<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;"><div>Installing suricata with load balancer server is kind of working for me, but I am not able to see the dropped packet information.</div><div><br></div><span id="OLK_SRC_BODY_SECTION"><div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span style="font-weight:bold">From: </span> Claudio Kuenzler <<a href="mailto:ck@claudiokuenzler.com">ck@claudiokuenzler.com</a>><br><span style="font-weight:bold">Date: </span> Tuesday, June 2, 2015 at 3:41 PM<br><span style="font-weight:bold">To: </span> Victor Roemer <<a href="mailto:viroemer@cisco.com">viroemer@cisco.com</a>><br><span style="font-weight:bold">Cc: </span> "<a href="mailto:oisf-users@lists.openinfosecfoundation.org">oisf-users@lists.openinfosecfoundation.org</a>" <<a href="mailto:oisf-users@lists.openinfosecfoundation.org">oisf-users@lists.openinfosecfoundation.org</a>>, "Saxena, Samiksha" <<a href="mailto:samiksha.saxena@one.verizon.com">samiksha.saxena@one.verizon.com</a>><br><span style="font-weight:bold">Subject: </span> Re: [Oisf-users] Suricata in container<br></div><div><br></div><div dir="ltr"><div>Well just fyi i was talking about containers as in LXC (Linux Containers), without another layer added on it like docker.<br></div>Dont know if you can do it with docker, but should be possible, too.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jun 2, 2015 at 9:28 PM, Victor Roemer <span dir="ltr"><<a href="mailto:viroemer@cisco.com" target="_blank">viroemer@cisco.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>
<p style="margin:1.2em 0px!important">I’m still pretty new to
docker (just to be clear) and have not tried this yet-</p>
<p style="margin:1.2em 0px!important">This is how I am
planning to deploy IPS for my HTTP server(s)</p>
<p style="margin:1.2em 0px!important">HTTP server “exposes”
its port to other containers only; (not bound to host port)</p>
<p style="margin:1.2em 0px!important">IPS container “exposes”
port 80 and is bound to the host network. IPS container is
started with “—link <u></u>:httpserv” to perform
MITM of the servers traffic. <u></u></p>
<p style="margin:1.2em 0px!important">Dockerfile not included;
the commands I expect to run would be:</p>
