From 7bdf40fe7fc1d0c458c94b4dbf6f5152cb8985b6 Mon Sep 17 00:00:00 2001
From: conectado <gabrielalejandro7@gmail.com>
Date: Fri, 21 Apr 2023 11:37:30 -0700
Subject: [PATCH] add connlib rust logic.

This commit convert this repo into a rust workspace.
Divides into 2 types of crates, libs/clients.
Clients are thin wrappers used directly by native clients.
Libs implement the logic.
We have 4 logic crates:
- Gateway: Gateway-specific logic.
- Clients: Client-specific logic.
- Tunnel: General logic for wireguard/ice tunnels.
- Common: Types shared by all crates.
---
 .gitignore                                    |   16 +-
 Cargo.toml                                    |   35 +-
 android/gradle/wrapper/gradle-wrapper.jar     |  Bin 61608 -> 0 bytes
 apple/Cargo.lock                              | 1240 -----------------
 apple/src/lib.rs                              |   88 --
 {android => clients/android}/.gitignore       |    0
 {android => clients/android}/Cargo.toml       |    2 +-
 {android => clients/android}/build.gradle.kts |    0
 .../android}/consumer-rules.pro               |    0
 .../android}/gradle.properties                |    0
 .../gradle/wrapper/gradle-wrapper.properties  |    0
 {android => clients/android}/gradlew          |    0
 {android => clients/android}/gradlew.bat      |    0
 .../android}/lib/build.gradle.kts             |    0
 .../android}/lib/src/main/AndroidManifest.xml |    0
 .../main/java/dev/firezone/connlib/Logger.kt  |    0
 .../main/java/dev/firezone/connlib/Session.kt |    0
 .../java/dev/firezone/connlib/VpnService.kt   |    0
 .../java/dev/firezone/connlib/ConnlibTest.kt  |    0
 .../java/dev/firezone/connlib/SessionTest.kt  |    0
 .../dev/firezone/connlib/VpnServiceTest.kt    |    0
 .../android}/proguard-rules.pro               |    0
 .../android}/settings.gradle.kts              |    0
 {android => clients/android}/src/lib.rs       |   53 +-
 {apple => clients/apple}/.gitignore           |    0
 {apple => clients/apple}/Cargo.toml           |    6 +-
 {apple => clients/apple}/README.md            |    0
 .../apple}/Sources/Connlib/Adapter.swift      |    0
 .../apple}/Sources/Connlib/BridgingHeader.h   |    0
 .../Sources/Connlib/CallbackHandler.swift     |    0
 .../Sources/Connlib/Generated/.gitignore      |    0
 .../apple}/Sources/Connlib/connlib.h          |    0
 .../apple}/Tests/connlibTests/.gitkeep        |    0
 {apple => clients/apple}/build-rust.sh        |    0
 {apple => clients/apple}/build-xcframework.sh |    0
 {apple => clients/apple}/build.rs             |    0
 .../apple}/connlib.xcodeproj/project.pbxproj  |    0
 .../contents.xcworkspacedata                  |    0
 .../xcshareddata/IDEWorkspaceChecks.plist     |    0
 .../xcshareddata/xcschemes/Connlib.xcscheme   |    0
 clients/apple/src/lib.rs                      |  115 ++
 gateway/Cargo.toml                            |   13 +
 gateway/src/main.rs                           |   42 +
 libs/client/Cargo.toml                        |   14 +
 libs/client/src/control.rs                    |  194 +++
 libs/client/src/lib.rs                        |   20 +
 libs/client/src/messages.rs                   |   52 +
 libs/common/Cargo.toml                        |   32 +
 libs/common/src/control.rs                    |  227 +++
 libs/common/src/error.rs                      |   92 ++
 libs/common/src/error_type.rs                 |   20 +
 libs/common/src/lib.rs                        |   18 +
 libs/common/src/messages.rs                   |   75 +
 libs/common/src/messages/key.rs               |   54 +
 libs/common/src/session.rs                    |  219 +++
 libs/gateway/Cargo.toml                       |   14 +
 libs/gateway/src/control.rs                   |  146 ++
 libs/gateway/src/lib.rs                       |   16 +
 libs/gateway/src/messages.rs                  |   87 ++
 libs/tunnel/Cargo.toml                        |   39 +
 libs/tunnel/src/control_protocol.rs           |  302 ++++
 libs/tunnel/src/index.rs                      |   61 +
 libs/tunnel/src/lib.rs                        |  487 +++++++
 libs/tunnel/src/multimap.rs                   |   80 ++
 libs/tunnel/src/peer.rs                       |   81 ++
 {src => libs/tunnel/src}/platform.rs          |    0
 {src => libs/tunnel/src}/platform/android.rs  |    0
 {src => libs/tunnel/src}/platform/apple.rs    |    0
 {src => libs/tunnel/src}/platform/linux.rs    |    0
 {src => libs/tunnel/src}/platform/windows.rs  |    0
 libs/tunnel/src/tun_darwin.rs                 |   75 +
 libs/tunnel/src/tun_linux.rs                  |    0
 macros/Cargo.toml                             |   13 +
 macros/src/lib.rs                             |  108 ++
 src/lib.rs                                    |   33 -
 75 files changed, 2746 insertions(+), 1423 deletions(-)
 delete mode 100644 android/gradle/wrapper/gradle-wrapper.jar
 delete mode 100644 apple/Cargo.lock
 delete mode 100644 apple/src/lib.rs
 rename {android => clients/android}/.gitignore (100%)
 rename {android => clients/android}/Cargo.toml (79%)
 rename {android => clients/android}/build.gradle.kts (100%)
 rename {android => clients/android}/consumer-rules.pro (100%)
 rename {android => clients/android}/gradle.properties (100%)
 rename {android => clients/android}/gradle/wrapper/gradle-wrapper.properties (100%)
 rename {android => clients/android}/gradlew (100%)
 rename {android => clients/android}/gradlew.bat (100%)
 rename {android => clients/android}/lib/build.gradle.kts (100%)
 rename {android => clients/android}/lib/src/main/AndroidManifest.xml (100%)
 rename {android => clients/android}/lib/src/main/java/dev/firezone/connlib/Logger.kt (100%)
 rename {android => clients/android}/lib/src/main/java/dev/firezone/connlib/Session.kt (100%)
 rename {android => clients/android}/lib/src/main/java/dev/firezone/connlib/VpnService.kt (100%)
 rename {android => clients/android}/lib/src/test/java/dev/firezone/connlib/ConnlibTest.kt (100%)
 rename {android => clients/android}/lib/src/test/java/dev/firezone/connlib/SessionTest.kt (100%)
 rename {android => clients/android}/lib/src/test/java/dev/firezone/connlib/VpnServiceTest.kt (100%)
 rename {android => clients/android}/proguard-rules.pro (100%)
 rename {android => clients/android}/settings.gradle.kts (100%)
 rename {android => clients/android}/src/lib.rs (71%)
 rename {apple => clients/apple}/.gitignore (100%)
 rename {apple => clients/apple}/Cargo.toml (50%)
 rename {apple => clients/apple}/README.md (100%)
 rename {apple => clients/apple}/Sources/Connlib/Adapter.swift (100%)
 rename {apple => clients/apple}/Sources/Connlib/BridgingHeader.h (100%)
 rename {apple => clients/apple}/Sources/Connlib/CallbackHandler.swift (100%)
 rename {apple => clients/apple}/Sources/Connlib/Generated/.gitignore (100%)
 rename {apple => clients/apple}/Sources/Connlib/connlib.h (100%)
 rename {apple => clients/apple}/Tests/connlibTests/.gitkeep (100%)
 rename {apple => clients/apple}/build-rust.sh (100%)
 rename {apple => clients/apple}/build-xcframework.sh (100%)
 rename {apple => clients/apple}/build.rs (100%)
 rename {apple => clients/apple}/connlib.xcodeproj/project.pbxproj (100%)
 rename {apple => clients/apple}/connlib.xcodeproj/project.xcworkspace/contents.xcworkspacedata (100%)
 rename {apple => clients/apple}/connlib.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist (100%)
 rename {apple => clients/apple}/connlib.xcodeproj/xcshareddata/xcschemes/Connlib.xcscheme (100%)
 create mode 100644 clients/apple/src/lib.rs
 create mode 100644 gateway/Cargo.toml
 create mode 100644 gateway/src/main.rs
 create mode 100644 libs/client/Cargo.toml
 create mode 100644 libs/client/src/control.rs
 create mode 100644 libs/client/src/lib.rs
 create mode 100644 libs/client/src/messages.rs
 create mode 100644 libs/common/Cargo.toml
 create mode 100644 libs/common/src/control.rs
 create mode 100644 libs/common/src/error.rs
 create mode 100644 libs/common/src/error_type.rs
 create mode 100644 libs/common/src/lib.rs
 create mode 100644 libs/common/src/messages.rs
 create mode 100644 libs/common/src/messages/key.rs
 create mode 100644 libs/common/src/session.rs
 create mode 100644 libs/gateway/Cargo.toml
 create mode 100644 libs/gateway/src/control.rs
 create mode 100644 libs/gateway/src/lib.rs
 create mode 100644 libs/gateway/src/messages.rs
 create mode 100644 libs/tunnel/Cargo.toml
 create mode 100644 libs/tunnel/src/control_protocol.rs
 create mode 100644 libs/tunnel/src/index.rs
 create mode 100644 libs/tunnel/src/lib.rs
 create mode 100644 libs/tunnel/src/multimap.rs
 create mode 100644 libs/tunnel/src/peer.rs
 rename {src => libs/tunnel/src}/platform.rs (100%)
 rename {src => libs/tunnel/src}/platform/android.rs (100%)
 rename {src => libs/tunnel/src}/platform/apple.rs (100%)
 rename {src => libs/tunnel/src}/platform/linux.rs (100%)
 rename {src => libs/tunnel/src}/platform/windows.rs (100%)
 create mode 100644 libs/tunnel/src/tun_darwin.rs
 create mode 100644 libs/tunnel/src/tun_linux.rs
 create mode 100644 macros/Cargo.toml
 create mode 100644 macros/src/lib.rs
 delete mode 100644 src/lib.rs

diff --git a/.gitignore b/.gitignore
index 0bcad19..49605b4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,13 +1,12 @@
 ### Rust ###
-/target
+target/
 # Libraries shouldn't lock their dependencies
-/Cargo.lock
+Cargo.lock
 
 ### Android ###
 # Gradle files
 .gradle/
 build/
-android/target/
 
 # Local configuration file (sdk path, etc)
 local.properties
@@ -101,11 +100,10 @@ proguard/
 # Log Files
 
 # Android Studio
-/*/build/
+build/
 /*/local.properties
-/*/out
-/*/*/build
-/*/*/production
+out/
+production/
 .navigation/
 *.ipr
 *~
@@ -126,7 +124,6 @@ obj/
 
 # IntelliJ IDEA
 *.iws
-/out/
 
 # User-specific configurations
 .idea/caches/
@@ -172,9 +169,8 @@ fabric.properties
 ### Apple ###
 .DS_Store
 .build/
-build/
 DerivedData/
 xcuserdata/
-**/*.xcuserstate
+*.xcuserstate
 
