", "set", f"{brIntf}", "mtu", "8000")
+        sudo("ip", "link", "add", hostIntf, "type", "veth", "peer", "name", brIntf)
+        sudo("ip", "link", "set", hostIntf, "mtu", "8000")
+        sudo("ip", "link", "set", brIntf, "mtu", "8000")
         sudo("sysctl", "-qw", f"net.ipv6.conf.{hostIntf}.disable_ipv6=1")
-        sudo("ethtool", "-K", f"{brIntf}", "rx", "off", "tx", "off")
-        sudo("ip", "link", "set", f"{brIntf}", "address", f"{mac}")
+        sudo("ethtool", "-K", brIntf, "rx", "off", "tx", "off")
+        sudo("ip", "link", "set", brIntf, "address", mac)
 
         # The network namespace
-        sudo("ip", "link", "set", f"{brIntf}", "netns", f"{ns}")
-        sudo("ip", "netns", "exec", f"{ns}", "sysctl", "-w", "net.ipv4.ip_default_ttl=64")
+        sudo("ip", "link", "set", brIntf, "netns", ns)
+        sudo("ip", "netns", "exec", ns, "sysctl", "-w", "net.ipv4.ip_default_ttl=64")
 
         # The addresses (presumably must be done once the br interface is in the namespace).
-        sudo("ip", "netns", "exec", f"{ns}",
-             "ip", "addr", "add", f"{req.ip}/{req.prefixLen}", "dev", f"{brIntf}")
-        sudo("ip", "netns", "exec", f"{ns}",
-             "ip", "neigh", "add", f"{req.peerIp}", "lladdr", f"{peerMac}", "nud", "permanent",
-             "dev", f"{brIntf}")
-        sudo("ip", "netns", "exec", f"{ns}",
+        sudo("ip", "netns", "exec", ns,
+             "ip", "addr", "add", f"{req.ip}/{req.prefixLen}", "dev", brIntf)
+        sudo("ip", "netns", "exec", ns,
+             "ip", "neigh", "add", req.peerIp, "lladdr", peerMac, "nud", "permanent",
+             "dev", brIntf)
+        sudo("ip", "netns", "exec", ns,
              "sysctl", "-qw", f"net.ipv6.conf.{brIntf}.disable_ipv6=1")
 
         # Fit for duty.
-        sudo("ip", "link", "set", f"{hostIntf}", "up")
-        sudo("ip", "netns", "exec", f"{ns}",
-             "ip", "link", "set", f"{brIntf}", "up")
+        sudo("ip", "link", "set", hostIntf, "up")
+        sudo("ip", "netns", "exec", ns,
+             "ip", "link", "set", brIntf, "up")
 
         self.intfMap[req.label] = Intf(hostIntf, mac, peerMac)
 
@@ -167,16 +167,16 @@ def setup_prepare(self):
         sudo("mkdir", "-p", "/var/run/netns")
         ns = docker("inspect",
                     "prometheus",
-                    "-f", "'{{.NetworkSettings.SandboxKey}}'").replace("'", "").strip()
-        sudo("ln", "-sfT", f"{ns}", "/var/run/netns/benchmark")
+                    "-f", "{{.NetworkSettings.SandboxKey}}").strip()
+        sudo("ln", "-sfT", ns, "/var/run/netns/benchmark")
 
-        # Run test brload test with --show_interfaces and set up the veth that it needs.
+        # Run test brload test with --show-interfaces and set up the veth that it needs.
         # The router uses one end and the test uses the other end to feed it with (and possibly
         # capture) traffic.
         # We supply the label->(host-side-name,mac,peermac) mapping to brload when we start it.
         self.intfMap = {}
         brload = self.get_executable("brload")
-        output = brload("show_interfaces")
+        output = brload("show-interfaces")
 
         for line in output.splitlines():
             elems = line.split(",")
@@ -205,31 +205,25 @@ def teardown(self):
         docker("rm", "-f", "prometheus")
         docker("rm", "-f", "router")
         docker("network", "rm", "benchmark")  # veths are deleted automatically
-        sudo("chown", "-R", f"{whoami().strip()}", f"{self.artifacts}")
+        sudo("chown", "-R", whoami().strip(), self.artifacts)
 
-    def _run(self):
-        # Build the interface mapping arg
-        mapArgs = []
-        for label, intf in self.intfMap.items():
-            mapArgs.extend(["--interface", f"{label}={intf.name},{intf.mac},{intf.peerMac}"])
-
-        # At long last...
-        logger.info("==> Starting load br-transit")
+    def runTestCase(self, case: str, mapArgs: list[str]):
+        logger.info(f"==> Starting load {case}")
         brload = self.get_executable("brload")
-        output = sudo(f"{brload.executable}",
+        output = sudo(brload.executable,
                       "run",
-                      "--artifacts", f"{self.artifacts}",
+                      "--artifacts", self.artifacts,
                       *mapArgs,
-                      "--case", "br_transit",
-                      "--num_packets", "10000000",
-                      "--num_streams", "2")
+                      "--case", case,
+                      "--num-packets", "10000000",
+                      "--num-streams", "2")
 
         for line in output.splitlines():
             print(line)
             if line.startswith('metricsBegin'):
                 _, beg, _, end = line.split()
 
-        logger.info('==> Collecting br-transit performance metrics...')
+        logger.info(f"==> Collecting {case} performance metrics...")
 
         # The raw metrics are expressed in terms of core*seconds. We convert to machine*seconds
         # which allows us to provide a projected packet/s; ...more intuitive than packets/core*s.
@@ -240,8 +234,8 @@ def _run(self):
         promQuery = urlencode({
             'time': f'{sampleTime}',
             'query': (
-                'sum by (instance, job) ('
-                '  rate(router_output_pkts_total{job="BR", type="br_transit"}[10s])'
+                f'sum by (instance, job) ('
+                '  rate(router_output_pkts_total{job="BR", type="{case}"}[10s])'
                 ')'
                 '/ on (instance, job) group_left()'
                 'sum by (instance, job) ('
@@ -256,20 +250,17 @@ def _run(self):
         if resp.status != 200:
             raise RuntimeError(f'Unexpected response: {resp.status} {resp.reason}')
 
-        # There's only one router that has br_transit traffic.
+        # There's only one router, so whichever metric we get is the right one.
         pld = json.loads(resp.read().decode('utf-8'))
         results = pld['data']['result']
-        rateMap = {}
-        tt = 'br_transit'
-        rateMap[tt] = 0
         for result in results:
             ts, val = result['value']
-            r = int(float(val))
-            if r != 0:
-                rateMap[tt] = r
+            return int(float(val))
+        return 0
 
-        # Fetch and log the number of cores used by Go. This may inform performance
-        # modeling later.
+    # Fetch and log the number of cores used by Go. This may inform performance
+    # modeling later.
+    def logCoreCounts(self):
         logger.info('==> Collecting number of cores...')
         promQuery = urlencode({
             'query': 'go_sched_maxprocs_threads{job="BR"}'
@@ -288,12 +279,25 @@ def _run(self):
             _, val = result['value']
             logger.info(f'Router Cores for {instance}: {int(val)}')
 
+    def _run(self):
+        # Build the interface mapping arg
+        mapArgs = []
+        for label, intf in self.intfMap.items():
+            mapArgs.extend(["--interface", f"{label}={intf.name},{intf.mac},{intf.peerMac}"])
+
+        # At long last, run the tests
+        rateMap = {}
+        for testCase in TEST_CASES:
+            rateMap[testCase] = self.runTestCase(testCase, mapArgs)
+
+        self.logCoreCounts()
+
         # Log and check the performance...
         # If this is used as a CI test. Make sure that the performance is within the expected
         # ballpark.
         rateTooLow = []
-        for tt, exp in EXPECTATIONS.items():
-            if self.ci:
+        for tt, exp in TEST_CASES.items():
+            if self.ci and exp != 0:
                 logger.info(f'Packets/(machine*s) for {tt}: {rateMap[tt]} expected: {exp}')
                 if rateMap[tt] < 0.8 * exp:
                     rateTooLow.append(tt)

From 9a2e96e08dffdd998955d4e2d341d71e0bc6674d Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Tue, 28 Nov 2023 11:23:27 +0100
Subject: [PATCH 27/40] router: fix failed formatting of prom query.

---
 acceptance/router_newbenchmark/test.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
index 1a92440b49..39dc1ee6e3 100644
--- a/acceptance/router_newbenchmark/test.py
+++ b/acceptance/router_newbenchmark/test.py
@@ -234,8 +234,8 @@ def runTestCase(self, case: str, mapArgs: list[str]):
         promQuery = urlencode({
             'time': f'{sampleTime}',
             'query': (
-                f'sum by (instance, job) ('
-                '  rate(router_output_pkts_total{job="BR", type="{case}"}[10s])'
+                'sum by (instance, job) ('
+                f'  rate(router_output_pkts_total{{job="BR", type="{case}"}}[10s])'
                 ')'
                 '/ on (instance, job) group_left()'
                 'sum by (instance, job) ('

From 653d885495c07e8538eea07c97bbbee1ddce1dc1 Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Tue, 28 Nov 2023 17:20:01 +0100
Subject: [PATCH 28/40] router: some minor improvements to router_newbenchmark.

Changes:
* Reduce chance of mistake in test case by supplying the underlay UDP port
  automatically based on the interface type.
* Add a comment in the test harness to explain why we shouldn't configure the
  host side interface addresses.
---
 .../router_newbenchmark/cases/br_transit.go   | 27 +++++++++----------
 acceptance/router_newbenchmark/cases/topo.go  | 15 +++++++++++
 acceptance/router_newbenchmark/test.py        |  6 +++++
 3 files changed, 34 insertions(+), 14 deletions(-)

diff --git a/acceptance/router_newbenchmark/cases/br_transit.go b/acceptance/router_newbenchmark/cases/br_transit.go
index f9e4f417cb..96888fa15a 100644
--- a/acceptance/router_newbenchmark/cases/br_transit.go
+++ b/acceptance/router_newbenchmark/cases/br_transit.go
@@ -38,16 +38,16 @@ import (
 func oneBrTransit(payload string, mac hash.Hash, flowId uint32) []byte {
 
 	var (
-		originIA   = isdAS(2)
-		originIP   = publicIP(2, 1)
-		originHost = hostAddr(originIP)
-		srcIP      = publicIP(2, 1)
-		srcMAC     = macAddr(srcIP)
-		dstIP      = publicIP(1, 2)
-		dstMAC     = macAddr(dstIP)
-		targetIA   = isdAS(3)
-		targetIP   = publicIP(3, 1)
-		targetHost = hostAddr(targetIP)
+		originIA       = isdAS(2)
+		originIP       = publicIP(2, 1)
+		originHost     = hostAddr(originIP)
+		srcIP, srcPort = publicIPPort(2, 1)
+		srcMAC         = macAddr(srcIP)
+		dstIP, dstPort = publicIPPort(1, 2)
+		dstMAC         = macAddr(dstIP)
+		targetIA       = isdAS(3)
+		targetIP       = publicIP(3, 1)
+		targetHost     = hostAddr(targetIP)
 	)
 
 	options := gopacket.SerializeOptions{
@@ -72,14 +72,13 @@ func oneBrTransit(payload string, mac hash.Hash, flowId uint32) []byte {
 		Protocol: layers.IPProtocolUDP,
 		Flags:    layers.IPv4DontFragment,
 	}
-	// 	UDP: Src=50000 Dst=50000
 	udp := &layers.UDP{
-		SrcPort: layers.UDPPort(50000),
-		DstPort: layers.UDPPort(50000),
+		SrcPort: srcPort,
+		DstPort: dstPort,
 	}
 	_ = udp.SetNetworkLayerForChecksum(ip)
 
-	// Fully correct path.
+	// Fully correct (hopefully) path.
 	sp := &scion.Decoded{
 		Base: scion.Base{
 			PathMeta: scion.MetaHdr{
diff --git a/acceptance/router_newbenchmark/cases/topo.go b/acceptance/router_newbenchmark/cases/topo.go
index 1e918f5882..9189e7425e 100644
--- a/acceptance/router_newbenchmark/cases/topo.go
+++ b/acceptance/router_newbenchmark/cases/topo.go
@@ -20,6 +20,8 @@ import (
 	"net/netip"
 	"strings"
 
+	"github.com/google/gopacket/layers"
+
 	"github.com/scionproto/scion/pkg/addr"
 	"github.com/scionproto/scion/pkg/private/xtest"
 )
@@ -37,10 +39,12 @@ import (
 // an address can be derived from a minimal information:
 // * AS-1 is the hub of the test. Others are hereafter called children.
 // * All IPs are V4.
+// * Interface numbers are equal to the index of AS to which they connect.
 // * ISD/AS: <1 or 2>-ff00:0:<AS index>
 // * subnets are 192.168.<child AS number> except internal subnets that are 192.168.10*<AS>.<rtr>
 // * hosts are 192.168.s.<interface number>
 // * Mac addressed (when we can choose) derive from the IP
+// * Ports are always 50000 for external interfaces and 30042 for internal interfaces.
 //
 // Example:
 // * AS2 has only interface number 1 with IP 192.168.2.2 and mac address f0:0d:cafe:02:02 that
@@ -67,12 +71,23 @@ func publicIP(localAS byte, remoteAS byte) netip.Addr {
 	return netip.AddrFrom4([4]byte{192, 168, localAS, localAS})
 }
 
