Intrusiondetection systemscyberinfom.ppt
SoundariyaSathish
15 views
176 slides
Aug 14, 2024
Slide 1 of 176
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
About This Presentation
cyber intrusion
Slide Content
1
Intrusion Detection
&
Network Forensics
Marcus J. Ranum
Intrusion Detection
&
Network Forensics
Marcus J. Ranum
2
An ounce of
prevention is worth a
pound of detection
An ounce of
prevention is worth a
pound of detection
3
Why Talk about IDS?
•Emerging new technology
–Very interesting
...but...
–About to be over-hyped
•Being informed is the best weapon in
the security analyst’s arsenal
–It also helps keep vendors honest!
Why Talk about IDS?
•Emerging new technology
–Very interesting
...but...
–About to be over-hyped
•Being informed is the best weapon in
the security analyst’s arsenal
–It also helps keep vendors honest!
4
What is an Intrusion?!
•Difficult to define
–Not everyone agrees
–This is a big problem
•How about someone telnetting your system?
–And trying to log in as “root”?
•What about a ping sweep?
•What about them running an ISS scan?
•What about them trying phf on your webserver?
–What about succeeding with phf and logging in?
What is an Intrusion?!
•Difficult to define
–Not everyone agrees
–This is a big problem
•How about someone telnetting your system?
–And trying to log in as “root”?
•What about a ping sweep?
•What about them running an ISS scan?
•What about them trying phf on your webserver?
–What about succeeding with phf and logging in?
5
What is IDS?
•The ideal Intrusion Detection System will
notify the system/network manager of a
successful attack in progress:
–With 100% accuracy
–Promptly (in under a minute)
–With complete diagnosis of the attack
–With recommendations on how to block it
…Too bad it doesn’t exist!!
What is IDS?
•The ideal Intrusion Detection System will
notify the system/network manager of a
successful attack in progress:
–With 100% accuracy
–Promptly (in under a minute)
–With complete diagnosis of the attack
–With recommendations on how to block it
…Too bad it doesn’t exist!!
6
Objectives: 100% Accuracy
and 0% False Positives
•A False Positive is when a system raises
an incorrect alert
–“The boy who cried ‘wolf!’” syndrome
•0% false positives is the goal
–It’s easy to achieve this: simply detect
nothing
•0% false negatives is another goal: don’t
let an attack pass undetected
Objectives: 100% Accuracy
and 0% False Positives
•A False Positive is when a system raises
an incorrect alert
–“The boy who cried ‘wolf!’” syndrome
•0% false positives is the goal
–It’s easy to achieve this: simply detect
nothing
•0% false negatives is another goal: don’t
let an attack pass undetected
7
Objectives: Prompt
Notification
•To be as accurate as possible the
system may need to “sit on” information
for a while until all the details come in
–e.g.: Slow-scan attacks may not be
detected for hours
–This has important implications for how
“real-time” IDS can be!
–IDS should notify user as to detection lag
Objectives: Prompt
Notification
•To be as accurate as possible the
system may need to “sit on” information
for a while until all the details come in
–e.g.: Slow-scan attacks may not be
detected for hours
–This has important implications for how
“real-time” IDS can be!
–IDS should notify user as to detection lag
8
Objectives: Prompt
Notification (cont)
•Notification channel must be protected
–What if attacker is able to sever/block
notification mechanism?
–An IDS that uses E-mail to notify you is
going to have problems notifying you that
your E-mail server is under a denial of
service attack!
Objectives: Prompt
Notification (cont)
•Notification channel must be protected
–What if attacker is able to sever/block
notification mechanism?
–An IDS that uses E-mail to notify you is
going to have problems notifying you that
your E-mail server is under a denial of
service attack!
9
Objectives: Diagnosis
•Ideally, an IDS will categorize/identify
the attack
–Few network managers have the time to
know intimately how many network attacks
are performed
•This is a difficult thing to do
–Especially with things that “look weird” and
don’t match well-known attacks
Objectives: Diagnosis
•Ideally, an IDS will categorize/identify
the attack
–Few network managers have the time to
know intimately how many network attacks
are performed
•This is a difficult thing to do
–Especially with things that “look weird” and
don’t match well-known attacks
10
Objectives: Recommendation
•The ultimate IDS would not only identify
an attack, it would:
–Assess the target’s vulnerability
–If the target is vulnerable it would notify the
administrator
–If the vulnerability has a known “fix” it
would include directions for applying the fix
•This requires huge, detailed knowledge
Objectives: Recommendation
•The ultimate IDS would not only identify
an attack, it would:
–Assess the target’s vulnerability
–If the target is vulnerable it would notify the
administrator
–If the vulnerability has a known “fix” it
would include directions for applying the fix
•This requires huge, detailed knowledge
11
IDS: Pros
•A reasonably effective IDS can identify
–Internal hacking
–External hacking attempts
•Allows the system administrator to
quantify the level of attack the site is
under
•May act as a backstop if a firewall or
other security measures fail
IDS: Pros
•A reasonably effective IDS can identify
–Internal hacking
–External hacking attempts
•Allows the system administrator to
quantify the level of attack the site is
under
•May act as a backstop if a firewall or
other security measures fail
12
IDS: Cons
•IDS’ don’t typically act to prevent or
block attacks
–They don’t replace firewalls, routers, etc.
•If the IDS detects trouble on your
interior network what are you going to
do?
–By definition it is already too late
IDS: Cons
•IDS’ don’t typically act to prevent or
block attacks
–They don’t replace firewalls, routers, etc.
•If the IDS detects trouble on your
interior network what are you going to
do?
–By definition it is already too late
13
Privacy: a Problem
•Some governments/states mandate
levels of privacy protection for
employees or students
–This may make it impossible to adequately
gather data for the IDS
–This may make it impossible to gather
forensic data for analysis or prosecution
Privacy: a Problem
•Some governments/states mandate
levels of privacy protection for
employees or students
–This may make it impossible to adequately
gather data for the IDS
–This may make it impossible to gather
forensic data for analysis or prosecution
14
Privacy: a Problem (cont)
•Is it prying if it’s done by a computer?
–What if a human never sees it?
–What if the information is never acted upon?
•At what point is privacy violated?
–Looking at packet headers?
–Looking at packet contents?
–Looking at /var/mail/user?
Privacy: a Problem (cont)
•Is it prying if it’s done by a computer?
–What if a human never sees it?
–What if the information is never acted upon?
•At what point is privacy violated?
–Looking at packet headers?
–Looking at packet contents?
–Looking at /var/mail/user?
15
Paradigms for Deploying IDS
•Attack Detection
•Intrusion Detection
Paradigms for Deploying IDS
•Attack Detection
•Intrusion Detection
16
Internal
Network
Internet
Router
w/some
screening
Firewall
DMZ
Network
WWW
Server
Desktop
Attack Detection
IDS detects (and counts) attacks against
the Web Server and firewall
IDS
Internal
Network
Internet
Router
w/some
screening
Firewall
DMZ
Network
WWW
Server
Desktop
Attack Detection
IDS detects (and counts) attacks against
the Web Server and firewall
IDS
17
Attack Detection
•Placing an IDS outside of the security
perimeter records attack level
–Presumably if the perimeter is well designed
the attacks should not affect it!
–Still useful information for management (“we
have been attacked 3,201 times this month…)
–Prediction: AD Will generate a lot of noise and
be ignored quickly
Attack Detection
•Placing an IDS outside of the security
perimeter records attack level
–Presumably if the perimeter is well designed
the attacks should not affect it!
–Still useful information for management (“we
have been attacked 3,201 times this month…)
–Prediction: AD Will generate a lot of noise and
be ignored quickly
18
Internal
Network
Internet
Router
w/some
screening
Firewall
DMZ
Network
WWW
Server
Desktop
Intrusion Detection
IDS detects hacking activity WITHIN
the protected network, incoming or outgoingIDS
Internal
Network
Internet
Router
w/some
screening
Firewall
DMZ
Network
WWW
Server
Desktop
Intrusion Detection
IDS detects hacking activity WITHIN
the protected network, incoming or outgoingIDS
19
Intrusion Detection
•Placing an IDS within the perimeter will
detect instances of clearly improper
behavior
–Hacks via backdoors
–Hacks from staff against other sites
–Hacks that got through the firewall
•When the IDS alarm goes off, it’s a red
alert
Intrusion Detection
•Placing an IDS within the perimeter will
detect instances of clearly improper
behavior
–Hacks via backdoors
–Hacks from staff against other sites
–Hacks that got through the firewall
•When the IDS alarm goes off, it’s a red
alert
20
Attack vs Intrusion Detection
•Ideally do both
•Realistically, do ID first then AD
–Or, deploy AD to justify security effort to
management, then deploy ID (more of a
political problem than a technical one)
•The real question here is one of staffing
costs to deal with alerts generated by
AD systems
Attack vs Intrusion Detection
•Ideally do both
•Realistically, do ID first then AD
–Or, deploy AD to justify security effort to
management, then deploy ID (more of a
political problem than a technical one)
•The real question here is one of staffing
costs to deal with alerts generated by
AD systems
21
Paradigms for Data
Correlation
•IDES
•Audit
•Inline
•Hybrid (a mix of both)
Paradigms for Data
Correlation
•IDES
•Audit
•Inline
•Hybrid (a mix of both)
22
IDES
•Dorothy Denning (1986) publishes “An
Intrusion Detection Model” which
defines much IDS thinking
–Defines components of an IDS in terms of:
•Subjects - initiators of activity
•Objects - targets of activity
•Profiles - characterization of how subjects
operate on objects (may be statistical models or
pattern matching)
IDES
•Dorothy Denning (1986) publishes “An
Intrusion Detection Model” which
defines much IDS thinking
–Defines components of an IDS in terms of:
•Subjects - initiators of activity
•Objects - targets of activity
•Profiles - characterization of how subjects
operate on objects (may be statistical models or
pattern matching)
23
IDES (cont)
•Audit Records - trace information about the
occurrence of events in time
•Anomaly Records - trace information about the
occurrence of unusual events in time, often
generated by the IDS or applications
•Alarms - information that the system brings to
the security administrator’s attention
–Systems evolved from IDES: DIDs, Stalker,
Emerald
IDES (cont)
•Audit Records - trace information about the
occurrence of events in time
•Anomaly Records - trace information about the
occurrence of unusual events in time, often
generated by the IDS or applications
•Alarms - information that the system brings to
the security administrator’s attention
–Systems evolved from IDES: DIDs, Stalker,
Emerald
24
Block Diagram: Generic IDS
Host
System
or
Network
Sniffer
Pre-Processing Statistical
analysis
Signature
matching
Knowledge
base
Long term
storage
Alert manager
GUI
Response
manager
Block Diagram: Generic IDS
Host
System
or
Network
Sniffer
Pre-Processing Statistical
analysis
Signature
matching
Knowledge
base
Long term
storage
Alert manager
GUI
Response
manager
25
Audit Based IDS
•Audit based IDS post-process audit trail
(and other) information
–Activity is first logged then post-processed
–Batch oriented approach allows for virtually
infinite correlation if enough data is present
Kernel
and
applications
Audit
Database reports
alerts
IDS
Correlation
Audit Based IDS
•Audit based IDS post-process audit trail
(and other) information
–Activity is first logged then post-processed
–Batch oriented approach allows for virtually
infinite correlation if enough data is present
Kernel
and
applications
Audit
Database reports
alerts
IDS
Correlation
26
Audit Data
•Determining what is a good audit probe
point (where to record something) is a
difficult problem
–Orange book includes 23 probe points within
UNIX kernel and applications
•open read/writeprocess fork
•creation of IPCcreate/remove file
•bad loginpassword change
•add/remove user/groupetc...
Audit Data
•Determining what is a good audit probe
point (where to record something) is a
difficult problem
–Orange book includes 23 probe points within
UNIX kernel and applications
•open read/writeprocess fork
•creation of IPCcreate/remove file
•bad loginpassword change
•add/remove user/groupetc...
27
Networked Auditable Events
•Users logging in at unusual hours*
•Unexplained reboots
•Unexplained time changes
•Unusual error messages
•Failed login attempts
•Users logging in from unfamiliar sites*
* (implies that per-user “history” is kept)
Networked Auditable Events
•Users logging in at unusual hours*
•Unexplained reboots
•Unexplained time changes
•Unusual error messages
•Failed login attempts
•Users logging in from unfamiliar sites*
* (implies that per-user “history” is kept)
28
CIDF
•ARPA sponsored effort to achieve
Common Intrusion Detection
Framework
–Architectural conventions for IDS modules
–Messaging specification for audit data and
its transmission
–Information on CIDF on the web:
http://www.seclab.ucdavis.edu/cidf/spec/cidf.txt
CIDF
•ARPA sponsored effort to achieve
Common Intrusion Detection
Framework
–Architectural conventions for IDS modules
–Messaging specification for audit data and
its transmission
–Information on CIDF on the web:
http://www.seclab.ucdavis.edu/cidf/spec/cidf.txt
29
CIDF (cont)
•Conceptual components are modules
–Event generators - collect or generate data
–Analysis engines - processing and
correlation
–Storage mechanisms - archival and short
term storage including of logs and audit
records
–Response components - outputs
CIDF (cont)
•Conceptual components are modules
–Event generators - collect or generate data
–Analysis engines - processing and
correlation
–Storage mechanisms - archival and short
term storage including of logs and audit
records
–Response components - outputs
30
CIDF (cont)
•Will CIDF work?
–Pro: It’s a generalization of most IDS; all
the pieces are there
–Con: Will IDS vendors see any value in an
interoperable, modular solution?
CIDF (cont)
•Will CIDF work?
–Pro: It’s a generalization of most IDS; all
the pieces are there
–Con: Will IDS vendors see any value in an
interoperable, modular solution?
31
Inline IDS
•Inline IDS process audit data as it is
generated
–Typically discard audit data that it does not
recognize as significant
–Amount of correlation tends to be limited
Kernel
and
applications Incident
database
reports
alerts
IDS
Correlation
Bit bucket
Inline IDS
•Inline IDS process audit data as it is
generated
–Typically discard audit data that it does not
recognize as significant
–Amount of correlation tends to be limited
Kernel
and
applications Incident
database
reports
alerts
IDS
Correlation
Bit bucket
32
Audit vs Inline
•Inline is faster but only provides a “local”
view unless a lot of data is forwarded in
realtime to a central location
•Audit is deeper but requires keeping lots
of data
•Hybrid systems exploit both: inline
detection of significant events to an audit
station
Audit vs Inline
•Inline is faster but only provides a “local”
view unless a lot of data is forwarded in
realtime to a central location
•Audit is deeper but requires keeping lots
of data
•Hybrid systems exploit both: inline
detection of significant events to an audit
station
33
IDS Data Source Paradigms
•Host Based
•Network Based
IDS Data Source Paradigms
•Host Based
•Network Based
34
Host Based IDS
•Collect data usually from within the
operating system
–C2 audit logs
–System logs
–Application logs
•Data collected in very compact form
–But application / system specific
Host Based IDS
•Collect data usually from within the
operating system
–C2 audit logs
–System logs
–Application logs
•Data collected in very compact form
–But application / system specific
35
Host Based: Pro
•Quality of information is very high
–Software can “tune” what information it
needs (e.g.: C2 logs are configurable)
–Kernel logs “know” who user is
•Density of information is very high
–Often logs contain pre-processed
information (e.g.: “badsu” in syslog)
Host Based: Pro
•Quality of information is very high
–Software can “tune” what information it
needs (e.g.: C2 logs are configurable)
–Kernel logs “know” who user is
•Density of information is very high
–Often logs contain pre-processed
information (e.g.: “badsu” in syslog)
36
Host Based: Con
•Capture is often highly system specific
–Usually only 1, 2 or 3 platforms are
supported (“you can detect intrusions on any
platform you like as long as it’s Solaris or
NT!”)
•Performance is a wild-card
–To unload computation from host logs are
usually sent to an external processor system
Host Based: Con
•Capture is often highly system specific
–Usually only 1, 2 or 3 platforms are
supported (“you can detect intrusions on any
platform you like as long as it’s Solaris or
NT!”)
•Performance is a wild-card
–To unload computation from host logs are
usually sent to an external processor system
37
Host Based: Con (cont)
•Hosts are often the target of attack
–If they are compromised their logs may be
subverted
–Data sent to the IDS may be corrupted
–If the IDS runs on the host itself it may be
subverted
Host Based: Con (cont)
•Hosts are often the target of attack
–If they are compromised their logs may be
subverted
–Data sent to the IDS may be corrupted
–If the IDS runs on the host itself it may be
subverted
38
Network Based IDS
•Collect data from the network or a hub /
switch
–Reassemble packets
–Look at headers
•Try to determine what is happening
from the contents of the network traffic
–User identities, etc inferred from actions
Network Based IDS
•Collect data from the network or a hub /
switch
–Reassemble packets
–Look at headers
•Try to determine what is happening
from the contents of the network traffic
–User identities, etc inferred from actions
39
Network Based: Pro
•No performance impact
•More tamper resistant
•No management impact on platforms
•Works across O/S’
•Can derive information that host based
logs might not provide (packet
fragmenting, port scanning, etc.)
Network Based: Pro
•No performance impact
•More tamper resistant
•No management impact on platforms
•Works across O/S’
•Can derive information that host based
logs might not provide (packet
fragmenting, port scanning, etc.)
40
Network Based: Con
•May lose packets on flooded networks
•May mis-reassemble packets
•May not understand O/S specific
application protocols (e.g.: SMB)
•May not understand obsolete network
protocols (e.g.: anything non-IP)
•Does not handle encrypted data
Network Based: Con
•May lose packets on flooded networks
•May mis-reassemble packets
•May not understand O/S specific
application protocols (e.g.: SMB)
•May not understand obsolete network
protocols (e.g.: anything non-IP)
•Does not handle encrypted data
41
IDS Paradigms
•Anomaly Detection - the AI approach
•Misuse Detection - simple and easy
•Burglar Alarms - policy based detection
•Honey Pots - lure the hackers in
•Hybrids - a bit of this and that
IDS Paradigms
•Anomaly Detection - the AI approach
•Misuse Detection - simple and easy
•Burglar Alarms - policy based detection
•Honey Pots - lure the hackers in
•Hybrids - a bit of this and that
42
Anomaly Detection
•Goals:
–Analyse the network or system and infer what
is normal
–Apply statistical or heuristic measures to
subsequent events and determine if they
match the model/statistic of “normal”
–If events are outside of a probability window
of “normal” generate an alert (tuneable
control of false positives)
Anomaly Detection
•Goals:
–Analyse the network or system and infer what
is normal
–Apply statistical or heuristic measures to
subsequent events and determine if they
match the model/statistic of “normal”
–If events are outside of a probability window
of “normal” generate an alert (tuneable
control of false positives)
43
Anomaly Detection (cont)
•Typical anomaly detection approaches:
–Neural networks - probability-based pattern
recognition
–Statistical analysis - modelling behavior of
users and looking for deviations from the
norm
–State change analysis - modelling system’s
state and looking for deviations from the
norm
Anomaly Detection (cont)
•Typical anomaly detection approaches:
–Neural networks - probability-based pattern
recognition
–Statistical analysis - modelling behavior of
users and looking for deviations from the
norm
–State change analysis - modelling system’s
state and looking for deviations from the
norm
44
Anomaly Detection: Pro
•If it works it could conceivably catch any
possible attack
•If it works it could conceivably catch
attacks that we haven’t seen before
–Or close variants to previously-known
attacks
•Best of all it won’t require constantly
keeping up on hacking technique
Anomaly Detection: Pro
•If it works it could conceivably catch any
possible attack
•If it works it could conceivably catch
attacks that we haven’t seen before
–Or close variants to previously-known
attacks
•Best of all it won’t require constantly
keeping up on hacking technique
45
Anomaly Detection: Con
•Current implementations don’t work very
well
–Too many false positives/negatives
•Cannot categorize attacks very well
–“Something looks abnormal”
–Requires expertise to figure out what
triggered the alert
–Ex: Neural nets can’t say why they trigger
Anomaly Detection: Con
•Current implementations don’t work very
well
–Too many false positives/negatives
•Cannot categorize attacks very well
–“Something looks abnormal”
–Requires expertise to figure out what
triggered the alert
–Ex: Neural nets can’t say why they trigger
46
Anomaly Detection: Examples
•Most of the research is in anomaly
detection
–Because it’s a harder problem
–Because it’s a more interesting problem
•There are many examples, these are
just a few
–Most are at the proof of concept stage
Anomaly Detection: Examples
•Most of the research is in anomaly
detection
–Because it’s a harder problem
–Because it’s a more interesting problem
•There are many examples, these are
just a few
–Most are at the proof of concept stage
47
Anomaly Detection (cont)
•IDES/NIDES
–Real-time IDS using statistical anomaly
detection combined with rule-based misuse
detection
–Relies on system’s audit records for input
–Rulebase is limited
ftp://ftp.csl.sri.com/pub/nides/index1.html
Anomaly Detection (cont)
•IDES/NIDES
–Real-time IDS using statistical anomaly
detection combined with rule-based misuse
detection
–Relies on system’s audit records for input
–Rulebase is limited
ftp://ftp.csl.sri.com/pub/nides/index1.html
48
Anomaly Detection (cont)
•GrIDS
–Graph-based intrusion detection system
–Models network activity based on analysis
of graph matching
–Includes a policy language for translating
organizational policies into analysis
rulesets
http://seclab.cs.ucdavis.edu
Anomaly Detection (cont)
•GrIDS
–Graph-based intrusion detection system
–Models network activity based on analysis
of graph matching
–Includes a policy language for translating
organizational policies into analysis
rulesets
http://seclab.cs.ucdavis.edu
49
Anomaly Detection (cont)
•Emerald
–Multiple layered model IDS
•Service specific analysis - service monitors
deployed within network gather tailorable
information
•Domain-wide analysis - correlation of service
analysis
•Enterprise-wide analysis - correlation of events
across domains
Anomaly Detection (cont)
•Emerald
–Multiple layered model IDS
•Service specific analysis - service monitors
deployed within network gather tailorable
information
•Domain-wide analysis - correlation of service
analysis
•Enterprise-wide analysis - correlation of events
across domains
50
Emerald (cont)
•Information propagated upward gets
sparser but is more dense
–Data is abstracted into a common format
from packet traces, application logs, and
kernel logs
–Profiler engine - looks for statistical
anomalies
–Signature engine - looks for attack signatures
Emerald (cont)
•Information propagated upward gets
sparser but is more dense
–Data is abstracted into a common format
from packet traces, application logs, and
kernel logs
–Profiler engine - looks for statistical
anomalies
–Signature engine - looks for attack signatures
51
Misuse Detection
•Goals:
–Know what constitutes an attack
–Detect it
Misuse Detection
•Goals:
–Know what constitutes an attack
–Detect it
52
Misuse Detection (cont)
•Typical misuse detection approaches:
–“Network grep” - look for strings in network
connections which might indicate an attack
in progress
–Pattern matching - encode series of states
that are passed through during the course
of an attack
•e.g.: “change ownership of /etc/passwd” ->
“open /etc/passwd for write” -> alert
Misuse Detection (cont)
•Typical misuse detection approaches:
–“Network grep” - look for strings in network
connections which might indicate an attack
in progress
–Pattern matching - encode series of states
that are passed through during the course
of an attack
•e.g.: “change ownership of /etc/passwd” ->
“open /etc/passwd for write” -> alert
53
Misuse Detection: Pro
•Easy to implement
•Easy to deploy
•Easy to update
•Easy to understand
•Low false positives
•Fast
Misuse Detection: Pro
•Easy to implement
•Easy to deploy
•Easy to update
•Easy to understand
•Low false positives
•Fast
54
Misuse Detection: Con
•Cannot detect something previously
unknown
•Constantly needs to be updated with
new rules
•Easier to fool
Misuse Detection: Con
•Cannot detect something previously
unknown
•Constantly needs to be updated with
new rules
•Easier to fool
55
Misuse Detection (cont)
•A number of commercial misuse
detection products are on the market
–ISS RealSecure
–Cisco NetRanger
–NAI CyberCop
–NFR Network Flight Recorder
•Deployment model is to feed rulesets to
customer as subscription service
Misuse Detection (cont)
•A number of commercial misuse
detection products are on the market
–ISS RealSecure
–Cisco NetRanger
–NAI CyberCop
–NFR Network Flight Recorder
•Deployment model is to feed rulesets to
customer as subscription service
56
Misuse Detection (cont)
•Things misuse detection looks for:*
–IP Frag attackPing flooding
–Source routingPing of death
–ISS Scan checkSATAN scan check
–Rwhod check Rlogin decode
–Rlogin -frootTFTP get passwd check
–IMAP buffer smash
–SMTP WIZ check … etc.