<pre style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;font-size:1em;line-height:1.2em;margin:1.2em 0px"><code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline;white-space:pre-wrap;overflow:auto;border-radius:3px;border:1px solid rgb(204,204,204);padding:0.5em 0.7em;display:block!important">$ docker run -p <a href="http://127.0.0.1:12345" target="_blank">127.0.0.1:12345</a> --name application <http_server_image>
$ docker run -p 80:80 --link application:httpserv --name ips <snort_or_suricata_image>
</code></pre>
<p style="margin:1.2em 0px!important">(YMMV, specifically I’m
uncertain of the “—link” option)</p>
<p style="margin:1.2em 0px!important">From here, it becomes a
question of how the IPS container firewall rules are setup
(assuming NFQ+daq for my case).<br>
In the example above, I would have to do some sort of NATing (<u></u>:80
-> <a href="http://127.0.0.1:12345" target="_blank">127.0.0.1:12345</a>).<u></u></p>
<p style="margin:1.2em 0px!important">This seems all good; but
I still feel like I’m over doing it and that docker may provide
a more reasonable<br>
out-of-box magic to ease this further. </p>
<hr>
<p style="margin:1.2em 0px!important">Otherwise, for passive
setups, it should be super easy. Add flags to <code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline">docker run</code>
command: “—net=host —privileged”<br>
(refer to “<a href="https://registry.hub.docker.com/u/manell/wireshark/" target="_blank">https://registry.hub.docker.com/u/manell/wireshark/</a>“).</p><div><div class="h5">
<p style="margin:1.2em 0px!important">On 6/2/15 14:17, Claudio
Kuenzler wrote:</p>
<p style="margin:1.2em 0px!important"></p>
<div>
<p></p>
<blockquote type="cite"><font size="+1"><br>
<br>
</font>
<p dir="ltr"><font size="+1">Install suricata in the container
where you run the loadbalancer and you catch the traffic.</font></p>
<font size="+1"><br>
</font>
<div class="gmail_quote"><font size="+1">On Jun 2, 2015 8:07
PM, "Saxena, Samiksha" <<a href="mailto:samiksha.saxena@verizon.com" target="_blank">samiksha.saxena@verizon.com</a>>
wrote:<br type="attribution">
</font>
<blockquote class="gmail_quote">
<div>
<div><font size="+1">How can I do so? I want the traffic
to flow from internet to load balancer server