+// publicIP returns the IP address that is assigned to external interface designated by the given
+// AS index and the peer AS, plus the port to go with.
+func publicIPPort(localAS byte, remoteAS byte) (netip.Addr, layers.UDPPort) {
+	return publicIP(localAS, remoteAS), layers.UDPPort(50000)
+}
+
 // internalIP returns the IP address that is assigned to the internal interface of the given
 // router in the AS of the given index.
 func internalIP(AS byte, routerIndex byte) netip.Addr {
 	return netip.AddrFrom4([4]byte{192, 168, AS * 10, routerIndex})
 }
 
+// internalIPPort returns internalIP and the UDPPort to go with.
+func internalIPPort(AS byte, routerIndex byte) (netip.Addr, layers.UDPPort) {
+	return internalIP(AS, routerIndex), layers.UDPPort(30042)
+}
+
 // interfaceLabel returns a string label for the gievn AS and interface indices.
 // Such names are those used when responding to the show-interfaces command and when translating
 // the --interface option.
diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
index 39dc1ee6e3..09d3811778 100644
--- a/acceptance/router_newbenchmark/test.py
+++ b/acceptance/router_newbenchmark/test.py
@@ -103,6 +103,12 @@ class RouterBMTest(base.TestBase):
     # Accepts an IntfReq, records names and mac addresses into an Intf, and associates it with the
     # request label. In the isolated network, set default TTL for outgoing packets to the common
     # value 64, so that packets sent from router will match the expected value.
+    # We could add:
+    # sudo("ip", "addr", "add", f"{req.peerIp}/{req.prefixLen}", "dev", hostIntf)
+    # sudo("ip", "link", "set", hostIntf, "address", peerMac)
+    # But it not necessary, the ARP seeding on the other end is enough. But not setting these
+    # addresses on the host side we make it look a little weird for anyone who would look at it
+    # but we avoid the risk of colliding with actual addresses of the host.
     def create_interface(self, req: IntfReq, ns: str):
         hostIntf = f"veth_{req.label}_host"
         brIntf = f"veth_{req.label}"

From 06563d9f0ace37486216c58294fce17c4cc7a6ae Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Tue, 28 Nov 2023 17:47:53 +0100
Subject: [PATCH 29/40] router: make the linter happy by exporting the entry
 points of topo.go

Reason:
Though these functions aren't actually needed outside the package, they are
semantically exportable and some of them are only used by test cases that I
haven't submitted yet, which makes them unused in the eyes of the linter.
---
 .../router_newbenchmark/cases/br_transit.go   | 22 +++++++-------
 acceptance/router_newbenchmark/cases/topo.go  | 30 +++++++++----------
 2 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/acceptance/router_newbenchmark/cases/br_transit.go b/acceptance/router_newbenchmark/cases/br_transit.go
index 96888fa15a..c080762557 100644
--- a/acceptance/router_newbenchmark/cases/br_transit.go
+++ b/acceptance/router_newbenchmark/cases/br_transit.go
@@ -38,16 +38,16 @@ import (
 func oneBrTransit(payload string, mac hash.Hash, flowId uint32) []byte {
 
 	var (
-		originIA       = isdAS(2)
-		originIP       = publicIP(2, 1)
-		originHost     = hostAddr(originIP)
-		srcIP, srcPort = publicIPPort(2, 1)
-		srcMAC         = macAddr(srcIP)
-		dstIP, dstPort = publicIPPort(1, 2)
-		dstMAC         = macAddr(dstIP)
-		targetIA       = isdAS(3)
-		targetIP       = publicIP(3, 1)
-		targetHost     = hostAddr(targetIP)
+		originIA       = ISDAS(2)
+		originIP       = PublicIP(2, 1)
+		originHost     = HostAddr(originIP)
+		srcIP, srcPort = PublicIPPort(2, 1)
+		srcMAC         = MACAddr(srcIP)
+		dstIP, dstPort = PublicIPPort(1, 2)
+		dstMAC         = MACAddr(dstIP)
+		targetIA       = ISDAS(3)
+		targetIP       = PublicIP(3, 1)
+		targetHost     = HostAddr(targetIP)
 	)
 
 	options := gopacket.SerializeOptions{
@@ -164,5 +164,5 @@ func BrTransit(payload string, mac hash.Hash, numDistinct int) (string, string,
 	for i := 0; i < numDistinct; i++ {
 		packets[i] = oneBrTransit(payload, mac, uint32(i+1))
 	}
-	return deviceName(1, 2), deviceName(1, 3), packets
+	return DeviceName(1, 2), DeviceName(1, 3), packets
 }
diff --git a/acceptance/router_newbenchmark/cases/topo.go b/acceptance/router_newbenchmark/cases/topo.go
index 9189e7425e..48fa86fa93 100644
--- a/acceptance/router_newbenchmark/cases/topo.go
+++ b/acceptance/router_newbenchmark/cases/topo.go
@@ -64,7 +64,7 @@ type intfDesc struct {
 // AS index and the peer AS (that is, the AS that this interface connects to).
 // Per our scheme, the subnet number is the largest of the two AS numbers and the host is always
 // the local AS. This works if there are no cycles. Else there could be subnet number collisions.
-func publicIP(localAS byte, remoteAS byte) netip.Addr {
+func PublicIP(localAS byte, remoteAS byte) netip.Addr {
 	if remoteAS > localAS {
 		return netip.AddrFrom4([4]byte{192, 168, remoteAS, localAS})
 	}
@@ -73,31 +73,31 @@ func publicIP(localAS byte, remoteAS byte) netip.Addr {
 
 // publicIP returns the IP address that is assigned to external interface designated by the given
 // AS index and the peer AS, plus the port to go with.
-func publicIPPort(localAS byte, remoteAS byte) (netip.Addr, layers.UDPPort) {
-	return publicIP(localAS, remoteAS), layers.UDPPort(50000)
+func PublicIPPort(localAS byte, remoteAS byte) (netip.Addr, layers.UDPPort) {
+	return PublicIP(localAS, remoteAS), layers.UDPPort(50000)
 }
 
 // internalIP returns the IP address that is assigned to the internal interface of the given
 // router in the AS of the given index.
-func internalIP(AS byte, routerIndex byte) netip.Addr {
+func InternalIP(AS byte, routerIndex byte) netip.Addr {
 	return netip.AddrFrom4([4]byte{192, 168, AS * 10, routerIndex})
 }
 
 // internalIPPort returns internalIP and the UDPPort to go with.
-func internalIPPort(AS byte, routerIndex byte) (netip.Addr, layers.UDPPort) {
-	return internalIP(AS, routerIndex), layers.UDPPort(30042)
+func InternalIPPort(AS byte, routerIndex byte) (netip.Addr, layers.UDPPort) {
+	return InternalIP(AS, routerIndex), layers.UDPPort(30042)
 }
 
 // interfaceLabel returns a string label for the gievn AS and interface indices.
 // Such names are those used when responding to the show-interfaces command and when translating
 // the --interface option.
-func interfaceLabel(AS int, intf int) string {
+func InterfaceLabel(AS int, intf int) string {
 	return fmt.Sprintf("%d_%d", AS, intf)
 }
 
 // isdAS returns a complete string form ISD/AS number for the given AS index.
 // All are in ISD-1, except AS 4.
-func isdAS(AS byte) addr.IA {
+func ISDAS(AS byte) addr.IA {
 	if AS == 4 {
 		return xtest.MustParseIA(fmt.Sprintf("2-ff00:0:%d", AS))
 	}
@@ -107,9 +107,9 @@ func isdAS(AS byte) addr.IA {
 var (
 	// intfMap lists the required interfaces. That's what we use to respond to showInterfaces
 	intfMap map[string]intfDesc = map[string]intfDesc{
-		interfaceLabel(1, 0): {internalIP(1, 1), internalIP(1, 2)},
-		interfaceLabel(1, 2): {publicIP(1, 2), publicIP(2, 1)},
-		interfaceLabel(1, 3): {publicIP(1, 3), publicIP(3, 1)},
+		InterfaceLabel(1, 0): {InternalIP(1, 1), InternalIP(1, 2)},
+		InterfaceLabel(1, 2): {PublicIP(1, 2), PublicIP(2, 1)},
+		InterfaceLabel(1, 3): {PublicIP(1, 3), PublicIP(3, 1)},
 	}
 
 	// deviceNames holds the real (os-given) names of our required network interfaces. It is
@@ -149,14 +149,14 @@ func InitInterfaces(pairs []string) {
 
 // interfaceName returns the name of the host interface that this test must use in order to exchange
 // traffic with the interface designated by the given AS and interface indices.
-func deviceName(AS int, intf int) string {
-	return deviceNames[interfaceLabel(AS, intf)]
+func DeviceName(AS int, intf int) string {
+	return deviceNames[InterfaceLabel(AS, intf)]
 }
 
 // macAddr returns the mac address assigned to the interface that has the given IP address.
 // if that address is imposed by our environment it is listed in the macAddrs map and that is what
 // this function returns. Else, the address is made-up according to our scheme.
-func macAddr(ip netip.Addr) net.HardwareAddr {
+func MACAddr(ip netip.Addr) net.HardwareAddr {
 	// Look it up or make it up.
 	mac, ok := macAddrs[ip]
 	if ok {
@@ -169,7 +169,7 @@ func macAddr(ip netip.Addr) net.HardwareAddr {
 // hostAddr returns a the SCION Hosts addresse that corresponds to the given underlay address.
 // Except for SVC addresses (which we do not support here), this is a restating of the underlay
 // address.
-func hostAddr(ip netip.Addr) addr.Host {
+func HostAddr(ip netip.Addr) addr.Host {
 	return addr.HostIP(ip)
 }
 

From f1819fee75b8226b6cf9863208c479a7745f4c55 Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Wed, 29 Nov 2023 13:49:20 +0100
Subject: [PATCH 30/40] router: mild improvements to newbenchmark's test
 harness.

Changes:
* Added warmup test run to trigger cpu frequency scaling.
* Fixed some docstrings and comments.
---
 acceptance/router_newbenchmark/test.py | 78 +++++++++++++++-----------
 1 file changed, 45 insertions(+), 33 deletions(-)

diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
index 09d3811778..974bb7b94b 100644
--- a/acceptance/router_newbenchmark/test.py
+++ b/acceptance/router_newbenchmark/test.py
@@ -62,15 +62,10 @@ def mac_for_ip(ip: str) -> str:
 
 class RouterBMTest(base.TestBase):
     """
-    Tests that the implementation of a router has sufficient performance (in terms of packets
+    Tests that the implementation of a router has sufficient performance in terms of packets
     per available machine*second (i.e. one accumulated second of all configured CPUs available
     to execute the router code).
 
-    This test depends on an image called pause. This image is very thin, 250KB,
-    and is used to keep the network namespace open during the test. It is
-    stored locally by executing `docker save kubernetes/pause > pause.tar`. It
-    can be replaced at any time with any other image e.g. Alpine.
-
     This test runs and execute a single router. The outgoing packets are not observed, the incoming
     packets are fed directly by the test driver. The other routers in the topology are a fiction,
     they exist only in the routers configuration.
@@ -83,13 +78,7 @@ class RouterBMTest(base.TestBase):
 
     Only br1 is executed and observed.
 
