@push.rocks/smartproxy 19.3.2 → 19.3.4

package/dist_ts/classes.pp.connectionhandler.js

@@ -1,754 +0,0 @@
-import * as plugins from './plugins.js';
-import { ConnectionManager } from './classes.pp.connectionmanager.js';
-import { SecurityManager } from './classes.pp.securitymanager.js';
-import { DomainConfigManager } from './classes.pp.domainconfigmanager.js';
-import { TlsManager } from './classes.pp.tlsmanager.js';
-import { NetworkProxyBridge } from './classes.pp.networkproxybridge.js';
-import { TimeoutManager } from './classes.pp.timeoutmanager.js';
-import { PortRangeManager } from './classes.pp.portrangemanager.js';
-/**
- * Handles new connection processing and setup logic
- */
-export class ConnectionHandler {
-    constructor(settings, connectionManager, securityManager, domainConfigManager, tlsManager, networkProxyBridge, timeoutManager, portRangeManager) {
-        this.settings = settings;
-        this.connectionManager = connectionManager;
-        this.securityManager = securityManager;
-        this.domainConfigManager = domainConfigManager;
-        this.tlsManager = tlsManager;
-        this.networkProxyBridge = networkProxyBridge;
-        this.timeoutManager = timeoutManager;
-        this.portRangeManager = portRangeManager;
-    }
-    /**
-     * Handle a new incoming connection
-     */
-    handleConnection(socket) {
-        const remoteIP = socket.remoteAddress || '';
-        const localPort = socket.localPort || 0;
-        // Validate IP against rate limits and connection limits
-        const ipValidation = this.securityManager.validateIP(remoteIP);
-        if (!ipValidation.allowed) {
-            console.log(`Connection rejected from ${remoteIP}: ${ipValidation.reason}`);
-            socket.end();
-            socket.destroy();
-            return;
-        }
-        // Create a new connection record
-        const record = this.connectionManager.createConnection(socket);
-        const connectionId = record.id;
-        // Apply socket optimizations
-        socket.setNoDelay(this.settings.noDelay);
-        // Apply keep-alive settings if enabled
-        if (this.settings.keepAlive) {
-            socket.setKeepAlive(true, this.settings.keepAliveInitialDelay);
-            record.hasKeepAlive = true;
-            // Apply enhanced TCP keep-alive options if enabled
-            if (this.settings.enableKeepAliveProbes) {
-                try {
-                    // These are platform-specific and may not be available
-                    if ('setKeepAliveProbes' in socket) {
-                        socket.setKeepAliveProbes(10);
-                    }
-                    if ('setKeepAliveInterval' in socket) {
-                        socket.setKeepAliveInterval(1000);
-                    }
-                }
-                catch (err) {
-                    // Ignore errors - these are optional enhancements
-                    if (this.settings.enableDetailedLogging) {
-                        console.log(`[${connectionId}] Enhanced TCP keep-alive settings not supported: ${err}`);
-                    }
-                }
-            }
-        }
-        if (this.settings.enableDetailedLogging) {
-            console.log(`[${connectionId}] New connection from ${remoteIP} on port ${localPort}. ` +
-                `Keep-Alive: ${record.hasKeepAlive ? 'Enabled' : 'Disabled'}. ` +
-                `Active connections: ${this.connectionManager.getConnectionCount()}`);
-        }
-        else {
-            console.log(`New connection from ${remoteIP} on port ${localPort}. Active connections: ${this.connectionManager.getConnectionCount()}`);
-        }
-        // Check if this connection should be forwarded directly to NetworkProxy
-        if (this.portRangeManager.shouldUseNetworkProxy(localPort)) {
-            this.handleNetworkProxyConnection(socket, record);
-        }
-        else {
-            // For non-NetworkProxy ports, proceed with normal processing
-            this.handleStandardConnection(socket, record);
-        }
-    }
-    /**
-     * Handle a connection that should be forwarded to NetworkProxy
-     */
-    handleNetworkProxyConnection(socket, record) {
-        const connectionId = record.id;
-        let initialDataReceived = false;
-        // Set an initial timeout for handshake data
-        let initialTimeout = setTimeout(() => {
-            if (!initialDataReceived) {
-                console.log(`[${connectionId}] Initial data warning (${this.settings.initialDataTimeout}ms) for connection from ${record.remoteIP}`);
-                // Add a grace period instead of immediate termination
-                setTimeout(() => {
-                    if (!initialDataReceived) {
-                        console.log(`[${connectionId}] Final initial data timeout after grace period`);
-                        if (record.incomingTerminationReason === null) {
-                            record.incomingTerminationReason = 'initial_timeout';
-                            this.connectionManager.incrementTerminationStat('incoming', 'initial_timeout');
-                        }
-                        socket.end();
-                        this.connectionManager.cleanupConnection(record, 'initial_timeout');
-                    }
-                }, 30000); // 30 second grace period
-            }
-        }, this.settings.initialDataTimeout);
-        // Make sure timeout doesn't keep the process alive
-        if (initialTimeout.unref) {
-            initialTimeout.unref();
-        }
-        // Set up error handler
-        socket.on('error', this.connectionManager.handleError('incoming', record));
-        // First data handler to capture initial TLS handshake for NetworkProxy
-        socket.once('data', (chunk) => {
-            // Clear the initial timeout since we've received data
-            if (initialTimeout) {
-                clearTimeout(initialTimeout);
-                initialTimeout = null;
-            }
-            initialDataReceived = true;
-            record.hasReceivedInitialData = true;
-            // Block non-TLS connections on port 443
-            const localPort = record.localPort;
-            if (!this.tlsManager.isTlsHandshake(chunk) && localPort === 443) {
-                console.log(`[${connectionId}] Non-TLS connection detected on port 443. ` +
-                    `Terminating connection - only TLS traffic is allowed on standard HTTPS port.`);
-                if (record.incomingTerminationReason === null) {
-                    record.incomingTerminationReason = 'non_tls_blocked';
-                    this.connectionManager.incrementTerminationStat('incoming', 'non_tls_blocked');
-                }
-                socket.end();
-                this.connectionManager.cleanupConnection(record, 'non_tls_blocked');
-                return;
-            }
-            // Check if this looks like a TLS handshake
-            if (this.tlsManager.isTlsHandshake(chunk)) {
-                record.isTLS = true;
-                // Check for ClientHello to extract SNI - but don't enforce it for NetworkProxy
-                if (this.tlsManager.isClientHello(chunk)) {
-                    // Create connection info for SNI extraction
-                    const connInfo = {
-                        sourceIp: record.remoteIP,
-                        sourcePort: socket.remotePort || 0,
-                        destIp: socket.localAddress || '',
-                        destPort: socket.localPort || 0,
-                    };
-                    // Extract SNI for domain-specific NetworkProxy handling if available
-                    const serverName = this.tlsManager.extractSNI(chunk, connInfo);
-                    // For NetworkProxy connections, we'll allow session tickets even without SNI
-                    // We'll only use the serverName if available to determine the specific NetworkProxy port
-                    if (serverName) {
-                        // Save domain config and SNI in connection record
-                        const domainConfig = this.domainConfigManager.findDomainConfig(serverName);
-                        record.domainConfig = domainConfig;
-                        record.lockedDomain = serverName;
-                        // Use domain-specific NetworkProxy port if configured
-                        if (domainConfig && this.domainConfigManager.shouldUseNetworkProxy(domainConfig)) {
-                            const networkProxyPort = this.domainConfigManager.getNetworkProxyPort(domainConfig);
-                            if (this.settings.enableDetailedLogging) {
-                                console.log(`[${connectionId}] Using domain-specific NetworkProxy for ${serverName} on port ${networkProxyPort}`);
-                            }
-                            // Forward to NetworkProxy with domain-specific port
-                            this.networkProxyBridge.forwardToNetworkProxy(connectionId, socket, record, chunk, networkProxyPort, (reason) => this.connectionManager.initiateCleanupOnce(record, reason));
-                            return;
-                        }
-                    }
-                    else if (this.settings.allowSessionTicket === false &&
-                        this.settings.enableDetailedLogging) {
-                        // Log that we're allowing a session resumption without SNI for NetworkProxy
-                        console.log(`[${connectionId}] Allowing session resumption without SNI for NetworkProxy forwarding`);
-                    }
-                }
-                // Forward directly to NetworkProxy without domain-specific settings
-                this.networkProxyBridge.forwardToNetworkProxy(connectionId, socket, record, chunk, undefined, (reason) => this.connectionManager.initiateCleanupOnce(record, reason));
-            }
-            else {
-                // If not TLS, use normal direct connection
-                console.log(`[${connectionId}] Non-TLS connection on NetworkProxy port ${record.localPort}`);
-                this.setupDirectConnection(socket, record, undefined, undefined, chunk);
-            }
-        });
-    }
-    /**
-     * Handle a standard (non-NetworkProxy) connection
-     */
-    handleStandardConnection(socket, record) {
-        const connectionId = record.id;
-        const localPort = record.localPort;
-        // Define helpers for rejecting connections
-        const rejectIncomingConnection = (reason, logMessage) => {
-            console.log(`[${connectionId}] ${logMessage}`);
-            socket.end();
-            if (record.incomingTerminationReason === null) {
-                record.incomingTerminationReason = reason;
-                this.connectionManager.incrementTerminationStat('incoming', reason);
-            }
-            this.connectionManager.cleanupConnection(record, reason);
-        };
-        let initialDataReceived = false;
-        // Set an initial timeout for SNI data if needed
-        let initialTimeout = null;
-        if (this.settings.sniEnabled) {
-            initialTimeout = setTimeout(() => {
-                if (!initialDataReceived) {
-                    console.log(`[${connectionId}] Initial data warning (${this.settings.initialDataTimeout}ms) for connection from ${record.remoteIP}`);
-                    // Add a grace period instead of immediate termination
-                    setTimeout(() => {
-                        if (!initialDataReceived) {
-                            console.log(`[${connectionId}] Final initial data timeout after grace period`);
-                            if (record.incomingTerminationReason === null) {
-                                record.incomingTerminationReason = 'initial_timeout';
-                                this.connectionManager.incrementTerminationStat('incoming', 'initial_timeout');
-                            }
-                            socket.end();
-                            this.connectionManager.cleanupConnection(record, 'initial_timeout');
-                        }
-                    }, 30000); // 30 second grace period
-                }
-            }, this.settings.initialDataTimeout);
-            // Make sure timeout doesn't keep the process alive
-            if (initialTimeout.unref) {
-                initialTimeout.unref();
-            }
-        }
-        else {
-            initialDataReceived = true;
-            record.hasReceivedInitialData = true;
-        }
-        socket.on('error', this.connectionManager.handleError('incoming', record));
-        // Track data for bytes counting
-        socket.on('data', (chunk) => {
-            record.bytesReceived += chunk.length;
-            this.timeoutManager.updateActivity(record);
-            // Check for TLS handshake if this is the first chunk
-            if (!record.isTLS && this.tlsManager.isTlsHandshake(chunk)) {
-                record.isTLS = true;
-                if (this.settings.enableTlsDebugLogging) {
-                    console.log(`[${connectionId}] TLS handshake detected from ${record.remoteIP}, ${chunk.length} bytes`);
-                }
-            }
-        });
-        /**
-         * Sets up the connection to the target host.
-         */
-        const setupConnection = (serverName, initialChunk, forcedDomain, overridePort) => {
-            // Clear the initial timeout since we've received data
-            if (initialTimeout) {
-                clearTimeout(initialTimeout);
-                initialTimeout = null;
-            }
-            // Mark that we've received initial data
-            initialDataReceived = true;
-            record.hasReceivedInitialData = true;
-            // Check if this looks like a TLS handshake
-            if (initialChunk && this.tlsManager.isTlsHandshake(initialChunk)) {
-                record.isTLS = true;
-                if (this.settings.enableTlsDebugLogging) {
-                    console.log(`[${connectionId}] TLS handshake detected in setup, ${initialChunk.length} bytes`);
-                }
-            }
-            // If a forcedDomain is provided (port-based routing), use it; otherwise, use SNI-based lookup.
