From 986c9fc4663deecf801d50c153ac7b1582f25d68 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Fri, 25 Mar 2022 01:43:19 +0100 Subject: [PATCH] Improved ASN.1 parsing for Keberos. Fixes #1492. * This is a quick fix, the Kerberos protocol dissector requires some refactoring effort. Signed-off-by: Toni Uhlig --- src/lib/protocols/kerberos.c | 221 +++++++++++++++++++++++++++ tests/pcap/kerberos-login.pcap | Bin 0 -> 37920 bytes tests/result/kerberos-login.pcap.out | 21 +++ 3 files changed, 242 insertions(+) create mode 100644 tests/pcap/kerberos-login.pcap create mode 100644 tests/result/kerberos-login.pcap.out diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c index 65b35838f588..19134a34deac 100644 --- a/src/lib/protocols/kerberos.c +++ b/src/lib/protocols/kerberos.c @@ -36,6 +36,218 @@ static int ndpi_search_kerberos_extra(struct ndpi_detection_module_struct *ndpi_ struct ndpi_flow_struct *flow); +/* Reference: https://en.wikipedia.org/wiki/X.690#Length_octets */ +static int krb_decode_asn1_length(struct ndpi_detection_module_struct *ndpi_struct, + size_t * const kasn1_offset) +{ + struct ndpi_packet_struct * const packet = &ndpi_struct->packet; + unsigned char length_octet; + int length; + + length_octet = packet->payload[*kasn1_offset]; + + if (length_octet == 0xFF) + { + /* Malformed Packet */ + return -1; + } + + if ((length_octet & 0x80) == 0) + { + /* Definite, short */ + length = length_octet & 0x7F; + (*kasn1_offset)++; + } else { + /* Definite, long or indefinite (not support by this implementation) */ + if ((length_octet & 0x7F) == 0) + { + /* indefinite, unsupported */ + return -1; + } + + length_octet &= 0x7F; + if (length_octet > 4 /* We support only 4 additional length octets. */ || + packet->payload_packet_len <= *kasn1_offset + length_octet + 1) + { + return -1; + } + + int i = 1; + length = 0; + for (; i <= length_octet; ++i) + { + length |= packet->payload[*kasn1_offset + i] << (length_octet - i) * 8; + } + *kasn1_offset += i; + } + + if (packet->payload_packet_len <= *kasn1_offset + length) + { + return -1; + } + + return length; +} + +/* Reference: https://en.wikipedia.org/wiki/X.690#Identifier_octets */ +static int krb_decode_asn1_sequence_type(struct ndpi_detection_module_struct *ndpi_struct, + size_t * const kasn1_offset) +{ + struct ndpi_packet_struct * const packet = &ndpi_struct->packet; + + if (packet->payload_packet_len <= *kasn1_offset + 1 /* length octet */ || + packet->payload[*kasn1_offset] != 0x30 /* Universal Constructed Tag Type: Sequence */) + { + return -1; + } + + (*kasn1_offset)++; + + return krb_decode_asn1_length(ndpi_struct, kasn1_offset); +} + +/* Reference: https://en.wikipedia.org/wiki/X.690#Identifier_octets */ +static int krb_decode_asn1_string_type(struct ndpi_detection_module_struct *ndpi_struct, + size_t * const kasn1_offset, + char const ** const out) +{ + struct ndpi_packet_struct * const packet = &ndpi_struct->packet; + int length; + + if (packet->payload_packet_len <= *kasn1_offset + 1 /* length octet */ || + (packet->payload[*kasn1_offset] != 0xA3 /* Context-specific Constructed Tag Type: Bit String */ && + packet->payload[*kasn1_offset] != 0xA4 /* Context-specific Constructed Tag Type: Octect String */ && + packet->payload[*kasn1_offset] != 0x30 /* Sequence Of */)) + { + return -1; + } + + (*kasn1_offset)++; + + length = krb_decode_asn1_length(ndpi_struct, kasn1_offset); + if (length < 0) + { + return -1; + } + + if (out != NULL) + { + *out = (char *)&packet->payload[*kasn1_offset]; + } + + return length; +} + +static int krb_decode_asn1_blocks_skip(struct ndpi_detection_module_struct *ndpi_struct, + size_t * const kasn1_offset) +{ + struct ndpi_packet_struct * const packet = &ndpi_struct->packet; + int length; + + if (packet->payload_packet_len <= *kasn1_offset + 1 /* length octet */ || + (packet->payload[*kasn1_offset] != 0xA0 && + packet->payload[*kasn1_offset] != 0xA1)) + { + return -1; + } + + (*kasn1_offset)++; + + length = krb_decode_asn1_length(ndpi_struct, kasn1_offset); + if (length < 0) + { + return -1; + } + + return length; +} + +/* Reference: https://datatracker.ietf.org/doc/html/rfc4120 */ +static int krb_parse(struct ndpi_detection_module_struct * const ndpi_struct, + struct ndpi_flow_struct * const flow, + size_t kasn1_offset) +{ + int length; + char const * text; + + length = krb_decode_asn1_sequence_type(ndpi_struct, &kasn1_offset); /* Optional PADATA */ + if (length > 0) + { + kasn1_offset += length; + } + + length = krb_decode_asn1_string_type(ndpi_struct, &kasn1_offset, &text); + if (length < 0) + { + return -1; + } + + kasn1_offset += length; + text += 2; + length -= 2; + if (flow->protos.kerberos.domain[0] == '\0') + { + int dst_len = ndpi_min(length, (int)sizeof(flow->protos.kerberos.domain) - 1); + strncpy(flow->protos.kerberos.domain, text, dst_len); + flow->protos.kerberos.domain[dst_len] = '\0'; + } + + length = krb_decode_asn1_string_type(ndpi_struct, &kasn1_offset, NULL); + if (length < 0) + { + return -1; + } + + length = krb_decode_asn1_sequence_type(ndpi_struct, &kasn1_offset); + if (length < 0) + { + return -1; + } + + length = krb_decode_asn1_blocks_skip(ndpi_struct, &kasn1_offset); + if (length < 0) + { + return -1; + } + kasn1_offset += length; + + length = krb_decode_asn1_blocks_skip(ndpi_struct, &kasn1_offset); + if (length < 0) + { + return -1; + } + + length = krb_decode_asn1_string_type(ndpi_struct, &kasn1_offset, &text); + if (length < 0) + { + return -1; + } + + kasn1_offset += length; + text += 2; + length -= 2; + if (flow->protos.kerberos.hostname[0] == '\0' && text[length - 1] != '$') + { + int dst_len = ndpi_min(length, (int)sizeof(flow->protos.kerberos.hostname) - 1); + strncpy(flow->protos.kerberos.hostname, text, dst_len); + flow->protos.kerberos.hostname[dst_len] = '\0'; + for(int i = 0; i < dst_len; ++i) + { + flow->protos.kerberos.hostname[i] = tolower(flow->protos.kerberos.hostname[i]); + } + } else if (flow->protos.kerberos.username[0] == '\0') { + int dst_len = ndpi_min(length - 1, (int)sizeof(flow->protos.kerberos.username) - 1); + strncpy(flow->protos.kerberos.username, text, dst_len); + flow->protos.kerberos.username[dst_len] = '\0'; + for(int i = 0; i < dst_len; ++i) + { + flow->protos.kerberos.username[i] = tolower(flow->protos.kerberos.username[i]); + } + } + + return 0; +} + static void ndpi_int_kerberos_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_KERBEROS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); @@ -402,6 +614,15 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, #endif koffsetp = koffset + 4; + if (krb_parse(ndpi_struct, flow, koffsetp) == 0) + { + NDPI_LOG_DBG(ndpi_struct, + "[TGS-REP][s/dport: %u/%u][Kerberos Hostname,Domain,Username][%s,%s,%s]\n", + sport, dport, flow->protos.kerberos.hostname, flow->protos.kerberos.domain, + flow->protos.kerberos.username); + flow->extra_packets_func = NULL; + return; + } pad_data_len = packet->payload[koffsetp]; /* Skip realm already filled in request */ cname_offset = pad_data_len + koffsetp + 15; diff --git a/tests/pcap/kerberos-login.pcap b/tests/pcap/kerberos-login.pcap new file mode 100644 index 0000000000000000000000000000000000000000..54891a203db9cc393dd865e03fec907fe9b55832 GIT binary patch literal 37920 zcmeFZ1yEgEwy2G4+}$m>1$Wor!7aE4cY-?v_uxT-ySrO(_u#I<-QFhs>im7~=|0_k ztL|U#RvoIwuG(|$xml}<`SGnW=2+9+Rasyl0FeLh2LJ*Je3RX3#p$sH2eJ)3^co=G zFL}lAz}Ng@cxVtY5WpNr0tko?3aTqCC_ES}1UM*w97G+^9r)eS4^YqO2dK^h2Lpx3 z2EM?5^8+veN9ch;{W=Po?FS$R_yO>({Q%g&LG;YmkG>v3%!UGo_;o7Z{J<^s{lLu_ z{lJa>b{HNHR#Z$*LsaCg$a~prB1VGOVX!PrMsz$#3wr}cQ^&vm0B}AXa4yyBhp=A1 z8Z6rn92ejRj_DlCExxk!!Elyr;<(!