-    Pretend traffic is injected as follows:
-
-    * from AS2 to AS3 at br1a external interface 1 to cause "br_transit" traffic.
-    * from AS2 to AS4 at br1a external interface 1 to cause "in_transit" traffic.
-    * from AS2 to AS1 at br1a external interface 1 to cause "in" traffic.
-    * from AS1 to AS2 at br1a internal interface to cause "out" traffic.
-    * from AS4 to AS2 at br1a internal interface to cause "out_transit" traffic.
+    Pretend traffic is injected by brload's. See the test cases for details.
     """
 
     ci = cli.Flag(
@@ -98,18 +87,34 @@ class RouterBMTest(base.TestBase):
         envname="CI"
     )
 
-    # Creates a pair of virtual interfaces, with one end in the given network namespace and the
-    # other in the host stack.
-    # Accepts an IntfReq, records names and mac addresses into an Intf, and associates it with the
-    # request label. In the isolated network, set default TTL for outgoing packets to the common
-    # value 64, so that packets sent from router will match the expected value.
-    # We could add:
-    # sudo("ip", "addr", "add", f"{req.peerIp}/{req.prefixLen}", "dev", hostIntf)
-    # sudo("ip", "link", "set", hostIntf, "address", peerMac)
-    # But it not necessary, the ARP seeding on the other end is enough. But not setting these
-    # addresses on the host side we make it look a little weird for anyone who would look at it
-    # but we avoid the risk of colliding with actual addresses of the host.
     def create_interface(self, req: IntfReq, ns: str):
+        """
+        Creates a pair of virtual interfaces, with one end in the given network namespace and the
+        other in the host stack.
+
+        The outcome is the pair of interfaces and a record in intfMap, which associates the given
+        label with two mac addresses. One for each end of the pair. The mac addresses are not
+        chosen by the invoker, but by this function.
+
+        In the isolated network, set default TTL for outgoing packets to the common
+        value 64, so that packets sent from router will match the expected value.
+
+        We could add:
+        sudo("ip", "addr", "add", f"{req.peerIp}/{req.prefixLen}", "dev", hostIntf)
+        sudo("ip", "link", "set", hostIntf, "address", peerMac)
+        But it not necessary, the ARP seeding on the other end is enough. But not setting these
+        addresses on the host side we make it look a little weird for anyone who would look at it
+        but we avoid the risk of colliding with actual addresses of the host.
+
+        Args:
+          IntfReq: A requested router-side network interface. It comprises:
+                   * A label by which brload indetifies that interface.
+                   * The IP address to be assigned to that interface.
+                   * The IP address of one neighbor.
+          ns: The network namespace where that interface must exist.
+
+        """
+
         hostIntf = f"veth_{req.label}_host"
         brIntf = f"veth_{req.label}"
         peerMac = mac_for_ip(req.peerIp)
@@ -153,7 +158,7 @@ def setup_prepare(self):
         docker("network", "create",  "-d", "bridge", "benchmark")
 
         # This test is useless without prometheus. Also, we need a running container to have
-        # a usable network namespace that we can configuer before the router runs. So, start
+        # a usable network namespace that we can configure before the router runs. So, start
         # prometheus now and then have the router share the same network stack.
 
         # FWIW, the alternative would be to start the router's container without the router,
@@ -213,17 +218,20 @@ def teardown(self):
         docker("network", "rm", "benchmark")  # veths are deleted automatically
         sudo("chown", "-R", whoami().strip(), self.artifacts)
 
+    def execBrLoad(self, case: str, mapArgs: list[str], count: int) -> str:
+        brload = self.get_executable("brload")
+        return sudo(brload.executable,
+                    "run",
+                    "--artifacts", self.artifacts,
+                    *mapArgs,
+                    "--case", case,
+                    "--num-packets", str(count),
+                    "--num-streams", "2")
+
     def runTestCase(self, case: str, mapArgs: list[str]):
         logger.info(f"==> Starting load {case}")
-        brload = self.get_executable("brload")
-        output = sudo(brload.executable,
-                      "run",
-                      "--artifacts", self.artifacts,
-                      *mapArgs,
-                      "--case", case,
-                      "--num-packets", "10000000",
-                      "--num-streams", "2")
 
+        output = self.execBrLoad(case, mapArgs, 10000000)
         for line in output.splitlines():
             print(line)
             if line.startswith('metricsBegin'):
@@ -291,6 +299,10 @@ def _run(self):
         for label, intf in self.intfMap.items():
             mapArgs.extend(["--interface", f"{label}={intf.name},{intf.mac},{intf.peerMac}"])
 
+        # Run one (10% size) test as warm-up to trigger the frequency scaling, else the first test
+        # gets much lower performance.
+        self.execBrLoad(list(TEST_CASES)[0], mapArgs, 1000000)
+
         # At long last, run the tests
         rateMap = {}
         for testCase in TEST_CASES:

From 296e592de93bbcfe5926bec0570c3888185febff Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Thu, 30 Nov 2023 11:19:56 +0100
Subject: [PATCH 31/40] router: Small cleanup of the test harness.

Move the TTL setting out of create_interface and improve comments.
---
 acceptance/router_newbenchmark/test.py | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
index 974bb7b94b..ab1abbadaf 100644
--- a/acceptance/router_newbenchmark/test.py
+++ b/acceptance/router_newbenchmark/test.py
@@ -93,16 +93,14 @@ def create_interface(self, req: IntfReq, ns: str):
         other in the host stack.
 
         The outcome is the pair of interfaces and a record in intfMap, which associates the given
-        label with two mac addresses. One for each end of the pair. The mac addresses are not
-        chosen by the invoker, but by this function.
-
-        In the isolated network, set default TTL for outgoing packets to the common
-        value 64, so that packets sent from router will match the expected value.
+        label with the network interface's host-side name and two mac addresses; one for each end
+        of the pair. The mac addresses, if they can be chosen, are not chosen by the invoker, but
+        by this function.
 
         We could add:
-        sudo("ip", "addr", "add", f"{req.peerIp}/{req.prefixLen}", "dev", hostIntf)
-        sudo("ip", "link", "set", hostIntf, "address", peerMac)
-        But it not necessary, the ARP seeding on the other end is enough. But not setting these
+          sudo("ip", "addr", "add", f"{req.peerIp}/{req.prefixLen}", "dev", hostIntf)
+          sudo("ip", "link", "set", hostIntf, "address", peerMac)
+        But it not necessary. The ARP seeding on the other end is enough. By not setting these
         addresses on the host side we make it look a little weird for anyone who would look at it
         but we avoid the risk of colliding with actual addresses of the host.
 
@@ -130,7 +128,6 @@ def create_interface(self, req: IntfReq, ns: str):
 
         # The network namespace
         sudo("ip", "link", "set", brIntf, "netns", ns)
-        sudo("ip", "netns", "exec", ns, "sysctl", "-w", "net.ipv4.ip_default_ttl=64")
 
         # The addresses (presumably must be done once the br interface is in the namespace).
         sudo("ip", "netns", "exec", ns,
@@ -181,6 +178,10 @@ def setup_prepare(self):
                     "-f", "{{.NetworkSettings.SandboxKey}}").strip()
         sudo("ln", "-sfT", ns, "/var/run/netns/benchmark")
 
+        # Set the default TTL for outgoing packets to the common
+        # value 64, so that packets sent from router will match the expected value.
+        sudo("ip", "netns", "exec", "benchmark", "sysctl", "-w", "net.ipv4.ip_default_ttl=64")
+
         # Run test brload test with --show-interfaces and set up the veth that it needs.
         # The router uses one end and the test uses the other end to feed it with (and possibly
         # capture) traffic.

From d5590863fdbc653f8963ad91c1f9896552a2556b Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Fri, 1 Dec 2023 10:54:34 +0100
Subject: [PATCH 32/40] router: added the remaining 3 newbenchmark traffic
 types cases.

---
 .../router_newbenchmark/cases/BUILD.bazel     |   4 +
 .../router_newbenchmark/cases/br_transit.go   |   4 +-
 acceptance/router_newbenchmark/cases/in.go    | 155 ++++++++++++++++
 .../router_newbenchmark/cases/in_transit.go   | 168 +++++++++++++++++
 acceptance/router_newbenchmark/cases/out.go   | 157 ++++++++++++++++
 .../router_newbenchmark/cases/out_transit.go  | 169 ++++++++++++++++++
 acceptance/router_newbenchmark/main.go        |  10 +-
 7 files changed, 663 insertions(+), 4 deletions(-)
 create mode 100644 acceptance/router_newbenchmark/cases/in.go
 create mode 100644 acceptance/router_newbenchmark/cases/in_transit.go
 create mode 100644 acceptance/router_newbenchmark/cases/out.go
 create mode 100644 acceptance/router_newbenchmark/cases/out_transit.go

diff --git a/acceptance/router_newbenchmark/cases/BUILD.bazel b/acceptance/router_newbenchmark/cases/BUILD.bazel
index 03a29a788f..51dbd250dc 100644
--- a/acceptance/router_newbenchmark/cases/BUILD.bazel
+++ b/acceptance/router_newbenchmark/cases/BUILD.bazel
@@ -3,6 +3,10 @@ load("//tools/lint:go.bzl", "go_library")
 go_library(
     name = "go_default_library",
     srcs = [
+        "in.go",
+        "out.go",
+        "in_transit.go",
+        "out_transit.go",
         "br_transit.go",
         "topo.go",
     ],
diff --git a/acceptance/router_newbenchmark/cases/br_transit.go b/acceptance/router_newbenchmark/cases/br_transit.go
index c080762557..4cb43f08eb 100644
--- a/acceptance/router_newbenchmark/cases/br_transit.go
+++ b/acceptance/router_newbenchmark/cases/br_transit.go
@@ -33,8 +33,8 @@ import (
 //    AS3 (br3) ---+
 // See topo.go
 
-// oneBrTransit generates one packet of transit traffic over the same BR host.
-// The outcome is a raw packet.
+// oneBrTransit generates one packet of "br_transit" traffic over the router under test.
+// The outcome is a raw packet which the test must feed to the router.
 func oneBrTransit(payload string, mac hash.Hash, flowId uint32) []byte {
 