 Firezone/Developer.xcconfig
diff --git a/Cargo.toml b/Cargo.toml
index fe3de85..11c0607 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,24 +1,11 @@
-[package]
-name = "firezone-connlib"
-version = "0.1.6"
-edition = "2021"
-
-[dependencies]
-# Apple tunnel dependencies
-[target.'cfg(any(target_os = "macos", target_os = "ios"))'.dependencies]
-boringtun = { git = "https://github.com/cloudflare/boringtun", rev = "878385f", features = ["device"] }
-
-# Linux tunnel dependencies
-[target.'cfg(target_os = "linux")'.dependencies]
-boringtun = { git = "https://github.com/cloudflare/boringtun", rev = "878385f", features = ["device"] }
-
-# Android tunnel dependencies
-[target.'cfg(target_os = "android")'.dependencies]
-boringtun = { git = "https://github.com/cloudflare/boringtun", rev = "878385f", features = ["jni-bindings"] }
-android_logger = "0.13"
-log = "0.4.14"
-
-# Windows tunnel dependencies
-[target.'cfg(target_os = "windows")'.dependencies]
-boringtun = { git = "https://github.com/cloudflare/boringtun", rev = "878385f" }
-wintun = "0.2.1"
+[workspace]
+members = [
+  "clients/android",
+  "clients/apple",
+  "libs/tunnel",
+  "libs/client",
+  "libs/gateway",
+  "libs/common",
+  "gateway",
+  "macros",
+]
diff --git a/android/gradle/wrapper/gradle-wrapper.jar b/android/gradle/wrapper/gradle-wrapper.jar
deleted file mode 100644
index ccebba7710deaf9f98673a68957ea02138b60d0a..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 61608
zcmb5VV{~QRw)Y#`wrv{~+qP{x72B%VwzFc}c2cp;N~)5ZbDrJayPv(!dGEd-##*zr
z)#n-$y^sH|_dchh3@8{H5D*j;5D<{i*8l<n`R`94An31eIWbisdMSBvMo=KdzZu#!
z2=IUVG7$V4U%UUmhH^skQsQDNstj`C4{}qJvNH4x^YAkCG&57PP0CD5tUr(Lr|8F|
zrsbw-rRacR&cjU84vV#^0hr{ahs87@nB*8}#Ta+ach127GUL}I|L4%azP25lE&lDO
z{@DihA2t@wMy9rA|5sDgzngkE8#y|fIse-(VW+DelrTU*`j|jKH2?E168}A!#$SIR
zXJlp1U}9_J;*z5Y>5IFJ|DjL!e)upfGNX(kojugZ3I`oH1PvW`wFW_ske0j@lB9bX
zO;2)`y+|!@X(fZ1<2n!Qx*)_^Ai@Cv-dF&(vnudG?0CsddG_&Wtae(n|K59ew)6St
z#dj7_(Cfwzh$H$5M!$UDd8=4>IQsD3xV=lXUq($;(h*$0^yd+b{qq63f0r_de#!o_
zXDngc>zy`uor)4A^2M#U*DC~i+dc<)Tb1Tv&~Ev@oM)5iJ4Sn#8iRw16XXuV50BS7
zdBL5Mefch(&^{luE{*<o)$0CtHMXCiFaqU;N{t<$9@JbXquVr@cf{y~BNB(J5=Tji
zlK?_g|E;1zl$VJ=#ZmElT~Y6jy-|?2PUv}kl<0irKUHY7@2t={_gVdY)lv8kM+ad9
zC<O%>5qtCZk$oFr3<io|2$Itc(&(T+V0vhN)K$Fl^c3u8y`}{@R7L#c1&Qu_+u$L|
zkw6sZeUEd0xxV1r@X7Bj^XUCX<ecNL?GSk}zL!>RH=H!c3wGR=HJ(yKc_re_X9pD`
zJ;uxPzUfVpgU>DSq?J;I@a+10l0ONXPcDkiYcihREt5~T<to{?YLB3#Ek~Bd_FRTK
z3SVU)NWfW~bevBhSgga`J`3XaEJ;UR&tR-QNI#e+fX1mkLg(kYRIlBUeP!g)rVvkV
zmBQF>5Gb}sT0+6Q;AWHl`<y=xe2MOa)>S5dV>lv%-p9l#xNNy7ZCr%cyqHY%TZ8Q4
zbp&#ov1*$#grNG#1vgfFOLJCaNG@K|2!W&HSh@3@Y%T?<RDDZ2kvE4KZX_tTk{8@Y
z+1Qu}v&0qF!3ps~B5R6-#N&o4vQEcX3!~lWKK-JjRoUbPQR)>3YI75bJp!VP*$*!<
z;(ffNS_;@RJ`=c7yX04!u3JP*<8jeqLHVJu#WV&v6wA!OYJS4h<_}^QI&97-;=ojW
zQ-1t)7wnxG*5I%U4)9$wlv5Fr;cIizft@&N+3<m!sp`}{5>2O%B{R1POm$oap@&f|
zh+5J{>U6ftv|vAeKGc|zC=kO(+l7_cLpV}-D#oUltScw})N>~JOZLU_0{Ka2e1evz
z{^a*ZrLr+JUj;)K&u2CoCAXLC2=fVScI(m_p~0FmF>>&3DHziouln?;sxW`NB}cSX
z8?I<poVWwH93~xX>sJB)Z=aYRz!X=yJn$kyOWK%rCYf-YarNqKzmWu$ZvkP12b4qH
z<cj_@_^h^p^q&$rHm}tFrF$o@p+N@Luju~MbeZxq_WbMvMAonH{#8FcaQx#1Ex963
zthr*D;hp#t`U%;8Lw{en#r&PBH>hS9Q>j<}(*frr?z<%9hl*i^#@*O2q<G8@m-E{I
z`}pP(W$_?tQz?qiq)AkeSb{O1HEI<O&IPY2fz^)h2U5WFf)$o|GVN9!>(Z^CN)c2c
z>1B~D;@YpG?G!Yk+*yn4vM4sO-_!&m6+`k|3zd;8DJnxsBYtI;W3We+FN@|tQ5EW=
z!VU>jtim0Mw#iaT8t_<+qKIEB-WwE04lBd%Letbml9N!?SLrEG$nmn7&W(W`VB@5S
zaY=s<l}}fvx=2PUlRXVFqYw_pix_=MLAKV-vfffnNa-G}V}-DjqeGu81{_6c7DT4*
zgNTK&HNdPkT}|m;Wopt-pwH(=vK!Mcs#L3p7EuhKtdS*$(gi7K6)2mt;vO}}@U2?@
zic8*RBj6lGpirRD%IH>Ew2}i@F_1P4OtEw?xj4@D6>_e=m=797#hg}f*l^`AB|Y0#
z9=)o|%TZFCY$SzgSjS|8AI<m~)~<LWT=KD$snpvb;<|raYO=8NN=pEex{aVNGen|i
z4hGyCiz+M`>-%J4x}J)!IMxY3_KYze`_I=c1nmrk@E8c9?MVRu)7+Ue79|<R7R(*W
zmGI9WxS<;F_rj?)6ZJ2+&*@e<mlh^Wi>)rBX7tVB7U|w4*h(;Gi3D9le49B38`wuv
zp7{4X^p<CFK*NrFla6?I(q;<C*K@ag4>+K4*$@gU(Tq3K1a#3SmYhvI42)GzG4f|u
zwQFT1<JTz}_6=eHFU^e2CZtm7+S~2?G10jrHLa$Yc>n_=n|jpi=70-yE9LA+d*T8u
z`=VmmXJ_f6WmZve<c3j)L*cT@L>ZPct$Cgu^~gFiyL>Lnpj*6ee>*0pz=t$IJ}+rE
zsf@>jlcG%Wx;Cp5x)YSVvB<GcbWPQ65t~gc{a(L|Y**_KX&N^LV{4p;>1$yyY1l&o
zvwX=D7k)Dn;ciX?Z)Pn8$flC8#m`nB&(8?RSdBvr?>T9?E$U3u<MGKL6<gI3+cigX
zr2;7xjAPPdw|q3|5<Av+0yh@5pePF?so63EF4(f;!m<(9QF+GK>IX7T?$v4dWCa46
z+&`ot8ZTEgp7G+c52oHJ8nw5}a^dwb_l%MOh(ebVj9>_koQP^$2B~eUfSbw9RY$_<
z&DDWf2LW;b0ZDOaZ&2^i^g+5uTd;GwO(-bbo|P^;CNL-<vp1D1$R<L}_zoyFQ(?^n
zl`6VAFTjED$Nit=axARyg>%?9mRmxEw~5&z=X^Rvbo^WJW=n_%*7974RY}JhFv46>
zd}`2|qkd;89l}R;i~9T)V-Q%K)O=yfVKNM4Gbacc7AOd>#^&W&)Xx!Uy5!BHnp9kh
z`a(7MO6+Ren#>R^D0K)1sE{Bv>}s6Rb9MT14u!(NpZOe-?4V=>qZ>}uS)!y~;jEUK
z&!U7Fj&{WdgU#L0%bM}SYXRtM5z!6M+kgaMKt%3FkjWYh=#QUpt$XX1!*XkpSq-pl
zhMe{muh#<vd{NzT8hJO~2nwSu@|uKui`Q8EdXeGz4>knk{9_V3%qdDcWDv}v)m4t9
z<k^O7as2~K;#kz6&_j;+XcIB_r9LslJ=plZ802GD7!wKurp5N7C0N7MrBiyAL~c=u
zE%@soR=E%Ksd7<Rzkb}c1=?E^tRZO%BD}eh;$H);oB)^Nt6e4N2J+}eE=O>Qhv{;}
zc{}#V^N3H>9mFM8`i`0p+fN@GqX+kl|M94$BK3J-X`Hyj8r!#x6Vt(PXjn?N)qedP
z=o1T^#<s;C9Ui_c^t!}2S-XqPF?-?4;fe4415B~F0>?1^a{;bZ&x`U{f?}TMo8ToN
zkHj5<VbXBbPLm`saJ%OL;G18~%@f$_blKkP1#<P0FY;5DtZHS)$u-A?Yn3SA3J@bT
zA1d!HbKV+f1Ugw07K&jwzua_~#;P<Rn>v|}r}wDEi7I@)Gj+S1aE<Lr;qg@51w32$
zyxn{bK>-GdnLN+$hw!=DzglMaj#{qjXi_dwpr|HL(gcCXwGLEmi|{4&4#OZ4ChceA
zKVd4K!D>_N=_X;{poT~4Q+!Le+ZV>=H7v1*l%w`|`Dx8{)McN@NDlQyln&N3@bFpV
z_1w~O4EH3fF@IzJ9kDk@7@QctFq8FbkbaH7K$iX=bV~o<VCiV&YRTZ}?C^!Fu2yC)
zv{Vzb(sB&ct#XXgvg1<Aax>#gfh?2JD6lZf(XP>~DACF)fGFt)X%-h1yY~MJU{nA5
ze2zxWMs{YdX3q5XU*9hOH0!_S24DOBA5usB+Ws$6{|AMe*joJ?RxfV}*7AKN9V*~J
zK+OMcE@bTD>TG1<D&k;gXJl_GYh`aH;$ZLob;4%Of6;ZSs-6Ri5E?%yZ1lwjNo$M0
zh+s;*GL1qh63T)l8*vTt!qBLZ)~cQ14>*yc?*qGqjBN8mgg@h1cJLDv)0!WRPIkC`
zZrWXrceVw;fB%3`6kq=a!pq|hFIsQ%ZS<kf2ia2#pBvu`A3V%+`AJvHB*NUK3~nQF
zw*gxnx7LCX(Z^1w*|SqdvT{$S%V#1K_mVQ7La-Aw%y<w}ejK@Lu|-CGm40~>lo~)D
z|64!aCnw-?>}AG|*iOl44KVf8@|joXi&|)1rB;EQWgm+iHfVbgllP$f!$<xMKNPGw
z75lQ-&s?W5309;y6gIrMn!YgKCh2h_t)HK6EcT@xYc0sgM!#>Wf42%NO5b(j9Bw6L
z;0dpUUK$5GX4QbMlTmLM_jJt!u<VK-KUt7Z%d43gTkafnEz;tKrLF`kq7eb@)^GVH
zVzlnCl^>r`_0~$b#BB7FL*%XFf<<YlClUogc56^3Yyh4jgqXW7(#Qu|X^(|f$!!nL
zr<Jlyt{`j<%HJ7(Ibr+qi51D$ikY1it_}mi&OTSv%-y{FbY?e9I<zP))1O}CdnlMB
z)E{0F(+ck9%;u_OGgFgau=Rw8qE6u}01y?;f@M5NLv*P|4@P3@#u%P9aWCL)&PJT|
zX@dygu5XWA26#e~n6RWn&*Bl^^VBtoVJBn^bDnW4mHo4ME6_YI9>b__1o)Ao<oAII
zl<ghkn)lbTvrX_mEpa~6_wy3!knhoEQy$s)O&Eje&DuVJ{~mIy!7WXiU&-a=SC+^7
zzq_L1{|UJN-6?C-bu@6*&_3i@#`~C#P@p9X(Ce2%iic!mTBMYuD`LZ<OM}*McxA(w
zkj(d|!1fegueE#LwG9egYdYR8KktNowE4+1AfZ@IuxN3gT>3rlobbN8-(T!1d<VYe
z=uu*dc`@_NH-vid1r!+qd!W<p6Hp2sR=vY4yh`?ujy)PePx7Y^!w{->-bR8D3S0@d
zLI!*GMb5s~Q<&sjd}lBb8Nr0>PqE6_!3!2d(KAWFxa{hm`@u|a(%#i(#f8{BP2wbs
zt+N_slWF4IF_O|{w`c~)Xvh&R{Au~CFmW#0+}MBd2~X}t9lz6*E7uAD`@EBDe$>7W
zzPUkJx<`f$0VA$=>R57^(K^h86>09?>_@M(R4q($!Ck6GG@pnu-x*exAx1jOv|>KH
zjNfG5pwm`E-=ydcb+3BJwuU;V&OS=6yM^4Jq{%AVqnTTLwV`AorIDD}T&<zk=U4_F
z%akElkXp@CbeS<cl%y^#t}u_*o+Kw^Xa%!S>jWr8pB&j28fVtk_y*JRP^t@l*($UZ
z6(B^-PBNZ+z!p?+e8@$&jCv^EWLb$WO=}Scr$6SM*&~B95El~;W_0(Bvoha|uQ1<y
zI;g~pq<puh8JAZSg`e`{9Ul}WlQxSt?3%o&hA!;)cXW-;B<UPjMu}?EtHvVS7g>T<
zO$%_oLAwf1bW*rKWmlD+@CP&$ObiDy=nh1b2ejz%LO9937N{LDe7gle4i!{}I$;&Y
zkexJ9Ybr+lrCmKWg&}p=`2&Gf10orS?<wSRKh%(i*-EzBy^*(nk#EV0x%s+gVr5#i
zF*^yn?NFz@z)jkaF%P~*zrnDtj18`Mit$=8TVU0_Xu0XQT-29W)`{}4Y{_WLO}la2
z3kum*Acd(?w(30MQ0iXECV4}56Baro5eg?Ji{&xv>4$Vr<ApIaAwLyRgnDz_63EnQ
zb0F~DwJxa8Y6V&P@8Y;IWU23PX|5YXwRO5>zWidT=*6{KzOGMo?KI0>GL0{iFWc;C
z+LPq%VH5g}6V@-tg2m{C!-$fapJ9y}c$U}aUmS{9#0CM*8pC|sfer!)nG7Ji>mfRh
z+~6CxNb<thuojmgyDIx-O?L~|1OMp?{&5*5nw(NYRF76i1VE!yuFbdk^SXpYh9d!e
zisi>>6eWKMHBz-w2{mLL<sWnSR{lp+GVAVGNcs2U?&%}ZbUT({ThKL33h5&godIvq
z#4SFCl~dpzw{Kf9GWC*<(5@{J-YWs96Ulo#)6da2L@e?NLIhPLoWud(Gbix6rPhyM
z+#ezG31H`whsp_@rDLe9hoK&0hz}tS!3q2%y1yY-p%>wdA7dA-qfTu^A2yG1+9s5k
zcF=le_UPYG&q!t5Zd_*E_P3Cf5<i9lV%B>T6821bO<oZ<I;eq^g7*0L=5+o%xOyh3
zV}b+qIu^3vM+=S`g6~mUfaz2O^0b~+Y02%irk{L(|9!#otC{hV00sh*`O?q-K|B9x
zc@lEAaI-VBcNOzAF>`daa`;DODm8Ih8k89=RN;-asHIigj`n=ux>*f!OC5#;X5i;Q
z+V!GUy0|&Y_*8k_QRUA8$lHP;GJ3UUD08P|ALknng|YY13)}!!HW@0z$q+kCH%xet
zlWf@BXQ=b=4}QO5eNnN~CzWBbHGUivG=`&eWK}<gH9L&>beuV*;?zt=P#pM*eTuy3
zP}c#}AXJ0OIaqXji78l;YrP4sQe#^pOqwZUiiN6^0RCd#D271XCbEKpk`HI0IsN^s
zES7YtU#7=8gTn#lkrc~6)R9u&SX6*Jk4GFX7){E)WE?pT8a-%6P+zS6o&A#ml{$WX
zABFz#i7`DDlo{34)oo?bOa4Z_lNH>n;f0nbt$JfAl~;4QY@}NH!X|A$KgMmEsd^&Y
zt;pi=>AID7ROQfr;MsMtClr5b0)xo|fwhc=qk33wQ|}$@?{}qXcmECh>#kUQ-If0$
zseb{Wf4VFGLNc*Rax#P8ko*=`MwaR-DQ8L8V8r=2N{Gaips2_^cS|oC$+yScRo*uF
zUO|5=?Q?{p$inDpx*t#Xyo6=s?bbN}y>NNVxj9NZCdtwRI70jxvm3!5R7yiWjREEd
zDUjrsZhS|P&|Ng5r+f^kA6BNN#|Se}_GF>P6sy^e8kBrgMv3#vk%m}9PCwUWJg-AD
zFnZ=}lbi*mN<K#(vlYbGZAX^KQmjvAYCRG*UOU`z2$j+74AdgXr3(r`Z*t~vhyGOF
z)w@e8rCo#wjxU`Xq#TN0kURQy8Y45b@jCRNbbQi7ac)K;Y9F%JPMNFNffNKTTeU*T
zHQTmYG^Gu1I@&Jv`71fu(BSKE_ZcDAC6eM{-i#Ce{raky!z_b9d|h7zARvnW>-AOm
zCs)r=*YQAA!`e<R&0)*Xk7%|k&^;uv62@(5&ac_hW*F9=TfvBeS~Qh~EX`oba74cG
z_zl_hTH19>#1N>aHF=bb*z*hXH#Wl$z^o}x##ZrUc=kh%OHWhp=7;?8%Xj||@V?1c
ziWoaC$^&04;A|T)!Zd9sU<cT<Lad$0pGXX1w=fLRLa7aSLO9sinK2%NmW<mIFjiuc
z-cT9?*>zE&$ODyJ<B|PnBKliB6c94vLSghm91pGb$1o^7rM2a&%c}D$u}j(J@zRz#
zi%s0i4BD9?+o@$HB_##NjTPLR3oh&PgIxvX>aBpvqsw19Uiuq{i#VK1!htkdRWBnb
z`{rat=nHArT%^R>u#CjjCkw-7%g53|&7z-;X<Ac^=g(0g1=gRkv{@6{)+2MuRw4?q
zSyffm46G$5&03=o2M%0CNA&bH8`|Q+lj*sOSA!_VPI<qibefjTL~ySR5|HpXSu-Wk
zjm)E}CNtR?XF>+ewb?OLWiV|#nuc8mp*LuGSi3IP<<*Wyo9GKV7l0Noa4Jr0g3p_$
z*R9{qn=?IXC#WU>48-k5V2Oc_>P;4_)J@bo1|pf=%Rcbgk=5m)CJZ`caHBTm3%!Z9
z_?7LHr_BXbKKr=JD!%?KhwdYSdu8XxPoA{n8^%_lh5cjRHuCY9Zlpz8g+$f@bw@0V
z+6DRMT9c|>1^3D|$Vzc(C?M~iZurGH2pXPT%F!JSaAMdO%!5o0uc&iqHx?ImcX6fI
zCApkzc~OOnfzAd_+-DcMp&AOQxE_EsMqKM{%dRMI5`5CT&%mQO?-@F6tE*xL?aEGZ
z8^wH@wRl`Izx4sDmU>}Ym{ybUm@F83qqZPD<I_<D@SDBXpcm$%pP;@}1x+1rECR~6
z%mPO96ZtCMfz6TZL_tB_o<jX(0%{4O*=Jpf{(}rOT%n6F&#4F#H{^%{gCRk)ccFmy
zlAyZVmLT4N#~F)~@`1bcBU<gu4>6nFm?t?(7>h*?`fw)L3t*l%*iw0Qu#?$5eq!Qc
zpQvqgSxrd83NsdO@lL6#{%lsYXWen~d3p4fGBb7&5xqNYJ)yn84!e1PmPo7ChVd%4
zHUsV0<QfI}<M8O`g)!{5VcjkDZIjCu8(aqo6;;=sPlL7o>Mh?VpzZD=A6%)Qrd~i7
z96*RPbid;BN{Wh?adeD_p8YU``kOrGkNox3D9~!K?w>#kFz!4lzOWR}puS(DmfjJD
z`x0z|qB33*^0mZdM&6$|+T>fq>M%yoy(BEjuh9L0>{P&XJ3enGpoQRx`v6$txXt#c
z0#N?b5%srj(4xmPvJxrlF3H%OM<X=kF451d5XRpaI3Rddya;o<MiVe63o}q9!6}_c
zo)Za~rjO%XWDn6$-;t})ZmU#rhSPD)qiCJFwO-$XixQk0X*gbZ^iyuL^ft*8RskMZ
z61oYTT##Iok;Rg+0anh212gV|jFfog*GZX}VV7x@cwuYn2k0l|CdXJ3M&=>B!jvfy
z;wx8RzU~lb?h_}@V=bh6p8PSb-dG|-T#A?`c&H2`_!u+uenIZe`6f~A7r)`9m8atC
zt(b|6Eg#!Q*DfRU=Ix`#B_dK)nnJ_+>Q<1d7W)eynaVn`FNuN~%B;uO2}vXr5^zi2
z!ifIF5@Zlo0^h~8+ixFBGqtweFc`C~JkSq}&*a3<b*AGX+4JAVcr=k1@(BfrL*bH3
zB2tsVQA!i($9n4x3TKj4fyB9v6dVeLF9ce$&KiuST#O+L;`7)j^T{2s!k-fHs3AFL
z;*i&)+V}HhjAA_Rcq9bBAlY`@fUE4EXY~}ibwoho??7zC!;EPmIuC?iA|=eX-ry23
zydv?^AaCLg6^~XLVJgXk5t3-5-l5#+-WH4#R6H+-pH>C}L?b5Mh-bW=e)({F_g4O3
zb@SFTK3VD9QuFgFnK4Ve_pXc3{S$=+Z;;4+;*{<o#P)-O8F)a#4K`1Xm|~?q)i|U3
zYQ`j;(xom@I4xe9dA2S6y-d+xYe;^;M{B3B`KM&`C&=Gb<o8unUCEbv9DNO{|Er29
z8aca|Ig>H}Rc;845rP?DLK6G5Y-xdUKkA6E3Dz&5f{F^FjJQ(NSpZ8q-_!L3LL@H*
zxbDF{gd^U3uD;)a)sJwAVi}7@%pRM&?5IaUH%+m{E)DlA_$IA1=&jr{KrhD5q&lTC
zAa3c)A(K!{#nOvenH6XrR-y>*4M#DpTTOGQEO5Jr6kni9pDW`rvY*fs|ItV;CVITh
z=`rxcH2nEJpkQ^(;1c^hfb8vGN;{{oR=qNyKtR1;J>CByul*+=`NydWnSWJR#I2lN
zTvgnR|MBx*XFsfdA&;tr^dYaqRZp*2NwkAZE6kV@1f{76e56eUmGrZ>MDId)oqSWw
z7d&r3qfazg+W2?bT}F)4jD6sWaw`_fXZGY&wnGm$FRPFL$HzVTH^MYBHWGCOk-89y
zA+n+Q6EVSSCpgC~%uHfvyg@ufE^#u?JH?<73A}jj5iILz4Qqk5$+^U(SX(-qv5agK
znUkfpke(KDn~dU0>gdKqjTkVk`0`9^0n_wzXO7R!0Thd<OO)*@xLj!dA|^KI{(+g5
z4&&;v3+^PaBya7Rnu#!)XYc}vIWqv)^MY!O)bd!?B<}^dB*bn^DfNh`{LBe@BaZ7K
z79Vu@{$pu8y#gTfUJ?t()owinp0&lUvSWm~f6lhfPNSF&`a(>@S;U`y)VVP&mOd-2
z(hT(|$=>4FY;CBY9#_lB$;|Wd$aOMT5<N7HW=#J5xiuClp{tnl<jC$q#gWfwjqeAY
zV;sA^S=5DG9oD|_sR@+2OPrAQibqT{OGVV96@Akgvd57K5T@^KQN}?9VsiR^`m+&4
z6Wo=&#vs$B<Y9Yj#aZVD^shN}siQ$PUDTmt>O_3}DYXEHn&Jrc3`2JiB`b6X@EUOD
zVl0S{ijm65@n^19T3l%>*;F(?3r3s?zY{thc4%AD30CeL_4{8x6&cN}zN3fE+x<9;
zt2j1RRVy5j22-8U8a6$pyT+<`f+x2l$fd_{qEp_bfxfzu>ORJsXaJn4>U6oNJ#|~p
z`*ZC&NPXl&=vq2{Ne79AkQncuxvbOG+28*2wU$R=GOmns3W@HE%^r)Fu%Utj=r9t`
zd;SVOnA(=MXgnOzI2@3SGKHz8HN~Vpx&!Ea+Df~`*n@8O=0!b4m?7cE^K*~@fqv9q
zF*uk#1@6Re_<^9eElgJD!nTA@K9C732tV~;B`hzZ321Ph=^BH?zXddiu{Du5*IPg}
zqDM=QxjT!Rp|#Bkp$(mL)aar)f(dOAXUiw81pX0DC|Y4;>Vz>>DMshoips^8Frdv}
zlTD=cKa48M>dR<>(YlLPOW%rokJZNF2gp8fwc8b2sN+i6&-pHr?$rj|uFgktK@jg~
zIFS(%=r|QJ=$kvm_~@n=ai1lA{7Z}i+zj&yzY+!t$iGUy|9jH#&oTNJ;JW-3n>DF+
z3aCOzqn|$X-Olu_<wOD+V1cxb0Z}9)qPN6k=yG%7N(OXSN(!|;<~~&ZV7<|dWJ*$O
zcc8BYF-@yY+0BQ2=@gx;O-;QS>p7brzn`uk1F*N4@=b=m;S_C?#hy{&NE#3Hk<sC+
z@RVY+px5c26lyz%OfzZTn@(3s>ATrg?enaVGT^$qIjvgc61y!T$9<1B@?_ibtDZ{G
zeXInVr5?OD_nS_O|CK3|RzzMmu+8!#Zb8Ik;rkIAR%6?$pN@d<0dKD2c@k2quB%s(
zQL^<_EM6ow8F6^wJN1QcPOm|ehA+dP(!>IX=Euz5qqIq}Y3;ibQtJnkDmZ8c8=Cf3
zu`mJ!Q6wI7EblC5RvP*@)j?}W=WxwCvF3*5Up_`3*a~z$`wHwCy)2risye=1mSp%p
zu+tD6NAK3o@)4VBsM!@);qgsjgB$kkCZhaimHg&+k69~drbvRTacWKH;YCK(!rC?8
zP#cK5JPHSw;V;{Yji=55X~S+)%(8fuz}O>*F3)hR;STU`z6T1aM#Wd+FP(M5*@T1P
z^06O;I20S<pPBYLx^KQ-E#4lJKf0#2<$Urm^J75xe^_~ooFOaniz#EWEnAqL5nl;d
z;Y?#EUwvbZHb_{bP#Z+Xi6;``%`1xT4(Qh>k!bxW<-O;E081KRdHZrtsGJflFRRFS
zdi5w<L%xAIZMaxEN{|sC`S2LX=HNoo7yNMxu?JQZn!#EHpMVSC`Z-rSU>9OVDGSL3
zNrC7GVsGN=b;YH9jp8Z2$^!K@h=r-xV(aEH@#JicPy;A0k1>g1g^XeR`YV2HfmqXY
zYbRwaxHvf}OlCAwHoVI&QBLr5R|THf?nAevV-=~V8;gCsX>jndvNOcFA+DI+zbh~#
zZ7<oMFIjT?dRB+;KT%*|Gjj)Lv;R$(lsDCpKH})P;^<HgAW$|Ic$UC!!9k_^)<VFb
z+R-4(+=Oiwvgpt>`qNk&w+_+Yp!}j;OYxIfx_{f0-ONc?mHCiCUak=>j>~>YR4#w#
zuKz~UhT!L~GfW^CPqG8Lg)&Rc6y^{%3H7iLa%^l}cw_8UuG;8nn9)kbPGXS}p3!L_
zd#9~5CrH8xtUd?{d2y^PJg+z(xIfRU;`}^=OlehGN2=?}9yH$4Rag}*+AWotyxfCJ
zHx=r7ZH>j<rs-kbQ;s$ZI)B{YCAt<1f8=Z!C#+cW@(f}Vui2`~bhsJNt4X5FEVH#V
zmS~5qafT)ZOfofB3RY^p$qiO+hKg5MB@4BiWOlTuD_ywdEG^^`73sk%6$@P{w!m`d
zG%&#}O$F6xyMIL5Ey>2kV?%7WTtp+-HMa0)_*DBBmC{sd$)np&GEJ__kEd`xB5a2A
z*J+yx>4o#ZxwA{;NjhU*1KT~=ZK~GAA;KZHDyBNTaWQ1+;tOFFthnD)DrCn`DjBZ%
zk$N5B4^$`n^jNSOr=t(zi8TN4fpaccsb`zOPD~iY=UEK$0Y70bG{idLx@IL)7^(pL
z{??Bnu=lDeguDrd%qW1)H)H`9otsOL-f4bSu};o9OXybo6J!Lek`a4ff>*O)BDT_g
z<6@SrI|C9klY(>_PfA^qai7A_)VNE4c^ZjFcE$Isp>`e5fLc)rg@8Q_d^Uk24$2bn
z9#}6kZ2ZxS9<C46&Y+Q7nYM#)S{~e<-0SXbx^w1jyAP0t!{t{i)+bD@w$9YAlUQVZ
z1TZ|^=9cLiz;Bipmt#c?%u(c5s;}6EMb|KG%X+!BskufNDiLAbfcJAi-eKFCylmQ6
zcLgpiYS;T5u|4vj(43@Xs-;?LT?Reu-O1voTo*8Sg!T${N!fhDdj5F-jP4kcswNTc
zUPNlqr9(p*&QkY(6{Uw9+-&ZY^AVhuru!iEZSXWk{J62Y8RTWl#jvm?@UsOLN*n1U
z!!2c97^PYdYbw;1W(h-dY_NJ_bbOqzz80YwLA6En%W5F}=@a-dB;!cvFG55bE7@zZ
zf}Zz=u;({6%w-qMyr7YLW0H?0K>sI(RqT7?El2@B+($>eBQrNi_k#CDJ8D9}8$mmm
z4oSKO^F$i+NG)-HE$O6s1--6EzJa?C{x=QgK&c=)b(Q9OVoAXYEEH20G|q$}Hue%~
zO3B^bF=t7<z$Rj(z@}-%hhp0KDg5g-Vvj!qOr85&aqTpaaojC^CwQZHKk%N1&RJ@?
z3@mmU8UkLd^u+>t48sN<h@~F@WN(LX`%4J3P$~sLqIq2q^WYYan1y*WKS{^KXRSVj
zlRp2YD0*vmi}GIu(VMSMj`)AFtcV!7m`T~YnAy8nxmvlKskk~@*;{;3?|-#CT^;_>
zWh_zA`w~|){-!^g<vJDMm4#3w(!Hhyj3dofOB57x=Mu^T@6Gt<KN~lv>?6Mqf6ieV
zFx~aPUOJGR=4{KsW7I?<=J2|lY`NTU=lt=%JE9H1vBpkcn=uq(q~=?iBt_-r(PLBM
zP-0dxljJO>4W<w&)Z{UhZ0!m()I68e=px8_4B`37AI|bCZuMk_SVKAQz?8+4(l0C)
z<3()qDfD9UTW*wnelf4D7bR(}=TB;gs;ds+7QE~CAQ*jDKKADDC`3G?7kn$!=a5d&
z?I(JT9>q-;stY)CLB4q`-r*T$!K2o}?E-w_i>3_aEbA^MB7P5piwt1dI-6o!qWCy0
ztYy<q;G5p>!x9arGTS?kabkkyv*yxvsPQ7Vx)twkS6z2T@kZ|kb8yjm+^$|sEBm<L
zGtKcNM?a1<P1GHe%USdss^9iYmKI=GuiV`dL*Z(*)<W%!5IIDyJ!oJjHJOEa1m1VQ
zKco1NMHn5?h{5SRY#VFF?T!bo5_IIEbO;WfqdSQACJa+&8o3bgw;L^BimN?NlN(v)
zotn;%myS`DPUIQ+7RCnB)mY`2o&e;1Xh962y`p4wurO(bDXEWXms!a&F9;L0^G^Mo
zh1W&LQdXhd1KHjKV}xwOkQ>vACeqbz)RmxkkDQX-A*K!YFziuhwb|ym>C$}U|J)4y
z$(z#)GH%uV6{ec%Zy~AhK|+GtG8u@c884Nq%w`O^wv2#A(&xH@c5M`Vjk*SR_tJnq
z0trB#aY)!EKW_}{#L3lph5ow=@|D5Lz<fcUCo&Ka|9|4HGWHH0_J4ujUnr>JYUFD6
z7XnUeo_V0DVSIKMFD_T0AqAO|#VFDc7c?c-Q%#u00F%!_TW1@JVn<z*P@k#}SDu4q
z5BK|xV6S3>sfvm@_9HKWflBOUD~)RL``-!P;(bCON_4eVdduMO>?IrQ__*zE@7(OX
zUtfH@AX*53&xJW*Pu9zcqxGiM>xol0I~QL5B%Toog3Jlenc^WbVgeBvV8C8AX^Vj&
z^I}H})B=VboO%q1;aU5ACMh{yK4J;xlMc`jCnZR^!~LDs_MP&8;dd@4LDWw~*>#OT
zeZHwdQWS!tt5MJQI~cw|Ka^b4c|qyd<d8BjG@CVcx~A0@_+-3ySS5}V#nYxqHn&dJ
z3huaTsOBL$pM0~v6%?s%@?17;o|*#UY1tt-m0po1{B8Xt+V4%@*4l_1x6MTTu=i^t
zEF!^0`A{SAgixqmbf=fe`Q#RQV7q0JEE%qC5Cl7U3dvP`CnnYy>_ly(+Ql2m&AAw^
zQeSXDOOH!!mAgzAp0z)DD>6Xo``b6QwzUV@w%h}Yo>)a|xRi$jGuHQhJVA%>)PUvK
zBQ!l0hq<3VZ*RnrDODP)>&iS^wf64<Gan-0fT=xEEaI^H)!ok-sB8re6ozEmX5c@6
zvzFx43)HzN8|btxEr_+m_ES??hMpoBdA+u`<Ko)3jSDsJ<bNahp^L1kFKCk01nKG#
zd~B+qtlfL5f8$8ToxOxz!oqk&<wEbF*v1K2QV8d>C;MGqDvx>|p;35%6(u+IHoNbK
z;Gb;TneFo<v+>*`zUKS6kwF*&b!U8e5m4YAo03a_e^!5BP42+r)LFhEy?_7U1IR<;
z^0v|DhCYMSj<-;MtY%R@Fg;9Kky^pz_t2nJfKWfh5Eu@_l{^ph%1z{jkg5jQrkvD<
z#vdK!nku*RrH~TdN~`wDs;d>XY1PH?O<4^U4lmA|wUW{Crrv#r%N>7k#{Gc44Fr|t
z@UZP}Y-TrAmnEZ39A*@6;ccsR>)$A)S>$-Cj!=x$rz7IvjHIPM(TB+JFf{ehuIvY$
zsDAwREg*%|=>Hw$`us~RP&3{QJg%}RjJKS^mC_!U;E5u>`X`jW$}P`Mf}?7G7FX#{
zE(9u1SO;3q@ZhDL9O({-RD+SqqPX)`0l5IQu4q)49TUTkxR(czeT}4`WV~pV*KY&i
zAl3~X%D2cPVD^B43*~&f%+Op)wl<&|D{;=SZwImydWL6@_RJjxP2g)s=dH)u9Npki
zs~z9A+3fj0l?yu4N0^4aC5x)O<N_(0*g4u)%5Tt4@gHE>snm0qrhz@?nwG_`h(71P
znbIewljU%T*cC=~NJy|)#hT+lx#^5MuDDnkaMb*Efw9eThXo|*WOQzJ*#3dmRWm@!
zfuSc@#kY{Um^gBc^_Xd<M_=Opb*sV>xnl!n&y&}R4yAbK&RMc+P<gSSGsa9{ngu3h
za2rxBU6lA9Q9VAy<_CQ=#9?ge+|8rFr3YI44QC0@KPf?KG3#CkaUontfvoWcA#`fT
zUZ-M@9-{1Ei|?wN2X<<LG$En}QHwMqs=8ZuZNc+NsKkIl=}k#BjOIG2xpH6pY<h{d
zJ7c4SQ-wCPPp+Ave;R605<i{lO4KXOUo>^Ti;YIUh|C+K<WCtgj)+#X5!{~T0amf)
zA{NO!xG0_A(b+3`Y%~$@K6*;z4@GJOlO9iW_I)Uf=v75p{Zaa%riIlQ1XqxqD1P*v
zC_nl;^-H^oHskLi&AkX0pf_;|=*Q=gaUudCp%zN>1|=Z^{nZ}}rxH*v{xR!i%qO~o
zTr`WDE@k$M9o0r4YUFFeQO7xCu_Zgy)==;fCJ94M_rLAv&~NhfvcLWCoaGg2ao~3e
zBG?Ms9B+efMkp}7BhmISGWmJsKI@a8b}4lLI48oWKY|8<gk-*;t9-{k%FCJZFy<gM
z@C~rOBUWWT##Z+g3*3Vzs8fuTtjp`u#+{x*gRagQ8={zUb)t|^B2y%Lt=XH5-VU*g
zu-s*8g`Ceku&#kTTsG4pdKc+Q1?Ns^+`Anuzw^Kt@dXzw8(rtBy~EfPkytdOlMc6V
z+PjsVo1fq23ba`d{M8JQ|H)T-V`Ygmnsk8K`>?zuuNc$lt5Npr+<T4KxJJ<bPDeY<
zV$Y5gj%daxmn&XvpKy&xAedNSRNzj*+uARZbEwx*_BW(K#OMC!{`XgH-y>p7a#sWu
zh!@2nnLBVJK!$S~>r<AjX6^_+fORZ96soQxKn~@)BfuHDd$;Hq1kJ%oj=cQPA05n|
zlDech7|+hqRvU>2-pN||^w|fY`CT{TFnJy`B|e5;=+_v4l8O-fkN&UQbA4NKTyntd
zqK{xEKh}U{NHoQUf!M=2(&w+eef77VtYr;xs%^cPfKLObyOV_9q<<ILDt_So;x8tA
z{AwHiN2#Wqm5a+41^y+oU(NG>(%76-J%vR>w9!us-0c-~Y?_EVS<!Xa#y}`2>%v!*
z15s2s3eTs$Osz$JayyH|5nPAIPEX=U;r&p;K14G<1)bvn@?bM5kC{am|C5%hyxv}a
z(DeSKI5ZfZ1*%dl8frIX2?);R^^~LuDOpNpk-2R8U1w92HmG1m&|j&J{EK=|p$;f9
z7Rs5|jr4r8k5El&qcuM+YRlKny%t+1CgqEWO>3;BSRZi(LA3U%Jm{@{y+A+w(gzA<
z7dBq6a1sEWa4cD0W7=Ld9z0H7RI^Z7vl(bfA;72j?SWCo`#5mVC$l1Q2--%V)-uN*
z9ha*s-AdfbDZ8R8*fpwjzx=WvOtmSzGFjC#X)hD%Caeo^OWjS(3h|d9_*U)l%{Ab8
z<xdQ$23|WMjf-IqBJa@-|5QJamPBg?UmANYzk#NVaoTNbS)|8H20|;zb3-A+V#wVA
z0O?V!?94t>fv$yoP{OuUl@$(-sEVNt{*=qi5P=lpxWVuz2?I7Dc%BRc+NGNw+323^
z5BXGfS71oP^%apUo(Y#xkxE)y?>BFzEBZ}UBbr~R4$%b7h3iZu3S(|A;&HqBR{nK&
z$;GApNnz=kNO^FL&nYcfpB7Qg;hGJPsCW44CbkG1@l9pn0`~<fs1~obTx_FSX-JYV
zGQWAl6QMe=gj$TPFe4r4b4Ol;Htq0ghUXm#FhLL;q=vj^?zll8F~1Y_ME5KlGBn?W
zJLZAtGO*e1y^&@oxuzM@8GNx$4<>oKy5S777uH)l{irK!ru|X+;4&0D;VE*Ii|<3P
zUx#xUqvZT5kVQxsF#~MwKnv7;1pR^0;PW@$@T7I?s`_rD1EGUdSA5Q(C<>5SzE!vw
z;{L&kKFM-MO>hy#-8z`sdVx})^(Dc-dw;k-h*9O2_YZw}|9^y-|8RQ`BWJUJL(Cer
zP5Z@fNc>p<r+olf3Wx4QNlGzhncc!S>TXABbTRY-B5*MphpZv6#i802giwV&SkFCR
zGMETyUm(KJbh+&$8X*RB#+{surjr;8^REEt`2<qz>&Dubw3$mx>|~B5IKZJ`s_6fw
zKAZx9&PwBqW1Oz0r0A4GtnZd7XTKViX2%kPfv+^X3|_}RrQ2e3l<T~g*|IE{P97HV
zvf#Y<i{KPN_dP%1)NHb~ix&=&GH9>=KG_VyY`H?I5&CS+lAX5HbA%TD9u6&s#v!G>
zzW9n4J%d5ye7x0y`*{KZvqyXUfMEE^ZIffzI=Hh|3J}^yx7eL=s+TPH(Q2GT-sJ~3
zI463C{(ag7-hS1ETtU;_&+49ABt5!A7C<XW?{o=2DnJxLDD~{m*zq$azI0t7>wLwe
z=SoA8mYZIQeU;9txI=zcQVbuO%q@E)JI+6Q!3lMc=Gbj(ASg-<Uq;hB9d^p}DAXc~
zT?U|Ep>{V27u>z2e8n;Nc*pf}AqKz1D>p9G#QA+7mqqrEjGfw+85Uyh!=tTFTv3|O
z+)-kFe_8FF_EkTw!YzwK^Hi^_dV5x-Ob*UWmD-})qKj9@aE8g240nUh=g|j28^?v7
zHRTBo{0KGaWBbyX2+lx$wgXW{3aUab6B<q-FjF>hm1G1{jTC7ota*JM6t+qy)c5<@
zpc&<Cv-}2TvNf)-u^)w4IR#IAb30P8NKX2F^|M`)t)gNvmzY$92){_sASc~#MG?G6
z01+~17JwM!JPSxaJJtTz7$&8s`H3FldxQ%9@~nj<<O#kvf=K=$4nLLmHGiFo3Mq&*
ziIi#gQw#(**q&>(jVdTJf(q3xB=JotgF$X>cxh7k*(T`-V~AR+`%e?YOeALQ2Qud(
zz35YizXt(aW3qndR}fTw1p()Ol4t!D1pitGNL95{SX4ywzh0SF;=!wf=?Q?_h6!f*
zh7<+GFi)q|XBsvXZ^qVCY$LUa{5?!CgwY?EG;*)0ceFe&=A;!~o`ae}Z+6me#^sv-
z<kA1n(=XTnu@rJsCenhu-Zv&%WBDK;wE+-m5)3gqDM=UJSV|IgE?>1F6=WNd6>M(~
z+092z>?Clrcp)lYNQl9jN-JF6n&Y0mp7|I0dpPx+4*RRK+VQI~>en0Dc;Zf<!>l+x
z_e_b7s`t1_A`RP3$H}y7F9_na%D7EM+**G_Z0l_nwE+&d_kc35n$Fxkd4r=ltRZhh
zr9zER8>j(EdV&Jgh(+i}ltESBK62m0nGH6tCBr90!4)-`HeBmz54p~QP#dsu%nb~W
z7sS|(Iydi>C@6ZM(Us!jyIiszMkd)^u<1D+R@~O>HqZIW&kearPWmT>63%_t2B{_G
zX{&a(gOYJx!Hq=!T$RZ&<8LDnxsmx9+TBL0gTk$|vz9O5GkK_Yx+55^R=2g!K}NJ3
zW?C;XQCHZl7H`K5^BF!Q5X2^Mj93&0l_O3Ea3!Ave|ixx+~bS@Iv18v2ctpSt4zO{
zp#7pj!AtDmti$T`e9{s^jf(ku&E|83JIJO5Qo9weT6g?@vX!{7)cNwymo1+u(YQ94
zopuz-L@|5=h8A!(g-<F;G9^=CwUG2BBM&6@esQFH4>MXgLJC0MA|CgQF8qlonnu#j
z;uCeq9ny9QSD|p)9sp3ebgY3rk#y<wu$Scub#>0DA(SHdh$DUm^?GI<>%e1?&}w(b
zd<n{_{wZL^#}W>ip1;P2Z=1wM+$q=TgLP$}svd!vk+BZ@h<^4R=GS2+sri7Z*2f`9
z5_?i)xj?m#pSVchk-SR!2&uNhzEi+#5t1Z$o0PoLGz*pT64%+|Wa+rd5Z}60(j?X=
z{NLjtgRb|W?CUADqOS@(*MA-l|E342NxRaxLTDqsO<GMIr8u8#%dIQrz(r`Q(hkza
zil8N-`Js{wU0Gy<JdGKt>yfWWe%N(jjBh}G<qND?0TH2WotV2BO}oGFXR`nNIoZPu
zAYBqht4AIf6%UvOQWL(@v@#P!g?Z{m=yxdflhU-MrdJ3Lu4OwZ%yKkuPkk0$Ko)O*
z;5yrsNkvYZsjZQILNsEr+ECa0P<^XyVVf2;%`lxDRkz-!;wa1;EB{emo`C=%{Gykq
zq<4i~ETk#P9zK#gq4PdG1l$Vspzwyb@<LIRCp@UiYQvSVfg*oiL+eCZD0<3etyAQ>
zm7WPel6jXijaTiNita+z(5GCO0NM=Melxud57P<u@R2P46Q9-DyjXBHUN>P^d_U##
zbA;9iVi<@wr0DGB8<n8`yw;2Kv**CeqAs$L&plPhIa#v7(dTNoPt@&}ED@M*lxC!x
z`6s~+J|uy;3o7Lq<uMmSEF9Dw$gP)!=7bwIZF}v$SuOexM&6SRtdGcL+`+Tm+leuz
zpp$tX{Sz|>=T9Ab#2K_#zi=<XArhO6r_`n&7XSM212-MzWyRNG*!uO-#ecnE^8eXw
z{A)4%t2FvosVP<UQ~s;l`0?z0m3m-lgN!65Mz=sfFM<3$$g-N5nIt_Q>$igy<I%16
z>K48@;V|W`fg~7;+!q8)aCOo{HA@vpSy-4`^!ze6-~8|QE||hC{ICKllG9fbg_Y7v
z$jn{00!ob3!@~-Z%!rSZ0JO#@>|3k10mLK0JR<I1S>KP-Cc8UYFu>z93=Ab-r^oL2
zl`-&VBh#=-?{l1TatC;VweM^=M7-DUE>m+xO7Xi6vTEsReyLs8KJ+2GZ&rxw$d4IT
zPXy6pu^4#e;;ZTsgmG+ZPx>piodegkx2n0}SM77+Y*j^~ICvp#2wj^BuqRY*&cjmL
zcKp78aZt>e{3YBb4!J_2|K~A`lN=u&5j!byw`1itV(+Q_?RvV7&Z5XS1HF)L2v6ji
z&kOEPmv+k_lSXb{$)of~(BkO^py&7oOzpjdG>vI1kcm_oPFHy38%D4&A4h_CSo#lX
z2#oqMCTEP7UvUR3mwkPxbl8AMW(e{ARi@HCYLPSHE^L<1I}OgZD{I#YH#GKnpRmW3
z2jkz~Sa(D)f?V?$gNi?<F$5NpPo_(+mLu%j0uVGhEpW~}8A-6p@(iN<J78jy&84)}
zW71~;kMKbRG+MZ(!>6)Y;Sm{&?~2p=0&BUl_(@hYeX8YjaRO=IqO7neK0RsSNdYjD
zaw$g2sG(>JR=8Iz1<iqC50Fc?zkwnhu-?J#4v?gbo)h!toq+!EipMj&Dd=4)`^!2@
zL(!GW5QxLJO&{?1u~Q}Au)moY@9Q-~Yr01D0la`rUI3jK%5PxGU7;z+IlI=Bb;^2b
zL|Kc&B2+#W3&e}l>SK4`*kqd_3-?;_BIcaaMd^}<@MYbYisWZm2C2<aQM85hCqTrH
z{L!?Z_;my2c?%RMej)yS*$eqpa!UR3e9te>|Np_l|8r9yM|JkUngSo@?wci(7&O9a
z%|V(4C1c9pps0xxzPbXH=}QTxc2rr7fXk$9`a6TbWKPCz&p=VsB8^W96W=BsB|7bc
zf(QR8&Ktj*iz)wK&mW`#V%4XTM&jWNnDF56O+2bo<3|NyUhQ%#OZE8$Uv2a@J>D%t
zMVMiHh?es!Ex19q&6eC&L=XDU_BA&uR^^w>fpz2_`U87q_?N2y;!Z!bjoeKrzfC)}
z?m^PM=(z{%n9K`p|7Bz$LuC7!>tFOuN74MFELm}OD9?%jpT>38J;=1Y-VWtZAscaI
z_8jUZ#GwWz{JqvGEUmL?G#l5E=*m>`cY?m*XOc*yOCNtpuIGD+Z|kn4Xww=BLrNYS
zGO=wQh}Gtr|7DGXLF%|`G>J~l{k^*{;S-Zhq|&HO7rC_r;o`gTB7)uMZ|WWIn@e0(
zX$MccUMv3ABg^$%_lNrgU{EVi8O^UyGHPNRt%R!1#MQJn41aD|_93NsBQhP80yP<9
zG4(&0u7AtJJXLPcqzjv`S~5;Q|5TVGccN=Uzm}K{v)?f7W!230C<``9(64}D2raRU
zAW5bp%}VEo{4Rko`bD%Ehf=0voW?-4Mk#d3_pXTF!-TyIt6U+({6OXWVAa;s-`Ta5
zTqx&8msH3+DLrVmQOTBOAj=uoxKYT3DS1^zBXM?1W+7gI!aQNPYfUl{3;PzS9*F7g
zWJN8x?KjBDx^V&6iCY8o_gslO16=kh(|Gp)kz8qlQ`dzxQv;)V&t+B}wwdi~uBs4?
zu~G|}y!`3;8#vIMUdyC7YEx6bb^1o}G!Jky4cN?BV9ejBfN<&!4M)L&lRKiuMS#3}
z_B}Nkv+zzxhy{dYCW$oGC&J(Ty&7%=5B$sD0bkuPmj7g>|962`(Q{ZZMDv%YMuT<n
z1<0L@A~^*&C~fETTawHVh1kk4b*^p0vQ^7?+3dKBe<pM8Snh`k_7R%#IZRUEl1U~%
z`#y5ddd+xk?tVQb4dNJ(7Ry%2!BTF1HzW?PK!2%Oj>^Kwe<oH3RpEUQV(1=JAftKZ
zy};jv^`iGA^yoK}($W9zl~UM?CzovcbP5)_-K0QR<B0^>iRDvYTEop3IgFv#)(w>1
zSzH><Zx#DBcM*ETggCrIL|G$?#sL+^<gVn#xwx<>J`q!LK)c(AK>&Ib)A{g`<Y-)}
z(@A>Fdykxqd`Yq@yB}E{gnQV$K!}RsgMGWqC3DKE(=!{}ekB3+(1?g}xF>^icEJbc
z5bdxAPkW90atZT+&*7qoLqL#p=>t-(-lsnl2XMpZcYeW|o|a322&)yO_8p(&Sw{|b
zn(tY$xn5yS$DD)UYS%sP?c|z>1dp!QUD)l;aW#`%qMtQJjE!s2z`+bTSZmLK7SvCR
z=@I4|U^sCwZLQSfd*ACw9B@`1c1|&i^W_OD(570SDLK`MD0wTiR8|$7+%{cF&){$G
zU~|$^Ed?TIxyw{1$e|D$050n8AjJvvOWhLtLHbSB|HIfjMp+gu>DraHZJRrdO53(=
z+o-f{+qNog+qSLB%KY;5>Av6X(>-qYk3IIEwZ<NM%r#@ph<M*8##>5~6a+P9lMpC^
z8CJ0q>rEpjlsxCvJm=kms@tlN4+sv}He`xkr`S}bGih4t`<??rFdF>+#VEIt{1veE
z{ZLtb_pSbcfcYPf4=T1+|BtR!x5|X#x2TZEEkUB6kslKAE;x)*0x~ES0kl4Dex4e-
zT2P~|lT^vUnMp{7e4OExfxak0EE$Hcw;D$ehTV4a6hqxru0$|Mo``<ad1s?_=B%gG
zj{L^&w-1CqbSvv%+|q1FJ)359<5+$A?k|aG#gf7{>>*a5=1Ym0u>BDJKO|=<aBj&U
z!0#X%Y@1|KDHEa^`rc~}k?jREFe&j9TBf#RRLMm;>TEWJ5jZu!W}t$Kv{1!q`4Sn7
zrxRQOt>^6}Iz@%gA3&=5r;Lp=N@WKW;>O!eGIj#J;&>+3va^~GXRHCY2}*g#9ULab
zitCJ<BaQ=1ucETLnpX3y9t5BR+e(ST=YEEKt=Xy112Qwtm%k5x3c!p6oV{m@40JL~
zMB3IXGFiti$`r3qU9KkWdD0B0w2nH;70p*qOE_JEtaHOH+N1->t-OV0*D_Q3<g8V9
zm;BOnA1)>Q`p1_+GbPxRtV_T`<bX@8s=3hE?KYV`p2tWy54^?jcuq~6l*BOhxjN!!
z^YfKP5Wx%5767qY3bUCxe@{w@7?)5tek^Vgrr3xWzb~<2Na~Zi%p1V6d4U4sHORMh
z9<@8lXrisZuzFU)mBl0t68eB`oJwH{20{o{g2s-%u#nv&QU2tWM_W%e#~|NHMfxMp
zRM-h=($EQMHtd>jyATjax<;zZ?;S+VD}a(aN7j?4<~>BkHK7bO8_Vqfdq1#W&p~2H
z&w-gJB4?;Q&pG9%8P(oOGZ#`!m>qAeE)SeL*t8KL|1oe;#+uOK6w&PqSDhw^9-&Fa
zuEzbi!!7|YhlWhqmiUm!muO(F8-F7|r#5lU8d0+=;<`{$mS=AnAo4Zb^{%p}*gZL!
zeE!#-zg0FWsSnabl<CMbQ4500Q{TvpvXiCGkUi%tX9!KeG$87g>w!9$<&K(#z!XOW
z;*BVx2_+H#`1b@>RtY@=KqD)63brP+`Cm$L1@ArAddNS1oP8UE$p05R=bvZoYz+^6
z<)!v7pRvi!u_-V?!d}XWQR1~<lt}&9=&X{!*q{T%vI&{Sql_q~<bs=JfiC4k%hiD{
zRMjOdmSC*@3g=cAidK~^ywyFbdK)j^Qfk#UXd3U_FVoVd36bG{jjlOgvTnRjwERxE
z-E?_B9}RvmAC==a9mt*EnLWKm#&~+??Fr%8dgmR~zKWmR?y!954DdPLk@GI+AE4lI
zaun<-;SD&jV2s%R#Q0+$h!8+tU=(WXL8diA>0q(H3{d^4JGa=W#^Z<@TvI6J*lk!A