* (From ISS RealSecure)
Misuse Detection (cont)
•Things misuse detection looks for:*
–IP Frag attackPing flooding
–Source routingPing of death
–ISS Scan checkSATAN scan check
–Rwhod check Rlogin decode
–Rlogin -frootTFTP get passwd check
–IMAP buffer smash
–SMTP WIZ check … etc.
* (From ISS RealSecure)
57
Misuse Detection (cont)
•Misuse detection systems are similar to
virus scanning systems:
–Both rely on meta-rules of vulnerabilities
–Both need frequent rules updates
–Both are easily fooled by slight mutations
in virus/attack signature
–Both are fairly low in generating false
positives
Misuse Detection (cont)
•Misuse detection systems are similar to
virus scanning systems:
–Both rely on meta-rules of vulnerabilities
–Both need frequent rules updates
–Both are easily fooled by slight mutations
in virus/attack signature
–Both are fairly low in generating false
positives
58
Burglar Alarms
•A burglar alarm is a misuse detection
system that is carefully targeted
–You may not care about people port-
scanning your firewall from the outside
–You may care profoundly about people port-
scanning your mainframe from the inside
–Set up a misuse detector to watch for
misuses violating site policy
Burglar Alarms
•A burglar alarm is a misuse detection
system that is carefully targeted
–You may not care about people port-
scanning your firewall from the outside
–You may care profoundly about people port-
scanning your mainframe from the inside
–Set up a misuse detector to watch for
misuses violating site policy
59
Burglar Alarms (cont)
•Goals:
–Based on site policy alert administrator to
policy violations
–Detect events that may not be “security”
events which may indicate a policy violation
•New routers
•New subnets
•New web servers
Burglar Alarms (cont)
•Goals:
–Based on site policy alert administrator to
policy violations
–Detect events that may not be “security”
events which may indicate a policy violation
•New routers
•New subnets
•New web servers
60
Burglar Alarms (cont)
•Trivial burglar alarms can be built with
tcpdump and perl
•Netlog and NFR are useful event
recorders which may be used to trigger
alarms
http://www.nswc.navy.mil/ISSEC/Docs/loggingproject.html
ftp://coast.cs.purdue.edu/pub/tools/unix/netlog/
http://www.nfr.net/download
Burglar Alarms (cont)
•Trivial burglar alarms can be built with
tcpdump and perl
•Netlog and NFR are useful event
recorders which may be used to trigger
alarms
http://www.nswc.navy.mil/ISSEC/Docs/loggingproject.html
ftp://coast.cs.purdue.edu/pub/tools/unix/netlog/
http://www.nfr.net/download
61
Burglar Alarms (cont)
•The ideal burglar alarm will be situated
so that it fires when an attacker
performs an action that they normally
would try once they have successfully
broken in
–Adding a userid
–Zapping a log file
–Making a program setuid root
Burglar Alarms (cont)
•The ideal burglar alarm will be situated
so that it fires when an attacker
performs an action that they normally
would try once they have successfully
broken in
–Adding a userid
–Zapping a log file
–Making a program setuid root
62
Burglar Alarms (cont)
•Burglar alarms are a big win for the
network manager:
–Leverage local knowledge of the local
network layout
–Leverage knowledge of commonly used
hacker tricks
Burglar Alarms (cont)
•Burglar alarms are a big win for the
network manager:
–Leverage local knowledge of the local
network layout
–Leverage knowledge of commonly used
hacker tricks
63
Burglar Alarms: Pro
•Reliable
•Predictable
•Easy to implement
•Easy to understand
•Generate next to no false positives
•Can (sometimes) detect previously
unknown attacks
Burglar Alarms: Pro
•Reliable
•Predictable
•Easy to implement
•Easy to understand
•Generate next to no false positives
•Can (sometimes) detect previously
unknown attacks
64
Burglar Alarms: Con
•Policy-directed
–Requires knowledge about your network
–Requires a certain amount of stability
within your network
•Requires care not to trigger them
yourself
Burglar Alarms: Con
•Policy-directed
–Requires knowledge about your network
–Requires a certain amount of stability
within your network
•Requires care not to trigger them
yourself
65
Honey Pots
•A honey pot is a system that is
deliberately named and configured so
as to invite attack
–swift-terminal.bigbank.com
–www-transact.site.com
–source-r-us.company.com
–admincenter.noc.company.net
Honey Pots
•A honey pot is a system that is
deliberately named and configured so
as to invite attack
–swift-terminal.bigbank.com
–www-transact.site.com
–source-r-us.company.com
–admincenter.noc.company.net
66
Honey Pots (cont)
•Goals:
–Make it look inviting
–Make it look weak and easy to crack
–Instrument every piece of the system
–Monitor all traffic going in or out
–Alert administrator whenever someone
accesses the system
Honey Pots (cont)
•Goals:
–Make it look inviting
–Make it look weak and easy to crack
–Instrument every piece of the system
–Monitor all traffic going in or out
–Alert administrator whenever someone
accesses the system
67
Honey Pots (cont)
•Trivial honey pots can be built using tools
like:
–tcpwrapper
–Burglar alarm tools (see “burglar alarms”)
–restricted/logging shells (sudo, adminshell)
–C2 security features (ugh!)
•See Cheswick’s paper “An evening with
Berferd” for examples
Honey Pots (cont)
•Trivial honey pots can be built using tools
like:
–tcpwrapper
–Burglar alarm tools (see “burglar alarms”)
–restricted/logging shells (sudo, adminshell)
–C2 security features (ugh!)
•See Cheswick’s paper “An evening with
Berferd” for examples
68
Honey Pots: Pro
•Easy to implement
•Easy to understand
•Reliable
•No performance cost
Honey Pots: Pro
•Easy to implement
•Easy to understand
•Reliable
•No performance cost
69
Honey Pots: Con
•Assumes hackers are really stupid
–They aren’t
Honey Pots: Con
•Assumes hackers are really stupid
–They aren’t
70
Hybrid IDS
•The current crop of commercial IDS are
mostly hybrids
–Misuse detection (signatures or simple
patterns)
–Expert logic (network-based inference of
common attacks)
–Statistical anomaly detection (values that
are out of bounds)
Hybrid IDS
•The current crop of commercial IDS are
mostly hybrids
–Misuse detection (signatures or simple
patterns)
–Expert logic (network-based inference of
common attacks)
–Statistical anomaly detection (values that
are out of bounds)
71
Hybrid IDS (cont)
•At present, the hybrids’ main strength
appears to be the misuse detection
capability
–Statistical anomaly detection is useful more
as backfill information in the case of
something going wrong
–Too many false positives - many sites turn
anomaly detection off
Hybrid IDS (cont)
•At present, the hybrids’ main strength
appears to be the misuse detection
capability
–Statistical anomaly detection is useful more
as backfill information in the case of
something going wrong
–Too many false positives - many sites turn
anomaly detection off
72
Hybrid IDS (cont)
•The ultimate hybrid IDS would
incorporate logic from vulnerability
scanners*
–Build maps of existing vulnerabilities into
its logic of where to watch for attacks
•Backfeed statistical information into
misuse detection via a user interface
* Presumably, a clueful network
admin would just fix the vulnerabilty
Hybrid IDS (cont)
•The ultimate hybrid IDS would
incorporate logic from vulnerability
scanners*
–Build maps of existing vulnerabilities into
its logic of where to watch for attacks
•Backfeed statistical information into
misuse detection via a user interface
* Presumably, a clueful network
admin would just fix the vulnerabilty
73
Fooling IDS
•The quality of information available to an
IDS is directly proportional to how closely it
is collected to its origin
–Log messages from an application are most
valuable
–Log messages from kernel logs may allow IDS
to infer application states
–Network traffic from sniffer may allow inferring
O/S or application state
Fooling IDS
•The quality of information available to an
IDS is directly proportional to how closely it
is collected to its origin
–Log messages from an application are most
valuable
–Log messages from kernel logs may allow IDS
to infer application states
–Network traffic from sniffer may allow inferring
O/S or application state
74
Fooling IDS (cont)
•The more closely the data has to be
gathered the harder it is to collect
–Application logs require modified software
–Kernel logs require kernel specific
configuration (may also cause performance
problems)
–Network-oriented data collection is non-
intrusive and invisible
Fooling IDS (cont)
•The more closely the data has to be
gathered the harder it is to collect
–Application logs require modified software
–Kernel logs require kernel specific
configuration (may also cause performance
problems)
–Network-oriented data collection is non-
intrusive and invisible
75
Fooling IDS (cont)
•The farther away the IDS is from the
source of the data the more vulnerable it is
to spoofing
–Network-oriented IDS will have trouble making
sense of:
$ stty erase R
$ rxRoxRoxRotkit
$ stty erase ^?
–A logging shell would not be fooled
Fooling IDS (cont)
•The farther away the IDS is from the
source of the data the more vulnerable it is
to spoofing
–Network-oriented IDS will have trouble making
sense of:
$ stty erase R
$ rxRoxRoxRotkit
$ stty erase ^?
–A logging shell would not be fooled
76
Fooling IDS (cont)
•Flooding networks with data may also
be used to mask an attack against an
IDS
–Of course, this is a dead giveaway!
–Few systems are capable of doing packet
capture at speeds greater than 20Mb/s
•If all else fails, the attacker can try to
crash the IDS itself (another dead giveaway!)
Fooling IDS (cont)
•Flooding networks with data may also
be used to mask an attack against an
IDS
–Of course, this is a dead giveaway!
–Few systems are capable of doing packet
capture at speeds greater than 20Mb/s
•If all else fails, the attacker can try to
crash the IDS itself (another dead giveaway!)
77
Fooling IDS (cont)
•Not all network based IDS do full TCP
reassembly; they are vulnerable to
attempts to manipulate TCP stream
–Such attempts should be detected as
unusual/noteworthy events in their own
right
–(Usually networks do not fragment large
packets into 40-byte fragements, etc)
Fooling IDS (cont)
•Not all network based IDS do full TCP
reassembly; they are vulnerable to
attempts to manipulate TCP stream
–Such attempts should be detected as
unusual/noteworthy events in their own
right
–(Usually networks do not fragment large
packets into 40-byte fragements, etc)
78
Fooling IDS (cont)
•Summary: The IDS designer must
establish a judicious balance between:
–Recording too much and being too
obtrusive and slow
versus
–Quickly gathering secondhand data and
possibly being fooled or missing something
Fooling IDS (cont)
•Summary: The IDS designer must
establish a judicious balance between:
–Recording too much and being too
obtrusive and slow
versus
–Quickly gathering secondhand data and
possibly being fooled or missing something
79
IDS and the WWW
•IDS are a logical candidate for
protecting web sites
–Unfortunately, they are not very good
against SSL-encrypted streams
–Use host-based IDS for web servers
–Use network-based IDS to profile scans
and sweeps against web servers
IDS and the WWW
•IDS are a logical candidate for
protecting web sites
–Unfortunately, they are not very good
against SSL-encrypted streams
–Use host-based IDS for web servers
–Use network-based IDS to profile scans
and sweeps against web servers
80
IDS and the WWW (cont)
•For critical / paranoid web sites
consider:
–Build burglar alarms using host security on
the server itself
–Install O/S security (e.g.: SeOS, or C2 with
alerts) to notify administrator of httpd
attempting anything other than running cgi-
bin and opening files in http area
IDS and the WWW (cont)
•For critical / paranoid web sites
consider:
–Build burglar alarms using host security on
the server itself
–Install O/S security (e.g.: SeOS, or C2 with
alerts) to notify administrator of httpd
attempting anything other than running cgi-
bin and opening files in http area
81
Simple Burglar Alarm
Internal
Network
Internet
Router
w/some
screening
Firewall
DMZ
Network
WWW
Server
Desktop
HTTP and SSL
permitted
Nothing else
permitted
In-kernel screening
on WWW server with
inverse of router rules
Simple Burglar Alarm
Internal
Network
Internet
Router
w/some
screening
Firewall
DMZ
Network
WWW
Server
Desktop
HTTP and SSL
permitted
Nothing else
permitted
In-kernel screening
on WWW server with
inverse of router rules
82
Simple Burglar Alarm (cont)
•In-kernel screening can be used to
generate alerts easily
•Example is based on ip_filt screening
language
–Ip_filt can log packet bodies or events
–Logs can be post-processed/watched with a
simple perl script
–Remember: this should never happen
Simple Burglar Alarm (cont)
•In-kernel screening can be used to
generate alerts easily
•Example is based on ip_filt screening
language
–Ip_filt can log packet bodies or events
–Logs can be post-processed/watched with a
simple perl script
–Remember: this should never happen
83
Simple Burglar Alarm (cont)
# sample: block all packets by default
block all
# drop “localhost” packets coming in from network
block in on le0 log body from localhost to any
# drop “inside” packets coming in from “outside”
block in on le1 log body from mynet to any
# drop source routed packets
block in quick log body all with opt lsrr
block in quick log body all with opt ssrr
Simple Burglar Alarm (cont)
# sample: block all packets by default
block all
# drop “localhost” packets coming in from network
block in on le0 log body from localhost to any
# drop “inside” packets coming in from “outside”
block in on le1 log body from mynet to any
# drop source routed packets
block in quick log body all with opt lsrr
block in quick log body all with opt ssrr
84
Internal
Network
Internet
Router
w/some
screening
Firewall
DMZ
Network
WWW
Server
Desktop
HTTP and SSL
permitted
Nothing else
permitted
Sniffer
Sniffer looks
for inverse
of router rules
Simple Burglar Alarm: 2
Internal
Network
Internet
Router
w/some
screening
Firewall
DMZ
Network
WWW
Server
Desktop
HTTP and SSL
permitted
Nothing else
permitted
Sniffer
Sniffer looks
for inverse
of router rules
Simple Burglar Alarm: 2
85
IDS and firewalls
•Firewalls and IDS will eventually be
combined into a single capability
–Many firewalls can trigger alerts when
traffic to “bad destination” is seen
–Use this capability to build burglar alarms
IDS and firewalls
•Firewalls and IDS will eventually be
combined into a single capability
–Many firewalls can trigger alerts when
traffic to “bad destination” is seen
–Use this capability to build burglar alarms
86
Internal
Network
Internet
Router
w/some
screening
Firewall
DMZ
Network
WWW
Server
Desktop
Firewall trips an
alert: why would the
web server try to
telnet in!?!?!
IDS Firewall Alarm
Hacked
Web
Server
Internal
Network
Internet
Router
w/some
screening
Firewall
DMZ
Network
WWW
Server
Desktop
Firewall trips an
alert: why would the
web server try to
telnet in!?!?!
IDS Firewall Alarm
Hacked
Web
Server
87
IDS and VPNs
•VPN (Virtual Private Networks) encrypt
traffic
–Network-oriented IDS’ cannot (presumably!)
monitor/analyze it correctly
•Actually: no - when a VPN fails to sync because
the attacker has an invalid key, the IDS can pull
the sync failure from the stream
–Many VPN packages provide good logging
•A sync failure may mean an attack attempt
IDS and VPNs
•VPN (Virtual Private Networks) encrypt
traffic
–Network-oriented IDS’ cannot (presumably!)
monitor/analyze it correctly
•Actually: no - when a VPN fails to sync because
the attacker has an invalid key, the IDS can pull
the sync failure from the stream
–Many VPN packages provide good logging
•A sync failure may mean an attack attempt
88
IDS and switches
•Networks are increasingly moving toward
switched architectures
–It is difficult for a network-oriented IDS to tap
all traffic moving through a switch
•Swamp the IDS
•Swamp the switch
–Solutions are not yet forthcoming
•Best approach to date is to plug a hub in front of
critical systems to be watched
IDS and switches
•Networks are increasingly moving toward
switched architectures
–It is difficult for a network-oriented IDS to tap
all traffic moving through a switch
•Swamp the IDS
•Swamp the switch
–Solutions are not yet forthcoming
•Best approach to date is to plug a hub in front of
critical systems to be watched
89
IDS: Performance
•Network-based IDS (current tests) don’t
fare well in high speed networks
–Many silently drop packets at over 30mb/s
–Tcpdump on many systems does too(!)
–Only way to tell is hardware packet counts
versus what IDS claims to see
•Be careful to check performance of any
IDS you plan to install
IDS: Performance
•Network-based IDS (current tests) don’t
fare well in high speed networks
–Many silently drop packets at over 30mb/s
–Tcpdump on many systems does too(!)
–Only way to tell is hardware packet counts
versus what IDS claims to see
•Be careful to check performance of any
IDS you plan to install
90
Recording: What to keep
•Everything
Recording: What to keep
•Everything
91
Recording: What to throw
away
•Things that you know aren’t interesting
–Consider keeping counts of the number of
uninteresting events occur
–Event frequency of uninteresting events
may be interesting!
–See Appendix (“artificial ignorance”)
•Build a stop list and forward all remaining
output to a human intelligence
Recording: What to throw
away
•Things that you know aren’t interesting
–Consider keeping counts of the number of
uninteresting events occur
–Event frequency of uninteresting events
may be interesting!
–See Appendix (“artificial ignorance”)
•Build a stop list and forward all remaining
output to a human intelligence
92
Building IDS’
•Things you need:
–Sources of data
•Network listeners
•Host software (syslog, C2, application data)
–Data analysis routines
•Artificial ignorance
•Counting/thresholding software
–Long-term storage
Building IDS’
•Things you need:
–Sources of data
•Network listeners
•Host software (syslog, C2, application data)
–Data analysis routines
•Artificial ignorance
•Counting/thresholding software
–Long-term storage
93
Building: Hacker Logic
•To build misuse detection systems you
need a large database of misuse
information
–Vendors now are producing same and
recognizing it as valuable intellectual
property
–Some public information is available
http://seclab.cs.ucdavis.edu
http://www.cert.org
Building: Hacker Logic
•To build misuse detection systems you
need a large database of misuse
information
–Vendors now are producing same and
recognizing it as valuable intellectual
property
–Some public information is available
http://seclab.cs.ucdavis.edu
http://www.cert.org
94
Building: Statistics
•Excel is your friend
–(Also: gnuplot and sc)
Building: Statistics
•Excel is your friend
–(Also: gnuplot and sc)
95
Building: Log watchers
•Logcheck
–By Craig Rowland
http://www.psionic.com/logcheck.html
•Monitors syslog files and applies search
lists of violations to look for as well as
strings to ignore
•Includes a pretty good set of log filters
as a baseline
Building: Log watchers
•Logcheck
–By Craig Rowland
http://www.psionic.com/logcheck.html
•Monitors syslog files and applies search
lists of violations to look for as well as
strings to ignore
•Includes a pretty good set of log filters
as a baseline
96
Building: Artificial Ignorance
•Log processing technique of
determining step-wise what to ignore
•Everything not uninteresting must be
interesting
–Set up log scanning filters to delete
uninteresting records
–Bring everything else to the system
admin’s attention
Building: Artificial Ignorance
•Log processing technique of
determining step-wise what to ignore
•Everything not uninteresting must be
interesting
–Set up log scanning filters to delete
uninteresting records
–Bring everything else to the system
admin’s attention
97
Building: Artificial Ignorance (cont)
•Use grep -v -f to filter log
messages against a pattern list of
uninteresting stuff
•Iteratively build the list using several
weeks/months’ logs
•Tune as necessary
Building: Artificial Ignorance (cont)
•Use grep -v -f to filter log
messages against a pattern list of
uninteresting stuff
•Iteratively build the list using several
weeks/months’ logs
•Tune as necessary
98
Building: Burglar alarms
•Burglar alarms are best built using:
–Sniffers
–In-kernel packet screens (ip_filt, ipfilter)
–Application packet sniffers (tcpdump)
–Application logs (tcpwrapper, VPN server
logs, kernel logs, syslogs)
Building: Burglar alarms
•Burglar alarms are best built using:
–Sniffers
–In-kernel packet screens (ip_filt, ipfilter)
–Application packet sniffers (tcpdump)
–Application logs (tcpwrapper, VPN server
logs, kernel logs, syslogs)
99
Building a Scan Alarm
•Example:
–Suppose we have router screening in place
using “established” keyword
–Then we should not get connects on
certain ports through the firewall router
–Set up tcp_wrapper on various port ranges
•Log occurrence of connections
•When threshold goes up trigger an alarm
Building a Scan Alarm
•Example:
–Suppose we have router screening in place
using “established” keyword
–Then we should not get connects on
certain ports through the firewall router
–Set up tcp_wrapper on various port ranges
•Log occurrence of connections
•When threshold goes up trigger an alarm
100
Internet
Router
w/some
screening
Firewall
DMZ
Network
WWW
Server
Desktop
Internal system
with tcp_wrapper
notes unserviced
connections
A Scan Alarm
External
scans run against
network
?!?!!?
port 1981
port 1982
port 1983
Internet
Router
w/some
screening
Firewall
DMZ
Network
WWW
Server
Desktop
Internal system
with tcp_wrapper
notes unserviced
connections
A Scan Alarm
External
scans run against
network
?!?!!?
port 1981
port 1982
port 1983
101
Building a Scan Alarm (cont)
•Tcp_wrapper /etc/hosts.deny:
bugport9: ALL: (/etc/safe_finger @%h|\
/usr/ucb/mail -s %d-%h root) &
bugport10: ALL: (/etc/safe_finger @%h|\
/usr/ucb/mail -s %d-%h root) &
Building a Scan Alarm (cont)
•Tcp_wrapper /etc/hosts.deny:
bugport9: ALL: (/etc/safe_finger @%h|\
/usr/ucb/mail -s %d-%h root) &
bugport10: ALL: (/etc/safe_finger @%h|\
/usr/ucb/mail -s %d-%h root) &
102
Building a Scan Alarm (cont)
•/etc/services:
#this line names a service by port
#to watch these ports with tcp_wrapper
bugport9 9/tcp
bugport10 10/tcp
Building a Scan Alarm (cont)
•/etc/services:
#this line names a service by port
#to watch these ports with tcp_wrapper
bugport9 9/tcp
bugport10 10/tcp
103
Detecting Land Attacks
•Land is a denial of service attack in
which the source/destination are equal
–Causes a machine to jabber at itself
•Detect with router rules to block traffic
into a network that comes from that
network
access-list 101 deny ip 10.10.10.0
255.255.255.255 any log
Detecting Land Attacks
•Land is a denial of service attack in
which the source/destination are equal
–Causes a machine to jabber at itself
•Detect with router rules to block traffic
into a network that comes from that
network
access-list 101 deny ip 10.10.10.0
255.255.255.255 any log
104
Advanced Alarms
•These are for people with too much free
time on their hands :)
Advanced Alarms
•These are for people with too much free
time on their hands :)
105
Chroot-a-nono
•A process that is already chrooted
probably should not chroot again
–If kernel source is available this is easy to
do (vfs_syscalls.c)
–Check within chroot system call for root
inode != real root and log alarm
/* new! */
if (fdp->fd_rdir != NULL)
log(LOG_ERR,"WARNING! chroot when already chrooted!");
Chroot-a-nono
•A process that is already chrooted
probably should not chroot again
–If kernel source is available this is easy to
do (vfs_syscalls.c)
–Check within chroot system call for root
inode != real root and log alarm
/* new! */
if (fdp->fd_rdir != NULL)
log(LOG_ERR,"WARNING! chroot when already chrooted!");
106
ls-o-matic
•Train yourself not to run “ls” as root
•Replace “ls” with a program that mails
you or shuts the system down if it is
ever run as root
•Use “echo *” instead of “ls”
... This trick takes a lot of discipline!
ls-o-matic
•Train yourself not to run “ls” as root
•Replace “ls” with a program that mails
you or shuts the system down if it is
ever run as root
•Use “echo *” instead of “ls”
... This trick takes a lot of discipline!