 	var (
diff --git a/acceptance/router_newbenchmark/cases/in.go b/acceptance/router_newbenchmark/cases/in.go
new file mode 100644
index 0000000000..3943633ef9
--- /dev/null
+++ b/acceptance/router_newbenchmark/cases/in.go
@@ -0,0 +1,155 @@
+// Copyright 2023 SCION Association
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cases
+
+import (
+	"hash"
+	"time"
+
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+
+	"github.com/scionproto/scion/pkg/private/util"
+	"github.com/scionproto/scion/pkg/slayers"
+	"github.com/scionproto/scion/pkg/slayers/path"
+	"github.com/scionproto/scion/pkg/slayers/path/scion"
+)
+
+// Topology (see accept/router_newbenchmark/conf/topology.json)
+//    AS2 (br2) ---+== (br1a) AS1 (br1b) ---- (br4) AS4
+//                 |
+//    AS3 (br3) ---+
+// See topo.go
+
+// oneIn generates one packet of incoming traffic into AS1 at br1a. The outcome is a raw packet
+// that the test must feed into the router.
+func oneIn(payload string, mac hash.Hash, flowId uint32) []byte {
+
+	var (
+		originIA       = ISDAS(2)
+		originIP       = PublicIP(2, 1)
+		originHost     = HostAddr(originIP)
+		srcIP, srcPort = PublicIPPort(2, 1)
+		srcMAC         = MACAddr(srcIP)
+		dstIP, dstPort = PublicIPPort(1, 2)
+		dstMAC         = MACAddr(dstIP)
+		targetIA       = ISDAS(1)
+		targetIP       = InternalIP(1, 2)
+		targetHost     = HostAddr(targetIP)
+	)
+
+	options := gopacket.SerializeOptions{
+		FixLengths:       true,
+		ComputeChecksums: true,
+	}
+
+	// Point-to-point.
+	ethernet := &layers.Ethernet{
+		SrcMAC:       srcMAC,
+		DstMAC:       dstMAC,
+		EthernetType: layers.EthernetTypeIPv4,
+	}
+
+	// Point-to-point. This is the real IP: the underlay network.
+	ip := &layers.IPv4{
+		Version:  4,
+		IHL:      5,
+		TTL:      64,
+		SrcIP:    srcIP.AsSlice(),
+		DstIP:    dstIP.AsSlice(),
+		Protocol: layers.IPProtocolUDP,
+		Flags:    layers.IPv4DontFragment,
+	}
+	udp := &layers.UDP{
+		SrcPort: srcPort,
+		DstPort: dstPort,
+	}
+	_ = udp.SetNetworkLayerForChecksum(ip)
+
+	// Fully correct (hopefully) path.
+	sp := &scion.Decoded{
+		Base: scion.Base{
+			PathMeta: scion.MetaHdr{
+				CurrHF: 1,
+				SegLen: [3]uint8{2, 0, 0},
+			},
+			NumINF:  1,
+			NumHops: 2,
+		},
+		InfoFields: []path.InfoField{
+			{
+				SegID:     0x111,
+				Timestamp: util.TimeToSecs(time.Now()),
+				ConsDir:   false,
+			},
+		},
+		HopFields: []path.HopField{
+			{ConsIngress: 1, ConsEgress: 0}, // From there (non-consdir)
+			{ConsIngress: 0, ConsEgress: 2}, // <- Processed here (non-consdir)
+		},
+	}
+
+	// Calculate MACs...
+	// Seg0: Hops are in non-consdir.
+	sp.HopFields[1].Mac = path.MAC(mac, sp.InfoFields[0], sp.HopFields[1], nil)
+	sp.InfoFields[0].UpdateSegID(sp.HopFields[1].Mac)
+	sp.HopFields[0].Mac = path.MAC(mac, sp.InfoFields[0], sp.HopFields[0], nil)
+
+	// End-to-end. Src is the originator and Dst is the final destination.
+	scionL := &slayers.SCION{
+		Version:      0,
+		TrafficClass: 0xb8,
+		FlowID:       flowId,
+		NextHdr:      slayers.L4UDP,
+		PathType:     scion.PathType,
+		SrcIA:        originIA,
+		DstIA:        targetIA,
+		Path:         sp,
+	}
+	if err := scionL.SetSrcAddr(originHost); err != nil {
+		panic(err)
+	}
+	if err := scionL.SetDstAddr(targetHost); err != nil {
+		panic(err)
+	}
+
+	scionudp := &slayers.UDP{}
+	scionudp.SrcPort = 50000
+	scionudp.DstPort = 50000
+	scionudp.SetNetworkLayerForChecksum(scionL)
+
+	payloadBytes := []byte(payload)
+
+	// Prepare input packet
+	input := gopacket.NewSerializeBuffer()
+	if err := gopacket.SerializeLayers(input, options,
+		ethernet, ip, udp, scionL, scionudp, gopacket.Payload(payloadBytes),
+	); err != nil {
+		panic(err)
+	}
+	return input.Bytes()
+}
+
+// In generates numDistinct packets (each with a unique flowID) with the given payload
+// constructed to cause "in" traffic at the br1a router.
+// numDistrinct is a small number, only to enable multiple parallel streams. Each distinct packet
+// is meant to be replayed a large number of times for performance measurement.
+func In(payload string, mac hash.Hash, numDistinct int) (string, string, [][]byte) {
+	packets := make([][]byte, numDistinct)
+	for i := 0; i < numDistinct; i++ {
+		packets[i] = oneIn(payload, mac, uint32(i+1))
+	}
+	return DeviceName(1, 2), DeviceName(1, 0), packets
+}
diff --git a/acceptance/router_newbenchmark/cases/in_transit.go b/acceptance/router_newbenchmark/cases/in_transit.go
new file mode 100644
index 0000000000..84c51f954e
--- /dev/null
+++ b/acceptance/router_newbenchmark/cases/in_transit.go
@@ -0,0 +1,168 @@
+// Copyright 2023 SCION Association
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cases
+
+import (
+	"hash"
+	"time"
+
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+
+	"github.com/scionproto/scion/pkg/private/util"
+	"github.com/scionproto/scion/pkg/slayers"
+	"github.com/scionproto/scion/pkg/slayers/path"
+	"github.com/scionproto/scion/pkg/slayers/path/scion"
+)
+
+// Topology (see accept/router_newbenchmark/conf/topology.json)
+//    AS2 (br2) ---+== (br1a) AS1 (br1b) ---- (br4) AS4
+//                 |
+//    AS3 (br3) ---+
+// See topo.go
+
+// oneInTransit generates one packet of "in_transit" traffic over the router under test.
+// The outcome is a raw packet that the test must feed into the router.
+func oneInTransit(payload string, mac hash.Hash, flowId uint32) []byte {
+
+	var (
+		originIA       = ISDAS(2)
+		originIP       = PublicIP(2, 1)
+		originHost     = HostAddr(originIP)
+		srcIP, srcPort = PublicIPPort(2, 1)
+		srcMAC         = MACAddr(srcIP)
+		dstIP, dstPort = PublicIPPort(1, 2)
+		dstMAC         = MACAddr(dstIP)
+		targetIA       = ISDAS(4)
+		targetIP       = PublicIP(4, 1)
+		targetHost     = HostAddr(targetIP)
+	)
+
+	options := gopacket.SerializeOptions{
+		FixLengths:       true,
+		ComputeChecksums: true,
+	}
+
+	// Point-to-point.
+	ethernet := &layers.Ethernet{
+		SrcMAC:       srcMAC,
+		DstMAC:       dstMAC,
+		EthernetType: layers.EthernetTypeIPv4,
+	}
+
+	// Point-to-point. This is the real IP: the underlay network.
+	ip := &layers.IPv4{
+		Version:  4,
+		IHL:      5,
+		TTL:      64,
+		SrcIP:    srcIP.AsSlice(),
+		DstIP:    dstIP.AsSlice(),
+		Protocol: layers.IPProtocolUDP,
+		Flags:    layers.IPv4DontFragment,
+	}
+	udp := &layers.UDP{
+		SrcPort: srcPort,
+		DstPort: dstPort,
+	}
+	_ = udp.SetNetworkLayerForChecksum(ip)
+
+	// Fully correct (hopefully) path.
+	sp := &scion.Decoded{
+		Base: scion.Base{
+			PathMeta: scion.MetaHdr{
+				CurrHF: 1,
+				SegLen: [3]uint8{2, 2, 0},
+			},
+			NumINF:  2,
+			NumHops: 4,
+		},
+		InfoFields: []path.InfoField{
+			{
+				SegID:     0x111,
+				Timestamp: util.TimeToSecs(time.Now()),
+				ConsDir:   false,
+			},
+			{
+				SegID:     0x222,
+				Timestamp: util.TimeToSecs(time.Now()),
+				ConsDir:   true,
+			},
+		},
+		HopFields: []path.HopField{
+			{ConsIngress: 1, ConsEgress: 0}, // From there (non-consdir)
+			{ConsIngress: 0, ConsEgress: 2}, // <- Processed here (non-consdir)
+			{ConsIngress: 0, ConsEgress: 4}, // Sideways to as4 via this
+			{ConsIngress: 1, ConsEgress: 0}, // To there
+		},
+	}
+
+	// Calculate MACs...
+	// Seg0: Hops are in non-consdir.
+	sp.HopFields[1].Mac = path.MAC(mac, sp.InfoFields[0], sp.HopFields[1], nil)
+	sp.InfoFields[0].UpdateSegID(sp.HopFields[1].Mac)
+	sp.HopFields[0].Mac = path.MAC(mac, sp.InfoFields[0], sp.HopFields[0], nil)
+
+	// Seg1: in the natural order.
+	sp.HopFields[2].Mac = path.MAC(mac, sp.InfoFields[1], sp.HopFields[2], nil)
+	sp.InfoFields[1].UpdateSegID(sp.HopFields[2].Mac) // tmp
+	sp.HopFields[3].Mac = path.MAC(mac, sp.InfoFields[1], sp.HopFields[2], nil)
+	sp.InfoFields[1].SegID = 0x222 // Restore to initial.
+
+	// End-to-end. Src is the originator and Dst is the final destination.
+	scionL := &slayers.SCION{
+		Version:      0,
+		TrafficClass: 0xb8,
+		FlowID:       flowId,
+		NextHdr:      slayers.L4UDP,
+		PathType:     scion.PathType,
+		SrcIA:        originIA,
+		DstIA:        targetIA,
+		Path:         sp,
+	}
+	if err := scionL.SetSrcAddr(originHost); err != nil {
+		panic(err)
+	}
+	if err := scionL.SetDstAddr(targetHost); err != nil {
+		panic(err)
+	}
+
+	scionudp := &slayers.UDP{}
+	scionudp.SrcPort = 50000
+	scionudp.DstPort = 50000
+	scionudp.SetNetworkLayerForChecksum(scionL)
+
+	payloadBytes := []byte(payload)
+
+	// Prepare input packet
+	input := gopacket.NewSerializeBuffer()
+	if err := gopacket.SerializeLayers(input, options,
+		ethernet, ip, udp, scionL, scionudp, gopacket.Payload(payloadBytes),
+	); err != nil {
+		panic(err)
+	}
+	return input.Bytes()
+}
+
+// InTransit generates numDistinct packets (each with a unique flowID) with the given payload
+// constructed to cause in_transit traffic at the br1a router.
+// numDistrinct is a small number, only to enable multiple parallel streams. Each distinct packet
+// is meant to be replayed a large number of times for performance measurement.
+func InTransit(payload string, mac hash.Hash, numDistinct int) (string, string, [][]byte) {
+	packets := make([][]byte, numDistinct)
+	for i := 0; i < numDistinct; i++ {
+		packets[i] = oneInTransit(payload, mac, uint32(i+1))
+	}
+	return DeviceName(1, 2), DeviceName(1, 0), packets
+}
diff --git a/acceptance/router_newbenchmark/cases/out.go b/acceptance/router_newbenchmark/cases/out.go
new file mode 100644
index 0000000000..aff0606a57
--- /dev/null
+++ b/acceptance/router_newbenchmark/cases/out.go
@@ -0,0 +1,157 @@
+// Copyright 2023 SCION Association
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cases
+
+import (
+	"hash"
+	"time"
+
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+
+	"github.com/scionproto/scion/pkg/private/util"
+	"github.com/scionproto/scion/pkg/slayers"
+	"github.com/scionproto/scion/pkg/slayers/path"
+	"github.com/scionproto/scion/pkg/slayers/path/scion"
+)
+
+// Topology (see accept/router_newbenchmark/conf/topology.json)
+//    AS2 (br2) ---+== (br1a) AS1 (br1b) ---- (br4) AS4
+//                 |
+//    AS3 (br3) ---+
+// See topo.go
+
+// oneOut generates one packet of outgoing traffic from AS1 at br1a. The outcome is a raw packet
+// that the test must feed into the router.
+func oneOut(payload string, mac hash.Hash, flowId uint32) []byte {
+
+	var (
+		originIA       = ISDAS(1)
+		originIP       = InternalIP(1, 2)
+		originHost     = HostAddr(originIP)
+		srcIP, srcPort = InternalIPPort(1, 2)
+		srcMAC         = MACAddr(srcIP)
+		dstIP, dstPort = InternalIPPort(1, 1)
+		dstMAC         = MACAddr(dstIP)
+		targetIA       = ISDAS(2)
+		targetIP       = PublicIP(2, 1)
+		targetHost     = HostAddr(targetIP)
+	)
+
+	options := gopacket.SerializeOptions{
+		FixLengths:       true,
+		ComputeChecksums: true,
+	}
+
+	// Point-to-point.
+	ethernet := &layers.Ethernet{
+		SrcMAC:       srcMAC,
+		DstMAC:       dstMAC,
+		EthernetType: layers.EthernetTypeIPv4,
+	}
+
+	// Point-to-point. This is the real IP: the underlay network.
+	ip := &layers.IPv4{
+		Version:  4,
+		IHL:      5,
+		TTL:      64,
+		SrcIP:    srcIP.AsSlice(),
+		DstIP:    dstIP.AsSlice(),
+		Protocol: layers.IPProtocolUDP,
+		Flags:    layers.IPv4DontFragment,
+	}
+	udp := &layers.UDP{
+		SrcPort: srcPort,
+		DstPort: dstPort,
+	}
+	_ = udp.SetNetworkLayerForChecksum(ip)
+
+	// Fully correct (hopefully) path.
+	sp := &scion.Decoded{
+		Base: scion.Base{
+			PathMeta: scion.MetaHdr{
+				CurrHF: 0,
+				SegLen: [3]uint8{2, 0, 0},
+			},
+			NumINF:  1,
+			NumHops: 2,
+		},
+		InfoFields: []path.InfoField{
+			{
+				SegID:     0x111,
+				Timestamp: util.TimeToSecs(time.Now()),
+				ConsDir:   true,
+			},
+		},
+		HopFields: []path.HopField{
+			{ConsIngress: 0, ConsEgress: 2}, // <- Processed here
+			{ConsIngress: 1, ConsEgress: 0}, // Going there
+		},
+	}
+
+	// Calculate MACs...
+	// Seg0: Hops are in consdir.
+	sp.HopFields[0].Mac = path.MAC(mac, sp.InfoFields[0], sp.HopFields[0], nil)
+	sp.InfoFields[0].UpdateSegID(sp.HopFields[0].Mac) // tmp
+	sp.HopFields[1].Mac = path.MAC(mac, sp.InfoFields[0], sp.HopFields[0], nil)
+	sp.InfoFields[0].SegID = 0x111 // Restore to initial.
+
+	// End-to-end. Src is the originator and Dst is the final destination.
+	scionL := &slayers.SCION{
+		Version:      0,
+		TrafficClass: 0xb8,
+		FlowID:       flowId,
+		NextHdr:      slayers.L4UDP,
+		PathType:     scion.PathType,
+		SrcIA:        originIA,
+		DstIA:        targetIA,
+		Path:         sp,
+	}
+	if err := scionL.SetSrcAddr(originHost); err != nil {
+		panic(err)
+	}
+	if err := scionL.SetDstAddr(targetHost); err != nil {
+		panic(err)
+	}
+
+	scionudp := &slayers.UDP{}
+	scionudp.SrcPort = 50000
+	scionudp.DstPort = 50000
+	scionudp.SetNetworkLayerForChecksum(scionL)
+
+	payloadBytes := []byte(payload)
+
+	// Prepare input packet
+	input := gopacket.NewSerializeBuffer()
+	if err := gopacket.SerializeLayers(input, options,
+		ethernet, ip, udp, scionL, scionudp, gopacket.Payload(payloadBytes),
+	); err != nil {
+		panic(err)
+	}
+
+	return input.Bytes()
+}
+
+// Out generates numDistinct packets (each with a unique flowID) with the given payload
+// constructed to cause "out" traffic at the br1a router.
+// numDistrinct is a small number, only to enable multiple parallel streams. Each distinct packet
+// is meant to be replayed a large number of times for performance measurement.
+func Out(payload string, mac hash.Hash, numDistinct int) (string, string, [][]byte) {
+	packets := make([][]byte, numDistinct)
+	for i := 0; i < numDistinct; i++ {
+		packets[i] = oneOut(payload, mac, uint32(i+1))
+	}
+	return DeviceName(1, 0), DeviceName(1, 2), packets
+}
diff --git a/acceptance/router_newbenchmark/cases/out_transit.go b/acceptance/router_newbenchmark/cases/out_transit.go
new file mode 100644
index 0000000000..1618c5eba4
--- /dev/null
+++ b/acceptance/router_newbenchmark/cases/out_transit.go
@@ -0,0 +1,169 @@
+// Copyright 2023 SCION Association
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cases
+
+import (
+	"hash"
+	"time"
+
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+
+	"github.com/scionproto/scion/pkg/private/util"
+	"github.com/scionproto/scion/pkg/slayers"
+	"github.com/scionproto/scion/pkg/slayers/path"
+	"github.com/scionproto/scion/pkg/slayers/path/scion"
+)
+
+// Topology (see accept/router_newbenchmark/conf/topology.json)
+//    AS2 (br2) ---+== (br1a) AS1 (br1b) ---- (br4) AS4
+//                 |
+//    AS3 (br3) ---+
+// See topo.go
+
+// oneOutTransit generates one packet of "out_transit" traffic over the router under test.
+// The outcome is a raw packet that the test must feed to the router.
+func oneOutTransit(payload string, mac hash.Hash, flowId uint32) []byte {
+
+	var (
+		originIA       = ISDAS(4)
+		originIP       = PublicIP(4, 1)
+		originHost     = HostAddr(originIP)
+		srcIP, srcPort = InternalIPPort(1, 2)
+		srcMAC         = MACAddr(srcIP)
+		dstIP, dstPort = InternalIPPort(1, 1)
+		dstMAC         = MACAddr(dstIP)
+		targetIA       = ISDAS(2)
+		targetIP       = PublicIP(2, 1)
+		targetHost     = HostAddr(targetIP)
+	)
+
+	options := gopacket.SerializeOptions{
+		FixLengths:       true,
+		ComputeChecksums: true,
+	}
+
+	// Point-to-point.
+	ethernet := &layers.Ethernet{
+		SrcMAC:       srcMAC,
+		DstMAC:       dstMAC,
+		EthernetType: layers.EthernetTypeIPv4,
+	}
+
+	// Point-to-point. This is the real IP: the underlay network.
+	ip := &layers.IPv4{
+		Version:  4,
+		IHL:      5,
+		TTL:      64,
+		SrcIP:    srcIP.AsSlice(),
+		DstIP:    dstIP.AsSlice(),
+		Protocol: layers.IPProtocolUDP,
+		Flags:    layers.IPv4DontFragment,
+	}
+	udp := &layers.UDP{
+		SrcPort: srcPort,
+		DstPort: dstPort,
+	}
+	_ = udp.SetNetworkLayerForChecksum(ip)
+
+	// Fully correct (hopefully) path.
+	sp := &scion.Decoded{
+		Base: scion.Base{
+			PathMeta: scion.MetaHdr{
+				CurrINF: 1,
+				CurrHF:  2,
+				SegLen:  [3]uint8{2, 2, 0},
+			},
+			NumINF:  2,
+			NumHops: 4,
+		},
+		InfoFields: []path.InfoField{
+			{
+				SegID:     0x111,
+				Timestamp: util.TimeToSecs(time.Now()),
+				ConsDir:   false,
+			},
+			{
+				SegID:     0x222,
+				Timestamp: util.TimeToSecs(time.Now()),
+				ConsDir:   true,
+			},
+		},
+		HopFields: []path.HopField{
+			{ConsIngress: 1, ConsEgress: 0}, // From there (non-consdir)
+			{ConsIngress: 0, ConsEgress: 4}, // Sideways via this
+			{ConsIngress: 0, ConsEgress: 2}, // <- Processed here (non-consdir)
+			{ConsIngress: 1, ConsEgress: 0}, // To there
+		},
+	}
+
+	// Calculate MACs...
+	// Seg0: Hops are in non-consdir.
+	sp.HopFields[1].Mac = path.MAC(mac, sp.InfoFields[0], sp.HopFields[1], nil)
+	sp.InfoFields[0].UpdateSegID(sp.HopFields[1].Mac)
+	sp.HopFields[0].Mac = path.MAC(mac, sp.InfoFields[0], sp.HopFields[0], nil)
+
+	// Seg1: in the natural order.
+	sp.HopFields[2].Mac = path.MAC(mac, sp.InfoFields[1], sp.HopFields[2], nil)
+	sp.InfoFields[1].UpdateSegID(sp.HopFields[2].Mac) // tmp
+	sp.HopFields[3].Mac = path.MAC(mac, sp.InfoFields[1], sp.HopFields[2], nil)
+	sp.InfoFields[1].SegID = 0x222 // Restore to initial.
+
+	// End-to-end. Src is the originator and Dst is the final destination.
+	scionL := &slayers.SCION{
+		Version:      0,
+		TrafficClass: 0xb8,
+		FlowID:       flowId,
+		NextHdr:      slayers.L4UDP,
+		PathType:     scion.PathType,
+		SrcIA:        originIA,
+		DstIA:        targetIA,
+		Path:         sp,
+	}
+	if err := scionL.SetSrcAddr(originHost); err != nil {
+		panic(err)
+	}
+	if err := scionL.SetDstAddr(targetHost); err != nil {
+		panic(err)
+	}
+
+	scionudp := &slayers.UDP{}
+	scionudp.SrcPort = 50000
+	scionudp.DstPort = 50000
+	scionudp.SetNetworkLayerForChecksum(scionL)
+
+	payloadBytes := []byte(payload)
+
+	// Prepare input packet
+	input := gopacket.NewSerializeBuffer()
+	if err := gopacket.SerializeLayers(input, options,
+		ethernet, ip, udp, scionL, scionudp, gopacket.Payload(payloadBytes),
+	); err != nil {
+		panic(err)
+	}
+	return input.Bytes()
+}
+
+// OutTransit generates numDistinct packets (each with a unique flowID) with the given payload
+// constructed to cause out_transit traffic at the br1a router.
+// numDistrinct is a small number, only to enable multiple parallel streams. Each distinct packet
+// is meant to be replayed a large number of times for performance measurement.
+func OutTransit(payload string, mac hash.Hash, numDistinct int) (string, string, [][]byte) {
+	packets := make([][]byte, numDistinct)
+	for i := 0; i < numDistinct; i++ {
+		packets[i] = oneOutTransit(payload, mac, uint32(i+1))
+	}
+	return DeviceName(1, 0), DeviceName(1, 2), packets
+}
diff --git a/acceptance/router_newbenchmark/main.go b/acceptance/router_newbenchmark/main.go
index 07f7876d5e..40e50cfbf6 100644
--- a/acceptance/router_newbenchmark/main.go
+++ b/acceptance/router_newbenchmark/main.go
@@ -65,7 +65,11 @@ func (c *caseChoice) Allowed() string {
 
