From nobody@FreeBSD.org  Sun Jun 15 10:56:20 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E22A1106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 15 Jun 2008 10:56:20 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id CABF38FC0A
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 15 Jun 2008 10:56:20 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m5FAuKNP033972
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 15 Jun 2008 10:56:20 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m5FAuKnD033963;
	Sun, 15 Jun 2008 10:56:20 GMT
	(envelope-from nobody)
Message-Id: <200806151056.m5FAuKnD033963@www.freebsd.org>
Date: Sun, 15 Jun 2008 10:56:20 GMT
From: Patrick Lamaiziere <patpr@davenulle.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ipsec 'remainder too big' panic with ping -s 3989
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         124609
>Category:       kern
>Synopsis:       [ipsec] [panic] ipsec 'remainder too big' panic with ping -s 3989
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    vanhu
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jun 15 11:00:10 UTC 2008
>Closed-Date:    Thu Mar 05 12:27:36 UTC 2009
>Last-Modified:  Thu Mar 05 12:27:36 UTC 2009
>Originator:     Patrick Lamaiziere
>Release:        7-STABLE/i386
>Organization:
>Environment:
FreeBSD malpractice.lamaiziere.net 7.0-STABLE FreeBSD 7.0-STABLE #11: Sun Jun 15 03:00:07 CEST 2008    patrick@malpractice.lamaiziere.net:/usr/obj/usr/src/sys/NET5501  i386

>Description:
When IPsec is enabled (esp), doing a 'ping -s 3989' causes a kernel panic.
It's 100% reproductible.

A 'ping -s 3988' works fine.

My IPsec setup is:
----------
setkey
flush;
spdflush;
add 192.168.1.21 192.168.1.200 esp 1011
        -E rijndael-cbc "0123456789012345"
        -A hmac-sha2-256 "10987654321098765432109876543210";
add 192.168.1.200 192.168.1.21 esp 1012
        -E rijndael-cbc "0123456789012345"
        -A hmac-sha2-256 "10987654321098765432109876543210";
spdadd 192.168.1.200 192.168.1.21  any -P out ipsec esp/transport//require;
spdadd 192.168.1.21 192.168.1.200 any -P in ipsec esp/transport//require;
-------------------

With ASSERTIONS set in the kernel, the system panics on an ipsec assertion:
panic: remainder too big: 3997

dump : (also on http://user.lamaiziere.net/patrick/ipsec-panic.txt)
---------
Unread portion of the kernel message buffer:
panic: remainder too big: 3997
KDB: enter: panic
Uptime: 51m41s
Physical memory: 503 MB
Dumping 58 MB: 43 27 11