107
Shared-Library boobytrap
•Systems with shared libraries are a
great place to add alarms
•Generate a custom version of the
exec() library family that logs every
command execution that isn’t one of a
small expected set
–Good for firewalls or web servers!
Shared-Library boobytrap
•Systems with shared libraries are a
great place to add alarms
•Generate a custom version of the
exec() library family that logs every
command execution that isn’t one of a
small expected set
–Good for firewalls or web servers!
108
Nit-pick
•Many times when a break-in occurs
hackers will set up a sniffer
•If NIT device is not configured they often
add it
•Replace NIT device with something that
triggers a warning instead
–/dev/nit driver can be replaced with a driver
that halts the system
Nit-pick
•Many times when a break-in occurs
hackers will set up a sniffer
•If NIT device is not configured they often
add it
•Replace NIT device with something that
triggers a warning instead
–/dev/nit driver can be replaced with a driver
that halts the system
109
File-change-o
•Very simple cron job can be made to
–Copy critical files to a hidden directory
•/etc/passwd, /etc/group, /etc/inetd.conf
•find / -user root -print
–Diff the files against what’s currently
installed on the system
•Bring differences to the administrators’
attention
File-change-o
•Very simple cron job can be made to
–Copy critical files to a hidden directory
•/etc/passwd, /etc/group, /etc/inetd.conf
•find / -user root -print
–Diff the files against what’s currently
installed on the system
•Bring differences to the administrators’
attention
110
File shrinkener
•Write a program to check if the inode
number of /var/log/messages has
changed at the same time the file has
shrunk
–Use ls -i, and ls -l in a shell script
–Use stat in C code
File shrinkener
•Write a program to check if the inode
number of /var/log/messages has
changed at the same time the file has
shrunk
–Use ls -i, and ls -l in a shell script
–Use stat in C code
111
Terrify Suzy*
•May make people think twice about
what kind of monitoring is going on in
the system
# cat > main.c
main()
{
while(1) sleep(30);
} ^D
# cc -o watchdog main.c
# nohup watchdog&
* based on an old story from Boyd Roberts
Terrify Suzy*
•May make people think twice about
what kind of monitoring is going on in
the system
# cat > main.c
main()
{
while(1) sleep(30);
} ^D
# cc -o watchdog main.c
# nohup watchdog&
* based on an old story from Boyd Roberts
112
Fake Hacktools
•Install something that pretends to be a
hacker program
–Backofficer friendly: pretends to be a back
orifice server
–an eggdrop or FSP server that logs
everything
Fake Hacktools
•Install something that pretends to be a
hacker program
–Backofficer friendly: pretends to be a back
orifice server
–an eggdrop or FSP server that logs
everything
113
Fake Holes
•Install a phf.pl script in your CGI
directory on your web server
–Have it generate an alert
Fake Holes
•Install a phf.pl script in your CGI
directory on your web server
–Have it generate an alert
114
DumDum Users
•Have a user with a crackable but not
obvious password
–Put something in their .login to alert you
when they log in
•If they ever log in, you know someone
has gotten hold of your password file,
somehow
DumDum Users
•Have a user with a crackable but not
obvious password
–Put something in their .login to alert you
when they log in
•If they ever log in, you know someone
has gotten hold of your password file,
somehow
115
Roto-Router
•Redirect incoming traceroute queries to
a user-mode process which responds
with carefully crafted packets
–Looks like you go into the network
•Then to microsoft.com
–Then to whitehouse.gov
•Then to playboy.com
•etc.
–Louis Mamakos (I think) invented this one
Roto-Router
•Redirect incoming traceroute queries to
a user-mode process which responds
with carefully crafted packets
–Looks like you go into the network
•Then to microsoft.com
–Then to whitehouse.gov
•Then to playboy.com
•etc.
–Louis Mamakos (I think) invented this one
116
Scan Slower
•Set up services on a port, that listen
and accept connections
–Set keepalive
–Never send data
•This could be very nicely implemented
in a border device that simulates an
entire network or system
Scan Slower
•Set up services on a port, that listen
and accept connections
–Set keepalive
–Never send data
•This could be very nicely implemented
in a border device that simulates an
entire network or system
117
Phat Warez
•Compress a few gigabytes of zeros into
a .zip file (it’ll get pretty small!)
–Leave it in your Warez directory
Phat Warez
•Compress a few gigabytes of zeros into
a .zip file (it’ll get pretty small!)
–Leave it in your Warez directory
118
Redirector
•Set up something (kind of like a dynamic
LocalDirector or a firewall with proxy
transparency) on the border of your network
that takes traffic destined to certain
machines
–Rewrites the destination to be the source
–Sends it back out
–“Wow! He’s scanning me back really quickly! He
knows all my tricks!”
Redirector
•Set up something (kind of like a dynamic
LocalDirector or a firewall with proxy
transparency) on the border of your network
that takes traffic destined to certain
machines
–Rewrites the destination to be the source
–Sends it back out
–“Wow! He’s scanning me back really quickly! He
knows all my tricks!”
119
Socket Stuffer
•For scanning tools that collect data off
the ports and record/parse/log it
–Have a listener on many man ports
–Each listener, if connected to, sends back
a few USENET postings from talk.bizarre
–This would be lots of fun against the
auditors who like to run ISS scans against
you and charge you big $$ for the result
Socket Stuffer
•For scanning tools that collect data off
the ports and record/parse/log it
–Have a listener on many man ports
–Each listener, if connected to, sends back
a few USENET postings from talk.bizarre
–This would be lots of fun against the
auditors who like to run ISS scans against
you and charge you big $$ for the result
120
Auditor Biter
•One nice way of catching clueless
auditors who send an intern to run ISS
against you and charge you big $$$ is
to create fake vulnerabilities in your
system and wait to see if they appear in
the report
–Measure how much deviance exists
between the report and the ISS output
Auditor Biter
•One nice way of catching clueless
auditors who send an intern to run ISS
against you and charge you big $$$ is
to create fake vulnerabilities in your
system and wait to see if they appear in
the report
–Measure how much deviance exists
between the report and the ISS output
121
Rat Poison Files
•Collect a string (a single encrypted
password) that is in your shadow
password file / customer database /
credit card database
–Have a sniffer watching your system that
will scream as soon as it sees that string
leave the system
Rat Poison Files
•Collect a string (a single encrypted
password) that is in your shadow
password file / customer database /
credit card database
–Have a sniffer watching your system that
will scream as soon as it sees that string
leave the system
122
Noset Executable
•For dedicated service machines,
consider removing the ability to set the
execute bit in multiuser mode
–Must also be attached to a terminal
•Log whenever it isn’t!!!
–Log and alert attempts to set execute
permission
Noset Executable
•For dedicated service machines,
consider removing the ability to set the
execute bit in multiuser mode
–Must also be attached to a terminal
•Log whenever it isn’t!!!
–Log and alert attempts to set execute
permission
123
No Exec Stack
•Several versions of UNIX (Solaris,
some *BSD variants) can now block
attempts to execute code from within
the stack
–Makes buffer overruns a bit harder to
implement for attacker
–Doesn’t prevent code to call existing
functions -- not a perfect solution
No Exec Stack
•Several versions of UNIX (Solaris,
some *BSD variants) can now block
attempts to execute code from within
the stack
–Makes buffer overruns a bit harder to
implement for attacker
–Doesn’t prevent code to call existing
functions -- not a perfect solution
124
Building: Performance
•If you are trying to build your own
sniffer:
–At speeds above 20Mb/sec you will begin
to lose packets on most versions of UNIX
–If you want to go above 30Mb/sec you will
need to modify the kernel
–If you want to go above 50Mb/sec you will
need to write your own device drivers
Building: Performance
•If you are trying to build your own
sniffer:
–At speeds above 20Mb/sec you will begin
to lose packets on most versions of UNIX
–If you want to go above 30Mb/sec you will
need to modify the kernel
–If you want to go above 50Mb/sec you will
need to write your own device drivers
125
Building: Performance (cont)
•An 80% full FDDI is about 80Mb/sec
•That’s about 18,000 packets/sec
•A 400Mhz PC will be spending 25% of
its CPU time just handling interrupts
•Another 45% of its time will be spent
copying packets off the network card
•You have 30% CPU left: use it wisely!
Building: Performance (cont)
•An 80% full FDDI is about 80Mb/sec
•That’s about 18,000 packets/sec
•A 400Mhz PC will be spending 25% of
its CPU time just handling interrupts
•Another 45% of its time will be spent
copying packets off the network card
•You have 30% CPU left: use it wisely!
126
Audit Records
•For host(UNIX) log records you can
access sar(1) or process accounting
–Lastcomm
–Lastlog
–TAMU toolkit has improved system log
record reducers
•C2 logs may be useful but are vendor
dependent
Audit Records
•For host(UNIX) log records you can
access sar(1) or process accounting
–Lastcomm
–Lastlog
–TAMU toolkit has improved system log
record reducers
•C2 logs may be useful but are vendor
dependent
127
Application Records
•Application records are highly application
dependent
–But don’t ignore them!
–Use artificial ignorance on web server logs
–Use artificial ignorance on VPN server logs
•Consider (if you’re bored!) modifying key
executables to log data
–telnet & FTP destinations, login userids
Application Records
•Application records are highly application
dependent
–But don’t ignore them!
–Use artificial ignorance on web server logs
–Use artificial ignorance on VPN server logs
•Consider (if you’re bored!) modifying key
executables to log data
–telnet & FTP destinations, login userids
128
Forensics
•The art of gathering evidence during or
after a crime
–Reconstructing the criminal’s actions
–Providing evidence for prosecution
•Forensics for computer networks is
extremely difficult and depends
completely on the quality of information
you maintain
Forensics
•The art of gathering evidence during or
after a crime
–Reconstructing the criminal’s actions
–Providing evidence for prosecution
•Forensics for computer networks is
extremely difficult and depends
completely on the quality of information
you maintain
129
Forensics: Tools
•Tcpdump
•Argus
•NFR
•Tcpwrapper
•Sniffers
•Nnstat
•A line printer
Forensics: Tools
•Tcpdump
•Argus
•NFR
•Tcpwrapper
•Sniffers
•Nnstat
•A line printer
130
Forensics: Tools (cont)
•Tripwire
•Backups
Forensics: Tools (cont)
•Tripwire
•Backups
131
Forensics: Response
•Split response efforts into two teams
–Team A: Learn what you can about what the
attacker is doing, feed the information to
team B
–Team B: generate a “shutout plan” based on
the attackers’ techniques to lock them (and
keep them) out
–Determine in advance when team A will give
up and team B will perform shutout
Forensics: Response
•Split response efforts into two teams
–Team A: Learn what you can about what the
attacker is doing, feed the information to
team B
–Team B: generate a “shutout plan” based on
the attackers’ techniques to lock them (and
keep them) out
–Determine in advance when team A will give
up and team B will perform shutout
132
Response
•Examine log files
•Look for sniffers
•Look for remote control programs
(netbus, backorifice, etc)
•Look for possible hacker file sharing or
communications programs (eggdrop,
irc, etc)
Response
•Examine log files
•Look for sniffers
•Look for remote control programs
(netbus, backorifice, etc)
•Look for possible hacker file sharing or
communications programs (eggdrop,
irc, etc)
133
Response (cont)
•Look for privileged programs
find / -perm -4000 -print
•Look for file system tampering (use tripwire
or backups)
•Examine cron and at jobs
•Look for unauthorized services
netstat -a
check inetd.conf
Response (cont)
•Look for privileged programs
find / -perm -4000 -print
•Look for file system tampering (use tripwire
or backups)
•Examine cron and at jobs
•Look for unauthorized services
netstat -a
check inetd.conf
134
Response (cont)
•Look for password file changes or new
users
•Check system and network
configurations
–Pay close attention to filtering rules
•Look for unusual files
–Depending on the size of your disks:
find / -print | more
Response (cont)
•Look for password file changes or new
users
•Check system and network
configurations
–Pay close attention to filtering rules
•Look for unusual files
–Depending on the size of your disks:
find / -print | more
135
Response (cont)
•Look at all your hosts, especially
servers
Response (cont)
•Look at all your hosts, especially
servers
136
Forensics: Backtracking
•Nowadays hackers are increasingly
sophisticated about hiding tracks
–The ones that are good, you won’t catch
–The ones that you can catch aren’t worth
catching
•Very few good tools for backtracking
are available
Forensics: Backtracking
•Nowadays hackers are increasingly
sophisticated about hiding tracks
–The ones that are good, you won’t catch
–The ones that you can catch aren’t worth
catching
•Very few good tools for backtracking
are available
137
Hidden Directories
•Warez: Cute term for pirated software
•Warez are often hidden in FTP or web
areas using weird directory names:
–“...”
–“ “ (space)
–“normal “ (normal with space after it)
•Check FTP areas for new directories
Hidden Directories
•Warez: Cute term for pirated software
•Warez are often hidden in FTP or web
areas using weird directory names:
–“...”
–“ “ (space)
–“normal “ (normal with space after it)
•Check FTP areas for new directories
138
Finding Hacker-Prints
•Search suspected infected system for
new files:
–find / -mtime -30 -print
–Use tripwire
–Restore filesystems to a different disk and
compare all the files (slow and painful!)
Finding Hacker-Prints
•Search suspected infected system for
new files:
–find / -mtime -30 -print
–Use tripwire
–Restore filesystems to a different disk and
compare all the files (slow and painful!)
139
Names of Tools to Look for
•nuke - icmp bomb program
•rootkit - trojans and patches
•cloak - log clearer
•zap - file date changer
•icepick - penetration test tool
•toneloc - wargames dialer
Names of Tools to Look for
•nuke - icmp bomb program
•rootkit - trojans and patches
•cloak - log clearer
•zap - file date changer
•icepick - penetration test tool
•toneloc - wargames dialer
140
Law Enforcement
•FBI:
–Jurisdiction over electronic crime
•Secret Service: (Treasury Dept)
–Credit card fraud
–Attacks against financial organizations
•Law enforcement interest depends on
sexiness of case
Law Enforcement
•FBI:
–Jurisdiction over electronic crime
•Secret Service: (Treasury Dept)
–Credit card fraud
–Attacks against financial organizations
•Law enforcement interest depends on
sexiness of case
141
Law Enforcement (cont)
•Law enforcement still Internet-ignorant
•Expect to have to educate them
–Not worth it
•The situation is improving rapidly
–Your mileage, however, may vary wildly
depending on location
Law Enforcement (cont)
•Law enforcement still Internet-ignorant
•Expect to have to educate them
–Not worth it
•The situation is improving rapidly
–Your mileage, however, may vary wildly
depending on location
142
Under Attack
•Decide if you want to:
–Observe the attacker
–Chase them away and lock them out
–Catch the attacker
–Prosecute them if you catch them
•If you may want to prosecute:
–Contact legal counsel immediately
–Find about local laws of evidence
Under Attack
•Decide if you want to:
–Observe the attacker
–Chase them away and lock them out
–Catch the attacker
–Prosecute them if you catch them
•If you may want to prosecute:
–Contact legal counsel immediately
–Find about local laws of evidence
143
If you are Under Attack
•Do a complete system backup
immediately
–Hackers tend to zap system disks if caught
•Get a system with tcpdump running a
complete packet log to disk
–What protocol packets went to/from where
–Possibly contents for some sessions (telnet,
rlogin, IRC, FTP)
If you are Under Attack
•Do a complete system backup
immediately
–Hackers tend to zap system disks if caught
•Get a system with tcpdump running a
complete packet log to disk
–What protocol packets went to/from where
–Possibly contents for some sessions (telnet,
rlogin, IRC, FTP)
144
Shutting Down (For Paranoids)
•Sync the disks, and halt the system
–Do not execute a clean shutdown
–Do not disconnect the network
•Bring system back up to single user
mode
–Make and verify backups in single user
mode
–Consider making image dump (dd) of disks
Shutting Down (For Paranoids)
•Sync the disks, and halt the system
–Do not execute a clean shutdown
–Do not disconnect the network
•Bring system back up to single user
mode
–Make and verify backups in single user
mode
–Consider making image dump (dd) of disks
145
Phone Companies
•Backtracking phone calls is nearly
impossible
–Deregulation makes phone company
boundaries very hard to track across
–Even with a hard fix on the login session
phone companies take 20-30 minutes to
track a call
–Very frustrating
Phone Companies
•Backtracking phone calls is nearly
impossible
–Deregulation makes phone company
boundaries very hard to track across
–Even with a hard fix on the login session
phone companies take 20-30 minutes to
track a call
–Very frustrating
146
CERT
•Telephone CERT
•They probably cannot help
–Worthwhile to at least describe what is
going on
–They may be able to recommend specific
short term countermeasures for holes that
are being exploited
CERT
•Telephone CERT
•They probably cannot help
–Worthwhile to at least describe what is
going on
–They may be able to recommend specific
short term countermeasures for holes that
are being exploited
147
Where are They Coming
From?
•Use tcpdump / who / syslog to see
where they are coming in from
•Run finger against remote system
–If finger is working on attacker system you
may be able to correlate activity with times
of attack and user idle time
–Usually attacker will be using a stolen
account on remote machine
Where are They Coming
From?
•Use tcpdump / who / syslog to see
where they are coming in from
•Run finger against remote system
–If finger is working on attacker system you
may be able to correlate activity with times
of attack and user idle time
–Usually attacker will be using a stolen
account on remote machine
148
Backtracking
•Do not mail to root@attackermachine
saying you are under attack
–Attackers watch root’s mail
•Check NIC registry for attacker domain
and telephone the site technical contact
–Remember: your communications are
compromised
Backtracking
•Do not mail to root@attackermachine
saying you are under attack
–Attackers watch root’s mail
•Check NIC registry for attacker domain
and telephone the site technical contact
–Remember: your communications are
compromised
149
Watching the Bad Guy
•Get a copy of cloak and watch the
attacker semi-invisibly
–If they see they are being watched they will
leave and may destroy the machine
•If they have forgotten to disable shell
command history you can get a good
idea what commands they are using
Watching the Bad Guy
•Get a copy of cloak and watch the
attacker semi-invisibly
–If they see they are being watched they will
leave and may destroy the machine
•If they have forgotten to disable shell
command history you can get a good
idea what commands they are using
150
Fight Fire with Fire
•Building booby-trapped telnet/rlogin
clients lets you monitor everything the
attacker does
–Sometimes the attacker will reveal themself
•Social engineer the attacker
–Sometimes the attacker will brag on IRC
–Sometimes you can learn who it is by
piquing their ego
Fight Fire with Fire
•Building booby-trapped telnet/rlogin
clients lets you monitor everything the
attacker does
–Sometimes the attacker will reveal themself
•Social engineer the attacker
–Sometimes the attacker will brag on IRC
–Sometimes you can learn who it is by
piquing their ego
151
Fight Fire with Fire (cont)
•Leave a modem number someplace for
the attacker to find
–Make sure modem is connected to callerID
•If they leave warez or tools in FTP area
–Log who retrieves them
–Replace warez with files of white noise
–Contact site admins at sites downloading
the software
Fight Fire with Fire (cont)
•Leave a modem number someplace for
the attacker to find
–Make sure modem is connected to callerID
•If they leave warez or tools in FTP area
–Log who retrieves them
–Replace warez with files of white noise
–Contact site admins at sites downloading
the software
152
Legal Issues
•You may not be able to use hacker
techniques against them
•Laws for gathering evidence are
confusing
•Logs may or may not be admissable
•Perpetrator may or may not be
prosecutable
Legal Issues
•You may not be able to use hacker
techniques against them
•Laws for gathering evidence are
confusing
•Logs may or may not be admissable
•Perpetrator may or may not be
prosecutable
153
Know when to Quit
•Eventually it may be easier to unplug
the network for a day or two and just
clean up
•Use clean up time to improve security
and logging
Know when to Quit
•Eventually it may be easier to unplug
the network for a day or two and just
clean up
•Use clean up time to improve security
and logging
154
Books
•Intrusion Detection : Network Security
Beyond the Firewall by Terry Escamilla
published by John Wiley and Sons
•Intrusion Detection; An Introduction to
Internet Surveillance, Correlation,
Traps, Trace Back, and Response
by Edward G. Amoroso
published by intrusion.net books
Books
•Intrusion Detection : Network Security
Beyond the Firewall by Terry Escamilla
published by John Wiley and Sons
•Intrusion Detection; An Introduction to
Internet Surveillance, Correlation,
Traps, Trace Back, and Response
by Edward G. Amoroso
published by intrusion.net books
155
Books
•Computer Crime: A Crimefighter’s
Handbook, by David Icove, Karl Seger
and William VonStorch, from O’Reilly
Associates in August 95
•Coping with the Threat of Computer
Security Incidents: A Primer from
Prevention Through Recovery, by
Russell Brand
Books
•Computer Crime: A Crimefighter’s
Handbook, by David Icove, Karl Seger
and William VonStorch, from O’Reilly
Associates in August 95
•Coping with the Threat of Computer
Security Incidents: A Primer from
Prevention Through Recovery, by
Russell Brand
156
Books
•Internet Security and Firewalls:
Repelling the Wily Hacker, by Bill
Cheswick and Steve Bellovin, from
Addison Wesley
•Internet Firewalls, by Brent Chapman
and Elizabeth Zwicky
Books
•Internet Security and Firewalls:
Repelling the Wily Hacker, by Bill
Cheswick and Steve Bellovin, from
Addison Wesley
•Internet Firewalls, by Brent Chapman
and Elizabeth Zwicky
157
URLs
•Spaf’s Security Page
–http://www.cs.purdue.edu/people/spaf
•Mjr’s home page
–http://www.clark.net/pub/mjr
•Hacker sites: the fringe
–http://www.lopht.com
–http://www.digicrime.com
URLs
•Spaf’s Security Page
–http://www.cs.purdue.edu/people/spaf
•Mjr’s home page
–http://www.clark.net/pub/mjr
•Hacker sites: the fringe
–http://www.lopht.com
–http://www.digicrime.com
158
URLs
•IDS FAQs (warning: vendor sponsored)
–http://www.ticm.com/kb/faq/idsfaq.html
–http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
URLs
•IDS FAQs (warning: vendor sponsored)
–http://www.ticm.com/kb/faq/idsfaq.html
–http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
160
Addresses
•CERT
–[email protected]
•Firewalls mailing list
–[email protected]: subscribe
firewalls
•Web security mailing list
–[email protected]: subscribe
www-security
Addresses
•CERT
–[email protected]
•Firewalls mailing list
–[email protected]: subscribe
firewalls
•Web security mailing list
–[email protected]: subscribe
www-security
161
Addresses
•Firewalls Wizards mailing list
–[email protected]: subscribe firewall-
wizards
•http://www.nfr.net/forum/firewall-wizards.html
–Searchable online archive on
•http://www.nfr.net/firewall-wizards/
Addresses
•Firewalls Wizards mailing list
–[email protected]: subscribe firewall-
wizards
•http://www.nfr.net/forum/firewall-wizards.html
–Searchable online archive on
•http://www.nfr.net/firewall-wizards/
162
B
y
r
e
q
u
e
s
t
,
h
e
r
e
's
a
q
u
ic
k
h
o
w
-
t
o
o
n
lo
g
s
c
a
n
n
in
g
v
ia
a
r
t
if
ic
ia
l
ig
n
o
r
a
n
c
e
.