 var (
 	allCases = map[string]Case{
-		"br_transit": cases.BrTransit,
+		"in":          cases.In,
+		"out":         cases.Out,
+		"in_transit":  cases.InTransit,
+		"out_transit": cases.OutTransit,
+		"br_transit":  cases.BrTransit,
 	}
 	logConsole string
 	dir        string
@@ -300,7 +304,9 @@ func loadKey(artifactsDir string) (hash.Hash, error) {
 // registerScionPorts registers the following UDP ports in gopacket such as SCION is the
 // next layer. In other words, map the following ports to expect SCION as the payload.
 func registerScionPorts() {
-	layers.RegisterUDPPortLayerType(layers.UDPPort(30041), slayers.LayerTypeSCION)
+	for i := 30041; i < 30043; i++ {
+		layers.RegisterUDPPortLayerType(layers.UDPPort(i), slayers.LayerTypeSCION)
+	}
 	for i := 30000; i < 30010; i++ {
 		layers.RegisterUDPPortLayerType(layers.UDPPort(i), slayers.LayerTypeSCION)
 	}

From f24dc46e8722a547b7b83a05819da0ed869f5b1b Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Fri, 1 Dec 2023 11:47:37 +0100
Subject: [PATCH 33/40] router: Actually enable the new test cases. Somehow I
 hadn't submitted the chg.

---
 acceptance/router_newbenchmark/cases/BUILD.bazel | 4 ++--
 acceptance/router_newbenchmark/test.py           | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/acceptance/router_newbenchmark/cases/BUILD.bazel b/acceptance/router_newbenchmark/cases/BUILD.bazel
index 51dbd250dc..942124cce4 100644
--- a/acceptance/router_newbenchmark/cases/BUILD.bazel
+++ b/acceptance/router_newbenchmark/cases/BUILD.bazel
@@ -3,11 +3,11 @@ load("//tools/lint:go.bzl", "go_library")
 go_library(
     name = "go_default_library",
     srcs = [
+        "br_transit.go",
         "in.go",
-        "out.go",
         "in_transit.go",
+        "out.go",
         "out_transit.go",
-        "br_transit.go",
         "topo.go",
     ],
     importpath = "github.com/scionproto/scion/acceptance/router_newbenchmark/cases",
diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
index ab1abbadaf..c9b8afb63c 100644
--- a/acceptance/router_newbenchmark/test.py
+++ b/acceptance/router_newbenchmark/test.py
@@ -34,10 +34,10 @@
 
 # Those values are valid expectations only when running in the CI environment.
 TEST_CASES = {
-    # 'in': 0,  # 53000,
-    # 'out': 0,  # 26000,
-    # 'in_transit': 0,  # 73000,
-    # 'out_transit': 0,  # 49000,
+    'in': 0,  # 53000,
+    'out': 0,  # 26000,
+    'in_transit': 0,  # 73000,
+    'out_transit': 0,  # 49000,
     'br_transit': 230000,
 }
 

From 4166d27e8cc35fadf9a9b2662b38dc0941ae6190 Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Mon, 4 Dec 2023 12:02:56 +0100
Subject: [PATCH 34/40] router: Move brload into its own subdirectory.

The main motivation is to stop Gazelle from adding a redundant target
router_newbenchmark, which is brload with another name.
---
 acceptance/router_newbenchmark/BUILD.bazel    | 39 +------------------
 .../router_newbenchmark/brload/BUILD.bazel    | 27 +++++++++++++
 .../router_newbenchmark/{ => brload}/main.go  |  0
 .../router_newbenchmark/cases/BUILD.bazel     |  5 ++-
 4 files changed, 33 insertions(+), 38 deletions(-)
 create mode 100644 acceptance/router_newbenchmark/brload/BUILD.bazel
 rename acceptance/router_newbenchmark/{ => brload}/main.go (100%)

diff --git a/acceptance/router_newbenchmark/BUILD.bazel b/acceptance/router_newbenchmark/BUILD.bazel
index a6b53ea468..1a93da0376 100644
--- a/acceptance/router_newbenchmark/BUILD.bazel
+++ b/acceptance/router_newbenchmark/BUILD.bazel
@@ -1,33 +1,4 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary")
-load("@io_bazel_rules_docker//container:container.bzl", "container_image")
 load("//acceptance/common:raw.bzl", "raw_test")
-load("//tools/lint:go.bzl", "go_library")
-load("//:scion.bzl", "scion_go_binary")
-
-go_library(
-    name = "go_default_library",
-    srcs = ["main.go"],
-    importpath = "github.com/scionproto/scion/acceptance/router_newbenchmark",
-    visibility = ["//visibility:private"],
-    deps = [
-        "//acceptance/router_newbenchmark/cases:go_default_library",
-        "//pkg/log:go_default_library",
-        "//pkg/private/serrors:go_default_library",
-        "//pkg/scrypto:go_default_library",
-        "//pkg/slayers:go_default_library",
-        "//private/keyconf:go_default_library",
-        "@com_github_google_gopacket//:go_default_library",
-        "@com_github_google_gopacket//afpacket:go_default_library",
-        "@com_github_google_gopacket//layers:go_default_library",
-        "@com_github_spf13_cobra//:go_default_library",
-    ],
-)
-
-scion_go_binary(
-    name = "brload",
-    embed = [":go_default_library"],
-    visibility = ["//visibility:public"],
-)
 
 exports_files([
     "conf",
@@ -36,14 +7,14 @@ exports_files([
 
 args = [
     "--executable",
-    "brload:$(location //acceptance/router_newbenchmark:brload)",
+    "brload:$(location //acceptance/router_newbenchmark/brload:brload)",
     "--container-loader=posix-router:latest#$(location //docker:posix_router)",
 ]
 
 data = [
     ":conf",
     "//docker:posix_router",
-    ":brload",
+    "//acceptance/router_newbenchmark/brload:brload",
 ]
 
