From a83b6a2155691455a3517a6c5c5db6e91000d10c Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Wed, 19 Feb 2020 16:16:13 -0600
Subject: [PATCH 001/100] TUN-2725: Specify in code that --edge is for internal
 testing only

---
 cmd/cloudflared/tunnel/cmd.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index 62c6c1c4..142f63ef 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -690,7 +690,7 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 		}),
 		altsrc.NewStringSliceFlag(&cli.StringSliceFlag{
 			Name:    "edge",
-			Usage:   "Address of the Cloudflare tunnel server.",
+			Usage:   "Address of the Cloudflare tunnel server. Only works in Cloudflare's internal testing environment.",
 			EnvVars: []string{"TUNNEL_EDGE"},
 			Hidden:  true,
 		}),

From 269351bbea85210fcf0716ab1c70960e8766afd7 Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Wed, 19 Feb 2020 18:57:29 -0600
Subject: [PATCH 002/100] TUN-2703: Muxer.Serve terminates when its context is
 Done

---
 h2mux/h2mux.go | 51 ++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 39 insertions(+), 12 deletions(-)

diff --git a/h2mux/h2mux.go b/h2mux/h2mux.go
index 2b6defde..70da0447 100644
--- a/h2mux/h2mux.go
+++ b/h2mux/h2mux.go
@@ -321,24 +321,51 @@ func joinErrorsWithTimeout(errChan <-chan error, receiveCount int, timeout time.
 func (m *Muxer) Serve(ctx context.Context) error {
 	errGroup, _ := errgroup.WithContext(ctx)
 	errGroup.Go(func() error {
-		err := m.muxReader.run(m.config.Logger)
-		m.explicitShutdown.Fuse(false)
-		m.r.Close()
-		m.abort()
-		return err
+		ch := make(chan error)
+		go func() {
+			err := m.muxReader.run(m.config.Logger)
+			m.explicitShutdown.Fuse(false)
+			m.r.Close()
+			m.abort()
+			ch <- err
+		}()
+		select {
+		case err := <-ch:
+			return err
+		case <-ctx.Done():
+			return ctx.Err()
+		}
 	})
 
 	errGroup.Go(func() error {
-		err := m.muxWriter.run(m.config.Logger)
-		m.explicitShutdown.Fuse(false)
-		m.w.Close()
-		m.abort()
-		return err
+		ch := make(chan error)
+		go func() {
+			err := m.muxWriter.run(m.config.Logger)
+			m.explicitShutdown.Fuse(false)
+			m.w.Close()
+			m.abort()
+			ch <- err
+		}()
+		select {
+		case err := <-ch:
+			return err
+		case <-ctx.Done():
+			return ctx.Err()
+		}
 	})
 
 	errGroup.Go(func() error {
-		err := m.muxMetricsUpdater.run(m.config.Logger)
-		return err
+		ch := make(chan error)
+		go func() {
+			err := m.muxMetricsUpdater.run(m.config.Logger)
+			ch <- err
+		}()
+		select {
+		case err := <-ch:
+			return err
+		case <-ctx.Done():
+			return ctx.Err()
+		}
 	})
 
 	err := errGroup.Wait()

From 52ab2c8227946b17faa17fd72e9a4c4a7ecf9a17 Mon Sep 17 00:00:00 2001
From: Areg Harutyunyan <areg@cloudflare.com>
Date: Thu, 20 Feb 2020 19:41:31 +0000
Subject: [PATCH 003/100] TUN-2745: Rename existing header management functions

---
 h2mux/header.go          |  6 +++---
 h2mux/header_test.go     | 14 +++++++-------
 origin/tunnel.go         |  6 +++---
 streamhandler/request.go |  2 +-
 4 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/h2mux/header.go b/h2mux/header.go
index 4da9e03c..822f99bb 100644
--- a/h2mux/header.go
+++ b/h2mux/header.go
@@ -17,10 +17,10 @@ type Header struct {
 
 var headerEncoding = base64.RawStdEncoding
 
-// H2RequestHeadersToH1Request converts the HTTP/2 headers to an HTTP/1 Request
+// OldH2RequestHeadersToH1Request converts the HTTP/2 headers to an HTTP/1 Request
 // object. This includes conversion of the pseudo-headers into their closest
 // HTTP/1 equivalents. See https://tools.ietf.org/html/rfc7540#section-8.1.2.3
-func H2RequestHeadersToH1Request(h2 []Header, h1 *http.Request) error {
+func OldH2RequestHeadersToH1Request(h2 []Header, h1 *http.Request) error {
 	for _, header := range h2 {
 		switch header.Name {
 		case ":method":
@@ -73,7 +73,7 @@ func H2RequestHeadersToH1Request(h2 []Header, h1 *http.Request) error {
 	return nil
 }
 
-func H1ResponseToH2ResponseHeaders(h1 *http.Response) (h2 []Header) {
+func OldH1ResponseToH2ResponseHeaders(h1 *http.Response) (h2 []Header) {
 	h2 = []Header{{Name: ":status", Value: fmt.Sprintf("%d", h1.StatusCode)}}
 	for headerName, headerValues := range h1.Header {
 		for _, headerValue := range headerValues {
diff --git a/h2mux/header_test.go b/h2mux/header_test.go
index 83c7ac35..8c5301eb 100644
--- a/h2mux/header_test.go
+++ b/h2mux/header_test.go
@@ -19,7 +19,7 @@ func TestH2RequestHeadersToH1Request_RegularHeaders(t *testing.T) {
 	request, err := http.NewRequest(http.MethodGet, "http://example.com", nil)
 	assert.NoError(t, err)
 
-	headersConversionErr := H2RequestHeadersToH1Request(
+	headersConversionErr := OldH2RequestHeadersToH1Request(
 		[]Header{
 			{
 				Name:  "Mock header 1",
@@ -45,7 +45,7 @@ func TestH2RequestHeadersToH1Request_NoHeaders(t *testing.T) {
 	request, err := http.NewRequest(http.MethodGet, "http://example.com", nil)
 	assert.NoError(t, err)
 
-	headersConversionErr := H2RequestHeadersToH1Request(
+	headersConversionErr := OldH2RequestHeadersToH1Request(
 		[]Header{},
 		request,
 	)
@@ -59,7 +59,7 @@ func TestH2RequestHeadersToH1Request_InvalidHostPath(t *testing.T) {
 	request, err := http.NewRequest(http.MethodGet, "http://example.com", nil)
 	assert.NoError(t, err)
 
-	headersConversionErr := H2RequestHeadersToH1Request(
+	headersConversionErr := OldH2RequestHeadersToH1Request(
 		[]Header{
 			{
 				Name:  ":path",
@@ -86,7 +86,7 @@ func TestH2RequestHeadersToH1Request_HostPathWithQuery(t *testing.T) {
 	request, err := http.NewRequest(http.MethodGet, "http://example.com/", nil)
 	assert.NoError(t, err)
 
-	headersConversionErr := H2RequestHeadersToH1Request(
+	headersConversionErr := OldH2RequestHeadersToH1Request(
 		[]Header{
 			{
 				Name:  ":path",
@@ -113,7 +113,7 @@ func TestH2RequestHeadersToH1Request_HostPathWithURLEncoding(t *testing.T) {
 	request, err := http.NewRequest(http.MethodGet, "http://example.com/", nil)
 	assert.NoError(t, err)
 
-	headersConversionErr := H2RequestHeadersToH1Request(
+	headersConversionErr := OldH2RequestHeadersToH1Request(
 		[]Header{
 			{
 				Name:  ":path",
@@ -276,7 +276,7 @@ func TestH2RequestHeadersToH1Request_WeirdURLs(t *testing.T) {
 
 		request, err := http.NewRequest(http.MethodGet, requestURL, nil)
 		assert.NoError(t, err)
-		headersConversionErr := H2RequestHeadersToH1Request(
+		headersConversionErr := OldH2RequestHeadersToH1Request(
 			[]Header{
 				{
 					Name:  ":path",
@@ -362,7 +362,7 @@ func TestH2RequestHeadersToH1Request_QuickCheck(t *testing.T) {
 				h1, err := http.NewRequest("GET", testOrigin.url, nil)
 				require.NoError(t, err)
 
-				err = H2RequestHeadersToH1Request(h2, h1)
+				err = OldH2RequestHeadersToH1Request(h2, h1)
 				return assert.NoError(t, err) &&
 					assert.Equal(t, expectedMethod, h1.Method) &&
 					assert.Equal(t, expectedHostname, h1.Host) &&
diff --git a/origin/tunnel.go b/origin/tunnel.go
index 4ee6b55e..d5ba4d71 100644
--- a/origin/tunnel.go
+++ b/origin/tunnel.go
@@ -580,7 +580,7 @@ func (h *TunnelHandler) createRequest(stream *h2mux.MuxedStream) (*http.Request,
 	if err != nil {
 		return nil, errors.Wrap(err, "Unexpected error from http.NewRequest")
 	}
-	err = h2mux.H2RequestHeadersToH1Request(stream.Headers, req)
+	err = h2mux.OldH2RequestHeadersToH1Request(stream.Headers, req)
 	if err != nil {
 		return nil, errors.Wrap(err, "invalid request received")
 	}
@@ -599,7 +599,7 @@ func (h *TunnelHandler) serveWebsocket(stream *h2mux.MuxedStream, req *http.Requ
 		return nil, err
 	}
 	defer conn.Close()
-	err = stream.WriteHeaders(h2mux.H1ResponseToH2ResponseHeaders(response))
+	err = stream.WriteHeaders(h2mux.OldH1ResponseToH2ResponseHeaders(response))
 	if err != nil {
 		return nil, errors.Wrap(err, "Error writing response header")
 	}
@@ -633,7 +633,7 @@ func (h *TunnelHandler) serveHTTP(stream *h2mux.MuxedStream, req *http.Request)
 	}
 	defer response.Body.Close()
 
-	err = stream.WriteHeaders(h2mux.H1ResponseToH2ResponseHeaders(response))
+	err = stream.WriteHeaders(h2mux.OldH1ResponseToH2ResponseHeaders(response))
 	if err != nil {
 		return nil, errors.Wrap(err, "Error writing response header")
 	}
diff --git a/streamhandler/request.go b/streamhandler/request.go
index b6bb55d3..52d69bc2 100644
--- a/streamhandler/request.go
+++ b/streamhandler/request.go
@@ -26,7 +26,7 @@ func createRequest(stream *h2mux.MuxedStream, url *url.URL) (*http.Request, erro
 	if err != nil {
 		return nil, errors.Wrap(err, "unexpected error from http.NewRequest")
 	}
-	err = h2mux.H2RequestHeadersToH1Request(stream.Headers, req)
+	err = h2mux.OldH2RequestHeadersToH1Request(stream.Headers, req)
 	if err != nil {
 		return nil, errors.Wrap(err, "invalid request received")
 	}

From 6488843ac4071c3d29fe49f6810565bfa94b3f7f Mon Sep 17 00:00:00 2001
From: Areg Harutyunyan <areg@cloudflare.com>
Date: Fri, 21 Feb 2020 02:51:46 +0000
Subject: [PATCH 004/100] TUN-2746: Add the new header management functions

---
 h2mux/header.go      | 170 ++++++++++++++++++++++++---
 h2mux/header_test.go | 270 ++++++++++++++++++++++++++++++-------------
 2 files changed, 340 insertions(+), 100 deletions(-)

diff --git a/h2mux/header.go b/h2mux/header.go
index 822f99bb..20a878e8 100644
--- a/h2mux/header.go
+++ b/h2mux/header.go
@@ -1,7 +1,6 @@
 package h2mux
 
 import (
-	"bytes"
 	"encoding/base64"
 	"fmt"
 	"github.com/pkg/errors"
@@ -17,9 +16,130 @@ type Header struct {
 
 var headerEncoding = base64.RawStdEncoding
 
-// OldH2RequestHeadersToH1Request converts the HTTP/2 headers to an HTTP/1 Request
-// object. This includes conversion of the pseudo-headers into their closest
+const (
+	RequestUserHeadersField  = "cf-cloudflared-request-headers"
+	ResponseUserHeadersField = "cf-cloudflared-response-headers"
+)
+
+// H2RequestHeadersToH1Request converts the HTTP/2 headers coming from origintunneld
+// to an HTTP/1 Request object destined for the local origin web service.
+// This operation includes conversion of the pseudo-headers into their closest
 // HTTP/1 equivalents. See https://tools.ietf.org/html/rfc7540#section-8.1.2.3
+func H2RequestHeadersToH1Request(h2 []Header, h1 *http.Request) error {
+	for _, header := range h2 {
+		switch strings.ToLower(header.Name) {
+		case ":method":
+			h1.Method = header.Value
+		case ":scheme":
+			// noop - use the preexisting scheme from h1.URL
+		case ":authority":
+			// Otherwise the host header will be based on the origin URL
+			h1.Host = header.Value
+		case ":path":
+			// We don't want to be an "opinionated" proxy, so ideally we would use :path as-is.
+			// However, this HTTP/1 Request object belongs to the Go standard library,
+			// whose URL package makes some opinionated decisions about the encoding of
+			// URL characters: see the docs of https://godoc.org/net/url#URL,
+			// in particular the EscapedPath method https://godoc.org/net/url#URL.EscapedPath,
+			// which is always used when computing url.URL.String(), whether we'd like it or not.
+			//
+			// Well, not *always*. We could circumvent this by using url.URL.Opaque. But
+			// that would present unusual difficulties when using an HTTP proxy: url.URL.Opaque
+			// is treated differently when HTTP_PROXY is set!
+			// See https://github.com/golang/go/issues/5684#issuecomment-66080888
+			//
+			// This means we are subject to the behavior of net/url's function `shouldEscape`
+			// (as invoked with mode=encodePath): https://github.com/golang/go/blob/go1.12.7/src/net/url/url.go#L101
+
+			if header.Value == "*" {
+				h1.URL.Path = "*"
+				continue
+			}
+			// Due to the behavior of validation.ValidateUrl, h1.URL may
+			// already have a partial value, with or without a trailing slash.
+			base := h1.URL.String()
+			base = strings.TrimRight(base, "/")
+			// But we know :path begins with '/', because we handled '*' above - see RFC7540
+			requestURL, err := url.Parse(base + header.Value)
+			if err != nil {
+				return errors.Wrap(err, fmt.Sprintf("invalid path '%v'", header.Value))
+			}
+			h1.URL = requestURL
+		case "content-length":
+			contentLength, err := strconv.ParseInt(header.Value, 10, 64)
+			if err != nil {
+				return fmt.Errorf("unparseable content length")
+			}
+			h1.ContentLength = contentLength
+		default:
+			// Ignore any other header;
+			// User headers will be read from `RequestUserHeadersField`
+			continue
+		}
+	}
+
+	// Find and parse user headers serialized into a single one
+	userHeaders, err := ParseUserHeaders(RequestUserHeadersField, h2)
+	if err != nil {
+		return errors.Wrap(err, "Unable to parse user headers")
+	}
+	for _, userHeader := range userHeaders {
+		h1.Header.Add(http.CanonicalHeaderKey(userHeader.Name), userHeader.Value)
+	}
+
+	return nil
+}
+
+func ParseUserHeaders(headerNameToParseFrom string, headers []Header) ([]Header, error) {
+	for _, header := range headers {
+		if header.Name == headerNameToParseFrom {
+			return DeserializeHeaders(header.Value)
+		}
+	}
+
+	return nil, fmt.Errorf("%v header not found", RequestUserHeadersField)
+}
+
+func IsControlHeader(headerName string) bool {
+	headerName = strings.ToLower(headerName)
+
+	return strings.ToLower(headerName) == "content-length" ||
+		strings.HasPrefix(headerName, ":") ||
+		strings.HasPrefix(headerName, "cf-")
+}
+
+func H1ResponseToH2ResponseHeaders(h1 *http.Response) (h2 []Header) {
+	h2 = []Header{
+		{Name: ":status", Value: strconv.Itoa(h1.StatusCode)},
+	}
+	userHeaders := http.Header{}
+	for header, values := range h1.Header {
+		for _, value := range values {
+			if strings.ToLower(header) == "content-length" {
+				// This header has meaning in HTTP/2 and will be used by the edge,
+				// so it should be sent as an HTTP/2 response header.
+
+				// Since these are http2 headers, they're required to be lowercase
+				h2 = append(h2, Header{Name: strings.ToLower(header), Value: value})
+			} else if !IsControlHeader(header) {
+				// User headers, on the other hand, must all be serialized so that
+				// HTTP/2 header validation won't be applied to HTTP/1 header values
+				if _, ok := userHeaders[header]; ok {
+					userHeaders[header] = append(userHeaders[header], value)
+				} else {
+					userHeaders[header] = []string{value}
+				}
+			}
+		}
+	}
+
+	// Perform user header serialization and set them in the single header
+	h2 = append(h2, CreateSerializedHeaders(ResponseUserHeadersField, userHeaders)...)
+
+	return h2
+}
+
+// Obsolete version of H2RequestHeadersToH1Request
 func OldH2RequestHeadersToH1Request(h2 []Header, h1 *http.Request) error {
 	for _, header := range h2 {
 		switch header.Name {
@@ -73,6 +193,7 @@ func OldH2RequestHeadersToH1Request(h2 []Header, h1 *http.Request) error {
 	return nil
 }
 
+// Obsolete version of H1ResponseToH2ResponseHeaders
 func OldH1ResponseToH2ResponseHeaders(h1 *http.Response) (h2 []Header) {
 	h2 = []Header{{Name: ":status", Value: fmt.Sprintf("%d", h1.StatusCode)}}
 	for headerName, headerValues := range h1.Header {
@@ -86,9 +207,9 @@ func OldH1ResponseToH2ResponseHeaders(h1 *http.Response) (h2 []Header) {
 
 // Serialize HTTP1.x headers by base64-encoding each header name and value,
 // and then joining them in the format of [key:value;]
-func SerializeHeaders(h1 *http.Request) []byte {
-	var serializedHeaders [][]byte
-	for headerName, headerValues := range h1.Header {
+func SerializeHeaders(h1Headers http.Header) string {
+	var serializedHeaders []string
+	for headerName, headerValues := range h1Headers {
 		for _, headerValue := range headerValues {
 			encodedName := make([]byte, headerEncoding.EncodedLen(len(headerName)))
 			headerEncoding.Encode(encodedName, []byte(headerName))
@@ -98,28 +219,28 @@ func SerializeHeaders(h1 *http.Request) []byte {
 
 			serializedHeaders = append(
 				serializedHeaders,
-				bytes.Join(
-					[][]byte{encodedName, encodedValue},
-					[]byte(":"),
+				strings.Join(
+					[]string{string(encodedName), string(encodedValue)},
+					":",
 				),
 			)
 		}
 	}
 
-	return bytes.Join(serializedHeaders, []byte(";"))
+	return strings.Join(serializedHeaders, ";")
 }
 
 // Deserialize headers serialized by `SerializeHeader`
-func DeserializeHeaders(serializedHeaders []byte) (http.Header, error) {
+func DeserializeHeaders(serializedHeaders string) ([]Header, error) {
 	const unableToDeserializeErr = "Unable to deserialize headers"
 
-	deserialized := http.Header{}
-	for _, serializedPair := range bytes.Split(serializedHeaders, []byte(";")) {
+	var deserialized []Header
+	for _, serializedPair := range strings.Split(serializedHeaders, ";") {
 		if len(serializedPair) == 0 {
 			continue
 		}
 
-		serializedHeaderParts := bytes.Split(serializedPair, []byte(":"))
+		serializedHeaderParts := strings.Split(serializedPair, ":")
 		if len(serializedHeaderParts) != 2 {
 			return nil, errors.New(unableToDeserializeErr)
 		}
@@ -129,15 +250,30 @@ func DeserializeHeaders(serializedHeaders []byte) (http.Header, error) {
 		deserializedName := make([]byte, headerEncoding.DecodedLen(len(serializedName)))
 		deserializedValue := make([]byte, headerEncoding.DecodedLen(len(serializedValue)))
 
-		if _, err := headerEncoding.Decode(deserializedName, serializedName); err != nil {
+		if _, err := headerEncoding.Decode(deserializedName, []byte(serializedName)); err != nil {
 			return nil, errors.Wrap(err, unableToDeserializeErr)
 		}
-		if _, err := headerEncoding.Decode(deserializedValue, serializedValue); err != nil {
+		if _, err := headerEncoding.Decode(deserializedValue, []byte(serializedValue)); err != nil {
 			return nil, errors.Wrap(err, unableToDeserializeErr)
 		}
 
-		deserialized.Add(string(deserializedName), string(deserializedValue))
+		deserialized = append(deserialized, Header{
+			Name:  string(deserializedName),
+			Value: string(deserializedValue),
+		})
 	}
 
 	return deserialized, nil
 }
+
+func CreateSerializedHeaders(headersField string, headers ...http.Header) []Header {
+	var serializedHeaderChunks []string
+	for _, headerChunk := range headers {
+		serializedHeaderChunks = append(serializedHeaderChunks, SerializeHeaders(headerChunk))
+	}
+
+	return []Header{{
+		headersField,
+		strings.Join(serializedHeaderChunks, ";"),
+	}}
+}
diff --git a/h2mux/header_test.go b/h2mux/header_test.go
index 8c5301eb..b5781d91 100644
--- a/h2mux/header_test.go
+++ b/h2mux/header_test.go
@@ -7,6 +7,7 @@ import (
 	"net/url"
 	"reflect"
 	"regexp"
+	"sort"
 	"strings"
 	"testing"
 	"testing/quick"
@@ -15,29 +16,30 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
+type ByName []Header
+
+func (a ByName) Len() int      { return len(a) }
+func (a ByName) Swap(i, j int) { a[i], a[j] = a[j], a[i] }
+func (a ByName) Less(i, j int) bool {
+	if a[i].Name == a[j].Name {
+		return a[i].Value < a[j].Value
+	}
+
+	return a[i].Name < a[j].Name
+}
+
 func TestH2RequestHeadersToH1Request_RegularHeaders(t *testing.T) {
 	request, err := http.NewRequest(http.MethodGet, "http://example.com", nil)
 	assert.NoError(t, err)
 
-	headersConversionErr := OldH2RequestHeadersToH1Request(
-		[]Header{
-			{
-				Name:  "Mock header 1",
-				Value: "Mock value 1",
-			},
-			{
-				Name:  "Mock header 2",
-				Value: "Mock value 2",
-			},
-		},
-		request,
-	)
+	mockHeaders := http.Header{
+		"Mock header 1": {"Mock value 1"},
+		"Mock header 2": {"Mock value 2"},
+	}
 
-	assert.Equal(t, http.Header{
-		"Mock header 1": []string{"Mock value 1"},
-		"Mock header 2": []string{"Mock value 2"},
-	}, request.Header)
+	headersConversionErr := H2RequestHeadersToH1Request(CreateSerializedHeaders(RequestUserHeadersField, mockHeaders), request)
 
+	assert.True(t, reflect.DeepEqual(mockHeaders, request.Header))
 	assert.NoError(t, headersConversionErr)
 }
 
@@ -45,13 +47,15 @@ func TestH2RequestHeadersToH1Request_NoHeaders(t *testing.T) {
 	request, err := http.NewRequest(http.MethodGet, "http://example.com", nil)
 	assert.NoError(t, err)
 
-	headersConversionErr := OldH2RequestHeadersToH1Request(
-		[]Header{},
+	headersConversionErr := H2RequestHeadersToH1Request(
+		[]Header{{
+			RequestUserHeadersField,
+			SerializeHeaders(http.Header{}),
+		}},
 		request,
 	)
 
-	assert.Equal(t, http.Header{}, request.Header)
-
+	assert.True(t, reflect.DeepEqual(http.Header{}, request.Header))
 	assert.NoError(t, headersConversionErr)
 }
 
@@ -59,19 +63,12 @@ func TestH2RequestHeadersToH1Request_InvalidHostPath(t *testing.T) {
 	request, err := http.NewRequest(http.MethodGet, "http://example.com", nil)
 	assert.NoError(t, err)
 
-	headersConversionErr := OldH2RequestHeadersToH1Request(
-		[]Header{
-			{
-				Name:  ":path",
-				Value: "//bad_path/",
-			},
-			{
-				Name:  "Mock header",
-				Value: "Mock value",
-			},
-		},
-		request,
-	)
+	mockRequestHeaders := []Header{
+		{Name: ":path", Value: "//bad_path/"},
+		{Name: RequestUserHeadersField, Value: SerializeHeaders(http.Header{"Mock header": {"Mock value"}})},
+	}
+
+	headersConversionErr := H2RequestHeadersToH1Request(mockRequestHeaders, request)
 
 	assert.Equal(t, http.Header{
 		"Mock header": []string{"Mock value"},
@@ -86,19 +83,12 @@ func TestH2RequestHeadersToH1Request_HostPathWithQuery(t *testing.T) {
 	request, err := http.NewRequest(http.MethodGet, "http://example.com/", nil)
 	assert.NoError(t, err)
 
-	headersConversionErr := OldH2RequestHeadersToH1Request(
-		[]Header{
-			{
-				Name:  ":path",
-				Value: "/?query=mock%20value",
-			},
-			{
-				Name:  "Mock header",
-				Value: "Mock value",
-			},
-		},
-		request,
-	)
+	mockRequestHeaders := []Header{
+		{Name: ":path", Value: "/?query=mock%20value"},
+		{Name: RequestUserHeadersField, Value: SerializeHeaders(http.Header{"Mock header": {"Mock value"}})},
+	}
+
+	headersConversionErr := H2RequestHeadersToH1Request(mockRequestHeaders, request)
 
 	assert.Equal(t, http.Header{
 		"Mock header": []string{"Mock value"},
@@ -113,19 +103,12 @@ func TestH2RequestHeadersToH1Request_HostPathWithURLEncoding(t *testing.T) {
 	request, err := http.NewRequest(http.MethodGet, "http://example.com/", nil)
 	assert.NoError(t, err)
 
-	headersConversionErr := OldH2RequestHeadersToH1Request(
-		[]Header{
-			{
-				Name:  ":path",
-				Value: "/mock%20path",
-			},
-			{
-				Name:  "Mock header",
-				Value: "Mock value",
-			},
-		},
-		request,
-	)
+	mockRequestHeaders := []Header{
+		{Name: ":path", Value: "/mock%20path"},
+		{Name: RequestUserHeadersField, Value: SerializeHeaders(http.Header{"Mock header": {"Mock value"}})},
+	}
+
+	headersConversionErr := H2RequestHeadersToH1Request(mockRequestHeaders, request)
 
 	assert.Equal(t, http.Header{
 		"Mock header": []string{"Mock value"},
@@ -276,19 +259,13 @@ func TestH2RequestHeadersToH1Request_WeirdURLs(t *testing.T) {
 
 		request, err := http.NewRequest(http.MethodGet, requestURL, nil)
 		assert.NoError(t, err)
-		headersConversionErr := OldH2RequestHeadersToH1Request(
-			[]Header{
-				{
-					Name:  ":path",
-					Value: testCase.path,
-				},
-				{
-					Name:  "Mock header",
-					Value: "Mock value",
-				},
-			},
-			request,
-		)
+
+		mockRequestHeaders := []Header{
+			{Name: ":path", Value: testCase.path},
+			{Name: RequestUserHeadersField, Value: SerializeHeaders(http.Header{"Mock header": {"Mock value"}})},
+		}
+
+		headersConversionErr := H2RequestHeadersToH1Request(mockRequestHeaders, request)
 		assert.NoError(t, headersConversionErr)
 
 		assert.Equal(t,
@@ -358,11 +335,12 @@ func TestH2RequestHeadersToH1Request_QuickCheck(t *testing.T) {
 					{Name: ":scheme", Value: testScheme},
 					{Name: ":authority", Value: expectedHostname},
 					{Name: ":path", Value: testPath},
+					{Name: RequestUserHeadersField, Value: ""},
 				}
 				h1, err := http.NewRequest("GET", testOrigin.url, nil)
 				require.NoError(t, err)
 
-				err = OldH2RequestHeadersToH1Request(h2, h1)
+				err = H2RequestHeadersToH1Request(h2, h1)
 				return assert.NoError(t, err) &&
 					assert.Equal(t, expectedMethod, h1.Method) &&
 					assert.Equal(t, expectedHostname, h1.Host) &&
@@ -439,11 +417,21 @@ func randomHTTP2Path(t *testing.T, rand *rand.Rand) string {
 	return result
 }
 
+func stdlibHeaderToH2muxHeader(headers http.Header) (h2muxHeaders []Header) {
+	for name, values := range headers {
+		for _, value := range values {
+			h2muxHeaders = append(h2muxHeaders, Header{name, value})
+		}
+	}
+
+	return h2muxHeaders
+}
+
 func TestSerializeHeaders(t *testing.T) {
 	request, err := http.NewRequest(http.MethodGet, "http://example.com", nil)
 	assert.NoError(t, err)
 
-	mockHeaders := map[string][]string{
+	mockHeaders := http.Header{
 		"Mock-Header-One":        {"Mock header one value", "three"},
 		"Mock-Header-Two-Long":   {"Mock header two value\nlong"},
 		":;":                     {":;", ";:"},
@@ -465,7 +453,7 @@ func TestSerializeHeaders(t *testing.T) {
 		}
 	}
 
-	serializedHeaders := SerializeHeaders(request)
+	serializedHeaders := SerializeHeaders(request.Header)
 
 	// Sanity check: the headers serialized to something that's not an empty string
 	assert.NotEqual(t, "", serializedHeaders)
@@ -474,18 +462,24 @@ func TestSerializeHeaders(t *testing.T) {
 	deserializedHeaders, err := DeserializeHeaders(serializedHeaders)
 	assert.NoError(t, err)
 
-	assert.Equal(t, len(mockHeaders), len(deserializedHeaders))
-	for header, value := range deserializedHeaders {
-		assert.NotEqual(t, "", value)
-		assert.Equal(t, mockHeaders[header], value)
-	}
+	assert.Equal(t, 13, len(deserializedHeaders))
+	h2muxExpectedHeaders := stdlibHeaderToH2muxHeader(mockHeaders)
+
+	sort.Sort(ByName(deserializedHeaders))
+	sort.Sort(ByName(h2muxExpectedHeaders))
+
+	assert.True(
+		t,
+		reflect.DeepEqual(h2muxExpectedHeaders, deserializedHeaders),
+		fmt.Sprintf("got = %#v, want = %#v\n", deserializedHeaders, h2muxExpectedHeaders),
+	)
 }
 
 func TestSerializeNoHeaders(t *testing.T) {
 	request, err := http.NewRequest(http.MethodGet, "http://example.com", nil)
 	assert.NoError(t, err)
 
-	serializedHeaders := SerializeHeaders(request)
+	serializedHeaders := SerializeHeaders(request.Header)
 	deserializedHeaders, err := DeserializeHeaders(serializedHeaders)
 	assert.NoError(t, err)
 	assert.Equal(t, 0, len(deserializedHeaders))
@@ -502,7 +496,117 @@ func TestDeserializeMalformed(t *testing.T) {
 	}
 
 	for _, malformedValue := range malformedData {
-		_, err = DeserializeHeaders([]byte(malformedValue))
+		_, err = DeserializeHeaders(malformedValue)
 		assert.Error(t, err)
 	}
 }
+
+func TestParseHeaders(t *testing.T) {
+	mockUserHeadersToSerialize := http.Header{
+		"Mock-Header-One":   {"1", "1.5"},
+		"Mock-Header-Two":   {"2"},
+		"Mock-Header-Three": {"3"},
+	}
+
+	mockHeaders := []Header{
+		{Name: "One", Value: "1"},
+		{Name: "Cf-Two", Value: "cf-value-1"},
+		{Name: "Cf-Two", Value: "cf-value-2"},
+		{Name: RequestUserHeadersField, Value: SerializeHeaders(mockUserHeadersToSerialize)},
+	}
+
+	expectedHeaders := []Header{
+		{Name: "Mock-Header-One", Value: "1"},
+		{Name: "Mock-Header-One", Value: "1.5"},
+		{Name: "Mock-Header-Two", Value: "2"},
+		{Name: "Mock-Header-Three", Value: "3"},
+	}
+	parsedHeaders, err := ParseUserHeaders(RequestUserHeadersField, mockHeaders)
+	assert.NoError(t, err)
+	assert.ElementsMatch(t, expectedHeaders, parsedHeaders)
+}
+
+func TestParseHeadersNoSerializedHeader(t *testing.T) {
+	mockHeaders := []Header{
+		{Name: "One", Value: "1"},
+		{Name: "Cf-Two", Value: "cf-value-1"},
+		{Name: "Cf-Two", Value: "cf-value-2"},
+	}
+
+	_, err := ParseUserHeaders(RequestUserHeadersField, mockHeaders)
+	assert.EqualError(t, err, fmt.Sprintf("%s header not found", RequestUserHeadersField))
+}
+
+func TestIsControlHeader(t *testing.T) {
+	controlHeaders := []string{
+		// Anything that begins with cf-
+		"cf-sample-header",
+		"CF-SAMPLE-HEADER",
+		"Cf-Sample-Header",
+
+		// Any http2 pseudoheader
+		":sample-pseudo-header",
+
+		// content-length is a special case, it has to be there
+		// for some requests to work (per the HTTP2 spec)
+		"content-length",
+	}
+
+	for _, header := range controlHeaders {
+		assert.True(t, IsControlHeader(header))
+	}
+}
+
+func TestIsNotControlHeader(t *testing.T) {
+	notControlHeaders := []string{
+		"Mock-header",
+		"Another-sample-header",
+	}
+
+	for _, header := range notControlHeaders {
+		assert.False(t, IsControlHeader(header))
+	}
+}
+
+func TestH1ResponseToH2ResponseHeaders(t *testing.T) {
+	mockHeaders := http.Header{
+		"User-header-one": {""},
+		"User-header-two": {"1", "2"},
+		"cf-header":       {"cf-value"},
+		"Content-Length":  {"123"},
+	}
+	mockResponse := http.Response{
+		StatusCode: 200,
+		Header:     mockHeaders,
+	}
+
+	headers := H1ResponseToH2ResponseHeaders(&mockResponse)
+
+	serializedHeadersIndex := -1
+	for i, header := range headers {
+		if header.Name == ResponseUserHeadersField {
+			serializedHeadersIndex = i
+			break
+		}
+	}
+	assert.NotEqual(t, -1, serializedHeadersIndex)
+	actualControlHeaders := append(
+		headers[:serializedHeadersIndex],
+		headers[serializedHeadersIndex+1:]...,
+	)
+	expectedControlHeaders := []Header{
+		{Name: ":status", Value: "200"},
+		{Name: "content-length", Value: "123"},
+	}
+
+	assert.ElementsMatch(t, expectedControlHeaders, actualControlHeaders)
+
+	actualUserHeaders, err := DeserializeHeaders(headers[serializedHeadersIndex].Value)
+	expectedUserHeaders := []Header{
+		{Name: "User-header-one", Value: ""},
+		{Name: "User-header-two", Value: "1"},
+		{Name: "User-header-two", Value: "2"},
+	}
+	assert.NoError(t, err)
+	assert.ElementsMatch(t, expectedUserHeaders, actualUserHeaders)
+}

From 464bb5304997e142a6d15c1a32dc796557c6373f Mon Sep 17 00:00:00 2001
From: Rueian <rueiancsie@gmail.com>
Date: Tue, 25 Feb 2020 01:06:19 +0800
Subject: [PATCH 005/100] perf(cloudflared): reuse memory from buffer pool to
 get better throughput (#161)

* perf(cloudflared): reuse memory from buffer pool to get better throughput

https://github.com/cloudflare/cloudflared/issues/160
---
 buffer/pool.go                 | 29 +++++++++++++++++++++++++++++
 origin/supervisor.go           | 10 +++++++---
 origin/tunnel.go               | 14 ++++++++++++--
 originservice/originservice.go | 23 ++++++++++++++++-------
 4 files changed, 64 insertions(+), 12 deletions(-)
 create mode 100644 buffer/pool.go

diff --git a/buffer/pool.go b/buffer/pool.go
new file mode 100644
index 00000000..3265283f
--- /dev/null
+++ b/buffer/pool.go
@@ -0,0 +1,29 @@
+package buffer
+
+import (
+	"sync"
+)
+
+type Pool struct {
+	// A Pool must not be copied after first use.
+	// https://golang.org/pkg/sync/#Pool
+	buffers sync.Pool
+}
+
+func NewPool(bufferSize int) *Pool {
+	return &Pool{
+		buffers: sync.Pool{
+			New: func() interface{} {
+				return make([]byte, bufferSize)
+			},
+		},
+	}
+}
+
+func (p *Pool) Get() []byte {
+	return p.buffers.Get().([]byte)
+}
+
+func (p *Pool) Put(buf []byte) {
+	p.buffers.Put(buf)
+}
diff --git a/origin/supervisor.go b/origin/supervisor.go
index b8df583f..a1c78571 100644
--- a/origin/supervisor.go
+++ b/origin/supervisor.go
@@ -11,6 +11,7 @@ import (
 	"github.com/google/uuid"
 	"github.com/sirupsen/logrus"
 
+	"github.com/cloudflare/cloudflared/buffer"
 	"github.com/cloudflare/cloudflared/connection"
 	"github.com/cloudflare/cloudflared/edgediscovery"
 	"github.com/cloudflare/cloudflared/h2mux"
@@ -62,6 +63,8 @@ type Supervisor struct {
 
 	eventDigestLock *sync.RWMutex
 	eventDigest     []byte
+
+	bufferPool *buffer.Pool
 }
 
 type resolveResult struct {
@@ -96,6 +99,7 @@ func NewSupervisor(config *TunnelConfig, u uuid.UUID) (*Supervisor, error) {
 		logger:            config.Logger.WithField("subsystem", "supervisor"),
 		jwtLock:           &sync.RWMutex{},
 		eventDigestLock:   &sync.RWMutex{},
+		bufferPool:        buffer.NewPool(512 * 1024),
 	}, nil
 }
 
@@ -230,7 +234,7 @@ func (s *Supervisor) startFirstTunnel(ctx context.Context, connectedSignal *sign
 		return
 	}
 
-	err = ServeTunnelLoop(ctx, s, s.config, addr, thisConnID, connectedSignal, s.cloudflaredUUID)
+	err = ServeTunnelLoop(ctx, s, s.config, addr, thisConnID, connectedSignal, s.cloudflaredUUID, s.bufferPool)
 	// If the first tunnel disconnects, keep restarting it.
 	edgeErrors := 0
 	for s.unusedIPs() {
@@ -253,7 +257,7 @@ func (s *Supervisor) startFirstTunnel(ctx context.Context, connectedSignal *sign
 				return
 			}
 		}
-		err = ServeTunnelLoop(ctx, s, s.config, addr, thisConnID, connectedSignal, s.cloudflaredUUID)
+		err = ServeTunnelLoop(ctx, s, s.config, addr, thisConnID, connectedSignal, s.cloudflaredUUID, s.bufferPool)
 	}
 }
 
@@ -272,7 +276,7 @@ func (s *Supervisor) startTunnel(ctx context.Context, index int, connectedSignal
 	if err != nil {
 		return
 	}
-	err = ServeTunnelLoop(ctx, s, s.config, addr, uint8(index), connectedSignal, s.cloudflaredUUID)
+	err = ServeTunnelLoop(ctx, s, s.config, addr, uint8(index), connectedSignal, s.cloudflaredUUID, s.bufferPool)
 }
 
 func (s *Supervisor) newConnectedTunnelSignal(index int) *signal.Signal {
diff --git a/origin/tunnel.go b/origin/tunnel.go
index d5ba4d71..991d95c1 100644
--- a/origin/tunnel.go
+++ b/origin/tunnel.go
@@ -20,6 +20,7 @@ import (
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/sync/errgroup"
 
+	"github.com/cloudflare/cloudflared/buffer"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/buildinfo"
 	"github.com/cloudflare/cloudflared/connection"
 	"github.com/cloudflare/cloudflared/h2mux"
@@ -178,6 +179,7 @@ func ServeTunnelLoop(ctx context.Context,
 	connectionID uint8,
 	connectedSignal *signal.Signal,
 	u uuid.UUID,
+	bufferPool *buffer.Pool,
 ) error {
 	connectionLogger := config.Logger.WithField("connectionID", connectionID)
 	config.Metrics.incrementHaConnections()
@@ -201,6 +203,7 @@ func ServeTunnelLoop(ctx context.Context,
 			connectedFuse,
 			&backoff,
 			u,
+			bufferPool,
 		)
 		if recoverable {
 			if duration, ok := backoff.GetBackoffDuration(ctx); ok {
@@ -223,6 +226,7 @@ func ServeTunnel(
 	connectedFuse *h2mux.BooleanFuse,
 	backoff *BackoffHandler,
 	u uuid.UUID,
+	bufferPool *buffer.Pool,
 ) (err error, recoverable bool) {
 	// Treat panics as recoverable errors
 	defer func() {
@@ -243,7 +247,7 @@ func ServeTunnel(
 	tags["ha"] = connectionTag
 
 	// Returns error from parsing the origin URL or handshake errors
-	handler, originLocalIP, err := NewTunnelHandler(ctx, config, addr, connectionID)
+	handler, originLocalIP, err := NewTunnelHandler(ctx, config, addr, connectionID, bufferPool)
 	if err != nil {
 		errLog := logger.WithError(err)
 		switch err.(type) {
@@ -500,6 +504,8 @@ type TunnelHandler struct {
 	connectionID      string
 	logger            *log.Logger
 	noChunkedEncoding bool
+
+	bufferPool *buffer.Pool
 }
 
 // NewTunnelHandler returns a TunnelHandler, origin LAN IP and error
@@ -507,6 +513,7 @@ func NewTunnelHandler(ctx context.Context,
 	config *TunnelConfig,
 	addr *net.TCPAddr,
 	connectionID uint8,
+	bufferPool *buffer.Pool,
 ) (*TunnelHandler, string, error) {
 	originURL, err := validation.ValidateUrl(config.OriginUrl)
 	if err != nil {
@@ -522,6 +529,7 @@ func NewTunnelHandler(ctx context.Context,
 		connectionID:      uint8ToString(connectionID),
 		logger:            config.Logger,
 		noChunkedEncoding: config.NoChunkedEncoding,
+		bufferPool:        bufferPool,
 	}
 	if h.httpClient == nil {
 		h.httpClient = http.DefaultTransport
@@ -642,7 +650,9 @@ func (h *TunnelHandler) serveHTTP(stream *h2mux.MuxedStream, req *http.Request)
 	} else {
 		// Use CopyBuffer, because Copy only allocates a 32KiB buffer, and cross-stream
 		// compression generates dictionary on first write
-		io.CopyBuffer(stream, response.Body, make([]byte, 512*1024))
+		buf := h.bufferPool.Get()
+		defer h.bufferPool.Put(buf)
+		io.CopyBuffer(stream, response.Body, buf)
 	}
 	return response, nil
 }
diff --git a/originservice/originservice.go b/originservice/originservice.go
index 3cd0af53..2277385f 100644
--- a/originservice/originservice.go
+++ b/originservice/originservice.go
@@ -12,6 +12,7 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/cloudflare/cloudflared/buffer"
 	"github.com/cloudflare/cloudflared/h2mux"
 	"github.com/cloudflare/cloudflared/hello"
 	"github.com/cloudflare/cloudflared/log"
@@ -33,6 +34,7 @@ type HTTPService struct {
 	client          http.RoundTripper
 	originURL       *url.URL
 	chunkedEncoding bool
+	bufferPool      *buffer.Pool
 }
 
 func NewHTTPService(transport http.RoundTripper, url *url.URL, chunkedEncoding bool) OriginService {
@@ -40,6 +42,7 @@ func NewHTTPService(transport http.RoundTripper, url *url.URL, chunkedEncoding b
 		client:          transport,
 		originURL:       url,
 		chunkedEncoding: chunkedEncoding,
+		bufferPool:      buffer.NewPool(512 * 1024),
 	}
 }
 
@@ -71,7 +74,9 @@ func (hc *HTTPService) Proxy(stream *h2mux.MuxedStream, req *http.Request) (*htt
 	} else {
 		// Use CopyBuffer, because Copy only allocates a 32KiB buffer, and cross-stream
 		// compression generates dictionary on first write
-		io.CopyBuffer(stream, resp.Body, make([]byte, 512*1024))
+		buf := hc.bufferPool.Get()
+		defer hc.bufferPool.Put(buf)
+		io.CopyBuffer(stream, resp.Body, buf)
 	}
 	return resp, nil
 }
@@ -142,10 +147,11 @@ func (wsc *WebsocketService) Shutdown() {
 
 // HelloWorldService talks to the hello world example origin
 type HelloWorldService struct {
-	client    http.RoundTripper
-	listener  net.Listener
-	originURL *url.URL
-	shutdownC chan struct{}
+	client     http.RoundTripper
+	listener   net.Listener
+	originURL  *url.URL
+	shutdownC  chan struct{}
+	bufferPool *buffer.Pool
 }
 
 func NewHelloWorldService(transport http.RoundTripper) (OriginService, error) {
@@ -164,7 +170,8 @@ func NewHelloWorldService(transport http.RoundTripper) (OriginService, error) {
 			Scheme: "https",
 			Host:   listener.Addr().String(),
 		},
-		shutdownC: shutdownC,
+		shutdownC:  shutdownC,
+		bufferPool: buffer.NewPool(512 * 1024),
 	}, nil
 }
 
@@ -184,7 +191,9 @@ func (hwc *HelloWorldService) Proxy(stream *h2mux.MuxedStream, req *http.Request
 
 	// Use CopyBuffer, because Copy only allocates a 32KiB buffer, and cross-stream
 	// compression generates dictionary on first write
-	io.CopyBuffer(stream, resp.Body, make([]byte, 512*1024))
+	buf := hwc.bufferPool.Get()
+	defer hwc.bufferPool.Put(buf)
+	io.CopyBuffer(stream, resp.Body, buf)
 
 	return resp, nil
 }

From a5f67091bf90f249596d90c85cfc4b1f75135c93 Mon Sep 17 00:00:00 2001
From: Cameron Steel <Tugzrida@users.noreply.github.com>
Date: Tue, 25 Feb 2020 04:08:14 +1100
Subject: [PATCH 006/100] Tweak HTTP host header. Fixes #107 (#168)

---
 tunneldns/https_upstream.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tunneldns/https_upstream.go b/tunneldns/https_upstream.go
index ac9b60ec..57f51deb 100644
--- a/tunneldns/https_upstream.go
+++ b/tunneldns/https_upstream.go
@@ -83,7 +83,7 @@ func (u *UpstreamHTTPS) exchangeWireformat(msg []byte) ([]byte, error) {
 	}
 
 	req.Header.Add("Content-Type", "application/dns-message")
-	req.Host = u.endpoint.Hostname()
+	req.Host = u.endpoint.Host
 
 	resp, err := u.client.Do(req)
 	if err != nil {

From afc2cd38e1f34caf095d254c868aa9829f8efe84 Mon Sep 17 00:00:00 2001
From: Areg Harutyunyan <areg@cloudflare.com>
Date: Tue, 25 Feb 2020 23:45:48 +0000
Subject: [PATCH 007/100] TUN-2765: Add list of features to tunnelrpc

---
 tunnelrpc/tunnelrpc.capnp    |   2 +
 tunnelrpc/tunnelrpc.capnp.go | 723 +++++++++++++----------------------
 2 files changed, 278 insertions(+), 447 deletions(-)

diff --git a/tunnelrpc/tunnelrpc.capnp b/tunnelrpc/tunnelrpc.capnp
index 779f1b36..9ef5be43 100644
--- a/tunnelrpc/tunnelrpc.capnp
+++ b/tunnelrpc/tunnelrpc.capnp
@@ -50,6 +50,8 @@ struct RegistrationOptions {
     uuid @11 :Text;
     # number of previous attempts to send RegisterTunnel/ReconnectTunnel
     numPreviousAttempts @12 :UInt8;
+    # Set of features this cloudflared knows it supports
+    features @13 :List(Text);
 }
 
 struct CapnpConnectParameters {
diff --git a/tunnelrpc/tunnelrpc.capnp.go b/tunnelrpc/tunnelrpc.capnp.go
index 1b29410e..51876fb7 100644
--- a/tunnelrpc/tunnelrpc.capnp.go
+++ b/tunnelrpc/tunnelrpc.capnp.go
@@ -106,11 +106,6 @@ func (s Authentication_List) At(i int) Authentication { return Authentication{s.
 
 func (s Authentication_List) Set(i int, v Authentication) error { return s.List.SetStruct(i, v.Struct) }
 
-func (s Authentication_List) String() string {
-	str, _ := text.MarshalList(0xc082ef6e0d42ed1d, s.List)
-	return str
-}
-
 // Authentication_Promise is a wrapper for a Authentication promised by a client call.
 type Authentication_Promise struct{ *capnp.Pipeline }
 
@@ -273,11 +268,6 @@ func (s TunnelRegistration_List) Set(i int, v TunnelRegistration) error {
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s TunnelRegistration_List) String() string {
-	str, _ := text.MarshalList(0xf41a0f001ad49e46, s.List)
-	return str
-}
-
 // TunnelRegistration_Promise is a wrapper for a TunnelRegistration promised by a client call.
 type TunnelRegistration_Promise struct{ *capnp.Pipeline }
 
@@ -292,12 +282,12 @@ type RegistrationOptions struct{ capnp.Struct }
 const RegistrationOptions_TypeID = 0xc793e50592935b4a
 
 func NewRegistrationOptions(s *capnp.Segment) (RegistrationOptions, error) {
-	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 16, PointerCount: 7})
+	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 16, PointerCount: 8})
 	return RegistrationOptions{st}, err
 }
 
 func NewRootRegistrationOptions(s *capnp.Segment) (RegistrationOptions, error) {
-	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 16, PointerCount: 7})
+	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 16, PointerCount: 8})
 	return RegistrationOptions{st}, err
 }
 
@@ -498,12 +488,37 @@ func (s RegistrationOptions) SetNumPreviousAttempts(v uint8) {
 	s.Struct.SetUint8(4, v)
 }
 
+func (s RegistrationOptions) Features() (capnp.TextList, error) {
+	p, err := s.Struct.Ptr(7)
+	return capnp.TextList{List: p.List()}, err
+}
+
+func (s RegistrationOptions) HasFeatures() bool {
+	p, err := s.Struct.Ptr(7)
+	return p.IsValid() || err != nil
+}
+
+func (s RegistrationOptions) SetFeatures(v capnp.TextList) error {
+	return s.Struct.SetPtr(7, v.List.ToPtr())
+}
+
+// NewFeatures sets the features field to a newly
+// allocated capnp.TextList, preferring placement in s's segment.
+func (s RegistrationOptions) NewFeatures(n int32) (capnp.TextList, error) {
+	l, err := capnp.NewTextList(s.Struct.Segment(), n)
+	if err != nil {
+		return capnp.TextList{}, err
+	}
+	err = s.Struct.SetPtr(7, l.List.ToPtr())
+	return l, err
+}
+
 // RegistrationOptions_List is a list of RegistrationOptions.
 type RegistrationOptions_List struct{ capnp.List }
 
 // NewRegistrationOptions creates a new list of RegistrationOptions.
 func NewRegistrationOptions_List(s *capnp.Segment, sz int32) (RegistrationOptions_List, error) {
-	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 16, PointerCount: 7}, sz)
+	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 16, PointerCount: 8}, sz)
 	return RegistrationOptions_List{l}, err
 }
 
@@ -515,11 +530,6 @@ func (s RegistrationOptions_List) Set(i int, v RegistrationOptions) error {
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s RegistrationOptions_List) String() string {
-	str, _ := text.MarshalList(0xc793e50592935b4a, s.List)
-	return str
-}
-
 // RegistrationOptions_Promise is a wrapper for a RegistrationOptions promised by a client call.
 type RegistrationOptions_Promise struct{ *capnp.Pipeline }
 
@@ -669,11 +679,6 @@ func (s CapnpConnectParameters_List) Set(i int, v CapnpConnectParameters) error
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s CapnpConnectParameters_List) String() string {
-	str, _ := text.MarshalList(0xa78f37418c1077c8, s.List)
-	return str
-}
-
 // CapnpConnectParameters_Promise is a wrapper for a CapnpConnectParameters promised by a client call.
 type CapnpConnectParameters_Promise struct{ *capnp.Pipeline }
 
@@ -732,9 +737,6 @@ func (s ConnectResult_result) Which() ConnectResult_result_Which {
 	return ConnectResult_result_Which(s.Struct.Uint16(0))
 }
 func (s ConnectResult_result) Err() (ConnectError, error) {
-	if s.Struct.Uint16(0) != 0 {
-		panic("Which() != err")
-	}
 	p, err := s.Struct.Ptr(0)
 	return ConnectError{Struct: p.Struct()}, err
 }
@@ -765,9 +767,6 @@ func (s ConnectResult_result) NewErr() (ConnectError, error) {
 }
 
 func (s ConnectResult_result) Success() (ConnectSuccess, error) {
-	if s.Struct.Uint16(0) != 1 {
-		panic("Which() != success")
-	}
 	p, err := s.Struct.Ptr(0)
 	return ConnectSuccess{Struct: p.Struct()}, err
 }
@@ -810,11 +809,6 @@ func (s ConnectResult_List) At(i int) ConnectResult { return ConnectResult{s.Lis
 
 func (s ConnectResult_List) Set(i int, v ConnectResult) error { return s.List.SetStruct(i, v.Struct) }
 
-func (s ConnectResult_List) String() string {
-	str, _ := text.MarshalList(0xff8d9848747c956a, s.List)
-	return str
-}
-
 // ConnectResult_Promise is a wrapper for a ConnectResult promised by a client call.
 type ConnectResult_Promise struct{ *capnp.Pipeline }
 
@@ -916,11 +910,6 @@ func (s ConnectError_List) At(i int) ConnectError { return ConnectError{s.List.S
 
 func (s ConnectError_List) Set(i int, v ConnectError) error { return s.List.SetStruct(i, v.Struct) }
 
-func (s ConnectError_List) String() string {
-	str, _ := text.MarshalList(0xb14ce48f4e2abb0d, s.List)
-	return str
-}
-
 // ConnectError_Promise is a wrapper for a ConnectError promised by a client call.
 type ConnectError_Promise struct{ *capnp.Pipeline }
 
@@ -1011,11 +1000,6 @@ func (s ConnectSuccess_List) At(i int) ConnectSuccess { return ConnectSuccess{s.
 
 func (s ConnectSuccess_List) Set(i int, v ConnectSuccess) error { return s.List.SetStruct(i, v.Struct) }
 
-func (s ConnectSuccess_List) String() string {
-	str, _ := text.MarshalList(0x8407e070e0d52605, s.List)
-	return str
-}
-
 // ConnectSuccess_Promise is a wrapper for a ConnectSuccess promised by a client call.
 type ConnectSuccess_Promise struct{ *capnp.Pipeline }
 
@@ -1174,11 +1158,6 @@ func (s ClientConfig_List) At(i int) ClientConfig { return ClientConfig{s.List.S
 
 func (s ClientConfig_List) Set(i int, v ClientConfig) error { return s.List.SetStruct(i, v.Struct) }
 
-func (s ClientConfig_List) String() string {
-	str, _ := text.MarshalList(0xf0a143f1c95a678e, s.List)
-	return str
-}
-
 // ClientConfig_Promise is a wrapper for a ClientConfig promised by a client call.
 type ClientConfig_Promise struct{ *capnp.Pipeline }
 
@@ -1259,11 +1238,6 @@ func (s SupervisorConfig_List) Set(i int, v SupervisorConfig) error {
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s SupervisorConfig_List) String() string {
-	str, _ := text.MarshalList(0xf7f49b3f779ae258, s.List)
-	return str
-}
-
 // SupervisorConfig_Promise is a wrapper for a SupervisorConfig promised by a client call.
 type SupervisorConfig_Promise struct{ *capnp.Pipeline }
 
@@ -1365,11 +1339,6 @@ func (s EdgeConnectionConfig_List) Set(i int, v EdgeConnectionConfig) error {
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s EdgeConnectionConfig_List) String() string {
-	str, _ := text.MarshalList(0xc744e349009087aa, s.List)
-	return str
-}
-
 // EdgeConnectionConfig_Promise is a wrapper for a EdgeConnectionConfig promised by a client call.
 type EdgeConnectionConfig_Promise struct{ *capnp.Pipeline }
 
@@ -1452,9 +1421,6 @@ func (s ReverseProxyConfig_originConfig) Which() ReverseProxyConfig_originConfig
 	return ReverseProxyConfig_originConfig_Which(s.Struct.Uint16(0))
 }
 func (s ReverseProxyConfig_originConfig) Http() (HTTPOriginConfig, error) {
-	if s.Struct.Uint16(0) != 0 {
-		panic("Which() != http")
-	}
 	p, err := s.Struct.Ptr(1)
 	return HTTPOriginConfig{Struct: p.Struct()}, err
 }
@@ -1485,9 +1451,6 @@ func (s ReverseProxyConfig_originConfig) NewHttp() (HTTPOriginConfig, error) {
 }
 
 func (s ReverseProxyConfig_originConfig) Websocket() (WebSocketOriginConfig, error) {
-	if s.Struct.Uint16(0) != 1 {
-		panic("Which() != websocket")
-	}
 	p, err := s.Struct.Ptr(1)
 	return WebSocketOriginConfig{Struct: p.Struct()}, err
 }
@@ -1518,9 +1481,6 @@ func (s ReverseProxyConfig_originConfig) NewWebsocket() (WebSocketOriginConfig,
 }
 
 func (s ReverseProxyConfig_originConfig) HelloWorld() (HelloWorldOriginConfig, error) {
-	if s.Struct.Uint16(0) != 2 {
-		panic("Which() != helloWorld")
-	}
 	p, err := s.Struct.Ptr(1)
 	return HelloWorldOriginConfig{Struct: p.Struct()}, err
 }
@@ -1591,11 +1551,6 @@ func (s ReverseProxyConfig_List) Set(i int, v ReverseProxyConfig) error {
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s ReverseProxyConfig_List) String() string {
-	str, _ := text.MarshalList(0xc766a92976e389c4, s.List)
-	return str
-}
-
 // ReverseProxyConfig_Promise is a wrapper for a ReverseProxyConfig promised by a client call.
 type ReverseProxyConfig_Promise struct{ *capnp.Pipeline }
 
@@ -1735,11 +1690,6 @@ func (s WebSocketOriginConfig_List) Set(i int, v WebSocketOriginConfig) error {
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s WebSocketOriginConfig_List) String() string {
-	str, _ := text.MarshalList(0xf9c895683ed9ac4c, s.List)
-	return str
-}
-
 // WebSocketOriginConfig_Promise is a wrapper for a WebSocketOriginConfig promised by a client call.
 type WebSocketOriginConfig_Promise struct{ *capnp.Pipeline }
 
@@ -1917,11 +1867,6 @@ func (s HTTPOriginConfig_List) Set(i int, v HTTPOriginConfig) error {
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s HTTPOriginConfig_List) String() string {
-	str, _ := text.MarshalList(0xe4a6a1bc139211b4, s.List)
-	return str
-}
-
 // HTTPOriginConfig_Promise is a wrapper for a HTTPOriginConfig promised by a client call.
 type HTTPOriginConfig_Promise struct{ *capnp.Pipeline }
 
@@ -2020,11 +1965,6 @@ func (s DoHProxyConfig_List) At(i int) DoHProxyConfig { return DoHProxyConfig{s.
 
 func (s DoHProxyConfig_List) Set(i int, v DoHProxyConfig) error { return s.List.SetStruct(i, v.Struct) }
 
-func (s DoHProxyConfig_List) String() string {
-	str, _ := text.MarshalList(0xb167b0bebe562cd0, s.List)
-	return str
-}
-
 // DoHProxyConfig_Promise is a wrapper for a DoHProxyConfig promised by a client call.
 type DoHProxyConfig_Promise struct{ *capnp.Pipeline }
 
@@ -2075,11 +2015,6 @@ func (s HelloWorldOriginConfig_List) Set(i int, v HelloWorldOriginConfig) error
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s HelloWorldOriginConfig_List) String() string {
-	str, _ := text.MarshalList(0x8891f360e47c30d3, s.List)
-	return str
-}
-
 // HelloWorldOriginConfig_Promise is a wrapper for a HelloWorldOriginConfig promised by a client call.
 type HelloWorldOriginConfig_Promise struct{ *capnp.Pipeline }
 
@@ -2164,11 +2099,6 @@ func (s Tag_List) At(i int) Tag { return Tag{s.List.Struct(i)} }
 
 func (s Tag_List) Set(i int, v Tag) error { return s.List.SetStruct(i, v.Struct) }
 
-func (s Tag_List) String() string {
-	str, _ := text.MarshalList(0xcbd96442ae3bb01a, s.List)
-	return str
-}
-
 // Tag_Promise is a wrapper for a Tag promised by a client call.
 type Tag_Promise struct{ *capnp.Pipeline }
 
@@ -2294,11 +2224,6 @@ func (s ServerInfo_List) At(i int) ServerInfo { return ServerInfo{s.List.Struct(
 
 func (s ServerInfo_List) Set(i int, v ServerInfo) error { return s.List.SetStruct(i, v.Struct) }
 
-func (s ServerInfo_List) String() string {
-	str, _ := text.MarshalList(0xf2c68e2547ec3866, s.List)
-	return str
-}
-
 // ServerInfo_Promise is a wrapper for a ServerInfo promised by a client call.
 type ServerInfo_Promise struct{ *capnp.Pipeline }
 
@@ -2382,11 +2307,6 @@ func (s UseConfigurationResult_List) Set(i int, v UseConfigurationResult) error
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s UseConfigurationResult_List) String() string {
-	str, _ := text.MarshalList(0xd58a254e7a792b87, s.List)
-	return str
-}
-
 // UseConfigurationResult_Promise is a wrapper for a UseConfigurationResult promised by a client call.
 type UseConfigurationResult_Promise struct{ *capnp.Pipeline }
 
@@ -2451,9 +2371,6 @@ func (s FailedConfig_config) Which() FailedConfig_config_Which {
 	return FailedConfig_config_Which(s.Struct.Uint16(0))
 }
 func (s FailedConfig_config) Supervisor() (SupervisorConfig, error) {
-	if s.Struct.Uint16(0) != 0 {
-		panic("Which() != supervisor")
-	}
 	p, err := s.Struct.Ptr(0)
 	return SupervisorConfig{Struct: p.Struct()}, err
 }
@@ -2484,9 +2401,6 @@ func (s FailedConfig_config) NewSupervisor() (SupervisorConfig, error) {
 }
 
 func (s FailedConfig_config) EdgeConnection() (EdgeConnectionConfig, error) {
-	if s.Struct.Uint16(0) != 1 {
-		panic("Which() != edgeConnection")
-	}
 	p, err := s.Struct.Ptr(0)
 	return EdgeConnectionConfig{Struct: p.Struct()}, err
 }
@@ -2517,9 +2431,6 @@ func (s FailedConfig_config) NewEdgeConnection() (EdgeConnectionConfig, error) {
 }
 
 func (s FailedConfig_config) Doh() (DoHProxyConfig, error) {
-	if s.Struct.Uint16(0) != 2 {
-		panic("Which() != doh")
-	}
 	p, err := s.Struct.Ptr(0)
 	return DoHProxyConfig{Struct: p.Struct()}, err
 }
@@ -2550,9 +2461,6 @@ func (s FailedConfig_config) NewDoh() (DoHProxyConfig, error) {
 }
 
 func (s FailedConfig_config) ReverseProxy() (ReverseProxyConfig, error) {
-	if s.Struct.Uint16(0) != 3 {
-		panic("Which() != reverseProxy")
-	}
 	p, err := s.Struct.Ptr(0)
 	return ReverseProxyConfig{Struct: p.Struct()}, err
 }
@@ -2614,11 +2522,6 @@ func (s FailedConfig_List) At(i int) FailedConfig { return FailedConfig{s.List.S
 
 func (s FailedConfig_List) Set(i int, v FailedConfig) error { return s.List.SetStruct(i, v.Struct) }
 
-func (s FailedConfig_List) String() string {
-	str, _ := text.MarshalList(0xea20b390b257d1a5, s.List)
-	return str
-}
-
 // FailedConfig_Promise is a wrapper for a FailedConfig promised by a client call.
 type FailedConfig_Promise struct{ *capnp.Pipeline }
 
@@ -2757,11 +2660,6 @@ func (s AuthenticateResponse_List) Set(i int, v AuthenticateResponse) error {
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s AuthenticateResponse_List) String() string {
-	str, _ := text.MarshalList(0x82c325a07ad22a65, s.List)
-	return str
-}
-
 // AuthenticateResponse_Promise is a wrapper for a AuthenticateResponse promised by a client call.
 type AuthenticateResponse_Promise struct{ *capnp.Pipeline }
 
@@ -3155,11 +3053,6 @@ func (s TunnelServer_registerTunnel_Params_List) Set(i int, v TunnelServer_regis
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s TunnelServer_registerTunnel_Params_List) String() string {
-	str, _ := text.MarshalList(0xb70431c0dc014915, s.List)
-	return str
-}
-
 // TunnelServer_registerTunnel_Params_Promise is a wrapper for a TunnelServer_registerTunnel_Params promised by a client call.
 type TunnelServer_registerTunnel_Params_Promise struct{ *capnp.Pipeline }
 
@@ -3239,11 +3132,6 @@ func (s TunnelServer_registerTunnel_Results_List) Set(i int, v TunnelServer_regi
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s TunnelServer_registerTunnel_Results_List) String() string {
-	str, _ := text.MarshalList(0xf2c122394f447e8e, s.List)
-	return str
-}
-
 // TunnelServer_registerTunnel_Results_Promise is a wrapper for a TunnelServer_registerTunnel_Results promised by a client call.
 type TunnelServer_registerTunnel_Results_Promise struct{ *capnp.Pipeline }
 
@@ -3298,11 +3186,6 @@ func (s TunnelServer_getServerInfo_Params_List) Set(i int, v TunnelServer_getSer
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s TunnelServer_getServerInfo_Params_List) String() string {
-	str, _ := text.MarshalList(0xdc3ed6801961e502, s.List)
-	return str
-}
-
 // TunnelServer_getServerInfo_Params_Promise is a wrapper for a TunnelServer_getServerInfo_Params promised by a client call.
 type TunnelServer_getServerInfo_Params_Promise struct{ *capnp.Pipeline }
 
@@ -3378,11 +3261,6 @@ func (s TunnelServer_getServerInfo_Results_List) Set(i int, v TunnelServer_getSe
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s TunnelServer_getServerInfo_Results_List) String() string {
-	str, _ := text.MarshalList(0xe3e37d096a5b564e, s.List)
-	return str
-}
-
 // TunnelServer_getServerInfo_Results_Promise is a wrapper for a TunnelServer_getServerInfo_Results promised by a client call.
 type TunnelServer_getServerInfo_Results_Promise struct{ *capnp.Pipeline }
 
@@ -3445,11 +3323,6 @@ func (s TunnelServer_unregisterTunnel_Params_List) Set(i int, v TunnelServer_unr
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s TunnelServer_unregisterTunnel_Params_List) String() string {
-	str, _ := text.MarshalList(0x9b87b390babc2ccf, s.List)
-	return str
-}
-
 // TunnelServer_unregisterTunnel_Params_Promise is a wrapper for a TunnelServer_unregisterTunnel_Params promised by a client call.
 type TunnelServer_unregisterTunnel_Params_Promise struct{ *capnp.Pipeline }
 
@@ -3500,11 +3373,6 @@ func (s TunnelServer_unregisterTunnel_Results_List) Set(i int, v TunnelServer_un
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s TunnelServer_unregisterTunnel_Results_List) String() string {
-	str, _ := text.MarshalList(0xa29a916d4ebdd894, s.List)
-	return str
-}
-
 // TunnelServer_unregisterTunnel_Results_Promise is a wrapper for a TunnelServer_unregisterTunnel_Results promised by a client call.
 type TunnelServer_unregisterTunnel_Results_Promise struct{ *capnp.Pipeline }
 
@@ -3580,11 +3448,6 @@ func (s TunnelServer_connect_Params_List) Set(i int, v TunnelServer_connect_Para
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s TunnelServer_connect_Params_List) String() string {
-	str, _ := text.MarshalList(0xa766b24d4fe5da35, s.List)
-	return str
-}
-
 // TunnelServer_connect_Params_Promise is a wrapper for a TunnelServer_connect_Params promised by a client call.
 type TunnelServer_connect_Params_Promise struct{ *capnp.Pipeline }
 
@@ -3664,11 +3527,6 @@ func (s TunnelServer_connect_Results_List) Set(i int, v TunnelServer_connect_Res
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s TunnelServer_connect_Results_List) String() string {
-	str, _ := text.MarshalList(0xfeac5c8f4899ef7c, s.List)
-	return str
-}
-
 // TunnelServer_connect_Results_Promise is a wrapper for a TunnelServer_connect_Results promised by a client call.
 type TunnelServer_connect_Results_Promise struct{ *capnp.Pipeline }
 
@@ -3781,11 +3639,6 @@ func (s TunnelServer_authenticate_Params_List) Set(i int, v TunnelServer_authent
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s TunnelServer_authenticate_Params_List) String() string {
-	str, _ := text.MarshalList(0x85c8cea1ab1894f3, s.List)
-	return str
-}
-
 // TunnelServer_authenticate_Params_Promise is a wrapper for a TunnelServer_authenticate_Params promised by a client call.
 type TunnelServer_authenticate_Params_Promise struct{ *capnp.Pipeline }
 
@@ -3865,11 +3718,6 @@ func (s TunnelServer_authenticate_Results_List) Set(i int, v TunnelServer_authen
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s TunnelServer_authenticate_Results_List) String() string {
-	str, _ := text.MarshalList(0xfc5edf80e39c0796, s.List)
-	return str
-}
-
 // TunnelServer_authenticate_Results_Promise is a wrapper for a TunnelServer_authenticate_Results promised by a client call.
 type TunnelServer_authenticate_Results_Promise struct{ *capnp.Pipeline }
 
@@ -3996,11 +3844,6 @@ func (s TunnelServer_reconnectTunnel_Params_List) Set(i int, v TunnelServer_reco
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s TunnelServer_reconnectTunnel_Params_List) String() string {
-	str, _ := text.MarshalList(0xa353a3556df74984, s.List)
-	return str
-}
-
 // TunnelServer_reconnectTunnel_Params_Promise is a wrapper for a TunnelServer_reconnectTunnel_Params promised by a client call.
 type TunnelServer_reconnectTunnel_Params_Promise struct{ *capnp.Pipeline }
 
@@ -4080,11 +3923,6 @@ func (s TunnelServer_reconnectTunnel_Results_List) Set(i int, v TunnelServer_rec
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s TunnelServer_reconnectTunnel_Results_List) String() string {
-	str, _ := text.MarshalList(0xd4d18de97bb12de3, s.List)
-	return str
-}
-
 // TunnelServer_reconnectTunnel_Results_Promise is a wrapper for a TunnelServer_reconnectTunnel_Results promised by a client call.
 type TunnelServer_reconnectTunnel_Results_Promise struct{ *capnp.Pipeline }
 
@@ -4229,11 +4067,6 @@ func (s ClientService_useConfiguration_Params_List) Set(i int, v ClientService_u
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s ClientService_useConfiguration_Params_List) String() string {
-	str, _ := text.MarshalList(0xb9d4ef45c2b5fc5b, s.List)
-	return str
-}
-
 // ClientService_useConfiguration_Params_Promise is a wrapper for a ClientService_useConfiguration_Params promised by a client call.
 type ClientService_useConfiguration_Params_Promise struct{ *capnp.Pipeline }
 
@@ -4313,11 +4146,6 @@ func (s ClientService_useConfiguration_Results_List) Set(i int, v ClientService_
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s ClientService_useConfiguration_Results_List) String() string {
-	str, _ := text.MarshalList(0x91f7a001ca145b9d, s.List)
-	return str
-}
-
 // ClientService_useConfiguration_Results_Promise is a wrapper for a ClientService_useConfiguration_Results promised by a client call.
 type ClientService_useConfiguration_Results_Promise struct{ *capnp.Pipeline }
 
@@ -4330,253 +4158,254 @@ func (p ClientService_useConfiguration_Results_Promise) Result() UseConfiguratio
 	return UseConfigurationResult_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
 }
 
-const schema_db8274f9144abc7e = "x\xda\xccZ}\x90\x14ez\x7f\x9e\xeeY\x9a\x85]" +
-	"f:=\x96+\x02#[\x12\x85\x13\xa2\"\x89\xb7I" +
-	"n\xf6\x03\xb8]\x8e\x8f\xe9\x9d\x05\xbd\x95K\xd1;\xf3" +
-	"\xeen/=\xddCw\x0f\xb0\x1b8\x84\xc2xl\xe4" +
-	"\x04OR\xe2\xe1\x95\xa0\xc4\x8fp9\xf0\xa0\xa2\x06-" +
-	"M\xee\"\xe6\x8ex\\ %\x17\xadS\xd1J\x9d\xa5" +
-	"eP)c\xca\xb3SO\x7f\xef\xec\xba\x80I\xaa\xee" +
-	"\x1f\x98z\xfay?\x9e\xaf\xdf\xf3\xf1\xee\x8dC\x93\x9a" +
-	"\xb9\x9bj\xaeK\x02\xc8\x87k&8l\xce/\x87\x1e" +
-	"\x9e\xf5\x8f\xdb@\x9e\x8a\xe8|\xfb\xf8\x92\xf4\xa7\xf6\xb6" +
-	"\x7f\x87\x1a^\x00\x98?(\x0c\xa1\xb4S\x10\x00\xa4\x1d" +
-	"\xc2\x7f\x00:5\xbf\x7f\xe6\x8d\xf2\x1b\xc2v\x10\xa7\xc6" +
-	"\x999b.M\\\x82\xd2\xd6\x89\xc4\xbcy\xe2\x06@" +
-	"\xe7OJ\xaf\x1c\xf8\xc3=?#f.b\x06\x9c\xff" +
-	"\xce\xc4!\x94>u9/L\\\x01\xe8|t\x7f\xc3" +
-	"\xdf\xec\xff\x97\x13w\x81x\x1d\x82\x7fv}\xed\xaf\x10" +
-	"P\x9aY\xfb#@\xe7_o\xdc\xf4\xf6\x9a\x8fv\x7f" +
-	"g\xe4\xb9\x09\xe2{\xb1v\x18\xa5\xb3\xb5\x02\xf0\xceC" +
-	"w\xa4\xff\x19\x1f\xfed7\x88\xd7\xd36H\x9f\x8f\xd5" +
-	"N\xe2\x00\xa5\x93\xb5Y@\xe7\x95\x1b\x8e?\xbb\xeb\xc7" +
-	"w\x7f\x1f\xe4\xeb\x10\xc1[\xff~\xed\x7f\xd398\x89" +
-	"\x18\xce?\xfa\x95\xc4\x0f_\xf9\xbd\x1f\xb8\x0c\xce\xc1S" +
-	"\xb7=\xb5\xeb\xc7\xd7\xbc\x0b+9\x01\x13\x00\xf3gO" +
-	"2\x89w\xc1$\xd2\xc5\xfd\xaf>\xb7\xbc\xb4\xfb\xc1\x03" +
-	"\xde\xa5\xdd\xbd\xae\x98\xccq\x90p\xb6w|RZ\xf9" +
-	"H\xfe\x11_\x1c\xf7S\xed\xe4\x0fi\xe9\xf4\xc9\xb4t" +
-	"\xc1\xaf\xdeY\xb1\xec\xa9\xde\xc7|\x06\xf7\xa2\x9fN~" +
-	"\x8a\x18j\xeb\xe8\x1e'6\xa4\xeei\xf9\xa3{\x1f\xab" +
-	"\xb6J\x0dq\xce\xad\x1bFiQ\x1d\xfdl\xa9\xbb\x0d" +
-	"\x01\x9d\xe1\xaf>\xb7\xea\xa3\xbf\xb0\x9e\x04y.&\x9c" +
-	"\x9f\xec8\xb7~\xf6\x13\xbd/\xb9\xd7\xe6\x01\xe6?S" +
-	"\xffK\xda\xfad=\xa9\xb2\xfe\xef\xe7,\xbf\xf7\xed\xa5" +
-	"Gh\xeb\x98Y\xbcK\x94\xa64\xa1\xb4y\x0aYf" +
-	"p\x0aq\xff\xe2\x86U\xcf?\x7f\xb8\xefH\xf5E\\" +
-	"\x8b_\x95\\\x82\xd2\xdc$q\xcfN\x12\xf7\x15\x1d\xf8" +
-	"\xda\x0b7%\xfe.n\xc7\xd7\x93\xef\xd2\xe1\xe7]\x86" +
-	";>;\xf6\x0f\x8b>8\xfdL\xdcB\xbbS\x1cY" +
-	"\xe8`\x8a\x04\xef\x1e\xc6\xd2kM\xcd\xcf\x83|=\xa2" +
-	"3\xb0g\x93\xdd\xfe\xc0N\x07V\xa2\x80\x1c\xc0\xfc\x93" +
-	"\xa9!\xda\xecl\x8a\xfck\xfa\xfb\xad\xf5\xfa\x07\xdb^" +
-	"\xa8rF\xf7\xd4\x05\xe2\x12\x94:D\xba\xda\"\xf1G" +
-	"\x80\x9f<y\xf7\xae\x8es\x0b_\x92\xa7b\xa2Z\xe8" +
-	"7\xc5!\x94.\x10\xef\xfc\xf3b\x86\xf4\x19j\xb0\x8a" +
-	"\xdd\x95z\xa64\x80\xd2\x02\x89~\xde$\xb9\xecK\xee" +
-	"\xf8\xde}5\xef|\xef\xa5j\x95R\xe0\xcc\xff\xd3\xb4" +
-	"\x89\x92\x9c\xa6\x9f\xcb\xd2\xbf\xe6\x00\x9d\xa9\x87\xff\xf8o" +
-	"[\x8bg\x7f6F\x10I\x9b\xaf\xfcP\xdaq%\xfd" +
-	"\xba\xebJ\x92\xf1\xdc\xdc#\x7f\xfe\x9b\x9d\xa7N\xc7=" +
-	"\xe5\xcd+]\x8f\xbdp%)\xec\xee\xaf\x0c\x0e-\x9f" +
-	"5|\xa6\xda@.\xe7\x15\x0d\xc3(\xcdmp\x0d\xd4" +
-	"@\xdbq\xef(W\xdd\xf9o_{-\xe6\xb3{\x1b" +
-	"\xdeBH8\xcbW\xdd1P\xbb\xf9\xdc\xb9\xf8A;" +
-	"\x1b\\\xd3\xedo\xa0\x83\x8e\x8a\xf7I\xc7\xf7\xff\xf5\xdb" +
-	"t\x90P\xad\xee\x17\x1b\xbaQ:C\x07\xcd?\xd5\xf0" +
-	"\x18\x09\x19\xc6\xceX\x8es\xf2\xea&\x94^\xbf\x9a\xee" +
-	"u\xf6j\xba\xd7\x825-l\xf5\xad\xb7\xbf\x0b\xe2T" +
-	"~\x04T\\5\xad\x09\xa5\xd9\xd3h\xd1\xaciw\xa3" +
-	"4w\xba\x00\xe0|\xb7\xaf\xfb\xe5\xf3m\xfb\xff\xb3z" +
-	"s/\x08\xa77\xa14k\xbak\xaa\xe9\xae}\xe6\xdf" +
-	"\xf4\x97\xef\xefy\xa4\xed\xfc\xa8\xddK3ZQ\xda<" +
-	"\xc3u\xf7\x19_\x97\x9e\x98\xe1n\xfe\xed\x85+\xbe\xda" +
-	"\xf8\xe2\x87qM\xec\x9e\xe1F\xef\xc1\x19\xa4\x89\xde[" +
-	"\xdf\xfb\xfa\xac\xef\xfe\xd3\x87U\xf6s\x19\x7f:c\x0e" +
-	"Jg\xdc\x1dO\x11\xf3\x07\x8b\x7fpzjr\xea\xc7" +
-	"c\xc5\xf1\x85\x19\x03(\xd5f\xe8gM\xe6^\xba\xe8" +
-	"\xedo=\xb8!\xfb\xfd\x8f?!\xb9\xf8*\x9c{\xe6" +
-	"\x9an\x94N^C;\xbf|\x0d\xc5\xd2\xd2Cg\xbf" +
-	"\xd6\xbf\xe7\xc4\xa7c\"we\xe66\x94v\xcct\x1d" +
-	"i&A\xce_\x09\xfb\xce\xdd\xf9\xeb?\xfb,.U" +
-	"\xa9\xf1-\x92jk#I\xb5\xe9\x83\xbd\xed\xf7\xae>" +
-	"\xf4y\x9ca\x7f\xe3\xb3\xc4p\xc4e\x08\x83q,O" +
-	";\xd5\xd8\x8a\xd2\x9b\x8dt\xde\xeb\x8dY\x98\xeb\xd8\x15" +
-	"]g\x9aYN\x14\xfe \xf8Y\x98WP\xcaz\xb9" +
-	"\xa9\xa5b\xf73\xddV\x0b\x8a\xcd:Y\xd6*\x1b\xba" +
-	"\xc5r\x88r\x8aO\x00$\x10@T\x06\x00\xe45<" +
-	"\xca\x1a\x87\"b\x9a\xd0ZT\x89\xd8\xcf\xa3ls(" +
-	"r\\\x9a\x10A\\\xd7\x08 k<\xca\x1b9D>" +
-	"Mx'V\xee\x03\x907\xf2(o\xe7\xd0)3\xb3" +
-	"\xa4\xe8L\x87\xa4\xbd\xc84\xb1\x0e8\xac\x03tLf" +
-	"\x9b\x83J\x8f\x06I\x16#\x0b\x03\x1bl\xac\x07\x0e\xeb" +
-	"\x01\x9d~\xa3bZ+u\x1bU\xad\x93\xf5\x9a\xcc\xc2" +
-	"~\x9c\x00\x1cN\x00\x1cO\xbc6C\xd7Y\xc1\xceW" +
-	"\x0a\x05fY\x00$\xd9\xc4P\xb2\xd9\x0f\x02\xc87\xf0" +
-	"(\xdf\x1a\x93l\x01Iv\x0b\x8fr3\x87\x8e\xc5\xcc" +
-	"\xf5\xcc\\j`A\xb1UC_\xae\xf0%\x16^\xbb" +
-	"\xa0\xa9L\xb7\xdb\x0cH\xea\xbdj\x1f\xa6\xa2P\x00\xc4" +
-	"\xd4\xf8\x17[\xb4Q\xb5lU\xef\xebr\xe9\xd9\x9c\xa1" +
-	"\xa9\x85A\xba]\x9d\xab\xc9\xe9M\xb4\x87xE7\x00" +
-	"r\xa2\xd8\x0a\x90U\xfbt\xc3dNQ\xb5\x0a$\x14" +
-	"\xf0\x05{K\x8f\xa2)z\x81\x85\x07M\x18}\x90w" +
-	"@\xde\x95c\x9e\x12\xb3\xf6\xb59\xc5T\xf8\x92%\xd7" +
-	"\x85\xfaX\xd4\x0d /\xe4Q\xce\xc5\xf4\xb1l\x09\x80" +
-	"\xbc\x94G\xf9\xf6\x98\xa5W\xb6\x02\xc89\x1e\xe5\xd5\x1c" +
-	":\x86\xa9\xf6\xa9z\x1b\x03\xde\x8c\x1b\xcc\xb2u\xa5\xc4" +
-	"\x00 P\xd8\x16\xa3LJ\xb40\x15\xa1t\x95\xa6j" +
-	"F\x0b\xd0\xce4\xcd\xb8\xcd0\xb5\xe2\x0a\xef\x1c\x83\xb4" +
-	"\xed\x9a2\\&\x8cay\xd78$\xb7Z`\xf3*" +
-	"\x16\xf3\xd6UL\xd7\x90\xd7v2\xab\xa2\xd9\x16\x80\x9c" +
-	"\x08\xc5\xafo\x02\x90'\xf2(\xa79\xcc\x9a.\x03\xa6" +
-	"\"P\xaf\xba\xea\xc5t]\xd1M\xd6\xa7Z63=" +
-	"\xf2\xb5YRx\xc9\x8a\x1fH\xfe\x97\xe2Q\x9e\xc6\xa1" +
-	"\xd3g*\x05\x96c&\xaaFq\xb9\xa2\x1by\x9e\x15" +
-	"\xb0\x068\xac\x19\xdf\x93\x16+\xaa\xc6\x8a\x9et\xf3\x0a" +
-	"\x19\xf7\x7f\x8a\xde:\xc7\xf1\xc2\xb7;\x0a\xdfz\xfc\xdc" +
-	"\xf1\xe3w(\x8a\xdfz\xee\xb7\xce\xe8\x00\xae\xe7?s" +
-	"\xfc\x10\xa6\x88\xb0y\x94\xef\xa4\x88\xa8\x94I\xa7\x16\xf0" +
-	"\x86\x89\xa9\x08%}\xed\xb0b\x1fiZ\x87,+\x90" +
-	"\xa21\x15d{\x8fA(\x1a\xfd\x98\x8aJ\x19\x7f\x99" +
-	"\xc9\xd63\xd3b9H\x9a\xc6\xc6ALEY\xbfJ" +
-	"\xebS.W\xeb\x81\xa1\xc3U\xe3\xaf7Y\xc1\x83\x0c" +
-	"\x7fy.\xe3\x19-\x06\x87\xa4\xa3\xd5<\xca\xfd\xb1 " +
-	"a=\x00r\x91G\xb9\x1c\x0b\x92\xd2\x92H\x9b\"\x1f" +
-	"\xe0!EN\x99Gy\x137\x12\xe1\xd8z\xa6\xdb\x0b" +
-	"\xd5>\x10\x98\xf5\xff\x10F#\xa4\xf4e\x0c\xa5\x8b\xb9" +
-	"$yK\x1d\x8fr\x03\xc15}e6\x056\x9d\x16" +
-	"\x16\xc2\x17?\xad\x8d\xfe\xf5\xc17\xe7\xefb\xfa\xf8\xdb" +
-	"\x10\x1e\xb6\x97\x0e{\x80G\xf9\xd1\x98*\xf7\x9b\x00\xf2" +
-	"\xc3<\xca\x878D_\x93O\x1c\x00\x90\x0f\xf1(?" +
-	"M\x9a\xe4<M\x1e\x9bCm\x13\x8f\xf2\xcf9\x14\x13" +
-	"|\x9a\xba\x02\xf1e\x0a\xa9\x9f\xf3(\xbf\xca\xa1X\x93" +
-	"Hc\x0d\x80x\x86\xacs\x9aG\xf9\x8d/B\xab\x82" +
-	"fT\x8a\xbd\x9a\x02\x19\x93\x15;\x16\x86t\xbdR\xca" +
-	"\x99l\xbd\x8aF\xc5j\xb1mV\x12\xca\xb6\x15$\x9e" +
-	"\xa4\xad\xf4Y8\x050\xc7#\xa6\xa2R\x12\x90\x88\xe1" +
-	"\x9eh\xb2\xe2*fZ*o\xe8a\xeePu\x9b\xe9" +
-	"\xf6R\x05\x84\x1e\xa6\x85\xd4q\xb0\xa5\xd3\x8f\x10\x8a\x0f" +
-	"?\xd8\x8d\x08\x0f\xb1\x8f`|\x9a\xe3\xf8J\\D\xba" +
-	"i\xe6Q^\xca\xe1t\xfc\x9c\xc8\xa4\xc7\x8eN\x00\xb9" +
-	"\x9dG\xb9\x8b\xc3\xe9\xdco\x89L\x9a\x94\xbb#4O" +
-	"\xf6\xdbv\x19SQ\x89\xe9\x1b{\x03\xeb\xb1\x8c\xc2Z" +
-	"\x06H\xa0\x18\xd6;\xfe\xd7~\x1f\xa4\x81\xd7\x8a\x98\x8a" +
-	"Z\xc4*O\xe1\xbf(Cg\xa9\x1e0L7\x01F" +
-	"\xe9\xe8\xe6H\x88\xc0;:\xba#\x09D\xae\xd9\x13K" +
-	"\xee\x89\xee\x9f)(\x15\x8b\x8d,-Zzm\xe0\x99" +
-	"\x19\xa2\xa9\xd5oT\xb4b'\x03\xc16\x07\x11\x81C" +
-	"\x1c\x1fc\x17\x1a\xed1\xc5{n<v\xda\x0c\xb3f" +
-	"w<k\xfa\xea_I\xea\xef\xf2P\xc2\xd1\x08\xa5\xf4" +
-	"v\x03x\xcb\x0e\xaf\xeb\x11s\x86\xeb\x9c\x02p(\x00" +
-	":\x95\xb2e\x9bL)\x01\x86\xdeF\xfcS.#\x19" +
-	"U\x81bNI\xbaq\xff\xbb\x94\xfa/?\x87{\xf9" +
-	"tD\x06?\x10K\xa8\x05\x7f5\xba\xcb\xdb\x0c]\xb8" +
-	"\xec*\xcdG0/\x87\xcc\xf3k\x02* \x83\xe4:" +
-	"\x9b\x92\xc1\xb5<\xca7\xc6\x93\xeb\\R\xd1\xf5<\xca" +
-	"\xb7p(0\x93\xf2d\xd8\xe9{\x87n\xb1\xbc\x8a\x14" +
-	"S\xd1\x18\xe7\xe2\xd7\x89\x15\xeb\xaa\xa1\x8fr\xc3\xc6(" +
-	"\\B\x13v\xdc\x1c\xb3k`\xc2e=\x91]\x85\xb5" +
-	"l0\xb0R\x86\x95\x145B#\xdf\xb8- |#" +
-	"\xe2\x19\xb7\xa8\xf5\x93\xbf\x97\xfa\xb3\x9e\xb5\xe8\x92\xe9\xf0" +
-	"\x92\x9b\x87\x01\xe4;y\x94\xef\x89]r\x07\xf5\x08\xf7" +
-	"\xf0(?\x10\xbb\xe4\x1eR\xe2.\x1e\xe5}\xb1\xec\xb9" +
-	"\x97\x0c\xbc\x8fG\xf9q\x0e1\xe1A\xfeA\x82\xfc\xc7" +
-	"y\x94\x8fr.`\xb7\xb7\xb4\x19:\xfa\x97\xb0\x00\xc2" +
-	">\xa1\x9f)\xa6\xdd\xc3\x14\xb4;t\x9b\x99\xeb\x15\xd4" +
-	"\x02H\xd8b\xab%fT\xec\x10\"J\xcaF\xb7\xb0" +
-	"\xc2b\xbb\xb7JPl\x0bk\x81\xc3Z\x8aH\x8b\x99" +
-	"m&+\"YC\xd1r\x0ao\xf7_\x8a\x82F\x82" +
-	"xr\x0c\xf5PY\xb6\x89G\xf9;\x04%\x18\x9b&" +
-	"\x89w\x0d\x00\xe7\"\x09\xc9\xbc\xae5^Zp^\x9a" +
-	"\x8b\xb7ZnB\x9c\x00 n%\xedl\xe7Q\xde\xc5" +
-	"\x05Wk7 \xebEh\xb5\xa9\xfdVf\x0b\xa1\xa6" +
-	"\xca\"y\xfdzAEC\xefr\x15\x85\x91\xa6\x0aF" +
-	"\xa9l\x92+\xab\x86.W\x14M\xe5\xed\xc1p\xe1\xb8" +
-	"\xba H\xf2ByE9\xe3\x1a\x8b\x94qK\xa0\x0c" +
-	"\xe9[\xb8\x04 \xbf\x1ay\xcc\xf7c\xe4.\x12\xc3V" +
-	"\x80\xfc\x1a\xa2k\x18y\x8c\xa4\xe2T\x80|\x91\xe8e" +
-	"\x0c;P\xa9\x84O\x02\xe4\xcbD\xde\x84Q\xa9 \x0d" +
-	"\xba\xdbo$\xfav\x8c\xaa\x05i+\xce\x01\xc8o\"" +
-	"\xfa\x03D\x9f\xc0\xb9\x9a\x94\xf6\xe0\x00@\xfe~\xa2?" +
-	"Lt\xa1&M\xed\xb6\xf4\x10\x9a\x00\xf9}D\x7f\x9c" +
-	"\xe8\x13\x1b\xd28\x11@:\xe8\xd2\x1f%\xfaa\xa2\xd7" +
-	"^\x95\xc6Z\x00\xe9\x87\xb8\x0d \x7f\x88\xe8O\x13}" +
-	"\x12\xa6q\x12\x80t\x0c\x1f\x04\xc8?M\xf4\x9f\x10}" +
-	"\xf2\x844N\x06\x90^t\xefs\x9c\xe8'\x88^\x97" +
-	"Hc\x1d\x80\xf4S<\x00\x90?A\xf4\xd3\x18\xe2]" +
-	"G1\x0e\xbb\xe4njTv\xf0\x86\x15\x9a\x9c\xf9\x1d" +
-	"(z9!g$\xa9\x05\xc5d4*\x06\xc4$\xa0" +
-	"S6\x0cm\xf9H8\xbfX\xe5\xe3\xbb\x0b$\x0d\xbd" +
-	"\xa3\x18\xc6\x9f\xe7dK\x0d\xc8\x14\x14\xad\xa3\x1c\xd5B" +
-	"VK\xc56*e\xc8\x14\x15\x9b\x15\xc3\x84lV\xf4" +
-	"\xc5\xa6Q\xeaBf\x96T]\xd1 \xfc2\x9e\xcf%" +
-	"+\x15\xb5\x18\xee=n\x01\x17\xba'W\xed\x9e\x99r" +
-	"S\x97\xd2W5-\x98\x13a}\x08]so\x8e\xa0" +
-	">\x19\x0f\xa9\xcczE\xab\xb0K\xa9\xec\xc6\xed?:" +
-	"\xb3^\xffr\xb165\x98m]\xbc4_Y\x95F" +
-	"\xbd\xe46j4\xd2\x1a\x09\x1b\xcaj\xfa\xe3\x92v." +
-	"J`\x81Iz\xfd6\x142\xb4w\xcc9\xc2\xe1\xa3" +
-	"\xef\x1c\x97\xaa\x89>f{\xbf:\xf4^\x83r\xbd\xa0" +
-	"\x94\xac/\xb9\xba\x93Y\xc9K\xd1b4N\xbcx2" +
-	"n\xef\xea\xcaE\x13\x09\xdeC\xf2\x1bC\xf0j\xc1N" +
-	"\x80|3E\xe7R\x0cu(u\xb8 \xd2N\xe4." +
-	"\x8cJXIv\xc1\"G\xf4\xd5\x1859\xd27\xdd" +
-	" \x8f00\xd1\xe2\x81\x17s\xb7\x0f\xb1N\xacA\x0f" +
-	"\xbcJ\xee\xfe\x1a\xd17\xc6\xc1\xab\x82\xc3#\xc0N\xe0" +
-	"=\xf0\xda\xea\x82\xcev\xa2\xefr\xc1+\xe1\x81\xd7N" +
-	"|\x0a \xbf\x8b\xe8\xfb\\\xf0\xaa\xf1\xc0k/>;" +
-	"\x02\xec&M\xf0\xc0\xeb\xa0\xcb\xff8\xd1\x8f\xba\xe0\xd5" +
-	"\xea\x81\xd7\x11\x17\xec\x0e\x13\xfd8\x81T\xc5\xd4\xf2\xb6" +
-	"\xa9\xea\x80}Ql\x14\xca\xdf`\xac\xdc\x02IM]" +
-	"\xcf\xc2\xc4RT\x15maE\xd1 \x93\xb7\x95\xc2\xda" +
-	"\xa8N\xd7\xacvE/Z\xd8\xaf\xace\x94\x8e\x84x" +
-	"\xe2\xb65k\x153\xd5^\xc0\xa8\xb2\x0f\x0b\x99d\xce" +
-	"0\xaa\xeb\x1b\xb7@d\xa6\x87p\xe1\xb7\x92\xb2\xb1\xa3" +
-	"\xa8\xb16\x0c\xca\x19^\x8f\xd2\xa1J_\x0c]G\xaf" +
-	"\xc6\xe8R3#\x8b\x87\xb2\xdf+\x04EHW\xb6\xaa" +
-	"\xba`\x1b\xcb\xac`\xb7\x19\xa8\xdb\xaa^a\xa36(" +
-	"\xf4W\xf4\xb5\xac\xb8\x08\xf5\x82QT\xf5>\x18\xd5\xa4" +
-	"\xf0_4\x08\x8aU]n4c\xec!M\x9c\xdd\x04" +
-	"\x9c\x0b]TC\x88MQ\xab\x9f-\xb8\xab\xb2&S" +
-	"\xacX\x97:\xcei\xfe\xe0\xd2\x0b2\xaf\xad\xaf\x01\x08" +
-	"_\x9d0\x98\xdc\x8bG\x86\x80\x13\x9f\x100z\xf0\xc0" +
-	"\xe0}C|\xc8\x04N\xdc# \x17\xbe\x06b\xf0\x92" +
-	"'\xee\x18\x06N\xbcK@>|\xa1\xc3`,.\x0e" +
-	"\xb6\x02'\x96\x04L\x84\xaf\x95\x18\xcc\xd4E\x85\xea\xa4" +
-	"o\x0aX\x13>\xfda\xf0p#.\xdb\x06\x9c\xb8H" +
-	"p\x82v\x08\xb2\x9e\x18\xcd\xe8\x04\x80\x01\x19\x172\x9a" +
-	"\xd1\x09FI\x18\xb4M\x00\xcd\xb8\xc5\x87\xe7ft\x82" +
-	"a*$\x0b\x8a\xcd\x9a\xa9\xd7\xf4>\xa2\x0f\xde\xd0\x8c" +
-	"\xf1!%\xffE\x0d\xce\xd8\x85rkT\xcc\x05\x00\xbc" +
-	"u8\xaa\xe5\xc2\xa6r\xe7\x93\xf1:\xd9\x9f\x8d\xec\xdd" +
-	"\xe6OV\x8e\xc6f#G\xa8x>\xca\xa3\xfc\x0b." +
-	"\xaa\x0c\x02\x9f\x0e\xe6zh\x98A\x97;\xcex\xcf\xf7" +
-	"|\xbf\x86\xad\x1e\xf29E\xa3\xdf\xadq\xd1\xdb\xca\x82" +
-	"(\x1d\xc4'\x7fSb\x93?\x0c\xfakaD\xf6\x88" +
-	"\xcf\x01\xa7\\\xa4Y\x8bw\x8bn:K\xb8.\x19\xbc" +
-	"sb\xf0$-\x8a\xe4Z\xf5\x82\x13t\x94\x18\xe4B" +
-	"\xa82\xd9e\xb6\xd5\x9d,\xf3\xbfI\xd6c8\x88w" +
-	"N\x92<\xd2\x13(\xdcw 6\xa7\xd3\x0c\xbf#L" +
-	".\x8f\x17\xf5\xe3\xe8\xca\xbbpP\x82'i1\xed?" +
-	"-\xdc\xffX\xa3?\\;\x1e+v\x9ei\xf4\x1d\xe8" +
-	"\x85X\x9f\xf6\xdc\x12\x00\xf9\xb87q\x0b\x1e}\xce\x90" +
-	"\xa3\xbe\xca\xa3\xfcv\xcc\xfd\xde$\xc67x\x94\xdf\x8b" +
-	"\xf2\x95\xf8\x1b\xeaY\xde\xe3Q\xfe/JV\x09\xafg" +
-	"\xb9@\xfd\xe9\xc7<v\xa2\xdf?\x07/B\x153B" +
-	"o\xcd\xe8[\xaa\xea\xcc\xa2\xb2\xb4j*\x12<3\xa1" +
-	"M\x98X1\x09\xd8G\x02h\xc7\xc2X5\x1b\x0e\x89" +
-	"\x90\x99y\x8a\xe1\"Z\xe1\xf0e\xec\xb1\xec8\xaa\xcd" +
-	"\xfb\x81\xe4\xc5\x91_\x17\xc4\xba\xf4\x03\xb1\x01V\xa0X" +
-	"\xf9Y\x7f0\xb4&\xa6\xd8o\xf5D\x83f\x02\x1bc" +
-	"e\xb9\xa8\xa0\xcd\x16\x9bl]\x85\x09za0\xeaV" +
-	"\xa9_+X+\xb1L\x15\xf4b\x93e\xd7UX\x9c" +
-	"!x\\\x00A5\x8a\xa3^\x15\xc6\xa8\x12oc=" +
-	"y\xa3\xb0\x96\xd9#\x1e]\xaa\x1e\x06;\xa3\x97\x85\xf0" +
-	"]\xb03\xfe.\xe8C\xd4\xba\x81h\xe6\x1dB\xd4\xe0" +
-	"p\xd4\xea\x8e]\x16\xfc\xdfd\xf2/\xf56FE\xb1" +
-	"p)\x05c\xf8';_r\x02\x7f\xa9\xf5}\xf4\xe2" +
-	"{\x99S+\x08q\x03c\x7f\xd1A\x87p\xfe\xe6\xff" +
-	"\x13\x00\x00\xff\xff<\x08\xe4z"
+const schema_db8274f9144abc7e = "x\xda\xccZ{\x90Tev?\xe7\xde\x1e\xee\x0c\xcc" +
+	"\xd0}s\xdbr\xa0\x18:\xa0Da\x85\x88\xb3$\xee" +
+	"$\xd9\x9e\x07\xc3\xce\xb0<\xe6N\xcf\xa0\x8e$\xe5\x9d" +
+	"\xeeof\xee\xd0}os\x1f\xc0\x10X\x1e\x85Q&" +
+	"\xa0\xe8J\x0a\\\xdcR\\\xe3#&+.VV\x03" +
+	"\x96&\x9b\xa8Y\x89\xeb\x06R\xb2\xd1\x0a\x0aVJK" +
+	"\xcb\xc5G\x19R\xeaM\x9d\xfb\x9ef\x18\xc0$U\xfb" +
+	"\x0ft\x9d{\xbe\xc7y\xfd\xce\xe3\x9b\xeb\xef\x9a\xdc\xcc" +
+	"-\xac\xba&\x09 ?U5\xc9a\xf3~\xb9\xf1\xc1" +
+	"9\xff\xb0\x1d\xe4\xe9\x88\xce\xf7\x8e,M\x9f\xb3\xb6\xff" +
+	";T\xf1\x02@\xe3\x88\xb0\x11\xa5\xdd\x82\x00 \xed\x14" +
+	"\xfe\x13\xd0\xa9\xfa\x9d\x13\xa7\xca\xa7\x84\x1d N\x8f3" +
+	"s\xc4\\\xaa^\x8a\xd2\xb6jb\xde\\\xbd\x1e\xd0\xf9" +
+	"\xc3\xd2k\x07\x7fo\xef\xcf\x89\x99\x8b\x98\x01\x1b\xdf\xad" +
+	"\xde\x88\xd29\x97\xf3\xb3\xea\x95\x80\xce'\xf7\xd5\xff\xd5" +
+	"C\xff\xf2\xf2\xed ^\x83\xe0\x9f]W\xf3+\x04\x94" +
+	"f\xd5\xfc\x18\xd0\xf9\xd7\xeb7\x9d\xb9\xed\x93{\xee\x1c" +
+	"{n\x82\xf8^\xac\x19E\xe9d\x8d\x00\xbc\xf3\xc0\xad" +
+	"\xe9\x7f\xc6\x07?\xbf\x07\xc4ki\x1b\xa4\xcf\xcf\xd4L" +
+	"\xe6\x00\xa5c5Y@\xe7\xb5\xeb\x8e<\xb7\xe7'w" +
+	"\xfc\x00\xe4k\x10\xc1[\xffa\xcd\x7f\xd398\x99\x18" +
+	"\xce\xfe\xe8\x1b\x89\xbf~\xed\xb7~\xe828\x8f\xbc~" +
+	"\xd3\xd3{~\xf2\xdb\xefC/'`\x02\xa0q\xeed" +
+	"\x83x\x17M&]\xdc\xf7\xc6\xd1\x15\xa5{\xee?\xe8" +
+	"]\xda\xdd\xeb\x8a)\x1c\x07\x09gG\xe7\xe7\xa5\xde\x87" +
+	"s\x0f\xfb\xe2\xb8\x9fj\xa6|LK\x1b\xa6\xd0\xd2E" +
+	"\xbfzw\xe5\xf2\xa7\x07\x1e\xf5\x19\xdc\x8b\x9e\x9b\xf24" +
+	"1\xd4\xd4\xd2=^^\x9f\xda\xd5\xf2\xfbw?Zi" +
+	"\x95*\xe2\x9c_;\x8aR{-\xfdl\xa9\xbd\x09\x01" +
+	"\x9d\xd1o\x1d]\xf5\xc9\x9f\x99O\x80<\x1f\x13\xce\xcf" +
+	"v\x9e^7\xf7\xf1\x81\x97\xdck\xf3\x00\x8d\xcf\xd6\xfd" +
+	"\x92\xb6>VG\xaa\xac\xfb\xbby+\xee>\xb3\xec\x10" +
+	"m\x1d3\x8bw\x89\xd2\xd4&\x946O%\xcb\x8cL" +
+	"%\xee_\\\xb7\xea\xf9\xe7\x9f\x1a<Ty\x11\xd7\xe2" +
+	"\xd3\x92KQ\x9a\x9f$\xee\xb9I\xe2\xbe\xa2\x13\xdf|" +
+	"aa\xe2o\xe3v|+\xf9>\x1d~\xd6e\xb8\xf5" +
+	"\x8bg\xfe\xbe\xfd\xa3\xe3\xcf\xc6-tO\x8a#\x0b=" +
+	"\x92\"\xc1\xfbF\xb1\xf4fS\xf3\xf3 _\x8b\xe8\x0c" +
+	"\xef\xdddu\xec\xdb\xed@/\x0a\xc8\x014\x1eKm" +
+	"\xa4\xcdN\xa6\xc8\xbf\x1a>l\xad\xd3>\xda\xfeB\x85" +
+	"3\xba\xa7.\x12\x97\xa2\xd4)\xd2\xd5\xda\xc5\x1f\x03~" +
+	"\xfe\xc4\x1d{:O/~I\x9e\x8e\x89J\xa1\xdf\x16" +
+	"7\xa2\xf4\x19\xf16\x9e\x153\xa4\xcfP\x83\x15\xec\xae" +
+	"\xd4\xb3\xa4a\x94\x16I\xf4s\xa1\xe4\xb2/\xbd\xf5\xfb" +
+	"\xf7V\xbd\xfb\xfd\x97*UJ\x1e\xde\xf8Gi\x03%" +
+	"9M?\x97\xa7\xaf\xe4\x01\x9d\xe9O\xfd\xc1\xdf\xb4\x16" +
+	"N\xfe|\x9c \x92\x8e]\xf9\xb1t\xf2J\xfau\xe2" +
+	"J\x92\xf1\xf4\xfcC\x7f\xfa\xde\xee\xd7\x8f\xc7=ea" +
+	"\xbd\xeb\xb1\xed\xf5\xa4\xb0;\xbe1\xb2q\xc5\x9c\xd1\x13" +
+	"\x95\x06r9Y\xfd(J\x9b\xeb]s\xd6\xd3v\xdc" +
+	"\xbb\xca\xb4\xad\xff\xf6\xed7c>\xfb^\xfd;\x08\x09" +
+	"g\xc5\xaa[\x87k6\x9f>\x1d?\xe8\xadz\xcft" +
+	"\xeeA\x87\xc5{\xa5#\x0f\xfd\xe5\x19:H\xa8T\xb7" +
+	"8\xad\x0f\xa59\xd3\\\xf5L{\x94\x83X\xec\x8c\xe7" +
+	"8\x0d3\x9aP\x9a?\xc3u\x9c\x19t\xafE\xb7\xb5" +
+	"\xb0\xd57\xde\xfc>\x88\xd3\xf91P\xa1\x12\xe7\x08q" +
+	"6\xda3\xee@is\x83\x00\xe0\xdc5\xd8\xf7\xca\xd9" +
+	"\xb6\x87~]\xb9\xb9+\x10khB\xc9&\xbe\xc6\xb5" +
+	"\x0d\xae}\x1a\x17\xfe\xf9\x87{\x1fn;{\xde\xeeG" +
+	"g\xb6\xa2tl&\xdd\xe3\x95\x99\xdf\x91\xce\xcdt7" +
+	"\xff\xde\xe2\x95\xdf\x9a\xfd\xe2\xc7qM\xbc=\xd3\x8d\xde" +
+	"\xcff\x92&\x06n\xfc\xe0;s\xee\xfa\xa7\x8f+\xec" +
+	"\xe72^\x91\x99\x87\xd2\x9c\x0c\xed8+\x93\x05\xfch" +
+	"\xc9\x0f\x8fOON\xfft\xbc8n\xcf\x0c\xa3t\x0b" +
+	"\xf16\xf6f\xee\xa6\x8b\xde\xfc\xce\xfd\xeb\xb3?\xf8\xf4" +
+	"s\x92\x8b\xaf\xc0\xb9\x9aY}(5\xcc\xa2\x9d\xa7\xcd" +
+	"\xa2XZ\xf6\xe4\xc9o\x0f\xed}\xf9\xdc\xb8\xc8\xfd\x8f" +
+	"\xb3\xb6\xa3t\xd2\xe5>1\x8b \xe7/\x84\x03\xa7\xb7" +
+	"\xfe\xc7\x9f|\x11\x97\xea\xe8\xecwH\xaa\xd7g\x93T" +
+	"\x9b>\xda\xdfq\xf7\xea'\xbf\x8a3\x9c\x9d\xfd\x9c\x8b" +
+	"\x8dW\x11C\x18\x8c\xe3y\xda\xac\xabZQZx\x15" +
+	"\x9d7\xff\xaa,\xccw,[\xd3X\xd1('\xf2\xbf" +
+	"\x1b\xfc\xcc/\xc8+e\xad\xdc\xd4b[CL\xb3\xd4" +
+	"\xbcb\xb1n\x965\xcb\xbaf\xb2.D9\xc5'\x00" +
+	"\x12\x08 *\xc3\x00\xf2m<\xcaE\x0eE\xc44\xa1" +
+	"\xb5\xa8\x12q\x88G\xd9\xe2P\xe4\xb84!\x82\xb8v" +
+	"6\x80\\\xe4Q\xde\xc0!\xf2i\xc2;\xd1\xbe\x17@" +
+	"\xde\xc0\xa3\xbc\x83C\xa7\xcc\x8c\x92\xa21\x0d\x92V\xbb" +
+	"a`-pX\x0b\xe8\x18\xcc2F\x94\xfe\"$Y" +
+	"\x8c,\x0c\xaf\xb7\xb0\x0e8\xac\x03t\x86t\xdb0{" +
+	"5\x0b\xd5b7\x1b0\x98\x89C8\x098\x9c\x048" +
+	"\x91xm\xba\xa6\xb1\xbc\x95\xb3\xf3yf\x9a\x00$Y" +
+	"u(\xd9\xdc\xfb\x01\xe4\xebx\x94o\x8cI\xb6\x88$" +
+	"\xfb&\x8fr3\x87\x8e\xc9\x8cu\xccX\xa6c^\xb1" +
+	"T][\xa1\xf0%\x16^;_T\x99f\xb5\xe9\x90" +
+	"\xd4\x06\xd4ALE\xa1\x00\x88\xa9\x89/\xd6\xbeA5" +
+	"-U\x1b\xecq\xe9\xd9.\xbd\xa8\xe6G\xe8v\xb5\xae" +
+	"&\x1b\x9ah\x0f\xf1\x8a>\x00\xe4D\xb1\x15 \xab\x0e" +
+	"j\xba\xc1\x9c\x82j\xe6I(\xe0\xf3\xd6\x96~\xa5\xa8" +
+	"hy\x16\x1e4\xe9\xfc\x83\xbc\x03r\xae\x1c\x0b\x94\x98" +
+	"\xb5\xaf\xeeR\x0c\x85/\x99rm\xa8\x8f\xf6>\x00y" +
+	"1\x8frWL\x1f\xcb\x97\x02\xc8\xcbx\x94o\x8eY" +
+	"\xba\xb7\x15@\xee\xe2Q^\xcd\xa1\xa3\x1b\xea\xa0\xaa\xb5" +
+	"1\xe0\x8d\xb8\xc1LKSJ\x0c\x00\x02\x85m\xd1\xcb" +
+	"\xa4D\x13S\x11JWh\xaa\xea|\x01:X\xb1\xa8" +
+	"\xdf\xa4\x1b\xc5\xc2J\xef\x1c\x9d\xb4\xed\x9a2\\&\x8c" +
+	"cy\xd78$\xb7\x9ag\x0bl\x93y\xebl\xc35" +
+	"\xe4\xd5\xdd\xcc\xb4\x8b\x96\x09 'B\xf1\xeb\x9a\x00\xe4" +
+	"j\x1e\xe54\x87Y\xc3e\xc0T\x04\xea\x15W\xbd\x98" +
+	"\xaem\xcd`\x83\xaai1\xc3#_\x9d%\x85\x97\xcc" +
+	"\xf8\x81\xe4\x7f)\x1e\xe5\x19\x1c:\x83\x86\x92g]\xcc" +
+	"@U/\xacP4=\xc7\xb3<V\x01\x87U\x13{" +
+	"\xd2\x12E-\xb2\x82'\xdd\x82|\xc6\xfd\x9f\xa2\xb7\xd6" +
+	"q\xbc\xf0\xed\x8b\xc2\xb7\x0e\xbfr\xfc\xf8\xdd\x18\xc5o" +
+	"\x1d\xf7\xa5s~\x00\xd7\xf1_8~\x08SDX<" +
+	"\xca[)\"\xec2\xe9\xd4\x04^70\x15\xa1\xa4\xaf" +
+	"\x1dV\x18$Mk\x90eyR4\xa6\x82l\xef1" +
+	"\x08\x05}\x08SQ)\xe3/3\xd8:f\x98\xac\x0b" +
+	"\x92\x86\xbea\x04SQ\xd6\xaf\xd0\xfa\xd4\xcb\xd5z`" +
+	"\xe8p\xd5\xc4\xeb\x0d\x96\xf7 \xc3_\xde\x95\xf1\x8c\x16" +
+	"\x83C\xd2\xd1j\x1e\xe5\xa1X\x90\xb0~\x00\xb9\xc0\xa3" +
+	"\\\x8e\x05Iii\xa4M\x91\x0f\xf0\x90\"\xa7\xcc\xa3" +
+	"\xbc\x89\x1b\x8bpl\x1d\xd3\xac\xc5\xea \x08\xcc\xfc\x7f" +
+	"\x08\xa31R\xfa2\x86\xd2\xc5\\\x92\xbc\xa5\x96G\xb9" +
+	"\x9e\xe0\x9a\xbe2\x8b\x02\x9bN\x0b\x0b\xe1\x8b\x9f\xd6F" +
+	"\xff\xfa\xe0\xdb\xe5\xefb\xf8\xf8[\x1f\x1e\xb6\x9f\x0e\xdb" +
+	"\xc7\xa3\xfc\xa3\x98*\x1f2\x00\xe4\x07y\x94\x9f\xe4\x10" +
+	"}M>~\x10@~\x92G\xf9\xa7\xa4I\xce\xd3\xe4" +
+	"3\xf3\xa8m\xe2Q~\x95C1\xc1\xa7\xa9+\x10_" +
+	"\xa1\x90z\x95G\xf9\x0d\x0e\xc5\xaaD\x1a\xab\x00\xc4\x13" +
+	"d\x9d\xe3<\xca\xa7.\x84V\xf9\xa2n\x17\x06\x8a\x0a" +
+	"d\x0cV\xe8\\\x1c\xd25\xbb\xd4e\xb0u*\xea\xb6" +
+	"\xd9bY\xac$\x94-3H<IK\x194q*" +
+	"`\x17\x8f\x98\x8aJI@\"\x86{\xa2\xc1\x0a\xab\x98" +
+	"a\xaa\xbc\xae\x85\xb9C\xd5,\xa6Y\xcb\x14\x10\xfaY" +
+	"1\xa4N\x80-\xdd~\x84P|\xf8\xc1\xaeGx\x88" +
+	"\x83\x04\xe33\x1c\xc7Wb;\xe9\xa6\x99Gy\x19\x87" +
+	"\x0d\xf8\x15\x91I\x8f\x9d\xdd\x00r\x07\x8fr\x0f\x87\x0d" +
+	"\xdc\x97D&M\xca}\x11\x9a'\x87,\xab\x8c\xa9\xa8" +
+	"\xc4\xf4\x8d\xbd\x9e\xf5\x9bz~\x0d\x03$P\x0c\xeb\x1d" +
+	"\xff\xeb\x90\x0f\xd2\xc0\x17\x0b\x98\x8aZ\xc4\x0aO\xe1/" +
+	"\x94\xa1\xb3T\x0f\xe8\x86\x9b\x00\xa3ttC$D\xe0" +
+	"\x1d\x9d}\x91\x04\"\xd7\xec\x89%\xf7G\xf7\xcf\xe4\x15" +
+	"\xdbdcK\x8b\x96\x01\x0bxf\x84hj\x0e\xe9v" +
+	"\xb1\xd0\xcd@\xb0\x8c\x11D\xe0\x10'\xc6\xd8\xc5zG" +
+	"L\xf1\x9e\x1b\x8f\x9f6\xc3\xac\xd9\x17\xcf\x9a\xbe\xfa{" +
+	"I\xfd=\x1eJ8EB)\xadC\x07\xde\xb4\xc2\xeb" +
+	"z\xc4.\xdduN\x018\x14\x00\x1d\xbblZ\x06S" +
+	"J\x80\xa1\xb7\x11\xff\xd4\xcbHF\x15\xa0\xd8\xa5$\xdd" +
+	"\xb8\xffMJ\xfd\x97\x9f\xc3\xbd|:&\x83\x1f\x8c%" +
+	"\xd4\xbc\xbf\x1a\xdd\xe5m\xba&\\v\x95\xe6#\x98\x97" +
+	"C\x16\xf85\x01\x15\x90Ar\x9dK\xc9\xe0j\x1e\xe5" +
+	"\xeb\xe3\xc9u>\xa9\xe8Z\x1e\xe5or(0\x83\xf2" +
+	"d\xd8\xe9{\x87n1\xbd\x8a\x14S\xd1\x18\xe7\xe2\xd7" +
+	"\x89\x15\xeb\xaa\xae\x9d\xe7\x86\xb3\xa3p\x09M\xd8yC" +
+	"\xcc\xae\x81\x09\x97\xf7Gv\x15\xd6\xb0\x91\xc0J\x19V" +
+	"R\xd4\x08\x8d|\xe3\xb6\x80\xf0\xdd\x88g\xc2\xa2\xd6O" +
+	"\xfe^\xea\xcfz\xd6\xa2K\xa6\xc3Kn\x1e\x05\x90\xb7" +
+	"\xf2(\xef\x8a]r'\xf5\x08\xbbx\x94\xf7\xc5.\xb9" +
+	"\x97\x94\xb8\x87G\xf9@,{\xee'\x03\x1f\xe0Q~" +
+	"\x8cCLx\x90\xff\x08A\xfec<\xca\x879\x17\xb0" +
+	";Z\xdat\x0d\xfdK\x98\x00a\x9f0\xc4\x14\xc3\xea" +
+	"g\x0aZ\x9d\x9a\xc5\x8cu\x0a\x16\x03H\xd8b\xa9%" +
+	"\xa6\xdbV\x08\x11%e\x83[Xa\xa1\xc3[%(" +
+	"\x96\x895\xc0a\x0dE\xa4\xc9\x8c6\x83\x15\x90\xac\xa1" +
+	"\x14\xbb\x14\xde\x1a\xba\x14\x05\x8d\x05\xf1\xe48\xea\xa1\xb2" +
+	"l\x13\x8f\xf2\x9d\x04%\x18\x9b&\x89\xb7\x0f\x03\xe7\"" +
+	"\x09\xc9\xbc\xb65^Zp^\x9a\x8b\xb7ZnB\x9c" +
+	"\x04 n#\xed\xec\xe0Q\xde\xc3\x05W\xeb\xd0!\xeb" +
+	"Eh\xa5\xa9\xfdVf\x0b\xa1\xa6\xca\"y\xfdzA" +
+	"E]\xebq\x15\x85\x91\xa6\xf2z\xa9l\x90+\xab\xba" +
+	"&\xdbJQ\xe5\xad\x91p\xe1\x84\xba H\xf2By" +
+	"e9\xe3\x1a\x8b\x94qc\xa0\x0ci\x04\x97\x02\xe46" +
+	" \x8f\xb9\x1d\x18\xb9\x8b\xb4\x0d[\x01r\x9b\x88~'" +
+	"F\x1e#\xdd\x8e\xd3\x01r[\x89\xbe\x0b\xc3\x0eT\xda" +
+	"\x89O\x00\xe4v\x11y\x1fF\xa5\x82\xb4\xd7\xdd\xfe>" +
+	"\xa2?\x88Q\xb5 =\x80\xf3\x00r\xfb\x88~\x98\xe8" +
+	"\x938W\x93\xd2!\x1c\x06\xc8=E\xf4#D\x17\xaa" +
+	"\xd2\xd4nK\xcf\xa2\x01\x90\xfb)\xd1\x7fF\xf4\xea\xfa" +
+	"4V\x03H/\xba\xf4\x17\x88\xfe*\xd1k\xa6\xa5\xb1" +
+	"\x06@z\x05\xb7\x03\xe4^&\xfaq\xa2O\xc64N" +
+	"\x06\x90^\xc7\xfb\x01r\xc7\x89~\x8a\xe8S&\xa5q" +
+	"\x0a\x80\xf4\x96{\x9f7\x88~\x86\xe8\xb5\x894\xd6\x02" +
+	"Ho\xe3A\x80\xdc\x19\xa2\xff\x9a\xe8uB\x1a\xeb\x00" +
+	"\xa4\x0f]\xb9> z5\x17\xe2`g!\x0e\xc7\xe4" +
+	"\x86jT\x8e\xf0\xba\x19\xba\x02\xf3;S\xf4rE\x97" +
+	"\x9e\xa4\xd6\x14\x93\xd1\x08\x19\x10\x93\x80NY\xd7\x8b+" +
+	"\xc6\xc2\xfc\xc5*\"\xdf\x8d \xa9k\x9d\x850.=" +
+	"\xe7[\xa6C&\xaf\x14;\xcbQ\x8dd\xb6\xd8\x96n" +
+	"\x97!SP,V\x08\x13\xb5akK\x0c\xbd\xd4\x83" +
+	"\xcc(\xa9\x9aR\x84\xf0\xcbD\xbe\x98\xb4m\xb5\x10\xee" +
+	"=aa\xe7\x0c0\xc5\xb2\x0df\x92h\x17\xc8\xb8\\" +
+	"\xa5Gg\xcaM=\xca`\xc5\x80a^\x94\x1eB\xb4" +
+	"\x9b\x7fC\x94\x1d\x92\xf1(\xcc\xacS\x8a6\xbb\x94b" +
+	"p\xc2\x96\xa5;\xeb\xb5<\x17\xebl\x83q\xd8\xc5\xab" +
+	"\xf9\xde\x8a\xcc\xeb\xe5\xc3\xf3\xa6)\xad\x91\xb0\xa1\xac\x86" +
+	"?a\xe9\xe0\xa2\x9c\x17Xk\xc0\xef\\!C{\xc7" +
+	"\xfc&\x9cW\xfa~s\xa9\x9a\x18d\x96\xf7\xabS\x1b" +
+	"\xd0\xa9<\x10\x94\x92\xf95Ww33y)Z\x8c" +
+	"&\x90\x17\xcf\xdf\x1d==]\xd1\x10\x83\xf7\xc0\xff\xfa" +
+	"\x10\xefZ\xb0\x1b \xd7L\x81\xbb\x0cC\x1dJ\x9d." +
+	"\xeet\x10\xb9\x07\xa3\xaaW\x92]|\xe9\"\xfaj\x8c" +
+	"\xfa\"\xe9\x16\x17\x17V\x13}\xc8\xc5\xbb\x16\x0f\xef\x98" +
+	"\xbb}\x81\xe8e\x17\xef\xd0\xc3\xbb\x92\xbb\x7f\x91\xe8\x1b" +
+	"\xe2xg\xe3\xe8\x18\xf8\x15x\x0f\xef\xb6\xb98\xb5\x83" +
+	"\xe8{\\\xbcKxx\xb7\x1b\x9f\x06\xc8\xed!\xfa\x01" +
+	"\x17\xef\xaa<\xbc\xdb\x8f\xcf\x01\xe4\x0e\x10\xfd1\x17\xef" +
+	"&yx\xf7\x88\xcb\xffX\x88\xb3SZ=\xbc;\xe4" +
+	"\xe2c\x88\xb3\x8em\x14s\x96\xa1j\x80\x83Ql\xe4" +
+	"\xcb\xdfe\xac\xdc\x02\xc9\xa2\xba\x8e\x85\xb9\xa8\xa0*\xc5" +
+	"\xc5\xb6R\x84L\xceR\xf2k\xa2\xd2\xbehv(Z" +
+	"\xc1\xc4!e\x0d\xa3\x0c&\xc4s\xbdU4W1C" +
+	"\x1d\x00\x8c\x9a\x81\xb0\xf6Iv\xe9zeI\xe4\xd6\x94" +
+	"\xcc\xf0\xc0/\xfcVR6t\x16\x8a\xac\x0d\x83\x0a\x88" +
+	"\xd7\xa2\x0c\xaa\xd2\x17]\xd3\xd0+Kz\xd4\xcc\xd8z" +
+	"\xa3\xec\xb7\x17A\xdd\xd2\x93\xad(H\xd8\x862\xcb[" +
+	"m:j\x96\xaa\xd9\xec\xbc\x0d\xf2C\xb6\xb6\x86\x15\xda" +
+	"Q\xcb\xeb\x05U\x1b\x84\xf3\xfa\x1a\xfeB\xb3\xa3X\xa1" +
+	"\xe6F3\xc6\xde\xde\xc4\xb9M\xc0\xb9\xd0Ee\x87\xd8" +
+	"\x14M\x07\xb2ywU\xd6`\x8a\x19kl'8\xcd" +
+	"\x9fuzA\xe6M\x02\xaa\x00\xc2\x87*\x0c\x86\xfd\xe2" +
+	"\xa1\x8d\xc0\x89\x8f\x0b\x18\xbd\x91`\xf0$\">`\x00" +
+	"'\xee\x15\x90\x0b\x1f\x101x\xfc\x13w\x8e\x02'\xde" +
+	". \x1f>\xeaa0I\x17GZ\x81\x13K\x02&" +
+	"\xc2\x07N\x0c\xc6\xf0\xa2B\xa5\xd5-\x02V\x85\xaf\x85" +
+	"\x18\xbc\xf5\x88\xcb\xb7\x03'\xb6\x0bN\xd0AA\xd6\x13" +
+	"\xa3\x19\x9d\x000 \xe3BF3:\xc1\xf4\x09\x83N" +
+	"\x0b\xa0\x19\xb7\xf8\xf0\xdc\x8cN0\x7f\x85d^\xb1X" +
+	"3\xb5\xa7\xdeG\xf4\xc1\x1b\x9a1>\xd7\xe4/\xd4\x13" +
+	"\x8d_[\xb7F\xf5_\x00\xc0\xdbF\xa3\xf2/\xecC" +
+	"w?\x11/\xad\xfdq\xca\xfe\xed\xfe0\xe6pl\x9c" +
+	"r\x88\xea\xed\xc3<\xca\xbf\xe0\xa2\xa2!\xf0\xe9`\x14" +
+	"\x88\xba\x114\xc6\x13L\x04}\xcf\xf7\xcb\xde\xca\xb9\xa0" +
+	"S\xd0\x87\xdc\xb2\x18\xbd\xadL\x88\xd2A|X85" +
+	"6,\xc4\xa0%\x17\xc6d\x8f\xf8\xe8p\xeaE\xfa\xbb" +
+	"x\x83\xe9\xa6\xb3\x84\xeb\x92\xc1\xd3(\x06\xaf\xd8\xa2H" +
+	"\xaeU'8A\x13\x8aA.\x84\x0a\x93]f'\xde" +
+	"\xcd2\xff\x9bd=\x8e\x83x\xe7$\xc9#=\x81\xc2" +
+	"}\x87c\xa3\xbd\xa2\xee7\x91\xc9\x15\xf1>`\x02]" +
+	"y\x17\x0e\xaa\xf6$-\xa6\xfdg\x84\xfb?3\xdb\x9f" +
+	"\xc7\x1d\x89\x15;\xcf\xce\xf6\x1d\xe8\x85Xkwt)" +
+	"\x80|\xc4\x1b\xd2\x05\xefD'\xc8Q\xdf\xe0Q>\x13" +
+	"s\xbf\xb7\x89\xf1\x14\x8f\xf2\x07Q\xbe\x12\xdf\xa36\xe7" +
+	"\x03\x1e\xe5\xff\xa2d\x95\xf0\xda\x9c\xcf\xa8\xa5\xfd\x94\xc7" +
+	"n\xf4[\xee\xe0\x11\xc96\"\xf4.\xea\x83\xcbTm" +
+	"\xdc\xb2.x\x99B\x8b0\xd16\x08\xd8\xc7\x02h\xe7" +
+	"\xe2X\xa1\x1b\xce\x95\x90\x199\x8a\xe1\x02\x9a\xe1\xbcf" +
+	"\xfcI\xee\x04\xaa\xcd\xf9\x81\xe4\xc5\x91_\x17\xc4\x1a\xfb" +
+	"\x83\xb1\x99W\xa0X\xf99\x7f\x96t[L\xb1\x7f\xdc" +
+	"\x1f\xcd\xa6\x09l\xf4\xderAA\x8b-1\xd8Z\x9b" +
+	"\x09Z~$jp\xa9\xc5\xcb\x9b\xbdX\xa6\xe2z\x89" +
+	"\xc1\xb2km\x16g\x08\xde#@P\xf5\xc2y\x0f\x11" +
+	"\xe3T\x897\xb1\xfe\x9c\x9e_\xc3\xac1\xef4\x15o" +
+	"\x89\xdd\xd1cD\xf8\x94\xd8\x1d\x7fJ\xf4!j\xedp" +
+	"4&\x0f!jd4\xea\x8e\xc7/\x0b\xfeo2\xf9" +
+	"\xd7zN\xa3\xa2X\xb8\x94\x821\xfc+\x9f\xaf9\xb4" +
+	"\xbf\xd4\xfa>z$\xbe\xccA\x17\x84\xb8\x81\xb1?\x02" +
+	"\xa1C8\x7f\xf3\xff\x09\x00\x00\xff\xff\xa6\xa4\xec\x8a"
 
 func init() {
 	schemas.Register(schema_db8274f9144abc7e,

From 8f9bbcb9a0830a895f22639143c9093cf2ef9c05 Mon Sep 17 00:00:00 2001
From: Areg Harutyunyan <areg@cloudflare.com>
Date: Thu, 27 Feb 2020 16:02:52 +0000
Subject: [PATCH 008/100] Release 2020.2.1

---
 RELEASE_NOTES | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/RELEASE_NOTES b/RELEASE_NOTES
index 4edc2d5e..52fdc8a6 100644
--- a/RELEASE_NOTES
+++ b/RELEASE_NOTES
@@ -1,3 +1,14 @@
+2020.2.1
+- 2020-02-20 TUN-2745: Rename existing header management functions
+- 2020-02-21 TUN-2746: Add the new header management functions
+- 2020-02-25 perf(cloudflared): reuse memory from buffer pool to get better throughput (#161)
+- 2020-02-25 Tweak HTTP host header. Fixes #107 (#168)
+- 2020-02-25 TUN-2765: Add list of features to tunnelrpc
+- 2020-02-19 TUN-2725: Specify in code that --edge is for internal testing only
+- 2020-02-19 TUN-2703: Muxer.Serve terminates when its context is Done
+- 2020-02-09 TUN-2717: Function to serialize/deserialize HTTP headers
+- 2020-02-05 TUN-2714: New edge discovery. Connections try to reconnect to the same edge IP.
+
 2020.2.0
 - 2020-01-30 TUN-2651: Fix panic in h2mux reader when a stream error is encountered
 - 2020-01-27 TUN-2645: Revert "TUN-2645: Turn on reconnect tokens"

From a14aa0322cfda1c117033632019ef6a306c9bce9 Mon Sep 17 00:00:00 2001
From: Areg Harutyunyan <areg@cloudflare.com>
Date: Wed, 26 Feb 2020 14:38:30 +0000
Subject: [PATCH 009/100] TUN-2767: Test for large headers

---
 h2mux/header_test.go | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/h2mux/header_test.go b/h2mux/header_test.go
index b5781d91..95170230 100644
--- a/h2mux/header_test.go
+++ b/h2mux/header_test.go
@@ -610,3 +610,43 @@ func TestH1ResponseToH2ResponseHeaders(t *testing.T) {
 	assert.NoError(t, err)
 	assert.ElementsMatch(t, expectedUserHeaders, actualUserHeaders)
 }
+
+// The purpose of this test is to check that our code and the http.Header
+// implementation don't throw validation errors about header size
+func TestHeaderSize(t *testing.T) {
+	largeValue := randSeq(5 * 1024 * 1024) // 5Mb
+	largeHeaders := http.Header{
+		"User-header": {largeValue},
+	}
+	mockResponse := http.Response{
+		StatusCode: 200,
+		Header:     largeHeaders,
+	}
+
+	serializedHeaders := H1ResponseToH2ResponseHeaders(&mockResponse)
+	request, err := http.NewRequest(http.MethodGet, "https://example.com/", nil)
+	assert.NoError(t, err)
+	for _, header := range serializedHeaders {
+		request.Header.Set(header.Name, header.Value)
+	}
+
+	for _, header := range serializedHeaders {
+		if header.Name != ResponseUserHeadersField {
+			continue
+		}
+
+		deserializedHeaders, err := DeserializeHeaders(header.Value)
+		assert.NoError(t, err)
+		assert.Equal(t, largeValue, deserializedHeaders[0].Value)
+	}
+}
+
+func randSeq(n int) string {
+	randomizer := rand.New(rand.NewSource(17))
+	var letters = []rune(":;,+/=abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
+	b := make([]rune, n)
+	for i := range b {
+		b[i] = letters[randomizer.Intn(len(letters))]
+	}
+	return string(b)
+}

From 29f4650e2530ada1145ddf46d8535f15b444538a Mon Sep 17 00:00:00 2001
From: Roman Iuvshyn <roman.iuvshyn@transferwise.com>
Date: Fri, 28 Feb 2020 01:03:00 +0200
Subject: [PATCH 010/100] do not terminate tunnel if origin is not reachable on
 start-up (#177)

---
 cmd/cloudflared/tunnel/configuration.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/cmd/cloudflared/tunnel/configuration.go b/cmd/cloudflared/tunnel/configuration.go
index 4c38aaaf..363be514 100644
--- a/cmd/cloudflared/tunnel/configuration.go
+++ b/cmd/cloudflared/tunnel/configuration.go
@@ -237,7 +237,6 @@ func prepareTunnelConfig(
 	err = validation.ValidateHTTPService(originURL, hostname, httpTransport)
 	if err != nil {
 		logger.WithError(err).Error("unable to connect to the origin")
-		return nil, errors.Wrap(err, "unable to connect to the origin")
 	}
 
 	toEdgeTLSConfig, err := tlsconfig.CreateTunnelConfig(c)

From 26f5f80811d431c12ac29fa8e0c3fcb42d354dbe Mon Sep 17 00:00:00 2001
From: Areg Harutyunyan <areg@cloudflare.com>
Date: Fri, 28 Feb 2020 17:36:29 +0000
Subject: [PATCH 011/100] TUN-2776: Add header serialization feature in
 cloudflared

---
 connection/features.go      | 9 +++++++++
 origin/tunnel.go            | 1 +
 tunnelrpc/pogs/tunnelrpc.go | 1 +
 3 files changed, 11 insertions(+)
 create mode 100644 connection/features.go

diff --git a/connection/features.go b/connection/features.go
new file mode 100644
index 00000000..c10f7cbf
--- /dev/null
+++ b/connection/features.go
@@ -0,0 +1,9 @@
+package connection
+
+const (
+	FEATURE_SERIALIZED_HEADERS = "serialized_headers"
+)
+
+var SUPPORTED_FEATURES = []string{
+	//FEATURE_SERIALIZED_HEADERS,
+}
diff --git a/origin/tunnel.go b/origin/tunnel.go
index 991d95c1..5b04e0d2 100644
--- a/origin/tunnel.go
+++ b/origin/tunnel.go
@@ -161,6 +161,7 @@ func (c *TunnelConfig) RegistrationOptions(connectionID uint8, OriginLocalIP str
 		RunFromTerminal:      c.RunFromTerminal,
 		CompressionQuality:   c.CompressionQuality,
 		UUID:                 uuid.String(),
+		Features:             connection.SUPPORTED_FEATURES,
 	}
 }
 
diff --git a/tunnelrpc/pogs/tunnelrpc.go b/tunnelrpc/pogs/tunnelrpc.go
index bbf0001a..6aab7d94 100644
--- a/tunnelrpc/pogs/tunnelrpc.go
+++ b/tunnelrpc/pogs/tunnelrpc.go
@@ -168,6 +168,7 @@ type RegistrationOptions struct {
 	CompressionQuality   uint64 `capnp:"compressionQuality"`
 	UUID                 string `capnp:"uuid"`
 	NumPreviousAttempts  uint8
+	Features             []string
 }
 
 func MarshalRegistrationOptions(s tunnelrpc.RegistrationOptions, p *RegistrationOptions) error {

From 7b81cf8aa6b47aa17db019136be225bb3b83a1ee Mon Sep 17 00:00:00 2001
From: Nick Vollmar <nvollmar@cloudflare.com>
Date: Mon, 2 Mar 2020 13:30:10 -0600
Subject: [PATCH 012/100] TUN-2779: update sample HTML pages

---
 h2mux/sample/index.html  | 4 ++--
 h2mux/sample/index1.html | 4 ++--
 h2mux/sample/index2.html | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/h2mux/sample/index.html b/h2mux/sample/index.html
index 6388b6c2..fe91d668 100644
--- a/h2mux/sample/index.html
+++ b/h2mux/sample/index.html
@@ -80,7 +80,7 @@ ghost.init({
     <link rel="alternate" type="application/rss+xml" title="Cloudflare Blog" href="https://blog.cloudflare.com/rss/" />
     <meta name="msvalidate.01" content="CF295E1604697F9CAD18B5A232E871F6" />
 <meta class="swiftype" name="language" data-type="string" content="en" />
-<script src="https://s3-us-west-1.amazonaws.com/cf-ghost-assets-hotfix/js/index.js"></script>
+<script src="https://blog.cloudflare.com/assets/js/index.js"></script>
 <script type="text/javascript" src="//cdn.bizible.com/scripts/bizible.js" async=""></script>
 <script>
 var trackRecruitingLink = function(role, url) {
@@ -128,7 +128,7 @@ HTMLAttrToAdd.setAttribute("lang", "en");
         overflow-y: scroll;
     }
 </style>
-<link href="https://s3-us-west-1.amazonaws.com/cf-ghost-assets-hotfix/css/screen.css" rel="stylesheet">
+<link href="https://blog.cloudflare.com/assets/css/screen.css" rel="stylesheet">
 <link href="https://cdnjs.cloudflare.com/ajax/libs/prism/1.8.1/themes/prism.min.css" rel="stylesheet">
 
     <style>
diff --git a/h2mux/sample/index1.html b/h2mux/sample/index1.html
index b6b5b63d..7607f3e9 100644
--- a/h2mux/sample/index1.html
+++ b/h2mux/sample/index1.html
@@ -113,7 +113,7 @@ ghost.init({
     <link rel="alternate" type="application/rss+xml" title="Cloudflare Blog" href="https://blog.cloudflare.com/rss/" />
     <meta name="msvalidate.01" content="CF295E1604697F9CAD18B5A232E871F6" />
 <meta class="swiftype" name="language" data-type="string" content="en" />
-<script src="https://s3-us-west-1.amazonaws.com/cf-ghost-assets-hotfix/js/index.js"></script>
+<script src="https://blog.cloudflare.com/assets/js/index.js"></script>
 <script type="text/javascript" src="//cdn.bizible.com/scripts/bizible.js" async=""></script>
 <script>
 var trackRecruitingLink = function(role, url) {
@@ -161,7 +161,7 @@ HTMLAttrToAdd.setAttribute("lang", "en");
         overflow-y: scroll;
     }
 </style>
-<link href="https://s3-us-west-1.amazonaws.com/cf-ghost-assets-hotfix/css/screen.css" rel="stylesheet">
+<link href="https://blog.cloudflare.com/assets/css/screen.css" rel="stylesheet">
 <link href="https://cdnjs.cloudflare.com/ajax/libs/prism/1.8.1/themes/prism.min.css" rel="stylesheet">
 
     <style>
diff --git a/h2mux/sample/index2.html b/h2mux/sample/index2.html
index 3e609625..fe59d28e 100644
--- a/h2mux/sample/index2.html
+++ b/h2mux/sample/index2.html
@@ -109,7 +109,7 @@ ghost.init({
     <link rel="alternate" type="application/rss+xml" title="Cloudflare Blog" href="https://blog.cloudflare.com/rss/" />
     <meta name="msvalidate.01" content="CF295E1604697F9CAD18B5A232E871F6" />
 <meta class="swiftype" name="language" data-type="string" content="en" />
-<script src="https://s3-us-west-1.amazonaws.com/cf-ghost-assets-hotfix/js/index.js"></script>
+<script src="https://blog.cloudflare.com/assets/js/index.js"></script>
 <script type="text/javascript" src="//cdn.bizible.com/scripts/bizible.js" async=""></script>
 <script>
 var trackRecruitingLink = function(role, url) {
@@ -157,7 +157,7 @@ HTMLAttrToAdd.setAttribute("lang", "en");
         overflow-y: scroll;
     }
 </style>
-<link href="https://s3-us-west-1.amazonaws.com/cf-ghost-assets-hotfix/css/screen.css" rel="stylesheet">
+<link href="https://blog.cloudflare.com/assets/css/screen.css" rel="stylesheet">
 <link href="https://cdnjs.cloudflare.com/ajax/libs/prism/1.8.1/themes/prism.min.css" rel="stylesheet">
 
     <style>

From 6624a2404076b341c0818da1151ef2c169f8df59 Mon Sep 17 00:00:00 2001
From: Areg Harutyunyan <areg@cloudflare.com>
Date: Fri, 21 Feb 2020 15:53:11 +0000
Subject: [PATCH 013/100] TUN-2748: Insecure randomness vulnerability in
 github.com/miekg/dns

---
 go.mod                                        |   6 +-
 go.sum                                        |  10 +
 .../denisenkom/go-mssqldb/README.md           |  21 +-
 .../denisenkom/go-mssqldb/appveyor.yml        |   6 +-
 .../github.com/denisenkom/go-mssqldb/buf.go   |  28 +-
 .../denisenkom/go-mssqldb/bulkcopy.go         | 117 ++-
 .../denisenkom/go-mssqldb/conn_str.go         | 456 +++++++++
 .../denisenkom/go-mssqldb/decimal.go          | 131 ---
 .../github.com/denisenkom/go-mssqldb/go.mod   |   4 +-
 .../github.com/denisenkom/go-mssqldb/go.sum   | 167 +---
 .../go-mssqldb/internal/decimal/decimal.go    | 252 +++++
 .../github.com/denisenkom/go-mssqldb/mssql.go |  25 +-
 .../denisenkom/go-mssqldb/mssql_go110.go      |   5 +
 .../denisenkom/go-mssqldb/mssql_go110pre.go   |  31 +
 .../denisenkom/go-mssqldb/mssql_go19.go       |   2 +-
 .../github.com/denisenkom/go-mssqldb/net.go   | 145 ++-
 .../github.com/denisenkom/go-mssqldb/tds.go   | 483 +--------
 .../github.com/denisenkom/go-mssqldb/types.go |  18 +-
 .../denisenkom/go-mssqldb/uniqueidentifier.go |   6 +
 .../github.com/felixge/httpsnoop/.gitignore   |   0
 .../github.com/felixge/httpsnoop/.travis.yml  |   6 -
 .../github.com/felixge/httpsnoop/LICENSE.txt  |  19 -
 vendor/github.com/felixge/httpsnoop/Makefile  |  10 -
 vendor/github.com/felixge/httpsnoop/README.md |  94 --
 .../felixge/httpsnoop/capture_metrics.go      |  84 --
 vendor/github.com/felixge/httpsnoop/docs.go   |  10 -
 .../httpsnoop/wrap_generated_gteq_1.8.go      | 385 -------
 .../httpsnoop/wrap_generated_lt_1.8.go        | 243 -----
 .../golang-sql/civil/CONTRIBUTING.md          |  73 ++
 .../golang-sql/civil}/LICENSE                 |   2 +-
 vendor/github.com/golang-sql/civil/README.md  |  15 +
 .../golang-sql}/civil/civil.go                |   0
 vendor/github.com/golang/gddo/LICENSE         |  27 -
 vendor/github.com/golang/gddo/gosrc/LICENSE   |  27 -
 .../golang/gddo/httputil/header/header.go     | 298 ------
 .../github.com/gorilla/websocket/.gitignore   |   2 +-
 .../github.com/gorilla/websocket/.travis.yml  |  10 +-
 vendor/github.com/gorilla/websocket/AUTHORS   |   1 +
 vendor/github.com/gorilla/websocket/README.md |   2 +-
 vendor/github.com/gorilla/websocket/client.go | 253 ++---
 vendor/github.com/gorilla/websocket/conn.go   | 174 ++--
 .../gorilla/websocket/conn_read_legacy.go     |  21 -
 .../websocket/{conn_read.go => conn_write.go} |  15 +-
 .../gorilla/websocket/conn_write_legacy.go    |  18 +
 vendor/github.com/gorilla/websocket/doc.go    |  56 +-
 vendor/github.com/gorilla/websocket/json.go   |  11 +-
 vendor/github.com/gorilla/websocket/mask.go   |   1 -
 .../github.com/gorilla/websocket/prepared.go  |   1 -
 vendor/github.com/gorilla/websocket/proxy.go  |  77 ++
 vendor/github.com/gorilla/websocket/server.go | 136 ++-
 vendor/github.com/gorilla/websocket/trace.go  |  19 +
 .../github.com/gorilla/websocket/trace_17.go  |  12 +
 vendor/github.com/gorilla/websocket/util.go   |  35 +-
 .../gorilla/websocket/x_net_proxy.go          | 473 +++++++++
 .../github.com/kshvakov/clickhouse/go.test.sh |   0
 vendor/github.com/miekg/dns/.travis.yml       |  12 +-
 vendor/github.com/miekg/dns/CODEOWNERS        |   1 +
 vendor/github.com/miekg/dns/Gopkg.lock        |  57 --
 vendor/github.com/miekg/dns/Gopkg.toml        |  38 -
 vendor/github.com/miekg/dns/LICENSE           |   6 +-
 vendor/github.com/miekg/dns/README.md         |   7 +-
 vendor/github.com/miekg/dns/acceptfunc.go     |  21 +-
 vendor/github.com/miekg/dns/client.go         |  82 +-
 vendor/github.com/miekg/dns/dns.go            |   4 +-
 vendor/github.com/miekg/dns/dnssec.go         |   7 +-
 vendor/github.com/miekg/dns/dnssec_keygen.go  |  46 +-
 vendor/github.com/miekg/dns/dnssec_keyscan.go |  34 +-
 vendor/github.com/miekg/dns/doc.go            |   9 +-
 vendor/github.com/miekg/dns/duplicate.go      |   2 +-
 vendor/github.com/miekg/dns/edns.go           |  32 +-
 vendor/github.com/miekg/dns/fuzz.go           |  11 +-
 vendor/github.com/miekg/dns/generate.go       |   9 +-
 vendor/github.com/miekg/dns/go.mod            |  11 +
 vendor/github.com/miekg/dns/go.sum            |  39 +
 vendor/github.com/miekg/dns/labels.go         |  60 +-
 vendor/github.com/miekg/dns/msg.go            |  52 +-
 vendor/github.com/miekg/dns/msg_helpers.go    | 178 +++-
 vendor/github.com/miekg/dns/msg_truncate.go   |  17 +-
 vendor/github.com/miekg/dns/privaterr.go      |  38 +-
 vendor/github.com/miekg/dns/scan.go           | 123 ++-
 vendor/github.com/miekg/dns/scan_rr.go        | 895 +++++++----------
 vendor/github.com/miekg/dns/serve_mux.go      |  28 +-
 vendor/github.com/miekg/dns/server.go         |  16 +-
 vendor/github.com/miekg/dns/tsig.go           |   4 +-
 vendor/github.com/miekg/dns/types.go          | 181 +++-
 vendor/github.com/miekg/dns/version.go        |   2 +-
 vendor/github.com/miekg/dns/xfr.go            |  18 +-
 vendor/github.com/miekg/dns/zduplicate.go     |  17 +
 vendor/github.com/miekg/dns/zmsg.go           |  19 +
 vendor/github.com/miekg/dns/ztypes.go         |  33 +-
 .../mitchellh/go-server-timing/.travis.yml    |  12 -
 .../mitchellh/go-server-timing/LICENSE        |  21 -
 .../mitchellh/go-server-timing/README.md      |  96 --
 .../mitchellh/go-server-timing/context.go     |  23 -
 .../mitchellh/go-server-timing/go.mod         |   6 -
 .../mitchellh/go-server-timing/go.sum         |   4 -
 .../mitchellh/go-server-timing/header.go      | 129 ---
 .../mitchellh/go-server-timing/metric.go      | 125 ---
 .../mitchellh/go-server-timing/middleware.go  |  84 --
 vendor/github.com/sirupsen/logrus/go.mod      |   2 -
 .../x/crypto/internal/chacha20/asm_ppc64le.s  | 945 +++++++-----------
 .../crypto/internal/chacha20/chacha_noasm.go  |   2 +-
 .../internal/chacha20/chacha_ppc64le.go       |  23 +-
 .../internal/datastore/datastore_v3.proto     |   0
 .../appengine/internal/regen.sh               |   0
 vendor/gopkg.in/coreos/go-oidc.v2/test        |   0
 vendor/gopkg.in/square/go-jose.v2/.travis.yml |   6 +-
 .../gopkg.in/square/go-jose.v2/asymmetric.go  |   4 +-
 .../square/go-jose.v2/cipher/ecdh_es.go       |  28 +-
 vendor/gopkg.in/square/go-jose.v2/crypter.go  |  14 +-
 vendor/gopkg.in/square/go-jose.v2/jwk.go      |   4 +-
 vendor/gopkg.in/square/go-jose.v2/jws.go      |  95 +-
 vendor/gopkg.in/square/go-jose.v2/opaque.go   |  61 ++
 vendor/gopkg.in/square/go-jose.v2/shared.go   |  21 +
 vendor/gopkg.in/square/go-jose.v2/signing.go  |  66 +-
 vendor/modules.txt                            |  63 +-
 116 files changed, 3885 insertions(+), 4581 deletions(-)
 create mode 100644 vendor/github.com/denisenkom/go-mssqldb/conn_str.go
 delete mode 100644 vendor/github.com/denisenkom/go-mssqldb/decimal.go
 create mode 100644 vendor/github.com/denisenkom/go-mssqldb/internal/decimal/decimal.go
 create mode 100644 vendor/github.com/denisenkom/go-mssqldb/mssql_go110pre.go
 delete mode 100644 vendor/github.com/felixge/httpsnoop/.gitignore
 delete mode 100644 vendor/github.com/felixge/httpsnoop/.travis.yml
 delete mode 100644 vendor/github.com/felixge/httpsnoop/LICENSE.txt
 delete mode 100644 vendor/github.com/felixge/httpsnoop/Makefile
 delete mode 100644 vendor/github.com/felixge/httpsnoop/README.md
 delete mode 100644 vendor/github.com/felixge/httpsnoop/capture_metrics.go
 delete mode 100644 vendor/github.com/felixge/httpsnoop/docs.go
 delete mode 100644 vendor/github.com/felixge/httpsnoop/wrap_generated_gteq_1.8.go
 delete mode 100644 vendor/github.com/felixge/httpsnoop/wrap_generated_lt_1.8.go
 create mode 100644 vendor/github.com/golang-sql/civil/CONTRIBUTING.md
 rename vendor/{cloud.google.com/go => github.com/golang-sql/civil}/LICENSE (99%)
 create mode 100644 vendor/github.com/golang-sql/civil/README.md
 rename vendor/{cloud.google.com/go => github.com/golang-sql}/civil/civil.go (100%)
 delete mode 100644 vendor/github.com/golang/gddo/LICENSE
 delete mode 100644 vendor/github.com/golang/gddo/gosrc/LICENSE
 delete mode 100644 vendor/github.com/golang/gddo/httputil/header/header.go
 delete mode 100644 vendor/github.com/gorilla/websocket/conn_read_legacy.go
 rename vendor/github.com/gorilla/websocket/{conn_read.go => conn_write.go} (52%)
 create mode 100644 vendor/github.com/gorilla/websocket/conn_write_legacy.go
 create mode 100644 vendor/github.com/gorilla/websocket/proxy.go
 create mode 100644 vendor/github.com/gorilla/websocket/trace.go
 create mode 100644 vendor/github.com/gorilla/websocket/trace_17.go
 create mode 100644 vendor/github.com/gorilla/websocket/x_net_proxy.go
 mode change 100755 => 100644 vendor/github.com/kshvakov/clickhouse/go.test.sh
 create mode 100644 vendor/github.com/miekg/dns/CODEOWNERS
 delete mode 100644 vendor/github.com/miekg/dns/Gopkg.lock
 delete mode 100644 vendor/github.com/miekg/dns/Gopkg.toml
 create mode 100644 vendor/github.com/miekg/dns/go.mod
 create mode 100644 vendor/github.com/miekg/dns/go.sum
 delete mode 100644 vendor/github.com/mitchellh/go-server-timing/.travis.yml
 delete mode 100644 vendor/github.com/mitchellh/go-server-timing/LICENSE
 delete mode 100644 vendor/github.com/mitchellh/go-server-timing/README.md
 delete mode 100644 vendor/github.com/mitchellh/go-server-timing/context.go
 delete mode 100644 vendor/github.com/mitchellh/go-server-timing/go.mod
 delete mode 100644 vendor/github.com/mitchellh/go-server-timing/go.sum
 delete mode 100644 vendor/github.com/mitchellh/go-server-timing/header.go
 delete mode 100644 vendor/github.com/mitchellh/go-server-timing/metric.go
 delete mode 100644 vendor/github.com/mitchellh/go-server-timing/middleware.go
 mode change 100755 => 100644 vendor/google.golang.org/appengine/internal/datastore/datastore_v3.proto
 mode change 100755 => 100644 vendor/google.golang.org/appengine/internal/regen.sh
 mode change 100755 => 100644 vendor/gopkg.in/coreos/go-oidc.v2/test

diff --git a/go.mod b/go.mod
index bc4f4046..eece2cc5 100644
--- a/go.mod
+++ b/go.mod
@@ -25,7 +25,7 @@ require (
 	github.com/gliderlabs/ssh v0.0.0-20191009160644-63518b5243e0
 	github.com/go-sql-driver/mysql v1.4.1
 	github.com/golang-collections/collections v0.0.0-20130729185459-604e922904d3
-	github.com/google/certificate-transparency-go v1.1.0
+	github.com/google/certificate-transparency-go v1.1.0 // indirect
 	github.com/google/uuid v1.1.1
 	github.com/gorilla/mux v1.7.3
 	github.com/gorilla/websocket v1.4.0
@@ -38,7 +38,7 @@ require (
 	github.com/mattn/go-isatty v0.0.10 // indirect
 	github.com/mattn/go-sqlite3 v1.11.0
 	github.com/mholt/caddy v0.0.0-20180807230124-d3b731e9255b // indirect
-	github.com/miekg/dns v1.1.8
+	github.com/miekg/dns v1.1.27
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/opentracing/opentracing-go v1.1.0 // indirect
 	github.com/philhofer/fwd v1.0.0 // indirect
@@ -53,7 +53,7 @@ require (
 	github.com/stretchr/testify v1.3.0
 	github.com/tinylib/msgp v1.1.0 // indirect
 	github.com/xo/dburl v0.0.0-20191005012637-293c3298d6c0
-	golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc
+	golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
 	golang.org/x/net v0.0.0-20191007182048-72f939374954
 	golang.org/x/sync v0.0.0-20190423024810-112230192c58
 	golang.org/x/sys v0.0.0-20191008105621-543471e840be
diff --git a/go.sum b/go.sum
index ae7fcad3..b7c2234b 100644
--- a/go.sum
+++ b/go.sum
@@ -215,6 +215,8 @@ github.com/mholt/caddy v0.0.0-20180807230124-d3b731e9255b h1:/BbY4n99iMazlr2igip
 github.com/mholt/caddy v0.0.0-20180807230124-d3b731e9255b/go.mod h1:Wb1PlT4DAYSqOEd03MsqkdkXnTxA8v9pKjdpxbqM1kY=
 github.com/miekg/dns v1.1.8 h1:1QYRAKU3lN5cRfLCkPU08hwvLJFhvjP6MqNMmQz6ZVI=
 github.com/miekg/dns v1.1.8/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
+github.com/miekg/dns v1.1.27 h1:aEH/kqUzUxGJ/UHcEKdJY+ugH6WEzsEBBSPa8zuy1aM=
+github.com/miekg/dns v1.1.27/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
 github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
 github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
@@ -319,12 +321,15 @@ golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc h1:c0o/qxkaO2LF5t6fQrT4b5hzyggAkLLlCUjqfRxd8Q4=
 golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/net v0.0.0-20170915142106-8351a756f30f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -340,6 +345,7 @@ golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191007182048-72f939374954 h1:JGZucVF/L/TotR719NbujzadOZ2AgnYlqphQGHDCKaU=
 golang.org/x/net v0.0.0-20191007182048-72f939374954/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be h1:vEDujvNQGv4jgYKudGeI/+DAX4Jffq6hpD55MmoEvKs=
@@ -366,6 +372,7 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be h1:QAcqgptGM8IQBC9K/RC4o+O9YmqEm0diQn9QmZw/0mU=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.0.0-20170915090833-1cbadb444a80/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -390,13 +397,16 @@ golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBn
 golang.org/x/tools v0.0.0-20190521203540-521d6ed310dd/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190909030654-5b82db07426d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.5.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.6.0/go.mod h1:btoxGiFvQNVUZQ8W08zLtrVS08CNpINPEfxXxgJL1Q4=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.5.0 h1:KxkO13IPW4Lslp2bz+KHP2E3gtFlrIGNThxkZQ3g+4c=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
diff --git a/vendor/github.com/denisenkom/go-mssqldb/README.md b/vendor/github.com/denisenkom/go-mssqldb/README.md
index 8d530ab4..b655176b 100644
--- a/vendor/github.com/denisenkom/go-mssqldb/README.md
+++ b/vendor/github.com/denisenkom/go-mssqldb/README.md
@@ -56,7 +56,7 @@ Other supported formats are listed below.
 * `hostNameInCertificate` - Specifies the Common Name (CN) in the server certificate. Default value is the server host.
 * `ServerSPN` - The kerberos SPN (Service Principal Name) for the server. Default is MSSQLSvc/host:port.
 * `Workstation ID` - The workstation name (default is the host name)
-* `ApplicationIntent` - Can be given the value `ReadOnly` to initiate a read-only connection to an Availability Group listener.
+* `ApplicationIntent` - Can be given the value `ReadOnly` to initiate a read-only connection to an Availability Group listener. The `database` must be specified when connecting with `Application Intent` set to `ReadOnly`. 
 