&|cN&m>mbcR8-BJ&Q)!7B6{Ug_08rIt%R&;`N zTHucmj%=1{VslO*WL5?BoNOQK`T0mx@7|t0#u#h&*9;wxA7&CbeD7yn{1^^$?>>fw9?V zhBa1Cd0lHrv8t08f|xQfClj&zL5K-SUi>pZ2HUJWmI|v{gQ09`L;lEnUKikU3@9hciN%|a&*vYFLoxJa)L+@4rRHkNnV3uQhU5{gx=!BI0UZY3kXLHdIG-o`)AS+)cr+9{9mwLf z4=+zx40}y3&UXy<^Bp`D2-v+m!v`00nnhOuOG@ z|9M-uxKk;C7;u}ajGX}3Q);7?PL!}Dmvh*cdtg*fTo)m@_F#{`NZ`jzl{#~_D#%iP zwz?rIl0uW@1OBy1l;CCJ9i<(SESCvA8OyEkg=p*snJsI~>B}uN{G=&jkQ^xIA2*q) zG$ciq<*}xSAAtUO&u?_z4M;b1m->QNv@|SZqSfsNqqeUy^%=~A*y zKvhsOCf508)OK{=kc~(s82zr$r1V_e!K#V#^bLEy(zbb){RANHn}9kVMj-KLDlO!3 zoysx_2ZL0_^nvRfdq&&LR~iWV0BQ8Q#s7_jk?7Z%W??g8;sMNT931fwKiM+9H8Qq# zH8Ol_Xk(R&f{nz?$il(M#l*tM%*x5grkM{327v4Gr7FN-!~!w_4D7`n4AcjBy+9y= zfno#SyS_rt9|*lMAn;z}Z@Bv#`hG#LQ)1#3dV`9uzImnENug5^MpcoSO@a{a)afq=6ILdyDYvwk-r`(Ixp5OJ))*^IBV ze?#0GAmRvjcp4%m=5K3@p52|dzrGjVUW=}C-76IPD5A?0pahdR5xpEn)avrnfVIpCs=1k{Yjy2si?dZs99$`RwS;#CwNUXdK zQ<x-S}*L|XmZH=%Y!QtJOAH@g^?rc!kz*up(E8jRZOxy1aR2rozJ!wZ!#e;Pi^Lp!Jw;Na2y^-c<1K1Td^* z`L?RYX+Q)s_lMlvl=5ql61BGLt(< z3s=gZZ1xHI`%1$o-JTUuXuGyUio0+So=;GmxCJOEbBbSkrQvjZkTUTUYng}M9XlTm zv++Kd>ZE8ee$f?*r0M=HxM(#RWMagF;dprR_}rXzweikyqTOr(8B^8+u~AT#UNcC2 zEq(2!?K>!nz+i%d1q7JNhT$k#p}L3(kGcOqJa?Y&HKXsv>#6~w?hxR+XS+uBRK*;J z6R5hwo9(1L#y4dJs~j1N5pCx34lW%Rhu8H>dXJcn?(CzT3N|NXa|EK3fJCs$5z^tj zdq!z)rOtX*Ass+X@u0jBbouFnT%@Qyb2LSST&sOf55o_Kz>=&zC2PmQEahfhG#E(g z;H3G-_DcnDk(~;I-gX1d3Zyt^Z@4aZ%UE(*UEC6Zx5g+bedq~RV&xMrUJ+cbg8Ilc zXF{&G>)YkBf!+x`r(b{eXJz?_JmhvEc}iAuNftbQ);gmj8*ebmn%v2p>80G^@cz=G z_U-e)i%@D>X_XrHaNr)%Sj{&e-ZbGMLC%0^dyPLh-6lxpFQ+s3&FQFtfE&Zq20C3g z5O3|TBK4co2?9rWfx-DY`s#EHK&PVxIvpi&ko0d%10MOE(|H1s=L&?D(?3Gqzu|Oz zz`0z%10F39c$5LQ`84{Rjo($JB6S0%=-NjVe_Fo}S@v{4rlF~wo|D#e8+gLO1*}b; z>0R`1^1!oPrLW)x$b2*=-0!sWkz^G@26xVyGD;yJbzv^koFAr{D4b`rkBUf39%~Zv z=+$V(pXiSkaGyJeKk(vGgQ%$Gb(SA|bEmYNS^80n=SQV+sAag)4jayizvS@?@=M&~ zt+|S=Nh^OOXg!5txcn-%_!UWPK@U!K1SAi3zxfWDE#YLRbQ@F`_rf9_%}xNPu6w3d zjEpeeNSY-H>n_Mnv@-mNhdHFr(Y>BEZa&%%Hb~feqB821g7HFy;V!k&g%-^!FSYPO zU!Aj`x6Q73B5F$#{IxQH1=2gYiynGr`O2kxJ|ZG&R?X+ogayeO3*B4AmD z7>yqqF?v6K#0g+|Q4{qfP@6|YF?cIAudR^w35HhS!e;W$O;KwZIt1m&UV7+yBTNj`s;zu0JPt3_% zOxa9nnBCB(%mfdo)Nq;aXoE4M3vHl5DonGtJ`?31#SO2a~V4udr-h zmM$&*hrWr~gqRwweCLbn+>C)*%Lm!jWb~g<^d6z=Y9q&idBiEC{FW(kr(SOaA z)V}yA?KEMlwBq!UfvWgQV$t|}L*!4i-V+}0h1{u$ds*wuceeeQ6v5AN9e2S-5}u;H z=tJRiQ_L>xQpc1=w9?v|O9&Tl6@%oNoBClzweC!Zz61xa!FAU_|D0ReU=-3nMpOCB zYlcuHg(*CI7pP-mwB>&Fur~wtGSU|ta z0a7jVZ`cB!*njmq6h@@iW1v~kjF5N$pp23M1zMUYV|5dcnr$bxz&tQ2~qoG?i)d4%#sXQ1?1~xk9uiQb*MCewzIDvHB>pn7t5#h z(ukhbcd*GIRF|-Ii6JQ;NNqg!oq|`)6Ni^N6NAfyhiBb)Sr|2ddQ^R-*^+k1Odw5$ zfGr#AY@FLP5@ z;QDPJW}`LCl5FPhebR5~`@)Z5imMrugaFj2bO5Ds_&$g$9B7O~ZohiUo9%ro*f+G{ zY`L{C<3k`tRQ0SDsLVLv`0&xDcfm8fFe4v6L)dyzGe>P{z&n6;|Dbdd zgZw#>xkA3GA=(w>&HAlZqt|1DI|DjX$LqT(%#wyum=nb$!pTjW(0&2vR-=b>E7b>= z7DNz_dz}n)XqZhFI+cu=VR~X06{e|?#cm-LFM6sYMfI;oi}zlBQy!i%rjYM$QVzW4 z?tP=mM&W~aG>n-DH3r~Q#o36>W?PU5qr|(8mxj~r?gpLBx@M6)U>VpUn_azPbK1Dt zu--s^r7}r0O;;@`tp6Z{eWNDc#i6|X<>5uq--TcXTDdX;hCvom0+uwsV;L!IgW#Ks z=WhJMK9bQq2cvx&%gi*ssSsie)Fay}JT|swSZ~t>BSNYeeLzEUodWHbmo%8d2+%wH z#YX(HJcKS$hV!sN_#qDutl&=!bx74IvzaH0Le0`Os~wOUjGnon8SwdcI^-z%u0_y! zXB(F?NbA{Tc%4!j!YQ^9`3dU~*V`iJq)@70{~1g+NCpNC0!wIW)>I;z_+Bj*vn z^AuXo*Yk`k(yvi_OCN{Oa zo42{Azj9FU|FCWd_;&Qc^81*TB9pB?JJgFZ8ml;Ov>mDn2PoQ$Lpa#YH-`hC^Qm{~ z7e^a8;X;xYi7;w`Kj+u0t@5k{-8Q<^dbHozX(oYo^LpUCI$(e4<8<8zDFYaV1>xXl9G9+KhdRir#XY&jL@8FqkK_d~Wl z$j)Am-YL1Zu(XN4OIq_tq-@_IdL`Ts4k(agAl+W$4~n-6lKV^X^nX)4TA<<$U9tid zuN_FZ=HDsaUunC)(sqBP?fy5V?cV!AL4kpLkfwac@z%8){kAWWJ!V_agLQ9ZF>?SO ziJr&+JGux{PoVTfKd?2#LY14l(pQ^Ksd!