:
)
I
t
a
s
s
u
m
e
s
U
N
I
X
a
n
d
t
h
e
p
r
e
s
e
n
c
e
o
f
a
g
o
o
d
g
r
e
p
-
y
o
u
c
o
u
ld
u
s
e
o
t
h
e
r
s
t
u
f
f
if
y
o
u
w
a
n
t
e
d
t
o
b
u
t
t
h
is
is
ju
s
t
a
n
e
x
a
m
p
le
.
S
e
t
t
in
g
u
p
a
f
ilt
e
r
is
a
p
r
o
c
e
s
s
o
f
c
o
n
s
t
a
n
t
t
u
n
in
g
.
F
ir
s
t
y
o
u
b
u
ild
a
f
ile
o
f
c
o
m
m
o
n
s
t
r
in
g
s
t
h
a
t
a
r
e
n
't
in
t
e
r
e
s
t
in
g
,
a
n
d
,
a
s
n
e
w
u
n
in
t
e
r
e
s
t
in
g
t
h
in
g
s
h
a
p
p
e
n
,
y
o
u
a
d
d
t
h
e
m
t
o
t
h
e
f
ile
.
I
s
t
a
r
t
w
it
h
a
s
h
e
ll
c
o
m
m
a
n
d
lik
e
t
h
is
:
c
d
/
v
a
r
/
l
o
g
c
a
t
*
|
\
s
e
d
-
e
'
s
/
^
.
*
d
e
m
o
/
/
'
-
e
'
s
/
\
[
[
0
-
9
]
*
\
]
/
/
'
|
\
s
o
r
t
|
u
n
i
q
-
c
|
\
s
o
r
t
-
r
-
n
>
/
t
m
p
/
x
x
I
n
t
h
is
e
x
a
m
p
le
"
d
e
m
o
"
is
m
y
la
p
t
o
p
's
n
a
m
e
,
a
n
d
I
u
s
e
it
in
t
h
e
s
e
d
c
o
m
m
a
n
d
t
o
s
t
r
ip
o
u
t
t
h
e
le
a
d
in
g
lin
e
s
o
f
s
y
s
lo
g
m
e
s
s
a
g
e
s
s
o
t
h
a
t
I
lo
s
e
t
h
e
d
a
t
e
/
t
im
e
s
t
a
m
p
s
.
T
h
is
m
e
a
n
s
t
h
a
t
t
h
e
o
v
e
r
a
ll
v
a
r
ia
t
io
n
in
t
h
e
t
e
x
t
is
r
e
d
u
c
e
d
c
o
n
s
id
e
r
a
b
ly
.
T
h
e
n
e
x
t
a
r
g
u
m
e
n
t
t
o
s
e
d
s
t
r
ip
s
o
u
t
t
h
e
P
I
D
f
r
o
m
t
h
e
d
a
e
m
o
n
,
a
n
o
t
h
e
r
s
o
u
r
c
e
o
f
t
e
x
t
v
a
r
ia
t
io
n
.
w
e
t
h
e
n
s
o
r
t
it
,
c
o
lla
p
s
e
d
u
p
lic
a
t
e
s
in
t
o
a
c
o
u
n
t
,
t
h
e
n
s
o
r
t
t
h
e
c
o
u
n
t
n
u
m
e
r
ic
a
lly
.
T
h
is
y
ie
ld
s
a
f
ile
o
f
t
h
e
f
r
e
q
u
e
n
c
y
w
it
h
w
h
ic
h
s
o
m
e
t
h
in
g
s
h
o
w
s
u
p
in
s
y
s
lo
g
(
m
o
r
e
o
r
le
s
s
)
:
2
9
7
c
r
o
n
:
(
r
o
o
t
)
C
M
D
(
/
u
s
r
/
b
i
n
/
a
t
)
1
6
7
s
e
n
d
m
a
i
l
:
a
l
i
a
s
d
a
t
a
b
a
s
e
/
e
t
c
/
a
l
i
a
s
e
s
.
d
b
o
u
t
o
f
d
a
t
e
1
2
0
f
t
p
d
:
P
O
R
T
6
1
l
p
d
:
r
e
s
t
a
r
t
e
d
4
8
k
e
r
n
e
l
:
w
d
p
i
0
:
t
r
a
n
s
f
e
r
s
i
z
e
=
2
0
4
8
i
n
t
r
c
m
d
D
R
Q
.
.
.
e
t
c
I
n
t
h
e
e
x
a
m
p
le
o
n
"
d
e
m
o
"
t
h
is
r
e
d
u
c
e
d
3
9
8
2
lin
e
s
o
f
s
y
s
lo
g
r
e
c
o
r
d
s
t
o
8
8
9
.
T
h
e
n
w
h
a
t
y
o
u
w
a
n
t
t
o
d
o
is
t
r
im
f
r
o
m
B
O
T
H
e
n
d
s
o
f
t
h
e
f
ile
a
n
d
b
u
ild
a
n
"
ig
n
o
r
e
t
h
is
"
lis
t
.
I
n
t
h
is
e
x
a
m
p
le
,
I
d
o
n
't
c
a
r
e
t
h
a
t
c
r
o
n
r
a
n
"
a
t
"
O
K
s
o
I
'd
a
d
d
a
r
e
g
e
x
p
lik
e
:
c
r
o
n
.
*
:
(
r
o
o
t
)
C
M
D
(
/
u
s
r
/
b
i
n
/
a
t
)
T
h
a
t
's
a
p
r
e
t
t
y
p
r
e
c
is
e
o
n
e
.
:
)
A
t
t
h
e
b
o
t
t
o
m
o
f
m
y
f
ile
t
h
e
r
e
w
e
r
e
a
b
o
u
t
2
0
0
e
n
t
r
ie
s
t
h
a
t
lo
o
k
e
d
lik
e
:
1
f
t
p
d
:
R
E
T
R
p
i
c
9
.
j
p
g
1
f
t
p
d
:
R
E
T
R
p
i
c
8
.
j
p
g
1
f
t
p
d
:
R
E
T
R
p
i
c
7
.
j
p
g
1
f
t
p
d
:
R
E
T
R
p
i
c
6
.
j
p
g
C
le
a
r
ly
t
h
e
s
e
a
r
e
h
ig
h
ly
u
n
iq
u
e
e
v
e
n
t
s
b
u
t
a
ls
o
n
o
t
in
t
e
r
e
s
t
in
g
.
S
o
I
a
d
d
p
a
t
t
e
r
n
s
t
h
a
t
lo
o
k
lik
e
:
f
t
p
d
.
*
:
R
E
T
R
f
t
p
d
.
*
:
S
T
O
R
f
t
p
d
.
*
:
C
W
D
f
t
p
d
.
*
:
U
S
E
R
f
t
p
d
.
*
:
F
T
P
L
O
G
I
N
F
R
O
M
A
p
p
e
n
d
i
x
:
A
r
t
i
f
i
c
i
a
l
I
g
n
o
r
a
n
c
e
i
n
A
c
t
i
o
n
B
y
r
e
q
u
e
s
t
,
h
e
r
e
's
a
q
u
ic
k
h
o
w
-
t
o
o
n
lo
g
s
c
a
n
n
in
g
v
ia
a
r
t
if
ic
ia
l
ig
n
o
r
a
n
c
e
.
:
)
I
t
a
s
s
u
m
e
s
U
N
I
X
a
n
d
t
h
e
p
r
e
s
e
n
c
e
o
f
a
g
o
o
d
g
r
e
p
-
y
o
u
c
o
u
ld
u
s
e
o
t
h
e
r
s
t
u
f
f
if
y
o
u
w
a
n
t
e
d
t
o
b
u
t
t
h
is
is
ju
s
t
a
n
e
x
a
m
p
le
.
S
e
t
t
in
g
u
p
a
f
ilt
e
r
is
a
p
r
o
c
e
s
s
o
f
c
o
n
s
t
a
n
t
t
u
n
in
g
.
F
ir
s
t
y
o
u
b
u
ild
a
f
ile
o
f
c
o
m
m
o
n
s
t
r
in
g
s
t
h
a
t
a
r
e
n
't
in
t
e
r
e
s
t
in
g
,
a
n
d
,
a
s
n
e
w
u
n
in
t
e
r
e
s
t
in
g
t
h
in
g
s
h
a
p
p
e
n
,
y
o
u
a
d
d
t
h
e
m
t
o
t
h
e
f
ile
.
I
s
t
a
r
t
w
it
h
a
s
h
e
ll
c
o
m
m
a
n
d
lik
e
t
h
is
:
c
d
/
v
a
r
/
l
o
g
c
a
t
*
|
\
s
e
d
-
e
'
s
/
^
.
*
d
e
m
o
/
/
'
-
e
'
s
/
\
[
[
0
-
9
]
*
\
]
/
/
'
|
\
s
o
r
t
|
u
n
i
q
-
c
|
\
s
o
r
t
-
r
-
n
>
/
t
m
p
/
x
x
I
n
t
h
is
e
x
a
m
p
le
"
d
e
m
o
"
is
m
y
la
p
t
o
p
's
n
a
m
e
,
a
n
d
I
u
s
e
it
in
t
h
e
s
e
d
c
o
m
m
a
n
d
t
o
s
t
r
ip
o
u
t
t
h
e
le
a
d
in
g
lin
e
s
o
f
s
y
s
lo
g
m
e
s
s
a
g
e
s
s
o
t
h
a
t
I
lo
s
e
t
h
e
d
a
t
e
/
t
im
e
s
t
a
m
p
s
.
T
h
is
m
e
a
n
s
t
h
a
t
t
h
e
o
v
e
r
a
ll
v
a
r
ia
t
io
n
in
t
h
e
t
e
x
t
is
r
e
d
u
c
e
d
c
o
n
s
id
e
r
a
b
ly
.
T
h
e
n
e
x
t
a
r
g
u
m
e
n
t
t
o
s
e
d
s
t
r
ip
s
o
u
t
t
h
e
P
I
D
f
r
o
m
t
h
e
d
a
e
m
o
n
,
a
n
o
t
h
e
r
s
o
u
r
c
e
o
f
t
e
x
t
v
a
r
ia
t
io
n
.
w
e
t
h
e
n
s
o
r
t
it
,
c
o
lla
p
s
e
d
u
p
lic
a
t
e
s
in
t
o
a
c
o
u
n
t
,
t
h
e
n
s
o
r
t
t
h
e
c
o
u
n
t
n
u
m
e
r
ic
a
lly
.
T
h
is
y
ie
ld
s
a
f
ile
o
f
t
h
e
f
r
e
q
u
e
n
c
y
w
it
h
w
h
ic
h
s
o
m
e
t
h
in
g
s
h
o
w
s
u
p
in
s
y
s
lo
g
(
m
o
r
e
o
r
le
s
s
)
:
2
9
7
c
r
o
n
:
(
r
o
o
t
)
C
M
D
(
/
u
s
r
/
b
i
n
/
a
t
)
1
6
7
s
e
n
d
m
a
i
l
:
a
l
i
a
s
d
a
t
a
b
a
s
e
/
e
t
c
/
a
l
i
a
s
e
s
.
d
b
o
u
t
o
f
d
a
t
e
1
2
0
f
t
p
d
:
P
O
R
T
6
1
l
p
d
:
r
e
s
t
a
r
t
e
d
4
8
k
e
r
n
e
l
:
w
d
p
i
0
:
t
r
a
n
s
f
e
r
s
i
z
e
=
2
0
4
8
i
n
t
r
c
m
d
D
R
Q
.
.
.
e
t
c
I
n
t
h
e
e
x
a
m
p
le
o
n
"
d
e
m
o
"
t
h
is
r
e
d
u
c
e
d
3
9
8
2
lin
e
s
o
f
s
y
s
lo
g
r
e
c
o
r
d
s
t
o
8
8
9
.
T
h
e
n
w
h
a
t
y
o
u
w
a
n
t
t
o
d
o
is
t
r
im
f
r
o
m
B
O
T
H
e
n
d
s
o
f
t
h
e
f
ile
a
n
d
b
u
ild
a
n
"
ig
n
o
r
e
t
h
is
"
lis
t
.
I
n
t
h
is
e
x
a
m
p
le
,
I
d
o
n
't
c
a
r
e
t
h
a
t
c
r
o
n
r
a
n
"
a
t
"
O
K
s
o
I
'd
a
d
d
a
r
e
g
e
x
p
lik
e
:
c
r
o
n
.
*
:
(
r
o
o
t
)
C
M
D
(
/
u
s
r
/
b
i
n
/
a
t
)
T
h
a
t
's
a
p
r
e
t
t
y
p
r
e
c
is
e
o
n
e
.
:
)
A
t
t
h
e
b
o
t
t
o
m
o
f
m
y
f
ile
t
h
e
r
e
w
e
r
e
a
b
o
u
t
2
0
0
e
n
t
r
ie
s
t
h
a
t
lo
o
k
e
d
lik
e
:
1
f
t
p
d
:
R
E
T
R
p
i
c
9
.
j
p
g
1
f
t
p
d
:
R
E
T
R
p
i
c
8
.
j
p
g
1
f
t
p
d
:
R
E
T
R
p
i
c
7
.
j
p
g
1
f
t
p
d
:
R
E
T
R
p
i
c
6
.
j
p
g
C
le
a
r
ly
t
h
e
s
e
a
r
e
h
ig
h
ly
u
n
iq
u
e
e
v
e
n
t
s
b
u
t
a
ls
o
n
o
t
in
t
e
r
e
s
t
in
g
.
S
o
I
a
d
d
p
a
t
t
e
r
n
s
t
h
a
t
lo
o
k
lik
e
:
f
t
p
d
.
*
:
R
E
T
R
f
t
p
d
.
*
:
S
T
O
R
f
t
p
d
.
*
:
C
W
D
f
t
p
d
.
*
:
U
S
E
R
f
t
p
d
.
*
:
F
T
P
L
O
G
I
N
F
R
O
M
A
p
p
e
n
d
i
x
:
A
r
t
i
f
i
c
i
a
l
I
g
n
o
r
a
n
c
e
i
n
A
c
t
i
o
n
163N
o
w
,
y
o
u
a
p
p
ly
y
o
u
r
s
t
o
p
-
lis
t
a
s
f
o
llo
w
s
:
c
a
t
*
|
g
r
e
p
-
v
-
f
s
t
o
p
l
i
s
t
|
\
s
o
r
t
,
e
t
c
-
-
T
h
is
t
im
e
I
g
e
t
7
4
4
lin
e
s
.
P
u
t
t
in
g
a
p
a
t
t
e
r
n
in
t
h
a
t
m
a
t
c
h
e
s
:
s
e
n
d
m
a
i
l
.
*
:
.
*
t
o
=
D
r
o
p
s
it
d
o
w
n
t
o
1
2
0
lin
e
s
.
J
u
s
t
k
e
e
p
d
o
in
g
t
h
is
a
n
d
p
r
e
t
t
y
s
o
o
n
y
o
u
'll
h
a
v
e
a
s
e
t
o
f
p
a
t
t
e
r
n
s
t
h
a
t
m
a
k
e
y
o
u
r
w
h
o
le
s
y
s
lo
g
o
u
t
p
u
t
d
is
a
p
p
e
a
r
.
Y
o
u
'll
n
o
t
ic
e
t
h
a
t
in
t
h
e
e
a
r
ly
e
x
a
m
p
le
I
h
a
d
a
w
a
r
n
in
g
f
r
o
m
s
e
n
d
m
a
il
b
e
c
a
u
s
e
t
h
e
a
lia
s
e
s
d
a
t
a
b
a
s
e
w
a
s
o
u
t
o
f
d
a
t
e
.
R
a
t
h
e
r
t
h
a
n
p
u
t
t
in
g
a
p
a
t
t
e
r
n
f
o
r
t
h
a
t
,
I
s
im
p
ly
r
a
n
n
e
w
a
lia
s
.
N
e
x
t
t
im
e
m
y
a
lia
s
e
s
d
a
t
a
b
a
s
e
is
o
u
t
o
f
d
a
t
e
,
m
y
lo
g
s
c
a
n
n
e
r
w
ill
t
e
ll
m
e
.
S
y
s
t
e
m
r
e
b
o
o
t
s
a
r
e
c
o
o
l,
t
o
o
.
M
y
lo
g
s
h
o
w
s
:
4
8
k
e
r
n
e
l
:
w
d
c
2
a
t
p
c
m
c
i
a
0
:
P
C
C
A
R
D
I
D
E
d
i
s
k
c
o
n
t
r
o
l
l
e
r
4
8
k
e
r
n
e
l
:
w
d
c
1
a
t
p
c
m
c
i
a
0
:
P
C
C
A
R
D
I
D
E
d
i
s
k
c
o
n
t
r
o
l
l
e
r
4
8
k
e
r
n
e
l
:
w
d
c
0
a
t
i
s
a
0
i
o
b
a
s
e
0
x
1
f
0
i
r
q
1
4
:
d
i
s
k
c
o
n
t
r
o
l
l
e
r
4
8
k
e
r
n
e
l
:
w
d
0
a
t
w
d
c
0
d
r
i
v
e
0
:
s
e
c
/
i
n
t
=
4
2
8
1
8
3
6
8
*
5
1
2
.
.
.
T
h
o
s
e
w
ill
b
e
p
r
e
t
t
y
m
u
c
h
s
t
a
t
ic
.
S
o
I
a
d
d
t
h
o
s
e
e
x
a
c
t
lin
e
s
.
N
o
w
t
h
e
y
w
o
n
't
s
h
o
w
u
p
w
h
e
n
e
v
e
r
t
h
e
s
y
s
t
e
m
b
o
o
t
s
.
B
U
T
I
'll
g
e
t
a
n
o
t
if
ic
a
t
io
n
if
a
n
e
w
S
C
S
I
d
r
iv
e
is
a
d
d
e
d
,
o
r
(
I
d
id
t
h
is
d
e
lib
e
r
a
t
e
ly
!
)
:
k
e
r
n
e
l
:
f
d
0
c
:
h
a
r
d
e
r
r
o
r
w
r
i
t
i
n
g
f
s
b
n
1
o
f
1
-
1
9
(
f
d
0
b
n
1
;
c
n
k
e
r
n
e
l
:
f
d
0
:
w
r
i
t
e
p
r
o
t
e
c
t
e
d
O
o
o
h
!
S
o
m
e
b
a
d
b
o
y
t
r
y
in
g
t
o
s
t
e
p
o
n
m
y
t
r
ip
w
ir
e
f
ile
!
O
r
:
k
e
r
n
e
l
:
c
h
a
n
g
i
n
g
r
o
o
t
d
e
v
i
c
e
t
o
w
d
1
a
.
.
in
t
e
r
e
s
t
in
g
.
M
y
p
a
t
t
e
r
n
w
a
s
f
o
r
w
d
0
a
!
I
u
s
e
d
t
o
r
u
n
t
h
is
k
in
d
o
f
s
t
u
f
f
o
n
a
f
ir
e
w
a
ll
t
h
a
t
I
u
s
e
d
t
o
m
a
n
a
g
e
.
O
n
e
d
a
y
it
s
h
a
r
d
d
is
k
b
u
r
n
e
d
u
p
a
n
d
m
y
lo
g
s
c
a
n
c
h
e
e
r
f
u
lly
f
o
u
n
d
t
h
e
s
e
n
e
w
m
e
s
s
a
g
e
s
a
b
o
u
t
b
a
d
b
lo
c
k
r
e
p
la
c
e
m
e
n
t
a
n
d
s
e
n
t
t
h
e
m
t
o
m
e
.
:
)
T
h
e
a
d
v
a
n
t
a
g
e
o
f
t
h
is
a
p
p
r
o
a
c
h
is
t
h
a
t
it
's
d
u
m
b
,
it
's
c
h
e
a
p
-
-
a
n
d
it
c
a
t
c
h
e
s
s
t
u
f
f
y
o
u
d
o
n
't
k
n
o
w
a
b
o
u
t
a
lr
e
a
d
y
.
O
n
c
e
y
o
u
'v
e
g
o
t
y
o
u
r
p
a
t
t
e
r
n
f
ile
t
u
n
e
d
,
p
u
t
it
in
c
r
o
n
o
r
w
h
a
t
e
v
e
r
,
s
o
it
r
u
n
s
o
f
t
e
n
.
T
h
e
T
I
S
G
a
u
n
t
le
t
h
a
s
a
h
a
c
k
I
w
r
o
t
e
c
a
lle
d
"
r
e
t
a
il"
w
h
ic
h
I
c
a
n
't
u
n
f
o
r
t
u
n
a
t
e
ly
r
e
le
a
s
e
t
h
e
c
o
d
e
f
o
r
,
b
u
t
is
e
a
s
y
t
o
im
p
le
m
e
n
t
.
B
a
s
ic
a
lly
,
it
w
a
s
lik
e
t
a
il
b
u
t
it
r
e
m
e
m
b
e
r
e
d
t
h
e
o
f
f
s
e
t
in
t
h
e
f
ile
f
r
o
m
t
h
e
p
r
e
v
io
u
s
r
u
n
,
a
n
d
t
h
e
in
o
d
e
o
f
t
h
e
f
ile
(
s
o
it
'd
d
e
t
e
c
t
f
ile
s
h
if
t
s
)
-
t
h
e
t
r
ic
k
is
t
o
k
e
e
p
o
n
e
f
d
o
p
e
n
t
o
t
h
e
f
ile
a
n
d
s
e
e
k
w
it
h
in
it
,
t
h
e
n
s
t
a
t
it
e
v
e
r
y
s
o
o
f
t
e
n
t
o
s
e
e
if
t
h
e
f
ile
h
a
s
g
r
o
w
n
o
r
c
h
a
n
g
e
d
in
o
d
e
.