 ### The connection string can be specified in one of three formats:
 
@@ -187,6 +187,19 @@ _, err := db.ExecContext(ctx, "theproc", &rs)
 log.Printf("status=%d", rs)
 ```
 
+or
+
+```
+var rs mssql.ReturnStatus
+_, err := db.QueryContext(ctx, "theproc", &rs)
+for rows.Next() {
+	err = rows.Scan(&val)
+}
+log.Printf("status=%d", rs)
+```
+
+Limitation: ReturnStatus cannot be retrieved using `QueryRow`.
+
 ## Parameters
 
 The `sqlserver` driver uses normal MS SQL Server syntax and expects parameters in
@@ -207,9 +220,9 @@ are supported:
  * time.Time -> datetimeoffset or datetime (TDS version dependent)
  * mssql.DateTime1 -> datetime
  * mssql.DateTimeOffset -> datetimeoffset
- * "cloud.google.com/go/civil".Date -> date
- * "cloud.google.com/go/civil".DateTime -> datetime2
- * "cloud.google.com/go/civil".Time -> time
+ * "github.com/golang-sql/civil".Date -> date
+ * "github.com/golang-sql/civil".DateTime -> datetime2
+ * "github.com/golang-sql/civil".Time -> time
  * mssql.TVP -> Table Value Parameter (TDS version dependent)
 
 ## Important Notes
diff --git a/vendor/github.com/denisenkom/go-mssqldb/appveyor.yml b/vendor/github.com/denisenkom/go-mssqldb/appveyor.yml
index 2ae5456d..c4d2bb06 100644
--- a/vendor/github.com/denisenkom/go-mssqldb/appveyor.yml
+++ b/vendor/github.com/denisenkom/go-mssqldb/appveyor.yml
@@ -10,7 +10,7 @@ environment:
   SQLUSER: sa
   SQLPASSWORD: Password12!
   DATABASE: test  
-  GOVERSION: 110
+  GOVERSION: 111
   matrix:
     - GOVERSION: 18
       SQLINSTANCE: SQL2016
@@ -18,6 +18,8 @@ environment:
       SQLINSTANCE: SQL2016
     - GOVERSION: 110
       SQLINSTANCE: SQL2016
+    - GOVERSION: 111
+      SQLINSTANCE: SQL2016
     - SQLINSTANCE: SQL2014
     - SQLINSTANCE: SQL2012SP1
     - SQLINSTANCE: SQL2008R2SP2
@@ -27,7 +29,7 @@ install:
   - set PATH=%GOPATH%\bin;%GOROOT%\bin;%PATH%
   - go version
   - go env
-  - go get -u cloud.google.com/go/civil
+  - go get -u github.com/golang-sql/civil
 
 build_script:
   - go build
diff --git a/vendor/github.com/denisenkom/go-mssqldb/buf.go b/vendor/github.com/denisenkom/go-mssqldb/buf.go
index 927d75d1..ba39b40f 100644
--- a/vendor/github.com/denisenkom/go-mssqldb/buf.go
+++ b/vendor/github.com/denisenkom/go-mssqldb/buf.go
@@ -221,23 +221,27 @@ func (r *tdsBuffer) uint16() uint16 {
 }
 
 func (r *tdsBuffer) BVarChar() string {
-	l := int(r.byte())
-	return r.readUcs2(l)
+	return readBVarCharOrPanic(r)
 }
 
-func (r *tdsBuffer) UsVarChar() string {
-	l := int(r.uint16())
-	return r.readUcs2(l)
-}
-
-func (r *tdsBuffer) readUcs2(numchars int) string {
-	b := make([]byte, numchars*2)
-	r.ReadFull(b)
-	res, err := ucs22str(b)
+func readBVarCharOrPanic(r io.Reader) string {
+	s, err := readBVarChar(r)
 	if err != nil {
 		badStreamPanic(err)
 	}
-	return res
+	return s
+}
+
+func readUsVarCharOrPanic(r io.Reader) string {
+	s, err := readUsVarChar(r)
+	if err != nil {
+		badStreamPanic(err)
+	}
+	return s
+}
+
+func (r *tdsBuffer) UsVarChar() string {
+	return readUsVarCharOrPanic(r)
 }
 
 func (r *tdsBuffer) Read(buf []byte) (copied int, err error) {
diff --git a/vendor/github.com/denisenkom/go-mssqldb/bulkcopy.go b/vendor/github.com/denisenkom/go-mssqldb/bulkcopy.go
index 3b319af8..1d5eacb3 100644
--- a/vendor/github.com/denisenkom/go-mssqldb/bulkcopy.go
+++ b/vendor/github.com/denisenkom/go-mssqldb/bulkcopy.go
@@ -7,9 +7,10 @@ import (
 	"fmt"
 	"math"
 	"reflect"
-	"strconv"
 	"strings"
 	"time"
+
+	"github.com/denisenkom/go-mssqldb/internal/decimal"
 )
 
 type Bulk struct {
@@ -42,6 +43,11 @@ type BulkOptions struct {
 
 type DataValue interface{}
 
+const (
+	sqlDateFormat = "2006-01-02"
+	sqlTimeFormat = "2006-01-02 15:04:05.999999999Z07:00"
+)
+
 func (cn *Conn) CreateBulk(table string, columns []string) (_ *Bulk) {
 	b := Bulk{ctx: context.Background(), cn: cn, tablename: table, headerSent: false, columnsName: columns}
 	b.Debug = false
@@ -334,7 +340,7 @@ func (b *Bulk) makeParam(val DataValue, col columnStruct) (res param, err error)
 		case int64:
 			intvalue = val
 		default:
-			err = fmt.Errorf("mssql: invalid type for int column")
+			err = fmt.Errorf("mssql: invalid type for int column: %T", val)
 			return
 		}
 
@@ -361,7 +367,7 @@ func (b *Bulk) makeParam(val DataValue, col columnStruct) (res param, err error)
 		case int64:
 			floatvalue = float64(val)
 		default:
-			err = fmt.Errorf("mssql: invalid type for float column: %s", val)
+			err = fmt.Errorf("mssql: invalid type for float column: %T %s", val, val)
 			return
 		}
 
@@ -380,7 +386,7 @@ func (b *Bulk) makeParam(val DataValue, col columnStruct) (res param, err error)
 		case []byte:
 			res.buffer = val
 		default:
-			err = fmt.Errorf("mssql: invalid type for nvarchar column: %s", val)
+			err = fmt.Errorf("mssql: invalid type for nvarchar column: %T %s", val, val)
 			return
 		}
 		res.ti.Size = len(res.buffer)
@@ -392,14 +398,14 @@ func (b *Bulk) makeParam(val DataValue, col columnStruct) (res param, err error)
 		case []byte:
 			res.buffer = val
 		default:
-			err = fmt.Errorf("mssql: invalid type for varchar column: %s", val)
+			err = fmt.Errorf("mssql: invalid type for varchar column: %T %s", val, val)
 			return
 		}
 		res.ti.Size = len(res.buffer)
 
 	case typeBit, typeBitN:
 		if reflect.TypeOf(val).Kind() != reflect.Bool {
-			err = fmt.Errorf("mssql: invalid type for bit column: %s", val)
+			err = fmt.Errorf("mssql: invalid type for bit column: %T %s", val, val)
 			return
 		}
 		res.ti.TypeId = typeBitN
@@ -413,18 +419,31 @@ func (b *Bulk) makeParam(val DataValue, col columnStruct) (res param, err error)
 		case time.Time:
 			res.buffer = encodeDateTime2(val, int(col.ti.Scale))
 			res.ti.Size = len(res.buffer)
+		case string:
+			var t time.Time
+			if t, err = time.Parse(sqlTimeFormat, val); err != nil {
+				return res, fmt.Errorf("bulk: unable to convert string to date: %v", err)
+			}
+			res.buffer = encodeDateTime2(t, int(col.ti.Scale))
+			res.ti.Size = len(res.buffer)
 		default:
-			err = fmt.Errorf("mssql: invalid type for datetime2 column: %s", val)
+			err = fmt.Errorf("mssql: invalid type for datetime2 column: %T %s", val, val)
 			return
 		}
 	case typeDateTimeOffsetN:
 		switch val := val.(type) {
 		case time.Time:
-			res.buffer = encodeDateTimeOffset(val, int(res.ti.Scale))
+			res.buffer = encodeDateTimeOffset(val, int(col.ti.Scale))
+			res.ti.Size = len(res.buffer)
+		case string:
+			var t time.Time
+			if t, err = time.Parse(sqlTimeFormat, val); err != nil {
+				return res, fmt.Errorf("bulk: unable to convert string to date: %v", err)
+			}
+			res.buffer = encodeDateTimeOffset(t, int(col.ti.Scale))
 			res.ti.Size = len(res.buffer)
-
 		default:
-			err = fmt.Errorf("mssql: invalid type for datetimeoffset column: %s", val)
+			err = fmt.Errorf("mssql: invalid type for datetimeoffset column: %T %s", val, val)
 			return
 		}
 	case typeDateN:
@@ -432,69 +451,79 @@ func (b *Bulk) makeParam(val DataValue, col columnStruct) (res param, err error)
 		case time.Time:
 			res.buffer = encodeDate(val)
 			res.ti.Size = len(res.buffer)
+		case string:
+			var t time.Time
+			if t, err = time.ParseInLocation(sqlDateFormat, val, time.UTC); err != nil {
+				return res, fmt.Errorf("bulk: unable to convert string to date: %v", err)
+			}
+			res.buffer = encodeDate(t)
+			res.ti.Size = len(res.buffer)
 		default:
-			err = fmt.Errorf("mssql: invalid type for date column: %s", val)
+			err = fmt.Errorf("mssql: invalid type for date column: %T %s", val, val)
 			return
 		}
 	case typeDateTime, typeDateTimeN, typeDateTim4:
+		var t time.Time
 		switch val := val.(type) {
 		case time.Time:
-			if col.ti.Size == 4 {
-				res.buffer = encodeDateTim4(val)
-				res.ti.Size = len(res.buffer)
-			} else if col.ti.Size == 8 {
-				res.buffer = encodeDateTime(val)
-				res.ti.Size = len(res.buffer)
-			} else {
-				err = fmt.Errorf("mssql: invalid size of column")
+			t = val
+		case string:
+			if t, err = time.Parse(sqlTimeFormat, val); err != nil {
+				return res, fmt.Errorf("bulk: unable to convert string to date: %v", err)
 			}
-
 		default:
-			err = fmt.Errorf("mssql: invalid type for datetime column: %s", val)
+			err = fmt.Errorf("mssql: invalid type for datetime column: %T %s", val, val)
+			return
+		}
+
+		if col.ti.Size == 4 {
+			res.buffer = encodeDateTim4(t)
+			res.ti.Size = len(res.buffer)
+		} else if col.ti.Size == 8 {
+			res.buffer = encodeDateTime(t)
+			res.ti.Size = len(res.buffer)
+		} else {
+			err = fmt.Errorf("mssql: invalid size of column %d", col.ti.Size)
 		}
 
 	// case typeMoney, typeMoney4, typeMoneyN:
 	case typeDecimal, typeDecimalN, typeNumeric, typeNumericN:
-		var value float64
+		prec := col.ti.Prec
+		scale := col.ti.Scale
+		var dec decimal.Decimal
 		switch v := val.(type) {
 		case int:
-			value = float64(v)
+			dec = decimal.Int64ToDecimalScale(int64(v), 0)
 		case int8:
-			value = float64(v)
+			dec = decimal.Int64ToDecimalScale(int64(v), 0)
 		case int16:
-			value = float64(v)
+			dec = decimal.Int64ToDecimalScale(int64(v), 0)
 		case int32:
-			value = float64(v)
+			dec = decimal.Int64ToDecimalScale(int64(v), 0)
 		case int64:
-			value = float64(v)
+			dec = decimal.Int64ToDecimalScale(int64(v), 0)
 		case float32:
-			value = float64(v)
+			dec, err = decimal.Float64ToDecimalScale(float64(v), scale)
 		case float64:
-			value = v
+			dec, err = decimal.Float64ToDecimalScale(float64(v), scale)
 		case string:
-			if value, err = strconv.ParseFloat(v, 64); err != nil {
-				return res, fmt.Errorf("bulk: unable to convert string to float: %v", err)
-			}
+			dec, err = decimal.StringToDecimalScale(v, scale)
 		default:
-			return res, fmt.Errorf("unknown value for decimal: %#v", v)
+			return res, fmt.Errorf("unknown value for decimal: %T %#v", v, v)
 		}
 
-		perc := col.ti.Prec
-		scale := col.ti.Scale
-		var dec Decimal
-		dec, err = Float64ToDecimalScale(value, scale)
 		if err != nil {
 			return res, err
 		}
-		dec.prec = perc
+		dec.SetPrec(prec)
 
 		var length byte
 		switch {
-		case perc <= 9:
+		case prec <= 9:
 			length = 4
-		case perc <= 19:
+		case prec <= 19:
 			length = 8
-		case perc <= 28:
+		case prec <= 28:
 			length = 12
 		default:
 			length = 16
@@ -504,7 +533,7 @@ func (b *Bulk) makeParam(val DataValue, col columnStruct) (res param, err error)
 		// first byte length written by typeInfo.writer
 		res.ti.Size = int(length) + 1
 		// second byte sign
-		if value < 0 {
+		if !dec.IsPositive() {
 			buf[0] = 0
 		} else {
 			buf[0] = 1
@@ -527,7 +556,7 @@ func (b *Bulk) makeParam(val DataValue, col columnStruct) (res param, err error)
 			res.ti.Size = len(val)
 			res.buffer = val
 		default:
-			err = fmt.Errorf("mssql: invalid type for Binary column: %s", val)
+			err = fmt.Errorf("mssql: invalid type for Binary column: %T %s", val, val)
 			return
 		}
 	case typeGuid:
@@ -536,7 +565,7 @@ func (b *Bulk) makeParam(val DataValue, col columnStruct) (res param, err error)
 			res.ti.Size = len(val)
 			res.buffer = val
 		default:
-			err = fmt.Errorf("mssql: invalid type for Guid column: %s", val)
+			err = fmt.Errorf("mssql: invalid type for Guid column: %T %s", val, val)
 			return
 		}
 
diff --git a/vendor/github.com/denisenkom/go-mssqldb/conn_str.go b/vendor/github.com/denisenkom/go-mssqldb/conn_str.go
new file mode 100644
index 00000000..07427554
--- /dev/null
+++ b/vendor/github.com/denisenkom/go-mssqldb/conn_str.go
@@ -0,0 +1,456 @@
+package mssql
+
+import (
+	"fmt"
+	"net"
+	"net/url"
+	"os"
+	"strconv"
+	"strings"
+	"time"
+	"unicode"
+)
+
+type connectParams struct {
+	logFlags                  uint64
+	port                      uint64
+	host                      string
+	instance                  string
+	database                  string
+	user                      string
+	password                  string
+	dial_timeout              time.Duration
+	conn_timeout              time.Duration
+	keepAlive                 time.Duration
+	encrypt                   bool
+	disableEncryption         bool
+	trustServerCertificate    bool
+	certificate               string
+	hostInCertificate         string
+	hostInCertificateProvided bool
+	serverSPN                 string
+	workstation               string
+	appname                   string
+	typeFlags                 uint8
+	failOverPartner           string
+	failOverPort              uint64
+	packetSize                uint16
+}
+
+func parseConnectParams(dsn string) (connectParams, error) {
+	var p connectParams
+
+	var params map[string]string
+	if strings.HasPrefix(dsn, "odbc:") {
+		parameters, err := splitConnectionStringOdbc(dsn[len("odbc:"):])
+		if err != nil {
+			return p, err
+		}
+		params = parameters
+	} else if strings.HasPrefix(dsn, "sqlserver://") {
+		parameters, err := splitConnectionStringURL(dsn)
+		if err != nil {
+			return p, err
+		}
+		params = parameters
+	} else {
+		params = splitConnectionString(dsn)
+	}
+
+	strlog, ok := params["log"]
+	if ok {
+		var err error
+		p.logFlags, err = strconv.ParseUint(strlog, 10, 64)
+		if err != nil {
+			return p, fmt.Errorf("Invalid log parameter '%s': %s", strlog, err.Error())
+		}
+	}
+	server := params["server"]
+	parts := strings.SplitN(server, `\`, 2)
+	p.host = parts[0]
+	if p.host == "." || strings.ToUpper(p.host) == "(LOCAL)" || p.host == "" {
+		p.host = "localhost"
+	}
+	if len(parts) > 1 {
+		p.instance = parts[1]
+	}
+	p.database = params["database"]
+	p.user = params["user id"]
+	p.password = params["password"]
+
+	p.port = 1433
+	strport, ok := params["port"]
+	if ok {
+		var err error
+		p.port, err = strconv.ParseUint(strport, 10, 16)
+		if err != nil {
+			f := "Invalid tcp port '%v': %v"
+			return p, fmt.Errorf(f, strport, err.Error())
+		}
+	}
+
+	// https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/configure-the-network-packet-size-server-configuration-option
+	// Default packet size remains at 4096 bytes
+	p.packetSize = 4096
+	strpsize, ok := params["packet size"]
+	if ok {
+		var err error
+		psize, err := strconv.ParseUint(strpsize, 0, 16)
+		if err != nil {
+			f := "Invalid packet size '%v': %v"
+			return p, fmt.Errorf(f, strpsize, err.Error())
+		}
+
+		// Ensure packet size falls within the TDS protocol range of 512 to 32767 bytes
+		// NOTE: Encrypted connections have a maximum size of 16383 bytes.  If you request
+		// a higher packet size, the server will respond with an ENVCHANGE request to
+		// alter the packet size to 16383 bytes.
+		p.packetSize = uint16(psize)
+		if p.packetSize < 512 {
+			p.packetSize = 512
+		} else if p.packetSize > 32767 {
+			p.packetSize = 32767
+		}
+	}
+
+	// https://msdn.microsoft.com/en-us/library/dd341108.aspx
+	//
+	// Do not set a connection timeout. Use Context to manage such things.
+	// Default to zero, but still allow it to be set.
+	if strconntimeout, ok := params["connection timeout"]; ok {
+		timeout, err := strconv.ParseUint(strconntimeout, 10, 64)
+		if err != nil {
+			f := "Invalid connection timeout '%v': %v"
+			return p, fmt.Errorf(f, strconntimeout, err.Error())
+		}
+		p.conn_timeout = time.Duration(timeout) * time.Second
+	}
+	p.dial_timeout = 15 * time.Second
+	if strdialtimeout, ok := params["dial timeout"]; ok {
+		timeout, err := strconv.ParseUint(strdialtimeout, 10, 64)
+		if err != nil {
+			f := "Invalid dial timeout '%v': %v"
+			return p, fmt.Errorf(f, strdialtimeout, err.Error())
+		}
+		p.dial_timeout = time.Duration(timeout) * time.Second
+	}
+
+	// default keep alive should be 30 seconds according to spec:
+	// https://msdn.microsoft.com/en-us/library/dd341108.aspx
+	p.keepAlive = 30 * time.Second
+	if keepAlive, ok := params["keepalive"]; ok {
+		timeout, err := strconv.ParseUint(keepAlive, 10, 64)
+		if err != nil {
+			f := "Invalid keepAlive value '%s': %s"
+			return p, fmt.Errorf(f, keepAlive, err.Error())
+		}
+		p.keepAlive = time.Duration(timeout) * time.Second
+	}
+	encrypt, ok := params["encrypt"]
+	if ok {
+		if strings.EqualFold(encrypt, "DISABLE") {
+			p.disableEncryption = true
+		} else {
+			var err error
+			p.encrypt, err = strconv.ParseBool(encrypt)
+			if err != nil {
+				f := "Invalid encrypt '%s': %s"
+				return p, fmt.Errorf(f, encrypt, err.Error())
+			}
+		}
+	} else {
+		p.trustServerCertificate = true
+	}
+	trust, ok := params["trustservercertificate"]
+	if ok {
+		var err error
+		p.trustServerCertificate, err = strconv.ParseBool(trust)
+		if err != nil {
+			f := "Invalid trust server certificate '%s': %s"
+			return p, fmt.Errorf(f, trust, err.Error())
+		}
+	}
+	p.certificate = params["certificate"]
+	p.hostInCertificate, ok = params["hostnameincertificate"]
+	if ok {
+		p.hostInCertificateProvided = true
+	} else {
+		p.hostInCertificate = p.host
+		p.hostInCertificateProvided = false
+	}
+
+	serverSPN, ok := params["serverspn"]
+	if ok {
+		p.serverSPN = serverSPN
+	} else {
+		p.serverSPN = fmt.Sprintf("MSSQLSvc/%s:%d", p.host, p.port)
+	}
+
+	workstation, ok := params["workstation id"]
+	if ok {
+		p.workstation = workstation
+	} else {
+		workstation, err := os.Hostname()
+		if err == nil {
+			p.workstation = workstation
+		}
+	}
+
+	appname, ok := params["app name"]
+	if !ok {
+		appname = "go-mssqldb"
+	}
+	p.appname = appname
+
+	appintent, ok := params["applicationintent"]
+	if ok {
+		if appintent == "ReadOnly" {
+			if p.database == "" {
+				return p, fmt.Errorf("Database must be specified when ApplicationIntent is ReadOnly")
+			}
+			p.typeFlags |= fReadOnlyIntent
+		}
+	}
+
+	failOverPartner, ok := params["failoverpartner"]
+	if ok {
+		p.failOverPartner = failOverPartner
+	}
+
+	failOverPort, ok := params["failoverport"]
+	if ok {
+		var err error
+		p.failOverPort, err = strconv.ParseUint(failOverPort, 0, 16)
+		if err != nil {
+			f := "Invalid tcp port '%v': %v"
+			return p, fmt.Errorf(f, failOverPort, err.Error())
+		}
+	}
+
+	return p, nil
+}
+
+func splitConnectionString(dsn string) (res map[string]string) {
+	res = map[string]string{}
+	parts := strings.Split(dsn, ";")
+	for _, part := range parts {
+		if len(part) == 0 {
+			continue
+		}
+		lst := strings.SplitN(part, "=", 2)
+		name := strings.TrimSpace(strings.ToLower(lst[0]))
+		if len(name) == 0 {
+			continue
+		}
+		var value string = ""
+		if len(lst) > 1 {
+			value = strings.TrimSpace(lst[1])
+		}
+		res[name] = value
+	}
+	return res
+}
+
+// Splits a URL of the form sqlserver://username:password@host/instance?param1=value&param2=value
+func splitConnectionStringURL(dsn string) (map[string]string, error) {
+	res := map[string]string{}
+
+	u, err := url.Parse(dsn)
+	if err != nil {
+		return res, err
+	}
+
+	if u.Scheme != "sqlserver" {
+		return res, fmt.Errorf("scheme %s is not recognized", u.Scheme)
+	}
+
+	if u.User != nil {
+		res["user id"] = u.User.Username()
+		p, exists := u.User.Password()
+		if exists {
+			res["password"] = p
+		}
+	}
+
+	host, port, err := net.SplitHostPort(u.Host)
+	if err != nil {
+		host = u.Host
+	}
+
+	if len(u.Path) > 0 {
+		res["server"] = host + "\\" + u.Path[1:]
+	} else {
+		res["server"] = host
+	}
+
+	if len(port) > 0 {
+		res["port"] = port
+	}
+
+	query := u.Query()
+	for k, v := range query {
+		if len(v) > 1 {
+			return res, fmt.Errorf("key %s provided more than once", k)
+		}
+		res[strings.ToLower(k)] = v[0]
+	}
+
+	return res, nil
+}
+
+// Splits a URL in the ODBC format
+func splitConnectionStringOdbc(dsn string) (map[string]string, error) {
+	res := map[string]string{}
+
+	type parserState int
+	const (
+		// Before the start of a key
+		parserStateBeforeKey parserState = iota
+
+		// Inside a key
+		parserStateKey
+
+		// Beginning of a value. May be bare or braced
+		parserStateBeginValue
+
+		// Inside a bare value
+		parserStateBareValue
+
+		// Inside a braced value
+		parserStateBracedValue
+
+		// A closing brace inside a braced value.
+		// May be the end of the value or an escaped closing brace, depending on the next character
+		parserStateBracedValueClosingBrace
+
+		// After a value. Next character should be a semicolon or whitespace.
+		parserStateEndValue
+	)
+
+	var state = parserStateBeforeKey
+
+	var key string
+	var value string
+
+	for i, c := range dsn {
+		switch state {
+		case parserStateBeforeKey:
+			switch {
+			case c == '=':
+				return res, fmt.Errorf("Unexpected character = at index %d. Expected start of key or semi-colon or whitespace.", i)
+			case !unicode.IsSpace(c) && c != ';':
+				state = parserStateKey
+				key += string(c)
+			}
+
+		case parserStateKey:
+			switch c {
+			case '=':
+				key = normalizeOdbcKey(key)
+				state = parserStateBeginValue
+
+			case ';':
+				// Key without value
+				key = normalizeOdbcKey(key)
+				res[key] = value
+				key = ""
+				value = ""
+				state = parserStateBeforeKey
+
+			default:
+				key += string(c)
+			}
+
+		case parserStateBeginValue:
+			switch {
+			case c == '{':
+				state = parserStateBracedValue
+			case c == ';':
+				// Empty value
+				res[key] = value
+				key = ""
+				state = parserStateBeforeKey
+			case unicode.IsSpace(c):
+				// Ignore whitespace
+			default:
+				state = parserStateBareValue
+				value += string(c)
+			}
+
+		case parserStateBareValue:
+			if c == ';' {
+				res[key] = strings.TrimRightFunc(value, unicode.IsSpace)
+				key = ""
+				value = ""
+				state = parserStateBeforeKey
+			} else {
+				value += string(c)
+			}
+
+		case parserStateBracedValue:
+			if c == '}' {
+				state = parserStateBracedValueClosingBrace
+			} else {
+				value += string(c)
+			}
+
+		case parserStateBracedValueClosingBrace:
+			if c == '}' {
+				// Escaped closing brace
+				value += string(c)
+				state = parserStateBracedValue
+				continue
+			}
+
+			// End of braced value
+			res[key] = value
+			key = ""
+			value = ""
+
+			// This character is the first character past the end,
+			// so it needs to be parsed like the parserStateEndValue state.
+			state = parserStateEndValue
+			switch {
+			case c == ';':
+				state = parserStateBeforeKey
+			case unicode.IsSpace(c):
+				// Ignore whitespace
+			default:
+				return res, fmt.Errorf("Unexpected character %c at index %d. Expected semi-colon or whitespace.", c, i)
+			}
+
+		case parserStateEndValue:
+			switch {
+			case c == ';':
+				state = parserStateBeforeKey
+			case unicode.IsSpace(c):
+				// Ignore whitespace
+			default:
+				return res, fmt.Errorf("Unexpected character %c at index %d. Expected semi-colon or whitespace.", c, i)
+			}
+		}
+	}
+
+	switch state {
+	case parserStateBeforeKey: // Okay
+	case parserStateKey: // Unfinished key. Treat as key without value.
+		key = normalizeOdbcKey(key)
+		res[key] = value
+	case parserStateBeginValue: // Empty value
+		res[key] = value
+	case parserStateBareValue:
+		res[key] = strings.TrimRightFunc(value, unicode.IsSpace)
+	case parserStateBracedValue:
+		return res, fmt.Errorf("Unexpected end of braced value at index %d.", len(dsn))
+	case parserStateBracedValueClosingBrace: // End of braced value
+		res[key] = value
+	case parserStateEndValue: // Okay
+	}
+
+	return res, nil
+}
+
+// Normalizes the given string as an ODBC-format key
+func normalizeOdbcKey(s string) string {
+	return strings.ToLower(strings.TrimRightFunc(s, unicode.IsSpace))
+}
diff --git a/vendor/github.com/denisenkom/go-mssqldb/decimal.go b/vendor/github.com/denisenkom/go-mssqldb/decimal.go
deleted file mode 100644
index 372f64b4..00000000
--- a/vendor/github.com/denisenkom/go-mssqldb/decimal.go
+++ /dev/null
@@ -1,131 +0,0 @@
-package mssql
-
-import (
-	"encoding/binary"
-	"errors"
-	"math"
-	"math/big"
-)
-
-// http://msdn.microsoft.com/en-us/library/ee780893.aspx
-type Decimal struct {
-	integer  [4]uint32
-	positive bool
-	prec     uint8
-	scale    uint8
-}
-
-var scaletblflt64 [39]float64
-
-func (d Decimal) ToFloat64() float64 {
-	val := float64(0)
-	for i := 3; i >= 0; i-- {
-		val *= 0x100000000
-		val += float64(d.integer[i])
-	}
-	if !d.positive {
-		val = -val
-	}
-	if d.scale != 0 {
-		val /= scaletblflt64[d.scale]
-	}
-	return val
-}
-
-const autoScale = 100
-
-func Float64ToDecimal(f float64) (Decimal, error) {
-	return Float64ToDecimalScale(f, autoScale)
-}
-
-func Float64ToDecimalScale(f float64, scale uint8) (Decimal, error) {
-	var dec Decimal
-	if math.IsNaN(f) {
-		return dec, errors.New("NaN")
-	}
-	if math.IsInf(f, 0) {
-		return dec, errors.New("Infinity can't be converted to decimal")
-	}
-	dec.positive = f >= 0
-	if !dec.positive {
-		f = math.Abs(f)
-	}
-	if f > 3.402823669209385e+38 {
-		return dec, errors.New("Float value is out of range")
-	}
-	dec.prec = 20
-	var integer float64
-	for dec.scale = 0; dec.scale <= scale; dec.scale++ {
-		integer = f * scaletblflt64[dec.scale]
-		_, frac := math.Modf(integer)
-		if frac == 0 && scale == autoScale {
-			break
-		}
-	}
-	for i := 0; i < 4; i++ {
-		mod := math.Mod(integer, 0x100000000)
-		integer -= mod
-		integer /= 0x100000000
-		dec.integer[i] = uint32(mod)
-	}
-	return dec, nil
-}
-
-func init() {
-	var acc float64 = 1
-	for i := 0; i <= 38; i++ {
-		scaletblflt64[i] = acc
-		acc *= 10
-	}
-}
-
-func (d Decimal) BigInt() big.Int {
-	bytes := make([]byte, 16)
-	binary.BigEndian.PutUint32(bytes[0:4], d.integer[3])
-	binary.BigEndian.PutUint32(bytes[4:8], d.integer[2])
-	binary.BigEndian.PutUint32(bytes[8:12], d.integer[1])
-	binary.BigEndian.PutUint32(bytes[12:16], d.integer[0])
-	var x big.Int
-	x.SetBytes(bytes)
-	if !d.positive {
-		x.Neg(&x)
-	}
-	return x
-}
-
-func (d Decimal) Bytes() []byte {
-	x := d.BigInt()
-	return scaleBytes(x.String(), d.scale)
-}
-
-func (d Decimal) UnscaledBytes() []byte {
-	x := d.BigInt()
-	return x.Bytes()
-}
-
-func scaleBytes(s string, scale uint8) []byte {
-	z := make([]byte, 0, len(s)+1)
-	if s[0] == '-' || s[0] == '+' {
-		z = append(z, byte(s[0]))
-		s = s[1:]
-	}
-	pos := len(s) - int(scale)
-	if pos <= 0 {
-		z = append(z, byte('0'))
-	} else if pos > 0 {
-		z = append(z, []byte(s[:pos])...)
-	}
-	if scale > 0 {
-		z = append(z, byte('.'))
-		for pos < 0 {
-			z = append(z, byte('0'))
-			pos++
-		}
-		z = append(z, []byte(s[pos:])...)
-	}
-	return z
-}
-
-func (d Decimal) String() string {
-	return string(d.Bytes())
-}
diff --git a/vendor/github.com/denisenkom/go-mssqldb/go.mod b/vendor/github.com/denisenkom/go-mssqldb/go.mod
index 096fc96b..ebc02ab8 100644
--- a/vendor/github.com/denisenkom/go-mssqldb/go.mod
+++ b/vendor/github.com/denisenkom/go-mssqldb/go.mod
@@ -3,8 +3,6 @@ module github.com/denisenkom/go-mssqldb
 go 1.11
 
 require (
-	cloud.google.com/go v0.37.4
+	github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe
 	golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c
-	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
-	gopkg.in/yaml.v2 v2.2.2 // indirect
 )
diff --git a/vendor/github.com/denisenkom/go-mssqldb/go.sum b/vendor/github.com/denisenkom/go-mssqldb/go.sum
index e1936ecf..1887801b 100644
--- a/vendor/github.com/denisenkom/go-mssqldb/go.sum
+++ b/vendor/github.com/denisenkom/go-mssqldb/go.sum
@@ -1,168 +1,5 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.31.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.37.2 h1:4y4L7BdHenTfZL0HervofNTHh9Ad6mNX72cQvl+5eH0=
-cloud.google.com/go v0.37.2/go.mod h1:H8IAquKe2L30IxoupDgqTaQvKSwF/c8prYHynGIWQbA=
-git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
-git.apache.org/thrift.git v0.12.0/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
-github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
-github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
-github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
-github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
-github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
-github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
-github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
-github.com/grpc-ecosystem/grpc-gateway v1.6.2/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8=
-github.com/openzipkin/zipkin-go v0.1.3/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8=
-github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw=
-github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA=
-go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA=
-go.opencensus.io v0.19.1/go.mod h1:gug0GbSHa8Pafr0d2urOSgoXHZ6x/RUlaiT0d9pqb4A=
-go.opencensus.io v0.19.2/go.mod h1:NO/8qkisMZLZ1FCsKNqtJPwc8/TaclWyY0B6wcYNg9M=
-go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE=
-golang.org/x/build v0.0.0-20190314133821-5284462c4bec/go.mod h1:atTaCNAy0f16Ah5aV1gMSwgiKVHwu/JncqDpuRr7lS4=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
+github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c h1:Vj5n4GlwjmQteupaxJ9+0FNOmBrHfq7vN4btdGoDZgI=
 golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20181217174547-8f45f776aaf1/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181029044818-c44066c5c816/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181218192612-074acd46bca6/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181219222714-6e267b5cc78e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
-google.golang.org/api v0.0.0-20181030000543-1d582fd0359e/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
-google.golang.org/api v0.0.0-20181220000619-583d854617af/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
-google.golang.org/api v0.2.0/go.mod h1:IfRCZScioGtypHNTlz3gFk67J8uePVW7uDTBzXuIkhU=
-google.golang.org/api v0.3.0/go.mod h1:IuvZyQh8jgscv8qWfQ4ABd8m7hEudgBFM/EdhA3BnXw=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20181219182458-5a97ab628bfb/go.mod h1:7Ep/1NZk928CDR8SjdVbjWNpdIf6nzjE3BTgJDr2Atg=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
-google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio=
-google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o=
-honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20180920025451-e3ad64cb4ed3/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
diff --git a/vendor/github.com/denisenkom/go-mssqldb/internal/decimal/decimal.go b/vendor/github.com/denisenkom/go-mssqldb/internal/decimal/decimal.go
new file mode 100644
index 00000000..7da0375d
--- /dev/null
+++ b/vendor/github.com/denisenkom/go-mssqldb/internal/decimal/decimal.go
@@ -0,0 +1,252 @@
+package decimal
+
+import (
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"math"
+	"math/big"
+	"strings"
+)
+
+// Decimal represents decimal type in the Microsoft Open Specifications: http://msdn.microsoft.com/en-us/library/ee780893.aspx
+type Decimal struct {
+	integer  [4]uint32 // Little-endian
+	positive bool
+	prec     uint8
+	scale    uint8
+}
+
+var (
+	scaletblflt64 [39]float64
+	int10         big.Int
+	int1e5        big.Int
+)
+
+func init() {
+	var acc float64 = 1
+	for i := 0; i <= 38; i++ {
+		scaletblflt64[i] = acc
+		acc *= 10
+	}
+
+	int10.SetInt64(10)
+	int1e5.SetInt64(1e5)
+}
+
+const autoScale = 100
+
+// SetInteger sets the ind'th element in the integer array
+func (d *Decimal) SetInteger(integer uint32, ind uint8) {
+	d.integer[ind] = integer
+}
+
+// SetPositive sets the positive member
+func (d *Decimal) SetPositive(positive bool) {
+	d.positive = positive
+}
+
+// SetPrec sets the prec member
+func (d *Decimal) SetPrec(prec uint8) {
+	d.prec = prec
+}
+
+// SetScale sets the scale member
+func (d *Decimal) SetScale(scale uint8) {
+	d.scale = scale
+}
+
+// IsPositive returns true if the Decimal is positive
+func (d *Decimal) IsPositive() bool {
+	return d.positive
+}
+
+// ToFloat64 converts decimal to a float64
+func (d Decimal) ToFloat64() float64 {
+	val := float64(0)
+	for i := 3; i >= 0; i-- {
+		val *= 0x100000000
+		val += float64(d.integer[i])
+	}
+	if !d.positive {
+		val = -val
+	}
+	if d.scale != 0 {
+		val /= scaletblflt64[d.scale]
+	}
+	return val
+}
+
+// BigInt converts decimal to a bigint
+func (d Decimal) BigInt() big.Int {
+	bytes := make([]byte, 16)
+	binary.BigEndian.PutUint32(bytes[0:4], d.integer[3])
+	binary.BigEndian.PutUint32(bytes[4:8], d.integer[2])
+	binary.BigEndian.PutUint32(bytes[8:12], d.integer[1])
+	binary.BigEndian.PutUint32(bytes[12:16], d.integer[0])
+	var x big.Int
+	x.SetBytes(bytes)
+	if !d.positive {
+		x.Neg(&x)
+	}
+	return x
+}
+
+// Bytes converts decimal to a scaled byte slice
+func (d Decimal) Bytes() []byte {
+	x := d.BigInt()
+	return ScaleBytes(x.String(), d.scale)
+}
+
+// UnscaledBytes converts decimal to a unscaled byte slice
+func (d Decimal) UnscaledBytes() []byte {
+	x := d.BigInt()
+	return x.Bytes()
+}
+
+// String converts decimal to a string
+func (d Decimal) String() string {
+	return string(d.Bytes())
+}
+
+// Float64ToDecimal converts float64 to decimal
+func Float64ToDecimal(f float64) (Decimal, error) {
+	return Float64ToDecimalScale(f, autoScale)
+}
+
+// Float64ToDecimalScale converts float64 to decimal; user can specify the scale
+func Float64ToDecimalScale(f float64, scale uint8) (Decimal, error) {
+	var dec Decimal
+	if math.IsNaN(f) {
+		return dec, errors.New("NaN")
+	}
+	if math.IsInf(f, 0) {
+		return dec, errors.New("Infinity can't be converted to decimal")
+	}
+	dec.positive = f >= 0
+	if !dec.positive {
+		f = math.Abs(f)
+	}
+	if f > 3.402823669209385e+38 {
+		return dec, errors.New("Float value is out of range")
+	}
+	dec.prec = 20
+	var integer float64
+	for dec.scale = 0; dec.scale <= scale; dec.scale++ {
+		integer = f * scaletblflt64[dec.scale]
+		_, frac := math.Modf(integer)
+		if frac == 0 && scale == autoScale {
+			break
+		}
+	}
+	for i := 0; i < 4; i++ {
+		mod := math.Mod(integer, 0x100000000)
+		integer -= mod
+		integer /= 0x100000000
+		dec.integer[i] = uint32(mod)
+		if mod-math.Trunc(mod) >= 0.5 {
+			dec.integer[i] = uint32(mod) + 1
+		}
+	}
+	return dec, nil
+}
+
+// Int64ToDecimalScale converts float64 to decimal; user can specify the scale
+func Int64ToDecimalScale(v int64, scale uint8) Decimal {
+	positive := v >= 0
+	if !positive {
+		if v == math.MinInt64 {
+			// Special case - can't negate
+			return Decimal{
+				integer:  [4]uint32{0, 0x80000000, 0, 0},
+				positive: false,
+				prec:     20,
+				scale:    0,
+			}
+		}
+		v = -v
+	}
+	return Decimal{
+		integer:  [4]uint32{uint32(v), uint32(v >> 32), 0, 0},
+		positive: positive,
+		prec:     20,
+		scale:    scale,
+	}
+}
+
+// StringToDecimalScale converts string to decimal
+func StringToDecimalScale(v string, outScale uint8) (Decimal, error) {
+	var r big.Int
+	var unscaled string
+	var inScale int
+
+	point := strings.LastIndexByte(v, '.')
+	if point == -1 {
+		inScale = 0
+		unscaled = v
+	} else {
+		inScale = len(v) - point - 1
+		unscaled = v[:point] + v[point+1:]
+	}
+	if inScale > math.MaxUint8 {
+		return Decimal{}, fmt.Errorf("can't parse %q as a decimal number: scale too large", v)
+	}
+
+	_, ok := r.SetString(unscaled, 10)
+	if !ok {
+		return Decimal{}, fmt.Errorf("can't parse %q as a decimal number", v)
+	}
+
+	if inScale > int(outScale) {
+		return Decimal{}, fmt.Errorf("can't parse %q as a decimal number: scale %d is larger than the scale %d of the target column", v, inScale, outScale)
+	}
+	for inScale < int(outScale) {
+		if int(outScale)-inScale >= 5 {
+			r.Mul(&r, &int1e5)
+			inScale += 5
+		} else {
+			r.Mul(&r, &int10)
+			inScale++
+		}
+	}
+
+	bytes := r.Bytes()
+	if len(bytes) > 16 {
+		return Decimal{}, fmt.Errorf("can't parse %q as a decimal number: precision too large", v)
+	}
+	var out [4]uint32
+	for i, b := range bytes {
+		pos := len(bytes) - i - 1
+		out[pos/4] += uint32(b) << uint(pos%4*8)
+	}
+	return Decimal{
+		integer:  out,
+		positive: r.Sign() >= 0,
+		prec:     20,
+		scale:    uint8(inScale),
+	}, nil
+}
+
+// ScaleBytes converts a stringified decimal to a scaled byte slice
+func ScaleBytes(s string, scale uint8) []byte {
+	z := make([]byte, 0, len(s)+1)
+	if s[0] == '-' || s[0] == '+' {
+		z = append(z, byte(s[0]))
+		s = s[1:]
+	}
+	pos := len(s) - int(scale)
+	if pos <= 0 {
+		z = append(z, byte('0'))
+	} else if pos > 0 {
+		z = append(z, []byte(s[:pos])...)
+	}
+	if scale > 0 {
+		z = append(z, byte('.'))
+		for pos < 0 {
+			z = append(z, byte('0'))
+			pos++
+		}
+		z = append(z, []byte(s[pos:])...)
+	}
+	return z
+}
diff --git a/vendor/github.com/denisenkom/go-mssqldb/mssql.go b/vendor/github.com/denisenkom/go-mssqldb/mssql.go
index cf84f3a1..e37109cd 100644
--- a/vendor/github.com/denisenkom/go-mssqldb/mssql.go
+++ b/vendor/github.com/denisenkom/go-mssqldb/mssql.go
@@ -716,6 +716,8 @@ func (rc *Rows) Next(dest []driver.Value) error {
 			if tokdata.isError() {
 				return rc.stmt.c.checkBadConn(tokdata.getError())
 			}
+		case ReturnStatus:
+			rc.stmt.c.setReturnStatus(tokdata)
 		case error:
 			return rc.stmt.c.checkBadConn(tokdata)
 		}
@@ -874,29 +876,6 @@ func (r *Result) RowsAffected() (int64, error) {
 	return r.rowsAffected, nil
 }
 
-func (r *Result) LastInsertId() (int64, error) {
-	s, err := r.c.Prepare("select cast(@@identity as bigint)")
-	if err != nil {
-		return 0, err
-	}
-	defer s.Close()
-	rows, err := s.Query(nil)
-	if err != nil {
-		return 0, err
-	}
-	defer rows.Close()
-	dest := make([]driver.Value, 1)
-	err = rows.Next(dest)
-	if err != nil {
-		return 0, err
-	}
-	if dest[0] == nil {
-		return -1, errors.New("There is no generated identity value")
-	}
-	lastInsertId := dest[0].(int64)
-	return lastInsertId, nil
-}
-
 var _ driver.Pinger = &Conn{}
 
 // Ping is used to check if the remote server is available and satisfies the Pinger interface.
diff --git a/vendor/github.com/denisenkom/go-mssqldb/mssql_go110.go b/vendor/github.com/denisenkom/go-mssqldb/mssql_go110.go
index 833f0471..6d76fbad 100644
--- a/vendor/github.com/denisenkom/go-mssqldb/mssql_go110.go
+++ b/vendor/github.com/denisenkom/go-mssqldb/mssql_go110.go
@@ -5,6 +5,7 @@ package mssql
 import (
 	"context"
 	"database/sql/driver"
+	"errors"
 )
 
 var _ driver.Connector = &Connector{}
@@ -45,3 +46,7 @@ func (c *Connector) Connect(ctx context.Context) (driver.Conn, error) {
 func (c *Connector) Driver() driver.Driver {
 	return c.driver
 }
+
+func (r *Result) LastInsertId() (int64, error) {
+	return -1, errors.New("LastInsertId is not supported. Please use the OUTPUT clause or add `select ID = convert(bigint, SCOPE_IDENTITY())` to the end of your query.")
+}
diff --git a/vendor/github.com/denisenkom/go-mssqldb/mssql_go110pre.go b/vendor/github.com/denisenkom/go-mssqldb/mssql_go110pre.go
new file mode 100644
index 00000000..3baae0c4
--- /dev/null
+++ b/vendor/github.com/denisenkom/go-mssqldb/mssql_go110pre.go
@@ -0,0 +1,31 @@
+// +build !go1.10
+
+package mssql
+
+import (
+	"database/sql/driver"
+	"errors"
+)
+
+func (r *Result) LastInsertId() (int64, error) {
+	s, err := r.c.Prepare("select cast(@@identity as bigint)")
+	if err != nil {
+		return 0, err
+	}
+	defer s.Close()
+	rows, err := s.Query(nil)
+	if err != nil {
+		return 0, err
+	}
+	defer rows.Close()
+	dest := make([]driver.Value, 1)
+	err = rows.Next(dest)
+	if err != nil {
+		return 0, err
+	}
+	if dest[0] == nil {
+		return -1, errors.New("There is no generated identity value")
+	}
+	lastInsertId := dest[0].(int64)
+	return lastInsertId, nil
+}
diff --git a/vendor/github.com/denisenkom/go-mssqldb/mssql_go19.go b/vendor/github.com/denisenkom/go-mssqldb/mssql_go19.go
index 7f2295c3..a2bd1167 100644
--- a/vendor/github.com/denisenkom/go-mssqldb/mssql_go19.go
+++ b/vendor/github.com/denisenkom/go-mssqldb/mssql_go19.go
@@ -11,7 +11,7 @@ import (
 	"time"
 
 	// "github.com/cockroachdb/apd"
-	"cloud.google.com/go/civil"
+	"github.com/golang-sql/civil"
 )
 
 // Type alias provided for compatibility.
diff --git a/vendor/github.com/denisenkom/go-mssqldb/net.go b/vendor/github.com/denisenkom/go-mssqldb/net.go
index e3864d1a..94858cc7 100644
--- a/vendor/github.com/denisenkom/go-mssqldb/net.go
+++ b/vendor/github.com/denisenkom/go-mssqldb/net.go
@@ -9,9 +9,6 @@ import (
 type timeoutConn struct {
 	c             net.Conn
 	timeout       time.Duration
-	buf           *tdsBuffer
-	packetPending bool
-	continueRead  bool
 }
 
 func newTimeoutConn(conn net.Conn, timeout time.Duration) *timeoutConn {
@@ -22,32 +19,6 @@ func newTimeoutConn(conn net.Conn, timeout time.Duration) *timeoutConn {
 }
 
 func (c *timeoutConn) Read(b []byte) (n int, err error) {
-	if c.buf != nil {
-		if c.packetPending {
-			c.packetPending = false
-			err = c.buf.FinishPacket()
-			if err != nil {
-				err = fmt.Errorf("Cannot send handshake packet: %s", err.Error())
-				return
-			}
-			c.continueRead = false
-		}
-		if !c.continueRead {
-			var packet packetType
-			packet, err = c.buf.BeginRead()
-			if err != nil {
-				err = fmt.Errorf("Cannot read handshake packet: %s", err.Error())
-				return
-			}
-			if packet != packPrelogin {
-				err = fmt.Errorf("unexpected packet %d, expecting prelogin", packet)
-				return
-			}
-			c.continueRead = true
-		}
-		n, err = c.buf.Read(b)
-		return
-	}
 	if c.timeout > 0 {
 		err = c.c.SetDeadline(time.Now().Add(c.timeout))
 		if err != nil {
@@ -58,17 +29,6 @@ func (c *timeoutConn) Read(b []byte) (n int, err error) {
 }
 
 func (c *timeoutConn) Write(b []byte) (n int, err error) {
-	if c.buf != nil {
-		if !c.packetPending {
-			c.buf.BeginPacket(packPrelogin, false)
-			c.packetPending = true
-		}
-		n, err = c.buf.Write(b)
-		if err != nil {
-			return
-		}
-		return
-	}
 	if c.timeout > 0 {
 		err = c.c.SetDeadline(time.Now().Add(c.timeout))
 		if err != nil {
@@ -101,3 +61,108 @@ func (c timeoutConn) SetReadDeadline(t time.Time) error {
 func (c timeoutConn) SetWriteDeadline(t time.Time) error {
 	panic("Not implemented")
 }
+
+// this connection is used during TLS Handshake
+// TDS protocol requires TLS handshake messages to be sent inside TDS packets
+type tlsHandshakeConn struct {
+	buf *tdsBuffer
+	packetPending bool
+	continueRead  bool
+}
+
+func (c *tlsHandshakeConn) Read(b []byte) (n int, err error) {
+	if c.packetPending {
+		c.packetPending = false
+		err = c.buf.FinishPacket()
+		if err != nil {
+			err = fmt.Errorf("Cannot send handshake packet: %s", err.Error())
+			return
+		}
+		c.continueRead = false
+	}
+	if !c.continueRead {
+		var packet packetType
+		packet, err = c.buf.BeginRead()
+		if err != nil {
+			err = fmt.Errorf("Cannot read handshake packet: %s", err.Error())
+			return
+		}
+		if packet != packPrelogin {
+			err = fmt.Errorf("unexpected packet %d, expecting prelogin", packet)
+			return
+		}
+		c.continueRead = true
+	}
+	return c.buf.Read(b)
+}
+
+func (c *tlsHandshakeConn) Write(b []byte) (n int, err error) {
+	if !c.packetPending {
+		c.buf.BeginPacket(packPrelogin, false)
+		c.packetPending = true
+	}
+	return c.buf.Write(b)
+}
+
+func (c *tlsHandshakeConn) Close() error {
+	panic("Not implemented")
+}
+
+func (c *tlsHandshakeConn) LocalAddr() net.Addr {
+	panic("Not implemented")
+}
+
+func (c *tlsHandshakeConn) RemoteAddr() net.Addr {
+	panic("Not implemented")
+}
+
+func (c *tlsHandshakeConn) SetDeadline(t time.Time) error {
+	panic("Not implemented")
+}
+
+func (c *tlsHandshakeConn) SetReadDeadline(t time.Time) error {
+	panic("Not implemented")
+}
+
+func (c *tlsHandshakeConn) SetWriteDeadline(t time.Time) error {
+	panic("Not implemented")
+}
+
+// this connection just delegates all methods to it's wrapped connection
+// it also allows switching underlying connection on the fly
+// it is needed because tls.Conn does not allow switching underlying connection
+type passthroughConn struct {
+	c net.Conn
+}
+
+func (c passthroughConn) Read(b []byte) (n int, err error) {
+	return c.c.Read(b)
+}
+
+func (c passthroughConn) Write(b []byte) (n int, err error) {
+	return c.c.Write(b)
+}
+
+func (c passthroughConn) Close() error {
+	return c.c.Close()
+}
+
+func (c passthroughConn) LocalAddr() net.Addr {
+	panic("Not implemented")
+}
+
+func (c passthroughConn) RemoteAddr() net.Addr {
+	panic("Not implemented")
+}
+
+func (c passthroughConn) SetDeadline(t time.Time) error {
+	panic("Not implemented")
+}
+
+func (c passthroughConn) SetReadDeadline(t time.Time) error {
+	panic("Not implemented")
+}
+
+func (c passthroughConn) SetWriteDeadline(t time.Time) error {
+	panic("Not implemented")
+}
diff --git a/vendor/github.com/denisenkom/go-mssqldb/tds.go b/vendor/github.com/denisenkom/go-mssqldb/tds.go
index a924e901..5a9f53b7 100644
--- a/vendor/github.com/denisenkom/go-mssqldb/tds.go
+++ b/vendor/github.com/denisenkom/go-mssqldb/tds.go
@@ -10,13 +10,9 @@ import (
 	"io"
 	"io/ioutil"
 	"net"
-	"net/url"
-	"os"
 	"sort"
 	"strconv"
 	"strings"
-	"time"
-	"unicode"
 	"unicode/utf16"
 	"unicode/utf8"
 )
@@ -51,15 +47,13 @@ func parseInstances(msg []byte) map[string]map[string]string {
 }
 
 func getInstances(ctx context.Context, d Dialer, address string) (map[string]map[string]string, error) {
-	maxTime := 5 * time.Second
-	ctx, cancel := context.WithTimeout(ctx, maxTime)
-	defer cancel()
 	conn, err := d.DialContext(ctx, "udp", address+":1434")
 	if err != nil {
 		return nil, err
 	}
 	defer conn.Close()
-	conn.SetDeadline(time.Now().Add(maxTime))
+	deadline, _ := ctx.Deadline()
+	conn.SetDeadline(deadline)
 	_, err = conn.Write([]byte{3})
 	if err != nil {
 		return nil, err
@@ -474,10 +468,9 @@ func readUcs2(r io.Reader, numchars int) (res string, err error) {
 }
 
 func readUsVarChar(r io.Reader) (res string, err error) {
-	var numchars uint16
-	err = binary.Read(r, binary.LittleEndian, &numchars)
+	numchars, err := readUshort(r)
 	if err != nil {
-		return "", err
+		return
 	}
 	return readUcs2(r, int(numchars))
 }
@@ -497,8 +490,7 @@ func writeUsVarChar(w io.Writer, s string) (err error) {
 }
 
 func readBVarChar(r io.Reader) (res string, err error) {
-	var numchars uint8
-	err = binary.Read(r, binary.LittleEndian, &numchars)
+	numchars, err := readByte(r)
 	if err != nil {
 		return "", err
 	}
@@ -525,8 +517,7 @@ func writeBVarChar(w io.Writer, s string) (err error) {
 }
 
 func readBVarByte(r io.Reader) (res []byte, err error) {
-	var length uint8
-	err = binary.Read(r, binary.LittleEndian, &length)
+	length, err := readByte(r)
 	if err != nil {
 		return
 	}
@@ -654,458 +645,6 @@ func sendAttention(buf *tdsBuffer) error {
 	return buf.FinishPacket()
 }
 
-type connectParams struct {
-	logFlags                  uint64
-	port                      uint64
-	host                      string
-	instance                  string
-	database                  string
-	user                      string
-	password                  string
-	dial_timeout              time.Duration
-	conn_timeout              time.Duration
-	keepAlive                 time.Duration
-	encrypt                   bool
-	disableEncryption         bool
-	trustServerCertificate    bool
-	certificate               string
-	hostInCertificate         string
-	hostInCertificateProvided bool
-	serverSPN                 string
-	workstation               string
-	appname                   string
-	typeFlags                 uint8
-	failOverPartner           string
-	failOverPort              uint64
-	packetSize                uint16
-}
-
-func splitConnectionString(dsn string) (res map[string]string) {
-	res = map[string]string{}
-	parts := strings.Split(dsn, ";")
-	for _, part := range parts {
-		if len(part) == 0 {
-			continue
-		}
-		lst := strings.SplitN(part, "=", 2)
-		name := strings.TrimSpace(strings.ToLower(lst[0]))
-		if len(name) == 0 {
-			continue
-		}
-		var value string = ""
-		if len(lst) > 1 {
-			value = strings.TrimSpace(lst[1])
-		}
-		res[name] = value
-	}
-	return res
-}
-
-// Splits a URL in the ODBC format
-func splitConnectionStringOdbc(dsn string) (map[string]string, error) {
-	res := map[string]string{}
-
-	type parserState int
-	const (
-		// Before the start of a key
-		parserStateBeforeKey parserState = iota
-
-		// Inside a key
-		parserStateKey
-
-		// Beginning of a value. May be bare or braced
-		parserStateBeginValue
-
-		// Inside a bare value
-		parserStateBareValue
-
-		// Inside a braced value
-		parserStateBracedValue
-
-		// A closing brace inside a braced value.
-		// May be the end of the value or an escaped closing brace, depending on the next character
-		parserStateBracedValueClosingBrace
-
-		// After a value. Next character should be a semicolon or whitespace.
-		parserStateEndValue
-	)
-
-	var state = parserStateBeforeKey
-
-	var key string
-	var value string
-
-	for i, c := range dsn {
-		switch state {
-		case parserStateBeforeKey:
-			switch {
-			case c == '=':
-				return res, fmt.Errorf("Unexpected character = at index %d. Expected start of key or semi-colon or whitespace.", i)
-			case !unicode.IsSpace(c) && c != ';':
-				state = parserStateKey
-				key += string(c)
-			}
-
-		case parserStateKey:
-			switch c {
-			case '=':
-				key = normalizeOdbcKey(key)
-				if len(key) == 0 {
-					return res, fmt.Errorf("Unexpected end of key at index %d.", i)
-				}
-
-				state = parserStateBeginValue
-
-			case ';':
-				// Key without value
-				key = normalizeOdbcKey(key)
-				if len(key) == 0 {
-					return res, fmt.Errorf("Unexpected end of key at index %d.", i)
-				}
-
-				res[key] = value
-				key = ""
-				value = ""
-				state = parserStateBeforeKey
-
-			default:
-				key += string(c)
-			}
-
-		case parserStateBeginValue:
-			switch {
-			case c == '{':
-				state = parserStateBracedValue
-			case c == ';':
-				// Empty value
-				res[key] = value
-				key = ""
-				state = parserStateBeforeKey
-			case unicode.IsSpace(c):
-				// Ignore whitespace
-			default:
-				state = parserStateBareValue
-				value += string(c)
-			}
-
-		case parserStateBareValue:
-			if c == ';' {
-				res[key] = strings.TrimRightFunc(value, unicode.IsSpace)
-				key = ""
-				value = ""
-				state = parserStateBeforeKey
-			} else {
-				value += string(c)
-			}
-
-		case parserStateBracedValue:
-			if c == '}' {
-				state = parserStateBracedValueClosingBrace
-			} else {
-				value += string(c)
-			}
-
-		case parserStateBracedValueClosingBrace:
-			if c == '}' {
-				// Escaped closing brace
-				value += string(c)
-				state = parserStateBracedValue
-				continue
-			}
-
-			// End of braced value
-			res[key] = value
-			key = ""
-			value = ""
-
-			// This character is the first character past the end,
-			// so it needs to be parsed like the parserStateEndValue state.
-			state = parserStateEndValue
-			switch {
-			case c == ';':
-				state = parserStateBeforeKey
-			case unicode.IsSpace(c):
-				// Ignore whitespace
-			default:
-				return res, fmt.Errorf("Unexpected character %c at index %d. Expected semi-colon or whitespace.", c, i)
-			}
-
-		case parserStateEndValue:
-			switch {
-			case c == ';':
-				state = parserStateBeforeKey
-			case unicode.IsSpace(c):
-				// Ignore whitespace
-			default:
-				return res, fmt.Errorf("Unexpected character %c at index %d. Expected semi-colon or whitespace.", c, i)
-			}
-		}
-	}
-
-	switch state {
-	case parserStateBeforeKey: // Okay
-	case parserStateKey: // Unfinished key. Treat as key without value.
-		key = normalizeOdbcKey(key)
-		if len(key) == 0 {
-			return res, fmt.Errorf("Unexpected end of key at index %d.", len(dsn))
-		}
-		res[key] = value
-	case parserStateBeginValue: // Empty value
-		res[key] = value
-	case parserStateBareValue:
-		res[key] = strings.TrimRightFunc(value, unicode.IsSpace)
-	case parserStateBracedValue:
-		return res, fmt.Errorf("Unexpected end of braced value at index %d.", len(dsn))
-	case parserStateBracedValueClosingBrace: // End of braced value
-		res[key] = value
-	case parserStateEndValue: // Okay
-	}
-
-	return res, nil
-}
-
-// Normalizes the given string as an ODBC-format key
-func normalizeOdbcKey(s string) string {
-	return strings.ToLower(strings.TrimRightFunc(s, unicode.IsSpace))
-}
-
-// Splits a URL of the form sqlserver://username:password@host/instance?param1=value&param2=value
-func splitConnectionStringURL(dsn string) (map[string]string, error) {
-	res := map[string]string{}
-
-	u, err := url.Parse(dsn)
-	if err != nil {
-		return res, err
-	}
-
-	if u.Scheme != "sqlserver" {
-		return res, fmt.Errorf("scheme %s is not recognized", u.Scheme)
-	}
-
-	if u.User != nil {
-		res["user id"] = u.User.Username()
-		p, exists := u.User.Password()
-		if exists {
-			res["password"] = p
-		}
-	}
-
-	host, port, err := net.SplitHostPort(u.Host)
-	if err != nil {
-		host = u.Host
-	}
-
-	if len(u.Path) > 0 {
-		res["server"] = host + "\\" + u.Path[1:]
-	} else {
-		res["server"] = host
-	}
-
-	if len(port) > 0 {
-		res["port"] = port
-	}
-
-	query := u.Query()
-	for k, v := range query {
-		if len(v) > 1 {
-			return res, fmt.Errorf("key %s provided more than once", k)
-		}
-		res[strings.ToLower(k)] = v[0]
-	}
-
-	return res, nil
-}
-
-func parseConnectParams(dsn string) (connectParams, error) {
-	var p connectParams
-
-	var params map[string]string
-	if strings.HasPrefix(dsn, "odbc:") {
-		parameters, err := splitConnectionStringOdbc(dsn[len("odbc:"):])
-		if err != nil {
-			return p, err
-		}
-		params = parameters
-	} else if strings.HasPrefix(dsn, "sqlserver://") {
-		parameters, err := splitConnectionStringURL(dsn)
-		if err != nil {
-			return p, err
-		}
-		params = parameters
-	} else {
-		params = splitConnectionString(dsn)
-	}
-
-	strlog, ok := params["log"]
-	if ok {
-		var err error
-		p.logFlags, err = strconv.ParseUint(strlog, 10, 64)
-		if err != nil {
-			return p, fmt.Errorf("Invalid log parameter '%s': %s", strlog, err.Error())
-		}
-	}
-	server := params["server"]
-	parts := strings.SplitN(server, `\`, 2)
-	p.host = parts[0]
-	if p.host == "." || strings.ToUpper(p.host) == "(LOCAL)" || p.host == "" {
-		p.host = "localhost"
-	}
-	if len(parts) > 1 {
-		p.instance = parts[1]
-	}
-	p.database = params["database"]
-	p.user = params["user id"]
-	p.password = params["password"]
-
-	p.port = 1433
-	strport, ok := params["port"]
-	if ok {
-		var err error
-		p.port, err = strconv.ParseUint(strport, 10, 16)
-		if err != nil {
-			f := "Invalid tcp port '%v': %v"
-			return p, fmt.Errorf(f, strport, err.Error())
-		}
-	}
-
-	// https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/configure-the-network-packet-size-server-configuration-option
-	// Default packet size remains at 4096 bytes
-	p.packetSize = 4096
-	strpsize, ok := params["packet size"]
-	if ok {
-		var err error
-		psize, err := strconv.ParseUint(strpsize, 0, 16)
-		if err != nil {
-			f := "Invalid packet size '%v': %v"
-			return p, fmt.Errorf(f, strpsize, err.Error())
-		}
-
-		// Ensure packet size falls within the TDS protocol range of 512 to 32767 bytes
-		// NOTE: Encrypted connections have a maximum size of 16383 bytes.  If you request
-		// a higher packet size, the server will respond with an ENVCHANGE request to
-		// alter the packet size to 16383 bytes.
-		p.packetSize = uint16(psize)
-		if p.packetSize < 512 {
-			p.packetSize = 512
-		} else if p.packetSize > 32767 {
-			p.packetSize = 32767
-		}
-	}
-
-	// https://msdn.microsoft.com/en-us/library/dd341108.aspx
-	//
-	// Do not set a connection timeout. Use Context to manage such things.
-	// Default to zero, but still allow it to be set.
-	if strconntimeout, ok := params["connection timeout"]; ok {
-		timeout, err := strconv.ParseUint(strconntimeout, 10, 64)
-		if err != nil {
-			f := "Invalid connection timeout '%v': %v"
-			return p, fmt.Errorf(f, strconntimeout, err.Error())
-		}
-		p.conn_timeout = time.Duration(timeout) * time.Second
-	}
-	p.dial_timeout = 15 * time.Second
-	if strdialtimeout, ok := params["dial timeout"]; ok {
-		timeout, err := strconv.ParseUint(strdialtimeout, 10, 64)
-		if err != nil {
-			f := "Invalid dial timeout '%v': %v"
-			return p, fmt.Errorf(f, strdialtimeout, err.Error())
-		}
-		p.dial_timeout = time.Duration(timeout) * time.Second
-	}
-
-	// default keep alive should be 30 seconds according to spec:
-	// https://msdn.microsoft.com/en-us/library/dd341108.aspx
-	p.keepAlive = 30 * time.Second
-	if keepAlive, ok := params["keepalive"]; ok {
-		timeout, err := strconv.ParseUint(keepAlive, 10, 64)
-		if err != nil {
-			f := "Invalid keepAlive value '%s': %s"
-			return p, fmt.Errorf(f, keepAlive, err.Error())
-		}
-		p.keepAlive = time.Duration(timeout) * time.Second
-	}
-	encrypt, ok := params["encrypt"]
-	if ok {
-		if strings.EqualFold(encrypt, "DISABLE") {
-			p.disableEncryption = true
-		} else {
-			var err error
-			p.encrypt, err = strconv.ParseBool(encrypt)
-			if err != nil {
-				f := "Invalid encrypt '%s': %s"
-				return p, fmt.Errorf(f, encrypt, err.Error())
-			}
-		}
-	} else {
-		p.trustServerCertificate = true
-	}
-	trust, ok := params["trustservercertificate"]
-	if ok {
-		var err error
-		p.trustServerCertificate, err = strconv.ParseBool(trust)
-		if err != nil {
-			f := "Invalid trust server certificate '%s': %s"
-			return p, fmt.Errorf(f, trust, err.Error())
-		}
-	}
-	p.certificate = params["certificate"]
-	p.hostInCertificate, ok = params["hostnameincertificate"]
-	if ok {
-		p.hostInCertificateProvided = true
-	} else {
-		p.hostInCertificate = p.host
-		p.hostInCertificateProvided = false
-	}
-
-	serverSPN, ok := params["serverspn"]
-	if ok {
-		p.serverSPN = serverSPN
-	} else {
-		p.serverSPN = fmt.Sprintf("MSSQLSvc/%s:%d", p.host, p.port)
-	}
-
-	workstation, ok := params["workstation id"]
-	if ok {
-		p.workstation = workstation
-	} else {
-		workstation, err := os.Hostname()
-		if err == nil {
-			p.workstation = workstation
-		}
-	}
-
-	appname, ok := params["app name"]
-	if !ok {
-		appname = "go-mssqldb"
-	}
-	p.appname = appname
-
-	appintent, ok := params["applicationintent"]
-	if ok {
-		if appintent == "ReadOnly" {
-			p.typeFlags |= fReadOnlyIntent
-		}
-	}
-
-	failOverPartner, ok := params["failoverpartner"]
-	if ok {
-		p.failOverPartner = failOverPartner
-	}
-
-	failOverPort, ok := params["failoverport"]
-	if ok {
-		var err error
-		p.failOverPort, err = strconv.ParseUint(failOverPort, 0, 16)
-		if err != nil {
-			f := "Invalid tcp port '%v': %v"
-			return p, fmt.Errorf(f, failOverPort, err.Error())
-		}
-	}
-
-	return p, nil
-}
-
 type auth interface {
 	InitialBytes() ([]byte, error)
 	NextBytes([]byte) ([]byte, error)
@@ -1277,12 +816,12 @@ initiate_connection:
 		// while SQL Server seems to expect one TCP segment per encrypted TDS package.
 		// Setting DynamicRecordSizingDisabled to true disables that algorithm and uses 16384 bytes per TLS package
 		config.DynamicRecordSizingDisabled = true
-		outbuf.transport = conn
-		toconn.buf = outbuf
-		tlsConn := tls.Client(toconn, &config)
+		// setting up connection handler which will allow wrapping of TLS handshake packets inside TDS stream
+		handshakeConn := tlsHandshakeConn{buf: outbuf}
+		passthrough := passthroughConn{c: &handshakeConn}
+		tlsConn := tls.Client(&passthrough, &config)
 		err = tlsConn.Handshake()
-
-		toconn.buf = nil
+		passthrough.c = toconn
 		outbuf.transport = tlsConn
 		if err != nil {
 			return nil, fmt.Errorf("TLS Handshake failed: %v", err)
diff --git a/vendor/github.com/denisenkom/go-mssqldb/types.go b/vendor/github.com/denisenkom/go-mssqldb/types.go
index c9f17b9e..b6e7fb2b 100644
--- a/vendor/github.com/denisenkom/go-mssqldb/types.go
+++ b/vendor/github.com/denisenkom/go-mssqldb/types.go
@@ -11,6 +11,7 @@ import (
 	"time"
 
 	"github.com/denisenkom/go-mssqldb/internal/cp"
+	"github.com/denisenkom/go-mssqldb/internal/decimal"
 )
 
 // fixed-length data types
@@ -818,12 +819,12 @@ func decodeMoney(buf []byte) []byte {
 		uint64(buf[1])<<40 |
 		uint64(buf[2])<<48 |
 		uint64(buf[3])<<56)
-	return scaleBytes(strconv.FormatInt(money, 10), 4)
+	return decimal.ScaleBytes(strconv.FormatInt(money, 10), 4)
 }
 
 func decodeMoney4(buf []byte) []byte {
 	money := int32(binary.LittleEndian.Uint32(buf[0:4]))
-	return scaleBytes(strconv.FormatInt(int64(money), 10), 4)
+	return decimal.ScaleBytes(strconv.FormatInt(int64(money), 10), 4)
 }
 
 func decodeGuid(buf []byte) []byte {
@@ -835,15 +836,14 @@ func decodeGuid(buf []byte) []byte {
 func decodeDecimal(prec uint8, scale uint8, buf []byte) []byte {
 	var sign uint8
 	sign = buf[0]
-	dec := Decimal{
-		positive: sign != 0,
-		prec:     prec,
-		scale:    scale,
-	}
+	var dec decimal.Decimal
+	dec.SetPositive(sign != 0)
+	dec.SetPrec(prec)
+	dec.SetScale(scale)
 	buf = buf[1:]
 	l := len(buf) / 4
 	for i := 0; i < l; i++ {
-		dec.integer[i] = binary.LittleEndian.Uint32(buf[0:4])
+		dec.SetInteger(binary.LittleEndian.Uint32(buf[0:4]), uint8(i))
 		buf = buf[4:]
 	}
 	return dec.Bytes()
@@ -1186,7 +1186,7 @@ func makeDecl(ti typeInfo) string {
 	case typeBigChar, typeChar:
 		return fmt.Sprintf("char(%d)", ti.Size)
 	case typeBigVarChar, typeVarChar:
-		if ti.Size > 4000 || ti.Size == 0 {
+		if ti.Size > 8000 || ti.Size == 0 {
 			return fmt.Sprintf("varchar(max)")
 		} else {
 			return fmt.Sprintf("varchar(%d)", ti.Size)
diff --git a/vendor/github.com/denisenkom/go-mssqldb/uniqueidentifier.go b/vendor/github.com/denisenkom/go-mssqldb/uniqueidentifier.go
index c8ef3149..3ad6f863 100644
--- a/vendor/github.com/denisenkom/go-mssqldb/uniqueidentifier.go
+++ b/vendor/github.com/denisenkom/go-mssqldb/uniqueidentifier.go
@@ -72,3 +72,9 @@ func (u UniqueIdentifier) Value() (driver.Value, error) {
 func (u UniqueIdentifier) String() string {
 	return fmt.Sprintf("%X-%X-%X-%X-%X", u[0:4], u[4:6], u[6:8], u[8:10], u[10:])
 }
+
+// MarshalText converts Uniqueidentifier to bytes corresponding to the stringified hexadecimal representation of the Uniqueidentifier
+// e.g., "AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA" -> [65 65 65 65 65 65 65 65 45 65 65 65 65 45 65 65 65 65 45 65 65 65 65 65 65 65 65 65 65 65 65]
+func (u UniqueIdentifier) MarshalText() []byte {
+	return []byte(u.String())
+}
diff --git a/vendor/github.com/felixge/httpsnoop/.gitignore b/vendor/github.com/felixge/httpsnoop/.gitignore
deleted file mode 100644
index e69de29b..00000000
diff --git a/vendor/github.com/felixge/httpsnoop/.travis.yml b/vendor/github.com/felixge/httpsnoop/.travis.yml
deleted file mode 100644
index bfc42120..00000000
--- a/vendor/github.com/felixge/httpsnoop/.travis.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-language: go
-
-go:
-  - 1.6
-  - 1.7
-  - 1.8
diff --git a/vendor/github.com/felixge/httpsnoop/LICENSE.txt b/vendor/github.com/felixge/httpsnoop/LICENSE.txt
deleted file mode 100644
index e028b46a..00000000
--- a/vendor/github.com/felixge/httpsnoop/LICENSE.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-Copyright (c) 2016 Felix Geisendörfer (felix@debuggable.com)
-
- Permission is hereby granted, free of charge, to any person obtaining a copy
- of this software and associated documentation files (the "Software"), to deal
- in the Software without restriction, including without limitation the rights
- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- copies of the Software, and to permit persons to whom the Software is
- furnished to do so, subject to the following conditions:
-
- The above copyright notice and this permission notice shall be included in
- all copies or substantial portions of the Software.
-
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- THE SOFTWARE.
diff --git a/vendor/github.com/felixge/httpsnoop/Makefile b/vendor/github.com/felixge/httpsnoop/Makefile
deleted file mode 100644
index 2d84889a..00000000
--- a/vendor/github.com/felixge/httpsnoop/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
-.PHONY: ci generate clean
-
-ci: clean generate
-	go test -v ./...
-
-generate:
-	go generate .
-
-clean:
-	rm -rf *_generated*.go
diff --git a/vendor/github.com/felixge/httpsnoop/README.md b/vendor/github.com/felixge/httpsnoop/README.md
deleted file mode 100644
index ae44137e..00000000
--- a/vendor/github.com/felixge/httpsnoop/README.md
+++ /dev/null
@@ -1,94 +0,0 @@
-# httpsnoop
-
-Package httpsnoop provides an easy way to capture http related metrics (i.e.
-response time, bytes written, and http status code) from your application's
-http.Handlers.
-
-Doing this requires non-trivial wrapping of the http.ResponseWriter interface,
-which is also exposed for users interested in a more low-level API.
-
-[![GoDoc](https://godoc.org/github.com/felixge/httpsnoop?status.svg)](https://godoc.org/github.com/felixge/httpsnoop)
-[![Build Status](https://travis-ci.org/felixge/httpsnoop.svg?branch=master)](https://travis-ci.org/felixge/httpsnoop)
-
-## Usage Example
-
-```go
-// myH is your app's http handler, perhaps a http.ServeMux or similar.
-var myH http.Handler
-// wrappedH wraps myH in order to log every request.
-wrappedH := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-	m := httpsnoop.CaptureMetrics(myH, w, r)
-	log.Printf(
-		"%s %s (code=%d dt=%s written=%d)",
-		r.Method,
-		r.URL,
-		m.Code,
-		m.Duration,
-		m.Written,
-	)
-})
-http.ListenAndServe(":8080", wrappedH)
-```
-
-## Why this package exists
-
-Instrumenting an application's http.Handler is surprisingly difficult.
-
-However if you google for e.g. "capture ResponseWriter status code" you'll find
-lots of advise and code examples that suggest it to be a fairly trivial
-undertaking. Unfortunately everything I've seen so far has a high chance of
-breaking your application.
-
-The main problem is that a `http.ResponseWriter` often implements additional
-interfaces such as `http.Flusher`, `http.CloseNotifier`, `http.Hijacker`, `http.Pusher`, and
-`io.ReaderFrom`. So the naive approach of just wrapping `http.ResponseWriter`
-in your own struct that also implements the `http.ResponseWriter` interface
-will hide the additional interfaces mentioned above. This has a high change of
-introducing subtle bugs into any non-trivial application.
-
-Another approach I've seen people take is to return a struct that implements
-all of the interfaces above. However, that's also problematic, because it's
-difficult to fake some of these interfaces behaviors when the underlying
-`http.ResponseWriter` doesn't have an implementation. It's also dangerous,
-because an application may choose to operate differently, merely because it
-detects the presence of these additional interfaces.
-
-This package solves this problem by checking which additional interfaces a
-`http.ResponseWriter` implements, returning a wrapped version implementing the
-exact same set of interfaces.
-
-Additionally this package properly handles edge cases such as `WriteHeader` not
-being called, or called more than once, as well as concurrent calls to
-`http.ResponseWriter` methods, and even calls happening after the wrapped
-`ServeHTTP` has already returned.
-
-Unfortunately this package is not perfect either. It's possible that it is
-still missing some interfaces provided by the go core (let me know if you find
-one), and it won't work for applications adding their own interfaces into the
-mix.
-
-However, hopefully the explanation above has sufficiently scared you of rolling
-your own solution to this problem. httpsnoop may still break your application,
-but at least it tries to avoid it as much as possible.
-
-Anyway, the real problem here is that smuggling additional interfaces inside
-`http.ResponseWriter` is a problematic design choice, but it probably goes as
-deep as the Go language specification itself. But that's okay, I still prefer
-Go over the alternatives ;).
-
-## Performance
-
-```
-BenchmarkBaseline-8      	   20000	     94912 ns/op
-BenchmarkCaptureMetrics-8	   20000	     95461 ns/op
-```
-
-As you can see, using `CaptureMetrics` on a vanilla http.Handler introduces an
-overhead of ~500 ns per http request on my machine. However, the margin of
-error appears to be larger than that, therefor it should be reasonable to
-assume that the overhead introduced by `CaptureMetrics` is absolutely
-negligible.
-
-## License
-
-MIT
diff --git a/vendor/github.com/felixge/httpsnoop/capture_metrics.go b/vendor/github.com/felixge/httpsnoop/capture_metrics.go
deleted file mode 100644
index 4c45b1a8..00000000
--- a/vendor/github.com/felixge/httpsnoop/capture_metrics.go
+++ /dev/null
@@ -1,84 +0,0 @@
-package httpsnoop
-
-import (
-	"io"
-	"net/http"
-	"sync"
-	"time"
-)
-
-// Metrics holds metrics captured from CaptureMetrics.
-type Metrics struct {
-	// Code is the first http response code passed to the WriteHeader func of
-	// the ResponseWriter. If no such call is made, a default code of 200 is
-	// assumed instead.
-	Code int
-	// Duration is the time it took to execute the handler.
-	Duration time.Duration
-	// Written is the number of bytes successfully written by the Write or
-	// ReadFrom function of the ResponseWriter. ResponseWriters may also write
-	// data to their underlaying connection directly (e.g. headers), but those
-	// are not tracked. Therefor the number of Written bytes will usually match
-	// the size of the response body.
-	Written int64
-}
-
-// CaptureMetrics wraps the given hnd, executes it with the given w and r, and
-// returns the metrics it captured from it.
-func CaptureMetrics(hnd http.Handler, w http.ResponseWriter, r *http.Request) Metrics {
-	return CaptureMetricsFn(w, func(ww http.ResponseWriter) {
-		hnd.ServeHTTP(ww, r)
-	})
-}
-
-// CaptureMetricsFn wraps w and calls fn with the wrapped w and returns the
-// resulting metrics. This is very similar to CaptureMetrics (which is just
-// sugar on top of this func), but is a more usable interface if your
-// application doesn't use the Go http.Handler interface.
-func CaptureMetricsFn(w http.ResponseWriter, fn func(http.ResponseWriter)) Metrics {
-	var (
-		start         = time.Now()
-		m             = Metrics{Code: http.StatusOK}
-		headerWritten bool
-		lock          sync.Mutex
-		hooks         = Hooks{
-			WriteHeader: func(next WriteHeaderFunc) WriteHeaderFunc {
-				return func(code int) {
-					next(code)
-					lock.Lock()
-					defer lock.Unlock()
-					if !headerWritten {
-						m.Code = code
-						headerWritten = true
-					}
-				}
-			},
-
-			Write: func(next WriteFunc) WriteFunc {
-				return func(p []byte) (int, error) {
-					n, err := next(p)
-					lock.Lock()
-					defer lock.Unlock()
-					m.Written += int64(n)
-					headerWritten = true
-					return n, err
-				}
-			},
-
-			ReadFrom: func(next ReadFromFunc) ReadFromFunc {
-				return func(src io.Reader) (int64, error) {
-					n, err := next(src)
-					lock.Lock()
-					defer lock.Unlock()
-					headerWritten = true
-					m.Written += n
-					return n, err
-				}
-			},
-		}
-	)
-
-	fn(Wrap(w, hooks))
-	m.Duration = time.Since(start)
-	return m
-}
diff --git a/vendor/github.com/felixge/httpsnoop/docs.go b/vendor/github.com/felixge/httpsnoop/docs.go
deleted file mode 100644
index 203c35b3..00000000
--- a/vendor/github.com/felixge/httpsnoop/docs.go
+++ /dev/null
@@ -1,10 +0,0 @@
-// Package httpsnoop provides an easy way to capture http related metrics (i.e.
-// response time, bytes written, and http status code) from your application's
-// http.Handlers.
-//
-// Doing this requires non-trivial wrapping of the http.ResponseWriter
-// interface, which is also exposed for users interested in a more low-level
-// API.
-package httpsnoop
-
-//go:generate go run codegen/main.go
diff --git a/vendor/github.com/felixge/httpsnoop/wrap_generated_gteq_1.8.go b/vendor/github.com/felixge/httpsnoop/wrap_generated_gteq_1.8.go
deleted file mode 100644
index 41a20da9..00000000
--- a/vendor/github.com/felixge/httpsnoop/wrap_generated_gteq_1.8.go
+++ /dev/null
@@ -1,385 +0,0 @@
-// +build go1.8
-// Code generated by "httpsnoop/codegen"; DO NOT EDIT
-
-package httpsnoop
-
-import (
-	"bufio"
-	"io"
-	"net"
-	"net/http"
-)
-
-// HeaderFunc is part of the http.ResponseWriter interface.
-type HeaderFunc func() http.Header
-
-// WriteHeaderFunc is part of the http.ResponseWriter interface.
-type WriteHeaderFunc func(code int)
-
-// WriteFunc is part of the http.ResponseWriter interface.
-type WriteFunc func(b []byte) (int, error)
-
-// FlushFunc is part of the http.Flusher interface.
-type FlushFunc func()
-
-// CloseNotifyFunc is part of the http.CloseNotifier interface.
-type CloseNotifyFunc func() <-chan bool
-
-// HijackFunc is part of the http.Hijacker interface.
-type HijackFunc func() (net.Conn, *bufio.ReadWriter, error)
-
-// ReadFromFunc is part of the io.ReaderFrom interface.
-type ReadFromFunc func(src io.Reader) (int64, error)
-
-// PushFunc is part of the http.Pusher interface.
-type PushFunc func(target string, opts *http.PushOptions) error
-
-// Hooks defines a set of method interceptors for methods included in
-// http.ResponseWriter as well as some others. You can think of them as
-// middleware for the function calls they target. See Wrap for more details.
-type Hooks struct {
-	Header      func(HeaderFunc) HeaderFunc
-	WriteHeader func(WriteHeaderFunc) WriteHeaderFunc
-	Write       func(WriteFunc) WriteFunc
-	Flush       func(FlushFunc) FlushFunc
-	CloseNotify func(CloseNotifyFunc) CloseNotifyFunc
-	Hijack      func(HijackFunc) HijackFunc
-	ReadFrom    func(ReadFromFunc) ReadFromFunc
-	Push        func(PushFunc) PushFunc
-}
-
-// Wrap returns a wrapped version of w that provides the exact same interface
-// as w. Specifically if w implements any combination of:
-//
-// - http.Flusher
-// - http.CloseNotifier
-// - http.Hijacker
-// - io.ReaderFrom
-// - http.Pusher
-//
-// The wrapped version will implement the exact same combination. If no hooks
-// are set, the wrapped version also behaves exactly as w. Hooks targeting
-// methods not supported by w are ignored. Any other hooks will intercept the
-// method they target and may modify the call's arguments and/or return values.
-// The CaptureMetrics implementation serves as a working example for how the
-// hooks can be used.
-func Wrap(w http.ResponseWriter, hooks Hooks) http.ResponseWriter {
-	rw := &rw{w: w, h: hooks}
-	_, i0 := w.(http.Flusher)
-	_, i1 := w.(http.CloseNotifier)
-	_, i2 := w.(http.Hijacker)
-	_, i3 := w.(io.ReaderFrom)
-	_, i4 := w.(http.Pusher)
-	switch {
-	// combination 1/32
-	case !i0 && !i1 && !i2 && !i3 && !i4:
-		return struct {
-			http.ResponseWriter
-		}{rw}
-	// combination 2/32
-	case !i0 && !i1 && !i2 && !i3 && i4:
-		return struct {
-			http.ResponseWriter
-			http.Pusher
-		}{rw, rw}
-	// combination 3/32
-	case !i0 && !i1 && !i2 && i3 && !i4:
-		return struct {
-			http.ResponseWriter
-			io.ReaderFrom
-		}{rw, rw}
-	// combination 4/32
-	case !i0 && !i1 && !i2 && i3 && i4:
-		return struct {
-			http.ResponseWriter
-			io.ReaderFrom
-			http.Pusher
-		}{rw, rw, rw}
-	// combination 5/32
-	case !i0 && !i1 && i2 && !i3 && !i4:
-		return struct {
-			http.ResponseWriter
-			http.Hijacker
-		}{rw, rw}
-	// combination 6/32
-	case !i0 && !i1 && i2 && !i3 && i4:
-		return struct {
-			http.ResponseWriter
-			http.Hijacker
-			http.Pusher
-		}{rw, rw, rw}
-	// combination 7/32
-	case !i0 && !i1 && i2 && i3 && !i4:
-		return struct {
-			http.ResponseWriter
-			http.Hijacker
-			io.ReaderFrom
-		}{rw, rw, rw}
-	// combination 8/32
-	case !i0 && !i1 && i2 && i3 && i4:
-		return struct {
-			http.ResponseWriter
-			http.Hijacker
-			io.ReaderFrom
-			http.Pusher
-		}{rw, rw, rw, rw}
-	// combination 9/32
-	case !i0 && i1 && !i2 && !i3 && !i4:
-		return struct {
-			http.ResponseWriter
-			http.CloseNotifier
-		}{rw, rw}
-	// combination 10/32
-	case !i0 && i1 && !i2 && !i3 && i4:
-		return struct {
-			http.ResponseWriter
-			http.CloseNotifier
-			http.Pusher
-		}{rw, rw, rw}
-	// combination 11/32
-	case !i0 && i1 && !i2 && i3 && !i4:
-		return struct {
-			http.ResponseWriter
-			http.CloseNotifier
-			io.ReaderFrom
-		}{rw, rw, rw}
-	// combination 12/32
-	case !i0 && i1 && !i2 && i3 && i4:
-		return struct {
-			http.ResponseWriter
-			http.CloseNotifier
-			io.ReaderFrom
-			http.Pusher
-		}{rw, rw, rw, rw}
-	// combination 13/32
-	case !i0 && i1 && i2 && !i3 && !i4:
-		return struct {
-			http.ResponseWriter
-			http.CloseNotifier
-			http.Hijacker
-		}{rw, rw, rw}
-	// combination 14/32
-	case !i0 && i1 && i2 && !i3 && i4:
-		return struct {
-			http.ResponseWriter
-			http.CloseNotifier
-			http.Hijacker
-			http.Pusher
-		}{rw, rw, rw, rw}
-	// combination 15/32
-	case !i0 && i1 && i2 && i3 && !i4:
-		return struct {
-			http.ResponseWriter
-			http.CloseNotifier
-			http.Hijacker
-			io.ReaderFrom
-		}{rw, rw, rw, rw}
-	// combination 16/32
-	case !i0 && i1 && i2 && i3 && i4:
-		return struct {
-			http.ResponseWriter
-			http.CloseNotifier
-			http.Hijacker
-			io.ReaderFrom
-			http.Pusher
-		}{rw, rw, rw, rw, rw}
-	// combination 17/32
-	case i0 && !i1 && !i2 && !i3 && !i4:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-		}{rw, rw}
-	// combination 18/32
-	case i0 && !i1 && !i2 && !i3 && i4:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-			http.Pusher
-		}{rw, rw, rw}
-	// combination 19/32
-	case i0 && !i1 && !i2 && i3 && !i4:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-			io.ReaderFrom
-		}{rw, rw, rw}
-	// combination 20/32
-	case i0 && !i1 && !i2 && i3 && i4:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-			io.ReaderFrom
-			http.Pusher
-		}{rw, rw, rw, rw}
-	// combination 21/32
-	case i0 && !i1 && i2 && !i3 && !i4:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-			http.Hijacker
-		}{rw, rw, rw}
-	// combination 22/32
-	case i0 && !i1 && i2 && !i3 && i4:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-			http.Hijacker
-			http.Pusher
-		}{rw, rw, rw, rw}
-	// combination 23/32
-	case i0 && !i1 && i2 && i3 && !i4:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-			http.Hijacker
-			io.ReaderFrom
-		}{rw, rw, rw, rw}
-	// combination 24/32
-	case i0 && !i1 && i2 && i3 && i4:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-			http.Hijacker
-			io.ReaderFrom
-			http.Pusher
-		}{rw, rw, rw, rw, rw}
-	// combination 25/32
-	case i0 && i1 && !i2 && !i3 && !i4:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-		}{rw, rw, rw}
-	// combination 26/32
-	case i0 && i1 && !i2 && !i3 && i4:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-			http.Pusher
-		}{rw, rw, rw, rw}
-	// combination 27/32
-	case i0 && i1 && !i2 && i3 && !i4:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-			io.ReaderFrom
-		}{rw, rw, rw, rw}
-	// combination 28/32
-	case i0 && i1 && !i2 && i3 && i4:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-			io.ReaderFrom
-			http.Pusher
-		}{rw, rw, rw, rw, rw}
-	// combination 29/32
-	case i0 && i1 && i2 && !i3 && !i4:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-			http.Hijacker
-		}{rw, rw, rw, rw}
-	// combination 30/32
-	case i0 && i1 && i2 && !i3 && i4:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-			http.Hijacker
-			http.Pusher
-		}{rw, rw, rw, rw, rw}
-	// combination 31/32
-	case i0 && i1 && i2 && i3 && !i4:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-			http.Hijacker
-			io.ReaderFrom
-		}{rw, rw, rw, rw, rw}
-	// combination 32/32
-	case i0 && i1 && i2 && i3 && i4:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-			http.Hijacker
-			io.ReaderFrom
-			http.Pusher
-		}{rw, rw, rw, rw, rw, rw}
-	}
-	panic("unreachable")
-}
-
-type rw struct {
-	w http.ResponseWriter
-	h Hooks
-}
-
-func (w *rw) Header() http.Header {
-	f := w.w.(http.ResponseWriter).Header
-	if w.h.Header != nil {
-		f = w.h.Header(f)
-	}
-	return f()
-}
-
-func (w *rw) WriteHeader(code int) {
-	f := w.w.(http.ResponseWriter).WriteHeader
-	if w.h.WriteHeader != nil {
-		f = w.h.WriteHeader(f)
-	}
-	f(code)
-}
-
-func (w *rw) Write(b []byte) (int, error) {
-	f := w.w.(http.ResponseWriter).Write
-	if w.h.Write != nil {
-		f = w.h.Write(f)
-	}
-	return f(b)
-}
-
-func (w *rw) Flush() {
-	f := w.w.(http.Flusher).Flush
-	if w.h.Flush != nil {
-		f = w.h.Flush(f)
-	}
-	f()
-}
-
-func (w *rw) CloseNotify() <-chan bool {
-	f := w.w.(http.CloseNotifier).CloseNotify
-	if w.h.CloseNotify != nil {
-		f = w.h.CloseNotify(f)
-	}
-	return f()
-}
-
-func (w *rw) Hijack() (net.Conn, *bufio.ReadWriter, error) {
-	f := w.w.(http.Hijacker).Hijack
-	if w.h.Hijack != nil {
-		f = w.h.Hijack(f)
-	}
-	return f()
-}
-
-func (w *rw) ReadFrom(src io.Reader) (int64, error) {
-	f := w.w.(io.ReaderFrom).ReadFrom
-	if w.h.ReadFrom != nil {
-		f = w.h.ReadFrom(f)
-	}
-	return f(src)
-}
-
-func (w *rw) Push(target string, opts *http.PushOptions) error {
-	f := w.w.(http.Pusher).Push
-	if w.h.Push != nil {
-		f = w.h.Push(f)
-	}
-	return f(target, opts)
-}
diff --git a/vendor/github.com/felixge/httpsnoop/wrap_generated_lt_1.8.go b/vendor/github.com/felixge/httpsnoop/wrap_generated_lt_1.8.go
deleted file mode 100644
index 36bb59b8..00000000
--- a/vendor/github.com/felixge/httpsnoop/wrap_generated_lt_1.8.go
+++ /dev/null
@@ -1,243 +0,0 @@
-// +build !go1.8
-// Code generated by "httpsnoop/codegen"; DO NOT EDIT
-
-package httpsnoop
-
-import (
-	"bufio"
-	"io"
-	"net"
-	"net/http"
-)
-
-// HeaderFunc is part of the http.ResponseWriter interface.
-type HeaderFunc func() http.Header
-
-// WriteHeaderFunc is part of the http.ResponseWriter interface.
-type WriteHeaderFunc func(code int)
-
-// WriteFunc is part of the http.ResponseWriter interface.
-type WriteFunc func(b []byte) (int, error)
-
-// FlushFunc is part of the http.Flusher interface.
-type FlushFunc func()
-
-// CloseNotifyFunc is part of the http.CloseNotifier interface.
-type CloseNotifyFunc func() <-chan bool
-
-// HijackFunc is part of the http.Hijacker interface.
-type HijackFunc func() (net.Conn, *bufio.ReadWriter, error)
-
-// ReadFromFunc is part of the io.ReaderFrom interface.
-type ReadFromFunc func(src io.Reader) (int64, error)
-
-// Hooks defines a set of method interceptors for methods included in
-// http.ResponseWriter as well as some others. You can think of them as
-// middleware for the function calls they target. See Wrap for more details.
-type Hooks struct {
-	Header      func(HeaderFunc) HeaderFunc
-	WriteHeader func(WriteHeaderFunc) WriteHeaderFunc
-	Write       func(WriteFunc) WriteFunc
-	Flush       func(FlushFunc) FlushFunc
-	CloseNotify func(CloseNotifyFunc) CloseNotifyFunc
-	Hijack      func(HijackFunc) HijackFunc
-	ReadFrom    func(ReadFromFunc) ReadFromFunc
-}
-
-// Wrap returns a wrapped version of w that provides the exact same interface
-// as w. Specifically if w implements any combination of:
-//
-// - http.Flusher
-// - http.CloseNotifier
-// - http.Hijacker
-// - io.ReaderFrom
-//
-// The wrapped version will implement the exact same combination. If no hooks
-// are set, the wrapped version also behaves exactly as w. Hooks targeting
-// methods not supported by w are ignored. Any other hooks will intercept the
-// method they target and may modify the call's arguments and/or return values.
-// The CaptureMetrics implementation serves as a working example for how the
-// hooks can be used.
-func Wrap(w http.ResponseWriter, hooks Hooks) http.ResponseWriter {
-	rw := &rw{w: w, h: hooks}
-	_, i0 := w.(http.Flusher)
-	_, i1 := w.(http.CloseNotifier)
-	_, i2 := w.(http.Hijacker)
-	_, i3 := w.(io.ReaderFrom)
-	switch {
-	// combination 1/16
-	case !i0 && !i1 && !i2 && !i3:
-		return struct {
-			http.ResponseWriter
-		}{rw}
-	// combination 2/16
-	case !i0 && !i1 && !i2 && i3:
-		return struct {
-			http.ResponseWriter
-			io.ReaderFrom
-		}{rw, rw}
-	// combination 3/16
-	case !i0 && !i1 && i2 && !i3:
-		return struct {
-			http.ResponseWriter
-			http.Hijacker
-		}{rw, rw}
-	// combination 4/16
-	case !i0 && !i1 && i2 && i3:
-		return struct {
-			http.ResponseWriter
-			http.Hijacker
-			io.ReaderFrom
-		}{rw, rw, rw}
-	// combination 5/16
-	case !i0 && i1 && !i2 && !i3:
-		return struct {
-			http.ResponseWriter
-			http.CloseNotifier
-		}{rw, rw}
-	// combination 6/16
-	case !i0 && i1 && !i2 && i3:
-		return struct {
-			http.ResponseWriter
-			http.CloseNotifier
-			io.ReaderFrom
-		}{rw, rw, rw}
-	// combination 7/16
-	case !i0 && i1 && i2 && !i3:
-		return struct {
-			http.ResponseWriter
-			http.CloseNotifier
-			http.Hijacker
-		}{rw, rw, rw}
-	// combination 8/16
-	case !i0 && i1 && i2 && i3:
-		return struct {
-			http.ResponseWriter
-			http.CloseNotifier
-			http.Hijacker
-			io.ReaderFrom
-		}{rw, rw, rw, rw}
-	// combination 9/16
-	case i0 && !i1 && !i2 && !i3:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-		}{rw, rw}
-	// combination 10/16
-	case i0 && !i1 && !i2 && i3:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-			io.ReaderFrom
-		}{rw, rw, rw}
-	// combination 11/16
-	case i0 && !i1 && i2 && !i3:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-			http.Hijacker
-		}{rw, rw, rw}
-	// combination 12/16
-	case i0 && !i1 && i2 && i3:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-			http.Hijacker
-			io.ReaderFrom
-		}{rw, rw, rw, rw}
-	// combination 13/16
-	case i0 && i1 && !i2 && !i3:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-		}{rw, rw, rw}
-	// combination 14/16
-	case i0 && i1 && !i2 && i3:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-			io.ReaderFrom
-		}{rw, rw, rw, rw}
-	// combination 15/16
-	case i0 && i1 && i2 && !i3:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-			http.Hijacker
-		}{rw, rw, rw, rw}
-	// combination 16/16
-	case i0 && i1 && i2 && i3:
-		return struct {
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-			http.Hijacker
-			io.ReaderFrom
-		}{rw, rw, rw, rw, rw}
-	}
-	panic("unreachable")
-}
-
-type rw struct {
-	w http.ResponseWriter
-	h Hooks
-}
-
-func (w *rw) Header() http.Header {
-	f := w.w.(http.ResponseWriter).Header
-	if w.h.Header != nil {
-		f = w.h.Header(f)
-	}
-	return f()
-}
-
-func (w *rw) WriteHeader(code int) {
-	f := w.w.(http.ResponseWriter).WriteHeader
-	if w.h.WriteHeader != nil {
-		f = w.h.WriteHeader(f)
-	}
-	f(code)
-}
-
-func (w *rw) Write(b []byte) (int, error) {
-	f := w.w.(http.ResponseWriter).Write
-	if w.h.Write != nil {
-		f = w.h.Write(f)
-	}
-	return f(b)
-}
-
-func (w *rw) Flush() {
-	f := w.w.(http.Flusher).Flush
-	if w.h.Flush != nil {
-		f = w.h.Flush(f)
-	}
-	f()
-}
-
-func (w *rw) CloseNotify() <-chan bool {
-	f := w.w.(http.CloseNotifier).CloseNotify
-	if w.h.CloseNotify != nil {
-		f = w.h.CloseNotify(f)
-	}
-	return f()
-}
-
-func (w *rw) Hijack() (net.Conn, *bufio.ReadWriter, error) {
-	f := w.w.(http.Hijacker).Hijack
-	if w.h.Hijack != nil {
-		f = w.h.Hijack(f)
-	}
-	return f()
-}
-
-func (w *rw) ReadFrom(src io.Reader) (int64, error) {
-	f := w.w.(io.ReaderFrom).ReadFrom
-	if w.h.ReadFrom != nil {
-		f = w.h.ReadFrom(f)
-	}
-	return f(src)
-}
diff --git a/vendor/github.com/golang-sql/civil/CONTRIBUTING.md b/vendor/github.com/golang-sql/civil/CONTRIBUTING.md
new file mode 100644
index 00000000..d0635c3a
--- /dev/null
+++ b/vendor/github.com/golang-sql/civil/CONTRIBUTING.md
@@ -0,0 +1,73 @@
+# Contributing
+
+1. Sign one of the contributor license agreements below.
+
+#### Running
+
+Once you've done the necessary setup, you can run the integration tests by
+running:
+
+``` sh
+$ go test -v github.com/golang-sql/civil
+```
+
+## Contributor License Agreements
+
+Before we can accept your pull requests you'll need to sign a Contributor
+License Agreement (CLA):
+
+- **If you are an individual writing original source code** and **you own the
+intellectual property**, then you'll need to sign an [individual CLA][indvcla].
+- **If you work for a company that wants to allow you to contribute your
+work**, then you'll need to sign a [corporate CLA][corpcla].
+
+You can sign these electronically (just scroll to the bottom). After that,
+we'll be able to accept your pull requests.
+
+## Contributor Code of Conduct
+
+As contributors and maintainers of this project,
+and in the interest of fostering an open and welcoming community,
+we pledge to respect all people who contribute through reporting issues,
+posting feature requests, updating documentation,
+submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project
+a harassment-free experience for everyone,
+regardless of level of experience, gender, gender identity and expression,
+sexual orientation, disability, personal appearance,
+body size, race, ethnicity, age, religion, or nationality.
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery
+* Personal attacks
+* Trolling or insulting/derogatory comments
+* Public or private harassment
+* Publishing other's private information,
+such as physical or electronic
+addresses, without explicit permission
+* Other unethical or unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct.
+By adopting this Code of Conduct,
+project maintainers commit themselves to fairly and consistently
+applying these principles to every aspect of managing this project.
+Project maintainers who do not follow or enforce the Code of Conduct
+may be permanently removed from the project team.
+
+This code of conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior
+may be reported by opening an issue
+or contacting one or more of the project maintainers.
+
+This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.2.0,
+available at [http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/)
+
+[gcloudcli]: https://developers.google.com/cloud/sdk/gcloud/
+[indvcla]: https://developers.google.com/open-source/cla/individual
+[corpcla]: https://developers.google.com/open-source/cla/corporate
\ No newline at end of file
diff --git a/vendor/cloud.google.com/go/LICENSE b/vendor/github.com/golang-sql/civil/LICENSE
similarity index 99%
rename from vendor/cloud.google.com/go/LICENSE
rename to vendor/github.com/golang-sql/civil/LICENSE
index d6456956..7a4a3ea2 100644
--- a/vendor/cloud.google.com/go/LICENSE
+++ b/vendor/github.com/golang-sql/civil/LICENSE
@@ -199,4 +199,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.
\ No newline at end of file
diff --git a/vendor/github.com/golang-sql/civil/README.md b/vendor/github.com/golang-sql/civil/README.md
new file mode 100644
index 00000000..3a7956ec
--- /dev/null
+++ b/vendor/github.com/golang-sql/civil/README.md
@@ -0,0 +1,15 @@
+# Civil Date and Time
+
+[![GoDoc](https://godoc.org/github.com/golang-sql/civil?status.svg)](https://godoc.org/github.com/golang-sql/civil)
+
+Civil provides Date, Time of Day, and DateTime data types.
+
+While there are many uses, using specific types when working
+with databases make is conceptually eaiser to understand what value
+is set in the remote system.
+
+## Source
+
+This civil package was extracted and forked from `cloud.google.com/go/civil`.
+As such the license and contributing requirements remain the same as that
+module.
diff --git a/vendor/cloud.google.com/go/civil/civil.go b/vendor/github.com/golang-sql/civil/civil.go
similarity index 100%
rename from vendor/cloud.google.com/go/civil/civil.go
rename to vendor/github.com/golang-sql/civil/civil.go
diff --git a/vendor/github.com/golang/gddo/LICENSE b/vendor/github.com/golang/gddo/LICENSE
deleted file mode 100644
index 65d761bc..00000000
--- a/vendor/github.com/golang/gddo/LICENSE
+++ /dev/null
@@ -1,27 +0,0 @@
-Copyright (c) 2013 The Go Authors. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-   * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-   * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-   * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/golang/gddo/gosrc/LICENSE b/vendor/github.com/golang/gddo/gosrc/LICENSE
deleted file mode 100644
index 65d761bc..00000000
--- a/vendor/github.com/golang/gddo/gosrc/LICENSE
+++ /dev/null
@@ -1,27 +0,0 @@
-Copyright (c) 2013 The Go Authors. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-   * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-   * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-   * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/golang/gddo/httputil/header/header.go b/vendor/github.com/golang/gddo/httputil/header/header.go
deleted file mode 100644
index 0f1572e3..00000000
--- a/vendor/github.com/golang/gddo/httputil/header/header.go
+++ /dev/null
@@ -1,298 +0,0 @@
-// Copyright 2013 The Go Authors. All rights reserved.
-//
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file or at
-// https://developers.google.com/open-source/licenses/bsd.
-
-// Package header provides functions for parsing HTTP headers.
-package header
-
-import (
-	"net/http"
-	"strings"
-	"time"
-)
-
-// Octet types from RFC 2616.
-var octetTypes [256]octetType
-
-type octetType byte
-
-const (
-	isToken octetType = 1 << iota
-	isSpace
-)
-
-func init() {
-	// OCTET      = <any 8-bit sequence of data>
-	// CHAR       = <any US-ASCII character (octets 0 - 127)>
-	// CTL        = <any US-ASCII control character (octets 0 - 31) and DEL (127)>
-	// CR         = <US-ASCII CR, carriage return (13)>
-	// LF         = <US-ASCII LF, linefeed (10)>
-	// SP         = <US-ASCII SP, space (32)>
-	// HT         = <US-ASCII HT, horizontal-tab (9)>
-	// <">        = <US-ASCII double-quote mark (34)>
-	// CRLF       = CR LF
-	// LWS        = [CRLF] 1*( SP | HT )
-	// TEXT       = <any OCTET except CTLs, but including LWS>
-	// separators = "(" | ")" | "<" | ">" | "@" | "," | ";" | ":" | "\" | <">
-	//              | "/" | "[" | "]" | "?" | "=" | "{" | "}" | SP | HT
-	// token      = 1*<any CHAR except CTLs or separators>
-	// qdtext     = <any TEXT except <">>
-
-	for c := 0; c < 256; c++ {
-		var t octetType
-		isCtl := c <= 31 || c == 127
-		isChar := 0 <= c && c <= 127
-		isSeparator := strings.IndexRune(" \t\"(),/:;<=>?@[]\\{}", rune(c)) >= 0
-		if strings.IndexRune(" \t\r\n", rune(c)) >= 0 {
-			t |= isSpace
-		}
-		if isChar && !isCtl && !isSeparator {
-			t |= isToken
-		}
-		octetTypes[c] = t
-	}
-}
-
-// Copy returns a shallow copy of the header.
-func Copy(header http.Header) http.Header {
-	h := make(http.Header)
-	for k, vs := range header {
-		h[k] = vs
-	}
-	return h
-}
-
-var timeLayouts = []string{"Mon, 02 Jan 2006 15:04:05 GMT", time.RFC850, time.ANSIC}
-
-// ParseTime parses the header as time. The zero value is returned if the
-// header is not present or there is an error parsing the
-// header.
-func ParseTime(header http.Header, key string) time.Time {
-	if s := header.Get(key); s != "" {
-		for _, layout := range timeLayouts {
-			if t, err := time.Parse(layout, s); err == nil {
-				return t.UTC()
-			}
-		}
-	}
-	return time.Time{}
-}
-
-// ParseList parses a comma separated list of values. Commas are ignored in
-// quoted strings. Quoted values are not unescaped or unquoted. Whitespace is
-// trimmed.
-func ParseList(header http.Header, key string) []string {
-	var result []string
-	for _, s := range header[http.CanonicalHeaderKey(key)] {
-		begin := 0
-		end := 0
-		escape := false
-		quote := false
-		for i := 0; i < len(s); i++ {
-			b := s[i]
-			switch {
-			case escape:
-				escape = false
-				end = i + 1
-			case quote:
-				switch b {
-				case '\\':
-					escape = true
-				case '"':
-					quote = false
-				}
-				end = i + 1
-			case b == '"':
-				quote = true
-				end = i + 1
-			case octetTypes[b]&isSpace != 0:
-				if begin == end {
-					begin = i + 1
-					end = begin
-				}
-			case b == ',':
-				if begin < end {
-					result = append(result, s[begin:end])
-				}
-				begin = i + 1
-				end = begin
-			default:
-				end = i + 1
-			}
-		}
-		if begin < end {
-			result = append(result, s[begin:end])
-		}
-	}
-	return result
-}
-
-// ParseValueAndParams parses a comma separated list of values with optional
-// semicolon separated name-value pairs. Content-Type and Content-Disposition
-// headers are in this format.
-func ParseValueAndParams(header http.Header, key string) (value string, params map[string]string) {
-	params = make(map[string]string)
-	s := header.Get(key)
-	value, s = expectTokenSlash(s)
-	if value == "" {
-		return
-	}
-	value = strings.ToLower(value)
-	s = skipSpace(s)
-	for strings.HasPrefix(s, ";") {
-		var pkey string
-		pkey, s = expectToken(skipSpace(s[1:]))
-		if pkey == "" {
-			return
-		}
-		if !strings.HasPrefix(s, "=") {
-			return
-		}
-		var pvalue string
-		pvalue, s = expectTokenOrQuoted(s[1:])
-		if pvalue == "" {
-			return
-		}
-		pkey = strings.ToLower(pkey)
-		params[pkey] = pvalue
-		s = skipSpace(s)
-	}
-	return
-}
-
-// AcceptSpec describes an Accept* header.
-type AcceptSpec struct {
-	Value string
-	Q     float64
-}
-
-// ParseAccept parses Accept* headers.
-func ParseAccept(header http.Header, key string) (specs []AcceptSpec) {
-loop:
-	for _, s := range header[key] {
-		for {
-			var spec AcceptSpec
-			spec.Value, s = expectTokenSlash(s)
-			if spec.Value == "" {
-				continue loop
-			}
-			spec.Q = 1.0
-			s = skipSpace(s)
-			if strings.HasPrefix(s, ";") {
-				s = skipSpace(s[1:])
-				if !strings.HasPrefix(s, "q=") {
-					continue loop
-				}
-				spec.Q, s = expectQuality(s[2:])
-				if spec.Q < 0.0 {
-					continue loop
-				}
-			}
-			specs = append(specs, spec)
-			s = skipSpace(s)
-			if !strings.HasPrefix(s, ",") {
-				continue loop
-			}
-			s = skipSpace(s[1:])
-		}
-	}
-	return
-}
-
-func skipSpace(s string) (rest string) {
-	i := 0
-	for ; i < len(s); i++ {
-		if octetTypes[s[i]]&isSpace == 0 {
-			break
-		}
-	}
-	return s[i:]
-}
-
-func expectToken(s string) (token, rest string) {
-	i := 0
-	for ; i < len(s); i++ {
-		if octetTypes[s[i]]&isToken == 0 {
-			break
-		}
-	}
-	return s[:i], s[i:]
-}
-
-func expectTokenSlash(s string) (token, rest string) {
-	i := 0
-	for ; i < len(s); i++ {
-		b := s[i]
-		if (octetTypes[b]&isToken == 0) && b != '/' {
-			break
-		}
-	}
-	return s[:i], s[i:]
-}
-
-func expectQuality(s string) (q float64, rest string) {
-	switch {
-	case len(s) == 0:
-		return -1, ""
-	case s[0] == '0':
-		q = 0
-	case s[0] == '1':
-		q = 1
-	default:
-		return -1, ""
-	}
-	s = s[1:]
-	if !strings.HasPrefix(s, ".") {
-		return q, s
-	}
-	s = s[1:]
-	i := 0
-	n := 0
-	d := 1
-	for ; i < len(s); i++ {
-		b := s[i]
-		if b < '0' || b > '9' {
-			break
-		}
-		n = n*10 + int(b) - '0'
-		d *= 10
-	}
-	return q + float64(n)/float64(d), s[i:]
-}
-
-func expectTokenOrQuoted(s string) (value string, rest string) {
-	if !strings.HasPrefix(s, "\"") {
-		return expectToken(s)
-	}
-	s = s[1:]
-	for i := 0; i < len(s); i++ {
-		switch s[i] {
-		case '"':
-			return s[:i], s[i+1:]
-		case '\\':
-			p := make([]byte, len(s)-1)
-			j := copy(p, s[:i])
-			escape := true
-			for i = i + 1; i < len(s); i++ {
-				b := s[i]
-				switch {
-				case escape:
-					escape = false
-					p[j] = b
-					j++
-				case b == '\\':
-					escape = true
-				case b == '"':
-					return string(p[:j]), s[i+1:]
-				default:
-					p[j] = b
-					j++
-				}
-			}
-			return "", ""
-		}
-	}
-	return "", ""
-}
diff --git a/vendor/github.com/gorilla/websocket/.gitignore b/vendor/github.com/gorilla/websocket/.gitignore
index ac710204..cd3fcd1e 100644
--- a/vendor/github.com/gorilla/websocket/.gitignore
+++ b/vendor/github.com/gorilla/websocket/.gitignore
@@ -22,4 +22,4 @@ _testmain.go
 *.exe
 
 .idea/
-*.iml
\ No newline at end of file
+*.iml
diff --git a/vendor/github.com/gorilla/websocket/.travis.yml b/vendor/github.com/gorilla/websocket/.travis.yml
index 3d8d29cf..a49db51c 100644
--- a/vendor/github.com/gorilla/websocket/.travis.yml
+++ b/vendor/github.com/gorilla/websocket/.travis.yml
@@ -3,11 +3,11 @@ sudo: false
 
 matrix:
   include:
-    - go: 1.4
-    - go: 1.5
-    - go: 1.6
-    - go: 1.7
-    - go: 1.8
+    - go: 1.7.x
+    - go: 1.8.x
+    - go: 1.9.x
+    - go: 1.10.x
+    - go: 1.11.x
     - go: tip
   allow_failures:
     - go: tip
diff --git a/vendor/github.com/gorilla/websocket/AUTHORS b/vendor/github.com/gorilla/websocket/AUTHORS
index b003eca0..1931f400 100644
--- a/vendor/github.com/gorilla/websocket/AUTHORS
+++ b/vendor/github.com/gorilla/websocket/AUTHORS
@@ -4,5 +4,6 @@
 # Please keep the list sorted.
 
 Gary Burd <gary@beagledreams.com>
+Google LLC (https://opensource.google.com/)
 Joachim Bauch <mail@joachim-bauch.de>
 
diff --git a/vendor/github.com/gorilla/websocket/README.md b/vendor/github.com/gorilla/websocket/README.md
index 33c3d2be..20e391f8 100644
--- a/vendor/github.com/gorilla/websocket/README.md
+++ b/vendor/github.com/gorilla/websocket/README.md
@@ -51,7 +51,7 @@ subdirectory](https://github.com/gorilla/websocket/tree/master/examples/autobahn
 <tr><td>Write message using io.WriteCloser</td><td><a href="http://godoc.org/github.com/gorilla/websocket#Conn.NextWriter">Yes</a></td><td>No, see note 3</td></tr>
 </table>
 
-Notes: 
+Notes:
 
 1. Large messages are fragmented in [Chrome's new WebSocket implementation](http://www.ietf.org/mail-archive/web/hybi/current/msg10503.html).
 2. The application can get the type of a received data message by implementing
diff --git a/vendor/github.com/gorilla/websocket/client.go b/vendor/github.com/gorilla/websocket/client.go
index 43a87c75..2e32fd50 100644
--- a/vendor/github.com/gorilla/websocket/client.go
+++ b/vendor/github.com/gorilla/websocket/client.go
@@ -5,15 +5,15 @@
 package websocket
 
 import (
-	"bufio"
 	"bytes"
+	"context"
 	"crypto/tls"
-	"encoding/base64"
 	"errors"
 	"io"
 	"io/ioutil"
 	"net"
 	"net/http"
+	"net/http/httptrace"
 	"net/url"
 	"strings"
 	"time"
@@ -53,6 +53,10 @@ type Dialer struct {
 	// NetDial is nil, net.Dial is used.
 	NetDial func(network, addr string) (net.Conn, error)
 
+	// NetDialContext specifies the dial function for creating TCP connections. If
+	// NetDialContext is nil, net.DialContext is used.
+	NetDialContext func(ctx context.Context, network, addr string) (net.Conn, error)
+
 	// Proxy specifies a function to return a proxy for a given
 	// Request. If the function returns a non-nil error, the
 	// request is aborted with the provided error.
@@ -71,6 +75,17 @@ type Dialer struct {
 	// do not limit the size of the messages that can be sent or received.
 	ReadBufferSize, WriteBufferSize int
 
+	// WriteBufferPool is a pool of buffers for write operations. If the value
+	// is not set, then write buffers are allocated to the connection for the
+	// lifetime of the connection.
+	//
+	// A pool is most useful when the application has a modest volume of writes
+	// across a large number of connections.
+	//
+	// Applications should use a single pool for each unique value of
+	// WriteBufferSize.
+	WriteBufferPool BufferPool
+
 	// Subprotocols specifies the client's requested subprotocols.
 	Subprotocols []string
 
@@ -86,52 +101,13 @@ type Dialer struct {
 	Jar http.CookieJar
 }
 
-var errMalformedURL = errors.New("malformed ws or wss URL")
-
-// parseURL parses the URL.
-//
-// This function is a replacement for the standard library url.Parse function.
-// In Go 1.4 and earlier, url.Parse loses information from the path.
-func parseURL(s string) (*url.URL, error) {
-	// From the RFC:
-	//
-	// ws-URI = "ws:" "//" host [ ":" port ] path [ "?" query ]
-	// wss-URI = "wss:" "//" host [ ":" port ] path [ "?" query ]
-	var u url.URL
-	switch {
-	case strings.HasPrefix(s, "ws://"):
-		u.Scheme = "ws"
-		s = s[len("ws://"):]
-	case strings.HasPrefix(s, "wss://"):
-		u.Scheme = "wss"
-		s = s[len("wss://"):]
-	default:
-		return nil, errMalformedURL
-	}
-
-	if i := strings.Index(s, "?"); i >= 0 {
-		u.RawQuery = s[i+1:]
-		s = s[:i]
-	}
-
-	if i := strings.Index(s, "/"); i >= 0 {
-		u.Opaque = s[i:]
-		s = s[:i]
-	} else {
-		u.Opaque = "/"
-	}
-
-	u.Host = s
-
-	if strings.Contains(u.Host, "@") {
-		// Don't bother parsing user information because user information is
-		// not allowed in websocket URIs.
-		return nil, errMalformedURL
-	}
-
-	return &u, nil
+// Dial creates a new client connection by calling DialContext with a background context.
+func (d *Dialer) Dial(urlStr string, requestHeader http.Header) (*Conn, *http.Response, error) {
+	return d.DialContext(context.Background(), urlStr, requestHeader)
 }
 
+var errMalformedURL = errors.New("malformed ws or wss URL")
+
 func hostPortNoPort(u *url.URL) (hostPort, hostNoPort string) {
 	hostPort = u.Host
 	hostNoPort = u.Host
@@ -150,26 +126,29 @@ func hostPortNoPort(u *url.URL) (hostPort, hostNoPort string) {
 	return hostPort, hostNoPort
 }
 
-// DefaultDialer is a dialer with all fields set to the default zero values.
+// DefaultDialer is a dialer with all fields set to the default values.
 var DefaultDialer = &Dialer{
-	Proxy: http.ProxyFromEnvironment,
+	Proxy:            http.ProxyFromEnvironment,
+	HandshakeTimeout: 45 * time.Second,
 }
 
-// Dial creates a new client connection. Use requestHeader to specify the
+// nilDialer is dialer to use when receiver is nil.
+var nilDialer = *DefaultDialer
+
+// DialContext creates a new client connection. Use requestHeader to specify the
 // origin (Origin), subprotocols (Sec-WebSocket-Protocol) and cookies (Cookie).
 // Use the response.Header to get the selected subprotocol
 // (Sec-WebSocket-Protocol) and cookies (Set-Cookie).
 //
+// The context will be used in the request and in the Dialer
+//
 // If the WebSocket handshake fails, ErrBadHandshake is returned along with a
 // non-nil *http.Response so that callers can handle redirects, authentication,
 // etcetera. The response body may not contain the entire response and does not
 // need to be closed by the application.
-func (d *Dialer) Dial(urlStr string, requestHeader http.Header) (*Conn, *http.Response, error) {
-
+func (d *Dialer) DialContext(ctx context.Context, urlStr string, requestHeader http.Header) (*Conn, *http.Response, error) {
 	if d == nil {
-		d = &Dialer{
-			Proxy: http.ProxyFromEnvironment,
-		}
+		d = &nilDialer
 	}
 
 	challengeKey, err := generateChallengeKey()
@@ -177,7 +156,7 @@ func (d *Dialer) Dial(urlStr string, requestHeader http.Header) (*Conn, *http.Re
 		return nil, nil, err
 	}
 
-	u, err := parseURL(urlStr)
+	u, err := url.Parse(urlStr)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -205,6 +184,7 @@ func (d *Dialer) Dial(urlStr string, requestHeader http.Header) (*Conn, *http.Re
 		Header:     make(http.Header),
 		Host:       u.Host,
 	}
+	req = req.WithContext(ctx)
 
 	// Set the cookies present in the cookie jar of the dialer
 	if d.Jar != nil {
@@ -237,45 +217,83 @@ func (d *Dialer) Dial(urlStr string, requestHeader http.Header) (*Conn, *http.Re
 			k == "Sec-Websocket-Extensions" ||
 			(k == "Sec-Websocket-Protocol" && len(d.Subprotocols) > 0):
 			return nil, nil, errors.New("websocket: duplicate header not allowed: " + k)
+		case k == "Sec-Websocket-Protocol":
+			req.Header["Sec-WebSocket-Protocol"] = vs
 		default:
 			req.Header[k] = vs
 		}
 	}
 
 	if d.EnableCompression {
-		req.Header.Set("Sec-Websocket-Extensions", "permessage-deflate; server_no_context_takeover; client_no_context_takeover")
+		req.Header["Sec-WebSocket-Extensions"] = []string{"permessage-deflate; server_no_context_takeover; client_no_context_takeover"}
+	}
+
+	if d.HandshakeTimeout != 0 {
+		var cancel func()
+		ctx, cancel = context.WithTimeout(ctx, d.HandshakeTimeout)
+		defer cancel()
+	}
+
+	// Get network dial function.
+	var netDial func(network, add string) (net.Conn, error)
+
+	if d.NetDialContext != nil {
+		netDial = func(network, addr string) (net.Conn, error) {
+			return d.NetDialContext(ctx, network, addr)
+		}
+	} else if d.NetDial != nil {
+		netDial = d.NetDial
+	} else {
+		netDialer := &net.Dialer{}
+		netDial = func(network, addr string) (net.Conn, error) {
+			return netDialer.DialContext(ctx, network, addr)
+		}
+	}
+
+	// If needed, wrap the dial function to set the connection deadline.
+	if deadline, ok := ctx.Deadline(); ok {
+		forwardDial := netDial
+		netDial = func(network, addr string) (net.Conn, error) {
+			c, err := forwardDial(network, addr)
+			if err != nil {
+				return nil, err
+			}
+			err = c.SetDeadline(deadline)
+			if err != nil {
+				c.Close()
+				return nil, err
+			}
+			return c, nil
+		}
+	}
+
+	// If needed, wrap the dial function to connect through a proxy.
+	if d.Proxy != nil {
+		proxyURL, err := d.Proxy(req)
+		if err != nil {
+			return nil, nil, err
+		}
+		if proxyURL != nil {
+			dialer, err := proxy_FromURL(proxyURL, netDialerFunc(netDial))
+			if err != nil {
+				return nil, nil, err
+			}
+			netDial = dialer.Dial
+		}
 	}
 
 	hostPort, hostNoPort := hostPortNoPort(u)
-
-	var proxyURL *url.URL
-	// Check wether the proxy method has been configured
-	if d.Proxy != nil {
-		proxyURL, err = d.Proxy(req)
-	}
-	if err != nil {
-		return nil, nil, err
+	trace := httptrace.ContextClientTrace(ctx)
+	if trace != nil && trace.GetConn != nil {
+		trace.GetConn(hostPort)
 	}
 
-	var targetHostPort string
-	if proxyURL != nil {
-		targetHostPort, _ = hostPortNoPort(proxyURL)
-	} else {
-		targetHostPort = hostPort
+	netConn, err := netDial("tcp", hostPort)
+	if trace != nil && trace.GotConn != nil {
+		trace.GotConn(httptrace.GotConnInfo{
+			Conn: netConn,
+		})
 	}
-
-	var deadline time.Time
-	if d.HandshakeTimeout != 0 {
-		deadline = time.Now().Add(d.HandshakeTimeout)
-	}
-
-	netDial := d.NetDial
-	if netDial == nil {
-		netDialer := &net.Dialer{Deadline: deadline}
-		netDial = netDialer.Dial
-	}
-
-	netConn, err := netDial("tcp", targetHostPort)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -286,42 +304,6 @@ func (d *Dialer) Dial(urlStr string, requestHeader http.Header) (*Conn, *http.Re
 		}
 	}()
 
-	if err := netConn.SetDeadline(deadline); err != nil {
-		return nil, nil, err
-	}
-
-	if proxyURL != nil {
-		connectHeader := make(http.Header)
-		if user := proxyURL.User; user != nil {
-			proxyUser := user.Username()
-			if proxyPassword, passwordSet := user.Password(); passwordSet {
-				credential := base64.StdEncoding.EncodeToString([]byte(proxyUser + ":" + proxyPassword))
-				connectHeader.Set("Proxy-Authorization", "Basic "+credential)
-			}
-		}
-		connectReq := &http.Request{
-			Method: "CONNECT",
-			URL:    &url.URL{Opaque: hostPort},
-			Host:   hostPort,
-			Header: connectHeader,
-		}
-
-		connectReq.Write(netConn)
-
-		// Read response.
-		// Okay to use and discard buffered reader here, because
-		// TLS server will not speak until spoken to.
-		br := bufio.NewReader(netConn)
-		resp, err := http.ReadResponse(br, connectReq)
-		if err != nil {
-			return nil, nil, err
-		}
-		if resp.StatusCode != 200 {
-			f := strings.SplitN(resp.Status, " ", 2)
-			return nil, nil, errors.New(f[1])
-		}
-	}
-
 	if u.Scheme == "https" {
 		cfg := cloneTLSConfig(d.TLSClientConfig)
 		if cfg.ServerName == "" {
@@ -329,22 +311,31 @@ func (d *Dialer) Dial(urlStr string, requestHeader http.Header) (*Conn, *http.Re
 		}
 		tlsConn := tls.Client(netConn, cfg)
 		netConn = tlsConn
-		if err := tlsConn.Handshake(); err != nil {
-			return nil, nil, err
+
+		var err error
+		if trace != nil {
+			err = doHandshakeWithTrace(trace, tlsConn, cfg)
+		} else {
+			err = doHandshake(tlsConn, cfg)
 		}
-		if !cfg.InsecureSkipVerify {
-			if err := tlsConn.VerifyHostname(cfg.ServerName); err != nil {
-				return nil, nil, err
-			}
+
+		if err != nil {
+			return nil, nil, err
 		}
 	}
 
-	conn := newConn(netConn, false, d.ReadBufferSize, d.WriteBufferSize)
+	conn := newConn(netConn, false, d.ReadBufferSize, d.WriteBufferSize, d.WriteBufferPool, nil, nil)
 
 	if err := req.Write(netConn); err != nil {
 		return nil, nil, err
 	}
 
+	if trace != nil && trace.GotFirstResponseByte != nil {
+		if peek, err := conn.br.Peek(1); err == nil && len(peek) == 1 {
+			trace.GotFirstResponseByte()
+		}
+	}
+
 	resp, err := http.ReadResponse(conn.br, req)
 	if err != nil {
 		return nil, nil, err
@@ -390,3 +381,15 @@ func (d *Dialer) Dial(urlStr string, requestHeader http.Header) (*Conn, *http.Re
 	netConn = nil // to avoid close in defer.
 	return conn, resp, nil
 }
+
+func doHandshake(tlsConn *tls.Conn, cfg *tls.Config) error {
+	if err := tlsConn.Handshake(); err != nil {
+		return err
+	}
+	if !cfg.InsecureSkipVerify {
+		if err := tlsConn.VerifyHostname(cfg.ServerName); err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/gorilla/websocket/conn.go b/vendor/github.com/gorilla/websocket/conn.go
index 97e1dbac..d2a21c14 100644
--- a/vendor/github.com/gorilla/websocket/conn.go
+++ b/vendor/github.com/gorilla/websocket/conn.go
@@ -76,7 +76,7 @@ const (
 	// is UTF-8 encoded text.
 	PingMessage = 9
 
-	// PongMessage denotes a ping control message. The optional message payload
+	// PongMessage denotes a pong control message. The optional message payload
 	// is UTF-8 encoded text.
 	PongMessage = 10
 )
@@ -100,9 +100,8 @@ func (e *netError) Error() string   { return e.msg }
 func (e *netError) Temporary() bool { return e.temporary }
 func (e *netError) Timeout() bool   { return e.timeout }
 
-// CloseError represents close frame.
+// CloseError represents a close message.
 type CloseError struct {
-
 	// Code is defined in RFC 6455, section 11.7.
 	Code int
 
@@ -224,6 +223,20 @@ func isValidReceivedCloseCode(code int) bool {
 	return validReceivedCloseCodes[code] || (code >= 3000 && code <= 4999)
 }
 
+// BufferPool represents a pool of buffers. The *sync.Pool type satisfies this
+// interface.  The type of the value stored in a pool is not specified.
+type BufferPool interface {
+	// Get gets a value from the pool or returns nil if the pool is empty.
+	Get() interface{}
+	// Put adds a value to the pool.
+	Put(interface{})
+}
+
+// writePoolData is the type added to the write buffer pool. This wrapper is
+// used to prevent applications from peeking at and depending on the values
+// added to the pool.
+type writePoolData struct{ buf []byte }
+
 // The Conn type represents a WebSocket connection.
 type Conn struct {
 	conn        net.Conn
@@ -233,6 +246,8 @@ type Conn struct {
 	// Write fields
 	mu            chan bool // used as mutex to protect write to conn
 	writeBuf      []byte    // frame is constructed in this buffer.
+	writePool     BufferPool
+	writeBufSize  int
 	writeDeadline time.Time
 	writer        io.WriteCloser // the current writer returned to the application
 	isWriting     bool           // for best-effort concurrent write detection
@@ -264,64 +279,29 @@ type Conn struct {
 	newDecompressionReader func(io.Reader) io.ReadCloser
 }
 
-func newConn(conn net.Conn, isServer bool, readBufferSize, writeBufferSize int) *Conn {
-	return newConnBRW(conn, isServer, readBufferSize, writeBufferSize, nil)
-}
+func newConn(conn net.Conn, isServer bool, readBufferSize, writeBufferSize int, writeBufferPool BufferPool, br *bufio.Reader, writeBuf []byte) *Conn {
 
-type writeHook struct {
-	p []byte
-}
-
-func (wh *writeHook) Write(p []byte) (int, error) {
-	wh.p = p
-	return len(p), nil
-}
-
-func newConnBRW(conn net.Conn, isServer bool, readBufferSize, writeBufferSize int, brw *bufio.ReadWriter) *Conn {
-	mu := make(chan bool, 1)
-	mu <- true
-
-	var br *bufio.Reader
-	if readBufferSize == 0 && brw != nil && brw.Reader != nil {
-		// Reuse the supplied bufio.Reader if the buffer has a useful size.
-		// This code assumes that peek on a reader returns
-		// bufio.Reader.buf[:0].
-		brw.Reader.Reset(conn)
-		if p, err := brw.Reader.Peek(0); err == nil && cap(p) >= 256 {
-			br = brw.Reader
-		}
-	}
 	if br == nil {
 		if readBufferSize == 0 {
 			readBufferSize = defaultReadBufferSize
-		}
-		if readBufferSize < maxControlFramePayloadSize {
+		} else if readBufferSize < maxControlFramePayloadSize {
+			// must be large enough for control frame
 			readBufferSize = maxControlFramePayloadSize
 		}
 		br = bufio.NewReaderSize(conn, readBufferSize)
 	}
 
-	var writeBuf []byte
-	if writeBufferSize == 0 && brw != nil && brw.Writer != nil {
-		// Use the bufio.Writer's buffer if the buffer has a useful size. This
-		// code assumes that bufio.Writer.buf[:1] is passed to the
-		// bufio.Writer's underlying writer.
-		var wh writeHook
-		brw.Writer.Reset(&wh)
-		brw.Writer.WriteByte(0)
-		brw.Flush()
-		if cap(wh.p) >= maxFrameHeaderSize+256 {
-			writeBuf = wh.p[:cap(wh.p)]
-		}
-	}
-
-	if writeBuf == nil {
-		if writeBufferSize == 0 {
-			writeBufferSize = defaultWriteBufferSize
-		}
-		writeBuf = make([]byte, writeBufferSize+maxFrameHeaderSize)
+	if writeBufferSize <= 0 {
+		writeBufferSize = defaultWriteBufferSize
+	}
+	writeBufferSize += maxFrameHeaderSize
+
+	if writeBuf == nil && writeBufferPool == nil {
+		writeBuf = make([]byte, writeBufferSize)
 	}
 
+	mu := make(chan bool, 1)
+	mu <- true
 	c := &Conn{
 		isServer:               isServer,
 		br:                     br,
@@ -329,6 +309,8 @@ func newConnBRW(conn net.Conn, isServer bool, readBufferSize, writeBufferSize in
 		mu:                     mu,
 		readFinal:              true,
 		writeBuf:               writeBuf,
+		writePool:              writeBufferPool,
+		writeBufSize:           writeBufferSize,
 		enableWriteCompression: true,
 		compressionLevel:       defaultCompressionLevel,
 	}
@@ -343,7 +325,8 @@ func (c *Conn) Subprotocol() string {
 	return c.subprotocol
 }
 
-// Close closes the underlying network connection without sending or waiting for a close frame.
+// Close closes the underlying network connection without sending or waiting
+// for a close message.
 func (c *Conn) Close() error {
 	return c.conn.Close()
 }
@@ -370,7 +353,16 @@ func (c *Conn) writeFatal(err error) error {
 	return err
 }
 
-func (c *Conn) write(frameType int, deadline time.Time, bufs ...[]byte) error {
+func (c *Conn) read(n int) ([]byte, error) {
+	p, err := c.br.Peek(n)
+	if err == io.EOF {
+		err = errUnexpectedEOF
+	}
+	c.br.Discard(len(p))
+	return p, err
+}
+
+func (c *Conn) write(frameType int, deadline time.Time, buf0, buf1 []byte) error {
 	<-c.mu
 	defer func() { c.mu <- true }()
 
@@ -382,15 +374,14 @@ func (c *Conn) write(frameType int, deadline time.Time, bufs ...[]byte) error {
 	}
 
 	c.conn.SetWriteDeadline(deadline)
-	for _, buf := range bufs {
-		if len(buf) > 0 {
-			_, err := c.conn.Write(buf)
-			if err != nil {
-				return c.writeFatal(err)
-			}
-		}
+	if len(buf1) == 0 {
+		_, err = c.conn.Write(buf0)
+	} else {
+		err = c.writeBufs(buf0, buf1)
+	}
+	if err != nil {
+		return c.writeFatal(err)
 	}
-
 	if frameType == CloseMessage {
 		c.writeFatal(ErrCloseSent)
 	}
@@ -476,7 +467,19 @@ func (c *Conn) prepWrite(messageType int) error {
 	c.writeErrMu.Lock()
 	err := c.writeErr
 	c.writeErrMu.Unlock()
-	return err
+	if err != nil {
+		return err
+	}
+
+	if c.writeBuf == nil {
+		wpd, ok := c.writePool.Get().(writePoolData)
+		if ok {
+			c.writeBuf = wpd.buf
+		} else {
+			c.writeBuf = make([]byte, c.writeBufSize)
+		}
+	}
+	return nil
 }
 
 // NextWriter returns a writer for the next message to send. The writer's Close
@@ -484,6 +487,9 @@ func (c *Conn) prepWrite(messageType int) error {
 //
 // There can be at most one open writer on a connection. NextWriter closes the
 // previous writer if the application has not already done so.
+//
+// All message types (TextMessage, BinaryMessage, CloseMessage, PingMessage and
+// PongMessage) are supported.
 func (c *Conn) NextWriter(messageType int) (io.WriteCloser, error) {
 	if err := c.prepWrite(messageType); err != nil {
 		return nil, err
@@ -599,6 +605,10 @@ func (w *messageWriter) flushFrame(final bool, extra []byte) error {
 
 	if final {
 		c.writer = nil
+		if c.writePool != nil {
+			c.writePool.Put(writePoolData{buf: c.writeBuf})
+			c.writeBuf = nil
+		}
 		return nil
 	}
 
@@ -764,7 +774,6 @@ func (c *Conn) SetWriteDeadline(t time.Time) error {
 // Read methods
 
 func (c *Conn) advanceFrame() (int, error) {
-
 	// 1. Skip remainder of previous frame.
 
 	if c.readRemaining > 0 {
@@ -1033,7 +1042,7 @@ func (c *Conn) SetReadDeadline(t time.Time) error {
 }
 
 // SetReadLimit sets the maximum size for a message read from the peer. If a
-// message exceeds the limit, the connection sends a close frame to the peer
+// message exceeds the limit, the connection sends a close message to the peer
 // and returns ErrReadLimit to the application.
 func (c *Conn) SetReadLimit(limit int64) {
 	c.readLimit = limit
@@ -1046,24 +1055,22 @@ func (c *Conn) CloseHandler() func(code int, text string) error {
 
 // SetCloseHandler sets the handler for close messages received from the peer.
 // The code argument to h is the received close code or CloseNoStatusReceived
-// if the close message is empty. The default close handler sends a close frame
-// back to the peer.
+// if the close message is empty. The default close handler sends a close
+// message back to the peer.
 //
-// The application must read the connection to process close messages as
-// described in the section on Control Frames above.
+// The handler function is called from the NextReader, ReadMessage and message
+// reader Read methods. The application must read the connection to process
+// close messages as described in the section on Control Messages above.
 //
-// The connection read methods return a CloseError when a close frame is
+// The connection read methods return a CloseError when a close message is
 // received. Most applications should handle close messages as part of their
 // normal error handling. Applications should only set a close handler when the
-// application must perform some action before sending a close frame back to
+// application must perform some action before sending a close message back to
 // the peer.
 func (c *Conn) SetCloseHandler(h func(code int, text string) error) {
 	if h == nil {
 		h = func(code int, text string) error {
-			message := []byte{}
-			if code != CloseNoStatusReceived {
-				message = FormatCloseMessage(code, "")
-			}
+			message := FormatCloseMessage(code, "")
 			c.WriteControl(CloseMessage, message, time.Now().Add(writeWait))
 			return nil
 		}
@@ -1077,11 +1084,12 @@ func (c *Conn) PingHandler() func(appData string) error {
 }
 
 // SetPingHandler sets the handler for ping messages received from the peer.
-// The appData argument to h is the PING frame application data. The default
+// The appData argument to h is the PING message application data. The default
 // ping handler sends a pong to the peer.
 //
-// The application must read the connection to process ping messages as
-// described in the section on Control Frames above.
+// The handler function is called from the NextReader, ReadMessage and message
+// reader Read methods. The application must read the connection to process
+// ping messages as described in the section on Control Messages above.
 func (c *Conn) SetPingHandler(h func(appData string) error) {
 	if h == nil {
 		h = func(message string) error {
@@ -1103,11 +1111,12 @@ func (c *Conn) PongHandler() func(appData string) error {
 }
 
 // SetPongHandler sets the handler for pong messages received from the peer.
-// The appData argument to h is the PONG frame application data. The default
+// The appData argument to h is the PONG message application data. The default
 // pong handler does nothing.
 //
-// The application must read the connection to process ping messages as
-// described in the section on Control Frames above.
+// The handler function is called from the NextReader, ReadMessage and message
+// reader Read methods. The application must read the connection to process
+// pong messages as described in the section on Control Messages above.
 func (c *Conn) SetPongHandler(h func(appData string) error) {
 	if h == nil {
 		h = func(string) error { return nil }
@@ -1141,7 +1150,14 @@ func (c *Conn) SetCompressionLevel(level int) error {
 }
 
 // FormatCloseMessage formats closeCode and text as a WebSocket close message.
+// An empty message is returned for code CloseNoStatusReceived.
 func FormatCloseMessage(closeCode int, text string) []byte {
+	if closeCode == CloseNoStatusReceived {
+		// Return empty message because it's illegal to send
+		// CloseNoStatusReceived. Return non-nil value in case application
+		// checks for nil.
+		return []byte{}
+	}
 	buf := make([]byte, 2+len(text))
 	binary.BigEndian.PutUint16(buf, uint16(closeCode))
 	copy(buf[2:], text)
diff --git a/vendor/github.com/gorilla/websocket/conn_read_legacy.go b/vendor/github.com/gorilla/websocket/conn_read_legacy.go
deleted file mode 100644
index 018541cf..00000000
--- a/vendor/github.com/gorilla/websocket/conn_read_legacy.go
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright 2016 The Gorilla WebSocket Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !go1.5
-
-package websocket
-
-import "io"
-
-func (c *Conn) read(n int) ([]byte, error) {
-	p, err := c.br.Peek(n)
-	if err == io.EOF {
-		err = errUnexpectedEOF
-	}
-	if len(p) > 0 {
-		// advance over the bytes just read
-		io.ReadFull(c.br, p)
-	}
-	return p, err
-}
diff --git a/vendor/github.com/gorilla/websocket/conn_read.go b/vendor/github.com/gorilla/websocket/conn_write.go
similarity index 52%
rename from vendor/github.com/gorilla/websocket/conn_read.go
rename to vendor/github.com/gorilla/websocket/conn_write.go
index 1ea15059..a509a21f 100644
--- a/vendor/github.com/gorilla/websocket/conn_read.go
+++ b/vendor/github.com/gorilla/websocket/conn_write.go
@@ -2,17 +2,14 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build go1.5
+// +build go1.8
 
 package websocket
 
-import "io"
+import "net"
 
-func (c *Conn) read(n int) ([]byte, error) {
-	p, err := c.br.Peek(n)
-	if err == io.EOF {
-		err = errUnexpectedEOF
-	}
-	c.br.Discard(len(p))
-	return p, err
+func (c *Conn) writeBufs(bufs ...[]byte) error {
+	b := net.Buffers(bufs)
+	_, err := b.WriteTo(c.conn)
+	return err
 }
diff --git a/vendor/github.com/gorilla/websocket/conn_write_legacy.go b/vendor/github.com/gorilla/websocket/conn_write_legacy.go
new file mode 100644
index 00000000..37edaff5
--- /dev/null
+++ b/vendor/github.com/gorilla/websocket/conn_write_legacy.go
@@ -0,0 +1,18 @@
+// Copyright 2016 The Gorilla WebSocket Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !go1.8
+
+package websocket
+
+func (c *Conn) writeBufs(bufs ...[]byte) error {
+	for _, buf := range bufs {
+		if len(buf) > 0 {
+			if _, err := c.conn.Write(buf); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/gorilla/websocket/doc.go b/vendor/github.com/gorilla/websocket/doc.go
index e291a952..dcce1a63 100644
--- a/vendor/github.com/gorilla/websocket/doc.go
+++ b/vendor/github.com/gorilla/websocket/doc.go
@@ -6,9 +6,8 @@
 //
 // Overview
 //
-// The Conn type represents a WebSocket connection. A server application uses
-// the Upgrade function from an Upgrader object with a HTTP request handler
-// to get a pointer to a Conn:
+// The Conn type represents a WebSocket connection. A server application calls
+// the Upgrader.Upgrade method from an HTTP request handler to get a *Conn:
 //
 //  var upgrader = websocket.Upgrader{
 //      ReadBufferSize:  1024,
@@ -31,10 +30,12 @@
 //  for {
 //      messageType, p, err := conn.ReadMessage()
 //      if err != nil {
+//          log.Println(err)
 //          return
 //      }
-//      if err = conn.WriteMessage(messageType, p); err != nil {
-//          return err
+//      if err := conn.WriteMessage(messageType, p); err != nil {
+//          log.Println(err)
+//          return
 //      }
 //  }
 //
@@ -85,20 +86,26 @@
 // and pong. Call the connection WriteControl, WriteMessage or NextWriter
 // methods to send a control message to the peer.
 //
-// Connections handle received close messages by sending a close message to the
-// peer and returning a *CloseError from the the NextReader, ReadMessage or the
-// message Read method.
+// Connections handle received close messages by calling the handler function
+// set with the SetCloseHandler method and by returning a *CloseError from the
+// NextReader, ReadMessage or the message Read method. The default close
+// handler sends a close message to the peer.
 //
-// Connections handle received ping and pong messages by invoking callback
-// functions set with SetPingHandler and SetPongHandler methods. The callback
-// functions are called from the NextReader, ReadMessage and the message Read
-// methods.
+// Connections handle received ping messages by calling the handler function
+// set with the SetPingHandler method. The default ping handler sends a pong
+// message to the peer.
 //
-// The default ping handler sends a pong to the peer. The application's reading
-// goroutine can block for a short time while the handler writes the pong data
-// to the connection.
+// Connections handle received pong messages by calling the handler function
+// set with the SetPongHandler method. The default pong handler does nothing.
+// If an application sends ping messages, then the application should set a
+// pong handler to receive the corresponding pong.
 //
-// The application must read the connection to process ping, pong and close
+// The control message handler functions are called from the NextReader,
+// ReadMessage and message reader Read methods. The default close and ping
+// handlers can block these methods for a short time when the handler writes to
+// the connection.
+//
+// The application must read the connection to process close, ping and pong
 // messages sent from the peer. If the application is not otherwise interested
 // in messages from the peer, then the application should start a goroutine to
 // read and discard messages from the peer. A simple example is:
@@ -137,19 +144,12 @@
 // method fails the WebSocket handshake with HTTP status 403.
 //
 // If the CheckOrigin field is nil, then the Upgrader uses a safe default: fail
-// the handshake if the Origin request header is present and not equal to the
-// Host request header.
+// the handshake if the Origin request header is present and the Origin host is
+// not equal to the Host request header.
 //
-// An application can allow connections from any origin by specifying a
-// function that always returns true:
-//
-//  var upgrader = websocket.Upgrader{
-//      CheckOrigin: func(r *http.Request) bool { return true },
-//  }
-//
-// The deprecated Upgrade function does not enforce an origin policy. It's the
-// application's responsibility to check the Origin header before calling
-// Upgrade.
+// The deprecated package-level Upgrade function does not perform origin
+// checking. The application is responsible for checking the Origin header
+// before calling the Upgrade function.
 //
 // Compression EXPERIMENTAL
 //
diff --git a/vendor/github.com/gorilla/websocket/json.go b/vendor/github.com/gorilla/websocket/json.go
index 4f0e3687..dc2c1f64 100644
--- a/vendor/github.com/gorilla/websocket/json.go
+++ b/vendor/github.com/gorilla/websocket/json.go
@@ -9,12 +9,14 @@ import (
 	"io"
 )
 
-// WriteJSON is deprecated, use c.WriteJSON instead.
+// WriteJSON writes the JSON encoding of v as a message.
+//
+// Deprecated: Use c.WriteJSON instead.
 func WriteJSON(c *Conn, v interface{}) error {
 	return c.WriteJSON(v)
 }
 
-// WriteJSON writes the JSON encoding of v to the connection.
+// WriteJSON writes the JSON encoding of v as a message.
 //
 // See the documentation for encoding/json Marshal for details about the
 // conversion of Go values to JSON.
@@ -31,7 +33,10 @@ func (c *Conn) WriteJSON(v interface{}) error {
 	return err2
 }
 
-// ReadJSON is deprecated, use c.ReadJSON instead.
+// ReadJSON reads the next JSON-encoded message from the connection and stores
+// it in the value pointed to by v.
+//
+// Deprecated: Use c.ReadJSON instead.
 func ReadJSON(c *Conn, v interface{}) error {
 	return c.ReadJSON(v)
 }
diff --git a/vendor/github.com/gorilla/websocket/mask.go b/vendor/github.com/gorilla/websocket/mask.go
index 6a88bbc7..577fce9e 100644
--- a/vendor/github.com/gorilla/websocket/mask.go
+++ b/vendor/github.com/gorilla/websocket/mask.go
@@ -11,7 +11,6 @@ import "unsafe"
 const wordSize = int(unsafe.Sizeof(uintptr(0)))
 
 func maskBytes(key [4]byte, pos int, b []byte) int {
-
 	// Mask one byte at a time for small buffers.
 	if len(b) < 2*wordSize {
 		for i := range b {
diff --git a/vendor/github.com/gorilla/websocket/prepared.go b/vendor/github.com/gorilla/websocket/prepared.go
index 1efffbd1..74ec565d 100644
--- a/vendor/github.com/gorilla/websocket/prepared.go
+++ b/vendor/github.com/gorilla/websocket/prepared.go
@@ -19,7 +19,6 @@ import (
 type PreparedMessage struct {
 	messageType int
 	data        []byte
-	err         error
 	mu          sync.Mutex
 	frames      map[prepareKey]*preparedFrame
 }
diff --git a/vendor/github.com/gorilla/websocket/proxy.go b/vendor/github.com/gorilla/websocket/proxy.go
new file mode 100644
index 00000000..bf2478e4
--- /dev/null
+++ b/vendor/github.com/gorilla/websocket/proxy.go
@@ -0,0 +1,77 @@
+// Copyright 2017 The Gorilla WebSocket Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package websocket
+
+import (
+	"bufio"
+	"encoding/base64"
+	"errors"
+	"net"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+type netDialerFunc func(network, addr string) (net.Conn, error)
+
+func (fn netDialerFunc) Dial(network, addr string) (net.Conn, error) {
+	return fn(network, addr)
+}
+
+func init() {
+	proxy_RegisterDialerType("http", func(proxyURL *url.URL, forwardDialer proxy_Dialer) (proxy_Dialer, error) {
+		return &httpProxyDialer{proxyURL: proxyURL, fowardDial: forwardDialer.Dial}, nil
+	})
+}
+
+type httpProxyDialer struct {
+	proxyURL   *url.URL
+	fowardDial func(network, addr string) (net.Conn, error)
+}
+
+func (hpd *httpProxyDialer) Dial(network string, addr string) (net.Conn, error) {
+	hostPort, _ := hostPortNoPort(hpd.proxyURL)
+	conn, err := hpd.fowardDial(network, hostPort)
+	if err != nil {
+		return nil, err
+	}
+
+	connectHeader := make(http.Header)
+	if user := hpd.proxyURL.User; user != nil {
+		proxyUser := user.Username()
+		if proxyPassword, passwordSet := user.Password(); passwordSet {
+			credential := base64.StdEncoding.EncodeToString([]byte(proxyUser + ":" + proxyPassword))
+			connectHeader.Set("Proxy-Authorization", "Basic "+credential)
+		}
+	}
+
+	connectReq := &http.Request{
+		Method: "CONNECT",
+		URL:    &url.URL{Opaque: addr},
+		Host:   addr,
+		Header: connectHeader,
+	}
+
+	if err := connectReq.Write(conn); err != nil {
+		conn.Close()
+		return nil, err
+	}
+
+	// Read response. It's OK to use and discard buffered reader here becaue
+	// the remote server does not speak until spoken to.
+	br := bufio.NewReader(conn)
+	resp, err := http.ReadResponse(br, connectReq)
+	if err != nil {
+		conn.Close()
+		return nil, err
+	}
+
+	if resp.StatusCode != 200 {
+		conn.Close()
+		f := strings.SplitN(resp.Status, " ", 2)
+		return nil, errors.New(f[1])
+	}
+	return conn, nil
+}
diff --git a/vendor/github.com/gorilla/websocket/server.go b/vendor/github.com/gorilla/websocket/server.go
index 3495e0f1..a761824b 100644
--- a/vendor/github.com/gorilla/websocket/server.go
+++ b/vendor/github.com/gorilla/websocket/server.go
@@ -7,7 +7,7 @@ package websocket
 import (
 	"bufio"
 	"errors"
-	"net"
+	"io"
 	"net/http"
 	"net/url"
 	"strings"
@@ -33,10 +33,23 @@ type Upgrader struct {
 	// or received.
 	ReadBufferSize, WriteBufferSize int
 
+	// WriteBufferPool is a pool of buffers for write operations. If the value
+	// is not set, then write buffers are allocated to the connection for the
+	// lifetime of the connection.
+	//
+	// A pool is most useful when the application has a modest volume of writes
+	// across a large number of connections.
+	//
+	// Applications should use a single pool for each unique value of
+	// WriteBufferSize.
+	WriteBufferPool BufferPool
+
 	// Subprotocols specifies the server's supported protocols in order of
-	// preference. If this field is set, then the Upgrade method negotiates a
+	// preference. If this field is not nil, then the Upgrade method negotiates a
 	// subprotocol by selecting the first match in this list with a protocol
-	// requested by the client.
+	// requested by the client. If there's no match, then no protocol is
+	// negotiated (the Sec-Websocket-Protocol header is not included in the
+	// handshake response).
 	Subprotocols []string
 
 	// Error specifies the function for generating HTTP error responses. If Error
@@ -44,8 +57,12 @@ type Upgrader struct {
 	Error func(w http.ResponseWriter, r *http.Request, status int, reason error)
 
 	// CheckOrigin returns true if the request Origin header is acceptable. If
-	// CheckOrigin is nil, the host in the Origin header must not be set or
-	// must match the host of the request.
+	// CheckOrigin is nil, then a safe default is used: return false if the
+	// Origin request header is present and the origin host is not equal to
+	// request Host header.
+	//
+	// A CheckOrigin function should carefully validate the request origin to
+	// prevent cross-site request forgery.
 	CheckOrigin func(r *http.Request) bool
 
 	// EnableCompression specify if the server should attempt to negotiate per
@@ -76,7 +93,7 @@ func checkSameOrigin(r *http.Request) bool {
 	if err != nil {
 		return false
 	}
-	return u.Host == r.Host
+	return equalASCIIFold(u.Host, r.Host)
 }
 
 func (u *Upgrader) selectSubprotocol(r *http.Request, responseHeader http.Header) string {
@@ -99,42 +116,44 @@ func (u *Upgrader) selectSubprotocol(r *http.Request, responseHeader http.Header
 //
 // The responseHeader is included in the response to the client's upgrade
 // request. Use the responseHeader to specify cookies (Set-Cookie) and the
-// application negotiated subprotocol (Sec-Websocket-Protocol).
+// application negotiated subprotocol (Sec-WebSocket-Protocol).
 //
 // If the upgrade fails, then Upgrade replies to the client with an HTTP error
 // response.
 func (u *Upgrader) Upgrade(w http.ResponseWriter, r *http.Request, responseHeader http.Header) (*Conn, error) {
-	if r.Method != "GET" {
-		return u.returnError(w, r, http.StatusMethodNotAllowed, "websocket: not a websocket handshake: request method is not GET")
-	}
-
-	if _, ok := responseHeader["Sec-Websocket-Extensions"]; ok {
-		return u.returnError(w, r, http.StatusInternalServerError, "websocket: application specific 'Sec-Websocket-Extensions' headers are unsupported")
-	}
+	const badHandshake = "websocket: the client is not using the websocket protocol: "
 
 	if !tokenListContainsValue(r.Header, "Connection", "upgrade") {
-		return u.returnError(w, r, http.StatusBadRequest, "websocket: not a websocket handshake: 'upgrade' token not found in 'Connection' header")
+		return u.returnError(w, r, http.StatusBadRequest, badHandshake+"'upgrade' token not found in 'Connection' header")
 	}
 
 	if !tokenListContainsValue(r.Header, "Upgrade", "websocket") {
-		return u.returnError(w, r, http.StatusBadRequest, "websocket: not a websocket handshake: 'websocket' token not found in 'Upgrade' header")
+		return u.returnError(w, r, http.StatusBadRequest, badHandshake+"'websocket' token not found in 'Upgrade' header")
+	}
+
+	if r.Method != "GET" {
+		return u.returnError(w, r, http.StatusMethodNotAllowed, badHandshake+"request method is not GET")
 	}
 
 	if !tokenListContainsValue(r.Header, "Sec-Websocket-Version", "13") {
 		return u.returnError(w, r, http.StatusBadRequest, "websocket: unsupported version: 13 not found in 'Sec-Websocket-Version' header")
 	}
 
+	if _, ok := responseHeader["Sec-Websocket-Extensions"]; ok {
+		return u.returnError(w, r, http.StatusInternalServerError, "websocket: application specific 'Sec-WebSocket-Extensions' headers are unsupported")
+	}
+
 	checkOrigin := u.CheckOrigin
 	if checkOrigin == nil {
 		checkOrigin = checkSameOrigin
 	}
 	if !checkOrigin(r) {
-		return u.returnError(w, r, http.StatusForbidden, "websocket: 'Origin' header value not allowed")
+		return u.returnError(w, r, http.StatusForbidden, "websocket: request origin not allowed by Upgrader.CheckOrigin")
 	}
 
 	challengeKey := r.Header.Get("Sec-Websocket-Key")
 	if challengeKey == "" {
-		return u.returnError(w, r, http.StatusBadRequest, "websocket: not a websocket handshake: `Sec-Websocket-Key' header is missing or blank")
+		return u.returnError(w, r, http.StatusBadRequest, "websocket: not a websocket handshake: `Sec-WebSocket-Key' header is missing or blank")
 	}
 
 	subprotocol := u.selectSubprotocol(r, responseHeader)
@@ -151,17 +170,12 @@ func (u *Upgrader) Upgrade(w http.ResponseWriter, r *http.Request, responseHeade
 		}
 	}
 
-	var (
-		netConn net.Conn
-		err     error
-	)
-
 	h, ok := w.(http.Hijacker)
 	if !ok {
 		return u.returnError(w, r, http.StatusInternalServerError, "websocket: response does not implement http.Hijacker")
 	}
 	var brw *bufio.ReadWriter
-	netConn, brw, err = h.Hijack()
+	netConn, brw, err := h.Hijack()
 	if err != nil {
 		return u.returnError(w, r, http.StatusInternalServerError, err.Error())
 	}
@@ -171,7 +185,21 @@ func (u *Upgrader) Upgrade(w http.ResponseWriter, r *http.Request, responseHeade
 		return nil, errors.New("websocket: client sent data before handshake is complete")
 	}
 
-	c := newConnBRW(netConn, true, u.ReadBufferSize, u.WriteBufferSize, brw)
+	var br *bufio.Reader
+	if u.ReadBufferSize == 0 && bufioReaderSize(netConn, brw.Reader) > 256 {
+		// Reuse hijacked buffered reader as connection reader.
+		br = brw.Reader
+	}
+
+	buf := bufioWriterBuffer(netConn, brw.Writer)
+
+	var writeBuf []byte
+	if u.WriteBufferPool == nil && u.WriteBufferSize == 0 && len(buf) >= maxFrameHeaderSize+256 {
+		// Reuse hijacked write buffer as connection buffer.
+		writeBuf = buf
+	}
+
+	c := newConn(netConn, true, u.ReadBufferSize, u.WriteBufferSize, u.WriteBufferPool, br, writeBuf)
 	c.subprotocol = subprotocol
 
 	if compress {
@@ -179,17 +207,23 @@ func (u *Upgrader) Upgrade(w http.ResponseWriter, r *http.Request, responseHeade
 		c.newDecompressionReader = decompressNoContextTakeover
 	}
 
-	p := c.writeBuf[:0]
+	// Use larger of hijacked buffer and connection write buffer for header.
+	p := buf
+	if len(c.writeBuf) > len(p) {
+		p = c.writeBuf
+	}
+	p = p[:0]
+
 	p = append(p, "HTTP/1.1 101 Switching Protocols\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nSec-WebSocket-Accept: "...)
 	p = append(p, computeAcceptKey(challengeKey)...)
 	p = append(p, "\r\n"...)
 	if c.subprotocol != "" {
-		p = append(p, "Sec-Websocket-Protocol: "...)
+		p = append(p, "Sec-WebSocket-Protocol: "...)
 		p = append(p, c.subprotocol...)
 		p = append(p, "\r\n"...)
 	}
 	if compress {
-		p = append(p, "Sec-Websocket-Extensions: permessage-deflate; server_no_context_takeover; client_no_context_takeover\r\n"...)
+		p = append(p, "Sec-WebSocket-Extensions: permessage-deflate; server_no_context_takeover; client_no_context_takeover\r\n"...)
 	}
 	for k, vs := range responseHeader {
 		if k == "Sec-Websocket-Protocol" {
@@ -230,13 +264,14 @@ func (u *Upgrader) Upgrade(w http.ResponseWriter, r *http.Request, responseHeade
 
 // Upgrade upgrades the HTTP server connection to the WebSocket protocol.
 //
-// This function is deprecated, use websocket.Upgrader instead.
+// Deprecated: Use websocket.Upgrader instead.
 //
-// The application is responsible for checking the request origin before
-// calling Upgrade. An example implementation of the same origin policy is:
+// Upgrade does not perform origin checking. The application is responsible for
+// checking the Origin header before calling Upgrade. An example implementation
+// of the same origin policy check is:
 //
 //	if req.Header.Get("Origin") != "http://"+req.Host {
-//		http.Error(w, "Origin not allowed", 403)
+//		http.Error(w, "Origin not allowed", http.StatusForbidden)
 //		return
 //	}
 //
@@ -289,3 +324,40 @@ func IsWebSocketUpgrade(r *http.Request) bool {
 	return tokenListContainsValue(r.Header, "Connection", "upgrade") &&
 		tokenListContainsValue(r.Header, "Upgrade", "websocket")
 }
+
+// bufioReaderSize size returns the size of a bufio.Reader.
+func bufioReaderSize(originalReader io.Reader, br *bufio.Reader) int {
+	// This code assumes that peek on a reset reader returns
+	// bufio.Reader.buf[:0].
+	// TODO: Use bufio.Reader.Size() after Go 1.10
+	br.Reset(originalReader)
+	if p, err := br.Peek(0); err == nil {
+		return cap(p)
+	}
+	return 0
+}
+
+// writeHook is an io.Writer that records the last slice passed to it vio
+// io.Writer.Write.
+type writeHook struct {
+	p []byte
+}
+
+func (wh *writeHook) Write(p []byte) (int, error) {
+	wh.p = p
+	return len(p), nil
+}
+
+// bufioWriterBuffer grabs the buffer from a bufio.Writer.
+func bufioWriterBuffer(originalWriter io.Writer, bw *bufio.Writer) []byte {
+	// This code assumes that bufio.Writer.buf[:1] is passed to the
+	// bufio.Writer's underlying writer.
+	var wh writeHook
+	bw.Reset(&wh)
+	bw.WriteByte(0)
+	bw.Flush()
+
+	bw.Reset(originalWriter)
+
+	return wh.p[:cap(wh.p)]
+}
diff --git a/vendor/github.com/gorilla/websocket/trace.go b/vendor/github.com/gorilla/websocket/trace.go
new file mode 100644
index 00000000..834f122a
--- /dev/null
+++ b/vendor/github.com/gorilla/websocket/trace.go
@@ -0,0 +1,19 @@
+// +build go1.8
+
+package websocket
+
+import (
+	"crypto/tls"
+	"net/http/httptrace"
+)
+
+func doHandshakeWithTrace(trace *httptrace.ClientTrace, tlsConn *tls.Conn, cfg *tls.Config) error {
+	if trace.TLSHandshakeStart != nil {
+		trace.TLSHandshakeStart()
+	}
+	err := doHandshake(tlsConn, cfg)
+	if trace.TLSHandshakeDone != nil {
+		trace.TLSHandshakeDone(tlsConn.ConnectionState(), err)
+	}
+	return err
+}
diff --git a/vendor/github.com/gorilla/websocket/trace_17.go b/vendor/github.com/gorilla/websocket/trace_17.go
new file mode 100644
index 00000000..77d05a0b
--- /dev/null
+++ b/vendor/github.com/gorilla/websocket/trace_17.go
@@ -0,0 +1,12 @@
+// +build !go1.8
+
+package websocket
+
+import (
+	"crypto/tls"
+	"net/http/httptrace"
+)
+
+func doHandshakeWithTrace(trace *httptrace.ClientTrace, tlsConn *tls.Conn, cfg *tls.Config) error {
+	return doHandshake(tlsConn, cfg)
+}
diff --git a/vendor/github.com/gorilla/websocket/util.go b/vendor/github.com/gorilla/websocket/util.go
index 9a4908df..354001e1 100644
--- a/vendor/github.com/gorilla/websocket/util.go
+++ b/vendor/github.com/gorilla/websocket/util.go
@@ -11,6 +11,7 @@ import (
 	"io"
 	"net/http"
 	"strings"
+	"unicode/utf8"
 )
 
 var keyGUID = []byte("258EAFA5-E914-47DA-95CA-C5AB0DC85B11")
@@ -111,14 +112,14 @@ func nextTokenOrQuoted(s string) (value string, rest string) {
 				case escape:
 					escape = false
 					p[j] = b
-					j += 1
+					j++
 				case b == '\\':
 					escape = true
 				case b == '"':
 					return string(p[:j]), s[i+1:]
 				default:
 					p[j] = b
-					j += 1
+					j++
 				}
 			}
 			return "", ""
@@ -127,8 +128,31 @@ func nextTokenOrQuoted(s string) (value string, rest string) {
 	return "", ""
 }
 
+// equalASCIIFold returns true if s is equal to t with ASCII case folding.
+func equalASCIIFold(s, t string) bool {
+	for s != "" && t != "" {
+		sr, size := utf8.DecodeRuneInString(s)
+		s = s[size:]
+		tr, size := utf8.DecodeRuneInString(t)
+		t = t[size:]
+		if sr == tr {
+			continue
+		}
+		if 'A' <= sr && sr <= 'Z' {
+			sr = sr + 'a' - 'A'
+		}
+		if 'A' <= tr && tr <= 'Z' {
+			tr = tr + 'a' - 'A'
+		}
+		if sr != tr {
+			return false
+		}
+	}
+	return s == t
+}
+
 // tokenListContainsValue returns true if the 1#token header with the given
-// name contains token.
+// name contains a token equal to value with ASCII case folding.
 func tokenListContainsValue(header http.Header, name string, value string) bool {
 headers:
 	for _, s := range header[name] {
@@ -142,7 +166,7 @@ headers:
 			if s != "" && s[0] != ',' {
 				continue headers
 			}
-			if strings.EqualFold(t, value) {
+			if equalASCIIFold(t, value) {
 				return true
 			}
 			if s == "" {
@@ -154,9 +178,8 @@ headers:
 	return false
 }
 
-// parseExtensiosn parses WebSocket extensions from a header.
+// parseExtensions parses WebSocket extensions from a header.
 func parseExtensions(header http.Header) []map[string]string {
-
 	// From RFC 6455:
 	//
 	//  Sec-WebSocket-Extensions = extension-list
diff --git a/vendor/github.com/gorilla/websocket/x_net_proxy.go b/vendor/github.com/gorilla/websocket/x_net_proxy.go
new file mode 100644
index 00000000..2e668f6b
--- /dev/null
+++ b/vendor/github.com/gorilla/websocket/x_net_proxy.go
@@ -0,0 +1,473 @@
+// Code generated by golang.org/x/tools/cmd/bundle. DO NOT EDIT.
+//go:generate bundle -o x_net_proxy.go golang.org/x/net/proxy
+
+// Package proxy provides support for a variety of protocols to proxy network
+// data.
+//
+
+package websocket
+
+import (
+	"errors"
+	"io"
+	"net"
+	"net/url"
+	"os"
+	"strconv"
+	"strings"
+	"sync"
+)
+
+type proxy_direct struct{}
+
+// Direct is a direct proxy: one that makes network connections directly.
+var proxy_Direct = proxy_direct{}
+
+func (proxy_direct) Dial(network, addr string) (net.Conn, error) {
+	return net.Dial(network, addr)
+}
+
+// A PerHost directs connections to a default Dialer unless the host name
+// requested matches one of a number of exceptions.
+type proxy_PerHost struct {
+	def, bypass proxy_Dialer
+
+	bypassNetworks []*net.IPNet
+	bypassIPs      []net.IP
+	bypassZones    []string
+	bypassHosts    []string
+}
+
+// NewPerHost returns a PerHost Dialer that directs connections to either
+// defaultDialer or bypass, depending on whether the connection matches one of
+// the configured rules.
+func proxy_NewPerHost(defaultDialer, bypass proxy_Dialer) *proxy_PerHost {
+	return &proxy_PerHost{
+		def:    defaultDialer,
+		bypass: bypass,
+	}
+}
+
+// Dial connects to the address addr on the given network through either
+// defaultDialer or bypass.
+func (p *proxy_PerHost) Dial(network, addr string) (c net.Conn, err error) {
+	host, _, err := net.SplitHostPort(addr)
+	if err != nil {
+		return nil, err
+	}
+
+	return p.dialerForRequest(host).Dial(network, addr)
+}
+
+func (p *proxy_PerHost) dialerForRequest(host string) proxy_Dialer {
+	if ip := net.ParseIP(host); ip != nil {
+		for _, net := range p.bypassNetworks {
+			if net.Contains(ip) {
+				return p.bypass
+			}
+		}
+		for _, bypassIP := range p.bypassIPs {
+			if bypassIP.Equal(ip) {
+				return p.bypass
+			}
+		}
+		return p.def
+	}
+
+	for _, zone := range p.bypassZones {
+		if strings.HasSuffix(host, zone) {
+			return p.bypass
+		}
+		if host == zone[1:] {
+			// For a zone ".example.com", we match "example.com"
+			// too.
+			return p.bypass
+		}
+	}
+	for _, bypassHost := range p.bypassHosts {
+		if bypassHost == host {
+			return p.bypass
+		}
+	}
+	return p.def
+}
+
+// AddFromString parses a string that contains comma-separated values
+// specifying hosts that should use the bypass proxy. Each value is either an
+// IP address, a CIDR range, a zone (*.example.com) or a host name
+// (localhost). A best effort is made to parse the string and errors are
+// ignored.
+func (p *proxy_PerHost) AddFromString(s string) {
+	hosts := strings.Split(s, ",")
+	for _, host := range hosts {
+		host = strings.TrimSpace(host)
+		if len(host) == 0 {
+			continue
+		}
+		if strings.Contains(host, "/") {
+			// We assume that it's a CIDR address like 127.0.0.0/8
+			if _, net, err := net.ParseCIDR(host); err == nil {
+				p.AddNetwork(net)
+			}
+			continue
+		}
+		if ip := net.ParseIP(host); ip != nil {
+			p.AddIP(ip)
+			continue
+		}
+		if strings.HasPrefix(host, "*.") {
+			p.AddZone(host[1:])
+			continue
+		}
+		p.AddHost(host)
+	}
+}
+
+// AddIP specifies an IP address that will use the bypass proxy. Note that
+// this will only take effect if a literal IP address is dialed. A connection
+// to a named host will never match an IP.
+func (p *proxy_PerHost) AddIP(ip net.IP) {
+	p.bypassIPs = append(p.bypassIPs, ip)
+}
+
+// AddNetwork specifies an IP range that will use the bypass proxy. Note that
+// this will only take effect if a literal IP address is dialed. A connection
+// to a named host will never match.
+func (p *proxy_PerHost) AddNetwork(net *net.IPNet) {
+	p.bypassNetworks = append(p.bypassNetworks, net)
+}
+
+// AddZone specifies a DNS suffix that will use the bypass proxy. A zone of
+// "example.com" matches "example.com" and all of its subdomains.
+func (p *proxy_PerHost) AddZone(zone string) {
+	if strings.HasSuffix(zone, ".") {
+		zone = zone[:len(zone)-1]
+	}
+	if !strings.HasPrefix(zone, ".") {
+		zone = "." + zone
+	}
+	p.bypassZones = append(p.bypassZones, zone)
+}
+
+// AddHost specifies a host name that will use the bypass proxy.
+func (p *proxy_PerHost) AddHost(host string) {
+	if strings.HasSuffix(host, ".") {
+		host = host[:len(host)-1]
+	}
+	p.bypassHosts = append(p.bypassHosts, host)
+}
+
+// A Dialer is a means to establish a connection.
+type proxy_Dialer interface {
+	// Dial connects to the given address via the proxy.
+	Dial(network, addr string) (c net.Conn, err error)
+}
+
+// Auth contains authentication parameters that specific Dialers may require.
+type proxy_Auth struct {
+	User, Password string
+}
+
+// FromEnvironment returns the dialer specified by the proxy related variables in
+// the environment.
+func proxy_FromEnvironment() proxy_Dialer {
+	allProxy := proxy_allProxyEnv.Get()
+	if len(allProxy) == 0 {
+		return proxy_Direct
+	}
+
+	proxyURL, err := url.Parse(allProxy)
+	if err != nil {
+		return proxy_Direct
+	}
+	proxy, err := proxy_FromURL(proxyURL, proxy_Direct)
+	if err != nil {
+		return proxy_Direct
+	}
+
+	noProxy := proxy_noProxyEnv.Get()
+	if len(noProxy) == 0 {
+		return proxy
+	}
+
+	perHost := proxy_NewPerHost(proxy, proxy_Direct)
+	perHost.AddFromString(noProxy)
+	return perHost
+}
+
+// proxySchemes is a map from URL schemes to a function that creates a Dialer
+// from a URL with such a scheme.
+var proxy_proxySchemes map[string]func(*url.URL, proxy_Dialer) (proxy_Dialer, error)
+
+// RegisterDialerType takes a URL scheme and a function to generate Dialers from
+// a URL with that scheme and a forwarding Dialer. Registered schemes are used
+// by FromURL.
+func proxy_RegisterDialerType(scheme string, f func(*url.URL, proxy_Dialer) (proxy_Dialer, error)) {
+	if proxy_proxySchemes == nil {
+		proxy_proxySchemes = make(map[string]func(*url.URL, proxy_Dialer) (proxy_Dialer, error))
+	}
+	proxy_proxySchemes[scheme] = f
+}
+
+// FromURL returns a Dialer given a URL specification and an underlying
+// Dialer for it to make network requests.
+func proxy_FromURL(u *url.URL, forward proxy_Dialer) (proxy_Dialer, error) {
+	var auth *proxy_Auth
+	if u.User != nil {
+		auth = new(proxy_Auth)
+		auth.User = u.User.Username()
+		if p, ok := u.User.Password(); ok {
+			auth.Password = p
+		}
+	}
+
+	switch u.Scheme {
+	case "socks5":
+		return proxy_SOCKS5("tcp", u.Host, auth, forward)
+	}
+
+	// If the scheme doesn't match any of the built-in schemes, see if it
+	// was registered by another package.
+	if proxy_proxySchemes != nil {
+		if f, ok := proxy_proxySchemes[u.Scheme]; ok {
+			return f(u, forward)
+		}
+	}
+
+	return nil, errors.New("proxy: unknown scheme: " + u.Scheme)
+}
+
+var (
+	proxy_allProxyEnv = &proxy_envOnce{
+		names: []string{"ALL_PROXY", "all_proxy"},
+	}
+	proxy_noProxyEnv = &proxy_envOnce{
+		names: []string{"NO_PROXY", "no_proxy"},
+	}
+)
+
+// envOnce looks up an environment variable (optionally by multiple
+// names) once. It mitigates expensive lookups on some platforms
+// (e.g. Windows).
+// (Borrowed from net/http/transport.go)
+type proxy_envOnce struct {
+	names []string
+	once  sync.Once
+	val   string
+}
+
+func (e *proxy_envOnce) Get() string {
+	e.once.Do(e.init)
+	return e.val
+}
+
+func (e *proxy_envOnce) init() {
+	for _, n := range e.names {
+		e.val = os.Getenv(n)
+		if e.val != "" {
+			return
+		}
+	}
+}
+
+// SOCKS5 returns a Dialer that makes SOCKSv5 connections to the given address
+// with an optional username and password. See RFC 1928 and RFC 1929.
+func proxy_SOCKS5(network, addr string, auth *proxy_Auth, forward proxy_Dialer) (proxy_Dialer, error) {
+	s := &proxy_socks5{
+		network: network,
+		addr:    addr,
+		forward: forward,
+	}
+	if auth != nil {
+		s.user = auth.User
+		s.password = auth.Password
+	}
+
+	return s, nil
+}
+
+type proxy_socks5 struct {
+	user, password string
+	network, addr  string
+	forward        proxy_Dialer
+}
+
+const proxy_socks5Version = 5
+
+const (
+	proxy_socks5AuthNone     = 0
+	proxy_socks5AuthPassword = 2
+)
+
+const proxy_socks5Connect = 1
+
+const (
+	proxy_socks5IP4    = 1
+	proxy_socks5Domain = 3
+	proxy_socks5IP6    = 4
+)
+
+var proxy_socks5Errors = []string{
+	"",
+	"general failure",
+	"connection forbidden",
+	"network unreachable",
+	"host unreachable",
+	"connection refused",
+	"TTL expired",
+	"command not supported",
+	"address type not supported",
+}
+
+// Dial connects to the address addr on the given network via the SOCKS5 proxy.
+func (s *proxy_socks5) Dial(network, addr string) (net.Conn, error) {
+	switch network {
+	case "tcp", "tcp6", "tcp4":
+	default:
+		return nil, errors.New("proxy: no support for SOCKS5 proxy connections of type " + network)
+	}
+
+	conn, err := s.forward.Dial(s.network, s.addr)
+	if err != nil {
+		return nil, err
+	}
+	if err := s.connect(conn, addr); err != nil {
+		conn.Close()
+		return nil, err
+	}
+	return conn, nil
+}
+
+// connect takes an existing connection to a socks5 proxy server,
+// and commands the server to extend that connection to target,
+// which must be a canonical address with a host and port.
+func (s *proxy_socks5) connect(conn net.Conn, target string) error {
+	host, portStr, err := net.SplitHostPort(target)
+	if err != nil {
+		return err
+	}
+
+	port, err := strconv.Atoi(portStr)
+	if err != nil {
+		return errors.New("proxy: failed to parse port number: " + portStr)
+	}
+	if port < 1 || port > 0xffff {
+		return errors.New("proxy: port number out of range: " + portStr)
+	}
+
+	// the size here is just an estimate
+	buf := make([]byte, 0, 6+len(host))
+
+	buf = append(buf, proxy_socks5Version)
+	if len(s.user) > 0 && len(s.user) < 256 && len(s.password) < 256 {
+		buf = append(buf, 2 /* num auth methods */, proxy_socks5AuthNone, proxy_socks5AuthPassword)
+	} else {
+		buf = append(buf, 1 /* num auth methods */, proxy_socks5AuthNone)
+	}
+
+	if _, err := conn.Write(buf); err != nil {
+		return errors.New("proxy: failed to write greeting to SOCKS5 proxy at " + s.addr + ": " + err.Error())
+	}
+
+	if _, err := io.ReadFull(conn, buf[:2]); err != nil {
+		return errors.New("proxy: failed to read greeting from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+	}
+	if buf[0] != 5 {
+		return errors.New("proxy: SOCKS5 proxy at " + s.addr + " has unexpected version " + strconv.Itoa(int(buf[0])))
+	}
+	if buf[1] == 0xff {
+		return errors.New("proxy: SOCKS5 proxy at " + s.addr + " requires authentication")
+	}
+
+	// See RFC 1929
+	if buf[1] == proxy_socks5AuthPassword {
+		buf = buf[:0]
+		buf = append(buf, 1 /* password protocol version */)
+		buf = append(buf, uint8(len(s.user)))
+		buf = append(buf, s.user...)
+		buf = append(buf, uint8(len(s.password)))
+		buf = append(buf, s.password...)
+
+		if _, err := conn.Write(buf); err != nil {
+			return errors.New("proxy: failed to write authentication request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
+		}
+
+		if _, err := io.ReadFull(conn, buf[:2]); err != nil {
+			return errors.New("proxy: failed to read authentication reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+		}
+
+		if buf[1] != 0 {
+			return errors.New("proxy: SOCKS5 proxy at " + s.addr + " rejected username/password")
+		}
+	}
+
+	buf = buf[:0]
+	buf = append(buf, proxy_socks5Version, proxy_socks5Connect, 0 /* reserved */)
+
+	if ip := net.ParseIP(host); ip != nil {
+		if ip4 := ip.To4(); ip4 != nil {
+			buf = append(buf, proxy_socks5IP4)
+			ip = ip4
+		} else {
+			buf = append(buf, proxy_socks5IP6)
+		}
+		buf = append(buf, ip...)
+	} else {
+		if len(host) > 255 {
+			return errors.New("proxy: destination host name too long: " + host)
+		}
+		buf = append(buf, proxy_socks5Domain)
+		buf = append(buf, byte(len(host)))
+		buf = append(buf, host...)
+	}
+	buf = append(buf, byte(port>>8), byte(port))
+
+	if _, err := conn.Write(buf); err != nil {
+		return errors.New("proxy: failed to write connect request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
+	}
+
+	if _, err := io.ReadFull(conn, buf[:4]); err != nil {
+		return errors.New("proxy: failed to read connect reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+	}
+
+	failure := "unknown error"
+	if int(buf[1]) < len(proxy_socks5Errors) {
+		failure = proxy_socks5Errors[buf[1]]
+	}
+
+	if len(failure) > 0 {
+		return errors.New("proxy: SOCKS5 proxy at " + s.addr + " failed to connect: " + failure)
+	}
+
+	bytesToDiscard := 0
+	switch buf[3] {
+	case proxy_socks5IP4:
+		bytesToDiscard = net.IPv4len
+	case proxy_socks5IP6:
+		bytesToDiscard = net.IPv6len
+	case proxy_socks5Domain:
+		_, err := io.ReadFull(conn, buf[:1])
+		if err != nil {
+			return errors.New("proxy: failed to read domain length from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+		}
+		bytesToDiscard = int(buf[0])
+	default:
+		return errors.New("proxy: got unknown address type " + strconv.Itoa(int(buf[3])) + " from SOCKS5 proxy at " + s.addr)
+	}
+
+	if cap(buf) < bytesToDiscard {
+		buf = make([]byte, bytesToDiscard)
+	} else {
+		buf = buf[:bytesToDiscard]
+	}
+	if _, err := io.ReadFull(conn, buf); err != nil {
+		return errors.New("proxy: failed to read address from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+	}
+
+	// Also need to discard the port number
+	if _, err := io.ReadFull(conn, buf[:2]); err != nil {
+		return errors.New("proxy: failed to read port from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/kshvakov/clickhouse/go.test.sh b/vendor/github.com/kshvakov/clickhouse/go.test.sh
old mode 100755
new mode 100644
diff --git a/vendor/github.com/miekg/dns/.travis.yml b/vendor/github.com/miekg/dns/.travis.yml
index 013b5ae4..8eaa0642 100644
--- a/vendor/github.com/miekg/dns/.travis.yml
+++ b/vendor/github.com/miekg/dns/.travis.yml
@@ -2,17 +2,15 @@ language: go
 sudo: false
 
 go:
-  - 1.10.x
-  - 1.11.x
-  - 1.12.x
+  - "1.12.x"
+  - "1.13.x"
   - tip
 
-before_install:
-  # don't use the miekg/dns when testing forks
-  - mkdir -p $GOPATH/src/github.com/miekg
-  - ln -s $TRAVIS_BUILD_DIR $GOPATH/src/github.com/miekg/ || true
+env:
+  - GO111MODULE=on
 
 script:
+  - go generate ./... && test `git ls-files --modified | wc -l` = 0
   - go test -race -v -bench=. -coverprofile=coverage.txt -covermode=atomic ./...
 
 after_success:
diff --git a/vendor/github.com/miekg/dns/CODEOWNERS b/vendor/github.com/miekg/dns/CODEOWNERS
new file mode 100644
index 00000000..e0917031
--- /dev/null
+++ b/vendor/github.com/miekg/dns/CODEOWNERS
@@ -0,0 +1 @@
+* @miekg @tmthrgd
diff --git a/vendor/github.com/miekg/dns/Gopkg.lock b/vendor/github.com/miekg/dns/Gopkg.lock
deleted file mode 100644
index 68663220..00000000
--- a/vendor/github.com/miekg/dns/Gopkg.lock
+++ /dev/null
@@ -1,57 +0,0 @@
-# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
-
-
-[[projects]]
-  branch = "master"
-  digest = "1:6914c49eed986dfb8dffb33516fa129c49929d4d873f41e073c83c11c372b870"
-  name = "golang.org/x/crypto"
-  packages = [
-    "ed25519",
-    "ed25519/internal/edwards25519",
-  ]
-  pruneopts = ""
-  revision = "e3636079e1a4c1f337f212cc5cd2aca108f6c900"
-
-[[projects]]
-  branch = "master"
-  digest = "1:08e41d63f8dac84d83797368b56cf0b339e42d0224e5e56668963c28aec95685"
-  name = "golang.org/x/net"
-  packages = [
-    "bpf",
-    "context",
-    "internal/iana",
-    "internal/socket",
-    "ipv4",
-    "ipv6",
-  ]
-  pruneopts = ""
-  revision = "4dfa2610cdf3b287375bbba5b8f2a14d3b01d8de"
-
-[[projects]]
-  branch = "master"
-  digest = "1:b2ea75de0ccb2db2ac79356407f8a4cd8f798fe15d41b381c00abf3ae8e55ed1"
-  name = "golang.org/x/sync"
-  packages = ["errgroup"]
-  pruneopts = ""
-  revision = "1d60e4601c6fd243af51cc01ddf169918a5407ca"
-
-[[projects]]
-  branch = "master"
-  digest = "1:149a432fabebb8221a80f77731b1cd63597197ded4f14af606ebe3a0959004ec"
-  name = "golang.org/x/sys"
-  packages = ["unix"]
-  pruneopts = ""
-  revision = "e4b3c5e9061176387e7cea65e4dc5853801f3fb7"
-
-[solve-meta]
-  analyzer-name = "dep"
-  analyzer-version = 1
-  input-imports = [
-    "golang.org/x/crypto/ed25519",
-    "golang.org/x/net/ipv4",
-    "golang.org/x/net/ipv6",
-    "golang.org/x/sync/errgroup",
-    "golang.org/x/sys/unix",
-  ]
-  solver-name = "gps-cdcl"
-  solver-version = 1
diff --git a/vendor/github.com/miekg/dns/Gopkg.toml b/vendor/github.com/miekg/dns/Gopkg.toml
deleted file mode 100644
index 85e6ff31..00000000
--- a/vendor/github.com/miekg/dns/Gopkg.toml
+++ /dev/null
@@ -1,38 +0,0 @@
-
-# Gopkg.toml example
-#
-# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
-# for detailed Gopkg.toml documentation.
-#
-# required = ["github.com/user/thing/cmd/thing"]
-# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
-#
-# [[constraint]]
-#   name = "github.com/user/project"
-#   version = "1.0.0"
-#
-# [[constraint]]
-#   name = "github.com/user/project2"
-#   branch = "dev"
-#   source = "github.com/myfork/project2"
-#
-# [[override]]
-#  name = "github.com/x/y"
-#  version = "2.4.0"
-
-
-[[constraint]]
-  branch = "master"
-  name = "golang.org/x/crypto"
-
-[[constraint]]
-  branch = "master"
-  name = "golang.org/x/net"
-
-[[constraint]]
-  branch = "master"
-  name = "golang.org/x/sys"
-
-[[constraint]]
-  branch = "master"
-  name = "golang.org/x/sync"
diff --git a/vendor/github.com/miekg/dns/LICENSE b/vendor/github.com/miekg/dns/LICENSE
index 5763fa7f..55f12ab7 100644
--- a/vendor/github.com/miekg/dns/LICENSE
+++ b/vendor/github.com/miekg/dns/LICENSE
@@ -1,7 +1,3 @@
-Extensions of the original work are copyright (c) 2011 Miek Gieben
-
-As this is fork of the official Go code the same license applies:
-
 Copyright (c) 2009 The Go Authors. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
@@ -30,3 +26,5 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+As this is fork of the official Go code the same license applies.
+Extensions of the original work are copyright (c) 2011 Miek Gieben
diff --git a/vendor/github.com/miekg/dns/README.md b/vendor/github.com/miekg/dns/README.md
index dc2a8228..126fe62c 100644
--- a/vendor/github.com/miekg/dns/README.md
+++ b/vendor/github.com/miekg/dns/README.md
@@ -69,6 +69,7 @@ A not-so-up-to-date-list-that-may-be-actually-current:
 * https://github.com/semihalev/sdns
 * https://render.com
 * https://github.com/peterzen/goresolver
+* https://github.com/folbricht/routedns
 
 Send pull request if you want to be listed here.
 
@@ -93,8 +94,8 @@ DNS Authors 2012-
 
 # Building
 
-Building is done with the `go` tool. If you have setup your GOPATH correctly, the following should
-work:
+This library uses Go modules and uses semantic versioning. Building is done with the `go` tool, so
+the following should work:
 
     go get github.com/miekg/dns
     go build github.com/miekg/dns
@@ -126,6 +127,7 @@ Example programs can be found in the `github.com/miekg/exdns` repository.
 * 2915 - NAPTR record
 * 2929 - DNS IANA Considerations
 * 3110 - RSASHA1 DNS keys
+* 3123 - APL record
 * 3225 - DO bit (DNSSEC OK)
 * 340{1,2,3} - NAPTR record
 * 3445 - Limiting the scope of (DNS)KEY
@@ -152,6 +154,7 @@ Example programs can be found in the `github.com/miekg/exdns` repository.
 * 6844 - CAA record
 * 6891 - EDNS0 update
 * 6895 - DNS IANA considerations
+* 6944 - DNSSEC DNSKEY Algorithm Status
 * 6975 - Algorithm Understanding in DNSSEC
 * 7043 - EUI48/EUI64 records
 * 7314 - DNS (EDNS) EXPIRE Option
diff --git a/vendor/github.com/miekg/dns/acceptfunc.go b/vendor/github.com/miekg/dns/acceptfunc.go
index 78c076c2..825617fe 100644
--- a/vendor/github.com/miekg/dns/acceptfunc.go
+++ b/vendor/github.com/miekg/dns/acceptfunc.go
@@ -6,22 +6,30 @@ type MsgAcceptFunc func(dh Header) MsgAcceptAction
 
 // DefaultMsgAcceptFunc checks the request and will reject if:
 //
-// * isn't a request (don't respond in that case).
+// * isn't a request (don't respond in that case)
+//
 // * opcode isn't OpcodeQuery or OpcodeNotify
+//
 // * Zero bit isn't zero
+//
 // * has more than 1 question in the question section
+//
 // * has more than 1 RR in the Answer section
+//
 // * has more than 0 RRs in the Authority section
+//
 // * has more than 2 RRs in the Additional section
+//
 var DefaultMsgAcceptFunc MsgAcceptFunc = defaultMsgAcceptFunc
 
 // MsgAcceptAction represents the action to be taken.
 type MsgAcceptAction int
 
 const (
-	MsgAccept MsgAcceptAction = iota // Accept the message
-	MsgReject                        // Reject the message with a RcodeFormatError
-	MsgIgnore                        // Ignore the error and send nothing back.
+	MsgAccept               MsgAcceptAction = iota // Accept the message
+	MsgReject                                      // Reject the message with a RcodeFormatError
+	MsgIgnore                                      // Ignore the error and send nothing back.
+	MsgRejectNotImplemented                        // Reject the message with a RcodeNotImplemented
 )
 
 func defaultMsgAcceptFunc(dh Header) MsgAcceptAction {
@@ -32,12 +40,9 @@ func defaultMsgAcceptFunc(dh Header) MsgAcceptAction {
 	// Don't allow dynamic updates, because then the sections can contain a whole bunch of RRs.
 	opcode := int(dh.Bits>>11) & 0xF
 	if opcode != OpcodeQuery && opcode != OpcodeNotify {
-		return MsgReject
+		return MsgRejectNotImplemented
 	}
 
-	if isZero := dh.Bits&_Z != 0; isZero {
-		return MsgReject
-	}
 	if dh.Qdcount != 1 {
 		return MsgReject
 	}
diff --git a/vendor/github.com/miekg/dns/client.go b/vendor/github.com/miekg/dns/client.go
index 20cafe27..db2761d4 100644
--- a/vendor/github.com/miekg/dns/client.go
+++ b/vendor/github.com/miekg/dns/client.go
@@ -6,6 +6,7 @@ import (
 	"context"
 	"crypto/tls"
 	"encoding/binary"
+	"fmt"
 	"io"
 	"net"
 	"strings"
@@ -128,20 +129,15 @@ func (c *Client) Exchange(m *Msg, address string) (r *Msg, rtt time.Duration, er
 		return c.exchange(m, address)
 	}
 
-	t := "nop"
-	if t1, ok := TypeToString[m.Question[0].Qtype]; ok {
-		t = t1
-	}
-	cl := "nop"
-	if cl1, ok := ClassToString[m.Question[0].Qclass]; ok {
-		cl = cl1
-	}
-	r, rtt, err, shared := c.group.Do(m.Question[0].Name+t+cl, func() (*Msg, time.Duration, error) {
+	q := m.Question[0]
+	key := fmt.Sprintf("%s:%d:%d", q.Name, q.Qtype, q.Qclass)
+	r, rtt, err, shared := c.group.Do(key, func() (*Msg, time.Duration, error) {
 		return c.exchange(m, address)
 	})
 	if r != nil && shared {
 		r = r.Copy()
 	}
+
 	return r, rtt, err
 }
 
@@ -219,8 +215,15 @@ func (co *Conn) ReadMsgHeader(hdr *Header) ([]byte, error) {
 		n   int
 		err error
 	)
-	switch co.Conn.(type) {
-	case *net.TCPConn, *tls.Conn:
+
+	if _, ok := co.Conn.(net.PacketConn); ok {
+		if co.UDPSize > MinMsgSize {
+			p = make([]byte, co.UDPSize)
+		} else {
+			p = make([]byte, MinMsgSize)
+		}
+		n, err = co.Read(p)
+	} else {
 		var length uint16
 		if err := binary.Read(co.Conn, binary.BigEndian, &length); err != nil {
 			return nil, err
@@ -228,13 +231,6 @@ func (co *Conn) ReadMsgHeader(hdr *Header) ([]byte, error) {
 
 		p = make([]byte, length)
 		n, err = io.ReadFull(co.Conn, p)
-	default:
-		if co.UDPSize > MinMsgSize {
-			p = make([]byte, co.UDPSize)
-		} else {
-			p = make([]byte, MinMsgSize)
-		}
-		n, err = co.Read(p)
 	}
 
 	if err != nil {
@@ -260,21 +256,20 @@ func (co *Conn) Read(p []byte) (n int, err error) {
 		return 0, ErrConnEmpty
 	}
 
-	switch co.Conn.(type) {
-	case *net.TCPConn, *tls.Conn:
-		var length uint16
-		if err := binary.Read(co.Conn, binary.BigEndian, &length); err != nil {
-			return 0, err
-		}
-		if int(length) > len(p) {
-			return 0, io.ErrShortBuffer
-		}
-
-		return io.ReadFull(co.Conn, p[:length])
+	if _, ok := co.Conn.(net.PacketConn); ok {
+		// UDP connection
+		return co.Conn.Read(p)
 	}
 
-	// UDP connection
-	return co.Conn.Read(p)
+	var length uint16
+	if err := binary.Read(co.Conn, binary.BigEndian, &length); err != nil {
+		return 0, err
+	}
+	if int(length) > len(p) {
+		return 0, io.ErrShortBuffer
+	}
+
+	return io.ReadFull(co.Conn, p[:length])
 }
 
 // WriteMsg sends a message through the connection co.
@@ -301,21 +296,20 @@ func (co *Conn) WriteMsg(m *Msg) (err error) {
 }
 
 // Write implements the net.Conn Write method.
-func (co *Conn) Write(p []byte) (n int, err error) {
-	switch co.Conn.(type) {
-	case *net.TCPConn, *tls.Conn:
-		if len(p) > MaxMsgSize {
-			return 0, &Error{err: "message too large"}
-		}
-
-		l := make([]byte, 2)
-		binary.BigEndian.PutUint16(l, uint16(len(p)))
-
-		n, err := (&net.Buffers{l, p}).WriteTo(co.Conn)
-		return int(n), err
+func (co *Conn) Write(p []byte) (int, error) {
+	if len(p) > MaxMsgSize {
+		return 0, &Error{err: "message too large"}
 	}
 
-	return co.Conn.Write(p)
+	if _, ok := co.Conn.(net.PacketConn); ok {
+		return co.Conn.Write(p)
+	}
+
+	l := make([]byte, 2)
+	binary.BigEndian.PutUint16(l, uint16(len(p)))
+
+	n, err := (&net.Buffers{l, p}).WriteTo(co.Conn)
+	return int(n), err
 }
 
 // Return the appropriate timeout for a specific request
diff --git a/vendor/github.com/miekg/dns/dns.go b/vendor/github.com/miekg/dns/dns.go
index f57337b8..ad83a27e 100644
--- a/vendor/github.com/miekg/dns/dns.go
+++ b/vendor/github.com/miekg/dns/dns.go
@@ -54,7 +54,7 @@ type RR interface {
 	// parse parses an RR from zone file format.
 	//
 	// This will only be called on a new and empty RR type with only the header populated.
-	parse(c *zlexer, origin, file string) *ParseError
+	parse(c *zlexer, origin string) *ParseError
 
 	// isDuplicate returns whether the two RRs are duplicates.
 	isDuplicate(r2 RR) bool
@@ -105,7 +105,7 @@ func (h *RR_Header) unpack(msg []byte, off int) (int, error) {
 	panic("dns: internal error: unpack should never be called on RR_Header")
 }
 
-func (h *RR_Header) parse(c *zlexer, origin, file string) *ParseError {
+func (h *RR_Header) parse(c *zlexer, origin string) *ParseError {
 	panic("dns: internal error: parse should never be called on RR_Header")
 }
 
diff --git a/vendor/github.com/miekg/dns/dnssec.go b/vendor/github.com/miekg/dns/dnssec.go
index faf1dc65..12a693f9 100644
--- a/vendor/github.com/miekg/dns/dnssec.go
+++ b/vendor/github.com/miekg/dns/dnssec.go
@@ -141,8 +141,8 @@ func (k *DNSKEY) KeyTag() uint16 {
 	switch k.Algorithm {
 	case RSAMD5:
 		// Look at the bottom two bytes of the modules, which the last
-		// item in the pubkey. We could do this faster by looking directly
-		// at the base64 values. But I'm lazy.
+		// item in the pubkey.
+		// This algorithm has been deprecated, but keep this key-tag calculation.
 		modulus, _ := fromBase64([]byte(k.PublicKey))
 		if len(modulus) > 1 {
 			x := binary.BigEndian.Uint16(modulus[len(modulus)-2:])
@@ -318,6 +318,9 @@ func (rr *RRSIG) Sign(k crypto.Signer, rrset []RR) error {
 		}
 
 		rr.Signature = toBase64(signature)
+	case RSAMD5, DSA, DSANSEC3SHA1:
+		// See RFC 6944.
+		return ErrAlg
 	default:
 		h := hash.New()
 		h.Write(signdata)
diff --git a/vendor/github.com/miekg/dns/dnssec_keygen.go b/vendor/github.com/miekg/dns/dnssec_keygen.go
index 33e913ac..60737e5b 100644
--- a/vendor/github.com/miekg/dns/dnssec_keygen.go
+++ b/vendor/github.com/miekg/dns/dnssec_keygen.go
@@ -2,7 +2,6 @@ package dns
 
 import (
 	"crypto"
-	"crypto/dsa"
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
@@ -20,11 +19,9 @@ import (
 // bits should be set to the size of the algorithm.
 func (k *DNSKEY) Generate(bits int) (crypto.PrivateKey, error) {
 	switch k.Algorithm {
-	case DSA, DSANSEC3SHA1:
-		if bits != 1024 {
-			return nil, ErrKeySize
-		}
-	case RSAMD5, RSASHA1, RSASHA256, RSASHA1NSEC3SHA1:
+	case RSAMD5, DSA, DSANSEC3SHA1:
+		return nil, ErrAlg
+	case RSASHA1, RSASHA256, RSASHA1NSEC3SHA1:
 		if bits < 512 || bits > 4096 {
 			return nil, ErrKeySize
 		}
@@ -47,20 +44,7 @@ func (k *DNSKEY) Generate(bits int) (crypto.PrivateKey, error) {
 	}
 
 	switch k.Algorithm {
-	case DSA, DSANSEC3SHA1:
-		params := new(dsa.Parameters)
-		if err := dsa.GenerateParameters(params, rand.Reader, dsa.L1024N160); err != nil {
-			return nil, err
-		}
-		priv := new(dsa.PrivateKey)
-		priv.PublicKey.Parameters = *params
-		err := dsa.GenerateKey(priv, rand.Reader)
-		if err != nil {
-			return nil, err
-		}
-		k.setPublicKeyDSA(params.Q, params.P, params.G, priv.PublicKey.Y)
-		return priv, nil
-	case RSAMD5, RSASHA1, RSASHA256, RSASHA512, RSASHA1NSEC3SHA1:
+	case RSASHA1, RSASHA256, RSASHA512, RSASHA1NSEC3SHA1:
 		priv, err := rsa.GenerateKey(rand.Reader, bits)
 		if err != nil {
 			return nil, err
@@ -120,16 +104,6 @@ func (k *DNSKEY) setPublicKeyECDSA(_X, _Y *big.Int) bool {
 	return true
 }
 
-// Set the public key for DSA
-func (k *DNSKEY) setPublicKeyDSA(_Q, _P, _G, _Y *big.Int) bool {
-	if _Q == nil || _P == nil || _G == nil || _Y == nil {
-		return false
-	}
-	buf := dsaToBuf(_Q, _P, _G, _Y)
-	k.PublicKey = toBase64(buf)
-	return true
-}
-
 // Set the public key for Ed25519
 func (k *DNSKEY) setPublicKeyED25519(_K ed25519.PublicKey) bool {
 	if _K == nil {
@@ -164,15 +138,3 @@ func curveToBuf(_X, _Y *big.Int, intlen int) []byte {
 	buf = append(buf, intToBytes(_Y, intlen)...)
 	return buf
 }
-
-// Set the public key for X and Y for Curve. The two
-// values are just concatenated.
-func dsaToBuf(_Q, _P, _G, _Y *big.Int) []byte {
-	t := divRoundUp(divRoundUp(_G.BitLen(), 8)-64, 8)
-	buf := []byte{byte(t)}
-	buf = append(buf, intToBytes(_Q, 20)...)
-	buf = append(buf, intToBytes(_P, 64+t*8)...)
-	buf = append(buf, intToBytes(_G, 64+t*8)...)
-	buf = append(buf, intToBytes(_Y, 64+t*8)...)
-	return buf
-}
diff --git a/vendor/github.com/miekg/dns/dnssec_keyscan.go b/vendor/github.com/miekg/dns/dnssec_keyscan.go
index e9dd6957..0e6f3201 100644
--- a/vendor/github.com/miekg/dns/dnssec_keyscan.go
+++ b/vendor/github.com/miekg/dns/dnssec_keyscan.go
@@ -3,7 +3,6 @@ package dns
 import (
 	"bufio"
 	"crypto"
-	"crypto/dsa"
 	"crypto/ecdsa"
 	"crypto/rsa"
 	"io"
@@ -44,19 +43,8 @@ func (k *DNSKEY) ReadPrivateKey(q io.Reader, file string) (crypto.PrivateKey, er
 		return nil, ErrPrivKey
 	}
 	switch uint8(algo) {
-	case DSA:
-		priv, err := readPrivateKeyDSA(m)
-		if err != nil {
-			return nil, err
-		}
-		pub := k.publicKeyDSA()
-		if pub == nil {
-			return nil, ErrKey
-		}
-		priv.PublicKey = *pub
-		return priv, nil
-	case RSAMD5:
-		fallthrough
+	case RSAMD5, DSA, DSANSEC3SHA1:
+		return nil, ErrAlg
 	case RSASHA1:
 		fallthrough
 	case RSASHA1NSEC3SHA1:
@@ -129,24 +117,6 @@ func readPrivateKeyRSA(m map[string]string) (*rsa.PrivateKey, error) {
 	return p, nil
 }
 
-func readPrivateKeyDSA(m map[string]string) (*dsa.PrivateKey, error) {
-	p := new(dsa.PrivateKey)
-	p.X = new(big.Int)
-	for k, v := range m {
-		switch k {
-		case "private_value(x)":
-			v1, err := fromBase64([]byte(v))
-			if err != nil {
-				return nil, err
-			}
-			p.X.SetBytes(v1)
-		case "created", "publish", "activate":
-			/* not used in Go (yet) */
-		}
-	}
-	return p, nil
-}
-
 func readPrivateKeyECDSA(m map[string]string) (*ecdsa.PrivateKey, error) {
 	p := new(ecdsa.PrivateKey)
 	p.D = new(big.Int)
diff --git a/vendor/github.com/miekg/dns/doc.go b/vendor/github.com/miekg/dns/doc.go
index d3d7cec9..3318b77e 100644
--- a/vendor/github.com/miekg/dns/doc.go
+++ b/vendor/github.com/miekg/dns/doc.go
@@ -83,7 +83,7 @@ with:
 
 	in, err := dns.Exchange(m1, "127.0.0.1:53")
 
-When this functions returns you will get dns message. A dns message consists
+When this functions returns you will get DNS message. A DNS message consists
 out of four sections.
 The question section: in.Question, the answer section: in.Answer,
 the authority section: in.Ns and the additional section: in.Extra.
@@ -221,7 +221,7 @@ RFC 6895 sets aside a range of type codes for private use. This range is 65,280
 - 65,534 (0xFF00 - 0xFFFE). When experimenting with new Resource Records these
 can be used, before requesting an official type code from IANA.
 
-See https://miek.nl/2014/September/21/idn-and-private-rr-in-go-dns/ for more
+See https://miek.nl/2014/september/21/idn-and-private-rr-in-go-dns/ for more
 information.
 
 EDNS0
@@ -238,9 +238,8 @@ Basic use pattern for creating an (empty) OPT RR:
 
 The rdata of an OPT RR consists out of a slice of EDNS0 (RFC 6891) interfaces.
 Currently only a few have been standardized: EDNS0_NSID (RFC 5001) and
-EDNS0_SUBNET (draft-vandergaast-edns-client-subnet-02). Note that these options
-may be combined in an OPT RR. Basic use pattern for a server to check if (and
-which) options are set:
+EDNS0_SUBNET (RFC 7871). Note that these options may be combined in an OPT RR.
+Basic use pattern for a server to check if (and which) options are set:
 
 	// o is a dns.OPT
 	for _, s := range o.Option {
diff --git a/vendor/github.com/miekg/dns/duplicate.go b/vendor/github.com/miekg/dns/duplicate.go
index 00cda0aa..49e6940b 100644
--- a/vendor/github.com/miekg/dns/duplicate.go
+++ b/vendor/github.com/miekg/dns/duplicate.go
@@ -5,7 +5,7 @@ package dns
 // IsDuplicate checks of r1 and r2 are duplicates of each other, excluding the TTL.
 // So this means the header data is equal *and* the RDATA is the same. Return true
 // is so, otherwise false.
-// It's is a protocol violation to have identical RRs in a message.
+// It's a protocol violation to have identical RRs in a message.
 func IsDuplicate(r1, r2 RR) bool {
 	// Check whether the record header is identical.
 	if !r1.Header().isDuplicate(r2.Header()) {
diff --git a/vendor/github.com/miekg/dns/edns.go b/vendor/github.com/miekg/dns/edns.go
index ca8873e1..04808d57 100644
--- a/vendor/github.com/miekg/dns/edns.go
+++ b/vendor/github.com/miekg/dns/edns.go
@@ -88,7 +88,7 @@ func (rr *OPT) len(off int, compression map[string]struct{}) int {
 	return l
 }
 
-func (rr *OPT) parse(c *zlexer, origin, file string) *ParseError {
+func (rr *OPT) parse(c *zlexer, origin string) *ParseError {
 	panic("dns: internal error: parse should never be called on OPT")
 }
 
@@ -360,7 +360,7 @@ func (e *EDNS0_COOKIE) copy() EDNS0           { return &EDNS0_COOKIE{e.Code, e.C
 // The EDNS0_UL (Update Lease) (draft RFC) option is used to tell the server to set
 // an expiration on an update RR. This is helpful for clients that cannot clean
 // up after themselves. This is a draft RFC and more information can be found at
-// http://files.dns-sd.org/draft-sekar-dns-ul.txt
+// https://tools.ietf.org/html/draft-sekar-dns-ul-02
 //
 //	o := new(dns.OPT)
 //	o.Hdr.Name = "."
@@ -370,24 +370,36 @@ func (e *EDNS0_COOKIE) copy() EDNS0           { return &EDNS0_COOKIE{e.Code, e.C
 //	e.Lease = 120 // in seconds
 //	o.Option = append(o.Option, e)
 type EDNS0_UL struct {
-	Code  uint16 // Always EDNS0UL
-	Lease uint32
+	Code     uint16 // Always EDNS0UL
+	Lease    uint32
+	KeyLease uint32
 }
 
 // Option implements the EDNS0 interface.
 func (e *EDNS0_UL) Option() uint16 { return EDNS0UL }
-func (e *EDNS0_UL) String() string { return strconv.FormatUint(uint64(e.Lease), 10) }
-func (e *EDNS0_UL) copy() EDNS0    { return &EDNS0_UL{e.Code, e.Lease} }
+func (e *EDNS0_UL) String() string { return fmt.Sprintf("%d %d", e.Lease, e.KeyLease) }
+func (e *EDNS0_UL) copy() EDNS0    { return &EDNS0_UL{e.Code, e.Lease, e.KeyLease} }
 
 // Copied: http://golang.org/src/pkg/net/dnsmsg.go
 func (e *EDNS0_UL) pack() ([]byte, error) {
-	b := make([]byte, 4)
+	var b []byte
+	if e.KeyLease == 0 {
+		b = make([]byte, 4)
+	} else {
+		b = make([]byte, 8)
+		binary.BigEndian.PutUint32(b[4:], e.KeyLease)
+	}
 	binary.BigEndian.PutUint32(b, e.Lease)
 	return b, nil
 }
 
 func (e *EDNS0_UL) unpack(b []byte) error {
-	if len(b) < 4 {
+	switch len(b) {
+	case 4:
+		e.KeyLease = 0
+	case 8:
+		e.KeyLease = binary.BigEndian.Uint32(b[4:])
+	default:
 		return ErrBuf
 	}
 	e.Lease = binary.BigEndian.Uint32(b)
@@ -531,6 +543,10 @@ func (e *EDNS0_EXPIRE) pack() ([]byte, error) {
 }
 
 func (e *EDNS0_EXPIRE) unpack(b []byte) error {
+	if len(b) == 0 {
+		// zero-length EXPIRE query, see RFC 7314 Section 2
+		return nil
+	}
 	if len(b) < 4 {
 		return ErrBuf
 	}
diff --git a/vendor/github.com/miekg/dns/fuzz.go b/vendor/github.com/miekg/dns/fuzz.go
index a8a09184..57410acd 100644
--- a/vendor/github.com/miekg/dns/fuzz.go
+++ b/vendor/github.com/miekg/dns/fuzz.go
@@ -2,6 +2,8 @@
 
 package dns
 
+import "strings"
+
 func Fuzz(data []byte) int {
 	msg := new(Msg)
 
@@ -16,7 +18,14 @@ func Fuzz(data []byte) int {
 }
 
 func FuzzNewRR(data []byte) int {
-	if _, err := NewRR(string(data)); err != nil {
+	str := string(data)
+	// Do not fuzz lines that include the $INCLUDE keyword and hint the fuzzer
+	// at avoiding them.
+	// See GH#1025 for context.
+	if strings.Contains(strings.ToUpper(str), "$INCLUDE") {
+		return -1
+	}
+	if _, err := NewRR(str); err != nil {
 		return 0
 	}
 	return 1
diff --git a/vendor/github.com/miekg/dns/generate.go b/vendor/github.com/miekg/dns/generate.go
index 97bc39f5..f7e91a23 100644
--- a/vendor/github.com/miekg/dns/generate.go
+++ b/vendor/github.com/miekg/dns/generate.go
@@ -49,11 +49,15 @@ func (zp *ZoneParser) generate(l lex) (RR, bool) {
 	if err != nil {
 		return zp.setParseError("bad stop in $GENERATE range", l)
 	}
-	if end < 0 || start < 0 || end < start {
+	if end < 0 || start < 0 || end < start || (end-start)/step > 65535 {
 		return zp.setParseError("bad range in $GENERATE range", l)
 	}
 
-	zp.c.Next() // _BLANK
+	// _BLANK
+	l, ok := zp.c.Next()
+	if !ok || l.value != zBlank {
+		return zp.setParseError("garbage after $GENERATE range", l)
+	}
 
 	// Create a complete new string, which we then parse again.
 	var s string
@@ -81,6 +85,7 @@ func (zp *ZoneParser) generate(l lex) (RR, bool) {
 	}
 	zp.sub = NewZoneParser(r, zp.origin, zp.file)
 	zp.sub.includeDepth, zp.sub.includeAllowed = zp.includeDepth, zp.includeAllowed
+	zp.sub.generateDisallowed = true
 	zp.sub.SetDefaultTTL(defaultTtl)
 	return zp.subNext()
 }
diff --git a/vendor/github.com/miekg/dns/go.mod b/vendor/github.com/miekg/dns/go.mod
new file mode 100644
index 00000000..6003d057
--- /dev/null
+++ b/vendor/github.com/miekg/dns/go.mod
@@ -0,0 +1,11 @@
+module github.com/miekg/dns
+
+go 1.12
+
+require (
+	golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
+	golang.org/x/net v0.0.0-20190923162816-aa69164e4478
+	golang.org/x/sync v0.0.0-20190423024810-112230192c58
+	golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe
+	golang.org/x/tools v0.0.0-20191216052735-49a3e744a425 // indirect
+)
diff --git a/vendor/github.com/miekg/dns/go.sum b/vendor/github.com/miekg/dns/go.sum
new file mode 100644
index 00000000..96bda3a9
--- /dev/null
+++ b/vendor/github.com/miekg/dns/go.sum
@@ -0,0 +1,39 @@
+golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4 h1:Vk3wNqEZwyGyei9yq5ekj7frek2u7HUfffJ1/opblzc=
+golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472 h1:Gv7RPwsi3eZ2Fgewe3CBsuOebPwO27PoXzRpJPsvSSM=
+golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392 h1:ACG4HJsFiNMf47Y4PeRoebLNy/2lXT9EtprMuTFWt1M=
+golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/net v0.0.0-20180926154720-4dfa2610cdf3 h1:dgd4x4kJt7G4k4m93AYLzM8Ni6h2qLTfh9n9vXJT3/0=
+golang.org/x/net v0.0.0-20180926154720-4dfa2610cdf3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297 h1:k7pJ2yAPLPgbskkFdhRCsA77k2fySZ1zf2zCjvQCiIM=
+golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190923162816-aa69164e4478 h1:l5EDrHhldLYb3ZRHDUhXF7Om7MvYXnkV9/iQNo1lX6g=
+golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180928133829-e4b3c5e90611 h1:O33LKL7WyJgjN9CvxfTIomjIClbd/Kq86/iipowHQU0=
+golang.org/x/sys v0.0.0-20180928133829-e4b3c5e90611/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190904154756-749cb33beabd h1:DBH9mDw0zluJT/R+nGuV3jWFWLFaHyYZWD4tOT+cjn0=
+golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe h1:6fAMxZRR6sl1Uq8U61gxU+kPTs2tR8uOySCbBP7BN/M=
+golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191216052735-49a3e744a425 h1:VvQyQJN0tSuecqgcIxMWnnfG5kSmgy9KZR9sW3W5QeA=
+golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/vendor/github.com/miekg/dns/labels.go b/vendor/github.com/miekg/dns/labels.go
index e32d2a1d..10d82471 100644
--- a/vendor/github.com/miekg/dns/labels.go
+++ b/vendor/github.com/miekg/dns/labels.go
@@ -126,20 +126,23 @@ func Split(s string) []int {
 // The bool end is true when the end of the string has been reached.
 // Also see PrevLabel.
 func NextLabel(s string, offset int) (i int, end bool) {
-	quote := false
+	if s == "" {
+		return 0, true
+	}
 	for i = offset; i < len(s)-1; i++ {
-		switch s[i] {
-		case '\\':
-			quote = !quote
-		default:
-			quote = false
-		case '.':
-			if quote {
-				quote = !quote
-				continue
-			}
-			return i + 1, false
+		if s[i] != '.' {
+			continue
 		}
+		j := i - 1
+		for j >= 0 && s[j] == '\\' {
+			j--
+		}
+
+		if (j-i)%2 == 0 {
+			continue
+		}
+
+		return i + 1, false
 	}
 	return i + 1, true
 }
@@ -149,17 +152,38 @@ func NextLabel(s string, offset int) (i int, end bool) {
 // The bool start is true when the start of the string has been overshot.
 // Also see NextLabel.
 func PrevLabel(s string, n int) (i int, start bool) {
+	if s == "" {
+		return 0, true
+	}
 	if n == 0 {
 		return len(s), false
 	}
-	lab := Split(s)
-	if lab == nil {
-		return 0, true
+
+	l := len(s) - 1
+	if s[l] == '.' {
+		l--
 	}
-	if n > len(lab) {
-		return 0, true
+
+	for ; l >= 0 && n > 0; l-- {
+		if s[l] != '.' {
+			continue
+		}
+		j := l - 1
+		for j >= 0 && s[j] == '\\' {
+			j--
+		}
+
+		if (j-l)%2 == 0 {
+			continue
+		}
+
+		n--
+		if n == 0 {
+			return l + 1, false
+		}
 	}
-	return lab[len(lab)-n], false
+
+	return 0, n > 1
 }
 
 // equal compares a and b while ignoring case. It returns true when equal otherwise false.
diff --git a/vendor/github.com/miekg/dns/msg.go b/vendor/github.com/miekg/dns/msg.go
index e04fb5d7..29381300 100644
--- a/vendor/github.com/miekg/dns/msg.go
+++ b/vendor/github.com/miekg/dns/msg.go
@@ -11,14 +11,12 @@ package dns
 //go:generate go run msg_generate.go
 
 import (
-	crand "crypto/rand"
+	"crypto/rand"
 	"encoding/binary"
 	"fmt"
 	"math/big"
-	"math/rand"
 	"strconv"
 	"strings"
-	"sync"
 )
 
 const (
@@ -73,53 +71,23 @@ var (
 	ErrTime          error = &Error{err: "bad time"}      // ErrTime indicates a timing error in TSIG authentication.
 )
 
-// Id by default, returns a 16 bits random number to be used as a
-// message id. The random provided should be good enough. This being a
-// variable the function can be reassigned to a custom function.
-// For instance, to make it return a static value:
+// Id by default returns a 16-bit random number to be used as a message id. The
+// number is drawn from a cryptographically secure random number generator.
+// This being a variable the function can be reassigned to a custom function.
+// For instance, to make it return a static value for testing:
 //
 //	dns.Id = func() uint16 { return 3 }
 var Id = id
 
-var (
-	idLock sync.Mutex
-	idRand *rand.Rand
-)
-
 // id returns a 16 bits random number to be used as a
 // message id. The random provided should be good enough.
 func id() uint16 {
-	idLock.Lock()
-
-	if idRand == nil {
-		// This (partially) works around
-		// https://github.com/golang/go/issues/11833 by only
-		// seeding idRand upon the first call to id.
-
-		var seed int64
-		var buf [8]byte
-
-		if _, err := crand.Read(buf[:]); err == nil {
-			seed = int64(binary.LittleEndian.Uint64(buf[:]))
-		} else {
-			seed = rand.Int63()
-		}
-
-		idRand = rand.New(rand.NewSource(seed))
+	var output uint16
+	err := binary.Read(rand.Reader, binary.BigEndian, &output)
+	if err != nil {
+		panic("dns: reading random id failed: " + err.Error())
 	}
-
-	// The call to idRand.Uint32 must be within the
-	// mutex lock because *rand.Rand is not safe for
-	// concurrent use.
-	//
-	// There is no added performance overhead to calling
-	// idRand.Uint32 inside a mutex lock over just
-	// calling rand.Uint32 as the global math/rand rng
-	// is internally protected by a sync.Mutex.
-	id := uint16(idRand.Uint32())
-
-	idLock.Unlock()
-	return id
+	return output
 }
 
 // MsgHdr is a a manually-unpacked version of (id, bits).
diff --git a/vendor/github.com/miekg/dns/msg_helpers.go b/vendor/github.com/miekg/dns/msg_helpers.go
index ecd9280f..98fadc31 100644
--- a/vendor/github.com/miekg/dns/msg_helpers.go
+++ b/vendor/github.com/miekg/dns/msg_helpers.go
@@ -265,24 +265,36 @@ func unpackString(msg []byte, off int) (string, int, error) {
 		return "", off, &Error{err: "overflow unpacking txt"}
 	}
 	l := int(msg[off])
-	if off+l+1 > len(msg) {
+	off++
+	if off+l > len(msg) {
 		return "", off, &Error{err: "overflow unpacking txt"}
 	}
 	var s strings.Builder
-	s.Grow(l)
-	for _, b := range msg[off+1 : off+1+l] {
+	consumed := 0
+	for i, b := range msg[off : off+l] {
 		switch {
 		case b == '"' || b == '\\':
+			if consumed == 0 {
+				s.Grow(l * 2)
+			}
+			s.Write(msg[off+consumed : off+i])
 			s.WriteByte('\\')
 			s.WriteByte(b)
+			consumed = i + 1
 		case b < ' ' || b > '~': // unprintable
+			if consumed == 0 {
+				s.Grow(l * 2)
+			}
+			s.Write(msg[off+consumed : off+i])
 			s.WriteString(escapeByte(b))
-		default:
-			s.WriteByte(b)
+			consumed = i + 1
 		}
 	}
-	off += 1 + l
-	return s.String(), off, nil
+	if consumed == 0 { // no escaping needed
+		return string(msg[off : off+l]), off + l, nil
+	}
+	s.Write(msg[off+consumed : off+l])
+	return s.String(), off + l, nil
 }
 
 func packString(s string, msg []byte, off int) (int, error) {
@@ -433,6 +445,13 @@ Option:
 		}
 		edns = append(edns, e)
 		off += int(optlen)
+	case EDNS0EXPIRE:
+		e := new(EDNS0_EXPIRE)
+		if err := e.unpack(msg[off : off+int(optlen)]); err != nil {
+			return nil, len(msg), err
+		}
+		edns = append(edns, e)
+		off += int(optlen)
 	case EDNS0UL:
 		e := new(EDNS0_UL)
 		if err := e.unpack(msg[off : off+int(optlen)]); err != nil {
@@ -495,7 +514,7 @@ Option:
 func packDataOpt(options []EDNS0, msg []byte, off int) (int, error) {
 	for _, el := range options {
 		b, err := el.pack()
-		if err != nil || off+3 > len(msg) {
+		if err != nil || off+4 > len(msg) {
 			return len(msg), &Error{err: "overflow packing opt"}
 		}
 		binary.BigEndian.PutUint16(msg[off:], el.Option())      // Option code
@@ -587,6 +606,29 @@ func unpackDataNsec(msg []byte, off int) ([]uint16, int, error) {
 	return nsec, off, nil
 }
 
+// typeBitMapLen is a helper function which computes the "maximum" length of
+// a the NSEC Type BitMap field.
+func typeBitMapLen(bitmap []uint16) int {
+	var l int
+	var lastwindow, lastlength uint16
+	for _, t := range bitmap {
+		window := t / 256
+		length := (t-window*256)/8 + 1
+		if window > lastwindow && lastlength != 0 { // New window, jump to the new offset
+			l += int(lastlength) + 2
+			lastlength = 0
+		}
+		if window < lastwindow || length < lastlength {
+			// packDataNsec would return Error{err: "nsec bits out of order"} here, but
+			// when computing the length, we want do be liberal.
+			continue
+		}
+		lastwindow, lastlength = window, length
+	}
+	l += int(lastlength) + 2
+	return l
+}
+
 func packDataNsec(bitmap []uint16, msg []byte, off int) (int, error) {
 	if len(bitmap) == 0 {
 		return off, nil
@@ -646,3 +688,123 @@ func packDataDomainNames(names []string, msg []byte, off int, compression compre
 	}
 	return off, nil
 }
+
+func packDataApl(data []APLPrefix, msg []byte, off int) (int, error) {
+	var err error
+	for i := range data {
+		off, err = packDataAplPrefix(&data[i], msg, off)
+		if err != nil {
+			return len(msg), err
+		}
+	}
+	return off, nil
+}
+
+func packDataAplPrefix(p *APLPrefix, msg []byte, off int) (int, error) {
+	if len(p.Network.IP) != len(p.Network.Mask) {
+		return len(msg), &Error{err: "address and mask lengths don't match"}
+	}
+
+	var err error
+	prefix, _ := p.Network.Mask.Size()
+	addr := p.Network.IP.Mask(p.Network.Mask)[:(prefix+7)/8]
+
+	switch len(p.Network.IP) {
+	case net.IPv4len:
+		off, err = packUint16(1, msg, off)
+	case net.IPv6len:
+		off, err = packUint16(2, msg, off)
+	default:
+		err = &Error{err: "unrecognized address family"}
+	}
+	if err != nil {
+		return len(msg), err
+	}
+
+	off, err = packUint8(uint8(prefix), msg, off)
+	if err != nil {
+		return len(msg), err
+	}
+
+	var n uint8
+	if p.Negation {
+		n = 0x80
+	}
+	adflen := uint8(len(addr)) & 0x7f
+	off, err = packUint8(n|adflen, msg, off)
+	if err != nil {
+		return len(msg), err
+	}
+
+	if off+len(addr) > len(msg) {
+		return len(msg), &Error{err: "overflow packing APL prefix"}
+	}
+	off += copy(msg[off:], addr)
+
+	return off, nil
+}
+
+func unpackDataApl(msg []byte, off int) ([]APLPrefix, int, error) {
+	var result []APLPrefix
+	for off < len(msg) {
+		prefix, end, err := unpackDataAplPrefix(msg, off)
+		if err != nil {
+			return nil, len(msg), err
+		}
+		off = end
+		result = append(result, prefix)
+	}
+	return result, off, nil
+}
+
+func unpackDataAplPrefix(msg []byte, off int) (APLPrefix, int, error) {
+	family, off, err := unpackUint16(msg, off)
+	if err != nil {
+		return APLPrefix{}, len(msg), &Error{err: "overflow unpacking APL prefix"}
+	}
+	prefix, off, err := unpackUint8(msg, off)
+	if err != nil {
+		return APLPrefix{}, len(msg), &Error{err: "overflow unpacking APL prefix"}
+	}
+	nlen, off, err := unpackUint8(msg, off)
+	if err != nil {
+		return APLPrefix{}, len(msg), &Error{err: "overflow unpacking APL prefix"}
+	}
+
+	var ip []byte
+	switch family {
+	case 1:
+		ip = make([]byte, net.IPv4len)
+	case 2:
+		ip = make([]byte, net.IPv6len)
+	default:
+		return APLPrefix{}, len(msg), &Error{err: "unrecognized APL address family"}
+	}
+	if int(prefix) > 8*len(ip) {
+		return APLPrefix{}, len(msg), &Error{err: "APL prefix too long"}
+	}
+
+	afdlen := int(nlen & 0x7f)
+	if (int(prefix)+7)/8 != afdlen {
+		return APLPrefix{}, len(msg), &Error{err: "invalid APL address length"}
+	}
+	if off+afdlen > len(msg) {
+		return APLPrefix{}, len(msg), &Error{err: "overflow unpacking APL address"}
+	}
+	off += copy(ip, msg[off:off+afdlen])
+	if prefix%8 > 0 {
+		last := ip[afdlen-1]
+		zero := uint8(0xff) >> (prefix % 8)
+		if last&zero > 0 {
+			return APLPrefix{}, len(msg), &Error{err: "extra APL address bits"}
+		}
+	}
+
+	return APLPrefix{
+		Negation: (nlen & 0x80) != 0,
+		Network: net.IPNet{
+			IP:   ip,
+			Mask: net.CIDRMask(int(prefix), 8*len(ip)),
+		},
+	}, off, nil
+}
diff --git a/vendor/github.com/miekg/dns/msg_truncate.go b/vendor/github.com/miekg/dns/msg_truncate.go
index 4763fc61..89d40757 100644
--- a/vendor/github.com/miekg/dns/msg_truncate.go
+++ b/vendor/github.com/miekg/dns/msg_truncate.go
@@ -4,12 +4,17 @@ package dns
 // size by removing records that exceed the requested size.
 //
 // It will first check if the reply fits without compression and then with
-// compression. If it won't fit with compression, Scrub then walks the
+// compression. If it won't fit with compression, Truncate then walks the
 // record adding as many records as possible without exceeding the
 // requested buffer size.
 //
-// The TC bit will be set if any answer records were excluded from the
-// message. This indicates to that the client should retry over TCP.
+// The TC bit will be set if any records were excluded from the message.
+// This indicates to that the client should retry over TCP.
+//
+// According to RFC 2181, the TC bit should only be set if not all of the
+// "required" RRs can be included in the response. Unfortunately, we have
+// no way of knowing which RRs are required so we set the TC bit if any RR
+// had to be omitted from the response.
 //
 // The appropriate buffer size can be retrieved from the requests OPT
 // record, if present, and is transport specific otherwise. dns.MinMsgSize
@@ -71,9 +76,9 @@ func (dns *Msg) Truncate(size int) {
 		l, numExtra = truncateLoop(dns.Extra, size, l, compression)
 	}
 
-	// According to RFC 2181, the TC bit should only be set if not all
-	// of the answer RRs can be included in the response.
-	dns.Truncated = len(dns.Answer) > numAnswer
+	// See the function documentation for when we set this.
+	dns.Truncated = len(dns.Answer) > numAnswer ||
+		len(dns.Ns) > numNS || len(dns.Extra) > numExtra
 
 	dns.Answer = dns.Answer[:numAnswer]
 	dns.Ns = dns.Ns[:numNS]
diff --git a/vendor/github.com/miekg/dns/privaterr.go b/vendor/github.com/miekg/dns/privaterr.go
index d9c0d267..e28f0663 100644
--- a/vendor/github.com/miekg/dns/privaterr.go
+++ b/vendor/github.com/miekg/dns/privaterr.go
@@ -1,9 +1,6 @@
 package dns
 
-import (
-	"fmt"
-	"strings"
-)
+import "strings"
 
 // PrivateRdata is an interface used for implementing "Private Use" RR types, see
 // RFC 6895. This allows one to experiment with new RR types, without requesting an
@@ -18,7 +15,7 @@ type PrivateRdata interface {
 	// Unpack is used when unpacking a private RR from a buffer.
 	// TODO(miek): diff. signature than Pack, see edns0.go for instance.
 	Unpack([]byte) (int, error)
-	// Copy copies the Rdata.
+	// Copy copies the Rdata into the PrivateRdata argument.
 	Copy(PrivateRdata) error
 	// Len returns the length in octets of the Rdata.
 	Len() int
@@ -29,22 +26,8 @@ type PrivateRdata interface {
 type PrivateRR struct {
 	Hdr  RR_Header
 	Data PrivateRdata
-}
 
-func mkPrivateRR(rrtype uint16) *PrivateRR {
-	// Panics if RR is not an instance of PrivateRR.
-	rrfunc, ok := TypeToRR[rrtype]
-	if !ok {
-		panic(fmt.Sprintf("dns: invalid operation with Private RR type %d", rrtype))
-	}
-
-	anyrr := rrfunc()
-	rr, ok := anyrr.(*PrivateRR)
-	if !ok {
-		panic(fmt.Sprintf("dns: RR is not a PrivateRR, TypeToRR[%d] generator returned %T", rrtype, anyrr))
-	}
-
-	return rr
+	generator func() PrivateRdata // for copy
 }
 
 // Header return the RR header of r.
@@ -61,13 +44,12 @@ func (r *PrivateRR) len(off int, compression map[string]struct{}) int {
 
 func (r *PrivateRR) copy() RR {
 	// make new RR like this:
-	rr := mkPrivateRR(r.Hdr.Rrtype)
-	rr.Hdr = r.Hdr
+	rr := &PrivateRR{r.Hdr, r.generator(), r.generator}
 
-	err := r.Data.Copy(rr.Data)
-	if err != nil {
-		panic("dns: got value that could not be used to copy Private rdata")
+	if err := r.Data.Copy(rr.Data); err != nil {
+		panic("dns: got value that could not be used to copy Private rdata: " + err.Error())
 	}
+
 	return rr
 }
 
@@ -86,7 +68,7 @@ func (r *PrivateRR) unpack(msg []byte, off int) (int, error) {
 	return off, err
 }
 
-func (r *PrivateRR) parse(c *zlexer, origin, file string) *ParseError {
+func (r *PrivateRR) parse(c *zlexer, origin string) *ParseError {
 	var l lex
 	text := make([]string, 0, 2) // could be 0..N elements, median is probably 1
 Fetch:
@@ -103,7 +85,7 @@ Fetch:
 
 	err := r.Data.Parse(text)
 	if err != nil {
-		return &ParseError{file, err.Error(), l}
+		return &ParseError{"", err.Error(), l}
 	}
 
 	return nil
@@ -116,7 +98,7 @@ func (r1 *PrivateRR) isDuplicate(r2 RR) bool { return false }
 func PrivateHandle(rtypestr string, rtype uint16, generator func() PrivateRdata) {
 	rtypestr = strings.ToUpper(rtypestr)
 
-	TypeToRR[rtype] = func() RR { return &PrivateRR{RR_Header{}, generator()} }
+	TypeToRR[rtype] = func() RR { return &PrivateRR{RR_Header{}, generator(), generator} }
 	TypeToString[rtype] = rtypestr
 	StringToType[rtypestr] = rtype
 }
diff --git a/vendor/github.com/miekg/dns/scan.go b/vendor/github.com/miekg/dns/scan.go
index a8691bca..671018b1 100644
--- a/vendor/github.com/miekg/dns/scan.go
+++ b/vendor/github.com/miekg/dns/scan.go
@@ -134,7 +134,7 @@ func ReadRR(r io.Reader, file string) (RR, error) {
 }
 
 // ParseZone reads a RFC 1035 style zonefile from r. It returns
-// *Tokens on the returned channel, each consisting of either a
+// Tokens on the returned channel, each consisting of either a
 // parsed RR and optional comment or a nil RR and an error. The
 // channel is closed by ParseZone when the end of r is reached.
 //
@@ -143,7 +143,8 @@ func ReadRR(r io.Reader, file string) (RR, error) {
 // origin, as if the file would start with an $ORIGIN directive.
 //
 // The directives $INCLUDE, $ORIGIN, $TTL and $GENERATE are all
-// supported.
+// supported. Note that $GENERATE's range support up to a maximum of
+// of 65535 steps.
 //
 // Basic usage pattern when reading from a string (z) containing the
 // zone data:
@@ -203,6 +204,7 @@ func parseZone(r io.Reader, origin, file string, t chan *Token) {
 //
 // The directives $INCLUDE, $ORIGIN, $TTL and $GENERATE are all
 // supported. Although $INCLUDE is disabled by default.
+// Note that $GENERATE's range support up to a maximum of 65535 steps.
 //
 // Basic usage pattern when reading from a string (z) containing the
 // zone data:
@@ -246,6 +248,7 @@ type ZoneParser struct {
 	includeDepth uint8
 
 	includeAllowed bool
+	generateDisallowed bool
 }
 
 // NewZoneParser returns an RFC 1035 style zonefile parser that reads
@@ -503,9 +506,8 @@ func (zp *ZoneParser) Next() (RR, bool) {
 				return zp.setParseError("expecting $TTL value, not this...", l)
 			}
 
-			if e := slurpRemainder(zp.c, zp.file); e != nil {
-				zp.parseErr = e
-				return nil, false
+			if err := slurpRemainder(zp.c); err != nil {
+				return zp.setParseError(err.err, err.lex)
 			}
 
 			ttl, ok := stringToTTL(l.token)
@@ -527,9 +529,8 @@ func (zp *ZoneParser) Next() (RR, bool) {
 				return zp.setParseError("expecting $ORIGIN value, not this...", l)
 			}
 
-			if e := slurpRemainder(zp.c, zp.file); e != nil {
-				zp.parseErr = e
-				return nil, false
+			if err := slurpRemainder(zp.c); err != nil {
+				return zp.setParseError(err.err, err.lex)
 			}
 
 			name, ok := toAbsoluteName(l.token, zp.origin)
@@ -547,6 +548,9 @@ func (zp *ZoneParser) Next() (RR, bool) {
 
 			st = zExpectDirGenerate
 		case zExpectDirGenerate:
+			if zp.generateDisallowed {
+				return zp.setParseError("nested $GENERATE directive not allowed", l)
+			}
 			if l.value != zString {
 				return zp.setParseError("expecting $GENERATE value, not this...", l)
 			}
@@ -650,19 +654,44 @@ func (zp *ZoneParser) Next() (RR, bool) {
 
 			st = zExpectRdata
 		case zExpectRdata:
-			r, e := setRR(*h, zp.c, zp.origin, zp.file)
-			if e != nil {
-				// If e.lex is nil than we have encounter a unknown RR type
-				// in that case we substitute our current lex token
-				if e.lex.token == "" && e.lex.value == 0 {
-					e.lex = l // Uh, dirty
-				}
-
-				zp.parseErr = e
-				return nil, false
+			var rr RR
+			if newFn, ok := TypeToRR[h.Rrtype]; ok && canParseAsRR(h.Rrtype) {
+				rr = newFn()
+				*rr.Header() = *h
+			} else {
+				rr = &RFC3597{Hdr: *h}
 			}
 
-			return r, true
+			_, isPrivate := rr.(*PrivateRR)
+			if !isPrivate && zp.c.Peek().token == "" {
+				// This is a dynamic update rr.
+
+				// TODO(tmthrgd): Previously slurpRemainder was only called
+				// for certain RR types, which may have been important.
+				if err := slurpRemainder(zp.c); err != nil {
+					return zp.setParseError(err.err, err.lex)
+				}
+
+				return rr, true
+			} else if l.value == zNewline {
+				return zp.setParseError("unexpected newline", l)
+			}
+
+			if err := rr.parse(zp.c, zp.origin); err != nil {
+				// err is a concrete *ParseError without the file field set.
+				// The setParseError call below will construct a new
+				// *ParseError with file set to zp.file.
+
+				// If err.lex is nil than we have encounter an unknown RR type
+				// in that case we substitute our current lex token.
+				if err.lex == (lex{}) {
+					return zp.setParseError(err.err, l)
+				}
+
+				return zp.setParseError(err.err, err.lex)
+			}
+
+			return rr, true
 		}
 	}
 
@@ -671,6 +700,18 @@ func (zp *ZoneParser) Next() (RR, bool) {
 	return nil, false
 }
 
+// canParseAsRR returns true if the record type can be parsed as a
+// concrete RR. It blacklists certain record types that must be parsed
+// according to RFC 3597 because they lack a presentation format.
+func canParseAsRR(rrtype uint16) bool {
+	switch rrtype {
+	case TypeANY, TypeNULL, TypeOPT, TypeTSIG:
+		return false
+	default:
+		return true
+	}
+}
+
 type zlexer struct {
 	br io.ByteReader
 
@@ -682,7 +723,8 @@ type zlexer struct {
 	comBuf  string
 	comment string
 
-	l lex
+	l       lex
+	cachedL *lex
 
 	brace  int
 	quote  bool
@@ -748,13 +790,37 @@ func (zl *zlexer) readByte() (byte, bool) {
 	return c, true
 }
 
+func (zl *zlexer) Peek() lex {
+	if zl.nextL {
+		return zl.l
+	}
+
+	l, ok := zl.Next()
+	if !ok {
+		return l
+	}
+
+	if zl.nextL {
+		// Cache l. Next returns zl.cachedL then zl.l.
+		zl.cachedL = &l
+	} else {
+		// In this case l == zl.l, so we just tell Next to return zl.l.
+		zl.nextL = true
+	}
+
+	return l
+}
+
 func (zl *zlexer) Next() (lex, bool) {
 	l := &zl.l
-	if zl.nextL {
+	switch {
+	case zl.cachedL != nil:
+		l, zl.cachedL = zl.cachedL, nil
+		return *l, true
+	case zl.nextL:
 		zl.nextL = false
 		return *l, true
-	}
-	if l.err {
+	case l.err:
 		// Parsing errors should be sticky.
 		return lex{value: zEOF}, false
 	}
@@ -908,6 +974,11 @@ func (zl *zlexer) Next() (lex, bool) {
 				// was inside braces and we delayed adding it until now.
 				com[comi] = ' ' // convert newline to space
 				comi++
+				if comi >= len(com) {
+					l.token = "comment length insufficient for parsing"
+					l.err = true
+					return *l, true
+				}
 			}
 
 			com[comi] = ';'
@@ -1302,18 +1373,18 @@ func locCheckEast(token string, longitude uint32) (uint32, bool) {
 }
 
 // "Eat" the rest of the "line"
-func slurpRemainder(c *zlexer, f string) *ParseError {
+func slurpRemainder(c *zlexer) *ParseError {
 	l, _ := c.Next()
 	switch l.value {
 	case zBlank:
 		l, _ = c.Next()
 		if l.value != zNewline && l.value != zEOF {
-			return &ParseError{f, "garbage after rdata", l}
+			return &ParseError{"", "garbage after rdata", l}
 		}
 	case zNewline:
 	case zEOF:
 	default:
-		return &ParseError{f, "garbage after rdata", l}
+		return &ParseError{"", "garbage after rdata", l}
 	}
 	return nil
 }
diff --git a/vendor/github.com/miekg/dns/scan_rr.go b/vendor/github.com/miekg/dns/scan_rr.go
index 6096f9b0..6c37b2e2 100644
--- a/vendor/github.com/miekg/dns/scan_rr.go
+++ b/vendor/github.com/miekg/dns/scan_rr.go
@@ -7,55 +7,21 @@ import (
 	"strings"
 )
 
-// Parse the rdata of each rrtype.
-// All data from the channel c is either zString or zBlank.
-// After the rdata there may come a zBlank and then a zNewline
-// or immediately a zNewline. If this is not the case we flag
-// an *ParseError: garbage after rdata.
-func setRR(h RR_Header, c *zlexer, o, f string) (RR, *ParseError) {
-	var rr RR
-	if newFn, ok := TypeToRR[h.Rrtype]; ok && canParseAsRR(h.Rrtype) {
-		rr = newFn()
-		*rr.Header() = h
-	} else {
-		rr = &RFC3597{Hdr: h}
-	}
-
-	err := rr.parse(c, o, f)
-	if err != nil {
-		return nil, err
-	}
-
-	return rr, nil
-}
-
-// canParseAsRR returns true if the record type can be parsed as a
-// concrete RR. It blacklists certain record types that must be parsed
-// according to RFC 3597 because they lack a presentation format.
-func canParseAsRR(rrtype uint16) bool {
-	switch rrtype {
-	case TypeANY, TypeNULL, TypeOPT, TypeTSIG:
-		return false
-	default:
-		return true
-	}
-}
-
 // A remainder of the rdata with embedded spaces, return the parsed string (sans the spaces)
 // or an error
-func endingToString(c *zlexer, errstr, f string) (string, *ParseError) {
+func endingToString(c *zlexer, errstr string) (string, *ParseError) {
 	var s string
 	l, _ := c.Next() // zString
 	for l.value != zNewline && l.value != zEOF {
 		if l.err {
-			return s, &ParseError{f, errstr, l}
+			return s, &ParseError{"", errstr, l}
 		}
 		switch l.value {
 		case zString:
 			s += l.token
 		case zBlank: // Ok
 		default:
-			return "", &ParseError{f, errstr, l}
+			return "", &ParseError{"", errstr, l}
 		}
 		l, _ = c.Next()
 	}
@@ -65,11 +31,11 @@ func endingToString(c *zlexer, errstr, f string) (string, *ParseError) {
 
 // A remainder of the rdata with embedded spaces, split on unquoted whitespace
 // and return the parsed string slice or an error
-func endingToTxtSlice(c *zlexer, errstr, f string) ([]string, *ParseError) {
+func endingToTxtSlice(c *zlexer, errstr string) ([]string, *ParseError) {
 	// Get the remaining data until we see a zNewline
 	l, _ := c.Next()
 	if l.err {
-		return nil, &ParseError{f, errstr, l}
+		return nil, &ParseError{"", errstr, l}
 	}
 
 	// Build the slice
@@ -78,7 +44,7 @@ func endingToTxtSlice(c *zlexer, errstr, f string) ([]string, *ParseError) {
 	empty := false
 	for l.value != zNewline && l.value != zEOF {
 		if l.err {
-			return nil, &ParseError{f, errstr, l}
+			return nil, &ParseError{"", errstr, l}
 		}
 		switch l.value {
 		case zString:
@@ -105,7 +71,7 @@ func endingToTxtSlice(c *zlexer, errstr, f string) ([]string, *ParseError) {
 		case zBlank:
 			if quote {
 				// zBlank can only be seen in between txt parts.
-				return nil, &ParseError{f, errstr, l}
+				return nil, &ParseError{"", errstr, l}
 			}
 		case zQuote:
 			if empty && quote {
@@ -114,24 +80,20 @@ func endingToTxtSlice(c *zlexer, errstr, f string) ([]string, *ParseError) {
 			quote = !quote
 			empty = true
 		default:
-			return nil, &ParseError{f, errstr, l}
+			return nil, &ParseError{"", errstr, l}
 		}
 		l, _ = c.Next()
 	}
 
 	if quote {
-		return nil, &ParseError{f, errstr, l}
+		return nil, &ParseError{"", errstr, l}
 	}
 
 	return s, nil
 }
 
-func (rr *A) parse(c *zlexer, o, f string) *ParseError {
+func (rr *A) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	rr.A = net.ParseIP(l.token)
 	// IPv4 addresses cannot include ":".
 	// We do this rather than use net.IP's To4() because
@@ -139,82 +101,58 @@ func (rr *A) parse(c *zlexer, o, f string) *ParseError {
 	// IPv4.
 	isIPv4 := !strings.Contains(l.token, ":")
 	if rr.A == nil || !isIPv4 || l.err {
-		return &ParseError{f, "bad A A", l}
+		return &ParseError{"", "bad A A", l}
 	}
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *AAAA) parse(c *zlexer, o, f string) *ParseError {
+func (rr *AAAA) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	rr.AAAA = net.ParseIP(l.token)
 	// IPv6 addresses must include ":", and IPv4
 	// addresses cannot include ":".
 	isIPv6 := strings.Contains(l.token, ":")
 	if rr.AAAA == nil || !isIPv6 || l.err {
-		return &ParseError{f, "bad AAAA AAAA", l}
+		return &ParseError{"", "bad AAAA AAAA", l}
 	}
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *NS) parse(c *zlexer, o, f string) *ParseError {
+func (rr *NS) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	rr.Ns = l.token
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return &ParseError{f, "bad NS Ns", l}
+		return &ParseError{"", "bad NS Ns", l}
 	}
 	rr.Ns = name
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *PTR) parse(c *zlexer, o, f string) *ParseError {
+func (rr *PTR) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	rr.Ptr = l.token
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return &ParseError{f, "bad PTR Ptr", l}
+		return &ParseError{"", "bad PTR Ptr", l}
 	}
 	rr.Ptr = name
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *NSAPPTR) parse(c *zlexer, o, f string) *ParseError {
+func (rr *NSAPPTR) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	rr.Ptr = l.token
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return &ParseError{f, "bad NSAP-PTR Ptr", l}
+		return &ParseError{"", "bad NSAP-PTR Ptr", l}
 	}
 	rr.Ptr = name
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *RP) parse(c *zlexer, o, f string) *ParseError {
+func (rr *RP) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	rr.Mbox = l.token
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	mbox, mboxOk := toAbsoluteName(l.token, o)
 	if l.err || !mboxOk {
-		return &ParseError{f, "bad RP Mbox", l}
+		return &ParseError{"", "bad RP Mbox", l}
 	}
 	rr.Mbox = mbox
 
@@ -224,60 +162,45 @@ func (rr *RP) parse(c *zlexer, o, f string) *ParseError {
 
 	txt, txtOk := toAbsoluteName(l.token, o)
 	if l.err || !txtOk {
-		return &ParseError{f, "bad RP Txt", l}
+		return &ParseError{"", "bad RP Txt", l}
 	}
 	rr.Txt = txt
 
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *MR) parse(c *zlexer, o, f string) *ParseError {
+func (rr *MR) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	rr.Mr = l.token
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return &ParseError{f, "bad MR Mr", l}
+		return &ParseError{"", "bad MR Mr", l}
 	}
 	rr.Mr = name
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *MB) parse(c *zlexer, o, f string) *ParseError {
+func (rr *MB) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	rr.Mb = l.token
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return &ParseError{f, "bad MB Mb", l}
+		return &ParseError{"", "bad MB Mb", l}
 	}
 	rr.Mb = name
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *MG) parse(c *zlexer, o, f string) *ParseError {
+func (rr *MG) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	rr.Mg = l.token
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return &ParseError{f, "bad MG Mg", l}
+		return &ParseError{"", "bad MG Mg", l}
 	}
 	rr.Mg = name
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *HINFO) parse(c *zlexer, o, f string) *ParseError {
-	chunks, e := endingToTxtSlice(c, "bad HINFO Fields", f)
+func (rr *HINFO) parse(c *zlexer, o string) *ParseError {
+	chunks, e := endingToTxtSlice(c, "bad HINFO Fields")
 	if e != nil {
 		return e
 	}
@@ -299,16 +222,11 @@ func (rr *HINFO) parse(c *zlexer, o, f string) *ParseError {
 	return nil
 }
 
-func (rr *MINFO) parse(c *zlexer, o, f string) *ParseError {
+func (rr *MINFO) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	rr.Rmail = l.token
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	rmail, rmailOk := toAbsoluteName(l.token, o)
 	if l.err || !rmailOk {
-		return &ParseError{f, "bad MINFO Rmail", l}
+		return &ParseError{"", "bad MINFO Rmail", l}
 	}
 	rr.Rmail = rmail
 
@@ -318,52 +236,38 @@ func (rr *MINFO) parse(c *zlexer, o, f string) *ParseError {
 
 	email, emailOk := toAbsoluteName(l.token, o)
 	if l.err || !emailOk {
-		return &ParseError{f, "bad MINFO Email", l}
+		return &ParseError{"", "bad MINFO Email", l}
 	}
 	rr.Email = email
 
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *MF) parse(c *zlexer, o, f string) *ParseError {
+func (rr *MF) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	rr.Mf = l.token
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return &ParseError{f, "bad MF Mf", l}
+		return &ParseError{"", "bad MF Mf", l}
 	}
 	rr.Mf = name
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *MD) parse(c *zlexer, o, f string) *ParseError {
+func (rr *MD) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	rr.Md = l.token
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return &ParseError{f, "bad MD Md", l}
+		return &ParseError{"", "bad MD Md", l}
 	}
 	rr.Md = name
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *MX) parse(c *zlexer, o, f string) *ParseError {
+func (rr *MX) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return &ParseError{f, "bad MX Pref", l}
+		return &ParseError{"", "bad MX Pref", l}
 	}
 	rr.Preference = uint16(i)
 
@@ -373,22 +277,18 @@ func (rr *MX) parse(c *zlexer, o, f string) *ParseError {
 
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return &ParseError{f, "bad MX Mx", l}
+		return &ParseError{"", "bad MX Mx", l}
 	}
 	rr.Mx = name
 
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *RT) parse(c *zlexer, o, f string) *ParseError {
+func (rr *RT) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil {
-		return &ParseError{f, "bad RT Preference", l}
+		return &ParseError{"", "bad RT Preference", l}
 	}
 	rr.Preference = uint16(i)
 
@@ -398,22 +298,18 @@ func (rr *RT) parse(c *zlexer, o, f string) *ParseError {
 
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return &ParseError{f, "bad RT Host", l}
+		return &ParseError{"", "bad RT Host", l}
 	}
 	rr.Host = name
 
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *AFSDB) parse(c *zlexer, o, f string) *ParseError {
+func (rr *AFSDB) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return &ParseError{f, "bad AFSDB Subtype", l}
+		return &ParseError{"", "bad AFSDB Subtype", l}
 	}
 	rr.Subtype = uint16(i)
 
@@ -423,34 +319,26 @@ func (rr *AFSDB) parse(c *zlexer, o, f string) *ParseError {
 
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return &ParseError{f, "bad AFSDB Hostname", l}
+		return &ParseError{"", "bad AFSDB Hostname", l}
 	}
 	rr.Hostname = name
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *X25) parse(c *zlexer, o, f string) *ParseError {
+func (rr *X25) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	if l.err {
-		return &ParseError{f, "bad X25 PSDNAddress", l}
+		return &ParseError{"", "bad X25 PSDNAddress", l}
 	}
 	rr.PSDNAddress = l.token
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *KX) parse(c *zlexer, o, f string) *ParseError {
+func (rr *KX) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return &ParseError{f, "bad KX Pref", l}
+		return &ParseError{"", "bad KX Pref", l}
 	}
 	rr.Preference = uint16(i)
 
@@ -460,52 +348,37 @@ func (rr *KX) parse(c *zlexer, o, f string) *ParseError {
 
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return &ParseError{f, "bad KX Exchanger", l}
+		return &ParseError{"", "bad KX Exchanger", l}
 	}
 	rr.Exchanger = name
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *CNAME) parse(c *zlexer, o, f string) *ParseError {
+func (rr *CNAME) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	rr.Target = l.token
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return &ParseError{f, "bad CNAME Target", l}
+		return &ParseError{"", "bad CNAME Target", l}
 	}
 	rr.Target = name
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *DNAME) parse(c *zlexer, o, f string) *ParseError {
+func (rr *DNAME) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	rr.Target = l.token
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return &ParseError{f, "bad DNAME Target", l}
+		return &ParseError{"", "bad DNAME Target", l}
 	}
 	rr.Target = name
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *SOA) parse(c *zlexer, o, f string) *ParseError {
+func (rr *SOA) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	rr.Ns = l.token
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	ns, nsOk := toAbsoluteName(l.token, o)
 	if l.err || !nsOk {
-		return &ParseError{f, "bad SOA Ns", l}
+		return &ParseError{"", "bad SOA Ns", l}
 	}
 	rr.Ns = ns
 
@@ -515,7 +388,7 @@ func (rr *SOA) parse(c *zlexer, o, f string) *ParseError {
 
 	mbox, mboxOk := toAbsoluteName(l.token, o)
 	if l.err || !mboxOk {
-		return &ParseError{f, "bad SOA Mbox", l}
+		return &ParseError{"", "bad SOA Mbox", l}
 	}
 	rr.Mbox = mbox
 
@@ -528,16 +401,16 @@ func (rr *SOA) parse(c *zlexer, o, f string) *ParseError {
 	for i := 0; i < 5; i++ {
 		l, _ = c.Next()
 		if l.err {
-			return &ParseError{f, "bad SOA zone parameter", l}
+			return &ParseError{"", "bad SOA zone parameter", l}
 		}
 		if j, e := strconv.ParseUint(l.token, 10, 32); e != nil {
 			if i == 0 {
 				// Serial must be a number
-				return &ParseError{f, "bad SOA zone parameter", l}
+				return &ParseError{"", "bad SOA zone parameter", l}
 			}
 			// We allow other fields to be unitful duration strings
 			if v, ok = stringToTTL(l.token); !ok {
-				return &ParseError{f, "bad SOA zone parameter", l}
+				return &ParseError{"", "bad SOA zone parameter", l}
 
 			}
 		} else {
@@ -560,18 +433,14 @@ func (rr *SOA) parse(c *zlexer, o, f string) *ParseError {
 			rr.Minttl = v
 		}
 	}
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *SRV) parse(c *zlexer, o, f string) *ParseError {
+func (rr *SRV) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return &ParseError{f, "bad SRV Priority", l}
+		return &ParseError{"", "bad SRV Priority", l}
 	}
 	rr.Priority = uint16(i)
 
@@ -579,7 +448,7 @@ func (rr *SRV) parse(c *zlexer, o, f string) *ParseError {
 	l, _ = c.Next() // zString
 	i, e = strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return &ParseError{f, "bad SRV Weight", l}
+		return &ParseError{"", "bad SRV Weight", l}
 	}
 	rr.Weight = uint16(i)
 
@@ -587,7 +456,7 @@ func (rr *SRV) parse(c *zlexer, o, f string) *ParseError {
 	l, _ = c.Next() // zString
 	i, e = strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return &ParseError{f, "bad SRV Port", l}
+		return &ParseError{"", "bad SRV Port", l}
 	}
 	rr.Port = uint16(i)
 
@@ -597,21 +466,17 @@ func (rr *SRV) parse(c *zlexer, o, f string) *ParseError {
 
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return &ParseError{f, "bad SRV Target", l}
+		return &ParseError{"", "bad SRV Target", l}
 	}
 	rr.Target = name
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *NAPTR) parse(c *zlexer, o, f string) *ParseError {
+func (rr *NAPTR) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return &ParseError{f, "bad NAPTR Order", l}
+		return &ParseError{"", "bad NAPTR Order", l}
 	}
 	rr.Order = uint16(i)
 
@@ -619,7 +484,7 @@ func (rr *NAPTR) parse(c *zlexer, o, f string) *ParseError {
 	l, _ = c.Next() // zString
 	i, e = strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return &ParseError{f, "bad NAPTR Preference", l}
+		return &ParseError{"", "bad NAPTR Preference", l}
 	}
 	rr.Preference = uint16(i)
 
@@ -627,57 +492,57 @@ func (rr *NAPTR) parse(c *zlexer, o, f string) *ParseError {
 	c.Next()        // zBlank
 	l, _ = c.Next() // _QUOTE
 	if l.value != zQuote {
-		return &ParseError{f, "bad NAPTR Flags", l}
+		return &ParseError{"", "bad NAPTR Flags", l}
 	}
 	l, _ = c.Next() // Either String or Quote
 	if l.value == zString {
 		rr.Flags = l.token
 		l, _ = c.Next() // _QUOTE
 		if l.value != zQuote {
-			return &ParseError{f, "bad NAPTR Flags", l}
+			return &ParseError{"", "bad NAPTR Flags", l}
 		}
 	} else if l.value == zQuote {
 		rr.Flags = ""
 	} else {
-		return &ParseError{f, "bad NAPTR Flags", l}
+		return &ParseError{"", "bad NAPTR Flags", l}
 	}
 
 	// Service
 	c.Next()        // zBlank
 	l, _ = c.Next() // _QUOTE
 	if l.value != zQuote {
-		return &ParseError{f, "bad NAPTR Service", l}
+		return &ParseError{"", "bad NAPTR Service", l}
 	}
 	l, _ = c.Next() // Either String or Quote
 	if l.value == zString {
 		rr.Service = l.token
 		l, _ = c.Next() // _QUOTE
 		if l.value != zQuote {
-			return &ParseError{f, "bad NAPTR Service", l}
+			return &ParseError{"", "bad NAPTR Service", l}
 		}
 	} else if l.value == zQuote {
 		rr.Service = ""
 	} else {
-		return &ParseError{f, "bad NAPTR Service", l}
+		return &ParseError{"", "bad NAPTR Service", l}
 	}
 
 	// Regexp
 	c.Next()        // zBlank
 	l, _ = c.Next() // _QUOTE
 	if l.value != zQuote {
-		return &ParseError{f, "bad NAPTR Regexp", l}
+		return &ParseError{"", "bad NAPTR Regexp", l}
 	}
 	l, _ = c.Next() // Either String or Quote
 	if l.value == zString {
 		rr.Regexp = l.token
 		l, _ = c.Next() // _QUOTE
 		if l.value != zQuote {
-			return &ParseError{f, "bad NAPTR Regexp", l}
+			return &ParseError{"", "bad NAPTR Regexp", l}
 		}
 	} else if l.value == zQuote {
 		rr.Regexp = ""
 	} else {
-		return &ParseError{f, "bad NAPTR Regexp", l}
+		return &ParseError{"", "bad NAPTR Regexp", l}
 	}
 
 	// After quote no space??
@@ -687,22 +552,17 @@ func (rr *NAPTR) parse(c *zlexer, o, f string) *ParseError {
 
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return &ParseError{f, "bad NAPTR Replacement", l}
+		return &ParseError{"", "bad NAPTR Replacement", l}
 	}
 	rr.Replacement = name
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *TALINK) parse(c *zlexer, o, f string) *ParseError {
+func (rr *TALINK) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	rr.PreviousName = l.token
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	previousName, previousNameOk := toAbsoluteName(l.token, o)
 	if l.err || !previousNameOk {
-		return &ParseError{f, "bad TALINK PreviousName", l}
+		return &ParseError{"", "bad TALINK PreviousName", l}
 	}
 	rr.PreviousName = previousName
 
@@ -712,14 +572,14 @@ func (rr *TALINK) parse(c *zlexer, o, f string) *ParseError {
 
 	nextName, nextNameOk := toAbsoluteName(l.token, o)
 	if l.err || !nextNameOk {
-		return &ParseError{f, "bad TALINK NextName", l}
+		return &ParseError{"", "bad TALINK NextName", l}
 	}
 	rr.NextName = nextName
 
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *LOC) parse(c *zlexer, o, f string) *ParseError {
+func (rr *LOC) parse(c *zlexer, o string) *ParseError {
 	// Non zero defaults for LOC record, see RFC 1876, Section 3.
 	rr.HorizPre = 165 // 10000
 	rr.VertPre = 162  // 10
@@ -728,12 +588,9 @@ func (rr *LOC) parse(c *zlexer, o, f string) *ParseError {
 
 	// North
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return nil
-	}
 	i, e := strconv.ParseUint(l.token, 10, 32)
 	if e != nil || l.err {
-		return &ParseError{f, "bad LOC Latitude", l}
+		return &ParseError{"", "bad LOC Latitude", l}
 	}
 	rr.Latitude = 1000 * 60 * 60 * uint32(i)
 
@@ -745,14 +602,14 @@ func (rr *LOC) parse(c *zlexer, o, f string) *ParseError {
 	}
 	i, e = strconv.ParseUint(l.token, 10, 32)
 	if e != nil || l.err {
-		return &ParseError{f, "bad LOC Latitude minutes", l}
+		return &ParseError{"", "bad LOC Latitude minutes", l}
 	}
 	rr.Latitude += 1000 * 60 * uint32(i)
 
 	c.Next() // zBlank
 	l, _ = c.Next()
 	if i, e := strconv.ParseFloat(l.token, 32); e != nil || l.err {
-		return &ParseError{f, "bad LOC Latitude seconds", l}
+		return &ParseError{"", "bad LOC Latitude seconds", l}
 	} else {
 		rr.Latitude += uint32(1000 * i)
 	}
@@ -763,14 +620,14 @@ func (rr *LOC) parse(c *zlexer, o, f string) *ParseError {
 		goto East
 	}
 	// If still alive, flag an error
-	return &ParseError{f, "bad LOC Latitude North/South", l}
+	return &ParseError{"", "bad LOC Latitude North/South", l}
 
 East:
 	// East
 	c.Next() // zBlank
 	l, _ = c.Next()
 	if i, e := strconv.ParseUint(l.token, 10, 32); e != nil || l.err {
-		return &ParseError{f, "bad LOC Longitude", l}
+		return &ParseError{"", "bad LOC Longitude", l}
 	} else {
 		rr.Longitude = 1000 * 60 * 60 * uint32(i)
 	}
@@ -781,14 +638,14 @@ East:
 		goto Altitude
 	}
 	if i, e := strconv.ParseUint(l.token, 10, 32); e != nil || l.err {
-		return &ParseError{f, "bad LOC Longitude minutes", l}
+		return &ParseError{"", "bad LOC Longitude minutes", l}
 	} else {
 		rr.Longitude += 1000 * 60 * uint32(i)
 	}
 	c.Next() // zBlank
 	l, _ = c.Next()
 	if i, e := strconv.ParseFloat(l.token, 32); e != nil || l.err {
-		return &ParseError{f, "bad LOC Longitude seconds", l}
+		return &ParseError{"", "bad LOC Longitude seconds", l}
 	} else {
 		rr.Longitude += uint32(1000 * i)
 	}
@@ -799,19 +656,19 @@ East:
 		goto Altitude
 	}
 	// If still alive, flag an error
-	return &ParseError{f, "bad LOC Longitude East/West", l}
+	return &ParseError{"", "bad LOC Longitude East/West", l}
 
 Altitude:
 	c.Next() // zBlank
 	l, _ = c.Next()
 	if len(l.token) == 0 || l.err {
-		return &ParseError{f, "bad LOC Altitude", l}
+		return &ParseError{"", "bad LOC Altitude", l}
 	}
 	if l.token[len(l.token)-1] == 'M' || l.token[len(l.token)-1] == 'm' {
 		l.token = l.token[0 : len(l.token)-1]
 	}
 	if i, e := strconv.ParseFloat(l.token, 32); e != nil {
-		return &ParseError{f, "bad LOC Altitude", l}
+		return &ParseError{"", "bad LOC Altitude", l}
 	} else {
 		rr.Altitude = uint32(i*100.0 + 10000000.0 + 0.5)
 	}
@@ -826,19 +683,19 @@ Altitude:
 			case 0: // Size
 				e, m, ok := stringToCm(l.token)
 				if !ok {
-					return &ParseError{f, "bad LOC Size", l}
+					return &ParseError{"", "bad LOC Size", l}
 				}
 				rr.Size = e&0x0f | m<<4&0xf0
 			case 1: // HorizPre
 				e, m, ok := stringToCm(l.token)
 				if !ok {
-					return &ParseError{f, "bad LOC HorizPre", l}
+					return &ParseError{"", "bad LOC HorizPre", l}
 				}
 				rr.HorizPre = e&0x0f | m<<4&0xf0
 			case 2: // VertPre
 				e, m, ok := stringToCm(l.token)
 				if !ok {
-					return &ParseError{f, "bad LOC VertPre", l}
+					return &ParseError{"", "bad LOC VertPre", l}
 				}
 				rr.VertPre = e&0x0f | m<<4&0xf0
 			}
@@ -846,30 +703,26 @@ Altitude:
 		case zBlank:
 			// Ok
 		default:
-			return &ParseError{f, "bad LOC Size, HorizPre or VertPre", l}
+			return &ParseError{"", "bad LOC Size, HorizPre or VertPre", l}
 		}
 		l, _ = c.Next()
 	}
 	return nil
 }
 
-func (rr *HIP) parse(c *zlexer, o, f string) *ParseError {
+func (rr *HIP) parse(c *zlexer, o string) *ParseError {
 	// HitLength is not represented
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return nil
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return &ParseError{f, "bad HIP PublicKeyAlgorithm", l}
+		return &ParseError{"", "bad HIP PublicKeyAlgorithm", l}
 	}
 	rr.PublicKeyAlgorithm = uint8(i)
 
 	c.Next()        // zBlank
 	l, _ = c.Next() // zString
 	if len(l.token) == 0 || l.err {
-		return &ParseError{f, "bad HIP Hit", l}
+		return &ParseError{"", "bad HIP Hit", l}
 	}
 	rr.Hit = l.token // This can not contain spaces, see RFC 5205 Section 6.
 	rr.HitLength = uint8(len(rr.Hit)) / 2
@@ -877,7 +730,7 @@ func (rr *HIP) parse(c *zlexer, o, f string) *ParseError {
 	c.Next()        // zBlank
 	l, _ = c.Next() // zString
 	if len(l.token) == 0 || l.err {
-		return &ParseError{f, "bad HIP PublicKey", l}
+		return &ParseError{"", "bad HIP PublicKey", l}
 	}
 	rr.PublicKey = l.token // This cannot contain spaces
 	rr.PublicKeyLength = uint16(base64.StdEncoding.DecodedLen(len(rr.PublicKey)))
@@ -890,13 +743,13 @@ func (rr *HIP) parse(c *zlexer, o, f string) *ParseError {
 		case zString:
 			name, nameOk := toAbsoluteName(l.token, o)
 			if l.err || !nameOk {
-				return &ParseError{f, "bad HIP RendezvousServers", l}
+				return &ParseError{"", "bad HIP RendezvousServers", l}
 			}
 			xs = append(xs, name)
 		case zBlank:
 			// Ok
 		default:
-			return &ParseError{f, "bad HIP RendezvousServers", l}
+			return &ParseError{"", "bad HIP RendezvousServers", l}
 		}
 		l, _ = c.Next()
 	}
@@ -905,16 +758,12 @@ func (rr *HIP) parse(c *zlexer, o, f string) *ParseError {
 	return nil
 }
 
-func (rr *CERT) parse(c *zlexer, o, f string) *ParseError {
+func (rr *CERT) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return nil
-	}
-
 	if v, ok := StringToCertType[l.token]; ok {
 		rr.Type = v
 	} else if i, e := strconv.ParseUint(l.token, 10, 16); e != nil {
-		return &ParseError{f, "bad CERT Type", l}
+		return &ParseError{"", "bad CERT Type", l}
 	} else {
 		rr.Type = uint16(i)
 	}
@@ -922,7 +771,7 @@ func (rr *CERT) parse(c *zlexer, o, f string) *ParseError {
 	l, _ = c.Next() // zString
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return &ParseError{f, "bad CERT KeyTag", l}
+		return &ParseError{"", "bad CERT KeyTag", l}
 	}
 	rr.KeyTag = uint16(i)
 	c.Next()        // zBlank
@@ -930,11 +779,11 @@ func (rr *CERT) parse(c *zlexer, o, f string) *ParseError {
 	if v, ok := StringToAlgorithm[l.token]; ok {
 		rr.Algorithm = v
 	} else if i, e := strconv.ParseUint(l.token, 10, 8); e != nil {
-		return &ParseError{f, "bad CERT Algorithm", l}
+		return &ParseError{"", "bad CERT Algorithm", l}
 	} else {
 		rr.Algorithm = uint8(i)
 	}
-	s, e1 := endingToString(c, "bad CERT Certificate", f)
+	s, e1 := endingToString(c, "bad CERT Certificate")
 	if e1 != nil {
 		return e1
 	}
@@ -942,8 +791,8 @@ func (rr *CERT) parse(c *zlexer, o, f string) *ParseError {
 	return nil
 }
 
-func (rr *OPENPGPKEY) parse(c *zlexer, o, f string) *ParseError {
-	s, e := endingToString(c, "bad OPENPGPKEY PublicKey", f)
+func (rr *OPENPGPKEY) parse(c *zlexer, o string) *ParseError {
+	s, e := endingToString(c, "bad OPENPGPKEY PublicKey")
 	if e != nil {
 		return e
 	}
@@ -951,15 +800,12 @@ func (rr *OPENPGPKEY) parse(c *zlexer, o, f string) *ParseError {
 	return nil
 }
 
-func (rr *CSYNC) parse(c *zlexer, o, f string) *ParseError {
+func (rr *CSYNC) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return nil
-	}
 	j, e := strconv.ParseUint(l.token, 10, 32)
 	if e != nil {
 		// Serial must be a number
-		return &ParseError{f, "bad CSYNC serial", l}
+		return &ParseError{"", "bad CSYNC serial", l}
 	}
 	rr.Serial = uint32(j)
 
@@ -969,7 +815,7 @@ func (rr *CSYNC) parse(c *zlexer, o, f string) *ParseError {
 	j, e = strconv.ParseUint(l.token, 10, 16)
 	if e != nil {
 		// Serial must be a number
-		return &ParseError{f, "bad CSYNC flags", l}
+		return &ParseError{"", "bad CSYNC flags", l}
 	}
 	rr.Flags = uint16(j)
 
@@ -987,38 +833,34 @@ func (rr *CSYNC) parse(c *zlexer, o, f string) *ParseError {
 			tokenUpper := strings.ToUpper(l.token)
 			if k, ok = StringToType[tokenUpper]; !ok {
 				if k, ok = typeToInt(l.token); !ok {
-					return &ParseError{f, "bad CSYNC TypeBitMap", l}
+					return &ParseError{"", "bad CSYNC TypeBitMap", l}
 				}
 			}
 			rr.TypeBitMap = append(rr.TypeBitMap, k)
 		default:
-			return &ParseError{f, "bad CSYNC TypeBitMap", l}
+			return &ParseError{"", "bad CSYNC TypeBitMap", l}
 		}
 		l, _ = c.Next()
 	}
 	return nil
 }
 
-func (rr *SIG) parse(c *zlexer, o, f string) *ParseError {
-	return rr.RRSIG.parse(c, o, f)
+func (rr *SIG) parse(c *zlexer, o string) *ParseError {
+	return rr.RRSIG.parse(c, o)
 }
 
-func (rr *RRSIG) parse(c *zlexer, o, f string) *ParseError {
+func (rr *RRSIG) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return nil
-	}
-
 	tokenUpper := strings.ToUpper(l.token)
 	if t, ok := StringToType[tokenUpper]; !ok {
 		if strings.HasPrefix(tokenUpper, "TYPE") {
 			t, ok = typeToInt(l.token)
 			if !ok {
-				return &ParseError{f, "bad RRSIG Typecovered", l}
+				return &ParseError{"", "bad RRSIG Typecovered", l}
 			}
 			rr.TypeCovered = t
 		} else {
-			return &ParseError{f, "bad RRSIG Typecovered", l}
+			return &ParseError{"", "bad RRSIG Typecovered", l}
 		}
 	} else {
 		rr.TypeCovered = t
@@ -1028,7 +870,7 @@ func (rr *RRSIG) parse(c *zlexer, o, f string) *ParseError {
 	l, _ = c.Next()
 	i, err := strconv.ParseUint(l.token, 10, 8)
 	if err != nil || l.err {
-		return &ParseError{f, "bad RRSIG Algorithm", l}
+		return &ParseError{"", "bad RRSIG Algorithm", l}
 	}
 	rr.Algorithm = uint8(i)
 
@@ -1036,7 +878,7 @@ func (rr *RRSIG) parse(c *zlexer, o, f string) *ParseError {
 	l, _ = c.Next()
 	i, err = strconv.ParseUint(l.token, 10, 8)
 	if err != nil || l.err {
-		return &ParseError{f, "bad RRSIG Labels", l}
+		return &ParseError{"", "bad RRSIG Labels", l}
 	}
 	rr.Labels = uint8(i)
 
@@ -1044,7 +886,7 @@ func (rr *RRSIG) parse(c *zlexer, o, f string) *ParseError {
 	l, _ = c.Next()
 	i, err = strconv.ParseUint(l.token, 10, 32)
 	if err != nil || l.err {
-		return &ParseError{f, "bad RRSIG OrigTtl", l}
+		return &ParseError{"", "bad RRSIG OrigTtl", l}
 	}
 	rr.OrigTtl = uint32(i)
 
@@ -1056,7 +898,7 @@ func (rr *RRSIG) parse(c *zlexer, o, f string) *ParseError {
 			// TODO(miek): error out on > MAX_UINT32, same below
 			rr.Expiration = uint32(i)
 		} else {
-			return &ParseError{f, "bad RRSIG Expiration", l}
+			return &ParseError{"", "bad RRSIG Expiration", l}
 		}
 	} else {
 		rr.Expiration = i
@@ -1068,7 +910,7 @@ func (rr *RRSIG) parse(c *zlexer, o, f string) *ParseError {
 		if i, err := strconv.ParseInt(l.token, 10, 64); err == nil {
 			rr.Inception = uint32(i)
 		} else {
-			return &ParseError{f, "bad RRSIG Inception", l}
+			return &ParseError{"", "bad RRSIG Inception", l}
 		}
 	} else {
 		rr.Inception = i
@@ -1078,7 +920,7 @@ func (rr *RRSIG) parse(c *zlexer, o, f string) *ParseError {
 	l, _ = c.Next()
 	i, err = strconv.ParseUint(l.token, 10, 16)
 	if err != nil || l.err {
-		return &ParseError{f, "bad RRSIG KeyTag", l}
+		return &ParseError{"", "bad RRSIG KeyTag", l}
 	}
 	rr.KeyTag = uint16(i)
 
@@ -1087,11 +929,11 @@ func (rr *RRSIG) parse(c *zlexer, o, f string) *ParseError {
 	rr.SignerName = l.token
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return &ParseError{f, "bad RRSIG SignerName", l}
+		return &ParseError{"", "bad RRSIG SignerName", l}
 	}
 	rr.SignerName = name
 
-	s, e := endingToString(c, "bad RRSIG Signature", f)
+	s, e := endingToString(c, "bad RRSIG Signature")
 	if e != nil {
 		return e
 	}
@@ -1100,16 +942,11 @@ func (rr *RRSIG) parse(c *zlexer, o, f string) *ParseError {
 	return nil
 }
 
-func (rr *NSEC) parse(c *zlexer, o, f string) *ParseError {
+func (rr *NSEC) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	rr.NextDomain = l.token
-	if len(l.token) == 0 { // dynamic update rr.
-		return nil
-	}
-
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return &ParseError{f, "bad NSEC NextDomain", l}
+		return &ParseError{"", "bad NSEC NextDomain", l}
 	}
 	rr.NextDomain = name
 
@@ -1127,47 +964,43 @@ func (rr *NSEC) parse(c *zlexer, o, f string) *ParseError {
 			tokenUpper := strings.ToUpper(l.token)
 			if k, ok = StringToType[tokenUpper]; !ok {
 				if k, ok = typeToInt(l.token); !ok {
-					return &ParseError{f, "bad NSEC TypeBitMap", l}
+					return &ParseError{"", "bad NSEC TypeBitMap", l}
 				}
 			}
 			rr.TypeBitMap = append(rr.TypeBitMap, k)
 		default:
-			return &ParseError{f, "bad NSEC TypeBitMap", l}
+			return &ParseError{"", "bad NSEC TypeBitMap", l}
 		}
 		l, _ = c.Next()
 	}
 	return nil
 }
 
-func (rr *NSEC3) parse(c *zlexer, o, f string) *ParseError {
+func (rr *NSEC3) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return nil
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return &ParseError{f, "bad NSEC3 Hash", l}
+		return &ParseError{"", "bad NSEC3 Hash", l}
 	}
 	rr.Hash = uint8(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return &ParseError{f, "bad NSEC3 Flags", l}
+		return &ParseError{"", "bad NSEC3 Flags", l}
 	}
 	rr.Flags = uint8(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return &ParseError{f, "bad NSEC3 Iterations", l}
+		return &ParseError{"", "bad NSEC3 Iterations", l}
 	}
 	rr.Iterations = uint16(i)
 	c.Next()
 	l, _ = c.Next()
 	if len(l.token) == 0 || l.err {
-		return &ParseError{f, "bad NSEC3 Salt", l}
+		return &ParseError{"", "bad NSEC3 Salt", l}
 	}
 	if l.token != "-" {
 		rr.SaltLength = uint8(len(l.token)) / 2
@@ -1177,7 +1010,7 @@ func (rr *NSEC3) parse(c *zlexer, o, f string) *ParseError {
 	c.Next()
 	l, _ = c.Next()
 	if len(l.token) == 0 || l.err {
-		return &ParseError{f, "bad NSEC3 NextDomain", l}
+		return &ParseError{"", "bad NSEC3 NextDomain", l}
 	}
 	rr.HashLength = 20 // Fix for NSEC3 (sha1 160 bits)
 	rr.NextDomain = l.token
@@ -1196,41 +1029,37 @@ func (rr *NSEC3) parse(c *zlexer, o, f string) *ParseError {
 			tokenUpper := strings.ToUpper(l.token)
 			if k, ok = StringToType[tokenUpper]; !ok {
 				if k, ok = typeToInt(l.token); !ok {
-					return &ParseError{f, "bad NSEC3 TypeBitMap", l}
+					return &ParseError{"", "bad NSEC3 TypeBitMap", l}
 				}
 			}
 			rr.TypeBitMap = append(rr.TypeBitMap, k)
 		default:
-			return &ParseError{f, "bad NSEC3 TypeBitMap", l}
+			return &ParseError{"", "bad NSEC3 TypeBitMap", l}
 		}
 		l, _ = c.Next()
 	}
 	return nil
 }
 
-func (rr *NSEC3PARAM) parse(c *zlexer, o, f string) *ParseError {
+func (rr *NSEC3PARAM) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return &ParseError{f, "bad NSEC3PARAM Hash", l}
+		return &ParseError{"", "bad NSEC3PARAM Hash", l}
 	}
 	rr.Hash = uint8(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return &ParseError{f, "bad NSEC3PARAM Flags", l}
+		return &ParseError{"", "bad NSEC3PARAM Flags", l}
 	}
 	rr.Flags = uint8(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return &ParseError{f, "bad NSEC3PARAM Iterations", l}
+		return &ParseError{"", "bad NSEC3PARAM Iterations", l}
 	}
 	rr.Iterations = uint16(i)
 	c.Next()
@@ -1239,17 +1068,13 @@ func (rr *NSEC3PARAM) parse(c *zlexer, o, f string) *ParseError {
 		rr.SaltLength = uint8(len(l.token))
 		rr.Salt = l.token
 	}
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *EUI48) parse(c *zlexer, o, f string) *ParseError {
+func (rr *EUI48) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	if len(l.token) != 17 || l.err {
-		return &ParseError{f, "bad EUI48 Address", l}
+		return &ParseError{"", "bad EUI48 Address", l}
 	}
 	addr := make([]byte, 12)
 	dash := 0
@@ -1258,7 +1083,7 @@ func (rr *EUI48) parse(c *zlexer, o, f string) *ParseError {
 		addr[i+1] = l.token[i+1+dash]
 		dash++
 		if l.token[i+1+dash] != '-' {
-			return &ParseError{f, "bad EUI48 Address", l}
+			return &ParseError{"", "bad EUI48 Address", l}
 		}
 	}
 	addr[10] = l.token[15]
@@ -1266,20 +1091,16 @@ func (rr *EUI48) parse(c *zlexer, o, f string) *ParseError {
 
 	i, e := strconv.ParseUint(string(addr), 16, 48)
 	if e != nil {
-		return &ParseError{f, "bad EUI48 Address", l}
+		return &ParseError{"", "bad EUI48 Address", l}
 	}
 	rr.Address = i
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *EUI64) parse(c *zlexer, o, f string) *ParseError {
+func (rr *EUI64) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	if len(l.token) != 23 || l.err {
-		return &ParseError{f, "bad EUI64 Address", l}
+		return &ParseError{"", "bad EUI64 Address", l}
 	}
 	addr := make([]byte, 16)
 	dash := 0
@@ -1288,7 +1109,7 @@ func (rr *EUI64) parse(c *zlexer, o, f string) *ParseError {
 		addr[i+1] = l.token[i+1+dash]
 		dash++
 		if l.token[i+1+dash] != '-' {
-			return &ParseError{f, "bad EUI64 Address", l}
+			return &ParseError{"", "bad EUI64 Address", l}
 		}
 	}
 	addr[14] = l.token[21]
@@ -1296,32 +1117,28 @@ func (rr *EUI64) parse(c *zlexer, o, f string) *ParseError {
 
 	i, e := strconv.ParseUint(string(addr), 16, 64)
 	if e != nil {
-		return &ParseError{f, "bad EUI68 Address", l}
+		return &ParseError{"", "bad EUI68 Address", l}
 	}
 	rr.Address = i
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *SSHFP) parse(c *zlexer, o, f string) *ParseError {
+func (rr *SSHFP) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return nil
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return &ParseError{f, "bad SSHFP Algorithm", l}
+		return &ParseError{"", "bad SSHFP Algorithm", l}
 	}
 	rr.Algorithm = uint8(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return &ParseError{f, "bad SSHFP Type", l}
+		return &ParseError{"", "bad SSHFP Type", l}
 	}
 	rr.Type = uint8(i)
 	c.Next() // zBlank
-	s, e1 := endingToString(c, "bad SSHFP Fingerprint", f)
+	s, e1 := endingToString(c, "bad SSHFP Fingerprint")
 	if e1 != nil {
 		return e1
 	}
@@ -1329,32 +1146,28 @@ func (rr *SSHFP) parse(c *zlexer, o, f string) *ParseError {
 	return nil
 }
 
-func (rr *DNSKEY) parseDNSKEY(c *zlexer, o, f, typ string) *ParseError {
+func (rr *DNSKEY) parseDNSKEY(c *zlexer, o, typ string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return nil
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return &ParseError{f, "bad " + typ + " Flags", l}
+		return &ParseError{"", "bad " + typ + " Flags", l}
 	}
 	rr.Flags = uint16(i)
 	c.Next()        // zBlank
 	l, _ = c.Next() // zString
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return &ParseError{f, "bad " + typ + " Protocol", l}
+		return &ParseError{"", "bad " + typ + " Protocol", l}
 	}
 	rr.Protocol = uint8(i)
 	c.Next()        // zBlank
 	l, _ = c.Next() // zString
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return &ParseError{f, "bad " + typ + " Algorithm", l}
+		return &ParseError{"", "bad " + typ + " Algorithm", l}
 	}
 	rr.Algorithm = uint8(i)
-	s, e1 := endingToString(c, "bad "+typ+" PublicKey", f)
+	s, e1 := endingToString(c, "bad "+typ+" PublicKey")
 	if e1 != nil {
 		return e1
 	}
@@ -1362,44 +1175,40 @@ func (rr *DNSKEY) parseDNSKEY(c *zlexer, o, f, typ string) *ParseError {
 	return nil
 }
 
-func (rr *DNSKEY) parse(c *zlexer, o, f string) *ParseError {
-	return rr.parseDNSKEY(c, o, f, "DNSKEY")
+func (rr *DNSKEY) parse(c *zlexer, o string) *ParseError {
+	return rr.parseDNSKEY(c, o, "DNSKEY")
 }
 
-func (rr *KEY) parse(c *zlexer, o, f string) *ParseError {
-	return rr.parseDNSKEY(c, o, f, "KEY")
+func (rr *KEY) parse(c *zlexer, o string) *ParseError {
+	return rr.parseDNSKEY(c, o, "KEY")
 }
 
-func (rr *CDNSKEY) parse(c *zlexer, o, f string) *ParseError {
-	return rr.parseDNSKEY(c, o, f, "CDNSKEY")
+func (rr *CDNSKEY) parse(c *zlexer, o string) *ParseError {
+	return rr.parseDNSKEY(c, o, "CDNSKEY")
 }
 
-func (rr *RKEY) parse(c *zlexer, o, f string) *ParseError {
+func (rr *RKEY) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return nil
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return &ParseError{f, "bad RKEY Flags", l}
+		return &ParseError{"", "bad RKEY Flags", l}
 	}
 	rr.Flags = uint16(i)
 	c.Next()        // zBlank
 	l, _ = c.Next() // zString
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return &ParseError{f, "bad RKEY Protocol", l}
+		return &ParseError{"", "bad RKEY Protocol", l}
 	}
 	rr.Protocol = uint8(i)
 	c.Next()        // zBlank
 	l, _ = c.Next() // zString
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return &ParseError{f, "bad RKEY Algorithm", l}
+		return &ParseError{"", "bad RKEY Algorithm", l}
 	}
 	rr.Algorithm = uint8(i)
-	s, e1 := endingToString(c, "bad RKEY PublicKey", f)
+	s, e1 := endingToString(c, "bad RKEY PublicKey")
 	if e1 != nil {
 		return e1
 	}
@@ -1407,8 +1216,8 @@ func (rr *RKEY) parse(c *zlexer, o, f string) *ParseError {
 	return nil
 }
 
-func (rr *EID) parse(c *zlexer, o, f string) *ParseError {
-	s, e := endingToString(c, "bad EID Endpoint", f)
+func (rr *EID) parse(c *zlexer, o string) *ParseError {
+	s, e := endingToString(c, "bad EID Endpoint")
 	if e != nil {
 		return e
 	}
@@ -1416,8 +1225,8 @@ func (rr *EID) parse(c *zlexer, o, f string) *ParseError {
 	return nil
 }
 
-func (rr *NIMLOC) parse(c *zlexer, o, f string) *ParseError {
-	s, e := endingToString(c, "bad NIMLOC Locator", f)
+func (rr *NIMLOC) parse(c *zlexer, o string) *ParseError {
+	s, e := endingToString(c, "bad NIMLOC Locator")
 	if e != nil {
 		return e
 	}
@@ -1425,43 +1234,35 @@ func (rr *NIMLOC) parse(c *zlexer, o, f string) *ParseError {
 	return nil
 }
 
-func (rr *GPOS) parse(c *zlexer, o, f string) *ParseError {
+func (rr *GPOS) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	_, e := strconv.ParseFloat(l.token, 64)
 	if e != nil || l.err {
-		return &ParseError{f, "bad GPOS Longitude", l}
+		return &ParseError{"", "bad GPOS Longitude", l}
 	}
 	rr.Longitude = l.token
 	c.Next() // zBlank
 	l, _ = c.Next()
 	_, e = strconv.ParseFloat(l.token, 64)
 	if e != nil || l.err {
-		return &ParseError{f, "bad GPOS Latitude", l}
+		return &ParseError{"", "bad GPOS Latitude", l}
 	}
 	rr.Latitude = l.token
 	c.Next() // zBlank
 	l, _ = c.Next()
 	_, e = strconv.ParseFloat(l.token, 64)
 	if e != nil || l.err {
-		return &ParseError{f, "bad GPOS Altitude", l}
+		return &ParseError{"", "bad GPOS Altitude", l}
 	}
 	rr.Altitude = l.token
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *DS) parseDS(c *zlexer, o, f, typ string) *ParseError {
+func (rr *DS) parseDS(c *zlexer, o, typ string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return nil
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return &ParseError{f, "bad " + typ + " KeyTag", l}
+		return &ParseError{"", "bad " + typ + " KeyTag", l}
 	}
 	rr.KeyTag = uint16(i)
 	c.Next() // zBlank
@@ -1470,7 +1271,7 @@ func (rr *DS) parseDS(c *zlexer, o, f, typ string) *ParseError {
 		tokenUpper := strings.ToUpper(l.token)
 		i, ok := StringToAlgorithm[tokenUpper]
 		if !ok || l.err {
-			return &ParseError{f, "bad " + typ + " Algorithm", l}
+			return &ParseError{"", "bad " + typ + " Algorithm", l}
 		}
 		rr.Algorithm = i
 	} else {
@@ -1480,10 +1281,10 @@ func (rr *DS) parseDS(c *zlexer, o, f, typ string) *ParseError {
 	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return &ParseError{f, "bad " + typ + " DigestType", l}
+		return &ParseError{"", "bad " + typ + " DigestType", l}
 	}
 	rr.DigestType = uint8(i)
-	s, e1 := endingToString(c, "bad "+typ+" Digest", f)
+	s, e1 := endingToString(c, "bad "+typ+" Digest")
 	if e1 != nil {
 		return e1
 	}
@@ -1491,27 +1292,23 @@ func (rr *DS) parseDS(c *zlexer, o, f, typ string) *ParseError {
 	return nil
 }
 
-func (rr *DS) parse(c *zlexer, o, f string) *ParseError {
-	return rr.parseDS(c, o, f, "DS")
+func (rr *DS) parse(c *zlexer, o string) *ParseError {
+	return rr.parseDS(c, o, "DS")
 }
 
-func (rr *DLV) parse(c *zlexer, o, f string) *ParseError {
-	return rr.parseDS(c, o, f, "DLV")
+func (rr *DLV) parse(c *zlexer, o string) *ParseError {
+	return rr.parseDS(c, o, "DLV")
 }
 
-func (rr *CDS) parse(c *zlexer, o, f string) *ParseError {
-	return rr.parseDS(c, o, f, "CDS")
+func (rr *CDS) parse(c *zlexer, o string) *ParseError {
+	return rr.parseDS(c, o, "CDS")
 }
 
-func (rr *TA) parse(c *zlexer, o, f string) *ParseError {
+func (rr *TA) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return nil
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return &ParseError{f, "bad TA KeyTag", l}
+		return &ParseError{"", "bad TA KeyTag", l}
 	}
 	rr.KeyTag = uint16(i)
 	c.Next() // zBlank
@@ -1520,7 +1317,7 @@ func (rr *TA) parse(c *zlexer, o, f string) *ParseError {
 		tokenUpper := strings.ToUpper(l.token)
 		i, ok := StringToAlgorithm[tokenUpper]
 		if !ok || l.err {
-			return &ParseError{f, "bad TA Algorithm", l}
+			return &ParseError{"", "bad TA Algorithm", l}
 		}
 		rr.Algorithm = i
 	} else {
@@ -1530,10 +1327,10 @@ func (rr *TA) parse(c *zlexer, o, f string) *ParseError {
 	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return &ParseError{f, "bad TA DigestType", l}
+		return &ParseError{"", "bad TA DigestType", l}
 	}
 	rr.DigestType = uint8(i)
-	s, err := endingToString(c, "bad TA Digest", f)
+	s, err := endingToString(c, "bad TA Digest")
 	if err != nil {
 		return err
 	}
@@ -1541,33 +1338,29 @@ func (rr *TA) parse(c *zlexer, o, f string) *ParseError {
 	return nil
 }
 
-func (rr *TLSA) parse(c *zlexer, o, f string) *ParseError {
+func (rr *TLSA) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return nil
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return &ParseError{f, "bad TLSA Usage", l}
+		return &ParseError{"", "bad TLSA Usage", l}
 	}
 	rr.Usage = uint8(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return &ParseError{f, "bad TLSA Selector", l}
+		return &ParseError{"", "bad TLSA Selector", l}
 	}
 	rr.Selector = uint8(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return &ParseError{f, "bad TLSA MatchingType", l}
+		return &ParseError{"", "bad TLSA MatchingType", l}
 	}
 	rr.MatchingType = uint8(i)
 	// So this needs be e2 (i.e. different than e), because...??t
-	s, e2 := endingToString(c, "bad TLSA Certificate", f)
+	s, e2 := endingToString(c, "bad TLSA Certificate")
 	if e2 != nil {
 		return e2
 	}
@@ -1575,33 +1368,29 @@ func (rr *TLSA) parse(c *zlexer, o, f string) *ParseError {
 	return nil
 }
 
-func (rr *SMIMEA) parse(c *zlexer, o, f string) *ParseError {
+func (rr *SMIMEA) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return nil
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return &ParseError{f, "bad SMIMEA Usage", l}
+		return &ParseError{"", "bad SMIMEA Usage", l}
 	}
 	rr.Usage = uint8(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return &ParseError{f, "bad SMIMEA Selector", l}
+		return &ParseError{"", "bad SMIMEA Selector", l}
 	}
 	rr.Selector = uint8(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 8)
 	if e != nil || l.err {
-		return &ParseError{f, "bad SMIMEA MatchingType", l}
+		return &ParseError{"", "bad SMIMEA MatchingType", l}
 	}
 	rr.MatchingType = uint8(i)
 	// So this needs be e2 (i.e. different than e), because...??t
-	s, e2 := endingToString(c, "bad SMIMEA Certificate", f)
+	s, e2 := endingToString(c, "bad SMIMEA Certificate")
 	if e2 != nil {
 		return e2
 	}
@@ -1609,32 +1398,32 @@ func (rr *SMIMEA) parse(c *zlexer, o, f string) *ParseError {
 	return nil
 }
 
-func (rr *RFC3597) parse(c *zlexer, o, f string) *ParseError {
+func (rr *RFC3597) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
 	if l.token != "\\#" {
-		return &ParseError{f, "bad RFC3597 Rdata", l}
+		return &ParseError{"", "bad RFC3597 Rdata", l}
 	}
 
 	c.Next() // zBlank
 	l, _ = c.Next()
 	rdlength, e := strconv.Atoi(l.token)
 	if e != nil || l.err {
-		return &ParseError{f, "bad RFC3597 Rdata ", l}
+		return &ParseError{"", "bad RFC3597 Rdata ", l}
 	}
 
-	s, e1 := endingToString(c, "bad RFC3597 Rdata", f)
+	s, e1 := endingToString(c, "bad RFC3597 Rdata")
 	if e1 != nil {
 		return e1
 	}
 	if rdlength*2 != len(s) {
-		return &ParseError{f, "bad RFC3597 Rdata", l}
+		return &ParseError{"", "bad RFC3597 Rdata", l}
 	}
 	rr.Rdata = s
 	return nil
 }
 
-func (rr *SPF) parse(c *zlexer, o, f string) *ParseError {
-	s, e := endingToTxtSlice(c, "bad SPF Txt", f)
+func (rr *SPF) parse(c *zlexer, o string) *ParseError {
+	s, e := endingToTxtSlice(c, "bad SPF Txt")
 	if e != nil {
 		return e
 	}
@@ -1642,8 +1431,8 @@ func (rr *SPF) parse(c *zlexer, o, f string) *ParseError {
 	return nil
 }
 
-func (rr *AVC) parse(c *zlexer, o, f string) *ParseError {
-	s, e := endingToTxtSlice(c, "bad AVC Txt", f)
+func (rr *AVC) parse(c *zlexer, o string) *ParseError {
+	s, e := endingToTxtSlice(c, "bad AVC Txt")
 	if e != nil {
 		return e
 	}
@@ -1651,9 +1440,9 @@ func (rr *AVC) parse(c *zlexer, o, f string) *ParseError {
 	return nil
 }
 
-func (rr *TXT) parse(c *zlexer, o, f string) *ParseError {
+func (rr *TXT) parse(c *zlexer, o string) *ParseError {
 	// no zBlank reading here, because all this rdata is TXT
-	s, e := endingToTxtSlice(c, "bad TXT Txt", f)
+	s, e := endingToTxtSlice(c, "bad TXT Txt")
 	if e != nil {
 		return e
 	}
@@ -1662,8 +1451,8 @@ func (rr *TXT) parse(c *zlexer, o, f string) *ParseError {
 }
 
 // identical to setTXT
-func (rr *NINFO) parse(c *zlexer, o, f string) *ParseError {
-	s, e := endingToTxtSlice(c, "bad NINFO ZSData", f)
+func (rr *NINFO) parse(c *zlexer, o string) *ParseError {
+	s, e := endingToTxtSlice(c, "bad NINFO ZSData")
 	if e != nil {
 		return e
 	}
@@ -1671,40 +1460,36 @@ func (rr *NINFO) parse(c *zlexer, o, f string) *ParseError {
 	return nil
 }
 
-func (rr *URI) parse(c *zlexer, o, f string) *ParseError {
+func (rr *URI) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return nil
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return &ParseError{f, "bad URI Priority", l}
+		return &ParseError{"", "bad URI Priority", l}
 	}
 	rr.Priority = uint16(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
 	i, e = strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return &ParseError{f, "bad URI Weight", l}
+		return &ParseError{"", "bad URI Weight", l}
 	}
 	rr.Weight = uint16(i)
 
 	c.Next() // zBlank
-	s, err := endingToTxtSlice(c, "bad URI Target", f)
+	s, err := endingToTxtSlice(c, "bad URI Target")
 	if err != nil {
 		return err
 	}
 	if len(s) != 1 {
-		return &ParseError{f, "bad URI Target", l}
+		return &ParseError{"", "bad URI Target", l}
 	}
 	rr.Target = s[0]
 	return nil
 }
 
-func (rr *DHCID) parse(c *zlexer, o, f string) *ParseError {
+func (rr *DHCID) parse(c *zlexer, o string) *ParseError {
 	// awesome record to parse!
-	s, e := endingToString(c, "bad DHCID Digest", f)
+	s, e := endingToString(c, "bad DHCID Digest")
 	if e != nil {
 		return e
 	}
@@ -1712,15 +1497,11 @@ func (rr *DHCID) parse(c *zlexer, o, f string) *ParseError {
 	return nil
 }
 
-func (rr *NID) parse(c *zlexer, o, f string) *ParseError {
+func (rr *NID) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return &ParseError{f, "bad NID Preference", l}
+		return &ParseError{"", "bad NID Preference", l}
 	}
 	rr.Preference = uint16(i)
 	c.Next()        // zBlank
@@ -1730,38 +1511,30 @@ func (rr *NID) parse(c *zlexer, o, f string) *ParseError {
 		return err
 	}
 	rr.NodeID = u
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *L32) parse(c *zlexer, o, f string) *ParseError {
+func (rr *L32) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return &ParseError{f, "bad L32 Preference", l}
+		return &ParseError{"", "bad L32 Preference", l}
 	}
 	rr.Preference = uint16(i)
 	c.Next()        // zBlank
 	l, _ = c.Next() // zString
 	rr.Locator32 = net.ParseIP(l.token)
 	if rr.Locator32 == nil || l.err {
-		return &ParseError{f, "bad L32 Locator", l}
+		return &ParseError{"", "bad L32 Locator", l}
 	}
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *LP) parse(c *zlexer, o, f string) *ParseError {
+func (rr *LP) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return &ParseError{f, "bad LP Preference", l}
+		return &ParseError{"", "bad LP Preference", l}
 	}
 	rr.Preference = uint16(i)
 
@@ -1770,22 +1543,18 @@ func (rr *LP) parse(c *zlexer, o, f string) *ParseError {
 	rr.Fqdn = l.token
 	name, nameOk := toAbsoluteName(l.token, o)
 	if l.err || !nameOk {
-		return &ParseError{f, "bad LP Fqdn", l}
+		return &ParseError{"", "bad LP Fqdn", l}
 	}
 	rr.Fqdn = name
 
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *L64) parse(c *zlexer, o, f string) *ParseError {
+func (rr *L64) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return &ParseError{f, "bad L64 Preference", l}
+		return &ParseError{"", "bad L64 Preference", l}
 	}
 	rr.Preference = uint16(i)
 	c.Next()        // zBlank
@@ -1795,39 +1564,31 @@ func (rr *L64) parse(c *zlexer, o, f string) *ParseError {
 		return err
 	}
 	rr.Locator64 = u
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *UID) parse(c *zlexer, o, f string) *ParseError {
+func (rr *UID) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 32)
 	if e != nil || l.err {
-		return &ParseError{f, "bad UID Uid", l}
+		return &ParseError{"", "bad UID Uid", l}
 	}
 	rr.Uid = uint32(i)
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *GID) parse(c *zlexer, o, f string) *ParseError {
+func (rr *GID) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 32)
 	if e != nil || l.err {
-		return &ParseError{f, "bad GID Gid", l}
+		return &ParseError{"", "bad GID Gid", l}
 	}
 	rr.Gid = uint32(i)
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *UINFO) parse(c *zlexer, o, f string) *ParseError {
-	s, e := endingToTxtSlice(c, "bad UINFO Uinfo", f)
+func (rr *UINFO) parse(c *zlexer, o string) *ParseError {
+	s, e := endingToTxtSlice(c, "bad UINFO Uinfo")
 	if e != nil {
 		return e
 	}
@@ -1838,15 +1599,11 @@ func (rr *UINFO) parse(c *zlexer, o, f string) *ParseError {
 	return nil
 }
 
-func (rr *PX) parse(c *zlexer, o, f string) *ParseError {
+func (rr *PX) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return slurpRemainder(c, f)
-	}
-
 	i, e := strconv.ParseUint(l.token, 10, 16)
 	if e != nil || l.err {
-		return &ParseError{f, "bad PX Preference", l}
+		return &ParseError{"", "bad PX Preference", l}
 	}
 	rr.Preference = uint16(i)
 
@@ -1855,7 +1612,7 @@ func (rr *PX) parse(c *zlexer, o, f string) *ParseError {
 	rr.Map822 = l.token
 	map822, map822Ok := toAbsoluteName(l.token, o)
 	if l.err || !map822Ok {
-		return &ParseError{f, "bad PX Map822", l}
+		return &ParseError{"", "bad PX Map822", l}
 	}
 	rr.Map822 = map822
 
@@ -1864,50 +1621,46 @@ func (rr *PX) parse(c *zlexer, o, f string) *ParseError {
 	rr.Mapx400 = l.token
 	mapx400, mapx400Ok := toAbsoluteName(l.token, o)
 	if l.err || !mapx400Ok {
-		return &ParseError{f, "bad PX Mapx400", l}
+		return &ParseError{"", "bad PX Mapx400", l}
 	}
 	rr.Mapx400 = mapx400
 
-	return slurpRemainder(c, f)
+	return slurpRemainder(c)
 }
 
-func (rr *CAA) parse(c *zlexer, o, f string) *ParseError {
+func (rr *CAA) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	if len(l.token) == 0 { // dynamic update rr.
-		return nil
-	}
-
 	i, err := strconv.ParseUint(l.token, 10, 8)
 	if err != nil || l.err {
-		return &ParseError{f, "bad CAA Flag", l}
+		return &ParseError{"", "bad CAA Flag", l}
 	}
 	rr.Flag = uint8(i)
 
 	c.Next()        // zBlank
 	l, _ = c.Next() // zString
 	if l.value != zString {
-		return &ParseError{f, "bad CAA Tag", l}
+		return &ParseError{"", "bad CAA Tag", l}
 	}
 	rr.Tag = l.token
 
 	c.Next() // zBlank
-	s, e := endingToTxtSlice(c, "bad CAA Value", f)
+	s, e := endingToTxtSlice(c, "bad CAA Value")
 	if e != nil {
 		return e
 	}
 	if len(s) != 1 {
-		return &ParseError{f, "bad CAA Value", l}
+		return &ParseError{"", "bad CAA Value", l}
 	}
 	rr.Value = s[0]
 	return nil
 }
 
-func (rr *TKEY) parse(c *zlexer, o, f string) *ParseError {
+func (rr *TKEY) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
 
 	// Algorithm
 	if l.value != zString {
-		return &ParseError{f, "bad TKEY algorithm", l}
+		return &ParseError{"", "bad TKEY algorithm", l}
 	}
 	rr.Algorithm = l.token
 	c.Next() // zBlank
@@ -1916,13 +1669,13 @@ func (rr *TKEY) parse(c *zlexer, o, f string) *ParseError {
 	l, _ = c.Next()
 	i, err := strconv.ParseUint(l.token, 10, 8)
 	if err != nil || l.err {
-		return &ParseError{f, "bad TKEY key length", l}
+		return &ParseError{"", "bad TKEY key length", l}
 	}
 	rr.KeySize = uint16(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
 	if l.value != zString {
-		return &ParseError{f, "bad TKEY key", l}
+		return &ParseError{"", "bad TKEY key", l}
 	}
 	rr.Key = l.token
 	c.Next() // zBlank
@@ -1931,15 +1684,81 @@ func (rr *TKEY) parse(c *zlexer, o, f string) *ParseError {
 	l, _ = c.Next()
 	i, err = strconv.ParseUint(l.token, 10, 8)
 	if err != nil || l.err {
-		return &ParseError{f, "bad TKEY otherdata length", l}
+		return &ParseError{"", "bad TKEY otherdata length", l}
 	}
 	rr.OtherLen = uint16(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
 	if l.value != zString {
-		return &ParseError{f, "bad TKEY otherday", l}
+		return &ParseError{"", "bad TKEY otherday", l}
 	}
 	rr.OtherData = l.token
 
 	return nil
 }
+
+func (rr *APL) parse(c *zlexer, o string) *ParseError {
+	var prefixes []APLPrefix
+
+	for {
+		l, _ := c.Next()
+		if l.value == zNewline || l.value == zEOF {
+			break
+		}
+		if l.value == zBlank && prefixes != nil {
+			continue
+		}
+		if l.value != zString {
+			return &ParseError{"", "unexpected APL field", l}
+		}
+
+		// Expected format: [!]afi:address/prefix
+
+		colon := strings.IndexByte(l.token, ':')
+		if colon == -1 {
+			return &ParseError{"", "missing colon in APL field", l}
+		}
+
+		family, cidr := l.token[:colon], l.token[colon+1:]
+
+		var negation bool
+		if family != "" && family[0] == '!' {
+			negation = true
+			family = family[1:]
+		}
+
+		afi, err := strconv.ParseUint(family, 10, 16)
+		if err != nil {
+			return &ParseError{"", "failed to parse APL family: " + err.Error(), l}
+		}
+		var addrLen int
+		switch afi {
+		case 1:
+			addrLen = net.IPv4len
+		case 2:
+			addrLen = net.IPv6len
+		default:
+			return &ParseError{"", "unrecognized APL family", l}
+		}
+
+		ip, subnet, err := net.ParseCIDR(cidr)
+		if err != nil {
+			return &ParseError{"", "failed to parse APL address: " + err.Error(), l}
+		}
+		if !ip.Equal(subnet.IP) {
+			return &ParseError{"", "extra bits in APL address", l}
+		}
+
+		if len(subnet.IP) != addrLen {
+			return &ParseError{"", "address mismatch with the APL family", l}
+		}
+
+		prefixes = append(prefixes, APLPrefix{
+			Negation: negation,
+			Network:  *subnet,
+		})
+	}
+
+	rr.Prefixes = prefixes
+	return nil
+}
diff --git a/vendor/github.com/miekg/dns/serve_mux.go b/vendor/github.com/miekg/dns/serve_mux.go
index ae304db5..69deb33e 100644
--- a/vendor/github.com/miekg/dns/serve_mux.go
+++ b/vendor/github.com/miekg/dns/serve_mux.go
@@ -36,33 +36,9 @@ func (mux *ServeMux) match(q string, t uint16) Handler {
 		return nil
 	}
 
+	q = strings.ToLower(q)
+
 	var handler Handler
-
-	// TODO(tmthrgd): Once https://go-review.googlesource.com/c/go/+/137575
-	// lands in a go release, replace the following with strings.ToLower.
-	var sb strings.Builder
-	for i := 0; i < len(q); i++ {
-		c := q[i]
-		if !(c >= 'A' && c <= 'Z') {
-			continue
-		}
-
-		sb.Grow(len(q))
-		sb.WriteString(q[:i])
-
-		for ; i < len(q); i++ {
-			c := q[i]
-			if c >= 'A' && c <= 'Z' {
-				c += 'a' - 'A'
-			}
-
-			sb.WriteByte(c)
-		}
-
-		q = sb.String()
-		break
-	}
-
 	for off, end := 0, false; !end; off, end = NextLabel(q, off) {
 		if h, ok := mux.z[q[off:]]; ok {
 			if t != TypeDS {
diff --git a/vendor/github.com/miekg/dns/server.go b/vendor/github.com/miekg/dns/server.go
index b09d3717..3cf1a024 100644
--- a/vendor/github.com/miekg/dns/server.go
+++ b/vendor/github.com/miekg/dns/server.go
@@ -560,26 +560,32 @@ func (srv *Server) serveDNS(m []byte, w *response) {
 	req := new(Msg)
 	req.setHdr(dh)
 
-	switch srv.MsgAcceptFunc(dh) {
+	switch action := srv.MsgAcceptFunc(dh); action {
 	case MsgAccept:
 		if req.unpack(dh, m, off) == nil {
 			break
 		}
 
 		fallthrough
-	case MsgReject:
+	case MsgReject, MsgRejectNotImplemented:
+		opcode := req.Opcode
 		req.SetRcodeFormatError(req)
+		req.Zero = false
+		if action == MsgRejectNotImplemented {
+			req.Opcode = opcode
+			req.Rcode = RcodeNotImplemented
+		}
+
 		// Are we allowed to delete any OPT records here?
 		req.Ns, req.Answer, req.Extra = nil, nil, nil
 
 		w.WriteMsg(req)
-
+		fallthrough
+	case MsgIgnore:
 		if w.udp != nil && cap(m) == srv.UDPSize {
 			srv.udpPool.Put(m[:srv.UDPSize])
 		}
 
-		return
-	case MsgIgnore:
 		return
 	}
 
diff --git a/vendor/github.com/miekg/dns/tsig.go b/vendor/github.com/miekg/dns/tsig.go
index afa462fa..61efa248 100644
--- a/vendor/github.com/miekg/dns/tsig.go
+++ b/vendor/github.com/miekg/dns/tsig.go
@@ -40,7 +40,7 @@ type TSIG struct {
 // TSIG has no official presentation format, but this will suffice.
 
 func (rr *TSIG) String() string {
-	s := "\n;; TSIG PSEUDOSECTION:\n"
+	s := "\n;; TSIG PSEUDOSECTION:\n; " // add another semi-colon to signify TSIG does not have a presentation format
 	s += rr.Hdr.String() +
 		" " + rr.Algorithm +
 		" " + tsigTimeToString(rr.TimeSigned) +
@@ -54,7 +54,7 @@ func (rr *TSIG) String() string {
 	return s
 }
 
-func (rr *TSIG) parse(c *zlexer, origin, file string) *ParseError {
+func (rr *TSIG) parse(c *zlexer, origin string) *ParseError {
 	panic("dns: internal error: parse should never be called on TSIG")
 }
 
diff --git a/vendor/github.com/miekg/dns/types.go b/vendor/github.com/miekg/dns/types.go
index 835f2fe7..a6048cb1 100644
--- a/vendor/github.com/miekg/dns/types.go
+++ b/vendor/github.com/miekg/dns/types.go
@@ -1,6 +1,7 @@
 package dns
 
 import (
+	"bytes"
 	"fmt"
 	"net"
 	"strconv"
@@ -61,6 +62,7 @@ const (
 	TypeCERT       uint16 = 37
 	TypeDNAME      uint16 = 39
 	TypeOPT        uint16 = 41 // EDNS
+	TypeAPL        uint16 = 42
 	TypeDS         uint16 = 43
 	TypeSSHFP      uint16 = 44
 	TypeRRSIG      uint16 = 46
@@ -238,7 +240,7 @@ type ANY struct {
 
 func (rr *ANY) String() string { return rr.Hdr.String() }
 
-func (rr *ANY) parse(c *zlexer, origin, file string) *ParseError {
+func (rr *ANY) parse(c *zlexer, origin string) *ParseError {
 	panic("dns: internal error: parse should never be called on ANY")
 }
 
@@ -253,7 +255,7 @@ func (rr *NULL) String() string {
 	return ";" + rr.Hdr.String() + rr.Data
 }
 
-func (rr *NULL) parse(c *zlexer, origin, file string) *ParseError {
+func (rr *NULL) parse(c *zlexer, origin string) *ParseError {
 	panic("dns: internal error: parse should never be called on NULL")
 }
 
@@ -438,25 +440,54 @@ func (rr *TXT) String() string { return rr.Hdr.String() + sprintTxt(rr.Txt) }
 
 func sprintName(s string) string {
 	var dst strings.Builder
-	dst.Grow(len(s))
+
 	for i := 0; i < len(s); {
 		if i+1 < len(s) && s[i] == '\\' && s[i+1] == '.' {
-			dst.WriteString(s[i : i+2])
+			if dst.Len() != 0 {
+				dst.WriteString(s[i : i+2])
+			}
 			i += 2
 			continue
 		}
 
 		b, n := nextByte(s, i)
-		switch {
-		case n == 0:
-			i++ // dangling back slash
-		case b == '.':
-			dst.WriteByte('.')
+		if n == 0 {
+			i++
+			continue
+		}
+		if b == '.' {
+			if dst.Len() != 0 {
+				dst.WriteByte('.')
+			}
+			i += n
+			continue
+		}
+		switch b {
+		case ' ', '\'', '@', ';', '(', ')', '"', '\\': // additional chars to escape
+			if dst.Len() == 0 {
+				dst.Grow(len(s) * 2)
+				dst.WriteString(s[:i])
+			}
+			dst.WriteByte('\\')
+			dst.WriteByte(b)
 		default:
-			writeDomainNameByte(&dst, b)
+			if ' ' <= b && b <= '~' {
+				if dst.Len() != 0 {
+					dst.WriteByte(b)
+				}
+			} else {
+				if dst.Len() == 0 {
+					dst.Grow(len(s) * 2)
+					dst.WriteString(s[:i])
+				}
+				dst.WriteString(escapeByte(b))
+			}
 		}
 		i += n
 	}
+	if dst.Len() == 0 {
+		return s
+	}
 	return dst.String()
 }
 
@@ -510,16 +541,6 @@ func sprintTxt(txt []string) string {
 	return out.String()
 }
 
-func writeDomainNameByte(s *strings.Builder, b byte) {
-	switch b {
-	case '.', ' ', '\'', '@', ';', '(', ')': // additional chars to escape
-		s.WriteByte('\\')
-		s.WriteByte(b)
-	default:
-		writeTXTStringByte(s, b)
-	}
-}
-
 func writeTXTStringByte(s *strings.Builder, b byte) {
 	switch {
 	case b == '"' || b == '\\':
@@ -854,14 +875,7 @@ func (rr *NSEC) String() string {
 func (rr *NSEC) len(off int, compression map[string]struct{}) int {
 	l := rr.Hdr.len(off, compression)
 	l += domainNameLen(rr.NextDomain, off+l, compression, false)
-	lastwindow := uint32(2 ^ 32 + 1)
-	for _, t := range rr.TypeBitMap {
-		window := t / 256
-		if uint32(window) != lastwindow {
-			l += 1 + 32
-		}
-		lastwindow = uint32(window)
-	}
+	l += typeBitMapLen(rr.TypeBitMap)
 	return l
 }
 
@@ -1020,14 +1034,7 @@ func (rr *NSEC3) String() string {
 func (rr *NSEC3) len(off int, compression map[string]struct{}) int {
 	l := rr.Hdr.len(off, compression)
 	l += 6 + len(rr.Salt)/2 + 1 + len(rr.NextDomain) + 1
-	lastwindow := uint32(2 ^ 32 + 1)
-	for _, t := range rr.TypeBitMap {
-		window := t / 256
-		if uint32(window) != lastwindow {
-			l += 1 + 32
-		}
-		lastwindow = uint32(window)
-	}
+	l += typeBitMapLen(rr.TypeBitMap)
 	return l
 }
 