(running in a container) to Suricata (running in a
seperate container) to application server. </font></div>
<div><font size="+1"><br>
</font></div>
<font size="+1"><span>
<div><span>From: </span> Claudio Kuenzler <<a href="mailto:ck@claudiokuenzler.com" target="_blank">ck@claudiokuenzler.com</a>><br>
<span>Date: </span> Tuesday, June 2, 2015 at 2:05
PM<br>
<span>To: </span> "Saxena, Samiksha" <<a href="mailto:samiksha.saxena@one.verizon.com" target="_blank">samiksha.saxena@one.verizon.com</a>><br>
<span>Cc: </span> "<a href="mailto:oisf-users@lists.openinfosecfoundation.org" target="_blank">oisf-users@lists.openinfosecfoundation.org</a>"
<<a href="mailto:oisf-users@lists.openinfosecfoundation.org" target="_blank">oisf-users@lists.openinfosecfoundation.org</a>>,
Victor Julien <<a href="mailto:lists@inliniac.net" target="_blank">lists@inliniac.net</a>><br>
<span>Subject: </span> Re: [Oisf-users] Suricata
in container<br>
</div>
<div><br>
</div>
<p dir="ltr">If you use that particular container as
reverse proxy for example. </p>
<div class="gmail_quote">On Jun 2, 2015 4:01 PM,
"Saxena, Samiksha" <<a href="mailto:samiksha.saxena@verizon.com" target="_blank">samiksha.saxena@verizon.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote">How to make a
container a hop in the traffic?<br>
<br>
<br>
On 6/2/15, 5:46 AM, "Victor Julien" <<a href="mailto:lists@inliniac.net" target="_blank">lists@inliniac.net</a>>
wrote:<br>
<br>
<br>
>On 05/26/2015 11:31 PM, Saxena, Samiksha
wrote:<br>
<br>
>> Is there a way to configure suricata in
container for IPS? I want to<br>
<br>
>> forward all the traffic coming from
internet to a Load balancer<br>
<br>
>> container forwarded to Suricata
container for IPS. Is this possible and<br>
<br>
>>how?<br>
<br>
><br>
<br>
>I think it's possible, if you can make the
container a hop in the<br>
<br>
>traffic path.<br>
<br>
><br>
<br>
>--<br>
<br>
>---------------------------------------------<br>
<br>
>Victor Julien<br>
<br>
><a href="http://www.inliniac.net/" target="_blank">http://www.inliniac.net/</a><br>
<br>
>PGP: <a href="http://www.inliniac.net/victorjulien.asc" target="_blank">http://www.inliniac.net/victorjulien.asc</a><br>
<br>
>---------------------------------------------<br>
<br>
><br>
<br>