#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:244
244		dumptid = curthread->td_tid;
(kgdb) bt
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:244
#1  0xc05a80a0 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418
#2  0xc05a844c in panic (fmt=) at /usr/src/sys/kern/kern_shutdown.c:572
#3  0xc0763bdc in m_makespace (m0=0xc2cfd100, skip=20, hlen=24, off=0xd61ac900) at /usr/src/sys/netipsec/ipsec_mbuf.c:79
#4  0xc077a933 in esp_output (m=0xc2cfd100, isr=0xc30ffc80, mp=0x0, skip=20, protoff=9)
    at /usr/src/sys/netipsec/xform_esp.c:746
#5  0xc0765223 in ipsec4_process_packet (m=0xc2cfd100, isr=0xc30ffc80, flags=32, tunalready=0)
    at /usr/src/sys/netipsec/ipsec_output.c:491
#6  0xc0697fe1 in ip_ipsec_output (m=0xd61acaac, inp=0xc3129e10, flags=0xd61acab8, error=0xd61aca70, ro=0xd61acab4, 
    iproute=0xd61aca54, dst=0xd61aca6c, ia=0xd61aca68, ifp=0xd61aca78) at /usr/src/sys/netinet/ip_ipsec.c:331
#7  0xc0699c51 in ip_output (m=0xc2cfd100, opt=0x0, ro=0xd61aca54, flags=32, imo=0x0, inp=0xc3129e10)
    at /usr/src/sys/netinet/ip_output.c:420
#8  0xc069bf41 in rip_output (m=0xc2cfd100, so=0xc309edec, dst=352430272) at /usr/src/sys/netinet/raw_ip.c:336
#9  0xc069cf89 in rip_send (so=0xc309edec, flags=0, m=0xc2cfd100, nam=0xc3093080, control=0x0, td=0xc31c5440)
    at /usr/src/sys/netinet/raw_ip.c:806
#10 0xc0612af6 in sosend_generic (so=0xc309edec, addr=0xc3093080, uio=0xd61acbc8, top=0xc2cfd100, control=0x0, flags=0, 
    td=0xc31c5440) at /usr/src/sys/kern/uipc_socket.c:1240
#11 0xc0612c3b in sosend (so=0xc309edec, addr=0xc3093080, uio=0xd61acbc8, top=0x0, control=0x0, flags=0, td=0xc31c5440)
    at /usr/src/sys/kern/uipc_socket.c:1286
#12 0xc0617eb2 in kern_sendit (td=0xc31c5440, s=3, mp=0xd61acc50, flags=0, control=0x0, segflg=UIO_USERSPACE)
    at /usr/src/sys/kern/uipc_syscalls.c:789
#13 0xc0617d4b in sendit (td=0xc31c5440, s=3, mp=0xd61acc50, flags=0) at /usr/src/sys/kern/uipc_syscalls.c:730
#14 0xc0618053 in sendto (td=0xc31c5440, uap=0xd61accec) at /usr/src/sys/kern/uipc_syscalls.c:841
#15 0xc088e20d in syscall (frame=0xd61acd38) at /usr/src/sys/i386/i386/trap.c:1035
#16 0xc08769b0 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:196
#17 0x00000033 in ?? ()
(kgdb) quit
>How-To-Repeat:
setkey
flush;
spdflush;
add 192.168.1.21 192.168.1.200 esp 1011
        -E rijndael-cbc "0123456789012345"
        -A hmac-sha2-256 "10987654321098765432109876543210";
add 192.168.1.200 192.168.1.21 esp 1012
        -E rijndael-cbc "0123456789012345"
        -A hmac-sha2-256 "10987654321098765432109876543210";
spdadd 192.168.1.200 192.168.1.21  any -P out ipsec esp/transport//require;
spdadd 192.168.1.21 192.168.1.200 any -P in ipsec esp/transport//require;

ping -s 3989 192.168.1.21
>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sun Jun 15 14:01:36 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=124609 
Responsible-Changed-From-To: freebsd-net->vanhu 
Responsible-Changed-By: vanhu 
Responsible-Changed-When: Fri Dec 26 21:42:15 UTC 2008 
Responsible-Changed-Why:  
We are currently tracking down the same problem. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=124609 

From: Boris MARECHAL <boris.marechal@netasq.com>
To: bug-followup@FreeBSD.org, patpr@davenulle.org
Cc:  
Subject: Re: kern/124609: [ipsec] [panic] ipsec 'remainder too big' panic with ping -s 3989
Date: Tue, 30 Dec 2008 13:51:38 +0100

 --Apple-Mail-125--1068771769
 Content-Type: multipart/alternative;
 	boundary=Apple-Mail-124--1068771805
 
 
 --Apple-Mail-124--1068771805
 Content-Type: text/plain;
 	charset=US-ASCII;
 	format=flowed;
 	delsp=yes
 Content-Transfer-Encoding: 7bit
 
 Hi,
 
 Same bug fixed in NetBSD!
 