-            const domainConfig = forcedDomain
-                ? forcedDomain
-                : serverName
-                    ? this.domainConfigManager.findDomainConfig(serverName)
-                    : undefined;
-            // Save domain config in connection record
-            record.domainConfig = domainConfig;
-            // Check if this domain should use NetworkProxy (domain-specific setting)
-            if (domainConfig &&
-                this.domainConfigManager.shouldUseNetworkProxy(domainConfig) &&
-                this.networkProxyBridge.getNetworkProxy()) {
-                if (this.settings.enableDetailedLogging) {
-                    console.log(`[${connectionId}] Domain ${serverName} is configured to use NetworkProxy`);
-                }
-                const networkProxyPort = this.domainConfigManager.getNetworkProxyPort(domainConfig);
-                if (initialChunk && record.isTLS) {
-                    // For TLS connections with initial chunk, forward to NetworkProxy
-                    this.networkProxyBridge.forwardToNetworkProxy(connectionId, socket, record, initialChunk, networkProxyPort, (reason) => this.connectionManager.initiateCleanupOnce(record, reason));
-                    return; // Skip normal connection setup
-                }
-            }
-            // IP validation
-            if (domainConfig) {
-                const ipRules = this.domainConfigManager.getEffectiveIPRules(domainConfig);
-                // Skip IP validation if allowedIPs is empty
-                if (domainConfig.allowedIPs.length > 0 &&
-                    !this.securityManager.isIPAuthorized(record.remoteIP, ipRules.allowedIPs, ipRules.blockedIPs)) {
-                    return rejectIncomingConnection('rejected', `Connection rejected: IP ${record.remoteIP} not allowed for domain ${domainConfig.domains.join(', ')}`);
-                }
-            }
-            else if (this.settings.defaultAllowedIPs && this.settings.defaultAllowedIPs.length > 0) {
-                if (!this.securityManager.isIPAuthorized(record.remoteIP, this.settings.defaultAllowedIPs, this.settings.defaultBlockedIPs || [])) {
-                    return rejectIncomingConnection('rejected', `Connection rejected: IP ${record.remoteIP} not allowed by default allowed list`);
-                }
-            }
-            // Save the initial SNI
-            if (serverName) {
-                record.lockedDomain = serverName;
-            }
-            // Set up the direct connection
-            this.setupDirectConnection(socket, record, domainConfig, serverName, initialChunk, overridePort);
-        };
-        // --- PORT RANGE-BASED HANDLING ---
-        // Only apply port-based rules if the incoming port is within one of the global port ranges.
-        if (this.portRangeManager.isPortInGlobalRanges(localPort)) {
-            if (this.portRangeManager.shouldUseGlobalForwarding(localPort)) {
-                if (this.settings.defaultAllowedIPs &&
-                    this.settings.defaultAllowedIPs.length > 0 &&
-                    !this.securityManager.isIPAuthorized(record.remoteIP, this.settings.defaultAllowedIPs)) {
-                    console.log(`[${connectionId}] Connection from ${record.remoteIP} rejected: IP ${record.remoteIP} not allowed in global default allowed list.`);
-                    socket.end();
-                    return;
-                }
-                if (this.settings.enableDetailedLogging) {
-                    console.log(`[${connectionId}] Port-based connection from ${record.remoteIP} on port ${localPort} forwarded to global target IP ${this.settings.targetIP}.`);
-                }
-                setupConnection('', undefined, {
-                    domains: ['global'],
-                    allowedIPs: this.settings.defaultAllowedIPs || [],
-                    blockedIPs: this.settings.defaultBlockedIPs || [],
-                    targetIPs: [this.settings.targetIP],
-                    portRanges: [],
-                }, localPort);
-                return;
-            }
-            else {
-                // Attempt to find a matching forced domain config based on the local port.
-                const forcedDomain = this.domainConfigManager.findDomainConfigForPort(localPort);
-                if (forcedDomain) {
-                    const ipRules = this.domainConfigManager.getEffectiveIPRules(forcedDomain);
-                    if (!this.securityManager.isIPAuthorized(record.remoteIP, ipRules.allowedIPs, ipRules.blockedIPs)) {
-                        console.log(`[${connectionId}] Connection from ${record.remoteIP} rejected: IP not allowed for domain ${forcedDomain.domains.join(', ')} on port ${localPort}.`);
-                        socket.end();
-                        return;
-                    }
-                    if (this.settings.enableDetailedLogging) {
-                        console.log(`[${connectionId}] Port-based connection from ${record.remoteIP} on port ${localPort} matched domain ${forcedDomain.domains.join(', ')}.`);
-                    }
-                    setupConnection('', undefined, forcedDomain, localPort);
-                    return;
-                }
-                // Fall through to SNI/default handling if no forced domain config is found.
-            }
-        }
-        // --- FALLBACK: SNI-BASED HANDLING (or default when SNI is disabled) ---
-        if (this.settings.sniEnabled) {
-            initialDataReceived = false;
-            socket.once('data', (chunk) => {
-                // Clear timeout immediately
-                if (initialTimeout) {
-                    clearTimeout(initialTimeout);
-                    initialTimeout = null;
-                }
-                initialDataReceived = true;
-                // Block non-TLS connections on port 443
-                if (!this.tlsManager.isTlsHandshake(chunk) && localPort === 443) {
-                    console.log(`[${connectionId}] Non-TLS connection detected on port 443 in SNI handler. ` +
-                        `Terminating connection - only TLS traffic is allowed on standard HTTPS port.`);
-                    if (record.incomingTerminationReason === null) {
-                        record.incomingTerminationReason = 'non_tls_blocked';
-                        this.connectionManager.incrementTerminationStat('incoming', 'non_tls_blocked');
-                    }
-                    socket.end();
-                    this.connectionManager.cleanupConnection(record, 'non_tls_blocked');
-                    return;
-                }
-                // Try to extract SNI
-                let serverName = '';
-                if (this.tlsManager.isTlsHandshake(chunk)) {
-                    record.isTLS = true;
-                    if (this.settings.enableTlsDebugLogging) {
-                        console.log(`[${connectionId}] Extracting SNI from TLS handshake, ${chunk.length} bytes`);
-                    }
-                    // Create connection info object for SNI extraction
-                    const connInfo = {
-                        sourceIp: record.remoteIP,
-                        sourcePort: socket.remotePort || 0,
-                        destIp: socket.localAddress || '',
-                        destPort: socket.localPort || 0,
-                    };
-                    // Extract SNI
-                    serverName = this.tlsManager.extractSNI(chunk, connInfo) || '';
-                    // If allowSessionTicket is false and this is a ClientHello with no SNI, terminate the connection
-                    if (this.settings.allowSessionTicket === false &&
-                        this.tlsManager.isClientHello(chunk) &&
-                        !serverName) {
-                        // Block ClientHello without SNI when allowSessionTicket is false
-                        console.log(`[${connectionId}] No SNI detected in ClientHello and allowSessionTicket=false. ` +
-                            `Sending warning unrecognized_name alert to encourage immediate retry with SNI.`);
-                        // Set the termination reason first
-                        if (record.incomingTerminationReason === null) {
-                            record.incomingTerminationReason = 'session_ticket_blocked_no_sni';
-                            this.connectionManager.incrementTerminationStat('incoming', 'session_ticket_blocked_no_sni');
-                        }
-                        // Create a warning-level alert for unrecognized_name
-                        // This encourages Chrome to retry immediately with SNI
-                        const serverNameUnknownAlertData = Buffer.from([
-                            0x15, // Alert record type
-                            0x03,
-                            0x03, // TLS 1.2 version
-                            0x00,
-                            0x02, // Length
-                            0x01, // Warning alert level (not fatal)
-                            0x70, // unrecognized_name alert (code 112)
-                        ]);
-                        try {
-                            // Use cork/uncork to ensure the alert is sent as a single packet
-                            socket.cork();
-                            const writeSuccessful = socket.write(serverNameUnknownAlertData);
-                            socket.uncork();
-                            socket.end();
-                            // Function to handle the clean socket termination - but more gradually
-                            const finishConnection = () => {
-                                this.connectionManager.cleanupConnection(record, 'session_ticket_blocked_no_sni');
-                            };
-                            if (writeSuccessful) {
-                                // Wait longer before ending connection to ensure alert is processed by client
-                                setTimeout(finishConnection, 200); // Increased from 50ms to 200ms
-                            }
-                            else {
-                                // If the kernel buffer was full, wait for the drain event
-                                socket.once('drain', () => {
-                                    // Wait longer after drain as well
-                                    setTimeout(finishConnection, 200);
-                                });
-                                // Safety timeout is increased too
-                                setTimeout(() => {
-                                    socket.removeAllListeners('drain');
-                                    finishConnection();
-                                }, 400); // Increased from 250ms to 400ms
-                            }
-                        }
-                        catch (err) {
-                            // If we can't send the alert, fall back to immediate termination
-                            console.log(`[${connectionId}] Error sending TLS alert: ${err.message}`);
-                            socket.end();
-                            this.connectionManager.cleanupConnection(record, 'session_ticket_blocked_no_sni');
-                        }
-                        return;
-                    }
-                }
-                // Lock the connection to the negotiated SNI.