>_______________________________________________<br>
<br>
>Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a><br>
<br>
>Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a>
| Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
<br>
>List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
<br>
>Suricata User Conference November 4 & 5
in Barcelona:<br>
<br>
><a href="http://oisfevents.net" target="_blank">http://oisfevents.net</a><br>
<br>
<br>
_______________________________________________<br> <br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a><br>
<br>
Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a>
| Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
<br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
<br>
Suricata User Conference November 4 & 5 in
Barcelona: <a href="http://oisfevents.net" target="_blank">http://oisfevents.net</a><br>
</blockquote>
</div>
</span></font></div>
<font size="+1"><br>
</font></blockquote>
</div>
<font size="+1"><br>
<br>
<br>
</font>
<fieldset></fieldset>
<font size="+1"><br>
</font>
<pre><font size="+1">_______________________________________________
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a>
Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a>
Suricata User Conference November 4 & 5 in Barcelona: <a href="http://oisfevents.net" target="_blank">http://oisfevents.net</a></font></pre>
<font size="+1"><br>
<br>
</font></blockquote>
<p></p>
</div>
<p style="margin:1.2em 0px!important"></p>
<div title="MDH:PGZvbnQgc2l6ZT0iKzEiPkknbSBzdGlsbCBwcmV0dHkgbmV3IHRvIGRvY2tlciAoanVzdCB0byBiZSBjbGVhcikgYW5kIGhhdmUgbm90IHRyaWVkIHRoaXMgeWV0LTxicj48YnI+VGhpcyBpcyBob3cg
SSBhbSBwbGFubmluZyB0byBkZXBsb3kgSVBTIGZvciBteSBIVFRQIHNlcnZlcihzKTxicj48YnI+
SFRUUCBzZXJ2ZXIgImV4cG9zZXMiIGl0cyBwb3J0IHRvIG90aGVyIGNvbnRhaW5lcnMgb25seTsg
KG5vdCBib3VuZCB0byBob3N0IHBvcnQpPGJyPjxicj5JUFMgY29udGFpbmVyICJleHBvc2VzIiBw
b3J0IDgwIGFuZCBpcyBib3VuZCB0byB0aGUgaG9zdCBuZXR3b3JrLiBJUFMgY29udGFpbmVyIGlz
IHN0YXJ0ZWQgd2l0aCAiLS1saW5rICZsdDtzZXJ2ZXJfY29udGFpbmVyJmd0OzpodHRwc2VydiIg
dG8gcGVyZm9ybSBNSVRNIG9mIHRoZSBzZXJ2ZXJzIHRyYWZmaWMuIDxicj48YnI+PGJyPkRvY2tl
cmZpbGUgbm90IGluY2x1ZGVkOyB0aGUgY29tbWFuZHMgSSBleHBlY3QgdG8gcnVuIHdvdWxkIGJl
Ojxicj48YnI+YGBgPGJyPiQgZG9ja2VyIHJ1biAtcCAxMjcuMC4wLjE6MTIzNDUgLS1uYW1lIGFw