 PR: http://www.NetBSD.org/cgi-bin/query-pr-single.pl?number=30124
 Patch: http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netipsec/ipsec_mbuf.c.diff?r1=1.9&r2=1.10&sortby=date&f=h&only_with_tag=MAIN&f=u
 
 Commit:
   Revision 1.10, Fri Dec 14 20:55:22 2007 UTC (12 months, 2 weeks ago)  
 by seanb
 
 - Remove remain <= MHLEN restriction in m_makespace()
 PR:30124
 
 --Apple-Mail-124--1068771805
 Content-Type: text/html;
 	charset=US-ASCII
 Content-Transfer-Encoding: 7bit
 
 <html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Hi,&nbsp;<div><br></div><div>Same bug fixed in NetBSD!</div><div><br></div><div><a href="http://www.NetBSD.org/cgi-bin/query-pr-single.pl?number=30124">PR: http://www.NetBSD.org/cgi-bin/query-pr-single.pl?number=30124</a></div><div>Patch:&nbsp;<a href="http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netipsec/ipsec_mbuf.c.diff?r1=1.9&amp;r2=1.10&amp;sortby=date&amp;f=h&amp;only_with_tag=MAIN&amp;f=u"
From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/124609: commit references a PR
Date: Wed, 28 Jan 2009 10:41:26 +0000 (UTC)

 Author: vanhu
 Date: Wed Jan 28 10:41:10 2009
 New Revision: 187815
 URL: http://svn.freebsd.org/changeset/base/187815
 
 Log:
   Remove remain <= MHLEN restriction in m_makespace(),
   which caused assert with big packets
   
   PR: kern/124609
   Submitted by: fabien.thomas@netasq.com
   Approved by:	gnn(mentor)
   Obtained from:	NetBSD
   MFC after:	1 month
 
 Modified:
   head/sys/netipsec/ipsec_mbuf.c
 
 Modified: head/sys/netipsec/ipsec_mbuf.c
 ==============================================================================
 --- head/sys/netipsec/ipsec_mbuf.c	Wed Jan 28 09:33:00 2009	(r187814)
 +++ head/sys/netipsec/ipsec_mbuf.c	Wed Jan 28 10:41:10 2009	(r187815)
 @@ -75,66 +75,67 @@ m_makespace(struct mbuf *m0, int skip, i
  	 */
  	remain = m->m_len - skip;		/* data to move */
  	if (hlen > M_TRAILINGSPACE(m)) {
 -		struct mbuf *n;
 +		struct mbuf *n0, *n, **np;
 +		int todo, len, done, alloc;
 +
 +		n0 = NULL;
 +		np = &n0;
 +		alloc = 0;
 +		done = 0;
 +		todo = remain;
 +		while (todo > 0) {
 +			if (todo > MHLEN) {
 +				n = m_getcl(M_DONTWAIT, m->m_type, 0);
 +				len = MCLBYTES;
 +			}
 +			else {
 +				n = m_get(M_DONTWAIT, m->m_type);
 +				len = MHLEN;
 +			}
 +			if (n == NULL) {
 +				m_freem(n0);
 +				return NULL;
 +			}
 +			*np = n;
 +			np = &n->m_next;
 +			alloc++;
 +			len = min(todo, len);
 +			memcpy(n->m_data, mtod(m, char *) + skip + done, len);
 +			n->m_len = len;
 +			done += len;
 +			todo -= len;
 +		}
  