zZ*UIKj*hyO#5akL*Bx6iPKvR3_2-^2mw|Rh-3O_SGN3V9GRo52Q;JnW{iTGqb9W99
z7_+F(Op6>~3P-?Q8LTZ-lwB}xh*@J2Ni5HhUI3`ct|*W#pqb>8i*TXOLn~GlYECIj
zhLaa_rBH|1jgi(S%~31Xm{NB!30*mcsF_wgOY2N0XjG_`kFB+<Q#E!oi6v4mWmmdp
zpCrFYK7#3Llx<^JC{`QMc}y7Mn#rZi!bmnYGsz|v>uQuJbBm3bIM$qhUyE&$_u$gb
zpK_r{<D#n}U~r18Q9cpu7_WA|bVw~jkB-T@SBIs83_WOQD$QsrBK8v#YGtIb&;BA|
z^f-o}1u<5bRf8_Ai4>99svp3N3p4yHHS=#csK@j9ql*>j0X=+cD2dj<^Wiu@i>c_v
zK|ovi7}@4sVB#bzq$n3`EgI?~xDmkCW=2&^tD5RuaSNHf@Y!5C(Is$hd6cuyoK|;d
zO}w2AqJPS`Zq+(mc*^%6qe>1d&(n&~()6-ZATASNPsJ|XnxelLkz8r1x@c2XS)<e9
zVDeO<GC^N~@|t1?t&LxH8U-PQrqH;wsans3SgO3&9*BgbwK}9Dflo4DW(9&*G**t#
z5(08JP06aA!pS}33kTL;jmGw?eS&0eIbzv7kJDI{B{&cbYAXd|poH#n6YP+a2@zVP
zWf{CReG1A6D#=7l;{fY(f3mEcnyX-WV_u(j7L&<Bc&1CA15=N1l%Cemxh+LFLxzmc
zt>R*H(_B=IN>JeQUR;T=i3<^~;$<+8W*eRKWGt7c#>N`@;#!`kZ!P!&{9J1>_g8Zj
zXEXxmA=^{8A|3=Au+LfxIWra)4p<}1LYd_$1KI0r3o~s1N(x#QYgvL4#2{z8`=mXy
zQD#iJ0itk1d<pD1VGk%&4ci=+Hjcz)Hl94LD0g{3<>@Iy*DtXw)Wz!H@G2St?QZFz
zVPkM%H8Cd2EZS?teQN*Ecnu|PrC!a7F_XX}AzfZl3fXfhBtc<ff5WA{o}hG14*z(i
z*K_njw8`Ho`NMT6nej4znco^0DB`cm%kp~PK-34BfJ(Qcochw!NghIgsj#o-Nb`t)
zVGl9HfN7q|>2-)zaC2eKx*{XdM~Q<w$HWL{PMI^AT`G`ii!EB$YscY^Nuk(!FqRxn
z*|K+rA*VtJW^XRqgd8Y5^-S8rFcCRbuvV#xa2-&i<B=Kn-}$dv?>Uo4IwcGgVdW69
z1UrSAqqMALf^2|(I}hgo38l|Ur=-SC*^Bo5ej`hb;C$@3%NFxx5{cxXUMnTyaX{>~
zjL~xm;*`d08bG_K3-E+T<mWVYr6j8n!!pJNx6>I>#oqIN2=An(C6aJ*MrKlxj?-;G
zICL$hi>`F%{xd%V{$NhisHSL~R>f!F7AWR&7b~TgLu6!3s#~8|VKIX)KtqTH5aZ8j
zY?wY)XH~1_a3&>#j7N}0az+HZ;is;Zw(Am{MX}YhDTe(t{ZZ;TG}2qWYO+hdX}vp9
z@uIRR8g#y~-^E`Qy<u*MJx^Q>em(31{H0&V?GLdq9LEOb2(ea#e-$_`5Q{T%E?W(6
z(XbX*Ck%TQM;9V2LL}*Tf`yzai{0@pYMwBu%(I@wTY!;kMrzcfq0w?X`+y@0ah510
zQX5SU(I!*Fag4U6a7Lw%LL;L*PQ}2v2WwYF(lHx_Uz2ceI$mnZ7*eZ?RFO8UvKI0H
z9Pq-mB`mEqn6n_W9(s~Jt_D~j!Ln9HA)P;owD-l~9FYszs)oEKShF9Zzcmnb8kZ7%
zQ`>}ki1k<x*@h~9?|=_B5VcO=(N^K=D-I1iVfpHyvC6!w*bgI46!csKF<oV!JERin
zC3YrClGibB+Okmq$7*m2AOB?ld|Q}!uqu?r3IphaCt<@Ce+TI8+X!99XM!>wUO3j~
zEmh140sOkA9v>j@#56ymn_RnSF`p@9cO1XkQy6_Kog?0ivZDb`QWOX@tjMd@^Qr(p
z!sFN=A)QZm!sTh(#q%O{Ovl{IxkF!&+A)w2@50=?a-+VuZt6On1;d4YtUDW{YNDN_
zG@_jZi1IlW8cck{uHg^g=H58l<Vm9}1(ifQn)gr*uOc)p;i+Z*up!G6Q|ct@A`Rg+
z(Pz0_^vr7n#ozLauq<wGnI09PQ^$^ELvBezzpX||sLv`=K>PQ^HwnybWy@@8iw%G!
zwB9qVGt_?~M*nFAKd|{cGg+8`+w{j_^;nD>IrPf-S%YjBslSEDxgKH{5p)3LNr!lD
z4ii)^%d&cCXIU7UK?^ZQwmD(RCd=?OxmY(Ko#+#CsTLT;p#A%{;t5YpHFWgl+@)N1
zZ5VDyB;+TN+<e(DQM$-KBEOK~JQZ@8DI*iN)<P3BrrACFCTIK*u%S0|53PEu^7Ehl
zV?l&OVm@;rL5p)wh*^@1$Q~X9$Hva^6d8UaU{+1U9laP}p;1lPmY%c!ngm|hODD5L
zR(ju!H$Q+Hyll6?dXg{bqQO>g@u~{UrWrv)&#u~k$S&GeW)G{M#&Di)LdYk?{($Cq
zZGMKeYW)aMtjmKgvF0Tg>Mmkf9IB#2tYmH-s%D_9y3{tfFmX1BSMtbe<(yqAyWX60
zzkgSgKb3c{QPG2MalYp`7mIrYg|Y<4Jk?XvJK)?|Ecr+)oNf}XLPuTZK%W>;<|r+%
zTNViRI|{sf1v7CsWHvFrkQ$F7+FbqPQ#Bj7XX=#M(a~9^80}~l-DueX#;b}Ajn3VE
z{BWI}$q{XcQ3g{(p>IOzFcAMDG0xL)H%wA)<(gl3I-oVhK~u_m=hAr&oeo|4lZbf}
z+pe)c34Am<=z@5!2;_lwya;<D$$PCDT2t07f~T~1`gm+|*CJY!i+dS#iTCYHqqaw)
zj3blRU6F#gfxw(pj>l?xV5&kWe}*5uBvckm(d|7R>&(iJNa6Y05SvlZcWBlE{{%2-
z`86)Y5?H!**?{QbzGG~|k2O%eA8q=gxx-3}&Csf6<9BsiXC)T;x4YmbBIkNf;0Nd5
z%whM^!K+9zH>on_<&>Ws?^v-EyNE)}4g$Fk?Z#748e+GFp)QrQQETx@u6(1fk2!(W
zWiCF~MomG*y4@<N?CDr+4XG>Zk;h#2H8S@&@xwBIs|82R*^K(i*0MTE%Rz4rgO&$R
zo9Neb;}_ulaCcdn3i17MO3NxzyJ=l;LU*N9ztBJ30j=+?6>N4{9YXg$m=^9@Cl9VY
zbo^{yS@gU=)EpQ#;UIQBpf&zfCA;00H-ee=1+TRw@(h%W=)7WYSb5a%$UqNS@oI@=
zDrq|+Y9e&SmZrH^iA>Of8(9~Cf-G(P^5Xb%dDgMMIl8gk6zdyh`D3OGNVV4P9<?|P
z-j@F$ZGb0Iv;Q#+1Y3DEbQ`j-$mx&dLKYe~f)g}x!W9%BxOE?Kegu;<P)6;RKC|^}
zuJcGCm-}}fgpn&rErt=!;=F^)mLo%`4-bb4yDU-hjLg207h})(!Na3IFjNh3pKxT}
z=E-#C&M%2%{LBV_R9}(GHx_~&?Nkjbxq||ycJqejQ<li(BiXow>X|EvIhplXDld8d
z^YWtYUz@tpg*38Xys2?z<AsaQ9`FX9=vO?VclV^OO+^DZP}?dQBIRV1wR9IEL|AA?
z7%zFkNU4u`%FPFrUA%S(<E|t-Co&aM3igfI^tDcE$Eb&ti7J;v)|Nx;#i_p~XN=1!
z)X%9>j$F8%ivA47cGSl;h<CJwzu8LTNYjfHY0+mYtoV3~Y9LHg`fNrZqRIVH7(WTd
z42@(A4wsKs;UK_xXvYSsGH}!mq-W9RUS>jD23#*62w3+fwxNE7M7zVK?x_`dBSgPK
zWY_~wF~OEZi9|~CSH8}Xi>#8G73!QLCAh58W+KMJJC81{60?&~BM_0t-u|VsPBxn*
zW7viEKwBBTsn_A{g@1!wnJ8@&h&d>!qAe+j_$$Vk;OJq`hrjzEE8Wjtm)Z>h=*M25
zOgETOM9-8xuuZ&^@rLObtcz>%iWe%!uGV09nUZ*nxJAY%&KAYGY}U1WChFik7HIw%
zZP$3Bx|TG_`~19XV7kfi2GaBEhKap&)Q<9`aPs#^!kMjtPb|+-fX66z3^E)iwyXK7
z8)_p<)O{|i&!qxtgBvWXx8*69WO$5zACl++1qa;)<j>0zlXf`eKWl!0zV&<N=whgf
z=0i25aXKIFe5mUpdv-EHM0EKf_KV-DV|@p1jm^E@ea)Z2_?f|N<(<RzPtbPo`ldD#
zI%|89YOckdy*j(=6Uy}VGgbFV<WBdKw7C5m8tRP;Q*C~&kBFvF=i}Ch{i_Y2;40L{
z)K`6LTNK+2*O5nKkI3d23^q*hZS22n$b8(0jEvxXx>I`8?sG)OD2Vy?reNN<{eK+_
za4M;H<OEXEJ~5%>h%&IszR%)&gpgRCP}yheQ+l#AS-GnY81M!kzhWxIR?PW`G3G?}
z$d%J28uQIuK@QxzGMKU_;r8P0+oIjM+k)&lZ39i#(ntY)*B$fdJnQ3Hw3Lsi8z&V+
zZly2}(Uzpt2aOubRjttzqrvinBFH4jrN)f0hy)tj4__UTwN)#1fj3-&dC_Vh7}ri*
zfJ=oqLMJ-_<#rwVyN}_a-rFBe2>U;;1(7UKH!$L??zTbbzP#bvyg7OQBGQklJ~DgP
zd<1?RJ<}8lWwSL)`jM53iG+}y2`_yUvC!JkMpbZyb&50V3sR~u+lok<jf)#biL}k>
zT0uFRS-yx@8q4fPRZ%KIpLp8R#;2%c&Ra4p(GWRT4)qLaPNxa&?8!LRVdOUZ)2vrh
zBSx&kB%#Y4!+>~)<&c>D$O}!$o{<1AB$M7-<IbItSWbLS$Bc!yc*D!JSUNWc8Xxf_
zVwhYbcOY|jLi^_r`vZ|o_zYvjAL=OwCK>^`h!eW;c(3J~ztoOgy6Ek8Pwu5Y`Xion
zFl9fb!k2`3uHPAbd(D^IZmwR5d<V^a36$=BnmM)YfOhH6RTrUdB@GYwz`_7nuN|p$
z2V+%uCpN}@8r+zC1m$Ow)b62uBx&p=p4>8D$495nN2`Ue&`W;M-nlb8T-OVKt|fHk
zBpjX$a(IR6*-swdNk@#}G?k6F-~c{AE0EWoZ?H|ZpkBxqU<Xf3W+7zF%bMQpG=#+f
zxoMuDrN{!Y23^6mg$;7E;@7@XK+}=Qy_1Iq=)6u><0NUtvubJtwJ1mHV%9v?GdDw;
zAyXZiD}f0Zdt-cl9(P1la<zqwbP8fB?G%>+vQ$Er0~v}gY<d-*YcL&hT|=1btDzQ0
z(6p4%7<LXbtyHJnL793Fi@vF^&-iy&?CL=~h5%o&zh5-LcEwfjJAHm-%n>JVwQazv
zH#+Z%2CIfOf90fNMGos|{zf&N`c0@x0N`tkFv|_9af3~<0z@mnf*e;%r*Fbuwl-IW
z{}B3=(mJ#iwLIPiUP`J3SoP~#)6v;aRXJ)A-pD2?_2_CZ#}SAZ<#v7&Vk6{*i(~|5
z9v^nC`T6o`CN*n%&9+bopj^r|E(|pul;|q6m7Tx+U|UMjWK8o-lBSgc3ZF=rP{|l9
zc&R$4+-UG6i}c==!;I#8aDIb<c|ovf|J^|Tj-z?&rajbtaSL_j7Uc0sHFrW;_^dt-
zQ#fau&15?b-*_*c%@nFsI=MGU)fm~M{Fd@lsp;TW6Jkt3nUS9YuP-Tfk2eIECIc%$
z>AvgLuB66CQLRoTMu~jdw`fPlKy@AKYWS-xyZzPg&JRAa@m-H43*+ne!8B7)HkQY4
zIh}NL4Q79a-`x;I_^>s$Z4J4-Ngq=XNWQ>yAUCoe&SMAYowP>r_O}S=V+3=3&(O=h
zNJDYNs*R3Y{WLmBHc?mFEe<W&)(jM#)z+=`SB74}QX|RMwfle6Thto6L#|vM@u#0*
ztZPlYvT0zrSFcI`K3V@ZCpyY>A4`0Y`_CN%?8qbDvG2m}kMA<oe^a9RxBh_fznjAU
zf#du4cCea-8;%*8ujt0;{b1xdnQNl5jFDE#5oW@VJH^(R%s7q~rTyVyDmv+^@G9kH
z%EEY*)+Bm)^R;|yi#2u-s5sOFeMj}4zCG@p*Wui}tgN&XA2U*^<u-uW$>iqCv`_BK
z_6a@n`$#w6Csr@e2YsMx8udNWtNt=kcqDZdWZ-lGA$?1PA*f4?X*)hjn{sSo8!bHz
zb&lGdAgBx@iTNPK#T_wy`KvOIZvTWqSHb=gWUCKXAiB5ckQI`1KkPx{{%1R*F2)Oc
z(9p@yG{fRSWE*M9cdbrO^)8vQ2U`H6M>V$gK*rz!&f%@3t*d-r3mSW>D;wYxOhUul
zk~~&ip5B$mZ~-F1orsq<|1bc3Zpw6)Ws5;4)HilsN;1t<c`^?I-+NnRQ4BGkk~5AC
z0<$*Ro7kbksCaNZpO7OZW9m3e<*|QD8IN<HqQL0bQb?^#z-zS1;!&h|;E)H}5Jl#+
zCY~IC9W~KX9IJ7*k9=2dUeTLAi3<AIBU3?FCq$C2J&dn1i(kvgVStn3OK%1HGEEH`
zl}RP!K66_VDRlySL3JlB;5@HA+t}EVjAW&zabiDB5+pE{4&BssI0+>x;N6)tuePw&
z==OlmaN*ybM&-V`yt|;vDz(_+UZ0m&&9#{9O|?0I|4j1YCMW;fXm}YT$0%EZ5^YEI
z4i9WV*JBmEU{qz5O{#bs`R1wU%W$qKx?bC|e-iS&d*Qm7S=l~bMT{~m3iZl+PIXq{
zn-c~|l)*|NWLM%ysfTV-oR0AJ3O>=uB-v<rdTg~-U`VQ{V%4>pld{V|cWFhI<K__!
zY_p+lRa{>~sx>ciV9sPkC*3i0Gg_9G!=4ar*-W?D9)?EFL1=;O+W8}WGdp8TT!Fgv
z{HKD`W>t(`Cds_qliEzuE!r{ihwEv1l5o~iqlgjAyGBi)$%zNvl~fSlg@M=C{TE;V
zQkH`zS8b&!ut(m)%4n2E6MB>p*4(oV>+PT51#I{OXs9j1vo>9I<4CL1k<SbW+&Ap)
zSP*RZJ^w%mwwxG^lpbQp<y#<c`2j6=tpT??9=M$m1k}On6M$1Q5AVN0sPBwg`c0Qr
zK7<G4?wG+Kw(dAkFQ`e4mKX@c)c%GbcTo2#ozT|>v1aurV*AFZ^w_qfVL*G2rG@D2
zrs87oV3#mf8^E5hd_b$IXfH6vHe&lm@7On~Nkcq~YtE!}ad~?5*?X*>y`o;6Q9lkk
zmf%TYonZM`{vJg$`lt@MXsg%*&zZZ0uUSse8o=!=bfr&DV)9Y6$c!2$NHyYAQf*Rs
zk{^?gl9<l6aHM&uD+l3hFT+28k8g^pGn-H<ZHHcXYg$z(F4Jtp_Xx|{2t8=tZN`>E
z5Im8wlAsvQ6C2?DyG@95gUXZ3?pPijug25g;#(esF_~3uCj3~94}b*L>N2GSk%Qst
z=w|Z>UX$m!ZOd(x<j9eXHfco7njabXV6r(0b^4(&cOlQ%n~ZRCkU^)bOK|u;Tf(Z<
z)%A&Z?!gx&FfQcJ1ka~zxh=jKlF$aS^I`L9N6Zfp2RNgghhUbdivb)_o_wrkQKiXN
z>V*2xvWjN&c5BVEdVZ0wvmk)I+YxnyK%l~caR=7uNQ=+cnNTLZ@&M!I$Mj-r{!P=;
z`C2)D=VmvK8@T5S9JZoRtN!S*D_oqOxyy!q6Zk|~4aT|*iRN)fL)c>-yycR>-is0X
zKrko-iZw(f(!}dEa?hef5yl%p0-v-8#8CX8!W#n2KNyT--^3hq6r&`)5Y@>}e^4h-
zlPiDT^zt}Ynk&x@F8R&=)k8j$=N{w9qUcIc&)Qo9u4Y(Ae@9tA`3oglxjj6c{^pN(
zQH+Uds2=9WKjH#KBIwrQI%bbs`mP=7V>rs$KG4|}>dxl_k!}3ZSKeEen4Iswt9<Vx
zE>6GGw`E6^5Ov)VyyY}@itlj&sao|>Sb5<mx7{zaG9j_ba8Zn5K#G`;;jnCwfaV@2
zfB--<s_Ho?au3X)Qq+^=$Mw2HA}6H$ph@(};1h67duDcz_!MjV18bU|6b%Yl$;l2>
zeY+#1EK(}iaYI~EaHQkh7Uh>DnzcfIKv8ygx1Dv`8N8a6m+AcTa-f;17RiEed>?RT
zk=dAksmFYPMV1v<x&y*?3CAt4n)nj%7c<8p@rCUMNPw>IS(Qc6tUO+`1jRZ}tcDP?
zt)=7B?yK2RcAd1+Y!$K5*ds=SD;EEqCMG6+OqPoj{&8Y5IqP(&@zq@=A7+X|JBRi4
zMv!czlMPz)gt-St2VZwDD=w_S>g<u1Alo`a@)M5xCeMm@9WTygn}Yg{&GRz>Rpc-g
zUd*J3>bXeZ?Ps<QEw|QH!GID7xAtR|TnBoHBL<H(2d@TU#K4aKAqr%K?)oO@TEsL|
z$E~b1c<o8NtC45_R5dw2rqX6;J5J_&h8cu*m3XD9tC|sJ;e8Y=eOnkOd$m`EdItJX
zTGByXs@S95>johe;z7k|d<*T21PA1i)AOi8iMRwTBSCd0ses{)Q`9o&p9rsKeLaiY
zluBw{1r_IFKR76YCAfl&_S1*(yFW8HM^T()&p#<HVVqAydIWX%r4Ei9mtCFU`OZ^T
z_1ESE&U8ftMAYS>6y%{(j7Qu56^ZJx1LnN`-RTwimdnuo*M8N1ISl+$C-%=HLG-s}
zc99>IXRG#FEWqSV9@GFW$V8!{>=lSO%v@X*pz*7()xb>=yz{E$3VE;e)_Ok@A*~El
zV$sYm=}uNlUxV~6e<6LtYli1!^X!Ii$L~j4e<Di*Wks4eNuVJ#URzGdQAorX=_3nr
zTY4XzG?{}|&rMky&CY^jd+B~p1Ozm))}*z)nm|j_SWDXWZBTh?(8Uy`cyh1-pmxt5
zjD#-N>{sI$tq_A(OkGquC$+>Rw3NFObV2Z)3Rt~Jr{oYGnZaFZ^g5TDZlg;gaeIP}
z!7;T{(9h7mv{s@piF{-35L=Ea%kOp;^j|b5ZC#xvD^^n#vPH=)lopYz1n?Kt;vZmJ
z!FP>Gs7=W{sva+aO9S}jh0vBs+|(B6Jf7t4F^jO3su;M13I{2rd8PJjQe1JyBUJ5v
zcT%>D?8^Kp-70bP8*rulxlm)SySQhG$Pz*bo@mb5bvpLAEp${?r^2!Wl*6d7+0Hs_
zGPaC~w0E!bf1qFLDM@}zso7i~(``)H)zRgcExT_2#!YOPtBVN5Hf5~L<CCU1e$yOy
z6y7=%D3L0U<zJX-p<cShe85I0&7b?ixuHr*ev;88LfDXt4Y`h@aRt6fu_)dfSD<Cr
z3(iZbika`#1V{5t?5XV6saWc^(a!gyl;XpLlkO0|q305rjpn!-bJS#zH-=YO2U^?b
zP1+|Sw)zw1D{|SG>l3f~rWZ(UsJtM?O*cA1_W0)&qz%{bDoA}{$S&-r;0iIkIjbY~
zaAqH45I&ALpP=9Vof4OapFB`+_PLDd-0hMqCQq08>6G+C;9R~}Ug_nm?hhdkK$xpI
zgXl24{4jq(!gPr2bGtq+hyd3%Fg%nofK`psHMs}EFh@}sdWCd!5NMs)eZg`ZlS#O0
zru6b8#NClS(25tXqnl{|Ax@RvzEG!+esNW-VRxba(f`}hGoqci$U(g30i}2w9`&z=
zb8XjQLGN!REzGx)mg~RSBaU{KCPvQx8)|TNf|Oi8KWgv{7^tu}pZq|<WiMz3rpp0|
zLKIB_Ddvk1cM8BJ6cz;POHz%T{sZWf@&L60uqu2&dwrJ0x%22+Vt2z(`{TJ@iys}w
z!}_>BS&S<53fC2K4Fw6>M^s$R$}LD*sUxdy6Pf5YKDbVet;P!bw5Al-<ZmNM;fK}9
z(;Q617)?cwmeRBfr;WSdE!Fz~?sf588oJj!s$c%WwoO(_AtXkQF4F2xuV&`n3oC*l
zLD81gPrag(&l;y|c-6wE>8I1Nr(`SAubX5^D9hk6$agWpF}T#Bdf{b9-F#2WVO*5N
zp+5uGgADy7m!hAcFz{-sS0kM7O)qq*rC!>W@St~^OW@R1wr{ajyYZq5H!T?P0e+)a
zaQ%IL@X_`hzp~vRH0yUblo`#g`LMC%9}P;TGt+I7qNcBSe&tLGL4zqZqB!Bfl%SUa
z6-J_XLrnm*WA`34&mF+&e1sPCP9=deazrM=Pc4Bn(nV;X%HG^4%Afv4CI~&l!Sjzb
z{rHZ3od0!Al{}oBO>F*mOFAJrz>gX-vs!7>+_G%BB(ljWh$252j1h;9p~xVA=9_`P
z5KoFiz96_QsTK%B&>M<OVS!jKFsPBm{4n!1mDS$m*VO~m3uK*2h!9O|jhe3!GzDyp
zmM22!H~y1+2FiH-J&wO+VnjS|-3)(QdJ8GSi_0-d@y02VONd&XMRu?%tIoeyAs1$&
z2@H?hToaxd!hmqD8)Z|B2n$^2x?>SXEYh`|U5PjX1(+4b#1PufXRJ*uZ*KWdth1<0
zsAmgjT%bowLyNDv7bTUGy|g~N34I-?lqxOUtFpTLSV6?o?<7-UFy*`-BEUsrdANh}
zBWkDt2SAcGHRiqz)x!iVoB~&t?$yn6b#T=SP6Ou8lW=B>=>@ik93LaB<r_MA^r8W%
ziwVD->L56ub`>Uo!>0@O8?e)<QIehhF!1N7m_bQW9~;%fo1oD+{TinM^gu6xUX$9F
z^gK5Cv;EFbXK<zio1!h?E;s-FrZ3QhuHd!0)cpDvEbI3w{vR$q;(uOJ7iSCW{{p7}
zzpuyoZ?3nn{f4C38vNHAyE@U#eZOM?=C{-2UlQnl`=S4Hqo#$ulC_2XKi`(Y%2I9%
zqNtzb4J1RV?vRT8h2_}z5~y*Sgu$dNV1nirGVW<X<VBI;%p5`{W68rsXC;}R;jakJ
z0|m|oj_XPtH?ikucx#{-lLC?H?Xm4UZUlvXpMMX?{2yLx{C@@l#~h%b<Z5!*?F#~7
z095<~W**NHf+sw4TNn%fn$l^{-JfWtHQojXS8Dc{?sWuvz_8QOqS~YA!SB*+&X?5E
zc^efB&iaXnDoz0~4^Spx+uz)U7%v&d#A(?qFNi&QSA^y{ire}JOmf8O+>$t(sgy$I
z6tk3nS@yFFBC#aFf?!d_3;%>wHR;A3f2SP?Na8~$r5C1N(>-ME@HOpv4B|Ty7%jAv
zR}GJ<XhgBAgrpe%$kuJ?YuHb|v3u|gT`)+e7qK&fd+OIT;m{2y88S)Qjteg<Q~$%4
ztWsl)3xFMc%#UK*uV$e^e8U)bASn;aR5V)4e)Ps$ABOTa{{}89$FHcj_RA}KxYL!h
zSrRM4@Tm%S<9Rz@I&&S5FGd?4IjT9i`X#uinJ?GKu9Y@)$2gn)g#xfRYzz}$o40kc
zUGLF?z*ujtv{_Guq~e)cC*Ac97qz^+p^m9P_~1ybTfTl`R|}Lp|Ml;SQqm*IP;a^W
z9;xGPWdv5qh996kRjsCCzq4}wrC^JZQF7^!wb*8uc0Cs&R?O~n$pgltCC+R$?wqfx
zwy~I{d?&0hu}J>wsiJZ5@H+D$^Cwj#0XA_(m^COZl8y7Vv(k=iav1=%QgBOVzeAiw
zaDzzdrxzj%sE^c9_uM5D;$A_7)Ln}BvBx^=)fO+${ou%B*u$(IzVr-gH3=zL6La;G
zu0Kzy5CLyNGoKRtK=G0-w|tnwI)puPDOakRzG(}R9fl7#<|oQ<MB>EX;E#yCWVg95
z;NzWbyF&wGg_k+_4x4=z1<Z>GUcn6JrdX4nOVGaAQ8#^Ga>aFvajQN{!+9rgO-dHP
zIp@%&ebVg}IqnRWwZRTNxLds+gz2@~VU(HI=?Epw>?yiEdZ>MjajqlO>2KDxA>)cj
z2|k%dhh%d8SijIo1~20*5YT1eZTDkN2rc^zWr!2`5}f<2f%M_$to*3?Ok>e9$X>AV
z2jYmfAd)s|(h?|B(XYrIfl=Wa_lBvk9R1KaP{90-z{xKi+&8=dI$W0+qzX|ZovW<E
zC+%g!uYXZ#{jQrY@A!`XSl_$&A2T@qFMZ>GOotP+vvYR(o=jo?k1=oG?%;pSqxcU*
zWVGVMw?z__XQ9mnP!hziHC`ChGD{k#SqEn*ph6l46PZVkm>JF^Q{p&0=MKy_6apts
z`}%_y+Tl_dSP(;Ja&sih$>qBH;bG;4;75)jUoVqw^}ee=ciV;0#t09AOhB^Py7`NC
z-m+ybq<g4G1!&FidKvq|9sin}V;o>1>_OO+V*Z>dhk}QFKA8V?9Mc4WSpzj<uaKj4
zz}(y<qx>{6IWfFpF7l^au#r7&^BK2Ac7vCkCn{m0uuN93Ee&rXfl1NBY4NnO9lFUp
zY++C1I;_{#OH#TeP2Dp?l4KOF8ub?m6zE@XOB5Aiu$E~QNBM@;r+A5mF2W1-c7>ex
zHiB=WJ&|`6wDq*+xv8UNLVUy4uW1OT>ey~Xgj@MMpS@wQbHAh>ysYvdl-1YH@&+Q!
z0<dQW^;Ehn%fw-)fLb!<4HzREhM1Zj4kjQ!T09v0)QjqeWq<OYpA_`5xmMw!4+hTR
zy23Q(soXn+J<2mcH_6m%eJ0y`u>75(Qd4C!V`9Q9<BqX7QhEx1y7+HYACF;~N>jI4
zSt{HJRvZec>vaL_brKhQ<Sq8Wy8KCM4!1b}xe_|=NZ|wZo%q0h&x4@*-#-Tbp8b4J
zfIv}0{e+iDV}#Wuh874=&m%<?pIcYWQ;w#b%}b$Vn_q_?BZ`tWoll1nw0pK?nDM!-
z=IiSL)l|LG>QwbpQd4_Lmmr0@1GdUeU-QcC{{8o=@nwwf>+dIKFVzPriGNX4VjHCa
zTbL9w{Y2V87c2ofX%`(48A+4~mYTiFFl!e{3K^C_k%{&QTs<v>gOd0*95KmWN)P}m
zTRr{`f7@=v#+z_&fKYkQT!mJn{*crj%ZJz#(+c?>cD&2Lo~FFAWy&UG*<xxo3kzJ2
zrDbwgE`xL0p0OC~L$bVXy!zt2LN-Bue6r%b!O~*CllYPQ0{bnjSehnxRLfHKB-|@S
zlh%>Op^pV`BR^I|g?T>4l5;b|5OQ@t*?_Slp`*~Y3`&RfKD^1uLezIW(cE-Dq2z%I
zBi8bWsz0857`6e!ahet}1>`9cYyIa{pe53Kl?8|Qg2RGrx@Alv<K-1&TVh*%QiVeJ
zw<z)|0uz2^&{c%EX_mp!Y-<wmxQMClEpwtlv3E9lug>G3HAL-^9c^1GW;)vQt8IK+
zM>!IW*~682A~MDlyCukldMd;8P|<R1w8m*driNj?SBnHCqQ^}34Oe^3F0Wd5k+$DP
zQwx>JCZ&oNL(;HZgJ>ie1PlaInK7C@Jg{3kMKYui?e!b`(<sqcbV3|*ChSZ+u!m%p
zEk@sY6s}w^f<Db4!cs^*ZGoz!MF)itzenWdp0zit8&_HB23ZX%(}%Z-Chi<kQ@WUl
zT(v|=*&C-%O}S43l>&?t6PTb5UPrW-6DVU%^@^E`*y-Fd(p|`+JH&MzfEq;kikdse
ziFOiDW<yyXIOCw#j{)5?sD|95dJ6|$X;1y3bb<7j_^}nbX8;6j=KzRx3FdimHz<(c
zmSo@-#x~D(T}VTzSST7#biiP$37XpFV(s+vv(iSQ7I!I8ZKqf)^AfEZ&wdg|>H(D<
zyV7Rxt^D0_N{v?O53N$a2gu%1pxbeK;&ua`ZkgSic~$+zvt~|<wi2DKd{6zkbA_nq
zIDNbroZZR_UCliI>1Yb=UfKJW2F7wC^evlPf(*El+#}ZBy0d4kbV<JHB3rsDar1c{
z*Grb7r<dUjw#Am*!d&=V6x;*79S0!!;4TYA32Cmkx<yQp-R3&_+bQ0~49f!Bd2Cjh
zY&ZW=x21K3F4Sqd64lC<?QGcC)^WatWhoHF<DfExT|%m}Lve<W;m6AecsIu@s0HQ0
z;sGJq(EmLz1*2Qiyo444kgnXvB8<S~!4hSZRBcLs5-RY^L){UWNUr}q*A1gbe)#eg
zz(0&3ca!IWGoRZDX)3;$au=OUlsYF1T^to-gPZnvv#Y<VH=JL`_g(awH73M`{N`#+
zM=?0F=nU77E!)#P{EV4*TbZi+Vs~bStn<aVgf!NSMHxgf7h?GP4G2di7FV36>JsK-
z05>;>?<bli&gVpMCL_8-A4$tJhB_D&hw-4^NArA$&y|p#ogw7&h}dJ%CEK$3W)AC;
zB<R-89-M6xZfPWd_I--v3O~wpU}AYdMP!!rzs-<7%souf_ov6p&#=XmicWCcA^v(i
z^$FXa(|I&$nbQ+B27F?0?Z^K8%^&ecmd7x56FH*E3-SkLxGOY1IdX{hC<?uJylK#7
zi2V;{_ejM8ds|1sKS)_lFkhgT7C<dvCtL4&gyZ~4^H+QGzy7tLWUlb(Q}7*2=f6KB
z|9wmq{^na*+Zh=D$LrK5O6DKL<=`E2)@Eu~hCrAV@a{mqT|sU4z}1jd<b(ueFLn(4
zUZHTR{bj6UIE0=T-J21VUTh)oVManyGcTv~O$<%sVXX~J8<8H`Ass|=?nH|Vn8KKb
zp7ksuqRA>HZO(YBF&v5tNv_WcI@O@LKFl*VO?L(!BAd!KbkVzo;v@~3v`-816GG?P
zY+H3ujC>5=Am3RIZDdT#0G5A6xe`vGCNq88ZC1aVXafJkUlcYmHE^+Z{*S->ol%-O
znm9R0TYTr2w*N8Vs#s-5=^w*{Y}qp5GG)Yt1oLNsH7y~N@>Eghms|K*Sdt_u!&I}$
z+GSdFTpbz%KH+?B%Ncy;C`uW6oWI46(tk>r|5|-K6)?O0d_neghUUOa9BXHP*>vi;
z={&jIGMn-92HvInCMJcyXwHTJ42FZp&Wxu+9Rx;1x(EcIQwPUQ@YEQQ`bbMy4q3hP
zNFoq~Qd0=|xS-R}k1Im3;8s{BnS!iaHIMLx)aITl)+)?Yt#fo<CYMyMO(N&hjUd(9
zrYcKju%_{w9OiZ0tXHbEUp6a7E}jZhUfM~7VrxCUryOyfws<yaoJP#_!TR~^I8*%M
z_blHbfonlI>v|Eh>}dv@o6R{tG>uHsy&jGmWN5+*wAik|78(b?jtysPHC#e+Bzz~V
zS3eEXv7!Qn4uWi!FS3B?afdD*{fr9>B~&tc671fi--V}~E4un;Q|PzZRwk<k{$576
z3)*^Wn$J&4ijeAub)TAsrRanvyo+2b|HaO}Wck&TsBIjDEciAZ)xNHrg{+;Ot(c~w
z>-azprM$4AesvUb5`S`(5x#5VJ~4%ET6&%GR$<o;Uw@jHNXKq{o{-vatV``S=;pJq
zosYFs*w$E-x(PmXNY}^Ik!Ys=1N(H?1>}muHV-5lTsCi_R|6KM(g2PCD@|yOpKluT
zakH!1V7nKN)?6JmC-zJoA#ciFux8!)ajiY%K#RtEg$gm1#oKUKX_Ms^%hvKWi|B=~
zLbl-L)-=`bfhl`>m!^sRR{}cP`Oim-{7}oz4p@>Y(FF5FUEOfMwO!ft6YytF`iZRq
zfFr{!&0Efqa{1k|bZ4KLox;&V@ZW$997;+Ld8Yle91he{BfjRhjFTFv&^YuBr^&Pe
zswA|Bn$vtifycN8Lxr`D7!Kygd7CuQyWqf}Q_PM}<N^zG*sz{_fcU3v7O7XnC*4Aa
zpb=9eR0`H6KOu7y5Lux$;j6glQ=Cnx<g;4DUpTr~Jiv#5xF0h9DaFBD=)!%6jHEWX
z889cm)A<znb}Qr@2Ih@T`xk4BNl)lK%%ilOmpuyg+8+eO;vs(GN026wy-zF$0Bpho
zpq~g*HNw~h8hh>cX~S1$-6xUD%-jrSi24sBTFNz(Fy{QL2AmNbaVggWOhP;UY4D>S
zqKr!UggZ9Pl9Nh_H;qI`-WoH{ceXj?m8<o#3`K%nSO84PqMf~>y==MGY`AOJ7l0Uu
z)>M%?dtaz2rjn1SW3k+p`1vs&lwb%msw8R!5nLS;upDSxViY98IIbxnh{}mRfEp=9
zbrPl>HEJeN7J=KnB6?dwEA6YMs~chHNG?pJsEj#&iUubd<U9vAx5z41A?(bgtMGpP
zwCR*+-u<wI9%Dmvw`F@KM2us_U9@<TVJ^`{G6!5FE!-2ia+H}$Pk<_s|H<&5&#|JG
z3Zn(zsf_P;Kw|kH0@8N`a`zB$aW?-R7Gz=c|MM@CRcxG;L{NR7$sfsEaj*@Gm8+D)
z(~4{oh<j#<<rU=_ed_JxH3P1uWIgXZ?Yi3Q9}(WL@MIKBarw?*{rs^Y<VO%bf%sm-
z_bzSLCFW%#vYlVDwobBmPB_h8cs)NCW`4*P8t+ny7P4fq&4#)qdy+@I-1a2!GTstR
zV`C1q#W;Z%KqC%`A!VsO1lwv42E|Arp%SMpI;`;{)L@G58XaAs;HkN28=c;-R9iC5
zFv>f3JJwu=C(t?J<di8FrDi&_<8Gi8I{@c2;!g0*Fs7Y{NizU~U~DCr9#QGUWLJ8$
z6So7^8!gBboMj9cpk@?3jQ~}GdEFW_-L0Go4=cq7S|ztSu>pE6xMyhA3e}SRhunDC
zn-~83*9=mADU<BlwTn$=?eGI*${p@%-gJ&Jk4}GnjS5v2d|X>sk^<vsaU5-S-Dt?B
z^CJPj)ts%v&i(kUo{Z{ey^V2<p;Ul;SaF~f0+aoAk+x^fU+c<H8=??`0+ELm<<WYa
zejibs7IS57q5_UvyT>sCc%&&G1q5T^HR9$P#2DejaG`Ui*z1hI#h7dwpIXg)C{8s<
z%^#@uQRAg-$z&fmnYc$Duw63_Zopx|n{Bv*9Xau{a)2%?H<6D>kYY7_)e>OFT<6TT
z0A}MQLgXbC2uf`;67`mhlcUhtXd)Kbc$PMm=|V}h;*_%vCw4L6r>3Vi)lE5`8hkSg
zNGmW-BAOO)(W((6*e_tW&I>Nt9B$xynx|sj^ux~?q?J@F$L4;rnm_xy8E*JYwO-<G
zAw2a{1_{}UDtg6k<H!^~Ep9z*WtT)Wa}-x7C<<#g4x~4C&Od75vZaK9?9f%g*!4dQ
zlJiKHKS~B<_~zQHLZ6Yr&U0^y*|A2BEYT5Dfy(GmpC7JBa0_LKHpXMU18JJV<l9Ls
zF!CE=82FF4{}RO?1()5W%NVF=#KHe0qmy=`QxbdS#(f7zm(X!J9h!WZ#V5Q+oI9e!
z6moH<;DB=(^c^&S`<-WI`KlIm1rpiXUn1r!q_#i$C`6hPDt7K}0@M9MwW@Xl0adOq
zH-`cCnl0!pNDx>02<I8n_zF__isE*QA^i~z{Rx#YCf{3mI<#SoM*K+EC4@|p=};uD
z7_^98UUK#Y*>u9_@@W0_2@?B@1J{y~Q39N3NX^t7#`=34Wh)X~sU&uZWgS1Z09%<L
zecj}N4CM_`#U|#O1uFgDAre$wf)a-3-~Yms53N&v-}+YY_<tMCi2mPu{-62klqQt-
zKRjkVla6-e>_k|EjA4w_QqPdY`oIdv$dJZ;(!k)#U8L+|y~gCzn+6WmFt#d{OUu<Y
zOY_Uc<|e?RL-YmB)%)`@T7RB<R-QF>KHqh1-uX_p*Af8pFYkYvKPKBxyid4KHc}H`
z*KcyY;=@wzXYR{`d{6RYPhapShXIV?0cg_?ahZ7do)Ot#mxgXYJYx}<%E1pX;zqHd
zf!c(onm{~#!O$2`VIXezECAHVd|`vyP)Uyt^-075X@NZDBaQt<>trA3nY-Dayki4S
zZ^j6CCmx1r46`4G9794j-WC0&R9(G7kskS>=y${j-2;(BuIZTLDmAyWTG~`0)Bxqk
zd{NkDe9ug|ms@0A>JVmB-IDuse9h?z9nw!U6tr7t-Lri5H`?TjpV~8(gZWFq4Vru4
z!86bDB;3lpV%{rZ`3gtmcRH1hjj!loI9jN>6stN6A*ujt!~s!2Q+U1(EFQEQb(h4E
z6VKuRouEH`G6+8Qv2C)K@^;ldIuMVXdDDu}-!7FS8~k^&+}e9EXgx~)4V4~o6P^52
z)a|`J-fOirL^oK<pJlgk;{wTU6<tzCapMDlBXxQB3Le5okt#72xJqlvoHh5h4)(GA
zUTE7RMa>}tqD@pqBZi_;7N43%{IQ{v&G9^Y^1?SesL`;Z(dt!nn9Oj5Odde%opv&t
zxJ><~b#m+^KV&b?R#)fRi;eyqAJ_0(nL*61yPkJGt;gZxSHY#t>ATnEl-E%q$E16%
zZdQfvhm5B((y4E3Hk6cBdwGdDy?i5CqBlCVHZr-rI$B#>Tbi4}Gcvyg_~2=6O9D-8
zY2|tKrNzbVR$h57R?Pe+gUU_il}<WpPK0&c7Cf)^kTlHgLh*e9eYX-e@u&J%`pP#5
zSj}Dq@1tQz)i#Nl`VxH|LIiAxaA`Jd1@-!*lgdAtByP{OU%az&?42B}362L=feNrt
z*RxHj$ZWxdny=m=<L*KF`s!?l3-xy=FSk?@Svj!g{kbFhL)s~jx0dj5*@zub3TmN4
zewl(O8Lgo<<c>ZaWu|Az#QO@};=|(L-R<FtHfil3F$IN__;{K(;=@HW!#QUN35a{%
zD~|)u$b9KdYl2xdz7y|l$=m8DlwhQqP%?Kb=<$vL)3-UG2JBk4^e{I9(8U>Vf0AIW
zq#pO+RfM7tdV`9lI6g;{qABNId`fG%U9Va^ravVT^)CklDcx)YJKeJdGpM{W1v8jg
z@&N+mR?BPB=K1}kNwXk_pj44sd>&^;d!Z~P>O78emE@Qp@&8PyB^^4^2f7e)gekMv
z2aZNvP@;%i{+_~>jK7*2wQc6nseT^n6St9KG#1~Y@$~zR_=AcO2hF5lCoH|M&c{vR
zSp(GRVVl=T*m~dIA;HvYm8HOdCkW&&4M~UDd^H)`p__!4k+6b)yG0Zcek8OLw$C^K
z3-BbLiG<G*%4Ey*o=CXuznD%-E)(BI7(ff9<6pa$Zrz&C5rTB04~@$dmXojzFZ}L`
zRg%4@Gzl_8#O!M!**o3FiOinwAw)3js>_%qX|ZYpXJ$(c@aa7b4<SFTt=8S6LG4l8
zlcVxZ?pLGnmVxFRWw8r17^k5AI;7>-*IQkDF}=gZSV`*ljP|5mWuHSCcf$5<NC<*)
ze^<2Ph^^DKawiOIF%89MPGPWue;M0vE~6E*nOMq4MZhj`p<K636GBRJmj%~d#Domc
ztZs(zo{Afl&>qqhZTv&P?I$z^>}qP(q!Aku2yA5vu38d8x*q{6-1<l@ZEBJgr=yj*
z=|5IuLM<?M78&Zia4KQ3zqq+Pj;>`%PrE_r0-9Qo?a#7Zbz#iGI7K<(@k^|i4QJ1H
z4jx?{rZbgV!me2VT72@n<DR5mdN;#-C(eB6{T-1WCMC<4OG#$>BjucoT<x)|o8t&d
zcz=#pXpp<Y6uDD$*V387M|STow%*8!)gvQM!5ojXJnYQsrshiZijh#8qBZXPD|nB>
zUM9;Y%TCoDop<GM?%qaP$qD5N_Re&x#fQeb`~mmirR*mz_8isV?5XN|lxXW*GxnA&
zqsd>?Q5fEQ35bCYk7!;gH*;t9t-QHLXGmUF;|vm365<zVCrfXPo#;){ym}VQ_ne6P
z!(%<fPO&{N)}Gkkd3S$5{D%<)xgUX}Egyy6<A)LM2E@O{a2F|=%ja^_%j2M#nVpYQ
z+Vn8PewW=9ex!-s%zI(~4dD%n1{+wKXJGwACYXJl_&|&PO&v1w1{IxqSjzH=O`!a0
z5uLkNYxP09lfjZM9-3XAXLL^%{CG2G^qD8VIQJT6@woCmj1pDW{O5QmD{ub{Aim!S
zn{UQG3M0t%#80q7^iVb`W7wUM)To100*n8PpM~ji<yC~2IwTb__!9_^>#X)6b2<By
zsr~`(aBfe%efKJJR45%#bJrSl;-dx20E32$(x^6gOAVg&3g6`rfg4?vYT5$B3KPW4
zR@y2a@?kp2S0H8-qBmQlH&;6+BIP#!%KAya@JVOY!KKN){N`mS*zmNqmHEMR@TXC!
zhcA$PyEZicF>Njsyf1h9JW#x$;@x5Nx2$K$Z-O3txa%;OEbOn6xBzd4n4v)Va=sj5
z%rb#j7{_??Tjb8(Hac<^&s^V{yO-BL*uSUk2;X4xt%NC8SjO-3?;Lzld{gM5A=9AV
z)DBu-Z8rRvXXwSVDH|dL-3FODWhfe1C_iF``F05e{dl(MmS|W%k-j)!7(ARkV?6r~
zF=o42y+VapxdZn;GnzZfGu<6oG-gQ7j7Zvgo7Am@jYxC2FpS@I;Jb%EyaJDBQC(q%
zKlZ}TVu!>;i3t~OAgl@QYy1X|T~D{HOyaS*Bh}A}S#a9MYS{XV{R-|niEB*W%GPW!
zP^NU(L<}>Uab<;)#H)rYbnqt|dOK(-DCnY==%d~y(1*{D{Eo1cqIV8*iMfx&J*%yh
zx=+WHjt0q2m*pLx8=--U<Z87HfG;q}m>qfM6ZWjkev>W-*}_*$Y(bikH`#-Gn#!6_
zIA&kxn;XYI;eN9yvqztK-a113A%97in5CL5Z&#VsQ4=fyf&3MeKu70)(x^z_uw*RG
zo2Pv&+81u*DjMO6>Mrr7vKE2CONqR6C0(*;@4FBM;jPIiuTuhQ-0&C)JIzo_k>TaS
zN_hB;_G=JJJvGGpB?uGgSeKaix~AkNtYky4P7GDTW6{rW{}V9K)Cn^vBYKe*OmP!;
zohJs=l-0sv5&p<L!P8aAhZ$ViHW~K#|M7K>L6-bowk~(swtdRBZQHh8)m^r2+qTtZ
zt4m$B?OQYNyf<S0cjiW%jPp4ocVzDU+iN|mA64$QnCRX3c5pg1#I)OdNDpa)HtXcw
znS3MtA?j8rhi-3|Locu;@KXBA={WJ{lWM@;qi^|k4d=wZbBn}Q)l=zT(OGe|_o;CO
ziN`_dE+z*6Zl6pK%FbeS8#lFna!rG6w2@{OT7y$1;)CKbPy6)aPZ(-qT1;zMcLvBi
z9RxxN#TW55YCB1_U7%BGo@JJx^`VOeiY`Vr8$|ccM-ilzFdc~nYS+WJ)ii$)A*7+Q
zN_y1r@TZnl*uB$J6tDKRYLySLcU(ahq@Q$EoWpLzi!}*SMM~)}4Ayz}zY&Wi`h9#!
z&9oY2DPtdHFqYBFk2l(gA{>BA0E)g28a*{)a=%%f-?{F;++-Xs#5|7kSHTD*E9@$V
ztE%7zX4A(L`n)FY8Y4pOnKC|Pf)j$iR#yP;V0+|Hki+D;t4I4BjkfdYliK9Gf6RYw
z;3px$Ud5aTd`yq$N7*WOs!{X91hZZ;AJ9iQOH%p;v$R%OQum_h#rq9*{ve(++|24z
zh2P;{-Z?u#rOqd0)D^_Ponv(Y9KMB9#?}nJdUX&r_rxF0%3__#8~ZwsyrSPmtWY27
z-54ZquV2t_W!*+%uwC=h-&_q~&nQer0(FL74to%&t^byl^C?wTaZ-IS9OssaQFP)1
zAov0o{?IRAcCf+PjMWSdmP42gysh<IAjP3I4~XaCM5*E+%@4H^3M`6ye$$tP$WNbE
zbdn`)4v4TUCT*VNiX&D{_|KnFA~G{kE=ntpOsoNd$eKT1|78iI(^E{syjncr1LOg7
zvpOD8>|c9Ma&Q^?_+>>+-yrC8WR;*XmJ;>r9v*>=W}tgWG;WIt{~L8`gk8DP{dSdG
z4SDM7g5ahMHYHHk*|mh9{AKh-qW7X+GEQybJt9A@RV{gaHUAva+=lSroK^NUJYEiL
z?X6l9ABpd)9zzA^;FdZ$QQs#uD@hdcaN^;Q=AXlbHv511Me<Gn_mEdR&MLv`f?Kx%
z8r4<bviQ`;c8%82V_>ye`p>P4Y2nbl<QidqPDpe9A~^s`DTJhVk(6Y``I7s6)Uf8I
z)$kBCwQT*1X4n1zt#H4(j7MaFrUGFu3Oe@=ajNRN9Ue(NO3~8Zbcu3`OQey;tOFq)
z;kWaA7JY$F6d<n$zVRV0FWGDsVrWK8OU713_M!=l4OywWwXC>ED<i?mQmUeusywBn
zNXtr^%xvIn1M3zrm2h?T?3n_;CTQ@tsgJ7GBW2Zl9w{U92R%)EW#YjprYugOXEz#;
z)Ez=1KR_+sWJf1M8ko8ef2>EeZo}-$@g&L98Aih6tgLz--${eKTxymIipy0xSYgZZ
zq^yyS4<Tkg@?|;c$V~f<0k6LL2{(FY|1JSj8S@S!VF=edAL=G_+qo_9OeZ<iQZN90
zxqZ|^@d^`g3BJ>yNPTtPj-sM?R8@9Q1gtXPqv{$lb5i|C1yymwnGdfYV3nA-;5!Wl
zD0fayn!B^grdE?q^}ba{-LIv*Z}+hZm_F9c$$cW!bx2DgJD&6|bBIcL@=}kQA1^Eh
zXTEznqk)!!IcTl>ey?V;X8k<+C^DRA{F?T*j0wV`fflrLBQq!l7cbkAUE*6}WabyF
zgpb+|tv=aWg0i}9kBL8ZCObYqHEycr5<J4qyW|o@#4QxtPb0tj1I7virQLPL&}gD@
zWjo9xh~qO(Y0IO<4tNTVXq#ofI9{0jiG){*U=jU%>tpc-$|vdvaBsu#lXD@u_e1iL
z{h>xMRS0a7KvW?VttrJFpX^5DC4Bv4cp6gNG6#8)7r7IxXfSNSp6)_6tZ4l>(D+0I
zPhU)N!sKywaBusHdVE!yo5$20JAU8V_X<uu|HFmVS7PN?;)jmliX-5g<9aNnC&_+8
z-H|>cW{QmO!p<W)v=kYJ37)j)g374|egJcV6PD)VfLvm4bO_Afd90nM0aO!mY&r=|
zH0q8BQ`<MnSES{IMkD&HI#0sb$cxN8L2}my{Ib`%4}@To>*~ns8{2~bhjydnmA&=r
zX9NSM9QYogYMDZ~kS#Qx`mt>AmeR3p@K$`fbJ%LQ1c5lEOz<%BS<}2DL+$>MFcE%e
zlxC)heZ7#i80u?32eOJI9oQRz0z;JW@7Th4q}YmQ-`Z?@y3ia^_)7f37QMwDw~<-@
zT)B6fftmK_6YS!?{uaj5lLxyR++u*ZY2Mphm5cd7PA5=%rd)95hJ9+aGSNfjy>Ylc
zoI0nGIT3sKmwX8h=6CbvhVO+ehFIR155h8iRu<x!^Z2M1Pzq+-oyvlRxQ>XZx^<Tr
z@8Tbpd#czm8-Yg}>cW>rq5K4z_dvM#hRER=WR@THs%WELI9uYK9HN44Em2$#@k)hD
zicqRPKV#yB;UlcsTL_}zCMK0T;eXHfu`y2(dfwm(v)IBbh|#R>`2cot{m7}8_X&oD
zr@94PkMCl%d3FsC4pil=#{3uv^+)pvxfwmPUr)T)T|GcZVD$wVj$mjkjDs`5cm8N!
zXVq2CvL;gWGpPI4;9j;2&hS*o+LNp&C5Ac=OXx*W5y6Z^az)^?G0)!_iAfjH5wiSE
zD(F}hQZB#tF5iEx@0sS+dP70DbZ*<=5X^)Pxo^8aKzOzuyc2rq=<0-k;Y_ID1>9^v
z+)nc36}?>jen*1%OX3R*KRASj${u$gZ$27Hpcj=95kK^aLzxhW6jj_$w6}%#1*$5D
zG1H_vYFrCSwrRqYw*9<}OYAOQT)u%9lC`$IjZV<4`9Sc;j{Qv_6+uHrYifK&On<JP
zpp<X22(sjxoU&97`N=lyhUxuG!%J2u>4V_7yMil!0Yv55z@dFyD{U@Sy>|vTX=P_(
zRm<2xj*Z}B30VAu@0e+}at*y?wXTz|rPalwo?4ZZc>hS0Ky6<x)^TtrxYs71dY<}C
zJ7~9+X<qB9Zm?iEJZ{MZLP-V?O@>~mi@kv#?xP2a;yt?5=(-CqvP_3&$KdjB7Ku;#
z`GLE*jW1QJB5d&E?IJO?1+!Q8HQMGvv^RuFoi=mM4+^tOqvX%X&viB%Ko2o-v4~~J
z267ui;gsW?J=qS=D*@*xJvAy3IOop5bEvfR4MZC>9Y4Z$rGI|EHNNZ7KX;Ix{xSvm
z-)Cau-xuTm|7`4kUdXvd_d^E=po(76ELfq5OgxIt3aqDy#zBfIy-5<3gpn{Ce`-ha
z<;6y@{Bgqw?c~h*&j{FozQCh=`Lv-5Iw!KdSt;%GDOq%=(V!dJ-}|}|0o5G2kJj6{
z`jCSPs$9Fe8O(+qALZiJ$WtR=<@GvsdM)IJ`7XrBfW0iyYE#Vy^e@zb<IIW7E)E^$
zm?~*Pm)RIxAq=^<S?g8*w}0T;h&X*9TfW7JL9qW1?e*VsCQ%P#8&~J=^eZt-8&g4J
z<L@1$tf8Hu`M+0?$?EIQIO<qmc$)KnDqVdnE7YcB<+P}|>ysg*B5Z_kSL6<)vqoaH
zQ{!9!*{e9UZo^h+qZ`T@LfVwAEwc&+9{C8c%oj41q#hyn<&zA9IIur~V|{mmu`n5W
z8)-Ou$YgjQ*PMIqHhZ_9E?(uoK0XM5aQkarcp}WT^7b^FC#^i>#8LGZ9puDuXUYas
z7caX)V5U6uY-L5Wl%)j$qRkR;7@3T<EihbM1}BSdl7mLfHh7Z5IU<tc_%R)hu1Pls
zW*$=d#aMnI^7$3UsHv{BJ5sQxr58gtU@13faQaKvtp1NTWBK(kBri8RFv{lQVz)EU
zE;0H{^qHFLE{ETvnK|d(2S~MWjq;7`XfESL1**kOb%IOfr--P)KDb+w?)o%$&plmc
z3-QPg+R@uss3E2opQk7Rm)`)TI@=AW{c<ZyIj@DoEI=}EtHB@U67zEBY|IA?TC1^`
z&MhCeE#}CUNjguncG~Xq>*N64YK_!`Fw=>CAwe~2loI1<>DZW&sb7Q)X;6E08&$h!
z2=c1i4UOO{R4TmkTz+o9n`}+%d%blR6P;5{`qjtxlN$~I%tMMDCY`~e{+mRF!rj5(
z3ywv)P_PUUqREu)TioPkg&5RKjY6z%pRxQPQ{#GNMTPag^S8(8l{!{WGNs2U1JA-O
zq02VeYcArhTAS;v3);k(&<OjocC=$o?TRU(R~HX`_by+I$w5@xw6t<*2LdvKE37`k
zgY2w6(gNl$CTp!>6ayCH8SXN@r;1NQeJ*y^NHM+zOd;?t&c!Hq^SR_w6twGV8dl>j
zjS+Zc&Yp7cYj&c1y3IxQ%*kWiYypvoh(k8g`HrY<_Bi-r%m-@SLfy-6mobxkWHxyS
z>TtM2M4;Uqqy|+8Q++VcEq$PwomV1D4UzNA*Tgkg9#Gpz#~&iPf|Czx!J?qss?e|3
z4gTua75-P{2X7w9eeK3~GE0ip-D;%%gTi)8bR~Ez@)$gpuS~jZs`CrO5SR-Xy7bkA