@@ -1344,17 +1351,92 @@ func (rr *CSYNC) String() string {
 func (rr *CSYNC) len(off int, compression map[string]struct{}) int {
 	l := rr.Hdr.len(off, compression)
 	l += 4 + 2
-	lastwindow := uint32(2 ^ 32 + 1)
-	for _, t := range rr.TypeBitMap {
-		window := t / 256
-		if uint32(window) != lastwindow {
-			l += 1 + 32
-		}
-		lastwindow = uint32(window)
-	}
+	l += typeBitMapLen(rr.TypeBitMap)
 	return l
 }
 
+// APL RR. See RFC 3123.
+type APL struct {
+	Hdr      RR_Header
+	Prefixes []APLPrefix `dns:"apl"`
+}
+
+// APLPrefix is an address prefix hold by an APL record.
+type APLPrefix struct {
+	Negation bool
+	Network  net.IPNet
+}
+
+// String returns presentation form of the APL record.
+func (rr *APL) String() string {
+	var sb strings.Builder
+	sb.WriteString(rr.Hdr.String())
+	for i, p := range rr.Prefixes {
+		if i > 0 {
+			sb.WriteByte(' ')
+		}
+		sb.WriteString(p.str())
+	}
+	return sb.String()
+}
+
+// str returns presentation form of the APL prefix.
+func (p *APLPrefix) str() string {
+	var sb strings.Builder
+	if p.Negation {
+		sb.WriteByte('!')
+	}
+
+	switch len(p.Network.IP) {
+	case net.IPv4len:
+		sb.WriteByte('1')
+	case net.IPv6len:
+		sb.WriteByte('2')
+	}
+
+	sb.WriteByte(':')
+
+	switch len(p.Network.IP) {
+	case net.IPv4len:
+		sb.WriteString(p.Network.IP.String())
+	case net.IPv6len:
+		// add prefix for IPv4-mapped IPv6
+		if v4 := p.Network.IP.To4(); v4 != nil {
+			sb.WriteString("::ffff:")
+		}
+		sb.WriteString(p.Network.IP.String())
+	}
+
+	sb.WriteByte('/')
+
+	prefix, _ := p.Network.Mask.Size()
+	sb.WriteString(strconv.Itoa(prefix))
+
+	return sb.String()
+}
+
+// equals reports whether two APL prefixes are identical.
+func (a *APLPrefix) equals(b *APLPrefix) bool {
+	return a.Negation == b.Negation &&
+		bytes.Equal(a.Network.IP, b.Network.IP) &&
+		bytes.Equal(a.Network.Mask, b.Network.Mask)
+}
+
+// copy returns a copy of the APL prefix.
+func (p *APLPrefix) copy() APLPrefix {
+	return APLPrefix{
+		Negation: p.Negation,
+		Network:  copyNet(p.Network),
+	}
+}
+
+// len returns size of the prefix in wire format.
+func (p *APLPrefix) len() int {
+	// 4-byte header and the network address prefix (see Section 4 of RFC 3123)
+	prefix, _ := p.Network.Mask.Size()
+	return 4 + (prefix+7)/8
+}
+
 // TimeToString translates the RRSIG's incep. and expir. times to the
 // string representation used when printing the record.
 // It takes serial arithmetic (RFC 1982) into account.
@@ -1411,6 +1493,17 @@ func copyIP(ip net.IP) net.IP {
 	return p
 }
 
+// copyNet returns a copy of a subnet.
+func copyNet(n net.IPNet) net.IPNet {
+	m := make(net.IPMask, len(n.Mask))
+	copy(m, n.Mask)
+
+	return net.IPNet{
+		IP:   copyIP(n.IP),
+		Mask: m,
+	}
+}
+
 // SplitN splits a string into N sized string chunks.
 // This might become an exported function once.
 func splitN(s string, n int) []string {
diff --git a/vendor/github.com/miekg/dns/version.go b/vendor/github.com/miekg/dns/version.go
index 0e21bd6a..cab46b4f 100644
--- a/vendor/github.com/miekg/dns/version.go
+++ b/vendor/github.com/miekg/dns/version.go
@@ -3,7 +3,7 @@ package dns
 import "fmt"
 
 // Version is current version of this library.
-var Version = V{1, 1, 8}
+var Version = V{1, 1, 27}
 
 // V holds the version of this library.
 type V struct {
diff --git a/vendor/github.com/miekg/dns/xfr.go b/vendor/github.com/miekg/dns/xfr.go
index 82afc52e..43970e64 100644
--- a/vendor/github.com/miekg/dns/xfr.go
+++ b/vendor/github.com/miekg/dns/xfr.go
@@ -182,14 +182,17 @@ func (t *Transfer) inIxfr(q *Msg, c chan *Envelope) {
 //
 //	ch := make(chan *dns.Envelope)
 //	tr := new(dns.Transfer)
-//	go tr.Out(w, r, ch)
+//	var wg sync.WaitGroup
+//	go func() {
+//		tr.Out(w, r, ch)
+//		wg.Done()
+//	}()
 //	ch <- &dns.Envelope{RR: []dns.RR{soa, rr1, rr2, rr3, soa}}
 //	close(ch)
-//	w.Hijack()
-//	// w.Close() // Client closes connection
+//	wg.Wait() // wait until everything is written out
+//	w.Close() // close connection
 //
-// The server is responsible for sending the correct sequence of RRs through the
-// channel ch.
+// The server is responsible for sending the correct sequence of RRs through the channel ch.
 func (t *Transfer) Out(w ResponseWriter, q *Msg, ch chan *Envelope) error {
 	for x := range ch {
 		r := new(Msg)
@@ -198,11 +201,14 @@ func (t *Transfer) Out(w ResponseWriter, q *Msg, ch chan *Envelope) error {
 		r.Authoritative = true
 		// assume it fits TODO(miek): fix
 		r.Answer = append(r.Answer, x.RR...)
+		if tsig := q.IsTsig(); tsig != nil && w.TsigStatus() == nil {
+			r.SetTsig(tsig.Hdr.Name, tsig.Algorithm, tsig.Fudge, time.Now().Unix())
+		}
 		if err := w.WriteMsg(r); err != nil {
 			return err
 		}
+		w.TsigTimersOnly(true)
 	}
-	w.TsigTimersOnly(true)
 	return nil
 }
 
diff --git a/vendor/github.com/miekg/dns/zduplicate.go b/vendor/github.com/miekg/dns/zduplicate.go
index 74389162..a58a8c0c 100644
--- a/vendor/github.com/miekg/dns/zduplicate.go
+++ b/vendor/github.com/miekg/dns/zduplicate.go
@@ -52,6 +52,23 @@ func (r1 *ANY) isDuplicate(_r2 RR) bool {
 	return true
 }
 
+func (r1 *APL) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*APL)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if len(r1.Prefixes) != len(r2.Prefixes) {
+		return false
+	}
+	for i := 0; i < len(r1.Prefixes); i++ {
+		if !r1.Prefixes[i].equals(&r2.Prefixes[i]) {
+			return false
+		}
+	}
+	return true
+}
+
 func (r1 *AVC) isDuplicate(_r2 RR) bool {
 	r2, ok := _r2.(*AVC)
 	if !ok {
diff --git a/vendor/github.com/miekg/dns/zmsg.go b/vendor/github.com/miekg/dns/zmsg.go
index c4cf4757..02a5dfa4 100644
--- a/vendor/github.com/miekg/dns/zmsg.go
+++ b/vendor/github.com/miekg/dns/zmsg.go
@@ -36,6 +36,14 @@ func (rr *ANY) pack(msg []byte, off int, compression compressionMap, compress bo
 	return off, nil
 }
 
+func (rr *APL) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	off, err = packDataApl(rr.Prefixes, msg, off)
+	if err != nil {
+		return off, err
+	}
+	return off, nil
+}
+
 func (rr *AVC) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packStringTxt(rr.Txt, msg, off)
 	if err != nil {
@@ -1127,6 +1135,17 @@ func (rr *ANY) unpack(msg []byte, off int) (off1 int, err error) {
 	return off, nil
 }
 
+func (rr *APL) unpack(msg []byte, off int) (off1 int, err error) {
+	rdStart := off
+	_ = rdStart
+
+	rr.Prefixes, off, err = unpackDataApl(msg, off)
+	if err != nil {
+		return off, err
+	}
+	return off, nil
+}
+
 func (rr *AVC) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
diff --git a/vendor/github.com/miekg/dns/ztypes.go b/vendor/github.com/miekg/dns/ztypes.go
index 495a83e3..1cbd6d3f 100644
--- a/vendor/github.com/miekg/dns/ztypes.go
+++ b/vendor/github.com/miekg/dns/ztypes.go
@@ -13,6 +13,7 @@ var TypeToRR = map[uint16]func() RR{
 	TypeAAAA:       func() RR { return new(AAAA) },
 	TypeAFSDB:      func() RR { return new(AFSDB) },
 	TypeANY:        func() RR { return new(ANY) },
+	TypeAPL:        func() RR { return new(APL) },
 	TypeAVC:        func() RR { return new(AVC) },
 	TypeCAA:        func() RR { return new(CAA) },
 	TypeCDNSKEY:    func() RR { return new(CDNSKEY) },
@@ -87,6 +88,7 @@ var TypeToString = map[uint16]string{
 	TypeAAAA:       "AAAA",
 	TypeAFSDB:      "AFSDB",
 	TypeANY:        "ANY",
+	TypeAPL:        "APL",
 	TypeATMA:       "ATMA",
 	TypeAVC:        "AVC",
 	TypeAXFR:       "AXFR",
@@ -169,6 +171,7 @@ func (rr *A) Header() *RR_Header          { return &rr.Hdr }
 func (rr *AAAA) Header() *RR_Header       { return &rr.Hdr }
 func (rr *AFSDB) Header() *RR_Header      { return &rr.Hdr }
 func (rr *ANY) Header() *RR_Header        { return &rr.Hdr }
+func (rr *APL) Header() *RR_Header        { return &rr.Hdr }
 func (rr *AVC) Header() *RR_Header        { return &rr.Hdr }
 func (rr *CAA) Header() *RR_Header        { return &rr.Hdr }
 func (rr *CDNSKEY) Header() *RR_Header    { return &rr.Hdr }
@@ -262,6 +265,13 @@ func (rr *ANY) len(off int, compression map[string]struct{}) int {
 	l := rr.Hdr.len(off, compression)
 	return l
 }
+func (rr *APL) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	for _, x := range rr.Prefixes {
+		l += x.len()
+	}
+	return l
+}
 func (rr *AVC) len(off int, compression map[string]struct{}) int {
 	l := rr.Hdr.len(off, compression)
 	for _, x := range rr.Txt {
@@ -312,12 +322,12 @@ func (rr *DS) len(off int, compression map[string]struct{}) int {
 	l += 2 // KeyTag
 	l++    // Algorithm
 	l++    // DigestType
-	l += len(rr.Digest)/2 + 1
+	l += len(rr.Digest) / 2
 	return l
 }
 func (rr *EID) len(off int, compression map[string]struct{}) int {
 	l := rr.Hdr.len(off, compression)
-	l += len(rr.Endpoint)/2 + 1
+	l += len(rr.Endpoint) / 2
 	return l
 }
 func (rr *EUI48) len(off int, compression map[string]struct{}) int {
@@ -452,7 +462,7 @@ func (rr *NID) len(off int, compression map[string]struct{}) int {
 }
 func (rr *NIMLOC) len(off int, compression map[string]struct{}) int {
 	l := rr.Hdr.len(off, compression)
-	l += len(rr.Locator)/2 + 1
+	l += len(rr.Locator) / 2
 	return l
 }
 func (rr *NINFO) len(off int, compression map[string]struct{}) int {
@@ -505,7 +515,7 @@ func (rr *PX) len(off int, compression map[string]struct{}) int {
 }
 func (rr *RFC3597) len(off int, compression map[string]struct{}) int {
 	l := rr.Hdr.len(off, compression)
-	l += len(rr.Rdata)/2 + 1
+	l += len(rr.Rdata) / 2
 	return l
 }
 func (rr *RKEY) len(off int, compression map[string]struct{}) int {
@@ -546,7 +556,7 @@ func (rr *SMIMEA) len(off int, compression map[string]struct{}) int {
 	l++ // Usage
 	l++ // Selector
 	l++ // MatchingType
-	l += len(rr.Certificate)/2 + 1
+	l += len(rr.Certificate) / 2
 	return l
 }
 func (rr *SOA) len(off int, compression map[string]struct{}) int {
@@ -579,7 +589,7 @@ func (rr *SSHFP) len(off int, compression map[string]struct{}) int {
 	l := rr.Hdr.len(off, compression)
 	l++ // Algorithm
 	l++ // Type
-	l += len(rr.FingerPrint)/2 + 1
+	l += len(rr.FingerPrint) / 2
 	return l
 }
 func (rr *TA) len(off int, compression map[string]struct{}) int {
@@ -587,7 +597,7 @@ func (rr *TA) len(off int, compression map[string]struct{}) int {
 	l += 2 // KeyTag
 	l++    // Algorithm
 	l++    // DigestType
-	l += len(rr.Digest)/2 + 1
+	l += len(rr.Digest) / 2
 	return l
 }
 func (rr *TALINK) len(off int, compression map[string]struct{}) int {
@@ -614,7 +624,7 @@ func (rr *TLSA) len(off int, compression map[string]struct{}) int {
 	l++ // Usage
 	l++ // Selector
 	l++ // MatchingType
-	l += len(rr.Certificate)/2 + 1
+	l += len(rr.Certificate) / 2
 	return l
 }
 func (rr *TSIG) len(off int, compression map[string]struct{}) int {
@@ -673,6 +683,13 @@ func (rr *AFSDB) copy() RR {
 func (rr *ANY) copy() RR {
 	return &ANY{rr.Hdr}
 }
+func (rr *APL) copy() RR {
+	Prefixes := make([]APLPrefix, len(rr.Prefixes))
+	for i := range rr.Prefixes {
+		Prefixes[i] = rr.Prefixes[i].copy()
+	}
+	return &APL{rr.Hdr, Prefixes}
+}
 func (rr *AVC) copy() RR {
 	Txt := make([]string, len(rr.Txt))
 	copy(Txt, rr.Txt)
diff --git a/vendor/github.com/mitchellh/go-server-timing/.travis.yml b/vendor/github.com/mitchellh/go-server-timing/.travis.yml
deleted file mode 100644
index b5adb7ae..00000000
--- a/vendor/github.com/mitchellh/go-server-timing/.travis.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-language: go
-
-go:
-    - 1.9.x
-    - tip
-
-script:
-    - go test
-
-matrix:
-    allow_failures:
-        - go: tip
diff --git a/vendor/github.com/mitchellh/go-server-timing/LICENSE b/vendor/github.com/mitchellh/go-server-timing/LICENSE
deleted file mode 100644
index ef91ada6..00000000
--- a/vendor/github.com/mitchellh/go-server-timing/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2018 Mitchell Hashimoto
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/vendor/github.com/mitchellh/go-server-timing/README.md b/vendor/github.com/mitchellh/go-server-timing/README.md
deleted file mode 100644
index 7971f235..00000000
--- a/vendor/github.com/mitchellh/go-server-timing/README.md
+++ /dev/null
@@ -1,96 +0,0 @@
-# HTTP Server-Timing for Go
-[![Godoc](https://godoc.org/github.com/mitchellh/go-server-timing?status.svg)](https://godoc.org/github.com/mitchellh/go-server-timing)
-
-This is a library including middleware for using
-[HTTP Server-Timing](https://www.w3.org/TR/server-timing) with Go. This header
-allows a server to send timing information from the backend, such as database
-access time, file reads, etc. The timing information can be then be inspected
-in the standard browser developer tools:
-
-![Server Timing Example](https://raw.githubusercontent.com/mitchellh/go-server-timing/master/example/screenshot.png)
-
-## Features
-
-  * Middleware for injecting the server timing struct into the request `Context`
-    and writing the `Server-Timing` header.
-
-  * Concurrency-safe structures for easily recording timings of multiple
-    concurrency tasks.
-
-  * Parse `Server-Timing` headers as a client.
-
-  * Note: No browser properly supports sending the Server-Timing header as
-    an [HTTP Trailer](https://tools.ietf.org/html/rfc7230#section-4.4) so
-	the Middleware only supports a normal header currently.
-
-## Browser Support
-
-Browser support is required to **view** server timings easily. Because server
-timings are sent as an HTTP header, there is no negative impact to sending
-the header to unsupported browsers.
-
-  * **Chrome 65 or higher** is required to properly display server timings
-    in the devtools.
-
-  * **Firefox is pending** with an [open bug report (ID 1403051)](https://bugzilla.mozilla.org/show_bug.cgi?id=1403051)
-
-  * IE, Opera, and others are unknown at this time.
-
-## Usage
-
-Example usage is shown below. A fully runnable example is available in
-the `example/` directory.
-
-```go
-func main() {
-	// Our handler. In a real application this might be your root router,
-	// or some subset of your router. Wrapping this ensures that all routes
-	// handled by this handler have access to the server timing header struct.
-	var h http.Handler = http.HandlerFunc(handler)
-
-	// Wrap our handler with the server timing middleware
-	h = servertiming.Middleware(h, nil)
-
-	// Start!
-	http.ListenAndServe(":8080", h)
-}
-
-func handler(w http.ResponseWriter, r *http.Request) {
-	// Get our timing header builder from the context
-	timing := servertiming.FromContext(r.Context())
-
-	// Imagine your handler performs some tasks in a goroutine, such as
-	// accessing some remote service. timing is concurrency safe so we can
-	// record how long that takes. Let's simulate making 5 concurrent requests
-	// to various servicse.
-	var wg sync.WaitGroup
-	for i := 0; i < 5; i++ {
-		wg.Add(1)
-		name := fmt.Sprintf("service-%d", i)
-		go func(name string) {
-			// This creats a new metric and starts the timer. The Stop is
-			// deferred so when the function exits it'll record the duration.
-			defer timing.NewMetric(name).Start().Stop()
-			time.Sleep(random(25, 75))
-			wg.Done()
-		}(name)
-	}
-
-	// Imagine this is just some blocking code in your main handler such
-	// as a SQL query. Let's record that.
-	m := timing.NewMetric("sql").WithDesc("SQL query").Start()
-	time.Sleep(random(20, 50))
-	m.Stop()
-
-	// Wait for the goroutine to end
-	wg.Wait()
-
-	// You could continue recording more metrics, but let's just return now
-	w.WriteHeader(200)
-	w.Write([]byte("Done. Check your browser inspector timing details."))
-}
-
-func random(min, max int) time.Duration {
-	return (time.Duration(rand.Intn(max-min) + min)) * time.Millisecond
-}
-```
diff --git a/vendor/github.com/mitchellh/go-server-timing/context.go b/vendor/github.com/mitchellh/go-server-timing/context.go
deleted file mode 100644
index 836a750d..00000000
--- a/vendor/github.com/mitchellh/go-server-timing/context.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package servertiming
-
-import (
-	"context"
-)
-
-// NewContext returns a new Context that carries the Header value h.
-func NewContext(ctx context.Context, h *Header) context.Context {
-	return context.WithValue(ctx, contextKey, h)
-}
-
-// FromContext returns the *Header in the context, if any. If no Header
-// value exists, nil is returned.
-func FromContext(ctx context.Context) *Header {
-	h, _ := ctx.Value(contextKey).(*Header)
-	return h
-}
-
-type contextKeyType struct{}
-
-// The key where the header value is stored. This is globally unique since
-// it uses a custom unexported type. The struct{} costs zero allocations.
-var contextKey = contextKeyType(struct{}{})
diff --git a/vendor/github.com/mitchellh/go-server-timing/go.mod b/vendor/github.com/mitchellh/go-server-timing/go.mod
deleted file mode 100644
index ced647b6..00000000
--- a/vendor/github.com/mitchellh/go-server-timing/go.mod
+++ /dev/null
@@ -1,6 +0,0 @@
-module github.com/mitchellh/go-server-timing
-
-require (
-	github.com/felixge/httpsnoop v1.0.0
-	github.com/golang/gddo v0.0.0-20180823221919-9d8ff1c67be5
-)
diff --git a/vendor/github.com/mitchellh/go-server-timing/go.sum b/vendor/github.com/mitchellh/go-server-timing/go.sum
deleted file mode 100644
index d97eae5b..00000000
--- a/vendor/github.com/mitchellh/go-server-timing/go.sum
+++ /dev/null
@@ -1,4 +0,0 @@
-github.com/felixge/httpsnoop v1.0.0 h1:gh8fMGz0rlOv/1WmRZm7OgncIOTsAj21iNJot48omJQ=
-github.com/felixge/httpsnoop v1.0.0/go.mod h1:3+D9sFq0ahK/JeJPhCBUV1xlf4/eIYrUQaxulT0VzX8=
-github.com/golang/gddo v0.0.0-20180823221919-9d8ff1c67be5 h1:yrv1uUvgXH/tEat+wdvJMRJ4g51GlIydtDpU9pFjaaI=
-github.com/golang/gddo v0.0.0-20180823221919-9d8ff1c67be5/go.mod h1:xEhNfoBDX1hzLm2Nf80qUvZ2sVwoMZ8d6IE2SrsQfh4=
diff --git a/vendor/github.com/mitchellh/go-server-timing/header.go b/vendor/github.com/mitchellh/go-server-timing/header.go
deleted file mode 100644
index 74d7c7ef..00000000
--- a/vendor/github.com/mitchellh/go-server-timing/header.go
+++ /dev/null
@@ -1,129 +0,0 @@
-package servertiming
-
-import (
-	"fmt"
-	"net/http"
-	"regexp"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/golang/gddo/httputil/header"
-)
-
-// HeaderKey is the specified key for the Server-Timing header.
-const HeaderKey = "Server-Timing"
-
-// Header represents a collection of metrics that can be encoded as
-// a Server-Timing header value.
-//
-// The functions for working with metrics are concurrency-safe to make
-// it easy to record metrics from goroutines. If you want to avoid the
-// lock overhead, you can access the Metrics field directly.
-//
-// The functions for working with metrics are also usable on a nil
-// Header pointer. This allows functions that use FromContext to get the
-// *Header value to skip nil-checking and use it as normal. On a nil
-// *Header, Metrics are not recorded.
-type Header struct {
-	// Metrics is the list of metrics in the header.
-	Metrics []*Metric
-
-	// The lock that is held when Metrics is being modified. This
-	// ONLY NEEDS TO BE SET WHEN working with Metrics directly. If using
-	// the functions on the struct, the lock is managed automatically.
-	sync.Mutex
-}
-
-// ParseHeader parses a Server-Timing header value.
-func ParseHeader(input string) (*Header, error) {
-	// Split the comma-separated list of metrics
-	rawMetrics := header.ParseList(headerParams(input))
-
-	// Parse the list of metrics. We can pre-allocate the length of the
-	// comma-separated list of metrics since at most it will be that and
-	// most likely it will be that length.
-	metrics := make([]*Metric, 0, len(rawMetrics))
-	for _, raw := range rawMetrics {
-		var m Metric
-		m.Name, m.Extra = header.ParseValueAndParams(headerParams(raw))
-
-		// Description
-		if v, ok := m.Extra[paramNameDesc]; ok {
-			m.Desc = v
-			delete(m.Extra, paramNameDesc)
-		}
-
-		// Duration. This is treated as a millisecond value since that
-		// is what modern browsers are treating it as. If the parsing of
-		// an integer fails, the set value remains in the Extra field.
-		if v, ok := m.Extra[paramNameDur]; ok {
-			m.Duration, _ = time.ParseDuration(v + "ms")
-			delete(m.Extra, paramNameDur)
-		}
-
-		metrics = append(metrics, &m)
-	}
-
-	return &Header{Metrics: metrics}, nil
-}
-
-// NewMetric creates a new Metric and adds it to this header.
-func (h *Header) NewMetric(name string) *Metric {
-	return h.Add(&Metric{Name: name})
-}
-
-// Add adds the given metric to the header.
-//
-// This function is safe to call concurrently.
-func (h *Header) Add(m *Metric) *Metric {
-	if h == nil {
-		return m
-	}
-
-	h.Lock()
-	defer h.Unlock()
-	h.Metrics = append(h.Metrics, m)
-	return m
-}
-
-// String returns the valid Server-Timing header value that can be
-// sent in an HTTP response.
-func (h *Header) String() string {
-	parts := make([]string, 0, len(h.Metrics))
-	for _, m := range h.Metrics {
-		parts = append(parts, m.String())
-	}
-
-	return strings.Join(parts, ",")
-}
-
-// Specified server-timing-param-name values.
-const (
-	paramNameDesc = "desc"
-	paramNameDur  = "dur"
-)
-
-// headerParams is a helper function that takes a header value and turns
-// it into the expected argument format for the httputil/header library
-// functions..
-func headerParams(s string) (http.Header, string) {
-	const key = "Key"
-	return http.Header(map[string][]string{
-		key: {s},
-	}), key
-}
-
-var reNumber = regexp.MustCompile(`^\d+\.?\d*$`)
-
-// headerEncodeParam encodes a key/value pair as a proper `key=value`
-// syntax, using double-quotes if necessary.
-func headerEncodeParam(key, value string) string {
-	// The only case we currently don't quote is numbers. We can make this
-	// smarter in the future.
-	if reNumber.MatchString(value) {
-		return fmt.Sprintf(`%s=%s`, key, value)
-	}
-
-	return fmt.Sprintf(`%s=%q`, key, value)
-}
diff --git a/vendor/github.com/mitchellh/go-server-timing/metric.go b/vendor/github.com/mitchellh/go-server-timing/metric.go
deleted file mode 100644
index c8033278..00000000
--- a/vendor/github.com/mitchellh/go-server-timing/metric.go
+++ /dev/null
@@ -1,125 +0,0 @@
-package servertiming
-
-import (
-	"fmt"
-	"strconv"
-	"strings"
-	"time"
-)
-
-// Metric represents a single metric for the Server-Timing header.
-//
-// The easiest way to use the Metric is to use NewMetric and chain it. This
-// results in a single line defer at the top of a function time a function.
-//
-//   timing := FromContext(r.Context())
-//   defer timing.NewMetric("sql").Start().Stop()
-//
-// For timing around specific blocks of code:
-//
-//   m := timing.NewMetric("sql").Start()
-//   // ... run your code being timed here
-//   m.Stop()
-//
-// A metric is expected to represent a single timing event. Therefore,
-// no functions on the struct are safe for concurrency by default. If a single
-// Metric is shared by multiple concurrenty goroutines, you must lock access
-// manually.
-type Metric struct {
-	// Name is the name of the metric. This must be a valid RFC7230 "token"
-	// format. In a gist, this is an alphanumeric string that may contain
-	// most common symbols but may not contain any whitespace. The exact
-	// syntax can be found in RFC7230.
-	//
-	// It is common for Name to be a unique identifier (such as "sql-1") and
-	// for a more human-friendly name to be used in the "desc" field.
-	Name string
-
-	// Duration is the duration of this Metric.
-	Duration time.Duration
-
-	// Desc is any string describing this metric. For example: "SQL Primary".
-	// The specific format of this is `token | quoted-string` according to
-	// RFC7230.
-	Desc string
-
-	// Extra is a set of extra parameters and values to send with the
-	// metric. The specification states that unrecognized parameters are
-	// to be ignored so it should be safe to add additional data here. The
-	// key must be a valid "token" (same syntax as Name) and the value can
-	// be any "token | quoted-string" (same as Desc field).
-	//
-	// If this map contains a key that would be sent by another field in this
-	// struct (such as "desc"), then this value is prioritized over the
-	// struct value.
-	Extra map[string]string
-
-	// startTime is the time that this metric recording was started if
-	// Start() was called.
-	startTime time.Time
-}
-
-// WithDesc is a chaining-friendly helper to set the Desc field on the Metric.
-func (m *Metric) WithDesc(desc string) *Metric {
-	m.Desc = desc
-	return m
-}
-
-// Start starts a timer for recording the duration of some task. This must
-// be paired with a Stop call to set the duration. Calling this again will
-// reset the start time for a subsequent Stop call.
-func (m *Metric) Start() *Metric {
-	m.startTime = time.Now()
-	return m
-}
-
-// Stop ends the timer started with Start and records the duration in the
-// Duration field. Calling this multiple times will modify the Duration based
-// on the last time Start was called.
-//
-// If Start was never called, this function has zero effect.
-func (m *Metric) Stop() *Metric {
-	// Only record if we have a start time set with Start()
-	if !m.startTime.IsZero() {
-		m.Duration = time.Since(m.startTime)
-	}
-
-	return m
-}
-
-// String returns the valid Server-Timing metric entry value.
-func (m *Metric) String() string {
-	// Begin building parts, expected capacity is length of extra
-	// fields plus id, desc, dur.
-	parts := make([]string, 1, len(m.Extra)+3)
-	parts[0] = m.Name
-
-	// Description
-	if _, ok := m.Extra[paramNameDesc]; !ok && m.Desc != "" {
-		parts = append(parts, headerEncodeParam(paramNameDesc, m.Desc))
-	}
-
-	// Duration
-	if _, ok := m.Extra[paramNameDur]; !ok && m.Duration > 0 {
-		parts = append(parts, headerEncodeParam(
-			paramNameDur,
-			strconv.FormatFloat(float64(m.Duration)/float64(time.Millisecond), 'f', -1, 64),
-		))
-	}
-
-	// All remaining extra params
-	for k, v := range m.Extra {
-		parts = append(parts, headerEncodeParam(k, v))
-	}
-
-	return strings.Join(parts, ";")
-}
-
-// GoString is needed for fmt.GoStringer so %v works on pointer value.
-func (m *Metric) GoString() string {
-	if m == nil {
-		return "nil"
-	}
-
-	return fmt.Sprintf("*%#v", *m)
-}
diff --git a/vendor/github.com/mitchellh/go-server-timing/middleware.go b/vendor/github.com/mitchellh/go-server-timing/middleware.go
deleted file mode 100644
index 3d73771a..00000000
--- a/vendor/github.com/mitchellh/go-server-timing/middleware.go
+++ /dev/null
@@ -1,84 +0,0 @@
-package servertiming
-
-import (
-	"net/http"
-
-	"github.com/felixge/httpsnoop"
-)
-
-// MiddlewareOpts are options for the Middleware.
-type MiddlewareOpts struct {
-	// Nothing currently, reserved for the future.
-}
-
-// Middleware wraps an http.Handler and provides a *Header in the request
-// context that can be used to set Server-Timing headers. The *Header can be
-// extracted from the context using FromContext.
-//
-// The options supplied to this can be nil to use defaults.
-//
-// The Server-Timing header will be written when the status is written
-// only if there are non-empty number of metrics.
-//
-// To control when Server-Timing is sent, the easiest approach is to wrap
-// this middleware and only call it if the request should send server timings.
-// For examples, see the README.
-func Middleware(next http.Handler, _ *MiddlewareOpts) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		var (
-			// Create the Server-Timing headers struct
-			h Header
-			// Remember if the timing header were added to the response headers
-			headerWritten bool
-		)
-
-		// This places the *Header value into the request context. This
-		// can be extracted again with FromContext.
-		r = r.WithContext(NewContext(r.Context(), &h))
-
-		// Get the header map. This is a reference and shouldn't change.
-		headers := w.Header()
-
-		// Hook the response writer we pass upstream so we can modify headers
-		// before they write them to the wire, but after we know what status
-		// they are writing.
-		hooks := httpsnoop.Hooks{
-			WriteHeader: func(original httpsnoop.WriteHeaderFunc) httpsnoop.WriteHeaderFunc {
-				// Return a function with same signature as
-				// http.ResponseWriter.WriteHeader to be called in it's place
-				return func(code int) {
-					// Write the headers
-					writeHeader(headers, &h)
-
-					// Remember that headers were written
-					headerWritten = true
-
-					// Call the original WriteHeader function
-					original(code)
-				}
-			},
-		}
-
-		w = httpsnoop.Wrap(w, hooks)
-		next.ServeHTTP(w, r)
-
-		// In case that next did not called WriteHeader function, add timing header to the response headers
-		if !headerWritten {
-			writeHeader(headers, &h)
-		}
-	})
-}
-
-func writeHeader(headers http.Header, h *Header) {
-	// Grab the lock just in case there is any ongoing concurrency that
-	// still has a reference and may be modifying the value.
-	h.Lock()
-	defer h.Unlock()
-
-	// If there are no metrics set, do nothing
-	if len(h.Metrics) == 0 {
-		return
-	}
-
-	headers.Set(HeaderKey, h.String())
-}
diff --git a/vendor/github.com/sirupsen/logrus/go.mod b/vendor/github.com/sirupsen/logrus/go.mod
index ea266226..12fdf989 100644
--- a/vendor/github.com/sirupsen/logrus/go.mod
+++ b/vendor/github.com/sirupsen/logrus/go.mod
@@ -8,5 +8,3 @@ require (
 	github.com/stretchr/testify v1.2.2
 	golang.org/x/sys v0.0.0-20190422165155-953cdadca894
 )
-
-go 1.13
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/asm_ppc64le.s b/vendor/golang.org/x/crypto/internal/chacha20/asm_ppc64le.s
index cde3fc98..54418522 100644
--- a/vendor/golang.org/x/crypto/internal/chacha20/asm_ppc64le.s
+++ b/vendor/golang.org/x/crypto/internal/chacha20/asm_ppc64le.s
@@ -10,15 +10,14 @@
 // # details see http://www.openssl.org/~appro/cryptogams/.
 // # ====================================================================
 
-// Original code can be found at the link below:
-// https://github.com/dot-asm/cryptogams/commit/a60f5b50ed908e91e5c39ca79126a4a876d5d8ff
+// Code for the perl script that generates the ppc64 assembler
+// can be found in the cryptogams repository at the link below. It is based on
+// the original from openssl.
 
-// There are some differences between CRYPTOGAMS code and this one. The round
-// loop for "_int" isn't the same as the original. Some adjustments were
-// necessary because there are less vector registers available.  For example, some
-// X variables (r12, r13, r14, and r15) share the same register used by the
-// counter. The original code uses ctr to name the counter. Here we use CNT
-// because golang uses CTR as the counter register name.
+// https://github.com/dot-asm/cryptogams/commit/a60f5b50ed908e91
+
+// The differences in this and the original implementation are
+// due to the calling conventions and initialization of constants.
 
 // +build ppc64le,!gccgo,!appengine
 
@@ -29,8 +28,9 @@
 #define LEN  R5
 #define KEY  R6
 #define CNT  R7
+#define TMP  R15
 
-#define TEMP R8
+#define CONSTBASE  R16
 
 #define X0   R11
 #define X1   R12
@@ -49,620 +49,417 @@
 #define X14  R26
 #define X15  R27
 
-#define CON0 X0
-#define CON1 X1
-#define CON2 X2
-#define CON3 X3
 
-#define KEY0 X4
-#define KEY1 X5
-#define KEY2 X6
-#define KEY3 X7
-#define KEY4 X8
-#define KEY5 X9
-#define KEY6 X10
-#define KEY7 X11
+DATA consts<>+0x00(SB)/8, $0x3320646e61707865
+DATA consts<>+0x08(SB)/8, $0x6b20657479622d32
+DATA consts<>+0x10(SB)/8, $0x0000000000000001
+DATA consts<>+0x18(SB)/8, $0x0000000000000000
+DATA consts<>+0x20(SB)/8, $0x0000000000000004
+DATA consts<>+0x28(SB)/8, $0x0000000000000000
+DATA consts<>+0x30(SB)/8, $0x0a0b08090e0f0c0d
+DATA consts<>+0x38(SB)/8, $0x0203000106070405
+DATA consts<>+0x40(SB)/8, $0x090a0b080d0e0f0c
+DATA consts<>+0x48(SB)/8, $0x0102030005060704
+DATA consts<>+0x50(SB)/8, $0x6170786561707865
+DATA consts<>+0x58(SB)/8, $0x6170786561707865
+DATA consts<>+0x60(SB)/8, $0x3320646e3320646e
+DATA consts<>+0x68(SB)/8, $0x3320646e3320646e
+DATA consts<>+0x70(SB)/8, $0x79622d3279622d32
+DATA consts<>+0x78(SB)/8, $0x79622d3279622d32
+DATA consts<>+0x80(SB)/8, $0x6b2065746b206574
+DATA consts<>+0x88(SB)/8, $0x6b2065746b206574
+DATA consts<>+0x90(SB)/8, $0x0000000100000000
+DATA consts<>+0x98(SB)/8, $0x0000000300000002
+GLOBL consts<>(SB), RODATA, $0xa0
 
-#define CNT0 X12
-#define CNT1 X13
-#define CNT2 X14
-#define CNT3 X15
-
-#define TMP0 R9
-#define TMP1 R10
-#define TMP2 R28
-#define TMP3 R29
-
-#define CONSTS  R8
-
-#define A0      V0
-#define B0      V1
-#define C0      V2
-#define D0      V3
-#define A1      V4
-#define B1      V5
-#define C1      V6
-#define D1      V7
-#define A2      V8
-#define B2      V9
-#define C2      V10
-#define D2      V11
-#define T0      V12
-#define T1      V13
-#define T2      V14
-
-#define K0      V15
-#define K1      V16
-#define K2      V17
-#define K3      V18
-#define K4      V19
-#define K5      V20
-
-#define FOUR    V21
-#define SIXTEEN V22
-#define TWENTY4 V23
-#define TWENTY  V24
-#define TWELVE  V25
-#define TWENTY5 V26
-#define SEVEN   V27
-
-#define INPPERM V28
-#define OUTPERM V29
-#define OUTMASK V30
-
-#define DD0     V31
-#define DD1     SEVEN
-#define DD2     T0
-#define DD3     T1
-#define DD4     T2
-
-DATA  ·consts+0x00(SB)/8, $0x3320646e61707865
-DATA  ·consts+0x08(SB)/8, $0x6b20657479622d32
-DATA  ·consts+0x10(SB)/8, $0x0000000000000001
-DATA  ·consts+0x18(SB)/8, $0x0000000000000000
-DATA  ·consts+0x20(SB)/8, $0x0000000000000004
-DATA  ·consts+0x28(SB)/8, $0x0000000000000000
-DATA  ·consts+0x30(SB)/8, $0x0a0b08090e0f0c0d
-DATA  ·consts+0x38(SB)/8, $0x0203000106070405
-DATA  ·consts+0x40(SB)/8, $0x090a0b080d0e0f0c
-DATA  ·consts+0x48(SB)/8, $0x0102030005060704
-GLOBL ·consts(SB), RODATA, $80
-
-//func chaCha20_ctr32_vmx(out, inp *byte, len int, key *[32]byte, counter *[16]byte)
-TEXT ·chaCha20_ctr32_vmx(SB),NOSPLIT|NOFRAME,$0
-	// Load the arguments inside the registers
+//func chaCha20_ctr32_vsx(out, inp []byte, len int, key *[32]byte, counter *[16]byte)
+TEXT ·chaCha20_ctr32_vsx(SB),NOSPLIT,$64-40
 	MOVD out+0(FP), OUT
 	MOVD inp+8(FP), INP
 	MOVD len+16(FP), LEN
 	MOVD key+24(FP), KEY
-	MOVD counter+32(FP), CNT
+	MOVD cnt+32(FP), CNT
 
-	MOVD $·consts(SB), CONSTS // point to consts addr
+	// Addressing for constants
+	MOVD $consts<>+0x00(SB), CONSTBASE
+	MOVD $16, R8
+	MOVD $32, R9
+	MOVD $48, R10
+	MOVD $64, R11
+	// V16
+	LXVW4X (CONSTBASE)(R0), VS48
+	ADD $80,CONSTBASE
 
-	MOVD $16, X0
-	MOVD $32, X1
-	MOVD $48, X2
-	MOVD $64, X3
-	MOVD $31, X4
-	MOVD $15, X5
+	// Load key into V17,V18
+	LXVW4X (KEY)(R0), VS49
+	LXVW4X (KEY)(R8), VS50
 
-	// Load key
-	LVX  (KEY)(R0), K1
-	LVSR (KEY)(R0), T0
-	LVX  (KEY)(X0), K2
-	LVX  (KEY)(X4), DD0
+	// Load CNT, NONCE into V19
+	LXVW4X (CNT)(R0), VS51
 
-	// Load counter
-	LVX  (CNT)(R0), K3
-	LVSR (CNT)(R0), T1
-	LVX  (CNT)(X5), DD1
+	// Clear V27
+	VXOR V27, V27, V27
 
-	// Load constants
-	LVX (CONSTS)(R0), K0
-	LVX (CONSTS)(X0), K5
-	LVX (CONSTS)(X1), FOUR
-	LVX (CONSTS)(X2), SIXTEEN
-	LVX (CONSTS)(X3), TWENTY4
+	// V28
+	LXVW4X (CONSTBASE)(R11), VS60
 
-	// Align key and counter
-	VPERM K2,  K1, T0, K1
-	VPERM DD0, K2, T0, K2
-	VPERM DD1, K3, T1, K3
+	// splat slot from V19 -> V26
+	VSPLTW $0, V19, V26
 
-	// Load counter to GPR
-	MOVWZ 0(CNT), CNT0
-	MOVWZ 4(CNT), CNT1
-	MOVWZ 8(CNT), CNT2
-	MOVWZ 12(CNT), CNT3
+	VSLDOI $4, V19, V27, V19
+	VSLDOI $12, V27, V19, V19
 
-	// Adjust vectors for the initial state
-	VADDUWM K3, K5, K3
-	VADDUWM K3, K5, K4
-	VADDUWM K4, K5, K5
+	VADDUWM V26, V28, V26
 
-	// Synthesized constants
-	VSPLTISW $-12, TWENTY
-	VSPLTISW $12, TWELVE
-	VSPLTISW $-7, TWENTY5
+	MOVD $10, R14
+	MOVD R14, CTR
 
-	VXOR T0, T0, T0
-	VSPLTISW $-1, OUTMASK
-	LVSR (INP)(R0), INPPERM
-	LVSL (OUT)(R0), OUTPERM
-	VPERM OUTMASK, T0, OUTPERM, OUTMASK
+loop_outer_vsx:
+	// V0, V1, V2, V3
+	LXVW4X (R0)(CONSTBASE), VS32
+	LXVW4X (R8)(CONSTBASE), VS33
+	LXVW4X (R9)(CONSTBASE), VS34
+	LXVW4X (R10)(CONSTBASE), VS35
 
-loop_outer_vmx:
-	// Load constant
-	MOVD $0x61707865, CON0
-	MOVD $0x3320646e, CON1
-	MOVD $0x79622d32, CON2
-	MOVD $0x6b206574, CON3
+	// splat values from V17, V18 into V4-V11
+	VSPLTW $0, V17, V4
+	VSPLTW $1, V17, V5
+	VSPLTW $2, V17, V6
+	VSPLTW $3, V17, V7
+	VSPLTW $0, V18, V8
+	VSPLTW $1, V18, V9
+	VSPLTW $2, V18, V10
+	VSPLTW $3, V18, V11
 
-	VOR K0, K0, A0
-	VOR K0, K0, A1
-	VOR K0, K0, A2
-	VOR K1, K1, B0
+	// VOR
+	VOR V26, V26, V12
 
-	MOVD $10, TEMP
+	// splat values from V19 -> V13, V14, V15
+	VSPLTW $1, V19, V13
+	VSPLTW $2, V19, V14
+	VSPLTW $3, V19, V15
 
-	// Load key to GPR
-	MOVWZ 0(KEY), X4
-	MOVWZ 4(KEY), X5
-	MOVWZ 8(KEY), X6
-	MOVWZ 12(KEY), X7
-	VOR K1, K1, B1
-	VOR K1, K1, B2
-	MOVWZ 16(KEY), X8
-	MOVWZ  0(CNT), X12
-	MOVWZ 20(KEY), X9
-	MOVWZ 4(CNT), X13
-	VOR K2, K2, C0
-	VOR K2, K2, C1
-	MOVWZ 24(KEY), X10
-	MOVWZ 8(CNT), X14
-	VOR K2, K2, C2
-	VOR K3, K3, D0
-	MOVWZ 28(KEY), X11
-	MOVWZ 12(CNT), X15
-	VOR K4, K4, D1
-	VOR K5, K5, D2
+	// splat   const values
+	VSPLTISW $-16, V27
+	VSPLTISW $12, V28
+	VSPLTISW $8, V29
+	VSPLTISW $7, V30
 
-	MOVD X4, TMP0
-	MOVD X5, TMP1
-	MOVD X6, TMP2
-	MOVD X7, TMP3
-	VSPLTISW $7, SEVEN
+loop_vsx:
+	VADDUWM V0, V4, V0
+	VADDUWM V1, V5, V1
+	VADDUWM V2, V6, V2
+	VADDUWM V3, V7, V3
 
-	MOVD TEMP, CTR
+	VXOR V12, V0, V12
+	VXOR V13, V1, V13
+	VXOR V14, V2, V14
+	VXOR V15, V3, V15
 
-loop_vmx:
-	// CRYPTOGAMS uses a macro to create a loop using perl. This isn't possible
-	// using assembly macros.  Therefore, the macro expansion result was used
-	// in order to maintain the algorithm efficiency.
-	// This loop generates three keystream blocks using VMX instructions and,
-	// in parallel, one keystream block using scalar instructions.
-	ADD X4, X0, X0
-	ADD X5, X1, X1
-	VADDUWM A0, B0, A0
-	VADDUWM A1, B1, A1
-	ADD X6, X2, X2
-	ADD X7, X3, X3
-	VADDUWM A2, B2, A2
-	VXOR D0, A0, D0
-	XOR X0, X12, X12
-	XOR X1, X13, X13
-	VXOR D1, A1, D1
-	VXOR D2, A2, D2
-	XOR X2, X14, X14
-	XOR X3, X15, X15
-	VPERM D0, D0, SIXTEEN, D0
-	VPERM D1, D1, SIXTEEN, D1
-	ROTLW $16, X12, X12
-	ROTLW $16, X13, X13
-	VPERM D2, D2, SIXTEEN, D2
-	VADDUWM C0, D0, C0
-	ROTLW $16, X14, X14
-	ROTLW $16, X15, X15
-	VADDUWM C1, D1, C1
-	VADDUWM C2, D2, C2
-	ADD X12, X8, X8
-	ADD X13, X9, X9
-	VXOR B0, C0, T0
-	VXOR B1, C1, T1
-	ADD X14, X10, X10
-	ADD X15, X11, X11
-	VXOR B2, C2, T2
-	VRLW T0, TWELVE, B0
-	XOR X8, X4, X4
-	XOR X9, X5, X5
-	VRLW T1, TWELVE, B1
-	VRLW T2, TWELVE, B2
-	XOR X10, X6, X6
-	XOR X11, X7, X7
-	VADDUWM A0, B0, A0
-	VADDUWM A1, B1, A1
-	ROTLW $12, X4, X4
-	ROTLW $12, X5, X5
-	VADDUWM A2, B2, A2
-	VXOR D0, A0, D0
-	ROTLW $12, X6, X6
-	ROTLW $12, X7, X7
-	VXOR D1, A1, D1
-	VXOR D2, A2, D2
-	ADD X4, X0, X0
-	ADD X5, X1, X1
-	VPERM D0, D0, TWENTY4, D0
-	VPERM D1, D1, TWENTY4, D1
-	ADD X6, X2, X2
-	ADD X7, X3, X3
-	VPERM D2, D2, TWENTY4, D2
-	VADDUWM C0, D0, C0
-	XOR X0, X12, X12
-	XOR X1, X13, X13
-	VADDUWM C1, D1, C1
-	VADDUWM C2, D2, C2
-	XOR X2, X14, X14
-	XOR X3, X15, X15
-	VXOR B0, C0, T0
-	VXOR B1, C1, T1
-	ROTLW $8, X12, X12
-	ROTLW $8, X13, X13
-	VXOR B2, C2, T2
-	VRLW T0, SEVEN, B0
-	ROTLW $8, X14, X14
-	ROTLW $8, X15, X15
-	VRLW T1, SEVEN, B1
-	VRLW T2, SEVEN, B2
-	ADD X12, X8, X8
-	ADD X13, X9, X9
-	VSLDOI $8, C0, C0, C0
-	VSLDOI $8, C1, C1, C1
-	ADD X14, X10, X10
-	ADD X15, X11, X11
-	VSLDOI $8, C2, C2, C2
-	VSLDOI $12, B0, B0, B0
-	XOR X8, X4, X4
-	XOR X9, X5, X5
-	VSLDOI $12, B1, B1, B1
-	VSLDOI $12, B2, B2, B2
-	XOR X10, X6, X6
-	XOR X11, X7, X7
-	VSLDOI $4, D0, D0, D0
-	VSLDOI $4, D1, D1, D1
-	ROTLW $7, X4, X4
-	ROTLW $7, X5, X5
-	VSLDOI $4, D2, D2, D2
-	VADDUWM A0, B0, A0
-	ROTLW $7, X6, X6
-	ROTLW $7, X7, X7
-	VADDUWM A1, B1, A1
-	VADDUWM A2, B2, A2
-	ADD X5, X0, X0
-	ADD X6, X1, X1
-	VXOR D0, A0, D0
-	VXOR D1, A1, D1
-	ADD X7, X2, X2
-	ADD X4, X3, X3
-	VXOR D2, A2, D2
-	VPERM D0, D0, SIXTEEN, D0
-	XOR X0, X15, X15
-	XOR X1, X12, X12
-	VPERM D1, D1, SIXTEEN, D1
-	VPERM D2, D2, SIXTEEN, D2
-	XOR X2, X13, X13
-	XOR X3, X14, X14
-	VADDUWM C0, D0, C0
-	VADDUWM C1, D1, C1
-	ROTLW $16, X15, X15
-	ROTLW $16, X12, X12
-	VADDUWM C2, D2, C2
-	VXOR B0, C0, T0
-	ROTLW $16, X13, X13
-	ROTLW $16, X14, X14
-	VXOR B1, C1, T1
-	VXOR B2, C2, T2
-	ADD X15, X10, X10
-	ADD X12, X11, X11
-	VRLW T0, TWELVE, B0
-	VRLW T1, TWELVE, B1
-	ADD X13, X8, X8
-	ADD X14, X9, X9
-	VRLW T2, TWELVE, B2
-	VADDUWM A0, B0, A0
-	XOR X10, X5, X5
-	XOR X11, X6, X6
-	VADDUWM A1, B1, A1
-	VADDUWM A2, B2, A2
-	XOR X8, X7, X7
-	XOR X9, X4, X4
-	VXOR D0, A0, D0
-	VXOR D1, A1, D1
-	ROTLW $12, X5, X5
-	ROTLW $12, X6, X6
-	VXOR D2, A2, D2
-	VPERM D0, D0, TWENTY4, D0
-	ROTLW $12, X7, X7
-	ROTLW $12, X4, X4
-	VPERM D1, D1, TWENTY4, D1
-	VPERM D2, D2, TWENTY4, D2
-	ADD X5, X0, X0
-	ADD X6, X1, X1
-	VADDUWM C0, D0, C0
-	VADDUWM C1, D1, C1
-	ADD X7, X2, X2
-	ADD X4, X3, X3
-	VADDUWM C2, D2, C2
-	VXOR B0, C0, T0
-	XOR X0, X15, X15
-	XOR X1, X12, X12
-	VXOR B1, C1, T1
-	VXOR B2, C2, T2
-	XOR X2, X13, X13
-	XOR X3, X14, X14
-	VRLW T0, SEVEN, B0
-	VRLW T1, SEVEN, B1
-	ROTLW $8, X15, X15
-	ROTLW $8, X12, X12
-	VRLW T2, SEVEN, B2
-	VSLDOI $8, C0, C0, C0
-	ROTLW $8, X13, X13
-	ROTLW $8, X14, X14
-	VSLDOI $8, C1, C1, C1
-	VSLDOI $8, C2, C2, C2
-	ADD X15, X10, X10
-	ADD X12, X11, X11
-	VSLDOI $4, B0, B0, B0
-	VSLDOI $4, B1, B1, B1
-	ADD X13, X8, X8
-	ADD X14, X9, X9
-	VSLDOI $4, B2, B2, B2
-	VSLDOI $12, D0, D0, D0
-	XOR X10, X5, X5
-	XOR X11, X6, X6
-	VSLDOI $12, D1, D1, D1
-	VSLDOI $12, D2, D2, D2
-	XOR X8, X7, X7
-	XOR X9, X4, X4
-	ROTLW $7, X5, X5
-	ROTLW $7, X6, X6
-	ROTLW $7, X7, X7
-	ROTLW $7, X4, X4
-	BC 0x10, 0, loop_vmx
+	VRLW V12, V27, V12
+	VRLW V13, V27, V13
+	VRLW V14, V27, V14
+	VRLW V15, V27, V15
 
-	SUB $256, LEN, LEN
+	VADDUWM V8, V12, V8
+	VADDUWM V9, V13, V9
+	VADDUWM V10, V14, V10
+	VADDUWM V11, V15, V11
 
-	// Accumulate key block
-	ADD $0x61707865, X0, X0
-	ADD $0x3320646e, X1, X1
-	ADD $0x79622d32, X2, X2
-	ADD $0x6b206574, X3, X3
-	ADD TMP0, X4, X4
-	ADD TMP1, X5, X5
-	ADD TMP2, X6, X6
-	ADD TMP3, X7, X7
-	MOVWZ 16(KEY), TMP0
-	MOVWZ 20(KEY), TMP1
-	MOVWZ 24(KEY), TMP2
-	MOVWZ 28(KEY), TMP3
-	ADD TMP0, X8, X8
-	ADD TMP1, X9, X9
-	ADD TMP2, X10, X10
-	ADD TMP3, X11, X11
+	VXOR V4, V8, V4
+	VXOR V5, V9, V5
+	VXOR V6, V10, V6
+	VXOR V7, V11, V7
 
-	MOVWZ 12(CNT), TMP0
-	MOVWZ 8(CNT), TMP1
-	MOVWZ 4(CNT), TMP2
-	MOVWZ 0(CNT), TEMP
-	ADD TMP0, X15, X15
-	ADD TMP1, X14, X14
-	ADD TMP2, X13, X13
-	ADD TEMP, X12, X12
+	VRLW V4, V28, V4
+	VRLW V5, V28, V5
+	VRLW V6, V28, V6
+	VRLW V7, V28, V7
 
-	// Accumulate key block
-	VADDUWM A0, K0, A0
-	VADDUWM A1, K0, A1
-	VADDUWM A2, K0, A2
-	VADDUWM B0, K1, B0
-	VADDUWM B1, K1, B1
-	VADDUWM B2, K1, B2
-	VADDUWM C0, K2, C0
-	VADDUWM C1, K2, C1
-	VADDUWM C2, K2, C2
-	VADDUWM D0, K3, D0
-	VADDUWM D1, K4, D1
-	VADDUWM D2, K5, D2
+	VADDUWM V0, V4, V0
+	VADDUWM V1, V5, V1
+	VADDUWM V2, V6, V2
+	VADDUWM V3, V7, V3
 
-	// Increment counter
-	ADD $4, TEMP, TEMP
-	MOVW TEMP, 0(CNT)
+	VXOR V12, V0, V12
+	VXOR V13, V1, V13
+	VXOR V14, V2, V14
+	VXOR V15, V3, V15
 
-	VADDUWM K3, FOUR, K3
-	VADDUWM K4, FOUR, K4
-	VADDUWM K5, FOUR, K5
+	VRLW V12, V29, V12
+	VRLW V13, V29, V13
+	VRLW V14, V29, V14
+	VRLW V15, V29, V15
 
-	// XOR the input slice (INP) with the keystream, which is stored in GPRs (X0-X3).
+	VADDUWM V8, V12, V8
+	VADDUWM V9, V13, V9
+	VADDUWM V10, V14, V10
+	VADDUWM V11, V15, V11
 
-	// Load input (aligned or not)
-	MOVWZ 0(INP), TMP0
-	MOVWZ 4(INP), TMP1
-	MOVWZ 8(INP), TMP2
-	MOVWZ 12(INP), TMP3
+	VXOR V4, V8, V4
+	VXOR V5, V9, V5
+	VXOR V6, V10, V6
+	VXOR V7, V11, V7
 
-	// XOR with input
-	XOR TMP0, X0, X0
-	XOR TMP1, X1, X1
-	XOR TMP2, X2, X2
-	XOR TMP3, X3, X3
-	MOVWZ 16(INP), TMP0
-	MOVWZ 20(INP), TMP1
-	MOVWZ 24(INP), TMP2
-	MOVWZ 28(INP), TMP3
-	XOR TMP0, X4, X4
-	XOR TMP1, X5, X5
-	XOR TMP2, X6, X6
-	XOR TMP3, X7, X7
-	MOVWZ 32(INP), TMP0
-	MOVWZ 36(INP), TMP1
-	MOVWZ 40(INP), TMP2
-	MOVWZ 44(INP), TMP3
-	XOR TMP0, X8, X8
-	XOR TMP1, X9, X9
-	XOR TMP2, X10, X10
-	XOR TMP3, X11, X11
-	MOVWZ 48(INP), TMP0
-	MOVWZ 52(INP), TMP1
-	MOVWZ 56(INP), TMP2
-	MOVWZ 60(INP), TMP3
-	XOR TMP0, X12, X12
-	XOR TMP1, X13, X13
-	XOR TMP2, X14, X14
-	XOR TMP3, X15, X15
+	VRLW V4, V30, V4
+	VRLW V5, V30, V5
+	VRLW V6, V30, V6
+	VRLW V7, V30, V7
 
-	// Store output (aligned or not)
-	MOVW X0, 0(OUT)
-	MOVW X1, 4(OUT)
-	MOVW X2, 8(OUT)
-	MOVW X3, 12(OUT)
+	VADDUWM V0, V5, V0
+	VADDUWM V1, V6, V1
+	VADDUWM V2, V7, V2
+	VADDUWM V3, V4, V3
 
-	ADD $64, INP, INP // INP points to the end of the slice for the alignment code below
+	VXOR V15, V0, V15
+	VXOR V12, V1, V12
+	VXOR V13, V2, V13
+	VXOR V14, V3, V14
 
-	MOVW X4, 16(OUT)
-	MOVD $16, TMP0
-	MOVW X5, 20(OUT)
-	MOVD $32, TMP1
-	MOVW X6, 24(OUT)
-	MOVD $48, TMP2
-	MOVW X7, 28(OUT)
-	MOVD $64, TMP3
-	MOVW X8, 32(OUT)
-	MOVW X9, 36(OUT)
-	MOVW X10, 40(OUT)
-	MOVW X11, 44(OUT)
-	MOVW X12, 48(OUT)
-	MOVW X13, 52(OUT)
-	MOVW X14, 56(OUT)
-	MOVW X15, 60(OUT)
-	ADD $64, OUT, OUT
+	VRLW V15, V27, V15
+	VRLW V12, V27, V12
+	VRLW V13, V27, V13
+	VRLW V14, V27, V14
 
-	// Load input
-	LVX (INP)(R0), DD0
-	LVX (INP)(TMP0), DD1
-	LVX (INP)(TMP1), DD2
-	LVX (INP)(TMP2), DD3
-	LVX (INP)(TMP3), DD4
-	ADD $64, INP, INP
+	VADDUWM V10, V15, V10
+	VADDUWM V11, V12, V11
+	VADDUWM V8, V13, V8
+	VADDUWM V9, V14, V9
 
-	VPERM DD1, DD0, INPPERM, DD0 // Align input
-	VPERM DD2, DD1, INPPERM, DD1
-	VPERM DD3, DD2, INPPERM, DD2
-	VPERM DD4, DD3, INPPERM, DD3
-	VXOR A0, DD0, A0 // XOR with input
-	VXOR B0, DD1, B0
-	LVX (INP)(TMP0), DD1 // Keep loading input
-	VXOR C0, DD2, C0
-	LVX (INP)(TMP1), DD2
-	VXOR D0, DD3, D0
-	LVX (INP)(TMP2), DD3
-	LVX (INP)(TMP3), DD0
-	ADD $64, INP, INP
-	MOVD $63, TMP3 // 63 is not a typo
-	VPERM A0, A0, OUTPERM, A0
-	VPERM B0, B0, OUTPERM, B0
-	VPERM C0, C0, OUTPERM, C0
-	VPERM D0, D0, OUTPERM, D0
+	VXOR V5, V10, V5
+	VXOR V6, V11, V6
+	VXOR V7, V8, V7
+	VXOR V4, V9, V4
 
-	VPERM DD1, DD4, INPPERM, DD4 // Align input
-	VPERM DD2, DD1, INPPERM, DD1
-	VPERM DD3, DD2, INPPERM, DD2
-	VPERM DD0, DD3, INPPERM, DD3
-	VXOR A1, DD4, A1
-	VXOR B1, DD1, B1
-	LVX (INP)(TMP0), DD1 // Keep loading
-	VXOR C1, DD2, C1
-	LVX (INP)(TMP1), DD2
-	VXOR D1, DD3, D1
-	LVX (INP)(TMP2), DD3
+	VRLW V5, V28, V5
+	VRLW V6, V28, V6
+	VRLW V7, V28, V7
+	VRLW V4, V28, V4
 
-	// Note that the LVX address is always rounded down to the nearest 16-byte
-	// boundary, and that it always points to at most 15 bytes beyond the end of
-	// the slice, so we cannot cross a page boundary.
-	LVX (INP)(TMP3), DD4 // Redundant in aligned case.
-	ADD $64, INP, INP
-	VPERM A1, A1, OUTPERM, A1 // Pre-misalign output
-	VPERM B1, B1, OUTPERM, B1
-	VPERM C1, C1, OUTPERM, C1
-	VPERM D1, D1, OUTPERM, D1
+	VADDUWM V0, V5, V0
+	VADDUWM V1, V6, V1
+	VADDUWM V2, V7, V2
+	VADDUWM V3, V4, V3
 
-	VPERM DD1, DD0, INPPERM, DD0 // Align Input
-	VPERM DD2, DD1, INPPERM, DD1
-	VPERM DD3, DD2, INPPERM, DD2
-	VPERM DD4, DD3, INPPERM, DD3
-	VXOR A2, DD0, A2
-	VXOR B2, DD1, B2
-	VXOR C2, DD2, C2
-	VXOR D2, DD3, D2
-	VPERM A2, A2, OUTPERM, A2
-	VPERM B2, B2, OUTPERM, B2
-	VPERM C2, C2, OUTPERM, C2
-	VPERM D2, D2, OUTPERM, D2
+	VXOR V15, V0, V15
+	VXOR V12, V1, V12
+	VXOR V13, V2, V13
+	VXOR V14, V3, V14
 
-	ANDCC $15, OUT, X1 // Is out aligned?
-	MOVD OUT, X0
+	VRLW V15, V29, V15
+	VRLW V12, V29, V12
+	VRLW V13, V29, V13
+	VRLW V14, V29, V14
 
-	VSEL A0, B0, OUTMASK, DD0 // Collect pre-misaligned output
-	VSEL B0, C0, OUTMASK, DD1
-	VSEL C0, D0, OUTMASK, DD2
-	VSEL D0, A1, OUTMASK, DD3
-	VSEL A1, B1, OUTMASK, B0
-	VSEL B1, C1, OUTMASK, C0
-	VSEL C1, D1, OUTMASK, D0
-	VSEL D1, A2, OUTMASK, A1
-	VSEL A2, B2, OUTMASK, B1
-	VSEL B2, C2, OUTMASK, C1
-	VSEL C2, D2, OUTMASK, D1
+	VADDUWM V10, V15, V10
+	VADDUWM V11, V12, V11
+	VADDUWM V8, V13, V8
+	VADDUWM V9, V14, V9
 
-	STVX DD0, (OUT+TMP0)
-	STVX DD1, (OUT+TMP1)
-	STVX DD2, (OUT+TMP2)
-	ADD $64, OUT, OUT
-	STVX DD3, (OUT+R0)
-	STVX B0, (OUT+TMP0)
-	STVX C0, (OUT+TMP1)
-	STVX D0, (OUT+TMP2)
-	ADD $64, OUT, OUT
-	STVX A1, (OUT+R0)
-	STVX B1, (OUT+TMP0)
-	STVX C1, (OUT+TMP1)
-	STVX D1, (OUT+TMP2)
-	ADD $64, OUT, OUT
+	VXOR V5, V10, V5
+	VXOR V6, V11, V6
+	VXOR V7, V8, V7
+	VXOR V4, V9, V4
 
-	BEQ aligned_vmx
+	VRLW V5, V30, V5
+	VRLW V6, V30, V6
+	VRLW V7, V30, V7
+	VRLW V4, V30, V4
+	BC   16, LT, loop_vsx
 
-	SUB X1, OUT, X2 // in misaligned case edges
-	MOVD $0, X3 // are written byte-by-byte
+	VADDUWM V12, V26, V12
 
-unaligned_tail_vmx:
-	STVEBX D2, (X2+X3)
-	ADD $1, X3, X3
-	CMPW X3, X1
-	BNE unaligned_tail_vmx
-	SUB X1, X0, X2
+	WORD $0x13600F8C		// VMRGEW V0, V1, V27
+	WORD $0x13821F8C		// VMRGEW V2, V3, V28
 
-unaligned_head_vmx:
-	STVEBX A0, (X2+X1)
-	CMPW X1, $15
-	ADD $1, X1, X1
-	BNE unaligned_head_vmx
+	WORD $0x10000E8C		// VMRGOW V0, V1, V0
+	WORD $0x10421E8C		// VMRGOW V2, V3, V2
 
-	CMPU LEN, $255 // done with 256-byte block yet?
-	BGT loop_outer_vmx
+	WORD $0x13A42F8C		// VMRGEW V4, V5, V29
+	WORD $0x13C63F8C		// VMRGEW V6, V7, V30
 
-	JMP done_vmx
+	XXPERMDI VS32, VS34, $0, VS33
+	XXPERMDI VS32, VS34, $3, VS35
+	XXPERMDI VS59, VS60, $0, VS32
+	XXPERMDI VS59, VS60, $3, VS34
 
-aligned_vmx:
-	STVX A0, (X0+R0)
-	CMPU LEN, $255 // done with 256-byte block yet?
-	BGT loop_outer_vmx
+	WORD $0x10842E8C		// VMRGOW V4, V5, V4
+	WORD $0x10C63E8C		// VMRGOW V6, V7, V6
 
-done_vmx:
+	WORD $0x13684F8C		// VMRGEW V8, V9, V27
+	WORD $0x138A5F8C		// VMRGEW V10, V11, V28
+
+	XXPERMDI VS36, VS38, $0, VS37
+	XXPERMDI VS36, VS38, $3, VS39
+	XXPERMDI VS61, VS62, $0, VS36
+	XXPERMDI VS61, VS62, $3, VS38
+
+	WORD $0x11084E8C		// VMRGOW V8, V9, V8
+	WORD $0x114A5E8C		// VMRGOW V10, V11, V10
+
+	WORD $0x13AC6F8C		// VMRGEW V12, V13, V29
+	WORD $0x13CE7F8C		// VMRGEW V14, V15, V30
+
+	XXPERMDI VS40, VS42, $0, VS41
+	XXPERMDI VS40, VS42, $3, VS43
+	XXPERMDI VS59, VS60, $0, VS40
+	XXPERMDI VS59, VS60, $3, VS42
+
+	WORD $0x118C6E8C		// VMRGOW V12, V13, V12
+	WORD $0x11CE7E8C		// VMRGOW V14, V15, V14
+
+	VSPLTISW $4, V27
+	VADDUWM V26, V27, V26
+
+	XXPERMDI VS44, VS46, $0, VS45
+	XXPERMDI VS44, VS46, $3, VS47
+	XXPERMDI VS61, VS62, $0, VS44
+	XXPERMDI VS61, VS62, $3, VS46
+
+	VADDUWM V0, V16, V0
+	VADDUWM V4, V17, V4
+	VADDUWM V8, V18, V8
+	VADDUWM V12, V19, V12
+
+	CMPU LEN, $64
+	BLT tail_vsx
+
+	// Bottom of loop
+	LXVW4X (INP)(R0), VS59
+	LXVW4X (INP)(R8), VS60
+	LXVW4X (INP)(R9), VS61
+	LXVW4X (INP)(R10), VS62
+
+	VXOR V27, V0, V27
+	VXOR V28, V4, V28
+	VXOR V29, V8, V29
+	VXOR V30, V12, V30
+
+	STXVW4X VS59, (OUT)(R0)
+	STXVW4X VS60, (OUT)(R8)
+	ADD     $64, INP
+	STXVW4X VS61, (OUT)(R9)
+	ADD     $-64, LEN
+	STXVW4X VS62, (OUT)(R10)
+	ADD     $64, OUT
+	BEQ     done_vsx
+
+	VADDUWM V1, V16, V0
+	VADDUWM V5, V17, V4
+	VADDUWM V9, V18, V8
+	VADDUWM V13, V19, V12
+
+	CMPU  LEN, $64
+	BLT   tail_vsx
+
+	LXVW4X (INP)(R0), VS59
+	LXVW4X (INP)(R8), VS60
+	LXVW4X (INP)(R9), VS61
+	LXVW4X (INP)(R10), VS62
+	VXOR   V27, V0, V27
+
+	VXOR V28, V4, V28
+	VXOR V29, V8, V29
+	VXOR V30, V12, V30
+
+	STXVW4X VS59, (OUT)(R0)
+	STXVW4X VS60, (OUT)(R8)
+	ADD     $64, INP
+	STXVW4X VS61, (OUT)(R9)
+	ADD     $-64, LEN
+	STXVW4X VS62, (OUT)(V10)
+	ADD     $64, OUT
+	BEQ     done_vsx
+
+	VADDUWM V2, V16, V0
+	VADDUWM V6, V17, V4
+	VADDUWM V10, V18, V8
+	VADDUWM V14, V19, V12
+
+	CMPU LEN, $64
+	BLT  tail_vsx
+
+	LXVW4X (INP)(R0), VS59
+	LXVW4X (INP)(R8), VS60
+	LXVW4X (INP)(R9), VS61
+	LXVW4X (INP)(R10), VS62
+
+	VXOR V27, V0, V27
+	VXOR V28, V4, V28
+	VXOR V29, V8, V29
+	VXOR V30, V12, V30
+
+	STXVW4X VS59, (OUT)(R0)
+	STXVW4X VS60, (OUT)(R8)
+	ADD     $64, INP
+	STXVW4X VS61, (OUT)(R9)
+	ADD     $-64, LEN
+	STXVW4X VS62, (OUT)(R10)
+	ADD     $64, OUT
+	BEQ     done_vsx
+
+	VADDUWM V3, V16, V0
+	VADDUWM V7, V17, V4
+	VADDUWM V11, V18, V8
+	VADDUWM V15, V19, V12
+
+	CMPU  LEN, $64
+	BLT   tail_vsx
+
+	LXVW4X (INP)(R0), VS59
+	LXVW4X (INP)(R8), VS60
+	LXVW4X (INP)(R9), VS61
+	LXVW4X (INP)(R10), VS62
+
+	VXOR V27, V0, V27
+	VXOR V28, V4, V28
+	VXOR V29, V8, V29
+	VXOR V30, V12, V30
+
+	STXVW4X VS59, (OUT)(R0)
+	STXVW4X VS60, (OUT)(R8)
+	ADD     $64, INP
+	STXVW4X VS61, (OUT)(R9)
+	ADD     $-64, LEN
+	STXVW4X VS62, (OUT)(R10)
+	ADD     $64, OUT
+
+	MOVD $10, R14
+	MOVD R14, CTR
+	BNE  loop_outer_vsx
+
+done_vsx:
+	// Increment counter by 4
+	MOVD (CNT), R14
+	ADD  $4, R14
+	MOVD R14, (CNT)
 	RET
+
+tail_vsx:
+	ADD  $32, R1, R11
+	MOVD LEN, CTR
+
+	// Save values on stack to copy from
+	STXVW4X VS32, (R11)(R0)
+	STXVW4X VS36, (R11)(R8)
+	STXVW4X VS40, (R11)(R9)
+	STXVW4X VS44, (R11)(R10)
+	ADD $-1, R11, R12
+	ADD $-1, INP
+	ADD $-1, OUT
+
+looptail_vsx:
+	// Copying the result to OUT
+	// in bytes.
+	MOVBZU 1(R12), KEY
+	MOVBZU 1(INP), TMP
+	XOR    KEY, TMP, KEY
+	MOVBU  KEY, 1(OUT)
+	BC     16, LT, looptail_vsx
+
+	// Clear the stack values
+	STXVW4X VS48, (R11)(R0)
+	STXVW4X VS48, (R11)(R8)
+	STXVW4X VS48, (R11)(R9)
+	STXVW4X VS48, (R11)(R10)
+	BR      done_vsx
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/chacha_noasm.go b/vendor/golang.org/x/crypto/internal/chacha20/chacha_noasm.go
index bf8beba6..fc268252 100644
--- a/vendor/golang.org/x/crypto/internal/chacha20/chacha_noasm.go
+++ b/vendor/golang.org/x/crypto/internal/chacha20/chacha_noasm.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !ppc64le,!arm64,!s390x arm64,!go1.11 gccgo appengine
+// +build !arm64,!s390x,!ppc64le arm64,!go1.11 gccgo appengine
 
 package chacha20
 
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/chacha_ppc64le.go b/vendor/golang.org/x/crypto/internal/chacha20/chacha_ppc64le.go
index 638cb5e5..d38a7d38 100644
--- a/vendor/golang.org/x/crypto/internal/chacha20/chacha_ppc64le.go
+++ b/vendor/golang.org/x/crypto/internal/chacha20/chacha_ppc64le.go
@@ -6,22 +6,24 @@
 
 package chacha20
 
-import "encoding/binary"
-
-const (
-	bufSize = 256
-	haveAsm = true
+import (
+	"encoding/binary"
 )
 
+var haveAsm = true
+
+const bufSize = 256
+
 //go:noescape
-func chaCha20_ctr32_vmx(out, inp *byte, len int, key *[8]uint32, counter *uint32)
+func chaCha20_ctr32_vsx(out, inp *byte, len int, key *[8]uint32, counter *uint32)
 
 func (c *Cipher) xorKeyStreamAsm(dst, src []byte) {
+	// This implementation can handle buffers that aren't multiples of
+	// 256.
 	if len(src) >= bufSize {
-		chaCha20_ctr32_vmx(&dst[0], &src[0], len(src)-len(src)%bufSize, &c.key, &c.counter)
-	}
-	if len(src)%bufSize != 0 {
-		chaCha20_ctr32_vmx(&c.buf[0], &c.buf[0], bufSize, &c.key, &c.counter)
+		chaCha20_ctr32_vsx(&dst[0], &src[0], len(src), &c.key, &c.counter)
+	} else if len(src)%bufSize != 0 {
+		chaCha20_ctr32_vsx(&c.buf[0], &c.buf[0], bufSize, &c.key, &c.counter)
 		start := len(src) - len(src)%bufSize
 		ts, td, tb := src[start:], dst[start:], c.buf[:]
 		// Unroll loop to XOR 32 bytes per iteration.
@@ -46,7 +48,6 @@ func (c *Cipher) xorKeyStreamAsm(dst, src []byte) {
 			td[i] = tb[i] ^ v
 		}
 		c.len = bufSize - (len(src) % bufSize)
-
 	}
 
 }
diff --git a/vendor/google.golang.org/appengine/internal/datastore/datastore_v3.proto b/vendor/google.golang.org/appengine/internal/datastore/datastore_v3.proto
old mode 100755
new mode 100644
diff --git a/vendor/google.golang.org/appengine/internal/regen.sh b/vendor/google.golang.org/appengine/internal/regen.sh
old mode 100755
new mode 100644
diff --git a/vendor/gopkg.in/coreos/go-oidc.v2/test b/vendor/gopkg.in/coreos/go-oidc.v2/test
old mode 100755
new mode 100644
diff --git a/vendor/gopkg.in/square/go-jose.v2/.travis.yml b/vendor/gopkg.in/square/go-jose.v2/.travis.yml
index fc501ca9..9ab2abf6 100644
--- a/vendor/gopkg.in/square/go-jose.v2/.travis.yml
+++ b/vendor/gopkg.in/square/go-jose.v2/.travis.yml
@@ -8,11 +8,9 @@ matrix:
     - go: tip
 
 go:
-- '1.7.x'
-- '1.8.x'
-- '1.9.x'
-- '1.10.x'
 - '1.11.x'
+- '1.12.x'
+- tip
 
 go_import_path: gopkg.in/square/go-jose.v2
 
diff --git a/vendor/gopkg.in/square/go-jose.v2/asymmetric.go b/vendor/gopkg.in/square/go-jose.v2/asymmetric.go
index 67935561..b69aa036 100644
--- a/vendor/gopkg.in/square/go-jose.v2/asymmetric.go
+++ b/vendor/gopkg.in/square/go-jose.v2/asymmetric.go
@@ -29,7 +29,7 @@ import (
 	"math/big"
 
 	"golang.org/x/crypto/ed25519"
-	"gopkg.in/square/go-jose.v2/cipher"
+	josecipher "gopkg.in/square/go-jose.v2/cipher"
 	"gopkg.in/square/go-jose.v2/json"
 )
 
@@ -288,7 +288,7 @@ func (ctx rsaDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm
 		out, err = rsa.SignPKCS1v15(RandReader, ctx.privateKey, hash, hashed)
 	case PS256, PS384, PS512:
 		out, err = rsa.SignPSS(RandReader, ctx.privateKey, hash, hashed, &rsa.PSSOptions{
-			SaltLength: rsa.PSSSaltLengthAuto,
+			SaltLength: rsa.PSSSaltLengthEqualsHash,
 		})
 	}
 
diff --git a/vendor/gopkg.in/square/go-jose.v2/cipher/ecdh_es.go b/vendor/gopkg.in/square/go-jose.v2/cipher/ecdh_es.go
index c128e327..093c6467 100644
--- a/vendor/gopkg.in/square/go-jose.v2/cipher/ecdh_es.go
+++ b/vendor/gopkg.in/square/go-jose.v2/cipher/ecdh_es.go
@@ -17,8 +17,10 @@
 package josecipher
 
 import (
+	"bytes"
 	"crypto"
 	"crypto/ecdsa"
+	"crypto/elliptic"
 	"encoding/binary"
 )
 
@@ -44,16 +46,38 @@ func DeriveECDHES(alg string, apuData, apvData []byte, priv *ecdsa.PrivateKey, p
 		panic("public key not on same curve as private key")
 	}
 
-	z, _ := priv.PublicKey.Curve.ScalarMult(pub.X, pub.Y, priv.D.Bytes())
-	reader := NewConcatKDF(crypto.SHA256, z.Bytes(), algID, ptyUInfo, ptyVInfo, supPubInfo, []byte{})
+	z, _ := priv.Curve.ScalarMult(pub.X, pub.Y, priv.D.Bytes())
+	zBytes := z.Bytes()
 
+	// Note that calling z.Bytes() on a big.Int may strip leading zero bytes from
+	// the returned byte array. This can lead to a problem where zBytes will be
+	// shorter than expected which breaks the key derivation. Therefore we must pad
+	// to the full length of the expected coordinate here before calling the KDF.
+	octSize := dSize(priv.Curve)
+	if len(zBytes) != octSize {
+		zBytes = append(bytes.Repeat([]byte{0}, octSize-len(zBytes)), zBytes...)
+	}
+
+	reader := NewConcatKDF(crypto.SHA256, zBytes, algID, ptyUInfo, ptyVInfo, supPubInfo, []byte{})
 	key := make([]byte, size)
 
 	// Read on the KDF will never fail
 	_, _ = reader.Read(key)
+
 	return key
 }
 
+// dSize returns the size in octets for a coordinate on a elliptic curve.
+func dSize(curve elliptic.Curve) int {
+	order := curve.Params().P
+	bitLen := order.BitLen()
+	size := bitLen / 8
+	if bitLen%8 != 0 {
+		size++
+	}
+	return size
+}
+
 func lengthPrefixed(data []byte) []byte {
 	out := make([]byte, len(data)+4)
 	binary.BigEndian.PutUint32(out, uint32(len(data)))
diff --git a/vendor/gopkg.in/square/go-jose.v2/crypter.go b/vendor/gopkg.in/square/go-jose.v2/crypter.go
index c45c7120..d24cabf6 100644
--- a/vendor/gopkg.in/square/go-jose.v2/crypter.go
+++ b/vendor/gopkg.in/square/go-jose.v2/crypter.go
@@ -141,6 +141,8 @@ func NewEncrypter(enc ContentEncryption, rcpt Recipient, opts *EncrypterOptions)
 		keyID, rawKey = encryptionKey.KeyID, encryptionKey.Key
 	case *JSONWebKey:
 		keyID, rawKey = encryptionKey.KeyID, encryptionKey.Key
+	case OpaqueKeyEncrypter:
+		keyID, rawKey = encryptionKey.KeyID(), encryptionKey
 	default:
 		rawKey = encryptionKey
 	}
@@ -267,9 +269,11 @@ func makeJWERecipient(alg KeyAlgorithm, encryptionKey interface{}) (recipientKey
 		recipient, err := makeJWERecipient(alg, encryptionKey.Key)
 		recipient.keyID = encryptionKey.KeyID
 		return recipient, err
-	default:
-		return recipientKeyInfo{}, ErrUnsupportedKeyType
 	}
+	if encrypter, ok := encryptionKey.(OpaqueKeyEncrypter); ok {
+		return newOpaqueKeyEncrypter(alg, encrypter)
+	}
+	return recipientKeyInfo{}, ErrUnsupportedKeyType
 }
 
 // newDecrypter creates an appropriate decrypter based on the key type
@@ -295,9 +299,11 @@ func newDecrypter(decryptionKey interface{}) (keyDecrypter, error) {
 		return newDecrypter(decryptionKey.Key)
 	case *JSONWebKey:
 		return newDecrypter(decryptionKey.Key)
-	default:
-		return nil, ErrUnsupportedKeyType
 	}
+	if okd, ok := decryptionKey.(OpaqueKeyDecrypter); ok {
+		return &opaqueKeyDecrypter{decrypter: okd}, nil
+	}
+	return nil, ErrUnsupportedKeyType
 }
 
 // Implementation of encrypt method producing a JWE object.
diff --git a/vendor/gopkg.in/square/go-jose.v2/jwk.go b/vendor/gopkg.in/square/go-jose.v2/jwk.go
index 6cb8adb8..936a0202 100644
--- a/vendor/gopkg.in/square/go-jose.v2/jwk.go
+++ b/vendor/gopkg.in/square/go-jose.v2/jwk.go
@@ -357,11 +357,11 @@ func (key rawJSONWebKey) ecPublicKey() (*ecdsa.PublicKey, error) {
 	// the curve specified in the "crv" parameter.
 	// https://tools.ietf.org/html/rfc7518#section-6.2.1.2
 	if curveSize(curve) != len(key.X.data) {
-		return nil, fmt.Errorf("square/go-jose: invalid EC private key, wrong length for x")
+		return nil, fmt.Errorf("square/go-jose: invalid EC public key, wrong length for x")
 	}
 
 	if curveSize(curve) != len(key.Y.data) {
-		return nil, fmt.Errorf("square/go-jose: invalid EC private key, wrong length for y")
+		return nil, fmt.Errorf("square/go-jose: invalid EC public key, wrong length for y")
 	}
 
 	x := key.X.bigInt()
diff --git a/vendor/gopkg.in/square/go-jose.v2/jws.go b/vendor/gopkg.in/square/go-jose.v2/jws.go
index 8b59b6ab..e52a4766 100644
--- a/vendor/gopkg.in/square/go-jose.v2/jws.go
+++ b/vendor/gopkg.in/square/go-jose.v2/jws.go
@@ -17,6 +17,7 @@
 package jose
 
 import (
+	"bytes"
 	"encoding/base64"
 	"errors"
 	"fmt"
@@ -75,13 +76,21 @@ type Signature struct {
 }
 
 // ParseSigned parses a signed message in compact or full serialization format.
-func ParseSigned(input string) (*JSONWebSignature, error) {
-	input = stripWhitespace(input)
-	if strings.HasPrefix(input, "{") {
-		return parseSignedFull(input)
+func ParseSigned(signature string) (*JSONWebSignature, error) {
+	signature = stripWhitespace(signature)
+	if strings.HasPrefix(signature, "{") {
+		return parseSignedFull(signature)
 	}
 
-	return parseSignedCompact(input)
+	return parseSignedCompact(signature, nil)
+}
+
+// ParseDetached parses a signed message in compact serialization format with detached payload.
+func ParseDetached(signature string, payload []byte) (*JSONWebSignature, error) {
+	if payload == nil {
+		return nil, errors.New("square/go-jose: nil payload")
+	}
+	return parseSignedCompact(stripWhitespace(signature), payload)
 }
 
 // Get a header value
@@ -94,19 +103,38 @@ func (sig Signature) mergedHeaders() rawHeader {
 
 // Compute data to be signed
 func (obj JSONWebSignature) computeAuthData(payload []byte, signature *Signature) []byte {
-	var serializedProtected string
+	var authData bytes.Buffer
+
+	protectedHeader := new(rawHeader)
 
 	if signature.original != nil && signature.original.Protected != nil {
-		serializedProtected = signature.original.Protected.base64()
+		if err := json.Unmarshal(signature.original.Protected.bytes(), protectedHeader); err != nil {
+			panic(err)
+		}
+		authData.WriteString(signature.original.Protected.base64())
 	} else if signature.protected != nil {
-		serializedProtected = base64.RawURLEncoding.EncodeToString(mustSerializeJSON(signature.protected))
-	} else {
-		serializedProtected = ""
+		protectedHeader = signature.protected
+		authData.WriteString(base64.RawURLEncoding.EncodeToString(mustSerializeJSON(protectedHeader)))
 	}
 
-	return []byte(fmt.Sprintf("%s.%s",
-		serializedProtected,
-		base64.RawURLEncoding.EncodeToString(payload)))
+	needsBase64 := true
+
+	if protectedHeader != nil {
+		var err error
+		if needsBase64, err = protectedHeader.getB64(); err != nil {
+			needsBase64 = true
+		}
+	}
+
+	authData.WriteByte('.')
+
+	if needsBase64 {
+		authData.WriteString(base64.RawURLEncoding.EncodeToString(payload))
+	} else {
+		authData.Write(payload)
+	}
+
+	return authData.Bytes()
 }
 
 // parseSignedFull parses a message in full format.
@@ -246,20 +274,26 @@ func (parsed *rawJSONWebSignature) sanitized() (*JSONWebSignature, error) {
 }
 
 // parseSignedCompact parses a message in compact format.
-func parseSignedCompact(input string) (*JSONWebSignature, error) {
+func parseSignedCompact(input string, payload []byte) (*JSONWebSignature, error) {
 	parts := strings.Split(input, ".")
 	if len(parts) != 3 {
 		return nil, fmt.Errorf("square/go-jose: compact JWS format must have three parts")
 	}
 
+	if parts[1] != "" && payload != nil {
+		return nil, fmt.Errorf("square/go-jose: payload is not detached")
+	}
+
 	rawProtected, err := base64.RawURLEncoding.DecodeString(parts[0])
 	if err != nil {
 		return nil, err
 	}
 
-	payload, err := base64.RawURLEncoding.DecodeString(parts[1])
-	if err != nil {
-		return nil, err
+	if payload == nil {
+		payload, err = base64.RawURLEncoding.DecodeString(parts[1])
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	signature, err := base64.RawURLEncoding.DecodeString(parts[2])
@@ -275,19 +309,30 @@ func parseSignedCompact(input string) (*JSONWebSignature, error) {
 	return raw.sanitized()
 }
 
-// CompactSerialize serializes an object using the compact serialization format.
-func (obj JSONWebSignature) CompactSerialize() (string, error) {
+func (obj JSONWebSignature) compactSerialize(detached bool) (string, error) {
 	if len(obj.Signatures) != 1 || obj.Signatures[0].header != nil || obj.Signatures[0].protected == nil {
 		return "", ErrNotSupported
 	}
 
-	serializedProtected := mustSerializeJSON(obj.Signatures[0].protected)
+	serializedProtected := base64.RawURLEncoding.EncodeToString(mustSerializeJSON(obj.Signatures[0].protected))
+	payload := ""
+	signature := base64.RawURLEncoding.EncodeToString(obj.Signatures[0].Signature)
 
-	return fmt.Sprintf(
-		"%s.%s.%s",
-		base64.RawURLEncoding.EncodeToString(serializedProtected),
-		base64.RawURLEncoding.EncodeToString(obj.payload),
-		base64.RawURLEncoding.EncodeToString(obj.Signatures[0].Signature)), nil
+	if !detached {
+		payload = base64.RawURLEncoding.EncodeToString(obj.payload)
+	}
+
+	return fmt.Sprintf("%s.%s.%s", serializedProtected, payload, signature), nil
+}
+
+// CompactSerialize serializes an object using the compact serialization format.
+func (obj JSONWebSignature) CompactSerialize() (string, error) {
+	return obj.compactSerialize(false)
+}
+
+// DetachedCompactSerialize serializes an object using the compact serialization format with detached payload.
+func (obj JSONWebSignature) DetachedCompactSerialize() (string, error) {
+	return obj.compactSerialize(true)
 }
 
 // FullSerialize serializes an object using the full JSON serialization format.
diff --git a/vendor/gopkg.in/square/go-jose.v2/opaque.go b/vendor/gopkg.in/square/go-jose.v2/opaque.go
index 4a8bd8f3..df747f99 100644
--- a/vendor/gopkg.in/square/go-jose.v2/opaque.go
+++ b/vendor/gopkg.in/square/go-jose.v2/opaque.go
@@ -81,3 +81,64 @@ type opaqueVerifier struct {
 func (o *opaqueVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error {
 	return o.verifier.VerifyPayload(payload, signature, alg)
 }
+
+// OpaqueKeyEncrypter is an interface that supports encrypting keys with an opaque key.
+type OpaqueKeyEncrypter interface {
+	// KeyID returns the kid
+	KeyID() string
+	// Algs returns a list of supported key encryption algorithms.
+	Algs() []KeyAlgorithm
+	// encryptKey encrypts the CEK using the given algorithm.
+	encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error)
+}
+
+type opaqueKeyEncrypter struct {
+	encrypter OpaqueKeyEncrypter
+}
+
+func newOpaqueKeyEncrypter(alg KeyAlgorithm, encrypter OpaqueKeyEncrypter) (recipientKeyInfo, error) {
+	var algSupported bool
+	for _, salg := range encrypter.Algs() {
+		if alg == salg {
+			algSupported = true
+			break
+		}
+	}
+	if !algSupported {
+		return recipientKeyInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	return recipientKeyInfo{
+		keyID:  encrypter.KeyID(),
+		keyAlg: alg,
+		keyEncrypter: &opaqueKeyEncrypter{
+			encrypter: encrypter,
+		},
+	}, nil
+}
+
+func (oke *opaqueKeyEncrypter) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) {
+	return oke.encrypter.encryptKey(cek, alg)
+}
+
+//OpaqueKeyDecrypter is an interface that supports decrypting keys with an opaque key.
+type OpaqueKeyDecrypter interface {
+	DecryptKey(encryptedKey []byte, header Header) ([]byte, error)
+}
+
+type opaqueKeyDecrypter struct {
+	decrypter OpaqueKeyDecrypter
+}
+
+func (okd *opaqueKeyDecrypter) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) {
+	mergedHeaders := rawHeader{}
+	mergedHeaders.merge(&headers)
+	mergedHeaders.merge(recipient.header)
+
+	header, err := mergedHeaders.sanitized()
+	if err != nil {
+		return nil, err
+	}
+
+	return okd.decrypter.DecryptKey(recipient.encryptedKey, header)
+}
diff --git a/vendor/gopkg.in/square/go-jose.v2/shared.go b/vendor/gopkg.in/square/go-jose.v2/shared.go
index b0a6255e..f8438641 100644
--- a/vendor/gopkg.in/square/go-jose.v2/shared.go
+++ b/vendor/gopkg.in/square/go-jose.v2/shared.go
@@ -153,12 +153,18 @@ const (
 	headerJWK   = "jwk"   // *JSONWebKey
 	headerKeyID = "kid"   // string
 	headerNonce = "nonce" // string
+	headerB64   = "b64"   // bool
 
 	headerP2C = "p2c" // *byteBuffer (int)
 	headerP2S = "p2s" // *byteBuffer ([]byte)
 
 )
 
+// supportedCritical is the set of supported extensions that are understood and processed.
+var supportedCritical = map[string]bool{
+	headerB64: true,
+}
+
 // rawHeader represents the JOSE header for JWE/JWS objects (used for parsing).
 //
 // The decoding of the constituent items is deferred because we want to marshal
@@ -349,6 +355,21 @@ func (parsed rawHeader) getP2S() (*byteBuffer, error) {
 	return parsed.getByteBuffer(headerP2S)
 }
 
+// getB64 extracts parsed "b64" from the raw JSON, defaulting to true.
+func (parsed rawHeader) getB64() (bool, error) {
+	v := parsed[headerB64]
+	if v == nil {
+		return true, nil
+	}
+
+	var b64 bool
+	err := json.Unmarshal(*v, &b64)
+	if err != nil {
+		return true, err
+	}
+	return b64, nil
+}
+
 // sanitized produces a cleaned-up header object from the raw JSON.
 func (parsed rawHeader) sanitized() (h Header, err error) {
 	for k, v := range parsed {
diff --git a/vendor/gopkg.in/square/go-jose.v2/signing.go b/vendor/gopkg.in/square/go-jose.v2/signing.go
index be6cf048..664a51cc 100644
--- a/vendor/gopkg.in/square/go-jose.v2/signing.go
+++ b/vendor/gopkg.in/square/go-jose.v2/signing.go
@@ -17,6 +17,7 @@
 package jose
 
 import (
+	"bytes"
 	"crypto/ecdsa"
 	"crypto/rsa"
 	"encoding/base64"
@@ -77,6 +78,27 @@ func (so *SignerOptions) WithType(typ ContentType) *SignerOptions {
 	return so.WithHeader(HeaderType, typ)
 }
 
+// WithCritical adds the given names to the critical ("crit") header and returns
+// the updated SignerOptions.
+func (so *SignerOptions) WithCritical(names ...string) *SignerOptions {
+	if so.ExtraHeaders[headerCritical] == nil {
+		so.WithHeader(headerCritical, make([]string, 0, len(names)))
+	}
+	crit := so.ExtraHeaders[headerCritical].([]string)
+	so.ExtraHeaders[headerCritical] = append(crit, names...)
+	return so
+}
+
+// WithBase64 adds a base64url-encode payload ("b64") header and returns the updated
+// SignerOptions. When the "b64" value is "false", the payload is not base64 encoded.
+func (so *SignerOptions) WithBase64(b64 bool) *SignerOptions {
+	if !b64 {
+		so.WithHeader(headerB64, b64)
+		so.WithCritical(headerB64)
+	}
+	return so
+}
+
 type payloadSigner interface {
 	signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error)
 }
@@ -233,7 +255,10 @@ func (ctx *genericSigner) Sign(payload []byte) (*JSONWebSignature, error) {
 			if ctx.embedJWK {
 				protected[headerJWK] = recipient.publicKey()
 			} else {
-				protected[headerKeyID] = recipient.publicKey().KeyID
+				keyID := recipient.publicKey().KeyID
+				if keyID != "" {
+					protected[headerKeyID] = keyID
+				}
 			}
 		}
 
@@ -250,12 +275,26 @@ func (ctx *genericSigner) Sign(payload []byte) (*JSONWebSignature, error) {
 		}
 
 		serializedProtected := mustSerializeJSON(protected)
+		needsBase64 := true
 
-		input := []byte(fmt.Sprintf("%s.%s",
-			base64.RawURLEncoding.EncodeToString(serializedProtected),
-			base64.RawURLEncoding.EncodeToString(payload)))
+		if b64, ok := protected[headerB64]; ok {
+			if needsBase64, ok = b64.(bool); !ok {
+				return nil, errors.New("square/go-jose: Invalid b64 header parameter")
+			}
+		}
 
-		signatureInfo, err := recipient.signer.signPayload(input, recipient.sigAlg)
+		var input bytes.Buffer
+
+		input.WriteString(base64.RawURLEncoding.EncodeToString(serializedProtected))
+		input.WriteByte('.')
+
+		if needsBase64 {
+			input.WriteString(base64.RawURLEncoding.EncodeToString(payload))
+		} else {
+			input.Write(payload)
+		}
+
+		signatureInfo, err := recipient.signer.signPayload(input.Bytes(), recipient.sigAlg)
 		if err != nil {
 			return nil, err
 		}
@@ -324,9 +363,11 @@ func (obj JSONWebSignature) DetachedVerify(payload []byte, verificationKey inter
 	if err != nil {
 		return err
 	}
-	if len(critical) > 0 {
-		// Unsupported crit header
-		return ErrCryptoFailure
+
+	for _, name := range critical {
+		if !supportedCritical[name] {
+			return ErrCryptoFailure
+		}
 	}
 
 	input := obj.computeAuthData(payload, &signature)
@@ -366,15 +407,18 @@ func (obj JSONWebSignature) DetachedVerifyMulti(payload []byte, verificationKey
 		return -1, Signature{}, err
 	}
 
+outer:
 	for i, signature := range obj.Signatures {
 		headers := signature.mergedHeaders()
 		critical, err := headers.getCritical()
 		if err != nil {
 			continue
 		}
-		if len(critical) > 0 {
-			// Unsupported crit header
-			continue
+
+		for _, name := range critical {
+			if !supportedCritical[name] {
+				continue outer
+			}
 		}
 
 		input := obj.computeAuthData(payload, &signature)
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 03f2f136..5a5ea870 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1,5 +1,7 @@
 # github.com/BurntSushi/toml v0.3.1
 github.com/BurntSushi/toml
+# github.com/DATA-DOG/go-sqlmock v1.3.3
+github.com/DATA-DOG/go-sqlmock
 # github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239
 github.com/anmitsu/go-shlex
 # github.com/aws/aws-sdk-go v1.25.8
@@ -52,6 +54,8 @@ github.com/cloudflare/brotli-go/dec
 github.com/cloudflare/brotli-go/enc
 # github.com/cloudflare/golibs v0.0.0-20170913112048-333127dbecfc
 github.com/cloudflare/golibs/lrucache
+# github.com/cloudflare/golz4 v0.0.0-20150217214814-ef862a3cdc58
+github.com/cloudflare/golz4
 # github.com/coredns/coredns v1.2.0
 github.com/coredns/coredns/core/dnsserver
 github.com/coredns/coredns/coremain
@@ -83,8 +87,11 @@ github.com/coreos/go-oidc/jose
 github.com/coreos/go-systemd/daemon
 # github.com/davecgh/go-spew v1.1.1
 github.com/davecgh/go-spew/spew
-# github.com/elgs/gosqljson v0.0.0-20160403005647-027aa4915315
-github.com/elgs/gosqljson
+# github.com/denisenkom/go-mssqldb v0.0.0-20191001013358-cfbb681360f0
+github.com/denisenkom/go-mssqldb
+github.com/denisenkom/go-mssqldb/internal/cp
+github.com/denisenkom/go-mssqldb/internal/decimal
+github.com/denisenkom/go-mssqldb/internal/querytext
 # github.com/equinox-io/equinox v1.2.0
 github.com/equinox-io/equinox
 github.com/equinox-io/equinox/internal/go-update
@@ -100,8 +107,12 @@ github.com/flynn/go-shlex
 github.com/getsentry/raven-go
 # github.com/gliderlabs/ssh v0.0.0-20191009160644-63518b5243e0
 github.com/gliderlabs/ssh
+# github.com/go-sql-driver/mysql v1.4.1
+github.com/go-sql-driver/mysql
 # github.com/golang-collections/collections v0.0.0-20130729185459-604e922904d3
 github.com/golang-collections/collections/queue
+# github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe
+github.com/golang-sql/civil
 # github.com/golang/protobuf v1.3.2
 github.com/golang/protobuf/proto
 github.com/golang/protobuf/ptypes
@@ -112,14 +123,28 @@ github.com/golang/protobuf/ptypes/timestamp
 github.com/google/uuid
 # github.com/gorilla/mux v1.7.3
 github.com/gorilla/mux
-# github.com/gorilla/websocket v1.2.0
+# github.com/gorilla/websocket v1.4.0
 github.com/gorilla/websocket
 # github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645
 github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc
 # github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af
 github.com/jmespath/go-jmespath
+# github.com/jmoiron/sqlx v1.2.0
+github.com/jmoiron/sqlx
+github.com/jmoiron/sqlx/reflectx
 # github.com/konsorten/go-windows-terminal-sequences v1.0.2
 github.com/konsorten/go-windows-terminal-sequences
+# github.com/kshvakov/clickhouse v1.3.11
+github.com/kshvakov/clickhouse
+github.com/kshvakov/clickhouse/lib/binary
+github.com/kshvakov/clickhouse/lib/cityhash102
+github.com/kshvakov/clickhouse/lib/column
+github.com/kshvakov/clickhouse/lib/data
+github.com/kshvakov/clickhouse/lib/leakypool
+github.com/kshvakov/clickhouse/lib/lz4
+github.com/kshvakov/clickhouse/lib/protocol
+github.com/kshvakov/clickhouse/lib/types
+github.com/kshvakov/clickhouse/lib/writebuffer
 # github.com/lib/pq v1.2.0
 github.com/lib/pq
 github.com/lib/pq/oid
@@ -128,13 +153,15 @@ github.com/lib/pq/scram
 github.com/mattn/go-colorable
 # github.com/mattn/go-isatty v0.0.10
 github.com/mattn/go-isatty
+# github.com/mattn/go-sqlite3 v1.11.0
+github.com/mattn/go-sqlite3
 # github.com/matttproud/golang_protobuf_extensions v1.0.1
 github.com/matttproud/golang_protobuf_extensions/pbutil
 # github.com/mholt/caddy v0.0.0-20180807230124-d3b731e9255b
 github.com/mholt/caddy
 github.com/mholt/caddy/caddyfile
 github.com/mholt/caddy/telemetry
-# github.com/miekg/dns v1.1.8
+# github.com/miekg/dns v1.1.27
 github.com/miekg/dns
 # github.com/mitchellh/go-homedir v1.1.0
 github.com/mitchellh/go-homedir
@@ -146,6 +173,9 @@ github.com/opentracing/opentracing-go/log
 github.com/pkg/errors
 # github.com/pmezard/go-difflib v1.0.0
 github.com/pmezard/go-difflib/difflib
+# github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35
+github.com/pquerna/cachecontrol
+github.com/pquerna/cachecontrol/cacheobject
 # github.com/prometheus/client_golang v1.0.0 => github.com/prometheus/client_golang v0.9.0-pre1
 github.com/prometheus/client_golang/prometheus
 github.com/prometheus/client_golang/prometheus/promhttp
@@ -166,14 +196,18 @@ github.com/sirupsen/logrus
 # github.com/stretchr/testify v1.3.0
 github.com/stretchr/testify/assert
 github.com/stretchr/testify/require
-# golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc
+# github.com/xo/dburl v0.0.0-20191005012637-293c3298d6c0
+github.com/xo/dburl
+# golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
 golang.org/x/crypto/curve25519
 golang.org/x/crypto/ed25519
 golang.org/x/crypto/ed25519/internal/edwards25519
 golang.org/x/crypto/internal/chacha20
 golang.org/x/crypto/internal/subtle
+golang.org/x/crypto/md4
 golang.org/x/crypto/nacl/box
 golang.org/x/crypto/nacl/secretbox
+golang.org/x/crypto/pbkdf2
 golang.org/x/crypto/poly1305
 golang.org/x/crypto/salsa20/salsa
 golang.org/x/crypto/ssh
@@ -181,6 +215,7 @@ golang.org/x/crypto/ssh/terminal
 # golang.org/x/net v0.0.0-20191007182048-72f939374954
 golang.org/x/net/bpf
 golang.org/x/net/context
+golang.org/x/net/context/ctxhttp
 golang.org/x/net/http/httpguts
 golang.org/x/net/http2
 golang.org/x/net/http2/hpack
@@ -192,6 +227,9 @@ golang.org/x/net/ipv4
 golang.org/x/net/ipv6
 golang.org/x/net/trace
 golang.org/x/net/websocket
+# golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
+golang.org/x/oauth2
+golang.org/x/oauth2/internal
 # golang.org/x/sync v0.0.0-20190423024810-112230192c58
 golang.org/x/sync/errgroup
 # golang.org/x/sys v0.0.0-20191008105621-543471e840be
@@ -207,6 +245,15 @@ golang.org/x/text/secure/bidirule
 golang.org/x/text/transform
 golang.org/x/text/unicode/bidi
 golang.org/x/text/unicode/norm
+# google.golang.org/appengine v1.5.0
+google.golang.org/appengine/cloudsql
+google.golang.org/appengine/internal
+google.golang.org/appengine/internal/base
+google.golang.org/appengine/internal/datastore
+google.golang.org/appengine/internal/log
+google.golang.org/appengine/internal/remote_api
+google.golang.org/appengine/internal/urlfetch
+google.golang.org/appengine/urlfetch
 # google.golang.org/genproto v0.0.0-20191007204434-a023cd5227bd
 google.golang.org/genproto/googleapis/rpc/status
 # google.golang.org/grpc v1.24.0
@@ -243,6 +290,12 @@ google.golang.org/grpc/serviceconfig
 google.golang.org/grpc/stats
 google.golang.org/grpc/status
 google.golang.org/grpc/tap
+# gopkg.in/coreos/go-oidc.v2 v2.1.0
+gopkg.in/coreos/go-oidc.v2
+# gopkg.in/square/go-jose.v2 v2.4.0
+gopkg.in/square/go-jose.v2
+gopkg.in/square/go-jose.v2/cipher
+gopkg.in/square/go-jose.v2/json
 # gopkg.in/urfave/cli.v2 v2.0.0-20180128181224-d604b6ffeee8
 gopkg.in/urfave/cli.v2
 gopkg.in/urfave/cli.v2/altsrc

From 6b3e2b020b72998077e46d2d6c5151acc348397e Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Wed, 4 Mar 2020 14:15:17 -0600
Subject: [PATCH 014/100] TUN-2785: Use reconnect token by default

---
 cmd/cloudflared/tunnel/cmd.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index 142f63ef..cc75f355 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -980,6 +980,7 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 		altsrc.NewBoolFlag(&cli.BoolFlag{
 			Name:    "use-reconnect-token",
 			Usage:   "Test reestablishing connections with the new 'reconnect token' flow.",
+			Value:   true,
 			EnvVars: []string{"TUNNEL_USE_RECONNECT_TOKEN"},
 			Hidden:  true,
 		}),

From d50fee4fa0ea358952a83798af3400c5757dff21 Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Thu, 5 Mar 2020 15:20:12 -0600
Subject: [PATCH 015/100] TUN-2754: Add ConnDigest to cloudflared and its RPCs

---
 origin/supervisor.go             |  19 +
 origin/tunnel.go                 |   3 +
 tunnelrpc/pogs/tunnelrpc.go      |   3 +
 tunnelrpc/pogs/tunnelrpc_test.go |   5 +-
 tunnelrpc/tunnelrpc.capnp        |   2 +
 tunnelrpc/tunnelrpc.capnp.go     | 713 ++++++++++++++++++++-----------
 6 files changed, 493 insertions(+), 252 deletions(-)

diff --git a/origin/supervisor.go b/origin/supervisor.go
index a1c78571..1855151f 100644
--- a/origin/supervisor.go
+++ b/origin/supervisor.go
@@ -39,6 +39,7 @@ const (
 var (
 	errJWTUnset         = errors.New("JWT unset")
 	errEventDigestUnset = errors.New("event digest unset")
+	errConnDigestUnset  = errors.New("conn digest unset")
 )
 
 // Supervisor manages non-declarative tunnels. Establishes TCP connections with the edge, and
@@ -64,6 +65,9 @@ type Supervisor struct {
 	eventDigestLock *sync.RWMutex
 	eventDigest     []byte
 
+	connDigestLock *sync.RWMutex
+	connDigest     []byte
+
 	bufferPool *buffer.Pool
 }
 
@@ -332,6 +336,21 @@ func (s *Supervisor) SetEventDigest(eventDigest []byte) {
 	s.eventDigest = eventDigest
 }
 
+func (s *Supervisor) ConnDigest() ([]byte, error) {
+	s.connDigestLock.RLock()
+	defer s.connDigestLock.RUnlock()
+	if s.connDigest == nil {
+		return nil, errConnDigestUnset
+	}
+	return s.connDigest, nil
+}
+
+func (s *Supervisor) SetConnDigest(connDigest []byte) {
+	s.connDigestLock.Lock()
+	defer s.connDigestLock.Unlock()
+	s.connDigest = connDigest
+}
+
 func (s *Supervisor) refreshAuth(
 	ctx context.Context,
 	backoff *BackoffHandler,
diff --git a/origin/tunnel.go b/origin/tunnel.go
index 5b04e0d2..fa2d4b2c 100644
--- a/origin/tunnel.go
+++ b/origin/tunnel.go
@@ -93,6 +93,8 @@ type ReconnectTunnelCredentialManager interface {
 	ReconnectToken() ([]byte, error)
 	EventDigest() ([]byte, error)
 	SetEventDigest(eventDigest []byte)
+	ConnDigest() ([]byte, error)
+	SetConnDigest(connDigest []byte)
 }
 
 type dupConnRegisterTunnelError struct{}
@@ -380,6 +382,7 @@ func RegisterTunnel(
 		return processRegisterTunnelError(registrationErr, config.Metrics, register)
 	}
 	credentialManager.SetEventDigest(registration.EventDigest)
+	credentialManager.SetConnDigest(registration.ConnDigest)
 	return processRegistrationSuccess(config, logger, connectionID, registration, register)
 }
 
diff --git a/tunnelrpc/pogs/tunnelrpc.go b/tunnelrpc/pogs/tunnelrpc.go
index 6aab7d94..96d92910 100644
--- a/tunnelrpc/pogs/tunnelrpc.go
+++ b/tunnelrpc/pogs/tunnelrpc.go
@@ -47,6 +47,7 @@ type SuccessfulTunnelRegistration struct {
 	LogLines    []string
 	TunnelID    string `capnp:"tunnelID"`
 	EventDigest []byte
+	ConnDigest  []byte
 }
 
 func NewSuccessfulTunnelRegistration(
@@ -54,6 +55,7 @@ func NewSuccessfulTunnelRegistration(
 	logLines []string,
 	tunnelID string,
 	eventDigest []byte,
+	connDigest []byte,
 ) *TunnelRegistration {
 	// Marshal nil will result in an error
 	if logLines == nil {
@@ -65,6 +67,7 @@ func NewSuccessfulTunnelRegistration(
 			LogLines:    logLines,
 			TunnelID:    tunnelID,
 			EventDigest: eventDigest,
+			ConnDigest:  connDigest,
 		},
 	}
 }
diff --git a/tunnelrpc/pogs/tunnelrpc_test.go b/tunnelrpc/pogs/tunnelrpc_test.go
index 6a1d5283..f28a825e 100644
--- a/tunnelrpc/pogs/tunnelrpc_test.go
+++ b/tunnelrpc/pogs/tunnelrpc_test.go
@@ -22,6 +22,7 @@ var (
 	testErr         = fmt.Errorf("Invalid credential")
 	testLogLines    = []string{"all", "working"}
 	testEventDigest = []byte("asdf")
+	testConnDigest  = []byte("lkjh")
 )
 
 // *PermanentRegistrationError implements TunnelRegistrationError
@@ -32,8 +33,8 @@ var _ TunnelRegistrationError = (*RetryableRegistrationError)(nil)
 
 func TestTunnelRegistration(t *testing.T) {
 	testCases := []*TunnelRegistration{
-		NewSuccessfulTunnelRegistration(testURL, testLogLines, testTunnelID, testEventDigest),
-		NewSuccessfulTunnelRegistration(testURL, nil, testTunnelID, testEventDigest),
+		NewSuccessfulTunnelRegistration(testURL, testLogLines, testTunnelID, testEventDigest, testConnDigest),
+		NewSuccessfulTunnelRegistration(testURL, nil, testTunnelID, testEventDigest, testConnDigest),
 		NewPermanentRegistrationError(testErr).Serialize(),
 		NewRetryableRegistrationError(testErr, testRetryAfterSeconds).Serialize(),
 	}
diff --git a/tunnelrpc/tunnelrpc.capnp b/tunnelrpc/tunnelrpc.capnp
index 9ef5be43..ade41e7e 100644
--- a/tunnelrpc/tunnelrpc.capnp
+++ b/tunnelrpc/tunnelrpc.capnp
@@ -23,6 +23,8 @@ struct TunnelRegistration {
     retryAfterSeconds @5 :UInt16;
     # A unique ID used to reconnect this tunnel.
     eventDigest @6 :Data;
+    # A unique ID used to prove this tunnel was previously connected to a given metal.
+    connDigest @7 :Data;
 }
 
 struct RegistrationOptions {
diff --git a/tunnelrpc/tunnelrpc.capnp.go b/tunnelrpc/tunnelrpc.capnp.go
index 51876fb7..194b0a04 100644
--- a/tunnelrpc/tunnelrpc.capnp.go
+++ b/tunnelrpc/tunnelrpc.capnp.go
@@ -106,6 +106,11 @@ func (s Authentication_List) At(i int) Authentication { return Authentication{s.
 
 func (s Authentication_List) Set(i int, v Authentication) error { return s.List.SetStruct(i, v.Struct) }
 
+func (s Authentication_List) String() string {
+	str, _ := text.MarshalList(0xc082ef6e0d42ed1d, s.List)
+	return str
+}
+
 // Authentication_Promise is a wrapper for a Authentication promised by a client call.
 type Authentication_Promise struct{ *capnp.Pipeline }
 
@@ -120,12 +125,12 @@ type TunnelRegistration struct{ capnp.Struct }
 const TunnelRegistration_TypeID = 0xf41a0f001ad49e46
 
 func NewTunnelRegistration(s *capnp.Segment) (TunnelRegistration, error) {
-	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 5})
+	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 6})
 	return TunnelRegistration{st}, err
 }
 
 func NewRootTunnelRegistration(s *capnp.Segment) (TunnelRegistration, error) {
-	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 5})
+	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 6})
 	return TunnelRegistration{st}, err
 }
 
@@ -251,12 +256,26 @@ func (s TunnelRegistration) SetEventDigest(v []byte) error {
 	return s.Struct.SetData(4, v)
 }
 
+func (s TunnelRegistration) ConnDigest() ([]byte, error) {
+	p, err := s.Struct.Ptr(5)
+	return []byte(p.Data()), err
+}
+
+func (s TunnelRegistration) HasConnDigest() bool {
+	p, err := s.Struct.Ptr(5)
+	return p.IsValid() || err != nil
+}
+
+func (s TunnelRegistration) SetConnDigest(v []byte) error {
+	return s.Struct.SetData(5, v)
+}
+
 // TunnelRegistration_List is a list of TunnelRegistration.
 type TunnelRegistration_List struct{ capnp.List }
 
 // NewTunnelRegistration creates a new list of TunnelRegistration.
 func NewTunnelRegistration_List(s *capnp.Segment, sz int32) (TunnelRegistration_List, error) {
-	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 8, PointerCount: 5}, sz)
+	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 8, PointerCount: 6}, sz)
 	return TunnelRegistration_List{l}, err
 }
 
@@ -268,6 +287,11 @@ func (s TunnelRegistration_List) Set(i int, v TunnelRegistration) error {
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s TunnelRegistration_List) String() string {
+	str, _ := text.MarshalList(0xf41a0f001ad49e46, s.List)
+	return str
+}
+
 // TunnelRegistration_Promise is a wrapper for a TunnelRegistration promised by a client call.
 type TunnelRegistration_Promise struct{ *capnp.Pipeline }
 
@@ -530,6 +554,11 @@ func (s RegistrationOptions_List) Set(i int, v RegistrationOptions) error {
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s RegistrationOptions_List) String() string {
+	str, _ := text.MarshalList(0xc793e50592935b4a, s.List)
+	return str
+}
+
 // RegistrationOptions_Promise is a wrapper for a RegistrationOptions promised by a client call.
 type RegistrationOptions_Promise struct{ *capnp.Pipeline }
 
@@ -679,6 +708,11 @@ func (s CapnpConnectParameters_List) Set(i int, v CapnpConnectParameters) error
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s CapnpConnectParameters_List) String() string {
+	str, _ := text.MarshalList(0xa78f37418c1077c8, s.List)
+	return str
+}
+
 // CapnpConnectParameters_Promise is a wrapper for a CapnpConnectParameters promised by a client call.
 type CapnpConnectParameters_Promise struct{ *capnp.Pipeline }
 
@@ -737,6 +771,9 @@ func (s ConnectResult_result) Which() ConnectResult_result_Which {
 	return ConnectResult_result_Which(s.Struct.Uint16(0))
 }
 func (s ConnectResult_result) Err() (ConnectError, error) {
+	if s.Struct.Uint16(0) != 0 {
+		panic("Which() != err")
+	}
 	p, err := s.Struct.Ptr(0)
 	return ConnectError{Struct: p.Struct()}, err
 }
@@ -767,6 +804,9 @@ func (s ConnectResult_result) NewErr() (ConnectError, error) {
 }
 
 func (s ConnectResult_result) Success() (ConnectSuccess, error) {
+	if s.Struct.Uint16(0) != 1 {
+		panic("Which() != success")
+	}
 	p, err := s.Struct.Ptr(0)
 	return ConnectSuccess{Struct: p.Struct()}, err
 }
@@ -809,6 +849,11 @@ func (s ConnectResult_List) At(i int) ConnectResult { return ConnectResult{s.Lis
 
 func (s ConnectResult_List) Set(i int, v ConnectResult) error { return s.List.SetStruct(i, v.Struct) }
 
+func (s ConnectResult_List) String() string {
+	str, _ := text.MarshalList(0xff8d9848747c956a, s.List)
+	return str
+}
+
 // ConnectResult_Promise is a wrapper for a ConnectResult promised by a client call.
 type ConnectResult_Promise struct{ *capnp.Pipeline }
 
@@ -910,6 +955,11 @@ func (s ConnectError_List) At(i int) ConnectError { return ConnectError{s.List.S
 
 func (s ConnectError_List) Set(i int, v ConnectError) error { return s.List.SetStruct(i, v.Struct) }
 
+func (s ConnectError_List) String() string {
+	str, _ := text.MarshalList(0xb14ce48f4e2abb0d, s.List)
+	return str
+}
+
 // ConnectError_Promise is a wrapper for a ConnectError promised by a client call.
 type ConnectError_Promise struct{ *capnp.Pipeline }
 
@@ -1000,6 +1050,11 @@ func (s ConnectSuccess_List) At(i int) ConnectSuccess { return ConnectSuccess{s.
 
 func (s ConnectSuccess_List) Set(i int, v ConnectSuccess) error { return s.List.SetStruct(i, v.Struct) }
 
+func (s ConnectSuccess_List) String() string {
+	str, _ := text.MarshalList(0x8407e070e0d52605, s.List)
+	return str
+}
+
 // ConnectSuccess_Promise is a wrapper for a ConnectSuccess promised by a client call.
 type ConnectSuccess_Promise struct{ *capnp.Pipeline }
 
@@ -1158,6 +1213,11 @@ func (s ClientConfig_List) At(i int) ClientConfig { return ClientConfig{s.List.S
 
 func (s ClientConfig_List) Set(i int, v ClientConfig) error { return s.List.SetStruct(i, v.Struct) }
 
+func (s ClientConfig_List) String() string {
+	str, _ := text.MarshalList(0xf0a143f1c95a678e, s.List)
+	return str
+}
+
 // ClientConfig_Promise is a wrapper for a ClientConfig promised by a client call.
 type ClientConfig_Promise struct{ *capnp.Pipeline }
 
@@ -1238,6 +1298,11 @@ func (s SupervisorConfig_List) Set(i int, v SupervisorConfig) error {
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s SupervisorConfig_List) String() string {
+	str, _ := text.MarshalList(0xf7f49b3f779ae258, s.List)
+	return str
+}
+
 // SupervisorConfig_Promise is a wrapper for a SupervisorConfig promised by a client call.
 type SupervisorConfig_Promise struct{ *capnp.Pipeline }
 
@@ -1339,6 +1404,11 @@ func (s EdgeConnectionConfig_List) Set(i int, v EdgeConnectionConfig) error {
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s EdgeConnectionConfig_List) String() string {
+	str, _ := text.MarshalList(0xc744e349009087aa, s.List)
+	return str
+}
+
 // EdgeConnectionConfig_Promise is a wrapper for a EdgeConnectionConfig promised by a client call.
 type EdgeConnectionConfig_Promise struct{ *capnp.Pipeline }
 
@@ -1421,6 +1491,9 @@ func (s ReverseProxyConfig_originConfig) Which() ReverseProxyConfig_originConfig
 	return ReverseProxyConfig_originConfig_Which(s.Struct.Uint16(0))
 }
 func (s ReverseProxyConfig_originConfig) Http() (HTTPOriginConfig, error) {
+	if s.Struct.Uint16(0) != 0 {
+		panic("Which() != http")
+	}
 	p, err := s.Struct.Ptr(1)
 	return HTTPOriginConfig{Struct: p.Struct()}, err
 }
@@ -1451,6 +1524,9 @@ func (s ReverseProxyConfig_originConfig) NewHttp() (HTTPOriginConfig, error) {
 }
 
 func (s ReverseProxyConfig_originConfig) Websocket() (WebSocketOriginConfig, error) {
+	if s.Struct.Uint16(0) != 1 {
+		panic("Which() != websocket")
+	}
 	p, err := s.Struct.Ptr(1)
 	return WebSocketOriginConfig{Struct: p.Struct()}, err
 }
@@ -1481,6 +1557,9 @@ func (s ReverseProxyConfig_originConfig) NewWebsocket() (WebSocketOriginConfig,
 }
 
 func (s ReverseProxyConfig_originConfig) HelloWorld() (HelloWorldOriginConfig, error) {
+	if s.Struct.Uint16(0) != 2 {
+		panic("Which() != helloWorld")
+	}
 	p, err := s.Struct.Ptr(1)
 	return HelloWorldOriginConfig{Struct: p.Struct()}, err
 }
@@ -1551,6 +1630,11 @@ func (s ReverseProxyConfig_List) Set(i int, v ReverseProxyConfig) error {
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s ReverseProxyConfig_List) String() string {
+	str, _ := text.MarshalList(0xc766a92976e389c4, s.List)
+	return str
+}
+
 // ReverseProxyConfig_Promise is a wrapper for a ReverseProxyConfig promised by a client call.
 type ReverseProxyConfig_Promise struct{ *capnp.Pipeline }
 
@@ -1690,6 +1774,11 @@ func (s WebSocketOriginConfig_List) Set(i int, v WebSocketOriginConfig) error {
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s WebSocketOriginConfig_List) String() string {
+	str, _ := text.MarshalList(0xf9c895683ed9ac4c, s.List)
+	return str
+}
+
 // WebSocketOriginConfig_Promise is a wrapper for a WebSocketOriginConfig promised by a client call.
 type WebSocketOriginConfig_Promise struct{ *capnp.Pipeline }
 
@@ -1867,6 +1956,11 @@ func (s HTTPOriginConfig_List) Set(i int, v HTTPOriginConfig) error {
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s HTTPOriginConfig_List) String() string {
+	str, _ := text.MarshalList(0xe4a6a1bc139211b4, s.List)
+	return str
+}
+
 // HTTPOriginConfig_Promise is a wrapper for a HTTPOriginConfig promised by a client call.
 type HTTPOriginConfig_Promise struct{ *capnp.Pipeline }
 
@@ -1965,6 +2059,11 @@ func (s DoHProxyConfig_List) At(i int) DoHProxyConfig { return DoHProxyConfig{s.
 
 func (s DoHProxyConfig_List) Set(i int, v DoHProxyConfig) error { return s.List.SetStruct(i, v.Struct) }
 
+func (s DoHProxyConfig_List) String() string {
+	str, _ := text.MarshalList(0xb167b0bebe562cd0, s.List)
+	return str
+}
+
 // DoHProxyConfig_Promise is a wrapper for a DoHProxyConfig promised by a client call.
 type DoHProxyConfig_Promise struct{ *capnp.Pipeline }
 
@@ -2015,6 +2114,11 @@ func (s HelloWorldOriginConfig_List) Set(i int, v HelloWorldOriginConfig) error
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s HelloWorldOriginConfig_List) String() string {
+	str, _ := text.MarshalList(0x8891f360e47c30d3, s.List)
+	return str
+}
+
 // HelloWorldOriginConfig_Promise is a wrapper for a HelloWorldOriginConfig promised by a client call.
 type HelloWorldOriginConfig_Promise struct{ *capnp.Pipeline }
 
@@ -2099,6 +2203,11 @@ func (s Tag_List) At(i int) Tag { return Tag{s.List.Struct(i)} }
 
 func (s Tag_List) Set(i int, v Tag) error { return s.List.SetStruct(i, v.Struct) }
 
+func (s Tag_List) String() string {
+	str, _ := text.MarshalList(0xcbd96442ae3bb01a, s.List)
+	return str
+}
+
 // Tag_Promise is a wrapper for a Tag promised by a client call.
 type Tag_Promise struct{ *capnp.Pipeline }
 
@@ -2224,6 +2333,11 @@ func (s ServerInfo_List) At(i int) ServerInfo { return ServerInfo{s.List.Struct(
 
 func (s ServerInfo_List) Set(i int, v ServerInfo) error { return s.List.SetStruct(i, v.Struct) }
 
+func (s ServerInfo_List) String() string {
+	str, _ := text.MarshalList(0xf2c68e2547ec3866, s.List)
+	return str
+}
+
 // ServerInfo_Promise is a wrapper for a ServerInfo promised by a client call.
 type ServerInfo_Promise struct{ *capnp.Pipeline }
 
@@ -2307,6 +2421,11 @@ func (s UseConfigurationResult_List) Set(i int, v UseConfigurationResult) error
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s UseConfigurationResult_List) String() string {
+	str, _ := text.MarshalList(0xd58a254e7a792b87, s.List)
+	return str
+}
+
 // UseConfigurationResult_Promise is a wrapper for a UseConfigurationResult promised by a client call.
 type UseConfigurationResult_Promise struct{ *capnp.Pipeline }
 
@@ -2371,6 +2490,9 @@ func (s FailedConfig_config) Which() FailedConfig_config_Which {
 	return FailedConfig_config_Which(s.Struct.Uint16(0))
 }
 func (s FailedConfig_config) Supervisor() (SupervisorConfig, error) {
+	if s.Struct.Uint16(0) != 0 {
+		panic("Which() != supervisor")
+	}
 	p, err := s.Struct.Ptr(0)
 	return SupervisorConfig{Struct: p.Struct()}, err
 }
@@ -2401,6 +2523,9 @@ func (s FailedConfig_config) NewSupervisor() (SupervisorConfig, error) {
 }
 
 func (s FailedConfig_config) EdgeConnection() (EdgeConnectionConfig, error) {
+	if s.Struct.Uint16(0) != 1 {
+		panic("Which() != edgeConnection")
+	}
 	p, err := s.Struct.Ptr(0)
 	return EdgeConnectionConfig{Struct: p.Struct()}, err
 }
@@ -2431,6 +2556,9 @@ func (s FailedConfig_config) NewEdgeConnection() (EdgeConnectionConfig, error) {
 }
 
 func (s FailedConfig_config) Doh() (DoHProxyConfig, error) {
+	if s.Struct.Uint16(0) != 2 {
+		panic("Which() != doh")
+	}
 	p, err := s.Struct.Ptr(0)
 	return DoHProxyConfig{Struct: p.Struct()}, err
 }
@@ -2461,6 +2589,9 @@ func (s FailedConfig_config) NewDoh() (DoHProxyConfig, error) {
 }
 
 func (s FailedConfig_config) ReverseProxy() (ReverseProxyConfig, error) {
+	if s.Struct.Uint16(0) != 3 {
+		panic("Which() != reverseProxy")
+	}
 	p, err := s.Struct.Ptr(0)
 	return ReverseProxyConfig{Struct: p.Struct()}, err
 }
@@ -2522,6 +2653,11 @@ func (s FailedConfig_List) At(i int) FailedConfig { return FailedConfig{s.List.S
 
 func (s FailedConfig_List) Set(i int, v FailedConfig) error { return s.List.SetStruct(i, v.Struct) }
 
+func (s FailedConfig_List) String() string {
+	str, _ := text.MarshalList(0xea20b390b257d1a5, s.List)
+	return str
+}
+
 // FailedConfig_Promise is a wrapper for a FailedConfig promised by a client call.
 type FailedConfig_Promise struct{ *capnp.Pipeline }
 
@@ -2660,6 +2796,11 @@ func (s AuthenticateResponse_List) Set(i int, v AuthenticateResponse) error {
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s AuthenticateResponse_List) String() string {
+	str, _ := text.MarshalList(0x82c325a07ad22a65, s.List)
+	return str
+}
+
 // AuthenticateResponse_Promise is a wrapper for a AuthenticateResponse promised by a client call.
 type AuthenticateResponse_Promise struct{ *capnp.Pipeline }
 
@@ -3053,6 +3194,11 @@ func (s TunnelServer_registerTunnel_Params_List) Set(i int, v TunnelServer_regis
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s TunnelServer_registerTunnel_Params_List) String() string {
+	str, _ := text.MarshalList(0xb70431c0dc014915, s.List)
+	return str
+}
+
 // TunnelServer_registerTunnel_Params_Promise is a wrapper for a TunnelServer_registerTunnel_Params promised by a client call.
 type TunnelServer_registerTunnel_Params_Promise struct{ *capnp.Pipeline }
 
@@ -3132,6 +3278,11 @@ func (s TunnelServer_registerTunnel_Results_List) Set(i int, v TunnelServer_regi
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s TunnelServer_registerTunnel_Results_List) String() string {
+	str, _ := text.MarshalList(0xf2c122394f447e8e, s.List)
+	return str
+}
+
 // TunnelServer_registerTunnel_Results_Promise is a wrapper for a TunnelServer_registerTunnel_Results promised by a client call.
 type TunnelServer_registerTunnel_Results_Promise struct{ *capnp.Pipeline }
 
@@ -3186,6 +3337,11 @@ func (s TunnelServer_getServerInfo_Params_List) Set(i int, v TunnelServer_getSer
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s TunnelServer_getServerInfo_Params_List) String() string {
+	str, _ := text.MarshalList(0xdc3ed6801961e502, s.List)
+	return str
+}
+
 // TunnelServer_getServerInfo_Params_Promise is a wrapper for a TunnelServer_getServerInfo_Params promised by a client call.
 type TunnelServer_getServerInfo_Params_Promise struct{ *capnp.Pipeline }
 
@@ -3261,6 +3417,11 @@ func (s TunnelServer_getServerInfo_Results_List) Set(i int, v TunnelServer_getSe
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s TunnelServer_getServerInfo_Results_List) String() string {
+	str, _ := text.MarshalList(0xe3e37d096a5b564e, s.List)
+	return str
+}
+
 // TunnelServer_getServerInfo_Results_Promise is a wrapper for a TunnelServer_getServerInfo_Results promised by a client call.
 type TunnelServer_getServerInfo_Results_Promise struct{ *capnp.Pipeline }
 
@@ -3323,6 +3484,11 @@ func (s TunnelServer_unregisterTunnel_Params_List) Set(i int, v TunnelServer_unr
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s TunnelServer_unregisterTunnel_Params_List) String() string {
+	str, _ := text.MarshalList(0x9b87b390babc2ccf, s.List)
+	return str
+}
+
 // TunnelServer_unregisterTunnel_Params_Promise is a wrapper for a TunnelServer_unregisterTunnel_Params promised by a client call.
 type TunnelServer_unregisterTunnel_Params_Promise struct{ *capnp.Pipeline }
 
@@ -3373,6 +3539,11 @@ func (s TunnelServer_unregisterTunnel_Results_List) Set(i int, v TunnelServer_un
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s TunnelServer_unregisterTunnel_Results_List) String() string {
+	str, _ := text.MarshalList(0xa29a916d4ebdd894, s.List)
+	return str
+}
+
 // TunnelServer_unregisterTunnel_Results_Promise is a wrapper for a TunnelServer_unregisterTunnel_Results promised by a client call.
 type TunnelServer_unregisterTunnel_Results_Promise struct{ *capnp.Pipeline }
 
@@ -3448,6 +3619,11 @@ func (s TunnelServer_connect_Params_List) Set(i int, v TunnelServer_connect_Para
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s TunnelServer_connect_Params_List) String() string {
+	str, _ := text.MarshalList(0xa766b24d4fe5da35, s.List)
+	return str
+}
+
 // TunnelServer_connect_Params_Promise is a wrapper for a TunnelServer_connect_Params promised by a client call.
 type TunnelServer_connect_Params_Promise struct{ *capnp.Pipeline }
 
@@ -3527,6 +3703,11 @@ func (s TunnelServer_connect_Results_List) Set(i int, v TunnelServer_connect_Res
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s TunnelServer_connect_Results_List) String() string {
+	str, _ := text.MarshalList(0xfeac5c8f4899ef7c, s.List)
+	return str
+}
+
 // TunnelServer_connect_Results_Promise is a wrapper for a TunnelServer_connect_Results promised by a client call.
 type TunnelServer_connect_Results_Promise struct{ *capnp.Pipeline }
 
@@ -3639,6 +3820,11 @@ func (s TunnelServer_authenticate_Params_List) Set(i int, v TunnelServer_authent
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s TunnelServer_authenticate_Params_List) String() string {
+	str, _ := text.MarshalList(0x85c8cea1ab1894f3, s.List)
+	return str
+}
+
 // TunnelServer_authenticate_Params_Promise is a wrapper for a TunnelServer_authenticate_Params promised by a client call.
 type TunnelServer_authenticate_Params_Promise struct{ *capnp.Pipeline }
 
@@ -3718,6 +3904,11 @@ func (s TunnelServer_authenticate_Results_List) Set(i int, v TunnelServer_authen
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s TunnelServer_authenticate_Results_List) String() string {
+	str, _ := text.MarshalList(0xfc5edf80e39c0796, s.List)
+	return str
+}
+
 // TunnelServer_authenticate_Results_Promise is a wrapper for a TunnelServer_authenticate_Results promised by a client call.
 type TunnelServer_authenticate_Results_Promise struct{ *capnp.Pipeline }
 
@@ -3844,6 +4035,11 @@ func (s TunnelServer_reconnectTunnel_Params_List) Set(i int, v TunnelServer_reco
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s TunnelServer_reconnectTunnel_Params_List) String() string {
+	str, _ := text.MarshalList(0xa353a3556df74984, s.List)
+	return str
+}
+
 // TunnelServer_reconnectTunnel_Params_Promise is a wrapper for a TunnelServer_reconnectTunnel_Params promised by a client call.
 type TunnelServer_reconnectTunnel_Params_Promise struct{ *capnp.Pipeline }
 
@@ -3923,6 +4119,11 @@ func (s TunnelServer_reconnectTunnel_Results_List) Set(i int, v TunnelServer_rec
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s TunnelServer_reconnectTunnel_Results_List) String() string {
+	str, _ := text.MarshalList(0xd4d18de97bb12de3, s.List)
+	return str
+}
+
 // TunnelServer_reconnectTunnel_Results_Promise is a wrapper for a TunnelServer_reconnectTunnel_Results promised by a client call.
 type TunnelServer_reconnectTunnel_Results_Promise struct{ *capnp.Pipeline }
 
@@ -4067,6 +4268,11 @@ func (s ClientService_useConfiguration_Params_List) Set(i int, v ClientService_u
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s ClientService_useConfiguration_Params_List) String() string {
+	str, _ := text.MarshalList(0xb9d4ef45c2b5fc5b, s.List)
+	return str
+}
+
 // ClientService_useConfiguration_Params_Promise is a wrapper for a ClientService_useConfiguration_Params promised by a client call.
 type ClientService_useConfiguration_Params_Promise struct{ *capnp.Pipeline }
 
@@ -4146,6 +4352,11 @@ func (s ClientService_useConfiguration_Results_List) Set(i int, v ClientService_
 	return s.List.SetStruct(i, v.Struct)
 }
 
+func (s ClientService_useConfiguration_Results_List) String() string {
+	str, _ := text.MarshalList(0x91f7a001ca145b9d, s.List)
+	return str
+}
+
 // ClientService_useConfiguration_Results_Promise is a wrapper for a ClientService_useConfiguration_Results promised by a client call.
 type ClientService_useConfiguration_Results_Promise struct{ *capnp.Pipeline }
 
@@ -4159,253 +4370,255 @@ func (p ClientService_useConfiguration_Results_Promise) Result() UseConfiguratio
 }
 
 const schema_db8274f9144abc7e = "x\xda\xccZ{\x90Tev?\xe7\xde\x1e\xee\x0c\xcc" +
-	"\xd0}s\xdbr\xa0\x18:\xa0Da\x85\x88\xb3$\xee" +
-	"$\xd9\x9e\x07\xc3\xce\xb0<\xe6N\xcf\xa0\x8e$\xe5\x9d" +
-	"\xeeof\xee\xd0}os\x1f\xc0\x10X\x1e\x85Q&" +
-	"\xa0\xe8J\x0a\\\xdcR\\\xe3#&+.VV\x03" +
-	"\x96&\x9b\xa8Y\x89\xeb\x06R\xb2\xd1\x0a\x0aVJK" +
-	"\xcb\xc5G\x19R\xeaM\x9d\xfb\x9ef\x18\xc0$U\xfb" +
-	"\x0ft\x9d{\xbe\xc7y\xfd\xce\xe3\x9b\xeb\xef\x9a\xdc\xcc" +
-	"-\xac\xba&\x09 ?U5\xc9a\xf3~\xb9\xf1\xc1" +
-	"9\xff\xb0\x1d\xe4\xe9\x88\xce\xf7\x8e,M\x9f\xb3\xb6\xff" +
-	";T\xf1\x02@\xe3\x88\xb0\x11\xa5\xdd\x82\x00 \xed\x14" +
-	"\xfe\x13\xd0\xa9\xfa\x9d\x13\xa7\xca\xa7\x84\x1d N\x8f3" +
-	"s\xc4\\\xaa^\x8a\xd2\xb6jb\xde\\\xbd\x1e\xd0\xf9" +
-	"\xc3\xd2k\x07\x7fo\xef\xcf\x89\x99\x8b\x98\x01\x1b\xdf\xad" +
-	"\xde\x88\xd29\x97\xf3\xb3\xea\x95\x80\xce'\xf7\xd5\xff\xd5" +
-	"C\xff\xf2\xf2\xed ^\x83\xe0\x9f]W\xf3+\x04\x94" +
-	"f\xd5\xfc\x18\xd0\xf9\xd7\xeb7\x9d\xb9\xed\x93{\xee\x1c" +
-	"{n\x82\xf8^\xac\x19E\xe9d\x8d\x00\xbc\xf3\xc0\xad" +
-	"\xe9\x7f\xc6\x07?\xbf\x07\xc4ki\x1b\xa4\xcf\xcf\xd4L" +
-	"\xe6\x00\xa5c5Y@\xe7\xb5\xeb\x8e<\xb7\xe7'w" +
-	"\xfc\x00\xe4k\x10\xc1[\xffa\xcd\x7f\xd398\x99\x18" +
-	"\xce\xfe\xe8\x1b\x89\xbf~\xed\xb7~\xe828\x8f\xbc~" +
-	"\xd3\xd3{~\xf2\xdb\xefC/'`\x02\xa0q\xeed" +
-	"\x83x\x17M&]\xdc\xf7\xc6\xd1\x15\xa5{\xee?\xe8" +
-	"]\xda\xdd\xeb\x8a)\x1c\x07\x09gG\xe7\xe7\xa5\xde\x87" +
-	"s\x0f\xfb\xe2\xb8\x9fj\xa6|LK\x1b\xa6\xd0\xd2E" +
-	"\xbfzw\xe5\xf2\xa7\x07\x1e\xf5\x19\xdc\x8b\x9e\x9b\xf24" +
-	"1\xd4\xd4\xd2=^^\x9f\xda\xd5\xf2\xfbw?Zi" +
-	"\x95*\xe2\x9c_;\x8aR{-\xfdl\xa9\xbd\x09\x01" +
-	"\x9d\xd1o\x1d]\xf5\xc9\x9f\x99O\x80<\x1f\x13\xce\xcf" +
-	"v\x9e^7\xf7\xf1\x81\x97\xdck\xf3\x00\x8d\xcf\xd6\xfd" +
-	"\x92\xb6>VG\xaa\xac\xfb\xbby+\xee>\xb3\xec\x10" +
-	"m\x1d3\x8bw\x89\xd2\xd4&\x946O%\xcb\x8cL" +
-	"%\xee_\\\xb7\xea\xf9\xe7\x9f\x1a<Ty\x11\xd7\xe2" +
-	"\xd3\x92KQ\x9a\x9f$\xee\xb9I\xe2\xbe\xa2\x13\xdf|" +
-	"aa\xe2o\xe3v|+\xf9>\x1d~\xd6e\xb8\xf5" +
-	"\x8bg\xfe\xbe\xfd\xa3\xe3\xcf\xc6-tO\x8a#\x0b=" +
-	"\x92\"\xc1\xfbF\xb1\xf4fS\xf3\xf3 _\x8b\xe8\x0c" +
-	"\xef\xdddu\xec\xdb\xed@/\x0a\xc8\x014\x1eKm" +
-	"\xa4\xcdN\xa6\xc8\xbf\x1a>l\xad\xd3>\xda\xfeB\x85" +
-	"3\xba\xa7.\x12\x97\xa2\xd4)\xd2\xd5\xda\xc5\x1f\x03~" +
-	"\xfe\xc4\x1d{:O/~I\x9e\x8e\x89J\xa1\xdf\x16" +
-	"7\xa2\xf4\x19\xf16\x9e\x153\xa4\xcfP\x83\x15\xec\xae" +
-	"\xd4\xb3\xa4a\x94\x16I\xf4s\xa1\xe4\xb2/\xbd\xf5\xfb" +
-	"\xf7V\xbd\xfb\xfd\x97*UJ\x1e\xde\xf8Gi\x03%" +
-	"9M?\x97\xa7\xaf\xe4\x01\x9d\xe9O\xfd\xc1\xdf\xb4\x16" +
-	"N\xfe|\x9c \x92\x8e]\xf9\xb1t\xf2J\xfau\xe2" +
-	"J\x92\xf1\xf4\xfcC\x7f\xfa\xde\xee\xd7\x8f\xc7=ea" +
-	"\xbd\xeb\xb1\xed\xf5\xa4\xb0;\xbe1\xb2q\xc5\x9c\xd1\x13" +
-	"\x95\x06r9Y\xfd(J\x9b\xeb]s\xd6\xd3v\xdc" +
-	"\xbb\xca\xb4\xad\xff\xf6\xed7c>\xfb^\xfd;\x08\x09" +
-	"g\xc5\xaa[\x87k6\x9f>\x1d?\xe8\xadz\xcft" +
-	"\xeeA\x87\xc5{\xa5#\x0f\xfd\xe5\x19:H\xa8T\xb7" +
-	"8\xad\x0f\xa59\xd3\\\xf5L{\x94\x83X\xec\x8c\xe7" +
-	"8\x0d3\x9aP\x9a?\xc3u\x9c\x19t\xafE\xb7\xb5" +
-	"\xb0\xd57\xde\xfc>\x88\xd3\xf91P\xa1\x12\xe7\x08q" +
-	"6\xda3\xee@is\x83\x00\xe0\xdc5\xd8\xf7\xca\xd9" +
-	"\xb6\x87~]\xb9\xb9+\x10khB\xc9&\xbe\xc6\xb5" +
-	"\x0d\xae}\x1a\x17\xfe\xf9\x87{\x1fn;{\xde\xeeG" +
-	"g\xb6\xa2tl&\xdd\xe3\x95\x99\xdf\x91\xce\xcdt7" +
-	"\xff\xde\xe2\x95\xdf\x9a\xfd\xe2\xc7qM\xbc=\xd3\x8d\xde" +
-	"\xcff\x92&\x06n\xfc\xe0;s\xee\xfa\xa7\x8f+\xec" +
-	"\xe72^\x91\x99\x87\xd2\x9c\x0c\xed8+\x93\x05\xfch" +
-	"\xc9\x0f\x8fOON\xfft\xbc8n\xcf\x0c\xa3t\x0b" +
-	"\xf16\xf6f\xee\xa6\x8b\xde\xfc\xce\xfd\xeb\xb3?\xf8\xf4" +
-	"s\x92\x8b\xaf\xc0\xb9\x9aY}(5\xcc\xa2\x9d\xa7\xcd" +
-	"\xa2XZ\xf6\xe4\xc9o\x0f\xed}\xf9\xdc\xb8\xc8\xfd\x8f" +
-	"\xb3\xb6\xa3t\xd2\xe5>1\x8b \xe7/\x84\x03\xa7\xb7" +
-	"\xfe\xc7\x9f|\x11\x97\xea\xe8\xecwH\xaa\xd7g\x93T" +
-	"\x9b>\xda\xdfq\xf7\xea'\xbf\x8a3\x9c\x9d\xfd\x9c\x8b" +
-	"\x8dW\x11C\x18\x8c\xe3y\xda\xac\xabZQZx\x15" +
-	"\x9d7\xff\xaa,\xccw,[\xd3X\xd1('\xf2\xbf" +
-	"\x1b\xfc\xcc/\xc8+e\xad\xdc\xd4b[CL\xb3\xd4" +
-	"\xbcb\xb1n\x965\xcb\xbaf\xb2.D9\xc5'\x00" +
-	"\x12\x08 *\xc3\x00\xf2m<\xcaE\x0eE\xc44\xa1" +
-	"\xb5\xa8\x12q\x88G\xd9\xe2P\xe4\xb84!\x82\xb8v" +
-	"6\x80\\\xe4Q\xde\xc0!\xf2i\xc2;\xd1\xbe\x17@" +
-	"\xde\xc0\xa3\xbc\x83C\xa7\xcc\x8c\x92\xa21\x0d\x92V\xbb" +
-	"a`-pX\x0b\xe8\x18\xcc2F\x94\xfe\"$Y" +
-	"\x8c,\x0c\xaf\xb7\xb0\x0e8\xac\x03t\x86t\xdb0{" +
-	"5\x0b\xd5b7\x1b0\x98\x89C8\x098\x9c\x048" +
-	"\x91xm\xba\xa6\xb1\xbc\x95\xb3\xf3yf\x9a\x00$Y" +
-	"u(\xd9\xdc\xfb\x01\xe4\xebx\x94o\x8cI\xb6\x88$" +
-	"\xfb&\x8fr3\x87\x8e\xc9\x8cu\xccX\xa6c^\xb1" +
-	"T][\xa1\xf0%\x16^;_T\x99f\xb5\xe9\x90" +
-	"\xd4\x06\xd4ALE\xa1\x00\x88\xa9\x89/\xd6\xbeA5" +
-	"-U\x1b\xecq\xe9\xd9.\xbd\xa8\xe6G\xe8v\xb5\xae" +
-	"&\x1b\x9ah\x0f\xf1\x8a>\x00\xe4D\xb1\x15 \xab\x0e" +
-	"j\xba\xc1\x9c\x82j\xe6I(\xe0\xf3\xd6\x96~\xa5\xa8" +
-	"hy\x16\x1e4\xe9\xfc\x83\xbc\x03r\xae\x1c\x0b\x94\x98" +
-	"\xb5\xaf\xeeR\x0c\x85/\x99rm\xa8\x8f\xf6>\x00y" +
-	"1\x8frWL\x1f\xcb\x97\x02\xc8\xcbx\x94o\x8eY" +
-	"\xba\xb7\x15@\xee\xe2Q^\xcd\xa1\xa3\x1b\xea\xa0\xaa\xb5" +
-	"1\xe0\x8d\xb8\xc1LKSJ\x0c\x00\x02\x85m\xd1\xcb" +
-	"\xa4D\x13S\x11JWh\xaa\xea|\x01:X\xb1\xa8" +
-	"\xdf\xa4\x1b\xc5\xc2J\xef\x1c\x9d\xb4\xed\x9a2\\&\x8c" +
-	"cy\xd78$\xb7\x9ag\x0bl\x93y\xebl\xc35" +
-	"\xe4\xd5\xdd\xcc\xb4\x8b\x96\x09 'B\xf1\xeb\x9a\x00\xe4" +
-	"j\x1e\xe54\x87Y\xc3e\xc0T\x04\xea\x15W\xbd\x98" +
-	"\xaem\xcd`\x83\xaai1\xc3#_\x9d%\x85\x97\xcc" +
-	"\xf8\x81\xe4\x7f)\x1e\xe5\x19\x1c:\x83\x86\x92g]\xcc" +
-	"@U/\xacP4=\xc7\xb3<V\x01\x87U\x13{" +
-	"\xd2\x12E-\xb2\x82'\xdd\x82|\xc6\xfd\x9f\xa2\xb7\xd6" +
-	"q\xbc\xf0\xed\x8b\xc2\xb7\x0e\xbfr\xfc\xf8\xdd\x18\xc5o" +
-	"\x1d\xf7\xa5s~\x00\xd7\xf1_8~\x08SDX<" +
-	"\xca[)\"\xec2\xe9\xd4\x04^70\x15\xa1\xa4\xaf" +
-	"\x1dV\x18$Mk\x90eyR4\xa6\x82l\xef1" +
-	"\x08\x05}\x08SQ)\xe3/3\xd8:f\x98\xac\x0b" +
-	"\x92\x86\xbea\x04SQ\xd6\xaf\xd0\xfa\xd4\xcb\xd5z`" +
-	"\xe8p\xd5\xc4\xeb\x0d\x96\xf7 \xc3_\xde\x95\xf1\x8c\x16" +
-	"\x83C\xd2\xd1j\x1e\xe5\xa1X\x90\xb0~\x00\xb9\xc0\xa3" +
-	"\\\x8e\x05Iii\xa4M\x91\x0f\xf0\x90\"\xa7\xcc\xa3" +
-	"\xbc\x89\x1b\x8bpl\x1d\xd3\xac\xc5\xea \x08\xcc\xfc\x7f" +
-	"\x08\xa31R\xfa2\x86\xd2\xc5\\\x92\xbc\xa5\x96G\xb9" +
-	"\x9e\xe0\x9a\xbe2\x8b\x02\x9bN\x0b\x0b\xe1\x8b\x9f\xd6F" +
-	"\xff\xfa\xe0\xdb\xe5\xefb\xf8\xf8[\x1f\x1e\xb6\x9f\x0e\xdb" +
-	"\xc7\xa3\xfc\xa3\x98*\x1f2\x00\xe4\x07y\x94\x9f\xe4\x10" +
-	"}M>~\x10@~\x92G\xf9\xa7\xa4I\xce\xd3\xe4" +
-	"3\xf3\xa8m\xe2Q~\x95C1\xc1\xa7\xa9+\x10_" +
-	"\xa1\x90z\x95G\xf9\x0d\x0e\xc5\xaaD\x1a\xab\x00\xc4\x13" +
-	"d\x9d\xe3<\xca\xa7.\x84V\xf9\xa2n\x17\x06\x8a\x0a" +
-	"d\x0cV\xe8\\\x1c\xd25\xbb\xd4e\xb0u*\xea\xb6" +
-	"\xd9bY\xac$\x94-3H<IK\x194q*" +
-	"`\x17\x8f\x98\x8aJI@\"\x86{\xa2\xc1\x0a\xab\x98" +
-	"a\xaa\xbc\xae\x85\xb9C\xd5,\xa6Y\xcb\x14\x10\xfaY" +
-	"1\xa4N\x80-\xdd~\x84P|\xf8\xc1\xaeGx\x88" +
-	"\x83\x04\xe33\x1c\xc7Wb;\xe9\xa6\x99Gy\x19\x87" +
-	"\x0d\xf8\x15\x91I\x8f\x9d\xdd\x00r\x07\x8fr\x0f\x87\x0d" +
-	"\xdc\x97D&M\xca}\x11\x9a'\x87,\xab\x8c\xa9\xa8" +
-	"\xc4\xf4\x8d\xbd\x9e\xf5\x9bz~\x0d\x03$P\x0c\xeb\x1d" +
-	"\xff\xeb\x90\x0f\xd2\xc0\x17\x0b\x98\x8aZ\xc4\x0aO\xe1/" +
-	"\x94\xa1\xb3T\x0f\xe8\x86\x9b\x00\xa3ttC$D\xe0" +
-	"\x1d\x9d}\x91\x04\"\xd7\xec\x89%\xf7G\xf7\xcf\xe4\x15" +
-	"\xdbdcK\x8b\x96\x01\x0bxf\x84hj\x0e\xe9v" +
-	"\xb1\xd0\xcd@\xb0\x8c\x11D\xe0\x10'\xc6\xd8\xc5zG" +
-	"L\xf1\x9e\x1b\x8f\x9f6\xc3\xac\xd9\x17\xcf\x9a\xbe\xfa{" +
-	"I\xfd=\x1eJ8EB)\xadC\x07\xde\xb4\xc2\xeb" +
-	"z\xc4.\xdduN\x018\x14\x00\x1d\xbblZ\x06S" +
-	"J\x80\xa1\xb7\x11\xff\xd4\xcbHF\x15\xa0\xd8\xa5$\xdd" +
-	"\xb8\xffMJ\xfd\x97\x9f\xc3\xbd|:&\x83\x1f\x8c%" +
-	"\xd4\xbc\xbf\x1a\xdd\xe5m\xba&\\v\x95\xe6#\x98\x97" +
-	"C\x16\xf85\x01\x15\x90Ar\x9dK\xc9\xe0j\x1e\xe5" +
-	"\xeb\xe3\xc9u>\xa9\xe8Z\x1e\xe5or(0\x83\xf2" +
-	"d\xd8\xe9{\x87n1\xbd\x8a\x14S\xd1\x18\xe7\xe2\xd7" +
-	"\x89\x15\xeb\xaa\xae\x9d\xe7\x86\xb3\xa3p\x09M\xd8yC" +
-	"\xcc\xae\x81\x09\x97\xf7Gv\x15\xd6\xb0\x91\xc0J\x19V" +
-	"R\xd4\x08\x8d|\xe3\xb6\x80\xf0\xdd\x88g\xc2\xa2\xd6O" +
-	"\xfe^\xea\xcfz\xd6\xa2K\xa6\xc3Kn\x1e\x05\x90\xb7" +
-	"\xf2(\xef\x8a]r'\xf5\x08\xbbx\x94\xf7\xc5.\xb9" +
-	"\x97\x94\xb8\x87G\xf9@,{\xee'\x03\x1f\xe0Q~" +
-	"\x8cCLx\x90\xff\x08A\xfec<\xca\x879\x17\xb0" +
-	";Z\xdat\x0d\xfdK\x98\x00a\x9f0\xc4\x14\xc3\xea" +
-	"g\x0aZ\x9d\x9a\xc5\x8cu\x0a\x16\x03H\xd8b\xa9%" +
-	"\xa6\xdbV\x08\x11%e\x83[Xa\xa1\xc3[%(" +
-	"\x96\x895\xc0a\x0dE\xa4\xc9\x8c6\x83\x15\x90\xac\xa1" +
-	"\x14\xbb\x14\xde\x1a\xba\x14\x05\x8d\x05\xf1\xe48\xea\xa1\xb2" +
-	"l\x13\x8f\xf2\x9d\x04%\x18\x9b&\x89\xb7\x0f\x03\xe7\"" +
-	"\x09\xc9\xbc\xb65^Zp^\x9a\x8b\xb7ZnB\x9c" +
-	"\x04 n#\xed\xec\xe0Q\xde\xc3\x05W\xeb\xd0!\xeb" +
-	"Eh\xa5\xa9\xfdVf\x0b\xa1\xa6\xca\"y\xfdzA" +
-	"E]\xebq\x15\x85\x91\xa6\xf2z\xa9l\x90+\xab\xba" +
-	"&\xdbJQ\xe5\xad\x91p\xe1\x84\xba H\xf2By" +
-	"e9\xe3\x1a\x8b\x94qc\xa0\x0ci\x04\x97\x02\xe46" +
-	" \x8f\xb9\x1d\x18\xb9\x8b\xb4\x0d[\x01r\x9b\x88~'" +
-	"F\x1e#\xdd\x8e\xd3\x01r[\x89\xbe\x0b\xc3\x0eT\xda" +
-	"\x89O\x00\xe4v\x11y\x1fF\xa5\x82\xb4\xd7\xdd\xfe>" +
-	"\xa2?\x88Q\xb5 =\x80\xf3\x00r\xfb\x88~\x98\xe8" +
-	"\x938W\x93\xd2!\x1c\x06\xc8=E\xf4#D\x17\xaa" +
-	"\xd2\xd4nK\xcf\xa2\x01\x90\xfb)\xd1\x7fF\xf4\xea\xfa" +
-	"4V\x03H/\xba\xf4\x17\x88\xfe*\xd1k\xa6\xa5\xb1" +
-	"\x06@z\x05\xb7\x03\xe4^&\xfaq\xa2O\xc64N" +
-	"\x06\x90^\xc7\xfb\x01r\xc7\x89~\x8a\xe8S&\xa5q" +
-	"\x0a\x80\xf4\x96{\x9f7\x88~\x86\xe8\xb5\x894\xd6\x02" +
-	"Ho\xe3A\x80\xdc\x19\xa2\xff\x9a\xe8uB\x1a\xeb\x00" +
-	"\xa4\x0f]\xb9> z5\x17\xe2`g!\x0e\xc7\xe4" +
-	"\x86jT\x8e\xf0\xba\x19\xba\x02\xf3;S\xf4rE\x97" +
-	"\x9e\xa4\xd6\x14\x93\xd1\x08\x19\x10\x93\x80NY\xd7\x8b+" +
-	"\xc6\xc2\xfc\xc5*\"\xdf\x8d \xa9k\x9d\x850.=" +
-	"\xe7[\xa6C&\xaf\x14;\xcbQ\x8dd\xb6\xd8\x96n" +
-	"\x97!SP,V\x08\x13\xb5akK\x0c\xbd\xd4\x83" +
-	"\xcc(\xa9\x9aR\x84\xf0\xcbD\xbe\x98\xb4m\xb5\x10\xee" +
-	"=aa\xe7\x0c0\xc5\xb2\x0df\x92h\x17\xc8\xb8\\" +
-	"\xa5Gg\xcaM=\xca`\xc5\x80a^\x94\x1eB\xb4" +
-	"\x9b\x7fC\x94\x1d\x92\xf1(\xcc\xacS\x8a6\xbb\x94b" +
-	"p\xc2\x96\xa5;\xeb\xb5<\x17\xebl\x83q\xd8\xc5\xab" +
-	"\xf9\xde\x8a\xcc\xeb\xe5\xc3\xf3\xa6)\xad\x91\xb0\xa1\xac\x86" +
-	"?a\xe9\xe0\xa2\x9c\x17Xk\xc0\xef\\!C{\xc7" +
-	"\xfc&\x9cW\xfa~s\xa9\x9a\x18d\x96\xf7\xabS\x1b" +
-	"\xd0\xa9<\x10\x94\x92\xf95Ww33y)Z\x8c" +
-	"&\x90\x17\xcf\xdf\x1d==]\xd1\x10\x83\xf7\xc0\xff\xfa" +
-	"\x10\xefZ\xb0\x1b \xd7L\x81\xbb\x0cC\x1dJ\x9d." +
-	"\xeet\x10\xb9\x07\xa3\xaaW\x92]|\xe9\"\xfaj\x8c" +
-	"\xfa\"\xe9\x16\x17\x17V\x13}\xc8\xc5\xbb\x16\x0f\xef\x98" +
-	"\xbb}\x81\xe8e\x17\xef\xd0\xc3\xbb\x92\xbb\x7f\x91\xe8\x1b" +
-	"\xe2xg\xe3\xe8\x18\xf8\x15x\x0f\xef\xb6\xb98\xb5\x83" +
-	"\xe8{\\\xbcKxx\xb7\x1b\x9f\x06\xc8\xed!\xfa\x01" +
-	"\x17\xef\xaa<\xbc\xdb\x8f\xcf\x01\xe4\x0e\x10\xfd1\x17\xef" +
-	"&yx\xf7\x88\xcb\xffX\x88\xb3SZ=\xbc;\xe4" +
-	"\xe2c\x88\xb3\x8em\x14s\x96\xa1j\x80\x83Ql\xe4" +
-	"\xcb\xdfe\xac\xdc\x02\xc9\xa2\xba\x8e\x85\xb9\xa8\xa0*\xc5" +
-	"\xc5\xb6R\x84L\xceR\xf2k\xa2\xd2\xbehv(Z" +
-	"\xc1\xc4!e\x0d\xa3\x0c&\xc4s\xbdU4W1C" +
-	"\x1d\x00\x8c\x9a\x81\xb0\xf6Iv\xe9zeI\xe4\xd6\x94" +
-	"\xcc\xf0\xc0/\xfcVR6t\x16\x8a\xac\x0d\x83\x0a\x88" +
-	"\xd7\xa2\x0c\xaa\xd2\x17]\xd3\xd0+Kz\xd4\xcc\xd8z" +
-	"\xa3\xec\xb7\x17A\xdd\xd2\x93\xad(H\xd8\x862\xcb[" +
-	"m:j\x96\xaa\xd9\xec\xbc\x0d\xf2C\xb6\xb6\x86\x15\xda" +
-	"Q\xcb\xeb\x05U\x1b\x84\xf3\xfa\x1a\xfeB\xb3\xa3X\xa1" +
-	"\xe6F3\xc6\xde\xde\xc4\xb9M\xc0\xb9\xd0Ee\x87\xd8" +
-	"\x14M\x07\xb2ywU\xd6`\x8a\x19kl'8\xcd" +
-	"\x9fuzA\xe6M\x02\xaa\x00\xc2\x87*\x0c\x86\xfd\xe2" +
-	"\xa1\x8d\xc0\x89\x8f\x0b\x18\xbd\x91`\xf0$\">`\x00" +
-	"'\xee\x15\x90\x0b\x1f\x101x\xfc\x13w\x8e\x02'\xde" +
-	". \x1f>\xeaa0I\x17GZ\x81\x13K\x02&" +
-	"\xc2\x07N\x0c\xc6\xf0\xa2B\xa5\xd5-\x02V\x85\xaf\x85" +
-	"\x18\xbc\xf5\x88\xcb\xb7\x03'\xb6\x0bN\xd0AA\xd6\x13" +
-	"\xa3\x19\x9d\x000 \xe3BF3:\xc1\xf4\x09\x83N" +
-	"\x0b\xa0\x19\xb7\xf8\xf0\xdc\x8cN0\x7f\x85d^\xb1X" +
-	"3\xb5\xa7\xdeG\xf4\xc1\x1b\x9a1>\xd7\xe4/\xd4\x13" +
-	"\x8d_[\xb7F\xf5_\x00\xc0\xdbF\xa3\xf2/\xecC" +
-	"w?\x11/\xad\xfdq\xca\xfe\xed\xfe0\xe6pl\x9c" +
-	"r\x88\xea\xed\xc3<\xca\xbf\xe0\xa2\xa2!\xf0\xe9`\x14" +
-	"\x88\xba\x114\xc6\x13L\x04}\xcf\xf7\xcb\xde\xca\xb9\xa0" +
-	"S\xd0\x87\xdc\xb2\x18\xbd\xadL\x88\xd2A|X85" +
-	"6,\xc4\xa0%\x17\xc6d\x8f\xf8\xe8p\xeaE\xfa\xbb" +
-	"x\x83\xe9\xa6\xb3\x84\xeb\x92\xc1\xd3(\x06\xaf\xd8\xa2H" +
-	"\xaeU'8A\x13\x8aA.\x84\x0a\x93]f'\xde" +
-	"\xcd2\xff\x9bd=\x8e\x83x\xe7$\xc9#=\x81\xc2" +
-	"}\x87c\xa3\xbd\xa2\xee7\x91\xc9\x15\xf1>`\x02]" +
-	"y\x17\x0e\xaa\xf6$-\xa6\xfdg\x84\xfb?3\xdb\x9f" +
-	"\xc7\x1d\x89\x15;\xcf\xce\xf6\x1d\xe8\x85Xkwt)" +
-	"\x80|\xc4\x1b\xd2\x05\xefD'\xc8Q\xdf\xe0Q>\x13" +
-	"s\xbf\xb7\x89\xf1\x14\x8f\xf2\x07Q\xbe\x12\xdf\xa36\xe7" +
-	"\x03\x1e\xe5\xff\xa2d\x95\xf0\xda\x9c\xcf\xa8\xa5\xfd\x94\xc7" +
-	"n\xf4[\xee\xe0\x11\xc96\"\xf4.\xea\x83\xcbTm" +
-	"\xdc\xb2.x\x99B\x8b0\xd16\x08\xd8\xc7\x02h\xe7" +
-	"\xe2X\xa1\x1b\xce\x95\x90\x199\x8a\xe1\x02\x9a\xe1\xbcf" +
-	"\xfcI\xee\x04\xaa\xcd\xf9\x81\xe4\xc5\x91_\x17\xc4\x1a\xfb" +
-	"\x83\xb1\x99W\xa0X\xf99\x7f\x96t[L\xb1\x7f\xdc" +
-	"\x1f\xcd\xa6\x09l\xf4\xderAA\x8b-1\xd8Z\x9b" +
-	"\x09Z~$jp\xa9\xc5\xcb\x9b\xbdX\xa6\xe2z\x89" +
-	"\xc1\xb2km\x16g\x08\xde#@P\xf5\xc2y\x0f\x11" +
-	"\xe3T\x897\xb1\xfe\x9c\x9e_\xc3\xac1\xef4\x15o" +
-	"\x89\xdd\xd1cD\xf8\x94\xd8\x1d\x7fJ\xf4!j\xedp" +
-	"4&\x0f!jd4\xea\x8e\xc7/\x0b\xfeo2\xf9" +
-	"\xd7zN\xa3\xa2X\xb8\x94\x821\xfc+\x9f\xaf9\xb4" +
-	"\xbf\xd4\xfa>z$\xbe\xccA\x17\x84\xb8\x81\xb1?\x02" +
-	"\xa1C8\x7f\xf3\xff\x09\x00\x00\xff\xff\xa6\xa4\xec\x8a"
+	"\xd0}s\x9br\xa0\x80^^QX!\xe2,\x89;" +
+	"I\xb6\xe7\xc1\xb03,\x8f\xb9\xd33\xa8#\x9b\xf2N" +
+	"\xf773w\xe8\xbe\xb7\xb9\x0f`\x08,\x8f\xc2(\x13" +
+	"X\xd1\x95\x14\xb8h)\xae\xf1\x11\x93\x15\x17+\xabQ" +
+	"K\x93\xad\xa8Y\x89\xba\x81\x94l\xb4\xa2\x82\x95Zk" +
+	"-\xc5GY\xa4\xd4\x9b:\xf7==\xc3\x00&\xa9\xda" +
+	"\x7f\xa0\xeb\xdc\xf3=\xce\xebw\x1e\xdf\\s\xef\xe4&" +
+	"ni\xd5\x95I\x00\xf9\xf1\xaaI\x0e[\xf4\xab\xad\xf7" +
+	"-\xf8\xa7\xdd \xcf@t~\xf0\xcc\xca\xf4yk\xf7" +
+	"\x7f@\x15/\x004\x0c\x0b[Q\xda/\x08\x00\xd2^" +
+	"\xe1\xbf\x00\x9d\xaa\xdf?\xf5v\xf9ma\x0f\x883\xe2" +
+	"\xcc\x1c1\x97\xaaW\xa2\xb4\xab\x9a\x98\xb7Wo\x06t" +
+	"\xfe\xa4\xf4\xea\xd1?<\xf8Kb\xe6\"f\xc0\x86\xf7" +
+	"\xaa\xb7\xa2t\xde\xe5\xfc\xacz-\xa0\xf3\xc9]\xf5\x7f" +
+	"s\xff\xbf\xbet\x0b\x88W\"\xf8g\xd7\xd5\xfc\x1a\x01" +
+	"\xa595?\x05t\xfe\xed\x9amgo\xfe\xe4\x8e\xdb" +
+	"F\x9f\x9b \xbe\x17jFP:]#\x00\xef\xdcs" +
+	"S\xfa_\xf0\xbe\xcf\xef\x00\xf1*\xda\x06\xe9\xf3\x935" +
+	"\x939@\xe9DM\x16\xd0y\xf5\xeag\x9e>\xf0\xb3" +
+	"[\x7f\x0c\xf2\x95\x88\xe0\xad\xff\xa0\xe6\xbf\xe9\x1c\x9cL" +
+	"\x0c\xe7~\xf2\xcd\xc4\xdf\xbe\xfa{\xf7\xba\x0c\xce\x83\xaf" +
+	"_\xff\xc4\x81\x9f}\xe3}\xe8\xe1\x04L\x004,\x9c" +
+	"l\x10\xef\xb2\xc9\xa4\x8b\xbb\xdexvM\xe9\x8e\xbb\x8f" +
+	"z\x97v\xf7\x9a6\x85\xe3 \xe1\xec\xe9\xf8\xbc\xd4\xf3" +
+	"@\xee\x01_\x1c\xf7S\xcd\x94\x8fi\xe9\xac)\xb4t" +
+	"\xd9\xaf\xdf[\xbb\xfa\x89\xfe\x87|\x06\xf7\xa2\xe7\xa7<" +
+	"A\x0c5\xb5t\x8f\x976\xa7\xf65\xff\xd1\xed\x0fU" +
+	"Z\xa5\x8a8\x17\xd7\x8e\xa0\xd4VK?\x9bk\xafG" +
+	"@g\xe4\xdb\xcf\xae\xfb\xe4/\xccGA^\x8c\x09\xe7" +
+	"\x17{\xcflZ\xf8H\xff\x8b\xee\xb5y\x80\x86\xa7\xea" +
+	"~E[\x9f\xa8#U\xd6\xfd\xc3\xa25\xb7\x9f]u" +
+	"\x8c\xb6\x8e\x99\xc5\xbbDij#J\xdb\xa7\x92e\x86" +
+	"\xa7\x12\xf7kW\xaf{\xee\xb9\xc7\x07\x8eU^\xc4\xb5" +
+	"\xf8\xf4\xe4J\x94\x16'\x89{a\x92\xb8\xa7u\xe0\x9b" +
+	"\xcf/M\xfc}\xdc\x8eo%\xdf\xa7\xc3\xcf\xb9\x0c7" +
+	"}\xf1\xe4?\xb6}x\xf2\xa9\xb8\x85\xeeHqd\xa1" +
+	"\x07S$x\xef\x08\x96\xdellz\x0e\xe4\xab\x10\x9d" +
+	"\xa1\x83\xdb\xac\xf6C\xfb\x1d\xe8A\x019\x80\x86\x13\xa9" +
+	"\xad\xb4\xd9\xe9\x14\xf9\xd7\xac\x0fZ\xea\xb4\x0fw?_" +
+	"\xe1\x8c\xee\xa9\xcb\xc4\x95(u\x88t\xb56\xf1\xa7\x80" +
+	"\x9f?z\xeb\x81\x8e3\xcb_\x94g`\xa2R\xe8w" +
+	"\xc4\xad(}F\xbc\x0d\xe7\xc4\x0c\xe93\xd4`\x05\xbb" +
+	"+\xf5\x1ci\x08\xa5e\x12\xfd\\*\xb9\xec+o\xfa" +
+	"\xd1\x9dU\xef\xfd\xe8\xc5J\x95\x92\x877\xfci\xda@" +
+	"IN\xd3\xcf\xd5\xe9+x@g\xc6\xe3\x7f\xfcw-" +
+	"\x85\xd3\xbf\x1c'\x88\xa4\x13W|,\x9d\xbe\x82~\x9d" +
+	"\xba\x82d<\xb3\xf8\xd8\x9f\xfff\xff\xeb'\xe3\x9e\xb2" +
+	"\xb4\xde\xf5\xd8\xb6zR\xd8\xad\xdf\x1c\xde\xbaf\xc1\xc8" +
+	"\xa9J\x03\xb9\x9c\xac~\x04\xa5\xed\xf5\xae9\xebi;" +
+	"\xee=e\xfa\xce\x7f\xff\xce\x9b1\x9f\xfdM\xfd\xbb\x08" +
+	"\x09g\xcd\xba\x9b\x86j\xb6\x9f9\x13?\xe8\xadz\xcf" +
+	"t\xeeA\xc7\xc5;\xa5g\xee\xff\xeb\xb3t\x90P\xa9" +
+	"nqz/J\x0b\xa6\xbb\xea\x99\xfe\x10\x07\xb1\xd8\x19" +
+	"\xcfqf\xcdlDi\xf1L\xd7qf\xd2\xbd\x96\xdd" +
+	"\xdc\xcc\xd6_w\xc3\xfb \xce\xe0GA\x85J\x9c\xc3" +
+	"\xc4\xd9`\xcf\xbc\x15\xa5\xed\xb3\x04\x00\xe7\x87\x03\xbd/" +
+	"\x9fk\xbd\xff\xa3\xca\xcd]\x81\xd8\xacF\x94l\xe2k" +
+	"\xd88\xcb\xb5O\xc3\xd2\xbf\xfc\xe0\xe0\x03\xad\xe7\xc6\xec" +
+	"\xfe\xec\xec\x16\x94N\xcc\xa6{\xbc<\xfb\xbb\xd2\xf9\xd9" +
+	"\xee\xe6?X\xbe\xf6\xdbs_\xf88\xae\x89wf\xbb" +
+	"\xd1\xfb\xd9l\xd2D\xffu\xbf\xfd\xee\x82\x1f\xfe\xf3\xc7" +
+	"\x15\xf6s\x19\xa7e\x16\xa1\xb4 C;\xce\xc9d\x01" +
+	"?\\q\xef\xc9\x19\xc9\x19\x9fV\\t\x12\xf1\xb6e" +
+	"\x86P\xba\x91x\x1bz2/\xd2Eox\xf7\xee\xcd" +
+	"\xd9\x1f\x7f\xfa9\xc9\xc5W\xe0\\\xc7\x9c^\x94\xbe?" +
+	"\x87v\xbeq\x0e\xc5\xd2\xaa\xc7N\x7fg\xf0\xe0K\xe7" +
+	"\xc7E\xee\xaa\xb9\xbbQ\x9a>\x97\xb8\xa7\xcd%\xc8\xf9" +
+	"+\xe1\xc8\x99\x9d\xff\xf9g_\xc4\xa5\xfar\xee\xbb$" +
+	"\x958\x8f\xa4\xda\xf6\xe1\xe1\xf6\xdb\xd7?\xf6\xd5(O" +
+	"\x9b\xf7414\xbb\x0ca0\x8e\xe7i\xca\xbc\x16\x94" +
+	"6\xce\xa3\xf3J\xf3\xb2\xb0\xd8\xb1lMcE\xa3\x9c" +
+	"\xc8\xffA\xf03\xbf$\xaf\x94\xb5rc\xb3m\x0d2" +
+	"\xcdR\xf3\x8a\xc5\xbaX\xd6,\xeb\x9a\xc9:\x11\xe5\x14" +
+	"\x9f\x00H \x80\xa8\x0c\x01\xc87\xf3(\x179\x14\x11" +
+	"\xd3\x84\xd6\xa2J\xc4A\x1ee\x8bC\x91\xe3\xd2\x84\x08" +
+	"\xe2\xc6\xb9\x00r\x91Gy\x0b\x87\xc8\xa7\x09\xefD\xfb" +
+	"N\x00y\x0b\x8f\xf2\x1e\x0e\x9d23J\x8a\xc64H" +
+	"Zm\x86\x81\xb5\xc0a-\xa0c0\xcb\x18V\xfa\x8a" +
+	"\x90d1\xb20\xb4\xd9\xc2:\xe0\xb0\x0e\xd0\x19\xd4m" +
+	"\xc3\xec\xd1,T\x8b]\xac\xdf`&\x0e\xe2$\xe0p" +
+	"\x12\xe0D\xe2\xb5\xea\x9a\xc6\xf2V\xce\xce\xe7\x99i\x02" +
+	"\x90d\xd5\xa1d\x0b\xef\x06\x90\xaf\xe6Q\xbe.&\xd9" +
+	"2\x92\xec[<\xcaM\x1c:&361c\x95\x8e" +
+	"y\xc5Rum\x8d\xc2\x97Xx\xed|Qe\x9a\xd5" +
+	"\xaaCR\xebW\x070\x15\x85\x02 \xa6&\xbeX\xdb" +
+	"\x16\xd5\xb4Tm\xa0\xdb\xa5g;\xf5\xa2\x9a\x1f\xa6\xdb" +
+	"\xd5\xba\x9a\x9c\xd5H{\x88\xd3z\x01\x90\x13\xc5\x16\x80" +
+	"\xac:\xa0\xe9\x06s\x0a\xaa\x99'\xa1\x80\xcf[;\xfa" +
+	"\x94\xa2\xa2\xe5Yx\xd0\xa4\xb1\x07y\x07\xe4\\9\x96" +
+	"(1k\xcf\xefT\x0c\x85/\x99rm\xa8\x8f\xb6^" +
+	"\x00y9\x8frgL\x1f\xabW\x02\xc8\xabx\x94o" +
+	"\x88Y\xba\xa7\x05@\xee\xe4Q^\xcf\xa1\xa3\x1b\xea\x80" +
+	"\xaa\xb52\xe0\x8d\xb8\xc1LKSJ\x0c\x00\x02\x85\xed" +
+	"\xd0\xcb\xa4D\x13S\x11JWh\xaaj\xac\x00\xed\xac" +
+	"X\xd4\xaf\xd7\x8dba\xadw\x8eN\xdavM\x19." +
+	"\x13\xc6\xb1\xbck\x1c\x92[\xcd\xb3%\xb6\xc9\xbcu\xb6" +
+	"\xe1\x1ar~\x173\xed\xa2e\x02\xc8\x89P\xfc\xbaF" +
+	"\x00\xb9\x9aG9\xcda\xd6p\x190\x15\x81z\xc5U" +
+	"/\xa6k[3\xd8\x80jZ\xcc\xf0\xc8\xf3\xb3\xa4\xf0" +
+	"\x92\x19?\x90\xfc/\xc5\xa3<\x93Cg\xc0P\xf2\xac" +
+	"\x93\x19\xa8\xea\x855\x8a\xa6\xe7x\x96\xc7*\xe0\xb0j" +
+	"bOZ\xa1\xa8EV\xf0\xa4[\x92\xcf\xb8\xffS\xf4" +
+	"\xd6:\x8e\x17\xbe\xbdQ\xf8\xd6\xe1W\x8e\x1f\xbf[\xa3" +
+	"\xf8\xad\xe3\xbet\xc6\x06p\x1d\xff\x85\xe3\x870E\x84" +
+	"\xc5\xa3\xbc\x93\"\xc2.\x93NM\xe0u\x03S\x11J" +
+	"\xfa\xdaa\x85\x01\xd2\xb4\x06Y\x96'Ec*\xc8\xf6" +
+	"\x1e\x83P\xd0\x071\x15\x952\xfe2\x83mb\x86\xc9" +
+	":!i\xe8[\x861\x15e\xfd\x0a\xadO\xbd\\\xad" +
+	"\x07\x86\x0eWM\xbc\xde`y\x0f2\xfc\xe5\x9d\x19\xcf" +
+	"h18$\x1d\xad\xe7Q\x1e\x8c\x05\x09\xeb\x03\x90\x0b" +
+	"<\xca\xe5X\x90\x94VF\xda\x14\xf9\x00\x0f)r\xca" +
+	"<\xca\xdb\xb8\xd1\x08\xc761\xcdZ\xae\x0e\x80\xc0\xcc" +
+	"\xff\x870\x1a%\xa5/c(]\xcc%\xc9[jy" +
+	"\x94\xeb\x09\xae\xe9+\xb3(\xb0\xe9\xb4\xb0\x10\xbe\xf8i" +
+	"\xad\xf4\xaf\x0f\xbe\x9d\xfe.\x86\x8f\xbf\xf5\xe1a\x87\xe9" +
+	"\xb0C<\xca?\x89\xa9\xf2~\x03@\xbe\x8fG\xf91" +
+	"\x0e\xd1\xd7\xe4#G\x01\xe4\xc7x\x94\x7fN\x9a\xe4<" +
+	"M>\xb9\x88\xda&\x1e\xe5W8\x14\x13|\x9a\xba\x02" +
+	"\xf1e\x0a\xa9Wx\x94\xdf\xe0P\xacJ\xa4\xb1\x0a@" +
+	"<E\xd69\xc9\xa3\xfc\xf6\x85\xd0*_\xd4\xedB\x7f" +
+	"Q\x81\x8c\xc1\x0a\x1d\xcbC\xbaf\x97:\x0d\xb6IE" +
+	"\xdd6\x9b-\x8b\x95\x84\xb2e\x06\x89'i)\x03&" +
+	"N\x05\xec\xe4\x11SQ)\x09H\xc4pO4Xa" +
+	"\x1d3L\x95\xd7\xb50w\xa8\x9a\xc54k\x95\x02B" +
+	"\x1f+\x86\xd4\x09\xb0\xa5\xcb\x8f\x10\x8a\x0f?\xd8\xf5\x08" +
+	"\x0fq\x80`|\xa6\xe3\xf8Jl#\xdd4\xf1(\xaf" +
+	"\xe2p\x16~Ed\xd2cG\x17\x80\xdc\xce\xa3\xdc\xcd" +
+	"\xe1,\xeeK\"\x93&\xe5\xde\x08\xcd\x93\x83\x96U\xc6" +
+	"TTb\xfa\xc6\xde\xcc\xfaL=\xbf\x81\x01\x12(\x86" +
+	"\xf5\x8e\xffu\xd0\x07i\xe0\x8b\x05LE-b\x85\xa7" +
+	"\xf0\x17\xca\xd0Y\xaa\x07t\xc3M\x80Q:\xba6\x12" +
+	"\"\xf0\x8e\x8e\xdeH\x02\x91k\xf2\xc4\x92\xfb\xa2\xfbg" +
+	"\xf2\x8am\xb2\xd1\xa5Es\xbf\x05<3B45\x07" +
+	"u\xbbX\xe8b X\xc60\"p\x88\x13c\xecr" +
+	"\xbd=\xa6x\xcf\x8d\xc7O\x9ba\xd6\xec\x8dgM_" +
+	"\xfd=\xa4\xfen\x0f%\x9c\"\xa1\x94\xd6\xae\x03oZ" +
+	"\xe1u=b\xa7\xee:\xa7\x00\x1c\x0a\x80\x8e]6-" +
+	"\x83)%\xc0\xd0\xdb\x88\x7f\xeae$\xa3\x0aP\xecT" +
+	"\x92n\xdc\xff.\xa5\xfe\xcb\xcf\xe1^>\x1d\x95\xc1\x8f" +
+	"\xc6\x12j\xde_\x8d\xee\xf2V]\x13.\xbbJ\xf3\x11" +
+	"\xcc\xcb!K\xfc\x9a\x80\x0a\xc8 \xb9.\xa4d0\x9f" +
+	"G\xf9\x9axr]L*\xba\x8aG\xf9[\x1c\x0a\xcc" +
+	"\xa0<\x19v\xfa\xde\xa1;L\xaf\"\xc5T4\xc6\xb9" +
+	"\xf8ub\xc5\xba\xaakc\xdcpn\x14.\xa1\x09;" +
+	"\xae\x8d\xd950\xe1\xea\xbe\xc8\xae\xc2\x066\x1cX)" +
+	"\xc3J\x8a\x1a\xa1\x91o\xdcf\x10\xbe\x17\xf1LX\xd4" +
+	"\xfa\xc9\xdfK\xfdY\xcfZt\xc9tx\xc9\xed#\x00" +
+	"\xf2N\x1e\xe5}\xb1K\xee\xa5\x1ea\x1f\x8f\xf2\xa1\xd8" +
+	"%\x0f\x92\x12\x0f\xf0(\x1f\x89e\xcf\xc3d\xe0#<" +
+	"\xca\x0fs\x88\x09\x0f\xf2\x1f$\xc8\x7f\x98G\xf98\xe7" +
+	"\x02v{s\xab\xae\xa1\x7f\x09\x13 \xec\x13\x06\x99b" +
+	"X}LA\xabC\xb3\x98\xb1I\xc1b\x00\x09;," +
+	"\xb5\xc4t\xdb\x0a!\xa2\xa4lq\x0b+,\xb4{\xab" +
+	"\x04\xc52\xb1\x068\xac\xa1\x884\x99\xd1j\xb0\x02\x92" +
+	"5\x94b\xa7\xc2[\x83\x97\xa2\xa0\xd1 \x9e\x1cG=" +
+	"T\x96m\xe3Q\xbe\x8d\xa0\x04c\xd3$\xf1\x96!\xe0" +
+	"\\$!\x997\xb6\xc4K\x0b\xceKs\xf1V\xcbM" +
+	"\x88\x93\x00\xc4]\xa4\x9d=<\xca\x07\xb8\xe0j\xed:" +
+	"d\xbd\x08\xad4\xb5\xdf\xca\xec \xd4TY$\xaf_" +
+	"/\xa8\xa8k\xdd\xae\xa20\xd2T^/\x95\x0dre" +
+	"U\xd7d[)\xaa\xbc5\x1c.\x9cP\x17\x04I^" +
+	"(\xaf-g\\c\x912\xae\x0b\x94!\x0d\xe3J\x80" +
+	"\xdc\x16\xe41\xb7\x07#w\x91va\x0b@n\x1b\xd1" +
+	"o\xc3\xc8c\xa4[p\x06@n'\xd1\xf7a\xd8\x81" +
+	"J{\xf1Q\x80\xdc>\"\x1f\xc2\xa8T\x90\x0e\xba\xdb" +
+	"\xdfE\xf4\xfb0\xaa\x16\xa4{p\x11@\xee\x10\xd1\x8f" +
+	"\x13}\x12\xe7jR:\x86C\x00\xb9\xc7\x89\xfe\x0c\xd1" +
+	"\x85\xaa4\xb5\xdb\xd2Sh\x00\xe4~N\xf4_\x10\xbd" +
+	"\xba>\x8d\xd5\x00\xd2\x0b.\xfdy\xa2\xbfB\xf4\x9a\xe9" +
+	"i\xac\x01\x90^\xc6\xdd\x00\xb9\x97\x88~\x92\xe8\x931" +
+	"\x8d\x93\x01\xa4\xd7\xf1n\x80\xdcI\xa2\xbfM\xf4)\x93" +
+	"\xd28\x05@z\xcb\xbd\xcf\x1bD?K\xf4\xdaD\x1a" +
+	"k\x01\xa4w\xf0(@\xee,\xd1?\"z\x9d\x90\xc6" +
+	":\x00\xe9\x03W\xae\xdf\x12\xbd\x9a\x0bq\xb0\xa3\x10\x87" +
+	"crC5*Gx\xdd\x0c]\x81\xf9\x9d)z\xb9" +
+	"\xa2SORk\x8a\xc9h\x84\x0c\x88I@\xa7\xac\xeb" +
+	"\xc55\xa3a\xfeb\x15\x91\xefF\x90\xd4\xb5\x8eB\x18" +
+	"\x97\x9e\xf3\xad\xd2!\x93W\x8a\x1d\xe5\xa8F2\x9bm" +
+	"K\xb7\xcb\x90)(\x16+\x84\x89\xda\xb0\xb5\x15\x86^" +
+	"\xeaFf\x94TM)B\xf8e\"_L\xda\xb6Z" +
+	"\x08\xf7\x9e\xb0\xb0s\xfa\x99b\xd9\x063I\xb4\x0bd" +
+	"\\\xae\xd2\xa33\xe5\xc6ne\xa0b\xc0\xb0(J\x0f" +
+	"!\xda-\xbe6\xca\x0e\xc9x\x14f6)E\x9b]" +
+	"J18a\xcb\xd2\x95\xf5Z\x9e\x8bu\xb6\xc18\xec" +
+	"\xe2\xd5|OE\xe6\xf5\xf2\xe1\x98iJK$l(" +
+	"\xab\xe1OX\xda\xb9(\xe7\x05\xd6\xea\xf7;W\xc8\xd0" +
+	"\xde1\xbf\x09\xe7\x95\xbe\xdf\\\xaa&\x06\x98\xe5\xfd\xea" +
+	"\xd0\xfau*\x0f\x04\xa5d~\xcd\xd5]\xccL^\x8a" +
+	"\x16\xa3\x09\xe4\xc5\xf3w{wwg4\xc4\xe0=\xf0" +
+	"\xbf&\xc4\xbbf\xec\x02\xc85Q\xe0\xae\xc2P\x87R" +
+	"\x87\x8b;\xedD\xee\xc6\xa8\xea\x95d\x17_:\x89\xbe" +
+	"\x1e\xa3\xbeH\xba\xd1\xc5\x85\xf5D\x1ft\xf1\xae\xd9\xc3" +
+	";\xe6n_ z\xd9\xc5;\xf4\xf0\xae\xe4\xee_$" +
+	"\xfa\x968\xde\xd982\x0a~\x05\xde\xc3\xbb].N" +
+	"\xed!\xfa\x01\x17\xef\x12\x1e\xde\xed\xc7'\x00r\x07\x88" +
+	"~\xc4\xc5\xbb*\x0f\xef\x0e\xe3\xd3\x00\xb9#D\x7f\xd8" +
+	"\xc5\xbbI\x1e\xde=\xe8\xf2?\x1c\xe2\xec\x94\x16\x0f\xef" +
+	"\x8e\xb9\xf8\x18\xe2\xacc\x1b\xc5\x9ce\xa8\x1a\xe0@\x14" +
+	"\x1b\xf9\xf2\xf7\x18+7C\xb2\xa8nba.*\xa8" +
+	"Jq\xb9\xad\x14!\x93\xb3\x94\xfc\x86\xa8\xb4/\x9a\xed" +
+	"\x8aV0qP\xd9\xc0(\x83\x09\xf1\\o\x15\xcdu" +
+	"\xccP\xfb\x01\xa3f \xac}\x92\x9d\xba^Y\x12\xb9" +
+	"5%3<\xf0\x0b\xbf\x95\x94-\x1d\x85\"k\xc5\xa0" +
+	"\x02\xe2\xb5(\x83\xaa\xf4E\xd74\xf4\xca\x92n53" +
+	"\xba\xde(\xfb\xedEP\xb7tg+\x0a\x12\xb6\xa5\xcc" +
+	"\xf2V\xab\x8e\x9a\xa5j6\x1b\xb3A~\xd0\xd66\xb0" +
+	"B\x1bjy\xbd\xa0j\x030\xa6\xaf\xe1/4;\x8a" +
+	"\x15jn4c\xec\xedM\\\xd8\x08\x9c\x0b]Tv" +
+	"\x88\x8d\xd1t \x9bwWe\x0d\xa6\x98\xb1\xc6v\x82" +
+	"\xd3\xfcY\xa7\x17d\xde$\xa0\x0a |\xa8\xc2`\xd8" +
+	"/\x1e\xdb\x0a\x9c\xf8\x88\x80\xd1\x1b\x09\x06O\"\xe2=" +
+	"\x06p\xe2A\x01\xb9\xf0\x01\x11\x83\xc7?q\xef\x08p" +
+	"\xe2-\x02\xf2\xe1\xa3\x1e\x06\x93tq\xb8\x058\xb1$" +
+	"`\"|\xe0\xc4`\x0c/*TZ\xdd(`U\xf8" +
+	"Z\x88\xc1[\x8f\xb8z7pb\x9b\xe0\x04\x1d\x14d" +
+	"=1\x9a\xd0\x09\x00\x032.d4\xa1\x13L\x9f0" +
+	"\xe8\xb4\x00\x9ap\x87\x0f\xcfM\xe8\x04\xf3WH\xe6\x15" +
+	"\x8b5Q{\xea}D\x1f\xbc\xa1\x09\xe3sM\xfeB" +
+	"=\xd1\xf8\xb5uKT\xff\x05\x00\xbck$*\xff\xc2" +
+	">t\xff\xa3\xf1\xd2\xda\x1f\xa7\x1c\xde\xed\x0fc\x8e\xc7" +
+	"\xc6)\xc7\xa8\xde>\xce\xa3\xfc\x1a\x17\x15\x0d\x81O\x07" +
+	"\xa3@\xd4\x8d\xa01\x9e`\"\xe8{\xbe_\xf6V\xce" +
+	"\x05\x9d\x82>\xe8\x96\xc5\xe8meB\x94\x0e\xe2\xc3\xc2" +
+	"\xa9\xb1a!\x06-\xb90*{\xc4G\x87S/\xd2" +
+	"\xdf\xc5\x1bL7\x9d%\\\x97\x0c\x9eF1x\xc5\x16" +
+	"Er\xad:\xc1\x09\x9aP\x0cr!T\x98\xec2;" +
+	"\xf1.\x96\xf9\xdf$\xebq\x1c\xc4;'I\x1e\xe9\x09" +
+	"\x14\xee;\x14\x1b\xed\x15u\xbf\x89L\xae\x89\xf7\x01\x13" +
+	"\xe8\xca\xbbpP\xb5'i1\xed\xff\x8dp\xff\xd7\xe7" +
+	"\xc6Fo\x81\xff\x9d\"\xe2k<\xcao\xc6Z\xbb\xd3" +
+	"+\x01\xe47x\x94?\x8d\xde\x89\xce\x91\xa3~\xcac" +
+	"W\xacD\x17\xbf$\xc6/\xa8\x90\x8d'\xac*\xbc\x13" +
+	" WM\x09\"\xed&\xac\x84\x97\xb0D\xec\x03\xc8\xa5" +
+	"\x88>3^\xa0O\xc7^\x80\\=\xd1\xe7\xa3\xdf\x91" +
+	"\x07oL\xb6\x11\x81{Q\x1fX\xa5j\xe3V}\xc1" +
+	"\xc3\x15Z\x04\x99\xb6A\xb8?\x1a_;\x96\xc7\xea\xe0" +
+	"p\xec\x84\xcc\xc8Q\x88\x17\xd0\x0c\xc79\xe3\x0fz\x09" +
+	"\x07\x96\xab\x03\xcc\x1d\x07\x05\xc4\x09\xcc\x91\xf3\x83\xcf\x8b" +
+	"=\xbf\x96\x88\x0d\x03\x8e\xc6\xe6d\x811\xe4\xa7\xfd\xf9" +
+	"\xd3\xcd1c|\xbf/\x9ag\x13@\xe9=\xe5\x82\x82" +
+	"\x16[a\xb0\x8d6\x13\xb4\xfcp\xd4\x14S[\x987" +
+	"{\xb0L\x05\xf9\x0a\x83e7\xda,\xce\x10\xbca\x80" +
+	"\xa0\xea\x851\x8f\x17\xe3T\x96\xd7\xb3\xbe\x9c\x9e\xdf\xc0" +
+	"\xacQo;\x15\xef\x8f]\xd1\x03F\xf8\xfc\xd8\x15\x7f" +
+	"~\xf4am\xe3P4Z\x0famx$\xea\xa8\xc7" +
+	"/%\xfeo\xb2\xff\xd7z\x82\xa3BZ\xb8\x94\"3" +
+	"\xfc\xcb\xa0\xaf9\xe8\xbf\xd4\x9e zX\xbe\xcc\xe1\x18" +
+	"\x84X\x83\xb1?\x1c\xa1C8\x7f\xf3\xff\x09\x00\x00\xff" +
+	"\xffm\x81\xedW"
 
 func init() {
 	schemas.Register(schema_db8274f9144abc7e,

From 1b2a96f96bad31f21a572206c6a0db096f34a8fb Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Fri, 6 Mar 2020 14:48:16 -0600
Subject: [PATCH 016/100] TUN-2755: ReconnectTunnel RPC now transmits
 ConnectionDigest

---
 cmd/cloudflared/tunnel/cmd.go           |   6 +
 cmd/cloudflared/tunnel/configuration.go |   1 +
 origin/tunnel.go                        |  15 +-
 tunnelrpc/pogs/reconnect_tunnel.go      |  11 +-
 tunnelrpc/pogs/tunnelrpc.go             |   2 +-
 tunnelrpc/tunnelrpc.capnp               |   2 +-
 tunnelrpc/tunnelrpc.capnp.go            | 541 ++++++++++++------------
 7 files changed, 310 insertions(+), 268 deletions(-)

diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index cc75f355..dfd326d6 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -984,6 +984,12 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 			EnvVars: []string{"TUNNEL_USE_RECONNECT_TOKEN"},
 			Hidden:  true,
 		}),
+		altsrc.NewBoolFlag(&cli.BoolFlag{
+			Name:    "use-quick-reconnects",
+			Usage:   "Test reestablishing connections with the new 'connection digest' flow.",
+			EnvVars: []string{"TUNNEL_USE_QUICK_RECONNECTS"},
+			Hidden:  true,
+		}),
 		altsrc.NewDurationFlag(&cli.DurationFlag{
 			Name:    "dial-edge-timeout",
 			Usage:   "Maximum wait time to set up a connection with the edge",
diff --git a/cmd/cloudflared/tunnel/configuration.go b/cmd/cloudflared/tunnel/configuration.go
index 363be514..8cd15d6c 100644
--- a/cmd/cloudflared/tunnel/configuration.go
+++ b/cmd/cloudflared/tunnel/configuration.go
@@ -276,6 +276,7 @@ func prepareTunnelConfig(
 		TransportLogger:      transportLogger,
 		UseDeclarativeTunnel: c.Bool("use-declarative-tunnels"),
 		UseReconnectToken:    c.Bool("use-reconnect-token"),
+		UseQuickReconnects:   c.Bool("use-quick-reconnects"),
 	}, nil
 }
 
diff --git a/origin/tunnel.go b/origin/tunnel.go
index fa2d4b2c..3bc5c3ba 100644
--- a/origin/tunnel.go
+++ b/origin/tunnel.go
@@ -85,6 +85,8 @@ type TunnelConfig struct {
 
 	// feature-flag to use new edge reconnect tokens
 	UseReconnectToken bool
+	// feature-flag for using ConnectionDigest
+	UseQuickReconnects bool
 }
 
 // ReconnectTunnelCredentialManager is invoked by functions in this file to
@@ -280,7 +282,15 @@ func ServeTunnel(
 			eventDigest, eventDigestErr := credentialManager.EventDigest()
 			// if we have both credentials, we can reconnect
 			if tokenErr == nil && eventDigestErr == nil {
-				return ReconnectTunnel(serveCtx, token, eventDigest, handler.muxer, config, logger, connectionID, originLocalIP, u)
+				var connDigest []byte
+
+				// check if we can use Quick Reconnects
+				if config.UseQuickReconnects {
+					if digest, connDigestErr := credentialManager.ConnDigest(); connDigestErr == nil {
+						connDigest = digest
+					}
+				}
+				return ReconnectTunnel(serveCtx, token, eventDigest, connDigest, handler.muxer, config, logger, connectionID, originLocalIP, u)
 			}
 			// log errors and proceed to RegisterTunnel
 			if tokenErr != nil {
@@ -389,7 +399,7 @@ func RegisterTunnel(
 func ReconnectTunnel(
 	ctx context.Context,
 	token []byte,
-	eventDigest []byte,
+	eventDigest, connDigest []byte,
 	muxer *h2mux.Muxer,
 	config *TunnelConfig,
 	logger *log.Entry,
@@ -413,6 +423,7 @@ func ReconnectTunnel(
 		ctx,
 		token,
 		eventDigest,
+		connDigest,
 		config.Hostname,
 		config.RegistrationOptions(connectionID, originLocalIP, uuid),
 	)
diff --git a/tunnelrpc/pogs/reconnect_tunnel.go b/tunnelrpc/pogs/reconnect_tunnel.go
index 5a4c4159..9c1801be 100644
--- a/tunnelrpc/pogs/reconnect_tunnel.go
+++ b/tunnelrpc/pogs/reconnect_tunnel.go
@@ -16,6 +16,10 @@ func (i TunnelServer_PogsImpl) ReconnectTunnel(p tunnelrpc.TunnelServer_reconnec
 	if err != nil {
 		return err
 	}
+	connDigest, err := p.Params.ConnDigest()
+	if err != nil {
+		return err
+	}
 	hostname, err := p.Params.Hostname()
 	if err != nil {
 		return err
@@ -29,7 +33,7 @@ func (i TunnelServer_PogsImpl) ReconnectTunnel(p tunnelrpc.TunnelServer_reconnec
 		return err
 	}
 	server.Ack(p.Options)
-	registration, err := i.impl.ReconnectTunnel(p.Ctx, jwt, eventDigest, hostname, pogsOptions)
+	registration, err := i.impl.ReconnectTunnel(p.Ctx, jwt, eventDigest, connDigest, hostname, pogsOptions)
 	if err != nil {
 		return err
 	}
@@ -44,6 +48,7 @@ func (c TunnelServer_PogsClient) ReconnectTunnel(
 	ctx context.Context,
 	jwt,
 	eventDigest []byte,
+	connDigest []byte,
 	hostname string,
 	options *RegistrationOptions,
 ) *TunnelRegistration {
@@ -57,6 +62,10 @@ func (c TunnelServer_PogsClient) ReconnectTunnel(
 		if err != nil {
 			return err
 		}
+		err = p.SetConnDigest(connDigest)
+		if err != nil {
+			return err
+		}
 		err = p.SetHostname(hostname)
 		if err != nil {
 			return err
diff --git a/tunnelrpc/pogs/tunnelrpc.go b/tunnelrpc/pogs/tunnelrpc.go
index 96d92910..3b8092ed 100644
--- a/tunnelrpc/pogs/tunnelrpc.go
+++ b/tunnelrpc/pogs/tunnelrpc.go
@@ -437,7 +437,7 @@ type TunnelServer interface {
 	UnregisterTunnel(ctx context.Context, gracePeriodNanoSec int64) error
 	Connect(ctx context.Context, parameters *ConnectParameters) (ConnectResult, error)
 	Authenticate(ctx context.Context, originCert []byte, hostname string, options *RegistrationOptions) (*AuthenticateResponse, error)
-	ReconnectTunnel(ctx context.Context, jwt, eventDigest []byte, hostname string, options *RegistrationOptions) (*TunnelRegistration, error)
+	ReconnectTunnel(ctx context.Context, jwt, eventDigest, connDigest []byte, hostname string, options *RegistrationOptions) (*TunnelRegistration, error)
 }
 
 func TunnelServer_ServerToClient(s TunnelServer) tunnelrpc.TunnelServer {
diff --git a/tunnelrpc/tunnelrpc.capnp b/tunnelrpc/tunnelrpc.capnp
index ade41e7e..839fc0e5 100644
--- a/tunnelrpc/tunnelrpc.capnp
+++ b/tunnelrpc/tunnelrpc.capnp
@@ -297,7 +297,7 @@ interface TunnelServer {
     unregisterTunnel @2 (gracePeriodNanoSec :Int64) -> ();
     connect @3 (parameters :CapnpConnectParameters) -> (result :ConnectResult);
     authenticate @4 (originCert :Data, hostname :Text, options :RegistrationOptions) -> (result :AuthenticateResponse);
-    reconnectTunnel @5 (jwt :Data, eventDigest :Data, hostname :Text, options :RegistrationOptions) -> (result :TunnelRegistration);
+    reconnectTunnel @5 (jwt :Data, eventDigest :Data, connDigest :Data, hostname :Text, options :RegistrationOptions) -> (result :TunnelRegistration);
 }
 
 interface ClientService {
diff --git a/tunnelrpc/tunnelrpc.capnp.go b/tunnelrpc/tunnelrpc.capnp.go
index 194b0a04..775ceff9 100644
--- a/tunnelrpc/tunnelrpc.capnp.go
+++ b/tunnelrpc/tunnelrpc.capnp.go
@@ -2929,7 +2929,7 @@ func (c TunnelServer) ReconnectTunnel(ctx context.Context, params func(TunnelSer
 		Options: capnp.NewCallOptions(opts),
 	}
 	if params != nil {
-		call.ParamsSize = capnp.ObjectSize{DataSize: 0, PointerCount: 4}
+		call.ParamsSize = capnp.ObjectSize{DataSize: 0, PointerCount: 5}
 		call.ParamsFunc = func(s capnp.Struct) error { return params(TunnelServer_reconnectTunnel_Params{Struct: s}) }
 	}
 	return TunnelServer_reconnectTunnel_Results_Promise{Pipeline: capnp.NewPipeline(c.Client.Call(call))}
@@ -3927,12 +3927,12 @@ type TunnelServer_reconnectTunnel_Params struct{ capnp.Struct }
 const TunnelServer_reconnectTunnel_Params_TypeID = 0xa353a3556df74984
 
 func NewTunnelServer_reconnectTunnel_Params(s *capnp.Segment) (TunnelServer_reconnectTunnel_Params, error) {
-	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 4})
+	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 5})
 	return TunnelServer_reconnectTunnel_Params{st}, err
 }
 
 func NewRootTunnelServer_reconnectTunnel_Params(s *capnp.Segment) (TunnelServer_reconnectTunnel_Params, error) {
-	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 4})
+	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 5})
 	return TunnelServer_reconnectTunnel_Params{st}, err
 }
 
@@ -3974,37 +3974,51 @@ func (s TunnelServer_reconnectTunnel_Params) SetEventDigest(v []byte) error {
 	return s.Struct.SetData(1, v)
 }
 
-func (s TunnelServer_reconnectTunnel_Params) Hostname() (string, error) {
+func (s TunnelServer_reconnectTunnel_Params) ConnDigest() ([]byte, error) {
 	p, err := s.Struct.Ptr(2)
+	return []byte(p.Data()), err
+}
+
+func (s TunnelServer_reconnectTunnel_Params) HasConnDigest() bool {
+	p, err := s.Struct.Ptr(2)
+	return p.IsValid() || err != nil
+}
+
+func (s TunnelServer_reconnectTunnel_Params) SetConnDigest(v []byte) error {
+	return s.Struct.SetData(2, v)
+}
+
+func (s TunnelServer_reconnectTunnel_Params) Hostname() (string, error) {
+	p, err := s.Struct.Ptr(3)
 	return p.Text(), err
 }
 
 func (s TunnelServer_reconnectTunnel_Params) HasHostname() bool {
-	p, err := s.Struct.Ptr(2)
+	p, err := s.Struct.Ptr(3)
 	return p.IsValid() || err != nil
 }
 
 func (s TunnelServer_reconnectTunnel_Params) HostnameBytes() ([]byte, error) {
-	p, err := s.Struct.Ptr(2)
+	p, err := s.Struct.Ptr(3)
 	return p.TextBytes(), err
 }
 
 func (s TunnelServer_reconnectTunnel_Params) SetHostname(v string) error {
-	return s.Struct.SetText(2, v)
+	return s.Struct.SetText(3, v)
 }
 
 func (s TunnelServer_reconnectTunnel_Params) Options() (RegistrationOptions, error) {
-	p, err := s.Struct.Ptr(3)
+	p, err := s.Struct.Ptr(4)
 	return RegistrationOptions{Struct: p.Struct()}, err
 }
 
 func (s TunnelServer_reconnectTunnel_Params) HasOptions() bool {
-	p, err := s.Struct.Ptr(3)
+	p, err := s.Struct.Ptr(4)
 	return p.IsValid() || err != nil
 }
 
 func (s TunnelServer_reconnectTunnel_Params) SetOptions(v RegistrationOptions) error {
-	return s.Struct.SetPtr(3, v.Struct.ToPtr())
+	return s.Struct.SetPtr(4, v.Struct.ToPtr())
 }
 
 // NewOptions sets the options field to a newly
@@ -4014,7 +4028,7 @@ func (s TunnelServer_reconnectTunnel_Params) NewOptions() (RegistrationOptions,
 	if err != nil {
 		return RegistrationOptions{}, err
 	}
-	err = s.Struct.SetPtr(3, ss.Struct.ToPtr())
+	err = s.Struct.SetPtr(4, ss.Struct.ToPtr())
 	return ss, err
 }
 
@@ -4023,7 +4037,7 @@ type TunnelServer_reconnectTunnel_Params_List struct{ capnp.List }
 
 // NewTunnelServer_reconnectTunnel_Params creates a new list of TunnelServer_reconnectTunnel_Params.
 func NewTunnelServer_reconnectTunnel_Params_List(s *capnp.Segment, sz int32) (TunnelServer_reconnectTunnel_Params_List, error) {
-	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 0, PointerCount: 4}, sz)
+	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 0, PointerCount: 5}, sz)
 	return TunnelServer_reconnectTunnel_Params_List{l}, err
 }
 
@@ -4049,7 +4063,7 @@ func (p TunnelServer_reconnectTunnel_Params_Promise) Struct() (TunnelServer_reco
 }
 
 func (p TunnelServer_reconnectTunnel_Params_Promise) Options() RegistrationOptions_Promise {
-	return RegistrationOptions_Promise{Pipeline: p.Pipeline.GetPipeline(3)}
+	return RegistrationOptions_Promise{Pipeline: p.Pipeline.GetPipeline(4)}
 }
 
 type TunnelServer_reconnectTunnel_Results struct{ capnp.Struct }
@@ -4369,256 +4383,257 @@ func (p ClientService_useConfiguration_Results_Promise) Result() UseConfiguratio
 	return UseConfigurationResult_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
 }
 
-const schema_db8274f9144abc7e = "x\xda\xccZ{\x90Tev?\xe7\xde\x1e\xee\x0c\xcc" +
-	"\xd0}s\x9br\xa0\x80^^QX!\xe2,\x89;" +
-	"I\xb6\xe7\xc1\xb03,\x8f\xb9\xd33\xa8#\x9b\xf2N" +
-	"\xf773w\xe8\xbe\xb7\xb9\x0f`\x08,\x8f\xc2(\x13" +
-	"X\xd1\x95\x14\xb8h)\xae\xf1\x11\x93\x15\x17+\xabQ" +
-	"K\x93\xad\xa8Y\x89\xba\x81\x94l\xb4\xa2\x82\x95Zk" +
-	"-\xc5GY\xa4\xd4\x9b:\xf7==\xc3\x00&\xa9\xda" +
-	"\x7f\xa0\xeb\xdc\xf3=\xce\xebw\x1e\xdf\\s\xef\xe4&" +
-	"ni\xd5\x95I\x00\xf9\xf1\xaaI\x0e[\xf4\xab\xad\xf7" +
-	"-\xf8\xa7\xdd \xcf@t~\xf0\xcc\xca\xf4yk\xf7" +
-	"\x7f@\x15/\x004\x0c\x0b[Q\xda/\x08\x00\xd2^" +
-	"\xe1\xbf\x00\x9d\xaa\xdf?\xf5v\xf9ma\x0f\x883\xe2" +
-	"\xcc\x1c1\x97\xaaW\xa2\xb4\xab\x9a\x98\xb7Wo\x06t" +
-	"\xfe\xa4\xf4\xea\xd1?<\xf8Kb\xe6\"f\xc0\x86\xf7" +
-	"\xaa\xb7\xa2t\xde\xe5\xfc\xacz-\xa0\xf3\xc9]\xf5\x7f" +
-	"s\xff\xbf\xbet\x0b\x88W\"\xf8g\xd7\xd5\xfc\x1a\x01" +
-	"\xa595?\x05t\xfe\xed\x9amgo\xfe\xe4\x8e\xdb" +
-	"F\x9f\x9b \xbe\x17jFP:]#\x00\xef\xdcs" +
-	"S\xfa_\xf0\xbe\xcf\xef\x00\xf1*\xda\x06\xe9\xf3\x935" +
-	"\x939@\xe9DM\x16\xd0y\xf5\xeag\x9e>\xf0\xb3" +
-	"[\x7f\x0c\xf2\x95\x88\xe0\xad\xff\xa0\xe6\xbf\xe9\x1c\x9cL" +
-	"\x0c\xe7~\xf2\xcd\xc4\xdf\xbe\xfa{\xf7\xba\x0c\xce\x83\xaf" +
-	"_\xff\xc4\x81\x9f}\xe3}\xe8\xe1\x04L\x004,\x9c" +
-	"l\x10\xef\xb2\xc9\xa4\x8b\xbb\xdexvM\xe9\x8e\xbb\x8f" +
-	"z\x97v\xf7\x9a6\x85\xe3 \xe1\xec\xe9\xf8\xbc\xd4\xf3" +
-	"@\xee\x01_\x1c\xf7S\xcd\x94\x8fi\xe9\xac)\xb4t" +
-	"\xd9\xaf\xdf[\xbb\xfa\x89\xfe\x87|\x06\xf7\xa2\xe7\xa7<" +
-	"A\x0c5\xb5t\x8f\x976\xa7\xf65\xff\xd1\xed\x0fU" +
-	"Z\xa5\x8a8\x17\xd7\x8e\xa0\xd4VK?\x9bk\xafG" +
-	"@g\xe4\xdb\xcf\xae\xfb\xe4/\xccGA^\x8c\x09\xe7" +
-	"\x17{\xcflZ\xf8H\xff\x8b\xee\xb5y\x80\x86\xa7\xea" +
-	"~E[\x9f\xa8#U\xd6\xfd\xc3\xa25\xb7\x9f]u" +
-	"\x8c\xb6\x8e\x99\xc5\xbbDij#J\xdb\xa7\x92e\x86" +
-	"\xa7\x12\xf7kW\xaf{\xee\xb9\xc7\x07\x8eU^\xc4\xb5" +
-	"\xf8\xf4\xe4J\x94\x16'\x89{a\x92\xb8\xa7u\xe0\x9b" +
-	"\xcf/M\xfc}\xdc\x8eo%\xdf\xa7\xc3\xcf\xb9\x0c7" +
-	"}\xf1\xe4?\xb6}x\xf2\xa9\xb8\x85\xeeHqd\xa1" +
-	"\x07S$x\xef\x08\x96\xdellz\x0e\xe4\xab\x10\x9d" +
-	"\xa1\x83\xdb\xac\xf6C\xfb\x1d\xe8A\x019\x80\x86\x13\xa9" +
-	"\xad\xb4\xd9\xe9\x14\xf9\xd7\xac\x0fZ\xea\xb4\x0fw?_" +
-	"\xe1\x8c\xee\xa9\xcb\xc4\x95(u\x88t\xb56\xf1\xa7\x80" +
-	"\x9f?z\xeb\x81\x8e3\xcb_\x94g`\xa2R\xe8w" +
-	"\xc4\xad(}F\xbc\x0d\xe7\xc4\x0c\xe93\xd4`\x05\xbb" +
-	"+\xf5\x1ci\x08\xa5e\x12\xfd\\*\xb9\xec+o\xfa" +
-	"\xd1\x9dU\xef\xfd\xe8\xc5J\x95\x92\x877\xfci\xda@" +
-	"IN\xd3\xcf\xd5\xe9+x@g\xc6\xe3\x7f\xfcw-" +
-	"\x85\xd3\xbf\x1c'\x88\xa4\x13W|,\x9d\xbe\x82~\x9d" +
-	"\xba\x82d<\xb3\xf8\xd8\x9f\xfff\xff\xeb'\xe3\x9e\xb2" +
-	"\xb4\xde\xf5\xd8\xb6zR\xd8\xad\xdf\x1c\xde\xbaf\xc1\xc8" +
-	"\xa9J\x03\xb9\x9c\xac~\x04\xa5\xed\xf5\xae9\xebi;" +
-	"\xee=e\xfa\xce\x7f\xff\xce\x9b1\x9f\xfdM\xfd\xbb\x08" +
-	"\x09g\xcd\xba\x9b\x86j\xb6\x9f9\x13?\xe8\xadz\xcf" +
-	"t\xeeA\xc7\xc5;\xa5g\xee\xff\xeb\xb3t\x90P\xa9" +
-	"nqz/J\x0b\xa6\xbb\xea\x99\xfe\x10\x07\xb1\xd8\x19" +
-	"\xcfqf\xcdlDi\xf1L\xd7qf\xd2\xbd\x96\xdd" +
-	"\xdc\xcc\xd6_w\xc3\xfb \xce\xe0GA\x85J\x9c\xc3" +
-	"\xc4\xd9`\xcf\xbc\x15\xa5\xed\xb3\x04\x00\xe7\x87\x03\xbd/" +
-	"\x9fk\xbd\xff\xa3\xca\xcd]\x81\xd8\xacF\x94l\xe2k" +
-	"\xd88\xcb\xb5O\xc3\xd2\xbf\xfc\xe0\xe0\x03\xad\xe7\xc6\xec" +
-	"\xfe\xec\xec\x16\x94N\xcc\xa6{\xbc<\xfb\xbb\xd2\xf9\xd9" +
-	"\xee\xe6?X\xbe\xf6\xdbs_\xf88\xae\x89wf\xbb" +
-	"\xd1\xfb\xd9l\xd2D\xffu\xbf\xfd\xee\x82\x1f\xfe\xf3\xc7" +
-	"\x15\xf6s\x19\xa7e\x16\xa1\xb4 C;\xce\xc9d\x01" +
-	"?\\q\xef\xc9\x19\xc9\x19\x9fV\\t\x12\xf1\xb6e" +
-	"\x86P\xba\x91x\x1bz2/\xd2Eox\xf7\xee\xcd" +
-	"\xd9\x1f\x7f\xfa9\xc9\xc5W\xe0\\\xc7\x9c^\x94\xbe?" +
-	"\x87v\xbeq\x0e\xc5\xd2\xaa\xc7N\x7fg\xf0\xe0K\xe7" +
-	"\xc7E\xee\xaa\xb9\xbbQ\x9a>\x97\xb8\xa7\xcd%\xc8\xf9" +
-	"+\xe1\xc8\x99\x9d\xff\xf9g_\xc4\xa5\xfar\xee\xbb$" +
-	"\x958\x8f\xa4\xda\xf6\xe1\xe1\xf6\xdb\xd7?\xf6\xd5(O" +
-	"\x9b\xf7414\xbb\x0ca0\x8e\xe7i\xca\xbc\x16\x94" +
-	"6\xce\xa3\xf3J\xf3\xb2\xb0\xd8\xb1lMcE\xa3\x9c" +
-	"\xc8\xffA\xf03\xbf$\xaf\x94\xb5rc\xb3m\x0d2" +
-	"\xcdR\xf3\x8a\xc5\xbaX\xd6,\xeb\x9a\xc9:\x11\xe5\x14" +
-	"\x9f\x00H \x80\xa8\x0c\x01\xc87\xf3(\x179\x14\x11" +
-	"\xd3\x84\xd6\xa2J\xc4A\x1ee\x8bC\x91\xe3\xd2\x84\x08" +
-	"\xe2\xc6\xb9\x00r\x91Gy\x0b\x87\xc8\xa7\x09\xefD\xfb" +
-	"N\x00y\x0b\x8f\xf2\x1e\x0e\x9d23J\x8a\xc64H" +
-	"Zm\x86\x81\xb5\xc0a-\xa0c0\xcb\x18V\xfa\x8a" +
-	"\x90d1\xb20\xb4\xd9\xc2:\xe0\xb0\x0e\xd0\x19\xd4m" +
-	"\xc3\xec\xd1,T\x8b]\xac\xdf`&\x0e\xe2$\xe0p" +
-	"\x12\xe0D\xe2\xb5\xea\x9a\xc6\xf2V\xce\xce\xe7\x99i\x02" +
-	"\x90d\xd5\xa1d\x0b\xef\x06\x90\xaf\xe6Q\xbe.&\xd9" +
-	"2\x92\xec[<\xcaM\x1c:&361c\x95\x8e" +
-	"y\xc5Rum\x8d\xc2\x97Xx\xed|Qe\x9a\xd5" +
-	"\xaaCR\xebW\x070\x15\x85\x02 \xa6&\xbeX\xdb" +
-	"\x16\xd5\xb4Tm\xa0\xdb\xa5g;\xf5\xa2\x9a\x1f\xa6\xdb" +
-	"\xd5\xba\x9a\x9c\xd5H{\x88\xd3z\x01\x90\x13\xc5\x16\x80" +
-	"\xac:\xa0\xe9\x06s\x0a\xaa\x99'\xa1\x80\xcf[;\xfa" +
-	"\x94\xa2\xa2\xe5Yx\xd0\xa4\xb1\x07y\x07\xe4\\9\x96" +
-	"(1k\xcf\xefT\x0c\x85/\x99rm\xa8\x8f\xb6^" +
-	"\x00y9\x8frgL\x1f\xabW\x02\xc8\xabx\x94o" +
-	"\x88Y\xba\xa7\x05@\xee\xe4Q^\xcf\xa1\xa3\x1b\xea\x80" +
-	"\xaa\xb52\xe0\x8d\xb8\xc1LKSJ\x0c\x00\x02\x85\xed" +
-	"\xd0\xcb\xa4D\x13S\x11JWh\xaaj\xac\x00\xed\xac" +
-	"X\xd4\xaf\xd7\x8dba\xadw\x8eN\xdavM\x19." +
-	"\x13\xc6\xb1\xbck\x1c\x92[\xcd\xb3%\xb6\xc9\xbcu\xb6" +
-	"\xe1\x1ar~\x173\xed\xa2e\x02\xc8\x89P\xfc\xbaF" +
-	"\x00\xb9\x9aG9\xcda\xd6p\x190\x15\x81z\xc5U" +
-	"/\xa6k[3\xd8\x80jZ\xcc\xf0\xc8\xf3\xb3\xa4\xf0" +
-	"\x92\x19?\x90\xfc/\xc5\xa3<\x93Cg\xc0P\xf2\xac" +
-	"\x93\x19\xa8\xea\x855\x8a\xa6\xe7x\x96\xc7*\xe0\xb0j" +
-	"bOZ\xa1\xa8EV\xf0\xa4[\x92\xcf\xb8\xffS\xf4" +
-	"\xd6:\x8e\x17\xbe\xbdQ\xf8\xd6\xe1W\x8e\x1f\xbf[\xa3" +
-	"\xf8\xad\xe3\xbet\xc6\x06p\x1d\xff\x85\xe3\x870E\x84" +
-	"\xc5\xa3\xbc\x93\"\xc2.\x93NM\xe0u\x03S\x11J" +
-	"\xfa\xdaa\x85\x01\xd2\xb4\x06Y\x96'Ec*\xc8\xf6" +
-	"\x1e\x83P\xd0\x071\x15\x952\xfe2\x83mb\x86\xc9" +
-	":!i\xe8[\x861\x15e\xfd\x0a\xadO\xbd\\\xad" +
-	"\x07\x86\x0eWM\xbc\xde`y\x0f2\xfc\xe5\x9d\x19\xcf" +
-	"h18$\x1d\xad\xe7Q\x1e\x8c\x05\x09\xeb\x03\x90\x0b" +
-	"<\xca\xe5X\x90\x94VF\xda\x14\xf9\x00\x0f)r\xca" +
-	"<\xca\xdb\xb8\xd1\x08\xc761\xcdZ\xae\x0e\x80\xc0\xcc" +
-	"\xff\x870\x1a%\xa5/c(]\xcc%\xc9[jy" +
-	"\x94\xeb\x09\xae\xe9+\xb3(\xb0\xe9\xb4\xb0\x10\xbe\xf8i" +
-	"\xad\xf4\xaf\x0f\xbe\x9d\xfe.\x86\x8f\xbf\xf5\xe1a\x87\xe9" +
-	"\xb0C<\xca?\x89\xa9\xf2~\x03@\xbe\x8fG\xf91" +
-	"\x0e\xd1\xd7\xe4#G\x01\xe4\xc7x\x94\x7fN\x9a\xe4<" +
-	"M>\xb9\x88\xda&\x1e\xe5W8\x14\x13|\x9a\xba\x02" +
-	"\xf1e\x0a\xa9Wx\x94\xdf\xe0P\xacJ\xa4\xb1\x0a@" +
-	"<E\xd69\xc9\xa3\xfc\xf6\x85\xd0*_\xd4\xedB\x7f" +
-	"Q\x81\x8c\xc1\x0a\x1d\xcbC\xbaf\x97:\x0d\xb6IE" +
-	"\xdd6\x9b-\x8b\x95\x84\xb2e\x06\x89'i)\x03&" +
-	"N\x05\xec\xe4\x11SQ)\x09H\xc4pO4Xa" +
-	"\x1d3L\x95\xd7\xb50w\xa8\x9a\xc54k\x95\x02B" +
-	"\x1f+\x86\xd4\x09\xb0\xa5\xcb\x8f\x10\x8a\x0f?\xd8\xf5\x08" +
-	"\x0fq\x80`|\xa6\xe3\xf8Jl#\xdd4\xf1(\xaf" +
-	"\xe2p\x16~Ed\xd2cG\x17\x80\xdc\xce\xa3\xdc\xcd" +
-	"\xe1,\xeeK\"\x93&\xe5\xde\x08\xcd\x93\x83\x96U\xc6" +
-	"TTb\xfa\xc6\xde\xcc\xfaL=\xbf\x81\x01\x12(\x86" +
-	"\xf5\x8e\xffu\xd0\x07i\xe0\x8b\x05LE-b\x85\xa7" +
-	"\xf0\x17\xca\xd0Y\xaa\x07t\xc3M\x80Q:\xba6\x12" +
-	"\"\xf0\x8e\x8e\xdeH\x02\x91k\xf2\xc4\x92\xfb\xa2\xfbg" +
-	"\xf2\x8am\xb2\xd1\xa5Es\xbf\x05<3B45\x07" +
-	"u\xbbX\xe8b X\xc60\"p\x88\x13c\xecr" +
-	"\xbd=\xa6x\xcf\x8d\xc7O\x9ba\xd6\xec\x8dgM_" +
-	"\xfd=\xa4\xfen\x0f%\x9c\"\xa1\x94\xd6\xae\x03oZ" +
-	"\xe1u=b\xa7\xee:\xa7\x00\x1c\x0a\x80\x8e]6-" +
-	"\x83)%\xc0\xd0\xdb\x88\x7f\xeae$\xa3\x0aP\xecT" +
-	"\x92n\xdc\xff.\xa5\xfe\xcb\xcf\xe1^>\x1d\x95\xc1\x8f" +
-	"\xc6\x12j\xde_\x8d\xee\xf2V]\x13.\xbbJ\xf3\x11" +
-	"\xcc\xcb!K\xfc\x9a\x80\x0a\xc8 \xb9.\xa4d0\x9f" +
-	"G\xf9\x9axr]L*\xba\x8aG\xf9[\x1c\x0a\xcc" +
-	"\xa0<\x19v\xfa\xde\xa1;L\xaf\"\xc5T4\xc6\xb9" +
-	"\xf8ub\xc5\xba\xaakc\xdcpn\x14.\xa1\x09;" +
-	"\xae\x8d\xd950\xe1\xea\xbe\xc8\xae\xc2\x066\x1cX)" +
-	"\xc3J\x8a\x1a\xa1\x91o\xdcf\x10\xbe\x17\xf1LX\xd4" +
-	"\xfa\xc9\xdfK\xfdY\xcfZt\xc9tx\xc9\xed#\x00" +
-	"\xf2N\x1e\xe5}\xb1K\xee\xa5\x1ea\x1f\x8f\xf2\xa1\xd8" +
-	"%\x0f\x92\x12\x0f\xf0(\x1f\x89e\xcf\xc3d\xe0#<" +
-	"\xca\x0fs\x88\x09\x0f\xf2\x1f$\xc8\x7f\x98G\xf98\xe7" +
-	"\x02v{s\xab\xae\xa1\x7f\x09\x13 \xec\x13\x06\x99b" +
-	"X}LA\xabC\xb3\x98\xb1I\xc1b\x00\x09;," +
-	"\xb5\xc4t\xdb\x0a!\xa2\xa4lq\x0b+,\xb4{\xab" +
-	"\x04\xc52\xb1\x068\xac\xa1\x884\x99\xd1j\xb0\x02\x92" +
-	"5\x94b\xa7\xc2[\x83\x97\xa2\xa0\xd1 \x9e\x1cG=" +
-	"T\x96m\xe3Q\xbe\x8d\xa0\x04c\xd3$\xf1\x96!\xe0" +
-	"\\$!\x997\xb6\xc4K\x0b\xceKs\xf1V\xcbM" +
-	"\x88\x93\x00\xc4]\xa4\x9d=<\xca\x07\xb8\xe0j\xed:" +
-	"d\xbd\x08\xad4\xb5\xdf\xca\xec \xd4TY$\xaf_" +
-	"/\xa8\xa8k\xdd\xae\xa20\xd2T^/\x95\x0dre" +
-	"U\xd7d[)\xaa\xbc5\x1c.\x9cP\x17\x04I^" +
-	"(\xaf-g\\c\x912\xae\x0b\x94!\x0d\xe3J\x80" +
-	"\xdc\x16\xe41\xb7\x07#w\x91va\x0b@n\x1b\xd1" +
-	"o\xc3\xc8c\xa4[p\x06@n'\xd1\xf7a\xd8\x81" +
-	"J{\xf1Q\x80\xdc>\"\x1f\xc2\xa8T\x90\x0e\xba\xdb" +
-	"\xdfE\xf4\xfb0\xaa\x16\xa4{p\x11@\xee\x10\xd1\x8f" +
-	"\x13}\x12\xe7jR:\x86C\x00\xb9\xc7\x89\xfe\x0c\xd1" +
-	"\x85\xaa4\xb5\xdb\xd2Sh\x00\xe4~N\xf4_\x10\xbd" +
-	"\xba>\x8d\xd5\x00\xd2\x0b.\xfdy\xa2\xbfB\xf4\x9a\xe9" +
-	"i\xac\x01\x90^\xc6\xdd\x00\xb9\x97\x88~\x92\xe8\x931" +
-	"\x8d\x93\x01\xa4\xd7\xf1n\x80\xdcI\xa2\xbfM\xf4)\x93" +
-	"\xd28\x05@z\xcb\xbd\xcf\x1bD?K\xf4\xdaD\x1a" +
-	"k\x01\xa4w\xf0(@\xee,\xd1?\"z\x9d\x90\xc6" +
-	":\x00\xe9\x03W\xae\xdf\x12\xbd\x9a\x0bq\xb0\xa3\x10\x87" +
-	"crC5*Gx\xdd\x0c]\x81\xf9\x9d)z\xb9" +
-	"\xa2SORk\x8a\xc9h\x84\x0c\x88I@\xa7\xac\xeb" +
-	"\xc55\xa3a\xfeb\x15\x91\xefF\x90\xd4\xb5\x8eB\x18" +
-	"\x97\x9e\xf3\xad\xd2!\x93W\x8a\x1d\xe5\xa8F2\x9bm" +
-	"K\xb7\xcb\x90)(\x16+\x84\x89\xda\xb0\xb5\x15\x86^" +
-	"\xeaFf\x94TM)B\xf8e\"_L\xda\xb6Z" +
-	"\x08\xf7\x9e\xb0\xb0s\xfa\x99b\xd9\x063I\xb4\x0bd" +
-	"\\\xae\xd2\xa33\xe5\xc6ne\xa0b\xc0\xb0(J\x0f" +
-	"!\xda-\xbe6\xca\x0e\xc9x\x14f6)E\x9b]" +
-	"J18a\xcb\xd2\x95\xf5Z\x9e\x8bu\xb6\xc18\xec" +
-	"\xe2\xd5|OE\xe6\xf5\xf2\xe1\x98iJK$l(" +
-	"\xab\xe1OX\xda\xb9(\xe7\x05\xd6\xea\xf7;W\xc8\xd0" +
-	"\xde1\xbf\x09\xe7\x95\xbe\xdf\\\xaa&\x06\x98\xe5\xfd\xea" +
-	"\xd0\xfau*\x0f\x04\xa5d~\xcd\xd5]\xccL^\x8a" +
-	"\x16\xa3\x09\xe4\xc5\xf3w{wwg4\xc4\xe0=\xf0" +
-	"\xbf&\xc4\xbbf\xec\x02\xc85Q\xe0\xae\xc2P\x87R" +
-	"\x87\x8b;\xedD\xee\xc6\xa8\xea\x95d\x17_:\x89\xbe" +
-	"\x1e\xa3\xbeH\xba\xd1\xc5\x85\xf5D\x1ft\xf1\xae\xd9\xc3" +
-	";\xe6n_ z\xd9\xc5;\xf4\xf0\xae\xe4\xee_$" +
-	"\xfa\x968\xde\xd982\x0a~\x05\xde\xc3\xbb].N" +
-	"\xed!\xfa\x01\x17\xef\x12\x1e\xde\xed\xc7'\x00r\x07\x88" +
-	"~\xc4\xc5\xbb*\x0f\xef\x0e\xe3\xd3\x00\xb9#D\x7f\xd8" +
-	"\xc5\xbbI\x1e\xde=\xe8\xf2?\x1c\xe2\xec\x94\x16\x0f\xef" +
-	"\x8e\xb9\xf8\x18\xe2\xacc\x1b\xc5\x9ce\xa8\x1a\xe0@\x14" +
-	"\x1b\xf9\xf2\xf7\x18+7C\xb2\xa8nba.*\xa8" +
-	"Jq\xb9\xad\x14!\x93\xb3\x94\xfc\x86\xa8\xb4/\x9a\xed" +
-	"\x8aV0qP\xd9\xc0(\x83\x09\xf1\\o\x15\xcdu" +
-	"\xccP\xfb\x01\xa3f \xac}\x92\x9d\xba^Y\x12\xb9" +
-	"5%3<\xf0\x0b\xbf\x95\x94-\x1d\x85\"k\xc5\xa0" +
-	"\x02\xe2\xb5(\x83\xaa\xf4E\xd74\xf4\xca\x92n53" +
-	"\xba\xde(\xfb\xedEP\xb7tg+\x0a\x12\xb6\xa5\xcc" +
-	"\xf2V\xab\x8e\x9a\xa5j6\x1b\xb3A~\xd0\xd66\xb0" +
-	"B\x1bjy\xbd\xa0j\x030\xa6\xaf\xe1/4;\x8a" +
-	"\x15jn4c\xec\xedM\\\xd8\x08\x9c\x0b]Tv" +
-	"\x88\x8d\xd1t \x9bwWe\x0d\xa6\x98\xb1\xc6v\x82" +
-	"\xd3\xfcY\xa7\x17d\xde$\xa0\x0a |\xa8\xc2`\xd8" +
-	"/\x1e\xdb\x0a\x9c\xf8\x88\x80\xd1\x1b\x09\x06O\"\xe2=" +
-	"\x06p\xe2A\x01\xb9\xf0\x01\x11\x83\xc7?q\xef\x08p" +
-	"\xe2-\x02\xf2\xe1\xa3\x1e\x06\x93tq\xb8\x058\xb1$" +
-	"`\"|\xe0\xc4`\x0c/*TZ\xdd(`U\xf8" +
-	"Z\x88\xc1[\x8f\xb8z7pb\x9b\xe0\x04\x1d\x14d" +
-	"=1\x9a\xd0\x09\x00\x032.d4\xa1\x13L\x9f0" +
-	"\xe8\xb4\x00\x9ap\x87\x0f\xcfM\xe8\x04\xf3WH\xe6\x15" +
-	"\x8b5Q{\xea}D\x1f\xbc\xa1\x09\xe3sM\xfeB" +
-	"=\xd1\xf8\xb5uKT\xff\x05\x00\xbck$*\xff\xc2" +
-	">t\xff\xa3\xf1\xd2\xda\x1f\xa7\x1c\xde\xed\x0fc\x8e\xc7" +
-	"\xc6)\xc7\xa8\xde>\xce\xa3\xfc\x1a\x17\x15\x0d\x81O\x07" +
-	"\xa3@\xd4\x8d\xa01\x9e`\"\xe8{\xbe_\xf6V\xce" +
-	"\x05\x9d\x82>\xe8\x96\xc5\xe8meB\x94\x0e\xe2\xc3\xc2" +
-	"\xa9\xb1a!\x06-\xb90*{\xc4G\x87S/\xd2" +
-	"\xdf\xc5\x1bL7\x9d%\\\x97\x0c\x9eF1x\xc5\x16" +
-	"Er\xad:\xc1\x09\x9aP\x0cr!T\x98\xec2;" +
-	"\xf1.\x96\xf9\xdf$\xebq\x1c\xc4;'I\x1e\xe9\x09" +
-	"\x14\xee;\x14\x1b\xed\x15u\xbf\x89L\xae\x89\xf7\x01\x13" +
-	"\xe8\xca\xbbpP\xb5'i1\xed\xff\x8dp\xff\xd7\xe7" +
-	"\xc6Fo\x81\xff\x9d\"\xe2k<\xcao\xc6Z\xbb\xd3" +
-	"+\x01\xe47x\x94?\x8d\xde\x89\xce\x91\xa3~\xcac" +
-	"W\xacD\x17\xbf$\xc6/\xa8\x90\x8d'\xac*\xbc\x13" +
-	" WM\x09\"\xed&\xac\x84\x97\xb0D\xec\x03\xc8\xa5" +
-	"\x88>3^\xa0O\xc7^\x80\\=\xd1\xe7\xa3\xdf\x91" +
-	"\x07oL\xb6\x11\x81{Q\x1fX\xa5j\xe3V}\xc1" +
-	"\xc3\x15Z\x04\x99\xb6A\xb8?\x1a_;\x96\xc7\xea\xe0" +
-	"p\xec\x84\xcc\xc8Q\x88\x17\xd0\x0c\xc79\xe3\x0fz\x09" +
-	"\x07\x96\xab\x03\xcc\x1d\x07\x05\xc4\x09\xcc\x91\xf3\x83\xcf\x8b" +
-	"=\xbf\x96\x88\x0d\x03\x8e\xc6\xe6d\x811\xe4\xa7\xfd\xf9" +
-	"\xd3\xcd1c|\xbf/\x9ag\x13@\xe9=\xe5\x82\x82" +
-	"\x16[a\xb0\x8d6\x13\xb4\xfcp\xd4\x14S[\x987" +
-	"{\xb0L\x05\xf9\x0a\x83e7\xda,\xce\x10\xbca\x80" +
-	"\xa0\xea\x851\x8f\x17\xe3T\x96\xd7\xb3\xbe\x9c\x9e\xdf\xc0" +
-	"\xacQo;\x15\xef\x8f]\xd1\x03F\xf8\xfc\xd8\x15\x7f" +
-	"~\xf4am\xe3P4Z\x0famx$\xea\xa8\xc7" +
-	"/%\xfeo\xb2\xff\xd7z\x82\xa3BZ\xb8\x94\"3" +
-	"\xfc\xcb\xa0\xaf9\xe8\xbf\xd4\x9e zX\xbe\xcc\xe1\x18" +
-	"\x84X\x83\xb1?\x1c\xa1C8\x7f\xf3\xff\x09\x00\x00\xff" +
-	"\xffm\x81\xedW"
+const schema_db8274f9144abc7e = "x\xda\xccz}\x90\x14uz\xff\xf3t\xcf\xd2\xbb\xb0" +
+	"\xcbL\xdbc\xfdv)\xf67\xc7\x8bQ8!\"G" +
+	"\xa2\x9b\xe4\xf6\x0d\xb8]\x0ea{g\x17u\xe5R\xf6" +
+	"\xce|w\xb6a\xa6{\xe8\xee\x01\x96\xe0\xf1R\x10e" +
+	"\x03'x\x90\x02\x0f\xaf\x00\x8f\xf8\x12\xbd\x13\x0f+\xa7" +
+	"\x11K\x93\xab\xa89\x13\xe5\x82)\xbd\x98\x8a\x11\xa8T" +
+	"\xac\xb3<\xd1\x94eJ\xed\xd4\xf3\xed\xd7\x1d\x96\x05L" +
+	"R\x95\x7f`\xea\xe9\xe7\xfb\xf2\xbc}\x9e\x97\xef\xde\xf4" +
+	"\xe3\xc9m\xc2\x82\x9a\xeb\x93\x00\xeaS5\x93\\6\xf7" +
+	"\x97\x9b\x8e\\\xf7\xd7\xdbA\x9d\x86\xe8~\xf7\xf9e\xe9" +
+	"\xcf\x9c\xed\xff\x045\xa2\x04\xb0pD\xda\x84\xca\x1eI" +
+	"\x02PvI\xff\x06\xe8\xd6\xfc\xd6\x9b\xef\x96\xdf\x95v" +
+	"\x80<-\xce,\x10s\xa9v\x19*\xdbj\x89\xf9\x9e" +
+	"\xda\x0d\x80\xee\xef\x97^?\xf6;\x07~A\xccB\xc4" +
+	"\x0c\xb8\xf0|\xed&T>\xe3\x9c\xffQ\xbb\x12\xd0\xfd" +
+	"x\x7f\xe3\x9f\x1f\xfd\xfbWv\x82|=\x82\x7fvC" +
+	"\xdd\xaf\x10P\x99Q\xf7\x13@\xf7\x1fn\xda|\xee\xee" +
+	"\x8f\xf7\xdd7\xf6\xdc\x04\xf1\xbdT7\x8a\xca\xdbu\x12" +
+	"\x88\xeeCw\xa5\xff\x16\x8f|\xba\x0f\xe4\x1bh\x1b\xa4" +
+	"\xcf\xcf\xd4M\x16\x00\x95\xbf\xabk\x05t_\xbf\xf1\xf9" +
+	"\xe7\xf6\xfe\xf4\xde\x1f\x80z=\"x\xeb?\xa8\xfbO" +
+	":\x07'\x13\xc3G?\xfaz\xe2\xc9\xd7\xaf\xf9!g" +
+	"p\x8f\x9f\xbe\xfd\xe9\xbd?\xfd\xda\xfb\xd0/H\x98\x00" +
+	"X8g\xb2E\xbc\x8b&\x93.\xf6\xbfujEi" +
+	"\xdf\x83\xc7\xbcK\xf3\xbd\xae\x9d\"\x08\x90pwt\x7f" +
+	"Z\xea\x7f8\xfb\xb0/N\x0d}\xaa\x9br\x01\x01\x17" +
+	"6O\xc9 \xa0\xbb\xe8W\xe7W\xde\xf6\xf4\xd0#>" +
+	"\x07\xbf\xe9\xad\xf5O\xd3\xe6\xdd\xf5t\x91W6\xa4v" +
+	"\xb7\xff\xee\xfd\x8fT\x9b\x85\xefU\xaa\x1fEeg=" +
+	"\xfd\xdcV\x7f;\xed7z\xeb\xa9U\x1f\xff\xb1\xfd8" +
+	"\xa8\xf30\xe1\xfe|\xd7\xd9\xf5s\x1e\x1bz\x99\xdf[" +
+	"\x04X\xf8Y\xc3/i\xeb\x86\xa9\xa4\xcb\x86\xbf\x9c\xbb" +
+	"\xe2\xfes\xcbO\xd0\xd61\xbbx\x97xrj\x0b*" +
+	"\xa7\xa6\x92i\x9e\xe5\xdco\xdc\xb8\xea\x85\x17\x9e*\x9c" +
+	"\xa8\xbe\x087\xf9\x9d\xc9e\xa8\x94\x92\xc4\xad'\x89\xfb" +
+	"\xdan|\xe7\xc5\x05\x89\xbf\x88\x1b\xb29\xf5>\x1d\xbe" +
+	" E\x0cw}\xfe\xcc_-\xf9\xf0\xcc\xb3q\x13\x9d" +
+	"N\x09d\xa2\xf3)\x12|`\x14K\xef\xb4\xb4\xbd\x00" +
+	"\xea\x0d\x88\xee\x9a\x03\x9b\x9d\xae\x83{\\\xe8G\x09\x05" +
+	"\xf2\x0ay\x13m\xd6$\x93\x835\x7f\xd0\xd1`|\xb8" +
+	"\xfd\xc5*o\xe4\xa7V\xe4e\xa8\xec\x92\xe9j;\xe5" +
+	"\x9f\x00~\xfa\xf8\xbd{\xbb\xcf.~Y\x9d\x86\x89j" +
+	"\xa1g\\\xb3\x09\x95E\xd7\xd0\xcf\x05\xd7p\xfb\x84\x1a" +
+	"\xacb\xe7Rk\xca\x1aT*\x0a\xfd\\\xa7p\xf6e" +
+	"w}\xff\x81\x9a\xf3\xdf\x7f\xb9Z\xa5\xe4\xe2\x0b\xefI" +
+	"[\xa8\xecK\xd3\xcf=\xe9\xff'\x02\xba\xd3\x9e\xfa\xbd" +
+	"\x1fw\xe4\xdf\xfe\xc58Q\xa444^P\x9a\x1a\xe9" +
+	"\xd7\xb5\x8d$\xe3\xd9y'\xfe\xe8\xdf\xf7\x9c>\x13\xf7" +
+	"\x94u\x8d\xdcew6\x92\xc2\xee\xfd\xfa\xc8\xa6\x15\xd7" +
+	"\x8d\xbeYm \xcey\xbcq\x14\x95S|\xbbg\xf9" +
+	"v\xc2y\xadi\xeb?~\xf3\x9d\x98\xd3\xceiz\x0f" +
+	"!\xe1\xaeXu\xd7\x9a\xba{\xce\x9e\x8d\x1f\xd4\xdc\xe4" +
+	"\x99\xae\x89\x0e:)?\xa0<\x7f\xf4\xcf\xce\xd1AR" +
+	"\xb5\xba\xd5\xa6\x01TX\x13WO\xd3#\x02\xc4\x82g" +
+	"<\xc7\xf9\xce\xf4\x16TJ\xd3\xb9\xe3L\xa7{-\xba" +
+	"\xbb\x9d\xad\xbe\xe5\x8e\xf7A\x9e&\x8e\xc1\x8a\xc7\x88\xf3" +
+	"\xd9\xe9<\x94\xa7\xdf\x8b\xca\xa9f\x09\xc0\xfd^a\xe0" +
+	"\xd5\x8f:\x8f\xfe\xa6zs.\xd0\xf1\xe6\x16T\x9e!" +
+	"\xbe\x85'\x9a\xb9}\x16.\xf8\x93\x0f\x0e<\xdc\xf9\xd1" +
+	"E\xbb\x7f\xf1\xff;Pi\xc8\xd0=\xea2\xdfRn" +
+	"\xcd\xf0\xcd\xbf\xbbx\xe5\xad3_\xba\x10\xd7\xc4\x8c\xcc" +
+	"\x05\x1e\xf9\x19\xd2\xc4\xd0-\xbf\xfe\xd6u\xdf\xfb\x9b\x0b" +
+	"U\xf6\xe3\x8c\xfd\x99\xb9\xa80\xbe\xa3F\xcc\x1f.\xfd" +
+	"\xe1\x99i\xc9i\x9fT]t\x12\xf1\xee\xcc\xacA\xe5" +
+	"\x10\xf1.<\x90y\x99.z\xc7{\x0fnh\xfd\xc1" +
+	"'\x9f\x92\\b\x15\xd0\xed\x9a1\x80\xcaC3h\xe7" +
+	"C3(\x96\x96?\xf1\xf67\x87\x0f\xbc\xf2\xd9\xb8\xd0" +
+	"\xbdd\xe6vT\xee\x9cI\xdc\xfd3\x09\xae\xfeT:" +
+	"|v\xeb\xbf\xfc\xe1\xe7q\xa9\xfe`\xd6{$\x95:" +
+	"\x8b\xa4\xda\xfc\xe1\xa1\xae\xfbW?\xf1\xe5\x18O\x9b\xf5" +
+	"\x1c1l\xe3\x0ca0\x8e\xe7iGgu\xa0rb" +
+	"\x16\x9d\xf7\xe4\xacV\x98\xe7:\x15\xc3`E\xab\x9c\xc8" +
+	"\xfdv\xf037?\xa7\x95\x8drK{\xc5\x19f\x86" +
+	"\xa3\xe74\x87\xf5\xb2V\xbbl\x1a6\xebATSb" +
+	"\x02 \x81\x00\xb2\xb6\x06@\xbd[D\xb5(\xa0\x8c\x98" +
+	"&\xb8\x96u\"\x0e\x8b\xa8:\x02\xca\x82\x90&D\x90" +
+	"\xd7\xcd\x04P\x8b\"\xaa\x1b\x05D1Mx'W\x1e" +
+	"\x00P7\x8a\xa8\xee\x10\xd0-3\xab\xa4\x19\xcc\x80\xa4" +
+	"\xb3\xc4\xb2\xb0\x1e\x04\xac\x07t-\xe6X#\xda`\x11" +
+	"\x92,F\x96\xd6lp\xb0\x01\x04l\x00t\x87\xcd\x8a" +
+	"e\xf7\x1b\x0e\xea\xc5^6d1\x1b\x87q\x12\x088" +
+	"\x09p\"\xf1:M\xc3`9'[\xc9\xe5\x98m\x03" +
+	"\x90d\xb5\xa1ds\x1e\x04Po\x14Q\xbd%&\xd9" +
+	"\"\x92\xec\x1b\"\xaam\x02\xba6\xb3\xd63k\xb9\x89" +
+	"9\xcd\xd1Mc\x85&\x96Xx\xed\\Qg\x86\xd3" +
+	"iB\xd2\x18\xd2\x0b\x98\x8aB\x01\x10S\x13_l\xc9" +
+	"F\xddvt\xa3\xd0\xc7\xe9\xad=fQ\xcf\x8d\xd0\xed" +
+	"\xea\xb9&\x9b[h\x0f\xf9\xda\x01\x00\x14d\xb9\x03\xa0" +
+	"U/\x18\xa6\xc5\xdc\xbcn\xe7H(\x10s\xce\x96A" +
+	"\xad\xa8\x199\x16\x1e4\xe9\xe2\x83\xbc\x03\xb2\\\x8e\xf9" +
+	"Z\xcc\xda\xb3{4K\x13K\xb6Z\x1f\xeac\xc9\x00" +
+	"\x80\xbaXD\xb5'\xa6\x8f\xdb\x96\x01\xa8\xcbET\xef" +
+	"\x88Y\xba\xbf\x03@\xed\x11Q]-\xa0kZzA" +
+	"7:\x19\x88V\xdc`\xb6ch%\x06\x00\x81\xc2\xb6" +
+	"\x98eR\xa2\x8d\xa9\x08\xa5\xab4Us\xb1\x00]\xac" +
+	"X4o7\xadb~\xa5w\x8eI\xda\xe6\xa6\x0c\x97" +
+	"I\xe3X\x9e\x1b\x87\xe4\xd6sl~\xc5f\xde\xba\x8a" +
+	"\xc5\x0d9\xbb\x97\xd9\x95\xa2c\x03\xa8\x89P\xfc\x86\x16" +
+	"\x00\xb5VD5-`\xab\xc5\x190\x15\x81z\xd5U" +
+	"/\xa7\xeb\x8aa\xb1\x82n;\xcc\xf2\xc8\xb3[I\xe1" +
+	"%;~ \xf9_JDu\xba\x80n\xc1\xd2r\xac" +
+	"\x87Y\xa8\x9b\xf9\x15\x9aafE\x96\xc3\x1a\x10\xb0f" +
+	"bOZ\xaa\xe9E\x96\xf7\xa4\x9b\x9f\xcb\xf0\xff)z" +
+	"\xeb]\xd7\x0b\xdf\x81(|\x1b\xf0K\xd7\x8f\xdfMQ" +
+	"\xfc6\x08_\xb8\x17\x07p\x83\xf8\xb9\xeb\x870E\x84" +
+	"#\xa2\xba\x95\"\xa2R&\x9d\xda \x9a\x16\xa6\"\x94" +
+	"\xf4\xb5\xc3\xf2\x05\xd2\xb4\x01\xad,G\x8a\xc6T\x90\xed" +
+	"=\x06)o\x0ec**e\xfce\x16[\xcf,\x9b" +
+	"\xf5@\xd227\x8e`*\xca\xfaUZ\x9fz\xb5Z" +
+	"\x0f\x0c\x1d\xae\x9ax\xbd\xc5r\x1ed\xf8\xcb{2\x9e" +
+	"\xd1\xd2\xa1\xd1\xee\x99\x19\x01Z\x18$\xdb\x06\x01\xd4\xad" +
+	"\"\xaa\xbbcA\xb2\x8b4\x7f\x9f\x88\xea~\x01e\xd1" +
+	"\xc7\xc3}\x14N{ET\x0f\x0b('\x12i*f" +
+	"\xe5C\x14N\xfbET\x8f\x08ca\x8f\xadg\x86\xb3" +
+	"X/\x80\xc4\xec\x88JW\\\xac\x17\x18\x88\xf6\xffB" +
+	"\xc0\x8d\xd1\x87\xaf\x8dP\x0f1\xe7%\xe9\xeaET\x1b" +
+	"\x09\xd8\xe9+s\x08\x02\xe8\xb4\xb0d\xbe\xfci\x9d\xf4" +
+	"\xaf\x0f\xd3=\xfe.\x96\x8f\xd4\x8d\xe1a\x87\xe8\xb0\x83" +
+	"\"\xaa?\x8a)\xfd\xa8\x05\xa0\x1e\x11Q}B@\xf4" +
+	"u\xfe\xd81\x00\xf5\x09\x11\xd5\x9f\x91\xce\x05O\xe7\xcf" +
+	"\xcc\xa5\x0eKD\xf55\xd2\xb9\xe8\xe9\xfcU\x0a\xbe\xd7" +
+	"DT\xdf\x12P\xaeI\xa4\xb1\x06@~\x93\xecxF" +
+	"D\xf5\xddK\xe1Z\xaehV\xf2CE\x0d2\x16\xcb" +
+	"w/\x0e\xe9F\xa5\xd4c\xb1\xf5:\x9a\x15\xbb\xddq" +
+	"XI*;v\x90\xa2\x92\x8eV\xb0q*`\x8f\x88" +
+	"\x98\x8a\x8aN@\"\x86{\xa2\xc5\xf2\xab\x98e\xeb\xa2" +
+	"i\x84YF7\x1cf8\xcb5\x90\x06Y1\xa4N" +
+	"\x80B\xbd~,Q$\xf9\xb0`F\xc8\x89\x05\x02\xfc" +
+	"\xe9\xae\xeb+q\x09\xe9\xa6MDu\xb9\x80\xcd\xf8%" +
+	"\x91I\x8f\xdd\xbd\x00j\x97\x88j\x9f\x80\xcd\xc2\x17D" +
+	"&M\xaa\x03\x11\xee'\x87\x1d\xa7\x8c\xa9\xa8\x18\xf5\x8d" +
+	"\xbd\x81\x0d\xdafn-\x03$\xf8\x0c+#\xff\xeb\xb0" +
+	"\x0f\xe7 \x16\xf3\x98\x8a\xba\xc9*O\x11/\x95\xcb[" +
+	"\xa9r0-\x9e*\xa3\xc4us$D\xe0\x1d\xdd\x03" +
+	"\x91\x04\xb2\xd0\xe6\x89\xa5\x0eF\xf7\xcf\xe4\xb4\x8a\xcd\xc6" +
+	"\x16!\xedC\x0e\x88\xcc\x0aq\xd7\x1e6+\xc5|/" +
+	"\x03\xc9\xb1F\x10A@\x9c\x18\x8d\x17\x9b]1\xc5{" +
+	"n<~\x82\x0d\xf3\xeb@<\xbf\xfa\xea\xef'\xf5\xf7" +
+	"\x89\xa8\x96\x05t\x8b\x84gF\x97\xc9\xc3=\xb8\xaeG" +
+	"\xec1\xb9sJ \xa0\x04\xe8V\xca\xb6c1\xad\x04" +
+	"\x18z\x1b\xf1O\xbd\x8a\xb4U\x05\x9f=Z\x92\xc7\xfd" +
+	"\xff\xa5\"\xe1\xea\xb3\xbd\x97y\xc7\xe4\xfac\xb1\xd4\x9b" +
+	"\xf3W#_\xdei\x1a\xd2U\xd7s>\x82y\xd9f" +
+	"\xbe_=P\xa9\x19\xa4\xe19\x946f\x8b\xa8\xde\x14" +
+	"O\xc3\xf3HE7\x88\xa8~C@\x89Y\x94Q\xc3" +
+	"\x99\x80w\xe8\x16\xdb\xab]1\x15M|.\x7f\x9dX" +
+	"Y\xaf\x9b\xc6En83\x0a\x97\xd0\x84\xdd7\xc7\xec" +
+	"\x1a\x98\xf0\xb6\xc1\xc8\xae\xd2Z6\x12X)\xc3J\x9a" +
+	"\x1e\xa1\x91o\xdcv\x90\xbe\x1d\xf1LX\xfe\xfae\x82" +
+	"W$\xb4z\xd6\xa2K\xc6\xf2\xech,\xa5\x06\x97\xdc" +
+	"E\xdd\xc4n\x11\xd5\x83\xb1K\x1e\xe8\x88\xa5\xd4 \xcf" +
+	"\x1e\"\x03\x1f\x16Q}T@\xf4\xd3\xecq\x82\xfcG" +
+	"ETO\x0a\x1c\xb0\xbb\xda;M\x03\xfdK\xd8\x00a" +
+	"G1\xcc4\xcb\x19d\x1a:\xdd\x86\xc3\xac\xf5\x1a\x16" +
+	"\x03H\xd8\xe2\xe8%fV\x9c\x10\"J\xdaF^\x82" +
+	"a\xbe\xcb[%i\x8e\x8du `\x1dE\xa4\xcd\xac" +
+	"N\x8b\xe5\x91\xac\xa1\x15{4\xd1\x19\xbe\x12\x05\x8d\x05" +
+	"\xf1\xe48\xea\xa1\x02n\xb3\x88\xea}\x04%\x18\x9b;" +
+	"\xc9;\xd7\x80\xc0\x91\x84d^\xd7\x11\x95t<!\xd6" +
+	"T5e<!N\xa2\x1a\x86\xb4\xb3CDu\xaf\x10" +
+	"\\\xad\xcb\x84V/B\xabM\xed7=[\x085u" +
+	"\x16\xc9\xeb\xd7\x0b:\x9aF\x1fW\x14F\x9a\xca\x99\xa5" +
+	"\xb2E\xae\xac\x9b\x86Z\xd1\x8a\xba\xe8\x8c\x84\x0b'\xd4" +
+	"\x05A\x92\x17\xca+\xcb\x19n,R\xc6-\x812\x94" +
+	"\x11\\\x06\x90\xdd\x88\"fw`\xe4.\xca6\xec\x00" +
+	"\xc8n&\xfa}\x18y\x8c\xb2\x13\xa7\x01d\xb7\x12}" +
+	"7\x86\xbd\xaa\xb2\x0b\x1f\x07\xc8\xee&\xf2A\x8cJ\x05" +
+	"\xe5\x00\xdf~?\xd1\x8f`T-(\x0f\xe1\\\x80\xec" +
+	"A\xa2\x9f$\xfa$\x81kR9\x81k\x00\xb2O\x11" +
+	"\xfdy\xa2K5i\xe4s\x1f\xb4\x00\xb2?#\xfa\xcf" +
+	"\x89^\xdb\x98\xc6Z\x00\xe5%N\x7f\x91\xe8\xaf\x11\xbd" +
+	"\xae)\x8du\x00\xca\xab\xb8\x1d \xfb\x0a\xd1\xcf\x10}" +
+	"2\xa6q2\x80r\x1a\x1f\x04\xc8\x9e!\xfa\xbbD\x9f" +
+	"2)\x8dS\x00\x94\x7f\xe6\xf7y\x8b\xe8\xe7\x88^\x9f" +
+	"Hc=\x80\xf2\xafx\x0c {\x8e\xe8\xbf!z\x83" +
+	"\x94\xc6\x06\x00\xe5\x03.\xd7\xaf\x89^+\x848\xd8\x9d" +
+	"\x8f\xc31\xb9\xa1\x1e\x95#\xa2i\x87\xae\xc0\xfc\x1e\x16" +
+	"\xbd\\\xd1c&\xa9\x89\xc5d4m\x06\xc4$\xa0[" +
+	"6\xcd\xe2\x8a\xb10\x7f\xb9\x8a\xc8w#H\x9aFw" +
+	">\x8cK\xcf\xf9\x96\x9b\x90\xc9i\xc5\xeerT#\xd9" +
+	"\xed\x15\xc7\xac\x94!\x93\xd7\x1c\x96\x0f\x13\xb5U1\x96" +
+	"Zf\xa9\x0f\x99U\xd2\x0d\xad\x08\xe1\x97\x89|1Y" +
+	"\xa9\xe8\xf9p\xef\x09\x0b;w\x88iN\xc5b6\x89" +
+	"v\x89\x8c+T{t\xa6\xdc\xd2\xa7\x15\xaaF\x11s" +
+	"\xa3\xf4\x10\xa2\xdd\xbc\x9b\xa3\xec\x90\x8cGaf\xbdV" +
+	"\xac\xb0+)\x06'lnz[\xbd\xe6\xe8r=p" +
+	"08\xbb|5\xdf_\x95y\xbd|x\xd1\xdc\xa5#" +
+	"\x126\x94\xd5\xf2g1]B\x94\xf3\x02k\x0d\xf9=" +
+	".dh\xef\x98\xdf\x84\x93M\xdfo\xaeT\x13\x05\xe6" +
+	"x\xbf\xba\x8d!\x93\xca\x03I+\xd9_qu/\xb3" +
+	"\x93W\xa2\xc5hVy\xf9\xfc\xdd\xd5\xd7\xd7\x13\x8d;" +
+	"D\x0f\xfco\x0a\xf1\xae\x1d{\x01\xb2m\x14\xb8\xcb1" +
+	"\xd4\xa1\xd2\xcdq\xa7\x8b\xc8}\x18U\xbd\x8a\xca\xf1\xa5" +
+	"\x87\xe8\xab1\xea\x8b\x94;9.\xac&\xfa0\xc7\xbb" +
+	"v\x0f\xef\x18\xdf>O\xf42\xc7;\xf4\xf0\xae\xc4\xf7" +
+	"/\x12}c\x1c\xef*8:\x06~%\xd1\xc3\xbbm" +
+	"\x1c\xa7v\x10}/\xc7\xbb\x84\x87w{\xf0i\x80\xec" +
+	"^\xa2\x1f\xe6xW\xe3\xe1\xdd!|\x0e {\x98\xe8" +
+	"\x8fr\xbc\x9b\xe4\xe1\xddq\xce\xffh\x88\xb3S:<" +
+	"\xbc;\xc1\xf11\xc4Y\xb7b\x15\xb3\x8e\xa5\x1b\x80\x85" +
+	"(6r\xe5o3Vn\x87dQ_\xcf\xc2\\\x94" +
+	"\xd7\xb5\xe2\xe2\x8aV\x84L\xd6\xd1rk\xa3\xd2\xbeh" +
+	"wiF\xde\xc6am-\xa3\x0c&\xc5s\xbdS\xb4" +
+	"W1K\x1f\x02\x8c\x9a\x81\xb0\xf6I\xf6\x98fuI" +
+	"\xc4kJfy\xe0\x17~+i\x1b\xbb\xf3E\xd6\x89" +
+	"A\x05$\x1aQ\x06\xd5\xe9\x8bi\x18\xe8\x95%}z" +
+	"fl\xbdQ\xf6\xdb\x8b\xa0n\xe9k\xad*H\xd8\xc6" +
+	"2\xcb9\x9d&\x1a\x8enT\xd8E\x1b\xe4\x86+\xc6" +
+	"Z\x96_\x82F\xce\xcc\xebF\x01.\xeak\xc4KM" +
+	"\x99b\x85\x1a\x8ff\x8c=\xd3\xc9sZ@\xe0\xd0E" +
+	"e\x87\xdc\x12M\x07Zs|U\xab\xc54;\xd6\xd8" +
+	"Np\x9a?\x15\xf5\x82\xcc\x9b\x04\xd4\x00\x84OZ\x18" +
+	"<\x0b\xc8'6\x81 ?&a\xf4\x9a\x82\xc1\xe3\x89" +
+	"\xfc\x90\x05\x82|@B!|k\xc4\xe0\x9dP\xde5" +
+	"\x0a\x82\xbcSB1|\xfe\xc3`\xe6.\x8ft\x80 " +
+	"\x97$L\x84o\xa1\x18\x0c\xece\x8dJ\xab;%\xac" +
+	"\x09\x1f\x161x\x15\x92o\xdb\x0e\x82\xbcDr\x83\x0e" +
+	"\x0aZ=1\xda\xd0\x0d\x00\x032\x1c2\xda\xd0\x0d\xe6" +
+	"T\x18tZ\x00m\xb8\xc5\x87\xe76t\x83I-$" +
+	"s\x9a\xc3\xda\xa8=\xf5>\xa2\x0f\xde\xd0\x86\xf1\x09\xa8" +
+	"x\xa9\x9eh\xfc\xda\xba#\xaa\xff\xc2\x11\xd6hT\xfe" +
+	"\x85}\xe8\x9e\xc7\xe3\xa5\xb5?N9\xb4\xdd\x1f\xc6\x9c" +
+	"\x8c\x8dSNP\xbd}RD\xf5\x0d!*\x1a\x02\x9f" +
+	"\x0e\x86\x86hZAc<\xc1\xec\xd0\xf7|\xbf\xec\xad" +
+	"\x9e \xbays\x98\x97\xc5\xe8meC\x94\x0e\xe2c" +
+	"\xc5\xa9\xb1\xb1\"\x06-\xb94&{\xc4\x87\x8cS/" +
+	"\xd3\xdf\xc5\x1bL\x9e\xce\x12\xdc%\x83GT\x0c\x1e\xbc" +
+	"e\x99\\\xabAr\x83&\x14\x83\\\x08U&\xbb\xca" +
+	"N\xbc\x97e\xfe;\xc9z\x1c\x07\xf1\xceI\x92Gz" +
+	"\x02\x85\xfb\xae\x89\x8d\xf6\x8a\xa6\xdfD&W\xc4\xfb\x80" +
+	"\x09t\xe5]8\xa8\xda\x93\xb4\x98\xf6\xffZ\xb8\xff\xe9" +
+	"\x99\xb1\xd1[\xe0\x7fo\x12\xf1\x0d\x11\xd5wb\xad\xdd" +
+	"\xdb\xcb\x00\xd4\xb7DT?\x89^\x94>\"G\xfdD" +
+	"\xc4\xdeX\x89.\x7fA\x8c\x9fS!\x1bOX5\xf8" +
+	"\x00@\xb6\x96\x12D\x9a'\xac\x84\x97\xb0d\x1c\x04\xc8" +
+	"\xa6\x88>=^\xa07\xe1\x00@\xb6\x91\xe8\xb3\xd1\xef" +
+	"\xc8\x83\xd7\xa8\x8a\x15\x81{\xd1,,\xd7\x8dq\xab\xbe" +
+	"\xe0\x89\x0b\x1d\x82\xcc\x8aE\xb8?\x16_\xbb\x17\xc7\xea" +
+	"\xe0p\xec\x84\xcc\xcaR\x88\xe7\xd1\x0e\xc79W1\xfd" +
+	"\x9d\xc0\x1cY?\xf8\xbc\xd8\xf3k\x89\xd80\xe0Xl" +
+	"N\x16\x18C}\xce\x9f?\xdd\x1d3\xc6w\x06\x01\xd4" +
+	"\xd5\"\xaa\xc3\x02\x07(\xb3\xbf\x9c\xd7\xd0aK-\xb6" +
+	"\xae\xc2$#7\x125\xc5\xd4\x16\xe6\xec~,SA" +
+	"\xbe\xd4b\xad\xeb*,\xce\x10\xbcv\x80\xa4\x9b\xf9\x8b" +
+	"\x9e9\xc6\xa9,og\x83Y3\xb7\x969c^\x81" +
+	"\xaa^*{\xa3\xa7\x8e\xf0\xa1\xb27\xfeP\xe9\xc3\xda" +
+	":r\xf0\xb2\x88\xea\xe6\x18\xac\x8d\x8cF\x1d\xf5\xf8\xa5" +
+	"\xc4\xffL\xf6\xffJ\x8fuTHKWRd\x86\x7f" +
+	"D\xf4\x15\x07\xfdW\xda\x13DO\xd0W9\x1c\x83\x10" +
+	"k0\xf6'&t\x88\xe0o\xfe_\x01\x00\x00\xff\xff" +
+	"\x86\xbe\xf5t"
 
 func init() {
 	schemas.Register(schema_db8274f9144abc7e,

From 5bd4028ea709486a8867d44b43b9ef964a34a8bc Mon Sep 17 00:00:00 2001
From: Areg Harutyunyan <areg@cloudflare.com>
Date: Fri, 6 Mar 2020 13:49:09 +0000
Subject: [PATCH 017/100] TUN-2761: Use the new header management functions in
 cloudflared

---
 connection/features.go               |  6 +--
 h2mux/header.go                      | 66 -----------------------
 origin/tunnel.go                     |  8 +--
 streamhandler/request.go             |  2 +-
 streamhandler/stream_handler_test.go | 78 ++++++++++++++++++++--------
 5 files changed, 65 insertions(+), 95 deletions(-)

diff --git a/connection/features.go b/connection/features.go
index c10f7cbf..7e555fa4 100644
--- a/connection/features.go
+++ b/connection/features.go
@@ -1,9 +1,9 @@
 package connection
 
 const (
-	FEATURE_SERIALIZED_HEADERS = "serialized_headers"
+	FeatureSerializedHeaders = "serialized_headers"
 )
 
-var SUPPORTED_FEATURES = []string{
-	//FEATURE_SERIALIZED_HEADERS,
+var SupportedFeatures = []string{
+	FeatureSerializedHeaders,
 }
diff --git a/h2mux/header.go b/h2mux/header.go
index 20a878e8..62e71164 100644
--- a/h2mux/header.go
+++ b/h2mux/header.go
@@ -139,72 +139,6 @@ func H1ResponseToH2ResponseHeaders(h1 *http.Response) (h2 []Header) {
 	return h2
 }
 
-// Obsolete version of H2RequestHeadersToH1Request
-func OldH2RequestHeadersToH1Request(h2 []Header, h1 *http.Request) error {
-	for _, header := range h2 {
-		switch header.Name {
-		case ":method":
-			h1.Method = header.Value
-		case ":scheme":
-			// noop - use the preexisting scheme from h1.URL
-		case ":authority":
-			// Otherwise the host header will be based on the origin URL
-			h1.Host = header.Value
-		case ":path":
-			// We don't want to be an "opinionated" proxy, so ideally we would use :path as-is.
-			// However, this HTTP/1 Request object belongs to the Go standard library,
-			// whose URL package makes some opinionated decisions about the encoding of
-			// URL characters: see the docs of https://godoc.org/net/url#URL,
-			// in particular the EscapedPath method https://godoc.org/net/url#URL.EscapedPath,
-			// which is always used when computing url.URL.String(), whether we'd like it or not.
-			//
-			// Well, not *always*. We could circumvent this by using url.URL.Opaque. But
-			// that would present unusual difficulties when using an HTTP proxy: url.URL.Opaque
-			// is treated differently when HTTP_PROXY is set!
-			// See https://github.com/golang/go/issues/5684#issuecomment-66080888
-			//
-			// This means we are subject to the behavior of net/url's function `shouldEscape`
-			// (as invoked with mode=encodePath): https://github.com/golang/go/blob/go1.12.7/src/net/url/url.go#L101
-
-			if header.Value == "*" {
-				h1.URL.Path = "*"
-				continue
-			}
-			// Due to the behavior of validation.ValidateUrl, h1.URL may
-			// already have a partial value, with or without a trailing slash.
-			base := h1.URL.String()
-			base = strings.TrimRight(base, "/")
-			// But we know :path begins with '/', because we handled '*' above - see RFC7540
-			url, err := url.Parse(base + header.Value)
-			if err != nil {
-				return errors.Wrap(err, fmt.Sprintf("invalid path '%v'", header.Value))
-			}
-			h1.URL = url
-		case "content-length":
-			contentLength, err := strconv.ParseInt(header.Value, 10, 64)
-			if err != nil {
-				return fmt.Errorf("unparseable content length")
-			}
-			h1.ContentLength = contentLength
-		default:
-			h1.Header.Add(http.CanonicalHeaderKey(header.Name), header.Value)
-		}
-	}
-	return nil
-}
-
-// Obsolete version of H1ResponseToH2ResponseHeaders
-func OldH1ResponseToH2ResponseHeaders(h1 *http.Response) (h2 []Header) {
-	h2 = []Header{{Name: ":status", Value: fmt.Sprintf("%d", h1.StatusCode)}}
-	for headerName, headerValues := range h1.Header {
-		for _, headerValue := range headerValues {
-			h2 = append(h2, Header{Name: strings.ToLower(headerName), Value: headerValue})
-		}
-	}
-
-	return h2
-}
-
 // Serialize HTTP1.x headers by base64-encoding each header name and value,
 // and then joining them in the format of [key:value;]
 func SerializeHeaders(h1Headers http.Header) string {
diff --git a/origin/tunnel.go b/origin/tunnel.go
index 3bc5c3ba..2aaba194 100644
--- a/origin/tunnel.go
+++ b/origin/tunnel.go
@@ -165,7 +165,7 @@ func (c *TunnelConfig) RegistrationOptions(connectionID uint8, OriginLocalIP str
 		RunFromTerminal:      c.RunFromTerminal,
 		CompressionQuality:   c.CompressionQuality,
 		UUID:                 uuid.String(),
-		Features:             connection.SUPPORTED_FEATURES,
+		Features:             connection.SupportedFeatures,
 	}
 }
 
@@ -603,7 +603,7 @@ func (h *TunnelHandler) createRequest(stream *h2mux.MuxedStream) (*http.Request,
 	if err != nil {
 		return nil, errors.Wrap(err, "Unexpected error from http.NewRequest")
 	}
-	err = h2mux.OldH2RequestHeadersToH1Request(stream.Headers, req)
+	err = h2mux.H2RequestHeadersToH1Request(stream.Headers, req)
 	if err != nil {
 		return nil, errors.Wrap(err, "invalid request received")
 	}
@@ -622,7 +622,7 @@ func (h *TunnelHandler) serveWebsocket(stream *h2mux.MuxedStream, req *http.Requ
 		return nil, err
 	}
 	defer conn.Close()
-	err = stream.WriteHeaders(h2mux.OldH1ResponseToH2ResponseHeaders(response))
+	err = stream.WriteHeaders(h2mux.H1ResponseToH2ResponseHeaders(response))
 	if err != nil {
 		return nil, errors.Wrap(err, "Error writing response header")
 	}
@@ -656,7 +656,7 @@ func (h *TunnelHandler) serveHTTP(stream *h2mux.MuxedStream, req *http.Request)
 	}
 	defer response.Body.Close()
 
-	err = stream.WriteHeaders(h2mux.OldH1ResponseToH2ResponseHeaders(response))
+	err = stream.WriteHeaders(h2mux.H1ResponseToH2ResponseHeaders(response))
 	if err != nil {
 		return nil, errors.Wrap(err, "Error writing response header")
 	}
diff --git a/streamhandler/request.go b/streamhandler/request.go
index 52d69bc2..b6bb55d3 100644
--- a/streamhandler/request.go
+++ b/streamhandler/request.go
@@ -26,7 +26,7 @@ func createRequest(stream *h2mux.MuxedStream, url *url.URL) (*http.Request, erro
 	if err != nil {
 		return nil, errors.Wrap(err, "unexpected error from http.NewRequest")
 	}
-	err = h2mux.OldH2RequestHeadersToH1Request(stream.Headers, req)
+	err = h2mux.H2RequestHeadersToH1Request(stream.Headers, req)
 	if err != nil {
 		return nil, errors.Wrap(err, "invalid request received")
 	}
diff --git a/streamhandler/stream_handler_test.go b/streamhandler/stream_handler_test.go
index af1eb45b..721f5a6c 100644
--- a/streamhandler/stream_handler_test.go
+++ b/streamhandler/stream_handler_test.go
@@ -31,11 +31,11 @@ var (
 		{Name: ":scheme", Value: "http"},
 		{Name: ":authority", Value: "example.com"},
 		{Name: ":path", Value: "/"},
+
+		// Regular headers must always come after the pseudoheaders
+		{Name: h2mux.RequestUserHeadersField, Value: ""},
 	}
-	tunnelHostnameHeader = h2mux.Header{
-		Name:  h2mux.CloudflaredProxyTunnelHostnameHeader,
-		Value: testTunnelHostname.String(),
-	}
+	tunnelHostnameHeader = h2mux.Header{Name: h2mux.CloudflaredProxyTunnelHostnameHeader, Value: testTunnelHostname.String()}
 )
 
 func TestServeRequest(t *testing.T) {
@@ -69,29 +69,73 @@ func TestServeRequest(t *testing.T) {
 	assertRespBody(t, message, stream)
 }
 
-func TestServeBadRequest(t *testing.T) {
+func createStreamHandler() *StreamHandler {
 	configChan := make(chan *pogs.ClientConfig)
 	useConfigResultChan := make(chan *pogs.UseConfigurationResult)
-	streamHandler := NewStreamHandler(configChan, useConfigResultChan, logrus.New())
 
+	return NewStreamHandler(configChan, useConfigResultChan, logrus.New())
+}
+
+func createRequestMuxPair(t *testing.T, streamHandler *StreamHandler) *DefaultMuxerPair {
 	muxPair := NewDefaultMuxerPair(t, streamHandler)
 	muxPair.Serve(t)
 
+	return muxPair
+}
+
+func TestServeStatusBadRequest(t *testing.T) {
 	ctx, cancel := context.WithTimeout(context.Background(), testOpenStreamTimeout)
 	defer cancel()
 
 	// No tunnel hostname header, expect to get 400 Bad Request
-	stream, err := muxPair.EdgeMux.OpenStream(ctx, baseHeaders, nil)
+	stream, err := createRequestMuxPair(t, createStreamHandler()).EdgeMux.OpenStream(ctx, baseHeaders, nil)
 	assert.NoError(t, err)
 	assertStatusHeader(t, http.StatusBadRequest, stream.Headers)
 	assertRespBody(t, statusBadRequest.text, stream)
+}
+
+func TestServeInvalidContentLength(t *testing.T) {
+	ctx, cancel := context.WithTimeout(context.Background(), testOpenStreamTimeout)
+	defer cancel()
+
+	// Invalid content-length, wouldn't be able to create a request
+	// Expect to get 400 Bad Request
+	headers := append(baseHeaders, tunnelHostnameHeader)
+	headers = append(headers, h2mux.Header{
+		Name:  "content-length",
+		Value: "x",
+	})
+	streamHandler := createStreamHandler()
+	streamHandler.UpdateConfig([]*pogs.ReverseProxyConfig{
+		{
+			TunnelHostname: testTunnelHostname,
+			OriginConfig: &pogs.HTTPOriginConfig{
+				URLString: "",
+			},
+		},
+	})
+	mux := createRequestMuxPair(t, streamHandler).EdgeMux
+	stream, err := mux.OpenStream(ctx, headers, nil)
+	assert.NoError(t, err)
+	assertStatusHeader(t, http.StatusBadRequest, stream.Headers)
+	assertRespBody(t, statusBadRequest.text, stream)
+}
+
+func TestServeStatusNotFound(t *testing.T) {
+	ctx, cancel := context.WithTimeout(context.Background(), testOpenStreamTimeout)
+	defer cancel()
 
 	// No mapping for the tunnel hostname, expect to get 404 Not Found
 	headers := append(baseHeaders, tunnelHostnameHeader)
-	stream, err = muxPair.EdgeMux.OpenStream(ctx, headers, nil)
+	stream, err := createRequestMuxPair(t, createStreamHandler()).EdgeMux.OpenStream(ctx, headers, nil)
 	assert.NoError(t, err)
 	assertStatusHeader(t, http.StatusNotFound, stream.Headers)
 	assertRespBody(t, statusNotFound.text, stream)
+}
+
+func TestServeStatusBadGateway(t *testing.T) {
+	ctx, cancel := context.WithTimeout(context.Background(), testOpenStreamTimeout)
+	defer cancel()
 
 	// Nothing listening on empty url, so proxy would fail. Expect to get 502 Bad Gateway
 	reverseProxyConfigs := []*pogs.ReverseProxyConfig{
@@ -102,21 +146,13 @@ func TestServeBadRequest(t *testing.T) {
 			},
 		},
 	}
+	streamHandler := createStreamHandler()
 	streamHandler.UpdateConfig(reverseProxyConfigs)
-	stream, err = muxPair.EdgeMux.OpenStream(ctx, headers, nil)
+	headers := append(baseHeaders, tunnelHostnameHeader)
+	stream, err := createRequestMuxPair(t, streamHandler).EdgeMux.OpenStream(ctx, headers, nil)
 	assert.NoError(t, err)
 	assertStatusHeader(t, http.StatusBadGateway, stream.Headers)
 	assertRespBody(t, statusBadGateway.text, stream)
-
-	// Invalid content-length, wouldn't not be able to create a request. Expect to get 400 Bad Request
-	headers = append(headers, h2mux.Header{
-		Name:  "content-length",
-		Value: "x",
-	})
-	stream, err = muxPair.EdgeMux.OpenStream(ctx, headers, nil)
-	assert.NoError(t, err)
-	assertStatusHeader(t, http.StatusBadRequest, stream.Headers)
-	assertRespBody(t, statusBadRequest.text, stream)
 }
 
 func assertStatusHeader(t *testing.T, expectedStatus int, headers []h2mux.Header) {
@@ -218,6 +254,6 @@ type mockHTTPHandler struct {
 	message []byte
 }
 
-func (mth *mockHTTPHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	w.Write(mth.message)
+func (mth *mockHTTPHandler) ServeHTTP(w http.ResponseWriter, _ *http.Request) {
+	_, _ = w.Write(mth.message)
 }

From db9b6541d0e37826e50e5fa39b7918026e433378 Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Tue, 10 Mar 2020 01:36:14 -0500
Subject: [PATCH 018/100] TUN-2797: Fix panic in SetConnDigest by making
 mutexes values.

---
 origin/supervisor.go | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/origin/supervisor.go b/origin/supervisor.go
index 1855151f..1c7e7dfe 100644
--- a/origin/supervisor.go
+++ b/origin/supervisor.go
@@ -59,13 +59,13 @@ type Supervisor struct {
 
 	logger *logrus.Entry
 
-	jwtLock *sync.RWMutex
+	jwtLock sync.RWMutex
 	jwt     []byte
 
-	eventDigestLock *sync.RWMutex
+	eventDigestLock sync.RWMutex
 	eventDigest     []byte
 
-	connDigestLock *sync.RWMutex
+	connDigestLock sync.RWMutex
 	connDigest     []byte
 
 	bufferPool *buffer.Pool
@@ -101,8 +101,6 @@ func NewSupervisor(config *TunnelConfig, u uuid.UUID) (*Supervisor, error) {
 		tunnelErrors:      make(chan tunnelError),
 		tunnelsConnecting: map[int]chan struct{}{},
 		logger:            config.Logger.WithField("subsystem", "supervisor"),
-		jwtLock:           &sync.RWMutex{},
-		eventDigestLock:   &sync.RWMutex{},
 		bufferPool:        buffer.NewPool(512 * 1024),
 	}, nil
 }

From 5376df543908b7b8cbe4dfbfa14d26787fd2b027 Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Fri, 6 Mar 2020 17:25:34 -0600
Subject: [PATCH 019/100] TUN-2788: cloudflared should store one ConnDigest per
 HA connection

---
 origin/supervisor.go | 17 +++++++++--------
 origin/tunnel.go     |  8 ++++----
 2 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/origin/supervisor.go b/origin/supervisor.go
index 1c7e7dfe..1cb7c336 100644
--- a/origin/supervisor.go
+++ b/origin/supervisor.go
@@ -39,7 +39,6 @@ const (
 var (
 	errJWTUnset         = errors.New("JWT unset")
 	errEventDigestUnset = errors.New("event digest unset")
-	errConnDigestUnset  = errors.New("conn digest unset")
 )
 
 // Supervisor manages non-declarative tunnels. Establishes TCP connections with the edge, and
@@ -66,7 +65,7 @@ type Supervisor struct {
 	eventDigest     []byte
 
 	connDigestLock sync.RWMutex
-	connDigest     []byte
+	connDigest     map[uint8][]byte
 
 	bufferPool *buffer.Pool
 }
@@ -101,6 +100,7 @@ func NewSupervisor(config *TunnelConfig, u uuid.UUID) (*Supervisor, error) {
 		tunnelErrors:      make(chan tunnelError),
 		tunnelsConnecting: map[int]chan struct{}{},
 		logger:            config.Logger.WithField("subsystem", "supervisor"),
+		connDigest:        make(map[uint8][]byte),
 		bufferPool:        buffer.NewPool(512 * 1024),
 	}, nil
 }
@@ -334,19 +334,20 @@ func (s *Supervisor) SetEventDigest(eventDigest []byte) {
 	s.eventDigest = eventDigest
 }
 
-func (s *Supervisor) ConnDigest() ([]byte, error) {
+func (s *Supervisor) ConnDigest(connID uint8) ([]byte, error) {
 	s.connDigestLock.RLock()
 	defer s.connDigestLock.RUnlock()
-	if s.connDigest == nil {
-		return nil, errConnDigestUnset
+	digest, ok := s.connDigest[connID]
+	if !ok {
+		return nil, fmt.Errorf("no connection digest for connection %v", connID)
 	}
-	return s.connDigest, nil
+	return digest, nil
 }
 
-func (s *Supervisor) SetConnDigest(connDigest []byte) {
+func (s *Supervisor) SetConnDigest(connID uint8, connDigest []byte) {
 	s.connDigestLock.Lock()
 	defer s.connDigestLock.Unlock()
-	s.connDigest = connDigest
+	s.connDigest[connID] = connDigest
 }
 
 func (s *Supervisor) refreshAuth(
diff --git a/origin/tunnel.go b/origin/tunnel.go
index 2aaba194..55a9e4c1 100644
--- a/origin/tunnel.go
+++ b/origin/tunnel.go
@@ -95,8 +95,8 @@ type ReconnectTunnelCredentialManager interface {
 	ReconnectToken() ([]byte, error)
 	EventDigest() ([]byte, error)
 	SetEventDigest(eventDigest []byte)
-	ConnDigest() ([]byte, error)
-	SetConnDigest(connDigest []byte)
+	ConnDigest(connID uint8) ([]byte, error)
+	SetConnDigest(connID uint8, connDigest []byte)
 }
 
 type dupConnRegisterTunnelError struct{}
@@ -286,7 +286,7 @@ func ServeTunnel(
 
 				// check if we can use Quick Reconnects
 				if config.UseQuickReconnects {
-					if digest, connDigestErr := credentialManager.ConnDigest(); connDigestErr == nil {
+					if digest, connDigestErr := credentialManager.ConnDigest(connectionID); connDigestErr == nil {
 						connDigest = digest
 					}
 				}
@@ -392,7 +392,7 @@ func RegisterTunnel(
 		return processRegisterTunnelError(registrationErr, config.Metrics, register)
 	}
 	credentialManager.SetEventDigest(registration.EventDigest)
-	credentialManager.SetConnDigest(registration.ConnDigest)
+	credentialManager.SetConnDigest(connectionID, registration.ConnDigest)
 	return processRegistrationSuccess(config, logger, connectionID, registration, register)
 }
 

From 35cee131757e56b2766529121362755fce6355c3 Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Fri, 13 Mar 2020 12:09:21 -0500
Subject: [PATCH 020/100] TUN-2807: cloudflared hello-world shouldn't assume
 it's my first tunnel

---
 hello/hello.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hello/hello.go b/hello/hello.go
index c67bb1e9..882361de 100644
--- a/hello/hello.go
+++ b/hello/hello.go
@@ -56,7 +56,7 @@ const indexTemplate = `
           <path class="st2" d="M93.6 12.8h-.5c-.1 0-.2.1-.3.2l-.7 2.4c-.3 1-.2 2 .3 2.6.5.6 1.2 1 2.1 1.1l3.7.2c.1 0 .2.1.3.1.1.1.1.2 0 .3-.1.2-.2.3-.4.3l-3.8.2c-2.1.1-4.3 1.8-5.1 3.8l-.2.9c-.1.1 0 .3.2.3h13.2c.2 0 .3-.1.3-.3.2-.8.4-1.7.4-2.6 0-5.2-4.3-9.5-9.5-9.5"/>
           <path class="st3" d="M104.4 30.8c-.5 0-.9-.4-.9-.9s.4-.9.9-.9.9.4.9.9-.4.9-.9.9m0-1.6c-.4 0-.7.3-.7.7 0 .4.3.7.7.7.4 0 .7-.3.7-.7 0-.4-.3-.7-.7-.7m.4 1.2h-.2l-.2-.3h-.2v.3h-.2v-.9h.5c.2 0 .3.1.3.3 0 .1-.1.2-.2.3l.2.3zm-.3-.5c.1 0 .1 0 .1-.1s-.1-.1-.1-.1h-.3v.3h.3zM14.8 29H17v6h3.8v1.9h-6zM23.1 32.9c0-2.3 1.8-4.1 4.3-4.1s4.2 1.8 4.2 4.1-1.8 4.1-4.3 4.1c-2.4 0-4.2-1.8-4.2-4.1m6.3 0c0-1.2-.8-2.2-2-2.2s-2 1-2 2.1.8 2.1 2 2.1c1.2.2 2-.8 2-2M34.3 33.4V29h2.2v4.4c0 1.1.6 1.7 1.5 1.7s1.5-.5 1.5-1.6V29h2.2v4.4c0 2.6-1.5 3.7-3.7 3.7-2.3-.1-3.7-1.2-3.7-3.7M45 29h3.1c2.8 0 4.5 1.6 4.5 3.9s-1.7 4-4.5 4h-3V29zm3.1 5.9c1.3 0 2.2-.7 2.2-2s-.9-2-2.2-2h-.9v4h.9zM55.7 29H62v1.9h-4.1v1.3h3.7V34h-3.7v2.9h-2.2zM65.1 29h2.2v6h3.8v1.9h-6zM76.8 28.9H79l3.4 8H80l-.6-1.4h-3.1l-.6 1.4h-2.3l3.4-8zm2 4.9l-.9-2.2-.9 2.2h1.8zM85.2 29h3.7c1.2 0 2 .3 2.6.9.5.5.7 1.1.7 1.8 0 1.2-.6 2-1.6 2.4l1.9 2.8H90l-1.6-2.4h-1v2.4h-2.2V29zm3.6 3.8c.7 0 1.2-.4 1.2-.9 0-.6-.5-.9-1.2-.9h-1.4v1.9h1.4zM95.3 29h6.4v1.8h-4.2V32h3.8v1.8h-3.8V35h4.3v1.9h-6.5zM10 33.9c-.3.7-1 1.2-1.8 1.2-1.2 0-2-1-2-2.1s.8-2.1 2-2.1c.9 0 1.6.6 1.9 1.3h2.3c-.4-1.9-2-3.3-4.2-3.3-2.4 0-4.3 1.8-4.3 4.1s1.8 4.1 4.2 4.1c2.1 0 3.7-1.4 4.2-3.2H10z"/>
         </svg>
-        <h1 class="f4 f2-ns mt5 fw5">Congrats! You created your first tunnel!</h1>
+        <h1 class="f4 f2-ns mt5 fw5">Congrats! You created a tunnel!</h1>
         <p class="f6 f5-m f4-l measure lh-copy fw3">
           Argo Tunnel exposes locally running applications to the internet by
           running an encrypted, virtual tunnel from your laptop or server to

From e8f55cc911bec7907b09fbc6eab242e370d48f04 Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Fri, 13 Mar 2020 17:31:03 -0500
Subject: [PATCH 021/100] TUN-2756: Set connection digest after reconnect.

Previously it was only being set after RegisterTunnel.
---
 origin/tunnel.go | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/origin/tunnel.go b/origin/tunnel.go
index 55a9e4c1..26e4e4ae 100644
--- a/origin/tunnel.go
+++ b/origin/tunnel.go
@@ -290,7 +290,7 @@ func ServeTunnel(
 						connDigest = digest
 					}
 				}
-				return ReconnectTunnel(serveCtx, token, eventDigest, connDigest, handler.muxer, config, logger, connectionID, originLocalIP, u)
+				return ReconnectTunnel(serveCtx, token, eventDigest, connDigest, handler.muxer, config, logger, connectionID, originLocalIP, u, credentialManager)
 			}
 			// log errors and proceed to RegisterTunnel
 			if tokenErr != nil {
@@ -392,8 +392,7 @@ func RegisterTunnel(
 		return processRegisterTunnelError(registrationErr, config.Metrics, register)
 	}
 	credentialManager.SetEventDigest(registration.EventDigest)
-	credentialManager.SetConnDigest(connectionID, registration.ConnDigest)
-	return processRegistrationSuccess(config, logger, connectionID, registration, register)
+	return processRegistrationSuccess(config, logger, connectionID, registration, register, credentialManager)
 }
 
 func ReconnectTunnel(
@@ -406,6 +405,7 @@ func ReconnectTunnel(
 	connectionID uint8,
 	originLocalIP string,
 	uuid uuid.UUID,
+	credentialManager ReconnectTunnelCredentialManager,
 ) error {
 	config.TransportLogger.Debug("initiating RPC stream to reconnect")
 	tunnelServer, err := connection.NewRPCClient(ctx, muxer, config.TransportLogger.WithField("subsystem", "rpc-reconnect"), openStreamTimeout)
@@ -431,10 +431,17 @@ func ReconnectTunnel(
 		// ReconnectTunnel RPC failure
 		return processRegisterTunnelError(registrationErr, config.Metrics, reconnect)
 	}
-	return processRegistrationSuccess(config, logger, connectionID, registration, reconnect)
+	return processRegistrationSuccess(config, logger, connectionID, registration, reconnect, credentialManager)
 }
 
-func processRegistrationSuccess(config *TunnelConfig, logger *log.Entry, connectionID uint8, registration *tunnelpogs.TunnelRegistration, name registerRPCName) error {
+func processRegistrationSuccess(
+	config *TunnelConfig,
+	logger *log.Entry,
+	connectionID uint8,
+	registration *tunnelpogs.TunnelRegistration,
+	name registerRPCName,
+	credentialManager ReconnectTunnelCredentialManager,
+) error {
 	for _, logLine := range registration.LogLines {
 		logger.Info(logLine)
 	}
@@ -456,6 +463,7 @@ func processRegistrationSuccess(config *TunnelConfig, logger *log.Entry, connect
 		}
 	}
 
+	credentialManager.SetConnDigest(connectionID, registration.ConnDigest)
 	config.Metrics.userHostnamesCounts.WithLabelValues(registration.Url).Inc()
 
 	logger.Infof("Route propagating, it may take up to 1 minute for your new route to become functional")

From 0cf6ce9aebaa8e1052662a686f928f39c2a53dc1 Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Mon, 16 Mar 2020 15:49:04 -0500
Subject: [PATCH 022/100] TUN-2812: Tunnel proxies and RPCs can share an edge
 address

---
 edgediscovery/allregions/regions.go |  4 ++--
 edgediscovery/edgediscovery_test.go | 18 ++++++++++++++++++
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/edgediscovery/allregions/regions.go b/edgediscovery/allregions/regions.go
index 8a883523..62d30130 100644
--- a/edgediscovery/allregions/regions.go
+++ b/edgediscovery/allregions/regions.go
@@ -68,8 +68,8 @@ func NewNoResolve(addrs []*net.TCPAddr) *Regions {
 
 // GetAnyAddress returns an arbitrary address from the larger region.
 func (rs *Regions) GetAnyAddress() *net.TCPAddr {
-	if rs.region1.AvailableAddrs() > rs.region2.AvailableAddrs() {
-		return rs.region1.GetAnyAddress()
+	if addr := rs.region1.GetAnyAddress(); addr != nil {
+		return addr
 	}
 	return rs.region2.GetAnyAddress()
 }
diff --git a/edgediscovery/edgediscovery_test.go b/edgediscovery/edgediscovery_test.go
index e25dc1bc..0fbc90db 100644
--- a/edgediscovery/edgediscovery_test.go
+++ b/edgediscovery/edgediscovery_test.go
@@ -47,6 +47,24 @@ func TestGiveBack(t *testing.T) {
 	edge.GiveBack(addr)
 	assert.Equal(t, 4, edge.AvailableAddrs())
 }
+
+func TestRPCAndProxyShareSingleEdgeIP(t *testing.T) {
+	l := logrus.New()
+
+	// Make an edge with a single IP
+	edge := MockEdge(l, []*net.TCPAddr{&addr0})
+	tunnelConnID := 0
+
+	// Use the IP for a tunnel
+	addrTunnel, err := edge.GetAddr(tunnelConnID)
+	assert.NoError(t, err)
+
+	// Ensure the IP can be used for RPC too
+	addrRPC, err := edge.GetAddrForRPC()
+	assert.NoError(t, err)
+	assert.Equal(t, addrTunnel, addrRPC)
+}
+
 func TestGetAddrForRPC(t *testing.T) {
 	l := logrus.New()
 	edge := MockEdge(l, []*net.TCPAddr{&addr0, &addr1, &addr2, &addr3})

From d03469b6d3467d2e79b741bdb9dc9bdfdacaaf6f Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Wed, 18 Mar 2020 09:53:24 -0500
Subject: [PATCH 023/100] TUN-2816: cloudflared metrics server should be more
 discoverable

---
 metrics/metrics.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/metrics/metrics.go b/metrics/metrics.go
index f2dfd7f0..89510d07 100644
--- a/metrics/metrics.go
+++ b/metrics/metrics.go
@@ -43,7 +43,7 @@ func ServeMetrics(l net.Listener, shutdownC <-chan struct{}, logger *logrus.Logg
 		defer wg.Done()
 		err = server.Serve(l)
 	}()
-	logger.WithField("addr", l.Addr()).Info("Starting metrics server")
+	logger.WithField("addr", fmt.Sprintf("%v/metrics", l.Addr())).Info("Starting metrics server")
 	// server.Serve will hang if server.Shutdown is called before the server is
 	// fully started up. So add artificial delay.
 	time.Sleep(startupTime)

From 96f11de7ab15425d7a118fec5599c8fe87d280c0 Mon Sep 17 00:00:00 2001
From: Areg Harutyunyan <areg@cloudflare.com>
Date: Thu, 19 Mar 2020 01:39:59 +0000
Subject: [PATCH 024/100] TUN-2820: Serialized headers for Websockets

---
 h2mux/header.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/h2mux/header.go b/h2mux/header.go
index 62e71164..4a853c09 100644
--- a/h2mux/header.go
+++ b/h2mux/header.go
@@ -103,7 +103,8 @@ func ParseUserHeaders(headerNameToParseFrom string, headers []Header) ([]Header,
 func IsControlHeader(headerName string) bool {
 	headerName = strings.ToLower(headerName)
 
-	return strings.ToLower(headerName) == "content-length" ||
+	return headerName == "content-length" ||
+		headerName == "connection" || headerName == "upgrade" || // Websocket headers
 		strings.HasPrefix(headerName, ":") ||
 		strings.HasPrefix(headerName, "cf-")
 }

From 6dcf3a4cbca09e6770fe126fb1dc1d4f22059fcc Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Thu, 19 Mar 2020 10:38:28 -0500
Subject: [PATCH 025/100] TUN-2819: cloudflared should close its connections
 when a signal is sent

---
 cmd/cloudflared/tunnel/cmd.go |  8 +++++++-
 origin/supervisor.go          | 23 ++++++++++++-----------
 origin/tunnel.go              | 13 +++++++++++--
 3 files changed, 30 insertions(+), 14 deletions(-)

diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index dfd326d6..9a43fb46 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -7,10 +7,12 @@ import (
 	"net"
 	"net/url"
 	"os"
+	ossig "os/signal"
 	"reflect"
 	"runtime"
 	"runtime/trace"
 	"sync"
+	"syscall"
 	"time"
 
 	"github.com/cloudflare/cloudflared/awsuploader"
@@ -399,10 +401,14 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 		return err
 	}
 
+	// When the user sends SIGUSR1, disconnect all connections.
+	reconnectCh := make(chan os.Signal, 1)
+	ossig.Notify(reconnectCh, syscall.SIGUSR1)
+
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		errC <- origin.StartTunnelDaemon(ctx, tunnelConfig, connectedSignal, cloudflaredID)
+		errC <- origin.StartTunnelDaemon(ctx, tunnelConfig, connectedSignal, cloudflaredID, reconnectCh)
 	}()
 
 	return waitToShutdown(&wg, errC, shutdownC, graceShutdownC, c.Duration("grace-period"))
diff --git a/origin/supervisor.go b/origin/supervisor.go
index 1cb7c336..8c3a672e 100644
--- a/origin/supervisor.go
+++ b/origin/supervisor.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"net"
+	"os"
 	"sync"
 	"time"
 
@@ -105,9 +106,9 @@ func NewSupervisor(config *TunnelConfig, u uuid.UUID) (*Supervisor, error) {
 	}, nil
 }
 
-func (s *Supervisor) Run(ctx context.Context, connectedSignal *signal.Signal) error {
+func (s *Supervisor) Run(ctx context.Context, connectedSignal *signal.Signal, reconnectCh chan os.Signal) error {
 	logger := s.config.Logger
-	if err := s.initialize(ctx, connectedSignal); err != nil {
+	if err := s.initialize(ctx, connectedSignal, reconnectCh); err != nil {
 		return err
 	}
 	var tunnelsWaiting []int
@@ -157,7 +158,7 @@ func (s *Supervisor) Run(ctx context.Context, connectedSignal *signal.Signal) er
 		case <-backoffTimer:
 			backoffTimer = nil
 			for _, index := range tunnelsWaiting {
-				go s.startTunnel(ctx, index, s.newConnectedTunnelSignal(index))
+				go s.startTunnel(ctx, index, s.newConnectedTunnelSignal(index), reconnectCh)
 			}
 			tunnelsActive += len(tunnelsWaiting)
 			tunnelsWaiting = nil
@@ -191,7 +192,7 @@ func (s *Supervisor) Run(ctx context.Context, connectedSignal *signal.Signal) er
 }
 
 // Returns nil if initialization succeeded, else the initialization error.
-func (s *Supervisor) initialize(ctx context.Context, connectedSignal *signal.Signal) error {
+func (s *Supervisor) initialize(ctx context.Context, connectedSignal *signal.Signal, reconnectCh chan os.Signal) error {
 	logger := s.logger
 
 	s.lastResolve = time.Now()
@@ -201,7 +202,7 @@ func (s *Supervisor) initialize(ctx context.Context, connectedSignal *signal.Sig
 		s.config.HAConnections = availableAddrs
 	}
 
-	go s.startFirstTunnel(ctx, connectedSignal)
+	go s.startFirstTunnel(ctx, connectedSignal, reconnectCh)
 	select {
 	case <-ctx.Done():
 		<-s.tunnelErrors
@@ -213,7 +214,7 @@ func (s *Supervisor) initialize(ctx context.Context, connectedSignal *signal.Sig
 	// At least one successful connection, so start the rest
 	for i := 1; i < s.config.HAConnections; i++ {
 		ch := signal.New(make(chan struct{}))
-		go s.startTunnel(ctx, i, ch)
+		go s.startTunnel(ctx, i, ch, reconnectCh)
 		time.Sleep(registrationInterval)
 	}
 	return nil
@@ -221,7 +222,7 @@ func (s *Supervisor) initialize(ctx context.Context, connectedSignal *signal.Sig
 
 // startTunnel starts the first tunnel connection. The resulting error will be sent on
 // s.tunnelErrors. It will send a signal via connectedSignal if registration succeed
-func (s *Supervisor) startFirstTunnel(ctx context.Context, connectedSignal *signal.Signal) {
+func (s *Supervisor) startFirstTunnel(ctx context.Context, connectedSignal *signal.Signal, reconnectCh chan os.Signal) {
 	var (
 		addr *net.TCPAddr
 		err  error
@@ -236,7 +237,7 @@ func (s *Supervisor) startFirstTunnel(ctx context.Context, connectedSignal *sign
 		return
 	}
 
-	err = ServeTunnelLoop(ctx, s, s.config, addr, thisConnID, connectedSignal, s.cloudflaredUUID, s.bufferPool)
+	err = ServeTunnelLoop(ctx, s, s.config, addr, thisConnID, connectedSignal, s.cloudflaredUUID, s.bufferPool, reconnectCh)
 	// If the first tunnel disconnects, keep restarting it.
 	edgeErrors := 0
 	for s.unusedIPs() {
@@ -259,13 +260,13 @@ func (s *Supervisor) startFirstTunnel(ctx context.Context, connectedSignal *sign
 				return
 			}
 		}
-		err = ServeTunnelLoop(ctx, s, s.config, addr, thisConnID, connectedSignal, s.cloudflaredUUID, s.bufferPool)
+		err = ServeTunnelLoop(ctx, s, s.config, addr, thisConnID, connectedSignal, s.cloudflaredUUID, s.bufferPool, reconnectCh)
 	}
 }
 
 // startTunnel starts a new tunnel connection. The resulting error will be sent on
 // s.tunnelErrors.
-func (s *Supervisor) startTunnel(ctx context.Context, index int, connectedSignal *signal.Signal) {
+func (s *Supervisor) startTunnel(ctx context.Context, index int, connectedSignal *signal.Signal, reconnectCh chan os.Signal) {
 	var (
 		addr *net.TCPAddr
 		err  error
@@ -278,7 +279,7 @@ func (s *Supervisor) startTunnel(ctx context.Context, index int, connectedSignal
 	if err != nil {
 		return
 	}
-	err = ServeTunnelLoop(ctx, s, s.config, addr, uint8(index), connectedSignal, s.cloudflaredUUID, s.bufferPool)
+	err = ServeTunnelLoop(ctx, s, s.config, addr, uint8(index), connectedSignal, s.cloudflaredUUID, s.bufferPool, reconnectCh)
 }
 
 func (s *Supervisor) newConnectedTunnelSignal(index int) *signal.Signal {
diff --git a/origin/tunnel.go b/origin/tunnel.go
index 26e4e4ae..6f0bd2b4 100644
--- a/origin/tunnel.go
+++ b/origin/tunnel.go
@@ -9,6 +9,7 @@ import (
 	"net"
 	"net/http"
 	"net/url"
+	"os"
 	"strconv"
 	"strings"
 	"sync"
@@ -169,12 +170,12 @@ func (c *TunnelConfig) RegistrationOptions(connectionID uint8, OriginLocalIP str
 	}
 }
 
-func StartTunnelDaemon(ctx context.Context, config *TunnelConfig, connectedSignal *signal.Signal, cloudflaredID uuid.UUID) error {
+func StartTunnelDaemon(ctx context.Context, config *TunnelConfig, connectedSignal *signal.Signal, cloudflaredID uuid.UUID, reconnectCh chan os.Signal) error {
 	s, err := NewSupervisor(config, cloudflaredID)
 	if err != nil {
 		return err
 	}
-	return s.Run(ctx, connectedSignal)
+	return s.Run(ctx, connectedSignal, reconnectCh)
 }
 
 func ServeTunnelLoop(ctx context.Context,
@@ -185,6 +186,7 @@ func ServeTunnelLoop(ctx context.Context,
 	connectedSignal *signal.Signal,
 	u uuid.UUID,
 	bufferPool *buffer.Pool,
+	reconnectCh chan os.Signal,
 ) error {
 	connectionLogger := config.Logger.WithField("connectionID", connectionID)
 	config.Metrics.incrementHaConnections()
@@ -209,6 +211,7 @@ func ServeTunnelLoop(ctx context.Context,
 			&backoff,
 			u,
 			bufferPool,
+			reconnectCh,
 		)
 		if recoverable {
 			if duration, ok := backoff.GetBackoffDuration(ctx); ok {
@@ -232,6 +235,7 @@ func ServeTunnel(
 	backoff *BackoffHandler,
 	u uuid.UUID,
 	bufferPool *buffer.Pool,
+	reconnectCh chan os.Signal,
 ) (err error, recoverable bool) {
 	// Treat panics as recoverable errors
 	defer func() {
@@ -318,6 +322,11 @@ func ServeTunnel(
 		}
 	})
 
+	errGroup.Go(func() error {
+		<-reconnectCh
+		return fmt.Errorf("received disconnect signal")
+	})
+
 	errGroup.Go(func() error {
 		// All routines should stop when muxer finish serving. When muxer is shutdown
 		// gracefully, it doesn't return an error, so we need to return errMuxerShutdown

From 32df01a9da79cf05b286a2da408fcfe664914334 Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Thu, 19 Mar 2020 17:48:42 -0500
Subject: [PATCH 026/100] TUN-2823: Bugfix. cloudflared would hang forever if
 error occurred.

---
 origin/tunnel.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/origin/tunnel.go b/origin/tunnel.go
index 6f0bd2b4..4b5edefa 100644
--- a/origin/tunnel.go
+++ b/origin/tunnel.go
@@ -323,8 +323,13 @@ func ServeTunnel(
 	})
 
 	errGroup.Go(func() error {
-		<-reconnectCh
-		return fmt.Errorf("received disconnect signal")
+		select {
+		case <-reconnectCh:
+			return fmt.Errorf("received disconnect signal")
+		case <-serveCtx.Done():
+			return nil
+		}
+
 	})
 
 	errGroup.Go(func() error {

From a368fbbe9b4ec7ebe2bd81b0c4903ab444a35ba5 Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Mon, 23 Mar 2020 10:22:58 -0500
Subject: [PATCH 027/100] AUTH-2394 fixed header for websockets. Added TCP
 alias

---
 cmd/cloudflared/access/cmd.go |  2 +-
 cmd/cloudflared/tunnel/cmd.go |  2 ++
 h2mux/header.go               | 17 +++++++++++++++--
 3 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/cmd/cloudflared/access/cmd.go b/cmd/cloudflared/access/cmd.go
index f1c01fe5..1ea949cc 100644
--- a/cmd/cloudflared/access/cmd.go
+++ b/cmd/cloudflared/access/cmd.go
@@ -119,7 +119,7 @@ func Commands() []*cli.Command {
 				{
 					Name:        "ssh",
 					Action:      ssh,
-					Aliases:     []string{"rdp"},
+					Aliases:     []string{"rdp", "tcp"},
 					Usage:       "",
 					ArgsUsage:   "",
 					Description: `The ssh subcommand sends data over a proxy to the Cloudflare edge.`,
diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index 9a43fb46..e901c0bd 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -602,6 +602,8 @@ func hostnameFromURI(uri string) string {
 		return addPortIfMissing(u, 22)
 	case "rdp":
 		return addPortIfMissing(u, 3389)
+	case "tcp":
+		return addPortIfMissing(u, 7864) // just a random port since there isn't a default in this case
 	}
 	return ""
 }
diff --git a/h2mux/header.go b/h2mux/header.go
index 4a853c09..c79846bf 100644
--- a/h2mux/header.go
+++ b/h2mux/header.go
@@ -3,11 +3,12 @@ package h2mux
 import (
 	"encoding/base64"
 	"fmt"
-	"github.com/pkg/errors"
 	"net/http"
 	"net/url"
 	"strconv"
 	"strings"
+
+	"github.com/pkg/errors"
 )
 
 type Header struct {
@@ -71,6 +72,9 @@ func H2RequestHeadersToH1Request(h2 []Header, h1 *http.Request) error {
 				return fmt.Errorf("unparseable content length")
 			}
 			h1.ContentLength = contentLength
+		case "connection", "upgrade":
+			// for websocket header support
+			h1.Header.Add(http.CanonicalHeaderKey(header.Name), header.Value)
 		default:
 			// Ignore any other header;
 			// User headers will be read from `RequestUserHeadersField`
@@ -109,6 +113,15 @@ func IsControlHeader(headerName string) bool {
 		strings.HasPrefix(headerName, "cf-")
 }
 
+// IsWebsocketClientHeader returns true if the header name is required by the client to upgrade properly
+func IsWebsocketClientHeader(headerName string) bool {
+	headerName = strings.ToLower(headerName)
+
+	return headerName == "sec-websocket-accept" ||
+		headerName == "connection" ||
+		headerName == "upgrade"
+}
+
 func H1ResponseToH2ResponseHeaders(h1 *http.Response) (h2 []Header) {
 	h2 = []Header{
 		{Name: ":status", Value: strconv.Itoa(h1.StatusCode)},
@@ -122,7 +135,7 @@ func H1ResponseToH2ResponseHeaders(h1 *http.Response) (h2 []Header) {
 
 				// Since these are http2 headers, they're required to be lowercase
 				h2 = append(h2, Header{Name: strings.ToLower(header), Value: value})
-			} else if !IsControlHeader(header) {
+			} else if !IsControlHeader(header) || IsWebsocketClientHeader(header) {
 				// User headers, on the other hand, must all be serialized so that
 				// HTTP/2 header validation won't be applied to HTTP/1 header values
 				if _, ok := userHeaders[header]; ok {

From 80f387214c0424db4d31d6aeee6bb8e4f72565bd Mon Sep 17 00:00:00 2001
From: Areg Harutyunyan <areg@cloudflare.com>
Date: Tue, 10 Mar 2020 01:35:11 +0000
Subject: [PATCH 028/100] TUN-2796: Implement HTTP2 CONTINUATION headers
 correctly

---
 h2mux/muxwriter.go      | 58 +++++++++++++++++++++++++++++------------
 h2mux/muxwriter_test.go | 26 ++++++++++++++++++
 2 files changed, 67 insertions(+), 17 deletions(-)
 create mode 100644 h2mux/muxwriter_test.go

diff --git a/h2mux/muxwriter.go b/h2mux/muxwriter.go
index 80888d45..dfe52d7f 100644
--- a/h2mux/muxwriter.go
+++ b/h2mux/muxwriter.go
@@ -250,28 +250,52 @@ func (w *MuxWriter) encodeHeaders(headers []Header) ([]byte, error) {
 // writeHeaders writes a block of encoded headers, splitting it into multiple frames if necessary.
 func (w *MuxWriter) writeHeaders(streamID uint32, headers []Header) error {
 	encodedHeaders, err := w.encodeHeaders(headers)
-	if err != nil {
+	if err != nil || len(encodedHeaders) == 0 {
 		return err
 	}
+
 	blockSize := int(w.maxFrameSize)
-	endHeaders := len(encodedHeaders) == 0
-	for !endHeaders && err == nil {
-		blockFragment := encodedHeaders
-		if len(encodedHeaders) > blockSize {
-			blockFragment = blockFragment[:blockSize]
-			encodedHeaders = encodedHeaders[blockSize:]
-			// Send CONTINUATION frame if the headers can't be fit into 1 frame
-			err = w.f.WriteContinuation(streamID, endHeaders, blockFragment)
-		} else {
-			endHeaders = true
-			err = w.f.WriteHeaders(http2.HeadersFrameParam{
-				StreamID:      streamID,
-				EndHeaders:    endHeaders,
-				BlockFragment: blockFragment,
-			})
+	// CONTINUATION is unnecessary; the headers fit within the blockSize
+	if len(encodedHeaders) < blockSize {
+		return w.f.WriteHeaders(http2.HeadersFrameParam{
+			StreamID:      streamID,
+			EndHeaders:    true,
+			BlockFragment: encodedHeaders,
+		})
+	}
+
+	choppedHeaders := chopEncodedHeaders(encodedHeaders, blockSize)
+	// len(choppedHeaders) is at least 2
+	if err := w.f.WriteHeaders(http2.HeadersFrameParam{StreamID: streamID, EndHeaders: false, BlockFragment: choppedHeaders[0]}); err != nil {
+		return err
+	}
+	for i := 1; i < len(choppedHeaders)-1; i++ {
+		if err := w.f.WriteContinuation(streamID, false, choppedHeaders[i]); err != nil {
+			return err
 		}
 	}
-	return err
+	if err := w.f.WriteContinuation(streamID, true, choppedHeaders[len(choppedHeaders)-1]); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// Partition a slice of bytes into `len(slice) / blockSize` slices of length `blockSize`
+func chopEncodedHeaders(headers []byte, chunkSize int) [][]byte {
+	var divided [][]byte
+
+	for i := 0; i < len(headers); i += chunkSize {
+		end := i + chunkSize
+
+		if end > len(headers) {
+			end = len(headers)
+		}
+
+		divided = append(divided, headers[i:end])
+	}
+
+	return divided
 }
 
 func (w *MuxWriter) writeUseDictionary(dictRequest useDictRequest) error {
diff --git a/h2mux/muxwriter_test.go b/h2mux/muxwriter_test.go
new file mode 100644
index 00000000..07e23bdc
--- /dev/null
+++ b/h2mux/muxwriter_test.go
@@ -0,0 +1,26 @@
+package h2mux
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestChopEncodedHeaders(t *testing.T) {
+	mockEncodedHeaders := make([]byte, 5)
+	for i := range mockEncodedHeaders {
+		mockEncodedHeaders[i] = byte(i)
+	}
+	chopped := chopEncodedHeaders(mockEncodedHeaders, 4)
+
+	assert.Equal(t, 2, len(chopped))
+	assert.Equal(t, []byte{0, 1, 2, 3}, chopped[0])
+	assert.Equal(t, []byte{4}, chopped[1])
+}
+
+func TestChopEncodedEmptyHeaders(t *testing.T) {
+	mockEncodedHeaders := make([]byte, 0)
+	chopped := chopEncodedHeaders(mockEncodedHeaders, 3)
+
+	assert.Equal(t, 0, len(chopped))
+}

From 42246f986c97e098d2dfb566cd6e74b2260ba6e2 Mon Sep 17 00:00:00 2001
From: Areg Harutyunyan <areg@cloudflare.com>
Date: Thu, 26 Mar 2020 15:17:01 +0000
Subject: [PATCH 029/100] Release 2020.3.0

---
 RELEASE_NOTES | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/RELEASE_NOTES b/RELEASE_NOTES
index 52fdc8a6..ea3763c4 100644
--- a/RELEASE_NOTES
+++ b/RELEASE_NOTES
@@ -1,3 +1,25 @@
+2020.3.0
+- 2020-03-23 AUTH-2394 fixed header for websockets. Added TCP alias
+- 2020-03-10 TUN-2797: Fix panic in SetConnDigest by making mutexes values.
+- 2020-03-13 TUN-2807: cloudflared hello-world shouldn't assume it's my first tunnel
+- 2020-03-13 TUN-2756: Set connection digest after reconnect.
+- 2020-03-16 TUN-2812: Tunnel proxies and RPCs can share an edge address
+- 2020-03-18 TUN-2816: cloudflared metrics server should be more discoverable
+- 2020-03-19 TUN-2820: Serialized headers for Websockets
+- 2020-03-19 TUN-2819: cloudflared should close its connections when a signal is sent
+- 2020-03-19 TUN-2823: Bugfix. cloudflared would hang forever if error occurred.
+- 2020-03-10 TUN-2796: Implement HTTP2 CONTINUATION headers correctly
+- 2020-03-02 TUN-2779: update sample HTML pages
+- 2020-03-04 TUN-2785: Use reconnect token by default
+- 2020-03-05 TUN-2754: Add ConnDigest to cloudflared and its RPCs
+- 2020-03-06 TUN-2755: ReconnectTunnel RPC now transmits ConnectionDigest
+- 2020-03-06 TUN-2761: Use the new header management functions in cloudflared
+- 2020-03-06 TUN-2788: cloudflared should store one ConnDigest per HA connection
+- 2020-02-26 TUN-2767: Test for large headers
+- 2020-02-28 do not terminate tunnel if origin is not reachable on start-up (#177)
+- 2020-02-28 TUN-2776: Add header serialization feature in cloudflared
+- 2020-02-21 TUN-2748: Insecure randomness vulnerability in github.com/miekg/dns
+
 2020.2.1
 - 2020-02-20 TUN-2745: Rename existing header management functions
 - 2020-02-21 TUN-2746: Add the new header management functions

From ae374c0463ea5b1fcc068ac19f7a49fa38acedd3 Mon Sep 17 00:00:00 2001
From: Areg Harutyunyan <areg@cloudflare.com>
Date: Fri, 27 Mar 2020 14:39:59 +0000
Subject: [PATCH 030/100] TUN-2846: Trigger debug reconnects from stdin
 commands, not SIGUSR1

---
 cmd/cloudflared/tunnel/cmd.go | 34 +++++++++++++++++++++++++++++-----
 origin/supervisor.go          |  9 ++++-----
 origin/tunnel.go              |  7 +++----
 3 files changed, 36 insertions(+), 14 deletions(-)

diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index e901c0bd..d014bdf3 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -1,18 +1,17 @@
 package tunnel
 
 import (
+	"bufio"
 	"context"
 	"fmt"
 	"io/ioutil"
 	"net"
 	"net/url"
 	"os"
-	ossig "os/signal"
 	"reflect"
 	"runtime"
 	"runtime/trace"
 	"sync"
-	"syscall"
 	"time"
 
 	"github.com/cloudflare/cloudflared/awsuploader"
@@ -401,9 +400,11 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 		return err
 	}
 
-	// When the user sends SIGUSR1, disconnect all connections.
-	reconnectCh := make(chan os.Signal, 1)
-	ossig.Notify(reconnectCh, syscall.SIGUSR1)
+	reconnectCh := make(chan struct{}, 1)
+	if c.IsSet("stdin-control") {
+		logger.Warn("Enabling control through stdin")
+		go stdinControl(reconnectCh)
+	}
 
 	wg.Add(1)
 	go func() {
@@ -1066,5 +1067,28 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 			EnvVars: []string{"HOST_KEY_PATH"},
 			Hidden:  true,
 		}),
+		altsrc.NewBoolFlag(&cli.BoolFlag{
+			Name:    "stdin-control",
+			Usage:   "Control the process using commands sent through stdin",
+			EnvVars: []string{"STDIN-CONTROL"},
+			Hidden:  true,
+			Value:   false,
+		}),
+	}
+}
+
+func stdinControl(reconnectCh chan struct{}) {
+	for {
+		scanner := bufio.NewScanner(os.Stdin)
+		for scanner.Scan() {
+			command := scanner.Text()
+
+			switch command {
+			case "reconnect":
+				reconnectCh <- struct{}{}
+			default:
+				logger.Warn("Unknown command: ", command)
+			}
+		}
 	}
 }
diff --git a/origin/supervisor.go b/origin/supervisor.go
index 8c3a672e..ee57506d 100644
--- a/origin/supervisor.go
+++ b/origin/supervisor.go
@@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"net"
-	"os"
 	"sync"
 	"time"
 
@@ -106,7 +105,7 @@ func NewSupervisor(config *TunnelConfig, u uuid.UUID) (*Supervisor, error) {
 	}, nil
 }
 
-func (s *Supervisor) Run(ctx context.Context, connectedSignal *signal.Signal, reconnectCh chan os.Signal) error {
+func (s *Supervisor) Run(ctx context.Context, connectedSignal *signal.Signal, reconnectCh chan struct{}) error {
 	logger := s.config.Logger
 	if err := s.initialize(ctx, connectedSignal, reconnectCh); err != nil {
 		return err
@@ -192,7 +191,7 @@ func (s *Supervisor) Run(ctx context.Context, connectedSignal *signal.Signal, re
 }
 
 // Returns nil if initialization succeeded, else the initialization error.
-func (s *Supervisor) initialize(ctx context.Context, connectedSignal *signal.Signal, reconnectCh chan os.Signal) error {
+func (s *Supervisor) initialize(ctx context.Context, connectedSignal *signal.Signal, reconnectCh chan struct{}) error {
 	logger := s.logger
 
 	s.lastResolve = time.Now()
@@ -222,7 +221,7 @@ func (s *Supervisor) initialize(ctx context.Context, connectedSignal *signal.Sig
 
 // startTunnel starts the first tunnel connection. The resulting error will be sent on
 // s.tunnelErrors. It will send a signal via connectedSignal if registration succeed
-func (s *Supervisor) startFirstTunnel(ctx context.Context, connectedSignal *signal.Signal, reconnectCh chan os.Signal) {
+func (s *Supervisor) startFirstTunnel(ctx context.Context, connectedSignal *signal.Signal, reconnectCh chan struct{}) {
 	var (
 		addr *net.TCPAddr
 		err  error
@@ -266,7 +265,7 @@ func (s *Supervisor) startFirstTunnel(ctx context.Context, connectedSignal *sign
 
 // startTunnel starts a new tunnel connection. The resulting error will be sent on
 // s.tunnelErrors.
-func (s *Supervisor) startTunnel(ctx context.Context, index int, connectedSignal *signal.Signal, reconnectCh chan os.Signal) {
+func (s *Supervisor) startTunnel(ctx context.Context, index int, connectedSignal *signal.Signal, reconnectCh chan struct{}) {
 	var (
 		addr *net.TCPAddr
 		err  error
diff --git a/origin/tunnel.go b/origin/tunnel.go
index 4b5edefa..50dd02cc 100644
--- a/origin/tunnel.go
+++ b/origin/tunnel.go
@@ -9,7 +9,6 @@ import (
 	"net"
 	"net/http"
 	"net/url"
-	"os"
 	"strconv"
 	"strings"
 	"sync"
@@ -170,7 +169,7 @@ func (c *TunnelConfig) RegistrationOptions(connectionID uint8, OriginLocalIP str
 	}
 }
 
-func StartTunnelDaemon(ctx context.Context, config *TunnelConfig, connectedSignal *signal.Signal, cloudflaredID uuid.UUID, reconnectCh chan os.Signal) error {
+func StartTunnelDaemon(ctx context.Context, config *TunnelConfig, connectedSignal *signal.Signal, cloudflaredID uuid.UUID, reconnectCh chan struct{}) error {
 	s, err := NewSupervisor(config, cloudflaredID)
 	if err != nil {
 		return err
@@ -186,7 +185,7 @@ func ServeTunnelLoop(ctx context.Context,
 	connectedSignal *signal.Signal,
 	u uuid.UUID,
 	bufferPool *buffer.Pool,
-	reconnectCh chan os.Signal,
+	reconnectCh chan struct{},
 ) error {
 	connectionLogger := config.Logger.WithField("connectionID", connectionID)
 	config.Metrics.incrementHaConnections()
@@ -235,7 +234,7 @@ func ServeTunnel(
 	backoff *BackoffHandler,
 	u uuid.UUID,
 	bufferPool *buffer.Pool,
-	reconnectCh chan os.Signal,
+	reconnectCh chan struct{},
 ) (err error, recoverable bool) {
 	// Treat panics as recoverable errors
 	defer func() {

From c76283a2b4f496d89f918599c859d3e91fb05ce1 Mon Sep 17 00:00:00 2001
From: Areg Harutyunyan <areg@cloudflare.com>
Date: Fri, 27 Mar 2020 17:20:31 +0000
Subject: [PATCH 031/100] Release 2020.3.1

---
 RELEASE_NOTES | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/RELEASE_NOTES b/RELEASE_NOTES
index ea3763c4..d9f8358f 100644
--- a/RELEASE_NOTES
+++ b/RELEASE_NOTES
@@ -1,3 +1,6 @@
+2020.3.1
+- 2020-03-27 TUN-2846: Trigger debug reconnects from stdin commands, not SIGUSR1
+
 2020.3.0
 - 2020-03-23 AUTH-2394 fixed header for websockets. Added TCP alias
 - 2020-03-10 TUN-2797: Fix panic in SetConnDigest by making mutexes values.

From acea15161cc999b3a46c2c6fc79a6cd6ed3a214c Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Tue, 31 Mar 2020 08:59:00 -0500
Subject: [PATCH 032/100] TUN-2854: Quick Reconnects should be an optional
 supported feature

---
 connection/features.go |  9 ---------
 origin/tunnel.go       | 12 +++++++++++-
 2 files changed, 11 insertions(+), 10 deletions(-)
 delete mode 100644 connection/features.go

diff --git a/connection/features.go b/connection/features.go
deleted file mode 100644
index 7e555fa4..00000000
--- a/connection/features.go
+++ /dev/null
@@ -1,9 +0,0 @@
-package connection
-
-const (
-	FeatureSerializedHeaders = "serialized_headers"
-)
-
-var SupportedFeatures = []string{
-	FeatureSerializedHeaders,
-}
diff --git a/origin/tunnel.go b/origin/tunnel.go
index 50dd02cc..c0994100 100644
--- a/origin/tunnel.go
+++ b/origin/tunnel.go
@@ -39,6 +39,8 @@ const (
 	lbProbeUserAgentPrefix   = "Mozilla/5.0 (compatible; Cloudflare-Traffic-Manager/1.0; +https://www.cloudflare.com/traffic-manager/;"
 	TagHeaderNamePrefix      = "Cf-Warp-Tag-"
 	DuplicateConnectionError = "EDUPCONN"
+	FeatureSerializedHeaders = "serialized_headers"
+	FeatureQuickReconnects   = "quick_reconnects"
 )
 
 type registerRPCName string
@@ -165,10 +167,18 @@ func (c *TunnelConfig) RegistrationOptions(connectionID uint8, OriginLocalIP str
 		RunFromTerminal:      c.RunFromTerminal,
 		CompressionQuality:   c.CompressionQuality,
 		UUID:                 uuid.String(),
-		Features:             connection.SupportedFeatures,
+		Features:             c.SupportedFeatures(),
 	}
 }
 
+func (c *TunnelConfig) SupportedFeatures() []string {
+	basic := []string{FeatureSerializedHeaders}
+	if c.UseQuickReconnects {
+		basic = append(basic, FeatureQuickReconnects)
+	}
+	return basic
+}
+
 func StartTunnelDaemon(ctx context.Context, config *TunnelConfig, connectedSignal *signal.Signal, cloudflaredID uuid.UUID, reconnectCh chan struct{}) error {
 	s, err := NewSupervisor(config, cloudflaredID)
 	if err != nil {

From 0b2b6c8e12e78dd25b5a38d92a8ea30d8c812fa9 Mon Sep 17 00:00:00 2001
From: Areg Harutyunyan <areg@cloudflare.com>
Date: Mon, 30 Mar 2020 22:51:48 +0100
Subject: [PATCH 033/100] TUN-2850: Tunnel stripping Cloudflare headers

---
 h2mux/header.go | 31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/h2mux/header.go b/h2mux/header.go
index c79846bf..dbec394f 100644
--- a/h2mux/header.go
+++ b/h2mux/header.go
@@ -28,6 +28,10 @@ const (
 // HTTP/1 equivalents. See https://tools.ietf.org/html/rfc7540#section-8.1.2.3
 func H2RequestHeadersToH1Request(h2 []Header, h1 *http.Request) error {
 	for _, header := range h2 {
+		if !IsControlHeader(header.Name) {
+			continue
+		}
+
 		switch strings.ToLower(header.Name) {
 		case ":method":
 			h1.Method = header.Value
@@ -72,25 +76,22 @@ func H2RequestHeadersToH1Request(h2 []Header, h1 *http.Request) error {
 				return fmt.Errorf("unparseable content length")
 			}
 			h1.ContentLength = contentLength
-		case "connection", "upgrade":
-			// for websocket header support
-			h1.Header.Add(http.CanonicalHeaderKey(header.Name), header.Value)
+		case RequestUserHeadersField:
+			// Do not forward the serialized headers to the origin -- deserialize them, and ditch the serialized version
+			// Find and parse user headers serialized into a single one
+			userHeaders, err := ParseUserHeaders(RequestUserHeadersField, h2)
+			if err != nil {
+				return errors.Wrap(err, "Unable to parse user headers")
+			}
+			for _, userHeader := range userHeaders {
+				h1.Header.Add(http.CanonicalHeaderKey(userHeader.Name), userHeader.Value)
+			}
 		default:
-			// Ignore any other header;
-			// User headers will be read from `RequestUserHeadersField`
-			continue
+			// All other control headers shall just be proxied transparently
+			h1.Header.Add(http.CanonicalHeaderKey(header.Name), header.Value)
 		}
 	}
 
-	// Find and parse user headers serialized into a single one
-	userHeaders, err := ParseUserHeaders(RequestUserHeadersField, h2)
-	if err != nil {
-		return errors.Wrap(err, "Unable to parse user headers")
-	}
-	for _, userHeader := range userHeaders {
-		h1.Header.Add(http.CanonicalHeaderKey(userHeader.Name), userHeader.Value)
-	}
-
 	return nil
 }
 

From 710f66b0bbf9da94585235f6fba9b1a18ac631fa Mon Sep 17 00:00:00 2001
From: Areg Harutyunyan <areg@cloudflare.com>
Date: Tue, 31 Mar 2020 17:56:07 +0100
Subject: [PATCH 034/100] Release 2020.3.2

---
 RELEASE_NOTES | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/RELEASE_NOTES b/RELEASE_NOTES
index d9f8358f..0ea4290c 100644
--- a/RELEASE_NOTES
+++ b/RELEASE_NOTES
@@ -1,3 +1,7 @@
+2020.3.2
+- 2020-03-31 TUN-2854: Quick Reconnects should be an optional supported feature
+- 2020-03-30 TUN-2850: Tunnel stripping Cloudflare headers
+
 2020.3.1
 - 2020-03-27 TUN-2846: Trigger debug reconnects from stdin commands, not SIGUSR1
 

From a37da2b165414a61863a446ce1e9e993ac505268 Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Tue, 31 Mar 2020 09:56:22 -0500
Subject: [PATCH 035/100] AUTH-2394 added socks5 proxy

---
 carrier/carrier.go                            | 124 ++-----
 carrier/carrier_test.go                       |   6 +-
 carrier/websocket.go                          | 137 ++++++++
 cmd/cloudflared/access/carrier.go             |   9 +-
 cmd/cloudflared/tunnel/cmd.go                 |  24 +-
 go.mod                                        |  11 +-
 go.sum                                        | 238 +------------
 origin/tunnel.go                              |   1 +
 originservice/originservice.go                |   2 +-
 socks/auth_handler.go                         |  77 +++++
 socks/authenticator.go                        |  87 +++++
 socks/connection_handler.go                   |  57 ++++
 socks/connection_handler_test.go              |  88 +++++
 socks/dialer.go                               |  57 ++++
 socks/request.go                              | 195 +++++++++++
 socks/request_handler.go                      | 106 ++++++
 socks/request_handler_test.go                 |  28 ++
 socks/request_test.go                         |  69 ++++
 vendor/golang.org/x/net/http2/pipe.go         |   7 +-
 vendor/golang.org/x/net/http2/server.go       |   6 +-
 vendor/golang.org/x/net/http2/transport.go    |  26 +-
 .../golang.org/x/net/internal/socks/client.go | 168 ++++++++++
 .../golang.org/x/net/internal/socks/socks.go  | 317 ++++++++++++++++++
 vendor/golang.org/x/net/proxy/dial.go         |  54 +++
 vendor/golang.org/x/net/proxy/direct.go       |  31 ++
 vendor/golang.org/x/net/proxy/per_host.go     | 155 +++++++++
 vendor/golang.org/x/net/proxy/proxy.go        | 149 ++++++++
 vendor/golang.org/x/net/proxy/socks5.go       |  42 +++
 .../x/sys/unix/sockcmsg_dragonfly.go          |  16 +
 .../golang.org/x/sys/unix/sockcmsg_linux.go   |   2 +-
 vendor/golang.org/x/sys/unix/sockcmsg_unix.go |  36 +-
 .../x/sys/unix/sockcmsg_unix_other.go         |  38 +++
 vendor/golang.org/x/sys/unix/syscall_bsd.go   |   2 +-
 .../x/sys/unix/syscall_dragonfly.go           |  20 +-
 vendor/golang.org/x/sys/unix/syscall_linux.go |   2 +-
 .../golang.org/x/sys/unix/syscall_solaris.go  |   2 +-
 .../golang.org/x/sys/unix/ztypes_linux_386.go |  52 ++-
 .../x/sys/unix/ztypes_linux_amd64.go          |  52 ++-
 .../golang.org/x/sys/unix/ztypes_linux_arm.go |  52 ++-
 .../x/sys/unix/ztypes_linux_arm64.go          |  52 ++-
 .../x/sys/unix/ztypes_linux_mips.go           |  52 ++-
 .../x/sys/unix/ztypes_linux_mips64.go         |  52 ++-
 .../x/sys/unix/ztypes_linux_mips64le.go       |  52 ++-
 .../x/sys/unix/ztypes_linux_mipsle.go         |  52 ++-
 .../x/sys/unix/ztypes_linux_ppc64.go          |  52 ++-
 .../x/sys/unix/ztypes_linux_ppc64le.go        |  52 ++-
 .../x/sys/unix/ztypes_linux_riscv64.go        |  52 ++-
 .../x/sys/unix/ztypes_linux_s390x.go          |  52 ++-
 .../x/sys/unix/ztypes_linux_sparc64.go        |  52 ++-
 .../x/sys/windows/security_windows.go         |   4 +-
 .../x/sys/windows/syscall_windows.go          |   3 +-
 .../x/sys/windows/zsyscall_windows.go         |  13 +
 vendor/modules.txt                            |   6 +-
 websocket/websocket.go                        |  11 +-
 54 files changed, 2509 insertions(+), 593 deletions(-)
 create mode 100644 carrier/websocket.go
 create mode 100644 socks/auth_handler.go
 create mode 100644 socks/authenticator.go
 create mode 100644 socks/connection_handler.go
 create mode 100644 socks/connection_handler_test.go
 create mode 100644 socks/dialer.go
 create mode 100644 socks/request.go
 create mode 100644 socks/request_handler.go
 create mode 100644 socks/request_handler_test.go
 create mode 100644 socks/request_test.go
 create mode 100644 vendor/golang.org/x/net/internal/socks/client.go
 create mode 100644 vendor/golang.org/x/net/internal/socks/socks.go
 create mode 100644 vendor/golang.org/x/net/proxy/dial.go
 create mode 100644 vendor/golang.org/x/net/proxy/direct.go
 create mode 100644 vendor/golang.org/x/net/proxy/per_host.go
 create mode 100644 vendor/golang.org/x/net/proxy/proxy.go
 create mode 100644 vendor/golang.org/x/net/proxy/socks5.go
 create mode 100644 vendor/golang.org/x/sys/unix/sockcmsg_dragonfly.go
 create mode 100644 vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go

diff --git a/carrier/carrier.go b/carrier/carrier.go
index 17cdda8a..0e72a20e 100644
--- a/carrier/carrier.go
+++ b/carrier/carrier.go
@@ -11,9 +11,7 @@ import (
 	"strings"
 
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/token"
-	cloudflaredWebsocket "github.com/cloudflare/cloudflared/websocket"
-	"github.com/gorilla/websocket"
-	"github.com/sirupsen/logrus"
+	"github.com/pkg/errors"
 )
 
 type StartOptions struct {
@@ -21,6 +19,15 @@ type StartOptions struct {
 	Headers   http.Header
 }
 
+// Connection wraps up all the needed functions to forward over the tunnel
+type Connection interface {
+	// ServeStream is used to forward data from the client to the edge
+	ServeStream(*StartOptions, io.ReadWriter) error
+
+	// StartServer is used to listen for incoming connections from the edge to the origin
+	StartServer(net.Listener, string, <-chan struct{}) error
+}
+
 // StdinoutStream is empty struct for wrapping stdin/stdout
 // into a single ReadWriter
 type StdinoutStream struct {
@@ -44,29 +51,27 @@ func closeRespBody(resp *http.Response) {
 	}
 }
 
-// StartClient will copy the data from stdin/stdout over a WebSocket connection
-// to the edge (originURL)
-func StartClient(logger *logrus.Logger, stream io.ReadWriter, options *StartOptions) error {
-	return serveStream(logger, stream, options)
-}
-
-// StartServer will setup a listener on a specified address/port and then
+// StartForwarder will setup a listener on a specified address/port and then
 // forward connections to the origin by calling `Serve()`.
-func StartServer(logger *logrus.Logger, address string, shutdownC <-chan struct{}, options *StartOptions) error {
+func StartForwarder(conn Connection, address string, shutdownC <-chan struct{}, options *StartOptions) error {
 	listener, err := net.Listen("tcp", address)
 	if err != nil {
-		logger.WithError(err).Error("failed to start forwarding server")
-		return err
+		return errors.Wrap(err, "failed to start forwarding server")
 	}
-	logger.Info("Started listening on ", address)
-	return Serve(logger, listener, shutdownC, options)
+	return Serve(conn, listener, shutdownC, options)
+}
+
+// StartClient will copy the data from stdin/stdout over a WebSocket connection
+// to the edge (originURL)
+func StartClient(conn Connection, stream io.ReadWriter, options *StartOptions) error {
+	return serveStream(conn, stream, options)
 }
 
 // Serve accepts incoming connections on the specified net.Listener.
 // Each connection is handled in a new goroutine: its data is copied over a
 // WebSocket connection to the edge (originURL).
 // `Serve` always closes `listener`.
-func Serve(logger *logrus.Logger, listener net.Listener, shutdownC <-chan struct{}, options *StartOptions) error {
+func Serve(remoteConn Connection, listener net.Listener, shutdownC <-chan struct{}, options *StartOptions) error {
 	defer listener.Close()
 	for {
 		select {
@@ -77,53 +82,20 @@ func Serve(logger *logrus.Logger, listener net.Listener, shutdownC <-chan struct
 			if err != nil {
 				return err
 			}
-			go serveConnection(logger, conn, options)
+			go serveConnection(remoteConn, conn, options)
 		}
 	}
 }
 
 // serveConnection handles connections for the Serve() call
-func serveConnection(logger *logrus.Logger, c net.Conn, options *StartOptions) {
+func serveConnection(remoteConn Connection, c net.Conn, options *StartOptions) {
 	defer c.Close()
-	serveStream(logger, c, options)
+	serveStream(remoteConn, c, options)
 }
 
 // serveStream will serve the data over the WebSocket stream
-func serveStream(logger *logrus.Logger, conn io.ReadWriter, options *StartOptions) error {
-	wsConn, err := createWebsocketStream(options)
-	if err != nil {
-		logger.WithError(err).Errorf("failed to connect to %s\n", options.OriginURL)
-		return err
-	}
-	defer wsConn.Close()
-
-	cloudflaredWebsocket.Stream(wsConn, conn)
-
-	return nil
-}
-
-// createWebsocketStream will create a WebSocket connection to stream data over
-// It also handles redirects from Access and will present that flow if
-// the token is not present on the request
-func createWebsocketStream(options *StartOptions) (*cloudflaredWebsocket.Conn, error) {
-	req, err := http.NewRequest(http.MethodGet, options.OriginURL, nil)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = options.Headers
-
-	wsConn, resp, err := cloudflaredWebsocket.ClientConnect(req, nil)
-	defer closeRespBody(resp)
-	if err != nil && IsAccessResponse(resp) {
-		wsConn, err = createAccessAuthenticatedStream(options)
-		if err != nil {
-			return nil, err
-		}
-	} else if err != nil {
-		return nil, err
-	}
-
-	return &cloudflaredWebsocket.Conn{Conn: wsConn}, nil
+func serveStream(remoteConn Connection, conn io.ReadWriter, options *StartOptions) error {
+	return remoteConn.ServeStream(options, conn)
 }
 
 // IsAccessResponse checks the http Response to see if the url location
@@ -144,49 +116,7 @@ func IsAccessResponse(resp *http.Response) bool {
 	return false
 }
 
-// createAccessAuthenticatedStream will try load a token from storage and make
-// a connection with the token set on the request. If it still get redirect,
-// this probably means the token in storage is invalid (expired/revoked). If that
-// happens it deletes the token and runs the connection again, so the user can
-// login again and generate a new one.
-func createAccessAuthenticatedStream(options *StartOptions) (*websocket.Conn, error) {
-	wsConn, resp, err := createAccessWebSocketStream(options)
-	defer closeRespBody(resp)
-	if err == nil {
-		return wsConn, nil
-	}
-
-	if !IsAccessResponse(resp) {
-		return nil, err
-	}
-
-	// Access Token is invalid for some reason. Go through regen flow
-	originReq, err := http.NewRequest(http.MethodGet, options.OriginURL, nil)
-	if err != nil {
-		return nil, err
-	}
-	if err := token.RemoveTokenIfExists(originReq.URL); err != nil {
-		return nil, err
-	}
-	wsConn, resp, err = createAccessWebSocketStream(options)
-	defer closeRespBody(resp)
-	if err != nil {
-		return nil, err
-	}
-
-	return wsConn, nil
-}
-
-// createAccessWebSocketStream builds an Access request and makes a connection
-func createAccessWebSocketStream(options *StartOptions) (*websocket.Conn, *http.Response, error) {
-	req, err := BuildAccessRequest(options)
-	if err != nil {
-		return nil, nil, err
-	}
-	return cloudflaredWebsocket.ClientConnect(req, nil)
-}
-
-// buildAccessRequest builds an HTTP request with the Access token set
+// BuildAccessRequest builds an HTTP request with the Access token set
 func BuildAccessRequest(options *StartOptions) (*http.Request, error) {
 	req, err := http.NewRequest(http.MethodGet, options.OriginURL, nil)
 	if err != nil {
diff --git a/carrier/carrier_test.go b/carrier/carrier_test.go
index 379faadf..306f4980 100644
--- a/carrier/carrier_test.go
+++ b/carrier/carrier_test.go
@@ -44,6 +44,7 @@ func (s *testStreamer) Write(p []byte) (int, error) {
 func TestStartClient(t *testing.T) {
 	message := "Good morning Austin! Time for another sunny day in the great state of Texas."
 	logger := logrus.New()
+	wsConn := NewWSConnection(logger, false)
 	ts := newTestWebSocketServer()
 	defer ts.Close()
 
@@ -52,7 +53,7 @@ func TestStartClient(t *testing.T) {
 		OriginURL: "http://" + ts.Listener.Addr().String(),
 		Headers:   nil,
 	}
-	err := StartClient(logger, buf, options)
+	err := StartClient(wsConn, buf, options)
 	assert.NoError(t, err)
 	buf.Write([]byte(message))
 
@@ -69,6 +70,7 @@ func TestStartServer(t *testing.T) {
 	message := "Good morning Austin! Time for another sunny day in the great state of Texas."
 	logger := logrus.New()
 	shutdownC := make(chan struct{})
+	wsConn := NewWSConnection(logger, false)
 	ts := newTestWebSocketServer()
 	defer ts.Close()
 	options := &StartOptions{
@@ -77,7 +79,7 @@ func TestStartServer(t *testing.T) {
 	}
 
 	go func() {
-		err := Serve(logger, listener, shutdownC, options)
+		err := Serve(wsConn, listener, shutdownC, options)
 		if err != nil {
 			t.Fatalf("Error running server: %v", err)
 		}
diff --git a/carrier/websocket.go b/carrier/websocket.go
new file mode 100644
index 00000000..3ea81d4c
--- /dev/null
+++ b/carrier/websocket.go
@@ -0,0 +1,137 @@
+package carrier
+
+import (
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+
+	"github.com/cloudflare/cloudflared/cmd/cloudflared/token"
+	"github.com/cloudflare/cloudflared/socks"
+	cfwebsocket "github.com/cloudflare/cloudflared/websocket"
+	"github.com/gorilla/websocket"
+	"github.com/sirupsen/logrus"
+)
+
+// Websocket is used to carry data via WS binary frames over the tunnel from client to the origin
+// This implements the functions for glider proxy (sock5) and the carrier interface
+type Websocket struct {
+	logger  *logrus.Logger
+	isSocks bool
+}
+
+type wsdialer struct {
+	conn *cfwebsocket.Conn
+}
+
+func (d *wsdialer) Dial(address string) (io.ReadWriteCloser, *socks.AddrSpec, error) {
+	local, ok := d.conn.LocalAddr().(*net.TCPAddr)
+	if !ok {
+		return nil, nil, fmt.Errorf("not a tcp connection")
+	}
+
+	addr := socks.AddrSpec{IP: local.IP, Port: local.Port}
+	return d.conn, &addr, nil
+}
+
+// NewWSConnection returns a new connection object
+func NewWSConnection(logger *logrus.Logger, isSocks bool) Connection {
+	return &Websocket{
+		logger:  logger,
+		isSocks: isSocks,
+	}
+}
+
+// ServeStream will create a Websocket client stream connection to the edge
+// it blocks and writes the raw data from conn over the tunnel
+func (ws *Websocket) ServeStream(options *StartOptions, conn io.ReadWriter) error {
+	wsConn, err := createWebsocketStream(options)
+	if err != nil {
+		ws.logger.WithError(err).Errorf("failed to connect to %s", options.OriginURL)
+		return err
+	}
+	defer wsConn.Close()
+
+	if ws.isSocks {
+		dialer := &wsdialer{conn: wsConn}
+		requestHandler := socks.NewRequestHandler(dialer)
+		socksServer := socks.NewConnectionHandler(requestHandler)
+
+		socksServer.Serve(conn)
+	} else {
+		cfwebsocket.Stream(wsConn, conn)
+	}
+	return nil
+}
+
+// StartServer creates a Websocket server to listen for connections.
+// This is used on the origin (tunnel) side to take data from the muxer and send it to the origin
+func (ws *Websocket) StartServer(listener net.Listener, remote string, shutdownC <-chan struct{}) error {
+	return cfwebsocket.StartProxyServer(ws.logger, listener, remote, shutdownC, cfwebsocket.DefaultStreamHandler)
+}
+
+// createWebsocketStream will create a WebSocket connection to stream data over
+// It also handles redirects from Access and will present that flow if
+// the token is not present on the request
+func createWebsocketStream(options *StartOptions) (*cfwebsocket.Conn, error) {
+	req, err := http.NewRequest(http.MethodGet, options.OriginURL, nil)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = options.Headers
+
+	wsConn, resp, err := cfwebsocket.ClientConnect(req, nil)
+	defer closeRespBody(resp)
+	if err != nil && IsAccessResponse(resp) {
+		wsConn, err = createAccessAuthenticatedStream(options)
+		if err != nil {
+			return nil, err
+		}
+	} else if err != nil {
+		return nil, err
+	}
+
+	return &cfwebsocket.Conn{Conn: wsConn}, nil
+}
+
+// createAccessAuthenticatedStream will try load a token from storage and make
+// a connection with the token set on the request. If it still get redirect,
+// this probably means the token in storage is invalid (expired/revoked). If that
+// happens it deletes the token and runs the connection again, so the user can
+// login again and generate a new one.
+func createAccessAuthenticatedStream(options *StartOptions) (*websocket.Conn, error) {
+	wsConn, resp, err := createAccessWebSocketStream(options)
+	defer closeRespBody(resp)
+	if err == nil {
+		return wsConn, nil
+	}
+
+	if !IsAccessResponse(resp) {
+		return nil, err
+	}
+
+	// Access Token is invalid for some reason. Go through regen flow
+	originReq, err := http.NewRequest(http.MethodGet, options.OriginURL, nil)
+	if err != nil {
+		return nil, err
+	}
+	if err := token.RemoveTokenIfExists(originReq.URL); err != nil {
+		return nil, err
+	}
+	wsConn, resp, err = createAccessWebSocketStream(options)
+	defer closeRespBody(resp)
+	if err != nil {
+		return nil, err
+	}
+
+	return wsConn, nil
+}
+
+// createAccessWebSocketStream builds an Access request and makes a connection
+func createAccessWebSocketStream(options *StartOptions) (*websocket.Conn, *http.Response, error) {
+	req, err := BuildAccessRequest(options)
+	if err != nil {
+		return nil, nil, err
+	}
+	return cfwebsocket.ClientConnect(req, nil)
+}
diff --git a/cmd/cloudflared/access/carrier.go b/cmd/cloudflared/access/carrier.go
index 881e0c29..7030e99a 100644
--- a/cmd/cloudflared/access/carrier.go
+++ b/cmd/cloudflared/access/carrier.go
@@ -44,6 +44,9 @@ func ssh(c *cli.Context) error {
 		Headers:   headers,
 	}
 
+	// we could add a cmd line variable for this bool if we want the SOCK5 server to be on the client side
+	wsConn := carrier.NewWSConnection(logger, false)
+
 	if c.NArg() > 0 || c.IsSet(sshURLFlag) {
 		localForwarder, err := config.ValidateUrl(c)
 		if err != nil {
@@ -55,10 +58,12 @@ func ssh(c *cli.Context) error {
 			logger.WithError(err).Error("Error validating origin URL")
 			return errors.Wrap(err, "error validating origin URL")
 		}
-		return carrier.StartServer(logger, forwarder.Host, shutdownC, options)
+
+		logger.Infof("Start Websocket listener on: %s", forwarder.Host)
+		return carrier.StartForwarder(wsConn, forwarder.Host, shutdownC, options)
 	}
 
-	return carrier.StartClient(logger, &carrier.StdinoutStream{}, options)
+	return carrier.StartClient(wsConn, &carrier.StdinoutStream{}, options)
 }
 
 func buildRequestHeaders(values []string) http.Header {
diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index d014bdf3..22dbcc2e 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -24,6 +24,7 @@ import (
 	"github.com/cloudflare/cloudflared/metrics"
 	"github.com/cloudflare/cloudflared/origin"
 	"github.com/cloudflare/cloudflared/signal"
+	"github.com/cloudflare/cloudflared/socks"
 	"github.com/cloudflare/cloudflared/sshlog"
 	"github.com/cloudflare/cloudflared/sshserver"
 	"github.com/cloudflare/cloudflared/supervisor"
@@ -77,6 +78,9 @@ const (
 	// hostKeyPath is the path of the dir to save SSH host keys too
 	hostKeyPath = "host-key-path"
 
+	// socks5Flag is to enable the socks server to deframe
+	socks5Flag = "socks5"
+
 	noIntentMsg = "The --intent argument is required. Cloudflared looks up an Intent to determine what configuration to use (i.e. which tunnels to start). If you don't have any Intents yet, you can use a placeholder Intent Label for now. Then, when you make an Intent with that label, cloudflared will get notified and open the tunnels you specified in that Intent."
 )
 
@@ -390,7 +394,18 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 		wg.Add(1)
 		go func() {
 			defer wg.Done()
-			errC <- websocket.StartProxyServer(logger, listener, host, shutdownC)
+			streamHandler := websocket.DefaultStreamHandler
+			if c.IsSet(socks5Flag) {
+				logger.Info("SOCKS5 server started")
+				streamHandler = func(wsConn *websocket.Conn, remoteConn net.Conn) {
+					dialer := socks.NewConnDialer(remoteConn)
+					requestHandler := socks.NewRequestHandler(dialer)
+					socksServer := socks.NewConnectionHandler(requestHandler)
+
+					socksServer.Serve(wsConn)
+				}
+			}
+			errC <- websocket.StartProxyServer(logger, listener, host, shutdownC, streamHandler)
 		}()
 		c.Set("url", "http://"+listener.Addr().String())
 	}
@@ -1074,6 +1089,13 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 			Hidden:  true,
 			Value:   false,
 		}),
+		altsrc.NewBoolFlag(&cli.BoolFlag{
+			Name:    socks5Flag,
+			Usage:   "specify if this tunnel is running as a SOCK5 Server",
+			EnvVars: []string{"TUNNEL_SOCKS"},
+			Value:   false,
+			Hidden:  false,
+		}),
 	}
 }
 
diff --git a/go.mod b/go.mod
index eece2cc5..74f083b1 100644
--- a/go.mod
+++ b/go.mod
@@ -25,14 +25,15 @@ require (
 	github.com/gliderlabs/ssh v0.0.0-20191009160644-63518b5243e0
 	github.com/go-sql-driver/mysql v1.4.1
 	github.com/golang-collections/collections v0.0.0-20130729185459-604e922904d3
-	github.com/google/certificate-transparency-go v1.1.0 // indirect
 	github.com/google/uuid v1.1.1
 	github.com/gorilla/mux v1.7.3
 	github.com/gorilla/websocket v1.4.0
 	github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 // indirect
 	github.com/jmoiron/sqlx v1.2.0
 	github.com/konsorten/go-windows-terminal-sequences v1.0.2 // indirect
+	github.com/kr/pretty v0.1.0 // indirect
 	github.com/kshvakov/clickhouse v1.3.11
+	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lib/pq v1.2.0
 	github.com/mattn/go-colorable v0.1.4
 	github.com/mattn/go-isatty v0.0.10 // indirect
@@ -54,11 +55,15 @@ require (
 	github.com/tinylib/msgp v1.1.0 // indirect
 	github.com/xo/dburl v0.0.0-20191005012637-293c3298d6c0
 	golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
-	golang.org/x/net v0.0.0-20191007182048-72f939374954
+	golang.org/x/net v0.0.0-20191014212845-da9a3fd4c582
+	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 // indirect
 	golang.org/x/sync v0.0.0-20190423024810-112230192c58
-	golang.org/x/sys v0.0.0-20191008105621-543471e840be
+	golang.org/x/sys v0.0.0-20191020212454-3e7259c5e7c2
+	golang.org/x/text v0.3.2 // indirect
+	google.golang.org/appengine v1.5.0 // indirect
 	google.golang.org/genproto v0.0.0-20191007204434-a023cd5227bd // indirect
 	google.golang.org/grpc v1.24.0 // indirect
+	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
 	gopkg.in/coreos/go-oidc.v2 v2.1.0
 	gopkg.in/square/go-jose.v2 v2.4.0 // indirect
 	gopkg.in/urfave/cli.v2 v2.0.0-20180128181224-d604b6ffeee8
diff --git a/go.sum b/go.sum
index b7c2234b..a9bef889 100644
--- a/go.sum
+++ b/go.sum
@@ -1,28 +1,19 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-contrib.go.opencensus.io/exporter/stackdriver v0.12.1/go.mod h1:iwB6wGarfphGGe/e5CWqyUk/cLzKnWsOKPVW3no6OTw=
-contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA=
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/DATA-DOG/go-sqlmock v1.3.3 h1:CWUqKXe0s8A2z6qCgkP4Kru7wC11YoAnoupUKFDnH08=
 github.com/DATA-DOG/go-sqlmock v1.3.3/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
-github.com/OpenPeeDeeP/depguard v1.0.0/go.mod h1:7/4sitnI9YlQgTLLk734QlzXT8DuHVnAyztLplQjk+o=
-github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
-github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
-github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.25.8 h1:n7I+HUUXjun2CsX7JK+1hpRIkZrlKhd3nayeb+Xmavs=
 github.com/aws/aws-sdk-go v1.25.8/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/bkaradzic/go-lz4 v1.0.0 h1:RXc4wYsyz985CkXXeX04y4VnZFGG8Rd43pRaHsOXAKk=
 github.com/bkaradzic/go-lz4 v1.0.0/go.mod h1:0YdlkowM3VswSROI7qDxhRvJ3sLhlFrRRwjwegp5jy4=
-github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/certifi/gocertifi v0.0.0-20180118203423-deb3ae2ef261 h1:6/yVvBsKeAw05IUj4AzvrxaCnDjN4nUqKjW9+w5wixg=
 github.com/certifi/gocertifi v0.0.0-20180118203423-deb3ae2ef261/go.mod h1:GJKEexRPVJrBSOjoqN5VNOIKJ5Q3RViH6eu3puDRwx4=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
@@ -34,26 +25,15 @@ github.com/cloudflare/golz4 v0.0.0-20150217214814-ef862a3cdc58 h1:F1EaeKL/ta07PY
 github.com/cloudflare/golz4 v0.0.0-20150217214814-ef862a3cdc58/go.mod h1:EOBUe0h4xcZ5GoxqC5SDxFQ8gwyZPKQoEzownBlhI80=
 github.com/coredns/coredns v1.2.0 h1:YEI38K2BJYzL/SxO2tZFD727T/C68DqVWkBQjT0sWPU=
 github.com/coredns/coredns v1.2.0/go.mod h1:zASH/MVDgR6XZTbxvOnsZfffS+31vg6Ackf/wo1+AM0=
-github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
-github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
 github.com/coreos/go-oidc v0.0.0-20171002155002-a93f71fdfe73 h1:7CNPV0LWRCa1FNmqg700pbXhzvmoaXKyfxWRkjRym7Q=
 github.com/coreos/go-oidc v0.0.0-20171002155002-a93f71fdfe73/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
-github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20190620071333-e64a0ec8b42a h1:W8b4lQ4tFF21aspRGoBuCNV6V2fFJBF+pm1J6OY8Lys=
 github.com/coreos/go-systemd v0.0.0-20190620071333-e64a0ec8b42a/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/denisenkom/go-mssqldb v0.0.0-20191001013358-cfbb681360f0 h1:epsH3lb7KVbXHYk7LYGN5EiE0MxcevHU85CKITJ0wUY=
 github.com/denisenkom/go-mssqldb v0.0.0-20191001013358-cfbb681360f0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/equinox-io/equinox v1.2.0 h1:bBS7Ou+Y7Jwgmy8TWSYxEh85WctuFn7FPlgbUzX4DBA=
 github.com/equinox-io/equinox v1.2.0/go.mod h1:6s3HJB0PYUNgs0mxmI8fHdfVl3TQ25ieA/PVfr+eyVo=
 github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51 h1:0JZ+dUmQeA8IIVUMzysrX4/AKuQwWhV2dYQuPZdvdSQ=
@@ -66,178 +46,80 @@ github.com/facebookgo/stack v0.0.0-20160209184415-751773369052 h1:JWuenKqqX8nojt
 github.com/facebookgo/stack v0.0.0-20160209184415-751773369052/go.mod h1:UbMTZqLaRiH3MsBH8va0n7s1pQYcu3uTb8G4tygF4Zg=
 github.com/facebookgo/subset v0.0.0-20150612182917-8dac2c3c4870 h1:E2s37DuLxFhQDg5gKsWoLBOB0n+ZW8s599zru8FJ2/Y=
 github.com/facebookgo/subset v0.0.0-20150612182917-8dac2c3c4870/go.mod h1:5tD+neXqOorC30/tWg0LCSkrqj/AR6gu8yY8/fpw1q0=
-github.com/fatih/color v1.6.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/getsentry/raven-go v0.0.0-20180517221441-ed7bcb39ff10 h1:YO10pIIBftO/kkTFdWhctH96grJ7qiy7bMdiZcIvPKs=
 github.com/getsentry/raven-go v0.0.0-20180517221441-ed7bcb39ff10/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.0.0-20191009160644-63518b5243e0 h1:gF8ngtda767ddth2SH0YSAhswhz6qUkvyI9EZFYCWJA=
 github.com/gliderlabs/ssh v0.0.0-20191009160644-63518b5243e0/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
-github.com/go-critic/go-critic v0.3.5-0.20190526074819-1df300866540/go.mod h1:+sE8vrLDS2M0pZkBk0wy6+nLdKexVDrl/jBqQOTDThA=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-lintpack/lintpack v0.5.2/go.mod h1:NwZuYi2nUHho8XEIZ6SIxihrnPoqBTDqfpXvXAN0sXM=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-ole/go-ole v1.2.1/go.mod h1:7FAglXiTm7HKlQRDeOQ6ZNUHidzCWXuZWq/1dTyBNF8=
 github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
-github.com/go-toolsmith/astcast v1.0.0/go.mod h1:mt2OdQTeAQcY4DQgPSArJjHCcOwlX+Wl/kwN+LbLGQ4=
-github.com/go-toolsmith/astcopy v1.0.0/go.mod h1:vrgyG+5Bxrnz4MZWPF+pI4R8h3qKRjjyvV/DSez4WVQ=
-github.com/go-toolsmith/astequal v0.0.0-20180903214952-dcb477bfacd6/go.mod h1:H+xSiq0+LtiDC11+h1G32h7Of5O3CYFJ99GVbS5lDKY=
-github.com/go-toolsmith/astequal v1.0.0/go.mod h1:H+xSiq0+LtiDC11+h1G32h7Of5O3CYFJ99GVbS5lDKY=
-github.com/go-toolsmith/astfmt v0.0.0-20180903215011-8f8ee99c3086/go.mod h1:mP93XdblcopXwlyN4X4uodxXQhldPGZbcEJIimQHrkg=
-github.com/go-toolsmith/astfmt v1.0.0/go.mod h1:cnWmsOAuq4jJY6Ct5YWlVLmcmLMn1JUPuQIHCY7CJDw=
-github.com/go-toolsmith/astinfo v0.0.0-20180906194353-9809ff7efb21/go.mod h1:dDStQCHtmZpYOmjRP/8gHHnCCch3Zz3oEgCdZVdtweU=
-github.com/go-toolsmith/astp v0.0.0-20180903215135-0af7e3c24f30/go.mod h1:SV2ur98SGypH1UjcPpCatrV5hPazG6+IfNHbkDXBRrk=
-github.com/go-toolsmith/astp v1.0.0/go.mod h1:RSyrtpVlfTFGDYRbrjyWP1pYu//tSFcvdYrA8meBmLI=
-github.com/go-toolsmith/pkgload v0.0.0-20181119091011-e9e65178eee8/go.mod h1:WoMrjiy4zvdS+Bg6z9jZH82QXwkcgCBX6nOfnmdaHks=
-github.com/go-toolsmith/pkgload v1.0.0/go.mod h1:5eFArkbO80v7Z0kdngIxsRXRMTaX4Ilcwuh3clNrQJc=
-github.com/go-toolsmith/strparse v1.0.0/go.mod h1:YI2nUKP9YGZnL/L1/DLFBfixrcjslWct4wyljWhSRy8=
-github.com/go-toolsmith/typep v1.0.0/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2Ns5AIQkATU=
-github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/golang-collections/collections v0.0.0-20130729185459-604e922904d3 h1:zN2lZNZRflqFyxVaTIU61KNKQ9C0055u9CAfpmqUvo4=
 github.com/golang-collections/collections v0.0.0-20130729185459-604e922904d3/go.mod h1:nPpo7qLxd6XL3hWJG/O60sR8ZKfMCiIoNap5GvD12KU=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.0.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4=
-github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk=
-github.com/golangci/errcheck v0.0.0-20181223084120-ef45e06d44b6/go.mod h1:DbHgvLiFKX1Sh2T1w8Q/h4NAI8MHIpzCdnBUDTXU3I0=
-github.com/golangci/go-misc v0.0.0-20180628070357-927a3d87b613/go.mod h1:SyvUF2NxV+sN8upjjeVYr5W7tyxaT1JVtvhKhOn2ii8=
-github.com/golangci/go-tools v0.0.0-20190318055746-e32c54105b7c/go.mod h1:unzUULGw35sjyOYjUt0jMTXqHlZPpPc6e+xfO4cd6mM=
-github.com/golangci/goconst v0.0.0-20180610141641-041c5f2b40f3/go.mod h1:JXrF4TWy4tXYn62/9x8Wm/K/dm06p8tCKwFRDPZG/1o=
-github.com/golangci/gocyclo v0.0.0-20180528134321-2becd97e67ee/go.mod h1:ozx7R9SIwqmqf5pRP90DhR2Oay2UIjGuKheCBCNwAYU=
-github.com/golangci/gofmt v0.0.0-20181222123516-0b8337e80d98/go.mod h1:9qCChq59u/eW8im404Q2WWTrnBUQKjpNYKMbU4M7EFU=
-github.com/golangci/golangci-lint v1.17.2-0.20190910081718-bad04bb7378f/go.mod h1:kaqo8l0OZKYPtjNmG4z4HrWLgcYNIJ9B9q3LWri9uLg=
-github.com/golangci/gosec v0.0.0-20190211064107-66fb7fc33547/go.mod h1:0qUabqiIQgfmlAmulqxyiGkkyF6/tOGSnY2cnPVwrzU=
-github.com/golangci/ineffassign v0.0.0-20190609212857-42439a7714cc/go.mod h1:e5tpTHCfVze+7EpLEozzMB3eafxo2KT5veNg1k6byQU=
-github.com/golangci/lint-1 v0.0.0-20190420132249-ee948d087217/go.mod h1:66R6K6P6VWk9I95jvqGxkqJxVWGFy9XlDwLwVz1RCFg=
-github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca/go.mod h1:tvlJhZqDe4LMs4ZHD0oMUlt9G2LWuDGoisJTBzLMV9o=
-github.com/golangci/misspell v0.0.0-20180809174111-950f5d19e770/go.mod h1:dEbvlSfYbMQDtrpRMQU675gSDLDNa8sCPPChZ7PhiVA=
-github.com/golangci/prealloc v0.0.0-20180630174525-215b22d4de21/go.mod h1:tf5+bzsHdTM0bsB7+8mt0GUMvjCgwLpTapNZHU8AajI=
-github.com/golangci/revgrep v0.0.0-20180526074752-d9c87f5ffaf0/go.mod h1:qOQCunEYvmd/TLamH+7LlVccLvUH5kZNhbCgTHoBbp4=
-github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4/go.mod h1:Izgrg8RkN3rCIMLGE9CyYmU9pY2Jer6DgANEnZ/L/cQ=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/certificate-transparency-go v1.1.0 h1:10MlrYzh5wfkToxWI4yJzffsxLfxcEDlOATMx/V9Kzw=
-github.com/google/certificate-transparency-go v1.1.0/go.mod h1:i+Q7XY+ArBveOUT36jiHGfuSK1fHICIg6sUkRxPAbCs=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/monologue v0.0.0-20190606152607-4b11a32b5934/go.mod h1:6NTfaQoUpg5QmPsCUWLR3ig33FHrKXhTtWzF0DVdmuk=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/trillian v1.2.2-0.20190612132142-05461f4df60a/go.mod h1:YPmUVn5NGwgnDUgqlVyFGMTgaWlnSvH7W5p+NdOG8UA=
-github.com/google/trillian-examples v0.0.0-20190603134952-4e75ba15216c/go.mod h1:WgL3XZ3pA8/9cm7yxqWrZE6iZkESB2ItGxy5Fo6k2lk=
 github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/gorilla/mux v1.7.3 h1:gnP5JzjVOuiZD07fKKToCAOjS0yOpj/qPETTXCCS6hw=
 github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/websocket v1.2.0 h1:VJtLvh6VQym50czpZzx07z/kw9EgAxI3x1ZB8taTMQQ=
-github.com/gorilla/websocket v1.2.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.0 h1:WDFjx/TMzVgy9VdMMQi2K2Emtwi2QcUQsztZ/zLaH/Q=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 h1:MJG/KsmcqMwFAkh8mTnAwhyKoB+sTAnY4CACC110tbU=
 github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645/go.mod h1:6iZfnjpejD4L/4DwD7NryNaJyCQdzwWwH2MWhCA90Kw=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/hcl v0.0.0-20180404174102-ef8a98b0bbce/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w=
-github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmoiron/sqlx v1.2.0 h1:41Ip0zITnmWNR/vHV+S4m+VoUivnWY5E4OJfLZjCJMA=
 github.com/jmoiron/sqlx v1.2.0/go.mod h1:1FEQNm3xlJgrMD+FBdI9+xvCksHtbpVBBw5dYhBSsks=
-github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/kisielk/gotool v0.0.0-20161130080628-0de1eaf82fa3/go.mod h1:jxZFDH7ILpTPQTk+E2s+z4CUas9lVNjIuKR4c5/zKgM=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.4.0/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
-github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
-github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
-github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kshvakov/clickhouse v1.3.11 h1:dtzTJY0fCA+MWkLyuKZaNPkmSwdX4gh8+Klic9NB1Lw=
 github.com/kshvakov/clickhouse v1.3.11/go.mod h1:/SVBAcqF3u7rxQ9sTWCZwf8jzzvxiZGeQvtmSF2BBEc=
 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4=
 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
+github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
-github.com/letsencrypt/pkcs11key v2.0.1-0.20170608213348-396559074696+incompatible/go.mod h1:iGYXKqDXt0cpBthCHdr9ZdsQwyGlYFh/+8xa4WzIQ34=
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.2.0 h1:LXpIM/LZ5xGFhOpXAQUIMM1HdyqzVYM13zNdjCEEcA0=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
-github.com/magiconair/properties v1.7.6/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA=
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
-github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.10 h1:qxFzApOv4WsAL965uUPIsXzAKCZxN2p9UqdhFS4ZW10=
 github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
-github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
-github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.11.0 h1:LDdKkqtYlom37fkvqs8rMPFKAMe8+SgjbwZ6ex1/A/Q=
 github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
-github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw=
 github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/mholt/caddy v0.0.0-20180807230124-d3b731e9255b h1:/BbY4n99iMazlr2igipph+hj0MwlZIWpcsP8Iy+na+s=
 github.com/mholt/caddy v0.0.0-20180807230124-d3b731e9255b/go.mod h1:Wb1PlT4DAYSqOEd03MsqkdkXnTxA8v9pKjdpxbqM1kY=
-github.com/miekg/dns v1.1.8 h1:1QYRAKU3lN5cRfLCkPU08hwvLJFhvjP6MqNMmQz6ZVI=
-github.com/miekg/dns v1.1.8/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/miekg/dns v1.1.27 h1:aEH/kqUzUxGJ/UHcEKdJY+ugH6WEzsEBBSPa8zuy1aM=
 github.com/miekg/dns v1.1.27/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
-github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
-github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-ps v0.0.0-20170309133038-4fdf99ab2936/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk=
-github.com/mitchellh/mapstructure v0.0.0-20180220230111-00c29f56e238/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8=
-github.com/mozilla/tls-observatory v0.0.0-20180409132520-8791a200eb40/go.mod h1:SrKMQvPiws7F7iqYp8/TX+IhxCYhzr6N/1yb8cwHsGk=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/nbutton23/zxcvbn-go v0.0.0-20160627004424-a22cb81b2ecd/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU=
-github.com/nbutton23/zxcvbn-go v0.0.0-20171102151520-eafdab6b0663/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU=
-github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
-github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/opentracing/opentracing-go v1.1.0 h1:pWlfV3Bxv7k65HYwkikxat0+s3pV4bsqf19k25Ur8rU=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
-github.com/pelletier/go-toml v1.1.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/philhofer/fwd v1.0.0 h1:UbZqGr5Y38ApvM/V/jEljVxwocdweyH+vmYvRPBnbqQ=
 github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
 github.com/pierrec/lz4 v2.0.5+incompatible h1:2xWsjqPFWcplujydGg4WmhC/6fZqK42wMM8aXeqhl0I=
@@ -257,199 +139,95 @@ github.com/prometheus/common v0.7.0 h1:L+1lyG48J1zAQXA3RBX/nG/B3gjlHq0zTt2tlbJLy
 github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA=
 github.com/prometheus/procfs v0.0.5 h1:3+auTFlqw+ZaQYJARz6ArODtkaIwtvBTx3N2NehQlL8=
 github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI=
 github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5 h1:mZHayPoR0lNmnHyvtYjDeq0zlVHn9K/ZXoy17ylucdo=
 github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5/go.mod h1:GEXHk5HgEKCvEIIrSpFI3ozzG5xOKA2DVlEX/gGnewM=
-github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
-github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rs/cors v1.6.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
-github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
-github.com/ryanuber/go-glob v0.0.0-20170128012129-256dc444b735/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
-github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
-github.com/shirou/gopsutil v0.0.0-20180427012116-c95755e4bcd7/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
-github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc=
-github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
-github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
-github.com/sirupsen/logrus v1.0.5/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
-github.com/sourcegraph/go-diff v0.5.1/go.mod h1:j2dHj3m8aZgQO8lMTcTnBcXkRRRqi34cd2MNlA9u1mE=
-github.com/spf13/afero v1.1.0/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
-github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
-github.com/spf13/cast v1.2.0/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg=
-github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cobra v0.0.2/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
-github.com/spf13/jwalterweatherman v0.0.0-20180109140146-7c0cea34c8ec/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
-github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
-github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/viper v1.0.2/go.mod h1:A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=
-github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/timakin/bodyclose v0.0.0-20190721030226-87058b9bfcec/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk=
 github.com/tinylib/msgp v1.1.0 h1:9fQd+ICuRIu/ue4vxJZu6/LzxN0HwMds2nq/0cFvxHU=
 github.com/tinylib/msgp v1.1.0/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4=
-github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
-github.com/ultraware/funlen v0.0.1/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA=
-github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
-github.com/valyala/fasthttp v1.2.0/go.mod h1:4vX61m6KN+xDduDNwXrhIAVZaZaZiQ1luJk8LWSxF3s=
-github.com/valyala/quicktemplate v1.1.1/go.mod h1:EH+4AkTd43SvgIbQHYu59/cJyxDoOVRUAfrukLPuGJ4=
-github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV9WzVtRmSR+PDvWpU/qWl4Wa5LApYYX4ZtKbio=
-github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xo/dburl v0.0.0-20191005012637-293c3298d6c0 h1:6DtWz8hNS4qbq0OCRPhdBMG9E2qKTSDKlwnP3dmZvuA=
 github.com/xo/dburl v0.0.0-20191005012637-293c3298d6c0/go.mod h1:A47W3pdWONaZmXuLZgfKLAVgUY0qvfTRM5vVDKS40S4=
-github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
-go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/etcd v3.3.13+incompatible/go.mod h1:yaeTdrJi5lOmYerz05bd8+V7KubZs8YSFZfzsF9A6aI=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc h1:c0o/qxkaO2LF5t6fQrT4b5hzyggAkLLlCUjqfRxd8Q4=
-golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/net v0.0.0-20170915142106-8351a756f30f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180911220305-26e67e76b6c3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191007182048-72f939374954 h1:JGZucVF/L/TotR719NbujzadOZ2AgnYlqphQGHDCKaU=
-golang.org/x/net v0.0.0-20191007182048-72f939374954/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191014212845-da9a3fd4c582 h1:p9xBe/w/OzkeYVKm234g55gMdD1nSIooTir5kV11kfA=
+golang.org/x/net v0.0.0-20191014212845-da9a3fd4c582/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be h1:vEDujvNQGv4jgYKudGeI/+DAX4Jffq6hpD55MmoEvKs=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20171026204733-164713f0dfce/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be h1:QAcqgptGM8IQBC9K/RC4o+O9YmqEm0diQn9QmZw/0mU=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/text v0.0.0-20170915090833-1cbadb444a80/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/sys v0.0.0-20191020212454-3e7259c5e7c2 h1:nq114VpM8lsSlP+lyUbANecYHYiFcSNFtqcBlxRV+gA=
+golang.org/x/sys v0.0.0-20191020212454-3e7259c5e7c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20170915040203-e531a2a1c15f/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181117154741-2ddaf7f79a09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190110163146-51295c7ec13a/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190121143147-24cd39ecf745/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190311215038-5c2858a9cfe5/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190322203728-c1a832b0ad89/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190521203540-521d6ed310dd/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190909030654-5b82db07426d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.5.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.6.0/go.mod h1:btoxGiFvQNVUZQ8W08zLtrVS08CNpINPEfxXxgJL1Q4=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0 h1:KxkO13IPW4Lslp2bz+KHP2E3gtFlrIGNThxkZQ3g+4c=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190605220351-eb0b1bdb6ae6/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
 google.golang.org/genproto v0.0.0-20191007204434-a023cd5227bd h1:84VQPzup3IpKLxuIAZjHMhVjJ8fZ4/i3yUnj3k6fUdw=
 google.golang.org/genproto v0.0.0-20191007204434-a023cd5227bd/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.24.0 h1:vb/1TCsVn3DcJlQ0Gs1yB1pKI6Do2/QNwxdKqmc/b0s=
 google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA=
-gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
 gopkg.in/coreos/go-oidc.v2 v2.1.0 h1:E8PjVFdj/SLDKB0hvb70KTbMbYVHjqztiQdSkIg8E+I=
 gopkg.in/coreos/go-oidc.v2 v2.1.0/go.mod h1:fYaTe2FS96wZZwR17YTDHwG+Mw6fmyqJNxN2eNCGPCI=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
-gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/square/go-jose.v2 v2.4.0 h1:0kXPskUMGAXXWJlP05ktEMOV0vmzFQUWw6d+aZJQU8A=
 gopkg.in/square/go-jose.v2 v2.4.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/urfave/cli.v2 v2.0.0-20180128181224-d604b6ffeee8 h1:/pLAskKF+d5SawboKd8GB8ew4ClHDbt2c3K9EBFeRGU=
 gopkg.in/urfave/cli.v2 v2.0.0-20180128181224-d604b6ffeee8/go.mod h1:cKXr3E0k4aosgycml1b5z33BVV6hai1Kh7uDgFOkbcs=
-gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc=
-mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4=
-mvdan.cc/unparam v0.0.0-20190209190245-fbb59629db34/go.mod h1:H6SUd1XjIs+qQCyskXg5OFSrilMRUkD8ePJpHKDPaeY=
-sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0=
 zombiezen.com/go/capnproto2 v0.0.0-20180616160808-7cfd211c19c7 h1:CZoOFlTPbKfAShKYrMuUfYbnXexFT1rYRUX1SPnrdE4=
 zombiezen.com/go/capnproto2 v0.0.0-20180616160808-7cfd211c19c7/go.mod h1:TMGa8HWGJkXiq4nHe9Zu/JgRF5oUtg4XizFC+Vexbec=
diff --git a/origin/tunnel.go b/origin/tunnel.go
index c0994100..3c44e166 100644
--- a/origin/tunnel.go
+++ b/origin/tunnel.go
@@ -660,6 +660,7 @@ func (h *TunnelHandler) serveWebsocket(stream *h2mux.MuxedStream, req *http.Requ
 	// Copy to/from stream to the undelying connection. Use the underlying
 	// connection because cloudflared doesn't operate on the message themselves
 	websocket.Stream(conn.UnderlyingConn(), stream)
+
 	return response, nil
 }
 
diff --git a/originservice/originservice.go b/originservice/originservice.go
index 2277385f..1c90dfee 100644
--- a/originservice/originservice.go
+++ b/originservice/originservice.go
@@ -105,7 +105,7 @@ func NewWebSocketService(tlsConfig *tls.Config, url *url.URL) (OriginService, er
 	}
 	shutdownC := make(chan struct{})
 	go func() {
-		websocket.StartProxyServer(log.CreateLogger(), listener, url.String(), shutdownC)
+		websocket.StartProxyServer(log.CreateLogger(), listener, url.String(), shutdownC, websocket.DefaultStreamHandler)
 	}()
 	return &WebsocketService{
 		tlsConfig: tlsConfig,
diff --git a/socks/auth_handler.go b/socks/auth_handler.go
new file mode 100644
index 00000000..6dd45b62
--- /dev/null
+++ b/socks/auth_handler.go
@@ -0,0 +1,77 @@
+package socks
+
+import (
+	"fmt"
+	"io"
+)
+
+const (
+	// NoAuth means no authentication is used when connecting
+	NoAuth = uint8(0)
+
+	// UserPassAuth means a user/password is used when connecting
+	UserPassAuth = uint8(2)
+
+	noAcceptable    = uint8(255)
+	userAuthVersion = uint8(1)
+	authSuccess     = uint8(0)
+	authFailure     = uint8(1)
+)
+
+// AuthHandler handles socks authenication requests
+type AuthHandler interface {
+	Handle(io.Reader, io.Writer) error
+	Register(uint8, Authenticator)
+}
+
+// StandardAuthHandler loads the default authenticators
+type StandardAuthHandler struct {
+	authenticators map[uint8]Authenticator
+}
+
+// NewAuthHandler creates a default auth handler
+func NewAuthHandler() AuthHandler {
+	defaults := make(map[uint8]Authenticator)
+	defaults[NoAuth] = NewNoAuthAuthenticator()
+	return &StandardAuthHandler{
+		authenticators: defaults,
+	}
+}
+
+// Register adds/replaces an Authenticator to use when handling Authentication requests
+func (h *StandardAuthHandler) Register(method uint8, a Authenticator) {
+	h.authenticators[method] = a
+}
+
+// Handle gets the methods from the SOCKS5 client and authenicates with the first supported method
+func (h *StandardAuthHandler) Handle(bufConn io.Reader, conn io.Writer) error {
+	methods, err := readMethods(bufConn)
+	if err != nil {
+		return fmt.Errorf("Failed to read auth methods: %v", err)
+	}
+
+	// first supported method is used
+	for _, method := range methods {
+		authenticator := h.authenticators[method]
+		if authenticator != nil {
+			return authenticator.Handle(bufConn, conn)
+		}
+	}
+
+	// failed to authenticate. No supported authentication type found
+	conn.Write([]byte{socks5Version, noAcceptable})
+	return fmt.Errorf("unknown authentication type")
+}
+
+// readMethods is used to read the number and type of methods
+func readMethods(r io.Reader) ([]byte, error) {
+	header := []byte{0}
+	if _, err := r.Read(header); err != nil {
+		return nil, err
+	}
+
+	numMethods := int(header[0])
+	methods := make([]byte, numMethods)
+	_, err := io.ReadAtLeast(r, methods, numMethods)
+	return methods, err
+}
diff --git a/socks/authenticator.go b/socks/authenticator.go
new file mode 100644
index 00000000..003ae358
--- /dev/null
+++ b/socks/authenticator.go
@@ -0,0 +1,87 @@
+package socks
+
+import (
+	"fmt"
+	"io"
+)
+
+// Authenticator is the connection passed in as a reader/writer to support different authentication types
+type Authenticator interface {
+	Handle(io.Reader, io.Writer) error
+}
+
+// NoAuthAuthenticator is used to handle the No Authentication mode
+type NoAuthAuthenticator struct{}
+
+// NewNoAuthAuthenticator creates a authless Authenticator
+func NewNoAuthAuthenticator() Authenticator {
+	return &NoAuthAuthenticator{}
+}
+
+// Handle writes back the version and NoAuth
+func (a *NoAuthAuthenticator) Handle(reader io.Reader, writer io.Writer) error {
+	_, err := writer.Write([]byte{socks5Version, NoAuth})
+	return err
+}
+
+// UserPassAuthAuthenticator is used to handle the user/password mode
+type UserPassAuthAuthenticator struct {
+	IsValid func(string, string) bool
+}
+
+// NewUserPassAuthAuthenticator creates a new username/password validator Authenticator
+func NewUserPassAuthAuthenticator(isValid func(string, string) bool) Authenticator {
+	return &UserPassAuthAuthenticator{
+		IsValid: isValid,
+	}
+}
+
+// Handle writes back the version and NoAuth
+func (a *UserPassAuthAuthenticator) Handle(reader io.Reader, writer io.Writer) error {
+	if _, err := writer.Write([]byte{socks5Version, UserPassAuth}); err != nil {
+		return err
+	}
+
+	// Get the version and username length
+	header := []byte{0, 0}
+	if _, err := io.ReadAtLeast(reader, header, 2); err != nil {
+		return err
+	}
+
+	// Ensure compatibility. Someone call E-harmony
+	if header[0] != userAuthVersion {
+		return fmt.Errorf("Unsupported auth version: %v", header[0])
+	}
+
+	// Get the user name
+	userLen := int(header[1])
+	user := make([]byte, userLen)
+	if _, err := io.ReadAtLeast(reader, user, userLen); err != nil {
+		return err
+	}
+
+	// Get the password length
+	if _, err := reader.Read(header[:1]); err != nil {
+		return err
+	}
+
+	// Get the password
+	passLen := int(header[0])