+ATLyNa{217v)K8_Rbk4&+$!|Q_ud}>+ zoaCm+wKm8*k=Ys^i}}EAk&luAFJRW^+$Em3OFnK!g)prDF*$G= zk-dFscI68Wr4uOSg+86eUD~OT?&cSs+l4ow2yql zpZQKdbcu`QbbXsFGV0i2$x$PL__V?GY(2`y^^wH-&^Gb& zAfaC-E(~vzga)0Mh3sFbSraQQijulob0IV5{ctI7VH9t)m|NYSs6Ou$KYkqcXu#%4 zkUdSkJ=|A>Q-d&b@UtI43dCY+mX}+cOHtDRD?vJz*XVC9P#Ppc-jzKxufdSP!r`yg4$XXI0zo+2x)nluv|3e1sqXrm*H*uvgCY zva`f{vqPH{YQ3X&bdjhYzmH{nWj3Fl^I$l$jjp5=q`5s6>r=MBiwmfWKKMRn>`S^} zBATPBy&ZG5s)sjkmiQ?t1Xa6S26B|8lIhwhoF}Umt{#6KW%)7CSPmoC)_#ZKX!M9Oj$b9Odh#m#XDBj>9UmsEZMnFN=*UAm$4d8A;6QG#`><D+TaXmcp=2$KSY^ww|xU^0>MJ=0r#gWxl08(beN{EbN%77`{rfoFw(@_ z%sXlaf@^edWAJ#k_)g;rC z`>Q5F9y*+vP8Q!b)pPvuCJ{MMi;! zh%2(q=STfC&yvKu6$P)-;hzw31&Z-)st`_IsQY@x{_2BdcH7^-bSX<6<&FZ{+xS znb%-{*v7{SH)L)}@r!*At3!?qcv8s(< z0YqNve`I)$K*O^I8lL4pGQ59vg@5q6*BvOoysn&*8r`7mPzR2>2YLwM!;hyO?`@jp znzfM8-08YypI{rz>=hcTPm6dsLjlOhumQNWXzvvSkxG$RvOjvVnUmp|Q&2n=$w-vj z5Y}igm4&^h#NVBct8^^{eX_=rJj+`#ex|?W>_81+$Y`WPm3W`=wz^n}mQxP{DvwHF<%J}Wk}1E582*VA=FgUM z10NDLD%|doN=&!gbM1XCBTd7g7m3|Q~dJ2hI*}2UC$mLztns~avZt(G`~=^ z(^IY25CI3euqYDaYA3HjA#fK z)C+N$WKi5Onez~dAVwlYvIFOnm*!0NAbG2&=WewG#y`HwE_Nj>by~78tnCs;1Z8=Hmq78OC=NTgLTZ<6T^3h~N>a z@`MF+nxKDRwWiv_cKvdTM}S?!-4O;IS$v9D(aJ>qF^10xge+tDJI>eHHtPak(t1>^ znsH9KB|M$vwGZ=p=`T%aauZgu<{(2`Ub}|a2u<$V+7^M*7G(s!uKTAC8n8hif^SZS zHWn_JaN1wWw({lWndjj%u5oAk6!T}YZlQvE>h*j*G~ZI1;5_|gY)2wCLyTT)7hpTr zZW%8(vFdvFbeazXQr|Rci!ee{5)L{=Y-FZawfH8AQLRj!^J=)YiGn4>z z=7+AyEDpi$vZ4*uaQ|t~I`LZUM~c*tSx?V-H8TUk6(PE=5n8tAm9qOeDuj&r1_wQa zKa^*y?TYM^GjUZa4??g?C%FSdyYXOSYNQnU3CrGD-X%8Q>5o}Bgx{X`HZ_AUplT;+Z4UF3p^T_RXl3Zu*j5d8bAAC~Lpz#nRPp@!2 z^a23Fha+}pP4wI`{Hc6WtdWc{H{{Acu;E2s^N0DSD(Z2fd|nB+{^dVcBz(D!!2Sp7 zv1&id|Ao%c0EssYq}^-$LFd{eF@NbC^55wkJ)p?d1gLXgfy7Jsk95ufsB<|Zo6n%9diJm$Hgsk@?emLD(&z$7sG>n(lI4^Ymn~?7|&E?(6sYx6I)*{ z&|GKF^fzQtJ#MJkq*a^+@*KTNWKz{%vNEpTTi%we@X*QEkhRc^D2PO1 z!QA(YHNfZ0s(s_IX%cnpyu4?lbNkBA^7HMzJQ`inG=XmTcA9L26S;NcP~I>xmfg6U zvQ1Ozz!&&83Ho}w6rmgbqpYYHjR2#k#cz%*G-c{h_w_l>)i3PxtWiAtHucGaIg8<5 zSMSgXAg8E^s>CG5Yf@sZ9e!-d#Xf#BD0hwS)jhYV8yS#w~U zE~YT8e-lr9nsI#X$h}hIj-k%CkAhDxoxrWIk~hWlG*i#2T63k7on6 z1KENMDyFSRMnlSH>TOiv5j#nHA-O~47-=E#=cn*6TWjse4azv7Se@dM@purm6}rVA zB^GN-&ohRYB1{Gm!QPRHq0;pvRof52=`U%}*I-8FGM!8V)f&x>w(8ya3@0;2C>0P( z`<#z=JRjd0+HVzIAa0!ROR_Jvo0&+ir{UP9nJe*7Sn>_CnJw@u+Uwy@T_y&3ql{8p z_+JD@I=_SNj&vjmVe=Q)zzdZ!yXhZ-vLa(}8(L$&3*-@xC5I}vo|P6u?G}^c$0g{6 z?5YOE=_JNpAMi?#n)0)@rHCp!dl$(9Q0uCilin{so@MoJlNF(RZH+!xBS~(*7pQMTmE$b=5`dFe@eg^ba;yBfHF`Gg4mw8FnQbAR*4Z z7^cwu+=wa&&+X`Fx5-AcG~WsN6;vdIoa4>KsBme86iHMI_gC}k@f|85@beEp(;jT& zK_YjU=86$L7Sa8r*t2Sghezw_&W?&GyceRV`XMR6*~KbP;aZE9LOxb9QOLK!4{((P z5ok)$aw^Z*{U|8YD8L;=S!7g^rjRAA53P0&RwD9Q92CVrET&O?5Ni@^NqjJOw&Sx* zsfVl(eGfmBVmA3@$u@7z*<7f27G;xPyHGe8q*`hnHe{+Bd?V22Xy;%+9)MhXjX&7jF{sch+feF%vpHs<%`IRd18r^u$hLvMZ0;|c z`^)D3*V-KQL80=f3b(?D*bi6dN?L7>4vd0aQETV9xBhV}i@m1L4gRULm;@YMcF->1 zpMnIs_*WrAED;&h%&M3^x%rM2Qby_#l}8XUBzz9alh9PiZXPow&RbxIr{3Ba3KuJ<2iE z>=e8ZKP#}Q0ypeRTJXx_>L4;*`-8bfUafA}Ih3?f)UN)#r~S%MNn)h`6@cseJraG8 zM{9^;w0_3C6RA9>DOme>{|%SPcYge5+H)RTqLC|;}y(J>`r93W7h z>^Wa%f9~TsWACluxVruQ>2p1(%+P8zn3*O84CWlfrP~Q>7%pZufBl0I0@<_kUUTv% z*PE^t#U+_X70sRTCFVFO1tc61-~!T#_>DMz&z zZG*N51E%-eWWMgg@=Kjud|gH4?W}~NQzg(f3oqp)$d_4(?r{VT<7;zMJY)=XpO}yI zJSzB0sZa&-lquz0KbvG_<*KVq7xEUh^&uAtY7YOTRRJMaIj$bC2|$Eh#_qCXjSIpe zr8$XMvuzh0O)f9Fy<p@)tU_{ZQUS#bMtUvav zaLa+Mugy{QmoFe6vJ9{EgJPhAU7*Lx*9G?N?Cs9esUY2RPAO4T7GWpIG`f+{iyHVs zQ%eR=SUC6ZY6_h0$t#jTkHT0JG+QLn`vdXnYU!+Y8^cGtJg=3!xoMPWaO5g~#9+rS z>-j8{toefUOl#br{`CeO<_bu%L&4f@#6Cc(+ftz zsKv3B!