z89fr~mY}u4A$|r1$fe-;T{yJh#9Ime1iRu8eo?uY9@yqAU3P!rx~SsP;LT<Jbf>BL
ze<j@!$|69+G^FV<0dmKnWNMprxNJU~t{`&uDIb};O#gD#SUtD<w>oMK(!;(Zt8313
z3)V)q_%eflKW?BnMZa}6E0c7t!$-mC$<TXTDwQQ@WJ4kOaQ${ot9q1qI<zc^KS<Kt
zJ(!kxatq|HncYDRPoG>qt44OME5F(6B$E8w*TUN-h}0dOiXI+TH<trrR;qgADWj3>
zYFrr&k1(yO(|J0vP|{22@Z}bxm@7BkjO)f)&^fv|?_<v?bGp^(v{LHw7E&dh_!6#a
zLp5=pJXzMz!=2cx?pBZ$`*>JX+s)1*|7X7HH(W?b3QZ3!V|~m?8}uJsF>NvE4@fik
zjyyh+U*tt`g6v>k9ub88a;ySvS1QawGn7}aaR**$rJA=a<ruy*aA7&R1cdXAZ=fvQ
z7?AwvVWRDBj+?RQxP9<Eld<T8co91b&oa-&h-paua##@#UmSeWbQ$6ASd2{|yWwae
z<_OD(+JZih5G;0?))pr+4(0uA{>#eUT~ngUbJ%V=qsFIekLbv!YkqjTG{<Sx6K-xw
zVH;1ZChlA4?P<S<vBp1muSlGxcq+nmq$>_$F;$w19$(ivIs*1>?2ka%uMOx@B9`LD
zhm~)z@u4x*zcM1WhiX)!U{qOjJHt1xs{G1S?rYe)L)ntUu^-(o_dfqZu)}W(X%Uu|
zN*qI@&R2fB#Jh|Mi+eMrZDtbNvYD3|v0Kx>E#Ss;Be*T$@DC!2A|mb%d}TTN3J+c=
zu@1gTOXFYy972S+=C;#~)Z{Swr0VI5&}WYzH22un_Yg5o%f9fvV(`6!{C<(Zi<Hd)
zf?9YZqa5KsuLo~(-?`o~M(QFQk@|~fIjZ4c7cvux!@E|473(pKcY&_>gQ2`wso)cj
z9O12k)15^Wuv#rHpe*k5#4<VO!y+MK+RjQ{k<R&Ijfdv^PCr2`Wq*gcd9n6M$i7GS
zWD{0IJi~-slkyvdQrT5W#wgs9QYp`V2JT@Oyl*x}WLwPT{TMA3DhMeG;UOsO>vb%c
znP+Gjr<-p%01d<+^yrSoG?}F=eI8X;?=Fo2a~HUiJ>L!oE#9tXRp!adg-b9D;(6$E
zeW0tH$US04zTX$OxM&X+2ip>KdFM?iG_fgOD-qB|uFng8*#<c|@^p^*czNe~u#Nhe
zA)gEd7Y`NP(8Yn{!E*NxRd3vR5UuC8pCja3oAbZOImMj}O}<yG-*N8}_O_-n_V(7U
z|0U0lR$iA||BgL@A$5!LUrdsQMwOx>Z5jgqGY=zLU?4!OlO#~YBTB9b9#~H@nqQ#5
z6bV));d?IJTVBC+79>rGuy1JgxPLy$dA7;_^^L)02m}XLjFR*qH`eI~+eJo(7D`LH
z(W%lGnGK+Vk_3kyF*zpgO=1MxMg?hxe3}}YI<hw>>dVs8l}5eWjYu4=w6MWK09+05
zGdpa#$awd>Q<Pu(7+f+_x8>|@aZa*z{5F3xy3n@E4YT9%TmMo0jxW59p0bI?&S}M+
z&^NG%rf7h*m9~p#b19|`wO5OMY-=^XT+=yrfGNpl<&~~FGsx_<SH(o8TA?{1o1y)q
z^L3tn!1Q##WYDg?vz6gJq+H{z0Z6=`Rsx+yjHa+c2dL}U+sI|bMA@UmvrjrPhz-y{
zc=i~q1XE+Ro}#t=Wg5zemW=SD_L>`IaFn+sEgF$hgOa~oAVAiu^a$jHcqkE=dj`ze
z=axsfrzzh6VGD0x#6Ff=t%+VTiq!n6^gv*uIUD<9fOhvR;al5kcY${uunn}-!74<7
zmP^3cl-kyN(QY!!Z-^PY-OUkh=3ZWk6>le$_Q&xk4cgH{?i)C%2RM@pX5Q{jdSlo!
zVau5v44cQX5|zQlQDt;dCg)oM0B<=P1CR!W%!^m$!{pKx;bn9DePJjWBX)q!`$;0K
zqJIIyD#aK;#-3&Nf=&IhtbV|?ZGYHSphp~6th`p2<qF+^4BzD@E~uh`pn_7wEi&g3
z=?JBYF~BWU4<wU8Cij8+F{u4npgj-<kzS>rkw&((%kBV7<{siEOU7AxJj+FuRdDu$
zcmTW8usU_u!r<xT=YN-SyzXKiR(!Xt>)#jg|J=Gt{##7;uf4A5cdt6Y02}f(d2)z~
z)CH~gVAOwBLk$ZiIOn}NzDjvfw(w$u|BdCBI#)3xB-Ot?nz?iR38ayCm48M=_#9r7
zw8%pwQ<9mb&#7Es5~_>pN3~#+Er~Q86J+2TDXM6umCbukd-X6pRIr5tF?VauT8jW>
zY^#)log>jtJs2s3xoiPB7~8#1ZMv>Zx0}H58k-@H2huNyw~wsl0B8j)H5)H9c7y&i
zp8^0;rKbxC1eEZ-#Qxvz)Xv$((8lK9I>BspPajluysw^f#t9P;OUis43mmEzX+lk*
zc4T-Ms9_687GR+~QS#0~vxK#DSGN=a-m(@eZTqw2<+lN9>R~gK2)3;sT4%nI%Y|0m
zX9SPR!>?~s=j5H4WMqeTW8QaLZ=1bWS5I3xZ&$(ypc=tHrv+hX@s)VG(tc!yvLM7n
zshN=C#v={X1r;)xn0Pow_1eMhkn!{;x$BJ#PIz)m585&%cmzk;btQzZAN_^zis;n?
z?6I~bN?s;7vg_dtoTc4A5Ow*Rb}No#UYl)sN|RmoYo}k^cKLXd8F`44?RrokkPvN5
ztUrx;U~B;jbE_qGd3n0j2i}A{enJvJ?gSF~NQj~EP5vM-w4@;QQ5n(Npic}XNW6B0
zq9F4T%6kp7qGhd0vpQc<W<L!fXJ~a+;4Khyr5Qhi14))aSy_<lw1b(PskQ0m-#boe
zA7vv?mzfH`Jh>z+nMk8GOAmbz8Bt4@GtewGr6_>Xj>ge)SyfY}nu>Y!a@HoIx(StD
zx`!>RT&}tpBL%nOF%7XIFW?n1AP*xthCMzhrU6G!U6?m4!CPWTvn#Yaoi_95CT2!L
z|B=5zeRW30&ANGN>J9#GtCm&3SF6n4TqDz<-{@ZXkrkRDCpV$DwCtI^e&3i1A{A<x
z;2|tq%BrQu8b~3XIcCW(SwO2Qo{~(iKF8b80t{dy-ASxDFVBu71<-fKB?XPiF|me|
z=x6N^A6xeq&BtV~$BZ<o(2Y7NHHWgSlhiV?0&?tHLu3b)_J-PW>r&JZtS^c+lyPa6
z%JJr42S_;eFC<HyN&ZMSk+!vPxQr^jTrZ{0+R?&~n(bDfIxeox!m}PUNIWM6DI?<(
zT2si%OLG7mJo(b>#M~bdtQePhOU32WDiZ4@H&af)z#$Y|hnQNb)8(3?1Ad>5uaZ1z
zU~!jt3XUI@gpWb8tWTyH7DGvKvzYfqNIy3P{9vpwz_C-QL&`+8Io$F5PS-@YQJoEO
z17D9P(+sXajWSH_8&C?fn>rTLX+(?KiwX#JNV)xE0!Q@>Tid$V2#r4y6fkph?YZ>^
z(o^<V`ne&X_HQL}Ps!gij?%w4&m}?Ps6H^U)X!|>q(0*P->3?I0cELXJn(N|#qTm6
zAPIL~n)m!50;*?5=MOOc<ZEVd{!x0=tWkQjcj#EEXI8($zpYhY?h=S*e^`Z`)3UF{
zky_7<Nsk@h^#%w~-;v}gpHV)m{?b3wAf*D66ID!&W8QczIGr*dR(n<CK$mURTOiAV
z<lD*0YMaqWe&BGwyT1$fC#E5mWk%?^kGR|yu~8)%i_)F%6Vm6DYe;%inSs@0A+dn0
z=o*C|Cgxb{F1AEY_-9NniiLigsT<CHl5`@W3sl@4i-Z28RhP$TcY**+xoy|*Iji|!
zh&M<pkuw^lO>4Wk;w(0c$(!e?vpV23S|n|Y7?nyc<krXgvoM8Y4s4-xP^eZOrQh6(
zbL?h7r&v>8)fD8t-KI&nTklH&BzqQ}D(1gH3P+5zGUzIjT~x`;e8JH=86&5&l-DP%
z)F+Et(h|GJ?rMy-Zrf>Rv@<3^OrCJ1xv_N*_@-K5=)-jP(}h1Rts44H&ou8!G_C1E
zhTfUDASJ2vu!4@j58{NN;78i?6__xR75QEDC4JN{>RmgcNrn-EOpEOcyR<8FS@RB@
zH!R7J=`<qyvO5jTK-`}T1}ITNlGB)M;WAqsA4^>KK^u06eeI|X@}KvQmdKE3AmAy8
zM4IIvde#e4O(iwag<LKgGj#`eK5h`_DRA^{i>`UL5yQo>6&7^=D4yE-Eo9$9R2hR}
zn;Z9i-d=R-xZl4@?s%8|m1M`$J6lW1r0Y)+8q$}Vn4qyR1jqTjGH;@Z!2KiGun2~x
zaiEfzVT<|_b6t}~XPeflAm8hvCHP3Bp*tl{^y_e{Jsn@<QpTRxy~I48d!aMjkL30E
zCwGqg2Ht%$0a~0zPmAFTrO04}q6!O3%)kobW9+~-B779_EFydi@hStv32;GGAB+Vo
zGQY$EjAd0ZZ^AD*7vM__>w+KP{7}bH_s=1S2E1sj=18a39*Ag~lbkT^_OQuYQey=b
zW^{0xlQ@O$^cSxUZ8l(Mspg8z0cL*?yH4;X2}TdN)uN31A%$3$a=4;{S@h#Y(~i%)
zc=K7Ggl=<xZMTLme>&2hYVic*W65gpSPE70pU;FN@3k?BYdNDKv6wlsBAF^);qiqI
zhklsX4TaWiC%VbnZ|yqL+Pcc;(#&E*{+Rx&<&R{uTYCn^OD|mAk4%Q7gbbgMnZwE{
zy7QMK<srwzjF^HmPE;6uLX+TQVJBikFu1hk1`NI#LP|tjvdEkWrdIO=;M;EM96tck
zqH2Rg)#aB!i2Hker_h78G^ozmPAa8sdEWhkLrs})dH+^%<;*UJE3(=5-E|mqSymt{
zkeEv8zHsZx=**5b-w}p5Xd7L~o?@ppl%Y9RVO`!rYId5z?Jvj9nVZn6<VMiK@kpV_
z1E$*oN*ji}VXj6PUp@ZYuo^Dnx<e#Km@qL^G)wt_SZ^Bvqa(cI4J2>%jIjU@ye?0;
z;0--&xVeD}m_hq9A8a}c9WkI2YKj8t!Mkk!o%AQ?<GgxY5guXo8{}TlwGN)h5Xy0(
zvcI7t!O|M=E-&3>|CCBL9}n570}OmZ(w)YI6#QS&p<={tcek*D{CPR%eVA1WBGUXf
z%gO2vL7iVDr1$!LAW)1@H>GoIl=&yyZ7=*9;wrOYQ}O}u>h}4FWL?N2ivURlUi11-
zl{G0fo`9?$iAEN<4kxa#9e0SZPqa{pw?K=tdN5tRc7HDX-~Ta6_+#<kdw-7-Sl_2=
z|H~-xohbjG&B=fL3tN~PTmP#gOHTUFDEW|W%U0cvO`+=TXVqc}ZD?)i48&nf$uM$J
zdaI1Tn{}|JhL&S?m7gT`ZL=Z;b3@Yf?}{VLjq3<fa4fPjlWW;eoL6h<o8Q?<?;r~O
z#-NU<rfKpDlw);-3!-?YoOD<cc?HJl{T3cRqiFQnp#g>s9W&d`6PB7dF*G@|!Mc}i
zc=9&T+edI(@la}QU2An#wlkJ&7RmTEMhyC_A8hWM54?s1WldCFuBmT5*I3K9=1aj=
z6V@93P-lUou`xmB!ATp0(We$?)p*oQs;(Kku15~q9`-LSl{(Efm&@%(zj?aK2;5}P
z{6<@-3^k^5FCDT@Z%XABEcuPoumYkiD&)-8z2Q}HO9OVEU3WM;V^$5r4q>h^m73XF
z5!hZ7SCjfxDcXyj(({vg8FU(m2_}36L_yR>fnW)u=`1t@mPa76`2@%8v@2@$N@TE`
z)kYhGY1jD;B9V=Dv1>BZhR9IJmB?X9Wj99f@MvJ2F<eY`A?(Jl!-zJY9?iV<S8YR1
zzKj>im*R`rsRilvz_3n!nPFLmj({EP!@CGkY5R*Y_dSO{qto~WerlG}DMw9k+n}pk
z*nL~7R2gB{_9=zpqX|*vkU-dx)(j+83uvYGP?K{hr*j2pQsfXn<_As6z%-z+wFLqI
zMhTkG>2M}#BLIOZ(ya1y8#W<+uUo@(43=^4@?CX{-hAuaJki(_A(uXD(>`lzu<hcX
zu<`rODLH+-71-BRaTp})^?Ug_ji6bWm(uXz1O|suX_K)0b#uG8X5wLm7%2Sb7ascW
zc=2~bRAf14wvTyf*%a`PoV7;4md$VXW5kfQ|I7t7mp0vAMFj%-`CY<<|I0A(uPXjm
z;Z|$@heULVpQ5pA?0OXhIAlr@%7pBE0xX{h3@YSTP_chU7b*SNZ(7GgIMVq)5zF1p
z)y;tA%@&vX>M~M;3XA48ZEN@HRV{1nvt?CV)t;|*dow0Ue2`B*iA&!rI`fZQ=b28=
z_dxF}iUQ8}nq0SA4NK@^EQ%=)OY;3fC<$goJ&Kp|APQ@qVbS-<AMg7|<xK7gEQ0*G
zlcf^Q6}hF3@wqieC-alDZL9Le?IO#mRyv1!PW+owXxKCN3nDf53%oqiVrCNyxSko6
zH$42{o(;K2cOd*r*Fv7Uq*F$gLW9SI>MtJQBc)^aO8mYFsbhafeRKdHPW&s^&;%>v
zlTz`YE}CuQ@_X&mqm{+{!h2r)fPGeM_Ge4RRYQkrma`&G<>RW<>S(?#LJ}O-t)d$<
zf}b0svP^Zu@)MqwEV<VUFg__G=GHzjJUM5j%&XT6R(8v6!}8X_uU2*s^;Gn>^Fb_j
zPYYs~vmEC~cOIE6Nc^@b@nyL!w<ZLmMX}N-x6Tx~S9?LZi8cq$5v`F@+&&v*zO9fh
z{v+HUi$rP{f92r|TVIstb;@o^KTr>5o?nQ!$mGq(Pa|1-MD}K0si<&}eag=}WLSDO
z<gdc$xr#hPYiFOOqHB%j&x|A|!bGgNCR1!rS<T3;h{c#J$<sk-tkl))tF|4cBRWRl
z&dyToHxyc1cCuWTaMT#l7IV#Q*r`dxs=6EIq=JkuRAmOOcZKN9Y?+9u7Dm;XJxOjJ
z-I)7X%K36EYHj2(tC1R=#0QSgSx}N6tdO~Vt8eh?B{sf&$)`<qcA{Q-Z7$eq;;bT3
zY~n$;RB|}W2Q~dA;b!X6q{*=M?CK#TX0Fna=`uBpMj;8+^Wj1litN9#+$A~CTT+;^
zb>E4+eA~!J(K}605<AJateB#!5Jo3MRGQXgY#11*@WWa$<7LH&X|GNMTbGbRj>x&4
zT72P7J^)Y)b(3g2MZ@1bv%o1ggwU4Yb!DhQ=uu-;vX+Ix8>#y6wgNKuobvrPNx?$3
zI{BbX<=Y-cBtvY&#MpGTgOLYU4W+csqWZx!=AVMb)Z;8%#1*x_(-)teF>45TCRwi1
z)N<HNFgUCSJViO;(JJ)Kbs4vjFO%F?kvSN-O|_NwW(EOiHj<(STe$x6RQM9bLsVXv
zyH0p@OIcRdC>n>hy3_lo44n-4A@=L2gI$yXCK0lPmMuldhLxR8aI;VrHIS{Dk}yp=
zwjhB6v@0DN=Hnm~3t>`CtnPzvA*Kumfn5OLg&-m&fO<k$Ar7F>bRD};c}Hf?n&mS<
z%$wztc%kjWjCf-?+q(bZh9k~(gs?i4`XVfqMXvPVkUWfm4+EBF(nOkg!}4u)6I)JT
zU6IXqQk?p1a2(bz^S;6ZH3Wy9!JvbiSr7%c$#G1eK2^=~z1WX+VW)CPD#G~)13~pX
zErO(>x$J_4qu-)lNlZkLj2}y$OiKn0ad5Imu5p-2dnt<E$QZc-BKsz(vO|0}pqQi;
zUZ-Nt*kB&hE*49T8u+j=M$kHp6)365a>)(YI|b7rJ3TBUQ8FB8=&ym50*ibd2NAbj
z;JA&hJ$AJlldM+tO;Yl3rBOFiP8fDdF?t(`gkRpmT9inR@uX{bThYNmxx-LN5K8h0
ztS%w*;V%b`%;-NARbNXn9he&AO4$rvmkB#;aaOx?Wk|yBCmN{oMTK&E)`s&APR<-5
z#;_e75z;LJ)gBG~h<^`SGmw<$Z3p`KG|I@7Pd)sTJnouZ1hRvm3}V+#lPGk4b&A#Y
z4VSNi8(R1z7-t=L^%;*;iMTIAjrXl;h106hFrR{n9o8vlz?+*a1P{rEZ2ie{luQs}
zr6t746>eoqiO5)^y;4H%2<BkZi5tt<3x!UQt98zj1W<8j93$uGFF$h$bdznZWhb7b
znLTQgvx9Qcm<Xepxl=K85buKY=Ib!qE>~&FT*Qc*9_oC2$+&syHWsA=rn3B~4#QEW
zf4GT3i_@)f(Fj}gAZj`7205M8!B&HhmbgyZB<D9PSg2+}Rs%jVF~$y=V~y{^%}%>&
z+COyAVNxql#DwfP;H48Yc+Y~ChV6b9auLnfXXvpjr<~lQ@>VbCpQvWz=lyVf1??_c
zAo3C^otZD@(v?X)UX*@w?TF|F8KF>l7%!<kbph8cUodrPAJJd%WY@2~TX}(qwom%@
z@ARbG&%LPifU_Ql=J~cDcFG>Dzu+hksSA^akEkx8QD(V(lK+HBCw6C}2onVExW)f$
zncm*HI(_H;jF@)6eu}Tln!t?ynRkcqBA5MitIM@L^(4_Ke}vy7c%<hQf3mTV+||FK
zM8Z)>$w{(`&7Rn=u>oDM+Z^RUYcbSOPwT(ONyq76R>$V6_M_UP4vs=__I#io{{((|
zy5=k=oVr-Qt$FImP~+&sN8rf2UH*vRMpwohPc@9?id17La4weIfBNa>1Djy+1=ugn
z@}Zs;eFY1OC}WBDxDF=i=On_33(jWE-QYV)HbQ^VM!n>Ci9_W0Zofz7!m>do@KH;S
z4k}FqEAU2)b%B_B-QcPnM5Zh=dQ+4|DJoJwo?)f2nWBuZE@^>a<zU@xT0d6IHav4c
zb~p!{)~4X`9H7f4Os$BBi<uW85TZB$IwVnnn`k+3Lfce&Rzjf31s|*fwe$YbK${pp
z*tbfAnkuI*vOT>(gP~ObzMuyNJTgJFUPcH`%9UFA(P23iaKgo0)CI!SZ>35LpFaD7
z)C2sW$ltSEYNW<tWp;)M)gi8^dT+jcDl%}Kf?9QFd|xmfdxyfsPbDwk@9&~vG_Z{u
zQ@p1E$rDYzYk{^3<YL}K%>%%j<B%d>8F;yK{iHI2Q^}coF@LX`=EvxZb*_O;2Z0Z5
z<t@FVe@+!TR-b?O`lYlsu6VQ^Cc0rHAKtKSmI7A=<mxAvBKvVotgv_F`ia+@cV{@3
zy%&0z)&wPGy<09(8G)NL7S=D5jeCAhpA=|&BSJ~}awHo4v-XZ)h*67&lQ|?paWB>7
zlccxmCfCI;_^awp|G748%Wx%?t9Sh8!V9Y(9$B?9R`G)Nd&snX1j+VpuQ@GGk=y(W
zK|<$O`Cad`Y4#W3GKXgs%lZduAd1t1<7LwG4*zaStE*S)XXPFDyKdgiaVXG2)LvDn
zf}eQ_S(&2!H0Mq1Yt&WpM1!7b#yt_ie7naOfX129_E=)beKj|p1VW9q>>+e$3@G$K
zrB%i_TT1DHjOf7IQ8)Wu4#K%ZSCDGMP7Ab|Kvjq7*~@ewPm~h_-8d4jmNH<pfqQ|I
z!YTVc{?ZH@BD}h%vf=bWfAP7V&Rf=bOq^~NLhGU}*|~<aTkKW3_RmeG><&mNZC@CI
zKxG5O08|@<4(6IEC@L-lcrrvix&_Dj4tBvl=8A}2UX|)~v#V$L22U}UHk`B-1MF(t
zU6aVJWR!>Y0@4m0UA%Sq9B5;4hZvsOu=>L`IU4#3r_t}os|vSDVMA??h>QJ1FD1vR
z*@rclvfD!Iqoxh>VP+?b9TVH8g@KjYR@rRWQy44A`f6doIi+8VTP~pa%`(Oa@5?=h
z8><Is*|k4Wm^S61QF)a<b`%iwYpxvvT(i)Wl=h}ig6i!wS_O7k(5TrzzI?is`$I8d
z$z1Mr-D&oAZ)MmzC$>YxNvA##a3D0)^P|2|+0~f|UsAJV=q(S>eq-dehQ+T>*Q@qN
zU8@kdpU5gGk%ozt?%c8oM6neA?GuSsOfU_b1U)uiEP8eRn~>M$p*R<ZDjnI@9&_4j
zI`4*Q2=nj*9uzH;Gu_8WE&$sDhr9nJLFhU9Bv)!XWvooTphZtN9KcCLiqNi+h}ur>
z43n<hxuc>SZs@^<WV-bOALh{_dBfKfn*4#)TgN}6y#WUIp+l&~VD|#ldfZNBNs;@m
zS{mb4W+67xR5c{QS7@T2*gXOVr}5|HczT)AS`}XpsO4tdd+JVn=SX}g{arjc7QkFk
zHZ<NsBq&W{nHqZoNtG1Ute+=NE{|iy5|n;P%nfsl^(IIYhq3S)UIQ*NU03bZwJx*4
zQzUTd9A|99S!YfiJ_-wo3J!<F$&{VivMD`XXm0Bu+OE<559mi7u2Y~|x^)>ahO78s
zulbK@@<h3kY!x99eCXNI6Xqcoq^(;E47A_F;5jh+=)w=Fa|ac@0W~805Z1K?m2-aZ
z_PM~|?5~!^-AVd?#6L>{3=2=@^yZ)DuIC$ki;`2WNbD_#`LOHN9iMsrgzt-T<8aeh
z(oXrqI$Kgt6)Icu=?11NWs>{)_ed1wh>)wv6RYNUA-C&bejw{cBE_5Wzeo!AHdTd+
z)d(_I<lp0C`-jdEx%X`fgA>KN7z^n|As~3XS=cCB_TgM7rK;X586re`{~Foml$aKs
zb!4Pe7hEP|370EWwn$HKPM!kL94UPZ1%8B^e5fB+=Iw^6=?5n3tZGYjo<LZzL3wRS
zup2H>v83CLB&OQ++p)WCMeshCv_9-~G9C_2x`LxTDjUcW$l6e!6-&a^fM3oP9*g(H
zmCk0nGt1UMdU#pfg1G0um5|sc|KO<+qU1E4iBF~RvN*+`7uNHH^gu{?nw2DSCjig%
zI@ymKZSK=PhHJa(jW&xeApv&JcfSmNJ4uQ|pY=Lcc>=J|{>5Ug3@x#R_b@55xFgfs
za^ANzWdD$Z<U}6PgaA%eY(CW;x5+F+yl^XP2Bql$&W8EBo9%+^n_xCuT9!pO)T7IA
zIK0{%X*E|HV2tzk&y<5TGwwQ6n=7aT2C$X7!8!IrZW$aoAn)WJ?v*?W1!&5C4nM5{
zWoA1hpY;z2qVJE!-Hx+{n)a9;7-5nsfdg-s(1Z`ASH2G*CidBrdtn8~z&E9i#K(Xw
z-Bsq;CKAH4C5uwAJ=PBGLT`;i-yr*%avIjt8()FKn;ONq?ZOl6r7r2gA8id7aZR8H
zkQQDdpGqFH3kr_E%owg2TJlzX36fdb$8nyNPyDDmQJ4>YtFs$d7+oiw0ZmPk2&l|<
z<x&&$7ib2ej}4u3C&TVWo+QOSY8`)=TKM3B15YRkG(_~kSKH?`|JrQ_+F_N_Co^0&
zvxP3H%7O1|@yv6g+m!aLTRW+Hk7YP3d1I)hnHb;rNJCkVCSCDHT|E9f^kjiuB~JVl
zc*5a}8#TnsiWXYd(bScC7_@<goaS6xy4H8xH3fdhTCApNoQMMogPqBP7A@OXQHFJU
zKQ~bFt27lIZzEGQyZYoJ?l_YLwhR*{7Mi?dFxPpGzM#{R^MO(}HQ<Ao@MM(QAFeR?
z9x;dXWYMI#Ha}F=D2W1Up6B5n1#Qy3d~xgxv|q=apg?>c8()w<zOy41on%=kA*#Y{
z0og?wJMUow+HvOt<{XjsenX5x`gy8e_^N5MDD_7ZXcJ59c^tP6-)iv>fiJx@EGpQT
zG$8iLkQ<Bz!QU<f11CFG(&h^m;C^s4M{|Yun5e%@G)2|F({Tpn9PRX$iywb~U?K%i
z{B{K^m!1e36pY3nMHm!O2H&bV2Sex2PdH9|_KnDCF$RLTr=BAiFs!#>Z-086doF1R
zh<#9cz_vRsJdoXbD=QgOtpm}cFAJX8c}<S)cIn9ORwwc%xm&y_N%n2(D36`CNO*eH
z(^`;*BQm*bu6y8Gon03;XAAZTweS(3(Xbbn=v!G8j?Ron8y>>Jew;PQJSXSb^;wlC
zxXLHTS|!GZ-VK_4wV<K&EBIT5&!ue;RuejXlJEQ^lqpnHHDOtJS}S^5XV?}zlJASU
z><9bk4RUmlsByzW_^b>)$6R+jQ}^wco1nMA`9Lncs;&QGp!`5Tx#aXXU?}5_RrtUY
zx(EMzDhl-a^y^f5yfFLMnOO#u)l69&4M?|ne|2EV><q9R0Y~+Z3w;m(5m%re_$$7`
z<Gg)eKU@b_PL8s{Ps&LDP!)zk2(edhJ^yaR@*8)}x|M_(cQ7AcEP}mKvBCrF?z}lG
zILn}|!g5R$!Zv4&c-lW<WSOBq1Rog|>zQ}4JQCBel?~2I4?D|>L$%H(peOOII!U}i
z-j)*h1rODe9{0`xmhG;`AKqw1p0_KhEIU8)DoGnEn9wAhXPaxO_(jNSij~J5m$P*$
z9Mt(t;eV}2+i|kjQpBFcNb7_(VbuF<;RQB~R~p>2*Lg>a&7DEEuq*I%Ls4{zHeUDq
z+M0&YhEn^C*9-B4Q7HJ$xj)dORCXPK+)ZtLOa0o&)Sl+f(Y{p*68$-#yagW5^HQnQ
z0pWpo<wx7z5zDoIkHG$ymR~;3`&Y{tlF_(wP`;ZA^4@ca6I8^iUxaXXoVp%YygVuS
z^p979t3og#iZ#^h$Al&6@;J4M)6fgx>Qpxg8<&gx9im(>=x6v#&RbQ7^AsjxeSDA?
zi4MEJUC~ByG!P<Exv`*r7_Yizi*BaQOJ4i91z(1bzWdZ!B@*bOS>iBjq7$pK&FA^5
z=Y@dtQnuy%IfsaR`TVP0q^3mixl&J-3!$H!ua#{A>0Z1JdLq#d<JNUELP-R*m0VUZ
zr@z_%V#93^JIrjOP1jCie^|YWze;pwe3m=p#P06t-`lrQB|e;IfAz~b%CcG_;@uR_
ztzRt=M;G)xATi9qfu}c_vv`Fnklc3(zkC(*sFIq*hD94Z(S5M{ifn{2`diLfuuHXv
zFs-^dEr2|&Sc-TCQ~#w~b>4UV<w%Vzul~hYYNbR+N-v)`hnqLXgLN>9nlYm641ZHl
zH6mK~iI6lR3OUEVL}Z5{ONZ_6{Nk%Bv03ag<1HVN?R%w2^aR5@E>6(r>}IoMl$wRF
zWr-DItN*k7T$NTT8B)+23c?171sADhj<pTnb%>Inb2Xb>GhFYGC&3{b>huvLlaS4O
z^{j5q+b5H?Z)yuy%AByaVl2yj9cnalY1sM<gzM#36)4^l9)*NC=3hG!BRp6-hll>Q
zXI#e%*CLajxGxP!K6xf9RD2pMHOfAa1d^Lr6kE`IBpxOiGXfNcoQ*FI6wsNtLD!T+
zC4r2q>5qz0f}UY^RY#1^0*FPO*Zp-U1h9U|qWjwqJaDB(pZ`<`U-xo7+JB$zvwV}^
z2>$0&Q5k#l|Er7*PPG1yc<j+Hgj7{K<ER~hRdQ!)3|;oFNJd6dX^HEEI)euHneoJ$
z#-=LNX#HXNd@=J~82(=b;~qImSTU^93kye1(_ij%--v7epTHJ*SmLm)Mr{G>j4BGz
zg&`d*?nUi1Q!OB>{V@T$A;)8@h;*Rb1{xk_8X<34L`s}xkH-rQZvjM`jI=jaJRGRg
zeEcjYChf-78|RLrao%4HyZBfnAx5KaE~@Sx+o-2MLJ>j-6uDb!U`odj*=)0k)K75l
zo^)8-iz{_k7-_qy{Ko~N#B`n@o#A22YbKiA>0f3k=p-B~XX=<MSGacN)U%?3i^I)a
z4|ju)0K%rke~yEQ2vA37As200K~)P$Qn?#4ZHYa~(Wt8h>`Ug>jl$e7>I=hph0&AK
z?ya;(NaKY_!od=tFUcGU5Kwt!c9EPUQLi;JDCT*{<P27@Ql_745n_YIplWoIkPmd?
zjni(f{BYZi1TY@c3Y-$9V6}aPNgOR10uajL&cR1nrt&w^(F48Kd=63F>90O@Wc>b|
zI;&GIY$JlQW^9?R$-OEUG|3sp+hn+TL(YK?S@ZW<4PQa}=IcUAn_wW3d!r#$B}n08
z*&lf(YN21NDJ74DqwV`l`RX(4zJ<(E4D}N0@QaE-hnfdPDku~@yhb^AeZL73RgovX
z6=e>!`&e^l@1WA5h!}}PwwL*Gjg!LbC5g0|qb8H$^S{eGs%cc?4vTyVFW=s6KtfW?
z@&Xm+E(uz(qDbwDvRQI9DdB<2sW}FYK9sg*f%-i*>*n{t-_wXvg~N7gM|a91B!x|K
zyLbJ~6!!JZpZ`#HpCB8g#Q*~VU47Rp$NyZb3WhEgg3ivSwnjGJgi0BEV?!H}Z@QF|
zrO`Kx*52;FR#J-V-;`oR-pr!t>bYf)UYcixN=(FUR6$fhN@~i09^3WeP3*)D*`*mJ
z1u%klAbzQ=P4s%|FnVTZv%|@(HDB+ap5S#cFSJUSGkyI*Y>9Lwx|0lTs%uhoCW(f1
zi+|a9;vDPfh3nS<7m~wqTM6+pEm(&z-Ll;lFH!w#(Uk#2>Iv~2Hu}lITn7hnOny`~
z*Vj=r<&Nwpq^@g5m`u&QTBRoK*}plAuHg$L$~NO#wF0!*r0OfcS%)k0A??uY*@B^C
zJe9WdU(w){rTIf<;rwJt^_35^d<<XSsx?mw)n~){BsbL1=79ZX5?H71;`*yX`P%U3
z9dsudtG@K{p%|%!@RtG#orG18Av*K)9d~LiHHzeA=4Q06n;{~60AXElVy_J*Z&2CF
zp|X7HJ`glDJpI%)eEoh5Dl@aV4XzCd7I3h;$e>A@$Fq<Kz~u9L>EZW6kwyfAo2<Z|
zy3%L_hMPa(<umu2v5sA_J3z6-{K(d~$J~4408!Z7Av~VG6@gUq$uIvPdF1W1aD#o5
zduZVQADr;N)%*YL8UNQ4RXh2KvxLTL3?P}<10R;Gt4A4zs;3=8mxM~<C=zK2N2BF_
z5X%OdmcX7!lwdYW89I@JvW5Y?DM>x0T$Ye2MZox6Z7<%Qbu$}}u{rtE+h2M+Z}T4I
zxF1cwJ(Uvp!T#mogWkhb(?SxD4_#tV(Sc8N4Gu*{Fh#<qKjSG6^WceMtGbTpPr(Wp
zmgkN_thv2q#a|ZDK`6x8hTYSCcEj8@4CUy-8F(6a=F5THL-y-iP9(OwzAI;Vy<tI^
z3G+}Jawg&-7y<Ib9Ee?g0ms+d7vMKLqafCU-Z5p<huT>})Pvb^ef%jrlnG*&Ie+J5
zsly5oo?1((um&lLDxn(DkYtk`My>lgKTp3Y4?hTQ4_`YNOFtjF-FUY#d#(EQd(rfz
zB8z%Vi;?x)ZM$3c>yc5H8KBvSevnWNdCbAj?QCac)6-K~Xz@EZp}~N9q)5*Ufjz3C
z6kkOeI{3H(^VO8hKDrVjy2DXd;5w<IeAyEChw*xM>r4nb`19yJi0DO@607MSx+7F$
zz3F7sl8JV@@sM$6`#JmSilqI%Bs)}Py2eFT;TjcG5?8$zwV60b(_5A>b#uk~7U^bO
z>y|6SCrP2IGST(8HFuX|XQUXPLt2gL_hm|uj1Ws`O2VW>SyL^uXkl>Zvkcpi?@!F7
z%svLoT@{R#XrIh^<BvD8TN@?R0^1~VQ|Dyb`Pt?eHbKjd_U@{*5*?M1r2-=@kXKy_
z<+1e;D_wch)*kXNfy<8J;B_ZPfIuGZlU+DheTq7D4xiwHKVcB3^tAriI9e?w7hG|b
zzAE`Lttd0z+DArViohu(*8FTGnED_vJ&J6-5=>*dE~$YhMwC+b7JE09NAS47kT%Ew
zD!XjxA@1+KOAyu`H2z#h+pGm!lG<xxwAYpf>>WI0v745l+Fd><3dh{ATq%h?JSdEt
zu%J*zfFUx%Tx&0DS5WSbE)<i~BDkB9<hoUP9wxHiG+%EYy<~b)kp7JgYH!LlPK#fp
zJ2>vwZSoAGT=;W#(DoiL($BcK;U*w`xA&kheyMLI673HCb7fGkp{_vdV2uo;vSoAH
z9BuLM#Vzwt#rJH>58=KXa#O;*)_N{$>l7`umacQ0g$pI3iW4=L<O;S5E41~94p-)Z
zdj7nov9|DvAZ$CyXNpo?<F@0YV%cmvbNl3LBDOM(t`bSs@dF1YDKZSzsj_O_xqIsv
zuCIbkxI<=6yR`L`!>--O;Wiq0zy7OKp`j2r^y3`7X!?sq9rr5B{41BkBr1fEd1#Q3
z-dXc2RSb4U>FvpVhlQ<Pz-+-AoFa}hrx!}<Af7A>CIzQ-hs=<OvYsM3tZJYC;kL6d
zg5_D(?q{yw{$oVco%AG1zHw)1ueC6Yqq>8420z=7F2F(^x<PaYq(0J8j!WZuHlRML
zvw=Ou(u?QDY^uASsn_awr45Elt7VSt*KdrZ=5#dpwIJ?;ZL2@+Q)(UbDV8x4(c3iO
z2aeiw>D;^RXgpjlh8S6*xCP#Gj2+Q0bAg?XARw3dnlQ*Lz3vk}m`HXmCgN=?bIL{T
zi}Ds-xn|P)dxhraT@XY$ZQ&^%x8y!o+?n#+>+dZ1c{hYwNTNRke@3enT(a@}V*X{!
z81+{Jc2UR;+Zcbc6cUlafh4DFKwp>;M}8SGD+YnW3Q_)*9Z_pny_z+MeYQm<P^9sZ
znu|D_<^I{Ste`SvT@HfHmt@`N$>z?r%EVaN0d!NE*FVPq&U@vo{ef6wkMIDEWLbDs
zz91$($XbGnQ?4WHjB~4xgPgKZts{p|g1B{-4##}#c5aL5C6_RJ<Ttl4G#F(}kh2N+
zSmGyT4m$ai#zH>_(*5>85B1}U!<!2UM(Sssbgv-0jQn3Z5Z=St$WFu4dk8%00AohQ
z5_j$rTra@;%r#_}_?yR(M9~qtS0k9ms7u1^E8A@EK84Z`D~?syqKIQJH&9UN_(2yn
zaXv?4f`av1qKK8aD`4!ISzW$pIw{{@aR?}Ecb%D}kOc_L9P-b$q;o5b(%uM(yrG^H
znekk2NVFX17-R54zr%wT27VgHKA8R)BU{N1+t3`IdwbgwB&^T5eo$rnjs4P+bjHcm
z77A$!ebLmbShMNcWal#|h%#mjg#kG>_<``}q-97Q7~u)(&lsb(WT^(*n7H%33%@_b
zO5(?-v??s??33b19xiB7t_YT!q8!qAzN1#RD@3;kYAli%kazt#YN7}MhVu=ljuz27
z1`<+g8oVwy57&$`Ci<lcu~1NgJrU{`5a2BQw}bDY_L1`4I2DtS>HeaM)tz(OSt4E#
zJ@P6E*e504oUw~RD(=9WP8QdW^6wRdFb<cdg|`6ZEa;xyB#I9Rs;NDT4}$+Loeugr
zbvE!V{r7<a0%G`|d!>KII!GAWecJ(?{`EzTR@?j!3g?$@LLCt;U={>!9z7DU!(1Jq
zqEwdx5q?W1Ncm7mXP8MFwAr?nw5$H%cb>Q><9j{Tk2RY9ngGvaJgWXx^r!ywk{ph-
zs2PFto4@IIwBh{oXe;yMZJYlS?3%a-CJ#js90hoh5W5d^OMwCFmpryHFr|mG+*ZP$
zqyS5BW@s}|3xUO0PR<^{a2M(gkP5BDGxvkWkP<K5ZUpLtQ+!)MrC%3LpSOp81VT|8
z`5eKrF=|Etn*ZUmlMfM>udSV*TMRK5Qm4?~VuqVAOerffRt$HGAvp;M++Iq$E6alB
z;ykBr-eZ6v_H^1Wip56Czj&=`mb^TsX|FPN#-gnlP03AkiJDM=?y|LzER1M93R4sC
z*HT(;EV=*F*>!+Z{r!KG?6ODMGvkt3viG=@kQJHNMYd}bS4KrrHf4`&*(0m0R5Hqz
zEk)r=sFeS?MZRvn<@Z0&bDw)XkMnw+_xqgp=W{;ioX`6;G-P9N%wfoYJ$-m$L#MC%
z^sH?tSzA|WWP(cN3({~_*X$l{M*;1V{l$;T6b){#l4pswDTid26HaXgKed}13YIP=
zJRvA3nmx{}R$Lr&S4!kWU3`~dxM}>VXWu6Xd(VP}z1->h&f%82eXD_TuTs@=c;l0T
z|LHmWKJ+?7hkY=YM>t}zvb4|lV;!ARMtWFp!E^J=Asu9w&kVF*i{T#}sY++-qnVh!
z5TQ|=>)+vutf{&qB+LO9^jm#rD7E5+tcorr^Fn5Xb0B;)f^$7Ev#}G_`r==ea294V
z--v4LwjswWlSq9ba6i?IXr8M_VEGQ$H%hCqJTFQ3+1B9tmxDUhnNU%dy4+zbqYJ|o
z3!N{b?A@{;cG2~nb-`|z;gEDL5ffF@oc3`R{fGi)0wtMqEkw4tRX3t;LVS3-zAmg^
zgL7Z{hmdPSz9oA@t>tZ1<|Khn&Lp=_!Q=@a?k+t~H&3jN<D4lUIhOd<?VDvgDnvrv
zz4=bg&Q;9n@uc^iq`xXjs5@BQ!NS5opc3BrP@?~P;z^Qv`Js*uUB!=stZpEOE$b)R
zQxsw(IgM0&bG=Jf+qmL9GGuX(@~b*ICb{?!`)}nwe3LaSl?_|rUF4ioLoFM(NIeT+
zOKlkfiYnHFG~d{}FZa@Q<nc(z+=>?dr(}7s;{L+jiKY57?WsF<x$5(lnpgwn)O@}o
zm3JYnm4Rj#@s?R(%kb|ZbDA)EH@$HmiVZ=w#ueOujETmpQ?K4Mr-BPxy*=Nq8}JVy
z#56o0y=a}jd673Gv7}G<2uYeY0mf=dtU2A6uJh#AT8x)S@ir?$6K1@Z)IQBld?Tr^
zudQ9`))1>BfW^mu6a03_^VKrdK=9egXw@!nzZ3TbYc*osyQNoCXP<Zq2`FgMzc{q+
zIDOTRUdg?S`IKPsH65f_m0G5{N%M)-S*QGJiQ8{KrZfn>YoFS<&Nr97MrQCOK(gO8
z;0@iqRTJy4-RH)PJld5`AJN}n?5r^-enKrHQOR;z>UMfm+e8~4ZL5k<wXGZfd!cWm
ztc=YM>>oXMiYq12Bx4eVQv0jFgp_zC#``sjZpywYqISM<Z(6s5vy51{{W$X+<42zI
z;e`%SFQ2fhLB<k%50BpMXlDw)x~VpQDv`K({mgA$mG8<AA=t)&L)h!yPq&EG@f8{P
z%XOQmFJemuJ;TQ?lJMWU8}KDO<bjssGJ~49Nml=8jImj;lWy%M+VzkM8LLkTvVv-W
zmn{C{45Kd4H*kbG%Q@IvTEktPO?Mv{Z$%kt0f~d)m$KGFq;u|{$w|nEQsiYcFhjd2
z3v?U}8fhHjqFPC9$=Fq3tz*+codZs-1b+Tf9m}?)DWmrAN22i3w~rPj2YXjvju|&#
znqaTV5(jf&i4!%JGKM`4#z@2*NPG5H$ijMnavb}Gn9xE`1Q{crG}2$MmuL7@F65FR
z0xLb!Wu}yQJ{Q6e9h!KU`Ti%P7EQe7k)+_X{u%tf)w9Fv=N`VqWfiOBf_HQbd1bz4
zW%TLhHRPyq_EuVMhCbOuJP^K^4kKe!!1@kR?_c0SHX&x?{Q2OoG{||aYih=9bS|!F
z<cQERPH9`ya%U+f*QqD_X6YXmV0)7P%vCE#So?F2HZQNX*44$?d#Qe}-b1uf{Wp$I
z)Y!bOEo8adSxiM*F_2|dQyWs!O2fVGOQ!2K>P}VZ@!~1Mf$!x|opj%mQ98JnSk@`~
zPmmyuPZKtZOnEC!1y!?`TYRsZ!II;d!iln}%e}bk5qIiUADERr*K$3dekgHV9TtBX
zi5q!J!6Zgd#cLxRmZN^J`o@Zv{+p+<_#8^nvY)44Hw_2i@?R&5n^q33fpOnDg1nPQ
z_r<$hURl~OketX|Tdbvf_7=3x^rSFJtEp@tuDpVB&uq)qW;xUQ7mmkr-@eZwa$l+?
zoKk``Vz@TH#>jMce*8>@FZ+@BEUdYa_K0i|{*;j9MW<wwdhTzBnOlwwk4Kt)7s2g3
zJDz_{6T#mTJh2%53=$SO-WG?!kVGQ8g?l#J(fznDyqLKr$?=3GKUqf7N@pa0?@+|*
zp=O8v;Hz+#EIDxmBuR-y_g>3K%pnM*T;@>|o@lMhgLrpZP5aol(z>g;b4}|e$U~Fn
zGL%(}p%Jsl4LxE!VW_Y4T>e}W4e#~F03H_^R!Q)kpJG{lO!@I4{mFo^V#ayHh_5~o
zB$O71gcE(G@6xv);#Ky?e(Ed}^O+Ho(t=93T9T3TnEY(OVf_dR-gY@j<p^xgTM4Iq
zrCY@#l+H9>j+iJSY?q|6prBv(S9A4k=2fN<j+SIxJ$8-$(X3S;`a)u*-aXG@Fxkkb
zz`!`U|Ab>Zz!W@S=B@~b?TJRTuBQq448@juN#Y=3q=^VCF>Z}n6wICJ<^^Kn8C;mK
zZYiFSN#Z$?NDGV7(#}q2tAZAtE63icK-MY>UQu4MWlGIbJ$AF8Zt-jV;@7P5MPI>%
zPWvO!t%1+s>-A%`;0^o8Ezeaa4DMwI8ooQrJ;ax@Qt<g=or(e&kDiQJ!hhqL8KxVw
zWJ6PQ!IA26UJ4}+#q%ainj)=JR5&&_RwTbaN|FlM82`5Ec}Q!F`f;L%kKp2?Ah-k3
zgq^r#V{&E4(oy=cr_(r|Zf64Bmp6$0-q1bv_7H!Z93tnzcYD$NO}e<ZeCt=a4U9ZQ
z*y-EcdO@5zUI}mxkF_RZde}9~xCuD{`YEU2r#LY2LKC8M0-vAYyG^hVez}0n@Prea
zq0L%k0}ng7kweZyQ})@cg-wc7wUZ;`;IN?hz?kqz|JZQ<pwuZ=rV-cDic42sS`99*
zMcL5|E|-(O7l|KyQ~>*6XONWw)dPwOPI9@u*EG&844*1~EoZ2qsAe~M>d`;Bc_CWY
zMoDKEmDh-}k9d6*<0g@aQmsnrM1H9IcKYZs)><)d92{|0Hh8?~XbF)7U+UmP@P<zO
zTK%M?zK-$akeNk$8Bi=bHSDQQD{L(&W*G+6>w_6geVB?7N$4J4*E0z3EO&5kRS(EE
zv92(+e5WxLXMN{h;-|8@!Q#0q247hb^3R%*k3MuMO5*L}$0D#5P*N$aHd54C<Wviv
z>+=_RToYXTyewugOaDmGsCvb4H1s=@gkfVnzTCWKMa-Mm1v4Wq!t-JIrbV&EWwKDe
ze#kJpOq#iRlFz%5#6Fio9IUlKnQ#X&DY8Ux#<-WqxAac-y%U_L+EZZ4Rg5*yNg`f<
zSZn&uio@zanUCPqX1l4W&B!;UWs#P7B^|4WwoCxQXl|44n^cBNqu=3Vl*ltAqsUQO
z9q_@nD0<nNCi%{?zVlX<z4vRDQLAj8CDO_6Ee@!Kk%zz9AkC;~?Z?fCyM`h0VSIM!
z)<YS|G4p)`ye~>zq0O8r`coEm>9+|rA3HL#l}X;0##>SJS$cVavOZVCpSGf4mUU1(
zWaRCUYc^9QbG9=vpWo%xP}CMFnMb{reA`K7t<BJjA783oFo?rh&7)#{uHi~2^!ZU^
zQ6^|ZrnHesREnE2?ng^c0ZAnlC4C12x5_&&$*w%5QB}>T(t5DM)d9l}jVPY>qoRzT
zE3m-p#=i=$9x*CB`AL>SY}u3agYFl#uULNen#&44H;!L@I{RI=PlWxG8J((f)ma7A
z@jLvQ>?Nx`n?3ChRG#HqE3MXP8*o3!Qq`+t8EMt_p)oeKHqPusBxPn!#?R??-=e3e
zo73WNs<ENIuq^CzKQPSey+?XX|3#leW7<yK_PWcE812^X>_IZF`WLigre=|`aS2^>
zN1zn!7k&Dh28t%VpJ%<Xnbsu79=)^VoAo^<Y#d`N0#C|JR-(K_BCGt0zo8Xn`zpf}
zN0>**&E!eAcB5oLjQFFcJQj*URMia%Ya3@q1UQ18=oWMM6`I}iT_&L1gl?*~6nU<l
z2-Ao?0hw>4q4Z0<S?e@BXyH5z8SQv8@{f=@<?<zph9`>`H<5yDp(HeZ+RGf9`mM&=
zn-qRp%i!g$R;i1d1aMZ{IewNjE@p2+Z{`x{*xL*x$?WV~{BjJpsP&C&JK0HLoy<jU
zIllUrhUc9$)6cu}xy&^N!ah3LKPGi3!kGx@=!kK=v8b-!=l<ZUj?(8#ECS+uF|Q8W
z%$X&<vfXN({Lp)jV&il%dqa{+$?Pn5QEsr+XQQWvw<xHNXLCmTywcS+e{;K<G=R)Y
zq^PtuC7@F8jC@COWJXsGonj|R_H-RV$fSQQIlNmsDyc-3^m2BTUHi+d!)YpOiVN>f
z`0z^v&fBQSa!I7FU~9MaQ%e|?RP>sM^2PL!mE^Q1Ig_4M$5BRfi72oMYu6Ke?wmDX
z@0a%-V|z}b23K=ye(W+fG#w|jJUnT{=KR5jfuq!RX}<1irTDw(${<&}dWQu4;EuE<
z@3u4dBkQaCHHM&;cE0z50_V!(vJ1_V)A8?C#eJuLkt!98Z%|Bgzidc0j|<WDg(m5f
zkAcIde5&rV@AQq8=TC^wvz66%m)1x186~-ro7Q_;(a%0p3PaF!>z(&o)TCzYlrgZA
zC3@i>L!&Gw_~7`>puB97I2lK)<HEfWxACj&R$ZxM&BS~!z9mj#OS!_YeV8_c$Lhua
zx$L@m6QNDWW7To~=QO$DndhYMD~^JEh}^LkAQrEBahvg2kUIHG?W$Fl3&f8!xrq?#
zVzQaEbhureIRirP@jQ4jjU8!;9yU7#nlDdTg++>lESZQqVXc_8T^G2O#VHhO?IC$g
zOYhXJ7)~C<8l|Xrftka@QuowScM{K&0zskoU$Aw~vIRVRF<AR*uvTpW;<}dB`KH7=
z0zMh?uvn?evU)1vOs(Z-A)R|ZfwnitnP{0J>9TEQ4*3=_5)98B`=t8(N%ZuWqmwlW
zllAzq=E5_5!sKDXam@w`ZD(nl%LAPxQuEtDcKPqu9LPJvNIITawU#c^PQ2HmZgs)r
zH^+gRwZ?0)8IFQgU)+p@0Iqb^tcEoqcB@zhfz_FaOM&_d<|jnU>q5nSKa<@%9|dje
zIupcg1!tRiMP4X=oG<7s4|AW&^-Cw4FL9<j5FZy2(<{6zV;Cr;sKVFBe)t_>OuI$t
zxjc*y;Uw!G7a|jz>E*2+PlR(CemWebS7m-&*CDwnmx<p<;?@-|!NOSWIXM;zWzH#H
zw~LN~h21P#6P5S4S0tHB*h1mOme<9LE5wrG9-sYU<V~%5?DjJSjVmfTS{FVBMU|xJ
zLxKvDECM<2Ct4XQn{y*e=}A(D%}%d)wjxb4JWn~6o|adqWe&d`W<;B&rhZ{m<xBTe
zTfxg{p%Pan4!VBbzV+*EhnV^gk*ZCPtbF+RnK8LY+}7hLPH2cjDxs54G}E;J+OL5u
z-)e-BGs~16Ve<@}%%Yg_tPF6@MRnxB#67NA8*0x1SygK61xgySR{Dj^Qv95{+q9G?
z&oas&yrgQ5<hzs#1APQcu4&a1Jm)EcZ<5M+B+V6uA!<X*f+BM1G6ETT?9UU!S(X<*
z3+0i<xmU%VCOy5<-!fUiQH(s^j%O>biRqJvQ&os-sC&4OWt^(2@vG4|jui#Df@-D=
zh3D%8Y3R6+jRBStSvH9pt&tCI`NK08J1*pC(?OM0h!bS-JK3I}`pDY<h?u~U3ifVP
zzM+jQr6P^jPQhr%kj2xD<Nh=Tq&d`zkFi8o<`YdIY=k18t*|!K^nLo5ajk+hs6Bp-
zk@Lw$^_c|;&52lViPS5Q_dW05Gf%VxY$a`BX+SZt$Pa;6Zg9av*AH=+T}?_bQ`|1Z
z7$0O%Kh+hqWgsf&6oH(>-fDIaB_*W6KS+TO0Q*%kkeuN6uWITt=TsCGw6uBE710q;
zRluI%j{?@jwhM|l5&TB!-TkQs!A=DXRE>u18t@;<GyYhSY){4adn^9h%|f#_c&^`_
z10Mt9G8F~}*DnAJj0_|l*!tW@o9|~9kL|fNN}uoN0v@_W!>zndD0M$U@Igrt?UW2;
z7%=dsHIVH_LCkGUU0fW&UMjDnvjcc0Mp(mK&;d~ZJ5EJ)#7@aTZvGDFXzFZg2Lq~s
z5PR_LazNN)JD5K_uK*Hy{mXuHTkGGv|9V8KP#iQ$3!G*^<vQCb8A!zMm1WFOl7{98
zIR`sCu=J^BZ4U#_{%*k9okdV|ll!lgm+FB5v;g`?YzG^BXCSx0b|qTdcHlu$wQUa`
zoXEGJ(^Cm_Hx$^i*N$Q^sL+W11uNqWceMjrCLqBX%yD=90^N?%vB@tq03HtD_ja8k
zczXM9_`kSE%M$-J7I;S#zP)$5<Dm>>7UiE{|1G1A-qg(xH;Xa>&<yyX9xHcB26BP+
zPnbWn+J9+OqNC1jST{hyYET2X4DId6e!2so%2<LSqG;{xg3xj`+jjr{QCH<^lAH#-
z%nr7+QIWS(GLYU(2POLH9+&+IaJU;-zX3~JLClHopo8xWq&@2a2xMWF4$dGA-T_Qm
zvRfiWjmJe00E&B<T0qDA_n_JC2{}_27<fAvX76H+0Gao+z?lqtIPe|n%J6G30KK2Y
zvk9R1z;zxZ7#I?JI1$_j;Dp)(akZcB``HRDged~Hza#S`FefvBd8=Rm?{(y$zyYY#
ztzBGzK|jer82*7N<T93NE?{Z~OnZ&$7d`;fHif&XGwiQM5tc+=t_4)Nfa>%f|BZkH
zG=J^0pHzSAq<Ef&scdjHNe9Cabu4G6fDi?-bwHB8nj*@>v5*5ysQ{Puy^-_|IPrii
zKS$mE10Zngf>Sgg@BjpRyJbrHe<b*u$MOkVX|VxS6$m9TxPFxkWUt%-sQ&7!;pi>o
zD8Ro0LI*W#+9?^xlOS^c>Z^<PSN?~<N&8a&(HNvHdI#<#>^n^0I|FH^@^`ZR`{H=$
zjO0_$cnpBM7Zcm?H_RXIu-Lu~qweDSV|tEZBZh!e6hQy->}e;d#osZ1hQj{HhHkC0
zJ|F-HKmeTGgDe979ogBz24;@<|I7;TU!IXb@oWMsMECIETmQy`zPtM`|NP}PjzR_u
zKMG1Z{%1kWeMfEf(10U#w!clmQ2)JC8zm(Fv!H4dUHQHCFLikID?hrd{0>kCQt?kP
zdqn2ZG0}ytcQJ7t_B3s0ZvH3PYjkjQ`Q%;jV@?MK-+z3etBCGGo4f4`y^|AdCs!DH
zThTQ;cL5dM{|tB_1y6K3bVa^hx_<9J(}5`2SDz1^0bT!Vm*JV;9~t&{IC{$DUAVV*
z{|E=#yN{wNdTY@$6z{_KNA3&%w|vFu1n9XRcM0Ak>`U<T8FIf&km%6pDfxDx)9&vJ
zjh3Jf9S=S6-7a2O(*AgR)8L`wq35dE#pBHWBi`?sYtW(56Nv0WFXsFSdjBzoe(-)5
z4I3;m{OcaQb20k&F?{r<p`VQ21$)@EFW8<lwEuNZ8l46GZ0;^g^pn4{?C%Ejb4t6I
zqaFKVqTko{oLWL}G5W6mF8YU;`=W0zqwI4A038~AzjGJ*T<@Qt_wIgbK(WEp95p#V
Njln_&>W!lQ`ah3D4r%}Z