+	pass := make([]byte, passLen)
+	if _, err := io.ReadAtLeast(reader, pass, passLen); err != nil {
+		return err
+	}
+
+	// Verify the password
+	if a.IsValid(string(user), string(pass)) {
+		_, err := writer.Write([]byte{userAuthVersion, authSuccess})
+		return err
+	}
+
+	// password failed. Write back failure
+	if _, err := writer.Write([]byte{userAuthVersion, authFailure}); err != nil {
+		return err
+	}
+
+	return fmt.Errorf("User authentication failed")
+}
diff --git a/socks/connection_handler.go b/socks/connection_handler.go
new file mode 100644
index 00000000..39016f6c
--- /dev/null
+++ b/socks/connection_handler.go
@@ -0,0 +1,57 @@
+package socks
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+)
+
+// ConnectionHandler is the Serve method to handle connections
+// from a local TCP listener of the standard library (net.Listener)
+type ConnectionHandler interface {
+	Serve(io.ReadWriter) error
+}
+
+// StandardConnectionHandler is the base implementation of handling SOCKS5 requests
+type StandardConnectionHandler struct {
+	requestHandler RequestHandler
+	authHandler    AuthHandler
+}
+
+// NewConnectionHandler creates a standard SOCKS5 connection handler
+// This process connections from a generic TCP listener from the standard library
+func NewConnectionHandler(requestHandler RequestHandler) ConnectionHandler {
+	return &StandardConnectionHandler{
+		requestHandler: requestHandler,
+		authHandler:    NewAuthHandler(),
+	}
+}
+
+// Serve process new connection created after calling `Accept()` in the standard library
+func (h *StandardConnectionHandler) Serve(c io.ReadWriter) error {
+	bufConn := bufio.NewReader(c)
+
+	// read the version byte
+	version := []byte{0}
+	if _, err := bufConn.Read(version); err != nil {
+		return err
+	}
+
+	// ensure compatibility
+	if version[0] != socks5Version {
+		return fmt.Errorf("Unsupported SOCKS version: %v", version)
+	}
+
+	// handle auth
+	if err := h.authHandler.Handle(bufConn, c); err != nil {
+		return err
+	}
+
+	// process command/request
+	req, err := NewRequest(bufConn)
+	if err != nil {
+		return err
+	}
+
+	return h.requestHandler.Handle(req, c)
+}
diff --git a/socks/connection_handler_test.go b/socks/connection_handler_test.go
new file mode 100644
index 00000000..8fb9dda3
--- /dev/null
+++ b/socks/connection_handler_test.go
@@ -0,0 +1,88 @@
+package socks
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"golang.org/x/net/proxy"
+)
+
+type successResponse struct {
+	Status string `json:"status"`
+}
+
+func sendSocksRequest(t *testing.T) []byte {
+	dialer, err := proxy.SOCKS5("tcp", "127.0.0.1:8086", nil, proxy.Direct)
+	assert.NoError(t, err)
+
+	httpTransport := &http.Transport{}
+	httpClient := &http.Client{Transport: httpTransport}
+	// set our socks5 as the dialer
+	httpTransport.Dial = dialer.Dial
+
+	req, err := http.NewRequest("GET", "http://127.0.0.1:8085", nil)
+	assert.NoError(t, err)
+
+	resp, err := httpClient.Do(req)
+	assert.NoError(t, err)
+	defer resp.Body.Close()
+
+	b, err := ioutil.ReadAll(resp.Body)
+	assert.NoError(t, err)
+
+	return b
+}
+
+func startTestServer(t *testing.T, httpHandler func(w http.ResponseWriter, r *http.Request)) {
+	// create a socks server
+	requestHandler := NewRequestHandler(NewNetDialer())
+	socksServer := NewConnectionHandler(requestHandler)
+	listener, err := net.Listen("tcp", ":8086")
+	assert.NoError(t, err)
+
+	go func() {
+		defer listener.Close()
+		for {
+			conn, _ := listener.Accept()
+			go socksServer.Serve(conn)
+		}
+	}()
+
+	// create an http server
+	mux := http.NewServeMux()
+	mux.HandleFunc("/", httpHandler)
+
+	// start the servers
+	go http.ListenAndServe(":8085", mux)
+
+}
+
+func respondWithJSON(w http.ResponseWriter, v interface{}, status int) {
+	data, _ := json.Marshal(v)
+
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(status)
+	w.Write(data)
+}
+
+func OkJSONResponseHandler(w http.ResponseWriter, r *http.Request) {
+	resp := successResponse{
+		Status: "ok",
+	}
+	respondWithJSON(w, resp, http.StatusOK)
+}
+
+func TestSocksConnection(t *testing.T) {
+	startTestServer(t, OkJSONResponseHandler)
+	b := sendSocksRequest(t)
+	assert.True(t, len(b) > 0, "no data returned!")
+
+	var resp successResponse
+	json.Unmarshal(b, &resp)
+
+	assert.True(t, resp.Status == "ok", "response didn't return ok")
+}
diff --git a/socks/dialer.go b/socks/dialer.go
new file mode 100644
index 00000000..76258c81
--- /dev/null
+++ b/socks/dialer.go
@@ -0,0 +1,57 @@
+package socks
+
+import (
+	"fmt"
+	"io"
+	"net"
+)
+
+// Dialer is used to provided the transport of the proxy
+type Dialer interface {
+	Dial(string) (io.ReadWriteCloser, *AddrSpec, error)
+}
+
+// NetDialer is a standard TCP dialer
+type NetDialer struct {
+}
+
+// NewNetDialer creates a new dialer
+func NewNetDialer() Dialer {
+	return &NetDialer{}
+}
+
+// Dial is a base TCP dialer
+func (d *NetDialer) Dial(address string) (io.ReadWriteCloser, *AddrSpec, error) {
+	c, err := net.Dial("tcp", address)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	local := c.LocalAddr().(*net.TCPAddr)
+	addr := AddrSpec{IP: local.IP, Port: local.Port}
+
+	return c, &addr, nil
+}
+
+// ConnDialer is like NetDialer but with an existing TCP dialer already created
+type ConnDialer struct {
+	conn net.Conn
+}
+
+// NewConnDialer creates a new dialer with a already created net.conn (TCP expected)
+func NewConnDialer(conn net.Conn) Dialer {
+	return &ConnDialer{
+		conn: conn,
+	}
+}
+
+// Dial is a TCP dialer but already created
+func (d *ConnDialer) Dial(address string) (io.ReadWriteCloser, *AddrSpec, error) {
+	local, ok := d.conn.LocalAddr().(*net.TCPAddr)
+	if !ok {
+		return nil, nil, fmt.Errorf("not a tcp connection")
+	}
+
+	addr := AddrSpec{IP: local.IP, Port: local.Port}
+	return d.conn, &addr, nil
+}
diff --git a/socks/request.go b/socks/request.go
new file mode 100644
index 00000000..896bf78a
--- /dev/null
+++ b/socks/request.go
@@ -0,0 +1,195 @@
+package socks
+
+import (
+	"fmt"
+	"io"
+	"net"
+	"strconv"
+)
+
+const (
+	// version
+	socks5Version = uint8(5)
+
+	// commands https://tools.ietf.org/html/rfc1928#section-4
+	connectCommand   = uint8(1)
+	bindCommand      = uint8(2)
+	associateCommand = uint8(3)
+
+	// address types
+	ipv4Address = uint8(1)
+	fqdnAddress = uint8(3)
+	ipv6Address = uint8(4)
+)
+
+// https://tools.ietf.org/html/rfc1928#section-6
+const (
+	successReply uint8 = iota
+	serverFailure
+	ruleFailure
+	networkUnreachable
+	hostUnreachable
+	connectionRefused
+	ttlExpired
+	commandNotSupported
+	addrTypeNotSupported
+)
+
+// AddrSpec is used to return the target IPv4, IPv6, or a FQDN
+type AddrSpec struct {
+	FQDN string
+	IP   net.IP
+	Port int
+}
+
+// String gives a host version of the Address
+func (a *AddrSpec) String() string {
+	if a.FQDN != "" {
+		return fmt.Sprintf("%s (%s):%d", a.FQDN, a.IP, a.Port)
+	}
+	return fmt.Sprintf("%s:%d", a.IP, a.Port)
+}
+
+// Address returns a string suitable to dial; prefer returning IP-based
+// address, fallback to FQDN
+func (a AddrSpec) Address() string {
+	if len(a.IP) != 0 {
+		return net.JoinHostPort(a.IP.String(), strconv.Itoa(a.Port))
+	}
+	return net.JoinHostPort(a.FQDN, strconv.Itoa(a.Port))
+}
+
+// Request is a SOCKS5 command with supporting field of the connection
+type Request struct {
+	// Protocol version
+	Version uint8
+	// Requested command
+	Command uint8
+	// AddrSpec of the destination
+	DestAddr *AddrSpec
+	// reading from the connection
+	bufConn io.Reader
+}
+
+// NewRequest creates a new request from the connection data stream
+func NewRequest(bufConn io.Reader) (*Request, error) {
+	// Read the version byte
+	header := []byte{0, 0, 0}
+	if _, err := io.ReadAtLeast(bufConn, header, 3); err != nil {
+		return nil, fmt.Errorf("Failed to get command version: %v", err)
+	}
+
+	// ensure compatibility
+	if header[0] != socks5Version {
+		return nil, fmt.Errorf("Unsupported command version: %v", header[0])
+	}
+
+	// Read in the destination address
+	dest, err := readAddrSpec(bufConn)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Request{
+		Version:  socks5Version,
+		Command:  header[1],
+		DestAddr: dest,
+		bufConn:  bufConn,
+	}, nil
+}
+
+func sendReply(w io.Writer, resp uint8, addr *AddrSpec) error {
+	var addrType uint8
+	var addrBody []byte
+	var addrPort uint16
+	switch {
+	case addr == nil:
+		addrType = ipv4Address
+		addrBody = []byte{0, 0, 0, 0}
+		addrPort = 0
+
+	case addr.FQDN != "":
+		addrType = fqdnAddress
+		addrBody = append([]byte{byte(len(addr.FQDN))}, addr.FQDN...)
+		addrPort = uint16(addr.Port)
+
+	case addr.IP.To4() != nil:
+		addrType = ipv4Address
+		addrBody = []byte(addr.IP.To4())
+		addrPort = uint16(addr.Port)
+
+	case addr.IP.To16() != nil:
+		addrType = ipv6Address
+		addrBody = []byte(addr.IP.To16())
+		addrPort = uint16(addr.Port)
+
+	default:
+		return fmt.Errorf("Failed to format address: %v", addr)
+	}
+
+	// Format the message
+	msg := make([]byte, 6+len(addrBody))
+	msg[0] = socks5Version
+	msg[1] = resp
+	msg[2] = 0 // Reserved
+	msg[3] = addrType
+	copy(msg[4:], addrBody)
+	msg[4+len(addrBody)] = byte(addrPort >> 8)
+	msg[4+len(addrBody)+1] = byte(addrPort & 0xff)
+
+	// Send the message
+	_, err := w.Write(msg)
+	return err
+}
+
+// readAddrSpec is used to read AddrSpec.
+// Expects an address type byte, followed by the address and port
+func readAddrSpec(r io.Reader) (*AddrSpec, error) {
+	d := &AddrSpec{}
+
+	// Get the address type
+	addrType := []byte{0}
+	if _, err := r.Read(addrType); err != nil {
+		return nil, err
+	}
+
+	// Handle on a per type basis
+	switch addrType[0] {
+	case ipv4Address:
+		addr := make([]byte, 4)
+		if _, err := io.ReadAtLeast(r, addr, len(addr)); err != nil {
+			return nil, err
+		}
+		d.IP = net.IP(addr)
+
+	case ipv6Address:
+		addr := make([]byte, 16)
+		if _, err := io.ReadAtLeast(r, addr, len(addr)); err != nil {
+			return nil, err
+		}
+		d.IP = net.IP(addr)
+
+	case fqdnAddress:
+		if _, err := r.Read(addrType); err != nil {
+			return nil, err
+		}
+		addrLen := int(addrType[0])
+		fqdn := make([]byte, addrLen)
+		if _, err := io.ReadAtLeast(r, fqdn, addrLen); err != nil {
+			return nil, err
+		}
+		d.FQDN = string(fqdn)
+
+	default:
+		return nil, fmt.Errorf("Unrecognized address type")
+	}
+
+	// Read the port
+	port := []byte{0, 0}
+	if _, err := io.ReadAtLeast(r, port, 2); err != nil {
+		return nil, err
+	}
+	d.Port = (int(port[0]) << 8) | int(port[1])
+
+	return d, nil
+}
diff --git a/socks/request_handler.go b/socks/request_handler.go
new file mode 100644
index 00000000..fdb5a9fd
--- /dev/null
+++ b/socks/request_handler.go
@@ -0,0 +1,106 @@
+package socks
+
+import (
+	"fmt"
+	"io"
+	"strings"
+)
+
+// RequestHandler is the functions needed to handle a SOCKS5 command
+type RequestHandler interface {
+	Handle(*Request, io.ReadWriter) error
+}
+
+// StandardRequestHandler implements the base socks5 command processing
+type StandardRequestHandler struct {
+	dialer Dialer
+}
+
+// NewRequestHandler creates a standard SOCKS5 request handler
+// This handles the SOCKS5 commands and proxies them to their destination
+func NewRequestHandler(dialer Dialer) RequestHandler {
+	return &StandardRequestHandler{
+		dialer: dialer,
+	}
+}
+
+// Handle processes and responds to socks5 commands
+func (h *StandardRequestHandler) Handle(req *Request, conn io.ReadWriter) error {
+	switch req.Command {
+	case connectCommand:
+		return h.handleConnect(conn, req)
+	case bindCommand:
+		return h.handleBind(conn, req)
+	case associateCommand:
+		return h.handleAssociate(conn, req)
+	default:
+		if err := sendReply(conn, commandNotSupported, nil); err != nil {
+			return fmt.Errorf("Failed to send reply: %v", err)
+		}
+		return fmt.Errorf("Unsupported command: %v", req.Command)
+	}
+}
+
+// handleConnect is used to handle a connect command
+func (h *StandardRequestHandler) handleConnect(conn io.ReadWriter, req *Request) error {
+	target, localAddr, err := h.dialer.Dial(req.DestAddr.Address())
+	if err != nil {
+		msg := err.Error()
+		resp := hostUnreachable
+		if strings.Contains(msg, "refused") {
+			resp = connectionRefused
+		} else if strings.Contains(msg, "network is unreachable") {
+			resp = networkUnreachable
+		}
+		if err := sendReply(conn, resp, nil); err != nil {
+			return fmt.Errorf("Failed to send reply: %v", err)
+		}
+		return fmt.Errorf("Connect to %v failed: %v", req.DestAddr, err)
+	}
+	defer target.Close()
+
+	// Send success
+	if err := sendReply(conn, successReply, localAddr); err != nil {
+		return fmt.Errorf("Failed to send reply: %v", err)
+	}
+
+	// Start proxying
+	proxyDone := make(chan error, 2)
+
+	go func() {
+		_, e := io.Copy(target, req.bufConn)
+		proxyDone <- e
+	}()
+
+	go func() {
+		_, e := io.Copy(conn, target)
+		proxyDone <- e
+	}()
+
+	// Wait for both
+	for i := 0; i < 2; i++ {
+		e := <-proxyDone
+		if e != nil {
+			return e
+		}
+	}
+	return nil
+}
+
+// handleBind is used to handle a bind command
+// TODO: Support bind command
+func (h *StandardRequestHandler) handleBind(conn io.ReadWriter, req *Request) error {
+	if err := sendReply(conn, commandNotSupported, nil); err != nil {
+		return fmt.Errorf("Failed to send reply: %v", err)
+	}
+	return nil
+}
+
+// handleAssociate is used to handle a connect command
+// TODO: Support associate command
+func (h *StandardRequestHandler) handleAssociate(conn io.ReadWriter, req *Request) error {
+	if err := sendReply(conn, commandNotSupported, nil); err != nil {
+		return fmt.Errorf("Failed to send reply: %v", err)
+	}
+	return nil
+}
diff --git a/socks/request_handler_test.go b/socks/request_handler_test.go
new file mode 100644
index 00000000..8a6d51c7
--- /dev/null
+++ b/socks/request_handler_test.go
@@ -0,0 +1,28 @@
+package socks
+
+import (
+	"bytes"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestUnsupportedBind(t *testing.T) {
+	req := createRequest(t, socks5Version, bindCommand, "2001:db8::68", 1337, false)
+	var b bytes.Buffer
+
+	requestHandler := NewRequestHandler(NewNetDialer())
+	err := requestHandler.Handle(req, &b)
+	assert.NoError(t, err)
+	assert.True(t, b.Bytes()[1] == commandNotSupported, "expected a response")
+}
+
+func TestUnsupportedAssociate(t *testing.T) {
+	req := createRequest(t, socks5Version, associateCommand, "127.0.0.1", 1337, false)
+	var b bytes.Buffer
+
+	requestHandler := NewRequestHandler(NewNetDialer())
+	err := requestHandler.Handle(req, &b)
+	assert.NoError(t, err)
+	assert.True(t, b.Bytes()[1] == commandNotSupported, "expected a response")
+}
diff --git a/socks/request_test.go b/socks/request_test.go
new file mode 100644
index 00000000..c436b2d7
--- /dev/null
+++ b/socks/request_test.go
@@ -0,0 +1,69 @@
+package socks
+
+import (
+	"bytes"
+	"encoding/binary"
+	"net"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func createRequestData(version, command uint8, ip net.IP, port uint16) []byte {
+	// set the command
+	b := []byte{version, command, 0}
+
+	// append the ip
+	if len(ip) == net.IPv4len {
+		b = append(b, 1)
+		b = append(b, ip.To4()...)
+	} else {
+		b = append(b, 4)
+		b = append(b, ip.To16()...)
+	}
+
+	// append the port
+	p := []byte{0, 0}
+	binary.BigEndian.PutUint16(p, port)
+	b = append(b, p...)
+
+	return b
+}
+
+func createRequest(t *testing.T, version, command uint8, ipStr string, port uint16, shouldFail bool) *Request {
+	ip := net.ParseIP(ipStr)
+	data := createRequestData(version, command, ip, port)
+	reader := bytes.NewReader(data)
+	req, err := NewRequest(reader)
+	if shouldFail {
+		assert.Error(t, err)
+		return nil
+	}
+	assert.NoError(t, err)
+	assert.True(t, req.Version == socks5Version, "version doesn't match expectation: %v", req.Version)
+	assert.True(t, req.Command == command, "command doesn't match expectation: %v", req.Command)
+	assert.True(t, req.DestAddr.Port == int(port), "port doesn't match expectation: %v", req.DestAddr.Port)
+	assert.True(t, req.DestAddr.IP.String() == ipStr, "ip doesn't match expectation: %v", req.DestAddr.IP.String())
+
+	return req
+}
+
+func TestValidConnectRequest(t *testing.T) {
+	createRequest(t, socks5Version, connectCommand, "127.0.0.1", 1337, false)
+}
+
+func TestValidBindRequest(t *testing.T) {
+	createRequest(t, socks5Version, bindCommand, "2001:db8::68", 1337, false)
+}
+
+func TestValidAssociateRequest(t *testing.T) {
+	createRequest(t, socks5Version, associateCommand, "127.0.0.1", 1234, false)
+}
+
+func TestInValidVersionRequest(t *testing.T) {
+	createRequest(t, 4, connectCommand, "127.0.0.1", 1337, true)
+}
+
+func TestInValidIPRequest(t *testing.T) {
+	createRequest(t, 4, connectCommand, "127.0.01", 1337, true)
+}
diff --git a/vendor/golang.org/x/net/http2/pipe.go b/vendor/golang.org/x/net/http2/pipe.go
index a6140099..2a5399ec 100644
--- a/vendor/golang.org/x/net/http2/pipe.go
+++ b/vendor/golang.org/x/net/http2/pipe.go
@@ -17,6 +17,7 @@ type pipe struct {
 	mu       sync.Mutex
 	c        sync.Cond     // c.L lazily initialized to &p.mu
 	b        pipeBuffer    // nil when done reading
+	unread   int           // bytes unread when done
 	err      error         // read error once empty. non-nil means closed.
 	breakErr error         // immediate read error (caller doesn't see rest of b)
 	donec    chan struct{} // closed on error
@@ -33,7 +34,7 @@ func (p *pipe) Len() int {
 	p.mu.Lock()
 	defer p.mu.Unlock()
 	if p.b == nil {
-		return 0
+		return p.unread
 	}
 	return p.b.Len()
 }
@@ -80,6 +81,7 @@ func (p *pipe) Write(d []byte) (n int, err error) {
 		return 0, errClosedPipeWrite
 	}
 	if p.breakErr != nil {
+		p.unread += len(d)
 		return len(d), nil // discard when there is no reader
 	}
 	return p.b.Write(d)
@@ -117,6 +119,9 @@ func (p *pipe) closeWithError(dst *error, err error, fn func()) {
 	}
 	p.readFn = fn
 	if dst == &p.breakErr {
+		if p.b != nil {
+			p.unread += p.b.Len()
+		}
 		p.b = nil
 	}
 	*dst = err
diff --git a/vendor/golang.org/x/net/http2/server.go b/vendor/golang.org/x/net/http2/server.go
index b7524ba2..d2ba820c 100644
--- a/vendor/golang.org/x/net/http2/server.go
+++ b/vendor/golang.org/x/net/http2/server.go
@@ -2415,7 +2415,11 @@ func (rws *responseWriterState) writeChunk(p []byte) (n int, err error) {
 			clen = strconv.Itoa(len(p))
 		}
 		_, hasContentType := rws.snapHeader["Content-Type"]
-		if !hasContentType && bodyAllowedForStatus(rws.status) && len(p) > 0 {
+		// If the Content-Encoding is non-blank, we shouldn't
+		// sniff the body. See Issue golang.org/issue/31753.
+		ce := rws.snapHeader.Get("Content-Encoding")
+		hasCE := len(ce) > 0
+		if !hasCE && !hasContentType && bodyAllowedForStatus(rws.status) && len(p) > 0 {
 			ctype = http.DetectContentType(p)
 		}
 		var date string
diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go
index c51a73c0..42ad1814 100644
--- a/vendor/golang.org/x/net/http2/transport.go
+++ b/vendor/golang.org/x/net/http2/transport.go
@@ -603,7 +603,7 @@ func (t *Transport) expectContinueTimeout() time.Duration {
 }
 
 func (t *Transport) NewClientConn(c net.Conn) (*ClientConn, error) {
-	return t.newClientConn(c, false)
+	return t.newClientConn(c, t.disableKeepAlives())
 }
 
 func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, error) {
@@ -1478,7 +1478,29 @@ func (cc *ClientConn) encodeHeaders(req *http.Request, addGzipHeader bool, trail
 				if vv[0] == "" {
 					continue
 				}
-
+			} else if strings.EqualFold(k, "cookie") {
+				// Per 8.1.2.5 To allow for better compression efficiency, the
+				// Cookie header field MAY be split into separate header fields,
+				// each with one or more cookie-pairs.
+				for _, v := range vv {
+					for {
+						p := strings.IndexByte(v, ';')
+						if p < 0 {
+							break
+						}
+						f("cookie", v[:p])
+						p++
+						// strip space after semicolon if any.
+						for p+1 <= len(v) && v[p] == ' ' {
+							p++
+						}
+						v = v[p:]
+					}
+					if len(v) > 0 {
+						f("cookie", v)
+					}
+				}
+				continue
 			}
 
 			for _, v := range vv {
diff --git a/vendor/golang.org/x/net/internal/socks/client.go b/vendor/golang.org/x/net/internal/socks/client.go
new file mode 100644
index 00000000..3d6f516a
--- /dev/null
+++ b/vendor/golang.org/x/net/internal/socks/client.go
@@ -0,0 +1,168 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package socks
+
+import (
+	"context"
+	"errors"
+	"io"
+	"net"
+	"strconv"
+	"time"
+)
+
+var (
+	noDeadline   = time.Time{}
+	aLongTimeAgo = time.Unix(1, 0)
+)
+
+func (d *Dialer) connect(ctx context.Context, c net.Conn, address string) (_ net.Addr, ctxErr error) {
+	host, port, err := splitHostPort(address)
+	if err != nil {
+		return nil, err
+	}
+	if deadline, ok := ctx.Deadline(); ok && !deadline.IsZero() {
+		c.SetDeadline(deadline)
+		defer c.SetDeadline(noDeadline)
+	}
+	if ctx != context.Background() {
+		errCh := make(chan error, 1)
+		done := make(chan struct{})
+		defer func() {
+			close(done)
+			if ctxErr == nil {
+				ctxErr = <-errCh
+			}
+		}()
+		go func() {
+			select {
+			case <-ctx.Done():
+				c.SetDeadline(aLongTimeAgo)
+				errCh <- ctx.Err()
+			case <-done:
+				errCh <- nil
+			}
+		}()
+	}
+
+	b := make([]byte, 0, 6+len(host)) // the size here is just an estimate
+	b = append(b, Version5)
+	if len(d.AuthMethods) == 0 || d.Authenticate == nil {
+		b = append(b, 1, byte(AuthMethodNotRequired))
+	} else {
+		ams := d.AuthMethods
+		if len(ams) > 255 {
+			return nil, errors.New("too many authentication methods")
+		}
+		b = append(b, byte(len(ams)))
+		for _, am := range ams {
+			b = append(b, byte(am))
+		}
+	}
+	if _, ctxErr = c.Write(b); ctxErr != nil {
+		return
+	}
+
+	if _, ctxErr = io.ReadFull(c, b[:2]); ctxErr != nil {
+		return
+	}
+	if b[0] != Version5 {
+		return nil, errors.New("unexpected protocol version " + strconv.Itoa(int(b[0])))
+	}
+	am := AuthMethod(b[1])
+	if am == AuthMethodNoAcceptableMethods {
+		return nil, errors.New("no acceptable authentication methods")
+	}
+	if d.Authenticate != nil {
+		if ctxErr = d.Authenticate(ctx, c, am); ctxErr != nil {
+			return
+		}
+	}
+
+	b = b[:0]
+	b = append(b, Version5, byte(d.cmd), 0)
+	if ip := net.ParseIP(host); ip != nil {
+		if ip4 := ip.To4(); ip4 != nil {
+			b = append(b, AddrTypeIPv4)
+			b = append(b, ip4...)
+		} else if ip6 := ip.To16(); ip6 != nil {
+			b = append(b, AddrTypeIPv6)
+			b = append(b, ip6...)
+		} else {
+			return nil, errors.New("unknown address type")
+		}
+	} else {
+		if len(host) > 255 {
+			return nil, errors.New("FQDN too long")
+		}
+		b = append(b, AddrTypeFQDN)
+		b = append(b, byte(len(host)))
+		b = append(b, host...)
+	}
+	b = append(b, byte(port>>8), byte(port))
+	if _, ctxErr = c.Write(b); ctxErr != nil {
+		return
+	}
+
+	if _, ctxErr = io.ReadFull(c, b[:4]); ctxErr != nil {
+		return
+	}
+	if b[0] != Version5 {
+		return nil, errors.New("unexpected protocol version " + strconv.Itoa(int(b[0])))
+	}
+	if cmdErr := Reply(b[1]); cmdErr != StatusSucceeded {
+		return nil, errors.New("unknown error " + cmdErr.String())
+	}
+	if b[2] != 0 {
+		return nil, errors.New("non-zero reserved field")
+	}
+	l := 2
+	var a Addr
+	switch b[3] {
+	case AddrTypeIPv4:
+		l += net.IPv4len
+		a.IP = make(net.IP, net.IPv4len)
+	case AddrTypeIPv6:
+		l += net.IPv6len
+		a.IP = make(net.IP, net.IPv6len)
+	case AddrTypeFQDN:
+		if _, err := io.ReadFull(c, b[:1]); err != nil {
+			return nil, err
+		}
+		l += int(b[0])
+	default:
+		return nil, errors.New("unknown address type " + strconv.Itoa(int(b[3])))
+	}
+	if cap(b) < l {
+		b = make([]byte, l)
+	} else {
+		b = b[:l]
+	}
+	if _, ctxErr = io.ReadFull(c, b); ctxErr != nil {
+		return
+	}
+	if a.IP != nil {
+		copy(a.IP, b)
+	} else {
+		a.Name = string(b[:len(b)-2])
+	}
+	a.Port = int(b[len(b)-2])<<8 | int(b[len(b)-1])
+	return &a, nil
+}
+
+func splitHostPort(address string) (string, int, error) {
+	host, port, err := net.SplitHostPort(address)
+	if err != nil {
+		return "", 0, err
+	}
+	portnum, err := strconv.Atoi(port)
+	if err != nil {
+		return "", 0, err
+	}
+	if 1 > portnum || portnum > 0xffff {
+		return "", 0, errors.New("port number out of range " + port)
+	}
+	return host, portnum, nil
+}
diff --git a/vendor/golang.org/x/net/internal/socks/socks.go b/vendor/golang.org/x/net/internal/socks/socks.go
new file mode 100644
index 00000000..97db2340
--- /dev/null
+++ b/vendor/golang.org/x/net/internal/socks/socks.go
@@ -0,0 +1,317 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package socks provides a SOCKS version 5 client implementation.
+//
+// SOCKS protocol version 5 is defined in RFC 1928.
+// Username/Password authentication for SOCKS version 5 is defined in
+// RFC 1929.
+package socks
+
+import (
+	"context"
+	"errors"
+	"io"
+	"net"
+	"strconv"
+)
+
+// A Command represents a SOCKS command.
+type Command int
+
+func (cmd Command) String() string {
+	switch cmd {
+	case CmdConnect:
+		return "socks connect"
+	case cmdBind:
+		return "socks bind"
+	default:
+		return "socks " + strconv.Itoa(int(cmd))
+	}
+}
+
+// An AuthMethod represents a SOCKS authentication method.
+type AuthMethod int
+
+// A Reply represents a SOCKS command reply code.
+type Reply int
+
+func (code Reply) String() string {
+	switch code {
+	case StatusSucceeded:
+		return "succeeded"
+	case 0x01:
+		return "general SOCKS server failure"
+	case 0x02:
+		return "connection not allowed by ruleset"
+	case 0x03:
+		return "network unreachable"
+	case 0x04:
+		return "host unreachable"
+	case 0x05:
+		return "connection refused"
+	case 0x06:
+		return "TTL expired"
+	case 0x07:
+		return "command not supported"
+	case 0x08:
+		return "address type not supported"
+	default:
+		return "unknown code: " + strconv.Itoa(int(code))
+	}
+}
+
+// Wire protocol constants.
+const (
+	Version5 = 0x05
+
+	AddrTypeIPv4 = 0x01
+	AddrTypeFQDN = 0x03
+	AddrTypeIPv6 = 0x04
+
+	CmdConnect Command = 0x01 // establishes an active-open forward proxy connection
+	cmdBind    Command = 0x02 // establishes a passive-open forward proxy connection
+
+	AuthMethodNotRequired         AuthMethod = 0x00 // no authentication required
+	AuthMethodUsernamePassword    AuthMethod = 0x02 // use username/password
+	AuthMethodNoAcceptableMethods AuthMethod = 0xff // no acceptable authentication methods
+
+	StatusSucceeded Reply = 0x00
+)
+
+// An Addr represents a SOCKS-specific address.
+// Either Name or IP is used exclusively.
+type Addr struct {
+	Name string // fully-qualified domain name
+	IP   net.IP
+	Port int
+}
+
+func (a *Addr) Network() string { return "socks" }
+
+func (a *Addr) String() string {
+	if a == nil {
+		return "<nil>"
+	}
+	port := strconv.Itoa(a.Port)
+	if a.IP == nil {
+		return net.JoinHostPort(a.Name, port)
+	}
+	return net.JoinHostPort(a.IP.String(), port)
+}
+
+// A Conn represents a forward proxy connection.
+type Conn struct {
+	net.Conn
+
+	boundAddr net.Addr
+}
+
+// BoundAddr returns the address assigned by the proxy server for
+// connecting to the command target address from the proxy server.
+func (c *Conn) BoundAddr() net.Addr {
+	if c == nil {
+		return nil
+	}
+	return c.boundAddr
+}
+
+// A Dialer holds SOCKS-specific options.
+type Dialer struct {
+	cmd          Command // either CmdConnect or cmdBind
+	proxyNetwork string  // network between a proxy server and a client
+	proxyAddress string  // proxy server address
+
+	// ProxyDial specifies the optional dial function for
+	// establishing the transport connection.
+	ProxyDial func(context.Context, string, string) (net.Conn, error)
+
+	// AuthMethods specifies the list of request authentication
+	// methods.
+	// If empty, SOCKS client requests only AuthMethodNotRequired.
+	AuthMethods []AuthMethod
+
+	// Authenticate specifies the optional authentication
+	// function. It must be non-nil when AuthMethods is not empty.
+	// It must return an error when the authentication is failed.
+	Authenticate func(context.Context, io.ReadWriter, AuthMethod) error
+}
+
+// DialContext connects to the provided address on the provided
+// network.
+//
+// The returned error value may be a net.OpError. When the Op field of
+// net.OpError contains "socks", the Source field contains a proxy
+// server address and the Addr field contains a command target
+// address.
+//
+// See func Dial of the net package of standard library for a
+// description of the network and address parameters.
+func (d *Dialer) DialContext(ctx context.Context, network, address string) (net.Conn, error) {
+	if err := d.validateTarget(network, address); err != nil {
+		proxy, dst, _ := d.pathAddrs(address)
+		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err}
+	}
+	if ctx == nil {
+		proxy, dst, _ := d.pathAddrs(address)
+		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: errors.New("nil context")}
+	}
+	var err error
+	var c net.Conn
+	if d.ProxyDial != nil {
+		c, err = d.ProxyDial(ctx, d.proxyNetwork, d.proxyAddress)
+	} else {
+		var dd net.Dialer
+		c, err = dd.DialContext(ctx, d.proxyNetwork, d.proxyAddress)
+	}
+	if err != nil {
+		proxy, dst, _ := d.pathAddrs(address)
+		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err}
+	}
+	a, err := d.connect(ctx, c, address)
+	if err != nil {
+		c.Close()
+		proxy, dst, _ := d.pathAddrs(address)
+		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err}
+	}
+	return &Conn{Conn: c, boundAddr: a}, nil
+}
+
+// DialWithConn initiates a connection from SOCKS server to the target
+// network and address using the connection c that is already
+// connected to the SOCKS server.
+//
+// It returns the connection's local address assigned by the SOCKS
+// server.
+func (d *Dialer) DialWithConn(ctx context.Context, c net.Conn, network, address string) (net.Addr, error) {
+	if err := d.validateTarget(network, address); err != nil {
+		proxy, dst, _ := d.pathAddrs(address)
+		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err}
+	}
+	if ctx == nil {
+		proxy, dst, _ := d.pathAddrs(address)
+		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: errors.New("nil context")}
+	}
+	a, err := d.connect(ctx, c, address)
+	if err != nil {
+		proxy, dst, _ := d.pathAddrs(address)
+		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err}
+	}
+	return a, nil
+}
+
+// Dial connects to the provided address on the provided network.
+//
+// Unlike DialContext, it returns a raw transport connection instead
+// of a forward proxy connection.
+//
+// Deprecated: Use DialContext or DialWithConn instead.
+func (d *Dialer) Dial(network, address string) (net.Conn, error) {
+	if err := d.validateTarget(network, address); err != nil {
+		proxy, dst, _ := d.pathAddrs(address)
+		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err}
+	}
+	var err error
+	var c net.Conn
+	if d.ProxyDial != nil {
+		c, err = d.ProxyDial(context.Background(), d.proxyNetwork, d.proxyAddress)
+	} else {
+		c, err = net.Dial(d.proxyNetwork, d.proxyAddress)
+	}
+	if err != nil {
+		proxy, dst, _ := d.pathAddrs(address)
+		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err}
+	}
+	if _, err := d.DialWithConn(context.Background(), c, network, address); err != nil {
+		c.Close()
+		return nil, err
+	}
+	return c, nil
+}
+
+func (d *Dialer) validateTarget(network, address string) error {
+	switch network {
+	case "tcp", "tcp6", "tcp4":
+	default:
+		return errors.New("network not implemented")
+	}
+	switch d.cmd {
+	case CmdConnect, cmdBind:
+	default:
+		return errors.New("command not implemented")
+	}
+	return nil
+}
+
+func (d *Dialer) pathAddrs(address string) (proxy, dst net.Addr, err error) {
+	for i, s := range []string{d.proxyAddress, address} {
+		host, port, err := splitHostPort(s)
+		if err != nil {
+			return nil, nil, err
+		}
+		a := &Addr{Port: port}
+		a.IP = net.ParseIP(host)
+		if a.IP == nil {
+			a.Name = host
+		}
+		if i == 0 {
+			proxy = a
+		} else {
+			dst = a
+		}
+	}
+	return
+}
+
+// NewDialer returns a new Dialer that dials through the provided
+// proxy server's network and address.
+func NewDialer(network, address string) *Dialer {
+	return &Dialer{proxyNetwork: network, proxyAddress: address, cmd: CmdConnect}
+}
+
+const (
+	authUsernamePasswordVersion = 0x01
+	authStatusSucceeded         = 0x00
+)
+
+// UsernamePassword are the credentials for the username/password
+// authentication method.
+type UsernamePassword struct {
+	Username string
+	Password string
+}
+
+// Authenticate authenticates a pair of username and password with the
+// proxy server.
+func (up *UsernamePassword) Authenticate(ctx context.Context, rw io.ReadWriter, auth AuthMethod) error {
+	switch auth {
+	case AuthMethodNotRequired:
+		return nil
+	case AuthMethodUsernamePassword:
+		if len(up.Username) == 0 || len(up.Username) > 255 || len(up.Password) == 0 || len(up.Password) > 255 {
+			return errors.New("invalid username/password")
+		}
+		b := []byte{authUsernamePasswordVersion}
+		b = append(b, byte(len(up.Username)))
+		b = append(b, up.Username...)
+		b = append(b, byte(len(up.Password)))
+		b = append(b, up.Password...)
+		// TODO(mikio): handle IO deadlines and cancelation if
+		// necessary
+		if _, err := rw.Write(b); err != nil {
+			return err
+		}
+		if _, err := io.ReadFull(rw, b[:2]); err != nil {
+			return err
+		}
+		if b[0] != authUsernamePasswordVersion {
+			return errors.New("invalid username/password version")
+		}
+		if b[1] != authStatusSucceeded {
+			return errors.New("username/password authentication failed")
+		}
+		return nil
+	}
+	return errors.New("unsupported authentication method " + strconv.Itoa(int(auth)))
+}
diff --git a/vendor/golang.org/x/net/proxy/dial.go b/vendor/golang.org/x/net/proxy/dial.go
new file mode 100644
index 00000000..811c2e4e
--- /dev/null
+++ b/vendor/golang.org/x/net/proxy/dial.go
@@ -0,0 +1,54 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package proxy
+
+import (
+	"context"
+	"net"
+)
+
+// A ContextDialer dials using a context.
+type ContextDialer interface {
+	DialContext(ctx context.Context, network, address string) (net.Conn, error)
+}
+
+// Dial works like DialContext on net.Dialer but using a dialer returned by FromEnvironment.
+//
+// The passed ctx is only used for returning the Conn, not the lifetime of the Conn.
+//
+// Custom dialers (registered via RegisterDialerType) that do not implement ContextDialer
+// can leak a goroutine for as long as it takes the underlying Dialer implementation to timeout.
+//
+// A Conn returned from a successful Dial after the context has been cancelled will be immediately closed.
+func Dial(ctx context.Context, network, address string) (net.Conn, error) {
+	d := FromEnvironment()
+	if xd, ok := d.(ContextDialer); ok {
+		return xd.DialContext(ctx, network, address)
+	}
+	return dialContext(ctx, d, network, address)
+}
+
+// WARNING: this can leak a goroutine for as long as the underlying Dialer implementation takes to timeout
+// A Conn returned from a successful Dial after the context has been cancelled will be immediately closed.
+func dialContext(ctx context.Context, d Dialer, network, address string) (net.Conn, error) {
+	var (
+		conn net.Conn
+		done = make(chan struct{}, 1)
+		err  error
+	)
+	go func() {
+		conn, err = d.Dial(network, address)
+		close(done)
+		if conn != nil && ctx.Err() != nil {
+			conn.Close()
+		}
+	}()
+	select {
+	case <-ctx.Done():
+		err = ctx.Err()
+	case <-done:
+	}
+	return conn, err
+}
diff --git a/vendor/golang.org/x/net/proxy/direct.go b/vendor/golang.org/x/net/proxy/direct.go
new file mode 100644
index 00000000..3d66bdef
--- /dev/null
+++ b/vendor/golang.org/x/net/proxy/direct.go
@@ -0,0 +1,31 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package proxy
+
+import (
+	"context"
+	"net"
+)
+
+type direct struct{}
+
+// Direct implements Dialer by making network connections directly using net.Dial or net.DialContext.
+var Direct = direct{}
+
+var (
+	_ Dialer        = Direct
+	_ ContextDialer = Direct
+)
+
+// Dial directly invokes net.Dial with the supplied parameters.
+func (direct) Dial(network, addr string) (net.Conn, error) {
+	return net.Dial(network, addr)
+}
+
+// DialContext instantiates a net.Dialer and invokes its DialContext receiver with the supplied parameters.
+func (direct) DialContext(ctx context.Context, network, addr string) (net.Conn, error) {
+	var d net.Dialer
+	return d.DialContext(ctx, network, addr)
+}
diff --git a/vendor/golang.org/x/net/proxy/per_host.go b/vendor/golang.org/x/net/proxy/per_host.go
new file mode 100644
index 00000000..573fe79e
--- /dev/null
+++ b/vendor/golang.org/x/net/proxy/per_host.go
@@ -0,0 +1,155 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package proxy
+
+import (
+	"context"
+	"net"
+	"strings"
+)
+
+// A PerHost directs connections to a default Dialer unless the host name
+// requested matches one of a number of exceptions.
+type PerHost struct {
+	def, bypass Dialer
+
+	bypassNetworks []*net.IPNet
+	bypassIPs      []net.IP
+	bypassZones    []string
+	bypassHosts    []string
+}
+
+// NewPerHost returns a PerHost Dialer that directs connections to either
+// defaultDialer or bypass, depending on whether the connection matches one of
+// the configured rules.
+func NewPerHost(defaultDialer, bypass Dialer) *PerHost {
+	return &PerHost{
+		def:    defaultDialer,
+		bypass: bypass,
+	}
+}
+
+// Dial connects to the address addr on the given network through either
+// defaultDialer or bypass.
+func (p *PerHost) Dial(network, addr string) (c net.Conn, err error) {
+	host, _, err := net.SplitHostPort(addr)
+	if err != nil {
+		return nil, err
+	}
+
+	return p.dialerForRequest(host).Dial(network, addr)
+}
+
+// DialContext connects to the address addr on the given network through either
+// defaultDialer or bypass.
+func (p *PerHost) DialContext(ctx context.Context, network, addr string) (c net.Conn, err error) {
+	host, _, err := net.SplitHostPort(addr)
+	if err != nil {
+		return nil, err
+	}
+	d := p.dialerForRequest(host)
+	if x, ok := d.(ContextDialer); ok {
+		return x.DialContext(ctx, network, addr)
+	}
+	return dialContext(ctx, d, network, addr)
+}
+
+func (p *PerHost) dialerForRequest(host string) Dialer {
+	if ip := net.ParseIP(host); ip != nil {
+		for _, net := range p.bypassNetworks {
+			if net.Contains(ip) {
+				return p.bypass
+			}
+		}
+		for _, bypassIP := range p.bypassIPs {
+			if bypassIP.Equal(ip) {
+				return p.bypass
+			}
+		}
+		return p.def
+	}
+
+	for _, zone := range p.bypassZones {
+		if strings.HasSuffix(host, zone) {
+			return p.bypass
+		}
+		if host == zone[1:] {
+			// For a zone ".example.com", we match "example.com"
+			// too.
+			return p.bypass
+		}
+	}
+	for _, bypassHost := range p.bypassHosts {
+		if bypassHost == host {
+			return p.bypass
+		}
+	}
+	return p.def
+}
+
+// AddFromString parses a string that contains comma-separated values
+// specifying hosts that should use the bypass proxy. Each value is either an
+// IP address, a CIDR range, a zone (*.example.com) or a host name
+// (localhost). A best effort is made to parse the string and errors are
+// ignored.
+func (p *PerHost) AddFromString(s string) {
+	hosts := strings.Split(s, ",")
+	for _, host := range hosts {
+		host = strings.TrimSpace(host)
+		if len(host) == 0 {
+			continue
+		}
+		if strings.Contains(host, "/") {
+			// We assume that it's a CIDR address like 127.0.0.0/8
+			if _, net, err := net.ParseCIDR(host); err == nil {
+				p.AddNetwork(net)
+			}
+			continue
+		}
+		if ip := net.ParseIP(host); ip != nil {
+			p.AddIP(ip)
+			continue
+		}
+		if strings.HasPrefix(host, "*.") {
+			p.AddZone(host[1:])
+			continue
+		}
+		p.AddHost(host)
+	}
+}
+
+// AddIP specifies an IP address that will use the bypass proxy. Note that
+// this will only take effect if a literal IP address is dialed. A connection
+// to a named host will never match an IP.
+func (p *PerHost) AddIP(ip net.IP) {
+	p.bypassIPs = append(p.bypassIPs, ip)
+}
+
+// AddNetwork specifies an IP range that will use the bypass proxy. Note that
+// this will only take effect if a literal IP address is dialed. A connection
+// to a named host will never match.
+func (p *PerHost) AddNetwork(net *net.IPNet) {
+	p.bypassNetworks = append(p.bypassNetworks, net)
+}
+
+// AddZone specifies a DNS suffix that will use the bypass proxy. A zone of
+// "example.com" matches "example.com" and all of its subdomains.
+func (p *PerHost) AddZone(zone string) {
+	if strings.HasSuffix(zone, ".") {
+		zone = zone[:len(zone)-1]
+	}
+	if !strings.HasPrefix(zone, ".") {
+		zone = "." + zone
+	}
+	p.bypassZones = append(p.bypassZones, zone)
+}
+
+// AddHost specifies a host name that will use the bypass proxy.
+func (p *PerHost) AddHost(host string) {
+	if strings.HasSuffix(host, ".") {
+		host = host[:len(host)-1]
+	}
+	p.bypassHosts = append(p.bypassHosts, host)
+}
diff --git a/vendor/golang.org/x/net/proxy/proxy.go b/vendor/golang.org/x/net/proxy/proxy.go
new file mode 100644
index 00000000..9ff4b9a7
--- /dev/null
+++ b/vendor/golang.org/x/net/proxy/proxy.go
@@ -0,0 +1,149 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package proxy provides support for a variety of protocols to proxy network
+// data.
+package proxy // import "golang.org/x/net/proxy"
+
+import (
+	"errors"
+	"net"
+	"net/url"
+	"os"
+	"sync"
+)
+
+// A Dialer is a means to establish a connection.
+// Custom dialers should also implement ContextDialer.
+type Dialer interface {
+	// Dial connects to the given address via the proxy.
+	Dial(network, addr string) (c net.Conn, err error)
+}
+
+// Auth contains authentication parameters that specific Dialers may require.
+type Auth struct {
+	User, Password string
+}
+
+// FromEnvironment returns the dialer specified by the proxy-related
+// variables in the environment and makes underlying connections
+// directly.
+func FromEnvironment() Dialer {
+	return FromEnvironmentUsing(Direct)
+}
+
+// FromEnvironmentUsing returns the dialer specify by the proxy-related
+// variables in the environment and makes underlying connections
+// using the provided forwarding Dialer (for instance, a *net.Dialer
+// with desired configuration).
+func FromEnvironmentUsing(forward Dialer) Dialer {
+	allProxy := allProxyEnv.Get()
+	if len(allProxy) == 0 {
+		return forward
+	}
+
+	proxyURL, err := url.Parse(allProxy)
+	if err != nil {
+		return forward
+	}
+	proxy, err := FromURL(proxyURL, forward)
+	if err != nil {
+		return forward
+	}
+
+	noProxy := noProxyEnv.Get()
+	if len(noProxy) == 0 {
+		return proxy
+	}
+
+	perHost := NewPerHost(proxy, forward)
+	perHost.AddFromString(noProxy)
+	return perHost
+}
+
+// proxySchemes is a map from URL schemes to a function that creates a Dialer
+// from a URL with such a scheme.
+var proxySchemes map[string]func(*url.URL, Dialer) (Dialer, error)
+
+// RegisterDialerType takes a URL scheme and a function to generate Dialers from
+// a URL with that scheme and a forwarding Dialer. Registered schemes are used
+// by FromURL.
+func RegisterDialerType(scheme string, f func(*url.URL, Dialer) (Dialer, error)) {
+	if proxySchemes == nil {
+		proxySchemes = make(map[string]func(*url.URL, Dialer) (Dialer, error))
+	}
+	proxySchemes[scheme] = f
+}
+
+// FromURL returns a Dialer given a URL specification and an underlying
+// Dialer for it to make network requests.
+func FromURL(u *url.URL, forward Dialer) (Dialer, error) {
+	var auth *Auth
+	if u.User != nil {
+		auth = new(Auth)
+		auth.User = u.User.Username()
+		if p, ok := u.User.Password(); ok {
+			auth.Password = p
+		}
+	}
+
+	switch u.Scheme {
+	case "socks5", "socks5h":
+		addr := u.Hostname()
+		port := u.Port()
+		if port == "" {
+			port = "1080"
+		}
+		return SOCKS5("tcp", net.JoinHostPort(addr, port), auth, forward)
+	}
+
+	// If the scheme doesn't match any of the built-in schemes, see if it
+	// was registered by another package.
+	if proxySchemes != nil {
+		if f, ok := proxySchemes[u.Scheme]; ok {
+			return f(u, forward)
+		}
+	}
+
+	return nil, errors.New("proxy: unknown scheme: " + u.Scheme)
+}
+
+var (
+	allProxyEnv = &envOnce{
+		names: []string{"ALL_PROXY", "all_proxy"},
+	}
+	noProxyEnv = &envOnce{
+		names: []string{"NO_PROXY", "no_proxy"},
+	}
+)
+
+// envOnce looks up an environment variable (optionally by multiple
+// names) once. It mitigates expensive lookups on some platforms
+// (e.g. Windows).
+// (Borrowed from net/http/transport.go)
+type envOnce struct {
+	names []string
+	once  sync.Once
+	val   string
+}
+
+func (e *envOnce) Get() string {
+	e.once.Do(e.init)
+	return e.val
+}
+
+func (e *envOnce) init() {
+	for _, n := range e.names {
+		e.val = os.Getenv(n)
+		if e.val != "" {
+			return
+		}
+	}
+}
+
+// reset is used by tests
+func (e *envOnce) reset() {
+	e.once = sync.Once{}
+	e.val = ""
+}
diff --git a/vendor/golang.org/x/net/proxy/socks5.go b/vendor/golang.org/x/net/proxy/socks5.go
new file mode 100644
index 00000000..c91651f9
--- /dev/null
+++ b/vendor/golang.org/x/net/proxy/socks5.go
@@ -0,0 +1,42 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package proxy
+
+import (
+	"context"
+	"net"
+
+	"golang.org/x/net/internal/socks"
+)
+
+// SOCKS5 returns a Dialer that makes SOCKSv5 connections to the given
+// address with an optional username and password.
+// See RFC 1928 and RFC 1929.
+func SOCKS5(network, address string, auth *Auth, forward Dialer) (Dialer, error) {
+	d := socks.NewDialer(network, address)
+	if forward != nil {
+		if f, ok := forward.(ContextDialer); ok {
+			d.ProxyDial = func(ctx context.Context, network string, address string) (net.Conn, error) {
+				return f.DialContext(ctx, network, address)
+			}
+		} else {
+			d.ProxyDial = func(ctx context.Context, network string, address string) (net.Conn, error) {
+				return dialContext(ctx, forward, network, address)
+			}
+		}
+	}
+	if auth != nil {
+		up := socks.UsernamePassword{
+			Username: auth.User,
+			Password: auth.Password,
+		}
+		d.AuthMethods = []socks.AuthMethod{
+			socks.AuthMethodNotRequired,
+			socks.AuthMethodUsernamePassword,
+		}
+		d.Authenticate = up.Authenticate
+	}
+	return d, nil
+}
diff --git a/vendor/golang.org/x/sys/unix/sockcmsg_dragonfly.go b/vendor/golang.org/x/sys/unix/sockcmsg_dragonfly.go
new file mode 100644
index 00000000..5144deec
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/sockcmsg_dragonfly.go
@@ -0,0 +1,16 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package unix
+
+// Round the length of a raw sockaddr up to align it properly.
+func cmsgAlignOf(salen int) int {
+	salign := SizeofPtr
+	if SizeofPtr == 8 && !supportsABI(_dragonflyABIChangeVersion) {
+		// 64-bit Dragonfly before the September 2019 ABI changes still requires
+		// 32-bit aligned access to network subsystem.
+		salign = 4
+	}
+	return (salen + salign - 1) & ^(salign - 1)
+}
diff --git a/vendor/golang.org/x/sys/unix/sockcmsg_linux.go b/vendor/golang.org/x/sys/unix/sockcmsg_linux.go
index 6079eb4a..8bf45705 100644
--- a/vendor/golang.org/x/sys/unix/sockcmsg_linux.go
+++ b/vendor/golang.org/x/sys/unix/sockcmsg_linux.go
@@ -17,7 +17,7 @@ func UnixCredentials(ucred *Ucred) []byte {
 	h.Level = SOL_SOCKET
 	h.Type = SCM_CREDENTIALS
 	h.SetLen(CmsgLen(SizeofUcred))
-	*((*Ucred)(cmsgData(h))) = *ucred
+	*(*Ucred)(h.data(0)) = *ucred
 	return b
 }
 
diff --git a/vendor/golang.org/x/sys/unix/sockcmsg_unix.go b/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
index 062bcaba..003916ed 100644
--- a/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
+++ b/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
@@ -9,35 +9,9 @@
 package unix
 
 import (
-	"runtime"
 	"unsafe"
 )
 
-// Round the length of a raw sockaddr up to align it properly.
-func cmsgAlignOf(salen int) int {
-	salign := SizeofPtr
-
-	switch runtime.GOOS {
-	case "aix":
-		// There is no alignment on AIX.
-		salign = 1
-	case "darwin", "dragonfly", "solaris", "illumos":
-		// NOTE: It seems like 64-bit Darwin, DragonFly BSD,
-		// illumos, and Solaris kernels still require 32-bit
-		// aligned access to network subsystem.
-		if SizeofPtr == 8 {
-			salign = 4
-		}
-	case "netbsd", "openbsd":
-		// NetBSD and OpenBSD armv7 require 64-bit alignment.
-		if runtime.GOARCH == "arm" {
-			salign = 8
-		}
-	}
-
-	return (salen + salign - 1) & ^(salign - 1)
-}
-
 // CmsgLen returns the value to store in the Len field of the Cmsghdr
 // structure, taking into account any necessary alignment.
 func CmsgLen(datalen int) int {
@@ -50,8 +24,8 @@ func CmsgSpace(datalen int) int {
 	return cmsgAlignOf(SizeofCmsghdr) + cmsgAlignOf(datalen)
 }
 
-func cmsgData(h *Cmsghdr) unsafe.Pointer {
-	return unsafe.Pointer(uintptr(unsafe.Pointer(h)) + uintptr(cmsgAlignOf(SizeofCmsghdr)))
+func (h *Cmsghdr) data(offset uintptr) unsafe.Pointer {
+	return unsafe.Pointer(uintptr(unsafe.Pointer(h)) + uintptr(cmsgAlignOf(SizeofCmsghdr)) + offset)
 }
 
 // SocketControlMessage represents a socket control message.
@@ -94,10 +68,8 @@ func UnixRights(fds ...int) []byte {
 	h.Level = SOL_SOCKET
 	h.Type = SCM_RIGHTS
 	h.SetLen(CmsgLen(datalen))
-	data := cmsgData(h)
-	for _, fd := range fds {
-		*(*int32)(data) = int32(fd)
-		data = unsafe.Pointer(uintptr(data) + 4)
+	for i, fd := range fds {
+		*(*int32)(h.data(4 * uintptr(i))) = int32(fd)
 	}
 	return b
 }
diff --git a/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go b/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
new file mode 100644
index 00000000..7d08dae5
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
@@ -0,0 +1,38 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build aix darwin freebsd linux netbsd openbsd solaris
+
+package unix
+
+import (
+	"runtime"
+)
+
+// Round the length of a raw sockaddr up to align it properly.
+func cmsgAlignOf(salen int) int {
+	salign := SizeofPtr
+
+	// dragonfly needs to check ABI version at runtime, see cmsgAlignOf in
+	// sockcmsg_dragonfly.go
+	switch runtime.GOOS {
+	case "aix":
+		// There is no alignment on AIX.
+		salign = 1
+	case "darwin", "illumos", "solaris":
+		// NOTE: It seems like 64-bit Darwin, Illumos and Solaris
+		// kernels still require 32-bit aligned access to network
+		// subsystem.
+		if SizeofPtr == 8 {
+			salign = 4
+		}
+	case "netbsd", "openbsd":
+		// NetBSD and OpenBSD armv7 require 64-bit alignment.
+		if runtime.GOARCH == "arm" {
+			salign = 8
+		}
+	}
+
+	return (salen + salign - 1) & ^(salign - 1)
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_bsd.go b/vendor/golang.org/x/sys/unix/syscall_bsd.go
index 3e667142..d52bcc41 100644
--- a/vendor/golang.org/x/sys/unix/syscall_bsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_bsd.go
@@ -237,7 +237,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 				break
 			}
 		}
-		bytes := (*[10000]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
+		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
 		sa.Name = string(bytes)
 		return sa, nil
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
index 8c8d5029..7387eb2a 100644
--- a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
+++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
@@ -12,9 +12,25 @@
 
 package unix
 
-import "unsafe"
+import (
+	"sync"
+	"unsafe"
+)
 
-//sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
+// See version list in https://github.com/DragonFlyBSD/DragonFlyBSD/blob/master/sys/sys/param.h
+var (
+	osreldateOnce sync.Once
+	osreldate     uint32
+)
+
+// First __DragonFly_version after September 2019 ABI changes
+// http://lists.dragonflybsd.org/pipermail/users/2019-September/358280.html
+const _dragonflyABIChangeVersion = 500705
+
+func supportsABI(ver uint32) bool {
+	osreldateOnce.Do(func() { osreldate, _ = SysctlUint32("kern.osreldate") })
+	return osreldate >= ver
+}
 
 // SockaddrDatalink implements the Sockaddr interface for AF_LINK type sockets.
 type SockaddrDatalink struct {
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go
index ebf3195b..26903bca 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -884,7 +884,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 		for n < len(pp.Path) && pp.Path[n] != 0 {
 			n++
 		}
-		bytes := (*[10000]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
+		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
 		sa.Name = string(bytes)
 		return sa, nil
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go
index 62f968c7..0e2a696a 100644
--- a/vendor/golang.org/x/sys/unix/syscall_solaris.go
+++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go
@@ -391,7 +391,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 		for n < len(pp.Path) && pp.Path[n] != 0 {
 			n++
 		}
-		bytes := (*[10000]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
+		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
 		sa.Name = string(bytes)
 		return sa, nil
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
index 74d42bb5..16d62fa4 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
@@ -599,22 +599,6 @@ const (
 	RTN_THROW               = 0x9
 	RTN_NAT                 = 0xa
 	RTN_XRESOLVE            = 0xb
-	RTNLGRP_NONE            = 0x0
-	RTNLGRP_LINK            = 0x1
-	RTNLGRP_NOTIFY          = 0x2
-	RTNLGRP_NEIGH           = 0x3
-	RTNLGRP_TC              = 0x4
-	RTNLGRP_IPV4_IFADDR     = 0x5
-	RTNLGRP_IPV4_MROUTE     = 0x6
-	RTNLGRP_IPV4_ROUTE      = 0x7
-	RTNLGRP_IPV4_RULE       = 0x8
-	RTNLGRP_IPV6_IFADDR     = 0x9
-	RTNLGRP_IPV6_MROUTE     = 0xa
-	RTNLGRP_IPV6_ROUTE      = 0xb
-	RTNLGRP_IPV6_IFINFO     = 0xc
-	RTNLGRP_IPV6_PREFIX     = 0x12
-	RTNLGRP_IPV6_RULE       = 0x13
-	RTNLGRP_ND_USEROPT      = 0x14
 	SizeofNlMsghdr          = 0x10
 	SizeofNlMsgerr          = 0x14
 	SizeofRtGenmsg          = 0x1
@@ -2484,6 +2468,42 @@ const (
 	BPF_FD_TYPE_URETPROBE               = 0x5
 )
 
+const (
+	RTNLGRP_NONE          = 0x0
+	RTNLGRP_LINK          = 0x1
+	RTNLGRP_NOTIFY        = 0x2
+	RTNLGRP_NEIGH         = 0x3
+	RTNLGRP_TC            = 0x4
+	RTNLGRP_IPV4_IFADDR   = 0x5
+	RTNLGRP_IPV4_MROUTE   = 0x6
+	RTNLGRP_IPV4_ROUTE    = 0x7
+	RTNLGRP_IPV4_RULE     = 0x8
+	RTNLGRP_IPV6_IFADDR   = 0x9
+	RTNLGRP_IPV6_MROUTE   = 0xa
+	RTNLGRP_IPV6_ROUTE    = 0xb
+	RTNLGRP_IPV6_IFINFO   = 0xc
+	RTNLGRP_DECnet_IFADDR = 0xd
+	RTNLGRP_NOP2          = 0xe
+	RTNLGRP_DECnet_ROUTE  = 0xf
+	RTNLGRP_DECnet_RULE   = 0x10
+	RTNLGRP_NOP4          = 0x11
+	RTNLGRP_IPV6_PREFIX   = 0x12
+	RTNLGRP_IPV6_RULE     = 0x13
+	RTNLGRP_ND_USEROPT    = 0x14
+	RTNLGRP_PHONET_IFADDR = 0x15
+	RTNLGRP_PHONET_ROUTE  = 0x16
+	RTNLGRP_DCB           = 0x17
+	RTNLGRP_IPV4_NETCONF  = 0x18
+	RTNLGRP_IPV6_NETCONF  = 0x19
+	RTNLGRP_MDB           = 0x1a
+	RTNLGRP_MPLS_ROUTE    = 0x1b
+	RTNLGRP_NSID          = 0x1c
+	RTNLGRP_MPLS_NETCONF  = 0x1d
+	RTNLGRP_IPV4_MROUTE_R = 0x1e
+	RTNLGRP_IPV6_MROUTE_R = 0x1f
+	RTNLGRP_NEXTHOP       = 0x20
+)
+
 type CapUserHeader struct {
 	Version uint32
 	Pid     int32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
index 8debef94..97e92393 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
@@ -600,22 +600,6 @@ const (
 	RTN_THROW               = 0x9
 	RTN_NAT                 = 0xa
 	RTN_XRESOLVE            = 0xb
-	RTNLGRP_NONE            = 0x0
-	RTNLGRP_LINK            = 0x1
-	RTNLGRP_NOTIFY          = 0x2
-	RTNLGRP_NEIGH           = 0x3
-	RTNLGRP_TC              = 0x4
-	RTNLGRP_IPV4_IFADDR     = 0x5
-	RTNLGRP_IPV4_MROUTE     = 0x6
-	RTNLGRP_IPV4_ROUTE      = 0x7
-	RTNLGRP_IPV4_RULE       = 0x8
-	RTNLGRP_IPV6_IFADDR     = 0x9
-	RTNLGRP_IPV6_MROUTE     = 0xa
-	RTNLGRP_IPV6_ROUTE      = 0xb
-	RTNLGRP_IPV6_IFINFO     = 0xc
-	RTNLGRP_IPV6_PREFIX     = 0x12
-	RTNLGRP_IPV6_RULE       = 0x13
-	RTNLGRP_ND_USEROPT      = 0x14
 	SizeofNlMsghdr          = 0x10
 	SizeofNlMsgerr          = 0x14
 	SizeofRtGenmsg          = 0x1
@@ -2497,6 +2481,42 @@ const (
 	BPF_FD_TYPE_URETPROBE               = 0x5
 )
 
+const (
+	RTNLGRP_NONE          = 0x0
+	RTNLGRP_LINK          = 0x1
+	RTNLGRP_NOTIFY        = 0x2
+	RTNLGRP_NEIGH         = 0x3
+	RTNLGRP_TC            = 0x4
+	RTNLGRP_IPV4_IFADDR   = 0x5
+	RTNLGRP_IPV4_MROUTE   = 0x6
+	RTNLGRP_IPV4_ROUTE    = 0x7
+	RTNLGRP_IPV4_RULE     = 0x8
+	RTNLGRP_IPV6_IFADDR   = 0x9
+	RTNLGRP_IPV6_MROUTE   = 0xa
+	RTNLGRP_IPV6_ROUTE    = 0xb
+	RTNLGRP_IPV6_IFINFO   = 0xc
+	RTNLGRP_DECnet_IFADDR = 0xd
+	RTNLGRP_NOP2          = 0xe
+	RTNLGRP_DECnet_ROUTE  = 0xf
+	RTNLGRP_DECnet_RULE   = 0x10
+	RTNLGRP_NOP4          = 0x11
+	RTNLGRP_IPV6_PREFIX   = 0x12
+	RTNLGRP_IPV6_RULE     = 0x13
+	RTNLGRP_ND_USEROPT    = 0x14
+	RTNLGRP_PHONET_IFADDR = 0x15
+	RTNLGRP_PHONET_ROUTE  = 0x16
+	RTNLGRP_DCB           = 0x17
+	RTNLGRP_IPV4_NETCONF  = 0x18
+	RTNLGRP_IPV6_NETCONF  = 0x19
+	RTNLGRP_MDB           = 0x1a
+	RTNLGRP_MPLS_ROUTE    = 0x1b
+	RTNLGRP_NSID          = 0x1c
+	RTNLGRP_MPLS_NETCONF  = 0x1d
+	RTNLGRP_IPV4_MROUTE_R = 0x1e
+	RTNLGRP_IPV6_MROUTE_R = 0x1f
+	RTNLGRP_NEXTHOP       = 0x20
+)
+
 type CapUserHeader struct {
 	Version uint32
 	Pid     int32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
index feb7d837..05f978e8 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
@@ -603,22 +603,6 @@ const (
 	RTN_THROW               = 0x9
 	RTN_NAT                 = 0xa
 	RTN_XRESOLVE            = 0xb
-	RTNLGRP_NONE            = 0x0
-	RTNLGRP_LINK            = 0x1
-	RTNLGRP_NOTIFY          = 0x2
-	RTNLGRP_NEIGH           = 0x3
-	RTNLGRP_TC              = 0x4
-	RTNLGRP_IPV4_IFADDR     = 0x5
-	RTNLGRP_IPV4_MROUTE     = 0x6
-	RTNLGRP_IPV4_ROUTE      = 0x7
-	RTNLGRP_IPV4_RULE       = 0x8
-	RTNLGRP_IPV6_IFADDR     = 0x9
-	RTNLGRP_IPV6_MROUTE     = 0xa
-	RTNLGRP_IPV6_ROUTE      = 0xb
-	RTNLGRP_IPV6_IFINFO     = 0xc
-	RTNLGRP_IPV6_PREFIX     = 0x12
-	RTNLGRP_IPV6_RULE       = 0x13
-	RTNLGRP_ND_USEROPT      = 0x14
 	SizeofNlMsghdr          = 0x10
 	SizeofNlMsgerr          = 0x14
 	SizeofRtGenmsg          = 0x1
@@ -2475,6 +2459,42 @@ const (
 	BPF_FD_TYPE_URETPROBE               = 0x5
 )
 
+const (
+	RTNLGRP_NONE          = 0x0
+	RTNLGRP_LINK          = 0x1
+	RTNLGRP_NOTIFY        = 0x2
+	RTNLGRP_NEIGH         = 0x3
+	RTNLGRP_TC            = 0x4
+	RTNLGRP_IPV4_IFADDR   = 0x5
+	RTNLGRP_IPV4_MROUTE   = 0x6
+	RTNLGRP_IPV4_ROUTE    = 0x7
+	RTNLGRP_IPV4_RULE     = 0x8
+	RTNLGRP_IPV6_IFADDR   = 0x9
+	RTNLGRP_IPV6_MROUTE   = 0xa
+	RTNLGRP_IPV6_ROUTE    = 0xb
+	RTNLGRP_IPV6_IFINFO   = 0xc
+	RTNLGRP_DECnet_IFADDR = 0xd
+	RTNLGRP_NOP2          = 0xe
+	RTNLGRP_DECnet_ROUTE  = 0xf
+	RTNLGRP_DECnet_RULE   = 0x10
+	RTNLGRP_NOP4          = 0x11
+	RTNLGRP_IPV6_PREFIX   = 0x12
+	RTNLGRP_IPV6_RULE     = 0x13
+	RTNLGRP_ND_USEROPT    = 0x14
+	RTNLGRP_PHONET_IFADDR = 0x15
+	RTNLGRP_PHONET_ROUTE  = 0x16
+	RTNLGRP_DCB           = 0x17
+	RTNLGRP_IPV4_NETCONF  = 0x18
+	RTNLGRP_IPV6_NETCONF  = 0x19
+	RTNLGRP_MDB           = 0x1a
+	RTNLGRP_MPLS_ROUTE    = 0x1b
+	RTNLGRP_NSID          = 0x1c
+	RTNLGRP_MPLS_NETCONF  = 0x1d
+	RTNLGRP_IPV4_MROUTE_R = 0x1e
+	RTNLGRP_IPV6_MROUTE_R = 0x1f
+	RTNLGRP_NEXTHOP       = 0x20
+)
+
 type CapUserHeader struct {
 	Version uint32
 	Pid     int32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
index 6da21783..5086fcea 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
@@ -601,22 +601,6 @@ const (
 	RTN_THROW               = 0x9
 	RTN_NAT                 = 0xa
 	RTN_XRESOLVE            = 0xb
-	RTNLGRP_NONE            = 0x0
-	RTNLGRP_LINK            = 0x1
-	RTNLGRP_NOTIFY          = 0x2
-	RTNLGRP_NEIGH           = 0x3
-	RTNLGRP_TC              = 0x4
-	RTNLGRP_IPV4_IFADDR     = 0x5
-	RTNLGRP_IPV4_MROUTE     = 0x6
-	RTNLGRP_IPV4_ROUTE      = 0x7
-	RTNLGRP_IPV4_RULE       = 0x8
-	RTNLGRP_IPV6_IFADDR     = 0x9
-	RTNLGRP_IPV6_MROUTE     = 0xa
-	RTNLGRP_IPV6_ROUTE      = 0xb
-	RTNLGRP_IPV6_IFINFO     = 0xc
-	RTNLGRP_IPV6_PREFIX     = 0x12
-	RTNLGRP_IPV6_RULE       = 0x13
-	RTNLGRP_ND_USEROPT      = 0x14
 	SizeofNlMsghdr          = 0x10
 	SizeofNlMsgerr          = 0x14
 	SizeofRtGenmsg          = 0x1
@@ -2476,6 +2460,42 @@ const (
 	BPF_FD_TYPE_URETPROBE               = 0x5
 )
 
+const (
+	RTNLGRP_NONE          = 0x0
+	RTNLGRP_LINK          = 0x1
+	RTNLGRP_NOTIFY        = 0x2
+	RTNLGRP_NEIGH         = 0x3
+	RTNLGRP_TC            = 0x4
+	RTNLGRP_IPV4_IFADDR   = 0x5
+	RTNLGRP_IPV4_MROUTE   = 0x6
+	RTNLGRP_IPV4_ROUTE    = 0x7
+	RTNLGRP_IPV4_RULE     = 0x8
+	RTNLGRP_IPV6_IFADDR   = 0x9
+	RTNLGRP_IPV6_MROUTE   = 0xa
+	RTNLGRP_IPV6_ROUTE    = 0xb
+	RTNLGRP_IPV6_IFINFO   = 0xc
+	RTNLGRP_DECnet_IFADDR = 0xd
+	RTNLGRP_NOP2          = 0xe
+	RTNLGRP_DECnet_ROUTE  = 0xf
+	RTNLGRP_DECnet_RULE   = 0x10
+	RTNLGRP_NOP4          = 0x11
+	RTNLGRP_IPV6_PREFIX   = 0x12
+	RTNLGRP_IPV6_RULE     = 0x13
+	RTNLGRP_ND_USEROPT    = 0x14
+	RTNLGRP_PHONET_IFADDR = 0x15
+	RTNLGRP_PHONET_ROUTE  = 0x16
+	RTNLGRP_DCB           = 0x17
+	RTNLGRP_IPV4_NETCONF  = 0x18
+	RTNLGRP_IPV6_NETCONF  = 0x19
+	RTNLGRP_MDB           = 0x1a
+	RTNLGRP_MPLS_ROUTE    = 0x1b
+	RTNLGRP_NSID          = 0x1c
+	RTNLGRP_MPLS_NETCONF  = 0x1d
+	RTNLGRP_IPV4_MROUTE_R = 0x1e
+	RTNLGRP_IPV6_MROUTE_R = 0x1f
+	RTNLGRP_NEXTHOP       = 0x20
+)
+
 type CapUserHeader struct {
 	Version uint32
 	Pid     int32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
index 14b1dea6..b6ddd8c5 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
@@ -602,22 +602,6 @@ const (
 	RTN_THROW               = 0x9
 	RTN_NAT                 = 0xa
 	RTN_XRESOLVE            = 0xb
-	RTNLGRP_NONE            = 0x0
-	RTNLGRP_LINK            = 0x1
-	RTNLGRP_NOTIFY          = 0x2
-	RTNLGRP_NEIGH           = 0x3
-	RTNLGRP_TC              = 0x4
-	RTNLGRP_IPV4_IFADDR     = 0x5
-	RTNLGRP_IPV4_MROUTE     = 0x6
-	RTNLGRP_IPV4_ROUTE      = 0x7
-	RTNLGRP_IPV4_RULE       = 0x8
-	RTNLGRP_IPV6_IFADDR     = 0x9
-	RTNLGRP_IPV6_MROUTE     = 0xa
-	RTNLGRP_IPV6_ROUTE      = 0xb
-	RTNLGRP_IPV6_IFINFO     = 0xc
-	RTNLGRP_IPV6_PREFIX     = 0x12
-	RTNLGRP_IPV6_RULE       = 0x13
-	RTNLGRP_ND_USEROPT      = 0x14
 	SizeofNlMsghdr          = 0x10
 	SizeofNlMsgerr          = 0x14
 	SizeofRtGenmsg          = 0x1
@@ -2481,6 +2465,42 @@ const (
 	BPF_FD_TYPE_URETPROBE               = 0x5
 )
 
+const (
+	RTNLGRP_NONE          = 0x0
+	RTNLGRP_LINK          = 0x1
+	RTNLGRP_NOTIFY        = 0x2
+	RTNLGRP_NEIGH         = 0x3
+	RTNLGRP_TC            = 0x4
+	RTNLGRP_IPV4_IFADDR   = 0x5
+	RTNLGRP_IPV4_MROUTE   = 0x6
+	RTNLGRP_IPV4_ROUTE    = 0x7
+	RTNLGRP_IPV4_RULE     = 0x8
+	RTNLGRP_IPV6_IFADDR   = 0x9
+	RTNLGRP_IPV6_MROUTE   = 0xa
+	RTNLGRP_IPV6_ROUTE    = 0xb
+	RTNLGRP_IPV6_IFINFO   = 0xc
+	RTNLGRP_DECnet_IFADDR = 0xd
+	RTNLGRP_NOP2          = 0xe
+	RTNLGRP_DECnet_ROUTE  = 0xf
+	RTNLGRP_DECnet_RULE   = 0x10
+	RTNLGRP_NOP4          = 0x11
+	RTNLGRP_IPV6_PREFIX   = 0x12
+	RTNLGRP_IPV6_RULE     = 0x13
+	RTNLGRP_ND_USEROPT    = 0x14
+	RTNLGRP_PHONET_IFADDR = 0x15
+	RTNLGRP_PHONET_ROUTE  = 0x16
+	RTNLGRP_DCB           = 0x17
+	RTNLGRP_IPV4_NETCONF  = 0x18
+	RTNLGRP_IPV6_NETCONF  = 0x19
+	RTNLGRP_MDB           = 0x1a
+	RTNLGRP_MPLS_ROUTE    = 0x1b
+	RTNLGRP_NSID          = 0x1c
+	RTNLGRP_MPLS_NETCONF  = 0x1d
+	RTNLGRP_IPV4_MROUTE_R = 0x1e
+	RTNLGRP_IPV6_MROUTE_R = 0x1f
+	RTNLGRP_NEXTHOP       = 0x20
+)
+
 type CapUserHeader struct {
 	Version uint32
 	Pid     int32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
index 0fb94a76..89f3e32a 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
@@ -601,22 +601,6 @@ const (
 	RTN_THROW               = 0x9
 	RTN_NAT                 = 0xa
 	RTN_XRESOLVE            = 0xb
-	RTNLGRP_NONE            = 0x0
-	RTNLGRP_LINK            = 0x1
-	RTNLGRP_NOTIFY          = 0x2
-	RTNLGRP_NEIGH           = 0x3
-	RTNLGRP_TC              = 0x4
-	RTNLGRP_IPV4_IFADDR     = 0x5
-	RTNLGRP_IPV4_MROUTE     = 0x6
-	RTNLGRP_IPV4_ROUTE      = 0x7
-	RTNLGRP_IPV4_RULE       = 0x8
-	RTNLGRP_IPV6_IFADDR     = 0x9
-	RTNLGRP_IPV6_MROUTE     = 0xa
-	RTNLGRP_IPV6_ROUTE      = 0xb
-	RTNLGRP_IPV6_IFINFO     = 0xc
-	RTNLGRP_IPV6_PREFIX     = 0x12
-	RTNLGRP_IPV6_RULE       = 0x13
-	RTNLGRP_ND_USEROPT      = 0x14
 	SizeofNlMsghdr          = 0x10
 	SizeofNlMsgerr          = 0x14
 	SizeofRtGenmsg          = 0x1
@@ -2478,6 +2462,42 @@ const (
 	BPF_FD_TYPE_URETPROBE               = 0x5
 )
 
+const (
+	RTNLGRP_NONE          = 0x0
+	RTNLGRP_LINK          = 0x1
+	RTNLGRP_NOTIFY        = 0x2
+	RTNLGRP_NEIGH         = 0x3
+	RTNLGRP_TC            = 0x4
+	RTNLGRP_IPV4_IFADDR   = 0x5
+	RTNLGRP_IPV4_MROUTE   = 0x6
+	RTNLGRP_IPV4_ROUTE    = 0x7
+	RTNLGRP_IPV4_RULE     = 0x8
+	RTNLGRP_IPV6_IFADDR   = 0x9
+	RTNLGRP_IPV6_MROUTE   = 0xa
+	RTNLGRP_IPV6_ROUTE    = 0xb
+	RTNLGRP_IPV6_IFINFO   = 0xc
+	RTNLGRP_DECnet_IFADDR = 0xd
+	RTNLGRP_NOP2          = 0xe
+	RTNLGRP_DECnet_ROUTE  = 0xf
+	RTNLGRP_DECnet_RULE   = 0x10
+	RTNLGRP_NOP4          = 0x11
+	RTNLGRP_IPV6_PREFIX   = 0x12
+	RTNLGRP_IPV6_RULE     = 0x13
+	RTNLGRP_ND_USEROPT    = 0x14
+	RTNLGRP_PHONET_IFADDR = 0x15
+	RTNLGRP_PHONET_ROUTE  = 0x16
+	RTNLGRP_DCB           = 0x17
+	RTNLGRP_IPV4_NETCONF  = 0x18
+	RTNLGRP_IPV6_NETCONF  = 0x19
+	RTNLGRP_MDB           = 0x1a
+	RTNLGRP_MPLS_ROUTE    = 0x1b
+	RTNLGRP_NSID          = 0x1c
+	RTNLGRP_MPLS_NETCONF  = 0x1d
+	RTNLGRP_IPV4_MROUTE_R = 0x1e
+	RTNLGRP_IPV6_MROUTE_R = 0x1f
+	RTNLGRP_NEXTHOP       = 0x20
+)
+
 type CapUserHeader struct {
 	Version uint32
 	Pid     int32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
index 7ffc7bbc..6b84cf79 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
@@ -601,22 +601,6 @@ const (
 	RTN_THROW               = 0x9
 	RTN_NAT                 = 0xa
 	RTN_XRESOLVE            = 0xb
-	RTNLGRP_NONE            = 0x0
-	RTNLGRP_LINK            = 0x1
-	RTNLGRP_NOTIFY          = 0x2
-	RTNLGRP_NEIGH           = 0x3
-	RTNLGRP_TC              = 0x4
-	RTNLGRP_IPV4_IFADDR     = 0x5
-	RTNLGRP_IPV4_MROUTE     = 0x6
-	RTNLGRP_IPV4_ROUTE      = 0x7
-	RTNLGRP_IPV4_RULE       = 0x8
-	RTNLGRP_IPV6_IFADDR     = 0x9
-	RTNLGRP_IPV6_MROUTE     = 0xa
-	RTNLGRP_IPV6_ROUTE      = 0xb
-	RTNLGRP_IPV6_IFINFO     = 0xc
-	RTNLGRP_IPV6_PREFIX     = 0x12
-	RTNLGRP_IPV6_RULE       = 0x13
-	RTNLGRP_ND_USEROPT      = 0x14
 	SizeofNlMsghdr          = 0x10
 	SizeofNlMsgerr          = 0x14
 	SizeofRtGenmsg          = 0x1
@@ -2478,6 +2462,42 @@ const (
 	BPF_FD_TYPE_URETPROBE               = 0x5
 )
 
+const (
+	RTNLGRP_NONE          = 0x0
+	RTNLGRP_LINK          = 0x1
+	RTNLGRP_NOTIFY        = 0x2
+	RTNLGRP_NEIGH         = 0x3
+	RTNLGRP_TC            = 0x4
+	RTNLGRP_IPV4_IFADDR   = 0x5
+	RTNLGRP_IPV4_MROUTE   = 0x6
+	RTNLGRP_IPV4_ROUTE    = 0x7
+	RTNLGRP_IPV4_RULE     = 0x8
+	RTNLGRP_IPV6_IFADDR   = 0x9
+	RTNLGRP_IPV6_MROUTE   = 0xa
+	RTNLGRP_IPV6_ROUTE    = 0xb
+	RTNLGRP_IPV6_IFINFO   = 0xc
+	RTNLGRP_DECnet_IFADDR = 0xd
+	RTNLGRP_NOP2          = 0xe
+	RTNLGRP_DECnet_ROUTE  = 0xf
+	RTNLGRP_DECnet_RULE   = 0x10
+	RTNLGRP_NOP4          = 0x11
+	RTNLGRP_IPV6_PREFIX   = 0x12
+	RTNLGRP_IPV6_RULE     = 0x13
+	RTNLGRP_ND_USEROPT    = 0x14
+	RTNLGRP_PHONET_IFADDR = 0x15
+	RTNLGRP_PHONET_ROUTE  = 0x16
+	RTNLGRP_DCB           = 0x17
+	RTNLGRP_IPV4_NETCONF  = 0x18
+	RTNLGRP_IPV6_NETCONF  = 0x19
+	RTNLGRP_MDB           = 0x1a
+	RTNLGRP_MPLS_ROUTE    = 0x1b
+	RTNLGRP_NSID          = 0x1c
+	RTNLGRP_MPLS_NETCONF  = 0x1d
+	RTNLGRP_IPV4_MROUTE_R = 0x1e
+	RTNLGRP_IPV6_MROUTE_R = 0x1f
+	RTNLGRP_NEXTHOP       = 0x20
+)
+
 type CapUserHeader struct {
 	Version uint32
 	Pid     int32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
index 12ef8eb4..bc50cd38 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
@@ -602,22 +602,6 @@ const (
 	RTN_THROW               = 0x9
 	RTN_NAT                 = 0xa
 	RTN_XRESOLVE            = 0xb
-	RTNLGRP_NONE            = 0x0
-	RTNLGRP_LINK            = 0x1
-	RTNLGRP_NOTIFY          = 0x2
-	RTNLGRP_NEIGH           = 0x3
-	RTNLGRP_TC              = 0x4
-	RTNLGRP_IPV4_IFADDR     = 0x5
-	RTNLGRP_IPV4_MROUTE     = 0x6
-	RTNLGRP_IPV4_ROUTE      = 0x7
-	RTNLGRP_IPV4_RULE       = 0x8
-	RTNLGRP_IPV6_IFADDR     = 0x9
-	RTNLGRP_IPV6_MROUTE     = 0xa
-	RTNLGRP_IPV6_ROUTE      = 0xb
-	RTNLGRP_IPV6_IFINFO     = 0xc
-	RTNLGRP_IPV6_PREFIX     = 0x12
-	RTNLGRP_IPV6_RULE       = 0x13
-	RTNLGRP_ND_USEROPT      = 0x14
 	SizeofNlMsghdr          = 0x10
 	SizeofNlMsgerr          = 0x14
 	SizeofRtGenmsg          = 0x1
@@ -2481,6 +2465,42 @@ const (
 	BPF_FD_TYPE_URETPROBE               = 0x5
 )
 
+const (
+	RTNLGRP_NONE          = 0x0
+	RTNLGRP_LINK          = 0x1
+	RTNLGRP_NOTIFY        = 0x2
+	RTNLGRP_NEIGH         = 0x3
+	RTNLGRP_TC            = 0x4
+	RTNLGRP_IPV4_IFADDR   = 0x5
+	RTNLGRP_IPV4_MROUTE   = 0x6
+	RTNLGRP_IPV4_ROUTE    = 0x7
+	RTNLGRP_IPV4_RULE     = 0x8
+	RTNLGRP_IPV6_IFADDR   = 0x9
+	RTNLGRP_IPV6_MROUTE   = 0xa
+	RTNLGRP_IPV6_ROUTE    = 0xb
+	RTNLGRP_IPV6_IFINFO   = 0xc
+	RTNLGRP_DECnet_IFADDR = 0xd
+	RTNLGRP_NOP2          = 0xe
+	RTNLGRP_DECnet_ROUTE  = 0xf
+	RTNLGRP_DECnet_RULE   = 0x10
+	RTNLGRP_NOP4          = 0x11
+	RTNLGRP_IPV6_PREFIX   = 0x12
+	RTNLGRP_IPV6_RULE     = 0x13
+	RTNLGRP_ND_USEROPT    = 0x14
+	RTNLGRP_PHONET_IFADDR = 0x15
+	RTNLGRP_PHONET_ROUTE  = 0x16
+	RTNLGRP_DCB           = 0x17
+	RTNLGRP_IPV4_NETCONF  = 0x18
+	RTNLGRP_IPV6_NETCONF  = 0x19
+	RTNLGRP_MDB           = 0x1a
+	RTNLGRP_MPLS_ROUTE    = 0x1b
+	RTNLGRP_NSID          = 0x1c
+	RTNLGRP_MPLS_NETCONF  = 0x1d
+	RTNLGRP_IPV4_MROUTE_R = 0x1e
+	RTNLGRP_IPV6_MROUTE_R = 0x1f
+	RTNLGRP_NEXTHOP       = 0x20
+)
+
 type CapUserHeader struct {
 	Version uint32
 	Pid     int32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
index cb89d8a1..0a1ec170 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
@@ -602,22 +602,6 @@ const (
 	RTN_THROW               = 0x9
 	RTN_NAT                 = 0xa
 	RTN_XRESOLVE            = 0xb
-	RTNLGRP_NONE            = 0x0
-	RTNLGRP_LINK            = 0x1
-	RTNLGRP_NOTIFY          = 0x2
-	RTNLGRP_NEIGH           = 0x3
-	RTNLGRP_TC              = 0x4
-	RTNLGRP_IPV4_IFADDR     = 0x5
-	RTNLGRP_IPV4_MROUTE     = 0x6
-	RTNLGRP_IPV4_ROUTE      = 0x7
-	RTNLGRP_IPV4_RULE       = 0x8
-	RTNLGRP_IPV6_IFADDR     = 0x9
-	RTNLGRP_IPV6_MROUTE     = 0xa
-	RTNLGRP_IPV6_ROUTE      = 0xb
-	RTNLGRP_IPV6_IFINFO     = 0xc
-	RTNLGRP_IPV6_PREFIX     = 0x12
-	RTNLGRP_IPV6_RULE       = 0x13
-	RTNLGRP_ND_USEROPT      = 0x14
 	SizeofNlMsghdr          = 0x10
 	SizeofNlMsgerr          = 0x14
 	SizeofRtGenmsg          = 0x1
@@ -2486,6 +2470,42 @@ const (
 	BPF_FD_TYPE_URETPROBE               = 0x5
 )
 
+const (
+	RTNLGRP_NONE          = 0x0
+	RTNLGRP_LINK          = 0x1
+	RTNLGRP_NOTIFY        = 0x2
+	RTNLGRP_NEIGH         = 0x3
+	RTNLGRP_TC            = 0x4
+	RTNLGRP_IPV4_IFADDR   = 0x5
+	RTNLGRP_IPV4_MROUTE   = 0x6
+	RTNLGRP_IPV4_ROUTE    = 0x7
+	RTNLGRP_IPV4_RULE     = 0x8
+	RTNLGRP_IPV6_IFADDR   = 0x9
+	RTNLGRP_IPV6_MROUTE   = 0xa
+	RTNLGRP_IPV6_ROUTE    = 0xb
+	RTNLGRP_IPV6_IFINFO   = 0xc
+	RTNLGRP_DECnet_IFADDR = 0xd
+	RTNLGRP_NOP2          = 0xe
+	RTNLGRP_DECnet_ROUTE  = 0xf
+	RTNLGRP_DECnet_RULE   = 0x10
+	RTNLGRP_NOP4          = 0x11
+	RTNLGRP_IPV6_PREFIX   = 0x12
+	RTNLGRP_IPV6_RULE     = 0x13
+	RTNLGRP_ND_USEROPT    = 0x14
+	RTNLGRP_PHONET_IFADDR = 0x15
+	RTNLGRP_PHONET_ROUTE  = 0x16
+	RTNLGRP_DCB           = 0x17
+	RTNLGRP_IPV4_NETCONF  = 0x18
+	RTNLGRP_IPV6_NETCONF  = 0x19
+	RTNLGRP_MDB           = 0x1a
+	RTNLGRP_MPLS_ROUTE    = 0x1b
+	RTNLGRP_NSID          = 0x1c
+	RTNLGRP_MPLS_NETCONF  = 0x1d
+	RTNLGRP_IPV4_MROUTE_R = 0x1e
+	RTNLGRP_IPV6_MROUTE_R = 0x1f
+	RTNLGRP_NEXTHOP       = 0x20
+)
+
 type CapUserHeader struct {
 	Version uint32
 	Pid     int32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
index d9c93aff..c7f045a5 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
@@ -602,22 +602,6 @@ const (
 	RTN_THROW               = 0x9
 	RTN_NAT                 = 0xa
 	RTN_XRESOLVE            = 0xb
-	RTNLGRP_NONE            = 0x0
-	RTNLGRP_LINK            = 0x1
-	RTNLGRP_NOTIFY          = 0x2
-	RTNLGRP_NEIGH           = 0x3
-	RTNLGRP_TC              = 0x4
-	RTNLGRP_IPV4_IFADDR     = 0x5
-	RTNLGRP_IPV4_MROUTE     = 0x6
-	RTNLGRP_IPV4_ROUTE      = 0x7
-	RTNLGRP_IPV4_RULE       = 0x8
-	RTNLGRP_IPV6_IFADDR     = 0x9
-	RTNLGRP_IPV6_MROUTE     = 0xa
-	RTNLGRP_IPV6_ROUTE      = 0xb
-	RTNLGRP_IPV6_IFINFO     = 0xc
-	RTNLGRP_IPV6_PREFIX     = 0x12
-	RTNLGRP_IPV6_RULE       = 0x13
-	RTNLGRP_ND_USEROPT      = 0x14
 	SizeofNlMsghdr          = 0x10
 	SizeofNlMsgerr          = 0x14
 	SizeofRtGenmsg          = 0x1
@@ -2486,6 +2470,42 @@ const (
 	BPF_FD_TYPE_URETPROBE               = 0x5
 )
 
+const (
+	RTNLGRP_NONE          = 0x0
+	RTNLGRP_LINK          = 0x1
+	RTNLGRP_NOTIFY        = 0x2
+	RTNLGRP_NEIGH         = 0x3
+	RTNLGRP_TC            = 0x4
+	RTNLGRP_IPV4_IFADDR   = 0x5
+	RTNLGRP_IPV4_MROUTE   = 0x6
+	RTNLGRP_IPV4_ROUTE    = 0x7
+	RTNLGRP_IPV4_RULE     = 0x8
+	RTNLGRP_IPV6_IFADDR   = 0x9
+	RTNLGRP_IPV6_MROUTE   = 0xa
+	RTNLGRP_IPV6_ROUTE    = 0xb
+	RTNLGRP_IPV6_IFINFO   = 0xc
+	RTNLGRP_DECnet_IFADDR = 0xd
+	RTNLGRP_NOP2          = 0xe
+	RTNLGRP_DECnet_ROUTE  = 0xf
+	RTNLGRP_DECnet_RULE   = 0x10
+	RTNLGRP_NOP4          = 0x11
+	RTNLGRP_IPV6_PREFIX   = 0x12
+	RTNLGRP_IPV6_RULE     = 0x13
+	RTNLGRP_ND_USEROPT    = 0x14
+	RTNLGRP_PHONET_IFADDR = 0x15
+	RTNLGRP_PHONET_ROUTE  = 0x16
+	RTNLGRP_DCB           = 0x17
+	RTNLGRP_IPV4_NETCONF  = 0x18
+	RTNLGRP_IPV6_NETCONF  = 0x19
+	RTNLGRP_MDB           = 0x1a
+	RTNLGRP_MPLS_ROUTE    = 0x1b
+	RTNLGRP_NSID          = 0x1c
+	RTNLGRP_MPLS_NETCONF  = 0x1d
+	RTNLGRP_IPV4_MROUTE_R = 0x1e
+	RTNLGRP_IPV6_MROUTE_R = 0x1f
+	RTNLGRP_NEXTHOP       = 0x20
+)
+
 type CapUserHeader struct {
 	Version uint32
 	Pid     int32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
index a198cc52..5d8d4479 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
@@ -601,22 +601,6 @@ const (
 	RTN_THROW               = 0x9
 	RTN_NAT                 = 0xa
 	RTN_XRESOLVE            = 0xb
-	RTNLGRP_NONE            = 0x0
-	RTNLGRP_LINK            = 0x1
-	RTNLGRP_NOTIFY          = 0x2
-	RTNLGRP_NEIGH           = 0x3
-	RTNLGRP_TC              = 0x4
-	RTNLGRP_IPV4_IFADDR     = 0x5
-	RTNLGRP_IPV4_MROUTE     = 0x6
-	RTNLGRP_IPV4_ROUTE      = 0x7
-	RTNLGRP_IPV4_RULE       = 0x8
-	RTNLGRP_IPV6_IFADDR     = 0x9
-	RTNLGRP_IPV6_MROUTE     = 0xa
-	RTNLGRP_IPV6_ROUTE      = 0xb
-	RTNLGRP_IPV6_IFINFO     = 0xc
-	RTNLGRP_IPV6_PREFIX     = 0x12
-	RTNLGRP_IPV6_RULE       = 0x13
-	RTNLGRP_ND_USEROPT      = 0x14
 	SizeofNlMsghdr          = 0x10
 	SizeofNlMsgerr          = 0x14
 	SizeofRtGenmsg          = 0x1
@@ -2504,6 +2488,42 @@ const (
 	BPF_FD_TYPE_URETPROBE               = 0x5
 )
 
+const (
+	RTNLGRP_NONE          = 0x0
+	RTNLGRP_LINK          = 0x1
+	RTNLGRP_NOTIFY        = 0x2
+	RTNLGRP_NEIGH         = 0x3
+	RTNLGRP_TC            = 0x4
+	RTNLGRP_IPV4_IFADDR   = 0x5
+	RTNLGRP_IPV4_MROUTE   = 0x6
+	RTNLGRP_IPV4_ROUTE    = 0x7
+	RTNLGRP_IPV4_RULE     = 0x8
+	RTNLGRP_IPV6_IFADDR   = 0x9
+	RTNLGRP_IPV6_MROUTE   = 0xa
+	RTNLGRP_IPV6_ROUTE    = 0xb
+	RTNLGRP_IPV6_IFINFO   = 0xc
+	RTNLGRP_DECnet_IFADDR = 0xd
+	RTNLGRP_NOP2          = 0xe
+	RTNLGRP_DECnet_ROUTE  = 0xf
+	RTNLGRP_DECnet_RULE   = 0x10
+	RTNLGRP_NOP4          = 0x11
+	RTNLGRP_IPV6_PREFIX   = 0x12
+	RTNLGRP_IPV6_RULE     = 0x13
+	RTNLGRP_ND_USEROPT    = 0x14
+	RTNLGRP_PHONET_IFADDR = 0x15
+	RTNLGRP_PHONET_ROUTE  = 0x16
+	RTNLGRP_DCB           = 0x17
+	RTNLGRP_IPV4_NETCONF  = 0x18
+	RTNLGRP_IPV6_NETCONF  = 0x19
+	RTNLGRP_MDB           = 0x1a
+	RTNLGRP_MPLS_ROUTE    = 0x1b
+	RTNLGRP_NSID          = 0x1c
+	RTNLGRP_MPLS_NETCONF  = 0x1d
+	RTNLGRP_IPV4_MROUTE_R = 0x1e
+	RTNLGRP_IPV6_MROUTE_R = 0x1f
+	RTNLGRP_NEXTHOP       = 0x20
+)
+
 type CapUserHeader struct {
 	Version uint32
 	Pid     int32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
index f1e26c56..034875a6 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
@@ -600,22 +600,6 @@ const (
 	RTN_THROW               = 0x9
 	RTN_NAT                 = 0xa
 	RTN_XRESOLVE            = 0xb
-	RTNLGRP_NONE            = 0x0
-	RTNLGRP_LINK            = 0x1
-	RTNLGRP_NOTIFY          = 0x2
-	RTNLGRP_NEIGH           = 0x3
-	RTNLGRP_TC              = 0x4
-	RTNLGRP_IPV4_IFADDR     = 0x5
-	RTNLGRP_IPV4_MROUTE     = 0x6
-	RTNLGRP_IPV4_ROUTE      = 0x7
-	RTNLGRP_IPV4_RULE       = 0x8
-	RTNLGRP_IPV6_IFADDR     = 0x9
-	RTNLGRP_IPV6_MROUTE     = 0xa
-	RTNLGRP_IPV6_ROUTE      = 0xb
-	RTNLGRP_IPV6_IFINFO     = 0xc
-	RTNLGRP_IPV6_PREFIX     = 0x12
-	RTNLGRP_IPV6_RULE       = 0x13
-	RTNLGRP_ND_USEROPT      = 0x14
 	SizeofNlMsghdr          = 0x10
 	SizeofNlMsgerr          = 0x14
 	SizeofRtGenmsg          = 0x1
@@ -2500,6 +2484,42 @@ const (
 	BPF_FD_TYPE_URETPROBE               = 0x5
 )
 
+const (
+	RTNLGRP_NONE          = 0x0
+	RTNLGRP_LINK          = 0x1
+	RTNLGRP_NOTIFY        = 0x2
+	RTNLGRP_NEIGH         = 0x3
+	RTNLGRP_TC            = 0x4
+	RTNLGRP_IPV4_IFADDR   = 0x5
+	RTNLGRP_IPV4_MROUTE   = 0x6
+	RTNLGRP_IPV4_ROUTE    = 0x7
+	RTNLGRP_IPV4_RULE     = 0x8
+	RTNLGRP_IPV6_IFADDR   = 0x9
+	RTNLGRP_IPV6_MROUTE   = 0xa
+	RTNLGRP_IPV6_ROUTE    = 0xb
+	RTNLGRP_IPV6_IFINFO   = 0xc
+	RTNLGRP_DECnet_IFADDR = 0xd
+	RTNLGRP_NOP2          = 0xe
+	RTNLGRP_DECnet_ROUTE  = 0xf
+	RTNLGRP_DECnet_RULE   = 0x10
+	RTNLGRP_NOP4          = 0x11
+	RTNLGRP_IPV6_PREFIX   = 0x12
+	RTNLGRP_IPV6_RULE     = 0x13
+	RTNLGRP_ND_USEROPT    = 0x14
+	RTNLGRP_PHONET_IFADDR = 0x15
+	RTNLGRP_PHONET_ROUTE  = 0x16
+	RTNLGRP_DCB           = 0x17
+	RTNLGRP_IPV4_NETCONF  = 0x18
+	RTNLGRP_IPV6_NETCONF  = 0x19
+	RTNLGRP_MDB           = 0x1a
+	RTNLGRP_MPLS_ROUTE    = 0x1b
+	RTNLGRP_NSID          = 0x1c
+	RTNLGRP_MPLS_NETCONF  = 0x1d
+	RTNLGRP_IPV4_MROUTE_R = 0x1e
+	RTNLGRP_IPV6_MROUTE_R = 0x1f
+	RTNLGRP_NEXTHOP       = 0x20
+)
+
 type CapUserHeader struct {
 	Version uint32
 	Pid     int32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
index d2824804..2f7ec8b8 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
@@ -604,22 +604,6 @@ const (
 	RTN_THROW               = 0x9
 	RTN_NAT                 = 0xa
 	RTN_XRESOLVE            = 0xb
-	RTNLGRP_NONE            = 0x0
-	RTNLGRP_LINK            = 0x1
-	RTNLGRP_NOTIFY          = 0x2
-	RTNLGRP_NEIGH           = 0x3
-	RTNLGRP_TC              = 0x4
-	RTNLGRP_IPV4_IFADDR     = 0x5
-	RTNLGRP_IPV4_MROUTE     = 0x6
-	RTNLGRP_IPV4_ROUTE      = 0x7
-	RTNLGRP_IPV4_RULE       = 0x8
-	RTNLGRP_IPV6_IFADDR     = 0x9
-	RTNLGRP_IPV6_MROUTE     = 0xa
-	RTNLGRP_IPV6_ROUTE      = 0xb
-	RTNLGRP_IPV6_IFINFO     = 0xc
-	RTNLGRP_IPV6_PREFIX     = 0x12
-	RTNLGRP_IPV6_RULE       = 0x13
-	RTNLGRP_ND_USEROPT      = 0x14
 	SizeofNlMsghdr          = 0x10
 	SizeofNlMsgerr          = 0x14
 	SizeofRtGenmsg          = 0x1
@@ -2481,6 +2465,42 @@ const (
 	BPF_FD_TYPE_URETPROBE               = 0x5
 )
 
+const (
+	RTNLGRP_NONE          = 0x0
+	RTNLGRP_LINK          = 0x1
+	RTNLGRP_NOTIFY        = 0x2
+	RTNLGRP_NEIGH         = 0x3
+	RTNLGRP_TC            = 0x4
+	RTNLGRP_IPV4_IFADDR   = 0x5
+	RTNLGRP_IPV4_MROUTE   = 0x6
+	RTNLGRP_IPV4_ROUTE    = 0x7
+	RTNLGRP_IPV4_RULE     = 0x8
+	RTNLGRP_IPV6_IFADDR   = 0x9
+	RTNLGRP_IPV6_MROUTE   = 0xa
+	RTNLGRP_IPV6_ROUTE    = 0xb
+	RTNLGRP_IPV6_IFINFO   = 0xc
+	RTNLGRP_DECnet_IFADDR = 0xd
+	RTNLGRP_NOP2          = 0xe
+	RTNLGRP_DECnet_ROUTE  = 0xf
+	RTNLGRP_DECnet_RULE   = 0x10
+	RTNLGRP_NOP4          = 0x11
+	RTNLGRP_IPV6_PREFIX   = 0x12
+	RTNLGRP_IPV6_RULE     = 0x13
+	RTNLGRP_ND_USEROPT    = 0x14
+	RTNLGRP_PHONET_IFADDR = 0x15
+	RTNLGRP_PHONET_ROUTE  = 0x16
+	RTNLGRP_DCB           = 0x17
+	RTNLGRP_IPV4_NETCONF  = 0x18
+	RTNLGRP_IPV6_NETCONF  = 0x19
+	RTNLGRP_MDB           = 0x1a
+	RTNLGRP_MPLS_ROUTE    = 0x1b
+	RTNLGRP_NSID          = 0x1c
+	RTNLGRP_MPLS_NETCONF  = 0x1d
+	RTNLGRP_IPV4_MROUTE_R = 0x1e
+	RTNLGRP_IPV6_MROUTE_R = 0x1f
+	RTNLGRP_NEXTHOP       = 0x20
+)
+
 type CapUserHeader struct {
 	Version uint32
 	Pid     int32
diff --git a/vendor/golang.org/x/sys/windows/security_windows.go b/vendor/golang.org/x/sys/windows/security_windows.go
index c605ee6a..d88ed91a 100644
--- a/vendor/golang.org/x/sys/windows/security_windows.go
+++ b/vendor/golang.org/x/sys/windows/security_windows.go
@@ -229,13 +229,15 @@ func LookupSID(system, account string) (sid *SID, domain string, accType uint32,
 
 // String converts SID to a string format suitable for display, storage, or transmission.
 func (sid *SID) String() string {
+	// From https://docs.microsoft.com/en-us/windows/win32/secbiomet/general-constants
+	const SecurityMaxSidSize = 68
 	var s *uint16
 	e := ConvertSidToStringSid(sid, &s)
 	if e != nil {
 		return ""
 	}
 	defer LocalFree((Handle)(unsafe.Pointer(s)))
-	return UTF16ToString((*[(1 << 30) - 1]uint16)(unsafe.Pointer(s))[:])
+	return UTF16ToString((*[SecurityMaxSidSize]uint16)(unsafe.Pointer(s))[:])
 }
 
 // Len returns the length, in bytes, of a valid security identifier SID.
diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go
index 33513e34..90358693 100644
--- a/vendor/golang.org/x/sys/windows/syscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -290,6 +290,7 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	FindNextVolumeMountPoint(findVolumeMountPoint Handle, volumeMountPoint *uint16, bufferLength uint32) (err error) = FindNextVolumeMountPointW
 //sys	FindVolumeClose(findVolume Handle) (err error)
 //sys	FindVolumeMountPointClose(findVolumeMountPoint Handle) (err error)
+//sys	GetDiskFreeSpaceEx(directoryName *uint16, freeBytesAvailableToCaller *uint64, totalNumberOfBytes *uint64, totalNumberOfFreeBytes *uint64) (err error) = GetDiskFreeSpaceExW
 //sys	GetDriveType(rootPathName *uint16) (driveType uint32) = GetDriveTypeW
 //sys	GetLogicalDrives() (drivesBitMask uint32, err error) [failretval==0]
 //sys	GetLogicalDriveStrings(bufferLength uint32, buffer *uint16) (n uint32, err error) [failretval==0] = GetLogicalDriveStringsW
@@ -856,7 +857,7 @@ func (rsa *RawSockaddrAny) Sockaddr() (Sockaddr, error) {
 		for n < len(pp.Path) && pp.Path[n] != 0 {
 			n++
 		}
-		bytes := (*[10000]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
+		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
 		sa.Name = string(bytes)
 		return sa, nil
 
diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index ace2c19e..74d721e0 100644
--- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -224,6 +224,7 @@ var (
 	procFindNextVolumeMountPointW                            = modkernel32.NewProc("FindNextVolumeMountPointW")
 	procFindVolumeClose                                      = modkernel32.NewProc("FindVolumeClose")
 	procFindVolumeMountPointClose                            = modkernel32.NewProc("FindVolumeMountPointClose")
+	procGetDiskFreeSpaceExW                                  = modkernel32.NewProc("GetDiskFreeSpaceExW")
 	procGetDriveTypeW                                        = modkernel32.NewProc("GetDriveTypeW")
 	procGetLogicalDrives                                     = modkernel32.NewProc("GetLogicalDrives")
 	procGetLogicalDriveStringsW                              = modkernel32.NewProc("GetLogicalDriveStringsW")
@@ -2503,6 +2504,18 @@ func FindVolumeMountPointClose(findVolumeMountPoint Handle) (err error) {
 	return
 }
 
+func GetDiskFreeSpaceEx(directoryName *uint16, freeBytesAvailableToCaller *uint64, totalNumberOfBytes *uint64, totalNumberOfFreeBytes *uint64) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetDiskFreeSpaceExW.Addr(), 4, uintptr(unsafe.Pointer(directoryName)), uintptr(unsafe.Pointer(freeBytesAvailableToCaller)), uintptr(unsafe.Pointer(totalNumberOfBytes)), uintptr(unsafe.Pointer(totalNumberOfFreeBytes)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
 func GetDriveType(rootPathName *uint16) (driveType uint32) {
 	r0, _, _ := syscall.Syscall(procGetDriveTypeW.Addr(), 1, uintptr(unsafe.Pointer(rootPathName)), 0, 0)
 	driveType = uint32(r0)
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 5a5ea870..d267f948 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -212,7 +212,7 @@ golang.org/x/crypto/poly1305
 golang.org/x/crypto/salsa20/salsa
 golang.org/x/crypto/ssh
 golang.org/x/crypto/ssh/terminal
-# golang.org/x/net v0.0.0-20191007182048-72f939374954
+# golang.org/x/net v0.0.0-20191014212845-da9a3fd4c582
 golang.org/x/net/bpf
 golang.org/x/net/context
 golang.org/x/net/context/ctxhttp
@@ -222,9 +222,11 @@ golang.org/x/net/http2/hpack
 golang.org/x/net/idna
 golang.org/x/net/internal/iana
 golang.org/x/net/internal/socket
+golang.org/x/net/internal/socks
 golang.org/x/net/internal/timeseries
 golang.org/x/net/ipv4
 golang.org/x/net/ipv6
+golang.org/x/net/proxy
 golang.org/x/net/trace
 golang.org/x/net/websocket
 # golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
@@ -232,7 +234,7 @@ golang.org/x/oauth2
 golang.org/x/oauth2/internal
 # golang.org/x/sync v0.0.0-20190423024810-112230192c58
 golang.org/x/sync/errgroup
-# golang.org/x/sys v0.0.0-20191008105621-543471e840be
+# golang.org/x/sys v0.0.0-20191020212454-3e7259c5e7c2
 golang.org/x/sys/cpu
 golang.org/x/sys/unix
 golang.org/x/sys/windows
diff --git a/websocket/websocket.go b/websocket/websocket.go
index 2eb66901..823879aa 100644
--- a/websocket/websocket.go
+++ b/websocket/websocket.go
@@ -116,10 +116,15 @@ func Stream(conn, backendConn io.ReadWriter) {
 	<-proxyDone
 }
 
+// DefaultStreamHandler is provided to the the standard websocket to origin stream
+// This exist to allow SOCKS to deframe data before it gets to the origin
+func DefaultStreamHandler(wsConn *Conn, remoteConn net.Conn) {
+	Stream(wsConn, remoteConn)
+}
+
 // StartProxyServer will start a websocket server that will decode
 // the websocket data and write the resulting data to the provided
-// address
-func StartProxyServer(logger *logrus.Logger, listener net.Listener, remote string, shutdownC <-chan struct{}) error {
+func StartProxyServer(logger *logrus.Logger, listener net.Listener, remote string, shutdownC <-chan struct{}, streamHandler func(wsConn *Conn, remoteConn net.Conn)) error {
 	upgrader := websocket.Upgrader{
 		ReadBufferSize:  1024,
 		WriteBufferSize: 1024,
@@ -165,7 +170,7 @@ func StartProxyServer(logger *logrus.Logger, listener net.Listener, remote strin
 			}
 		}
 
-		Stream(&Conn{conn}, stream)
+		streamHandler(&Conn{conn}, stream)
 	})
 
 	return httpServer.Serve(listener)

From 322f909edbca5c1385a8f89b833afc07f7790539 Mon Sep 17 00:00:00 2001
From: Areg Harutyunyan <areg@cloudflare.com>
Date: Thu, 9 Apr 2020 21:59:15 +0100
Subject: [PATCH 036/100] TUN-2880: Return metadata about source of the
 response from cloudflared

---
 h2mux/header.go                 | 21 +++++++++++++++++++++
 origin/tunnel.go                |  9 +++++++--
 originservice/originservice.go  |  7 +++++--
 streamhandler/stream_handler.go |  5 +++--
 4 files changed, 36 insertions(+), 6 deletions(-)

diff --git a/h2mux/header.go b/h2mux/header.go
index dbec394f..bc28c371 100644
--- a/h2mux/header.go
+++ b/h2mux/header.go
@@ -2,6 +2,7 @@ package h2mux
 
 import (
 	"encoding/base64"
+	"encoding/json"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -20,6 +21,10 @@ var headerEncoding = base64.RawStdEncoding
 const (
 	RequestUserHeadersField  = "cf-cloudflared-request-headers"
 	ResponseUserHeadersField = "cf-cloudflared-response-headers"
+
+	ResponseMetaHeaderField   = "cf-cloudflared-response-meta"
+	ResponseSourceCloudflared = "cloudflared"
+	ResponseSourceOrigin      = "origin"
 )
 
 // H2RequestHeadersToH1Request converts the HTTP/2 headers coming from origintunneld
@@ -226,3 +231,19 @@ func CreateSerializedHeaders(headersField string, headers ...http.Header) []Head
 		strings.Join(serializedHeaderChunks, ";"),
 	}}
 }
+
+type responseMetaHeader struct {
+	Source string `json:"src"`
+}
+
+func CreateResponseMetaHeader(source string) Header {
+	jsonResponseMetaHeader, err := json.Marshal(responseMetaHeader{Source: source})
+	if err != nil {
+		panic(err)
+	}
+
+	return Header{
+		Name:  ResponseMetaHeaderField,
+		Value: string(jsonResponseMetaHeader),
+	}
+}
diff --git a/origin/tunnel.go b/origin/tunnel.go
index 3c44e166..a11a514d 100644
--- a/origin/tunnel.go
+++ b/origin/tunnel.go
@@ -688,7 +688,9 @@ func (h *TunnelHandler) serveHTTP(stream *h2mux.MuxedStream, req *http.Request)
 	}
 	defer response.Body.Close()
 
-	err = stream.WriteHeaders(h2mux.H1ResponseToH2ResponseHeaders(response))
+	headers := h2mux.H1ResponseToH2ResponseHeaders(response)
+	headers = append(headers, h2mux.CreateResponseMetaHeader(h2mux.ResponseSourceOrigin))
+	err = stream.WriteHeaders(headers)
 	if err != nil {
 		return nil, errors.Wrap(err, "Error writing response header")
 	}
@@ -725,7 +727,10 @@ func (h *TunnelHandler) isEventStream(response *http.Response) bool {
 
 func (h *TunnelHandler) logError(stream *h2mux.MuxedStream, err error) {
 	h.logger.WithError(err).Error("HTTP request error")
-	stream.WriteHeaders([]h2mux.Header{{Name: ":status", Value: "502"}})
+	stream.WriteHeaders([]h2mux.Header{
+		{Name: ":status", Value: "502"},
+		h2mux.CreateResponseMetaHeader(h2mux.ResponseSourceCloudflared),
+	})
 	stream.Write([]byte("502 Bad Gateway"))
 	h.metrics.incrementResponses(h.connectionID, "502")
 }
diff --git a/originservice/originservice.go b/originservice/originservice.go
index 1c90dfee..86a532f9 100644
--- a/originservice/originservice.go
+++ b/originservice/originservice.go
@@ -17,7 +17,6 @@ import (
 	"github.com/cloudflare/cloudflared/hello"
 	"github.com/cloudflare/cloudflared/log"
 	"github.com/cloudflare/cloudflared/websocket"
-
 	"github.com/pkg/errors"
 )
 
@@ -47,6 +46,8 @@ func NewHTTPService(transport http.RoundTripper, url *url.URL, chunkedEncoding b
 }
 
 func (hc *HTTPService) Proxy(stream *h2mux.MuxedStream, req *http.Request) (*http.Response, error) {
+	const responseSourceOrigin = "origin"
+
 	// Support for WSGI Servers by switching transfer encoding from chunked to gzip/deflate
 	if !hc.chunkedEncoding {
 		req.TransferEncoding = []string{"gzip", "deflate"}
@@ -65,7 +66,9 @@ func (hc *HTTPService) Proxy(stream *h2mux.MuxedStream, req *http.Request) (*htt
 	}
 	defer resp.Body.Close()
 
-	err = stream.WriteHeaders(h1ResponseToH2Response(resp))
+	responseHeaders := h1ResponseToH2Response(resp)
+	responseHeaders = append(responseHeaders, h2mux.CreateResponseMetaHeader(responseSourceOrigin))
+	err = stream.WriteHeaders(responseHeaders)
 	if err != nil {
 		return nil, errors.Wrap(err, "error writing response header to HTTP origin")
 	}
diff --git a/streamhandler/stream_handler.go b/streamhandler/stream_handler.go
index 50ea68d9..aef1609d 100644
--- a/streamhandler/stream_handler.go
+++ b/streamhandler/stream_handler.go
@@ -180,11 +180,12 @@ func (s *StreamHandler) requestLogger(req *http.Request, tunnelHostname h2mux.Tu
 }
 
 func (s *StreamHandler) writeErrorStatus(stream *h2mux.MuxedStream, status *httpErrorStatus) {
-	stream.WriteHeaders([]h2mux.Header{
+	_ = stream.WriteHeaders([]h2mux.Header{
 		{
 			Name:  statusPseudoHeader,
 			Value: status.status,
 		},
+		h2mux.CreateResponseMetaHeader(h2mux.ResponseSourceCloudflared),
 	})
-	stream.Write(status.text)
+	_, _ = stream.Write(status.text)
 }

From 06f29306cdb6570cf2a41c6afce3d1b59cc14db4 Mon Sep 17 00:00:00 2001
From: Areg Harutyunyan <areg@cloudflare.com>
Date: Fri, 10 Apr 2020 20:26:09 +0100
Subject: [PATCH 037/100] TUN-2881: Parameterize response meta information
 header name in the generating function

---
 h2mux/header.go                 |  4 ++--
 origin/tunnel.go                | 10 +++++-----
 originservice/originservice.go  |  2 +-
 streamhandler/stream_handler.go |  2 +-
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/h2mux/header.go b/h2mux/header.go
index bc28c371..cdb5ddaa 100644
--- a/h2mux/header.go
+++ b/h2mux/header.go
@@ -236,14 +236,14 @@ type responseMetaHeader struct {
 	Source string `json:"src"`
 }
 
-func CreateResponseMetaHeader(source string) Header {
+func CreateResponseMetaHeader(headerName, source string) Header {
 	jsonResponseMetaHeader, err := json.Marshal(responseMetaHeader{Source: source})
 	if err != nil {
 		panic(err)
 	}
 
 	return Header{
-		Name:  ResponseMetaHeaderField,
+		Name:  headerName,
 		Value: string(jsonResponseMetaHeader),
 	}
 }
diff --git a/origin/tunnel.go b/origin/tunnel.go
index a11a514d..bc4b9c50 100644
--- a/origin/tunnel.go
+++ b/origin/tunnel.go
@@ -606,7 +606,7 @@ func (h *TunnelHandler) ServeStream(stream *h2mux.MuxedStream) error {
 
 	req, reqErr := h.createRequest(stream)
 	if reqErr != nil {
-		h.logError(stream, reqErr)
+		h.writeErrorResponse(stream, reqErr)
 		return reqErr
 	}
 
@@ -622,7 +622,7 @@ func (h *TunnelHandler) ServeStream(stream *h2mux.MuxedStream) error {
 		resp, respErr = h.serveHTTP(stream, req)
 	}
 	if respErr != nil {
-		h.logError(stream, respErr)
+		h.writeErrorResponse(stream, respErr)
 		return respErr
 	}
 	h.logResponseOk(resp, cfRay, lbProbe)
@@ -689,7 +689,7 @@ func (h *TunnelHandler) serveHTTP(stream *h2mux.MuxedStream, req *http.Request)
 	defer response.Body.Close()
 
 	headers := h2mux.H1ResponseToH2ResponseHeaders(response)
-	headers = append(headers, h2mux.CreateResponseMetaHeader(h2mux.ResponseSourceOrigin))
+	headers = append(headers, h2mux.CreateResponseMetaHeader(h2mux.ResponseMetaHeaderField, h2mux.ResponseSourceOrigin))
 	err = stream.WriteHeaders(headers)
 	if err != nil {
 		return nil, errors.Wrap(err, "Error writing response header")
@@ -725,11 +725,11 @@ func (h *TunnelHandler) isEventStream(response *http.Response) bool {
 	return false
 }
 
-func (h *TunnelHandler) logError(stream *h2mux.MuxedStream, err error) {
+func (h *TunnelHandler) writeErrorResponse(stream *h2mux.MuxedStream, err error) {
 	h.logger.WithError(err).Error("HTTP request error")
 	stream.WriteHeaders([]h2mux.Header{
 		{Name: ":status", Value: "502"},
-		h2mux.CreateResponseMetaHeader(h2mux.ResponseSourceCloudflared),
+		h2mux.CreateResponseMetaHeader(h2mux.ResponseMetaHeaderField, h2mux.ResponseSourceCloudflared),
 	})
 	stream.Write([]byte("502 Bad Gateway"))
 	h.metrics.incrementResponses(h.connectionID, "502")
diff --git a/originservice/originservice.go b/originservice/originservice.go
index 86a532f9..6f363c30 100644
--- a/originservice/originservice.go
+++ b/originservice/originservice.go
@@ -67,7 +67,7 @@ func (hc *HTTPService) Proxy(stream *h2mux.MuxedStream, req *http.Request) (*htt
 	defer resp.Body.Close()
 
 	responseHeaders := h1ResponseToH2Response(resp)
-	responseHeaders = append(responseHeaders, h2mux.CreateResponseMetaHeader(responseSourceOrigin))
+	responseHeaders = append(responseHeaders, h2mux.CreateResponseMetaHeader(h2mux.ResponseMetaHeaderField, responseSourceOrigin))
 	err = stream.WriteHeaders(responseHeaders)
 	if err != nil {
 		return nil, errors.Wrap(err, "error writing response header to HTTP origin")
diff --git a/streamhandler/stream_handler.go b/streamhandler/stream_handler.go
index aef1609d..66763bcd 100644
--- a/streamhandler/stream_handler.go
+++ b/streamhandler/stream_handler.go
@@ -185,7 +185,7 @@ func (s *StreamHandler) writeErrorStatus(stream *h2mux.MuxedStream, status *http
 			Name:  statusPseudoHeader,
 			Value: status.status,
 		},
-		h2mux.CreateResponseMetaHeader(h2mux.ResponseSourceCloudflared),
+		h2mux.CreateResponseMetaHeader(h2mux.ResponseMetaHeaderField, h2mux.ResponseSourceCloudflared),
 	})
 	_, _ = stream.Write(status.text)
 }

From 1c6ea36e7336b060b38b7f298245d74d0c1be209 Mon Sep 17 00:00:00 2001
From: Areg Harutyunyan <areg@cloudflare.com>
Date: Sat, 11 Apr 2020 00:59:34 +0100
Subject: [PATCH 038/100] TUN-2894: ResponseMetaHeader should be public

---
 h2mux/header.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/h2mux/header.go b/h2mux/header.go
index cdb5ddaa..5490b050 100644
--- a/h2mux/header.go
+++ b/h2mux/header.go
@@ -232,12 +232,12 @@ func CreateSerializedHeaders(headersField string, headers ...http.Header) []Head
 	}}
 }
 
-type responseMetaHeader struct {
+type ResponseMetaHeader struct {
 	Source string `json:"src"`
 }
 
 func CreateResponseMetaHeader(headerName, source string) Header {
-	jsonResponseMetaHeader, err := json.Marshal(responseMetaHeader{Source: source})
+	jsonResponseMetaHeader, err := json.Marshal(ResponseMetaHeader{Source: source})
 	if err != nil {
 		panic(err)
 	}

From 6d63f84a75b63ae31a30474bfcc6aac46507e3e3 Mon Sep 17 00:00:00 2001
From: Elvin Tan <elvin@cloudflare.com>
Date: Mon, 24 Feb 2020 10:48:06 +0800
Subject: [PATCH 039/100] AUTH-2235 GetTokenIfExists now parses JWT payload for
 json expiry field to detect if the cached access token is expired

---
 cmd/cloudflared/token/token.go | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/cmd/cloudflared/token/token.go b/cmd/cloudflared/token/token.go
index 80d0a935..e28b1fd6 100644
--- a/cmd/cloudflared/token/token.go
+++ b/cmd/cloudflared/token/token.go
@@ -2,12 +2,14 @@ package token
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"net/url"
 	"os"
 	"os/signal"
 	"syscall"
+	"time"
 
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/path"
@@ -34,6 +36,21 @@ type signalHandler struct {
 	signals    []os.Signal
 }
 
+type jwtPayload struct {
+	Aud   []string `json:"aud"`
+	Email string   `json:"email"`
+	Exp   int      `json:"exp"`
+	Iat   int      `json:"iat"`
+	Nbf   int      `json:"nbf"`
+	Iss   string   `json:"iss"`
+	Type  string   `json:"type"`
+	Subt  string   `json:"sub"`
+}
+
+func (p jwtPayload) isExpired() bool {
+	return int(time.Now().Unix()) > p.Exp
+}
+
 func (s *signalHandler) register(handler func()) {
 	s.sigChannel = make(chan os.Signal, 1)
 	signal.Notify(s.sigChannel, s.signals...)
@@ -147,7 +164,7 @@ func FetchToken(appURL *url.URL) (string, error) {
 	return string(token), nil
 }
 
-// GetTokenIfExists will return the token from local storage if it exists
+// GetTokenIfExists will return the token from local storage if it exists and not expired
 func GetTokenIfExists(url *url.URL) (string, error) {
 	path, err := path.GenerateFilePathFromURL(url, keyName)
 	if err != nil {
@@ -162,6 +179,17 @@ func GetTokenIfExists(url *url.URL) (string, error) {
 		return "", err
 	}
 
+	var payload jwtPayload
+	err = json.Unmarshal(token.Payload, &payload)
+	if err != nil {
+		return "", err
+	}
+
+	if payload.isExpired() {
+		err := os.Remove(path)
+		return "", err
+	}
+
 	return token.Encode(), nil
 }
 

From f18209af7def919e731fe1a97c3d052d041f152a Mon Sep 17 00:00:00 2001
From: Austin Cherry <acherry@cloudflare.com>
Date: Sat, 4 Apr 2020 15:49:36 -0500
Subject: [PATCH 040/100] ARES-899: Fixes DoH client as system resolver. Fixes
 #91

---
 cmd/cloudflared/tunnel/cmd.go    | 13 +++++
 cmd/cloudflared/tunnel/server.go |  2 +-
 tunneldns/https_upstream.go      | 93 ++++++++++++++++++++++----------
 tunneldns/tunnel.go              |  6 +--
 4 files changed, 82 insertions(+), 32 deletions(-)

diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index 22dbcc2e..9e940126 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -138,6 +138,12 @@ func Commands() []*cli.Command {
 					Value:   cli.NewStringSlice("https://1.1.1.1/dns-query", "https://1.0.0.1/dns-query"),
 					EnvVars: []string{"TUNNEL_DNS_UPSTREAM"},
 				},
+				&cli.StringSliceFlag{
+					Name:    "bootstrap",
+					Usage:   "bootstrap endpoint URL, you can specify multiple endpoints for redundancy.",
+					Value:   cli.NewStringSlice("https://162.159.36.1/dns-query", "https://162.159.46.1/dns-query", "https://[2606:4700:4700::1111]/dns-query", "https://[2606:4700:4700::1001]/dns-query"),
+					EnvVars: []string{"TUNNEL_DNS_BOOTSTRAP"},
+				},
 			},
 			ArgsUsage: " ", // can't be the empty string or we get the default output
 			Hidden:    false,
@@ -963,6 +969,13 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 			EnvVars: []string{"TUNNEL_DNS_UPSTREAM"},
 			Hidden:  shouldHide,
 		}),
+		altsrc.NewStringSliceFlag(&cli.StringSliceFlag{
+			Name:    "proxy-dns-bootstrap",
+			Usage:   "bootstrap endpoint URL, you can specify multiple endpoints for redundancy.",
+			Value:   cli.NewStringSlice("https://162.159.36.1/dns-query", "https://162.159.46.1/dns-query", "https://[2606:4700:4700::1111]/dns-query", "https://[2606:4700:4700::1001]/dns-query"),
+			EnvVars: []string{"TUNNEL_DNS_BOOTSTRAP"},
+			Hidden:  shouldHide,
+		}),
 		altsrc.NewDurationFlag(&cli.DurationFlag{
 			Name:    "grace-period",
 			Usage:   "Duration to accept new requests after cloudflared receives first SIGINT/SIGTERM. A second SIGINT/SIGTERM will force cloudflared to shutdown immediately.",
diff --git a/cmd/cloudflared/tunnel/server.go b/cmd/cloudflared/tunnel/server.go
index 3d089f41..4595566d 100644
--- a/cmd/cloudflared/tunnel/server.go
+++ b/cmd/cloudflared/tunnel/server.go
@@ -14,7 +14,7 @@ func runDNSProxyServer(c *cli.Context, dnsReadySignal, shutdownC chan struct{})
 		logger.Errorf("The 'proxy-dns-port' must be a valid port number in <1, 65535> range.")
 		return errors.New("The 'proxy-dns-port' must be a valid port number in <1, 65535> range.")
 	}
-	listener, err := tunneldns.CreateListener(c.String("proxy-dns-address"), uint16(port), c.StringSlice("proxy-dns-upstream"))
+	listener, err := tunneldns.CreateListener(c.String("proxy-dns-address"), uint16(port), c.StringSlice("proxy-dns-upstream"), c.StringSlice("proxy-dns-bootstrap"))
 	if err != nil {
 		close(dnsReadySignal)
 		listener.Stop()
diff --git a/tunneldns/https_upstream.go b/tunneldns/https_upstream.go
index 57f51deb..8494fd5f 100644
--- a/tunneldns/https_upstream.go
+++ b/tunneldns/https_upstream.go
@@ -6,6 +6,7 @@ import (
 	"crypto/tls"
 	"fmt"
 	"io/ioutil"
+	"net"
 	"net/http"
 	"net/url"
 	"time"
@@ -22,33 +23,18 @@ const (
 
 // UpstreamHTTPS is the upstream implementation for DNS over HTTPS service
 type UpstreamHTTPS struct {
-	client   *http.Client
-	endpoint *url.URL
+	client     *http.Client
+	endpoint   *url.URL
+	bootstraps []string
 }
 
-// NewUpstreamHTTPS creates a new DNS over HTTPS upstream from hostname
-func NewUpstreamHTTPS(endpoint string) (Upstream, error) {
+// NewUpstreamHTTPS creates a new DNS over HTTPS upstream from endpoint
+func NewUpstreamHTTPS(endpoint string, bootstraps []string) (Upstream, error) {
 	u, err := url.Parse(endpoint)
 	if err != nil {
 		return nil, err
 	}
-
-	// Update TLS and HTTP client configuration
-	tls := &tls.Config{ServerName: u.Hostname()}
-	transport := &http.Transport{
-		TLSClientConfig:    tls,
-		DisableCompression: true,
-		MaxIdleConns:       1,
-		Proxy:              http.ProxyFromEnvironment,
-	}
-	http2.ConfigureTransport(transport)
-
-	client := &http.Client{
-		Timeout:   defaultTimeout,
-		Transport: transport,
-	}
-
-	return &UpstreamHTTPS{client: client, endpoint: u}, nil
+	return &UpstreamHTTPS{client: configureClient(u.Hostname()), endpoint: u, bootstraps: bootstraps}, nil
 }
 
 // Exchange provides an implementation for the Upstream interface
@@ -58,34 +44,55 @@ func (u *UpstreamHTTPS) Exchange(ctx context.Context, query *dns.Msg) (*dns.Msg,
 		return nil, errors.Wrap(err, "failed to pack DNS query")
 	}
 
+	if len(query.Question) > 0 && query.Question[0].Name == fmt.Sprintf("%s.", u.endpoint.Hostname()) {
+		for _, bootstrap := range u.bootstraps {
+			endpoint, client, err := configureBootstrap(bootstrap)
+			if err != nil {
+				log.WithError(err).Errorf("failed to configure boostrap upstream %s", bootstrap)
+				continue
+			}
+			msg, err := exchange(queryBuf, query.Id, endpoint, client)
+			if err != nil {
+				log.WithError(err).Errorf("failed to connect to a boostrap upstream %s", bootstrap)
+				continue
+			}
+			return msg, nil
+		}
+		return nil, fmt.Errorf("failed to reach any bootstrap upstream: %v", u.bootstraps)
+	}
+
+	return exchange(queryBuf, query.Id, u.endpoint, u.client)
+}
+
+func exchange(msg []byte, queryID uint16, endpoint *url.URL, client *http.Client) (*dns.Msg, error) {
 	// No content negotiation for now, use DNS wire format
-	buf, backendErr := u.exchangeWireformat(queryBuf)
+	buf, backendErr := exchangeWireformat(msg, endpoint, client)
 	if backendErr == nil {
 		response := &dns.Msg{}
 		if err := response.Unpack(buf); err != nil {
 			return nil, errors.Wrap(err, "failed to unpack DNS response from body")
 		}
 
-		response.Id = query.Id
+		response.Id = queryID
 		return response, nil
 	}
 
-	log.WithError(backendErr).Errorf("failed to connect to an HTTPS backend %q", u.endpoint)
+	log.WithError(backendErr).Errorf("failed to connect to an HTTPS backend %q", endpoint)
 	return nil, backendErr
 }
 
 // Perform message exchange with the default UDP wireformat defined in current draft
 // https://datatracker.ietf.org/doc/draft-ietf-doh-dns-over-https
-func (u *UpstreamHTTPS) exchangeWireformat(msg []byte) ([]byte, error) {
-	req, err := http.NewRequest("POST", u.endpoint.String(), bytes.NewBuffer(msg))
+func exchangeWireformat(msg []byte, endpoint *url.URL, client *http.Client) ([]byte, error) {
+	req, err := http.NewRequest("POST", endpoint.String(), bytes.NewBuffer(msg))
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to create an HTTPS request")
 	}
 
 	req.Header.Add("Content-Type", "application/dns-message")
-	req.Host = u.endpoint.Host
+	req.Host = endpoint.Host
 
-	resp, err := u.client.Do(req)
+	resp, err := client.Do(req)
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to perform an HTTPS request")
 	}
@@ -104,3 +111,33 @@ func (u *UpstreamHTTPS) exchangeWireformat(msg []byte) ([]byte, error) {
 
 	return buf, nil
 }
+
+func configureBootstrap(bootstrap string) (*url.URL, *http.Client, error) {
+	b, err := url.Parse(bootstrap)
+	if err != nil {
+		return nil, nil, err
+	}
+	if ip := net.ParseIP(b.Hostname()); ip == nil {
+		return nil, nil, fmt.Errorf("bootstrap address of %s must be an IP address", b.Hostname())
+	}
+
+	return b, configureClient(b.Hostname()), nil
+}
+
+// configureClient will configure a HTTPS client for upstream DoH requests
+func configureClient(hostname string) *http.Client {
+	// Update TLS and HTTP client configuration
+	tls := &tls.Config{ServerName: hostname}
+	transport := &http.Transport{
+		TLSClientConfig:    tls,
+		DisableCompression: true,
+		MaxIdleConns:       1,
+		Proxy:              http.ProxyFromEnvironment,
+	}
+	http2.ConfigureTransport(transport)
+
+	return &http.Client{
+		Timeout:   defaultTimeout,
+		Transport: transport,
+	}
+}
diff --git a/tunneldns/tunnel.go b/tunneldns/tunnel.go
index 13db1fb6..1cbe1136 100644
--- a/tunneldns/tunnel.go
+++ b/tunneldns/tunnel.go
@@ -35,7 +35,7 @@ func Run(c *cli.Context) error {
 
 	go metrics.ServeMetrics(metricsListener, nil, logger)
 
-	listener, err := CreateListener(c.String("address"), uint16(c.Uint("port")), c.StringSlice("upstream"))
+	listener, err := CreateListener(c.String("address"), uint16(c.Uint("port")), c.StringSlice("upstream"), c.StringSlice("bootstrap"))
 	if err != nil {
 		logger.WithError(err).Errorf("Failed to create the listeners")
 		return err
@@ -117,12 +117,12 @@ func (l *Listener) Stop() error {
 }
 
 // CreateListener configures the server and bound sockets
-func CreateListener(address string, port uint16, upstreams []string) (*Listener, error) {
+func CreateListener(address string, port uint16, upstreams []string, bootstraps []string) (*Listener, error) {
 	// Build the list of upstreams
 	upstreamList := make([]Upstream, 0)
 	for _, url := range upstreams {
 		logger.WithField("url", url).Infof("Adding DNS upstream")
-		upstream, err := NewUpstreamHTTPS(url)
+		upstream, err := NewUpstreamHTTPS(url, bootstraps)
 		if err != nil {
 			return nil, errors.Wrap(err, "failed to create HTTPS upstream")
 		}

From c782716e49f4643a352b9d2221d1a34c341da3d4 Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Tue, 14 Apr 2020 13:00:38 -0500
Subject: [PATCH 041/100] Release 2020.4.0

---
 RELEASE_NOTES | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/RELEASE_NOTES b/RELEASE_NOTES
index 0ea4290c..bd94d447 100644
--- a/RELEASE_NOTES
+++ b/RELEASE_NOTES
@@ -1,3 +1,11 @@
+2020.4.0
+- 2020-04-10 TUN-2881: Parameterize response meta information header name in the generating function
+- 2020-04-11 TUN-2894: ResponseMetaHeader should be public
+- 2020-04-09 TUN-2880: Return metadata about source of the response from cloudflared
+- 2020-04-04 ARES-899: Fixes DoH client as system resolver. Fixes #91
+- 2020-03-31 AUTH-2394 added socks5 proxy
+- 2020-02-24 AUTH-2235 GetTokenIfExists now parses JWT payload for json expiry field to detect if the cached access token is expired
+
 2020.3.2
 - 2020-03-31 TUN-2854: Quick Reconnects should be an optional supported feature
 - 2020-03-30 TUN-2850: Tunnel stripping Cloudflare headers

From 976eb24883b667c30ecee991d2030197ec161bfa Mon Sep 17 00:00:00 2001
From: Igor Postelnik <igor@cloudflare.com>
Date: Mon, 27 Apr 2020 14:25:37 -0500
Subject: [PATCH 042/100] TUN-2921: Rework address selection logic to avoid
 corner cases

---
 edgediscovery/allregions/region.go       |  6 +++++
 edgediscovery/allregions/regions.go      | 27 ++++++++++++++--------
 edgediscovery/allregions/regions_test.go |  1 +
 edgediscovery/edgediscovery.go           |  5 ++--
 edgediscovery/edgediscovery_test.go      | 29 ++++++++++++++++++++++++
 origin/supervisor.go                     |  2 +-
 6 files changed, 57 insertions(+), 13 deletions(-)

diff --git a/edgediscovery/allregions/region.go b/edgediscovery/allregions/region.go
index 31fb7311..bf17a496 100644
--- a/edgediscovery/allregions/region.go
+++ b/edgediscovery/allregions/region.go
@@ -2,6 +2,8 @@ package allregions
 
 import (
 	"net"
+
+	"github.com/sirupsen/logrus"
 )
 
 // Region contains cloudflared edge addresses. The edge is partitioned into several regions for
@@ -56,6 +58,10 @@ func (r Region) GetUnusedIP(excluding *net.TCPAddr) *net.TCPAddr {
 
 // Use the address, assigning it to a proxy connection.
 func (r Region) Use(addr *net.TCPAddr, connID int) {
+	if addr == nil {
+		logrus.Errorf("Attempted to use nil address for connection %d", connID)
+		return
+	}
 	r.connFor[addr] = InUse(connID)
 }
 
diff --git a/edgediscovery/allregions/regions.go b/edgediscovery/allregions/regions.go
index 62d30130..d51c3299 100644
--- a/edgediscovery/allregions/regions.go
+++ b/edgediscovery/allregions/regions.go
@@ -86,21 +86,28 @@ func (rs *Regions) AddrUsedBy(connID int) *net.TCPAddr {
 // GetUnusedAddr gets an unused addr from the edge, excluding the given addr. Prefer to use addresses
 // evenly across both regions.
 func (rs *Regions) GetUnusedAddr(excluding *net.TCPAddr, connID int) *net.TCPAddr {
-	var addr *net.TCPAddr
 	if rs.region1.AvailableAddrs() > rs.region2.AvailableAddrs() {
-		addr = rs.region1.GetUnusedIP(excluding)
-		rs.region1.Use(addr, connID)
-	} else {
-		addr = rs.region2.GetUnusedIP(excluding)
-		rs.region2.Use(addr, connID)
+		return getAddrs(excluding, connID, &rs.region1, &rs.region2)
 	}
 
-	if addr == nil {
-		return nil
+	return getAddrs(excluding, connID, &rs.region2, &rs.region1)
+}
+
+// getAddrs tries to grab address form `first` region, then `second` region
+// this is an unrolled loop over 2 element array
+func getAddrs(excluding *net.TCPAddr, connID int, first *Region, second *Region) *net.TCPAddr {
+	addr := first.GetUnusedIP(excluding)
+	if addr != nil {
+		first.Use(addr, connID)
+		return addr
+	}
+	addr = second.GetUnusedIP(excluding)
+	if addr != nil {
+		second.Use(addr, connID)
+		return addr
 	}
 
-	// Mark the address as used and return it
-	return addr
+	return nil
 }
 
 // AvailableAddrs returns how many edge addresses aren't used.
diff --git a/edgediscovery/allregions/regions_test.go b/edgediscovery/allregions/regions_test.go
index 6c88f281..8abdf950 100644
--- a/edgediscovery/allregions/regions_test.go
+++ b/edgediscovery/allregions/regions_test.go
@@ -58,6 +58,7 @@ func TestRegions_Giveback_Region1(t *testing.T) {
 	rs.GiveBack(&addr0)
 	assert.Equal(t, &addr0, rs.GetUnusedAddr(nil, 3))
 }
+
 func TestRegions_Giveback_Region2(t *testing.T) {
 	rs := makeRegions()
 	rs.region1.Use(&addr0, 0)
diff --git a/edgediscovery/edgediscovery.go b/edgediscovery/edgediscovery.go
index abf83a66..0b90efce 100644
--- a/edgediscovery/edgediscovery.go
+++ b/edgediscovery/edgediscovery.go
@@ -100,7 +100,7 @@ func (ed *Edge) GetAddr(connID int) (*net.TCPAddr, error) {
 		logger.Debug("No addresses left to give proxy connection")
 		return nil, errNoAddressesLeft
 	}
-	logger.Debug("Giving connection its new address")
+	logger.Debugf("Giving connection its new address %s", addr)
 	return addr, nil
 }
 
@@ -120,9 +120,10 @@ func (ed *Edge) GetDifferentAddr(connID int) (*net.TCPAddr, error) {
 	addr := ed.regions.GetUnusedAddr(oldAddr, connID)
 	if addr == nil {
 		logger.Debug("No addresses left to give proxy connection")
+		// note: if oldAddr were not nil, it will become available on the next iteration
 		return nil, errNoAddressesLeft
 	}
-	logger.Debug("Giving connection its new address")
+	logger.Debugf("Giving connection its new address %s", addr)
 	return addr, nil
 }
 
diff --git a/edgediscovery/edgediscovery_test.go b/edgediscovery/edgediscovery_test.go
index 0fbc90db..4b111be1 100644
--- a/edgediscovery/edgediscovery_test.go
+++ b/edgediscovery/edgediscovery_test.go
@@ -83,6 +83,30 @@ func TestGetAddrForRPC(t *testing.T) {
 	assert.Equal(t, 4, edge.AvailableAddrs())
 }
 
+func TestOnePerRegion(t *testing.T) {
+	l := logrus.New()
+
+	// Make an edge with only one address
+	edge := MockEdge(l, []*net.TCPAddr{&addr0, &addr1})
+
+	// Use the only address
+	const connID = 0
+	a1, err := edge.GetAddr(connID)
+	assert.NoError(t, err)
+	assert.NotNil(t, a1)
+
+	// if the first address is bad, get the second one
+	a2, err := edge.GetDifferentAddr(connID)
+	assert.NoError(t, err)
+	assert.NotNil(t, a2)
+	assert.NotEqual(t, a1, a2)
+
+	// now that second one is bad, get the first one again
+	a3, err := edge.GetDifferentAddr(connID)
+	assert.NoError(t, err)
+	assert.Equal(t, a1, a3)
+}
+
 func TestOnlyOneAddrLeft(t *testing.T) {
 	l := logrus.New()
 
@@ -98,6 +122,11 @@ func TestOnlyOneAddrLeft(t *testing.T) {
 	// If that edge address is "bad", there's no alternative address.
 	_, err = edge.GetDifferentAddr(connID)
 	assert.Error(t, err)
+
+	// previously bad address should become available again on next iteration.
+	addr, err = edge.GetDifferentAddr(connID)
+	assert.NoError(t, err)
+	assert.NotNil(t, addr)
 }
 
 func TestNoAddrsLeft(t *testing.T) {
diff --git a/origin/supervisor.go b/origin/supervisor.go
index ee57506d..37bb0577 100644
--- a/origin/supervisor.go
+++ b/origin/supervisor.go
@@ -274,7 +274,7 @@ func (s *Supervisor) startTunnel(ctx context.Context, index int, connectedSignal
 		s.tunnelErrors <- tunnelError{index: index, addr: addr, err: err}
 	}()
 
-	addr, err = s.edgeIPs.GetAddr(index)
+	addr, err = s.edgeIPs.GetDifferentAddr(index)
 	if err != nil {
 		return
 	}

From 41c358147c001c0e23b92f6508d49e792e3a7623 Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Mon, 13 Apr 2020 12:22:00 -0500
Subject: [PATCH 043/100] AUTH-2587 add config watcher and reload logic for
 access client forwarder

---
 carrier/carrier.go                            |  19 +-
 cmd/cloudflared/access/carrier.go             |  26 +
 cmd/cloudflared/app_service.go                | 112 ++++
 cmd/cloudflared/config/manager.go             | 101 ++++
 cmd/cloudflared/config/manager_test.go        |  80 +++
 cmd/cloudflared/config/model.go               |  37 ++
 cmd/cloudflared/main.go                       |  28 +-
 go.mod                                        |   3 +-
 go.sum                                        |   3 +
 .../fsnotify/fsnotify/.editorconfig           |  12 +
 .../fsnotify/fsnotify/.gitattributes          |   1 +
 .../github.com/fsnotify/fsnotify/.gitignore   |   6 +
 .../github.com/fsnotify/fsnotify/.travis.yml  |  36 ++
 vendor/github.com/fsnotify/fsnotify/AUTHORS   |  52 ++
 .../github.com/fsnotify/fsnotify/CHANGELOG.md | 317 ++++++++++
 .../fsnotify/fsnotify/CONTRIBUTING.md         |  77 +++
 vendor/github.com/fsnotify/fsnotify/LICENSE   |  28 +
 vendor/github.com/fsnotify/fsnotify/README.md | 130 ++++
 vendor/github.com/fsnotify/fsnotify/fen.go    |  37 ++
 .../github.com/fsnotify/fsnotify/fsnotify.go  |  68 +++
 vendor/github.com/fsnotify/fsnotify/go.mod    |   5 +
 vendor/github.com/fsnotify/fsnotify/go.sum    |   2 +
 .../github.com/fsnotify/fsnotify/inotify.go   | 337 +++++++++++
 .../fsnotify/fsnotify/inotify_poller.go       | 187 ++++++
 vendor/github.com/fsnotify/fsnotify/kqueue.go | 521 ++++++++++++++++
 .../fsnotify/fsnotify/open_mode_bsd.go        |  11 +
 .../fsnotify/fsnotify/open_mode_darwin.go     |  12 +
 .../github.com/fsnotify/fsnotify/windows.go   | 561 ++++++++++++++++++
 vendor/modules.txt                            |   2 +
 watcher/file.go                               |  58 ++
 watcher/file_test.go                          |  54 ++
 watcher/notify.go                             |  14 +
 32 files changed, 2929 insertions(+), 8 deletions(-)
 create mode 100644 cmd/cloudflared/app_service.go
 create mode 100644 cmd/cloudflared/config/manager.go
 create mode 100644 cmd/cloudflared/config/manager_test.go
 create mode 100644 cmd/cloudflared/config/model.go
 create mode 100644 vendor/github.com/fsnotify/fsnotify/.editorconfig
 create mode 100644 vendor/github.com/fsnotify/fsnotify/.gitattributes
 create mode 100644 vendor/github.com/fsnotify/fsnotify/.gitignore
 create mode 100644 vendor/github.com/fsnotify/fsnotify/.travis.yml
 create mode 100644 vendor/github.com/fsnotify/fsnotify/AUTHORS
 create mode 100644 vendor/github.com/fsnotify/fsnotify/CHANGELOG.md
 create mode 100644 vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md
 create mode 100644 vendor/github.com/fsnotify/fsnotify/LICENSE
 create mode 100644 vendor/github.com/fsnotify/fsnotify/README.md
 create mode 100644 vendor/github.com/fsnotify/fsnotify/fen.go
 create mode 100644 vendor/github.com/fsnotify/fsnotify/fsnotify.go
 create mode 100644 vendor/github.com/fsnotify/fsnotify/go.mod
 create mode 100644 vendor/github.com/fsnotify/fsnotify/go.sum
 create mode 100644 vendor/github.com/fsnotify/fsnotify/inotify.go
 create mode 100644 vendor/github.com/fsnotify/fsnotify/inotify_poller.go
 create mode 100644 vendor/github.com/fsnotify/fsnotify/kqueue.go
 create mode 100644 vendor/github.com/fsnotify/fsnotify/open_mode_bsd.go
 create mode 100644 vendor/github.com/fsnotify/fsnotify/open_mode_darwin.go
 create mode 100644 vendor/github.com/fsnotify/fsnotify/windows.go
 create mode 100644 watcher/file.go
 create mode 100644 watcher/file_test.go
 create mode 100644 watcher/notify.go

diff --git a/carrier/carrier.go b/carrier/carrier.go
index 0e72a20e..13e02c83 100644
--- a/carrier/carrier.go
+++ b/carrier/carrier.go
@@ -73,17 +73,24 @@ func StartClient(conn Connection, stream io.ReadWriter, options *StartOptions) e
 // `Serve` always closes `listener`.
 func Serve(remoteConn Connection, listener net.Listener, shutdownC <-chan struct{}, options *StartOptions) error {
 	defer listener.Close()
-	for {
-		select {
-		case <-shutdownC:
-			return nil
-		default:
+	errChan := make(chan error)
+
+	go func() {
+		for {
 			conn, err := listener.Accept()
 			if err != nil {
-				return err
+				errChan <- err
+				return
 			}
 			go serveConnection(remoteConn, conn, options)
 		}
+	}()
+
+	select {
+	case <-shutdownC:
+		return nil
+	case err := <-errChan:
+		return err
 	}
 }
 
diff --git a/cmd/cloudflared/access/carrier.go b/cmd/cloudflared/access/carrier.go
index 7030e99a..ddcffbf3 100644
--- a/cmd/cloudflared/access/carrier.go
+++ b/cmd/cloudflared/access/carrier.go
@@ -12,6 +12,32 @@ import (
 	cli "gopkg.in/urfave/cli.v2"
 )
 
+// StartForwarder starts a client side websocket forward
+func StartForwarder(forwarder config.Forwarder, shutdown <-chan struct{}) error {
+	validURLString, err := validation.ValidateUrl(forwarder.Listener)
+	if err != nil {
+		logger.WithError(err).Error("Error validating origin URL")
+		return errors.Wrap(err, "error validating origin URL")
+	}
+
+	validURL, err := url.Parse(validURLString)
+	if err != nil {
+		logger.WithError(err).Error("Error parsing origin URL")
+		return errors.Wrap(err, "error parsing origin URL")
+	}
+
+	options := &carrier.StartOptions{
+		OriginURL: forwarder.URL,
+		Headers:   make(http.Header), //TODO: TUN-2688 support custom headers from config file
+	}
+
+	// we could add a cmd line variable for this bool if we want the SOCK5 server to be on the client side
+	wsConn := carrier.NewWSConnection(logger, false)
+
+	logger.Infof("Start Websocket listener on: %s", validURL.Host)
+	return carrier.StartForwarder(wsConn, validURL.Host, shutdown, options)
+}
+
 // ssh will start a WS proxy server for server mode
 // or copy from stdin/stdout for client mode
 // useful for proxying other protocols (like ssh) over websockets
diff --git a/cmd/cloudflared/app_service.go b/cmd/cloudflared/app_service.go
new file mode 100644
index 00000000..42cfa4eb
--- /dev/null
+++ b/cmd/cloudflared/app_service.go
@@ -0,0 +1,112 @@
+package main
+
+import (
+	"github.com/cloudflare/cloudflared/cmd/cloudflared/access"
+	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/sirupsen/logrus"
+)
+
+type forwarderState struct {
+	forwarder config.Forwarder
+	shutdown  chan struct{}
+}
+
+func (s *forwarderState) Shutdown() {
+	s.shutdown <- struct{}{}
+}
+
+// AppService is the main service that runs when no command lines flags are passed to cloudflared
+// it manages all the running services such as tunnels, forwarders, DNS resolver, etc
+type AppService struct {
+	configManager    config.Manager
+	shutdownC        chan struct{}
+	forwarders       map[string]forwarderState
+	configUpdateChan chan config.Root
+	logger           *logrus.Logger
+}
+
+// NewAppService creates a new AppService with needed supporting services
+func NewAppService(configManager config.Manager, shutdownC chan struct{}, logger *logrus.Logger) *AppService {
+	return &AppService{
+		configManager:    configManager,
+		shutdownC:        shutdownC,
+		forwarders:       make(map[string]forwarderState),
+		configUpdateChan: make(chan config.Root),
+		logger:           logger,
+	}
+}
+
+// Run starts the run loop to handle config updates and run forwarders, tunnels, etc
+func (s *AppService) Run() error {
+	go s.actionLoop()
+	return s.configManager.Start(s)
+}
+
+// Shutdown kills all the running services
+func (s *AppService) Shutdown() error {
+	s.configManager.Shutdown()
+	return nil
+}
+
+// ConfigDidUpdate is a delegate notification from the config manager
+// it is trigger when the config file has been updated and now the service needs
+// to update its services accordingly
+func (s *AppService) ConfigDidUpdate(c config.Root) {
+	s.configUpdateChan <- c
+}
+
+// actionLoop handles the actions from running processes
+func (s *AppService) actionLoop() {
+	for {
+		select {
+		case c := <-s.configUpdateChan:
+			s.handleConfigUpdate(c)
+		case <-s.shutdownC:
+			for _, state := range s.forwarders {
+				state.Shutdown()
+			}
+			return
+		}
+	}
+}
+
+func (s *AppService) handleConfigUpdate(c config.Root) {
+	// handle the client forward listeners
+	activeListeners := map[string]struct{}{}
+	for _, f := range c.Forwarders {
+		s.handleForwarderUpdate(f)
+		activeListeners[f.Listener] = struct{}{}
+	}
+
+	// remove any listeners that are no longer active
+	for key, state := range s.forwarders {
+		if _, ok := activeListeners[key]; !ok {
+			state.Shutdown()
+			delete(s.forwarders, key)
+		}
+	}
+
+	// TODO: AUTH-2588, TUN-1451 - tunnels and dns proxy
+}
+
+// handle managing a forwarder service
+func (s *AppService) handleForwarderUpdate(f config.Forwarder) {
+	// check if we need to start a new listener or stop an old one
+	if state, ok := s.forwarders[f.Listener]; ok {
+		if state.forwarder.Hash() == f.Hash() {
+			return // the exact same listener, no changes, so move along
+		}
+		state.Shutdown() //shutdown the listener since a new one is starting
+	}
+	// add a new forwarder to the list
+	state := forwarderState{forwarder: f, shutdown: make(chan struct{}, 1)}
+	s.forwarders[f.Listener] = state
+
+	// start the forwarder
+	go func(f forwarderState) {
+		err := access.StartForwarder(f.forwarder, f.shutdown)
+		if err != nil {
+			s.logger.WithError(err).Errorf("Forwarder at address: %s", f.forwarder)
+		}
+	}(state)
+}
diff --git a/cmd/cloudflared/config/manager.go b/cmd/cloudflared/config/manager.go
new file mode 100644
index 00000000..c02f4b85
--- /dev/null
+++ b/cmd/cloudflared/config/manager.go
@@ -0,0 +1,101 @@
+package config
+
+import (
+	"errors"
+	"os"
+
+	"github.com/cloudflare/cloudflared/watcher"
+
+	"github.com/sirupsen/logrus"
+	"gopkg.in/yaml.v2"
+)
+
+// Notifier sends out config updates
+type Notifier interface {
+	ConfigDidUpdate(Root)
+}
+
+// Manager is the base functions of the config manager
+type Manager interface {
+	Start(Notifier) error
+	Shutdown()
+}
+
+// FileManager watches the yaml config for changes
+// sends updates to the service to reconfigure to match the updated config
+type FileManager struct {
+	watcher    watcher.Notifier
+	notifier   Notifier
+	configPath string
+	logger     *logrus.Logger
+}
+
+// NewFileManager creates a config manager
+func NewFileManager(watcher watcher.Notifier, configPath string, logger *logrus.Logger) (Manager, error) {
+	m := &FileManager{
+		watcher:    watcher,
+		configPath: configPath,
+		logger:     logger,
+	}
+	err := watcher.Add(configPath)
+	return m, err
+}
+
+// Start starts the runloop to watch for config changes
+func (m *FileManager) Start(notifier Notifier) error {
+	m.notifier = notifier
+
+	// update the notifier with a fresh config on start
+	config, err := m.GetConfig()
+	if err != nil {
+		return err
+	}
+	notifier.ConfigDidUpdate(config)
+
+	m.watcher.Start(m)
+	return nil
+}
+
+// GetConfig reads the yaml file from the disk
+func (m *FileManager) GetConfig() (Root, error) {
+	if m.configPath == "" {
+		return Root{}, errors.New("unable to find config file")
+	}
+
+	file, err := os.Open(m.configPath)
+	if err != nil {
+		return Root{}, err
+	}
+	defer file.Close()
+
+	var config Root
+	if err := yaml.NewDecoder(file).Decode(&config); err != nil {
+		return Root{}, err
+	}
+
+	return config, nil
+}
+
+// Shutdown stops the watcher
+func (m *FileManager) Shutdown() {
+	m.watcher.Shutdown()
+}
+
+// File change notifications from the watcher
+
+// WatcherItemDidChange triggers when the yaml config is updated
+// sends the updated config to the service to reload its state
+func (m *FileManager) WatcherItemDidChange(filepath string) {
+	config, err := m.GetConfig()
+	if err != nil {
+		m.logger.WithError(err).Error("Failed to read new config")
+		return
+	}
+	m.logger.Info("Config file has been updated")
+	m.notifier.ConfigDidUpdate(config)
+}
+
+// WatcherDidError notifies of errors with the file watcher
+func (m *FileManager) WatcherDidError(err error) {
+	m.logger.WithError(err).Error("Config watcher encountered an error")
+}
diff --git a/cmd/cloudflared/config/manager_test.go b/cmd/cloudflared/config/manager_test.go
new file mode 100644
index 00000000..b9ed82c8
--- /dev/null
+++ b/cmd/cloudflared/config/manager_test.go
@@ -0,0 +1,80 @@
+package config
+
+import (
+	"bufio"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/cloudflare/cloudflared/log"
+	"github.com/cloudflare/cloudflared/watcher"
+	"github.com/stretchr/testify/assert"
+	"gopkg.in/yaml.v2"
+)
+
+type mockNotifier struct {
+	configs []Root
+}
+
+func (n *mockNotifier) ConfigDidUpdate(c Root) {
+	n.configs = append(n.configs, c)
+}
+
+func writeConfig(t *testing.T, f *os.File, c *Root) {
+	f.Sync()
+	b, err := yaml.Marshal(c)
+	assert.NoError(t, err)
+
+	w := bufio.NewWriter(f)
+	_, err = w.Write(b)
+	assert.NoError(t, err)
+
+	err = w.Flush()
+	assert.NoError(t, err)
+}
+
+func TestConfigChanged(t *testing.T) {
+	filePath := "config.yaml"
+	f, err := os.Create(filePath)
+	assert.NoError(t, err)
+	defer func() {
+		f.Close()
+		os.Remove(filePath)
+	}()
+	c := &Root{
+		OrgKey:          "abcd",
+		ConfigType:      "mytype",
+		CheckinInterval: 1,
+		Forwarders: []Forwarder{
+			{
+				URL:      "test.daltoniam.com",
+				Listener: "127.0.0.1:8080",
+			},
+		},
+	}
+	writeConfig(t, f, c)
+
+	w, err := watcher.NewFile()
+	assert.NoError(t, err)
+	logger := log.CreateLogger()
+	service, err := NewFileManager(w, filePath, logger)
+	assert.NoError(t, err)
+
+	n := &mockNotifier{}
+	go service.Start(n)
+
+	c.Forwarders = append(c.Forwarders, Forwarder{URL: "add.daltoniam.com", Listener: "127.0.0.1:8081"})
+	writeConfig(t, f, c)
+
+	// give it time to trigger
+	time.Sleep(10 * time.Millisecond)
+	service.Shutdown()
+
+	assert.Len(t, n.configs, 2, "did not get 2 config updates as expected")
+	assert.Len(t, n.configs[0].Forwarders, 1, "not the amount of forwarders expected")
+	assert.Len(t, n.configs[1].Forwarders, 2, "not the amount of forwarders expected")
+
+	assert.Equal(t, n.configs[0].Forwarders[0].Hash(), c.Forwarders[0].Hash(), "forwarder hashes don't match")
+	assert.Equal(t, n.configs[1].Forwarders[0].Hash(), c.Forwarders[0].Hash(), "forwarder hashes don't match")
+	assert.Equal(t, n.configs[1].Forwarders[1].Hash(), c.Forwarders[1].Hash(), "forwarder hashes don't match")
+}
diff --git a/cmd/cloudflared/config/model.go b/cmd/cloudflared/config/model.go
new file mode 100644
index 00000000..85312538
--- /dev/null
+++ b/cmd/cloudflared/config/model.go
@@ -0,0 +1,37 @@
+package config
+
+import (
+	"crypto/md5"
+	"fmt"
+	"io"
+)
+
+// Forwarder represents a client side listener to forward traffic to the edge
+type Forwarder struct {
+	URL      string `json:"url"`
+	Listener string `json:"listener"`
+}
+
+// Tunnel represents a tunnel that should be started
+type Tunnel struct {
+	URL          string `json:"url"`
+	Origin       string `json:"origin"`
+	ProtocolType string `json:"type"`
+}
+
+// Root is the base options to configure the service
+type Root struct {
+	OrgKey          string      `json:"org_key"`
+	ConfigType      string      `json:"type"`
+	CheckinInterval int         `json:"checkin_interval"`
+	Forwarders      []Forwarder `json:"forwarders,omitempty"`
+	Tunnels         []Tunnel    `json:"tunnels,omitempty"`
+}
+
+// Hash returns the computed values to see if the forwarder values change
+func (f *Forwarder) Hash() string {
+	h := md5.New()
+	io.WriteString(h, f.URL)
+	io.WriteString(h, f.Listener)
+	return fmt.Sprintf("%x", h.Sum(nil))
+}
diff --git a/cmd/cloudflared/main.go b/cmd/cloudflared/main.go
index 3c9e3659..33a857cb 100644
--- a/cmd/cloudflared/main.go
+++ b/cmd/cloudflared/main.go
@@ -6,10 +6,12 @@ import (
 	"time"
 
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/access"
+	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/tunnel"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/updater"
 	"github.com/cloudflare/cloudflared/log"
 	"github.com/cloudflare/cloudflared/metrics"
+	"github.com/cloudflare/cloudflared/watcher"
 
 	raven "github.com/getsentry/raven-go"
 	homedir "github.com/mitchellh/go-homedir"
@@ -121,7 +123,7 @@ func isEmptyInvocation(c *cli.Context) bool {
 func action(version string, shutdownC, graceShutdownC chan struct{}) cli.ActionFunc {
 	return func(c *cli.Context) (err error) {
 		if isEmptyInvocation(c) {
-			cli.ShowAppHelpAndExit(c, 1)
+			return handleServiceMode(shutdownC)
 		}
 		tags := make(map[string]string)
 		tags["hostname"] = c.String("hostname")
@@ -161,3 +163,27 @@ func handleError(err error) {
 	}
 	raven.CaptureError(err, nil)
 }
+
+// cloudflared was started without any flags
+func handleServiceMode(shutdownC chan struct{}) error {
+	// start the main run loop that reads from the config file
+	f, err := watcher.NewFile()
+	if err != nil {
+		logger.WithError(err).Error("Cannot load config file")
+		return err
+	}
+
+	configPath := config.FindDefaultConfigPath()
+	configManager, err := config.NewFileManager(f, configPath, logger)
+	if err != nil {
+		logger.WithError(err).Error("Cannot setup config file for monitoring")
+		return err
+	}
+
+	appService := NewAppService(configManager, shutdownC, logger)
+	if err := appService.Run(); err != nil {
+		logger.WithError(err).Error("Failed to start app service")
+		return err
+	}
+	return nil
+}
diff --git a/go.mod b/go.mod
index 74f083b1..e00baeb2 100644
--- a/go.mod
+++ b/go.mod
@@ -21,6 +21,7 @@ require (
 	github.com/facebookgo/stack v0.0.0-20160209184415-751773369052 // indirect
 	github.com/facebookgo/subset v0.0.0-20150612182917-8dac2c3c4870 // indirect
 	github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 // indirect
+	github.com/fsnotify/fsnotify v1.4.9
 	github.com/getsentry/raven-go v0.0.0-20180517221441-ed7bcb39ff10
 	github.com/gliderlabs/ssh v0.0.0-20191009160644-63518b5243e0
 	github.com/go-sql-driver/mysql v1.4.1
@@ -67,7 +68,7 @@ require (
 	gopkg.in/coreos/go-oidc.v2 v2.1.0
 	gopkg.in/square/go-jose.v2 v2.4.0 // indirect
 	gopkg.in/urfave/cli.v2 v2.0.0-20180128181224-d604b6ffeee8
-	gopkg.in/yaml.v2 v2.2.4 // indirect
+	gopkg.in/yaml.v2 v2.2.4
 	zombiezen.com/go/capnproto2 v0.0.0-20180616160808-7cfd211c19c7
 )
 
diff --git a/go.sum b/go.sum
index a9bef889..3882824f 100644
--- a/go.sum
+++ b/go.sum
@@ -48,6 +48,8 @@ github.com/facebookgo/subset v0.0.0-20150612182917-8dac2c3c4870 h1:E2s37DuLxFhQD
 github.com/facebookgo/subset v0.0.0-20150612182917-8dac2c3c4870/go.mod h1:5tD+neXqOorC30/tWg0LCSkrqj/AR6gu8yY8/fpw1q0=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
+github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
+github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/getsentry/raven-go v0.0.0-20180517221441-ed7bcb39ff10 h1:YO10pIIBftO/kkTFdWhctH96grJ7qiy7bMdiZcIvPKs=
 github.com/getsentry/raven-go v0.0.0-20180517221441-ed7bcb39ff10/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
 github.com/gliderlabs/ssh v0.0.0-20191009160644-63518b5243e0 h1:gF8ngtda767ddth2SH0YSAhswhz6qUkvyI9EZFYCWJA=
@@ -188,6 +190,7 @@ golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be h1:QAcqgptGM8IQBC9K/RC4o+O9YmqEm0diQn9QmZw/0mU=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191020212454-3e7259c5e7c2 h1:nq114VpM8lsSlP+lyUbANecYHYiFcSNFtqcBlxRV+gA=
diff --git a/vendor/github.com/fsnotify/fsnotify/.editorconfig b/vendor/github.com/fsnotify/fsnotify/.editorconfig
new file mode 100644
index 00000000..fad89585
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/.editorconfig
@@ -0,0 +1,12 @@
+root = true
+
+[*.go]
+indent_style = tab
+indent_size = 4
+insert_final_newline = true
+
+[*.{yml,yaml}]
+indent_style = space
+indent_size = 2
+insert_final_newline = true
+trim_trailing_whitespace = true
diff --git a/vendor/github.com/fsnotify/fsnotify/.gitattributes b/vendor/github.com/fsnotify/fsnotify/.gitattributes
new file mode 100644
index 00000000..32f1001b
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/.gitattributes
@@ -0,0 +1 @@
+go.sum linguist-generated
diff --git a/vendor/github.com/fsnotify/fsnotify/.gitignore b/vendor/github.com/fsnotify/fsnotify/.gitignore
new file mode 100644
index 00000000..4cd0cbaf
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/.gitignore
@@ -0,0 +1,6 @@
+# Setup a Global .gitignore for OS and editor generated files:
+# https://help.github.com/articles/ignoring-files
+# git config --global core.excludesfile ~/.gitignore_global
+
+.vagrant
+*.sublime-project
diff --git a/vendor/github.com/fsnotify/fsnotify/.travis.yml b/vendor/github.com/fsnotify/fsnotify/.travis.yml
new file mode 100644
index 00000000..a9c30165
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/.travis.yml
@@ -0,0 +1,36 @@
+sudo: false
+language: go
+
+go:
+  - "stable"
+  - "1.11.x"
+  - "1.10.x"
+  - "1.9.x"
+
+matrix:
+  include:
+    - go: "stable"
+      env: GOLINT=true
+  allow_failures:
+    - go: tip
+  fast_finish: true
+
+
+before_install:
+  - if [ ! -z "${GOLINT}" ]; then go get -u golang.org/x/lint/golint; fi
+
+script:
+  - go test --race ./...
+
+after_script:
+  - test -z "$(gofmt -s -l -w . | tee /dev/stderr)"
+  - if [ ! -z  "${GOLINT}" ]; then echo running golint; golint --set_exit_status  ./...; else echo skipping golint; fi
+  - go vet ./...
+
+os:
+  - linux
+  - osx
+  - windows
+
+notifications:
+  email: false
diff --git a/vendor/github.com/fsnotify/fsnotify/AUTHORS b/vendor/github.com/fsnotify/fsnotify/AUTHORS
new file mode 100644
index 00000000..5ab5d41c
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/AUTHORS
@@ -0,0 +1,52 @@
+# Names should be added to this file as
+#	Name or Organization <email address>
+# The email address is not required for organizations.
+
+# You can update this list using the following command:
+#
+#   $ git shortlog -se | awk '{print $2 " " $3 " " $4}'
+
+# Please keep the list sorted.
+
+Aaron L <aaron@bettercoder.net>
+Adrien Bustany <adrien@bustany.org>
+Amit Krishnan <amit.krishnan@oracle.com>
+Anmol Sethi <me@anmol.io>
+Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com>
+Bruno Bigras <bigras.bruno@gmail.com>
+Caleb Spare <cespare@gmail.com>
+Case Nelson <case@teammating.com>
+Chris Howey <chris@howey.me> <howeyc@gmail.com>
+Christoffer Buchholz <christoffer.buchholz@gmail.com>
+Daniel Wagner-Hall <dawagner@gmail.com>
+Dave Cheney <dave@cheney.net>
+Evan Phoenix <evan@fallingsnow.net>
+Francisco Souza <f@souza.cc>
+Hari haran <hariharan.uno@gmail.com>
+John C Barstow
+Kelvin Fo <vmirage@gmail.com>
+Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
+Matt Layher <mdlayher@gmail.com>
+Nathan Youngman <git@nathany.com>
+Nickolai Zeldovich <nickolai@csail.mit.edu>
+Patrick <patrick@dropbox.com>
+Paul Hammond <paul@paulhammond.org>
+Pawel Knap <pawelknap88@gmail.com>
+Pieter Droogendijk <pieter@binky.org.uk>
+Pursuit92 <JoshChase@techpursuit.net>
+Riku Voipio <riku.voipio@linaro.org>
+Rob Figueiredo <robfig@gmail.com>
+Rodrigo Chiossi <rodrigochiossi@gmail.com>
+Slawek Ligus <root@ooz.ie>
+Soge Zhang <zhssoge@gmail.com>
+Tiffany Jernigan <tiffany.jernigan@intel.com>
+Tilak Sharma <tilaks@google.com>
+Tom Payne <twpayne@gmail.com>
+Travis Cline <travis.cline@gmail.com>
+Tudor Golubenco <tudor.g@gmail.com>
+Vahe Khachikyan <vahe@live.ca>
+Yukang <moorekang@gmail.com>
+bronze1man <bronze1man@gmail.com>
+debrando <denis.brandolini@gmail.com>
+henrikedwards <henrik.edwards@gmail.com>
+铁哥 <guotie.9@gmail.com>
diff --git a/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md b/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md
new file mode 100644
index 00000000..be4d7ea2
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md
@@ -0,0 +1,317 @@
+# Changelog
+
+## v1.4.7 / 2018-01-09
+
+* BSD/macOS: Fix possible deadlock on closing the watcher on kqueue (thanks @nhooyr and @glycerine)
+* Tests: Fix missing verb on format string (thanks @rchiossi)
+* Linux: Fix deadlock in Remove (thanks @aarondl)
+* Linux: Watch.Add improvements (avoid race, fix consistency, reduce garbage) (thanks @twpayne)
+* Docs: Moved FAQ into the README (thanks @vahe)
+* Linux: Properly handle inotify's IN_Q_OVERFLOW event (thanks @zeldovich)
+* Docs: replace references to OS X with macOS
+
+## v1.4.2 / 2016-10-10
+
+* Linux: use InotifyInit1 with IN_CLOEXEC to stop leaking a file descriptor to a child process when using fork/exec [#178](https://github.com/fsnotify/fsnotify/pull/178) (thanks @pattyshack)
+
+## v1.4.1 / 2016-10-04
+
+* Fix flaky inotify stress test on Linux [#177](https://github.com/fsnotify/fsnotify/pull/177) (thanks @pattyshack)
+
+## v1.4.0 / 2016-10-01
+
+* add a String() method to Event.Op [#165](https://github.com/fsnotify/fsnotify/pull/165) (thanks @oozie)
+
+## v1.3.1 / 2016-06-28
+
+* Windows: fix for double backslash when watching the root of a drive [#151](https://github.com/fsnotify/fsnotify/issues/151) (thanks @brunoqc)
+
+## v1.3.0 / 2016-04-19
+
+* Support linux/arm64 by [patching](https://go-review.googlesource.com/#/c/21971/) x/sys/unix and switching to to it from syscall (thanks @suihkulokki) [#135](https://github.com/fsnotify/fsnotify/pull/135)
+
+## v1.2.10 / 2016-03-02
+
+* Fix golint errors in windows.go [#121](https://github.com/fsnotify/fsnotify/pull/121) (thanks @tiffanyfj)
+
+## v1.2.9 / 2016-01-13
+
+kqueue: Fix logic for CREATE after REMOVE [#111](https://github.com/fsnotify/fsnotify/pull/111) (thanks @bep)
+
+## v1.2.8 / 2015-12-17
+
+* kqueue: fix race condition in Close [#105](https://github.com/fsnotify/fsnotify/pull/105) (thanks @djui for reporting the issue and @ppknap for writing a failing test)
+* inotify: fix race in test
+* enable race detection for continuous integration (Linux, Mac, Windows)
+
+## v1.2.5 / 2015-10-17
+
+* inotify: use epoll_create1 for arm64 support (requires Linux 2.6.27 or later) [#100](https://github.com/fsnotify/fsnotify/pull/100) (thanks @suihkulokki)
+* inotify: fix path leaks [#73](https://github.com/fsnotify/fsnotify/pull/73) (thanks @chamaken)
+* kqueue: watch for rename events on subdirectories [#83](https://github.com/fsnotify/fsnotify/pull/83) (thanks @guotie)
+* kqueue: avoid infinite loops from symlinks cycles [#101](https://github.com/fsnotify/fsnotify/pull/101) (thanks @illicitonion)
+
+## v1.2.1 / 2015-10-14
+
+* kqueue: don't watch named pipes [#98](https://github.com/fsnotify/fsnotify/pull/98) (thanks @evanphx)
+
+## v1.2.0 / 2015-02-08
+
+* inotify: use epoll to wake up readEvents [#66](https://github.com/fsnotify/fsnotify/pull/66) (thanks @PieterD)
+* inotify: closing watcher should now always shut down goroutine [#63](https://github.com/fsnotify/fsnotify/pull/63) (thanks @PieterD)
+* kqueue: close kqueue after removing watches, fixes [#59](https://github.com/fsnotify/fsnotify/issues/59)
+
+## v1.1.1 / 2015-02-05
+
+* inotify: Retry read on EINTR [#61](https://github.com/fsnotify/fsnotify/issues/61) (thanks @PieterD)
+
+## v1.1.0 / 2014-12-12
+
+* kqueue: rework internals [#43](https://github.com/fsnotify/fsnotify/pull/43)
+    * add low-level functions
+    * only need to store flags on directories
+    * less mutexes [#13](https://github.com/fsnotify/fsnotify/issues/13)
+    * done can be an unbuffered channel
+    * remove calls to os.NewSyscallError
+* More efficient string concatenation for Event.String() [#52](https://github.com/fsnotify/fsnotify/pull/52) (thanks @mdlayher)
+* kqueue: fix regression in  rework causing subdirectories to be watched [#48](https://github.com/fsnotify/fsnotify/issues/48)
+* kqueue: cleanup internal watch before sending remove event [#51](https://github.com/fsnotify/fsnotify/issues/51)
+
+## v1.0.4 / 2014-09-07
+
+* kqueue: add dragonfly to the build tags.
+* Rename source code files, rearrange code so exported APIs are at the top.
+* Add done channel to example code. [#37](https://github.com/fsnotify/fsnotify/pull/37) (thanks @chenyukang)
+
+## v1.0.3 / 2014-08-19
+
+* [Fix] Windows MOVED_TO now translates to Create like on BSD and Linux. [#36](https://github.com/fsnotify/fsnotify/issues/36)
+
+## v1.0.2 / 2014-08-17
+
+* [Fix] Missing create events on macOS. [#14](https://github.com/fsnotify/fsnotify/issues/14) (thanks @zhsso)
+* [Fix] Make ./path and path equivalent. (thanks @zhsso)
+
+## v1.0.0 / 2014-08-15
+
+* [API] Remove AddWatch on Windows, use Add.
+* Improve documentation for exported identifiers. [#30](https://github.com/fsnotify/fsnotify/issues/30)
+* Minor updates based on feedback from golint.
+
+## dev / 2014-07-09
+
+* Moved to [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify).
+* Use os.NewSyscallError instead of returning errno (thanks @hariharan-uno)
+
+## dev / 2014-07-04
+
+* kqueue: fix incorrect mutex used in Close()
+* Update example to demonstrate usage of Op.
+
+## dev / 2014-06-28
+
+* [API] Don't set the Write Op for attribute notifications [#4](https://github.com/fsnotify/fsnotify/issues/4)
+* Fix for String() method on Event (thanks Alex Brainman)
+* Don't build on Plan 9 or Solaris (thanks @4ad)
+
+## dev / 2014-06-21
+
+* Events channel of type Event rather than *Event.
+* [internal] use syscall constants directly for inotify and kqueue.
+* [internal] kqueue: rename events to kevents and fileEvent to event.
+
+## dev / 2014-06-19
+
+* Go 1.3+ required on Windows (uses syscall.ERROR_MORE_DATA internally).
+* [internal] remove cookie from Event struct (unused).
+* [internal] Event struct has the same definition across every OS.
+* [internal] remove internal watch and removeWatch methods.
+
+## dev / 2014-06-12
+
+* [API] Renamed Watch() to Add() and RemoveWatch() to Remove().
+* [API] Pluralized channel names: Events and Errors.
+* [API] Renamed FileEvent struct to Event.
+* [API] Op constants replace methods like IsCreate().
+
+## dev / 2014-06-12
+
+* Fix data race on kevent buffer (thanks @tilaks) [#98](https://github.com/howeyc/fsnotify/pull/98)
+
+## dev / 2014-05-23
+
+* [API] Remove current implementation of WatchFlags.
+    * current implementation doesn't take advantage of OS for efficiency
+    * provides little benefit over filtering events as they are received, but has  extra bookkeeping and mutexes
+    * no tests for the current implementation
+    * not fully implemented on Windows [#93](https://github.com/howeyc/fsnotify/issues/93#issuecomment-39285195)
+
+## v0.9.3 / 2014-12-31
+
+* kqueue: cleanup internal watch before sending remove event [#51](https://github.com/fsnotify/fsnotify/issues/51)
+
+## v0.9.2 / 2014-08-17
+
+* [Backport] Fix missing create events on macOS. [#14](https://github.com/fsnotify/fsnotify/issues/14) (thanks @zhsso)
+
+## v0.9.1 / 2014-06-12
+
+* Fix data race on kevent buffer (thanks @tilaks) [#98](https://github.com/howeyc/fsnotify/pull/98)
+
+## v0.9.0 / 2014-01-17
+
+* IsAttrib() for events that only concern a file's metadata [#79][] (thanks @abustany)
+* [Fix] kqueue: fix deadlock [#77][] (thanks @cespare)
+* [NOTICE] Development has moved to `code.google.com/p/go.exp/fsnotify` in preparation for inclusion in the Go standard library.
+
+## v0.8.12 / 2013-11-13
+
+* [API] Remove FD_SET and friends from Linux adapter
+
+## v0.8.11 / 2013-11-02
+
+* [Doc] Add Changelog [#72][] (thanks @nathany)
+* [Doc] Spotlight and double modify events on macOS [#62][] (reported by @paulhammond)
+
+## v0.8.10 / 2013-10-19
+
+* [Fix] kqueue: remove file watches when parent directory is removed [#71][] (reported by @mdwhatcott)
+* [Fix] kqueue: race between Close and readEvents [#70][] (reported by @bernerdschaefer)
+* [Doc] specify OS-specific limits in README (thanks @debrando)
+
+## v0.8.9 / 2013-09-08
+
+* [Doc] Contributing (thanks @nathany)
+* [Doc] update package path in example code [#63][] (thanks @paulhammond)
+* [Doc] GoCI badge in README (Linux only) [#60][]
+* [Doc] Cross-platform testing with Vagrant  [#59][] (thanks @nathany)
+
+## v0.8.8 / 2013-06-17
+
+* [Fix] Windows: handle `ERROR_MORE_DATA` on Windows [#49][] (thanks @jbowtie)
+
+## v0.8.7 / 2013-06-03
+
+* [API] Make syscall flags internal
+* [Fix] inotify: ignore event changes
+* [Fix] race in symlink test [#45][] (reported by @srid)
+* [Fix] tests on Windows
+* lower case error messages
+
+## v0.8.6 / 2013-05-23
+
+* kqueue: Use EVT_ONLY flag on Darwin
+* [Doc] Update README with full example
+
+## v0.8.5 / 2013-05-09
+
+* [Fix] inotify: allow monitoring of "broken" symlinks (thanks @tsg)
+
+## v0.8.4 / 2013-04-07
+
+* [Fix] kqueue: watch all file events [#40][] (thanks @ChrisBuchholz)
+
+## v0.8.3 / 2013-03-13
+
+* [Fix] inoitfy/kqueue memory leak [#36][] (reported by @nbkolchin)
+* [Fix] kqueue: use fsnFlags for watching a directory [#33][] (reported by @nbkolchin)
+
+## v0.8.2 / 2013-02-07
+
+* [Doc] add Authors
+* [Fix] fix data races for map access [#29][] (thanks @fsouza)
+
+## v0.8.1 / 2013-01-09
+
+* [Fix] Windows path separators
+* [Doc] BSD License
+
+## v0.8.0 / 2012-11-09
+
+* kqueue: directory watching improvements (thanks @vmirage)
+* inotify: add `IN_MOVED_TO` [#25][] (requested by @cpisto)
+* [Fix] kqueue: deleting watched directory [#24][] (reported by @jakerr)
+
+## v0.7.4 / 2012-10-09
+
+* [Fix] inotify: fixes from https://codereview.appspot.com/5418045/ (ugorji)
+* [Fix] kqueue: preserve watch flags when watching for delete [#21][] (reported by @robfig)
+* [Fix] kqueue: watch the directory even if it isn't a new watch (thanks @robfig)
+* [Fix] kqueue: modify after recreation of file
+
+## v0.7.3 / 2012-09-27
+
+* [Fix] kqueue: watch with an existing folder inside the watched folder (thanks @vmirage)
+* [Fix] kqueue: no longer get duplicate CREATE events
+
+## v0.7.2 / 2012-09-01
+
+* kqueue: events for created directories
+
+## v0.7.1 / 2012-07-14
+
+* [Fix] for renaming files
+
+## v0.7.0 / 2012-07-02
+
+* [Feature] FSNotify flags
+* [Fix] inotify: Added file name back to event path
+
+## v0.6.0 / 2012-06-06
+
+* kqueue: watch files after directory created (thanks @tmc)
+
+## v0.5.1 / 2012-05-22
+
+* [Fix] inotify: remove all watches before Close()
+
+## v0.5.0 / 2012-05-03
+
+* [API] kqueue: return errors during watch instead of sending over channel
+* kqueue: match symlink behavior on Linux
+* inotify: add `DELETE_SELF` (requested by @taralx)
+* [Fix] kqueue: handle EINTR (reported by @robfig)
+* [Doc] Godoc example [#1][] (thanks @davecheney)
+
+## v0.4.0 / 2012-03-30
+
+* Go 1 released: build with go tool
+* [Feature] Windows support using winfsnotify
+* Windows does not have attribute change notifications
+* Roll attribute notifications into IsModify
+
+## v0.3.0 / 2012-02-19
+
+* kqueue: add files when watch directory
+
+## v0.2.0 / 2011-12-30
+
+* update to latest Go weekly code
+
+## v0.1.0 / 2011-10-19
+
+* kqueue: add watch on file creation to match inotify
+* kqueue: create file event
+* inotify: ignore `IN_IGNORED` events
+* event String()
+* linux: common FileEvent functions
+* initial commit
+
+[#79]: https://github.com/howeyc/fsnotify/pull/79
+[#77]: https://github.com/howeyc/fsnotify/pull/77
+[#72]: https://github.com/howeyc/fsnotify/issues/72
+[#71]: https://github.com/howeyc/fsnotify/issues/71
+[#70]: https://github.com/howeyc/fsnotify/issues/70
+[#63]: https://github.com/howeyc/fsnotify/issues/63
+[#62]: https://github.com/howeyc/fsnotify/issues/62
+[#60]: https://github.com/howeyc/fsnotify/issues/60
+[#59]: https://github.com/howeyc/fsnotify/issues/59
+[#49]: https://github.com/howeyc/fsnotify/issues/49
+[#45]: https://github.com/howeyc/fsnotify/issues/45
+[#40]: https://github.com/howeyc/fsnotify/issues/40
+[#36]: https://github.com/howeyc/fsnotify/issues/36
+[#33]: https://github.com/howeyc/fsnotify/issues/33
+[#29]: https://github.com/howeyc/fsnotify/issues/29
+[#25]: https://github.com/howeyc/fsnotify/issues/25
+[#24]: https://github.com/howeyc/fsnotify/issues/24
+[#21]: https://github.com/howeyc/fsnotify/issues/21
diff --git a/vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md b/vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md
new file mode 100644
index 00000000..828a60b2
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md
@@ -0,0 +1,77 @@
+# Contributing
+
+## Issues
+
+* Request features and report bugs using the [GitHub Issue Tracker](https://github.com/fsnotify/fsnotify/issues).
+* Please indicate the platform you are using fsnotify on.
+* A code example to reproduce the problem is appreciated.
+
+## Pull Requests
+
+### Contributor License Agreement
+
+fsnotify is derived from code in the [golang.org/x/exp](https://godoc.org/golang.org/x/exp) package and it may be included [in the standard library](https://github.com/fsnotify/fsnotify/issues/1) in the future. Therefore fsnotify carries the same [LICENSE](https://github.com/fsnotify/fsnotify/blob/master/LICENSE) as Go. Contributors retain their copyright, so you need to fill out a short form before we can accept your contribution: [Google Individual Contributor License Agreement](https://developers.google.com/open-source/cla/individual).
+
+Please indicate that you have signed the CLA in your pull request.
+
+### How fsnotify is Developed
+
+* Development is done on feature branches.
+* Tests are run on BSD, Linux, macOS and Windows.
+* Pull requests are reviewed and [applied to master][am] using [hub][].
+  * Maintainers may modify or squash commits rather than asking contributors to.
+* To issue a new release, the maintainers will:
+  * Update the CHANGELOG
+  * Tag a version, which will become available through gopkg.in.
+ 
+### How to Fork
+
+For smooth sailing, always use the original import path. Installing with `go get` makes this easy. 
+
+1. Install from GitHub (`go get -u github.com/fsnotify/fsnotify`)
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Ensure everything works and the tests pass (see below)
+4. Commit your changes (`git commit -am 'Add some feature'`)
+
+Contribute upstream:
+
+1. Fork fsnotify on GitHub
+2. Add your remote (`git remote add fork git@github.com:mycompany/repo.git`)
+3. Push to the branch (`git push fork my-new-feature`)
+4. Create a new Pull Request on GitHub
+
+This workflow is [thoroughly explained by Katrina Owen](https://splice.com/blog/contributing-open-source-git-repositories-go/).
+
+### Testing
+
+fsnotify uses build tags to compile different code on Linux, BSD, macOS, and Windows.
+
+Before doing a pull request, please do your best to test your changes on multiple platforms, and list which platforms you were able/unable to test on.
+
+To aid in cross-platform testing there is a Vagrantfile for Linux and BSD.
+
+* Install [Vagrant](http://www.vagrantup.com/) and [VirtualBox](https://www.virtualbox.org/)
+* Setup [Vagrant Gopher](https://github.com/nathany/vagrant-gopher) in your `src` folder.
+* Run `vagrant up` from the project folder. You can also setup just one box with `vagrant up linux` or `vagrant up bsd` (note: the BSD box doesn't support Windows hosts at this time, and NFS may prompt for your host OS password)
+* Once setup, you can run the test suite on a given OS with a single command `vagrant ssh linux -c 'cd fsnotify/fsnotify; go test'`.
+* When you're done, you will want to halt or destroy the Vagrant boxes.
+
+Notice: fsnotify file system events won't trigger in shared folders. The tests get around this limitation by using the /tmp directory.
+
+Right now there is no equivalent solution for Windows and macOS, but there are Windows VMs [freely available from Microsoft](http://www.modern.ie/en-us/virtualization-tools#downloads).
+
+### Maintainers
+
+Help maintaining fsnotify is welcome. To be a maintainer:
+
+* Submit a pull request and sign the CLA as above.
+* You must be able to run the test suite on Mac, Windows, Linux and BSD.
+
+To keep master clean, the fsnotify project uses the "apply mail" workflow outlined in Nathaniel Talbott's post ["Merge pull request" Considered Harmful][am]. This requires installing [hub][].
+
+All code changes should be internal pull requests.
+
+Releases are tagged using [Semantic Versioning](http://semver.org/).
+
+[hub]: https://github.com/github/hub
+[am]: http://blog.spreedly.com/2014/06/24/merge-pull-request-considered-harmful/#.VGa5yZPF_Zs
diff --git a/vendor/github.com/fsnotify/fsnotify/LICENSE b/vendor/github.com/fsnotify/fsnotify/LICENSE
new file mode 100644
index 00000000..e180c8fb
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/LICENSE
@@ -0,0 +1,28 @@
+Copyright (c) 2012 The Go Authors. All rights reserved.
+Copyright (c) 2012-2019 fsnotify Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/fsnotify/fsnotify/README.md b/vendor/github.com/fsnotify/fsnotify/README.md
new file mode 100644
index 00000000..b2629e52
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/README.md
@@ -0,0 +1,130 @@
+# File system notifications for Go
+
+[![GoDoc](https://godoc.org/github.com/fsnotify/fsnotify?status.svg)](https://godoc.org/github.com/fsnotify/fsnotify) [![Go Report Card](https://goreportcard.com/badge/github.com/fsnotify/fsnotify)](https://goreportcard.com/report/github.com/fsnotify/fsnotify)
+
+fsnotify utilizes [golang.org/x/sys](https://godoc.org/golang.org/x/sys) rather than `syscall` from the standard library. Ensure you have the latest version installed by running:
+
+```console
+go get -u golang.org/x/sys/...
+```
+
+Cross platform: Windows, Linux, BSD and macOS.
+
+| Adapter               | OS                               | Status                                                                                                                          |
+| --------------------- | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------- |
+| inotify               | Linux 2.6.27 or later, Android\* | Supported [![Build Status](https://travis-ci.org/fsnotify/fsnotify.svg?branch=master)](https://travis-ci.org/fsnotify/fsnotify) |
+| kqueue                | BSD, macOS, iOS\*                | Supported [![Build Status](https://travis-ci.org/fsnotify/fsnotify.svg?branch=master)](https://travis-ci.org/fsnotify/fsnotify) |
+| ReadDirectoryChangesW | Windows                          | Supported [![Build Status](https://travis-ci.org/fsnotify/fsnotify.svg?branch=master)](https://travis-ci.org/fsnotify/fsnotify) |
+| FSEvents              | macOS                            | [Planned](https://github.com/fsnotify/fsnotify/issues/11)                                                                       |
+| FEN                   | Solaris 11                       | [In Progress](https://github.com/fsnotify/fsnotify/issues/12)                                                                   |
+| fanotify              | Linux 2.6.37+                    | [Planned](https://github.com/fsnotify/fsnotify/issues/114)                                                                      |
+| USN Journals          | Windows                          | [Maybe](https://github.com/fsnotify/fsnotify/issues/53)                                                                         |
+| Polling               | *All*                            | [Maybe](https://github.com/fsnotify/fsnotify/issues/9)                                                                          |
+
+\* Android and iOS are untested.
+
+Please see [the documentation](https://godoc.org/github.com/fsnotify/fsnotify) and consult the [FAQ](#faq) for usage information.
+
+## API stability
+
+fsnotify is a fork of [howeyc/fsnotify](https://godoc.org/github.com/howeyc/fsnotify) with a new API as of v1.0. The API is based on [this design document](http://goo.gl/MrYxyA). 
+
+All [releases](https://github.com/fsnotify/fsnotify/releases) are tagged based on [Semantic Versioning](http://semver.org/). Further API changes are [planned](https://github.com/fsnotify/fsnotify/milestones), and will be tagged with a new major revision number.
+
+Go 1.6 supports dependencies located in the `vendor/` folder. Unless you are creating a library, it is recommended that you copy fsnotify into `vendor/github.com/fsnotify/fsnotify` within your project, and likewise for `golang.org/x/sys`.
+
+## Usage
+
+```go
+package main
+
+import (
+	"log"
+
+	"github.com/fsnotify/fsnotify"
+)
+
+func main() {
+	watcher, err := fsnotify.NewWatcher()
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer watcher.Close()
+
+	done := make(chan bool)
+	go func() {
+		for {
+			select {
+			case event, ok := <-watcher.Events:
+				if !ok {
+					return
+				}
+				log.Println("event:", event)
+				if event.Op&fsnotify.Write == fsnotify.Write {
+					log.Println("modified file:", event.Name)
+				}
+			case err, ok := <-watcher.Errors:
+				if !ok {
+					return
+				}
+				log.Println("error:", err)
+			}
+		}
+	}()
+
+	err = watcher.Add("/tmp/foo")
+	if err != nil {
+		log.Fatal(err)
+	}
+	<-done
+}
+```
+
+## Contributing
+
+Please refer to [CONTRIBUTING][] before opening an issue or pull request.
+
+## Example
+
+See [example_test.go](https://github.com/fsnotify/fsnotify/blob/master/example_test.go).
+
+## FAQ
+
+**When a file is moved to another directory is it still being watched?**
+
+No (it shouldn't be, unless you are watching where it was moved to).
+
+**When I watch a directory, are all subdirectories watched as well?**
+
+No, you must add watches for any directory you want to watch (a recursive watcher is on the roadmap [#18][]).
+
+**Do I have to watch the Error and Event channels in a separate goroutine?**
+
+As of now, yes. Looking into making this single-thread friendly (see [howeyc #7][#7])
+
+**Why am I receiving multiple events for the same file on OS X?**
+
+Spotlight indexing on OS X can result in multiple events (see [howeyc #62][#62]). A temporary workaround is to add your folder(s) to the *Spotlight Privacy settings* until we have a native FSEvents implementation (see [#11][]).
+
+**How many files can be watched at once?**
+
+There are OS-specific limits as to how many watches can be created:
+* Linux: /proc/sys/fs/inotify/max_user_watches contains the limit, reaching this limit results in a "no space left on device" error.
+* BSD / OSX: sysctl variables "kern.maxfiles" and "kern.maxfilesperproc", reaching these limits results in a "too many open files" error.
+
+**Why don't notifications work with NFS filesystems or filesystem in userspace (FUSE)?**
+
+fsnotify requires support from underlying OS to work. The current NFS protocol does not provide network level support for file notifications.
+
+[#62]: https://github.com/howeyc/fsnotify/issues/62
+[#18]: https://github.com/fsnotify/fsnotify/issues/18
+[#11]: https://github.com/fsnotify/fsnotify/issues/11
+[#7]: https://github.com/howeyc/fsnotify/issues/7
+
+[contributing]: https://github.com/fsnotify/fsnotify/blob/master/CONTRIBUTING.md
+
+## Related Projects
+
+* [notify](https://github.com/rjeczalik/notify)
+* [fsevents](https://github.com/fsnotify/fsevents)
+
diff --git a/vendor/github.com/fsnotify/fsnotify/fen.go b/vendor/github.com/fsnotify/fsnotify/fen.go
new file mode 100644
index 00000000..ced39cb8
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/fen.go
@@ -0,0 +1,37 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build solaris
+
+package fsnotify
+
+import (
+	"errors"
+)
+
+// Watcher watches a set of files, delivering events to a channel.
+type Watcher struct {
+	Events chan Event
+	Errors chan error
+}
+
+// NewWatcher establishes a new watcher with the underlying OS and begins waiting for events.
+func NewWatcher() (*Watcher, error) {
+	return nil, errors.New("FEN based watcher not yet supported for fsnotify\n")
+}
+
+// Close removes all watches and closes the events channel.
+func (w *Watcher) Close() error {
+	return nil
+}
+
+// Add starts watching the named file or directory (non-recursively).
+func (w *Watcher) Add(name string) error {
+	return nil
+}
+
+// Remove stops watching the the named file or directory (non-recursively).
+func (w *Watcher) Remove(name string) error {
+	return nil
+}
diff --git a/vendor/github.com/fsnotify/fsnotify/fsnotify.go b/vendor/github.com/fsnotify/fsnotify/fsnotify.go
new file mode 100644
index 00000000..89cab046
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/fsnotify.go
@@ -0,0 +1,68 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !plan9
+
+// Package fsnotify provides a platform-independent interface for file system notifications.
+package fsnotify
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+)
+
+// Event represents a single file system notification.
+type Event struct {
+	Name string // Relative path to the file or directory.
+	Op   Op     // File operation that triggered the event.
+}
+
+// Op describes a set of file operations.
+type Op uint32
+
+// These are the generalized file operations that can trigger a notification.
+const (
+	Create Op = 1 << iota
+	Write
+	Remove
+	Rename
+	Chmod
+)
+
+func (op Op) String() string {
+	// Use a buffer for efficient string concatenation
+	var buffer bytes.Buffer
+
+	if op&Create == Create {
+		buffer.WriteString("|CREATE")
+	}
+	if op&Remove == Remove {
+		buffer.WriteString("|REMOVE")
+	}
+	if op&Write == Write {
+		buffer.WriteString("|WRITE")
+	}
+	if op&Rename == Rename {
+		buffer.WriteString("|RENAME")
+	}
+	if op&Chmod == Chmod {
+		buffer.WriteString("|CHMOD")
+	}
+	if buffer.Len() == 0 {
+		return ""
+	}
+	return buffer.String()[1:] // Strip leading pipe
+}
+
+// String returns a string representation of the event in the form
+// "file: REMOVE|WRITE|..."
+func (e Event) String() string {
+	return fmt.Sprintf("%q: %s", e.Name, e.Op.String())
+}
+
+// Common errors that can be reported by a watcher
+var (
+	ErrEventOverflow = errors.New("fsnotify queue overflow")
+)
diff --git a/vendor/github.com/fsnotify/fsnotify/go.mod b/vendor/github.com/fsnotify/fsnotify/go.mod
new file mode 100644
index 00000000..ff11e13f
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/go.mod
@@ -0,0 +1,5 @@
+module github.com/fsnotify/fsnotify
+
+go 1.13
+
+require golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9
diff --git a/vendor/github.com/fsnotify/fsnotify/go.sum b/vendor/github.com/fsnotify/fsnotify/go.sum
new file mode 100644
index 00000000..f60af985
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/go.sum
@@ -0,0 +1,2 @@
+golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9 h1:L2auWcuQIvxz9xSEqzESnV/QN/gNRXNApHi3fYwl2w0=
+golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/vendor/github.com/fsnotify/fsnotify/inotify.go b/vendor/github.com/fsnotify/fsnotify/inotify.go
new file mode 100644
index 00000000..d9fd1b88
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/inotify.go
@@ -0,0 +1,337 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build linux
+
+package fsnotify
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+	"sync"
+	"unsafe"
+
+	"golang.org/x/sys/unix"
+)
+
+// Watcher watches a set of files, delivering events to a channel.
+type Watcher struct {
+	Events   chan Event
+	Errors   chan error
+	mu       sync.Mutex // Map access
+	fd       int
+	poller   *fdPoller
+	watches  map[string]*watch // Map of inotify watches (key: path)
+	paths    map[int]string    // Map of watched paths (key: watch descriptor)
+	done     chan struct{}     // Channel for sending a "quit message" to the reader goroutine
+	doneResp chan struct{}     // Channel to respond to Close
+}
+
+// NewWatcher establishes a new watcher with the underlying OS and begins waiting for events.
+func NewWatcher() (*Watcher, error) {
+	// Create inotify fd
+	fd, errno := unix.InotifyInit1(unix.IN_CLOEXEC)
+	if fd == -1 {
+		return nil, errno
+	}
+	// Create epoll
+	poller, err := newFdPoller(fd)
+	if err != nil {
+		unix.Close(fd)
+		return nil, err
+	}
+	w := &Watcher{
+		fd:       fd,
+		poller:   poller,
+		watches:  make(map[string]*watch),
+		paths:    make(map[int]string),
+		Events:   make(chan Event),
+		Errors:   make(chan error),
+		done:     make(chan struct{}),
+		doneResp: make(chan struct{}),
+	}
+
+	go w.readEvents()
+	return w, nil
+}
+
+func (w *Watcher) isClosed() bool {
+	select {
+	case <-w.done:
+		return true
+	default:
+		return false
+	}
+}
+
+// Close removes all watches and closes the events channel.
+func (w *Watcher) Close() error {
+	if w.isClosed() {
+		return nil
+	}
+
+	// Send 'close' signal to goroutine, and set the Watcher to closed.
+	close(w.done)
+
+	// Wake up goroutine
+	w.poller.wake()
+
+	// Wait for goroutine to close
+	<-w.doneResp
+
+	return nil
+}
+
+// Add starts watching the named file or directory (non-recursively).
+func (w *Watcher) Add(name string) error {
+	name = filepath.Clean(name)
+	if w.isClosed() {
+		return errors.New("inotify instance already closed")
+	}
+
+	const agnosticEvents = unix.IN_MOVED_TO | unix.IN_MOVED_FROM |
+		unix.IN_CREATE | unix.IN_ATTRIB | unix.IN_MODIFY |
+		unix.IN_MOVE_SELF | unix.IN_DELETE | unix.IN_DELETE_SELF
+
+	var flags uint32 = agnosticEvents
+
+	w.mu.Lock()
+	defer w.mu.Unlock()
+	watchEntry := w.watches[name]
+	if watchEntry != nil {
+		flags |= watchEntry.flags | unix.IN_MASK_ADD
+	}
+	wd, errno := unix.InotifyAddWatch(w.fd, name, flags)
+	if wd == -1 {
+		return errno
+	}
+
+	if watchEntry == nil {
+		w.watches[name] = &watch{wd: uint32(wd), flags: flags}
+		w.paths[wd] = name
+	} else {
+		watchEntry.wd = uint32(wd)
+		watchEntry.flags = flags
+	}
+
+	return nil
+}
+
+// Remove stops watching the named file or directory (non-recursively).
+func (w *Watcher) Remove(name string) error {
+	name = filepath.Clean(name)
+
+	// Fetch the watch.
+	w.mu.Lock()
+	defer w.mu.Unlock()
+	watch, ok := w.watches[name]
+
+	// Remove it from inotify.
+	if !ok {
+		return fmt.Errorf("can't remove non-existent inotify watch for: %s", name)
+	}
+
+	// We successfully removed the watch if InotifyRmWatch doesn't return an
+	// error, we need to clean up our internal state to ensure it matches
+	// inotify's kernel state.
+	delete(w.paths, int(watch.wd))
+	delete(w.watches, name)
+
+	// inotify_rm_watch will return EINVAL if the file has been deleted;
+	// the inotify will already have been removed.
+	// watches and pathes are deleted in ignoreLinux() implicitly and asynchronously
+	// by calling inotify_rm_watch() below. e.g. readEvents() goroutine receives IN_IGNORE
+	// so that EINVAL means that the wd is being rm_watch()ed or its file removed
+	// by another thread and we have not received IN_IGNORE event.
+	success, errno := unix.InotifyRmWatch(w.fd, watch.wd)
+	if success == -1 {
+		// TODO: Perhaps it's not helpful to return an error here in every case.
+		// the only two possible errors are:
+		// EBADF, which happens when w.fd is not a valid file descriptor of any kind.
+		// EINVAL, which is when fd is not an inotify descriptor or wd is not a valid watch descriptor.
+		// Watch descriptors are invalidated when they are removed explicitly or implicitly;
+		// explicitly by inotify_rm_watch, implicitly when the file they are watching is deleted.
+		return errno
+	}
+
+	return nil
+}
+
+type watch struct {
+	wd    uint32 // Watch descriptor (as returned by the inotify_add_watch() syscall)
+	flags uint32 // inotify flags of this watch (see inotify(7) for the list of valid flags)
+}
+
+// readEvents reads from the inotify file descriptor, converts the
+// received events into Event objects and sends them via the Events channel
+func (w *Watcher) readEvents() {
+	var (
+		buf   [unix.SizeofInotifyEvent * 4096]byte // Buffer for a maximum of 4096 raw events
+		n     int                                  // Number of bytes read with read()
+		errno error                                // Syscall errno
+		ok    bool                                 // For poller.wait
+	)
+
+	defer close(w.doneResp)
+	defer close(w.Errors)
+	defer close(w.Events)
+	defer unix.Close(w.fd)
+	defer w.poller.close()
+
+	for {
+		// See if we have been closed.
+		if w.isClosed() {
+			return
+		}
+
+		ok, errno = w.poller.wait()
+		if errno != nil {
+			select {
+			case w.Errors <- errno:
+			case <-w.done:
+				return
+			}
+			continue
+		}
+
+		if !ok {
+			continue
+		}
+
+		n, errno = unix.Read(w.fd, buf[:])
+		// If a signal interrupted execution, see if we've been asked to close, and try again.
+		// http://man7.org/linux/man-pages/man7/signal.7.html :
+		// "Before Linux 3.8, reads from an inotify(7) file descriptor were not restartable"
+		if errno == unix.EINTR {
+			continue
+		}
+
+		// unix.Read might have been woken up by Close. If so, we're done.
+		if w.isClosed() {
+			return
+		}
+
+		if n < unix.SizeofInotifyEvent {
+			var err error
+			if n == 0 {
+				// If EOF is received. This should really never happen.
+				err = io.EOF
+			} else if n < 0 {
+				// If an error occurred while reading.
+				err = errno
+			} else {
+				// Read was too short.
+				err = errors.New("notify: short read in readEvents()")
+			}
+			select {
+			case w.Errors <- err:
+			case <-w.done:
+				return
+			}
+			continue
+		}
+
+		var offset uint32
+		// We don't know how many events we just read into the buffer
+		// While the offset points to at least one whole event...
+		for offset <= uint32(n-unix.SizeofInotifyEvent) {
+			// Point "raw" to the event in the buffer
+			raw := (*unix.InotifyEvent)(unsafe.Pointer(&buf[offset]))
+
+			mask := uint32(raw.Mask)
+			nameLen := uint32(raw.Len)
+
+			if mask&unix.IN_Q_OVERFLOW != 0 {
+				select {
+				case w.Errors <- ErrEventOverflow:
+				case <-w.done:
+					return
+				}
+			}
+
+			// If the event happened to the watched directory or the watched file, the kernel
+			// doesn't append the filename to the event, but we would like to always fill the
+			// the "Name" field with a valid filename. We retrieve the path of the watch from
+			// the "paths" map.
+			w.mu.Lock()
+			name, ok := w.paths[int(raw.Wd)]
+			// IN_DELETE_SELF occurs when the file/directory being watched is removed.
+			// This is a sign to clean up the maps, otherwise we are no longer in sync
+			// with the inotify kernel state which has already deleted the watch
+			// automatically.
+			if ok && mask&unix.IN_DELETE_SELF == unix.IN_DELETE_SELF {
+				delete(w.paths, int(raw.Wd))
+				delete(w.watches, name)
+			}
+			w.mu.Unlock()
+
+			if nameLen > 0 {
+				// Point "bytes" at the first byte of the filename
+				bytes := (*[unix.PathMax]byte)(unsafe.Pointer(&buf[offset+unix.SizeofInotifyEvent]))
+				// The filename is padded with NULL bytes. TrimRight() gets rid of those.
+				name += "/" + strings.TrimRight(string(bytes[0:nameLen]), "\000")
+			}
+
+			event := newEvent(name, mask)
+
+			// Send the events that are not ignored on the events channel
+			if !event.ignoreLinux(mask) {
+				select {
+				case w.Events <- event:
+				case <-w.done:
+					return
+				}
+			}
+
+			// Move to the next event in the buffer
+			offset += unix.SizeofInotifyEvent + nameLen
+		}
+	}
+}
+
+// Certain types of events can be "ignored" and not sent over the Events
+// channel. Such as events marked ignore by the kernel, or MODIFY events
+// against files that do not exist.
+func (e *Event) ignoreLinux(mask uint32) bool {
+	// Ignore anything the inotify API says to ignore
+	if mask&unix.IN_IGNORED == unix.IN_IGNORED {
+		return true
+	}
+
+	// If the event is not a DELETE or RENAME, the file must exist.
+	// Otherwise the event is ignored.
+	// *Note*: this was put in place because it was seen that a MODIFY
+	// event was sent after the DELETE. This ignores that MODIFY and
+	// assumes a DELETE will come or has come if the file doesn't exist.
+	if !(e.Op&Remove == Remove || e.Op&Rename == Rename) {
+		_, statErr := os.Lstat(e.Name)
+		return os.IsNotExist(statErr)
+	}
+	return false
+}
+
+// newEvent returns an platform-independent Event based on an inotify mask.
+func newEvent(name string, mask uint32) Event {
+	e := Event{Name: name}
+	if mask&unix.IN_CREATE == unix.IN_CREATE || mask&unix.IN_MOVED_TO == unix.IN_MOVED_TO {
+		e.Op |= Create
+	}
+	if mask&unix.IN_DELETE_SELF == unix.IN_DELETE_SELF || mask&unix.IN_DELETE == unix.IN_DELETE {
+		e.Op |= Remove
+	}
+	if mask&unix.IN_MODIFY == unix.IN_MODIFY {
+		e.Op |= Write
+	}
+	if mask&unix.IN_MOVE_SELF == unix.IN_MOVE_SELF || mask&unix.IN_MOVED_FROM == unix.IN_MOVED_FROM {
+		e.Op |= Rename
+	}
+	if mask&unix.IN_ATTRIB == unix.IN_ATTRIB {
+		e.Op |= Chmod
+	}
+	return e
+}
diff --git a/vendor/github.com/fsnotify/fsnotify/inotify_poller.go b/vendor/github.com/fsnotify/fsnotify/inotify_poller.go
new file mode 100644
index 00000000..b33f2b4d
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/inotify_poller.go
@@ -0,0 +1,187 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build linux
+
+package fsnotify
+
+import (
+	"errors"
+
+	"golang.org/x/sys/unix"
+)
+
+type fdPoller struct {
+	fd   int    // File descriptor (as returned by the inotify_init() syscall)
+	epfd int    // Epoll file descriptor
+	pipe [2]int // Pipe for waking up
+}
+
+func emptyPoller(fd int) *fdPoller {
+	poller := new(fdPoller)
+	poller.fd = fd
+	poller.epfd = -1
+	poller.pipe[0] = -1
+	poller.pipe[1] = -1
+	return poller
+}
+
+// Create a new inotify poller.
+// This creates an inotify handler, and an epoll handler.
+func newFdPoller(fd int) (*fdPoller, error) {
+	var errno error
+	poller := emptyPoller(fd)
+	defer func() {
+		if errno != nil {
+			poller.close()
+		}
+	}()
+	poller.fd = fd
+
+	// Create epoll fd
+	poller.epfd, errno = unix.EpollCreate1(unix.EPOLL_CLOEXEC)
+	if poller.epfd == -1 {
+		return nil, errno
+	}
+	// Create pipe; pipe[0] is the read end, pipe[1] the write end.
+	errno = unix.Pipe2(poller.pipe[:], unix.O_NONBLOCK|unix.O_CLOEXEC)
+	if errno != nil {
+		return nil, errno
+	}
+
+	// Register inotify fd with epoll
+	event := unix.EpollEvent{
+		Fd:     int32(poller.fd),
+		Events: unix.EPOLLIN,
+	}
+	errno = unix.EpollCtl(poller.epfd, unix.EPOLL_CTL_ADD, poller.fd, &event)
+	if errno != nil {
+		return nil, errno
+	}
+
+	// Register pipe fd with epoll
+	event = unix.EpollEvent{
+		Fd:     int32(poller.pipe[0]),
+		Events: unix.EPOLLIN,
+	}
+	errno = unix.EpollCtl(poller.epfd, unix.EPOLL_CTL_ADD, poller.pipe[0], &event)
+	if errno != nil {
+		return nil, errno
+	}
+
+	return poller, nil
+}
+
+// Wait using epoll.
+// Returns true if something is ready to be read,
+// false if there is not.
+func (poller *fdPoller) wait() (bool, error) {
+	// 3 possible events per fd, and 2 fds, makes a maximum of 6 events.
+	// I don't know whether epoll_wait returns the number of events returned,
+	// or the total number of events ready.
+	// I decided to catch both by making the buffer one larger than the maximum.
+	events := make([]unix.EpollEvent, 7)
+	for {
+		n, errno := unix.EpollWait(poller.epfd, events, -1)
+		if n == -1 {
+			if errno == unix.EINTR {
+				continue
+			}
+			return false, errno
+		}
+		if n == 0 {
+			// If there are no events, try again.
+			continue
+		}
+		if n > 6 {
+			// This should never happen. More events were returned than should be possible.
+			return false, errors.New("epoll_wait returned more events than I know what to do with")
+		}
+		ready := events[:n]
+		epollhup := false
+		epollerr := false
+		epollin := false
+		for _, event := range ready {
+			if event.Fd == int32(poller.fd) {
+				if event.Events&unix.EPOLLHUP != 0 {
+					// This should not happen, but if it does, treat it as a wakeup.
+					epollhup = true
+				}
+				if event.Events&unix.EPOLLERR != 0 {
+					// If an error is waiting on the file descriptor, we should pretend
+					// something is ready to read, and let unix.Read pick up the error.
+					epollerr = true
+				}
+				if event.Events&unix.EPOLLIN != 0 {
+					// There is data to read.
+					epollin = true
+				}
+			}
+			if event.Fd == int32(poller.pipe[0]) {
+				if event.Events&unix.EPOLLHUP != 0 {
+					// Write pipe descriptor was closed, by us. This means we're closing down the
+					// watcher, and we should wake up.
+				}
+				if event.Events&unix.EPOLLERR != 0 {
+					// If an error is waiting on the pipe file descriptor.
+					// This is an absolute mystery, and should never ever happen.
+					return false, errors.New("Error on the pipe descriptor.")
+				}
+				if event.Events&unix.EPOLLIN != 0 {
+					// This is a regular wakeup, so we have to clear the buffer.
+					err := poller.clearWake()
+					if err != nil {
+						return false, err
+					}
+				}
+			}
+		}
+
+		if epollhup || epollerr || epollin {
+			return true, nil
+		}
+		return false, nil
+	}
+}
+
+// Close the write end of the poller.
+func (poller *fdPoller) wake() error {
+	buf := make([]byte, 1)
+	n, errno := unix.Write(poller.pipe[1], buf)
+	if n == -1 {
+		if errno == unix.EAGAIN {
+			// Buffer is full, poller will wake.
+			return nil
+		}
+		return errno
+	}
+	return nil
+}
+
+func (poller *fdPoller) clearWake() error {
+	// You have to be woken up a LOT in order to get to 100!
+	buf := make([]byte, 100)
+	n, errno := unix.Read(poller.pipe[0], buf)
+	if n == -1 {
+		if errno == unix.EAGAIN {
+			// Buffer is empty, someone else cleared our wake.
+			return nil
+		}
+		return errno
+	}
+	return nil
+}
+
+// Close all poller file descriptors, but not the one passed to it.
+func (poller *fdPoller) close() {
+	if poller.pipe[1] != -1 {
+		unix.Close(poller.pipe[1])
+	}
+	if poller.pipe[0] != -1 {
+		unix.Close(poller.pipe[0])
+	}
+	if poller.epfd != -1 {
+		unix.Close(poller.epfd)
+	}
+}
diff --git a/vendor/github.com/fsnotify/fsnotify/kqueue.go b/vendor/github.com/fsnotify/fsnotify/kqueue.go
new file mode 100644
index 00000000..86e76a3d
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/kqueue.go
@@ -0,0 +1,521 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build freebsd openbsd netbsd dragonfly darwin
+
+package fsnotify
+
+import (
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"sync"
+	"time"
+
+	"golang.org/x/sys/unix"
+)
+
+// Watcher watches a set of files, delivering events to a channel.
+type Watcher struct {
+	Events chan Event
+	Errors chan error
+	done   chan struct{} // Channel for sending a "quit message" to the reader goroutine
+
+	kq int // File descriptor (as returned by the kqueue() syscall).
+
+	mu              sync.Mutex        // Protects access to watcher data
+	watches         map[string]int    // Map of watched file descriptors (key: path).
+	externalWatches map[string]bool   // Map of watches added by user of the library.
+	dirFlags        map[string]uint32 // Map of watched directories to fflags used in kqueue.
+	paths           map[int]pathInfo  // Map file descriptors to path names for processing kqueue events.
+	fileExists      map[string]bool   // Keep track of if we know this file exists (to stop duplicate create events).
+	isClosed        bool              // Set to true when Close() is first called
+}
+
+type pathInfo struct {
+	name  string
+	isDir bool
+}
+
+// NewWatcher establishes a new watcher with the underlying OS and begins waiting for events.
+func NewWatcher() (*Watcher, error) {
+	kq, err := kqueue()
+	if err != nil {
+		return nil, err
+	}
+
+	w := &Watcher{
+		kq:              kq,
+		watches:         make(map[string]int),
+		dirFlags:        make(map[string]uint32),
+		paths:           make(map[int]pathInfo),
+		fileExists:      make(map[string]bool),
+		externalWatches: make(map[string]bool),
+		Events:          make(chan Event),
+		Errors:          make(chan error),
+		done:            make(chan struct{}),
+	}
+
+	go w.readEvents()
+	return w, nil
+}
+
+// Close removes all watches and closes the events channel.
+func (w *Watcher) Close() error {
+	w.mu.Lock()
+	if w.isClosed {
+		w.mu.Unlock()
+		return nil
+	}
+	w.isClosed = true
+
+	// copy paths to remove while locked
+	var pathsToRemove = make([]string, 0, len(w.watches))
+	for name := range w.watches {
+		pathsToRemove = append(pathsToRemove, name)
+	}
+	w.mu.Unlock()
+	// unlock before calling Remove, which also locks
+
+	for _, name := range pathsToRemove {
+		w.Remove(name)
+	}
+
+	// send a "quit" message to the reader goroutine
+	close(w.done)
+
+	return nil
+}
+
+// Add starts watching the named file or directory (non-recursively).
+func (w *Watcher) Add(name string) error {
+	w.mu.Lock()
+	w.externalWatches[name] = true
+	w.mu.Unlock()
+	_, err := w.addWatch(name, noteAllEvents)
+	return err
+}
+
+// Remove stops watching the the named file or directory (non-recursively).
+func (w *Watcher) Remove(name string) error {
+	name = filepath.Clean(name)
+	w.mu.Lock()
+	watchfd, ok := w.watches[name]
+	w.mu.Unlock()
+	if !ok {
+		return fmt.Errorf("can't remove non-existent kevent watch for: %s", name)
+	}
+
+	const registerRemove = unix.EV_DELETE
+	if err := register(w.kq, []int{watchfd}, registerRemove, 0); err != nil {
+		return err
+	}
+
+	unix.Close(watchfd)
+
+	w.mu.Lock()
+	isDir := w.paths[watchfd].isDir
+	delete(w.watches, name)
+	delete(w.paths, watchfd)
+	delete(w.dirFlags, name)
+	w.mu.Unlock()
+
+	// Find all watched paths that are in this directory that are not external.
+	if isDir {
+		var pathsToRemove []string
+		w.mu.Lock()
+		for _, path := range w.paths {
+			wdir, _ := filepath.Split(path.name)
+			if filepath.Clean(wdir) == name {
+				if !w.externalWatches[path.name] {
+					pathsToRemove = append(pathsToRemove, path.name)
+				}
+			}
+		}
+		w.mu.Unlock()
+		for _, name := range pathsToRemove {
+			// Since these are internal, not much sense in propagating error
+			// to the user, as that will just confuse them with an error about
+			// a path they did not explicitly watch themselves.
+			w.Remove(name)
+		}
+	}
+
+	return nil
+}
+
+// Watch all events (except NOTE_EXTEND, NOTE_LINK, NOTE_REVOKE)
+const noteAllEvents = unix.NOTE_DELETE | unix.NOTE_WRITE | unix.NOTE_ATTRIB | unix.NOTE_RENAME
+
+// keventWaitTime to block on each read from kevent
+var keventWaitTime = durationToTimespec(100 * time.Millisecond)
+
+// addWatch adds name to the watched file set.
+// The flags are interpreted as described in kevent(2).
+// Returns the real path to the file which was added, if any, which may be different from the one passed in the case of symlinks.
+func (w *Watcher) addWatch(name string, flags uint32) (string, error) {
+	var isDir bool
+	// Make ./name and name equivalent
+	name = filepath.Clean(name)
+
+	w.mu.Lock()
+	if w.isClosed {
+		w.mu.Unlock()
+		return "", errors.New("kevent instance already closed")
+	}
+	watchfd, alreadyWatching := w.watches[name]
+	// We already have a watch, but we can still override flags.
+	if alreadyWatching {
+		isDir = w.paths[watchfd].isDir
+	}
+	w.mu.Unlock()
+
+	if !alreadyWatching {
+		fi, err := os.Lstat(name)
+		if err != nil {
+			return "", err
+		}
+
+		// Don't watch sockets.
+		if fi.Mode()&os.ModeSocket == os.ModeSocket {
+			return "", nil
+		}
+
+		// Don't watch named pipes.
+		if fi.Mode()&os.ModeNamedPipe == os.ModeNamedPipe {
+			return "", nil
+		}
+
+		// Follow Symlinks
+		// Unfortunately, Linux can add bogus symlinks to watch list without
+		// issue, and Windows can't do symlinks period (AFAIK). To  maintain
+		// consistency, we will act like everything is fine. There will simply
+		// be no file events for broken symlinks.
+		// Hence the returns of nil on errors.
+		if fi.Mode()&os.ModeSymlink == os.ModeSymlink {
+			name, err = filepath.EvalSymlinks(name)
+			if err != nil {
+				return "", nil
+			}
+
+			w.mu.Lock()
+			_, alreadyWatching = w.watches[name]
+			w.mu.Unlock()
+
+			if alreadyWatching {
+				return name, nil
+			}
+
+			fi, err = os.Lstat(name)
+			if err != nil {
+				return "", nil
+			}
+		}
+
+		watchfd, err = unix.Open(name, openMode, 0700)
+		if watchfd == -1 {
+			return "", err
+		}
+
+		isDir = fi.IsDir()
+	}
+
+	const registerAdd = unix.EV_ADD | unix.EV_CLEAR | unix.EV_ENABLE
+	if err := register(w.kq, []int{watchfd}, registerAdd, flags); err != nil {
+		unix.Close(watchfd)
+		return "", err
+	}
+
+	if !alreadyWatching {
+		w.mu.Lock()
+		w.watches[name] = watchfd
+		w.paths[watchfd] = pathInfo{name: name, isDir: isDir}
+		w.mu.Unlock()
+	}
+
+	if isDir {
+		// Watch the directory if it has not been watched before,
+		// or if it was watched before, but perhaps only a NOTE_DELETE (watchDirectoryFiles)
+		w.mu.Lock()
+
+		watchDir := (flags&unix.NOTE_WRITE) == unix.NOTE_WRITE &&
+			(!alreadyWatching || (w.dirFlags[name]&unix.NOTE_WRITE) != unix.NOTE_WRITE)
+		// Store flags so this watch can be updated later
+		w.dirFlags[name] = flags
+		w.mu.Unlock()
+
+		if watchDir {
+			if err := w.watchDirectoryFiles(name); err != nil {
+				return "", err
+			}
+		}
+	}
+	return name, nil
+}
+
+// readEvents reads from kqueue and converts the received kevents into
+// Event values that it sends down the Events channel.
+func (w *Watcher) readEvents() {
+	eventBuffer := make([]unix.Kevent_t, 10)
+
+loop:
+	for {
+		// See if there is a message on the "done" channel
+		select {
+		case <-w.done:
+			break loop
+		default:
+		}
+
+		// Get new events
+		kevents, err := read(w.kq, eventBuffer, &keventWaitTime)
+		// EINTR is okay, the syscall was interrupted before timeout expired.
+		if err != nil && err != unix.EINTR {
+			select {
+			case w.Errors <- err:
+			case <-w.done:
+				break loop
+			}
+			continue
+		}
+
+		// Flush the events we received to the Events channel
+		for len(kevents) > 0 {
+			kevent := &kevents[0]
+			watchfd := int(kevent.Ident)
+			mask := uint32(kevent.Fflags)
+			w.mu.Lock()
+			path := w.paths[watchfd]
+			w.mu.Unlock()
+			event := newEvent(path.name, mask)
+
+			if path.isDir && !(event.Op&Remove == Remove) {
+				// Double check to make sure the directory exists. This can happen when
+				// we do a rm -fr on a recursively watched folders and we receive a
+				// modification event first but the folder has been deleted and later
+				// receive the delete event
+				if _, err := os.Lstat(event.Name); os.IsNotExist(err) {
+					// mark is as delete event
+					event.Op |= Remove
+				}
+			}
+
+			if event.Op&Rename == Rename || event.Op&Remove == Remove {
+				w.Remove(event.Name)
+				w.mu.Lock()
+				delete(w.fileExists, event.Name)
+				w.mu.Unlock()
+			}
+
+			if path.isDir && event.Op&Write == Write && !(event.Op&Remove == Remove) {
+				w.sendDirectoryChangeEvents(event.Name)
+			} else {
+				// Send the event on the Events channel.
+				select {
+				case w.Events <- event:
+				case <-w.done:
+					break loop
+				}
+			}
+
+			if event.Op&Remove == Remove {
+				// Look for a file that may have overwritten this.
+				// For example, mv f1 f2 will delete f2, then create f2.
+				if path.isDir {
+					fileDir := filepath.Clean(event.Name)
+					w.mu.Lock()
+					_, found := w.watches[fileDir]
+					w.mu.Unlock()
+					if found {
+						// make sure the directory exists before we watch for changes. When we
+						// do a recursive watch and perform rm -fr, the parent directory might
+						// have gone missing, ignore the missing directory and let the
+						// upcoming delete event remove the watch from the parent directory.
+						if _, err := os.Lstat(fileDir); err == nil {
+							w.sendDirectoryChangeEvents(fileDir)
+						}
+					}
+				} else {
+					filePath := filepath.Clean(event.Name)
+					if fileInfo, err := os.Lstat(filePath); err == nil {
+						w.sendFileCreatedEventIfNew(filePath, fileInfo)
+					}
+				}
+			}
+
+			// Move to next event
+			kevents = kevents[1:]
+		}
+	}
+
+	// cleanup
+	err := unix.Close(w.kq)
+	if err != nil {
+		// only way the previous loop breaks is if w.done was closed so we need to async send to w.Errors.
+		select {
+		case w.Errors <- err:
+		default:
+		}
+	}
+	close(w.Events)
+	close(w.Errors)
+}
+
+// newEvent returns an platform-independent Event based on kqueue Fflags.
+func newEvent(name string, mask uint32) Event {
+	e := Event{Name: name}
+	if mask&unix.NOTE_DELETE == unix.NOTE_DELETE {
+		e.Op |= Remove
+	}
+	if mask&unix.NOTE_WRITE == unix.NOTE_WRITE {
+		e.Op |= Write
+	}
+	if mask&unix.NOTE_RENAME == unix.NOTE_RENAME {
+		e.Op |= Rename
+	}
+	if mask&unix.NOTE_ATTRIB == unix.NOTE_ATTRIB {
+		e.Op |= Chmod
+	}
+	return e
+}
+
+func newCreateEvent(name string) Event {
+	return Event{Name: name, Op: Create}
+}
+
+// watchDirectoryFiles to mimic inotify when adding a watch on a directory
+func (w *Watcher) watchDirectoryFiles(dirPath string) error {
+	// Get all files
+	files, err := ioutil.ReadDir(dirPath)
+	if err != nil {
+		return err
+	}
+
+	for _, fileInfo := range files {
+		filePath := filepath.Join(dirPath, fileInfo.Name())
+		filePath, err = w.internalWatch(filePath, fileInfo)
+		if err != nil {
+			return err
+		}
+
+		w.mu.Lock()
+		w.fileExists[filePath] = true
+		w.mu.Unlock()
+	}
+
+	return nil
+}
+
+// sendDirectoryEvents searches the directory for newly created files
+// and sends them over the event channel. This functionality is to have
+// the BSD version of fsnotify match Linux inotify which provides a
+// create event for files created in a watched directory.
+func (w *Watcher) sendDirectoryChangeEvents(dirPath string) {
+	// Get all files
+	files, err := ioutil.ReadDir(dirPath)
+	if err != nil {
+		select {
+		case w.Errors <- err:
+		case <-w.done:
+			return
+		}
+	}
+
+	// Search for new files
+	for _, fileInfo := range files {
+		filePath := filepath.Join(dirPath, fileInfo.Name())
+		err := w.sendFileCreatedEventIfNew(filePath, fileInfo)
+
+		if err != nil {
+			return
+		}
+	}
+}
+
+// sendFileCreatedEvent sends a create event if the file isn't already being tracked.
+func (w *Watcher) sendFileCreatedEventIfNew(filePath string, fileInfo os.FileInfo) (err error) {
+	w.mu.Lock()
+	_, doesExist := w.fileExists[filePath]
+	w.mu.Unlock()
+	if !doesExist {
+		// Send create event
+		select {
+		case w.Events <- newCreateEvent(filePath):
+		case <-w.done:
+			return
+		}
+	}
+
+	// like watchDirectoryFiles (but without doing another ReadDir)
+	filePath, err = w.internalWatch(filePath, fileInfo)
+	if err != nil {
+		return err
+	}
+
+	w.mu.Lock()
+	w.fileExists[filePath] = true
+	w.mu.Unlock()
+
+	return nil
+}
+
+func (w *Watcher) internalWatch(name string, fileInfo os.FileInfo) (string, error) {
+	if fileInfo.IsDir() {
+		// mimic Linux providing delete events for subdirectories
+		// but preserve the flags used if currently watching subdirectory
+		w.mu.Lock()
+		flags := w.dirFlags[name]
+		w.mu.Unlock()
+
+		flags |= unix.NOTE_DELETE | unix.NOTE_RENAME
+		return w.addWatch(name, flags)
+	}
+
+	// watch file to mimic Linux inotify
+	return w.addWatch(name, noteAllEvents)
+}
+
+// kqueue creates a new kernel event queue and returns a descriptor.
+func kqueue() (kq int, err error) {
+	kq, err = unix.Kqueue()
+	if kq == -1 {
+		return kq, err
+	}
+	return kq, nil
+}
+
+// register events with the queue
+func register(kq int, fds []int, flags int, fflags uint32) error {
+	changes := make([]unix.Kevent_t, len(fds))
+
+	for i, fd := range fds {
+		// SetKevent converts int to the platform-specific types:
+		unix.SetKevent(&changes[i], fd, unix.EVFILT_VNODE, flags)
+		changes[i].Fflags = fflags
+	}
+
+	// register the events
+	success, err := unix.Kevent(kq, changes, nil, nil)
+	if success == -1 {
+		return err
+	}
+	return nil
+}
+
+// read retrieves pending events, or waits until an event occurs.
+// A timeout of nil blocks indefinitely, while 0 polls the queue.
+func read(kq int, events []unix.Kevent_t, timeout *unix.Timespec) ([]unix.Kevent_t, error) {
+	n, err := unix.Kevent(kq, nil, events, timeout)
+	if err != nil {
+		return nil, err
+	}
+	return events[0:n], nil
+}
+
+// durationToTimespec prepares a timeout value
+func durationToTimespec(d time.Duration) unix.Timespec {
+	return unix.NsecToTimespec(d.Nanoseconds())
+}
diff --git a/vendor/github.com/fsnotify/fsnotify/open_mode_bsd.go b/vendor/github.com/fsnotify/fsnotify/open_mode_bsd.go
new file mode 100644
index 00000000..2306c462
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/open_mode_bsd.go
@@ -0,0 +1,11 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build freebsd openbsd netbsd dragonfly
+
+package fsnotify
+
+import "golang.org/x/sys/unix"
+
+const openMode = unix.O_NONBLOCK | unix.O_RDONLY | unix.O_CLOEXEC
diff --git a/vendor/github.com/fsnotify/fsnotify/open_mode_darwin.go b/vendor/github.com/fsnotify/fsnotify/open_mode_darwin.go
new file mode 100644
index 00000000..870c4d6d
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/open_mode_darwin.go
@@ -0,0 +1,12 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build darwin
+
+package fsnotify
+
+import "golang.org/x/sys/unix"
+
+// note: this constant is not defined on BSD
+const openMode = unix.O_EVTONLY | unix.O_CLOEXEC
diff --git a/vendor/github.com/fsnotify/fsnotify/windows.go b/vendor/github.com/fsnotify/fsnotify/windows.go
new file mode 100644
index 00000000..09436f31
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/windows.go
@@ -0,0 +1,561 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build windows
+
+package fsnotify
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+	"runtime"
+	"sync"
+	"syscall"
+	"unsafe"
+)
+
+// Watcher watches a set of files, delivering events to a channel.
+type Watcher struct {
+	Events   chan Event
+	Errors   chan error
+	isClosed bool           // Set to true when Close() is first called
+	mu       sync.Mutex     // Map access
+	port     syscall.Handle // Handle to completion port
+	watches  watchMap       // Map of watches (key: i-number)
+	input    chan *input    // Inputs to the reader are sent on this channel
+	quit     chan chan<- error
+}
+
+// NewWatcher establishes a new watcher with the underlying OS and begins waiting for events.
+func NewWatcher() (*Watcher, error) {
+	port, e := syscall.CreateIoCompletionPort(syscall.InvalidHandle, 0, 0, 0)
+	if e != nil {
+		return nil, os.NewSyscallError("CreateIoCompletionPort", e)
+	}
+	w := &Watcher{
+		port:    port,
+		watches: make(watchMap),
+		input:   make(chan *input, 1),
+		Events:  make(chan Event, 50),
+		Errors:  make(chan error),
+		quit:    make(chan chan<- error, 1),
+	}
+	go w.readEvents()
+	return w, nil
+}
+
+// Close removes all watches and closes the events channel.
+func (w *Watcher) Close() error {
+	if w.isClosed {
+		return nil
+	}
+	w.isClosed = true
+
+	// Send "quit" message to the reader goroutine
+	ch := make(chan error)
+	w.quit <- ch
+	if err := w.wakeupReader(); err != nil {
+		return err
+	}
+	return <-ch
+}
+
+// Add starts watching the named file or directory (non-recursively).
+func (w *Watcher) Add(name string) error {
+	if w.isClosed {
+		return errors.New("watcher already closed")
+	}
+	in := &input{
+		op:    opAddWatch,
+		path:  filepath.Clean(name),
+		flags: sysFSALLEVENTS,
+		reply: make(chan error),
+	}
+	w.input <- in
+	if err := w.wakeupReader(); err != nil {
+		return err
+	}
+	return <-in.reply
+}
+
+// Remove stops watching the the named file or directory (non-recursively).
+func (w *Watcher) Remove(name string) error {
+	in := &input{
+		op:    opRemoveWatch,
+		path:  filepath.Clean(name),
+		reply: make(chan error),
+	}
+	w.input <- in
+	if err := w.wakeupReader(); err != nil {
+		return err
+	}
+	return <-in.reply
+}
+
+const (
+	// Options for AddWatch
+	sysFSONESHOT = 0x80000000
+	sysFSONLYDIR = 0x1000000
+
+	// Events
+	sysFSACCESS     = 0x1
+	sysFSALLEVENTS  = 0xfff
+	sysFSATTRIB     = 0x4
+	sysFSCLOSE      = 0x18
+	sysFSCREATE     = 0x100
+	sysFSDELETE     = 0x200
+	sysFSDELETESELF = 0x400
+	sysFSMODIFY     = 0x2
+	sysFSMOVE       = 0xc0
+	sysFSMOVEDFROM  = 0x40
+	sysFSMOVEDTO    = 0x80
+	sysFSMOVESELF   = 0x800
+
+	// Special events
+	sysFSIGNORED   = 0x8000
+	sysFSQOVERFLOW = 0x4000
+)
+
+func newEvent(name string, mask uint32) Event {
+	e := Event{Name: name}
+	if mask&sysFSCREATE == sysFSCREATE || mask&sysFSMOVEDTO == sysFSMOVEDTO {
+		e.Op |= Create
+	}
+	if mask&sysFSDELETE == sysFSDELETE || mask&sysFSDELETESELF == sysFSDELETESELF {
+		e.Op |= Remove
+	}
+	if mask&sysFSMODIFY == sysFSMODIFY {
+		e.Op |= Write
+	}
+	if mask&sysFSMOVE == sysFSMOVE || mask&sysFSMOVESELF == sysFSMOVESELF || mask&sysFSMOVEDFROM == sysFSMOVEDFROM {
+		e.Op |= Rename
+	}
+	if mask&sysFSATTRIB == sysFSATTRIB {
+		e.Op |= Chmod
+	}
+	return e
+}
+
+const (
+	opAddWatch = iota
+	opRemoveWatch
+)
+
+const (
+	provisional uint64 = 1 << (32 + iota)
+)
+
+type input struct {
+	op    int
+	path  string
+	flags uint32
+	reply chan error
+}
+
+type inode struct {
+	handle syscall.Handle
+	volume uint32
+	index  uint64
+}
+
+type watch struct {
+	ov     syscall.Overlapped
+	ino    *inode            // i-number
+	path   string            // Directory path
+	mask   uint64            // Directory itself is being watched with these notify flags
+	names  map[string]uint64 // Map of names being watched and their notify flags
+	rename string            // Remembers the old name while renaming a file
+	buf    [4096]byte
+}
+
+type indexMap map[uint64]*watch
+type watchMap map[uint32]indexMap
+
+func (w *Watcher) wakeupReader() error {
+	e := syscall.PostQueuedCompletionStatus(w.port, 0, 0, nil)
+	if e != nil {
+		return os.NewSyscallError("PostQueuedCompletionStatus", e)
+	}
+	return nil
+}
+
+func getDir(pathname string) (dir string, err error) {
+	attr, e := syscall.GetFileAttributes(syscall.StringToUTF16Ptr(pathname))
+	if e != nil {
+		return "", os.NewSyscallError("GetFileAttributes", e)
+	}
+	if attr&syscall.FILE_ATTRIBUTE_DIRECTORY != 0 {
+		dir = pathname
+	} else {
+		dir, _ = filepath.Split(pathname)
+		dir = filepath.Clean(dir)
+	}
+	return
+}
+
+func getIno(path string) (ino *inode, err error) {
+	h, e := syscall.CreateFile(syscall.StringToUTF16Ptr(path),
+		syscall.FILE_LIST_DIRECTORY,
+		syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE|syscall.FILE_SHARE_DELETE,
+		nil, syscall.OPEN_EXISTING,
+		syscall.FILE_FLAG_BACKUP_SEMANTICS|syscall.FILE_FLAG_OVERLAPPED, 0)
+	if e != nil {
+		return nil, os.NewSyscallError("CreateFile", e)
+	}
+	var fi syscall.ByHandleFileInformation
+	if e = syscall.GetFileInformationByHandle(h, &fi); e != nil {
+		syscall.CloseHandle(h)
+		return nil, os.NewSyscallError("GetFileInformationByHandle", e)
+	}
+	ino = &inode{
+		handle: h,
+		volume: fi.VolumeSerialNumber,
+		index:  uint64(fi.FileIndexHigh)<<32 | uint64(fi.FileIndexLow),
+	}
+	return ino, nil
+}
+
+// Must run within the I/O thread.
+func (m watchMap) get(ino *inode) *watch {
+	if i := m[ino.volume]; i != nil {
+		return i[ino.index]
+	}
+	return nil
+}
+
+// Must run within the I/O thread.
+func (m watchMap) set(ino *inode, watch *watch) {
+	i := m[ino.volume]
+	if i == nil {
+		i = make(indexMap)
+		m[ino.volume] = i
+	}
+	i[ino.index] = watch
+}
+
+// Must run within the I/O thread.
+func (w *Watcher) addWatch(pathname string, flags uint64) error {
+	dir, err := getDir(pathname)
+	if err != nil {
+		return err
+	}
+	if flags&sysFSONLYDIR != 0 && pathname != dir {
+		return nil
+	}
+	ino, err := getIno(dir)
+	if err != nil {
+		return err
+	}
+	w.mu.Lock()
+	watchEntry := w.watches.get(ino)
+	w.mu.Unlock()
+	if watchEntry == nil {
+		if _, e := syscall.CreateIoCompletionPort(ino.handle, w.port, 0, 0); e != nil {
+			syscall.CloseHandle(ino.handle)
+			return os.NewSyscallError("CreateIoCompletionPort", e)
+		}
+		watchEntry = &watch{
+			ino:   ino,
+			path:  dir,
+			names: make(map[string]uint64),
+		}
+		w.mu.Lock()
+		w.watches.set(ino, watchEntry)
+		w.mu.Unlock()
+		flags |= provisional
+	} else {
+		syscall.CloseHandle(ino.handle)
+	}
+	if pathname == dir {
+		watchEntry.mask |= flags
+	} else {
+		watchEntry.names[filepath.Base(pathname)] |= flags
+	}
+	if err = w.startRead(watchEntry); err != nil {
+		return err
+	}
+	if pathname == dir {
+		watchEntry.mask &= ^provisional
+	} else {
+		watchEntry.names[filepath.Base(pathname)] &= ^provisional
+	}
+	return nil
+}
+
+// Must run within the I/O thread.
+func (w *Watcher) remWatch(pathname string) error {
+	dir, err := getDir(pathname)
+	if err != nil {
+		return err
+	}
+	ino, err := getIno(dir)
+	if err != nil {
+		return err
+	}
+	w.mu.Lock()
+	watch := w.watches.get(ino)
+	w.mu.Unlock()
+	if watch == nil {
+		return fmt.Errorf("can't remove non-existent watch for: %s", pathname)
+	}
+	if pathname == dir {
+		w.sendEvent(watch.path, watch.mask&sysFSIGNORED)
+		watch.mask = 0
+	} else {
+		name := filepath.Base(pathname)
+		w.sendEvent(filepath.Join(watch.path, name), watch.names[name]&sysFSIGNORED)
+		delete(watch.names, name)
+	}
+	return w.startRead(watch)
+}
+
+// Must run within the I/O thread.
+func (w *Watcher) deleteWatch(watch *watch) {
+	for name, mask := range watch.names {
+		if mask&provisional == 0 {
+			w.sendEvent(filepath.Join(watch.path, name), mask&sysFSIGNORED)
+		}
+		delete(watch.names, name)
+	}
+	if watch.mask != 0 {
+		if watch.mask&provisional == 0 {
+			w.sendEvent(watch.path, watch.mask&sysFSIGNORED)
+		}
+		watch.mask = 0
+	}
+}
+
+// Must run within the I/O thread.
+func (w *Watcher) startRead(watch *watch) error {
+	if e := syscall.CancelIo(watch.ino.handle); e != nil {
+		w.Errors <- os.NewSyscallError("CancelIo", e)
+		w.deleteWatch(watch)
+	}
+	mask := toWindowsFlags(watch.mask)
+	for _, m := range watch.names {
+		mask |= toWindowsFlags(m)
+	}
+	if mask == 0 {
+		if e := syscall.CloseHandle(watch.ino.handle); e != nil {
+			w.Errors <- os.NewSyscallError("CloseHandle", e)
+		}
+		w.mu.Lock()
+		delete(w.watches[watch.ino.volume], watch.ino.index)
+		w.mu.Unlock()
+		return nil
+	}
+	e := syscall.ReadDirectoryChanges(watch.ino.handle, &watch.buf[0],
+		uint32(unsafe.Sizeof(watch.buf)), false, mask, nil, &watch.ov, 0)
+	if e != nil {
+		err := os.NewSyscallError("ReadDirectoryChanges", e)
+		if e == syscall.ERROR_ACCESS_DENIED && watch.mask&provisional == 0 {
+			// Watched directory was probably removed
+			if w.sendEvent(watch.path, watch.mask&sysFSDELETESELF) {
+				if watch.mask&sysFSONESHOT != 0 {
+					watch.mask = 0
+				}
+			}
+			err = nil
+		}
+		w.deleteWatch(watch)
+		w.startRead(watch)
+		return err
+	}
+	return nil
+}
+
+// readEvents reads from the I/O completion port, converts the
+// received events into Event objects and sends them via the Events channel.
+// Entry point to the I/O thread.
+func (w *Watcher) readEvents() {
+	var (
+		n, key uint32
+		ov     *syscall.Overlapped
+	)
+	runtime.LockOSThread()
+
+	for {
+		e := syscall.GetQueuedCompletionStatus(w.port, &n, &key, &ov, syscall.INFINITE)
+		watch := (*watch)(unsafe.Pointer(ov))
+
+		if watch == nil {
+			select {
+			case ch := <-w.quit:
+				w.mu.Lock()
+				var indexes []indexMap
+				for _, index := range w.watches {
+					indexes = append(indexes, index)
+				}
+				w.mu.Unlock()
+				for _, index := range indexes {
+					for _, watch := range index {
+						w.deleteWatch(watch)
+						w.startRead(watch)
+					}
+				}
+				var err error
+				if e := syscall.CloseHandle(w.port); e != nil {
+					err = os.NewSyscallError("CloseHandle", e)
+				}
+				close(w.Events)
+				close(w.Errors)
+				ch <- err
+				return
+			case in := <-w.input:
+				switch in.op {
+				case opAddWatch:
+					in.reply <- w.addWatch(in.path, uint64(in.flags))
+				case opRemoveWatch:
+					in.reply <- w.remWatch(in.path)
+				}
+			default:
+			}
+			continue
+		}
+
+		switch e {
+		case syscall.ERROR_MORE_DATA:
+			if watch == nil {
+				w.Errors <- errors.New("ERROR_MORE_DATA has unexpectedly null lpOverlapped buffer")
+			} else {
+				// The i/o succeeded but the buffer is full.
+				// In theory we should be building up a full packet.
+				// In practice we can get away with just carrying on.
+				n = uint32(unsafe.Sizeof(watch.buf))
+			}
+		case syscall.ERROR_ACCESS_DENIED:
+			// Watched directory was probably removed
+			w.sendEvent(watch.path, watch.mask&sysFSDELETESELF)
+			w.deleteWatch(watch)
+			w.startRead(watch)
+			continue
+		case syscall.ERROR_OPERATION_ABORTED:
+			// CancelIo was called on this handle
+			continue
+		default:
+			w.Errors <- os.NewSyscallError("GetQueuedCompletionPort", e)
+			continue
+		case nil:
+		}
+
+		var offset uint32
+		for {
+			if n == 0 {
+				w.Events <- newEvent("", sysFSQOVERFLOW)
+				w.Errors <- errors.New("short read in readEvents()")
+				break
+			}
+
+			// Point "raw" to the event in the buffer
+			raw := (*syscall.FileNotifyInformation)(unsafe.Pointer(&watch.buf[offset]))
+			buf := (*[syscall.MAX_PATH]uint16)(unsafe.Pointer(&raw.FileName))
+			name := syscall.UTF16ToString(buf[:raw.FileNameLength/2])
+			fullname := filepath.Join(watch.path, name)
+
+			var mask uint64
+			switch raw.Action {
+			case syscall.FILE_ACTION_REMOVED:
+				mask = sysFSDELETESELF
+			case syscall.FILE_ACTION_MODIFIED:
+				mask = sysFSMODIFY
+			case syscall.FILE_ACTION_RENAMED_OLD_NAME:
+				watch.rename = name
+			case syscall.FILE_ACTION_RENAMED_NEW_NAME:
+				if watch.names[watch.rename] != 0 {
+					watch.names[name] |= watch.names[watch.rename]
+					delete(watch.names, watch.rename)
+					mask = sysFSMOVESELF
+				}
+			}
+
+			sendNameEvent := func() {
+				if w.sendEvent(fullname, watch.names[name]&mask) {
+					if watch.names[name]&sysFSONESHOT != 0 {
+						delete(watch.names, name)
+					}
+				}
+			}
+			if raw.Action != syscall.FILE_ACTION_RENAMED_NEW_NAME {
+				sendNameEvent()
+			}
+			if raw.Action == syscall.FILE_ACTION_REMOVED {
+				w.sendEvent(fullname, watch.names[name]&sysFSIGNORED)
+				delete(watch.names, name)
+			}
+			if w.sendEvent(fullname, watch.mask&toFSnotifyFlags(raw.Action)) {
+				if watch.mask&sysFSONESHOT != 0 {
+					watch.mask = 0
+				}
+			}
+			if raw.Action == syscall.FILE_ACTION_RENAMED_NEW_NAME {
+				fullname = filepath.Join(watch.path, watch.rename)
+				sendNameEvent()
+			}
+
+			// Move to the next event in the buffer
+			if raw.NextEntryOffset == 0 {
+				break
+			}
+			offset += raw.NextEntryOffset
+
+			// Error!
+			if offset >= n {
+				w.Errors <- errors.New("Windows system assumed buffer larger than it is, events have likely been missed.")
+				break
+			}
+		}
+
+		if err := w.startRead(watch); err != nil {
+			w.Errors <- err
+		}
+	}
+}
+
+func (w *Watcher) sendEvent(name string, mask uint64) bool {
+	if mask == 0 {
+		return false
+	}
+	event := newEvent(name, uint32(mask))
+	select {
+	case ch := <-w.quit:
+		w.quit <- ch
+	case w.Events <- event:
+	}
+	return true
+}
+
+func toWindowsFlags(mask uint64) uint32 {
+	var m uint32
+	if mask&sysFSACCESS != 0 {
+		m |= syscall.FILE_NOTIFY_CHANGE_LAST_ACCESS
+	}
+	if mask&sysFSMODIFY != 0 {
+		m |= syscall.FILE_NOTIFY_CHANGE_LAST_WRITE
+	}
+	if mask&sysFSATTRIB != 0 {
+		m |= syscall.FILE_NOTIFY_CHANGE_ATTRIBUTES
+	}
+	if mask&(sysFSMOVE|sysFSCREATE|sysFSDELETE) != 0 {
+		m |= syscall.FILE_NOTIFY_CHANGE_FILE_NAME | syscall.FILE_NOTIFY_CHANGE_DIR_NAME
+	}
+	return m
+}
+
+func toFSnotifyFlags(action uint32) uint64 {
+	switch action {
+	case syscall.FILE_ACTION_ADDED:
+		return sysFSCREATE
+	case syscall.FILE_ACTION_REMOVED:
+		return sysFSDELETE
+	case syscall.FILE_ACTION_MODIFIED:
+		return sysFSMODIFY
+	case syscall.FILE_ACTION_RENAMED_OLD_NAME:
+		return sysFSMOVEDFROM
+	case syscall.FILE_ACTION_RENAMED_NEW_NAME:
+		return sysFSMOVEDTO
+	}
+	return 0
+}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index d267f948..46b226d6 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -103,6 +103,8 @@ github.com/equinox-io/equinox/proto
 github.com/facebookgo/grace/gracenet
 # github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568
 github.com/flynn/go-shlex
+# github.com/fsnotify/fsnotify v1.4.9
+github.com/fsnotify/fsnotify
 # github.com/getsentry/raven-go v0.0.0-20180517221441-ed7bcb39ff10
 github.com/getsentry/raven-go
 # github.com/gliderlabs/ssh v0.0.0-20191009160644-63518b5243e0
diff --git a/watcher/file.go b/watcher/file.go
new file mode 100644
index 00000000..59f2a943
--- /dev/null
+++ b/watcher/file.go
@@ -0,0 +1,58 @@
+package watcher
+
+import (
+	"github.com/fsnotify/fsnotify"
+)
+
+// File is a file watcher that notifies when a file has been changed
+type File struct {
+	watcher  *fsnotify.Watcher
+	shutdown chan struct{}
+}
+
+// NewFile is a standard constructor
+func NewFile() (*File, error) {
+	watcher, err := fsnotify.NewWatcher()
+	if err != nil {
+		return nil, err
+	}
+	f := &File{
+		watcher:  watcher,
+		shutdown: make(chan struct{}),
+	}
+	return f, nil
+}
+
+// Add adds a file to start watching
+func (f *File) Add(filepath string) error {
+	return f.watcher.Add(filepath)
+}
+
+// Shutdown stop the file watching run loop
+func (f *File) Shutdown() {
+	f.shutdown <- struct{}{}
+}
+
+// Start is a runloop to watch for files changes from the file paths added from Add()
+func (f *File) Start(notifier Notification) {
+	for {
+		select {
+		case event, ok := <-f.watcher.Events:
+			if !ok {
+				return
+			}
+			if event.Op&fsnotify.Write == fsnotify.Write {
+				notifier.WatcherItemDidChange(event.Name)
+			}
+		case err, ok := <-f.watcher.Errors:
+			if !ok {
+				return
+			}
+			notifier.WatcherDidError(err)
+
+		case <-f.shutdown:
+			f.watcher.Close()
+			return
+		}
+	}
+}
diff --git a/watcher/file_test.go b/watcher/file_test.go
new file mode 100644
index 00000000..ab09fe42
--- /dev/null
+++ b/watcher/file_test.go
@@ -0,0 +1,54 @@
+package watcher
+
+import (
+	"bufio"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+type mockNotifier struct {
+	eventPath string
+}
+
+func (n *mockNotifier) WatcherItemDidChange(path string) {
+	n.eventPath = path
+}
+
+func (n *mockNotifier) WatcherDidError(err error) {
+}
+
+func TestFileChanged(t *testing.T) {
+	filePath := "test_file"
+	f, err := os.Create(filePath)
+	assert.NoError(t, err)
+	defer func() {
+		f.Close()
+		os.Remove(filePath)
+	}()
+
+	service, err := NewFile()
+	assert.NoError(t, err)
+
+	err = service.Add(filePath)
+	assert.NoError(t, err)
+
+	n := &mockNotifier{}
+	go service.Start(n)
+
+	f.Sync()
+
+	w := bufio.NewWriter(f)
+	_, err = w.WriteString("hello Austin, do you like my file watcher?\n")
+	assert.NoError(t, err)
+	err = w.Flush()
+	assert.NoError(t, err)
+
+	// give it time to trigger
+	time.Sleep(10 * time.Millisecond)
+	service.Shutdown()
+
+	assert.Equal(t, filePath, n.eventPath, "notifier didn't get an new file write event")
+}
diff --git a/watcher/notify.go b/watcher/notify.go
new file mode 100644
index 00000000..8e45d10e
--- /dev/null
+++ b/watcher/notify.go
@@ -0,0 +1,14 @@
+package watcher
+
+// Notification is the delegate methods from the Notifier
+type Notification interface {
+	WatcherItemDidChange(string)
+	WatcherDidError(error)
+}
+
+// Notifier is the base interface for file watching
+type Notifier interface {
+	Start(Notification)
+	Add(string) error
+	Shutdown()
+}

From dd0881f32b838c54557cd4d553d4e124ca646bd9 Mon Sep 17 00:00:00 2001
From: Igor Postelnik <igor@cloudflare.com>
Date: Thu, 30 Apr 2020 00:02:08 -0500
Subject: [PATCH 044/100] TUN-2940: Added delay parameter to stdin reconnect
 command.

---
 cmd/cloudflared/tunnel/cmd.go | 26 ++++++++++++++++++++++----
 origin/external_control.go    | 21 +++++++++++++++++++++
 origin/supervisor.go          |  8 ++++----
 origin/tunnel.go              | 25 +++++++++++++++----------
 sshlog/logger_test.go         |  2 +-
 5 files changed, 63 insertions(+), 19 deletions(-)
 create mode 100644 origin/external_control.go

diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index 9e940126..e2a6488c 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -11,6 +11,7 @@ import (
 	"reflect"
 	"runtime"
 	"runtime/trace"
+	"strings"
 	"sync"
 	"time"
 
@@ -421,7 +422,7 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 		return err
 	}
 
-	reconnectCh := make(chan struct{}, 1)
+	reconnectCh := make(chan origin.ReconnectSignal, 1)
 	if c.IsSet("stdin-control") {
 		logger.Warn("Enabling control through stdin")
 		go stdinControl(reconnectCh)
@@ -1112,17 +1113,34 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 	}
 }
 
-func stdinControl(reconnectCh chan struct{}) {
+func stdinControl(reconnectCh chan origin.ReconnectSignal) {
 	for {
 		scanner := bufio.NewScanner(os.Stdin)
 		for scanner.Scan() {
 			command := scanner.Text()
+			parts := strings.SplitN(command, " ", 2)
 
-			switch command {
+			switch parts[0] {
+			case "":
+				break
 			case "reconnect":
-				reconnectCh <- struct{}{}
+				var reconnect origin.ReconnectSignal
+				if len(parts) > 1 {
+					var err error
+					if reconnect.Delay, err = time.ParseDuration(parts[1]); err != nil {
+						logger.Error(err.Error())
+						continue
+					}
+				}
+				logger.Infof("Sending reconnect signal %+v", reconnect)
+				reconnectCh <- reconnect
 			default:
 				logger.Warn("Unknown command: ", command)
+				fallthrough
+			case "help":
+				logger.Info(`Supported command: 
+reconnect [delay] 
+- restarts one randomly chosen connection with optional delay before reconnect`)
 			}
 		}
 	}
diff --git a/origin/external_control.go b/origin/external_control.go
new file mode 100644
index 00000000..d59759ed
--- /dev/null
+++ b/origin/external_control.go
@@ -0,0 +1,21 @@
+package origin
+
+import (
+	"time"
+)
+
+type ReconnectSignal struct {
+	// wait this many seconds before re-establish the connection
+	Delay time.Duration
+}
+
+// Error allows us to use ReconnectSignal as a special error to force connection abort
+func (r *ReconnectSignal) Error() string {
+	return "reconnect signal"
+}
+
+func (r *ReconnectSignal) DelayBeforeReconnect() {
+	if r.Delay > 0 {
+		time.Sleep(r.Delay)
+	}
+}
diff --git a/origin/supervisor.go b/origin/supervisor.go
index 37bb0577..cd21b57f 100644
--- a/origin/supervisor.go
+++ b/origin/supervisor.go
@@ -105,7 +105,7 @@ func NewSupervisor(config *TunnelConfig, u uuid.UUID) (*Supervisor, error) {
 	}, nil
 }
 
-func (s *Supervisor) Run(ctx context.Context, connectedSignal *signal.Signal, reconnectCh chan struct{}) error {
+func (s *Supervisor) Run(ctx context.Context, connectedSignal *signal.Signal, reconnectCh chan ReconnectSignal) error {
 	logger := s.config.Logger
 	if err := s.initialize(ctx, connectedSignal, reconnectCh); err != nil {
 		return err
@@ -191,7 +191,7 @@ func (s *Supervisor) Run(ctx context.Context, connectedSignal *signal.Signal, re
 }
 
 // Returns nil if initialization succeeded, else the initialization error.
-func (s *Supervisor) initialize(ctx context.Context, connectedSignal *signal.Signal, reconnectCh chan struct{}) error {
+func (s *Supervisor) initialize(ctx context.Context, connectedSignal *signal.Signal, reconnectCh chan ReconnectSignal) error {
 	logger := s.logger
 
 	s.lastResolve = time.Now()
@@ -221,7 +221,7 @@ func (s *Supervisor) initialize(ctx context.Context, connectedSignal *signal.Sig
 
 // startTunnel starts the first tunnel connection. The resulting error will be sent on
 // s.tunnelErrors. It will send a signal via connectedSignal if registration succeed
-func (s *Supervisor) startFirstTunnel(ctx context.Context, connectedSignal *signal.Signal, reconnectCh chan struct{}) {
+func (s *Supervisor) startFirstTunnel(ctx context.Context, connectedSignal *signal.Signal, reconnectCh chan ReconnectSignal) {
 	var (
 		addr *net.TCPAddr
 		err  error
@@ -265,7 +265,7 @@ func (s *Supervisor) startFirstTunnel(ctx context.Context, connectedSignal *sign
 
 // startTunnel starts a new tunnel connection. The resulting error will be sent on
 // s.tunnelErrors.
-func (s *Supervisor) startTunnel(ctx context.Context, index int, connectedSignal *signal.Signal, reconnectCh chan struct{}) {
+func (s *Supervisor) startTunnel(ctx context.Context, index int, connectedSignal *signal.Signal, reconnectCh chan ReconnectSignal) {
 	var (
 		addr *net.TCPAddr
 		err  error
diff --git a/origin/tunnel.go b/origin/tunnel.go
index bc4b9c50..a373ee22 100644
--- a/origin/tunnel.go
+++ b/origin/tunnel.go
@@ -179,7 +179,7 @@ func (c *TunnelConfig) SupportedFeatures() []string {
 	return basic
 }
 
-func StartTunnelDaemon(ctx context.Context, config *TunnelConfig, connectedSignal *signal.Signal, cloudflaredID uuid.UUID, reconnectCh chan struct{}) error {
+func StartTunnelDaemon(ctx context.Context, config *TunnelConfig, connectedSignal *signal.Signal, cloudflaredID uuid.UUID, reconnectCh chan ReconnectSignal) error {
 	s, err := NewSupervisor(config, cloudflaredID)
 	if err != nil {
 		return err
@@ -195,7 +195,7 @@ func ServeTunnelLoop(ctx context.Context,
 	connectedSignal *signal.Signal,
 	u uuid.UUID,
 	bufferPool *buffer.Pool,
-	reconnectCh chan struct{},
+	reconnectCh chan ReconnectSignal,
 ) error {
 	connectionLogger := config.Logger.WithField("connectionID", connectionID)
 	config.Metrics.incrementHaConnections()
@@ -244,7 +244,7 @@ func ServeTunnel(
 	backoff *BackoffHandler,
 	u uuid.UUID,
 	bufferPool *buffer.Pool,
-	reconnectCh chan struct{},
+	reconnectCh chan ReconnectSignal,
 ) (err error, recoverable bool) {
 	// Treat panics as recoverable errors
 	defer func() {
@@ -332,13 +332,14 @@ func ServeTunnel(
 	})
 
 	errGroup.Go(func() error {
-		select {
-		case <-reconnectCh:
-			return fmt.Errorf("received disconnect signal")
-		case <-serveCtx.Done():
-			return nil
+		for {
+			select {
+			case reconnect := <-reconnectCh:
+				return &reconnect
+			case <-serveCtx.Done():
+				return nil
+			}
 		}
-
 	})
 
 	errGroup.Go(func() error {
@@ -372,7 +373,11 @@ func ServeTunnel(
 			logger.WithError(castedErr.cause).Error("Register tunnel error on client side")
 			return err, true
 		case muxerShutdownError:
-			logger.Infof("Muxer shutdown")
+			logger.Info("Muxer shutdown")
+			return err, true
+		case *ReconnectSignal:
+			logger.Warnf("Restarting due to reconnect signal in %d seconds", castedErr.Delay)
+			castedErr.DelayBeforeReconnect()
 			return err, true
 		default:
 			logger.WithError(err).Error("Serve tunnel error")
diff --git a/sshlog/logger_test.go b/sshlog/logger_test.go
index e0a047be..4e08a504 100644
--- a/sshlog/logger_test.go
+++ b/sshlog/logger_test.go
@@ -32,7 +32,7 @@ func createLogger(t *testing.T) *Logger {
 //	}()
 //
 //	logger.Write([]byte(testStr))
-//	time.Sleep(2 * time.Millisecond)
+//	time.DelayBeforeReconnect(2 * time.Millisecond)
 //	data, err := ioutil.ReadFile(logFileName)
 //	if err != nil {
 //		t.Fatal("couldn't read the log file!", err)

From 2cf327ba0184a60760ea12daf9da85a0f53dff91 Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Fri, 1 May 2020 15:59:52 -0500
Subject: [PATCH 045/100] TUN-2943: Copy certutil from edge into cloudflared

---
 certutil/certutil.go                          |   94 +
 certutil/certutil_test.go                     |   67 +
 certutil/test-argo-tunnel-cert-json.pem       |   57 +
 certutil/test-argo-tunnel-cert.pem            |   56 +
 certutil/test-cert-no-key.pem                 |   33 +
 certutil/test-cert-two-certificates.pem       |   85 +
 certutil/test-cert-unknown-block.pem          |   89 +
 certutil/test-cert.pem                        |   61 +
 go.mod                                        |    6 +-
 go.sum                                        |   44 +
 .../github.com/certifi/gocertifi/.travis.yml  |   13 +
 vendor/github.com/certifi/gocertifi/LICENSE   |  376 +-
 vendor/github.com/certifi/gocertifi/README.md |   20 +-
 .../github.com/certifi/gocertifi/certifi.go   |  885 +-
 vendor/github.com/certifi/gocertifi/go.mod    |    3 +
 vendor/github.com/certifi/gocertifi/tasks.py  |   20 -
 vendor/github.com/cloudflare/cfssl/LICENSE    |   24 +
 vendor/github.com/cloudflare/cfssl/log/log.go |   98 +
 .../cloudflare/cfssl/revoke/revoke.go         |  146 +
 .../golang.org/x/text/transform/transform.go  |    6 +-
 vendor/golang.org/x/text/unicode/bidi/bidi.go |    2 +-
 .../golang.org/x/text/unicode/bidi/bracket.go |    4 +-
 vendor/golang.org/x/text/unicode/bidi/core.go |    2 +-
 .../x/text/unicode/bidi/tables10.0.0.go       |    2 +-
 .../x/text/unicode/bidi/tables11.0.0.go       | 1887 ----
 .../x/text/unicode/norm/composition.go        |    8 +-
 .../x/text/unicode/norm/forminfo.go           |   19 -
 vendor/golang.org/x/text/unicode/norm/iter.go |    3 +-
 .../x/text/unicode/norm/normalize.go          |    4 +-
 .../x/text/unicode/norm/readwriter.go         |    4 +-
 .../x/text/unicode/norm/tables10.0.0.go       | 1892 ++--
 .../x/text/unicode/norm/tables11.0.0.go       | 7693 -----------------
 .../x/text/unicode/norm/tables9.0.0.go        | 1890 ++--
 .../x/text/unicode/norm/transform.go          |   10 +-
 vendor/modules.txt                            |    7 +-
 35 files changed, 3720 insertions(+), 11890 deletions(-)
 create mode 100644 certutil/certutil.go
 create mode 100644 certutil/certutil_test.go
 create mode 100644 certutil/test-argo-tunnel-cert-json.pem
 create mode 100644 certutil/test-argo-tunnel-cert.pem
 create mode 100644 certutil/test-cert-no-key.pem
 create mode 100644 certutil/test-cert-two-certificates.pem
 create mode 100644 certutil/test-cert-unknown-block.pem
 create mode 100644 certutil/test-cert.pem
 create mode 100644 vendor/github.com/certifi/gocertifi/.travis.yml
 create mode 100644 vendor/github.com/certifi/gocertifi/go.mod
 delete mode 100644 vendor/github.com/certifi/gocertifi/tasks.py
 create mode 100644 vendor/github.com/cloudflare/cfssl/LICENSE
 create mode 100644 vendor/github.com/cloudflare/cfssl/log/log.go
 create mode 100644 vendor/github.com/cloudflare/cfssl/revoke/revoke.go
 delete mode 100644 vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go
 delete mode 100644 vendor/golang.org/x/text/unicode/norm/tables11.0.0.go

diff --git a/certutil/certutil.go b/certutil/certutil.go
new file mode 100644
index 00000000..e3b48c62
--- /dev/null
+++ b/certutil/certutil.go
@@ -0,0 +1,94 @@
+package certutil
+
+import (
+	"crypto/x509"
+	"encoding/json"
+	"encoding/pem"
+	"fmt"
+	"strings"
+)
+
+type namedTunnelToken struct {
+	ZoneID     string `json:"zoneID"`
+	AccountID  string `json:"accountID"`
+	ServiceKey string `json:"serviceKey"`
+}
+
+type OriginCert struct {
+	PrivateKey interface{}
+	Cert       *x509.Certificate
+	ZoneID     string
+	ServiceKey string
+	AccountID  string
+}
+
+func DecodeOriginCert(blocks []byte) (*OriginCert, error) {
+	if len(blocks) == 0 {
+		return nil, fmt.Errorf("Cannot decode empty certificate")
+	}
+	originCert := OriginCert{}
+	block, rest := pem.Decode(blocks)
+	for {
+		if block == nil {
+			break
+		}
+		switch block.Type {
+		case "PRIVATE KEY":
+			if originCert.PrivateKey != nil {
+				return nil, fmt.Errorf("Found multiple private key in the certificate")
+			}
+			// RSA private key
+			privateKey, err := x509.ParsePKCS8PrivateKey(block.Bytes)
+			if err != nil {
+				return nil, fmt.Errorf("Cannot parse private key")
+			}
+			originCert.PrivateKey = privateKey
+		case "CERTIFICATE":
+			if originCert.Cert != nil {
+				return nil, fmt.Errorf("Found multiple certificates in the certificate")
+			}
+			cert, err := x509.ParseCertificates(block.Bytes)
+			if err != nil {
+				return nil, fmt.Errorf("Cannot parse certificate")
+			} else if len(cert) > 1 {
+				return nil, fmt.Errorf("Found multiple certificates in the certificate")
+			}
+			originCert.Cert = cert[0]
+		case "WARP TOKEN", "ARGO TUNNEL TOKEN":
+			if originCert.ZoneID != "" || originCert.ServiceKey != "" {
+				return nil, fmt.Errorf("Found multiple tokens in the certificate")
+			}
+			// The token is a string,
+			// Try the newer JSON format
+			ntt := namedTunnelToken{}
+			if err := json.Unmarshal(block.Bytes, &ntt); err == nil {
+				originCert.ZoneID = ntt.ZoneID
+				originCert.ServiceKey = ntt.ServiceKey
+				originCert.AccountID = ntt.AccountID
+			} else {
+				// Try the older format, where the zoneID and service key are seperated by
+				// a new line character
+				token := string(block.Bytes)
+				s := strings.Split(token, "\n")
+				if len(s) != 2 {
+					return nil, fmt.Errorf("Cannot parse token")
+				}
+				originCert.ZoneID = s[0]
+				originCert.ServiceKey = s[1]
+			}
+		default:
+			return nil, fmt.Errorf("Unknown block %s in the certificate", block.Type)
+		}
+		block, rest = pem.Decode(rest)
+	}
+
+	if originCert.PrivateKey == nil {
+		return nil, fmt.Errorf("Missing private key in the certificate")
+	} else if originCert.Cert == nil {
+		return nil, fmt.Errorf("Missing certificate in the certificate")
+	} else if originCert.ZoneID == "" || originCert.ServiceKey == "" {
+		return nil, fmt.Errorf("Missing token in the certificate")
+	}
+
+	return &originCert, nil
+}
diff --git a/certutil/certutil_test.go b/certutil/certutil_test.go
new file mode 100644
index 00000000..26b13f5d
--- /dev/null
+++ b/certutil/certutil_test.go
@@ -0,0 +1,67 @@
+package certutil
+
+import (
+	"fmt"
+	"io/ioutil"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestLoadOriginCert(t *testing.T) {
+	cert, err := DecodeOriginCert([]byte{})
+	assert.Equal(t, fmt.Errorf("Cannot decode empty certificate"), err)
+	assert.Nil(t, cert)
+
+	blocks, err := ioutil.ReadFile("test-cert-no-key.pem")
+	assert.Nil(t, err)
+	cert, err = DecodeOriginCert(blocks)
+	assert.Equal(t, fmt.Errorf("Missing private key in the certificate"), err)
+	assert.Nil(t, cert)
+
+	blocks, err = ioutil.ReadFile("test-cert-two-certificates.pem")
+	assert.Nil(t, err)
+	cert, err = DecodeOriginCert(blocks)
+	assert.Equal(t, fmt.Errorf("Found multiple certificates in the certificate"), err)
+	assert.Nil(t, cert)
+
+	blocks, err = ioutil.ReadFile("test-cert-unknown-block.pem")
+	assert.Nil(t, err)
+	cert, err = DecodeOriginCert(blocks)
+	assert.Equal(t, fmt.Errorf("Unknown block RSA PRIVATE KEY in the certificate"), err)
+	assert.Nil(t, cert)
+
+	blocks, err = ioutil.ReadFile("test-cert.pem")
+	assert.Nil(t, err)
+	cert, err = DecodeOriginCert(blocks)
+	assert.Nil(t, err)
+	assert.NotNil(t, cert)
+	assert.Equal(t, "7b0a4d77dfb881c1a3b7d61ea9443e19", cert.ZoneID)
+	key := "v1.0-58bd4f9e28f7b3c28e05a35ff3e80ab4fd9644ef3fece537eb0d12e2e9258217-183442fbb0bbdb3e571558fec9b5589ebd77aafc87498ee3f09f64a4ad79ffe8791edbae08b36c1d8f1d70a8670de56922dff92b15d214a524f4ebfa1958859e-7ce80f79921312a6022c5d25e2d380f82ceaefe3fbdc43dd13b080e3ef1e26f7"
+	assert.Equal(t, key, cert.ServiceKey)
+}
+
+func TestNewlineArgoTunnelToken(t *testing.T) {
+	ArgoTunnelTokenTest(t, "test-argo-tunnel-cert.pem")
+}
+
+func TestJSONArgoTunnelToken(t *testing.T) {
+	// The given cert's Argo Tunnel Token was generated by base64 encoding this JSON:
+	// {
+	// "zoneID": "7b0a4d77dfb881c1a3b7d61ea9443e19",
+	// "serviceKey": "test-service-key",
+	// "accountID": "abcdabcdabcdabcd1234567890abcdef"
+	// }
+	ArgoTunnelTokenTest(t, "test-argo-tunnel-cert-json.pem")
+}
+
+func ArgoTunnelTokenTest(t *testing.T, path string) {
+	blocks, err := ioutil.ReadFile(path)
+	assert.Nil(t, err)
+	cert, err := DecodeOriginCert(blocks)
+	assert.Nil(t, err)
+	assert.NotNil(t, cert)
+	assert.Equal(t, "7b0a4d77dfb881c1a3b7d61ea9443e19", cert.ZoneID)
+	key := "test-service-key"
+	assert.Equal(t, key, cert.ServiceKey)
+}
diff --git a/certutil/test-argo-tunnel-cert-json.pem b/certutil/test-argo-tunnel-cert-json.pem
new file mode 100644
index 00000000..6755cff4
--- /dev/null
+++ b/certutil/test-argo-tunnel-cert-json.pem
@@ -0,0 +1,57 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCfGswL16Fz9Ei3
+sAg5AmBizoN2nZdyXHP8T57UxUMcrlJXEEXCVS5RR4m9l+EmK0ng6yHR1H5oX1Lg
+1WKyXgWwr0whwmdTD+qWFJW2M8HyefyBKLrsGPuxw4CVYT0h72bxtG0uyrXYh7Mt
+z0lHjGV90qrFpq5o0jx0sLbDlDvpFPbIO58uYzKG4Sn2VTC4rOyXPE6SuDvMHIeX
+6Ekw4wSVQ9eTbksLQqTyxSqM3zp2ygc56SjGjy1nGQT8ZBGFzSbZAzNOxVKrUsyS
+x7LzZVl+zCGCPlQwaYLKObKXadZJmrqSFmErC5jcbVgBz7oJQOglHJ2n0sMcZ+Ja
+1Y649mPVAgMBAAECggEAEbPF0ah9fH0IzTU/CPbIeh3flyY8GDuMpR1HvwUurSWB
+IFI9bLyVAXKb8vYP1TMaTnXi5qmFof+/JShgyZc3+1tZtWTfoaiC8Y1bRfE2yk+D
+xmwddhDmijYGG7i8uEaeddSdFEh2GKAqkbV/QgBvN2Nl4EVmIOAJXXNe9l5LFyjy
+sR10aNVJRYV1FahrCTwZ3SovHP4d4AUvHh/3FFZDukHc37CFA0+CcR4uehp5yedi
+2UdqaszXqunFo/3h+Tn9dW2C7gTTZx4+mfyaws3p3YOmdYArXvpejxHIc0FGwLBm
+sb9K7wGVUiF0Bt0ch+C1mdYrCaFNHnPuDswjmm3FwQKBgQDYtxOwwSLA6ZyppozX
+Doyx9a7PhiMHCFKSdVB4l8rpK545a+AmpG6LRScTtBsMTHBhT3IQ3QPWlVm1AhjF
+AvXMa1rOeaGbCbDn1xqEoEVPtj4tys8eTfyWmtU73jWTFauOt4/xpf/urEpg91xj
+m+Gl/8qgBrpm5rQxV5Y4MysRlQKBgQC78jzzlhocXGNvw0wT/K2NsknyeoZXqpIE
+QYL60FMl4geZn6w9hwxaL1r+g/tUjTnpBPQtS1r2Ed2gXby5zspN1g/PW8U3t3to
+P7zHIJ/sLBXrCh5RJko3hUgGhDNOOCIQj4IaKUfvHYvEIbIxlyI0vdsXsgXgMuQ8
+pb9Yifn5QQKBgQCmGu0EtYQlyOlDP10EGSrN3Dm45l9CrKZdi326cN4eCkikSoLs
+G2x/YumouItiydP5QiNzuXOPrbmse4bwumwb2s0nJSMw6iSmDsFMlmuJxW2zO5e0
+6qGH7fUyhgcaTanJIfk6hrm7/mKkH/S4hGpYCc8NCRsmc/35M+D4AoAoYQKBgQC0
+LWpZaxDlF30MbAHHN3l6We2iU+vup0sMYXGb2ZOcwa/fir+ozIr++l8VmJmdWTan
+OWSM96zgMghx8Os4hhJTxF+rvqK242OfcVsc2x31X94zUaP2z+peh5uhA6Pb3Nxr
+W+iyA9k+Vujiwhr+h5D3VvtvH++aG6/KpGtoCf5nAQKBgQDXX2+d7bd5CLNLLFNd
+M2i4QoOFcSKIG+v4SuvgEJHgG8vGvxh2qlSxnMWuPV+7/1P5ATLqDj1PlKms+BNR
+y7sc5AT9PclkL3Y9MNzOu0LXyBkGYcl8M0EQfLv9VPbWT+NXiMg/O2CHiT02pAAz
+uQicoQq3yzeQh20wtrtaXzTNmA==
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIID+jCCA6CgAwIBAgIUJhFxUKEGvTRc3CjCok6dbPGH/P4wCgYIKoZIzj0EAwIw
+gagxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTgwNgYD
+VQQLEy9DbG91ZEZsYXJlIE9yaWdpbiBTU0wgRUNDIENlcnRpZmljYXRlIEF1dGhv
+cml0eTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5p
+YTEXMBUGA1UEAxMOKGRldiB1c2Ugb25seSkwHhcNMTcxMDEzMTM1OTAwWhcNMzIx
+MDA5MTM1OTAwWjBiMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMR0wGwYDVQQL
+ExRDbG91ZEZsYXJlIE9yaWdpbiBDQTEmMCQGA1UEAxMdQ2xvdWRGbGFyZSBPcmln
+aW4gQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf
+GswL16Fz9Ei3sAg5AmBizoN2nZdyXHP8T57UxUMcrlJXEEXCVS5RR4m9l+EmK0ng
+6yHR1H5oX1Lg1WKyXgWwr0whwmdTD+qWFJW2M8HyefyBKLrsGPuxw4CVYT0h72bx
+tG0uyrXYh7Mtz0lHjGV90qrFpq5o0jx0sLbDlDvpFPbIO58uYzKG4Sn2VTC4rOyX
+PE6SuDvMHIeX6Ekw4wSVQ9eTbksLQqTyxSqM3zp2ygc56SjGjy1nGQT8ZBGFzSbZ
+AzNOxVKrUsySx7LzZVl+zCGCPlQwaYLKObKXadZJmrqSFmErC5jcbVgBz7oJQOgl
+HJ2n0sMcZ+Ja1Y649mPVAgMBAAGjggEgMIIBHDAOBgNVHQ8BAf8EBAMCBaAwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUzA6f2Ajq
+zhX67c6piY2a1uTiUkwwHwYDVR0jBBgwFoAU2qfBlqxKMZnf0QeTeYiMelfqJfgw
+RAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzABhihodHRwOi8vb2NzcC5jbG91ZGZs
+YXJlLmNvbS9vcmlnaW5fZWNjX2NhMCMGA1UdEQQcMBqCDCouYXJub2xkLmNvbYIK
+YXJub2xkLmNvbTA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmNsb3VkZmxh
+cmUuY29tL29yaWdpbl9lY2NfY2EuY3JsMAoGCCqGSM49BAMCA0gAMEUCIDV7HoMj
+K5rShE/l+90YAOzHC89OH/wUz3I5KYOFuehoAiEA8e92aIf9XBkr0K6EvFCiSsD+
+x+Yo/cL8fGfVpPt4UM8=
+-----END CERTIFICATE-----
+-----BEGIN ARGO TUNNEL TOKEN-----
+eyJ6b25lSUQiOiAiN2IwYTRkNzdkZmI4ODFjMWEzYjdkNjFlYTk0NDNlMTkiLCAi
+c2VydmljZUtleSI6ICJ0ZXN0LXNlcnZpY2Uta2V5IiwgImFjY291bnRJRCI6ICJh
+YmNkYWJjZGFiY2RhYmNkMTIzNDU2Nzg5MGFiY2RlZiJ9
+-----END ARGO TUNNEL TOKEN-----
diff --git a/certutil/test-argo-tunnel-cert.pem b/certutil/test-argo-tunnel-cert.pem
new file mode 100644
index 00000000..1a3397ac
--- /dev/null
+++ b/certutil/test-argo-tunnel-cert.pem
@@ -0,0 +1,56 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCfGswL16Fz9Ei3
+sAg5AmBizoN2nZdyXHP8T57UxUMcrlJXEEXCVS5RR4m9l+EmK0ng6yHR1H5oX1Lg
+1WKyXgWwr0whwmdTD+qWFJW2M8HyefyBKLrsGPuxw4CVYT0h72bxtG0uyrXYh7Mt
+z0lHjGV90qrFpq5o0jx0sLbDlDvpFPbIO58uYzKG4Sn2VTC4rOyXPE6SuDvMHIeX
+6Ekw4wSVQ9eTbksLQqTyxSqM3zp2ygc56SjGjy1nGQT8ZBGFzSbZAzNOxVKrUsyS
+x7LzZVl+zCGCPlQwaYLKObKXadZJmrqSFmErC5jcbVgBz7oJQOglHJ2n0sMcZ+Ja
+1Y649mPVAgMBAAECggEAEbPF0ah9fH0IzTU/CPbIeh3flyY8GDuMpR1HvwUurSWB
+IFI9bLyVAXKb8vYP1TMaTnXi5qmFof+/JShgyZc3+1tZtWTfoaiC8Y1bRfE2yk+D
+xmwddhDmijYGG7i8uEaeddSdFEh2GKAqkbV/QgBvN2Nl4EVmIOAJXXNe9l5LFyjy
+sR10aNVJRYV1FahrCTwZ3SovHP4d4AUvHh/3FFZDukHc37CFA0+CcR4uehp5yedi
+2UdqaszXqunFo/3h+Tn9dW2C7gTTZx4+mfyaws3p3YOmdYArXvpejxHIc0FGwLBm
+sb9K7wGVUiF0Bt0ch+C1mdYrCaFNHnPuDswjmm3FwQKBgQDYtxOwwSLA6ZyppozX
+Doyx9a7PhiMHCFKSdVB4l8rpK545a+AmpG6LRScTtBsMTHBhT3IQ3QPWlVm1AhjF
+AvXMa1rOeaGbCbDn1xqEoEVPtj4tys8eTfyWmtU73jWTFauOt4/xpf/urEpg91xj
+m+Gl/8qgBrpm5rQxV5Y4MysRlQKBgQC78jzzlhocXGNvw0wT/K2NsknyeoZXqpIE
+QYL60FMl4geZn6w9hwxaL1r+g/tUjTnpBPQtS1r2Ed2gXby5zspN1g/PW8U3t3to
+P7zHIJ/sLBXrCh5RJko3hUgGhDNOOCIQj4IaKUfvHYvEIbIxlyI0vdsXsgXgMuQ8
+pb9Yifn5QQKBgQCmGu0EtYQlyOlDP10EGSrN3Dm45l9CrKZdi326cN4eCkikSoLs
+G2x/YumouItiydP5QiNzuXOPrbmse4bwumwb2s0nJSMw6iSmDsFMlmuJxW2zO5e0
+6qGH7fUyhgcaTanJIfk6hrm7/mKkH/S4hGpYCc8NCRsmc/35M+D4AoAoYQKBgQC0
+LWpZaxDlF30MbAHHN3l6We2iU+vup0sMYXGb2ZOcwa/fir+ozIr++l8VmJmdWTan
+OWSM96zgMghx8Os4hhJTxF+rvqK242OfcVsc2x31X94zUaP2z+peh5uhA6Pb3Nxr
+W+iyA9k+Vujiwhr+h5D3VvtvH++aG6/KpGtoCf5nAQKBgQDXX2+d7bd5CLNLLFNd
+M2i4QoOFcSKIG+v4SuvgEJHgG8vGvxh2qlSxnMWuPV+7/1P5ATLqDj1PlKms+BNR
+y7sc5AT9PclkL3Y9MNzOu0LXyBkGYcl8M0EQfLv9VPbWT+NXiMg/O2CHiT02pAAz
+uQicoQq3yzeQh20wtrtaXzTNmA==
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIID+jCCA6CgAwIBAgIUJhFxUKEGvTRc3CjCok6dbPGH/P4wCgYIKoZIzj0EAwIw
+gagxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTgwNgYD
+VQQLEy9DbG91ZEZsYXJlIE9yaWdpbiBTU0wgRUNDIENlcnRpZmljYXRlIEF1dGhv
+cml0eTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5p
+YTEXMBUGA1UEAxMOKGRldiB1c2Ugb25seSkwHhcNMTcxMDEzMTM1OTAwWhcNMzIx
+MDA5MTM1OTAwWjBiMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMR0wGwYDVQQL
+ExRDbG91ZEZsYXJlIE9yaWdpbiBDQTEmMCQGA1UEAxMdQ2xvdWRGbGFyZSBPcmln
+aW4gQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf
+GswL16Fz9Ei3sAg5AmBizoN2nZdyXHP8T57UxUMcrlJXEEXCVS5RR4m9l+EmK0ng
+6yHR1H5oX1Lg1WKyXgWwr0whwmdTD+qWFJW2M8HyefyBKLrsGPuxw4CVYT0h72bx
+tG0uyrXYh7Mtz0lHjGV90qrFpq5o0jx0sLbDlDvpFPbIO58uYzKG4Sn2VTC4rOyX
+PE6SuDvMHIeX6Ekw4wSVQ9eTbksLQqTyxSqM3zp2ygc56SjGjy1nGQT8ZBGFzSbZ
+AzNOxVKrUsySx7LzZVl+zCGCPlQwaYLKObKXadZJmrqSFmErC5jcbVgBz7oJQOgl
+HJ2n0sMcZ+Ja1Y649mPVAgMBAAGjggEgMIIBHDAOBgNVHQ8BAf8EBAMCBaAwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUzA6f2Ajq
+zhX67c6piY2a1uTiUkwwHwYDVR0jBBgwFoAU2qfBlqxKMZnf0QeTeYiMelfqJfgw
+RAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzABhihodHRwOi8vb2NzcC5jbG91ZGZs
+YXJlLmNvbS9vcmlnaW5fZWNjX2NhMCMGA1UdEQQcMBqCDCouYXJub2xkLmNvbYIK
+YXJub2xkLmNvbTA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmNsb3VkZmxh
+cmUuY29tL29yaWdpbl9lY2NfY2EuY3JsMAoGCCqGSM49BAMCA0gAMEUCIDV7HoMj
+K5rShE/l+90YAOzHC89OH/wUz3I5KYOFuehoAiEA8e92aIf9XBkr0K6EvFCiSsD+
+x+Yo/cL8fGfVpPt4UM8=
+-----END CERTIFICATE-----
+-----BEGIN ARGO TUNNEL TOKEN-----
+N2IwYTRkNzdkZmI4ODFjMWEzYjdkNjFlYTk0NDNlMTkKdGVzdC1zZXJ2aWNlLWtl
+eQ==
+-----END ARGO TUNNEL TOKEN-----
diff --git a/certutil/test-cert-no-key.pem b/certutil/test-cert-no-key.pem
new file mode 100644
index 00000000..aae69fc9
--- /dev/null
+++ b/certutil/test-cert-no-key.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIID+jCCA6CgAwIBAgIUJhFxUKEGvTRc3CjCok6dbPGH/P4wCgYIKoZIzj0EAwIw
+gagxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTgwNgYD
+VQQLEy9DbG91ZEZsYXJlIE9yaWdpbiBTU0wgRUNDIENlcnRpZmljYXRlIEF1dGhv
+cml0eTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5p
+YTEXMBUGA1UEAxMOKGRldiB1c2Ugb25seSkwHhcNMTcxMDEzMTM1OTAwWhcNMzIx
+MDA5MTM1OTAwWjBiMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMR0wGwYDVQQL
+ExRDbG91ZEZsYXJlIE9yaWdpbiBDQTEmMCQGA1UEAxMdQ2xvdWRGbGFyZSBPcmln
+aW4gQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf
+GswL16Fz9Ei3sAg5AmBizoN2nZdyXHP8T57UxUMcrlJXEEXCVS5RR4m9l+EmK0ng
+6yHR1H5oX1Lg1WKyXgWwr0whwmdTD+qWFJW2M8HyefyBKLrsGPuxw4CVYT0h72bx
+tG0uyrXYh7Mtz0lHjGV90qrFpq5o0jx0sLbDlDvpFPbIO58uYzKG4Sn2VTC4rOyX
+PE6SuDvMHIeX6Ekw4wSVQ9eTbksLQqTyxSqM3zp2ygc56SjGjy1nGQT8ZBGFzSbZ
+AzNOxVKrUsySx7LzZVl+zCGCPlQwaYLKObKXadZJmrqSFmErC5jcbVgBz7oJQOgl
+HJ2n0sMcZ+Ja1Y649mPVAgMBAAGjggEgMIIBHDAOBgNVHQ8BAf8EBAMCBaAwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUzA6f2Ajq
+zhX67c6piY2a1uTiUkwwHwYDVR0jBBgwFoAU2qfBlqxKMZnf0QeTeYiMelfqJfgw
+RAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzABhihodHRwOi8vb2NzcC5jbG91ZGZs
+YXJlLmNvbS9vcmlnaW5fZWNjX2NhMCMGA1UdEQQcMBqCDCouYXJub2xkLmNvbYIK
+YXJub2xkLmNvbTA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmNsb3VkZmxh
+cmUuY29tL29yaWdpbl9lY2NfY2EuY3JsMAoGCCqGSM49BAMCA0gAMEUCIDV7HoMj
+K5rShE/l+90YAOzHC89OH/wUz3I5KYOFuehoAiEA8e92aIf9XBkr0K6EvFCiSsD+
+x+Yo/cL8fGfVpPt4UM8=
+-----END CERTIFICATE-----
+-----BEGIN WARP TOKEN-----
+N2IwYTRkNzdkZmI4ODFjMWEzYjdkNjFlYTk0NDNlMTkKdjEuMC01OGJkNGY5ZTI4
+ZjdiM2MyOGUwNWEzNWZmM2U4MGFiNGZkOTY0NGVmM2ZlY2U1MzdlYjBkMTJlMmU5
+MjU4MjE3LTE4MzQ0MmZiYjBiYmRiM2U1NzE1NThmZWM5YjU1ODllYmQ3N2FhZmM4
+NzQ5OGVlM2YwOWY2NGE0YWQ3OWZmZTg3OTFlZGJhZTA4YjM2YzFkOGYxZDcwYTg2
+NzBkZTU2OTIyZGZmOTJiMTVkMjE0YTUyNGY0ZWJmYTE5NTg4NTllLTdjZTgwZjc5
+OTIxMzEyYTYwMjJjNWQyNWUyZDM4MGY4MmNlYWVmZTNmYmRjNDNkZDEzYjA4MGUz
+ZWYxZTI2Zjc=
+-----END WARP TOKEN-----
diff --git a/certutil/test-cert-two-certificates.pem b/certutil/test-cert-two-certificates.pem
new file mode 100644
index 00000000..214e2f8e
--- /dev/null
+++ b/certutil/test-cert-two-certificates.pem
@@ -0,0 +1,85 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCfGswL16Fz9Ei3
+sAg5AmBizoN2nZdyXHP8T57UxUMcrlJXEEXCVS5RR4m9l+EmK0ng6yHR1H5oX1Lg
+1WKyXgWwr0whwmdTD+qWFJW2M8HyefyBKLrsGPuxw4CVYT0h72bxtG0uyrXYh7Mt
+z0lHjGV90qrFpq5o0jx0sLbDlDvpFPbIO58uYzKG4Sn2VTC4rOyXPE6SuDvMHIeX
+6Ekw4wSVQ9eTbksLQqTyxSqM3zp2ygc56SjGjy1nGQT8ZBGFzSbZAzNOxVKrUsyS
+x7LzZVl+zCGCPlQwaYLKObKXadZJmrqSFmErC5jcbVgBz7oJQOglHJ2n0sMcZ+Ja
+1Y649mPVAgMBAAECggEAEbPF0ah9fH0IzTU/CPbIeh3flyY8GDuMpR1HvwUurSWB
+IFI9bLyVAXKb8vYP1TMaTnXi5qmFof+/JShgyZc3+1tZtWTfoaiC8Y1bRfE2yk+D
+xmwddhDmijYGG7i8uEaeddSdFEh2GKAqkbV/QgBvN2Nl4EVmIOAJXXNe9l5LFyjy
+sR10aNVJRYV1FahrCTwZ3SovHP4d4AUvHh/3FFZDukHc37CFA0+CcR4uehp5yedi
+2UdqaszXqunFo/3h+Tn9dW2C7gTTZx4+mfyaws3p3YOmdYArXvpejxHIc0FGwLBm
+sb9K7wGVUiF0Bt0ch+C1mdYrCaFNHnPuDswjmm3FwQKBgQDYtxOwwSLA6ZyppozX
+Doyx9a7PhiMHCFKSdVB4l8rpK545a+AmpG6LRScTtBsMTHBhT3IQ3QPWlVm1AhjF
+AvXMa1rOeaGbCbDn1xqEoEVPtj4tys8eTfyWmtU73jWTFauOt4/xpf/urEpg91xj
+m+Gl/8qgBrpm5rQxV5Y4MysRlQKBgQC78jzzlhocXGNvw0wT/K2NsknyeoZXqpIE
+QYL60FMl4geZn6w9hwxaL1r+g/tUjTnpBPQtS1r2Ed2gXby5zspN1g/PW8U3t3to
+P7zHIJ/sLBXrCh5RJko3hUgGhDNOOCIQj4IaKUfvHYvEIbIxlyI0vdsXsgXgMuQ8
+pb9Yifn5QQKBgQCmGu0EtYQlyOlDP10EGSrN3Dm45l9CrKZdi326cN4eCkikSoLs
+G2x/YumouItiydP5QiNzuXOPrbmse4bwumwb2s0nJSMw6iSmDsFMlmuJxW2zO5e0
+6qGH7fUyhgcaTanJIfk6hrm7/mKkH/S4hGpYCc8NCRsmc/35M+D4AoAoYQKBgQC0
+LWpZaxDlF30MbAHHN3l6We2iU+vup0sMYXGb2ZOcwa/fir+ozIr++l8VmJmdWTan
+OWSM96zgMghx8Os4hhJTxF+rvqK242OfcVsc2x31X94zUaP2z+peh5uhA6Pb3Nxr
+W+iyA9k+Vujiwhr+h5D3VvtvH++aG6/KpGtoCf5nAQKBgQDXX2+d7bd5CLNLLFNd
+M2i4QoOFcSKIG+v4SuvgEJHgG8vGvxh2qlSxnMWuPV+7/1P5ATLqDj1PlKms+BNR
+y7sc5AT9PclkL3Y9MNzOu0LXyBkGYcl8M0EQfLv9VPbWT+NXiMg/O2CHiT02pAAz
+uQicoQq3yzeQh20wtrtaXzTNmA==
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIID+jCCA6CgAwIBAgIUJhFxUKEGvTRc3CjCok6dbPGH/P4wCgYIKoZIzj0EAwIw
+gagxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTgwNgYD
+VQQLEy9DbG91ZEZsYXJlIE9yaWdpbiBTU0wgRUNDIENlcnRpZmljYXRlIEF1dGhv
+cml0eTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5p
+YTEXMBUGA1UEAxMOKGRldiB1c2Ugb25seSkwHhcNMTcxMDEzMTM1OTAwWhcNMzIx
+MDA5MTM1OTAwWjBiMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMR0wGwYDVQQL
+ExRDbG91ZEZsYXJlIE9yaWdpbiBDQTEmMCQGA1UEAxMdQ2xvdWRGbGFyZSBPcmln
+aW4gQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf
+GswL16Fz9Ei3sAg5AmBizoN2nZdyXHP8T57UxUMcrlJXEEXCVS5RR4m9l+EmK0ng
+6yHR1H5oX1Lg1WKyXgWwr0whwmdTD+qWFJW2M8HyefyBKLrsGPuxw4CVYT0h72bx
+tG0uyrXYh7Mtz0lHjGV90qrFpq5o0jx0sLbDlDvpFPbIO58uYzKG4Sn2VTC4rOyX
+PE6SuDvMHIeX6Ekw4wSVQ9eTbksLQqTyxSqM3zp2ygc56SjGjy1nGQT8ZBGFzSbZ
+AzNOxVKrUsySx7LzZVl+zCGCPlQwaYLKObKXadZJmrqSFmErC5jcbVgBz7oJQOgl
+HJ2n0sMcZ+Ja1Y649mPVAgMBAAGjggEgMIIBHDAOBgNVHQ8BAf8EBAMCBaAwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUzA6f2Ajq
+zhX67c6piY2a1uTiUkwwHwYDVR0jBBgwFoAU2qfBlqxKMZnf0QeTeYiMelfqJfgw
+RAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzABhihodHRwOi8vb2NzcC5jbG91ZGZs
+YXJlLmNvbS9vcmlnaW5fZWNjX2NhMCMGA1UdEQQcMBqCDCouYXJub2xkLmNvbYIK
+YXJub2xkLmNvbTA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmNsb3VkZmxh
+cmUuY29tL29yaWdpbl9lY2NfY2EuY3JsMAoGCCqGSM49BAMCA0gAMEUCIDV7HoMj
+K5rShE/l+90YAOzHC89OH/wUz3I5KYOFuehoAiEA8e92aIf9XBkr0K6EvFCiSsD+
+x+Yo/cL8fGfVpPt4UM8=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID+jCCA6CgAwIBAgIUJhFxUKEGvTRc3CjCok6dbPGH/P4wCgYIKoZIzj0EAwIw
+gagxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTgwNgYD
+VQQLEy9DbG91ZEZsYXJlIE9yaWdpbiBTU0wgRUNDIENlcnRpZmljYXRlIEF1dGhv
+cml0eTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5p
+YTEXMBUGA1UEAxMOKGRldiB1c2Ugb25seSkwHhcNMTcxMDEzMTM1OTAwWhcNMzIx
+MDA5MTM1OTAwWjBiMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMR0wGwYDVQQL
+ExRDbG91ZEZsYXJlIE9yaWdpbiBDQTEmMCQGA1UEAxMdQ2xvdWRGbGFyZSBPcmln
+aW4gQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf
+GswL16Fz9Ei3sAg5AmBizoN2nZdyXHP8T57UxUMcrlJXEEXCVS5RR4m9l+EmK0ng
+6yHR1H5oX1Lg1WKyXgWwr0whwmdTD+qWFJW2M8HyefyBKLrsGPuxw4CVYT0h72bx
+tG0uyrXYh7Mtz0lHjGV90qrFpq5o0jx0sLbDlDvpFPbIO58uYzKG4Sn2VTC4rOyX
+PE6SuDvMHIeX6Ekw4wSVQ9eTbksLQqTyxSqM3zp2ygc56SjGjy1nGQT8ZBGFzSbZ
+AzNOxVKrUsySx7LzZVl+zCGCPlQwaYLKObKXadZJmrqSFmErC5jcbVgBz7oJQOgl
+HJ2n0sMcZ+Ja1Y649mPVAgMBAAGjggEgMIIBHDAOBgNVHQ8BAf8EBAMCBaAwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUzA6f2Ajq
+zhX67c6piY2a1uTiUkwwHwYDVR0jBBgwFoAU2qfBlqxKMZnf0QeTeYiMelfqJfgw
+RAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzABhihodHRwOi8vb2NzcC5jbG91ZGZs
+YXJlLmNvbS9vcmlnaW5fZWNjX2NhMCMGA1UdEQQcMBqCDCouYXJub2xkLmNvbYIK
+YXJub2xkLmNvbTA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmNsb3VkZmxh
+cmUuY29tL29yaWdpbl9lY2NfY2EuY3JsMAoGCCqGSM49BAMCA0gAMEUCIDV7HoMj
+K5rShE/l+90YAOzHC89OH/wUz3I5KYOFuehoAiEA8e92aIf9XBkr0K6EvFCiSsD+
+x+Yo/cL8fGfVpPt4UM8=
+-----END CERTIFICATE-----
+-----BEGIN WARP TOKEN-----
+N2IwYTRkNzdkZmI4ODFjMWEzYjdkNjFlYTk0NDNlMTkKdjEuMC01OGJkNGY5ZTI4
+ZjdiM2MyOGUwNWEzNWZmM2U4MGFiNGZkOTY0NGVmM2ZlY2U1MzdlYjBkMTJlMmU5
+MjU4MjE3LTE4MzQ0MmZiYjBiYmRiM2U1NzE1NThmZWM5YjU1ODllYmQ3N2FhZmM4
+NzQ5OGVlM2YwOWY2NGE0YWQ3OWZmZTg3OTFlZGJhZTA4YjM2YzFkOGYxZDcwYTg2
+NzBkZTU2OTIyZGZmOTJiMTVkMjE0YTUyNGY0ZWJmYTE5NTg4NTllLTdjZTgwZjc5
+OTIxMzEyYTYwMjJjNWQyNWUyZDM4MGY4MmNlYWVmZTNmYmRjNDNkZDEzYjA4MGUz
+ZWYxZTI2Zjc=
+-----END WARP TOKEN-----
diff --git a/certutil/test-cert-unknown-block.pem b/certutil/test-cert-unknown-block.pem
new file mode 100644
index 00000000..f7180851
--- /dev/null
+++ b/certutil/test-cert-unknown-block.pem
@@ -0,0 +1,89 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCfGswL16Fz9Ei3
+sAg5AmBizoN2nZdyXHP8T57UxUMcrlJXEEXCVS5RR4m9l+EmK0ng6yHR1H5oX1Lg
+1WKyXgWwr0whwmdTD+qWFJW2M8HyefyBKLrsGPuxw4CVYT0h72bxtG0uyrXYh7Mt
+z0lHjGV90qrFpq5o0jx0sLbDlDvpFPbIO58uYzKG4Sn2VTC4rOyXPE6SuDvMHIeX
+6Ekw4wSVQ9eTbksLQqTyxSqM3zp2ygc56SjGjy1nGQT8ZBGFzSbZAzNOxVKrUsyS
+x7LzZVl+zCGCPlQwaYLKObKXadZJmrqSFmErC5jcbVgBz7oJQOglHJ2n0sMcZ+Ja
+1Y649mPVAgMBAAECggEAEbPF0ah9fH0IzTU/CPbIeh3flyY8GDuMpR1HvwUurSWB
+IFI9bLyVAXKb8vYP1TMaTnXi5qmFof+/JShgyZc3+1tZtWTfoaiC8Y1bRfE2yk+D
+xmwddhDmijYGG7i8uEaeddSdFEh2GKAqkbV/QgBvN2Nl4EVmIOAJXXNe9l5LFyjy
+sR10aNVJRYV1FahrCTwZ3SovHP4d4AUvHh/3FFZDukHc37CFA0+CcR4uehp5yedi
+2UdqaszXqunFo/3h+Tn9dW2C7gTTZx4+mfyaws3p3YOmdYArXvpejxHIc0FGwLBm
+sb9K7wGVUiF0Bt0ch+C1mdYrCaFNHnPuDswjmm3FwQKBgQDYtxOwwSLA6ZyppozX
+Doyx9a7PhiMHCFKSdVB4l8rpK545a+AmpG6LRScTtBsMTHBhT3IQ3QPWlVm1AhjF
+AvXMa1rOeaGbCbDn1xqEoEVPtj4tys8eTfyWmtU73jWTFauOt4/xpf/urEpg91xj
+m+Gl/8qgBrpm5rQxV5Y4MysRlQKBgQC78jzzlhocXGNvw0wT/K2NsknyeoZXqpIE
+QYL60FMl4geZn6w9hwxaL1r+g/tUjTnpBPQtS1r2Ed2gXby5zspN1g/PW8U3t3to
+P7zHIJ/sLBXrCh5RJko3hUgGhDNOOCIQj4IaKUfvHYvEIbIxlyI0vdsXsgXgMuQ8
+pb9Yifn5QQKBgQCmGu0EtYQlyOlDP10EGSrN3Dm45l9CrKZdi326cN4eCkikSoLs
+G2x/YumouItiydP5QiNzuXOPrbmse4bwumwb2s0nJSMw6iSmDsFMlmuJxW2zO5e0
+6qGH7fUyhgcaTanJIfk6hrm7/mKkH/S4hGpYCc8NCRsmc/35M+D4AoAoYQKBgQC0
+LWpZaxDlF30MbAHHN3l6We2iU+vup0sMYXGb2ZOcwa/fir+ozIr++l8VmJmdWTan
+OWSM96zgMghx8Os4hhJTxF+rvqK242OfcVsc2x31X94zUaP2z+peh5uhA6Pb3Nxr
+W+iyA9k+Vujiwhr+h5D3VvtvH++aG6/KpGtoCf5nAQKBgQDXX2+d7bd5CLNLLFNd
+M2i4QoOFcSKIG+v4SuvgEJHgG8vGvxh2qlSxnMWuPV+7/1P5ATLqDj1PlKms+BNR
+y7sc5AT9PclkL3Y9MNzOu0LXyBkGYcl8M0EQfLv9VPbWT+NXiMg/O2CHiT02pAAz
+uQicoQq3yzeQh20wtrtaXzTNmA==
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIID+jCCA6CgAwIBAgIUJhFxUKEGvTRc3CjCok6dbPGH/P4wCgYIKoZIzj0EAwIw
+gagxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTgwNgYD
+VQQLEy9DbG91ZEZsYXJlIE9yaWdpbiBTU0wgRUNDIENlcnRpZmljYXRlIEF1dGhv
+cml0eTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5p
+YTEXMBUGA1UEAxMOKGRldiB1c2Ugb25seSkwHhcNMTcxMDEzMTM1OTAwWhcNMzIx
+MDA5MTM1OTAwWjBiMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMR0wGwYDVQQL
+ExRDbG91ZEZsYXJlIE9yaWdpbiBDQTEmMCQGA1UEAxMdQ2xvdWRGbGFyZSBPcmln
+aW4gQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf
+GswL16Fz9Ei3sAg5AmBizoN2nZdyXHP8T57UxUMcrlJXEEXCVS5RR4m9l+EmK0ng
+6yHR1H5oX1Lg1WKyXgWwr0whwmdTD+qWFJW2M8HyefyBKLrsGPuxw4CVYT0h72bx
+tG0uyrXYh7Mtz0lHjGV90qrFpq5o0jx0sLbDlDvpFPbIO58uYzKG4Sn2VTC4rOyX
+PE6SuDvMHIeX6Ekw4wSVQ9eTbksLQqTyxSqM3zp2ygc56SjGjy1nGQT8ZBGFzSbZ
+AzNOxVKrUsySx7LzZVl+zCGCPlQwaYLKObKXadZJmrqSFmErC5jcbVgBz7oJQOgl
+HJ2n0sMcZ+Ja1Y649mPVAgMBAAGjggEgMIIBHDAOBgNVHQ8BAf8EBAMCBaAwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUzA6f2Ajq
+zhX67c6piY2a1uTiUkwwHwYDVR0jBBgwFoAU2qfBlqxKMZnf0QeTeYiMelfqJfgw
+RAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzABhihodHRwOi8vb2NzcC5jbG91ZGZs
+YXJlLmNvbS9vcmlnaW5fZWNjX2NhMCMGA1UdEQQcMBqCDCouYXJub2xkLmNvbYIK
+YXJub2xkLmNvbTA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmNsb3VkZmxh
+cmUuY29tL29yaWdpbl9lY2NfY2EuY3JsMAoGCCqGSM49BAMCA0gAMEUCIDV7HoMj
+K5rShE/l+90YAOzHC89OH/wUz3I5KYOFuehoAiEA8e92aIf9XBkr0K6EvFCiSsD+
+x+Yo/cL8fGfVpPt4UM8=
+-----END CERTIFICATE-----
+-----BEGIN WARP TOKEN-----
+N2IwYTRkNzdkZmI4ODFjMWEzYjdkNjFlYTk0NDNlMTkKdjEuMC01OGJkNGY5ZTI4
+ZjdiM2MyOGUwNWEzNWZmM2U4MGFiNGZkOTY0NGVmM2ZlY2U1MzdlYjBkMTJlMmU5
+MjU4MjE3LTE4MzQ0MmZiYjBiYmRiM2U1NzE1NThmZWM5YjU1ODllYmQ3N2FhZmM4
+NzQ5OGVlM2YwOWY2NGE0YWQ3OWZmZTg3OTFlZGJhZTA4YjM2YzFkOGYxZDcwYTg2
+NzBkZTU2OTIyZGZmOTJiMTVkMjE0YTUyNGY0ZWJmYTE5NTg4NTllLTdjZTgwZjc5
+OTIxMzEyYTYwMjJjNWQyNWUyZDM4MGY4MmNlYWVmZTNmYmRjNDNkZDEzYjA4MGUz
+ZWYxZTI2Zjc=
+-----END WARP TOKEN-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCfGswL16Fz9Ei3
+sAg5AmBizoN2nZdyXHP8T57UxUMcrlJXEEXCVS5RR4m9l+EmK0ng6yHR1H5oX1Lg
+1WKyXgWwr0whwmdTD+qWFJW2M8HyefyBKLrsGPuxw4CVYT0h72bxtG0uyrXYh7Mt
+z0lHjGV90qrFpq5o0jx0sLbDlDvpFPbIO58uYzKG4Sn2VTC4rOyXPE6SuDvMHIeX
+6Ekw4wSVQ9eTbksLQqTyxSqM3zp2ygc56SjGjy1nGQT8ZBGFzSbZAzNOxVKrUsyS
+x7LzZVl+zCGCPlQwaYLKObKXadZJmrqSFmErC5jcbVgBz7oJQOglHJ2n0sMcZ+Ja
+1Y649mPVAgMBAAECggEAEbPF0ah9fH0IzTU/CPbIeh3flyY8GDuMpR1HvwUurSWB
+IFI9bLyVAXKb8vYP1TMaTnXi5qmFof+/JShgyZc3+1tZtWTfoaiC8Y1bRfE2yk+D
+xmwddhDmijYGG7i8uEaeddSdFEh2GKAqkbV/QgBvN2Nl4EVmIOAJXXNe9l5LFyjy
+sR10aNVJRYV1FahrCTwZ3SovHP4d4AUvHh/3FFZDukHc37CFA0+CcR4uehp5yedi
+2UdqaszXqunFo/3h+Tn9dW2C7gTTZx4+mfyaws3p3YOmdYArXvpejxHIc0FGwLBm
+sb9K7wGVUiF0Bt0ch+C1mdYrCaFNHnPuDswjmm3FwQKBgQDYtxOwwSLA6ZyppozX
+Doyx9a7PhiMHCFKSdVB4l8rpK545a+AmpG6LRScTtBsMTHBhT3IQ3QPWlVm1AhjF
+AvXMa1rOeaGbCbDn1xqEoEVPtj4tys8eTfyWmtU73jWTFauOt4/xpf/urEpg91xj
+m+Gl/8qgBrpm5rQxV5Y4MysRlQKBgQC78jzzlhocXGNvw0wT/K2NsknyeoZXqpIE
+QYL60FMl4geZn6w9hwxaL1r+g/tUjTnpBPQtS1r2Ed2gXby5zspN1g/PW8U3t3to
+P7zHIJ/sLBXrCh5RJko3hUgGhDNOOCIQj4IaKUfvHYvEIbIxlyI0vdsXsgXgMuQ8
+pb9Yifn5QQKBgQCmGu0EtYQlyOlDP10EGSrN3Dm45l9CrKZdi326cN4eCkikSoLs
+G2x/YumouItiydP5QiNzuXOPrbmse4bwumwb2s0nJSMw6iSmDsFMlmuJxW2zO5e0
+6qGH7fUyhgcaTanJIfk6hrm7/mKkH/S4hGpYCc8NCRsmc/35M+D4AoAoYQKBgQC0
+LWpZaxDlF30MbAHHN3l6We2iU+vup0sMYXGb2ZOcwa/fir+ozIr++l8VmJmdWTan
+OWSM96zgMghx8Os4hhJTxF+rvqK242OfcVsc2x31X94zUaP2z+peh5uhA6Pb3Nxr
+W+iyA9k+Vujiwhr+h5D3VvtvH++aG6/KpGtoCf5nAQKBgQDXX2+d7bd5CLNLLFNd
+M2i4QoOFcSKIG+v4SuvgEJHgG8vGvxh2qlSxnMWuPV+7/1P5ATLqDj1PlKms+BNR
+y7sc5AT9PclkL3Y9MNzOu0LXyBkGYcl8M0EQfLv9VPbWT+NXiMg/O2CHiT02pAAz
+uQicoQq3yzeQh20wtrtaXzTNmA==
+-----END RSA PRIVATE KEY-----
diff --git a/certutil/test-cert.pem b/certutil/test-cert.pem
new file mode 100644
index 00000000..4d1c9f89
--- /dev/null
+++ b/certutil/test-cert.pem
@@ -0,0 +1,61 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCfGswL16Fz9Ei3
+sAg5AmBizoN2nZdyXHP8T57UxUMcrlJXEEXCVS5RR4m9l+EmK0ng6yHR1H5oX1Lg
+1WKyXgWwr0whwmdTD+qWFJW2M8HyefyBKLrsGPuxw4CVYT0h72bxtG0uyrXYh7Mt
+z0lHjGV90qrFpq5o0jx0sLbDlDvpFPbIO58uYzKG4Sn2VTC4rOyXPE6SuDvMHIeX
+6Ekw4wSVQ9eTbksLQqTyxSqM3zp2ygc56SjGjy1nGQT8ZBGFzSbZAzNOxVKrUsyS
+x7LzZVl+zCGCPlQwaYLKObKXadZJmrqSFmErC5jcbVgBz7oJQOglHJ2n0sMcZ+Ja
+1Y649mPVAgMBAAECggEAEbPF0ah9fH0IzTU/CPbIeh3flyY8GDuMpR1HvwUurSWB
+IFI9bLyVAXKb8vYP1TMaTnXi5qmFof+/JShgyZc3+1tZtWTfoaiC8Y1bRfE2yk+D
+xmwddhDmijYGG7i8uEaeddSdFEh2GKAqkbV/QgBvN2Nl4EVmIOAJXXNe9l5LFyjy
+sR10aNVJRYV1FahrCTwZ3SovHP4d4AUvHh/3FFZDukHc37CFA0+CcR4uehp5yedi
+2UdqaszXqunFo/3h+Tn9dW2C7gTTZx4+mfyaws3p3YOmdYArXvpejxHIc0FGwLBm
+sb9K7wGVUiF0Bt0ch+C1mdYrCaFNHnPuDswjmm3FwQKBgQDYtxOwwSLA6ZyppozX
+Doyx9a7PhiMHCFKSdVB4l8rpK545a+AmpG6LRScTtBsMTHBhT3IQ3QPWlVm1AhjF
+AvXMa1rOeaGbCbDn1xqEoEVPtj4tys8eTfyWmtU73jWTFauOt4/xpf/urEpg91xj
+m+Gl/8qgBrpm5rQxV5Y4MysRlQKBgQC78jzzlhocXGNvw0wT/K2NsknyeoZXqpIE
+QYL60FMl4geZn6w9hwxaL1r+g/tUjTnpBPQtS1r2Ed2gXby5zspN1g/PW8U3t3to
+P7zHIJ/sLBXrCh5RJko3hUgGhDNOOCIQj4IaKUfvHYvEIbIxlyI0vdsXsgXgMuQ8
+pb9Yifn5QQKBgQCmGu0EtYQlyOlDP10EGSrN3Dm45l9CrKZdi326cN4eCkikSoLs
+G2x/YumouItiydP5QiNzuXOPrbmse4bwumwb2s0nJSMw6iSmDsFMlmuJxW2zO5e0
+6qGH7fUyhgcaTanJIfk6hrm7/mKkH/S4hGpYCc8NCRsmc/35M+D4AoAoYQKBgQC0
+LWpZaxDlF30MbAHHN3l6We2iU+vup0sMYXGb2ZOcwa/fir+ozIr++l8VmJmdWTan
+OWSM96zgMghx8Os4hhJTxF+rvqK242OfcVsc2x31X94zUaP2z+peh5uhA6Pb3Nxr
+W+iyA9k+Vujiwhr+h5D3VvtvH++aG6/KpGtoCf5nAQKBgQDXX2+d7bd5CLNLLFNd
+M2i4QoOFcSKIG+v4SuvgEJHgG8vGvxh2qlSxnMWuPV+7/1P5ATLqDj1PlKms+BNR
+y7sc5AT9PclkL3Y9MNzOu0LXyBkGYcl8M0EQfLv9VPbWT+NXiMg/O2CHiT02pAAz
+uQicoQq3yzeQh20wtrtaXzTNmA==
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIID+jCCA6CgAwIBAgIUJhFxUKEGvTRc3CjCok6dbPGH/P4wCgYIKoZIzj0EAwIw
+gagxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTgwNgYD
+VQQLEy9DbG91ZEZsYXJlIE9yaWdpbiBTU0wgRUNDIENlcnRpZmljYXRlIEF1dGhv
+cml0eTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5p
+YTEXMBUGA1UEAxMOKGRldiB1c2Ugb25seSkwHhcNMTcxMDEzMTM1OTAwWhcNMzIx
+MDA5MTM1OTAwWjBiMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMR0wGwYDVQQL
+ExRDbG91ZEZsYXJlIE9yaWdpbiBDQTEmMCQGA1UEAxMdQ2xvdWRGbGFyZSBPcmln
+aW4gQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf
+GswL16Fz9Ei3sAg5AmBizoN2nZdyXHP8T57UxUMcrlJXEEXCVS5RR4m9l+EmK0ng
+6yHR1H5oX1Lg1WKyXgWwr0whwmdTD+qWFJW2M8HyefyBKLrsGPuxw4CVYT0h72bx
+tG0uyrXYh7Mtz0lHjGV90qrFpq5o0jx0sLbDlDvpFPbIO58uYzKG4Sn2VTC4rOyX
+PE6SuDvMHIeX6Ekw4wSVQ9eTbksLQqTyxSqM3zp2ygc56SjGjy1nGQT8ZBGFzSbZ
+AzNOxVKrUsySx7LzZVl+zCGCPlQwaYLKObKXadZJmrqSFmErC5jcbVgBz7oJQOgl
+HJ2n0sMcZ+Ja1Y649mPVAgMBAAGjggEgMIIBHDAOBgNVHQ8BAf8EBAMCBaAwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUzA6f2Ajq
+zhX67c6piY2a1uTiUkwwHwYDVR0jBBgwFoAU2qfBlqxKMZnf0QeTeYiMelfqJfgw
+RAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzABhihodHRwOi8vb2NzcC5jbG91ZGZs
+YXJlLmNvbS9vcmlnaW5fZWNjX2NhMCMGA1UdEQQcMBqCDCouYXJub2xkLmNvbYIK
+YXJub2xkLmNvbTA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmNsb3VkZmxh
+cmUuY29tL29yaWdpbl9lY2NfY2EuY3JsMAoGCCqGSM49BAMCA0gAMEUCIDV7HoMj
+K5rShE/l+90YAOzHC89OH/wUz3I5KYOFuehoAiEA8e92aIf9XBkr0K6EvFCiSsD+
+x+Yo/cL8fGfVpPt4UM8=
+-----END CERTIFICATE-----
+-----BEGIN WARP TOKEN-----
+N2IwYTRkNzdkZmI4ODFjMWEzYjdkNjFlYTk0NDNlMTkKdjEuMC01OGJkNGY5ZTI4
+ZjdiM2MyOGUwNWEzNWZmM2U4MGFiNGZkOTY0NGVmM2ZlY2U1MzdlYjBkMTJlMmU5
+MjU4MjE3LTE4MzQ0MmZiYjBiYmRiM2U1NzE1NThmZWM5YjU1ODllYmQ3N2FhZmM4
+NzQ5OGVlM2YwOWY2NGE0YWQ3OWZmZTg3OTFlZGJhZTA4YjM2YzFkOGYxZDcwYTg2
+NzBkZTU2OTIyZGZmOTJiMTVkMjE0YTUyNGY0ZWJmYTE5NTg4NTllLTdjZTgwZjc5
+OTIxMzEyYTYwMjJjNWQyNWUyZDM4MGY4MmNlYWVmZTNmYmRjNDNkZDEzYjA4MGUz
+ZWYxZTI2Zjc=
+-----END WARP TOKEN-----
diff --git a/go.mod b/go.mod
index e00baeb2..da0d2528 100644
--- a/go.mod
+++ b/go.mod
@@ -7,8 +7,9 @@ require (
 	github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 // indirect
 	github.com/aws/aws-sdk-go v1.25.8
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/certifi/gocertifi v0.0.0-20180118203423-deb3ae2ef261 // indirect
+	github.com/certifi/gocertifi v0.0.0-20200211180108-c7c1fbc02894 // indirect
 	github.com/cloudflare/brotli-go v0.0.0-20191101163834-d34379f7ff93
+	github.com/cloudflare/cfssl v0.0.0-20141119014638-2f7f44e802e2
 	github.com/cloudflare/golibs v0.0.0-20170913112048-333127dbecfc
 	github.com/coredns/coredns v1.2.0
 	github.com/coreos/go-oidc v0.0.0-20171002155002-a93f71fdfe73
@@ -32,7 +33,6 @@ require (
 	github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 // indirect
 	github.com/jmoiron/sqlx v1.2.0
 	github.com/konsorten/go-windows-terminal-sequences v1.0.2 // indirect
-	github.com/kr/pretty v0.1.0 // indirect
 	github.com/kshvakov/clickhouse v1.3.11
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lib/pq v1.2.0
@@ -60,11 +60,9 @@ require (
 	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 // indirect
 	golang.org/x/sync v0.0.0-20190423024810-112230192c58
 	golang.org/x/sys v0.0.0-20191020212454-3e7259c5e7c2
-	golang.org/x/text v0.3.2 // indirect
 	google.golang.org/appengine v1.5.0 // indirect
 	google.golang.org/genproto v0.0.0-20191007204434-a023cd5227bd // indirect
 	google.golang.org/grpc v1.24.0 // indirect
-	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
 	gopkg.in/coreos/go-oidc.v2 v2.1.0
 	gopkg.in/square/go-jose.v2 v2.4.0 // indirect
 	gopkg.in/urfave/cli.v2 v2.0.0-20180128181224-d604b6ffeee8
diff --git a/go.sum b/go.sum
index 3882824f..985e4821 100644
--- a/go.sum
+++ b/go.sum
@@ -1,9 +1,13 @@
+bitbucket.org/liamstask/goose v0.0.0-20150115234039-8488cc47d90c/go.mod h1:hSVuE3qU7grINVSwrmzHfpg9k87ALBk+XaualNyUzI4=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/DATA-DOG/go-sqlmock v1.3.3 h1:CWUqKXe0s8A2z6qCgkP4Kru7wC11YoAnoupUKFDnH08=
 github.com/DATA-DOG/go-sqlmock v1.3.3/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
+github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0=
+github.com/GeertJohan/go.rice v1.0.0/go.mod h1:eH6gbSOAUv07dQuZVnBmoDP8mgsM1rtixis4Tib9if0=
+github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=
@@ -16,19 +20,27 @@ github.com/bkaradzic/go-lz4 v1.0.0 h1:RXc4wYsyz985CkXXeX04y4VnZFGG8Rd43pRaHsOXAK
 github.com/bkaradzic/go-lz4 v1.0.0/go.mod h1:0YdlkowM3VswSROI7qDxhRvJ3sLhlFrRRwjwegp5jy4=
 github.com/certifi/gocertifi v0.0.0-20180118203423-deb3ae2ef261 h1:6/yVvBsKeAw05IUj4AzvrxaCnDjN4nUqKjW9+w5wixg=
 github.com/certifi/gocertifi v0.0.0-20180118203423-deb3ae2ef261/go.mod h1:GJKEexRPVJrBSOjoqN5VNOIKJ5Q3RViH6eu3puDRwx4=
+github.com/certifi/gocertifi v0.0.0-20200211180108-c7c1fbc02894 h1:JLaf/iINcLyjwbtTsCJjc6rtlASgHeIJPrB6QmwURnA=
+github.com/certifi/gocertifi v0.0.0-20200211180108-c7c1fbc02894/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cloudflare/backoff v0.0.0-20161212185259-647f3cdfc87a/go.mod h1:rzgs2ZOiguV6/NpiDgADjRLPNyZlApIWxKpkT+X8SdY=
 github.com/cloudflare/brotli-go v0.0.0-20191101163834-d34379f7ff93 h1:QrGfkZDnMxcWHaYDdB7CmqS9i26OAnUj/xcus/abYkY=
 github.com/cloudflare/brotli-go v0.0.0-20191101163834-d34379f7ff93/go.mod h1:QiTe66jFdP7cUKMCCf/WrvDyYdtdmdZfVcdoLbzaKVY=
+github.com/cloudflare/cfssl v0.0.0-20141119014638-2f7f44e802e2 h1:GOj9uxwfkVdMaHYGQqhab3hr1rjMDqfaQI+JjpKXgMM=
+github.com/cloudflare/cfssl v0.0.0-20141119014638-2f7f44e802e2/go.mod h1:yMWuSON2oQp+43nFtAV/uvKQIFpSPerB57DCt9t8sSA=
+github.com/cloudflare/go-metrics v0.0.0-20151117154305-6a9aea36fb41/go.mod h1:eaZPlJWD+G9wseg1BuRXlHnjntPMrywMsyxf+LTOdP4=
 github.com/cloudflare/golibs v0.0.0-20170913112048-333127dbecfc h1:Dvk3ySBsOm5EviLx6VCyILnafPcQinXGP5jbTdHUJgE=
 github.com/cloudflare/golibs v0.0.0-20170913112048-333127dbecfc/go.mod h1:HlgKKR8V5a1wroIDDIz3/A+T+9Janfq+7n1P5sEFdi0=
 github.com/cloudflare/golz4 v0.0.0-20150217214814-ef862a3cdc58 h1:F1EaeKL/ta07PY/k9Os/UFtwERei2/XzGemhpGnBKNg=
 github.com/cloudflare/golz4 v0.0.0-20150217214814-ef862a3cdc58/go.mod h1:EOBUe0h4xcZ5GoxqC5SDxFQ8gwyZPKQoEzownBlhI80=
+github.com/cloudflare/redoctober v0.0.0-20171127175943-746a508df14c/go.mod h1:6Se34jNoqrd8bTxrmJB2Bg2aoZ2CdSXonils9NsiNgo=
 github.com/coredns/coredns v1.2.0 h1:YEI38K2BJYzL/SxO2tZFD727T/C68DqVWkBQjT0sWPU=
 github.com/coredns/coredns v1.2.0/go.mod h1:zASH/MVDgR6XZTbxvOnsZfffS+31vg6Ackf/wo1+AM0=
 github.com/coreos/go-oidc v0.0.0-20171002155002-a93f71fdfe73 h1:7CNPV0LWRCa1FNmqg700pbXhzvmoaXKyfxWRkjRym7Q=
 github.com/coreos/go-oidc v0.0.0-20171002155002-a93f71fdfe73/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
 github.com/coreos/go-systemd v0.0.0-20190620071333-e64a0ec8b42a h1:W8b4lQ4tFF21aspRGoBuCNV6V2fFJBF+pm1J6OY8Lys=
 github.com/coreos/go-systemd v0.0.0-20190620071333-e64a0ec8b42a/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/daaku/go.zipexe v1.0.0/go.mod h1:z8IiR6TsVLEYKwXAoE/I+8ys/sDkgTzSL0CLnGVd57E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -50,12 +62,14 @@ github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjr
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
+github.com/getsentry/raven-go v0.0.0-20180121060056-563b81fc02b7/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
 github.com/getsentry/raven-go v0.0.0-20180517221441-ed7bcb39ff10 h1:YO10pIIBftO/kkTFdWhctH96grJ7qiy7bMdiZcIvPKs=
 github.com/getsentry/raven-go v0.0.0-20180517221441-ed7bcb39ff10/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
 github.com/gliderlabs/ssh v0.0.0-20191009160644-63518b5243e0 h1:gF8ngtda767ddth2SH0YSAhswhz6qUkvyI9EZFYCWJA=
 github.com/gliderlabs/ssh v0.0.0-20191009160644-63518b5243e0/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+github.com/go-sql-driver/mysql v1.3.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
@@ -67,8 +81,11 @@ github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekf
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/google/certificate-transparency-go v1.0.21 h1:Yf1aXowfZ2nuboBsg7iYGLmwsOARdV86pfH3g95wXmE=
+github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -80,11 +97,16 @@ github.com/gorilla/websocket v1.4.0 h1:WDFjx/TMzVgy9VdMMQi2K2Emtwi2QcUQsztZ/zLaH
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 h1:MJG/KsmcqMwFAkh8mTnAwhyKoB+sTAnY4CACC110tbU=
 github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645/go.mod h1:6iZfnjpejD4L/4DwD7NryNaJyCQdzwWwH2MWhCA90Kw=
+github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548/go.mod h1:hGT6jSUVzF6no3QaDSMLGLEHtHSBSefs+MgcDWnmhmo=
+github.com/jmoiron/sqlx v0.0.0-20180124204410-05cef0741ade/go.mod h1:IiEW3SEiiErVyFdH8NTuWjSifiEQKUoyK3LNqr2kCHU=
 github.com/jmoiron/sqlx v1.2.0 h1:41Ip0zITnmWNR/vHV+S4m+VoUivnWY5E4OJfLZjCJMA=
 github.com/jmoiron/sqlx v1.2.0/go.mod h1:1FEQNm3xlJgrMD+FBdI9+xvCksHtbpVBBw5dYhBSsks=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/kisielk/sqlstruct v0.0.0-20150923205031-648daed35d49/go.mod h1:yyMNCyc/Ib3bDTKd379tNMpB/7/H5TjM2Y9QJ5THLbE=
+github.com/kisom/goutils v1.1.0/go.mod h1:+UBTfd78habUYWFbNWTJNG+jNG/i/lGURakr4A/yNRw=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -96,10 +118,12 @@ github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kshvakov/clickhouse v1.3.11 h1:dtzTJY0fCA+MWkLyuKZaNPkmSwdX4gh8+Klic9NB1Lw=
 github.com/kshvakov/clickhouse v1.3.11/go.mod h1:/SVBAcqF3u7rxQ9sTWCZwf8jzzvxiZGeQvtmSF2BBEc=
+github.com/kylelemons/go-gypsy v0.0.0-20160905020020-08cad365cd28/go.mod h1:T/T7jsxVqf9k/zYOqbgNAsANsjxTd1Yq3htjDhQ1H0c=
 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4=
 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/lib/pq v0.0.0-20180201184707-88edab080323/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.2.0 h1:LXpIM/LZ5xGFhOpXAQUIMM1HdyqzVYM13zNdjCEEcA0=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
@@ -109,6 +133,7 @@ github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hd
 github.com/mattn/go-isatty v0.0.10 h1:qxFzApOv4WsAL965uUPIsXzAKCZxN2p9UqdhFS4ZW10=
 github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
 github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
+github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.11.0 h1:LDdKkqtYlom37fkvqs8rMPFKAMe8+SgjbwZ6ex1/A/Q=
 github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
@@ -119,13 +144,17 @@ github.com/miekg/dns v1.1.27 h1:aEH/kqUzUxGJ/UHcEKdJY+ugH6WEzsEBBSPa8zuy1aM=
 github.com/miekg/dns v1.1.27/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/nkovacs/streamquote v0.0.0-20170412213628-49af9bddb229/go.mod h1:0aYXnNPJ8l7uZxf45rWW1a/uME32OF0rhiYGNQ2oF2E=
+github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
 github.com/opentracing/opentracing-go v1.1.0 h1:pWlfV3Bxv7k65HYwkikxat0+s3pV4bsqf19k25Ur8rU=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/philhofer/fwd v1.0.0 h1:UbZqGr5Y38ApvM/V/jEljVxwocdweyH+vmYvRPBnbqQ=
 github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
 github.com/pierrec/lz4 v2.0.5+incompatible h1:2xWsjqPFWcplujydGg4WmhC/6fZqK42wMM8aXeqhl0I=
 github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -143,6 +172,7 @@ github.com/prometheus/procfs v0.0.5 h1:3+auTFlqw+ZaQYJARz6ArODtkaIwtvBTx3N2NehQl
 github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5 h1:mZHayPoR0lNmnHyvtYjDeq0zlVHn9K/ZXoy17ylucdo=
 github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5/go.mod h1:GEXHk5HgEKCvEIIrSpFI3ozzG5xOKA2DVlEX/gGnewM=
+github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -152,16 +182,28 @@ github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/tinylib/msgp v1.1.0 h1:9fQd+ICuRIu/ue4vxJZu6/LzxN0HwMds2nq/0cFvxHU=
 github.com/tinylib/msgp v1.1.0/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE=
+github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
+github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8=
+github.com/weppos/publicsuffix-go v0.4.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln16JPQ02lHAdn5k=
+github.com/weppos/publicsuffix-go v0.5.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln16JPQ02lHAdn5k=
 github.com/xo/dburl v0.0.0-20191005012637-293c3298d6c0 h1:6DtWz8hNS4qbq0OCRPhdBMG9E2qKTSDKlwnP3dmZvuA=
 github.com/xo/dburl v0.0.0-20191005012637-293c3298d6c0/go.mod h1:A47W3pdWONaZmXuLZgfKLAVgUY0qvfTRM5vVDKS40S4=
+github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
+github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE=
+github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4/go.mod h1:5iU54tB79AMBcySS0R2XIyZBAVmeHranShAFELYx7is=
+github.com/zmap/zcrypto v0.0.0-20190729165852-9051775e6a2e/go.mod h1:w7kd3qXHh8FNaczNjslXqvFQiv5mMWRXlL9klTUAHc8=
+github.com/zmap/zlint v0.0.0-20190806154020-fd021b4cfbeb/go.mod h1:29UiAJNsiVdvTBFCJW8e3q6dcDbOoPkhMgttOSCIMMY=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -185,6 +227,7 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -195,6 +238,7 @@ golang.org/x/sys v0.0.0-20191008105621-543471e840be h1:QAcqgptGM8IQBC9K/RC4o+O9Y
 golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191020212454-3e7259c5e7c2 h1:nq114VpM8lsSlP+lyUbANecYHYiFcSNFtqcBlxRV+gA=
 golang.org/x/sys v0.0.0-20191020212454-3e7259c5e7c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
diff --git a/vendor/github.com/certifi/gocertifi/.travis.yml b/vendor/github.com/certifi/gocertifi/.travis.yml
new file mode 100644
index 00000000..c41119d5
--- /dev/null
+++ b/vendor/github.com/certifi/gocertifi/.travis.yml
@@ -0,0 +1,13 @@
+---
+language: go
+go:
+- tip
+- 1.12.x
+- 1.11.x
+- 1.10.x
+- 1.9.x
+- 1.8.x
+sudo: false
+
+# Forks will use that path for checkout
+go_import_path: github.com/certifi/gocertifi
diff --git a/vendor/github.com/certifi/gocertifi/LICENSE b/vendor/github.com/certifi/gocertifi/LICENSE
index cfd5dcbb..14e2f777 100644
--- a/vendor/github.com/certifi/gocertifi/LICENSE
+++ b/vendor/github.com/certifi/gocertifi/LICENSE
@@ -1,3 +1,373 @@
-This Source Code Form is subject to the terms of the Mozilla Public License,
-v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain
-one at http://mozilla.org/MPL/2.0/.
+Mozilla Public License Version 2.0
+==================================
+
+1. Definitions
+--------------
+
+1.1. "Contributor"
+    means each individual or legal entity that creates, contributes to
+    the creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+    means the combination of the Contributions of others (if any) used
+    by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+    means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+    means Source Code Form to which the initial Contributor has attached
+    the notice in Exhibit A, the Executable Form of such Source Code
+    Form, and Modifications of such Source Code Form, in each case
+    including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+    means
+
+    (a) that the initial Contributor has attached the notice described
+        in Exhibit B to the Covered Software; or
+
+    (b) that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the
+        terms of a Secondary License.
+
+1.6. "Executable Form"
+    means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+    means a work that combines Covered Software with other material, in 
+    a separate file or files, that is not Covered Software.
+
+1.8. "License"
+    means this document.
+
+1.9. "Licensable"
+    means having the right to grant, to the maximum extent possible,
+    whether at the time of the initial grant or subsequently, any and
+    all of the rights conveyed by this License.
+
+1.10. "Modifications"
+    means any of the following:
+
+    (a) any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered
+        Software; or
+
+    (b) any new file in Source Code Form that contains any Covered
+        Software.
+
+1.11. "Patent Claims" of a Contributor
+    means any patent claim(s), including without limitation, method,
+    process, and apparatus claims, in any patent Licensable by such
+    Contributor that would be infringed, but for the grant of the
+    License, by the making, using, selling, offering for sale, having
+    made, import, or transfer of either its Contributions or its
+    Contributor Version.
+
+1.12. "Secondary License"
+    means either the GNU General Public License, Version 2.0, the GNU
+    Lesser General Public License, Version 2.1, the GNU Affero General
+    Public License, Version 3.0, or any later versions of those
+    licenses.
+
+1.13. "Source Code Form"
+    means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+    means an individual or a legal entity exercising rights under this
+    License. For legal entities, "You" includes any entity that
+    controls, is controlled by, or is under common control with You. For
+    purposes of this definition, "control" means (a) the power, direct
+    or indirect, to cause the direction or management of such entity,
+    whether by contract or otherwise, or (b) ownership of more than
+    fifty percent (50%) of the outstanding shares or beneficial
+    ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+    Licensable by such Contributor to use, reproduce, make available,
+    modify, display, perform, distribute, and otherwise exploit its
+    Contributions, either on an unmodified basis, with Modifications, or
+    as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+    for sale, have made, import, and otherwise transfer either its
+    Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+    or
+
+(b) for infringements caused by: (i) Your and any other third party's
+    modifications of Covered Software, or (ii) the combination of its
+    Contributions with other software (except as part of its Contributor
+    Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+    its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+    Form, as described in Section 3.1, and You must inform recipients of
+    the Executable Form how they can obtain a copy of such Source Code
+    Form by reasonable means in a timely manner, at a charge no more
+    than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+    License, or sublicense it under different terms, provided that the
+    license for the Executable Form does not attempt to limit or alter
+    the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+*                                                                      *
+*  6. Disclaimer of Warranty                                           *
+*  -------------------------                                           *
+*                                                                      *
+*  Covered Software is provided under this License on an "as is"       *
+*  basis, without warranty of any kind, either expressed, implied, or  *
+*  statutory, including, without limitation, warranties that the       *
+*  Covered Software is free of defects, merchantable, fit for a        *
+*  particular purpose or non-infringing. The entire risk as to the     *
+*  quality and performance of the Covered Software is with You.        *
+*  Should any Covered Software prove defective in any respect, You     *
+*  (not any Contributor) assume the cost of any necessary servicing,   *
+*  repair, or correction. This disclaimer of warranty constitutes an   *
+*  essential part of this License. No use of any Covered Software is   *
+*  authorized under this License except under this disclaimer.         *
+*                                                                      *
+************************************************************************
+
+************************************************************************
+*                                                                      *
+*  7. Limitation of Liability                                          *
+*  --------------------------                                          *
+*                                                                      *
+*  Under no circumstances and under no legal theory, whether tort      *
+*  (including negligence), contract, or otherwise, shall any           *
+*  Contributor, or anyone who distributes Covered Software as          *
+*  permitted above, be liable to You for any direct, indirect,         *
+*  special, incidental, or consequential damages of any character      *
+*  including, without limitation, damages for lost profits, loss of    *
+*  goodwill, work stoppage, computer failure or malfunction, or any    *
+*  and all other commercial damages or losses, even if such party      *
+*  shall have been informed of the possibility of such damages. This   *
+*  limitation of liability shall not apply to liability for death or   *
+*  personal injury resulting from such party's negligence to the       *
+*  extent applicable law prohibits such limitation. Some               *
+*  jurisdictions do not allow the exclusion or limitation of           *
+*  incidental or consequential damages, so this exclusion and          *
+*  limitation may not apply to You.                                    *
+*                                                                      *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - "Incompatible With Secondary Licenses" Notice
+---------------------------------------------------------
+
+  This Source Code Form is "Incompatible With Secondary Licenses", as
+  defined by the Mozilla Public License, v. 2.0.
diff --git a/vendor/github.com/certifi/gocertifi/README.md b/vendor/github.com/certifi/gocertifi/README.md
index 1c01b110..b392d353 100644
--- a/vendor/github.com/certifi/gocertifi/README.md
+++ b/vendor/github.com/certifi/gocertifi/README.md
@@ -9,14 +9,14 @@ This is the same CA bundle that ships with the
 Golang specific port of [certifi](https://github.com/kennethreitz/certifi). The
 CA bundle is derived from Mozilla's canonical set.
 
-## Usage
+## Usage
 
 You can use the `gocertifi` package as follows:
 