-                record.lockedDomain = serverName;
-                if (this.settings.enableDetailedLogging) {
-                    console.log(`[${connectionId}] Received connection from ${record.remoteIP} with SNI: ${serverName || '(empty)'}`);
-                }
-                setupConnection(serverName, chunk);
-            });
-        }
-        else {
-            initialDataReceived = true;
-            record.hasReceivedInitialData = true;
-            if (this.settings.defaultAllowedIPs &&
-                this.settings.defaultAllowedIPs.length > 0 &&
-                !this.securityManager.isIPAuthorized(record.remoteIP, this.settings.defaultAllowedIPs)) {
-                return rejectIncomingConnection('rejected', `Connection rejected: IP ${record.remoteIP} not allowed for non-SNI connection`);
-            }
-            setupConnection('');
-        }
-    }
-    /**
-     * Sets up a direct connection to the target
-     */
-    setupDirectConnection(socket, record, domainConfig, serverName, initialChunk, overridePort) {
-        const connectionId = record.id;
-        // Determine target host
-        const targetHost = domainConfig
-            ? this.domainConfigManager.getTargetIP(domainConfig)
-            : this.settings.targetIP;
-        // Determine target port
-        const targetPort = overridePort !== undefined ? overridePort : this.settings.toPort;
-        // Setup connection options
-        const connectionOptions = {
-            host: targetHost,
-            port: targetPort,
-        };
-        // Preserve source IP if configured
-        if (this.settings.preserveSourceIP) {
-            connectionOptions.localAddress = record.remoteIP.replace('::ffff:', '');
-        }
-        // Create a safe queue for incoming data
-        const dataQueue = [];
-        let queueSize = 0;
-        let processingQueue = false;
-        let drainPending = false;
-        let pipingEstablished = false;
-        // Pause the incoming socket to prevent buffer overflows
-        socket.pause();
-        // Function to safely process the data queue without losing events
-        const processDataQueue = () => {
-            if (processingQueue || dataQueue.length === 0 || pipingEstablished)
-                return;
-            processingQueue = true;
-            try {
-                // Process all queued chunks with the current active handler
-                while (dataQueue.length > 0) {
-                    const chunk = dataQueue.shift();
-                    queueSize -= chunk.length;
-                    // Once piping is established, we shouldn't get here,
-                    // but just in case, pass to the outgoing socket directly
-                    if (pipingEstablished && record.outgoing) {
-                        record.outgoing.write(chunk);
-                        continue;
-                    }
-                    // Track bytes received
-                    record.bytesReceived += chunk.length;
-                    // Check for TLS handshake
-                    if (!record.isTLS && this.tlsManager.isTlsHandshake(chunk)) {
-                        record.isTLS = true;
-                        if (this.settings.enableTlsDebugLogging) {
-                            console.log(`[${connectionId}] TLS handshake detected in tempDataHandler, ${chunk.length} bytes`);
-                        }
-                    }
-                    // Check if adding this chunk would exceed the buffer limit
-                    const newSize = record.pendingDataSize + chunk.length;
-                    if (this.settings.maxPendingDataSize && newSize > this.settings.maxPendingDataSize) {
-                        console.log(`[${connectionId}] Buffer limit exceeded for connection from ${record.remoteIP}: ${newSize} bytes > ${this.settings.maxPendingDataSize} bytes`);
-                        socket.end(); // Gracefully close the socket
-                        this.connectionManager.initiateCleanupOnce(record, 'buffer_limit_exceeded');
-                        return;
-                    }
-                    // Buffer the chunk and update the size counter
-                    record.pendingData.push(Buffer.from(chunk));
-                    record.pendingDataSize = newSize;
-                    this.timeoutManager.updateActivity(record);
-                }
-            }
-            finally {
-                processingQueue = false;
-                // If there's a pending drain and we've processed everything,
-                // signal we're ready for more data if we haven't established piping yet
-                if (drainPending && dataQueue.length === 0 && !pipingEstablished) {
-                    drainPending = false;
-                    socket.resume();
-                }
-            }
-        };
-        // Unified data handler that safely queues incoming data
-        const safeDataHandler = (chunk) => {
-            // If piping is already established, just let the pipe handle it
-            if (pipingEstablished)
-                return;
-            // Add to our queue for orderly processing
-            dataQueue.push(Buffer.from(chunk)); // Make a copy to be safe
-            queueSize += chunk.length;
-            // If queue is getting large, pause socket until we catch up
-            if (this.settings.maxPendingDataSize && queueSize > this.settings.maxPendingDataSize * 0.8) {
-                socket.pause();
-                drainPending = true;
-            }
-            // Process the queue
-            processDataQueue();
-        };
-        // Add our safe data handler
-        socket.on('data', safeDataHandler);
-        // Add initial chunk to pending data if present
-        if (initialChunk) {
-            record.bytesReceived += initialChunk.length;
-            record.pendingData.push(Buffer.from(initialChunk));
-            record.pendingDataSize = initialChunk.length;
-        }
-        // Create the target socket but don't set up piping immediately
-        const targetSocket = plugins.net.connect(connectionOptions);
-        record.outgoing = targetSocket;
-        record.outgoingStartTime = Date.now();
-        // Apply socket optimizations
-        targetSocket.setNoDelay(this.settings.noDelay);
-        // Apply keep-alive settings to the outgoing connection as well
-        if (this.settings.keepAlive) {
-            targetSocket.setKeepAlive(true, this.settings.keepAliveInitialDelay);
-            // Apply enhanced TCP keep-alive options if enabled
-            if (this.settings.enableKeepAliveProbes) {
-                try {
-                    if ('setKeepAliveProbes' in targetSocket) {
-                        targetSocket.setKeepAliveProbes(10);
-                    }
-                    if ('setKeepAliveInterval' in targetSocket) {
-                        targetSocket.setKeepAliveInterval(1000);
-                    }
-                }
-                catch (err) {
-                    // Ignore errors - these are optional enhancements
-                    if (this.settings.enableDetailedLogging) {
-                        console.log(`[${connectionId}] Enhanced TCP keep-alive not supported for outgoing socket: ${err}`);
-                    }
-                }
-            }
-        }
-        // Setup specific error handler for connection phase
-        targetSocket.once('error', (err) => {
-            // This handler runs only once during the initial connection phase
-            const code = err.code;
-            console.log(`[${connectionId}] Connection setup error to ${targetHost}:${connectionOptions.port}: ${err.message} (${code})`);
-            // Resume the incoming socket to prevent it from hanging
-            socket.resume();
-            if (code === 'ECONNREFUSED') {
-                console.log(`[${connectionId}] Target ${targetHost}:${connectionOptions.port} refused connection`);
-            }
-            else if (code === 'ETIMEDOUT') {
-                console.log(`[${connectionId}] Connection to ${targetHost}:${connectionOptions.port} timed out`);
-            }
-            else if (code === 'ECONNRESET') {
-                console.log(`[${connectionId}] Connection to ${targetHost}:${connectionOptions.port} was reset`);
-            }
-            else if (code === 'EHOSTUNREACH') {
-                console.log(`[${connectionId}] Host ${targetHost} is unreachable`);
-            }
-            // Clear any existing error handler after connection phase
-            targetSocket.removeAllListeners('error');
-            // Re-add the normal error handler for established connections
-            targetSocket.on('error', this.connectionManager.handleError('outgoing', record));
-            if (record.outgoingTerminationReason === null) {
-                record.outgoingTerminationReason = 'connection_failed';
-                this.connectionManager.incrementTerminationStat('outgoing', 'connection_failed');
-            }
-            // Clean up the connection
-            this.connectionManager.initiateCleanupOnce(record, `connection_failed_${code}`);
-        });
-        // Setup close handler
-        targetSocket.on('close', this.connectionManager.handleClose('outgoing', record));