 -		/* XXX code doesn't handle clusters XXX */
 -		IPSEC_ASSERT(remain < MLEN, ("remainder too big: %u", remain));
 -		/*
 -		 * Not enough space in m, split the contents
 -		 * of m, inserting new mbufs as required.
 -		 *
 -		 * NB: this ignores mbuf types.
 -		 */
 -		MGET(n, M_DONTWAIT, MT_DATA);
 -		if (n == NULL)
 -			return (NULL);
 -		n->m_next = m->m_next;		/* splice new mbuf */
 -		m->m_next = n;
 -		V_ipsec4stat.ips_mbinserted++;
  		if (hlen <= M_TRAILINGSPACE(m) + remain) {
 -			/*
 -			 * New header fits in the old mbuf if we copy
 -			 * the remainder; just do the copy to the new
 -			 * mbuf and we're good to go.
 -			 */
 -			memcpy(mtod(n, caddr_t),
 -			       mtod(m, caddr_t) + skip, remain);
 -			n->m_len = remain;
  			m->m_len = skip + hlen;
  			*off = skip;
 -		} else {
 -			/*
 -			 * No space in the old mbuf for the new header.
 -			 * Make space in the new mbuf and check the
 -			 * remainder'd data fits too.  If not then we
 -			 * must allocate an additional mbuf (yech).
 -			 */
 -			n->m_len = 0;
 -			if (remain + hlen > M_TRAILINGSPACE(n)) {
 -				struct mbuf *n2;
 -
 -				MGET(n2, M_DONTWAIT, MT_DATA);
 -				/* NB: new mbuf is on chain, let caller free */
 -				if (n2 == NULL)
 -					return (NULL);
 -				n2->m_len = 0;
 -				memcpy(mtod(n2, caddr_t),
 -				       mtod(m, caddr_t) + skip, remain);
 -				n2->m_len = remain;
 -				/* splice in second mbuf */
 -				n2->m_next = n->m_next;
 -				n->m_next = n2;
 -				V_ipsec4stat.ips_mbinserted++;
 -			} else {
 -				memcpy(mtod(n, caddr_t) + hlen,
 -				       mtod(m, caddr_t) + skip, remain);
 -				n->m_len += remain;
 +			if (n0 != NULL) {
 +				*np = m->m_next;
 +				m->m_next = n0;
  			}
 -			m->m_len -= remain;
 -			n->m_len += hlen;
 +		}
 +		else {
 +			n = m_get(M_DONTWAIT, m->m_type);
 +			if (n == NULL) {
 +				m_freem(n0);
 +				return NULL;
 +			}
 +			alloc++;
 +
 +			if ((n->m_next = n0) == NULL)
 +				np = &n->m_next;
 +			n0 = n;
 +
 +			*np = m->m_next;
 +			m->m_next = n0;
 +
 +			n->m_len = hlen;
 +			m->m_len = skip;
 +
  			m = n;			/* header is at front ... */
  			*off = 0;		/* ... of new mbuf */
  		}
 +		V_ipsec4stat.ips_mbinserted++;
  	} else {
  		/*
  		 * Copy the remainder to the back of the mbuf
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/124609: commit references a PR
Date: Mon,  2 Mar 2009 16:55:39 +0000 (UTC)

 Author: vanhu
 Date: Mon Mar  2 16:55:19 2009
 New Revision: 189281
 URL: http://svn.freebsd.org/changeset/base/189281
 
 Log:
   MFC: Remove remain <= MHLEN restriction in m_makespace(),
   which caused assert with big packets
   
   PR:		kern/124609
   Submitted by:	fabien.thomas@netasq.com
   Approved by:	gnn(mentor)
   Obtained from:	NetBSD
 
 Modified:
   stable/7/sys/   (props changed)
   stable/7/sys/contrib/pf/   (props changed)
   stable/7/sys/dev/ath/ath_hal/   (props changed)
   stable/7/sys/dev/cxgb/   (props changed)
   stable/7/sys/netipsec/ipsec_mbuf.c
 
 Modified: stable/7/sys/netipsec/ipsec_mbuf.c
 ==============================================================================
 --- stable/7/sys/netipsec/ipsec_mbuf.c	Mon Mar  2 15:22:01 2009	(r189280)
 +++ stable/7/sys/netipsec/ipsec_mbuf.c	Mon Mar  2 16:55:19 2009	(r189281)
 @@ -73,66 +73,67 @@ m_makespace(struct mbuf *m0, int skip, i
  	 */
  	remain = m->m_len - skip;		/* data to move */
  	if (hlen > M_TRAILINGSPACE(m)) {
 -		struct mbuf *n;
 +		struct mbuf *n0, *n, **np;
 +		int todo, len, done, alloc;
 +
 +		n0 = NULL;
 +		np = &n0;
 +		alloc = 0;
 +		done = 0;
 +		todo = remain;
 +		while (todo > 0) {
 +			if (todo > MHLEN) {
 +				n = m_getcl(M_DONTWAIT, m->m_type, 0);
 +				len = MCLBYTES;
 +			}
 +			else {
 +				n = m_get(M_DONTWAIT, m->m_type);
 +				len = MHLEN;
 +			}
 +			if (n == NULL) {
 +				m_freem(n0);
 +				return NULL;
 +			}
 +			*np = n;
 +			np = &n->m_next;
 +			alloc++;
 +			len = min(todo, len);
 +			memcpy(n->m_data, mtod(m, char *) + skip + done, len);
 +			n->m_len = len;
 +			done += len;
 +			todo -= len;
 +		}
  