cGxpY2F0aW9uICZsdDtodHRwX3NlcnZlcl9pbWFnZSZndDs8YnI+JCBkb2NrZXIgcnVuIC1wIDgw
OjgwIC0tbGluayBhcHBsaWNhdGlvbjpodHRwc2VydiAtLW5hbWUgaXBzICZsdDtzbm9ydF9vcl9z
dXJpY2F0YV9pbWFnZSZndDs8YnI+YGBgPGJyPjxicj4oWU1NViwgc3BlY2lmaWNhbGx5IEknbSB1
bmNlcnRhaW4gb2YgdGhlICItLWxpbmsiIG9wdGlvbik8YnI+PGJyPjxicj5Gcm9tIGhlcmUsIGl0
IGJlY29tZXMgYSBxdWVzdGlvbiBvZiBob3cgdGhlIElQUyBjb250YWluZXIgZmlyZXdhbGwgcnVs
ZXMgYXJlIHNldHVwIChhc3N1bWluZyBORlErZGFxIGZvciBteSBjYXNlKS48YnI+SW4gdGhlIGV4
YW1wbGUgYWJvdmUsIEkgd291bGQgaGF2ZSB0byBkbyBzb21lIHNvcnQgb2YgTkFUaW5nICgmbHQ7
aG9zdC1pcCZndDs6ODAgLSZndDsgMTI3LjAuMC4xOjEyMzQ1KS48YnI+PGJyPjxicj5UaGlzIHNl
ZW1zIGFsbCBnb29kOyBidXQgSSBzdGlsbCBmZWVsIGxpa2UgSSdtIG92ZXIgZG9pbmcgaXQgYW5k
IHRoYXQgZG9ja2VyIG1heSBwcm92aWRlIGEgbW9yZSByZWFzb25hYmxlPGJyPm91dC1vZi1ib3gg
bWFnaWMgdG8gZWFzZSB0aGlzIGZ1cnRoZXIuIDxicj48YnI+LS0tPGJyPjxicj5PdGhlcndpc2Us
IGZvciBwYXNzaXZlIHNldHVwcywgaXQgc2hvdWxkIGJlIHN1cGVyIGVhc3kuIEFkZCBmbGFncyB0
byBgZG9ja2VyIHJ1bmAgY29tbWFuZDogIi0tbmV0PWhvc3QgLS1wcml2aWxlZ2VkIiA8YnI+KHJl
ZmVyIHRvICJodHRwczovL3JlZ2lzdHJ5Lmh1Yi5kb2NrZXIuY29tL3UvbWFuZWxsL3dpcmVzaGFy
ay8iKS48YnI+PGJyPjxicj48YnI+PGJyPjxicj48L2ZvbnQ+PGRpdiBjbGFzcz0ibW96LWNpdGUt
cHJlZml4Ij48Zm9udCBzaXplPSIrMSI+T24gNi8yLzE1IDE0OjE3LCBDbGF1ZGlvIEt1ZW56bGVy
IHdyb3RlOjxicj48L2ZvbnQ+PC9kaXY+PGJsb2NrcXVvdGUgY2l0ZT0ibWlkOkNBRi15cWdpTGIr
OTI0aGdVaXRDWHVpPXZrQkNTMUx2YWdaKzFYc0N5UDJYeFFzd2QrZ0BtYWlsLmdtYWlsLmNvbSIg
dHlwZT0iY2l0ZSI+PGZvbnQgc2l6ZT0iKzEiPjxicj48YnI+PC9mb250PjxtZXRhIGh0dHAtZXF1
aXY9IkNvbnRleHQtVHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PVVURi04Ij48cCBk
aXI9Imx0ciI+PGZvbnQgc2l6ZT0iKzEiPkluc3RhbGwgc3VyaWNhdGEgaW4gdGhlIGNvbnRhaW5l
ciB3aGVyZSB5b3UgcnVuIHRoZSBsb2FkYmFsYW5jZXIgYW5kIHlvdSBjYXRjaCB0aGUgdHJhZmZp
Yy48L2ZvbnQ+PC9wPjxmb250IHNpemU9IisxIj48YnI+PC9mb250PjxkaXYgY2xhc3M9ImdtYWls
X3F1b3RlIj48Zm9udCBzaXplPSIrMSI+T24gSnVuIDIsIDIwMTUgODowNyBQTSwgIlNheGVuYSwg
U2FtaWtzaGEiICZsdDs8YSBtb3otZG8tbm90LXNlbmQ9InRydWUiIGhyZWY9Im1haWx0bzpzYW1p
a3NoYS5zYXhlbmFAdmVyaXpvbi5jb20iPnNhbWlrc2hhLnNheGVuYUB2ZXJpem9uLmNvbTwvYT4m
Z3Q7IHdyb3RlOjxiciB0eXBlPSJhdHRyaWJ1dGlvbiI+PC9mb250PjxibG9ja3F1b3RlIGNsYXNz
PSJnbWFpbF9xdW90ZSI+PGRpdj48ZGl2Pjxmb250IHNpemU9IisxIj5Ib3cgY2FuIEkgZG8gc28/
IEkgd2FudCB0aGUgdHJhZmZpYyB0byBmbG93IGZyb20gaW50ZXJuZXQgdG8gbG9hZCBiYWxhbmNl