+rz+uV-B1@Rh0rQ1k;|8f{jX$j3CtR)9B3%LEYT^``!6dq zd48ZMjDDa9uPYHe+Yb}~@B;-o?{Bw6@vWAcu2!Gp>`vvp0K@&bBfCRR!mhet`cMhy zn`%^?iM0vYP-mLu+4!^}qf-uZKxyUOCu@9#c|*BzK&0xf;dh?u#7-t{>ZPS&TDIpV z&@iL_uG&Zn=bSUB{dp(#J9P>DMZ-}qGCR@FU0$q@tDTt%r`Nvzi;fgFULfJ4a7JQB ziUc|WQb(4W5nZbzu%P%C6@*1?=FVb9e&{w-efalp=4E+BOhH9)6%7tP@tCh0o7~VK z`|8cGD7ZNsi4(-Elq}s2hjs9-_OPs{>soj}G(Le`MGJYI5L(r;5-3MWCPR|7!N9>% z2N)FqK2XN{qu?pk;0kNbzv3`78tzZ_=z&WAGQ;NI%#ihUj~=S^UwicaYOVdNwf28~ zYi-D~fsZ|$D4SL*di3GMr_`KHG+f3nUajQ!U$27*@8qN0Q7z=6*ho6QN{}u*x;s_F z?#w?k%uC_(*ogL&MYvxVHdRB$`s#~sc)ejf>9ye^FQ*V_b0nDW2+y;@TD%-B=}I%A zd&*rSq6X~?V*9)~cOPinacUu`Shpm$w|D#R@6r3!ckzckdVktti-jkv@-JL45(vM4 zzDG|A>z4~Y{+$c50$LIF{-^io{n@qtbN}1s_y$vN)GUo@wANF<&dntT&(SLfDdRFM zJS-IHWbIa`Y-XM~9Vwbto>r=jiLgng+^Bc`(;GwT1{KE|l>UWy%Qr@8mk!nlEMBEe z7j!4eu+3z@$%l$T)li_5*>)igoKPapVruK~`v9W%zARzn_(!6#mmRW`MVq^-7H93w zWKZ{-NRJ2BD!T(gau&zE9C<#qe%JD|LPV#6uh?h;x6sY72w^PkW(4VEY;pm#@EvRj zxKC2DT&_D&P%kOUEQVEX19=Sur`#`hmMPp>He}X5(-Zs*oHRq?PgzJD&Qc8u(l-8{ zAYr+y8O+eS7wP=^V);TWA0JKKI4Tsnm>{*E@n#+0wN%FeoC)xi%IO0ITGQoGK|)Ym zYvo{#B=tQ!W>UJ4!bJ3OqY%o+#{5ZQHXXODze3LofF$AgSuD{WcBm{|k+2OnYgr4V zsek^O>(S!62|=b?5>0JFAi#`hc}_Ntmp)*4h9K0wQ>C9=<8Z)^{h@OFfN0-@>k9F? z86tDc=N55zP1b*UE{^tq;Pft~n`slYq-=hlaIqc$ptjeFg4p&P0q3;;7E_#VC|RT&$V(yd#qsRuJ5z$WyE}!!@kNa%mHkWL}rSjc4KW2=~9W&rjnB&aEb0sbK#@5BYJDrE* zF7k#%oi;1xp)J~9E9`m~dDMQx<#pcVt0hwDokBaamL$FGO4SyGGg`T?hhUVnQWOK9 z(H0X_fECuiu!u4=kFbVPz(J=(lKgq+&%B{~wYxCYoNZ>wnrq?}XMItPFI9mq~`FUUnH0%8tl55}Fki}2C7Pm!B zl-A(Yv-^kZe4LeV=%2m&%XPr?rd$ojK3&D<>d8W=siQPpy?w5BLkP_FIb_uP!ydg1 zYxjuJBG5@(l_rQWDV^HpdsZ-#cjKR(>+h_$($QSO$b`J?5#zHsc{Y`yLN!V) zdE`j0KTW}SBO1F&40?q3Qm-{7_wI5AhHcn2tkBE~4uGylkAncR3%u=pjXz`o7eHHn zxt{!QuEz^>z237hpzAdPZ+&Zjmjz@2jxYd&_I32N zd|;Hw2{$Ky`hfXcD zrc2vExQOC)$u_`oCY^bC}DklwjxQeoya63oY%Yj4Puwsq|ymz9yaE8?aG1tTm!OKf{7iPbC$7xvaTVrX!#`X$B%E&iQP=TLGp@)I-|X4dmvYE+0nIRA#{%N{*9Y!q)G=@mBg z_mZ~lh70YpeQKflPs*#eX86<`q$1nGlKDkfoHLc0nR zUR)I9O<%Hmgln{nZHq)4uk%+cZ180l7t7f>*1J7NVJA4;NJb831~oFB9N!Q|-=JTM zCfgg}8UOv$&K91p!<2kbA>s>Vt{~DBb@f4^m;io;Ldv%X`Hh9}s*0ys#_f_RI20 z{?77v0YxMW|FW=)#P}Isp@Yc0fv5{SAP>Z?pZko}=TZVm)NDG1i&C}~JnFXj+>4Hf7WnNy_&6C1O)frmZC4}fk*ZI9e_#)1a}ZG~0sHA# z^B(k~b0_O(UsNN<7PR7Lcqd)+uN~q(UL^D??& zt)IYMvwLq|YFSc!XtbU$22XF^4mA#t;&uEWN+mi9$e_Uf#2&5L&B+~iE`39LTXW#u zo3xJ5Vn0`6wLiUHTVvQeTZH9MFms1i*ofN3S&&h>;Zh!yjR_3T>$x|s{4nzi{Z>^`p1kWsnATyYKaxBVBGQ9_fuO;wbR z*&idW9_BI5=lm}RF^LmAMXs(mZngG%qakDA=Z~#NZ_Gi?Ey-HRjN6UqC*9NL2U;?V z5;6%3z{Z9qGpQ3pNM|l6uXjMP6fv~V$QiaXtqSU*&vl=YHN*fY0ifRWjUZxqX`M8i zMUDBrEfp`7D#`80MxnNJ1*hGl%43z@hQ7sQj@^xPZYh`fC*J@LnWqB~JsE{Pm^9ObpaM~T)Z

fgeQ+}ugBH%%PIVNOvluVyX9X&?UlWP)qE z06W|J{t(EvfK3FD6QIt$#vhb!9rW>+(n0^GbV5L-8<}VVDqSbg(^~&uRk{vr<&)_7 zz-h_w;K=QF9wo{IzF&?x*P)-+>vgcRjb+)m5&|VhltBrTQ6z->SNpyCUB2mZrXtVm z4b7^KyP&lBW88yO2r!oGz_P4-@_fhfTx*Lh=^;g9sPCPWA1uC>=~t;HRA=|4cLuvz zquGBpln9pX`AFlOb(YGTYFiGYq74BWrSb@!D=FQ~Wb4eQ1K14iYGq(&F6uAvq7A8A zM{MQaTJ6KyXK@#BfbsTx#obOh5?hoUOI4m)dCF-2Y50?TXwODuEBkb;Rn6{0QLO9z z0fq84;9Scwr=1Ih_H)-_Fm@s+lg4{#g-7Q4uU7DzExl!#j_3{-LG}Ex%b&&iSr$1x z4U8c+M;(qHhZD2BXZcKhl$Vr4qQrE*c^C|T+g#pk{;xVBLq>0%}5St8|gjkjI^CkxdAdp|@f6gloKq9}a6De>Wn=zV@ zNRYx)2WZ^vPt0w}aNN8tE&~AYR*Bx0TF}Krc7RC?uOJ00Z5;~@&6pw7za%b-qt4KWh7y`??eR_Da+W zc1mciC57&lCaui~GmNh^(le$GZWYLq$r`mph>uD{d}*@Di%8`da22%{SJ}t3Y}}@0 z9KM%R4%#nRRgSDG0L2@1V(TAj>4>jcJ(-FemI$hwNS#%NJI^ZI`>|t*=4a^6mRI1? zEG7HScy2pgIu_K!9XD1b_FA#8cSzy!xRam@J%t}EB`l{z_!Kw!eg4fnT;Sdrhxd;E zm00)DTYIm~-bj%v>JXeLix&U+ z8X1=?#dM!`?7($*P+uA#)()#K7!YZq0Vz$CA5P!i?6Rg1X2|0dvQ!f9%5t}vP6kbs z*6?6r{%J{a2};7?u$S+@C|yLkq|8~p+O3VK!P{ymn2>pEj1N#3b3G zvd2qB_#VRKf_0e1r(?!!72&S;3ietK2Y6WV5X@8q1Ec->5oymPKRwKS^uD@Qrpv^4 zE@D!2P4by0)+Sy6cl@>ZLkaSH_PKoUt03mMPJZ}sMB$1Dhi9Di?8-x`*A)1yTz4Nc=g3o^%ajYE=khR zBM-D3L)2{W_f9BSByS?