I
f
it
h
a
s
,
r
e
a
d
t
o
E
O
F
,
o
p
e
n
t
h
e
n
e
w
f
ile
,
a
n
d
s
t
a
r
t
a
g
a
in
.
T
h
a
t
w
a
y
y
o
u
c
a
n
c
h
o
p
t
h
e
e
n
d
o
f
t
h
e
lo
g
f
ile
t
h
r
o
u
g
h
a
f
ilt
e
r
e
v
e
r
y
c
o
u
p
le
s
e
c
o
n
d
s
w
it
h
m
in
im
a
l
e
x
p
e
n
s
e
in
C
P
U
a
n
d
d
is
k
I
/
O
.
I
'm
s
u
r
e
t
h
e
r
e
a
r
e
lo
t
s
o
f
f
u
n
w
a
y
s
t
h
is
s
im
p
le
t
r
ic
k
c
a
n
b
e
e
n
h
a
n
c
e
d
-
-
b
u
t
ju
s
t
in
it
s
n
a
iv
e
f
o
r
m
I
'v
e
f
o
u
n
d
it
q
u
it
e
u
s
e
f
u
l.
I
w
is
h
I
h
a
d
a
p
r
o
g
r
a
m
t
h
a
t
h
e
lp
e
d
m
e
s
t
a
t
is
t
ic
a
lly
b
u
ild
m
y
n
o
is
e
f
ilt
e
r
s
,
b
u
t
in
g
e
n
e
r
a
l
I
f
in
d
it
's
a
b
o
u
t
a
2
h
o
u
r
jo
b
,
t
o
p
s
,
a
n
d
it
's
o
n
e
y
o
u
d
o
o
n
c
e
a
n
d
f
o
r
g
e
t
a
b
o
u
t
.
h
t
t
p
:
/
/
w
w
w
.
n
f
r
.
n
e
t
/
f
i
r
e
w
a
l
l
-
w
i
z
a
r
d
s
/
m
a
i
l
-
a
r
c
h
i
v
e
/
1
9
9
7
/
S
e
p
/
0
0
9
8
.
h
t
m
l
o
w
,
y
o
u
a
p
p
ly
y
o
u
r
s
t
o
p
-
lis
t
a
s
f
o
llo
w
s
:
c
a
t
*
|
g
r
e
p
-
v
-
f
s
t
o
p
l
i
s
t
|
\
s
o
r
t
,
e
t
c
-
-
T
h
is
t
im
e
I
g
e
t
7
4
4
lin
e
s
.
P
u
t
t
in
g
a
p
a
t
t
e
r
n
in
t
h
a
t
m
a
t
c
h
e
s
:
s
e
n
d
m
a
i
l
.
*
:
.
*
t
o
=
D
r
o
p
s
it
d
o
w
n
t
o
1
2
0
lin
e
s
.
J
u
s
t
k
e
e
p
d
o
in
g
t
h
is
a
n
d
p
r
e
t
t
y
s
o
o
n
y
o
u
'll
h
a
v
e
a
s
e
t
o
f
p
a
t
t
e
r
n
s
t
h
a
t
m
a
k
e
y
o
u
r
w
h
o
le
s
y
s
lo
g
o
u
t
p
u
t
d
is
a
p
p
e
a
r
.
Y
o
u
'll
n
o
t
ic
e
t
h
a
t
in
t
h
e
e
a
r
ly
e
x
a
m
p
le
I
h
a
d
a
w
a
r
n
in
g
f
r
o
m
s
e
n
d
m
a
il
b
e
c
a
u
s
e
t
h
e
a
lia
s
e
s
d
a
t
a
b
a
s
e
w
a
s
o
u
t
o
f
d
a
t
e
.
R
a
t
h
e
r
t
h
a
n
p
u
t
t
in
g
a
p
a
t
t
e
r
n
f
o
r
t
h
a
t
,
I
s
im
p
ly
r
a
n
n
e
w
a
lia
s
.
N
e
x
t
t
im
e
m
y
a
lia
s
e
s
d
a
t
a
b
a
s
e
is
o
u
t
o
f
d
a
t
e
,
m
y
lo
g
s
c
a
n
n
e
r
w
ill
t
e
ll
m
e
.
S
y
s
t
e
m
r
e
b
o
o
t
s
a
r
e
c
o
o
l,
t
o
o
.
M
y
lo
g
s
h
o
w
s
:
4
8
k
e
r
n
e
l
:
w
d
c
2
a
t
p
c
m
c
i
a
0
:
P
C
C
A
R
D
I
D
E
d
i
s
k
c
o
n
t
r
o
l
l
e
r
4
8
k
e
r
n
e
l
:
w
d
c
1
a
t
p
c
m
c
i
a
0
:
P
C
C
A
R
D
I
D
E
d
i
s
k
c
o
n
t
r
o
l
l
e
r
4
8
k
e
r
n
e
l
:
w
d
c
0
a
t
i
s
a
0
i
o
b
a
s
e
0
x
1
f
0
i
r
q
1
4
:
d
i
s
k
c
o
n
t
r
o
l
l
e
r
4
8
k
e
r
n
e
l
:
w
d
0
a
t
w
d
c
0
d
r
i
v
e
0
:
s
e
c
/
i
n
t
=
4
2
8
1
8
3
6
8
*
5
1
2
.
.
.
T
h
o
s
e
w
ill
b
e
p
r
e
t
t
y
m
u
c
h
s
t
a
t
ic
.
S
o
I
a
d
d
t
h
o
s
e
e
x
a
c
t
lin
e
s
.
N
o
w
t
h
e
y
w
o
n
't
s
h
o
w
u
p
w
h
e
n
e
v
e
r
t
h
e
s
y
s
t
e
m
b
o
o
t
s
.
B
U
T
I
'll
g
e
t
a
n
o
t
if
ic
a
t
io
n
if
a
n
e
w
S
C
S
I
d
r
iv
e
is
a
d
d
e
d
,
o
r
(
I
d
id
t
h
is
d
e
lib
e
r
a
t
e
ly
!
)
:
k
e
r
n
e
l
:
f
d
0
c
:
h
a
r
d
e
r
r
o
r
w
r
i
t
i
n
g
f
s
b
n
1
o
f
1
-
1
9
(
f
d
0
b
n
1
;
c
n
k
e
r
n
e
l
:
f
d
0
:
w
r
i
t
e
p
r
o
t
e
c
t
e
d
O
o
o
h
!
S
o
m
e
b
a
d
b
o
y
t
r
y
in
g
t
o
s
t
e
p
o
n
m
y
t
r
ip
w
ir
e
f
ile
!
O
r
:
k
e
r
n
e
l
:
c
h
a
n
g
i
n
g
r
o
o
t
d
e
v
i
c
e
t
o
w
d
1
a
.
.
in
t
e
r
e
s
t
in
g
.
M
y
p
a
t
t
e
r
n
w
a
s
f
o
r
w
d
0
a
!
I
u
s
e
d
t
o
r
u
n
t
h
is
k
in
d
o
f
s
t
u
f
f
o
n
a
f
ir
e
w
a
ll
t
h
a
t
I
u
s
e
d
t
o
m
a
n
a
g
e
.
O
n
e
d
a
y
it
s
h
a
r
d
d
is
k
b
u
r
n
e
d
u
p
a
n
d
m
y
lo
g
s
c
a
n
c
h
e
e
r
f
u
lly
f
o
u
n
d
t
h
e
s
e
n
e
w
m
e
s
s
a
g
e
s
a
b
o
u
t
b
a
d
b
lo
c
k
r
e
p
la
c
e
m
e
n
t
a
n
d
s
e
n
t
t
h
e
m
t
o
m
e
.
:
)
T
h
e
a
d
v
a
n
t
a
g
e
o
f
t
h
is
a
p
p
r
o
a
c
h
is
t
h
a
t
it
's
d
u
m
b
,
it
's
c
h
e
a
p
-
-
a
n
d
it
c
a
t
c
h
e
s
s
t
u
f
f
y
o
u
d
o
n
't
k
n
o
w
a
b
o
u
t
a
lr
e
a
d
y
.
O
n
c
e
y
o
u
'v
e
g
o
t
y
o
u
r
p
a
t
t
e
r
n
f
ile
t
u
n
e
d
,
p
u
t
it
in
c
r
o
n
o
r
w
h
a
t
e
v
e
r
,
s
o
it
r
u
n
s
o
f
t
e
n
.
T
h
e
T
I
S
G
a
u
n
t
le
t
h
a
s
a
h
a
c
k
I
w
r
o
t
e
c
a
lle
d
"
r
e
t
a
il"
w
h
ic
h
I
c
a
n
't
u
n
f
o
r
t
u
n
a
t
e
ly
r
e
le
a
s
e
t
h
e
c
o
d
e
f
o
r
,
b
u
t
is
e
a
s
y
t
o
im
p
le
m
e
n
t
.
B
a
s
ic
a
lly
,
it
w
a
s
lik
e
t
a
il
b
u
t
it
r
e
m
e
m
b
e
r
e
d
t
h
e
o
f
f
s
e
t
in
t
h
e
f
ile
f
r
o
m
t
h
e
p
r
e
v
io
u
s
r
u
n
,
a
n
d
t
h
e
in
o
d
e
o
f
t
h
e
f
ile
(
s
o
it
'd
d
e
t
e
c
t
f
ile
s
h
if
t
s
)
-
t
h
e
t
r
ic
k
is
t
o
k
e
e
p
o
n
e
f
d
o
p
e
n
t
o
t
h
e
f
ile
a
n
d
s
e
e
k
w
it
h
in
it
,
t
h
e
n
s
t
a
t
it
e
v
e
r
y
s
o
o
f
t
e
n
t
o
s
e
e
if
t
h
e
f
ile
h
a
s
g
r
o
w
n
o
r
c
h
a
n
g
e
d
in
o
d
e
.
I
f
it
h
a
s
,
r
e
a
d
t
o
E
O
F
,
o
p
e
n
t
h
e
n
e
w
f
ile
,
a
n
d
s
t
a
r
t
a
g
a
in
.
T
h
a
t
w
a
y
y
o
u
c
a
n
c
h
o
p
t
h
e
e
n
d
o
f
t
h
e
lo
g
f
ile
t
h
r
o
u
g
h
a
f
ilt
e
r
e
v
e
r
y
c
o
u
p
le
s
e
c
o
n
d
s
w
it
h
m
in
im
a
l
e
x
p
e
n
s
e
in
C
P
U
a
n
d
d
is
k
I
/
O
.
I
'm
s
u
r
e
t
h
e
r
e
a
r
e
lo
t
s
o
f
f
u
n
w
a
y
s
t
h
is
s
im
p
le
t
r
ic
k
c
a
n
b
e
e
n
h
a
n
c
e
d
-
-
b
u
t
ju
s
t
in
it
s
n
a
iv
e
f
o
r
m
I
'v
e
f
o
u
n
d
it
q
u
it
e
u
s
e
f
u
l.
I
w
is
h
I
h
a
d
a
p
r
o
g
r
a
m
t
h
a
t
h
e
lp
e
d
m
e
s
t
a
t
is
t
ic
a
lly
b
u
ild
m
y
n
o
is
e
f
ilt
e
r
s
,
b
u
t
in
g
e
n
e
r
a
l
I
f
in
d
it
's
a
b
o
u
t
a
2
h
o
u
r
jo
b
,
t
o
p
s
,
a
n
d
it
's
o
n
e
y
o
u
d
o
o
n
c
e
a
n
d
f
o
r
g
e
t
a
b
o
u
t
.
h
t
t
p
:
/
/
w
w
w
.
n
f
r
.
n
e
t
/
f
i
r
e
w
a
l
l
-
w
i
z
a
r
d
s
/
m
a
i
l
-
a
r
c
h
i
v
e
/
1
9
9
7
/
S
e
p
/
0
0
9
8
.
h
t
m
l
164#
in
c
lu
d
e
<
s
t
d
io
.
h
>
/
*
C
o
p
y
r
ig
h
t
,
1
9
9
9
,
N
e
t
w
o
r
k
F
lig
h
t
R
e
c
o
r
d
e
r
,
I
n
c
.
A
ll
R
ig
h
t
s
r
e
s
e
r
v
e
d
.
*
/
#
in
c
lu
d
e
<
u
n
is
t
d
.
h
>
/
*
A
u
t
h
o
r
:
M
a
r
c
u
s
J
.
R
a
n
u
m
.
<
m
jr
@
n
f
r
.
n
e
t
>
*
/
#
in
c
lu
d
e
<
c
t
y
p
e
.
h
>
#
in
c
lu
d
e
<
s
t
r
in
g
.
h
>
#
in
c
lu
d
e
<
s
t
d
lib
.
h
>
#
in
c
lu
d
e
<
s
y
s
/
t
y
p
e
s
.
h
>
#
in
c
lu
d
e
<
s
y
s
/
s
o
c
k
e
t
.
h
>
#
in
c
lu
d
e
<
n
e
t
in
e
t
/
in
.
h
>
#
in
c
lu
d
e
<
a
r
p
a
/
in
e
t
.
h
>
#
if
d
e
f
W
O
R
D
S
_
B
I
G
E
N
D
I
A
N
#
d
e
f
in
e
_
_
E
L
_
L
O
N
G
(
x
)
(
(
(
(
x
)
>
>
2
4
)
&
0
x
0
0
0
0
0
0
F
F
)
|
\
(
(
(
x
)
>
>
8
)
&
0
x
0
0
0
0
F
F
0
0
)
|
\
(
(
(
x
)
<
<
8
)
&
0
x
0
0
F
F
0
0
0
0
)
|
\
(
(
(
x
)
<
<
2
4
)
&
0
x
F
F
0
0
0
0
0
0
)
)
#
e
ls
e
#
d
e
f
in
e
_
_
E
L
_
L
O
N
G
(
x
)
(
x
)
#
e
n
d
if
s
t
a
t
ic
c
h
a
r
m
a
g
ic
[
]
=
"
*
!
*
Q
W
T
Y
?
"
;
s
t
a
t
ic
lo
n
g
h
o
ld
r
a
n
d
=
1
L
;
s
t
a
t
ic
v
o
id
B
O
c
r
y
p
t
(
u
n
s
ig
n
e
d
c
h
a
r
*
,
in
t
)
;
s
t
a
t
ic
c
h
a
r
*
t
y
p
e
d
e
c
o
d
e
(
in
t
)
;
s
t
a
t
ic
c
h
a
r
*
p
r
in
t
a
r
g
(
u
n
s
ig
n
e
d
c
h
a
r
*
)
;
s
t
a
t
ic
v
o
id
p
in
g
p
o
n
g
(
in
t
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
)
;
s
t
a
t
ic
v
o
id
g
o
a
w
a
y
(
in
t
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
)
;
s
t
a
t
ic
v
o
id
n
a
u
g
h
t
y
(
in
t
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
)
;
s
t
a
t
ic
v
o
id
d
ir
e
r
r
o
r
(
in
t
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
,
c
h
a
r
*
)
;
s
t
a
t
ic
v
o
id
v
iw
e
r
r
o
r
(
in
t
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
,
c
h
a
r
*
)
;
s
t
a
t
ic
v
o
id
n
e
t
e
r
r
o
r
(
in
t
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
)
;
s
t
a
t
ic
v
o
id
e
x
p
e
r
r
o
r
(
in
t
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
)
;
in
t
m
a
in
(
in
t
a
c
,
c
h
a
r
*
a
v
[
]
)
{
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
s
a
d
d
r
;
in
t
q
u
ie
t
=
0
;
in
t
f
d
;
in
t
p
s
iz
;
in
t
p
id
;
in
t
t
y
p
;
u
n
s
ig
n
e
d
c
h
a
r
b
u
f
[
5
1
2
]
;
u
n
s
ig
n
e
d
lo
n
g
*
p
d
w
;
u
n
s
ig
n
e
d
c
h
a
r
*
p
t
r
;
if
(
a
c
>
1
&
&
!
s
t
r
c
m
p
(
a
v
[
1
]
,
"
-
q
"
)
)
q
u
ie
t
=
1
;
A
p
p
e
n
d
i
x
:
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
d
o
e
s
n
o
t
s
u
p
p
o
r
t
B
O
2
K
)
in
c
lu
d
e
<
s
t
d
io
.
h
>
/
*
C
o
p
y
r
ig
h
t
,
1
9
9
9
,
N
e
t
w
o
r
k
F
lig
h
t
R
e
c
o
r
d
e
r
,
I
n
c
.
A
ll
R
ig
h
t
s
r
e
s
e
r
v
e
d
.
*
/
#
in
c
lu
d
e
<
u
n
is
t
d
.
h
>
/
*
A
u
t
h
o
r
:
M
a
r
c
u
s
J
.
R
a
n
u
m
.
<
m
jr
@
n
f
r
.
n
e
t
>
*
/
#
in
c
lu
d
e
<
c
t
y
p
e
.
h
>
#
in
c
lu
d
e
<
s
t
r
in
g
.
h
>
#
in
c
lu
d
e
<
s
t
d
lib
.
h
>
#
in
c
lu
d
e
<
s
y
s
/
t
y
p
e
s
.
h
>
#
in
c
lu
d
e
<
s
y
s
/
s
o
c
k
e
t
.
h
>
#
in
c
lu
d
e
<
n
e
t
in
e
t
/
in
.
h
>
#
in
c
lu
d
e
<
a
r
p
a
/
in
e
t
.
h
>
#
if
d
e
f
W
O
R
D
S
_
B
I
G
E
N
D
I
A
N
#
d
e
f
in
e
_
_
E
L
_
L
O
N
G
(
x
)
(
(
(
(
x
)
>
>
2
4
)
&
0
x
0
0
0
0
0
0
F
F
)
|
\
(
(
(
x
)
>
>
8
)
&
0
x
0
0
0
0
F
F
0
0
)
|
\
(
(
(
x
)
<
<
8
)
&
0
x
0
0
F
F
0
0
0
0
)
|
\
(
(
(
x
)
<
<
2
4
)
&
0
x
F
F
0
0
0
0
0
0
)
)
#
e
ls
e
#
d
e
f
in
e
_
_
E
L
_
L
O
N
G
(
x
)
(
x
)
#
e
n
d
if
s
t
a
t
ic
c
h
a
r
m
a
g
ic
[
]
=
"
*
!
*
Q
W
T
Y
?
"
;
s
t
a
t
ic
lo
n
g
h
o
ld
r
a
n
d
=
1
L
;
s
t
a
t
ic
v
o
id
B
O
c
r
y
p
t
(
u
n
s
ig
n
e
d
c
h
a
r
*
,
in
t
)
;
s
t
a
t
ic
c
h
a
r
*
t
y
p
e
d
e
c
o
d
e
(
in
t
)
;
s
t
a
t
ic
c
h
a
r
*
p
r
in
t
a
r
g
(
u
n
s
ig
n
e
d
c
h
a
r
*
)
;
s
t
a
t
ic
v
o
id
p
in
g
p
o
n
g
(
in
t
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
)
;
s
t
a
t
ic
v
o
id
g
o
a
w
a
y
(
in
t
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
)
;
s
t
a
t
ic
v
o
id
n
a
u
g
h
t
y
(
in
t
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
)
;
s
t
a
t
ic
v
o
id
d
ir
e
r
r
o
r
(
in
t
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
,
c
h
a
r
*
)
;
s
t
a
t
ic
v
o
id
v
iw
e
r
r
o
r
(
in
t
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
,
c
h
a
r
*
)
;
s
t
a
t
ic
v
o
id
n
e
t
e
r
r
o
r
(
in
t
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
)
;
s
t
a
t
ic
v
o
id
e
x
p
e
r
r
o
r
(
in
t
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
)
;
in
t
m
a
in
(
in
t
a
c
,
c
h
a
r
*
a
v
[
]
)
{
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
s
a
d
d
r
;
in
t
q
u
ie
t
=
0
;
in
t
f
d
;
in
t
p
s
iz
;
in
t
p
id
;
in
t
t
y
p
;
u
n
s
ig
n
e
d
c
h
a
r
b
u
f
[
5
1
2
]
;
u
n
s
ig
n
e
d
lo
n
g
*
p
d
w
;
u
n
s
ig
n
e
d
c
h
a
r
*
p
t
r
;
if
(
a
c
>
1
&
&
!
s
t
r
c
m
p
(
a
v
[
1
]
,
"
-
q
"
)
)
q
u
ie
t
=
1
;
A
p
p
e
n
d
i
x
:
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
d
o
e
s
n
o
t
s
u
p
p
o
r
t
B
O
2
K
)
165/
*
lis
t
e
n
*
/
s
a
d
d
r
.
s
in
_
f
a
m
ily
=
A
F
_
I
N
E
T
;
s
a
d
d
r
.
s
in
_
a
d
d
r
.
s
_
a
d
d
r
=
I
N
A
D
D
R
_
A
N
Y
;
s
a
d
d
r
.
s
in
_
p
o
r
t
=
h
t
o
n
s
(
3
1
3
3
7
)
;
if
(
(
f
d
=
s
o
c
k
e
t
(
A
F
_
I
N
E
T
,
S
O
C
K
_
D
G
R
A
M
,
0
)
)
<
0
)
{
p
e
r
r
o
r
(
"
s
o
c
k
e
t
"
)
;
e
x
it
(
-
1
)
;
}if
(
b
in
d
(
f
d
,
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
*
)
&
s
a
d
d
r
,
s
iz
e
o
f
s
a
d
d
r
)
<
0
)
{
p
e
r
r
o
r
(
"
b
in
d
"
)
;
e
x
it
(
-
1
)
;
} /
*
s
e
r
v
e
r
lo
o
p
*
/
w
h
ile
(
1
)
{
in
t
c
c
;
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
f
r
o
m
;
in
t
le
n
=
s
iz
e
o
f
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
)
;
if
(
(
c
c
=
r
e
c
v
f
r
o
m
(
f
d
,
b
u
f
,
s
iz
e
o
f
(
b
u
f
)
,
0
,
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
*
)
&
f
r
o
m
,
&
le
n
)
)
<
0
)
{
p
e
r
r
o
r
(
"
r
e
c
v
f
r
o
m
"
)
;
c
o
n
t
in
u
e
;
} /
*
t
r
y
t
o
d
e
c
r
y
p
t
t
h
e
r
e
q
u
e
s
t
*
/
B
O
c
r
y
p
t
(
b
u
f
,
c
c
)
;
/
*
d
o
e
s
it
lo
o
k
lik
e
B
O
?
*
/
if
(
c
c
<
s
iz
e
o
f
(
m
a
g
ic
)
|
|
s
t
r
n
c
m
p
(
(
c
h
a
r
*
)
b
u
f
,
m
a
g
ic
,
s
iz
e
o
f
(
m
a
g
ic
)
-
1
)
)
{
f
p
r
in
t
f
(
s
t
d
e
r
r
,
"
%
d
b
y
t
e
s
f
r
o
m
%
s
\
n
"
,
c
c
,
in
e
t
_
n
t
o
a
(
f
r
o
m
.
s
in
_
a
d
d
r
)
)
;
c
o
n
t
in
u
e
;
}
e
ls
e
{
f
p
r
in
t
f
(
s
t
d
e
r
r
,
"
B
O
f
r
o
m
%
s
,
o
p
=
"
,
in
e
t
_
n
t
o
a
(
f
r
o
m
.
s
in
_
a
d
d
r
)
)
;
}/
*
w
h
a
t
d
id
t
h
e
y
a
s
k
u
s
t
o
d
o
?