-        socket.on('close', this.connectionManager.handleClose('incoming', record));
-        // Handle timeouts with keep-alive awareness
-        socket.on('timeout', () => {
-            // For keep-alive connections, just log a warning instead of closing
-            if (record.hasKeepAlive) {
-                console.log(`[${connectionId}] Timeout event on incoming keep-alive connection from ${record.remoteIP} after ${plugins.prettyMs(this.settings.socketTimeout || 3600000)}. Connection preserved.`);
-                return;
-            }
-            // For non-keep-alive connections, proceed with normal cleanup
-            console.log(`[${connectionId}] Timeout on incoming side from ${record.remoteIP} after ${plugins.prettyMs(this.settings.socketTimeout || 3600000)}`);
-            if (record.incomingTerminationReason === null) {
-                record.incomingTerminationReason = 'timeout';
-                this.connectionManager.incrementTerminationStat('incoming', 'timeout');
-            }
-            this.connectionManager.initiateCleanupOnce(record, 'timeout_incoming');
-        });
-        targetSocket.on('timeout', () => {
-            // For keep-alive connections, just log a warning instead of closing
-            if (record.hasKeepAlive) {
-                console.log(`[${connectionId}] Timeout event on outgoing keep-alive connection from ${record.remoteIP} after ${plugins.prettyMs(this.settings.socketTimeout || 3600000)}. Connection preserved.`);
-                return;
-            }
-            // For non-keep-alive connections, proceed with normal cleanup
-            console.log(`[${connectionId}] Timeout on outgoing side from ${record.remoteIP} after ${plugins.prettyMs(this.settings.socketTimeout || 3600000)}`);
-            if (record.outgoingTerminationReason === null) {
-                record.outgoingTerminationReason = 'timeout';
-                this.connectionManager.incrementTerminationStat('outgoing', 'timeout');
-            }
-            this.connectionManager.initiateCleanupOnce(record, 'timeout_outgoing');
-        });
-        // Apply socket timeouts
-        this.timeoutManager.applySocketTimeouts(record);
-        // Track outgoing data for bytes counting
-        targetSocket.on('data', (chunk) => {
-            record.bytesSent += chunk.length;
-            this.timeoutManager.updateActivity(record);
-        });
-        // Wait for the outgoing connection to be ready before setting up piping
-        targetSocket.once('connect', () => {
-            // Clear the initial connection error handler
-            targetSocket.removeAllListeners('error');
-            // Add the normal error handler for established connections
-            targetSocket.on('error', this.connectionManager.handleError('outgoing', record));
-            // Process any remaining data in the queue before switching to piping
-            processDataQueue();
-            // Set up piping immediately
-            pipingEstablished = true;
-            // Flush all pending data to target
-            if (record.pendingData.length > 0) {
-                const combinedData = Buffer.concat(record.pendingData);
-                if (this.settings.enableDetailedLogging) {
-                    console.log(`[${connectionId}] Forwarding ${combinedData.length} bytes of initial data to target`);
-                }
-                // Write pending data immediately
-                targetSocket.write(combinedData, (err) => {
-                    if (err) {
-                        console.log(`[${connectionId}] Error writing pending data to target: ${err.message}`);
-                        return this.connectionManager.initiateCleanupOnce(record, 'write_error');
-                    }
-                });
-                // Clear the buffer now that we've processed it
-                record.pendingData = [];
-                record.pendingDataSize = 0;
-            }
-            // Setup piping in both directions without any delays
-            socket.pipe(targetSocket);
-            targetSocket.pipe(socket);
-            // Resume the socket to ensure data flows
-            socket.resume();
-            // Process any data that might be queued in the interim
-            if (dataQueue.length > 0) {
-                // Write any remaining queued data directly to the target socket
-                for (const chunk of dataQueue) {
-                    targetSocket.write(chunk);
-                }
-                // Clear the queue
-                dataQueue.length = 0;
-                queueSize = 0;
-            }
-            if (this.settings.enableDetailedLogging) {
-                console.log(`[${connectionId}] Connection established: ${record.remoteIP} -> ${targetHost}:${connectionOptions.port}` +
-                    `${serverName
-                        ? ` (SNI: ${serverName})`
-                        : domainConfig
-                            ? ` (Port-based for domain: ${domainConfig.domains.join(', ')})`
-                            : ''}` +
-                    ` TLS: ${record.isTLS ? 'Yes' : 'No'}, Keep-Alive: ${record.hasKeepAlive ? 'Yes' : 'No'}`);
-            }
-            else {
-                console.log(`Connection established: ${record.remoteIP} -> ${targetHost}:${connectionOptions.port}` +
-                    `${serverName
-                        ? ` (SNI: ${serverName})`
-                        : domainConfig
-                            ? ` (Port-based for domain: ${domainConfig.domains.join(', ')})`
-                            : ''}`);
-            }
-            // Add the renegotiation handler for SNI validation
-            if (serverName) {
-                // Create connection info object for the existing connection
-                const connInfo = {
-                    sourceIp: record.remoteIP,
-                    sourcePort: record.incoming.remotePort || 0,
-                    destIp: record.incoming.localAddress || '',
-                    destPort: record.incoming.localPort || 0,
-                };
-                // Create a renegotiation handler function
-                const renegotiationHandler = this.tlsManager.createRenegotiationHandler(connectionId, serverName, connInfo, (connectionId, reason) => this.connectionManager.initiateCleanupOnce(record, reason));
-                // Store the handler in the connection record so we can remove it during cleanup
-                record.renegotiationHandler = renegotiationHandler;
-                // Add the handler to the socket
-                socket.on('data', renegotiationHandler);
-                if (this.settings.enableDetailedLogging) {
-                    console.log(`[${connectionId}] TLS renegotiation handler installed for SNI domain: ${serverName}`);
-                    if (this.settings.allowSessionTicket === false) {
-                        console.log(`[${connectionId}] Session ticket usage is disabled. Connection will be reset on reconnection attempts.`);
-                    }
-                }
-            }
-            // Set connection timeout
-            record.cleanupTimer = this.timeoutManager.setupConnectionTimeout(record, (record, reason) => {
-                console.log(`[${connectionId}] Connection from ${record.remoteIP} exceeded max lifetime, forcing cleanup.`);
-                this.connectionManager.initiateCleanupOnce(record, reason);
-            });
-            // Mark TLS handshake as complete for TLS connections
-            if (record.isTLS) {
-                record.tlsHandshakeComplete = true;
-                if (this.settings.enableTlsDebugLogging) {
-                    console.log(`[${connectionId}] TLS handshake complete for connection from ${record.remoteIP}`);
-                }
-            }
-        });