|N^e=asN`G}v+O;yM$!Ee6fx|21|R$9v5stQYP@tC88wk@ zqSaSnVz50Bo&*Rq_Et%t`^+x+*sOn+Cm={KcElBbO@$#EsepuuT|@Gz8{UV zPWRVAxF)=KSa(mT0c|Ik?H$T`Kh+rH>bw^_0tK@WQ4wP84;V$q1sTuRq2%!>p-7+u zUy;!%$#5#OaWUEIz*o6oY4wWzvG%u;`HFdv$xrlgVkU z5PuuDs~o1msF-W+JH0SJ>r?-{y4wR%9k*St%lA>3=X@B4~QeNLKM?k)bHoP)G6cK6Z(AC;h|2Q`t)Xc13DN;jHb@PYqLQxB5D+=lc$66 z&%dmKb>oz@(PfNF%3Cg`G<30*gz?YIPVX_Z_@>UFed9+;Gr&6MF4bTTd7~45%0A|# z%AOK%$w>-pbKGDzge@rwq0UutRumjONxioaMp1_C>JcsD?k_AOa2F-2h#K-vITI65 zta0g1#D`kY2vGImJC@;vcNsj5NBDQ!YV!(xBujnlkX|dTB}s%z*h2 zz2=PySD`Nd*2Pr*k!a?nI0yToT4}RDES*nLMP#?iXrAvAqwoFyRlIY6?+I(rk2zy* zsB$!@28gE~>ZBy@t#Yo;ppOLM^I(^&KV7)lO@54FNhHqJtW( zc%c*c7HP|=J%U`8CXj))cQcc~wTvM@jBs)VCd9IznR9YUT(dnX$V_q*M7Qf`$^A4| z=~BtdpBPhtQNzZ@M~zHNmoE@9VJBlRF5CHJ5%LC|4DxHqh~!cHXQ^dFG0AEW$lN^~ zgO!9Z2zsGZxQ0F&);7(#Facgp$M3-$cyWlcrwSO_ZM>Qdp_O)?2m)N&=3|0i%F+wV zaVy6F(6C9PI-Tj(<8p2JP=wd;8) zJ9bS~%(Cc7z@fvvDozyrrKikpAzXCEgjLC-hUsM5JMpiqW_RJ5aVNuo6JDn&Rsx|; z?3y7bLmHZ$uhDy9Z{SA6^W^gd=oAItERa8VB~H=IQV0||(nzS_c#ZxK^w=`fLrngO z;JrfcBM^H1K)HL3KL}ovRO>Inv-&&169(k1Tmc0y1t@r5{u9CbAF57F7wE%hAK$## zR?mVfOg(rrej~NRYcT8|6svWR771rm;;V88Ge~|vIVc-w@q|1sd+DlMUrdaSilsw& zSLH4X806-!k3dYxSkXoLjB~6(lyk#NnyMVSF6E~Dv8ySR-nucmdmXol^ap*>6;hoE z8p^e@AF_#rx>WzV*NL~G&=mN`is0&qN?zS4wAiewlhLLJBVS1e%QfHraWOvq;SJoT zYK(R4P0dw(oI4tTMju*E082CO+Y0d&Ke*mNI|$3L2nh5*3mCVOUf;*U6awQ8BqT7B zmO~VA%Q~T0Eq(V4^Eb!nc5XZ<94`EPYo^C|^n_S7c)>+71fRBd%N-Evflp?>I`kuj zK<|TzhRD{Rp@n4;3BrMd*Iu1F>d`ujdiH_aLHtlk(WjK*zh42lXRlwk-++DA?JH_q~nM%Trs%Sw|0%DWARoq;c z8x2wXqq^Q!pJ(*@hn~hNI9W7iOoacG&HULhbfl`g>}UKq_G73>pn$7?1FQEE;y4R_ z^dTsNyss>#%3R=kp6>;t@9F>5x;=pJw)B>O+5xKP&)AQfwn%_^v}m&K1pLipLrR0W zDIz@vLQnk(f;`d;G?PzOi37qf^_fX6HQMt7!jGTJMM;Q?`Rpc>@4-bp)M;mibay`F zZmvmDR%9bgqxhprr2ULmCFp7RD$Z?F_m0&1DZ1{F&&*m7&b{lNYMnLa!;ZQY9Y8lN z4J)&nf9PX<*I-VRl#5(8NFf;ktsDe&rhS%5O3!3Y57YtoA^e8v}A}=&!upUwON~@^=5b^L7J|m7K>` z2rgUTR+gP5u9fxhoM*>lm2&D}hILD^21Mpha%~6&QLv%}5ZP_jDUr63L5Qf)45WdDAByUe@{Fmg>{hj2A0;a1C zfs)q`gkjHrB6%Ue0&O6$Kul_ z$M}4NX^%iQk5!m~^t(^=jP~|O;~yh79~JG%4CO#wx6-!ye& zh9JOn7(E4NU~Qm~h|bNhj@H^ZmOT+7vDr2EE+swl#5r3#$JQk*y@ltsyh$Z{HiD8J z(8R=-)X8Pa@qSDOkhQ;yLz)zJPI3A_?OkU$Ty3`=qehn?4ABx@7^0UbAp}te6B0zP zL6nFVBhjO`L>s*iMwcMENOaL_FlyAO5uBOid%u&nocEj`@Av0iemsBn_3V2;d;Qq= zz1G@mtqXuY>q~nNdpBRJuyn7+C_dSezlO{6(k?rCVY}x+Xlijpw2XGF*J%#XH-E;q z_ni_^&XYRf5m`Fe!GdwuCMC)@L-y|VT*{sY^#X%rDU2CI!Fz%!O@O87k$W)~SO%3G zvv>kho>HPzynf$ctwmYm+^;@7OF5E?sf%}ie{v5>!Z9@9(L2XyCGMh5`M}xjP%2MQdMdl^`I0h{hD{7C--Bzz#6PP16hji%F~=X+!2eh zs5;Y0RhV~Qtx$Kq7Gv(|^i;-SmPm1#roMgY}6~Pv{Htkf{ zMNv%@iFunx+{5J~;dj?5;%JXg=1s73u`}}YK091ka;a|LiE2;i0m@FkLiT*+E2^i_ zQl2G&?SS-IEw10V>hOjv2XwWMAXD-|&~R z50@jq$45SYWp|d^f2`Ep8-b8B#vkKVZJr@g=VP(24bvLXAEb)~Ew+=4O0fv($Fs>OB-!5R&8cHfZ5bDYFl)D?6J$9_)fHmPyJtCN@?_u0g14CL@DM1-oJDHE|t zr@Z)7;d{qGS3-FX%~JMN*@ceaideR_r+zW1$=%#3tz)M8d2*oK3%u4CNqEpp^f#$o zp!g3-_~GA@PzjUDrEEV><({W<&r`YoKT^3AixwkP%^-1YM`To?fAOu4JPoY;3HDDu zye^LC(UyH^fkja1S3*3!eOZ!sTTxh~| zWjk7e@gr4o;V$y^rppd4gX%S-0`>(*u2R@tr-Tm3`D73BgNdH2R9H{WTj`(&FMi9@mY{%$XsYDtrYcM$1ctZnG2g$hFJ&_&{z8t029g(?7bB2Qo;9I#i$T0_E@Ou z&xZ6gq#+8Vgwvgh1A(B&{zpb?&2|d(iR(cHtp>&=n>H0+cSn}ux3nBgi-|s7UWb;2 zc2(6-i#~2c>hTNhPuUV(`_zbcKTLVs@^0*;>E@@zqoo;|&X{WN)XTlgVnGawjyL-r zI3`2i%Pt!V392NV>Ehbu+&z_pSeWfbplc*~y;H1~+VuUXKt7 z%QkBYhBx<#H72^KBaEL-T_NZzVb7jKz9Ej?2rn3BaR2hGwo1UujR)cm)9h!2wc!GW z)3bGDJn!({sK>=;T@abHrG35Svb(&Etb%adcqMiHc}|?4zxP)li@Z`-lJ7O@#T7Y; zt!56JNe)d=e#dJ4_@1YKnZhLS@xJ9~v*xg8#qbv)iZ@}2TjnJEBc$;bGB^#EeYgO{ zH;2i*k40`8xz-;wN4HBCtHsetb~NTXlc{oeZFQ-)7=t>p{Hqz1xaYsUyz9TRz!*+- zVr`i265x_;?nI>=9HW1^8K@Y7TbD|?#MU^?OIWliGt@AkCO+dR^RoCuhZbtt-7LCF zodvE;rdOkwWjG$U^UTCD<<*~ZMTZ)Dihy8&l?esJ5=?V1T@p@W;lwUlL*aX*o z%Uvxej|Gl%>V7rW?sgSNc9^U|#+j}!7ZwuhEY;px2n!