ciBzZXJ2ZXIgKHJ1bm5pbmcgaW4gYSBjb250YWluZXIpIHRvIFN1cmljYXRhIChydW5uaW5nIGlu
IGEgc2VwZXJhdGUgY29udGFpbmVyKSB0byBhcHBsaWNhdGlvbiBzZXJ2ZXIuJm5ic3A7PC9mb250
PjwvZGl2PjxkaXY+PGZvbnQgc2l6ZT0iKzEiPjxicj48L2ZvbnQ+PC9kaXY+PGZvbnQgc2l6ZT0i
KzEiPjxzcGFuPjxkaXY+PHNwYW4+RnJvbTogPC9zcGFuPiBDbGF1ZGlvIEt1ZW56bGVyICZsdDs8
YSBtb3otZG8tbm90LXNlbmQ9InRydWUiIGhyZWY9Im1haWx0bzpja0BjbGF1ZGlva3VlbnpsZXIu
Y29tIiB0YXJnZXQ9Il9ibGFuayI+Y2tAY2xhdWRpb2t1ZW56bGVyLmNvbTwvYT4mZ3Q7PGJyPjxz
cGFuPkRhdGU6IDwvc3Bhbj4gVHVlc2RheSwgSnVuZSAyLCAyMDE1IGF0IDI6MDUgUE08YnI+PHNw
YW4+VG86IDwvc3Bhbj4gIlNheGVuYSwgU2FtaWtzaGEiICZsdDs8YSBtb3otZG8tbm90LXNlbmQ9
InRydWUiIGhyZWY9Im1haWx0bzpzYW1pa3NoYS5zYXhlbmFAb25lLnZlcml6b24uY29tIiB0YXJn
ZXQ9Il9ibGFuayI+c2FtaWtzaGEuc2F4ZW5hQG9uZS52ZXJpem9uLmNvbTwvYT4mZ3Q7PGJyPjxz
cGFuPkNjOiA8L3NwYW4+ICI8YSBtb3otZG8tbm90LXNlbmQ9InRydWUiIGhyZWY9Im1haWx0bzpv
aXNmLXVzZXJzQGxpc3RzLm9wZW5pbmZvc2VjZm91bmRhdGlvbi5vcmciIHRhcmdldD0iX2JsYW5r
Ij5vaXNmLXVzZXJzQGxpc3RzLm9wZW5pbmZvc2VjZm91bmRhdGlvbi5vcmc8L2E+IiAmbHQ7PGEg
bW96LWRvLW5vdC1zZW5kPSJ0cnVlIiBocmVmPSJtYWlsdG86b2lzZi11c2Vyc0BsaXN0cy5vcGVu
aW5mb3NlY2ZvdW5kYXRpb24ub3JnIiB0YXJnZXQ9Il9ibGFuayI+b2lzZi11c2Vyc0BsaXN0cy5v
cGVuaW5mb3NlY2ZvdW5kYXRpb24ub3JnPC9hPiZndDssIFZpY3RvciBKdWxpZW4gJmx0OzxhIG1v
ei1kby1ub3Qtc2VuZD0idHJ1ZSIgaHJlZj0ibWFpbHRvOmxpc3RzQGlubGluaWFjLm5ldCIgdGFy
Z2V0PSJfYmxhbmsiPmxpc3RzQGlubGluaWFjLm5ldDwvYT4mZ3Q7PGJyPjxzcGFuPlN1YmplY3Q6
IDwvc3Bhbj4gUmU6IFtPaXNmLXVzZXJzXSBTdXJpY2F0YSBpbiBjb250YWluZXI8YnI+PC9kaXY+
PGRpdj48YnI+PC9kaXY+PHAgZGlyPSJsdHIiPklmIHlvdSB1c2UgdGhhdCBwYXJ0aWN1bGFyIGNv
bnRhaW5lciBhcyByZXZlcnNlIHByb3h5IGZvciBleGFtcGxlLiA8L3A+PGRpdiBjbGFzcz0iZ21h
aWxfcXVvdGUiPk9uIEp1biAyLCAyMDE1IDQ6MDEgUE0sICJTYXhlbmEsIFNhbWlrc2hhIiAmbHQ7
PGEgbW96LWRvLW5vdC1zZW5kPSJ0cnVlIiBocmVmPSJtYWlsdG86c2FtaWtzaGEuc2F4ZW5hQHZl
cml6b24uY29tIiB0YXJnZXQ9Il9ibGFuayI+c2FtaWtzaGEuc2F4ZW5hQHZlcml6b24uY29tPC9h
PiZndDsgd3JvdGU6PGJyIHR5cGU9ImF0dHJpYnV0aW9uIj48YmxvY2txdW90ZSBjbGFzcz0iZ21h
aWxfcXVvdGUiPkhvdyB0byBtYWtlIGEgY29udGFpbmVyIGEgaG9wIGluIHRoZSB0cmFmZmljPzxi
cj48YnI+PGJyPk9uIDYvMi8xNSwgNTo0NiBBTSwgIlZpY3RvciBKdWxpZW4iICZsdDs8YSBtb3ot
ZG8tbm90LXNlbmQ9InRydWUiIGhyZWY9Im1haWx0bzpsaXN0c0BpbmxpbmlhYy5uZXQiIHRhcmdl
dD0iX2JsYW5rIj5saXN0c0BpbmxpbmlhYy5uZXQ8L2E+Jmd0OyB3cm90ZTo8YnI+PGJyPjxicj4m