diff --git a/apple/Cargo.lock b/apple/Cargo.lock
deleted file mode 100644
index 14afc01..0000000
--- a/apple/Cargo.lock
+++ /dev/null
@@ -1,1240 +0,0 @@
-# This file is automatically @generated by Cargo.
-# It is not intended for manual editing.
-version = 3
-
-[[package]]
-name = "aead"
-version = "0.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c192eb8f11fc081b0fe4259ba5af04217d4e0faddd02417310a927911abd7c8"
-dependencies = [
- "crypto-common",
- "generic-array",
-]
-
-[[package]]
-name = "aho-corasick"
-version = "0.7.20"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cc936419f96fa211c1b9166887b38e5e40b19958e5b895be7c1f93adec7071ac"
-dependencies = [
- "memchr",
-]
-
-[[package]]
-name = "android_log-sys"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "27f0fc03f560e1aebde41c2398b691cb98b5ea5996a6184a7a67bbbb77448969"
-
-[[package]]
-name = "android_logger"
-version = "0.13.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3fa490e751f3878eb9accb9f18988eca52c2337ce000a8bf31ef50d4c723ca9e"
-dependencies = [
- "android_log-sys",
- "env_logger",
- "log",
- "once_cell",
-]
-
-[[package]]
-name = "autocfg"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
-
-[[package]]
-name = "base64"
-version = "0.13.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8"
-
-[[package]]
-name = "bitflags"
-version = "1.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
-
-[[package]]
-name = "blake2"
-version = "0.10.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe"
-dependencies = [
- "digest",
-]
-
-[[package]]
-name = "block-buffer"
-version = "0.10.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
-dependencies = [
- "generic-array",
-]
-
-[[package]]
-name = "boringtun"
-version = "0.5.2"
-source = "git+https://github.com/cloudflare/boringtun?rev=878385f#878385f171d60effac4ad1a9d4dee41e777528b8"
-dependencies = [
- "aead",
- "base64",
- "blake2",
- "chacha20poly1305",
- "hex",
- "hmac",
- "ip_network",
- "ip_network_table",
- "jni",
- "libc",
- "nix",
- "parking_lot",
- "rand_core",
- "ring",
- "socket2",
- "thiserror",
- "tracing",
- "tracing-subscriber",
- "untrusted 0.9.0",
- "x25519-dalek",
-]
-
-[[package]]
-name = "bumpalo"
-version = "3.12.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0d261e256854913907f67ed06efbc3338dfe6179796deefc1ff763fc1aee5535"
-
-[[package]]
-name = "bytes"
-version = "1.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "89b2fd2a0dcf38d7971e2194b6b6eebab45ae01067456a7fd93d5547a61b70be"
-
-[[package]]
-name = "cc"
-version = "1.0.79"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f"
-
-[[package]]
-name = "cesu8"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6d43a04d8753f35258c91f8ec639f792891f748a1edbd759cf1dcea3382ad83c"
-
-[[package]]
-name = "cfg-if"
-version = "1.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
-
-[[package]]
-name = "chacha20"
-version = "0.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c7fc89c7c5b9e7a02dfe45cd2367bae382f9ed31c61ca8debe5f827c420a2f08"
-dependencies = [
- "cfg-if",
- "cipher",
- "cpufeatures",
-]
-
-[[package]]
-name = "chacha20poly1305"
-version = "0.10.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "10cd79432192d1c0f4e1a0fef9527696cc039165d729fb41b3f4f4f354c2dc35"
-dependencies = [
- "aead",
- "chacha20",
- "cipher",
- "poly1305",
- "zeroize",
-]
-
-[[package]]
-name = "cipher"
-version = "0.4.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad"
-dependencies = [
- "crypto-common",
- "inout",
- "zeroize",
-]
-
-[[package]]
-name = "combine"
-version = "4.6.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "35ed6e9d84f0b51a7f52daf1c7d71dd136fd7a3f41a8462b8cdb8c78d920fad4"
-dependencies = [
- "bytes",
- "memchr",
-]
-
-[[package]]
-name = "connlib-apple"
-version = "0.1.6"
-dependencies = [
- "firezone-connlib",
- "libc",
- "swift-bridge",
- "swift-bridge-build",
-]
-
-[[package]]
-name = "cpufeatures"
-version = "0.2.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "28d997bd5e24a5928dd43e46dc529867e207907fe0b239c3477d924f7f2ca320"
-dependencies = [
- "libc",
-]
-
-[[package]]
-name = "crypto-common"
-version = "0.1.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
-dependencies = [
- "generic-array",
- "rand_core",
- "typenum",
-]
-
-[[package]]
-name = "curve25519-dalek"
-version = "4.0.0-rc.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "03d928d978dbec61a1167414f5ec534f24bea0d7a0d24dd9b6233d3d8223e585"
-dependencies = [
- "cfg-if",
- "fiat-crypto",
- "packed_simd_2",
- "platforms",
- "subtle",
- "zeroize",
-]
-
-[[package]]
-name = "digest"
-version = "0.10.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8168378f4e5023e7218c89c891c0fd8ecdb5e5e4f18cb78f38cf245dd021e76f"
-dependencies = [
- "block-buffer",
- "crypto-common",
- "subtle",
-]
-
-[[package]]
-name = "either"
-version = "1.8.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7fcaabb2fef8c910e7f4c7ce9f67a1283a1715879a7c230ca9d6d1ae31f16d91"
-
-[[package]]
-name = "env_logger"
-version = "0.10.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "85cdab6a89accf66733ad5a1693a4dcced6aeff64602b634530dd73c1f3ee9f0"
-dependencies = [
- "log",
- "regex",
-]
-
-[[package]]
-name = "errno"
-version = "0.2.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f639046355ee4f37944e44f60642c6f3a7efa3cf6b78c78a0d989a8ce6c396a1"
-dependencies = [
- "errno-dragonfly",
- "libc",
- "winapi",
-]
-
-[[package]]
-name = "errno-dragonfly"
-version = "0.1.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aa68f1b12764fab894d2755d2518754e71b4fd80ecfb822714a1206c2aab39bf"
-dependencies = [
- "cc",
- "libc",
-]
-
-[[package]]
-name = "fastrand"
-version = "1.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e51093e27b0797c359783294ca4f0a911c270184cb10f85783b118614a1501be"
-dependencies = [
- "instant",
-]
-
-[[package]]
-name = "fiat-crypto"
-version = "0.1.20"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e825f6987101665dea6ec934c09ec6d721de7bc1bf92248e1d5810c8cd636b77"
-
-[[package]]
-name = "firezone-connlib"
-version = "0.1.6"
-dependencies = [
- "android_logger",
- "boringtun",
- "log",
- "wintun",
-]
-
-[[package]]
-name = "generic-array"
-version = "0.14.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bff49e947297f3312447abdca79f45f4738097cc82b06e72054d2223f601f1b9"
-dependencies = [
- "typenum",
- "version_check",
-]
-
-[[package]]
-name = "getrandom"
-version = "0.2.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c05aeb6a22b8f62540c194aac980f2115af067bfe15a0734d7277a768d396b31"
-dependencies = [
- "cfg-if",
- "libc",
- "wasi",
-]
-
-[[package]]
-name = "hermit-abi"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fed44880c466736ef9a5c5b5facefb5ed0785676d0c02d612db14e54f0d84286"
-
-[[package]]
-name = "hex"
-version = "0.4.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
-
-[[package]]
-name = "hmac"
-version = "0.12.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
-dependencies = [
- "digest",
-]
-
-[[package]]
-name = "inout"
-version = "0.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5"
-dependencies = [
- "generic-array",
-]
-
-[[package]]
-name = "instant"
-version = "0.1.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c"
-dependencies = [
- "cfg-if",
-]
-
-[[package]]
-name = "io-lifetimes"
-version = "1.0.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "09270fd4fa1111bc614ed2246c7ef56239a3063d5be0d1ec3b589c505d400aeb"
-dependencies = [
- "hermit-abi",
- "libc",
- "windows-sys 0.45.0",
-]
-
-[[package]]
-name = "ip_network"
-version = "0.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aa2f047c0a98b2f299aa5d6d7088443570faae494e9ae1305e48be000c9e0eb1"
-
-[[package]]
-name = "ip_network_table"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4099b7cfc5c5e2fe8c5edf3f6f7adf7a714c9cc697534f63a5a5da30397cb2c0"
-dependencies = [
- "ip_network",
- "ip_network_table-deps-treebitmap",
-]
-
-[[package]]
-name = "ip_network_table-deps-treebitmap"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8e537132deb99c0eb4b752f0346b6a836200eaaa3516dd7e5514b63930a09e5d"
-
-[[package]]
-name = "itertools"
-version = "0.10.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473"
-dependencies = [
- "either",
-]
-
-[[package]]
-name = "jni"
-version = "0.19.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c6df18c2e3db7e453d3c6ac5b3e9d5182664d28788126d39b91f2d1e22b017ec"
-dependencies = [
- "cesu8",
- "combine",
- "jni-sys",
- "log",
- "thiserror",
- "walkdir",
-]
-
-[[package]]
-name = "jni-sys"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8eaf4bc02d17cbdd7ff4c7438cafcdf7fb9a4613313ad11b4f8fefe7d3fa0130"
-
-[[package]]
-name = "js-sys"
-version = "0.3.61"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "445dde2150c55e483f3d8416706b97ec8e8237c307e5b7b4b8dd15e6af2a0730"
-dependencies = [
- "wasm-bindgen",
-]
-
-[[package]]
-name = "lazy_static"
-version = "1.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
-
-[[package]]
-name = "libc"
-version = "0.2.140"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "99227334921fae1a979cf0bfdfcc6b3e5ce376ef57e16fb6fb3ea2ed6095f80c"
-
-[[package]]
-name = "libloading"
-version = "0.7.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b67380fd3b2fbe7527a606e18729d21c6f3951633d0500574c4dc22d2d638b9f"
-dependencies = [
- "cfg-if",
- "winapi",
-]
-
-[[package]]
-name = "libm"
-version = "0.1.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7fc7aa29613bd6a620df431842069224d8bc9011086b1db4c0e0cd47fa03ec9a"
-
-[[package]]
-name = "linux-raw-sys"
-version = "0.1.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f051f77a7c8e6957c0696eac88f26b0117e54f52d3fc682ab19397a8812846a4"
-
-[[package]]
-name = "lock_api"
-version = "0.4.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "435011366fe56583b16cf956f9df0095b405b82d76425bc8981c0e22e60ec4df"
-dependencies = [
- "autocfg",
- "scopeguard",
-]
-
-[[package]]
-name = "log"
-version = "0.4.17"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e"
-dependencies = [
- "cfg-if",
-]
-
-[[package]]
-name = "memchr"
-version = "2.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d"
-
-[[package]]
-name = "nix"
-version = "0.25.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f346ff70e7dbfd675fe90590b92d59ef2de15a8779ae305ebcbfd3f0caf59be4"
-dependencies = [
- "autocfg",
- "bitflags",
- "cfg-if",
- "libc",
-]
-
-[[package]]
-name = "nu-ansi-term"
-version = "0.46.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "77a8165726e8236064dbb45459242600304b42a5ea24ee2948e18e023bf7ba84"
-dependencies = [
- "overload",
- "winapi",
-]
-
-[[package]]
-name = "once_cell"
-version = "1.17.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3"
-
-[[package]]
-name = "opaque-debug"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
-
-[[package]]
-name = "overload"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"
-
-[[package]]
-name = "packed_simd_2"
-version = "0.3.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a1914cd452d8fccd6f9db48147b29fd4ae05bea9dc5d9ad578509f72415de282"
-dependencies = [
- "cfg-if",
- "libm",
-]
-
-[[package]]
-name = "parking_lot"
-version = "0.12.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f"
-dependencies = [
- "lock_api",
- "parking_lot_core",
-]
-
-[[package]]
-name = "parking_lot_core"
-version = "0.9.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9069cbb9f99e3a5083476ccb29ceb1de18b9118cafa53e90c9551235de2b9521"
-dependencies = [
- "cfg-if",
- "libc",
- "redox_syscall",
- "smallvec",
- "windows-sys 0.45.0",
-]
-
-[[package]]
-name = "pin-project-lite"
-version = "0.2.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e0a7ae3ac2f1173085d398531c705756c94a4c56843785df85a60c1a0afac116"
-
-[[package]]
-name = "platforms"
-version = "3.0.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e3d7ddaed09e0eb771a79ab0fd64609ba0afb0a8366421957936ad14cbd13630"
-
-[[package]]
-name = "poly1305"
-version = "0.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8159bd90725d2df49889a078b54f4f79e87f1f8a8444194cdca81d38f5393abf"
-dependencies = [
- "cpufeatures",
- "opaque-debug",
- "universal-hash",
-]
-
-[[package]]
-name = "ppv-lite86"
-version = "0.2.17"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
-
-[[package]]
-name = "proc-macro2"
-version = "1.0.53"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ba466839c78239c09faf015484e5cc04860f88242cff4d03eb038f04b4699b73"
-dependencies = [
- "unicode-ident",
-]
-
-[[package]]
-name = "quote"
-version = "1.0.26"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4424af4bf778aae2051a77b60283332f386554255d722233d09fbfc7e30da2fc"
-dependencies = [
- "proc-macro2",
-]
-
-[[package]]
-name = "rand"
-version = "0.8.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
-dependencies = [
- "libc",
- "rand_chacha",
- "rand_core",
-]
-
-[[package]]
-name = "rand_chacha"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
-dependencies = [
- "ppv-lite86",
- "rand_core",
-]
-
-[[package]]
-name = "rand_core"
-version = "0.6.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
-dependencies = [
- "getrandom",
-]
-
-[[package]]
-name = "redox_syscall"
-version = "0.2.16"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a"
-dependencies = [
- "bitflags",
-]
-
-[[package]]
-name = "regex"
-version = "1.7.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b1f693b24f6ac912f4893ef08244d70b6067480d2f1a46e950c9691e6749d1d"
-dependencies = [
- "aho-corasick",
- "memchr",
- "regex-syntax",
-]
-
-[[package]]
-name = "regex-syntax"
-version = "0.6.29"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1"
-
-[[package]]
-name = "ring"
-version = "0.16.20"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
-dependencies = [
- "cc",
- "libc",
- "once_cell",
- "spin",
- "untrusted 0.7.1",
- "web-sys",
- "winapi",
-]
-
-[[package]]
-name = "rustix"
-version = "0.36.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "db4165c9963ab29e422d6c26fbc1d37f15bace6b2810221f9d925023480fcf0e"
-dependencies = [
- "bitflags",
- "errno",
- "io-lifetimes",
- "libc",
- "linux-raw-sys",
- "windows-sys 0.45.0",
-]
-
-[[package]]
-name = "same-file"
-version = "1.0.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502"
-dependencies = [
- "winapi-util",
-]
-
-[[package]]
-name = "scopeguard"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd"
-
-[[package]]
-name = "serde"
-version = "1.0.159"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3c04e8343c3daeec41f58990b9d77068df31209f2af111e059e9fe9646693065"
-dependencies = [
- "serde_derive",
-]
-
-[[package]]
-name = "serde_derive"
-version = "1.0.159"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c614d17805b093df4b147b51339e7e44bf05ef59fba1e45d83500bcfb4d8585"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.12",
-]
-
-[[package]]
-name = "sharded-slab"
-version = "0.1.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "900fba806f70c630b0a382d0d825e17a0f19fcd059a2ade1ff237bcddf446b31"
-dependencies = [
- "lazy_static",
-]
-
-[[package]]
-name = "smallvec"
-version = "1.10.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0"
-
-[[package]]
-name = "socket2"
-version = "0.4.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "64a4a911eed85daf18834cfaa86a79b7d266ff93ff5ba14005426219480ed662"
-dependencies = [
- "libc",
- "winapi",
-]
-
-[[package]]
-name = "spin"
-version = "0.5.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
-
-[[package]]
-name = "subtle"
-version = "2.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601"
-
-[[package]]
-name = "swift-bridge"
-version = "0.1.51"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b8fa07c7cd2b2d7ca48d96f5abd159e3fd3eee3457e7bd03adc1994bfbdabd2f"
-dependencies = [
- "swift-bridge-build",
- "swift-bridge-macro",
-]
-
-[[package]]
-name = "swift-bridge-build"
-version = "0.1.51"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "286f727dc922736a1ed74c06bebf43d08b8295a7ba38c77326c74e2b9dfd43df"
-dependencies = [
- "proc-macro2",
- "swift-bridge-ir",
- "syn 1.0.109",
- "tempfile",
-]
-
-[[package]]
-name = "swift-bridge-ir"
-version = "0.1.51"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2b4de97e9abde20abc1c01f6d4faa8072d723c73aba288264481a83a1e2787dc"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 1.0.109",
-]
-
-[[package]]
-name = "swift-bridge-macro"
-version = "0.1.51"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "64fabad38a0fc643ceeafefed79e08408c30eeec325b629e426a15b13d055d0a"
-dependencies = [
- "proc-macro2",
- "quote",
- "swift-bridge-ir",
- "syn 1.0.109",
-]
-
-[[package]]
-name = "syn"
-version = "1.0.109"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
-dependencies = [
- "proc-macro2",
- "quote",
- "unicode-ident",
-]
-
-[[package]]
-name = "syn"
-version = "2.0.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "79d9531f94112cfc3e4c8f5f02cb2b58f72c97b7efd85f70203cc6d8efda5927"
-dependencies = [
- "proc-macro2",
- "quote",
- "unicode-ident",
-]
-
-[[package]]
-name = "synstructure"
-version = "0.12.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 1.0.109",
- "unicode-xid",
-]
-
-[[package]]
-name = "tempfile"
-version = "3.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "af18f7ae1acd354b992402e9ec5864359d693cd8a79dcbef59f76891701c1e95"
-dependencies = [
- "cfg-if",
- "fastrand",
- "redox_syscall",
- "rustix",
- "windows-sys 0.42.0",
-]
-
-[[package]]
-name = "thiserror"
-version = "1.0.40"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "978c9a314bd8dc99be594bc3c175faaa9794be04a5a5e153caba6915336cebac"
-dependencies = [
- "thiserror-impl",
-]
-
-[[package]]
-name = "thiserror-impl"
-version = "1.0.40"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f9456a42c5b0d803c8cd86e73dd7cc9edd429499f37a3550d286d5e86720569f"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.12",
-]
-
-[[package]]
-name = "thread_local"
-version = "1.1.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3fdd6f064ccff2d6567adcb3873ca630700f00b5ad3f060c25b5dcfd9a4ce152"
-dependencies = [
- "cfg-if",
- "once_cell",
-]
-
-[[package]]
-name = "tracing"
-version = "0.1.37"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8"
-dependencies = [
- "cfg-if",
- "pin-project-lite",
- "tracing-attributes",
- "tracing-core",
-]
-
-[[package]]
-name = "tracing-attributes"
-version = "0.1.23"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4017f8f45139870ca7e672686113917c71c7a6e02d4924eda67186083c03081a"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 1.0.109",
-]
-
-[[package]]
-name = "tracing-core"
-version = "0.1.30"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "24eb03ba0eab1fd845050058ce5e616558e8f8d8fca633e6b163fe25c797213a"
-dependencies = [
- "once_cell",
- "valuable",
-]
-
-[[package]]
-name = "tracing-log"
-version = "0.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "78ddad33d2d10b1ed7eb9d1f518a5674713876e97e5bb9b7345a7984fbb4f922"
-dependencies = [
- "lazy_static",
- "log",
- "tracing-core",
-]
-
-[[package]]
-name = "tracing-subscriber"
-version = "0.3.16"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a6176eae26dd70d0c919749377897b54a9276bd7061339665dd68777926b5a70"
-dependencies = [
- "nu-ansi-term",
- "sharded-slab",
- "smallvec",
- "thread_local",
- "tracing-core",
- "tracing-log",
-]
-
-[[package]]
-name = "typenum"
-version = "1.16.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba"
-
-[[package]]
-name = "unicode-ident"
-version = "1.0.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e5464a87b239f13a63a501f2701565754bae92d243d4bb7eb12f6d57d2269bf4"
-
-[[package]]
-name = "unicode-xid"
-version = "0.2.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c"
-
-[[package]]
-name = "universal-hash"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7d3160b73c9a19f7e2939a2fdad446c57c1bbbbf4d919d3213ff1267a580d8b5"
-dependencies = [
- "crypto-common",
- "subtle",
-]
-
-[[package]]
-name = "untrusted"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
-
-[[package]]
-name = "untrusted"
-version = "0.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
-
-[[package]]
-name = "valuable"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"
-
-[[package]]
-name = "version_check"
-version = "0.9.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
-
-[[package]]
-name = "walkdir"
-version = "2.3.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "36df944cda56c7d8d8b7496af378e6b16de9284591917d307c9b4d313c44e698"
-dependencies = [
- "same-file",
- "winapi-util",
-]
-
-[[package]]
-name = "wasi"
-version = "0.11.0+wasi-snapshot-preview1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
-
-[[package]]
-name = "wasm-bindgen"
-version = "0.2.84"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "31f8dcbc21f30d9b8f2ea926ecb58f6b91192c17e9d33594b3df58b2007ca53b"
-dependencies = [
- "cfg-if",
- "wasm-bindgen-macro",
-]
-
-[[package]]
-name = "wasm-bindgen-backend"
-version = "0.2.84"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "95ce90fd5bcc06af55a641a86428ee4229e44e07033963a2290a8e241607ccb9"
-dependencies = [
- "bumpalo",
- "log",
- "once_cell",
- "proc-macro2",
- "quote",
- "syn 1.0.109",
- "wasm-bindgen-shared",
-]
-
-[[package]]
-name = "wasm-bindgen-macro"
-version = "0.2.84"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c21f77c0bedc37fd5dc21f897894a5ca01e7bb159884559461862ae90c0b4c5"
-dependencies = [
- "quote",
- "wasm-bindgen-macro-support",
-]
-
-[[package]]
-name = "wasm-bindgen-macro-support"
-version = "0.2.84"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2aff81306fcac3c7515ad4e177f521b5c9a15f2b08f4e32d823066102f35a5f6"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 1.0.109",
- "wasm-bindgen-backend",
- "wasm-bindgen-shared",
-]
-
-[[package]]
-name = "wasm-bindgen-shared"
-version = "0.2.84"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d"
-
-[[package]]
-name = "web-sys"
-version = "0.3.61"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e33b99f4b23ba3eec1a53ac264e35a755f00e966e0065077d6027c0f575b0b97"
-dependencies = [
- "js-sys",
- "wasm-bindgen",
-]
-
-[[package]]
-name = "widestring"
-version = "0.4.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c168940144dd21fd8046987c16a46a33d5fc84eec29ef9dcddc2ac9e31526b7c"
-
-[[package]]
-name = "winapi"
-version = "0.3.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
-dependencies = [
- "winapi-i686-pc-windows-gnu",
- "winapi-x86_64-pc-windows-gnu",
-]
-
-[[package]]
-name = "winapi-i686-pc-windows-gnu"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
-
-[[package]]
-name = "winapi-util"
-version = "0.1.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178"
-dependencies = [
- "winapi",
-]
-
-[[package]]
-name = "winapi-x86_64-pc-windows-gnu"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
-
-[[package]]
-name = "windows-sys"
-version = "0.42.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5a3e1820f08b8513f676f7ab6c1f99ff312fb97b553d30ff4dd86f9f15728aa7"
-dependencies = [
- "windows_aarch64_gnullvm",
- "windows_aarch64_msvc",
- "windows_i686_gnu",
- "windows_i686_msvc",
- "windows_x86_64_gnu",
- "windows_x86_64_gnullvm",
- "windows_x86_64_msvc",
-]
-
-[[package]]
-name = "windows-sys"
-version = "0.45.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0"
-dependencies = [
- "windows-targets",
-]
-
-[[package]]
-name = "windows-targets"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071"
-dependencies = [
- "windows_aarch64_gnullvm",
- "windows_aarch64_msvc",
- "windows_i686_gnu",
- "windows_i686_msvc",
- "windows_x86_64_gnu",
- "windows_x86_64_gnullvm",
- "windows_x86_64_msvc",
-]
-
-[[package]]
-name = "windows_aarch64_gnullvm"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8"
-
-[[package]]
-name = "windows_aarch64_msvc"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43"
-
-[[package]]
-name = "windows_i686_gnu"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f"
-
-[[package]]
-name = "windows_i686_msvc"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060"
-
-[[package]]
-name = "windows_x86_64_gnu"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36"
-
-[[package]]
-name = "windows_x86_64_gnullvm"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3"
-
-[[package]]
-name = "windows_x86_64_msvc"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0"
-
-[[package]]
-name = "wintun"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "094235c21dfb805c6870b00d0d80f65b727d8296ab88ae6b506e827e4b4116de"
-dependencies = [
- "itertools",
- "libloading",
- "log",
- "once_cell",
- "rand",
- "widestring",
- "winapi",
-]
-
-[[package]]
-name = "x25519-dalek"
-version = "2.0.0-rc.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fabd6e16dd08033932fc3265ad4510cc2eab24656058a6dcb107ffe274abcc95"
-dependencies = [
- "curve25519-dalek",
- "rand_core",
- "serde",
- "zeroize",
-]
-
-[[package]]
-name = "zeroize"
-version = "1.5.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c394b5bd0c6f669e7275d9c20aa90ae064cb22e75a1cad54e1b34088034b149f"
-dependencies = [
- "zeroize_derive",
-]
-
-[[package]]
-name = "zeroize_derive"
-version = "1.3.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "44bf07cb3e50ea2003396695d58bf46bc9887a1f362260446fad6bc4e79bd36c"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 1.0.109",
- "synstructure",
-]
diff --git a/apple/src/lib.rs b/apple/src/lib.rs
deleted file mode 100644
index 13f8905..0000000
--- a/apple/src/lib.rs
+++ /dev/null
@@ -1,88 +0,0 @@
-// Swift bridge generated code triggers this below
-#![allow(improper_ctypes)]
-
-use firezone_connlib::Session;
-use std::sync::Arc;
-
-#[swift_bridge::bridge]
-mod ffi {
-    // TODO: Allegedly not FFI safe, but works
-    #[swift_bridge(swift_repr = "struct")]
-    struct ResourceList {
-        resources: String,
-    }
-
-    // TODO: Allegedly not FFI safe, but works
-    #[swift_bridge(swift_repr = "struct")]
-    struct TunnelAddresses {
-        address4: String,
-        address6: String,
-    }
-
-    extern "Rust" {
-        type WrappedSession;
-
-        #[swift_bridge(associated_to = WrappedSession)]
-        fn connect(
-            portal_url: String,
-            token: String,
-            callback_handler: CallbackHandler,
-        ) -> WrappedSession;
-
-        #[swift_bridge(swift_name = "bumpSockets")]
-        fn bump_sockets(&self) -> bool;
-
-        #[swift_bridge(swift_name = "disableSomeRoamingForBrokenMobileSemantics")]
-        fn disable_some_roaming_for_broken_mobile_semantics(&self) -> bool;
-
-        fn disconnect(&self) -> bool;
-    }
-
-    extern "Swift" {
-        type CallbackHandler;
-
-        #[swift_bridge(swift_name = "onUpdateResources")]
-        fn on_update_resources(&self, resourceList: ResourceList) -> bool;
-
-        #[swift_bridge(swift_name = "onSetTunnelAddresses")]
-        fn on_set_tunnel_addresses(&self, tunnelAddresses: TunnelAddresses) -> bool;
-    }
-}
-
-pub struct WrappedSession {
-    session: Session,
-}
-
-impl WrappedSession {
-    fn connect(portal_url: String, token: String, callback_handler: ffi::CallbackHandler) -> Self {
-        let session = Session::connect(portal_url, token);
-
-        let resources = "[]".to_string();
-        let cb = Arc::new(callback_handler);
-        let callback_handler = Arc::clone(&cb);
-
-        callback_handler.on_update_resources(ffi::ResourceList { resources });
-        callback_handler.on_set_tunnel_addresses(ffi::TunnelAddresses {
-            address4: "100.100.1.1".to_string(),
-            address6: "fd00:0222:2021:1111:0000:0000:0001:0002".to_string(),
-        });
-
-        WrappedSession {
-            session: session.unwrap(),
-        }
-    }
-
-    fn bump_sockets(&self) -> bool {
-        // TODO: See https://github.com/WireGuard/wireguard-apple/blob/2fec12a6e1f6e3460b6ee483aa00ad29cddadab1/Sources/WireGuardKitGo/api-apple.go#L177
-        return true;
-    }
-
-    fn disable_some_roaming_for_broken_mobile_semantics(&self) -> bool {
-        // TODO: See https://github.com/WireGuard/wireguard-apple/blob/2fec12a6e1f6e3460b6ee483aa00ad29cddadab1/Sources/WireGuardKitGo/api-apple.go#LL197C6-L197C50
-        return true;
-    }
-
-    fn disconnect(&self) -> bool {
-        self.session.disconnect()
-    }
-}
diff --git a/android/.gitignore b/clients/android/.gitignore
similarity index 100%
rename from android/.gitignore
rename to clients/android/.gitignore
diff --git a/android/Cargo.toml b/clients/android/Cargo.toml
similarity index 79%
rename from android/Cargo.toml
rename to clients/android/Cargo.toml
index 85b9a56..6526daa 100644
--- a/android/Cargo.toml
+++ b/clients/android/Cargo.toml
@@ -5,7 +5,7 @@ edition = "2021"
 