+adv0~+S-!i+mwm6gDv;)u zgDFi}ZXGYF%l!`4D9_Qhc&c_Rc;HN=|JAIw?gExC#g>%RZ(yre;~e$Pa44P7bamc; z!Z9$&j5K<7v1ep%)glqW7PieuC!yCJf7-$?b(vaE27BmgrrkvE3#CN^VO23)W73K@ zx3HBekDOPviPLo=ab&VzINZr(=OWQ3V1<_r)^->AG`>7s#396;6>-^-xp4DgqeJ9y zuKBdRsE9E(KpE}pVit|Xc+$LgO_75z&OBzcBS3OHR|X)1S6sZ*>_!wlvUyy%d{>1-@Oj0fb@Ws>1$Dm@+ z0nnn^@V6r&X!O9ei%bC0M?aC#XapGa8wN5LFi*fBTmFLl&z?Er7vz8T%voq;Ika^! z>rZDE+|K)9=eK{bb0FFxp}yn*)O}sFU9o=J7-I>H6^8zC#8EV&4j$mg`r{e#6u0v+ zXGG-wY-i}Gc0mQXAfI$*3W zRn~Q3Mp3z#Ag|Q!T(n(gZg(xcMuBi|>3LwR)QmW}_~NYq8>`5v*k=b&`SS}Ip8~N% z?*kxMPOetpZ79jCXA=&?r~>m>R_E$~C6yowBe9Kbfqt81!^`--d#$6X_&8s2`zWa` zSB-?CZwjoe`i+*1SyHS?b}e(^1jE~I%&=`Ru$6F5zp^H`C-M?`u_1355b!8#5-Xd? zZG!gI`y;u*@WG=IR$#sy`O$^W_qipO@;9f(64W8``e)75{OJ(Go=NMXw*bC$4J(ib zNp<7hCizoy8%p{kQ0AL$gib2<#}oMsV)@Z{9mdUwdm%Yc>yU{@_rLIyE7uB+bY~gM z=}5C^?7|cIU^Ny9m+R8l_=b!mUWY1Vwin*CFB-cTbyN=@|La#)Yx1R zHD3aER*OVjJx{;J8;lscMjVpqQH`Ccrrg;$TCZi#wf($*U@YUgN21LDk#q@q#rSm3 zkhgbq#487TcZSjt_e$~9T2xAg(wcUh zI?r0Xc>%?{w}d%zRk{qTD_*^KdJ4!D0^qLs{4%|MB9Gmk$I=CMK{nbhAuEp~qWP<# z^9fO_5k!y1;qPZnnB5ZDn>wjuI!jtvZv~xWVAOyv8D>1_s2rV!nBgq@UBJxT$=6 z60+VI0>~lbO|&J^x<#+F^UNU=WbGuYq0DZ0jFoB@sj_^4?~7wvY-T#a)SvKXa9Y0P zp)`DCK8i(1SAniftka{zFzD`7meR?R&zegX3;~Ay_)!u)yD9?*2Cq}ic>WTfOiZq1 zXfa5ZN6mZVGc$kxvXxJF+uXW@;L0^blXIl*Vs+}7buJQmiAm$;1nM=*8Fhq|_PeX* z%U#v!v*q!k+fK@W1%YAyKjTn7 zI9~Far^=O0HxI!tDS=ALLWEBSZa>{a)_<`cgUgweg)+RoxG_(7C#&!@NUwpujdUSM zgJ(yqcDa*h{tO($;pwn9et9ET<74b4jbtJI3{O*rQJ=dDnhTzxKofAw4nmEwzrb*D zmqKS!vX>oIF{~bO_Ke{Y%@l%HdymVpCkYbJ!<;*-`h;|{6WkivD1mcg#T)k z1T-`K>2UFjfJMN<0s>&Lpy-eJ()SG69P@C&=>3;5v~~ImZT*R21xYG?$b!;8$b!)0 zIMPI4asp;`^uJ{oBK%bj;6FU4t#jHsr>%3^I;X93+WHUC7B8A)e)He{8QKyu!v;Xm z-WF#45fSe;NhO8|HB(@6UV$Ao6CZ#pbHN zWw@T2k-7Kp6!Ui>zas^VTH8%zwv9>H6EC~a`+9ar;dA!1jExI&!-GE}9#jg_Zn6gr zsb)^`4ev1bie#HJdi9O1yOGp5Qf}jqn>bOLZTIYJ6cYJszq?Cs8qp`a&Hz>LNk6ik z2_|e~QA>IdizSYKd!Ov<)iwBMP1P#l*Vy0Q)OVD}bvv(ZFWt=iy%@18+491A)9&OlVXjifL zD9Jon79f0rpP_=FzWOvG@a218C~dqH=#nth;>4MXoPKw2n#=-==;3}a@DhG7v)^WE zlzbsjpoUMyh7oD#Yc)qYwZ0yfr*ehyTNY?G;=KvaX0Y=hm0i-%rmi%J44-7Q<{LIF z`?f466Qqkt+u9;N%`KnHOcVl{?;D`#Cc+%nrZB(YhA0*Viy4*jhnEUI5}hd=8r_z( zm|opkGJP8PX?Qjk5M{dE8aDc252Uoi6KY#h=>9>GV7;?13~zOD>(z6`mVH>jg5#_P zYaidPLU)o4Qzlf??R`_F{tN>X^&N$nl-SX(XLEK*n$B7zz(mJE(d!Hk4FdRu7*9@z zWKU8JD26~F_xJvGLIe|vOI|D0F|6pT2If?=tJ@4D= zkH(+AF_uhjF{4fgkFxr*e1WFKJNd*pEPu=?N7QROHAMnpwTf-hM{O^Y)?Z6?y~X1m z6h4}NKP-?7E;6mQ%7}nl%&|be2Qj4TOVTT}2*kBa~$;}#5Pm)D3S`f7XxXWO|v-$r;4v3NYr zmbzn}3R1qHeXDqCB9U6{O;NAq$yUMT7tr@Nk}}h5uyU++;yJx!XTRg{2bdn%u98~k zsx8{#QR`;&aRyAj9-5w3Vin+&8K}Fb4j*S~h2n4Y$jpaO!_Ul=EI%u0cx2OaQ^V8C zt3BDvggN&}W1eNX?VHg$g(YGo!I4Zukb_&Rjp3_qyJL3xGFqJb(QL(y_C8O?jZ`6K z%=QpdbFu{nogU#O#0GCn`szW__4r$91 zbb4&+vktKux4UWF7$25dhxgO$+#ta36S`U27R`0dN>JhD6>{j(k+QckSW;yXpcRp9 zEjrjWLR0|u+Z^^0z3X%!x=VKZI}t%#@g&S0w@fWuwzS?wvta)V_O)a8o7OJD+S#v* zr9>m=+#5kmT*zQciVJVslykJ4*soT$u=1I7lUqoWN>&%PUVkljR;)9nU>3Dgf2WgA z!~*0#QPB6ANk6Iq%ei{lrIa|JhgWz*Qs8jEv(m$ROGws4-pYA!88SHQ6b70q_gZND z{;G!GpuCb++xZ)sdXwr`X?#%S!peia-_LT}Bir)v#ebp@ch*uso9 zOEao8>}C`fnEt!X4%%JBjKa(GOTgt`lH#fGa+Q!yPG7dyDn}ZoU35&B5SdFt-2OUa%F7LW6mSvRqA2nPJhCS zckGV2LsN$Vc|lk7bV)7kG|c9j)Hb#PN7ZcXuIy)cNUUr1G=P}5If8R%7AdD9TSSZ! z-H3v9xxgLu972|TAdT(SRd?ywB%+Y}%&pK6Sc-~)X5WU_yJ%hW;TGYuK*2I2-K`jm zvt^9tnBQ3Ij}bk9;CA7UsAJ9VBYLEX;cur>&{4+|4cgyF^e~8K=d5+kTIZ~F&RXZJ kbY53)k1T00000 literal 0 HcmV?d00001 diff --git a/tests/result/kerberos-login.pcap.out b/tests/result/kerberos-login.pcap.out new file mode 100644 index 000000000000..ebfb00d45d66 --- /dev/null +++ b/tests/result/kerberos-login.pcap.out @@ -0,0 +1,21 @@ +Guessed flow protos: 0 + +DPI Packets (TCP): 11 (11.00 pkts/flow) +DPI Packets (UDP): 12 (1.00 pkts/flow) +Confidence DPI : 13 (flows) + +Kerberos 39 37272 13 + + 1 TCP 192.168.10.12:44256 <-> 192.168.10.3:88 [proto: 111/Kerberos][ClearText][Confidence: DPI][cat: Network/14][9 pkts/3720 bytes <-> 6 pkts/3520 bytes][Goodput ratio: 84/88][0.00 sec][testbed1.ca\ubuntu64a][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 413/587 1621/1620 646/731][PLAIN TEXT (TESTBED)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100] + 2 UDP 10.1.12.2:1074 <-> 10.5.3.1:88 [proto: 111/Kerberos][ClearText][Confidence: DPI][cat: Network/14][1 pkts/1275 bytes <-> 1 pkts/1279 bytes][Goodput ratio: 97/97][< 1 sec][denydc.com][PLAIN TEXT (DENYDC.COM)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 3 UDP 10.1.12.2:1092 <-> 10.5.3.1:88 [proto: 111/Kerberos][ClearText][Confidence: DPI][cat: Network/14][1 pkts/1277 bytes <-> 1 pkts/1270 bytes][Goodput ratio: 97/97][< 1 sec][denydc.com][PLAIN TEXT (DENYDC.COM)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 4 UDP 10.1.12.2:1067 <-> 10.5.3.1:88 [proto: 111/Kerberos][ClearText][Confidence: DPI][cat: Network/14][1 pkts/1261 bytes <-> 1 pkts/1247 bytes][Goodput ratio: 97/97][0.04 sec][denydc.com][PLAIN TEXT (DENYDC.COM)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0] + 5 UDP 10.1.12.2:1076 <-> 10.5.3.1:88 [proto: 111/Kerberos][ClearText][Confidence: DPI][cat: Network/14][1 pkts/1261 bytes <-> 1 pkts/1247 bytes][Goodput ratio: 97/97][< 1 sec][denydc.com][PLAIN TEXT (DENYDC.COM)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0] + 6 UDP 10.1.12.2:1089 <-> 10.5.3.1:88 [proto: 111/Kerberos][ClearText][Confidence: DPI][cat: Network/14][1 pkts/1263 bytes <-> 1 pkts/1244 bytes][Goodput ratio: 97/97][< 1 sec][denydc.com][PLAIN TEXT (DENYDC.COM)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0] + 7 UDP 10.1.12.2:1096 <-> 10.5.3.1:88 [proto: 111/Kerberos][ClearText][Confidence: DPI][cat: Network/14][1 pkts/1263 bytes <-> 1 pkts/1244 bytes][Goodput ratio: 97/97][< 1 sec][denydc.com][PLAIN TEXT (DENYDC.COM)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0] + 8 UDP 10.1.12.2:1065 <-> 10.5.3.1:88 [proto: 111/Kerberos][ClearText][Confidence: DPI][cat: Network/14][1 pkts/1265 bytes <-> 1 pkts/1234 bytes][Goodput ratio: 97/97][< 1 sec][denydc.com][PLAIN TEXT (DENYDC.COM)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0] + 9 UDP 10.1.12.2:1061 <-> 10.5.3.1:88 [proto: 111/Kerberos][ClearText][Confidence: DPI][cat: Network/14][1 pkts/1253 bytes <-> 1 pkts/1231 bytes][Goodput ratio: 97/97][< 1 sec][denydc.com][PLAIN TEXT (DENYDC.COM)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0] + 10 UDP 10.1.12.2:1084 <-> 10.5.3.1:88 [proto: 111/Kerberos][ClearText][Confidence: DPI][cat: Network/14][1 pkts/1255 bytes <-> 1 pkts/1228 bytes][Goodput ratio: 97/97][< 1 sec][denydc.com][PLAIN TEXT (DENYDC.COM)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0] + 11 UDP 10.1.12.2:1068 <-> 10.5.3.1:88 [proto: 111/Kerberos][ClearText][Confidence: DPI][cat: Network/14][1 pkts/1251 bytes <-> 1 pkts/1229 bytes][Goodput ratio: 97/97][< 1 sec][denydc.com][PLAIN TEXT (DENYDC.COM)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0] + 12 UDP 10.1.12.2:1069 <-> 10.5.3.1:88 [proto: 111/Kerberos][ClearText][Confidence: DPI][cat: Network/14][1 pkts/1250 bytes <-> 1 pkts/1228 bytes][Goodput ratio: 97/97][< 1 sec][denydc.com][PLAIN TEXT (DENYDC.COM)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0] + 13 UDP 10.1.12.2:1090 <-> 10.5.3.1:88 [proto: 111/Kerberos][ClearText][Confidence: DPI][cat: Network/14][1 pkts/1253 bytes <-> 1 pkts/1224 bytes][Goodput ratio: 97/96][< 1 sec][denydc.com][PLAIN TEXT (DENYDC.COM)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0]