Z3Q7T24gMDUvMjYvMjAxNSAxMTozMSBQTSwgU2F4ZW5hLCBTYW1pa3NoYSB3cm90ZTo8YnI+PGJy
PiZndDsmZ3Q7IElzIHRoZXJlIGEgd2F5IHRvIGNvbmZpZ3VyZSBzdXJpY2F0YSBpbiBjb250YWlu
ZXIgZm9yIElQUz8gSSB3YW50IHRvPGJyPjxicj4mZ3Q7Jmd0OyBmb3J3YXJkIGFsbCB0aGUgdHJh
ZmZpYyBjb21pbmcgZnJvbSBpbnRlcm5ldCB0byBhIExvYWQgYmFsYW5jZXI8YnI+PGJyPiZndDsm
Z3Q7IGNvbnRhaW5lciBmb3J3YXJkZWQgdG8gU3VyaWNhdGEgY29udGFpbmVyIGZvciBJUFMuIElz
IHRoaXMgcG9zc2libGUgYW5kPGJyPjxicj4mZ3Q7Jmd0O2hvdz88YnI+PGJyPiZndDs8YnI+PGJy
PiZndDtJIHRoaW5rIGl0J3MgcG9zc2libGUsIGlmIHlvdSBjYW4gbWFrZSB0aGUgY29udGFpbmVy
IGEgaG9wIGluIHRoZTxicj48YnI+Jmd0O3RyYWZmaWMgcGF0aC48YnI+PGJyPiZndDs8YnI+PGJy
PiZndDstLTxicj48YnI+Jmd0Oy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLTxicj48YnI+Jmd0O1ZpY3RvciBKdWxpZW48YnI+PGJyPiZndDs8YSBtb3otZG8tbm90
LXNlbmQ9InRydWUiIGhyZWY9Imh0dHA6Ly93d3cuaW5saW5pYWMubmV0LyIgdGFyZ2V0PSJfYmxh
bmsiPmh0dHA6Ly93d3cuaW5saW5pYWMubmV0LzwvYT48YnI+PGJyPiZndDtQR1A6IDxhIG1vei1k
by1ub3Qtc2VuZD0idHJ1ZSIgaHJlZj0iaHR0cDovL3d3dy5pbmxpbmlhYy5uZXQvdmljdG9yanVs
aWVuLmFzYyIgdGFyZ2V0PSJfYmxhbmsiPmh0dHA6Ly93d3cuaW5saW5pYWMubmV0L3ZpY3Rvcmp1
bGllbi5hc2M8L2E+PGJyPjxicj4mZ3Q7LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tPGJyPjxicj4mZ3Q7PGJyPjxicj4mZ3Q7X19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX188YnI+PGJyPiZndDtTdXJpY2F0YSBJRFMgVXNlcnMg
bWFpbGluZyBsaXN0OiA8YSBtb3otZG8tbm90LXNlbmQ9InRydWUiIGhyZWY9Im1haWx0bzpvaXNm
LXVzZXJzQG9wZW5pbmZvc2VjZm91bmRhdGlvbi5vcmciIHRhcmdldD0iX2JsYW5rIj5vaXNmLXVz
ZXJzQG9wZW5pbmZvc2VjZm91bmRhdGlvbi5vcmc8L2E+PGJyPjxicj4mZ3Q7U2l0ZTogPGEgbW96
LWRvLW5vdC1zZW5kPSJ0cnVlIiBocmVmPSJodHRwOi8vc3VyaWNhdGEtaWRzLm9yZyIgdGFyZ2V0
PSJfYmxhbmsiPmh0dHA6Ly9zdXJpY2F0YS1pZHMub3JnPC9hPiB8IFN1cHBvcnQ6IDxhIG1vei1k
by1ub3Qtc2VuZD0idHJ1ZSIgaHJlZj0iaHR0cDovL3N1cmljYXRhLWlkcy5vcmcvc3VwcG9ydC8i
IHRhcmdldD0iX2JsYW5rIj5odHRwOi8vc3VyaWNhdGEtaWRzLm9yZy9zdXBwb3J0LzwvYT48YnI+
PGJyPiZndDtMaXN0OiA8YSBtb3otZG8tbm90LXNlbmQ9InRydWUiIGhyZWY9Imh0dHBzOi8vbGlz
dHMub3BlbmluZm9zZWNmb3VuZGF0aW9uLm9yZy9tYWlsbWFuL2xpc3RpbmZvL29pc2YtdXNlcnMi
IHRhcmdldD0iX2JsYW5rIj5odHRwczovL2xpc3RzLm9wZW5pbmZvc2VjZm91bmRhdGlvbi5vcmcv
bWFpbG1hbi9saXN0aW5mby9vaXNmLXVzZXJzPC9hPjxicj48YnI+Jmd0O1N1cmljYXRhIFVzZXIg
Q29uZmVyZW5jZSBOb3ZlbWJlciA0ICZhbXA7IDUgaW4gQmFyY2Vsb25hOjxicj48YnI+Jmd0Ozxh
IG1vei1kby1ub3Qtc2VuZD0idHJ1ZSIgaHJlZj0iaHR0cDovL29pc2ZldmVudHMubmV0IiB0YXJn