 [dependencies]
 jni = { version = "0.21.1", features = ["invocation"] }
-firezone-connlib = { path = "../" }
+firezone-client-connlib = { path = "../../libs/client" }
 log = "0.4"
 android_logger = "0.13"
 
diff --git a/android/build.gradle.kts b/clients/android/build.gradle.kts
similarity index 100%
rename from android/build.gradle.kts
rename to clients/android/build.gradle.kts
diff --git a/android/consumer-rules.pro b/clients/android/consumer-rules.pro
similarity index 100%
rename from android/consumer-rules.pro
rename to clients/android/consumer-rules.pro
diff --git a/android/gradle.properties b/clients/android/gradle.properties
similarity index 100%
rename from android/gradle.properties
rename to clients/android/gradle.properties
diff --git a/android/gradle/wrapper/gradle-wrapper.properties b/clients/android/gradle/wrapper/gradle-wrapper.properties
similarity index 100%
rename from android/gradle/wrapper/gradle-wrapper.properties
rename to clients/android/gradle/wrapper/gradle-wrapper.properties
diff --git a/android/gradlew b/clients/android/gradlew
similarity index 100%
rename from android/gradlew
rename to clients/android/gradlew
diff --git a/android/gradlew.bat b/clients/android/gradlew.bat
similarity index 100%
rename from android/gradlew.bat
rename to clients/android/gradlew.bat
diff --git a/android/lib/build.gradle.kts b/clients/android/lib/build.gradle.kts
similarity index 100%
rename from android/lib/build.gradle.kts
rename to clients/android/lib/build.gradle.kts
diff --git a/android/lib/src/main/AndroidManifest.xml b/clients/android/lib/src/main/AndroidManifest.xml
similarity index 100%
rename from android/lib/src/main/AndroidManifest.xml
rename to clients/android/lib/src/main/AndroidManifest.xml
diff --git a/android/lib/src/main/java/dev/firezone/connlib/Logger.kt b/clients/android/lib/src/main/java/dev/firezone/connlib/Logger.kt
similarity index 100%
rename from android/lib/src/main/java/dev/firezone/connlib/Logger.kt
rename to clients/android/lib/src/main/java/dev/firezone/connlib/Logger.kt
diff --git a/android/lib/src/main/java/dev/firezone/connlib/Session.kt b/clients/android/lib/src/main/java/dev/firezone/connlib/Session.kt
similarity index 100%
rename from android/lib/src/main/java/dev/firezone/connlib/Session.kt
rename to clients/android/lib/src/main/java/dev/firezone/connlib/Session.kt
diff --git a/android/lib/src/main/java/dev/firezone/connlib/VpnService.kt b/clients/android/lib/src/main/java/dev/firezone/connlib/VpnService.kt
similarity index 100%
rename from android/lib/src/main/java/dev/firezone/connlib/VpnService.kt
rename to clients/android/lib/src/main/java/dev/firezone/connlib/VpnService.kt
diff --git a/android/lib/src/test/java/dev/firezone/connlib/ConnlibTest.kt b/clients/android/lib/src/test/java/dev/firezone/connlib/ConnlibTest.kt
similarity index 100%
rename from android/lib/src/test/java/dev/firezone/connlib/ConnlibTest.kt
rename to clients/android/lib/src/test/java/dev/firezone/connlib/ConnlibTest.kt
diff --git a/android/lib/src/test/java/dev/firezone/connlib/SessionTest.kt b/clients/android/lib/src/test/java/dev/firezone/connlib/SessionTest.kt
similarity index 100%
rename from android/lib/src/test/java/dev/firezone/connlib/SessionTest.kt
rename to clients/android/lib/src/test/java/dev/firezone/connlib/SessionTest.kt
diff --git a/android/lib/src/test/java/dev/firezone/connlib/VpnServiceTest.kt b/clients/android/lib/src/test/java/dev/firezone/connlib/VpnServiceTest.kt
similarity index 100%
rename from android/lib/src/test/java/dev/firezone/connlib/VpnServiceTest.kt
rename to clients/android/lib/src/test/java/dev/firezone/connlib/VpnServiceTest.kt
diff --git a/android/proguard-rules.pro b/clients/android/proguard-rules.pro
similarity index 100%
rename from android/proguard-rules.pro
rename to clients/android/proguard-rules.pro
diff --git a/android/settings.gradle.kts b/clients/android/settings.gradle.kts
similarity index 100%
rename from android/settings.gradle.kts
rename to clients/android/settings.gradle.kts
diff --git a/android/src/lib.rs b/clients/android/src/lib.rs
similarity index 71%
rename from android/src/lib.rs
rename to clients/android/src/lib.rs
index 443ba43..7d861df 100644
--- a/android/src/lib.rs
+++ b/clients/android/src/lib.rs
@@ -4,7 +4,9 @@ extern crate android_logger;
 extern crate jni;
 use self::jni::JNIEnv;
 use android_logger::Config;
-use firezone_connlib::Session;
+use firezone_client_connlib::{
+    Callbacks, Error, ErrorType, ResourceList, Session, TunnelAddresses,
+};
 use jni::objects::{JClass, JObject, JString, JValue};
 use log::LevelFilter;
 