*
/
p
d
w
=
(
u
n
s
ig
n
e
d
lo
n
g
*
)
b
u
f
;
p
d
w
+
=
2
;
p
s
iz
=
*
p
d
w
+
+
;
p
s
iz
=
_
_
E
L
_
L
O
N
G
(
p
s
iz
)
;
p
id
=
*
p
d
w
+
+
;
p
id
=
_
_
E
L
_
L
O
N
G
(
p
id
)
;
p
t
r
=
(
u
n
s
ig
n
e
d
c
h
a
r
*
)
p
d
w
;
t
y
p
=
*
p
t
r
+
+
;
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
2
)
*
lis
t
e
n
*
/
s
a
d
d
r
.
s
in
_
f
a
m
ily
=
A
F
_
I
N
E
T
;
s
a
d
d
r
.
s
in
_
a
d
d
r
.
s
_
a
d
d
r
=
I
N
A
D
D
R
_
A
N
Y
;
s
a
d
d
r
.
s
in
_
p
o
r
t
=
h
t
o
n
s
(
3
1
3
3
7
)
;
if
(
(
f
d
=
s
o
c
k
e
t
(
A
F
_
I
N
E
T
,
S
O
C
K
_
D
G
R
A
M
,
0
)
)
<
0
)
{
p
e
r
r
o
r
(
"
s
o
c
k
e
t
"
)
;
e
x
it
(
-
1
)
;
}if
(
b
in
d
(
f
d
,
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
*
)
&
s
a
d
d
r
,
s
iz
e
o
f
s
a
d
d
r
)
<
0
)
{
p
e
r
r
o
r
(
"
b
in
d
"
)
;
e
x
it
(
-
1
)
;
} /
*
s
e
r
v
e
r
lo
o
p
*
/
w
h
ile
(
1
)
{
in
t
c
c
;
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
f
r
o
m
;
in
t
le
n
=
s
iz
e
o
f
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
)
;
if
(
(
c
c
=
r
e
c
v
f
r
o
m
(
f
d
,
b
u
f
,
s
iz
e
o
f
(
b
u
f
)
,
0
,
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
*
)
&
f
r
o
m
,
&
le
n
)
)
<
0
)
{
p
e
r
r
o
r
(
"
r
e
c
v
f
r
o
m
"
)
;
c
o
n
t
in
u
e
;
} /
*
t
r
y
t
o
d
e
c
r
y
p
t
t
h
e
r
e
q
u
e
s
t
*
/
B
O
c
r
y
p
t
(
b
u
f
,
c
c
)
;
/
*
d
o
e
s
it
lo
o
k
lik
e
B
O
?
*
/
if
(
c
c
<
s
iz
e
o
f
(
m
a
g
ic
)
|
|
s
t
r
n
c
m
p
(
(
c
h
a
r
*
)
b
u
f
,
m
a
g
ic
,
s
iz
e
o
f
(
m
a
g
ic
)
-
1
)
)
{
f
p
r
in
t
f
(
s
t
d
e
r
r
,
"
%
d
b
y
t
e
s
f
r
o
m
%
s
\
n
"
,
c
c
,
in
e
t
_
n
t
o
a
(
f
r
o
m
.
s
in
_
a
d
d
r
)
)
;
c
o
n
t
in
u
e
;
}
e
ls
e
{
f
p
r
in
t
f
(
s
t
d
e
r
r
,
"
B
O
f
r
o
m
%
s
,
o
p
=
"
,
in
e
t
_
n
t
o
a
(
f
r
o
m
.
s
in
_
a
d
d
r
)
)
;
}/
*
w
h
a
t
d
id
t
h
e
y
a
s
k
u
s
t
o
d
o
?
*
/
p
d
w
=
(
u
n
s
ig
n
e
d
lo
n
g
*
)
b
u
f
;
p
d
w
+
=
2
;
p
s
iz
=
*
p
d
w
+
+
;
p
s
iz
=
_
_
E
L
_
L
O
N
G
(
p
s
iz
)
;
p
id
=
*
p
d
w
+
+
;
p
id
=
_
_
E
L
_
L
O
N
G
(
p
id
)
;
p
t
r
=
(
u
n
s
ig
n
e
d
c
h
a
r
*
)
p
d
w
;
t
y
p
=
*
p
t
r
+
+
;
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
2
)
166
s
w
it
c
h
(
t
y
p
)
{
c
a
s
e
0
x
1
:
f
p
r
in
t
f
(
s
t
d
e
r
r
,
"
P
I
N
G
s
w
e
e
p
\
n
"
)
;
if
(
!
q
u
ie
t
)
p
in
g
p
o
n
g
(
f
d
,
&
f
r
o
m
)
;
b
r
e
a
k
;
c
a
s
e
0
x
2
:
f
p
r
in
t
f
(
s
t
d
e
r
r
,
"
R
E
B
O
O
T
\
n
"
)
;
if
(
!
q
u
ie
t
)
n
a
u
g
h
t
y
(
f
d
,
&
f
r
o
m
)
;
b
r
e
a
k
;
c
a
s
e
0
x
3
:
f
p
r
in
t
f
(
s
t
d
e
r
r
,
"
L
O
C
K
U
P
\
n
"
)
;
if
(
!
q
u
ie
t
)
n
a
u
g
h
t
y
(
f
d
,
&
f
r
o
m
)
;
b
r
e
a
k
;
c
a
s
e
0
x
3
1
:
f
p
r
in
t
f
(
s
t
d
e
r
r
,
"
D
I
R
%
s
\
n
"
,
p
r
in
t
a
r
g
(
p
t
r
)
)
;
if
(
!
q
u
ie
t
)
d
ir
e
r
r
o
r
(
f
d
,
&
f
r
o
m
,
(
c
h
a
r
*
)
p
t
r
)
;
b
r
e
a
k
;
c
a
s
e
0
x
3
6
:
f
p
r
in
t
f
(
s
t
d
e
r
r
,
"
F
I
L
E
V
I
E
W
%
s
\
n
"
,
p
r
in
t
a
r
g
(
p
t
r
)
)
;
if
(
!
q
u
ie
t
)
v
iw
e
r
r
o
r
(
f
d
,
&
f
r
o
m
,
(
c
h
a
r
*
)
p
t
r
)
;
b
r
e
a
k
;
c
a
s
e
0
x
1
2
:
f
p
r
in
t
f
(
s
t
d
e
r
r
,
"
E
X
P
O
R
T
L
I
S
T
\
n
"
)
;
if
(
!
q
u
ie
t
)
e
x
p
e
r
r
o
r
(
f
d
,
&
f
r
o
m
)
;
b
r
e
a
k
;
c
a
s
e
0
x
3
9
:
f
p
r
in
t
f
(
s
t
d
e
r
r
,
"
N
E
T
V
I
E
W
\
n
"
)
;
if
(
!
q
u
ie
t
)
n
e
t
e
r
r
o
r
(
f
d
,
&
f
r
o
m
)
;
b
r
e
a
k
;
d
e
f
a
u
lt
:
f
p
r
in
t
f
(
s
t
d
e
r
r
,
"
%
s
\
n
"
,
t
y
p
e
d
e
c
o
d
e
(
t
y
p
)
)
;
if
(
!
q
u
ie
t
)
g
o
a
w
a
y
(
f
d
,
&
f
r
o
m
)
;
b
r
e
a
k
;
}
}
}
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
3
)
s
w
it
c
h
(
t
y
p
)
{
c
a
s
e
0
x
1
:
f
p
r
in
t
f
(
s
t
d
e
r
r
,
"
P
I
N
G
s
w
e
e
p
\
n
"
)
;
if
(
!
q
u
ie
t
)
p
in
g
p
o
n
g
(
f
d
,
&
f
r
o
m
)
;
b
r
e
a
k
;
c
a
s
e
0
x
2
:
f
p
r
in
t
f
(
s
t
d
e
r
r
,
"
R
E
B
O
O
T
\
n
"
)
;
if
(
!
q
u
ie
t
)
n
a
u
g
h
t
y
(
f
d
,
&
f
r
o
m
)
;
b
r
e
a
k
;
c
a
s
e
0
x
3
:
f
p
r
in
t
f
(
s
t
d
e
r
r
,
"
L
O
C
K
U
P
\
n
"
)
;
if
(
!
q
u
ie
t
)
n
a
u
g
h
t
y
(
f
d
,
&
f
r
o
m
)
;
b
r
e
a
k
;
c
a
s
e
0
x
3
1
:
f
p
r
in
t
f
(
s
t
d
e
r
r
,
"
D
I
R
%
s
\
n
"
,
p
r
in
t
a
r
g
(
p
t
r
)
)
;
if
(
!
q
u
ie
t
)
d
ir
e
r
r
o
r
(
f
d
,
&
f
r
o
m
,
(
c
h
a
r
*
)
p
t
r
)
;
b
r
e
a
k
;
c
a
s
e
0
x
3
6
:
f
p
r
in
t
f
(
s
t
d
e
r
r
,
"
F
I
L
E
V
I
E
W
%
s
\
n
"
,
p
r
in
t
a
r
g
(
p
t
r
)
)
;
if
(
!
q
u
ie
t
)
v
iw
e
r
r
o
r
(
f
d
,
&
f
r
o
m
,
(
c
h
a
r
*
)
p
t
r
)
;
b
r
e
a
k
;
c
a
s
e
0
x
1
2
:
f
p
r
in
t
f
(
s
t
d
e
r
r
,
"
E
X
P
O
R
T
L
I
S
T
\
n
"
)
;
if
(
!
q
u
ie
t
)
e
x
p
e
r
r
o
r
(
f
d
,
&
f
r
o
m
)
;
b
r
e
a
k
;
c
a
s
e
0
x
3
9
:
f
p
r
in
t
f
(
s
t
d
e
r
r
,
"
N
E
T
V
I
E
W
\
n
"
)
;
if
(
!
q
u
ie
t
)
n
e
t
e
r
r
o
r
(
f
d
,
&
f
r
o
m
)
;
b
r
e
a
k
;
d
e
f
a
u
lt
:
f
p
r
in
t
f
(
s
t
d
e
r
r
,
"
%
s
\
n
"
,
t
y
p
e
d
e
c
o
d
e
(
t
y
p
)
)
;
if
(
!
q
u
ie
t
)
g
o
a
w
a
y
(
f
d
,
&
f
r
o
m
)
;
b
r
e
a
k
;
}
}
}
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
3
)
167
s
t
a
t
ic
c
h
a
r
*
p
r
in
t
a
r
g
(
u
n
s
ig
n
e
d
c
h
a
r
*
p
)
{
r
e
t
u
r
n
(
(
c
h
a
r
*
)
p
)
;
} /
*
r
e
p
ly
t
o
a
s
w
e
e
p
*
/
s
t
a
t
ic
v
o
id
p
in
g
p
o
n
g
(
in
t
f
d
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
f
r
o
m
)
{
u
n
s
ig
n
e
d
c
h
a
r
b
u
f
[
5
1
2
]
;
c
h
a
r
h
o
s
t
b
u
f
[
5
1
2
]
;
u
n
s
ig
n
e
d
lo
n
g
*
p
d
w
;
u
n
s
ig
n
e
d
c
h
a
r
*
p
t
r
;
in
t
x
;
c
h
a
r
*
p
;
/
*
m
a
k
e
u
p
h
o
s
t
n
a
m
e
*
/
(
v
o
id
)
g
e
t
h
o
s
t
n
a
m
e
(
h
o
s
t
b
u
f
,
s
iz
e
o
f
(
h
o
s
t
b
u
f
)
)
;
if
(
(
p
=
in
d
e
x
(
h
o
s
t
b
u
f
,
'.
')
)
!
=
(
c
h
a
r
*
)
0
)
*
p
=
'\
0
';
/
*
m
a
s
h
t
o
u
p
p
e
r
c
a
s
e
s
o
w
e
lo
o
k
lik
e
a
P
C
*
/
f
o
r
(
p
=
h
o
s
t
b
u
f
;
*
p
!
=
'\
0
';
p
+
+
)
if
(
is
lo
w
e
r
(
*
p
)
)
*
p
=
t
o
u
p
p
e
r
(
*
p
)
;
x
=
s
iz
e
o
f
(
m
a
g
ic
)
+
(
s
iz
e
o
f
(
u
n
s
ig
n
e
d
lo
n
g
)
*
2
)
+
s
t
r
le
n
(
h
o
s
t
b
u
f
)
+
1
5
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
b
u
f
,
m
a
g
ic
)
;
p
d
w
=
(
u
n
s
ig
n
e
d
lo
n
g
*
)
(
b
u
f
+
s
iz
e
o
f
(
m
a
g
ic
)
-
1
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
x
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
(
u
n
s
ig
n
e
d
lo
n
g
)
-
1
)
;
p
t
r
=
(
u
n
s
ig
n
e
d
c
h
a
r
*
)
p
d
w
;
*
p
t
r
+
+
=
0
x
0
1
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
"
!
P
O
N
G
!
1
.
2
0
!
"
)
;
p
t
r
+
=
1
3
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
h
o
s
t
b
u
f
)
;
p
t
r
+
=
s
t
r
le
n
(
h
o
s
t
b
u
f
)
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
"
!
"
)
;
B
O
c
r
y
p
t
(
b
u
f
,
(
in
t
)
x
)
;
f
r
o
m
-
>
s
in
_
f
a
m
ily
=
A
F
_
I
N
E
T
;
s
e
n
d
t
o
(
f
d
,
b
u
f
,
x
,
0
,
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
*
)
f
r
o
m
,
s
iz
e
o
f
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
)
)
;
}
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
4
)
s
t
a
t
ic
c
h
a
r
*
p
r
in
t
a
r
g
(
u
n
s
ig
n
e
d
c
h
a
r
*
p
)
{
r
e
t
u
r
n
(
(
c
h
a
r
*
)
p
)
;
} /
*
r
e
p
ly
t
o
a
s
w
e
e
p
*
/
s
t
a
t
ic
v
o
id
p
in
g
p
o
n
g
(
in
t
f
d
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
f
r
o
m
)
{
u
n
s
ig
n
e
d
c
h
a
r
b
u
f
[
5
1
2
]
;
c
h
a
r
h
o
s
t
b
u
f
[
5
1
2
]
;
u
n
s
ig
n
e
d
lo
n
g
*
p
d
w
;
u
n
s
ig
n
e
d
c
h
a
r
*
p
t
r
;
in
t
x
;
c
h
a
r
*
p
;
/
*
m
a
k
e
u
p
h
o
s
t
n
a
m
e
*
/
(
v
o
id
)
g
e
t
h
o
s
t
n
a
m
e
(
h
o
s
t
b
u
f
,
s
iz
e
o
f
(
h
o
s
t
b
u
f
)
)
;
if
(
(
p
=
in
d
e
x
(
h
o
s
t
b
u
f
,
'.
')
)
!
=
(
c
h
a
r
*
)
0
)
*
p
=
'\
0
';
/
*
m
a
s
h
t
o
u
p
p
e
r
c
a
s
e
s
o
w
e
lo
o
k
lik
e
a
P
C
*
/
f
o
r
(
p
=
h
o
s
t
b
u
f
;
*
p
!
=
'\
0
';
p
+
+
)
if
(
is
lo
w
e
r
(
*
p
)
)
*
p
=
t
o
u
p
p
e
r
(
*
p
)
;
x
=
s
iz
e
o
f
(
m
a
g
ic
)
+
(
s
iz
e
o
f
(
u
n
s
ig
n
e
d
lo
n
g
)
*
2
)
+
s
t
r
le
n
(
h
o
s
t
b
u
f
)
+
1
5
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
b
u
f
,
m
a
g
ic
)
;
p
d
w
=
(
u
n
s
ig
n
e
d
lo
n
g
*
)
(
b
u
f
+
s
iz
e
o
f
(
m
a
g
ic
)
-
1
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
x
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
(
u
n
s
ig
n
e
d
lo
n
g
)
-
1
)
;
p
t
r
=
(
u
n
s
ig
n
e
d
c
h
a
r
*
)
p
d
w
;
*
p
t
r
+
+
=
0
x
0
1
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
"
!
P
O
N
G
!
1
.
2
0
!
"
)
;
p
t
r
+
=
1
3
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
h
o
s
t
b
u
f
)
;
p
t
r
+
=
s
t
r
le
n
(
h
o
s
t
b
u
f
)
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
"
!
"
)
;
B
O
c
r
y
p
t
(
b
u
f
,
(
in
t
)
x
)
;
f
r
o
m
-
>
s
in
_
f
a
m
ily
=
A
F
_
I
N
E
T
;
s
e
n
d
t
o
(
f
d
,
b
u
f
,
x
,
0
,
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
*
)
f
r
o
m
,
s
iz
e
o
f
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
)
)
;
}
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
4
)
168
s
t
a
t
ic
v
o
id
n
e
t
e
r
r
o
r
(
in
t
f
d
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
f
r
o
m
)
{
u
n
s
ig
n
e
d
c
h
a
r
b
u
f
[
5
1
2
]
;
u
n
s
ig
n
e
d
lo
n
g
*
p
d
w
;
u
n
s
ig
n
e
d
c
h
a
r
*
p
t
r
;
in
t
x
;
/
*
o
r
a
r
e
a
s
o
n
a
b
le
f
a
c
s
im
ile
.
.
.
*
/
c
h
a
r
*
m
e
s
s
a
g
e
=
"
N
e
t
w
o
r
k
r
e
s
o
u
r
c
e
s
:
\
r
\
n
"
"
(
n
u
ll)
'(
n
u
ll)
'
-
M
ic
r
o
s
o
f
t
N
e
t
w
o
r
k
-
U
N
K
N
O
W
N
!
(
N
e
t
w
o
r
k
r
o
o
t
?
)
:
C
O
N
T
A
I
N
E
R
\
r
\
n
"
"
(
n
u
ll)
'W
K
G
R
O
U
P
-
(
n
u
ll)
-
D
O
M
A
I
N
:
C
O
N
T
A
I
N
E
R
\
r
\
n
"
"
(
n
u
ll)
'\
\
\
\
D
E
S
K
T
O
P
'
-
D
e
s
k
t
o
p
-
S
E
R
V
E
R
:
C
O
N
T
A
I
N
E
R
\
r
\
n
"
"
(
n
u
ll)
'\
\
\
\
D
E
S
K
T
O
P
\
\
C
'
-
-
S
H
A
R
E
:
D
I
S
K
\
r
\
n
"
"
(
n
u
ll)
'\
\
\
\
D
E
S
K
T
O
P
\
\
H
P
'
-
-
S
H
A
R
E
:
P
R
I
N
T
\
r
\
n
"
"
(
n
u
ll)
'\
\
\
\
S
E
R
V
E
R
'
-
S
a
m
b
a
1
.
9
.
1
6
p
2
-
S
E
R
V
E
R
:
C
O
N
T
A
I
N
E
R
\
r
\
n
"
"
(
n
u
ll)
'\
\
\
\
S
E
R
V
E
R
\
\
u
s
e
r
s
'
-
-
S
H
A
R
E
:
D
I
S
K
\
r
\
n
"
"
E
n
d
o
f
r
e
s
o
u
r
c
e
lis
t
"
;
x
=
s
iz
e
o
f
(
m
a
g
ic
)
+
(
s
iz
e
o
f
(
u
n
s
ig
n
e
d
lo
n
g
)
*
2
)
+
s
t
r
le
n
(
m
e
s
s
a
g
e
)
+
2
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
b
u
f
,
m
a
g
ic
)
;
p
d
w
=
(
u
n
s
ig
n
e
d
lo
n
g
*
)
(
b
u
f
+
s
iz
e
o
f
(
m
a
g
ic
)
-
1
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
x
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
(
u
n
s
ig
n
e
d
lo
n
g
)
-
1
)
;
p
t
r
=
(
u
n
s
ig
n
e
d
c
h
a
r
*
)
p
d
w
;
*
p
t
r
+
+
=
0
x
0
0
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
m
e
s
s
a
g
e
)
;
B
O
c
r
y
p
t
(
b
u
f
,
(
in
t
)
x
)
;
f
r
o
m
-
>
s
in
_
f
a
m
ily
=
A
F
_
I
N
E
T
;
s
e
n
d
t
o
(
f
d
,
b
u
f
,
x
,
0
,
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
*
)
f
r
o
m
,
s
iz
e
o
f
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
)
)
;
}
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
5
)
s
t
a
t
ic
v
o
id
n
e
t
e
r
r
o
r
(
in
t
f
d
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
f
r
o
m
)
{
u
n
s
ig
n
e
d
c
h
a
r
b
u
f
[
5
1
2
]
;
u
n
s
ig
n
e
d
lo
n
g
*
p
d
w
;
u
n
s
ig
n
e
d
c
h
a
r
*
p
t
r
;
in
t
x
;
/
*
o
r
a
r
e
a
s
o
n
a
b
le
f
a
c
s
im
ile
.
.
.
*
/
c
h
a
r
*
m
e
s
s
a
g
e
=
"
N
e
t
w
o
r
k
r
e
s
o
u
r
c
e
s
:
\
r
\
n
"
"
(
n
u
ll)
'(
n
u
ll)
'
-
M
ic
r
o
s
o
f
t
N
e
t
w
o
r
k
-
U
N
K
N
O
W
N
!
(
N
e
t
w
o
r
k
r
o
o
t
?
)
:
C
O
N
T
A
I
N
E
R
\
r
\
n
"
"
(
n
u
ll)
'W
K
G
R
O
U
P
-
(
n
u
ll)
-
D
O
M
A
I
N
:
C
O
N
T
A
I
N
E
R
\
r
\
n
"
"
(
n
u
ll)
'\
\
\
\
D
E
S
K
T
O
P
'
-
D
e
s
k
t
o
p
-
S
E
R
V
E
R
:
C
O
N
T
A
I
N
E
R
\
r
\
n
"
"
(
n
u
ll)
'\
\
\
\
D
E
S
K
T
O
P
\
\
C
'
-
-
S
H
A
R
E
:
D
I
S
K
\
r
\
n
"
"
(
n
u
ll)
'\
\
\
\
D
E
S
K
T
O
P
\
\
H
P
'
-
-
S
H
A
R
E
:
P
R
I
N
T
\
r
\
n
"
"
(
n
u
ll)
'\
\
\
\
S
E
R
V
E
R
'
-
S
a
m
b
a
1
.
9
.