 -		/* XXX code doesn't handle clusters XXX */
 -		IPSEC_ASSERT(remain < MLEN, ("remainder too big: %u", remain));
 -		/*
 -		 * Not enough space in m, split the contents
 -		 * of m, inserting new mbufs as required.
 -		 *
 -		 * NB: this ignores mbuf types.
 -		 */
 -		MGET(n, M_DONTWAIT, MT_DATA);
 -		if (n == NULL)
 -			return (NULL);
 -		n->m_next = m->m_next;		/* splice new mbuf */
 -		m->m_next = n;
 -		ipsec4stat.ips_mbinserted++;
  		if (hlen <= M_TRAILINGSPACE(m) + remain) {
 -			/*
 -			 * New header fits in the old mbuf if we copy
 -			 * the remainder; just do the copy to the new
 -			 * mbuf and we're good to go.
 -			 */
 -			memcpy(mtod(n, caddr_t),
 -			       mtod(m, caddr_t) + skip, remain);
 -			n->m_len = remain;
  			m->m_len = skip + hlen;
  			*off = skip;
 -		} else {
 -			/*
 -			 * No space in the old mbuf for the new header.
 -			 * Make space in the new mbuf and check the
 -			 * remainder'd data fits too.  If not then we
 -			 * must allocate an additional mbuf (yech).
 -			 */
 -			n->m_len = 0;
 -			if (remain + hlen > M_TRAILINGSPACE(n)) {
 -				struct mbuf *n2;
 -
 -				MGET(n2, M_DONTWAIT, MT_DATA);
 -				/* NB: new mbuf is on chain, let caller free */
 -				if (n2 == NULL)
 -					return (NULL);
 -				n2->m_len = 0;
 -				memcpy(mtod(n2, caddr_t),
 -				       mtod(m, caddr_t) + skip, remain);
 -				n2->m_len = remain;
 -				/* splice in second mbuf */
 -				n2->m_next = n->m_next;
 -				n->m_next = n2;
 -				ipsec4stat.ips_mbinserted++;
 -			} else {
 -				memcpy(mtod(n, caddr_t) + hlen,
 -				       mtod(m, caddr_t) + skip, remain);
 -				n->m_len += remain;
 +			if (n0 != NULL) {
 +				*np = m->m_next;
 +				m->m_next = n0;
  			}
 -			m->m_len -= remain;
 -			n->m_len += hlen;
 +		}
 +		else {
 +			n = m_get(M_DONTWAIT, m->m_type);
 +			if (n == NULL) {
 +				m_freem(n0);
 +				return NULL;
 +			}
 +			alloc++;
 +
 +			if ((n->m_next = n0) == NULL)
 +				np = &n->m_next;
 +			n0 = n;
 +
 +			*np = m->m_next;
 +			m->m_next = n0;
 +
 +			n->m_len = hlen;
 +			m->m_len = skip;
 +
  			m = n;			/* header is at front ... */
  			*off = 0;		/* ... of new mbuf */
  		}
 +		ipsec4stat.ips_mbinserted++;
  	} else {
  		/*
  		 * Copy the remainder to the back of the mbuf
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->patched 
State-Changed-By: vanhu 
State-Changed-When: Tue Mar 3 09:23:30 UTC 2009 
State-Changed-Why:  
I just MFCed a patch which probably fixes your problem. 
Please test it and confirm that, I'll close the pr in 
a few weeks if I have no feedback at all. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=124609 