@@ -25,19 +27,36 @@ pub extern "system" fn Java_dev_firezone_connlib_Logger_init(_: JNIEnv, _: JClas
     )
 }
 
+pub enum CallbackHandler {}
+impl Callbacks for CallbackHandler {
+    fn on_update_resources(_resource_list: ResourceList) {
+        todo!()
+    }
+
+    fn on_set_tunnel_adresses(_tunnel_addresses: TunnelAddresses) {
+        todo!()
+    }
+
+    fn on_error(_error: &Error, _error_type: ErrorType) {
+        todo!()
+    }
+}
+
 #[allow(non_snake_case)]
 #[no_mangle]
-pub extern "system" fn Java_dev_firezone_connlib_Session_connect(
+pub unsafe extern "system" fn Java_dev_firezone_connlib_Session_connect(
     mut env: JNIEnv,
     _class: JClass,
     portal_url: JString,
     portal_token: JString,
     callback: JObject,
-) -> *const Session {
+) -> *const Session<CallbackHandler> {
     let portal_url: String = env.get_string(&portal_url).unwrap().into();
     let portal_token: String = env.get_string(&portal_token).unwrap().into();
 
-    let session = Session::connect(portal_url, portal_token).expect("Failed to connect to portal");
+    let session = Box::new(
+        Session::connect::<CallbackHandler>(portal_url.as_str(), portal_token).expect("TODO!"),
+    );
 
     // TODO: Get actual IPs returned from portal based on this device
     let tunnelAddressesJSON = "[{\"tunnel_ipv4\": \"100.100.1.1\", \"tunnel_ipv6\": \"fd00:0222:2011:1111:6def:1001:fe67:0012\"}]";
@@ -52,22 +71,7 @@ pub extern "system" fn Java_dev_firezone_connlib_Session_connect(
         Err(e) => error!("Failed to call setTunnelAddresses: {:?}", e),
     }
 
-    // TODO: Fix callback ref copy
-    // let resourcesJSON = "[{\"id\": \"342b8565-5de2-4289-877c-751d924518e9\", \"label\": \"GitLab\", \"address\": \"gitlab.com\", \"tunnel_ipv4\": \"100.71.55.101\", \"tunnel_ipv6\": \"fd00:0222:2011:1111:6def:1001:fe67:0012\"}]";
-    // let resources = env.new_string(resourcesJSON).unwrap();
-    // match env.call_method(
-    //     callback,
-    //     "onUpdateResources",
-    //     "(Ljava/lang/String;)Z",
-    //     &[JValue::from(&resources)],
-    // ) {
-    //     Ok(res) => trace!("onUpdateResources returned {:?}", res),
-    //     Err(e) => error!("Failed to call setResources: {:?}", e),
-    // }
-
-    let session_ptr = Box::into_raw(Box::new(session));
-
-    session_ptr
+    Box::into_raw(session)
 }
 
 #[allow(non_snake_case)]
@@ -75,19 +79,20 @@ pub extern "system" fn Java_dev_firezone_connlib_Session_connect(
 pub unsafe extern "system" fn Java_dev_firezone_connlib_Session_disconnect(
     _env: JNIEnv,
     _: JClass,
-    session_ptr: *mut Session,
+    session_ptr: *mut Session<CallbackHandler>,
 ) -> bool {
     if session_ptr.is_null() {
         return false;
     }
 
-    unsafe { Box::from_raw(session_ptr).disconnect() }
+    let session = unsafe { &mut *session_ptr };
+    session.disconnect()
 }
 
 #[allow(non_snake_case)]
 #[no_mangle]
 pub unsafe extern "system" fn Java_dev_firezone_connlib_Session_bump_sockets(
-    session_ptr: *const Session,
+    session_ptr: *const Session<CallbackHandler>,
 ) -> bool {
     if session_ptr.is_null() {
         return false;
@@ -102,7 +107,7 @@ pub unsafe extern "system" fn Java_dev_firezone_connlib_Session_bump_sockets(
 #[allow(non_snake_case)]
 #[no_mangle]
 pub unsafe extern "system" fn Java_dev_firezone_connlib_disable_some_roaming_for_broken_mobile_semantics(
-    session_ptr: *const Session,
+    session_ptr: *const Session<CallbackHandler>,
 ) -> bool {
     if session_ptr.is_null() {
         return false;
diff --git a/apple/.gitignore b/clients/apple/.gitignore
similarity index 100%
rename from apple/.gitignore
rename to clients/apple/.gitignore
diff --git a/apple/Cargo.toml b/clients/apple/Cargo.toml
similarity index 50%
rename from apple/Cargo.toml
rename to clients/apple/Cargo.toml
index a3be9d3..acddc54 100644
--- a/apple/Cargo.toml
+++ b/clients/apple/Cargo.toml
@@ -6,12 +6,12 @@ edition = "2021"
 build = "build.rs"
 
 [build-dependencies]
-swift-bridge-build = "0.1"
+swift-bridge-build = { path = "../../../swift-bridge/crates/swift-bridge-build" }
 
 [dependencies]
 libc = "0.2"
-swift-bridge = "0.1"
-firezone-connlib = { path = "../" }
+swift-bridge = { path = "../../../swift-bridge" }
+firezone-client-connlib = { path = "../../libs/client" }
 