1
6
p
2
-
S
E
R
V
E
R
:
C
O
N
T
A
I
N
E
R
\
r
\
n
"
"
(
n
u
ll)
'\
\
\
\
S
E
R
V
E
R
\
\
u
s
e
r
s
'
-
-
S
H
A
R
E
:
D
I
S
K
\
r
\
n
"
"
E
n
d
o
f
r
e
s
o
u
r
c
e
lis
t
"
;
x
=
s
iz
e
o
f
(
m
a
g
ic
)
+
(
s
iz
e
o
f
(
u
n
s
ig
n
e
d
lo
n
g
)
*
2
)
+
s
t
r
le
n
(
m
e
s
s
a
g
e
)
+
2
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
b
u
f
,
m
a
g
ic
)
;
p
d
w
=
(
u
n
s
ig
n
e
d
lo
n
g
*
)
(
b
u
f
+
s
iz
e
o
f
(
m
a
g
ic
)
-
1
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
x
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
(
u
n
s
ig
n
e
d
lo
n
g
)
-
1
)
;
p
t
r
=
(
u
n
s
ig
n
e
d
c
h
a
r
*
)
p
d
w
;
*
p
t
r
+
+
=
0
x
0
0
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
m
e
s
s
a
g
e
)
;
B
O
c
r
y
p
t
(
b
u
f
,
(
in
t
)
x
)
;
f
r
o
m
-
>
s
in
_
f
a
m
ily
=
A
F
_
I
N
E
T
;
s
e
n
d
t
o
(
f
d
,
b
u
f
,
x
,
0
,
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
*
)
f
r
o
m
,
s
iz
e
o
f
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
)
)
;
}
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
5
)
169
s
t
a
t
ic
v
o
id
e
x
p
e
r
r
o
r
(
in
t
f
d
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
f
r
o
m
)
{
u
n
s
ig
n
e
d
c
h
a
r
b
u
f
[
5
1
2
]
;
u
n
s
ig
n
e
d
lo
n
g
*
p
d
w
;
u
n
s
ig
n
e
d
c
h
a
r
*
p
t
r
;
in
t
x
;
/
*
o
r
a
r
e
a
s
o
n
a
b
le
f
a
c
s
im
ile
.
.
.
*
/
c
h
a
r
*
m
e
s
s
a
g
e
=
"
S
h
a
r
e
s
a
s
r
e
t
u
r
n
e
d
b
y
s
y
s
t
e
m
:
\
r
\
n
"
"
E
n
d
o
f
s
h
a
r
e
s
"
;
x
=
s
iz
e
o
f
(
m
a
g
ic
)
+
(
s
iz
e
o
f
(
u
n
s
ig
n
e
d
lo
n
g
)
*
2
)
+
s
t
r
le
n
(
m
e
s
s
a
g
e
)
+
2
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
b
u
f
,
m
a
g
ic
)
;
p
d
w
=
(
u
n
s
ig
n
e
d
lo
n
g
*
)
(
b
u
f
+
s
iz
e
o
f
(
m
a
g
ic
)
-
1
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
x
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
(
u
n
s
ig
n
e
d
lo
n
g
)
-
1
)
;
p
t
r
=
(
u
n
s
ig
n
e
d
c
h
a
r
*
)
p
d
w
;
*
p
t
r
+
+
=
0
x
0
0
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
m
e
s
s
a
g
e
)
;
B
O
c
r
y
p
t
(
b
u
f
,
(
in
t
)
x
)
;
f
r
o
m
-
>
s
in
_
f
a
m
ily
=
A
F
_
I
N
E
T
;
s
e
n
d
t
o
(
f
d
,
b
u
f
,
x
,
0
,
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
*
)
f
r
o
m
,
s
iz
e
o
f
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
)
)
;
}
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
6
)
s
t
a
t
ic
v
o
id
e
x
p
e
r
r
o
r
(
in
t
f
d
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
f
r
o
m
)
{
u
n
s
ig
n
e
d
c
h
a
r
b
u
f
[
5
1
2
]
;
u
n
s
ig
n
e
d
lo
n
g
*
p
d
w
;
u
n
s
ig
n
e
d
c
h
a
r
*
p
t
r
;
in
t
x
;
/
*
o
r
a
r
e
a
s
o
n
a
b
le
f
a
c
s
im
ile
.
.
.
*
/
c
h
a
r
*
m
e
s
s
a
g
e
=
"
S
h
a
r
e
s
a
s
r
e
t
u
r
n
e
d
b
y
s
y
s
t
e
m
:
\
r
\
n
"
"
E
n
d
o
f
s
h
a
r
e
s
"
;
x
=
s
iz
e
o
f
(
m
a
g
ic
)
+
(
s
iz
e
o
f
(
u
n
s
ig
n
e
d
lo
n
g
)
*
2
)
+
s
t
r
le
n
(
m
e
s
s
a
g
e
)
+
2
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
b
u
f
,
m
a
g
ic
)
;
p
d
w
=
(
u
n
s
ig
n
e
d
lo
n
g
*
)
(
b
u
f
+
s
iz
e
o
f
(
m
a
g
ic
)
-
1
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
x
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
(
u
n
s
ig
n
e
d
lo
n
g
)
-
1
)
;
p
t
r
=
(
u
n
s
ig
n
e
d
c
h
a
r
*
)
p
d
w
;
*
p
t
r
+
+
=
0
x
0
0
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
m
e
s
s
a
g
e
)
;
B
O
c
r
y
p
t
(
b
u
f
,
(
in
t
)
x
)
;
f
r
o
m
-
>
s
in
_
f
a
m
ily
=
A
F
_
I
N
E
T
;
s
e
n
d
t
o
(
f
d
,
b
u
f
,
x
,
0
,
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
*
)
f
r
o
m
,
s
iz
e
o
f
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
)
)
;
}
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
6
)
170s
t
a
t
ic
v
o
id
e
x
p
e
r
r
o
r
(
in
t
f
d
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
f
r
o
m
)
{
u
n
s
ig
n
e
d
c
h
a
r
b
u
f
[
5
1
2
]
;
u
n
s
ig
n
e
d
lo
n
g
*
p
d
w
;
u
n
s
ig
n
e
d
c
h
a
r
*
p
t
r
;
in
t
x
;
/
*
o
r
a
r
e
a
s
o
n
a
b
le
f
a
c
s
im
ile
.
.
.
*
/
c
h
a
r
*
m
e
s
s
a
g
e
=
"
S
h
a
r
e
s
a
s
r
e
t
u
r
n
e
d
b
y
s
y
s
t
e
m
:
\
r
\
n
"
"
E
n
d
o
f
s
h
a
r
e
s
"
;
x
=
s
iz
e
o
f
(
m
a
g
ic
)
+
(
s
iz
e
o
f
(
u
n
s
ig
n
e
d
lo
n
g
)
*
2
)
+
s
t
r
le
n
(
m
e
s
s
a
g
e
)
+
2
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
b
u
f
,
m
a
g
ic
)
;
p
d
w
=
(
u
n
s
ig
n
e
d
lo
n
g
*
)
(
b
u
f
+
s
iz
e
o
f
(
m
a
g
ic
)
-
1
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
x
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
(
u
n
s
ig
n
e
d
lo
n
g
)
-
1
)
;
p
t
r
=
(
u
n
s
ig
n
e
d
c
h
a
r
*
)
p
d
w
;
*
p
t
r
+
+
=
0
x
0
0
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
m
e
s
s
a
g
e
)
;
B
O
c
r
y
p
t
(
b
u
f
,
(
in
t
)
x
)
;
f
r
o
m
-
>
s
in
_
f
a
m
ily
=
A
F
_
I
N
E
T
;
s
e
n
d
t
o
(
f
d
,
b
u
f
,
x
,
0
,
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
*
)
f
r
o
m
,
s
iz
e
o
f
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
)
)
;
}
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
7
)
t
a
t
ic
v
o
id
e
x
p
e
r
r
o
r
(
in
t
f
d
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
f
r
o
m
)
{
u
n
s
ig
n
e
d
c
h
a
r
b
u
f
[
5
1
2
]
;
u
n
s
ig
n
e
d
lo
n
g
*
p
d
w
;
u
n
s
ig
n
e
d
c
h
a
r
*
p
t
r
;
in
t
x
;
/
*
o
r
a
r
e
a
s
o
n
a
b
le
f
a
c
s
im
ile
.
.
.
*
/
c
h
a
r
*
m
e
s
s
a
g
e
=
"
S
h
a
r
e
s
a
s
r
e
t
u
r
n
e
d
b
y
s
y
s
t
e
m
:
\
r
\
n
"
"
E
n
d
o
f
s
h
a
r
e
s
"
;
x
=
s
iz
e
o
f
(
m
a
g
ic
)
+
(
s
iz
e
o
f
(
u
n
s
ig
n
e
d
lo
n
g
)
*
2
)
+
s
t
r
le
n
(
m
e
s
s
a
g
e
)
+
2
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
b
u
f
,
m
a
g
ic
)
;
p
d
w
=
(
u
n
s
ig
n
e
d
lo
n
g
*
)
(
b
u
f
+
s
iz
e
o
f
(
m
a
g
ic
)
-
1
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
x
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
(
u
n
s
ig
n
e
d
lo
n
g
)
-
1
)
;
p
t
r
=
(
u
n
s
ig
n
e
d
c
h
a
r
*
)
p
d
w
;
*
p
t
r
+
+
=
0
x
0
0
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
m
e
s
s
a
g
e
)
;
B
O
c
r
y
p
t
(
b
u
f
,
(
in
t
)
x
)
;
f
r
o
m
-
>
s
in
_
f
a
m
ily
=
A
F
_
I
N
E
T
;
s
e
n
d
t
o
(
f
d
,
b
u
f
,
x
,
0
,
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
*
)
f
r
o
m
,
s
iz
e
o
f
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
)
)
;
}
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
7
)
171s
t
a
t
ic
v
o
id
d
ir
e
r
r
o
r
(
in
t
f
d
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
f
r
o
m
,
c
h
a
r
*
d
ir
)
{
u
n
s
ig
n
e
d
c
h
a
r
b
u
f
[
5
1
2
]
;
u
n
s
ig
n
e
d
lo
n
g
*
p
d
w
;
u
n
s
ig
n
e
d
c
h
a
r
*
p
t
r
;
in
t
x
;
s
t
a
t
ic
in
t
s
w
=
0
;
c
h
a
r
*
m
e
s
s
a
g
e
;
/
*
o
n
e
o
f
3
r
e
a
lis
t
ic
m
e
s
s
a
g
e
s
!
*
/
s
t
a
t
ic
c
h
a
r
*
m
e
s
s
[
]
=
{
"
E
r
r
o
r
5
3
:
T
h
e
n
e
t
w
o
r
k
p
a
t
h
w
a
s
n
o
t
f
o
u
n
d
o
p
e
n
in
g
f
ile
"
,
"
E
r
r
o
r
3
:
T
h
e
s
y
s
t
e
m
c
a
n
n
o
t
f
in
d
t
h
e
p
a
t
h
s
p
e
c
if
ie
d
o
p
e
n
in
g
f
ile
"
,
"
E
r
r
o
r
2
:
T
h
e
s
y
s
t
e
m
c
a
n
n
o
t
f
in
d
t
h
e
f
ile
s
p
e
c
if
ie
d
o
p
e
n
in
g
f
ile
"
}
;
m
e
s
s
a
g
e
=
m
e
s
s
[
s
w
+
+
%
3
]
;
x
=
s
iz
e
o
f
(
m
a
g
ic
)
+
(
s
iz
e
o
f
(
u
n
s
ig
n
e
d
lo
n
g
)
*
2
)
+
s
t
r
le
n
(
m
e
s
s
a
g
e
)
+
s
t
r
le
n
(
d
ir
)
+
2
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
b
u
f
,
m
a
g
ic
)
;
p
d
w
=
(
u
n
s
ig
n
e
d
lo
n
g
*
)
(
b
u
f
+
s
iz
e
o
f
(
m
a
g
ic
)
-
1
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
x
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
(
u
n
s
ig
n
e
d
lo
n
g
)
-
1
)
;
p
t
r
=
(
u
n
s
ig
n
e
d
c
h
a
r
*
)
p
d
w
;
*
p
t
r
+
+
=
0
x
0
0
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
m
e
s
s
a
g
e
)
;
p
t
r
+
=
s
t
r
le
n
(
m
e
s
s
a
g
e
)
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
d
ir
)
;
B
O
c
r
y
p
t
(
b
u
f
,
(
in
t
)
x
)
;
f
r
o
m
-
>
s
in
_
f
a
m
ily
=
A
F
_
I
N
E
T
;
s
e
n
d
t
o
(
f
d
,
b
u
f
,
x
,
0
,
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
*
)
f
r
o
m
,
s
iz
e
o
f
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
)
)
;
}
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
8
)
t
a
t
ic
v
o
id
d
ir
e
r
r
o
r
(
in
t
f
d
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
f
r
o
m
,
c
h
a
r
*
d
ir
)
{
u
n
s
ig
n
e
d
c
h
a
r
b
u
f
[
5
1
2
]
;
u
n
s
ig
n
e
d
lo
n
g
*
p
d
w
;
u
n
s
ig
n
e
d
c
h
a
r
*
p
t
r
;
in
t
x
;
s
t
a
t
ic
in
t
s
w
=
0
;
c
h
a
r
*
m
e
s
s
a
g
e
;
/
*
o
n
e
o
f
3
r
e
a
lis
t
ic
m
e
s
s
a
g
e
s
!
*
/
s
t
a
t
ic
c
h
a
r
*
m
e
s
s
[
]
=
{
"
E
r
r
o
r
5
3
:
T
h
e
n
e
t
w
o
r
k
p
a
t
h
w
a
s
n
o
t
f
o
u
n
d
o
p
e
n
in
g
f
ile
"
,
"
E
r
r
o
r
3
:
T
h
e
s
y
s
t
e
m
c
a
n
n
o
t
f
in
d
t
h
e
p
a
t
h
s
p
e
c
if
ie
d
o
p
e
n
in
g
f
ile
"
,
"
E
r
r
o
r
2
:
T
h
e
s
y
s
t
e
m
c
a
n
n
o
t
f
in
d
t
h
e
f
ile
s
p
e
c
if
ie
d
o
p
e
n
in
g
f
ile
"
}
;
m
e
s
s
a
g
e
=
m
e
s
s
[
s
w
+
+
%
3
]
;
x
=
s
iz
e
o
f
(
m
a
g
ic
)
+
(
s
iz
e
o
f
(
u
n
s
ig
n
e
d
lo
n
g
)
*
2
)
+
s
t
r
le
n
(
m
e
s
s
a
g
e
)
+
s
t
r
le
n
(
d
ir
)
+
2
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
b
u
f
,
m
a
g
ic
)
;
p
d
w
=
(
u
n
s
ig
n
e
d
lo
n
g
*
)
(
b
u
f
+
s
iz
e
o
f
(
m
a
g
ic
)
-
1
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
x
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
(
u
n
s
ig
n
e
d
lo
n
g
)
-
1
)
;
p
t
r
=
(
u
n
s
ig
n
e
d
c
h
a
r
*
)
p
d
w
;
*
p
t
r
+
+
=
0
x
0
0
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
m
e
s
s
a
g
e
)
;
p
t
r
+
=
s
t
r
le
n
(
m
e
s
s
a
g
e
)
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
d
ir
)
;
B
O
c
r
y
p
t
(
b
u
f
,
(
in
t
)
x
)
;
f
r
o
m
-
>
s
in
_
f
a
m
ily
=
A
F
_
I
N
E
T
;
s
e
n
d
t
o
(
f
d
,
b
u
f
,
x
,
0
,
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
*
)
f
r
o
m
,
s
iz
e
o
f
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
)
)
;
}
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
8
)
172s
t
a
t
ic
v
o
id
v
iw
e
r
r
o
r
(
in
t
f
d
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
f
r
o
m
,
c
h
a
r
*
p
a
t
h
)
{
u
n
s
ig
n
e
d
c
h
a
r
b
u
f
[
5
1
2
]
;
u
n
s
ig
n
e
d
lo
n
g
*
p
d
w
;
u
n
s
ig
n
e
d
c
h
a
r
*
p
t
r
;
in
t
x
;
s
t
a
t
ic
in
t
s
w
=
0
;
c
h
a
r
*
m
e
s
s
a
g
e
;
/
*
o
n
e
o
f
2
r
e
a
lis
t
ic
m
e
s
s
a
g
e
s
!
*
/
s
t
a
t
ic
c
h
a
r
*
m
e
s
s
[
]
=
{
"
E
r
r
o
r
1
3
:
P
e
r
m
is
s
io
n
d
e
n
ie
d
o
p
e
n
in
g
f
ile
"
,
"
E
r
r
o
r
2
:
N
o
s
u
c
h
f
ile
o
r
d
ir
e
c
t
o
r
y
o
p
e
n
in
g
f
ile
"
}
;
m
e
s
s
a
g
e
=
m
e
s
s
[
s
w
+
+
%
2
]
;
x
=
s
iz
e
o
f
(
m
a
g
ic
)
+
(
s
iz
e
o
f
(
u
n
s
ig
n
e
d
lo
n
g
)
*
2
)
+
s
t
r
le
n
(
m
e
s
s
a
g
e
)
+
s
t
r
le
n
(
p
a
t
h
)
+
2
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
b
u
f
,
m
a
g
ic
)
;
p
d
w
=
(
u
n
s
ig
n
e
d
lo
n
g
*
)
(
b
u
f
+
s
iz
e
o
f
(
m
a
g
ic
)
-
1
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
x
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
(
u
n
s
ig
n
e
d
lo
n
g
)
-
1
)
;
p
t
r
=
(
u
n
s
ig
n
e
d
c
h
a
r
*
)
p
d
w
;
*
p
t
r
+
+
=
0
x
0
0
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
m
e
s
s
a
g
e
)
;
p
t
r
+
=
s
t
r
le
n
(
m
e
s
s
a
g
e
)
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
p
a
t
h
)
;
B
O
c
r
y
p
t
(
b
u
f
,
(
in
t
)
x
)
;
f
r
o
m
-
>
s
in
_
f
a
m
ily
=
A
F
_
I
N
E
T
;
s
e
n
d
t
o
(
f
d
,
b
u
f
,
x
,
0
,
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
*
)
f
r
o
m
,
s
iz
e
o
f
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
)
)
;
}
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
9
)
t
a
t
ic
v
o
id
v
iw
e
r
r
o
r
(
in
t
f
d
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
f
r
o
m
,
c
h
a
r
*
p
a
t
h
)
{
u
n
s
ig
n
e
d
c
h
a
r
b
u
f
[
5
1
2
]
;
u
n
s
ig
n
e
d
lo
n
g
*
p
d
w
;
u
n
s
ig
n
e
d
c
h
a
r
*
p
t
r
;
in
t
x
;
s
t
a
t
ic
in
t
s
w
=
0
;
c
h
a
r
*
m
e
s
s
a
g
e
;
/
*
o
n
e
o
f
2
r
e
a
lis
t
ic
m
e
s
s
a
g
e
s
!
*
/
s
t
a
t
ic
c
h
a
r
*
m
e
s
s
[
]
=
{
"
E
r
r
o
r
1
3
:
P
e
r
m
is
s
io
n
d
e
n
ie
d
o
p
e
n
in
g
f
ile
"
,
"
E
r
r
o
r
2
:
N
o
s
u
c
h
f
ile
o
r
d
ir
e
c
t
o
r
y
o
p
e
n
in
g
f
ile
"
}
;
m
e
s
s
a
g
e
=
m
e
s
s
[
s
w
+
+
%
2
]
;
x
=
s
iz
e
o
f
(
m
a
g
ic
)
+
(
s
iz
e
o
f
(
u
n
s
ig
n
e
d
lo
n
g
)
*
2
)
+
s
t
r
le
n
(
m
e
s
s
a
g
e
)
+
s
t
r
le
n
(
p
a
t
h
)
+
2
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
b
u
f
,
m
a
g
ic
)
;
p
d
w
=
(
u
n
s
ig
n
e
d
lo
n
g
*
)
(
b
u
f
+
s
iz
e
o
f
(
m
a
g
ic
)
-
1
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
x
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
(
u
n
s
ig
n
e
d
lo
n
g
)
-
1
)
;
p
t
r
=
(
u
n
s
ig
n
e
d
c
h
a
r
*
)
p
d
w
;
*
p
t
r
+
+
=
0
x
0
0
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
m
e
s
s
a
g
e
)
;
p
t
r
+
=
s
t
r
le
n
(
m
e
s
s
a
g
e
)
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
p
a
t
h
)
;
B
O
c
r
y
p
t
(
b
u
f
,
(
in
t
)
x
)
;
f
r
o
m
-
>
s
in
_
f
a
m
ily
=
A
F
_
I
N
E
T
;
s
e
n
d
t
o
(
f
d
,
b
u
f
,
x
,
0
,
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
*
)
f
r
o
m
,
s
iz
e
o
f
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
)
)
;
}
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
9
)
173s
t
a
t
ic
v
o
id
n
a
u
g
h
t
y
(
in
t
f
d
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
f
r
o
m
)
{
u
n
s
ig
n
e
d
c
h
a
r
b
u
f
[
5
1
2
]
;
u
n
s
ig
n
e
d
lo
n
g
*
p
d
w
;
u
n
s
ig
n
e
d
c
h
a
r
*
p
t
r
;
in
t
x
;
s
t
a
t
ic
c
h
a
r
*
m
e
s
s
a
g
e
=
"
N
a
u
g
h
t
y
,
n
a
u
g
h
t
y
.
B
a
d
h
a
c
k
e
r
!
N
o
d
o
n
u
t
!
"
;
x
=
s
iz
e
o
f
(
m
a
g
ic
)
+
(
s
iz
e
o
f
(
u
n
s
ig
n
e
d
lo
n
g
)
*
2
)
+
s
t
r
le
n
(
m
e
s
s
a
g
e
)
+
2
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
b
u
f
,
m
a
g
ic
)
;
p
d
w
=
(
u
n
s
ig
n
e
d
lo
n
g
*
)
(
b
u
f
+
s
iz
e
o
f
(
m
a
g
ic
)
-
1
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
x
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
(
u
n
s
ig
n
e
d
lo
n
g
)
-
1
)
;
p
t
r
=
(
u
n
s
ig
n
e
d
c
h
a
r
*
)
p
d
w
;
*
p
t
r
+
+
=
0
x
0
0
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
m
e
s
s
a
g
e
)
;
B
O
c
r
y
p
t
(
b
u
f
,
(
in
t
)
x
)
;
f
r
o
m
-
>
s
in
_
f
a
m
ily
=
A
F
_
I
N
E
T
;
s
e
n
d
t
o
(
f
d
,
b
u
f
,
x
,
0
,
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
*
)
f
r
o
m
,
s
iz
e
o
f
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
)
)
;
} s
t
a
t
ic
v
o
id
g
o
a
w
a
y
(
in
t
f
d
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
f
r
o
m
)
{
u
n
s
ig
n
e
d
c
h
a
r
b
u
f
[
5
1
2
]
;
u
n
s
ig
n
e
d
lo
n
g
*
p
d
w
;
u
n
s
ig
n
e
d
c
h
a
r
*
p
t
r
;
in
t
x
;
s
t
a
t
ic
c
h
a
r
*
m
e
s
s
a
g
e
=
"
T
h
a
n
k
s
.
W
e
'v
e
lo
g
g
e
d
y
o
u
r
a
t
t
e
m
p
t
t
o
a
c
c
e
s
s
o
u
r
s
y
s
t
e
m
.
N
o
w
g
o
p
la
y
e
ls
e
w
h
e
r
e
.