 raw_test(
@@ -55,9 +26,3 @@ raw_test(
     # This test uses sudo and accesses /var/run/netns.
     local = True,
 )
-
-go_binary(
-    name = "router_newbenchmark",
-    embed = [":go_default_library"],
-    visibility = ["//visibility:public"],
-)
diff --git a/acceptance/router_newbenchmark/brload/BUILD.bazel b/acceptance/router_newbenchmark/brload/BUILD.bazel
new file mode 100644
index 0000000000..e475b8b68a
--- /dev/null
+++ b/acceptance/router_newbenchmark/brload/BUILD.bazel
@@ -0,0 +1,27 @@
+load("//tools/lint:go.bzl", "go_library")
+load("//:scion.bzl", "scion_go_binary")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["main.go"],
+    importpath = "github.com/scionproto/scion/acceptance/router_newbenchmark/brload",
+    visibility = ["//visibility:private"],
+    deps = [
+        "//acceptance/router_newbenchmark/cases:go_default_library",
+        "//pkg/log:go_default_library",
+        "//pkg/private/serrors:go_default_library",
+        "//pkg/scrypto:go_default_library",
+        "//pkg/slayers:go_default_library",
+        "//private/keyconf:go_default_library",
+        "@com_github_google_gopacket//:go_default_library",
+        "@com_github_google_gopacket//afpacket:go_default_library",
+        "@com_github_google_gopacket//layers:go_default_library",
+        "@com_github_spf13_cobra//:go_default_library",
+    ],
+)
+
+scion_go_binary(
+    name = "brload",
+    embed = [":go_default_library"],
+    visibility = ["//visibility:public"],
+)
diff --git a/acceptance/router_newbenchmark/main.go b/acceptance/router_newbenchmark/brload/main.go
similarity index 100%
rename from acceptance/router_newbenchmark/main.go
rename to acceptance/router_newbenchmark/brload/main.go
diff --git a/acceptance/router_newbenchmark/cases/BUILD.bazel b/acceptance/router_newbenchmark/cases/BUILD.bazel
index 942124cce4..154e776a3d 100644
--- a/acceptance/router_newbenchmark/cases/BUILD.bazel
+++ b/acceptance/router_newbenchmark/cases/BUILD.bazel
@@ -11,7 +11,10 @@ go_library(
         "topo.go",
     ],
     importpath = "github.com/scionproto/scion/acceptance/router_newbenchmark/cases",
-    visibility = ["//acceptance/router_newbenchmark:__pkg__"],
+    visibility = [
+        "//acceptance/router_newbenchmark:__pkg__",
+        "//acceptance/router_newbenchmark:__subpackages__",
+    ],
     deps = [
         "//pkg/addr:go_default_library",
         "//pkg/private/util:go_default_library",

From a9ab27eb7ea17096331e6425803b23e1eaf66b6c Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Mon, 4 Dec 2023 16:03:44 +0100
Subject: [PATCH 35/40] router: make it more obvious how we construct public
 IPs.

---
 acceptance/router_newbenchmark/cases/topo.go | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/acceptance/router_newbenchmark/cases/topo.go b/acceptance/router_newbenchmark/cases/topo.go
index 48fa86fa93..0387a32519 100644
--- a/acceptance/router_newbenchmark/cases/topo.go
+++ b/acceptance/router_newbenchmark/cases/topo.go
@@ -65,10 +65,8 @@ type intfDesc struct {
 // Per our scheme, the subnet number is the largest of the two AS numbers and the host is always
 // the local AS. This works if there are no cycles. Else there could be subnet number collisions.
 func PublicIP(localAS byte, remoteAS byte) netip.Addr {
-	if remoteAS > localAS {
-		return netip.AddrFrom4([4]byte{192, 168, remoteAS, localAS})
-	}
-	return netip.AddrFrom4([4]byte{192, 168, localAS, localAS})
+	subnetNr := byte(max(int(remoteAS), int(localAS)))
+	return netip.AddrFrom4([4]byte{192, 168, subnetNr, localAS})
 }
 
 // publicIP returns the IP address that is assigned to external interface designated by the given

From 7b25bf4ae0390608813991e77236b9ae24436b02 Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Mon, 4 Dec 2023 16:16:33 +0100
Subject: [PATCH 36/40] router: unexport interfaceName. It's used only locally.

---
 acceptance/router_newbenchmark/cases/topo.go | 22 ++++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/acceptance/router_newbenchmark/cases/topo.go b/acceptance/router_newbenchmark/cases/topo.go
index 0387a32519..647a4cce1d 100644
--- a/acceptance/router_newbenchmark/cases/topo.go
+++ b/acceptance/router_newbenchmark/cases/topo.go
@@ -86,13 +86,6 @@ func InternalIPPort(AS byte, routerIndex byte) (netip.Addr, layers.UDPPort) {
 	return InternalIP(AS, routerIndex), layers.UDPPort(30042)
 }
 
-// interfaceLabel returns a string label for the gievn AS and interface indices.
-// Such names are those used when responding to the show-interfaces command and when translating
-// the --interface option.
-func InterfaceLabel(AS int, intf int) string {
-	return fmt.Sprintf("%d_%d", AS, intf)
-}
-
 // isdAS returns a complete string form ISD/AS number for the given AS index.
 // All are in ISD-1, except AS 4.
 func ISDAS(AS byte) addr.IA {
@@ -102,12 +95,19 @@ func ISDAS(AS byte) addr.IA {
 	return xtest.MustParseIA(fmt.Sprintf("1-ff00:0:%d", AS))
 }
 
+// interfaceLabel returns a string label for the given AS and interface indices.
+// Such names are those used when responding to the show-interfaces command and when translating
+// the --interface option.
+func interfaceLabel(AS int, intf int) string {
+	return fmt.Sprintf("%d_%d", AS, intf)
+}
+
 var (
 	// intfMap lists the required interfaces. That's what we use to respond to showInterfaces
 	intfMap map[string]intfDesc = map[string]intfDesc{
-		InterfaceLabel(1, 0): {InternalIP(1, 1), InternalIP(1, 2)},
-		InterfaceLabel(1, 2): {PublicIP(1, 2), PublicIP(2, 1)},
-		InterfaceLabel(1, 3): {PublicIP(1, 3), PublicIP(3, 1)},
+		interfaceLabel(1, 0): {InternalIP(1, 1), InternalIP(1, 2)},
+		interfaceLabel(1, 2): {PublicIP(1, 2), PublicIP(2, 1)},
+		interfaceLabel(1, 3): {PublicIP(1, 3), PublicIP(3, 1)},
 	}
 
 	// deviceNames holds the real (os-given) names of our required network interfaces. It is
@@ -148,7 +148,7 @@ func InitInterfaces(pairs []string) {
 // interfaceName returns the name of the host interface that this test must use in order to exchange
 // traffic with the interface designated by the given AS and interface indices.
 func DeviceName(AS int, intf int) string {
-	return deviceNames[InterfaceLabel(AS, intf)]
+	return deviceNames[interfaceLabel(AS, intf)]
 }
 
 // macAddr returns the mac address assigned to the interface that has the given IP address.

From 9cf82621b79f4aaa8ca2d675f4d56638768513c0 Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Mon, 4 Dec 2023 17:31:42 +0100
Subject: [PATCH 37/40] router: Reviwer's suggestions

Changes:
* Add helper function for boiler plate underlay layer construction.
* Fix Fake MacAddresses to make them more deliberately fake.
---
 .../router_newbenchmark/cases/BUILD.bazel     |  1 +
 .../router_newbenchmark/cases/br_transit.go   | 38 ++++---------------
 acceptance/router_newbenchmark/cases/in.go    | 28 +-------------
 .../router_newbenchmark/cases/in_transit.go   | 30 ++-------------
 acceptance/router_newbenchmark/cases/out.go   | 28 +-------------
 .../router_newbenchmark/cases/out_transit.go  | 30 ++-------------
 acceptance/router_newbenchmark/cases/topo.go  | 37 ++++++++++++++++++
 7 files changed, 55 insertions(+), 137 deletions(-)

diff --git a/acceptance/router_newbenchmark/cases/BUILD.bazel b/acceptance/router_newbenchmark/cases/BUILD.bazel
index 154e776a3d..d7e13f435b 100644
--- a/acceptance/router_newbenchmark/cases/BUILD.bazel
+++ b/acceptance/router_newbenchmark/cases/BUILD.bazel
@@ -19,6 +19,7 @@ go_library(
         "//pkg/addr:go_default_library",
         "//pkg/private/util:go_default_library",
         "//pkg/private/xtest:go_default_library",
+        "//pkg/scrypto:go_default_library",
         "//pkg/slayers:go_default_library",
         "//pkg/slayers/path:go_default_library",
         "//pkg/slayers/path/scion:go_default_library",
diff --git a/acceptance/router_newbenchmark/cases/br_transit.go b/acceptance/router_newbenchmark/cases/br_transit.go
index 4cb43f08eb..789856ad61 100644
--- a/acceptance/router_newbenchmark/cases/br_transit.go
+++ b/acceptance/router_newbenchmark/cases/br_transit.go
@@ -19,7 +19,6 @@ import (
 	"time"
 
 	"github.com/google/gopacket"
-	"github.com/google/gopacket/layers"
 
 	"github.com/scionproto/scion/pkg/private/util"
 	"github.com/scionproto/scion/pkg/slayers"
@@ -42,9 +41,7 @@ func oneBrTransit(payload string, mac hash.Hash, flowId uint32) []byte {
 		originIP       = PublicIP(2, 1)
 		originHost     = HostAddr(originIP)
 		srcIP, srcPort = PublicIPPort(2, 1)
-		srcMAC         = MACAddr(srcIP)
 		dstIP, dstPort = PublicIPPort(1, 2)
-		dstMAC         = MACAddr(dstIP)
 		targetIA       = ISDAS(3)
 		targetIP       = PublicIP(3, 1)
 		targetHost     = HostAddr(targetIP)
@@ -55,28 +52,7 @@ func oneBrTransit(payload string, mac hash.Hash, flowId uint32) []byte {
 		ComputeChecksums: true,
 	}
 
-	// Point-to-point.
-	ethernet := &layers.Ethernet{
-		SrcMAC:       srcMAC,
-		DstMAC:       dstMAC,
-		EthernetType: layers.EthernetTypeIPv4,
-	}
-
-	// Point-to-point. This is the real IP: the underlay network.
-	ip := &layers.IPv4{
-		Version:  4,
-		IHL:      5,
-		TTL:      64,
-		SrcIP:    srcIP.AsSlice(),
-		DstIP:    dstIP.AsSlice(),
-		Protocol: layers.IPProtocolUDP,
-		Flags:    layers.IPv4DontFragment,
-	}
-	udp := &layers.UDP{
-		SrcPort: srcPort,
-		DstPort: dstPort,
-	}
-	_ = udp.SetNetworkLayerForChecksum(ip)
+	ethernet, ip, udp := Underlay(srcIP, srcPort, dstIP, dstPort)
 
 	// Fully correct (hopefully) path.
 	sp := &scion.Decoded{
@@ -101,10 +77,10 @@ func oneBrTransit(payload string, mac hash.Hash, flowId uint32) []byte {
 			},
 		},
 		HopFields: []path.HopField{
-			{ConsIngress: 22, ConsEgress: 0}, // From there (non-consdir)
-			{ConsIngress: 0, ConsEgress: 2},  // <- Processed here (non-consdir)
-			{ConsIngress: 0, ConsEgress: 3},  // Down via this
-			{ConsIngress: 33, ConsEgress: 0}, // To there
+			{ConsIngress: 1, ConsEgress: 0}, // From there (non-consdir)
+			{ConsIngress: 0, ConsEgress: 2}, // <- Processed here (non-consdir)
+			{ConsIngress: 0, ConsEgress: 3}, // Down via this
+			{ConsIngress: 1, ConsEgress: 0}, // To there
 		},
 	}
 
@@ -112,12 +88,12 @@ func oneBrTransit(payload string, mac hash.Hash, flowId uint32) []byte {
 	// Seg0: Hops are in non-consdir.
 	sp.HopFields[1].Mac = path.MAC(mac, sp.InfoFields[0], sp.HopFields[1], nil)
 	sp.InfoFields[0].UpdateSegID(sp.HopFields[1].Mac)
-	sp.HopFields[0].Mac = path.MAC(mac, sp.InfoFields[0], sp.HopFields[0], nil)
+	sp.HopFields[0].Mac = path.MAC(FakeMAC(2), sp.InfoFields[0], sp.HopFields[0], nil)
 
 	// Seg1: in the natural order.
 	sp.HopFields[2].Mac = path.MAC(mac, sp.InfoFields[1], sp.HopFields[2], nil)
 	sp.InfoFields[1].UpdateSegID(sp.HopFields[2].Mac) // tmp
-	sp.HopFields[3].Mac = path.MAC(mac, sp.InfoFields[1], sp.HopFields[2], nil)
+	sp.HopFields[3].Mac = path.MAC(FakeMAC(3), sp.InfoFields[1], sp.HopFields[2], nil)
 	sp.InfoFields[1].SegID = 0x222 // Restore to initial.
 