ZXQ9Il9ibGFuayI+aHR0cDovL29pc2ZldmVudHMubmV0PC9hPjxicj48YnI+PGJyPl9fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPGJyPjxicj5TdXJpY2F0YSBJ
RFMgVXNlcnMgbWFpbGluZyBsaXN0OiA8YSBtb3otZG8tbm90LXNlbmQ9InRydWUiIGhyZWY9Im1h
aWx0bzpvaXNmLXVzZXJzQG9wZW5pbmZvc2VjZm91bmRhdGlvbi5vcmciIHRhcmdldD0iX2JsYW5r
Ij5vaXNmLXVzZXJzQG9wZW5pbmZvc2VjZm91bmRhdGlvbi5vcmc8L2E+PGJyPjxicj5TaXRlOiA8
YSBtb3otZG8tbm90LXNlbmQ9InRydWUiIGhyZWY9Imh0dHA6Ly9zdXJpY2F0YS1pZHMub3JnIiB0
YXJnZXQ9Il9ibGFuayI+aHR0cDovL3N1cmljYXRhLWlkcy5vcmc8L2E+IHwgU3VwcG9ydDogPGEg
bW96LWRvLW5vdC1zZW5kPSJ0cnVlIiBocmVmPSJodHRwOi8vc3VyaWNhdGEtaWRzLm9yZy9zdXBw
b3J0LyIgdGFyZ2V0PSJfYmxhbmsiPmh0dHA6Ly9zdXJpY2F0YS1pZHMub3JnL3N1cHBvcnQvPC9h
Pjxicj48YnI+TGlzdDogPGEgbW96LWRvLW5vdC1zZW5kPSJ0cnVlIiBocmVmPSJodHRwczovL2xp
c3RzLm9wZW5pbmZvc2VjZm91bmRhdGlvbi5vcmcvbWFpbG1hbi9saXN0aW5mby9vaXNmLXVzZXJz
IiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly9saXN0cy5vcGVuaW5mb3NlY2ZvdW5kYXRpb24ub3Jn
L21haWxtYW4vbGlzdGluZm8vb2lzZi11c2VyczwvYT48YnI+PGJyPlN1cmljYXRhIFVzZXIgQ29u
ZmVyZW5jZSBOb3ZlbWJlciA0ICZhbXA7IDUgaW4gQmFyY2Vsb25hOiA8YSBtb3otZG8tbm90LXNl
bmQ9InRydWUiIGhyZWY9Imh0dHA6Ly9vaXNmZXZlbnRzLm5ldCIgdGFyZ2V0PSJfYmxhbmsiPmh0
dHA6Ly9vaXNmZXZlbnRzLm5ldDwvYT48YnI+PC9ibG9ja3F1b3RlPjwvZGl2Pjwvc3Bhbj48L2Zv
bnQ+PC9kaXY+PGZvbnQgc2l6ZT0iKzEiPjxicj48L2ZvbnQ+PC9ibG9ja3F1b3RlPjwvZGl2Pjxm
b250IHNpemU9IisxIj48YnI+PGJyPjxicj48L2ZvbnQ+PGZpZWxkc2V0IGNsYXNzPSJtaW1lQXR0
YWNobWVudEhlYWRlciI+PC9maWVsZHNldD48Zm9udCBzaXplPSIrMSI+PGJyPjwvZm9udD48cHJl
IHdyYXA9IiI+PGZvbnQgc2l6ZT0iKzEiPl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fPGJyPlN1cmljYXRhIElEUyBVc2VycyBtYWlsaW5nIGxpc3Q6IG9pc2Yt
dXNlcnNAb3BlbmluZm9zZWNmb3VuZGF0aW9uLm9yZzxicj5TaXRlOiBodHRwOi8vc3VyaWNhdGEt
aWRzLm9yZyB8IFN1cHBvcnQ6IGh0dHA6Ly9zdXJpY2F0YS1pZHMub3JnL3N1cHBvcnQvPGJyPkxp
c3Q6IGh0dHBzOi8vbGlzdHMub3BlbmluZm9zZWNmb3VuZGF0aW9uLm9yZy9tYWlsbWFuL2xpc3Rp
bmZvL29pc2YtdXNlcnM8YnI+U3VyaWNhdGEgVXNlciBDb25mZXJlbmNlIE5vdmVtYmVyIDQgJmFt
cDsgNSBpbiBCYXJjZWxvbmE6IGh0dHA6Ly9vaXNmZXZlbnRzLm5ldDwvZm9udD48L3ByZT48Zm9u
dCBzaXplPSIrMSI+PGJyPjxicj48L2ZvbnQ+PC9ibG9ja3F1b3RlPg==" style="min-height:0;width:0;max-height:0;max-width:0;overflow:hidden;font-size:0em;padding:0;margin:0"></div>
</div></div></div>
</div></blockquote></div><br></div></span></body></html>