 [lib]
 name = "connlib"
diff --git a/apple/README.md b/clients/apple/README.md
similarity index 100%
rename from apple/README.md
rename to clients/apple/README.md
diff --git a/apple/Sources/Connlib/Adapter.swift b/clients/apple/Sources/Connlib/Adapter.swift
similarity index 100%
rename from apple/Sources/Connlib/Adapter.swift
rename to clients/apple/Sources/Connlib/Adapter.swift
diff --git a/apple/Sources/Connlib/BridgingHeader.h b/clients/apple/Sources/Connlib/BridgingHeader.h
similarity index 100%
rename from apple/Sources/Connlib/BridgingHeader.h
rename to clients/apple/Sources/Connlib/BridgingHeader.h
diff --git a/apple/Sources/Connlib/CallbackHandler.swift b/clients/apple/Sources/Connlib/CallbackHandler.swift
similarity index 100%
rename from apple/Sources/Connlib/CallbackHandler.swift
rename to clients/apple/Sources/Connlib/CallbackHandler.swift
diff --git a/apple/Sources/Connlib/Generated/.gitignore b/clients/apple/Sources/Connlib/Generated/.gitignore
similarity index 100%
rename from apple/Sources/Connlib/Generated/.gitignore
rename to clients/apple/Sources/Connlib/Generated/.gitignore
diff --git a/apple/Sources/Connlib/connlib.h b/clients/apple/Sources/Connlib/connlib.h
similarity index 100%
rename from apple/Sources/Connlib/connlib.h
rename to clients/apple/Sources/Connlib/connlib.h
diff --git a/apple/Tests/connlibTests/.gitkeep b/clients/apple/Tests/connlibTests/.gitkeep
similarity index 100%
rename from apple/Tests/connlibTests/.gitkeep
rename to clients/apple/Tests/connlibTests/.gitkeep
diff --git a/apple/build-rust.sh b/clients/apple/build-rust.sh
similarity index 100%
rename from apple/build-rust.sh
rename to clients/apple/build-rust.sh
diff --git a/apple/build-xcframework.sh b/clients/apple/build-xcframework.sh
similarity index 100%
rename from apple/build-xcframework.sh
rename to clients/apple/build-xcframework.sh
diff --git a/apple/build.rs b/clients/apple/build.rs
similarity index 100%
rename from apple/build.rs
rename to clients/apple/build.rs
diff --git a/apple/connlib.xcodeproj/project.pbxproj b/clients/apple/connlib.xcodeproj/project.pbxproj
similarity index 100%
rename from apple/connlib.xcodeproj/project.pbxproj
rename to clients/apple/connlib.xcodeproj/project.pbxproj
diff --git a/apple/connlib.xcodeproj/project.xcworkspace/contents.xcworkspacedata b/clients/apple/connlib.xcodeproj/project.xcworkspace/contents.xcworkspacedata
similarity index 100%
rename from apple/connlib.xcodeproj/project.xcworkspace/contents.xcworkspacedata
rename to clients/apple/connlib.xcodeproj/project.xcworkspace/contents.xcworkspacedata
diff --git a/apple/connlib.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist b/clients/apple/connlib.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist
similarity index 100%
rename from apple/connlib.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist
rename to clients/apple/connlib.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist
diff --git a/apple/connlib.xcodeproj/xcshareddata/xcschemes/Connlib.xcscheme b/clients/apple/connlib.xcodeproj/xcshareddata/xcschemes/Connlib.xcscheme
similarity index 100%
rename from apple/connlib.xcodeproj/xcshareddata/xcschemes/Connlib.xcscheme
rename to clients/apple/connlib.xcodeproj/xcshareddata/xcschemes/Connlib.xcscheme
diff --git a/clients/apple/src/lib.rs b/clients/apple/src/lib.rs
new file mode 100644
index 0000000..24580bd
--- /dev/null
+++ b/clients/apple/src/lib.rs
@@ -0,0 +1,115 @@
+// Swift bridge generated code triggers this below
+#![allow(improper_ctypes)]
+
+use firezone_client_connlib::{
+    Callbacks, Error, ErrorType, ResourceList, Session, SwiftConnlibError, SwiftErrorType,
+    TunnelAddresses,
+};
+
+#[swift_bridge::bridge]
+mod ffi {
+    // TODO: Allegedly not FFI safe, but works
+    #[swift_bridge(swift_repr = "struct")]
+    struct ResourceList {
+        resources: String,
+    }
+
+    // TODO: Allegedly not FFI safe, but works
+    #[swift_bridge(swift_repr = "struct")]
+    struct TunnelAddresses {
+        address4: String,
+        address6: String,
+    }
+
+    #[swift_bridge(already_declared)]
+    enum SwiftConnlibError {}
+
+    #[swift_bridge(already_declared)]
+    enum SwiftErrorType {}
+
+    extern "Rust" {
+        type WrappedSession;
+
+        #[swift_bridge(associated_to = WrappedSession)]
+        fn connect(portal_url: String, token: String) -> Result<WrappedSession, SwiftConnlibError>;
+
+        #[swift_bridge(swift_name = "bumpSockets")]
+        fn bump_sockets(&self) -> bool;
+
+        #[swift_bridge(swift_name = "disableSomeRoamingForBrokenMobileSemantics")]
+        fn disable_some_roaming_for_broken_mobile_semantics(&self) -> bool;
+
+        fn disconnect(&mut self) -> bool;
+    }
+
+    extern "Swift" {
+        type Opaque;
+        #[swift_bridge(swift_name = "onUpdateResources")]
+        fn on_update_resources(resourceList: ResourceList);
+
+        #[swift_bridge(swift_name = "onSetTunnelAddresses")]
+        fn on_set_tunnel_addresses(tunnelAddresses: TunnelAddresses);
+
+        #[swift_bridge(swift_name = "onError")]
+        fn on_error(error: SwiftConnlibError, error_type: SwiftErrorType);
+    }
+}
+
+impl From<ResourceList> for ffi::ResourceList {
+    fn from(value: ResourceList) -> Self {
+        Self {
+            resources: value.resources.join(","),
+        }
+    }
+}
+
+impl From<TunnelAddresses> for ffi::TunnelAddresses {
+    fn from(value: TunnelAddresses) -> Self {
+        Self {
+            address4: value.address4.to_string(),
+            address6: value.address6.to_string(),
+        }
+    }
+}
+
+/// This is used by the apple client to interact with our code.
+pub struct WrappedSession {
+    session: Session<CallbackHandler>,
+}
+
+struct CallbackHandler;
+
+impl Callbacks for CallbackHandler {
+    fn on_update_resources(resource_list: ResourceList) {
+        ffi::on_update_resources(resource_list.into());
+    }
+
+    fn on_set_tunnel_adresses(tunnel_addresses: TunnelAddresses) {
+        ffi::on_set_tunnel_addresses(tunnel_addresses.into());
+    }
+
+    fn on_error(error: &Error, error_type: ErrorType) {
+        ffi::on_error(error.into(), error_type.into());
+    }
+}
+
+impl WrappedSession {
+    fn connect(portal_url: String, token: String) -> Result<WrappedSession, SwiftConnlibError> {
+        let session = Session::connect::<CallbackHandler>(portal_url.as_str(), token)?;
+        Ok(WrappedSession { session })
+    }
+
+    fn bump_sockets(&self) -> bool {
+        // TODO: See https://github.com/WireGuard/wireguard-apple/blob/2fec12a6e1f6e3460b6ee483aa00ad29cddadab1/Sources/WireGuardKitGo/api-apple.go#L177
+        todo!()
+    }
+
+    fn disable_some_roaming_for_broken_mobile_semantics(&self) -> bool {
+        // TODO: See https://github.com/WireGuard/wireguard-apple/blob/2fec12a6e1f6e3460b6ee483aa00ad29cddadab1/Sources/WireGuardKitGo/api-apple.go#LL197C6-L197C50
+        todo!()
+    }
+
+    fn disconnect(&mut self) -> bool {
+        self.session.disconnect()
+    }
+}
diff --git a/gateway/Cargo.toml b/gateway/Cargo.toml
new file mode 100644
index 0000000..07145d1
--- /dev/null
+++ b/gateway/Cargo.toml
@@ -0,0 +1,13 @@
+[package]
+name = "gateway"
+version = "0.1.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+firezone-gateway-connlib = { path = "../libs/gateway" }
+clap = { version = "4.2", features = ["derive"] }
+url = { version = "2.3.1", default-features = false }
+tracing-subscriber = { version = "0.3" }
+tracing = { version = "0.1" }
\ No newline at end of file
diff --git a/gateway/src/main.rs b/gateway/src/main.rs
new file mode 100644
index 0000000..1c05235
--- /dev/null
+++ b/gateway/src/main.rs
@@ -0,0 +1,42 @@
+use clap::Parser;
+use firezone_gateway_connlib::{
+    Callbacks, Error, ErrorType, ResourceList, Session, TunnelAddresses,
+};
+use url::Url;
+
+enum CallbackHandler {}
+
+impl Callbacks for CallbackHandler {
+    fn on_update_resources(_resource_list: ResourceList) {
+        todo!()
+    }
+
+    fn on_set_tunnel_adresses(_tunnel_addresses: TunnelAddresses) {
+        todo!()
+    }
+
+    fn on_error(_error: &Error, _error_type: ErrorType) {
+        todo!()
+    }
+}
+
+fn main() {
+    tracing_subscriber::fmt::init();
+    // TODO: read args from env instead
+    let args = Args::parse();
+    // TODO: This is disgusting
+    let mut session =
+        Session::<CallbackHandler>::connect::<CallbackHandler>(args.url, args.secret).unwrap();
+    session.wait_for_ctrl_c().unwrap();
+    session.disconnect();
+}
+
+#[derive(Parser, Debug)]
+#[command(author, version, about, long_about = None)]
+#[command(propagate_version = true)]
+pub struct Args {
+    #[arg(long)]
+    pub secret: String,
+    #[arg(long)]
+    pub url: Url,
+}
diff --git a/libs/client/Cargo.toml b/libs/client/Cargo.toml
new file mode 100644
index 0000000..970a877
--- /dev/null
+++ b/libs/client/Cargo.toml
@@ -0,0 +1,14 @@
+[package]
+name = "firezone-client-connlib"
+version = "0.1.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+tokio = { version = "1.27", default-features = false, features = ["sync"] }
+tracing = { version = "0.1", default-features = false, features = ["std", "attributes"] }
+async-trait = { version = "0.1", default-features = false }
+libs-common = { path = "../common" }
+firezone-tunnel = { path = "../tunnel" }
+serde = { version = "1.0", default-features = false, features = ["std", "derive"] }
diff --git a/libs/client/src/control.rs b/libs/client/src/control.rs
new file mode 100644
index 0000000..62bb7a8
--- /dev/null
+++ b/libs/client/src/control.rs
@@ -0,0 +1,194 @@
+use std::{marker::PhantomData, sync::Arc, time::Duration};
+
+use crate::messages::{Connect, EgressMessages, IngressMessages, InitClient, Relays};
+use libs_common::{
+    boringtun::x25519::StaticSecret,
+    error_type::ErrorType::{Fatal, Recoverable},
+    messages::{Id, ResourceDescription},
+    Callbacks, ControlSession, Result,
+};
+
+use async_trait::async_trait;
+use firezone_tunnel::{ControlSignal, Tunnel};
+use tokio::sync::mpsc::{channel, Receiver, Sender};
+
+// FIXME: Replace all `expect` with a handler function
+// that should be passed from the client.
+// Also, we should decide if we disconnect or keep running depending on the error kind.
+
+const INTERNAL_CHANNEL_SIZE: usize = 256;
+
+#[async_trait]
+impl ControlSignal for ControlSignaler {
+    async fn signal_connection_to(&self, resource: &ResourceDescription) -> Result<()> {
+        self.internal_sender
+            .send(EgressMessages::GetConnectionDetails(resource.id))
+            .await?;
+        Ok(())
+    }
+}
+
+/// Implementation of [ControlSession] for clients.
+pub struct ControlPlane<C: Callbacks> {
+    tunnel: Arc<Tunnel<ControlSignaler, C>>,
+    control_signaler: ControlSignaler,
+    _phantom: PhantomData<C>,
+}
+
+#[derive(Clone)]
+struct ControlSignaler {
+    internal_sender: Arc<Sender<EgressMessages>>,
+}
+
+impl<C: Callbacks> ControlPlane<C>
+where
+    C: Send + Sync + 'static,
+{
+    #[tracing::instrument(level = "trace", skip(self))]
+    async fn start(mut self, mut receiver: Receiver<IngressMessages>) {
+        let mut interval = tokio::time::interval(Duration::from_secs(10));
+        loop {
+            tokio::select! {
+                Some(msg) = receiver.recv() => self.handle_message(msg).await,
+                _ = interval.tick() => self.stats_event().await,
+                else => break
+            }
+        }
+    }
+
+    #[tracing::instrument(level = "trace", skip_all)]
+    async fn init(
+        &mut self,
+        InitClient {
+            interface,
+            resources,
+        }: InitClient,
+    ) {
+        if let Err(e) = self.tunnel.set_interface(&interface).await {
+            tracing::error!("Couldn't intialize interface: {e}");
+            C::on_error(&e, Fatal);
+            return;
+        }
+
+        for resource_description in resources {
+            self.add_resource(resource_description)
+        }
+
+        tracing::info!("Firezoned Started!");
+    }
+
+    #[tracing::instrument(level = "trace", skip(self))]
+    async fn connect(
+        &mut self,
+        Connect {
+            rtc_sdp,
+            resource_id,
+            gateway_public_key,
+        }: Connect,
+    ) {
+        if let Err(e) = self
+            .tunnel
+            .recieved_offer_response(resource_id, rtc_sdp, gateway_public_key.0.into())
+            .await
+        {
+            C::on_error(&e, Recoverable);
+        }
+    }
+
+    #[tracing::instrument(level = "trace", skip(self))]
+    fn add_resource(&self, resource_description: ResourceDescription) {
+        self.tunnel.add_resource(resource_description);
+    }
+
+    #[tracing::instrument(level = "trace", skip(self))]
+    fn remove_resource(&self, id: Id) {
+        todo!()
+    }
+
+    #[tracing::instrument(level = "trace", skip(self))]
+    fn update_resource(&self, resource_description: ResourceDescription) {
+        todo!()
+    }
+
+    #[tracing::instrument(level = "trace", skip(self))]
+    fn relays(
+        &self,
+        Relays {
+            resource_id,
+            relays,
+        }: Relays,
+    ) {
+        let tunnel = Arc::clone(&self.tunnel);
+        let control_signaler = self.control_signaler.clone();
+        tokio::spawn(async move {
+            match tunnel.request_connection(resource_id, relays).await {
+                Ok(connection_request) => {
+                    if let Err(err) = control_signaler
+                        .internal_sender
+                        .send(EgressMessages::RequestConnection(connection_request))
+                        .await
+                    {
+                        tunnel.cleanup_connection(resource_id);
+                        C::on_error(&err.into(), Recoverable);
+                    }
+                }
+                Err(err) => {
+                    tunnel.cleanup_connection(resource_id);
+                    C::on_error(&err, Recoverable);
+                }
+            }
+        });
+    }
+
+    #[tracing::instrument(level = "trace", skip(self))]
+    pub(super) async fn handle_message(&mut self, msg: IngressMessages) {
+        match msg {
+            IngressMessages::InitClient(init) => self.init(init).await,
+            IngressMessages::Relays(connection_details) => self.relays(connection_details),
+            IngressMessages::Connect(connect) => self.connect(connect).await,
+            IngressMessages::AddResource(resource) => self.add_resource(resource),
+            IngressMessages::RemoveResource(resource) => self.remove_resource(resource.id),
+            IngressMessages::UpdateResource(resource) => self.update_resource(resource),
+        }
+    }
+
+    #[tracing::instrument(level = "trace", skip(self))]
+    pub(super) async fn stats_event(&mut self) {
+        // TODO
+    }
+}
+
+#[async_trait]
+impl<C: Callbacks + Sync + Send + 'static> ControlSession<IngressMessages, EgressMessages>
+    for ControlPlane<C>
+{
+    #[tracing::instrument(level = "trace", skip(private_key))]
+    async fn start(
+        private_key: StaticSecret,
+    ) -> Result<(Sender<IngressMessages>, Receiver<EgressMessages>)> {
+        // This is kinda hacky, the buffer size is 1 so that we make sure that we
+        // process one message at a time, blocking if a previous message haven't been processed
+        // to force queue ordering.
+        let (sender, receiver) = channel::<IngressMessages>(1);
+
+        let (internal_sender, internal_receiver) = channel(INTERNAL_CHANNEL_SIZE);
+        let internal_sender = Arc::new(internal_sender);
+        let control_signaler = ControlSignaler { internal_sender };
+        let tunnel = Arc::new(Tunnel::new(private_key, control_signaler.clone()).await?);
+
+        let control_plane = ControlPlane::<C> {
+            tunnel,
+            control_signaler,
+            _phantom: PhantomData,
+        };
+
+        // TODO: We should have some kind of callback from clients to surface errors here
+        tokio::spawn(async move { control_plane.start(receiver).await });
+
+        Ok((sender, internal_receiver))
+    }
+
+    fn mode() -> &'static str {
+        "client"
+    }
+}
diff --git a/libs/client/src/lib.rs b/libs/client/src/lib.rs
new file mode 100644
index 0000000..4df8006
--- /dev/null
+++ b/libs/client/src/lib.rs
@@ -0,0 +1,20 @@
+//! Main connlib library for clients.
+use control::ControlPlane;
+use messages::EgressMessages;
+use messages::IngressMessages;
+
+mod control;
+mod messages;
+
+const VIRTUAL_IFACE_MTU: u16 = 1420;
+
+/// Session type for clients.
+///
+/// For more information see libs_common docs on [Session][libs_common::Session].
+pub type Session<C> = libs_common::Session<ControlPlane<C>, IngressMessages, EgressMessages>;
+
+pub use libs_common::{
+    error::SwiftConnlibError,
+    error_type::{ErrorType, SwiftErrorType},
+    Callbacks, Error, ResourceList, TunnelAddresses,
+};
diff --git a/libs/client/src/messages.rs b/libs/client/src/messages.rs
new file mode 100644
index 0000000..2702a34
--- /dev/null
+++ b/libs/client/src/messages.rs
@@ -0,0 +1,52 @@
+use firezone_tunnel::RTCSessionDescription;
+use serde::{Deserialize, Serialize};
+
+use libs_common::messages::{Id, Interface, Key, RequestConnection, ResourceDescription};
+
+#[derive(Debug, PartialEq, Eq, Deserialize, Serialize, Clone)]
+pub struct InitClient {
+    pub interface: Interface,
+    #[serde(skip_serializing_if = "Vec::is_empty", default)]
+    pub resources: Vec<ResourceDescription>,
+}
+
+#[derive(Debug, Deserialize, Serialize, Clone, PartialEq, Eq)]
+pub struct RemoveResource {
+    pub id: Id,
+}
+
+#[derive(Debug, Deserialize, Serialize, Clone)]
+pub struct Connect {
+    pub rtc_sdp: RTCSessionDescription,
+    pub resource_id: Id,
+    pub gateway_public_key: Key,
+}
+
+#[derive(Debug, Deserialize, Serialize, Clone)]
+pub struct Relays {
+    pub resource_id: Id,
+    pub relays: Vec<String>,
+}
+
+// These messages are the messages that can be recieved
+// by a client.
+#[derive(Debug, Deserialize, Serialize, Clone)]
+#[serde(rename_all = "snake_case")]
+pub enum IngressMessages {
+    InitClient(InitClient),
+    Relays(Relays),
+    Connect(Connect),
+
+    // Resources: arrive in an orderly fashion
+    AddResource(ResourceDescription),
+    RemoveResource(RemoveResource),
+    UpdateResource(ResourceDescription),
+}
+
+// These messages can be sent from a client to a control pane
+#[derive(Debug, Deserialize, Serialize, Clone)]
+#[serde(rename_all = "snake_case")]
+pub enum EgressMessages {
+    GetConnectionDetails(Id),
+    RequestConnection(RequestConnection),
+}
diff --git a/libs/common/Cargo.toml b/libs/common/Cargo.toml
new file mode 100644
index 0000000..ba1eadf
--- /dev/null
+++ b/libs/common/Cargo.toml
@@ -0,0 +1,32 @@
+[package]
+name = "libs-common"
+version = "0.1.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+[features]
+device = ["boringtun/device"]
+jni-bindings = ["boringtun/jni-bindings"]
+
+[dependencies]
+base64 = { version = "0.21", default-features = false, features = ["std"] }
+serde = { version = "1.0", default-features = false, features = ["derive", "std"] }
+futures =  { version = "0.3", default-features = false, features = ["std", "async-await", "executor"] }
+futures-util =  { version = "0.3", default-features = false, features = ["std", "async-await", "async-await-macro"] }
+tokio-tungstenite = { version = "0.18", default-features = false, features = ["connect", "handshake"] }
+webrtc = { version = "0.7" }
+uuid = { version = "1.3", default-features = false, features = ["std", "v4", "serde"] }
+thiserror = { version = "1.0", default-features = false }
+tracing = { version = "0.1", default-features = false, features = ["std", "attributes"] }
+serde_json = { version = "1.0", default-features = false, features = ["std"] }
+tokio = { version = "1.28", default-features = false, features = ["rt", "rt-multi-thread"]}
+url = { version = "2.3.1", default-features = false }
+boringtun = { git = "https://github.com/cloudflare/boringtun", rev = "878385f", default-features = false, features = ["device"] }
+rand_core = { version = "0.6.4", default-features = false, features = ["std"] }
+async-trait = { version = "0.1", default-features = false }
+backoff = { version = "0.4", default-features = false }
+
+macros = { path = "../../macros" }
+
+[target.'cfg(any(target_os = "macos", target_os = "ios"))'.dependencies]
+swift-bridge = { path = "../../../swift-bridge" }
diff --git a/libs/common/src/control.rs b/libs/common/src/control.rs
new file mode 100644
index 0000000..8430230
--- /dev/null
+++ b/libs/common/src/control.rs
@@ -0,0 +1,227 @@
+//! Control protocol related module.
+//!
+//! This modules contains the logic for handling in and out messages through the control plane.
+//! Handling of the message itself can be found in the other lib crates.
+//!
+//! Entrypoint for this module is [PhoenixChannel].
+use std::{marker::PhantomData, time::Duration};
+
+use futures::{
+    channel::mpsc::{channel, Receiver, Sender},
+    TryStreamExt,
+};
+use futures_util::{Future, SinkExt, StreamExt};
+use serde::{de::DeserializeOwned, Deserialize, Serialize};
+use tokio_tungstenite::{connect_async, tungstenite};
+use tungstenite::Message;
+use url::Url;
+
+use crate::Result;
+
+const CHANNEL_SIZE: usize = 1_000;
+
+/// Main struct to interact with the control-protocol channel.
+///
+/// After creating a new `PhoenixChannel` using [PhoenixChannel::new] you need to
+/// use [start][PhoenixChannel::start] for the channel to do anything.
+///
+/// If you want to send something through the channel you need to obtain a [PhoenixSender] through
+/// [PhoenixChannel::sender], this will already clone the sender so no need to clone it after you obtain it.
+///
+/// When [PhoenixChannel::start] is called a new websocket is created that will listen message from the control plane
+/// based on the parameters passed on [new][PhoenixChannel::new], from then on any messages sent with a sender
+/// obtained by [PhoenixChannel::sender] will be forwarded to the websocket up to the control plane. Ingress messages
+/// will be passed on to the `handler` provided in [PhoenixChannel::new].
+///
+/// The future returned by [PhoenixChannel::start] will finish when the websocket closes (by an error), meaning that if you
+/// `await` it, it will block until you use `close` in a [PhoenixSender], the portal close the connection or something goes wrong.
+pub struct PhoenixChannel<F, I> {
+    uri: Url,
+    handler: F,
+    sender: Sender<Message>,
+    receiver: Receiver<Message>,
+    _phantom: PhantomData<I>,
+}
+
+impl<F, Fut, I> PhoenixChannel<F, I>
+where
+    I: DeserializeOwned,
+    F: Fn(I) -> Fut,
+    Fut: Future<Output = ()> + Send + 'static,
+{
+    /// Starts the tunnel with the parameters given in [Self::new].
+    ///
+    /// See [struct-level docs][PhoenixChannel] for more info.
+    #[tracing::instrument(level = "trace", skip(self))]
+    pub async fn start(&mut self) -> std::result::Result<(), tungstenite::Error> {
+        tracing::trace!("Trying to connect to the portal...");
+
+        let (ws_stream, _) = connect_async(&self.uri).await?;
+
+        tracing::trace!("Successfully connected to portal");
+
+        let (write, read) = ws_stream.split();
+
+        let mut sender = self.sender();
+        let Self {
+            handler, receiver, ..
+        } = self;
+
+        let process_messages = read.try_for_each(|message| async {
+            Self::message_process(handler, message).await;
+            Ok(())
+        });
+
+        // TODO: is Forward cancel safe?
+        // I would assume it is and that's the advantage over
+        // while let Some(item) = reciever.next().await { write.send(item) } ...
+        // but double check this!
+        // If it's not cancel safe this means an item can be consumed and never sent.
+        // Furthermore can this also happen if write errors out? *that* I'd assume is possible...
+        // What option is left? write a new future to forward items.
+        // For now we should never assume that an item arrived the portal because we sent it!
+        let send_messages = receiver.map(Ok).forward(write);
+
+        let phoenix_heartbeat = tokio::spawn(async move {
+            let mut timer = tokio::time::interval(Duration::from_secs(30));
+            loop {
+                timer.tick().await;
+                let Ok(_) = sender.send("phoenix", "heartbeat", Empty {}).await else {break};
+            }
+        });
+
+        futures_util::pin_mut!(process_messages, send_messages);
+        // processing messages should be quick otherwise it'd block sending messages.
+        // we could remove this limitation by spawning a separate taks for each of these.
+        let result = futures::future::select(process_messages, send_messages)
+            .await
+            .factor_first()
+            .0;
+        phoenix_heartbeat.abort();
+        result?;
+
+        Ok(())
+    }
+
+    #[tracing::instrument(level = "trace", skip(handler))]
+    async fn message_process(handler: &F, message: tungstenite::Message) {
+        tracing::trace!("{message:?}");
+
+        match message.into_text() {
+            Ok(m_str) => match serde_json::from_str::<PhoenixMessage<I>>(&m_str) {
+                Ok(m) => match m.payload {
+                    Payload::Message(m) => handler(m).await,
+                    Payload::PhoenixReply { status, .. } => {
+                        // TODO: This could be an error
+                        tracing::trace!("Recieved phoenix status message: {status}")
+                    }
+                },
+                Err(e) => {
+                    tracing::error!("Error deserializing message {m_str}: {e:?}");
+                }
+            },
+            _ => tracing::error!("Recieved message that is not text"),
+        }
+    }
+
+    /// Obtains a new sender that can be used to send message with this [PhoenixChannel] to the portal.
+    ///
+    /// Note that for the sender to relay any message will need the future returned [PhoenixChannel::start] to be polled (await it),
+    /// and [PhoenixChannel::start] takes `&mut self`, meaning you need to get the sender before running [PhoenixChannel::start].
+    pub fn sender(&self) -> PhoenixSender {
+        PhoenixSender {
+            sender: self.sender.clone(),
+        }
+    }
+
+    /// Creates a new [PhoenixChannel] not started yet.
+    ///
+    /// # Parameters:
+    /// - `uri`: Portal's websocket uri
+    /// - `handler`: The handle that will be called for each recieved message.
+    ///
+    /// For more info see [struct-level docs][PhoenixChannel].
+    pub fn new(uri: Url, handler: F) -> Self {
+        let (sender, receiver) = channel(CHANNEL_SIZE);
+
+        Self {
+            sender,
+            receiver,
+            uri,
+            handler,
+            _phantom: PhantomData,
+        }
+    }
+}
+
+#[derive(Debug, PartialEq, Eq, Deserialize, Serialize, Clone)]
+#[serde(untagged)]
+enum Payload<T> {
+    // TODO: We should be able to extract a Result from this.
+    PhoenixReply { response: Empty, status: String },
+    Message(T),
+}
+
+#[derive(Debug, PartialEq, Eq, Clone, Deserialize, Serialize)]
+struct PhoenixMessage<T> {
+    topic: String,
+    event: String,
+    payload: Payload<T>,
+    #[serde(rename = "ref")]
+    reference: Option<i32>,
+}
+
+impl<T> PhoenixMessage<T> {
+    fn new(topic: impl Into<String>, event: impl Into<String>, payload: T) -> Self {
+        Self {
+            topic: topic.into(),
+            event: event.into(),
+            payload: Payload::Message(payload),
+            reference: Some(0),
+        }
+    }
+}
+
+// Awful hack to get serde_json to generate an empty "{}" instead of using "null"
+#[derive(Debug, Deserialize, Serialize, PartialEq, Eq, Clone)]
+struct Empty {}
+
+/// You can use this sender to send messages through a `PhoenixChannel`.
+///
+/// Messages won't be sent unless [PhoenixChannel::start] is running, internally
+/// this sends messages through a future channel that are forwrarded then in [PhoenixChannel] event loop
+pub struct PhoenixSender {
+    sender: Sender<Message>,
+}
+
+impl PhoenixSender {
+    /// Sends a message upstream to a connected [PhoenixChannel].
+    ///
+    /// # Parameters
+    /// - topic: Phoenix topic
+    /// - event: Phoenix event
+    /// - payload: Message's payload
+    pub async fn send(
+        &mut self,
+        topic: impl Into<String>,
+        event: impl Into<String>,
+        payload: impl Serialize,
+    ) -> Result<()> {
+        let str = serde_json::to_string(&PhoenixMessage::new(topic, event, payload))?;
+        self.sender.send(Message::text(str)).await?;
+        Ok(())
+    }
+
+    /// Join a phoenix topic, meaning that after this method is invoked [PhoenixChannel] will
+    /// recieve messages from that topic, given that upstream accepts you into the given topic.
+    pub async fn join_topic(&mut self, topic: impl Into<String>) -> Result<()> {
+        self.send(topic, "phx_join", Empty {}).await
+    }
+
+    /// Closes the [PhoenixChannel]
+    pub async fn close(&mut self) -> Result<()> {
+        self.sender.send(Message::Close(None)).await?;
+        self.sender.close().await?;
+        Ok(())
+    }
+}
diff --git a/libs/common/src/error.rs b/libs/common/src/error.rs
new file mode 100644
index 0000000..3ff0b9c
--- /dev/null
+++ b/libs/common/src/error.rs
@@ -0,0 +1,92 @@
+//! Error module.
+use base64::{DecodeError, DecodeSliceError};
+use boringtun::noise::errors::WireGuardError;
+use macros::SwiftEnum;
+use thiserror::Error;
+
+/// Unified Result type to use across connlib.
+pub type Result<T> = std::result::Result<T, ConnlibError>;
+
+/// Unified error type to use across connlib.
+#[derive(Error, Debug, SwiftEnum)]
+pub enum ConnlibError {
+    /// Standard IO error.
+    #[error(transparent)]
+    Io(#[from] std::io::Error),
+    /// Error while decoding a base64 value.
+    #[error("There was an error while decoding a base64 value: `{0}`")]
+    Base64DecodeError(#[from] DecodeError),
+    /// Error while decoding a base64 value from a slice.
+    #[error("There was an error while decoding a base64 value: `{0}`")]
+    Base64DecodeSliceError(#[from] DecodeSliceError),
+    /// Request error for websocket connection.
+    #[error("Error forming request: {0}")]
+    RequestError(#[from] tokio_tungstenite::tungstenite::http::Error),
+    /// Error during websocket connection.
+    #[error("Portal connection error: {0}")]
+    PortalConnectionError(#[from] tokio_tungstenite::tungstenite::error::Error),
+    /// Provided string was not formatted as a URL.
+    #[error("Baddly formatted URI")]
+    UriError,
+    /// Serde's serialize error.
+    #[error(transparent)]
+    SerializeError(#[from] serde_json::Error),
+    /// Webrtc errror
+    #[error("ICE-related error: {0}")]
+    IceError(#[from] webrtc::Error),
+    /// Webrtc error regarding data channel.
+    #[error("ICE-data error: {0}")]
+    IceDataError(#[from] webrtc::data::Error),
+    /// Error while sending through an async channelchannel.
+    #[error("Error sending message through an async channel")]
+    SendChannelError,
+    /// Error when trying to stablish connection between peers.
+    #[error("Error while stablishing connection between peers")]
+    ConnectionStablishError,
+    /// Error regarding boringtun's devices
+    #[error("Error while using boringtun's device")]
+    BoringtunError(#[from] boringtun::device::Error),
+    /// Error related to wireguard protocol.
+    #[error("Wireguard error")]
+    WireguardError(WireGuardError),
+    /// Expected an initialized runtime but there was none.
+    #[error("Expected runtime to be initialized")]
+    NoRuntime,
+    /// Tried to access a resource which didn't exists.
+    #[error("Tried to access an undefined resource")]
+    UnknownResource,
+    /// Error regarding our own control protocol.
+    #[error("Control plane protocol error. Unexpected messages or message order.")]
+    ControlProtocolError,
+    /// Glob for errors without a type.
+    #[error("Other error")]
+    Other(&'static str),
+}
+
+/// Type auto-generated by [SwiftEnum] intended to be used with rust-swift-bridge.
+/// All the variants come from [ConnlibError], reference that for documentaiton.
+pub use swift_ffi::SwiftConnlibError;
+
+impl From<WireGuardError> for ConnlibError {
+    fn from(e: WireGuardError) -> Self {
+        ConnlibError::WireguardError(e)
+    }
+}
+
+impl From<&'static str> for ConnlibError {
+    fn from(e: &'static str) -> Self {
+        ConnlibError::Other(e)
+    }
+}
+
+impl<T> From<tokio::sync::mpsc::error::SendError<T>> for ConnlibError {
+    fn from(_: tokio::sync::mpsc::error::SendError<T>) -> Self {
+        ConnlibError::SendChannelError
+    }
+}
+
+impl From<futures::channel::mpsc::SendError> for ConnlibError {
+    fn from(_: futures::channel::mpsc::SendError) -> Self {
+        ConnlibError::SendChannelError
+    }
+}
diff --git a/libs/common/src/error_type.rs b/libs/common/src/error_type.rs
new file mode 100644
index 0000000..7f411c8
--- /dev/null
+++ b/libs/common/src/error_type.rs
@@ -0,0 +1,20 @@
+//! Module that contains the Error-Type that hints how to handle an error to upper layers.
+use macros::SwiftEnum;
+/// This indicates whether the produced error is something recoverable or fatal.
+/// Fata/Recoverable only indicates how to handle the error for the client.
+///
+/// Any of the errors in [ConnlibError][crate::error::ConnlibError] could be of any [ErrorType] depending the circumstance.
+#[derive(Debug, Clone, Copy, SwiftEnum)]
+pub enum ErrorType {
+    /// Recoverable means that the session can continue
+    /// e.g. Failed to send an SDP
+    Recoverable,
+    /// Fatal error means that the session should stop and start again,
+    /// generally after user input, such as clicking connect once more.
+    /// e.g. Max number of retries was reached when trying to connect to the portal.
+    Fatal,
+}
+
+/// Auto generated enum by [SwiftEnum], all variants come from [ErrorType]
+/// reference that for docs.
+pub use swift_ffi::SwiftErrorType;
diff --git a/libs/common/src/lib.rs b/libs/common/src/lib.rs
new file mode 100644
index 0000000..2d4c0fe
--- /dev/null
+++ b/libs/common/src/lib.rs
@@ -0,0 +1,18 @@
+//! This crates contains shared types and behavior between all the other libraries.
+//!
+//! This includes types provided by external crates, i.e. [boringtun] to make sure that
+//! we are using the same version across our own crates.
+
+pub mod error;
+pub mod error_type;
+
+mod session;
+
+pub mod control;
+pub mod messages;
+
+pub use boringtun;
+pub use error::ConnlibError as Error;
+pub use error::Result;
+
+pub use session::{Callbacks, ControlSession, ResourceList, Session, TunnelAddresses};
diff --git a/libs/common/src/messages.rs b/libs/common/src/messages.rs
new file mode 100644
index 0000000..5e60c06
--- /dev/null
+++ b/libs/common/src/messages.rs
@@ -0,0 +1,75 @@
+//! Message types that are used by both the gateway and client.
+use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
+
+use serde::{Deserialize, Serialize};
+use uuid::Uuid;
+use webrtc::peer_connection::sdp::session_description::RTCSessionDescription;
+
+mod key;
+
+pub use key::Key;
+
+/// General type for handling portal's id (UUID v4)
+pub type Id = Uuid;
+
+/// Represents a wireguard peer.
+#[derive(Debug, PartialEq, Eq, Deserialize, Serialize, Clone)]
+pub struct Peer {
+    /// Keepalive: How often to send a keep alive message.
+    pub persistent_keepalive: Option<u16>,
+    /// Peer's public key.
+    pub public_key: Key,
+    /// Peer's Ipv4 (only 1 ipv4 per peer for now and mandatory).
+    pub ipv4: Ipv4Addr,
+    /// Peer's Ipv6 (only 1 ipv6 per peer for now and mandatory).
+    pub ipv6: Ipv6Addr,
+    /// Preshared key for the given peer.
+    pub preshared_key: Key,
+}
+
+/// Represent a connection request from a client to a given resource.
+///
+/// While this is a client-only message it's hosted in common since the tunnel
+/// make use of this message type.
+#[derive(Debug, Deserialize, Serialize, Clone)]
+pub struct RequestConnection {
+    /// Resource id the request is for.
+    pub resource_id: Id,
+    /// The preshared key the client generated for the connection that it is trying to establish.
+    pub client_preshared_key: Key,
+    /// Client's local RTC Session Description that the client will use for this connection.
+    pub client_rtc_sdp: RTCSessionDescription,
+}
+
+/// Description of a resource from a client's perspective.
+#[derive(Debug, Deserialize, Serialize, Clone, PartialEq, Eq)]
+pub struct ResourceDescription {
+    /// Resource's id.
+    pub id: Id,
+    /// Internal resource's domain name if any.
+    pub dns_name: Option<String>,
+    /// Resource's ipv4 mapping.
+    ///
+    /// Note that this is not the actual ipv4 for the resource not even wireguard's ipv4 for the resource.
+    /// This is just the mapping we use internally between a resource and its ip for intercepting packets.
+    pub ipv4: Ipv4Addr,
+    /// Resource's ipv6 mapping.
+    ///
+    /// Note that this is not the actual ipv6 for the resource not even wireguard's ipv6 for the resource.
+    /// This is just the mapping we use internally between a resource and its ip for intercepting packets.
+    pub ipv6: Ipv6Addr,
+}
+
+/// Represents a wireguard interface configuration.
+///
+/// Note that the ips are /32 for ipv4 and /128 for ipv6.
+/// This is done to minimize collisions and we update the routing table manually.
+#[derive(Debug, Deserialize, Serialize, Clone, PartialEq, Eq)]
+pub struct Interface {
+    /// Interface's Ipv4.
+    pub ipv4: Ipv4Addr,
+    /// Interface's Ipv6.
+    pub ipv6: Ipv6Addr,
+    /// DNS that will be used to query for DNS that aren't within our resource list.
+    pub upstream_dns: Vec<IpAddr>,
+}
diff --git a/libs/common/src/messages/key.rs b/libs/common/src/messages/key.rs
new file mode 100644
index 0000000..efdae4f
--- /dev/null
+++ b/libs/common/src/messages/key.rs
@@ -0,0 +1,54 @@
+use base64::{display::Base64Display, engine::general_purpose::STANDARD, Engine};
+use serde::{de, Deserialize, Deserializer, Serialize, Serializer};
+
+use std::{fmt, str::FromStr};
+
+use crate::Error;
+
+const KEY_SIZE: usize = 32;
+
+/// A `Key` struct to hold interface or peer keys as bytes. This type is
+/// deserialized from a base64 encoded string. It can also be serialized back
+/// into an encoded string.
+#[derive(Clone, Copy, Debug, Default, PartialEq, Eq)]
+pub struct Key(pub [u8; KEY_SIZE]);
+
+impl FromStr for Key {
+    type Err = Error;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        let mut key_bytes = [0u8; KEY_SIZE];
+        let bytes_decoded = STANDARD.decode_slice(s, &mut key_bytes)?;
+
+        if bytes_decoded != KEY_SIZE {
+            Err(base64::DecodeError::InvalidLength)?;
+        }
+
+        Ok(Self(key_bytes))
+    }
+}
+
+impl fmt::Display for Key {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(f, "{}", Base64Display::new(&self.0, &STANDARD))
+    }
+}
+
+impl<'de> Deserialize<'de> for Key {
+    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
+    where
+        D: Deserializer<'de>,
+    {
+        let s = String::deserialize(deserializer)?;
+        FromStr::from_str(&s).map_err(de::Error::custom)
+    }
+}
+
+impl Serialize for Key {
+    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: Serializer,
+    {
+        serializer.collect_str(&self)
+    }
+}
diff --git a/libs/common/src/session.rs b/libs/common/src/session.rs
new file mode 100644
index 0000000..a19a930
--- /dev/null
+++ b/libs/common/src/session.rs
@@ -0,0 +1,219 @@
+use async_trait::async_trait;
+use backoff::{backoff::Backoff, ExponentialBackoffBuilder};
+use boringtun::x25519::StaticSecret;
+use rand_core::OsRng;
+use std::{
+    marker::PhantomData,
+    net::{Ipv4Addr, Ipv6Addr},
+};
+use tokio::{
+    runtime::Runtime,
+    sync::mpsc::{Receiver, Sender},
+};
+use url::Url;
+
+use crate::{control::PhoenixChannel, error_type::ErrorType, Error, Result};
+
+// TODO: Not the most tidy trait for a control-plane.
+/// Trait that represents a control-plane.
+#[async_trait]
+pub trait ControlSession<T, U> {
+    /// Start control-plane with the given private-key in the background.
+    async fn start(private_key: StaticSecret) -> Result<(Sender<T>, Receiver<U>)>;
+
+    /// Either "gateway" or "client" used to ge the control-plane URL.
+    fn mode() -> &'static str;
+}
+
+// TODO: Currently I'm using Session for both gateway and clients
+// however, gateway could use the runtime directly and could make things easier
+// so revisit this.
+/// A session is the entry-point for connlib, mantains the runtime and the tunnel.
+///
+/// A session is created using [Session::connect], then to stop a session we use [Session::disconnect].
+pub struct Session<T, U, V> {
+    runtime: Option<Runtime>,
+    _phantom: PhantomData<(T, U, V)>,
+}
+
+/// Resource list that will be displayed to the users.
+pub struct ResourceList {
+    pub resources: Vec<String>,
+}
+
+/// Tunnel addresses to be surfaced to the client apps.
+pub struct TunnelAddresses {
+    /// IPv4 Address.
+    pub address4: Ipv4Addr,
+    /// IPv6 Address.
+    pub address6: Ipv6Addr,
+}
+
+// Evaluate doing this not static
+/// Traits that will be used by connlib to callback the client upper layers.
+pub trait Callbacks {
+    /// Called when there's a change in the resource list.
+    fn on_update_resources(resource_list: ResourceList);
+    /// Called when the tunnel address is set.
+    fn on_set_tunnel_adresses(tunnel_addresses: TunnelAddresses);
+    /// Called when there's an error.
+    ///
+    /// # Parameters
+    /// - `error`: The actual error that happened.
+    /// - `error_type`: Wether the error should terminate the session or not.
+    fn on_error(error: &Error, error_type: ErrorType);
+}
+
+macro_rules! fatal_error {
+    ($result:expr, $c:ty) => {
+        match $result {
+            Ok(res) => res,
+            Err(e) => {
+                <$c>::on_error(&e, ErrorType::Fatal);
+                return;
+            }
+        }
+    };
+}
+
+impl<T, U, V> Session<T, U, V>
+where
+    T: ControlSession<U, V>,
+    U: for<'de> serde::Deserialize<'de> + std::fmt::Debug + Send + 'static,
+    V: serde::Serialize + Send + 'static,
+{
+    /// Block on waiting for ctrl+c to terminate the runtime.
+    /// (Used for the gateways).
+    pub fn wait_for_ctrl_c(&mut self) -> Result<()> {
+        self.runtime
+            .as_ref()
+            .ok_or(Error::NoRuntime)?
+            .block_on(async {
+                tokio::signal::ctrl_c().await?;
+                Ok(())
+            })
+    }
+
+    /// Starts a session in the background.
+    ///
+    /// This will:
+    /// 1. Create and start a tokio runtime
+    /// 2. Connect to the control plane to the portal
+    /// 3. Start the tunnel in the background and forward control plane messages to it.
+    ///
+    /// The generic parameter `C` should implement all the handlers and that's how errors will be surfaced.
+    ///
+    /// On a fatal error you should call `[Session::disconnect]` and start a new one.
+    pub fn connect<C: Callbacks>(portal_url: impl TryInto<Url>, token: String) -> Result<Self> {
+        // TODO: We could use tokio::runtime::current() to get the current runtime
+        // which could work with swif-rust that already runs a runtime. But IDK if that will work
+        // in all pltaforms, a couple of new threads shouldn't bother none.
+        // Big question here however is how do we get the result? We could block here await the result and spawn a new task.
+        // but then platforms should know that this function is blocking.
+
+        let portal_url = portal_url.try_into().map_err(|_| Error::UriError)?;
+
+        let runtime = tokio::runtime::Builder::new_multi_thread()
+            .enable_all()
+            .build()?;
+
+        runtime.spawn(async move {
+                let private_key = StaticSecret::random_from_rng(OsRng);
+
+                let (sender, mut receiver) = fatal_error!(T::start(private_key).await, C);
+
+                let connect_url = fatal_error!(get_websocket_path(portal_url, token, T::mode()), C);
+
+                let mut connection = PhoenixChannel::new(connect_url, move |msg| {
+                    let sender = sender.clone();
+                    async move {
+                        tracing::trace!("Recieved message: {msg:?}");
+                        if let Err(e) = sender.send(msg).await {
+                            tracing::warn!("Recieved a message after handler already closed: {e}. Probably message recieved during session clean up.");
+                        }
+                    }
+                });
+
+                let mut internal_sender = connection.sender();
+
+                tokio::spawn(async move {
+                    let mut exponential_backoff = ExponentialBackoffBuilder::default().build();
+                    loop {
+                        let result = connection.start().await;
+                        if let Some(t) = exponential_backoff.next_backoff() {
+                            tracing::warn!("Error during connection to the portal, retrying in {} seconds", t.as_secs());
+                            tokio::time::sleep(t).await;
+                            match result {
+                                Ok(()) => C::on_error(&tokio_tungstenite::tungstenite::Error::ConnectionClosed.into(), ErrorType::Recoverable),
+                                Err(e) => C::on_error(&e.into(), ErrorType::Recoverable)
+                            }
+                        } else {
+                        tracing::error!("Conneciton to the portal error, check your internet or the status of the portal.\nDisconnecting interface.");
+                            match result {
+                                Ok(()) => C::on_error(&crate::Error::PortalConnectionError(tokio_tungstenite::tungstenite::Error::ConnectionClosed), ErrorType::Fatal),
+                                Err(e) => C::on_error(&crate::Error::PortalConnectionError(e), ErrorType::Fatal)
+                            }
+                            break;
+                        }
+                    }
+
+                });
+
+                // TODO: Implement Sink for PhoenixEvent (created from a PhoenixSender event + topic)
+                // that way we can simply do receiver.forward(sender)
+                tokio::spawn(async move {
+                    while let Some(message) = receiver.recv().await {
+                        if let Err(err) = internal_sender.send("TODO", "TODO", message).await {
+                            tracing::error!("Channel already closed when trying to send message: {err}. Probably trying to send a message during session clean up.");
+                        }
+                    }
+                });
+        });
+
+        Ok(Self {
+            runtime: Some(runtime),
+            _phantom: PhantomData,
+        })
+    }
+
+    /// Cleanup a [Session].
+    ///
+    /// For now this just drops the runtime, which should drop all pending tasks.
+    /// Further cleanup should be done here. (Otherwise we can just drop [Session]).
+    pub fn disconnect(&mut self) -> bool {
+        // 1. Close the websocket connection
+        // 2. Free the device handle (UNIX)
+        // 3. Close the file descriptor (UNIX)
+        // 4. Remove the mapping
+
+        // The way we cleanup the tasks is we drop the runtime
+        // this means we don't need to keep track of different tasks
+        // but if any of the tasks never yields this will block forever!
+        // So always yield and if you spawn a blocking tasks rewrite this.
+        // Furthermore, we will depend on Drop impls to do the list above so,
+        // implement them :)
+        self.runtime = None;
+        true
+    }
+
+    /// TODO
+    pub fn bump_sockets(&self) -> bool {
+        true
+    }
+
+    /// TODO
+    pub fn disable_some_roaming_for_broken_mobile_semantics(&self) -> bool {
+        true
+    }
+}
+
+fn get_websocket_path(mut url: Url, secret: String, mode: &str) -> Result<Url> {
+    {
+        let mut paths = url.path_segments_mut().map_err(|_| Error::UriError)?;
+        paths.pop_if_empty();
+        paths.push(mode);
+        paths.push("websocket");
+    }
+    url.set_query(Some(&format!("secret={secret}")));
+    Ok(url)
+}
diff --git a/libs/gateway/Cargo.toml b/libs/gateway/Cargo.toml
new file mode 100644
index 0000000..2a5e4b9
--- /dev/null
+++ b/libs/gateway/Cargo.toml
@@ -0,0 +1,14 @@
+[package]
+name = "firezone-gateway-connlib"
+version = "0.1.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+libs-common = { path = "../common" }
+async-trait = { version = "0.1", default-features = false }
+firezone-tunnel = { path = "../tunnel" }
+tokio = { version = "1.27", default-features = false, features = ["sync"] }
+tracing = { version = "0.1", default-features = false, features = ["std", "attributes"] }
+serde = { version = "1.0", default-features = false, features = ["std", "derive"] }
diff --git a/libs/gateway/src/control.rs b/libs/gateway/src/control.rs
new file mode 100644
index 0000000..d2e6428
--- /dev/null
+++ b/libs/gateway/src/control.rs
@@ -0,0 +1,146 @@
+use std::{sync::Arc, time::Duration};
+
+use firezone_tunnel::{ControlSignal, Tunnel};
+use libs_common::{
+    boringtun::x25519::StaticSecret, messages::ResourceDescription, Callbacks, ControlSession,
+    Result,
+};
+use tokio::sync::mpsc::{channel, Receiver, Sender};
+
+use super::messages::{
+    ConnectionReady, ConnectionRequest, EgressMessages, IngressMessages, InitGateway, Resource,
+};
+
+use async_trait::async_trait;
+
+const INTERNAL_CHANNEL_SIZE: usize = 256;
+
+pub struct ControlPlane<C: Callbacks> {
+    tunnel: Arc<Tunnel<ControlSignaler, C>>,
+    control_signaler: ControlSignaler,
+}
+
+#[derive(Clone)]
+struct ControlSignaler {
+    internal_sender: Arc<Sender<EgressMessages>>,
+}
+
+#[async_trait]
+impl ControlSignal for ControlSignaler {
+    async fn signal_connection_to(&self, resource: &ResourceDescription) -> Result<()> {
+        tracing::warn!("A message to network resource: {resource:?} was discarded, gateways aren't meant to be used as clients.");
+        Ok(())
+    }
+}
+
+impl<C: Callbacks> ControlPlane<C>
+where
+    C: Send + Sync + 'static,
+{
+    #[tracing::instrument(level = "trace", skip(self))]
+    async fn start(mut self, mut receiver: Receiver<IngressMessages>) {
+        let mut interval = tokio::time::interval(Duration::from_secs(10));
+        loop {
+            tokio::select! {
+                Some(msg) = receiver.recv() => self.handle_message(msg).await,
+                _ = interval.tick() => self.stats_event().await,
+                else => break
+            }
+        }
+    }
+
+    #[tracing::instrument(level = "trace", skip_all)]
+    async fn init(&mut self, init: InitGateway) {
+        self.tunnel
+            .set_interface(&init.interface)
+            .await
+            .expect("Couldn't start tunnel");
+
+        // TODO: Enable masquerading here.
+        tracing::info!("Firezoned Started!");
+    }
+
+    #[tracing::instrument(level = "trace", skip(self))]
+    fn connection_request(&self, connection_request: ConnectionRequest) {
+        let tunnel = Arc::clone(&self.tunnel);
+        let control_signaler = self.control_signaler.clone();
+        tokio::spawn(async move {
+            let gateway_rtc_sdp = tunnel
+                .set_peer_connection_request(
+                    connection_request.rtc_sdp,
+                    connection_request.client.peer.into(),
+                    connection_request.relays,
+                    connection_request.client.id,
+                )
+                .await
+                .expect("TODO");
+            control_signaler
+                .internal_sender
+                .send(EgressMessages::ConnectionReady(ConnectionReady {
+                    client_id: connection_request.client.id,
+                    gateway_rtc_sdp,
+                }))
+                .await
+                .expect("TODO!");
+        });
+    }
+
+    #[tracing::instrument(level = "trace", skip(self))]
+    fn add_resource(&self, resource: Resource) {
+        todo!()
+    }
+
+    #[tracing::instrument(level = "trace", skip(self))]
+    pub(super) async fn handle_message(&mut self, msg: IngressMessages) {
+        match msg {
+            IngressMessages::InitGateway(init) => self.init(init).await,
+            IngressMessages::ConnectionRequest(connection_request) => {
+                self.connection_request(connection_request)
+            }
+            IngressMessages::AddResource(resource) => self.add_resource(resource),
+            IngressMessages::RemoveResource(_) => todo!(),
+            IngressMessages::UpdateResource(_) => todo!(),
+        }
+    }
+
+    #[tracing::instrument(level = "trace", skip(self))]
+    pub(super) async fn stats_event(&mut self) {
+        tracing::debug!("TODO: STATS EVENT");
+    }
+}
+
+#[async_trait]
+impl<C: Callbacks> ControlSession<IngressMessages, EgressMessages> for ControlPlane<C>
+where
+    C: Send + Sync + 'static,
+{
+    #[tracing::instrument(level = "trace", skip(private_key))]
+    async fn start(
+        private_key: StaticSecret,
+    ) -> Result<(Sender<IngressMessages>, Receiver<EgressMessages>)> {
+        // This is kinda hacky, the buffer size is 1 so that we make sure that we
+        // process one message at a time, blocking if a previous message haven't been processed
+        // to force queue ordering.
+        // (couldn't find any other guarantee of the ordering of message)
+        let (sender, receiver) = channel::<IngressMessages>(1);
+
+        let (internal_sender, internal_receiver) = channel(INTERNAL_CHANNEL_SIZE);
+        let internal_sender = Arc::new(internal_sender);
+        let control_signaler = ControlSignaler { internal_sender };
+        let tunnel = Arc::new(Tunnel::<_, C>::new(private_key, control_signaler.clone()).await?);
+
+        let control_plane = ControlPlane {
+            tunnel,
+            control_signaler,
+        };
+
+        // TODO: We should have some kind of callback from clients to surface errors here
+        tokio::spawn(async move { control_plane.start(receiver).await });
+
+        Ok((sender, internal_receiver))
+    }
+
+    fn mode() -> &'static str {
+        "client"
+    }
+}
diff --git a/libs/gateway/src/lib.rs b/libs/gateway/src/lib.rs
new file mode 100644
index 0000000..3ad7fb4
--- /dev/null
+++ b/libs/gateway/src/lib.rs
@@ -0,0 +1,16 @@
+//! Main connlib library for gateway.
+use control::ControlPlane;
+use messages::EgressMessages;
+use messages::IngressMessages;
+
+mod control;
+mod messages;
+
+const VIRTUAL_IFACE_MTU: u16 = 1420;
+
+/// Session type for gateway.
+///
+/// For more information see libs_common docs on [Session][libs_common::Session].
+pub type Session<C> = libs_common::Session<ControlPlane<C>, IngressMessages, EgressMessages>;
+
+pub use libs_common::{error_type::ErrorType, Callbacks, Error, ResourceList, TunnelAddresses};
diff --git a/libs/gateway/src/messages.rs b/libs/gateway/src/messages.rs
new file mode 100644
index 0000000..f67425a
--- /dev/null
+++ b/libs/gateway/src/messages.rs
@@ -0,0 +1,87 @@
+use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
+
+use firezone_tunnel::RTCSessionDescription;
+use libs_common::messages::{Id, Interface, Peer};
+use serde::{Deserialize, Serialize};
+
+#[derive(Debug, PartialEq, Eq, Deserialize, Serialize, Clone)]
+pub struct InitGateway {
+    pub interface: Interface,
+    pub ipv4_masquerade: bool,
+    pub ipv6_masquerade: bool,
+    pub resources: Vec<Resource>,
+}
+
+#[derive(Debug, Deserialize, Serialize, Clone)]
+pub struct Client {
+    pub id: Id,
+    pub peer: Peer,
+}
+
+#[derive(Debug, Deserialize, Serialize, Clone)]
+pub struct ConnectionRequest {
+    pub user_id: Id,
+    pub client: Client,
+    pub rtc_sdp: RTCSessionDescription,
+    pub relays: Vec<String>,
+    pub resource: Resource,
+}
+
+#[derive(Debug, Deserialize, Serialize, Clone, PartialEq, Eq)]
+pub enum Destination {
+    DnsName(String),
+    Ip(Vec<IpAddr>),
+}
+
+#[derive(Debug, Deserialize, Serialize, Clone, PartialEq, Eq)]
+pub struct Resource {
+    pub id: Id,
+    pub internal_ipv4: Option<Ipv4Addr>,
+    pub internal_ipv6: Option<Ipv6Addr>,
+    pub resource_address: Destination,
+}
+
+#[derive(Debug, Deserialize, Serialize, Clone)]
+pub struct Metrics {
+    peers_metrics: Vec<Metric>,
+}
+
+#[derive(Debug, Deserialize, Serialize, Clone)]
+pub struct Metric {
+    pub client_id: Id,
+    pub resource_id: Id,
+    pub rx_bytes: u32,
+    pub tx_bytes: u32,
+}
+
+#[derive(Debug, Deserialize, Serialize, Clone)]
+pub struct RemoveResource {
+    pub id: Id,
+}
+
+// These messages are the messages that can be recieved
+// either by a client or a gateway by the client.
+#[derive(Debug, Deserialize, Serialize, Clone)]
+#[serde(rename_all = "snake_case")]
+pub enum IngressMessages {
+    InitGateway(InitGateway),
+    ConnectionRequest(ConnectionRequest),
+    AddResource(Resource),
+    RemoveResource(RemoveResource),
+    UpdateResource(Resource),
+}
+
+// These messages can be sent from a gateway
+// to a control pane.
+#[derive(Debug, Deserialize, Serialize, Clone)]
+#[serde(rename_all = "snake_case")]
+pub enum EgressMessages {
+    ConnectionReady(ConnectionReady),
+    Metrics(Metrics),
+}
+
+#[derive(Debug, Deserialize, Serialize, Clone)]
+pub struct ConnectionReady {
+    pub client_id: Id,
+    pub gateway_rtc_sdp: RTCSessionDescription,
+}
diff --git a/libs/tunnel/Cargo.toml b/libs/tunnel/Cargo.toml
new file mode 100644
index 0000000..ce513fe
--- /dev/null
+++ b/libs/tunnel/Cargo.toml
@@ -0,0 +1,39 @@
+[package]
+name = "firezone-tunnel"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+async-trait = { version = "0.1", default-features = false }
+tokio = { version = "1.27", default-features = false, features = ["rt", "rt-multi-thread", "sync"] }
+thiserror = { version = "1.0", default-features = false }
+rand_core = { version = "0.6", default-features = false, features = ["getrandom"] }
+serde = { version = "1.0", default-features = false, features = ["derive", "std"] }
+futures =  { version = "0.3", default-features = false, features = ["std", "async-await", "executor"] }
+futures-util =  { version = "0.3", default-features = false, features = ["std", "async-await", "async-await-macro"] }
+tracing = { version = "0.1", default-features = false, features = ["std", "attributes"] }
+parking_lot = { version = "0.12", default-features = false }
+bytes = { version = "1.4", default-features = false, features = ["std"] }
+itertools = { version = "0.10", default-features = false, features = ["use_std"] }
+
+# TODO: research replacing for https://github.com/algesten/str0m
+webrtc = { version = "0.7" }
+
+# Apple tunnel dependencies
+[target.'cfg(any(target_os = "macos", target_os = "ios"))'.dependencies]
+libs-common = { path = "../common", features = ["device"] }
+
+# Linux tunnel dependencies
+[target.'cfg(target_os = "linux")'.dependencies]
+libs-common = { path = "../common", features = ["device"] }
+
+# Android tunnel dependencies
+[target.'cfg(target_os = "android")'.dependencies]
+libs-common = { path = "../common", features = ["jni-bindings"] }
+android_logger = "0.13"
+log = "0.4.14"
+
+# Windows tunnel dependencies
+[target.'cfg(target_os = "windows")'.dependencies]
+libs-common = { path = "../common" }
+wintun = "0.2.1"
diff --git a/libs/tunnel/src/control_protocol.rs b/libs/tunnel/src/control_protocol.rs
new file mode 100644
index 0000000..53f7b3e
--- /dev/null
+++ b/libs/tunnel/src/control_protocol.rs
@@ -0,0 +1,302 @@
+use std::sync::Arc;
+
+use libs_common::{
+    boringtun::{
+        noise::Tunn,
+        x25519::{PublicKey, StaticSecret},
+    },
+    error_type::ErrorType::Recoverable,
+    messages::{Id, Key, RequestConnection},
+    Callbacks, Error, Result,
+};
+use rand_core::OsRng;
+use webrtc::{
+    data_channel::RTCDataChannel,
+    ice_transport::ice_server::RTCIceServer,
+    peer_connection::{
+        configuration::RTCConfiguration, peer_connection_state::RTCPeerConnectionState,
+        sdp::session_description::RTCSessionDescription, RTCPeerConnection,
+    },
+};
+
+use crate::{peer::Peer, ControlSignal, PeerConfig, Tunnel};
+
+impl<C: ControlSignal, CB: Callbacks> Tunnel<C, CB>
+where
+    C: Send + Sync + 'static,
+    CB: Send + Sync + 'static,
+{
+    async fn handle_channel_open(
+        self: &Arc<Self>,
+        data_channel: Arc<RTCDataChannel>,
+        index: u32,
+        peer_config: PeerConfig,
+    ) -> Result<()> {
+        let channel = data_channel.detach().await.expect("TODO");
+        let tunn = Tunn::new(
+            self.private_key.clone(),
+            peer_config.public_key,
+            Some(peer_config.preshared_key.to_bytes()),
+            peer_config.persistent_keepalive,
+            index,
+            None,
+        )?;
+
+        let peer = Arc::new(Peer::from_config(
+            tunn,
+            index,
+            &peer_config,
+            Arc::clone(&channel),
+        ));
+
+        {
+            let mut peers_by_ip = self.peers_by_ip.write();
+            peers_by_ip.insert(peer_config.ipv4.into(), Arc::clone(&peer));
+            peers_by_ip.insert(peer_config.ipv6.into(), Arc::clone(&peer));
+        }
+
+        self.start_peer_handler(Arc::clone(&peer));
+        Ok(())
+    }
+
+    #[tracing::instrument(level = "trace", skip(self))]
+    async fn initialize_peer_request(
+        self: &Arc<Self>,
+        relays: Vec<String>,
+    ) -> Result<Arc<RTCPeerConnection>> {
+        let config = RTCConfiguration {
+            ice_servers: relays
+                .into_iter()
+                .map(|srv| RTCIceServer {
+                    urls: vec![srv],
+                    ..Default::default()
+                })
+                .collect(),
+            ..Default::default()
+        };
+        let peer_connection = Arc::new(self.webrtc_api.new_peer_connection(config).await?);
+
+        peer_connection.on_peer_connection_state_change(Box::new(|_s| {
+            Box::pin(async {
+                // Respond with failure to control plane and remove peer
+            })
+        }));
+
+        Ok(peer_connection)
+    }
+
+    #[tracing::instrument(level = "trace", skip(self))]
+    fn handle_connection_state_update(self: &Arc<Self>, state: RTCPeerConnectionState) {
+        tracing::trace!("Peer Connection State has changed: {state}");
+        if state == RTCPeerConnectionState::Failed {
+            // Wait until PeerConnection has had no network activity for 30 seconds or another failure. It may be reconnected using an ICE Restart.
+            // Use webrtc.PeerConnectionStateDisconnected if you are interested in detecting faster timeout.
+            // Note that the PeerConnection may come back from PeerConnectionStateDisconnected.
+            tracing::warn!("Peer Connection has gone to failed exiting");
+        }
+    }
+
+    #[tracing::instrument(level = "trace", skip(self))]
+    fn set_connection_state_update(self: &Arc<Self>, peer_connection: &Arc<RTCPeerConnection>) {
+        let tunnel = Arc::clone(self);
+        peer_connection.on_peer_connection_state_change(Box::new(
+            move |state: RTCPeerConnectionState| {
+                let tunnel = Arc::clone(&tunnel);
+                Box::pin(async move { tunnel.handle_connection_state_update(state) })
+            },
+        ));
+    }
+
+    /// Initiate an ice connection request.
+    ///
+    /// Given a resource id and a list of relay creates a [RequestConnection]
+    /// and prepares the tunnel to handle the connection once initiated.
+    ///
+    /// # Note
+    /// This function blocks until all ICE candidates are gathered so it might block for a long time.
+    ///
+    /// # Parameters
+    /// - `resource_id`: Id of the resource we are going to request the connection to.
+    /// - `relays`: The list of relays used for that connection.
+    ///
+    /// # Returns
+    /// A [RequestConnection] that should be sent to the gateway through the control-plane.
+    #[tracing::instrument(level = "trace", skip(self))]
+    pub async fn request_connection(
+        self: &Arc<Self>,
+        resource_id: Id,
+        relays: Vec<String>,
+    ) -> Result<RequestConnection> {
+        let peer_connection = self.initialize_peer_request(relays).await?;
+        self.set_connection_state_update(&peer_connection);
+
+        let data_channel = peer_connection.create_data_channel("data", None).await?;
+        let d = Arc::clone(&data_channel);
+
+        let tunnel = Arc::clone(self);
+
+        let preshared_key = StaticSecret::random_from_rng(OsRng);
+        let p_key = preshared_key.clone();
+        let resource_description = tunnel
+            .resources
+            .read()
+            .get_main(&resource_id)
+            .expect("TODO")
+            .clone();
+        data_channel.on_open(Box::new(move || {
+            tracing::trace!("new data channel opened!");
+            Box::pin(async move {
+                let index = tunnel.next_index();
+                let Some(gateway_public_key) = tunnel.gateway_public_keys.lock().remove(&resource_id) else {
+                    tunnel.cleanup_connection(resource_id);
+                    tracing::warn!("Opened ICE channel with gateway without ever recieving public key");
+                    CB::on_error(&Error::ControlProtocolError, Recoverable);
+                    return;
+                };
+                let peer_config = {
+                    PeerConfig {
+                        persistent_keepalive: None,
+                        public_key: gateway_public_key,
+                        ipv4: resource_description.ipv4,
+                        ipv6: resource_description.ipv6,
+                        preshared_key: p_key,
+                    }
+                };
+
+                if let Err(e) = tunnel.handle_channel_open(d, index, peer_config).await {
+                    tracing::error!("Couldn't stablish wireguard link after channel was opened: {e}");
+                    CB::on_error(&e, Recoverable);
+                    tunnel.cleanup_connection(resource_id);
+                }
+                tunnel.awaiting_connection.lock().remove(&resource_id);
+            })
+        }));
+
+        let offer = peer_connection.create_offer(None).await?;
+        let mut gather_complete = peer_connection.gathering_complete_promise().await;
+        peer_connection.set_local_description(offer).await?;
+
+        // FIXME: timeout here! (but probably don't even bother because we need to implement ICE trickle)
+        let _ = gather_complete.recv().await;
+        let local_description = peer_connection
+            .local_description()
+            .await
+            .expect("set_local_description was just called above");
+
+        self.peer_connections
+            .lock()
+            .insert(resource_id, peer_connection);
+
+        Ok(RequestConnection {
+            resource_id,
+            client_preshared_key: Key(preshared_key.to_bytes()),
+            client_rtc_sdp: local_description,
+        })
+    }
+
+    /// Called when a response to [Tunnel::request_connection] is ready.
+    ///
+    /// Once this is called if everything goes fine a new tunnel should be started between the 2 peers.
+    ///
+    /// # Parameters
+    /// - `resource_id`: Id of the resource that responded.
+    /// - `rtc_sdp`: Remote SDP.
+    /// - `gateway_public_key`: Public key of the gateway that is handling that resource for this connection.
+    #[tracing::instrument(level = "trace", skip(self))]
+    pub async fn recieved_offer_response(
+        self: &Arc<Self>,
+        resource_id: Id,
+        rtc_sdp: RTCSessionDescription,
+        gateway_public_key: PublicKey,
+    ) -> Result<()> {
+        let peer_connection = self
+            .peer_connections
+            .lock()
+            .get(&resource_id)
+            .ok_or(Error::UnknownResource)?
+            .clone();
+        self.gateway_public_keys
+            .lock()
+            .insert(resource_id, gateway_public_key);
+        peer_connection.set_remote_description(rtc_sdp).await?;
+        Ok(())
+    }
+
+    /// Accept a connection request from a client.
+    ///
+    /// Sets a connection to a remote SDP, creates the local SDP
+    /// and returns it.
+    ///
+    /// # Note
+    ///
+    /// This function blocks until it gathers all the ICE candidates
+    /// so it might block for a long time.
+    ///
+    /// # Parameters
+    /// - `sdp_session`: Remote session description.
+    /// - `peer`: Configuration for the remote peer.
+    /// - `relays`: List of relays to use with this connection.
+    /// - `client_id`: UUID of the remote client.
+    ///
+    /// # Returns
+    /// An [RTCSessionDescription] of the local sdp, with candidates gathered.
+    pub async fn set_peer_connection_request(
+        self: &Arc<Self>,
+        sdp_session: RTCSessionDescription,
+        peer: PeerConfig,
+        relays: Vec<String>,
+        client_id: Id,
+    ) -> Result<RTCSessionDescription> {
+        let peer_connection = self.initialize_peer_request(relays).await?;
+        let index = self.next_index();
+        let tunnel = Arc::clone(self);
+        self.peer_connections
+            .lock()
+            .insert(client_id, Arc::clone(&peer_connection));
+
+        self.set_connection_state_update(&peer_connection);
+
+        peer_connection.on_data_channel(Box::new(move |d| {
+            tracing::trace!("data channel created!");
+            let data_channel = Arc::clone(&d);
+            let peer = peer.clone();
+            let tunnel = Arc::clone(&tunnel);
+            Box::pin(async move {
+                d.on_open(Box::new(move || {
+                    tracing::trace!("new data channel opened!");
+                    Box::pin(async move {
+                        if let Err(e) = tunnel.handle_channel_open(data_channel, index, peer).await
+                        {
+                            CB::on_error(&e, Recoverable);
+                            tracing::error!(
+                                "Couldn't stablish wireguard link after opening channel: {e}"
+                            );
+                            // Note: handle_channel_open can only error out before insert to peers_by_ip
+                            // otherwise we would need to clean that up too!
+                            tunnel.peer_connections.lock().remove(&client_id);
+                        }
+                    })
+                }))
+            })
+        }));
+
+        peer_connection.set_remote_description(sdp_session).await?;
+
+        let mut gather_complete = peer_connection.gathering_complete_promise().await;
+        let answer = peer_connection.create_answer(None).await?;
+        peer_connection.set_local_description(answer).await?;
+        let _ = gather_complete.recv().await;
+        let local_desc = peer_connection
+            .local_description()
+            .await
+            .ok_or(Error::ConnectionStablishError)?;
+
+        Ok(local_desc)
+    }
+
+    /// Clean up a connection to a resource.
+    pub fn cleanup_connection(&self, resource_id: Id) {
+        self.awaiting_connection.lock().remove(&resource_id);
+        self.peer_connections.lock().remove(&resource_id);
+    }
+}
diff --git a/libs/tunnel/src/index.rs b/libs/tunnel/src/index.rs
new file mode 100644
index 0000000..f03a89c
--- /dev/null
+++ b/libs/tunnel/src/index.rs
@@ -0,0 +1,61 @@
+use rand_core::{OsRng, RngCore};
+
+// Taken from boringtun (todo)
+/// A basic linear-feedback shift register implemented as xorshift, used to
+/// distribute peer indexes across the 24-bit address space reserved for peer
+/// identification.
+/// The purpose is to obscure the total number of peers using the system and to
+/// ensure it requires a non-trivial amount of processing power and/or samples
+/// to guess other peers' indices. Anything more ambitious than this is wasted
+/// with only 24 bits of space.
+pub(crate) struct IndexLfsr {
+    initial: u32,
+    lfsr: u32,
+    mask: u32,
+}
+
+impl IndexLfsr {
+    /// Generate a random 24-bit nonzero integer
+    fn random_index() -> u32 {
+        const LFSR_MAX: u32 = 0xffffff; // 24-bit seed
+        loop {
+            let i = OsRng.next_u32() & LFSR_MAX;
+            if i > 0 {
+                // LFSR seed must be non-zero
+                return i;
+            }
+        }
+    }
+
+    /// Generate the next value in the pseudorandom sequence
+    pub(crate) fn next(&mut self) -> u32 {
+        // 24-bit polynomial for randomness. This is arbitrarily chosen to
+        // inject bitflips into the value.
+        const LFSR_POLY: u32 = 0xd80000; // 24-bit polynomial
+        let value = self.lfsr - 1; // lfsr will never have value of 0
+        self.lfsr = (self.lfsr >> 1) ^ ((0u32.wrapping_sub(self.lfsr & 1u32)) & LFSR_POLY);
+        assert!(self.lfsr != self.initial, "Too many peers created");
+        value ^ self.mask
+    }
+}
+
+impl Default for IndexLfsr {
+    fn default() -> Self {
+        let seed = Self::random_index();
+        IndexLfsr {
+            initial: seed,
+            lfsr: seed,
+            mask: Self::random_index(),
+        }
+    }
+}
+
+// Checks that a packet has the index we expect
+pub(crate) fn check_packet_index(recv_idx: u32, expected_idx: u32) -> bool {
+    if (recv_idx >> 8) == expected_idx {
+        true
+    } else {
+        tracing::warn!("receiver index doesn't match peer index, something fishy is going on");
+        false
+    }
+}
diff --git a/libs/tunnel/src/lib.rs b/libs/tunnel/src/lib.rs
new file mode 100644
index 0000000..41e7deb
--- /dev/null
+++ b/libs/tunnel/src/lib.rs
@@ -0,0 +1,487 @@
+//! Connlib tunnel implementation.
+//!
+//! This is both the wireguard and ICE implementation that should work in tandem.
+//! [Tunnel] is the  main entry-point for this crate.
+use libs_common::{
+    boringtun::{
+        noise::{
+            errors::WireGuardError, handshake::parse_handshake_anon, rate_limiter::RateLimiter,
+            Packet, Tunn, TunnResult,
+        },
+        x25519::{PublicKey, StaticSecret},
+    },
+    error_type::ErrorType::Recoverable,
+    Callbacks,
+};
+
+use async_trait::async_trait;
+use bytes::Bytes;
+use itertools::Itertools;
+use parking_lot::{Mutex, RwLock};
+use peer::Peer;
+use tokio::time::MissedTickBehavior;
+use webrtc::{
+    api::{
+        interceptor_registry::register_default_interceptors, media_engine::MediaEngine,
+        setting_engine::SettingEngine, APIBuilder, API,
+    },
+    interceptor::registry::Registry,
+    peer_connection::RTCPeerConnection,
+};
+
+use std::{
+    collections::{HashMap, HashSet},
+    hash::Hash,
+    marker::PhantomData,
+    net::{IpAddr, Ipv4Addr, Ipv6Addr},
+    sync::Arc,
+    time::Duration,
+};
+
+use libs_common::{
+    messages::{Id, Interface as InterfaceConfig, ResourceDescription},
+    Result,
+};
+
+use self::tun_device::DeviceChannel;
+use self::tun_device::IfaceDevice;
+
+pub use webrtc::peer_connection::sdp::session_description::RTCSessionDescription;
+
+use index::{check_packet_index, IndexLfsr};
+use multimap::MultiMap;
+
+mod control_protocol;
+mod index;
+mod multimap;
+mod peer;
+
+#[cfg(target_os = "linux")]
+#[path = "tun_linux.rs"]
+mod tun_device;
+
+#[cfg(any(target_os = "macos", target_os = "ios"))]
+#[path = "tun_darwin.rs"]
+mod tun_device;
+
+const RESET_PACKET_COUNT_INTERVAL: Duration = Duration::from_secs(1);
+const REFRESH_PEERS_TIEMRS_INTERVAL: Duration = Duration::from_secs(1);
+
+// Note: Taken from boringtun
+const HANDSHAKE_RATE_LIMIT: u64 = 100;
+const MAX_UDP_SIZE: usize = (1 << 16) - 1;
+
+#[derive(Debug, Clone, PartialEq, Eq, Hash)]
+enum ResourceKind<T> {
+    _Name(String),
+    Addr(T),
+}
+
+/// Represent's the tunnel actual peer's config
+/// Obtained from libs_common's Peer
+#[derive(Clone)]
+pub struct PeerConfig {
+    pub(crate) persistent_keepalive: Option<u16>,
+    pub(crate) public_key: PublicKey,
+    pub(crate) ipv4: Ipv4Addr,
+    pub(crate) ipv6: Ipv6Addr,
+    pub(crate) preshared_key: StaticSecret,
+}
+
+impl From<libs_common::messages::Peer> for PeerConfig {
+    fn from(value: libs_common::messages::Peer) -> Self {
+        Self {
+            persistent_keepalive: value.persistent_keepalive,
+            public_key: value.public_key.0.into(),
+            ipv4: value.ipv4,
+            ipv6: value.ipv6,
+            preshared_key: value.preshared_key.0.into(),
+        }
+    }
+}
+
+/// Trait used for out-going signals to control plane that are **required** to be made from inside the tunnel.
+///
+/// Generally, we try to return from the functions here rather than using this callback.
+#[async_trait]
+pub trait ControlSignal {
+    /// Signals to the control plane an intent to initiate a connecti to the given resource.
+    ///
+    /// Used when a packet is found to a resource we have no connection stablished but is within the list of resources available for the client.
+    async fn signal_connection_to(&self, resource: &ResourceDescription) -> Result<()>;
+}
+
+/// Tunnel is a wireguard state machine that uses webrtc's ICE channels instead of UDP sockets
+/// to communicate between peers.
+pub struct Tunnel<C: ControlSignal, CB: Callbacks> {
+    next_index: Mutex<IndexLfsr>,
+    iface_device: Mutex<IfaceDevice>,
+    device_channel: Arc<DeviceChannel>,
+    rate_limiter: Arc<RateLimiter>,
+    private_key: StaticSecret,
+    public_key: PublicKey,
+    peers_by_ip: RwLock<HashMap<IpAddr, Arc<Peer>>>,
+    peer_connections: Mutex<HashMap<Id, Arc<RTCPeerConnection>>>,
+    awaiting_connection: Mutex<HashSet<Id>>,
+    webrtc_api: API,
+    resources:
+        RwLock<MultiMap<Id, ResourceKind<Ipv4Addr>, ResourceKind<Ipv6Addr>, ResourceDescription>>,
+    control_signaler: C,
+    gateway_public_keys: Mutex<HashMap<Id, PublicKey>>,
+    _phantom: PhantomData<CB>,
+}
+
+impl<C: ControlSignal, CB: Callbacks> Tunnel<C, CB>
+where
+    C: Send + Sync + 'static,
+    CB: Send + Sync + 'static,
+{
+    /// Creates a new tunnel.
+    ///
+    /// # Parameters
+    /// - `private_key`: wireguard's private key.
+    /// -  `control_signaler`: this is used to send SDP from the tunnel to the control plane.
+    #[tracing::instrument(level = "trace", skip(private_key, control_signaler))]
+    pub async fn new(private_key: StaticSecret, control_signaler: C) -> Result<Self> {
+        let public_key = (&private_key).into();
+        let rate_limiter = Arc::new(RateLimiter::new(&public_key, HANDSHAKE_RATE_LIMIT));
+        let peers_by_ip = Default::default();
+        let next_index = Default::default();
+        let (iface_device, device_channel) = tun_device::create_iface().await?;
+        let iface_device = Mutex::new(iface_device);
+        let device_channel = Arc::new(device_channel);
+        let peer_connections = Default::default();
+        let resources = Default::default();
+        let awaiting_connection = Default::default();
+        let gateway_public_keys = Default::default();
+
+        // ICE
+        let mut media_engine = MediaEngine::default();
+
+        // Register default codecs (TODO: We need this?)
+        media_engine.register_default_codecs()?;
+        let mut registry = Registry::new();
+        registry = register_default_interceptors(registry, &mut media_engine)?;
+        let mut setting_engine = SettingEngine::default();
+        setting_engine.detach_data_channels();
+        // TODO: Enable UDPMultiplex (had some problems before)
+
+        let webrtc_api = APIBuilder::new()
+            .with_media_engine(media_engine)
+            .with_interceptor_registry(registry)
+            .with_setting_engine(setting_engine)
+            .build();
+
+        Ok(Self {
+            gateway_public_keys,
+            rate_limiter,
+            private_key,
+            peer_connections,
+            public_key,
+            peers_by_ip,
+            next_index,
+            webrtc_api,
+            iface_device,
+            device_channel,
+            resources,
+            awaiting_connection,
+            control_signaler,
+            _phantom: PhantomData,
+        })
+    }
+
+    /// Adds a the given resource to the tunnel.
+    ///
+    /// Once added, when a packet for the resource is intercepted a new data channel will be created
+    /// and packets will be wrapped with wireguard and sent through it.
+    #[tracing::instrument(level = "trace", skip(self))]
+    pub fn add_resource(&self, resource_description: ResourceDescription) {
+        let mut resources = self.resources.write();
+        resources.insert(
+            resource_description.id,
+            Some(ResourceKind::Addr(resource_description.ipv4)),
+            Some(ResourceKind::Addr(resource_description.ipv6)),
+            resource_description,
+        );
+    }
+
+    /// Sets the interface configuration and starts background tasks.
+    #[tracing::instrument(level = "trace", skip(self))]
+    pub async fn set_interface(self: &Arc<Self>, config: &InterfaceConfig) -> Result<()> {
+        {
+            let mut iface_device = self.iface_device.lock();
+            iface_device
+                .set_iface_config(config)
+                .expect("Couldn't initiate interface");
+            iface_device.up().expect("Couldn't initiate interface");
+        }
+
+        self.start_timers();
+        self.start_iface_handler();
+
+        tracing::trace!("Started background loops");
+
+        Ok(())
+    }
+
+    async fn peer_refresh(peer: &Peer, dst_buf: &mut [u8; MAX_UDP_SIZE]) {
+        let update_timers_result = peer.update_timers(&mut dst_buf[..]);
+
+        match update_timers_result {
+            TunnResult::Done => {}
+            TunnResult::Err(WireGuardError::ConnectionExpired) => {
+                tracing::error!("Connection expired");
+            }
+            TunnResult::Err(e) => tracing::error!(message = "Timer error", error = ?e),
+            TunnResult::WriteToNetwork(packet) => peer.send_infallible::<CB>(packet).await,
+            _ => panic!("Unexpected result from update_timers"),
+        };
+    }
+
+    fn start_rate_limiter_refresh_timer(self: &Arc<Self>) {
+        let rate_limiter = self.rate_limiter.clone();
+        tokio::spawn(async move {
+            let mut interval = tokio::time::interval(RESET_PACKET_COUNT_INTERVAL);
+            interval.set_missed_tick_behavior(MissedTickBehavior::Delay);
+            loop {
+                rate_limiter.reset_count();
+                interval.tick().await;
+            }
+        });
+    }
+
+    fn start_peers_refresh_timer(self: &Arc<Self>) {
+        let tunnel = self.clone();
+
+        tokio::spawn(async move {
+            let mut interval = tokio::time::interval(REFRESH_PEERS_TIEMRS_INTERVAL);
+            interval.set_missed_tick_behavior(MissedTickBehavior::Delay);
+            let mut dst_buf = [0u8; MAX_UDP_SIZE];
+
+            loop {
+                let peers: Vec<_> = tunnel
+                    .peers_by_ip
+                    .read()
+                    .values()
+                    .unique_by(|p| p.index)
+                    .cloned()
+                    .collect();
+
+                for peer in peers {
+                    Self::peer_refresh(&peer, &mut dst_buf).await;
+                }
+
+                interval.tick().await;
+            }
+        });
+    }
+
+    fn start_timers(self: &Arc<Self>) {
+        self.start_rate_limiter_refresh_timer();
+        self.start_peers_refresh_timer();
+    }
+
+    fn is_wireguard_packet_ok(&self, parsed_packet: &Packet, peer: &Peer) -> bool {
+        match &parsed_packet {
+            Packet::HandshakeInit(p) => {
+                parse_handshake_anon(&self.private_key, &self.public_key, p).is_ok()
+            }
+            Packet::HandshakeResponse(p) => check_packet_index(p.receiver_idx, peer.index),
+            Packet::PacketCookieReply(p) => check_packet_index(p.receiver_idx, peer.index),
+            Packet::PacketData(p) => check_packet_index(p.receiver_idx, peer.index),
+        }
+    }
+
+    fn start_peer_handler(self: &Arc<Self>, peer: Arc<Peer>) {
+        let tunnel = Arc::clone(self);
+        tokio::spawn(async move {
+            let mut src_buf = [0u8; MAX_UDP_SIZE];
+            let mut dst_buf = [0u8; MAX_UDP_SIZE];
+            // Loop while we have packets on the anonymous connection
+            while let Ok(size) = peer.channel.read(&mut src_buf[..]).await {
+                tracing::trace!("read {size} bytes from peer");
+                // The rate limiter initially checks mac1 and mac2, and optionally asks to send a cookie
+                let parsed_packet = match tunnel.rate_limiter.verify_packet(
+                    // TODO: Some(addr.ip()) webrtc doesn't expose easily the underlying data channel remote ip
+                    // so for now we don't use it. but we need it for rate limiter although we probably not need it since the data channel
+                    // will only be established to authenticated peers, so the portal could already prevent being ddos'd
+                    // but maybe in that cased we can drop this rate_limiter all together and just use decapsulate
+                    None,
+                    &src_buf[..size],
+                    &mut dst_buf,
+                ) {
+                    Ok(packet) => packet,
+                    Err(TunnResult::WriteToNetwork(cookie)) => {
+                        peer.send_infallible::<CB>(cookie).await;
+                        continue;
+                    }
+                    Err(_) => continue,
+                };
+
+                if !tunnel.is_wireguard_packet_ok(&parsed_packet, &peer) {
+                    continue;
+                }
+
+                let decapsulate_result = {
+                    peer.tunnel.lock().decapsulate(
+                        // TODO: See comment above
+                        None,
+                        &src_buf[..size],
+                        &mut dst_buf[..],
+                    )
+                };
+
+                // We found a peer, use it to decapsulate the message+
+                let mut flush = false;
+                match decapsulate_result {
+                    TunnResult::Done => {}
+                    TunnResult::Err(_) => continue,
+                    TunnResult::WriteToNetwork(packet) => {
+                        flush = true;
+                        peer.send_infallible::<CB>(packet).await;
+                    }
+                    TunnResult::WriteToTunnelV4(packet, addr) => {
+                        if peer.is_allowed_ipv4(&addr) {
+                            tunnel.write_device_infallible(packet).await;
+                        }
+                    }
+                    TunnResult::WriteToTunnelV6(packet, addr) => {
+                        if peer.is_allowed_ipv6(&addr) {
+                            tunnel.write_device_infallible(packet).await;
+                        }
+                    }
+                };
+
+                if flush {
+                    // Flush pending queue
+                    while let TunnResult::WriteToNetwork(packet) = {
+                        let res = peer.tunnel.lock().decapsulate(None, &[], &mut dst_buf[..]);
+                        res
+                    } {
+                        peer.send_infallible::<CB>(packet).await;
+                    }
+                }
+            }
+        });
+    }
+
+    async fn write_device_infallible(&self, packet: &[u8]) {
+        if let Err(e) = self.device_channel.write(packet).await {
+            CB::on_error(&e.into(), Recoverable);
+        }
+    }
+
+    fn get_resource(&self, buff: &[u8]) -> Option<ResourceDescription> {
+        // TODO: Check if DNS packet, in that case parse and get dns
+        let addr = Tunn::dst_address(buff)?;
+        let resources = self.resources.read();
+        match addr {
+            IpAddr::V4(ipv4) => resources
+                .get_by_helper_1(&ResourceKind::Addr(ipv4))
+                .cloned(),
+            IpAddr::V6(ipv6) => resources
+                .get_by_helper_2(&ResourceKind::Addr(ipv6))
+                .cloned(),
+        }
+    }
+
+    fn start_iface_handler(self: &Arc<Self>) {
+        let dev = self.clone();
+        tokio::spawn(async move {
+            loop {
+                let mut src = [0u8; MAX_UDP_SIZE];
+                let mut dst = [0u8; MAX_UDP_SIZE];
+                let res = {
+                    // TODO: We should check here if what we read is a whole packet
+                    // there's no docs on tun device on when a whole packet is read, is it \n or another thing?
+                    // found some comments saying that a single read syscall represents a single packet but no docs on that
+                    // See https://stackoverflow.com/questions/18461365/how-to-read-packet-by-packet-from-linux-tun-tap
+                    match dev.device_channel.mtu().await {
+                        Ok(mtu) => match dev.device_channel.read(&mut src[..mtu]).await {
+                            Ok(res) => res,
+                            Err(err) => {
+                                tracing::error!("Couldn't read packet from interface: {err}");
+                                CB::on_error(&err.into(), Recoverable);
+                                continue;
+                            }
+                        },
+                        Err(err) => {
+                            tracing::error!("Couldn't obtain iface mtu: {err}");
+                            CB::on_error(&err, Recoverable);
+                            continue;
+                        }
+                    }
+                };
+
+                let dst_addr = match Tunn::dst_address(&src[..res]) {
+                    Some(addr) => addr,
+                    None => continue,
+                };
+
+                let (encapsulate_result, channel) = {
+                    let peers_by_ip = dev.peers_by_ip.read();
+                    match peers_by_ip.get(&dst_addr) {
+                        Some(peer) => (
+                            peer.tunnel.lock().encapsulate(&src[..res], &mut dst[..]),
+                            peer.channel.clone(),
+                        ),
+                        None => {
+                            // We can buffer requests here but will drop them for now and let the upper layer reialability protocol handle this
+                            if let Some(resource) = dev.get_resource(&src[..res]) {
+                                // We have awaiting connection to prevent a race condition where
+                                // create_peer_connection hasn't added the thing to peer_connections
+                                // and we are finding another packet to the same address (otherwise we would just use peer_connections here)
+                                let mut awaiting_connection = dev.awaiting_connection.lock();
+                                let id = resource.id;
+                                if !awaiting_connection.contains(&id) {
+                                    tracing::trace!("Found new intent to send packets to resource with resource-ip: {dst_addr}, initalizing conection...");
+
+                                    awaiting_connection.insert(id);
+                                    let dev = Arc::clone(&dev);
+
+                                    tokio::spawn(async move {
+                                        if let Err(e) = dev
+                                            .control_signaler
+                                            .signal_connection_to(&resource)
+                                            .await
+                                        {
+                                            // Not a deadlock because this is a different task
+                                            dev.awaiting_connection.lock().remove(&id);
+                                            tracing::error!("couldn't start protocol for new connection to resource: {e}");
+                                            CB::on_error(&e, Recoverable);
+                                        }
+                                    });
+                                }
+                            }
+                            continue;
+                        }
+                    }
+                };
+
+                match encapsulate_result {
+                    TunnResult::Done => {
+                        tracing::trace!(
+                            "tunnel for resource corresponding to {dst_addr} was finalized"
+                        );
+                    }
+                    TunnResult::Err(e) => {
+                        tracing::error!(message = "Encapsulate error for resoruce corresponding to {dst_addr}", error = ?e);
+                        CB::on_error(&e.into(), Recoverable);
+                    }
+                    TunnResult::WriteToNetwork(packet) => {
+                        tracing::trace!("writing iface packet to peer: {}", dst_addr);
+                        if let Err(e) = channel.write(&Bytes::copy_from_slice(packet)).await {
+                            tracing::error!("Couldn't write packet to channel: {e}");
+                            CB::on_error(&e.into(), Recoverable);
+                        }
+                    }
+                    _ => panic!("Unexpected result from encapsulate"),
+                };
+            }
+        });
+    }
+
+    fn next_index(&self) -> u32 {
+        self.next_index.lock().next()
+    }
+}
diff --git a/libs/tunnel/src/multimap.rs b/libs/tunnel/src/multimap.rs
new file mode 100644
index 0000000..9af7221
--- /dev/null
+++ b/libs/tunnel/src/multimap.rs
@@ -0,0 +1,80 @@
+use std::{collections::HashMap, hash::Hash};
+
+// Custom very simple multimap
+// it has get_main for getting things through the main key
+// it has get_by_helper for getting things through helper keys
+// it has remove which can only erase things through helper keys
+// initially used to get things though id or a biyection(unique key) and delete through id
+// e.g resource's id and resource kind mapped to the resource
+#[derive(Debug, Clone)]
+pub(crate) struct MultiMap<K1, K2, K3, V> {
+    main_map: HashMap<K1, V>,
+    helper_map_1: HashMap<K2, (K1, Option<K3>)>,
+    helper_map_2: HashMap<K3, (K1, Option<K2>)>,
+}
+
+impl<K1, K2, K3, V> Default for MultiMap<K1, K2, K3, V> {
+    fn default() -> Self {
+        Self {
+            main_map: Default::default(),
+            helper_map_1: Default::default(),
+            helper_map_2: Default::default(),
+        }
+    }
+}
+
+impl<K1, K2, K3, V> MultiMap<K1, K2, K3, V>
+where
+    K1: Eq + PartialEq + Hash + Clone,
+    K2: Eq + PartialEq + Hash + Clone,
+    K3: Eq + PartialEq + Hash + Clone,
+{
+    pub(crate) fn insert(
+        &mut self,
+        main_key: K1,
+        helper_key_1: Option<K2>,
+        helper_key_2: Option<K3>,
+        value: V,
+    ) -> Option<V> {
+        if let Some(k) = &helper_key_1 {
+            self.helper_map_1
+                .insert(k.clone(), (main_key.clone(), helper_key_2.clone()));
+        }
+
+        if let Some(k) = helper_key_2 {
+            self.helper_map_2
+                .insert(k, (main_key.clone(), helper_key_1));
+        }
+        self.main_map.insert(main_key, value)
+    }
+
+    pub(crate) fn get_main(&self, k: &K1) -> Option<&V> {
+        self.main_map.get(k)
+    }
+
+    pub(crate) fn get_by_helper_1(&self, k: &K2) -> Option<&V> {
+        let (k, _) = self.helper_map_1.get(k)?;
+        self.main_map.get(k)
+    }
+
+    pub(crate) fn get_by_helper_2(&self, k: &K3) -> Option<&V> {
+        let (k, _) = self.helper_map_2.get(k)?;
+        self.main_map.get(k)
+    }
+
+    pub(crate) fn _remove_by_helper_1(&mut self, k: &K2) -> Option<V> {
+        let (k, k1) = self.helper_map_1.get(k)?;
+        if let Some(k) = k1 {
+            self.helper_map_2.remove(k);
+        }
+        self.main_map.remove(k)
+    }
+
+    pub(crate) fn _remove_by_helper_2(&mut self, k: &K3) -> Option<V> {
+        let (k, k2) = self.helper_map_2.get(k)?;
+        if let Some(k) = k2 {
+            self.helper_map_1.remove(k);
+        }
+        self.main_map.remove(k)
+    }
+}
diff --git a/libs/tunnel/src/peer.rs b/libs/tunnel/src/peer.rs
new file mode 100644
index 0000000..122116f
--- /dev/null
+++ b/libs/tunnel/src/peer.rs
@@ -0,0 +1,81 @@
+use std::{
+    net::{Ipv4Addr, Ipv6Addr, SocketAddr},
+    sync::Arc,
+};
+
+use bytes::Bytes;
+use libs_common::{
+    boringtun::noise::{Tunn, TunnResult},
+    error_type::ErrorType,
+    Callbacks,
+};
+use parking_lot::Mutex;
+use webrtc::data::data_channel::DataChannel;
+
+use super::PeerConfig;
+
+pub(crate) struct Peer {
+    pub(crate) tunnel: Mutex<Tunn>,
+    pub(crate) index: u32,
+    preshared_key: [u8; 32],
+    pub(crate) allowed_ipv4: Ipv4Addr,
+    pub(crate) allowed_ipv6: Ipv6Addr,
+    pub(crate) channel: Arc<DataChannel>,
+}
+
+impl Peer {
+    pub(crate) async fn send_infallible<CB: Callbacks>(&self, data: &[u8]) {
+        if let Err(e) = self.channel.write(&Bytes::copy_from_slice(data)).await {
+            tracing::error!("Couldn't send  packet to connected peer: {e}");
+            CB::on_error(&e.into(), ErrorType::Recoverable);
+        }
+    }
+
+    pub(crate) fn from_config(
+        tunnel: Tunn,
+        index: u32,
+        config: &PeerConfig,
+        channel: Arc<DataChannel>,
+    ) -> Self {
+        let preshared_key = config.preshared_key.to_bytes();
+
+        Self::new(
+            Mutex::new(tunnel),
+            index,
+            config.ipv4,
+            config.ipv6,
+            preshared_key,
+            channel,
+        )
+    }
+
+    pub(crate) fn new(
+        tunnel: Mutex<Tunn>,
+        index: u32,
+        ipv4: Ipv4Addr,
+        ipv6: Ipv6Addr,
+        preshared_key: [u8; 32],
+        channel: Arc<DataChannel>,
+    ) -> Peer {
+        Peer {
+            tunnel,
+            index,
+            allowed_ipv4: ipv4,
+            allowed_ipv6: ipv6,
+            preshared_key,
+            channel,
+        }
+    }
+
+    pub(crate) fn update_timers<'a>(&self, dst: &'a mut [u8]) -> TunnResult<'a> {
+        self.tunnel.lock().update_timers(dst)
+    }
+
+    pub(crate) fn is_allowed_ipv4(&self, addr: &Ipv4Addr) -> bool {
+        &self.allowed_ipv4 == addr
+    }
+
+    pub(crate) fn is_allowed_ipv6(&self, addr: &Ipv6Addr) -> bool {
+        &self.allowed_ipv6 == addr
+    }
+}
diff --git a/src/platform.rs b/libs/tunnel/src/platform.rs
similarity index 100%
rename from src/platform.rs
rename to libs/tunnel/src/platform.rs
diff --git a/src/platform/android.rs b/libs/tunnel/src/platform/android.rs
similarity index 100%
rename from src/platform/android.rs
rename to libs/tunnel/src/platform/android.rs
diff --git a/src/platform/apple.rs b/libs/tunnel/src/platform/apple.rs
similarity index 100%
rename from src/platform/apple.rs
rename to libs/tunnel/src/platform/apple.rs
diff --git a/src/platform/linux.rs b/libs/tunnel/src/platform/linux.rs
similarity index 100%
rename from src/platform/linux.rs
rename to libs/tunnel/src/platform/linux.rs
diff --git a/src/platform/windows.rs b/libs/tunnel/src/platform/windows.rs
similarity index 100%
rename from src/platform/windows.rs
rename to libs/tunnel/src/platform/windows.rs
diff --git a/libs/tunnel/src/tun_darwin.rs b/libs/tunnel/src/tun_darwin.rs
new file mode 100644
index 0000000..e84a694
--- /dev/null
+++ b/libs/tunnel/src/tun_darwin.rs
@@ -0,0 +1,75 @@
+use libs_common::{boringtun::device::tun::TunSocket, Result};
+use std::os::fd::{AsRawFd, RawFd};
+use tokio::io::unix::AsyncFd;
+
+use super::InterfaceConfig;
+
+// TODO: we have to replace TunSocket because we need to use netpacketprovider to get approved in the app store
+#[derive(Debug)]
+pub(crate) struct DeviceChannel(tokio::io::unix::AsyncFd<TunSocket>);
+
+#[derive(Debug)]
+pub(crate) struct IfaceDevice {
+    fd: RawFd,
+}
+
+impl DeviceChannel {
+    pub(crate) async fn mtu(&self) -> Result<usize> {
+        Ok(self.0.get_ref().mtu()?)
+    }
+
+    pub(crate) async fn read(&self, out: &mut [u8]) -> std::io::Result<usize> {
+        loop {
+            let mut guard = self.0.readable().await?;
+
+            match guard.try_io(|inner| {
+                inner.get_ref().read(out).map_err(|err| match err {
+                    libs_common::boringtun::device::Error::IfaceRead(e) => e,
+                    _ => panic!("Unexpected error while trying to read network interface"),
+                })
+            }) {
+                Ok(result) => return result.map(|e| e.len()),
+                Err(_would_block) => continue,
+            }
+        }
+    }
+
+    pub(crate) async fn write(&self, buf: &[u8]) -> std::io::Result<usize> {
+        loop {
+            let mut guard = self.0.writable().await?;
+
+            // write4 and write6 does the same
+            match guard.try_io(|inner| match inner.get_ref().write4(buf) {
+                0 => Err(std::io::Error::last_os_error()),
+                i => Ok(i),
+            }) {
+                Ok(result) => return result,
+                Err(_would_block) => continue,
+            }
+        }
+    }
+}
+
+impl IfaceDevice {
+    // It's easier to not make these functions async, setting these should not block the thread for too long
+    #[tracing::instrument(level = "trace", skip(self))]
+    pub fn set_iface_config(&mut self, config: &InterfaceConfig) -> Result<()> {
+        // TODO
+
+        Ok(())
+    }
+
+    pub fn up(&mut self) -> Result<()> {
+        // TODO
+        Ok(())
+    }
+}
+
+pub(crate) async fn create_iface() -> Result<(IfaceDevice, DeviceChannel)> {
+    let dev = TunSocket::new("utun").unwrap().set_non_blocking().unwrap();
+    let fd = dev.as_raw_fd();
+    tracing::trace!("Started new interface with name: {:?}", dev.name());
+    let dev = AsyncFd::new(dev)?;
+
+    Ok((IfaceDevice { fd }, DeviceChannel(dev)))
+}
diff --git a/libs/tunnel/src/tun_linux.rs b/libs/tunnel/src/tun_linux.rs
new file mode 100644
index 0000000..e69de29
diff --git a/macros/Cargo.toml b/macros/Cargo.toml
new file mode 100644
index 0000000..e93d010
--- /dev/null
+++ b/macros/Cargo.toml
@@ -0,0 +1,13 @@
+[package]
+name = "macros"
+version = "0.1.0"
+edition = "2021"
+
+[lib]
+proc-macro = true
+
+[dependencies]
+syn = { version = "2.0" }
+proc-macro2 = { version = "1.0" }
+quote = { version = "1.0" }
+
diff --git a/macros/src/lib.rs b/macros/src/lib.rs
new file mode 100644
index 0000000..d765549
--- /dev/null
+++ b/macros/src/lib.rs
@@ -0,0 +1,108 @@
+#![recursion_limit = "128"]
+
+extern crate proc_macro;
+use proc_macro2::{Span, TokenStream};
+use quote::quote;
+use syn::{Data, DeriveInput, Fields};
+
+/// Macro that generates a new enum with only the discriminants of another enum within a module that implements swift_bridge.
+///
+/// This is a workaround to create an error type compatible with swift that can be converted from the original error type.
+/// it implements `From<OriginalEnum>` so the idea is that you can call a swift ffi function `handle_error(err.into());`
+///
+/// This makes a lot of assumption about the types it's being implemented on since we're controling the type it is not meant
+/// to be a public macro. (However be careful if you reuse it somewhere else! this is based in strum's EnumDiscrminant so you can
+/// check there for an actual propper implementation).
+///
+/// IMPORTANT!: You need to include swift_bridge::bridge for macos and ios target so this doesn't error out.
+#[proc_macro_derive(SwiftEnum)]
+pub fn swift_enum(input: proc_macro::TokenStream) -> proc_macro::TokenStream {
+    let ast = syn::parse_macro_input!(input as DeriveInput);
+
+    let toks = swift_enum_inner(&ast).unwrap_or_else(|err| err.to_compile_error());
+    toks.into()
+}
+
+fn swift_enum_inner(ast: &DeriveInput) -> syn::Result<TokenStream> {
+    let name = &ast.ident;
+    let vis = &ast.vis;
+
+    let variants = match &ast.data {
+        Data::Enum(v) => &v.variants,
+        _ => {
+            return Err(syn::Error::new(
+                Span::call_site(),
+                "This macro only support enums.",
+            ))
+        }
+    };
+
+    let discriminants: Vec<_> = variants
+        .into_iter()
+        .map(|v| {
+            let ident = &v.ident;
+            quote! {#ident}
+        })
+        .collect();
+
+    let enum_name = syn::Ident::new(&format!("Swift{}", name), Span::call_site());
+    let mod_name = syn::Ident::new("swift_ffi", Span::call_site());
+
+    let arms = variants
+        .iter()
+        .map(|variant| {
+            let ident = &variant.ident;
+            let params = match &variant.fields {
+                Fields::Unit => quote! {},
+                Fields::Unnamed(_fields) => {
+                    quote! { (..) }
+                }
+                Fields::Named(_fields) => {
+                    quote! { { .. } }
+                }
+            };
+
+            quote! { #name::#ident #params => #mod_name::#enum_name::#ident }
+        })
+        .collect::<Vec<_>>();
+
+    let from_fn_body = quote! { match val { #(#arms),* } };
+
+    let impl_from_ref = {
+        quote! {
+            impl<'a> ::core::convert::From<&'a #name> for #mod_name::#enum_name {
+                fn from(val: &'a #name) -> Self {
+                    #from_fn_body
+                }
+            }
+        }
+    };
+
+    let impl_from = {
+        quote! {
+            impl ::core::convert::From<#name> for #mod_name::#enum_name {
+                fn from(val: #name) -> Self {
+                    #from_fn_body
+                }
+            }
+        }
+    };
+
+    // If we wanted to expose this function we should have another crate that actually also includes
+    // swift_bridge. but since we are only using this inside our crates we can just make sure we include it.
+    Ok(quote! {
+        #[cfg_attr(any(target_os = "macos", target_os = "ios"), swift_bridge::bridge)]
+        #vis mod #mod_name {
+            pub enum #enum_name {
+                #(#discriminants),*
+            }
+
+        }
+
+        #[cfg(any(target_os = "macos", target_os = "ios"))]
+        #impl_from_ref
+
+        #[cfg(any(target_os = "macos", target_os = "ios"))]
+        #impl_from
+    })
+}
diff --git a/src/lib.rs b/src/lib.rs
deleted file mode 100644
index 1ddbcb2..0000000
--- a/src/lib.rs
+++ /dev/null
@@ -1,33 +0,0 @@
-use platform::tunnel::Tunnel;
-
-mod platform;
-
-#[allow(dead_code)]
-pub struct Session {
-    tunnel: Tunnel,
-}
-
-impl Session {
-    pub fn connect(_portal_url: String, _token: String) -> Result<Session, std::io::Error> {
-        match Tunnel::new() {
-            Ok(tunnel) => Ok(Session { tunnel }),
-            Err(e) => Err(e),
-        }
-    }
-
-    pub fn disconnect(&self) -> bool {
-        // 1. Close the websocket connection
-        // 2. Free the device handle (UNIX)
-        // 3. Close the file descriptor (UNIX)
-        // 4. Remove the mapping
-        true
-    }
-
-    pub fn bump_sockets(&self) -> bool {
-        true
-    }
-
-    pub fn disable_some_roaming_for_broken_mobile_semantics(&self) -> bool {
-        true
-    }
-}