"
;
x
=
s
iz
e
o
f
(
m
a
g
ic
)
+
(
s
iz
e
o
f
(
u
n
s
ig
n
e
d
lo
n
g
)
*
2
)
+
s
t
r
le
n
(
m
e
s
s
a
g
e
)
+
2
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
b
u
f
,
m
a
g
ic
)
;
p
d
w
=
(
u
n
s
ig
n
e
d
lo
n
g
*
)
(
b
u
f
+
s
iz
e
o
f
(
m
a
g
ic
)
-
1
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
x
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
(
u
n
s
ig
n
e
d
lo
n
g
)
-
1
)
;
p
t
r
=
(
u
n
s
ig
n
e
d
c
h
a
r
*
)
p
d
w
;
*
p
t
r
+
+
=
0
x
0
0
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
m
e
s
s
a
g
e
)
;
B
O
c
r
y
p
t
(
b
u
f
,
(
in
t
)
x
)
;
f
r
o
m
-
>
s
in
_
f
a
m
ily
=
A
F
_
I
N
E
T
;
s
e
n
d
t
o
(
f
d
,
b
u
f
,
x
,
0
,
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
*
)
f
r
o
m
,
s
iz
e
o
f
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
)
)
;
}
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
1
0
)
t
a
t
ic
v
o
id
n
a
u
g
h
t
y
(
in
t
f
d
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
f
r
o
m
)
{
u
n
s
ig
n
e
d
c
h
a
r
b
u
f
[
5
1
2
]
;
u
n
s
ig
n
e
d
lo
n
g
*
p
d
w
;
u
n
s
ig
n
e
d
c
h
a
r
*
p
t
r
;
in
t
x
;
s
t
a
t
ic
c
h
a
r
*
m
e
s
s
a
g
e
=
"
N
a
u
g
h
t
y
,
n
a
u
g
h
t
y
.
B
a
d
h
a
c
k
e
r
!
N
o
d
o
n
u
t
!
"
;
x
=
s
iz
e
o
f
(
m
a
g
ic
)
+
(
s
iz
e
o
f
(
u
n
s
ig
n
e
d
lo
n
g
)
*
2
)
+
s
t
r
le
n
(
m
e
s
s
a
g
e
)
+
2
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
b
u
f
,
m
a
g
ic
)
;
p
d
w
=
(
u
n
s
ig
n
e
d
lo
n
g
*
)
(
b
u
f
+
s
iz
e
o
f
(
m
a
g
ic
)
-
1
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
x
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
(
u
n
s
ig
n
e
d
lo
n
g
)
-
1
)
;
p
t
r
=
(
u
n
s
ig
n
e
d
c
h
a
r
*
)
p
d
w
;
*
p
t
r
+
+
=
0
x
0
0
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
m
e
s
s
a
g
e
)
;
B
O
c
r
y
p
t
(
b
u
f
,
(
in
t
)
x
)
;
f
r
o
m
-
>
s
in
_
f
a
m
ily
=
A
F
_
I
N
E
T
;
s
e
n
d
t
o
(
f
d
,
b
u
f
,
x
,
0
,
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
*
)
f
r
o
m
,
s
iz
e
o
f
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
)
)
;
} s
t
a
t
ic
v
o
id
g
o
a
w
a
y
(
in
t
f
d
,
s
t
r
u
c
t
s
o
c
k
a
d
d
r
_
in
*
f
r
o
m
)
{
u
n
s
ig
n
e
d
c
h
a
r
b
u
f
[
5
1
2
]
;
u
n
s
ig
n
e
d
lo
n
g
*
p
d
w
;
u
n
s
ig
n
e
d
c
h
a
r
*
p
t
r
;
in
t
x
;
s
t
a
t
ic
c
h
a
r
*
m
e
s
s
a
g
e
=
"
T
h
a
n
k
s
.
W
e
'v
e
lo
g
g
e
d
y
o
u
r
a
t
t
e
m
p
t
t
o
a
c
c
e
s
s
o
u
r
s
y
s
t
e
m
.
N
o
w
g
o
p
la
y
e
ls
e
w
h
e
r
e
.
"
;
x
=
s
iz
e
o
f
(
m
a
g
ic
)
+
(
s
iz
e
o
f
(
u
n
s
ig
n
e
d
lo
n
g
)
*
2
)
+
s
t
r
le
n
(
m
e
s
s
a
g
e
)
+
2
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
b
u
f
,
m
a
g
ic
)
;
p
d
w
=
(
u
n
s
ig
n
e
d
lo
n
g
*
)
(
b
u
f
+
s
iz
e
o
f
(
m
a
g
ic
)
-
1
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
x
)
;
*
p
d
w
+
+
=
_
_
E
L
_
L
O
N
G
(
(
u
n
s
ig
n
e
d
lo
n
g
)
-
1
)
;
p
t
r
=
(
u
n
s
ig
n
e
d
c
h
a
r
*
)
p
d
w
;
*
p
t
r
+
+
=
0
x
0
0
;
s
t
r
c
p
y
(
(
c
h
a
r
*
)
p
t
r
,
m
e
s
s
a
g
e
)
;
B
O
c
r
y
p
t
(
b
u
f
,
(
in
t
)
x
)
;
f
r
o
m
-
>
s
in
_
f
a
m
ily
=
A
F
_
I
N
E
T
;
s
e
n
d
t
o
(
f
d
,
b
u
f
,
x
,
0
,
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
*
)
f
r
o
m
,
s
iz
e
o
f
(
s
t
r
u
c
t
s
o
c
k
a
d
d
r
)
)
;
}
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
1
0
)
174/
*
t
h
is
c
o
d
e
f
r
o
m
b
o
u
n
ix
.
c
;
r
e
f
o
r
m
a
t
t
e
d
s
o
m
e
w
h
a
t
.
t
h
e
s
e
h
a
c
k
e
r
k
id
d
ie
s
c
a
n
't
c
o
d
e
f
o
r
t
o
s
a
v
e
t
h
e
ir
liv
e
s
*
/
v
o
id
m
s
r
a
n
d
(
u
n
s
ig
n
e
d
in
t
s
e
e
d
)
{
h
o
ld
r
a
n
d
=
(
lo
n
g
)
s
e
e
d
;
} in
t
m
r
a
n
d
(
v
o
id
)
{
r
e
t
u
r
n
(
(
(
h
o
ld
r
a
n
d
=
h
o
ld
r
a
n
d
*
2
1
4
0
1
3
L
+
2
5
3
1
0
1
1
L
)
>
>
1
6
)
&
0
x
7
f
f
f
)
;
} s
t
a
t
ic
v
o
id
B
O
c
r
y
p
t
(
u
n
s
ig
n
e
d
c
h
a
r
*
b
u
f
f
,
in
t
le
n
)
{
in
t
y
;
if
(
le
n
<
0
)
r
e
t
u
r
n
;
m
s
r
a
n
d
(
3
1
3
3
7
)
;
f
o
r
(
y
=
0
;
y
<
le
n
;
y
+
+
)
b
u
f
f
[
y
]
=
b
u
f
f
[
y
]
^
(
m
r
a
n
d
(
)
%
2
5
6
)
;
}
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
1
1
)
*
t
h
is
c
o
d
e
f
r
o
m
b
o
u
n
ix
.
c
;
r
e
f
o
r
m
a
t
t
e
d
s
o
m
e
w
h
a
t
.
t
h
e
s
e
h
a
c
k
e
r
k
id
d
ie
s
c
a
n
't
c
o
d
e
f
o
r
t
o
s
a
v
e
t
h
e
ir
liv
e
s
*
/
v
o
id
m
s
r
a
n
d
(
u
n
s
ig
n
e
d
in
t
s
e
e
d
)
{
h
o
ld
r
a
n
d
=
(
lo
n
g
)
s
e
e
d
;
} in
t
m
r
a
n
d
(
v
o
id
)
{
r
e
t
u
r
n
(
(
(
h
o
ld
r
a
n
d
=
h
o
ld
r
a
n
d
*
2
1
4
0
1
3
L
+
2
5
3
1
0
1
1
L
)
>
>
1
6
)
&
0
x
7
f
f
f
)
;
} s
t
a
t
ic
v
o
id
B
O
c
r
y
p
t
(
u
n
s
ig
n
e
d
c
h
a
r
*
b
u
f
f
,
in
t
le
n
)
{
in
t
y
;
if
(
le
n
<
0
)
r
e
t
u
r
n
;
m
s
r
a
n
d
(
3
1
3
3
7
)
;
f
o
r
(
y
=
0
;
y
<
le
n
;
y
+
+
)
b
u
f
f
[
y
]
=
b
u
f
f
[
y
]
^
(
m
r
a
n
d
(
)
%
2
5
6
)
;
}
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
1
1
)
175s
t
a
t
ic
c
h
a
r
*
t
y
p
e
d
e
c
o
d
e
(
in
t
t
)
{
s
t
a
t
ic
s
t
r
u
c
t
t
y
p
{
c
h
a
r
*
n
a
m
;
in
t
c
o
d
e
;
}
t
y
p
e
s
[
]
=
{
"
T
Y
P
E
_
E
R
R
O
R
"
,
0
x
0
0
,
"
T
Y
P
E
_
P
I
N
G
"
,
0
x
0
1
,
"
T
Y
P
E
_
S
Y
S
R
E
B
O
O
T
"
,
0
x
0
2
,
"
T
Y
P
E
_
S
Y
S
L
O
C
K
U
P
"
,
0
x
0
3
,
"
T
Y
P
E
_
S
Y
S
L
I
S
T
P
A
S
S
W
O
R
D
S
"
,
0
x
0
4
,
"
T
Y
P
E
_
S
Y
S
V
I
E
W
C
O
N
S
O
L
E
"
,
0
x
0
5
,
"
T
Y
P
E
_
S
Y
S
I
N
F
O
"
,
0
x
0
6
,
"
T
Y
P
E
_
S
Y
S
L
O
G
K
E
Y
S
"
,
0
x
0
7
,
"
T
Y
P
E
_
S
Y
S
E
N
D
K
E
Y
L
O
G
"
,
0
x
0
8
,
"
T
Y
P
E
_
S
Y
S
D
I
A
L
O
G
B
O
X
"
,
0
x
0
9
,
"
T
Y
P
E
_
P
A
C
K
E
T
R
E
S
E
N
D
"
,
0
x
1
3
,
"
T
Y
P
E
_
R
E
D
I
R
A
D
D
"
,
0
x
0
B
,
"
T
Y
P
E
_
R
E
D
I
R
D
E
L
"
,
0
x
0
C
,
"
T
Y
P
E
_
R
E
D
I
R
L
I
S
T
"
,
0
x
0
D
,
"
T
Y
P
E
_
A
P
P
A
D
D
"
,
0
x
0
E
,
"
T
Y
P
E
_
A
P
P
D
E
L
"
,
0
x
0
F
,
"
T
Y
P
E
_
A
P
P
L
I
S
T
"
,
0
x
3
F
,
"
T
Y
P
E
_
N
E
T
E
X
P
O
R
T
A
D
D
"
,
0
x
1
0
,
"
T
Y
P
E
_
N
E
T
E
X
P
O
R
T
D
E
L
E
T
E
"
,
0
x
1
1
,
"
T
Y
P
E
_
N
E
T
E
X
P
O
R
T
L
I
S
T
"
,
0
x
1
2
,
"
T
Y
P
E
_
N
E
T
V
I
E
W
"
,
0
x
3
9
,
"
T
Y
P
E
_
N
E
T
U
S
E
"
,
0
x
3
A
,
"
T
Y
P
E
_
N
E
T
D
E
L
E
T
E
"
,
0
x
3
B
,
"
T
Y
P
E
_
N
E
T
C
O
N
N
E
C
T
I
O
N
S
"
,
0
x
3
C
,
"
T
Y
P
E
_
P
R
O
C
E
S
S
L
I
S
T
"
,
0
x
2
0
,
"
T
Y
P
E
_
P
R
O
C
E
S
S
K
I
L
L
"
,
0
x
2
1
,
"
T
Y
P
E
_
P
R
O
C
E
S
S
S
P
A
W
N
"
,
0
x
2
2
,
"
T
Y
P
E
_
R
E
G
I
S
T
R
Y
C
R
E
A
T
E
K
E
Y
"
,
0
x
2
3
,
"
T
Y
P
E
_
R
E
G
I
S
T
R
Y
S
E
T
V
A
L
U
E
"
,
0
x
2
4
,
"
T
Y
P
E
_
R
E
G
I
S
T
R
Y
D
E
L
E
T
E
K
E
Y
"
,
0
x
2
5
,
"
T
Y
P
E
_
R
E
G
I
S
T
R
Y
D
E
L
E
T
E
V
A
L
U
E
"
,
0
x
0
A
,
"
T
Y
P
E
_
R
E
G
I
S
T
R
Y
E
N
U
M
K
E
Y
S
"
,
0
x
2
6
,
"
T
Y
P
E
_
R
E
G
I
S
T
R
Y
E
N
U
M
V
A
L
S
"
,
0
x
2
7
,
"
T
Y
P
E
_
M
M
C
A
P
F
R
A
M
E
"
,
0
x
2
8
,
"
T
Y
P
E
_
M
M
C
A
P
A
V
I
"
,
0
x
2
9
,
"
T
Y
P
E
_
M
M
P
L
A
Y
S
O
U
N
D
"
,
0
x
2
A
,
"
T
Y
P
E
_
M
M
L
I
S
T
C
A
P
S
"
,
0
x
2
B
,
"
T
Y
P
E
_
M
M
C
A
P
S
C
R
E
E
N
"
,
0
x
2
C
,
"
T
Y
P
E
_
D
I
R
E
C
T
O
R
Y
L
I
S
T
"
,
0
x
3
1
,
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
1
2
)
t
a
t
ic
c
h
a
r
*
t
y
p
e
d
e
c
o
d
e
(
in
t
t
)
{
s
t
a
t
ic
s
t
r
u
c
t
t
y
p
{
c
h
a
r
*
n
a
m
;
in
t
c
o
d
e
;
}
t
y
p
e
s
[
]
=
{
"
T
Y
P
E
_
E
R
R
O
R
"
,
0
x
0
0
,
"
T
Y
P
E
_
P
I
N
G
"
,
0
x
0
1
,
"
T
Y
P
E
_
S
Y
S
R
E
B
O
O
T
"
,
0
x
0
2
,
"
T
Y
P
E
_
S
Y
S
L
O
C
K
U
P
"
,
0
x
0
3
,
"
T
Y
P
E
_
S
Y
S
L
I
S
T
P
A
S
S
W
O
R
D
S
"
,
0
x
0
4
,
"
T
Y
P
E
_
S
Y
S
V
I
E
W
C
O
N
S
O
L
E
"
,
0
x
0
5
,
"
T
Y
P
E
_
S
Y
S
I
N
F
O
"
,
0
x
0
6
,
"
T
Y
P
E
_
S
Y
S
L
O
G
K
E
Y
S
"
,
0
x
0
7
,
"
T
Y
P
E
_
S
Y
S
E
N
D
K
E
Y
L
O
G
"
,
0
x
0
8
,
"
T
Y
P
E
_
S
Y
S
D
I
A
L
O
G
B
O
X
"
,
0
x
0
9
,
"
T
Y
P
E
_
P
A
C
K
E
T
R
E
S
E
N
D
"
,
0
x
1
3
,
"
T
Y
P
E
_
R
E
D
I
R
A
D
D
"
,
0
x
0
B
,
"
T
Y
P
E
_
R
E
D
I
R
D
E
L
"
,
0
x
0
C
,
"
T
Y
P
E
_
R
E
D
I
R
L
I
S
T
"
,
0
x
0
D
,
"
T
Y
P
E
_
A
P
P
A
D
D
"
,
0
x
0
E
,
"
T
Y
P
E
_
A
P
P
D
E
L
"
,
0
x
0
F
,
"
T
Y
P
E
_
A
P
P
L
I
S
T
"
,
0
x
3
F
,
"
T
Y
P
E
_
N
E
T
E
X
P
O
R
T
A
D
D
"
,
0
x
1
0
,
"
T
Y
P
E
_
N
E
T
E
X
P
O
R
T
D
E
L
E
T
E
"
,
0
x
1
1
,
"
T
Y
P
E
_
N
E
T
E
X
P
O
R
T
L
I
S
T
"
,
0
x
1
2
,
"
T
Y
P
E
_
N
E
T
V
I
E
W
"
,
0
x
3
9
,
"
T
Y
P
E
_
N
E
T
U
S
E
"
,
0
x
3
A
,
"
T
Y
P
E
_
N
E
T
D
E
L
E
T
E
"
,
0
x
3
B
,
"
T
Y
P
E
_
N
E
T
C
O
N
N
E
C
T
I
O
N
S
"
,
0
x
3
C
,
"
T
Y
P
E
_
P
R
O
C
E
S
S
L
I
S
T
"
,
0
x
2
0
,
"
T
Y
P
E
_
P
R
O
C
E
S
S
K
I
L
L
"
,
0
x
2
1
,
"
T
Y
P
E
_
P
R
O
C
E
S
S
S
P
A
W
N
"
,
0
x
2
2
,
"
T
Y
P
E
_
R
E
G
I
S
T
R
Y
C
R
E
A
T
E
K
E
Y
"
,
0
x
2
3
,
"
T
Y
P
E
_
R
E
G
I
S
T
R
Y
S
E
T
V
A
L
U
E
"
,
0
x
2
4
,
"
T
Y
P
E
_
R
E
G
I
S
T
R
Y
D
E
L
E
T
E
K
E
Y
"
,
0
x
2
5
,
"
T
Y
P
E
_
R
E
G
I
S
T
R
Y
D
E
L
E
T
E
V
A
L
U
E
"
,
0
x
0
A
,
"
T
Y
P
E
_
R
E
G
I
S
T
R
Y
E
N
U
M
K
E
Y
S
"
,
0
x
2
6
,
"
T
Y
P
E
_
R
E
G
I
S
T
R
Y
E
N
U
M
V
A
L
S
"
,
0
x
2
7
,
"
T
Y
P
E
_
M
M
C
A
P
F
R
A
M
E
"
,
0
x
2
8
,
"
T
Y
P
E
_
M
M
C
A
P
A
V
I
"
,
0
x
2
9
,
"
T
Y
P
E
_
M
M
P
L
A
Y
S
O
U
N
D
"
,
0
x
2
A
,
"
T
Y
P
E
_
M
M
L
I
S
T
C
A
P
S
"
,
0
x
2
B
,
"
T
Y
P
E
_
M
M
C
A
P
S
C
R
E
E
N
"
,
0
x
2
C
,
"
T
Y
P
E
_
D
I
R
E
C
T
O
R
Y
L
I
S
T
"
,
0
x
3
1
,
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
1
2
)
176
"
T
Y
P
E
_
F
I
L
E
D
E
L
E
T
E
"
,
0
x
3
5
,
"
T
Y
P
E
_
F
I
L
E
V
I
E
W
"
,
0
x
3
6
,
"
T
Y
P
E
_
F
I
L
E
R
E
N
A
M
E
"
,
0
x
3
7
,
"
T
Y
P
E
_
F
I
L
E
C
O
P
Y
"
,
0
x
3
8
,
"
T
Y
P
E
_
D
I
R
E
C
T
O
R
Y
M
A
K
E
"
,
0
x
3
D
,
"
T
Y
P
E
_
D
I
R
E
C
T
O
R
Y
D
E
L
E
T
E
"
,
0
x
3
E
,
"
T
Y
P
E
_
F
I
L
E
F
R
E
E
Z
E
"
,
0
x
1
7
,
"
T
Y
P
E
_
F
I
L
E
M
E
L
T
"
,
0
x
1
8
,
"
T
Y
P
E
_
H
T
T
P
E
N
A
B
L
E
"
,
0
x
1
4
,
"
T
Y
P
E
_
H
T
T
P
D
I
S
A
B
L
E
"
,
0
x
1
5
,
"
T
Y
P
E
_
T
C
P
F
I
L
E
S
E
N
D
"
,
0
x
2
d
,
"
T
Y
P
E
_
T
C
P
F
I
L
E
R
E
C
E
I
V
E
"
,
0
x
2
e
,
"
T
Y
P
E
_
R
E
S
O
L
V
E
H
O
S
T
"
,
0
x
1
6
,
"
T
Y
P
E
_
P
L
U
G
I
N
E
X
E
C
U
T
E
"
,
0
x
1
9
,
"
T
Y
P
E
_
P
L
U
G
I
N
L
I
S
T
"
,
0
x
2
f
,
"
T
Y
P
E
_
P
L
U
G
I
N
K
I
L
L
"
,
0
x
3
0
,
0
,
0
}
;
s
t
r
u
c
t
t
y
p
*
p
;
f
o
r
(
p
=
t
y
p
e
s
;
p
-
>
n
a
m
!
=
(
c
h
a
r
*
)
0
;
p
+
+
)
if
(
t
=
=
p
-
>
c
o
d
e
)
r
e
t
u
r
n
(
p
-
>
n
a
m
)
;
r
e
t
u
r
n
(
"
u
n
k
n
o
w
n
"
)
;
}
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
1
3
)
"
T
Y
P
E
_
F
I
L
E
D
E
L
E
T
E
"
,
0
x
3
5
,
"
T
Y
P
E
_
F
I
L
E
V
I
E
W
"
,
0
x
3
6
,
"
T
Y
P
E
_
F
I
L
E
R
E
N
A
M
E
"
,
0
x
3
7
,
"
T
Y
P
E
_
F
I
L
E
C
O
P
Y
"
,
0
x
3
8
,
"
T
Y
P
E
_
D
I
R
E
C
T
O
R
Y
M
A
K
E
"
,
0
x
3
D
,
"
T
Y
P
E
_
D
I
R
E
C
T
O
R
Y
D
E
L
E
T
E
"
,
0
x
3
E
,
"
T
Y
P
E
_
F
I
L
E
F
R
E
E
Z
E
"
,
0
x
1
7
,
"
T
Y
P
E
_
F
I
L
E
M
E
L
T
"
,
0
x
1
8
,
"
T
Y
P
E
_
H
T
T
P
E
N
A
B
L
E
"
,
0
x
1
4
,
"
T
Y
P
E
_
H
T
T
P
D
I
S
A
B
L
E
"
,
0
x
1
5
,
"
T
Y
P
E
_
T
C
P
F
I
L
E
S
E
N
D
"
,
0
x
2
d
,
"
T
Y
P
E
_
T
C
P
F
I
L
E
R
E
C
E
I
V
E
"
,
0
x
2
e
,
"
T
Y
P
E
_
R
E
S
O
L
V
E
H
O
S
T
"
,
0
x
1
6
,
"
T
Y
P
E
_
P
L
U
G
I
N
E
X
E
C
U
T
E
"
,
0
x
1
9
,
"
T
Y
P
E
_
P
L
U
G
I
N
L
I
S
T
"
,
0
x
2
f
,
"
T
Y
P
E
_
P
L
U
G
I
N
K
I
L
L
"
,
0
x
3
0
,
0
,
0
}
;
s
t
r
u
c
t
t
y
p
*
p
;
f
o
r
(
p
=
t
y
p
e
s
;
p
-
>
n
a
m
!
=
(
c
h
a
r
*
)
0
;
p
+
+
)
if
(
t
=
=
p
-
>
c
o
d
e
)
r
e
t
u
r
n
(
p
-
>
n
a
m
)
;
r
e
t
u
r
n
(
"
u
n
k
n
o
w
n
"
)
;
}
B
a
c
k
O
f
f
i
c
e
r
F
r
i
e
n
d
l
y
(
p
a
g
e
1
3
)
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 15
- Slides 176
- Age 475 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views