 ```go
 import "github.com/certifi/gocertifi"
 
-cert_pool, err := gocertifi.CACerts()
+certPool, err := gocertifi.CACerts()
 ```
 
 You can use the returned `*x509.CertPool` as part of an HTTP transport, for example:
@@ -29,8 +29,22 @@ import (
 
 // Setup an HTTP client with a custom transport
 transport := &http.Transport{
-	TLSClientConfig: &tls.Config{RootCAs: cert_pool},
+  Proxy: ProxyFromEnvironment,
+  DialContext: (&net.Dialer{
+    Timeout:   30 * time.Second,
+    KeepAlive: 30 * time.Second,
+    DualStack: true,
+  }).DialContext,
+  ForceAttemptHTTP2:     true,
+  MaxIdleConns:          100,
+  IdleConnTimeout:       90 * time.Second,
+  TLSHandshakeTimeout:   10 * time.Second,
+  ExpectContinueTimeout: 1 * time.Second,
 }
+// or, starting with go1.13 simply use:
+// transport := http.DefaultTransport.(*http.Transport).Clone()
+
+transport.TLSClientConfig = &tls.Config{RootCAs: certPool}
 client := &http.Client{Transport: transport}
 
 // Make an HTTP request using our custom transport
diff --git a/vendor/github.com/certifi/gocertifi/certifi.go b/vendor/github.com/certifi/gocertifi/certifi.go
index 75bf74f6..a43244aa 100644
--- a/vendor/github.com/certifi/gocertifi/certifi.go
+++ b/vendor/github.com/certifi/gocertifi/certifi.go
@@ -1,9 +1,12 @@
+// Code generated by go generate; DO NOT EDIT.
+// 2020-02-11 10:00:50.717122 -0800 PST m=+0.664468880
+// https://mkcert.org/generate/
+
 package gocertifi
 
-import (
-	"crypto/x509"
-	"errors"
-)
+//go:generate go run gen.go "https://mkcert.org/generate/"
+
+import "crypto/x509"
 
 const pemcerts string = `
 
@@ -334,36 +337,6 @@ OCiNUW7dFGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH
 QMAJKOSLakhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS
 -----END CERTIFICATE-----
 
-# Issuer: CN=Visa eCommerce Root O=VISA OU=Visa International Service Association
-# Subject: CN=Visa eCommerce Root O=VISA OU=Visa International Service Association
-# Label: "Visa eCommerce Root"
-# Serial: 25952180776285836048024890241505565794
-# MD5 Fingerprint: fc:11:b8:d8:08:93:30:00:6d:23:f9:7e:eb:52:1e:02
-# SHA1 Fingerprint: 70:17:9b:86:8c:00:a4:fa:60:91:52:22:3f:9f:3e:32:bd:e0:05:62
-# SHA256 Fingerprint: 69:fa:c9:bd:55:fb:0a:c7:8d:53:bb:ee:5c:f1:d5:97:98:9f:d0:aa:ab:20:a2:51:51:bd:f1:73:3e:e7:d1:22
------BEGIN CERTIFICATE-----
-MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBr
-MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl
-cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv
-bW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0MDAxNjEyWjBrMQsw
-CQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5h
-dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1l
-cmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h
-2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4E
-lpF7sDPwsRROEW+1QK8bRaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdV
-ZqW1LS7YgFmypw23RuwhY/81q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq
-299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0t
-vz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaL
-dXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
-AgEGMB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUF
-AAOCAQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR
-zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3
-LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGIxHYdkFsd
-7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBuYQa7FkKMcPcw
-++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt
-398znM/jra6O1I7mT1GvFpLgXPYHDw==
------END CERTIFICATE-----
-
 # Issuer: CN=AAA Certificate Services O=Comodo CA Limited
 # Subject: CN=AAA Certificate Services O=Comodo CA Limited
 # Label: "Comodo AAA Services root"
@@ -809,36 +782,6 @@ vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
 +OkuE6N36B9K
 -----END CERTIFICATE-----
 
-# Issuer: CN=Class 2 Primary CA O=Certplus
-# Subject: CN=Class 2 Primary CA O=Certplus
-# Label: "Certplus Class 2 Primary CA"
-# Serial: 177770208045934040241468760488327595043
-# MD5 Fingerprint: 88:2c:8c:52:b8:a2:3c:f3:f7:bb:03:ea:ae:ac:42:0b
-# SHA1 Fingerprint: 74:20:74:41:72:9c:dd:92:ec:79:31:d8:23:10:8d:c2:81:92:e2:bb
-# SHA256 Fingerprint: 0f:99:3c:8a:ef:97:ba:af:56:87:14:0e:d5:9a:d1:82:1b:b4:af:ac:f0:aa:9a:58:b5:d5:7a:33:8a:3a:fb:cb
------BEGIN CERTIFICATE-----
-MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw
-PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz
-cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9
-MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz
-IDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQ
-ltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR5aiR
-VhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyL
-kcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCd
-EgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas
-H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0
-HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1Ud
-DwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4
-QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMu
-Y29tL0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/
-AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8
-yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR
-FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA
-ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB
-kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7
-l7+ijrRU
------END CERTIFICATE-----
-
 # Issuer: CN=DST Root CA X3 O=Digital Signature Trust Co.
 # Subject: CN=DST Root CA X3 O=Digital Signature Trust Co.
 # Label: "DST Root CA X3"
@@ -1257,36 +1200,6 @@ t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw
 WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg==
 -----END CERTIFICATE-----
 
-# Issuer: CN=Deutsche Telekom Root CA 2 O=Deutsche Telekom AG OU=T-TeleSec Trust Center
-# Subject: CN=Deutsche Telekom Root CA 2 O=Deutsche Telekom AG OU=T-TeleSec Trust Center
-# Label: "Deutsche Telekom Root CA 2"
-# Serial: 38
-# MD5 Fingerprint: 74:01:4a:91:b1:08:c4:58:ce:47:cd:f0:dd:11:53:08
-# SHA1 Fingerprint: 85:a4:08:c0:9c:19:3e:5d:51:58:7d:cd:d6:13:30:fd:8c:de:37:bf
-# SHA256 Fingerprint: b6:19:1a:50:d0:c3:97:7f:7d:a9:9b:cd:aa:c8:6a:22:7d:ae:b9:67:9e:c7:0b:a3:b0:c9:d9:22:71:c1:70:d3
------BEGIN CERTIFICATE-----
-MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc
-MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj
-IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB
-IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE
-RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxl
-U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290
-IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEU
-ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhC
-QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr
-rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1S
-NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0moc
-QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoH
-txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAP
-BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC
-AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp
-tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpa
-IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl
-6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+
-xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU
-Cm26OWMohpLzGITY+9HPBVZkVw==
------END CERTIFICATE-----
-
 # Issuer: CN=Cybertrust Global Root O=Cybertrust, Inc
 # Subject: CN=Cybertrust Global Root O=Cybertrust, Inc
 # Label: "Cybertrust Global Root"
@@ -2238,6 +2151,45 @@ t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy
 SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03
 -----END CERTIFICATE-----
 
+# Issuer: CN=EC-ACC O=Agencia Catalana de Certificacio (NIF Q-0801176-I) OU=Serveis Publics de Certificacio/Vegeu https://www.catcert.net/verarrel (c)03/Jerarquia Entitats de Certificacio Catalanes
+# Subject: CN=EC-ACC O=Agencia Catalana de Certificacio (NIF Q-0801176-I) OU=Serveis Publics de Certificacio/Vegeu https://www.catcert.net/verarrel (c)03/Jerarquia Entitats de Certificacio Catalanes
+# Label: "EC-ACC"
+# Serial: -23701579247955709139626555126524820479
+# MD5 Fingerprint: eb:f5:9d:29:0d:61:f9:42:1f:7c:c2:ba:6d:e3:15:09
+# SHA1 Fingerprint: 28:90:3a:63:5b:52:80:fa:e6:77:4c:0b:6d:a7:d6:ba:a6:4a:f2:e8
+# SHA256 Fingerprint: 88:49:7f:01:60:2f:31:54:24:6a:e2:8c:4d:5a:ef:10:f1:d8:7e:bb:76:62:6f:4a:e0:b7:f9:5b:a7:96:87:99
+-----BEGIN CERTIFICATE-----
+MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB
+8zELMAkGA1UEBhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2Vy
+dGlmaWNhY2lvIChOSUYgUS0wODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1
+YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYDVQQLEyxWZWdldSBodHRwczovL3d3
+dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UECxMsSmVyYXJxdWlh
+IEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMTBkVD
+LUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQG
+EwJFUzE7MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8g
+KE5JRiBRLTA4MDExNzYtSSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBD
+ZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZlZ2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQu
+bmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJhcnF1aWEgRW50aXRhdHMg
+ZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUNDMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R
+85iKw5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm
+4CgPukLjbo73FCeTae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaV
+HMf5NLWUhdWZXqBIoH7nF2W4onW4HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNd
+QlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0aE9jD2z3Il3rucO2n5nzbcc8t
+lGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw0JDnJwIDAQAB
+o4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4
+opvpXY0wfwYDVR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBo
+dHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidW
+ZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAwDQYJKoZIhvcN
+AQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJlF7W2u++AVtd0x7Y
+/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNaAl6k
+SBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhy
+Rp/7SNVel+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOS
+Agu+TGbrIP65y7WZf+a2E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xl
+nJ2lYJU6Un/10asIbvPuW/mIPX64b24D5EI=
+-----END CERTIFICATE-----
+
 # Issuer: CN=Hellenic Academic and Research Institutions RootCA 2011 O=Hellenic Academic and Research Institutions Cert. Authority
 # Subject: CN=Hellenic Academic and Research Institutions RootCA 2011 O=Hellenic Academic and Research Institutions Cert. Authority
 # Label: "Hellenic Academic and Research Institutions RootCA 2011"
@@ -3491,79 +3443,6 @@ AAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3CekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ
 5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su
 -----END CERTIFICATE-----
 
-# Issuer: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5 O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş.
-# Subject: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5 O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş.
-# Label: "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
-# Serial: 156233699172481
-# MD5 Fingerprint: da:70:8e:f0:22:df:93:26:f6:5f:9f:d3:15:06:52:4e
-# SHA1 Fingerprint: c4:18:f6:4d:46:d1:df:00:3d:27:30:13:72:43:a9:12:11:c6:75:fb
-# SHA256 Fingerprint: 49:35:1b:90:34:44:c1:85:cc:dc:5c:69:3d:24:d8:55:5c:b2:08:d6:a8:14:13:07:69:9f:4a:f0:63:19:9d:78
------BEGIN CERTIFICATE-----
-MIIEJzCCAw+gAwIBAgIHAI4X/iQggTANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UE
-BhMCVFIxDzANBgNVBAcMBkFua2FyYTFNMEsGA1UECgxEVMOcUktUUlVTVCBCaWxn
-aSDEsGxldGnFn2ltIHZlIEJpbGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkg
-QS7Fni4xQjBABgNVBAMMOVTDnFJLVFJVU1QgRWxla3Ryb25payBTZXJ0aWZpa2Eg
-SGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSBINTAeFw0xMzA0MzAwODA3MDFaFw0yMzA0
-MjgwODA3MDFaMIGxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMU0wSwYD
-VQQKDERUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8
-dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLjFCMEAGA1UEAww5VMOcUktUUlVTVCBF
-bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIEg1MIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCUZ4WWe60ghUEoI5RHwWrom
-/4NZzkQqL/7hzmAD/I0Dpe3/a6i6zDQGn1k19uwsu537jVJp45wnEFPzpALFp/kR
-Gml1bsMdi9GYjZOHp3GXDSHHmflS0yxjXVW86B8BSLlg/kJK9siArs1mep5Fimh3
-4khon6La8eHBEJ/rPCmBp+EyCNSgBbGM+42WAA4+Jd9ThiI7/PS98wl+d+yG6w8z
-5UNP9FR1bSmZLmZaQ9/LXMrI5Tjxfjs1nQ/0xVqhzPMggCTTV+wVunUlm+hkS7M0
-hO8EuPbJbKoCPrZV4jI3X/xml1/N1p7HIL9Nxqw/dV8c7TKcfGkAaZHjIxhT6QID
-AQABo0IwQDAdBgNVHQ4EFgQUVpkHHtOsDGlktAxQR95DLL4gwPswDgYDVR0PAQH/
-BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJ5FdnsX
-SDLyOIspve6WSk6BGLFRRyDN0GSxDsnZAdkJzsiZ3GglE9Rc8qPoBP5yCccLqh0l
-VX6Wmle3usURehnmp349hQ71+S4pL+f5bFgWV1Al9j4uPqrtd3GqqpmWRgqujuwq
-URawXs3qZwQcWDD1YIq9pr1N5Za0/EKJAWv2cMhQOQwt1WbZyNKzMrcbGW3LM/nf
-peYVhDfwwvJllpKQd/Ct9JDpEXjXk4nAPQu6KfTomZ1yju2dL+6SfaHx/126M2CF
-Yv4HAqGEVka+lgqaE9chTLd8B59OTj+RdPsnnRHM3eaxynFNExc5JsUpISuTKWqW
-+qtB4Uu2NQvAmxU=
------END CERTIFICATE-----
-
-# Issuer: CN=Certinomis - Root CA O=Certinomis OU=0002 433998903
-# Subject: CN=Certinomis - Root CA O=Certinomis OU=0002 433998903
-# Label: "Certinomis - Root CA"
-# Serial: 1
-# MD5 Fingerprint: 14:0a:fd:8d:a8:28:b5:38:69:db:56:7e:61:22:03:3f
-# SHA1 Fingerprint: 9d:70:bb:01:a5:a4:a0:18:11:2e:f7:1c:01:b9:32:c5:34:e7:88:a8
-# SHA256 Fingerprint: 2a:99:f5:bc:11:74:b7:3c:bb:1d:62:08:84:e0:1c:34:e5:1c:cb:39:78:da:12:5f:0e:33:26:88:83:bf:41:58
------BEGIN CERTIFICATE-----
-MIIFkjCCA3qgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJGUjET
-MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxHTAb
-BgNVBAMTFENlcnRpbm9taXMgLSBSb290IENBMB4XDTEzMTAyMTA5MTcxOFoXDTMz
-MTAyMTA5MTcxOFowWjELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNlcnRpbm9taXMx
-FzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMR0wGwYDVQQDExRDZXJ0aW5vbWlzIC0g
-Um9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANTMCQosP5L2
-fxSeC5yaah1AMGT9qt8OHgZbn1CF6s2Nq0Nn3rD6foCWnoR4kkjW4znuzuRZWJfl
-LieY6pOod5tK8O90gC3rMB+12ceAnGInkYjwSond3IjmFPnVAy//ldu9n+ws+hQV
-WZUKxkd8aRi5pwP5ynapz8dvtF4F/u7BUrJ1Mofs7SlmO/NKFoL21prbcpjp3vDF
-TKWrteoB4owuZH9kb/2jJZOLyKIOSY008B/sWEUuNKqEUL3nskoTuLAPrjhdsKkb
-5nPJWqHZZkCqqU2mNAKthH6yI8H7KsZn9DS2sJVqM09xRLWtwHkziOC/7aOgFLSc
-CbAK42C++PhmiM1b8XcF4LVzbsF9Ri6OSyemzTUK/eVNfaoqoynHWmgE6OXWk6Ri
-wsXm9E/G+Z8ajYJJGYrKWUM66A0ywfRMEwNvbqY/kXPLynNvEiCL7sCCeN5LLsJJ
-wx3tFvYk9CcbXFcx3FXuqB5vbKziRcxXV4p1VxngtViZSTYxPDMBbRZKzbgqg4SG
-m/lg0h9tkQPTYKbVPZrdd5A9NaSfD171UkRpucC63M9933zZxKyGIjK8e2uR73r4
-F2iw4lNVYC2vPsKD2NkJK/DAZNuHi5HMkesE/Xa0lZrmFAYb1TQdvtj/dBxThZng
-WVJKYe2InmtJiUZ+IFrZ50rlau7SZRFDAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIB
-BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTvkUz1pcMw6C8I6tNxIqSSaHh0
-2TAfBgNVHSMEGDAWgBTvkUz1pcMw6C8I6tNxIqSSaHh02TANBgkqhkiG9w0BAQsF
-AAOCAgEAfj1U2iJdGlg+O1QnurrMyOMaauo++RLrVl89UM7g6kgmJs95Vn6RHJk/
-0KGRHCwPT5iVWVO90CLYiF2cN/z7ZMF4jIuaYAnq1fohX9B0ZedQxb8uuQsLrbWw
-F6YSjNRieOpWauwK0kDDPAUwPk2Ut59KA9N9J0u2/kTO+hkzGm2kQtHdzMjI1xZS
-g081lLMSVX3l4kLr5JyTCcBMWwerx20RoFAXlCOotQqSD7J6wWAsOMwaplv/8gzj
-qh8c3LigkyfeY+N/IZ865Z764BNqdeuWXGKRlI5nU7aJ+BIJy29SWwNyhlCVCNSN
-h4YVH5Uk2KRvms6knZtt0rJ2BobGVgjF6wnaNsIbW0G+YSrjcOa4pvi2WsS9Iff/
-ql+hbHY5ZtbqTFXhADObE5hjyW/QASAJN1LnDE8+zbz1X5YnpyACleAu6AdBBR8V
-btaw5BngDwKTACdyxYvRVB9dSsNAl35VpnzBMwQUAR1JIGkLGZOdblgi90AMRgwj
-Y/M50n92Uaf0yKHxDHYiI0ZSKS3io0EHVmmY0gUJvGnHWmHNj4FgFU2A3ZDifcRQ
-8ow7bkrHxuaAKzyBvBGAFhAn1/DNP3nMcyrDflOR1m749fPH0FFNjkulW+YZFzvW
-gQncItzujrnEj1PhZ7szuIgVRs/taTX/dQ1G885x4cVrhkIGuUE=
------END CERTIFICATE-----
-
 # Issuer: CN=OISTE WISeKey Global Root GB CA O=WISeKey OU=OISTE Foundation Endorsed
 # Subject: CN=OISTE WISeKey Global Root GB CA O=WISeKey OU=OISTE Foundation Endorsed
 # Label: "OISTE WISeKey Global Root GB CA"
@@ -3733,169 +3612,6 @@ lSTAGiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7Sof
 TUwJCA3sS61kFyjndc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR
 -----END CERTIFICATE-----
 
-# Issuer: CN=Certplus Root CA G1 O=Certplus
-# Subject: CN=Certplus Root CA G1 O=Certplus
-# Label: "Certplus Root CA G1"
-# Serial: 1491911565779898356709731176965615564637713
-# MD5 Fingerprint: 7f:09:9c:f7:d9:b9:5c:69:69:56:d5:37:3e:14:0d:42
-# SHA1 Fingerprint: 22:fd:d0:b7:fd:a2:4e:0d:ac:49:2c:a0:ac:a6:7b:6a:1f:e3:f7:66
-# SHA256 Fingerprint: 15:2a:40:2b:fc:df:2c:d5:48:05:4d:22:75:b3:9c:7f:ca:3e:c0:97:80:78:b0:f0:ea:76:e5:61:a6:c7:43:3e
------BEGIN CERTIFICATE-----
-MIIFazCCA1OgAwIBAgISESBVg+QtPlRWhS2DN7cs3EYRMA0GCSqGSIb3DQEBDQUA
-MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy
-dHBsdXMgUm9vdCBDQSBHMTAeFw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBa
-MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy
-dHBsdXMgUm9vdCBDQSBHMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
-ANpQh7bauKk+nWT6VjOaVj0W5QOVsjQcmm1iBdTYj+eJZJ+622SLZOZ5KmHNr49a
-iZFluVj8tANfkT8tEBXgfs+8/H9DZ6itXjYj2JizTfNDnjl8KvzsiNWI7nC9hRYt
-6kuJPKNxQv4c/dMcLRC4hlTqQ7jbxofaqK6AJc96Jh2qkbBIb6613p7Y1/oA/caP
-0FG7Yn2ksYyy/yARujVjBYZHYEMzkPZHogNPlk2dT8Hq6pyi/jQu3rfKG3akt62f
-6ajUeD94/vI4CTYd0hYCyOwqaK/1jpTvLRN6HkJKHRUxrgwEV/xhc/MxVoYxgKDE
-EW4wduOU8F8ExKyHcomYxZ3MVwia9Az8fXoFOvpHgDm2z4QTd28n6v+WZxcIbekN
-1iNQMLAVdBM+5S//Ds3EC0pd8NgAM0lm66EYfFkuPSi5YXHLtaW6uOrc4nBvCGrc
-h2c0798wct3zyT8j/zXhviEpIDCB5BmlIOklynMxdCm+4kLV87ImZsdo/Rmz5yCT
-mehd4F6H50boJZwKKSTUzViGUkAksnsPmBIgJPaQbEfIDbsYIC7Z/fyL8inqh3SV
-4EJQeIQEQWGw9CEjjy3LKCHyamz0GqbFFLQ3ZU+V/YDI+HLlJWvEYLF7bY5KinPO
-WftwenMGE9nTdDckQQoRb5fc5+R+ob0V8rqHDz1oihYHAgMBAAGjYzBhMA4GA1Ud
-DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSowcCbkahDFXxd
-Bie0KlHYlwuBsTAfBgNVHSMEGDAWgBSowcCbkahDFXxdBie0KlHYlwuBsTANBgkq
-hkiG9w0BAQ0FAAOCAgEAnFZvAX7RvUz1isbwJh/k4DgYzDLDKTudQSk0YcbX8ACh
-66Ryj5QXvBMsdbRX7gp8CXrc1cqh0DQT+Hern+X+2B50ioUHj3/MeXrKls3N/U/7
-/SMNkPX0XtPGYX2eEeAC7gkE2Qfdpoq3DIMku4NQkv5gdRE+2J2winq14J2by5BS
-S7CTKtQ+FjPlnsZlFT5kOwQ/2wyPX1wdaR+v8+khjPPvl/aatxm2hHSco1S1cE5j
-2FddUyGbQJJD+tZ3VTNPZNX70Cxqjm0lpu+F6ALEUz65noe8zDUa3qHpimOHZR4R
-Kttjd5cUvpoUmRGywO6wT/gUITJDT5+rosuoD6o7BlXGEilXCNQ314cnrUlZp5Gr
-RHpejXDbl85IULFzk/bwg2D5zfHhMf1bfHEhYxQUqq/F3pN+aLHsIqKqkHWetUNy
-6mSjhEv9DKgma3GX7lZjZuhCVPnHHd/Qj1vfyDBviP4NxDMcU6ij/UgQ8uQKTuEV
-V/xuZDDCVRHc6qnNSlSsKWNEz0pAoNZoWRsz+e86i9sgktxChL8Bq4fA1SCC28a5
-g4VCXA9DO2pJNdWY9BW/+mGBDAkgGNLQFwzLSABQ6XaCjGTXOqAHVcweMcDvOrRl
-++O/QmueD6i9a5jc2NvLi6Td11n0bt3+qsOR0C5CB8AMTVPNJLFMWx5R9N/pkvo=
------END CERTIFICATE-----
-
-# Issuer: CN=Certplus Root CA G2 O=Certplus
-# Subject: CN=Certplus Root CA G2 O=Certplus
-# Label: "Certplus Root CA G2"
-# Serial: 1492087096131536844209563509228951875861589
-# MD5 Fingerprint: a7:ee:c4:78:2d:1b:ee:2d:b9:29:ce:d6:a7:96:32:31
-# SHA1 Fingerprint: 4f:65:8e:1f:e9:06:d8:28:02:e9:54:47:41:c9:54:25:5d:69:cc:1a
-# SHA256 Fingerprint: 6c:c0:50:41:e6:44:5e:74:69:6c:4c:fb:c9:f8:0f:54:3b:7e:ab:bb:44:b4:ce:6f:78:7c:6a:99:71:c4:2f:17
------BEGIN CERTIFICATE-----
-MIICHDCCAaKgAwIBAgISESDZkc6uo+jF5//pAq/Pc7xVMAoGCCqGSM49BAMDMD4x
-CzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBs
-dXMgUm9vdCBDQSBHMjAeFw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBaMD4x
-CzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBs
-dXMgUm9vdCBDQSBHMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABM0PW1aC3/BFGtat
-93nwHcmsltaeTpwftEIRyoa/bfuFo8XlGVzX7qY/aWfYeOKmycTbLXku54uNAm8x
-Ik0G42ByRZ0OQneezs/lf4WbGOT8zC5y0xaTTsqZY1yhBSpsBqNjMGEwDgYDVR0P
-AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNqDYwJ5jtpMxjwj
-FNiPwyCrKGBZMB8GA1UdIwQYMBaAFNqDYwJ5jtpMxjwjFNiPwyCrKGBZMAoGCCqG
-SM49BAMDA2gAMGUCMHD+sAvZ94OX7PNVHdTcswYO/jOYnYs5kGuUIe22113WTNch
-p+e/IQ8rzfcq3IUHnQIxAIYUFuXcsGXCwI4Un78kFmjlvPl5adytRSv3tjFzzAal
-U5ORGpOucGpnutee5WEaXw==
------END CERTIFICATE-----
-
-# Issuer: CN=OpenTrust Root CA G1 O=OpenTrust
-# Subject: CN=OpenTrust Root CA G1 O=OpenTrust
-# Label: "OpenTrust Root CA G1"
-# Serial: 1492036577811947013770400127034825178844775
-# MD5 Fingerprint: 76:00:cc:81:29:cd:55:5e:88:6a:7a:2e:f7:4d:39:da
-# SHA1 Fingerprint: 79:91:e8:34:f7:e2:ee:dd:08:95:01:52:e9:55:2d:14:e9:58:d5:7e
-# SHA256 Fingerprint: 56:c7:71:28:d9:8c:18:d9:1b:4c:fd:ff:bc:25:ee:91:03:d4:75:8e:a2:ab:ad:82:6a:90:f3:45:7d:46:0e:b4
------BEGIN CERTIFICATE-----
-MIIFbzCCA1egAwIBAgISESCzkFU5fX82bWTCp59rY45nMA0GCSqGSIb3DQEBCwUA
-MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9w
-ZW5UcnVzdCBSb290IENBIEcxMB4XDTE0MDUyNjA4NDU1MFoXDTM4MDExNTAwMDAw
-MFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwU
-T3BlblRydXN0IFJvb3QgQ0EgRzEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
-AoICAQD4eUbalsUwXopxAy1wpLuwxQjczeY1wICkES3d5oeuXT2R0odsN7faYp6b
-wiTXj/HbpqbfRm9RpnHLPhsxZ2L3EVs0J9V5ToybWL0iEA1cJwzdMOWo010hOHQX
-/uMftk87ay3bfWAfjH1MBcLrARYVmBSO0ZB3Ij/swjm4eTrwSSTilZHcYTSSjFR0
-77F9jAHiOH3BX2pfJLKOYheteSCtqx234LSWSE9mQxAGFiQD4eCcjsZGT44ameGP
-uY4zbGneWK2gDqdkVBFpRGZPTBKnjix9xNRbxQA0MMHZmf4yzgeEtE7NCv82TWLx
-p2NX5Ntqp66/K7nJ5rInieV+mhxNaMbBGN4zK1FGSxyO9z0M+Yo0FMT7MzUj8czx
-Kselu7Cizv5Ta01BG2Yospb6p64KTrk5M0ScdMGTHPjgniQlQ/GbI4Kq3ywgsNw2
-TgOzfALU5nsaqocTvz6hdLubDuHAk5/XpGbKuxs74zD0M1mKB3IDVedzagMxbm+W
-G+Oin6+Sx+31QrclTDsTBM8clq8cIqPQqwWyTBIjUtz9GVsnnB47ev1CI9sjgBPw
-vFEVVJSmdz7QdFG9URQIOTfLHzSpMJ1ShC5VkLG631UAC9hWLbFJSXKAqWLXwPYY
-EQRVzXR7z2FwefR7LFxckvzluFqrTJOVoSfupb7PcSNCupt2LQIDAQABo2MwYTAO
-BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUl0YhVyE1
-2jZVx/PxN3DlCPaTKbYwHwYDVR0jBBgwFoAUl0YhVyE12jZVx/PxN3DlCPaTKbYw
-DQYJKoZIhvcNAQELBQADggIBAB3dAmB84DWn5ph76kTOZ0BP8pNuZtQ5iSas000E
-PLuHIT839HEl2ku6q5aCgZG27dmxpGWX4m9kWaSW7mDKHyP7Rbr/jyTwyqkxf3kf
-gLMtMrpkZ2CvuVnN35pJ06iCsfmYlIrM4LvgBBuZYLFGZdwIorJGnkSI6pN+VxbS
-FXJfLkur1J1juONI5f6ELlgKn0Md/rcYkoZDSw6cMoYsYPXpSOqV7XAp8dUv/TW0
-V8/bhUiZucJvbI/NeJWsZCj9VrDDb8O+WVLhX4SPgPL0DTatdrOjteFkdjpY3H1P
-XlZs5VVZV6Xf8YpmMIzUUmI4d7S+KNfKNsSbBfD4Fdvb8e80nR14SohWZ25g/4/I
-i+GOvUKpMwpZQhISKvqxnUOOBZuZ2mKtVzazHbYNeS2WuOvyDEsMpZTGMKcmGS3t
-TAZQMPH9WD25SxdfGbRqhFS0OE85og2WaMMolP3tLR9Ka0OWLpABEPs4poEL0L91
-09S5zvE/bw4cHjdx5RiHdRk/ULlepEU0rbDK5uUTdg8xFKmOLZTW1YVNcxVPS/Ky
-Pu1svf0OnWZzsD2097+o4BGkxK51CUpjAEggpsadCwmKtODmzj7HPiY46SvepghJ
-AwSQiumPv+i2tCqjI40cHLI5kqiPAlxAOXXUc0ECd97N4EOH1uS6SsNsEn/+KuYj
-1oxx
------END CERTIFICATE-----
-
-# Issuer: CN=OpenTrust Root CA G2 O=OpenTrust
-# Subject: CN=OpenTrust Root CA G2 O=OpenTrust
-# Label: "OpenTrust Root CA G2"
-# Serial: 1492012448042702096986875987676935573415441
-# MD5 Fingerprint: 57:24:b6:59:24:6b:ae:c8:fe:1c:0c:20:f2:c0:4e:eb
-# SHA1 Fingerprint: 79:5f:88:60:c5:ab:7c:3d:92:e6:cb:f4:8d:e1:45:cd:11:ef:60:0b
-# SHA256 Fingerprint: 27:99:58:29:fe:6a:75:15:c1:bf:e8:48:f9:c4:76:1d:b1:6c:22:59:29:25:7b:f4:0d:08:94:f2:9e:a8:ba:f2
------BEGIN CERTIFICATE-----
-MIIFbzCCA1egAwIBAgISESChaRu/vbm9UpaPI+hIvyYRMA0GCSqGSIb3DQEBDQUA
-MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9w
-ZW5UcnVzdCBSb290IENBIEcyMB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAw
-MFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwU
-T3BlblRydXN0IFJvb3QgQ0EgRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
-AoICAQDMtlelM5QQgTJT32F+D3Y5z1zCU3UdSXqWON2ic2rxb95eolq5cSG+Ntmh
-/LzubKh8NBpxGuga2F8ORAbtp+Dz0mEL4DKiltE48MLaARf85KxP6O6JHnSrT78e
-CbY2albz4e6WiWYkBuTNQjpK3eCasMSCRbP+yatcfD7J6xcvDH1urqWPyKwlCm/6
-1UWY0jUJ9gNDlP7ZvyCVeYCYitmJNbtRG6Q3ffyZO6v/v6wNj0OxmXsWEH4db0fE
-FY8ElggGQgT4hNYdvJGmQr5J1WqIP7wtUdGejeBSzFfdNTVY27SPJIjki9/ca1TS
-gSuyzpJLHB9G+h3Ykst2Z7UJmQnlrBcUVXDGPKBWCgOz3GIZ38i1MH/1PCZ1Eb3X
-G7OHngevZXHloM8apwkQHZOJZlvoPGIytbU6bumFAYueQ4xncyhZW+vj3CzMpSZy
-YhK05pyDRPZRpOLAeiRXyg6lPzq1O4vldu5w5pLeFlwoW5cZJ5L+epJUzpM5ChaH
-vGOz9bGTXOBut9Dq+WIyiET7vycotjCVXRIouZW+j1MY5aIYFuJWpLIsEPUdN6b4
-t/bQWVyJ98LVtZR00dX+G7bw5tYee9I8y6jj9RjzIR9u701oBnstXW5DiabA+aC/
-gh7PU3+06yzbXfZqfUAkBXKJOAGTy3HCOV0GEfZvePg3DTmEJwIDAQABo2MwYTAO
-BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUajn6QiL3
-5okATV59M4PLuG53hq8wHwYDVR0jBBgwFoAUajn6QiL35okATV59M4PLuG53hq8w
-DQYJKoZIhvcNAQENBQADggIBAJjLq0A85TMCl38th6aP1F5Kr7ge57tx+4BkJamz
-Gj5oXScmp7oq4fBXgwpkTx4idBvpkF/wrM//T2h6OKQQbA2xx6R3gBi2oihEdqc0
-nXGEL8pZ0keImUEiyTCYYW49qKgFbdEfwFFEVn8nNQLdXpgKQuswv42hm1GqO+qT
-RmTFAHneIWv2V6CG1wZy7HBGS4tz3aAhdT7cHcCP009zHIXZ/n9iyJVvttN7jLpT
-wm+bREx50B1ws9efAvSyB7DH5fitIw6mVskpEndI2S9G/Tvw/HRwkqWOOAgfZDC2
-t0v7NqwQjqBSM2OdAzVWxWm9xiNaJ5T2pBL4LTM8oValX9YZ6e18CL13zSdkzJTa
-TkZQh+D5wVOAHrut+0dSixv9ovneDiK3PTNZbNTe9ZUGMg1RGUFcPk8G97krgCf2
-o6p6fAbhQ8MTOWIaNr3gKC6UAuQpLmBVrkA9sHSSXvAgZJY/X0VdiLWK2gKgW0VU
-3jg9CcCoSmVGFvyqv1ROTVu+OEO3KMqLM6oaJbolXCkvW0pujOotnCr2BXbgd5eA
-iN1nE28daCSLT7d0geX0YJ96Vdc+N9oWaz53rK4YcJUIeSkDiv7BO7M/Gg+kO14f
-WKGVyasvc0rQLW6aWQ9VGHgtPFGml4vmu7JwqkwR3v98KzfUetF3NI/n+UL3PIEM
-S1IK
------END CERTIFICATE-----
-
-# Issuer: CN=OpenTrust Root CA G3 O=OpenTrust
-# Subject: CN=OpenTrust Root CA G3 O=OpenTrust
-# Label: "OpenTrust Root CA G3"
-# Serial: 1492104908271485653071219941864171170455615
-# MD5 Fingerprint: 21:37:b4:17:16:92:7b:67:46:70:a9:96:d7:a8:13:24
-# SHA1 Fingerprint: 6e:26:64:f3:56:bf:34:55:bf:d1:93:3f:7c:01:de:d8:13:da:8a:a6
-# SHA256 Fingerprint: b7:c3:62:31:70:6e:81:07:8c:36:7c:b8:96:19:8f:1e:32:08:dd:92:69:49:dd:8f:57:09:a4:10:f7:5b:62:92
------BEGIN CERTIFICATE-----
-MIICITCCAaagAwIBAgISESDm+Ez8JLC+BUCs2oMbNGA/MAoGCCqGSM49BAMDMEAx
-CzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5U
-cnVzdCBSb290IENBIEczMB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAwMFow
-QDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwUT3Bl
-blRydXN0IFJvb3QgQ0EgRzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARK7liuTcpm
-3gY6oxH84Bjwbhy6LTAMidnW7ptzg6kjFYwvWYpa3RTqnVkrQ7cG7DK2uu5Bta1d
-oYXM6h0UZqNnfkbilPPntlahFVmhTzeXuSIevRHr9LIfXsMUmuXZl5mjYzBhMA4G
-A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRHd8MUi2I5
-DMlv4VBN0BBY3JWIbTAfBgNVHSMEGDAWgBRHd8MUi2I5DMlv4VBN0BBY3JWIbTAK
-BggqhkjOPQQDAwNpADBmAjEAj6jcnboMBBf6Fek9LykBl7+BFjNAk2z8+e2AcG+q
-j9uEwov1NcoG3GRvaBbhj5G5AjEA2Euly8LQCGzpGPta3U1fJAuwACEl74+nBCZx
-4nxp5V2a+EEfOzmTk51V6s2N8fvB
------END CERTIFICATE-----
-
 # Issuer: CN=ISRG Root X1 O=Internet Security Research Group
 # Subject: CN=ISRG Root X1 O=Internet Security Research Group
 # Label: "ISRG Root X1"
@@ -4439,18 +4155,509 @@ MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe5d7SgarNqC1kUbbZcpuX
 ytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZg
 h5Mmm7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg==
 -----END CERTIFICATE-----
+
+# Issuer: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R6
+# Subject: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R6
+# Label: "GlobalSign Root CA - R6"
+# Serial: 1417766617973444989252670301619537
+# MD5 Fingerprint: 4f:dd:07:e4:d4:22:64:39:1e:0c:37:42:ea:d1:c6:ae
+# SHA1 Fingerprint: 80:94:64:0e:b5:a7:a1:ca:11:9c:1f:dd:d5:9f:81:02:63:a7:fb:d1
+# SHA256 Fingerprint: 2c:ab:ea:fe:37:d0:6c:a2:2a:ba:73:91:c0:03:3d:25:98:29:52:c4:53:64:73:49:76:3a:3a:b5:ad:6c:cf:69
+-----BEGIN CERTIFICATE-----
+MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEg
+MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2Jh
+bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQx
+MjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjET
+MBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQssgrRI
+xutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1k
+ZguSgMpE3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxD
+aNc9PIrFsmbVkJq3MQbFvuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJw
+LnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqMPKq0pPbzlUoSB239jLKJz9CgYXfIWHSw
+1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+azayOeSsJDa38O+2HBNX
+k7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05OWgtH8wY2
+SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/h
+bguyCLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4n
+WUx2OVvq+aWh2IMP0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpY
+rZxCRXluDocZXFSxZba/jJvcE+kNb7gu3GduyYsRtYQUigAZcIN5kZeR1Bonvzce
+MgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNVHSMEGDAWgBSu
+bAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN
+nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGt
+Ixg93eFyRJa0lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr61
+55wsTLxDKZmOMNOsIeDjHfrYBzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLj
+vUYAGm0CuiVdjaExUd1URhxN25mW7xocBFymFe944Hn+Xds+qkxV/ZoVqW/hpvvf
+cDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr3TsTjxKM4kEaSHpz
+oHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB10jZp
+nOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfs
+pA9MRf/TuTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+v
+JJUEeKgDu+6B5dpffItKoZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R
+8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+tJDfLRVpOoERIyNiwmcUVhAn21klJwGW4
+5hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA=
+-----END CERTIFICATE-----
+
+# Issuer: CN=OISTE WISeKey Global Root GC CA O=WISeKey OU=OISTE Foundation Endorsed
+# Subject: CN=OISTE WISeKey Global Root GC CA O=WISeKey OU=OISTE Foundation Endorsed
+# Label: "OISTE WISeKey Global Root GC CA"
+# Serial: 44084345621038548146064804565436152554
+# MD5 Fingerprint: a9:d6:b9:2d:2f:93:64:f8:a5:69:ca:91:e9:68:07:23
+# SHA1 Fingerprint: e0:11:84:5e:34:de:be:88:81:b9:9c:f6:16:26:d1:96:1f:c3:b9:31
+# SHA256 Fingerprint: 85:60:f9:1c:36:24:da:ba:95:70:b5:fe:a0:db:e3:6f:f1:1a:83:23:be:94:86:85:4f:b3:f3:4a:55:71:19:8d
+-----BEGIN CERTIFICATE-----
+MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQsw
+CQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91
+bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwg
+Um9vdCBHQyBDQTAeFw0xNzA1MDkwOTQ4MzRaFw00MjA1MDkwOTU4MzNaMG0xCzAJ
+BgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBGb3Vu
+ZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2JhbCBS
+b290IEdDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETOlQwMYPchi82PG6s4ni
+eUqjFqdrVCTbUf/q9Akkwwsin8tqJ4KBDdLArzHkdIJuyiXZjHWd8dvQmqJLIX4W
+p2OQ0jnUsYd4XxiWD1AbNTcPasbc2RNNpI6QN+a9WzGRo1QwUjAOBgNVHQ8BAf8E
+BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUSIcUrOPDnpBgOtfKie7T
+rYy0UGYwEAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0EAwMDaAAwZQIwJsdpW9zV
+57LnyAyMjMPdeYwbY9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtkAjEA2zQg
+Mgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9
+-----END CERTIFICATE-----
+
+# Issuer: CN=GTS Root R1 O=Google Trust Services LLC
+# Subject: CN=GTS Root R1 O=Google Trust Services LLC
+# Label: "GTS Root R1"
+# Serial: 146587175971765017618439757810265552097
+# MD5 Fingerprint: 82:1a:ef:d4:d2:4a:f2:9f:e2:3d:97:06:14:70:72:85
+# SHA1 Fingerprint: e1:c9:50:e6:ef:22:f8:4c:56:45:72:8b:92:20:60:d7:d5:a7:a3:e8
+# SHA256 Fingerprint: 2a:57:54:71:e3:13:40:bc:21:58:1c:bd:2c:f1:3e:15:84:63:20:3e:ce:94:bc:f9:d3:cc:19:6b:f0:9a:54:72
+-----BEGIN CERTIFICATE-----
+MIIFWjCCA0KgAwIBAgIQbkepxUtHDA3sM9CJuRz04TANBgkqhkiG9w0BAQwFADBH
+MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM
+QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIy
+MDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNl
+cnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaM
+f/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vX
+mX7wCl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7
+zUjwTcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0P
+fyblqAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtc
+vfaHszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4
+Zor8Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUsp
+zBmkMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOO
+Rc92wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYW
+k70paDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+
+DVrNVjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgF
+lQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
+HQ4EFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBADiW
+Cu49tJYeX++dnAsznyvgyv3SjgofQXSlfKqE1OXyHuY3UjKcC9FhHb8owbZEKTV1
+d5iyfNm9dKyKaOOpMQkpAWBz40d8U6iQSifvS9efk+eCNs6aaAyC58/UEBZvXw6Z
+XPYfcX3v73svfuo21pdwCxXu11xWajOl40k4DLh9+42FpLFZXvRq4d2h9mREruZR
+gyFmxhE+885H7pwoHyXa/6xmld01D1zvICxi/ZG6qcz8WpyTgYMpl0p8WnK0OdC3
+d8t5/Wk6kjftbjhlRn7pYL15iJdfOBL07q9bgsiG1eGZbYwE8na6SfZu6W0eX6Dv
+J4J2QPim01hcDyxC2kLGe4g0x8HYRZvBPsVhHdljUEn2NIVq4BjFbkerQUIpm/Zg
+DdIx02OYI5NaAIFItO/Nis3Jz5nu2Z6qNuFoS3FJFDYoOj0dzpqPJeaAcWErtXvM
++SUWgeExX6GjfhaknBZqlxi9dnKlC54dNuYvoS++cJEPqOba+MSSQGwlfnuzCdyy
+F62ARPBopY+Udf90WuioAnwMCeKpSwughQtiue+hMZL77/ZRBIls6Kl0obsXs7X9
+SQ98POyDGCBDTtWTurQ0sR8WNh8M5mQ5Fkzc4P4dyKliPUDqysU0ArSuiYgzNdws
+E3PYJ/HQcu51OyLemGhmW/HGY0dVHLqlCFF1pkgl
+-----END CERTIFICATE-----
+
+# Issuer: CN=GTS Root R2 O=Google Trust Services LLC
+# Subject: CN=GTS Root R2 O=Google Trust Services LLC
+# Label: "GTS Root R2"
+# Serial: 146587176055767053814479386953112547951
+# MD5 Fingerprint: 44:ed:9a:0e:a4:09:3b:00:f2:ae:4c:a3:c6:61:b0:8b
+# SHA1 Fingerprint: d2:73:96:2a:2a:5e:39:9f:73:3f:e1:c7:1e:64:3f:03:38:34:fc:4d
+# SHA256 Fingerprint: c4:5d:7b:b0:8e:6d:67:e6:2e:42:35:11:0b:56:4e:5f:78:fd:92:ef:05:8c:84:0a:ea:4e:64:55:d7:58:5c:60
+-----BEGIN CERTIFICATE-----
+MIIFWjCCA0KgAwIBAgIQbkepxlqz5yDFMJo/aFLybzANBgkqhkiG9w0BAQwFADBH
+MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM
+QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIy
+MDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNl
+cnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3Lv
+CvptnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3Kg
+GjSY6Dlo7JUle3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9Bu
+XvAuMC6C/Pq8tBcKSOWIm8Wba96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOd
+re7kRXuJVfeKH2JShBKzwkCX44ofR5GmdFrS+LFjKBC4swm4VndAoiaYecb+3yXu
+PuWgf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7MkogwTZq9TwtImoS1
+mKPV+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJGr61K
+8YzodDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqj
+x5RWIr9qS34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsR
+nTKaG73VululycslaVNVJ1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0
+kzCqgc7dGtxRcw1PcOnlthYhGXmy5okLdWTK1au8CcEYof/UVKGFPP0UJAOyh9Ok
+twIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
+HQ4EFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQADggIBALZp
+8KZ3/p7uC4Gt4cCpx/k1HUCCq+YEtN/L9x0Pg/B+E02NjO7jMyLDOfxA325BS0JT
+vhaI8dI4XsRomRyYUpOM52jtG2pzegVATX9lO9ZY8c6DR2Dj/5epnGB3GFW1fgiT
+z9D2PGcDFWEJ+YF59exTpJ/JjwGLc8R3dtyDovUMSRqodt6Sm2T4syzFJ9MHwAiA
+pJiS4wGWAqoC7o87xdFtCjMwc3i5T1QWvwsHoaRc5svJXISPD+AVdyx+Jn7axEvb
+pxZ3B7DNdehyQtaVhJ2Gg/LkkM0JR9SLA3DaWsYDQvTtN6LwG1BUSw7YhN4ZKJmB
+R64JGz9I0cNv4rBgF/XuIwKl2gBbbZCr7qLpGzvpx0QnRY5rn/WkhLx3+WuXrD5R
+RaIRpsyF7gpo8j5QOHokYh4XIDdtak23CZvJ/KRY9bb7nE4Yu5UC56GtmwfuNmsk
+0jmGwZODUNKBRqhfYlcsu2xkiAhu7xNUX90txGdj08+JN7+dIPT7eoOboB6BAFDC
+5AwiWVIQ7UNWhwD4FFKnHYuTjKJNRn8nxnGbJN7k2oaLDX5rIMHAnuFl2GqjpuiF
+izoHCBy69Y9Vmhh1fuXsgWbRIXOhNUQLgD1bnF5vKheW0YMjiGZt5obicDIvUiLn
+yOd/xCxgXS/Dr55FBcOEArf9LAhST4Ldo/DUhgkC
+-----END CERTIFICATE-----
+
+# Issuer: CN=GTS Root R3 O=Google Trust Services LLC
+# Subject: CN=GTS Root R3 O=Google Trust Services LLC
+# Label: "GTS Root R3"
+# Serial: 146587176140553309517047991083707763997
+# MD5 Fingerprint: 1a:79:5b:6b:04:52:9c:5d:c7:74:33:1b:25:9a:f9:25
+# SHA1 Fingerprint: 30:d4:24:6f:07:ff:db:91:89:8a:0b:e9:49:66:11:eb:8c:5e:46:e5
+# SHA256 Fingerprint: 15:d5:b8:77:46:19:ea:7d:54:ce:1c:a6:d0:b0:c4:03:e0:37:a9:17:f1:31:e8:a0:4e:1e:6b:7a:71:ba:bc:e5
+-----BEGIN CERTIFICATE-----
+MIICDDCCAZGgAwIBAgIQbkepx2ypcyRAiQ8DVd2NHTAKBggqhkjOPQQDAzBHMQsw
+CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU
+MBIGA1UEAxMLR1RTIFJvb3QgUjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw
+MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp
+Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout
+736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2A
+DDL24CejQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBTB8Sa6oC2uhYHP0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEAgFuk
+fCPAlaUs3L6JbyO5o91lAFJekazInXJ0glMLfalAvWhgxeG4VDvBNhcl2MG9AjEA
+njWSdIUlUfUk7GRSJFClH9voy8l27OyCbvWFGFPouOOaKaqW04MjyaR7YbPMAuhd
+-----END CERTIFICATE-----
+
+# Issuer: CN=GTS Root R4 O=Google Trust Services LLC
+# Subject: CN=GTS Root R4 O=Google Trust Services LLC
+# Label: "GTS Root R4"
+# Serial: 146587176229350439916519468929765261721
+# MD5 Fingerprint: 5d:b6:6a:c4:60:17:24:6a:1a:99:a8:4b:ee:5e:b4:26
+# SHA1 Fingerprint: 2a:1d:60:27:d9:4a:b1:0a:1c:4d:91:5c:cd:33:a0:cb:3e:2d:54:cb
+# SHA256 Fingerprint: 71:cc:a5:39:1f:9e:79:4b:04:80:25:30:b3:63:e1:21:da:8a:30:43:bb:26:66:2f:ea:4d:ca:7f:c9:51:a4:bd
+-----BEGIN CERTIFICATE-----
+MIICCjCCAZGgAwIBAgIQbkepyIuUtui7OyrYorLBmTAKBggqhkjOPQQDAzBHMQsw
+CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU
+MBIGA1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw
+MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp
+Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzu
+hXyiQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/l
+xKvRHYqjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNnADBkAjBqUFJ0
+CMRw3J5QdCHojXohw0+WbhXRIjVhLfoIN+4Zba3bssx9BzT1YBkstTTZbyACMANx
+sbqjYAuG7ZoIapVon+Kz4ZNkfF6Tpt95LY2F45TPI11xzPKwTdb+mciUqXWi4w==
+-----END CERTIFICATE-----
+
+# Issuer: CN=UCA Global G2 Root O=UniTrust
+# Subject: CN=UCA Global G2 Root O=UniTrust
+# Label: "UCA Global G2 Root"
+# Serial: 124779693093741543919145257850076631279
+# MD5 Fingerprint: 80:fe:f0:c4:4a:f0:5c:62:32:9f:1c:ba:78:a9:50:f8
+# SHA1 Fingerprint: 28:f9:78:16:19:7a:ff:18:25:18:aa:44:fe:c1:a0:ce:5c:b6:4c:8a
+# SHA256 Fingerprint: 9b:ea:11:c9:76:fe:01:47:64:c1:be:56:a6:f9:14:b5:a5:60:31:7a:bd:99:88:39:33:82:e5:16:1a:a0:49:3c
+-----BEGIN CERTIFICATE-----
+MIIFRjCCAy6gAwIBAgIQXd+x2lqj7V2+WmUgZQOQ7zANBgkqhkiG9w0BAQsFADA9
+MQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBH
+bG9iYWwgRzIgUm9vdDAeFw0xNjAzMTEwMDAwMDBaFw00MDEyMzEwMDAwMDBaMD0x
+CzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlUcnVzdDEbMBkGA1UEAwwSVUNBIEds
+b2JhbCBHMiBSb290MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxeYr
+b3zvJgUno4Ek2m/LAfmZmqkywiKHYUGRO8vDaBsGxUypK8FnFyIdK+35KYmToni9
+kmugow2ifsqTs6bRjDXVdfkX9s9FxeV67HeToI8jrg4aA3++1NDtLnurRiNb/yzm
+VHqUwCoV8MmNsHo7JOHXaOIxPAYzRrZUEaalLyJUKlgNAQLx+hVRZ2zA+te2G3/R
+VogvGjqNO7uCEeBHANBSh6v7hn4PJGtAnTRnvI3HLYZveT6OqTwXS3+wmeOwcWDc
+C/Vkw85DvG1xudLeJ1uK6NjGruFZfc8oLTW4lVYa8bJYS7cSN8h8s+1LgOGN+jIj
+tm+3SJUIsUROhYw6AlQgL9+/V087OpAh18EmNVQg7Mc/R+zvWr9LesGtOxdQXGLY
+D0tK3Cv6brxzks3sx1DoQZbXqX5t2Okdj4q1uViSukqSKwxW/YDrCPBeKW4bHAyv
+j5OJrdu9o54hyokZ7N+1wxrrFv54NkzWbtA+FxyQF2smuvt6L78RHBgOLXMDj6Dl
+NaBa4kx1HXHhOThTeEDMg5PXCp6dW4+K5OXgSORIskfNTip1KnvyIvbJvgmRlld6
+iIis7nCs+dwp4wwcOxJORNanTrAmyPPZGpeRaOrvjUYG0lZFWJo8DA+DuAUlwznP
+O6Q0ibd5Ei9Hxeepl2n8pndntd978XplFeRhVmUCAwEAAaNCMEAwDgYDVR0PAQH/
+BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIHEjMz15DD/pQwIX4wV
+ZyF0Ad/fMA0GCSqGSIb3DQEBCwUAA4ICAQATZSL1jiutROTL/7lo5sOASD0Ee/oj
+L3rtNtqyzm325p7lX1iPyzcyochltq44PTUbPrw7tgTQvPlJ9Zv3hcU2tsu8+Mg5
+1eRfB70VVJd0ysrtT7q6ZHafgbiERUlMjW+i67HM0cOU2kTC5uLqGOiiHycFutfl
+1qnN3e92mI0ADs0b+gO3joBYDic/UvuUospeZcnWhNq5NXHzJsBPd+aBJ9J3O5oU
+b3n09tDh05S60FdRvScFDcH9yBIw7m+NESsIndTUv4BFFJqIRNow6rSn4+7vW4LV
+PtateJLbXDzz2K36uGt/xDYotgIVilQsnLAXc47QN6MUPJiVAAwpBVueSUmxX8fj
+y88nZY41F7dXyDDZQVu5FLbowg+UMaeUmMxq67XhJ/UQqAHojhJi6IjMtX9Gl8Cb
+EGY4GjZGXyJoPd/JxhMnq1MGrKI8hgZlb7F+sSlEmqO6SWkoaY/X5V+tBIZkbxqg
+DMUIYs6Ao9Dz7GjevjPHF1t/gMRMTLGmhIrDO7gJzRSBuhjjVFc2/tsvfEehOjPI
++Vg7RE+xygKJBJYoaMVLuCaJu9YzL1DV/pqJuhgyklTGW+Cd+V7lDSKb9triyCGy
+YiGqhkCyLmTTX8jjfhFnRR8F/uOi77Oos/N9j/gMHyIfLXC0uAE0djAA5SN4p1bX
+UB+K+wb1whnw0A==
+-----END CERTIFICATE-----
+
+# Issuer: CN=UCA Extended Validation Root O=UniTrust
+# Subject: CN=UCA Extended Validation Root O=UniTrust
+# Label: "UCA Extended Validation Root"
+# Serial: 106100277556486529736699587978573607008
+# MD5 Fingerprint: a1:f3:5f:43:c6:34:9b:da:bf:8c:7e:05:53:ad:96:e2
+# SHA1 Fingerprint: a3:a1:b0:6f:24:61:23:4a:e3:36:a5:c2:37:fc:a6:ff:dd:f0:d7:3a
+# SHA256 Fingerprint: d4:3a:f9:b3:54:73:75:5c:96:84:fc:06:d7:d8:cb:70:ee:5c:28:e7:73:fb:29:4e:b4:1e:e7:17:22:92:4d:24
+-----BEGIN CERTIFICATE-----
+MIIFWjCCA0KgAwIBAgIQT9Irj/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBH
+MQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBF
+eHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwHhcNMTUwMzEzMDAwMDAwWhcNMzgxMjMx
+MDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNV
+BAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrsiWog
+D4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvS
+sPGP2KxFRv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aop
+O2z6+I9tTcg1367r3CTueUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dk
+sHYf5BA1FxvyDrFspCqjc/wJHx4yGVMR59mzLC52LqGj3n5qiAno8geK+LLNEOfi
+c0CTuwjRP+H8C5SzJe98ptfRr5//lpr1kXuYC3fUfugH0mK1lTnj8/FtDw5lhIpj
+VMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhTA8ykADNkUVkLo4KRel7sFsLz
+KuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fVUbGAIAEBtHoIppB/
+TuDvB0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfblLkWU41G
+sx2VYVdWf6/wFlthWG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs
+1+lvK9JKBZP8nm9rZ/+I8U6laUpSNwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQD
+fwIDAQABo0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS3H5aBZ8eNJr34RQwDwYDVR0T
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBADaN
+l8xCFWQpN5smLNb7rhVpLGsaGvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAUR
+ap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZLcpHIojG5qtr8nR/zXUACE/xOHAbKsxSQ
+VBcZEhrxH9cMaVr2cXj0lH2RC47skFSOvG+hTKv8dGT9cZr4QQehzZHkPJrgmzI5
+c6sq1WnIeJEmMX3ixzDx/BR4dxIOE/TdFpS/S2d7cFOFyrC78zhNLJA5wA3CXWvp
+4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb+7lsq+KePRXBOy5nAliRn+/4Qh8s
+t2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOWF3sGPjLtx7dCvHaj
+2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwiGpWO
+vpaQXUJXxPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2C
+xR9GUeOcGMyNm43sSet1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmx
+cmtpzyKEC2IPrNkZAJSidjzULZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbM
+fjKaiJUINlK73nZfdklJrX+9ZSCyycErdhh2n1ax
+-----END CERTIFICATE-----
+
+# Issuer: CN=Certigna Root CA O=Dhimyotis OU=0002 48146308100036
+# Subject: CN=Certigna Root CA O=Dhimyotis OU=0002 48146308100036
+# Label: "Certigna Root CA"
+# Serial: 269714418870597844693661054334862075617
+# MD5 Fingerprint: 0e:5c:30:62:27:eb:5b:bc:d7:ae:62:ba:e9:d5:df:77
+# SHA1 Fingerprint: 2d:0d:52:14:ff:9e:ad:99:24:01:74:20:47:6e:6c:85:27:27:f5:43
+# SHA256 Fingerprint: d4:8d:3d:23:ee:db:50:a4:59:e5:51:97:60:1c:27:77:4b:9d:7b:18:c9:4d:5a:05:95:11:a1:02:50:b9:31:68
+-----BEGIN CERTIFICATE-----
+MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAw
+WjELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAw
+MiA0ODE0NjMwODEwMDAzNjEZMBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0x
+MzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjdaMFoxCzAJBgNVBAYTAkZSMRIwEAYD
+VQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYzMDgxMDAwMzYxGTAX
+BgNVBAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
+ggIKAoICAQDNGDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sO
+ty3tRQgXstmzy9YXUnIo245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9M
+CiBtnyN6tMbaLOQdLNyzKNAT8kxOAkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPu
+I9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8JXrJhFwLrN1CTivngqIkicuQstDuI7pm
+TLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16XdG+RCYyKfHx9WzMfgIh
+C59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQwFsWq4NYKpkDf
+ePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBBe3Yz
+IoejwpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWT
+Co/1VTp2lc5ZmIoJlXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1k
+JWumIWmbat10TWuXekG9qxf5kBdIjzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5
+hwjCxAnxl4YqKE3idMDaxIzb3+KhF1nOJFl0Mdp//TBt2dzhauH8XwIDAQABo4IB
+GjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1UdIwQYMBaAFBiHVuBud+4kNTxOc5of
+1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsGAQUFBwIBFiNodHRwczov
+L3d3d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBkMC+gLaArhilo
+dHRwOi8vY3JsLmNlcnRpZ25hLmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+gLYYr
+aHR0cDovL2NybC5kaGlteW90aXMuY29tL2NlcnRpZ25hcm9vdGNhLmNybDANBgkq
+hkiG9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOItOoldaDgvUSILSo3L
+6btdPrtcPbEo/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxPTGRG
+HVyH41neQtGbqH6mid2PHMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH6
+0BGM+RFq7q89w1DTj18zeTyGqHNFkIwgtnJzFyO+B2XleJINugHA64wcZr+shncB
+lA2c5uk5jR+mUYyZDDl34bSb+hxnV29qao6pK0xXeXpXIs/NX2NGjVxZOob4Mkdi
+o2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd8VRY+WCv2hikLyhF3HqgiIZd8zvn/yk1
+gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS6Cvu5zHbugRqh5jnxV/v
+faci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaYtlu3zM63
+Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayh
+jWZSaX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw
+3kAP+HwV96LOPNdeE4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0=
+-----END CERTIFICATE-----
+
+# Issuer: CN=emSign Root CA - G1 O=eMudhra Technologies Limited OU=emSign PKI
+# Subject: CN=emSign Root CA - G1 O=eMudhra Technologies Limited OU=emSign PKI
+# Label: "emSign Root CA - G1"
+# Serial: 235931866688319308814040
+# MD5 Fingerprint: 9c:42:84:57:dd:cb:0b:a7:2e:95:ad:b6:f3:da:bc:ac
+# SHA1 Fingerprint: 8a:c7:ad:8f:73:ac:4e:c1:b5:75:4d:a5:40:f4:fc:cf:7c:b5:8e:8c
+# SHA256 Fingerprint: 40:f6:af:03:46:a9:9a:a1:cd:1d:55:5a:4e:9c:ce:62:c7:f9:63:46:03:ee:40:66:15:83:3d:c8:c8:d0:03:67
+-----BEGIN CERTIFICATE-----
+MIIDlDCCAnygAwIBAgIKMfXkYgxsWO3W2DANBgkqhkiG9w0BAQsFADBnMQswCQYD
+VQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBU
+ZWNobm9sb2dpZXMgTGltaXRlZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBH
+MTAeFw0xODAyMTgxODMwMDBaFw00MzAyMTgxODMwMDBaMGcxCzAJBgNVBAYTAklO
+MRMwEQYDVQQLEwplbVNpZ24gUEtJMSUwIwYDVQQKExxlTXVkaHJhIFRlY2hub2xv
+Z2llcyBMaW1pdGVkMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEcxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0u76WaK7p1b1TST0Bsew+eeuGQz
+f2N4aLTNLnF115sgxk0pvLZoYIr3IZpWNVrzdr3YzZr/k1ZLpVkGoZM0Kd0WNHVO
+8oG0x5ZOrRkVUkr+PHB1cM2vK6sVmjM8qrOLqs1D/fXqcP/tzxE7lM5OMhbTI0Aq
+d7OvPAEsbO2ZLIvZTmmYsvePQbAyeGHWDV/D+qJAkh1cF+ZwPjXnorfCYuKrpDhM
+tTk1b+oDafo6VGiFbdbyL0NVHpENDtjVaqSW0RM8LHhQ6DqS0hdW5TUaQBw+jSzt
+Od9C4INBdN+jzcKGYEho42kLVACL5HZpIQ15TjQIXhTCzLG3rdd8cIrHhQIDAQAB
+o0IwQDAdBgNVHQ4EFgQU++8Nhp6w492pufEhF38+/PB3KxowDgYDVR0PAQH/BAQD
+AgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFn/8oz1h31x
+PaOfG1vR2vjTnGs2vZupYeveFix0PZ7mddrXuqe8QhfnPZHr5X3dPpzxz5KsbEjM
+wiI/aTvFthUvozXGaCocV685743QNcMYDHsAVhzNixl03r4PEuDQqqE/AjSxcM6d
+GNYIAwlG7mDgfrbESQRRfXBgvKqy/3lyeqYdPV8q+Mri/Tm3R7nrft8EI6/6nAYH
+6ftjk4BAtcZsCjEozgyfz7MjNYBBjWzEN3uBL4ChQEKF6dk4jeihU80Bv2noWgby
+RQuQ+q7hv53yrlc8pa6yVvSLZUDp/TGBLPQ5Cdjua6e0ph0VpZj3AYHYhX3zUVxx
+iN66zB+Afko=
+-----END CERTIFICATE-----
+
+# Issuer: CN=emSign ECC Root CA - G3 O=eMudhra Technologies Limited OU=emSign PKI
+# Subject: CN=emSign ECC Root CA - G3 O=eMudhra Technologies Limited OU=emSign PKI
+# Label: "emSign ECC Root CA - G3"
+# Serial: 287880440101571086945156
+# MD5 Fingerprint: ce:0b:72:d1:9f:88:8e:d0:50:03:e8:e3:b8:8b:67:40
+# SHA1 Fingerprint: 30:43:fa:4f:f2:57:dc:a0:c3:80:ee:2e:58:ea:78:b2:3f:e6:bb:c1
+# SHA256 Fingerprint: 86:a1:ec:ba:08:9c:4a:8d:3b:be:27:34:c6:12:ba:34:1d:81:3e:04:3c:f9:e8:a8:62:cd:5c:57:a3:6b:be:6b
+-----BEGIN CERTIFICATE-----
+MIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQswCQYDVQQG
+EwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNo
+bm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0g
+RzMwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4MTgzMDAwWjBrMQswCQYDVQQGEwJJ
+TjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9s
+b2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMw
+djAQBgcqhkjOPQIBBgUrgQQAIgNiAAQjpQy4LRL1KPOxst3iAhKAnjlfSU2fySU0
+WXTsuwYc58Byr+iuL+FBVIcUqEqy6HyC5ltqtdyzdc6LBtCGI79G1Y4PPwT01xyS
+fvalY8L1X44uT6EYGQIrMgqCZH0Wk9GjQjBAMB0GA1UdDgQWBBR8XQKEE9TMipuB
+zhccLikenEhjQjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggq
+hkjOPQQDAwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+DCBeQyh+KTOgNG3qxrdWB
+CUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7jHvrZQnD
++JbNR6iC8hZVdyR+EhCVBCyj
+-----END CERTIFICATE-----
+
+# Issuer: CN=emSign Root CA - C1 O=eMudhra Inc OU=emSign PKI
+# Subject: CN=emSign Root CA - C1 O=eMudhra Inc OU=emSign PKI
+# Label: "emSign Root CA - C1"
+# Serial: 825510296613316004955058
+# MD5 Fingerprint: d8:e3:5d:01:21:fa:78:5a:b0:df:ba:d2:ee:2a:5f:68
+# SHA1 Fingerprint: e7:2e:f1:df:fc:b2:09:28:cf:5d:d4:d5:67:37:b1:51:cb:86:4f:01
+# SHA256 Fingerprint: 12:56:09:aa:30:1d:a0:a2:49:b9:7a:82:39:cb:6a:34:21:6f:44:dc:ac:9f:39:54:b1:42:92:f2:e8:c8:60:8f
+-----BEGIN CERTIFICATE-----
+MIIDczCCAlugAwIBAgILAK7PALrEzzL4Q7IwDQYJKoZIhvcNAQELBQAwVjELMAkG
+A1UEBhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEg
+SW5jMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEMxMB4XDTE4MDIxODE4MzAw
+MFoXDTQzMDIxODE4MzAwMFowVjELMAkGA1UEBhMCVVMxEzARBgNVBAsTCmVtU2ln
+biBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQDExNlbVNpZ24gUm9v
+dCBDQSAtIEMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+upufGZ
+BczYKCFK83M0UYRWEPWgTywS4/oTmifQz/l5GnRfHXk5/Fv4cI7gklL35CX5VIPZ
+HdPIWoU/Xse2B+4+wM6ar6xWQio5JXDWv7V7Nq2s9nPczdcdioOl+yuQFTdrHCZH
+3DspVpNqs8FqOp099cGXOFgFixwR4+S0uF2FHYP+eF8LRWgYSKVGczQ7/g/IdrvH
+GPMF0Ybzhe3nudkyrVWIzqa2kbBPrH4VI5b2P/AgNBbeCsbEBEV5f6f9vtKppa+c
+xSMq9zwhbL2vj07FOrLzNBL834AaSaTUqZX3noleoomslMuoaJuvimUnzYnu3Yy1
+aylwQ6BpC+S5DwIDAQABo0IwQDAdBgNVHQ4EFgQU/qHgcB4qAzlSWkK+XJGFehiq
+TbUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
+BQADggEBAMJKVvoVIXsoounlHfv4LcQ5lkFMOycsxGwYFYDGrK9HWS8mC+M2sO87
+/kOXSTKZEhVb3xEp/6tT+LvBeA+snFOvV71ojD1pM/CjoCNjO2RnIkSt1XHLVip4
+kqNPEjE2NuLe/gDEo2APJ62gsIq1NnpSob0n9CAnYuhNlCQT5AoE6TyrLshDCUrG
+YQTlSTR+08TI9Q/Aqum6VF7zYytPT1DU/rl7mYw9wC68AivTxEDkigcxHpvOJpkT
++xHqmiIMERnHXhuBUDDIlhJu58tBf5E7oke3VIAb3ADMmpDqw8NQBmIMMMAVSKeo
+WXzhriKi4gp6D/piq1JM4fHfyr6DDUI=
+-----END CERTIFICATE-----
+
+# Issuer: CN=emSign ECC Root CA - C3 O=eMudhra Inc OU=emSign PKI
+# Subject: CN=emSign ECC Root CA - C3 O=eMudhra Inc OU=emSign PKI
+# Label: "emSign ECC Root CA - C3"
+# Serial: 582948710642506000014504
+# MD5 Fingerprint: 3e:53:b3:a3:81:ee:d7:10:f8:d3:b0:1d:17:92:f5:d5
+# SHA1 Fingerprint: b6:af:43:c2:9b:81:53:7d:f6:ef:6b:c3:1f:1f:60:15:0c:ee:48:66
+# SHA256 Fingerprint: bc:4d:80:9b:15:18:9d:78:db:3e:1d:8c:f4:f9:72:6a:79:5d:a1:64:3c:a5:f1:35:8e:1d:db:0e:dc:0d:7e:b3
+-----BEGIN CERTIFICATE-----
+MIICKzCCAbGgAwIBAgIKe3G2gla4EnycqDAKBggqhkjOPQQDAzBaMQswCQYDVQQG
+EwJVUzETMBEGA1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMx
+IDAeBgNVBAMTF2VtU2lnbiBFQ0MgUm9vdCBDQSAtIEMzMB4XDTE4MDIxODE4MzAw
+MFoXDTQzMDIxODE4MzAwMFowWjELMAkGA1UEBhMCVVMxEzARBgNVBAsTCmVtU2ln
+biBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMSAwHgYDVQQDExdlbVNpZ24gRUND
+IFJvb3QgQ0EgLSBDMzB2MBAGByqGSM49AgEGBSuBBAAiA2IABP2lYa57JhAd6bci
+MK4G9IGzsUJxlTm801Ljr6/58pc1kjZGDoeVjbk5Wum739D+yAdBPLtVb4Ojavti
+sIGJAnB9SMVK4+kiVCJNk7tCDK93nCOmfddhEc5lx/h//vXyqaNCMEAwHQYDVR0O
+BBYEFPtaSNCAIEDyqOkAB2kZd6fmw/TPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+Af8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMQC02C8Cif22TGK6Q04ThHK1rt0c
+3ta13FaPWEBaLd4gTCKDypOofu4SQMfWh0/434UCMBwUZOR8loMRnLDRWmFLpg9J
+0wD8ofzkpf9/rdcw0Md3f76BB1UwUCAU9Vc4CqgxUQ==
+-----END CERTIFICATE-----
+
+# Issuer: CN=Hongkong Post Root CA 3 O=Hongkong Post
+# Subject: CN=Hongkong Post Root CA 3 O=Hongkong Post
+# Label: "Hongkong Post Root CA 3"
+# Serial: 46170865288971385588281144162979347873371282084
+# MD5 Fingerprint: 11:fc:9f:bd:73:30:02:8a:fd:3f:f3:58:b9:cb:20:f0
+# SHA1 Fingerprint: 58:a2:d0:ec:20:52:81:5b:c1:f3:f8:64:02:24:4e:c2:8e:02:4b:02
+# SHA256 Fingerprint: 5a:2f:c0:3f:0c:83:b0:90:bb:fa:40:60:4b:09:88:44:6c:76:36:18:3d:f9:84:6e:17:10:1a:44:7f:b8:ef:d6
+-----BEGIN CERTIFICATE-----
+MIIFzzCCA7egAwIBAgIUCBZfikyl7ADJk0DfxMauI7gcWqQwDQYJKoZIhvcNAQEL
+BQAwbzELMAkGA1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJ
+SG9uZyBLb25nMRYwFAYDVQQKEw1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25n
+a29uZyBQb3N0IFJvb3QgQ0EgMzAeFw0xNzA2MDMwMjI5NDZaFw00MjA2MDMwMjI5
+NDZaMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtvbmcxEjAQBgNVBAcT
+CUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UEAxMXSG9u
+Z2tvbmcgUG9zdCBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQCziNfqzg8gTr7m1gNt7ln8wlffKWihgw4+aMdoWJwcYEuJQwy51BWy7sFO
+dem1p+/l6TWZ5Mwc50tfjTMwIDNT2aa71T4Tjukfh0mtUC1Qyhi+AViiE3CWu4mI
+VoBc+L0sPOFMV4i707mV78vH9toxdCim5lSJ9UExyuUmGs2C4HDaOym71QP1mbpV
+9WTRYA6ziUm4ii8F0oRFKHyPaFASePwLtVPLwpgchKOesL4jpNrcyCse2m5FHomY
+2vkALgbpDDtw1VAliJnLzXNg99X/NWfFobxeq81KuEXryGgeDQ0URhLj0mRiikKY
+vLTGCAj4/ahMZJx2Ab0vqWwzD9g/KLg8aQFChn5pwckGyuV6RmXpwtZQQS4/t+Tt
+bNe/JgERohYpSms0BpDsE9K2+2p20jzt8NYt3eEV7KObLyzJPivkaTv/ciWxNoZb
+x39ri1UbSsUgYT2uy1DhCDq+sI9jQVMwCFk8mB13umOResoQUGC/8Ne8lYePl8X+
+l2oBlKN8W4UdKjk60FSh0Tlxnf0h+bV78OLgAo9uliQlLKAeLKjEiafv7ZkGL7YK
+TE/bosw3Gq9HhS2KX8Q0NEwA/RiTZxPRN+ZItIsGxVd7GYYKecsAyVKvQv83j+Gj
+Hno9UKtjBucVtT+2RTeUN7F+8kjDf8V1/peNRY8apxpyKBpADwIDAQABo2MwYTAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQXnc0e
+i9Y5K3DTXNSguB+wAPzFYTAdBgNVHQ4EFgQUF53NHovWOStw01zUoLgfsAD8xWEw
+DQYJKoZIhvcNAQELBQADggIBAFbVe27mIgHSQpsY1Q7XZiNc4/6gx5LS6ZStS6LG
+7BJ8dNVI0lkUmcDrudHr9EgwW62nV3OZqdPlt9EuWSRY3GguLmLYauRwCy0gUCCk
+MpXRAJi70/33MvJJrsZ64Ee+bs7Lo3I6LWldy8joRTnU+kLBEUx3XZL7av9YROXr
+gZ6voJmtvqkBZss4HTzfQx/0TW60uhdG/H39h4F5ag0zD/ov+BS5gLNdTaqX4fnk
+GMX41TiMJjz98iji7lpJiCzfeT2OnpA8vUFKOt1b9pq0zj8lMH8yfaIDlNDceqFS
+3m6TjRgm/VWsvY+b0s+v54Ysyx8Jb6NvqYTUc79NoXQbTiNg8swOqn+knEwlqLJm
+Ozj/2ZQw9nKEvmhVEA/GcywWaZMH/rFF7buiVWqw2rVKAiUnhde3t4ZEFolsgCs+
+l6mc1X5VTMbeRRAc6uk7nwNT7u56AQIWeNTowr5GdogTPyK7SBIdUgC0An4hGh6c
+JfTzPV4e0hz5sy229zdcxsshTrD3mUcYhcErulWuBurQB7Lcq9CClnXO0lD+mefP
+L5/ndtFhKvshuzHQqp9HpLIiyhY6UFfEW0NnxWViA0kB60PZ2Pierc+xYw5F9KBa
+LJstxabArahH9CdMOA0uG0k7UvToiIMrVCjU8jVStDKDYmlkDJGcn5fqdBb9HxEG
+mpv0
+-----END CERTIFICATE-----
+
+# Issuer: CN=Entrust Root Certification Authority - G4 O=Entrust, Inc. OU=See www.entrust.net/legal-terms/(c) 2015 Entrust, Inc. - for authorized use only
+# Subject: CN=Entrust Root Certification Authority - G4 O=Entrust, Inc. OU=See www.entrust.net/legal-terms/(c) 2015 Entrust, Inc. - for authorized use only
+# Label: "Entrust Root Certification Authority - G4"
+# Serial: 289383649854506086828220374796556676440
+# MD5 Fingerprint: 89:53:f1:83:23:b7:7c:8e:05:f1:8c:71:38:4e:1f:88
+# SHA1 Fingerprint: 14:88:4e:86:26:37:b0:26:af:59:62:5c:40:77:ec:35:29:ba:96:01
+# SHA256 Fingerprint: db:35:17:d1:f6:73:2a:2d:5a:b9:7c:53:3e:c7:07:79:ee:32:70:a6:2f:b4:ac:42:38:37:24:60:e6:f0:1e:88
+-----BEGIN CERTIFICATE-----
+MIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVlrVgwDQYJKoZIhvcNAQELBQAw
+gb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL
+Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg
+MjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAw
+BgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0
+MB4XDTE1MDUyNzExMTExNloXDTM3MTIyNzExNDExNlowgb4xCzAJBgNVBAYTAlVT
+MRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1
+c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJ
+bmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3Qg
+Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0MIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAsewsQu7i0TD/pZJH4i3DumSXbcr3DbVZwbPLqGgZ
+2K+EbTBwXX7zLtJTmeH+H17ZSK9dE43b/2MzTdMAArzE+NEGCJR5WIoV3imz/f3E
+T+iq4qA7ec2/a0My3dl0ELn39GjUu9CH1apLiipvKgS1sqbHoHrmSKvS0VnM1n4j
+5pds8ELl3FFLFUHtSUrJ3hCX1nbB76W1NhSXNdh4IjVS70O92yfbYVaCNNzLiGAM
+C1rlLAHGVK/XqsEQe9IFWrhAnoanw5CGAlZSCXqc0ieCU0plUmr1POeo8pyvi73T
+DtTUXm6Hnmo9RR3RXRv06QqsYJn7ibT/mCzPfB3pAqoEmh643IhuJbNsZvc8kPNX
+wbMv9W3y+8qh+CmdRouzavbmZwe+LGcKKh9asj5XxNMhIWNlUpEbsZmOeX7m640A
+2Vqq6nPopIICR5b+W45UYaPrL0swsIsjdXJ8ITzI9vF01Bx7owVV7rtNOzK+mndm
+nqxpkCIHH2E6lr7lmk/MBTwoWdPBDFSoWWG9yHJM6Nyfh3+9nEg2XpWjDrk4JFX8
+dWbrAuMINClKxuMrLzOg2qOGpRKX/YAr2hRC45K9PvJdXmd0LhyIRyk0X+IyqJwl
+N4y6mACXi0mWHv0liqzc2thddG5msP9E36EYxr5ILzeUePiVSj9/E15dWf10hkNj
+c0kCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
+VR0OBBYEFJ84xFYjwznooHFs6FRM5Og6sb9nMA0GCSqGSIb3DQEBCwUAA4ICAQAS
+5UKme4sPDORGpbZgQIeMJX6tuGguW8ZAdjwD+MlZ9POrYs4QjbRaZIxowLByQzTS
+Gwv2LFPSypBLhmb8qoMi9IsabyZIrHZ3CL/FmFz0Jomee8O5ZDIBf9PD3Vht7LGr
+hFV0d4QEJ1JrhkzO3bll/9bGXp+aEJlLdWr+aumXIOTkdnrG0CSqkM0gkLpHZPt/
+B7NTeLUKYvJzQ85BK4FqLoUWlFPUa19yIqtRLULVAJyZv967lDtX/Zr1hstWO1uI
+AeV8KEsD+UmDfLJ/fOPtjqF/YFOOVZ1QNBIPt5d7bIdKROf1beyAN/BYGW5KaHbw
+H5Lk6rWS02FREAutp9lfx1/cH6NcjKF+m7ee01ZvZl4HliDtC3T7Zk6LERXpgUl+
+b7DUUH8i119lAg2m9IUe2K4GS0qn0jFmwvjO5QimpAKWRGhXxNUzzxkvFMSUHHuk
+2fCfDrGA4tGeEWSpiBE6doLlYsKA2KSD7ZPvfC+QsDJMlhVoSFLUmQjAJOgc47Ol
+IQ6SwJAfzyBfyjs4x7dtOvPmRLgOMWuIjnDrnBdSqEGULoe256YSxXXfW8AKbnuk
+5F6G+TaU33fD6Q3AOfF5u0aOq0NZJ7cguyPpVkAh7DE9ZapD8j3fcEThuk0mEDuY
+n/PIjhs4ViFqUZPTkcpG2om3PVODLAgfi49T3f+sHw==
+-----END CERTIFICATE-----
+
 `
 
-var ErrParseFailed = errors.New("gocertifi: error when parsing certificates")
-
-// CACerts builds an X.509 certificate pool containing the Mozilla CA
-// Certificate bundle. Returns nil on error along with an appropriate error
-// code.
+// CACerts builds an X.509 certificate pool containing the
+// certificate bundle from https://mkcert.org/generate/ fetch on 2020-02-11 10:00:50.717122 -0800 PST m=+0.664468880.
+// Returns nil on error along with an appropriate error code.
 func CACerts() (*x509.CertPool, error) {
 	pool := x509.NewCertPool()
-	ok := pool.AppendCertsFromPEM([]byte(pemcerts))
-	if !ok {
-		return nil, ErrParseFailed
-	}
+	pool.AppendCertsFromPEM([]byte(pemcerts))
 	return pool, nil
 }
diff --git a/vendor/github.com/certifi/gocertifi/go.mod b/vendor/github.com/certifi/gocertifi/go.mod
new file mode 100644
index 00000000..6d045a2a
--- /dev/null
+++ b/vendor/github.com/certifi/gocertifi/go.mod
@@ -0,0 +1,3 @@
+module github.com/certifi/gocertifi
+
+go 1.12
diff --git a/vendor/github.com/certifi/gocertifi/tasks.py b/vendor/github.com/certifi/gocertifi/tasks.py
deleted file mode 100644
index 7616f3a6..00000000
--- a/vendor/github.com/certifi/gocertifi/tasks.py
+++ /dev/null
@@ -1,20 +0,0 @@
-from invoke import task
-import requests
-
-@task
-def update(ctx):
-    r = requests.get('https://mkcert.org/generate/')
-    r.raise_for_status()
-    certs = r.content
-
-    with open('certifi.go', 'rb') as f:
-        file = f.read()
-
-    file = file.split('`\n')
-    assert len(file) == 3
-    file[1] = certs
-
-    ctx.run("rm certifi.go")
-
-    with open('certifi.go', 'wb') as f:
-        f.write('`\n'.join(file))
diff --git a/vendor/github.com/cloudflare/cfssl/LICENSE b/vendor/github.com/cloudflare/cfssl/LICENSE
new file mode 100644
index 00000000..bc5841fa
--- /dev/null
+++ b/vendor/github.com/cloudflare/cfssl/LICENSE
@@ -0,0 +1,24 @@
+Copyright (c) 2014 CloudFlare Inc.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+Redistributions of source code must retain the above copyright notice,
+this list of conditions and the following disclaimer.
+
+Redistributions in binary form must reproduce the above copyright notice,
+this list of conditions and the following disclaimer in the documentation
+and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/cloudflare/cfssl/log/log.go b/vendor/github.com/cloudflare/cfssl/log/log.go
new file mode 100644
index 00000000..1ec06f10
--- /dev/null
+++ b/vendor/github.com/cloudflare/cfssl/log/log.go
@@ -0,0 +1,98 @@
+// Package log implements a wrapper around the Go standard library's
+// logging package. Clients should set the current log level; only
+// messages below that level will actually be logged. For example, if
+// Level is set to LevelWarning, only log messages at the Warning,
+// Error, and Critical levels will be logged.
+package log
+
+import (
+	"fmt"
+	golog "log"
+)
+
+// The following constants represent logging levels in increasing levels of seriousness.
+const (
+	LevelDebug = iota
+	LevelInfo
+	LevelWarning
+	LevelError
+	LevelCritical
+)
+
+var levelPrefix = [...]string{
+	LevelDebug:    "[DEBUG] ",
+	LevelInfo:     "[INFO] ",
+	LevelWarning:  "[WARNING] ",
+	LevelError:    "[ERROR] ",
+	LevelCritical: "[CRITICAL] ",
+}
+
+// Level stores the current logging level.
+var Level = LevelDebug
+
+func outputf(l int, format string, v []interface{}) {
+	if l >= Level {
+		golog.Printf(fmt.Sprint(levelPrefix[l], format), v...)
+	}
+}
+
+func output(l int, v []interface{}) {
+	if l >= Level {
+		golog.Print(levelPrefix[l], fmt.Sprint(v...))
+	}
+}
+
+// Criticalf logs a formatted message at the "critical" level. The
+// arguments are handled in the same manner as fmt.Printf.
+func Criticalf(format string, v ...interface{}) {
+	outputf(LevelCritical, format, v)
+}
+
+// Critical logs its arguments at the "critical" level.
+func Critical(v ...interface{}) {
+	output(LevelCritical, v)
+}
+
+// Errorf logs a formatted message at the "error" level. The arguments
+// are handled in the same manner as fmt.Printf.
+func Errorf(format string, v ...interface{}) {
+	outputf(LevelError, format, v)
+}
+
+// Error logs its arguments at the "error" level.
+func Error(v ...interface{}) {
+	output(LevelError, v)
+}
+
+// Warningf logs a formatted message at the "warning" level. The
+// arguments are handled in the same manner as fmt.Printf.
+func Warningf(format string, v ...interface{}) {
+	outputf(LevelWarning, format, v)
+}
+
+// Warning logs its arguments at the "warning" level.
+func Warning(v ...interface{}) {
+	output(LevelWarning, v)
+}
+
+// Infof logs a formatted message at the "info" level. The arguments
+// are handled in the same manner as fmt.Printf.
+func Infof(format string, v ...interface{}) {
+	outputf(LevelInfo, format, v)
+}
+
+// Info logs its arguments at the "info" level.
+func Info(v ...interface{}) {
+	output(LevelInfo, v)
+}
+
+// Debugf logs a formatted message at the "debug" level. The arguments
+// are handled in the same manner as fmt.Printf.
+func Debugf(format string, v ...interface{}) {
+	outputf(LevelDebug, format, v)
+}
+
+// Debug logs its arguments at the "debug" level.
+func Debug(v ...interface{}) {
+	output(LevelDebug, v)
+}
diff --git a/vendor/github.com/cloudflare/cfssl/revoke/revoke.go b/vendor/github.com/cloudflare/cfssl/revoke/revoke.go
new file mode 100644
index 00000000..1cb3a19c
--- /dev/null
+++ b/vendor/github.com/cloudflare/cfssl/revoke/revoke.go
@@ -0,0 +1,146 @@
+// Package revoke provides functionality for checking the validity of
+// a cert. Specifically, the temporal validity of the certificate is
+// checked first, then any CRL in the cert is checked. OCSP is not
+// supported at this time.
+package revoke
+
+import (
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"errors"
+	"io/ioutil"
+	"net/http"
+	neturl "net/url"
+	"time"
+
+	"github.com/cloudflare/cfssl/log"
+)
+
+// HardFail determines whether the failure to check the revocation
+// status of a certificate (i.e. due to network failure) causes
+// verification to fail (a hard failure).
+var HardFail = false
+
+// TODO (kyle): figure out a good mechanism for OCSP; this requires
+// presenting both the certificate and the issuer, and we don't have a
+// good way at this time of getting the issuer.
+
+// CRLSet associates a PKIX certificate list with the URL the CRL is
+// fetched from.
+var CRLSet = map[string]*pkix.CertificateList{}
+
+// We can't handle LDAP certificates, so this checks to see if the
+// URL string points to an LDAP resource so that we can ignore it.
+func ldapURL(url string) bool {
+	u, err := neturl.Parse(url)
+	if err != nil {
+		log.Warningf("invalid url %s: %v", url, err)
+		return false
+	}
+	if u.Scheme == "ldap" {
+		return true
+	}
+	return false
+}
+
+// revCheck should check the certificate for any revocations. It
+// returns a pair of booleans: the first indicates whether the certificate
+// is revoked, the second indicates whether the revocations were
+// successfully checked.. This leads to the following combinations:
+//
+//	false, false: an error was encountered while checking revocations.
+//
+//	false, true:  the certificate was checked successfully and
+//		      it is not revoked.
+//
+//      true, true:   the certificate was checked successfully and
+//		      it is revoked.
+func revCheck(cert *x509.Certificate) (revoked, ok bool) {
+	for _, url := range cert.CRLDistributionPoints {
+		if ldapURL(url) {
+			log.Infof("skipping LDAP CRL: %s", url)
+			continue
+		}
+
+		if revoked, ok := certIsRevokedCRL(cert, url); !ok {
+			log.Warning("error checking revocation via CRL")
+			if HardFail {
+				return true, false
+			}
+			return false, false
+		} else if revoked {
+			log.Info("certificate is revoked via CRL")
+			return true, true
+		}
+	}
+
+	return false, true
+}
+
+// fetchCRL fetches and parses a CRL.
+func fetchCRL(url string) (*pkix.CertificateList, error) {
+	resp, err := http.Get(url)
+	if err != nil {
+		return nil, err
+	} else if resp.StatusCode >= 300 {
+		return nil, errors.New("failed to retrieve CRL")
+	}
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	resp.Body.Close()
+
+	return x509.ParseCRL(body)
+}
+
+// check a cert against a specific CRL. Returns the same bool pair
+// as revCheck.
+func certIsRevokedCRL(cert *x509.Certificate, url string) (revoked, ok bool) {
+	crl, ok := CRLSet[url]
+	if ok && crl == nil {
+		ok = false
+		delete(CRLSet, url)
+	}
+
+	var shouldFetchCRL = true
+	if ok {
+		if !crl.HasExpired(time.Now()) {
+			shouldFetchCRL = false
+		}
+	}
+
+	if shouldFetchCRL {
+		var err error
+		crl, err = fetchCRL(url)
+		if err != nil {
+			log.Warningf("failed to fetch CRL: %v", err)
+			return false, false
+		}
+		CRLSet[url] = crl
+	}
+
+	for _, revoked := range crl.TBSCertList.RevokedCertificates {
+		if cert.SerialNumber.Cmp(revoked.SerialNumber) == 0 {
+			log.Info("Serial number match: intermediate is revoked.")
+			return true, true
+		}
+	}
+
+	return false, true
+}
+
+// VerifyCertificate ensures that the certificate passed in hasn't
+// expired and checks the CRL for the server.
+func VerifyCertificate(cert *x509.Certificate) (revoked, ok bool) {
+	if !time.Now().Before(cert.NotAfter) {
+		log.Infof("Certificate expired %s\n", cert.NotAfter)
+		return true, true
+	} else if !time.Now().After(cert.NotBefore) {
+		log.Infof("Certificate isn't valid until %s\n", cert.NotBefore)
+		return true, true
+	}
+
+	return revCheck(cert)
+}
diff --git a/vendor/golang.org/x/text/transform/transform.go b/vendor/golang.org/x/text/transform/transform.go
index 520b9ada..fe47b9b3 100644
--- a/vendor/golang.org/x/text/transform/transform.go
+++ b/vendor/golang.org/x/text/transform/transform.go
@@ -78,8 +78,8 @@ type SpanningTransformer interface {
 	// considering the error err.
 	//
 	// A nil error means that all input bytes are known to be identical to the
-	// output produced by the Transformer. A nil error can be returned
-	// regardless of whether atEOF is true. If err is nil, then n must
+	// output produced by the Transformer. A nil error can be be returned
+	// regardless of whether atEOF is true. If err is nil, then then n must
 	// equal len(src); the converse is not necessarily true.
 	//
 	// ErrEndOfSpan means that the Transformer output may differ from the
@@ -493,7 +493,7 @@ func (c *chain) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err erro
 	return dstL.n, srcL.p, err
 }
 
-// Deprecated: Use runes.Remove instead.
+// Deprecated: use runes.Remove instead.
 func RemoveFunc(f func(r rune) bool) Transformer {
 	return removeF(f)
 }
diff --git a/vendor/golang.org/x/text/unicode/bidi/bidi.go b/vendor/golang.org/x/text/unicode/bidi/bidi.go
index e8edc54c..3fc4a625 100644
--- a/vendor/golang.org/x/text/unicode/bidi/bidi.go
+++ b/vendor/golang.org/x/text/unicode/bidi/bidi.go
@@ -6,7 +6,7 @@
 
 // Package bidi contains functionality for bidirectional text support.
 //
-// See https://www.unicode.org/reports/tr9.
+// See http://www.unicode.org/reports/tr9.
 //
 // NOTE: UNDER CONSTRUCTION. This API may change in backwards incompatible ways
 // and without notice.
diff --git a/vendor/golang.org/x/text/unicode/bidi/bracket.go b/vendor/golang.org/x/text/unicode/bidi/bracket.go
index 18539397..601e2592 100644
--- a/vendor/golang.org/x/text/unicode/bidi/bracket.go
+++ b/vendor/golang.org/x/text/unicode/bidi/bracket.go
@@ -12,7 +12,7 @@ import (
 
 // This file contains a port of the reference implementation of the
 // Bidi Parentheses Algorithm:
-// https://www.unicode.org/Public/PROGRAMS/BidiReferenceJava/BidiPBAReference.java
+// http://www.unicode.org/Public/PROGRAMS/BidiReferenceJava/BidiPBAReference.java
 //
 // The implementation in this file covers definitions BD14-BD16 and rule N0
 // of UAX#9.
@@ -246,7 +246,7 @@ func (p *bracketPairer) getStrongTypeN0(index int) Class {
 // assuming the given embedding direction.
 //
 // It returns ON if no strong type is found. If a single strong type is found,
-// it returns this type. Otherwise it returns the embedding direction.
+// it returns this this type. Otherwise it returns the embedding direction.
 //
 // TODO: use separate type for "strong" directionality.
 func (p *bracketPairer) classifyPairContent(loc bracketPair, dirEmbed Class) Class {
diff --git a/vendor/golang.org/x/text/unicode/bidi/core.go b/vendor/golang.org/x/text/unicode/bidi/core.go
index 48d14400..d4c1399f 100644
--- a/vendor/golang.org/x/text/unicode/bidi/core.go
+++ b/vendor/golang.org/x/text/unicode/bidi/core.go
@@ -7,7 +7,7 @@ package bidi
 import "log"
 
 // This implementation is a port based on the reference implementation found at:
-// https://www.unicode.org/Public/PROGRAMS/BidiReferenceJava/
+// http://www.unicode.org/Public/PROGRAMS/BidiReferenceJava/
 //
 // described in Unicode Bidirectional Algorithm (UAX #9).
 //
diff --git a/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go b/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go
index d8c94e1b..2e1ff195 100644
--- a/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go
+++ b/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go
@@ -1,6 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
-// +build go1.10,!go1.13
+// +build go1.10
 
 package bidi
 
diff --git a/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go b/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go
deleted file mode 100644
index 022e3c69..00000000
--- a/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go
+++ /dev/null
@@ -1,1887 +0,0 @@
-// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
-
-// +build go1.13
-
-package bidi
-
-// UnicodeVersion is the Unicode version from which the tables in this package are derived.
-const UnicodeVersion = "11.0.0"
-
-// xorMasks contains masks to be xor-ed with brackets to get the reverse
-// version.
-var xorMasks = []int32{ // 8 elements
-	0, 1, 6, 7, 3, 15, 29, 63,
-} // Size: 56 bytes
-
-// lookup returns the trie value for the first UTF-8 encoding in s and
-// the width in bytes of this encoding. The size will be 0 if s does not
-// hold enough bytes to complete the encoding. len(s) must be greater than 0.
-func (t *bidiTrie) lookup(s []byte) (v uint8, sz int) {
-	c0 := s[0]
-	switch {
-	case c0 < 0x80: // is ASCII
-		return bidiValues[c0], 1
-	case c0 < 0xC2:
-		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
-	case c0 < 0xE0: // 2-byte UTF-8
-		if len(s) < 2 {
-			return 0, 0
-		}
-		i := bidiIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c1), 2
-	case c0 < 0xF0: // 3-byte UTF-8
-		if len(s) < 3 {
-			return 0, 0
-		}
-		i := bidiIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		o := uint32(i)<<6 + uint32(c1)
-		i = bidiIndex[o]
-		c2 := s[2]
-		if c2 < 0x80 || 0xC0 <= c2 {
-			return 0, 2 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c2), 3
-	case c0 < 0xF8: // 4-byte UTF-8
-		if len(s) < 4 {
-			return 0, 0
-		}
-		i := bidiIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		o := uint32(i)<<6 + uint32(c1)
-		i = bidiIndex[o]
-		c2 := s[2]
-		if c2 < 0x80 || 0xC0 <= c2 {
-			return 0, 2 // Illegal UTF-8: not a continuation byte.
-		}
-		o = uint32(i)<<6 + uint32(c2)
-		i = bidiIndex[o]
-		c3 := s[3]
-		if c3 < 0x80 || 0xC0 <= c3 {
-			return 0, 3 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c3), 4
-	}
-	// Illegal rune
-	return 0, 1
-}
-
-// lookupUnsafe returns the trie value for the first UTF-8 encoding in s.
-// s must start with a full and valid UTF-8 encoded rune.
-func (t *bidiTrie) lookupUnsafe(s []byte) uint8 {
-	c0 := s[0]
-	if c0 < 0x80 { // is ASCII
-		return bidiValues[c0]
-	}
-	i := bidiIndex[c0]
-	if c0 < 0xE0 { // 2-byte UTF-8
-		return t.lookupValue(uint32(i), s[1])
-	}
-	i = bidiIndex[uint32(i)<<6+uint32(s[1])]
-	if c0 < 0xF0 { // 3-byte UTF-8
-		return t.lookupValue(uint32(i), s[2])
-	}
-	i = bidiIndex[uint32(i)<<6+uint32(s[2])]
-	if c0 < 0xF8 { // 4-byte UTF-8
-		return t.lookupValue(uint32(i), s[3])
-	}
-	return 0
-}
-
-// lookupString returns the trie value for the first UTF-8 encoding in s and
-// the width in bytes of this encoding. The size will be 0 if s does not
-// hold enough bytes to complete the encoding. len(s) must be greater than 0.
-func (t *bidiTrie) lookupString(s string) (v uint8, sz int) {
-	c0 := s[0]
-	switch {
-	case c0 < 0x80: // is ASCII
-		return bidiValues[c0], 1
-	case c0 < 0xC2:
-		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
-	case c0 < 0xE0: // 2-byte UTF-8
-		if len(s) < 2 {
-			return 0, 0
-		}
-		i := bidiIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c1), 2
-	case c0 < 0xF0: // 3-byte UTF-8
-		if len(s) < 3 {
-			return 0, 0
-		}
-		i := bidiIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		o := uint32(i)<<6 + uint32(c1)
-		i = bidiIndex[o]
-		c2 := s[2]
-		if c2 < 0x80 || 0xC0 <= c2 {
-			return 0, 2 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c2), 3
-	case c0 < 0xF8: // 4-byte UTF-8
-		if len(s) < 4 {
-			return 0, 0
-		}
-		i := bidiIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		o := uint32(i)<<6 + uint32(c1)
-		i = bidiIndex[o]
-		c2 := s[2]
-		if c2 < 0x80 || 0xC0 <= c2 {
-			return 0, 2 // Illegal UTF-8: not a continuation byte.
-		}
-		o = uint32(i)<<6 + uint32(c2)
-		i = bidiIndex[o]
-		c3 := s[3]
-		if c3 < 0x80 || 0xC0 <= c3 {
-			return 0, 3 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c3), 4
-	}
-	// Illegal rune
-	return 0, 1
-}
-
-// lookupStringUnsafe returns the trie value for the first UTF-8 encoding in s.
-// s must start with a full and valid UTF-8 encoded rune.
-func (t *bidiTrie) lookupStringUnsafe(s string) uint8 {
-	c0 := s[0]
-	if c0 < 0x80 { // is ASCII
-		return bidiValues[c0]
-	}
-	i := bidiIndex[c0]
-	if c0 < 0xE0 { // 2-byte UTF-8
-		return t.lookupValue(uint32(i), s[1])
-	}
-	i = bidiIndex[uint32(i)<<6+uint32(s[1])]
-	if c0 < 0xF0 { // 3-byte UTF-8
-		return t.lookupValue(uint32(i), s[2])
-	}
-	i = bidiIndex[uint32(i)<<6+uint32(s[2])]
-	if c0 < 0xF8 { // 4-byte UTF-8
-		return t.lookupValue(uint32(i), s[3])
-	}
-	return 0
-}
-
-// bidiTrie. Total size: 16512 bytes (16.12 KiB). Checksum: 2a9cf1317f2ffaa.
-type bidiTrie struct{}
-
-func newBidiTrie(i int) *bidiTrie {
-	return &bidiTrie{}
-}
-
-// lookupValue determines the type of block n and looks up the value for b.
-func (t *bidiTrie) lookupValue(n uint32, b byte) uint8 {
-	switch {
-	default:
-		return uint8(bidiValues[n<<6+uint32(b)])
-	}
-}
-
-// bidiValues: 234 blocks, 14976 entries, 14976 bytes
-// The third block is the zero block.
-var bidiValues = [14976]uint8{
-	// Block 0x0, offset 0x0
-	0x00: 0x000b, 0x01: 0x000b, 0x02: 0x000b, 0x03: 0x000b, 0x04: 0x000b, 0x05: 0x000b,
-	0x06: 0x000b, 0x07: 0x000b, 0x08: 0x000b, 0x09: 0x0008, 0x0a: 0x0007, 0x0b: 0x0008,
-	0x0c: 0x0009, 0x0d: 0x0007, 0x0e: 0x000b, 0x0f: 0x000b, 0x10: 0x000b, 0x11: 0x000b,
-	0x12: 0x000b, 0x13: 0x000b, 0x14: 0x000b, 0x15: 0x000b, 0x16: 0x000b, 0x17: 0x000b,
-	0x18: 0x000b, 0x19: 0x000b, 0x1a: 0x000b, 0x1b: 0x000b, 0x1c: 0x0007, 0x1d: 0x0007,
-	0x1e: 0x0007, 0x1f: 0x0008, 0x20: 0x0009, 0x21: 0x000a, 0x22: 0x000a, 0x23: 0x0004,
-	0x24: 0x0004, 0x25: 0x0004, 0x26: 0x000a, 0x27: 0x000a, 0x28: 0x003a, 0x29: 0x002a,
-	0x2a: 0x000a, 0x2b: 0x0003, 0x2c: 0x0006, 0x2d: 0x0003, 0x2e: 0x0006, 0x2f: 0x0006,
-	0x30: 0x0002, 0x31: 0x0002, 0x32: 0x0002, 0x33: 0x0002, 0x34: 0x0002, 0x35: 0x0002,
-	0x36: 0x0002, 0x37: 0x0002, 0x38: 0x0002, 0x39: 0x0002, 0x3a: 0x0006, 0x3b: 0x000a,
-	0x3c: 0x000a, 0x3d: 0x000a, 0x3e: 0x000a, 0x3f: 0x000a,
-	// Block 0x1, offset 0x40
-	0x40: 0x000a,
-	0x5b: 0x005a, 0x5c: 0x000a, 0x5d: 0x004a,
-	0x5e: 0x000a, 0x5f: 0x000a, 0x60: 0x000a,
-	0x7b: 0x005a,
-	0x7c: 0x000a, 0x7d: 0x004a, 0x7e: 0x000a, 0x7f: 0x000b,
-	// Block 0x2, offset 0x80
-	// Block 0x3, offset 0xc0
-	0xc0: 0x000b, 0xc1: 0x000b, 0xc2: 0x000b, 0xc3: 0x000b, 0xc4: 0x000b, 0xc5: 0x0007,
-	0xc6: 0x000b, 0xc7: 0x000b, 0xc8: 0x000b, 0xc9: 0x000b, 0xca: 0x000b, 0xcb: 0x000b,
-	0xcc: 0x000b, 0xcd: 0x000b, 0xce: 0x000b, 0xcf: 0x000b, 0xd0: 0x000b, 0xd1: 0x000b,
-	0xd2: 0x000b, 0xd3: 0x000b, 0xd4: 0x000b, 0xd5: 0x000b, 0xd6: 0x000b, 0xd7: 0x000b,
-	0xd8: 0x000b, 0xd9: 0x000b, 0xda: 0x000b, 0xdb: 0x000b, 0xdc: 0x000b, 0xdd: 0x000b,
-	0xde: 0x000b, 0xdf: 0x000b, 0xe0: 0x0006, 0xe1: 0x000a, 0xe2: 0x0004, 0xe3: 0x0004,
-	0xe4: 0x0004, 0xe5: 0x0004, 0xe6: 0x000a, 0xe7: 0x000a, 0xe8: 0x000a, 0xe9: 0x000a,
-	0xeb: 0x000a, 0xec: 0x000a, 0xed: 0x000b, 0xee: 0x000a, 0xef: 0x000a,
-	0xf0: 0x0004, 0xf1: 0x0004, 0xf2: 0x0002, 0xf3: 0x0002, 0xf4: 0x000a,
-	0xf6: 0x000a, 0xf7: 0x000a, 0xf8: 0x000a, 0xf9: 0x0002, 0xfb: 0x000a,
-	0xfc: 0x000a, 0xfd: 0x000a, 0xfe: 0x000a, 0xff: 0x000a,
-	// Block 0x4, offset 0x100
-	0x117: 0x000a,
-	0x137: 0x000a,
-	// Block 0x5, offset 0x140
-	0x179: 0x000a, 0x17a: 0x000a,
-	// Block 0x6, offset 0x180
-	0x182: 0x000a, 0x183: 0x000a, 0x184: 0x000a, 0x185: 0x000a,
-	0x186: 0x000a, 0x187: 0x000a, 0x188: 0x000a, 0x189: 0x000a, 0x18a: 0x000a, 0x18b: 0x000a,
-	0x18c: 0x000a, 0x18d: 0x000a, 0x18e: 0x000a, 0x18f: 0x000a,
-	0x192: 0x000a, 0x193: 0x000a, 0x194: 0x000a, 0x195: 0x000a, 0x196: 0x000a, 0x197: 0x000a,
-	0x198: 0x000a, 0x199: 0x000a, 0x19a: 0x000a, 0x19b: 0x000a, 0x19c: 0x000a, 0x19d: 0x000a,
-	0x19e: 0x000a, 0x19f: 0x000a,
-	0x1a5: 0x000a, 0x1a6: 0x000a, 0x1a7: 0x000a, 0x1a8: 0x000a, 0x1a9: 0x000a,
-	0x1aa: 0x000a, 0x1ab: 0x000a, 0x1ac: 0x000a, 0x1ad: 0x000a, 0x1af: 0x000a,
-	0x1b0: 0x000a, 0x1b1: 0x000a, 0x1b2: 0x000a, 0x1b3: 0x000a, 0x1b4: 0x000a, 0x1b5: 0x000a,
-	0x1b6: 0x000a, 0x1b7: 0x000a, 0x1b8: 0x000a, 0x1b9: 0x000a, 0x1ba: 0x000a, 0x1bb: 0x000a,
-	0x1bc: 0x000a, 0x1bd: 0x000a, 0x1be: 0x000a, 0x1bf: 0x000a,
-	// Block 0x7, offset 0x1c0
-	0x1c0: 0x000c, 0x1c1: 0x000c, 0x1c2: 0x000c, 0x1c3: 0x000c, 0x1c4: 0x000c, 0x1c5: 0x000c,
-	0x1c6: 0x000c, 0x1c7: 0x000c, 0x1c8: 0x000c, 0x1c9: 0x000c, 0x1ca: 0x000c, 0x1cb: 0x000c,
-	0x1cc: 0x000c, 0x1cd: 0x000c, 0x1ce: 0x000c, 0x1cf: 0x000c, 0x1d0: 0x000c, 0x1d1: 0x000c,
-	0x1d2: 0x000c, 0x1d3: 0x000c, 0x1d4: 0x000c, 0x1d5: 0x000c, 0x1d6: 0x000c, 0x1d7: 0x000c,
-	0x1d8: 0x000c, 0x1d9: 0x000c, 0x1da: 0x000c, 0x1db: 0x000c, 0x1dc: 0x000c, 0x1dd: 0x000c,
-	0x1de: 0x000c, 0x1df: 0x000c, 0x1e0: 0x000c, 0x1e1: 0x000c, 0x1e2: 0x000c, 0x1e3: 0x000c,
-	0x1e4: 0x000c, 0x1e5: 0x000c, 0x1e6: 0x000c, 0x1e7: 0x000c, 0x1e8: 0x000c, 0x1e9: 0x000c,
-	0x1ea: 0x000c, 0x1eb: 0x000c, 0x1ec: 0x000c, 0x1ed: 0x000c, 0x1ee: 0x000c, 0x1ef: 0x000c,
-	0x1f0: 0x000c, 0x1f1: 0x000c, 0x1f2: 0x000c, 0x1f3: 0x000c, 0x1f4: 0x000c, 0x1f5: 0x000c,
-	0x1f6: 0x000c, 0x1f7: 0x000c, 0x1f8: 0x000c, 0x1f9: 0x000c, 0x1fa: 0x000c, 0x1fb: 0x000c,
-	0x1fc: 0x000c, 0x1fd: 0x000c, 0x1fe: 0x000c, 0x1ff: 0x000c,
-	// Block 0x8, offset 0x200
-	0x200: 0x000c, 0x201: 0x000c, 0x202: 0x000c, 0x203: 0x000c, 0x204: 0x000c, 0x205: 0x000c,
-	0x206: 0x000c, 0x207: 0x000c, 0x208: 0x000c, 0x209: 0x000c, 0x20a: 0x000c, 0x20b: 0x000c,
-	0x20c: 0x000c, 0x20d: 0x000c, 0x20e: 0x000c, 0x20f: 0x000c, 0x210: 0x000c, 0x211: 0x000c,
-	0x212: 0x000c, 0x213: 0x000c, 0x214: 0x000c, 0x215: 0x000c, 0x216: 0x000c, 0x217: 0x000c,
-	0x218: 0x000c, 0x219: 0x000c, 0x21a: 0x000c, 0x21b: 0x000c, 0x21c: 0x000c, 0x21d: 0x000c,
-	0x21e: 0x000c, 0x21f: 0x000c, 0x220: 0x000c, 0x221: 0x000c, 0x222: 0x000c, 0x223: 0x000c,
-	0x224: 0x000c, 0x225: 0x000c, 0x226: 0x000c, 0x227: 0x000c, 0x228: 0x000c, 0x229: 0x000c,
-	0x22a: 0x000c, 0x22b: 0x000c, 0x22c: 0x000c, 0x22d: 0x000c, 0x22e: 0x000c, 0x22f: 0x000c,
-	0x234: 0x000a, 0x235: 0x000a,
-	0x23e: 0x000a,
-	// Block 0x9, offset 0x240
-	0x244: 0x000a, 0x245: 0x000a,
-	0x247: 0x000a,
-	// Block 0xa, offset 0x280
-	0x2b6: 0x000a,
-	// Block 0xb, offset 0x2c0
-	0x2c3: 0x000c, 0x2c4: 0x000c, 0x2c5: 0x000c,
-	0x2c6: 0x000c, 0x2c7: 0x000c, 0x2c8: 0x000c, 0x2c9: 0x000c,
-	// Block 0xc, offset 0x300
-	0x30a: 0x000a,
-	0x30d: 0x000a, 0x30e: 0x000a, 0x30f: 0x0004, 0x310: 0x0001, 0x311: 0x000c,
-	0x312: 0x000c, 0x313: 0x000c, 0x314: 0x000c, 0x315: 0x000c, 0x316: 0x000c, 0x317: 0x000c,
-	0x318: 0x000c, 0x319: 0x000c, 0x31a: 0x000c, 0x31b: 0x000c, 0x31c: 0x000c, 0x31d: 0x000c,
-	0x31e: 0x000c, 0x31f: 0x000c, 0x320: 0x000c, 0x321: 0x000c, 0x322: 0x000c, 0x323: 0x000c,
-	0x324: 0x000c, 0x325: 0x000c, 0x326: 0x000c, 0x327: 0x000c, 0x328: 0x000c, 0x329: 0x000c,
-	0x32a: 0x000c, 0x32b: 0x000c, 0x32c: 0x000c, 0x32d: 0x000c, 0x32e: 0x000c, 0x32f: 0x000c,
-	0x330: 0x000c, 0x331: 0x000c, 0x332: 0x000c, 0x333: 0x000c, 0x334: 0x000c, 0x335: 0x000c,
-	0x336: 0x000c, 0x337: 0x000c, 0x338: 0x000c, 0x339: 0x000c, 0x33a: 0x000c, 0x33b: 0x000c,
-	0x33c: 0x000c, 0x33d: 0x000c, 0x33e: 0x0001, 0x33f: 0x000c,
-	// Block 0xd, offset 0x340
-	0x340: 0x0001, 0x341: 0x000c, 0x342: 0x000c, 0x343: 0x0001, 0x344: 0x000c, 0x345: 0x000c,
-	0x346: 0x0001, 0x347: 0x000c, 0x348: 0x0001, 0x349: 0x0001, 0x34a: 0x0001, 0x34b: 0x0001,
-	0x34c: 0x0001, 0x34d: 0x0001, 0x34e: 0x0001, 0x34f: 0x0001, 0x350: 0x0001, 0x351: 0x0001,
-	0x352: 0x0001, 0x353: 0x0001, 0x354: 0x0001, 0x355: 0x0001, 0x356: 0x0001, 0x357: 0x0001,
-	0x358: 0x0001, 0x359: 0x0001, 0x35a: 0x0001, 0x35b: 0x0001, 0x35c: 0x0001, 0x35d: 0x0001,
-	0x35e: 0x0001, 0x35f: 0x0001, 0x360: 0x0001, 0x361: 0x0001, 0x362: 0x0001, 0x363: 0x0001,
-	0x364: 0x0001, 0x365: 0x0001, 0x366: 0x0001, 0x367: 0x0001, 0x368: 0x0001, 0x369: 0x0001,
-	0x36a: 0x0001, 0x36b: 0x0001, 0x36c: 0x0001, 0x36d: 0x0001, 0x36e: 0x0001, 0x36f: 0x0001,
-	0x370: 0x0001, 0x371: 0x0001, 0x372: 0x0001, 0x373: 0x0001, 0x374: 0x0001, 0x375: 0x0001,
-	0x376: 0x0001, 0x377: 0x0001, 0x378: 0x0001, 0x379: 0x0001, 0x37a: 0x0001, 0x37b: 0x0001,
-	0x37c: 0x0001, 0x37d: 0x0001, 0x37e: 0x0001, 0x37f: 0x0001,
-	// Block 0xe, offset 0x380
-	0x380: 0x0005, 0x381: 0x0005, 0x382: 0x0005, 0x383: 0x0005, 0x384: 0x0005, 0x385: 0x0005,
-	0x386: 0x000a, 0x387: 0x000a, 0x388: 0x000d, 0x389: 0x0004, 0x38a: 0x0004, 0x38b: 0x000d,
-	0x38c: 0x0006, 0x38d: 0x000d, 0x38e: 0x000a, 0x38f: 0x000a, 0x390: 0x000c, 0x391: 0x000c,
-	0x392: 0x000c, 0x393: 0x000c, 0x394: 0x000c, 0x395: 0x000c, 0x396: 0x000c, 0x397: 0x000c,
-	0x398: 0x000c, 0x399: 0x000c, 0x39a: 0x000c, 0x39b: 0x000d, 0x39c: 0x000d, 0x39d: 0x000d,
-	0x39e: 0x000d, 0x39f: 0x000d, 0x3a0: 0x000d, 0x3a1: 0x000d, 0x3a2: 0x000d, 0x3a3: 0x000d,
-	0x3a4: 0x000d, 0x3a5: 0x000d, 0x3a6: 0x000d, 0x3a7: 0x000d, 0x3a8: 0x000d, 0x3a9: 0x000d,
-	0x3aa: 0x000d, 0x3ab: 0x000d, 0x3ac: 0x000d, 0x3ad: 0x000d, 0x3ae: 0x000d, 0x3af: 0x000d,
-	0x3b0: 0x000d, 0x3b1: 0x000d, 0x3b2: 0x000d, 0x3b3: 0x000d, 0x3b4: 0x000d, 0x3b5: 0x000d,
-	0x3b6: 0x000d, 0x3b7: 0x000d, 0x3b8: 0x000d, 0x3b9: 0x000d, 0x3ba: 0x000d, 0x3bb: 0x000d,
-	0x3bc: 0x000d, 0x3bd: 0x000d, 0x3be: 0x000d, 0x3bf: 0x000d,
-	// Block 0xf, offset 0x3c0
-	0x3c0: 0x000d, 0x3c1: 0x000d, 0x3c2: 0x000d, 0x3c3: 0x000d, 0x3c4: 0x000d, 0x3c5: 0x000d,
-	0x3c6: 0x000d, 0x3c7: 0x000d, 0x3c8: 0x000d, 0x3c9: 0x000d, 0x3ca: 0x000d, 0x3cb: 0x000c,
-	0x3cc: 0x000c, 0x3cd: 0x000c, 0x3ce: 0x000c, 0x3cf: 0x000c, 0x3d0: 0x000c, 0x3d1: 0x000c,
-	0x3d2: 0x000c, 0x3d3: 0x000c, 0x3d4: 0x000c, 0x3d5: 0x000c, 0x3d6: 0x000c, 0x3d7: 0x000c,
-	0x3d8: 0x000c, 0x3d9: 0x000c, 0x3da: 0x000c, 0x3db: 0x000c, 0x3dc: 0x000c, 0x3dd: 0x000c,
-	0x3de: 0x000c, 0x3df: 0x000c, 0x3e0: 0x0005, 0x3e1: 0x0005, 0x3e2: 0x0005, 0x3e3: 0x0005,
-	0x3e4: 0x0005, 0x3e5: 0x0005, 0x3e6: 0x0005, 0x3e7: 0x0005, 0x3e8: 0x0005, 0x3e9: 0x0005,
-	0x3ea: 0x0004, 0x3eb: 0x0005, 0x3ec: 0x0005, 0x3ed: 0x000d, 0x3ee: 0x000d, 0x3ef: 0x000d,
-	0x3f0: 0x000c, 0x3f1: 0x000d, 0x3f2: 0x000d, 0x3f3: 0x000d, 0x3f4: 0x000d, 0x3f5: 0x000d,
-	0x3f6: 0x000d, 0x3f7: 0x000d, 0x3f8: 0x000d, 0x3f9: 0x000d, 0x3fa: 0x000d, 0x3fb: 0x000d,
-	0x3fc: 0x000d, 0x3fd: 0x000d, 0x3fe: 0x000d, 0x3ff: 0x000d,
-	// Block 0x10, offset 0x400
-	0x400: 0x000d, 0x401: 0x000d, 0x402: 0x000d, 0x403: 0x000d, 0x404: 0x000d, 0x405: 0x000d,
-	0x406: 0x000d, 0x407: 0x000d, 0x408: 0x000d, 0x409: 0x000d, 0x40a: 0x000d, 0x40b: 0x000d,
-	0x40c: 0x000d, 0x40d: 0x000d, 0x40e: 0x000d, 0x40f: 0x000d, 0x410: 0x000d, 0x411: 0x000d,
-	0x412: 0x000d, 0x413: 0x000d, 0x414: 0x000d, 0x415: 0x000d, 0x416: 0x000d, 0x417: 0x000d,
-	0x418: 0x000d, 0x419: 0x000d, 0x41a: 0x000d, 0x41b: 0x000d, 0x41c: 0x000d, 0x41d: 0x000d,
-	0x41e: 0x000d, 0x41f: 0x000d, 0x420: 0x000d, 0x421: 0x000d, 0x422: 0x000d, 0x423: 0x000d,
-	0x424: 0x000d, 0x425: 0x000d, 0x426: 0x000d, 0x427: 0x000d, 0x428: 0x000d, 0x429: 0x000d,
-	0x42a: 0x000d, 0x42b: 0x000d, 0x42c: 0x000d, 0x42d: 0x000d, 0x42e: 0x000d, 0x42f: 0x000d,
-	0x430: 0x000d, 0x431: 0x000d, 0x432: 0x000d, 0x433: 0x000d, 0x434: 0x000d, 0x435: 0x000d,
-	0x436: 0x000d, 0x437: 0x000d, 0x438: 0x000d, 0x439: 0x000d, 0x43a: 0x000d, 0x43b: 0x000d,
-	0x43c: 0x000d, 0x43d: 0x000d, 0x43e: 0x000d, 0x43f: 0x000d,
-	// Block 0x11, offset 0x440
-	0x440: 0x000d, 0x441: 0x000d, 0x442: 0x000d, 0x443: 0x000d, 0x444: 0x000d, 0x445: 0x000d,
-	0x446: 0x000d, 0x447: 0x000d, 0x448: 0x000d, 0x449: 0x000d, 0x44a: 0x000d, 0x44b: 0x000d,
-	0x44c: 0x000d, 0x44d: 0x000d, 0x44e: 0x000d, 0x44f: 0x000d, 0x450: 0x000d, 0x451: 0x000d,
-	0x452: 0x000d, 0x453: 0x000d, 0x454: 0x000d, 0x455: 0x000d, 0x456: 0x000c, 0x457: 0x000c,
-	0x458: 0x000c, 0x459: 0x000c, 0x45a: 0x000c, 0x45b: 0x000c, 0x45c: 0x000c, 0x45d: 0x0005,
-	0x45e: 0x000a, 0x45f: 0x000c, 0x460: 0x000c, 0x461: 0x000c, 0x462: 0x000c, 0x463: 0x000c,
-	0x464: 0x000c, 0x465: 0x000d, 0x466: 0x000d, 0x467: 0x000c, 0x468: 0x000c, 0x469: 0x000a,
-	0x46a: 0x000c, 0x46b: 0x000c, 0x46c: 0x000c, 0x46d: 0x000c, 0x46e: 0x000d, 0x46f: 0x000d,
-	0x470: 0x0002, 0x471: 0x0002, 0x472: 0x0002, 0x473: 0x0002, 0x474: 0x0002, 0x475: 0x0002,
-	0x476: 0x0002, 0x477: 0x0002, 0x478: 0x0002, 0x479: 0x0002, 0x47a: 0x000d, 0x47b: 0x000d,
-	0x47c: 0x000d, 0x47d: 0x000d, 0x47e: 0x000d, 0x47f: 0x000d,
-	// Block 0x12, offset 0x480
-	0x480: 0x000d, 0x481: 0x000d, 0x482: 0x000d, 0x483: 0x000d, 0x484: 0x000d, 0x485: 0x000d,
-	0x486: 0x000d, 0x487: 0x000d, 0x488: 0x000d, 0x489: 0x000d, 0x48a: 0x000d, 0x48b: 0x000d,
-	0x48c: 0x000d, 0x48d: 0x000d, 0x48e: 0x000d, 0x48f: 0x000d, 0x490: 0x000d, 0x491: 0x000c,
-	0x492: 0x000d, 0x493: 0x000d, 0x494: 0x000d, 0x495: 0x000d, 0x496: 0x000d, 0x497: 0x000d,
-	0x498: 0x000d, 0x499: 0x000d, 0x49a: 0x000d, 0x49b: 0x000d, 0x49c: 0x000d, 0x49d: 0x000d,
-	0x49e: 0x000d, 0x49f: 0x000d, 0x4a0: 0x000d, 0x4a1: 0x000d, 0x4a2: 0x000d, 0x4a3: 0x000d,
-	0x4a4: 0x000d, 0x4a5: 0x000d, 0x4a6: 0x000d, 0x4a7: 0x000d, 0x4a8: 0x000d, 0x4a9: 0x000d,
-	0x4aa: 0x000d, 0x4ab: 0x000d, 0x4ac: 0x000d, 0x4ad: 0x000d, 0x4ae: 0x000d, 0x4af: 0x000d,
-	0x4b0: 0x000c, 0x4b1: 0x000c, 0x4b2: 0x000c, 0x4b3: 0x000c, 0x4b4: 0x000c, 0x4b5: 0x000c,
-	0x4b6: 0x000c, 0x4b7: 0x000c, 0x4b8: 0x000c, 0x4b9: 0x000c, 0x4ba: 0x000c, 0x4bb: 0x000c,
-	0x4bc: 0x000c, 0x4bd: 0x000c, 0x4be: 0x000c, 0x4bf: 0x000c,
-	// Block 0x13, offset 0x4c0
-	0x4c0: 0x000c, 0x4c1: 0x000c, 0x4c2: 0x000c, 0x4c3: 0x000c, 0x4c4: 0x000c, 0x4c5: 0x000c,
-	0x4c6: 0x000c, 0x4c7: 0x000c, 0x4c8: 0x000c, 0x4c9: 0x000c, 0x4ca: 0x000c, 0x4cb: 0x000d,
-	0x4cc: 0x000d, 0x4cd: 0x000d, 0x4ce: 0x000d, 0x4cf: 0x000d, 0x4d0: 0x000d, 0x4d1: 0x000d,
-	0x4d2: 0x000d, 0x4d3: 0x000d, 0x4d4: 0x000d, 0x4d5: 0x000d, 0x4d6: 0x000d, 0x4d7: 0x000d,
-	0x4d8: 0x000d, 0x4d9: 0x000d, 0x4da: 0x000d, 0x4db: 0x000d, 0x4dc: 0x000d, 0x4dd: 0x000d,
-	0x4de: 0x000d, 0x4df: 0x000d, 0x4e0: 0x000d, 0x4e1: 0x000d, 0x4e2: 0x000d, 0x4e3: 0x000d,
-	0x4e4: 0x000d, 0x4e5: 0x000d, 0x4e6: 0x000d, 0x4e7: 0x000d, 0x4e8: 0x000d, 0x4e9: 0x000d,
-	0x4ea: 0x000d, 0x4eb: 0x000d, 0x4ec: 0x000d, 0x4ed: 0x000d, 0x4ee: 0x000d, 0x4ef: 0x000d,
-	0x4f0: 0x000d, 0x4f1: 0x000d, 0x4f2: 0x000d, 0x4f3: 0x000d, 0x4f4: 0x000d, 0x4f5: 0x000d,
-	0x4f6: 0x000d, 0x4f7: 0x000d, 0x4f8: 0x000d, 0x4f9: 0x000d, 0x4fa: 0x000d, 0x4fb: 0x000d,
-	0x4fc: 0x000d, 0x4fd: 0x000d, 0x4fe: 0x000d, 0x4ff: 0x000d,
-	// Block 0x14, offset 0x500
-	0x500: 0x000d, 0x501: 0x000d, 0x502: 0x000d, 0x503: 0x000d, 0x504: 0x000d, 0x505: 0x000d,
-	0x506: 0x000d, 0x507: 0x000d, 0x508: 0x000d, 0x509: 0x000d, 0x50a: 0x000d, 0x50b: 0x000d,
-	0x50c: 0x000d, 0x50d: 0x000d, 0x50e: 0x000d, 0x50f: 0x000d, 0x510: 0x000d, 0x511: 0x000d,
-	0x512: 0x000d, 0x513: 0x000d, 0x514: 0x000d, 0x515: 0x000d, 0x516: 0x000d, 0x517: 0x000d,
-	0x518: 0x000d, 0x519: 0x000d, 0x51a: 0x000d, 0x51b: 0x000d, 0x51c: 0x000d, 0x51d: 0x000d,
-	0x51e: 0x000d, 0x51f: 0x000d, 0x520: 0x000d, 0x521: 0x000d, 0x522: 0x000d, 0x523: 0x000d,
-	0x524: 0x000d, 0x525: 0x000d, 0x526: 0x000c, 0x527: 0x000c, 0x528: 0x000c, 0x529: 0x000c,
-	0x52a: 0x000c, 0x52b: 0x000c, 0x52c: 0x000c, 0x52d: 0x000c, 0x52e: 0x000c, 0x52f: 0x000c,
-	0x530: 0x000c, 0x531: 0x000d, 0x532: 0x000d, 0x533: 0x000d, 0x534: 0x000d, 0x535: 0x000d,
-	0x536: 0x000d, 0x537: 0x000d, 0x538: 0x000d, 0x539: 0x000d, 0x53a: 0x000d, 0x53b: 0x000d,
-	0x53c: 0x000d, 0x53d: 0x000d, 0x53e: 0x000d, 0x53f: 0x000d,
-	// Block 0x15, offset 0x540
-	0x540: 0x0001, 0x541: 0x0001, 0x542: 0x0001, 0x543: 0x0001, 0x544: 0x0001, 0x545: 0x0001,
-	0x546: 0x0001, 0x547: 0x0001, 0x548: 0x0001, 0x549: 0x0001, 0x54a: 0x0001, 0x54b: 0x0001,
-	0x54c: 0x0001, 0x54d: 0x0001, 0x54e: 0x0001, 0x54f: 0x0001, 0x550: 0x0001, 0x551: 0x0001,
-	0x552: 0x0001, 0x553: 0x0001, 0x554: 0x0001, 0x555: 0x0001, 0x556: 0x0001, 0x557: 0x0001,
-	0x558: 0x0001, 0x559: 0x0001, 0x55a: 0x0001, 0x55b: 0x0001, 0x55c: 0x0001, 0x55d: 0x0001,
-	0x55e: 0x0001, 0x55f: 0x0001, 0x560: 0x0001, 0x561: 0x0001, 0x562: 0x0001, 0x563: 0x0001,
-	0x564: 0x0001, 0x565: 0x0001, 0x566: 0x0001, 0x567: 0x0001, 0x568: 0x0001, 0x569: 0x0001,
-	0x56a: 0x0001, 0x56b: 0x000c, 0x56c: 0x000c, 0x56d: 0x000c, 0x56e: 0x000c, 0x56f: 0x000c,
-	0x570: 0x000c, 0x571: 0x000c, 0x572: 0x000c, 0x573: 0x000c, 0x574: 0x0001, 0x575: 0x0001,
-	0x576: 0x000a, 0x577: 0x000a, 0x578: 0x000a, 0x579: 0x000a, 0x57a: 0x0001, 0x57b: 0x0001,
-	0x57c: 0x0001, 0x57d: 0x000c, 0x57e: 0x0001, 0x57f: 0x0001,
-	// Block 0x16, offset 0x580
-	0x580: 0x0001, 0x581: 0x0001, 0x582: 0x0001, 0x583: 0x0001, 0x584: 0x0001, 0x585: 0x0001,
-	0x586: 0x0001, 0x587: 0x0001, 0x588: 0x0001, 0x589: 0x0001, 0x58a: 0x0001, 0x58b: 0x0001,
-	0x58c: 0x0001, 0x58d: 0x0001, 0x58e: 0x0001, 0x58f: 0x0001, 0x590: 0x0001, 0x591: 0x0001,
-	0x592: 0x0001, 0x593: 0x0001, 0x594: 0x0001, 0x595: 0x0001, 0x596: 0x000c, 0x597: 0x000c,
-	0x598: 0x000c, 0x599: 0x000c, 0x59a: 0x0001, 0x59b: 0x000c, 0x59c: 0x000c, 0x59d: 0x000c,
-	0x59e: 0x000c, 0x59f: 0x000c, 0x5a0: 0x000c, 0x5a1: 0x000c, 0x5a2: 0x000c, 0x5a3: 0x000c,
-	0x5a4: 0x0001, 0x5a5: 0x000c, 0x5a6: 0x000c, 0x5a7: 0x000c, 0x5a8: 0x0001, 0x5a9: 0x000c,
-	0x5aa: 0x000c, 0x5ab: 0x000c, 0x5ac: 0x000c, 0x5ad: 0x000c, 0x5ae: 0x0001, 0x5af: 0x0001,
-	0x5b0: 0x0001, 0x5b1: 0x0001, 0x5b2: 0x0001, 0x5b3: 0x0001, 0x5b4: 0x0001, 0x5b5: 0x0001,
-	0x5b6: 0x0001, 0x5b7: 0x0001, 0x5b8: 0x0001, 0x5b9: 0x0001, 0x5ba: 0x0001, 0x5bb: 0x0001,
-	0x5bc: 0x0001, 0x5bd: 0x0001, 0x5be: 0x0001, 0x5bf: 0x0001,
-	// Block 0x17, offset 0x5c0
-	0x5c0: 0x0001, 0x5c1: 0x0001, 0x5c2: 0x0001, 0x5c3: 0x0001, 0x5c4: 0x0001, 0x5c5: 0x0001,
-	0x5c6: 0x0001, 0x5c7: 0x0001, 0x5c8: 0x0001, 0x5c9: 0x0001, 0x5ca: 0x0001, 0x5cb: 0x0001,
-	0x5cc: 0x0001, 0x5cd: 0x0001, 0x5ce: 0x0001, 0x5cf: 0x0001, 0x5d0: 0x0001, 0x5d1: 0x0001,
-	0x5d2: 0x0001, 0x5d3: 0x0001, 0x5d4: 0x0001, 0x5d5: 0x0001, 0x5d6: 0x0001, 0x5d7: 0x0001,
-	0x5d8: 0x0001, 0x5d9: 0x000c, 0x5da: 0x000c, 0x5db: 0x000c, 0x5dc: 0x0001, 0x5dd: 0x0001,
-	0x5de: 0x0001, 0x5df: 0x0001, 0x5e0: 0x000d, 0x5e1: 0x000d, 0x5e2: 0x000d, 0x5e3: 0x000d,
-	0x5e4: 0x000d, 0x5e5: 0x000d, 0x5e6: 0x000d, 0x5e7: 0x000d, 0x5e8: 0x000d, 0x5e9: 0x000d,
-	0x5ea: 0x000d, 0x5eb: 0x000d, 0x5ec: 0x000d, 0x5ed: 0x000d, 0x5ee: 0x000d, 0x5ef: 0x000d,
-	0x5f0: 0x0001, 0x5f1: 0x0001, 0x5f2: 0x0001, 0x5f3: 0x0001, 0x5f4: 0x0001, 0x5f5: 0x0001,
-	0x5f6: 0x0001, 0x5f7: 0x0001, 0x5f8: 0x0001, 0x5f9: 0x0001, 0x5fa: 0x0001, 0x5fb: 0x0001,
-	0x5fc: 0x0001, 0x5fd: 0x0001, 0x5fe: 0x0001, 0x5ff: 0x0001,
-	// Block 0x18, offset 0x600
-	0x600: 0x0001, 0x601: 0x0001, 0x602: 0x0001, 0x603: 0x0001, 0x604: 0x0001, 0x605: 0x0001,
-	0x606: 0x0001, 0x607: 0x0001, 0x608: 0x0001, 0x609: 0x0001, 0x60a: 0x0001, 0x60b: 0x0001,
-	0x60c: 0x0001, 0x60d: 0x0001, 0x60e: 0x0001, 0x60f: 0x0001, 0x610: 0x0001, 0x611: 0x0001,
-	0x612: 0x0001, 0x613: 0x0001, 0x614: 0x0001, 0x615: 0x0001, 0x616: 0x0001, 0x617: 0x0001,
-	0x618: 0x0001, 0x619: 0x0001, 0x61a: 0x0001, 0x61b: 0x0001, 0x61c: 0x0001, 0x61d: 0x0001,
-	0x61e: 0x0001, 0x61f: 0x0001, 0x620: 0x000d, 0x621: 0x000d, 0x622: 0x000d, 0x623: 0x000d,
-	0x624: 0x000d, 0x625: 0x000d, 0x626: 0x000d, 0x627: 0x000d, 0x628: 0x000d, 0x629: 0x000d,
-	0x62a: 0x000d, 0x62b: 0x000d, 0x62c: 0x000d, 0x62d: 0x000d, 0x62e: 0x000d, 0x62f: 0x000d,
-	0x630: 0x000d, 0x631: 0x000d, 0x632: 0x000d, 0x633: 0x000d, 0x634: 0x000d, 0x635: 0x000d,
-	0x636: 0x000d, 0x637: 0x000d, 0x638: 0x000d, 0x639: 0x000d, 0x63a: 0x000d, 0x63b: 0x000d,
-	0x63c: 0x000d, 0x63d: 0x000d, 0x63e: 0x000d, 0x63f: 0x000d,
-	// Block 0x19, offset 0x640
-	0x640: 0x000d, 0x641: 0x000d, 0x642: 0x000d, 0x643: 0x000d, 0x644: 0x000d, 0x645: 0x000d,
-	0x646: 0x000d, 0x647: 0x000d, 0x648: 0x000d, 0x649: 0x000d, 0x64a: 0x000d, 0x64b: 0x000d,
-	0x64c: 0x000d, 0x64d: 0x000d, 0x64e: 0x000d, 0x64f: 0x000d, 0x650: 0x000d, 0x651: 0x000d,
-	0x652: 0x000d, 0x653: 0x000c, 0x654: 0x000c, 0x655: 0x000c, 0x656: 0x000c, 0x657: 0x000c,
-	0x658: 0x000c, 0x659: 0x000c, 0x65a: 0x000c, 0x65b: 0x000c, 0x65c: 0x000c, 0x65d: 0x000c,
-	0x65e: 0x000c, 0x65f: 0x000c, 0x660: 0x000c, 0x661: 0x000c, 0x662: 0x0005, 0x663: 0x000c,
-	0x664: 0x000c, 0x665: 0x000c, 0x666: 0x000c, 0x667: 0x000c, 0x668: 0x000c, 0x669: 0x000c,
-	0x66a: 0x000c, 0x66b: 0x000c, 0x66c: 0x000c, 0x66d: 0x000c, 0x66e: 0x000c, 0x66f: 0x000c,
-	0x670: 0x000c, 0x671: 0x000c, 0x672: 0x000c, 0x673: 0x000c, 0x674: 0x000c, 0x675: 0x000c,
-	0x676: 0x000c, 0x677: 0x000c, 0x678: 0x000c, 0x679: 0x000c, 0x67a: 0x000c, 0x67b: 0x000c,
-	0x67c: 0x000c, 0x67d: 0x000c, 0x67e: 0x000c, 0x67f: 0x000c,
-	// Block 0x1a, offset 0x680
-	0x680: 0x000c, 0x681: 0x000c, 0x682: 0x000c,
-	0x6ba: 0x000c,
-	0x6bc: 0x000c,
-	// Block 0x1b, offset 0x6c0
-	0x6c1: 0x000c, 0x6c2: 0x000c, 0x6c3: 0x000c, 0x6c4: 0x000c, 0x6c5: 0x000c,
-	0x6c6: 0x000c, 0x6c7: 0x000c, 0x6c8: 0x000c,
-	0x6cd: 0x000c, 0x6d1: 0x000c,
-	0x6d2: 0x000c, 0x6d3: 0x000c, 0x6d4: 0x000c, 0x6d5: 0x000c, 0x6d6: 0x000c, 0x6d7: 0x000c,
-	0x6e2: 0x000c, 0x6e3: 0x000c,
-	// Block 0x1c, offset 0x700
-	0x701: 0x000c,
-	0x73c: 0x000c,
-	// Block 0x1d, offset 0x740
-	0x741: 0x000c, 0x742: 0x000c, 0x743: 0x000c, 0x744: 0x000c,
-	0x74d: 0x000c,
-	0x762: 0x000c, 0x763: 0x000c,
-	0x772: 0x0004, 0x773: 0x0004,
-	0x77b: 0x0004,
-	0x77e: 0x000c,
-	// Block 0x1e, offset 0x780
-	0x781: 0x000c, 0x782: 0x000c,
-	0x7bc: 0x000c,
-	// Block 0x1f, offset 0x7c0
-	0x7c1: 0x000c, 0x7c2: 0x000c,
-	0x7c7: 0x000c, 0x7c8: 0x000c, 0x7cb: 0x000c,
-	0x7cc: 0x000c, 0x7cd: 0x000c, 0x7d1: 0x000c,
-	0x7f0: 0x000c, 0x7f1: 0x000c, 0x7f5: 0x000c,
-	// Block 0x20, offset 0x800
-	0x801: 0x000c, 0x802: 0x000c, 0x803: 0x000c, 0x804: 0x000c, 0x805: 0x000c,
-	0x807: 0x000c, 0x808: 0x000c,
-	0x80d: 0x000c,
-	0x822: 0x000c, 0x823: 0x000c,
-	0x831: 0x0004,
-	0x83a: 0x000c, 0x83b: 0x000c,
-	0x83c: 0x000c, 0x83d: 0x000c, 0x83e: 0x000c, 0x83f: 0x000c,
-	// Block 0x21, offset 0x840
-	0x841: 0x000c,
-	0x87c: 0x000c, 0x87f: 0x000c,
-	// Block 0x22, offset 0x880
-	0x881: 0x000c, 0x882: 0x000c, 0x883: 0x000c, 0x884: 0x000c,
-	0x88d: 0x000c,
-	0x896: 0x000c,
-	0x8a2: 0x000c, 0x8a3: 0x000c,
-	// Block 0x23, offset 0x8c0
-	0x8c2: 0x000c,
-	// Block 0x24, offset 0x900
-	0x900: 0x000c,
-	0x90d: 0x000c,
-	0x933: 0x000a, 0x934: 0x000a, 0x935: 0x000a,
-	0x936: 0x000a, 0x937: 0x000a, 0x938: 0x000a, 0x939: 0x0004, 0x93a: 0x000a,
-	// Block 0x25, offset 0x940
-	0x940: 0x000c, 0x944: 0x000c,
-	0x97e: 0x000c, 0x97f: 0x000c,
-	// Block 0x26, offset 0x980
-	0x980: 0x000c,
-	0x986: 0x000c, 0x987: 0x000c, 0x988: 0x000c, 0x98a: 0x000c, 0x98b: 0x000c,
-	0x98c: 0x000c, 0x98d: 0x000c,
-	0x995: 0x000c, 0x996: 0x000c,
-	0x9a2: 0x000c, 0x9a3: 0x000c,
-	0x9b8: 0x000a, 0x9b9: 0x000a, 0x9ba: 0x000a, 0x9bb: 0x000a,
-	0x9bc: 0x000a, 0x9bd: 0x000a, 0x9be: 0x000a,
-	// Block 0x27, offset 0x9c0
-	0x9cc: 0x000c, 0x9cd: 0x000c,
-	0x9e2: 0x000c, 0x9e3: 0x000c,
-	// Block 0x28, offset 0xa00
-	0xa00: 0x000c, 0xa01: 0x000c,
-	0xa3b: 0x000c,
-	0xa3c: 0x000c,
-	// Block 0x29, offset 0xa40
-	0xa41: 0x000c, 0xa42: 0x000c, 0xa43: 0x000c, 0xa44: 0x000c,
-	0xa4d: 0x000c,
-	0xa62: 0x000c, 0xa63: 0x000c,
-	// Block 0x2a, offset 0xa80
-	0xa8a: 0x000c,
-	0xa92: 0x000c, 0xa93: 0x000c, 0xa94: 0x000c, 0xa96: 0x000c,
-	// Block 0x2b, offset 0xac0
-	0xaf1: 0x000c, 0xaf4: 0x000c, 0xaf5: 0x000c,
-	0xaf6: 0x000c, 0xaf7: 0x000c, 0xaf8: 0x000c, 0xaf9: 0x000c, 0xafa: 0x000c,
-	0xaff: 0x0004,
-	// Block 0x2c, offset 0xb00
-	0xb07: 0x000c, 0xb08: 0x000c, 0xb09: 0x000c, 0xb0a: 0x000c, 0xb0b: 0x000c,
-	0xb0c: 0x000c, 0xb0d: 0x000c, 0xb0e: 0x000c,
-	// Block 0x2d, offset 0xb40
-	0xb71: 0x000c, 0xb74: 0x000c, 0xb75: 0x000c,
-	0xb76: 0x000c, 0xb77: 0x000c, 0xb78: 0x000c, 0xb79: 0x000c, 0xb7b: 0x000c,
-	0xb7c: 0x000c,
-	// Block 0x2e, offset 0xb80
-	0xb88: 0x000c, 0xb89: 0x000c, 0xb8a: 0x000c, 0xb8b: 0x000c,
-	0xb8c: 0x000c, 0xb8d: 0x000c,
-	// Block 0x2f, offset 0xbc0
-	0xbd8: 0x000c, 0xbd9: 0x000c,
-	0xbf5: 0x000c,
-	0xbf7: 0x000c, 0xbf9: 0x000c, 0xbfa: 0x003a, 0xbfb: 0x002a,
-	0xbfc: 0x003a, 0xbfd: 0x002a,
-	// Block 0x30, offset 0xc00
-	0xc31: 0x000c, 0xc32: 0x000c, 0xc33: 0x000c, 0xc34: 0x000c, 0xc35: 0x000c,
-	0xc36: 0x000c, 0xc37: 0x000c, 0xc38: 0x000c, 0xc39: 0x000c, 0xc3a: 0x000c, 0xc3b: 0x000c,
-	0xc3c: 0x000c, 0xc3d: 0x000c, 0xc3e: 0x000c,
-	// Block 0x31, offset 0xc40
-	0xc40: 0x000c, 0xc41: 0x000c, 0xc42: 0x000c, 0xc43: 0x000c, 0xc44: 0x000c,
-	0xc46: 0x000c, 0xc47: 0x000c,
-	0xc4d: 0x000c, 0xc4e: 0x000c, 0xc4f: 0x000c, 0xc50: 0x000c, 0xc51: 0x000c,
-	0xc52: 0x000c, 0xc53: 0x000c, 0xc54: 0x000c, 0xc55: 0x000c, 0xc56: 0x000c, 0xc57: 0x000c,
-	0xc59: 0x000c, 0xc5a: 0x000c, 0xc5b: 0x000c, 0xc5c: 0x000c, 0xc5d: 0x000c,
-	0xc5e: 0x000c, 0xc5f: 0x000c, 0xc60: 0x000c, 0xc61: 0x000c, 0xc62: 0x000c, 0xc63: 0x000c,
-	0xc64: 0x000c, 0xc65: 0x000c, 0xc66: 0x000c, 0xc67: 0x000c, 0xc68: 0x000c, 0xc69: 0x000c,
-	0xc6a: 0x000c, 0xc6b: 0x000c, 0xc6c: 0x000c, 0xc6d: 0x000c, 0xc6e: 0x000c, 0xc6f: 0x000c,
-	0xc70: 0x000c, 0xc71: 0x000c, 0xc72: 0x000c, 0xc73: 0x000c, 0xc74: 0x000c, 0xc75: 0x000c,
-	0xc76: 0x000c, 0xc77: 0x000c, 0xc78: 0x000c, 0xc79: 0x000c, 0xc7a: 0x000c, 0xc7b: 0x000c,
-	0xc7c: 0x000c,
-	// Block 0x32, offset 0xc80
-	0xc86: 0x000c,
-	// Block 0x33, offset 0xcc0
-	0xced: 0x000c, 0xcee: 0x000c, 0xcef: 0x000c,
-	0xcf0: 0x000c, 0xcf2: 0x000c, 0xcf3: 0x000c, 0xcf4: 0x000c, 0xcf5: 0x000c,
-	0xcf6: 0x000c, 0xcf7: 0x000c, 0xcf9: 0x000c, 0xcfa: 0x000c,
-	0xcfd: 0x000c, 0xcfe: 0x000c,
-	// Block 0x34, offset 0xd00
-	0xd18: 0x000c, 0xd19: 0x000c,
-	0xd1e: 0x000c, 0xd1f: 0x000c, 0xd20: 0x000c,
-	0xd31: 0x000c, 0xd32: 0x000c, 0xd33: 0x000c, 0xd34: 0x000c,
-	// Block 0x35, offset 0xd40
-	0xd42: 0x000c, 0xd45: 0x000c,
-	0xd46: 0x000c,
-	0xd4d: 0x000c,
-	0xd5d: 0x000c,
-	// Block 0x36, offset 0xd80
-	0xd9d: 0x000c,
-	0xd9e: 0x000c, 0xd9f: 0x000c,
-	// Block 0x37, offset 0xdc0
-	0xdd0: 0x000a, 0xdd1: 0x000a,
-	0xdd2: 0x000a, 0xdd3: 0x000a, 0xdd4: 0x000a, 0xdd5: 0x000a, 0xdd6: 0x000a, 0xdd7: 0x000a,
-	0xdd8: 0x000a, 0xdd9: 0x000a,
-	// Block 0x38, offset 0xe00
-	0xe00: 0x000a,
-	// Block 0x39, offset 0xe40
-	0xe40: 0x0009,
-	0xe5b: 0x007a, 0xe5c: 0x006a,
-	// Block 0x3a, offset 0xe80
-	0xe92: 0x000c, 0xe93: 0x000c, 0xe94: 0x000c,
-	0xeb2: 0x000c, 0xeb3: 0x000c, 0xeb4: 0x000c,
-	// Block 0x3b, offset 0xec0
-	0xed2: 0x000c, 0xed3: 0x000c,
-	0xef2: 0x000c, 0xef3: 0x000c,
-	// Block 0x3c, offset 0xf00
-	0xf34: 0x000c, 0xf35: 0x000c,
-	0xf37: 0x000c, 0xf38: 0x000c, 0xf39: 0x000c, 0xf3a: 0x000c, 0xf3b: 0x000c,
-	0xf3c: 0x000c, 0xf3d: 0x000c,
-	// Block 0x3d, offset 0xf40
-	0xf46: 0x000c, 0xf49: 0x000c, 0xf4a: 0x000c, 0xf4b: 0x000c,
-	0xf4c: 0x000c, 0xf4d: 0x000c, 0xf4e: 0x000c, 0xf4f: 0x000c, 0xf50: 0x000c, 0xf51: 0x000c,
-	0xf52: 0x000c, 0xf53: 0x000c,
-	0xf5b: 0x0004, 0xf5d: 0x000c,
-	0xf70: 0x000a, 0xf71: 0x000a, 0xf72: 0x000a, 0xf73: 0x000a, 0xf74: 0x000a, 0xf75: 0x000a,
-	0xf76: 0x000a, 0xf77: 0x000a, 0xf78: 0x000a, 0xf79: 0x000a,
-	// Block 0x3e, offset 0xf80
-	0xf80: 0x000a, 0xf81: 0x000a, 0xf82: 0x000a, 0xf83: 0x000a, 0xf84: 0x000a, 0xf85: 0x000a,
-	0xf86: 0x000a, 0xf87: 0x000a, 0xf88: 0x000a, 0xf89: 0x000a, 0xf8a: 0x000a, 0xf8b: 0x000c,
-	0xf8c: 0x000c, 0xf8d: 0x000c, 0xf8e: 0x000b,
-	// Block 0x3f, offset 0xfc0
-	0xfc5: 0x000c,
-	0xfc6: 0x000c,
-	0xfe9: 0x000c,
-	// Block 0x40, offset 0x1000
-	0x1020: 0x000c, 0x1021: 0x000c, 0x1022: 0x000c,
-	0x1027: 0x000c, 0x1028: 0x000c,
-	0x1032: 0x000c,
-	0x1039: 0x000c, 0x103a: 0x000c, 0x103b: 0x000c,
-	// Block 0x41, offset 0x1040
-	0x1040: 0x000a, 0x1044: 0x000a, 0x1045: 0x000a,
-	// Block 0x42, offset 0x1080
-	0x109e: 0x000a, 0x109f: 0x000a, 0x10a0: 0x000a, 0x10a1: 0x000a, 0x10a2: 0x000a, 0x10a3: 0x000a,
-	0x10a4: 0x000a, 0x10a5: 0x000a, 0x10a6: 0x000a, 0x10a7: 0x000a, 0x10a8: 0x000a, 0x10a9: 0x000a,
-	0x10aa: 0x000a, 0x10ab: 0x000a, 0x10ac: 0x000a, 0x10ad: 0x000a, 0x10ae: 0x000a, 0x10af: 0x000a,
-	0x10b0: 0x000a, 0x10b1: 0x000a, 0x10b2: 0x000a, 0x10b3: 0x000a, 0x10b4: 0x000a, 0x10b5: 0x000a,
-	0x10b6: 0x000a, 0x10b7: 0x000a, 0x10b8: 0x000a, 0x10b9: 0x000a, 0x10ba: 0x000a, 0x10bb: 0x000a,
-	0x10bc: 0x000a, 0x10bd: 0x000a, 0x10be: 0x000a, 0x10bf: 0x000a,
-	// Block 0x43, offset 0x10c0
-	0x10d7: 0x000c,
-	0x10d8: 0x000c, 0x10db: 0x000c,
-	// Block 0x44, offset 0x1100
-	0x1116: 0x000c,
-	0x1118: 0x000c, 0x1119: 0x000c, 0x111a: 0x000c, 0x111b: 0x000c, 0x111c: 0x000c, 0x111d: 0x000c,
-	0x111e: 0x000c, 0x1120: 0x000c, 0x1122: 0x000c,
-	0x1125: 0x000c, 0x1126: 0x000c, 0x1127: 0x000c, 0x1128: 0x000c, 0x1129: 0x000c,
-	0x112a: 0x000c, 0x112b: 0x000c, 0x112c: 0x000c,
-	0x1133: 0x000c, 0x1134: 0x000c, 0x1135: 0x000c,
-	0x1136: 0x000c, 0x1137: 0x000c, 0x1138: 0x000c, 0x1139: 0x000c, 0x113a: 0x000c, 0x113b: 0x000c,
-	0x113c: 0x000c, 0x113f: 0x000c,
-	// Block 0x45, offset 0x1140
-	0x1170: 0x000c, 0x1171: 0x000c, 0x1172: 0x000c, 0x1173: 0x000c, 0x1174: 0x000c, 0x1175: 0x000c,
-	0x1176: 0x000c, 0x1177: 0x000c, 0x1178: 0x000c, 0x1179: 0x000c, 0x117a: 0x000c, 0x117b: 0x000c,
-	0x117c: 0x000c, 0x117d: 0x000c, 0x117e: 0x000c,
-	// Block 0x46, offset 0x1180
-	0x1180: 0x000c, 0x1181: 0x000c, 0x1182: 0x000c, 0x1183: 0x000c,
-	0x11b4: 0x000c,
-	0x11b6: 0x000c, 0x11b7: 0x000c, 0x11b8: 0x000c, 0x11b9: 0x000c, 0x11ba: 0x000c,
-	0x11bc: 0x000c,
-	// Block 0x47, offset 0x11c0
-	0x11c2: 0x000c,
-	0x11eb: 0x000c, 0x11ec: 0x000c, 0x11ed: 0x000c, 0x11ee: 0x000c, 0x11ef: 0x000c,
-	0x11f0: 0x000c, 0x11f1: 0x000c, 0x11f2: 0x000c, 0x11f3: 0x000c,
-	// Block 0x48, offset 0x1200
-	0x1200: 0x000c, 0x1201: 0x000c,
-	0x1222: 0x000c, 0x1223: 0x000c,
-	0x1224: 0x000c, 0x1225: 0x000c, 0x1228: 0x000c, 0x1229: 0x000c,
-	0x122b: 0x000c, 0x122c: 0x000c, 0x122d: 0x000c,
-	// Block 0x49, offset 0x1240
-	0x1266: 0x000c, 0x1268: 0x000c, 0x1269: 0x000c,
-	0x126d: 0x000c, 0x126f: 0x000c,
-	0x1270: 0x000c, 0x1271: 0x000c,
-	// Block 0x4a, offset 0x1280
-	0x12ac: 0x000c, 0x12ad: 0x000c, 0x12ae: 0x000c, 0x12af: 0x000c,
-	0x12b0: 0x000c, 0x12b1: 0x000c, 0x12b2: 0x000c, 0x12b3: 0x000c,
-	0x12b6: 0x000c, 0x12b7: 0x000c,
-	// Block 0x4b, offset 0x12c0
-	0x12d0: 0x000c, 0x12d1: 0x000c,
-	0x12d2: 0x000c, 0x12d4: 0x000c, 0x12d5: 0x000c, 0x12d6: 0x000c, 0x12d7: 0x000c,
-	0x12d8: 0x000c, 0x12d9: 0x000c, 0x12da: 0x000c, 0x12db: 0x000c, 0x12dc: 0x000c, 0x12dd: 0x000c,
-	0x12de: 0x000c, 0x12df: 0x000c, 0x12e0: 0x000c, 0x12e2: 0x000c, 0x12e3: 0x000c,
-	0x12e4: 0x000c, 0x12e5: 0x000c, 0x12e6: 0x000c, 0x12e7: 0x000c, 0x12e8: 0x000c,
-	0x12ed: 0x000c,
-	0x12f4: 0x000c,
-	0x12f8: 0x000c, 0x12f9: 0x000c,
-	// Block 0x4c, offset 0x1300
-	0x1300: 0x000c, 0x1301: 0x000c, 0x1302: 0x000c, 0x1303: 0x000c, 0x1304: 0x000c, 0x1305: 0x000c,
-	0x1306: 0x000c, 0x1307: 0x000c, 0x1308: 0x000c, 0x1309: 0x000c, 0x130a: 0x000c, 0x130b: 0x000c,
-	0x130c: 0x000c, 0x130d: 0x000c, 0x130e: 0x000c, 0x130f: 0x000c, 0x1310: 0x000c, 0x1311: 0x000c,
-	0x1312: 0x000c, 0x1313: 0x000c, 0x1314: 0x000c, 0x1315: 0x000c, 0x1316: 0x000c, 0x1317: 0x000c,
-	0x1318: 0x000c, 0x1319: 0x000c, 0x131a: 0x000c, 0x131b: 0x000c, 0x131c: 0x000c, 0x131d: 0x000c,
-	0x131e: 0x000c, 0x131f: 0x000c, 0x1320: 0x000c, 0x1321: 0x000c, 0x1322: 0x000c, 0x1323: 0x000c,
-	0x1324: 0x000c, 0x1325: 0x000c, 0x1326: 0x000c, 0x1327: 0x000c, 0x1328: 0x000c, 0x1329: 0x000c,
-	0x132a: 0x000c, 0x132b: 0x000c, 0x132c: 0x000c, 0x132d: 0x000c, 0x132e: 0x000c, 0x132f: 0x000c,
-	0x1330: 0x000c, 0x1331: 0x000c, 0x1332: 0x000c, 0x1333: 0x000c, 0x1334: 0x000c, 0x1335: 0x000c,
-	0x1336: 0x000c, 0x1337: 0x000c, 0x1338: 0x000c, 0x1339: 0x000c, 0x133b: 0x000c,
-	0x133c: 0x000c, 0x133d: 0x000c, 0x133e: 0x000c, 0x133f: 0x000c,
-	// Block 0x4d, offset 0x1340
-	0x137d: 0x000a, 0x137f: 0x000a,
-	// Block 0x4e, offset 0x1380
-	0x1380: 0x000a, 0x1381: 0x000a,
-	0x138d: 0x000a, 0x138e: 0x000a, 0x138f: 0x000a,
-	0x139d: 0x000a,
-	0x139e: 0x000a, 0x139f: 0x000a,
-	0x13ad: 0x000a, 0x13ae: 0x000a, 0x13af: 0x000a,
-	0x13bd: 0x000a, 0x13be: 0x000a,
-	// Block 0x4f, offset 0x13c0
-	0x13c0: 0x0009, 0x13c1: 0x0009, 0x13c2: 0x0009, 0x13c3: 0x0009, 0x13c4: 0x0009, 0x13c5: 0x0009,
-	0x13c6: 0x0009, 0x13c7: 0x0009, 0x13c8: 0x0009, 0x13c9: 0x0009, 0x13ca: 0x0009, 0x13cb: 0x000b,
-	0x13cc: 0x000b, 0x13cd: 0x000b, 0x13cf: 0x0001, 0x13d0: 0x000a, 0x13d1: 0x000a,
-	0x13d2: 0x000a, 0x13d3: 0x000a, 0x13d4: 0x000a, 0x13d5: 0x000a, 0x13d6: 0x000a, 0x13d7: 0x000a,
-	0x13d8: 0x000a, 0x13d9: 0x000a, 0x13da: 0x000a, 0x13db: 0x000a, 0x13dc: 0x000a, 0x13dd: 0x000a,
-	0x13de: 0x000a, 0x13df: 0x000a, 0x13e0: 0x000a, 0x13e1: 0x000a, 0x13e2: 0x000a, 0x13e3: 0x000a,
-	0x13e4: 0x000a, 0x13e5: 0x000a, 0x13e6: 0x000a, 0x13e7: 0x000a, 0x13e8: 0x0009, 0x13e9: 0x0007,
-	0x13ea: 0x000e, 0x13eb: 0x000e, 0x13ec: 0x000e, 0x13ed: 0x000e, 0x13ee: 0x000e, 0x13ef: 0x0006,
-	0x13f0: 0x0004, 0x13f1: 0x0004, 0x13f2: 0x0004, 0x13f3: 0x0004, 0x13f4: 0x0004, 0x13f5: 0x000a,
-	0x13f6: 0x000a, 0x13f7: 0x000a, 0x13f8: 0x000a, 0x13f9: 0x000a, 0x13fa: 0x000a, 0x13fb: 0x000a,
-	0x13fc: 0x000a, 0x13fd: 0x000a, 0x13fe: 0x000a, 0x13ff: 0x000a,
-	// Block 0x50, offset 0x1400
-	0x1400: 0x000a, 0x1401: 0x000a, 0x1402: 0x000a, 0x1403: 0x000a, 0x1404: 0x0006, 0x1405: 0x009a,
-	0x1406: 0x008a, 0x1407: 0x000a, 0x1408: 0x000a, 0x1409: 0x000a, 0x140a: 0x000a, 0x140b: 0x000a,
-	0x140c: 0x000a, 0x140d: 0x000a, 0x140e: 0x000a, 0x140f: 0x000a, 0x1410: 0x000a, 0x1411: 0x000a,
-	0x1412: 0x000a, 0x1413: 0x000a, 0x1414: 0x000a, 0x1415: 0x000a, 0x1416: 0x000a, 0x1417: 0x000a,
-	0x1418: 0x000a, 0x1419: 0x000a, 0x141a: 0x000a, 0x141b: 0x000a, 0x141c: 0x000a, 0x141d: 0x000a,
-	0x141e: 0x000a, 0x141f: 0x0009, 0x1420: 0x000b, 0x1421: 0x000b, 0x1422: 0x000b, 0x1423: 0x000b,
-	0x1424: 0x000b, 0x1425: 0x000b, 0x1426: 0x000e, 0x1427: 0x000e, 0x1428: 0x000e, 0x1429: 0x000e,
-	0x142a: 0x000b, 0x142b: 0x000b, 0x142c: 0x000b, 0x142d: 0x000b, 0x142e: 0x000b, 0x142f: 0x000b,
-	0x1430: 0x0002, 0x1434: 0x0002, 0x1435: 0x0002,
-	0x1436: 0x0002, 0x1437: 0x0002, 0x1438: 0x0002, 0x1439: 0x0002, 0x143a: 0x0003, 0x143b: 0x0003,
-	0x143c: 0x000a, 0x143d: 0x009a, 0x143e: 0x008a,
-	// Block 0x51, offset 0x1440
-	0x1440: 0x0002, 0x1441: 0x0002, 0x1442: 0x0002, 0x1443: 0x0002, 0x1444: 0x0002, 0x1445: 0x0002,
-	0x1446: 0x0002, 0x1447: 0x0002, 0x1448: 0x0002, 0x1449: 0x0002, 0x144a: 0x0003, 0x144b: 0x0003,
-	0x144c: 0x000a, 0x144d: 0x009a, 0x144e: 0x008a,
-	0x1460: 0x0004, 0x1461: 0x0004, 0x1462: 0x0004, 0x1463: 0x0004,
-	0x1464: 0x0004, 0x1465: 0x0004, 0x1466: 0x0004, 0x1467: 0x0004, 0x1468: 0x0004, 0x1469: 0x0004,
-	0x146a: 0x0004, 0x146b: 0x0004, 0x146c: 0x0004, 0x146d: 0x0004, 0x146e: 0x0004, 0x146f: 0x0004,
-	0x1470: 0x0004, 0x1471: 0x0004, 0x1472: 0x0004, 0x1473: 0x0004, 0x1474: 0x0004, 0x1475: 0x0004,
-	0x1476: 0x0004, 0x1477: 0x0004, 0x1478: 0x0004, 0x1479: 0x0004, 0x147a: 0x0004, 0x147b: 0x0004,
-	0x147c: 0x0004, 0x147d: 0x0004, 0x147e: 0x0004, 0x147f: 0x0004,
-	// Block 0x52, offset 0x1480
-	0x1480: 0x0004, 0x1481: 0x0004, 0x1482: 0x0004, 0x1483: 0x0004, 0x1484: 0x0004, 0x1485: 0x0004,
-	0x1486: 0x0004, 0x1487: 0x0004, 0x1488: 0x0004, 0x1489: 0x0004, 0x148a: 0x0004, 0x148b: 0x0004,
-	0x148c: 0x0004, 0x148d: 0x0004, 0x148e: 0x0004, 0x148f: 0x0004, 0x1490: 0x000c, 0x1491: 0x000c,
-	0x1492: 0x000c, 0x1493: 0x000c, 0x1494: 0x000c, 0x1495: 0x000c, 0x1496: 0x000c, 0x1497: 0x000c,
-	0x1498: 0x000c, 0x1499: 0x000c, 0x149a: 0x000c, 0x149b: 0x000c, 0x149c: 0x000c, 0x149d: 0x000c,
-	0x149e: 0x000c, 0x149f: 0x000c, 0x14a0: 0x000c, 0x14a1: 0x000c, 0x14a2: 0x000c, 0x14a3: 0x000c,
-	0x14a4: 0x000c, 0x14a5: 0x000c, 0x14a6: 0x000c, 0x14a7: 0x000c, 0x14a8: 0x000c, 0x14a9: 0x000c,
-	0x14aa: 0x000c, 0x14ab: 0x000c, 0x14ac: 0x000c, 0x14ad: 0x000c, 0x14ae: 0x000c, 0x14af: 0x000c,
-	0x14b0: 0x000c,
-	// Block 0x53, offset 0x14c0
-	0x14c0: 0x000a, 0x14c1: 0x000a, 0x14c3: 0x000a, 0x14c4: 0x000a, 0x14c5: 0x000a,
-	0x14c6: 0x000a, 0x14c8: 0x000a, 0x14c9: 0x000a,
-	0x14d4: 0x000a, 0x14d6: 0x000a, 0x14d7: 0x000a,
-	0x14d8: 0x000a,
-	0x14de: 0x000a, 0x14df: 0x000a, 0x14e0: 0x000a, 0x14e1: 0x000a, 0x14e2: 0x000a, 0x14e3: 0x000a,
-	0x14e5: 0x000a, 0x14e7: 0x000a, 0x14e9: 0x000a,
-	0x14ee: 0x0004,
-	0x14fa: 0x000a, 0x14fb: 0x000a,
-	// Block 0x54, offset 0x1500
-	0x1500: 0x000a, 0x1501: 0x000a, 0x1502: 0x000a, 0x1503: 0x000a, 0x1504: 0x000a,
-	0x150a: 0x000a, 0x150b: 0x000a,
-	0x150c: 0x000a, 0x150d: 0x000a, 0x1510: 0x000a, 0x1511: 0x000a,
-	0x1512: 0x000a, 0x1513: 0x000a, 0x1514: 0x000a, 0x1515: 0x000a, 0x1516: 0x000a, 0x1517: 0x000a,
-	0x1518: 0x000a, 0x1519: 0x000a, 0x151a: 0x000a, 0x151b: 0x000a, 0x151c: 0x000a, 0x151d: 0x000a,
-	0x151e: 0x000a, 0x151f: 0x000a,
-	// Block 0x55, offset 0x1540
-	0x1549: 0x000a, 0x154a: 0x000a, 0x154b: 0x000a,
-	0x1550: 0x000a, 0x1551: 0x000a,
-	0x1552: 0x000a, 0x1553: 0x000a, 0x1554: 0x000a, 0x1555: 0x000a, 0x1556: 0x000a, 0x1557: 0x000a,
-	0x1558: 0x000a, 0x1559: 0x000a, 0x155a: 0x000a, 0x155b: 0x000a, 0x155c: 0x000a, 0x155d: 0x000a,
-	0x155e: 0x000a, 0x155f: 0x000a, 0x1560: 0x000a, 0x1561: 0x000a, 0x1562: 0x000a, 0x1563: 0x000a,
-	0x1564: 0x000a, 0x1565: 0x000a, 0x1566: 0x000a, 0x1567: 0x000a, 0x1568: 0x000a, 0x1569: 0x000a,
-	0x156a: 0x000a, 0x156b: 0x000a, 0x156c: 0x000a, 0x156d: 0x000a, 0x156e: 0x000a, 0x156f: 0x000a,
-	0x1570: 0x000a, 0x1571: 0x000a, 0x1572: 0x000a, 0x1573: 0x000a, 0x1574: 0x000a, 0x1575: 0x000a,
-	0x1576: 0x000a, 0x1577: 0x000a, 0x1578: 0x000a, 0x1579: 0x000a, 0x157a: 0x000a, 0x157b: 0x000a,
-	0x157c: 0x000a, 0x157d: 0x000a, 0x157e: 0x000a, 0x157f: 0x000a,
-	// Block 0x56, offset 0x1580
-	0x1580: 0x000a, 0x1581: 0x000a, 0x1582: 0x000a, 0x1583: 0x000a, 0x1584: 0x000a, 0x1585: 0x000a,
-	0x1586: 0x000a, 0x1587: 0x000a, 0x1588: 0x000a, 0x1589: 0x000a, 0x158a: 0x000a, 0x158b: 0x000a,
-	0x158c: 0x000a, 0x158d: 0x000a, 0x158e: 0x000a, 0x158f: 0x000a, 0x1590: 0x000a, 0x1591: 0x000a,
-	0x1592: 0x000a, 0x1593: 0x000a, 0x1594: 0x000a, 0x1595: 0x000a, 0x1596: 0x000a, 0x1597: 0x000a,
-	0x1598: 0x000a, 0x1599: 0x000a, 0x159a: 0x000a, 0x159b: 0x000a, 0x159c: 0x000a, 0x159d: 0x000a,
-	0x159e: 0x000a, 0x159f: 0x000a, 0x15a0: 0x000a, 0x15a1: 0x000a, 0x15a2: 0x000a, 0x15a3: 0x000a,
-	0x15a4: 0x000a, 0x15a5: 0x000a, 0x15a6: 0x000a, 0x15a7: 0x000a, 0x15a8: 0x000a, 0x15a9: 0x000a,
-	0x15aa: 0x000a, 0x15ab: 0x000a, 0x15ac: 0x000a, 0x15ad: 0x000a, 0x15ae: 0x000a, 0x15af: 0x000a,
-	0x15b0: 0x000a, 0x15b1: 0x000a, 0x15b2: 0x000a, 0x15b3: 0x000a, 0x15b4: 0x000a, 0x15b5: 0x000a,
-	0x15b6: 0x000a, 0x15b7: 0x000a, 0x15b8: 0x000a, 0x15b9: 0x000a, 0x15ba: 0x000a, 0x15bb: 0x000a,
-	0x15bc: 0x000a, 0x15bd: 0x000a, 0x15be: 0x000a, 0x15bf: 0x000a,
-	// Block 0x57, offset 0x15c0
-	0x15c0: 0x000a, 0x15c1: 0x000a, 0x15c2: 0x000a, 0x15c3: 0x000a, 0x15c4: 0x000a, 0x15c5: 0x000a,
-	0x15c6: 0x000a, 0x15c7: 0x000a, 0x15c8: 0x000a, 0x15c9: 0x000a, 0x15ca: 0x000a, 0x15cb: 0x000a,
-	0x15cc: 0x000a, 0x15cd: 0x000a, 0x15ce: 0x000a, 0x15cf: 0x000a, 0x15d0: 0x000a, 0x15d1: 0x000a,
-	0x15d2: 0x0003, 0x15d3: 0x0004, 0x15d4: 0x000a, 0x15d5: 0x000a, 0x15d6: 0x000a, 0x15d7: 0x000a,
-	0x15d8: 0x000a, 0x15d9: 0x000a, 0x15da: 0x000a, 0x15db: 0x000a, 0x15dc: 0x000a, 0x15dd: 0x000a,
-	0x15de: 0x000a, 0x15df: 0x000a, 0x15e0: 0x000a, 0x15e1: 0x000a, 0x15e2: 0x000a, 0x15e3: 0x000a,
-	0x15e4: 0x000a, 0x15e5: 0x000a, 0x15e6: 0x000a, 0x15e7: 0x000a, 0x15e8: 0x000a, 0x15e9: 0x000a,
-	0x15ea: 0x000a, 0x15eb: 0x000a, 0x15ec: 0x000a, 0x15ed: 0x000a, 0x15ee: 0x000a, 0x15ef: 0x000a,
-	0x15f0: 0x000a, 0x15f1: 0x000a, 0x15f2: 0x000a, 0x15f3: 0x000a, 0x15f4: 0x000a, 0x15f5: 0x000a,
-	0x15f6: 0x000a, 0x15f7: 0x000a, 0x15f8: 0x000a, 0x15f9: 0x000a, 0x15fa: 0x000a, 0x15fb: 0x000a,
-	0x15fc: 0x000a, 0x15fd: 0x000a, 0x15fe: 0x000a, 0x15ff: 0x000a,
-	// Block 0x58, offset 0x1600
-	0x1600: 0x000a, 0x1601: 0x000a, 0x1602: 0x000a, 0x1603: 0x000a, 0x1604: 0x000a, 0x1605: 0x000a,
-	0x1606: 0x000a, 0x1607: 0x000a, 0x1608: 0x003a, 0x1609: 0x002a, 0x160a: 0x003a, 0x160b: 0x002a,
-	0x160c: 0x000a, 0x160d: 0x000a, 0x160e: 0x000a, 0x160f: 0x000a, 0x1610: 0x000a, 0x1611: 0x000a,
-	0x1612: 0x000a, 0x1613: 0x000a, 0x1614: 0x000a, 0x1615: 0x000a, 0x1616: 0x000a, 0x1617: 0x000a,
-	0x1618: 0x000a, 0x1619: 0x000a, 0x161a: 0x000a, 0x161b: 0x000a, 0x161c: 0x000a, 0x161d: 0x000a,
-	0x161e: 0x000a, 0x161f: 0x000a, 0x1620: 0x000a, 0x1621: 0x000a, 0x1622: 0x000a, 0x1623: 0x000a,
-	0x1624: 0x000a, 0x1625: 0x000a, 0x1626: 0x000a, 0x1627: 0x000a, 0x1628: 0x000a, 0x1629: 0x009a,
-	0x162a: 0x008a, 0x162b: 0x000a, 0x162c: 0x000a, 0x162d: 0x000a, 0x162e: 0x000a, 0x162f: 0x000a,
-	0x1630: 0x000a, 0x1631: 0x000a, 0x1632: 0x000a, 0x1633: 0x000a, 0x1634: 0x000a, 0x1635: 0x000a,
-	// Block 0x59, offset 0x1640
-	0x167b: 0x000a,
-	0x167c: 0x000a, 0x167d: 0x000a, 0x167e: 0x000a, 0x167f: 0x000a,
-	// Block 0x5a, offset 0x1680
-	0x1680: 0x000a, 0x1681: 0x000a, 0x1682: 0x000a, 0x1683: 0x000a, 0x1684: 0x000a, 0x1685: 0x000a,
-	0x1686: 0x000a, 0x1687: 0x000a, 0x1688: 0x000a, 0x1689: 0x000a, 0x168a: 0x000a, 0x168b: 0x000a,
-	0x168c: 0x000a, 0x168d: 0x000a, 0x168e: 0x000a, 0x168f: 0x000a, 0x1690: 0x000a, 0x1691: 0x000a,
-	0x1692: 0x000a, 0x1693: 0x000a, 0x1694: 0x000a, 0x1696: 0x000a, 0x1697: 0x000a,
-	0x1698: 0x000a, 0x1699: 0x000a, 0x169a: 0x000a, 0x169b: 0x000a, 0x169c: 0x000a, 0x169d: 0x000a,
-	0x169e: 0x000a, 0x169f: 0x000a, 0x16a0: 0x000a, 0x16a1: 0x000a, 0x16a2: 0x000a, 0x16a3: 0x000a,
-	0x16a4: 0x000a, 0x16a5: 0x000a, 0x16a6: 0x000a, 0x16a7: 0x000a, 0x16a8: 0x000a, 0x16a9: 0x000a,
-	0x16aa: 0x000a, 0x16ab: 0x000a, 0x16ac: 0x000a, 0x16ad: 0x000a, 0x16ae: 0x000a, 0x16af: 0x000a,
-	0x16b0: 0x000a, 0x16b1: 0x000a, 0x16b2: 0x000a, 0x16b3: 0x000a, 0x16b4: 0x000a, 0x16b5: 0x000a,
-	0x16b6: 0x000a, 0x16b7: 0x000a, 0x16b8: 0x000a, 0x16b9: 0x000a, 0x16ba: 0x000a, 0x16bb: 0x000a,
-	0x16bc: 0x000a, 0x16bd: 0x000a, 0x16be: 0x000a, 0x16bf: 0x000a,
-	// Block 0x5b, offset 0x16c0
-	0x16c0: 0x000a, 0x16c1: 0x000a, 0x16c2: 0x000a, 0x16c3: 0x000a, 0x16c4: 0x000a, 0x16c5: 0x000a,
-	0x16c6: 0x000a, 0x16c7: 0x000a, 0x16c8: 0x000a, 0x16c9: 0x000a, 0x16ca: 0x000a, 0x16cb: 0x000a,
-	0x16cc: 0x000a, 0x16cd: 0x000a, 0x16ce: 0x000a, 0x16cf: 0x000a, 0x16d0: 0x000a, 0x16d1: 0x000a,
-	0x16d2: 0x000a, 0x16d3: 0x000a, 0x16d4: 0x000a, 0x16d5: 0x000a, 0x16d6: 0x000a, 0x16d7: 0x000a,
-	0x16d8: 0x000a, 0x16d9: 0x000a, 0x16da: 0x000a, 0x16db: 0x000a, 0x16dc: 0x000a, 0x16dd: 0x000a,
-	0x16de: 0x000a, 0x16df: 0x000a, 0x16e0: 0x000a, 0x16e1: 0x000a, 0x16e2: 0x000a, 0x16e3: 0x000a,
-	0x16e4: 0x000a, 0x16e5: 0x000a, 0x16e6: 0x000a,
-	// Block 0x5c, offset 0x1700
-	0x1700: 0x000a, 0x1701: 0x000a, 0x1702: 0x000a, 0x1703: 0x000a, 0x1704: 0x000a, 0x1705: 0x000a,
-	0x1706: 0x000a, 0x1707: 0x000a, 0x1708: 0x000a, 0x1709: 0x000a, 0x170a: 0x000a,
-	0x1720: 0x000a, 0x1721: 0x000a, 0x1722: 0x000a, 0x1723: 0x000a,
-	0x1724: 0x000a, 0x1725: 0x000a, 0x1726: 0x000a, 0x1727: 0x000a, 0x1728: 0x000a, 0x1729: 0x000a,
-	0x172a: 0x000a, 0x172b: 0x000a, 0x172c: 0x000a, 0x172d: 0x000a, 0x172e: 0x000a, 0x172f: 0x000a,
-	0x1730: 0x000a, 0x1731: 0x000a, 0x1732: 0x000a, 0x1733: 0x000a, 0x1734: 0x000a, 0x1735: 0x000a,
-	0x1736: 0x000a, 0x1737: 0x000a, 0x1738: 0x000a, 0x1739: 0x000a, 0x173a: 0x000a, 0x173b: 0x000a,
-	0x173c: 0x000a, 0x173d: 0x000a, 0x173e: 0x000a, 0x173f: 0x000a,
-	// Block 0x5d, offset 0x1740
-	0x1740: 0x000a, 0x1741: 0x000a, 0x1742: 0x000a, 0x1743: 0x000a, 0x1744: 0x000a, 0x1745: 0x000a,
-	0x1746: 0x000a, 0x1747: 0x000a, 0x1748: 0x0002, 0x1749: 0x0002, 0x174a: 0x0002, 0x174b: 0x0002,
-	0x174c: 0x0002, 0x174d: 0x0002, 0x174e: 0x0002, 0x174f: 0x0002, 0x1750: 0x0002, 0x1751: 0x0002,
-	0x1752: 0x0002, 0x1753: 0x0002, 0x1754: 0x0002, 0x1755: 0x0002, 0x1756: 0x0002, 0x1757: 0x0002,
-	0x1758: 0x0002, 0x1759: 0x0002, 0x175a: 0x0002, 0x175b: 0x0002,
-	// Block 0x5e, offset 0x1780
-	0x17aa: 0x000a, 0x17ab: 0x000a, 0x17ac: 0x000a, 0x17ad: 0x000a, 0x17ae: 0x000a, 0x17af: 0x000a,
-	0x17b0: 0x000a, 0x17b1: 0x000a, 0x17b2: 0x000a, 0x17b3: 0x000a, 0x17b4: 0x000a, 0x17b5: 0x000a,
-	0x17b6: 0x000a, 0x17b7: 0x000a, 0x17b8: 0x000a, 0x17b9: 0x000a, 0x17ba: 0x000a, 0x17bb: 0x000a,
-	0x17bc: 0x000a, 0x17bd: 0x000a, 0x17be: 0x000a, 0x17bf: 0x000a,
-	// Block 0x5f, offset 0x17c0
-	0x17c0: 0x000a, 0x17c1: 0x000a, 0x17c2: 0x000a, 0x17c3: 0x000a, 0x17c4: 0x000a, 0x17c5: 0x000a,
-	0x17c6: 0x000a, 0x17c7: 0x000a, 0x17c8: 0x000a, 0x17c9: 0x000a, 0x17ca: 0x000a, 0x17cb: 0x000a,
-	0x17cc: 0x000a, 0x17cd: 0x000a, 0x17ce: 0x000a, 0x17cf: 0x000a, 0x17d0: 0x000a, 0x17d1: 0x000a,
-	0x17d2: 0x000a, 0x17d3: 0x000a, 0x17d4: 0x000a, 0x17d5: 0x000a, 0x17d6: 0x000a, 0x17d7: 0x000a,
-	0x17d8: 0x000a, 0x17d9: 0x000a, 0x17da: 0x000a, 0x17db: 0x000a, 0x17dc: 0x000a, 0x17dd: 0x000a,
-	0x17de: 0x000a, 0x17df: 0x000a, 0x17e0: 0x000a, 0x17e1: 0x000a, 0x17e2: 0x000a, 0x17e3: 0x000a,
-	0x17e4: 0x000a, 0x17e5: 0x000a, 0x17e6: 0x000a, 0x17e7: 0x000a, 0x17e8: 0x000a, 0x17e9: 0x000a,
-	0x17ea: 0x000a, 0x17eb: 0x000a, 0x17ed: 0x000a, 0x17ee: 0x000a, 0x17ef: 0x000a,
-	0x17f0: 0x000a, 0x17f1: 0x000a, 0x17f2: 0x000a, 0x17f3: 0x000a, 0x17f4: 0x000a, 0x17f5: 0x000a,
-	0x17f6: 0x000a, 0x17f7: 0x000a, 0x17f8: 0x000a, 0x17f9: 0x000a, 0x17fa: 0x000a, 0x17fb: 0x000a,
-	0x17fc: 0x000a, 0x17fd: 0x000a, 0x17fe: 0x000a, 0x17ff: 0x000a,
-	// Block 0x60, offset 0x1800
-	0x1800: 0x000a, 0x1801: 0x000a, 0x1802: 0x000a, 0x1803: 0x000a, 0x1804: 0x000a, 0x1805: 0x000a,
-	0x1806: 0x000a, 0x1807: 0x000a, 0x1808: 0x000a, 0x1809: 0x000a, 0x180a: 0x000a, 0x180b: 0x000a,
-	0x180c: 0x000a, 0x180d: 0x000a, 0x180e: 0x000a, 0x180f: 0x000a, 0x1810: 0x000a, 0x1811: 0x000a,
-	0x1812: 0x000a, 0x1813: 0x000a, 0x1814: 0x000a, 0x1815: 0x000a, 0x1816: 0x000a, 0x1817: 0x000a,
-	0x1818: 0x000a, 0x1819: 0x000a, 0x181a: 0x000a, 0x181b: 0x000a, 0x181c: 0x000a, 0x181d: 0x000a,
-	0x181e: 0x000a, 0x181f: 0x000a, 0x1820: 0x000a, 0x1821: 0x000a, 0x1822: 0x000a, 0x1823: 0x000a,
-	0x1824: 0x000a, 0x1825: 0x000a, 0x1826: 0x000a, 0x1827: 0x000a, 0x1828: 0x003a, 0x1829: 0x002a,
-	0x182a: 0x003a, 0x182b: 0x002a, 0x182c: 0x003a, 0x182d: 0x002a, 0x182e: 0x003a, 0x182f: 0x002a,
-	0x1830: 0x003a, 0x1831: 0x002a, 0x1832: 0x003a, 0x1833: 0x002a, 0x1834: 0x003a, 0x1835: 0x002a,
-	0x1836: 0x000a, 0x1837: 0x000a, 0x1838: 0x000a, 0x1839: 0x000a, 0x183a: 0x000a, 0x183b: 0x000a,
-	0x183c: 0x000a, 0x183d: 0x000a, 0x183e: 0x000a, 0x183f: 0x000a,
-	// Block 0x61, offset 0x1840
-	0x1840: 0x000a, 0x1841: 0x000a, 0x1842: 0x000a, 0x1843: 0x000a, 0x1844: 0x000a, 0x1845: 0x009a,
-	0x1846: 0x008a, 0x1847: 0x000a, 0x1848: 0x000a, 0x1849: 0x000a, 0x184a: 0x000a, 0x184b: 0x000a,
-	0x184c: 0x000a, 0x184d: 0x000a, 0x184e: 0x000a, 0x184f: 0x000a, 0x1850: 0x000a, 0x1851: 0x000a,
-	0x1852: 0x000a, 0x1853: 0x000a, 0x1854: 0x000a, 0x1855: 0x000a, 0x1856: 0x000a, 0x1857: 0x000a,
-	0x1858: 0x000a, 0x1859: 0x000a, 0x185a: 0x000a, 0x185b: 0x000a, 0x185c: 0x000a, 0x185d: 0x000a,
-	0x185e: 0x000a, 0x185f: 0x000a, 0x1860: 0x000a, 0x1861: 0x000a, 0x1862: 0x000a, 0x1863: 0x000a,
-	0x1864: 0x000a, 0x1865: 0x000a, 0x1866: 0x003a, 0x1867: 0x002a, 0x1868: 0x003a, 0x1869: 0x002a,
-	0x186a: 0x003a, 0x186b: 0x002a, 0x186c: 0x003a, 0x186d: 0x002a, 0x186e: 0x003a, 0x186f: 0x002a,
-	0x1870: 0x000a, 0x1871: 0x000a, 0x1872: 0x000a, 0x1873: 0x000a, 0x1874: 0x000a, 0x1875: 0x000a,
-	0x1876: 0x000a, 0x1877: 0x000a, 0x1878: 0x000a, 0x1879: 0x000a, 0x187a: 0x000a, 0x187b: 0x000a,
-	0x187c: 0x000a, 0x187d: 0x000a, 0x187e: 0x000a, 0x187f: 0x000a,
-	// Block 0x62, offset 0x1880
-	0x1880: 0x000a, 0x1881: 0x000a, 0x1882: 0x000a, 0x1883: 0x007a, 0x1884: 0x006a, 0x1885: 0x009a,
-	0x1886: 0x008a, 0x1887: 0x00ba, 0x1888: 0x00aa, 0x1889: 0x009a, 0x188a: 0x008a, 0x188b: 0x007a,
-	0x188c: 0x006a, 0x188d: 0x00da, 0x188e: 0x002a, 0x188f: 0x003a, 0x1890: 0x00ca, 0x1891: 0x009a,
-	0x1892: 0x008a, 0x1893: 0x007a, 0x1894: 0x006a, 0x1895: 0x009a, 0x1896: 0x008a, 0x1897: 0x00ba,
-	0x1898: 0x00aa, 0x1899: 0x000a, 0x189a: 0x000a, 0x189b: 0x000a, 0x189c: 0x000a, 0x189d: 0x000a,
-	0x189e: 0x000a, 0x189f: 0x000a, 0x18a0: 0x000a, 0x18a1: 0x000a, 0x18a2: 0x000a, 0x18a3: 0x000a,
-	0x18a4: 0x000a, 0x18a5: 0x000a, 0x18a6: 0x000a, 0x18a7: 0x000a, 0x18a8: 0x000a, 0x18a9: 0x000a,
-	0x18aa: 0x000a, 0x18ab: 0x000a, 0x18ac: 0x000a, 0x18ad: 0x000a, 0x18ae: 0x000a, 0x18af: 0x000a,
-	0x18b0: 0x000a, 0x18b1: 0x000a, 0x18b2: 0x000a, 0x18b3: 0x000a, 0x18b4: 0x000a, 0x18b5: 0x000a,
-	0x18b6: 0x000a, 0x18b7: 0x000a, 0x18b8: 0x000a, 0x18b9: 0x000a, 0x18ba: 0x000a, 0x18bb: 0x000a,
-	0x18bc: 0x000a, 0x18bd: 0x000a, 0x18be: 0x000a, 0x18bf: 0x000a,
-	// Block 0x63, offset 0x18c0
-	0x18c0: 0x000a, 0x18c1: 0x000a, 0x18c2: 0x000a, 0x18c3: 0x000a, 0x18c4: 0x000a, 0x18c5: 0x000a,
-	0x18c6: 0x000a, 0x18c7: 0x000a, 0x18c8: 0x000a, 0x18c9: 0x000a, 0x18ca: 0x000a, 0x18cb: 0x000a,
-	0x18cc: 0x000a, 0x18cd: 0x000a, 0x18ce: 0x000a, 0x18cf: 0x000a, 0x18d0: 0x000a, 0x18d1: 0x000a,
-	0x18d2: 0x000a, 0x18d3: 0x000a, 0x18d4: 0x000a, 0x18d5: 0x000a, 0x18d6: 0x000a, 0x18d7: 0x000a,
-	0x18d8: 0x003a, 0x18d9: 0x002a, 0x18da: 0x003a, 0x18db: 0x002a, 0x18dc: 0x000a, 0x18dd: 0x000a,
-	0x18de: 0x000a, 0x18df: 0x000a, 0x18e0: 0x000a, 0x18e1: 0x000a, 0x18e2: 0x000a, 0x18e3: 0x000a,
-	0x18e4: 0x000a, 0x18e5: 0x000a, 0x18e6: 0x000a, 0x18e7: 0x000a, 0x18e8: 0x000a, 0x18e9: 0x000a,
-	0x18ea: 0x000a, 0x18eb: 0x000a, 0x18ec: 0x000a, 0x18ed: 0x000a, 0x18ee: 0x000a, 0x18ef: 0x000a,
-	0x18f0: 0x000a, 0x18f1: 0x000a, 0x18f2: 0x000a, 0x18f3: 0x000a, 0x18f4: 0x000a, 0x18f5: 0x000a,
-	0x18f6: 0x000a, 0x18f7: 0x000a, 0x18f8: 0x000a, 0x18f9: 0x000a, 0x18fa: 0x000a, 0x18fb: 0x000a,
-	0x18fc: 0x003a, 0x18fd: 0x002a, 0x18fe: 0x000a, 0x18ff: 0x000a,
-	// Block 0x64, offset 0x1900
-	0x1900: 0x000a, 0x1901: 0x000a, 0x1902: 0x000a, 0x1903: 0x000a, 0x1904: 0x000a, 0x1905: 0x000a,
-	0x1906: 0x000a, 0x1907: 0x000a, 0x1908: 0x000a, 0x1909: 0x000a, 0x190a: 0x000a, 0x190b: 0x000a,
-	0x190c: 0x000a, 0x190d: 0x000a, 0x190e: 0x000a, 0x190f: 0x000a, 0x1910: 0x000a, 0x1911: 0x000a,
-	0x1912: 0x000a, 0x1913: 0x000a, 0x1914: 0x000a, 0x1915: 0x000a, 0x1916: 0x000a, 0x1917: 0x000a,
-	0x1918: 0x000a, 0x1919: 0x000a, 0x191a: 0x000a, 0x191b: 0x000a, 0x191c: 0x000a, 0x191d: 0x000a,
-	0x191e: 0x000a, 0x191f: 0x000a, 0x1920: 0x000a, 0x1921: 0x000a, 0x1922: 0x000a, 0x1923: 0x000a,
-	0x1924: 0x000a, 0x1925: 0x000a, 0x1926: 0x000a, 0x1927: 0x000a, 0x1928: 0x000a, 0x1929: 0x000a,
-	0x192a: 0x000a, 0x192b: 0x000a, 0x192c: 0x000a, 0x192d: 0x000a, 0x192e: 0x000a, 0x192f: 0x000a,
-	0x1930: 0x000a, 0x1931: 0x000a, 0x1932: 0x000a, 0x1933: 0x000a,
-	0x1936: 0x000a, 0x1937: 0x000a, 0x1938: 0x000a, 0x1939: 0x000a, 0x193a: 0x000a, 0x193b: 0x000a,
-	0x193c: 0x000a, 0x193d: 0x000a, 0x193e: 0x000a, 0x193f: 0x000a,
-	// Block 0x65, offset 0x1940
-	0x1940: 0x000a, 0x1941: 0x000a, 0x1942: 0x000a, 0x1943: 0x000a, 0x1944: 0x000a, 0x1945: 0x000a,
-	0x1946: 0x000a, 0x1947: 0x000a, 0x1948: 0x000a, 0x1949: 0x000a, 0x194a: 0x000a, 0x194b: 0x000a,
-	0x194c: 0x000a, 0x194d: 0x000a, 0x194e: 0x000a, 0x194f: 0x000a, 0x1950: 0x000a, 0x1951: 0x000a,
-	0x1952: 0x000a, 0x1953: 0x000a, 0x1954: 0x000a, 0x1955: 0x000a,
-	0x1958: 0x000a, 0x1959: 0x000a, 0x195a: 0x000a, 0x195b: 0x000a, 0x195c: 0x000a, 0x195d: 0x000a,
-	0x195e: 0x000a, 0x195f: 0x000a, 0x1960: 0x000a, 0x1961: 0x000a, 0x1962: 0x000a, 0x1963: 0x000a,
-	0x1964: 0x000a, 0x1965: 0x000a, 0x1966: 0x000a, 0x1967: 0x000a, 0x1968: 0x000a, 0x1969: 0x000a,
-	0x196a: 0x000a, 0x196b: 0x000a, 0x196c: 0x000a, 0x196d: 0x000a, 0x196e: 0x000a, 0x196f: 0x000a,
-	0x1970: 0x000a, 0x1971: 0x000a, 0x1972: 0x000a, 0x1973: 0x000a, 0x1974: 0x000a, 0x1975: 0x000a,
-	0x1976: 0x000a, 0x1977: 0x000a, 0x1978: 0x000a, 0x1979: 0x000a, 0x197a: 0x000a, 0x197b: 0x000a,
-	0x197c: 0x000a, 0x197d: 0x000a, 0x197e: 0x000a, 0x197f: 0x000a,
-	// Block 0x66, offset 0x1980
-	0x1980: 0x000a, 0x1981: 0x000a, 0x1982: 0x000a, 0x1983: 0x000a, 0x1984: 0x000a, 0x1985: 0x000a,
-	0x1986: 0x000a, 0x1987: 0x000a, 0x1988: 0x000a, 0x198a: 0x000a, 0x198b: 0x000a,
-	0x198c: 0x000a, 0x198d: 0x000a, 0x198e: 0x000a, 0x198f: 0x000a, 0x1990: 0x000a, 0x1991: 0x000a,
-	0x1992: 0x000a, 0x1993: 0x000a, 0x1994: 0x000a, 0x1995: 0x000a, 0x1996: 0x000a, 0x1997: 0x000a,
-	0x1998: 0x000a, 0x1999: 0x000a, 0x199a: 0x000a, 0x199b: 0x000a, 0x199c: 0x000a, 0x199d: 0x000a,
-	0x199e: 0x000a, 0x199f: 0x000a, 0x19a0: 0x000a, 0x19a1: 0x000a, 0x19a2: 0x000a, 0x19a3: 0x000a,
-	0x19a4: 0x000a, 0x19a5: 0x000a, 0x19a6: 0x000a, 0x19a7: 0x000a, 0x19a8: 0x000a, 0x19a9: 0x000a,
-	0x19aa: 0x000a, 0x19ab: 0x000a, 0x19ac: 0x000a, 0x19ad: 0x000a, 0x19ae: 0x000a, 0x19af: 0x000a,
-	0x19b0: 0x000a, 0x19b1: 0x000a, 0x19b2: 0x000a, 0x19b3: 0x000a, 0x19b4: 0x000a, 0x19b5: 0x000a,
-	0x19b6: 0x000a, 0x19b7: 0x000a, 0x19b8: 0x000a, 0x19b9: 0x000a, 0x19ba: 0x000a, 0x19bb: 0x000a,
-	0x19bc: 0x000a, 0x19bd: 0x000a, 0x19be: 0x000a,
-	// Block 0x67, offset 0x19c0
-	0x19e5: 0x000a, 0x19e6: 0x000a, 0x19e7: 0x000a, 0x19e8: 0x000a, 0x19e9: 0x000a,
-	0x19ea: 0x000a, 0x19ef: 0x000c,
-	0x19f0: 0x000c, 0x19f1: 0x000c,
-	0x19f9: 0x000a, 0x19fa: 0x000a, 0x19fb: 0x000a,
-	0x19fc: 0x000a, 0x19fd: 0x000a, 0x19fe: 0x000a, 0x19ff: 0x000a,
-	// Block 0x68, offset 0x1a00
-	0x1a3f: 0x000c,
-	// Block 0x69, offset 0x1a40
-	0x1a60: 0x000c, 0x1a61: 0x000c, 0x1a62: 0x000c, 0x1a63: 0x000c,
-	0x1a64: 0x000c, 0x1a65: 0x000c, 0x1a66: 0x000c, 0x1a67: 0x000c, 0x1a68: 0x000c, 0x1a69: 0x000c,
-	0x1a6a: 0x000c, 0x1a6b: 0x000c, 0x1a6c: 0x000c, 0x1a6d: 0x000c, 0x1a6e: 0x000c, 0x1a6f: 0x000c,
-	0x1a70: 0x000c, 0x1a71: 0x000c, 0x1a72: 0x000c, 0x1a73: 0x000c, 0x1a74: 0x000c, 0x1a75: 0x000c,
-	0x1a76: 0x000c, 0x1a77: 0x000c, 0x1a78: 0x000c, 0x1a79: 0x000c, 0x1a7a: 0x000c, 0x1a7b: 0x000c,
-	0x1a7c: 0x000c, 0x1a7d: 0x000c, 0x1a7e: 0x000c, 0x1a7f: 0x000c,
-	// Block 0x6a, offset 0x1a80
-	0x1a80: 0x000a, 0x1a81: 0x000a, 0x1a82: 0x000a, 0x1a83: 0x000a, 0x1a84: 0x000a, 0x1a85: 0x000a,
-	0x1a86: 0x000a, 0x1a87: 0x000a, 0x1a88: 0x000a, 0x1a89: 0x000a, 0x1a8a: 0x000a, 0x1a8b: 0x000a,
-	0x1a8c: 0x000a, 0x1a8d: 0x000a, 0x1a8e: 0x000a, 0x1a8f: 0x000a, 0x1a90: 0x000a, 0x1a91: 0x000a,
-	0x1a92: 0x000a, 0x1a93: 0x000a, 0x1a94: 0x000a, 0x1a95: 0x000a, 0x1a96: 0x000a, 0x1a97: 0x000a,
-	0x1a98: 0x000a, 0x1a99: 0x000a, 0x1a9a: 0x000a, 0x1a9b: 0x000a, 0x1a9c: 0x000a, 0x1a9d: 0x000a,
-	0x1a9e: 0x000a, 0x1a9f: 0x000a, 0x1aa0: 0x000a, 0x1aa1: 0x000a, 0x1aa2: 0x003a, 0x1aa3: 0x002a,
-	0x1aa4: 0x003a, 0x1aa5: 0x002a, 0x1aa6: 0x003a, 0x1aa7: 0x002a, 0x1aa8: 0x003a, 0x1aa9: 0x002a,
-	0x1aaa: 0x000a, 0x1aab: 0x000a, 0x1aac: 0x000a, 0x1aad: 0x000a, 0x1aae: 0x000a, 0x1aaf: 0x000a,
-	0x1ab0: 0x000a, 0x1ab1: 0x000a, 0x1ab2: 0x000a, 0x1ab3: 0x000a, 0x1ab4: 0x000a, 0x1ab5: 0x000a,
-	0x1ab6: 0x000a, 0x1ab7: 0x000a, 0x1ab8: 0x000a, 0x1ab9: 0x000a, 0x1aba: 0x000a, 0x1abb: 0x000a,
-	0x1abc: 0x000a, 0x1abd: 0x000a, 0x1abe: 0x000a, 0x1abf: 0x000a,
-	// Block 0x6b, offset 0x1ac0
-	0x1ac0: 0x000a, 0x1ac1: 0x000a, 0x1ac2: 0x000a, 0x1ac3: 0x000a, 0x1ac4: 0x000a, 0x1ac5: 0x000a,
-	0x1ac6: 0x000a, 0x1ac7: 0x000a, 0x1ac8: 0x000a, 0x1ac9: 0x000a, 0x1aca: 0x000a, 0x1acb: 0x000a,
-	0x1acc: 0x000a, 0x1acd: 0x000a, 0x1ace: 0x000a,
-	// Block 0x6c, offset 0x1b00
-	0x1b00: 0x000a, 0x1b01: 0x000a, 0x1b02: 0x000a, 0x1b03: 0x000a, 0x1b04: 0x000a, 0x1b05: 0x000a,
-	0x1b06: 0x000a, 0x1b07: 0x000a, 0x1b08: 0x000a, 0x1b09: 0x000a, 0x1b0a: 0x000a, 0x1b0b: 0x000a,
-	0x1b0c: 0x000a, 0x1b0d: 0x000a, 0x1b0e: 0x000a, 0x1b0f: 0x000a, 0x1b10: 0x000a, 0x1b11: 0x000a,
-	0x1b12: 0x000a, 0x1b13: 0x000a, 0x1b14: 0x000a, 0x1b15: 0x000a, 0x1b16: 0x000a, 0x1b17: 0x000a,
-	0x1b18: 0x000a, 0x1b19: 0x000a, 0x1b1b: 0x000a, 0x1b1c: 0x000a, 0x1b1d: 0x000a,
-	0x1b1e: 0x000a, 0x1b1f: 0x000a, 0x1b20: 0x000a, 0x1b21: 0x000a, 0x1b22: 0x000a, 0x1b23: 0x000a,
-	0x1b24: 0x000a, 0x1b25: 0x000a, 0x1b26: 0x000a, 0x1b27: 0x000a, 0x1b28: 0x000a, 0x1b29: 0x000a,
-	0x1b2a: 0x000a, 0x1b2b: 0x000a, 0x1b2c: 0x000a, 0x1b2d: 0x000a, 0x1b2e: 0x000a, 0x1b2f: 0x000a,
-	0x1b30: 0x000a, 0x1b31: 0x000a, 0x1b32: 0x000a, 0x1b33: 0x000a, 0x1b34: 0x000a, 0x1b35: 0x000a,
-	0x1b36: 0x000a, 0x1b37: 0x000a, 0x1b38: 0x000a, 0x1b39: 0x000a, 0x1b3a: 0x000a, 0x1b3b: 0x000a,
-	0x1b3c: 0x000a, 0x1b3d: 0x000a, 0x1b3e: 0x000a, 0x1b3f: 0x000a,
-	// Block 0x6d, offset 0x1b40
-	0x1b40: 0x000a, 0x1b41: 0x000a, 0x1b42: 0x000a, 0x1b43: 0x000a, 0x1b44: 0x000a, 0x1b45: 0x000a,
-	0x1b46: 0x000a, 0x1b47: 0x000a, 0x1b48: 0x000a, 0x1b49: 0x000a, 0x1b4a: 0x000a, 0x1b4b: 0x000a,
-	0x1b4c: 0x000a, 0x1b4d: 0x000a, 0x1b4e: 0x000a, 0x1b4f: 0x000a, 0x1b50: 0x000a, 0x1b51: 0x000a,
-	0x1b52: 0x000a, 0x1b53: 0x000a, 0x1b54: 0x000a, 0x1b55: 0x000a, 0x1b56: 0x000a, 0x1b57: 0x000a,
-	0x1b58: 0x000a, 0x1b59: 0x000a, 0x1b5a: 0x000a, 0x1b5b: 0x000a, 0x1b5c: 0x000a, 0x1b5d: 0x000a,
-	0x1b5e: 0x000a, 0x1b5f: 0x000a, 0x1b60: 0x000a, 0x1b61: 0x000a, 0x1b62: 0x000a, 0x1b63: 0x000a,
-	0x1b64: 0x000a, 0x1b65: 0x000a, 0x1b66: 0x000a, 0x1b67: 0x000a, 0x1b68: 0x000a, 0x1b69: 0x000a,
-	0x1b6a: 0x000a, 0x1b6b: 0x000a, 0x1b6c: 0x000a, 0x1b6d: 0x000a, 0x1b6e: 0x000a, 0x1b6f: 0x000a,
-	0x1b70: 0x000a, 0x1b71: 0x000a, 0x1b72: 0x000a, 0x1b73: 0x000a,
-	// Block 0x6e, offset 0x1b80
-	0x1b80: 0x000a, 0x1b81: 0x000a, 0x1b82: 0x000a, 0x1b83: 0x000a, 0x1b84: 0x000a, 0x1b85: 0x000a,
-	0x1b86: 0x000a, 0x1b87: 0x000a, 0x1b88: 0x000a, 0x1b89: 0x000a, 0x1b8a: 0x000a, 0x1b8b: 0x000a,
-	0x1b8c: 0x000a, 0x1b8d: 0x000a, 0x1b8e: 0x000a, 0x1b8f: 0x000a, 0x1b90: 0x000a, 0x1b91: 0x000a,
-	0x1b92: 0x000a, 0x1b93: 0x000a, 0x1b94: 0x000a, 0x1b95: 0x000a,
-	0x1bb0: 0x000a, 0x1bb1: 0x000a, 0x1bb2: 0x000a, 0x1bb3: 0x000a, 0x1bb4: 0x000a, 0x1bb5: 0x000a,
-	0x1bb6: 0x000a, 0x1bb7: 0x000a, 0x1bb8: 0x000a, 0x1bb9: 0x000a, 0x1bba: 0x000a, 0x1bbb: 0x000a,
-	// Block 0x6f, offset 0x1bc0
-	0x1bc0: 0x0009, 0x1bc1: 0x000a, 0x1bc2: 0x000a, 0x1bc3: 0x000a, 0x1bc4: 0x000a,
-	0x1bc8: 0x003a, 0x1bc9: 0x002a, 0x1bca: 0x003a, 0x1bcb: 0x002a,
-	0x1bcc: 0x003a, 0x1bcd: 0x002a, 0x1bce: 0x003a, 0x1bcf: 0x002a, 0x1bd0: 0x003a, 0x1bd1: 0x002a,
-	0x1bd2: 0x000a, 0x1bd3: 0x000a, 0x1bd4: 0x003a, 0x1bd5: 0x002a, 0x1bd6: 0x003a, 0x1bd7: 0x002a,
-	0x1bd8: 0x003a, 0x1bd9: 0x002a, 0x1bda: 0x003a, 0x1bdb: 0x002a, 0x1bdc: 0x000a, 0x1bdd: 0x000a,
-	0x1bde: 0x000a, 0x1bdf: 0x000a, 0x1be0: 0x000a,
-	0x1bea: 0x000c, 0x1beb: 0x000c, 0x1bec: 0x000c, 0x1bed: 0x000c,
-	0x1bf0: 0x000a,
-	0x1bf6: 0x000a, 0x1bf7: 0x000a,
-	0x1bfd: 0x000a, 0x1bfe: 0x000a, 0x1bff: 0x000a,
-	// Block 0x70, offset 0x1c00
-	0x1c19: 0x000c, 0x1c1a: 0x000c, 0x1c1b: 0x000a, 0x1c1c: 0x000a,
-	0x1c20: 0x000a,
-	// Block 0x71, offset 0x1c40
-	0x1c7b: 0x000a,
-	// Block 0x72, offset 0x1c80
-	0x1c80: 0x000a, 0x1c81: 0x000a, 0x1c82: 0x000a, 0x1c83: 0x000a, 0x1c84: 0x000a, 0x1c85: 0x000a,
-	0x1c86: 0x000a, 0x1c87: 0x000a, 0x1c88: 0x000a, 0x1c89: 0x000a, 0x1c8a: 0x000a, 0x1c8b: 0x000a,
-	0x1c8c: 0x000a, 0x1c8d: 0x000a, 0x1c8e: 0x000a, 0x1c8f: 0x000a, 0x1c90: 0x000a, 0x1c91: 0x000a,
-	0x1c92: 0x000a, 0x1c93: 0x000a, 0x1c94: 0x000a, 0x1c95: 0x000a, 0x1c96: 0x000a, 0x1c97: 0x000a,
-	0x1c98: 0x000a, 0x1c99: 0x000a, 0x1c9a: 0x000a, 0x1c9b: 0x000a, 0x1c9c: 0x000a, 0x1c9d: 0x000a,
-	0x1c9e: 0x000a, 0x1c9f: 0x000a, 0x1ca0: 0x000a, 0x1ca1: 0x000a, 0x1ca2: 0x000a, 0x1ca3: 0x000a,
-	// Block 0x73, offset 0x1cc0
-	0x1cdd: 0x000a,
-	0x1cde: 0x000a,
-	// Block 0x74, offset 0x1d00
-	0x1d10: 0x000a, 0x1d11: 0x000a,
-	0x1d12: 0x000a, 0x1d13: 0x000a, 0x1d14: 0x000a, 0x1d15: 0x000a, 0x1d16: 0x000a, 0x1d17: 0x000a,
-	0x1d18: 0x000a, 0x1d19: 0x000a, 0x1d1a: 0x000a, 0x1d1b: 0x000a, 0x1d1c: 0x000a, 0x1d1d: 0x000a,
-	0x1d1e: 0x000a, 0x1d1f: 0x000a,
-	0x1d3c: 0x000a, 0x1d3d: 0x000a, 0x1d3e: 0x000a,
-	// Block 0x75, offset 0x1d40
-	0x1d71: 0x000a, 0x1d72: 0x000a, 0x1d73: 0x000a, 0x1d74: 0x000a, 0x1d75: 0x000a,
-	0x1d76: 0x000a, 0x1d77: 0x000a, 0x1d78: 0x000a, 0x1d79: 0x000a, 0x1d7a: 0x000a, 0x1d7b: 0x000a,
-	0x1d7c: 0x000a, 0x1d7d: 0x000a, 0x1d7e: 0x000a, 0x1d7f: 0x000a,
-	// Block 0x76, offset 0x1d80
-	0x1d8c: 0x000a, 0x1d8d: 0x000a, 0x1d8e: 0x000a, 0x1d8f: 0x000a,
-	// Block 0x77, offset 0x1dc0
-	0x1df7: 0x000a, 0x1df8: 0x000a, 0x1df9: 0x000a, 0x1dfa: 0x000a,
-	// Block 0x78, offset 0x1e00
-	0x1e1e: 0x000a, 0x1e1f: 0x000a,
-	0x1e3f: 0x000a,
-	// Block 0x79, offset 0x1e40
-	0x1e50: 0x000a, 0x1e51: 0x000a,
-	0x1e52: 0x000a, 0x1e53: 0x000a, 0x1e54: 0x000a, 0x1e55: 0x000a, 0x1e56: 0x000a, 0x1e57: 0x000a,
-	0x1e58: 0x000a, 0x1e59: 0x000a, 0x1e5a: 0x000a, 0x1e5b: 0x000a, 0x1e5c: 0x000a, 0x1e5d: 0x000a,
-	0x1e5e: 0x000a, 0x1e5f: 0x000a, 0x1e60: 0x000a, 0x1e61: 0x000a, 0x1e62: 0x000a, 0x1e63: 0x000a,
-	0x1e64: 0x000a, 0x1e65: 0x000a, 0x1e66: 0x000a, 0x1e67: 0x000a, 0x1e68: 0x000a, 0x1e69: 0x000a,
-	0x1e6a: 0x000a, 0x1e6b: 0x000a, 0x1e6c: 0x000a, 0x1e6d: 0x000a, 0x1e6e: 0x000a, 0x1e6f: 0x000a,
-	0x1e70: 0x000a, 0x1e71: 0x000a, 0x1e72: 0x000a, 0x1e73: 0x000a, 0x1e74: 0x000a, 0x1e75: 0x000a,
-	0x1e76: 0x000a, 0x1e77: 0x000a, 0x1e78: 0x000a, 0x1e79: 0x000a, 0x1e7a: 0x000a, 0x1e7b: 0x000a,
-	0x1e7c: 0x000a, 0x1e7d: 0x000a, 0x1e7e: 0x000a, 0x1e7f: 0x000a,
-	// Block 0x7a, offset 0x1e80
-	0x1e80: 0x000a, 0x1e81: 0x000a, 0x1e82: 0x000a, 0x1e83: 0x000a, 0x1e84: 0x000a, 0x1e85: 0x000a,
-	0x1e86: 0x000a,
-	// Block 0x7b, offset 0x1ec0
-	0x1ecd: 0x000a, 0x1ece: 0x000a, 0x1ecf: 0x000a,
-	// Block 0x7c, offset 0x1f00
-	0x1f2f: 0x000c,
-	0x1f30: 0x000c, 0x1f31: 0x000c, 0x1f32: 0x000c, 0x1f33: 0x000a, 0x1f34: 0x000c, 0x1f35: 0x000c,
-	0x1f36: 0x000c, 0x1f37: 0x000c, 0x1f38: 0x000c, 0x1f39: 0x000c, 0x1f3a: 0x000c, 0x1f3b: 0x000c,
-	0x1f3c: 0x000c, 0x1f3d: 0x000c, 0x1f3e: 0x000a, 0x1f3f: 0x000a,
-	// Block 0x7d, offset 0x1f40
-	0x1f5e: 0x000c, 0x1f5f: 0x000c,
-	// Block 0x7e, offset 0x1f80
-	0x1fb0: 0x000c, 0x1fb1: 0x000c,
-	// Block 0x7f, offset 0x1fc0
-	0x1fc0: 0x000a, 0x1fc1: 0x000a, 0x1fc2: 0x000a, 0x1fc3: 0x000a, 0x1fc4: 0x000a, 0x1fc5: 0x000a,
-	0x1fc6: 0x000a, 0x1fc7: 0x000a, 0x1fc8: 0x000a, 0x1fc9: 0x000a, 0x1fca: 0x000a, 0x1fcb: 0x000a,
-	0x1fcc: 0x000a, 0x1fcd: 0x000a, 0x1fce: 0x000a, 0x1fcf: 0x000a, 0x1fd0: 0x000a, 0x1fd1: 0x000a,
-	0x1fd2: 0x000a, 0x1fd3: 0x000a, 0x1fd4: 0x000a, 0x1fd5: 0x000a, 0x1fd6: 0x000a, 0x1fd7: 0x000a,
-	0x1fd8: 0x000a, 0x1fd9: 0x000a, 0x1fda: 0x000a, 0x1fdb: 0x000a, 0x1fdc: 0x000a, 0x1fdd: 0x000a,
-	0x1fde: 0x000a, 0x1fdf: 0x000a, 0x1fe0: 0x000a, 0x1fe1: 0x000a,
-	// Block 0x80, offset 0x2000
-	0x2008: 0x000a,
-	// Block 0x81, offset 0x2040
-	0x2042: 0x000c,
-	0x2046: 0x000c, 0x204b: 0x000c,
-	0x2065: 0x000c, 0x2066: 0x000c, 0x2068: 0x000a, 0x2069: 0x000a,
-	0x206a: 0x000a, 0x206b: 0x000a,
-	0x2078: 0x0004, 0x2079: 0x0004,
-	// Block 0x82, offset 0x2080
-	0x20b4: 0x000a, 0x20b5: 0x000a,
-	0x20b6: 0x000a, 0x20b7: 0x000a,
-	// Block 0x83, offset 0x20c0
-	0x20c4: 0x000c, 0x20c5: 0x000c,
-	0x20e0: 0x000c, 0x20e1: 0x000c, 0x20e2: 0x000c, 0x20e3: 0x000c,
-	0x20e4: 0x000c, 0x20e5: 0x000c, 0x20e6: 0x000c, 0x20e7: 0x000c, 0x20e8: 0x000c, 0x20e9: 0x000c,
-	0x20ea: 0x000c, 0x20eb: 0x000c, 0x20ec: 0x000c, 0x20ed: 0x000c, 0x20ee: 0x000c, 0x20ef: 0x000c,
-	0x20f0: 0x000c, 0x20f1: 0x000c,
-	0x20ff: 0x000c,
-	// Block 0x84, offset 0x2100
-	0x2126: 0x000c, 0x2127: 0x000c, 0x2128: 0x000c, 0x2129: 0x000c,
-	0x212a: 0x000c, 0x212b: 0x000c, 0x212c: 0x000c, 0x212d: 0x000c,
-	// Block 0x85, offset 0x2140
-	0x2147: 0x000c, 0x2148: 0x000c, 0x2149: 0x000c, 0x214a: 0x000c, 0x214b: 0x000c,
-	0x214c: 0x000c, 0x214d: 0x000c, 0x214e: 0x000c, 0x214f: 0x000c, 0x2150: 0x000c, 0x2151: 0x000c,
-	// Block 0x86, offset 0x2180
-	0x2180: 0x000c, 0x2181: 0x000c, 0x2182: 0x000c,
-	0x21b3: 0x000c,
-	0x21b6: 0x000c, 0x21b7: 0x000c, 0x21b8: 0x000c, 0x21b9: 0x000c,
-	0x21bc: 0x000c,
-	// Block 0x87, offset 0x21c0
-	0x21e5: 0x000c,
-	// Block 0x88, offset 0x2200
-	0x2229: 0x000c,
-	0x222a: 0x000c, 0x222b: 0x000c, 0x222c: 0x000c, 0x222d: 0x000c, 0x222e: 0x000c,
-	0x2231: 0x000c, 0x2232: 0x000c, 0x2235: 0x000c,
-	0x2236: 0x000c,
-	// Block 0x89, offset 0x2240
-	0x2243: 0x000c,
-	0x224c: 0x000c,
-	0x227c: 0x000c,
-	// Block 0x8a, offset 0x2280
-	0x22b0: 0x000c, 0x22b2: 0x000c, 0x22b3: 0x000c, 0x22b4: 0x000c,
-	0x22b7: 0x000c, 0x22b8: 0x000c,
-	0x22be: 0x000c, 0x22bf: 0x000c,
-	// Block 0x8b, offset 0x22c0
-	0x22c1: 0x000c,
-	0x22ec: 0x000c, 0x22ed: 0x000c,
-	0x22f6: 0x000c,
-	// Block 0x8c, offset 0x2300
-	0x2325: 0x000c, 0x2328: 0x000c,
-	0x232d: 0x000c,
-	// Block 0x8d, offset 0x2340
-	0x235d: 0x0001,
-	0x235e: 0x000c, 0x235f: 0x0001, 0x2360: 0x0001, 0x2361: 0x0001, 0x2362: 0x0001, 0x2363: 0x0001,
-	0x2364: 0x0001, 0x2365: 0x0001, 0x2366: 0x0001, 0x2367: 0x0001, 0x2368: 0x0001, 0x2369: 0x0003,
-	0x236a: 0x0001, 0x236b: 0x0001, 0x236c: 0x0001, 0x236d: 0x0001, 0x236e: 0x0001, 0x236f: 0x0001,
-	0x2370: 0x0001, 0x2371: 0x0001, 0x2372: 0x0001, 0x2373: 0x0001, 0x2374: 0x0001, 0x2375: 0x0001,
-	0x2376: 0x0001, 0x2377: 0x0001, 0x2378: 0x0001, 0x2379: 0x0001, 0x237a: 0x0001, 0x237b: 0x0001,
-	0x237c: 0x0001, 0x237d: 0x0001, 0x237e: 0x0001, 0x237f: 0x0001,
-	// Block 0x8e, offset 0x2380
-	0x2380: 0x0001, 0x2381: 0x0001, 0x2382: 0x0001, 0x2383: 0x0001, 0x2384: 0x0001, 0x2385: 0x0001,
-	0x2386: 0x0001, 0x2387: 0x0001, 0x2388: 0x0001, 0x2389: 0x0001, 0x238a: 0x0001, 0x238b: 0x0001,
-	0x238c: 0x0001, 0x238d: 0x0001, 0x238e: 0x0001, 0x238f: 0x0001, 0x2390: 0x000d, 0x2391: 0x000d,
-	0x2392: 0x000d, 0x2393: 0x000d, 0x2394: 0x000d, 0x2395: 0x000d, 0x2396: 0x000d, 0x2397: 0x000d,
-	0x2398: 0x000d, 0x2399: 0x000d, 0x239a: 0x000d, 0x239b: 0x000d, 0x239c: 0x000d, 0x239d: 0x000d,
-	0x239e: 0x000d, 0x239f: 0x000d, 0x23a0: 0x000d, 0x23a1: 0x000d, 0x23a2: 0x000d, 0x23a3: 0x000d,
-	0x23a4: 0x000d, 0x23a5: 0x000d, 0x23a6: 0x000d, 0x23a7: 0x000d, 0x23a8: 0x000d, 0x23a9: 0x000d,
-	0x23aa: 0x000d, 0x23ab: 0x000d, 0x23ac: 0x000d, 0x23ad: 0x000d, 0x23ae: 0x000d, 0x23af: 0x000d,
-	0x23b0: 0x000d, 0x23b1: 0x000d, 0x23b2: 0x000d, 0x23b3: 0x000d, 0x23b4: 0x000d, 0x23b5: 0x000d,
-	0x23b6: 0x000d, 0x23b7: 0x000d, 0x23b8: 0x000d, 0x23b9: 0x000d, 0x23ba: 0x000d, 0x23bb: 0x000d,
-	0x23bc: 0x000d, 0x23bd: 0x000d, 0x23be: 0x000d, 0x23bf: 0x000d,
-	// Block 0x8f, offset 0x23c0
-	0x23c0: 0x000d, 0x23c1: 0x000d, 0x23c2: 0x000d, 0x23c3: 0x000d, 0x23c4: 0x000d, 0x23c5: 0x000d,
-	0x23c6: 0x000d, 0x23c7: 0x000d, 0x23c8: 0x000d, 0x23c9: 0x000d, 0x23ca: 0x000d, 0x23cb: 0x000d,
-	0x23cc: 0x000d, 0x23cd: 0x000d, 0x23ce: 0x000d, 0x23cf: 0x000d, 0x23d0: 0x000d, 0x23d1: 0x000d,
-	0x23d2: 0x000d, 0x23d3: 0x000d, 0x23d4: 0x000d, 0x23d5: 0x000d, 0x23d6: 0x000d, 0x23d7: 0x000d,
-	0x23d8: 0x000d, 0x23d9: 0x000d, 0x23da: 0x000d, 0x23db: 0x000d, 0x23dc: 0x000d, 0x23dd: 0x000d,
-	0x23de: 0x000d, 0x23df: 0x000d, 0x23e0: 0x000d, 0x23e1: 0x000d, 0x23e2: 0x000d, 0x23e3: 0x000d,
-	0x23e4: 0x000d, 0x23e5: 0x000d, 0x23e6: 0x000d, 0x23e7: 0x000d, 0x23e8: 0x000d, 0x23e9: 0x000d,
-	0x23ea: 0x000d, 0x23eb: 0x000d, 0x23ec: 0x000d, 0x23ed: 0x000d, 0x23ee: 0x000d, 0x23ef: 0x000d,
-	0x23f0: 0x000d, 0x23f1: 0x000d, 0x23f2: 0x000d, 0x23f3: 0x000d, 0x23f4: 0x000d, 0x23f5: 0x000d,
-	0x23f6: 0x000d, 0x23f7: 0x000d, 0x23f8: 0x000d, 0x23f9: 0x000d, 0x23fa: 0x000d, 0x23fb: 0x000d,
-	0x23fc: 0x000d, 0x23fd: 0x000d, 0x23fe: 0x000a, 0x23ff: 0x000a,
-	// Block 0x90, offset 0x2400
-	0x2400: 0x000d, 0x2401: 0x000d, 0x2402: 0x000d, 0x2403: 0x000d, 0x2404: 0x000d, 0x2405: 0x000d,
-	0x2406: 0x000d, 0x2407: 0x000d, 0x2408: 0x000d, 0x2409: 0x000d, 0x240a: 0x000d, 0x240b: 0x000d,
-	0x240c: 0x000d, 0x240d: 0x000d, 0x240e: 0x000d, 0x240f: 0x000d, 0x2410: 0x000b, 0x2411: 0x000b,
-	0x2412: 0x000b, 0x2413: 0x000b, 0x2414: 0x000b, 0x2415: 0x000b, 0x2416: 0x000b, 0x2417: 0x000b,
-	0x2418: 0x000b, 0x2419: 0x000b, 0x241a: 0x000b, 0x241b: 0x000b, 0x241c: 0x000b, 0x241d: 0x000b,
-	0x241e: 0x000b, 0x241f: 0x000b, 0x2420: 0x000b, 0x2421: 0x000b, 0x2422: 0x000b, 0x2423: 0x000b,
-	0x2424: 0x000b, 0x2425: 0x000b, 0x2426: 0x000b, 0x2427: 0x000b, 0x2428: 0x000b, 0x2429: 0x000b,
-	0x242a: 0x000b, 0x242b: 0x000b, 0x242c: 0x000b, 0x242d: 0x000b, 0x242e: 0x000b, 0x242f: 0x000b,
-	0x2430: 0x000d, 0x2431: 0x000d, 0x2432: 0x000d, 0x2433: 0x000d, 0x2434: 0x000d, 0x2435: 0x000d,
-	0x2436: 0x000d, 0x2437: 0x000d, 0x2438: 0x000d, 0x2439: 0x000d, 0x243a: 0x000d, 0x243b: 0x000d,
-	0x243c: 0x000d, 0x243d: 0x000a, 0x243e: 0x000d, 0x243f: 0x000d,
-	// Block 0x91, offset 0x2440
-	0x2440: 0x000c, 0x2441: 0x000c, 0x2442: 0x000c, 0x2443: 0x000c, 0x2444: 0x000c, 0x2445: 0x000c,
-	0x2446: 0x000c, 0x2447: 0x000c, 0x2448: 0x000c, 0x2449: 0x000c, 0x244a: 0x000c, 0x244b: 0x000c,
-	0x244c: 0x000c, 0x244d: 0x000c, 0x244e: 0x000c, 0x244f: 0x000c, 0x2450: 0x000a, 0x2451: 0x000a,
-	0x2452: 0x000a, 0x2453: 0x000a, 0x2454: 0x000a, 0x2455: 0x000a, 0x2456: 0x000a, 0x2457: 0x000a,
-	0x2458: 0x000a, 0x2459: 0x000a,
-	0x2460: 0x000c, 0x2461: 0x000c, 0x2462: 0x000c, 0x2463: 0x000c,
-	0x2464: 0x000c, 0x2465: 0x000c, 0x2466: 0x000c, 0x2467: 0x000c, 0x2468: 0x000c, 0x2469: 0x000c,
-	0x246a: 0x000c, 0x246b: 0x000c, 0x246c: 0x000c, 0x246d: 0x000c, 0x246e: 0x000c, 0x246f: 0x000c,
-	0x2470: 0x000a, 0x2471: 0x000a, 0x2472: 0x000a, 0x2473: 0x000a, 0x2474: 0x000a, 0x2475: 0x000a,
-	0x2476: 0x000a, 0x2477: 0x000a, 0x2478: 0x000a, 0x2479: 0x000a, 0x247a: 0x000a, 0x247b: 0x000a,
-	0x247c: 0x000a, 0x247d: 0x000a, 0x247e: 0x000a, 0x247f: 0x000a,
-	// Block 0x92, offset 0x2480
-	0x2480: 0x000a, 0x2481: 0x000a, 0x2482: 0x000a, 0x2483: 0x000a, 0x2484: 0x000a, 0x2485: 0x000a,
-	0x2486: 0x000a, 0x2487: 0x000a, 0x2488: 0x000a, 0x2489: 0x000a, 0x248a: 0x000a, 0x248b: 0x000a,
-	0x248c: 0x000a, 0x248d: 0x000a, 0x248e: 0x000a, 0x248f: 0x000a, 0x2490: 0x0006, 0x2491: 0x000a,
-	0x2492: 0x0006, 0x2494: 0x000a, 0x2495: 0x0006, 0x2496: 0x000a, 0x2497: 0x000a,
-	0x2498: 0x000a, 0x2499: 0x009a, 0x249a: 0x008a, 0x249b: 0x007a, 0x249c: 0x006a, 0x249d: 0x009a,
-	0x249e: 0x008a, 0x249f: 0x0004, 0x24a0: 0x000a, 0x24a1: 0x000a, 0x24a2: 0x0003, 0x24a3: 0x0003,
-	0x24a4: 0x000a, 0x24a5: 0x000a, 0x24a6: 0x000a, 0x24a8: 0x000a, 0x24a9: 0x0004,
-	0x24aa: 0x0004, 0x24ab: 0x000a,
-	0x24b0: 0x000d, 0x24b1: 0x000d, 0x24b2: 0x000d, 0x24b3: 0x000d, 0x24b4: 0x000d, 0x24b5: 0x000d,
-	0x24b6: 0x000d, 0x24b7: 0x000d, 0x24b8: 0x000d, 0x24b9: 0x000d, 0x24ba: 0x000d, 0x24bb: 0x000d,
-	0x24bc: 0x000d, 0x24bd: 0x000d, 0x24be: 0x000d, 0x24bf: 0x000d,
-	// Block 0x93, offset 0x24c0
-	0x24c0: 0x000d, 0x24c1: 0x000d, 0x24c2: 0x000d, 0x24c3: 0x000d, 0x24c4: 0x000d, 0x24c5: 0x000d,
-	0x24c6: 0x000d, 0x24c7: 0x000d, 0x24c8: 0x000d, 0x24c9: 0x000d, 0x24ca: 0x000d, 0x24cb: 0x000d,
-	0x24cc: 0x000d, 0x24cd: 0x000d, 0x24ce: 0x000d, 0x24cf: 0x000d, 0x24d0: 0x000d, 0x24d1: 0x000d,
-	0x24d2: 0x000d, 0x24d3: 0x000d, 0x24d4: 0x000d, 0x24d5: 0x000d, 0x24d6: 0x000d, 0x24d7: 0x000d,
-	0x24d8: 0x000d, 0x24d9: 0x000d, 0x24da: 0x000d, 0x24db: 0x000d, 0x24dc: 0x000d, 0x24dd: 0x000d,
-	0x24de: 0x000d, 0x24df: 0x000d, 0x24e0: 0x000d, 0x24e1: 0x000d, 0x24e2: 0x000d, 0x24e3: 0x000d,
-	0x24e4: 0x000d, 0x24e5: 0x000d, 0x24e6: 0x000d, 0x24e7: 0x000d, 0x24e8: 0x000d, 0x24e9: 0x000d,
-	0x24ea: 0x000d, 0x24eb: 0x000d, 0x24ec: 0x000d, 0x24ed: 0x000d, 0x24ee: 0x000d, 0x24ef: 0x000d,
-	0x24f0: 0x000d, 0x24f1: 0x000d, 0x24f2: 0x000d, 0x24f3: 0x000d, 0x24f4: 0x000d, 0x24f5: 0x000d,
-	0x24f6: 0x000d, 0x24f7: 0x000d, 0x24f8: 0x000d, 0x24f9: 0x000d, 0x24fa: 0x000d, 0x24fb: 0x000d,
-	0x24fc: 0x000d, 0x24fd: 0x000d, 0x24fe: 0x000d, 0x24ff: 0x000b,
-	// Block 0x94, offset 0x2500
-	0x2501: 0x000a, 0x2502: 0x000a, 0x2503: 0x0004, 0x2504: 0x0004, 0x2505: 0x0004,
-	0x2506: 0x000a, 0x2507: 0x000a, 0x2508: 0x003a, 0x2509: 0x002a, 0x250a: 0x000a, 0x250b: 0x0003,
-	0x250c: 0x0006, 0x250d: 0x0003, 0x250e: 0x0006, 0x250f: 0x0006, 0x2510: 0x0002, 0x2511: 0x0002,
-	0x2512: 0x0002, 0x2513: 0x0002, 0x2514: 0x0002, 0x2515: 0x0002, 0x2516: 0x0002, 0x2517: 0x0002,
-	0x2518: 0x0002, 0x2519: 0x0002, 0x251a: 0x0006, 0x251b: 0x000a, 0x251c: 0x000a, 0x251d: 0x000a,
-	0x251e: 0x000a, 0x251f: 0x000a, 0x2520: 0x000a,
-	0x253b: 0x005a,
-	0x253c: 0x000a, 0x253d: 0x004a, 0x253e: 0x000a, 0x253f: 0x000a,
-	// Block 0x95, offset 0x2540
-	0x2540: 0x000a,
-	0x255b: 0x005a, 0x255c: 0x000a, 0x255d: 0x004a,
-	0x255e: 0x000a, 0x255f: 0x00fa, 0x2560: 0x00ea, 0x2561: 0x000a, 0x2562: 0x003a, 0x2563: 0x002a,
-	0x2564: 0x000a, 0x2565: 0x000a,
-	// Block 0x96, offset 0x2580
-	0x25a0: 0x0004, 0x25a1: 0x0004, 0x25a2: 0x000a, 0x25a3: 0x000a,
-	0x25a4: 0x000a, 0x25a5: 0x0004, 0x25a6: 0x0004, 0x25a8: 0x000a, 0x25a9: 0x000a,
-	0x25aa: 0x000a, 0x25ab: 0x000a, 0x25ac: 0x000a, 0x25ad: 0x000a, 0x25ae: 0x000a,
-	0x25b0: 0x000b, 0x25b1: 0x000b, 0x25b2: 0x000b, 0x25b3: 0x000b, 0x25b4: 0x000b, 0x25b5: 0x000b,
-	0x25b6: 0x000b, 0x25b7: 0x000b, 0x25b8: 0x000b, 0x25b9: 0x000a, 0x25ba: 0x000a, 0x25bb: 0x000a,
-	0x25bc: 0x000a, 0x25bd: 0x000a, 0x25be: 0x000b, 0x25bf: 0x000b,
-	// Block 0x97, offset 0x25c0
-	0x25c1: 0x000a,
-	// Block 0x98, offset 0x2600
-	0x2600: 0x000a, 0x2601: 0x000a, 0x2602: 0x000a, 0x2603: 0x000a, 0x2604: 0x000a, 0x2605: 0x000a,
-	0x2606: 0x000a, 0x2607: 0x000a, 0x2608: 0x000a, 0x2609: 0x000a, 0x260a: 0x000a, 0x260b: 0x000a,
-	0x260c: 0x000a, 0x2610: 0x000a, 0x2611: 0x000a,
-	0x2612: 0x000a, 0x2613: 0x000a, 0x2614: 0x000a, 0x2615: 0x000a, 0x2616: 0x000a, 0x2617: 0x000a,
-	0x2618: 0x000a, 0x2619: 0x000a, 0x261a: 0x000a, 0x261b: 0x000a,
-	0x2620: 0x000a,
-	// Block 0x99, offset 0x2640
-	0x267d: 0x000c,
-	// Block 0x9a, offset 0x2680
-	0x26a0: 0x000c, 0x26a1: 0x0002, 0x26a2: 0x0002, 0x26a3: 0x0002,
-	0x26a4: 0x0002, 0x26a5: 0x0002, 0x26a6: 0x0002, 0x26a7: 0x0002, 0x26a8: 0x0002, 0x26a9: 0x0002,
-	0x26aa: 0x0002, 0x26ab: 0x0002, 0x26ac: 0x0002, 0x26ad: 0x0002, 0x26ae: 0x0002, 0x26af: 0x0002,
-	0x26b0: 0x0002, 0x26b1: 0x0002, 0x26b2: 0x0002, 0x26b3: 0x0002, 0x26b4: 0x0002, 0x26b5: 0x0002,
-	0x26b6: 0x0002, 0x26b7: 0x0002, 0x26b8: 0x0002, 0x26b9: 0x0002, 0x26ba: 0x0002, 0x26bb: 0x0002,
-	// Block 0x9b, offset 0x26c0
-	0x26f6: 0x000c, 0x26f7: 0x000c, 0x26f8: 0x000c, 0x26f9: 0x000c, 0x26fa: 0x000c,
-	// Block 0x9c, offset 0x2700
-	0x2700: 0x0001, 0x2701: 0x0001, 0x2702: 0x0001, 0x2703: 0x0001, 0x2704: 0x0001, 0x2705: 0x0001,
-	0x2706: 0x0001, 0x2707: 0x0001, 0x2708: 0x0001, 0x2709: 0x0001, 0x270a: 0x0001, 0x270b: 0x0001,
-	0x270c: 0x0001, 0x270d: 0x0001, 0x270e: 0x0001, 0x270f: 0x0001, 0x2710: 0x0001, 0x2711: 0x0001,
-	0x2712: 0x0001, 0x2713: 0x0001, 0x2714: 0x0001, 0x2715: 0x0001, 0x2716: 0x0001, 0x2717: 0x0001,
-	0x2718: 0x0001, 0x2719: 0x0001, 0x271a: 0x0001, 0x271b: 0x0001, 0x271c: 0x0001, 0x271d: 0x0001,
-	0x271e: 0x0001, 0x271f: 0x0001, 0x2720: 0x0001, 0x2721: 0x0001, 0x2722: 0x0001, 0x2723: 0x0001,
-	0x2724: 0x0001, 0x2725: 0x0001, 0x2726: 0x0001, 0x2727: 0x0001, 0x2728: 0x0001, 0x2729: 0x0001,
-	0x272a: 0x0001, 0x272b: 0x0001, 0x272c: 0x0001, 0x272d: 0x0001, 0x272e: 0x0001, 0x272f: 0x0001,
-	0x2730: 0x0001, 0x2731: 0x0001, 0x2732: 0x0001, 0x2733: 0x0001, 0x2734: 0x0001, 0x2735: 0x0001,
-	0x2736: 0x0001, 0x2737: 0x0001, 0x2738: 0x0001, 0x2739: 0x0001, 0x273a: 0x0001, 0x273b: 0x0001,
-	0x273c: 0x0001, 0x273d: 0x0001, 0x273e: 0x0001, 0x273f: 0x0001,
-	// Block 0x9d, offset 0x2740
-	0x2740: 0x0001, 0x2741: 0x0001, 0x2742: 0x0001, 0x2743: 0x0001, 0x2744: 0x0001, 0x2745: 0x0001,
-	0x2746: 0x0001, 0x2747: 0x0001, 0x2748: 0x0001, 0x2749: 0x0001, 0x274a: 0x0001, 0x274b: 0x0001,
-	0x274c: 0x0001, 0x274d: 0x0001, 0x274e: 0x0001, 0x274f: 0x0001, 0x2750: 0x0001, 0x2751: 0x0001,
-	0x2752: 0x0001, 0x2753: 0x0001, 0x2754: 0x0001, 0x2755: 0x0001, 0x2756: 0x0001, 0x2757: 0x0001,
-	0x2758: 0x0001, 0x2759: 0x0001, 0x275a: 0x0001, 0x275b: 0x0001, 0x275c: 0x0001, 0x275d: 0x0001,
-	0x275e: 0x0001, 0x275f: 0x000a, 0x2760: 0x0001, 0x2761: 0x0001, 0x2762: 0x0001, 0x2763: 0x0001,
-	0x2764: 0x0001, 0x2765: 0x0001, 0x2766: 0x0001, 0x2767: 0x0001, 0x2768: 0x0001, 0x2769: 0x0001,
-	0x276a: 0x0001, 0x276b: 0x0001, 0x276c: 0x0001, 0x276d: 0x0001, 0x276e: 0x0001, 0x276f: 0x0001,
-	0x2770: 0x0001, 0x2771: 0x0001, 0x2772: 0x0001, 0x2773: 0x0001, 0x2774: 0x0001, 0x2775: 0x0001,
-	0x2776: 0x0001, 0x2777: 0x0001, 0x2778: 0x0001, 0x2779: 0x0001, 0x277a: 0x0001, 0x277b: 0x0001,
-	0x277c: 0x0001, 0x277d: 0x0001, 0x277e: 0x0001, 0x277f: 0x0001,
-	// Block 0x9e, offset 0x2780
-	0x2780: 0x0001, 0x2781: 0x000c, 0x2782: 0x000c, 0x2783: 0x000c, 0x2784: 0x0001, 0x2785: 0x000c,
-	0x2786: 0x000c, 0x2787: 0x0001, 0x2788: 0x0001, 0x2789: 0x0001, 0x278a: 0x0001, 0x278b: 0x0001,
-	0x278c: 0x000c, 0x278d: 0x000c, 0x278e: 0x000c, 0x278f: 0x000c, 0x2790: 0x0001, 0x2791: 0x0001,
-	0x2792: 0x0001, 0x2793: 0x0001, 0x2794: 0x0001, 0x2795: 0x0001, 0x2796: 0x0001, 0x2797: 0x0001,
-	0x2798: 0x0001, 0x2799: 0x0001, 0x279a: 0x0001, 0x279b: 0x0001, 0x279c: 0x0001, 0x279d: 0x0001,
-	0x279e: 0x0001, 0x279f: 0x0001, 0x27a0: 0x0001, 0x27a1: 0x0001, 0x27a2: 0x0001, 0x27a3: 0x0001,
-	0x27a4: 0x0001, 0x27a5: 0x0001, 0x27a6: 0x0001, 0x27a7: 0x0001, 0x27a8: 0x0001, 0x27a9: 0x0001,
-	0x27aa: 0x0001, 0x27ab: 0x0001, 0x27ac: 0x0001, 0x27ad: 0x0001, 0x27ae: 0x0001, 0x27af: 0x0001,
-	0x27b0: 0x0001, 0x27b1: 0x0001, 0x27b2: 0x0001, 0x27b3: 0x0001, 0x27b4: 0x0001, 0x27b5: 0x0001,
-	0x27b6: 0x0001, 0x27b7: 0x0001, 0x27b8: 0x000c, 0x27b9: 0x000c, 0x27ba: 0x000c, 0x27bb: 0x0001,
-	0x27bc: 0x0001, 0x27bd: 0x0001, 0x27be: 0x0001, 0x27bf: 0x000c,
-	// Block 0x9f, offset 0x27c0
-	0x27c0: 0x0001, 0x27c1: 0x0001, 0x27c2: 0x0001, 0x27c3: 0x0001, 0x27c4: 0x0001, 0x27c5: 0x0001,
-	0x27c6: 0x0001, 0x27c7: 0x0001, 0x27c8: 0x0001, 0x27c9: 0x0001, 0x27ca: 0x0001, 0x27cb: 0x0001,
-	0x27cc: 0x0001, 0x27cd: 0x0001, 0x27ce: 0x0001, 0x27cf: 0x0001, 0x27d0: 0x0001, 0x27d1: 0x0001,
-	0x27d2: 0x0001, 0x27d3: 0x0001, 0x27d4: 0x0001, 0x27d5: 0x0001, 0x27d6: 0x0001, 0x27d7: 0x0001,
-	0x27d8: 0x0001, 0x27d9: 0x0001, 0x27da: 0x0001, 0x27db: 0x0001, 0x27dc: 0x0001, 0x27dd: 0x0001,
-	0x27de: 0x0001, 0x27df: 0x0001, 0x27e0: 0x0001, 0x27e1: 0x0001, 0x27e2: 0x0001, 0x27e3: 0x0001,
-	0x27e4: 0x0001, 0x27e5: 0x000c, 0x27e6: 0x000c, 0x27e7: 0x0001, 0x27e8: 0x0001, 0x27e9: 0x0001,
-	0x27ea: 0x0001, 0x27eb: 0x0001, 0x27ec: 0x0001, 0x27ed: 0x0001, 0x27ee: 0x0001, 0x27ef: 0x0001,
-	0x27f0: 0x0001, 0x27f1: 0x0001, 0x27f2: 0x0001, 0x27f3: 0x0001, 0x27f4: 0x0001, 0x27f5: 0x0001,
-	0x27f6: 0x0001, 0x27f7: 0x0001, 0x27f8: 0x0001, 0x27f9: 0x0001, 0x27fa: 0x0001, 0x27fb: 0x0001,
-	0x27fc: 0x0001, 0x27fd: 0x0001, 0x27fe: 0x0001, 0x27ff: 0x0001,
-	// Block 0xa0, offset 0x2800
-	0x2800: 0x0001, 0x2801: 0x0001, 0x2802: 0x0001, 0x2803: 0x0001, 0x2804: 0x0001, 0x2805: 0x0001,
-	0x2806: 0x0001, 0x2807: 0x0001, 0x2808: 0x0001, 0x2809: 0x0001, 0x280a: 0x0001, 0x280b: 0x0001,
-	0x280c: 0x0001, 0x280d: 0x0001, 0x280e: 0x0001, 0x280f: 0x0001, 0x2810: 0x0001, 0x2811: 0x0001,
-	0x2812: 0x0001, 0x2813: 0x0001, 0x2814: 0x0001, 0x2815: 0x0001, 0x2816: 0x0001, 0x2817: 0x0001,
-	0x2818: 0x0001, 0x2819: 0x0001, 0x281a: 0x0001, 0x281b: 0x0001, 0x281c: 0x0001, 0x281d: 0x0001,
-	0x281e: 0x0001, 0x281f: 0x0001, 0x2820: 0x0001, 0x2821: 0x0001, 0x2822: 0x0001, 0x2823: 0x0001,
-	0x2824: 0x0001, 0x2825: 0x0001, 0x2826: 0x0001, 0x2827: 0x0001, 0x2828: 0x0001, 0x2829: 0x0001,
-	0x282a: 0x0001, 0x282b: 0x0001, 0x282c: 0x0001, 0x282d: 0x0001, 0x282e: 0x0001, 0x282f: 0x0001,
-	0x2830: 0x0001, 0x2831: 0x0001, 0x2832: 0x0001, 0x2833: 0x0001, 0x2834: 0x0001, 0x2835: 0x0001,
-	0x2836: 0x0001, 0x2837: 0x0001, 0x2838: 0x0001, 0x2839: 0x000a, 0x283a: 0x000a, 0x283b: 0x000a,
-	0x283c: 0x000a, 0x283d: 0x000a, 0x283e: 0x000a, 0x283f: 0x000a,
-	// Block 0xa1, offset 0x2840
-	0x2840: 0x000d, 0x2841: 0x000d, 0x2842: 0x000d, 0x2843: 0x000d, 0x2844: 0x000d, 0x2845: 0x000d,
-	0x2846: 0x000d, 0x2847: 0x000d, 0x2848: 0x000d, 0x2849: 0x000d, 0x284a: 0x000d, 0x284b: 0x000d,
-	0x284c: 0x000d, 0x284d: 0x000d, 0x284e: 0x000d, 0x284f: 0x000d, 0x2850: 0x000d, 0x2851: 0x000d,
-	0x2852: 0x000d, 0x2853: 0x000d, 0x2854: 0x000d, 0x2855: 0x000d, 0x2856: 0x000d, 0x2857: 0x000d,
-	0x2858: 0x000d, 0x2859: 0x000d, 0x285a: 0x000d, 0x285b: 0x000d, 0x285c: 0x000d, 0x285d: 0x000d,
-	0x285e: 0x000d, 0x285f: 0x000d, 0x2860: 0x000d, 0x2861: 0x000d, 0x2862: 0x000d, 0x2863: 0x000d,
-	0x2864: 0x000c, 0x2865: 0x000c, 0x2866: 0x000c, 0x2867: 0x000c, 0x2868: 0x000d, 0x2869: 0x000d,
-	0x286a: 0x000d, 0x286b: 0x000d, 0x286c: 0x000d, 0x286d: 0x000d, 0x286e: 0x000d, 0x286f: 0x000d,
-	0x2870: 0x0005, 0x2871: 0x0005, 0x2872: 0x0005, 0x2873: 0x0005, 0x2874: 0x0005, 0x2875: 0x0005,
-	0x2876: 0x0005, 0x2877: 0x0005, 0x2878: 0x0005, 0x2879: 0x0005, 0x287a: 0x000d, 0x287b: 0x000d,
-	0x287c: 0x000d, 0x287d: 0x000d, 0x287e: 0x000d, 0x287f: 0x000d,
-	// Block 0xa2, offset 0x2880
-	0x2880: 0x0001, 0x2881: 0x0001, 0x2882: 0x0001, 0x2883: 0x0001, 0x2884: 0x0001, 0x2885: 0x0001,
-	0x2886: 0x0001, 0x2887: 0x0001, 0x2888: 0x0001, 0x2889: 0x0001, 0x288a: 0x0001, 0x288b: 0x0001,
-	0x288c: 0x0001, 0x288d: 0x0001, 0x288e: 0x0001, 0x288f: 0x0001, 0x2890: 0x0001, 0x2891: 0x0001,
-	0x2892: 0x0001, 0x2893: 0x0001, 0x2894: 0x0001, 0x2895: 0x0001, 0x2896: 0x0001, 0x2897: 0x0001,
-	0x2898: 0x0001, 0x2899: 0x0001, 0x289a: 0x0001, 0x289b: 0x0001, 0x289c: 0x0001, 0x289d: 0x0001,
-	0x289e: 0x0001, 0x289f: 0x0001, 0x28a0: 0x0005, 0x28a1: 0x0005, 0x28a2: 0x0005, 0x28a3: 0x0005,
-	0x28a4: 0x0005, 0x28a5: 0x0005, 0x28a6: 0x0005, 0x28a7: 0x0005, 0x28a8: 0x0005, 0x28a9: 0x0005,
-	0x28aa: 0x0005, 0x28ab: 0x0005, 0x28ac: 0x0005, 0x28ad: 0x0005, 0x28ae: 0x0005, 0x28af: 0x0005,
-	0x28b0: 0x0005, 0x28b1: 0x0005, 0x28b2: 0x0005, 0x28b3: 0x0005, 0x28b4: 0x0005, 0x28b5: 0x0005,
-	0x28b6: 0x0005, 0x28b7: 0x0005, 0x28b8: 0x0005, 0x28b9: 0x0005, 0x28ba: 0x0005, 0x28bb: 0x0005,
-	0x28bc: 0x0005, 0x28bd: 0x0005, 0x28be: 0x0005, 0x28bf: 0x0001,
-	// Block 0xa3, offset 0x28c0
-	0x28c0: 0x0001, 0x28c1: 0x0001, 0x28c2: 0x0001, 0x28c3: 0x0001, 0x28c4: 0x0001, 0x28c5: 0x0001,
-	0x28c6: 0x0001, 0x28c7: 0x0001, 0x28c8: 0x0001, 0x28c9: 0x0001, 0x28ca: 0x0001, 0x28cb: 0x0001,
-	0x28cc: 0x0001, 0x28cd: 0x0001, 0x28ce: 0x0001, 0x28cf: 0x0001, 0x28d0: 0x0001, 0x28d1: 0x0001,
-	0x28d2: 0x0001, 0x28d3: 0x0001, 0x28d4: 0x0001, 0x28d5: 0x0001, 0x28d6: 0x0001, 0x28d7: 0x0001,
-	0x28d8: 0x0001, 0x28d9: 0x0001, 0x28da: 0x0001, 0x28db: 0x0001, 0x28dc: 0x0001, 0x28dd: 0x0001,
-	0x28de: 0x0001, 0x28df: 0x0001, 0x28e0: 0x0001, 0x28e1: 0x0001, 0x28e2: 0x0001, 0x28e3: 0x0001,
-	0x28e4: 0x0001, 0x28e5: 0x0001, 0x28e6: 0x0001, 0x28e7: 0x0001, 0x28e8: 0x0001, 0x28e9: 0x0001,
-	0x28ea: 0x0001, 0x28eb: 0x0001, 0x28ec: 0x0001, 0x28ed: 0x0001, 0x28ee: 0x0001, 0x28ef: 0x0001,
-	0x28f0: 0x000d, 0x28f1: 0x000d, 0x28f2: 0x000d, 0x28f3: 0x000d, 0x28f4: 0x000d, 0x28f5: 0x000d,
-	0x28f6: 0x000d, 0x28f7: 0x000d, 0x28f8: 0x000d, 0x28f9: 0x000d, 0x28fa: 0x000d, 0x28fb: 0x000d,
-	0x28fc: 0x000d, 0x28fd: 0x000d, 0x28fe: 0x000d, 0x28ff: 0x000d,
-	// Block 0xa4, offset 0x2900
-	0x2900: 0x000d, 0x2901: 0x000d, 0x2902: 0x000d, 0x2903: 0x000d, 0x2904: 0x000d, 0x2905: 0x000d,
-	0x2906: 0x000c, 0x2907: 0x000c, 0x2908: 0x000c, 0x2909: 0x000c, 0x290a: 0x000c, 0x290b: 0x000c,
-	0x290c: 0x000c, 0x290d: 0x000c, 0x290e: 0x000c, 0x290f: 0x000c, 0x2910: 0x000c, 0x2911: 0x000d,
-	0x2912: 0x000d, 0x2913: 0x000d, 0x2914: 0x000d, 0x2915: 0x000d, 0x2916: 0x000d, 0x2917: 0x000d,
-	0x2918: 0x000d, 0x2919: 0x000d, 0x291a: 0x000d, 0x291b: 0x000d, 0x291c: 0x000d, 0x291d: 0x000d,
-	0x291e: 0x000d, 0x291f: 0x000d, 0x2920: 0x000d, 0x2921: 0x000d, 0x2922: 0x000d, 0x2923: 0x000d,
-	0x2924: 0x000d, 0x2925: 0x000d, 0x2926: 0x000d, 0x2927: 0x000d, 0x2928: 0x000d, 0x2929: 0x000d,
-	0x292a: 0x000d, 0x292b: 0x000d, 0x292c: 0x000d, 0x292d: 0x000d, 0x292e: 0x000d, 0x292f: 0x000d,
-	0x2930: 0x0001, 0x2931: 0x0001, 0x2932: 0x0001, 0x2933: 0x0001, 0x2934: 0x0001, 0x2935: 0x0001,
-	0x2936: 0x0001, 0x2937: 0x0001, 0x2938: 0x0001, 0x2939: 0x0001, 0x293a: 0x0001, 0x293b: 0x0001,
-	0x293c: 0x0001, 0x293d: 0x0001, 0x293e: 0x0001, 0x293f: 0x0001,
-	// Block 0xa5, offset 0x2940
-	0x2941: 0x000c,
-	0x2978: 0x000c, 0x2979: 0x000c, 0x297a: 0x000c, 0x297b: 0x000c,
-	0x297c: 0x000c, 0x297d: 0x000c, 0x297e: 0x000c, 0x297f: 0x000c,
-	// Block 0xa6, offset 0x2980
-	0x2980: 0x000c, 0x2981: 0x000c, 0x2982: 0x000c, 0x2983: 0x000c, 0x2984: 0x000c, 0x2985: 0x000c,
-	0x2986: 0x000c,
-	0x2992: 0x000a, 0x2993: 0x000a, 0x2994: 0x000a, 0x2995: 0x000a, 0x2996: 0x000a, 0x2997: 0x000a,
-	0x2998: 0x000a, 0x2999: 0x000a, 0x299a: 0x000a, 0x299b: 0x000a, 0x299c: 0x000a, 0x299d: 0x000a,
-	0x299e: 0x000a, 0x299f: 0x000a, 0x29a0: 0x000a, 0x29a1: 0x000a, 0x29a2: 0x000a, 0x29a3: 0x000a,
-	0x29a4: 0x000a, 0x29a5: 0x000a,
-	0x29bf: 0x000c,
-	// Block 0xa7, offset 0x29c0
-	0x29c0: 0x000c, 0x29c1: 0x000c,
-	0x29f3: 0x000c, 0x29f4: 0x000c, 0x29f5: 0x000c,
-	0x29f6: 0x000c, 0x29f9: 0x000c, 0x29fa: 0x000c,
-	// Block 0xa8, offset 0x2a00
-	0x2a00: 0x000c, 0x2a01: 0x000c, 0x2a02: 0x000c,
-	0x2a27: 0x000c, 0x2a28: 0x000c, 0x2a29: 0x000c,
-	0x2a2a: 0x000c, 0x2a2b: 0x000c, 0x2a2d: 0x000c, 0x2a2e: 0x000c, 0x2a2f: 0x000c,
-	0x2a30: 0x000c, 0x2a31: 0x000c, 0x2a32: 0x000c, 0x2a33: 0x000c, 0x2a34: 0x000c,
-	// Block 0xa9, offset 0x2a40
-	0x2a73: 0x000c,
-	// Block 0xaa, offset 0x2a80
-	0x2a80: 0x000c, 0x2a81: 0x000c,
-	0x2ab6: 0x000c, 0x2ab7: 0x000c, 0x2ab8: 0x000c, 0x2ab9: 0x000c, 0x2aba: 0x000c, 0x2abb: 0x000c,
-	0x2abc: 0x000c, 0x2abd: 0x000c, 0x2abe: 0x000c,
-	// Block 0xab, offset 0x2ac0
-	0x2ac9: 0x000c, 0x2aca: 0x000c, 0x2acb: 0x000c,
-	0x2acc: 0x000c,
-	// Block 0xac, offset 0x2b00
-	0x2b2f: 0x000c,
-	0x2b30: 0x000c, 0x2b31: 0x000c, 0x2b34: 0x000c,
-	0x2b36: 0x000c, 0x2b37: 0x000c,
-	0x2b3e: 0x000c,
-	// Block 0xad, offset 0x2b40
-	0x2b5f: 0x000c, 0x2b63: 0x000c,
-	0x2b64: 0x000c, 0x2b65: 0x000c, 0x2b66: 0x000c, 0x2b67: 0x000c, 0x2b68: 0x000c, 0x2b69: 0x000c,
-	0x2b6a: 0x000c,
-	// Block 0xae, offset 0x2b80
-	0x2b80: 0x000c,
-	0x2ba6: 0x000c, 0x2ba7: 0x000c, 0x2ba8: 0x000c, 0x2ba9: 0x000c,
-	0x2baa: 0x000c, 0x2bab: 0x000c, 0x2bac: 0x000c,
-	0x2bb0: 0x000c, 0x2bb1: 0x000c, 0x2bb2: 0x000c, 0x2bb3: 0x000c, 0x2bb4: 0x000c,
-	// Block 0xaf, offset 0x2bc0
-	0x2bf8: 0x000c, 0x2bf9: 0x000c, 0x2bfa: 0x000c, 0x2bfb: 0x000c,
-	0x2bfc: 0x000c, 0x2bfd: 0x000c, 0x2bfe: 0x000c, 0x2bff: 0x000c,
-	// Block 0xb0, offset 0x2c00
-	0x2c02: 0x000c, 0x2c03: 0x000c, 0x2c04: 0x000c,
-	0x2c06: 0x000c,
-	0x2c1e: 0x000c,
-	// Block 0xb1, offset 0x2c40
-	0x2c73: 0x000c, 0x2c74: 0x000c, 0x2c75: 0x000c,
-	0x2c76: 0x000c, 0x2c77: 0x000c, 0x2c78: 0x000c, 0x2c7a: 0x000c,
-	0x2c7f: 0x000c,
-	// Block 0xb2, offset 0x2c80
-	0x2c80: 0x000c, 0x2c82: 0x000c, 0x2c83: 0x000c,
-	// Block 0xb3, offset 0x2cc0
-	0x2cf2: 0x000c, 0x2cf3: 0x000c, 0x2cf4: 0x000c, 0x2cf5: 0x000c,
-	0x2cfc: 0x000c, 0x2cfd: 0x000c, 0x2cff: 0x000c,
-	// Block 0xb4, offset 0x2d00
-	0x2d00: 0x000c,
-	0x2d1c: 0x000c, 0x2d1d: 0x000c,
-	// Block 0xb5, offset 0x2d40
-	0x2d73: 0x000c, 0x2d74: 0x000c, 0x2d75: 0x000c,
-	0x2d76: 0x000c, 0x2d77: 0x000c, 0x2d78: 0x000c, 0x2d79: 0x000c, 0x2d7a: 0x000c,
-	0x2d7d: 0x000c, 0x2d7f: 0x000c,
-	// Block 0xb6, offset 0x2d80
-	0x2d80: 0x000c,
-	0x2da0: 0x000a, 0x2da1: 0x000a, 0x2da2: 0x000a, 0x2da3: 0x000a,
-	0x2da4: 0x000a, 0x2da5: 0x000a, 0x2da6: 0x000a, 0x2da7: 0x000a, 0x2da8: 0x000a, 0x2da9: 0x000a,
-	0x2daa: 0x000a, 0x2dab: 0x000a, 0x2dac: 0x000a,
-	// Block 0xb7, offset 0x2dc0
-	0x2deb: 0x000c, 0x2ded: 0x000c,
-	0x2df0: 0x000c, 0x2df1: 0x000c, 0x2df2: 0x000c, 0x2df3: 0x000c, 0x2df4: 0x000c, 0x2df5: 0x000c,
-	0x2df7: 0x000c,
-	// Block 0xb8, offset 0x2e00
-	0x2e1d: 0x000c,
-	0x2e1e: 0x000c, 0x2e1f: 0x000c, 0x2e22: 0x000c, 0x2e23: 0x000c,
-	0x2e24: 0x000c, 0x2e25: 0x000c, 0x2e27: 0x000c, 0x2e28: 0x000c, 0x2e29: 0x000c,
-	0x2e2a: 0x000c, 0x2e2b: 0x000c,
-	// Block 0xb9, offset 0x2e40
-	0x2e6f: 0x000c,
-	0x2e70: 0x000c, 0x2e71: 0x000c, 0x2e72: 0x000c, 0x2e73: 0x000c, 0x2e74: 0x000c, 0x2e75: 0x000c,