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5wcC5jb25uZWN0aW9uaGFuZGxlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3RzL2NsYXNzZXMucHAuY29ubmVjdGlvbmhhbmRsZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLE9BQU8sTUFBTSxjQUFjLENBQUM7QUFNeEMsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sbUNBQW1DLENBQUM7QUFDdEUsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLGlDQUFpQyxDQUFDO0FBQ2xFLE9BQU8sRUFBRSxtQkFBbUIsRUFBRSxNQUFNLHFDQUFxQyxDQUFDO0FBQzFFLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSw0QkFBNEIsQ0FBQztBQUN4RCxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxvQ0FBb0MsQ0FBQztBQUN4RSxPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0sZ0NBQWdDLENBQUM7QUFDaEUsT0FBTyxFQUFFLGdCQUFnQixFQUFFLE1BQU0sa0NBQWtDLENBQUM7QUFFcEU7O0dBRUc7QUFDSCxNQUFNLE9BQU8saUJBQWlCO0lBQzVCLFlBQ1UsUUFBNEIsRUFDNUIsaUJBQW9DLEVBQ3BDLGVBQWdDLEVBQ2hDLG1CQUF3QyxFQUN4QyxVQUFzQixFQUN0QixrQkFBc0MsRUFDdEMsY0FBOEIsRUFDOUIsZ0JBQWtDO1FBUGxDLGFBQVEsR0FBUixRQUFRLENBQW9CO1FBQzVCLHNCQUFpQixHQUFqQixpQkFBaUIsQ0FBbUI7UUFDcEMsb0JBQWUsR0FBZixlQUFlLENBQWlCO1FBQ2hDLHdCQUFtQixHQUFuQixtQkFBbUIsQ0FBcUI7UUFDeEMsZUFBVSxHQUFWLFVBQVUsQ0FBWTtRQUN0Qix1QkFBa0IsR0FBbEIsa0JBQWtCLENBQW9CO1FBQ3RDLG1CQUFjLEdBQWQsY0FBYyxDQUFnQjtRQUM5QixxQkFBZ0IsR0FBaEIsZ0JBQWdCLENBQWtCO0lBQ3pDLENBQUM7SUFFSjs7T0FFRztJQUNJLGdCQUFnQixDQUFDLE1BQTBCO1FBQ2hELE1BQU0sUUFBUSxHQUFHLE1BQU0sQ0FBQyxhQUFhLElBQUksRUFBRSxDQUFDO1FBQzVDLE1BQU0sU0FBUyxHQUFHLE1BQU0sQ0FBQyxTQUFTLElBQUksQ0FBQyxDQUFDO1FBRXhDLHdEQUF3RDtRQUN4RCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsZUFBZSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUMvRCxJQUFJLENBQUMsWUFBWSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQzFCLE9BQU8sQ0FBQyxHQUFHLENBQUMsNEJBQTRCLFFBQVEsS0FBSyxZQUFZLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQztZQUM1RSxNQUFNLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDYixNQUFNLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDakIsT0FBTztRQUNULENBQUM7UUFFRCxpQ0FBaUM7UUFDakMsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLGlCQUFpQixDQUFDLGdCQUFnQixDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQy9ELE1BQU0sWUFBWSxHQUFHLE1BQU0sQ0FBQyxFQUFFLENBQUM7UUFFL0IsNkJBQTZCO1FBQzdCLE1BQU0sQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUV6Qyx1Q0FBdUM7UUFDdkMsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQzVCLE1BQU0sQ0FBQyxZQUFZLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLENBQUMsQ0FBQztZQUMvRCxNQUFNLENBQUMsWUFBWSxHQUFHLElBQUksQ0FBQztZQUUzQixtREFBbUQ7WUFDbkQsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7Z0JBQ3hDLElBQUksQ0FBQztvQkFDSCx1REFBdUQ7b0JBQ3ZELElBQUksb0JBQW9CLElBQUksTUFBTSxFQUFFLENBQUM7d0JBQ2xDLE1BQWMsQ0FBQyxrQkFBa0IsQ0FBQyxFQUFFLENBQUMsQ0FBQztvQkFDekMsQ0FBQztvQkFDRCxJQUFJLHNCQUFzQixJQUFJLE1BQU0sRUFBRSxDQUFDO3dCQUNwQyxNQUFjLENBQUMsb0JBQW9CLENBQUMsSUFBSSxDQUFDLENBQUM7b0JBQzdDLENBQUM7Z0JBQ0gsQ0FBQztnQkFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO29CQUNiLGtEQUFrRDtvQkFDbEQsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7d0JBQ3hDLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxZQUFZLHFEQUFxRCxHQUFHLEVBQUUsQ0FBQyxDQUFDO29CQUMxRixDQUFDO2dCQUNILENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUVELElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO1lBQ3hDLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLHlCQUF5QixRQUFRLFlBQVksU0FBUyxJQUFJO2dCQUN4RSxlQUFlLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsVUFBVSxJQUFJO2dCQUMvRCx1QkFBdUIsSUFBSSxDQUFDLGlCQUFpQixDQUFDLGtCQUFrQixFQUFFLEVBQUUsQ0FDdkUsQ0FBQztRQUNKLENBQUM7YUFBTSxDQUFDO1lBQ04sT0FBTyxDQUFDLEdBQUcsQ0FDVCx1QkFBdUIsUUFBUSxZQUFZLFNBQVMseUJBQXlCLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxrQkFBa0IsRUFBRSxFQUFFLENBQzNILENBQUM7UUFDSixDQUFDO1FBRUQsd0VBQXdFO1FBQ3hFLElBQUksSUFBSSxDQUFDLGdCQUFnQixDQUFDLHFCQUFxQixDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUM7WUFDM0QsSUFBSSxDQUFDLDRCQUE0QixDQUFDLE1BQU0sRUFBRSxNQUFNLENBQUMsQ0FBQztRQUNwRCxDQUFDO2FBQU0sQ0FBQztZQUNOLDZEQUE2RDtZQUM3RCxJQUFJLENBQUMsd0JBQXdCLENBQUMsTUFBTSxFQUFFLE1BQU0sQ0FBQyxDQUFDO1FBQ2hELENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSyw0QkFBNEIsQ0FDbEMsTUFBMEIsRUFDMUIsTUFBeUI7UUFFekIsTUFBTSxZQUFZLEdBQUcsTUFBTSxDQUFDLEVBQUUsQ0FBQztRQUMvQixJQUFJLG1CQUFtQixHQUFHLEtBQUssQ0FBQztRQUVoQyw0Q0FBNEM7UUFDNUMsSUFBSSxjQUFjLEdBQTBCLFVBQVUsQ0FBQyxHQUFHLEVBQUU7WUFDMUQsSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7Z0JBQ3pCLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLDJCQUEyQixJQUFJLENBQUMsUUFBUSxDQUFDLGtCQUFrQiwyQkFBMkIsTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUN4SCxDQUFDO2dCQUVGLHNEQUFzRDtnQkFDdEQsVUFBVSxDQUFDLEdBQUcsRUFBRTtvQkFDZCxJQUFJLENBQUMsbUJBQW1CLEVBQUUsQ0FBQzt3QkFDekIsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLFlBQVksaURBQWlELENBQUMsQ0FBQzt3QkFDL0UsSUFBSSxNQUFNLENBQUMseUJBQXlCLEtBQUssSUFBSSxFQUFFLENBQUM7NEJBQzlDLE1BQU0sQ0FBQyx5QkFBeUIsR0FBRyxpQkFBaUIsQ0FBQzs0QkFDckQsSUFBSSxDQUFDLGlCQUFpQixDQUFDLHdCQUF3QixDQUFDLFVBQVUsRUFBRSxpQkFBaUIsQ0FBQyxDQUFDO3dCQUNqRixDQUFDO3dCQUNELE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQzt3QkFDYixJQUFJLENBQUMsaUJBQWlCLENBQUMsaUJBQWlCLENBQUMsTUFBTSxFQUFFLGlCQUFpQixDQUFDLENBQUM7b0JBQ3RFLENBQUM7Z0JBQ0gsQ0FBQyxFQUFFLEtBQUssQ0FBQyxDQUFDLENBQUMseUJBQXlCO1lBQ3RDLENBQUM7UUFDSCxDQUFDLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxrQkFBbUIsQ0FBQyxDQUFDO1FBRXRDLG1EQUFtRDtRQUNuRCxJQUFJLGNBQWMsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUN6QixjQUFjLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDekIsQ0FBQztRQUVELHVCQUF1QjtRQUN2QixNQUFNLENBQUMsRUFBRSxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsaUJBQWlCLENBQUMsV0FBVyxDQUFDLFVBQVUsRUFBRSxNQUFNLENBQUMsQ0FBQyxDQUFDO1FBRTNFLHVFQUF1RTtRQUN2RSxNQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDLEtBQWEsRUFBRSxFQUFFO1lBQ3BDLHNEQUFzRDtZQUN0RCxJQUFJLGNBQWMsRUFBRSxDQUFDO2dCQUNuQixZQUFZLENBQUMsY0FBYyxDQUFDLENBQUM7Z0JBQzdCLGNBQWMsR0FBRyxJQUFJLENBQUM7WUFDeEIsQ0FBQztZQUVELG1CQUFtQixHQUFHLElBQUksQ0FBQztZQUMzQixNQUFNLENBQUMsc0JBQXNCLEdBQUcsSUFBSSxDQUFDO1lBRXJDLHdDQUF3QztZQUN4QyxNQUFNLFNBQVMsR0FBRyxNQUFNLENBQUMsU0FBUyxDQUFDO1lBQ25DLElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLGNBQWMsQ0FBQyxLQUFLLENBQUMsSUFBSSxTQUFTLEtBQUssR0FBRyxFQUFFLENBQUM7Z0JBQ2hFLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLDZDQUE2QztvQkFDM0QsOEVBQThFLENBQ2pGLENBQUM7Z0JBQ0YsSUFBSSxNQUFNLENBQUMseUJBQXlCLEtBQUssSUFBSSxFQUFFLENBQUM7b0JBQzlDLE1BQU0sQ0FBQyx5QkFBeUIsR0FBRyxpQkFBaUIsQ0FBQztvQkFDckQsSUFBSSxDQUFDLGlCQUFpQixDQUFDLHdCQUF3QixDQUFDLFVBQVUsRUFBRSxpQkFBaUIsQ0FBQyxDQUFDO2dCQUNqRixDQUFDO2dCQUNELE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQztnQkFDYixJQUFJLENBQUMsaUJBQWlCLENBQUMsaUJBQWlCLENBQUMsTUFBTSxFQUFFLGlCQUFpQixDQUFDLENBQUM7Z0JBQ3BFLE9BQU87WUFDVCxDQUFDO1lBRUQsMkNBQTJDO1lBQzNDLElBQUksSUFBSSxDQUFDLFVBQVUsQ0FBQyxjQUFjLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztnQkFDMUMsTUFBTSxDQUFDLEtBQUssR0FBRyxJQUFJLENBQUM7Z0JBRXBCLCtFQUErRTtnQkFDL0UsSUFBSSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO29CQUN6Qyw0Q0FBNEM7b0JBQzVDLE1BQU0sUUFBUSxHQUFHO3dCQUNmLFFBQVEsRUFBRSxNQUFNLENBQUMsUUFBUTt3QkFDekIsVUFBVSxFQUFFLE1BQU0sQ0FBQyxVQUFVLElBQUksQ0FBQzt3QkFDbEMsTUFBTSxFQUFFLE1BQU0sQ0FBQyxZQUFZLElBQUksRUFBRTt3QkFDakMsUUFBUSxFQUFFLE1BQU0sQ0FBQyxTQUFTLElBQUksQ0FBQztxQkFDaEMsQ0FBQztvQkFFRixxRUFBcUU7b0JBQ3JFLE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLEtBQUssRUFBRSxRQUFRLENBQUMsQ0FBQztvQkFFL0QsNkVBQTZFO29CQUM3RSx5RkFBeUY7b0JBQ3pGLElBQUksVUFBVSxFQUFFLENBQUM7d0JBQ2Ysa0RBQWtEO3dCQUNsRCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsbUJBQW1CLENBQUMsZ0JBQWdCLENBQUMsVUFBVSxDQUFDLENBQUM7d0JBQzNFLE1BQU0sQ0FBQyxZQUFZLEdBQUcsWUFBWSxDQUFDO3dCQUNuQyxNQUFNLENBQUMsWUFBWSxHQUFHLFVBQVUsQ0FBQzt3QkFFakMsc0RBQXNEO3dCQUN0RCxJQUFJLFlBQVksSUFBSSxJQUFJLENBQUMsbUJBQW1CLENBQUMscUJBQXFCLENBQUMsWUFBWSxDQUFDLEVBQUUsQ0FBQzs0QkFDakYsTUFBTSxnQkFBZ0IsR0FBRyxJQUFJLENBQUMsbUJBQW1CLENBQUMsbUJBQW1CLENBQUMsWUFBWSxDQUFDLENBQUM7NEJBRXBGLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO2dDQUN4QyxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSw0Q0FBNEMsVUFBVSxZQUFZLGdCQUFnQixFQUFFLENBQ3JHLENBQUM7NEJBQ0osQ0FBQzs0QkFFRCxvREFBb0Q7NEJBQ3BELElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxxQkFBcUIsQ0FDM0MsWUFBWSxFQUNaLE1BQU0sRUFDTixNQUFNLEVBQ04sS0FBSyxFQUNMLGdCQUFnQixFQUNoQixDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLG1CQUFtQixDQUFDLE1BQU0sRUFBRSxNQUFNLENBQUMsQ0FDdkUsQ0FBQzs0QkFDRixPQUFPO3dCQUNULENBQUM7b0JBQ0gsQ0FBQzt5QkFBTSxJQUNMLElBQUksQ0FBQyxRQUFRLENBQUMsa0JBQWtCLEtBQUssS0FBSzt3QkFDMUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFDbkMsQ0FBQzt3QkFDRCw0RUFBNEU7d0JBQzVFLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLHVFQUF1RSxDQUN4RixDQUFDO29CQUNKLENBQUM7Z0JBQ0gsQ0FBQztnQkFFRCxvRUFBb0U7Z0JBQ3BFLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxxQkFBcUIsQ0FDM0MsWUFBWSxFQUNaLE1BQU0sRUFDTixNQUFNLEVBQ04sS0FBSyxFQUNMLFNBQVMsRUFDVCxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLG1CQUFtQixDQUFDLE1BQU0sRUFBRSxNQUFNLENBQUMsQ0FDdkUsQ0FBQztZQUNKLENBQUM7aUJBQU0sQ0FBQztnQkFDTiwyQ0FBMkM7Z0JBQzNDLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLDZDQUE2QyxNQUFNLENBQUMsU0FBUyxFQUFFLENBQ2hGLENBQUM7Z0JBQ0YsSUFBSSxDQUFDLHFCQUFxQixDQUFDLE1BQU0sRUFBRSxNQUFNLEVBQUUsU0FBUyxFQUFFLFNBQVMsRUFBRSxLQUFLLENBQUMsQ0FBQztZQUMxRSxDQUFDO1FBQ0gsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQ7O09BRUc7SUFDSyx3QkFBd0IsQ0FBQyxNQUEwQixFQUFFLE1BQXlCO1FBQ3BGLE1BQU0sWUFBWSxHQUFHLE1BQU0sQ0FBQyxFQUFFLENBQUM7UUFDL0IsTUFBTSxTQUFTLEdBQUcsTUFBTSxDQUFDLFNBQVMsQ0FBQztRQUVuQywyQ0FBMkM7UUFDM0MsTUFBTSx3QkFBd0IsR0FBRyxDQUFDLE1BQWMsRUFBRSxVQUFrQixFQUFFLEVBQUU7WUFDdEUsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLFlBQVksS0FBSyxVQUFVLEVBQUUsQ0FBQyxDQUFDO1lBQy9DLE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUNiLElBQUksTUFBTSxDQUFDLHlCQUF5QixLQUFLLElBQUksRUFBRSxDQUFDO2dCQUM5QyxNQUFNLENBQUMseUJBQXlCLEdBQUcsTUFBTSxDQUFDO2dCQUMxQyxJQUFJLENBQUMsaUJBQWlCLENBQUMsd0JBQXdCLENBQUMsVUFBVSxFQUFFLE1BQU0sQ0FBQyxDQUFDO1lBQ3RFLENBQUM7WUFDRCxJQUFJLENBQUMsaUJBQWlCLENBQUMsaUJBQWlCLENBQUMsTUFBTSxFQUFFLE1BQU0sQ0FBQyxDQUFDO1FBQzNELENBQUMsQ0FBQztRQUVGLElBQUksbUJBQW1CLEdBQUcsS0FBSyxDQUFDO1FBRWhDLGdEQUFnRDtRQUNoRCxJQUFJLGNBQWMsR0FBMEIsSUFBSSxDQUFDO1FBQ2pELElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUM3QixjQUFjLEdBQUcsVUFBVSxDQUFDLEdBQUcsRUFBRTtnQkFDL0IsSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7b0JBQ3pCLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLDJCQUEyQixJQUFJLENBQUMsUUFBUSxDQUFDLGtCQUFrQiwyQkFBMkIsTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUN4SCxDQUFDO29CQUVGLHNEQUFzRDtvQkFDdEQsVUFBVSxDQUFDLEdBQUcsRUFBRTt3QkFDZCxJQUFJLENBQUMsbUJBQW1CLEVBQUUsQ0FBQzs0QkFDekIsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLFlBQVksaURBQWlELENBQUMsQ0FBQzs0QkFDL0UsSUFBSSxNQUFNLENBQUMseUJBQXlCLEtBQUssSUFBSSxFQUFFLENBQUM7Z0NBQzlDLE1BQU0sQ0FBQyx5QkFBeUIsR0FBRyxpQkFBaUIsQ0FBQztnQ0FDckQsSUFBSSxDQUFDLGlCQUFpQixDQUFDLHdCQUF3QixDQUFDLFVBQVUsRUFBRSxpQkFBaUIsQ0FBQyxDQUFDOzRCQUNqRixDQUFDOzRCQUNELE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQzs0QkFDYixJQUFJLENBQUMsaUJBQWlCLENBQUMsaUJBQWlCLENBQUMsTUFBTSxFQUFFLGlCQUFpQixDQUFDLENBQUM7d0JBQ3RFLENBQUM7b0JBQ0gsQ0FBQyxFQUFFLEtBQUssQ0FBQyxDQUFDLENBQUMseUJBQXlCO2dCQUN0QyxDQUFDO1lBQ0gsQ0FBQyxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsa0JBQW1CLENBQUMsQ0FBQztZQUV0QyxtREFBbUQ7WUFDbkQsSUFBSSxjQUFjLENBQUMsS0FBSyxFQUFFLENBQUM7Z0JBQ3pCLGNBQWMsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUN6QixDQUFDO1FBQ0gsQ0FBQzthQUFNLENBQUM7WUFDTixtQkFBbUIsR0FBRyxJQUFJLENBQUM7WUFDM0IsTUFBTSxDQUFDLHNCQUFzQixHQUFHLElBQUksQ0FBQztRQUN2QyxDQUFDO1FBRUQsTUFBTSxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLGlCQUFpQixDQUFDLFdBQVcsQ0FBQyxVQUFVLEVBQUUsTUFBTSxDQUFDLENBQUMsQ0FBQztRQUUzRSxnQ0FBZ0M7UUFDaEMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxLQUFhLEVBQUUsRUFBRTtZQUNsQyxNQUFNLENBQUMsYUFBYSxJQUFJLEtBQUssQ0FBQyxNQUFNLENBQUM7WUFDckMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLENBQUM7WUFFM0MscURBQXFEO1lBQ3JELElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7Z0JBQzNELE1BQU0sQ0FBQyxLQUFLLEdBQUcsSUFBSSxDQUFDO2dCQUVwQixJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLEVBQUUsQ0FBQztvQkFDeEMsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksaUNBQWlDLE1BQU0sQ0FBQyxRQUFRLEtBQUssS0FBSyxDQUFDLE1BQU0sUUFBUSxDQUMxRixDQUFDO2dCQUNKLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQyxDQUFDLENBQUM7UUFFSDs7V0FFRztRQUNILE1BQU0sZUFBZSxHQUFHLENBQ3RCLFVBQWtCLEVBQ2xCLFlBQXFCLEVBQ3JCLFlBQTRCLEVBQzVCLFlBQXFCLEVBQ3JCLEVBQUU7WUFDRixzREFBc0Q7WUFDdEQsSUFBSSxjQUFjLEVBQUUsQ0FBQztnQkFDbkIsWUFBWSxDQUFDLGNBQWMsQ0FBQyxDQUFDO2dCQUM3QixjQUFjLEdBQUcsSUFBSSxDQUFDO1lBQ3hCLENBQUM7WUFFRCx3Q0FBd0M7WUFDeEMsbUJBQW1CLEdBQUcsSUFBSSxDQUFDO1lBQzNCLE1BQU0sQ0FBQyxzQkFBc0IsR0FBRyxJQUFJLENBQUM7WUFFckMsMkNBQTJDO1lBQzNDLElBQUksWUFBWSxJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUM7Z0JBQ2pFLE1BQU0sQ0FBQyxLQUFLLEdBQUcsSUFBSSxDQUFDO2dCQUVwQixJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLEVBQUUsQ0FBQztvQkFDeEMsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksc0NBQXNDLFlBQVksQ0FBQyxNQUFNLFFBQVEsQ0FDbEYsQ0FBQztnQkFDSixDQUFDO1lBQ0gsQ0FBQztZQUVELCtGQUErRjtZQUMvRixNQUFNLFlBQVksR0FBRyxZQUFZO2dCQUMvQixDQUFDLENBQUMsWUFBWTtnQkFDZCxDQUFDLENBQUMsVUFBVTtvQkFDWixDQUFDLENBQUMsSUFBSSxDQUFDLG1CQUFtQixDQUFDLGdCQUFnQixDQUFDLFVBQVUsQ0FBQztvQkFDdkQsQ0FBQyxDQUFDLFNBQVMsQ0FBQztZQUVkLDBDQUEwQztZQUMxQyxNQUFNLENBQUMsWUFBWSxHQUFHLFlBQVksQ0FBQztZQUVuQyx5RUFBeUU7WUFDekUsSUFDRSxZQUFZO2dCQUNaLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxxQkFBcUIsQ0FBQyxZQUFZLENBQUM7Z0JBQzVELElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxlQUFlLEVBQUUsRUFDekMsQ0FBQztnQkFDRCxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLEVBQUUsQ0FBQztvQkFDeEMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLFlBQVksWUFBWSxVQUFVLG9DQUFvQyxDQUFDLENBQUM7Z0JBQzFGLENBQUM7Z0JBRUQsTUFBTSxnQkFBZ0IsR0FBRyxJQUFJLENBQUMsbUJBQW1CLENBQUMsbUJBQW1CLENBQUMsWUFBWSxDQUFDLENBQUM7Z0JBRXBGLElBQUksWUFBWSxJQUFJLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztvQkFDakMsa0VBQWtFO29CQUNsRSxJQUFJLENBQUMsa0JBQWtCLENBQUMscUJBQXFCLENBQzNDLFlBQVksRUFDWixNQUFNLEVBQ04sTUFBTSxFQUNOLFlBQVksRUFDWixnQkFBZ0IsRUFDaEIsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxtQkFBbUIsQ0FBQyxNQUFNLEVBQUUsTUFBTSxDQUFDLENBQ3ZFLENBQUM7b0JBQ0YsT0FBTyxDQUFDLCtCQUErQjtnQkFDekMsQ0FBQztZQUNILENBQUM7WUFFRCxnQkFBZ0I7WUFDaEIsSUFBSSxZQUFZLEVBQUUsQ0FBQztnQkFDakIsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLG1CQUFtQixDQUFDLG1CQUFtQixDQUFDLFlBQVksQ0FBQyxDQUFDO2dCQUUzRSw0Q0FBNEM7Z0JBQzVDLElBQ0UsWUFBWSxDQUFDLFVBQVUsQ0FBQyxNQUFNLEdBQUcsQ0FBQztvQkFDbEMsQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLGNBQWMsQ0FDbEMsTUFBTSxDQUFDLFFBQVEsRUFDZixPQUFPLENBQUMsVUFBVSxFQUNsQixPQUFPLENBQUMsVUFBVSxDQUNuQixFQUNELENBQUM7b0JBQ0QsT0FBTyx3QkFBd0IsQ0FDN0IsVUFBVSxFQUNWLDJCQUNFLE1BQU0sQ0FBQyxRQUNULDJCQUEyQixZQUFZLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUM3RCxDQUFDO2dCQUNKLENBQUM7WUFDSCxDQUFDO2lCQUFNLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztnQkFDekYsSUFDRSxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsY0FBYyxDQUNsQyxNQUFNLENBQUMsUUFBUSxFQUNmLElBQUksQ0FBQyxRQUFRLENBQUMsaUJBQWlCLEVBQy9CLElBQUksQ0FBQyxRQUFRLENBQUMsaUJBQWlCLElBQUksRUFBRSxDQUN0QyxFQUNELENBQUM7b0JBQ0QsT0FBTyx3QkFBd0IsQ0FDN0IsVUFBVSxFQUNWLDJCQUEyQixNQUFNLENBQUMsUUFBUSxzQ0FBc0MsQ0FDakYsQ0FBQztnQkFDSixDQUFDO1lBQ0gsQ0FBQztZQUVELHVCQUF1QjtZQUN2QixJQUFJLFVBQVUsRUFBRSxDQUFDO2dCQUNmLE1BQU0sQ0FBQyxZQUFZLEdBQUcsVUFBVSxDQUFDO1lBQ25DLENBQUM7WUFFRCwrQkFBK0I7WUFDL0IsSUFBSSxDQUFDLHFCQUFxQixDQUN4QixNQUFNLEVBQ04sTUFBTSxFQUNOLFlBQVksRUFDWixVQUFVLEVBQ1YsWUFBWSxFQUNaLFlBQVksQ0FDYixDQUFDO1FBQ0osQ0FBQyxDQUFDO1FBRUYsb0NBQW9DO1FBQ3BDLDRGQUE0RjtRQUM1RixJQUFJLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxvQkFBb0IsQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDO1lBQzFELElBQUksSUFBSSxDQUFDLGdCQUFnQixDQUFDLHlCQUF5QixDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUM7Z0JBQy9ELElBQ0UsSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUI7b0JBQy9CLElBQUksQ0FBQyxRQUFRLENBQUMsaUJBQWlCLENBQUMsTUFBTSxHQUFHLENBQUM7b0JBQzFDLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLFFBQVEsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDLEVBQ3RGLENBQUM7b0JBQ0QsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVkscUJBQXFCLE1BQU0sQ0FBQyxRQUFRLGlCQUFpQixNQUFNLENBQUMsUUFBUSw4Q0FBOEMsQ0FDbkksQ0FBQztvQkFDRixNQUFNLENBQUMsR0FBRyxFQUFFLENBQUM7b0JBQ2IsT0FBTztnQkFDVCxDQUFDO2dCQUNELElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO29CQUN4QyxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSxnQ0FBZ0MsTUFBTSxDQUFDLFFBQVEsWUFBWSxTQUFTLGtDQUFrQyxJQUFJLENBQUMsUUFBUSxDQUFDLFFBQVEsR0FBRyxDQUNoSixDQUFDO2dCQUNKLENBQUM7Z0JBQ0QsZUFBZSxDQUNiLEVBQUUsRUFDRixTQUFTLEVBQ1Q7b0JBQ0UsT0FBTyxFQUFFLENBQUMsUUFBUSxDQUFDO29CQUNuQixVQUFVLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsSUFBSSxFQUFFO29CQUNqRCxVQUFVLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsSUFBSSxFQUFFO29CQUNqRCxTQUFTLEVBQUUsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLFFBQVMsQ0FBQztvQkFDcEMsVUFBVSxFQUFFLEVBQUU7aUJBQ2YsRUFDRCxTQUFTLENBQ1YsQ0FBQztnQkFDRixPQUFPO1lBQ1QsQ0FBQztpQkFBTSxDQUFDO2dCQUNOLDJFQUEyRTtnQkFDM0UsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLG1CQUFtQixDQUFDLHVCQUF1QixDQUFDLFNBQVMsQ0FBQyxDQUFDO2dCQUVqRixJQUFJLFlBQVksRUFBRSxDQUFDO29CQUNqQixNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsbUJBQW1CLENBQUMsbUJBQW1CLENBQUMsWUFBWSxDQUFDLENBQUM7b0JBRTNFLElBQ0UsQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLGNBQWMsQ0FDbEMsTUFBTSxDQUFDLFFBQVEsRUFDZixPQUFPLENBQUMsVUFBVSxFQUNsQixPQUFPLENBQUMsVUFBVSxDQUNuQixFQUNELENBQUM7d0JBQ0QsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVkscUJBQ2QsTUFBTSxDQUFDLFFBQ1Qsd0NBQXdDLFlBQVksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUMvRCxJQUFJLENBQ0wsWUFBWSxTQUFTLEdBQUcsQ0FDMUIsQ0FBQzt3QkFDRixNQUFNLENBQUMsR0FBRyxFQUFFLENBQUM7d0JBQ2IsT0FBTztvQkFDVCxDQUFDO29CQUVELElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO3dCQUN4QyxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSxnQ0FDZCxNQUFNLENBQUMsUUFDVCxZQUFZLFNBQVMsbUJBQW1CLFlBQVksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQzNFLENBQUM7b0JBQ0osQ0FBQztvQkFFRCxlQUFlLENBQUMsRUFBRSxFQUFFLFNBQVMsRUFBRSxZQUFZLEVBQUUsU0FBUyxDQUFDLENBQUM7b0JBQ3hELE9BQU87Z0JBQ1QsQ0FBQztnQkFDRCw0RUFBNEU7WUFDOUUsQ0FBQztRQUNILENBQUM7UUFFRCx5RUFBeUU7UUFDekUsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQzdCLG1CQUFtQixHQUFHLEtBQUssQ0FBQztZQUU1QixNQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDLEtBQWEsRUFBRSxFQUFFO2dCQUNwQyw0QkFBNEI7Z0JBQzVCLElBQUksY0FBYyxFQUFFLENBQUM7b0JBQ25CLFlBQVksQ0FBQyxjQUFjLENBQUMsQ0FBQztvQkFDN0IsY0FBYyxHQUFHLElBQUksQ0FBQztnQkFDeEIsQ0FBQztnQkFFRCxtQkFBbUIsR0FBRyxJQUFJLENBQUM7Z0JBRTNCLHdDQUF3QztnQkFDeEMsSUFBSSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQyxJQUFJLFNBQVMsS0FBSyxHQUFHLEVBQUUsQ0FBQztvQkFDaEUsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksNERBQTREO3dCQUMxRSw4RUFBOEUsQ0FDakYsQ0FBQztvQkFDRixJQUFJLE1BQU0sQ0FBQyx5QkFBeUIsS0FBSyxJQUFJLEVBQUUsQ0FBQzt3QkFDOUMsTUFBTSxDQUFDLHlCQUF5QixHQUFHLGlCQUFpQixDQUFDO3dCQUNyRCxJQUFJLENBQUMsaUJBQWlCLENBQUMsd0JBQXdCLENBQUMsVUFBVSxFQUFFLGlCQUFpQixDQUFDLENBQUM7b0JBQ2pGLENBQUM7b0JBQ0QsTUFBTSxDQUFDLEdBQUcsRUFBRSxDQUFDO29CQUNiLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLEVBQUUsaUJBQWlCLENBQUMsQ0FBQztvQkFDcEUsT0FBTztnQkFDVCxDQUFDO2dCQUVELHFCQUFxQjtnQkFDckIsSUFBSSxVQUFVLEdBQUcsRUFBRSxDQUFDO2dCQUVwQixJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7b0JBQzFDLE1BQU0sQ0FBQyxLQUFLLEdBQUcsSUFBSSxDQUFDO29CQUVwQixJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLEVBQUUsQ0FBQzt3QkFDeEMsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksd0NBQXdDLEtBQUssQ0FBQyxNQUFNLFFBQVEsQ0FDN0UsQ0FBQztvQkFDSixDQUFDO29CQUVELG1EQUFtRDtvQkFDbkQsTUFBTSxRQUFRLEdBQUc7d0JBQ2YsUUFBUSxFQUFFLE1BQU0sQ0FBQyxRQUFRO3dCQUN6QixVQUFVLEVBQUUsTUFBTSxDQUFDLFVBQVUsSUFBSSxDQUFDO3dCQUNsQyxNQUFNLEVBQUUsTUFBTSxDQUFDLFlBQVksSUFBSSxFQUFFO3dCQUNqQyxRQUFRLEVBQUUsTUFBTSxDQUFDLFNBQVMsSUFBSSxDQUFDO3FCQUNoQyxDQUFDO29CQUVGLGNBQWM7b0JBQ2QsVUFBVSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLEtBQUssRUFBRSxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7b0JBRS9ELGlHQUFpRztvQkFDakcsSUFDRSxJQUFJLENBQUMsUUFBUSxDQUFDLGtCQUFrQixLQUFLLEtBQUs7d0JBQzFDLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxDQUFDLEtBQUssQ0FBQzt3QkFDcEMsQ0FBQyxVQUFVLEVBQ1gsQ0FBQzt3QkFDRCxpRUFBaUU7d0JBQ2pFLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLGlFQUFpRTs0QkFDL0UsZ0ZBQWdGLENBQ25GLENBQUM7d0JBRUYsbUNBQW1DO3dCQUNuQyxJQUFJLE1BQU0sQ0FBQyx5QkFBeUIsS0FBSyxJQUFJLEVBQUUsQ0FBQzs0QkFDOUMsTUFBTSxDQUFDLHlCQUF5QixHQUFHLCtCQUErQixDQUFDOzRCQUNuRSxJQUFJLENBQUMsaUJBQWlCLENBQUMsd0JBQXdCLENBQzdDLFVBQVUsRUFDViwrQkFBK0IsQ0FDaEMsQ0FBQzt3QkFDSixDQUFDO3dCQUVELHFEQUFxRDt3QkFDckQsdURBQXVEO3dCQUN2RCxNQUFNLDBCQUEwQixHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUM7NEJBQzdDLElBQUksRUFBRSxvQkFBb0I7NEJBQzFCLElBQUk7NEJBQ0osSUFBSSxFQUFFLGtCQUFrQjs0QkFDeEIsSUFBSTs0QkFDSixJQUFJLEVBQUUsU0FBUzs0QkFDZixJQUFJLEVBQUUsa0NBQWtDOzRCQUN4QyxJQUFJLEVBQUUscUNBQXFDO3lCQUM1QyxDQUFDLENBQUM7d0JBRUgsSUFBSSxDQUFDOzRCQUNILGlFQUFpRTs0QkFDakUsTUFBTSxDQUFDLElBQUksRUFBRSxDQUFDOzRCQUNkLE1BQU0sZUFBZSxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsMEJBQTBCLENBQUMsQ0FBQzs0QkFDakUsTUFBTSxDQUFDLE1BQU0sRUFBRSxDQUFDOzRCQUNoQixNQUFNLENBQUMsR0FBRyxFQUFFLENBQUM7NEJBRWIsdUVBQXVFOzRCQUN2RSxNQUFNLGdCQUFnQixHQUFHLEdBQUcsRUFBRTtnQ0FDNUIsSUFBSSxDQUFDLGlCQUFpQixDQUFDLGlCQUFpQixDQUFDLE1BQU0sRUFBRSwrQkFBK0IsQ0FBQyxDQUFDOzRCQUNwRixDQUFDLENBQUM7NEJBRUYsSUFBSSxlQUFlLEVBQUUsQ0FBQztnQ0FDcEIsOEVBQThFO2dDQUM5RSxVQUFVLENBQUMsZ0JBQWdCLEVBQUUsR0FBRyxDQUFDLENBQUMsQ0FBQywrQkFBK0I7NEJBQ3BFLENBQUM7aUNBQU0sQ0FBQztnQ0FDTiwwREFBMEQ7Z0NBQzFELE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxFQUFFLEdBQUcsRUFBRTtvQ0FDeEIsa0NBQWtDO29DQUNsQyxVQUFVLENBQUMsZ0JBQWdCLEVBQUUsR0FBRyxDQUFDLENBQUM7Z0NBQ3BDLENBQUMsQ0FBQyxDQUFDO2dDQUVILGtDQUFrQztnQ0FDbEMsVUFBVSxDQUFDLEdBQUcsRUFBRTtvQ0FDZCxNQUFNLENBQUMsa0JBQWtCLENBQUMsT0FBTyxDQUFDLENBQUM7b0NBQ25DLGdCQUFnQixFQUFFLENBQUM7Z0NBQ3JCLENBQUMsRUFBRSxHQUFHLENBQUMsQ0FBQyxDQUFDLGdDQUFnQzs0QkFDM0MsQ0FBQzt3QkFDSCxDQUFDO3dCQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7NEJBQ2IsaUVBQWlFOzRCQUNqRSxPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksWUFBWSw4QkFBOEIsR0FBRyxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7NEJBQ3pFLE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQzs0QkFDYixJQUFJLENBQUMsaUJBQWlCLENBQUMsaUJBQWlCLENBQUMsTUFBTSxFQUFFLCtCQUErQixDQUFDLENBQUM7d0JBQ3BGLENBQUM7d0JBRUQsT0FBTztvQkFDVCxDQUFDO2dCQUNILENBQUM7Z0JBRUQsNkNBQTZDO2dCQUM3QyxNQUFNLENBQUMsWUFBWSxHQUFHLFVBQVUsQ0FBQztnQkFFakMsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7b0JBQ3hDLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLDhCQUE4QixNQUFNLENBQUMsUUFBUSxjQUMzRCxVQUFVLElBQUksU0FDaEIsRUFBRSxDQUNILENBQUM7Z0JBQ0osQ0FBQztnQkFFRCxlQUFlLENBQUMsVUFBVSxFQUFFLEtBQUssQ0FBQyxDQUFDO1lBQ3JDLENBQUMsQ0FBQyxDQUFDO1FBQ0wsQ0FBQzthQUFNLENBQUM7WUFDTixtQkFBbUIsR0FBRyxJQUFJLENBQUM7WUFDM0IsTUFBTSxDQUFDLHNCQUFzQixHQUFHLElBQUksQ0FBQztZQUVyQyxJQUNFLElBQUksQ0FBQyxRQUFRLENBQUMsaUJBQWlCO2dCQUMvQixJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDLE1BQU0sR0FBRyxDQUFDO2dCQUMxQyxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsY0FBYyxDQUFDLE1BQU0sQ0FBQyxRQUFRLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQyxFQUN0RixDQUFDO2dCQUNELE9BQU8sd0JBQXdCLENBQzdCLFVBQVUsRUFDViwyQkFBMkIsTUFBTSxDQUFDLFFBQVEscUNBQXFDLENBQ2hGLENBQUM7WUFDSixDQUFDO1lBRUQsZUFBZSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ3RCLENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSyxxQkFBcUIsQ0FDM0IsTUFBMEIsRUFDMUIsTUFBeUIsRUFDekIsWUFBNEIsRUFDNUIsVUFBbUIsRUFDbkIsWUFBcUIsRUFDckIsWUFBcUI7UUFFckIsTUFBTSxZQUFZLEdBQUcsTUFBTSxDQUFDLEVBQUUsQ0FBQztRQUUvQix3QkFBd0I7UUFDeEIsTUFBTSxVQUFVLEdBQUcsWUFBWTtZQUM3QixDQUFDLENBQUMsSUFBSSxDQUFDLG1CQUFtQixDQUFDLFdBQVcsQ0FBQyxZQUFZLENBQUM7WUFDcEQsQ0FBQyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsUUFBUyxDQUFDO1FBRTVCLHdCQUF3QjtRQUN4QixNQUFNLFVBQVUsR0FBRyxZQUFZLEtBQUssU0FBUyxDQUFDLENBQUMsQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDO1FBRXBGLDJCQUEyQjtRQUMzQixNQUFNLGlCQUFpQixHQUErQjtZQUNwRCxJQUFJLEVBQUUsVUFBVTtZQUNoQixJQUFJLEVBQUUsVUFBVTtTQUNqQixDQUFDO1FBRUYsbUNBQW1DO1FBQ25DLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1lBQ25DLGlCQUFpQixDQUFDLFlBQVksR0FBRyxNQUFNLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDMUUsQ0FBQztRQUVELHdDQUF3QztRQUN4QyxNQUFNLFNBQVMsR0FBYSxFQUFFLENBQUM7UUFDL0IsSUFBSSxTQUFTLEdBQUcsQ0FBQyxDQUFDO1FBQ2xCLElBQUksZUFBZSxHQUFHLEtBQUssQ0FBQztRQUM1QixJQUFJLFlBQVksR0FBRyxLQUFLLENBQUM7UUFDekIsSUFBSSxpQkFBaUIsR0FBRyxLQUFLLENBQUM7UUFFOUIsd0RBQXdEO1FBQ3hELE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUVmLGtFQUFrRTtRQUNsRSxNQUFNLGdCQUFnQixHQUFHLEdBQUcsRUFBRTtZQUM1QixJQUFJLGVBQWUsSUFBSSxTQUFTLENBQUMsTUFBTSxLQUFLLENBQUMsSUFBSSxpQkFBaUI7Z0JBQUUsT0FBTztZQUUzRSxlQUFlLEdBQUcsSUFBSSxDQUFDO1lBRXZCLElBQUksQ0FBQztnQkFDSCw0REFBNEQ7Z0JBQzVELE9BQU8sU0FBUyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztvQkFDNUIsTUFBTSxLQUFLLEdBQUcsU0FBUyxDQUFDLEtBQUssRUFBRyxDQUFDO29CQUNqQyxTQUFTLElBQUksS0FBSyxDQUFDLE1BQU0sQ0FBQztvQkFFMUIscURBQXFEO29CQUNyRCx5REFBeUQ7b0JBQ3pELElBQUksaUJBQWlCLElBQUksTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUFDO3dCQUN6QyxNQUFNLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQzt3QkFDN0IsU0FBUztvQkFDWCxDQUFDO29CQUVELHVCQUF1QjtvQkFDdkIsTUFBTSxDQUFDLGFBQWEsSUFBSSxLQUFLLENBQUMsTUFBTSxDQUFDO29CQUVyQywwQkFBMEI7b0JBQzFCLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7d0JBQzNELE1BQU0sQ0FBQyxLQUFLLEdBQUcsSUFBSSxDQUFDO3dCQUVwQixJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLEVBQUUsQ0FBQzs0QkFDeEMsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksZ0RBQWdELEtBQUssQ0FBQyxNQUFNLFFBQVEsQ0FDckYsQ0FBQzt3QkFDSixDQUFDO29CQUNILENBQUM7b0JBRUQsMkRBQTJEO29CQUMzRCxNQUFNLE9BQU8sR0FBRyxNQUFNLENBQUMsZUFBZSxHQUFHLEtBQUssQ0FBQyxNQUFNLENBQUM7b0JBRXRELElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxrQkFBa0IsSUFBSSxPQUFPLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO3dCQUNuRixPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSwrQ0FBK0MsTUFBTSxDQUFDLFFBQVEsS0FBSyxPQUFPLFlBQVksSUFBSSxDQUFDLFFBQVEsQ0FBQyxrQkFBa0IsUUFBUSxDQUMvSSxDQUFDO3dCQUNGLE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDLDhCQUE4Qjt3QkFDNUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLG1CQUFtQixDQUFDLE1BQU0sRUFBRSx1QkFBdUIsQ0FBQyxDQUFDO3dCQUM1RSxPQUFPO29CQUNULENBQUM7b0JBRUQsK0NBQStDO29CQUMvQyxNQUFNLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7b0JBQzVDLE1BQU0sQ0FBQyxlQUFlLEdBQUcsT0FBTyxDQUFDO29CQUNqQyxJQUFJLENBQUMsY0FBYyxDQUFDLGNBQWMsQ0FBQyxNQUFNLENBQUMsQ0FBQztnQkFDN0MsQ0FBQztZQUNILENBQUM7b0JBQVMsQ0FBQztnQkFDVCxlQUFlLEdBQUcsS0FBSyxDQUFDO2dCQUV4Qiw2REFBNkQ7Z0JBQzdELHdFQUF3RTtnQkFDeEUsSUFBSSxZQUFZLElBQUksU0FBUyxDQUFDLE1BQU0sS0FBSyxDQUFDLElBQUksQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO29CQUNqRSxZQUFZLEdBQUcsS0FBSyxDQUFDO29CQUNyQixNQUFNLENBQUMsTUFBTSxFQUFFLENBQUM7Z0JBQ2xCLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQyxDQUFDO1FBRUYsd0RBQXdEO1FBQ3hELE1BQU0sZUFBZSxHQUFHLENBQUMsS0FBYSxFQUFFLEVBQUU7WUFDeEMsZ0VBQWdFO1lBQ2hFLElBQUksaUJBQWlCO2dCQUFFLE9BQU87WUFFOUIsMENBQTBDO1lBQzFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMseUJBQXlCO1lBQzdELFNBQVMsSUFBSSxLQUFLLENBQUMsTUFBTSxDQUFDO1lBRTFCLDREQUE0RDtZQUM1RCxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsa0JBQWtCLElBQUksU0FBUyxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsa0JBQWtCLEdBQUcsR0FBRyxFQUFFLENBQUM7Z0JBQzNGLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztnQkFDZixZQUFZLEdBQUcsSUFBSSxDQUFDO1lBQ3RCLENBQUM7WUFFRCxvQkFBb0I7WUFDcEIsZ0JBQWdCLEVBQUUsQ0FBQztRQUNyQixDQUFDLENBQUM7UUFFRiw0QkFBNEI7UUFDNUIsTUFBTSxDQUFDLEVBQUUsQ0FBQyxNQUFNLEVBQUUsZUFBZSxDQUFDLENBQUM7UUFFbkMsK0NBQStDO1FBQy9DLElBQUksWUFBWSxFQUFFLENBQUM7WUFDakIsTUFBTSxDQUFDLGFBQWEsSUFBSSxZQUFZLENBQUMsTUFBTSxDQUFDO1lBQzVDLE1BQU0sQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQztZQUNuRCxNQUFNLENBQUMsZUFBZSxHQUFHLFlBQVksQ0FBQyxNQUFNLENBQUM7UUFDL0MsQ0FBQztRQUVELCtEQUErRDtRQUMvRCxNQUFNLFlBQVksR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO1FBQzVELE1BQU0sQ0FBQyxRQUFRLEdBQUcsWUFBWSxDQUFDO1FBQy9CLE1BQU0sQ0FBQyxpQkFBaUIsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFFdEMsNkJBQTZCO1FBQzdCLFlBQVksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUUvQywrREFBK0Q7UUFDL0QsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQzVCLFlBQVksQ0FBQyxZQUFZLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLENBQUMsQ0FBQztZQUVyRSxtREFBbUQ7WUFDbkQsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7Z0JBQ3hDLElBQUksQ0FBQztvQkFDSCxJQUFJLG9CQUFvQixJQUFJLFlBQVksRUFBRSxDQUFDO3dCQUN4QyxZQUFvQixDQUFDLGtCQUFrQixDQUFDLEVBQUUsQ0FBQyxDQUFDO29CQUMvQyxDQUFDO29CQUNELElBQUksc0JBQXNCLElBQUksWUFBWSxFQUFFLENBQUM7d0JBQzFDLFlBQW9CLENBQUMsb0JBQW9CLENBQUMsSUFBSSxDQUFDLENBQUM7b0JBQ25ELENBQUM7Z0JBQ0gsQ0FBQztnQkFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO29CQUNiLGtEQUFrRDtvQkFDbEQsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7d0JBQ3hDLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLGdFQUFnRSxHQUFHLEVBQUUsQ0FDdEYsQ0FBQztvQkFDSixDQUFDO2dCQUNILENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUVELG9EQUFvRDtRQUNwRCxZQUFZLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDLEdBQUcsRUFBRSxFQUFFO1lBQ2pDLGtFQUFrRTtZQUNsRSxNQUFNLElBQUksR0FBSSxHQUFXLENBQUMsSUFBSSxDQUFDO1lBQy9CLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLCtCQUErQixVQUFVLElBQUksaUJBQWlCLENBQUMsSUFBSSxLQUFLLEdBQUcsQ0FBQyxPQUFPLEtBQUssSUFBSSxHQUFHLENBQ2hILENBQUM7WUFFRix3REFBd0Q7WUFDeEQsTUFBTSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBRWhCLElBQUksSUFBSSxLQUFLLGNBQWMsRUFBRSxDQUFDO2dCQUM1QixPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSxZQUFZLFVBQVUsSUFBSSxpQkFBaUIsQ0FBQyxJQUFJLHFCQUFxQixDQUN0RixDQUFDO1lBQ0osQ0FBQztpQkFBTSxJQUFJLElBQUksS0FBSyxXQUFXLEVBQUUsQ0FBQztnQkFDaEMsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksbUJBQW1CLFVBQVUsSUFBSSxpQkFBaUIsQ0FBQyxJQUFJLFlBQVksQ0FDcEYsQ0FBQztZQUNKLENBQUM7aUJBQU0sSUFBSSxJQUFJLEtBQUssWUFBWSxFQUFFLENBQUM7Z0JBQ2pDLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLG1CQUFtQixVQUFVLElBQUksaUJBQWlCLENBQUMsSUFBSSxZQUFZLENBQ3BGLENBQUM7WUFDSixDQUFDO2lCQUFNLElBQUksSUFBSSxLQUFLLGNBQWMsRUFBRSxDQUFDO2dCQUNuQyxPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksWUFBWSxVQUFVLFVBQVUsaUJBQWlCLENBQUMsQ0FBQztZQUNyRSxDQUFDO1lBRUQsMERBQTBEO1lBQzFELFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxPQUFPLENBQUMsQ0FBQztZQUV6Qyw4REFBOEQ7WUFDOUQsWUFBWSxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLGlCQUFpQixDQUFDLFdBQVcsQ0FBQyxVQUFVLEVBQUUsTUFBTSxDQUFDLENBQUMsQ0FBQztZQUVqRixJQUFJLE1BQU0sQ0FBQyx5QkFBeUIsS0FBSyxJQUFJLEVBQUUsQ0FBQztnQkFDOUMsTUFBTSxDQUFDLHlCQUF5QixHQUFHLG1CQUFtQixDQUFDO2dCQUN2RCxJQUFJLENBQUMsaUJBQWlCLENBQUMsd0JBQXdCLENBQUMsVUFBVSxFQUFFLG1CQUFtQixDQUFDLENBQUM7WUFDbkYsQ0FBQztZQUVELDBCQUEwQjtZQUMxQixJQUFJLENBQUMsaUJBQWlCLENBQUMsbUJBQW1CLENBQUMsTUFBTSxFQUFFLHFCQUFxQixJQUFJLEVBQUUsQ0FBQyxDQUFDO1FBQ2xGLENBQUMsQ0FBQyxDQUFDO1FBRUgsc0JBQXNCO1FBQ3RCLFlBQVksQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxXQUFXLENBQUMsVUFBVSxFQUFFLE1BQU0sQ0FBQyxDQUFDLENBQUM7UUFDakYsTUFBTSxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLGlCQUFpQixDQUFDLFdBQVcsQ0FBQyxVQUFVLEVBQUUsTUFBTSxDQUFDLENBQUMsQ0FBQztRQUUzRSw0Q0FBNEM7UUFDNUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxTQUFTLEVBQUUsR0FBRyxFQUFFO1lBQ3hCLG9FQUFvRTtZQUNwRSxJQUFJLE1BQU0sQ0FBQyxZQUFZLEVBQUUsQ0FBQztnQkFDeEIsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksMERBQ2QsTUFBTSxDQUFDLFFBQ1QsVUFBVSxPQUFPLENBQUMsUUFBUSxDQUN4QixJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsSUFBSSxPQUFPLENBQ3ZDLHlCQUF5QixDQUMzQixDQUFDO2dCQUNGLE9BQU87WUFDVCxDQUFDO1lBRUQsOERBQThEO1lBQzlELE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLG1DQUNkLE1BQU0sQ0FBQyxRQUNULFVBQVUsT0FBTyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsSUFBSSxPQUFPLENBQUMsRUFBRSxDQUNyRSxDQUFDO1lBQ0YsSUFBSSxNQUFNLENBQUMseUJBQXlCLEtBQUssSUFBSSxFQUFFLENBQUM7Z0JBQzlDLE1BQU0sQ0FBQyx5QkFBeUIsR0FBRyxTQUFTLENBQUM7Z0JBQzdDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyx3QkFBd0IsQ0FBQyxVQUFVLEVBQUUsU0FBUyxDQUFDLENBQUM7WUFDekUsQ0FBQztZQUNELElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxtQkFBbUIsQ0FBQyxNQUFNLEVBQUUsa0JBQWtCLENBQUMsQ0FBQztRQUN6RSxDQUFDLENBQUMsQ0FBQztRQUVILFlBQVksQ0FBQyxFQUFFLENBQUMsU0FBUyxFQUFFLEdBQUcsRUFBRTtZQUM5QixvRUFBb0U7WUFDcEUsSUFBSSxNQUFNLENBQUMsWUFBWSxFQUFFLENBQUM7Z0JBQ3hCLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLDBEQUNkLE1BQU0sQ0FBQyxRQUNULFVBQVUsT0FBTyxDQUFDLFFBQVEsQ0FDeEIsSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLElBQUksT0FBTyxDQUN2Qyx5QkFBeUIsQ0FDM0IsQ0FBQztnQkFDRixPQUFPO1lBQ1QsQ0FBQztZQUVELDhEQUE4RDtZQUM5RCxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSxtQ0FDZCxNQUFNLENBQUMsUUFDVCxVQUFVLE9BQU8sQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLElBQUksT0FBTyxDQUFDLEVBQUUsQ0FDckUsQ0FBQztZQUNGLElBQUksTUFBTSxDQUFDLHlCQUF5QixLQUFLLElBQUksRUFBRSxDQUFDO2dCQUM5QyxNQUFNLENBQUMseUJBQXlCLEdBQUcsU0FBUyxDQUFDO2dCQUM3QyxJQUFJLENBQUMsaUJBQWlCLENBQUMsd0JBQXdCLENBQUMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxDQUFDO1lBQ3pFLENBQUM7WUFDRCxJQUFJLENBQUMsaUJBQWlCLENBQUMsbUJBQW1CLENBQUMsTUFBTSxFQUFFLGtCQUFrQixDQUFDLENBQUM7UUFDekUsQ0FBQyxDQUFDLENBQUM7UUFFSCx3QkFBd0I7UUFDeEIsSUFBSSxDQUFDLGNBQWMsQ0FBQyxtQkFBbUIsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUVoRCx5Q0FBeUM7UUFDekMsWUFBWSxDQUFDLEVBQUUsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxLQUFhLEVBQUUsRUFBRTtZQUN4QyxNQUFNLENBQUMsU0FBUyxJQUFJLEtBQUssQ0FBQyxNQUFNLENBQUM7WUFDakMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDN0MsQ0FBQyxDQUFDLENBQUM7UUFFSCx3RUFBd0U7UUFDeEUsWUFBWSxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsR0FBRyxFQUFFO1lBQ2hDLDZDQUE2QztZQUM3QyxZQUFZLENBQUMsa0JBQWtCLENBQUMsT0FBTyxDQUFDLENBQUM7WUFFekMsMkRBQTJEO1lBQzNELFlBQVksQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxXQUFXLENBQUMsVUFBVSxFQUFFLE1BQU0sQ0FBQyxDQUFDLENBQUM7WUFFakYscUVBQXFFO1lBQ3JFLGdCQUFnQixFQUFFLENBQUM7WUFFbkIsNEJBQTRCO1lBQzVCLGlCQUFpQixHQUFHLElBQUksQ0FBQztZQUV6QixtQ0FBbUM7WUFDbkMsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztnQkFDbEMsTUFBTSxZQUFZLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLENBQUM7Z0JBRXZELElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO29CQUN4QyxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSxnQkFBZ0IsWUFBWSxDQUFDLE1BQU0sa0NBQWtDLENBQ3RGLENBQUM7Z0JBQ0osQ0FBQztnQkFFRCxpQ0FBaUM7Z0JBQ2pDLFlBQVksQ0FBQyxLQUFLLENBQUMsWUFBWSxFQUFFLENBQUMsR0FBRyxFQUFFLEVBQUU7b0JBQ3ZDLElBQUksR0FBRyxFQUFFLENBQUM7d0JBQ1IsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLFlBQVksMkNBQTJDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO3dCQUN0RixPQUFPLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxtQkFBbUIsQ0FBQyxNQUFNLEVBQUUsYUFBYSxDQUFDLENBQUM7b0JBQzNFLENBQUM7Z0JBQ0gsQ0FBQyxDQUFDLENBQUM7Z0JBRUgsK0NBQStDO2dCQUMvQyxNQUFNLENBQUMsV0FBVyxHQUFHLEVBQUUsQ0FBQztnQkFDeEIsTUFBTSxDQUFDLGVBQWUsR0FBRyxDQUFDLENBQUM7WUFDN0IsQ0FBQztZQUVELHFEQUFxRDtZQUNyRCxNQUFNLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDO1lBQzFCLFlBQVksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7WUFFMUIseUNBQXlDO1lBQ3pDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUVoQix1REFBdUQ7WUFDdkQsSUFBSSxTQUFTLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUN6QixnRUFBZ0U7Z0JBQ2hFLEtBQUssTUFBTSxLQUFLLElBQUksU0FBUyxFQUFFLENBQUM7b0JBQzlCLFlBQVksQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUM7Z0JBQzVCLENBQUM7Z0JBQ0Qsa0JBQWtCO2dCQUNsQixTQUFTLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQztnQkFDckIsU0FBUyxHQUFHLENBQUMsQ0FBQztZQUNoQixDQUFDO1lBRUQsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7Z0JBQ3hDLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLDZCQUE2QixNQUFNLENBQUMsUUFBUSxPQUFPLFVBQVUsSUFBSSxpQkFBaUIsQ0FBQyxJQUFJLEVBQUU7b0JBQ3ZHLEdBQ0UsVUFBVTt3QkFDUixDQUFDLENBQUMsVUFBVSxVQUFVLEdBQUc7d0JBQ3pCLENBQUMsQ0FBQyxZQUFZOzRCQUNkLENBQUMsQ0FBQyw0QkFBNEIsWUFBWSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUc7NEJBQ2hFLENBQUMsQ0FBQyxFQUNOLEVBQUU7b0JBQ0YsU0FBUyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLElBQUksaUJBQ2xDLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsSUFDaEMsRUFBRSxDQUNMLENBQUM7WUFDSixDQUFDO2lCQUFNLENBQUM7Z0JBQ04sT0FBTyxDQUFDLEdBQUcsQ0FDVCwyQkFBMkIsTUFBTSxDQUFDLFFBQVEsT0FBTyxVQUFVLElBQUksaUJBQWlCLENBQUMsSUFBSSxFQUFFO29CQUNyRixHQUNFLFVBQVU7d0JBQ1IsQ0FBQyxDQUFDLFVBQVUsVUFBVSxHQUFHO3dCQUN6QixDQUFDLENBQUMsWUFBWTs0QkFDZCxDQUFDLENBQUMsNEJBQTRCLFlBQVksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHOzRCQUNoRSxDQUFDLENBQUMsRUFDTixFQUFFLENBQ0wsQ0FBQztZQUNKLENBQUM7WUFFRCxtREFBbUQ7WUFDbkQsSUFBSSxVQUFVLEVBQUUsQ0FBQztnQkFDZiw0REFBNEQ7Z0JBQzVELE1BQU0sUUFBUSxHQUFHO29CQUNmLFFBQVEsRUFBRSxNQUFNLENBQUMsUUFBUTtvQkFDekIsVUFBVSxFQUFFLE1BQU0sQ0FBQyxRQUFRLENBQUMsVUFBVSxJQUFJLENBQUM7b0JBQzNDLE1BQU0sRUFBRSxNQUFNLENBQUMsUUFBUSxDQUFDLFlBQVksSUFBSSxFQUFFO29CQUMxQyxRQUFRLEVBQUUsTUFBTSxDQUFDLFFBQVEsQ0FBQyxTQUFTLElBQUksQ0FBQztpQkFDekMsQ0FBQztnQkFFRiwwQ0FBMEM7Z0JBQzFDLE1BQU0sb0JBQW9CLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQywwQkFBMEIsQ0FDckUsWUFBWSxFQUNaLFVBQVUsRUFDVixRQUFRLEVBQ1IsQ0FBQyxZQUFZLEVBQUUsTUFBTSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsaUJBQWlCLENBQUMsbUJBQW1CLENBQUMsTUFBTSxFQUFFLE1BQU0sQ0FBQyxDQUNyRixDQUFDO2dCQUVGLGdGQUFnRjtnQkFDaEYsTUFBTSxDQUFDLG9CQUFvQixHQUFHLG9CQUFvQixDQUFDO2dCQUVuRCxnQ0FBZ0M7Z0JBQ2hDLE1BQU0sQ0FBQyxFQUFFLENBQUMsTUFBTSxFQUFFLG9CQUFvQixDQUFDLENBQUM7Z0JBRXhDLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO29CQUN4QyxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSx5REFBeUQsVUFBVSxFQUFFLENBQ3RGLENBQUM7b0JBQ0YsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLGtCQUFrQixLQUFLLEtBQUssRUFBRSxDQUFDO3dCQUMvQyxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSx3RkFBd0YsQ0FDekcsQ0FBQztvQkFDSixDQUFDO2dCQUNILENBQUM7WUFDSCxDQUFDO1lBRUQseUJBQXlCO1lBQ3pCLE1BQU0sQ0FBQyxZQUFZLEdBQUcsSUFBSSxDQUFDLGNBQWMsQ0FBQyxzQkFBc0IsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxNQUFNLEVBQUUsTUFBTSxFQUFFLEVBQUU7Z0JBQzFGLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLHFCQUFxQixNQUFNLENBQUMsUUFBUSwwQ0FBMEMsQ0FDL0YsQ0FBQztnQkFDRixJQUFJLENBQUMsaUJBQWlCLENBQUMsbUJBQW1CLENBQUMsTUFBTSxFQUFFLE1BQU0sQ0FBQyxDQUFDO1lBQzdELENBQUMsQ0FBQyxDQUFDO1lBRUgscURBQXFEO1lBQ3JELElBQUksTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDO2dCQUNqQixNQUFNLENBQUMsb0JBQW9CLEdBQUcsSUFBSSxDQUFDO2dCQUVuQyxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLEVBQUUsQ0FBQztvQkFDeEMsT0FBTyxDQUFDLEdBQUcsQ0FDVCxJQUFJLFlBQVksZ0RBQWdELE1BQU0sQ0FBQyxRQUFRLEVBQUUsQ0FDbEYsQ0FBQztnQkFDSixDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztDQUNGIn0=