 	// End-to-end. Src is the originator and Dst is the final destination.
diff --git a/acceptance/router_newbenchmark/cases/in.go b/acceptance/router_newbenchmark/cases/in.go
index 3943633ef9..bf760a2fb0 100644
--- a/acceptance/router_newbenchmark/cases/in.go
+++ b/acceptance/router_newbenchmark/cases/in.go
@@ -19,7 +19,6 @@ import (
 	"time"
 
 	"github.com/google/gopacket"
-	"github.com/google/gopacket/layers"
 
 	"github.com/scionproto/scion/pkg/private/util"
 	"github.com/scionproto/scion/pkg/slayers"
@@ -42,9 +41,7 @@ func oneIn(payload string, mac hash.Hash, flowId uint32) []byte {
 		originIP       = PublicIP(2, 1)
 		originHost     = HostAddr(originIP)
 		srcIP, srcPort = PublicIPPort(2, 1)
-		srcMAC         = MACAddr(srcIP)
 		dstIP, dstPort = PublicIPPort(1, 2)
-		dstMAC         = MACAddr(dstIP)
 		targetIA       = ISDAS(1)
 		targetIP       = InternalIP(1, 2)
 		targetHost     = HostAddr(targetIP)
@@ -55,28 +52,7 @@ func oneIn(payload string, mac hash.Hash, flowId uint32) []byte {
 		ComputeChecksums: true,
 	}
 
-	// Point-to-point.
-	ethernet := &layers.Ethernet{
-		SrcMAC:       srcMAC,
-		DstMAC:       dstMAC,
-		EthernetType: layers.EthernetTypeIPv4,
-	}
-
-	// Point-to-point. This is the real IP: the underlay network.
-	ip := &layers.IPv4{
-		Version:  4,
-		IHL:      5,
-		TTL:      64,
-		SrcIP:    srcIP.AsSlice(),
-		DstIP:    dstIP.AsSlice(),
-		Protocol: layers.IPProtocolUDP,
-		Flags:    layers.IPv4DontFragment,
-	}
-	udp := &layers.UDP{
-		SrcPort: srcPort,
-		DstPort: dstPort,
-	}
-	_ = udp.SetNetworkLayerForChecksum(ip)
+	ethernet, ip, udp := Underlay(srcIP, srcPort, dstIP, dstPort)
 
 	// Fully correct (hopefully) path.
 	sp := &scion.Decoded{
@@ -105,7 +81,7 @@ func oneIn(payload string, mac hash.Hash, flowId uint32) []byte {
 	// Seg0: Hops are in non-consdir.
 	sp.HopFields[1].Mac = path.MAC(mac, sp.InfoFields[0], sp.HopFields[1], nil)
 	sp.InfoFields[0].UpdateSegID(sp.HopFields[1].Mac)
-	sp.HopFields[0].Mac = path.MAC(mac, sp.InfoFields[0], sp.HopFields[0], nil)
+	sp.HopFields[0].Mac = path.MAC(FakeMAC(2), sp.InfoFields[0], sp.HopFields[0], nil)
 
 	// End-to-end. Src is the originator and Dst is the final destination.
 	scionL := &slayers.SCION{
diff --git a/acceptance/router_newbenchmark/cases/in_transit.go b/acceptance/router_newbenchmark/cases/in_transit.go
index 84c51f954e..de51f87d7a 100644
--- a/acceptance/router_newbenchmark/cases/in_transit.go
+++ b/acceptance/router_newbenchmark/cases/in_transit.go
@@ -19,7 +19,6 @@ import (
 	"time"
 
 	"github.com/google/gopacket"
-	"github.com/google/gopacket/layers"
 
 	"github.com/scionproto/scion/pkg/private/util"
 	"github.com/scionproto/scion/pkg/slayers"
@@ -42,9 +41,7 @@ func oneInTransit(payload string, mac hash.Hash, flowId uint32) []byte {
 		originIP       = PublicIP(2, 1)
 		originHost     = HostAddr(originIP)
 		srcIP, srcPort = PublicIPPort(2, 1)
-		srcMAC         = MACAddr(srcIP)
 		dstIP, dstPort = PublicIPPort(1, 2)
-		dstMAC         = MACAddr(dstIP)
 		targetIA       = ISDAS(4)
 		targetIP       = PublicIP(4, 1)
 		targetHost     = HostAddr(targetIP)
@@ -55,28 +52,7 @@ func oneInTransit(payload string, mac hash.Hash, flowId uint32) []byte {
 		ComputeChecksums: true,
 	}
 
-	// Point-to-point.
-	ethernet := &layers.Ethernet{
-		SrcMAC:       srcMAC,
-		DstMAC:       dstMAC,
-		EthernetType: layers.EthernetTypeIPv4,
-	}
-
-	// Point-to-point. This is the real IP: the underlay network.
-	ip := &layers.IPv4{
-		Version:  4,
-		IHL:      5,
-		TTL:      64,
-		SrcIP:    srcIP.AsSlice(),
-		DstIP:    dstIP.AsSlice(),
-		Protocol: layers.IPProtocolUDP,
-		Flags:    layers.IPv4DontFragment,
-	}
-	udp := &layers.UDP{
-		SrcPort: srcPort,
-		DstPort: dstPort,
-	}
-	_ = udp.SetNetworkLayerForChecksum(ip)
+	ethernet, ip, udp := Underlay(srcIP, srcPort, dstIP, dstPort)
 
 	// Fully correct (hopefully) path.
 	sp := &scion.Decoded{
@@ -112,12 +88,12 @@ func oneInTransit(payload string, mac hash.Hash, flowId uint32) []byte {
 	// Seg0: Hops are in non-consdir.
 	sp.HopFields[1].Mac = path.MAC(mac, sp.InfoFields[0], sp.HopFields[1], nil)
 	sp.InfoFields[0].UpdateSegID(sp.HopFields[1].Mac)
-	sp.HopFields[0].Mac = path.MAC(mac, sp.InfoFields[0], sp.HopFields[0], nil)
+	sp.HopFields[0].Mac = path.MAC(FakeMAC(2), sp.InfoFields[0], sp.HopFields[0], nil)
 
 	// Seg1: in the natural order.
 	sp.HopFields[2].Mac = path.MAC(mac, sp.InfoFields[1], sp.HopFields[2], nil)
 	sp.InfoFields[1].UpdateSegID(sp.HopFields[2].Mac) // tmp
-	sp.HopFields[3].Mac = path.MAC(mac, sp.InfoFields[1], sp.HopFields[2], nil)
+	sp.HopFields[3].Mac = path.MAC(FakeMAC(4), sp.InfoFields[1], sp.HopFields[2], nil)
 	sp.InfoFields[1].SegID = 0x222 // Restore to initial.
 
 	// End-to-end. Src is the originator and Dst is the final destination.
diff --git a/acceptance/router_newbenchmark/cases/out.go b/acceptance/router_newbenchmark/cases/out.go
index aff0606a57..0f36ca5267 100644
--- a/acceptance/router_newbenchmark/cases/out.go
+++ b/acceptance/router_newbenchmark/cases/out.go
@@ -19,7 +19,6 @@ import (
 	"time"
 
 	"github.com/google/gopacket"
-	"github.com/google/gopacket/layers"
 
 	"github.com/scionproto/scion/pkg/private/util"
 	"github.com/scionproto/scion/pkg/slayers"
@@ -42,9 +41,7 @@ func oneOut(payload string, mac hash.Hash, flowId uint32) []byte {
 		originIP       = InternalIP(1, 2)
 		originHost     = HostAddr(originIP)
 		srcIP, srcPort = InternalIPPort(1, 2)
-		srcMAC         = MACAddr(srcIP)
 		dstIP, dstPort = InternalIPPort(1, 1)
-		dstMAC         = MACAddr(dstIP)
 		targetIA       = ISDAS(2)
 		targetIP       = PublicIP(2, 1)
 		targetHost     = HostAddr(targetIP)
@@ -55,28 +52,7 @@ func oneOut(payload string, mac hash.Hash, flowId uint32) []byte {
 		ComputeChecksums: true,
 	}
 
-	// Point-to-point.
-	ethernet := &layers.Ethernet{
-		SrcMAC:       srcMAC,
-		DstMAC:       dstMAC,
-		EthernetType: layers.EthernetTypeIPv4,
-	}
-
-	// Point-to-point. This is the real IP: the underlay network.
-	ip := &layers.IPv4{
-		Version:  4,
-		IHL:      5,
-		TTL:      64,
-		SrcIP:    srcIP.AsSlice(),
-		DstIP:    dstIP.AsSlice(),
-		Protocol: layers.IPProtocolUDP,
-		Flags:    layers.IPv4DontFragment,
-	}
-	udp := &layers.UDP{
-		SrcPort: srcPort,
-		DstPort: dstPort,
-	}
-	_ = udp.SetNetworkLayerForChecksum(ip)
+	ethernet, ip, udp := Underlay(srcIP, srcPort, dstIP, dstPort)
 
 	// Fully correct (hopefully) path.
 	sp := &scion.Decoded{
@@ -105,7 +81,7 @@ func oneOut(payload string, mac hash.Hash, flowId uint32) []byte {
 	// Seg0: Hops are in consdir.
 	sp.HopFields[0].Mac = path.MAC(mac, sp.InfoFields[0], sp.HopFields[0], nil)
 	sp.InfoFields[0].UpdateSegID(sp.HopFields[0].Mac) // tmp
-	sp.HopFields[1].Mac = path.MAC(mac, sp.InfoFields[0], sp.HopFields[0], nil)
+	sp.HopFields[1].Mac = path.MAC(FakeMAC(2), sp.InfoFields[0], sp.HopFields[0], nil)
 	sp.InfoFields[0].SegID = 0x111 // Restore to initial.
 
 	// End-to-end. Src is the originator and Dst is the final destination.
diff --git a/acceptance/router_newbenchmark/cases/out_transit.go b/acceptance/router_newbenchmark/cases/out_transit.go
index 1618c5eba4..5322ce4950 100644
--- a/acceptance/router_newbenchmark/cases/out_transit.go
+++ b/acceptance/router_newbenchmark/cases/out_transit.go
@@ -19,7 +19,6 @@ import (
 	"time"
 
 	"github.com/google/gopacket"
-	"github.com/google/gopacket/layers"
 
 	"github.com/scionproto/scion/pkg/private/util"
 	"github.com/scionproto/scion/pkg/slayers"
@@ -42,9 +41,7 @@ func oneOutTransit(payload string, mac hash.Hash, flowId uint32) []byte {
 		originIP       = PublicIP(4, 1)
 		originHost     = HostAddr(originIP)
 		srcIP, srcPort = InternalIPPort(1, 2)
-		srcMAC         = MACAddr(srcIP)
 		dstIP, dstPort = InternalIPPort(1, 1)
-		dstMAC         = MACAddr(dstIP)
 		targetIA       = ISDAS(2)
 		targetIP       = PublicIP(2, 1)
 		targetHost     = HostAddr(targetIP)
@@ -55,28 +52,7 @@ func oneOutTransit(payload string, mac hash.Hash, flowId uint32) []byte {
 		ComputeChecksums: true,
 	}
 
-	// Point-to-point.
-	ethernet := &layers.Ethernet{
-		SrcMAC:       srcMAC,
-		DstMAC:       dstMAC,
-		EthernetType: layers.EthernetTypeIPv4,
-	}
-
-	// Point-to-point. This is the real IP: the underlay network.
-	ip := &layers.IPv4{
-		Version:  4,
-		IHL:      5,
-		TTL:      64,
-		SrcIP:    srcIP.AsSlice(),
-		DstIP:    dstIP.AsSlice(),
-		Protocol: layers.IPProtocolUDP,
-		Flags:    layers.IPv4DontFragment,
-	}
-	udp := &layers.UDP{
-		SrcPort: srcPort,
-		DstPort: dstPort,
-	}
-	_ = udp.SetNetworkLayerForChecksum(ip)
+	ethernet, ip, udp := Underlay(srcIP, srcPort, dstIP, dstPort)
 
 	// Fully correct (hopefully) path.
 	sp := &scion.Decoded{
@@ -113,12 +89,12 @@ func oneOutTransit(payload string, mac hash.Hash, flowId uint32) []byte {
 	// Seg0: Hops are in non-consdir.
 	sp.HopFields[1].Mac = path.MAC(mac, sp.InfoFields[0], sp.HopFields[1], nil)
 	sp.InfoFields[0].UpdateSegID(sp.HopFields[1].Mac)
-	sp.HopFields[0].Mac = path.MAC(mac, sp.InfoFields[0], sp.HopFields[0], nil)
+	sp.HopFields[0].Mac = path.MAC(FakeMAC(4), sp.InfoFields[0], sp.HopFields[0], nil)
 
 	// Seg1: in the natural order.
 	sp.HopFields[2].Mac = path.MAC(mac, sp.InfoFields[1], sp.HopFields[2], nil)
 	sp.InfoFields[1].UpdateSegID(sp.HopFields[2].Mac) // tmp
-	sp.HopFields[3].Mac = path.MAC(mac, sp.InfoFields[1], sp.HopFields[2], nil)
+	sp.HopFields[3].Mac = path.MAC(FakeMAC(2), sp.InfoFields[1], sp.HopFields[2], nil)
 	sp.InfoFields[1].SegID = 0x222 // Restore to initial.
 