-	0x2e76: 0x000c, 0x2e77: 0x000c, 0x2e79: 0x000c, 0x2e7a: 0x000c,
-	// Block 0xba, offset 0x2e80
-	0x2e81: 0x000c, 0x2e82: 0x000c, 0x2e83: 0x000c, 0x2e84: 0x000c, 0x2e85: 0x000c,
-	0x2e86: 0x000c, 0x2e89: 0x000c, 0x2e8a: 0x000c,
-	0x2eb3: 0x000c, 0x2eb4: 0x000c, 0x2eb5: 0x000c,
-	0x2eb6: 0x000c, 0x2eb7: 0x000c, 0x2eb8: 0x000c, 0x2ebb: 0x000c,
-	0x2ebc: 0x000c, 0x2ebd: 0x000c, 0x2ebe: 0x000c,
-	// Block 0xbb, offset 0x2ec0
-	0x2ec7: 0x000c,
-	0x2ed1: 0x000c,
-	0x2ed2: 0x000c, 0x2ed3: 0x000c, 0x2ed4: 0x000c, 0x2ed5: 0x000c, 0x2ed6: 0x000c,
-	0x2ed9: 0x000c, 0x2eda: 0x000c, 0x2edb: 0x000c,
-	// Block 0xbc, offset 0x2f00
-	0x2f0a: 0x000c, 0x2f0b: 0x000c,
-	0x2f0c: 0x000c, 0x2f0d: 0x000c, 0x2f0e: 0x000c, 0x2f0f: 0x000c, 0x2f10: 0x000c, 0x2f11: 0x000c,
-	0x2f12: 0x000c, 0x2f13: 0x000c, 0x2f14: 0x000c, 0x2f15: 0x000c, 0x2f16: 0x000c,
-	0x2f18: 0x000c, 0x2f19: 0x000c,
-	// Block 0xbd, offset 0x2f40
-	0x2f70: 0x000c, 0x2f71: 0x000c, 0x2f72: 0x000c, 0x2f73: 0x000c, 0x2f74: 0x000c, 0x2f75: 0x000c,
-	0x2f76: 0x000c, 0x2f78: 0x000c, 0x2f79: 0x000c, 0x2f7a: 0x000c, 0x2f7b: 0x000c,
-	0x2f7c: 0x000c, 0x2f7d: 0x000c,
-	// Block 0xbe, offset 0x2f80
-	0x2f92: 0x000c, 0x2f93: 0x000c, 0x2f94: 0x000c, 0x2f95: 0x000c, 0x2f96: 0x000c, 0x2f97: 0x000c,
-	0x2f98: 0x000c, 0x2f99: 0x000c, 0x2f9a: 0x000c, 0x2f9b: 0x000c, 0x2f9c: 0x000c, 0x2f9d: 0x000c,
-	0x2f9e: 0x000c, 0x2f9f: 0x000c, 0x2fa0: 0x000c, 0x2fa1: 0x000c, 0x2fa2: 0x000c, 0x2fa3: 0x000c,
-	0x2fa4: 0x000c, 0x2fa5: 0x000c, 0x2fa6: 0x000c, 0x2fa7: 0x000c,
-	0x2faa: 0x000c, 0x2fab: 0x000c, 0x2fac: 0x000c, 0x2fad: 0x000c, 0x2fae: 0x000c, 0x2faf: 0x000c,
-	0x2fb0: 0x000c, 0x2fb2: 0x000c, 0x2fb3: 0x000c, 0x2fb5: 0x000c,
-	0x2fb6: 0x000c,
-	// Block 0xbf, offset 0x2fc0
-	0x2ff1: 0x000c, 0x2ff2: 0x000c, 0x2ff3: 0x000c, 0x2ff4: 0x000c, 0x2ff5: 0x000c,
-	0x2ff6: 0x000c, 0x2ffa: 0x000c,
-	0x2ffc: 0x000c, 0x2ffd: 0x000c, 0x2fff: 0x000c,
-	// Block 0xc0, offset 0x3000
-	0x3000: 0x000c, 0x3001: 0x000c, 0x3002: 0x000c, 0x3003: 0x000c, 0x3004: 0x000c, 0x3005: 0x000c,
-	0x3007: 0x000c,
-	// Block 0xc1, offset 0x3040
-	0x3050: 0x000c, 0x3051: 0x000c,
-	0x3055: 0x000c, 0x3057: 0x000c,
-	// Block 0xc2, offset 0x3080
-	0x30b3: 0x000c, 0x30b4: 0x000c,
-	// Block 0xc3, offset 0x30c0
-	0x30f0: 0x000c, 0x30f1: 0x000c, 0x30f2: 0x000c, 0x30f3: 0x000c, 0x30f4: 0x000c,
-	// Block 0xc4, offset 0x3100
-	0x3130: 0x000c, 0x3131: 0x000c, 0x3132: 0x000c, 0x3133: 0x000c, 0x3134: 0x000c, 0x3135: 0x000c,
-	0x3136: 0x000c,
-	// Block 0xc5, offset 0x3140
-	0x314f: 0x000c, 0x3150: 0x000c, 0x3151: 0x000c,
-	0x3152: 0x000c,
-	// Block 0xc6, offset 0x3180
-	0x319d: 0x000c,
-	0x319e: 0x000c, 0x31a0: 0x000b, 0x31a1: 0x000b, 0x31a2: 0x000b, 0x31a3: 0x000b,
-	// Block 0xc7, offset 0x31c0
-	0x31e7: 0x000c, 0x31e8: 0x000c, 0x31e9: 0x000c,
-	0x31f3: 0x000b, 0x31f4: 0x000b, 0x31f5: 0x000b,
-	0x31f6: 0x000b, 0x31f7: 0x000b, 0x31f8: 0x000b, 0x31f9: 0x000b, 0x31fa: 0x000b, 0x31fb: 0x000c,
-	0x31fc: 0x000c, 0x31fd: 0x000c, 0x31fe: 0x000c, 0x31ff: 0x000c,
-	// Block 0xc8, offset 0x3200
-	0x3200: 0x000c, 0x3201: 0x000c, 0x3202: 0x000c, 0x3205: 0x000c,
-	0x3206: 0x000c, 0x3207: 0x000c, 0x3208: 0x000c, 0x3209: 0x000c, 0x320a: 0x000c, 0x320b: 0x000c,
-	0x322a: 0x000c, 0x322b: 0x000c, 0x322c: 0x000c, 0x322d: 0x000c,
-	// Block 0xc9, offset 0x3240
-	0x3240: 0x000a, 0x3241: 0x000a, 0x3242: 0x000c, 0x3243: 0x000c, 0x3244: 0x000c, 0x3245: 0x000a,
-	// Block 0xca, offset 0x3280
-	0x3280: 0x000a, 0x3281: 0x000a, 0x3282: 0x000a, 0x3283: 0x000a, 0x3284: 0x000a, 0x3285: 0x000a,
-	0x3286: 0x000a, 0x3287: 0x000a, 0x3288: 0x000a, 0x3289: 0x000a, 0x328a: 0x000a, 0x328b: 0x000a,
-	0x328c: 0x000a, 0x328d: 0x000a, 0x328e: 0x000a, 0x328f: 0x000a, 0x3290: 0x000a, 0x3291: 0x000a,
-	0x3292: 0x000a, 0x3293: 0x000a, 0x3294: 0x000a, 0x3295: 0x000a, 0x3296: 0x000a,
-	// Block 0xcb, offset 0x32c0
-	0x32db: 0x000a,
-	// Block 0xcc, offset 0x3300
-	0x3315: 0x000a,
-	// Block 0xcd, offset 0x3340
-	0x334f: 0x000a,
-	// Block 0xce, offset 0x3380
-	0x3389: 0x000a,
-	// Block 0xcf, offset 0x33c0
-	0x33c3: 0x000a,
-	0x33ce: 0x0002, 0x33cf: 0x0002, 0x33d0: 0x0002, 0x33d1: 0x0002,
-	0x33d2: 0x0002, 0x33d3: 0x0002, 0x33d4: 0x0002, 0x33d5: 0x0002, 0x33d6: 0x0002, 0x33d7: 0x0002,
-	0x33d8: 0x0002, 0x33d9: 0x0002, 0x33da: 0x0002, 0x33db: 0x0002, 0x33dc: 0x0002, 0x33dd: 0x0002,
-	0x33de: 0x0002, 0x33df: 0x0002, 0x33e0: 0x0002, 0x33e1: 0x0002, 0x33e2: 0x0002, 0x33e3: 0x0002,
-	0x33e4: 0x0002, 0x33e5: 0x0002, 0x33e6: 0x0002, 0x33e7: 0x0002, 0x33e8: 0x0002, 0x33e9: 0x0002,
-	0x33ea: 0x0002, 0x33eb: 0x0002, 0x33ec: 0x0002, 0x33ed: 0x0002, 0x33ee: 0x0002, 0x33ef: 0x0002,
-	0x33f0: 0x0002, 0x33f1: 0x0002, 0x33f2: 0x0002, 0x33f3: 0x0002, 0x33f4: 0x0002, 0x33f5: 0x0002,
-	0x33f6: 0x0002, 0x33f7: 0x0002, 0x33f8: 0x0002, 0x33f9: 0x0002, 0x33fa: 0x0002, 0x33fb: 0x0002,
-	0x33fc: 0x0002, 0x33fd: 0x0002, 0x33fe: 0x0002, 0x33ff: 0x0002,
-	// Block 0xd0, offset 0x3400
-	0x3400: 0x000c, 0x3401: 0x000c, 0x3402: 0x000c, 0x3403: 0x000c, 0x3404: 0x000c, 0x3405: 0x000c,
-	0x3406: 0x000c, 0x3407: 0x000c, 0x3408: 0x000c, 0x3409: 0x000c, 0x340a: 0x000c, 0x340b: 0x000c,
-	0x340c: 0x000c, 0x340d: 0x000c, 0x340e: 0x000c, 0x340f: 0x000c, 0x3410: 0x000c, 0x3411: 0x000c,
-	0x3412: 0x000c, 0x3413: 0x000c, 0x3414: 0x000c, 0x3415: 0x000c, 0x3416: 0x000c, 0x3417: 0x000c,
-	0x3418: 0x000c, 0x3419: 0x000c, 0x341a: 0x000c, 0x341b: 0x000c, 0x341c: 0x000c, 0x341d: 0x000c,
-	0x341e: 0x000c, 0x341f: 0x000c, 0x3420: 0x000c, 0x3421: 0x000c, 0x3422: 0x000c, 0x3423: 0x000c,
-	0x3424: 0x000c, 0x3425: 0x000c, 0x3426: 0x000c, 0x3427: 0x000c, 0x3428: 0x000c, 0x3429: 0x000c,
-	0x342a: 0x000c, 0x342b: 0x000c, 0x342c: 0x000c, 0x342d: 0x000c, 0x342e: 0x000c, 0x342f: 0x000c,
-	0x3430: 0x000c, 0x3431: 0x000c, 0x3432: 0x000c, 0x3433: 0x000c, 0x3434: 0x000c, 0x3435: 0x000c,
-	0x3436: 0x000c, 0x343b: 0x000c,
-	0x343c: 0x000c, 0x343d: 0x000c, 0x343e: 0x000c, 0x343f: 0x000c,
-	// Block 0xd1, offset 0x3440
-	0x3440: 0x000c, 0x3441: 0x000c, 0x3442: 0x000c, 0x3443: 0x000c, 0x3444: 0x000c, 0x3445: 0x000c,
-	0x3446: 0x000c, 0x3447: 0x000c, 0x3448: 0x000c, 0x3449: 0x000c, 0x344a: 0x000c, 0x344b: 0x000c,
-	0x344c: 0x000c, 0x344d: 0x000c, 0x344e: 0x000c, 0x344f: 0x000c, 0x3450: 0x000c, 0x3451: 0x000c,
-	0x3452: 0x000c, 0x3453: 0x000c, 0x3454: 0x000c, 0x3455: 0x000c, 0x3456: 0x000c, 0x3457: 0x000c,
-	0x3458: 0x000c, 0x3459: 0x000c, 0x345a: 0x000c, 0x345b: 0x000c, 0x345c: 0x000c, 0x345d: 0x000c,
-	0x345e: 0x000c, 0x345f: 0x000c, 0x3460: 0x000c, 0x3461: 0x000c, 0x3462: 0x000c, 0x3463: 0x000c,
-	0x3464: 0x000c, 0x3465: 0x000c, 0x3466: 0x000c, 0x3467: 0x000c, 0x3468: 0x000c, 0x3469: 0x000c,
-	0x346a: 0x000c, 0x346b: 0x000c, 0x346c: 0x000c,
-	0x3475: 0x000c,
-	// Block 0xd2, offset 0x3480
-	0x3484: 0x000c,
-	0x349b: 0x000c, 0x349c: 0x000c, 0x349d: 0x000c,
-	0x349e: 0x000c, 0x349f: 0x000c, 0x34a1: 0x000c, 0x34a2: 0x000c, 0x34a3: 0x000c,
-	0x34a4: 0x000c, 0x34a5: 0x000c, 0x34a6: 0x000c, 0x34a7: 0x000c, 0x34a8: 0x000c, 0x34a9: 0x000c,
-	0x34aa: 0x000c, 0x34ab: 0x000c, 0x34ac: 0x000c, 0x34ad: 0x000c, 0x34ae: 0x000c, 0x34af: 0x000c,
-	// Block 0xd3, offset 0x34c0
-	0x34c0: 0x000c, 0x34c1: 0x000c, 0x34c2: 0x000c, 0x34c3: 0x000c, 0x34c4: 0x000c, 0x34c5: 0x000c,
-	0x34c6: 0x000c, 0x34c8: 0x000c, 0x34c9: 0x000c, 0x34ca: 0x000c, 0x34cb: 0x000c,
-	0x34cc: 0x000c, 0x34cd: 0x000c, 0x34ce: 0x000c, 0x34cf: 0x000c, 0x34d0: 0x000c, 0x34d1: 0x000c,
-	0x34d2: 0x000c, 0x34d3: 0x000c, 0x34d4: 0x000c, 0x34d5: 0x000c, 0x34d6: 0x000c, 0x34d7: 0x000c,
-	0x34d8: 0x000c, 0x34db: 0x000c, 0x34dc: 0x000c, 0x34dd: 0x000c,
-	0x34de: 0x000c, 0x34df: 0x000c, 0x34e0: 0x000c, 0x34e1: 0x000c, 0x34e3: 0x000c,
-	0x34e4: 0x000c, 0x34e6: 0x000c, 0x34e7: 0x000c, 0x34e8: 0x000c, 0x34e9: 0x000c,
-	0x34ea: 0x000c,
-	// Block 0xd4, offset 0x3500
-	0x3500: 0x0001, 0x3501: 0x0001, 0x3502: 0x0001, 0x3503: 0x0001, 0x3504: 0x0001, 0x3505: 0x0001,
-	0x3506: 0x0001, 0x3507: 0x0001, 0x3508: 0x0001, 0x3509: 0x0001, 0x350a: 0x0001, 0x350b: 0x0001,
-	0x350c: 0x0001, 0x350d: 0x0001, 0x350e: 0x0001, 0x350f: 0x0001, 0x3510: 0x000c, 0x3511: 0x000c,
-	0x3512: 0x000c, 0x3513: 0x000c, 0x3514: 0x000c, 0x3515: 0x000c, 0x3516: 0x000c, 0x3517: 0x0001,
-	0x3518: 0x0001, 0x3519: 0x0001, 0x351a: 0x0001, 0x351b: 0x0001, 0x351c: 0x0001, 0x351d: 0x0001,
-	0x351e: 0x0001, 0x351f: 0x0001, 0x3520: 0x0001, 0x3521: 0x0001, 0x3522: 0x0001, 0x3523: 0x0001,
-	0x3524: 0x0001, 0x3525: 0x0001, 0x3526: 0x0001, 0x3527: 0x0001, 0x3528: 0x0001, 0x3529: 0x0001,
-	0x352a: 0x0001, 0x352b: 0x0001, 0x352c: 0x0001, 0x352d: 0x0001, 0x352e: 0x0001, 0x352f: 0x0001,
-	0x3530: 0x0001, 0x3531: 0x0001, 0x3532: 0x0001, 0x3533: 0x0001, 0x3534: 0x0001, 0x3535: 0x0001,
-	0x3536: 0x0001, 0x3537: 0x0001, 0x3538: 0x0001, 0x3539: 0x0001, 0x353a: 0x0001, 0x353b: 0x0001,
-	0x353c: 0x0001, 0x353d: 0x0001, 0x353e: 0x0001, 0x353f: 0x0001,
-	// Block 0xd5, offset 0x3540
-	0x3540: 0x0001, 0x3541: 0x0001, 0x3542: 0x0001, 0x3543: 0x0001, 0x3544: 0x000c, 0x3545: 0x000c,
-	0x3546: 0x000c, 0x3547: 0x000c, 0x3548: 0x000c, 0x3549: 0x000c, 0x354a: 0x000c, 0x354b: 0x0001,
-	0x354c: 0x0001, 0x354d: 0x0001, 0x354e: 0x0001, 0x354f: 0x0001, 0x3550: 0x0001, 0x3551: 0x0001,
-	0x3552: 0x0001, 0x3553: 0x0001, 0x3554: 0x0001, 0x3555: 0x0001, 0x3556: 0x0001, 0x3557: 0x0001,
-	0x3558: 0x0001, 0x3559: 0x0001, 0x355a: 0x0001, 0x355b: 0x0001, 0x355c: 0x0001, 0x355d: 0x0001,
-	0x355e: 0x0001, 0x355f: 0x0001, 0x3560: 0x0001, 0x3561: 0x0001, 0x3562: 0x0001, 0x3563: 0x0001,
-	0x3564: 0x0001, 0x3565: 0x0001, 0x3566: 0x0001, 0x3567: 0x0001, 0x3568: 0x0001, 0x3569: 0x0001,
-	0x356a: 0x0001, 0x356b: 0x0001, 0x356c: 0x0001, 0x356d: 0x0001, 0x356e: 0x0001, 0x356f: 0x0001,
-	0x3570: 0x0001, 0x3571: 0x0001, 0x3572: 0x0001, 0x3573: 0x0001, 0x3574: 0x0001, 0x3575: 0x0001,
-	0x3576: 0x0001, 0x3577: 0x0001, 0x3578: 0x0001, 0x3579: 0x0001, 0x357a: 0x0001, 0x357b: 0x0001,
-	0x357c: 0x0001, 0x357d: 0x0001, 0x357e: 0x0001, 0x357f: 0x0001,
-	// Block 0xd6, offset 0x3580
-	0x3580: 0x000d, 0x3581: 0x000d, 0x3582: 0x000d, 0x3583: 0x000d, 0x3584: 0x000d, 0x3585: 0x000d,
-	0x3586: 0x000d, 0x3587: 0x000d, 0x3588: 0x000d, 0x3589: 0x000d, 0x358a: 0x000d, 0x358b: 0x000d,
-	0x358c: 0x000d, 0x358d: 0x000d, 0x358e: 0x000d, 0x358f: 0x000d, 0x3590: 0x000d, 0x3591: 0x000d,
-	0x3592: 0x000d, 0x3593: 0x000d, 0x3594: 0x000d, 0x3595: 0x000d, 0x3596: 0x000d, 0x3597: 0x000d,
-	0x3598: 0x000d, 0x3599: 0x000d, 0x359a: 0x000d, 0x359b: 0x000d, 0x359c: 0x000d, 0x359d: 0x000d,
-	0x359e: 0x000d, 0x359f: 0x000d, 0x35a0: 0x000d, 0x35a1: 0x000d, 0x35a2: 0x000d, 0x35a3: 0x000d,
-	0x35a4: 0x000d, 0x35a5: 0x000d, 0x35a6: 0x000d, 0x35a7: 0x000d, 0x35a8: 0x000d, 0x35a9: 0x000d,
-	0x35aa: 0x000d, 0x35ab: 0x000d, 0x35ac: 0x000d, 0x35ad: 0x000d, 0x35ae: 0x000d, 0x35af: 0x000d,
-	0x35b0: 0x000a, 0x35b1: 0x000a, 0x35b2: 0x000d, 0x35b3: 0x000d, 0x35b4: 0x000d, 0x35b5: 0x000d,
-	0x35b6: 0x000d, 0x35b7: 0x000d, 0x35b8: 0x000d, 0x35b9: 0x000d, 0x35ba: 0x000d, 0x35bb: 0x000d,
-	0x35bc: 0x000d, 0x35bd: 0x000d, 0x35be: 0x000d, 0x35bf: 0x000d,
-	// Block 0xd7, offset 0x35c0
-	0x35c0: 0x000a, 0x35c1: 0x000a, 0x35c2: 0x000a, 0x35c3: 0x000a, 0x35c4: 0x000a, 0x35c5: 0x000a,
-	0x35c6: 0x000a, 0x35c7: 0x000a, 0x35c8: 0x000a, 0x35c9: 0x000a, 0x35ca: 0x000a, 0x35cb: 0x000a,
-	0x35cc: 0x000a, 0x35cd: 0x000a, 0x35ce: 0x000a, 0x35cf: 0x000a, 0x35d0: 0x000a, 0x35d1: 0x000a,
-	0x35d2: 0x000a, 0x35d3: 0x000a, 0x35d4: 0x000a, 0x35d5: 0x000a, 0x35d6: 0x000a, 0x35d7: 0x000a,
-	0x35d8: 0x000a, 0x35d9: 0x000a, 0x35da: 0x000a, 0x35db: 0x000a, 0x35dc: 0x000a, 0x35dd: 0x000a,
-	0x35de: 0x000a, 0x35df: 0x000a, 0x35e0: 0x000a, 0x35e1: 0x000a, 0x35e2: 0x000a, 0x35e3: 0x000a,
-	0x35e4: 0x000a, 0x35e5: 0x000a, 0x35e6: 0x000a, 0x35e7: 0x000a, 0x35e8: 0x000a, 0x35e9: 0x000a,
-	0x35ea: 0x000a, 0x35eb: 0x000a,
-	0x35f0: 0x000a, 0x35f1: 0x000a, 0x35f2: 0x000a, 0x35f3: 0x000a, 0x35f4: 0x000a, 0x35f5: 0x000a,
-	0x35f6: 0x000a, 0x35f7: 0x000a, 0x35f8: 0x000a, 0x35f9: 0x000a, 0x35fa: 0x000a, 0x35fb: 0x000a,
-	0x35fc: 0x000a, 0x35fd: 0x000a, 0x35fe: 0x000a, 0x35ff: 0x000a,
-	// Block 0xd8, offset 0x3600
-	0x3600: 0x000a, 0x3601: 0x000a, 0x3602: 0x000a, 0x3603: 0x000a, 0x3604: 0x000a, 0x3605: 0x000a,
-	0x3606: 0x000a, 0x3607: 0x000a, 0x3608: 0x000a, 0x3609: 0x000a, 0x360a: 0x000a, 0x360b: 0x000a,
-	0x360c: 0x000a, 0x360d: 0x000a, 0x360e: 0x000a, 0x360f: 0x000a, 0x3610: 0x000a, 0x3611: 0x000a,
-	0x3612: 0x000a, 0x3613: 0x000a,
-	0x3620: 0x000a, 0x3621: 0x000a, 0x3622: 0x000a, 0x3623: 0x000a,
-	0x3624: 0x000a, 0x3625: 0x000a, 0x3626: 0x000a, 0x3627: 0x000a, 0x3628: 0x000a, 0x3629: 0x000a,
-	0x362a: 0x000a, 0x362b: 0x000a, 0x362c: 0x000a, 0x362d: 0x000a, 0x362e: 0x000a,
-	0x3631: 0x000a, 0x3632: 0x000a, 0x3633: 0x000a, 0x3634: 0x000a, 0x3635: 0x000a,
-	0x3636: 0x000a, 0x3637: 0x000a, 0x3638: 0x000a, 0x3639: 0x000a, 0x363a: 0x000a, 0x363b: 0x000a,
-	0x363c: 0x000a, 0x363d: 0x000a, 0x363e: 0x000a, 0x363f: 0x000a,
-	// Block 0xd9, offset 0x3640
-	0x3641: 0x000a, 0x3642: 0x000a, 0x3643: 0x000a, 0x3644: 0x000a, 0x3645: 0x000a,
-	0x3646: 0x000a, 0x3647: 0x000a, 0x3648: 0x000a, 0x3649: 0x000a, 0x364a: 0x000a, 0x364b: 0x000a,
-	0x364c: 0x000a, 0x364d: 0x000a, 0x364e: 0x000a, 0x364f: 0x000a, 0x3651: 0x000a,
-	0x3652: 0x000a, 0x3653: 0x000a, 0x3654: 0x000a, 0x3655: 0x000a, 0x3656: 0x000a, 0x3657: 0x000a,
-	0x3658: 0x000a, 0x3659: 0x000a, 0x365a: 0x000a, 0x365b: 0x000a, 0x365c: 0x000a, 0x365d: 0x000a,
-	0x365e: 0x000a, 0x365f: 0x000a, 0x3660: 0x000a, 0x3661: 0x000a, 0x3662: 0x000a, 0x3663: 0x000a,
-	0x3664: 0x000a, 0x3665: 0x000a, 0x3666: 0x000a, 0x3667: 0x000a, 0x3668: 0x000a, 0x3669: 0x000a,
-	0x366a: 0x000a, 0x366b: 0x000a, 0x366c: 0x000a, 0x366d: 0x000a, 0x366e: 0x000a, 0x366f: 0x000a,
-	0x3670: 0x000a, 0x3671: 0x000a, 0x3672: 0x000a, 0x3673: 0x000a, 0x3674: 0x000a, 0x3675: 0x000a,
-	// Block 0xda, offset 0x3680
-	0x3680: 0x0002, 0x3681: 0x0002, 0x3682: 0x0002, 0x3683: 0x0002, 0x3684: 0x0002, 0x3685: 0x0002,
-	0x3686: 0x0002, 0x3687: 0x0002, 0x3688: 0x0002, 0x3689: 0x0002, 0x368a: 0x0002, 0x368b: 0x000a,
-	0x368c: 0x000a,
-	0x36af: 0x000a,
-	// Block 0xdb, offset 0x36c0
-	0x36ea: 0x000a, 0x36eb: 0x000a,
-	// Block 0xdc, offset 0x3700
-	0x3720: 0x000a, 0x3721: 0x000a, 0x3722: 0x000a, 0x3723: 0x000a,
-	0x3724: 0x000a, 0x3725: 0x000a,
-	// Block 0xdd, offset 0x3740
-	0x3740: 0x000a, 0x3741: 0x000a, 0x3742: 0x000a, 0x3743: 0x000a, 0x3744: 0x000a, 0x3745: 0x000a,
-	0x3746: 0x000a, 0x3747: 0x000a, 0x3748: 0x000a, 0x3749: 0x000a, 0x374a: 0x000a, 0x374b: 0x000a,
-	0x374c: 0x000a, 0x374d: 0x000a, 0x374e: 0x000a, 0x374f: 0x000a, 0x3750: 0x000a, 0x3751: 0x000a,
-	0x3752: 0x000a, 0x3753: 0x000a, 0x3754: 0x000a,
-	0x3760: 0x000a, 0x3761: 0x000a, 0x3762: 0x000a, 0x3763: 0x000a,
-	0x3764: 0x000a, 0x3765: 0x000a, 0x3766: 0x000a, 0x3767: 0x000a, 0x3768: 0x000a, 0x3769: 0x000a,
-	0x376a: 0x000a, 0x376b: 0x000a, 0x376c: 0x000a,
-	0x3770: 0x000a, 0x3771: 0x000a, 0x3772: 0x000a, 0x3773: 0x000a, 0x3774: 0x000a, 0x3775: 0x000a,
-	0x3776: 0x000a, 0x3777: 0x000a, 0x3778: 0x000a, 0x3779: 0x000a,
-	// Block 0xde, offset 0x3780
-	0x3780: 0x000a, 0x3781: 0x000a, 0x3782: 0x000a, 0x3783: 0x000a, 0x3784: 0x000a, 0x3785: 0x000a,
-	0x3786: 0x000a, 0x3787: 0x000a, 0x3788: 0x000a, 0x3789: 0x000a, 0x378a: 0x000a, 0x378b: 0x000a,
-	0x378c: 0x000a, 0x378d: 0x000a, 0x378e: 0x000a, 0x378f: 0x000a, 0x3790: 0x000a, 0x3791: 0x000a,
-	0x3792: 0x000a, 0x3793: 0x000a, 0x3794: 0x000a, 0x3795: 0x000a, 0x3796: 0x000a, 0x3797: 0x000a,
-	0x3798: 0x000a,
-	// Block 0xdf, offset 0x37c0
-	0x37c0: 0x000a, 0x37c1: 0x000a, 0x37c2: 0x000a, 0x37c3: 0x000a, 0x37c4: 0x000a, 0x37c5: 0x000a,
-	0x37c6: 0x000a, 0x37c7: 0x000a, 0x37c8: 0x000a, 0x37c9: 0x000a, 0x37ca: 0x000a, 0x37cb: 0x000a,
-	0x37d0: 0x000a, 0x37d1: 0x000a,
-	0x37d2: 0x000a, 0x37d3: 0x000a, 0x37d4: 0x000a, 0x37d5: 0x000a, 0x37d6: 0x000a, 0x37d7: 0x000a,
-	0x37d8: 0x000a, 0x37d9: 0x000a, 0x37da: 0x000a, 0x37db: 0x000a, 0x37dc: 0x000a, 0x37dd: 0x000a,
-	0x37de: 0x000a, 0x37df: 0x000a, 0x37e0: 0x000a, 0x37e1: 0x000a, 0x37e2: 0x000a, 0x37e3: 0x000a,
-	0x37e4: 0x000a, 0x37e5: 0x000a, 0x37e6: 0x000a, 0x37e7: 0x000a, 0x37e8: 0x000a, 0x37e9: 0x000a,
-	0x37ea: 0x000a, 0x37eb: 0x000a, 0x37ec: 0x000a, 0x37ed: 0x000a, 0x37ee: 0x000a, 0x37ef: 0x000a,
-	0x37f0: 0x000a, 0x37f1: 0x000a, 0x37f2: 0x000a, 0x37f3: 0x000a, 0x37f4: 0x000a, 0x37f5: 0x000a,
-	0x37f6: 0x000a, 0x37f7: 0x000a, 0x37f8: 0x000a, 0x37f9: 0x000a, 0x37fa: 0x000a, 0x37fb: 0x000a,
-	0x37fc: 0x000a, 0x37fd: 0x000a, 0x37fe: 0x000a, 0x37ff: 0x000a,
-	// Block 0xe0, offset 0x3800
-	0x3800: 0x000a, 0x3801: 0x000a, 0x3802: 0x000a, 0x3803: 0x000a, 0x3804: 0x000a, 0x3805: 0x000a,
-	0x3806: 0x000a, 0x3807: 0x000a,
-	0x3810: 0x000a, 0x3811: 0x000a,
-	0x3812: 0x000a, 0x3813: 0x000a, 0x3814: 0x000a, 0x3815: 0x000a, 0x3816: 0x000a, 0x3817: 0x000a,
-	0x3818: 0x000a, 0x3819: 0x000a,
-	0x3820: 0x000a, 0x3821: 0x000a, 0x3822: 0x000a, 0x3823: 0x000a,
-	0x3824: 0x000a, 0x3825: 0x000a, 0x3826: 0x000a, 0x3827: 0x000a, 0x3828: 0x000a, 0x3829: 0x000a,
-	0x382a: 0x000a, 0x382b: 0x000a, 0x382c: 0x000a, 0x382d: 0x000a, 0x382e: 0x000a, 0x382f: 0x000a,
-	0x3830: 0x000a, 0x3831: 0x000a, 0x3832: 0x000a, 0x3833: 0x000a, 0x3834: 0x000a, 0x3835: 0x000a,
-	0x3836: 0x000a, 0x3837: 0x000a, 0x3838: 0x000a, 0x3839: 0x000a, 0x383a: 0x000a, 0x383b: 0x000a,
-	0x383c: 0x000a, 0x383d: 0x000a, 0x383e: 0x000a, 0x383f: 0x000a,
-	// Block 0xe1, offset 0x3840
-	0x3840: 0x000a, 0x3841: 0x000a, 0x3842: 0x000a, 0x3843: 0x000a, 0x3844: 0x000a, 0x3845: 0x000a,
-	0x3846: 0x000a, 0x3847: 0x000a,
-	0x3850: 0x000a, 0x3851: 0x000a,
-	0x3852: 0x000a, 0x3853: 0x000a, 0x3854: 0x000a, 0x3855: 0x000a, 0x3856: 0x000a, 0x3857: 0x000a,
-	0x3858: 0x000a, 0x3859: 0x000a, 0x385a: 0x000a, 0x385b: 0x000a, 0x385c: 0x000a, 0x385d: 0x000a,
-	0x385e: 0x000a, 0x385f: 0x000a, 0x3860: 0x000a, 0x3861: 0x000a, 0x3862: 0x000a, 0x3863: 0x000a,
-	0x3864: 0x000a, 0x3865: 0x000a, 0x3866: 0x000a, 0x3867: 0x000a, 0x3868: 0x000a, 0x3869: 0x000a,
-	0x386a: 0x000a, 0x386b: 0x000a, 0x386c: 0x000a, 0x386d: 0x000a,
-	// Block 0xe2, offset 0x3880
-	0x3880: 0x000a, 0x3881: 0x000a, 0x3882: 0x000a, 0x3883: 0x000a, 0x3884: 0x000a, 0x3885: 0x000a,
-	0x3886: 0x000a, 0x3887: 0x000a, 0x3888: 0x000a, 0x3889: 0x000a, 0x388a: 0x000a, 0x388b: 0x000a,
-	0x3890: 0x000a, 0x3891: 0x000a,
-	0x3892: 0x000a, 0x3893: 0x000a, 0x3894: 0x000a, 0x3895: 0x000a, 0x3896: 0x000a, 0x3897: 0x000a,
-	0x3898: 0x000a, 0x3899: 0x000a, 0x389a: 0x000a, 0x389b: 0x000a, 0x389c: 0x000a, 0x389d: 0x000a,
-	0x389e: 0x000a, 0x389f: 0x000a, 0x38a0: 0x000a, 0x38a1: 0x000a, 0x38a2: 0x000a, 0x38a3: 0x000a,
-	0x38a4: 0x000a, 0x38a5: 0x000a, 0x38a6: 0x000a, 0x38a7: 0x000a, 0x38a8: 0x000a, 0x38a9: 0x000a,
-	0x38aa: 0x000a, 0x38ab: 0x000a, 0x38ac: 0x000a, 0x38ad: 0x000a, 0x38ae: 0x000a, 0x38af: 0x000a,
-	0x38b0: 0x000a, 0x38b1: 0x000a, 0x38b2: 0x000a, 0x38b3: 0x000a, 0x38b4: 0x000a, 0x38b5: 0x000a,
-	0x38b6: 0x000a, 0x38b7: 0x000a, 0x38b8: 0x000a, 0x38b9: 0x000a, 0x38ba: 0x000a, 0x38bb: 0x000a,
-	0x38bc: 0x000a, 0x38bd: 0x000a, 0x38be: 0x000a,
-	// Block 0xe3, offset 0x38c0
-	0x38c0: 0x000a, 0x38c1: 0x000a, 0x38c2: 0x000a, 0x38c3: 0x000a, 0x38c4: 0x000a, 0x38c5: 0x000a,
-	0x38c6: 0x000a, 0x38c7: 0x000a, 0x38c8: 0x000a, 0x38c9: 0x000a, 0x38ca: 0x000a, 0x38cb: 0x000a,
-	0x38cc: 0x000a, 0x38cd: 0x000a, 0x38ce: 0x000a, 0x38cf: 0x000a, 0x38d0: 0x000a, 0x38d1: 0x000a,
-	0x38d2: 0x000a, 0x38d3: 0x000a, 0x38d4: 0x000a, 0x38d5: 0x000a, 0x38d6: 0x000a, 0x38d7: 0x000a,
-	0x38d8: 0x000a, 0x38d9: 0x000a, 0x38da: 0x000a, 0x38db: 0x000a, 0x38dc: 0x000a, 0x38dd: 0x000a,
-	0x38de: 0x000a, 0x38df: 0x000a, 0x38e0: 0x000a, 0x38e1: 0x000a, 0x38e2: 0x000a, 0x38e3: 0x000a,
-	0x38e4: 0x000a, 0x38e5: 0x000a, 0x38e6: 0x000a, 0x38e7: 0x000a, 0x38e8: 0x000a, 0x38e9: 0x000a,
-	0x38ea: 0x000a, 0x38eb: 0x000a, 0x38ec: 0x000a, 0x38ed: 0x000a, 0x38ee: 0x000a, 0x38ef: 0x000a,
-	0x38f0: 0x000a, 0x38f3: 0x000a, 0x38f4: 0x000a, 0x38f5: 0x000a,
-	0x38f6: 0x000a, 0x38fa: 0x000a,
-	0x38fc: 0x000a, 0x38fd: 0x000a, 0x38fe: 0x000a, 0x38ff: 0x000a,
-	// Block 0xe4, offset 0x3900
-	0x3900: 0x000a, 0x3901: 0x000a, 0x3902: 0x000a, 0x3903: 0x000a, 0x3904: 0x000a, 0x3905: 0x000a,
-	0x3906: 0x000a, 0x3907: 0x000a, 0x3908: 0x000a, 0x3909: 0x000a, 0x390a: 0x000a, 0x390b: 0x000a,
-	0x390c: 0x000a, 0x390d: 0x000a, 0x390e: 0x000a, 0x390f: 0x000a, 0x3910: 0x000a, 0x3911: 0x000a,
-	0x3912: 0x000a, 0x3913: 0x000a, 0x3914: 0x000a, 0x3915: 0x000a, 0x3916: 0x000a, 0x3917: 0x000a,
-	0x3918: 0x000a, 0x3919: 0x000a, 0x391a: 0x000a, 0x391b: 0x000a, 0x391c: 0x000a, 0x391d: 0x000a,
-	0x391e: 0x000a, 0x391f: 0x000a, 0x3920: 0x000a, 0x3921: 0x000a, 0x3922: 0x000a,
-	0x3930: 0x000a, 0x3931: 0x000a, 0x3932: 0x000a, 0x3933: 0x000a, 0x3934: 0x000a, 0x3935: 0x000a,
-	0x3936: 0x000a, 0x3937: 0x000a, 0x3938: 0x000a, 0x3939: 0x000a,
-	// Block 0xe5, offset 0x3940
-	0x3940: 0x000a, 0x3941: 0x000a, 0x3942: 0x000a,
-	0x3950: 0x000a, 0x3951: 0x000a,
-	0x3952: 0x000a, 0x3953: 0x000a, 0x3954: 0x000a, 0x3955: 0x000a, 0x3956: 0x000a, 0x3957: 0x000a,
-	0x3958: 0x000a, 0x3959: 0x000a, 0x395a: 0x000a, 0x395b: 0x000a, 0x395c: 0x000a, 0x395d: 0x000a,
-	0x395e: 0x000a, 0x395f: 0x000a, 0x3960: 0x000a, 0x3961: 0x000a, 0x3962: 0x000a, 0x3963: 0x000a,
-	0x3964: 0x000a, 0x3965: 0x000a, 0x3966: 0x000a, 0x3967: 0x000a, 0x3968: 0x000a, 0x3969: 0x000a,
-	0x396a: 0x000a, 0x396b: 0x000a, 0x396c: 0x000a, 0x396d: 0x000a, 0x396e: 0x000a, 0x396f: 0x000a,
-	0x3970: 0x000a, 0x3971: 0x000a, 0x3972: 0x000a, 0x3973: 0x000a, 0x3974: 0x000a, 0x3975: 0x000a,
-	0x3976: 0x000a, 0x3977: 0x000a, 0x3978: 0x000a, 0x3979: 0x000a, 0x397a: 0x000a, 0x397b: 0x000a,
-	0x397c: 0x000a, 0x397d: 0x000a, 0x397e: 0x000a, 0x397f: 0x000a,
-	// Block 0xe6, offset 0x3980
-	0x39a0: 0x000a, 0x39a1: 0x000a, 0x39a2: 0x000a, 0x39a3: 0x000a,
-	0x39a4: 0x000a, 0x39a5: 0x000a, 0x39a6: 0x000a, 0x39a7: 0x000a, 0x39a8: 0x000a, 0x39a9: 0x000a,
-	0x39aa: 0x000a, 0x39ab: 0x000a, 0x39ac: 0x000a, 0x39ad: 0x000a,
-	// Block 0xe7, offset 0x39c0
-	0x39fe: 0x000b, 0x39ff: 0x000b,
-	// Block 0xe8, offset 0x3a00
-	0x3a00: 0x000b, 0x3a01: 0x000b, 0x3a02: 0x000b, 0x3a03: 0x000b, 0x3a04: 0x000b, 0x3a05: 0x000b,
-	0x3a06: 0x000b, 0x3a07: 0x000b, 0x3a08: 0x000b, 0x3a09: 0x000b, 0x3a0a: 0x000b, 0x3a0b: 0x000b,
-	0x3a0c: 0x000b, 0x3a0d: 0x000b, 0x3a0e: 0x000b, 0x3a0f: 0x000b, 0x3a10: 0x000b, 0x3a11: 0x000b,
-	0x3a12: 0x000b, 0x3a13: 0x000b, 0x3a14: 0x000b, 0x3a15: 0x000b, 0x3a16: 0x000b, 0x3a17: 0x000b,
-	0x3a18: 0x000b, 0x3a19: 0x000b, 0x3a1a: 0x000b, 0x3a1b: 0x000b, 0x3a1c: 0x000b, 0x3a1d: 0x000b,
-	0x3a1e: 0x000b, 0x3a1f: 0x000b, 0x3a20: 0x000b, 0x3a21: 0x000b, 0x3a22: 0x000b, 0x3a23: 0x000b,
-	0x3a24: 0x000b, 0x3a25: 0x000b, 0x3a26: 0x000b, 0x3a27: 0x000b, 0x3a28: 0x000b, 0x3a29: 0x000b,
-	0x3a2a: 0x000b, 0x3a2b: 0x000b, 0x3a2c: 0x000b, 0x3a2d: 0x000b, 0x3a2e: 0x000b, 0x3a2f: 0x000b,
-	0x3a30: 0x000b, 0x3a31: 0x000b, 0x3a32: 0x000b, 0x3a33: 0x000b, 0x3a34: 0x000b, 0x3a35: 0x000b,
-	0x3a36: 0x000b, 0x3a37: 0x000b, 0x3a38: 0x000b, 0x3a39: 0x000b, 0x3a3a: 0x000b, 0x3a3b: 0x000b,
-	0x3a3c: 0x000b, 0x3a3d: 0x000b, 0x3a3e: 0x000b, 0x3a3f: 0x000b,
-	// Block 0xe9, offset 0x3a40
-	0x3a40: 0x000c, 0x3a41: 0x000c, 0x3a42: 0x000c, 0x3a43: 0x000c, 0x3a44: 0x000c, 0x3a45: 0x000c,
-	0x3a46: 0x000c, 0x3a47: 0x000c, 0x3a48: 0x000c, 0x3a49: 0x000c, 0x3a4a: 0x000c, 0x3a4b: 0x000c,
-	0x3a4c: 0x000c, 0x3a4d: 0x000c, 0x3a4e: 0x000c, 0x3a4f: 0x000c, 0x3a50: 0x000c, 0x3a51: 0x000c,
-	0x3a52: 0x000c, 0x3a53: 0x000c, 0x3a54: 0x000c, 0x3a55: 0x000c, 0x3a56: 0x000c, 0x3a57: 0x000c,
-	0x3a58: 0x000c, 0x3a59: 0x000c, 0x3a5a: 0x000c, 0x3a5b: 0x000c, 0x3a5c: 0x000c, 0x3a5d: 0x000c,
-	0x3a5e: 0x000c, 0x3a5f: 0x000c, 0x3a60: 0x000c, 0x3a61: 0x000c, 0x3a62: 0x000c, 0x3a63: 0x000c,
-	0x3a64: 0x000c, 0x3a65: 0x000c, 0x3a66: 0x000c, 0x3a67: 0x000c, 0x3a68: 0x000c, 0x3a69: 0x000c,
-	0x3a6a: 0x000c, 0x3a6b: 0x000c, 0x3a6c: 0x000c, 0x3a6d: 0x000c, 0x3a6e: 0x000c, 0x3a6f: 0x000c,
-	0x3a70: 0x000b, 0x3a71: 0x000b, 0x3a72: 0x000b, 0x3a73: 0x000b, 0x3a74: 0x000b, 0x3a75: 0x000b,
-	0x3a76: 0x000b, 0x3a77: 0x000b, 0x3a78: 0x000b, 0x3a79: 0x000b, 0x3a7a: 0x000b, 0x3a7b: 0x000b,
-	0x3a7c: 0x000b, 0x3a7d: 0x000b, 0x3a7e: 0x000b, 0x3a7f: 0x000b,
-}
-
-// bidiIndex: 24 blocks, 1536 entries, 1536 bytes
-// Block 0 is the zero block.
-var bidiIndex = [1536]uint8{
-	// Block 0x0, offset 0x0
-	// Block 0x1, offset 0x40
-	// Block 0x2, offset 0x80
-	// Block 0x3, offset 0xc0
-	0xc2: 0x01, 0xc3: 0x02,
-	0xca: 0x03, 0xcb: 0x04, 0xcc: 0x05, 0xcd: 0x06, 0xce: 0x07, 0xcf: 0x08,
-	0xd2: 0x09, 0xd6: 0x0a, 0xd7: 0x0b,
-	0xd8: 0x0c, 0xd9: 0x0d, 0xda: 0x0e, 0xdb: 0x0f, 0xdc: 0x10, 0xdd: 0x11, 0xde: 0x12, 0xdf: 0x13,
-	0xe0: 0x02, 0xe1: 0x03, 0xe2: 0x04, 0xe3: 0x05, 0xe4: 0x06,
-	0xea: 0x07, 0xef: 0x08,
-	0xf0: 0x11, 0xf1: 0x12, 0xf2: 0x12, 0xf3: 0x14, 0xf4: 0x15,
-	// Block 0x4, offset 0x100
-	0x120: 0x14, 0x121: 0x15, 0x122: 0x16, 0x123: 0x17, 0x124: 0x18, 0x125: 0x19, 0x126: 0x1a, 0x127: 0x1b,
-	0x128: 0x1c, 0x129: 0x1d, 0x12a: 0x1c, 0x12b: 0x1e, 0x12c: 0x1f, 0x12d: 0x20, 0x12e: 0x21, 0x12f: 0x22,
-	0x130: 0x23, 0x131: 0x24, 0x132: 0x1a, 0x133: 0x25, 0x134: 0x26, 0x135: 0x27, 0x137: 0x28,
-	0x138: 0x29, 0x139: 0x2a, 0x13a: 0x2b, 0x13b: 0x2c, 0x13c: 0x2d, 0x13d: 0x2e, 0x13e: 0x2f, 0x13f: 0x30,
-	// Block 0x5, offset 0x140
-	0x140: 0x31, 0x141: 0x32, 0x142: 0x33,
-	0x14d: 0x34, 0x14e: 0x35,
-	0x150: 0x36,
-	0x15a: 0x37, 0x15c: 0x38, 0x15d: 0x39, 0x15e: 0x3a, 0x15f: 0x3b,
-	0x160: 0x3c, 0x162: 0x3d, 0x164: 0x3e, 0x165: 0x3f, 0x167: 0x40,
-	0x168: 0x41, 0x169: 0x42, 0x16a: 0x43, 0x16c: 0x44, 0x16d: 0x45, 0x16e: 0x46, 0x16f: 0x47,
-	0x170: 0x48, 0x173: 0x49, 0x177: 0x4a,
-	0x17e: 0x4b, 0x17f: 0x4c,
-	// Block 0x6, offset 0x180
-	0x180: 0x4d, 0x181: 0x4e, 0x182: 0x4f, 0x183: 0x50, 0x184: 0x51, 0x185: 0x52, 0x186: 0x53, 0x187: 0x54,
-	0x188: 0x55, 0x189: 0x54, 0x18a: 0x54, 0x18b: 0x54, 0x18c: 0x56, 0x18d: 0x57, 0x18e: 0x58, 0x18f: 0x54,
-	0x190: 0x59, 0x191: 0x5a, 0x192: 0x5b, 0x193: 0x5c, 0x194: 0x54, 0x195: 0x54, 0x196: 0x54, 0x197: 0x54,
-	0x198: 0x54, 0x199: 0x54, 0x19a: 0x5d, 0x19b: 0x54, 0x19c: 0x54, 0x19d: 0x5e, 0x19e: 0x54, 0x19f: 0x5f,
-	0x1a4: 0x54, 0x1a5: 0x54, 0x1a6: 0x60, 0x1a7: 0x61,
-	0x1a8: 0x54, 0x1a9: 0x54, 0x1aa: 0x54, 0x1ab: 0x54, 0x1ac: 0x54, 0x1ad: 0x62, 0x1ae: 0x63, 0x1af: 0x64,
-	0x1b3: 0x65, 0x1b5: 0x66, 0x1b7: 0x67,
-	0x1b8: 0x68, 0x1b9: 0x69, 0x1ba: 0x6a, 0x1bb: 0x6b, 0x1bc: 0x54, 0x1bd: 0x54, 0x1be: 0x54, 0x1bf: 0x6c,
-	// Block 0x7, offset 0x1c0
-	0x1c0: 0x6d, 0x1c2: 0x6e, 0x1c3: 0x6f, 0x1c7: 0x70,
-	0x1c8: 0x71, 0x1c9: 0x72, 0x1ca: 0x73, 0x1cb: 0x74, 0x1cd: 0x75, 0x1cf: 0x76,
-	// Block 0x8, offset 0x200
-	0x237: 0x54,
-	// Block 0x9, offset 0x240
-	0x252: 0x77, 0x253: 0x78,
-	0x258: 0x79, 0x259: 0x7a, 0x25a: 0x7b, 0x25b: 0x7c, 0x25c: 0x7d, 0x25e: 0x7e,
-	0x260: 0x7f, 0x261: 0x80, 0x263: 0x81, 0x264: 0x82, 0x265: 0x83, 0x266: 0x84, 0x267: 0x85,
-	0x268: 0x86, 0x269: 0x87, 0x26a: 0x88, 0x26b: 0x89, 0x26f: 0x8a,
-	// Block 0xa, offset 0x280
-	0x2ac: 0x8b, 0x2ad: 0x8c, 0x2ae: 0x0e, 0x2af: 0x0e,
-	0x2b0: 0x0e, 0x2b1: 0x0e, 0x2b2: 0x0e, 0x2b3: 0x0e, 0x2b4: 0x8d, 0x2b5: 0x0e, 0x2b6: 0x0e, 0x2b7: 0x8e,
-	0x2b8: 0x8f, 0x2b9: 0x90, 0x2ba: 0x0e, 0x2bb: 0x91, 0x2bc: 0x92, 0x2bd: 0x93, 0x2bf: 0x94,
-	// Block 0xb, offset 0x2c0
-	0x2c4: 0x95, 0x2c5: 0x54, 0x2c6: 0x96, 0x2c7: 0x97,
-	0x2cb: 0x98, 0x2cd: 0x99,
-	0x2e0: 0x9a, 0x2e1: 0x9a, 0x2e2: 0x9a, 0x2e3: 0x9a, 0x2e4: 0x9b, 0x2e5: 0x9a, 0x2e6: 0x9a, 0x2e7: 0x9a,
-	0x2e8: 0x9c, 0x2e9: 0x9a, 0x2ea: 0x9a, 0x2eb: 0x9d, 0x2ec: 0x9e, 0x2ed: 0x9a, 0x2ee: 0x9a, 0x2ef: 0x9a,
-	0x2f0: 0x9a, 0x2f1: 0x9a, 0x2f2: 0x9a, 0x2f3: 0x9a, 0x2f4: 0x9f, 0x2f5: 0x9a, 0x2f6: 0x9a, 0x2f7: 0x9a,
-	0x2f8: 0x9a, 0x2f9: 0xa0, 0x2fa: 0x9a, 0x2fb: 0x9a, 0x2fc: 0xa1, 0x2fd: 0xa2, 0x2fe: 0x9a, 0x2ff: 0x9a,
-	// Block 0xc, offset 0x300
-	0x300: 0xa3, 0x301: 0xa4, 0x302: 0xa5, 0x304: 0xa6, 0x305: 0xa7, 0x306: 0xa8, 0x307: 0xa9,
-	0x308: 0xaa, 0x30b: 0xab, 0x30c: 0x26, 0x30d: 0xac,
-	0x310: 0xad, 0x311: 0xae, 0x312: 0xaf, 0x313: 0xb0, 0x316: 0xb1, 0x317: 0xb2,
-	0x318: 0xb3, 0x319: 0xb4, 0x31a: 0xb5, 0x31c: 0xb6,
-	0x320: 0xb7,
-	0x328: 0xb8, 0x329: 0xb9, 0x32a: 0xba,
-	0x330: 0xbb, 0x332: 0xbc, 0x334: 0xbd, 0x335: 0xbe, 0x336: 0xbf,
-	0x33b: 0xc0,
-	// Block 0xd, offset 0x340
-	0x36b: 0xc1, 0x36c: 0xc2,
-	0x37e: 0xc3,
-	// Block 0xe, offset 0x380
-	0x3b2: 0xc4,
-	// Block 0xf, offset 0x3c0
-	0x3c5: 0xc5, 0x3c6: 0xc6,
-	0x3c8: 0x54, 0x3c9: 0xc7, 0x3cc: 0x54, 0x3cd: 0xc8,
-	0x3db: 0xc9, 0x3dc: 0xca, 0x3dd: 0xcb, 0x3de: 0xcc, 0x3df: 0xcd,
-	0x3e8: 0xce, 0x3e9: 0xcf, 0x3ea: 0xd0,
-	// Block 0x10, offset 0x400
-	0x400: 0xd1,
-	0x420: 0x9a, 0x421: 0x9a, 0x422: 0x9a, 0x423: 0xd2, 0x424: 0x9a, 0x425: 0xd3, 0x426: 0x9a, 0x427: 0x9a,
-	0x428: 0x9a, 0x429: 0x9a, 0x42a: 0x9a, 0x42b: 0x9a, 0x42c: 0x9a, 0x42d: 0x9a, 0x42e: 0x9a, 0x42f: 0x9a,
-	0x430: 0x9a, 0x431: 0xa1, 0x432: 0x0e, 0x433: 0x9a, 0x434: 0x9a, 0x435: 0x9a, 0x436: 0x9a, 0x437: 0x9a,
-	0x438: 0x0e, 0x439: 0x0e, 0x43a: 0x0e, 0x43b: 0xd4, 0x43c: 0x9a, 0x43d: 0x9a, 0x43e: 0x9a, 0x43f: 0x9a,
-	// Block 0x11, offset 0x440
-	0x440: 0xd5, 0x441: 0x54, 0x442: 0xd6, 0x443: 0xd7, 0x444: 0xd8, 0x445: 0xd9,
-	0x449: 0xda, 0x44c: 0x54, 0x44d: 0x54, 0x44e: 0x54, 0x44f: 0x54,
-	0x450: 0x54, 0x451: 0x54, 0x452: 0x54, 0x453: 0x54, 0x454: 0x54, 0x455: 0x54, 0x456: 0x54, 0x457: 0x54,
-	0x458: 0x54, 0x459: 0x54, 0x45a: 0x54, 0x45b: 0xdb, 0x45c: 0x54, 0x45d: 0x6b, 0x45e: 0x54, 0x45f: 0xdc,
-	0x460: 0xdd, 0x461: 0xde, 0x462: 0xdf, 0x464: 0xe0, 0x465: 0xe1, 0x466: 0xe2, 0x467: 0xe3,
-	0x469: 0xe4,
-	0x47f: 0xe5,
-	// Block 0x12, offset 0x480
-	0x4bf: 0xe5,
-	// Block 0x13, offset 0x4c0
-	0x4d0: 0x09, 0x4d1: 0x0a, 0x4d6: 0x0b,
-	0x4db: 0x0c, 0x4dd: 0x0d, 0x4de: 0x0e, 0x4df: 0x0f,
-	0x4ef: 0x10,
-	0x4ff: 0x10,
-	// Block 0x14, offset 0x500
-	0x50f: 0x10,
-	0x51f: 0x10,
-	0x52f: 0x10,
-	0x53f: 0x10,
-	// Block 0x15, offset 0x540
-	0x540: 0xe6, 0x541: 0xe6, 0x542: 0xe6, 0x543: 0xe6, 0x544: 0x05, 0x545: 0x05, 0x546: 0x05, 0x547: 0xe7,
-	0x548: 0xe6, 0x549: 0xe6, 0x54a: 0xe6, 0x54b: 0xe6, 0x54c: 0xe6, 0x54d: 0xe6, 0x54e: 0xe6, 0x54f: 0xe6,
-	0x550: 0xe6, 0x551: 0xe6, 0x552: 0xe6, 0x553: 0xe6, 0x554: 0xe6, 0x555: 0xe6, 0x556: 0xe6, 0x557: 0xe6,
-	0x558: 0xe6, 0x559: 0xe6, 0x55a: 0xe6, 0x55b: 0xe6, 0x55c: 0xe6, 0x55d: 0xe6, 0x55e: 0xe6, 0x55f: 0xe6,
-	0x560: 0xe6, 0x561: 0xe6, 0x562: 0xe6, 0x563: 0xe6, 0x564: 0xe6, 0x565: 0xe6, 0x566: 0xe6, 0x567: 0xe6,
-	0x568: 0xe6, 0x569: 0xe6, 0x56a: 0xe6, 0x56b: 0xe6, 0x56c: 0xe6, 0x56d: 0xe6, 0x56e: 0xe6, 0x56f: 0xe6,
-	0x570: 0xe6, 0x571: 0xe6, 0x572: 0xe6, 0x573: 0xe6, 0x574: 0xe6, 0x575: 0xe6, 0x576: 0xe6, 0x577: 0xe6,
-	0x578: 0xe6, 0x579: 0xe6, 0x57a: 0xe6, 0x57b: 0xe6, 0x57c: 0xe6, 0x57d: 0xe6, 0x57e: 0xe6, 0x57f: 0xe6,
-	// Block 0x16, offset 0x580
-	0x58f: 0x10,
-	0x59f: 0x10,
-	0x5a0: 0x13,
-	0x5af: 0x10,
-	0x5bf: 0x10,
-	// Block 0x17, offset 0x5c0
-	0x5cf: 0x10,
-}
-
-// Total table size 16568 bytes (16KiB); checksum: F50EF68C
diff --git a/vendor/golang.org/x/text/unicode/norm/composition.go b/vendor/golang.org/x/text/unicode/norm/composition.go
index e2087bce..bab4c5de 100644
--- a/vendor/golang.org/x/text/unicode/norm/composition.go
+++ b/vendor/golang.org/x/text/unicode/norm/composition.go
@@ -407,7 +407,7 @@ func decomposeHangul(buf []byte, r rune) int {
 
 // decomposeHangul algorithmically decomposes a Hangul rune into
 // its Jamo components.
-// See https://unicode.org/reports/tr15/#Hangul for details on decomposing Hangul.
+// See http://unicode.org/reports/tr15/#Hangul for details on decomposing Hangul.
 func (rb *reorderBuffer) decomposeHangul(r rune) {
 	r -= hangulBase
 	x := r % jamoTCount
@@ -420,7 +420,7 @@ func (rb *reorderBuffer) decomposeHangul(r rune) {
 }
 
 // combineHangul algorithmically combines Jamo character components into Hangul.
-// See https://unicode.org/reports/tr15/#Hangul for details on combining Hangul.
+// See http://unicode.org/reports/tr15/#Hangul for details on combining Hangul.
 func (rb *reorderBuffer) combineHangul(s, i, k int) {
 	b := rb.rune[:]
 	bn := rb.nrune
@@ -461,10 +461,6 @@ func (rb *reorderBuffer) combineHangul(s, i, k int) {
 // It should only be used to recompose a single segment, as it will not
 // handle alternations between Hangul and non-Hangul characters correctly.
 func (rb *reorderBuffer) compose() {
-	// Lazily load the map used by the combine func below, but do
-	// it outside of the loop.
-	recompMapOnce.Do(buildRecompMap)
-
 	// UAX #15, section X5 , including Corrigendum #5
 	// "In any character sequence beginning with starter S, a character C is
 	//  blocked from S if and only if there is some character B between S
diff --git a/vendor/golang.org/x/text/unicode/norm/forminfo.go b/vendor/golang.org/x/text/unicode/norm/forminfo.go
index 526c7033..e67e7655 100644
--- a/vendor/golang.org/x/text/unicode/norm/forminfo.go
+++ b/vendor/golang.org/x/text/unicode/norm/forminfo.go
@@ -4,8 +4,6 @@
 
 package norm
 
-import "encoding/binary"
-
 // This file contains Form-specific logic and wrappers for data in tables.go.
 
 // Rune info is stored in a separate trie per composing form. A composing form
@@ -180,17 +178,6 @@ func (p Properties) TrailCCC() uint8 {
 	return ccc[p.tccc]
 }
 
-func buildRecompMap() {
-	recompMap = make(map[uint32]rune, len(recompMapPacked)/8)
-	var buf [8]byte
-	for i := 0; i < len(recompMapPacked); i += 8 {
-		copy(buf[:], recompMapPacked[i:i+8])
-		key := binary.BigEndian.Uint32(buf[:4])
-		val := binary.BigEndian.Uint32(buf[4:])
-		recompMap[key] = rune(val)
-	}
-}
-
 // Recomposition
 // We use 32-bit keys instead of 64-bit for the two codepoint keys.
 // This clips off the bits of three entries, but we know this will not
@@ -199,14 +186,8 @@ func buildRecompMap() {
 // Note that the recomposition map for NFC and NFKC are identical.
 
 // combine returns the combined rune or 0 if it doesn't exist.
-//
-// The caller is responsible for calling
-// recompMapOnce.Do(buildRecompMap) sometime before this is called.
 func combine(a, b rune) rune {
 	key := uint32(uint16(a))<<16 + uint32(uint16(b))
-	if recompMap == nil {
-		panic("caller error") // see func comment
-	}
 	return recompMap[key]
 }
 
diff --git a/vendor/golang.org/x/text/unicode/norm/iter.go b/vendor/golang.org/x/text/unicode/norm/iter.go
index 417c6b26..ce17f96c 100644
--- a/vendor/golang.org/x/text/unicode/norm/iter.go
+++ b/vendor/golang.org/x/text/unicode/norm/iter.go
@@ -128,9 +128,8 @@ func (i *Iter) Next() []byte {
 func nextASCIIBytes(i *Iter) []byte {
 	p := i.p + 1
 	if p >= i.rb.nsrc {
-		p0 := i.p
 		i.setDone()
-		return i.rb.src.bytes[p0:p]
+		return i.rb.src.bytes[i.p:p]
 	}
 	if i.rb.src.bytes[p] < utf8.RuneSelf {
 		p0 := i.p
diff --git a/vendor/golang.org/x/text/unicode/norm/normalize.go b/vendor/golang.org/x/text/unicode/norm/normalize.go
index 95efcf26..e28ac641 100644
--- a/vendor/golang.org/x/text/unicode/norm/normalize.go
+++ b/vendor/golang.org/x/text/unicode/norm/normalize.go
@@ -29,8 +29,8 @@ import (
 // proceed independently on both sides:
 //   f(x) == append(f(x[0:n]), f(x[n:])...)
 //
-// References: https://unicode.org/reports/tr15/ and
-// https://unicode.org/notes/tn5/.
+// References: http://unicode.org/reports/tr15/ and
+// http://unicode.org/notes/tn5/.
 type Form int
 
 const (
diff --git a/vendor/golang.org/x/text/unicode/norm/readwriter.go b/vendor/golang.org/x/text/unicode/norm/readwriter.go
index b38096f5..d926ee90 100644
--- a/vendor/golang.org/x/text/unicode/norm/readwriter.go
+++ b/vendor/golang.org/x/text/unicode/norm/readwriter.go
@@ -60,8 +60,8 @@ func (w *normWriter) Close() error {
 }
 
 // Writer returns a new writer that implements Write(b)
-// by writing f(b) to w. The returned writer may use an
-// internal buffer to maintain state across Write calls.
+// by writing f(b) to w.  The returned writer may use an
+// an internal buffer to maintain state across Write calls.
 // Calling its Close method writes any buffered data to w.
 func (f Form) Writer(w io.Writer) io.WriteCloser {
 	wr := &normWriter{rb: reorderBuffer{}, w: w}
diff --git a/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go
index 26fbd55a..44dd3978 100644
--- a/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go
+++ b/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go
@@ -1,11 +1,9 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
-// +build go1.10,!go1.13
+// +build go1.10
 
 package norm
 
-import "sync"
-
 const (
 	// Version is the Unicode edition from which the tables are derived.
 	Version = "10.0.0"
@@ -6709,949 +6707,947 @@ var nfkcSparseValues = [869]valueRange{
 }
 
 // recompMap: 7520 bytes (entries only)
-var recompMap map[uint32]rune
-var recompMapOnce sync.Once
+var recompMap = map[uint32]rune{
+	0x00410300: 0x00C0,
+	0x00410301: 0x00C1,
+	0x00410302: 0x00C2,
+	0x00410303: 0x00C3,
+	0x00410308: 0x00C4,
+	0x0041030A: 0x00C5,
+	0x00430327: 0x00C7,
+	0x00450300: 0x00C8,
+	0x00450301: 0x00C9,
+	0x00450302: 0x00CA,
+	0x00450308: 0x00CB,
+	0x00490300: 0x00CC,
+	0x00490301: 0x00CD,
+	0x00490302: 0x00CE,
+	0x00490308: 0x00CF,
+	0x004E0303: 0x00D1,
+	0x004F0300: 0x00D2,
+	0x004F0301: 0x00D3,
+	0x004F0302: 0x00D4,
+	0x004F0303: 0x00D5,
+	0x004F0308: 0x00D6,
+	0x00550300: 0x00D9,
+	0x00550301: 0x00DA,
+	0x00550302: 0x00DB,
+	0x00550308: 0x00DC,
+	0x00590301: 0x00DD,
+	0x00610300: 0x00E0,
+	0x00610301: 0x00E1,
+	0x00610302: 0x00E2,
+	0x00610303: 0x00E3,
+	0x00610308: 0x00E4,
+	0x0061030A: 0x00E5,
+	0x00630327: 0x00E7,
+	0x00650300: 0x00E8,
+	0x00650301: 0x00E9,
+	0x00650302: 0x00EA,
+	0x00650308: 0x00EB,
+	0x00690300: 0x00EC,
+	0x00690301: 0x00ED,
+	0x00690302: 0x00EE,
+	0x00690308: 0x00EF,
+	0x006E0303: 0x00F1,
+	0x006F0300: 0x00F2,
+	0x006F0301: 0x00F3,
+	0x006F0302: 0x00F4,
+	0x006F0303: 0x00F5,
+	0x006F0308: 0x00F6,
+	0x00750300: 0x00F9,
+	0x00750301: 0x00FA,
+	0x00750302: 0x00FB,
+	0x00750308: 0x00FC,
+	0x00790301: 0x00FD,
+	0x00790308: 0x00FF,
+	0x00410304: 0x0100,
+	0x00610304: 0x0101,
+	0x00410306: 0x0102,
+	0x00610306: 0x0103,
+	0x00410328: 0x0104,
+	0x00610328: 0x0105,
+	0x00430301: 0x0106,
+	0x00630301: 0x0107,
+	0x00430302: 0x0108,
+	0x00630302: 0x0109,
+	0x00430307: 0x010A,
+	0x00630307: 0x010B,
+	0x0043030C: 0x010C,
+	0x0063030C: 0x010D,
+	0x0044030C: 0x010E,
+	0x0064030C: 0x010F,
+	0x00450304: 0x0112,
+	0x00650304: 0x0113,
+	0x00450306: 0x0114,
+	0x00650306: 0x0115,
+	0x00450307: 0x0116,
+	0x00650307: 0x0117,
+	0x00450328: 0x0118,
+	0x00650328: 0x0119,
+	0x0045030C: 0x011A,
+	0x0065030C: 0x011B,
+	0x00470302: 0x011C,
+	0x00670302: 0x011D,
+	0x00470306: 0x011E,
+	0x00670306: 0x011F,
+	0x00470307: 0x0120,
+	0x00670307: 0x0121,
+	0x00470327: 0x0122,
+	0x00670327: 0x0123,
+	0x00480302: 0x0124,
+	0x00680302: 0x0125,
+	0x00490303: 0x0128,
+	0x00690303: 0x0129,
+	0x00490304: 0x012A,
+	0x00690304: 0x012B,
+	0x00490306: 0x012C,
+	0x00690306: 0x012D,
+	0x00490328: 0x012E,
+	0x00690328: 0x012F,
+	0x00490307: 0x0130,
+	0x004A0302: 0x0134,
+	0x006A0302: 0x0135,
+	0x004B0327: 0x0136,
+	0x006B0327: 0x0137,
+	0x004C0301: 0x0139,
+	0x006C0301: 0x013A,
+	0x004C0327: 0x013B,
+	0x006C0327: 0x013C,
+	0x004C030C: 0x013D,
+	0x006C030C: 0x013E,
+	0x004E0301: 0x0143,
+	0x006E0301: 0x0144,
+	0x004E0327: 0x0145,
+	0x006E0327: 0x0146,
+	0x004E030C: 0x0147,
+	0x006E030C: 0x0148,
+	0x004F0304: 0x014C,
+	0x006F0304: 0x014D,
+	0x004F0306: 0x014E,
+	0x006F0306: 0x014F,
+	0x004F030B: 0x0150,
+	0x006F030B: 0x0151,
+	0x00520301: 0x0154,
+	0x00720301: 0x0155,
+	0x00520327: 0x0156,
+	0x00720327: 0x0157,
+	0x0052030C: 0x0158,
+	0x0072030C: 0x0159,
+	0x00530301: 0x015A,
+	0x00730301: 0x015B,
+	0x00530302: 0x015C,
+	0x00730302: 0x015D,
+	0x00530327: 0x015E,
+	0x00730327: 0x015F,
+	0x0053030C: 0x0160,
+	0x0073030C: 0x0161,
+	0x00540327: 0x0162,
+	0x00740327: 0x0163,
+	0x0054030C: 0x0164,
+	0x0074030C: 0x0165,
+	0x00550303: 0x0168,
+	0x00750303: 0x0169,
+	0x00550304: 0x016A,
+	0x00750304: 0x016B,
+	0x00550306: 0x016C,
+	0x00750306: 0x016D,
+	0x0055030A: 0x016E,
+	0x0075030A: 0x016F,
+	0x0055030B: 0x0170,
+	0x0075030B: 0x0171,
+	0x00550328: 0x0172,
+	0x00750328: 0x0173,
+	0x00570302: 0x0174,
+	0x00770302: 0x0175,
+	0x00590302: 0x0176,
+	0x00790302: 0x0177,
+	0x00590308: 0x0178,
+	0x005A0301: 0x0179,
+	0x007A0301: 0x017A,
+	0x005A0307: 0x017B,
+	0x007A0307: 0x017C,
+	0x005A030C: 0x017D,
+	0x007A030C: 0x017E,
+	0x004F031B: 0x01A0,
+	0x006F031B: 0x01A1,
+	0x0055031B: 0x01AF,
+	0x0075031B: 0x01B0,
+	0x0041030C: 0x01CD,
+	0x0061030C: 0x01CE,
+	0x0049030C: 0x01CF,
+	0x0069030C: 0x01D0,
+	0x004F030C: 0x01D1,
+	0x006F030C: 0x01D2,
+	0x0055030C: 0x01D3,
+	0x0075030C: 0x01D4,
+	0x00DC0304: 0x01D5,
+	0x00FC0304: 0x01D6,
+	0x00DC0301: 0x01D7,
+	0x00FC0301: 0x01D8,
+	0x00DC030C: 0x01D9,
+	0x00FC030C: 0x01DA,
+	0x00DC0300: 0x01DB,
+	0x00FC0300: 0x01DC,
+	0x00C40304: 0x01DE,
+	0x00E40304: 0x01DF,
+	0x02260304: 0x01E0,
+	0x02270304: 0x01E1,
+	0x00C60304: 0x01E2,
+	0x00E60304: 0x01E3,
+	0x0047030C: 0x01E6,
+	0x0067030C: 0x01E7,
+	0x004B030C: 0x01E8,
+	0x006B030C: 0x01E9,
+	0x004F0328: 0x01EA,
+	0x006F0328: 0x01EB,
+	0x01EA0304: 0x01EC,
+	0x01EB0304: 0x01ED,
+	0x01B7030C: 0x01EE,
+	0x0292030C: 0x01EF,
+	0x006A030C: 0x01F0,
+	0x00470301: 0x01F4,
+	0x00670301: 0x01F5,
+	0x004E0300: 0x01F8,
+	0x006E0300: 0x01F9,
+	0x00C50301: 0x01FA,
+	0x00E50301: 0x01FB,
+	0x00C60301: 0x01FC,
+	0x00E60301: 0x01FD,
+	0x00D80301: 0x01FE,
+	0x00F80301: 0x01FF,
+	0x0041030F: 0x0200,
+	0x0061030F: 0x0201,
+	0x00410311: 0x0202,
+	0x00610311: 0x0203,
+	0x0045030F: 0x0204,
+	0x0065030F: 0x0205,
+	0x00450311: 0x0206,
+	0x00650311: 0x0207,
+	0x0049030F: 0x0208,
+	0x0069030F: 0x0209,
+	0x00490311: 0x020A,
+	0x00690311: 0x020B,
+	0x004F030F: 0x020C,
+	0x006F030F: 0x020D,
+	0x004F0311: 0x020E,
+	0x006F0311: 0x020F,
+	0x0052030F: 0x0210,
+	0x0072030F: 0x0211,
+	0x00520311: 0x0212,
+	0x00720311: 0x0213,
+	0x0055030F: 0x0214,
+	0x0075030F: 0x0215,
+	0x00550311: 0x0216,
+	0x00750311: 0x0217,
+	0x00530326: 0x0218,
+	0x00730326: 0x0219,
+	0x00540326: 0x021A,
+	0x00740326: 0x021B,
+	0x0048030C: 0x021E,
+	0x0068030C: 0x021F,
+	0x00410307: 0x0226,
+	0x00610307: 0x0227,
+	0x00450327: 0x0228,
+	0x00650327: 0x0229,
+	0x00D60304: 0x022A,
+	0x00F60304: 0x022B,
+	0x00D50304: 0x022C,
+	0x00F50304: 0x022D,
+	0x004F0307: 0x022E,
+	0x006F0307: 0x022F,
+	0x022E0304: 0x0230,
+	0x022F0304: 0x0231,
+	0x00590304: 0x0232,
+	0x00790304: 0x0233,
+	0x00A80301: 0x0385,
+	0x03910301: 0x0386,
+	0x03950301: 0x0388,
+	0x03970301: 0x0389,
+	0x03990301: 0x038A,
+	0x039F0301: 0x038C,
+	0x03A50301: 0x038E,
+	0x03A90301: 0x038F,
+	0x03CA0301: 0x0390,
+	0x03990308: 0x03AA,
+	0x03A50308: 0x03AB,
+	0x03B10301: 0x03AC,
+	0x03B50301: 0x03AD,
+	0x03B70301: 0x03AE,
+	0x03B90301: 0x03AF,
+	0x03CB0301: 0x03B0,
+	0x03B90308: 0x03CA,
+	0x03C50308: 0x03CB,
+	0x03BF0301: 0x03CC,
+	0x03C50301: 0x03CD,
+	0x03C90301: 0x03CE,
+	0x03D20301: 0x03D3,
+	0x03D20308: 0x03D4,
+	0x04150300: 0x0400,
+	0x04150308: 0x0401,
+	0x04130301: 0x0403,
+	0x04060308: 0x0407,
+	0x041A0301: 0x040C,
+	0x04180300: 0x040D,
+	0x04230306: 0x040E,
+	0x04180306: 0x0419,
+	0x04380306: 0x0439,
+	0x04350300: 0x0450,
+	0x04350308: 0x0451,
+	0x04330301: 0x0453,
+	0x04560308: 0x0457,
+	0x043A0301: 0x045C,
+	0x04380300: 0x045D,
+	0x04430306: 0x045E,
+	0x0474030F: 0x0476,
+	0x0475030F: 0x0477,
+	0x04160306: 0x04C1,
+	0x04360306: 0x04C2,
+	0x04100306: 0x04D0,
+	0x04300306: 0x04D1,
+	0x04100308: 0x04D2,
+	0x04300308: 0x04D3,
+	0x04150306: 0x04D6,
+	0x04350306: 0x04D7,
+	0x04D80308: 0x04DA,
+	0x04D90308: 0x04DB,
+	0x04160308: 0x04DC,
+	0x04360308: 0x04DD,
+	0x04170308: 0x04DE,
+	0x04370308: 0x04DF,
+	0x04180304: 0x04E2,
+	0x04380304: 0x04E3,
+	0x04180308: 0x04E4,
+	0x04380308: 0x04E5,
+	0x041E0308: 0x04E6,
+	0x043E0308: 0x04E7,
+	0x04E80308: 0x04EA,
+	0x04E90308: 0x04EB,
+	0x042D0308: 0x04EC,
+	0x044D0308: 0x04ED,
+	0x04230304: 0x04EE,
+	0x04430304: 0x04EF,
+	0x04230308: 0x04F0,
+	0x04430308: 0x04F1,
+	0x0423030B: 0x04F2,
+	0x0443030B: 0x04F3,
+	0x04270308: 0x04F4,
+	0x04470308: 0x04F5,
+	0x042B0308: 0x04F8,
+	0x044B0308: 0x04F9,
+	0x06270653: 0x0622,
+	0x06270654: 0x0623,
+	0x06480654: 0x0624,
+	0x06270655: 0x0625,
+	0x064A0654: 0x0626,
+	0x06D50654: 0x06C0,
+	0x06C10654: 0x06C2,
+	0x06D20654: 0x06D3,
+	0x0928093C: 0x0929,
+	0x0930093C: 0x0931,
+	0x0933093C: 0x0934,
+	0x09C709BE: 0x09CB,
+	0x09C709D7: 0x09CC,
+	0x0B470B56: 0x0B48,
+	0x0B470B3E: 0x0B4B,
+	0x0B470B57: 0x0B4C,
+	0x0B920BD7: 0x0B94,
+	0x0BC60BBE: 0x0BCA,
+	0x0BC70BBE: 0x0BCB,
+	0x0BC60BD7: 0x0BCC,
+	0x0C460C56: 0x0C48,
+	0x0CBF0CD5: 0x0CC0,
+	0x0CC60CD5: 0x0CC7,
+	0x0CC60CD6: 0x0CC8,
+	0x0CC60CC2: 0x0CCA,
+	0x0CCA0CD5: 0x0CCB,
+	0x0D460D3E: 0x0D4A,
+	0x0D470D3E: 0x0D4B,
+	0x0D460D57: 0x0D4C,
+	0x0DD90DCA: 0x0DDA,
+	0x0DD90DCF: 0x0DDC,
+	0x0DDC0DCA: 0x0DDD,
+	0x0DD90DDF: 0x0DDE,
+	0x1025102E: 0x1026,
+	0x1B051B35: 0x1B06,
+	0x1B071B35: 0x1B08,
+	0x1B091B35: 0x1B0A,
+	0x1B0B1B35: 0x1B0C,
+	0x1B0D1B35: 0x1B0E,
+	0x1B111B35: 0x1B12,
+	0x1B3A1B35: 0x1B3B,
+	0x1B3C1B35: 0x1B3D,
+	0x1B3E1B35: 0x1B40,
+	0x1B3F1B35: 0x1B41,
+	0x1B421B35: 0x1B43,
+	0x00410325: 0x1E00,
+	0x00610325: 0x1E01,
+	0x00420307: 0x1E02,
+	0x00620307: 0x1E03,
+	0x00420323: 0x1E04,
+	0x00620323: 0x1E05,
+	0x00420331: 0x1E06,
+	0x00620331: 0x1E07,
+	0x00C70301: 0x1E08,
+	0x00E70301: 0x1E09,
+	0x00440307: 0x1E0A,
+	0x00640307: 0x1E0B,
+	0x00440323: 0x1E0C,
+	0x00640323: 0x1E0D,
+	0x00440331: 0x1E0E,
+	0x00640331: 0x1E0F,
+	0x00440327: 0x1E10,
+	0x00640327: 0x1E11,
+	0x0044032D: 0x1E12,
+	0x0064032D: 0x1E13,
+	0x01120300: 0x1E14,
+	0x01130300: 0x1E15,
+	0x01120301: 0x1E16,
+	0x01130301: 0x1E17,
+	0x0045032D: 0x1E18,
+	0x0065032D: 0x1E19,
+	0x00450330: 0x1E1A,
+	0x00650330: 0x1E1B,
+	0x02280306: 0x1E1C,
+	0x02290306: 0x1E1D,
+	0x00460307: 0x1E1E,
+	0x00660307: 0x1E1F,
+	0x00470304: 0x1E20,
+	0x00670304: 0x1E21,
+	0x00480307: 0x1E22,
+	0x00680307: 0x1E23,
+	0x00480323: 0x1E24,
+	0x00680323: 0x1E25,
+	0x00480308: 0x1E26,
+	0x00680308: 0x1E27,
+	0x00480327: 0x1E28,
+	0x00680327: 0x1E29,
+	0x0048032E: 0x1E2A,
+	0x0068032E: 0x1E2B,
+	0x00490330: 0x1E2C,
+	0x00690330: 0x1E2D,
+	0x00CF0301: 0x1E2E,
+	0x00EF0301: 0x1E2F,
+	0x004B0301: 0x1E30,
+	0x006B0301: 0x1E31,
+	0x004B0323: 0x1E32,
+	0x006B0323: 0x1E33,
+	0x004B0331: 0x1E34,
+	0x006B0331: 0x1E35,
+	0x004C0323: 0x1E36,
+	0x006C0323: 0x1E37,
+	0x1E360304: 0x1E38,
+	0x1E370304: 0x1E39,
+	0x004C0331: 0x1E3A,
+	0x006C0331: 0x1E3B,
+	0x004C032D: 0x1E3C,
+	0x006C032D: 0x1E3D,
+	0x004D0301: 0x1E3E,
+	0x006D0301: 0x1E3F,
+	0x004D0307: 0x1E40,
+	0x006D0307: 0x1E41,
+	0x004D0323: 0x1E42,
+	0x006D0323: 0x1E43,
+	0x004E0307: 0x1E44,
+	0x006E0307: 0x1E45,
+	0x004E0323: 0x1E46,
+	0x006E0323: 0x1E47,
+	0x004E0331: 0x1E48,
+	0x006E0331: 0x1E49,
+	0x004E032D: 0x1E4A,
+	0x006E032D: 0x1E4B,
+	0x00D50301: 0x1E4C,
+	0x00F50301: 0x1E4D,
+	0x00D50308: 0x1E4E,
+	0x00F50308: 0x1E4F,
+	0x014C0300: 0x1E50,
+	0x014D0300: 0x1E51,
+	0x014C0301: 0x1E52,
+	0x014D0301: 0x1E53,
+	0x00500301: 0x1E54,
+	0x00700301: 0x1E55,
+	0x00500307: 0x1E56,
+	0x00700307: 0x1E57,
+	0x00520307: 0x1E58,
+	0x00720307: 0x1E59,
+	0x00520323: 0x1E5A,
+	0x00720323: 0x1E5B,
+	0x1E5A0304: 0x1E5C,
+	0x1E5B0304: 0x1E5D,
+	0x00520331: 0x1E5E,
+	0x00720331: 0x1E5F,
+	0x00530307: 0x1E60,
+	0x00730307: 0x1E61,
+	0x00530323: 0x1E62,
+	0x00730323: 0x1E63,
+	0x015A0307: 0x1E64,
+	0x015B0307: 0x1E65,
+	0x01600307: 0x1E66,
+	0x01610307: 0x1E67,
+	0x1E620307: 0x1E68,
+	0x1E630307: 0x1E69,
+	0x00540307: 0x1E6A,
+	0x00740307: 0x1E6B,
+	0x00540323: 0x1E6C,
+	0x00740323: 0x1E6D,
+	0x00540331: 0x1E6E,
+	0x00740331: 0x1E6F,
+	0x0054032D: 0x1E70,
+	0x0074032D: 0x1E71,
+	0x00550324: 0x1E72,
+	0x00750324: 0x1E73,
+	0x00550330: 0x1E74,
+	0x00750330: 0x1E75,
+	0x0055032D: 0x1E76,
+	0x0075032D: 0x1E77,
+	0x01680301: 0x1E78,
+	0x01690301: 0x1E79,
+	0x016A0308: 0x1E7A,
+	0x016B0308: 0x1E7B,
+	0x00560303: 0x1E7C,
+	0x00760303: 0x1E7D,
+	0x00560323: 0x1E7E,
+	0x00760323: 0x1E7F,
+	0x00570300: 0x1E80,
+	0x00770300: 0x1E81,
+	0x00570301: 0x1E82,
+	0x00770301: 0x1E83,
+	0x00570308: 0x1E84,
+	0x00770308: 0x1E85,
+	0x00570307: 0x1E86,
+	0x00770307: 0x1E87,
+	0x00570323: 0x1E88,
+	0x00770323: 0x1E89,
+	0x00580307: 0x1E8A,
+	0x00780307: 0x1E8B,
+	0x00580308: 0x1E8C,
+	0x00780308: 0x1E8D,
+	0x00590307: 0x1E8E,
+	0x00790307: 0x1E8F,
+	0x005A0302: 0x1E90,
+	0x007A0302: 0x1E91,
+	0x005A0323: 0x1E92,
+	0x007A0323: 0x1E93,
+	0x005A0331: 0x1E94,
+	0x007A0331: 0x1E95,
+	0x00680331: 0x1E96,
+	0x00740308: 0x1E97,
+	0x0077030A: 0x1E98,
+	0x0079030A: 0x1E99,
+	0x017F0307: 0x1E9B,
+	0x00410323: 0x1EA0,
+	0x00610323: 0x1EA1,
+	0x00410309: 0x1EA2,
+	0x00610309: 0x1EA3,
+	0x00C20301: 0x1EA4,
+	0x00E20301: 0x1EA5,
+	0x00C20300: 0x1EA6,
+	0x00E20300: 0x1EA7,
+	0x00C20309: 0x1EA8,
+	0x00E20309: 0x1EA9,
+	0x00C20303: 0x1EAA,
+	0x00E20303: 0x1EAB,
+	0x1EA00302: 0x1EAC,
+	0x1EA10302: 0x1EAD,
+	0x01020301: 0x1EAE,
+	0x01030301: 0x1EAF,
+	0x01020300: 0x1EB0,
+	0x01030300: 0x1EB1,
+	0x01020309: 0x1EB2,
+	0x01030309: 0x1EB3,
+	0x01020303: 0x1EB4,
+	0x01030303: 0x1EB5,
+	0x1EA00306: 0x1EB6,
+	0x1EA10306: 0x1EB7,
+	0x00450323: 0x1EB8,
+	0x00650323: 0x1EB9,
+	0x00450309: 0x1EBA,
+	0x00650309: 0x1EBB,
+	0x00450303: 0x1EBC,
+	0x00650303: 0x1EBD,
+	0x00CA0301: 0x1EBE,
+	0x00EA0301: 0x1EBF,
+	0x00CA0300: 0x1EC0,
+	0x00EA0300: 0x1EC1,
+	0x00CA0309: 0x1EC2,
+	0x00EA0309: 0x1EC3,
+	0x00CA0303: 0x1EC4,
+	0x00EA0303: 0x1EC5,
+	0x1EB80302: 0x1EC6,
+	0x1EB90302: 0x1EC7,
+	0x00490309: 0x1EC8,
+	0x00690309: 0x1EC9,
+	0x00490323: 0x1ECA,
+	0x00690323: 0x1ECB,
+	0x004F0323: 0x1ECC,
+	0x006F0323: 0x1ECD,
+	0x004F0309: 0x1ECE,
+	0x006F0309: 0x1ECF,
+	0x00D40301: 0x1ED0,
+	0x00F40301: 0x1ED1,
+	0x00D40300: 0x1ED2,
+	0x00F40300: 0x1ED3,
+	0x00D40309: 0x1ED4,
+	0x00F40309: 0x1ED5,
+	0x00D40303: 0x1ED6,
+	0x00F40303: 0x1ED7,
+	0x1ECC0302: 0x1ED8,
+	0x1ECD0302: 0x1ED9,
+	0x01A00301: 0x1EDA,
+	0x01A10301: 0x1EDB,
+	0x01A00300: 0x1EDC,
+	0x01A10300: 0x1EDD,
+	0x01A00309: 0x1EDE,
+	0x01A10309: 0x1EDF,
+	0x01A00303: 0x1EE0,
+	0x01A10303: 0x1EE1,
+	0x01A00323: 0x1EE2,
+	0x01A10323: 0x1EE3,
+	0x00550323: 0x1EE4,
+	0x00750323: 0x1EE5,
+	0x00550309: 0x1EE6,
+	0x00750309: 0x1EE7,
+	0x01AF0301: 0x1EE8,
+	0x01B00301: 0x1EE9,
+	0x01AF0300: 0x1EEA,
+	0x01B00300: 0x1EEB,
+	0x01AF0309: 0x1EEC,
+	0x01B00309: 0x1EED,
+	0x01AF0303: 0x1EEE,
+	0x01B00303: 0x1EEF,
+	0x01AF0323: 0x1EF0,
+	0x01B00323: 0x1EF1,
+	0x00590300: 0x1EF2,
+	0x00790300: 0x1EF3,
+	0x00590323: 0x1EF4,
+	0x00790323: 0x1EF5,
+	0x00590309: 0x1EF6,
+	0x00790309: 0x1EF7,
+	0x00590303: 0x1EF8,
+	0x00790303: 0x1EF9,
+	0x03B10313: 0x1F00,
+	0x03B10314: 0x1F01,
+	0x1F000300: 0x1F02,
+	0x1F010300: 0x1F03,
+	0x1F000301: 0x1F04,
+	0x1F010301: 0x1F05,
+	0x1F000342: 0x1F06,
+	0x1F010342: 0x1F07,
+	0x03910313: 0x1F08,
+	0x03910314: 0x1F09,
+	0x1F080300: 0x1F0A,
+	0x1F090300: 0x1F0B,
+	0x1F080301: 0x1F0C,
+	0x1F090301: 0x1F0D,
+	0x1F080342: 0x1F0E,
+	0x1F090342: 0x1F0F,
+	0x03B50313: 0x1F10,
+	0x03B50314: 0x1F11,
+	0x1F100300: 0x1F12,
+	0x1F110300: 0x1F13,
+	0x1F100301: 0x1F14,
+	0x1F110301: 0x1F15,
+	0x03950313: 0x1F18,
+	0x03950314: 0x1F19,
+	0x1F180300: 0x1F1A,
+	0x1F190300: 0x1F1B,
+	0x1F180301: 0x1F1C,
+	0x1F190301: 0x1F1D,
+	0x03B70313: 0x1F20,
+	0x03B70314: 0x1F21,
+	0x1F200300: 0x1F22,
+	0x1F210300: 0x1F23,
+	0x1F200301: 0x1F24,
+	0x1F210301: 0x1F25,
+	0x1F200342: 0x1F26,
+	0x1F210342: 0x1F27,
+	0x03970313: 0x1F28,
+	0x03970314: 0x1F29,
+	0x1F280300: 0x1F2A,
+	0x1F290300: 0x1F2B,
+	0x1F280301: 0x1F2C,
+	0x1F290301: 0x1F2D,
+	0x1F280342: 0x1F2E,
+	0x1F290342: 0x1F2F,
+	0x03B90313: 0x1F30,
+	0x03B90314: 0x1F31,
+	0x1F300300: 0x1F32,
+	0x1F310300: 0x1F33,
+	0x1F300301: 0x1F34,
+	0x1F310301: 0x1F35,
+	0x1F300342: 0x1F36,
+	0x1F310342: 0x1F37,
+	0x03990313: 0x1F38,
+	0x03990314: 0x1F39,
+	0x1F380300: 0x1F3A,
+	0x1F390300: 0x1F3B,
+	0x1F380301: 0x1F3C,
+	0x1F390301: 0x1F3D,
+	0x1F380342: 0x1F3E,
+	0x1F390342: 0x1F3F,
+	0x03BF0313: 0x1F40,
+	0x03BF0314: 0x1F41,
+	0x1F400300: 0x1F42,
+	0x1F410300: 0x1F43,
+	0x1F400301: 0x1F44,
+	0x1F410301: 0x1F45,
+	0x039F0313: 0x1F48,
+	0x039F0314: 0x1F49,
+	0x1F480300: 0x1F4A,
+	0x1F490300: 0x1F4B,
+	0x1F480301: 0x1F4C,
+	0x1F490301: 0x1F4D,
+	0x03C50313: 0x1F50,
+	0x03C50314: 0x1F51,
+	0x1F500300: 0x1F52,
+	0x1F510300: 0x1F53,
+	0x1F500301: 0x1F54,
+	0x1F510301: 0x1F55,
+	0x1F500342: 0x1F56,
+	0x1F510342: 0x1F57,
+	0x03A50314: 0x1F59,
+	0x1F590300: 0x1F5B,
+	0x1F590301: 0x1F5D,
+	0x1F590342: 0x1F5F,
+	0x03C90313: 0x1F60,
+	0x03C90314: 0x1F61,
+	0x1F600300: 0x1F62,
+	0x1F610300: 0x1F63,
+	0x1F600301: 0x1F64,
+	0x1F610301: 0x1F65,
+	0x1F600342: 0x1F66,
+	0x1F610342: 0x1F67,
+	0x03A90313: 0x1F68,
+	0x03A90314: 0x1F69,
+	0x1F680300: 0x1F6A,
+	0x1F690300: 0x1F6B,
+	0x1F680301: 0x1F6C,
+	0x1F690301: 0x1F6D,
+	0x1F680342: 0x1F6E,
+	0x1F690342: 0x1F6F,
+	0x03B10300: 0x1F70,
+	0x03B50300: 0x1F72,
+	0x03B70300: 0x1F74,
+	0x03B90300: 0x1F76,
+	0x03BF0300: 0x1F78,
+	0x03C50300: 0x1F7A,
+	0x03C90300: 0x1F7C,
+	0x1F000345: 0x1F80,
+	0x1F010345: 0x1F81,
+	0x1F020345: 0x1F82,
+	0x1F030345: 0x1F83,
+	0x1F040345: 0x1F84,
+	0x1F050345: 0x1F85,
+	0x1F060345: 0x1F86,
+	0x1F070345: 0x1F87,
+	0x1F080345: 0x1F88,
+	0x1F090345: 0x1F89,
+	0x1F0A0345: 0x1F8A,
+	0x1F0B0345: 0x1F8B,
+	0x1F0C0345: 0x1F8C,
+	0x1F0D0345: 0x1F8D,
+	0x1F0E0345: 0x1F8E,
+	0x1F0F0345: 0x1F8F,
+	0x1F200345: 0x1F90,
+	0x1F210345: 0x1F91,
+	0x1F220345: 0x1F92,
+	0x1F230345: 0x1F93,
+	0x1F240345: 0x1F94,
+	0x1F250345: 0x1F95,
+	0x1F260345: 0x1F96,
+	0x1F270345: 0x1F97,
+	0x1F280345: 0x1F98,
+	0x1F290345: 0x1F99,
+	0x1F2A0345: 0x1F9A,
+	0x1F2B0345: 0x1F9B,
+	0x1F2C0345: 0x1F9C,
+	0x1F2D0345: 0x1F9D,
+	0x1F2E0345: 0x1F9E,
+	0x1F2F0345: 0x1F9F,
+	0x1F600345: 0x1FA0,
+	0x1F610345: 0x1FA1,
+	0x1F620345: 0x1FA2,
+	0x1F630345: 0x1FA3,
+	0x1F640345: 0x1FA4,
+	0x1F650345: 0x1FA5,
+	0x1F660345: 0x1FA6,
+	0x1F670345: 0x1FA7,
+	0x1F680345: 0x1FA8,
+	0x1F690345: 0x1FA9,
+	0x1F6A0345: 0x1FAA,
+	0x1F6B0345: 0x1FAB,
+	0x1F6C0345: 0x1FAC,
+	0x1F6D0345: 0x1FAD,
+	0x1F6E0345: 0x1FAE,
+	0x1F6F0345: 0x1FAF,
+	0x03B10306: 0x1FB0,
+	0x03B10304: 0x1FB1,
+	0x1F700345: 0x1FB2,
+	0x03B10345: 0x1FB3,
+	0x03AC0345: 0x1FB4,
+	0x03B10342: 0x1FB6,
+	0x1FB60345: 0x1FB7,
+	0x03910306: 0x1FB8,
+	0x03910304: 0x1FB9,
+	0x03910300: 0x1FBA,
+	0x03910345: 0x1FBC,
+	0x00A80342: 0x1FC1,
+	0x1F740345: 0x1FC2,
+	0x03B70345: 0x1FC3,
+	0x03AE0345: 0x1FC4,
+	0x03B70342: 0x1FC6,
+	0x1FC60345: 0x1FC7,
+	0x03950300: 0x1FC8,
+	0x03970300: 0x1FCA,
+	0x03970345: 0x1FCC,
+	0x1FBF0300: 0x1FCD,
+	0x1FBF0301: 0x1FCE,
+	0x1FBF0342: 0x1FCF,
+	0x03B90306: 0x1FD0,
+	0x03B90304: 0x1FD1,
+	0x03CA0300: 0x1FD2,
+	0x03B90342: 0x1FD6,
+	0x03CA0342: 0x1FD7,
+	0x03990306: 0x1FD8,
+	0x03990304: 0x1FD9,
+	0x03990300: 0x1FDA,
+	0x1FFE0300: 0x1FDD,
+	0x1FFE0301: 0x1FDE,
+	0x1FFE0342: 0x1FDF,
+	0x03C50306: 0x1FE0,
+	0x03C50304: 0x1FE1,
+	0x03CB0300: 0x1FE2,
+	0x03C10313: 0x1FE4,
+	0x03C10314: 0x1FE5,
+	0x03C50342: 0x1FE6,
+	0x03CB0342: 0x1FE7,
+	0x03A50306: 0x1FE8,
+	0x03A50304: 0x1FE9,
+	0x03A50300: 0x1FEA,
+	0x03A10314: 0x1FEC,
+	0x00A80300: 0x1FED,
+	0x1F7C0345: 0x1FF2,
+	0x03C90345: 0x1FF3,
+	0x03CE0345: 0x1FF4,
+	0x03C90342: 0x1FF6,
+	0x1FF60345: 0x1FF7,
+	0x039F0300: 0x1FF8,
+	0x03A90300: 0x1FFA,
+	0x03A90345: 0x1FFC,
+	0x21900338: 0x219A,
+	0x21920338: 0x219B,
+	0x21940338: 0x21AE,
+	0x21D00338: 0x21CD,
+	0x21D40338: 0x21CE,
+	0x21D20338: 0x21CF,
+	0x22030338: 0x2204,
+	0x22080338: 0x2209,
+	0x220B0338: 0x220C,
+	0x22230338: 0x2224,
+	0x22250338: 0x2226,
+	0x223C0338: 0x2241,
+	0x22430338: 0x2244,
+	0x22450338: 0x2247,
+	0x22480338: 0x2249,
+	0x003D0338: 0x2260,
+	0x22610338: 0x2262,
+	0x224D0338: 0x226D,
+	0x003C0338: 0x226E,
+	0x003E0338: 0x226F,
+	0x22640338: 0x2270,
+	0x22650338: 0x2271,
+	0x22720338: 0x2274,
+	0x22730338: 0x2275,
+	0x22760338: 0x2278,
+	0x22770338: 0x2279,
+	0x227A0338: 0x2280,
+	0x227B0338: 0x2281,
+	0x22820338: 0x2284,
+	0x22830338: 0x2285,
+	0x22860338: 0x2288,
+	0x22870338: 0x2289,
+	0x22A20338: 0x22AC,
+	0x22A80338: 0x22AD,
+	0x22A90338: 0x22AE,
+	0x22AB0338: 0x22AF,
+	0x227C0338: 0x22E0,
+	0x227D0338: 0x22E1,
+	0x22910338: 0x22E2,
+	0x22920338: 0x22E3,
+	0x22B20338: 0x22EA,
+	0x22B30338: 0x22EB,
+	0x22B40338: 0x22EC,
+	0x22B50338: 0x22ED,
+	0x304B3099: 0x304C,
+	0x304D3099: 0x304E,
+	0x304F3099: 0x3050,
+	0x30513099: 0x3052,
+	0x30533099: 0x3054,
+	0x30553099: 0x3056,
+	0x30573099: 0x3058,
+	0x30593099: 0x305A,
+	0x305B3099: 0x305C,
+	0x305D3099: 0x305E,
+	0x305F3099: 0x3060,
+	0x30613099: 0x3062,
+	0x30643099: 0x3065,
+	0x30663099: 0x3067,
+	0x30683099: 0x3069,
+	0x306F3099: 0x3070,
+	0x306F309A: 0x3071,
+	0x30723099: 0x3073,
+	0x3072309A: 0x3074,
+	0x30753099: 0x3076,
+	0x3075309A: 0x3077,
+	0x30783099: 0x3079,
+	0x3078309A: 0x307A,
+	0x307B3099: 0x307C,
+	0x307B309A: 0x307D,
+	0x30463099: 0x3094,
+	0x309D3099: 0x309E,
+	0x30AB3099: 0x30AC,
+	0x30AD3099: 0x30AE,
+	0x30AF3099: 0x30B0,
+	0x30B13099: 0x30B2,
+	0x30B33099: 0x30B4,
+	0x30B53099: 0x30B6,
+	0x30B73099: 0x30B8,
+	0x30B93099: 0x30BA,
+	0x30BB3099: 0x30BC,
+	0x30BD3099: 0x30BE,
+	0x30BF3099: 0x30C0,
+	0x30C13099: 0x30C2,
+	0x30C43099: 0x30C5,
+	0x30C63099: 0x30C7,
+	0x30C83099: 0x30C9,
+	0x30CF3099: 0x30D0,
+	0x30CF309A: 0x30D1,
+	0x30D23099: 0x30D3,
+	0x30D2309A: 0x30D4,
+	0x30D53099: 0x30D6,
+	0x30D5309A: 0x30D7,
+	0x30D83099: 0x30D9,
+	0x30D8309A: 0x30DA,
+	0x30DB3099: 0x30DC,
+	0x30DB309A: 0x30DD,
+	0x30A63099: 0x30F4,
+	0x30EF3099: 0x30F7,
+	0x30F03099: 0x30F8,
+	0x30F13099: 0x30F9,
+	0x30F23099: 0x30FA,
+	0x30FD3099: 0x30FE,
+	0x109910BA: 0x1109A,
+	0x109B10BA: 0x1109C,
+	0x10A510BA: 0x110AB,
+	0x11311127: 0x1112E,
+	0x11321127: 0x1112F,
+	0x1347133E: 0x1134B,
+	0x13471357: 0x1134C,
+	0x14B914BA: 0x114BB,
+	0x14B914B0: 0x114BC,
+	0x14B914BD: 0x114BE,
+	0x15B815AF: 0x115BA,
+	0x15B915AF: 0x115BB,
+}
 
-const recompMapPacked = "" +
-	"\x00A\x03\x00\x00\x00\x00\xc0" + // 0x00410300: 0x000000C0
-	"\x00A\x03\x01\x00\x00\x00\xc1" + // 0x00410301: 0x000000C1
-	"\x00A\x03\x02\x00\x00\x00\xc2" + // 0x00410302: 0x000000C2
-	"\x00A\x03\x03\x00\x00\x00\xc3" + // 0x00410303: 0x000000C3
-	"\x00A\x03\b\x00\x00\x00\xc4" + // 0x00410308: 0x000000C4
-	"\x00A\x03\n\x00\x00\x00\xc5" + // 0x0041030A: 0x000000C5
-	"\x00C\x03'\x00\x00\x00\xc7" + // 0x00430327: 0x000000C7
-	"\x00E\x03\x00\x00\x00\x00\xc8" + // 0x00450300: 0x000000C8
-	"\x00E\x03\x01\x00\x00\x00\xc9" + // 0x00450301: 0x000000C9
-	"\x00E\x03\x02\x00\x00\x00\xca" + // 0x00450302: 0x000000CA
-	"\x00E\x03\b\x00\x00\x00\xcb" + // 0x00450308: 0x000000CB
-	"\x00I\x03\x00\x00\x00\x00\xcc" + // 0x00490300: 0x000000CC
-	"\x00I\x03\x01\x00\x00\x00\xcd" + // 0x00490301: 0x000000CD
-	"\x00I\x03\x02\x00\x00\x00\xce" + // 0x00490302: 0x000000CE
-	"\x00I\x03\b\x00\x00\x00\xcf" + // 0x00490308: 0x000000CF
-	"\x00N\x03\x03\x00\x00\x00\xd1" + // 0x004E0303: 0x000000D1
-	"\x00O\x03\x00\x00\x00\x00\xd2" + // 0x004F0300: 0x000000D2
-	"\x00O\x03\x01\x00\x00\x00\xd3" + // 0x004F0301: 0x000000D3
-	"\x00O\x03\x02\x00\x00\x00\xd4" + // 0x004F0302: 0x000000D4
-	"\x00O\x03\x03\x00\x00\x00\xd5" + // 0x004F0303: 0x000000D5
-	"\x00O\x03\b\x00\x00\x00\xd6" + // 0x004F0308: 0x000000D6
-	"\x00U\x03\x00\x00\x00\x00\xd9" + // 0x00550300: 0x000000D9
-	"\x00U\x03\x01\x00\x00\x00\xda" + // 0x00550301: 0x000000DA
-	"\x00U\x03\x02\x00\x00\x00\xdb" + // 0x00550302: 0x000000DB
-	"\x00U\x03\b\x00\x00\x00\xdc" + // 0x00550308: 0x000000DC
-	"\x00Y\x03\x01\x00\x00\x00\xdd" + // 0x00590301: 0x000000DD
-	"\x00a\x03\x00\x00\x00\x00\xe0" + // 0x00610300: 0x000000E0
-	"\x00a\x03\x01\x00\x00\x00\xe1" + // 0x00610301: 0x000000E1
-	"\x00a\x03\x02\x00\x00\x00\xe2" + // 0x00610302: 0x000000E2
-	"\x00a\x03\x03\x00\x00\x00\xe3" + // 0x00610303: 0x000000E3
-	"\x00a\x03\b\x00\x00\x00\xe4" + // 0x00610308: 0x000000E4
-	"\x00a\x03\n\x00\x00\x00\xe5" + // 0x0061030A: 0x000000E5
-	"\x00c\x03'\x00\x00\x00\xe7" + // 0x00630327: 0x000000E7
-	"\x00e\x03\x00\x00\x00\x00\xe8" + // 0x00650300: 0x000000E8
-	"\x00e\x03\x01\x00\x00\x00\xe9" + // 0x00650301: 0x000000E9
-	"\x00e\x03\x02\x00\x00\x00\xea" + // 0x00650302: 0x000000EA
-	"\x00e\x03\b\x00\x00\x00\xeb" + // 0x00650308: 0x000000EB
-	"\x00i\x03\x00\x00\x00\x00\xec" + // 0x00690300: 0x000000EC
-	"\x00i\x03\x01\x00\x00\x00\xed" + // 0x00690301: 0x000000ED
-	"\x00i\x03\x02\x00\x00\x00\xee" + // 0x00690302: 0x000000EE
-	"\x00i\x03\b\x00\x00\x00\xef" + // 0x00690308: 0x000000EF
-	"\x00n\x03\x03\x00\x00\x00\xf1" + // 0x006E0303: 0x000000F1
-	"\x00o\x03\x00\x00\x00\x00\xf2" + // 0x006F0300: 0x000000F2
-	"\x00o\x03\x01\x00\x00\x00\xf3" + // 0x006F0301: 0x000000F3
-	"\x00o\x03\x02\x00\x00\x00\xf4" + // 0x006F0302: 0x000000F4
-	"\x00o\x03\x03\x00\x00\x00\xf5" + // 0x006F0303: 0x000000F5
-	"\x00o\x03\b\x00\x00\x00\xf6" + // 0x006F0308: 0x000000F6
-	"\x00u\x03\x00\x00\x00\x00\xf9" + // 0x00750300: 0x000000F9
-	"\x00u\x03\x01\x00\x00\x00\xfa" + // 0x00750301: 0x000000FA
-	"\x00u\x03\x02\x00\x00\x00\xfb" + // 0x00750302: 0x000000FB
-	"\x00u\x03\b\x00\x00\x00\xfc" + // 0x00750308: 0x000000FC
-	"\x00y\x03\x01\x00\x00\x00\xfd" + // 0x00790301: 0x000000FD
-	"\x00y\x03\b\x00\x00\x00\xff" + // 0x00790308: 0x000000FF
-	"\x00A\x03\x04\x00\x00\x01\x00" + // 0x00410304: 0x00000100
-	"\x00a\x03\x04\x00\x00\x01\x01" + // 0x00610304: 0x00000101
-	"\x00A\x03\x06\x00\x00\x01\x02" + // 0x00410306: 0x00000102
-	"\x00a\x03\x06\x00\x00\x01\x03" + // 0x00610306: 0x00000103
-	"\x00A\x03(\x00\x00\x01\x04" + // 0x00410328: 0x00000104
-	"\x00a\x03(\x00\x00\x01\x05" + // 0x00610328: 0x00000105
-	"\x00C\x03\x01\x00\x00\x01\x06" + // 0x00430301: 0x00000106
-	"\x00c\x03\x01\x00\x00\x01\a" + // 0x00630301: 0x00000107
-	"\x00C\x03\x02\x00\x00\x01\b" + // 0x00430302: 0x00000108
-	"\x00c\x03\x02\x00\x00\x01\t" + // 0x00630302: 0x00000109
-	"\x00C\x03\a\x00\x00\x01\n" + // 0x00430307: 0x0000010A
-	"\x00c\x03\a\x00\x00\x01\v" + // 0x00630307: 0x0000010B
-	"\x00C\x03\f\x00\x00\x01\f" + // 0x0043030C: 0x0000010C
-	"\x00c\x03\f\x00\x00\x01\r" + // 0x0063030C: 0x0000010D
-	"\x00D\x03\f\x00\x00\x01\x0e" + // 0x0044030C: 0x0000010E
-	"\x00d\x03\f\x00\x00\x01\x0f" + // 0x0064030C: 0x0000010F
-	"\x00E\x03\x04\x00\x00\x01\x12" + // 0x00450304: 0x00000112
-	"\x00e\x03\x04\x00\x00\x01\x13" + // 0x00650304: 0x00000113
-	"\x00E\x03\x06\x00\x00\x01\x14" + // 0x00450306: 0x00000114
-	"\x00e\x03\x06\x00\x00\x01\x15" + // 0x00650306: 0x00000115
-	"\x00E\x03\a\x00\x00\x01\x16" + // 0x00450307: 0x00000116
-	"\x00e\x03\a\x00\x00\x01\x17" + // 0x00650307: 0x00000117
-	"\x00E\x03(\x00\x00\x01\x18" + // 0x00450328: 0x00000118
-	"\x00e\x03(\x00\x00\x01\x19" + // 0x00650328: 0x00000119
-	"\x00E\x03\f\x00\x00\x01\x1a" + // 0x0045030C: 0x0000011A
-	"\x00e\x03\f\x00\x00\x01\x1b" + // 0x0065030C: 0x0000011B
-	"\x00G\x03\x02\x00\x00\x01\x1c" + // 0x00470302: 0x0000011C
-	"\x00g\x03\x02\x00\x00\x01\x1d" + // 0x00670302: 0x0000011D
-	"\x00G\x03\x06\x00\x00\x01\x1e" + // 0x00470306: 0x0000011E
-	"\x00g\x03\x06\x00\x00\x01\x1f" + // 0x00670306: 0x0000011F
-	"\x00G\x03\a\x00\x00\x01 " + // 0x00470307: 0x00000120
-	"\x00g\x03\a\x00\x00\x01!" + // 0x00670307: 0x00000121
-	"\x00G\x03'\x00\x00\x01\"" + // 0x00470327: 0x00000122
-	"\x00g\x03'\x00\x00\x01#" + // 0x00670327: 0x00000123
-	"\x00H\x03\x02\x00\x00\x01$" + // 0x00480302: 0x00000124
-	"\x00h\x03\x02\x00\x00\x01%" + // 0x00680302: 0x00000125
-	"\x00I\x03\x03\x00\x00\x01(" + // 0x00490303: 0x00000128
-	"\x00i\x03\x03\x00\x00\x01)" + // 0x00690303: 0x00000129
-	"\x00I\x03\x04\x00\x00\x01*" + // 0x00490304: 0x0000012A
-	"\x00i\x03\x04\x00\x00\x01+" + // 0x00690304: 0x0000012B
-	"\x00I\x03\x06\x00\x00\x01," + // 0x00490306: 0x0000012C
-	"\x00i\x03\x06\x00\x00\x01-" + // 0x00690306: 0x0000012D
-	"\x00I\x03(\x00\x00\x01." + // 0x00490328: 0x0000012E
-	"\x00i\x03(\x00\x00\x01/" + // 0x00690328: 0x0000012F
-	"\x00I\x03\a\x00\x00\x010" + // 0x00490307: 0x00000130
-	"\x00J\x03\x02\x00\x00\x014" + // 0x004A0302: 0x00000134
-	"\x00j\x03\x02\x00\x00\x015" + // 0x006A0302: 0x00000135
-	"\x00K\x03'\x00\x00\x016" + // 0x004B0327: 0x00000136
-	"\x00k\x03'\x00\x00\x017" + // 0x006B0327: 0x00000137
-	"\x00L\x03\x01\x00\x00\x019" + // 0x004C0301: 0x00000139
-	"\x00l\x03\x01\x00\x00\x01:" + // 0x006C0301: 0x0000013A
-	"\x00L\x03'\x00\x00\x01;" + // 0x004C0327: 0x0000013B
-	"\x00l\x03'\x00\x00\x01<" + // 0x006C0327: 0x0000013C
-	"\x00L\x03\f\x00\x00\x01=" + // 0x004C030C: 0x0000013D
-	"\x00l\x03\f\x00\x00\x01>" + // 0x006C030C: 0x0000013E
-	"\x00N\x03\x01\x00\x00\x01C" + // 0x004E0301: 0x00000143
-	"\x00n\x03\x01\x00\x00\x01D" + // 0x006E0301: 0x00000144
-	"\x00N\x03'\x00\x00\x01E" + // 0x004E0327: 0x00000145
-	"\x00n\x03'\x00\x00\x01F" + // 0x006E0327: 0x00000146
-	"\x00N\x03\f\x00\x00\x01G" + // 0x004E030C: 0x00000147
-	"\x00n\x03\f\x00\x00\x01H" + // 0x006E030C: 0x00000148
-	"\x00O\x03\x04\x00\x00\x01L" + // 0x004F0304: 0x0000014C
-	"\x00o\x03\x04\x00\x00\x01M" + // 0x006F0304: 0x0000014D
-	"\x00O\x03\x06\x00\x00\x01N" + // 0x004F0306: 0x0000014E
-	"\x00o\x03\x06\x00\x00\x01O" + // 0x006F0306: 0x0000014F
-	"\x00O\x03\v\x00\x00\x01P" + // 0x004F030B: 0x00000150
-	"\x00o\x03\v\x00\x00\x01Q" + // 0x006F030B: 0x00000151
-	"\x00R\x03\x01\x00\x00\x01T" + // 0x00520301: 0x00000154
-	"\x00r\x03\x01\x00\x00\x01U" + // 0x00720301: 0x00000155
-	"\x00R\x03'\x00\x00\x01V" + // 0x00520327: 0x00000156
-	"\x00r\x03'\x00\x00\x01W" + // 0x00720327: 0x00000157
-	"\x00R\x03\f\x00\x00\x01X" + // 0x0052030C: 0x00000158
-	"\x00r\x03\f\x00\x00\x01Y" + // 0x0072030C: 0x00000159
-	"\x00S\x03\x01\x00\x00\x01Z" + // 0x00530301: 0x0000015A
-	"\x00s\x03\x01\x00\x00\x01[" + // 0x00730301: 0x0000015B
-	"\x00S\x03\x02\x00\x00\x01\\" + // 0x00530302: 0x0000015C
-	"\x00s\x03\x02\x00\x00\x01]" + // 0x00730302: 0x0000015D
-	"\x00S\x03'\x00\x00\x01^" + // 0x00530327: 0x0000015E
-	"\x00s\x03'\x00\x00\x01_" + // 0x00730327: 0x0000015F
-	"\x00S\x03\f\x00\x00\x01`" + // 0x0053030C: 0x00000160
-	"\x00s\x03\f\x00\x00\x01a" + // 0x0073030C: 0x00000161
-	"\x00T\x03'\x00\x00\x01b" + // 0x00540327: 0x00000162
-	"\x00t\x03'\x00\x00\x01c" + // 0x00740327: 0x00000163
-	"\x00T\x03\f\x00\x00\x01d" + // 0x0054030C: 0x00000164
-	"\x00t\x03\f\x00\x00\x01e" + // 0x0074030C: 0x00000165
-	"\x00U\x03\x03\x00\x00\x01h" + // 0x00550303: 0x00000168
-	"\x00u\x03\x03\x00\x00\x01i" + // 0x00750303: 0x00000169
-	"\x00U\x03\x04\x00\x00\x01j" + // 0x00550304: 0x0000016A
-	"\x00u\x03\x04\x00\x00\x01k" + // 0x00750304: 0x0000016B
-	"\x00U\x03\x06\x00\x00\x01l" + // 0x00550306: 0x0000016C
-	"\x00u\x03\x06\x00\x00\x01m" + // 0x00750306: 0x0000016D
-	"\x00U\x03\n\x00\x00\x01n" + // 0x0055030A: 0x0000016E
-	"\x00u\x03\n\x00\x00\x01o" + // 0x0075030A: 0x0000016F
-	"\x00U\x03\v\x00\x00\x01p" + // 0x0055030B: 0x00000170
-	"\x00u\x03\v\x00\x00\x01q" + // 0x0075030B: 0x00000171
-	"\x00U\x03(\x00\x00\x01r" + // 0x00550328: 0x00000172
-	"\x00u\x03(\x00\x00\x01s" + // 0x00750328: 0x00000173
-	"\x00W\x03\x02\x00\x00\x01t" + // 0x00570302: 0x00000174
-	"\x00w\x03\x02\x00\x00\x01u" + // 0x00770302: 0x00000175
-	"\x00Y\x03\x02\x00\x00\x01v" + // 0x00590302: 0x00000176
-	"\x00y\x03\x02\x00\x00\x01w" + // 0x00790302: 0x00000177
-	"\x00Y\x03\b\x00\x00\x01x" + // 0x00590308: 0x00000178
-	"\x00Z\x03\x01\x00\x00\x01y" + // 0x005A0301: 0x00000179
-	"\x00z\x03\x01\x00\x00\x01z" + // 0x007A0301: 0x0000017A
-	"\x00Z\x03\a\x00\x00\x01{" + // 0x005A0307: 0x0000017B
-	"\x00z\x03\a\x00\x00\x01|" + // 0x007A0307: 0x0000017C
-	"\x00Z\x03\f\x00\x00\x01}" + // 0x005A030C: 0x0000017D
-	"\x00z\x03\f\x00\x00\x01~" + // 0x007A030C: 0x0000017E
-	"\x00O\x03\x1b\x00\x00\x01\xa0" + // 0x004F031B: 0x000001A0
-	"\x00o\x03\x1b\x00\x00\x01\xa1" + // 0x006F031B: 0x000001A1
-	"\x00U\x03\x1b\x00\x00\x01\xaf" + // 0x0055031B: 0x000001AF
-	"\x00u\x03\x1b\x00\x00\x01\xb0" + // 0x0075031B: 0x000001B0
-	"\x00A\x03\f\x00\x00\x01\xcd" + // 0x0041030C: 0x000001CD
-	"\x00a\x03\f\x00\x00\x01\xce" + // 0x0061030C: 0x000001CE
-	"\x00I\x03\f\x00\x00\x01\xcf" + // 0x0049030C: 0x000001CF
-	"\x00i\x03\f\x00\x00\x01\xd0" + // 0x0069030C: 0x000001D0
-	"\x00O\x03\f\x00\x00\x01\xd1" + // 0x004F030C: 0x000001D1
-	"\x00o\x03\f\x00\x00\x01\xd2" + // 0x006F030C: 0x000001D2
-	"\x00U\x03\f\x00\x00\x01\xd3" + // 0x0055030C: 0x000001D3
-	"\x00u\x03\f\x00\x00\x01\xd4" + // 0x0075030C: 0x000001D4
-	"\x00\xdc\x03\x04\x00\x00\x01\xd5" + // 0x00DC0304: 0x000001D5
-	"\x00\xfc\x03\x04\x00\x00\x01\xd6" + // 0x00FC0304: 0x000001D6
-	"\x00\xdc\x03\x01\x00\x00\x01\xd7" + // 0x00DC0301: 0x000001D7
-	"\x00\xfc\x03\x01\x00\x00\x01\xd8" + // 0x00FC0301: 0x000001D8
-	"\x00\xdc\x03\f\x00\x00\x01\xd9" + // 0x00DC030C: 0x000001D9
-	"\x00\xfc\x03\f\x00\x00\x01\xda" + // 0x00FC030C: 0x000001DA
-	"\x00\xdc\x03\x00\x00\x00\x01\xdb" + // 0x00DC0300: 0x000001DB
-	"\x00\xfc\x03\x00\x00\x00\x01\xdc" + // 0x00FC0300: 0x000001DC
-	"\x00\xc4\x03\x04\x00\x00\x01\xde" + // 0x00C40304: 0x000001DE
-	"\x00\xe4\x03\x04\x00\x00\x01\xdf" + // 0x00E40304: 0x000001DF
-	"\x02&\x03\x04\x00\x00\x01\xe0" + // 0x02260304: 0x000001E0
-	"\x02'\x03\x04\x00\x00\x01\xe1" + // 0x02270304: 0x000001E1
-	"\x00\xc6\x03\x04\x00\x00\x01\xe2" + // 0x00C60304: 0x000001E2
-	"\x00\xe6\x03\x04\x00\x00\x01\xe3" + // 0x00E60304: 0x000001E3
-	"\x00G\x03\f\x00\x00\x01\xe6" + // 0x0047030C: 0x000001E6
-	"\x00g\x03\f\x00\x00\x01\xe7" + // 0x0067030C: 0x000001E7
-	"\x00K\x03\f\x00\x00\x01\xe8" + // 0x004B030C: 0x000001E8
-	"\x00k\x03\f\x00\x00\x01\xe9" + // 0x006B030C: 0x000001E9
-	"\x00O\x03(\x00\x00\x01\xea" + // 0x004F0328: 0x000001EA
-	"\x00o\x03(\x00\x00\x01\xeb" + // 0x006F0328: 0x000001EB
-	"\x01\xea\x03\x04\x00\x00\x01\xec" + // 0x01EA0304: 0x000001EC
-	"\x01\xeb\x03\x04\x00\x00\x01\xed" + // 0x01EB0304: 0x000001ED
-	"\x01\xb7\x03\f\x00\x00\x01\xee" + // 0x01B7030C: 0x000001EE
-	"\x02\x92\x03\f\x00\x00\x01\xef" + // 0x0292030C: 0x000001EF
-	"\x00j\x03\f\x00\x00\x01\xf0" + // 0x006A030C: 0x000001F0
-	"\x00G\x03\x01\x00\x00\x01\xf4" + // 0x00470301: 0x000001F4
-	"\x00g\x03\x01\x00\x00\x01\xf5" + // 0x00670301: 0x000001F5
-	"\x00N\x03\x00\x00\x00\x01\xf8" + // 0x004E0300: 0x000001F8
-	"\x00n\x03\x00\x00\x00\x01\xf9" + // 0x006E0300: 0x000001F9
-	"\x00\xc5\x03\x01\x00\x00\x01\xfa" + // 0x00C50301: 0x000001FA
-	"\x00\xe5\x03\x01\x00\x00\x01\xfb" + // 0x00E50301: 0x000001FB
-	"\x00\xc6\x03\x01\x00\x00\x01\xfc" + // 0x00C60301: 0x000001FC
-	"\x00\xe6\x03\x01\x00\x00\x01\xfd" + // 0x00E60301: 0x000001FD
-	"\x00\xd8\x03\x01\x00\x00\x01\xfe" + // 0x00D80301: 0x000001FE
-	"\x00\xf8\x03\x01\x00\x00\x01\xff" + // 0x00F80301: 0x000001FF
-	"\x00A\x03\x0f\x00\x00\x02\x00" + // 0x0041030F: 0x00000200
-	"\x00a\x03\x0f\x00\x00\x02\x01" + // 0x0061030F: 0x00000201
-	"\x00A\x03\x11\x00\x00\x02\x02" + // 0x00410311: 0x00000202
-	"\x00a\x03\x11\x00\x00\x02\x03" + // 0x00610311: 0x00000203
-	"\x00E\x03\x0f\x00\x00\x02\x04" + // 0x0045030F: 0x00000204
-	"\x00e\x03\x0f\x00\x00\x02\x05" + // 0x0065030F: 0x00000205
-	"\x00E\x03\x11\x00\x00\x02\x06" + // 0x00450311: 0x00000206
-	"\x00e\x03\x11\x00\x00\x02\a" + // 0x00650311: 0x00000207
-	"\x00I\x03\x0f\x00\x00\x02\b" + // 0x0049030F: 0x00000208
-	"\x00i\x03\x0f\x00\x00\x02\t" + // 0x0069030F: 0x00000209
-	"\x00I\x03\x11\x00\x00\x02\n" + // 0x00490311: 0x0000020A
-	"\x00i\x03\x11\x00\x00\x02\v" + // 0x00690311: 0x0000020B
-	"\x00O\x03\x0f\x00\x00\x02\f" + // 0x004F030F: 0x0000020C
-	"\x00o\x03\x0f\x00\x00\x02\r" + // 0x006F030F: 0x0000020D
-	"\x00O\x03\x11\x00\x00\x02\x0e" + // 0x004F0311: 0x0000020E
-	"\x00o\x03\x11\x00\x00\x02\x0f" + // 0x006F0311: 0x0000020F
-	"\x00R\x03\x0f\x00\x00\x02\x10" + // 0x0052030F: 0x00000210
-	"\x00r\x03\x0f\x00\x00\x02\x11" + // 0x0072030F: 0x00000211
-	"\x00R\x03\x11\x00\x00\x02\x12" + // 0x00520311: 0x00000212
-	"\x00r\x03\x11\x00\x00\x02\x13" + // 0x00720311: 0x00000213
-	"\x00U\x03\x0f\x00\x00\x02\x14" + // 0x0055030F: 0x00000214
-	"\x00u\x03\x0f\x00\x00\x02\x15" + // 0x0075030F: 0x00000215
-	"\x00U\x03\x11\x00\x00\x02\x16" + // 0x00550311: 0x00000216
-	"\x00u\x03\x11\x00\x00\x02\x17" + // 0x00750311: 0x00000217
-	"\x00S\x03&\x00\x00\x02\x18" + // 0x00530326: 0x00000218
-	"\x00s\x03&\x00\x00\x02\x19" + // 0x00730326: 0x00000219
-	"\x00T\x03&\x00\x00\x02\x1a" + // 0x00540326: 0x0000021A
-	"\x00t\x03&\x00\x00\x02\x1b" + // 0x00740326: 0x0000021B
-	"\x00H\x03\f\x00\x00\x02\x1e" + // 0x0048030C: 0x0000021E
-	"\x00h\x03\f\x00\x00\x02\x1f" + // 0x0068030C: 0x0000021F
-	"\x00A\x03\a\x00\x00\x02&" + // 0x00410307: 0x00000226
-	"\x00a\x03\a\x00\x00\x02'" + // 0x00610307: 0x00000227
-	"\x00E\x03'\x00\x00\x02(" + // 0x00450327: 0x00000228
-	"\x00e\x03'\x00\x00\x02)" + // 0x00650327: 0x00000229
-	"\x00\xd6\x03\x04\x00\x00\x02*" + // 0x00D60304: 0x0000022A
-	"\x00\xf6\x03\x04\x00\x00\x02+" + // 0x00F60304: 0x0000022B
-	"\x00\xd5\x03\x04\x00\x00\x02," + // 0x00D50304: 0x0000022C
-	"\x00\xf5\x03\x04\x00\x00\x02-" + // 0x00F50304: 0x0000022D
-	"\x00O\x03\a\x00\x00\x02." + // 0x004F0307: 0x0000022E
-	"\x00o\x03\a\x00\x00\x02/" + // 0x006F0307: 0x0000022F
-	"\x02.\x03\x04\x00\x00\x020" + // 0x022E0304: 0x00000230
-	"\x02/\x03\x04\x00\x00\x021" + // 0x022F0304: 0x00000231
-	"\x00Y\x03\x04\x00\x00\x022" + // 0x00590304: 0x00000232
-	"\x00y\x03\x04\x00\x00\x023" + // 0x00790304: 0x00000233
-	"\x00\xa8\x03\x01\x00\x00\x03\x85" + // 0x00A80301: 0x00000385
-	"\x03\x91\x03\x01\x00\x00\x03\x86" + // 0x03910301: 0x00000386
-	"\x03\x95\x03\x01\x00\x00\x03\x88" + // 0x03950301: 0x00000388
-	"\x03\x97\x03\x01\x00\x00\x03\x89" + // 0x03970301: 0x00000389
-	"\x03\x99\x03\x01\x00\x00\x03\x8a" + // 0x03990301: 0x0000038A
-	"\x03\x9f\x03\x01\x00\x00\x03\x8c" + // 0x039F0301: 0x0000038C
-	"\x03\xa5\x03\x01\x00\x00\x03\x8e" + // 0x03A50301: 0x0000038E
-	"\x03\xa9\x03\x01\x00\x00\x03\x8f" + // 0x03A90301: 0x0000038F
-	"\x03\xca\x03\x01\x00\x00\x03\x90" + // 0x03CA0301: 0x00000390
-	"\x03\x99\x03\b\x00\x00\x03\xaa" + // 0x03990308: 0x000003AA
-	"\x03\xa5\x03\b\x00\x00\x03\xab" + // 0x03A50308: 0x000003AB
-	"\x03\xb1\x03\x01\x00\x00\x03\xac" + // 0x03B10301: 0x000003AC
-	"\x03\xb5\x03\x01\x00\x00\x03\xad" + // 0x03B50301: 0x000003AD
-	"\x03\xb7\x03\x01\x00\x00\x03\xae" + // 0x03B70301: 0x000003AE
-	"\x03\xb9\x03\x01\x00\x00\x03\xaf" + // 0x03B90301: 0x000003AF
-	"\x03\xcb\x03\x01\x00\x00\x03\xb0" + // 0x03CB0301: 0x000003B0
-	"\x03\xb9\x03\b\x00\x00\x03\xca" + // 0x03B90308: 0x000003CA
-	"\x03\xc5\x03\b\x00\x00\x03\xcb" + // 0x03C50308: 0x000003CB
-	"\x03\xbf\x03\x01\x00\x00\x03\xcc" + // 0x03BF0301: 0x000003CC
-	"\x03\xc5\x03\x01\x00\x00\x03\xcd" + // 0x03C50301: 0x000003CD
-	"\x03\xc9\x03\x01\x00\x00\x03\xce" + // 0x03C90301: 0x000003CE
-	"\x03\xd2\x03\x01\x00\x00\x03\xd3" + // 0x03D20301: 0x000003D3
-	"\x03\xd2\x03\b\x00\x00\x03\xd4" + // 0x03D20308: 0x000003D4
-	"\x04\x15\x03\x00\x00\x00\x04\x00" + // 0x04150300: 0x00000400
-	"\x04\x15\x03\b\x00\x00\x04\x01" + // 0x04150308: 0x00000401
-	"\x04\x13\x03\x01\x00\x00\x04\x03" + // 0x04130301: 0x00000403
-	"\x04\x06\x03\b\x00\x00\x04\a" + // 0x04060308: 0x00000407
-	"\x04\x1a\x03\x01\x00\x00\x04\f" + // 0x041A0301: 0x0000040C
-	"\x04\x18\x03\x00\x00\x00\x04\r" + // 0x04180300: 0x0000040D
-	"\x04#\x03\x06\x00\x00\x04\x0e" + // 0x04230306: 0x0000040E
-	"\x04\x18\x03\x06\x00\x00\x04\x19" + // 0x04180306: 0x00000419
-	"\x048\x03\x06\x00\x00\x049" + // 0x04380306: 0x00000439
-	"\x045\x03\x00\x00\x00\x04P" + // 0x04350300: 0x00000450
-	"\x045\x03\b\x00\x00\x04Q" + // 0x04350308: 0x00000451
-	"\x043\x03\x01\x00\x00\x04S" + // 0x04330301: 0x00000453
-	"\x04V\x03\b\x00\x00\x04W" + // 0x04560308: 0x00000457
-	"\x04:\x03\x01\x00\x00\x04\\" + // 0x043A0301: 0x0000045C
-	"\x048\x03\x00\x00\x00\x04]" + // 0x04380300: 0x0000045D
-	"\x04C\x03\x06\x00\x00\x04^" + // 0x04430306: 0x0000045E
-	"\x04t\x03\x0f\x00\x00\x04v" + // 0x0474030F: 0x00000476
-	"\x04u\x03\x0f\x00\x00\x04w" + // 0x0475030F: 0x00000477
-	"\x04\x16\x03\x06\x00\x00\x04\xc1" + // 0x04160306: 0x000004C1
-	"\x046\x03\x06\x00\x00\x04\xc2" + // 0x04360306: 0x000004C2
-	"\x04\x10\x03\x06\x00\x00\x04\xd0" + // 0x04100306: 0x000004D0
-	"\x040\x03\x06\x00\x00\x04\xd1" + // 0x04300306: 0x000004D1
-	"\x04\x10\x03\b\x00\x00\x04\xd2" + // 0x04100308: 0x000004D2
-	"\x040\x03\b\x00\x00\x04\xd3" + // 0x04300308: 0x000004D3
-	"\x04\x15\x03\x06\x00\x00\x04\xd6" + // 0x04150306: 0x000004D6
-	"\x045\x03\x06\x00\x00\x04\xd7" + // 0x04350306: 0x000004D7
-	"\x04\xd8\x03\b\x00\x00\x04\xda" + // 0x04D80308: 0x000004DA
-	"\x04\xd9\x03\b\x00\x00\x04\xdb" + // 0x04D90308: 0x000004DB
-	"\x04\x16\x03\b\x00\x00\x04\xdc" + // 0x04160308: 0x000004DC
-	"\x046\x03\b\x00\x00\x04\xdd" + // 0x04360308: 0x000004DD
-	"\x04\x17\x03\b\x00\x00\x04\xde" + // 0x04170308: 0x000004DE
-	"\x047\x03\b\x00\x00\x04\xdf" + // 0x04370308: 0x000004DF
-	"\x04\x18\x03\x04\x00\x00\x04\xe2" + // 0x04180304: 0x000004E2
-	"\x048\x03\x04\x00\x00\x04\xe3" + // 0x04380304: 0x000004E3
-	"\x04\x18\x03\b\x00\x00\x04\xe4" + // 0x04180308: 0x000004E4
-	"\x048\x03\b\x00\x00\x04\xe5" + // 0x04380308: 0x000004E5
-	"\x04\x1e\x03\b\x00\x00\x04\xe6" + // 0x041E0308: 0x000004E6
-	"\x04>\x03\b\x00\x00\x04\xe7" + // 0x043E0308: 0x000004E7
-	"\x04\xe8\x03\b\x00\x00\x04\xea" + // 0x04E80308: 0x000004EA
-	"\x04\xe9\x03\b\x00\x00\x04\xeb" + // 0x04E90308: 0x000004EB
-	"\x04-\x03\b\x00\x00\x04\xec" + // 0x042D0308: 0x000004EC
-	"\x04M\x03\b\x00\x00\x04\xed" + // 0x044D0308: 0x000004ED
-	"\x04#\x03\x04\x00\x00\x04\xee" + // 0x04230304: 0x000004EE
-	"\x04C\x03\x04\x00\x00\x04\xef" + // 0x04430304: 0x000004EF
-	"\x04#\x03\b\x00\x00\x04\xf0" + // 0x04230308: 0x000004F0
-	"\x04C\x03\b\x00\x00\x04\xf1" + // 0x04430308: 0x000004F1
-	"\x04#\x03\v\x00\x00\x04\xf2" + // 0x0423030B: 0x000004F2
-	"\x04C\x03\v\x00\x00\x04\xf3" + // 0x0443030B: 0x000004F3
-	"\x04'\x03\b\x00\x00\x04\xf4" + // 0x04270308: 0x000004F4
-	"\x04G\x03\b\x00\x00\x04\xf5" + // 0x04470308: 0x000004F5
-	"\x04+\x03\b\x00\x00\x04\xf8" + // 0x042B0308: 0x000004F8
-	"\x04K\x03\b\x00\x00\x04\xf9" + // 0x044B0308: 0x000004F9
-	"\x06'\x06S\x00\x00\x06\"" + // 0x06270653: 0x00000622
-	"\x06'\x06T\x00\x00\x06#" + // 0x06270654: 0x00000623
-	"\x06H\x06T\x00\x00\x06$" + // 0x06480654: 0x00000624
-	"\x06'\x06U\x00\x00\x06%" + // 0x06270655: 0x00000625
-	"\x06J\x06T\x00\x00\x06&" + // 0x064A0654: 0x00000626
-	"\x06\xd5\x06T\x00\x00\x06\xc0" + // 0x06D50654: 0x000006C0
-	"\x06\xc1\x06T\x00\x00\x06\xc2" + // 0x06C10654: 0x000006C2
-	"\x06\xd2\x06T\x00\x00\x06\xd3" + // 0x06D20654: 0x000006D3
-	"\t(\t<\x00\x00\t)" + // 0x0928093C: 0x00000929
-	"\t0\t<\x00\x00\t1" + // 0x0930093C: 0x00000931
-	"\t3\t<\x00\x00\t4" + // 0x0933093C: 0x00000934
-	"\t\xc7\t\xbe\x00\x00\t\xcb" + // 0x09C709BE: 0x000009CB
-	"\t\xc7\t\xd7\x00\x00\t\xcc" + // 0x09C709D7: 0x000009CC
-	"\vG\vV\x00\x00\vH" + // 0x0B470B56: 0x00000B48
-	"\vG\v>\x00\x00\vK" + // 0x0B470B3E: 0x00000B4B
-	"\vG\vW\x00\x00\vL" + // 0x0B470B57: 0x00000B4C
-	"\v\x92\v\xd7\x00\x00\v\x94" + // 0x0B920BD7: 0x00000B94
-	"\v\xc6\v\xbe\x00\x00\v\xca" + // 0x0BC60BBE: 0x00000BCA
-	"\v\xc7\v\xbe\x00\x00\v\xcb" + // 0x0BC70BBE: 0x00000BCB
-	"\v\xc6\v\xd7\x00\x00\v\xcc" + // 0x0BC60BD7: 0x00000BCC
-	"\fF\fV\x00\x00\fH" + // 0x0C460C56: 0x00000C48
-	"\f\xbf\f\xd5\x00\x00\f\xc0" + // 0x0CBF0CD5: 0x00000CC0
-	"\f\xc6\f\xd5\x00\x00\f\xc7" + // 0x0CC60CD5: 0x00000CC7
-	"\f\xc6\f\xd6\x00\x00\f\xc8" + // 0x0CC60CD6: 0x00000CC8
-	"\f\xc6\f\xc2\x00\x00\f\xca" + // 0x0CC60CC2: 0x00000CCA
-	"\f\xca\f\xd5\x00\x00\f\xcb" + // 0x0CCA0CD5: 0x00000CCB
-	"\rF\r>\x00\x00\rJ" + // 0x0D460D3E: 0x00000D4A
-	"\rG\r>\x00\x00\rK" + // 0x0D470D3E: 0x00000D4B
-	"\rF\rW\x00\x00\rL" + // 0x0D460D57: 0x00000D4C
-	"\r\xd9\r\xca\x00\x00\r\xda" + // 0x0DD90DCA: 0x00000DDA
-	"\r\xd9\r\xcf\x00\x00\r\xdc" + // 0x0DD90DCF: 0x00000DDC
-	"\r\xdc\r\xca\x00\x00\r\xdd" + // 0x0DDC0DCA: 0x00000DDD
-	"\r\xd9\r\xdf\x00\x00\r\xde" + // 0x0DD90DDF: 0x00000DDE
-	"\x10%\x10.\x00\x00\x10&" + // 0x1025102E: 0x00001026
-	"\x1b\x05\x1b5\x00\x00\x1b\x06" + // 0x1B051B35: 0x00001B06
-	"\x1b\a\x1b5\x00\x00\x1b\b" + // 0x1B071B35: 0x00001B08
-	"\x1b\t\x1b5\x00\x00\x1b\n" + // 0x1B091B35: 0x00001B0A
-	"\x1b\v\x1b5\x00\x00\x1b\f" + // 0x1B0B1B35: 0x00001B0C
-	"\x1b\r\x1b5\x00\x00\x1b\x0e" + // 0x1B0D1B35: 0x00001B0E
-	"\x1b\x11\x1b5\x00\x00\x1b\x12" + // 0x1B111B35: 0x00001B12
-	"\x1b:\x1b5\x00\x00\x1b;" + // 0x1B3A1B35: 0x00001B3B
-	"\x1b<\x1b5\x00\x00\x1b=" + // 0x1B3C1B35: 0x00001B3D
-	"\x1b>\x1b5\x00\x00\x1b@" + // 0x1B3E1B35: 0x00001B40
-	"\x1b?\x1b5\x00\x00\x1bA" + // 0x1B3F1B35: 0x00001B41
-	"\x1bB\x1b5\x00\x00\x1bC" + // 0x1B421B35: 0x00001B43
-	"\x00A\x03%\x00\x00\x1e\x00" + // 0x00410325: 0x00001E00
-	"\x00a\x03%\x00\x00\x1e\x01" + // 0x00610325: 0x00001E01
-	"\x00B\x03\a\x00\x00\x1e\x02" + // 0x00420307: 0x00001E02
-	"\x00b\x03\a\x00\x00\x1e\x03" + // 0x00620307: 0x00001E03
-	"\x00B\x03#\x00\x00\x1e\x04" + // 0x00420323: 0x00001E04
-	"\x00b\x03#\x00\x00\x1e\x05" + // 0x00620323: 0x00001E05
-	"\x00B\x031\x00\x00\x1e\x06" + // 0x00420331: 0x00001E06
-	"\x00b\x031\x00\x00\x1e\a" + // 0x00620331: 0x00001E07
-	"\x00\xc7\x03\x01\x00\x00\x1e\b" + // 0x00C70301: 0x00001E08
-	"\x00\xe7\x03\x01\x00\x00\x1e\t" + // 0x00E70301: 0x00001E09
-	"\x00D\x03\a\x00\x00\x1e\n" + // 0x00440307: 0x00001E0A
-	"\x00d\x03\a\x00\x00\x1e\v" + // 0x00640307: 0x00001E0B
-	"\x00D\x03#\x00\x00\x1e\f" + // 0x00440323: 0x00001E0C
-	"\x00d\x03#\x00\x00\x1e\r" + // 0x00640323: 0x00001E0D
-	"\x00D\x031\x00\x00\x1e\x0e" + // 0x00440331: 0x00001E0E
-	"\x00d\x031\x00\x00\x1e\x0f" + // 0x00640331: 0x00001E0F
-	"\x00D\x03'\x00\x00\x1e\x10" + // 0x00440327: 0x00001E10
-	"\x00d\x03'\x00\x00\x1e\x11" + // 0x00640327: 0x00001E11
-	"\x00D\x03-\x00\x00\x1e\x12" + // 0x0044032D: 0x00001E12
-	"\x00d\x03-\x00\x00\x1e\x13" + // 0x0064032D: 0x00001E13
-	"\x01\x12\x03\x00\x00\x00\x1e\x14" + // 0x01120300: 0x00001E14
-	"\x01\x13\x03\x00\x00\x00\x1e\x15" + // 0x01130300: 0x00001E15
-	"\x01\x12\x03\x01\x00\x00\x1e\x16" + // 0x01120301: 0x00001E16
-	"\x01\x13\x03\x01\x00\x00\x1e\x17" + // 0x01130301: 0x00001E17
-	"\x00E\x03-\x00\x00\x1e\x18" + // 0x0045032D: 0x00001E18
-	"\x00e\x03-\x00\x00\x1e\x19" + // 0x0065032D: 0x00001E19
-	"\x00E\x030\x00\x00\x1e\x1a" + // 0x00450330: 0x00001E1A
-	"\x00e\x030\x00\x00\x1e\x1b" + // 0x00650330: 0x00001E1B
-	"\x02(\x03\x06\x00\x00\x1e\x1c" + // 0x02280306: 0x00001E1C
-	"\x02)\x03\x06\x00\x00\x1e\x1d" + // 0x02290306: 0x00001E1D
-	"\x00F\x03\a\x00\x00\x1e\x1e" + // 0x00460307: 0x00001E1E
-	"\x00f\x03\a\x00\x00\x1e\x1f" + // 0x00660307: 0x00001E1F
-	"\x00G\x03\x04\x00\x00\x1e " + // 0x00470304: 0x00001E20
-	"\x00g\x03\x04\x00\x00\x1e!" + // 0x00670304: 0x00001E21
-	"\x00H\x03\a\x00\x00\x1e\"" + // 0x00480307: 0x00001E22
-	"\x00h\x03\a\x00\x00\x1e#" + // 0x00680307: 0x00001E23
-	"\x00H\x03#\x00\x00\x1e$" + // 0x00480323: 0x00001E24
-	"\x00h\x03#\x00\x00\x1e%" + // 0x00680323: 0x00001E25
-	"\x00H\x03\b\x00\x00\x1e&" + // 0x00480308: 0x00001E26
-	"\x00h\x03\b\x00\x00\x1e'" + // 0x00680308: 0x00001E27
-	"\x00H\x03'\x00\x00\x1e(" + // 0x00480327: 0x00001E28
-	"\x00h\x03'\x00\x00\x1e)" + // 0x00680327: 0x00001E29
-	"\x00H\x03.\x00\x00\x1e*" + // 0x0048032E: 0x00001E2A
-	"\x00h\x03.\x00\x00\x1e+" + // 0x0068032E: 0x00001E2B
-	"\x00I\x030\x00\x00\x1e," + // 0x00490330: 0x00001E2C
-	"\x00i\x030\x00\x00\x1e-" + // 0x00690330: 0x00001E2D
-	"\x00\xcf\x03\x01\x00\x00\x1e." + // 0x00CF0301: 0x00001E2E
-	"\x00\xef\x03\x01\x00\x00\x1e/" + // 0x00EF0301: 0x00001E2F
-	"\x00K\x03\x01\x00\x00\x1e0" + // 0x004B0301: 0x00001E30
-	"\x00k\x03\x01\x00\x00\x1e1" + // 0x006B0301: 0x00001E31
-	"\x00K\x03#\x00\x00\x1e2" + // 0x004B0323: 0x00001E32
-	"\x00k\x03#\x00\x00\x1e3" + // 0x006B0323: 0x00001E33
-	"\x00K\x031\x00\x00\x1e4" + // 0x004B0331: 0x00001E34
-	"\x00k\x031\x00\x00\x1e5" + // 0x006B0331: 0x00001E35
-	"\x00L\x03#\x00\x00\x1e6" + // 0x004C0323: 0x00001E36
-	"\x00l\x03#\x00\x00\x1e7" + // 0x006C0323: 0x00001E37
-	"\x1e6\x03\x04\x00\x00\x1e8" + // 0x1E360304: 0x00001E38
-	"\x1e7\x03\x04\x00\x00\x1e9" + // 0x1E370304: 0x00001E39
-	"\x00L\x031\x00\x00\x1e:" + // 0x004C0331: 0x00001E3A
-	"\x00l\x031\x00\x00\x1e;" + // 0x006C0331: 0x00001E3B
-	"\x00L\x03-\x00\x00\x1e<" + // 0x004C032D: 0x00001E3C
-	"\x00l\x03-\x00\x00\x1e=" + // 0x006C032D: 0x00001E3D
-	"\x00M\x03\x01\x00\x00\x1e>" + // 0x004D0301: 0x00001E3E
-	"\x00m\x03\x01\x00\x00\x1e?" + // 0x006D0301: 0x00001E3F
-	"\x00M\x03\a\x00\x00\x1e@" + // 0x004D0307: 0x00001E40
-	"\x00m\x03\a\x00\x00\x1eA" + // 0x006D0307: 0x00001E41
-	"\x00M\x03#\x00\x00\x1eB" + // 0x004D0323: 0x00001E42
-	"\x00m\x03#\x00\x00\x1eC" + // 0x006D0323: 0x00001E43
-	"\x00N\x03\a\x00\x00\x1eD" + // 0x004E0307: 0x00001E44
-	"\x00n\x03\a\x00\x00\x1eE" + // 0x006E0307: 0x00001E45
-	"\x00N\x03#\x00\x00\x1eF" + // 0x004E0323: 0x00001E46
-	"\x00n\x03#\x00\x00\x1eG" + // 0x006E0323: 0x00001E47
-	"\x00N\x031\x00\x00\x1eH" + // 0x004E0331: 0x00001E48
-	"\x00n\x031\x00\x00\x1eI" + // 0x006E0331: 0x00001E49
-	"\x00N\x03-\x00\x00\x1eJ" + // 0x004E032D: 0x00001E4A
-	"\x00n\x03-\x00\x00\x1eK" + // 0x006E032D: 0x00001E4B
-	"\x00\xd5\x03\x01\x00\x00\x1eL" + // 0x00D50301: 0x00001E4C
-	"\x00\xf5\x03\x01\x00\x00\x1eM" + // 0x00F50301: 0x00001E4D
-	"\x00\xd5\x03\b\x00\x00\x1eN" + // 0x00D50308: 0x00001E4E
-	"\x00\xf5\x03\b\x00\x00\x1eO" + // 0x00F50308: 0x00001E4F
-	"\x01L\x03\x00\x00\x00\x1eP" + // 0x014C0300: 0x00001E50
-	"\x01M\x03\x00\x00\x00\x1eQ" + // 0x014D0300: 0x00001E51
-	"\x01L\x03\x01\x00\x00\x1eR" + // 0x014C0301: 0x00001E52
-	"\x01M\x03\x01\x00\x00\x1eS" + // 0x014D0301: 0x00001E53
-	"\x00P\x03\x01\x00\x00\x1eT" + // 0x00500301: 0x00001E54
-	"\x00p\x03\x01\x00\x00\x1eU" + // 0x00700301: 0x00001E55
-	"\x00P\x03\a\x00\x00\x1eV" + // 0x00500307: 0x00001E56
-	"\x00p\x03\a\x00\x00\x1eW" + // 0x00700307: 0x00001E57
-	"\x00R\x03\a\x00\x00\x1eX" + // 0x00520307: 0x00001E58
-	"\x00r\x03\a\x00\x00\x1eY" + // 0x00720307: 0x00001E59
-	"\x00R\x03#\x00\x00\x1eZ" + // 0x00520323: 0x00001E5A
-	"\x00r\x03#\x00\x00\x1e[" + // 0x00720323: 0x00001E5B
-	"\x1eZ\x03\x04\x00\x00\x1e\\" + // 0x1E5A0304: 0x00001E5C
-	"\x1e[\x03\x04\x00\x00\x1e]" + // 0x1E5B0304: 0x00001E5D
-	"\x00R\x031\x00\x00\x1e^" + // 0x00520331: 0x00001E5E
-	"\x00r\x031\x00\x00\x1e_" + // 0x00720331: 0x00001E5F
-	"\x00S\x03\a\x00\x00\x1e`" + // 0x00530307: 0x00001E60
-	"\x00s\x03\a\x00\x00\x1ea" + // 0x00730307: 0x00001E61
-	"\x00S\x03#\x00\x00\x1eb" + // 0x00530323: 0x00001E62
-	"\x00s\x03#\x00\x00\x1ec" + // 0x00730323: 0x00001E63
-	"\x01Z\x03\a\x00\x00\x1ed" + // 0x015A0307: 0x00001E64
-	"\x01[\x03\a\x00\x00\x1ee" + // 0x015B0307: 0x00001E65
-	"\x01`\x03\a\x00\x00\x1ef" + // 0x01600307: 0x00001E66
-	"\x01a\x03\a\x00\x00\x1eg" + // 0x01610307: 0x00001E67
-	"\x1eb\x03\a\x00\x00\x1eh" + // 0x1E620307: 0x00001E68
-	"\x1ec\x03\a\x00\x00\x1ei" + // 0x1E630307: 0x00001E69
-	"\x00T\x03\a\x00\x00\x1ej" + // 0x00540307: 0x00001E6A
-	"\x00t\x03\a\x00\x00\x1ek" + // 0x00740307: 0x00001E6B
-	"\x00T\x03#\x00\x00\x1el" + // 0x00540323: 0x00001E6C
-	"\x00t\x03#\x00\x00\x1em" + // 0x00740323: 0x00001E6D
-	"\x00T\x031\x00\x00\x1en" + // 0x00540331: 0x00001E6E
-	"\x00t\x031\x00\x00\x1eo" + // 0x00740331: 0x00001E6F
-	"\x00T\x03-\x00\x00\x1ep" + // 0x0054032D: 0x00001E70
-	"\x00t\x03-\x00\x00\x1eq" + // 0x0074032D: 0x00001E71
-	"\x00U\x03$\x00\x00\x1er" + // 0x00550324: 0x00001E72
-	"\x00u\x03$\x00\x00\x1es" + // 0x00750324: 0x00001E73
-	"\x00U\x030\x00\x00\x1et" + // 0x00550330: 0x00001E74
-	"\x00u\x030\x00\x00\x1eu" + // 0x00750330: 0x00001E75
-	"\x00U\x03-\x00\x00\x1ev" + // 0x0055032D: 0x00001E76
-	"\x00u\x03-\x00\x00\x1ew" + // 0x0075032D: 0x00001E77
-	"\x01h\x03\x01\x00\x00\x1ex" + // 0x01680301: 0x00001E78
-	"\x01i\x03\x01\x00\x00\x1ey" + // 0x01690301: 0x00001E79
-	"\x01j\x03\b\x00\x00\x1ez" + // 0x016A0308: 0x00001E7A
-	"\x01k\x03\b\x00\x00\x1e{" + // 0x016B0308: 0x00001E7B
-	"\x00V\x03\x03\x00\x00\x1e|" + // 0x00560303: 0x00001E7C
-	"\x00v\x03\x03\x00\x00\x1e}" + // 0x00760303: 0x00001E7D
-	"\x00V\x03#\x00\x00\x1e~" + // 0x00560323: 0x00001E7E
-	"\x00v\x03#\x00\x00\x1e\u007f" + // 0x00760323: 0x00001E7F
-	"\x00W\x03\x00\x00\x00\x1e\x80" + // 0x00570300: 0x00001E80
-	"\x00w\x03\x00\x00\x00\x1e\x81" + // 0x00770300: 0x00001E81
-	"\x00W\x03\x01\x00\x00\x1e\x82" + // 0x00570301: 0x00001E82
-	"\x00w\x03\x01\x00\x00\x1e\x83" + // 0x00770301: 0x00001E83
-	"\x00W\x03\b\x00\x00\x1e\x84" + // 0x00570308: 0x00001E84
-	"\x00w\x03\b\x00\x00\x1e\x85" + // 0x00770308: 0x00001E85
-	"\x00W\x03\a\x00\x00\x1e\x86" + // 0x00570307: 0x00001E86
-	"\x00w\x03\a\x00\x00\x1e\x87" + // 0x00770307: 0x00001E87
-	"\x00W\x03#\x00\x00\x1e\x88" + // 0x00570323: 0x00001E88
-	"\x00w\x03#\x00\x00\x1e\x89" + // 0x00770323: 0x00001E89
-	"\x00X\x03\a\x00\x00\x1e\x8a" + // 0x00580307: 0x00001E8A
-	"\x00x\x03\a\x00\x00\x1e\x8b" + // 0x00780307: 0x00001E8B
-	"\x00X\x03\b\x00\x00\x1e\x8c" + // 0x00580308: 0x00001E8C
-	"\x00x\x03\b\x00\x00\x1e\x8d" + // 0x00780308: 0x00001E8D
-	"\x00Y\x03\a\x00\x00\x1e\x8e" + // 0x00590307: 0x00001E8E
-	"\x00y\x03\a\x00\x00\x1e\x8f" + // 0x00790307: 0x00001E8F
-	"\x00Z\x03\x02\x00\x00\x1e\x90" + // 0x005A0302: 0x00001E90
-	"\x00z\x03\x02\x00\x00\x1e\x91" + // 0x007A0302: 0x00001E91
-	"\x00Z\x03#\x00\x00\x1e\x92" + // 0x005A0323: 0x00001E92
-	"\x00z\x03#\x00\x00\x1e\x93" + // 0x007A0323: 0x00001E93
-	"\x00Z\x031\x00\x00\x1e\x94" + // 0x005A0331: 0x00001E94
-	"\x00z\x031\x00\x00\x1e\x95" + // 0x007A0331: 0x00001E95
-	"\x00h\x031\x00\x00\x1e\x96" + // 0x00680331: 0x00001E96
-	"\x00t\x03\b\x00\x00\x1e\x97" + // 0x00740308: 0x00001E97
-	"\x00w\x03\n\x00\x00\x1e\x98" + // 0x0077030A: 0x00001E98
-	"\x00y\x03\n\x00\x00\x1e\x99" + // 0x0079030A: 0x00001E99
-	"\x01\u007f\x03\a\x00\x00\x1e\x9b" + // 0x017F0307: 0x00001E9B
-	"\x00A\x03#\x00\x00\x1e\xa0" + // 0x00410323: 0x00001EA0
-	"\x00a\x03#\x00\x00\x1e\xa1" + // 0x00610323: 0x00001EA1
-	"\x00A\x03\t\x00\x00\x1e\xa2" + // 0x00410309: 0x00001EA2
-	"\x00a\x03\t\x00\x00\x1e\xa3" + // 0x00610309: 0x00001EA3
-	"\x00\xc2\x03\x01\x00\x00\x1e\xa4" + // 0x00C20301: 0x00001EA4
-	"\x00\xe2\x03\x01\x00\x00\x1e\xa5" + // 0x00E20301: 0x00001EA5
-	"\x00\xc2\x03\x00\x00\x00\x1e\xa6" + // 0x00C20300: 0x00001EA6
-	"\x00\xe2\x03\x00\x00\x00\x1e\xa7" + // 0x00E20300: 0x00001EA7
-	"\x00\xc2\x03\t\x00\x00\x1e\xa8" + // 0x00C20309: 0x00001EA8
-	"\x00\xe2\x03\t\x00\x00\x1e\xa9" + // 0x00E20309: 0x00001EA9
-	"\x00\xc2\x03\x03\x00\x00\x1e\xaa" + // 0x00C20303: 0x00001EAA
-	"\x00\xe2\x03\x03\x00\x00\x1e\xab" + // 0x00E20303: 0x00001EAB
-	"\x1e\xa0\x03\x02\x00\x00\x1e\xac" + // 0x1EA00302: 0x00001EAC
-	"\x1e\xa1\x03\x02\x00\x00\x1e\xad" + // 0x1EA10302: 0x00001EAD
-	"\x01\x02\x03\x01\x00\x00\x1e\xae" + // 0x01020301: 0x00001EAE
-	"\x01\x03\x03\x01\x00\x00\x1e\xaf" + // 0x01030301: 0x00001EAF
-	"\x01\x02\x03\x00\x00\x00\x1e\xb0" + // 0x01020300: 0x00001EB0
-	"\x01\x03\x03\x00\x00\x00\x1e\xb1" + // 0x01030300: 0x00001EB1
-	"\x01\x02\x03\t\x00\x00\x1e\xb2" + // 0x01020309: 0x00001EB2
-	"\x01\x03\x03\t\x00\x00\x1e\xb3" + // 0x01030309: 0x00001EB3
-	"\x01\x02\x03\x03\x00\x00\x1e\xb4" + // 0x01020303: 0x00001EB4
-	"\x01\x03\x03\x03\x00\x00\x1e\xb5" + // 0x01030303: 0x00001EB5
-	"\x1e\xa0\x03\x06\x00\x00\x1e\xb6" + // 0x1EA00306: 0x00001EB6
-	"\x1e\xa1\x03\x06\x00\x00\x1e\xb7" + // 0x1EA10306: 0x00001EB7
-	"\x00E\x03#\x00\x00\x1e\xb8" + // 0x00450323: 0x00001EB8
-	"\x00e\x03#\x00\x00\x1e\xb9" + // 0x00650323: 0x00001EB9
-	"\x00E\x03\t\x00\x00\x1e\xba" + // 0x00450309: 0x00001EBA
-	"\x00e\x03\t\x00\x00\x1e\xbb" + // 0x00650309: 0x00001EBB
-	"\x00E\x03\x03\x00\x00\x1e\xbc" + // 0x00450303: 0x00001EBC
-	"\x00e\x03\x03\x00\x00\x1e\xbd" + // 0x00650303: 0x00001EBD
-	"\x00\xca\x03\x01\x00\x00\x1e\xbe" + // 0x00CA0301: 0x00001EBE
-	"\x00\xea\x03\x01\x00\x00\x1e\xbf" + // 0x00EA0301: 0x00001EBF
-	"\x00\xca\x03\x00\x00\x00\x1e\xc0" + // 0x00CA0300: 0x00001EC0
-	"\x00\xea\x03\x00\x00\x00\x1e\xc1" + // 0x00EA0300: 0x00001EC1
-	"\x00\xca\x03\t\x00\x00\x1e\xc2" + // 0x00CA0309: 0x00001EC2
-	"\x00\xea\x03\t\x00\x00\x1e\xc3" + // 0x00EA0309: 0x00001EC3
-	"\x00\xca\x03\x03\x00\x00\x1e\xc4" + // 0x00CA0303: 0x00001EC4
-	"\x00\xea\x03\x03\x00\x00\x1e\xc5" + // 0x00EA0303: 0x00001EC5
-	"\x1e\xb8\x03\x02\x00\x00\x1e\xc6" + // 0x1EB80302: 0x00001EC6
-	"\x1e\xb9\x03\x02\x00\x00\x1e\xc7" + // 0x1EB90302: 0x00001EC7
-	"\x00I\x03\t\x00\x00\x1e\xc8" + // 0x00490309: 0x00001EC8
-	"\x00i\x03\t\x00\x00\x1e\xc9" + // 0x00690309: 0x00001EC9
-	"\x00I\x03#\x00\x00\x1e\xca" + // 0x00490323: 0x00001ECA
-	"\x00i\x03#\x00\x00\x1e\xcb" + // 0x00690323: 0x00001ECB
-	"\x00O\x03#\x00\x00\x1e\xcc" + // 0x004F0323: 0x00001ECC
-	"\x00o\x03#\x00\x00\x1e\xcd" + // 0x006F0323: 0x00001ECD
-	"\x00O\x03\t\x00\x00\x1e\xce" + // 0x004F0309: 0x00001ECE
-	"\x00o\x03\t\x00\x00\x1e\xcf" + // 0x006F0309: 0x00001ECF
-	"\x00\xd4\x03\x01\x00\x00\x1e\xd0" + // 0x00D40301: 0x00001ED0
-	"\x00\xf4\x03\x01\x00\x00\x1e\xd1" + // 0x00F40301: 0x00001ED1
-	"\x00\xd4\x03\x00\x00\x00\x1e\xd2" + // 0x00D40300: 0x00001ED2
-	"\x00\xf4\x03\x00\x00\x00\x1e\xd3" + // 0x00F40300: 0x00001ED3
-	"\x00\xd4\x03\t\x00\x00\x1e\xd4" + // 0x00D40309: 0x00001ED4
-	"\x00\xf4\x03\t\x00\x00\x1e\xd5" + // 0x00F40309: 0x00001ED5
-	"\x00\xd4\x03\x03\x00\x00\x1e\xd6" + // 0x00D40303: 0x00001ED6
-	"\x00\xf4\x03\x03\x00\x00\x1e\xd7" + // 0x00F40303: 0x00001ED7
-	"\x1e\xcc\x03\x02\x00\x00\x1e\xd8" + // 0x1ECC0302: 0x00001ED8
-	"\x1e\xcd\x03\x02\x00\x00\x1e\xd9" + // 0x1ECD0302: 0x00001ED9
-	"\x01\xa0\x03\x01\x00\x00\x1e\xda" + // 0x01A00301: 0x00001EDA
-	"\x01\xa1\x03\x01\x00\x00\x1e\xdb" + // 0x01A10301: 0x00001EDB
-	"\x01\xa0\x03\x00\x00\x00\x1e\xdc" + // 0x01A00300: 0x00001EDC
-	"\x01\xa1\x03\x00\x00\x00\x1e\xdd" + // 0x01A10300: 0x00001EDD
-	"\x01\xa0\x03\t\x00\x00\x1e\xde" + // 0x01A00309: 0x00001EDE
-	"\x01\xa1\x03\t\x00\x00\x1e\xdf" + // 0x01A10309: 0x00001EDF
-	"\x01\xa0\x03\x03\x00\x00\x1e\xe0" + // 0x01A00303: 0x00001EE0
-	"\x01\xa1\x03\x03\x00\x00\x1e\xe1" + // 0x01A10303: 0x00001EE1
-	"\x01\xa0\x03#\x00\x00\x1e\xe2" + // 0x01A00323: 0x00001EE2
-	"\x01\xa1\x03#\x00\x00\x1e\xe3" + // 0x01A10323: 0x00001EE3
-	"\x00U\x03#\x00\x00\x1e\xe4" + // 0x00550323: 0x00001EE4
-	"\x00u\x03#\x00\x00\x1e\xe5" + // 0x00750323: 0x00001EE5
-	"\x00U\x03\t\x00\x00\x1e\xe6" + // 0x00550309: 0x00001EE6
-	"\x00u\x03\t\x00\x00\x1e\xe7" + // 0x00750309: 0x00001EE7
-	"\x01\xaf\x03\x01\x00\x00\x1e\xe8" + // 0x01AF0301: 0x00001EE8
-	"\x01\xb0\x03\x01\x00\x00\x1e\xe9" + // 0x01B00301: 0x00001EE9
-	"\x01\xaf\x03\x00\x00\x00\x1e\xea" + // 0x01AF0300: 0x00001EEA
-	"\x01\xb0\x03\x00\x00\x00\x1e\xeb" + // 0x01B00300: 0x00001EEB
-	"\x01\xaf\x03\t\x00\x00\x1e\xec" + // 0x01AF0309: 0x00001EEC
-	"\x01\xb0\x03\t\x00\x00\x1e\xed" + // 0x01B00309: 0x00001EED
-	"\x01\xaf\x03\x03\x00\x00\x1e\xee" + // 0x01AF0303: 0x00001EEE
-	"\x01\xb0\x03\x03\x00\x00\x1e\xef" + // 0x01B00303: 0x00001EEF
-	"\x01\xaf\x03#\x00\x00\x1e\xf0" + // 0x01AF0323: 0x00001EF0
-	"\x01\xb0\x03#\x00\x00\x1e\xf1" + // 0x01B00323: 0x00001EF1
-	"\x00Y\x03\x00\x00\x00\x1e\xf2" + // 0x00590300: 0x00001EF2
-	"\x00y\x03\x00\x00\x00\x1e\xf3" + // 0x00790300: 0x00001EF3
-	"\x00Y\x03#\x00\x00\x1e\xf4" + // 0x00590323: 0x00001EF4
-	"\x00y\x03#\x00\x00\x1e\xf5" + // 0x00790323: 0x00001EF5
-	"\x00Y\x03\t\x00\x00\x1e\xf6" + // 0x00590309: 0x00001EF6
-	"\x00y\x03\t\x00\x00\x1e\xf7" + // 0x00790309: 0x00001EF7
-	"\x00Y\x03\x03\x00\x00\x1e\xf8" + // 0x00590303: 0x00001EF8
-	"\x00y\x03\x03\x00\x00\x1e\xf9" + // 0x00790303: 0x00001EF9
-	"\x03\xb1\x03\x13\x00\x00\x1f\x00" + // 0x03B10313: 0x00001F00
-	"\x03\xb1\x03\x14\x00\x00\x1f\x01" + // 0x03B10314: 0x00001F01
-	"\x1f\x00\x03\x00\x00\x00\x1f\x02" + // 0x1F000300: 0x00001F02
-	"\x1f\x01\x03\x00\x00\x00\x1f\x03" + // 0x1F010300: 0x00001F03
-	"\x1f\x00\x03\x01\x00\x00\x1f\x04" + // 0x1F000301: 0x00001F04
-	"\x1f\x01\x03\x01\x00\x00\x1f\x05" + // 0x1F010301: 0x00001F05
-	"\x1f\x00\x03B\x00\x00\x1f\x06" + // 0x1F000342: 0x00001F06
-	"\x1f\x01\x03B\x00\x00\x1f\a" + // 0x1F010342: 0x00001F07
-	"\x03\x91\x03\x13\x00\x00\x1f\b" + // 0x03910313: 0x00001F08
-	"\x03\x91\x03\x14\x00\x00\x1f\t" + // 0x03910314: 0x00001F09
-	"\x1f\b\x03\x00\x00\x00\x1f\n" + // 0x1F080300: 0x00001F0A
-	"\x1f\t\x03\x00\x00\x00\x1f\v" + // 0x1F090300: 0x00001F0B
-	"\x1f\b\x03\x01\x00\x00\x1f\f" + // 0x1F080301: 0x00001F0C
-	"\x1f\t\x03\x01\x00\x00\x1f\r" + // 0x1F090301: 0x00001F0D
-	"\x1f\b\x03B\x00\x00\x1f\x0e" + // 0x1F080342: 0x00001F0E
-	"\x1f\t\x03B\x00\x00\x1f\x0f" + // 0x1F090342: 0x00001F0F
-	"\x03\xb5\x03\x13\x00\x00\x1f\x10" + // 0x03B50313: 0x00001F10
-	"\x03\xb5\x03\x14\x00\x00\x1f\x11" + // 0x03B50314: 0x00001F11
-	"\x1f\x10\x03\x00\x00\x00\x1f\x12" + // 0x1F100300: 0x00001F12
-	"\x1f\x11\x03\x00\x00\x00\x1f\x13" + // 0x1F110300: 0x00001F13
-	"\x1f\x10\x03\x01\x00\x00\x1f\x14" + // 0x1F100301: 0x00001F14
-	"\x1f\x11\x03\x01\x00\x00\x1f\x15" + // 0x1F110301: 0x00001F15
-	"\x03\x95\x03\x13\x00\x00\x1f\x18" + // 0x03950313: 0x00001F18
-	"\x03\x95\x03\x14\x00\x00\x1f\x19" + // 0x03950314: 0x00001F19
-	"\x1f\x18\x03\x00\x00\x00\x1f\x1a" + // 0x1F180300: 0x00001F1A
-	"\x1f\x19\x03\x00\x00\x00\x1f\x1b" + // 0x1F190300: 0x00001F1B
-	"\x1f\x18\x03\x01\x00\x00\x1f\x1c" + // 0x1F180301: 0x00001F1C
-	"\x1f\x19\x03\x01\x00\x00\x1f\x1d" + // 0x1F190301: 0x00001F1D
-	"\x03\xb7\x03\x13\x00\x00\x1f " + // 0x03B70313: 0x00001F20
-	"\x03\xb7\x03\x14\x00\x00\x1f!" + // 0x03B70314: 0x00001F21
-	"\x1f \x03\x00\x00\x00\x1f\"" + // 0x1F200300: 0x00001F22
-	"\x1f!\x03\x00\x00\x00\x1f#" + // 0x1F210300: 0x00001F23
-	"\x1f \x03\x01\x00\x00\x1f$" + // 0x1F200301: 0x00001F24
-	"\x1f!\x03\x01\x00\x00\x1f%" + // 0x1F210301: 0x00001F25
-	"\x1f \x03B\x00\x00\x1f&" + // 0x1F200342: 0x00001F26
-	"\x1f!\x03B\x00\x00\x1f'" + // 0x1F210342: 0x00001F27
-	"\x03\x97\x03\x13\x00\x00\x1f(" + // 0x03970313: 0x00001F28
-	"\x03\x97\x03\x14\x00\x00\x1f)" + // 0x03970314: 0x00001F29
-	"\x1f(\x03\x00\x00\x00\x1f*" + // 0x1F280300: 0x00001F2A
-	"\x1f)\x03\x00\x00\x00\x1f+" + // 0x1F290300: 0x00001F2B
-	"\x1f(\x03\x01\x00\x00\x1f," + // 0x1F280301: 0x00001F2C
-	"\x1f)\x03\x01\x00\x00\x1f-" + // 0x1F290301: 0x00001F2D
-	"\x1f(\x03B\x00\x00\x1f." + // 0x1F280342: 0x00001F2E
-	"\x1f)\x03B\x00\x00\x1f/" + // 0x1F290342: 0x00001F2F
-	"\x03\xb9\x03\x13\x00\x00\x1f0" + // 0x03B90313: 0x00001F30
-	"\x03\xb9\x03\x14\x00\x00\x1f1" + // 0x03B90314: 0x00001F31
-	"\x1f0\x03\x00\x00\x00\x1f2" + // 0x1F300300: 0x00001F32
-	"\x1f1\x03\x00\x00\x00\x1f3" + // 0x1F310300: 0x00001F33
-	"\x1f0\x03\x01\x00\x00\x1f4" + // 0x1F300301: 0x00001F34
-	"\x1f1\x03\x01\x00\x00\x1f5" + // 0x1F310301: 0x00001F35
-	"\x1f0\x03B\x00\x00\x1f6" + // 0x1F300342: 0x00001F36
-	"\x1f1\x03B\x00\x00\x1f7" + // 0x1F310342: 0x00001F37
-	"\x03\x99\x03\x13\x00\x00\x1f8" + // 0x03990313: 0x00001F38
-	"\x03\x99\x03\x14\x00\x00\x1f9" + // 0x03990314: 0x00001F39
-	"\x1f8\x03\x00\x00\x00\x1f:" + // 0x1F380300: 0x00001F3A
-	"\x1f9\x03\x00\x00\x00\x1f;" + // 0x1F390300: 0x00001F3B
-	"\x1f8\x03\x01\x00\x00\x1f<" + // 0x1F380301: 0x00001F3C
-	"\x1f9\x03\x01\x00\x00\x1f=" + // 0x1F390301: 0x00001F3D
-	"\x1f8\x03B\x00\x00\x1f>" + // 0x1F380342: 0x00001F3E
-	"\x1f9\x03B\x00\x00\x1f?" + // 0x1F390342: 0x00001F3F
-	"\x03\xbf\x03\x13\x00\x00\x1f@" + // 0x03BF0313: 0x00001F40
-	"\x03\xbf\x03\x14\x00\x00\x1fA" + // 0x03BF0314: 0x00001F41
-	"\x1f@\x03\x00\x00\x00\x1fB" + // 0x1F400300: 0x00001F42
-	"\x1fA\x03\x00\x00\x00\x1fC" + // 0x1F410300: 0x00001F43
-	"\x1f@\x03\x01\x00\x00\x1fD" + // 0x1F400301: 0x00001F44
-	"\x1fA\x03\x01\x00\x00\x1fE" + // 0x1F410301: 0x00001F45
-	"\x03\x9f\x03\x13\x00\x00\x1fH" + // 0x039F0313: 0x00001F48
-	"\x03\x9f\x03\x14\x00\x00\x1fI" + // 0x039F0314: 0x00001F49
-	"\x1fH\x03\x00\x00\x00\x1fJ" + // 0x1F480300: 0x00001F4A
-	"\x1fI\x03\x00\x00\x00\x1fK" + // 0x1F490300: 0x00001F4B
-	"\x1fH\x03\x01\x00\x00\x1fL" + // 0x1F480301: 0x00001F4C
-	"\x1fI\x03\x01\x00\x00\x1fM" + // 0x1F490301: 0x00001F4D
-	"\x03\xc5\x03\x13\x00\x00\x1fP" + // 0x03C50313: 0x00001F50
-	"\x03\xc5\x03\x14\x00\x00\x1fQ" + // 0x03C50314: 0x00001F51
-	"\x1fP\x03\x00\x00\x00\x1fR" + // 0x1F500300: 0x00001F52
-	"\x1fQ\x03\x00\x00\x00\x1fS" + // 0x1F510300: 0x00001F53
-	"\x1fP\x03\x01\x00\x00\x1fT" + // 0x1F500301: 0x00001F54
-	"\x1fQ\x03\x01\x00\x00\x1fU" + // 0x1F510301: 0x00001F55
-	"\x1fP\x03B\x00\x00\x1fV" + // 0x1F500342: 0x00001F56
-	"\x1fQ\x03B\x00\x00\x1fW" + // 0x1F510342: 0x00001F57
-	"\x03\xa5\x03\x14\x00\x00\x1fY" + // 0x03A50314: 0x00001F59
-	"\x1fY\x03\x00\x00\x00\x1f[" + // 0x1F590300: 0x00001F5B
-	"\x1fY\x03\x01\x00\x00\x1f]" + // 0x1F590301: 0x00001F5D
-	"\x1fY\x03B\x00\x00\x1f_" + // 0x1F590342: 0x00001F5F
-	"\x03\xc9\x03\x13\x00\x00\x1f`" + // 0x03C90313: 0x00001F60
-	"\x03\xc9\x03\x14\x00\x00\x1fa" + // 0x03C90314: 0x00001F61
-	"\x1f`\x03\x00\x00\x00\x1fb" + // 0x1F600300: 0x00001F62
-	"\x1fa\x03\x00\x00\x00\x1fc" + // 0x1F610300: 0x00001F63
-	"\x1f`\x03\x01\x00\x00\x1fd" + // 0x1F600301: 0x00001F64
-	"\x1fa\x03\x01\x00\x00\x1fe" + // 0x1F610301: 0x00001F65
-	"\x1f`\x03B\x00\x00\x1ff" + // 0x1F600342: 0x00001F66
-	"\x1fa\x03B\x00\x00\x1fg" + // 0x1F610342: 0x00001F67
-	"\x03\xa9\x03\x13\x00\x00\x1fh" + // 0x03A90313: 0x00001F68
-	"\x03\xa9\x03\x14\x00\x00\x1fi" + // 0x03A90314: 0x00001F69
-	"\x1fh\x03\x00\x00\x00\x1fj" + // 0x1F680300: 0x00001F6A
-	"\x1fi\x03\x00\x00\x00\x1fk" + // 0x1F690300: 0x00001F6B
-	"\x1fh\x03\x01\x00\x00\x1fl" + // 0x1F680301: 0x00001F6C
-	"\x1fi\x03\x01\x00\x00\x1fm" + // 0x1F690301: 0x00001F6D
-	"\x1fh\x03B\x00\x00\x1fn" + // 0x1F680342: 0x00001F6E
-	"\x1fi\x03B\x00\x00\x1fo" + // 0x1F690342: 0x00001F6F
-	"\x03\xb1\x03\x00\x00\x00\x1fp" + // 0x03B10300: 0x00001F70
-	"\x03\xb5\x03\x00\x00\x00\x1fr" + // 0x03B50300: 0x00001F72
-	"\x03\xb7\x03\x00\x00\x00\x1ft" + // 0x03B70300: 0x00001F74
-	"\x03\xb9\x03\x00\x00\x00\x1fv" + // 0x03B90300: 0x00001F76
-	"\x03\xbf\x03\x00\x00\x00\x1fx" + // 0x03BF0300: 0x00001F78
-	"\x03\xc5\x03\x00\x00\x00\x1fz" + // 0x03C50300: 0x00001F7A
-	"\x03\xc9\x03\x00\x00\x00\x1f|" + // 0x03C90300: 0x00001F7C
-	"\x1f\x00\x03E\x00\x00\x1f\x80" + // 0x1F000345: 0x00001F80
-	"\x1f\x01\x03E\x00\x00\x1f\x81" + // 0x1F010345: 0x00001F81
-	"\x1f\x02\x03E\x00\x00\x1f\x82" + // 0x1F020345: 0x00001F82
-	"\x1f\x03\x03E\x00\x00\x1f\x83" + // 0x1F030345: 0x00001F83
-	"\x1f\x04\x03E\x00\x00\x1f\x84" + // 0x1F040345: 0x00001F84
-	"\x1f\x05\x03E\x00\x00\x1f\x85" + // 0x1F050345: 0x00001F85
-	"\x1f\x06\x03E\x00\x00\x1f\x86" + // 0x1F060345: 0x00001F86
-	"\x1f\a\x03E\x00\x00\x1f\x87" + // 0x1F070345: 0x00001F87
-	"\x1f\b\x03E\x00\x00\x1f\x88" + // 0x1F080345: 0x00001F88
-	"\x1f\t\x03E\x00\x00\x1f\x89" + // 0x1F090345: 0x00001F89
-	"\x1f\n\x03E\x00\x00\x1f\x8a" + // 0x1F0A0345: 0x00001F8A
-	"\x1f\v\x03E\x00\x00\x1f\x8b" + // 0x1F0B0345: 0x00001F8B
-	"\x1f\f\x03E\x00\x00\x1f\x8c" + // 0x1F0C0345: 0x00001F8C
-	"\x1f\r\x03E\x00\x00\x1f\x8d" + // 0x1F0D0345: 0x00001F8D
-	"\x1f\x0e\x03E\x00\x00\x1f\x8e" + // 0x1F0E0345: 0x00001F8E
-	"\x1f\x0f\x03E\x00\x00\x1f\x8f" + // 0x1F0F0345: 0x00001F8F
-	"\x1f \x03E\x00\x00\x1f\x90" + // 0x1F200345: 0x00001F90
-	"\x1f!\x03E\x00\x00\x1f\x91" + // 0x1F210345: 0x00001F91
-	"\x1f\"\x03E\x00\x00\x1f\x92" + // 0x1F220345: 0x00001F92
-	"\x1f#\x03E\x00\x00\x1f\x93" + // 0x1F230345: 0x00001F93
-	"\x1f$\x03E\x00\x00\x1f\x94" + // 0x1F240345: 0x00001F94
-	"\x1f%\x03E\x00\x00\x1f\x95" + // 0x1F250345: 0x00001F95
-	"\x1f&\x03E\x00\x00\x1f\x96" + // 0x1F260345: 0x00001F96
-	"\x1f'\x03E\x00\x00\x1f\x97" + // 0x1F270345: 0x00001F97
-	"\x1f(\x03E\x00\x00\x1f\x98" + // 0x1F280345: 0x00001F98
-	"\x1f)\x03E\x00\x00\x1f\x99" + // 0x1F290345: 0x00001F99
-	"\x1f*\x03E\x00\x00\x1f\x9a" + // 0x1F2A0345: 0x00001F9A
-	"\x1f+\x03E\x00\x00\x1f\x9b" + // 0x1F2B0345: 0x00001F9B
-	"\x1f,\x03E\x00\x00\x1f\x9c" + // 0x1F2C0345: 0x00001F9C
-	"\x1f-\x03E\x00\x00\x1f\x9d" + // 0x1F2D0345: 0x00001F9D
-	"\x1f.\x03E\x00\x00\x1f\x9e" + // 0x1F2E0345: 0x00001F9E
-	"\x1f/\x03E\x00\x00\x1f\x9f" + // 0x1F2F0345: 0x00001F9F
-	"\x1f`\x03E\x00\x00\x1f\xa0" + // 0x1F600345: 0x00001FA0
-	"\x1fa\x03E\x00\x00\x1f\xa1" + // 0x1F610345: 0x00001FA1
-	"\x1fb\x03E\x00\x00\x1f\xa2" + // 0x1F620345: 0x00001FA2
-	"\x1fc\x03E\x00\x00\x1f\xa3" + // 0x1F630345: 0x00001FA3
-	"\x1fd\x03E\x00\x00\x1f\xa4" + // 0x1F640345: 0x00001FA4
-	"\x1fe\x03E\x00\x00\x1f\xa5" + // 0x1F650345: 0x00001FA5
-	"\x1ff\x03E\x00\x00\x1f\xa6" + // 0x1F660345: 0x00001FA6
-	"\x1fg\x03E\x00\x00\x1f\xa7" + // 0x1F670345: 0x00001FA7
-	"\x1fh\x03E\x00\x00\x1f\xa8" + // 0x1F680345: 0x00001FA8
-	"\x1fi\x03E\x00\x00\x1f\xa9" + // 0x1F690345: 0x00001FA9
-	"\x1fj\x03E\x00\x00\x1f\xaa" + // 0x1F6A0345: 0x00001FAA
-	"\x1fk\x03E\x00\x00\x1f\xab" + // 0x1F6B0345: 0x00001FAB
-	"\x1fl\x03E\x00\x00\x1f\xac" + // 0x1F6C0345: 0x00001FAC
-	"\x1fm\x03E\x00\x00\x1f\xad" + // 0x1F6D0345: 0x00001FAD
-	"\x1fn\x03E\x00\x00\x1f\xae" + // 0x1F6E0345: 0x00001FAE
-	"\x1fo\x03E\x00\x00\x1f\xaf" + // 0x1F6F0345: 0x00001FAF
-	"\x03\xb1\x03\x06\x00\x00\x1f\xb0" + // 0x03B10306: 0x00001FB0
-	"\x03\xb1\x03\x04\x00\x00\x1f\xb1" + // 0x03B10304: 0x00001FB1
-	"\x1fp\x03E\x00\x00\x1f\xb2" + // 0x1F700345: 0x00001FB2
-	"\x03\xb1\x03E\x00\x00\x1f\xb3" + // 0x03B10345: 0x00001FB3
-	"\x03\xac\x03E\x00\x00\x1f\xb4" + // 0x03AC0345: 0x00001FB4
-	"\x03\xb1\x03B\x00\x00\x1f\xb6" + // 0x03B10342: 0x00001FB6
-	"\x1f\xb6\x03E\x00\x00\x1f\xb7" + // 0x1FB60345: 0x00001FB7
-	"\x03\x91\x03\x06\x00\x00\x1f\xb8" + // 0x03910306: 0x00001FB8
-	"\x03\x91\x03\x04\x00\x00\x1f\xb9" + // 0x03910304: 0x00001FB9
-	"\x03\x91\x03\x00\x00\x00\x1f\xba" + // 0x03910300: 0x00001FBA
-	"\x03\x91\x03E\x00\x00\x1f\xbc" + // 0x03910345: 0x00001FBC
-	"\x00\xa8\x03B\x00\x00\x1f\xc1" + // 0x00A80342: 0x00001FC1
-	"\x1ft\x03E\x00\x00\x1f\xc2" + // 0x1F740345: 0x00001FC2
-	"\x03\xb7\x03E\x00\x00\x1f\xc3" + // 0x03B70345: 0x00001FC3
-	"\x03\xae\x03E\x00\x00\x1f\xc4" + // 0x03AE0345: 0x00001FC4
-	"\x03\xb7\x03B\x00\x00\x1f\xc6" + // 0x03B70342: 0x00001FC6
-	"\x1f\xc6\x03E\x00\x00\x1f\xc7" + // 0x1FC60345: 0x00001FC7
-	"\x03\x95\x03\x00\x00\x00\x1f\xc8" + // 0x03950300: 0x00001FC8
-	"\x03\x97\x03\x00\x00\x00\x1f\xca" + // 0x03970300: 0x00001FCA
-	"\x03\x97\x03E\x00\x00\x1f\xcc" + // 0x03970345: 0x00001FCC
-	"\x1f\xbf\x03\x00\x00\x00\x1f\xcd" + // 0x1FBF0300: 0x00001FCD
-	"\x1f\xbf\x03\x01\x00\x00\x1f\xce" + // 0x1FBF0301: 0x00001FCE
-	"\x1f\xbf\x03B\x00\x00\x1f\xcf" + // 0x1FBF0342: 0x00001FCF
-	"\x03\xb9\x03\x06\x00\x00\x1f\xd0" + // 0x03B90306: 0x00001FD0
-	"\x03\xb9\x03\x04\x00\x00\x1f\xd1" + // 0x03B90304: 0x00001FD1
-	"\x03\xca\x03\x00\x00\x00\x1f\xd2" + // 0x03CA0300: 0x00001FD2
-	"\x03\xb9\x03B\x00\x00\x1f\xd6" + // 0x03B90342: 0x00001FD6
-	"\x03\xca\x03B\x00\x00\x1f\xd7" + // 0x03CA0342: 0x00001FD7
-	"\x03\x99\x03\x06\x00\x00\x1f\xd8" + // 0x03990306: 0x00001FD8
-	"\x03\x99\x03\x04\x00\x00\x1f\xd9" + // 0x03990304: 0x00001FD9
-	"\x03\x99\x03\x00\x00\x00\x1f\xda" + // 0x03990300: 0x00001FDA
-	"\x1f\xfe\x03\x00\x00\x00\x1f\xdd" + // 0x1FFE0300: 0x00001FDD
-	"\x1f\xfe\x03\x01\x00\x00\x1f\xde" + // 0x1FFE0301: 0x00001FDE
-	"\x1f\xfe\x03B\x00\x00\x1f\xdf" + // 0x1FFE0342: 0x00001FDF
-	"\x03\xc5\x03\x06\x00\x00\x1f\xe0" + // 0x03C50306: 0x00001FE0
-	"\x03\xc5\x03\x04\x00\x00\x1f\xe1" + // 0x03C50304: 0x00001FE1
-	"\x03\xcb\x03\x00\x00\x00\x1f\xe2" + // 0x03CB0300: 0x00001FE2
-	"\x03\xc1\x03\x13\x00\x00\x1f\xe4" + // 0x03C10313: 0x00001FE4
-	"\x03\xc1\x03\x14\x00\x00\x1f\xe5" + // 0x03C10314: 0x00001FE5
-	"\x03\xc5\x03B\x00\x00\x1f\xe6" + // 0x03C50342: 0x00001FE6
-	"\x03\xcb\x03B\x00\x00\x1f\xe7" + // 0x03CB0342: 0x00001FE7
-	"\x03\xa5\x03\x06\x00\x00\x1f\xe8" + // 0x03A50306: 0x00001FE8
-	"\x03\xa5\x03\x04\x00\x00\x1f\xe9" + // 0x03A50304: 0x00001FE9
-	"\x03\xa5\x03\x00\x00\x00\x1f\xea" + // 0x03A50300: 0x00001FEA
-	"\x03\xa1\x03\x14\x00\x00\x1f\xec" + // 0x03A10314: 0x00001FEC
-	"\x00\xa8\x03\x00\x00\x00\x1f\xed" + // 0x00A80300: 0x00001FED
-	"\x1f|\x03E\x00\x00\x1f\xf2" + // 0x1F7C0345: 0x00001FF2
-	"\x03\xc9\x03E\x00\x00\x1f\xf3" + // 0x03C90345: 0x00001FF3
-	"\x03\xce\x03E\x00\x00\x1f\xf4" + // 0x03CE0345: 0x00001FF4
-	"\x03\xc9\x03B\x00\x00\x1f\xf6" + // 0x03C90342: 0x00001FF6
-	"\x1f\xf6\x03E\x00\x00\x1f\xf7" + // 0x1FF60345: 0x00001FF7
-	"\x03\x9f\x03\x00\x00\x00\x1f\xf8" + // 0x039F0300: 0x00001FF8
-	"\x03\xa9\x03\x00\x00\x00\x1f\xfa" + // 0x03A90300: 0x00001FFA
-	"\x03\xa9\x03E\x00\x00\x1f\xfc" + // 0x03A90345: 0x00001FFC
-	"!\x90\x038\x00\x00!\x9a" + // 0x21900338: 0x0000219A
-	"!\x92\x038\x00\x00!\x9b" + // 0x21920338: 0x0000219B
-	"!\x94\x038\x00\x00!\xae" + // 0x21940338: 0x000021AE
-	"!\xd0\x038\x00\x00!\xcd" + // 0x21D00338: 0x000021CD
-	"!\xd4\x038\x00\x00!\xce" + // 0x21D40338: 0x000021CE
-	"!\xd2\x038\x00\x00!\xcf" + // 0x21D20338: 0x000021CF
-	"\"\x03\x038\x00\x00\"\x04" + // 0x22030338: 0x00002204
-	"\"\b\x038\x00\x00\"\t" + // 0x22080338: 0x00002209
-	"\"\v\x038\x00\x00\"\f" + // 0x220B0338: 0x0000220C
-	"\"#\x038\x00\x00\"$" + // 0x22230338: 0x00002224
-	"\"%\x038\x00\x00\"&" + // 0x22250338: 0x00002226
-	"\"<\x038\x00\x00\"A" + // 0x223C0338: 0x00002241
-	"\"C\x038\x00\x00\"D" + // 0x22430338: 0x00002244
-	"\"E\x038\x00\x00\"G" + // 0x22450338: 0x00002247
-	"\"H\x038\x00\x00\"I" + // 0x22480338: 0x00002249
-	"\x00=\x038\x00\x00\"`" + // 0x003D0338: 0x00002260
-	"\"a\x038\x00\x00\"b" + // 0x22610338: 0x00002262
-	"\"M\x038\x00\x00\"m" + // 0x224D0338: 0x0000226D
-	"\x00<\x038\x00\x00\"n" + // 0x003C0338: 0x0000226E
-	"\x00>\x038\x00\x00\"o" + // 0x003E0338: 0x0000226F
-	"\"d\x038\x00\x00\"p" + // 0x22640338: 0x00002270
-	"\"e\x038\x00\x00\"q" + // 0x22650338: 0x00002271
-	"\"r\x038\x00\x00\"t" + // 0x22720338: 0x00002274
-	"\"s\x038\x00\x00\"u" + // 0x22730338: 0x00002275
-	"\"v\x038\x00\x00\"x" + // 0x22760338: 0x00002278
-	"\"w\x038\x00\x00\"y" + // 0x22770338: 0x00002279
-	"\"z\x038\x00\x00\"\x80" + // 0x227A0338: 0x00002280
-	"\"{\x038\x00\x00\"\x81" + // 0x227B0338: 0x00002281
-	"\"\x82\x038\x00\x00\"\x84" + // 0x22820338: 0x00002284
-	"\"\x83\x038\x00\x00\"\x85" + // 0x22830338: 0x00002285
-	"\"\x86\x038\x00\x00\"\x88" + // 0x22860338: 0x00002288
-	"\"\x87\x038\x00\x00\"\x89" + // 0x22870338: 0x00002289
-	"\"\xa2\x038\x00\x00\"\xac" + // 0x22A20338: 0x000022AC
-	"\"\xa8\x038\x00\x00\"\xad" + // 0x22A80338: 0x000022AD
-	"\"\xa9\x038\x00\x00\"\xae" + // 0x22A90338: 0x000022AE
-	"\"\xab\x038\x00\x00\"\xaf" + // 0x22AB0338: 0x000022AF
-	"\"|\x038\x00\x00\"\xe0" + // 0x227C0338: 0x000022E0
-	"\"}\x038\x00\x00\"\xe1" + // 0x227D0338: 0x000022E1
-	"\"\x91\x038\x00\x00\"\xe2" + // 0x22910338: 0x000022E2
-	"\"\x92\x038\x00\x00\"\xe3" + // 0x22920338: 0x000022E3
-	"\"\xb2\x038\x00\x00\"\xea" + // 0x22B20338: 0x000022EA
-	"\"\xb3\x038\x00\x00\"\xeb" + // 0x22B30338: 0x000022EB
-	"\"\xb4\x038\x00\x00\"\xec" + // 0x22B40338: 0x000022EC
-	"\"\xb5\x038\x00\x00\"\xed" + // 0x22B50338: 0x000022ED
-	"0K0\x99\x00\x000L" + // 0x304B3099: 0x0000304C
-	"0M0\x99\x00\x000N" + // 0x304D3099: 0x0000304E
-	"0O0\x99\x00\x000P" + // 0x304F3099: 0x00003050
-	"0Q0\x99\x00\x000R" + // 0x30513099: 0x00003052
-	"0S0\x99\x00\x000T" + // 0x30533099: 0x00003054
-	"0U0\x99\x00\x000V" + // 0x30553099: 0x00003056
-	"0W0\x99\x00\x000X" + // 0x30573099: 0x00003058
-	"0Y0\x99\x00\x000Z" + // 0x30593099: 0x0000305A
-	"0[0\x99\x00\x000\\" + // 0x305B3099: 0x0000305C
-	"0]0\x99\x00\x000^" + // 0x305D3099: 0x0000305E
-	"0_0\x99\x00\x000`" + // 0x305F3099: 0x00003060
-	"0a0\x99\x00\x000b" + // 0x30613099: 0x00003062
-	"0d0\x99\x00\x000e" + // 0x30643099: 0x00003065
-	"0f0\x99\x00\x000g" + // 0x30663099: 0x00003067
-	"0h0\x99\x00\x000i" + // 0x30683099: 0x00003069
-	"0o0\x99\x00\x000p" + // 0x306F3099: 0x00003070
-	"0o0\x9a\x00\x000q" + // 0x306F309A: 0x00003071
-	"0r0\x99\x00\x000s" + // 0x30723099: 0x00003073
-	"0r0\x9a\x00\x000t" + // 0x3072309A: 0x00003074
-	"0u0\x99\x00\x000v" + // 0x30753099: 0x00003076
-	"0u0\x9a\x00\x000w" + // 0x3075309A: 0x00003077
-	"0x0\x99\x00\x000y" + // 0x30783099: 0x00003079
-	"0x0\x9a\x00\x000z" + // 0x3078309A: 0x0000307A
-	"0{0\x99\x00\x000|" + // 0x307B3099: 0x0000307C
-	"0{0\x9a\x00\x000}" + // 0x307B309A: 0x0000307D
-	"0F0\x99\x00\x000\x94" + // 0x30463099: 0x00003094
-	"0\x9d0\x99\x00\x000\x9e" + // 0x309D3099: 0x0000309E
-	"0\xab0\x99\x00\x000\xac" + // 0x30AB3099: 0x000030AC
-	"0\xad0\x99\x00\x000\xae" + // 0x30AD3099: 0x000030AE
-	"0\xaf0\x99\x00\x000\xb0" + // 0x30AF3099: 0x000030B0
-	"0\xb10\x99\x00\x000\xb2" + // 0x30B13099: 0x000030B2
-	"0\xb30\x99\x00\x000\xb4" + // 0x30B33099: 0x000030B4
-	"0\xb50\x99\x00\x000\xb6" + // 0x30B53099: 0x000030B6
-	"0\xb70\x99\x00\x000\xb8" + // 0x30B73099: 0x000030B8
-	"0\xb90\x99\x00\x000\xba" + // 0x30B93099: 0x000030BA
-	"0\xbb0\x99\x00\x000\xbc" + // 0x30BB3099: 0x000030BC
-	"0\xbd0\x99\x00\x000\xbe" + // 0x30BD3099: 0x000030BE
-	"0\xbf0\x99\x00\x000\xc0" + // 0x30BF3099: 0x000030C0
-	"0\xc10\x99\x00\x000\xc2" + // 0x30C13099: 0x000030C2
-	"0\xc40\x99\x00\x000\xc5" + // 0x30C43099: 0x000030C5
-	"0\xc60\x99\x00\x000\xc7" + // 0x30C63099: 0x000030C7
-	"0\xc80\x99\x00\x000\xc9" + // 0x30C83099: 0x000030C9
-	"0\xcf0\x99\x00\x000\xd0" + // 0x30CF3099: 0x000030D0
-	"0\xcf0\x9a\x00\x000\xd1" + // 0x30CF309A: 0x000030D1
-	"0\xd20\x99\x00\x000\xd3" + // 0x30D23099: 0x000030D3
-	"0\xd20\x9a\x00\x000\xd4" + // 0x30D2309A: 0x000030D4
-	"0\xd50\x99\x00\x000\xd6" + // 0x30D53099: 0x000030D6
-	"0\xd50\x9a\x00\x000\xd7" + // 0x30D5309A: 0x000030D7
-	"0\xd80\x99\x00\x000\xd9" + // 0x30D83099: 0x000030D9
-	"0\xd80\x9a\x00\x000\xda" + // 0x30D8309A: 0x000030DA
-	"0\xdb0\x99\x00\x000\xdc" + // 0x30DB3099: 0x000030DC
-	"0\xdb0\x9a\x00\x000\xdd" + // 0x30DB309A: 0x000030DD
-	"0\xa60\x99\x00\x000\xf4" + // 0x30A63099: 0x000030F4
-	"0\xef0\x99\x00\x000\xf7" + // 0x30EF3099: 0x000030F7
-	"0\xf00\x99\x00\x000\xf8" + // 0x30F03099: 0x000030F8
-	"0\xf10\x99\x00\x000\xf9" + // 0x30F13099: 0x000030F9
-	"0\xf20\x99\x00\x000\xfa" + // 0x30F23099: 0x000030FA
-	"0\xfd0\x99\x00\x000\xfe" + // 0x30FD3099: 0x000030FE
-	"\x10\x99\x10\xba\x00\x01\x10\x9a" + // 0x109910BA: 0x0001109A
-	"\x10\x9b\x10\xba\x00\x01\x10\x9c" + // 0x109B10BA: 0x0001109C
-	"\x10\xa5\x10\xba\x00\x01\x10\xab" + // 0x10A510BA: 0x000110AB
-	"\x111\x11'\x00\x01\x11." + // 0x11311127: 0x0001112E
-	"\x112\x11'\x00\x01\x11/" + // 0x11321127: 0x0001112F
-	"\x13G\x13>\x00\x01\x13K" + // 0x1347133E: 0x0001134B
-	"\x13G\x13W\x00\x01\x13L" + // 0x13471357: 0x0001134C
-	"\x14\xb9\x14\xba\x00\x01\x14\xbb" + // 0x14B914BA: 0x000114BB
-	"\x14\xb9\x14\xb0\x00\x01\x14\xbc" + // 0x14B914B0: 0x000114BC
-	"\x14\xb9\x14\xbd\x00\x01\x14\xbe" + // 0x14B914BD: 0x000114BE
-	"\x15\xb8\x15\xaf\x00\x01\x15\xba" + // 0x15B815AF: 0x000115BA
-	"\x15\xb9\x15\xaf\x00\x01\x15\xbb" + // 0x15B915AF: 0x000115BB
-	""
-	// Total size of tables: 53KB (54226 bytes)
+// Total size of tables: 53KB (54226 bytes)
diff --git a/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go
deleted file mode 100644
index 7297cce3..00000000
--- a/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go
+++ /dev/null
@@ -1,7693 +0,0 @@
-// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
-
-// +build go1.13
-
-package norm
-
-import "sync"
-
-const (
-	// Version is the Unicode edition from which the tables are derived.
-	Version = "11.0.0"
-
-	// MaxTransformChunkSize indicates the maximum number of bytes that Transform
-	// may need to write atomically for any Form. Making a destination buffer at
-	// least this size ensures that Transform can always make progress and that
-	// the user does not need to grow the buffer on an ErrShortDst.
-	MaxTransformChunkSize = 35 + maxNonStarters*4
-)
-
-var ccc = [55]uint8{
-	0, 1, 7, 8, 9, 10, 11, 12,
-	13, 14, 15, 16, 17, 18, 19, 20,
-	21, 22, 23, 24, 25, 26, 27, 28,
-	29, 30, 31, 32, 33, 34, 35, 36,
-	84, 91, 103, 107, 118, 122, 129, 130,
-	132, 202, 214, 216, 218, 220, 222, 224,
-	226, 228, 230, 232, 233, 234, 240,
-}
-
-const (
-	firstMulti            = 0x186D
-	firstCCC              = 0x2C9E
-	endMulti              = 0x2F60
-	firstLeadingCCC       = 0x49AE
-	firstCCCZeroExcept    = 0x4A78
-	firstStarterWithNLead = 0x4A9F
-	lastDecomp            = 0x4AA1
-	maxDecomp             = 0x8000
-)
-
-// decomps: 19105 bytes
-var decomps = [...]byte{
-	// Bytes 0 - 3f
-	0x00, 0x41, 0x20, 0x41, 0x21, 0x41, 0x22, 0x41,
-	0x23, 0x41, 0x24, 0x41, 0x25, 0x41, 0x26, 0x41,
-	0x27, 0x41, 0x28, 0x41, 0x29, 0x41, 0x2A, 0x41,
-	0x2B, 0x41, 0x2C, 0x41, 0x2D, 0x41, 0x2E, 0x41,
-	0x2F, 0x41, 0x30, 0x41, 0x31, 0x41, 0x32, 0x41,
-	0x33, 0x41, 0x34, 0x41, 0x35, 0x41, 0x36, 0x41,
-	0x37, 0x41, 0x38, 0x41, 0x39, 0x41, 0x3A, 0x41,
-	0x3B, 0x41, 0x3C, 0x41, 0x3D, 0x41, 0x3E, 0x41,
-	// Bytes 40 - 7f
-	0x3F, 0x41, 0x40, 0x41, 0x41, 0x41, 0x42, 0x41,
-	0x43, 0x41, 0x44, 0x41, 0x45, 0x41, 0x46, 0x41,
-	0x47, 0x41, 0x48, 0x41, 0x49, 0x41, 0x4A, 0x41,
-	0x4B, 0x41, 0x4C, 0x41, 0x4D, 0x41, 0x4E, 0x41,
-	0x4F, 0x41, 0x50, 0x41, 0x51, 0x41, 0x52, 0x41,
-	0x53, 0x41, 0x54, 0x41, 0x55, 0x41, 0x56, 0x41,
-	0x57, 0x41, 0x58, 0x41, 0x59, 0x41, 0x5A, 0x41,
-	0x5B, 0x41, 0x5C, 0x41, 0x5D, 0x41, 0x5E, 0x41,
-	// Bytes 80 - bf
-	0x5F, 0x41, 0x60, 0x41, 0x61, 0x41, 0x62, 0x41,
-	0x63, 0x41, 0x64, 0x41, 0x65, 0x41, 0x66, 0x41,
-	0x67, 0x41, 0x68, 0x41, 0x69, 0x41, 0x6A, 0x41,
-	0x6B, 0x41, 0x6C, 0x41, 0x6D, 0x41, 0x6E, 0x41,
-	0x6F, 0x41, 0x70, 0x41, 0x71, 0x41, 0x72, 0x41,
-	0x73, 0x41, 0x74, 0x41, 0x75, 0x41, 0x76, 0x41,
-	0x77, 0x41, 0x78, 0x41, 0x79, 0x41, 0x7A, 0x41,
-	0x7B, 0x41, 0x7C, 0x41, 0x7D, 0x41, 0x7E, 0x42,
-	// Bytes c0 - ff
-	0xC2, 0xA2, 0x42, 0xC2, 0xA3, 0x42, 0xC2, 0xA5,
-	0x42, 0xC2, 0xA6, 0x42, 0xC2, 0xAC, 0x42, 0xC2,
-	0xB7, 0x42, 0xC3, 0x86, 0x42, 0xC3, 0xB0, 0x42,
-	0xC4, 0xA6, 0x42, 0xC4, 0xA7, 0x42, 0xC4, 0xB1,
-	0x42, 0xC5, 0x8B, 0x42, 0xC5, 0x93, 0x42, 0xC6,
-	0x8E, 0x42, 0xC6, 0x90, 0x42, 0xC6, 0xAB, 0x42,
-	0xC8, 0xA2, 0x42, 0xC8, 0xB7, 0x42, 0xC9, 0x90,
-	0x42, 0xC9, 0x91, 0x42, 0xC9, 0x92, 0x42, 0xC9,
-	// Bytes 100 - 13f
-	0x94, 0x42, 0xC9, 0x95, 0x42, 0xC9, 0x99, 0x42,
-	0xC9, 0x9B, 0x42, 0xC9, 0x9C, 0x42, 0xC9, 0x9F,
-	0x42, 0xC9, 0xA1, 0x42, 0xC9, 0xA3, 0x42, 0xC9,
-	0xA5, 0x42, 0xC9, 0xA6, 0x42, 0xC9, 0xA8, 0x42,
-	0xC9, 0xA9, 0x42, 0xC9, 0xAA, 0x42, 0xC9, 0xAB,
-	0x42, 0xC9, 0xAD, 0x42, 0xC9, 0xAF, 0x42, 0xC9,
-	0xB0, 0x42, 0xC9, 0xB1, 0x42, 0xC9, 0xB2, 0x42,
-	0xC9, 0xB3, 0x42, 0xC9, 0xB4, 0x42, 0xC9, 0xB5,
-	// Bytes 140 - 17f
-	0x42, 0xC9, 0xB8, 0x42, 0xC9, 0xB9, 0x42, 0xC9,
-	0xBB, 0x42, 0xCA, 0x81, 0x42, 0xCA, 0x82, 0x42,
-	0xCA, 0x83, 0x42, 0xCA, 0x89, 0x42, 0xCA, 0x8A,
-	0x42, 0xCA, 0x8B, 0x42, 0xCA, 0x8C, 0x42, 0xCA,
-	0x90, 0x42, 0xCA, 0x91, 0x42, 0xCA, 0x92, 0x42,
-	0xCA, 0x95, 0x42, 0xCA, 0x9D, 0x42, 0xCA, 0x9F,
-	0x42, 0xCA, 0xB9, 0x42, 0xCE, 0x91, 0x42, 0xCE,
-	0x92, 0x42, 0xCE, 0x93, 0x42, 0xCE, 0x94, 0x42,
-	// Bytes 180 - 1bf
-	0xCE, 0x95, 0x42, 0xCE, 0x96, 0x42, 0xCE, 0x97,
-	0x42, 0xCE, 0x98, 0x42, 0xCE, 0x99, 0x42, 0xCE,
-	0x9A, 0x42, 0xCE, 0x9B, 0x42, 0xCE, 0x9C, 0x42,
-	0xCE, 0x9D, 0x42, 0xCE, 0x9E, 0x42, 0xCE, 0x9F,
-	0x42, 0xCE, 0xA0, 0x42, 0xCE, 0xA1, 0x42, 0xCE,
-	0xA3, 0x42, 0xCE, 0xA4, 0x42, 0xCE, 0xA5, 0x42,
-	0xCE, 0xA6, 0x42, 0xCE, 0xA7, 0x42, 0xCE, 0xA8,
-	0x42, 0xCE, 0xA9, 0x42, 0xCE, 0xB1, 0x42, 0xCE,
-	// Bytes 1c0 - 1ff
-	0xB2, 0x42, 0xCE, 0xB3, 0x42, 0xCE, 0xB4, 0x42,
-	0xCE, 0xB5, 0x42, 0xCE, 0xB6, 0x42, 0xCE, 0xB7,
-	0x42, 0xCE, 0xB8, 0x42, 0xCE, 0xB9, 0x42, 0xCE,
-	0xBA, 0x42, 0xCE, 0xBB, 0x42, 0xCE, 0xBC, 0x42,
-	0xCE, 0xBD, 0x42, 0xCE, 0xBE, 0x42, 0xCE, 0xBF,
-	0x42, 0xCF, 0x80, 0x42, 0xCF, 0x81, 0x42, 0xCF,
-	0x82, 0x42, 0xCF, 0x83, 0x42, 0xCF, 0x84, 0x42,
-	0xCF, 0x85, 0x42, 0xCF, 0x86, 0x42, 0xCF, 0x87,
-	// Bytes 200 - 23f
-	0x42, 0xCF, 0x88, 0x42, 0xCF, 0x89, 0x42, 0xCF,
-	0x9C, 0x42, 0xCF, 0x9D, 0x42, 0xD0, 0xBD, 0x42,
-	0xD1, 0x8A, 0x42, 0xD1, 0x8C, 0x42, 0xD7, 0x90,
-	0x42, 0xD7, 0x91, 0x42, 0xD7, 0x92, 0x42, 0xD7,
-	0x93, 0x42, 0xD7, 0x94, 0x42, 0xD7, 0x9B, 0x42,
-	0xD7, 0x9C, 0x42, 0xD7, 0x9D, 0x42, 0xD7, 0xA2,
-	0x42, 0xD7, 0xA8, 0x42, 0xD7, 0xAA, 0x42, 0xD8,
-	0xA1, 0x42, 0xD8, 0xA7, 0x42, 0xD8, 0xA8, 0x42,
-	// Bytes 240 - 27f
-	0xD8, 0xA9, 0x42, 0xD8, 0xAA, 0x42, 0xD8, 0xAB,
-	0x42, 0xD8, 0xAC, 0x42, 0xD8, 0xAD, 0x42, 0xD8,
-	0xAE, 0x42, 0xD8, 0xAF, 0x42, 0xD8, 0xB0, 0x42,
-	0xD8, 0xB1, 0x42, 0xD8, 0xB2, 0x42, 0xD8, 0xB3,
-	0x42, 0xD8, 0xB4, 0x42, 0xD8, 0xB5, 0x42, 0xD8,
-	0xB6, 0x42, 0xD8, 0xB7, 0x42, 0xD8, 0xB8, 0x42,
-	0xD8, 0xB9, 0x42, 0xD8, 0xBA, 0x42, 0xD9, 0x81,
-	0x42, 0xD9, 0x82, 0x42, 0xD9, 0x83, 0x42, 0xD9,
-	// Bytes 280 - 2bf
-	0x84, 0x42, 0xD9, 0x85, 0x42, 0xD9, 0x86, 0x42,
-	0xD9, 0x87, 0x42, 0xD9, 0x88, 0x42, 0xD9, 0x89,
-	0x42, 0xD9, 0x8A, 0x42, 0xD9, 0xAE, 0x42, 0xD9,
-	0xAF, 0x42, 0xD9, 0xB1, 0x42, 0xD9, 0xB9, 0x42,
-	0xD9, 0xBA, 0x42, 0xD9, 0xBB, 0x42, 0xD9, 0xBE,
-	0x42, 0xD9, 0xBF, 0x42, 0xDA, 0x80, 0x42, 0xDA,
-	0x83, 0x42, 0xDA, 0x84, 0x42, 0xDA, 0x86, 0x42,
-	0xDA, 0x87, 0x42, 0xDA, 0x88, 0x42, 0xDA, 0x8C,
-	// Bytes 2c0 - 2ff
-	0x42, 0xDA, 0x8D, 0x42, 0xDA, 0x8E, 0x42, 0xDA,
-	0x91, 0x42, 0xDA, 0x98, 0x42, 0xDA, 0xA1, 0x42,
-	0xDA, 0xA4, 0x42, 0xDA, 0xA6, 0x42, 0xDA, 0xA9,
-	0x42, 0xDA, 0xAD, 0x42, 0xDA, 0xAF, 0x42, 0xDA,
-	0xB1, 0x42, 0xDA, 0xB3, 0x42, 0xDA, 0xBA, 0x42,
-	0xDA, 0xBB, 0x42, 0xDA, 0xBE, 0x42, 0xDB, 0x81,
-	0x42, 0xDB, 0x85, 0x42, 0xDB, 0x86, 0x42, 0xDB,
-	0x87, 0x42, 0xDB, 0x88, 0x42, 0xDB, 0x89, 0x42,
-	// Bytes 300 - 33f
-	0xDB, 0x8B, 0x42, 0xDB, 0x8C, 0x42, 0xDB, 0x90,
-	0x42, 0xDB, 0x92, 0x43, 0xE0, 0xBC, 0x8B, 0x43,
-	0xE1, 0x83, 0x9C, 0x43, 0xE1, 0x84, 0x80, 0x43,
-	0xE1, 0x84, 0x81, 0x43, 0xE1, 0x84, 0x82, 0x43,
-	0xE1, 0x84, 0x83, 0x43, 0xE1, 0x84, 0x84, 0x43,
-	0xE1, 0x84, 0x85, 0x43, 0xE1, 0x84, 0x86, 0x43,
-	0xE1, 0x84, 0x87, 0x43, 0xE1, 0x84, 0x88, 0x43,
-	0xE1, 0x84, 0x89, 0x43, 0xE1, 0x84, 0x8A, 0x43,
-	// Bytes 340 - 37f
-	0xE1, 0x84, 0x8B, 0x43, 0xE1, 0x84, 0x8C, 0x43,
-	0xE1, 0x84, 0x8D, 0x43, 0xE1, 0x84, 0x8E, 0x43,
-	0xE1, 0x84, 0x8F, 0x43, 0xE1, 0x84, 0x90, 0x43,
-	0xE1, 0x84, 0x91, 0x43, 0xE1, 0x84, 0x92, 0x43,
-	0xE1, 0x84, 0x94, 0x43, 0xE1, 0x84, 0x95, 0x43,
-	0xE1, 0x84, 0x9A, 0x43, 0xE1, 0x84, 0x9C, 0x43,
-	0xE1, 0x84, 0x9D, 0x43, 0xE1, 0x84, 0x9E, 0x43,
-	0xE1, 0x84, 0xA0, 0x43, 0xE1, 0x84, 0xA1, 0x43,
-	// Bytes 380 - 3bf
-	0xE1, 0x84, 0xA2, 0x43, 0xE1, 0x84, 0xA3, 0x43,
-	0xE1, 0x84, 0xA7, 0x43, 0xE1, 0x84, 0xA9, 0x43,
-	0xE1, 0x84, 0xAB, 0x43, 0xE1, 0x84, 0xAC, 0x43,
-	0xE1, 0x84, 0xAD, 0x43, 0xE1, 0x84, 0xAE, 0x43,
-	0xE1, 0x84, 0xAF, 0x43, 0xE1, 0x84, 0xB2, 0x43,
-	0xE1, 0x84, 0xB6, 0x43, 0xE1, 0x85, 0x80, 0x43,
-	0xE1, 0x85, 0x87, 0x43, 0xE1, 0x85, 0x8C, 0x43,
-	0xE1, 0x85, 0x97, 0x43, 0xE1, 0x85, 0x98, 0x43,
-	// Bytes 3c0 - 3ff
-	0xE1, 0x85, 0x99, 0x43, 0xE1, 0x85, 0xA0, 0x43,
-	0xE1, 0x86, 0x84, 0x43, 0xE1, 0x86, 0x85, 0x43,
-	0xE1, 0x86, 0x88, 0x43, 0xE1, 0x86, 0x91, 0x43,
-	0xE1, 0x86, 0x92, 0x43, 0xE1, 0x86, 0x94, 0x43,
-	0xE1, 0x86, 0x9E, 0x43, 0xE1, 0x86, 0xA1, 0x43,
-	0xE1, 0x87, 0x87, 0x43, 0xE1, 0x87, 0x88, 0x43,
-	0xE1, 0x87, 0x8C, 0x43, 0xE1, 0x87, 0x8E, 0x43,
-	0xE1, 0x87, 0x93, 0x43, 0xE1, 0x87, 0x97, 0x43,
-	// Bytes 400 - 43f
-	0xE1, 0x87, 0x99, 0x43, 0xE1, 0x87, 0x9D, 0x43,
-	0xE1, 0x87, 0x9F, 0x43, 0xE1, 0x87, 0xB1, 0x43,
-	0xE1, 0x87, 0xB2, 0x43, 0xE1, 0xB4, 0x82, 0x43,
-	0xE1, 0xB4, 0x96, 0x43, 0xE1, 0xB4, 0x97, 0x43,
-	0xE1, 0xB4, 0x9C, 0x43, 0xE1, 0xB4, 0x9D, 0x43,
-	0xE1, 0xB4, 0xA5, 0x43, 0xE1, 0xB5, 0xBB, 0x43,
-	0xE1, 0xB6, 0x85, 0x43, 0xE2, 0x80, 0x82, 0x43,
-	0xE2, 0x80, 0x83, 0x43, 0xE2, 0x80, 0x90, 0x43,
-	// Bytes 440 - 47f
-	0xE2, 0x80, 0x93, 0x43, 0xE2, 0x80, 0x94, 0x43,
-	0xE2, 0x82, 0xA9, 0x43, 0xE2, 0x86, 0x90, 0x43,
-	0xE2, 0x86, 0x91, 0x43, 0xE2, 0x86, 0x92, 0x43,
-	0xE2, 0x86, 0x93, 0x43, 0xE2, 0x88, 0x82, 0x43,
-	0xE2, 0x88, 0x87, 0x43, 0xE2, 0x88, 0x91, 0x43,
-	0xE2, 0x88, 0x92, 0x43, 0xE2, 0x94, 0x82, 0x43,
-	0xE2, 0x96, 0xA0, 0x43, 0xE2, 0x97, 0x8B, 0x43,
-	0xE2, 0xA6, 0x85, 0x43, 0xE2, 0xA6, 0x86, 0x43,
-	// Bytes 480 - 4bf
-	0xE2, 0xB5, 0xA1, 0x43, 0xE3, 0x80, 0x81, 0x43,
-	0xE3, 0x80, 0x82, 0x43, 0xE3, 0x80, 0x88, 0x43,
-	0xE3, 0x80, 0x89, 0x43, 0xE3, 0x80, 0x8A, 0x43,
-	0xE3, 0x80, 0x8B, 0x43, 0xE3, 0x80, 0x8C, 0x43,
-	0xE3, 0x80, 0x8D, 0x43, 0xE3, 0x80, 0x8E, 0x43,
-	0xE3, 0x80, 0x8F, 0x43, 0xE3, 0x80, 0x90, 0x43,
-	0xE3, 0x80, 0x91, 0x43, 0xE3, 0x80, 0x92, 0x43,
-	0xE3, 0x80, 0x94, 0x43, 0xE3, 0x80, 0x95, 0x43,
-	// Bytes 4c0 - 4ff
-	0xE3, 0x80, 0x96, 0x43, 0xE3, 0x80, 0x97, 0x43,
-	0xE3, 0x82, 0xA1, 0x43, 0xE3, 0x82, 0xA2, 0x43,
-	0xE3, 0x82, 0xA3, 0x43, 0xE3, 0x82, 0xA4, 0x43,
-	0xE3, 0x82, 0xA5, 0x43, 0xE3, 0x82, 0xA6, 0x43,
-	0xE3, 0x82, 0xA7, 0x43, 0xE3, 0x82, 0xA8, 0x43,
-	0xE3, 0x82, 0xA9, 0x43, 0xE3, 0x82, 0xAA, 0x43,
-	0xE3, 0x82, 0xAB, 0x43, 0xE3, 0x82, 0xAD, 0x43,
-	0xE3, 0x82, 0xAF, 0x43, 0xE3, 0x82, 0xB1, 0x43,
-	// Bytes 500 - 53f
-	0xE3, 0x82, 0xB3, 0x43, 0xE3, 0x82, 0xB5, 0x43,
-	0xE3, 0x82, 0xB7, 0x43, 0xE3, 0x82, 0xB9, 0x43,
-	0xE3, 0x82, 0xBB, 0x43, 0xE3, 0x82, 0xBD, 0x43,
-	0xE3, 0x82, 0xBF, 0x43, 0xE3, 0x83, 0x81, 0x43,
-	0xE3, 0x83, 0x83, 0x43, 0xE3, 0x83, 0x84, 0x43,
-	0xE3, 0x83, 0x86, 0x43, 0xE3, 0x83, 0x88, 0x43,
-	0xE3, 0x83, 0x8A, 0x43, 0xE3, 0x83, 0x8B, 0x43,
-	0xE3, 0x83, 0x8C, 0x43, 0xE3, 0x83, 0x8D, 0x43,
-	// Bytes 540 - 57f
-	0xE3, 0x83, 0x8E, 0x43, 0xE3, 0x83, 0x8F, 0x43,
-	0xE3, 0x83, 0x92, 0x43, 0xE3, 0x83, 0x95, 0x43,
-	0xE3, 0x83, 0x98, 0x43, 0xE3, 0x83, 0x9B, 0x43,
-	0xE3, 0x83, 0x9E, 0x43, 0xE3, 0x83, 0x9F, 0x43,
-	0xE3, 0x83, 0xA0, 0x43, 0xE3, 0x83, 0xA1, 0x43,
-	0xE3, 0x83, 0xA2, 0x43, 0xE3, 0x83, 0xA3, 0x43,
-	0xE3, 0x83, 0xA4, 0x43, 0xE3, 0x83, 0xA5, 0x43,
-	0xE3, 0x83, 0xA6, 0x43, 0xE3, 0x83, 0xA7, 0x43,
-	// Bytes 580 - 5bf
-	0xE3, 0x83, 0xA8, 0x43, 0xE3, 0x83, 0xA9, 0x43,
-	0xE3, 0x83, 0xAA, 0x43, 0xE3, 0x83, 0xAB, 0x43,
-	0xE3, 0x83, 0xAC, 0x43, 0xE3, 0x83, 0xAD, 0x43,
-	0xE3, 0x83, 0xAF, 0x43, 0xE3, 0x83, 0xB0, 0x43,
-	0xE3, 0x83, 0xB1, 0x43, 0xE3, 0x83, 0xB2, 0x43,
-	0xE3, 0x83, 0xB3, 0x43, 0xE3, 0x83, 0xBB, 0x43,
-	0xE3, 0x83, 0xBC, 0x43, 0xE3, 0x92, 0x9E, 0x43,
-	0xE3, 0x92, 0xB9, 0x43, 0xE3, 0x92, 0xBB, 0x43,
-	// Bytes 5c0 - 5ff
-	0xE3, 0x93, 0x9F, 0x43, 0xE3, 0x94, 0x95, 0x43,
-	0xE3, 0x9B, 0xAE, 0x43, 0xE3, 0x9B, 0xBC, 0x43,
-	0xE3, 0x9E, 0x81, 0x43, 0xE3, 0xA0, 0xAF, 0x43,
-	0xE3, 0xA1, 0xA2, 0x43, 0xE3, 0xA1, 0xBC, 0x43,
-	0xE3, 0xA3, 0x87, 0x43, 0xE3, 0xA3, 0xA3, 0x43,
-	0xE3, 0xA4, 0x9C, 0x43, 0xE3, 0xA4, 0xBA, 0x43,
-	0xE3, 0xA8, 0xAE, 0x43, 0xE3, 0xA9, 0xAC, 0x43,
-	0xE3, 0xAB, 0xA4, 0x43, 0xE3, 0xAC, 0x88, 0x43,
-	// Bytes 600 - 63f
-	0xE3, 0xAC, 0x99, 0x43, 0xE3, 0xAD, 0x89, 0x43,
-	0xE3, 0xAE, 0x9D, 0x43, 0xE3, 0xB0, 0x98, 0x43,
-	0xE3, 0xB1, 0x8E, 0x43, 0xE3, 0xB4, 0xB3, 0x43,
-	0xE3, 0xB6, 0x96, 0x43, 0xE3, 0xBA, 0xAC, 0x43,
-	0xE3, 0xBA, 0xB8, 0x43, 0xE3, 0xBC, 0x9B, 0x43,
-	0xE3, 0xBF, 0xBC, 0x43, 0xE4, 0x80, 0x88, 0x43,
-	0xE4, 0x80, 0x98, 0x43, 0xE4, 0x80, 0xB9, 0x43,
-	0xE4, 0x81, 0x86, 0x43, 0xE4, 0x82, 0x96, 0x43,
-	// Bytes 640 - 67f
-	0xE4, 0x83, 0xA3, 0x43, 0xE4, 0x84, 0xAF, 0x43,
-	0xE4, 0x88, 0x82, 0x43, 0xE4, 0x88, 0xA7, 0x43,
-	0xE4, 0x8A, 0xA0, 0x43, 0xE4, 0x8C, 0x81, 0x43,
-	0xE4, 0x8C, 0xB4, 0x43, 0xE4, 0x8D, 0x99, 0x43,
-	0xE4, 0x8F, 0x95, 0x43, 0xE4, 0x8F, 0x99, 0x43,
-	0xE4, 0x90, 0x8B, 0x43, 0xE4, 0x91, 0xAB, 0x43,
-	0xE4, 0x94, 0xAB, 0x43, 0xE4, 0x95, 0x9D, 0x43,
-	0xE4, 0x95, 0xA1, 0x43, 0xE4, 0x95, 0xAB, 0x43,
-	// Bytes 680 - 6bf
-	0xE4, 0x97, 0x97, 0x43, 0xE4, 0x97, 0xB9, 0x43,
-	0xE4, 0x98, 0xB5, 0x43, 0xE4, 0x9A, 0xBE, 0x43,
-	0xE4, 0x9B, 0x87, 0x43, 0xE4, 0xA6, 0x95, 0x43,
-	0xE4, 0xA7, 0xA6, 0x43, 0xE4, 0xA9, 0xAE, 0x43,
-	0xE4, 0xA9, 0xB6, 0x43, 0xE4, 0xAA, 0xB2, 0x43,
-	0xE4, 0xAC, 0xB3, 0x43, 0xE4, 0xAF, 0x8E, 0x43,
-	0xE4, 0xB3, 0x8E, 0x43, 0xE4, 0xB3, 0xAD, 0x43,
-	0xE4, 0xB3, 0xB8, 0x43, 0xE4, 0xB5, 0x96, 0x43,
-	// Bytes 6c0 - 6ff
-	0xE4, 0xB8, 0x80, 0x43, 0xE4, 0xB8, 0x81, 0x43,
-	0xE4, 0xB8, 0x83, 0x43, 0xE4, 0xB8, 0x89, 0x43,
-	0xE4, 0xB8, 0x8A, 0x43, 0xE4, 0xB8, 0x8B, 0x43,
-	0xE4, 0xB8, 0x8D, 0x43, 0xE4, 0xB8, 0x99, 0x43,
-	0xE4, 0xB8, 0xA6, 0x43, 0xE4, 0xB8, 0xA8, 0x43,
-	0xE4, 0xB8, 0xAD, 0x43, 0xE4, 0xB8, 0xB2, 0x43,
-	0xE4, 0xB8, 0xB6, 0x43, 0xE4, 0xB8, 0xB8, 0x43,
-	0xE4, 0xB8, 0xB9, 0x43, 0xE4, 0xB8, 0xBD, 0x43,
-	// Bytes 700 - 73f
-	0xE4, 0xB8, 0xBF, 0x43, 0xE4, 0xB9, 0x81, 0x43,
-	0xE4, 0xB9, 0x99, 0x43, 0xE4, 0xB9, 0x9D, 0x43,
-	0xE4, 0xBA, 0x82, 0x43, 0xE4, 0xBA, 0x85, 0x43,
-	0xE4, 0xBA, 0x86, 0x43, 0xE4, 0xBA, 0x8C, 0x43,
-	0xE4, 0xBA, 0x94, 0x43, 0xE4, 0xBA, 0xA0, 0x43,
-	0xE4, 0xBA, 0xA4, 0x43, 0xE4, 0xBA, 0xAE, 0x43,
-	0xE4, 0xBA, 0xBA, 0x43, 0xE4, 0xBB, 0x80, 0x43,
-	0xE4, 0xBB, 0x8C, 0x43, 0xE4, 0xBB, 0xA4, 0x43,
-	// Bytes 740 - 77f
-	0xE4, 0xBC, 0x81, 0x43, 0xE4, 0xBC, 0x91, 0x43,
-	0xE4, 0xBD, 0xA0, 0x43, 0xE4, 0xBE, 0x80, 0x43,
-	0xE4, 0xBE, 0x86, 0x43, 0xE4, 0xBE, 0x8B, 0x43,
-	0xE4, 0xBE, 0xAE, 0x43, 0xE4, 0xBE, 0xBB, 0x43,
-	0xE4, 0xBE, 0xBF, 0x43, 0xE5, 0x80, 0x82, 0x43,
-	0xE5, 0x80, 0xAB, 0x43, 0xE5, 0x81, 0xBA, 0x43,
-	0xE5, 0x82, 0x99, 0x43, 0xE5, 0x83, 0x8F, 0x43,
-	0xE5, 0x83, 0x9A, 0x43, 0xE5, 0x83, 0xA7, 0x43,
-	// Bytes 780 - 7bf
-	0xE5, 0x84, 0xAA, 0x43, 0xE5, 0x84, 0xBF, 0x43,
-	0xE5, 0x85, 0x80, 0x43, 0xE5, 0x85, 0x85, 0x43,
-	0xE5, 0x85, 0x8D, 0x43, 0xE5, 0x85, 0x94, 0x43,
-	0xE5, 0x85, 0xA4, 0x43, 0xE5, 0x85, 0xA5, 0x43,
-	0xE5, 0x85, 0xA7, 0x43, 0xE5, 0x85, 0xA8, 0x43,
-	0xE5, 0x85, 0xA9, 0x43, 0xE5, 0x85, 0xAB, 0x43,
-	0xE5, 0x85, 0xAD, 0x43, 0xE5, 0x85, 0xB7, 0x43,
-	0xE5, 0x86, 0x80, 0x43, 0xE5, 0x86, 0x82, 0x43,
-	// Bytes 7c0 - 7ff
-	0xE5, 0x86, 0x8D, 0x43, 0xE5, 0x86, 0x92, 0x43,
-	0xE5, 0x86, 0x95, 0x43, 0xE5, 0x86, 0x96, 0x43,
-	0xE5, 0x86, 0x97, 0x43, 0xE5, 0x86, 0x99, 0x43,
-	0xE5, 0x86, 0xA4, 0x43, 0xE5, 0x86, 0xAB, 0x43,
-	0xE5, 0x86, 0xAC, 0x43, 0xE5, 0x86, 0xB5, 0x43,
-	0xE5, 0x86, 0xB7, 0x43, 0xE5, 0x87, 0x89, 0x43,
-	0xE5, 0x87, 0x8C, 0x43, 0xE5, 0x87, 0x9C, 0x43,
-	0xE5, 0x87, 0x9E, 0x43, 0xE5, 0x87, 0xA0, 0x43,
-	// Bytes 800 - 83f
-	0xE5, 0x87, 0xB5, 0x43, 0xE5, 0x88, 0x80, 0x43,
-	0xE5, 0x88, 0x83, 0x43, 0xE5, 0x88, 0x87, 0x43,
-	0xE5, 0x88, 0x97, 0x43, 0xE5, 0x88, 0x9D, 0x43,
-	0xE5, 0x88, 0xA9, 0x43, 0xE5, 0x88, 0xBA, 0x43,
-	0xE5, 0x88, 0xBB, 0x43, 0xE5, 0x89, 0x86, 0x43,
-	0xE5, 0x89, 0x8D, 0x43, 0xE5, 0x89, 0xB2, 0x43,
-	0xE5, 0x89, 0xB7, 0x43, 0xE5, 0x8A, 0x89, 0x43,
-	0xE5, 0x8A, 0x9B, 0x43, 0xE5, 0x8A, 0xA3, 0x43,
-	// Bytes 840 - 87f
-	0xE5, 0x8A, 0xB3, 0x43, 0xE5, 0x8A, 0xB4, 0x43,
-	0xE5, 0x8B, 0x87, 0x43, 0xE5, 0x8B, 0x89, 0x43,
-	0xE5, 0x8B, 0x92, 0x43, 0xE5, 0x8B, 0x9E, 0x43,
-	0xE5, 0x8B, 0xA4, 0x43, 0xE5, 0x8B, 0xB5, 0x43,
-	0xE5, 0x8B, 0xB9, 0x43, 0xE5, 0x8B, 0xBA, 0x43,
-	0xE5, 0x8C, 0x85, 0x43, 0xE5, 0x8C, 0x86, 0x43,
-	0xE5, 0x8C, 0x95, 0x43, 0xE5, 0x8C, 0x97, 0x43,
-	0xE5, 0x8C, 0x9A, 0x43, 0xE5, 0x8C, 0xB8, 0x43,
-	// Bytes 880 - 8bf
-	0xE5, 0x8C, 0xBB, 0x43, 0xE5, 0x8C, 0xBF, 0x43,
-	0xE5, 0x8D, 0x81, 0x43, 0xE5, 0x8D, 0x84, 0x43,
-	0xE5, 0x8D, 0x85, 0x43, 0xE5, 0x8D, 0x89, 0x43,
-	0xE5, 0x8D, 0x91, 0x43, 0xE5, 0x8D, 0x94, 0x43,
-	0xE5, 0x8D, 0x9A, 0x43, 0xE5, 0x8D, 0x9C, 0x43,
-	0xE5, 0x8D, 0xA9, 0x43, 0xE5, 0x8D, 0xB0, 0x43,
-	0xE5, 0x8D, 0xB3, 0x43, 0xE5, 0x8D, 0xB5, 0x43,
-	0xE5, 0x8D, 0xBD, 0x43, 0xE5, 0x8D, 0xBF, 0x43,
-	// Bytes 8c0 - 8ff
-	0xE5, 0x8E, 0x82, 0x43, 0xE5, 0x8E, 0xB6, 0x43,
-	0xE5, 0x8F, 0x83, 0x43, 0xE5, 0x8F, 0x88, 0x43,
-	0xE5, 0x8F, 0x8A, 0x43, 0xE5, 0x8F, 0x8C, 0x43,
-	0xE5, 0x8F, 0x9F, 0x43, 0xE5, 0x8F, 0xA3, 0x43,
-	0xE5, 0x8F, 0xA5, 0x43, 0xE5, 0x8F, 0xAB, 0x43,
-	0xE5, 0x8F, 0xAF, 0x43, 0xE5, 0x8F, 0xB1, 0x43,
-	0xE5, 0x8F, 0xB3, 0x43, 0xE5, 0x90, 0x86, 0x43,
-	0xE5, 0x90, 0x88, 0x43, 0xE5, 0x90, 0x8D, 0x43,
-	// Bytes 900 - 93f
-	0xE5, 0x90, 0x8F, 0x43, 0xE5, 0x90, 0x9D, 0x43,
-	0xE5, 0x90, 0xB8, 0x43, 0xE5, 0x90, 0xB9, 0x43,
-	0xE5, 0x91, 0x82, 0x43, 0xE5, 0x91, 0x88, 0x43,
-	0xE5, 0x91, 0xA8, 0x43, 0xE5, 0x92, 0x9E, 0x43,
-	0xE5, 0x92, 0xA2, 0x43, 0xE5, 0x92, 0xBD, 0x43,
-	0xE5, 0x93, 0xB6, 0x43, 0xE5, 0x94, 0x90, 0x43,
-	0xE5, 0x95, 0x8F, 0x43, 0xE5, 0x95, 0x93, 0x43,
-	0xE5, 0x95, 0x95, 0x43, 0xE5, 0x95, 0xA3, 0x43,
-	// Bytes 940 - 97f
-	0xE5, 0x96, 0x84, 0x43, 0xE5, 0x96, 0x87, 0x43,
-	0xE5, 0x96, 0x99, 0x43, 0xE5, 0x96, 0x9D, 0x43,
-	0xE5, 0x96, 0xAB, 0x43, 0xE5, 0x96, 0xB3, 0x43,
-	0xE5, 0x96, 0xB6, 0x43, 0xE5, 0x97, 0x80, 0x43,
-	0xE5, 0x97, 0x82, 0x43, 0xE5, 0x97, 0xA2, 0x43,
-	0xE5, 0x98, 0x86, 0x43, 0xE5, 0x99, 0x91, 0x43,
-	0xE5, 0x99, 0xA8, 0x43, 0xE5, 0x99, 0xB4, 0x43,
-	0xE5, 0x9B, 0x97, 0x43, 0xE5, 0x9B, 0x9B, 0x43,
-	// Bytes 980 - 9bf
-	0xE5, 0x9B, 0xB9, 0x43, 0xE5, 0x9C, 0x96, 0x43,
-	0xE5, 0x9C, 0x97, 0x43, 0xE5, 0x9C, 0x9F, 0x43,
-	0xE5, 0x9C, 0xB0, 0x43, 0xE5, 0x9E, 0x8B, 0x43,
-	0xE5, 0x9F, 0x8E, 0x43, 0xE5, 0x9F, 0xB4, 0x43,
-	0xE5, 0xA0, 0x8D, 0x43, 0xE5, 0xA0, 0xB1, 0x43,
-	0xE5, 0xA0, 0xB2, 0x43, 0xE5, 0xA1, 0x80, 0x43,
-	0xE5, 0xA1, 0x9A, 0x43, 0xE5, 0xA1, 0x9E, 0x43,
-	0xE5, 0xA2, 0xA8, 0x43, 0xE5, 0xA2, 0xAC, 0x43,
-	// Bytes 9c0 - 9ff
-	0xE5, 0xA2, 0xB3, 0x43, 0xE5, 0xA3, 0x98, 0x43,
-	0xE5, 0xA3, 0x9F, 0x43, 0xE5, 0xA3, 0xAB, 0x43,
-	0xE5, 0xA3, 0xAE, 0x43, 0xE5, 0xA3, 0xB0, 0x43,
-	0xE5, 0xA3, 0xB2, 0x43, 0xE5, 0xA3, 0xB7, 0x43,
-	0xE5, 0xA4, 0x82, 0x43, 0xE5, 0xA4, 0x86, 0x43,
-	0xE5, 0xA4, 0x8A, 0x43, 0xE5, 0xA4, 0x95, 0x43,
-	0xE5, 0xA4, 0x9A, 0x43, 0xE5, 0xA4, 0x9C, 0x43,
-	0xE5, 0xA4, 0xA2, 0x43, 0xE5, 0xA4, 0xA7, 0x43,
-	// Bytes a00 - a3f
-	0xE5, 0xA4, 0xA9, 0x43, 0xE5, 0xA5, 0x84, 0x43,
-	0xE5, 0xA5, 0x88, 0x43, 0xE5, 0xA5, 0x91, 0x43,
-	0xE5, 0xA5, 0x94, 0x43, 0xE5, 0xA5, 0xA2, 0x43,
-	0xE5, 0xA5, 0xB3, 0x43, 0xE5, 0xA7, 0x98, 0x43,
-	0xE5, 0xA7, 0xAC, 0x43, 0xE5, 0xA8, 0x9B, 0x43,
-	0xE5, 0xA8, 0xA7, 0x43, 0xE5, 0xA9, 0xA2, 0x43,
-	0xE5, 0xA9, 0xA6, 0x43, 0xE5, 0xAA, 0xB5, 0x43,
-	0xE5, 0xAC, 0x88, 0x43, 0xE5, 0xAC, 0xA8, 0x43,
-	// Bytes a40 - a7f
-	0xE5, 0xAC, 0xBE, 0x43, 0xE5, 0xAD, 0x90, 0x43,
-	0xE5, 0xAD, 0x97, 0x43, 0xE5, 0xAD, 0xA6, 0x43,
-	0xE5, 0xAE, 0x80, 0x43, 0xE5, 0xAE, 0x85, 0x43,
-	0xE5, 0xAE, 0x97, 0x43, 0xE5, 0xAF, 0x83, 0x43,
-	0xE5, 0xAF, 0x98, 0x43, 0xE5, 0xAF, 0xA7, 0x43,
-	0xE5, 0xAF, 0xAE, 0x43, 0xE5, 0xAF, 0xB3, 0x43,
-	0xE5, 0xAF, 0xB8, 0x43, 0xE5, 0xAF, 0xBF, 0x43,
-	0xE5, 0xB0, 0x86, 0x43, 0xE5, 0xB0, 0x8F, 0x43,
-	// Bytes a80 - abf
-	0xE5, 0xB0, 0xA2, 0x43, 0xE5, 0xB0, 0xB8, 0x43,
-	0xE5, 0xB0, 0xBF, 0x43, 0xE5, 0xB1, 0xA0, 0x43,
-	0xE5, 0xB1, 0xA2, 0x43, 0xE5, 0xB1, 0xA4, 0x43,
-	0xE5, 0xB1, 0xA5, 0x43, 0xE5, 0xB1, 0xAE, 0x43,
-	0xE5, 0xB1, 0xB1, 0x43, 0xE5, 0xB2, 0x8D, 0x43,
-	0xE5, 0xB3, 0x80, 0x43, 0xE5, 0xB4, 0x99, 0x43,
-	0xE5, 0xB5, 0x83, 0x43, 0xE5, 0xB5, 0x90, 0x43,
-	0xE5, 0xB5, 0xAB, 0x43, 0xE5, 0xB5, 0xAE, 0x43,
-	// Bytes ac0 - aff
-	0xE5, 0xB5, 0xBC, 0x43, 0xE5, 0xB6, 0xB2, 0x43,
-	0xE5, 0xB6, 0xBA, 0x43, 0xE5, 0xB7, 0x9B, 0x43,
-	0xE5, 0xB7, 0xA1, 0x43, 0xE5, 0xB7, 0xA2, 0x43,
-	0xE5, 0xB7, 0xA5, 0x43, 0xE5, 0xB7, 0xA6, 0x43,
-	0xE5, 0xB7, 0xB1, 0x43, 0xE5, 0xB7, 0xBD, 0x43,
-	0xE5, 0xB7, 0xBE, 0x43, 0xE5, 0xB8, 0xA8, 0x43,
-	0xE5, 0xB8, 0xBD, 0x43, 0xE5, 0xB9, 0xA9, 0x43,
-	0xE5, 0xB9, 0xB2, 0x43, 0xE5, 0xB9, 0xB4, 0x43,
-	// Bytes b00 - b3f
-	0xE5, 0xB9, 0xBA, 0x43, 0xE5, 0xB9, 0xBC, 0x43,
-	0xE5, 0xB9, 0xBF, 0x43, 0xE5, 0xBA, 0xA6, 0x43,
-	0xE5, 0xBA, 0xB0, 0x43, 0xE5, 0xBA, 0xB3, 0x43,
-	0xE5, 0xBA, 0xB6, 0x43, 0xE5, 0xBB, 0x89, 0x43,
-	0xE5, 0xBB, 0x8A, 0x43, 0xE5, 0xBB, 0x92, 0x43,
-	0xE5, 0xBB, 0x93, 0x43, 0xE5, 0xBB, 0x99, 0x43,
-	0xE5, 0xBB, 0xAC, 0x43, 0xE5, 0xBB, 0xB4, 0x43,
-	0xE5, 0xBB, 0xBE, 0x43, 0xE5, 0xBC, 0x84, 0x43,
-	// Bytes b40 - b7f
-	0xE5, 0xBC, 0x8B, 0x43, 0xE5, 0xBC, 0x93, 0x43,
-	0xE5, 0xBC, 0xA2, 0x43, 0xE5, 0xBD, 0x90, 0x43,
-	0xE5, 0xBD, 0x93, 0x43, 0xE5, 0xBD, 0xA1, 0x43,
-	0xE5, 0xBD, 0xA2, 0x43, 0xE5, 0xBD, 0xA9, 0x43,
-	0xE5, 0xBD, 0xAB, 0x43, 0xE5, 0xBD, 0xB3, 0x43,
-	0xE5, 0xBE, 0x8B, 0x43, 0xE5, 0xBE, 0x8C, 0x43,
-	0xE5, 0xBE, 0x97, 0x43, 0xE5, 0xBE, 0x9A, 0x43,
-	0xE5, 0xBE, 0xA9, 0x43, 0xE5, 0xBE, 0xAD, 0x43,
-	// Bytes b80 - bbf
-	0xE5, 0xBF, 0x83, 0x43, 0xE5, 0xBF, 0x8D, 0x43,
-	0xE5, 0xBF, 0x97, 0x43, 0xE5, 0xBF, 0xB5, 0x43,
-	0xE5, 0xBF, 0xB9, 0x43, 0xE6, 0x80, 0x92, 0x43,
-	0xE6, 0x80, 0x9C, 0x43, 0xE6, 0x81, 0xB5, 0x43,
-	0xE6, 0x82, 0x81, 0x43, 0xE6, 0x82, 0x94, 0x43,
-	0xE6, 0x83, 0x87, 0x43, 0xE6, 0x83, 0x98, 0x43,
-	0xE6, 0x83, 0xA1, 0x43, 0xE6, 0x84, 0x88, 0x43,
-	0xE6, 0x85, 0x84, 0x43, 0xE6, 0x85, 0x88, 0x43,
-	// Bytes bc0 - bff
-	0xE6, 0x85, 0x8C, 0x43, 0xE6, 0x85, 0x8E, 0x43,
-	0xE6, 0x85, 0xA0, 0x43, 0xE6, 0x85, 0xA8, 0x43,
-	0xE6, 0x85, 0xBA, 0x43, 0xE6, 0x86, 0x8E, 0x43,
-	0xE6, 0x86, 0x90, 0x43, 0xE6, 0x86, 0xA4, 0x43,
-	0xE6, 0x86, 0xAF, 0x43, 0xE6, 0x86, 0xB2, 0x43,
-	0xE6, 0x87, 0x9E, 0x43, 0xE6, 0x87, 0xB2, 0x43,
-	0xE6, 0x87, 0xB6, 0x43, 0xE6, 0x88, 0x80, 0x43,
-	0xE6, 0x88, 0x88, 0x43, 0xE6, 0x88, 0x90, 0x43,
-	// Bytes c00 - c3f
-	0xE6, 0x88, 0x9B, 0x43, 0xE6, 0x88, 0xAE, 0x43,
-	0xE6, 0x88, 0xB4, 0x43, 0xE6, 0x88, 0xB6, 0x43,
-	0xE6, 0x89, 0x8B, 0x43, 0xE6, 0x89, 0x93, 0x43,
-	0xE6, 0x89, 0x9D, 0x43, 0xE6, 0x8A, 0x95, 0x43,
-	0xE6, 0x8A, 0xB1, 0x43, 0xE6, 0x8B, 0x89, 0x43,
-	0xE6, 0x8B, 0x8F, 0x43, 0xE6, 0x8B, 0x93, 0x43,
-	0xE6, 0x8B, 0x94, 0x43, 0xE6, 0x8B, 0xBC, 0x43,
-	0xE6, 0x8B, 0xBE, 0x43, 0xE6, 0x8C, 0x87, 0x43,
-	// Bytes c40 - c7f
-	0xE6, 0x8C, 0xBD, 0x43, 0xE6, 0x8D, 0x90, 0x43,
-	0xE6, 0x8D, 0x95, 0x43, 0xE6, 0x8D, 0xA8, 0x43,
-	0xE6, 0x8D, 0xBB, 0x43, 0xE6, 0x8E, 0x83, 0x43,
-	0xE6, 0x8E, 0xA0, 0x43, 0xE6, 0x8E, 0xA9, 0x43,
-	0xE6, 0x8F, 0x84, 0x43, 0xE6, 0x8F, 0x85, 0x43,
-	0xE6, 0x8F, 0xA4, 0x43, 0xE6, 0x90, 0x9C, 0x43,
-	0xE6, 0x90, 0xA2, 0x43, 0xE6, 0x91, 0x92, 0x43,
-	0xE6, 0x91, 0xA9, 0x43, 0xE6, 0x91, 0xB7, 0x43,
-	// Bytes c80 - cbf
-	0xE6, 0x91, 0xBE, 0x43, 0xE6, 0x92, 0x9A, 0x43,
-	0xE6, 0x92, 0x9D, 0x43, 0xE6, 0x93, 0x84, 0x43,
-	0xE6, 0x94, 0xAF, 0x43, 0xE6, 0x94, 0xB4, 0x43,
-	0xE6, 0x95, 0x8F, 0x43, 0xE6, 0x95, 0x96, 0x43,
-	0xE6, 0x95, 0xAC, 0x43, 0xE6, 0x95, 0xB8, 0x43,
-	0xE6, 0x96, 0x87, 0x43, 0xE6, 0x96, 0x97, 0x43,
-	0xE6, 0x96, 0x99, 0x43, 0xE6, 0x96, 0xA4, 0x43,
-	0xE6, 0x96, 0xB0, 0x43, 0xE6, 0x96, 0xB9, 0x43,
-	// Bytes cc0 - cff
-	0xE6, 0x97, 0x85, 0x43, 0xE6, 0x97, 0xA0, 0x43,
-	0xE6, 0x97, 0xA2, 0x43, 0xE6, 0x97, 0xA3, 0x43,
-	0xE6, 0x97, 0xA5, 0x43, 0xE6, 0x98, 0x93, 0x43,
-	0xE6, 0x98, 0xA0, 0x43, 0xE6, 0x99, 0x89, 0x43,
-	0xE6, 0x99, 0xB4, 0x43, 0xE6, 0x9A, 0x88, 0x43,
-	0xE6, 0x9A, 0x91, 0x43, 0xE6, 0x9A, 0x9C, 0x43,
-	0xE6, 0x9A, 0xB4, 0x43, 0xE6, 0x9B, 0x86, 0x43,
-	0xE6, 0x9B, 0xB0, 0x43, 0xE6, 0x9B, 0xB4, 0x43,
-	// Bytes d00 - d3f
-	0xE6, 0x9B, 0xB8, 0x43, 0xE6, 0x9C, 0x80, 0x43,
-	0xE6, 0x9C, 0x88, 0x43, 0xE6, 0x9C, 0x89, 0x43,
-	0xE6, 0x9C, 0x97, 0x43, 0xE6, 0x9C, 0x9B, 0x43,
-	0xE6, 0x9C, 0xA1, 0x43, 0xE6, 0x9C, 0xA8, 0x43,
-	0xE6, 0x9D, 0x8E, 0x43, 0xE6, 0x9D, 0x93, 0x43,
-	0xE6, 0x9D, 0x96, 0x43, 0xE6, 0x9D, 0x9E, 0x43,
-	0xE6, 0x9D, 0xBB, 0x43, 0xE6, 0x9E, 0x85, 0x43,
-	0xE6, 0x9E, 0x97, 0x43, 0xE6, 0x9F, 0xB3, 0x43,
-	// Bytes d40 - d7f
-	0xE6, 0x9F, 0xBA, 0x43, 0xE6, 0xA0, 0x97, 0x43,
-	0xE6, 0xA0, 0x9F, 0x43, 0xE6, 0xA0, 0xAA, 0x43,
-	0xE6, 0xA1, 0x92, 0x43, 0xE6, 0xA2, 0x81, 0x43,
-	0xE6, 0xA2, 0x85, 0x43, 0xE6, 0xA2, 0x8E, 0x43,
-	0xE6, 0xA2, 0xA8, 0x43, 0xE6, 0xA4, 0x94, 0x43,
-	0xE6, 0xA5, 0x82, 0x43, 0xE6, 0xA6, 0xA3, 0x43,
-	0xE6, 0xA7, 0xAA, 0x43, 0xE6, 0xA8, 0x82, 0x43,
-	0xE6, 0xA8, 0x93, 0x43, 0xE6, 0xAA, 0xA8, 0x43,
-	// Bytes d80 - dbf
-	0xE6, 0xAB, 0x93, 0x43, 0xE6, 0xAB, 0x9B, 0x43,
-	0xE6, 0xAC, 0x84, 0x43, 0xE6, 0xAC, 0xA0, 0x43,
-	0xE6, 0xAC, 0xA1, 0x43, 0xE6, 0xAD, 0x94, 0x43,
-	0xE6, 0xAD, 0xA2, 0x43, 0xE6, 0xAD, 0xA3, 0x43,
-	0xE6, 0xAD, 0xB2, 0x43, 0xE6, 0xAD, 0xB7, 0x43,
-	0xE6, 0xAD, 0xB9, 0x43, 0xE6, 0xAE, 0x9F, 0x43,
-	0xE6, 0xAE, 0xAE, 0x43, 0xE6, 0xAE, 0xB3, 0x43,
-	0xE6, 0xAE, 0xBA, 0x43, 0xE6, 0xAE, 0xBB, 0x43,
-	// Bytes dc0 - dff
-	0xE6, 0xAF, 0x8B, 0x43, 0xE6, 0xAF, 0x8D, 0x43,
-	0xE6, 0xAF, 0x94, 0x43, 0xE6, 0xAF, 0x9B, 0x43,
-	0xE6, 0xB0, 0x8F, 0x43, 0xE6, 0xB0, 0x94, 0x43,
-	0xE6, 0xB0, 0xB4, 0x43, 0xE6, 0xB1, 0x8E, 0x43,
-	0xE6, 0xB1, 0xA7, 0x43, 0xE6, 0xB2, 0x88, 0x43,
-	0xE6, 0xB2, 0xBF, 0x43, 0xE6, 0xB3, 0x8C, 0x43,
-	0xE6, 0xB3, 0x8D, 0x43, 0xE6, 0xB3, 0xA5, 0x43,
-	0xE6, 0xB3, 0xA8, 0x43, 0xE6, 0xB4, 0x96, 0x43,
-	// Bytes e00 - e3f
-	0xE6, 0xB4, 0x9B, 0x43, 0xE6, 0xB4, 0x9E, 0x43,
-	0xE6, 0xB4, 0xB4, 0x43, 0xE6, 0xB4, 0xBE, 0x43,
-	0xE6, 0xB5, 0x81, 0x43, 0xE6, 0xB5, 0xA9, 0x43,
-	0xE6, 0xB5, 0xAA, 0x43, 0xE6, 0xB5, 0xB7, 0x43,
-	0xE6, 0xB5, 0xB8, 0x43, 0xE6, 0xB6, 0x85, 0x43,
-	0xE6, 0xB7, 0x8B, 0x43, 0xE6, 0xB7, 0x9A, 0x43,
-	0xE6, 0xB7, 0xAA, 0x43, 0xE6, 0xB7, 0xB9, 0x43,
-	0xE6, 0xB8, 0x9A, 0x43, 0xE6, 0xB8, 0xAF, 0x43,
-	// Bytes e40 - e7f
-	0xE6, 0xB9, 0xAE, 0x43, 0xE6, 0xBA, 0x80, 0x43,
-	0xE6, 0xBA, 0x9C, 0x43, 0xE6, 0xBA, 0xBA, 0x43,
-	0xE6, 0xBB, 0x87, 0x43, 0xE6, 0xBB, 0x8B, 0x43,
-	0xE6, 0xBB, 0x91, 0x43, 0xE6, 0xBB, 0x9B, 0x43,
-	0xE6, 0xBC, 0x8F, 0x43, 0xE6, 0xBC, 0x94, 0x43,
-	0xE6, 0xBC, 0xA2, 0x43, 0xE6, 0xBC, 0xA3, 0x43,
-	0xE6, 0xBD, 0xAE, 0x43, 0xE6, 0xBF, 0x86, 0x43,
-	0xE6, 0xBF, 0xAB, 0x43, 0xE6, 0xBF, 0xBE, 0x43,
-	// Bytes e80 - ebf
-	0xE7, 0x80, 0x9B, 0x43, 0xE7, 0x80, 0x9E, 0x43,
-	0xE7, 0x80, 0xB9, 0x43, 0xE7, 0x81, 0x8A, 0x43,
-	0xE7, 0x81, 0xAB, 0x43, 0xE7, 0x81, 0xB0, 0x43,
-	0xE7, 0x81, 0xB7, 0x43, 0xE7, 0x81, 0xBD, 0x43,
-	0xE7, 0x82, 0x99, 0x43, 0xE7, 0x82, 0xAD, 0x43,
-	0xE7, 0x83, 0x88, 0x43, 0xE7, 0x83, 0x99, 0x43,
-	0xE7, 0x84, 0xA1, 0x43, 0xE7, 0x85, 0x85, 0x43,
-	0xE7, 0x85, 0x89, 0x43, 0xE7, 0x85, 0xAE, 0x43,
-	// Bytes ec0 - eff
-	0xE7, 0x86, 0x9C, 0x43, 0xE7, 0x87, 0x8E, 0x43,
-	0xE7, 0x87, 0x90, 0x43, 0xE7, 0x88, 0x90, 0x43,
-	0xE7, 0x88, 0x9B, 0x43, 0xE7, 0x88, 0xA8, 0x43,
-	0xE7, 0x88, 0xAA, 0x43, 0xE7, 0x88, 0xAB, 0x43,
-	0xE7, 0x88, 0xB5, 0x43, 0xE7, 0x88, 0xB6, 0x43,
-	0xE7, 0x88, 0xBB, 0x43, 0xE7, 0x88, 0xBF, 0x43,
-	0xE7, 0x89, 0x87, 0x43, 0xE7, 0x89, 0x90, 0x43,
-	0xE7, 0x89, 0x99, 0x43, 0xE7, 0x89, 0x9B, 0x43,
-	// Bytes f00 - f3f
-	0xE7, 0x89, 0xA2, 0x43, 0xE7, 0x89, 0xB9, 0x43,
-	0xE7, 0x8A, 0x80, 0x43, 0xE7, 0x8A, 0x95, 0x43,
-	0xE7, 0x8A, 0xAC, 0x43, 0xE7, 0x8A, 0xAF, 0x43,
-	0xE7, 0x8B, 0x80, 0x43, 0xE7, 0x8B, 0xBC, 0x43,
-	0xE7, 0x8C, 0xAA, 0x43, 0xE7, 0x8D, 0xB5, 0x43,
-	0xE7, 0x8D, 0xBA, 0x43, 0xE7, 0x8E, 0x84, 0x43,
-	0xE7, 0x8E, 0x87, 0x43, 0xE7, 0x8E, 0x89, 0x43,
-	0xE7, 0x8E, 0x8B, 0x43, 0xE7, 0x8E, 0xA5, 0x43,
-	// Bytes f40 - f7f
-	0xE7, 0x8E, 0xB2, 0x43, 0xE7, 0x8F, 0x9E, 0x43,
-	0xE7, 0x90, 0x86, 0x43, 0xE7, 0x90, 0x89, 0x43,
-	0xE7, 0x90, 0xA2, 0x43, 0xE7, 0x91, 0x87, 0x43,
-	0xE7, 0x91, 0x9C, 0x43, 0xE7, 0x91, 0xA9, 0x43,
-	0xE7, 0x91, 0xB1, 0x43, 0xE7, 0x92, 0x85, 0x43,
-	0xE7, 0x92, 0x89, 0x43, 0xE7, 0x92, 0x98, 0x43,
-	0xE7, 0x93, 0x8A, 0x43, 0xE7, 0x93, 0x9C, 0x43,
-	0xE7, 0x93, 0xA6, 0x43, 0xE7, 0x94, 0x86, 0x43,
-	// Bytes f80 - fbf
-	0xE7, 0x94, 0x98, 0x43, 0xE7, 0x94, 0x9F, 0x43,
-	0xE7, 0x94, 0xA4, 0x43, 0xE7, 0x94, 0xA8, 0x43,
-	0xE7, 0x94, 0xB0, 0x43, 0xE7, 0x94, 0xB2, 0x43,
-	0xE7, 0x94, 0xB3, 0x43, 0xE7, 0x94, 0xB7, 0x43,
-	0xE7, 0x94, 0xBB, 0x43, 0xE7, 0x94, 0xBE, 0x43,
-	0xE7, 0x95, 0x99, 0x43, 0xE7, 0x95, 0xA5, 0x43,
-	0xE7, 0x95, 0xB0, 0x43, 0xE7, 0x96, 0x8B, 0x43,
-	0xE7, 0x96, 0x92, 0x43, 0xE7, 0x97, 0xA2, 0x43,
-	// Bytes fc0 - fff
-	0xE7, 0x98, 0x90, 0x43, 0xE7, 0x98, 0x9D, 0x43,
-	0xE7, 0x98, 0x9F, 0x43, 0xE7, 0x99, 0x82, 0x43,
-	0xE7, 0x99, 0xA9, 0x43, 0xE7, 0x99, 0xB6, 0x43,
-	0xE7, 0x99, 0xBD, 0x43, 0xE7, 0x9A, 0xAE, 0x43,
-	0xE7, 0x9A, 0xBF, 0x43, 0xE7, 0x9B, 0x8A, 0x43,
-	0xE7, 0x9B, 0x9B, 0x43, 0xE7, 0x9B, 0xA3, 0x43,
-	0xE7, 0x9B, 0xA7, 0x43, 0xE7, 0x9B, 0xAE, 0x43,
-	0xE7, 0x9B, 0xB4, 0x43, 0xE7, 0x9C, 0x81, 0x43,
-	// Bytes 1000 - 103f
-	0xE7, 0x9C, 0x9E, 0x43, 0xE7, 0x9C, 0x9F, 0x43,
-	0xE7, 0x9D, 0x80, 0x43, 0xE7, 0x9D, 0x8A, 0x43,
-	0xE7, 0x9E, 0x8B, 0x43, 0xE7, 0x9E, 0xA7, 0x43,
-	0xE7, 0x9F, 0x9B, 0x43, 0xE7, 0x9F, 0xA2, 0x43,
-	0xE7, 0x9F, 0xB3, 0x43, 0xE7, 0xA1, 0x8E, 0x43,
-	0xE7, 0xA1, 0xAB, 0x43, 0xE7, 0xA2, 0x8C, 0x43,
-	0xE7, 0xA2, 0x91, 0x43, 0xE7, 0xA3, 0x8A, 0x43,
-	0xE7, 0xA3, 0x8C, 0x43, 0xE7, 0xA3, 0xBB, 0x43,
-	// Bytes 1040 - 107f
-	0xE7, 0xA4, 0xAA, 0x43, 0xE7, 0xA4, 0xBA, 0x43,
-	0xE7, 0xA4, 0xBC, 0x43, 0xE7, 0xA4, 0xBE, 0x43,
-	0xE7, 0xA5, 0x88, 0x43, 0xE7, 0xA5, 0x89, 0x43,
-	0xE7, 0xA5, 0x90, 0x43, 0xE7, 0xA5, 0x96, 0x43,
-	0xE7, 0xA5, 0x9D, 0x43, 0xE7, 0xA5, 0x9E, 0x43,
-	0xE7, 0xA5, 0xA5, 0x43, 0xE7, 0xA5, 0xBF, 0x43,
-	0xE7, 0xA6, 0x81, 0x43, 0xE7, 0xA6, 0x8D, 0x43,
-	0xE7, 0xA6, 0x8E, 0x43, 0xE7, 0xA6, 0x8F, 0x43,
-	// Bytes 1080 - 10bf
-	0xE7, 0xA6, 0xAE, 0x43, 0xE7, 0xA6, 0xB8, 0x43,
-	0xE7, 0xA6, 0xBE, 0x43, 0xE7, 0xA7, 0x8A, 0x43,
-	0xE7, 0xA7, 0x98, 0x43, 0xE7, 0xA7, 0xAB, 0x43,
-	0xE7, 0xA8, 0x9C, 0x43, 0xE7, 0xA9, 0x80, 0x43,
-	0xE7, 0xA9, 0x8A, 0x43, 0xE7, 0xA9, 0x8F, 0x43,
-	0xE7, 0xA9, 0xB4, 0x43, 0xE7, 0xA9, 0xBA, 0x43,
-	0xE7, 0xAA, 0x81, 0x43, 0xE7, 0xAA, 0xB1, 0x43,
-	0xE7, 0xAB, 0x8B, 0x43, 0xE7, 0xAB, 0xAE, 0x43,
-	// Bytes 10c0 - 10ff
-	0xE7, 0xAB, 0xB9, 0x43, 0xE7, 0xAC, 0xA0, 0x43,
-	0xE7, 0xAE, 0x8F, 0x43, 0xE7, 0xAF, 0x80, 0x43,
-	0xE7, 0xAF, 0x86, 0x43, 0xE7, 0xAF, 0x89, 0x43,
-	0xE7, 0xB0, 0xBE, 0x43, 0xE7, 0xB1, 0xA0, 0x43,
-	0xE7, 0xB1, 0xB3, 0x43, 0xE7, 0xB1, 0xBB, 0x43,
-	0xE7, 0xB2, 0x92, 0x43, 0xE7, 0xB2, 0xBE, 0x43,
-	0xE7, 0xB3, 0x92, 0x43, 0xE7, 0xB3, 0x96, 0x43,
-	0xE7, 0xB3, 0xA3, 0x43, 0xE7, 0xB3, 0xA7, 0x43,
-	// Bytes 1100 - 113f
-	0xE7, 0xB3, 0xA8, 0x43, 0xE7, 0xB3, 0xB8, 0x43,
-	0xE7, 0xB4, 0x80, 0x43, 0xE7, 0xB4, 0x90, 0x43,
-	0xE7, 0xB4, 0xA2, 0x43, 0xE7, 0xB4, 0xAF, 0x43,
-	0xE7, 0xB5, 0x82, 0x43, 0xE7, 0xB5, 0x9B, 0x43,
-	0xE7, 0xB5, 0xA3, 0x43, 0xE7, 0xB6, 0xA0, 0x43,
-	0xE7, 0xB6, 0xBE, 0x43, 0xE7, 0xB7, 0x87, 0x43,
-	0xE7, 0xB7, 0xB4, 0x43, 0xE7, 0xB8, 0x82, 0x43,
-	0xE7, 0xB8, 0x89, 0x43, 0xE7, 0xB8, 0xB7, 0x43,
-	// Bytes 1140 - 117f
-	0xE7, 0xB9, 0x81, 0x43, 0xE7, 0xB9, 0x85, 0x43,
-	0xE7, 0xBC, 0xB6, 0x43, 0xE7, 0xBC, 0xBE, 0x43,
-	0xE7, 0xBD, 0x91, 0x43, 0xE7, 0xBD, 0xB2, 0x43,
-	0xE7, 0xBD, 0xB9, 0x43, 0xE7, 0xBD, 0xBA, 0x43,
-	0xE7, 0xBE, 0x85, 0x43, 0xE7, 0xBE, 0x8A, 0x43,
-	0xE7, 0xBE, 0x95, 0x43, 0xE7, 0xBE, 0x9A, 0x43,
-	0xE7, 0xBE, 0xBD, 0x43, 0xE7, 0xBF, 0xBA, 0x43,
-	0xE8, 0x80, 0x81, 0x43, 0xE8, 0x80, 0x85, 0x43,
-	// Bytes 1180 - 11bf
-	0xE8, 0x80, 0x8C, 0x43, 0xE8, 0x80, 0x92, 0x43,
-	0xE8, 0x80, 0xB3, 0x43, 0xE8, 0x81, 0x86, 0x43,
-	0xE8, 0x81, 0xA0, 0x43, 0xE8, 0x81, 0xAF, 0x43,
-	0xE8, 0x81, 0xB0, 0x43, 0xE8, 0x81, 0xBE, 0x43,
-	0xE8, 0x81, 0xBF, 0x43, 0xE8, 0x82, 0x89, 0x43,
-	0xE8, 0x82, 0x8B, 0x43, 0xE8, 0x82, 0xAD, 0x43,
-	0xE8, 0x82, 0xB2, 0x43, 0xE8, 0x84, 0x83, 0x43,
-	0xE8, 0x84, 0xBE, 0x43, 0xE8, 0x87, 0x98, 0x43,
-	// Bytes 11c0 - 11ff
-	0xE8, 0x87, 0xA3, 0x43, 0xE8, 0x87, 0xA8, 0x43,
-	0xE8, 0x87, 0xAA, 0x43, 0xE8, 0x87, 0xAD, 0x43,
-	0xE8, 0x87, 0xB3, 0x43, 0xE8, 0x87, 0xBC, 0x43,
-	0xE8, 0x88, 0x81, 0x43, 0xE8, 0x88, 0x84, 0x43,
-	0xE8, 0x88, 0x8C, 0x43, 0xE8, 0x88, 0x98, 0x43,
-	0xE8, 0x88, 0x9B, 0x43, 0xE8, 0x88, 0x9F, 0x43,
-	0xE8, 0x89, 0xAE, 0x43, 0xE8, 0x89, 0xAF, 0x43,
-	0xE8, 0x89, 0xB2, 0x43, 0xE8, 0x89, 0xB8, 0x43,
-	// Bytes 1200 - 123f
-	0xE8, 0x89, 0xB9, 0x43, 0xE8, 0x8A, 0x8B, 0x43,
-	0xE8, 0x8A, 0x91, 0x43, 0xE8, 0x8A, 0x9D, 0x43,
-	0xE8, 0x8A, 0xB1, 0x43, 0xE8, 0x8A, 0xB3, 0x43,
-	0xE8, 0x8A, 0xBD, 0x43, 0xE8, 0x8B, 0xA5, 0x43,
-	0xE8, 0x8B, 0xA6, 0x43, 0xE8, 0x8C, 0x9D, 0x43,
-	0xE8, 0x8C, 0xA3, 0x43, 0xE8, 0x8C, 0xB6, 0x43,
-	0xE8, 0x8D, 0x92, 0x43, 0xE8, 0x8D, 0x93, 0x43,
-	0xE8, 0x8D, 0xA3, 0x43, 0xE8, 0x8E, 0xAD, 0x43,
-	// Bytes 1240 - 127f
-	0xE8, 0x8E, 0xBD, 0x43, 0xE8, 0x8F, 0x89, 0x43,
-	0xE8, 0x8F, 0x8A, 0x43, 0xE8, 0x8F, 0x8C, 0x43,
-	0xE8, 0x8F, 0x9C, 0x43, 0xE8, 0x8F, 0xA7, 0x43,
-	0xE8, 0x8F, 0xAF, 0x43, 0xE8, 0x8F, 0xB1, 0x43,
-	0xE8, 0x90, 0xBD, 0x43, 0xE8, 0x91, 0x89, 0x43,
-	0xE8, 0x91, 0x97, 0x43, 0xE8, 0x93, 0xAE, 0x43,
-	0xE8, 0x93, 0xB1, 0x43, 0xE8, 0x93, 0xB3, 0x43,
-	0xE8, 0x93, 0xBC, 0x43, 0xE8, 0x94, 0x96, 0x43,
-	// Bytes 1280 - 12bf
-	0xE8, 0x95, 0xA4, 0x43, 0xE8, 0x97, 0x8D, 0x43,
-	0xE8, 0x97, 0xBA, 0x43, 0xE8, 0x98, 0x86, 0x43,
-	0xE8, 0x98, 0x92, 0x43, 0xE8, 0x98, 0xAD, 0x43,
-	0xE8, 0x98, 0xBF, 0x43, 0xE8, 0x99, 0x8D, 0x43,
-	0xE8, 0x99, 0x90, 0x43, 0xE8, 0x99, 0x9C, 0x43,
-	0xE8, 0x99, 0xA7, 0x43, 0xE8, 0x99, 0xA9, 0x43,
-	0xE8, 0x99, 0xAB, 0x43, 0xE8, 0x9A, 0x88, 0x43,
-	0xE8, 0x9A, 0xA9, 0x43, 0xE8, 0x9B, 0xA2, 0x43,
-	// Bytes 12c0 - 12ff
-	0xE8, 0x9C, 0x8E, 0x43, 0xE8, 0x9C, 0xA8, 0x43,
-	0xE8, 0x9D, 0xAB, 0x43, 0xE8, 0x9D, 0xB9, 0x43,
-	0xE8, 0x9E, 0x86, 0x43, 0xE8, 0x9E, 0xBA, 0x43,
-	0xE8, 0x9F, 0xA1, 0x43, 0xE8, 0xA0, 0x81, 0x43,
-	0xE8, 0xA0, 0x9F, 0x43, 0xE8, 0xA1, 0x80, 0x43,
-	0xE8, 0xA1, 0x8C, 0x43, 0xE8, 0xA1, 0xA0, 0x43,
-	0xE8, 0xA1, 0xA3, 0x43, 0xE8, 0xA3, 0x82, 0x43,
-	0xE8, 0xA3, 0x8F, 0x43, 0xE8, 0xA3, 0x97, 0x43,
-	// Bytes 1300 - 133f
-	0xE8, 0xA3, 0x9E, 0x43, 0xE8, 0xA3, 0xA1, 0x43,
-	0xE8, 0xA3, 0xB8, 0x43, 0xE8, 0xA3, 0xBA, 0x43,
-	0xE8, 0xA4, 0x90, 0x43, 0xE8, 0xA5, 0x81, 0x43,
-	0xE8, 0xA5, 0xA4, 0x43, 0xE8, 0xA5, 0xBE, 0x43,
-	0xE8, 0xA6, 0x86, 0x43, 0xE8, 0xA6, 0x8B, 0x43,
-	0xE8, 0xA6, 0x96, 0x43, 0xE8, 0xA7, 0x92, 0x43,
-	0xE8, 0xA7, 0xA3, 0x43, 0xE8, 0xA8, 0x80, 0x43,
-	0xE8, 0xAA, 0xA0, 0x43, 0xE8, 0xAA, 0xAA, 0x43,
-	// Bytes 1340 - 137f
-	0xE8, 0xAA, 0xBF, 0x43, 0xE8, 0xAB, 0x8B, 0x43,
-	0xE8, 0xAB, 0x92, 0x43, 0xE8, 0xAB, 0x96, 0x43,
-	0xE8, 0xAB, 0xAD, 0x43, 0xE8, 0xAB, 0xB8, 0x43,
-	0xE8, 0xAB, 0xBE, 0x43, 0xE8, 0xAC, 0x81, 0x43,
-	0xE8, 0xAC, 0xB9, 0x43, 0xE8, 0xAD, 0x98, 0x43,
-	0xE8, 0xAE, 0x80, 0x43, 0xE8, 0xAE, 0x8A, 0x43,
-	0xE8, 0xB0, 0xB7, 0x43, 0xE8, 0xB1, 0x86, 0x43,
-	0xE8, 0xB1, 0x88, 0x43, 0xE8, 0xB1, 0x95, 0x43,
-	// Bytes 1380 - 13bf
-	0xE8, 0xB1, 0xB8, 0x43, 0xE8, 0xB2, 0x9D, 0x43,
-	0xE8, 0xB2, 0xA1, 0x43, 0xE8, 0xB2, 0xA9, 0x43,
-	0xE8, 0xB2, 0xAB, 0x43, 0xE8, 0xB3, 0x81, 0x43,
-	0xE8, 0xB3, 0x82, 0x43, 0xE8, 0xB3, 0x87, 0x43,
-	0xE8, 0xB3, 0x88, 0x43, 0xE8, 0xB3, 0x93, 0x43,
-	0xE8, 0xB4, 0x88, 0x43, 0xE8, 0xB4, 0x9B, 0x43,
-	0xE8, 0xB5, 0xA4, 0x43, 0xE8, 0xB5, 0xB0, 0x43,
-	0xE8, 0xB5, 0xB7, 0x43, 0xE8, 0xB6, 0xB3, 0x43,
-	// Bytes 13c0 - 13ff
-	0xE8, 0xB6, 0xBC, 0x43, 0xE8, 0xB7, 0x8B, 0x43,
-	0xE8, 0xB7, 0xAF, 0x43, 0xE8, 0xB7, 0xB0, 0x43,
-	0xE8, 0xBA, 0xAB, 0x43, 0xE8, 0xBB, 0x8A, 0x43,
-	0xE8, 0xBB, 0x94, 0x43, 0xE8, 0xBC, 0xA6, 0x43,
-	0xE8, 0xBC, 0xAA, 0x43, 0xE8, 0xBC, 0xB8, 0x43,
-	0xE8, 0xBC, 0xBB, 0x43, 0xE8, 0xBD, 0xA2, 0x43,
-	0xE8, 0xBE, 0x9B, 0x43, 0xE8, 0xBE, 0x9E, 0x43,
-	0xE8, 0xBE, 0xB0, 0x43, 0xE8, 0xBE, 0xB5, 0x43,
-	// Bytes 1400 - 143f
-	0xE8, 0xBE, 0xB6, 0x43, 0xE9, 0x80, 0xA3, 0x43,
-	0xE9, 0x80, 0xB8, 0x43, 0xE9, 0x81, 0x8A, 0x43,
-	0xE9, 0x81, 0xA9, 0x43, 0xE9, 0x81, 0xB2, 0x43,
-	0xE9, 0x81, 0xBC, 0x43, 0xE9, 0x82, 0x8F, 0x43,
-	0xE9, 0x82, 0x91, 0x43, 0xE9, 0x82, 0x94, 0x43,
-	0xE9, 0x83, 0x8E, 0x43, 0xE9, 0x83, 0x9E, 0x43,
-	0xE9, 0x83, 0xB1, 0x43, 0xE9, 0x83, 0xBD, 0x43,
-	0xE9, 0x84, 0x91, 0x43, 0xE9, 0x84, 0x9B, 0x43,
-	// Bytes 1440 - 147f
-	0xE9, 0x85, 0x89, 0x43, 0xE9, 0x85, 0x8D, 0x43,
-	0xE9, 0x85, 0xAA, 0x43, 0xE9, 0x86, 0x99, 0x43,
-	0xE9, 0x86, 0xB4, 0x43, 0xE9, 0x87, 0x86, 0x43,
-	0xE9, 0x87, 0x8C, 0x43, 0xE9, 0x87, 0x8F, 0x43,
-	0xE9, 0x87, 0x91, 0x43, 0xE9, 0x88, 0xB4, 0x43,
-	0xE9, 0x88, 0xB8, 0x43, 0xE9, 0x89, 0xB6, 0x43,
-	0xE9, 0x89, 0xBC, 0x43, 0xE9, 0x8B, 0x97, 0x43,
-	0xE9, 0x8B, 0x98, 0x43, 0xE9, 0x8C, 0x84, 0x43,
-	// Bytes 1480 - 14bf
-	0xE9, 0x8D, 0x8A, 0x43, 0xE9, 0x8F, 0xB9, 0x43,
-	0xE9, 0x90, 0x95, 0x43, 0xE9, 0x95, 0xB7, 0x43,
-	0xE9, 0x96, 0x80, 0x43, 0xE9, 0x96, 0x8B, 0x43,
-	0xE9, 0x96, 0xAD, 0x43, 0xE9, 0x96, 0xB7, 0x43,
-	0xE9, 0x98, 0x9C, 0x43, 0xE9, 0x98, 0xAE, 0x43,
-	0xE9, 0x99, 0x8B, 0x43, 0xE9, 0x99, 0x8D, 0x43,
-	0xE9, 0x99, 0xB5, 0x43, 0xE9, 0x99, 0xB8, 0x43,
-	0xE9, 0x99, 0xBC, 0x43, 0xE9, 0x9A, 0x86, 0x43,
-	// Bytes 14c0 - 14ff
-	0xE9, 0x9A, 0xA3, 0x43, 0xE9, 0x9A, 0xB6, 0x43,
-	0xE9, 0x9A, 0xB7, 0x43, 0xE9, 0x9A, 0xB8, 0x43,
-	0xE9, 0x9A, 0xB9, 0x43, 0xE9, 0x9B, 0x83, 0x43,
-	0xE9, 0x9B, 0xA2, 0x43, 0xE9, 0x9B, 0xA3, 0x43,
-	0xE9, 0x9B, 0xA8, 0x43, 0xE9, 0x9B, 0xB6, 0x43,
-	0xE9, 0x9B, 0xB7, 0x43, 0xE9, 0x9C, 0xA3, 0x43,
-	0xE9, 0x9C, 0xB2, 0x43, 0xE9, 0x9D, 0x88, 0x43,
-	0xE9, 0x9D, 0x91, 0x43, 0xE9, 0x9D, 0x96, 0x43,
-	// Bytes 1500 - 153f
-	0xE9, 0x9D, 0x9E, 0x43, 0xE9, 0x9D, 0xA2, 0x43,
-	0xE9, 0x9D, 0xA9, 0x43, 0xE9, 0x9F, 0x8B, 0x43,
-	0xE9, 0x9F, 0x9B, 0x43, 0xE9, 0x9F, 0xA0, 0x43,
-	0xE9, 0x9F, 0xAD, 0x43, 0xE9, 0x9F, 0xB3, 0x43,
-	0xE9, 0x9F, 0xBF, 0x43, 0xE9, 0xA0, 0x81, 0x43,
-	0xE9, 0xA0, 0x85, 0x43, 0xE9, 0xA0, 0x8B, 0x43,
-	0xE9, 0xA0, 0x98, 0x43, 0xE9, 0xA0, 0xA9, 0x43,
-	0xE9, 0xA0, 0xBB, 0x43, 0xE9, 0xA1, 0x9E, 0x43,
-	// Bytes 1540 - 157f
-	0xE9, 0xA2, 0xA8, 0x43, 0xE9, 0xA3, 0x9B, 0x43,
-	0xE9, 0xA3, 0x9F, 0x43, 0xE9, 0xA3, 0xA2, 0x43,
-	0xE9, 0xA3, 0xAF, 0x43, 0xE9, 0xA3, 0xBC, 0x43,
-	0xE9, 0xA4, 0xA8, 0x43, 0xE9, 0xA4, 0xA9, 0x43,
-	0xE9, 0xA6, 0x96, 0x43, 0xE9, 0xA6, 0x99, 0x43,
-	0xE9, 0xA6, 0xA7, 0x43, 0xE9, 0xA6, 0xAC, 0x43,
-	0xE9, 0xA7, 0x82, 0x43, 0xE9, 0xA7, 0xB1, 0x43,
-	0xE9, 0xA7, 0xBE, 0x43, 0xE9, 0xA9, 0xAA, 0x43,
-	// Bytes 1580 - 15bf
-	0xE9, 0xAA, 0xA8, 0x43, 0xE9, 0xAB, 0x98, 0x43,
-	0xE9, 0xAB, 0x9F, 0x43, 0xE9, 0xAC, 0x92, 0x43,
-	0xE9, 0xAC, 0xA5, 0x43, 0xE9, 0xAC, 0xAF, 0x43,
-	0xE9, 0xAC, 0xB2, 0x43, 0xE9, 0xAC, 0xBC, 0x43,
-	0xE9, 0xAD, 0x9A, 0x43, 0xE9, 0xAD, 0xAF, 0x43,
-	0xE9, 0xB1, 0x80, 0x43, 0xE9, 0xB1, 0x97, 0x43,
-	0xE9, 0xB3, 0xA5, 0x43, 0xE9, 0xB3, 0xBD, 0x43,
-	0xE9, 0xB5, 0xA7, 0x43, 0xE9, 0xB6, 0xB4, 0x43,
-	// Bytes 15c0 - 15ff
-	0xE9, 0xB7, 0xBA, 0x43, 0xE9, 0xB8, 0x9E, 0x43,
-	0xE9, 0xB9, 0xB5, 0x43, 0xE9, 0xB9, 0xBF, 0x43,
-	0xE9, 0xBA, 0x97, 0x43, 0xE9, 0xBA, 0x9F, 0x43,
-	0xE9, 0xBA, 0xA5, 0x43, 0xE9, 0xBA, 0xBB, 0x43,
-	0xE9, 0xBB, 0x83, 0x43, 0xE9, 0xBB, 0x8D, 0x43,
-	0xE9, 0xBB, 0x8E, 0x43, 0xE9, 0xBB, 0x91, 0x43,
-	0xE9, 0xBB, 0xB9, 0x43, 0xE9, 0xBB, 0xBD, 0x43,
-	0xE9, 0xBB, 0xBE, 0x43, 0xE9, 0xBC, 0x85, 0x43,
-	// Bytes 1600 - 163f
-	0xE9, 0xBC, 0x8E, 0x43, 0xE9, 0xBC, 0x8F, 0x43,
-	0xE9, 0xBC, 0x93, 0x43, 0xE9, 0xBC, 0x96, 0x43,
-	0xE9, 0xBC, 0xA0, 0x43, 0xE9, 0xBC, 0xBB, 0x43,
-	0xE9, 0xBD, 0x83, 0x43, 0xE9, 0xBD, 0x8A, 0x43,
-	0xE9, 0xBD, 0x92, 0x43, 0xE9, 0xBE, 0x8D, 0x43,
-	0xE9, 0xBE, 0x8E, 0x43, 0xE9, 0xBE, 0x9C, 0x43,
-	0xE9, 0xBE, 0x9F, 0x43, 0xE9, 0xBE, 0xA0, 0x43,
-	0xEA, 0x9C, 0xA7, 0x43, 0xEA, 0x9D, 0xAF, 0x43,
-	// Bytes 1640 - 167f
-	0xEA, 0xAC, 0xB7, 0x43, 0xEA, 0xAD, 0x92, 0x44,
-	0xF0, 0xA0, 0x84, 0xA2, 0x44, 0xF0, 0xA0, 0x94,
-	0x9C, 0x44, 0xF0, 0xA0, 0x94, 0xA5, 0x44, 0xF0,
-	0xA0, 0x95, 0x8B, 0x44, 0xF0, 0xA0, 0x98, 0xBA,
-	0x44, 0xF0, 0xA0, 0xA0, 0x84, 0x44, 0xF0, 0xA0,
-	0xA3, 0x9E, 0x44, 0xF0, 0xA0, 0xA8, 0xAC, 0x44,
-	0xF0, 0xA0, 0xAD, 0xA3, 0x44, 0xF0, 0xA1, 0x93,
-	0xA4, 0x44, 0xF0, 0xA1, 0x9A, 0xA8, 0x44, 0xF0,
-	// Bytes 1680 - 16bf
-	0xA1, 0x9B, 0xAA, 0x44, 0xF0, 0xA1, 0xA7, 0x88,
-	0x44, 0xF0, 0xA1, 0xAC, 0x98, 0x44, 0xF0, 0xA1,
-	0xB4, 0x8B, 0x44, 0xF0, 0xA1, 0xB7, 0xA4, 0x44,
-	0xF0, 0xA1, 0xB7, 0xA6, 0x44, 0xF0, 0xA2, 0x86,
-	0x83, 0x44, 0xF0, 0xA2, 0x86, 0x9F, 0x44, 0xF0,
-	0xA2, 0x8C, 0xB1, 0x44, 0xF0, 0xA2, 0x9B, 0x94,
-	0x44, 0xF0, 0xA2, 0xA1, 0x84, 0x44, 0xF0, 0xA2,
-	0xA1, 0x8A, 0x44, 0xF0, 0xA2, 0xAC, 0x8C, 0x44,
-	// Bytes 16c0 - 16ff
-	0xF0, 0xA2, 0xAF, 0xB1, 0x44, 0xF0, 0xA3, 0x80,
-	0x8A, 0x44, 0xF0, 0xA3, 0x8A, 0xB8, 0x44, 0xF0,
-	0xA3, 0x8D, 0x9F, 0x44, 0xF0, 0xA3, 0x8E, 0x93,
-	0x44, 0xF0, 0xA3, 0x8E, 0x9C, 0x44, 0xF0, 0xA3,
-	0x8F, 0x83, 0x44, 0xF0, 0xA3, 0x8F, 0x95, 0x44,
-	0xF0, 0xA3, 0x91, 0xAD, 0x44, 0xF0, 0xA3, 0x9A,
-	0xA3, 0x44, 0xF0, 0xA3, 0xA2, 0xA7, 0x44, 0xF0,
-	0xA3, 0xAA, 0x8D, 0x44, 0xF0, 0xA3, 0xAB, 0xBA,
-	// Bytes 1700 - 173f
-	0x44, 0xF0, 0xA3, 0xB2, 0xBC, 0x44, 0xF0, 0xA3,
-	0xB4, 0x9E, 0x44, 0xF0, 0xA3, 0xBB, 0x91, 0x44,
-	0xF0, 0xA3, 0xBD, 0x9E, 0x44, 0xF0, 0xA3, 0xBE,
-	0x8E, 0x44, 0xF0, 0xA4, 0x89, 0xA3, 0x44, 0xF0,
-	0xA4, 0x8B, 0xAE, 0x44, 0xF0, 0xA4, 0x8E, 0xAB,
-	0x44, 0xF0, 0xA4, 0x98, 0x88, 0x44, 0xF0, 0xA4,
-	0x9C, 0xB5, 0x44, 0xF0, 0xA4, 0xA0, 0x94, 0x44,
-	0xF0, 0xA4, 0xB0, 0xB6, 0x44, 0xF0, 0xA4, 0xB2,
-	// Bytes 1740 - 177f
-	0x92, 0x44, 0xF0, 0xA4, 0xBE, 0xA1, 0x44, 0xF0,
-	0xA4, 0xBE, 0xB8, 0x44, 0xF0, 0xA5, 0x81, 0x84,
-	0x44, 0xF0, 0xA5, 0x83, 0xB2, 0x44, 0xF0, 0xA5,
-	0x83, 0xB3, 0x44, 0xF0, 0xA5, 0x84, 0x99, 0x44,
-	0xF0, 0xA5, 0x84, 0xB3, 0x44, 0xF0, 0xA5, 0x89,
-	0x89, 0x44, 0xF0, 0xA5, 0x90, 0x9D, 0x44, 0xF0,
-	0xA5, 0x98, 0xA6, 0x44, 0xF0, 0xA5, 0x9A, 0x9A,
-	0x44, 0xF0, 0xA5, 0x9B, 0x85, 0x44, 0xF0, 0xA5,
-	// Bytes 1780 - 17bf
-	0xA5, 0xBC, 0x44, 0xF0, 0xA5, 0xAA, 0xA7, 0x44,
-	0xF0, 0xA5, 0xAE, 0xAB, 0x44, 0xF0, 0xA5, 0xB2,
-	0x80, 0x44, 0xF0, 0xA5, 0xB3, 0x90, 0x44, 0xF0,
-	0xA5, 0xBE, 0x86, 0x44, 0xF0, 0xA6, 0x87, 0x9A,
-	0x44, 0xF0, 0xA6, 0x88, 0xA8, 0x44, 0xF0, 0xA6,
-	0x89, 0x87, 0x44, 0xF0, 0xA6, 0x8B, 0x99, 0x44,
-	0xF0, 0xA6, 0x8C, 0xBE, 0x44, 0xF0, 0xA6, 0x93,
-	0x9A, 0x44, 0xF0, 0xA6, 0x94, 0xA3, 0x44, 0xF0,
-	// Bytes 17c0 - 17ff
-	0xA6, 0x96, 0xA8, 0x44, 0xF0, 0xA6, 0x9E, 0xA7,
-	0x44, 0xF0, 0xA6, 0x9E, 0xB5, 0x44, 0xF0, 0xA6,
-	0xAC, 0xBC, 0x44, 0xF0, 0xA6, 0xB0, 0xB6, 0x44,
-	0xF0, 0xA6, 0xB3, 0x95, 0x44, 0xF0, 0xA6, 0xB5,
-	0xAB, 0x44, 0xF0, 0xA6, 0xBC, 0xAC, 0x44, 0xF0,
-	0xA6, 0xBE, 0xB1, 0x44, 0xF0, 0xA7, 0x83, 0x92,
-	0x44, 0xF0, 0xA7, 0x8F, 0x8A, 0x44, 0xF0, 0xA7,
-	0x99, 0xA7, 0x44, 0xF0, 0xA7, 0xA2, 0xAE, 0x44,
-	// Bytes 1800 - 183f
-	0xF0, 0xA7, 0xA5, 0xA6, 0x44, 0xF0, 0xA7, 0xB2,
-	0xA8, 0x44, 0xF0, 0xA7, 0xBB, 0x93, 0x44, 0xF0,
-	0xA7, 0xBC, 0xAF, 0x44, 0xF0, 0xA8, 0x97, 0x92,
-	0x44, 0xF0, 0xA8, 0x97, 0xAD, 0x44, 0xF0, 0xA8,
-	0x9C, 0xAE, 0x44, 0xF0, 0xA8, 0xAF, 0xBA, 0x44,
-	0xF0, 0xA8, 0xB5, 0xB7, 0x44, 0xF0, 0xA9, 0x85,
-	0x85, 0x44, 0xF0, 0xA9, 0x87, 0x9F, 0x44, 0xF0,
-	0xA9, 0x88, 0x9A, 0x44, 0xF0, 0xA9, 0x90, 0x8A,
-	// Bytes 1840 - 187f
-	0x44, 0xF0, 0xA9, 0x92, 0x96, 0x44, 0xF0, 0xA9,
-	0x96, 0xB6, 0x44, 0xF0, 0xA9, 0xAC, 0xB0, 0x44,
-	0xF0, 0xAA, 0x83, 0x8E, 0x44, 0xF0, 0xAA, 0x84,
-	0x85, 0x44, 0xF0, 0xAA, 0x88, 0x8E, 0x44, 0xF0,
-	0xAA, 0x8A, 0x91, 0x44, 0xF0, 0xAA, 0x8E, 0x92,
-	0x44, 0xF0, 0xAA, 0x98, 0x80, 0x42, 0x21, 0x21,
-	0x42, 0x21, 0x3F, 0x42, 0x2E, 0x2E, 0x42, 0x30,
-	0x2C, 0x42, 0x30, 0x2E, 0x42, 0x31, 0x2C, 0x42,
-	// Bytes 1880 - 18bf
-	0x31, 0x2E, 0x42, 0x31, 0x30, 0x42, 0x31, 0x31,
-	0x42, 0x31, 0x32, 0x42, 0x31, 0x33, 0x42, 0x31,
-	0x34, 0x42, 0x31, 0x35, 0x42, 0x31, 0x36, 0x42,
-	0x31, 0x37, 0x42, 0x31, 0x38, 0x42, 0x31, 0x39,
-	0x42, 0x32, 0x2C, 0x42, 0x32, 0x2E, 0x42, 0x32,
-	0x30, 0x42, 0x32, 0x31, 0x42, 0x32, 0x32, 0x42,
-	0x32, 0x33, 0x42, 0x32, 0x34, 0x42, 0x32, 0x35,
-	0x42, 0x32, 0x36, 0x42, 0x32, 0x37, 0x42, 0x32,
-	// Bytes 18c0 - 18ff
-	0x38, 0x42, 0x32, 0x39, 0x42, 0x33, 0x2C, 0x42,
-	0x33, 0x2E, 0x42, 0x33, 0x30, 0x42, 0x33, 0x31,
-	0x42, 0x33, 0x32, 0x42, 0x33, 0x33, 0x42, 0x33,
-	0x34, 0x42, 0x33, 0x35, 0x42, 0x33, 0x36, 0x42,
-	0x33, 0x37, 0x42, 0x33, 0x38, 0x42, 0x33, 0x39,
-	0x42, 0x34, 0x2C, 0x42, 0x34, 0x2E, 0x42, 0x34,
-	0x30, 0x42, 0x34, 0x31, 0x42, 0x34, 0x32, 0x42,
-	0x34, 0x33, 0x42, 0x34, 0x34, 0x42, 0x34, 0x35,
-	// Bytes 1900 - 193f
-	0x42, 0x34, 0x36, 0x42, 0x34, 0x37, 0x42, 0x34,
-	0x38, 0x42, 0x34, 0x39, 0x42, 0x35, 0x2C, 0x42,
-	0x35, 0x2E, 0x42, 0x35, 0x30, 0x42, 0x36, 0x2C,
-	0x42, 0x36, 0x2E, 0x42, 0x37, 0x2C, 0x42, 0x37,
-	0x2E, 0x42, 0x38, 0x2C, 0x42, 0x38, 0x2E, 0x42,
-	0x39, 0x2C, 0x42, 0x39, 0x2E, 0x42, 0x3D, 0x3D,
-	0x42, 0x3F, 0x21, 0x42, 0x3F, 0x3F, 0x42, 0x41,
-	0x55, 0x42, 0x42, 0x71, 0x42, 0x43, 0x44, 0x42,
-	// Bytes 1940 - 197f
-	0x44, 0x4A, 0x42, 0x44, 0x5A, 0x42, 0x44, 0x7A,
-	0x42, 0x47, 0x42, 0x42, 0x47, 0x79, 0x42, 0x48,
-	0x50, 0x42, 0x48, 0x56, 0x42, 0x48, 0x67, 0x42,
-	0x48, 0x7A, 0x42, 0x49, 0x49, 0x42, 0x49, 0x4A,
-	0x42, 0x49, 0x55, 0x42, 0x49, 0x56, 0x42, 0x49,
-	0x58, 0x42, 0x4B, 0x42, 0x42, 0x4B, 0x4B, 0x42,
-	0x4B, 0x4D, 0x42, 0x4C, 0x4A, 0x42, 0x4C, 0x6A,
-	0x42, 0x4D, 0x42, 0x42, 0x4D, 0x43, 0x42, 0x4D,
-	// Bytes 1980 - 19bf
-	0x44, 0x42, 0x4D, 0x56, 0x42, 0x4D, 0x57, 0x42,
-	0x4E, 0x4A, 0x42, 0x4E, 0x6A, 0x42, 0x4E, 0x6F,
-	0x42, 0x50, 0x48, 0x42, 0x50, 0x52, 0x42, 0x50,
-	0x61, 0x42, 0x52, 0x73, 0x42, 0x53, 0x44, 0x42,
-	0x53, 0x4D, 0x42, 0x53, 0x53, 0x42, 0x53, 0x76,
-	0x42, 0x54, 0x4D, 0x42, 0x56, 0x49, 0x42, 0x57,
-	0x43, 0x42, 0x57, 0x5A, 0x42, 0x57, 0x62, 0x42,
-	0x58, 0x49, 0x42, 0x63, 0x63, 0x42, 0x63, 0x64,
-	// Bytes 19c0 - 19ff
-	0x42, 0x63, 0x6D, 0x42, 0x64, 0x42, 0x42, 0x64,
-	0x61, 0x42, 0x64, 0x6C, 0x42, 0x64, 0x6D, 0x42,
-	0x64, 0x7A, 0x42, 0x65, 0x56, 0x42, 0x66, 0x66,
-	0x42, 0x66, 0x69, 0x42, 0x66, 0x6C, 0x42, 0x66,
-	0x6D, 0x42, 0x68, 0x61, 0x42, 0x69, 0x69, 0x42,
-	0x69, 0x6A, 0x42, 0x69, 0x6E, 0x42, 0x69, 0x76,
-	0x42, 0x69, 0x78, 0x42, 0x6B, 0x41, 0x42, 0x6B,
-	0x56, 0x42, 0x6B, 0x57, 0x42, 0x6B, 0x67, 0x42,
-	// Bytes 1a00 - 1a3f
-	0x6B, 0x6C, 0x42, 0x6B, 0x6D, 0x42, 0x6B, 0x74,
-	0x42, 0x6C, 0x6A, 0x42, 0x6C, 0x6D, 0x42, 0x6C,
-	0x6E, 0x42, 0x6C, 0x78, 0x42, 0x6D, 0x32, 0x42,
-	0x6D, 0x33, 0x42, 0x6D, 0x41, 0x42, 0x6D, 0x56,
-	0x42, 0x6D, 0x57, 0x42, 0x6D, 0x62, 0x42, 0x6D,
-	0x67, 0x42, 0x6D, 0x6C, 0x42, 0x6D, 0x6D, 0x42,
-	0x6D, 0x73, 0x42, 0x6E, 0x41, 0x42, 0x6E, 0x46,
-	0x42, 0x6E, 0x56, 0x42, 0x6E, 0x57, 0x42, 0x6E,
-	// Bytes 1a40 - 1a7f
-	0x6A, 0x42, 0x6E, 0x6D, 0x42, 0x6E, 0x73, 0x42,
-	0x6F, 0x56, 0x42, 0x70, 0x41, 0x42, 0x70, 0x46,
-	0x42, 0x70, 0x56, 0x42, 0x70, 0x57, 0x42, 0x70,
-	0x63, 0x42, 0x70, 0x73, 0x42, 0x73, 0x72, 0x42,
-	0x73, 0x74, 0x42, 0x76, 0x69, 0x42, 0x78, 0x69,
-	0x43, 0x28, 0x31, 0x29, 0x43, 0x28, 0x32, 0x29,
-	0x43, 0x28, 0x33, 0x29, 0x43, 0x28, 0x34, 0x29,
-	0x43, 0x28, 0x35, 0x29, 0x43, 0x28, 0x36, 0x29,
-	// Bytes 1a80 - 1abf
-	0x43, 0x28, 0x37, 0x29, 0x43, 0x28, 0x38, 0x29,
-	0x43, 0x28, 0x39, 0x29, 0x43, 0x28, 0x41, 0x29,
-	0x43, 0x28, 0x42, 0x29, 0x43, 0x28, 0x43, 0x29,
-	0x43, 0x28, 0x44, 0x29, 0x43, 0x28, 0x45, 0x29,
-	0x43, 0x28, 0x46, 0x29, 0x43, 0x28, 0x47, 0x29,
-	0x43, 0x28, 0x48, 0x29, 0x43, 0x28, 0x49, 0x29,
-	0x43, 0x28, 0x4A, 0x29, 0x43, 0x28, 0x4B, 0x29,
-	0x43, 0x28, 0x4C, 0x29, 0x43, 0x28, 0x4D, 0x29,
-	// Bytes 1ac0 - 1aff
-	0x43, 0x28, 0x4E, 0x29, 0x43, 0x28, 0x4F, 0x29,
-	0x43, 0x28, 0x50, 0x29, 0x43, 0x28, 0x51, 0x29,
-	0x43, 0x28, 0x52, 0x29, 0x43, 0x28, 0x53, 0x29,
-	0x43, 0x28, 0x54, 0x29, 0x43, 0x28, 0x55, 0x29,
-	0x43, 0x28, 0x56, 0x29, 0x43, 0x28, 0x57, 0x29,
-	0x43, 0x28, 0x58, 0x29, 0x43, 0x28, 0x59, 0x29,
-	0x43, 0x28, 0x5A, 0x29, 0x43, 0x28, 0x61, 0x29,
-	0x43, 0x28, 0x62, 0x29, 0x43, 0x28, 0x63, 0x29,
-	// Bytes 1b00 - 1b3f
-	0x43, 0x28, 0x64, 0x29, 0x43, 0x28, 0x65, 0x29,
-	0x43, 0x28, 0x66, 0x29, 0x43, 0x28, 0x67, 0x29,
-	0x43, 0x28, 0x68, 0x29, 0x43, 0x28, 0x69, 0x29,
-	0x43, 0x28, 0x6A, 0x29, 0x43, 0x28, 0x6B, 0x29,
-	0x43, 0x28, 0x6C, 0x29, 0x43, 0x28, 0x6D, 0x29,
-	0x43, 0x28, 0x6E, 0x29, 0x43, 0x28, 0x6F, 0x29,
-	0x43, 0x28, 0x70, 0x29, 0x43, 0x28, 0x71, 0x29,
-	0x43, 0x28, 0x72, 0x29, 0x43, 0x28, 0x73, 0x29,