From: Patrick Lamaiziere <patfbsd@davenulle.org>
To: bug-followup@FreeBSD.org
Cc: vanhu@FreeBSD.org
Subject: Re: kern/124609: [ipsec] [panic] ipsec 'remainder too big' panic
 with ping -s 3989
Date: Thu, 5 Mar 2009 00:05:00 +0100

 Le Tue, 3 Mar 2009 09:25:25 GMT,
 vanhu@FreeBSD.org:
 
 > Synopsis: [ipsec] [panic] ipsec 'remainder too big' panic with ping
 > -s 3989
 > 
 > State-Changed-From-To: open->patched
 > State-Changed-By: vanhu
 > State-Changed-When: Tue Mar 3 09:23:30 UTC 2009
 > State-Changed-Why: 
 > I just MFCed a patch which probably fixes your problem.
 > Please test it and confirm that, I'll close the pr in
 > a few weeks if I have no feedback at all.
 
 I've just tried on a fresh 7.1-STABLE and it looks to work.
 
 Thanks a lot, regards.
State-Changed-From-To: patched->closed 
State-Changed-By: vanhu 
State-Changed-When: Thu Mar 5 12:25:57 UTC 2009 
State-Changed-Why:  
Thanks for the feedback. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=124609 
>Unformatted:
 >htt p://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netipsec/ipsec_mbuf.c.diff?r1=1.9&amp;r2=1.10&amp;sortby=date&amp;f=h&amp;only_with_tag=MAIN&amp;f=u</a></div><div><br></div><div>Commit:</div><div><p>&nbsp;Revision <b>1.10</b>, <i>Fri Dec 14 20:55:22 2007 U TC</i> (12 months, 2 weeks ago) by <i>seanb</i>
  <br></p><pre>- Remove remain &lt;= MHLEN restriction in m_makespace()
  PR:30124
  </pre></div></body></html>
  --Apple-Mail-124--1068771805--
  
  --Apple-Mail-125--1068771769
  Content-Disposition: attachment;
  	filename=smime.p7s
  Content-Type: application/pkcs7-signature;
  	name=smime.p7s
  Content-Transfer-Encoding: base64
  
  MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFczCCBW8w
  ggRXoAMCAQICCnDGsUgWa/KQamQwDQYJKoZIhvcNAQEEBQAwgZExCzAJBgNVBAYTAkZSMQ0wCwYD
  VQQIEwROb3JkMRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwGA1UEChMlTkVUQVNRIC0g
  U2VjdXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVUQVNRIENlcnRpZmljYXRp
  b24gQXV0aG9yaXR5MB4XDTA4MDEwMzExMTIzNFoXDTEwMDEwMjExMTIzNFowgdQxCzAJBgNVBAYU
  AkZSMQ0wCwYDVQQIFAROb3JkMS4wLAYDVQQKFCVORVRBU1EgLSBTZWN1cmUgSW50ZXJuZXQgQ29u
  bmVjdGl2aXR5MScwJQYDVQQLFB5ORVRBU1EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGjAYBgNV
  BAcUEVZpbGxlbmV1dmUgZCdBc2NxMRcwFQYDVQQDFA5Cb3JpcyBNQVJFQ0hBTDEoMCYGCSqGSIb3
  DQEJARYZYm9yaXMubWFyZWNoYWxAbmV0YXNxLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
  gYEA5GEoHCGB2ZhZx/I7Jq0hetpb+HPf2DKzieLoklK125o3RaSdHELZYnWB2Cvi6xRG5p+wmOl2
  ABo0qwxkve2QfdapHXppQo2aNVp++Z528p22ASaQzJnzBT9JTPVxMFopgMbMBgCmMrye6lpI3laW
  HEoCcIrfD4Vfus4i62JCwvMCAwEAAaOCAgYwggICMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDIY
  DOPzGbqvpVtqkCbFSKhMMB2wMIG+BgNVHSMEgbYwgbOAFCcq6x3ZRNo6F3NqCSAgySWo+X+yoYGX
  pIGUMIGRMQswCQYDVQQGEwJGUjENMAsGA1UECBMETm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2ZSBk
  J0FzY3ExLjAsBgNVBAoTJU5FVEFTUSAtIFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkxJzAl
  BgNVBAsTHk5FVEFTUSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADAOBgNVHQ8BAf8EBAMCBeAw
  EQYJYIZIAYb4QgEBBAQDAgWgMIHNBgNVHR8EgcUwgcIwWqBYoFaGVGxkYXA6Ly9wa2kubmV0YXNx
  LmNvbS9jbj1md2NhLG91PWNhcyxvPW5ldGFzcSxkYz1mcj9jZXJ0aWZpY2F0ZVJldm9jYXRpb25M
  aXN0O2JpbmFyeTA4oDagNIYyaHR0cDovL2ludHJhbmV0Lm5ldGFzcS5jb20vaW50cmFuZXQvcGtp
  L25ldGFzcS5jcmwwKqAooCaGJGh0dHA6Ly93d3cubmV0YXNxLmNvbS9wa2kvbmV0YXNxLmNybDAf
  BglghkgBhvhCAQ0EEhYQVXNlciBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQQFAAOCAQEATwF5SdOw
  IoofZ5U2A16VEBBstYXne5mBItzdvsU8U2AlPXVXcr3/ZsvM0J9ivjKRge1LHVaOgChpxBN5aGhD
  QfKrWVYPALiqn8gQYWlJ5hmlJvxeAQOBU/hpLx9Y5bJ+3DQBjyDsghdRCL6/0Ym5Aj/VgEiTI/1t
  hgK6XNCRyonyTnArtGGhgwEqxOSSQ2zkUvg24DLhzSdUMtC+NydUyatJsHiqVuxuM22wVmCQCbjq
  M9hjGfae9zD1ieAPyeqEHmyCqwBeYblH3EXxnWwXRdKU2VzH1ZAJr5du5hEmlB5yCSEEqMP6joYJ
  w0QErq8VZxj1SlbEECPqrYz/muQDRzGCAxIwggMOAgEBMIGgMIGRMQswCQYDVQQGEwJGUjENMAsG
  A1UECBMETm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2ZSBkJ0FzY3ExLjAsBgNVBAoTJU5FVEFTUSAt
  IFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkxJzAlBgNVBAsTHk5FVEFTUSBDZXJ0aWZpY2F0
  aW9uIEF1dGhvcml0eQIKcMaxSBZr8pBqZDAJBgUrDgMCGgUAoIIBxzAYBgkqhkiG9w0BCQMxCwYJ
  KoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wODEyMzAxMjUxMzlaMCMGCSqGSIb3DQEJBDEWBBSt
  UudqiLLWyFykkEg6vt+xOgf0VzCBsQYJKwYBBAGCNxAEMYGjMIGgMIGRMQswCQYDVQQGEwJGUjEN
  MAsGA1UECBMETm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2ZSBkJ0FzY3ExLjAsBgNVBAoTJU5FVEFT
  USAtIFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkxJzAlBgNVBAsTHk5FVEFTUSBDZXJ0aWZp
  Y2F0aW9uIEF1dGhvcml0eQIKcMaxSBZr8pBqZDCBswYLKoZIhvcNAQkQAgsxgaOggaAwgZExCzAJ
  BgNVBAYTAkZSMQ0wCwYDVQQIEwROb3JkMRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwG
  A1UEChMlTkVUQVNRIC0gU2VjdXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVU
  QVNRIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AgpwxrFIFmvykGpkMA0GCSqGSIb3DQEBAQUABIGA
  0CplnajYBfg3Dc5YF2F9/N7aqj+cSpJyVIWWpdH87PA7MGqu7wst2sOMFc2bBOMcbsKku23OJkH6
  nfT+77tiHvMF0Z8UrIXHjPckdUR78EOvT4dpM6hpMCFuDbEa6RVrj37QiNwZb5r13fL+/QdzDASU
  JYfY0H9K6C8c0ib8UqgAAAAAAAA=
  
  --Apple-Mail-125--1068771769--