 	// End-to-end. Src is the originator and Dst is the final destination.
diff --git a/acceptance/router_newbenchmark/cases/topo.go b/acceptance/router_newbenchmark/cases/topo.go
index 647a4cce1d..da78ab2401 100644
--- a/acceptance/router_newbenchmark/cases/topo.go
+++ b/acceptance/router_newbenchmark/cases/topo.go
@@ -16,6 +16,7 @@ package cases
 
 import (
 	"fmt"
+	"hash"
 	"net"
 	"net/netip"
 	"strings"
@@ -24,6 +25,7 @@ import (
 
 	"github.com/scionproto/scion/pkg/addr"
 	"github.com/scionproto/scion/pkg/private/xtest"
+	"github.com/scionproto/scion/pkg/scrypto"
 )
 
 // Topology (see accept/router_newbenchmark/conf/topology.json)
@@ -95,6 +97,41 @@ func ISDAS(AS byte) addr.IA {
 	return xtest.MustParseIA(fmt.Sprintf("1-ff00:0:%d", AS))
 }
 
+func FakeMAC(AS byte) hash.Hash {
+	macGen, err := scrypto.HFMacFactory([]byte{AS})
+	if err != nil {
+		panic(err)
+	}
+	return macGen()
+}
+
+func Underlay(srcIP netip.Addr, srcPort layers.UDPPort, dstIP netip.Addr, dstPort layers.UDPPort) (*layers.Ethernet, *layers.IPv4, *layers.UDP) {
+	// Point-to-point.
+	ethernet := &layers.Ethernet{
+		SrcMAC:       MACAddr(srcIP),
+		DstMAC:       MACAddr(dstIP),
+		EthernetType: layers.EthernetTypeIPv4,
+	}
+
+	// Point-to-point. This is the real IP: the underlay network.
+	ip := &layers.IPv4{
+		Version:  4,
+		IHL:      5,
+		TTL:      64,
+		SrcIP:    srcIP.AsSlice(),
+		DstIP:    dstIP.AsSlice(),
+		Protocol: layers.IPProtocolUDP,
+		Flags:    layers.IPv4DontFragment,
+	}
+	udp := &layers.UDP{
+		SrcPort: srcPort,
+		DstPort: dstPort,
+	}
+	_ = udp.SetNetworkLayerForChecksum(ip)
+
+	return ethernet, ip, udp
+}
+
 // interfaceLabel returns a string label for the given AS and interface indices.
 // Such names are those used when responding to the show-interfaces command and when translating
 // the --interface option.

From 21f6013a8f541dfb092a739fbf133a9cffdb393c Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Tue, 5 Dec 2023 11:46:07 +0100
Subject: [PATCH 38/40] router: change go version dependency to 1.21 (so the
 linter doesn't choke on max().

Also fold an extra long line.
---
 acceptance/router_newbenchmark/cases/topo.go |  7 +++++-
 go.mod                                       |  2 +-
 go.sum                                       | 23 ++++++++++++++++++++
 3 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/acceptance/router_newbenchmark/cases/topo.go b/acceptance/router_newbenchmark/cases/topo.go
index da78ab2401..51a3c200a6 100644
--- a/acceptance/router_newbenchmark/cases/topo.go
+++ b/acceptance/router_newbenchmark/cases/topo.go
@@ -105,7 +105,12 @@ func FakeMAC(AS byte) hash.Hash {
 	return macGen()
 }
 
-func Underlay(srcIP netip.Addr, srcPort layers.UDPPort, dstIP netip.Addr, dstPort layers.UDPPort) (*layers.Ethernet, *layers.IPv4, *layers.UDP) {
+func Underlay(
+	srcIP netip.Addr,
+	srcPort layers.UDPPort,
+	dstIP netip.Addr,
+	dstPort layers.UDPPort) (*layers.Ethernet, *layers.IPv4, *layers.UDP) {
+
 	// Point-to-point.
 	ethernet := &layers.Ethernet{
 		SrcMAC:       MACAddr(srcIP),
diff --git a/go.mod b/go.mod
index 77f168f212..2b148740e9 100644
--- a/go.mod
+++ b/go.mod
@@ -130,4 +130,4 @@ require (
 	modernc.org/token v1.0.1 // indirect
 )
 
-go 1.18
+go 1.21
diff --git a/go.sum b/go.sum
index c53bec95f1..3ce7f0a0b2 100644
--- a/go.sum
+++ b/go.sum
@@ -77,6 +77,7 @@ github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnht
 github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd h1:qMd81Ts1T2OTKmB4acZcyKaMtRnY5Y44NuXGX2GFJ1w=
 github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI=
 github.com/containerd/stargz-snapshotter/estargz v0.12.1 h1:+7nYmHJb0tEkcRaAW+MHqoKaJYZmkikupxCqVtmPuY0=
+github.com/containerd/stargz-snapshotter/estargz v0.12.1/go.mod h1:12VUuCq3qPq4y8yUW+l5w3+oXV3cx2Po3KSe/SmPGqw=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
@@ -92,9 +93,13 @@ github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1/go.mod h1:hyedUtir6IdtD/7lIxGeC
 github.com/deepmap/oapi-codegen/v2 v2.0.0 h1:3TS7w3r+XnjKFXcbFbc16pTWzfTy0OLPkCsutEHjWDA=
 github.com/deepmap/oapi-codegen/v2 v2.0.0/go.mod h1:7zR+ZL3WzLeCkr2k8oWTxEa0v8y/F25ane0l6A5UjLA=
 github.com/docker/cli v20.10.20+incompatible h1:lWQbHSHUFs7KraSN2jOJK7zbMS2jNCHI4mt4xUFUVQ4=
+github.com/docker/cli v20.10.20+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
+github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v20.10.20+incompatible h1:kH9tx6XO+359d+iAkumyKDc5Q1kOwPuAUaeri48nD6E=
+github.com/docker/docker v20.10.20+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
+github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
 github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -106,6 +111,7 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
 github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w=
 github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
+github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/getkin/kin-openapi v0.118.0 h1:z43njxPmJ7TaPpMSCQb7PN0dEYno4tyBPQcrFdHoLuM=
@@ -126,6 +132,7 @@ github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
 github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
 github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
+github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
@@ -258,12 +265,14 @@ github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:C
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I=
+github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -299,6 +308,7 @@ github.com/mattn/go-sqlite3 v1.14.17/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S
 github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
+github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -318,8 +328,11 @@ github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6
 github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q=
 github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3RonqW57k=
 github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
+github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
+github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034=
+github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
 github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
@@ -373,6 +386,7 @@ github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
+github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8=
@@ -381,6 +395,7 @@ github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
+github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/smartystreets/assertions v1.2.0 h1:42S6lae5dvLc7BrLu/0ugRtcFVjoJNMC/N3yZFZkDFs=
 github.com/smartystreets/assertions v1.2.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
 github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg=
@@ -426,7 +441,9 @@ github.com/ugorji/go v1.2.7 h1:qYhyWUUd6WbiM+C6JZAUkIJt/1WrjzNHY9+KCIjVqTo=
 github.com/ugorji/go v1.2.7/go.mod h1:nF9osbDWLy6bDVv/Rtoh6QgnvNDpmCalQV5urGCCS6M=
 github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY=
 github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
+github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
 github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
+github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI=
 github.com/vishvananda/netlink v1.2.1-beta.2 h1:Llsql0lnQEbHj0I1OuKyp8otXp0r3q0mPkuhwHfStVs=
 github.com/vishvananda/netlink v1.2.1-beta.2/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
 github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae h1:4hwBBUfQCFe3Cym0ZtKyq7L16eZUtYKs+BaHDN6mAns=
@@ -495,6 +512,7 @@ golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPI
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug=
+golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
 golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
@@ -803,6 +821,7 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
@@ -833,7 +852,9 @@ modernc.org/cc/v3 v3.40.0/go.mod h1:/bTg4dnWkSXowUO6ssQKnOV0yMVxDYNIsIrzqTFDGH0=
 modernc.org/ccgo/v3 v3.16.13 h1:Mkgdzl46i5F/CNR/Kj80Ri59hC8TKAhZrYSaqvkwzUw=
 modernc.org/ccgo/v3 v3.16.13/go.mod h1:2Quk+5YgpImhPjv2Qsob1DnZ/4som1lJTodubIcoUkY=
 modernc.org/ccorpus v1.11.6 h1:J16RXiiqiCgua6+ZvQot4yUuUy8zxgqbqEEUuGPlISk=
+modernc.org/ccorpus v1.11.6/go.mod h1:2gEUTrWqdpH2pXsmTM1ZkjeSrUWDpjMu2T6m29L/ErQ=
 modernc.org/httpfs v1.0.6 h1:AAgIpFZRXuYnkjftxTAZwMIiwEqAfk8aVB2/oA6nAeM=
+modernc.org/httpfs v1.0.6/go.mod h1:7dosgurJGp0sPaRanU53W4xZYKh14wfzX420oZADeHM=
 modernc.org/libc v1.22.5 h1:91BNch/e5B0uPbJFgqbxXuOnxBQjlS//icfQEGmvyjE=
 modernc.org/libc v1.22.5/go.mod h1:jj+Z7dTNX8fBScMVNRAYZ/jF91K8fdT2hYMThc3YjBY=
 modernc.org/mathutil v1.5.0 h1:rV0Ko/6SfM+8G+yKiyI830l3Wuz1zRutdslNoQ0kfiQ=
@@ -847,9 +868,11 @@ modernc.org/sqlite v1.24.0/go.mod h1:OrDj17Mggn6MhE+iPbBNf7RGKODDE9NFT0f3EwDzJqk
 modernc.org/strutil v1.1.3 h1:fNMm+oJklMGYfU9Ylcywl0CO5O6nTfaowNsh2wpPjzY=
 modernc.org/strutil v1.1.3/go.mod h1:MEHNA7PdEnEwLvspRMtWTNnp2nnyvMfkimT1NKNAGbw=
 modernc.org/tcl v1.15.2 h1:C4ybAYCGJw968e+Me18oW55kD/FexcHbqH2xak1ROSY=
+modernc.org/tcl v1.15.2/go.mod h1:3+k/ZaEbKrC8ePv8zJWPtBSW0V7Gg9g8rkmhI1Kfs3c=
 modernc.org/token v1.0.1 h1:A3qvTqOwexpfZZeyI0FeGPDlSWX5pjZu9hF4lU+EKWg=
 modernc.org/token v1.0.1/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
 modernc.org/z v1.7.3 h1:zDJf6iHjrnB+WRD88stbXokugjyc0/pB91ri1gO6LZY=
+modernc.org/z v1.7.3/go.mod h1:Ipv4tsdxZRbQyLq9Q1M6gdbkxYzdlrciF2Hi/lS7nWE=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

From f3e7e8957c92faf4f143761596922c90044f428e Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Wed, 6 Dec 2023 10:46:15 +0100
Subject: [PATCH 39/40] router: remove type conversions around use of max().

---
 acceptance/router_newbenchmark/cases/topo.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/acceptance/router_newbenchmark/cases/topo.go b/acceptance/router_newbenchmark/cases/topo.go
index 51a3c200a6..b49bced0bd 100644
--- a/acceptance/router_newbenchmark/cases/topo.go
+++ b/acceptance/router_newbenchmark/cases/topo.go
@@ -67,7 +67,7 @@ type intfDesc struct {
 // Per our scheme, the subnet number is the largest of the two AS numbers and the host is always
 // the local AS. This works if there are no cycles. Else there could be subnet number collisions.
 func PublicIP(localAS byte, remoteAS byte) netip.Addr {
-	subnetNr := byte(max(int(remoteAS), int(localAS)))
+	subnetNr := max(remoteAS, localAS)
 	return netip.AddrFrom4([4]byte{192, 168, subnetNr, localAS})
 }
 

From d6b47643777f6ef39749348b18147e5948a50690 Mon Sep 17 00:00:00 2001
From: Jean-Christophe Hugly <jice@scion.org>
Date: Wed, 6 Dec 2023 11:05:44 +0100
Subject: [PATCH 40/40] router: update CI's expectations of the newbenchmark
 results.

---
 acceptance/router_newbenchmark/test.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/acceptance/router_newbenchmark/test.py b/acceptance/router_newbenchmark/test.py
index c9b8afb63c..b9d5b24411 100644
--- a/acceptance/router_newbenchmark/test.py
+++ b/acceptance/router_newbenchmark/test.py
@@ -34,11 +34,11 @@
 
 # Those values are valid expectations only when running in the CI environment.
 TEST_CASES = {
-    'in': 0,  # 53000,
-    'out': 0,  # 26000,
-    'in_transit': 0,  # 73000,
-    'out_transit': 0,  # 49000,
-    'br_transit': 230000,
+    'in': 270000,
+    'out': 240000,
+    'in_transit': 270000,
+    'out_transit': 240000,
+    'br_transit': 260000,
 }