-	// Bytes 1b40 - 1b7f
-	0x43, 0x28, 0x74, 0x29, 0x43, 0x28, 0x75, 0x29,
-	0x43, 0x28, 0x76, 0x29, 0x43, 0x28, 0x77, 0x29,
-	0x43, 0x28, 0x78, 0x29, 0x43, 0x28, 0x79, 0x29,
-	0x43, 0x28, 0x7A, 0x29, 0x43, 0x2E, 0x2E, 0x2E,
-	0x43, 0x31, 0x30, 0x2E, 0x43, 0x31, 0x31, 0x2E,
-	0x43, 0x31, 0x32, 0x2E, 0x43, 0x31, 0x33, 0x2E,
-	0x43, 0x31, 0x34, 0x2E, 0x43, 0x31, 0x35, 0x2E,
-	0x43, 0x31, 0x36, 0x2E, 0x43, 0x31, 0x37, 0x2E,
-	// Bytes 1b80 - 1bbf
-	0x43, 0x31, 0x38, 0x2E, 0x43, 0x31, 0x39, 0x2E,
-	0x43, 0x32, 0x30, 0x2E, 0x43, 0x3A, 0x3A, 0x3D,
-	0x43, 0x3D, 0x3D, 0x3D, 0x43, 0x43, 0x6F, 0x2E,
-	0x43, 0x46, 0x41, 0x58, 0x43, 0x47, 0x48, 0x7A,
-	0x43, 0x47, 0x50, 0x61, 0x43, 0x49, 0x49, 0x49,
-	0x43, 0x4C, 0x54, 0x44, 0x43, 0x4C, 0xC2, 0xB7,
-	0x43, 0x4D, 0x48, 0x7A, 0x43, 0x4D, 0x50, 0x61,
-	0x43, 0x4D, 0xCE, 0xA9, 0x43, 0x50, 0x50, 0x4D,
-	// Bytes 1bc0 - 1bff
-	0x43, 0x50, 0x50, 0x56, 0x43, 0x50, 0x54, 0x45,
-	0x43, 0x54, 0x45, 0x4C, 0x43, 0x54, 0x48, 0x7A,
-	0x43, 0x56, 0x49, 0x49, 0x43, 0x58, 0x49, 0x49,
-	0x43, 0x61, 0x2F, 0x63, 0x43, 0x61, 0x2F, 0x73,
-	0x43, 0x61, 0xCA, 0xBE, 0x43, 0x62, 0x61, 0x72,
-	0x43, 0x63, 0x2F, 0x6F, 0x43, 0x63, 0x2F, 0x75,
-	0x43, 0x63, 0x61, 0x6C, 0x43, 0x63, 0x6D, 0x32,
-	0x43, 0x63, 0x6D, 0x33, 0x43, 0x64, 0x6D, 0x32,
-	// Bytes 1c00 - 1c3f
-	0x43, 0x64, 0x6D, 0x33, 0x43, 0x65, 0x72, 0x67,
-	0x43, 0x66, 0x66, 0x69, 0x43, 0x66, 0x66, 0x6C,
-	0x43, 0x67, 0x61, 0x6C, 0x43, 0x68, 0x50, 0x61,
-	0x43, 0x69, 0x69, 0x69, 0x43, 0x6B, 0x48, 0x7A,
-	0x43, 0x6B, 0x50, 0x61, 0x43, 0x6B, 0x6D, 0x32,
-	0x43, 0x6B, 0x6D, 0x33, 0x43, 0x6B, 0xCE, 0xA9,
-	0x43, 0x6C, 0x6F, 0x67, 0x43, 0x6C, 0xC2, 0xB7,
-	0x43, 0x6D, 0x69, 0x6C, 0x43, 0x6D, 0x6D, 0x32,
-	// Bytes 1c40 - 1c7f
-	0x43, 0x6D, 0x6D, 0x33, 0x43, 0x6D, 0x6F, 0x6C,
-	0x43, 0x72, 0x61, 0x64, 0x43, 0x76, 0x69, 0x69,
-	0x43, 0x78, 0x69, 0x69, 0x43, 0xC2, 0xB0, 0x43,
-	0x43, 0xC2, 0xB0, 0x46, 0x43, 0xCA, 0xBC, 0x6E,
-	0x43, 0xCE, 0xBC, 0x41, 0x43, 0xCE, 0xBC, 0x46,
-	0x43, 0xCE, 0xBC, 0x56, 0x43, 0xCE, 0xBC, 0x57,
-	0x43, 0xCE, 0xBC, 0x67, 0x43, 0xCE, 0xBC, 0x6C,
-	0x43, 0xCE, 0xBC, 0x6D, 0x43, 0xCE, 0xBC, 0x73,
-	// Bytes 1c80 - 1cbf
-	0x44, 0x28, 0x31, 0x30, 0x29, 0x44, 0x28, 0x31,
-	0x31, 0x29, 0x44, 0x28, 0x31, 0x32, 0x29, 0x44,
-	0x28, 0x31, 0x33, 0x29, 0x44, 0x28, 0x31, 0x34,
-	0x29, 0x44, 0x28, 0x31, 0x35, 0x29, 0x44, 0x28,
-	0x31, 0x36, 0x29, 0x44, 0x28, 0x31, 0x37, 0x29,
-	0x44, 0x28, 0x31, 0x38, 0x29, 0x44, 0x28, 0x31,
-	0x39, 0x29, 0x44, 0x28, 0x32, 0x30, 0x29, 0x44,
-	0x30, 0xE7, 0x82, 0xB9, 0x44, 0x31, 0xE2, 0x81,
-	// Bytes 1cc0 - 1cff
-	0x84, 0x44, 0x31, 0xE6, 0x97, 0xA5, 0x44, 0x31,
-	0xE6, 0x9C, 0x88, 0x44, 0x31, 0xE7, 0x82, 0xB9,
-	0x44, 0x32, 0xE6, 0x97, 0xA5, 0x44, 0x32, 0xE6,
-	0x9C, 0x88, 0x44, 0x32, 0xE7, 0x82, 0xB9, 0x44,
-	0x33, 0xE6, 0x97, 0xA5, 0x44, 0x33, 0xE6, 0x9C,
-	0x88, 0x44, 0x33, 0xE7, 0x82, 0xB9, 0x44, 0x34,
-	0xE6, 0x97, 0xA5, 0x44, 0x34, 0xE6, 0x9C, 0x88,
-	0x44, 0x34, 0xE7, 0x82, 0xB9, 0x44, 0x35, 0xE6,
-	// Bytes 1d00 - 1d3f
-	0x97, 0xA5, 0x44, 0x35, 0xE6, 0x9C, 0x88, 0x44,
-	0x35, 0xE7, 0x82, 0xB9, 0x44, 0x36, 0xE6, 0x97,
-	0xA5, 0x44, 0x36, 0xE6, 0x9C, 0x88, 0x44, 0x36,
-	0xE7, 0x82, 0xB9, 0x44, 0x37, 0xE6, 0x97, 0xA5,
-	0x44, 0x37, 0xE6, 0x9C, 0x88, 0x44, 0x37, 0xE7,
-	0x82, 0xB9, 0x44, 0x38, 0xE6, 0x97, 0xA5, 0x44,
-	0x38, 0xE6, 0x9C, 0x88, 0x44, 0x38, 0xE7, 0x82,
-	0xB9, 0x44, 0x39, 0xE6, 0x97, 0xA5, 0x44, 0x39,
-	// Bytes 1d40 - 1d7f
-	0xE6, 0x9C, 0x88, 0x44, 0x39, 0xE7, 0x82, 0xB9,
-	0x44, 0x56, 0x49, 0x49, 0x49, 0x44, 0x61, 0x2E,
-	0x6D, 0x2E, 0x44, 0x6B, 0x63, 0x61, 0x6C, 0x44,
-	0x70, 0x2E, 0x6D, 0x2E, 0x44, 0x76, 0x69, 0x69,
-	0x69, 0x44, 0xD5, 0xA5, 0xD6, 0x82, 0x44, 0xD5,
-	0xB4, 0xD5, 0xA5, 0x44, 0xD5, 0xB4, 0xD5, 0xAB,
-	0x44, 0xD5, 0xB4, 0xD5, 0xAD, 0x44, 0xD5, 0xB4,
-	0xD5, 0xB6, 0x44, 0xD5, 0xBE, 0xD5, 0xB6, 0x44,
-	// Bytes 1d80 - 1dbf
-	0xD7, 0x90, 0xD7, 0x9C, 0x44, 0xD8, 0xA7, 0xD9,
-	0xB4, 0x44, 0xD8, 0xA8, 0xD8, 0xAC, 0x44, 0xD8,
-	0xA8, 0xD8, 0xAD, 0x44, 0xD8, 0xA8, 0xD8, 0xAE,
-	0x44, 0xD8, 0xA8, 0xD8, 0xB1, 0x44, 0xD8, 0xA8,
-	0xD8, 0xB2, 0x44, 0xD8, 0xA8, 0xD9, 0x85, 0x44,
-	0xD8, 0xA8, 0xD9, 0x86, 0x44, 0xD8, 0xA8, 0xD9,
-	0x87, 0x44, 0xD8, 0xA8, 0xD9, 0x89, 0x44, 0xD8,
-	0xA8, 0xD9, 0x8A, 0x44, 0xD8, 0xAA, 0xD8, 0xAC,
-	// Bytes 1dc0 - 1dff
-	0x44, 0xD8, 0xAA, 0xD8, 0xAD, 0x44, 0xD8, 0xAA,
-	0xD8, 0xAE, 0x44, 0xD8, 0xAA, 0xD8, 0xB1, 0x44,
-	0xD8, 0xAA, 0xD8, 0xB2, 0x44, 0xD8, 0xAA, 0xD9,
-	0x85, 0x44, 0xD8, 0xAA, 0xD9, 0x86, 0x44, 0xD8,
-	0xAA, 0xD9, 0x87, 0x44, 0xD8, 0xAA, 0xD9, 0x89,
-	0x44, 0xD8, 0xAA, 0xD9, 0x8A, 0x44, 0xD8, 0xAB,
-	0xD8, 0xAC, 0x44, 0xD8, 0xAB, 0xD8, 0xB1, 0x44,
-	0xD8, 0xAB, 0xD8, 0xB2, 0x44, 0xD8, 0xAB, 0xD9,
-	// Bytes 1e00 - 1e3f
-	0x85, 0x44, 0xD8, 0xAB, 0xD9, 0x86, 0x44, 0xD8,
-	0xAB, 0xD9, 0x87, 0x44, 0xD8, 0xAB, 0xD9, 0x89,
-	0x44, 0xD8, 0xAB, 0xD9, 0x8A, 0x44, 0xD8, 0xAC,
-	0xD8, 0xAD, 0x44, 0xD8, 0xAC, 0xD9, 0x85, 0x44,
-	0xD8, 0xAC, 0xD9, 0x89, 0x44, 0xD8, 0xAC, 0xD9,
-	0x8A, 0x44, 0xD8, 0xAD, 0xD8, 0xAC, 0x44, 0xD8,
-	0xAD, 0xD9, 0x85, 0x44, 0xD8, 0xAD, 0xD9, 0x89,
-	0x44, 0xD8, 0xAD, 0xD9, 0x8A, 0x44, 0xD8, 0xAE,
-	// Bytes 1e40 - 1e7f
-	0xD8, 0xAC, 0x44, 0xD8, 0xAE, 0xD8, 0xAD, 0x44,
-	0xD8, 0xAE, 0xD9, 0x85, 0x44, 0xD8, 0xAE, 0xD9,
-	0x89, 0x44, 0xD8, 0xAE, 0xD9, 0x8A, 0x44, 0xD8,
-	0xB3, 0xD8, 0xAC, 0x44, 0xD8, 0xB3, 0xD8, 0xAD,
-	0x44, 0xD8, 0xB3, 0xD8, 0xAE, 0x44, 0xD8, 0xB3,
-	0xD8, 0xB1, 0x44, 0xD8, 0xB3, 0xD9, 0x85, 0x44,
-	0xD8, 0xB3, 0xD9, 0x87, 0x44, 0xD8, 0xB3, 0xD9,
-	0x89, 0x44, 0xD8, 0xB3, 0xD9, 0x8A, 0x44, 0xD8,
-	// Bytes 1e80 - 1ebf
-	0xB4, 0xD8, 0xAC, 0x44, 0xD8, 0xB4, 0xD8, 0xAD,
-	0x44, 0xD8, 0xB4, 0xD8, 0xAE, 0x44, 0xD8, 0xB4,
-	0xD8, 0xB1, 0x44, 0xD8, 0xB4, 0xD9, 0x85, 0x44,
-	0xD8, 0xB4, 0xD9, 0x87, 0x44, 0xD8, 0xB4, 0xD9,
-	0x89, 0x44, 0xD8, 0xB4, 0xD9, 0x8A, 0x44, 0xD8,
-	0xB5, 0xD8, 0xAD, 0x44, 0xD8, 0xB5, 0xD8, 0xAE,
-	0x44, 0xD8, 0xB5, 0xD8, 0xB1, 0x44, 0xD8, 0xB5,
-	0xD9, 0x85, 0x44, 0xD8, 0xB5, 0xD9, 0x89, 0x44,
-	// Bytes 1ec0 - 1eff
-	0xD8, 0xB5, 0xD9, 0x8A, 0x44, 0xD8, 0xB6, 0xD8,
-	0xAC, 0x44, 0xD8, 0xB6, 0xD8, 0xAD, 0x44, 0xD8,
-	0xB6, 0xD8, 0xAE, 0x44, 0xD8, 0xB6, 0xD8, 0xB1,
-	0x44, 0xD8, 0xB6, 0xD9, 0x85, 0x44, 0xD8, 0xB6,
-	0xD9, 0x89, 0x44, 0xD8, 0xB6, 0xD9, 0x8A, 0x44,
-	0xD8, 0xB7, 0xD8, 0xAD, 0x44, 0xD8, 0xB7, 0xD9,
-	0x85, 0x44, 0xD8, 0xB7, 0xD9, 0x89, 0x44, 0xD8,
-	0xB7, 0xD9, 0x8A, 0x44, 0xD8, 0xB8, 0xD9, 0x85,
-	// Bytes 1f00 - 1f3f
-	0x44, 0xD8, 0xB9, 0xD8, 0xAC, 0x44, 0xD8, 0xB9,
-	0xD9, 0x85, 0x44, 0xD8, 0xB9, 0xD9, 0x89, 0x44,
-	0xD8, 0xB9, 0xD9, 0x8A, 0x44, 0xD8, 0xBA, 0xD8,
-	0xAC, 0x44, 0xD8, 0xBA, 0xD9, 0x85, 0x44, 0xD8,
-	0xBA, 0xD9, 0x89, 0x44, 0xD8, 0xBA, 0xD9, 0x8A,
-	0x44, 0xD9, 0x81, 0xD8, 0xAC, 0x44, 0xD9, 0x81,
-	0xD8, 0xAD, 0x44, 0xD9, 0x81, 0xD8, 0xAE, 0x44,
-	0xD9, 0x81, 0xD9, 0x85, 0x44, 0xD9, 0x81, 0xD9,
-	// Bytes 1f40 - 1f7f
-	0x89, 0x44, 0xD9, 0x81, 0xD9, 0x8A, 0x44, 0xD9,
-	0x82, 0xD8, 0xAD, 0x44, 0xD9, 0x82, 0xD9, 0x85,
-	0x44, 0xD9, 0x82, 0xD9, 0x89, 0x44, 0xD9, 0x82,
-	0xD9, 0x8A, 0x44, 0xD9, 0x83, 0xD8, 0xA7, 0x44,
-	0xD9, 0x83, 0xD8, 0xAC, 0x44, 0xD9, 0x83, 0xD8,
-	0xAD, 0x44, 0xD9, 0x83, 0xD8, 0xAE, 0x44, 0xD9,
-	0x83, 0xD9, 0x84, 0x44, 0xD9, 0x83, 0xD9, 0x85,
-	0x44, 0xD9, 0x83, 0xD9, 0x89, 0x44, 0xD9, 0x83,
-	// Bytes 1f80 - 1fbf
-	0xD9, 0x8A, 0x44, 0xD9, 0x84, 0xD8, 0xA7, 0x44,
-	0xD9, 0x84, 0xD8, 0xAC, 0x44, 0xD9, 0x84, 0xD8,
-	0xAD, 0x44, 0xD9, 0x84, 0xD8, 0xAE, 0x44, 0xD9,
-	0x84, 0xD9, 0x85, 0x44, 0xD9, 0x84, 0xD9, 0x87,
-	0x44, 0xD9, 0x84, 0xD9, 0x89, 0x44, 0xD9, 0x84,
-	0xD9, 0x8A, 0x44, 0xD9, 0x85, 0xD8, 0xA7, 0x44,
-	0xD9, 0x85, 0xD8, 0xAC, 0x44, 0xD9, 0x85, 0xD8,
-	0xAD, 0x44, 0xD9, 0x85, 0xD8, 0xAE, 0x44, 0xD9,
-	// Bytes 1fc0 - 1fff
-	0x85, 0xD9, 0x85, 0x44, 0xD9, 0x85, 0xD9, 0x89,
-	0x44, 0xD9, 0x85, 0xD9, 0x8A, 0x44, 0xD9, 0x86,
-	0xD8, 0xAC, 0x44, 0xD9, 0x86, 0xD8, 0xAD, 0x44,
-	0xD9, 0x86, 0xD8, 0xAE, 0x44, 0xD9, 0x86, 0xD8,
-	0xB1, 0x44, 0xD9, 0x86, 0xD8, 0xB2, 0x44, 0xD9,
-	0x86, 0xD9, 0x85, 0x44, 0xD9, 0x86, 0xD9, 0x86,
-	0x44, 0xD9, 0x86, 0xD9, 0x87, 0x44, 0xD9, 0x86,
-	0xD9, 0x89, 0x44, 0xD9, 0x86, 0xD9, 0x8A, 0x44,
-	// Bytes 2000 - 203f
-	0xD9, 0x87, 0xD8, 0xAC, 0x44, 0xD9, 0x87, 0xD9,
-	0x85, 0x44, 0xD9, 0x87, 0xD9, 0x89, 0x44, 0xD9,
-	0x87, 0xD9, 0x8A, 0x44, 0xD9, 0x88, 0xD9, 0xB4,
-	0x44, 0xD9, 0x8A, 0xD8, 0xAC, 0x44, 0xD9, 0x8A,
-	0xD8, 0xAD, 0x44, 0xD9, 0x8A, 0xD8, 0xAE, 0x44,
-	0xD9, 0x8A, 0xD8, 0xB1, 0x44, 0xD9, 0x8A, 0xD8,
-	0xB2, 0x44, 0xD9, 0x8A, 0xD9, 0x85, 0x44, 0xD9,
-	0x8A, 0xD9, 0x86, 0x44, 0xD9, 0x8A, 0xD9, 0x87,
-	// Bytes 2040 - 207f
-	0x44, 0xD9, 0x8A, 0xD9, 0x89, 0x44, 0xD9, 0x8A,
-	0xD9, 0x8A, 0x44, 0xD9, 0x8A, 0xD9, 0xB4, 0x44,
-	0xDB, 0x87, 0xD9, 0xB4, 0x45, 0x28, 0xE1, 0x84,
-	0x80, 0x29, 0x45, 0x28, 0xE1, 0x84, 0x82, 0x29,
-	0x45, 0x28, 0xE1, 0x84, 0x83, 0x29, 0x45, 0x28,
-	0xE1, 0x84, 0x85, 0x29, 0x45, 0x28, 0xE1, 0x84,
-	0x86, 0x29, 0x45, 0x28, 0xE1, 0x84, 0x87, 0x29,
-	0x45, 0x28, 0xE1, 0x84, 0x89, 0x29, 0x45, 0x28,
-	// Bytes 2080 - 20bf
-	0xE1, 0x84, 0x8B, 0x29, 0x45, 0x28, 0xE1, 0x84,
-	0x8C, 0x29, 0x45, 0x28, 0xE1, 0x84, 0x8E, 0x29,
-	0x45, 0x28, 0xE1, 0x84, 0x8F, 0x29, 0x45, 0x28,
-	0xE1, 0x84, 0x90, 0x29, 0x45, 0x28, 0xE1, 0x84,
-	0x91, 0x29, 0x45, 0x28, 0xE1, 0x84, 0x92, 0x29,
-	0x45, 0x28, 0xE4, 0xB8, 0x80, 0x29, 0x45, 0x28,
-	0xE4, 0xB8, 0x83, 0x29, 0x45, 0x28, 0xE4, 0xB8,
-	0x89, 0x29, 0x45, 0x28, 0xE4, 0xB9, 0x9D, 0x29,
-	// Bytes 20c0 - 20ff
-	0x45, 0x28, 0xE4, 0xBA, 0x8C, 0x29, 0x45, 0x28,
-	0xE4, 0xBA, 0x94, 0x29, 0x45, 0x28, 0xE4, 0xBB,
-	0xA3, 0x29, 0x45, 0x28, 0xE4, 0xBC, 0x81, 0x29,
-	0x45, 0x28, 0xE4, 0xBC, 0x91, 0x29, 0x45, 0x28,
-	0xE5, 0x85, 0xAB, 0x29, 0x45, 0x28, 0xE5, 0x85,
-	0xAD, 0x29, 0x45, 0x28, 0xE5, 0x8A, 0xB4, 0x29,
-	0x45, 0x28, 0xE5, 0x8D, 0x81, 0x29, 0x45, 0x28,
-	0xE5, 0x8D, 0x94, 0x29, 0x45, 0x28, 0xE5, 0x90,
-	// Bytes 2100 - 213f
-	0x8D, 0x29, 0x45, 0x28, 0xE5, 0x91, 0xBC, 0x29,
-	0x45, 0x28, 0xE5, 0x9B, 0x9B, 0x29, 0x45, 0x28,
-	0xE5, 0x9C, 0x9F, 0x29, 0x45, 0x28, 0xE5, 0xAD,
-	0xA6, 0x29, 0x45, 0x28, 0xE6, 0x97, 0xA5, 0x29,
-	0x45, 0x28, 0xE6, 0x9C, 0x88, 0x29, 0x45, 0x28,
-	0xE6, 0x9C, 0x89, 0x29, 0x45, 0x28, 0xE6, 0x9C,
-	0xA8, 0x29, 0x45, 0x28, 0xE6, 0xA0, 0xAA, 0x29,
-	0x45, 0x28, 0xE6, 0xB0, 0xB4, 0x29, 0x45, 0x28,
-	// Bytes 2140 - 217f
-	0xE7, 0x81, 0xAB, 0x29, 0x45, 0x28, 0xE7, 0x89,
-	0xB9, 0x29, 0x45, 0x28, 0xE7, 0x9B, 0xA3, 0x29,
-	0x45, 0x28, 0xE7, 0xA4, 0xBE, 0x29, 0x45, 0x28,
-	0xE7, 0xA5, 0x9D, 0x29, 0x45, 0x28, 0xE7, 0xA5,
-	0xAD, 0x29, 0x45, 0x28, 0xE8, 0x87, 0xAA, 0x29,
-	0x45, 0x28, 0xE8, 0x87, 0xB3, 0x29, 0x45, 0x28,
-	0xE8, 0xB2, 0xA1, 0x29, 0x45, 0x28, 0xE8, 0xB3,
-	0x87, 0x29, 0x45, 0x28, 0xE9, 0x87, 0x91, 0x29,
-	// Bytes 2180 - 21bf
-	0x45, 0x30, 0xE2, 0x81, 0x84, 0x33, 0x45, 0x31,
-	0x30, 0xE6, 0x97, 0xA5, 0x45, 0x31, 0x30, 0xE6,
-	0x9C, 0x88, 0x45, 0x31, 0x30, 0xE7, 0x82, 0xB9,
-	0x45, 0x31, 0x31, 0xE6, 0x97, 0xA5, 0x45, 0x31,
-	0x31, 0xE6, 0x9C, 0x88, 0x45, 0x31, 0x31, 0xE7,
-	0x82, 0xB9, 0x45, 0x31, 0x32, 0xE6, 0x97, 0xA5,
-	0x45, 0x31, 0x32, 0xE6, 0x9C, 0x88, 0x45, 0x31,
-	0x32, 0xE7, 0x82, 0xB9, 0x45, 0x31, 0x33, 0xE6,
-	// Bytes 21c0 - 21ff
-	0x97, 0xA5, 0x45, 0x31, 0x33, 0xE7, 0x82, 0xB9,
-	0x45, 0x31, 0x34, 0xE6, 0x97, 0xA5, 0x45, 0x31,
-	0x34, 0xE7, 0x82, 0xB9, 0x45, 0x31, 0x35, 0xE6,
-	0x97, 0xA5, 0x45, 0x31, 0x35, 0xE7, 0x82, 0xB9,
-	0x45, 0x31, 0x36, 0xE6, 0x97, 0xA5, 0x45, 0x31,
-	0x36, 0xE7, 0x82, 0xB9, 0x45, 0x31, 0x37, 0xE6,
-	0x97, 0xA5, 0x45, 0x31, 0x37, 0xE7, 0x82, 0xB9,
-	0x45, 0x31, 0x38, 0xE6, 0x97, 0xA5, 0x45, 0x31,
-	// Bytes 2200 - 223f
-	0x38, 0xE7, 0x82, 0xB9, 0x45, 0x31, 0x39, 0xE6,
-	0x97, 0xA5, 0x45, 0x31, 0x39, 0xE7, 0x82, 0xB9,
-	0x45, 0x31, 0xE2, 0x81, 0x84, 0x32, 0x45, 0x31,
-	0xE2, 0x81, 0x84, 0x33, 0x45, 0x31, 0xE2, 0x81,
-	0x84, 0x34, 0x45, 0x31, 0xE2, 0x81, 0x84, 0x35,
-	0x45, 0x31, 0xE2, 0x81, 0x84, 0x36, 0x45, 0x31,
-	0xE2, 0x81, 0x84, 0x37, 0x45, 0x31, 0xE2, 0x81,
-	0x84, 0x38, 0x45, 0x31, 0xE2, 0x81, 0x84, 0x39,
-	// Bytes 2240 - 227f
-	0x45, 0x32, 0x30, 0xE6, 0x97, 0xA5, 0x45, 0x32,
-	0x30, 0xE7, 0x82, 0xB9, 0x45, 0x32, 0x31, 0xE6,
-	0x97, 0xA5, 0x45, 0x32, 0x31, 0xE7, 0x82, 0xB9,
-	0x45, 0x32, 0x32, 0xE6, 0x97, 0xA5, 0x45, 0x32,
-	0x32, 0xE7, 0x82, 0xB9, 0x45, 0x32, 0x33, 0xE6,
-	0x97, 0xA5, 0x45, 0x32, 0x33, 0xE7, 0x82, 0xB9,
-	0x45, 0x32, 0x34, 0xE6, 0x97, 0xA5, 0x45, 0x32,
-	0x34, 0xE7, 0x82, 0xB9, 0x45, 0x32, 0x35, 0xE6,
-	// Bytes 2280 - 22bf
-	0x97, 0xA5, 0x45, 0x32, 0x36, 0xE6, 0x97, 0xA5,
-	0x45, 0x32, 0x37, 0xE6, 0x97, 0xA5, 0x45, 0x32,
-	0x38, 0xE6, 0x97, 0xA5, 0x45, 0x32, 0x39, 0xE6,
-	0x97, 0xA5, 0x45, 0x32, 0xE2, 0x81, 0x84, 0x33,
-	0x45, 0x32, 0xE2, 0x81, 0x84, 0x35, 0x45, 0x33,
-	0x30, 0xE6, 0x97, 0xA5, 0x45, 0x33, 0x31, 0xE6,
-	0x97, 0xA5, 0x45, 0x33, 0xE2, 0x81, 0x84, 0x34,
-	0x45, 0x33, 0xE2, 0x81, 0x84, 0x35, 0x45, 0x33,
-	// Bytes 22c0 - 22ff
-	0xE2, 0x81, 0x84, 0x38, 0x45, 0x34, 0xE2, 0x81,
-	0x84, 0x35, 0x45, 0x35, 0xE2, 0x81, 0x84, 0x36,
-	0x45, 0x35, 0xE2, 0x81, 0x84, 0x38, 0x45, 0x37,
-	0xE2, 0x81, 0x84, 0x38, 0x45, 0x41, 0xE2, 0x88,
-	0x95, 0x6D, 0x45, 0x56, 0xE2, 0x88, 0x95, 0x6D,
-	0x45, 0x6D, 0xE2, 0x88, 0x95, 0x73, 0x46, 0x31,
-	0xE2, 0x81, 0x84, 0x31, 0x30, 0x46, 0x43, 0xE2,
-	0x88, 0x95, 0x6B, 0x67, 0x46, 0x6D, 0xE2, 0x88,
-	// Bytes 2300 - 233f
-	0x95, 0x73, 0x32, 0x46, 0xD8, 0xA8, 0xD8, 0xAD,
-	0xD9, 0x8A, 0x46, 0xD8, 0xA8, 0xD8, 0xAE, 0xD9,
-	0x8A, 0x46, 0xD8, 0xAA, 0xD8, 0xAC, 0xD9, 0x85,
-	0x46, 0xD8, 0xAA, 0xD8, 0xAC, 0xD9, 0x89, 0x46,
-	0xD8, 0xAA, 0xD8, 0xAC, 0xD9, 0x8A, 0x46, 0xD8,
-	0xAA, 0xD8, 0xAD, 0xD8, 0xAC, 0x46, 0xD8, 0xAA,
-	0xD8, 0xAD, 0xD9, 0x85, 0x46, 0xD8, 0xAA, 0xD8,
-	0xAE, 0xD9, 0x85, 0x46, 0xD8, 0xAA, 0xD8, 0xAE,
-	// Bytes 2340 - 237f
-	0xD9, 0x89, 0x46, 0xD8, 0xAA, 0xD8, 0xAE, 0xD9,
-	0x8A, 0x46, 0xD8, 0xAA, 0xD9, 0x85, 0xD8, 0xAC,
-	0x46, 0xD8, 0xAA, 0xD9, 0x85, 0xD8, 0xAD, 0x46,
-	0xD8, 0xAA, 0xD9, 0x85, 0xD8, 0xAE, 0x46, 0xD8,
-	0xAA, 0xD9, 0x85, 0xD9, 0x89, 0x46, 0xD8, 0xAA,
-	0xD9, 0x85, 0xD9, 0x8A, 0x46, 0xD8, 0xAC, 0xD8,
-	0xAD, 0xD9, 0x89, 0x46, 0xD8, 0xAC, 0xD8, 0xAD,
-	0xD9, 0x8A, 0x46, 0xD8, 0xAC, 0xD9, 0x85, 0xD8,
-	// Bytes 2380 - 23bf
-	0xAD, 0x46, 0xD8, 0xAC, 0xD9, 0x85, 0xD9, 0x89,
-	0x46, 0xD8, 0xAC, 0xD9, 0x85, 0xD9, 0x8A, 0x46,
-	0xD8, 0xAD, 0xD8, 0xAC, 0xD9, 0x8A, 0x46, 0xD8,
-	0xAD, 0xD9, 0x85, 0xD9, 0x89, 0x46, 0xD8, 0xAD,
-	0xD9, 0x85, 0xD9, 0x8A, 0x46, 0xD8, 0xB3, 0xD8,
-	0xAC, 0xD8, 0xAD, 0x46, 0xD8, 0xB3, 0xD8, 0xAC,
-	0xD9, 0x89, 0x46, 0xD8, 0xB3, 0xD8, 0xAD, 0xD8,
-	0xAC, 0x46, 0xD8, 0xB3, 0xD8, 0xAE, 0xD9, 0x89,
-	// Bytes 23c0 - 23ff
-	0x46, 0xD8, 0xB3, 0xD8, 0xAE, 0xD9, 0x8A, 0x46,
-	0xD8, 0xB3, 0xD9, 0x85, 0xD8, 0xAC, 0x46, 0xD8,
-	0xB3, 0xD9, 0x85, 0xD8, 0xAD, 0x46, 0xD8, 0xB3,
-	0xD9, 0x85, 0xD9, 0x85, 0x46, 0xD8, 0xB4, 0xD8,
-	0xAC, 0xD9, 0x8A, 0x46, 0xD8, 0xB4, 0xD8, 0xAD,
-	0xD9, 0x85, 0x46, 0xD8, 0xB4, 0xD8, 0xAD, 0xD9,
-	0x8A, 0x46, 0xD8, 0xB4, 0xD9, 0x85, 0xD8, 0xAE,
-	0x46, 0xD8, 0xB4, 0xD9, 0x85, 0xD9, 0x85, 0x46,
-	// Bytes 2400 - 243f
-	0xD8, 0xB5, 0xD8, 0xAD, 0xD8, 0xAD, 0x46, 0xD8,
-	0xB5, 0xD8, 0xAD, 0xD9, 0x8A, 0x46, 0xD8, 0xB5,
-	0xD9, 0x84, 0xD9, 0x89, 0x46, 0xD8, 0xB5, 0xD9,
-	0x84, 0xDB, 0x92, 0x46, 0xD8, 0xB5, 0xD9, 0x85,
-	0xD9, 0x85, 0x46, 0xD8, 0xB6, 0xD8, 0xAD, 0xD9,
-	0x89, 0x46, 0xD8, 0xB6, 0xD8, 0xAD, 0xD9, 0x8A,
-	0x46, 0xD8, 0xB6, 0xD8, 0xAE, 0xD9, 0x85, 0x46,
-	0xD8, 0xB7, 0xD9, 0x85, 0xD8, 0xAD, 0x46, 0xD8,
-	// Bytes 2440 - 247f
-	0xB7, 0xD9, 0x85, 0xD9, 0x85, 0x46, 0xD8, 0xB7,
-	0xD9, 0x85, 0xD9, 0x8A, 0x46, 0xD8, 0xB9, 0xD8,
-	0xAC, 0xD9, 0x85, 0x46, 0xD8, 0xB9, 0xD9, 0x85,
-	0xD9, 0x85, 0x46, 0xD8, 0xB9, 0xD9, 0x85, 0xD9,
-	0x89, 0x46, 0xD8, 0xB9, 0xD9, 0x85, 0xD9, 0x8A,
-	0x46, 0xD8, 0xBA, 0xD9, 0x85, 0xD9, 0x85, 0x46,
-	0xD8, 0xBA, 0xD9, 0x85, 0xD9, 0x89, 0x46, 0xD8,
-	0xBA, 0xD9, 0x85, 0xD9, 0x8A, 0x46, 0xD9, 0x81,
-	// Bytes 2480 - 24bf
-	0xD8, 0xAE, 0xD9, 0x85, 0x46, 0xD9, 0x81, 0xD9,
-	0x85, 0xD9, 0x8A, 0x46, 0xD9, 0x82, 0xD9, 0x84,
-	0xDB, 0x92, 0x46, 0xD9, 0x82, 0xD9, 0x85, 0xD8,
-	0xAD, 0x46, 0xD9, 0x82, 0xD9, 0x85, 0xD9, 0x85,
-	0x46, 0xD9, 0x82, 0xD9, 0x85, 0xD9, 0x8A, 0x46,
-	0xD9, 0x83, 0xD9, 0x85, 0xD9, 0x85, 0x46, 0xD9,
-	0x83, 0xD9, 0x85, 0xD9, 0x8A, 0x46, 0xD9, 0x84,
-	0xD8, 0xAC, 0xD8, 0xAC, 0x46, 0xD9, 0x84, 0xD8,
-	// Bytes 24c0 - 24ff
-	0xAC, 0xD9, 0x85, 0x46, 0xD9, 0x84, 0xD8, 0xAC,
-	0xD9, 0x8A, 0x46, 0xD9, 0x84, 0xD8, 0xAD, 0xD9,
-	0x85, 0x46, 0xD9, 0x84, 0xD8, 0xAD, 0xD9, 0x89,
-	0x46, 0xD9, 0x84, 0xD8, 0xAD, 0xD9, 0x8A, 0x46,
-	0xD9, 0x84, 0xD8, 0xAE, 0xD9, 0x85, 0x46, 0xD9,
-	0x84, 0xD9, 0x85, 0xD8, 0xAD, 0x46, 0xD9, 0x84,
-	0xD9, 0x85, 0xD9, 0x8A, 0x46, 0xD9, 0x85, 0xD8,
-	0xAC, 0xD8, 0xAD, 0x46, 0xD9, 0x85, 0xD8, 0xAC,
-	// Bytes 2500 - 253f
-	0xD8, 0xAE, 0x46, 0xD9, 0x85, 0xD8, 0xAC, 0xD9,
-	0x85, 0x46, 0xD9, 0x85, 0xD8, 0xAC, 0xD9, 0x8A,
-	0x46, 0xD9, 0x85, 0xD8, 0xAD, 0xD8, 0xAC, 0x46,
-	0xD9, 0x85, 0xD8, 0xAD, 0xD9, 0x85, 0x46, 0xD9,
-	0x85, 0xD8, 0xAD, 0xD9, 0x8A, 0x46, 0xD9, 0x85,
-	0xD8, 0xAE, 0xD8, 0xAC, 0x46, 0xD9, 0x85, 0xD8,
-	0xAE, 0xD9, 0x85, 0x46, 0xD9, 0x85, 0xD8, 0xAE,
-	0xD9, 0x8A, 0x46, 0xD9, 0x85, 0xD9, 0x85, 0xD9,
-	// Bytes 2540 - 257f
-	0x8A, 0x46, 0xD9, 0x86, 0xD8, 0xAC, 0xD8, 0xAD,
-	0x46, 0xD9, 0x86, 0xD8, 0xAC, 0xD9, 0x85, 0x46,
-	0xD9, 0x86, 0xD8, 0xAC, 0xD9, 0x89, 0x46, 0xD9,
-	0x86, 0xD8, 0xAC, 0xD9, 0x8A, 0x46, 0xD9, 0x86,
-	0xD8, 0xAD, 0xD9, 0x85, 0x46, 0xD9, 0x86, 0xD8,
-	0xAD, 0xD9, 0x89, 0x46, 0xD9, 0x86, 0xD8, 0xAD,
-	0xD9, 0x8A, 0x46, 0xD9, 0x86, 0xD9, 0x85, 0xD9,
-	0x89, 0x46, 0xD9, 0x86, 0xD9, 0x85, 0xD9, 0x8A,
-	// Bytes 2580 - 25bf
-	0x46, 0xD9, 0x87, 0xD9, 0x85, 0xD8, 0xAC, 0x46,
-	0xD9, 0x87, 0xD9, 0x85, 0xD9, 0x85, 0x46, 0xD9,
-	0x8A, 0xD8, 0xAC, 0xD9, 0x8A, 0x46, 0xD9, 0x8A,
-	0xD8, 0xAD, 0xD9, 0x8A, 0x46, 0xD9, 0x8A, 0xD9,
-	0x85, 0xD9, 0x85, 0x46, 0xD9, 0x8A, 0xD9, 0x85,
-	0xD9, 0x8A, 0x46, 0xD9, 0x8A, 0xD9, 0x94, 0xD8,
-	0xA7, 0x46, 0xD9, 0x8A, 0xD9, 0x94, 0xD8, 0xAC,
-	0x46, 0xD9, 0x8A, 0xD9, 0x94, 0xD8, 0xAD, 0x46,
-	// Bytes 25c0 - 25ff
-	0xD9, 0x8A, 0xD9, 0x94, 0xD8, 0xAE, 0x46, 0xD9,
-	0x8A, 0xD9, 0x94, 0xD8, 0xB1, 0x46, 0xD9, 0x8A,
-	0xD9, 0x94, 0xD8, 0xB2, 0x46, 0xD9, 0x8A, 0xD9,
-	0x94, 0xD9, 0x85, 0x46, 0xD9, 0x8A, 0xD9, 0x94,
-	0xD9, 0x86, 0x46, 0xD9, 0x8A, 0xD9, 0x94, 0xD9,
-	0x87, 0x46, 0xD9, 0x8A, 0xD9, 0x94, 0xD9, 0x88,
-	0x46, 0xD9, 0x8A, 0xD9, 0x94, 0xD9, 0x89, 0x46,
-	0xD9, 0x8A, 0xD9, 0x94, 0xD9, 0x8A, 0x46, 0xD9,
-	// Bytes 2600 - 263f
-	0x8A, 0xD9, 0x94, 0xDB, 0x86, 0x46, 0xD9, 0x8A,
-	0xD9, 0x94, 0xDB, 0x87, 0x46, 0xD9, 0x8A, 0xD9,
-	0x94, 0xDB, 0x88, 0x46, 0xD9, 0x8A, 0xD9, 0x94,
-	0xDB, 0x90, 0x46, 0xD9, 0x8A, 0xD9, 0x94, 0xDB,
-	0x95, 0x46, 0xE0, 0xB9, 0x8D, 0xE0, 0xB8, 0xB2,
-	0x46, 0xE0, 0xBA, 0xAB, 0xE0, 0xBA, 0x99, 0x46,
-	0xE0, 0xBA, 0xAB, 0xE0, 0xBA, 0xA1, 0x46, 0xE0,
-	0xBB, 0x8D, 0xE0, 0xBA, 0xB2, 0x46, 0xE0, 0xBD,
-	// Bytes 2640 - 267f
-	0x80, 0xE0, 0xBE, 0xB5, 0x46, 0xE0, 0xBD, 0x82,
-	0xE0, 0xBE, 0xB7, 0x46, 0xE0, 0xBD, 0x8C, 0xE0,
-	0xBE, 0xB7, 0x46, 0xE0, 0xBD, 0x91, 0xE0, 0xBE,
-	0xB7, 0x46, 0xE0, 0xBD, 0x96, 0xE0, 0xBE, 0xB7,
-	0x46, 0xE0, 0xBD, 0x9B, 0xE0, 0xBE, 0xB7, 0x46,
-	0xE0, 0xBE, 0x90, 0xE0, 0xBE, 0xB5, 0x46, 0xE0,
-	0xBE, 0x92, 0xE0, 0xBE, 0xB7, 0x46, 0xE0, 0xBE,
-	0x9C, 0xE0, 0xBE, 0xB7, 0x46, 0xE0, 0xBE, 0xA1,
-	// Bytes 2680 - 26bf
-	0xE0, 0xBE, 0xB7, 0x46, 0xE0, 0xBE, 0xA6, 0xE0,
-	0xBE, 0xB7, 0x46, 0xE0, 0xBE, 0xAB, 0xE0, 0xBE,
-	0xB7, 0x46, 0xE2, 0x80, 0xB2, 0xE2, 0x80, 0xB2,
-	0x46, 0xE2, 0x80, 0xB5, 0xE2, 0x80, 0xB5, 0x46,
-	0xE2, 0x88, 0xAB, 0xE2, 0x88, 0xAB, 0x46, 0xE2,
-	0x88, 0xAE, 0xE2, 0x88, 0xAE, 0x46, 0xE3, 0x81,
-	0xBB, 0xE3, 0x81, 0x8B, 0x46, 0xE3, 0x82, 0x88,
-	0xE3, 0x82, 0x8A, 0x46, 0xE3, 0x82, 0xAD, 0xE3,
-	// Bytes 26c0 - 26ff
-	0x83, 0xAD, 0x46, 0xE3, 0x82, 0xB3, 0xE3, 0x82,
-	0xB3, 0x46, 0xE3, 0x82, 0xB3, 0xE3, 0x83, 0x88,
-	0x46, 0xE3, 0x83, 0x88, 0xE3, 0x83, 0xB3, 0x46,
-	0xE3, 0x83, 0x8A, 0xE3, 0x83, 0x8E, 0x46, 0xE3,
-	0x83, 0x9B, 0xE3, 0x83, 0xB3, 0x46, 0xE3, 0x83,
-	0x9F, 0xE3, 0x83, 0xAA, 0x46, 0xE3, 0x83, 0xAA,
-	0xE3, 0x83, 0xA9, 0x46, 0xE3, 0x83, 0xAC, 0xE3,
-	0x83, 0xA0, 0x46, 0xE5, 0xA4, 0xA7, 0xE6, 0xAD,
-	// Bytes 2700 - 273f
-	0xA3, 0x46, 0xE5, 0xB9, 0xB3, 0xE6, 0x88, 0x90,
-	0x46, 0xE6, 0x98, 0x8E, 0xE6, 0xB2, 0xBB, 0x46,
-	0xE6, 0x98, 0xAD, 0xE5, 0x92, 0x8C, 0x47, 0x72,
-	0x61, 0x64, 0xE2, 0x88, 0x95, 0x73, 0x47, 0xE3,
-	0x80, 0x94, 0x53, 0xE3, 0x80, 0x95, 0x48, 0x28,
-	0xE1, 0x84, 0x80, 0xE1, 0x85, 0xA1, 0x29, 0x48,
-	0x28, 0xE1, 0x84, 0x82, 0xE1, 0x85, 0xA1, 0x29,
-	0x48, 0x28, 0xE1, 0x84, 0x83, 0xE1, 0x85, 0xA1,
-	// Bytes 2740 - 277f
-	0x29, 0x48, 0x28, 0xE1, 0x84, 0x85, 0xE1, 0x85,
-	0xA1, 0x29, 0x48, 0x28, 0xE1, 0x84, 0x86, 0xE1,
-	0x85, 0xA1, 0x29, 0x48, 0x28, 0xE1, 0x84, 0x87,
-	0xE1, 0x85, 0xA1, 0x29, 0x48, 0x28, 0xE1, 0x84,
-	0x89, 0xE1, 0x85, 0xA1, 0x29, 0x48, 0x28, 0xE1,
-	0x84, 0x8B, 0xE1, 0x85, 0xA1, 0x29, 0x48, 0x28,
-	0xE1, 0x84, 0x8C, 0xE1, 0x85, 0xA1, 0x29, 0x48,
-	0x28, 0xE1, 0x84, 0x8C, 0xE1, 0x85, 0xAE, 0x29,
-	// Bytes 2780 - 27bf
-	0x48, 0x28, 0xE1, 0x84, 0x8E, 0xE1, 0x85, 0xA1,
-	0x29, 0x48, 0x28, 0xE1, 0x84, 0x8F, 0xE1, 0x85,
-	0xA1, 0x29, 0x48, 0x28, 0xE1, 0x84, 0x90, 0xE1,
-	0x85, 0xA1, 0x29, 0x48, 0x28, 0xE1, 0x84, 0x91,
-	0xE1, 0x85, 0xA1, 0x29, 0x48, 0x28, 0xE1, 0x84,
-	0x92, 0xE1, 0x85, 0xA1, 0x29, 0x48, 0x72, 0x61,
-	0x64, 0xE2, 0x88, 0x95, 0x73, 0x32, 0x48, 0xD8,
-	0xA7, 0xD9, 0x83, 0xD8, 0xA8, 0xD8, 0xB1, 0x48,
-	// Bytes 27c0 - 27ff
-	0xD8, 0xA7, 0xD9, 0x84, 0xD9, 0x84, 0xD9, 0x87,
-	0x48, 0xD8, 0xB1, 0xD8, 0xB3, 0xD9, 0x88, 0xD9,
-	0x84, 0x48, 0xD8, 0xB1, 0xDB, 0x8C, 0xD8, 0xA7,
-	0xD9, 0x84, 0x48, 0xD8, 0xB5, 0xD9, 0x84, 0xD8,
-	0xB9, 0xD9, 0x85, 0x48, 0xD8, 0xB9, 0xD9, 0x84,
-	0xD9, 0x8A, 0xD9, 0x87, 0x48, 0xD9, 0x85, 0xD8,
-	0xAD, 0xD9, 0x85, 0xD8, 0xAF, 0x48, 0xD9, 0x88,
-	0xD8, 0xB3, 0xD9, 0x84, 0xD9, 0x85, 0x49, 0xE2,
-	// Bytes 2800 - 283f
-	0x80, 0xB2, 0xE2, 0x80, 0xB2, 0xE2, 0x80, 0xB2,
-	0x49, 0xE2, 0x80, 0xB5, 0xE2, 0x80, 0xB5, 0xE2,
-	0x80, 0xB5, 0x49, 0xE2, 0x88, 0xAB, 0xE2, 0x88,
-	0xAB, 0xE2, 0x88, 0xAB, 0x49, 0xE2, 0x88, 0xAE,
-	0xE2, 0x88, 0xAE, 0xE2, 0x88, 0xAE, 0x49, 0xE3,
-	0x80, 0x94, 0xE4, 0xB8, 0x89, 0xE3, 0x80, 0x95,
-	0x49, 0xE3, 0x80, 0x94, 0xE4, 0xBA, 0x8C, 0xE3,
-	0x80, 0x95, 0x49, 0xE3, 0x80, 0x94, 0xE5, 0x8B,
-	// Bytes 2840 - 287f
-	0x9D, 0xE3, 0x80, 0x95, 0x49, 0xE3, 0x80, 0x94,
-	0xE5, 0xAE, 0x89, 0xE3, 0x80, 0x95, 0x49, 0xE3,
-	0x80, 0x94, 0xE6, 0x89, 0x93, 0xE3, 0x80, 0x95,
-	0x49, 0xE3, 0x80, 0x94, 0xE6, 0x95, 0x97, 0xE3,
-	0x80, 0x95, 0x49, 0xE3, 0x80, 0x94, 0xE6, 0x9C,
-	0xAC, 0xE3, 0x80, 0x95, 0x49, 0xE3, 0x80, 0x94,
-	0xE7, 0x82, 0xB9, 0xE3, 0x80, 0x95, 0x49, 0xE3,
-	0x80, 0x94, 0xE7, 0x9B, 0x97, 0xE3, 0x80, 0x95,
-	// Bytes 2880 - 28bf
-	0x49, 0xE3, 0x82, 0xA2, 0xE3, 0x83, 0xBC, 0xE3,
-	0x83, 0xAB, 0x49, 0xE3, 0x82, 0xA4, 0xE3, 0x83,
-	0xB3, 0xE3, 0x83, 0x81, 0x49, 0xE3, 0x82, 0xA6,
-	0xE3, 0x82, 0xA9, 0xE3, 0x83, 0xB3, 0x49, 0xE3,
-	0x82, 0xAA, 0xE3, 0x83, 0xB3, 0xE3, 0x82, 0xB9,
-	0x49, 0xE3, 0x82, 0xAA, 0xE3, 0x83, 0xBC, 0xE3,
-	0x83, 0xA0, 0x49, 0xE3, 0x82, 0xAB, 0xE3, 0x82,
-	0xA4, 0xE3, 0x83, 0xAA, 0x49, 0xE3, 0x82, 0xB1,
-	// Bytes 28c0 - 28ff
-	0xE3, 0x83, 0xBC, 0xE3, 0x82, 0xB9, 0x49, 0xE3,
-	0x82, 0xB3, 0xE3, 0x83, 0xAB, 0xE3, 0x83, 0x8A,
-	0x49, 0xE3, 0x82, 0xBB, 0xE3, 0x83, 0xB3, 0xE3,
-	0x83, 0x81, 0x49, 0xE3, 0x82, 0xBB, 0xE3, 0x83,
-	0xB3, 0xE3, 0x83, 0x88, 0x49, 0xE3, 0x83, 0x86,
-	0xE3, 0x82, 0x99, 0xE3, 0x82, 0xB7, 0x49, 0xE3,
-	0x83, 0x88, 0xE3, 0x82, 0x99, 0xE3, 0x83, 0xAB,
-	0x49, 0xE3, 0x83, 0x8E, 0xE3, 0x83, 0x83, 0xE3,
-	// Bytes 2900 - 293f
-	0x83, 0x88, 0x49, 0xE3, 0x83, 0x8F, 0xE3, 0x82,
-	0xA4, 0xE3, 0x83, 0x84, 0x49, 0xE3, 0x83, 0x92,
-	0xE3, 0x82, 0x99, 0xE3, 0x83, 0xAB, 0x49, 0xE3,
-	0x83, 0x92, 0xE3, 0x82, 0x9A, 0xE3, 0x82, 0xB3,
-	0x49, 0xE3, 0x83, 0x95, 0xE3, 0x83, 0xA9, 0xE3,
-	0x83, 0xB3, 0x49, 0xE3, 0x83, 0x98, 0xE3, 0x82,
-	0x9A, 0xE3, 0x82, 0xBD, 0x49, 0xE3, 0x83, 0x98,
-	0xE3, 0x83, 0xAB, 0xE3, 0x83, 0x84, 0x49, 0xE3,
-	// Bytes 2940 - 297f
-	0x83, 0x9B, 0xE3, 0x83, 0xBC, 0xE3, 0x83, 0xAB,
-	0x49, 0xE3, 0x83, 0x9B, 0xE3, 0x83, 0xBC, 0xE3,
-	0x83, 0xB3, 0x49, 0xE3, 0x83, 0x9E, 0xE3, 0x82,
-	0xA4, 0xE3, 0x83, 0xAB, 0x49, 0xE3, 0x83, 0x9E,
-	0xE3, 0x83, 0x83, 0xE3, 0x83, 0x8F, 0x49, 0xE3,
-	0x83, 0x9E, 0xE3, 0x83, 0xAB, 0xE3, 0x82, 0xAF,
-	0x49, 0xE3, 0x83, 0xA4, 0xE3, 0x83, 0xBC, 0xE3,
-	0x83, 0xAB, 0x49, 0xE3, 0x83, 0xA6, 0xE3, 0x82,
-	// Bytes 2980 - 29bf
-	0xA2, 0xE3, 0x83, 0xB3, 0x49, 0xE3, 0x83, 0xAF,
-	0xE3, 0x83, 0x83, 0xE3, 0x83, 0x88, 0x4C, 0xE2,
-	0x80, 0xB2, 0xE2, 0x80, 0xB2, 0xE2, 0x80, 0xB2,
-	0xE2, 0x80, 0xB2, 0x4C, 0xE2, 0x88, 0xAB, 0xE2,
-	0x88, 0xAB, 0xE2, 0x88, 0xAB, 0xE2, 0x88, 0xAB,
-	0x4C, 0xE3, 0x82, 0xA2, 0xE3, 0x83, 0xAB, 0xE3,
-	0x83, 0x95, 0xE3, 0x82, 0xA1, 0x4C, 0xE3, 0x82,
-	0xA8, 0xE3, 0x83, 0xBC, 0xE3, 0x82, 0xAB, 0xE3,
-	// Bytes 29c0 - 29ff
-	0x83, 0xBC, 0x4C, 0xE3, 0x82, 0xAB, 0xE3, 0x82,
-	0x99, 0xE3, 0x83, 0xAD, 0xE3, 0x83, 0xB3, 0x4C,
-	0xE3, 0x82, 0xAB, 0xE3, 0x82, 0x99, 0xE3, 0x83,
-	0xB3, 0xE3, 0x83, 0x9E, 0x4C, 0xE3, 0x82, 0xAB,
-	0xE3, 0x83, 0xA9, 0xE3, 0x83, 0x83, 0xE3, 0x83,
-	0x88, 0x4C, 0xE3, 0x82, 0xAB, 0xE3, 0x83, 0xAD,
-	0xE3, 0x83, 0xAA, 0xE3, 0x83, 0xBC, 0x4C, 0xE3,
-	0x82, 0xAD, 0xE3, 0x82, 0x99, 0xE3, 0x83, 0x8B,
-	// Bytes 2a00 - 2a3f
-	0xE3, 0x83, 0xBC, 0x4C, 0xE3, 0x82, 0xAD, 0xE3,
-	0x83, 0xA5, 0xE3, 0x83, 0xAA, 0xE3, 0x83, 0xBC,
-	0x4C, 0xE3, 0x82, 0xAF, 0xE3, 0x82, 0x99, 0xE3,
-	0x83, 0xA9, 0xE3, 0x83, 0xA0, 0x4C, 0xE3, 0x82,
-	0xAF, 0xE3, 0x83, 0xAD, 0xE3, 0x83, 0xBC, 0xE3,
-	0x83, 0x8D, 0x4C, 0xE3, 0x82, 0xB5, 0xE3, 0x82,
-	0xA4, 0xE3, 0x82, 0xAF, 0xE3, 0x83, 0xAB, 0x4C,
-	0xE3, 0x82, 0xBF, 0xE3, 0x82, 0x99, 0xE3, 0x83,
-	// Bytes 2a40 - 2a7f
-	0xBC, 0xE3, 0x82, 0xB9, 0x4C, 0xE3, 0x83, 0x8F,
-	0xE3, 0x82, 0x9A, 0xE3, 0x83, 0xBC, 0xE3, 0x83,
-	0x84, 0x4C, 0xE3, 0x83, 0x92, 0xE3, 0x82, 0x9A,
-	0xE3, 0x82, 0xAF, 0xE3, 0x83, 0xAB, 0x4C, 0xE3,
-	0x83, 0x95, 0xE3, 0x82, 0xA3, 0xE3, 0x83, 0xBC,
-	0xE3, 0x83, 0x88, 0x4C, 0xE3, 0x83, 0x98, 0xE3,
-	0x82, 0x99, 0xE3, 0x83, 0xBC, 0xE3, 0x82, 0xBF,
-	0x4C, 0xE3, 0x83, 0x98, 0xE3, 0x82, 0x9A, 0xE3,
-	// Bytes 2a80 - 2abf
-	0x83, 0x8B, 0xE3, 0x83, 0x92, 0x4C, 0xE3, 0x83,
-	0x98, 0xE3, 0x82, 0x9A, 0xE3, 0x83, 0xB3, 0xE3,
-	0x82, 0xB9, 0x4C, 0xE3, 0x83, 0x9B, 0xE3, 0x82,
-	0x99, 0xE3, 0x83, 0xAB, 0xE3, 0x83, 0x88, 0x4C,
-	0xE3, 0x83, 0x9E, 0xE3, 0x82, 0xA4, 0xE3, 0x82,
-	0xAF, 0xE3, 0x83, 0xAD, 0x4C, 0xE3, 0x83, 0x9F,
-	0xE3, 0x82, 0xAF, 0xE3, 0x83, 0xAD, 0xE3, 0x83,
-	0xB3, 0x4C, 0xE3, 0x83, 0xA1, 0xE3, 0x83, 0xBC,
-	// Bytes 2ac0 - 2aff
-	0xE3, 0x83, 0x88, 0xE3, 0x83, 0xAB, 0x4C, 0xE3,
-	0x83, 0xAA, 0xE3, 0x83, 0x83, 0xE3, 0x83, 0x88,
-	0xE3, 0x83, 0xAB, 0x4C, 0xE3, 0x83, 0xAB, 0xE3,
-	0x83, 0x92, 0xE3, 0x82, 0x9A, 0xE3, 0x83, 0xBC,
-	0x4C, 0xE6, 0xA0, 0xAA, 0xE5, 0xBC, 0x8F, 0xE4,
-	0xBC, 0x9A, 0xE7, 0xA4, 0xBE, 0x4E, 0x28, 0xE1,
-	0x84, 0x8B, 0xE1, 0x85, 0xA9, 0xE1, 0x84, 0x92,
-	0xE1, 0x85, 0xAE, 0x29, 0x4F, 0xD8, 0xAC, 0xD9,
-	// Bytes 2b00 - 2b3f
-	0x84, 0x20, 0xD8, 0xAC, 0xD9, 0x84, 0xD8, 0xA7,
-	0xD9, 0x84, 0xD9, 0x87, 0x4F, 0xE3, 0x82, 0xA2,
-	0xE3, 0x83, 0x8F, 0xE3, 0x82, 0x9A, 0xE3, 0x83,
-	0xBC, 0xE3, 0x83, 0x88, 0x4F, 0xE3, 0x82, 0xA2,
-	0xE3, 0x83, 0xB3, 0xE3, 0x83, 0x98, 0xE3, 0x82,
-	0x9A, 0xE3, 0x82, 0xA2, 0x4F, 0xE3, 0x82, 0xAD,
-	0xE3, 0x83, 0xAD, 0xE3, 0x83, 0xAF, 0xE3, 0x83,
-	0x83, 0xE3, 0x83, 0x88, 0x4F, 0xE3, 0x82, 0xB5,
-	// Bytes 2b40 - 2b7f
-	0xE3, 0x83, 0xB3, 0xE3, 0x83, 0x81, 0xE3, 0x83,
-	0xBC, 0xE3, 0x83, 0xA0, 0x4F, 0xE3, 0x83, 0x8F,
-	0xE3, 0x82, 0x99, 0xE3, 0x83, 0xBC, 0xE3, 0x83,
-	0xAC, 0xE3, 0x83, 0xAB, 0x4F, 0xE3, 0x83, 0x98,
-	0xE3, 0x82, 0xAF, 0xE3, 0x82, 0xBF, 0xE3, 0x83,
-	0xBC, 0xE3, 0x83, 0xAB, 0x4F, 0xE3, 0x83, 0x9B,
-	0xE3, 0x82, 0x9A, 0xE3, 0x82, 0xA4, 0xE3, 0x83,
-	0xB3, 0xE3, 0x83, 0x88, 0x4F, 0xE3, 0x83, 0x9E,
-	// Bytes 2b80 - 2bbf
-	0xE3, 0x83, 0xB3, 0xE3, 0x82, 0xB7, 0xE3, 0x83,
-	0xA7, 0xE3, 0x83, 0xB3, 0x4F, 0xE3, 0x83, 0xA1,
-	0xE3, 0x82, 0xAB, 0xE3, 0x82, 0x99, 0xE3, 0x83,
-	0x88, 0xE3, 0x83, 0xB3, 0x4F, 0xE3, 0x83, 0xAB,
-	0xE3, 0x83, 0xBC, 0xE3, 0x83, 0x95, 0xE3, 0x82,
-	0x99, 0xE3, 0x83, 0xAB, 0x51, 0x28, 0xE1, 0x84,
-	0x8B, 0xE1, 0x85, 0xA9, 0xE1, 0x84, 0x8C, 0xE1,
-	0x85, 0xA5, 0xE1, 0x86, 0xAB, 0x29, 0x52, 0xE3,
-	// Bytes 2bc0 - 2bff
-	0x82, 0xAD, 0xE3, 0x82, 0x99, 0xE3, 0x83, 0xAB,
-	0xE3, 0x82, 0xBF, 0xE3, 0x82, 0x99, 0xE3, 0x83,
-	0xBC, 0x52, 0xE3, 0x82, 0xAD, 0xE3, 0x83, 0xAD,
-	0xE3, 0x82, 0xAF, 0xE3, 0x82, 0x99, 0xE3, 0x83,
-	0xA9, 0xE3, 0x83, 0xA0, 0x52, 0xE3, 0x82, 0xAD,
-	0xE3, 0x83, 0xAD, 0xE3, 0x83, 0xA1, 0xE3, 0x83,
-	0xBC, 0xE3, 0x83, 0x88, 0xE3, 0x83, 0xAB, 0x52,
-	0xE3, 0x82, 0xAF, 0xE3, 0x82, 0x99, 0xE3, 0x83,
-	// Bytes 2c00 - 2c3f
-	0xA9, 0xE3, 0x83, 0xA0, 0xE3, 0x83, 0x88, 0xE3,
-	0x83, 0xB3, 0x52, 0xE3, 0x82, 0xAF, 0xE3, 0x83,
-	0xAB, 0xE3, 0x82, 0xBB, 0xE3, 0x82, 0x99, 0xE3,
-	0x82, 0xA4, 0xE3, 0x83, 0xAD, 0x52, 0xE3, 0x83,
-	0x8F, 0xE3, 0x82, 0x9A, 0xE3, 0x83, 0xBC, 0xE3,
-	0x82, 0xBB, 0xE3, 0x83, 0xB3, 0xE3, 0x83, 0x88,
-	0x52, 0xE3, 0x83, 0x92, 0xE3, 0x82, 0x9A, 0xE3,
-	0x82, 0xA2, 0xE3, 0x82, 0xB9, 0xE3, 0x83, 0x88,
-	// Bytes 2c40 - 2c7f
-	0xE3, 0x83, 0xAB, 0x52, 0xE3, 0x83, 0x95, 0xE3,
-	0x82, 0x99, 0xE3, 0x83, 0x83, 0xE3, 0x82, 0xB7,
-	0xE3, 0x82, 0xA7, 0xE3, 0x83, 0xAB, 0x52, 0xE3,
-	0x83, 0x9F, 0xE3, 0x83, 0xAA, 0xE3, 0x83, 0x8F,
-	0xE3, 0x82, 0x99, 0xE3, 0x83, 0xBC, 0xE3, 0x83,
-	0xAB, 0x52, 0xE3, 0x83, 0xAC, 0xE3, 0x83, 0xB3,
-	0xE3, 0x83, 0x88, 0xE3, 0x82, 0xB1, 0xE3, 0x82,
-	0x99, 0xE3, 0x83, 0xB3, 0x61, 0xD8, 0xB5, 0xD9,
-	// Bytes 2c80 - 2cbf
-	0x84, 0xD9, 0x89, 0x20, 0xD8, 0xA7, 0xD9, 0x84,
-	0xD9, 0x84, 0xD9, 0x87, 0x20, 0xD8, 0xB9, 0xD9,
-	0x84, 0xD9, 0x8A, 0xD9, 0x87, 0x20, 0xD9, 0x88,
-	0xD8, 0xB3, 0xD9, 0x84, 0xD9, 0x85, 0x06, 0xE0,
-	0xA7, 0x87, 0xE0, 0xA6, 0xBE, 0x01, 0x06, 0xE0,
-	0xA7, 0x87, 0xE0, 0xA7, 0x97, 0x01, 0x06, 0xE0,
-	0xAD, 0x87, 0xE0, 0xAC, 0xBE, 0x01, 0x06, 0xE0,
-	0xAD, 0x87, 0xE0, 0xAD, 0x96, 0x01, 0x06, 0xE0,
-	// Bytes 2cc0 - 2cff
-	0xAD, 0x87, 0xE0, 0xAD, 0x97, 0x01, 0x06, 0xE0,
-	0xAE, 0x92, 0xE0, 0xAF, 0x97, 0x01, 0x06, 0xE0,
-	0xAF, 0x86, 0xE0, 0xAE, 0xBE, 0x01, 0x06, 0xE0,
-	0xAF, 0x86, 0xE0, 0xAF, 0x97, 0x01, 0x06, 0xE0,
-	0xAF, 0x87, 0xE0, 0xAE, 0xBE, 0x01, 0x06, 0xE0,
-	0xB2, 0xBF, 0xE0, 0xB3, 0x95, 0x01, 0x06, 0xE0,
-	0xB3, 0x86, 0xE0, 0xB3, 0x95, 0x01, 0x06, 0xE0,
-	0xB3, 0x86, 0xE0, 0xB3, 0x96, 0x01, 0x06, 0xE0,
-	// Bytes 2d00 - 2d3f
-	0xB5, 0x86, 0xE0, 0xB4, 0xBE, 0x01, 0x06, 0xE0,
-	0xB5, 0x86, 0xE0, 0xB5, 0x97, 0x01, 0x06, 0xE0,
-	0xB5, 0x87, 0xE0, 0xB4, 0xBE, 0x01, 0x06, 0xE0,
-	0xB7, 0x99, 0xE0, 0xB7, 0x9F, 0x01, 0x06, 0xE1,
-	0x80, 0xA5, 0xE1, 0x80, 0xAE, 0x01, 0x06, 0xE1,
-	0xAC, 0x85, 0xE1, 0xAC, 0xB5, 0x01, 0x06, 0xE1,
-	0xAC, 0x87, 0xE1, 0xAC, 0xB5, 0x01, 0x06, 0xE1,
-	0xAC, 0x89, 0xE1, 0xAC, 0xB5, 0x01, 0x06, 0xE1,
-	// Bytes 2d40 - 2d7f
-	0xAC, 0x8B, 0xE1, 0xAC, 0xB5, 0x01, 0x06, 0xE1,
-	0xAC, 0x8D, 0xE1, 0xAC, 0xB5, 0x01, 0x06, 0xE1,
-	0xAC, 0x91, 0xE1, 0xAC, 0xB5, 0x01, 0x06, 0xE1,
-	0xAC, 0xBA, 0xE1, 0xAC, 0xB5, 0x01, 0x06, 0xE1,
-	0xAC, 0xBC, 0xE1, 0xAC, 0xB5, 0x01, 0x06, 0xE1,
-	0xAC, 0xBE, 0xE1, 0xAC, 0xB5, 0x01, 0x06, 0xE1,
-	0xAC, 0xBF, 0xE1, 0xAC, 0xB5, 0x01, 0x06, 0xE1,
-	0xAD, 0x82, 0xE1, 0xAC, 0xB5, 0x01, 0x08, 0xF0,
-	// Bytes 2d80 - 2dbf
-	0x91, 0x84, 0xB1, 0xF0, 0x91, 0x84, 0xA7, 0x01,
-	0x08, 0xF0, 0x91, 0x84, 0xB2, 0xF0, 0x91, 0x84,
-	0xA7, 0x01, 0x08, 0xF0, 0x91, 0x8D, 0x87, 0xF0,
-	0x91, 0x8C, 0xBE, 0x01, 0x08, 0xF0, 0x91, 0x8D,
-	0x87, 0xF0, 0x91, 0x8D, 0x97, 0x01, 0x08, 0xF0,
-	0x91, 0x92, 0xB9, 0xF0, 0x91, 0x92, 0xB0, 0x01,
-	0x08, 0xF0, 0x91, 0x92, 0xB9, 0xF0, 0x91, 0x92,
-	0xBA, 0x01, 0x08, 0xF0, 0x91, 0x92, 0xB9, 0xF0,
-	// Bytes 2dc0 - 2dff
-	0x91, 0x92, 0xBD, 0x01, 0x08, 0xF0, 0x91, 0x96,
-	0xB8, 0xF0, 0x91, 0x96, 0xAF, 0x01, 0x08, 0xF0,
-	0x91, 0x96, 0xB9, 0xF0, 0x91, 0x96, 0xAF, 0x01,
-	0x09, 0xE0, 0xB3, 0x86, 0xE0, 0xB3, 0x82, 0xE0,
-	0xB3, 0x95, 0x02, 0x09, 0xE0, 0xB7, 0x99, 0xE0,
-	0xB7, 0x8F, 0xE0, 0xB7, 0x8A, 0x12, 0x44, 0x44,
-	0x5A, 0xCC, 0x8C, 0xC9, 0x44, 0x44, 0x7A, 0xCC,
-	0x8C, 0xC9, 0x44, 0x64, 0x7A, 0xCC, 0x8C, 0xC9,
-	// Bytes 2e00 - 2e3f
-	0x46, 0xD9, 0x84, 0xD8, 0xA7, 0xD9, 0x93, 0xC9,
-	0x46, 0xD9, 0x84, 0xD8, 0xA7, 0xD9, 0x94, 0xC9,
-	0x46, 0xD9, 0x84, 0xD8, 0xA7, 0xD9, 0x95, 0xB5,
-	0x46, 0xE1, 0x84, 0x80, 0xE1, 0x85, 0xA1, 0x01,
-	0x46, 0xE1, 0x84, 0x82, 0xE1, 0x85, 0xA1, 0x01,
-	0x46, 0xE1, 0x84, 0x83, 0xE1, 0x85, 0xA1, 0x01,
-	0x46, 0xE1, 0x84, 0x85, 0xE1, 0x85, 0xA1, 0x01,
-	0x46, 0xE1, 0x84, 0x86, 0xE1, 0x85, 0xA1, 0x01,
-	// Bytes 2e40 - 2e7f
-	0x46, 0xE1, 0x84, 0x87, 0xE1, 0x85, 0xA1, 0x01,
-	0x46, 0xE1, 0x84, 0x89, 0xE1, 0x85, 0xA1, 0x01,
-	0x46, 0xE1, 0x84, 0x8B, 0xE1, 0x85, 0xA1, 0x01,
-	0x46, 0xE1, 0x84, 0x8B, 0xE1, 0x85, 0xAE, 0x01,
-	0x46, 0xE1, 0x84, 0x8C, 0xE1, 0x85, 0xA1, 0x01,
-	0x46, 0xE1, 0x84, 0x8E, 0xE1, 0x85, 0xA1, 0x01,
-	0x46, 0xE1, 0x84, 0x8F, 0xE1, 0x85, 0xA1, 0x01,
-	0x46, 0xE1, 0x84, 0x90, 0xE1, 0x85, 0xA1, 0x01,
-	// Bytes 2e80 - 2ebf
-	0x46, 0xE1, 0x84, 0x91, 0xE1, 0x85, 0xA1, 0x01,
-	0x46, 0xE1, 0x84, 0x92, 0xE1, 0x85, 0xA1, 0x01,
-	0x49, 0xE3, 0x83, 0xA1, 0xE3, 0x82, 0xAB, 0xE3,
-	0x82, 0x99, 0x0D, 0x4C, 0xE1, 0x84, 0x8C, 0xE1,
-	0x85, 0xAE, 0xE1, 0x84, 0x8B, 0xE1, 0x85, 0xB4,
-	0x01, 0x4C, 0xE3, 0x82, 0xAD, 0xE3, 0x82, 0x99,
-	0xE3, 0x82, 0xAB, 0xE3, 0x82, 0x99, 0x0D, 0x4C,
-	0xE3, 0x82, 0xB3, 0xE3, 0x83, 0xBC, 0xE3, 0x83,
-	// Bytes 2ec0 - 2eff
-	0x9B, 0xE3, 0x82, 0x9A, 0x0D, 0x4C, 0xE3, 0x83,
-	0xA4, 0xE3, 0x83, 0xBC, 0xE3, 0x83, 0x88, 0xE3,
-	0x82, 0x99, 0x0D, 0x4F, 0xE1, 0x84, 0x8E, 0xE1,
-	0x85, 0xA1, 0xE1, 0x86, 0xB7, 0xE1, 0x84, 0x80,
-	0xE1, 0x85, 0xA9, 0x01, 0x4F, 0xE3, 0x82, 0xA4,
-	0xE3, 0x83, 0x8B, 0xE3, 0x83, 0xB3, 0xE3, 0x82,
-	0xAF, 0xE3, 0x82, 0x99, 0x0D, 0x4F, 0xE3, 0x82,
-	0xB7, 0xE3, 0x83, 0xAA, 0xE3, 0x83, 0xB3, 0xE3,
-	// Bytes 2f00 - 2f3f
-	0x82, 0xAF, 0xE3, 0x82, 0x99, 0x0D, 0x4F, 0xE3,
-	0x83, 0x98, 0xE3, 0x82, 0x9A, 0xE3, 0x83, 0xBC,
-	0xE3, 0x82, 0xB7, 0xE3, 0x82, 0x99, 0x0D, 0x4F,
-	0xE3, 0x83, 0x9B, 0xE3, 0x82, 0x9A, 0xE3, 0x83,
-	0xB3, 0xE3, 0x83, 0x88, 0xE3, 0x82, 0x99, 0x0D,
-	0x52, 0xE3, 0x82, 0xA8, 0xE3, 0x82, 0xB9, 0xE3,
-	0x82, 0xAF, 0xE3, 0x83, 0xBC, 0xE3, 0x83, 0x88,
-	0xE3, 0x82, 0x99, 0x0D, 0x52, 0xE3, 0x83, 0x95,
-	// Bytes 2f40 - 2f7f
-	0xE3, 0x82, 0xA1, 0xE3, 0x83, 0xA9, 0xE3, 0x83,
-	0x83, 0xE3, 0x83, 0x88, 0xE3, 0x82, 0x99, 0x0D,
-	0x86, 0xE0, 0xB3, 0x86, 0xE0, 0xB3, 0x82, 0x01,
-	0x86, 0xE0, 0xB7, 0x99, 0xE0, 0xB7, 0x8F, 0x01,
-	0x03, 0x3C, 0xCC, 0xB8, 0x05, 0x03, 0x3D, 0xCC,
-	0xB8, 0x05, 0x03, 0x3E, 0xCC, 0xB8, 0x05, 0x03,
-	0x41, 0xCC, 0x80, 0xC9, 0x03, 0x41, 0xCC, 0x81,
-	0xC9, 0x03, 0x41, 0xCC, 0x83, 0xC9, 0x03, 0x41,
-	// Bytes 2f80 - 2fbf
-	0xCC, 0x84, 0xC9, 0x03, 0x41, 0xCC, 0x89, 0xC9,
-	0x03, 0x41, 0xCC, 0x8C, 0xC9, 0x03, 0x41, 0xCC,
-	0x8F, 0xC9, 0x03, 0x41, 0xCC, 0x91, 0xC9, 0x03,
-	0x41, 0xCC, 0xA5, 0xB5, 0x03, 0x41, 0xCC, 0xA8,
-	0xA5, 0x03, 0x42, 0xCC, 0x87, 0xC9, 0x03, 0x42,
-	0xCC, 0xA3, 0xB5, 0x03, 0x42, 0xCC, 0xB1, 0xB5,
-	0x03, 0x43, 0xCC, 0x81, 0xC9, 0x03, 0x43, 0xCC,
-	0x82, 0xC9, 0x03, 0x43, 0xCC, 0x87, 0xC9, 0x03,
-	// Bytes 2fc0 - 2fff
-	0x43, 0xCC, 0x8C, 0xC9, 0x03, 0x44, 0xCC, 0x87,
-	0xC9, 0x03, 0x44, 0xCC, 0x8C, 0xC9, 0x03, 0x44,
-	0xCC, 0xA3, 0xB5, 0x03, 0x44, 0xCC, 0xA7, 0xA5,
-	0x03, 0x44, 0xCC, 0xAD, 0xB5, 0x03, 0x44, 0xCC,
-	0xB1, 0xB5, 0x03, 0x45, 0xCC, 0x80, 0xC9, 0x03,
-	0x45, 0xCC, 0x81, 0xC9, 0x03, 0x45, 0xCC, 0x83,
-	0xC9, 0x03, 0x45, 0xCC, 0x86, 0xC9, 0x03, 0x45,
-	0xCC, 0x87, 0xC9, 0x03, 0x45, 0xCC, 0x88, 0xC9,
-	// Bytes 3000 - 303f
-	0x03, 0x45, 0xCC, 0x89, 0xC9, 0x03, 0x45, 0xCC,
-	0x8C, 0xC9, 0x03, 0x45, 0xCC, 0x8F, 0xC9, 0x03,
-	0x45, 0xCC, 0x91, 0xC9, 0x03, 0x45, 0xCC, 0xA8,
-	0xA5, 0x03, 0x45, 0xCC, 0xAD, 0xB5, 0x03, 0x45,
-	0xCC, 0xB0, 0xB5, 0x03, 0x46, 0xCC, 0x87, 0xC9,
-	0x03, 0x47, 0xCC, 0x81, 0xC9, 0x03, 0x47, 0xCC,
-	0x82, 0xC9, 0x03, 0x47, 0xCC, 0x84, 0xC9, 0x03,
-	0x47, 0xCC, 0x86, 0xC9, 0x03, 0x47, 0xCC, 0x87,
-	// Bytes 3040 - 307f
-	0xC9, 0x03, 0x47, 0xCC, 0x8C, 0xC9, 0x03, 0x47,
-	0xCC, 0xA7, 0xA5, 0x03, 0x48, 0xCC, 0x82, 0xC9,
-	0x03, 0x48, 0xCC, 0x87, 0xC9, 0x03, 0x48, 0xCC,
-	0x88, 0xC9, 0x03, 0x48, 0xCC, 0x8C, 0xC9, 0x03,
-	0x48, 0xCC, 0xA3, 0xB5, 0x03, 0x48, 0xCC, 0xA7,
-	0xA5, 0x03, 0x48, 0xCC, 0xAE, 0xB5, 0x03, 0x49,
-	0xCC, 0x80, 0xC9, 0x03, 0x49, 0xCC, 0x81, 0xC9,
-	0x03, 0x49, 0xCC, 0x82, 0xC9, 0x03, 0x49, 0xCC,
-	// Bytes 3080 - 30bf
-	0x83, 0xC9, 0x03, 0x49, 0xCC, 0x84, 0xC9, 0x03,
-	0x49, 0xCC, 0x86, 0xC9, 0x03, 0x49, 0xCC, 0x87,
-	0xC9, 0x03, 0x49, 0xCC, 0x89, 0xC9, 0x03, 0x49,
-	0xCC, 0x8C, 0xC9, 0x03, 0x49, 0xCC, 0x8F, 0xC9,
-	0x03, 0x49, 0xCC, 0x91, 0xC9, 0x03, 0x49, 0xCC,
-	0xA3, 0xB5, 0x03, 0x49, 0xCC, 0xA8, 0xA5, 0x03,
-	0x49, 0xCC, 0xB0, 0xB5, 0x03, 0x4A, 0xCC, 0x82,
-	0xC9, 0x03, 0x4B, 0xCC, 0x81, 0xC9, 0x03, 0x4B,
-	// Bytes 30c0 - 30ff
-	0xCC, 0x8C, 0xC9, 0x03, 0x4B, 0xCC, 0xA3, 0xB5,
-	0x03, 0x4B, 0xCC, 0xA7, 0xA5, 0x03, 0x4B, 0xCC,
-	0xB1, 0xB5, 0x03, 0x4C, 0xCC, 0x81, 0xC9, 0x03,
-	0x4C, 0xCC, 0x8C, 0xC9, 0x03, 0x4C, 0xCC, 0xA7,
-	0xA5, 0x03, 0x4C, 0xCC, 0xAD, 0xB5, 0x03, 0x4C,
-	0xCC, 0xB1, 0xB5, 0x03, 0x4D, 0xCC, 0x81, 0xC9,
-	0x03, 0x4D, 0xCC, 0x87, 0xC9, 0x03, 0x4D, 0xCC,
-	0xA3, 0xB5, 0x03, 0x4E, 0xCC, 0x80, 0xC9, 0x03,
-	// Bytes 3100 - 313f
-	0x4E, 0xCC, 0x81, 0xC9, 0x03, 0x4E, 0xCC, 0x83,
-	0xC9, 0x03, 0x4E, 0xCC, 0x87, 0xC9, 0x03, 0x4E,
-	0xCC, 0x8C, 0xC9, 0x03, 0x4E, 0xCC, 0xA3, 0xB5,
-	0x03, 0x4E, 0xCC, 0xA7, 0xA5, 0x03, 0x4E, 0xCC,
-	0xAD, 0xB5, 0x03, 0x4E, 0xCC, 0xB1, 0xB5, 0x03,
-	0x4F, 0xCC, 0x80, 0xC9, 0x03, 0x4F, 0xCC, 0x81,
-	0xC9, 0x03, 0x4F, 0xCC, 0x86, 0xC9, 0x03, 0x4F,
-	0xCC, 0x89, 0xC9, 0x03, 0x4F, 0xCC, 0x8B, 0xC9,
-	// Bytes 3140 - 317f
-	0x03, 0x4F, 0xCC, 0x8C, 0xC9, 0x03, 0x4F, 0xCC,
-	0x8F, 0xC9, 0x03, 0x4F, 0xCC, 0x91, 0xC9, 0x03,
-	0x50, 0xCC, 0x81, 0xC9, 0x03, 0x50, 0xCC, 0x87,
-	0xC9, 0x03, 0x52, 0xCC, 0x81, 0xC9, 0x03, 0x52,
-	0xCC, 0x87, 0xC9, 0x03, 0x52, 0xCC, 0x8C, 0xC9,
-	0x03, 0x52, 0xCC, 0x8F, 0xC9, 0x03, 0x52, 0xCC,
-	0x91, 0xC9, 0x03, 0x52, 0xCC, 0xA7, 0xA5, 0x03,
-	0x52, 0xCC, 0xB1, 0xB5, 0x03, 0x53, 0xCC, 0x82,
-	// Bytes 3180 - 31bf
-	0xC9, 0x03, 0x53, 0xCC, 0x87, 0xC9, 0x03, 0x53,
-	0xCC, 0xA6, 0xB5, 0x03, 0x53, 0xCC, 0xA7, 0xA5,
-	0x03, 0x54, 0xCC, 0x87, 0xC9, 0x03, 0x54, 0xCC,
-	0x8C, 0xC9, 0x03, 0x54, 0xCC, 0xA3, 0xB5, 0x03,
-	0x54, 0xCC, 0xA6, 0xB5, 0x03, 0x54, 0xCC, 0xA7,
-	0xA5, 0x03, 0x54, 0xCC, 0xAD, 0xB5, 0x03, 0x54,
-	0xCC, 0xB1, 0xB5, 0x03, 0x55, 0xCC, 0x80, 0xC9,
-	0x03, 0x55, 0xCC, 0x81, 0xC9, 0x03, 0x55, 0xCC,
-	// Bytes 31c0 - 31ff
-	0x82, 0xC9, 0x03, 0x55, 0xCC, 0x86, 0xC9, 0x03,
-	0x55, 0xCC, 0x89, 0xC9, 0x03, 0x55, 0xCC, 0x8A,
-	0xC9, 0x03, 0x55, 0xCC, 0x8B, 0xC9, 0x03, 0x55,
-	0xCC, 0x8C, 0xC9, 0x03, 0x55, 0xCC, 0x8F, 0xC9,
-	0x03, 0x55, 0xCC, 0x91, 0xC9, 0x03, 0x55, 0xCC,
-	0xA3, 0xB5, 0x03, 0x55, 0xCC, 0xA4, 0xB5, 0x03,
-	0x55, 0xCC, 0xA8, 0xA5, 0x03, 0x55, 0xCC, 0xAD,
-	0xB5, 0x03, 0x55, 0xCC, 0xB0, 0xB5, 0x03, 0x56,
-	// Bytes 3200 - 323f
-	0xCC, 0x83, 0xC9, 0x03, 0x56, 0xCC, 0xA3, 0xB5,
-	0x03, 0x57, 0xCC, 0x80, 0xC9, 0x03, 0x57, 0xCC,
-	0x81, 0xC9, 0x03, 0x57, 0xCC, 0x82, 0xC9, 0x03,
-	0x57, 0xCC, 0x87, 0xC9, 0x03, 0x57, 0xCC, 0x88,
-	0xC9, 0x03, 0x57, 0xCC, 0xA3, 0xB5, 0x03, 0x58,
-	0xCC, 0x87, 0xC9, 0x03, 0x58, 0xCC, 0x88, 0xC9,
-	0x03, 0x59, 0xCC, 0x80, 0xC9, 0x03, 0x59, 0xCC,
-	0x81, 0xC9, 0x03, 0x59, 0xCC, 0x82, 0xC9, 0x03,
-	// Bytes 3240 - 327f
-	0x59, 0xCC, 0x83, 0xC9, 0x03, 0x59, 0xCC, 0x84,
-	0xC9, 0x03, 0x59, 0xCC, 0x87, 0xC9, 0x03, 0x59,
-	0xCC, 0x88, 0xC9, 0x03, 0x59, 0xCC, 0x89, 0xC9,
-	0x03, 0x59, 0xCC, 0xA3, 0xB5, 0x03, 0x5A, 0xCC,
-	0x81, 0xC9, 0x03, 0x5A, 0xCC, 0x82, 0xC9, 0x03,
-	0x5A, 0xCC, 0x87, 0xC9, 0x03, 0x5A, 0xCC, 0x8C,
-	0xC9, 0x03, 0x5A, 0xCC, 0xA3, 0xB5, 0x03, 0x5A,
-	0xCC, 0xB1, 0xB5, 0x03, 0x61, 0xCC, 0x80, 0xC9,
-	// Bytes 3280 - 32bf
-	0x03, 0x61, 0xCC, 0x81, 0xC9, 0x03, 0x61, 0xCC,
-	0x83, 0xC9, 0x03, 0x61, 0xCC, 0x84, 0xC9, 0x03,
-	0x61, 0xCC, 0x89, 0xC9, 0x03, 0x61, 0xCC, 0x8C,
-	0xC9, 0x03, 0x61, 0xCC, 0x8F, 0xC9, 0x03, 0x61,
-	0xCC, 0x91, 0xC9, 0x03, 0x61, 0xCC, 0xA5, 0xB5,
-	0x03, 0x61, 0xCC, 0xA8, 0xA5, 0x03, 0x62, 0xCC,
-	0x87, 0xC9, 0x03, 0x62, 0xCC, 0xA3, 0xB5, 0x03,
-	0x62, 0xCC, 0xB1, 0xB5, 0x03, 0x63, 0xCC, 0x81,
-	// Bytes 32c0 - 32ff
-	0xC9, 0x03, 0x63, 0xCC, 0x82, 0xC9, 0x03, 0x63,
-	0xCC, 0x87, 0xC9, 0x03, 0x63, 0xCC, 0x8C, 0xC9,
-	0x03, 0x64, 0xCC, 0x87, 0xC9, 0x03, 0x64, 0xCC,
-	0x8C, 0xC9, 0x03, 0x64, 0xCC, 0xA3, 0xB5, 0x03,
-	0x64, 0xCC, 0xA7, 0xA5, 0x03, 0x64, 0xCC, 0xAD,
-	0xB5, 0x03, 0x64, 0xCC, 0xB1, 0xB5, 0x03, 0x65,
-	0xCC, 0x80, 0xC9, 0x03, 0x65, 0xCC, 0x81, 0xC9,
-	0x03, 0x65, 0xCC, 0x83, 0xC9, 0x03, 0x65, 0xCC,
-	// Bytes 3300 - 333f
-	0x86, 0xC9, 0x03, 0x65, 0xCC, 0x87, 0xC9, 0x03,
-	0x65, 0xCC, 0x88, 0xC9, 0x03, 0x65, 0xCC, 0x89,
-	0xC9, 0x03, 0x65, 0xCC, 0x8C, 0xC9, 0x03, 0x65,
-	0xCC, 0x8F, 0xC9, 0x03, 0x65, 0xCC, 0x91, 0xC9,
-	0x03, 0x65, 0xCC, 0xA8, 0xA5, 0x03, 0x65, 0xCC,
-	0xAD, 0xB5, 0x03, 0x65, 0xCC, 0xB0, 0xB5, 0x03,
-	0x66, 0xCC, 0x87, 0xC9, 0x03, 0x67, 0xCC, 0x81,
-	0xC9, 0x03, 0x67, 0xCC, 0x82, 0xC9, 0x03, 0x67,
-	// Bytes 3340 - 337f
-	0xCC, 0x84, 0xC9, 0x03, 0x67, 0xCC, 0x86, 0xC9,
-	0x03, 0x67, 0xCC, 0x87, 0xC9, 0x03, 0x67, 0xCC,
-	0x8C, 0xC9, 0x03, 0x67, 0xCC, 0xA7, 0xA5, 0x03,
-	0x68, 0xCC, 0x82, 0xC9, 0x03, 0x68, 0xCC, 0x87,
-	0xC9, 0x03, 0x68, 0xCC, 0x88, 0xC9, 0x03, 0x68,
-	0xCC, 0x8C, 0xC9, 0x03, 0x68, 0xCC, 0xA3, 0xB5,
-	0x03, 0x68, 0xCC, 0xA7, 0xA5, 0x03, 0x68, 0xCC,
-	0xAE, 0xB5, 0x03, 0x68, 0xCC, 0xB1, 0xB5, 0x03,
-	// Bytes 3380 - 33bf
-	0x69, 0xCC, 0x80, 0xC9, 0x03, 0x69, 0xCC, 0x81,
-	0xC9, 0x03, 0x69, 0xCC, 0x82, 0xC9, 0x03, 0x69,
-	0xCC, 0x83, 0xC9, 0x03, 0x69, 0xCC, 0x84, 0xC9,
-	0x03, 0x69, 0xCC, 0x86, 0xC9, 0x03, 0x69, 0xCC,
-	0x89, 0xC9, 0x03, 0x69, 0xCC, 0x8C, 0xC9, 0x03,
-	0x69, 0xCC, 0x8F, 0xC9, 0x03, 0x69, 0xCC, 0x91,
-	0xC9, 0x03, 0x69, 0xCC, 0xA3, 0xB5, 0x03, 0x69,
-	0xCC, 0xA8, 0xA5, 0x03, 0x69, 0xCC, 0xB0, 0xB5,
-	// Bytes 33c0 - 33ff
-	0x03, 0x6A, 0xCC, 0x82, 0xC9, 0x03, 0x6A, 0xCC,
-	0x8C, 0xC9, 0x03, 0x6B, 0xCC, 0x81, 0xC9, 0x03,
-	0x6B, 0xCC, 0x8C, 0xC9, 0x03, 0x6B, 0xCC, 0xA3,
-	0xB5, 0x03, 0x6B, 0xCC, 0xA7, 0xA5, 0x03, 0x6B,
-	0xCC, 0xB1, 0xB5, 0x03, 0x6C, 0xCC, 0x81, 0xC9,
-	0x03, 0x6C, 0xCC, 0x8C, 0xC9, 0x03, 0x6C, 0xCC,
-	0xA7, 0xA5, 0x03, 0x6C, 0xCC, 0xAD, 0xB5, 0x03,
-	0x6C, 0xCC, 0xB1, 0xB5, 0x03, 0x6D, 0xCC, 0x81,
-	// Bytes 3400 - 343f
-	0xC9, 0x03, 0x6D, 0xCC, 0x87, 0xC9, 0x03, 0x6D,
-	0xCC, 0xA3, 0xB5, 0x03, 0x6E, 0xCC, 0x80, 0xC9,
-	0x03, 0x6E, 0xCC, 0x81, 0xC9, 0x03, 0x6E, 0xCC,
-	0x83, 0xC9, 0x03, 0x6E, 0xCC, 0x87, 0xC9, 0x03,
-	0x6E, 0xCC, 0x8C, 0xC9, 0x03, 0x6E, 0xCC, 0xA3,
-	0xB5, 0x03, 0x6E, 0xCC, 0xA7, 0xA5, 0x03, 0x6E,
-	0xCC, 0xAD, 0xB5, 0x03, 0x6E, 0xCC, 0xB1, 0xB5,
-	0x03, 0x6F, 0xCC, 0x80, 0xC9, 0x03, 0x6F, 0xCC,
-	// Bytes 3440 - 347f
-	0x81, 0xC9, 0x03, 0x6F, 0xCC, 0x86, 0xC9, 0x03,
-	0x6F, 0xCC, 0x89, 0xC9, 0x03, 0x6F, 0xCC, 0x8B,
-	0xC9, 0x03, 0x6F, 0xCC, 0x8C, 0xC9, 0x03, 0x6F,
-	0xCC, 0x8F, 0xC9, 0x03, 0x6F, 0xCC, 0x91, 0xC9,
-	0x03, 0x70, 0xCC, 0x81, 0xC9, 0x03, 0x70, 0xCC,
-	0x87, 0xC9, 0x03, 0x72, 0xCC, 0x81, 0xC9, 0x03,
-	0x72, 0xCC, 0x87, 0xC9, 0x03, 0x72, 0xCC, 0x8C,
-	0xC9, 0x03, 0x72, 0xCC, 0x8F, 0xC9, 0x03, 0x72,
-	// Bytes 3480 - 34bf
-	0xCC, 0x91, 0xC9, 0x03, 0x72, 0xCC, 0xA7, 0xA5,
-	0x03, 0x72, 0xCC, 0xB1, 0xB5, 0x03, 0x73, 0xCC,
-	0x82, 0xC9, 0x03, 0x73, 0xCC, 0x87, 0xC9, 0x03,
-	0x73, 0xCC, 0xA6, 0xB5, 0x03, 0x73, 0xCC, 0xA7,
-	0xA5, 0x03, 0x74, 0xCC, 0x87, 0xC9, 0x03, 0x74,
-	0xCC, 0x88, 0xC9, 0x03, 0x74, 0xCC, 0x8C, 0xC9,
-	0x03, 0x74, 0xCC, 0xA3, 0xB5, 0x03, 0x74, 0xCC,
-	0xA6, 0xB5, 0x03, 0x74, 0xCC, 0xA7, 0xA5, 0x03,
-	// Bytes 34c0 - 34ff
-	0x74, 0xCC, 0xAD, 0xB5, 0x03, 0x74, 0xCC, 0xB1,
-	0xB5, 0x03, 0x75, 0xCC, 0x80, 0xC9, 0x03, 0x75,
-	0xCC, 0x81, 0xC9, 0x03, 0x75, 0xCC, 0x82, 0xC9,
-	0x03, 0x75, 0xCC, 0x86, 0xC9, 0x03, 0x75, 0xCC,
-	0x89, 0xC9, 0x03, 0x75, 0xCC, 0x8A, 0xC9, 0x03,
-	0x75, 0xCC, 0x8B, 0xC9, 0x03, 0x75, 0xCC, 0x8C,
-	0xC9, 0x03, 0x75, 0xCC, 0x8F, 0xC9, 0x03, 0x75,
-	0xCC, 0x91, 0xC9, 0x03, 0x75, 0xCC, 0xA3, 0xB5,
-	// Bytes 3500 - 353f
-	0x03, 0x75, 0xCC, 0xA4, 0xB5, 0x03, 0x75, 0xCC,
-	0xA8, 0xA5, 0x03, 0x75, 0xCC, 0xAD, 0xB5, 0x03,
-	0x75, 0xCC, 0xB0, 0xB5, 0x03, 0x76, 0xCC, 0x83,
-	0xC9, 0x03, 0x76, 0xCC, 0xA3, 0xB5, 0x03, 0x77,
-	0xCC, 0x80, 0xC9, 0x03, 0x77, 0xCC, 0x81, 0xC9,
-	0x03, 0x77, 0xCC, 0x82, 0xC9, 0x03, 0x77, 0xCC,
-	0x87, 0xC9, 0x03, 0x77, 0xCC, 0x88, 0xC9, 0x03,
-	0x77, 0xCC, 0x8A, 0xC9, 0x03, 0x77, 0xCC, 0xA3,
-	// Bytes 3540 - 357f
-	0xB5, 0x03, 0x78, 0xCC, 0x87, 0xC9, 0x03, 0x78,
-	0xCC, 0x88, 0xC9, 0x03, 0x79, 0xCC, 0x80, 0xC9,
-	0x03, 0x79, 0xCC, 0x81, 0xC9, 0x03, 0x79, 0xCC,
-	0x82, 0xC9, 0x03, 0x79, 0xCC, 0x83, 0xC9, 0x03,
-	0x79, 0xCC, 0x84, 0xC9, 0x03, 0x79, 0xCC, 0x87,
-	0xC9, 0x03, 0x79, 0xCC, 0x88, 0xC9, 0x03, 0x79,
-	0xCC, 0x89, 0xC9, 0x03, 0x79, 0xCC, 0x8A, 0xC9,
-	0x03, 0x79, 0xCC, 0xA3, 0xB5, 0x03, 0x7A, 0xCC,
-	// Bytes 3580 - 35bf
-	0x81, 0xC9, 0x03, 0x7A, 0xCC, 0x82, 0xC9, 0x03,
-	0x7A, 0xCC, 0x87, 0xC9, 0x03, 0x7A, 0xCC, 0x8C,
-	0xC9, 0x03, 0x7A, 0xCC, 0xA3, 0xB5, 0x03, 0x7A,
-	0xCC, 0xB1, 0xB5, 0x04, 0xC2, 0xA8, 0xCC, 0x80,
-	0xCA, 0x04, 0xC2, 0xA8, 0xCC, 0x81, 0xCA, 0x04,
-	0xC2, 0xA8, 0xCD, 0x82, 0xCA, 0x04, 0xC3, 0x86,
-	0xCC, 0x81, 0xC9, 0x04, 0xC3, 0x86, 0xCC, 0x84,
-	0xC9, 0x04, 0xC3, 0x98, 0xCC, 0x81, 0xC9, 0x04,
-	// Bytes 35c0 - 35ff
-	0xC3, 0xA6, 0xCC, 0x81, 0xC9, 0x04, 0xC3, 0xA6,
-	0xCC, 0x84, 0xC9, 0x04, 0xC3, 0xB8, 0xCC, 0x81,
-	0xC9, 0x04, 0xC5, 0xBF, 0xCC, 0x87, 0xC9, 0x04,
-	0xC6, 0xB7, 0xCC, 0x8C, 0xC9, 0x04, 0xCA, 0x92,
-	0xCC, 0x8C, 0xC9, 0x04, 0xCE, 0x91, 0xCC, 0x80,
-	0xC9, 0x04, 0xCE, 0x91, 0xCC, 0x81, 0xC9, 0x04,
-	0xCE, 0x91, 0xCC, 0x84, 0xC9, 0x04, 0xCE, 0x91,
-	0xCC, 0x86, 0xC9, 0x04, 0xCE, 0x91, 0xCD, 0x85,
-	// Bytes 3600 - 363f
-	0xD9, 0x04, 0xCE, 0x95, 0xCC, 0x80, 0xC9, 0x04,
-	0xCE, 0x95, 0xCC, 0x81, 0xC9, 0x04, 0xCE, 0x97,
-	0xCC, 0x80, 0xC9, 0x04, 0xCE, 0x97, 0xCC, 0x81,
-	0xC9, 0x04, 0xCE, 0x97, 0xCD, 0x85, 0xD9, 0x04,
-	0xCE, 0x99, 0xCC, 0x80, 0xC9, 0x04, 0xCE, 0x99,
-	0xCC, 0x81, 0xC9, 0x04, 0xCE, 0x99, 0xCC, 0x84,
-	0xC9, 0x04, 0xCE, 0x99, 0xCC, 0x86, 0xC9, 0x04,
-	0xCE, 0x99, 0xCC, 0x88, 0xC9, 0x04, 0xCE, 0x9F,
-	// Bytes 3640 - 367f
-	0xCC, 0x80, 0xC9, 0x04, 0xCE, 0x9F, 0xCC, 0x81,
-	0xC9, 0x04, 0xCE, 0xA1, 0xCC, 0x94, 0xC9, 0x04,
-	0xCE, 0xA5, 0xCC, 0x80, 0xC9, 0x04, 0xCE, 0xA5,
-	0xCC, 0x81, 0xC9, 0x04, 0xCE, 0xA5, 0xCC, 0x84,
-	0xC9, 0x04, 0xCE, 0xA5, 0xCC, 0x86, 0xC9, 0x04,
-	0xCE, 0xA5, 0xCC, 0x88, 0xC9, 0x04, 0xCE, 0xA9,
-	0xCC, 0x80, 0xC9, 0x04, 0xCE, 0xA9, 0xCC, 0x81,
-	0xC9, 0x04, 0xCE, 0xA9, 0xCD, 0x85, 0xD9, 0x04,
-	// Bytes 3680 - 36bf
-	0xCE, 0xB1, 0xCC, 0x84, 0xC9, 0x04, 0xCE, 0xB1,
-	0xCC, 0x86, 0xC9, 0x04, 0xCE, 0xB1, 0xCD, 0x85,
-	0xD9, 0x04, 0xCE, 0xB5, 0xCC, 0x80, 0xC9, 0x04,
-	0xCE, 0xB5, 0xCC, 0x81, 0xC9, 0x04, 0xCE, 0xB7,
-	0xCD, 0x85, 0xD9, 0x04, 0xCE, 0xB9, 0xCC, 0x80,
-	0xC9, 0x04, 0xCE, 0xB9, 0xCC, 0x81, 0xC9, 0x04,
-	0xCE, 0xB9, 0xCC, 0x84, 0xC9, 0x04, 0xCE, 0xB9,
-	0xCC, 0x86, 0xC9, 0x04, 0xCE, 0xB9, 0xCD, 0x82,
-	// Bytes 36c0 - 36ff
-	0xC9, 0x04, 0xCE, 0xBF, 0xCC, 0x80, 0xC9, 0x04,
-	0xCE, 0xBF, 0xCC, 0x81, 0xC9, 0x04, 0xCF, 0x81,
-	0xCC, 0x93, 0xC9, 0x04, 0xCF, 0x81, 0xCC, 0x94,
-	0xC9, 0x04, 0xCF, 0x85, 0xCC, 0x80, 0xC9, 0x04,
-	0xCF, 0x85, 0xCC, 0x81, 0xC9, 0x04, 0xCF, 0x85,
-	0xCC, 0x84, 0xC9, 0x04, 0xCF, 0x85, 0xCC, 0x86,
-	0xC9, 0x04, 0xCF, 0x85, 0xCD, 0x82, 0xC9, 0x04,
-	0xCF, 0x89, 0xCD, 0x85, 0xD9, 0x04, 0xCF, 0x92,
-	// Bytes 3700 - 373f
-	0xCC, 0x81, 0xC9, 0x04, 0xCF, 0x92, 0xCC, 0x88,
-	0xC9, 0x04, 0xD0, 0x86, 0xCC, 0x88, 0xC9, 0x04,
-	0xD0, 0x90, 0xCC, 0x86, 0xC9, 0x04, 0xD0, 0x90,
-	0xCC, 0x88, 0xC9, 0x04, 0xD0, 0x93, 0xCC, 0x81,
-	0xC9, 0x04, 0xD0, 0x95, 0xCC, 0x80, 0xC9, 0x04,
-	0xD0, 0x95, 0xCC, 0x86, 0xC9, 0x04, 0xD0, 0x95,
-	0xCC, 0x88, 0xC9, 0x04, 0xD0, 0x96, 0xCC, 0x86,
-	0xC9, 0x04, 0xD0, 0x96, 0xCC, 0x88, 0xC9, 0x04,
-	// Bytes 3740 - 377f
-	0xD0, 0x97, 0xCC, 0x88, 0xC9, 0x04, 0xD0, 0x98,
-	0xCC, 0x80, 0xC9, 0x04, 0xD0, 0x98, 0xCC, 0x84,
-	0xC9, 0x04, 0xD0, 0x98, 0xCC, 0x86, 0xC9, 0x04,
-	0xD0, 0x98, 0xCC, 0x88, 0xC9, 0x04, 0xD0, 0x9A,
-	0xCC, 0x81, 0xC9, 0x04, 0xD0, 0x9E, 0xCC, 0x88,
-	0xC9, 0x04, 0xD0, 0xA3, 0xCC, 0x84, 0xC9, 0x04,
-	0xD0, 0xA3, 0xCC, 0x86, 0xC9, 0x04, 0xD0, 0xA3,
-	0xCC, 0x88, 0xC9, 0x04, 0xD0, 0xA3, 0xCC, 0x8B,
-	// Bytes 3780 - 37bf
-	0xC9, 0x04, 0xD0, 0xA7, 0xCC, 0x88, 0xC9, 0x04,
-	0xD0, 0xAB, 0xCC, 0x88, 0xC9, 0x04, 0xD0, 0xAD,
-	0xCC, 0x88, 0xC9, 0x04, 0xD0, 0xB0, 0xCC, 0x86,
-	0xC9, 0x04, 0xD0, 0xB0, 0xCC, 0x88, 0xC9, 0x04,
-	0xD0, 0xB3, 0xCC, 0x81, 0xC9, 0x04, 0xD0, 0xB5,
-	0xCC, 0x80, 0xC9, 0x04, 0xD0, 0xB5, 0xCC, 0x86,
-	0xC9, 0x04, 0xD0, 0xB5, 0xCC, 0x88, 0xC9, 0x04,
-	0xD0, 0xB6, 0xCC, 0x86, 0xC9, 0x04, 0xD0, 0xB6,
-	// Bytes 37c0 - 37ff
-	0xCC, 0x88, 0xC9, 0x04, 0xD0, 0xB7, 0xCC, 0x88,
-	0xC9, 0x04, 0xD0, 0xB8, 0xCC, 0x80, 0xC9, 0x04,
-	0xD0, 0xB8, 0xCC, 0x84, 0xC9, 0x04, 0xD0, 0xB8,
-	0xCC, 0x86, 0xC9, 0x04, 0xD0, 0xB8, 0xCC, 0x88,
-	0xC9, 0x04, 0xD0, 0xBA, 0xCC, 0x81, 0xC9, 0x04,
-	0xD0, 0xBE, 0xCC, 0x88, 0xC9, 0x04, 0xD1, 0x83,
-	0xCC, 0x84, 0xC9, 0x04, 0xD1, 0x83, 0xCC, 0x86,
-	0xC9, 0x04, 0xD1, 0x83, 0xCC, 0x88, 0xC9, 0x04,
-	// Bytes 3800 - 383f
-	0xD1, 0x83, 0xCC, 0x8B, 0xC9, 0x04, 0xD1, 0x87,
-	0xCC, 0x88, 0xC9, 0x04, 0xD1, 0x8B, 0xCC, 0x88,
-	0xC9, 0x04, 0xD1, 0x8D, 0xCC, 0x88, 0xC9, 0x04,
-	0xD1, 0x96, 0xCC, 0x88, 0xC9, 0x04, 0xD1, 0xB4,
-	0xCC, 0x8F, 0xC9, 0x04, 0xD1, 0xB5, 0xCC, 0x8F,
-	0xC9, 0x04, 0xD3, 0x98, 0xCC, 0x88, 0xC9, 0x04,
-	0xD3, 0x99, 0xCC, 0x88, 0xC9, 0x04, 0xD3, 0xA8,
-	0xCC, 0x88, 0xC9, 0x04, 0xD3, 0xA9, 0xCC, 0x88,
-	// Bytes 3840 - 387f
-	0xC9, 0x04, 0xD8, 0xA7, 0xD9, 0x93, 0xC9, 0x04,
-	0xD8, 0xA7, 0xD9, 0x94, 0xC9, 0x04, 0xD8, 0xA7,
-	0xD9, 0x95, 0xB5, 0x04, 0xD9, 0x88, 0xD9, 0x94,
-	0xC9, 0x04, 0xD9, 0x8A, 0xD9, 0x94, 0xC9, 0x04,
-	0xDB, 0x81, 0xD9, 0x94, 0xC9, 0x04, 0xDB, 0x92,
-	0xD9, 0x94, 0xC9, 0x04, 0xDB, 0x95, 0xD9, 0x94,
-	0xC9, 0x05, 0x41, 0xCC, 0x82, 0xCC, 0x80, 0xCA,
-	0x05, 0x41, 0xCC, 0x82, 0xCC, 0x81, 0xCA, 0x05,
-	// Bytes 3880 - 38bf
-	0x41, 0xCC, 0x82, 0xCC, 0x83, 0xCA, 0x05, 0x41,
-	0xCC, 0x82, 0xCC, 0x89, 0xCA, 0x05, 0x41, 0xCC,
-	0x86, 0xCC, 0x80, 0xCA, 0x05, 0x41, 0xCC, 0x86,
-	0xCC, 0x81, 0xCA, 0x05, 0x41, 0xCC, 0x86, 0xCC,
-	0x83, 0xCA, 0x05, 0x41, 0xCC, 0x86, 0xCC, 0x89,
-	0xCA, 0x05, 0x41, 0xCC, 0x87, 0xCC, 0x84, 0xCA,
-	0x05, 0x41, 0xCC, 0x88, 0xCC, 0x84, 0xCA, 0x05,
-	0x41, 0xCC, 0x8A, 0xCC, 0x81, 0xCA, 0x05, 0x41,
-	// Bytes 38c0 - 38ff
-	0xCC, 0xA3, 0xCC, 0x82, 0xCA, 0x05, 0x41, 0xCC,
-	0xA3, 0xCC, 0x86, 0xCA, 0x05, 0x43, 0xCC, 0xA7,
-	0xCC, 0x81, 0xCA, 0x05, 0x45, 0xCC, 0x82, 0xCC,
-	0x80, 0xCA, 0x05, 0x45, 0xCC, 0x82, 0xCC, 0x81,
-	0xCA, 0x05, 0x45, 0xCC, 0x82, 0xCC, 0x83, 0xCA,
-	0x05, 0x45, 0xCC, 0x82, 0xCC, 0x89, 0xCA, 0x05,
-	0x45, 0xCC, 0x84, 0xCC, 0x80, 0xCA, 0x05, 0x45,
-	0xCC, 0x84, 0xCC, 0x81, 0xCA, 0x05, 0x45, 0xCC,
-	// Bytes 3900 - 393f
-	0xA3, 0xCC, 0x82, 0xCA, 0x05, 0x45, 0xCC, 0xA7,
-	0xCC, 0x86, 0xCA, 0x05, 0x49, 0xCC, 0x88, 0xCC,
-	0x81, 0xCA, 0x05, 0x4C, 0xCC, 0xA3, 0xCC, 0x84,
-	0xCA, 0x05, 0x4F, 0xCC, 0x82, 0xCC, 0x80, 0xCA,
-	0x05, 0x4F, 0xCC, 0x82, 0xCC, 0x81, 0xCA, 0x05,
-	0x4F, 0xCC, 0x82, 0xCC, 0x83, 0xCA, 0x05, 0x4F,
-	0xCC, 0x82, 0xCC, 0x89, 0xCA, 0x05, 0x4F, 0xCC,
-	0x83, 0xCC, 0x81, 0xCA, 0x05, 0x4F, 0xCC, 0x83,
-	// Bytes 3940 - 397f
-	0xCC, 0x84, 0xCA, 0x05, 0x4F, 0xCC, 0x83, 0xCC,
-	0x88, 0xCA, 0x05, 0x4F, 0xCC, 0x84, 0xCC, 0x80,
-	0xCA, 0x05, 0x4F, 0xCC, 0x84, 0xCC, 0x81, 0xCA,
-	0x05, 0x4F, 0xCC, 0x87, 0xCC, 0x84, 0xCA, 0x05,
-	0x4F, 0xCC, 0x88, 0xCC, 0x84, 0xCA, 0x05, 0x4F,
-	0xCC, 0x9B, 0xCC, 0x80, 0xCA, 0x05, 0x4F, 0xCC,
-	0x9B, 0xCC, 0x81, 0xCA, 0x05, 0x4F, 0xCC, 0x9B,
-	0xCC, 0x83, 0xCA, 0x05, 0x4F, 0xCC, 0x9B, 0xCC,
-	// Bytes 3980 - 39bf
-	0x89, 0xCA, 0x05, 0x4F, 0xCC, 0x9B, 0xCC, 0xA3,
-	0xB6, 0x05, 0x4F, 0xCC, 0xA3, 0xCC, 0x82, 0xCA,
-	0x05, 0x4F, 0xCC, 0xA8, 0xCC, 0x84, 0xCA, 0x05,
-	0x52, 0xCC, 0xA3, 0xCC, 0x84, 0xCA, 0x05, 0x53,
-	0xCC, 0x81, 0xCC, 0x87, 0xCA, 0x05, 0x53, 0xCC,
-	0x8C, 0xCC, 0x87, 0xCA, 0x05, 0x53, 0xCC, 0xA3,
-	0xCC, 0x87, 0xCA, 0x05, 0x55, 0xCC, 0x83, 0xCC,
-	0x81, 0xCA, 0x05, 0x55, 0xCC, 0x84, 0xCC, 0x88,
-	// Bytes 39c0 - 39ff
-	0xCA, 0x05, 0x55, 0xCC, 0x88, 0xCC, 0x80, 0xCA,
-	0x05, 0x55, 0xCC, 0x88, 0xCC, 0x81, 0xCA, 0x05,
-	0x55, 0xCC, 0x88, 0xCC, 0x84, 0xCA, 0x05, 0x55,
-	0xCC, 0x88, 0xCC, 0x8C, 0xCA, 0x05, 0x55, 0xCC,
-	0x9B, 0xCC, 0x80, 0xCA, 0x05, 0x55, 0xCC, 0x9B,
-	0xCC, 0x81, 0xCA, 0x05, 0x55, 0xCC, 0x9B, 0xCC,
-	0x83, 0xCA, 0x05, 0x55, 0xCC, 0x9B, 0xCC, 0x89,
-	0xCA, 0x05, 0x55, 0xCC, 0x9B, 0xCC, 0xA3, 0xB6,
-	// Bytes 3a00 - 3a3f
-	0x05, 0x61, 0xCC, 0x82, 0xCC, 0x80, 0xCA, 0x05,
-	0x61, 0xCC, 0x82, 0xCC, 0x81, 0xCA, 0x05, 0x61,
-	0xCC, 0x82, 0xCC, 0x83, 0xCA, 0x05, 0x61, 0xCC,
-	0x82, 0xCC, 0x89, 0xCA, 0x05, 0x61, 0xCC, 0x86,
-	0xCC, 0x80, 0xCA, 0x05, 0x61, 0xCC, 0x86, 0xCC,
-	0x81, 0xCA, 0x05, 0x61, 0xCC, 0x86, 0xCC, 0x83,
-	0xCA, 0x05, 0x61, 0xCC, 0x86, 0xCC, 0x89, 0xCA,
-	0x05, 0x61, 0xCC, 0x87, 0xCC, 0x84, 0xCA, 0x05,
-	// Bytes 3a40 - 3a7f
-	0x61, 0xCC, 0x88, 0xCC, 0x84, 0xCA, 0x05, 0x61,
-	0xCC, 0x8A, 0xCC, 0x81, 0xCA, 0x05, 0x61, 0xCC,
-	0xA3, 0xCC, 0x82, 0xCA, 0x05, 0x61, 0xCC, 0xA3,
-	0xCC, 0x86, 0xCA, 0x05, 0x63, 0xCC, 0xA7, 0xCC,
-	0x81, 0xCA, 0x05, 0x65, 0xCC, 0x82, 0xCC, 0x80,
-	0xCA, 0x05, 0x65, 0xCC, 0x82, 0xCC, 0x81, 0xCA,
-	0x05, 0x65, 0xCC, 0x82, 0xCC, 0x83, 0xCA, 0x05,
-	0x65, 0xCC, 0x82, 0xCC, 0x89, 0xCA, 0x05, 0x65,
-	// Bytes 3a80 - 3abf
-	0xCC, 0x84, 0xCC, 0x80, 0xCA, 0x05, 0x65, 0xCC,
-	0x84, 0xCC, 0x81, 0xCA, 0x05, 0x65, 0xCC, 0xA3,
-	0xCC, 0x82, 0xCA, 0x05, 0x65, 0xCC, 0xA7, 0xCC,
-	0x86, 0xCA, 0x05, 0x69, 0xCC, 0x88, 0xCC, 0x81,
-	0xCA, 0x05, 0x6C, 0xCC, 0xA3, 0xCC, 0x84, 0xCA,
-	0x05, 0x6F, 0xCC, 0x82, 0xCC, 0x80, 0xCA, 0x05,
-	0x6F, 0xCC, 0x82, 0xCC, 0x81, 0xCA, 0x05, 0x6F,
-	0xCC, 0x82, 0xCC, 0x83, 0xCA, 0x05, 0x6F, 0xCC,
-	// Bytes 3ac0 - 3aff
-	0x82, 0xCC, 0x89, 0xCA, 0x05, 0x6F, 0xCC, 0x83,
-	0xCC, 0x81, 0xCA, 0x05, 0x6F, 0xCC, 0x83, 0xCC,
-	0x84, 0xCA, 0x05, 0x6F, 0xCC, 0x83, 0xCC, 0x88,
-	0xCA, 0x05, 0x6F, 0xCC, 0x84, 0xCC, 0x80, 0xCA,
-	0x05, 0x6F, 0xCC, 0x84, 0xCC, 0x81, 0xCA, 0x05,
-	0x6F, 0xCC, 0x87, 0xCC, 0x84, 0xCA, 0x05, 0x6F,
-	0xCC, 0x88, 0xCC, 0x84, 0xCA, 0x05, 0x6F, 0xCC,
-	0x9B, 0xCC, 0x80, 0xCA, 0x05, 0x6F, 0xCC, 0x9B,
-	// Bytes 3b00 - 3b3f
-	0xCC, 0x81, 0xCA, 0x05, 0x6F, 0xCC, 0x9B, 0xCC,
-	0x83, 0xCA, 0x05, 0x6F, 0xCC, 0x9B, 0xCC, 0x89,
-	0xCA, 0x05, 0x6F, 0xCC, 0x9B, 0xCC, 0xA3, 0xB6,
-	0x05, 0x6F, 0xCC, 0xA3, 0xCC, 0x82, 0xCA, 0x05,
-	0x6F, 0xCC, 0xA8, 0xCC, 0x84, 0xCA, 0x05, 0x72,
-	0xCC, 0xA3, 0xCC, 0x84, 0xCA, 0x05, 0x73, 0xCC,
-	0x81, 0xCC, 0x87, 0xCA, 0x05, 0x73, 0xCC, 0x8C,
-	0xCC, 0x87, 0xCA, 0x05, 0x73, 0xCC, 0xA3, 0xCC,
-	// Bytes 3b40 - 3b7f
-	0x87, 0xCA, 0x05, 0x75, 0xCC, 0x83, 0xCC, 0x81,
-	0xCA, 0x05, 0x75, 0xCC, 0x84, 0xCC, 0x88, 0xCA,
-	0x05, 0x75, 0xCC, 0x88, 0xCC, 0x80, 0xCA, 0x05,
-	0x75, 0xCC, 0x88, 0xCC, 0x81, 0xCA, 0x05, 0x75,
-	0xCC, 0x88, 0xCC, 0x84, 0xCA, 0x05, 0x75, 0xCC,
-	0x88, 0xCC, 0x8C, 0xCA, 0x05, 0x75, 0xCC, 0x9B,
-	0xCC, 0x80, 0xCA, 0x05, 0x75, 0xCC, 0x9B, 0xCC,
-	0x81, 0xCA, 0x05, 0x75, 0xCC, 0x9B, 0xCC, 0x83,
-	// Bytes 3b80 - 3bbf
-	0xCA, 0x05, 0x75, 0xCC, 0x9B, 0xCC, 0x89, 0xCA,
-	0x05, 0x75, 0xCC, 0x9B, 0xCC, 0xA3, 0xB6, 0x05,
-	0xE1, 0xBE, 0xBF, 0xCC, 0x80, 0xCA, 0x05, 0xE1,
-	0xBE, 0xBF, 0xCC, 0x81, 0xCA, 0x05, 0xE1, 0xBE,
-	0xBF, 0xCD, 0x82, 0xCA, 0x05, 0xE1, 0xBF, 0xBE,
-	0xCC, 0x80, 0xCA, 0x05, 0xE1, 0xBF, 0xBE, 0xCC,
-	0x81, 0xCA, 0x05, 0xE1, 0xBF, 0xBE, 0xCD, 0x82,
-	0xCA, 0x05, 0xE2, 0x86, 0x90, 0xCC, 0xB8, 0x05,
-	// Bytes 3bc0 - 3bff
-	0x05, 0xE2, 0x86, 0x92, 0xCC, 0xB8, 0x05, 0x05,
-	0xE2, 0x86, 0x94, 0xCC, 0xB8, 0x05, 0x05, 0xE2,
-	0x87, 0x90, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x87,
-	0x92, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x87, 0x94,
-	0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x88, 0x83, 0xCC,
-	0xB8, 0x05, 0x05, 0xE2, 0x88, 0x88, 0xCC, 0xB8,
-	0x05, 0x05, 0xE2, 0x88, 0x8B, 0xCC, 0xB8, 0x05,
-	0x05, 0xE2, 0x88, 0xA3, 0xCC, 0xB8, 0x05, 0x05,
-	// Bytes 3c00 - 3c3f
-	0xE2, 0x88, 0xA5, 0xCC, 0xB8, 0x05, 0x05, 0xE2,
-	0x88, 0xBC, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x89,
-	0x83, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x89, 0x85,
-	0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x89, 0x88, 0xCC,
-	0xB8, 0x05, 0x05, 0xE2, 0x89, 0x8D, 0xCC, 0xB8,
-	0x05, 0x05, 0xE2, 0x89, 0xA1, 0xCC, 0xB8, 0x05,
-	0x05, 0xE2, 0x89, 0xA4, 0xCC, 0xB8, 0x05, 0x05,
-	0xE2, 0x89, 0xA5, 0xCC, 0xB8, 0x05, 0x05, 0xE2,
-	// Bytes 3c40 - 3c7f
-	0x89, 0xB2, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x89,
-	0xB3, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x89, 0xB6,
-	0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x89, 0xB7, 0xCC,
-	0xB8, 0x05, 0x05, 0xE2, 0x89, 0xBA, 0xCC, 0xB8,
-	0x05, 0x05, 0xE2, 0x89, 0xBB, 0xCC, 0xB8, 0x05,
-	0x05, 0xE2, 0x89, 0xBC, 0xCC, 0xB8, 0x05, 0x05,
-	0xE2, 0x89, 0xBD, 0xCC, 0xB8, 0x05, 0x05, 0xE2,
-	0x8A, 0x82, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x8A,
-	// Bytes 3c80 - 3cbf
-	0x83, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x8A, 0x86,
-	0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x8A, 0x87, 0xCC,
-	0xB8, 0x05, 0x05, 0xE2, 0x8A, 0x91, 0xCC, 0xB8,
-	0x05, 0x05, 0xE2, 0x8A, 0x92, 0xCC, 0xB8, 0x05,
-	0x05, 0xE2, 0x8A, 0xA2, 0xCC, 0xB8, 0x05, 0x05,
-	0xE2, 0x8A, 0xA8, 0xCC, 0xB8, 0x05, 0x05, 0xE2,
-	0x8A, 0xA9, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x8A,
-	0xAB, 0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x8A, 0xB2,
-	// Bytes 3cc0 - 3cff
-	0xCC, 0xB8, 0x05, 0x05, 0xE2, 0x8A, 0xB3, 0xCC,
-	0xB8, 0x05, 0x05, 0xE2, 0x8A, 0xB4, 0xCC, 0xB8,
-	0x05, 0x05, 0xE2, 0x8A, 0xB5, 0xCC, 0xB8, 0x05,
-	0x06, 0xCE, 0x91, 0xCC, 0x93, 0xCD, 0x85, 0xDA,
-	0x06, 0xCE, 0x91, 0xCC, 0x94, 0xCD, 0x85, 0xDA,
-	0x06, 0xCE, 0x95, 0xCC, 0x93, 0xCC, 0x80, 0xCA,
-	0x06, 0xCE, 0x95, 0xCC, 0x93, 0xCC, 0x81, 0xCA,
-	0x06, 0xCE, 0x95, 0xCC, 0x94, 0xCC, 0x80, 0xCA,
-	// Bytes 3d00 - 3d3f
-	0x06, 0xCE, 0x95, 0xCC, 0x94, 0xCC, 0x81, 0xCA,
-	0x06, 0xCE, 0x97, 0xCC, 0x93, 0xCD, 0x85, 0xDA,
-	0x06, 0xCE, 0x97, 0xCC, 0x94, 0xCD, 0x85, 0xDA,
-	0x06, 0xCE, 0x99, 0xCC, 0x93, 0xCC, 0x80, 0xCA,
-	0x06, 0xCE, 0x99, 0xCC, 0x93, 0xCC, 0x81, 0xCA,
-	0x06, 0xCE, 0x99, 0xCC, 0x93, 0xCD, 0x82, 0xCA,
-	0x06, 0xCE, 0x99, 0xCC, 0x94, 0xCC, 0x80, 0xCA,
-	0x06, 0xCE, 0x99, 0xCC, 0x94, 0xCC, 0x81, 0xCA,
-	// Bytes 3d40 - 3d7f
-	0x06, 0xCE, 0x99, 0xCC, 0x94, 0xCD, 0x82, 0xCA,
-	0x06, 0xCE, 0x9F, 0xCC, 0x93, 0xCC, 0x80, 0xCA,
-	0x06, 0xCE, 0x9F, 0xCC, 0x93, 0xCC, 0x81, 0xCA,
-	0x06, 0xCE, 0x9F, 0xCC, 0x94, 0xCC, 0x80, 0xCA,
-	0x06, 0xCE, 0x9F, 0xCC, 0x94, 0xCC, 0x81, 0xCA,
-	0x06, 0xCE, 0xA5, 0xCC, 0x94, 0xCC, 0x80, 0xCA,
-	0x06, 0xCE, 0xA5, 0xCC, 0x94, 0xCC, 0x81, 0xCA,
-	0x06, 0xCE, 0xA5, 0xCC, 0x94, 0xCD, 0x82, 0xCA,
-	// Bytes 3d80 - 3dbf
-	0x06, 0xCE, 0xA9, 0xCC, 0x93, 0xCD, 0x85, 0xDA,
-	0x06, 0xCE, 0xA9, 0xCC, 0x94, 0xCD, 0x85, 0xDA,
-	0x06, 0xCE, 0xB1, 0xCC, 0x80, 0xCD, 0x85, 0xDA,
-	0x06, 0xCE, 0xB1, 0xCC, 0x81, 0xCD, 0x85, 0xDA,
-	0x06, 0xCE, 0xB1, 0xCC, 0x93, 0xCD, 0x85, 0xDA,
-	0x06, 0xCE, 0xB1, 0xCC, 0x94, 0xCD, 0x85, 0xDA,
-	0x06, 0xCE, 0xB1, 0xCD, 0x82, 0xCD, 0x85, 0xDA,
-	0x06, 0xCE, 0xB5, 0xCC, 0x93, 0xCC, 0x80, 0xCA,
-	// Bytes 3dc0 - 3dff
-	0x06, 0xCE, 0xB5, 0xCC, 0x93, 0xCC, 0x81, 0xCA,
-	0x06, 0xCE, 0xB5, 0xCC, 0x94, 0xCC, 0x80, 0xCA,
-	0x06, 0xCE, 0xB5, 0xCC, 0x94, 0xCC, 0x81, 0xCA,
-	0x06, 0xCE, 0xB7, 0xCC, 0x80, 0xCD, 0x85, 0xDA,
-	0x06, 0xCE, 0xB7, 0xCC, 0x81, 0xCD, 0x85, 0xDA,
-	0x06, 0xCE, 0xB7, 0xCC, 0x93, 0xCD, 0x85, 0xDA,
-	0x06, 0xCE, 0xB7, 0xCC, 0x94, 0xCD, 0x85, 0xDA,
-	0x06, 0xCE, 0xB7, 0xCD, 0x82, 0xCD, 0x85, 0xDA,
-	// Bytes 3e00 - 3e3f
-	0x06, 0xCE, 0xB9, 0xCC, 0x88, 0xCC, 0x80, 0xCA,
-	0x06, 0xCE, 0xB9, 0xCC, 0x88, 0xCC, 0x81, 0xCA,
-	0x06, 0xCE, 0xB9, 0xCC, 0x88, 0xCD, 0x82, 0xCA,
-	0x06, 0xCE, 0xB9, 0xCC, 0x93, 0xCC, 0x80, 0xCA,
-	0x06, 0xCE, 0xB9, 0xCC, 0x93, 0xCC, 0x81, 0xCA,
-	0x06, 0xCE, 0xB9, 0xCC, 0x93, 0xCD, 0x82, 0xCA,
-	0x06, 0xCE, 0xB9, 0xCC, 0x94, 0xCC, 0x80, 0xCA,
-	0x06, 0xCE, 0xB9, 0xCC, 0x94, 0xCC, 0x81, 0xCA,
-	// Bytes 3e40 - 3e7f
-	0x06, 0xCE, 0xB9, 0xCC, 0x94, 0xCD, 0x82, 0xCA,
-	0x06, 0xCE, 0xBF, 0xCC, 0x93, 0xCC, 0x80, 0xCA,
-	0x06, 0xCE, 0xBF, 0xCC, 0x93, 0xCC, 0x81, 0xCA,
-	0x06, 0xCE, 0xBF, 0xCC, 0x94, 0xCC, 0x80, 0xCA,
-	0x06, 0xCE, 0xBF, 0xCC, 0x94, 0xCC, 0x81, 0xCA,
-	0x06, 0xCF, 0x85, 0xCC, 0x88, 0xCC, 0x80, 0xCA,
-	0x06, 0xCF, 0x85, 0xCC, 0x88, 0xCC, 0x81, 0xCA,
-	0x06, 0xCF, 0x85, 0xCC, 0x88, 0xCD, 0x82, 0xCA,
-	// Bytes 3e80 - 3ebf
-	0x06, 0xCF, 0x85, 0xCC, 0x93, 0xCC, 0x80, 0xCA,
-	0x06, 0xCF, 0x85, 0xCC, 0x93, 0xCC, 0x81, 0xCA,
-	0x06, 0xCF, 0x85, 0xCC, 0x93, 0xCD, 0x82, 0xCA,
-	0x06, 0xCF, 0x85, 0xCC, 0x94, 0xCC, 0x80, 0xCA,
-	0x06, 0xCF, 0x85, 0xCC, 0x94, 0xCC, 0x81, 0xCA,
-	0x06, 0xCF, 0x85, 0xCC, 0x94, 0xCD, 0x82, 0xCA,
-	0x06, 0xCF, 0x89, 0xCC, 0x80, 0xCD, 0x85, 0xDA,
-	0x06, 0xCF, 0x89, 0xCC, 0x81, 0xCD, 0x85, 0xDA,
-	// Bytes 3ec0 - 3eff
-	0x06, 0xCF, 0x89, 0xCC, 0x93, 0xCD, 0x85, 0xDA,
-	0x06, 0xCF, 0x89, 0xCC, 0x94, 0xCD, 0x85, 0xDA,
-	0x06, 0xCF, 0x89, 0xCD, 0x82, 0xCD, 0x85, 0xDA,
-	0x06, 0xE0, 0xA4, 0xA8, 0xE0, 0xA4, 0xBC, 0x09,
-	0x06, 0xE0, 0xA4, 0xB0, 0xE0, 0xA4, 0xBC, 0x09,
-	0x06, 0xE0, 0xA4, 0xB3, 0xE0, 0xA4, 0xBC, 0x09,
-	0x06, 0xE0, 0xB1, 0x86, 0xE0, 0xB1, 0x96, 0x85,
-	0x06, 0xE0, 0xB7, 0x99, 0xE0, 0xB7, 0x8A, 0x11,
-	// Bytes 3f00 - 3f3f
-	0x06, 0xE3, 0x81, 0x86, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x81, 0x8B, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x81, 0x8D, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x81, 0x8F, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x81, 0x91, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x81, 0x93, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x81, 0x95, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x81, 0x97, 0xE3, 0x82, 0x99, 0x0D,
-	// Bytes 3f40 - 3f7f
-	0x06, 0xE3, 0x81, 0x99, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x81, 0x9B, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x81, 0x9D, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x81, 0x9F, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x81, 0xA1, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x81, 0xA4, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x81, 0xA6, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x81, 0xA8, 0xE3, 0x82, 0x99, 0x0D,
-	// Bytes 3f80 - 3fbf
-	0x06, 0xE3, 0x81, 0xAF, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x81, 0xAF, 0xE3, 0x82, 0x9A, 0x0D,
-	0x06, 0xE3, 0x81, 0xB2, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x81, 0xB2, 0xE3, 0x82, 0x9A, 0x0D,
-	0x06, 0xE3, 0x81, 0xB5, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x81, 0xB5, 0xE3, 0x82, 0x9A, 0x0D,
-	0x06, 0xE3, 0x81, 0xB8, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x81, 0xB8, 0xE3, 0x82, 0x9A, 0x0D,
-	// Bytes 3fc0 - 3fff
-	0x06, 0xE3, 0x81, 0xBB, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x81, 0xBB, 0xE3, 0x82, 0x9A, 0x0D,
-	0x06, 0xE3, 0x82, 0x9D, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x82, 0xA6, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x82, 0xAB, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x82, 0xAD, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x82, 0xAF, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x82, 0xB1, 0xE3, 0x82, 0x99, 0x0D,
-	// Bytes 4000 - 403f
-	0x06, 0xE3, 0x82, 0xB3, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x82, 0xB5, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x82, 0xB7, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x82, 0xB9, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x82, 0xBB, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x82, 0xBD, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x82, 0xBF, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x83, 0x81, 0xE3, 0x82, 0x99, 0x0D,
-	// Bytes 4040 - 407f
-	0x06, 0xE3, 0x83, 0x84, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x83, 0x86, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x83, 0x88, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x83, 0x8F, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x83, 0x8F, 0xE3, 0x82, 0x9A, 0x0D,
-	0x06, 0xE3, 0x83, 0x92, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x83, 0x92, 0xE3, 0x82, 0x9A, 0x0D,
-	0x06, 0xE3, 0x83, 0x95, 0xE3, 0x82, 0x99, 0x0D,
-	// Bytes 4080 - 40bf
-	0x06, 0xE3, 0x83, 0x95, 0xE3, 0x82, 0x9A, 0x0D,
-	0x06, 0xE3, 0x83, 0x98, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x83, 0x98, 0xE3, 0x82, 0x9A, 0x0D,
-	0x06, 0xE3, 0x83, 0x9B, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x83, 0x9B, 0xE3, 0x82, 0x9A, 0x0D,
-	0x06, 0xE3, 0x83, 0xAF, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x83, 0xB0, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x83, 0xB1, 0xE3, 0x82, 0x99, 0x0D,
-	// Bytes 40c0 - 40ff
-	0x06, 0xE3, 0x83, 0xB2, 0xE3, 0x82, 0x99, 0x0D,
-	0x06, 0xE3, 0x83, 0xBD, 0xE3, 0x82, 0x99, 0x0D,
-	0x08, 0xCE, 0x91, 0xCC, 0x93, 0xCC, 0x80, 0xCD,
-	0x85, 0xDB, 0x08, 0xCE, 0x91, 0xCC, 0x93, 0xCC,
-	0x81, 0xCD, 0x85, 0xDB, 0x08, 0xCE, 0x91, 0xCC,
-	0x93, 0xCD, 0x82, 0xCD, 0x85, 0xDB, 0x08, 0xCE,
-	0x91, 0xCC, 0x94, 0xCC, 0x80, 0xCD, 0x85, 0xDB,
-	0x08, 0xCE, 0x91, 0xCC, 0x94, 0xCC, 0x81, 0xCD,
-	// Bytes 4100 - 413f
-	0x85, 0xDB, 0x08, 0xCE, 0x91, 0xCC, 0x94, 0xCD,
-	0x82, 0xCD, 0x85, 0xDB, 0x08, 0xCE, 0x97, 0xCC,
-	0x93, 0xCC, 0x80, 0xCD, 0x85, 0xDB, 0x08, 0xCE,
-	0x97, 0xCC, 0x93, 0xCC, 0x81, 0xCD, 0x85, 0xDB,
-	0x08, 0xCE, 0x97, 0xCC, 0x93, 0xCD, 0x82, 0xCD,
-	0x85, 0xDB, 0x08, 0xCE, 0x97, 0xCC, 0x94, 0xCC,
-	0x80, 0xCD, 0x85, 0xDB, 0x08, 0xCE, 0x97, 0xCC,
-	0x94, 0xCC, 0x81, 0xCD, 0x85, 0xDB, 0x08, 0xCE,
-	// Bytes 4140 - 417f
-	0x97, 0xCC, 0x94, 0xCD, 0x82, 0xCD, 0x85, 0xDB,
-	0x08, 0xCE, 0xA9, 0xCC, 0x93, 0xCC, 0x80, 0xCD,
-	0x85, 0xDB, 0x08, 0xCE, 0xA9, 0xCC, 0x93, 0xCC,
-	0x81, 0xCD, 0x85, 0xDB, 0x08, 0xCE, 0xA9, 0xCC,
-	0x93, 0xCD, 0x82, 0xCD, 0x85, 0xDB, 0x08, 0xCE,
-	0xA9, 0xCC, 0x94, 0xCC, 0x80, 0xCD, 0x85, 0xDB,
-	0x08, 0xCE, 0xA9, 0xCC, 0x94, 0xCC, 0x81, 0xCD,
-	0x85, 0xDB, 0x08, 0xCE, 0xA9, 0xCC, 0x94, 0xCD,
-	// Bytes 4180 - 41bf
-	0x82, 0xCD, 0x85, 0xDB, 0x08, 0xCE, 0xB1, 0xCC,
-	0x93, 0xCC, 0x80, 0xCD, 0x85, 0xDB, 0x08, 0xCE,
-	0xB1, 0xCC, 0x93, 0xCC, 0x81, 0xCD, 0x85, 0xDB,
-	0x08, 0xCE, 0xB1, 0xCC, 0x93, 0xCD, 0x82, 0xCD,
-	0x85, 0xDB, 0x08, 0xCE, 0xB1, 0xCC, 0x94, 0xCC,
-	0x80, 0xCD, 0x85, 0xDB, 0x08, 0xCE, 0xB1, 0xCC,
-	0x94, 0xCC, 0x81, 0xCD, 0x85, 0xDB, 0x08, 0xCE,
-	0xB1, 0xCC, 0x94, 0xCD, 0x82, 0xCD, 0x85, 0xDB,
-	// Bytes 41c0 - 41ff
-	0x08, 0xCE, 0xB7, 0xCC, 0x93, 0xCC, 0x80, 0xCD,
-	0x85, 0xDB, 0x08, 0xCE, 0xB7, 0xCC, 0x93, 0xCC,
-	0x81, 0xCD, 0x85, 0xDB, 0x08, 0xCE, 0xB7, 0xCC,
-	0x93, 0xCD, 0x82, 0xCD, 0x85, 0xDB, 0x08, 0xCE,
-	0xB7, 0xCC, 0x94, 0xCC, 0x80, 0xCD, 0x85, 0xDB,
-	0x08, 0xCE, 0xB7, 0xCC, 0x94, 0xCC, 0x81, 0xCD,
-	0x85, 0xDB, 0x08, 0xCE, 0xB7, 0xCC, 0x94, 0xCD,
-	0x82, 0xCD, 0x85, 0xDB, 0x08, 0xCF, 0x89, 0xCC,
-	// Bytes 4200 - 423f
-	0x93, 0xCC, 0x80, 0xCD, 0x85, 0xDB, 0x08, 0xCF,
-	0x89, 0xCC, 0x93, 0xCC, 0x81, 0xCD, 0x85, 0xDB,
-	0x08, 0xCF, 0x89, 0xCC, 0x93, 0xCD, 0x82, 0xCD,
-	0x85, 0xDB, 0x08, 0xCF, 0x89, 0xCC, 0x94, 0xCC,
-	0x80, 0xCD, 0x85, 0xDB, 0x08, 0xCF, 0x89, 0xCC,
-	0x94, 0xCC, 0x81, 0xCD, 0x85, 0xDB, 0x08, 0xCF,
-	0x89, 0xCC, 0x94, 0xCD, 0x82, 0xCD, 0x85, 0xDB,
-	0x08, 0xF0, 0x91, 0x82, 0x99, 0xF0, 0x91, 0x82,
-	// Bytes 4240 - 427f
-	0xBA, 0x09, 0x08, 0xF0, 0x91, 0x82, 0x9B, 0xF0,
-	0x91, 0x82, 0xBA, 0x09, 0x08, 0xF0, 0x91, 0x82,
-	0xA5, 0xF0, 0x91, 0x82, 0xBA, 0x09, 0x42, 0xC2,
-	0xB4, 0x01, 0x43, 0x20, 0xCC, 0x81, 0xC9, 0x43,
-	0x20, 0xCC, 0x83, 0xC9, 0x43, 0x20, 0xCC, 0x84,
-	0xC9, 0x43, 0x20, 0xCC, 0x85, 0xC9, 0x43, 0x20,
-	0xCC, 0x86, 0xC9, 0x43, 0x20, 0xCC, 0x87, 0xC9,
-	0x43, 0x20, 0xCC, 0x88, 0xC9, 0x43, 0x20, 0xCC,
-	// Bytes 4280 - 42bf
-	0x8A, 0xC9, 0x43, 0x20, 0xCC, 0x8B, 0xC9, 0x43,
-	0x20, 0xCC, 0x93, 0xC9, 0x43, 0x20, 0xCC, 0x94,
-	0xC9, 0x43, 0x20, 0xCC, 0xA7, 0xA5, 0x43, 0x20,
-	0xCC, 0xA8, 0xA5, 0x43, 0x20, 0xCC, 0xB3, 0xB5,
-	0x43, 0x20, 0xCD, 0x82, 0xC9, 0x43, 0x20, 0xCD,
-	0x85, 0xD9, 0x43, 0x20, 0xD9, 0x8B, 0x59, 0x43,
-	0x20, 0xD9, 0x8C, 0x5D, 0x43, 0x20, 0xD9, 0x8D,
-	0x61, 0x43, 0x20, 0xD9, 0x8E, 0x65, 0x43, 0x20,
-	// Bytes 42c0 - 42ff
-	0xD9, 0x8F, 0x69, 0x43, 0x20, 0xD9, 0x90, 0x6D,
-	0x43, 0x20, 0xD9, 0x91, 0x71, 0x43, 0x20, 0xD9,
-	0x92, 0x75, 0x43, 0x41, 0xCC, 0x8A, 0xC9, 0x43,
-	0x73, 0xCC, 0x87, 0xC9, 0x44, 0x20, 0xE3, 0x82,
-	0x99, 0x0D, 0x44, 0x20, 0xE3, 0x82, 0x9A, 0x0D,
-	0x44, 0xC2, 0xA8, 0xCC, 0x81, 0xCA, 0x44, 0xCE,
-	0x91, 0xCC, 0x81, 0xC9, 0x44, 0xCE, 0x95, 0xCC,
-	0x81, 0xC9, 0x44, 0xCE, 0x97, 0xCC, 0x81, 0xC9,
-	// Bytes 4300 - 433f
-	0x44, 0xCE, 0x99, 0xCC, 0x81, 0xC9, 0x44, 0xCE,
-	0x9F, 0xCC, 0x81, 0xC9, 0x44, 0xCE, 0xA5, 0xCC,
-	0x81, 0xC9, 0x44, 0xCE, 0xA5, 0xCC, 0x88, 0xC9,
-	0x44, 0xCE, 0xA9, 0xCC, 0x81, 0xC9, 0x44, 0xCE,
-	0xB1, 0xCC, 0x81, 0xC9, 0x44, 0xCE, 0xB5, 0xCC,
-	0x81, 0xC9, 0x44, 0xCE, 0xB7, 0xCC, 0x81, 0xC9,
-	0x44, 0xCE, 0xB9, 0xCC, 0x81, 0xC9, 0x44, 0xCE,
-	0xBF, 0xCC, 0x81, 0xC9, 0x44, 0xCF, 0x85, 0xCC,
-	// Bytes 4340 - 437f
-	0x81, 0xC9, 0x44, 0xCF, 0x89, 0xCC, 0x81, 0xC9,
-	0x44, 0xD7, 0x90, 0xD6, 0xB7, 0x31, 0x44, 0xD7,
-	0x90, 0xD6, 0xB8, 0x35, 0x44, 0xD7, 0x90, 0xD6,
-	0xBC, 0x41, 0x44, 0xD7, 0x91, 0xD6, 0xBC, 0x41,
-	0x44, 0xD7, 0x91, 0xD6, 0xBF, 0x49, 0x44, 0xD7,
-	0x92, 0xD6, 0xBC, 0x41, 0x44, 0xD7, 0x93, 0xD6,
-	0xBC, 0x41, 0x44, 0xD7, 0x94, 0xD6, 0xBC, 0x41,
-	0x44, 0xD7, 0x95, 0xD6, 0xB9, 0x39, 0x44, 0xD7,
-	// Bytes 4380 - 43bf
-	0x95, 0xD6, 0xBC, 0x41, 0x44, 0xD7, 0x96, 0xD6,
-	0xBC, 0x41, 0x44, 0xD7, 0x98, 0xD6, 0xBC, 0x41,
-	0x44, 0xD7, 0x99, 0xD6, 0xB4, 0x25, 0x44, 0xD7,
-	0x99, 0xD6, 0xBC, 0x41, 0x44, 0xD7, 0x9A, 0xD6,
-	0xBC, 0x41, 0x44, 0xD7, 0x9B, 0xD6, 0xBC, 0x41,
-	0x44, 0xD7, 0x9B, 0xD6, 0xBF, 0x49, 0x44, 0xD7,
-	0x9C, 0xD6, 0xBC, 0x41, 0x44, 0xD7, 0x9E, 0xD6,
-	0xBC, 0x41, 0x44, 0xD7, 0xA0, 0xD6, 0xBC, 0x41,
-	// Bytes 43c0 - 43ff
-	0x44, 0xD7, 0xA1, 0xD6, 0xBC, 0x41, 0x44, 0xD7,
-	0xA3, 0xD6, 0xBC, 0x41, 0x44, 0xD7, 0xA4, 0xD6,
-	0xBC, 0x41, 0x44, 0xD7, 0xA4, 0xD6, 0xBF, 0x49,
-	0x44, 0xD7, 0xA6, 0xD6, 0xBC, 0x41, 0x44, 0xD7,
-	0xA7, 0xD6, 0xBC, 0x41, 0x44, 0xD7, 0xA8, 0xD6,
-	0xBC, 0x41, 0x44, 0xD7, 0xA9, 0xD6, 0xBC, 0x41,
-	0x44, 0xD7, 0xA9, 0xD7, 0x81, 0x4D, 0x44, 0xD7,
-	0xA9, 0xD7, 0x82, 0x51, 0x44, 0xD7, 0xAA, 0xD6,
-	// Bytes 4400 - 443f
-	0xBC, 0x41, 0x44, 0xD7, 0xB2, 0xD6, 0xB7, 0x31,
-	0x44, 0xD8, 0xA7, 0xD9, 0x8B, 0x59, 0x44, 0xD8,
-	0xA7, 0xD9, 0x93, 0xC9, 0x44, 0xD8, 0xA7, 0xD9,
-	0x94, 0xC9, 0x44, 0xD8, 0xA7, 0xD9, 0x95, 0xB5,
-	0x44, 0xD8, 0xB0, 0xD9, 0xB0, 0x79, 0x44, 0xD8,
-	0xB1, 0xD9, 0xB0, 0x79, 0x44, 0xD9, 0x80, 0xD9,
-	0x8B, 0x59, 0x44, 0xD9, 0x80, 0xD9, 0x8E, 0x65,
-	0x44, 0xD9, 0x80, 0xD9, 0x8F, 0x69, 0x44, 0xD9,
-	// Bytes 4440 - 447f
-	0x80, 0xD9, 0x90, 0x6D, 0x44, 0xD9, 0x80, 0xD9,
-	0x91, 0x71, 0x44, 0xD9, 0x80, 0xD9, 0x92, 0x75,
-	0x44, 0xD9, 0x87, 0xD9, 0xB0, 0x79, 0x44, 0xD9,
-	0x88, 0xD9, 0x94, 0xC9, 0x44, 0xD9, 0x89, 0xD9,
-	0xB0, 0x79, 0x44, 0xD9, 0x8A, 0xD9, 0x94, 0xC9,
-	0x44, 0xDB, 0x92, 0xD9, 0x94, 0xC9, 0x44, 0xDB,
-	0x95, 0xD9, 0x94, 0xC9, 0x45, 0x20, 0xCC, 0x88,
-	0xCC, 0x80, 0xCA, 0x45, 0x20, 0xCC, 0x88, 0xCC,
-	// Bytes 4480 - 44bf
-	0x81, 0xCA, 0x45, 0x20, 0xCC, 0x88, 0xCD, 0x82,
-	0xCA, 0x45, 0x20, 0xCC, 0x93, 0xCC, 0x80, 0xCA,
-	0x45, 0x20, 0xCC, 0x93, 0xCC, 0x81, 0xCA, 0x45,
-	0x20, 0xCC, 0x93, 0xCD, 0x82, 0xCA, 0x45, 0x20,
-	0xCC, 0x94, 0xCC, 0x80, 0xCA, 0x45, 0x20, 0xCC,
-	0x94, 0xCC, 0x81, 0xCA, 0x45, 0x20, 0xCC, 0x94,
-	0xCD, 0x82, 0xCA, 0x45, 0x20, 0xD9, 0x8C, 0xD9,
-	0x91, 0x72, 0x45, 0x20, 0xD9, 0x8D, 0xD9, 0x91,
-	// Bytes 44c0 - 44ff
-	0x72, 0x45, 0x20, 0xD9, 0x8E, 0xD9, 0x91, 0x72,
-	0x45, 0x20, 0xD9, 0x8F, 0xD9, 0x91, 0x72, 0x45,
-	0x20, 0xD9, 0x90, 0xD9, 0x91, 0x72, 0x45, 0x20,
-	0xD9, 0x91, 0xD9, 0xB0, 0x7A, 0x45, 0xE2, 0xAB,
-	0x9D, 0xCC, 0xB8, 0x05, 0x46, 0xCE, 0xB9, 0xCC,
-	0x88, 0xCC, 0x81, 0xCA, 0x46, 0xCF, 0x85, 0xCC,
-	0x88, 0xCC, 0x81, 0xCA, 0x46, 0xD7, 0xA9, 0xD6,
-	0xBC, 0xD7, 0x81, 0x4E, 0x46, 0xD7, 0xA9, 0xD6,
-	// Bytes 4500 - 453f
-	0xBC, 0xD7, 0x82, 0x52, 0x46, 0xD9, 0x80, 0xD9,
-	0x8E, 0xD9, 0x91, 0x72, 0x46, 0xD9, 0x80, 0xD9,
-	0x8F, 0xD9, 0x91, 0x72, 0x46, 0xD9, 0x80, 0xD9,
-	0x90, 0xD9, 0x91, 0x72, 0x46, 0xE0, 0xA4, 0x95,
-	0xE0, 0xA4, 0xBC, 0x09, 0x46, 0xE0, 0xA4, 0x96,
-	0xE0, 0xA4, 0xBC, 0x09, 0x46, 0xE0, 0xA4, 0x97,
-	0xE0, 0xA4, 0xBC, 0x09, 0x46, 0xE0, 0xA4, 0x9C,
-	0xE0, 0xA4, 0xBC, 0x09, 0x46, 0xE0, 0xA4, 0xA1,
-	// Bytes 4540 - 457f
-	0xE0, 0xA4, 0xBC, 0x09, 0x46, 0xE0, 0xA4, 0xA2,
-	0xE0, 0xA4, 0xBC, 0x09, 0x46, 0xE0, 0xA4, 0xAB,
-	0xE0, 0xA4, 0xBC, 0x09, 0x46, 0xE0, 0xA4, 0xAF,
-	0xE0, 0xA4, 0xBC, 0x09, 0x46, 0xE0, 0xA6, 0xA1,
-	0xE0, 0xA6, 0xBC, 0x09, 0x46, 0xE0, 0xA6, 0xA2,
-	0xE0, 0xA6, 0xBC, 0x09, 0x46, 0xE0, 0xA6, 0xAF,
-	0xE0, 0xA6, 0xBC, 0x09, 0x46, 0xE0, 0xA8, 0x96,
-	0xE0, 0xA8, 0xBC, 0x09, 0x46, 0xE0, 0xA8, 0x97,
-	// Bytes 4580 - 45bf
-	0xE0, 0xA8, 0xBC, 0x09, 0x46, 0xE0, 0xA8, 0x9C,
-	0xE0, 0xA8, 0xBC, 0x09, 0x46, 0xE0, 0xA8, 0xAB,
-	0xE0, 0xA8, 0xBC, 0x09, 0x46, 0xE0, 0xA8, 0xB2,
-	0xE0, 0xA8, 0xBC, 0x09, 0x46, 0xE0, 0xA8, 0xB8,
-	0xE0, 0xA8, 0xBC, 0x09, 0x46, 0xE0, 0xAC, 0xA1,
-	0xE0, 0xAC, 0xBC, 0x09, 0x46, 0xE0, 0xAC, 0xA2,
-	0xE0, 0xAC, 0xBC, 0x09, 0x46, 0xE0, 0xBE, 0xB2,
-	0xE0, 0xBE, 0x80, 0x9D, 0x46, 0xE0, 0xBE, 0xB3,
-	// Bytes 45c0 - 45ff
-	0xE0, 0xBE, 0x80, 0x9D, 0x46, 0xE3, 0x83, 0x86,
-	0xE3, 0x82, 0x99, 0x0D, 0x48, 0xF0, 0x9D, 0x85,
-	0x97, 0xF0, 0x9D, 0x85, 0xA5, 0xAD, 0x48, 0xF0,
-	0x9D, 0x85, 0x98, 0xF0, 0x9D, 0x85, 0xA5, 0xAD,
-	0x48, 0xF0, 0x9D, 0x86, 0xB9, 0xF0, 0x9D, 0x85,
-	0xA5, 0xAD, 0x48, 0xF0, 0x9D, 0x86, 0xBA, 0xF0,
-	0x9D, 0x85, 0xA5, 0xAD, 0x49, 0xE0, 0xBE, 0xB2,
-	0xE0, 0xBD, 0xB1, 0xE0, 0xBE, 0x80, 0x9E, 0x49,
-	// Bytes 4600 - 463f
-	0xE0, 0xBE, 0xB3, 0xE0, 0xBD, 0xB1, 0xE0, 0xBE,
-	0x80, 0x9E, 0x4C, 0xF0, 0x9D, 0x85, 0x98, 0xF0,
-	0x9D, 0x85, 0xA5, 0xF0, 0x9D, 0x85, 0xAE, 0xAE,
-	0x4C, 0xF0, 0x9D, 0x85, 0x98, 0xF0, 0x9D, 0x85,
-	0xA5, 0xF0, 0x9D, 0x85, 0xAF, 0xAE, 0x4C, 0xF0,
-	0x9D, 0x85, 0x98, 0xF0, 0x9D, 0x85, 0xA5, 0xF0,
-	0x9D, 0x85, 0xB0, 0xAE, 0x4C, 0xF0, 0x9D, 0x85,
-	0x98, 0xF0, 0x9D, 0x85, 0xA5, 0xF0, 0x9D, 0x85,
-	// Bytes 4640 - 467f
-	0xB1, 0xAE, 0x4C, 0xF0, 0x9D, 0x85, 0x98, 0xF0,
-	0x9D, 0x85, 0xA5, 0xF0, 0x9D, 0x85, 0xB2, 0xAE,
-	0x4C, 0xF0, 0x9D, 0x86, 0xB9, 0xF0, 0x9D, 0x85,
-	0xA5, 0xF0, 0x9D, 0x85, 0xAE, 0xAE, 0x4C, 0xF0,
-	0x9D, 0x86, 0xB9, 0xF0, 0x9D, 0x85, 0xA5, 0xF0,
-	0x9D, 0x85, 0xAF, 0xAE, 0x4C, 0xF0, 0x9D, 0x86,
-	0xBA, 0xF0, 0x9D, 0x85, 0xA5, 0xF0, 0x9D, 0x85,
-	0xAE, 0xAE, 0x4C, 0xF0, 0x9D, 0x86, 0xBA, 0xF0,
-	// Bytes 4680 - 46bf
-	0x9D, 0x85, 0xA5, 0xF0, 0x9D, 0x85, 0xAF, 0xAE,
-	0x83, 0x41, 0xCC, 0x82, 0xC9, 0x83, 0x41, 0xCC,
-	0x86, 0xC9, 0x83, 0x41, 0xCC, 0x87, 0xC9, 0x83,
-	0x41, 0xCC, 0x88, 0xC9, 0x83, 0x41, 0xCC, 0x8A,
-	0xC9, 0x83, 0x41, 0xCC, 0xA3, 0xB5, 0x83, 0x43,
-	0xCC, 0xA7, 0xA5, 0x83, 0x45, 0xCC, 0x82, 0xC9,
-	0x83, 0x45, 0xCC, 0x84, 0xC9, 0x83, 0x45, 0xCC,
-	0xA3, 0xB5, 0x83, 0x45, 0xCC, 0xA7, 0xA5, 0x83,
-	// Bytes 46c0 - 46ff
-	0x49, 0xCC, 0x88, 0xC9, 0x83, 0x4C, 0xCC, 0xA3,
-	0xB5, 0x83, 0x4F, 0xCC, 0x82, 0xC9, 0x83, 0x4F,
-	0xCC, 0x83, 0xC9, 0x83, 0x4F, 0xCC, 0x84, 0xC9,
-	0x83, 0x4F, 0xCC, 0x87, 0xC9, 0x83, 0x4F, 0xCC,
-	0x88, 0xC9, 0x83, 0x4F, 0xCC, 0x9B, 0xAD, 0x83,
-	0x4F, 0xCC, 0xA3, 0xB5, 0x83, 0x4F, 0xCC, 0xA8,
-	0xA5, 0x83, 0x52, 0xCC, 0xA3, 0xB5, 0x83, 0x53,
-	0xCC, 0x81, 0xC9, 0x83, 0x53, 0xCC, 0x8C, 0xC9,
-	// Bytes 4700 - 473f
-	0x83, 0x53, 0xCC, 0xA3, 0xB5, 0x83, 0x55, 0xCC,
-	0x83, 0xC9, 0x83, 0x55, 0xCC, 0x84, 0xC9, 0x83,
-	0x55, 0xCC, 0x88, 0xC9, 0x83, 0x55, 0xCC, 0x9B,
-	0xAD, 0x83, 0x61, 0xCC, 0x82, 0xC9, 0x83, 0x61,
-	0xCC, 0x86, 0xC9, 0x83, 0x61, 0xCC, 0x87, 0xC9,
-	0x83, 0x61, 0xCC, 0x88, 0xC9, 0x83, 0x61, 0xCC,
-	0x8A, 0xC9, 0x83, 0x61, 0xCC, 0xA3, 0xB5, 0x83,
-	0x63, 0xCC, 0xA7, 0xA5, 0x83, 0x65, 0xCC, 0x82,
-	// Bytes 4740 - 477f
-	0xC9, 0x83, 0x65, 0xCC, 0x84, 0xC9, 0x83, 0x65,
-	0xCC, 0xA3, 0xB5, 0x83, 0x65, 0xCC, 0xA7, 0xA5,
-	0x83, 0x69, 0xCC, 0x88, 0xC9, 0x83, 0x6C, 0xCC,
-	0xA3, 0xB5, 0x83, 0x6F, 0xCC, 0x82, 0xC9, 0x83,
-	0x6F, 0xCC, 0x83, 0xC9, 0x83, 0x6F, 0xCC, 0x84,
-	0xC9, 0x83, 0x6F, 0xCC, 0x87, 0xC9, 0x83, 0x6F,
-	0xCC, 0x88, 0xC9, 0x83, 0x6F, 0xCC, 0x9B, 0xAD,
-	0x83, 0x6F, 0xCC, 0xA3, 0xB5, 0x83, 0x6F, 0xCC,
-	// Bytes 4780 - 47bf
-	0xA8, 0xA5, 0x83, 0x72, 0xCC, 0xA3, 0xB5, 0x83,
-	0x73, 0xCC, 0x81, 0xC9, 0x83, 0x73, 0xCC, 0x8C,
-	0xC9, 0x83, 0x73, 0xCC, 0xA3, 0xB5, 0x83, 0x75,
-	0xCC, 0x83, 0xC9, 0x83, 0x75, 0xCC, 0x84, 0xC9,
-	0x83, 0x75, 0xCC, 0x88, 0xC9, 0x83, 0x75, 0xCC,
-	0x9B, 0xAD, 0x84, 0xCE, 0x91, 0xCC, 0x93, 0xC9,
-	0x84, 0xCE, 0x91, 0xCC, 0x94, 0xC9, 0x84, 0xCE,
-	0x95, 0xCC, 0x93, 0xC9, 0x84, 0xCE, 0x95, 0xCC,
-	// Bytes 47c0 - 47ff
-	0x94, 0xC9, 0x84, 0xCE, 0x97, 0xCC, 0x93, 0xC9,
-	0x84, 0xCE, 0x97, 0xCC, 0x94, 0xC9, 0x84, 0xCE,
-	0x99, 0xCC, 0x93, 0xC9, 0x84, 0xCE, 0x99, 0xCC,
-	0x94, 0xC9, 0x84, 0xCE, 0x9F, 0xCC, 0x93, 0xC9,
-	0x84, 0xCE, 0x9F, 0xCC, 0x94, 0xC9, 0x84, 0xCE,
-	0xA5, 0xCC, 0x94, 0xC9, 0x84, 0xCE, 0xA9, 0xCC,
-	0x93, 0xC9, 0x84, 0xCE, 0xA9, 0xCC, 0x94, 0xC9,
-	0x84, 0xCE, 0xB1, 0xCC, 0x80, 0xC9, 0x84, 0xCE,
-	// Bytes 4800 - 483f
-	0xB1, 0xCC, 0x81, 0xC9, 0x84, 0xCE, 0xB1, 0xCC,
-	0x93, 0xC9, 0x84, 0xCE, 0xB1, 0xCC, 0x94, 0xC9,
-	0x84, 0xCE, 0xB1, 0xCD, 0x82, 0xC9, 0x84, 0xCE,
-	0xB5, 0xCC, 0x93, 0xC9, 0x84, 0xCE, 0xB5, 0xCC,
-	0x94, 0xC9, 0x84, 0xCE, 0xB7, 0xCC, 0x80, 0xC9,
-	0x84, 0xCE, 0xB7, 0xCC, 0x81, 0xC9, 0x84, 0xCE,
-	0xB7, 0xCC, 0x93, 0xC9, 0x84, 0xCE, 0xB7, 0xCC,
-	0x94, 0xC9, 0x84, 0xCE, 0xB7, 0xCD, 0x82, 0xC9,
-	// Bytes 4840 - 487f
-	0x84, 0xCE, 0xB9, 0xCC, 0x88, 0xC9, 0x84, 0xCE,
-	0xB9, 0xCC, 0x93, 0xC9, 0x84, 0xCE, 0xB9, 0xCC,
-	0x94, 0xC9, 0x84, 0xCE, 0xBF, 0xCC, 0x93, 0xC9,
-	0x84, 0xCE, 0xBF, 0xCC, 0x94, 0xC9, 0x84, 0xCF,
-	0x85, 0xCC, 0x88, 0xC9, 0x84, 0xCF, 0x85, 0xCC,
-	0x93, 0xC9, 0x84, 0xCF, 0x85, 0xCC, 0x94, 0xC9,
-	0x84, 0xCF, 0x89, 0xCC, 0x80, 0xC9, 0x84, 0xCF,
-	0x89, 0xCC, 0x81, 0xC9, 0x84, 0xCF, 0x89, 0xCC,
-	// Bytes 4880 - 48bf
-	0x93, 0xC9, 0x84, 0xCF, 0x89, 0xCC, 0x94, 0xC9,
-	0x84, 0xCF, 0x89, 0xCD, 0x82, 0xC9, 0x86, 0xCE,
-	0x91, 0xCC, 0x93, 0xCC, 0x80, 0xCA, 0x86, 0xCE,
-	0x91, 0xCC, 0x93, 0xCC, 0x81, 0xCA, 0x86, 0xCE,
-	0x91, 0xCC, 0x93, 0xCD, 0x82, 0xCA, 0x86, 0xCE,
-	0x91, 0xCC, 0x94, 0xCC, 0x80, 0xCA, 0x86, 0xCE,
-	0x91, 0xCC, 0x94, 0xCC, 0x81, 0xCA, 0x86, 0xCE,
-	0x91, 0xCC, 0x94, 0xCD, 0x82, 0xCA, 0x86, 0xCE,
-	// Bytes 48c0 - 48ff
-	0x97, 0xCC, 0x93, 0xCC, 0x80, 0xCA, 0x86, 0xCE,
-	0x97, 0xCC, 0x93, 0xCC, 0x81, 0xCA, 0x86, 0xCE,
-	0x97, 0xCC, 0x93, 0xCD, 0x82, 0xCA, 0x86, 0xCE,
-	0x97, 0xCC, 0x94, 0xCC, 0x80, 0xCA, 0x86, 0xCE,
-	0x97, 0xCC, 0x94, 0xCC, 0x81, 0xCA, 0x86, 0xCE,
-	0x97, 0xCC, 0x94, 0xCD, 0x82, 0xCA, 0x86, 0xCE,
-	0xA9, 0xCC, 0x93, 0xCC, 0x80, 0xCA, 0x86, 0xCE,
-	0xA9, 0xCC, 0x93, 0xCC, 0x81, 0xCA, 0x86, 0xCE,
-	// Bytes 4900 - 493f
-	0xA9, 0xCC, 0x93, 0xCD, 0x82, 0xCA, 0x86, 0xCE,
-	0xA9, 0xCC, 0x94, 0xCC, 0x80, 0xCA, 0x86, 0xCE,
-	0xA9, 0xCC, 0x94, 0xCC, 0x81, 0xCA, 0x86, 0xCE,
-	0xA9, 0xCC, 0x94, 0xCD, 0x82, 0xCA, 0x86, 0xCE,
-	0xB1, 0xCC, 0x93, 0xCC, 0x80, 0xCA, 0x86, 0xCE,
-	0xB1, 0xCC, 0x93, 0xCC, 0x81, 0xCA, 0x86, 0xCE,
-	0xB1, 0xCC, 0x93, 0xCD, 0x82, 0xCA, 0x86, 0xCE,
-	0xB1, 0xCC, 0x94, 0xCC, 0x80, 0xCA, 0x86, 0xCE,
-	// Bytes 4940 - 497f
-	0xB1, 0xCC, 0x94, 0xCC, 0x81, 0xCA, 0x86, 0xCE,
-	0xB1, 0xCC, 0x94, 0xCD, 0x82, 0xCA, 0x86, 0xCE,
-	0xB7, 0xCC, 0x93, 0xCC, 0x80, 0xCA, 0x86, 0xCE,
-	0xB7, 0xCC, 0x93, 0xCC, 0x81, 0xCA, 0x86, 0xCE,
-	0xB7, 0xCC, 0x93, 0xCD, 0x82, 0xCA, 0x86, 0xCE,
-	0xB7, 0xCC, 0x94, 0xCC, 0x80, 0xCA, 0x86, 0xCE,
-	0xB7, 0xCC, 0x94, 0xCC, 0x81, 0xCA, 0x86, 0xCE,
-	0xB7, 0xCC, 0x94, 0xCD, 0x82, 0xCA, 0x86, 0xCF,
-	// Bytes 4980 - 49bf
-	0x89, 0xCC, 0x93, 0xCC, 0x80, 0xCA, 0x86, 0xCF,
-	0x89, 0xCC, 0x93, 0xCC, 0x81, 0xCA, 0x86, 0xCF,
-	0x89, 0xCC, 0x93, 0xCD, 0x82, 0xCA, 0x86, 0xCF,
-	0x89, 0xCC, 0x94, 0xCC, 0x80, 0xCA, 0x86, 0xCF,
-	0x89, 0xCC, 0x94, 0xCC, 0x81, 0xCA, 0x86, 0xCF,
-	0x89, 0xCC, 0x94, 0xCD, 0x82, 0xCA, 0x42, 0xCC,
-	0x80, 0xC9, 0x32, 0x42, 0xCC, 0x81, 0xC9, 0x32,
-	0x42, 0xCC, 0x93, 0xC9, 0x32, 0x43, 0xE1, 0x85,
-	// Bytes 49c0 - 49ff
-	0xA1, 0x01, 0x00, 0x43, 0xE1, 0x85, 0xA2, 0x01,
-	0x00, 0x43, 0xE1, 0x85, 0xA3, 0x01, 0x00, 0x43,
-	0xE1, 0x85, 0xA4, 0x01, 0x00, 0x43, 0xE1, 0x85,
-	0xA5, 0x01, 0x00, 0x43, 0xE1, 0x85, 0xA6, 0x01,
-	0x00, 0x43, 0xE1, 0x85, 0xA7, 0x01, 0x00, 0x43,
-	0xE1, 0x85, 0xA8, 0x01, 0x00, 0x43, 0xE1, 0x85,
-	0xA9, 0x01, 0x00, 0x43, 0xE1, 0x85, 0xAA, 0x01,
-	0x00, 0x43, 0xE1, 0x85, 0xAB, 0x01, 0x00, 0x43,
-	// Bytes 4a00 - 4a3f
-	0xE1, 0x85, 0xAC, 0x01, 0x00, 0x43, 0xE1, 0x85,
-	0xAD, 0x01, 0x00, 0x43, 0xE1, 0x85, 0xAE, 0x01,
-	0x00, 0x43, 0xE1, 0x85, 0xAF, 0x01, 0x00, 0x43,
-	0xE1, 0x85, 0xB0, 0x01, 0x00, 0x43, 0xE1, 0x85,
-	0xB1, 0x01, 0x00, 0x43, 0xE1, 0x85, 0xB2, 0x01,
-	0x00, 0x43, 0xE1, 0x85, 0xB3, 0x01, 0x00, 0x43,
-	0xE1, 0x85, 0xB4, 0x01, 0x00, 0x43, 0xE1, 0x85,
-	0xB5, 0x01, 0x00, 0x43, 0xE1, 0x86, 0xAA, 0x01,
-	// Bytes 4a40 - 4a7f
-	0x00, 0x43, 0xE1, 0x86, 0xAC, 0x01, 0x00, 0x43,
-	0xE1, 0x86, 0xAD, 0x01, 0x00, 0x43, 0xE1, 0x86,
-	0xB0, 0x01, 0x00, 0x43, 0xE1, 0x86, 0xB1, 0x01,
-	0x00, 0x43, 0xE1, 0x86, 0xB2, 0x01, 0x00, 0x43,
-	0xE1, 0x86, 0xB3, 0x01, 0x00, 0x43, 0xE1, 0x86,
-	0xB4, 0x01, 0x00, 0x43, 0xE1, 0x86, 0xB5, 0x01,
-	0x00, 0x44, 0xCC, 0x88, 0xCC, 0x81, 0xCA, 0x32,
-	0x43, 0xE3, 0x82, 0x99, 0x0D, 0x03, 0x43, 0xE3,
-	// Bytes 4a80 - 4abf
-	0x82, 0x9A, 0x0D, 0x03, 0x46, 0xE0, 0xBD, 0xB1,
-	0xE0, 0xBD, 0xB2, 0x9E, 0x26, 0x46, 0xE0, 0xBD,
-	0xB1, 0xE0, 0xBD, 0xB4, 0xA2, 0x26, 0x46, 0xE0,
-	0xBD, 0xB1, 0xE0, 0xBE, 0x80, 0x9E, 0x26, 0x00,
-	0x01,
-}
-
-// lookup returns the trie value for the first UTF-8 encoding in s and
-// the width in bytes of this encoding. The size will be 0 if s does not
-// hold enough bytes to complete the encoding. len(s) must be greater than 0.
-func (t *nfcTrie) lookup(s []byte) (v uint16, sz int) {
-	c0 := s[0]
-	switch {
-	case c0 < 0x80: // is ASCII
-		return nfcValues[c0], 1
-	case c0 < 0xC2:
-		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
-	case c0 < 0xE0: // 2-byte UTF-8
-		if len(s) < 2 {
-			return 0, 0
-		}
-		i := nfcIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c1), 2
-	case c0 < 0xF0: // 3-byte UTF-8
-		if len(s) < 3 {
-			return 0, 0
-		}
-		i := nfcIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		o := uint32(i)<<6 + uint32(c1)
-		i = nfcIndex[o]
-		c2 := s[2]
-		if c2 < 0x80 || 0xC0 <= c2 {
-			return 0, 2 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c2), 3
-	case c0 < 0xF8: // 4-byte UTF-8
-		if len(s) < 4 {
-			return 0, 0
-		}
-		i := nfcIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		o := uint32(i)<<6 + uint32(c1)
-		i = nfcIndex[o]
-		c2 := s[2]
-		if c2 < 0x80 || 0xC0 <= c2 {
-			return 0, 2 // Illegal UTF-8: not a continuation byte.
-		}
-		o = uint32(i)<<6 + uint32(c2)
-		i = nfcIndex[o]
-		c3 := s[3]
-		if c3 < 0x80 || 0xC0 <= c3 {
-			return 0, 3 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c3), 4
-	}
-	// Illegal rune
-	return 0, 1
-}
-
-// lookupUnsafe returns the trie value for the first UTF-8 encoding in s.
-// s must start with a full and valid UTF-8 encoded rune.
-func (t *nfcTrie) lookupUnsafe(s []byte) uint16 {
-	c0 := s[0]
-	if c0 < 0x80 { // is ASCII
-		return nfcValues[c0]
-	}
-	i := nfcIndex[c0]
-	if c0 < 0xE0 { // 2-byte UTF-8
-		return t.lookupValue(uint32(i), s[1])
-	}
-	i = nfcIndex[uint32(i)<<6+uint32(s[1])]
-	if c0 < 0xF0 { // 3-byte UTF-8
-		return t.lookupValue(uint32(i), s[2])
-	}
-	i = nfcIndex[uint32(i)<<6+uint32(s[2])]
-	if c0 < 0xF8 { // 4-byte UTF-8
-		return t.lookupValue(uint32(i), s[3])
-	}
-	return 0
-}
-
-// lookupString returns the trie value for the first UTF-8 encoding in s and
-// the width in bytes of this encoding. The size will be 0 if s does not
-// hold enough bytes to complete the encoding. len(s) must be greater than 0.
-func (t *nfcTrie) lookupString(s string) (v uint16, sz int) {
-	c0 := s[0]
-	switch {
-	case c0 < 0x80: // is ASCII
-		return nfcValues[c0], 1
-	case c0 < 0xC2:
-		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
-	case c0 < 0xE0: // 2-byte UTF-8
-		if len(s) < 2 {
-			return 0, 0
-		}
-		i := nfcIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c1), 2
-	case c0 < 0xF0: // 3-byte UTF-8
-		if len(s) < 3 {
-			return 0, 0
-		}
-		i := nfcIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		o := uint32(i)<<6 + uint32(c1)
-		i = nfcIndex[o]
-		c2 := s[2]
-		if c2 < 0x80 || 0xC0 <= c2 {
-			return 0, 2 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c2), 3
-	case c0 < 0xF8: // 4-byte UTF-8
-		if len(s) < 4 {
-			return 0, 0
-		}
-		i := nfcIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		o := uint32(i)<<6 + uint32(c1)
-		i = nfcIndex[o]
-		c2 := s[2]
-		if c2 < 0x80 || 0xC0 <= c2 {
-			return 0, 2 // Illegal UTF-8: not a continuation byte.
-		}
-		o = uint32(i)<<6 + uint32(c2)
-		i = nfcIndex[o]
-		c3 := s[3]
-		if c3 < 0x80 || 0xC0 <= c3 {
-			return 0, 3 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c3), 4
-	}
-	// Illegal rune
-	return 0, 1
-}
-
-// lookupStringUnsafe returns the trie value for the first UTF-8 encoding in s.
-// s must start with a full and valid UTF-8 encoded rune.
-func (t *nfcTrie) lookupStringUnsafe(s string) uint16 {
-	c0 := s[0]
-	if c0 < 0x80 { // is ASCII
-		return nfcValues[c0]
-	}
-	i := nfcIndex[c0]
-	if c0 < 0xE0 { // 2-byte UTF-8
-		return t.lookupValue(uint32(i), s[1])
-	}
-	i = nfcIndex[uint32(i)<<6+uint32(s[1])]
-	if c0 < 0xF0 { // 3-byte UTF-8
-		return t.lookupValue(uint32(i), s[2])
-	}
-	i = nfcIndex[uint32(i)<<6+uint32(s[2])]
-	if c0 < 0xF8 { // 4-byte UTF-8
-		return t.lookupValue(uint32(i), s[3])
-	}
-	return 0
-}
-
-// nfcTrie. Total size: 10586 bytes (10.34 KiB). Checksum: dd926e82067bee11.
-type nfcTrie struct{}
-
-func newNfcTrie(i int) *nfcTrie {
-	return &nfcTrie{}
-}
-
-// lookupValue determines the type of block n and looks up the value for b.
-func (t *nfcTrie) lookupValue(n uint32, b byte) uint16 {
-	switch {
-	case n < 46:
-		return uint16(nfcValues[n<<6+uint32(b)])
-	default:
-		n -= 46
-		return uint16(nfcSparse.lookup(n, b))
-	}
-}
-
-// nfcValues: 48 blocks, 3072 entries, 6144 bytes
-// The third block is the zero block.
-var nfcValues = [3072]uint16{
-	// Block 0x0, offset 0x0
-	0x3c: 0xa000, 0x3d: 0xa000, 0x3e: 0xa000,
-	// Block 0x1, offset 0x40
-	0x41: 0xa000, 0x42: 0xa000, 0x43: 0xa000, 0x44: 0xa000, 0x45: 0xa000,
-	0x46: 0xa000, 0x47: 0xa000, 0x48: 0xa000, 0x49: 0xa000, 0x4a: 0xa000, 0x4b: 0xa000,
-	0x4c: 0xa000, 0x4d: 0xa000, 0x4e: 0xa000, 0x4f: 0xa000, 0x50: 0xa000,
-	0x52: 0xa000, 0x53: 0xa000, 0x54: 0xa000, 0x55: 0xa000, 0x56: 0xa000, 0x57: 0xa000,
-	0x58: 0xa000, 0x59: 0xa000, 0x5a: 0xa000,
-	0x61: 0xa000, 0x62: 0xa000, 0x63: 0xa000,
-	0x64: 0xa000, 0x65: 0xa000, 0x66: 0xa000, 0x67: 0xa000, 0x68: 0xa000, 0x69: 0xa000,
-	0x6a: 0xa000, 0x6b: 0xa000, 0x6c: 0xa000, 0x6d: 0xa000, 0x6e: 0xa000, 0x6f: 0xa000,
-	0x70: 0xa000, 0x72: 0xa000, 0x73: 0xa000, 0x74: 0xa000, 0x75: 0xa000,
-	0x76: 0xa000, 0x77: 0xa000, 0x78: 0xa000, 0x79: 0xa000, 0x7a: 0xa000,
-	// Block 0x2, offset 0x80
-	// Block 0x3, offset 0xc0
-	0xc0: 0x2f6f, 0xc1: 0x2f74, 0xc2: 0x4688, 0xc3: 0x2f79, 0xc4: 0x4697, 0xc5: 0x469c,
-	0xc6: 0xa000, 0xc7: 0x46a6, 0xc8: 0x2fe2, 0xc9: 0x2fe7, 0xca: 0x46ab, 0xcb: 0x2ffb,
-	0xcc: 0x306e, 0xcd: 0x3073, 0xce: 0x3078, 0xcf: 0x46bf, 0xd1: 0x3104,
-	0xd2: 0x3127, 0xd3: 0x312c, 0xd4: 0x46c9, 0xd5: 0x46ce, 0xd6: 0x46dd,
-	0xd8: 0xa000, 0xd9: 0x31b3, 0xda: 0x31b8, 0xdb: 0x31bd, 0xdc: 0x470f, 0xdd: 0x3235,
-	0xe0: 0x327b, 0xe1: 0x3280, 0xe2: 0x4719, 0xe3: 0x3285,
-	0xe4: 0x4728, 0xe5: 0x472d, 0xe6: 0xa000, 0xe7: 0x4737, 0xe8: 0x32ee, 0xe9: 0x32f3,
-	0xea: 0x473c, 0xeb: 0x3307, 0xec: 0x337f, 0xed: 0x3384, 0xee: 0x3389, 0xef: 0x4750,
-	0xf1: 0x3415, 0xf2: 0x3438, 0xf3: 0x343d, 0xf4: 0x475a, 0xf5: 0x475f,
-	0xf6: 0x476e, 0xf8: 0xa000, 0xf9: 0x34c9, 0xfa: 0x34ce, 0xfb: 0x34d3,
-	0xfc: 0x47a0, 0xfd: 0x3550, 0xff: 0x3569,
-	// Block 0x4, offset 0x100
-	0x100: 0x2f7e, 0x101: 0x328a, 0x102: 0x468d, 0x103: 0x471e, 0x104: 0x2f9c, 0x105: 0x32a8,
-	0x106: 0x2fb0, 0x107: 0x32bc, 0x108: 0x2fb5, 0x109: 0x32c1, 0x10a: 0x2fba, 0x10b: 0x32c6,
-	0x10c: 0x2fbf, 0x10d: 0x32cb, 0x10e: 0x2fc9, 0x10f: 0x32d5,
-	0x112: 0x46b0, 0x113: 0x4741, 0x114: 0x2ff1, 0x115: 0x32fd, 0x116: 0x2ff6, 0x117: 0x3302,
-	0x118: 0x3014, 0x119: 0x3320, 0x11a: 0x3005, 0x11b: 0x3311, 0x11c: 0x302d, 0x11d: 0x3339,
-	0x11e: 0x3037, 0x11f: 0x3343, 0x120: 0x303c, 0x121: 0x3348, 0x122: 0x3046, 0x123: 0x3352,
-	0x124: 0x304b, 0x125: 0x3357, 0x128: 0x307d, 0x129: 0x338e,
-	0x12a: 0x3082, 0x12b: 0x3393, 0x12c: 0x3087, 0x12d: 0x3398, 0x12e: 0x30aa, 0x12f: 0x33b6,
-	0x130: 0x308c, 0x134: 0x30b4, 0x135: 0x33c0,
-	0x136: 0x30c8, 0x137: 0x33d9, 0x139: 0x30d2, 0x13a: 0x33e3, 0x13b: 0x30dc,
-	0x13c: 0x33ed, 0x13d: 0x30d7, 0x13e: 0x33e8,
-	// Block 0x5, offset 0x140
-	0x143: 0x30ff, 0x144: 0x3410, 0x145: 0x3118,
-	0x146: 0x3429, 0x147: 0x310e, 0x148: 0x341f,
-	0x14c: 0x46d3, 0x14d: 0x4764, 0x14e: 0x3131, 0x14f: 0x3442, 0x150: 0x313b, 0x151: 0x344c,
-	0x154: 0x3159, 0x155: 0x346a, 0x156: 0x3172, 0x157: 0x3483,
-	0x158: 0x3163, 0x159: 0x3474, 0x15a: 0x46f6, 0x15b: 0x4787, 0x15c: 0x317c, 0x15d: 0x348d,
-	0x15e: 0x318b, 0x15f: 0x349c, 0x160: 0x46fb, 0x161: 0x478c, 0x162: 0x31a4, 0x163: 0x34ba,
-	0x164: 0x3195, 0x165: 0x34ab, 0x168: 0x4705, 0x169: 0x4796,
-	0x16a: 0x470a, 0x16b: 0x479b, 0x16c: 0x31c2, 0x16d: 0x34d8, 0x16e: 0x31cc, 0x16f: 0x34e2,
-	0x170: 0x31d1, 0x171: 0x34e7, 0x172: 0x31ef, 0x173: 0x3505, 0x174: 0x3212, 0x175: 0x3528,
-	0x176: 0x323a, 0x177: 0x3555, 0x178: 0x324e, 0x179: 0x325d, 0x17a: 0x357d, 0x17b: 0x3267,
-	0x17c: 0x3587, 0x17d: 0x326c, 0x17e: 0x358c, 0x17f: 0xa000,
-	// Block 0x6, offset 0x180
-	0x184: 0x8100, 0x185: 0x8100,
-	0x186: 0x8100,
-	0x18d: 0x2f88, 0x18e: 0x3294, 0x18f: 0x3096, 0x190: 0x33a2, 0x191: 0x3140,
-	0x192: 0x3451, 0x193: 0x31d6, 0x194: 0x34ec, 0x195: 0x39cf, 0x196: 0x3b5e, 0x197: 0x39c8,
-	0x198: 0x3b57, 0x199: 0x39d6, 0x19a: 0x3b65, 0x19b: 0x39c1, 0x19c: 0x3b50,
-	0x19e: 0x38b0, 0x19f: 0x3a3f, 0x1a0: 0x38a9, 0x1a1: 0x3a38, 0x1a2: 0x35b3, 0x1a3: 0x35c5,
-	0x1a6: 0x3041, 0x1a7: 0x334d, 0x1a8: 0x30be, 0x1a9: 0x33cf,
-	0x1aa: 0x46ec, 0x1ab: 0x477d, 0x1ac: 0x3990, 0x1ad: 0x3b1f, 0x1ae: 0x35d7, 0x1af: 0x35dd,
-	0x1b0: 0x33c5, 0x1b4: 0x3028, 0x1b5: 0x3334,
-	0x1b8: 0x30fa, 0x1b9: 0x340b, 0x1ba: 0x38b7, 0x1bb: 0x3a46,
-	0x1bc: 0x35ad, 0x1bd: 0x35bf, 0x1be: 0x35b9, 0x1bf: 0x35cb,
-	// Block 0x7, offset 0x1c0
-	0x1c0: 0x2f8d, 0x1c1: 0x3299, 0x1c2: 0x2f92, 0x1c3: 0x329e, 0x1c4: 0x300a, 0x1c5: 0x3316,
-	0x1c6: 0x300f, 0x1c7: 0x331b, 0x1c8: 0x309b, 0x1c9: 0x33a7, 0x1ca: 0x30a0, 0x1cb: 0x33ac,
-	0x1cc: 0x3145, 0x1cd: 0x3456, 0x1ce: 0x314a, 0x1cf: 0x345b, 0x1d0: 0x3168, 0x1d1: 0x3479,
-	0x1d2: 0x316d, 0x1d3: 0x347e, 0x1d4: 0x31db, 0x1d5: 0x34f1, 0x1d6: 0x31e0, 0x1d7: 0x34f6,
-	0x1d8: 0x3186, 0x1d9: 0x3497, 0x1da: 0x319f, 0x1db: 0x34b5,
-	0x1de: 0x305a, 0x1df: 0x3366,
-	0x1e6: 0x4692, 0x1e7: 0x4723, 0x1e8: 0x46ba, 0x1e9: 0x474b,
-	0x1ea: 0x395f, 0x1eb: 0x3aee, 0x1ec: 0x393c, 0x1ed: 0x3acb, 0x1ee: 0x46d8, 0x1ef: 0x4769,
-	0x1f0: 0x3958, 0x1f1: 0x3ae7, 0x1f2: 0x3244, 0x1f3: 0x355f,
-	// Block 0x8, offset 0x200
-	0x200: 0x9932, 0x201: 0x9932, 0x202: 0x9932, 0x203: 0x9932, 0x204: 0x9932, 0x205: 0x8132,
-	0x206: 0x9932, 0x207: 0x9932, 0x208: 0x9932, 0x209: 0x9932, 0x20a: 0x9932, 0x20b: 0x9932,
-	0x20c: 0x9932, 0x20d: 0x8132, 0x20e: 0x8132, 0x20f: 0x9932, 0x210: 0x8132, 0x211: 0x9932,
-	0x212: 0x8132, 0x213: 0x9932, 0x214: 0x9932, 0x215: 0x8133, 0x216: 0x812d, 0x217: 0x812d,
-	0x218: 0x812d, 0x219: 0x812d, 0x21a: 0x8133, 0x21b: 0x992b, 0x21c: 0x812d, 0x21d: 0x812d,
-	0x21e: 0x812d, 0x21f: 0x812d, 0x220: 0x812d, 0x221: 0x8129, 0x222: 0x8129, 0x223: 0x992d,
-	0x224: 0x992d, 0x225: 0x992d, 0x226: 0x992d, 0x227: 0x9929, 0x228: 0x9929, 0x229: 0x812d,
-	0x22a: 0x812d, 0x22b: 0x812d, 0x22c: 0x812d, 0x22d: 0x992d, 0x22e: 0x992d, 0x22f: 0x812d,
-	0x230: 0x992d, 0x231: 0x992d, 0x232: 0x812d, 0x233: 0x812d, 0x234: 0x8101, 0x235: 0x8101,
-	0x236: 0x8101, 0x237: 0x8101, 0x238: 0x9901, 0x239: 0x812d, 0x23a: 0x812d, 0x23b: 0x812d,
-	0x23c: 0x812d, 0x23d: 0x8132, 0x23e: 0x8132, 0x23f: 0x8132,
-	// Block 0x9, offset 0x240
-	0x240: 0x49ae, 0x241: 0x49b3, 0x242: 0x9932, 0x243: 0x49b8, 0x244: 0x4a71, 0x245: 0x9936,
-	0x246: 0x8132, 0x247: 0x812d, 0x248: 0x812d, 0x249: 0x812d, 0x24a: 0x8132, 0x24b: 0x8132,
-	0x24c: 0x8132, 0x24d: 0x812d, 0x24e: 0x812d, 0x250: 0x8132, 0x251: 0x8132,
-	0x252: 0x8132, 0x253: 0x812d, 0x254: 0x812d, 0x255: 0x812d, 0x256: 0x812d, 0x257: 0x8132,
-	0x258: 0x8133, 0x259: 0x812d, 0x25a: 0x812d, 0x25b: 0x8132, 0x25c: 0x8134, 0x25d: 0x8135,
-	0x25e: 0x8135, 0x25f: 0x8134, 0x260: 0x8135, 0x261: 0x8135, 0x262: 0x8134, 0x263: 0x8132,
-	0x264: 0x8132, 0x265: 0x8132, 0x266: 0x8132, 0x267: 0x8132, 0x268: 0x8132, 0x269: 0x8132,
-	0x26a: 0x8132, 0x26b: 0x8132, 0x26c: 0x8132, 0x26d: 0x8132, 0x26e: 0x8132, 0x26f: 0x8132,
-	0x274: 0x0170,
-	0x27a: 0x8100,
-	0x27e: 0x0037,
-	// Block 0xa, offset 0x280
-	0x284: 0x8100, 0x285: 0x35a1,
-	0x286: 0x35e9, 0x287: 0x00ce, 0x288: 0x3607, 0x289: 0x3613, 0x28a: 0x3625,
-	0x28c: 0x3643, 0x28e: 0x3655, 0x28f: 0x3673, 0x290: 0x3e08, 0x291: 0xa000,
-	0x295: 0xa000, 0x297: 0xa000,
-	0x299: 0xa000,
-	0x29f: 0xa000, 0x2a1: 0xa000,
-	0x2a5: 0xa000, 0x2a9: 0xa000,
-	0x2aa: 0x3637, 0x2ab: 0x3667, 0x2ac: 0x47fe, 0x2ad: 0x3697, 0x2ae: 0x4828, 0x2af: 0x36a9,
-	0x2b0: 0x3e70, 0x2b1: 0xa000, 0x2b5: 0xa000,
-	0x2b7: 0xa000, 0x2b9: 0xa000,
-	0x2bf: 0xa000,
-	// Block 0xb, offset 0x2c0
-	0x2c0: 0x3721, 0x2c1: 0x372d, 0x2c3: 0x371b,
-	0x2c6: 0xa000, 0x2c7: 0x3709,
-	0x2cc: 0x375d, 0x2cd: 0x3745, 0x2ce: 0x376f, 0x2d0: 0xa000,
-	0x2d3: 0xa000, 0x2d5: 0xa000, 0x2d6: 0xa000, 0x2d7: 0xa000,
-	0x2d8: 0xa000, 0x2d9: 0x3751, 0x2da: 0xa000,
-	0x2de: 0xa000, 0x2e3: 0xa000,
-	0x2e7: 0xa000,
-	0x2eb: 0xa000, 0x2ed: 0xa000,
-	0x2f0: 0xa000, 0x2f3: 0xa000, 0x2f5: 0xa000,
-	0x2f6: 0xa000, 0x2f7: 0xa000, 0x2f8: 0xa000, 0x2f9: 0x37d5, 0x2fa: 0xa000,
-	0x2fe: 0xa000,
-	// Block 0xc, offset 0x300
-	0x301: 0x3733, 0x302: 0x37b7,
-	0x310: 0x370f, 0x311: 0x3793,
-	0x312: 0x3715, 0x313: 0x3799, 0x316: 0x3727, 0x317: 0x37ab,
-	0x318: 0xa000, 0x319: 0xa000, 0x31a: 0x3829, 0x31b: 0x382f, 0x31c: 0x3739, 0x31d: 0x37bd,
-	0x31e: 0x373f, 0x31f: 0x37c3, 0x322: 0x374b, 0x323: 0x37cf,
-	0x324: 0x3757, 0x325: 0x37db, 0x326: 0x3763, 0x327: 0x37e7, 0x328: 0xa000, 0x329: 0xa000,
-	0x32a: 0x3835, 0x32b: 0x383b, 0x32c: 0x378d, 0x32d: 0x3811, 0x32e: 0x3769, 0x32f: 0x37ed,
-	0x330: 0x3775, 0x331: 0x37f9, 0x332: 0x377b, 0x333: 0x37ff, 0x334: 0x3781, 0x335: 0x3805,
-	0x338: 0x3787, 0x339: 0x380b,
-	// Block 0xd, offset 0x340
-	0x351: 0x812d,
-	0x352: 0x8132, 0x353: 0x8132, 0x354: 0x8132, 0x355: 0x8132, 0x356: 0x812d, 0x357: 0x8132,
-	0x358: 0x8132, 0x359: 0x8132, 0x35a: 0x812e, 0x35b: 0x812d, 0x35c: 0x8132, 0x35d: 0x8132,
-	0x35e: 0x8132, 0x35f: 0x8132, 0x360: 0x8132, 0x361: 0x8132, 0x362: 0x812d, 0x363: 0x812d,
-	0x364: 0x812d, 0x365: 0x812d, 0x366: 0x812d, 0x367: 0x812d, 0x368: 0x8132, 0x369: 0x8132,
-	0x36a: 0x812d, 0x36b: 0x8132, 0x36c: 0x8132, 0x36d: 0x812e, 0x36e: 0x8131, 0x36f: 0x8132,
-	0x370: 0x8105, 0x371: 0x8106, 0x372: 0x8107, 0x373: 0x8108, 0x374: 0x8109, 0x375: 0x810a,
-	0x376: 0x810b, 0x377: 0x810c, 0x378: 0x810d, 0x379: 0x810e, 0x37a: 0x810e, 0x37b: 0x810f,
-	0x37c: 0x8110, 0x37d: 0x8111, 0x37f: 0x8112,
-	// Block 0xe, offset 0x380
-	0x388: 0xa000, 0x38a: 0xa000, 0x38b: 0x8116,
-	0x38c: 0x8117, 0x38d: 0x8118, 0x38e: 0x8119, 0x38f: 0x811a, 0x390: 0x811b, 0x391: 0x811c,
-	0x392: 0x811d, 0x393: 0x9932, 0x394: 0x9932, 0x395: 0x992d, 0x396: 0x812d, 0x397: 0x8132,
-	0x398: 0x8132, 0x399: 0x8132, 0x39a: 0x8132, 0x39b: 0x8132, 0x39c: 0x812d, 0x39d: 0x8132,
-	0x39e: 0x8132, 0x39f: 0x812d,
-	0x3b0: 0x811e,
-	// Block 0xf, offset 0x3c0
-	0x3d3: 0x812d, 0x3d4: 0x8132, 0x3d5: 0x8132, 0x3d6: 0x8132, 0x3d7: 0x8132,
-	0x3d8: 0x8132, 0x3d9: 0x8132, 0x3da: 0x8132, 0x3db: 0x8132, 0x3dc: 0x8132, 0x3dd: 0x8132,
-	0x3de: 0x8132, 0x3df: 0x8132, 0x3e0: 0x8132, 0x3e1: 0x8132, 0x3e3: 0x812d,
-	0x3e4: 0x8132, 0x3e5: 0x8132, 0x3e6: 0x812d, 0x3e7: 0x8132, 0x3e8: 0x8132, 0x3e9: 0x812d,
-	0x3ea: 0x8132, 0x3eb: 0x8132, 0x3ec: 0x8132, 0x3ed: 0x812d, 0x3ee: 0x812d, 0x3ef: 0x812d,
-	0x3f0: 0x8116, 0x3f1: 0x8117, 0x3f2: 0x8118, 0x3f3: 0x8132, 0x3f4: 0x8132, 0x3f5: 0x8132,
-	0x3f6: 0x812d, 0x3f7: 0x8132, 0x3f8: 0x8132, 0x3f9: 0x812d, 0x3fa: 0x812d, 0x3fb: 0x8132,
-	0x3fc: 0x8132, 0x3fd: 0x8132, 0x3fe: 0x8132, 0x3ff: 0x8132,
-	// Block 0x10, offset 0x400
-	0x405: 0xa000,
-	0x406: 0x2d26, 0x407: 0xa000, 0x408: 0x2d2e, 0x409: 0xa000, 0x40a: 0x2d36, 0x40b: 0xa000,
-	0x40c: 0x2d3e, 0x40d: 0xa000, 0x40e: 0x2d46, 0x411: 0xa000,
-	0x412: 0x2d4e,
-	0x434: 0x8102, 0x435: 0x9900,
-	0x43a: 0xa000, 0x43b: 0x2d56,
-	0x43c: 0xa000, 0x43d: 0x2d5e, 0x43e: 0xa000, 0x43f: 0xa000,
-	// Block 0x11, offset 0x440
-	0x440: 0x8132, 0x441: 0x8132, 0x442: 0x812d, 0x443: 0x8132, 0x444: 0x8132, 0x445: 0x8132,
-	0x446: 0x8132, 0x447: 0x8132, 0x448: 0x8132, 0x449: 0x8132, 0x44a: 0x812d, 0x44b: 0x8132,
-	0x44c: 0x8132, 0x44d: 0x8135, 0x44e: 0x812a, 0x44f: 0x812d, 0x450: 0x8129, 0x451: 0x8132,
-	0x452: 0x8132, 0x453: 0x8132, 0x454: 0x8132, 0x455: 0x8132, 0x456: 0x8132, 0x457: 0x8132,
-	0x458: 0x8132, 0x459: 0x8132, 0x45a: 0x8132, 0x45b: 0x8132, 0x45c: 0x8132, 0x45d: 0x8132,
-	0x45e: 0x8132, 0x45f: 0x8132, 0x460: 0x8132, 0x461: 0x8132, 0x462: 0x8132, 0x463: 0x8132,
-	0x464: 0x8132, 0x465: 0x8132, 0x466: 0x8132, 0x467: 0x8132, 0x468: 0x8132, 0x469: 0x8132,
-	0x46a: 0x8132, 0x46b: 0x8132, 0x46c: 0x8132, 0x46d: 0x8132, 0x46e: 0x8132, 0x46f: 0x8132,
-	0x470: 0x8132, 0x471: 0x8132, 0x472: 0x8132, 0x473: 0x8132, 0x474: 0x8132, 0x475: 0x8132,
-	0x476: 0x8133, 0x477: 0x8131, 0x478: 0x8131, 0x479: 0x812d, 0x47b: 0x8132,
-	0x47c: 0x8134, 0x47d: 0x812d, 0x47e: 0x8132, 0x47f: 0x812d,
-	// Block 0x12, offset 0x480
-	0x480: 0x2f97, 0x481: 0x32a3, 0x482: 0x2fa1, 0x483: 0x32ad, 0x484: 0x2fa6, 0x485: 0x32b2,
-	0x486: 0x2fab, 0x487: 0x32b7, 0x488: 0x38cc, 0x489: 0x3a5b, 0x48a: 0x2fc4, 0x48b: 0x32d0,
-	0x48c: 0x2fce, 0x48d: 0x32da, 0x48e: 0x2fdd, 0x48f: 0x32e9, 0x490: 0x2fd3, 0x491: 0x32df,
-	0x492: 0x2fd8, 0x493: 0x32e4, 0x494: 0x38ef, 0x495: 0x3a7e, 0x496: 0x38f6, 0x497: 0x3a85,
-	0x498: 0x3019, 0x499: 0x3325, 0x49a: 0x301e, 0x49b: 0x332a, 0x49c: 0x3904, 0x49d: 0x3a93,
-	0x49e: 0x3023, 0x49f: 0x332f, 0x4a0: 0x3032, 0x4a1: 0x333e, 0x4a2: 0x3050, 0x4a3: 0x335c,
-	0x4a4: 0x305f, 0x4a5: 0x336b, 0x4a6: 0x3055, 0x4a7: 0x3361, 0x4a8: 0x3064, 0x4a9: 0x3370,
-	0x4aa: 0x3069, 0x4ab: 0x3375, 0x4ac: 0x30af, 0x4ad: 0x33bb, 0x4ae: 0x390b, 0x4af: 0x3a9a,
-	0x4b0: 0x30b9, 0x4b1: 0x33ca, 0x4b2: 0x30c3, 0x4b3: 0x33d4, 0x4b4: 0x30cd, 0x4b5: 0x33de,
-	0x4b6: 0x46c4, 0x4b7: 0x4755, 0x4b8: 0x3912, 0x4b9: 0x3aa1, 0x4ba: 0x30e6, 0x4bb: 0x33f7,
-	0x4bc: 0x30e1, 0x4bd: 0x33f2, 0x4be: 0x30eb, 0x4bf: 0x33fc,
-	// Block 0x13, offset 0x4c0
-	0x4c0: 0x30f0, 0x4c1: 0x3401, 0x4c2: 0x30f5, 0x4c3: 0x3406, 0x4c4: 0x3109, 0x4c5: 0x341a,
-	0x4c6: 0x3113, 0x4c7: 0x3424, 0x4c8: 0x3122, 0x4c9: 0x3433, 0x4ca: 0x311d, 0x4cb: 0x342e,
-	0x4cc: 0x3935, 0x4cd: 0x3ac4, 0x4ce: 0x3943, 0x4cf: 0x3ad2, 0x4d0: 0x394a, 0x4d1: 0x3ad9,
-	0x4d2: 0x3951, 0x4d3: 0x3ae0, 0x4d4: 0x314f, 0x4d5: 0x3460, 0x4d6: 0x3154, 0x4d7: 0x3465,
-	0x4d8: 0x315e, 0x4d9: 0x346f, 0x4da: 0x46f1, 0x4db: 0x4782, 0x4dc: 0x3997, 0x4dd: 0x3b26,
-	0x4de: 0x3177, 0x4df: 0x3488, 0x4e0: 0x3181, 0x4e1: 0x3492, 0x4e2: 0x4700, 0x4e3: 0x4791,
-	0x4e4: 0x399e, 0x4e5: 0x3b2d, 0x4e6: 0x39a5, 0x4e7: 0x3b34, 0x4e8: 0x39ac, 0x4e9: 0x3b3b,
-	0x4ea: 0x3190, 0x4eb: 0x34a1, 0x4ec: 0x319a, 0x4ed: 0x34b0, 0x4ee: 0x31ae, 0x4ef: 0x34c4,
-	0x4f0: 0x31a9, 0x4f1: 0x34bf, 0x4f2: 0x31ea, 0x4f3: 0x3500, 0x4f4: 0x31f9, 0x4f5: 0x350f,
-	0x4f6: 0x31f4, 0x4f7: 0x350a, 0x4f8: 0x39b3, 0x4f9: 0x3b42, 0x4fa: 0x39ba, 0x4fb: 0x3b49,
-	0x4fc: 0x31fe, 0x4fd: 0x3514, 0x4fe: 0x3203, 0x4ff: 0x3519,
-	// Block 0x14, offset 0x500
-	0x500: 0x3208, 0x501: 0x351e, 0x502: 0x320d, 0x503: 0x3523, 0x504: 0x321c, 0x505: 0x3532,
-	0x506: 0x3217, 0x507: 0x352d, 0x508: 0x3221, 0x509: 0x353c, 0x50a: 0x3226, 0x50b: 0x3541,
-	0x50c: 0x322b, 0x50d: 0x3546, 0x50e: 0x3249, 0x50f: 0x3564, 0x510: 0x3262, 0x511: 0x3582,
-	0x512: 0x3271, 0x513: 0x3591, 0x514: 0x3276, 0x515: 0x3596, 0x516: 0x337a, 0x517: 0x34a6,
-	0x518: 0x3537, 0x519: 0x3573, 0x51b: 0x35d1,
-	0x520: 0x46a1, 0x521: 0x4732, 0x522: 0x2f83, 0x523: 0x328f,
-	0x524: 0x3878, 0x525: 0x3a07, 0x526: 0x3871, 0x527: 0x3a00, 0x528: 0x3886, 0x529: 0x3a15,
-	0x52a: 0x387f, 0x52b: 0x3a0e, 0x52c: 0x38be, 0x52d: 0x3a4d, 0x52e: 0x3894, 0x52f: 0x3a23,
-	0x530: 0x388d, 0x531: 0x3a1c, 0x532: 0x38a2, 0x533: 0x3a31, 0x534: 0x389b, 0x535: 0x3a2a,
-	0x536: 0x38c5, 0x537: 0x3a54, 0x538: 0x46b5, 0x539: 0x4746, 0x53a: 0x3000, 0x53b: 0x330c,
-	0x53c: 0x2fec, 0x53d: 0x32f8, 0x53e: 0x38da, 0x53f: 0x3a69,
-	// Block 0x15, offset 0x540
-	0x540: 0x38d3, 0x541: 0x3a62, 0x542: 0x38e8, 0x543: 0x3a77, 0x544: 0x38e1, 0x545: 0x3a70,
-	0x546: 0x38fd, 0x547: 0x3a8c, 0x548: 0x3091, 0x549: 0x339d, 0x54a: 0x30a5, 0x54b: 0x33b1,
-	0x54c: 0x46e7, 0x54d: 0x4778, 0x54e: 0x3136, 0x54f: 0x3447, 0x550: 0x3920, 0x551: 0x3aaf,
-	0x552: 0x3919, 0x553: 0x3aa8, 0x554: 0x392e, 0x555: 0x3abd, 0x556: 0x3927, 0x557: 0x3ab6,
-	0x558: 0x3989, 0x559: 0x3b18, 0x55a: 0x396d, 0x55b: 0x3afc, 0x55c: 0x3966, 0x55d: 0x3af5,
-	0x55e: 0x397b, 0x55f: 0x3b0a, 0x560: 0x3974, 0x561: 0x3b03, 0x562: 0x3982, 0x563: 0x3b11,
-	0x564: 0x31e5, 0x565: 0x34fb, 0x566: 0x31c7, 0x567: 0x34dd, 0x568: 0x39e4, 0x569: 0x3b73,
-	0x56a: 0x39dd, 0x56b: 0x3b6c, 0x56c: 0x39f2, 0x56d: 0x3b81, 0x56e: 0x39eb, 0x56f: 0x3b7a,
-	0x570: 0x39f9, 0x571: 0x3b88, 0x572: 0x3230, 0x573: 0x354b, 0x574: 0x3258, 0x575: 0x3578,
-	0x576: 0x3253, 0x577: 0x356e, 0x578: 0x323f, 0x579: 0x355a,
-	// Block 0x16, offset 0x580
-	0x580: 0x4804, 0x581: 0x480a, 0x582: 0x491e, 0x583: 0x4936, 0x584: 0x4926, 0x585: 0x493e,
-	0x586: 0x492e, 0x587: 0x4946, 0x588: 0x47aa, 0x589: 0x47b0, 0x58a: 0x488e, 0x58b: 0x48a6,
-	0x58c: 0x4896, 0x58d: 0x48ae, 0x58e: 0x489e, 0x58f: 0x48b6, 0x590: 0x4816, 0x591: 0x481c,
-	0x592: 0x3db8, 0x593: 0x3dc8, 0x594: 0x3dc0, 0x595: 0x3dd0,
-	0x598: 0x47b6, 0x599: 0x47bc, 0x59a: 0x3ce8, 0x59b: 0x3cf8, 0x59c: 0x3cf0, 0x59d: 0x3d00,
-	0x5a0: 0x482e, 0x5a1: 0x4834, 0x5a2: 0x494e, 0x5a3: 0x4966,
-	0x5a4: 0x4956, 0x5a5: 0x496e, 0x5a6: 0x495e, 0x5a7: 0x4976, 0x5a8: 0x47c2, 0x5a9: 0x47c8,
-	0x5aa: 0x48be, 0x5ab: 0x48d6, 0x5ac: 0x48c6, 0x5ad: 0x48de, 0x5ae: 0x48ce, 0x5af: 0x48e6,
-	0x5b0: 0x4846, 0x5b1: 0x484c, 0x5b2: 0x3e18, 0x5b3: 0x3e30, 0x5b4: 0x3e20, 0x5b5: 0x3e38,
-	0x5b6: 0x3e28, 0x5b7: 0x3e40, 0x5b8: 0x47ce, 0x5b9: 0x47d4, 0x5ba: 0x3d18, 0x5bb: 0x3d30,
-	0x5bc: 0x3d20, 0x5bd: 0x3d38, 0x5be: 0x3d28, 0x5bf: 0x3d40,
-	// Block 0x17, offset 0x5c0
-	0x5c0: 0x4852, 0x5c1: 0x4858, 0x5c2: 0x3e48, 0x5c3: 0x3e58, 0x5c4: 0x3e50, 0x5c5: 0x3e60,
-	0x5c8: 0x47da, 0x5c9: 0x47e0, 0x5ca: 0x3d48, 0x5cb: 0x3d58,
-	0x5cc: 0x3d50, 0x5cd: 0x3d60, 0x5d0: 0x4864, 0x5d1: 0x486a,
-	0x5d2: 0x3e80, 0x5d3: 0x3e98, 0x5d4: 0x3e88, 0x5d5: 0x3ea0, 0x5d6: 0x3e90, 0x5d7: 0x3ea8,
-	0x5d9: 0x47e6, 0x5db: 0x3d68, 0x5dd: 0x3d70,
-	0x5df: 0x3d78, 0x5e0: 0x487c, 0x5e1: 0x4882, 0x5e2: 0x497e, 0x5e3: 0x4996,
-	0x5e4: 0x4986, 0x5e5: 0x499e, 0x5e6: 0x498e, 0x5e7: 0x49a6, 0x5e8: 0x47ec, 0x5e9: 0x47f2,
-	0x5ea: 0x48ee, 0x5eb: 0x4906, 0x5ec: 0x48f6, 0x5ed: 0x490e, 0x5ee: 0x48fe, 0x5ef: 0x4916,
-	0x5f0: 0x47f8, 0x5f1: 0x431e, 0x5f2: 0x3691, 0x5f3: 0x4324, 0x5f4: 0x4822, 0x5f5: 0x432a,
-	0x5f6: 0x36a3, 0x5f7: 0x4330, 0x5f8: 0x36c1, 0x5f9: 0x4336, 0x5fa: 0x36d9, 0x5fb: 0x433c,
-	0x5fc: 0x4870, 0x5fd: 0x4342,
-	// Block 0x18, offset 0x600
-	0x600: 0x3da0, 0x601: 0x3da8, 0x602: 0x4184, 0x603: 0x41a2, 0x604: 0x418e, 0x605: 0x41ac,
-	0x606: 0x4198, 0x607: 0x41b6, 0x608: 0x3cd8, 0x609: 0x3ce0, 0x60a: 0x40d0, 0x60b: 0x40ee,
-	0x60c: 0x40da, 0x60d: 0x40f8, 0x60e: 0x40e4, 0x60f: 0x4102, 0x610: 0x3de8, 0x611: 0x3df0,
-	0x612: 0x41c0, 0x613: 0x41de, 0x614: 0x41ca, 0x615: 0x41e8, 0x616: 0x41d4, 0x617: 0x41f2,
-	0x618: 0x3d08, 0x619: 0x3d10, 0x61a: 0x410c, 0x61b: 0x412a, 0x61c: 0x4116, 0x61d: 0x4134,
-	0x61e: 0x4120, 0x61f: 0x413e, 0x620: 0x3ec0, 0x621: 0x3ec8, 0x622: 0x41fc, 0x623: 0x421a,
-	0x624: 0x4206, 0x625: 0x4224, 0x626: 0x4210, 0x627: 0x422e, 0x628: 0x3d80, 0x629: 0x3d88,
-	0x62a: 0x4148, 0x62b: 0x4166, 0x62c: 0x4152, 0x62d: 0x4170, 0x62e: 0x415c, 0x62f: 0x417a,
-	0x630: 0x3685, 0x631: 0x367f, 0x632: 0x3d90, 0x633: 0x368b, 0x634: 0x3d98,
-	0x636: 0x4810, 0x637: 0x3db0, 0x638: 0x35f5, 0x639: 0x35ef, 0x63a: 0x35e3, 0x63b: 0x42ee,
-	0x63c: 0x35fb, 0x63d: 0x8100, 0x63e: 0x01d3, 0x63f: 0xa100,
-	// Block 0x19, offset 0x640
-	0x640: 0x8100, 0x641: 0x35a7, 0x642: 0x3dd8, 0x643: 0x369d, 0x644: 0x3de0,
-	0x646: 0x483a, 0x647: 0x3df8, 0x648: 0x3601, 0x649: 0x42f4, 0x64a: 0x360d, 0x64b: 0x42fa,
-	0x64c: 0x3619, 0x64d: 0x3b8f, 0x64e: 0x3b96, 0x64f: 0x3b9d, 0x650: 0x36b5, 0x651: 0x36af,
-	0x652: 0x3e00, 0x653: 0x44e4, 0x656: 0x36bb, 0x657: 0x3e10,
-	0x658: 0x3631, 0x659: 0x362b, 0x65a: 0x361f, 0x65b: 0x4300, 0x65d: 0x3ba4,
-	0x65e: 0x3bab, 0x65f: 0x3bb2, 0x660: 0x36eb, 0x661: 0x36e5, 0x662: 0x3e68, 0x663: 0x44ec,
-	0x664: 0x36cd, 0x665: 0x36d3, 0x666: 0x36f1, 0x667: 0x3e78, 0x668: 0x3661, 0x669: 0x365b,
-	0x66a: 0x364f, 0x66b: 0x430c, 0x66c: 0x3649, 0x66d: 0x359b, 0x66e: 0x42e8, 0x66f: 0x0081,
-	0x672: 0x3eb0, 0x673: 0x36f7, 0x674: 0x3eb8,
-	0x676: 0x4888, 0x677: 0x3ed0, 0x678: 0x363d, 0x679: 0x4306, 0x67a: 0x366d, 0x67b: 0x4318,
-	0x67c: 0x3679, 0x67d: 0x4256, 0x67e: 0xa100,
-	// Block 0x1a, offset 0x680
-	0x681: 0x3c06, 0x683: 0xa000, 0x684: 0x3c0d, 0x685: 0xa000,
-	0x687: 0x3c14, 0x688: 0xa000, 0x689: 0x3c1b,
-	0x68d: 0xa000,
-	0x6a0: 0x2f65, 0x6a1: 0xa000, 0x6a2: 0x3c29,
-	0x6a4: 0xa000, 0x6a5: 0xa000,
-	0x6ad: 0x3c22, 0x6ae: 0x2f60, 0x6af: 0x2f6a,
-	0x6b0: 0x3c30, 0x6b1: 0x3c37, 0x6b2: 0xa000, 0x6b3: 0xa000, 0x6b4: 0x3c3e, 0x6b5: 0x3c45,
-	0x6b6: 0xa000, 0x6b7: 0xa000, 0x6b8: 0x3c4c, 0x6b9: 0x3c53, 0x6ba: 0xa000, 0x6bb: 0xa000,
-	0x6bc: 0xa000, 0x6bd: 0xa000,
-	// Block 0x1b, offset 0x6c0
-	0x6c0: 0x3c5a, 0x6c1: 0x3c61, 0x6c2: 0xa000, 0x6c3: 0xa000, 0x6c4: 0x3c76, 0x6c5: 0x3c7d,
-	0x6c6: 0xa000, 0x6c7: 0xa000, 0x6c8: 0x3c84, 0x6c9: 0x3c8b,
-	0x6d1: 0xa000,
-	0x6d2: 0xa000,
-	0x6e2: 0xa000,
-	0x6e8: 0xa000, 0x6e9: 0xa000,
-	0x6eb: 0xa000, 0x6ec: 0x3ca0, 0x6ed: 0x3ca7, 0x6ee: 0x3cae, 0x6ef: 0x3cb5,
-	0x6f2: 0xa000, 0x6f3: 0xa000, 0x6f4: 0xa000, 0x6f5: 0xa000,
-	// Block 0x1c, offset 0x700
-	0x706: 0xa000, 0x70b: 0xa000,
-	0x70c: 0x3f08, 0x70d: 0xa000, 0x70e: 0x3f10, 0x70f: 0xa000, 0x710: 0x3f18, 0x711: 0xa000,
-	0x712: 0x3f20, 0x713: 0xa000, 0x714: 0x3f28, 0x715: 0xa000, 0x716: 0x3f30, 0x717: 0xa000,
-	0x718: 0x3f38, 0x719: 0xa000, 0x71a: 0x3f40, 0x71b: 0xa000, 0x71c: 0x3f48, 0x71d: 0xa000,
-	0x71e: 0x3f50, 0x71f: 0xa000, 0x720: 0x3f58, 0x721: 0xa000, 0x722: 0x3f60,
-	0x724: 0xa000, 0x725: 0x3f68, 0x726: 0xa000, 0x727: 0x3f70, 0x728: 0xa000, 0x729: 0x3f78,
-	0x72f: 0xa000,
-	0x730: 0x3f80, 0x731: 0x3f88, 0x732: 0xa000, 0x733: 0x3f90, 0x734: 0x3f98, 0x735: 0xa000,
-	0x736: 0x3fa0, 0x737: 0x3fa8, 0x738: 0xa000, 0x739: 0x3fb0, 0x73a: 0x3fb8, 0x73b: 0xa000,
-	0x73c: 0x3fc0, 0x73d: 0x3fc8,
-	// Block 0x1d, offset 0x740
-	0x754: 0x3f00,
-	0x759: 0x9903, 0x75a: 0x9903, 0x75b: 0x8100, 0x75c: 0x8100, 0x75d: 0xa000,
-	0x75e: 0x3fd0,
-	0x766: 0xa000,
-	0x76b: 0xa000, 0x76c: 0x3fe0, 0x76d: 0xa000, 0x76e: 0x3fe8, 0x76f: 0xa000,
-	0x770: 0x3ff0, 0x771: 0xa000, 0x772: 0x3ff8, 0x773: 0xa000, 0x774: 0x4000, 0x775: 0xa000,
-	0x776: 0x4008, 0x777: 0xa000, 0x778: 0x4010, 0x779: 0xa000, 0x77a: 0x4018, 0x77b: 0xa000,
-	0x77c: 0x4020, 0x77d: 0xa000, 0x77e: 0x4028, 0x77f: 0xa000,
-	// Block 0x1e, offset 0x780
-	0x780: 0x4030, 0x781: 0xa000, 0x782: 0x4038, 0x784: 0xa000, 0x785: 0x4040,
-	0x786: 0xa000, 0x787: 0x4048, 0x788: 0xa000, 0x789: 0x4050,
-	0x78f: 0xa000, 0x790: 0x4058, 0x791: 0x4060,
-	0x792: 0xa000, 0x793: 0x4068, 0x794: 0x4070, 0x795: 0xa000, 0x796: 0x4078, 0x797: 0x4080,
-	0x798: 0xa000, 0x799: 0x4088, 0x79a: 0x4090, 0x79b: 0xa000, 0x79c: 0x4098, 0x79d: 0x40a0,
-	0x7af: 0xa000,
-	0x7b0: 0xa000, 0x7b1: 0xa000, 0x7b2: 0xa000, 0x7b4: 0x3fd8,
-	0x7b7: 0x40a8, 0x7b8: 0x40b0, 0x7b9: 0x40b8, 0x7ba: 0x40c0,
-	0x7bd: 0xa000, 0x7be: 0x40c8,
-	// Block 0x1f, offset 0x7c0
-	0x7c0: 0x1377, 0x7c1: 0x0cfb, 0x7c2: 0x13d3, 0x7c3: 0x139f, 0x7c4: 0x0e57, 0x7c5: 0x06eb,
-	0x7c6: 0x08df, 0x7c7: 0x162b, 0x7c8: 0x162b, 0x7c9: 0x0a0b, 0x7ca: 0x145f, 0x7cb: 0x0943,
-	0x7cc: 0x0a07, 0x7cd: 0x0bef, 0x7ce: 0x0fcf, 0x7cf: 0x115f, 0x7d0: 0x1297, 0x7d1: 0x12d3,
-	0x7d2: 0x1307, 0x7d3: 0x141b, 0x7d4: 0x0d73, 0x7d5: 0x0dff, 0x7d6: 0x0eab, 0x7d7: 0x0f43,
-	0x7d8: 0x125f, 0x7d9: 0x1447, 0x7da: 0x1573, 0x7db: 0x070f, 0x7dc: 0x08b3, 0x7dd: 0x0d87,
-	0x7de: 0x0ecf, 0x7df: 0x1293, 0x7e0: 0x15c3, 0x7e1: 0x0ab3, 0x7e2: 0x0e77, 0x7e3: 0x1283,
-	0x7e4: 0x1317, 0x7e5: 0x0c23, 0x7e6: 0x11bb, 0x7e7: 0x12df, 0x7e8: 0x0b1f, 0x7e9: 0x0d0f,
-	0x7ea: 0x0e17, 0x7eb: 0x0f1b, 0x7ec: 0x1427, 0x7ed: 0x074f, 0x7ee: 0x07e7, 0x7ef: 0x0853,
-	0x7f0: 0x0c8b, 0x7f1: 0x0d7f, 0x7f2: 0x0ecb, 0x7f3: 0x0fef, 0x7f4: 0x1177, 0x7f5: 0x128b,
-	0x7f6: 0x12a3, 0x7f7: 0x13c7, 0x7f8: 0x14ef, 0x7f9: 0x15a3, 0x7fa: 0x15bf, 0x7fb: 0x102b,
-	0x7fc: 0x106b, 0x7fd: 0x1123, 0x7fe: 0x1243, 0x7ff: 0x147b,
-	// Block 0x20, offset 0x800
-	0x800: 0x15cb, 0x801: 0x134b, 0x802: 0x09c7, 0x803: 0x0b3b, 0x804: 0x10db, 0x805: 0x119b,
-	0x806: 0x0eff, 0x807: 0x1033, 0x808: 0x1397, 0x809: 0x14e7, 0x80a: 0x09c3, 0x80b: 0x0a8f,
-	0x80c: 0x0d77, 0x80d: 0x0e2b, 0x80e: 0x0e5f, 0x80f: 0x1113, 0x810: 0x113b, 0x811: 0x14a7,
-	0x812: 0x084f, 0x813: 0x11a7, 0x814: 0x07f3, 0x815: 0x07ef, 0x816: 0x1097, 0x817: 0x1127,
-	0x818: 0x125b, 0x819: 0x14af, 0x81a: 0x1367, 0x81b: 0x0c27, 0x81c: 0x0d73, 0x81d: 0x1357,
-	0x81e: 0x06f7, 0x81f: 0x0a63, 0x820: 0x0b93, 0x821: 0x0f2f, 0x822: 0x0faf, 0x823: 0x0873,
-	0x824: 0x103b, 0x825: 0x075f, 0x826: 0x0b77, 0x827: 0x06d7, 0x828: 0x0deb, 0x829: 0x0ca3,
-	0x82a: 0x110f, 0x82b: 0x08c7, 0x82c: 0x09b3, 0x82d: 0x0ffb, 0x82e: 0x1263, 0x82f: 0x133b,
-	0x830: 0x0db7, 0x831: 0x13f7, 0x832: 0x0de3, 0x833: 0x0c37, 0x834: 0x121b, 0x835: 0x0c57,
-	0x836: 0x0fab, 0x837: 0x072b, 0x838: 0x07a7, 0x839: 0x07eb, 0x83a: 0x0d53, 0x83b: 0x10fb,
-	0x83c: 0x11f3, 0x83d: 0x1347, 0x83e: 0x145b, 0x83f: 0x085b,
-	// Block 0x21, offset 0x840
-	0x840: 0x090f, 0x841: 0x0a17, 0x842: 0x0b2f, 0x843: 0x0cbf, 0x844: 0x0e7b, 0x845: 0x103f,
-	0x846: 0x1497, 0x847: 0x157b, 0x848: 0x15cf, 0x849: 0x15e7, 0x84a: 0x0837, 0x84b: 0x0cf3,
-	0x84c: 0x0da3, 0x84d: 0x13eb, 0x84e: 0x0afb, 0x84f: 0x0bd7, 0x850: 0x0bf3, 0x851: 0x0c83,
-	0x852: 0x0e6b, 0x853: 0x0eb7, 0x854: 0x0f67, 0x855: 0x108b, 0x856: 0x112f, 0x857: 0x1193,
-	0x858: 0x13db, 0x859: 0x126b, 0x85a: 0x1403, 0x85b: 0x147f, 0x85c: 0x080f, 0x85d: 0x083b,
-	0x85e: 0x0923, 0x85f: 0x0ea7, 0x860: 0x12f3, 0x861: 0x133b, 0x862: 0x0b1b, 0x863: 0x0b8b,
-	0x864: 0x0c4f, 0x865: 0x0daf, 0x866: 0x10d7, 0x867: 0x0f23, 0x868: 0x073b, 0x869: 0x097f,
-	0x86a: 0x0a63, 0x86b: 0x0ac7, 0x86c: 0x0b97, 0x86d: 0x0f3f, 0x86e: 0x0f5b, 0x86f: 0x116b,
-	0x870: 0x118b, 0x871: 0x1463, 0x872: 0x14e3, 0x873: 0x14f3, 0x874: 0x152f, 0x875: 0x0753,
-	0x876: 0x107f, 0x877: 0x144f, 0x878: 0x14cb, 0x879: 0x0baf, 0x87a: 0x0717, 0x87b: 0x0777,
-	0x87c: 0x0a67, 0x87d: 0x0a87, 0x87e: 0x0caf, 0x87f: 0x0d73,
-	// Block 0x22, offset 0x880
-	0x880: 0x0ec3, 0x881: 0x0fcb, 0x882: 0x1277, 0x883: 0x1417, 0x884: 0x1623, 0x885: 0x0ce3,
-	0x886: 0x14a3, 0x887: 0x0833, 0x888: 0x0d2f, 0x889: 0x0d3b, 0x88a: 0x0e0f, 0x88b: 0x0e47,
-	0x88c: 0x0f4b, 0x88d: 0x0fa7, 0x88e: 0x1027, 0x88f: 0x110b, 0x890: 0x153b, 0x891: 0x07af,
-	0x892: 0x0c03, 0x893: 0x14b3, 0x894: 0x0767, 0x895: 0x0aab, 0x896: 0x0e2f, 0x897: 0x13df,
-	0x898: 0x0b67, 0x899: 0x0bb7, 0x89a: 0x0d43, 0x89b: 0x0f2f, 0x89c: 0x14bb, 0x89d: 0x0817,
-	0x89e: 0x08ff, 0x89f: 0x0a97, 0x8a0: 0x0cd3, 0x8a1: 0x0d1f, 0x8a2: 0x0d5f, 0x8a3: 0x0df3,
-	0x8a4: 0x0f47, 0x8a5: 0x0fbb, 0x8a6: 0x1157, 0x8a7: 0x12f7, 0x8a8: 0x1303, 0x8a9: 0x1457,
-	0x8aa: 0x14d7, 0x8ab: 0x0883, 0x8ac: 0x0e4b, 0x8ad: 0x0903, 0x8ae: 0x0ec7, 0x8af: 0x0f6b,
-	0x8b0: 0x1287, 0x8b1: 0x14bf, 0x8b2: 0x15ab, 0x8b3: 0x15d3, 0x8b4: 0x0d37, 0x8b5: 0x0e27,
-	0x8b6: 0x11c3, 0x8b7: 0x10b7, 0x8b8: 0x10c3, 0x8b9: 0x10e7, 0x8ba: 0x0f17, 0x8bb: 0x0e9f,
-	0x8bc: 0x1363, 0x8bd: 0x0733, 0x8be: 0x122b, 0x8bf: 0x081b,
-	// Block 0x23, offset 0x8c0
-	0x8c0: 0x080b, 0x8c1: 0x0b0b, 0x8c2: 0x0c2b, 0x8c3: 0x10f3, 0x8c4: 0x0a53, 0x8c5: 0x0e03,
-	0x8c6: 0x0cef, 0x8c7: 0x13e7, 0x8c8: 0x12e7, 0x8c9: 0x14ab, 0x8ca: 0x1323, 0x8cb: 0x0b27,
-	0x8cc: 0x0787, 0x8cd: 0x095b, 0x8d0: 0x09af,
-	0x8d2: 0x0cdf, 0x8d5: 0x07f7, 0x8d6: 0x0f1f, 0x8d7: 0x0fe3,
-	0x8d8: 0x1047, 0x8d9: 0x1063, 0x8da: 0x1067, 0x8db: 0x107b, 0x8dc: 0x14fb, 0x8dd: 0x10eb,
-	0x8de: 0x116f, 0x8e0: 0x128f, 0x8e2: 0x1353,
-	0x8e5: 0x1407, 0x8e6: 0x1433,
-	0x8ea: 0x154f, 0x8eb: 0x1553, 0x8ec: 0x1557, 0x8ed: 0x15bb, 0x8ee: 0x142b, 0x8ef: 0x14c7,
-	0x8f0: 0x0757, 0x8f1: 0x077b, 0x8f2: 0x078f, 0x8f3: 0x084b, 0x8f4: 0x0857, 0x8f5: 0x0897,
-	0x8f6: 0x094b, 0x8f7: 0x0967, 0x8f8: 0x096f, 0x8f9: 0x09ab, 0x8fa: 0x09b7, 0x8fb: 0x0a93,
-	0x8fc: 0x0a9b, 0x8fd: 0x0ba3, 0x8fe: 0x0bcb, 0x8ff: 0x0bd3,
-	// Block 0x24, offset 0x900
-	0x900: 0x0beb, 0x901: 0x0c97, 0x902: 0x0cc7, 0x903: 0x0ce7, 0x904: 0x0d57, 0x905: 0x0e1b,
-	0x906: 0x0e37, 0x907: 0x0e67, 0x908: 0x0ebb, 0x909: 0x0edb, 0x90a: 0x0f4f, 0x90b: 0x102f,
-	0x90c: 0x104b, 0x90d: 0x1053, 0x90e: 0x104f, 0x90f: 0x1057, 0x910: 0x105b, 0x911: 0x105f,
-	0x912: 0x1073, 0x913: 0x1077, 0x914: 0x109b, 0x915: 0x10af, 0x916: 0x10cb, 0x917: 0x112f,
-	0x918: 0x1137, 0x919: 0x113f, 0x91a: 0x1153, 0x91b: 0x117b, 0x91c: 0x11cb, 0x91d: 0x11ff,
-	0x91e: 0x11ff, 0x91f: 0x1267, 0x920: 0x130f, 0x921: 0x1327, 0x922: 0x135b, 0x923: 0x135f,
-	0x924: 0x13a3, 0x925: 0x13a7, 0x926: 0x13ff, 0x927: 0x1407, 0x928: 0x14db, 0x929: 0x151f,
-	0x92a: 0x1537, 0x92b: 0x0b9b, 0x92c: 0x171e, 0x92d: 0x11e3,
-	0x930: 0x06df, 0x931: 0x07e3, 0x932: 0x07a3, 0x933: 0x074b, 0x934: 0x078b, 0x935: 0x07b7,
-	0x936: 0x0847, 0x937: 0x0863, 0x938: 0x094b, 0x939: 0x0937, 0x93a: 0x0947, 0x93b: 0x0963,
-	0x93c: 0x09af, 0x93d: 0x09bf, 0x93e: 0x0a03, 0x93f: 0x0a0f,
-	// Block 0x25, offset 0x940
-	0x940: 0x0a2b, 0x941: 0x0a3b, 0x942: 0x0b23, 0x943: 0x0b2b, 0x944: 0x0b5b, 0x945: 0x0b7b,
-	0x946: 0x0bab, 0x947: 0x0bc3, 0x948: 0x0bb3, 0x949: 0x0bd3, 0x94a: 0x0bc7, 0x94b: 0x0beb,
-	0x94c: 0x0c07, 0x94d: 0x0c5f, 0x94e: 0x0c6b, 0x94f: 0x0c73, 0x950: 0x0c9b, 0x951: 0x0cdf,
-	0x952: 0x0d0f, 0x953: 0x0d13, 0x954: 0x0d27, 0x955: 0x0da7, 0x956: 0x0db7, 0x957: 0x0e0f,
-	0x958: 0x0e5b, 0x959: 0x0e53, 0x95a: 0x0e67, 0x95b: 0x0e83, 0x95c: 0x0ebb, 0x95d: 0x1013,
-	0x95e: 0x0edf, 0x95f: 0x0f13, 0x960: 0x0f1f, 0x961: 0x0f5f, 0x962: 0x0f7b, 0x963: 0x0f9f,
-	0x964: 0x0fc3, 0x965: 0x0fc7, 0x966: 0x0fe3, 0x967: 0x0fe7, 0x968: 0x0ff7, 0x969: 0x100b,
-	0x96a: 0x1007, 0x96b: 0x1037, 0x96c: 0x10b3, 0x96d: 0x10cb, 0x96e: 0x10e3, 0x96f: 0x111b,
-	0x970: 0x112f, 0x971: 0x114b, 0x972: 0x117b, 0x973: 0x122f, 0x974: 0x1257, 0x975: 0x12cb,
-	0x976: 0x1313, 0x977: 0x131f, 0x978: 0x1327, 0x979: 0x133f, 0x97a: 0x1353, 0x97b: 0x1343,
-	0x97c: 0x135b, 0x97d: 0x1357, 0x97e: 0x134f, 0x97f: 0x135f,
-	// Block 0x26, offset 0x980
-	0x980: 0x136b, 0x981: 0x13a7, 0x982: 0x13e3, 0x983: 0x1413, 0x984: 0x144b, 0x985: 0x146b,
-	0x986: 0x14b7, 0x987: 0x14db, 0x988: 0x14fb, 0x989: 0x150f, 0x98a: 0x151f, 0x98b: 0x152b,
-	0x98c: 0x1537, 0x98d: 0x158b, 0x98e: 0x162b, 0x98f: 0x16b5, 0x990: 0x16b0, 0x991: 0x16e2,
-	0x992: 0x0607, 0x993: 0x062f, 0x994: 0x0633, 0x995: 0x1764, 0x996: 0x1791, 0x997: 0x1809,
-	0x998: 0x1617, 0x999: 0x1627,
-	// Block 0x27, offset 0x9c0
-	0x9c0: 0x06fb, 0x9c1: 0x06f3, 0x9c2: 0x0703, 0x9c3: 0x1647, 0x9c4: 0x0747, 0x9c5: 0x0757,
-	0x9c6: 0x075b, 0x9c7: 0x0763, 0x9c8: 0x076b, 0x9c9: 0x076f, 0x9ca: 0x077b, 0x9cb: 0x0773,
-	0x9cc: 0x05b3, 0x9cd: 0x165b, 0x9ce: 0x078f, 0x9cf: 0x0793, 0x9d0: 0x0797, 0x9d1: 0x07b3,
-	0x9d2: 0x164c, 0x9d3: 0x05b7, 0x9d4: 0x079f, 0x9d5: 0x07bf, 0x9d6: 0x1656, 0x9d7: 0x07cf,
-	0x9d8: 0x07d7, 0x9d9: 0x0737, 0x9da: 0x07df, 0x9db: 0x07e3, 0x9dc: 0x1831, 0x9dd: 0x07ff,
-	0x9de: 0x0807, 0x9df: 0x05bf, 0x9e0: 0x081f, 0x9e1: 0x0823, 0x9e2: 0x082b, 0x9e3: 0x082f,
-	0x9e4: 0x05c3, 0x9e5: 0x0847, 0x9e6: 0x084b, 0x9e7: 0x0857, 0x9e8: 0x0863, 0x9e9: 0x0867,
-	0x9ea: 0x086b, 0x9eb: 0x0873, 0x9ec: 0x0893, 0x9ed: 0x0897, 0x9ee: 0x089f, 0x9ef: 0x08af,
-	0x9f0: 0x08b7, 0x9f1: 0x08bb, 0x9f2: 0x08bb, 0x9f3: 0x08bb, 0x9f4: 0x166a, 0x9f5: 0x0e93,
-	0x9f6: 0x08cf, 0x9f7: 0x08d7, 0x9f8: 0x166f, 0x9f9: 0x08e3, 0x9fa: 0x08eb, 0x9fb: 0x08f3,
-	0x9fc: 0x091b, 0x9fd: 0x0907, 0x9fe: 0x0913, 0x9ff: 0x0917,
-	// Block 0x28, offset 0xa00
-	0xa00: 0x091f, 0xa01: 0x0927, 0xa02: 0x092b, 0xa03: 0x0933, 0xa04: 0x093b, 0xa05: 0x093f,
-	0xa06: 0x093f, 0xa07: 0x0947, 0xa08: 0x094f, 0xa09: 0x0953, 0xa0a: 0x095f, 0xa0b: 0x0983,
-	0xa0c: 0x0967, 0xa0d: 0x0987, 0xa0e: 0x096b, 0xa0f: 0x0973, 0xa10: 0x080b, 0xa11: 0x09cf,
-	0xa12: 0x0997, 0xa13: 0x099b, 0xa14: 0x099f, 0xa15: 0x0993, 0xa16: 0x09a7, 0xa17: 0x09a3,
-	0xa18: 0x09bb, 0xa19: 0x1674, 0xa1a: 0x09d7, 0xa1b: 0x09db, 0xa1c: 0x09e3, 0xa1d: 0x09ef,
-	0xa1e: 0x09f7, 0xa1f: 0x0a13, 0xa20: 0x1679, 0xa21: 0x167e, 0xa22: 0x0a1f, 0xa23: 0x0a23,
-	0xa24: 0x0a27, 0xa25: 0x0a1b, 0xa26: 0x0a2f, 0xa27: 0x05c7, 0xa28: 0x05cb, 0xa29: 0x0a37,
-	0xa2a: 0x0a3f, 0xa2b: 0x0a3f, 0xa2c: 0x1683, 0xa2d: 0x0a5b, 0xa2e: 0x0a5f, 0xa2f: 0x0a63,
-	0xa30: 0x0a6b, 0xa31: 0x1688, 0xa32: 0x0a73, 0xa33: 0x0a77, 0xa34: 0x0b4f, 0xa35: 0x0a7f,
-	0xa36: 0x05cf, 0xa37: 0x0a8b, 0xa38: 0x0a9b, 0xa39: 0x0aa7, 0xa3a: 0x0aa3, 0xa3b: 0x1692,
-	0xa3c: 0x0aaf, 0xa3d: 0x1697, 0xa3e: 0x0abb, 0xa3f: 0x0ab7,
-	// Block 0x29, offset 0xa40
-	0xa40: 0x0abf, 0xa41: 0x0acf, 0xa42: 0x0ad3, 0xa43: 0x05d3, 0xa44: 0x0ae3, 0xa45: 0x0aeb,
-	0xa46: 0x0aef, 0xa47: 0x0af3, 0xa48: 0x05d7, 0xa49: 0x169c, 0xa4a: 0x05db, 0xa4b: 0x0b0f,
-	0xa4c: 0x0b13, 0xa4d: 0x0b17, 0xa4e: 0x0b1f, 0xa4f: 0x1863, 0xa50: 0x0b37, 0xa51: 0x16a6,
-	0xa52: 0x16a6, 0xa53: 0x11d7, 0xa54: 0x0b47, 0xa55: 0x0b47, 0xa56: 0x05df, 0xa57: 0x16c9,
-	0xa58: 0x179b, 0xa59: 0x0b57, 0xa5a: 0x0b5f, 0xa5b: 0x05e3, 0xa5c: 0x0b73, 0xa5d: 0x0b83,
-	0xa5e: 0x0b87, 0xa5f: 0x0b8f, 0xa60: 0x0b9f, 0xa61: 0x05eb, 0xa62: 0x05e7, 0xa63: 0x0ba3,
-	0xa64: 0x16ab, 0xa65: 0x0ba7, 0xa66: 0x0bbb, 0xa67: 0x0bbf, 0xa68: 0x0bc3, 0xa69: 0x0bbf,
-	0xa6a: 0x0bcf, 0xa6b: 0x0bd3, 0xa6c: 0x0be3, 0xa6d: 0x0bdb, 0xa6e: 0x0bdf, 0xa6f: 0x0be7,
-	0xa70: 0x0beb, 0xa71: 0x0bef, 0xa72: 0x0bfb, 0xa73: 0x0bff, 0xa74: 0x0c17, 0xa75: 0x0c1f,
-	0xa76: 0x0c2f, 0xa77: 0x0c43, 0xa78: 0x16ba, 0xa79: 0x0c3f, 0xa7a: 0x0c33, 0xa7b: 0x0c4b,
-	0xa7c: 0x0c53, 0xa7d: 0x0c67, 0xa7e: 0x16bf, 0xa7f: 0x0c6f,
-	// Block 0x2a, offset 0xa80
-	0xa80: 0x0c63, 0xa81: 0x0c5b, 0xa82: 0x05ef, 0xa83: 0x0c77, 0xa84: 0x0c7f, 0xa85: 0x0c87,
-	0xa86: 0x0c7b, 0xa87: 0x05f3, 0xa88: 0x0c97, 0xa89: 0x0c9f, 0xa8a: 0x16c4, 0xa8b: 0x0ccb,
-	0xa8c: 0x0cff, 0xa8d: 0x0cdb, 0xa8e: 0x05ff, 0xa8f: 0x0ce7, 0xa90: 0x05fb, 0xa91: 0x05f7,
-	0xa92: 0x07c3, 0xa93: 0x07c7, 0xa94: 0x0d03, 0xa95: 0x0ceb, 0xa96: 0x11ab, 0xa97: 0x0663,
-	0xa98: 0x0d0f, 0xa99: 0x0d13, 0xa9a: 0x0d17, 0xa9b: 0x0d2b, 0xa9c: 0x0d23, 0xa9d: 0x16dd,
-	0xa9e: 0x0603, 0xa9f: 0x0d3f, 0xaa0: 0x0d33, 0xaa1: 0x0d4f, 0xaa2: 0x0d57, 0xaa3: 0x16e7,
-	0xaa4: 0x0d5b, 0xaa5: 0x0d47, 0xaa6: 0x0d63, 0xaa7: 0x0607, 0xaa8: 0x0d67, 0xaa9: 0x0d6b,
-	0xaaa: 0x0d6f, 0xaab: 0x0d7b, 0xaac: 0x16ec, 0xaad: 0x0d83, 0xaae: 0x060b, 0xaaf: 0x0d8f,
-	0xab0: 0x16f1, 0xab1: 0x0d93, 0xab2: 0x060f, 0xab3: 0x0d9f, 0xab4: 0x0dab, 0xab5: 0x0db7,
-	0xab6: 0x0dbb, 0xab7: 0x16f6, 0xab8: 0x168d, 0xab9: 0x16fb, 0xaba: 0x0ddb, 0xabb: 0x1700,
-	0xabc: 0x0de7, 0xabd: 0x0def, 0xabe: 0x0ddf, 0xabf: 0x0dfb,
-	// Block 0x2b, offset 0xac0
-	0xac0: 0x0e0b, 0xac1: 0x0e1b, 0xac2: 0x0e0f, 0xac3: 0x0e13, 0xac4: 0x0e1f, 0xac5: 0x0e23,
-	0xac6: 0x1705, 0xac7: 0x0e07, 0xac8: 0x0e3b, 0xac9: 0x0e3f, 0xaca: 0x0613, 0xacb: 0x0e53,
-	0xacc: 0x0e4f, 0xacd: 0x170a, 0xace: 0x0e33, 0xacf: 0x0e6f, 0xad0: 0x170f, 0xad1: 0x1714,
-	0xad2: 0x0e73, 0xad3: 0x0e87, 0xad4: 0x0e83, 0xad5: 0x0e7f, 0xad6: 0x0617, 0xad7: 0x0e8b,
-	0xad8: 0x0e9b, 0xad9: 0x0e97, 0xada: 0x0ea3, 0xadb: 0x1651, 0xadc: 0x0eb3, 0xadd: 0x1719,
-	0xade: 0x0ebf, 0xadf: 0x1723, 0xae0: 0x0ed3, 0xae1: 0x0edf, 0xae2: 0x0ef3, 0xae3: 0x1728,
-	0xae4: 0x0f07, 0xae5: 0x0f0b, 0xae6: 0x172d, 0xae7: 0x1732, 0xae8: 0x0f27, 0xae9: 0x0f37,
-	0xaea: 0x061b, 0xaeb: 0x0f3b, 0xaec: 0x061f, 0xaed: 0x061f, 0xaee: 0x0f53, 0xaef: 0x0f57,
-	0xaf0: 0x0f5f, 0xaf1: 0x0f63, 0xaf2: 0x0f6f, 0xaf3: 0x0623, 0xaf4: 0x0f87, 0xaf5: 0x1737,
-	0xaf6: 0x0fa3, 0xaf7: 0x173c, 0xaf8: 0x0faf, 0xaf9: 0x16a1, 0xafa: 0x0fbf, 0xafb: 0x1741,
-	0xafc: 0x1746, 0xafd: 0x174b, 0xafe: 0x0627, 0xaff: 0x062b,
-	// Block 0x2c, offset 0xb00
-	0xb00: 0x0ff7, 0xb01: 0x1755, 0xb02: 0x1750, 0xb03: 0x175a, 0xb04: 0x175f, 0xb05: 0x0fff,
-	0xb06: 0x1003, 0xb07: 0x1003, 0xb08: 0x100b, 0xb09: 0x0633, 0xb0a: 0x100f, 0xb0b: 0x0637,
-	0xb0c: 0x063b, 0xb0d: 0x1769, 0xb0e: 0x1023, 0xb0f: 0x102b, 0xb10: 0x1037, 0xb11: 0x063f,
-	0xb12: 0x176e, 0xb13: 0x105b, 0xb14: 0x1773, 0xb15: 0x1778, 0xb16: 0x107b, 0xb17: 0x1093,
-	0xb18: 0x0643, 0xb19: 0x109b, 0xb1a: 0x109f, 0xb1b: 0x10a3, 0xb1c: 0x177d, 0xb1d: 0x1782,
-	0xb1e: 0x1782, 0xb1f: 0x10bb, 0xb20: 0x0647, 0xb21: 0x1787, 0xb22: 0x10cf, 0xb23: 0x10d3,
-	0xb24: 0x064b, 0xb25: 0x178c, 0xb26: 0x10ef, 0xb27: 0x064f, 0xb28: 0x10ff, 0xb29: 0x10f7,
-	0xb2a: 0x1107, 0xb2b: 0x1796, 0xb2c: 0x111f, 0xb2d: 0x0653, 0xb2e: 0x112b, 0xb2f: 0x1133,
-	0xb30: 0x1143, 0xb31: 0x0657, 0xb32: 0x17a0, 0xb33: 0x17a5, 0xb34: 0x065b, 0xb35: 0x17aa,
-	0xb36: 0x115b, 0xb37: 0x17af, 0xb38: 0x1167, 0xb39: 0x1173, 0xb3a: 0x117b, 0xb3b: 0x17b4,
-	0xb3c: 0x17b9, 0xb3d: 0x118f, 0xb3e: 0x17be, 0xb3f: 0x1197,
-	// Block 0x2d, offset 0xb40
-	0xb40: 0x16ce, 0xb41: 0x065f, 0xb42: 0x11af, 0xb43: 0x11b3, 0xb44: 0x0667, 0xb45: 0x11b7,
-	0xb46: 0x0a33, 0xb47: 0x17c3, 0xb48: 0x17c8, 0xb49: 0x16d3, 0xb4a: 0x16d8, 0xb4b: 0x11d7,
-	0xb4c: 0x11db, 0xb4d: 0x13f3, 0xb4e: 0x066b, 0xb4f: 0x1207, 0xb50: 0x1203, 0xb51: 0x120b,
-	0xb52: 0x083f, 0xb53: 0x120f, 0xb54: 0x1213, 0xb55: 0x1217, 0xb56: 0x121f, 0xb57: 0x17cd,
-	0xb58: 0x121b, 0xb59: 0x1223, 0xb5a: 0x1237, 0xb5b: 0x123b, 0xb5c: 0x1227, 0xb5d: 0x123f,
-	0xb5e: 0x1253, 0xb5f: 0x1267, 0xb60: 0x1233, 0xb61: 0x1247, 0xb62: 0x124b, 0xb63: 0x124f,
-	0xb64: 0x17d2, 0xb65: 0x17dc, 0xb66: 0x17d7, 0xb67: 0x066f, 0xb68: 0x126f, 0xb69: 0x1273,
-	0xb6a: 0x127b, 0xb6b: 0x17f0, 0xb6c: 0x127f, 0xb6d: 0x17e1, 0xb6e: 0x0673, 0xb6f: 0x0677,
-	0xb70: 0x17e6, 0xb71: 0x17eb, 0xb72: 0x067b, 0xb73: 0x129f, 0xb74: 0x12a3, 0xb75: 0x12a7,
-	0xb76: 0x12ab, 0xb77: 0x12b7, 0xb78: 0x12b3, 0xb79: 0x12bf, 0xb7a: 0x12bb, 0xb7b: 0x12cb,
-	0xb7c: 0x12c3, 0xb7d: 0x12c7, 0xb7e: 0x12cf, 0xb7f: 0x067f,
-	// Block 0x2e, offset 0xb80
-	0xb80: 0x12d7, 0xb81: 0x12db, 0xb82: 0x0683, 0xb83: 0x12eb, 0xb84: 0x12ef, 0xb85: 0x17f5,
-	0xb86: 0x12fb, 0xb87: 0x12ff, 0xb88: 0x0687, 0xb89: 0x130b, 0xb8a: 0x05bb, 0xb8b: 0x17fa,
-	0xb8c: 0x17ff, 0xb8d: 0x068b, 0xb8e: 0x068f, 0xb8f: 0x1337, 0xb90: 0x134f, 0xb91: 0x136b,
-	0xb92: 0x137b, 0xb93: 0x1804, 0xb94: 0x138f, 0xb95: 0x1393, 0xb96: 0x13ab, 0xb97: 0x13b7,
-	0xb98: 0x180e, 0xb99: 0x1660, 0xb9a: 0x13c3, 0xb9b: 0x13bf, 0xb9c: 0x13cb, 0xb9d: 0x1665,
-	0xb9e: 0x13d7, 0xb9f: 0x13e3, 0xba0: 0x1813, 0xba1: 0x1818, 0xba2: 0x1423, 0xba3: 0x142f,
-	0xba4: 0x1437, 0xba5: 0x181d, 0xba6: 0x143b, 0xba7: 0x1467, 0xba8: 0x1473, 0xba9: 0x1477,
-	0xbaa: 0x146f, 0xbab: 0x1483, 0xbac: 0x1487, 0xbad: 0x1822, 0xbae: 0x1493, 0xbaf: 0x0693,
-	0xbb0: 0x149b, 0xbb1: 0x1827, 0xbb2: 0x0697, 0xbb3: 0x14d3, 0xbb4: 0x0ac3, 0xbb5: 0x14eb,
-	0xbb6: 0x182c, 0xbb7: 0x1836, 0xbb8: 0x069b, 0xbb9: 0x069f, 0xbba: 0x1513, 0xbbb: 0x183b,
-	0xbbc: 0x06a3, 0xbbd: 0x1840, 0xbbe: 0x152b, 0xbbf: 0x152b,
-	// Block 0x2f, offset 0xbc0
-	0xbc0: 0x1533, 0xbc1: 0x1845, 0xbc2: 0x154b, 0xbc3: 0x06a7, 0xbc4: 0x155b, 0xbc5: 0x1567,
-	0xbc6: 0x156f, 0xbc7: 0x1577, 0xbc8: 0x06ab, 0xbc9: 0x184a, 0xbca: 0x158b, 0xbcb: 0x15a7,
-	0xbcc: 0x15b3, 0xbcd: 0x06af, 0xbce: 0x06b3, 0xbcf: 0x15b7, 0xbd0: 0x184f, 0xbd1: 0x06b7,
-	0xbd2: 0x1854, 0xbd3: 0x1859, 0xbd4: 0x185e, 0xbd5: 0x15db, 0xbd6: 0x06bb, 0xbd7: 0x15ef,
-	0xbd8: 0x15f7, 0xbd9: 0x15fb, 0xbda: 0x1603, 0xbdb: 0x160b, 0xbdc: 0x1613, 0xbdd: 0x1868,
-}
-
-// nfcIndex: 22 blocks, 1408 entries, 1408 bytes
-// Block 0 is the zero block.
-var nfcIndex = [1408]uint8{
-	// Block 0x0, offset 0x0
-	// Block 0x1, offset 0x40
-	// Block 0x2, offset 0x80
-	// Block 0x3, offset 0xc0
-	0xc2: 0x2e, 0xc3: 0x01, 0xc4: 0x02, 0xc5: 0x03, 0xc6: 0x2f, 0xc7: 0x04,
-	0xc8: 0x05, 0xca: 0x30, 0xcb: 0x31, 0xcc: 0x06, 0xcd: 0x07, 0xce: 0x08, 0xcf: 0x32,
-	0xd0: 0x09, 0xd1: 0x33, 0xd2: 0x34, 0xd3: 0x0a, 0xd6: 0x0b, 0xd7: 0x35,
-	0xd8: 0x36, 0xd9: 0x0c, 0xdb: 0x37, 0xdc: 0x38, 0xdd: 0x39, 0xdf: 0x3a,
-	0xe0: 0x02, 0xe1: 0x03, 0xe2: 0x04, 0xe3: 0x05,
-	0xea: 0x06, 0xeb: 0x07, 0xec: 0x08, 0xed: 0x09, 0xef: 0x0a,
-	0xf0: 0x13,
-	// Block 0x4, offset 0x100
-	0x120: 0x3b, 0x121: 0x3c, 0x123: 0x0d, 0x124: 0x3d, 0x125: 0x3e, 0x126: 0x3f, 0x127: 0x40,
-	0x128: 0x41, 0x129: 0x42, 0x12a: 0x43, 0x12b: 0x44, 0x12c: 0x3f, 0x12d: 0x45, 0x12e: 0x46, 0x12f: 0x47,
-	0x131: 0x48, 0x132: 0x49, 0x133: 0x4a, 0x134: 0x4b, 0x135: 0x4c, 0x137: 0x4d,
-	0x138: 0x4e, 0x139: 0x4f, 0x13a: 0x50, 0x13b: 0x51, 0x13c: 0x52, 0x13d: 0x53, 0x13e: 0x54, 0x13f: 0x55,
-	// Block 0x5, offset 0x140
-	0x140: 0x56, 0x142: 0x57, 0x144: 0x58, 0x145: 0x59, 0x146: 0x5a, 0x147: 0x5b,
-	0x14d: 0x5c,
-	0x15c: 0x5d, 0x15f: 0x5e,
-	0x162: 0x5f, 0x164: 0x60,
-	0x168: 0x61, 0x169: 0x62, 0x16a: 0x63, 0x16c: 0x0e, 0x16d: 0x64, 0x16e: 0x65, 0x16f: 0x66,
-	0x170: 0x67, 0x173: 0x68, 0x177: 0x0f,
-	0x178: 0x10, 0x179: 0x11, 0x17a: 0x12, 0x17b: 0x13, 0x17c: 0x14, 0x17d: 0x15, 0x17e: 0x16, 0x17f: 0x17,
-	// Block 0x6, offset 0x180
-	0x180: 0x69, 0x183: 0x6a, 0x184: 0x6b, 0x186: 0x6c, 0x187: 0x6d,
-	0x188: 0x6e, 0x189: 0x18, 0x18a: 0x19, 0x18b: 0x6f, 0x18c: 0x70,
-	0x1ab: 0x71,
-	0x1b3: 0x72, 0x1b5: 0x73, 0x1b7: 0x74,
-	// Block 0x7, offset 0x1c0
-	0x1c0: 0x75, 0x1c1: 0x1a, 0x1c2: 0x1b, 0x1c3: 0x1c, 0x1c4: 0x76, 0x1c5: 0x77,
-	0x1c9: 0x78, 0x1cc: 0x79, 0x1cd: 0x7a,
-	// Block 0x8, offset 0x200
-	0x219: 0x7b, 0x21a: 0x7c, 0x21b: 0x7d,
-	0x220: 0x7e, 0x223: 0x7f, 0x224: 0x80, 0x225: 0x81, 0x226: 0x82, 0x227: 0x83,
-	0x22a: 0x84, 0x22b: 0x85, 0x22f: 0x86,
-	0x230: 0x87, 0x231: 0x88, 0x232: 0x89, 0x233: 0x8a, 0x234: 0x8b, 0x235: 0x8c, 0x236: 0x8d, 0x237: 0x87,
-	0x238: 0x88, 0x239: 0x89, 0x23a: 0x8a, 0x23b: 0x8b, 0x23c: 0x8c, 0x23d: 0x8d, 0x23e: 0x87, 0x23f: 0x88,
-	// Block 0x9, offset 0x240
-	0x240: 0x89, 0x241: 0x8a, 0x242: 0x8b, 0x243: 0x8c, 0x244: 0x8d, 0x245: 0x87, 0x246: 0x88, 0x247: 0x89,
-	0x248: 0x8a, 0x249: 0x8b, 0x24a: 0x8c, 0x24b: 0x8d, 0x24c: 0x87, 0x24d: 0x88, 0x24e: 0x89, 0x24f: 0x8a,
-	0x250: 0x8b, 0x251: 0x8c, 0x252: 0x8d, 0x253: 0x87, 0x254: 0x88, 0x255: 0x89, 0x256: 0x8a, 0x257: 0x8b,
-	0x258: 0x8c, 0x259: 0x8d, 0x25a: 0x87, 0x25b: 0x88, 0x25c: 0x89, 0x25d: 0x8a, 0x25e: 0x8b, 0x25f: 0x8c,
-	0x260: 0x8d, 0x261: 0x87, 0x262: 0x88, 0x263: 0x89, 0x264: 0x8a, 0x265: 0x8b, 0x266: 0x8c, 0x267: 0x8d,
-	0x268: 0x87, 0x269: 0x88, 0x26a: 0x89, 0x26b: 0x8a, 0x26c: 0x8b, 0x26d: 0x8c, 0x26e: 0x8d, 0x26f: 0x87,
-	0x270: 0x88, 0x271: 0x89, 0x272: 0x8a, 0x273: 0x8b, 0x274: 0x8c, 0x275: 0x8d, 0x276: 0x87, 0x277: 0x88,
-	0x278: 0x89, 0x279: 0x8a, 0x27a: 0x8b, 0x27b: 0x8c, 0x27c: 0x8d, 0x27d: 0x87, 0x27e: 0x88, 0x27f: 0x89,
-	// Block 0xa, offset 0x280
-	0x280: 0x8a, 0x281: 0x8b, 0x282: 0x8c, 0x283: 0x8d, 0x284: 0x87, 0x285: 0x88, 0x286: 0x89, 0x287: 0x8a,
-	0x288: 0x8b, 0x289: 0x8c, 0x28a: 0x8d, 0x28b: 0x87, 0x28c: 0x88, 0x28d: 0x89, 0x28e: 0x8a, 0x28f: 0x8b,
-	0x290: 0x8c, 0x291: 0x8d, 0x292: 0x87, 0x293: 0x88, 0x294: 0x89, 0x295: 0x8a, 0x296: 0x8b, 0x297: 0x8c,
-	0x298: 0x8d, 0x299: 0x87, 0x29a: 0x88, 0x29b: 0x89, 0x29c: 0x8a, 0x29d: 0x8b, 0x29e: 0x8c, 0x29f: 0x8d,
-	0x2a0: 0x87, 0x2a1: 0x88, 0x2a2: 0x89, 0x2a3: 0x8a, 0x2a4: 0x8b, 0x2a5: 0x8c, 0x2a6: 0x8d, 0x2a7: 0x87,
-	0x2a8: 0x88, 0x2a9: 0x89, 0x2aa: 0x8a, 0x2ab: 0x8b, 0x2ac: 0x8c, 0x2ad: 0x8d, 0x2ae: 0x87, 0x2af: 0x88,
-	0x2b0: 0x89, 0x2b1: 0x8a, 0x2b2: 0x8b, 0x2b3: 0x8c, 0x2b4: 0x8d, 0x2b5: 0x87, 0x2b6: 0x88, 0x2b7: 0x89,
-	0x2b8: 0x8a, 0x2b9: 0x8b, 0x2ba: 0x8c, 0x2bb: 0x8d, 0x2bc: 0x87, 0x2bd: 0x88, 0x2be: 0x89, 0x2bf: 0x8a,
-	// Block 0xb, offset 0x2c0
-	0x2c0: 0x8b, 0x2c1: 0x8c, 0x2c2: 0x8d, 0x2c3: 0x87, 0x2c4: 0x88, 0x2c5: 0x89, 0x2c6: 0x8a, 0x2c7: 0x8b,
-	0x2c8: 0x8c, 0x2c9: 0x8d, 0x2ca: 0x87, 0x2cb: 0x88, 0x2cc: 0x89, 0x2cd: 0x8a, 0x2ce: 0x8b, 0x2cf: 0x8c,
-	0x2d0: 0x8d, 0x2d1: 0x87, 0x2d2: 0x88, 0x2d3: 0x89, 0x2d4: 0x8a, 0x2d5: 0x8b, 0x2d6: 0x8c, 0x2d7: 0x8d,
-	0x2d8: 0x87, 0x2d9: 0x88, 0x2da: 0x89, 0x2db: 0x8a, 0x2dc: 0x8b, 0x2dd: 0x8c, 0x2de: 0x8e,
-	// Block 0xc, offset 0x300
-	0x324: 0x1d, 0x325: 0x1e, 0x326: 0x1f, 0x327: 0x20,
-	0x328: 0x21, 0x329: 0x22, 0x32a: 0x23, 0x32b: 0x24, 0x32c: 0x8f, 0x32d: 0x90, 0x32e: 0x91,
-	0x331: 0x92, 0x332: 0x93, 0x333: 0x94, 0x334: 0x95,
-	0x338: 0x96, 0x339: 0x97, 0x33a: 0x98, 0x33b: 0x99, 0x33e: 0x9a, 0x33f: 0x9b,
-	// Block 0xd, offset 0x340
-	0x347: 0x9c,
-	0x34b: 0x9d, 0x34d: 0x9e,
-	0x368: 0x9f, 0x36b: 0xa0,
-	0x374: 0xa1,
-	0x37d: 0xa2,
-	// Block 0xe, offset 0x380
-	0x381: 0xa3, 0x382: 0xa4, 0x384: 0xa5, 0x385: 0x82, 0x387: 0xa6,
-	0x388: 0xa7, 0x38b: 0xa8, 0x38c: 0xa9, 0x38d: 0xaa,
-	0x391: 0xab, 0x392: 0xac, 0x393: 0xad, 0x396: 0xae, 0x397: 0xaf,
-	0x398: 0x73, 0x39a: 0xb0, 0x39c: 0xb1,
-	0x3a0: 0xb2,
-	0x3a8: 0xb3, 0x3a9: 0xb4, 0x3aa: 0xb5,
-	0x3b0: 0x73, 0x3b5: 0xb6, 0x3b6: 0xb7,
-	// Block 0xf, offset 0x3c0
-	0x3eb: 0xb8, 0x3ec: 0xb9,
-	// Block 0x10, offset 0x400
-	0x432: 0xba,
-	// Block 0x11, offset 0x440
-	0x445: 0xbb, 0x446: 0xbc, 0x447: 0xbd,
-	0x449: 0xbe,
-	// Block 0x12, offset 0x480
-	0x480: 0xbf,
-	0x4a3: 0xc0, 0x4a5: 0xc1,
-	// Block 0x13, offset 0x4c0
-	0x4c8: 0xc2,
-	// Block 0x14, offset 0x500
-	0x520: 0x25, 0x521: 0x26, 0x522: 0x27, 0x523: 0x28, 0x524: 0x29, 0x525: 0x2a, 0x526: 0x2b, 0x527: 0x2c,
-	0x528: 0x2d,
-	// Block 0x15, offset 0x540
-	0x550: 0x0b, 0x551: 0x0c, 0x556: 0x0d,
-	0x55b: 0x0e, 0x55d: 0x0f, 0x55e: 0x10, 0x55f: 0x11,
-	0x56f: 0x12,
-}
-
-// nfcSparseOffset: 149 entries, 298 bytes
-var nfcSparseOffset = []uint16{0x0, 0x5, 0x9, 0xb, 0xd, 0x18, 0x28, 0x2a, 0x2f, 0x3a, 0x49, 0x56, 0x5e, 0x63, 0x68, 0x6a, 0x72, 0x79, 0x7c, 0x84, 0x88, 0x8c, 0x8e, 0x90, 0x99, 0x9d, 0xa4, 0xa9, 0xac, 0xb6, 0xb9, 0xc0, 0xc8, 0xcb, 0xcd, 0xcf, 0xd1, 0xd6, 0xe7, 0xf3, 0xf5, 0xfb, 0xfd, 0xff, 0x101, 0x103, 0x105, 0x107, 0x10a, 0x10d, 0x10f, 0x112, 0x115, 0x119, 0x11e, 0x127, 0x129, 0x12c, 0x12e, 0x139, 0x13d, 0x14b, 0x14e, 0x154, 0x15a, 0x165, 0x169, 0x16b, 0x16d, 0x16f, 0x171, 0x173, 0x179, 0x17d, 0x17f, 0x181, 0x189, 0x18d, 0x190, 0x192, 0x194, 0x196, 0x199, 0x19b, 0x19d, 0x19f, 0x1a1, 0x1a7, 0x1aa, 0x1ac, 0x1b3, 0x1b9, 0x1bf, 0x1c7, 0x1cd, 0x1d3, 0x1d9, 0x1dd, 0x1eb, 0x1f4, 0x1f7, 0x1fa, 0x1fc, 0x1ff, 0x201, 0x205, 0x20a, 0x20c, 0x20e, 0x213, 0x219, 0x21b, 0x21d, 0x21f, 0x225, 0x228, 0x22a, 0x230, 0x233, 0x23b, 0x242, 0x245, 0x248, 0x24a, 0x24d, 0x255, 0x259, 0x260, 0x263, 0x269, 0x26b, 0x26e, 0x270, 0x273, 0x275, 0x277, 0x279, 0x27c, 0x27e, 0x280, 0x282, 0x284, 0x291, 0x29b, 0x29d, 0x29f, 0x2a5, 0x2a7, 0x2aa}
-
-// nfcSparseValues: 684 entries, 2736 bytes
-var nfcSparseValues = [684]valueRange{
-	// Block 0x0, offset 0x0
-	{value: 0x0000, lo: 0x04},
-	{value: 0xa100, lo: 0xa8, hi: 0xa8},
-	{value: 0x8100, lo: 0xaf, hi: 0xaf},
-	{value: 0x8100, lo: 0xb4, hi: 0xb4},
-	{value: 0x8100, lo: 0xb8, hi: 0xb8},
-	// Block 0x1, offset 0x5
-	{value: 0x0091, lo: 0x03},
-	{value: 0x46e2, lo: 0xa0, hi: 0xa1},
-	{value: 0x4714, lo: 0xaf, hi: 0xb0},
-	{value: 0xa000, lo: 0xb7, hi: 0xb7},
-	// Block 0x2, offset 0x9
-	{value: 0x0000, lo: 0x01},
-	{value: 0xa000, lo: 0x92, hi: 0x92},
-	// Block 0x3, offset 0xb
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8100, lo: 0x98, hi: 0x9d},
-	// Block 0x4, offset 0xd
-	{value: 0x0006, lo: 0x0a},
-	{value: 0xa000, lo: 0x81, hi: 0x81},
-	{value: 0xa000, lo: 0x85, hi: 0x85},
-	{value: 0xa000, lo: 0x89, hi: 0x89},
-	{value: 0x4840, lo: 0x8a, hi: 0x8a},
-	{value: 0x485e, lo: 0x8b, hi: 0x8b},
-	{value: 0x36c7, lo: 0x8c, hi: 0x8c},
-	{value: 0x36df, lo: 0x8d, hi: 0x8d},
-	{value: 0x4876, lo: 0x8e, hi: 0x8e},
-	{value: 0xa000, lo: 0x92, hi: 0x92},
-	{value: 0x36fd, lo: 0x93, hi: 0x94},
-	// Block 0x5, offset 0x18
-	{value: 0x0000, lo: 0x0f},
-	{value: 0xa000, lo: 0x83, hi: 0x83},
-	{value: 0xa000, lo: 0x87, hi: 0x87},
-	{value: 0xa000, lo: 0x8b, hi: 0x8b},
-	{value: 0xa000, lo: 0x8d, hi: 0x8d},
-	{value: 0x37a5, lo: 0x90, hi: 0x90},
-	{value: 0x37b1, lo: 0x91, hi: 0x91},
-	{value: 0x379f, lo: 0x93, hi: 0x93},
-	{value: 0xa000, lo: 0x96, hi: 0x96},
-	{value: 0x3817, lo: 0x97, hi: 0x97},
-	{value: 0x37e1, lo: 0x9c, hi: 0x9c},
-	{value: 0x37c9, lo: 0x9d, hi: 0x9d},
-	{value: 0x37f3, lo: 0x9e, hi: 0x9e},
-	{value: 0xa000, lo: 0xb4, hi: 0xb5},
-	{value: 0x381d, lo: 0xb6, hi: 0xb6},
-	{value: 0x3823, lo: 0xb7, hi: 0xb7},
-	// Block 0x6, offset 0x28
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8132, lo: 0x83, hi: 0x87},
-	// Block 0x7, offset 0x2a
-	{value: 0x0001, lo: 0x04},
-	{value: 0x8113, lo: 0x81, hi: 0x82},
-	{value: 0x8132, lo: 0x84, hi: 0x84},
-	{value: 0x812d, lo: 0x85, hi: 0x85},
-	{value: 0x810d, lo: 0x87, hi: 0x87},
-	// Block 0x8, offset 0x2f
-	{value: 0x0000, lo: 0x0a},
-	{value: 0x8132, lo: 0x90, hi: 0x97},
-	{value: 0x8119, lo: 0x98, hi: 0x98},
-	{value: 0x811a, lo: 0x99, hi: 0x99},
-	{value: 0x811b, lo: 0x9a, hi: 0x9a},
-	{value: 0x3841, lo: 0xa2, hi: 0xa2},
-	{value: 0x3847, lo: 0xa3, hi: 0xa3},
-	{value: 0x3853, lo: 0xa4, hi: 0xa4},
-	{value: 0x384d, lo: 0xa5, hi: 0xa5},
-	{value: 0x3859, lo: 0xa6, hi: 0xa6},
-	{value: 0xa000, lo: 0xa7, hi: 0xa7},
-	// Block 0x9, offset 0x3a
-	{value: 0x0000, lo: 0x0e},
-	{value: 0x386b, lo: 0x80, hi: 0x80},
-	{value: 0xa000, lo: 0x81, hi: 0x81},
-	{value: 0x385f, lo: 0x82, hi: 0x82},
-	{value: 0xa000, lo: 0x92, hi: 0x92},
-	{value: 0x3865, lo: 0x93, hi: 0x93},
-	{value: 0xa000, lo: 0x95, hi: 0x95},
-	{value: 0x8132, lo: 0x96, hi: 0x9c},
-	{value: 0x8132, lo: 0x9f, hi: 0xa2},
-	{value: 0x812d, lo: 0xa3, hi: 0xa3},
-	{value: 0x8132, lo: 0xa4, hi: 0xa4},
-	{value: 0x8132, lo: 0xa7, hi: 0xa8},
-	{value: 0x812d, lo: 0xaa, hi: 0xaa},
-	{value: 0x8132, lo: 0xab, hi: 0xac},
-	{value: 0x812d, lo: 0xad, hi: 0xad},
-	// Block 0xa, offset 0x49
-	{value: 0x0000, lo: 0x0c},
-	{value: 0x811f, lo: 0x91, hi: 0x91},
-	{value: 0x8132, lo: 0xb0, hi: 0xb0},
-	{value: 0x812d, lo: 0xb1, hi: 0xb1},
-	{value: 0x8132, lo: 0xb2, hi: 0xb3},
-	{value: 0x812d, lo: 0xb4, hi: 0xb4},
-	{value: 0x8132, lo: 0xb5, hi: 0xb6},
-	{value: 0x812d, lo: 0xb7, hi: 0xb9},
-	{value: 0x8132, lo: 0xba, hi: 0xba},
-	{value: 0x812d, lo: 0xbb, hi: 0xbc},
-	{value: 0x8132, lo: 0xbd, hi: 0xbd},
-	{value: 0x812d, lo: 0xbe, hi: 0xbe},
-	{value: 0x8132, lo: 0xbf, hi: 0xbf},
-	// Block 0xb, offset 0x56
-	{value: 0x0005, lo: 0x07},
-	{value: 0x8132, lo: 0x80, hi: 0x80},
-	{value: 0x8132, lo: 0x81, hi: 0x81},
-	{value: 0x812d, lo: 0x82, hi: 0x83},
-	{value: 0x812d, lo: 0x84, hi: 0x85},
-	{value: 0x812d, lo: 0x86, hi: 0x87},
-	{value: 0x812d, lo: 0x88, hi: 0x89},
-	{value: 0x8132, lo: 0x8a, hi: 0x8a},
-	// Block 0xc, offset 0x5e
-	{value: 0x0000, lo: 0x04},
-	{value: 0x8132, lo: 0xab, hi: 0xb1},
-	{value: 0x812d, lo: 0xb2, hi: 0xb2},
-	{value: 0x8132, lo: 0xb3, hi: 0xb3},
-	{value: 0x812d, lo: 0xbd, hi: 0xbd},
-	// Block 0xd, offset 0x63
-	{value: 0x0000, lo: 0x04},
-	{value: 0x8132, lo: 0x96, hi: 0x99},
-	{value: 0x8132, lo: 0x9b, hi: 0xa3},
-	{value: 0x8132, lo: 0xa5, hi: 0xa7},
-	{value: 0x8132, lo: 0xa9, hi: 0xad},
-	// Block 0xe, offset 0x68
-	{value: 0x0000, lo: 0x01},
-	{value: 0x812d, lo: 0x99, hi: 0x9b},
-	// Block 0xf, offset 0x6a
-	{value: 0x0000, lo: 0x07},
-	{value: 0xa000, lo: 0xa8, hi: 0xa8},
-	{value: 0x3ed8, lo: 0xa9, hi: 0xa9},
-	{value: 0xa000, lo: 0xb0, hi: 0xb0},
-	{value: 0x3ee0, lo: 0xb1, hi: 0xb1},
-	{value: 0xa000, lo: 0xb3, hi: 0xb3},
-	{value: 0x3ee8, lo: 0xb4, hi: 0xb4},
-	{value: 0x9902, lo: 0xbc, hi: 0xbc},
-	// Block 0x10, offset 0x72
-	{value: 0x0008, lo: 0x06},
-	{value: 0x8104, lo: 0x8d, hi: 0x8d},
-	{value: 0x8132, lo: 0x91, hi: 0x91},
-	{value: 0x812d, lo: 0x92, hi: 0x92},
-	{value: 0x8132, lo: 0x93, hi: 0x93},
-	{value: 0x8132, lo: 0x94, hi: 0x94},
-	{value: 0x451c, lo: 0x98, hi: 0x9f},
-	// Block 0x11, offset 0x79
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8102, lo: 0xbc, hi: 0xbc},
-	{value: 0x9900, lo: 0xbe, hi: 0xbe},
-	// Block 0x12, offset 0x7c
-	{value: 0x0008, lo: 0x07},
-	{value: 0xa000, lo: 0x87, hi: 0x87},
-	{value: 0x2c9e, lo: 0x8b, hi: 0x8c},
-	{value: 0x8104, lo: 0x8d, hi: 0x8d},
-	{value: 0x9900, lo: 0x97, hi: 0x97},
-	{value: 0x455c, lo: 0x9c, hi: 0x9d},
-	{value: 0x456c, lo: 0x9f, hi: 0x9f},
-	{value: 0x8132, lo: 0xbe, hi: 0xbe},
-	// Block 0x13, offset 0x84
-	{value: 0x0000, lo: 0x03},
-	{value: 0x4594, lo: 0xb3, hi: 0xb3},
-	{value: 0x459c, lo: 0xb6, hi: 0xb6},
-	{value: 0x8102, lo: 0xbc, hi: 0xbc},
-	// Block 0x14, offset 0x88
-	{value: 0x0008, lo: 0x03},
-	{value: 0x8104, lo: 0x8d, hi: 0x8d},
-	{value: 0x4574, lo: 0x99, hi: 0x9b},
-	{value: 0x458c, lo: 0x9e, hi: 0x9e},
-	// Block 0x15, offset 0x8c
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8102, lo: 0xbc, hi: 0xbc},
-	// Block 0x16, offset 0x8e
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0x8d, hi: 0x8d},
-	// Block 0x17, offset 0x90
-	{value: 0x0000, lo: 0x08},
-	{value: 0xa000, lo: 0x87, hi: 0x87},
-	{value: 0x2cb6, lo: 0x88, hi: 0x88},
-	{value: 0x2cae, lo: 0x8b, hi: 0x8b},
-	{value: 0x2cbe, lo: 0x8c, hi: 0x8c},
-	{value: 0x8104, lo: 0x8d, hi: 0x8d},
-	{value: 0x9900, lo: 0x96, hi: 0x97},
-	{value: 0x45a4, lo: 0x9c, hi: 0x9c},
-	{value: 0x45ac, lo: 0x9d, hi: 0x9d},
-	// Block 0x18, offset 0x99
-	{value: 0x0000, lo: 0x03},
-	{value: 0xa000, lo: 0x92, hi: 0x92},
-	{value: 0x2cc6, lo: 0x94, hi: 0x94},
-	{value: 0x9900, lo: 0xbe, hi: 0xbe},
-	// Block 0x19, offset 0x9d
-	{value: 0x0000, lo: 0x06},
-	{value: 0xa000, lo: 0x86, hi: 0x87},
-	{value: 0x2cce, lo: 0x8a, hi: 0x8a},
-	{value: 0x2cde, lo: 0x8b, hi: 0x8b},
-	{value: 0x2cd6, lo: 0x8c, hi: 0x8c},
-	{value: 0x8104, lo: 0x8d, hi: 0x8d},
-	{value: 0x9900, lo: 0x97, hi: 0x97},
-	// Block 0x1a, offset 0xa4
-	{value: 0x1801, lo: 0x04},
-	{value: 0xa000, lo: 0x86, hi: 0x86},
-	{value: 0x3ef0, lo: 0x88, hi: 0x88},
-	{value: 0x8104, lo: 0x8d, hi: 0x8d},
-	{value: 0x8120, lo: 0x95, hi: 0x96},
-	// Block 0x1b, offset 0xa9
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8102, lo: 0xbc, hi: 0xbc},
-	{value: 0xa000, lo: 0xbf, hi: 0xbf},
-	// Block 0x1c, offset 0xac
-	{value: 0x0000, lo: 0x09},
-	{value: 0x2ce6, lo: 0x80, hi: 0x80},
-	{value: 0x9900, lo: 0x82, hi: 0x82},
-	{value: 0xa000, lo: 0x86, hi: 0x86},
-	{value: 0x2cee, lo: 0x87, hi: 0x87},
-	{value: 0x2cf6, lo: 0x88, hi: 0x88},
-	{value: 0x2f50, lo: 0x8a, hi: 0x8a},
-	{value: 0x2dd8, lo: 0x8b, hi: 0x8b},
-	{value: 0x8104, lo: 0x8d, hi: 0x8d},
-	{value: 0x9900, lo: 0x95, hi: 0x96},
-	// Block 0x1d, offset 0xb6
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8104, lo: 0xbb, hi: 0xbc},
-	{value: 0x9900, lo: 0xbe, hi: 0xbe},
-	// Block 0x1e, offset 0xb9
-	{value: 0x0000, lo: 0x06},
-	{value: 0xa000, lo: 0x86, hi: 0x87},
-	{value: 0x2cfe, lo: 0x8a, hi: 0x8a},
-	{value: 0x2d0e, lo: 0x8b, hi: 0x8b},
-	{value: 0x2d06, lo: 0x8c, hi: 0x8c},
-	{value: 0x8104, lo: 0x8d, hi: 0x8d},
-	{value: 0x9900, lo: 0x97, hi: 0x97},
-	// Block 0x1f, offset 0xc0
-	{value: 0x6bea, lo: 0x07},
-	{value: 0x9904, lo: 0x8a, hi: 0x8a},
-	{value: 0x9900, lo: 0x8f, hi: 0x8f},
-	{value: 0xa000, lo: 0x99, hi: 0x99},
-	{value: 0x3ef8, lo: 0x9a, hi: 0x9a},
-	{value: 0x2f58, lo: 0x9c, hi: 0x9c},
-	{value: 0x2de3, lo: 0x9d, hi: 0x9d},
-	{value: 0x2d16, lo: 0x9e, hi: 0x9f},
-	// Block 0x20, offset 0xc8
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8122, lo: 0xb8, hi: 0xb9},
-	{value: 0x8104, lo: 0xba, hi: 0xba},
-	// Block 0x21, offset 0xcb
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8123, lo: 0x88, hi: 0x8b},
-	// Block 0x22, offset 0xcd
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8124, lo: 0xb8, hi: 0xb9},
-	// Block 0x23, offset 0xcf
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8125, lo: 0x88, hi: 0x8b},
-	// Block 0x24, offset 0xd1
-	{value: 0x0000, lo: 0x04},
-	{value: 0x812d, lo: 0x98, hi: 0x99},
-	{value: 0x812d, lo: 0xb5, hi: 0xb5},
-	{value: 0x812d, lo: 0xb7, hi: 0xb7},
-	{value: 0x812b, lo: 0xb9, hi: 0xb9},
-	// Block 0x25, offset 0xd6
-	{value: 0x0000, lo: 0x10},
-	{value: 0x2644, lo: 0x83, hi: 0x83},
-	{value: 0x264b, lo: 0x8d, hi: 0x8d},
-	{value: 0x2652, lo: 0x92, hi: 0x92},
-	{value: 0x2659, lo: 0x97, hi: 0x97},
-	{value: 0x2660, lo: 0x9c, hi: 0x9c},
-	{value: 0x263d, lo: 0xa9, hi: 0xa9},
-	{value: 0x8126, lo: 0xb1, hi: 0xb1},
-	{value: 0x8127, lo: 0xb2, hi: 0xb2},
-	{value: 0x4a84, lo: 0xb3, hi: 0xb3},
-	{value: 0x8128, lo: 0xb4, hi: 0xb4},
-	{value: 0x4a8d, lo: 0xb5, hi: 0xb5},
-	{value: 0x45b4, lo: 0xb6, hi: 0xb6},
-	{value: 0x8200, lo: 0xb7, hi: 0xb7},
-	{value: 0x45bc, lo: 0xb8, hi: 0xb8},
-	{value: 0x8200, lo: 0xb9, hi: 0xb9},
-	{value: 0x8127, lo: 0xba, hi: 0xbd},
-	// Block 0x26, offset 0xe7
-	{value: 0x0000, lo: 0x0b},
-	{value: 0x8127, lo: 0x80, hi: 0x80},
-	{value: 0x4a96, lo: 0x81, hi: 0x81},
-	{value: 0x8132, lo: 0x82, hi: 0x83},
-	{value: 0x8104, lo: 0x84, hi: 0x84},
-	{value: 0x8132, lo: 0x86, hi: 0x87},
-	{value: 0x266e, lo: 0x93, hi: 0x93},
-	{value: 0x2675, lo: 0x9d, hi: 0x9d},
-	{value: 0x267c, lo: 0xa2, hi: 0xa2},
-	{value: 0x2683, lo: 0xa7, hi: 0xa7},
-	{value: 0x268a, lo: 0xac, hi: 0xac},
-	{value: 0x2667, lo: 0xb9, hi: 0xb9},
-	// Block 0x27, offset 0xf3
-	{value: 0x0000, lo: 0x01},
-	{value: 0x812d, lo: 0x86, hi: 0x86},
-	// Block 0x28, offset 0xf5
-	{value: 0x0000, lo: 0x05},
-	{value: 0xa000, lo: 0xa5, hi: 0xa5},
-	{value: 0x2d1e, lo: 0xa6, hi: 0xa6},
-	{value: 0x9900, lo: 0xae, hi: 0xae},
-	{value: 0x8102, lo: 0xb7, hi: 0xb7},
-	{value: 0x8104, lo: 0xb9, hi: 0xba},
-	// Block 0x29, offset 0xfb
-	{value: 0x0000, lo: 0x01},
-	{value: 0x812d, lo: 0x8d, hi: 0x8d},
-	// Block 0x2a, offset 0xfd
-	{value: 0x0000, lo: 0x01},
-	{value: 0xa000, lo: 0x80, hi: 0x92},
-	// Block 0x2b, offset 0xff
-	{value: 0x0000, lo: 0x01},
-	{value: 0xb900, lo: 0xa1, hi: 0xb5},
-	// Block 0x2c, offset 0x101
-	{value: 0x0000, lo: 0x01},
-	{value: 0x9900, lo: 0xa8, hi: 0xbf},
-	// Block 0x2d, offset 0x103
-	{value: 0x0000, lo: 0x01},
-	{value: 0x9900, lo: 0x80, hi: 0x82},
-	// Block 0x2e, offset 0x105
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8132, lo: 0x9d, hi: 0x9f},
-	// Block 0x2f, offset 0x107
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8104, lo: 0x94, hi: 0x94},
-	{value: 0x8104, lo: 0xb4, hi: 0xb4},
-	// Block 0x30, offset 0x10a
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8104, lo: 0x92, hi: 0x92},
-	{value: 0x8132, lo: 0x9d, hi: 0x9d},
-	// Block 0x31, offset 0x10d
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8131, lo: 0xa9, hi: 0xa9},
-	// Block 0x32, offset 0x10f
-	{value: 0x0004, lo: 0x02},
-	{value: 0x812e, lo: 0xb9, hi: 0xba},
-	{value: 0x812d, lo: 0xbb, hi: 0xbb},
-	// Block 0x33, offset 0x112
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8132, lo: 0x97, hi: 0x97},
-	{value: 0x812d, lo: 0x98, hi: 0x98},
-	// Block 0x34, offset 0x115
-	{value: 0x0000, lo: 0x03},
-	{value: 0x8104, lo: 0xa0, hi: 0xa0},
-	{value: 0x8132, lo: 0xb5, hi: 0xbc},
-	{value: 0x812d, lo: 0xbf, hi: 0xbf},
-	// Block 0x35, offset 0x119
-	{value: 0x0000, lo: 0x04},
-	{value: 0x8132, lo: 0xb0, hi: 0xb4},
-	{value: 0x812d, lo: 0xb5, hi: 0xba},
-	{value: 0x8132, lo: 0xbb, hi: 0xbc},
-	{value: 0x812d, lo: 0xbd, hi: 0xbd},
-	// Block 0x36, offset 0x11e
-	{value: 0x0000, lo: 0x08},
-	{value: 0x2d66, lo: 0x80, hi: 0x80},
-	{value: 0x2d6e, lo: 0x81, hi: 0x81},
-	{value: 0xa000, lo: 0x82, hi: 0x82},
-	{value: 0x2d76, lo: 0x83, hi: 0x83},
-	{value: 0x8104, lo: 0x84, hi: 0x84},
-	{value: 0x8132, lo: 0xab, hi: 0xab},
-	{value: 0x812d, lo: 0xac, hi: 0xac},
-	{value: 0x8132, lo: 0xad, hi: 0xb3},
-	// Block 0x37, offset 0x127
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0xaa, hi: 0xab},
-	// Block 0x38, offset 0x129
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8102, lo: 0xa6, hi: 0xa6},
-	{value: 0x8104, lo: 0xb2, hi: 0xb3},
-	// Block 0x39, offset 0x12c
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8102, lo: 0xb7, hi: 0xb7},
-	// Block 0x3a, offset 0x12e
-	{value: 0x0000, lo: 0x0a},
-	{value: 0x8132, lo: 0x90, hi: 0x92},
-	{value: 0x8101, lo: 0x94, hi: 0x94},
-	{value: 0x812d, lo: 0x95, hi: 0x99},
-	{value: 0x8132, lo: 0x9a, hi: 0x9b},
-	{value: 0x812d, lo: 0x9c, hi: 0x9f},
-	{value: 0x8132, lo: 0xa0, hi: 0xa0},
-	{value: 0x8101, lo: 0xa2, hi: 0xa8},
-	{value: 0x812d, lo: 0xad, hi: 0xad},
-	{value: 0x8132, lo: 0xb4, hi: 0xb4},
-	{value: 0x8132, lo: 0xb8, hi: 0xb9},
-	// Block 0x3b, offset 0x139
-	{value: 0x0004, lo: 0x03},
-	{value: 0x0433, lo: 0x80, hi: 0x81},
-	{value: 0x8100, lo: 0x97, hi: 0x97},
-	{value: 0x8100, lo: 0xbe, hi: 0xbe},
-	// Block 0x3c, offset 0x13d
-	{value: 0x0000, lo: 0x0d},
-	{value: 0x8132, lo: 0x90, hi: 0x91},
-	{value: 0x8101, lo: 0x92, hi: 0x93},
-	{value: 0x8132, lo: 0x94, hi: 0x97},
-	{value: 0x8101, lo: 0x98, hi: 0x9a},
-	{value: 0x8132, lo: 0x9b, hi: 0x9c},
-	{value: 0x8132, lo: 0xa1, hi: 0xa1},
-	{value: 0x8101, lo: 0xa5, hi: 0xa6},
-	{value: 0x8132, lo: 0xa7, hi: 0xa7},
-	{value: 0x812d, lo: 0xa8, hi: 0xa8},
-	{value: 0x8132, lo: 0xa9, hi: 0xa9},
-	{value: 0x8101, lo: 0xaa, hi: 0xab},
-	{value: 0x812d, lo: 0xac, hi: 0xaf},
-	{value: 0x8132, lo: 0xb0, hi: 0xb0},
-	// Block 0x3d, offset 0x14b
-	{value: 0x427b, lo: 0x02},
-	{value: 0x01b8, lo: 0xa6, hi: 0xa6},
-	{value: 0x0057, lo: 0xaa, hi: 0xab},
-	// Block 0x3e, offset 0x14e
-	{value: 0x0007, lo: 0x05},
-	{value: 0xa000, lo: 0x90, hi: 0x90},
-	{value: 0xa000, lo: 0x92, hi: 0x92},
-	{value: 0xa000, lo: 0x94, hi: 0x94},
-	{value: 0x3bb9, lo: 0x9a, hi: 0x9b},
-	{value: 0x3bc7, lo: 0xae, hi: 0xae},
-	// Block 0x3f, offset 0x154
-	{value: 0x000e, lo: 0x05},
-	{value: 0x3bce, lo: 0x8d, hi: 0x8e},
-	{value: 0x3bd5, lo: 0x8f, hi: 0x8f},
-	{value: 0xa000, lo: 0x90, hi: 0x90},
-	{value: 0xa000, lo: 0x92, hi: 0x92},
-	{value: 0xa000, lo: 0x94, hi: 0x94},
-	// Block 0x40, offset 0x15a
-	{value: 0x6408, lo: 0x0a},
-	{value: 0xa000, lo: 0x83, hi: 0x83},
-	{value: 0x3be3, lo: 0x84, hi: 0x84},
-	{value: 0xa000, lo: 0x88, hi: 0x88},
-	{value: 0x3bea, lo: 0x89, hi: 0x89},
-	{value: 0xa000, lo: 0x8b, hi: 0x8b},
-	{value: 0x3bf1, lo: 0x8c, hi: 0x8c},
-	{value: 0xa000, lo: 0xa3, hi: 0xa3},
-	{value: 0x3bf8, lo: 0xa4, hi: 0xa5},
-	{value: 0x3bff, lo: 0xa6, hi: 0xa6},
-	{value: 0xa000, lo: 0xbc, hi: 0xbc},
-	// Block 0x41, offset 0x165
-	{value: 0x0007, lo: 0x03},
-	{value: 0x3c68, lo: 0xa0, hi: 0xa1},
-	{value: 0x3c92, lo: 0xa2, hi: 0xa3},
-	{value: 0x3cbc, lo: 0xaa, hi: 0xad},
-	// Block 0x42, offset 0x169
-	{value: 0x0004, lo: 0x01},
-	{value: 0x048b, lo: 0xa9, hi: 0xaa},
-	// Block 0x43, offset 0x16b
-	{value: 0x0000, lo: 0x01},
-	{value: 0x44dd, lo: 0x9c, hi: 0x9c},
-	// Block 0x44, offset 0x16d
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8132, lo: 0xaf, hi: 0xb1},
-	// Block 0x45, offset 0x16f
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0xbf, hi: 0xbf},
-	// Block 0x46, offset 0x171
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8132, lo: 0xa0, hi: 0xbf},
-	// Block 0x47, offset 0x173
-	{value: 0x0000, lo: 0x05},
-	{value: 0x812c, lo: 0xaa, hi: 0xaa},
-	{value: 0x8131, lo: 0xab, hi: 0xab},
-	{value: 0x8133, lo: 0xac, hi: 0xac},
-	{value: 0x812e, lo: 0xad, hi: 0xad},
-	{value: 0x812f, lo: 0xae, hi: 0xaf},
-	// Block 0x48, offset 0x179
-	{value: 0x0000, lo: 0x03},
-	{value: 0x4a9f, lo: 0xb3, hi: 0xb3},
-	{value: 0x4a9f, lo: 0xb5, hi: 0xb6},
-	{value: 0x4a9f, lo: 0xba, hi: 0xbf},
-	// Block 0x49, offset 0x17d
-	{value: 0x0000, lo: 0x01},
-	{value: 0x4a9f, lo: 0x8f, hi: 0xa3},
-	// Block 0x4a, offset 0x17f
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8100, lo: 0xae, hi: 0xbe},
-	// Block 0x4b, offset 0x181
-	{value: 0x0000, lo: 0x07},
-	{value: 0x8100, lo: 0x84, hi: 0x84},
-	{value: 0x8100, lo: 0x87, hi: 0x87},
-	{value: 0x8100, lo: 0x90, hi: 0x90},
-	{value: 0x8100, lo: 0x9e, hi: 0x9e},
-	{value: 0x8100, lo: 0xa1, hi: 0xa1},
-	{value: 0x8100, lo: 0xb2, hi: 0xb2},
-	{value: 0x8100, lo: 0xbb, hi: 0xbb},
-	// Block 0x4c, offset 0x189
-	{value: 0x0000, lo: 0x03},
-	{value: 0x8100, lo: 0x80, hi: 0x80},
-	{value: 0x8100, lo: 0x8b, hi: 0x8b},
-	{value: 0x8100, lo: 0x8e, hi: 0x8e},
-	// Block 0x4d, offset 0x18d
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8132, lo: 0xaf, hi: 0xaf},
-	{value: 0x8132, lo: 0xb4, hi: 0xbd},
-	// Block 0x4e, offset 0x190
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8132, lo: 0x9e, hi: 0x9f},
-	// Block 0x4f, offset 0x192
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8132, lo: 0xb0, hi: 0xb1},
-	// Block 0x50, offset 0x194
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0x86, hi: 0x86},
-	// Block 0x51, offset 0x196
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8104, lo: 0x84, hi: 0x84},
-	{value: 0x8132, lo: 0xa0, hi: 0xb1},
-	// Block 0x52, offset 0x199
-	{value: 0x0000, lo: 0x01},
-	{value: 0x812d, lo: 0xab, hi: 0xad},
-	// Block 0x53, offset 0x19b
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0x93, hi: 0x93},
-	// Block 0x54, offset 0x19d
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8102, lo: 0xb3, hi: 0xb3},
-	// Block 0x55, offset 0x19f
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0x80, hi: 0x80},
-	// Block 0x56, offset 0x1a1
-	{value: 0x0000, lo: 0x05},
-	{value: 0x8132, lo: 0xb0, hi: 0xb0},
-	{value: 0x8132, lo: 0xb2, hi: 0xb3},
-	{value: 0x812d, lo: 0xb4, hi: 0xb4},
-	{value: 0x8132, lo: 0xb7, hi: 0xb8},
-	{value: 0x8132, lo: 0xbe, hi: 0xbf},
-	// Block 0x57, offset 0x1a7
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8132, lo: 0x81, hi: 0x81},
-	{value: 0x8104, lo: 0xb6, hi: 0xb6},
-	// Block 0x58, offset 0x1aa
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0xad, hi: 0xad},
-	// Block 0x59, offset 0x1ac
-	{value: 0x0000, lo: 0x06},
-	{value: 0xe500, lo: 0x80, hi: 0x80},
-	{value: 0xc600, lo: 0x81, hi: 0x9b},
-	{value: 0xe500, lo: 0x9c, hi: 0x9c},
-	{value: 0xc600, lo: 0x9d, hi: 0xb7},
-	{value: 0xe500, lo: 0xb8, hi: 0xb8},
-	{value: 0xc600, lo: 0xb9, hi: 0xbf},
-	// Block 0x5a, offset 0x1b3
-	{value: 0x0000, lo: 0x05},
-	{value: 0xc600, lo: 0x80, hi: 0x93},
-	{value: 0xe500, lo: 0x94, hi: 0x94},
-	{value: 0xc600, lo: 0x95, hi: 0xaf},
-	{value: 0xe500, lo: 0xb0, hi: 0xb0},
-	{value: 0xc600, lo: 0xb1, hi: 0xbf},
-	// Block 0x5b, offset 0x1b9
-	{value: 0x0000, lo: 0x05},
-	{value: 0xc600, lo: 0x80, hi: 0x8b},
-	{value: 0xe500, lo: 0x8c, hi: 0x8c},
-	{value: 0xc600, lo: 0x8d, hi: 0xa7},
-	{value: 0xe500, lo: 0xa8, hi: 0xa8},
-	{value: 0xc600, lo: 0xa9, hi: 0xbf},
-	// Block 0x5c, offset 0x1bf
-	{value: 0x0000, lo: 0x07},
-	{value: 0xc600, lo: 0x80, hi: 0x83},
-	{value: 0xe500, lo: 0x84, hi: 0x84},
-	{value: 0xc600, lo: 0x85, hi: 0x9f},
-	{value: 0xe500, lo: 0xa0, hi: 0xa0},
-	{value: 0xc600, lo: 0xa1, hi: 0xbb},
-	{value: 0xe500, lo: 0xbc, hi: 0xbc},
-	{value: 0xc600, lo: 0xbd, hi: 0xbf},
-	// Block 0x5d, offset 0x1c7
-	{value: 0x0000, lo: 0x05},
-	{value: 0xc600, lo: 0x80, hi: 0x97},
-	{value: 0xe500, lo: 0x98, hi: 0x98},
-	{value: 0xc600, lo: 0x99, hi: 0xb3},
-	{value: 0xe500, lo: 0xb4, hi: 0xb4},
-	{value: 0xc600, lo: 0xb5, hi: 0xbf},
-	// Block 0x5e, offset 0x1cd
-	{value: 0x0000, lo: 0x05},
-	{value: 0xc600, lo: 0x80, hi: 0x8f},
-	{value: 0xe500, lo: 0x90, hi: 0x90},
-	{value: 0xc600, lo: 0x91, hi: 0xab},
-	{value: 0xe500, lo: 0xac, hi: 0xac},
-	{value: 0xc600, lo: 0xad, hi: 0xbf},
-	// Block 0x5f, offset 0x1d3
-	{value: 0x0000, lo: 0x05},
-	{value: 0xc600, lo: 0x80, hi: 0x87},
-	{value: 0xe500, lo: 0x88, hi: 0x88},
-	{value: 0xc600, lo: 0x89, hi: 0xa3},
-	{value: 0xe500, lo: 0xa4, hi: 0xa4},
-	{value: 0xc600, lo: 0xa5, hi: 0xbf},
-	// Block 0x60, offset 0x1d9
-	{value: 0x0000, lo: 0x03},
-	{value: 0xc600, lo: 0x80, hi: 0x87},
-	{value: 0xe500, lo: 0x88, hi: 0x88},
-	{value: 0xc600, lo: 0x89, hi: 0xa3},
-	// Block 0x61, offset 0x1dd
-	{value: 0x0006, lo: 0x0d},
-	{value: 0x4390, lo: 0x9d, hi: 0x9d},
-	{value: 0x8115, lo: 0x9e, hi: 0x9e},
-	{value: 0x4402, lo: 0x9f, hi: 0x9f},
-	{value: 0x43f0, lo: 0xaa, hi: 0xab},
-	{value: 0x44f4, lo: 0xac, hi: 0xac},
-	{value: 0x44fc, lo: 0xad, hi: 0xad},
-	{value: 0x4348, lo: 0xae, hi: 0xb1},
-	{value: 0x4366, lo: 0xb2, hi: 0xb4},
-	{value: 0x437e, lo: 0xb5, hi: 0xb6},
-	{value: 0x438a, lo: 0xb8, hi: 0xb8},
-	{value: 0x4396, lo: 0xb9, hi: 0xbb},
-	{value: 0x43ae, lo: 0xbc, hi: 0xbc},
-	{value: 0x43b4, lo: 0xbe, hi: 0xbe},
-	// Block 0x62, offset 0x1eb
-	{value: 0x0006, lo: 0x08},
-	{value: 0x43ba, lo: 0x80, hi: 0x81},
-	{value: 0x43c6, lo: 0x83, hi: 0x84},
-	{value: 0x43d8, lo: 0x86, hi: 0x89},
-	{value: 0x43fc, lo: 0x8a, hi: 0x8a},
-	{value: 0x4378, lo: 0x8b, hi: 0x8b},
-	{value: 0x4360, lo: 0x8c, hi: 0x8c},
-	{value: 0x43a8, lo: 0x8d, hi: 0x8d},
-	{value: 0x43d2, lo: 0x8e, hi: 0x8e},
-	// Block 0x63, offset 0x1f4
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8100, lo: 0xa4, hi: 0xa5},
-	{value: 0x8100, lo: 0xb0, hi: 0xb1},
-	// Block 0x64, offset 0x1f7
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8100, lo: 0x9b, hi: 0x9d},
-	{value: 0x8200, lo: 0x9e, hi: 0xa3},
-	// Block 0x65, offset 0x1fa
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8100, lo: 0x90, hi: 0x90},
-	// Block 0x66, offset 0x1fc
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8100, lo: 0x99, hi: 0x99},
-	{value: 0x8200, lo: 0xb2, hi: 0xb4},
-	// Block 0x67, offset 0x1ff
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8100, lo: 0xbc, hi: 0xbd},
-	// Block 0x68, offset 0x201
-	{value: 0x0000, lo: 0x03},
-	{value: 0x8132, lo: 0xa0, hi: 0xa6},
-	{value: 0x812d, lo: 0xa7, hi: 0xad},
-	{value: 0x8132, lo: 0xae, hi: 0xaf},
-	// Block 0x69, offset 0x205
-	{value: 0x0000, lo: 0x04},
-	{value: 0x8100, lo: 0x89, hi: 0x8c},
-	{value: 0x8100, lo: 0xb0, hi: 0xb2},
-	{value: 0x8100, lo: 0xb4, hi: 0xb4},
-	{value: 0x8100, lo: 0xb6, hi: 0xbf},
-	// Block 0x6a, offset 0x20a
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8100, lo: 0x81, hi: 0x8c},
-	// Block 0x6b, offset 0x20c
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8100, lo: 0xb5, hi: 0xba},
-	// Block 0x6c, offset 0x20e
-	{value: 0x0000, lo: 0x04},
-	{value: 0x4a9f, lo: 0x9e, hi: 0x9f},
-	{value: 0x4a9f, lo: 0xa3, hi: 0xa3},
-	{value: 0x4a9f, lo: 0xa5, hi: 0xa6},
-	{value: 0x4a9f, lo: 0xaa, hi: 0xaf},
-	// Block 0x6d, offset 0x213
-	{value: 0x0000, lo: 0x05},
-	{value: 0x4a9f, lo: 0x82, hi: 0x87},
-	{value: 0x4a9f, lo: 0x8a, hi: 0x8f},
-	{value: 0x4a9f, lo: 0x92, hi: 0x97},
-	{value: 0x4a9f, lo: 0x9a, hi: 0x9c},
-	{value: 0x8100, lo: 0xa3, hi: 0xa3},
-	// Block 0x6e, offset 0x219
-	{value: 0x0000, lo: 0x01},
-	{value: 0x812d, lo: 0xbd, hi: 0xbd},
-	// Block 0x6f, offset 0x21b
-	{value: 0x0000, lo: 0x01},
-	{value: 0x812d, lo: 0xa0, hi: 0xa0},
-	// Block 0x70, offset 0x21d
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8132, lo: 0xb6, hi: 0xba},
-	// Block 0x71, offset 0x21f
-	{value: 0x002c, lo: 0x05},
-	{value: 0x812d, lo: 0x8d, hi: 0x8d},
-	{value: 0x8132, lo: 0x8f, hi: 0x8f},
-	{value: 0x8132, lo: 0xb8, hi: 0xb8},
-	{value: 0x8101, lo: 0xb9, hi: 0xba},
-	{value: 0x8104, lo: 0xbf, hi: 0xbf},
-	// Block 0x72, offset 0x225
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8132, lo: 0xa5, hi: 0xa5},
-	{value: 0x812d, lo: 0xa6, hi: 0xa6},
-	// Block 0x73, offset 0x228
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8132, lo: 0xa4, hi: 0xa7},
-	// Block 0x74, offset 0x22a
-	{value: 0x0000, lo: 0x05},
-	{value: 0x812d, lo: 0x86, hi: 0x87},
-	{value: 0x8132, lo: 0x88, hi: 0x8a},
-	{value: 0x812d, lo: 0x8b, hi: 0x8b},
-	{value: 0x8132, lo: 0x8c, hi: 0x8c},
-	{value: 0x812d, lo: 0x8d, hi: 0x90},
-	// Block 0x75, offset 0x230
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8104, lo: 0x86, hi: 0x86},
-	{value: 0x8104, lo: 0xbf, hi: 0xbf},
-	// Block 0x76, offset 0x233
-	{value: 0x17fe, lo: 0x07},
-	{value: 0xa000, lo: 0x99, hi: 0x99},
-	{value: 0x4238, lo: 0x9a, hi: 0x9a},
-	{value: 0xa000, lo: 0x9b, hi: 0x9b},
-	{value: 0x4242, lo: 0x9c, hi: 0x9c},
-	{value: 0xa000, lo: 0xa5, hi: 0xa5},
-	{value: 0x424c, lo: 0xab, hi: 0xab},
-	{value: 0x8104, lo: 0xb9, hi: 0xba},
-	// Block 0x77, offset 0x23b
-	{value: 0x0000, lo: 0x06},
-	{value: 0x8132, lo: 0x80, hi: 0x82},
-	{value: 0x9900, lo: 0xa7, hi: 0xa7},
-	{value: 0x2d7e, lo: 0xae, hi: 0xae},
-	{value: 0x2d88, lo: 0xaf, hi: 0xaf},
-	{value: 0xa000, lo: 0xb1, hi: 0xb2},
-	{value: 0x8104, lo: 0xb3, hi: 0xb4},
-	// Block 0x78, offset 0x242
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8104, lo: 0x80, hi: 0x80},
-	{value: 0x8102, lo: 0x8a, hi: 0x8a},
-	// Block 0x79, offset 0x245
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8104, lo: 0xb5, hi: 0xb5},
-	{value: 0x8102, lo: 0xb6, hi: 0xb6},
-	// Block 0x7a, offset 0x248
-	{value: 0x0002, lo: 0x01},
-	{value: 0x8102, lo: 0xa9, hi: 0xaa},
-	// Block 0x7b, offset 0x24a
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8102, lo: 0xbb, hi: 0xbc},
-	{value: 0x9900, lo: 0xbe, hi: 0xbe},
-	// Block 0x7c, offset 0x24d
-	{value: 0x0000, lo: 0x07},
-	{value: 0xa000, lo: 0x87, hi: 0x87},
-	{value: 0x2d92, lo: 0x8b, hi: 0x8b},
-	{value: 0x2d9c, lo: 0x8c, hi: 0x8c},
-	{value: 0x8104, lo: 0x8d, hi: 0x8d},
-	{value: 0x9900, lo: 0x97, hi: 0x97},
-	{value: 0x8132, lo: 0xa6, hi: 0xac},
-	{value: 0x8132, lo: 0xb0, hi: 0xb4},
-	// Block 0x7d, offset 0x255
-	{value: 0x0000, lo: 0x03},
-	{value: 0x8104, lo: 0x82, hi: 0x82},
-	{value: 0x8102, lo: 0x86, hi: 0x86},
-	{value: 0x8132, lo: 0x9e, hi: 0x9e},
-	// Block 0x7e, offset 0x259
-	{value: 0x6b5a, lo: 0x06},
-	{value: 0x9900, lo: 0xb0, hi: 0xb0},
-	{value: 0xa000, lo: 0xb9, hi: 0xb9},
-	{value: 0x9900, lo: 0xba, hi: 0xba},
-	{value: 0x2db0, lo: 0xbb, hi: 0xbb},
-	{value: 0x2da6, lo: 0xbc, hi: 0xbd},
-	{value: 0x2dba, lo: 0xbe, hi: 0xbe},
-	// Block 0x7f, offset 0x260
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8104, lo: 0x82, hi: 0x82},
-	{value: 0x8102, lo: 0x83, hi: 0x83},
-	// Block 0x80, offset 0x263
-	{value: 0x0000, lo: 0x05},
-	{value: 0x9900, lo: 0xaf, hi: 0xaf},
-	{value: 0xa000, lo: 0xb8, hi: 0xb9},
-	{value: 0x2dc4, lo: 0xba, hi: 0xba},
-	{value: 0x2dce, lo: 0xbb, hi: 0xbb},
-	{value: 0x8104, lo: 0xbf, hi: 0xbf},
-	// Block 0x81, offset 0x269
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8102, lo: 0x80, hi: 0x80},
-	// Block 0x82, offset 0x26b
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8104, lo: 0xb6, hi: 0xb6},
-	{value: 0x8102, lo: 0xb7, hi: 0xb7},
-	// Block 0x83, offset 0x26e
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0xab, hi: 0xab},
-	// Block 0x84, offset 0x270
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8104, lo: 0xb9, hi: 0xb9},
-	{value: 0x8102, lo: 0xba, hi: 0xba},
-	// Block 0x85, offset 0x273
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0xb4, hi: 0xb4},
-	// Block 0x86, offset 0x275
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0x87, hi: 0x87},
-	// Block 0x87, offset 0x277
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0x99, hi: 0x99},
-	// Block 0x88, offset 0x279
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8102, lo: 0x82, hi: 0x82},
-	{value: 0x8104, lo: 0x84, hi: 0x85},
-	// Block 0x89, offset 0x27c
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0x97, hi: 0x97},
-	// Block 0x8a, offset 0x27e
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8101, lo: 0xb0, hi: 0xb4},
-	// Block 0x8b, offset 0x280
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8132, lo: 0xb0, hi: 0xb6},
-	// Block 0x8c, offset 0x282
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8101, lo: 0x9e, hi: 0x9e},
-	// Block 0x8d, offset 0x284
-	{value: 0x0000, lo: 0x0c},
-	{value: 0x45cc, lo: 0x9e, hi: 0x9e},
-	{value: 0x45d6, lo: 0x9f, hi: 0x9f},
-	{value: 0x460a, lo: 0xa0, hi: 0xa0},
-	{value: 0x4618, lo: 0xa1, hi: 0xa1},
-	{value: 0x4626, lo: 0xa2, hi: 0xa2},
-	{value: 0x4634, lo: 0xa3, hi: 0xa3},
-	{value: 0x4642, lo: 0xa4, hi: 0xa4},
-	{value: 0x812b, lo: 0xa5, hi: 0xa6},
-	{value: 0x8101, lo: 0xa7, hi: 0xa9},
-	{value: 0x8130, lo: 0xad, hi: 0xad},
-	{value: 0x812b, lo: 0xae, hi: 0xb2},
-	{value: 0x812d, lo: 0xbb, hi: 0xbf},
-	// Block 0x8e, offset 0x291
-	{value: 0x0000, lo: 0x09},
-	{value: 0x812d, lo: 0x80, hi: 0x82},
-	{value: 0x8132, lo: 0x85, hi: 0x89},
-	{value: 0x812d, lo: 0x8a, hi: 0x8b},
-	{value: 0x8132, lo: 0xaa, hi: 0xad},
-	{value: 0x45e0, lo: 0xbb, hi: 0xbb},
-	{value: 0x45ea, lo: 0xbc, hi: 0xbc},
-	{value: 0x4650, lo: 0xbd, hi: 0xbd},
-	{value: 0x466c, lo: 0xbe, hi: 0xbe},
-	{value: 0x465e, lo: 0xbf, hi: 0xbf},
-	// Block 0x8f, offset 0x29b
-	{value: 0x0000, lo: 0x01},
-	{value: 0x467a, lo: 0x80, hi: 0x80},
-	// Block 0x90, offset 0x29d
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8132, lo: 0x82, hi: 0x84},
-	// Block 0x91, offset 0x29f
-	{value: 0x0000, lo: 0x05},
-	{value: 0x8132, lo: 0x80, hi: 0x86},
-	{value: 0x8132, lo: 0x88, hi: 0x98},
-	{value: 0x8132, lo: 0x9b, hi: 0xa1},
-	{value: 0x8132, lo: 0xa3, hi: 0xa4},
-	{value: 0x8132, lo: 0xa6, hi: 0xaa},
-	// Block 0x92, offset 0x2a5
-	{value: 0x0000, lo: 0x01},
-	{value: 0x812d, lo: 0x90, hi: 0x96},
-	// Block 0x93, offset 0x2a7
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8132, lo: 0x84, hi: 0x89},
-	{value: 0x8102, lo: 0x8a, hi: 0x8a},
-	// Block 0x94, offset 0x2aa
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8100, lo: 0x93, hi: 0x93},
-}
-
-// lookup returns the trie value for the first UTF-8 encoding in s and
-// the width in bytes of this encoding. The size will be 0 if s does not
-// hold enough bytes to complete the encoding. len(s) must be greater than 0.
-func (t *nfkcTrie) lookup(s []byte) (v uint16, sz int) {
-	c0 := s[0]
-	switch {
-	case c0 < 0x80: // is ASCII
-		return nfkcValues[c0], 1
-	case c0 < 0xC2:
-		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
-	case c0 < 0xE0: // 2-byte UTF-8
-		if len(s) < 2 {
-			return 0, 0
-		}
-		i := nfkcIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c1), 2
-	case c0 < 0xF0: // 3-byte UTF-8
-		if len(s) < 3 {
-			return 0, 0
-		}
-		i := nfkcIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		o := uint32(i)<<6 + uint32(c1)
-		i = nfkcIndex[o]
-		c2 := s[2]
-		if c2 < 0x80 || 0xC0 <= c2 {
-			return 0, 2 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c2), 3
-	case c0 < 0xF8: // 4-byte UTF-8
-		if len(s) < 4 {
-			return 0, 0
-		}
-		i := nfkcIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		o := uint32(i)<<6 + uint32(c1)
-		i = nfkcIndex[o]
-		c2 := s[2]
-		if c2 < 0x80 || 0xC0 <= c2 {
-			return 0, 2 // Illegal UTF-8: not a continuation byte.
-		}
-		o = uint32(i)<<6 + uint32(c2)
-		i = nfkcIndex[o]
-		c3 := s[3]
-		if c3 < 0x80 || 0xC0 <= c3 {
-			return 0, 3 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c3), 4
-	}
-	// Illegal rune
-	return 0, 1
-}
-
-// lookupUnsafe returns the trie value for the first UTF-8 encoding in s.
-// s must start with a full and valid UTF-8 encoded rune.
-func (t *nfkcTrie) lookupUnsafe(s []byte) uint16 {
-	c0 := s[0]
-	if c0 < 0x80 { // is ASCII
-		return nfkcValues[c0]
-	}
-	i := nfkcIndex[c0]
-	if c0 < 0xE0 { // 2-byte UTF-8
-		return t.lookupValue(uint32(i), s[1])
-	}
-	i = nfkcIndex[uint32(i)<<6+uint32(s[1])]
-	if c0 < 0xF0 { // 3-byte UTF-8
-		return t.lookupValue(uint32(i), s[2])
-	}
-	i = nfkcIndex[uint32(i)<<6+uint32(s[2])]
-	if c0 < 0xF8 { // 4-byte UTF-8
-		return t.lookupValue(uint32(i), s[3])
-	}
-	return 0
-}
-
-// lookupString returns the trie value for the first UTF-8 encoding in s and
-// the width in bytes of this encoding. The size will be 0 if s does not
-// hold enough bytes to complete the encoding. len(s) must be greater than 0.
-func (t *nfkcTrie) lookupString(s string) (v uint16, sz int) {
-	c0 := s[0]
-	switch {
-	case c0 < 0x80: // is ASCII
-		return nfkcValues[c0], 1
-	case c0 < 0xC2:
-		return 0, 1 // Illegal UTF-8: not a starter, not ASCII.
-	case c0 < 0xE0: // 2-byte UTF-8
-		if len(s) < 2 {
-			return 0, 0
-		}
-		i := nfkcIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c1), 2
-	case c0 < 0xF0: // 3-byte UTF-8
-		if len(s) < 3 {
-			return 0, 0
-		}
-		i := nfkcIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		o := uint32(i)<<6 + uint32(c1)
-		i = nfkcIndex[o]
-		c2 := s[2]
-		if c2 < 0x80 || 0xC0 <= c2 {
-			return 0, 2 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c2), 3
-	case c0 < 0xF8: // 4-byte UTF-8
-		if len(s) < 4 {
-			return 0, 0
-		}
-		i := nfkcIndex[c0]
-		c1 := s[1]
-		if c1 < 0x80 || 0xC0 <= c1 {
-			return 0, 1 // Illegal UTF-8: not a continuation byte.
-		}
-		o := uint32(i)<<6 + uint32(c1)
-		i = nfkcIndex[o]
-		c2 := s[2]
-		if c2 < 0x80 || 0xC0 <= c2 {
-			return 0, 2 // Illegal UTF-8: not a continuation byte.
-		}
-		o = uint32(i)<<6 + uint32(c2)
-		i = nfkcIndex[o]
-		c3 := s[3]
-		if c3 < 0x80 || 0xC0 <= c3 {
-			return 0, 3 // Illegal UTF-8: not a continuation byte.
-		}
-		return t.lookupValue(uint32(i), c3), 4
-	}
-	// Illegal rune
-	return 0, 1
-}
-
-// lookupStringUnsafe returns the trie value for the first UTF-8 encoding in s.
-// s must start with a full and valid UTF-8 encoded rune.
-func (t *nfkcTrie) lookupStringUnsafe(s string) uint16 {
-	c0 := s[0]
-	if c0 < 0x80 { // is ASCII
-		return nfkcValues[c0]
-	}
-	i := nfkcIndex[c0]
-	if c0 < 0xE0 { // 2-byte UTF-8
-		return t.lookupValue(uint32(i), s[1])
-	}
-	i = nfkcIndex[uint32(i)<<6+uint32(s[1])]
-	if c0 < 0xF0 { // 3-byte UTF-8
-		return t.lookupValue(uint32(i), s[2])
-	}
-	i = nfkcIndex[uint32(i)<<6+uint32(s[2])]
-	if c0 < 0xF8 { // 4-byte UTF-8
-		return t.lookupValue(uint32(i), s[3])
-	}
-	return 0
-}
-
-// nfkcTrie. Total size: 17248 bytes (16.84 KiB). Checksum: 4fb368372b6b1b27.
-type nfkcTrie struct{}
-
-func newNfkcTrie(i int) *nfkcTrie {
-	return &nfkcTrie{}
-}
-
-// lookupValue determines the type of block n and looks up the value for b.
-func (t *nfkcTrie) lookupValue(n uint32, b byte) uint16 {
-	switch {
-	case n < 92:
-		return uint16(nfkcValues[n<<6+uint32(b)])
-	default:
-		n -= 92
-		return uint16(nfkcSparse.lookup(n, b))
-	}
-}
-
-// nfkcValues: 94 blocks, 6016 entries, 12032 bytes
-// The third block is the zero block.
-var nfkcValues = [6016]uint16{
-	// Block 0x0, offset 0x0
-	0x3c: 0xa000, 0x3d: 0xa000, 0x3e: 0xa000,
-	// Block 0x1, offset 0x40
-	0x41: 0xa000, 0x42: 0xa000, 0x43: 0xa000, 0x44: 0xa000, 0x45: 0xa000,
-	0x46: 0xa000, 0x47: 0xa000, 0x48: 0xa000, 0x49: 0xa000, 0x4a: 0xa000, 0x4b: 0xa000,
-	0x4c: 0xa000, 0x4d: 0xa000, 0x4e: 0xa000, 0x4f: 0xa000, 0x50: 0xa000,
-	0x52: 0xa000, 0x53: 0xa000, 0x54: 0xa000, 0x55: 0xa000, 0x56: 0xa000, 0x57: 0xa000,
-	0x58: 0xa000, 0x59: 0xa000, 0x5a: 0xa000,
-	0x61: 0xa000, 0x62: 0xa000, 0x63: 0xa000,
-	0x64: 0xa000, 0x65: 0xa000, 0x66: 0xa000, 0x67: 0xa000, 0x68: 0xa000, 0x69: 0xa000,
-	0x6a: 0xa000, 0x6b: 0xa000, 0x6c: 0xa000, 0x6d: 0xa000, 0x6e: 0xa000, 0x6f: 0xa000,
-	0x70: 0xa000, 0x72: 0xa000, 0x73: 0xa000, 0x74: 0xa000, 0x75: 0xa000,
-	0x76: 0xa000, 0x77: 0xa000, 0x78: 0xa000, 0x79: 0xa000, 0x7a: 0xa000,
-	// Block 0x2, offset 0x80
-	// Block 0x3, offset 0xc0
-	0xc0: 0x2f6f, 0xc1: 0x2f74, 0xc2: 0x4688, 0xc3: 0x2f79, 0xc4: 0x4697, 0xc5: 0x469c,
-	0xc6: 0xa000, 0xc7: 0x46a6, 0xc8: 0x2fe2, 0xc9: 0x2fe7, 0xca: 0x46ab, 0xcb: 0x2ffb,
-	0xcc: 0x306e, 0xcd: 0x3073, 0xce: 0x3078, 0xcf: 0x46bf, 0xd1: 0x3104,
-	0xd2: 0x3127, 0xd3: 0x312c, 0xd4: 0x46c9, 0xd5: 0x46ce, 0xd6: 0x46dd,
-	0xd8: 0xa000, 0xd9: 0x31b3, 0xda: 0x31b8, 0xdb: 0x31bd, 0xdc: 0x470f, 0xdd: 0x3235,
-	0xe0: 0x327b, 0xe1: 0x3280, 0xe2: 0x4719, 0xe3: 0x3285,
-	0xe4: 0x4728, 0xe5: 0x472d, 0xe6: 0xa000, 0xe7: 0x4737, 0xe8: 0x32ee, 0xe9: 0x32f3,
-	0xea: 0x473c, 0xeb: 0x3307, 0xec: 0x337f, 0xed: 0x3384, 0xee: 0x3389, 0xef: 0x4750,
-	0xf1: 0x3415, 0xf2: 0x3438, 0xf3: 0x343d, 0xf4: 0x475a, 0xf5: 0x475f,
-	0xf6: 0x476e, 0xf8: 0xa000, 0xf9: 0x34c9, 0xfa: 0x34ce, 0xfb: 0x34d3,
-	0xfc: 0x47a0, 0xfd: 0x3550, 0xff: 0x3569,
-	// Block 0x4, offset 0x100
-	0x100: 0x2f7e, 0x101: 0x328a, 0x102: 0x468d, 0x103: 0x471e, 0x104: 0x2f9c, 0x105: 0x32a8,
-	0x106: 0x2fb0, 0x107: 0x32bc, 0x108: 0x2fb5, 0x109: 0x32c1, 0x10a: 0x2fba, 0x10b: 0x32c6,
-	0x10c: 0x2fbf, 0x10d: 0x32cb, 0x10e: 0x2fc9, 0x10f: 0x32d5,
-	0x112: 0x46b0, 0x113: 0x4741, 0x114: 0x2ff1, 0x115: 0x32fd, 0x116: 0x2ff6, 0x117: 0x3302,
-	0x118: 0x3014, 0x119: 0x3320, 0x11a: 0x3005, 0x11b: 0x3311, 0x11c: 0x302d, 0x11d: 0x3339,
-	0x11e: 0x3037, 0x11f: 0x3343, 0x120: 0x303c, 0x121: 0x3348, 0x122: 0x3046, 0x123: 0x3352,
-	0x124: 0x304b, 0x125: 0x3357, 0x128: 0x307d, 0x129: 0x338e,
-	0x12a: 0x3082, 0x12b: 0x3393, 0x12c: 0x3087, 0x12d: 0x3398, 0x12e: 0x30aa, 0x12f: 0x33b6,
-	0x130: 0x308c, 0x132: 0x195d, 0x133: 0x19e7, 0x134: 0x30b4, 0x135: 0x33c0,
-	0x136: 0x30c8, 0x137: 0x33d9, 0x139: 0x30d2, 0x13a: 0x33e3, 0x13b: 0x30dc,
-	0x13c: 0x33ed, 0x13d: 0x30d7, 0x13e: 0x33e8, 0x13f: 0x1bac,
-	// Block 0x5, offset 0x140
-	0x140: 0x1c34, 0x143: 0x30ff, 0x144: 0x3410, 0x145: 0x3118,
-	0x146: 0x3429, 0x147: 0x310e, 0x148: 0x341f, 0x149: 0x1c5c,
-	0x14c: 0x46d3, 0x14d: 0x4764, 0x14e: 0x3131, 0x14f: 0x3442, 0x150: 0x313b, 0x151: 0x344c,
-	0x154: 0x3159, 0x155: 0x346a, 0x156: 0x3172, 0x157: 0x3483,
-	0x158: 0x3163, 0x159: 0x3474, 0x15a: 0x46f6, 0x15b: 0x4787, 0x15c: 0x317c, 0x15d: 0x348d,
-	0x15e: 0x318b, 0x15f: 0x349c, 0x160: 0x46fb, 0x161: 0x478c, 0x162: 0x31a4, 0x163: 0x34ba,
-	0x164: 0x3195, 0x165: 0x34ab, 0x168: 0x4705, 0x169: 0x4796,
-	0x16a: 0x470a, 0x16b: 0x479b, 0x16c: 0x31c2, 0x16d: 0x34d8, 0x16e: 0x31cc, 0x16f: 0x34e2,
-	0x170: 0x31d1, 0x171: 0x34e7, 0x172: 0x31ef, 0x173: 0x3505, 0x174: 0x3212, 0x175: 0x3528,
-	0x176: 0x323a, 0x177: 0x3555, 0x178: 0x324e, 0x179: 0x325d, 0x17a: 0x357d, 0x17b: 0x3267,
-	0x17c: 0x3587, 0x17d: 0x326c, 0x17e: 0x358c, 0x17f: 0x00a7,
-	// Block 0x6, offset 0x180
-	0x184: 0x2dee, 0x185: 0x2df4,
-	0x186: 0x2dfa, 0x187: 0x1972, 0x188: 0x1975, 0x189: 0x1a08, 0x18a: 0x1987, 0x18b: 0x198a,
-	0x18c: 0x1a3e, 0x18d: 0x2f88, 0x18e: 0x3294, 0x18f: 0x3096, 0x190: 0x33a2, 0x191: 0x3140,
-	0x192: 0x3451, 0x193: 0x31d6, 0x194: 0x34ec, 0x195: 0x39cf, 0x196: 0x3b5e, 0x197: 0x39c8,
-	0x198: 0x3b57, 0x199: 0x39d6, 0x19a: 0x3b65, 0x19b: 0x39c1, 0x19c: 0x3b50,
-	0x19e: 0x38b0, 0x19f: 0x3a3f, 0x1a0: 0x38a9, 0x1a1: 0x3a38, 0x1a2: 0x35b3, 0x1a3: 0x35c5,
-	0x1a6: 0x3041, 0x1a7: 0x334d, 0x1a8: 0x30be, 0x1a9: 0x33cf,
-	0x1aa: 0x46ec, 0x1ab: 0x477d, 0x1ac: 0x3990, 0x1ad: 0x3b1f, 0x1ae: 0x35d7, 0x1af: 0x35dd,
-	0x1b0: 0x33c5, 0x1b1: 0x1942, 0x1b2: 0x1945, 0x1b3: 0x19cf, 0x1b4: 0x3028, 0x1b5: 0x3334,
-	0x1b8: 0x30fa, 0x1b9: 0x340b, 0x1ba: 0x38b7, 0x1bb: 0x3a46,
-	0x1bc: 0x35ad, 0x1bd: 0x35bf, 0x1be: 0x35b9, 0x1bf: 0x35cb,
-	// Block 0x7, offset 0x1c0
-	0x1c0: 0x2f8d, 0x1c1: 0x3299, 0x1c2: 0x2f92, 0x1c3: 0x329e, 0x1c4: 0x300a, 0x1c5: 0x3316,
-	0x1c6: 0x300f, 0x1c7: 0x331b, 0x1c8: 0x309b, 0x1c9: 0x33a7, 0x1ca: 0x30a0, 0x1cb: 0x33ac,
-	0x1cc: 0x3145, 0x1cd: 0x3456, 0x1ce: 0x314a, 0x1cf: 0x345b, 0x1d0: 0x3168, 0x1d1: 0x3479,
-	0x1d2: 0x316d, 0x1d3: 0x347e, 0x1d4: 0x31db, 0x1d5: 0x34f1, 0x1d6: 0x31e0, 0x1d7: 0x34f6,
-	0x1d8: 0x3186, 0x1d9: 0x3497, 0x1da: 0x319f, 0x1db: 0x34b5,
-	0x1de: 0x305a, 0x1df: 0x3366,
-	0x1e6: 0x4692, 0x1e7: 0x4723, 0x1e8: 0x46ba, 0x1e9: 0x474b,
-	0x1ea: 0x395f, 0x1eb: 0x3aee, 0x1ec: 0x393c, 0x1ed: 0x3acb, 0x1ee: 0x46d8, 0x1ef: 0x4769,
-	0x1f0: 0x3958, 0x1f1: 0x3ae7, 0x1f2: 0x3244, 0x1f3: 0x355f,
-	// Block 0x8, offset 0x200
-	0x200: 0x9932, 0x201: 0x9932, 0x202: 0x9932, 0x203: 0x9932, 0x204: 0x9932, 0x205: 0x8132,
-	0x206: 0x9932, 0x207: 0x9932, 0x208: 0x9932, 0x209: 0x9932, 0x20a: 0x9932, 0x20b: 0x9932,
-	0x20c: 0x9932, 0x20d: 0x8132, 0x20e: 0x8132, 0x20f: 0x9932, 0x210: 0x8132, 0x211: 0x9932,
-	0x212: 0x8132, 0x213: 0x9932, 0x214: 0x9932, 0x215: 0x8133, 0x216: 0x812d, 0x217: 0x812d,
-	0x218: 0x812d, 0x219: 0x812d, 0x21a: 0x8133, 0x21b: 0x992b, 0x21c: 0x812d, 0x21d: 0x812d,
-	0x21e: 0x812d, 0x21f: 0x812d, 0x220: 0x812d, 0x221: 0x8129, 0x222: 0x8129, 0x223: 0x992d,
-	0x224: 0x992d, 0x225: 0x992d, 0x226: 0x992d, 0x227: 0x9929, 0x228: 0x9929, 0x229: 0x812d,
-	0x22a: 0x812d, 0x22b: 0x812d, 0x22c: 0x812d, 0x22d: 0x992d, 0x22e: 0x992d, 0x22f: 0x812d,
-	0x230: 0x992d, 0x231: 0x992d, 0x232: 0x812d, 0x233: 0x812d, 0x234: 0x8101, 0x235: 0x8101,
-	0x236: 0x8101, 0x237: 0x8101, 0x238: 0x9901, 0x239: 0x812d, 0x23a: 0x812d, 0x23b: 0x812d,
-	0x23c: 0x812d, 0x23d: 0x8132, 0x23e: 0x8132, 0x23f: 0x8132,
-	// Block 0x9, offset 0x240
-	0x240: 0x49ae, 0x241: 0x49b3, 0x242: 0x9932, 0x243: 0x49b8, 0x244: 0x4a71, 0x245: 0x9936,
-	0x246: 0x8132, 0x247: 0x812d, 0x248: 0x812d, 0x249: 0x812d, 0x24a: 0x8132, 0x24b: 0x8132,
-	0x24c: 0x8132, 0x24d: 0x812d, 0x24e: 0x812d, 0x250: 0x8132, 0x251: 0x8132,
-	0x252: 0x8132, 0x253: 0x812d, 0x254: 0x812d, 0x255: 0x812d, 0x256: 0x812d, 0x257: 0x8132,
-	0x258: 0x8133, 0x259: 0x812d, 0x25a: 0x812d, 0x25b: 0x8132, 0x25c: 0x8134, 0x25d: 0x8135,
-	0x25e: 0x8135, 0x25f: 0x8134, 0x260: 0x8135, 0x261: 0x8135, 0x262: 0x8134, 0x263: 0x8132,
-	0x264: 0x8132, 0x265: 0x8132, 0x266: 0x8132, 0x267: 0x8132, 0x268: 0x8132, 0x269: 0x8132,
-	0x26a: 0x8132, 0x26b: 0x8132, 0x26c: 0x8132, 0x26d: 0x8132, 0x26e: 0x8132, 0x26f: 0x8132,
-	0x274: 0x0170,
-	0x27a: 0x42a5,
-	0x27e: 0x0037,
-	// Block 0xa, offset 0x280
-	0x284: 0x425a, 0x285: 0x447b,
-	0x286: 0x35e9, 0x287: 0x00ce, 0x288: 0x3607, 0x289: 0x3613, 0x28a: 0x3625,
-	0x28c: 0x3643, 0x28e: 0x3655, 0x28f: 0x3673, 0x290: 0x3e08, 0x291: 0xa000,
-	0x295: 0xa000, 0x297: 0xa000,
-	0x299: 0xa000,
-	0x29f: 0xa000, 0x2a1: 0xa000,
-	0x2a5: 0xa000, 0x2a9: 0xa000,
-	0x2aa: 0x3637, 0x2ab: 0x3667, 0x2ac: 0x47fe, 0x2ad: 0x3697, 0x2ae: 0x4828, 0x2af: 0x36a9,
-	0x2b0: 0x3e70, 0x2b1: 0xa000, 0x2b5: 0xa000,
-	0x2b7: 0xa000, 0x2b9: 0xa000,
-	0x2bf: 0xa000,
-	// Block 0xb, offset 0x2c0
-	0x2c1: 0xa000, 0x2c5: 0xa000,
-	0x2c9: 0xa000, 0x2ca: 0x4840, 0x2cb: 0x485e,
-	0x2cc: 0x36c7, 0x2cd: 0x36df, 0x2ce: 0x4876, 0x2d0: 0x01be, 0x2d1: 0x01d0,
-	0x2d2: 0x01ac, 0x2d3: 0x430c, 0x2d4: 0x4312, 0x2d5: 0x01fa, 0x2d6: 0x01e8,
-	0x2f0: 0x01d6, 0x2f1: 0x01eb, 0x2f2: 0x01ee, 0x2f4: 0x0188, 0x2f5: 0x01c7,
-	0x2f9: 0x01a6,
-	// Block 0xc, offset 0x300
-	0x300: 0x3721, 0x301: 0x372d, 0x303: 0x371b,
-	0x306: 0xa000, 0x307: 0x3709,
-	0x30c: 0x375d, 0x30d: 0x3745, 0x30e: 0x376f, 0x310: 0xa000,
-	0x313: 0xa000, 0x315: 0xa000, 0x316: 0xa000, 0x317: 0xa000,
-	0x318: 0xa000, 0x319: 0x3751, 0x31a: 0xa000,
-	0x31e: 0xa000, 0x323: 0xa000,
-	0x327: 0xa000,
-	0x32b: 0xa000, 0x32d: 0xa000,
-	0x330: 0xa000, 0x333: 0xa000, 0x335: 0xa000,
-	0x336: 0xa000, 0x337: 0xa000, 0x338: 0xa000, 0x339: 0x37d5, 0x33a: 0xa000,
-	0x33e: 0xa000,
-	// Block 0xd, offset 0x340
-	0x341: 0x3733, 0x342: 0x37b7,
-	0x350: 0x370f, 0x351: 0x3793,
-	0x352: 0x3715, 0x353: 0x3799, 0x356: 0x3727, 0x357: 0x37ab,
-	0x358: 0xa000, 0x359: 0xa000, 0x35a: 0x3829, 0x35b: 0x382f, 0x35c: 0x3739, 0x35d: 0x37bd,
-	0x35e: 0x373f, 0x35f: 0x37c3, 0x362: 0x374b, 0x363: 0x37cf,
-	0x364: 0x3757, 0x365: 0x37db, 0x366: 0x3763, 0x367: 0x37e7, 0x368: 0xa000, 0x369: 0xa000,
-	0x36a: 0x3835, 0x36b: 0x383b, 0x36c: 0x378d, 0x36d: 0x3811, 0x36e: 0x3769, 0x36f: 0x37ed,
-	0x370: 0x3775, 0x371: 0x37f9, 0x372: 0x377b, 0x373: 0x37ff, 0x374: 0x3781, 0x375: 0x3805,
-	0x378: 0x3787, 0x379: 0x380b,
-	// Block 0xe, offset 0x380
-	0x387: 0x1d61,
-	0x391: 0x812d,
-	0x392: 0x8132, 0x393: 0x8132, 0x394: 0x8132, 0x395: 0x8132, 0x396: 0x812d, 0x397: 0x8132,
-	0x398: 0x8132, 0x399: 0x8132, 0x39a: 0x812e, 0x39b: 0x812d, 0x39c: 0x8132, 0x39d: 0x8132,
-	0x39e: 0x8132, 0x39f: 0x8132, 0x3a0: 0x8132, 0x3a1: 0x8132, 0x3a2: 0x812d, 0x3a3: 0x812d,
-	0x3a4: 0x812d, 0x3a5: 0x812d, 0x3a6: 0x812d, 0x3a7: 0x812d, 0x3a8: 0x8132, 0x3a9: 0x8132,
-	0x3aa: 0x812d, 0x3ab: 0x8132, 0x3ac: 0x8132, 0x3ad: 0x812e, 0x3ae: 0x8131, 0x3af: 0x8132,
-	0x3b0: 0x8105, 0x3b1: 0x8106, 0x3b2: 0x8107, 0x3b3: 0x8108, 0x3b4: 0x8109, 0x3b5: 0x810a,
-	0x3b6: 0x810b, 0x3b7: 0x810c, 0x3b8: 0x810d, 0x3b9: 0x810e, 0x3ba: 0x810e, 0x3bb: 0x810f,
-	0x3bc: 0x8110, 0x3bd: 0x8111, 0x3bf: 0x8112,
-	// Block 0xf, offset 0x3c0
-	0x3c8: 0xa000, 0x3ca: 0xa000, 0x3cb: 0x8116,
-	0x3cc: 0x8117, 0x3cd: 0x8118, 0x3ce: 0x8119, 0x3cf: 0x811a, 0x3d0: 0x811b, 0x3d1: 0x811c,
-	0x3d2: 0x811d, 0x3d3: 0x9932, 0x3d4: 0x9932, 0x3d5: 0x992d, 0x3d6: 0x812d, 0x3d7: 0x8132,
-	0x3d8: 0x8132, 0x3d9: 0x8132, 0x3da: 0x8132, 0x3db: 0x8132, 0x3dc: 0x812d, 0x3dd: 0x8132,
-	0x3de: 0x8132, 0x3df: 0x812d,
-	0x3f0: 0x811e, 0x3f5: 0x1d84,
-	0x3f6: 0x2013, 0x3f7: 0x204f, 0x3f8: 0x204a,
-	// Block 0x10, offset 0x400
-	0x413: 0x812d, 0x414: 0x8132, 0x415: 0x8132, 0x416: 0x8132, 0x417: 0x8132,
-	0x418: 0x8132, 0x419: 0x8132, 0x41a: 0x8132, 0x41b: 0x8132, 0x41c: 0x8132, 0x41d: 0x8132,
-	0x41e: 0x8132, 0x41f: 0x8132, 0x420: 0x8132, 0x421: 0x8132, 0x423: 0x812d,
-	0x424: 0x8132, 0x425: 0x8132, 0x426: 0x812d, 0x427: 0x8132, 0x428: 0x8132, 0x429: 0x812d,
-	0x42a: 0x8132, 0x42b: 0x8132, 0x42c: 0x8132, 0x42d: 0x812d, 0x42e: 0x812d, 0x42f: 0x812d,
-	0x430: 0x8116, 0x431: 0x8117, 0x432: 0x8118, 0x433: 0x8132, 0x434: 0x8132, 0x435: 0x8132,
-	0x436: 0x812d, 0x437: 0x8132, 0x438: 0x8132, 0x439: 0x812d, 0x43a: 0x812d, 0x43b: 0x8132,
-	0x43c: 0x8132, 0x43d: 0x8132, 0x43e: 0x8132, 0x43f: 0x8132,
-	// Block 0x11, offset 0x440
-	0x445: 0xa000,
-	0x446: 0x2d26, 0x447: 0xa000, 0x448: 0x2d2e, 0x449: 0xa000, 0x44a: 0x2d36, 0x44b: 0xa000,
-	0x44c: 0x2d3e, 0x44d: 0xa000, 0x44e: 0x2d46, 0x451: 0xa000,
-	0x452: 0x2d4e,
-	0x474: 0x8102, 0x475: 0x9900,
-	0x47a: 0xa000, 0x47b: 0x2d56,
-	0x47c: 0xa000, 0x47d: 0x2d5e, 0x47e: 0xa000, 0x47f: 0xa000,
-	// Block 0x12, offset 0x480
-	0x480: 0x0069, 0x481: 0x006b, 0x482: 0x006f, 0x483: 0x0083, 0x484: 0x00f5, 0x485: 0x00f8,
-	0x486: 0x0413, 0x487: 0x0085, 0x488: 0x0089, 0x489: 0x008b, 0x48a: 0x0104, 0x48b: 0x0107,
-	0x48c: 0x010a, 0x48d: 0x008f, 0x48f: 0x0097, 0x490: 0x009b, 0x491: 0x00e0,
-	0x492: 0x009f, 0x493: 0x00fe, 0x494: 0x0417, 0x495: 0x041b, 0x496: 0x00a1, 0x497: 0x00a9,
-	0x498: 0x00ab, 0x499: 0x0423, 0x49a: 0x012b, 0x49b: 0x00ad, 0x49c: 0x0427, 0x49d: 0x01be,
-	0x49e: 0x01c1, 0x49f: 0x01c4, 0x4a0: 0x01fa, 0x4a1: 0x01fd, 0x4a2: 0x0093, 0x4a3: 0x00a5,
-	0x4a4: 0x00ab, 0x4a5: 0x00ad, 0x4a6: 0x01be, 0x4a7: 0x01c1, 0x4a8: 0x01eb, 0x4a9: 0x01fa,
-	0x4aa: 0x01fd,
-	0x4b8: 0x020c,
-	// Block 0x13, offset 0x4c0
-	0x4db: 0x00fb, 0x4dc: 0x0087, 0x4dd: 0x0101,
-	0x4de: 0x00d4, 0x4df: 0x010a, 0x4e0: 0x008d, 0x4e1: 0x010d, 0x4e2: 0x0110, 0x4e3: 0x0116,
-	0x4e4: 0x011c, 0x4e5: 0x011f, 0x4e6: 0x0122, 0x4e7: 0x042b, 0x4e8: 0x016a, 0x4e9: 0x0128,
-	0x4ea: 0x042f, 0x4eb: 0x016d, 0x4ec: 0x0131, 0x4ed: 0x012e, 0x4ee: 0x0134, 0x4ef: 0x0137,
-	0x4f0: 0x013a, 0x4f1: 0x013d, 0x4f2: 0x0140, 0x4f3: 0x014c, 0x4f4: 0x014f, 0x4f5: 0x00ec,
-	0x4f6: 0x0152, 0x4f7: 0x0155, 0x4f8: 0x041f, 0x4f9: 0x0158, 0x4fa: 0x015b, 0x4fb: 0x00b5,
-	0x4fc: 0x015e, 0x4fd: 0x0161, 0x4fe: 0x0164, 0x4ff: 0x01d0,
-	// Block 0x14, offset 0x500
-	0x500: 0x8132, 0x501: 0x8132, 0x502: 0x812d, 0x503: 0x8132, 0x504: 0x8132, 0x505: 0x8132,
-	0x506: 0x8132, 0x507: 0x8132, 0x508: 0x8132, 0x509: 0x8132, 0x50a: 0x812d, 0x50b: 0x8132,
-	0x50c: 0x8132, 0x50d: 0x8135, 0x50e: 0x812a, 0x50f: 0x812d, 0x510: 0x8129, 0x511: 0x8132,
-	0x512: 0x8132, 0x513: 0x8132, 0x514: 0x8132, 0x515: 0x8132, 0x516: 0x8132, 0x517: 0x8132,
-	0x518: 0x8132, 0x519: 0x8132, 0x51a: 0x8132, 0x51b: 0x8132, 0x51c: 0x8132, 0x51d: 0x8132,
-	0x51e: 0x8132, 0x51f: 0x8132, 0x520: 0x8132, 0x521: 0x8132, 0x522: 0x8132, 0x523: 0x8132,
-	0x524: 0x8132, 0x525: 0x8132, 0x526: 0x8132, 0x527: 0x8132, 0x528: 0x8132, 0x529: 0x8132,
-	0x52a: 0x8132, 0x52b: 0x8132, 0x52c: 0x8132, 0x52d: 0x8132, 0x52e: 0x8132, 0x52f: 0x8132,
-	0x530: 0x8132, 0x531: 0x8132, 0x532: 0x8132, 0x533: 0x8132, 0x534: 0x8132, 0x535: 0x8132,
-	0x536: 0x8133, 0x537: 0x8131, 0x538: 0x8131, 0x539: 0x812d, 0x53b: 0x8132,
-	0x53c: 0x8134, 0x53d: 0x812d, 0x53e: 0x8132, 0x53f: 0x812d,
-	// Block 0x15, offset 0x540
-	0x540: 0x2f97, 0x541: 0x32a3, 0x542: 0x2fa1, 0x543: 0x32ad, 0x544: 0x2fa6, 0x545: 0x32b2,
-	0x546: 0x2fab, 0x547: 0x32b7, 0x548: 0x38cc, 0x549: 0x3a5b, 0x54a: 0x2fc4, 0x54b: 0x32d0,
-	0x54c: 0x2fce, 0x54d: 0x32da, 0x54e: 0x2fdd, 0x54f: 0x32e9, 0x550: 0x2fd3, 0x551: 0x32df,
-	0x552: 0x2fd8, 0x553: 0x32e4, 0x554: 0x38ef, 0x555: 0x3a7e, 0x556: 0x38f6, 0x557: 0x3a85,
-	0x558: 0x3019, 0x559: 0x3325, 0x55a: 0x301e, 0x55b: 0x332a, 0x55c: 0x3904, 0x55d: 0x3a93,
-	0x55e: 0x3023, 0x55f: 0x332f, 0x560: 0x3032, 0x561: 0x333e, 0x562: 0x3050, 0x563: 0x335c,
-	0x564: 0x305f, 0x565: 0x336b, 0x566: 0x3055, 0x567: 0x3361, 0x568: 0x3064, 0x569: 0x3370,
-	0x56a: 0x3069, 0x56b: 0x3375, 0x56c: 0x30af, 0x56d: 0x33bb, 0x56e: 0x390b, 0x56f: 0x3a9a,
-	0x570: 0x30b9, 0x571: 0x33ca, 0x572: 0x30c3, 0x573: 0x33d4, 0x574: 0x30cd, 0x575: 0x33de,
-	0x576: 0x46c4, 0x577: 0x4755, 0x578: 0x3912, 0x579: 0x3aa1, 0x57a: 0x30e6, 0x57b: 0x33f7,
-	0x57c: 0x30e1, 0x57d: 0x33f2, 0x57e: 0x30eb, 0x57f: 0x33fc,
-	// Block 0x16, offset 0x580
-	0x580: 0x30f0, 0x581: 0x3401, 0x582: 0x30f5, 0x583: 0x3406, 0x584: 0x3109, 0x585: 0x341a,
-	0x586: 0x3113, 0x587: 0x3424, 0x588: 0x3122, 0x589: 0x3433, 0x58a: 0x311d, 0x58b: 0x342e,
-	0x58c: 0x3935, 0x58d: 0x3ac4, 0x58e: 0x3943, 0x58f: 0x3ad2, 0x590: 0x394a, 0x591: 0x3ad9,
-	0x592: 0x3951, 0x593: 0x3ae0, 0x594: 0x314f, 0x595: 0x3460, 0x596: 0x3154, 0x597: 0x3465,
-	0x598: 0x315e, 0x599: 0x346f, 0x59a: 0x46f1, 0x59b: 0x4782, 0x59c: 0x3997, 0x59d: 0x3b26,
-	0x59e: 0x3177, 0x59f: 0x3488, 0x5a0: 0x3181, 0x5a1: 0x3492, 0x5a2: 0x4700, 0x5a3: 0x4791,
-	0x5a4: 0x399e, 0x5a5: 0x3b2d, 0x5a6: 0x39a5, 0x5a7: 0x3b34, 0x5a8: 0x39ac, 0x5a9: 0x3b3b,
-	0x5aa: 0x3190, 0x5ab: 0x34a1, 0x5ac: 0x319a, 0x5ad: 0x34b0, 0x5ae: 0x31ae, 0x5af: 0x34c4,
-	0x5b0: 0x31a9, 0x5b1: 0x34bf, 0x5b2: 0x31ea, 0x5b3: 0x3500, 0x5b4: 0x31f9, 0x5b5: 0x350f,
-	0x5b6: 0x31f4, 0x5b7: 0x350a, 0x5b8: 0x39b3, 0x5b9: 0x3b42, 0x5ba: 0x39ba, 0x5bb: 0x3b49,
-	0x5bc: 0x31fe, 0x5bd: 0x3514, 0x5be: 0x3203, 0x5bf: 0x3519,
-	// Block 0x17, offset 0x5c0
-	0x5c0: 0x3208, 0x5c1: 0x351e, 0x5c2: 0x320d, 0x5c3: 0x3523, 0x5c4: 0x321c, 0x5c5: 0x3532,
-	0x5c6: 0x3217, 0x5c7: 0x352d, 0x5c8: 0x3221, 0x5c9: 0x353c, 0x5ca: 0x3226, 0x5cb: 0x3541,
-	0x5cc: 0x322b, 0x5cd: 0x3546, 0x5ce: 0x3249, 0x5cf: 0x3564, 0x5d0: 0x3262, 0x5d1: 0x3582,
-	0x5d2: 0x3271, 0x5d3: 0x3591, 0x5d4: 0x3276, 0x5d5: 0x3596, 0x5d6: 0x337a, 0x5d7: 0x34a6,
-	0x5d8: 0x3537, 0x5d9: 0x3573, 0x5da: 0x1be0, 0x5db: 0x42d7,
-	0x5e0: 0x46a1, 0x5e1: 0x4732, 0x5e2: 0x2f83, 0x5e3: 0x328f,
-	0x5e4: 0x3878, 0x5e5: 0x3a07, 0x5e6: 0x3871, 0x5e7: 0x3a00, 0x5e8: 0x3886, 0x5e9: 0x3a15,
-	0x5ea: 0x387f, 0x5eb: 0x3a0e, 0x5ec: 0x38be, 0x5ed: 0x3a4d, 0x5ee: 0x3894, 0x5ef: 0x3a23,
-	0x5f0: 0x388d, 0x5f1: 0x3a1c, 0x5f2: 0x38a2, 0x5f3: 0x3a31, 0x5f4: 0x389b, 0x5f5: 0x3a2a,
-	0x5f6: 0x38c5, 0x5f7: 0x3a54, 0x5f8: 0x46b5, 0x5f9: 0x4746, 0x5fa: 0x3000, 0x5fb: 0x330c,
-	0x5fc: 0x2fec, 0x5fd: 0x32f8, 0x5fe: 0x38da, 0x5ff: 0x3a69,
-	// Block 0x18, offset 0x600
-	0x600: 0x38d3, 0x601: 0x3a62, 0x602: 0x38e8, 0x603: 0x3a77, 0x604: 0x38e1, 0x605: 0x3a70,
-	0x606: 0x38fd, 0x607: 0x3a8c, 0x608: 0x3091, 0x609: 0x339d, 0x60a: 0x30a5, 0x60b: 0x33b1,
-	0x60c: 0x46e7, 0x60d: 0x4778, 0x60e: 0x3136, 0x60f: 0x3447, 0x610: 0x3920, 0x611: 0x3aaf,
-	0x612: 0x3919, 0x613: 0x3aa8, 0x614: 0x392e, 0x615: 0x3abd, 0x616: 0x3927, 0x617: 0x3ab6,
-	0x618: 0x3989, 0x619: 0x3b18, 0x61a: 0x396d, 0x61b: 0x3afc, 0x61c: 0x3966, 0x61d: 0x3af5,
-	0x61e: 0x397b, 0x61f: 0x3b0a, 0x620: 0x3974, 0x621: 0x3b03, 0x622: 0x3982, 0x623: 0x3b11,
-	0x624: 0x31e5, 0x625: 0x34fb, 0x626: 0x31c7, 0x627: 0x34dd, 0x628: 0x39e4, 0x629: 0x3b73,
-	0x62a: 0x39dd, 0x62b: 0x3b6c, 0x62c: 0x39f2, 0x62d: 0x3b81, 0x62e: 0x39eb, 0x62f: 0x3b7a,
-	0x630: 0x39f9, 0x631: 0x3b88, 0x632: 0x3230, 0x633: 0x354b, 0x634: 0x3258, 0x635: 0x3578,
-	0x636: 0x3253, 0x637: 0x356e, 0x638: 0x323f, 0x639: 0x355a,
-	// Block 0x19, offset 0x640
-	0x640: 0x4804, 0x641: 0x480a, 0x642: 0x491e, 0x643: 0x4936, 0x644: 0x4926, 0x645: 0x493e,
-	0x646: 0x492e, 0x647: 0x4946, 0x648: 0x47aa, 0x649: 0x47b0, 0x64a: 0x488e, 0x64b: 0x48a6,
-	0x64c: 0x4896, 0x64d: 0x48ae, 0x64e: 0x489e, 0x64f: 0x48b6, 0x650: 0x4816, 0x651: 0x481c,
-	0x652: 0x3db8, 0x653: 0x3dc8, 0x654: 0x3dc0, 0x655: 0x3dd0,
-	0x658: 0x47b6, 0x659: 0x47bc, 0x65a: 0x3ce8, 0x65b: 0x3cf8, 0x65c: 0x3cf0, 0x65d: 0x3d00,
-	0x660: 0x482e, 0x661: 0x4834, 0x662: 0x494e, 0x663: 0x4966,
-	0x664: 0x4956, 0x665: 0x496e, 0x666: 0x495e, 0x667: 0x4976, 0x668: 0x47c2, 0x669: 0x47c8,
-	0x66a: 0x48be, 0x66b: 0x48d6, 0x66c: 0x48c6, 0x66d: 0x48de, 0x66e: 0x48ce, 0x66f: 0x48e6,
-	0x670: 0x4846, 0x671: 0x484c, 0x672: 0x3e18, 0x673: 0x3e30, 0x674: 0x3e20, 0x675: 0x3e38,
-	0x676: 0x3e28, 0x677: 0x3e40, 0x678: 0x47ce, 0x679: 0x47d4, 0x67a: 0x3d18, 0x67b: 0x3d30,
-	0x67c: 0x3d20, 0x67d: 0x3d38, 0x67e: 0x3d28, 0x67f: 0x3d40,
-	// Block 0x1a, offset 0x680
-	0x680: 0x4852, 0x681: 0x4858, 0x682: 0x3e48, 0x683: 0x3e58, 0x684: 0x3e50, 0x685: 0x3e60,
-	0x688: 0x47da, 0x689: 0x47e0, 0x68a: 0x3d48, 0x68b: 0x3d58,
-	0x68c: 0x3d50, 0x68d: 0x3d60, 0x690: 0x4864, 0x691: 0x486a,
-	0x692: 0x3e80, 0x693: 0x3e98, 0x694: 0x3e88, 0x695: 0x3ea0, 0x696: 0x3e90, 0x697: 0x3ea8,
-	0x699: 0x47e6, 0x69b: 0x3d68, 0x69d: 0x3d70,
-	0x69f: 0x3d78, 0x6a0: 0x487c, 0x6a1: 0x4882, 0x6a2: 0x497e, 0x6a3: 0x4996,
-	0x6a4: 0x4986, 0x6a5: 0x499e, 0x6a6: 0x498e, 0x6a7: 0x49a6, 0x6a8: 0x47ec, 0x6a9: 0x47f2,
-	0x6aa: 0x48ee, 0x6ab: 0x4906, 0x6ac: 0x48f6, 0x6ad: 0x490e, 0x6ae: 0x48fe, 0x6af: 0x4916,
-	0x6b0: 0x47f8, 0x6b1: 0x431e, 0x6b2: 0x3691, 0x6b3: 0x4324, 0x6b4: 0x4822, 0x6b5: 0x432a,
-	0x6b6: 0x36a3, 0x6b7: 0x4330, 0x6b8: 0x36c1, 0x6b9: 0x4336, 0x6ba: 0x36d9, 0x6bb: 0x433c,
-	0x6bc: 0x4870, 0x6bd: 0x4342,
-	// Block 0x1b, offset 0x6c0
-	0x6c0: 0x3da0, 0x6c1: 0x3da8, 0x6c2: 0x4184, 0x6c3: 0x41a2, 0x6c4: 0x418e, 0x6c5: 0x41ac,
-	0x6c6: 0x4198, 0x6c7: 0x41b6, 0x6c8: 0x3cd8, 0x6c9: 0x3ce0, 0x6ca: 0x40d0, 0x6cb: 0x40ee,
-	0x6cc: 0x40da, 0x6cd: 0x40f8, 0x6ce: 0x40e4, 0x6cf: 0x4102, 0x6d0: 0x3de8, 0x6d1: 0x3df0,
-	0x6d2: 0x41c0, 0x6d3: 0x41de, 0x6d4: 0x41ca, 0x6d5: 0x41e8, 0x6d6: 0x41d4, 0x6d7: 0x41f2,
-	0x6d8: 0x3d08, 0x6d9: 0x3d10, 0x6da: 0x410c, 0x6db: 0x412a, 0x6dc: 0x4116, 0x6dd: 0x4134,
-	0x6de: 0x4120, 0x6df: 0x413e, 0x6e0: 0x3ec0, 0x6e1: 0x3ec8, 0x6e2: 0x41fc, 0x6e3: 0x421a,
-	0x6e4: 0x4206, 0x6e5: 0x4224, 0x6e6: 0x4210, 0x6e7: 0x422e, 0x6e8: 0x3d80, 0x6e9: 0x3d88,
-	0x6ea: 0x4148, 0x6eb: 0x4166, 0x6ec: 0x4152, 0x6ed: 0x4170, 0x6ee: 0x415c, 0x6ef: 0x417a,
-	0x6f0: 0x3685, 0x6f1: 0x367f, 0x6f2: 0x3d90, 0x6f3: 0x368b, 0x6f4: 0x3d98,
-	0x6f6: 0x4810, 0x6f7: 0x3db0, 0x6f8: 0x35f5, 0x6f9: 0x35ef, 0x6fa: 0x35e3, 0x6fb: 0x42ee,
-	0x6fc: 0x35fb, 0x6fd: 0x4287, 0x6fe: 0x01d3, 0x6ff: 0x4287,
-	// Block 0x1c, offset 0x700
-	0x700: 0x42a0, 0x701: 0x4482, 0x702: 0x3dd8, 0x703: 0x369d, 0x704: 0x3de0,
-	0x706: 0x483a, 0x707: 0x3df8, 0x708: 0x3601, 0x709: 0x42f4, 0x70a: 0x360d, 0x70b: 0x42fa,
-	0x70c: 0x3619, 0x70d: 0x4489, 0x70e: 0x4490, 0x70f: 0x4497, 0x710: 0x36b5, 0x711: 0x36af,
-	0x712: 0x3e00, 0x713: 0x44e4, 0x716: 0x36bb, 0x717: 0x3e10,
-	0x718: 0x3631, 0x719: 0x362b, 0x71a: 0x361f, 0x71b: 0x4300, 0x71d: 0x449e,
-	0x71e: 0x44a5, 0x71f: 0x44ac, 0x720: 0x36eb, 0x721: 0x36e5, 0x722: 0x3e68, 0x723: 0x44ec,
-	0x724: 0x36cd, 0x725: 0x36d3, 0x726: 0x36f1, 0x727: 0x3e78, 0x728: 0x3661, 0x729: 0x365b,
-	0x72a: 0x364f, 0x72b: 0x430c, 0x72c: 0x3649, 0x72d: 0x4474, 0x72e: 0x447b, 0x72f: 0x0081,
-	0x732: 0x3eb0, 0x733: 0x36f7, 0x734: 0x3eb8,
-	0x736: 0x4888, 0x737: 0x3ed0, 0x738: 0x363d, 0x739: 0x4306, 0x73a: 0x366d, 0x73b: 0x4318,
-	0x73c: 0x3679, 0x73d: 0x425a, 0x73e: 0x428c,
-	// Block 0x1d, offset 0x740
-	0x740: 0x1bd8, 0x741: 0x1bdc, 0x742: 0x0047, 0x743: 0x1c54, 0x745: 0x1be8,
-	0x746: 0x1bec, 0x747: 0x00e9, 0x749: 0x1c58, 0x74a: 0x008f, 0x74b: 0x0051,
-	0x74c: 0x0051, 0x74d: 0x0051, 0x74e: 0x0091, 0x74f: 0x00da, 0x750: 0x0053, 0x751: 0x0053,
-	0x752: 0x0059, 0x753: 0x0099, 0x755: 0x005d, 0x756: 0x198d,
-	0x759: 0x0061, 0x75a: 0x0063, 0x75b: 0x0065, 0x75c: 0x0065, 0x75d: 0x0065,
-	0x760: 0x199f, 0x761: 0x1bc8, 0x762: 0x19a8,
-	0x764: 0x0075, 0x766: 0x01b8, 0x768: 0x0075,
-	0x76a: 0x0057, 0x76b: 0x42d2, 0x76c: 0x0045, 0x76d: 0x0047, 0x76f: 0x008b,
-	0x770: 0x004b, 0x771: 0x004d, 0x773: 0x005b, 0x774: 0x009f, 0x775: 0x0215,
-	0x776: 0x0218, 0x777: 0x021b, 0x778: 0x021e, 0x779: 0x0093, 0x77b: 0x1b98,
-	0x77c: 0x01e8, 0x77d: 0x01c1, 0x77e: 0x0179, 0x77f: 0x01a0,
-	// Block 0x1e, offset 0x780
-	0x780: 0x0463, 0x785: 0x0049,
-	0x786: 0x0089, 0x787: 0x008b, 0x788: 0x0093, 0x789: 0x0095,
-	0x790: 0x222e, 0x791: 0x223a,
-	0x792: 0x22ee, 0x793: 0x2216, 0x794: 0x229a, 0x795: 0x2222, 0x796: 0x22a0, 0x797: 0x22b8,
-	0x798: 0x22c4, 0x799: 0x2228, 0x79a: 0x22ca, 0x79b: 0x2234, 0x79c: 0x22be, 0x79d: 0x22d0,
-	0x79e: 0x22d6, 0x79f: 0x1cbc, 0x7a0: 0x0053, 0x7a1: 0x195a, 0x7a2: 0x1ba4, 0x7a3: 0x1963,
-	0x7a4: 0x006d, 0x7a5: 0x19ab, 0x7a6: 0x1bd0, 0x7a7: 0x1d48, 0x7a8: 0x1966, 0x7a9: 0x0071,
-	0x7aa: 0x19b7, 0x7ab: 0x1bd4, 0x7ac: 0x0059, 0x7ad: 0x0047, 0x7ae: 0x0049, 0x7af: 0x005b,
-	0x7b0: 0x0093, 0x7b1: 0x19e4, 0x7b2: 0x1c18, 0x7b3: 0x19ed, 0x7b4: 0x00ad, 0x7b5: 0x1a62,
-	0x7b6: 0x1c4c, 0x7b7: 0x1d5c, 0x7b8: 0x19f0, 0x7b9: 0x00b1, 0x7ba: 0x1a65, 0x7bb: 0x1c50,
-	0x7bc: 0x0099, 0x7bd: 0x0087, 0x7be: 0x0089, 0x7bf: 0x009b,
-	// Block 0x1f, offset 0x7c0
-	0x7c1: 0x3c06, 0x7c3: 0xa000, 0x7c4: 0x3c0d, 0x7c5: 0xa000,
-	0x7c7: 0x3c14, 0x7c8: 0xa000, 0x7c9: 0x3c1b,
-	0x7cd: 0xa000,
-	0x7e0: 0x2f65, 0x7e1: 0xa000, 0x7e2: 0x3c29,
-	0x7e4: 0xa000, 0x7e5: 0xa000,
-	0x7ed: 0x3c22, 0x7ee: 0x2f60, 0x7ef: 0x2f6a,
-	0x7f0: 0x3c30, 0x7f1: 0x3c37, 0x7f2: 0xa000, 0x7f3: 0xa000, 0x7f4: 0x3c3e, 0x7f5: 0x3c45,
-	0x7f6: 0xa000, 0x7f7: 0xa000, 0x7f8: 0x3c4c, 0x7f9: 0x3c53, 0x7fa: 0xa000, 0x7fb: 0xa000,
-	0x7fc: 0xa000, 0x7fd: 0xa000,
-	// Block 0x20, offset 0x800
-	0x800: 0x3c5a, 0x801: 0x3c61, 0x802: 0xa000, 0x803: 0xa000, 0x804: 0x3c76, 0x805: 0x3c7d,
-	0x806: 0xa000, 0x807: 0xa000, 0x808: 0x3c84, 0x809: 0x3c8b,
-	0x811: 0xa000,
-	0x812: 0xa000,
-	0x822: 0xa000,
-	0x828: 0xa000, 0x829: 0xa000,
-	0x82b: 0xa000, 0x82c: 0x3ca0, 0x82d: 0x3ca7, 0x82e: 0x3cae, 0x82f: 0x3cb5,
-	0x832: 0xa000, 0x833: 0xa000, 0x834: 0xa000, 0x835: 0xa000,
-	// Block 0x21, offset 0x840
-	0x860: 0x0023, 0x861: 0x0025, 0x862: 0x0027, 0x863: 0x0029,
-	0x864: 0x002b, 0x865: 0x002d, 0x866: 0x002f, 0x867: 0x0031, 0x868: 0x0033, 0x869: 0x1882,
-	0x86a: 0x1885, 0x86b: 0x1888, 0x86c: 0x188b, 0x86d: 0x188e, 0x86e: 0x1891, 0x86f: 0x1894,
-	0x870: 0x1897, 0x871: 0x189a, 0x872: 0x189d, 0x873: 0x18a6, 0x874: 0x1a68, 0x875: 0x1a6c,
-	0x876: 0x1a70, 0x877: 0x1a74, 0x878: 0x1a78, 0x879: 0x1a7c, 0x87a: 0x1a80, 0x87b: 0x1a84,
-	0x87c: 0x1a88, 0x87d: 0x1c80, 0x87e: 0x1c85, 0x87f: 0x1c8a,
-	// Block 0x22, offset 0x880
-	0x880: 0x1c8f, 0x881: 0x1c94, 0x882: 0x1c99, 0x883: 0x1c9e, 0x884: 0x1ca3, 0x885: 0x1ca8,
-	0x886: 0x1cad, 0x887: 0x1cb2, 0x888: 0x187f, 0x889: 0x18a3, 0x88a: 0x18c7, 0x88b: 0x18eb,
-	0x88c: 0x190f, 0x88d: 0x1918, 0x88e: 0x191e, 0x88f: 0x1924, 0x890: 0x192a, 0x891: 0x1b60,
-	0x892: 0x1b64, 0x893: 0x1b68, 0x894: 0x1b6c, 0x895: 0x1b70, 0x896: 0x1b74, 0x897: 0x1b78,
-	0x898: 0x1b7c, 0x899: 0x1b80, 0x89a: 0x1b84, 0x89b: 0x1b88, 0x89c: 0x1af4, 0x89d: 0x1af8,
-	0x89e: 0x1afc, 0x89f: 0x1b00, 0x8a0: 0x1b04, 0x8a1: 0x1b08, 0x8a2: 0x1b0c, 0x8a3: 0x1b10,
-	0x8a4: 0x1b14, 0x8a5: 0x1b18, 0x8a6: 0x1b1c, 0x8a7: 0x1b20, 0x8a8: 0x1b24, 0x8a9: 0x1b28,
-	0x8aa: 0x1b2c, 0x8ab: 0x1b30, 0x8ac: 0x1b34, 0x8ad: 0x1b38, 0x8ae: 0x1b3c, 0x8af: 0x1b40,
-	0x8b0: 0x1b44, 0x8b1: 0x1b48, 0x8b2: 0x1b4c, 0x8b3: 0x1b50, 0x8b4: 0x1b54, 0x8b5: 0x1b58,
-	0x8b6: 0x0043, 0x8b7: 0x0045, 0x8b8: 0x0047, 0x8b9: 0x0049, 0x8ba: 0x004b, 0x8bb: 0x004d,
-	0x8bc: 0x004f, 0x8bd: 0x0051, 0x8be: 0x0053, 0x8bf: 0x0055,
-	// Block 0x23, offset 0x8c0
-	0x8c0: 0x06bf, 0x8c1: 0x06e3, 0x8c2: 0x06ef, 0x8c3: 0x06ff, 0x8c4: 0x0707, 0x8c5: 0x0713,
-	0x8c6: 0x071b, 0x8c7: 0x0723, 0x8c8: 0x072f, 0x8c9: 0x0783, 0x8ca: 0x079b, 0x8cb: 0x07ab,
-	0x8cc: 0x07bb, 0x8cd: 0x07cb, 0x8ce: 0x07db, 0x8cf: 0x07fb, 0x8d0: 0x07ff, 0x8d1: 0x0803,
-	0x8d2: 0x0837, 0x8d3: 0x085f, 0x8d4: 0x086f, 0x8d5: 0x0877, 0x8d6: 0x087b, 0x8d7: 0x0887,
-	0x8d8: 0x08a3, 0x8d9: 0x08a7, 0x8da: 0x08bf, 0x8db: 0x08c3, 0x8dc: 0x08cb, 0x8dd: 0x08db,
-	0x8de: 0x0977, 0x8df: 0x098b, 0x8e0: 0x09cb, 0x8e1: 0x09df, 0x8e2: 0x09e7, 0x8e3: 0x09eb,
-	0x8e4: 0x09fb, 0x8e5: 0x0a17, 0x8e6: 0x0a43, 0x8e7: 0x0a4f, 0x8e8: 0x0a6f, 0x8e9: 0x0a7b,
-	0x8ea: 0x0a7f, 0x8eb: 0x0a83, 0x8ec: 0x0a9b, 0x8ed: 0x0a9f, 0x8ee: 0x0acb, 0x8ef: 0x0ad7,
-	0x8f0: 0x0adf, 0x8f1: 0x0ae7, 0x8f2: 0x0af7, 0x8f3: 0x0aff, 0x8f4: 0x0b07, 0x8f5: 0x0b33,
-	0x8f6: 0x0b37, 0x8f7: 0x0b3f, 0x8f8: 0x0b43, 0x8f9: 0x0b4b, 0x8fa: 0x0b53, 0x8fb: 0x0b63,
-	0x8fc: 0x0b7f, 0x8fd: 0x0bf7, 0x8fe: 0x0c0b, 0x8ff: 0x0c0f,
-	// Block 0x24, offset 0x900
-	0x900: 0x0c8f, 0x901: 0x0c93, 0x902: 0x0ca7, 0x903: 0x0cab, 0x904: 0x0cb3, 0x905: 0x0cbb,
-	0x906: 0x0cc3, 0x907: 0x0ccf, 0x908: 0x0cf7, 0x909: 0x0d07, 0x90a: 0x0d1b, 0x90b: 0x0d8b,
-	0x90c: 0x0d97, 0x90d: 0x0da7, 0x90e: 0x0db3, 0x90f: 0x0dbf, 0x910: 0x0dc7, 0x911: 0x0dcb,
-	0x912: 0x0dcf, 0x913: 0x0dd3, 0x914: 0x0dd7, 0x915: 0x0e8f, 0x916: 0x0ed7, 0x917: 0x0ee3,
-	0x918: 0x0ee7, 0x919: 0x0eeb, 0x91a: 0x0eef, 0x91b: 0x0ef7, 0x91c: 0x0efb, 0x91d: 0x0f0f,
-	0x91e: 0x0f2b, 0x91f: 0x0f33, 0x920: 0x0f73, 0x921: 0x0f77, 0x922: 0x0f7f, 0x923: 0x0f83,
-	0x924: 0x0f8b, 0x925: 0x0f8f, 0x926: 0x0fb3, 0x927: 0x0fb7, 0x928: 0x0fd3, 0x929: 0x0fd7,
-	0x92a: 0x0fdb, 0x92b: 0x0fdf, 0x92c: 0x0ff3, 0x92d: 0x1017, 0x92e: 0x101b, 0x92f: 0x101f,
-	0x930: 0x1043, 0x931: 0x1083, 0x932: 0x1087, 0x933: 0x10a7, 0x934: 0x10b7, 0x935: 0x10bf,
-	0x936: 0x10df, 0x937: 0x1103, 0x938: 0x1147, 0x939: 0x114f, 0x93a: 0x1163, 0x93b: 0x116f,
-	0x93c: 0x1177, 0x93d: 0x117f, 0x93e: 0x1183, 0x93f: 0x1187,
-	// Block 0x25, offset 0x940
-	0x940: 0x119f, 0x941: 0x11a3, 0x942: 0x11bf, 0x943: 0x11c7, 0x944: 0x11cf, 0x945: 0x11d3,
-	0x946: 0x11df, 0x947: 0x11e7, 0x948: 0x11eb, 0x949: 0x11ef, 0x94a: 0x11f7, 0x94b: 0x11fb,
-	0x94c: 0x129b, 0x94d: 0x12af, 0x94e: 0x12e3, 0x94f: 0x12e7, 0x950: 0x12ef, 0x951: 0x131b,
-	0x952: 0x1323, 0x953: 0x132b, 0x954: 0x1333, 0x955: 0x136f, 0x956: 0x1373, 0x957: 0x137b,
-	0x958: 0x137f, 0x959: 0x1383, 0x95a: 0x13af, 0x95b: 0x13b3, 0x95c: 0x13bb, 0x95d: 0x13cf,
-	0x95e: 0x13d3, 0x95f: 0x13ef, 0x960: 0x13f7, 0x961: 0x13fb, 0x962: 0x141f, 0x963: 0x143f,
-	0x964: 0x1453, 0x965: 0x1457, 0x966: 0x145f, 0x967: 0x148b, 0x968: 0x148f, 0x969: 0x149f,
-	0x96a: 0x14c3, 0x96b: 0x14cf, 0x96c: 0x14df, 0x96d: 0x14f7, 0x96e: 0x14ff, 0x96f: 0x1503,
-	0x970: 0x1507, 0x971: 0x150b, 0x972: 0x1517, 0x973: 0x151b, 0x974: 0x1523, 0x975: 0x153f,
-	0x976: 0x1543, 0x977: 0x1547, 0x978: 0x155f, 0x979: 0x1563, 0x97a: 0x156b, 0x97b: 0x157f,
-	0x97c: 0x1583, 0x97d: 0x1587, 0x97e: 0x158f, 0x97f: 0x1593,
-	// Block 0x26, offset 0x980
-	0x986: 0xa000, 0x98b: 0xa000,
-	0x98c: 0x3f08, 0x98d: 0xa000, 0x98e: 0x3f10, 0x98f: 0xa000, 0x990: 0x3f18, 0x991: 0xa000,
-	0x992: 0x3f20, 0x993: 0xa000, 0x994: 0x3f28, 0x995: 0xa000, 0x996: 0x3f30, 0x997: 0xa000,
-	0x998: 0x3f38, 0x999: 0xa000, 0x99a: 0x3f40, 0x99b: 0xa000, 0x99c: 0x3f48, 0x99d: 0xa000,
-	0x99e: 0x3f50, 0x99f: 0xa000, 0x9a0: 0x3f58, 0x9a1: 0xa000, 0x9a2: 0x3f60,
-	0x9a4: 0xa000, 0x9a5: 0x3f68, 0x9a6: 0xa000, 0x9a7: 0x3f70, 0x9a8: 0xa000, 0x9a9: 0x3f78,
-	0x9af: 0xa000,
-	0x9b0: 0x3f80, 0x9b1: 0x3f88, 0x9b2: 0xa000, 0x9b3: 0x3f90, 0x9b4: 0x3f98, 0x9b5: 0xa000,
-	0x9b6: 0x3fa0, 0x9b7: 0x3fa8, 0x9b8: 0xa000, 0x9b9: 0x3fb0, 0x9ba: 0x3fb8, 0x9bb: 0xa000,
-	0x9bc: 0x3fc0, 0x9bd: 0x3fc8,
-	// Block 0x27, offset 0x9c0
-	0x9d4: 0x3f00,
-	0x9d9: 0x9903, 0x9da: 0x9903, 0x9db: 0x42dc, 0x9dc: 0x42e2, 0x9dd: 0xa000,
-	0x9de: 0x3fd0, 0x9df: 0x26b4,
-	0x9e6: 0xa000,
-	0x9eb: 0xa000, 0x9ec: 0x3fe0, 0x9ed: 0xa000, 0x9ee: 0x3fe8, 0x9ef: 0xa000,
-	0x9f0: 0x3ff0, 0x9f1: 0xa000, 0x9f2: 0x3ff8, 0x9f3: 0xa000, 0x9f4: 0x4000, 0x9f5: 0xa000,
-	0x9f6: 0x4008, 0x9f7: 0xa000, 0x9f8: 0x4010, 0x9f9: 0xa000, 0x9fa: 0x4018, 0x9fb: 0xa000,
-	0x9fc: 0x4020, 0x9fd: 0xa000, 0x9fe: 0x4028, 0x9ff: 0xa000,
-	// Block 0x28, offset 0xa00
-	0xa00: 0x4030, 0xa01: 0xa000, 0xa02: 0x4038, 0xa04: 0xa000, 0xa05: 0x4040,
-	0xa06: 0xa000, 0xa07: 0x4048, 0xa08: 0xa000, 0xa09: 0x4050,
-	0xa0f: 0xa000, 0xa10: 0x4058, 0xa11: 0x4060,
-	0xa12: 0xa000, 0xa13: 0x4068, 0xa14: 0x4070, 0xa15: 0xa000, 0xa16: 0x4078, 0xa17: 0x4080,
-	0xa18: 0xa000, 0xa19: 0x4088, 0xa1a: 0x4090, 0xa1b: 0xa000, 0xa1c: 0x4098, 0xa1d: 0x40a0,
-	0xa2f: 0xa000,
-	0xa30: 0xa000, 0xa31: 0xa000, 0xa32: 0xa000, 0xa34: 0x3fd8,
-	0xa37: 0x40a8, 0xa38: 0x40b0, 0xa39: 0x40b8, 0xa3a: 0x40c0,
-	0xa3d: 0xa000, 0xa3e: 0x40c8, 0xa3f: 0x26c9,
-	// Block 0x29, offset 0xa40
-	0xa40: 0x0367, 0xa41: 0x032b, 0xa42: 0x032f, 0xa43: 0x0333, 0xa44: 0x037b, 0xa45: 0x0337,
-	0xa46: 0x033b, 0xa47: 0x033f, 0xa48: 0x0343, 0xa49: 0x0347, 0xa4a: 0x034b, 0xa4b: 0x034f,
-	0xa4c: 0x0353, 0xa4d: 0x0357, 0xa4e: 0x035b, 0xa4f: 0x49bd, 0xa50: 0x49c3, 0xa51: 0x49c9,
-	0xa52: 0x49cf, 0xa53: 0x49d5, 0xa54: 0x49db, 0xa55: 0x49e1, 0xa56: 0x49e7, 0xa57: 0x49ed,
-	0xa58: 0x49f3, 0xa59: 0x49f9, 0xa5a: 0x49ff, 0xa5b: 0x4a05, 0xa5c: 0x4a0b, 0xa5d: 0x4a11,
-	0xa5e: 0x4a17, 0xa5f: 0x4a1d, 0xa60: 0x4a23, 0xa61: 0x4a29, 0xa62: 0x4a2f, 0xa63: 0x4a35,
-	0xa64: 0x03c3, 0xa65: 0x035f, 0xa66: 0x0363, 0xa67: 0x03e7, 0xa68: 0x03eb, 0xa69: 0x03ef,
-	0xa6a: 0x03f3, 0xa6b: 0x03f7, 0xa6c: 0x03fb, 0xa6d: 0x03ff, 0xa6e: 0x036b, 0xa6f: 0x0403,
-	0xa70: 0x0407, 0xa71: 0x036f, 0xa72: 0x0373, 0xa73: 0x0377, 0xa74: 0x037f, 0xa75: 0x0383,
-	0xa76: 0x0387, 0xa77: 0x038b, 0xa78: 0x038f, 0xa79: 0x0393, 0xa7a: 0x0397, 0xa7b: 0x039b,
-	0xa7c: 0x039f, 0xa7d: 0x03a3, 0xa7e: 0x03a7, 0xa7f: 0x03ab,
-	// Block 0x2a, offset 0xa80
-	0xa80: 0x03af, 0xa81: 0x03b3, 0xa82: 0x040b, 0xa83: 0x040f, 0xa84: 0x03b7, 0xa85: 0x03bb,
-	0xa86: 0x03bf, 0xa87: 0x03c7, 0xa88: 0x03cb, 0xa89: 0x03cf, 0xa8a: 0x03d3, 0xa8b: 0x03d7,
-	0xa8c: 0x03db, 0xa8d: 0x03df, 0xa8e: 0x03e3,
-	0xa92: 0x06bf, 0xa93: 0x071b, 0xa94: 0x06cb, 0xa95: 0x097b, 0xa96: 0x06cf, 0xa97: 0x06e7,
-	0xa98: 0x06d3, 0xa99: 0x0f93, 0xa9a: 0x0707, 0xa9b: 0x06db, 0xa9c: 0x06c3, 0xa9d: 0x09ff,
-	0xa9e: 0x098f, 0xa9f: 0x072f,
-	// Block 0x2b, offset 0xac0
-	0xac0: 0x2054, 0xac1: 0x205a, 0xac2: 0x2060, 0xac3: 0x2066, 0xac4: 0x206c, 0xac5: 0x2072,
-	0xac6: 0x2078, 0xac7: 0x207e, 0xac8: 0x2084, 0xac9: 0x208a, 0xaca: 0x2090, 0xacb: 0x2096,
-	0xacc: 0x209c, 0xacd: 0x20a2, 0xace: 0x2726, 0xacf: 0x272f, 0xad0: 0x2738, 0xad1: 0x2741,
-	0xad2: 0x274a, 0xad3: 0x2753, 0xad4: 0x275c, 0xad5: 0x2765, 0xad6: 0x276e, 0xad7: 0x2780,
-	0xad8: 0x2789, 0xad9: 0x2792, 0xada: 0x279b, 0xadb: 0x27a4, 0xadc: 0x2777, 0xadd: 0x2bac,
-	0xade: 0x2aed, 0xae0: 0x20a8, 0xae1: 0x20c0, 0xae2: 0x20b4, 0xae3: 0x2108,
-	0xae4: 0x20c6, 0xae5: 0x20e4, 0xae6: 0x20ae, 0xae7: 0x20de, 0xae8: 0x20ba, 0xae9: 0x20f0,
-	0xaea: 0x2120, 0xaeb: 0x213e, 0xaec: 0x2138, 0xaed: 0x212c, 0xaee: 0x217a, 0xaef: 0x210e,
-	0xaf0: 0x211a, 0xaf1: 0x2132, 0xaf2: 0x2126, 0xaf3: 0x2150, 0xaf4: 0x20fc, 0xaf5: 0x2144,
-	0xaf6: 0x216e, 0xaf7: 0x2156, 0xaf8: 0x20ea, 0xaf9: 0x20cc, 0xafa: 0x2102, 0xafb: 0x2114,
-	0xafc: 0x214a, 0xafd: 0x20d2, 0xafe: 0x2174, 0xaff: 0x20f6,
-	// Block 0x2c, offset 0xb00
-	0xb00: 0x215c, 0xb01: 0x20d8, 0xb02: 0x2162, 0xb03: 0x2168, 0xb04: 0x092f, 0xb05: 0x0b03,
-	0xb06: 0x0ca7, 0xb07: 0x10c7,
-	0xb10: 0x1bc4, 0xb11: 0x18a9,
-	0xb12: 0x18ac, 0xb13: 0x18af, 0xb14: 0x18b2, 0xb15: 0x18b5, 0xb16: 0x18b8, 0xb17: 0x18bb,
-	0xb18: 0x18be, 0xb19: 0x18c1, 0xb1a: 0x18ca, 0xb1b: 0x18cd, 0xb1c: 0x18d0, 0xb1d: 0x18d3,
-	0xb1e: 0x18d6, 0xb1f: 0x18d9, 0xb20: 0x0313, 0xb21: 0x031b, 0xb22: 0x031f, 0xb23: 0x0327,
-	0xb24: 0x032b, 0xb25: 0x032f, 0xb26: 0x0337, 0xb27: 0x033f, 0xb28: 0x0343, 0xb29: 0x034b,
-	0xb2a: 0x034f, 0xb2b: 0x0353, 0xb2c: 0x0357, 0xb2d: 0x035b, 0xb2e: 0x2e18, 0xb2f: 0x2e20,
-	0xb30: 0x2e28, 0xb31: 0x2e30, 0xb32: 0x2e38, 0xb33: 0x2e40, 0xb34: 0x2e48, 0xb35: 0x2e50,
-	0xb36: 0x2e60, 0xb37: 0x2e68, 0xb38: 0x2e70, 0xb39: 0x2e78, 0xb3a: 0x2e80, 0xb3b: 0x2e88,
-	0xb3c: 0x2ed3, 0xb3d: 0x2e9b, 0xb3e: 0x2e58,
-	// Block 0x2d, offset 0xb40
-	0xb40: 0x06bf, 0xb41: 0x071b, 0xb42: 0x06cb, 0xb43: 0x097b, 0xb44: 0x071f, 0xb45: 0x07af,
-	0xb46: 0x06c7, 0xb47: 0x07ab, 0xb48: 0x070b, 0xb49: 0x0887, 0xb4a: 0x0d07, 0xb4b: 0x0e8f,
-	0xb4c: 0x0dd7, 0xb4d: 0x0d1b, 0xb4e: 0x145f, 0xb4f: 0x098b, 0xb50: 0x0ccf, 0xb51: 0x0d4b,
-	0xb52: 0x0d0b, 0xb53: 0x104b, 0xb54: 0x08fb, 0xb55: 0x0f03, 0xb56: 0x1387, 0xb57: 0x105f,
-	0xb58: 0x0843, 0xb59: 0x108f, 0xb5a: 0x0f9b, 0xb5b: 0x0a17, 0xb5c: 0x140f, 0xb5d: 0x077f,
-	0xb5e: 0x08ab, 0xb5f: 0x0df7, 0xb60: 0x1527, 0xb61: 0x0743, 0xb62: 0x07d3, 0xb63: 0x0d9b,
-	0xb64: 0x06cf, 0xb65: 0x06e7, 0xb66: 0x06d3, 0xb67: 0x0adb, 0xb68: 0x08ef, 0xb69: 0x087f,
-	0xb6a: 0x0a57, 0xb6b: 0x0a4b, 0xb6c: 0x0feb, 0xb6d: 0x073f, 0xb6e: 0x139b, 0xb6f: 0x089b,
-	0xb70: 0x09f3, 0xb71: 0x18dc, 0xb72: 0x18df, 0xb73: 0x18e2, 0xb74: 0x18e5, 0xb75: 0x18ee,
-	0xb76: 0x18f1, 0xb77: 0x18f4, 0xb78: 0x18f7, 0xb79: 0x18fa, 0xb7a: 0x18fd, 0xb7b: 0x1900,
-	0xb7c: 0x1903, 0xb7d: 0x1906, 0xb7e: 0x1909, 0xb7f: 0x1912,
-	// Block 0x2e, offset 0xb80
-	0xb80: 0x1cc6, 0xb81: 0x1cd5, 0xb82: 0x1ce4, 0xb83: 0x1cf3, 0xb84: 0x1d02, 0xb85: 0x1d11,
-	0xb86: 0x1d20, 0xb87: 0x1d2f, 0xb88: 0x1d3e, 0xb89: 0x218c, 0xb8a: 0x219e, 0xb8b: 0x21b0,
-	0xb8c: 0x1954, 0xb8d: 0x1c04, 0xb8e: 0x19d2, 0xb8f: 0x1ba8, 0xb90: 0x04cb, 0xb91: 0x04d3,
-	0xb92: 0x04db, 0xb93: 0x04e3, 0xb94: 0x04eb, 0xb95: 0x04ef, 0xb96: 0x04f3, 0xb97: 0x04f7,
-	0xb98: 0x04fb, 0xb99: 0x04ff, 0xb9a: 0x0503, 0xb9b: 0x0507, 0xb9c: 0x050b, 0xb9d: 0x050f,
-	0xb9e: 0x0513, 0xb9f: 0x0517, 0xba0: 0x051b, 0xba1: 0x0523, 0xba2: 0x0527, 0xba3: 0x052b,
-	0xba4: 0x052f, 0xba5: 0x0533, 0xba6: 0x0537, 0xba7: 0x053b, 0xba8: 0x053f, 0xba9: 0x0543,
-	0xbaa: 0x0547, 0xbab: 0x054b, 0xbac: 0x054f, 0xbad: 0x0553, 0xbae: 0x0557, 0xbaf: 0x055b,
-	0xbb0: 0x055f, 0xbb1: 0x0563, 0xbb2: 0x0567, 0xbb3: 0x056f, 0xbb4: 0x0577, 0xbb5: 0x057f,
-	0xbb6: 0x0583, 0xbb7: 0x0587, 0xbb8: 0x058b, 0xbb9: 0x058f, 0xbba: 0x0593, 0xbbb: 0x0597,
-	0xbbc: 0x059b, 0xbbd: 0x059f, 0xbbe: 0x05a3,
-	// Block 0x2f, offset 0xbc0
-	0xbc0: 0x2b0c, 0xbc1: 0x29a8, 0xbc2: 0x2b1c, 0xbc3: 0x2880, 0xbc4: 0x2ee4, 0xbc5: 0x288a,
-	0xbc6: 0x2894, 0xbc7: 0x2f28, 0xbc8: 0x29b5, 0xbc9: 0x289e, 0xbca: 0x28a8, 0xbcb: 0x28b2,
-	0xbcc: 0x29dc, 0xbcd: 0x29e9, 0xbce: 0x29c2, 0xbcf: 0x29cf, 0xbd0: 0x2ea9, 0xbd1: 0x29f6,
-	0xbd2: 0x2a03, 0xbd3: 0x2bbe, 0xbd4: 0x26bb, 0xbd5: 0x2bd1, 0xbd6: 0x2be4, 0xbd7: 0x2b2c,
-	0xbd8: 0x2a10, 0xbd9: 0x2bf7, 0xbda: 0x2c0a, 0xbdb: 0x2a1d, 0xbdc: 0x28bc, 0xbdd: 0x28c6,
-	0xbde: 0x2eb7, 0xbdf: 0x2a2a, 0xbe0: 0x2b3c, 0xbe1: 0x2ef5, 0xbe2: 0x28d0, 0xbe3: 0x28da,
-	0xbe4: 0x2a37, 0xbe5: 0x28e4, 0xbe6: 0x28ee, 0xbe7: 0x26d0, 0xbe8: 0x26d7, 0xbe9: 0x28f8,
-	0xbea: 0x2902, 0xbeb: 0x2c1d, 0xbec: 0x2a44, 0xbed: 0x2b4c, 0xbee: 0x2c30, 0xbef: 0x2a51,
-	0xbf0: 0x2916, 0xbf1: 0x290c, 0xbf2: 0x2f3c, 0xbf3: 0x2a5e, 0xbf4: 0x2c43, 0xbf5: 0x2920,
-	0xbf6: 0x2b5c, 0xbf7: 0x292a, 0xbf8: 0x2a78, 0xbf9: 0x2934, 0xbfa: 0x2a85, 0xbfb: 0x2f06,
-	0xbfc: 0x2a6b, 0xbfd: 0x2b6c, 0xbfe: 0x2a92, 0xbff: 0x26de,
-	// Block 0x30, offset 0xc00
-	0xc00: 0x2f17, 0xc01: 0x293e, 0xc02: 0x2948, 0xc03: 0x2a9f, 0xc04: 0x2952, 0xc05: 0x295c,
-	0xc06: 0x2966, 0xc07: 0x2b7c, 0xc08: 0x2aac, 0xc09: 0x26e5, 0xc0a: 0x2c56, 0xc0b: 0x2e90,
-	0xc0c: 0x2b8c, 0xc0d: 0x2ab9, 0xc0e: 0x2ec5, 0xc0f: 0x2970, 0xc10: 0x297a, 0xc11: 0x2ac6,
-	0xc12: 0x26ec, 0xc13: 0x2ad3, 0xc14: 0x2b9c, 0xc15: 0x26f3, 0xc16: 0x2c69, 0xc17: 0x2984,
-	0xc18: 0x1cb7, 0xc19: 0x1ccb, 0xc1a: 0x1cda, 0xc1b: 0x1ce9, 0xc1c: 0x1cf8, 0xc1d: 0x1d07,
-	0xc1e: 0x1d16, 0xc1f: 0x1d25, 0xc20: 0x1d34, 0xc21: 0x1d43, 0xc22: 0x2192, 0xc23: 0x21a4,
-	0xc24: 0x21b6, 0xc25: 0x21c2, 0xc26: 0x21ce, 0xc27: 0x21da, 0xc28: 0x21e6, 0xc29: 0x21f2,
-	0xc2a: 0x21fe, 0xc2b: 0x220a, 0xc2c: 0x2246, 0xc2d: 0x2252, 0xc2e: 0x225e, 0xc2f: 0x226a,
-	0xc30: 0x2276, 0xc31: 0x1c14, 0xc32: 0x19c6, 0xc33: 0x1936, 0xc34: 0x1be4, 0xc35: 0x1a47,
-	0xc36: 0x1a56, 0xc37: 0x19cc, 0xc38: 0x1bfc, 0xc39: 0x1c00, 0xc3a: 0x1960, 0xc3b: 0x2701,
-	0xc3c: 0x270f, 0xc3d: 0x26fa, 0xc3e: 0x2708, 0xc3f: 0x2ae0,
-	// Block 0x31, offset 0xc40
-	0xc40: 0x1a4a, 0xc41: 0x1a32, 0xc42: 0x1c60, 0xc43: 0x1a1a, 0xc44: 0x19f3, 0xc45: 0x1969,
-	0xc46: 0x1978, 0xc47: 0x1948, 0xc48: 0x1bf0, 0xc49: 0x1d52, 0xc4a: 0x1a4d, 0xc4b: 0x1a35,
-	0xc4c: 0x1c64, 0xc4d: 0x1c70, 0xc4e: 0x1a26, 0xc4f: 0x19fc, 0xc50: 0x1957, 0xc51: 0x1c1c,
-	0xc52: 0x1bb0, 0xc53: 0x1b9c, 0xc54: 0x1bcc, 0xc55: 0x1c74, 0xc56: 0x1a29, 0xc57: 0x19c9,
-	0xc58: 0x19ff, 0xc59: 0x19de, 0xc5a: 0x1a41, 0xc5b: 0x1c78, 0xc5c: 0x1a2c, 0xc5d: 0x19c0,
-	0xc5e: 0x1a02, 0xc5f: 0x1c3c, 0xc60: 0x1bf4, 0xc61: 0x1a14, 0xc62: 0x1c24, 0xc63: 0x1c40,
-	0xc64: 0x1bf8, 0xc65: 0x1a17, 0xc66: 0x1c28, 0xc67: 0x22e8, 0xc68: 0x22fc, 0xc69: 0x1996,
-	0xc6a: 0x1c20, 0xc6b: 0x1bb4, 0xc6c: 0x1ba0, 0xc6d: 0x1c48, 0xc6e: 0x2716, 0xc6f: 0x27ad,
-	0xc70: 0x1a59, 0xc71: 0x1a44, 0xc72: 0x1c7c, 0xc73: 0x1a2f, 0xc74: 0x1a50, 0xc75: 0x1a38,
-	0xc76: 0x1c68, 0xc77: 0x1a1d, 0xc78: 0x19f6, 0xc79: 0x1981, 0xc7a: 0x1a53, 0xc7b: 0x1a3b,
-	0xc7c: 0x1c6c, 0xc7d: 0x1a20, 0xc7e: 0x19f9, 0xc7f: 0x1984,
-	// Block 0x32, offset 0xc80
-	0xc80: 0x1c2c, 0xc81: 0x1bb8, 0xc82: 0x1d4d, 0xc83: 0x1939, 0xc84: 0x19ba, 0xc85: 0x19bd,
-	0xc86: 0x22f5, 0xc87: 0x1b94, 0xc88: 0x19c3, 0xc89: 0x194b, 0xc8a: 0x19e1, 0xc8b: 0x194e,
-	0xc8c: 0x19ea, 0xc8d: 0x196c, 0xc8e: 0x196f, 0xc8f: 0x1a05, 0xc90: 0x1a0b, 0xc91: 0x1a0e,
-	0xc92: 0x1c30, 0xc93: 0x1a11, 0xc94: 0x1a23, 0xc95: 0x1c38, 0xc96: 0x1c44, 0xc97: 0x1990,
-	0xc98: 0x1d57, 0xc99: 0x1bbc, 0xc9a: 0x1993, 0xc9b: 0x1a5c, 0xc9c: 0x19a5, 0xc9d: 0x19b4,
-	0xc9e: 0x22e2, 0xc9f: 0x22dc, 0xca0: 0x1cc1, 0xca1: 0x1cd0, 0xca2: 0x1cdf, 0xca3: 0x1cee,
-	0xca4: 0x1cfd, 0xca5: 0x1d0c, 0xca6: 0x1d1b, 0xca7: 0x1d2a, 0xca8: 0x1d39, 0xca9: 0x2186,
-	0xcaa: 0x2198, 0xcab: 0x21aa, 0xcac: 0x21bc, 0xcad: 0x21c8, 0xcae: 0x21d4, 0xcaf: 0x21e0,
-	0xcb0: 0x21ec, 0xcb1: 0x21f8, 0xcb2: 0x2204, 0xcb3: 0x2240, 0xcb4: 0x224c, 0xcb5: 0x2258,
-	0xcb6: 0x2264, 0xcb7: 0x2270, 0xcb8: 0x227c, 0xcb9: 0x2282, 0xcba: 0x2288, 0xcbb: 0x228e,
-	0xcbc: 0x2294, 0xcbd: 0x22a6, 0xcbe: 0x22ac, 0xcbf: 0x1c10,
-	// Block 0x33, offset 0xcc0
-	0xcc0: 0x1377, 0xcc1: 0x0cfb, 0xcc2: 0x13d3, 0xcc3: 0x139f, 0xcc4: 0x0e57, 0xcc5: 0x06eb,
-	0xcc6: 0x08df, 0xcc7: 0x162b, 0xcc8: 0x162b, 0xcc9: 0x0a0b, 0xcca: 0x145f, 0xccb: 0x0943,
-	0xccc: 0x0a07, 0xccd: 0x0bef, 0xcce: 0x0fcf, 0xccf: 0x115f, 0xcd0: 0x1297, 0xcd1: 0x12d3,
-	0xcd2: 0x1307, 0xcd3: 0x141b, 0xcd4: 0x0d73, 0xcd5: 0x0dff, 0xcd6: 0x0eab, 0xcd7: 0x0f43,
-	0xcd8: 0x125f, 0xcd9: 0x1447, 0xcda: 0x1573, 0xcdb: 0x070f, 0xcdc: 0x08b3, 0xcdd: 0x0d87,
-	0xcde: 0x0ecf, 0xcdf: 0x1293, 0xce0: 0x15c3, 0xce1: 0x0ab3, 0xce2: 0x0e77, 0xce3: 0x1283,
-	0xce4: 0x1317, 0xce5: 0x0c23, 0xce6: 0x11bb, 0xce7: 0x12df, 0xce8: 0x0b1f, 0xce9: 0x0d0f,
-	0xcea: 0x0e17, 0xceb: 0x0f1b, 0xcec: 0x1427, 0xced: 0x074f, 0xcee: 0x07e7, 0xcef: 0x0853,
-	0xcf0: 0x0c8b, 0xcf1: 0x0d7f, 0xcf2: 0x0ecb, 0xcf3: 0x0fef, 0xcf4: 0x1177, 0xcf5: 0x128b,
-	0xcf6: 0x12a3, 0xcf7: 0x13c7, 0xcf8: 0x14ef, 0xcf9: 0x15a3, 0xcfa: 0x15bf, 0xcfb: 0x102b,
-	0xcfc: 0x106b, 0xcfd: 0x1123, 0xcfe: 0x1243, 0xcff: 0x147b,
-	// Block 0x34, offset 0xd00
-	0xd00: 0x15cb, 0xd01: 0x134b, 0xd02: 0x09c7, 0xd03: 0x0b3b, 0xd04: 0x10db, 0xd05: 0x119b,
-	0xd06: 0x0eff, 0xd07: 0x1033, 0xd08: 0x1397, 0xd09: 0x14e7, 0xd0a: 0x09c3, 0xd0b: 0x0a8f,
-	0xd0c: 0x0d77, 0xd0d: 0x0e2b, 0xd0e: 0x0e5f, 0xd0f: 0x1113, 0xd10: 0x113b, 0xd11: 0x14a7,
-	0xd12: 0x084f, 0xd13: 0x11a7, 0xd14: 0x07f3, 0xd15: 0x07ef, 0xd16: 0x1097, 0xd17: 0x1127,
-	0xd18: 0x125b, 0xd19: 0x14af, 0xd1a: 0x1367, 0xd1b: 0x0c27, 0xd1c: 0x0d73, 0xd1d: 0x1357,
-	0xd1e: 0x06f7, 0xd1f: 0x0a63, 0xd20: 0x0b93, 0xd21: 0x0f2f, 0xd22: 0x0faf, 0xd23: 0x0873,
-	0xd24: 0x103b, 0xd25: 0x075f, 0xd26: 0x0b77, 0xd27: 0x06d7, 0xd28: 0x0deb, 0xd29: 0x0ca3,
-	0xd2a: 0x110f, 0xd2b: 0x08c7, 0xd2c: 0x09b3, 0xd2d: 0x0ffb, 0xd2e: 0x1263, 0xd2f: 0x133b,
-	0xd30: 0x0db7, 0xd31: 0x13f7, 0xd32: 0x0de3, 0xd33: 0x0c37, 0xd34: 0x121b, 0xd35: 0x0c57,
-	0xd36: 0x0fab, 0xd37: 0x072b, 0xd38: 0x07a7, 0xd39: 0x07eb, 0xd3a: 0x0d53, 0xd3b: 0x10fb,
-	0xd3c: 0x11f3, 0xd3d: 0x1347, 0xd3e: 0x145b, 0xd3f: 0x085b,
-	// Block 0x35, offset 0xd40
-	0xd40: 0x090f, 0xd41: 0x0a17, 0xd42: 0x0b2f, 0xd43: 0x0cbf, 0xd44: 0x0e7b, 0xd45: 0x103f,
-	0xd46: 0x1497, 0xd47: 0x157b, 0xd48: 0x15cf, 0xd49: 0x15e7, 0xd4a: 0x0837, 0xd4b: 0x0cf3,
-	0xd4c: 0x0da3, 0xd4d: 0x13eb, 0xd4e: 0x0afb, 0xd4f: 0x0bd7, 0xd50: 0x0bf3, 0xd51: 0x0c83,
-	0xd52: 0x0e6b, 0xd53: 0x0eb7, 0xd54: 0x0f67, 0xd55: 0x108b, 0xd56: 0x112f, 0xd57: 0x1193,
-	0xd58: 0x13db, 0xd59: 0x126b, 0xd5a: 0x1403, 0xd5b: 0x147f, 0xd5c: 0x080f, 0xd5d: 0x083b,
-	0xd5e: 0x0923, 0xd5f: 0x0ea7, 0xd60: 0x12f3, 0xd61: 0x133b, 0xd62: 0x0b1b, 0xd63: 0x0b8b,
-	0xd64: 0x0c4f, 0xd65: 0x0daf, 0xd66: 0x10d7, 0xd67: 0x0f23, 0xd68: 0x073b, 0xd69: 0x097f,
-	0xd6a: 0x0a63, 0xd6b: 0x0ac7, 0xd6c: 0x0b97, 0xd6d: 0x0f3f, 0xd6e: 0x0f5b, 0xd6f: 0x116b,
-	0xd70: 0x118b, 0xd71: 0x1463, 0xd72: 0x14e3, 0xd73: 0x14f3, 0xd74: 0x152f, 0xd75: 0x0753,
-	0xd76: 0x107f, 0xd77: 0x144f, 0xd78: 0x14cb, 0xd79: 0x0baf, 0xd7a: 0x0717, 0xd7b: 0x0777,
-	0xd7c: 0x0a67, 0xd7d: 0x0a87, 0xd7e: 0x0caf, 0xd7f: 0x0d73,
-	// Block 0x36, offset 0xd80
-	0xd80: 0x0ec3, 0xd81: 0x0fcb, 0xd82: 0x1277, 0xd83: 0x1417, 0xd84: 0x1623, 0xd85: 0x0ce3,
-	0xd86: 0x14a3, 0xd87: 0x0833, 0xd88: 0x0d2f, 0xd89: 0x0d3b, 0xd8a: 0x0e0f, 0xd8b: 0x0e47,
-	0xd8c: 0x0f4b, 0xd8d: 0x0fa7, 0xd8e: 0x1027, 0xd8f: 0x110b, 0xd90: 0x153b, 0xd91: 0x07af,
-	0xd92: 0x0c03, 0xd93: 0x14b3, 0xd94: 0x0767, 0xd95: 0x0aab, 0xd96: 0x0e2f, 0xd97: 0x13df,
-	0xd98: 0x0b67, 0xd99: 0x0bb7, 0xd9a: 0x0d43, 0xd9b: 0x0f2f, 0xd9c: 0x14bb, 0xd9d: 0x0817,
-	0xd9e: 0x08ff, 0xd9f: 0x0a97, 0xda0: 0x0cd3, 0xda1: 0x0d1f, 0xda2: 0x0d5f, 0xda3: 0x0df3,
-	0xda4: 0x0f47, 0xda5: 0x0fbb, 0xda6: 0x1157, 0xda7: 0x12f7, 0xda8: 0x1303, 0xda9: 0x1457,
-	0xdaa: 0x14d7, 0xdab: 0x0883, 0xdac: 0x0e4b, 0xdad: 0x0903, 0xdae: 0x0ec7, 0xdaf: 0x0f6b,
-	0xdb0: 0x1287, 0xdb1: 0x14bf, 0xdb2: 0x15ab, 0xdb3: 0x15d3, 0xdb4: 0x0d37, 0xdb5: 0x0e27,
-	0xdb6: 0x11c3, 0xdb7: 0x10b7, 0xdb8: 0x10c3, 0xdb9: 0x10e7, 0xdba: 0x0f17, 0xdbb: 0x0e9f,
-	0xdbc: 0x1363, 0xdbd: 0x0733, 0xdbe: 0x122b, 0xdbf: 0x081b,
-	// Block 0x37, offset 0xdc0
-	0xdc0: 0x080b, 0xdc1: 0x0b0b, 0xdc2: 0x0c2b, 0xdc3: 0x10f3, 0xdc4: 0x0a53, 0xdc5: 0x0e03,
-	0xdc6: 0x0cef, 0xdc7: 0x13e7, 0xdc8: 0x12e7, 0xdc9: 0x14ab, 0xdca: 0x1323, 0xdcb: 0x0b27,
-	0xdcc: 0x0787, 0xdcd: 0x095b, 0xdd0: 0x09af,
-	0xdd2: 0x0cdf, 0xdd5: 0x07f7, 0xdd6: 0x0f1f, 0xdd7: 0x0fe3,
-	0xdd8: 0x1047, 0xdd9: 0x1063, 0xdda: 0x1067, 0xddb: 0x107b, 0xddc: 0x14fb, 0xddd: 0x10eb,
-	0xdde: 0x116f, 0xde0: 0x128f, 0xde2: 0x1353,
-	0xde5: 0x1407, 0xde6: 0x1433,
-	0xdea: 0x154f, 0xdeb: 0x1553, 0xdec: 0x1557, 0xded: 0x15bb, 0xdee: 0x142b, 0xdef: 0x14c7,
-	0xdf0: 0x0757, 0xdf1: 0x077b, 0xdf2: 0x078f, 0xdf3: 0x084b, 0xdf4: 0x0857, 0xdf5: 0x0897,
-	0xdf6: 0x094b, 0xdf7: 0x0967, 0xdf8: 0x096f, 0xdf9: 0x09ab, 0xdfa: 0x09b7, 0xdfb: 0x0a93,
-	0xdfc: 0x0a9b, 0xdfd: 0x0ba3, 0xdfe: 0x0bcb, 0xdff: 0x0bd3,
-	// Block 0x38, offset 0xe00
-	0xe00: 0x0beb, 0xe01: 0x0c97, 0xe02: 0x0cc7, 0xe03: 0x0ce7, 0xe04: 0x0d57, 0xe05: 0x0e1b,
-	0xe06: 0x0e37, 0xe07: 0x0e67, 0xe08: 0x0ebb, 0xe09: 0x0edb, 0xe0a: 0x0f4f, 0xe0b: 0x102f,
-	0xe0c: 0x104b, 0xe0d: 0x1053, 0xe0e: 0x104f, 0xe0f: 0x1057, 0xe10: 0x105b, 0xe11: 0x105f,
-	0xe12: 0x1073, 0xe13: 0x1077, 0xe14: 0x109b, 0xe15: 0x10af, 0xe16: 0x10cb, 0xe17: 0x112f,
-	0xe18: 0x1137, 0xe19: 0x113f, 0xe1a: 0x1153, 0xe1b: 0x117b, 0xe1c: 0x11cb, 0xe1d: 0x11ff,
-	0xe1e: 0x11ff, 0xe1f: 0x1267, 0xe20: 0x130f, 0xe21: 0x1327, 0xe22: 0x135b, 0xe23: 0x135f,
-	0xe24: 0x13a3, 0xe25: 0x13a7, 0xe26: 0x13ff, 0xe27: 0x1407, 0xe28: 0x14db, 0xe29: 0x151f,
-	0xe2a: 0x1537, 0xe2b: 0x0b9b, 0xe2c: 0x171e, 0xe2d: 0x11e3,
-	0xe30: 0x06df, 0xe31: 0x07e3, 0xe32: 0x07a3, 0xe33: 0x074b, 0xe34: 0x078b, 0xe35: 0x07b7,
-	0xe36: 0x0847, 0xe37: 0x0863, 0xe38: 0x094b, 0xe39: 0x0937, 0xe3a: 0x0947, 0xe3b: 0x0963,
-	0xe3c: 0x09af, 0xe3d: 0x09bf, 0xe3e: 0x0a03, 0xe3f: 0x0a0f,
-	// Block 0x39, offset 0xe40
-	0xe40: 0x0a2b, 0xe41: 0x0a3b, 0xe42: 0x0b23, 0xe43: 0x0b2b, 0xe44: 0x0b5b, 0xe45: 0x0b7b,
-	0xe46: 0x0bab, 0xe47: 0x0bc3, 0xe48: 0x0bb3, 0xe49: 0x0bd3, 0xe4a: 0x0bc7, 0xe4b: 0x0beb,
-	0xe4c: 0x0c07, 0xe4d: 0x0c5f, 0xe4e: 0x0c6b, 0xe4f: 0x0c73, 0xe50: 0x0c9b, 0xe51: 0x0cdf,
-	0xe52: 0x0d0f, 0xe53: 0x0d13, 0xe54: 0x0d27, 0xe55: 0x0da7, 0xe56: 0x0db7, 0xe57: 0x0e0f,
-	0xe58: 0x0e5b, 0xe59: 0x0e53, 0xe5a: 0x0e67, 0xe5b: 0x0e83, 0xe5c: 0x0ebb, 0xe5d: 0x1013,
-	0xe5e: 0x0edf, 0xe5f: 0x0f13, 0xe60: 0x0f1f, 0xe61: 0x0f5f, 0xe62: 0x0f7b, 0xe63: 0x0f9f,
-	0xe64: 0x0fc3, 0xe65: 0x0fc7, 0xe66: 0x0fe3, 0xe67: 0x0fe7, 0xe68: 0x0ff7, 0xe69: 0x100b,
-	0xe6a: 0x1007, 0xe6b: 0x1037, 0xe6c: 0x10b3, 0xe6d: 0x10cb, 0xe6e: 0x10e3, 0xe6f: 0x111b,
-	0xe70: 0x112f, 0xe71: 0x114b, 0xe72: 0x117b, 0xe73: 0x122f, 0xe74: 0x1257, 0xe75: 0x12cb,
-	0xe76: 0x1313, 0xe77: 0x131f, 0xe78: 0x1327, 0xe79: 0x133f, 0xe7a: 0x1353, 0xe7b: 0x1343,
-	0xe7c: 0x135b, 0xe7d: 0x1357, 0xe7e: 0x134f, 0xe7f: 0x135f,
-	// Block 0x3a, offset 0xe80
-	0xe80: 0x136b, 0xe81: 0x13a7, 0xe82: 0x13e3, 0xe83: 0x1413, 0xe84: 0x144b, 0xe85: 0x146b,
-	0xe86: 0x14b7, 0xe87: 0x14db, 0xe88: 0x14fb, 0xe89: 0x150f, 0xe8a: 0x151f, 0xe8b: 0x152b,
-	0xe8c: 0x1537, 0xe8d: 0x158b, 0xe8e: 0x162b, 0xe8f: 0x16b5, 0xe90: 0x16b0, 0xe91: 0x16e2,
-	0xe92: 0x0607, 0xe93: 0x062f, 0xe94: 0x0633, 0xe95: 0x1764, 0xe96: 0x1791, 0xe97: 0x1809,
-	0xe98: 0x1617, 0xe99: 0x1627,
-	// Block 0x3b, offset 0xec0
-	0xec0: 0x19d5, 0xec1: 0x19d8, 0xec2: 0x19db, 0xec3: 0x1c08, 0xec4: 0x1c0c, 0xec5: 0x1a5f,
-	0xec6: 0x1a5f,
-	0xed3: 0x1d75, 0xed4: 0x1d66, 0xed5: 0x1d6b, 0xed6: 0x1d7a, 0xed7: 0x1d70,
-	0xedd: 0x4390,
-	0xede: 0x8115, 0xedf: 0x4402, 0xee0: 0x022d, 0xee1: 0x0215, 0xee2: 0x021e, 0xee3: 0x0221,
-	0xee4: 0x0224, 0xee5: 0x0227, 0xee6: 0x022a, 0xee7: 0x0230, 0xee8: 0x0233, 0xee9: 0x0017,
-	0xeea: 0x43f0, 0xeeb: 0x43f6, 0xeec: 0x44f4, 0xeed: 0x44fc, 0xeee: 0x4348, 0xeef: 0x434e,
-	0xef0: 0x4354, 0xef1: 0x435a, 0xef2: 0x4366, 0xef3: 0x436c, 0xef4: 0x4372, 0xef5: 0x437e,
-	0xef6: 0x4384, 0xef8: 0x438a, 0xef9: 0x4396, 0xefa: 0x439c, 0xefb: 0x43a2,
-	0xefc: 0x43ae, 0xefe: 0x43b4,
-	// Block 0x3c, offset 0xf00
-	0xf00: 0x43ba, 0xf01: 0x43c0, 0xf03: 0x43c6, 0xf04: 0x43cc,
-	0xf06: 0x43d8, 0xf07: 0x43de, 0xf08: 0x43e4, 0xf09: 0x43ea, 0xf0a: 0x43fc, 0xf0b: 0x4378,
-	0xf0c: 0x4360, 0xf0d: 0x43a8, 0xf0e: 0x43d2, 0xf0f: 0x1d7f, 0xf10: 0x0299, 0xf11: 0x0299,
-	0xf12: 0x02a2, 0xf13: 0x02a2, 0xf14: 0x02a2, 0xf15: 0x02a2, 0xf16: 0x02a5, 0xf17: 0x02a5,
-	0xf18: 0x02a5, 0xf19: 0x02a5, 0xf1a: 0x02ab, 0xf1b: 0x02ab, 0xf1c: 0x02ab, 0xf1d: 0x02ab,
-	0xf1e: 0x029f, 0xf1f: 0x029f, 0xf20: 0x029f, 0xf21: 0x029f, 0xf22: 0x02a8, 0xf23: 0x02a8,
-	0xf24: 0x02a8, 0xf25: 0x02a8, 0xf26: 0x029c, 0xf27: 0x029c, 0xf28: 0x029c, 0xf29: 0x029c,
-	0xf2a: 0x02cf, 0xf2b: 0x02cf, 0xf2c: 0x02cf, 0xf2d: 0x02cf, 0xf2e: 0x02d2, 0xf2f: 0x02d2,
-	0xf30: 0x02d2, 0xf31: 0x02d2, 0xf32: 0x02b1, 0xf33: 0x02b1, 0xf34: 0x02b1, 0xf35: 0x02b1,
-	0xf36: 0x02ae, 0xf37: 0x02ae, 0xf38: 0x02ae, 0xf39: 0x02ae, 0xf3a: 0x02b4, 0xf3b: 0x02b4,
-	0xf3c: 0x02b4, 0xf3d: 0x02b4, 0xf3e: 0x02b7, 0xf3f: 0x02b7,
-	// Block 0x3d, offset 0xf40
-	0xf40: 0x02b7, 0xf41: 0x02b7, 0xf42: 0x02c0, 0xf43: 0x02c0, 0xf44: 0x02bd, 0xf45: 0x02bd,
-	0xf46: 0x02c3, 0xf47: 0x02c3, 0xf48: 0x02ba, 0xf49: 0x02ba, 0xf4a: 0x02c9, 0xf4b: 0x02c9,
-	0xf4c: 0x02c6, 0xf4d: 0x02c6, 0xf4e: 0x02d5, 0xf4f: 0x02d5, 0xf50: 0x02d5, 0xf51: 0x02d5,
-	0xf52: 0x02db, 0xf53: 0x02db, 0xf54: 0x02db, 0xf55: 0x02db, 0xf56: 0x02e1, 0xf57: 0x02e1,
-	0xf58: 0x02e1, 0xf59: 0x02e1, 0xf5a: 0x02de, 0xf5b: 0x02de, 0xf5c: 0x02de, 0xf5d: 0x02de,
-	0xf5e: 0x02e4, 0xf5f: 0x02e4, 0xf60: 0x02e7, 0xf61: 0x02e7, 0xf62: 0x02e7, 0xf63: 0x02e7,
-	0xf64: 0x446e, 0xf65: 0x446e, 0xf66: 0x02ed, 0xf67: 0x02ed, 0xf68: 0x02ed, 0xf69: 0x02ed,
-	0xf6a: 0x02ea, 0xf6b: 0x02ea, 0xf6c: 0x02ea, 0xf6d: 0x02ea, 0xf6e: 0x0308, 0xf6f: 0x0308,
-	0xf70: 0x4468, 0xf71: 0x4468,
-	// Block 0x3e, offset 0xf80
-	0xf93: 0x02d8, 0xf94: 0x02d8, 0xf95: 0x02d8, 0xf96: 0x02d8, 0xf97: 0x02f6,
-	0xf98: 0x02f6, 0xf99: 0x02f3, 0xf9a: 0x02f3, 0xf9b: 0x02f9, 0xf9c: 0x02f9, 0xf9d: 0x204f,
-	0xf9e: 0x02ff, 0xf9f: 0x02ff, 0xfa0: 0x02f0, 0xfa1: 0x02f0, 0xfa2: 0x02fc, 0xfa3: 0x02fc,
-	0xfa4: 0x0305, 0xfa5: 0x0305, 0xfa6: 0x0305, 0xfa7: 0x0305, 0xfa8: 0x028d, 0xfa9: 0x028d,
-	0xfaa: 0x25aa, 0xfab: 0x25aa, 0xfac: 0x261a, 0xfad: 0x261a, 0xfae: 0x25e9, 0xfaf: 0x25e9,
-	0xfb0: 0x2605, 0xfb1: 0x2605, 0xfb2: 0x25fe, 0xfb3: 0x25fe, 0xfb4: 0x260c, 0xfb5: 0x260c,
-	0xfb6: 0x2613, 0xfb7: 0x2613, 0xfb8: 0x2613, 0xfb9: 0x25f0, 0xfba: 0x25f0, 0xfbb: 0x25f0,
-	0xfbc: 0x0302, 0xfbd: 0x0302, 0xfbe: 0x0302, 0xfbf: 0x0302,
-	// Block 0x3f, offset 0xfc0
-	0xfc0: 0x25b1, 0xfc1: 0x25b8, 0xfc2: 0x25d4, 0xfc3: 0x25f0, 0xfc4: 0x25f7, 0xfc5: 0x1d89,
-	0xfc6: 0x1d8e, 0xfc7: 0x1d93, 0xfc8: 0x1da2, 0xfc9: 0x1db1, 0xfca: 0x1db6, 0xfcb: 0x1dbb,
-	0xfcc: 0x1dc0, 0xfcd: 0x1dc5, 0xfce: 0x1dd4, 0xfcf: 0x1de3, 0xfd0: 0x1de8, 0xfd1: 0x1ded,
-	0xfd2: 0x1dfc, 0xfd3: 0x1e0b, 0xfd4: 0x1e10, 0xfd5: 0x1e15, 0xfd6: 0x1e1a, 0xfd7: 0x1e29,
-	0xfd8: 0x1e2e, 0xfd9: 0x1e3d, 0xfda: 0x1e42, 0xfdb: 0x1e47, 0xfdc: 0x1e56, 0xfdd: 0x1e5b,
-	0xfde: 0x1e60, 0xfdf: 0x1e6a, 0xfe0: 0x1ea6, 0xfe1: 0x1eb5, 0xfe2: 0x1ec4, 0xfe3: 0x1ec9,
-	0xfe4: 0x1ece, 0xfe5: 0x1ed8, 0xfe6: 0x1ee7, 0xfe7: 0x1eec, 0xfe8: 0x1efb, 0xfe9: 0x1f00,
-	0xfea: 0x1f05, 0xfeb: 0x1f14, 0xfec: 0x1f19, 0xfed: 0x1f28, 0xfee: 0x1f2d, 0xfef: 0x1f32,
-	0xff0: 0x1f37, 0xff1: 0x1f3c, 0xff2: 0x1f41, 0xff3: 0x1f46, 0xff4: 0x1f4b, 0xff5: 0x1f50,
-	0xff6: 0x1f55, 0xff7: 0x1f5a, 0xff8: 0x1f5f, 0xff9: 0x1f64, 0xffa: 0x1f69, 0xffb: 0x1f6e,
-	0xffc: 0x1f73, 0xffd: 0x1f78, 0xffe: 0x1f7d, 0xfff: 0x1f87,
-	// Block 0x40, offset 0x1000
-	0x1000: 0x1f8c, 0x1001: 0x1f91, 0x1002: 0x1f96, 0x1003: 0x1fa0, 0x1004: 0x1fa5, 0x1005: 0x1faf,
-	0x1006: 0x1fb4, 0x1007: 0x1fb9, 0x1008: 0x1fbe, 0x1009: 0x1fc3, 0x100a: 0x1fc8, 0x100b: 0x1fcd,
-	0x100c: 0x1fd2, 0x100d: 0x1fd7, 0x100e: 0x1fe6, 0x100f: 0x1ff5, 0x1010: 0x1ffa, 0x1011: 0x1fff,
-	0x1012: 0x2004, 0x1013: 0x2009, 0x1014: 0x200e, 0x1015: 0x2018, 0x1016: 0x201d, 0x1017: 0x2022,
-	0x1018: 0x2031, 0x1019: 0x2040, 0x101a: 0x2045, 0x101b: 0x4420, 0x101c: 0x4426, 0x101d: 0x445c,
-	0x101e: 0x44b3, 0x101f: 0x44ba, 0x1020: 0x44c1, 0x1021: 0x44c8, 0x1022: 0x44cf, 0x1023: 0x44d6,
-	0x1024: 0x25c6, 0x1025: 0x25cd, 0x1026: 0x25d4, 0x1027: 0x25db, 0x1028: 0x25f0, 0x1029: 0x25f7,
-	0x102a: 0x1d98, 0x102b: 0x1d9d, 0x102c: 0x1da2, 0x102d: 0x1da7, 0x102e: 0x1db1, 0x102f: 0x1db6,
-	0x1030: 0x1dca, 0x1031: 0x1dcf, 0x1032: 0x1dd4, 0x1033: 0x1dd9, 0x1034: 0x1de3, 0x1035: 0x1de8,
-	0x1036: 0x1df2, 0x1037: 0x1df7, 0x1038: 0x1dfc, 0x1039: 0x1e01, 0x103a: 0x1e0b, 0x103b: 0x1e10,
-	0x103c: 0x1f3c, 0x103d: 0x1f41, 0x103e: 0x1f50, 0x103f: 0x1f55,
-	// Block 0x41, offset 0x1040
-	0x1040: 0x1f5a, 0x1041: 0x1f6e, 0x1042: 0x1f73, 0x1043: 0x1f78, 0x1044: 0x1f7d, 0x1045: 0x1f96,
-	0x1046: 0x1fa0, 0x1047: 0x1fa5, 0x1048: 0x1faa, 0x1049: 0x1fbe, 0x104a: 0x1fdc, 0x104b: 0x1fe1,
-	0x104c: 0x1fe6, 0x104d: 0x1feb, 0x104e: 0x1ff5, 0x104f: 0x1ffa, 0x1050: 0x445c, 0x1051: 0x2027,
-	0x1052: 0x202c, 0x1053: 0x2031, 0x1054: 0x2036, 0x1055: 0x2040, 0x1056: 0x2045, 0x1057: 0x25b1,
-	0x1058: 0x25b8, 0x1059: 0x25bf, 0x105a: 0x25d4, 0x105b: 0x25e2, 0x105c: 0x1d89, 0x105d: 0x1d8e,
-	0x105e: 0x1d93, 0x105f: 0x1da2, 0x1060: 0x1dac, 0x1061: 0x1dbb, 0x1062: 0x1dc0, 0x1063: 0x1dc5,
-	0x1064: 0x1dd4, 0x1065: 0x1dde, 0x1066: 0x1dfc, 0x1067: 0x1e15, 0x1068: 0x1e1a, 0x1069: 0x1e29,
-	0x106a: 0x1e2e, 0x106b: 0x1e3d, 0x106c: 0x1e47, 0x106d: 0x1e56, 0x106e: 0x1e5b, 0x106f: 0x1e60,
-	0x1070: 0x1e6a, 0x1071: 0x1ea6, 0x1072: 0x1eab, 0x1073: 0x1eb5, 0x1074: 0x1ec4, 0x1075: 0x1ec9,
-	0x1076: 0x1ece, 0x1077: 0x1ed8, 0x1078: 0x1ee7, 0x1079: 0x1efb, 0x107a: 0x1f00, 0x107b: 0x1f05,
-	0x107c: 0x1f14, 0x107d: 0x1f19, 0x107e: 0x1f28, 0x107f: 0x1f2d,
-	// Block 0x42, offset 0x1080
-	0x1080: 0x1f32, 0x1081: 0x1f37, 0x1082: 0x1f46, 0x1083: 0x1f4b, 0x1084: 0x1f5f, 0x1085: 0x1f64,
-	0x1086: 0x1f69, 0x1087: 0x1f6e, 0x1088: 0x1f73, 0x1089: 0x1f87, 0x108a: 0x1f8c, 0x108b: 0x1f91,
-	0x108c: 0x1f96, 0x108d: 0x1f9b, 0x108e: 0x1faf, 0x108f: 0x1fb4, 0x1090: 0x1fb9, 0x1091: 0x1fbe,
-	0x1092: 0x1fcd, 0x1093: 0x1fd2, 0x1094: 0x1fd7, 0x1095: 0x1fe6, 0x1096: 0x1ff0, 0x1097: 0x1fff,
-	0x1098: 0x2004, 0x1099: 0x4450, 0x109a: 0x2018, 0x109b: 0x201d, 0x109c: 0x2022, 0x109d: 0x2031,
-	0x109e: 0x203b, 0x109f: 0x25d4, 0x10a0: 0x25e2, 0x10a1: 0x1da2, 0x10a2: 0x1dac, 0x10a3: 0x1dd4,
-	0x10a4: 0x1dde, 0x10a5: 0x1dfc, 0x10a6: 0x1e06, 0x10a7: 0x1e6a, 0x10a8: 0x1e6f, 0x10a9: 0x1e92,
-	0x10aa: 0x1e97, 0x10ab: 0x1f6e, 0x10ac: 0x1f73, 0x10ad: 0x1f96, 0x10ae: 0x1fe6, 0x10af: 0x1ff0,
-	0x10b0: 0x2031, 0x10b1: 0x203b, 0x10b2: 0x4504, 0x10b3: 0x450c, 0x10b4: 0x4514, 0x10b5: 0x1ef1,
-	0x10b6: 0x1ef6, 0x10b7: 0x1f0a, 0x10b8: 0x1f0f, 0x10b9: 0x1f1e, 0x10ba: 0x1f23, 0x10bb: 0x1e74,
-	0x10bc: 0x1e79, 0x10bd: 0x1e9c, 0x10be: 0x1ea1, 0x10bf: 0x1e33,
-	// Block 0x43, offset 0x10c0
-	0x10c0: 0x1e38, 0x10c1: 0x1e1f, 0x10c2: 0x1e24, 0x10c3: 0x1e4c, 0x10c4: 0x1e51, 0x10c5: 0x1eba,
-	0x10c6: 0x1ebf, 0x10c7: 0x1edd, 0x10c8: 0x1ee2, 0x10c9: 0x1e7e, 0x10ca: 0x1e83, 0x10cb: 0x1e88,
-	0x10cc: 0x1e92, 0x10cd: 0x1e8d, 0x10ce: 0x1e65, 0x10cf: 0x1eb0, 0x10d0: 0x1ed3, 0x10d1: 0x1ef1,
-	0x10d2: 0x1ef6, 0x10d3: 0x1f0a, 0x10d4: 0x1f0f, 0x10d5: 0x1f1e, 0x10d6: 0x1f23, 0x10d7: 0x1e74,
-	0x10d8: 0x1e79, 0x10d9: 0x1e9c, 0x10da: 0x1ea1, 0x10db: 0x1e33, 0x10dc: 0x1e38, 0x10dd: 0x1e1f,
-	0x10de: 0x1e24, 0x10df: 0x1e4c, 0x10e0: 0x1e51, 0x10e1: 0x1eba, 0x10e2: 0x1ebf, 0x10e3: 0x1edd,
-	0x10e4: 0x1ee2, 0x10e5: 0x1e7e, 0x10e6: 0x1e83, 0x10e7: 0x1e88, 0x10e8: 0x1e92, 0x10e9: 0x1e8d,
-	0x10ea: 0x1e65, 0x10eb: 0x1eb0, 0x10ec: 0x1ed3, 0x10ed: 0x1e7e, 0x10ee: 0x1e83, 0x10ef: 0x1e88,
-	0x10f0: 0x1e92, 0x10f1: 0x1e6f, 0x10f2: 0x1e97, 0x10f3: 0x1eec, 0x10f4: 0x1e56, 0x10f5: 0x1e5b,
-	0x10f6: 0x1e60, 0x10f7: 0x1e7e, 0x10f8: 0x1e83, 0x10f9: 0x1e88, 0x10fa: 0x1eec, 0x10fb: 0x1efb,
-	0x10fc: 0x4408, 0x10fd: 0x4408,
-	// Block 0x44, offset 0x1100
-	0x1110: 0x2311, 0x1111: 0x2326,
-	0x1112: 0x2326, 0x1113: 0x232d, 0x1114: 0x2334, 0x1115: 0x2349, 0x1116: 0x2350, 0x1117: 0x2357,
-	0x1118: 0x237a, 0x1119: 0x237a, 0x111a: 0x239d, 0x111b: 0x2396, 0x111c: 0x23b2, 0x111d: 0x23a4,
-	0x111e: 0x23ab, 0x111f: 0x23ce, 0x1120: 0x23ce, 0x1121: 0x23c7, 0x1122: 0x23d5, 0x1123: 0x23d5,
-	0x1124: 0x23ff, 0x1125: 0x23ff, 0x1126: 0x241b, 0x1127: 0x23e3, 0x1128: 0x23e3, 0x1129: 0x23dc,
-	0x112a: 0x23f1, 0x112b: 0x23f1, 0x112c: 0x23f8, 0x112d: 0x23f8, 0x112e: 0x2422, 0x112f: 0x2430,
-	0x1130: 0x2430, 0x1131: 0x2437, 0x1132: 0x2437, 0x1133: 0x243e, 0x1134: 0x2445, 0x1135: 0x244c,
-	0x1136: 0x2453, 0x1137: 0x2453, 0x1138: 0x245a, 0x1139: 0x2468, 0x113a: 0x2476, 0x113b: 0x246f,
-	0x113c: 0x247d, 0x113d: 0x247d, 0x113e: 0x2492, 0x113f: 0x2499,
-	// Block 0x45, offset 0x1140
-	0x1140: 0x24ca, 0x1141: 0x24d8, 0x1142: 0x24d1, 0x1143: 0x24b5, 0x1144: 0x24b5, 0x1145: 0x24df,
-	0x1146: 0x24df, 0x1147: 0x24e6, 0x1148: 0x24e6, 0x1149: 0x2510, 0x114a: 0x2517, 0x114b: 0x251e,
-	0x114c: 0x24f4, 0x114d: 0x2502, 0x114e: 0x2525, 0x114f: 0x252c,
-	0x1152: 0x24fb, 0x1153: 0x2580, 0x1154: 0x2587, 0x1155: 0x255d, 0x1156: 0x2564, 0x1157: 0x2548,
-	0x1158: 0x2548, 0x1159: 0x254f, 0x115a: 0x2579, 0x115b: 0x2572, 0x115c: 0x259c, 0x115d: 0x259c,
-	0x115e: 0x230a, 0x115f: 0x231f, 0x1160: 0x2318, 0x1161: 0x2342, 0x1162: 0x233b, 0x1163: 0x2365,
-	0x1164: 0x235e, 0x1165: 0x2388, 0x1166: 0x236c, 0x1167: 0x2381, 0x1168: 0x23b9, 0x1169: 0x2406,
-	0x116a: 0x23ea, 0x116b: 0x2429, 0x116c: 0x24c3, 0x116d: 0x24ed, 0x116e: 0x2595, 0x116f: 0x258e,
-	0x1170: 0x25a3, 0x1171: 0x253a, 0x1172: 0x24a0, 0x1173: 0x256b, 0x1174: 0x2492, 0x1175: 0x24ca,
-	0x1176: 0x2461, 0x1177: 0x24ae, 0x1178: 0x2541, 0x1179: 0x2533, 0x117a: 0x24bc, 0x117b: 0x24a7,
-	0x117c: 0x24bc, 0x117d: 0x2541, 0x117e: 0x2373, 0x117f: 0x238f,
-	// Block 0x46, offset 0x1180
-	0x1180: 0x2509, 0x1181: 0x2484, 0x1182: 0x2303, 0x1183: 0x24a7, 0x1184: 0x244c, 0x1185: 0x241b,
-	0x1186: 0x23c0, 0x1187: 0x2556,
-	0x11b0: 0x2414, 0x11b1: 0x248b, 0x11b2: 0x27bf, 0x11b3: 0x27b6, 0x11b4: 0x27ec, 0x11b5: 0x27da,
-	0x11b6: 0x27c8, 0x11b7: 0x27e3, 0x11b8: 0x27f5, 0x11b9: 0x240d, 0x11ba: 0x2c7c, 0x11bb: 0x2afc,
-	0x11bc: 0x27d1,
-	// Block 0x47, offset 0x11c0
-	0x11d0: 0x0019, 0x11d1: 0x0483,
-	0x11d2: 0x0487, 0x11d3: 0x0035, 0x11d4: 0x0037, 0x11d5: 0x0003, 0x11d6: 0x003f, 0x11d7: 0x04bf,
-	0x11d8: 0x04c3, 0x11d9: 0x1b5c,
-	0x11e0: 0x8132, 0x11e1: 0x8132, 0x11e2: 0x8132, 0x11e3: 0x8132,
-	0x11e4: 0x8132, 0x11e5: 0x8132, 0x11e6: 0x8132, 0x11e7: 0x812d, 0x11e8: 0x812d, 0x11e9: 0x812d,
-	0x11ea: 0x812d, 0x11eb: 0x812d, 0x11ec: 0x812d, 0x11ed: 0x812d, 0x11ee: 0x8132, 0x11ef: 0x8132,
-	0x11f0: 0x1873, 0x11f1: 0x0443, 0x11f2: 0x043f, 0x11f3: 0x007f, 0x11f4: 0x007f, 0x11f5: 0x0011,
-	0x11f6: 0x0013, 0x11f7: 0x00b7, 0x11f8: 0x00bb, 0x11f9: 0x04b7, 0x11fa: 0x04bb, 0x11fb: 0x04ab,
-	0x11fc: 0x04af, 0x11fd: 0x0493, 0x11fe: 0x0497, 0x11ff: 0x048b,
-	// Block 0x48, offset 0x1200
-	0x1200: 0x048f, 0x1201: 0x049b, 0x1202: 0x049f, 0x1203: 0x04a3, 0x1204: 0x04a7,
-	0x1207: 0x0077, 0x1208: 0x007b, 0x1209: 0x4269, 0x120a: 0x4269, 0x120b: 0x4269,
-	0x120c: 0x4269, 0x120d: 0x007f, 0x120e: 0x007f, 0x120f: 0x007f, 0x1210: 0x0019, 0x1211: 0x0483,
-	0x1212: 0x001d, 0x1214: 0x0037, 0x1215: 0x0035, 0x1216: 0x003f, 0x1217: 0x0003,
-	0x1218: 0x0443, 0x1219: 0x0011, 0x121a: 0x0013, 0x121b: 0x00b7, 0x121c: 0x00bb, 0x121d: 0x04b7,
-	0x121e: 0x04bb, 0x121f: 0x0007, 0x1220: 0x000d, 0x1221: 0x0015, 0x1222: 0x0017, 0x1223: 0x001b,
-	0x1224: 0x0039, 0x1225: 0x003d, 0x1226: 0x003b, 0x1228: 0x0079, 0x1229: 0x0009,
-	0x122a: 0x000b, 0x122b: 0x0041,
-	0x1230: 0x42aa, 0x1231: 0x442c, 0x1232: 0x42af, 0x1234: 0x42b4,
-	0x1236: 0x42b9, 0x1237: 0x4432, 0x1238: 0x42be, 0x1239: 0x4438, 0x123a: 0x42c3, 0x123b: 0x443e,
-	0x123c: 0x42c8, 0x123d: 0x4444, 0x123e: 0x42cd, 0x123f: 0x444a,
-	// Block 0x49, offset 0x1240
-	0x1240: 0x0236, 0x1241: 0x440e, 0x1242: 0x440e, 0x1243: 0x4414, 0x1244: 0x4414, 0x1245: 0x4456,
-	0x1246: 0x4456, 0x1247: 0x441a, 0x1248: 0x441a, 0x1249: 0x4462, 0x124a: 0x4462, 0x124b: 0x4462,
-	0x124c: 0x4462, 0x124d: 0x0239, 0x124e: 0x0239, 0x124f: 0x023c, 0x1250: 0x023c, 0x1251: 0x023c,
-	0x1252: 0x023c, 0x1253: 0x023f, 0x1254: 0x023f, 0x1255: 0x0242, 0x1256: 0x0242, 0x1257: 0x0242,
-	0x1258: 0x0242, 0x1259: 0x0245, 0x125a: 0x0245, 0x125b: 0x0245, 0x125c: 0x0245, 0x125d: 0x0248,
-	0x125e: 0x0248, 0x125f: 0x0248, 0x1260: 0x0248, 0x1261: 0x024b, 0x1262: 0x024b, 0x1263: 0x024b,
-	0x1264: 0x024b, 0x1265: 0x024e, 0x1266: 0x024e, 0x1267: 0x024e, 0x1268: 0x024e, 0x1269: 0x0251,
-	0x126a: 0x0251, 0x126b: 0x0254, 0x126c: 0x0254, 0x126d: 0x0257, 0x126e: 0x0257, 0x126f: 0x025a,
-	0x1270: 0x025a, 0x1271: 0x025d, 0x1272: 0x025d, 0x1273: 0x025d, 0x1274: 0x025d, 0x1275: 0x0260,
-	0x1276: 0x0260, 0x1277: 0x0260, 0x1278: 0x0260, 0x1279: 0x0263, 0x127a: 0x0263, 0x127b: 0x0263,
-	0x127c: 0x0263, 0x127d: 0x0266, 0x127e: 0x0266, 0x127f: 0x0266,
-	// Block 0x4a, offset 0x1280
-	0x1280: 0x0266, 0x1281: 0x0269, 0x1282: 0x0269, 0x1283: 0x0269, 0x1284: 0x0269, 0x1285: 0x026c,
-	0x1286: 0x026c, 0x1287: 0x026c, 0x1288: 0x026c, 0x1289: 0x026f, 0x128a: 0x026f, 0x128b: 0x026f,
-	0x128c: 0x026f, 0x128d: 0x0272, 0x128e: 0x0272, 0x128f: 0x0272, 0x1290: 0x0272, 0x1291: 0x0275,
-	0x1292: 0x0275, 0x1293: 0x0275, 0x1294: 0x0275, 0x1295: 0x0278, 0x1296: 0x0278, 0x1297: 0x0278,
-	0x1298: 0x0278, 0x1299: 0x027b, 0x129a: 0x027b, 0x129b: 0x027b, 0x129c: 0x027b, 0x129d: 0x027e,
-	0x129e: 0x027e, 0x129f: 0x027e, 0x12a0: 0x027e, 0x12a1: 0x0281, 0x12a2: 0x0281, 0x12a3: 0x0281,
-	0x12a4: 0x0281, 0x12a5: 0x0284, 0x12a6: 0x0284, 0x12a7: 0x0284, 0x12a8: 0x0284, 0x12a9: 0x0287,
-	0x12aa: 0x0287, 0x12ab: 0x0287, 0x12ac: 0x0287, 0x12ad: 0x028a, 0x12ae: 0x028a, 0x12af: 0x028d,
-	0x12b0: 0x028d, 0x12b1: 0x0290, 0x12b2: 0x0290, 0x12b3: 0x0290, 0x12b4: 0x0290, 0x12b5: 0x2e00,
-	0x12b6: 0x2e00, 0x12b7: 0x2e08, 0x12b8: 0x2e08, 0x12b9: 0x2e10, 0x12ba: 0x2e10, 0x12bb: 0x1f82,
-	0x12bc: 0x1f82,
-	// Block 0x4b, offset 0x12c0
-	0x12c0: 0x0081, 0x12c1: 0x0083, 0x12c2: 0x0085, 0x12c3: 0x0087, 0x12c4: 0x0089, 0x12c5: 0x008b,
-	0x12c6: 0x008d, 0x12c7: 0x008f, 0x12c8: 0x0091, 0x12c9: 0x0093, 0x12ca: 0x0095, 0x12cb: 0x0097,
-	0x12cc: 0x0099, 0x12cd: 0x009b, 0x12ce: 0x009d, 0x12cf: 0x009f, 0x12d0: 0x00a1, 0x12d1: 0x00a3,
-	0x12d2: 0x00a5, 0x12d3: 0x00a7, 0x12d4: 0x00a9, 0x12d5: 0x00ab, 0x12d6: 0x00ad, 0x12d7: 0x00af,
-	0x12d8: 0x00b1, 0x12d9: 0x00b3, 0x12da: 0x00b5, 0x12db: 0x00b7, 0x12dc: 0x00b9, 0x12dd: 0x00bb,
-	0x12de: 0x00bd, 0x12df: 0x0477, 0x12e0: 0x047b, 0x12e1: 0x0487, 0x12e2: 0x049b, 0x12e3: 0x049f,
-	0x12e4: 0x0483, 0x12e5: 0x05ab, 0x12e6: 0x05a3, 0x12e7: 0x04c7, 0x12e8: 0x04cf, 0x12e9: 0x04d7,
-	0x12ea: 0x04df, 0x12eb: 0x04e7, 0x12ec: 0x056b, 0x12ed: 0x0573, 0x12ee: 0x057b, 0x12ef: 0x051f,
-	0x12f0: 0x05af, 0x12f1: 0x04cb, 0x12f2: 0x04d3, 0x12f3: 0x04db, 0x12f4: 0x04e3, 0x12f5: 0x04eb,
-	0x12f6: 0x04ef, 0x12f7: 0x04f3, 0x12f8: 0x04f7, 0x12f9: 0x04fb, 0x12fa: 0x04ff, 0x12fb: 0x0503,
-	0x12fc: 0x0507, 0x12fd: 0x050b, 0x12fe: 0x050f, 0x12ff: 0x0513,
-	// Block 0x4c, offset 0x1300
-	0x1300: 0x0517, 0x1301: 0x051b, 0x1302: 0x0523, 0x1303: 0x0527, 0x1304: 0x052b, 0x1305: 0x052f,
-	0x1306: 0x0533, 0x1307: 0x0537, 0x1308: 0x053b, 0x1309: 0x053f, 0x130a: 0x0543, 0x130b: 0x0547,
-	0x130c: 0x054b, 0x130d: 0x054f, 0x130e: 0x0553, 0x130f: 0x0557, 0x1310: 0x055b, 0x1311: 0x055f,
-	0x1312: 0x0563, 0x1313: 0x0567, 0x1314: 0x056f, 0x1315: 0x0577, 0x1316: 0x057f, 0x1317: 0x0583,
-	0x1318: 0x0587, 0x1319: 0x058b, 0x131a: 0x058f, 0x131b: 0x0593, 0x131c: 0x0597, 0x131d: 0x05a7,
-	0x131e: 0x4a78, 0x131f: 0x4a7e, 0x1320: 0x03c3, 0x1321: 0x0313, 0x1322: 0x0317, 0x1323: 0x4a3b,
-	0x1324: 0x031b, 0x1325: 0x4a41, 0x1326: 0x4a47, 0x1327: 0x031f, 0x1328: 0x0323, 0x1329: 0x0327,
-	0x132a: 0x4a4d, 0x132b: 0x4a53, 0x132c: 0x4a59, 0x132d: 0x4a5f, 0x132e: 0x4a65, 0x132f: 0x4a6b,
-	0x1330: 0x0367, 0x1331: 0x032b, 0x1332: 0x032f, 0x1333: 0x0333, 0x1334: 0x037b, 0x1335: 0x0337,
-	0x1336: 0x033b, 0x1337: 0x033f, 0x1338: 0x0343, 0x1339: 0x0347, 0x133a: 0x034b, 0x133b: 0x034f,
-	0x133c: 0x0353, 0x133d: 0x0357, 0x133e: 0x035b,
-	// Block 0x4d, offset 0x1340
-	0x1342: 0x49bd, 0x1343: 0x49c3, 0x1344: 0x49c9, 0x1345: 0x49cf,
-	0x1346: 0x49d5, 0x1347: 0x49db, 0x134a: 0x49e1, 0x134b: 0x49e7,
-	0x134c: 0x49ed, 0x134d: 0x49f3, 0x134e: 0x49f9, 0x134f: 0x49ff,
-	0x1352: 0x4a05, 0x1353: 0x4a0b, 0x1354: 0x4a11, 0x1355: 0x4a17, 0x1356: 0x4a1d, 0x1357: 0x4a23,
-	0x135a: 0x4a29, 0x135b: 0x4a2f, 0x135c: 0x4a35,
-	0x1360: 0x00bf, 0x1361: 0x00c2, 0x1362: 0x00cb, 0x1363: 0x4264,
-	0x1364: 0x00c8, 0x1365: 0x00c5, 0x1366: 0x0447, 0x1368: 0x046b, 0x1369: 0x044b,
-	0x136a: 0x044f, 0x136b: 0x0453, 0x136c: 0x0457, 0x136d: 0x046f, 0x136e: 0x0473,
-	// Block 0x4e, offset 0x1380
-	0x1380: 0x0063, 0x1381: 0x0065, 0x1382: 0x0067, 0x1383: 0x0069, 0x1384: 0x006b, 0x1385: 0x006d,
-	0x1386: 0x006f, 0x1387: 0x0071, 0x1388: 0x0073, 0x1389: 0x0075, 0x138a: 0x0083, 0x138b: 0x0085,
-	0x138c: 0x0087, 0x138d: 0x0089, 0x138e: 0x008b, 0x138f: 0x008d, 0x1390: 0x008f, 0x1391: 0x0091,
-	0x1392: 0x0093, 0x1393: 0x0095, 0x1394: 0x0097, 0x1395: 0x0099, 0x1396: 0x009b, 0x1397: 0x009d,
-	0x1398: 0x009f, 0x1399: 0x00a1, 0x139a: 0x00a3, 0x139b: 0x00a5, 0x139c: 0x00a7, 0x139d: 0x00a9,
-	0x139e: 0x00ab, 0x139f: 0x00ad, 0x13a0: 0x00af, 0x13a1: 0x00b1, 0x13a2: 0x00b3, 0x13a3: 0x00b5,
-	0x13a4: 0x00dd, 0x13a5: 0x00f2, 0x13a8: 0x0173, 0x13a9: 0x0176,
-	0x13aa: 0x0179, 0x13ab: 0x017c, 0x13ac: 0x017f, 0x13ad: 0x0182, 0x13ae: 0x0185, 0x13af: 0x0188,
-	0x13b0: 0x018b, 0x13b1: 0x018e, 0x13b2: 0x0191, 0x13b3: 0x0194, 0x13b4: 0x0197, 0x13b5: 0x019a,
-	0x13b6: 0x019d, 0x13b7: 0x01a0, 0x13b8: 0x01a3, 0x13b9: 0x0188, 0x13ba: 0x01a6, 0x13bb: 0x01a9,
-	0x13bc: 0x01ac, 0x13bd: 0x01af, 0x13be: 0x01b2, 0x13bf: 0x01b5,
-	// Block 0x4f, offset 0x13c0
-	0x13c0: 0x01fd, 0x13c1: 0x0200, 0x13c2: 0x0203, 0x13c3: 0x045b, 0x13c4: 0x01c7, 0x13c5: 0x01d0,
-	0x13c6: 0x01d6, 0x13c7: 0x01fa, 0x13c8: 0x01eb, 0x13c9: 0x01e8, 0x13ca: 0x0206, 0x13cb: 0x0209,
-	0x13ce: 0x0021, 0x13cf: 0x0023, 0x13d0: 0x0025, 0x13d1: 0x0027,
-	0x13d2: 0x0029, 0x13d3: 0x002b, 0x13d4: 0x002d, 0x13d5: 0x002f, 0x13d6: 0x0031, 0x13d7: 0x0033,
-	0x13d8: 0x0021, 0x13d9: 0x0023, 0x13da: 0x0025, 0x13db: 0x0027, 0x13dc: 0x0029, 0x13dd: 0x002b,
-	0x13de: 0x002d, 0x13df: 0x002f, 0x13e0: 0x0031, 0x13e1: 0x0033, 0x13e2: 0x0021, 0x13e3: 0x0023,
-	0x13e4: 0x0025, 0x13e5: 0x0027, 0x13e6: 0x0029, 0x13e7: 0x002b, 0x13e8: 0x002d, 0x13e9: 0x002f,
-	0x13ea: 0x0031, 0x13eb: 0x0033, 0x13ec: 0x0021, 0x13ed: 0x0023, 0x13ee: 0x0025, 0x13ef: 0x0027,
-	0x13f0: 0x0029, 0x13f1: 0x002b, 0x13f2: 0x002d, 0x13f3: 0x002f, 0x13f4: 0x0031, 0x13f5: 0x0033,
-	0x13f6: 0x0021, 0x13f7: 0x0023, 0x13f8: 0x0025, 0x13f9: 0x0027, 0x13fa: 0x0029, 0x13fb: 0x002b,
-	0x13fc: 0x002d, 0x13fd: 0x002f, 0x13fe: 0x0031, 0x13ff: 0x0033,
-	// Block 0x50, offset 0x1400
-	0x1400: 0x0239, 0x1401: 0x023c, 0x1402: 0x0248, 0x1403: 0x0251, 0x1405: 0x028a,
-	0x1406: 0x025a, 0x1407: 0x024b, 0x1408: 0x0269, 0x1409: 0x0290, 0x140a: 0x027b, 0x140b: 0x027e,
-	0x140c: 0x0281, 0x140d: 0x0284, 0x140e: 0x025d, 0x140f: 0x026f, 0x1410: 0x0275, 0x1411: 0x0263,
-	0x1412: 0x0278, 0x1413: 0x0257, 0x1414: 0x0260, 0x1415: 0x0242, 0x1416: 0x0245, 0x1417: 0x024e,
-	0x1418: 0x0254, 0x1419: 0x0266, 0x141a: 0x026c, 0x141b: 0x0272, 0x141c: 0x0293, 0x141d: 0x02e4,
-	0x141e: 0x02cc, 0x141f: 0x0296, 0x1421: 0x023c, 0x1422: 0x0248,
-	0x1424: 0x0287, 0x1427: 0x024b, 0x1429: 0x0290,
-	0x142a: 0x027b, 0x142b: 0x027e, 0x142c: 0x0281, 0x142d: 0x0284, 0x142e: 0x025d, 0x142f: 0x026f,
-	0x1430: 0x0275, 0x1431: 0x0263, 0x1432: 0x0278, 0x1434: 0x0260, 0x1435: 0x0242,
-	0x1436: 0x0245, 0x1437: 0x024e, 0x1439: 0x0266, 0x143b: 0x0272,
-	// Block 0x51, offset 0x1440
-	0x1442: 0x0248,
-	0x1447: 0x024b, 0x1449: 0x0290, 0x144b: 0x027e,
-	0x144d: 0x0284, 0x144e: 0x025d, 0x144f: 0x026f, 0x1451: 0x0263,
-	0x1452: 0x0278, 0x1454: 0x0260, 0x1457: 0x024e,
-	0x1459: 0x0266, 0x145b: 0x0272, 0x145d: 0x02e4,
-	0x145f: 0x0296, 0x1461: 0x023c, 0x1462: 0x0248,
-	0x1464: 0x0287, 0x1467: 0x024b, 0x1468: 0x0269, 0x1469: 0x0290,
-	0x146a: 0x027b, 0x146c: 0x0281, 0x146d: 0x0284, 0x146e: 0x025d, 0x146f: 0x026f,
-	0x1470: 0x0275, 0x1471: 0x0263, 0x1472: 0x0278, 0x1474: 0x0260, 0x1475: 0x0242,
-	0x1476: 0x0245, 0x1477: 0x024e, 0x1479: 0x0266, 0x147a: 0x026c, 0x147b: 0x0272,
-	0x147c: 0x0293, 0x147e: 0x02cc,
-	// Block 0x52, offset 0x1480
-	0x1480: 0x0239, 0x1481: 0x023c, 0x1482: 0x0248, 0x1483: 0x0251, 0x1484: 0x0287, 0x1485: 0x028a,
-	0x1486: 0x025a, 0x1487: 0x024b, 0x1488: 0x0269, 0x1489: 0x0290, 0x148b: 0x027e,
-	0x148c: 0x0281, 0x148d: 0x0284, 0x148e: 0x025d, 0x148f: 0x026f, 0x1490: 0x0275, 0x1491: 0x0263,
-	0x1492: 0x0278, 0x1493: 0x0257, 0x1494: 0x0260, 0x1495: 0x0242, 0x1496: 0x0245, 0x1497: 0x024e,
-	0x1498: 0x0254, 0x1499: 0x0266, 0x149a: 0x026c, 0x149b: 0x0272,
-	0x14a1: 0x023c, 0x14a2: 0x0248, 0x14a3: 0x0251,
-	0x14a5: 0x028a, 0x14a6: 0x025a, 0x14a7: 0x024b, 0x14a8: 0x0269, 0x14a9: 0x0290,
-	0x14ab: 0x027e, 0x14ac: 0x0281, 0x14ad: 0x0284, 0x14ae: 0x025d, 0x14af: 0x026f,
-	0x14b0: 0x0275, 0x14b1: 0x0263, 0x14b2: 0x0278, 0x14b3: 0x0257, 0x14b4: 0x0260, 0x14b5: 0x0242,
-	0x14b6: 0x0245, 0x14b7: 0x024e, 0x14b8: 0x0254, 0x14b9: 0x0266, 0x14ba: 0x026c, 0x14bb: 0x0272,
-	// Block 0x53, offset 0x14c0
-	0x14c0: 0x1879, 0x14c1: 0x1876, 0x14c2: 0x187c, 0x14c3: 0x18a0, 0x14c4: 0x18c4, 0x14c5: 0x18e8,
-	0x14c6: 0x190c, 0x14c7: 0x1915, 0x14c8: 0x191b, 0x14c9: 0x1921, 0x14ca: 0x1927,
-	0x14d0: 0x1a8c, 0x14d1: 0x1a90,
-	0x14d2: 0x1a94, 0x14d3: 0x1a98, 0x14d4: 0x1a9c, 0x14d5: 0x1aa0, 0x14d6: 0x1aa4, 0x14d7: 0x1aa8,
-	0x14d8: 0x1aac, 0x14d9: 0x1ab0, 0x14da: 0x1ab4, 0x14db: 0x1ab8, 0x14dc: 0x1abc, 0x14dd: 0x1ac0,
-	0x14de: 0x1ac4, 0x14df: 0x1ac8, 0x14e0: 0x1acc, 0x14e1: 0x1ad0, 0x14e2: 0x1ad4, 0x14e3: 0x1ad8,
-	0x14e4: 0x1adc, 0x14e5: 0x1ae0, 0x14e6: 0x1ae4, 0x14e7: 0x1ae8, 0x14e8: 0x1aec, 0x14e9: 0x1af0,
-	0x14ea: 0x271e, 0x14eb: 0x0047, 0x14ec: 0x0065, 0x14ed: 0x193c, 0x14ee: 0x19b1,
-	0x14f0: 0x0043, 0x14f1: 0x0045, 0x14f2: 0x0047, 0x14f3: 0x0049, 0x14f4: 0x004b, 0x14f5: 0x004d,
-	0x14f6: 0x004f, 0x14f7: 0x0051, 0x14f8: 0x0053, 0x14f9: 0x0055, 0x14fa: 0x0057, 0x14fb: 0x0059,
-	0x14fc: 0x005b, 0x14fd: 0x005d, 0x14fe: 0x005f, 0x14ff: 0x0061,
-	// Block 0x54, offset 0x1500
-	0x1500: 0x26ad, 0x1501: 0x26c2, 0x1502: 0x0503,
-	0x1510: 0x0c0f, 0x1511: 0x0a47,
-	0x1512: 0x08d3, 0x1513: 0x45c4, 0x1514: 0x071b, 0x1515: 0x09ef, 0x1516: 0x132f, 0x1517: 0x09ff,
-	0x1518: 0x0727, 0x1519: 0x0cd7, 0x151a: 0x0eaf, 0x151b: 0x0caf, 0x151c: 0x0827, 0x151d: 0x0b6b,
-	0x151e: 0x07bf, 0x151f: 0x0cb7, 0x1520: 0x0813, 0x1521: 0x1117, 0x1522: 0x0f83, 0x1523: 0x138b,
-	0x1524: 0x09d3, 0x1525: 0x090b, 0x1526: 0x0e63, 0x1527: 0x0c1b, 0x1528: 0x0c47, 0x1529: 0x06bf,
-	0x152a: 0x06cb, 0x152b: 0x140b, 0x152c: 0x0adb, 0x152d: 0x06e7, 0x152e: 0x08ef, 0x152f: 0x0c3b,
-	0x1530: 0x13b3, 0x1531: 0x0c13, 0x1532: 0x106f, 0x1533: 0x10ab, 0x1534: 0x08f7, 0x1535: 0x0e43,
-	0x1536: 0x0d0b, 0x1537: 0x0d07, 0x1538: 0x0f97, 0x1539: 0x082b, 0x153a: 0x0957, 0x153b: 0x1443,
-	// Block 0x55, offset 0x1540
-	0x1540: 0x06fb, 0x1541: 0x06f3, 0x1542: 0x0703, 0x1543: 0x1647, 0x1544: 0x0747, 0x1545: 0x0757,
-	0x1546: 0x075b, 0x1547: 0x0763, 0x1548: 0x076b, 0x1549: 0x076f, 0x154a: 0x077b, 0x154b: 0x0773,
-	0x154c: 0x05b3, 0x154d: 0x165b, 0x154e: 0x078f, 0x154f: 0x0793, 0x1550: 0x0797, 0x1551: 0x07b3,
-	0x1552: 0x164c, 0x1553: 0x05b7, 0x1554: 0x079f, 0x1555: 0x07bf, 0x1556: 0x1656, 0x1557: 0x07cf,
-	0x1558: 0x07d7, 0x1559: 0x0737, 0x155a: 0x07df, 0x155b: 0x07e3, 0x155c: 0x1831, 0x155d: 0x07ff,
-	0x155e: 0x0807, 0x155f: 0x05bf, 0x1560: 0x081f, 0x1561: 0x0823, 0x1562: 0x082b, 0x1563: 0x082f,
-	0x1564: 0x05c3, 0x1565: 0x0847, 0x1566: 0x084b, 0x1567: 0x0857, 0x1568: 0x0863, 0x1569: 0x0867,
-	0x156a: 0x086b, 0x156b: 0x0873, 0x156c: 0x0893, 0x156d: 0x0897, 0x156e: 0x089f, 0x156f: 0x08af,
-	0x1570: 0x08b7, 0x1571: 0x08bb, 0x1572: 0x08bb, 0x1573: 0x08bb, 0x1574: 0x166a, 0x1575: 0x0e93,
-	0x1576: 0x08cf, 0x1577: 0x08d7, 0x1578: 0x166f, 0x1579: 0x08e3, 0x157a: 0x08eb, 0x157b: 0x08f3,
-	0x157c: 0x091b, 0x157d: 0x0907, 0x157e: 0x0913, 0x157f: 0x0917,
-	// Block 0x56, offset 0x1580
-	0x1580: 0x091f, 0x1581: 0x0927, 0x1582: 0x092b, 0x1583: 0x0933, 0x1584: 0x093b, 0x1585: 0x093f,
-	0x1586: 0x093f, 0x1587: 0x0947, 0x1588: 0x094f, 0x1589: 0x0953, 0x158a: 0x095f, 0x158b: 0x0983,
-	0x158c: 0x0967, 0x158d: 0x0987, 0x158e: 0x096b, 0x158f: 0x0973, 0x1590: 0x080b, 0x1591: 0x09cf,
-	0x1592: 0x0997, 0x1593: 0x099b, 0x1594: 0x099f, 0x1595: 0x0993, 0x1596: 0x09a7, 0x1597: 0x09a3,
-	0x1598: 0x09bb, 0x1599: 0x1674, 0x159a: 0x09d7, 0x159b: 0x09db, 0x159c: 0x09e3, 0x159d: 0x09ef,
-	0x159e: 0x09f7, 0x159f: 0x0a13, 0x15a0: 0x1679, 0x15a1: 0x167e, 0x15a2: 0x0a1f, 0x15a3: 0x0a23,
-	0x15a4: 0x0a27, 0x15a5: 0x0a1b, 0x15a6: 0x0a2f, 0x15a7: 0x05c7, 0x15a8: 0x05cb, 0x15a9: 0x0a37,
-	0x15aa: 0x0a3f, 0x15ab: 0x0a3f, 0x15ac: 0x1683, 0x15ad: 0x0a5b, 0x15ae: 0x0a5f, 0x15af: 0x0a63,
-	0x15b0: 0x0a6b, 0x15b1: 0x1688, 0x15b2: 0x0a73, 0x15b3: 0x0a77, 0x15b4: 0x0b4f, 0x15b5: 0x0a7f,
-	0x15b6: 0x05cf, 0x15b7: 0x0a8b, 0x15b8: 0x0a9b, 0x15b9: 0x0aa7, 0x15ba: 0x0aa3, 0x15bb: 0x1692,
-	0x15bc: 0x0aaf, 0x15bd: 0x1697, 0x15be: 0x0abb, 0x15bf: 0x0ab7,
-	// Block 0x57, offset 0x15c0
-	0x15c0: 0x0abf, 0x15c1: 0x0acf, 0x15c2: 0x0ad3, 0x15c3: 0x05d3, 0x15c4: 0x0ae3, 0x15c5: 0x0aeb,
-	0x15c6: 0x0aef, 0x15c7: 0x0af3, 0x15c8: 0x05d7, 0x15c9: 0x169c, 0x15ca: 0x05db, 0x15cb: 0x0b0f,
-	0x15cc: 0x0b13, 0x15cd: 0x0b17, 0x15ce: 0x0b1f, 0x15cf: 0x1863, 0x15d0: 0x0b37, 0x15d1: 0x16a6,
-	0x15d2: 0x16a6, 0x15d3: 0x11d7, 0x15d4: 0x0b47, 0x15d5: 0x0b47, 0x15d6: 0x05df, 0x15d7: 0x16c9,
-	0x15d8: 0x179b, 0x15d9: 0x0b57, 0x15da: 0x0b5f, 0x15db: 0x05e3, 0x15dc: 0x0b73, 0x15dd: 0x0b83,
-	0x15de: 0x0b87, 0x15df: 0x0b8f, 0x15e0: 0x0b9f, 0x15e1: 0x05eb, 0x15e2: 0x05e7, 0x15e3: 0x0ba3,
-	0x15e4: 0x16ab, 0x15e5: 0x0ba7, 0x15e6: 0x0bbb, 0x15e7: 0x0bbf, 0x15e8: 0x0bc3, 0x15e9: 0x0bbf,
-	0x15ea: 0x0bcf, 0x15eb: 0x0bd3, 0x15ec: 0x0be3, 0x15ed: 0x0bdb, 0x15ee: 0x0bdf, 0x15ef: 0x0be7,
-	0x15f0: 0x0beb, 0x15f1: 0x0bef, 0x15f2: 0x0bfb, 0x15f3: 0x0bff, 0x15f4: 0x0c17, 0x15f5: 0x0c1f,
-	0x15f6: 0x0c2f, 0x15f7: 0x0c43, 0x15f8: 0x16ba, 0x15f9: 0x0c3f, 0x15fa: 0x0c33, 0x15fb: 0x0c4b,
-	0x15fc: 0x0c53, 0x15fd: 0x0c67, 0x15fe: 0x16bf, 0x15ff: 0x0c6f,
-	// Block 0x58, offset 0x1600
-	0x1600: 0x0c63, 0x1601: 0x0c5b, 0x1602: 0x05ef, 0x1603: 0x0c77, 0x1604: 0x0c7f, 0x1605: 0x0c87,
-	0x1606: 0x0c7b, 0x1607: 0x05f3, 0x1608: 0x0c97, 0x1609: 0x0c9f, 0x160a: 0x16c4, 0x160b: 0x0ccb,
-	0x160c: 0x0cff, 0x160d: 0x0cdb, 0x160e: 0x05ff, 0x160f: 0x0ce7, 0x1610: 0x05fb, 0x1611: 0x05f7,
-	0x1612: 0x07c3, 0x1613: 0x07c7, 0x1614: 0x0d03, 0x1615: 0x0ceb, 0x1616: 0x11ab, 0x1617: 0x0663,
-	0x1618: 0x0d0f, 0x1619: 0x0d13, 0x161a: 0x0d17, 0x161b: 0x0d2b, 0x161c: 0x0d23, 0x161d: 0x16dd,
-	0x161e: 0x0603, 0x161f: 0x0d3f, 0x1620: 0x0d33, 0x1621: 0x0d4f, 0x1622: 0x0d57, 0x1623: 0x16e7,
-	0x1624: 0x0d5b, 0x1625: 0x0d47, 0x1626: 0x0d63, 0x1627: 0x0607, 0x1628: 0x0d67, 0x1629: 0x0d6b,
-	0x162a: 0x0d6f, 0x162b: 0x0d7b, 0x162c: 0x16ec, 0x162d: 0x0d83, 0x162e: 0x060b, 0x162f: 0x0d8f,
-	0x1630: 0x16f1, 0x1631: 0x0d93, 0x1632: 0x060f, 0x1633: 0x0d9f, 0x1634: 0x0dab, 0x1635: 0x0db7,
-	0x1636: 0x0dbb, 0x1637: 0x16f6, 0x1638: 0x168d, 0x1639: 0x16fb, 0x163a: 0x0ddb, 0x163b: 0x1700,
-	0x163c: 0x0de7, 0x163d: 0x0def, 0x163e: 0x0ddf, 0x163f: 0x0dfb,
-	// Block 0x59, offset 0x1640
-	0x1640: 0x0e0b, 0x1641: 0x0e1b, 0x1642: 0x0e0f, 0x1643: 0x0e13, 0x1644: 0x0e1f, 0x1645: 0x0e23,
-	0x1646: 0x1705, 0x1647: 0x0e07, 0x1648: 0x0e3b, 0x1649: 0x0e3f, 0x164a: 0x0613, 0x164b: 0x0e53,
-	0x164c: 0x0e4f, 0x164d: 0x170a, 0x164e: 0x0e33, 0x164f: 0x0e6f, 0x1650: 0x170f, 0x1651: 0x1714,
-	0x1652: 0x0e73, 0x1653: 0x0e87, 0x1654: 0x0e83, 0x1655: 0x0e7f, 0x1656: 0x0617, 0x1657: 0x0e8b,
-	0x1658: 0x0e9b, 0x1659: 0x0e97, 0x165a: 0x0ea3, 0x165b: 0x1651, 0x165c: 0x0eb3, 0x165d: 0x1719,
-	0x165e: 0x0ebf, 0x165f: 0x1723, 0x1660: 0x0ed3, 0x1661: 0x0edf, 0x1662: 0x0ef3, 0x1663: 0x1728,
-	0x1664: 0x0f07, 0x1665: 0x0f0b, 0x1666: 0x172d, 0x1667: 0x1732, 0x1668: 0x0f27, 0x1669: 0x0f37,
-	0x166a: 0x061b, 0x166b: 0x0f3b, 0x166c: 0x061f, 0x166d: 0x061f, 0x166e: 0x0f53, 0x166f: 0x0f57,
-	0x1670: 0x0f5f, 0x1671: 0x0f63, 0x1672: 0x0f6f, 0x1673: 0x0623, 0x1674: 0x0f87, 0x1675: 0x1737,
-	0x1676: 0x0fa3, 0x1677: 0x173c, 0x1678: 0x0faf, 0x1679: 0x16a1, 0x167a: 0x0fbf, 0x167b: 0x1741,
-	0x167c: 0x1746, 0x167d: 0x174b, 0x167e: 0x0627, 0x167f: 0x062b,
-	// Block 0x5a, offset 0x1680
-	0x1680: 0x0ff7, 0x1681: 0x1755, 0x1682: 0x1750, 0x1683: 0x175a, 0x1684: 0x175f, 0x1685: 0x0fff,
-	0x1686: 0x1003, 0x1687: 0x1003, 0x1688: 0x100b, 0x1689: 0x0633, 0x168a: 0x100f, 0x168b: 0x0637,
-	0x168c: 0x063b, 0x168d: 0x1769, 0x168e: 0x1023, 0x168f: 0x102b, 0x1690: 0x1037, 0x1691: 0x063f,
-	0x1692: 0x176e, 0x1693: 0x105b, 0x1694: 0x1773, 0x1695: 0x1778, 0x1696: 0x107b, 0x1697: 0x1093,
-	0x1698: 0x0643, 0x1699: 0x109b, 0x169a: 0x109f, 0x169b: 0x10a3, 0x169c: 0x177d, 0x169d: 0x1782,
-	0x169e: 0x1782, 0x169f: 0x10bb, 0x16a0: 0x0647, 0x16a1: 0x1787, 0x16a2: 0x10cf, 0x16a3: 0x10d3,
-	0x16a4: 0x064b, 0x16a5: 0x178c, 0x16a6: 0x10ef, 0x16a7: 0x064f, 0x16a8: 0x10ff, 0x16a9: 0x10f7,
-	0x16aa: 0x1107, 0x16ab: 0x1796, 0x16ac: 0x111f, 0x16ad: 0x0653, 0x16ae: 0x112b, 0x16af: 0x1133,
-	0x16b0: 0x1143, 0x16b1: 0x0657, 0x16b2: 0x17a0, 0x16b3: 0x17a5, 0x16b4: 0x065b, 0x16b5: 0x17aa,
-	0x16b6: 0x115b, 0x16b7: 0x17af, 0x16b8: 0x1167, 0x16b9: 0x1173, 0x16ba: 0x117b, 0x16bb: 0x17b4,
-	0x16bc: 0x17b9, 0x16bd: 0x118f, 0x16be: 0x17be, 0x16bf: 0x1197,
-	// Block 0x5b, offset 0x16c0
-	0x16c0: 0x16ce, 0x16c1: 0x065f, 0x16c2: 0x11af, 0x16c3: 0x11b3, 0x16c4: 0x0667, 0x16c5: 0x11b7,
-	0x16c6: 0x0a33, 0x16c7: 0x17c3, 0x16c8: 0x17c8, 0x16c9: 0x16d3, 0x16ca: 0x16d8, 0x16cb: 0x11d7,
-	0x16cc: 0x11db, 0x16cd: 0x13f3, 0x16ce: 0x066b, 0x16cf: 0x1207, 0x16d0: 0x1203, 0x16d1: 0x120b,
-	0x16d2: 0x083f, 0x16d3: 0x120f, 0x16d4: 0x1213, 0x16d5: 0x1217, 0x16d6: 0x121f, 0x16d7: 0x17cd,
-	0x16d8: 0x121b, 0x16d9: 0x1223, 0x16da: 0x1237, 0x16db: 0x123b, 0x16dc: 0x1227, 0x16dd: 0x123f,
-	0x16de: 0x1253, 0x16df: 0x1267, 0x16e0: 0x1233, 0x16e1: 0x1247, 0x16e2: 0x124b, 0x16e3: 0x124f,
-	0x16e4: 0x17d2, 0x16e5: 0x17dc, 0x16e6: 0x17d7, 0x16e7: 0x066f, 0x16e8: 0x126f, 0x16e9: 0x1273,
-	0x16ea: 0x127b, 0x16eb: 0x17f0, 0x16ec: 0x127f, 0x16ed: 0x17e1, 0x16ee: 0x0673, 0x16ef: 0x0677,
-	0x16f0: 0x17e6, 0x16f1: 0x17eb, 0x16f2: 0x067b, 0x16f3: 0x129f, 0x16f4: 0x12a3, 0x16f5: 0x12a7,
-	0x16f6: 0x12ab, 0x16f7: 0x12b7, 0x16f8: 0x12b3, 0x16f9: 0x12bf, 0x16fa: 0x12bb, 0x16fb: 0x12cb,
-	0x16fc: 0x12c3, 0x16fd: 0x12c7, 0x16fe: 0x12cf, 0x16ff: 0x067f,
-	// Block 0x5c, offset 0x1700
-	0x1700: 0x12d7, 0x1701: 0x12db, 0x1702: 0x0683, 0x1703: 0x12eb, 0x1704: 0x12ef, 0x1705: 0x17f5,
-	0x1706: 0x12fb, 0x1707: 0x12ff, 0x1708: 0x0687, 0x1709: 0x130b, 0x170a: 0x05bb, 0x170b: 0x17fa,
-	0x170c: 0x17ff, 0x170d: 0x068b, 0x170e: 0x068f, 0x170f: 0x1337, 0x1710: 0x134f, 0x1711: 0x136b,
-	0x1712: 0x137b, 0x1713: 0x1804, 0x1714: 0x138f, 0x1715: 0x1393, 0x1716: 0x13ab, 0x1717: 0x13b7,
-	0x1718: 0x180e, 0x1719: 0x1660, 0x171a: 0x13c3, 0x171b: 0x13bf, 0x171c: 0x13cb, 0x171d: 0x1665,
-	0x171e: 0x13d7, 0x171f: 0x13e3, 0x1720: 0x1813, 0x1721: 0x1818, 0x1722: 0x1423, 0x1723: 0x142f,
-	0x1724: 0x1437, 0x1725: 0x181d, 0x1726: 0x143b, 0x1727: 0x1467, 0x1728: 0x1473, 0x1729: 0x1477,
-	0x172a: 0x146f, 0x172b: 0x1483, 0x172c: 0x1487, 0x172d: 0x1822, 0x172e: 0x1493, 0x172f: 0x0693,
-	0x1730: 0x149b, 0x1731: 0x1827, 0x1732: 0x0697, 0x1733: 0x14d3, 0x1734: 0x0ac3, 0x1735: 0x14eb,
-	0x1736: 0x182c, 0x1737: 0x1836, 0x1738: 0x069b, 0x1739: 0x069f, 0x173a: 0x1513, 0x173b: 0x183b,
-	0x173c: 0x06a3, 0x173d: 0x1840, 0x173e: 0x152b, 0x173f: 0x152b,
-	// Block 0x5d, offset 0x1740
-	0x1740: 0x1533, 0x1741: 0x1845, 0x1742: 0x154b, 0x1743: 0x06a7, 0x1744: 0x155b, 0x1745: 0x1567,
-	0x1746: 0x156f, 0x1747: 0x1577, 0x1748: 0x06ab, 0x1749: 0x184a, 0x174a: 0x158b, 0x174b: 0x15a7,
-	0x174c: 0x15b3, 0x174d: 0x06af, 0x174e: 0x06b3, 0x174f: 0x15b7, 0x1750: 0x184f, 0x1751: 0x06b7,
-	0x1752: 0x1854, 0x1753: 0x1859, 0x1754: 0x185e, 0x1755: 0x15db, 0x1756: 0x06bb, 0x1757: 0x15ef,
-	0x1758: 0x15f7, 0x1759: 0x15fb, 0x175a: 0x1603, 0x175b: 0x160b, 0x175c: 0x1613, 0x175d: 0x1868,
-}
-
-// nfkcIndex: 22 blocks, 1408 entries, 1408 bytes
-// Block 0 is the zero block.
-var nfkcIndex = [1408]uint8{
-	// Block 0x0, offset 0x0
-	// Block 0x1, offset 0x40
-	// Block 0x2, offset 0x80
-	// Block 0x3, offset 0xc0
-	0xc2: 0x5c, 0xc3: 0x01, 0xc4: 0x02, 0xc5: 0x03, 0xc6: 0x5d, 0xc7: 0x04,
-	0xc8: 0x05, 0xca: 0x5e, 0xcb: 0x5f, 0xcc: 0x06, 0xcd: 0x07, 0xce: 0x08, 0xcf: 0x09,
-	0xd0: 0x0a, 0xd1: 0x60, 0xd2: 0x61, 0xd3: 0x0b, 0xd6: 0x0c, 0xd7: 0x62,
-	0xd8: 0x63, 0xd9: 0x0d, 0xdb: 0x64, 0xdc: 0x65, 0xdd: 0x66, 0xdf: 0x67,
-	0xe0: 0x02, 0xe1: 0x03, 0xe2: 0x04, 0xe3: 0x05,
-	0xea: 0x06, 0xeb: 0x07, 0xec: 0x08, 0xed: 0x09, 0xef: 0x0a,
-	0xf0: 0x13,
-	// Block 0x4, offset 0x100
-	0x120: 0x68, 0x121: 0x69, 0x123: 0x0e, 0x124: 0x6a, 0x125: 0x6b, 0x126: 0x6c, 0x127: 0x6d,
-	0x128: 0x6e, 0x129: 0x6f, 0x12a: 0x70, 0x12b: 0x71, 0x12c: 0x6c, 0x12d: 0x72, 0x12e: 0x73, 0x12f: 0x74,
-	0x131: 0x75, 0x132: 0x76, 0x133: 0x77, 0x134: 0x78, 0x135: 0x79, 0x137: 0x7a,
-	0x138: 0x7b, 0x139: 0x7c, 0x13a: 0x7d, 0x13b: 0x7e, 0x13c: 0x7f, 0x13d: 0x80, 0x13e: 0x81, 0x13f: 0x82,
-	// Block 0x5, offset 0x140
-	0x140: 0x83, 0x142: 0x84, 0x143: 0x85, 0x144: 0x86, 0x145: 0x87, 0x146: 0x88, 0x147: 0x89,
-	0x14d: 0x8a,
-	0x15c: 0x8b, 0x15f: 0x8c,
-	0x162: 0x8d, 0x164: 0x8e,
-	0x168: 0x8f, 0x169: 0x90, 0x16a: 0x91, 0x16c: 0x0f, 0x16d: 0x92, 0x16e: 0x93, 0x16f: 0x94,
-	0x170: 0x95, 0x173: 0x96, 0x174: 0x97, 0x175: 0x10, 0x176: 0x11, 0x177: 0x12,
-	0x178: 0x13, 0x179: 0x14, 0x17a: 0x15, 0x17b: 0x16, 0x17c: 0x17, 0x17d: 0x18, 0x17e: 0x19, 0x17f: 0x1a,
-	// Block 0x6, offset 0x180
-	0x180: 0x98, 0x181: 0x99, 0x182: 0x9a, 0x183: 0x9b, 0x184: 0x1b, 0x185: 0x1c, 0x186: 0x9c, 0x187: 0x9d,
-	0x188: 0x9e, 0x189: 0x1d, 0x18a: 0x1e, 0x18b: 0x9f, 0x18c: 0xa0,
-	0x191: 0x1f, 0x192: 0x20, 0x193: 0xa1,
-	0x1a8: 0xa2, 0x1a9: 0xa3, 0x1ab: 0xa4,
-	0x1b1: 0xa5, 0x1b3: 0xa6, 0x1b5: 0xa7, 0x1b7: 0xa8,
-	0x1ba: 0xa9, 0x1bb: 0xaa, 0x1bc: 0x21, 0x1bd: 0x22, 0x1be: 0x23, 0x1bf: 0xab,
-	// Block 0x7, offset 0x1c0
-	0x1c0: 0xac, 0x1c1: 0x24, 0x1c2: 0x25, 0x1c3: 0x26, 0x1c4: 0xad, 0x1c5: 0x27, 0x1c6: 0x28,
-	0x1c8: 0x29, 0x1c9: 0x2a, 0x1ca: 0x2b, 0x1cb: 0x2c, 0x1cc: 0x2d, 0x1cd: 0x2e, 0x1ce: 0x2f, 0x1cf: 0x30,
-	// Block 0x8, offset 0x200
-	0x219: 0xae, 0x21a: 0xaf, 0x21b: 0xb0, 0x21d: 0xb1, 0x21f: 0xb2,
-	0x220: 0xb3, 0x223: 0xb4, 0x224: 0xb5, 0x225: 0xb6, 0x226: 0xb7, 0x227: 0xb8,
-	0x22a: 0xb9, 0x22b: 0xba, 0x22d: 0xbb, 0x22f: 0xbc,
-	0x230: 0xbd, 0x231: 0xbe, 0x232: 0xbf, 0x233: 0xc0, 0x234: 0xc1, 0x235: 0xc2, 0x236: 0xc3, 0x237: 0xbd,
-	0x238: 0xbe, 0x239: 0xbf, 0x23a: 0xc0, 0x23b: 0xc1, 0x23c: 0xc2, 0x23d: 0xc3, 0x23e: 0xbd, 0x23f: 0xbe,
-	// Block 0x9, offset 0x240
-	0x240: 0xbf, 0x241: 0xc0, 0x242: 0xc1, 0x243: 0xc2, 0x244: 0xc3, 0x245: 0xbd, 0x246: 0xbe, 0x247: 0xbf,
-	0x248: 0xc0, 0x249: 0xc1, 0x24a: 0xc2, 0x24b: 0xc3, 0x24c: 0xbd, 0x24d: 0xbe, 0x24e: 0xbf, 0x24f: 0xc0,
-	0x250: 0xc1, 0x251: 0xc2, 0x252: 0xc3, 0x253: 0xbd, 0x254: 0xbe, 0x255: 0xbf, 0x256: 0xc0, 0x257: 0xc1,
-	0x258: 0xc2, 0x259: 0xc3, 0x25a: 0xbd, 0x25b: 0xbe, 0x25c: 0xbf, 0x25d: 0xc0, 0x25e: 0xc1, 0x25f: 0xc2,
-	0x260: 0xc3, 0x261: 0xbd, 0x262: 0xbe, 0x263: 0xbf, 0x264: 0xc0, 0x265: 0xc1, 0x266: 0xc2, 0x267: 0xc3,
-	0x268: 0xbd, 0x269: 0xbe, 0x26a: 0xbf, 0x26b: 0xc0, 0x26c: 0xc1, 0x26d: 0xc2, 0x26e: 0xc3, 0x26f: 0xbd,
-	0x270: 0xbe, 0x271: 0xbf, 0x272: 0xc0, 0x273: 0xc1, 0x274: 0xc2, 0x275: 0xc3, 0x276: 0xbd, 0x277: 0xbe,
-	0x278: 0xbf, 0x279: 0xc0, 0x27a: 0xc1, 0x27b: 0xc2, 0x27c: 0xc3, 0x27d: 0xbd, 0x27e: 0xbe, 0x27f: 0xbf,
-	// Block 0xa, offset 0x280
-	0x280: 0xc0, 0x281: 0xc1, 0x282: 0xc2, 0x283: 0xc3, 0x284: 0xbd, 0x285: 0xbe, 0x286: 0xbf, 0x287: 0xc0,
-	0x288: 0xc1, 0x289: 0xc2, 0x28a: 0xc3, 0x28b: 0xbd, 0x28c: 0xbe, 0x28d: 0xbf, 0x28e: 0xc0, 0x28f: 0xc1,
-	0x290: 0xc2, 0x291: 0xc3, 0x292: 0xbd, 0x293: 0xbe, 0x294: 0xbf, 0x295: 0xc0, 0x296: 0xc1, 0x297: 0xc2,
-	0x298: 0xc3, 0x299: 0xbd, 0x29a: 0xbe, 0x29b: 0xbf, 0x29c: 0xc0, 0x29d: 0xc1, 0x29e: 0xc2, 0x29f: 0xc3,
-	0x2a0: 0xbd, 0x2a1: 0xbe, 0x2a2: 0xbf, 0x2a3: 0xc0, 0x2a4: 0xc1, 0x2a5: 0xc2, 0x2a6: 0xc3, 0x2a7: 0xbd,
-	0x2a8: 0xbe, 0x2a9: 0xbf, 0x2aa: 0xc0, 0x2ab: 0xc1, 0x2ac: 0xc2, 0x2ad: 0xc3, 0x2ae: 0xbd, 0x2af: 0xbe,
-	0x2b0: 0xbf, 0x2b1: 0xc0, 0x2b2: 0xc1, 0x2b3: 0xc2, 0x2b4: 0xc3, 0x2b5: 0xbd, 0x2b6: 0xbe, 0x2b7: 0xbf,
-	0x2b8: 0xc0, 0x2b9: 0xc1, 0x2ba: 0xc2, 0x2bb: 0xc3, 0x2bc: 0xbd, 0x2bd: 0xbe, 0x2be: 0xbf, 0x2bf: 0xc0,
-	// Block 0xb, offset 0x2c0
-	0x2c0: 0xc1, 0x2c1: 0xc2, 0x2c2: 0xc3, 0x2c3: 0xbd, 0x2c4: 0xbe, 0x2c5: 0xbf, 0x2c6: 0xc0, 0x2c7: 0xc1,
-	0x2c8: 0xc2, 0x2c9: 0xc3, 0x2ca: 0xbd, 0x2cb: 0xbe, 0x2cc: 0xbf, 0x2cd: 0xc0, 0x2ce: 0xc1, 0x2cf: 0xc2,
-	0x2d0: 0xc3, 0x2d1: 0xbd, 0x2d2: 0xbe, 0x2d3: 0xbf, 0x2d4: 0xc0, 0x2d5: 0xc1, 0x2d6: 0xc2, 0x2d7: 0xc3,
-	0x2d8: 0xbd, 0x2d9: 0xbe, 0x2da: 0xbf, 0x2db: 0xc0, 0x2dc: 0xc1, 0x2dd: 0xc2, 0x2de: 0xc4,
-	// Block 0xc, offset 0x300
-	0x324: 0x31, 0x325: 0x32, 0x326: 0x33, 0x327: 0x34,
-	0x328: 0x35, 0x329: 0x36, 0x32a: 0x37, 0x32b: 0x38, 0x32c: 0x39, 0x32d: 0x3a, 0x32e: 0x3b, 0x32f: 0x3c,
-	0x330: 0x3d, 0x331: 0x3e, 0x332: 0x3f, 0x333: 0x40, 0x334: 0x41, 0x335: 0x42, 0x336: 0x43, 0x337: 0x44,
-	0x338: 0x45, 0x339: 0x46, 0x33a: 0x47, 0x33b: 0x48, 0x33c: 0xc5, 0x33d: 0x49, 0x33e: 0x4a, 0x33f: 0x4b,
-	// Block 0xd, offset 0x340
-	0x347: 0xc6,
-	0x34b: 0xc7, 0x34d: 0xc8,
-	0x368: 0xc9, 0x36b: 0xca,
-	0x374: 0xcb,
-	0x37d: 0xcc,
-	// Block 0xe, offset 0x380
-	0x381: 0xcd, 0x382: 0xce, 0x384: 0xcf, 0x385: 0xb7, 0x387: 0xd0,
-	0x388: 0xd1, 0x38b: 0xd2, 0x38c: 0xd3, 0x38d: 0xd4,
-	0x391: 0xd5, 0x392: 0xd6, 0x393: 0xd7, 0x396: 0xd8, 0x397: 0xd9,
-	0x398: 0xda, 0x39a: 0xdb, 0x39c: 0xdc,
-	0x3a0: 0xdd,
-	0x3a8: 0xde, 0x3a9: 0xdf, 0x3aa: 0xe0,
-	0x3b0: 0xda, 0x3b5: 0xe1, 0x3b6: 0xe2,
-	// Block 0xf, offset 0x3c0
-	0x3eb: 0xe3, 0x3ec: 0xe4,
-	// Block 0x10, offset 0x400
-	0x432: 0xe5,
-	// Block 0x11, offset 0x440
-	0x445: 0xe6, 0x446: 0xe7, 0x447: 0xe8,
-	0x449: 0xe9,
-	0x450: 0xea, 0x451: 0xeb, 0x452: 0xec, 0x453: 0xed, 0x454: 0xee, 0x455: 0xef, 0x456: 0xf0, 0x457: 0xf1,
-	0x458: 0xf2, 0x459: 0xf3, 0x45a: 0x4c, 0x45b: 0xf4, 0x45c: 0xf5, 0x45d: 0xf6, 0x45e: 0xf7, 0x45f: 0x4d,
-	// Block 0x12, offset 0x480
-	0x480: 0xf8,
-	0x4a3: 0xf9, 0x4a5: 0xfa,
-	0x4b8: 0x4e, 0x4b9: 0x4f, 0x4ba: 0x50,
-	// Block 0x13, offset 0x4c0
-	0x4c4: 0x51, 0x4c5: 0xfb, 0x4c6: 0xfc,
-	0x4c8: 0x52, 0x4c9: 0xfd,
-	// Block 0x14, offset 0x500
-	0x520: 0x53, 0x521: 0x54, 0x522: 0x55, 0x523: 0x56, 0x524: 0x57, 0x525: 0x58, 0x526: 0x59, 0x527: 0x5a,
-	0x528: 0x5b,
-	// Block 0x15, offset 0x540
-	0x550: 0x0b, 0x551: 0x0c, 0x556: 0x0d,
-	0x55b: 0x0e, 0x55d: 0x0f, 0x55e: 0x10, 0x55f: 0x11,
-	0x56f: 0x12,
-}
-
-// nfkcSparseOffset: 162 entries, 324 bytes
-var nfkcSparseOffset = []uint16{0x0, 0xe, 0x12, 0x1b, 0x25, 0x35, 0x37, 0x3c, 0x47, 0x56, 0x63, 0x6b, 0x70, 0x75, 0x77, 0x7f, 0x86, 0x89, 0x91, 0x95, 0x99, 0x9b, 0x9d, 0xa6, 0xaa, 0xb1, 0xb6, 0xb9, 0xc3, 0xc6, 0xcd, 0xd5, 0xd9, 0xdb, 0xde, 0xe2, 0xe8, 0xf9, 0x105, 0x107, 0x10d, 0x10f, 0x111, 0x113, 0x115, 0x117, 0x119, 0x11b, 0x11e, 0x121, 0x123, 0x126, 0x129, 0x12d, 0x132, 0x13b, 0x13d, 0x140, 0x142, 0x14d, 0x158, 0x166, 0x174, 0x184, 0x192, 0x199, 0x19f, 0x1ae, 0x1b2, 0x1b4, 0x1b8, 0x1ba, 0x1bd, 0x1bf, 0x1c2, 0x1c4, 0x1c7, 0x1c9, 0x1cb, 0x1cd, 0x1d9, 0x1e3, 0x1ed, 0x1f0, 0x1f4, 0x1f6, 0x1f8, 0x1fa, 0x1fc, 0x1ff, 0x201, 0x203, 0x205, 0x207, 0x20d, 0x210, 0x214, 0x216, 0x21d, 0x223, 0x229, 0x231, 0x237, 0x23d, 0x243, 0x247, 0x249, 0x24b, 0x24d, 0x24f, 0x255, 0x258, 0x25a, 0x260, 0x263, 0x26b, 0x272, 0x275, 0x278, 0x27a, 0x27d, 0x285, 0x289, 0x290, 0x293, 0x299, 0x29b, 0x29d, 0x2a0, 0x2a2, 0x2a5, 0x2a7, 0x2a9, 0x2ab, 0x2ae, 0x2b0, 0x2b2, 0x2b4, 0x2b6, 0x2c3, 0x2cd, 0x2cf, 0x2d1, 0x2d5, 0x2da, 0x2e6, 0x2eb, 0x2f4, 0x2fa, 0x2ff, 0x303, 0x308, 0x30c, 0x31c, 0x32a, 0x338, 0x346, 0x34c, 0x34e, 0x351, 0x35b, 0x35d}
-
-// nfkcSparseValues: 871 entries, 3484 bytes
-var nfkcSparseValues = [871]valueRange{
-	// Block 0x0, offset 0x0
-	{value: 0x0002, lo: 0x0d},
-	{value: 0x0001, lo: 0xa0, hi: 0xa0},
-	{value: 0x4278, lo: 0xa8, hi: 0xa8},
-	{value: 0x0083, lo: 0xaa, hi: 0xaa},
-	{value: 0x4264, lo: 0xaf, hi: 0xaf},
-	{value: 0x0025, lo: 0xb2, hi: 0xb3},
-	{value: 0x425a, lo: 0xb4, hi: 0xb4},
-	{value: 0x01dc, lo: 0xb5, hi: 0xb5},
-	{value: 0x4291, lo: 0xb8, hi: 0xb8},
-	{value: 0x0023, lo: 0xb9, hi: 0xb9},
-	{value: 0x009f, lo: 0xba, hi: 0xba},
-	{value: 0x221c, lo: 0xbc, hi: 0xbc},
-	{value: 0x2210, lo: 0xbd, hi: 0xbd},
-	{value: 0x22b2, lo: 0xbe, hi: 0xbe},
-	// Block 0x1, offset 0xe
-	{value: 0x0091, lo: 0x03},
-	{value: 0x46e2, lo: 0xa0, hi: 0xa1},
-	{value: 0x4714, lo: 0xaf, hi: 0xb0},
-	{value: 0xa000, lo: 0xb7, hi: 0xb7},
-	// Block 0x2, offset 0x12
-	{value: 0x0003, lo: 0x08},
-	{value: 0xa000, lo: 0x92, hi: 0x92},
-	{value: 0x0091, lo: 0xb0, hi: 0xb0},
-	{value: 0x0119, lo: 0xb1, hi: 0xb1},
-	{value: 0x0095, lo: 0xb2, hi: 0xb2},
-	{value: 0x00a5, lo: 0xb3, hi: 0xb3},
-	{value: 0x0143, lo: 0xb4, hi: 0xb6},
-	{value: 0x00af, lo: 0xb7, hi: 0xb7},
-	{value: 0x00b3, lo: 0xb8, hi: 0xb8},
-	// Block 0x3, offset 0x1b
-	{value: 0x000a, lo: 0x09},
-	{value: 0x426e, lo: 0x98, hi: 0x98},
-	{value: 0x4273, lo: 0x99, hi: 0x9a},
-	{value: 0x4296, lo: 0x9b, hi: 0x9b},
-	{value: 0x425f, lo: 0x9c, hi: 0x9c},
-	{value: 0x4282, lo: 0x9d, hi: 0x9d},
-	{value: 0x0113, lo: 0xa0, hi: 0xa0},
-	{value: 0x0099, lo: 0xa1, hi: 0xa1},
-	{value: 0x00a7, lo: 0xa2, hi: 0xa3},
-	{value: 0x0167, lo: 0xa4, hi: 0xa4},
-	// Block 0x4, offset 0x25
-	{value: 0x0000, lo: 0x0f},
-	{value: 0xa000, lo: 0x83, hi: 0x83},
-	{value: 0xa000, lo: 0x87, hi: 0x87},
-	{value: 0xa000, lo: 0x8b, hi: 0x8b},
-	{value: 0xa000, lo: 0x8d, hi: 0x8d},
-	{value: 0x37a5, lo: 0x90, hi: 0x90},
-	{value: 0x37b1, lo: 0x91, hi: 0x91},
-	{value: 0x379f, lo: 0x93, hi: 0x93},
-	{value: 0xa000, lo: 0x96, hi: 0x96},
-	{value: 0x3817, lo: 0x97, hi: 0x97},
-	{value: 0x37e1, lo: 0x9c, hi: 0x9c},
-	{value: 0x37c9, lo: 0x9d, hi: 0x9d},
-	{value: 0x37f3, lo: 0x9e, hi: 0x9e},
-	{value: 0xa000, lo: 0xb4, hi: 0xb5},
-	{value: 0x381d, lo: 0xb6, hi: 0xb6},
-	{value: 0x3823, lo: 0xb7, hi: 0xb7},
-	// Block 0x5, offset 0x35
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8132, lo: 0x83, hi: 0x87},
-	// Block 0x6, offset 0x37
-	{value: 0x0001, lo: 0x04},
-	{value: 0x8113, lo: 0x81, hi: 0x82},
-	{value: 0x8132, lo: 0x84, hi: 0x84},
-	{value: 0x812d, lo: 0x85, hi: 0x85},
-	{value: 0x810d, lo: 0x87, hi: 0x87},
-	// Block 0x7, offset 0x3c
-	{value: 0x0000, lo: 0x0a},
-	{value: 0x8132, lo: 0x90, hi: 0x97},
-	{value: 0x8119, lo: 0x98, hi: 0x98},
-	{value: 0x811a, lo: 0x99, hi: 0x99},
-	{value: 0x811b, lo: 0x9a, hi: 0x9a},
-	{value: 0x3841, lo: 0xa2, hi: 0xa2},
-	{value: 0x3847, lo: 0xa3, hi: 0xa3},
-	{value: 0x3853, lo: 0xa4, hi: 0xa4},
-	{value: 0x384d, lo: 0xa5, hi: 0xa5},
-	{value: 0x3859, lo: 0xa6, hi: 0xa6},
-	{value: 0xa000, lo: 0xa7, hi: 0xa7},
-	// Block 0x8, offset 0x47
-	{value: 0x0000, lo: 0x0e},
-	{value: 0x386b, lo: 0x80, hi: 0x80},
-	{value: 0xa000, lo: 0x81, hi: 0x81},
-	{value: 0x385f, lo: 0x82, hi: 0x82},
-	{value: 0xa000, lo: 0x92, hi: 0x92},
-	{value: 0x3865, lo: 0x93, hi: 0x93},
-	{value: 0xa000, lo: 0x95, hi: 0x95},
-	{value: 0x8132, lo: 0x96, hi: 0x9c},
-	{value: 0x8132, lo: 0x9f, hi: 0xa2},
-	{value: 0x812d, lo: 0xa3, hi: 0xa3},
-	{value: 0x8132, lo: 0xa4, hi: 0xa4},
-	{value: 0x8132, lo: 0xa7, hi: 0xa8},
-	{value: 0x812d, lo: 0xaa, hi: 0xaa},
-	{value: 0x8132, lo: 0xab, hi: 0xac},
-	{value: 0x812d, lo: 0xad, hi: 0xad},
-	// Block 0x9, offset 0x56
-	{value: 0x0000, lo: 0x0c},
-	{value: 0x811f, lo: 0x91, hi: 0x91},
-	{value: 0x8132, lo: 0xb0, hi: 0xb0},
-	{value: 0x812d, lo: 0xb1, hi: 0xb1},
-	{value: 0x8132, lo: 0xb2, hi: 0xb3},
-	{value: 0x812d, lo: 0xb4, hi: 0xb4},
-	{value: 0x8132, lo: 0xb5, hi: 0xb6},
-	{value: 0x812d, lo: 0xb7, hi: 0xb9},
-	{value: 0x8132, lo: 0xba, hi: 0xba},
-	{value: 0x812d, lo: 0xbb, hi: 0xbc},
-	{value: 0x8132, lo: 0xbd, hi: 0xbd},
-	{value: 0x812d, lo: 0xbe, hi: 0xbe},
-	{value: 0x8132, lo: 0xbf, hi: 0xbf},
-	// Block 0xa, offset 0x63
-	{value: 0x0005, lo: 0x07},
-	{value: 0x8132, lo: 0x80, hi: 0x80},
-	{value: 0x8132, lo: 0x81, hi: 0x81},
-	{value: 0x812d, lo: 0x82, hi: 0x83},
-	{value: 0x812d, lo: 0x84, hi: 0x85},
-	{value: 0x812d, lo: 0x86, hi: 0x87},
-	{value: 0x812d, lo: 0x88, hi: 0x89},
-	{value: 0x8132, lo: 0x8a, hi: 0x8a},
-	// Block 0xb, offset 0x6b
-	{value: 0x0000, lo: 0x04},
-	{value: 0x8132, lo: 0xab, hi: 0xb1},
-	{value: 0x812d, lo: 0xb2, hi: 0xb2},
-	{value: 0x8132, lo: 0xb3, hi: 0xb3},
-	{value: 0x812d, lo: 0xbd, hi: 0xbd},
-	// Block 0xc, offset 0x70
-	{value: 0x0000, lo: 0x04},
-	{value: 0x8132, lo: 0x96, hi: 0x99},
-	{value: 0x8132, lo: 0x9b, hi: 0xa3},
-	{value: 0x8132, lo: 0xa5, hi: 0xa7},
-	{value: 0x8132, lo: 0xa9, hi: 0xad},
-	// Block 0xd, offset 0x75
-	{value: 0x0000, lo: 0x01},
-	{value: 0x812d, lo: 0x99, hi: 0x9b},
-	// Block 0xe, offset 0x77
-	{value: 0x0000, lo: 0x07},
-	{value: 0xa000, lo: 0xa8, hi: 0xa8},
-	{value: 0x3ed8, lo: 0xa9, hi: 0xa9},
-	{value: 0xa000, lo: 0xb0, hi: 0xb0},
-	{value: 0x3ee0, lo: 0xb1, hi: 0xb1},
-	{value: 0xa000, lo: 0xb3, hi: 0xb3},
-	{value: 0x3ee8, lo: 0xb4, hi: 0xb4},
-	{value: 0x9902, lo: 0xbc, hi: 0xbc},
-	// Block 0xf, offset 0x7f
-	{value: 0x0008, lo: 0x06},
-	{value: 0x8104, lo: 0x8d, hi: 0x8d},
-	{value: 0x8132, lo: 0x91, hi: 0x91},
-	{value: 0x812d, lo: 0x92, hi: 0x92},
-	{value: 0x8132, lo: 0x93, hi: 0x93},
-	{value: 0x8132, lo: 0x94, hi: 0x94},
-	{value: 0x451c, lo: 0x98, hi: 0x9f},
-	// Block 0x10, offset 0x86
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8102, lo: 0xbc, hi: 0xbc},
-	{value: 0x9900, lo: 0xbe, hi: 0xbe},
-	// Block 0x11, offset 0x89
-	{value: 0x0008, lo: 0x07},
-	{value: 0xa000, lo: 0x87, hi: 0x87},
-	{value: 0x2c9e, lo: 0x8b, hi: 0x8c},
-	{value: 0x8104, lo: 0x8d, hi: 0x8d},
-	{value: 0x9900, lo: 0x97, hi: 0x97},
-	{value: 0x455c, lo: 0x9c, hi: 0x9d},
-	{value: 0x456c, lo: 0x9f, hi: 0x9f},
-	{value: 0x8132, lo: 0xbe, hi: 0xbe},
-	// Block 0x12, offset 0x91
-	{value: 0x0000, lo: 0x03},
-	{value: 0x4594, lo: 0xb3, hi: 0xb3},
-	{value: 0x459c, lo: 0xb6, hi: 0xb6},
-	{value: 0x8102, lo: 0xbc, hi: 0xbc},
-	// Block 0x13, offset 0x95
-	{value: 0x0008, lo: 0x03},
-	{value: 0x8104, lo: 0x8d, hi: 0x8d},
-	{value: 0x4574, lo: 0x99, hi: 0x9b},
-	{value: 0x458c, lo: 0x9e, hi: 0x9e},
-	// Block 0x14, offset 0x99
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8102, lo: 0xbc, hi: 0xbc},
-	// Block 0x15, offset 0x9b
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0x8d, hi: 0x8d},
-	// Block 0x16, offset 0x9d
-	{value: 0x0000, lo: 0x08},
-	{value: 0xa000, lo: 0x87, hi: 0x87},
-	{value: 0x2cb6, lo: 0x88, hi: 0x88},
-	{value: 0x2cae, lo: 0x8b, hi: 0x8b},
-	{value: 0x2cbe, lo: 0x8c, hi: 0x8c},
-	{value: 0x8104, lo: 0x8d, hi: 0x8d},
-	{value: 0x9900, lo: 0x96, hi: 0x97},
-	{value: 0x45a4, lo: 0x9c, hi: 0x9c},
-	{value: 0x45ac, lo: 0x9d, hi: 0x9d},
-	// Block 0x17, offset 0xa6
-	{value: 0x0000, lo: 0x03},
-	{value: 0xa000, lo: 0x92, hi: 0x92},
-	{value: 0x2cc6, lo: 0x94, hi: 0x94},
-	{value: 0x9900, lo: 0xbe, hi: 0xbe},
-	// Block 0x18, offset 0xaa
-	{value: 0x0000, lo: 0x06},
-	{value: 0xa000, lo: 0x86, hi: 0x87},
-	{value: 0x2cce, lo: 0x8a, hi: 0x8a},
-	{value: 0x2cde, lo: 0x8b, hi: 0x8b},
-	{value: 0x2cd6, lo: 0x8c, hi: 0x8c},
-	{value: 0x8104, lo: 0x8d, hi: 0x8d},
-	{value: 0x9900, lo: 0x97, hi: 0x97},
-	// Block 0x19, offset 0xb1
-	{value: 0x1801, lo: 0x04},
-	{value: 0xa000, lo: 0x86, hi: 0x86},
-	{value: 0x3ef0, lo: 0x88, hi: 0x88},
-	{value: 0x8104, lo: 0x8d, hi: 0x8d},
-	{value: 0x8120, lo: 0x95, hi: 0x96},
-	// Block 0x1a, offset 0xb6
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8102, lo: 0xbc, hi: 0xbc},
-	{value: 0xa000, lo: 0xbf, hi: 0xbf},
-	// Block 0x1b, offset 0xb9
-	{value: 0x0000, lo: 0x09},
-	{value: 0x2ce6, lo: 0x80, hi: 0x80},
-	{value: 0x9900, lo: 0x82, hi: 0x82},
-	{value: 0xa000, lo: 0x86, hi: 0x86},
-	{value: 0x2cee, lo: 0x87, hi: 0x87},
-	{value: 0x2cf6, lo: 0x88, hi: 0x88},
-	{value: 0x2f50, lo: 0x8a, hi: 0x8a},
-	{value: 0x2dd8, lo: 0x8b, hi: 0x8b},
-	{value: 0x8104, lo: 0x8d, hi: 0x8d},
-	{value: 0x9900, lo: 0x95, hi: 0x96},
-	// Block 0x1c, offset 0xc3
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8104, lo: 0xbb, hi: 0xbc},
-	{value: 0x9900, lo: 0xbe, hi: 0xbe},
-	// Block 0x1d, offset 0xc6
-	{value: 0x0000, lo: 0x06},
-	{value: 0xa000, lo: 0x86, hi: 0x87},
-	{value: 0x2cfe, lo: 0x8a, hi: 0x8a},
-	{value: 0x2d0e, lo: 0x8b, hi: 0x8b},
-	{value: 0x2d06, lo: 0x8c, hi: 0x8c},
-	{value: 0x8104, lo: 0x8d, hi: 0x8d},
-	{value: 0x9900, lo: 0x97, hi: 0x97},
-	// Block 0x1e, offset 0xcd
-	{value: 0x6bea, lo: 0x07},
-	{value: 0x9904, lo: 0x8a, hi: 0x8a},
-	{value: 0x9900, lo: 0x8f, hi: 0x8f},
-	{value: 0xa000, lo: 0x99, hi: 0x99},
-	{value: 0x3ef8, lo: 0x9a, hi: 0x9a},
-	{value: 0x2f58, lo: 0x9c, hi: 0x9c},
-	{value: 0x2de3, lo: 0x9d, hi: 0x9d},
-	{value: 0x2d16, lo: 0x9e, hi: 0x9f},
-	// Block 0x1f, offset 0xd5
-	{value: 0x0000, lo: 0x03},
-	{value: 0x2621, lo: 0xb3, hi: 0xb3},
-	{value: 0x8122, lo: 0xb8, hi: 0xb9},
-	{value: 0x8104, lo: 0xba, hi: 0xba},
-	// Block 0x20, offset 0xd9
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8123, lo: 0x88, hi: 0x8b},
-	// Block 0x21, offset 0xdb
-	{value: 0x0000, lo: 0x02},
-	{value: 0x2636, lo: 0xb3, hi: 0xb3},
-	{value: 0x8124, lo: 0xb8, hi: 0xb9},
-	// Block 0x22, offset 0xde
-	{value: 0x0000, lo: 0x03},
-	{value: 0x8125, lo: 0x88, hi: 0x8b},
-	{value: 0x2628, lo: 0x9c, hi: 0x9c},
-	{value: 0x262f, lo: 0x9d, hi: 0x9d},
-	// Block 0x23, offset 0xe2
-	{value: 0x0000, lo: 0x05},
-	{value: 0x030b, lo: 0x8c, hi: 0x8c},
-	{value: 0x812d, lo: 0x98, hi: 0x99},
-	{value: 0x812d, lo: 0xb5, hi: 0xb5},
-	{value: 0x812d, lo: 0xb7, hi: 0xb7},
-	{value: 0x812b, lo: 0xb9, hi: 0xb9},
-	// Block 0x24, offset 0xe8
-	{value: 0x0000, lo: 0x10},
-	{value: 0x2644, lo: 0x83, hi: 0x83},
-	{value: 0x264b, lo: 0x8d, hi: 0x8d},
-	{value: 0x2652, lo: 0x92, hi: 0x92},
-	{value: 0x2659, lo: 0x97, hi: 0x97},
-	{value: 0x2660, lo: 0x9c, hi: 0x9c},
-	{value: 0x263d, lo: 0xa9, hi: 0xa9},
-	{value: 0x8126, lo: 0xb1, hi: 0xb1},
-	{value: 0x8127, lo: 0xb2, hi: 0xb2},
-	{value: 0x4a84, lo: 0xb3, hi: 0xb3},
-	{value: 0x8128, lo: 0xb4, hi: 0xb4},
-	{value: 0x4a8d, lo: 0xb5, hi: 0xb5},
-	{value: 0x45b4, lo: 0xb6, hi: 0xb6},
-	{value: 0x45f4, lo: 0xb7, hi: 0xb7},
-	{value: 0x45bc, lo: 0xb8, hi: 0xb8},
-	{value: 0x45ff, lo: 0xb9, hi: 0xb9},
-	{value: 0x8127, lo: 0xba, hi: 0xbd},
-	// Block 0x25, offset 0xf9
-	{value: 0x0000, lo: 0x0b},
-	{value: 0x8127, lo: 0x80, hi: 0x80},
-	{value: 0x4a96, lo: 0x81, hi: 0x81},
-	{value: 0x8132, lo: 0x82, hi: 0x83},
-	{value: 0x8104, lo: 0x84, hi: 0x84},
-	{value: 0x8132, lo: 0x86, hi: 0x87},
-	{value: 0x266e, lo: 0x93, hi: 0x93},
-	{value: 0x2675, lo: 0x9d, hi: 0x9d},
-	{value: 0x267c, lo: 0xa2, hi: 0xa2},
-	{value: 0x2683, lo: 0xa7, hi: 0xa7},
-	{value: 0x268a, lo: 0xac, hi: 0xac},
-	{value: 0x2667, lo: 0xb9, hi: 0xb9},
-	// Block 0x26, offset 0x105
-	{value: 0x0000, lo: 0x01},
-	{value: 0x812d, lo: 0x86, hi: 0x86},
-	// Block 0x27, offset 0x107
-	{value: 0x0000, lo: 0x05},
-	{value: 0xa000, lo: 0xa5, hi: 0xa5},
-	{value: 0x2d1e, lo: 0xa6, hi: 0xa6},
-	{value: 0x9900, lo: 0xae, hi: 0xae},
-	{value: 0x8102, lo: 0xb7, hi: 0xb7},
-	{value: 0x8104, lo: 0xb9, hi: 0xba},
-	// Block 0x28, offset 0x10d
-	{value: 0x0000, lo: 0x01},
-	{value: 0x812d, lo: 0x8d, hi: 0x8d},
-	// Block 0x29, offset 0x10f
-	{value: 0x0000, lo: 0x01},
-	{value: 0x030f, lo: 0xbc, hi: 0xbc},
-	// Block 0x2a, offset 0x111
-	{value: 0x0000, lo: 0x01},
-	{value: 0xa000, lo: 0x80, hi: 0x92},
-	// Block 0x2b, offset 0x113
-	{value: 0x0000, lo: 0x01},
-	{value: 0xb900, lo: 0xa1, hi: 0xb5},
-	// Block 0x2c, offset 0x115
-	{value: 0x0000, lo: 0x01},
-	{value: 0x9900, lo: 0xa8, hi: 0xbf},
-	// Block 0x2d, offset 0x117
-	{value: 0x0000, lo: 0x01},
-	{value: 0x9900, lo: 0x80, hi: 0x82},
-	// Block 0x2e, offset 0x119
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8132, lo: 0x9d, hi: 0x9f},
-	// Block 0x2f, offset 0x11b
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8104, lo: 0x94, hi: 0x94},
-	{value: 0x8104, lo: 0xb4, hi: 0xb4},
-	// Block 0x30, offset 0x11e
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8104, lo: 0x92, hi: 0x92},
-	{value: 0x8132, lo: 0x9d, hi: 0x9d},
-	// Block 0x31, offset 0x121
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8131, lo: 0xa9, hi: 0xa9},
-	// Block 0x32, offset 0x123
-	{value: 0x0004, lo: 0x02},
-	{value: 0x812e, lo: 0xb9, hi: 0xba},
-	{value: 0x812d, lo: 0xbb, hi: 0xbb},
-	// Block 0x33, offset 0x126
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8132, lo: 0x97, hi: 0x97},
-	{value: 0x812d, lo: 0x98, hi: 0x98},
-	// Block 0x34, offset 0x129
-	{value: 0x0000, lo: 0x03},
-	{value: 0x8104, lo: 0xa0, hi: 0xa0},
-	{value: 0x8132, lo: 0xb5, hi: 0xbc},
-	{value: 0x812d, lo: 0xbf, hi: 0xbf},
-	// Block 0x35, offset 0x12d
-	{value: 0x0000, lo: 0x04},
-	{value: 0x8132, lo: 0xb0, hi: 0xb4},
-	{value: 0x812d, lo: 0xb5, hi: 0xba},
-	{value: 0x8132, lo: 0xbb, hi: 0xbc},
-	{value: 0x812d, lo: 0xbd, hi: 0xbd},
-	// Block 0x36, offset 0x132
-	{value: 0x0000, lo: 0x08},
-	{value: 0x2d66, lo: 0x80, hi: 0x80},
-	{value: 0x2d6e, lo: 0x81, hi: 0x81},
-	{value: 0xa000, lo: 0x82, hi: 0x82},
-	{value: 0x2d76, lo: 0x83, hi: 0x83},
-	{value: 0x8104, lo: 0x84, hi: 0x84},
-	{value: 0x8132, lo: 0xab, hi: 0xab},
-	{value: 0x812d, lo: 0xac, hi: 0xac},
-	{value: 0x8132, lo: 0xad, hi: 0xb3},
-	// Block 0x37, offset 0x13b
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0xaa, hi: 0xab},
-	// Block 0x38, offset 0x13d
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8102, lo: 0xa6, hi: 0xa6},
-	{value: 0x8104, lo: 0xb2, hi: 0xb3},
-	// Block 0x39, offset 0x140
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8102, lo: 0xb7, hi: 0xb7},
-	// Block 0x3a, offset 0x142
-	{value: 0x0000, lo: 0x0a},
-	{value: 0x8132, lo: 0x90, hi: 0x92},
-	{value: 0x8101, lo: 0x94, hi: 0x94},
-	{value: 0x812d, lo: 0x95, hi: 0x99},
-	{value: 0x8132, lo: 0x9a, hi: 0x9b},
-	{value: 0x812d, lo: 0x9c, hi: 0x9f},
-	{value: 0x8132, lo: 0xa0, hi: 0xa0},
-	{value: 0x8101, lo: 0xa2, hi: 0xa8},
-	{value: 0x812d, lo: 0xad, hi: 0xad},
-	{value: 0x8132, lo: 0xb4, hi: 0xb4},
-	{value: 0x8132, lo: 0xb8, hi: 0xb9},
-	// Block 0x3b, offset 0x14d
-	{value: 0x0002, lo: 0x0a},
-	{value: 0x0043, lo: 0xac, hi: 0xac},
-	{value: 0x00d1, lo: 0xad, hi: 0xad},
-	{value: 0x0045, lo: 0xae, hi: 0xae},
-	{value: 0x0049, lo: 0xb0, hi: 0xb1},
-	{value: 0x00e6, lo: 0xb2, hi: 0xb2},
-	{value: 0x004f, lo: 0xb3, hi: 0xba},
-	{value: 0x005f, lo: 0xbc, hi: 0xbc},
-	{value: 0x00ef, lo: 0xbd, hi: 0xbd},
-	{value: 0x0061, lo: 0xbe, hi: 0xbe},
-	{value: 0x0065, lo: 0xbf, hi: 0xbf},
-	// Block 0x3c, offset 0x158
-	{value: 0x0000, lo: 0x0d},
-	{value: 0x0001, lo: 0x80, hi: 0x8a},
-	{value: 0x043b, lo: 0x91, hi: 0x91},
-	{value: 0x429b, lo: 0x97, hi: 0x97},
-	{value: 0x001d, lo: 0xa4, hi: 0xa4},
-	{value: 0x1873, lo: 0xa5, hi: 0xa5},
-	{value: 0x1b5c, lo: 0xa6, hi: 0xa6},
-	{value: 0x0001, lo: 0xaf, hi: 0xaf},
-	{value: 0x2691, lo: 0xb3, hi: 0xb3},
-	{value: 0x27fe, lo: 0xb4, hi: 0xb4},
-	{value: 0x2698, lo: 0xb6, hi: 0xb6},
-	{value: 0x2808, lo: 0xb7, hi: 0xb7},
-	{value: 0x186d, lo: 0xbc, hi: 0xbc},
-	{value: 0x4269, lo: 0xbe, hi: 0xbe},
-	// Block 0x3d, offset 0x166
-	{value: 0x0002, lo: 0x0d},
-	{value: 0x1933, lo: 0x87, hi: 0x87},
-	{value: 0x1930, lo: 0x88, hi: 0x88},
-	{value: 0x1870, lo: 0x89, hi: 0x89},
-	{value: 0x298e, lo: 0x97, hi: 0x97},
-	{value: 0x0001, lo: 0x9f, hi: 0x9f},
-	{value: 0x0021, lo: 0xb0, hi: 0xb0},
-	{value: 0x0093, lo: 0xb1, hi: 0xb1},
-	{value: 0x0029, lo: 0xb4, hi: 0xb9},
-	{value: 0x0017, lo: 0xba, hi: 0xba},
-	{value: 0x0467, lo: 0xbb, hi: 0xbb},
-	{value: 0x003b, lo: 0xbc, hi: 0xbc},
-	{value: 0x0011, lo: 0xbd, hi: 0xbe},
-	{value: 0x009d, lo: 0xbf, hi: 0xbf},
-	// Block 0x3e, offset 0x174
-	{value: 0x0002, lo: 0x0f},
-	{value: 0x0021, lo: 0x80, hi: 0x89},
-	{value: 0x0017, lo: 0x8a, hi: 0x8a},
-	{value: 0x0467, lo: 0x8b, hi: 0x8b},
-	{value: 0x003b, lo: 0x8c, hi: 0x8c},
-	{value: 0x0011, lo: 0x8d, hi: 0x8e},
-	{value: 0x0083, lo: 0x90, hi: 0x90},
-	{value: 0x008b, lo: 0x91, hi: 0x91},
-	{value: 0x009f, lo: 0x92, hi: 0x92},
-	{value: 0x00b1, lo: 0x93, hi: 0x93},
-	{value: 0x0104, lo: 0x94, hi: 0x94},
-	{value: 0x0091, lo: 0x95, hi: 0x95},
-	{value: 0x0097, lo: 0x96, hi: 0x99},
-	{value: 0x00a1, lo: 0x9a, hi: 0x9a},
-	{value: 0x00a7, lo: 0x9b, hi: 0x9c},
-	{value: 0x1999, lo: 0xa8, hi: 0xa8},
-	// Block 0x3f, offset 0x184
-	{value: 0x0000, lo: 0x0d},
-	{value: 0x8132, lo: 0x90, hi: 0x91},
-	{value: 0x8101, lo: 0x92, hi: 0x93},
-	{value: 0x8132, lo: 0x94, hi: 0x97},
-	{value: 0x8101, lo: 0x98, hi: 0x9a},
-	{value: 0x8132, lo: 0x9b, hi: 0x9c},
-	{value: 0x8132, lo: 0xa1, hi: 0xa1},
-	{value: 0x8101, lo: 0xa5, hi: 0xa6},
-	{value: 0x8132, lo: 0xa7, hi: 0xa7},
-	{value: 0x812d, lo: 0xa8, hi: 0xa8},
-	{value: 0x8132, lo: 0xa9, hi: 0xa9},
-	{value: 0x8101, lo: 0xaa, hi: 0xab},
-	{value: 0x812d, lo: 0xac, hi: 0xaf},
-	{value: 0x8132, lo: 0xb0, hi: 0xb0},
-	// Block 0x40, offset 0x192
-	{value: 0x0007, lo: 0x06},
-	{value: 0x2180, lo: 0x89, hi: 0x89},
-	{value: 0xa000, lo: 0x90, hi: 0x90},
-	{value: 0xa000, lo: 0x92, hi: 0x92},
-	{value: 0xa000, lo: 0x94, hi: 0x94},
-	{value: 0x3bb9, lo: 0x9a, hi: 0x9b},
-	{value: 0x3bc7, lo: 0xae, hi: 0xae},
-	// Block 0x41, offset 0x199
-	{value: 0x000e, lo: 0x05},
-	{value: 0x3bce, lo: 0x8d, hi: 0x8e},
-	{value: 0x3bd5, lo: 0x8f, hi: 0x8f},
-	{value: 0xa000, lo: 0x90, hi: 0x90},
-	{value: 0xa000, lo: 0x92, hi: 0x92},
-	{value: 0xa000, lo: 0x94, hi: 0x94},
-	// Block 0x42, offset 0x19f
-	{value: 0x0173, lo: 0x0e},
-	{value: 0xa000, lo: 0x83, hi: 0x83},
-	{value: 0x3be3, lo: 0x84, hi: 0x84},
-	{value: 0xa000, lo: 0x88, hi: 0x88},
-	{value: 0x3bea, lo: 0x89, hi: 0x89},
-	{value: 0xa000, lo: 0x8b, hi: 0x8b},
-	{value: 0x3bf1, lo: 0x8c, hi: 0x8c},
-	{value: 0xa000, lo: 0xa3, hi: 0xa3},
-	{value: 0x3bf8, lo: 0xa4, hi: 0xa4},
-	{value: 0xa000, lo: 0xa5, hi: 0xa5},
-	{value: 0x3bff, lo: 0xa6, hi: 0xa6},
-	{value: 0x269f, lo: 0xac, hi: 0xad},
-	{value: 0x26a6, lo: 0xaf, hi: 0xaf},
-	{value: 0x281c, lo: 0xb0, hi: 0xb0},
-	{value: 0xa000, lo: 0xbc, hi: 0xbc},
-	// Block 0x43, offset 0x1ae
-	{value: 0x0007, lo: 0x03},
-	{value: 0x3c68, lo: 0xa0, hi: 0xa1},
-	{value: 0x3c92, lo: 0xa2, hi: 0xa3},
-	{value: 0x3cbc, lo: 0xaa, hi: 0xad},
-	// Block 0x44, offset 0x1b2
-	{value: 0x0004, lo: 0x01},
-	{value: 0x048b, lo: 0xa9, hi: 0xaa},
-	// Block 0x45, offset 0x1b4
-	{value: 0x0002, lo: 0x03},
-	{value: 0x0057, lo: 0x80, hi: 0x8f},
-	{value: 0x0083, lo: 0x90, hi: 0xa9},
-	{value: 0x0021, lo: 0xaa, hi: 0xaa},
-	// Block 0x46, offset 0x1b8
-	{value: 0x0000, lo: 0x01},
-	{value: 0x299b, lo: 0x8c, hi: 0x8c},
-	// Block 0x47, offset 0x1ba
-	{value: 0x0263, lo: 0x02},
-	{value: 0x1b8c, lo: 0xb4, hi: 0xb4},
-	{value: 0x192d, lo: 0xb5, hi: 0xb6},
-	// Block 0x48, offset 0x1bd
-	{value: 0x0000, lo: 0x01},
-	{value: 0x44dd, lo: 0x9c, hi: 0x9c},
-	// Block 0x49, offset 0x1bf
-	{value: 0x0000, lo: 0x02},
-	{value: 0x0095, lo: 0xbc, hi: 0xbc},
-	{value: 0x006d, lo: 0xbd, hi: 0xbd},
-	// Block 0x4a, offset 0x1c2
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8132, lo: 0xaf, hi: 0xb1},
-	// Block 0x4b, offset 0x1c4
-	{value: 0x0000, lo: 0x02},
-	{value: 0x047f, lo: 0xaf, hi: 0xaf},
-	{value: 0x8104, lo: 0xbf, hi: 0xbf},
-	// Block 0x4c, offset 0x1c7
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8132, lo: 0xa0, hi: 0xbf},
-	// Block 0x4d, offset 0x1c9
-	{value: 0x0000, lo: 0x01},
-	{value: 0x0dc3, lo: 0x9f, hi: 0x9f},
-	// Block 0x4e, offset 0x1cb
-	{value: 0x0000, lo: 0x01},
-	{value: 0x162f, lo: 0xb3, hi: 0xb3},
-	// Block 0x4f, offset 0x1cd
-	{value: 0x0004, lo: 0x0b},
-	{value: 0x1597, lo: 0x80, hi: 0x82},
-	{value: 0x15af, lo: 0x83, hi: 0x83},
-	{value: 0x15c7, lo: 0x84, hi: 0x85},
-	{value: 0x15d7, lo: 0x86, hi: 0x89},
-	{value: 0x15eb, lo: 0x8a, hi: 0x8c},
-	{value: 0x15ff, lo: 0x8d, hi: 0x8d},
-	{value: 0x1607, lo: 0x8e, hi: 0x8e},
-	{value: 0x160f, lo: 0x8f, hi: 0x90},
-	{value: 0x161b, lo: 0x91, hi: 0x93},
-	{value: 0x162b, lo: 0x94, hi: 0x94},
-	{value: 0x1633, lo: 0x95, hi: 0x95},
-	// Block 0x50, offset 0x1d9
-	{value: 0x0004, lo: 0x09},
-	{value: 0x0001, lo: 0x80, hi: 0x80},
-	{value: 0x812c, lo: 0xaa, hi: 0xaa},
-	{value: 0x8131, lo: 0xab, hi: 0xab},
-	{value: 0x8133, lo: 0xac, hi: 0xac},
-	{value: 0x812e, lo: 0xad, hi: 0xad},
-	{value: 0x812f, lo: 0xae, hi: 0xae},
-	{value: 0x812f, lo: 0xaf, hi: 0xaf},
-	{value: 0x04b3, lo: 0xb6, hi: 0xb6},
-	{value: 0x0887, lo: 0xb8, hi: 0xba},
-	// Block 0x51, offset 0x1e3
-	{value: 0x0006, lo: 0x09},
-	{value: 0x0313, lo: 0xb1, hi: 0xb1},
-	{value: 0x0317, lo: 0xb2, hi: 0xb2},
-	{value: 0x4a3b, lo: 0xb3, hi: 0xb3},
-	{value: 0x031b, lo: 0xb4, hi: 0xb4},
-	{value: 0x4a41, lo: 0xb5, hi: 0xb6},
-	{value: 0x031f, lo: 0xb7, hi: 0xb7},
-	{value: 0x0323, lo: 0xb8, hi: 0xb8},
-	{value: 0x0327, lo: 0xb9, hi: 0xb9},
-	{value: 0x4a4d, lo: 0xba, hi: 0xbf},
-	// Block 0x52, offset 0x1ed
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8132, lo: 0xaf, hi: 0xaf},
-	{value: 0x8132, lo: 0xb4, hi: 0xbd},
-	// Block 0x53, offset 0x1f0
-	{value: 0x0000, lo: 0x03},
-	{value: 0x020f, lo: 0x9c, hi: 0x9c},
-	{value: 0x0212, lo: 0x9d, hi: 0x9d},
-	{value: 0x8132, lo: 0x9e, hi: 0x9f},
-	// Block 0x54, offset 0x1f4
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8132, lo: 0xb0, hi: 0xb1},
-	// Block 0x55, offset 0x1f6
-	{value: 0x0000, lo: 0x01},
-	{value: 0x163b, lo: 0xb0, hi: 0xb0},
-	// Block 0x56, offset 0x1f8
-	{value: 0x000c, lo: 0x01},
-	{value: 0x00d7, lo: 0xb8, hi: 0xb9},
-	// Block 0x57, offset 0x1fa
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0x86, hi: 0x86},
-	// Block 0x58, offset 0x1fc
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8104, lo: 0x84, hi: 0x84},
-	{value: 0x8132, lo: 0xa0, hi: 0xb1},
-	// Block 0x59, offset 0x1ff
-	{value: 0x0000, lo: 0x01},
-	{value: 0x812d, lo: 0xab, hi: 0xad},
-	// Block 0x5a, offset 0x201
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0x93, hi: 0x93},
-	// Block 0x5b, offset 0x203
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8102, lo: 0xb3, hi: 0xb3},
-	// Block 0x5c, offset 0x205
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0x80, hi: 0x80},
-	// Block 0x5d, offset 0x207
-	{value: 0x0000, lo: 0x05},
-	{value: 0x8132, lo: 0xb0, hi: 0xb0},
-	{value: 0x8132, lo: 0xb2, hi: 0xb3},
-	{value: 0x812d, lo: 0xb4, hi: 0xb4},
-	{value: 0x8132, lo: 0xb7, hi: 0xb8},
-	{value: 0x8132, lo: 0xbe, hi: 0xbf},
-	// Block 0x5e, offset 0x20d
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8132, lo: 0x81, hi: 0x81},
-	{value: 0x8104, lo: 0xb6, hi: 0xb6},
-	// Block 0x5f, offset 0x210
-	{value: 0x0008, lo: 0x03},
-	{value: 0x1637, lo: 0x9c, hi: 0x9d},
-	{value: 0x0125, lo: 0x9e, hi: 0x9e},
-	{value: 0x1643, lo: 0x9f, hi: 0x9f},
-	// Block 0x60, offset 0x214
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0xad, hi: 0xad},
-	// Block 0x61, offset 0x216
-	{value: 0x0000, lo: 0x06},
-	{value: 0xe500, lo: 0x80, hi: 0x80},
-	{value: 0xc600, lo: 0x81, hi: 0x9b},
-	{value: 0xe500, lo: 0x9c, hi: 0x9c},
-	{value: 0xc600, lo: 0x9d, hi: 0xb7},
-	{value: 0xe500, lo: 0xb8, hi: 0xb8},
-	{value: 0xc600, lo: 0xb9, hi: 0xbf},
-	// Block 0x62, offset 0x21d
-	{value: 0x0000, lo: 0x05},
-	{value: 0xc600, lo: 0x80, hi: 0x93},
-	{value: 0xe500, lo: 0x94, hi: 0x94},
-	{value: 0xc600, lo: 0x95, hi: 0xaf},
-	{value: 0xe500, lo: 0xb0, hi: 0xb0},
-	{value: 0xc600, lo: 0xb1, hi: 0xbf},
-	// Block 0x63, offset 0x223
-	{value: 0x0000, lo: 0x05},
-	{value: 0xc600, lo: 0x80, hi: 0x8b},
-	{value: 0xe500, lo: 0x8c, hi: 0x8c},
-	{value: 0xc600, lo: 0x8d, hi: 0xa7},
-	{value: 0xe500, lo: 0xa8, hi: 0xa8},
-	{value: 0xc600, lo: 0xa9, hi: 0xbf},
-	// Block 0x64, offset 0x229
-	{value: 0x0000, lo: 0x07},
-	{value: 0xc600, lo: 0x80, hi: 0x83},
-	{value: 0xe500, lo: 0x84, hi: 0x84},
-	{value: 0xc600, lo: 0x85, hi: 0x9f},
-	{value: 0xe500, lo: 0xa0, hi: 0xa0},
-	{value: 0xc600, lo: 0xa1, hi: 0xbb},
-	{value: 0xe500, lo: 0xbc, hi: 0xbc},
-	{value: 0xc600, lo: 0xbd, hi: 0xbf},
-	// Block 0x65, offset 0x231
-	{value: 0x0000, lo: 0x05},
-	{value: 0xc600, lo: 0x80, hi: 0x97},
-	{value: 0xe500, lo: 0x98, hi: 0x98},
-	{value: 0xc600, lo: 0x99, hi: 0xb3},
-	{value: 0xe500, lo: 0xb4, hi: 0xb4},
-	{value: 0xc600, lo: 0xb5, hi: 0xbf},
-	// Block 0x66, offset 0x237
-	{value: 0x0000, lo: 0x05},
-	{value: 0xc600, lo: 0x80, hi: 0x8f},
-	{value: 0xe500, lo: 0x90, hi: 0x90},
-	{value: 0xc600, lo: 0x91, hi: 0xab},
-	{value: 0xe500, lo: 0xac, hi: 0xac},
-	{value: 0xc600, lo: 0xad, hi: 0xbf},
-	// Block 0x67, offset 0x23d
-	{value: 0x0000, lo: 0x05},
-	{value: 0xc600, lo: 0x80, hi: 0x87},
-	{value: 0xe500, lo: 0x88, hi: 0x88},
-	{value: 0xc600, lo: 0x89, hi: 0xa3},
-	{value: 0xe500, lo: 0xa4, hi: 0xa4},
-	{value: 0xc600, lo: 0xa5, hi: 0xbf},
-	// Block 0x68, offset 0x243
-	{value: 0x0000, lo: 0x03},
-	{value: 0xc600, lo: 0x80, hi: 0x87},
-	{value: 0xe500, lo: 0x88, hi: 0x88},
-	{value: 0xc600, lo: 0x89, hi: 0xa3},
-	// Block 0x69, offset 0x247
-	{value: 0x0002, lo: 0x01},
-	{value: 0x0003, lo: 0x81, hi: 0xbf},
-	// Block 0x6a, offset 0x249
-	{value: 0x0000, lo: 0x01},
-	{value: 0x812d, lo: 0xbd, hi: 0xbd},
-	// Block 0x6b, offset 0x24b
-	{value: 0x0000, lo: 0x01},
-	{value: 0x812d, lo: 0xa0, hi: 0xa0},
-	// Block 0x6c, offset 0x24d
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8132, lo: 0xb6, hi: 0xba},
-	// Block 0x6d, offset 0x24f
-	{value: 0x002c, lo: 0x05},
-	{value: 0x812d, lo: 0x8d, hi: 0x8d},
-	{value: 0x8132, lo: 0x8f, hi: 0x8f},
-	{value: 0x8132, lo: 0xb8, hi: 0xb8},
-	{value: 0x8101, lo: 0xb9, hi: 0xba},
-	{value: 0x8104, lo: 0xbf, hi: 0xbf},
-	// Block 0x6e, offset 0x255
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8132, lo: 0xa5, hi: 0xa5},
-	{value: 0x812d, lo: 0xa6, hi: 0xa6},
-	// Block 0x6f, offset 0x258
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8132, lo: 0xa4, hi: 0xa7},
-	// Block 0x70, offset 0x25a
-	{value: 0x0000, lo: 0x05},
-	{value: 0x812d, lo: 0x86, hi: 0x87},
-	{value: 0x8132, lo: 0x88, hi: 0x8a},
-	{value: 0x812d, lo: 0x8b, hi: 0x8b},
-	{value: 0x8132, lo: 0x8c, hi: 0x8c},
-	{value: 0x812d, lo: 0x8d, hi: 0x90},
-	// Block 0x71, offset 0x260
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8104, lo: 0x86, hi: 0x86},
-	{value: 0x8104, lo: 0xbf, hi: 0xbf},
-	// Block 0x72, offset 0x263
-	{value: 0x17fe, lo: 0x07},
-	{value: 0xa000, lo: 0x99, hi: 0x99},
-	{value: 0x4238, lo: 0x9a, hi: 0x9a},
-	{value: 0xa000, lo: 0x9b, hi: 0x9b},
-	{value: 0x4242, lo: 0x9c, hi: 0x9c},
-	{value: 0xa000, lo: 0xa5, hi: 0xa5},
-	{value: 0x424c, lo: 0xab, hi: 0xab},
-	{value: 0x8104, lo: 0xb9, hi: 0xba},
-	// Block 0x73, offset 0x26b
-	{value: 0x0000, lo: 0x06},
-	{value: 0x8132, lo: 0x80, hi: 0x82},
-	{value: 0x9900, lo: 0xa7, hi: 0xa7},
-	{value: 0x2d7e, lo: 0xae, hi: 0xae},
-	{value: 0x2d88, lo: 0xaf, hi: 0xaf},
-	{value: 0xa000, lo: 0xb1, hi: 0xb2},
-	{value: 0x8104, lo: 0xb3, hi: 0xb4},
-	// Block 0x74, offset 0x272
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8104, lo: 0x80, hi: 0x80},
-	{value: 0x8102, lo: 0x8a, hi: 0x8a},
-	// Block 0x75, offset 0x275
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8104, lo: 0xb5, hi: 0xb5},
-	{value: 0x8102, lo: 0xb6, hi: 0xb6},
-	// Block 0x76, offset 0x278
-	{value: 0x0002, lo: 0x01},
-	{value: 0x8102, lo: 0xa9, hi: 0xaa},
-	// Block 0x77, offset 0x27a
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8102, lo: 0xbb, hi: 0xbc},
-	{value: 0x9900, lo: 0xbe, hi: 0xbe},
-	// Block 0x78, offset 0x27d
-	{value: 0x0000, lo: 0x07},
-	{value: 0xa000, lo: 0x87, hi: 0x87},
-	{value: 0x2d92, lo: 0x8b, hi: 0x8b},
-	{value: 0x2d9c, lo: 0x8c, hi: 0x8c},
-	{value: 0x8104, lo: 0x8d, hi: 0x8d},
-	{value: 0x9900, lo: 0x97, hi: 0x97},
-	{value: 0x8132, lo: 0xa6, hi: 0xac},
-	{value: 0x8132, lo: 0xb0, hi: 0xb4},
-	// Block 0x79, offset 0x285
-	{value: 0x0000, lo: 0x03},
-	{value: 0x8104, lo: 0x82, hi: 0x82},
-	{value: 0x8102, lo: 0x86, hi: 0x86},
-	{value: 0x8132, lo: 0x9e, hi: 0x9e},
-	// Block 0x7a, offset 0x289
-	{value: 0x6b5a, lo: 0x06},
-	{value: 0x9900, lo: 0xb0, hi: 0xb0},
-	{value: 0xa000, lo: 0xb9, hi: 0xb9},
-	{value: 0x9900, lo: 0xba, hi: 0xba},
-	{value: 0x2db0, lo: 0xbb, hi: 0xbb},
-	{value: 0x2da6, lo: 0xbc, hi: 0xbd},
-	{value: 0x2dba, lo: 0xbe, hi: 0xbe},
-	// Block 0x7b, offset 0x290
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8104, lo: 0x82, hi: 0x82},
-	{value: 0x8102, lo: 0x83, hi: 0x83},
-	// Block 0x7c, offset 0x293
-	{value: 0x0000, lo: 0x05},
-	{value: 0x9900, lo: 0xaf, hi: 0xaf},
-	{value: 0xa000, lo: 0xb8, hi: 0xb9},
-	{value: 0x2dc4, lo: 0xba, hi: 0xba},
-	{value: 0x2dce, lo: 0xbb, hi: 0xbb},
-	{value: 0x8104, lo: 0xbf, hi: 0xbf},
-	// Block 0x7d, offset 0x299
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8102, lo: 0x80, hi: 0x80},
-	// Block 0x7e, offset 0x29b
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0xbf, hi: 0xbf},
-	// Block 0x7f, offset 0x29d
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8104, lo: 0xb6, hi: 0xb6},
-	{value: 0x8102, lo: 0xb7, hi: 0xb7},
-	// Block 0x80, offset 0x2a0
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0xab, hi: 0xab},
-	// Block 0x81, offset 0x2a2
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8104, lo: 0xb9, hi: 0xb9},
-	{value: 0x8102, lo: 0xba, hi: 0xba},
-	// Block 0x82, offset 0x2a5
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0xb4, hi: 0xb4},
-	// Block 0x83, offset 0x2a7
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0x87, hi: 0x87},
-	// Block 0x84, offset 0x2a9
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0x99, hi: 0x99},
-	// Block 0x85, offset 0x2ab
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8102, lo: 0x82, hi: 0x82},
-	{value: 0x8104, lo: 0x84, hi: 0x85},
-	// Block 0x86, offset 0x2ae
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8104, lo: 0x97, hi: 0x97},
-	// Block 0x87, offset 0x2b0
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8101, lo: 0xb0, hi: 0xb4},
-	// Block 0x88, offset 0x2b2
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8132, lo: 0xb0, hi: 0xb6},
-	// Block 0x89, offset 0x2b4
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8101, lo: 0x9e, hi: 0x9e},
-	// Block 0x8a, offset 0x2b6
-	{value: 0x0000, lo: 0x0c},
-	{value: 0x45cc, lo: 0x9e, hi: 0x9e},
-	{value: 0x45d6, lo: 0x9f, hi: 0x9f},
-	{value: 0x460a, lo: 0xa0, hi: 0xa0},
-	{value: 0x4618, lo: 0xa1, hi: 0xa1},
-	{value: 0x4626, lo: 0xa2, hi: 0xa2},
-	{value: 0x4634, lo: 0xa3, hi: 0xa3},
-	{value: 0x4642, lo: 0xa4, hi: 0xa4},
-	{value: 0x812b, lo: 0xa5, hi: 0xa6},
-	{value: 0x8101, lo: 0xa7, hi: 0xa9},
-	{value: 0x8130, lo: 0xad, hi: 0xad},
-	{value: 0x812b, lo: 0xae, hi: 0xb2},
-	{value: 0x812d, lo: 0xbb, hi: 0xbf},
-	// Block 0x8b, offset 0x2c3
-	{value: 0x0000, lo: 0x09},
-	{value: 0x812d, lo: 0x80, hi: 0x82},
-	{value: 0x8132, lo: 0x85, hi: 0x89},
-	{value: 0x812d, lo: 0x8a, hi: 0x8b},
-	{value: 0x8132, lo: 0xaa, hi: 0xad},
-	{value: 0x45e0, lo: 0xbb, hi: 0xbb},
-	{value: 0x45ea, lo: 0xbc, hi: 0xbc},
-	{value: 0x4650, lo: 0xbd, hi: 0xbd},
-	{value: 0x466c, lo: 0xbe, hi: 0xbe},
-	{value: 0x465e, lo: 0xbf, hi: 0xbf},
-	// Block 0x8c, offset 0x2cd
-	{value: 0x0000, lo: 0x01},
-	{value: 0x467a, lo: 0x80, hi: 0x80},
-	// Block 0x8d, offset 0x2cf
-	{value: 0x0000, lo: 0x01},
-	{value: 0x8132, lo: 0x82, hi: 0x84},
-	// Block 0x8e, offset 0x2d1
-	{value: 0x0002, lo: 0x03},
-	{value: 0x0043, lo: 0x80, hi: 0x99},
-	{value: 0x0083, lo: 0x9a, hi: 0xb3},
-	{value: 0x0043, lo: 0xb4, hi: 0xbf},
-	// Block 0x8f, offset 0x2d5
-	{value: 0x0002, lo: 0x04},
-	{value: 0x005b, lo: 0x80, hi: 0x8d},
-	{value: 0x0083, lo: 0x8e, hi: 0x94},
-	{value: 0x0093, lo: 0x96, hi: 0xa7},
-	{value: 0x0043, lo: 0xa8, hi: 0xbf},
-	// Block 0x90, offset 0x2da
-	{value: 0x0002, lo: 0x0b},
-	{value: 0x0073, lo: 0x80, hi: 0x81},
-	{value: 0x0083, lo: 0x82, hi: 0x9b},
-	{value: 0x0043, lo: 0x9c, hi: 0x9c},
-	{value: 0x0047, lo: 0x9e, hi: 0x9f},
-	{value: 0x004f, lo: 0xa2, hi: 0xa2},
-	{value: 0x0055, lo: 0xa5, hi: 0xa6},
-	{value: 0x005d, lo: 0xa9, hi: 0xac},
-	{value: 0x0067, lo: 0xae, hi: 0xb5},
-	{value: 0x0083, lo: 0xb6, hi: 0xb9},
-	{value: 0x008d, lo: 0xbb, hi: 0xbb},
-	{value: 0x0091, lo: 0xbd, hi: 0xbf},
-	// Block 0x91, offset 0x2e6
-	{value: 0x0002, lo: 0x04},
-	{value: 0x0097, lo: 0x80, hi: 0x83},
-	{value: 0x00a1, lo: 0x85, hi: 0x8f},
-	{value: 0x0043, lo: 0x90, hi: 0xa9},
-	{value: 0x0083, lo: 0xaa, hi: 0xbf},
-	// Block 0x92, offset 0x2eb
-	{value: 0x0002, lo: 0x08},
-	{value: 0x00af, lo: 0x80, hi: 0x83},
-	{value: 0x0043, lo: 0x84, hi: 0x85},
-	{value: 0x0049, lo: 0x87, hi: 0x8a},
-	{value: 0x0055, lo: 0x8d, hi: 0x94},
-	{value: 0x0067, lo: 0x96, hi: 0x9c},
-	{value: 0x0083, lo: 0x9e, hi: 0xb7},
-	{value: 0x0043, lo: 0xb8, hi: 0xb9},
-	{value: 0x0049, lo: 0xbb, hi: 0xbe},
-	// Block 0x93, offset 0x2f4
-	{value: 0x0002, lo: 0x05},
-	{value: 0x0053, lo: 0x80, hi: 0x84},
-	{value: 0x005f, lo: 0x86, hi: 0x86},
-	{value: 0x0067, lo: 0x8a, hi: 0x90},
-	{value: 0x0083, lo: 0x92, hi: 0xab},
-	{value: 0x0043, lo: 0xac, hi: 0xbf},
-	// Block 0x94, offset 0x2fa
-	{value: 0x0002, lo: 0x04},
-	{value: 0x006b, lo: 0x80, hi: 0x85},
-	{value: 0x0083, lo: 0x86, hi: 0x9f},
-	{value: 0x0043, lo: 0xa0, hi: 0xb9},
-	{value: 0x0083, lo: 0xba, hi: 0xbf},
-	// Block 0x95, offset 0x2ff
-	{value: 0x0002, lo: 0x03},
-	{value: 0x008f, lo: 0x80, hi: 0x93},
-	{value: 0x0043, lo: 0x94, hi: 0xad},
-	{value: 0x0083, lo: 0xae, hi: 0xbf},
-	// Block 0x96, offset 0x303
-	{value: 0x0002, lo: 0x04},
-	{value: 0x00a7, lo: 0x80, hi: 0x87},
-	{value: 0x0043, lo: 0x88, hi: 0xa1},
-	{value: 0x0083, lo: 0xa2, hi: 0xbb},
-	{value: 0x0043, lo: 0xbc, hi: 0xbf},
-	// Block 0x97, offset 0x308
-	{value: 0x0002, lo: 0x03},
-	{value: 0x004b, lo: 0x80, hi: 0x95},
-	{value: 0x0083, lo: 0x96, hi: 0xaf},
-	{value: 0x0043, lo: 0xb0, hi: 0xbf},
-	// Block 0x98, offset 0x30c
-	{value: 0x0003, lo: 0x0f},
-	{value: 0x01b8, lo: 0x80, hi: 0x80},
-	{value: 0x045f, lo: 0x81, hi: 0x81},
-	{value: 0x01bb, lo: 0x82, hi: 0x9a},
-	{value: 0x045b, lo: 0x9b, hi: 0x9b},
-	{value: 0x01c7, lo: 0x9c, hi: 0x9c},
-	{value: 0x01d0, lo: 0x9d, hi: 0x9d},
-	{value: 0x01d6, lo: 0x9e, hi: 0x9e},
-	{value: 0x01fa, lo: 0x9f, hi: 0x9f},
-	{value: 0x01eb, lo: 0xa0, hi: 0xa0},
-	{value: 0x01e8, lo: 0xa1, hi: 0xa1},
-	{value: 0x0173, lo: 0xa2, hi: 0xb2},
-	{value: 0x0188, lo: 0xb3, hi: 0xb3},
-	{value: 0x01a6, lo: 0xb4, hi: 0xba},
-	{value: 0x045f, lo: 0xbb, hi: 0xbb},
-	{value: 0x01bb, lo: 0xbc, hi: 0xbf},
-	// Block 0x99, offset 0x31c
-	{value: 0x0003, lo: 0x0d},
-	{value: 0x01c7, lo: 0x80, hi: 0x94},
-	{value: 0x045b, lo: 0x95, hi: 0x95},
-	{value: 0x01c7, lo: 0x96, hi: 0x96},
-	{value: 0x01d0, lo: 0x97, hi: 0x97},
-	{value: 0x01d6, lo: 0x98, hi: 0x98},
-	{value: 0x01fa, lo: 0x99, hi: 0x99},
-	{value: 0x01eb, lo: 0x9a, hi: 0x9a},
-	{value: 0x01e8, lo: 0x9b, hi: 0x9b},
-	{value: 0x0173, lo: 0x9c, hi: 0xac},
-	{value: 0x0188, lo: 0xad, hi: 0xad},
-	{value: 0x01a6, lo: 0xae, hi: 0xb4},
-	{value: 0x045f, lo: 0xb5, hi: 0xb5},
-	{value: 0x01bb, lo: 0xb6, hi: 0xbf},
-	// Block 0x9a, offset 0x32a
-	{value: 0x0003, lo: 0x0d},
-	{value: 0x01d9, lo: 0x80, hi: 0x8e},
-	{value: 0x045b, lo: 0x8f, hi: 0x8f},
-	{value: 0x01c7, lo: 0x90, hi: 0x90},
-	{value: 0x01d0, lo: 0x91, hi: 0x91},
-	{value: 0x01d6, lo: 0x92, hi: 0x92},
-	{value: 0x01fa, lo: 0x93, hi: 0x93},
-	{value: 0x01eb, lo: 0x94, hi: 0x94},
-	{value: 0x01e8, lo: 0x95, hi: 0x95},
-	{value: 0x0173, lo: 0x96, hi: 0xa6},
-	{value: 0x0188, lo: 0xa7, hi: 0xa7},
-	{value: 0x01a6, lo: 0xa8, hi: 0xae},
-	{value: 0x045f, lo: 0xaf, hi: 0xaf},
-	{value: 0x01bb, lo: 0xb0, hi: 0xbf},
-	// Block 0x9b, offset 0x338
-	{value: 0x0003, lo: 0x0d},
-	{value: 0x01eb, lo: 0x80, hi: 0x88},
-	{value: 0x045b, lo: 0x89, hi: 0x89},
-	{value: 0x01c7, lo: 0x8a, hi: 0x8a},
-	{value: 0x01d0, lo: 0x8b, hi: 0x8b},
-	{value: 0x01d6, lo: 0x8c, hi: 0x8c},
-	{value: 0x01fa, lo: 0x8d, hi: 0x8d},
-	{value: 0x01eb, lo: 0x8e, hi: 0x8e},
-	{value: 0x01e8, lo: 0x8f, hi: 0x8f},
-	{value: 0x0173, lo: 0x90, hi: 0xa0},
-	{value: 0x0188, lo: 0xa1, hi: 0xa1},
-	{value: 0x01a6, lo: 0xa2, hi: 0xa8},
-	{value: 0x045f, lo: 0xa9, hi: 0xa9},
-	{value: 0x01bb, lo: 0xaa, hi: 0xbf},
-	// Block 0x9c, offset 0x346
-	{value: 0x0000, lo: 0x05},
-	{value: 0x8132, lo: 0x80, hi: 0x86},
-	{value: 0x8132, lo: 0x88, hi: 0x98},
-	{value: 0x8132, lo: 0x9b, hi: 0xa1},
-	{value: 0x8132, lo: 0xa3, hi: 0xa4},
-	{value: 0x8132, lo: 0xa6, hi: 0xaa},
-	// Block 0x9d, offset 0x34c
-	{value: 0x0000, lo: 0x01},
-	{value: 0x812d, lo: 0x90, hi: 0x96},
-	// Block 0x9e, offset 0x34e
-	{value: 0x0000, lo: 0x02},
-	{value: 0x8132, lo: 0x84, hi: 0x89},
-	{value: 0x8102, lo: 0x8a, hi: 0x8a},
-	// Block 0x9f, offset 0x351
-	{value: 0x0002, lo: 0x09},
-	{value: 0x0063, lo: 0x80, hi: 0x89},
-	{value: 0x1951, lo: 0x8a, hi: 0x8a},
-	{value: 0x1981, lo: 0x8b, hi: 0x8b},
-	{value: 0x199c, lo: 0x8c, hi: 0x8c},
-	{value: 0x19a2, lo: 0x8d, hi: 0x8d},
-	{value: 0x1bc0, lo: 0x8e, hi: 0x8e},
-	{value: 0x19ae, lo: 0x8f, hi: 0x8f},
-	{value: 0x197b, lo: 0xaa, hi: 0xaa},
-	{value: 0x197e, lo: 0xab, hi: 0xab},
-	// Block 0xa0, offset 0x35b
-	{value: 0x0000, lo: 0x01},
-	{value: 0x193f, lo: 0x90, hi: 0x90},
-	// Block 0xa1, offset 0x35d
-	{value: 0x0028, lo: 0x09},
-	{value: 0x2862, lo: 0x80, hi: 0x80},
-	{value: 0x2826, lo: 0x81, hi: 0x81},
-	{value: 0x2830, lo: 0x82, hi: 0x82},
-	{value: 0x2844, lo: 0x83, hi: 0x84},
-	{value: 0x284e, lo: 0x85, hi: 0x86},
-	{value: 0x283a, lo: 0x87, hi: 0x87},
-	{value: 0x2858, lo: 0x88, hi: 0x88},
-	{value: 0x0b6f, lo: 0x90, hi: 0x90},
-	{value: 0x08e7, lo: 0x91, hi: 0x91},
-}
-
-// recompMap: 7520 bytes (entries only)
-var recompMap map[uint32]rune
-var recompMapOnce sync.Once
-
-const recompMapPacked = "" +
-	"\x00A\x03\x00\x00\x00\x00\xc0" + // 0x00410300: 0x000000C0
-	"\x00A\x03\x01\x00\x00\x00\xc1" + // 0x00410301: 0x000000C1
-	"\x00A\x03\x02\x00\x00\x00\xc2" + // 0x00410302: 0x000000C2
-	"\x00A\x03\x03\x00\x00\x00\xc3" + // 0x00410303: 0x000000C3
-	"\x00A\x03\b\x00\x00\x00\xc4" + // 0x00410308: 0x000000C4
-	"\x00A\x03\n\x00\x00\x00\xc5" + // 0x0041030A: 0x000000C5
-	"\x00C\x03'\x00\x00\x00\xc7" + // 0x00430327: 0x000000C7
-	"\x00E\x03\x00\x00\x00\x00\xc8" + // 0x00450300: 0x000000C8
-	"\x00E\x03\x01\x00\x00\x00\xc9" + // 0x00450301: 0x000000C9
-	"\x00E\x03\x02\x00\x00\x00\xca" + // 0x00450302: 0x000000CA
-	"\x00E\x03\b\x00\x00\x00\xcb" + // 0x00450308: 0x000000CB
-	"\x00I\x03\x00\x00\x00\x00\xcc" + // 0x00490300: 0x000000CC
-	"\x00I\x03\x01\x00\x00\x00\xcd" + // 0x00490301: 0x000000CD
-	"\x00I\x03\x02\x00\x00\x00\xce" + // 0x00490302: 0x000000CE
-	"\x00I\x03\b\x00\x00\x00\xcf" + // 0x00490308: 0x000000CF
-	"\x00N\x03\x03\x00\x00\x00\xd1" + // 0x004E0303: 0x000000D1
-	"\x00O\x03\x00\x00\x00\x00\xd2" + // 0x004F0300: 0x000000D2
-	"\x00O\x03\x01\x00\x00\x00\xd3" + // 0x004F0301: 0x000000D3
-	"\x00O\x03\x02\x00\x00\x00\xd4" + // 0x004F0302: 0x000000D4
-	"\x00O\x03\x03\x00\x00\x00\xd5" + // 0x004F0303: 0x000000D5
-	"\x00O\x03\b\x00\x00\x00\xd6" + // 0x004F0308: 0x000000D6
-	"\x00U\x03\x00\x00\x00\x00\xd9" + // 0x00550300: 0x000000D9
-	"\x00U\x03\x01\x00\x00\x00\xda" + // 0x00550301: 0x000000DA
-	"\x00U\x03\x02\x00\x00\x00\xdb" + // 0x00550302: 0x000000DB
-	"\x00U\x03\b\x00\x00\x00\xdc" + // 0x00550308: 0x000000DC
-	"\x00Y\x03\x01\x00\x00\x00\xdd" + // 0x00590301: 0x000000DD
-	"\x00a\x03\x00\x00\x00\x00\xe0" + // 0x00610300: 0x000000E0
-	"\x00a\x03\x01\x00\x00\x00\xe1" + // 0x00610301: 0x000000E1
-	"\x00a\x03\x02\x00\x00\x00\xe2" + // 0x00610302: 0x000000E2
-	"\x00a\x03\x03\x00\x00\x00\xe3" + // 0x00610303: 0x000000E3
-	"\x00a\x03\b\x00\x00\x00\xe4" + // 0x00610308: 0x000000E4
-	"\x00a\x03\n\x00\x00\x00\xe5" + // 0x0061030A: 0x000000E5
-	"\x00c\x03'\x00\x00\x00\xe7" + // 0x00630327: 0x000000E7
-	"\x00e\x03\x00\x00\x00\x00\xe8" + // 0x00650300: 0x000000E8
-	"\x00e\x03\x01\x00\x00\x00\xe9" + // 0x00650301: 0x000000E9
-	"\x00e\x03\x02\x00\x00\x00\xea" + // 0x00650302: 0x000000EA
-	"\x00e\x03\b\x00\x00\x00\xeb" + // 0x00650308: 0x000000EB
-	"\x00i\x03\x00\x00\x00\x00\xec" + // 0x00690300: 0x000000EC
-	"\x00i\x03\x01\x00\x00\x00\xed" + // 0x00690301: 0x000000ED
-	"\x00i\x03\x02\x00\x00\x00\xee" + // 0x00690302: 0x000000EE
-	"\x00i\x03\b\x00\x00\x00\xef" + // 0x00690308: 0x000000EF
-	"\x00n\x03\x03\x00\x00\x00\xf1" + // 0x006E0303: 0x000000F1
-	"\x00o\x03\x00\x00\x00\x00\xf2" + // 0x006F0300: 0x000000F2
-	"\x00o\x03\x01\x00\x00\x00\xf3" + // 0x006F0301: 0x000000F3
-	"\x00o\x03\x02\x00\x00\x00\xf4" + // 0x006F0302: 0x000000F4
-	"\x00o\x03\x03\x00\x00\x00\xf5" + // 0x006F0303: 0x000000F5
-	"\x00o\x03\b\x00\x00\x00\xf6" + // 0x006F0308: 0x000000F6
-	"\x00u\x03\x00\x00\x00\x00\xf9" + // 0x00750300: 0x000000F9
-	"\x00u\x03\x01\x00\x00\x00\xfa" + // 0x00750301: 0x000000FA
-	"\x00u\x03\x02\x00\x00\x00\xfb" + // 0x00750302: 0x000000FB
-	"\x00u\x03\b\x00\x00\x00\xfc" + // 0x00750308: 0x000000FC
-	"\x00y\x03\x01\x00\x00\x00\xfd" + // 0x00790301: 0x000000FD
-	"\x00y\x03\b\x00\x00\x00\xff" + // 0x00790308: 0x000000FF
-	"\x00A\x03\x04\x00\x00\x01\x00" + // 0x00410304: 0x00000100
-	"\x00a\x03\x04\x00\x00\x01\x01" + // 0x00610304: 0x00000101
-	"\x00A\x03\x06\x00\x00\x01\x02" + // 0x00410306: 0x00000102
-	"\x00a\x03\x06\x00\x00\x01\x03" + // 0x00610306: 0x00000103
-	"\x00A\x03(\x00\x00\x01\x04" + // 0x00410328: 0x00000104
-	"\x00a\x03(\x00\x00\x01\x05" + // 0x00610328: 0x00000105
-	"\x00C\x03\x01\x00\x00\x01\x06" + // 0x00430301: 0x00000106
-	"\x00c\x03\x01\x00\x00\x01\a" + // 0x00630301: 0x00000107
-	"\x00C\x03\x02\x00\x00\x01\b" + // 0x00430302: 0x00000108
-	"\x00c\x03\x02\x00\x00\x01\t" + // 0x00630302: 0x00000109
-	"\x00C\x03\a\x00\x00\x01\n" + // 0x00430307: 0x0000010A
-	"\x00c\x03\a\x00\x00\x01\v" + // 0x00630307: 0x0000010B
-	"\x00C\x03\f\x00\x00\x01\f" + // 0x0043030C: 0x0000010C
-	"\x00c\x03\f\x00\x00\x01\r" + // 0x0063030C: 0x0000010D
-	"\x00D\x03\f\x00\x00\x01\x0e" + // 0x0044030C: 0x0000010E
-	"\x00d\x03\f\x00\x00\x01\x0f" + // 0x0064030C: 0x0000010F
-	"\x00E\x03\x04\x00\x00\x01\x12" + // 0x00450304: 0x00000112
-	"\x00e\x03\x04\x00\x00\x01\x13" + // 0x00650304: 0x00000113
-	"\x00E\x03\x06\x00\x00\x01\x14" + // 0x00450306: 0x00000114
-	"\x00e\x03\x06\x00\x00\x01\x15" + // 0x00650306: 0x00000115
-	"\x00E\x03\a\x00\x00\x01\x16" + // 0x00450307: 0x00000116
-	"\x00e\x03\a\x00\x00\x01\x17" + // 0x00650307: 0x00000117
-	"\x00E\x03(\x00\x00\x01\x18" + // 0x00450328: 0x00000118
-	"\x00e\x03(\x00\x00\x01\x19" + // 0x00650328: 0x00000119
-	"\x00E\x03\f\x00\x00\x01\x1a" + // 0x0045030C: 0x0000011A
-	"\x00e\x03\f\x00\x00\x01\x1b" + // 0x0065030C: 0x0000011B
-	"\x00G\x03\x02\x00\x00\x01\x1c" + // 0x00470302: 0x0000011C
-	"\x00g\x03\x02\x00\x00\x01\x1d" + // 0x00670302: 0x0000011D
-	"\x00G\x03\x06\x00\x00\x01\x1e" + // 0x00470306: 0x0000011E
-	"\x00g\x03\x06\x00\x00\x01\x1f" + // 0x00670306: 0x0000011F
-	"\x00G\x03\a\x00\x00\x01 " + // 0x00470307: 0x00000120
-	"\x00g\x03\a\x00\x00\x01!" + // 0x00670307: 0x00000121
-	"\x00G\x03'\x00\x00\x01\"" + // 0x00470327: 0x00000122
-	"\x00g\x03'\x00\x00\x01#" + // 0x00670327: 0x00000123
-	"\x00H\x03\x02\x00\x00\x01$" + // 0x00480302: 0x00000124
-	"\x00h\x03\x02\x00\x00\x01%" + // 0x00680302: 0x00000125
-	"\x00I\x03\x03\x00\x00\x01(" + // 0x00490303: 0x00000128
-	"\x00i\x03\x03\x00\x00\x01)" + // 0x00690303: 0x00000129
-	"\x00I\x03\x04\x00\x00\x01*" + // 0x00490304: 0x0000012A
-	"\x00i\x03\x04\x00\x00\x01+" + // 0x00690304: 0x0000012B
-	"\x00I\x03\x06\x00\x00\x01," + // 0x00490306: 0x0000012C
-	"\x00i\x03\x06\x00\x00\x01-" + // 0x00690306: 0x0000012D
-	"\x00I\x03(\x00\x00\x01." + // 0x00490328: 0x0000012E
-	"\x00i\x03(\x00\x00\x01/" + // 0x00690328: 0x0000012F
-	"\x00I\x03\a\x00\x00\x010" + // 0x00490307: 0x00000130
-	"\x00J\x03\x02\x00\x00\x014" + // 0x004A0302: 0x00000134
-	"\x00j\x03\x02\x00\x00\x015" + // 0x006A0302: 0x00000135
-	"\x00K\x03'\x00\x00\x016" + // 0x004B0327: 0x00000136
-	"\x00k\x03'\x00\x00\x017" + // 0x006B0327: 0x00000137
-	"\x00L\x03\x01\x00\x00\x019" + // 0x004C0301: 0x00000139
-	"\x00l\x03\x01\x00\x00\x01:" + // 0x006C0301: 0x0000013A
-	"\x00L\x03'\x00\x00\x01;" + // 0x004C0327: 0x0000013B
-	"\x00l\x03'\x00\x00\x01<" + // 0x006C0327: 0x0000013C
-	"\x00L\x03\f\x00\x00\x01=" + // 0x004C030C: 0x0000013D
-	"\x00l\x03\f\x00\x00\x01>" + // 0x006C030C: 0x0000013E
-	"\x00N\x03\x01\x00\x00\x01C" + // 0x004E0301: 0x00000143
-	"\x00n\x03\x01\x00\x00\x01D" + // 0x006E0301: 0x00000144
-	"\x00N\x03'\x00\x00\x01E" + // 0x004E0327: 0x00000145
-	"\x00n\x03'\x00\x00\x01F" + // 0x006E0327: 0x00000146
-	"\x00N\x03\f\x00\x00\x01G" + // 0x004E030C: 0x00000147
-	"\x00n\x03\f\x00\x00\x01H" + // 0x006E030C: 0x00000148
-	"\x00O\x03\x04\x00\x00\x01L" + // 0x004F0304: 0x0000014C
-	"\x00o\x03\x04\x00\x00\x01M" + // 0x006F0304: 0x0000014D
-	"\x00O\x03\x06\x00\x00\x01N" + // 0x004F0306: 0x0000014E
-	"\x00o\x03\x06\x00\x00\x01O" + // 0x006F0306: 0x0000014F
-	"\x00O\x03\v\x00\x00\x01P" + // 0x004F030B: 0x00000150
-	"\x00o\x03\v\x00\x00\x01Q" + // 0x006F030B: 0x00000151
-	"\x00R\x03\x01\x00\x00\x01T" + // 0x00520301: 0x00000154
-	"\x00r\x03\x01\x00\x00\x01U" + // 0x00720301: 0x00000155
-	"\x00R\x03'\x00\x00\x01V" + // 0x00520327: 0x00000156
-	"\x00r\x03'\x00\x00\x01W" + // 0x00720327: 0x00000157
-	"\x00R\x03\f\x00\x00\x01X" + // 0x0052030C: 0x00000158
-	"\x00r\x03\f\x00\x00\x01Y" + // 0x0072030C: 0x00000159
-	"\x00S\x03\x01\x00\x00\x01Z" + // 0x00530301: 0x0000015A
-	"\x00s\x03\x01\x00\x00\x01[" + // 0x00730301: 0x0000015B
-	"\x00S\x03\x02\x00\x00\x01\\" + // 0x00530302: 0x0000015C
-	"\x00s\x03\x02\x00\x00\x01]" + // 0x00730302: 0x0000015D
-	"\x00S\x03'\x00\x00\x01^" + // 0x00530327: 0x0000015E
-	"\x00s\x03'\x00\x00\x01_" + // 0x00730327: 0x0000015F
-	"\x00S\x03\f\x00\x00\x01`" + // 0x0053030C: 0x00000160
-	"\x00s\x03\f\x00\x00\x01a" + // 0x0073030C: 0x00000161
-	"\x00T\x03'\x00\x00\x01b" + // 0x00540327: 0x00000162
-	"\x00t\x03'\x00\x00\x01c" + // 0x00740327: 0x00000163
-	"\x00T\x03\f\x00\x00\x01d" + // 0x0054030C: 0x00000164
-	"\x00t\x03\f\x00\x00\x01e" + // 0x0074030C: 0x00000165
-	"\x00U\x03\x03\x00\x00\x01h" + // 0x00550303: 0x00000168
-	"\x00u\x03\x03\x00\x00\x01i" + // 0x00750303: 0x00000169
-	"\x00U\x03\x04\x00\x00\x01j" + // 0x00550304: 0x0000016A
-	"\x00u\x03\x04\x00\x00\x01k" + // 0x00750304: 0x0000016B
-	"\x00U\x03\x06\x00\x00\x01l" + // 0x00550306: 0x0000016C
-	"\x00u\x03\x06\x00\x00\x01m" + // 0x00750306: 0x0000016D
-	"\x00U\x03\n\x00\x00\x01n" + // 0x0055030A: 0x0000016E
-	"\x00u\x03\n\x00\x00\x01o" + // 0x0075030A: 0x0000016F
-	"\x00U\x03\v\x00\x00\x01p" + // 0x0055030B: 0x00000170
-	"\x00u\x03\v\x00\x00\x01q" + // 0x0075030B: 0x00000171
-	"\x00U\x03(\x00\x00\x01r" + // 0x00550328: 0x00000172
-	"\x00u\x03(\x00\x00\x01s" + // 0x00750328: 0x00000173
-	"\x00W\x03\x02\x00\x00\x01t" + // 0x00570302: 0x00000174
-	"\x00w\x03\x02\x00\x00\x01u" + // 0x00770302: 0x00000175
-	"\x00Y\x03\x02\x00\x00\x01v" + // 0x00590302: 0x00000176
-	"\x00y\x03\x02\x00\x00\x01w" + // 0x00790302: 0x00000177
-	"\x00Y\x03\b\x00\x00\x01x" + // 0x00590308: 0x00000178
-	"\x00Z\x03\x01\x00\x00\x01y" + // 0x005A0301: 0x00000179
-	"\x00z\x03\x01\x00\x00\x01z" + // 0x007A0301: 0x0000017A
-	"\x00Z\x03\a\x00\x00\x01{" + // 0x005A0307: 0x0000017B
-	"\x00z\x03\a\x00\x00\x01|" + // 0x007A0307: 0x0000017C
-	"\x00Z\x03\f\x00\x00\x01}" + // 0x005A030C: 0x0000017D
-	"\x00z\x03\f\x00\x00\x01~" + // 0x007A030C: 0x0000017E
-	"\x00O\x03\x1b\x00\x00\x01\xa0" + // 0x004F031B: 0x000001A0
-	"\x00o\x03\x1b\x00\x00\x01\xa1" + // 0x006F031B: 0x000001A1
-	"\x00U\x03\x1b\x00\x00\x01\xaf" + // 0x0055031B: 0x000001AF
-	"\x00u\x03\x1b\x00\x00\x01\xb0" + // 0x0075031B: 0x000001B0
-	"\x00A\x03\f\x00\x00\x01\xcd" + // 0x0041030C: 0x000001CD
-	"\x00a\x03\f\x00\x00\x01\xce" + // 0x0061030C: 0x000001CE
-	"\x00I\x03\f\x00\x00\x01\xcf" + // 0x0049030C: 0x000001CF
-	"\x00i\x03\f\x00\x00\x01\xd0" + // 0x0069030C: 0x000001D0
-	"\x00O\x03\f\x00\x00\x01\xd1" + // 0x004F030C: 0x000001D1
-	"\x00o\x03\f\x00\x00\x01\xd2" + // 0x006F030C: 0x000001D2
-	"\x00U\x03\f\x00\x00\x01\xd3" + // 0x0055030C: 0x000001D3
-	"\x00u\x03\f\x00\x00\x01\xd4" + // 0x0075030C: 0x000001D4
-	"\x00\xdc\x03\x04\x00\x00\x01\xd5" + // 0x00DC0304: 0x000001D5
-	"\x00\xfc\x03\x04\x00\x00\x01\xd6" + // 0x00FC0304: 0x000001D6
-	"\x00\xdc\x03\x01\x00\x00\x01\xd7" + // 0x00DC0301: 0x000001D7
-	"\x00\xfc\x03\x01\x00\x00\x01\xd8" + // 0x00FC0301: 0x000001D8
-	"\x00\xdc\x03\f\x00\x00\x01\xd9" + // 0x00DC030C: 0x000001D9
-	"\x00\xfc\x03\f\x00\x00\x01\xda" + // 0x00FC030C: 0x000001DA
-	"\x00\xdc\x03\x00\x00\x00\x01\xdb" + // 0x00DC0300: 0x000001DB
-	"\x00\xfc\x03\x00\x00\x00\x01\xdc" + // 0x00FC0300: 0x000001DC
-	"\x00\xc4\x03\x04\x00\x00\x01\xde" + // 0x00C40304: 0x000001DE
-	"\x00\xe4\x03\x04\x00\x00\x01\xdf" + // 0x00E40304: 0x000001DF
-	"\x02&\x03\x04\x00\x00\x01\xe0" + // 0x02260304: 0x000001E0
-	"\x02'\x03\x04\x00\x00\x01\xe1" + // 0x02270304: 0x000001E1
-	"\x00\xc6\x03\x04\x00\x00\x01\xe2" + // 0x00C60304: 0x000001E2
-	"\x00\xe6\x03\x04\x00\x00\x01\xe3" + // 0x00E60304: 0x000001E3
-	"\x00G\x03\f\x00\x00\x01\xe6" + // 0x0047030C: 0x000001E6
-	"\x00g\x03\f\x00\x00\x01\xe7" + // 0x0067030C: 0x000001E7
-	"\x00K\x03\f\x00\x00\x01\xe8" + // 0x004B030C: 0x000001E8
-	"\x00k\x03\f\x00\x00\x01\xe9" + // 0x006B030C: 0x000001E9
-	"\x00O\x03(\x00\x00\x01\xea" + // 0x004F0328: 0x000001EA
-	"\x00o\x03(\x00\x00\x01\xeb" + // 0x006F0328: 0x000001EB
-	"\x01\xea\x03\x04\x00\x00\x01\xec" + // 0x01EA0304: 0x000001EC
-	"\x01\xeb\x03\x04\x00\x00\x01\xed" + // 0x01EB0304: 0x000001ED
-	"\x01\xb7\x03\f\x00\x00\x01\xee" + // 0x01B7030C: 0x000001EE
-	"\x02\x92\x03\f\x00\x00\x01\xef" + // 0x0292030C: 0x000001EF
-	"\x00j\x03\f\x00\x00\x01\xf0" + // 0x006A030C: 0x000001F0
-	"\x00G\x03\x01\x00\x00\x01\xf4" + // 0x00470301: 0x000001F4
-	"\x00g\x03\x01\x00\x00\x01\xf5" + // 0x00670301: 0x000001F5
-	"\x00N\x03\x00\x00\x00\x01\xf8" + // 0x004E0300: 0x000001F8
-	"\x00n\x03\x00\x00\x00\x01\xf9" + // 0x006E0300: 0x000001F9
-	"\x00\xc5\x03\x01\x00\x00\x01\xfa" + // 0x00C50301: 0x000001FA
-	"\x00\xe5\x03\x01\x00\x00\x01\xfb" + // 0x00E50301: 0x000001FB
-	"\x00\xc6\x03\x01\x00\x00\x01\xfc" + // 0x00C60301: 0x000001FC
-	"\x00\xe6\x03\x01\x00\x00\x01\xfd" + // 0x00E60301: 0x000001FD
-	"\x00\xd8\x03\x01\x00\x00\x01\xfe" + // 0x00D80301: 0x000001FE
-	"\x00\xf8\x03\x01\x00\x00\x01\xff" + // 0x00F80301: 0x000001FF
-	"\x00A\x03\x0f\x00\x00\x02\x00" + // 0x0041030F: 0x00000200
-	"\x00a\x03\x0f\x00\x00\x02\x01" + // 0x0061030F: 0x00000201
-	"\x00A\x03\x11\x00\x00\x02\x02" + // 0x00410311: 0x00000202
-	"\x00a\x03\x11\x00\x00\x02\x03" + // 0x00610311: 0x00000203
-	"\x00E\x03\x0f\x00\x00\x02\x04" + // 0x0045030F: 0x00000204
-	"\x00e\x03\x0f\x00\x00\x02\x05" + // 0x0065030F: 0x00000205
-	"\x00E\x03\x11\x00\x00\x02\x06" + // 0x00450311: 0x00000206
-	"\x00e\x03\x11\x00\x00\x02\a" + // 0x00650311: 0x00000207
-	"\x00I\x03\x0f\x00\x00\x02\b" + // 0x0049030F: 0x00000208
-	"\x00i\x03\x0f\x00\x00\x02\t" + // 0x0069030F: 0x00000209
-	"\x00I\x03\x11\x00\x00\x02\n" + // 0x00490311: 0x0000020A
-	"\x00i\x03\x11\x00\x00\x02\v" + // 0x00690311: 0x0000020B
-	"\x00O\x03\x0f\x00\x00\x02\f" + // 0x004F030F: 0x0000020C
-	"\x00o\x03\x0f\x00\x00\x02\r" + // 0x006F030F: 0x0000020D
-	"\x00O\x03\x11\x00\x00\x02\x0e" + // 0x004F0311: 0x0000020E
-	"\x00o\x03\x11\x00\x00\x02\x0f" + // 0x006F0311: 0x0000020F
-	"\x00R\x03\x0f\x00\x00\x02\x10" + // 0x0052030F: 0x00000210
-	"\x00r\x03\x0f\x00\x00\x02\x11" + // 0x0072030F: 0x00000211
-	"\x00R\x03\x11\x00\x00\x02\x12" + // 0x00520311: 0x00000212
-	"\x00r\x03\x11\x00\x00\x02\x13" + // 0x00720311: 0x00000213
-	"\x00U\x03\x0f\x00\x00\x02\x14" + // 0x0055030F: 0x00000214
-	"\x00u\x03\x0f\x00\x00\x02\x15" + // 0x0075030F: 0x00000215
-	"\x00U\x03\x11\x00\x00\x02\x16" + // 0x00550311: 0x00000216
-	"\x00u\x03\x11\x00\x00\x02\x17" + // 0x00750311: 0x00000217
-	"\x00S\x03&\x00\x00\x02\x18" + // 0x00530326: 0x00000218
-	"\x00s\x03&\x00\x00\x02\x19" + // 0x00730326: 0x00000219
-	"\x00T\x03&\x00\x00\x02\x1a" + // 0x00540326: 0x0000021A
-	"\x00t\x03&\x00\x00\x02\x1b" + // 0x00740326: 0x0000021B
-	"\x00H\x03\f\x00\x00\x02\x1e" + // 0x0048030C: 0x0000021E
-	"\x00h\x03\f\x00\x00\x02\x1f" + // 0x0068030C: 0x0000021F
-	"\x00A\x03\a\x00\x00\x02&" + // 0x00410307: 0x00000226
-	"\x00a\x03\a\x00\x00\x02'" + // 0x00610307: 0x00000227
-	"\x00E\x03'\x00\x00\x02(" + // 0x00450327: 0x00000228
-	"\x00e\x03'\x00\x00\x02)" + // 0x00650327: 0x00000229
-	"\x00\xd6\x03\x04\x00\x00\x02*" + // 0x00D60304: 0x0000022A
-	"\x00\xf6\x03\x04\x00\x00\x02+" + // 0x00F60304: 0x0000022B
-	"\x00\xd5\x03\x04\x00\x00\x02," + // 0x00D50304: 0x0000022C
-	"\x00\xf5\x03\x04\x00\x00\x02-" + // 0x00F50304: 0x0000022D
-	"\x00O\x03\a\x00\x00\x02." + // 0x004F0307: 0x0000022E
-	"\x00o\x03\a\x00\x00\x02/" + // 0x006F0307: 0x0000022F
-	"\x02.\x03\x04\x00\x00\x020" + // 0x022E0304: 0x00000230
-	"\x02/\x03\x04\x00\x00\x021" + // 0x022F0304: 0x00000231
-	"\x00Y\x03\x04\x00\x00\x022" + // 0x00590304: 0x00000232
-	"\x00y\x03\x04\x00\x00\x023" + // 0x00790304: 0x00000233
-	"\x00\xa8\x03\x01\x00\x00\x03\x85" + // 0x00A80301: 0x00000385
-	"\x03\x91\x03\x01\x00\x00\x03\x86" + // 0x03910301: 0x00000386
-	"\x03\x95\x03\x01\x00\x00\x03\x88" + // 0x03950301: 0x00000388
-	"\x03\x97\x03\x01\x00\x00\x03\x89" + // 0x03970301: 0x00000389
-	"\x03\x99\x03\x01\x00\x00\x03\x8a" + // 0x03990301: 0x0000038A
-	"\x03\x9f\x03\x01\x00\x00\x03\x8c" + // 0x039F0301: 0x0000038C
-	"\x03\xa5\x03\x01\x00\x00\x03\x8e" + // 0x03A50301: 0x0000038E
-	"\x03\xa9\x03\x01\x00\x00\x03\x8f" + // 0x03A90301: 0x0000038F
-	"\x03\xca\x03\x01\x00\x00\x03\x90" + // 0x03CA0301: 0x00000390
-	"\x03\x99\x03\b\x00\x00\x03\xaa" + // 0x03990308: 0x000003AA
-	"\x03\xa5\x03\b\x00\x00\x03\xab" + // 0x03A50308: 0x000003AB
-	"\x03\xb1\x03\x01\x00\x00\x03\xac" + // 0x03B10301: 0x000003AC
-	"\x03\xb5\x03\x01\x00\x00\x03\xad" + // 0x03B50301: 0x000003AD
-	"\x03\xb7\x03\x01\x00\x00\x03\xae" + // 0x03B70301: 0x000003AE
-	"\x03\xb9\x03\x01\x00\x00\x03\xaf" + // 0x03B90301: 0x000003AF
-	"\x03\xcb\x03\x01\x00\x00\x03\xb0" + // 0x03CB0301: 0x000003B0
-	"\x03\xb9\x03\b\x00\x00\x03\xca" + // 0x03B90308: 0x000003CA
-	"\x03\xc5\x03\b\x00\x00\x03\xcb" + // 0x03C50308: 0x000003CB
-	"\x03\xbf\x03\x01\x00\x00\x03\xcc" + // 0x03BF0301: 0x000003CC
-	"\x03\xc5\x03\x01\x00\x00\x03\xcd" + // 0x03C50301: 0x000003CD
-	"\x03\xc9\x03\x01\x00\x00\x03\xce" + // 0x03C90301: 0x000003CE
-	"\x03\xd2\x03\x01\x00\x00\x03\xd3" + // 0x03D20301: 0x000003D3
-	"\x03\xd2\x03\b\x00\x00\x03\xd4" + // 0x03D20308: 0x000003D4
-	"\x04\x15\x03\x00\x00\x00\x04\x00" + // 0x04150300: 0x00000400
-	"\x04\x15\x03\b\x00\x00\x04\x01" + // 0x04150308: 0x00000401
-	"\x04\x13\x03\x01\x00\x00\x04\x03" + // 0x04130301: 0x00000403
-	"\x04\x06\x03\b\x00\x00\x04\a" + // 0x04060308: 0x00000407
-	"\x04\x1a\x03\x01\x00\x00\x04\f" + // 0x041A0301: 0x0000040C
-	"\x04\x18\x03\x00\x00\x00\x04\r" + // 0x04180300: 0x0000040D
-	"\x04#\x03\x06\x00\x00\x04\x0e" + // 0x04230306: 0x0000040E
-	"\x04\x18\x03\x06\x00\x00\x04\x19" + // 0x04180306: 0x00000419
-	"\x048\x03\x06\x00\x00\x049" + // 0x04380306: 0x00000439
-	"\x045\x03\x00\x00\x00\x04P" + // 0x04350300: 0x00000450
-	"\x045\x03\b\x00\x00\x04Q" + // 0x04350308: 0x00000451
-	"\x043\x03\x01\x00\x00\x04S" + // 0x04330301: 0x00000453
-	"\x04V\x03\b\x00\x00\x04W" + // 0x04560308: 0x00000457
-	"\x04:\x03\x01\x00\x00\x04\\" + // 0x043A0301: 0x0000045C
-	"\x048\x03\x00\x00\x00\x04]" + // 0x04380300: 0x0000045D
-	"\x04C\x03\x06\x00\x00\x04^" + // 0x04430306: 0x0000045E
-	"\x04t\x03\x0f\x00\x00\x04v" + // 0x0474030F: 0x00000476
-	"\x04u\x03\x0f\x00\x00\x04w" + // 0x0475030F: 0x00000477
-	"\x04\x16\x03\x06\x00\x00\x04\xc1" + // 0x04160306: 0x000004C1
-	"\x046\x03\x06\x00\x00\x04\xc2" + // 0x04360306: 0x000004C2
-	"\x04\x10\x03\x06\x00\x00\x04\xd0" + // 0x04100306: 0x000004D0
-	"\x040\x03\x06\x00\x00\x04\xd1" + // 0x04300306: 0x000004D1
-	"\x04\x10\x03\b\x00\x00\x04\xd2" + // 0x04100308: 0x000004D2
-	"\x040\x03\b\x00\x00\x04\xd3" + // 0x04300308: 0x000004D3
-	"\x04\x15\x03\x06\x00\x00\x04\xd6" + // 0x04150306: 0x000004D6
-	"\x045\x03\x06\x00\x00\x04\xd7" + // 0x04350306: 0x000004D7
-	"\x04\xd8\x03\b\x00\x00\x04\xda" + // 0x04D80308: 0x000004DA
-	"\x04\xd9\x03\b\x00\x00\x04\xdb" + // 0x04D90308: 0x000004DB
-	"\x04\x16\x03\b\x00\x00\x04\xdc" + // 0x04160308: 0x000004DC
-	"\x046\x03\b\x00\x00\x04\xdd" + // 0x04360308: 0x000004DD
-	"\x04\x17\x03\b\x00\x00\x04\xde" + // 0x04170308: 0x000004DE
-	"\x047\x03\b\x00\x00\x04\xdf" + // 0x04370308: 0x000004DF
-	"\x04\x18\x03\x04\x00\x00\x04\xe2" + // 0x04180304: 0x000004E2
-	"\x048\x03\x04\x00\x00\x04\xe3" + // 0x04380304: 0x000004E3
-	"\x04\x18\x03\b\x00\x00\x04\xe4" + // 0x04180308: 0x000004E4
-	"\x048\x03\b\x00\x00\x04\xe5" + // 0x04380308: 0x000004E5
-	"\x04\x1e\x03\b\x00\x00\x04\xe6" + // 0x041E0308: 0x000004E6
-	"\x04>\x03\b\x00\x00\x04\xe7" + // 0x043E0308: 0x000004E7
-	"\x04\xe8\x03\b\x00\x00\x04\xea" + // 0x04E80308: 0x000004EA
-	"\x04\xe9\x03\b\x00\x00\x04\xeb" + // 0x04E90308: 0x000004EB
-	"\x04-\x03\b\x00\x00\x04\xec" + // 0x042D0308: 0x000004EC
-	"\x04M\x03\b\x00\x00\x04\xed" + // 0x044D0308: 0x000004ED
-	"\x04#\x03\x04\x00\x00\x04\xee" + // 0x04230304: 0x000004EE
-	"\x04C\x03\x04\x00\x00\x04\xef" + // 0x04430304: 0x000004EF
-	"\x04#\x03\b\x00\x00\x04\xf0" + // 0x04230308: 0x000004F0
-	"\x04C\x03\b\x00\x00\x04\xf1" + // 0x04430308: 0x000004F1
-	"\x04#\x03\v\x00\x00\x04\xf2" + // 0x0423030B: 0x000004F2
-	"\x04C\x03\v\x00\x00\x04\xf3" + // 0x0443030B: 0x000004F3
-	"\x04'\x03\b\x00\x00\x04\xf4" + // 0x04270308: 0x000004F4
-	"\x04G\x03\b\x00\x00\x04\xf5" + // 0x04470308: 0x000004F5
-	"\x04+\x03\b\x00\x00\x04\xf8" + // 0x042B0308: 0x000004F8
-	"\x04K\x03\b\x00\x00\x04\xf9" + // 0x044B0308: 0x000004F9
-	"\x06'\x06S\x00\x00\x06\"" + // 0x06270653: 0x00000622
-	"\x06'\x06T\x00\x00\x06#" + // 0x06270654: 0x00000623
-	"\x06H\x06T\x00\x00\x06$" + // 0x06480654: 0x00000624
-	"\x06'\x06U\x00\x00\x06%" + // 0x06270655: 0x00000625
-	"\x06J\x06T\x00\x00\x06&" + // 0x064A0654: 0x00000626
-	"\x06\xd5\x06T\x00\x00\x06\xc0" + // 0x06D50654: 0x000006C0
-	"\x06\xc1\x06T\x00\x00\x06\xc2" + // 0x06C10654: 0x000006C2
-	"\x06\xd2\x06T\x00\x00\x06\xd3" + // 0x06D20654: 0x000006D3
-	"\t(\t<\x00\x00\t)" + // 0x0928093C: 0x00000929
-	"\t0\t<\x00\x00\t1" + // 0x0930093C: 0x00000931
-	"\t3\t<\x00\x00\t4" + // 0x0933093C: 0x00000934
-	"\t\xc7\t\xbe\x00\x00\t\xcb" + // 0x09C709BE: 0x000009CB
-	"\t\xc7\t\xd7\x00\x00\t\xcc" + // 0x09C709D7: 0x000009CC
-	"\vG\vV\x00\x00\vH" + // 0x0B470B56: 0x00000B48
-	"\vG\v>\x00\x00\vK" + // 0x0B470B3E: 0x00000B4B
-	"\vG\vW\x00\x00\vL" + // 0x0B470B57: 0x00000B4C
-	"\v\x92\v\xd7\x00\x00\v\x94" + // 0x0B920BD7: 0x00000B94
-	"\v\xc6\v\xbe\x00\x00\v\xca" + // 0x0BC60BBE: 0x00000BCA
-	"\v\xc7\v\xbe\x00\x00\v\xcb" + // 0x0BC70BBE: 0x00000BCB
-	"\v\xc6\v\xd7\x00\x00\v\xcc" + // 0x0BC60BD7: 0x00000BCC
-	"\fF\fV\x00\x00\fH" + // 0x0C460C56: 0x00000C48
-	"\f\xbf\f\xd5\x00\x00\f\xc0" + // 0x0CBF0CD5: 0x00000CC0
-	"\f\xc6\f\xd5\x00\x00\f\xc7" + // 0x0CC60CD5: 0x00000CC7
-	"\f\xc6\f\xd6\x00\x00\f\xc8" + // 0x0CC60CD6: 0x00000CC8
-	"\f\xc6\f\xc2\x00\x00\f\xca" + // 0x0CC60CC2: 0x00000CCA
-	"\f\xca\f\xd5\x00\x00\f\xcb" + // 0x0CCA0CD5: 0x00000CCB
-	"\rF\r>\x00\x00\rJ" + // 0x0D460D3E: 0x00000D4A
-	"\rG\r>\x00\x00\rK" + // 0x0D470D3E: 0x00000D4B
-	"\rF\rW\x00\x00\rL" + // 0x0D460D57: 0x00000D4C
-	"\r\xd9\r\xca\x00\x00\r\xda" + // 0x0DD90DCA: 0x00000DDA
-	"\r\xd9\r\xcf\x00\x00\r\xdc" + // 0x0DD90DCF: 0x00000DDC
-	"\r\xdc\r\xca\x00\x00\r\xdd" + // 0x0DDC0DCA: 0x00000DDD
-	"\r\xd9\r\xdf\x00\x00\r\xde" + // 0x0DD90DDF: 0x00000DDE
-	"\x10%\x10.\x00\x00\x10&" + // 0x1025102E: 0x00001026
-	"\x1b\x05\x1b5\x00\x00\x1b\x06" + // 0x1B051B35: 0x00001B06
-	"\x1b\a\x1b5\x00\x00\x1b\b" + // 0x1B071B35: 0x00001B08
-	"\x1b\t\x1b5\x00\x00\x1b\n" + // 0x1B091B35: 0x00001B0A
-	"\x1b\v\x1b5\x00\x00\x1b\f" + // 0x1B0B1B35: 0x00001B0C
-	"\x1b\r\x1b5\x00\x00\x1b\x0e" + // 0x1B0D1B35: 0x00001B0E
-	"\x1b\x11\x1b5\x00\x00\x1b\x12" + // 0x1B111B35: 0x00001B12
-	"\x1b:\x1b5\x00\x00\x1b;" + // 0x1B3A1B35: 0x00001B3B
-	"\x1b<\x1b5\x00\x00\x1b=" + // 0x1B3C1B35: 0x00001B3D
-	"\x1b>\x1b5\x00\x00\x1b@" + // 0x1B3E1B35: 0x00001B40
-	"\x1b?\x1b5\x00\x00\x1bA" + // 0x1B3F1B35: 0x00001B41
-	"\x1bB\x1b5\x00\x00\x1bC" + // 0x1B421B35: 0x00001B43
-	"\x00A\x03%\x00\x00\x1e\x00" + // 0x00410325: 0x00001E00
-	"\x00a\x03%\x00\x00\x1e\x01" + // 0x00610325: 0x00001E01
-	"\x00B\x03\a\x00\x00\x1e\x02" + // 0x00420307: 0x00001E02
-	"\x00b\x03\a\x00\x00\x1e\x03" + // 0x00620307: 0x00001E03
-	"\x00B\x03#\x00\x00\x1e\x04" + // 0x00420323: 0x00001E04
-	"\x00b\x03#\x00\x00\x1e\x05" + // 0x00620323: 0x00001E05
-	"\x00B\x031\x00\x00\x1e\x06" + // 0x00420331: 0x00001E06
-	"\x00b\x031\x00\x00\x1e\a" + // 0x00620331: 0x00001E07
-	"\x00\xc7\x03\x01\x00\x00\x1e\b" + // 0x00C70301: 0x00001E08
-	"\x00\xe7\x03\x01\x00\x00\x1e\t" + // 0x00E70301: 0x00001E09
-	"\x00D\x03\a\x00\x00\x1e\n" + // 0x00440307: 0x00001E0A
-	"\x00d\x03\a\x00\x00\x1e\v" + // 0x00640307: 0x00001E0B
-	"\x00D\x03#\x00\x00\x1e\f" + // 0x00440323: 0x00001E0C
-	"\x00d\x03#\x00\x00\x1e\r" + // 0x00640323: 0x00001E0D
-	"\x00D\x031\x00\x00\x1e\x0e" + // 0x00440331: 0x00001E0E
-	"\x00d\x031\x00\x00\x1e\x0f" + // 0x00640331: 0x00001E0F
-	"\x00D\x03'\x00\x00\x1e\x10" + // 0x00440327: 0x00001E10
-	"\x00d\x03'\x00\x00\x1e\x11" + // 0x00640327: 0x00001E11
-	"\x00D\x03-\x00\x00\x1e\x12" + // 0x0044032D: 0x00001E12
-	"\x00d\x03-\x00\x00\x1e\x13" + // 0x0064032D: 0x00001E13
-	"\x01\x12\x03\x00\x00\x00\x1e\x14" + // 0x01120300: 0x00001E14
-	"\x01\x13\x03\x00\x00\x00\x1e\x15" + // 0x01130300: 0x00001E15
-	"\x01\x12\x03\x01\x00\x00\x1e\x16" + // 0x01120301: 0x00001E16
-	"\x01\x13\x03\x01\x00\x00\x1e\x17" + // 0x01130301: 0x00001E17
-	"\x00E\x03-\x00\x00\x1e\x18" + // 0x0045032D: 0x00001E18
-	"\x00e\x03-\x00\x00\x1e\x19" + // 0x0065032D: 0x00001E19
-	"\x00E\x030\x00\x00\x1e\x1a" + // 0x00450330: 0x00001E1A
-	"\x00e\x030\x00\x00\x1e\x1b" + // 0x00650330: 0x00001E1B
-	"\x02(\x03\x06\x00\x00\x1e\x1c" + // 0x02280306: 0x00001E1C
-	"\x02)\x03\x06\x00\x00\x1e\x1d" + // 0x02290306: 0x00001E1D
-	"\x00F\x03\a\x00\x00\x1e\x1e" + // 0x00460307: 0x00001E1E
-	"\x00f\x03\a\x00\x00\x1e\x1f" + // 0x00660307: 0x00001E1F
-	"\x00G\x03\x04\x00\x00\x1e " + // 0x00470304: 0x00001E20
-	"\x00g\x03\x04\x00\x00\x1e!" + // 0x00670304: 0x00001E21
-	"\x00H\x03\a\x00\x00\x1e\"" + // 0x00480307: 0x00001E22
-	"\x00h\x03\a\x00\x00\x1e#" + // 0x00680307: 0x00001E23
-	"\x00H\x03#\x00\x00\x1e$" + // 0x00480323: 0x00001E24
-	"\x00h\x03#\x00\x00\x1e%" + // 0x00680323: 0x00001E25
-	"\x00H\x03\b\x00\x00\x1e&" + // 0x00480308: 0x00001E26
-	"\x00h\x03\b\x00\x00\x1e'" + // 0x00680308: 0x00001E27
-	"\x00H\x03'\x00\x00\x1e(" + // 0x00480327: 0x00001E28
-	"\x00h\x03'\x00\x00\x1e)" + // 0x00680327: 0x00001E29
-	"\x00H\x03.\x00\x00\x1e*" + // 0x0048032E: 0x00001E2A
-	"\x00h\x03.\x00\x00\x1e+" + // 0x0068032E: 0x00001E2B
-	"\x00I\x030\x00\x00\x1e," + // 0x00490330: 0x00001E2C
-	"\x00i\x030\x00\x00\x1e-" + // 0x00690330: 0x00001E2D
-	"\x00\xcf\x03\x01\x00\x00\x1e." + // 0x00CF0301: 0x00001E2E
-	"\x00\xef\x03\x01\x00\x00\x1e/" + // 0x00EF0301: 0x00001E2F
-	"\x00K\x03\x01\x00\x00\x1e0" + // 0x004B0301: 0x00001E30
-	"\x00k\x03\x01\x00\x00\x1e1" + // 0x006B0301: 0x00001E31
-	"\x00K\x03#\x00\x00\x1e2" + // 0x004B0323: 0x00001E32
-	"\x00k\x03#\x00\x00\x1e3" + // 0x006B0323: 0x00001E33
-	"\x00K\x031\x00\x00\x1e4" + // 0x004B0331: 0x00001E34
-	"\x00k\x031\x00\x00\x1e5" + // 0x006B0331: 0x00001E35
-	"\x00L\x03#\x00\x00\x1e6" + // 0x004C0323: 0x00001E36
-	"\x00l\x03#\x00\x00\x1e7" + // 0x006C0323: 0x00001E37
-	"\x1e6\x03\x04\x00\x00\x1e8" + // 0x1E360304: 0x00001E38
-	"\x1e7\x03\x04\x00\x00\x1e9" + // 0x1E370304: 0x00001E39
-	"\x00L\x031\x00\x00\x1e:" + // 0x004C0331: 0x00001E3A
-	"\x00l\x031\x00\x00\x1e;" + // 0x006C0331: 0x00001E3B
-	"\x00L\x03-\x00\x00\x1e<" + // 0x004C032D: 0x00001E3C
-	"\x00l\x03-\x00\x00\x1e=" + // 0x006C032D: 0x00001E3D
-	"\x00M\x03\x01\x00\x00\x1e>" + // 0x004D0301: 0x00001E3E
-	"\x00m\x03\x01\x00\x00\x1e?" + // 0x006D0301: 0x00001E3F
-	"\x00M\x03\a\x00\x00\x1e@" + // 0x004D0307: 0x00001E40
-	"\x00m\x03\a\x00\x00\x1eA" + // 0x006D0307: 0x00001E41
-	"\x00M\x03#\x00\x00\x1eB" + // 0x004D0323: 0x00001E42
-	"\x00m\x03#\x00\x00\x1eC" + // 0x006D0323: 0x00001E43
-	"\x00N\x03\a\x00\x00\x1eD" + // 0x004E0307: 0x00001E44
-	"\x00n\x03\a\x00\x00\x1eE" + // 0x006E0307: 0x00001E45
-	"\x00N\x03#\x00\x00\x1eF" + // 0x004E0323: 0x00001E46
-	"\x00n\x03#\x00\x00\x1eG" + // 0x006E0323: 0x00001E47
-	"\x00N\x031\x00\x00\x1eH" + // 0x004E0331: 0x00001E48
-	"\x00n\x031\x00\x00\x1eI" + // 0x006E0331: 0x00001E49
-	"\x00N\x03-\x00\x00\x1eJ" + // 0x004E032D: 0x00001E4A
-	"\x00n\x03-\x00\x00\x1eK" + // 0x006E032D: 0x00001E4B
-	"\x00\xd5\x03\x01\x00\x00\x1eL" + // 0x00D50301: 0x00001E4C
-	"\x00\xf5\x03\x01\x00\x00\x1eM" + // 0x00F50301: 0x00001E4D
-	"\x00\xd5\x03\b\x00\x00\x1eN" + // 0x00D50308: 0x00001E4E
-	"\x00\xf5\x03\b\x00\x00\x1eO" + // 0x00F50308: 0x00001E4F
-	"\x01L\x03\x00\x00\x00\x1eP" + // 0x014C0300: 0x00001E50
-	"\x01M\x03\x00\x00\x00\x1eQ" + // 0x014D0300: 0x00001E51
-	"\x01L\x03\x01\x00\x00\x1eR" + // 0x014C0301: 0x00001E52
-	"\x01M\x03\x01\x00\x00\x1eS" + // 0x014D0301: 0x00001E53
-	"\x00P\x03\x01\x00\x00\x1eT" + // 0x00500301: 0x00001E54
-	"\x00p\x03\x01\x00\x00\x1eU" + // 0x00700301: 0x00001E55
-	"\x00P\x03\a\x00\x00\x1eV" + // 0x00500307: 0x00001E56
-	"\x00p\x03\a\x00\x00\x1eW" + // 0x00700307: 0x00001E57
-	"\x00R\x03\a\x00\x00\x1eX" + // 0x00520307: 0x00001E58
-	"\x00r\x03\a\x00\x00\x1eY" + // 0x00720307: 0x00001E59
-	"\x00R\x03#\x00\x00\x1eZ" + // 0x00520323: 0x00001E5A
-	"\x00r\x03#\x00\x00\x1e[" + // 0x00720323: 0x00001E5B
-	"\x1eZ\x03\x04\x00\x00\x1e\\" + // 0x1E5A0304: 0x00001E5C
-	"\x1e[\x03\x04\x00\x00\x1e]" + // 0x1E5B0304: 0x00001E5D
-	"\x00R\x031\x00\x00\x1e^" + // 0x00520331: 0x00001E5E
-	"\x00r\x031\x00\x00\x1e_" + // 0x00720331: 0x00001E5F
-	"\x00S\x03\a\x00\x00\x1e`" + // 0x00530307: 0x00001E60
-	"\x00s\x03\a\x00\x00\x1ea" + // 0x00730307: 0x00001E61
-	"\x00S\x03#\x00\x00\x1eb" + // 0x00530323: 0x00001E62
-	"\x00s\x03#\x00\x00\x1ec" + // 0x00730323: 0x00001E63
-	"\x01Z\x03\a\x00\x00\x1ed" + // 0x015A0307: 0x00001E64
-	"\x01[\x03\a\x00\x00\x1ee" + // 0x015B0307: 0x00001E65
-	"\x01`\x03\a\x00\x00\x1ef" + // 0x01600307: 0x00001E66
-	"\x01a\x03\a\x00\x00\x1eg" + // 0x01610307: 0x00001E67
-	"\x1eb\x03\a\x00\x00\x1eh" + // 0x1E620307: 0x00001E68
-	"\x1ec\x03\a\x00\x00\x1ei" + // 0x1E630307: 0x00001E69
-	"\x00T\x03\a\x00\x00\x1ej" + // 0x00540307: 0x00001E6A
-	"\x00t\x03\a\x00\x00\x1ek" + // 0x00740307: 0x00001E6B
-	"\x00T\x03#\x00\x00\x1el" + // 0x00540323: 0x00001E6C
-	"\x00t\x03#\x00\x00\x1em" + // 0x00740323: 0x00001E6D
-	"\x00T\x031\x00\x00\x1en" + // 0x00540331: 0x00001E6E
-	"\x00t\x031\x00\x00\x1eo" + // 0x00740331: 0x00001E6F
-	"\x00T\x03-\x00\x00\x1ep" + // 0x0054032D: 0x00001E70
-	"\x00t\x03-\x00\x00\x1eq" + // 0x0074032D: 0x00001E71
-	"\x00U\x03$\x00\x00\x1er" + // 0x00550324: 0x00001E72
-	"\x00u\x03$\x00\x00\x1es" + // 0x00750324: 0x00001E73
-	"\x00U\x030\x00\x00\x1et" + // 0x00550330: 0x00001E74
-	"\x00u\x030\x00\x00\x1eu" + // 0x00750330: 0x00001E75
-	"\x00U\x03-\x00\x00\x1ev" + // 0x0055032D: 0x00001E76
-	"\x00u\x03-\x00\x00\x1ew" + // 0x0075032D: 0x00001E77
-	"\x01h\x03\x01\x00\x00\x1ex" + // 0x01680301: 0x00001E78
-	"\x01i\x03\x01\x00\x00\x1ey" + // 0x01690301: 0x00001E79
-	"\x01j\x03\b\x00\x00\x1ez" + // 0x016A0308: 0x00001E7A
-	"\x01k\x03\b\x00\x00\x1e{" + // 0x016B0308: 0x00001E7B
-	"\x00V\x03\x03\x00\x00\x1e|" + // 0x00560303: 0x00001E7C
-	"\x00v\x03\x03\x00\x00\x1e}" + // 0x00760303: 0x00001E7D
-	"\x00V\x03#\x00\x00\x1e~" + // 0x00560323: 0x00001E7E
-	"\x00v\x03#\x00\x00\x1e\u007f" + // 0x00760323: 0x00001E7F
-	"\x00W\x03\x00\x00\x00\x1e\x80" + // 0x00570300: 0x00001E80
-	"\x00w\x03\x00\x00\x00\x1e\x81" + // 0x00770300: 0x00001E81
-	"\x00W\x03\x01\x00\x00\x1e\x82" + // 0x00570301: 0x00001E82
-	"\x00w\x03\x01\x00\x00\x1e\x83" + // 0x00770301: 0x00001E83
-	"\x00W\x03\b\x00\x00\x1e\x84" + // 0x00570308: 0x00001E84
-	"\x00w\x03\b\x00\x00\x1e\x85" + // 0x00770308: 0x00001E85
-	"\x00W\x03\a\x00\x00\x1e\x86" + // 0x00570307: 0x00001E86
-	"\x00w\x03\a\x00\x00\x1e\x87" + // 0x00770307: 0x00001E87
-	"\x00W\x03#\x00\x00\x1e\x88" + // 0x00570323: 0x00001E88
-	"\x00w\x03#\x00\x00\x1e\x89" + // 0x00770323: 0x00001E89
-	"\x00X\x03\a\x00\x00\x1e\x8a" + // 0x00580307: 0x00001E8A
-	"\x00x\x03\a\x00\x00\x1e\x8b" + // 0x00780307: 0x00001E8B
-	"\x00X\x03\b\x00\x00\x1e\x8c" + // 0x00580308: 0x00001E8C
-	"\x00x\x03\b\x00\x00\x1e\x8d" + // 0x00780308: 0x00001E8D
-	"\x00Y\x03\a\x00\x00\x1e\x8e" + // 0x00590307: 0x00001E8E
-	"\x00y\x03\a\x00\x00\x1e\x8f" + // 0x00790307: 0x00001E8F
-	"\x00Z\x03\x02\x00\x00\x1e\x90" + // 0x005A0302: 0x00001E90
-	"\x00z\x03\x02\x00\x00\x1e\x91" + // 0x007A0302: 0x00001E91
-	"\x00Z\x03#\x00\x00\x1e\x92" + // 0x005A0323: 0x00001E92
-	"\x00z\x03#\x00\x00\x1e\x93" + // 0x007A0323: 0x00001E93
-	"\x00Z\x031\x00\x00\x1e\x94" + // 0x005A0331: 0x00001E94
-	"\x00z\x031\x00\x00\x1e\x95" + // 0x007A0331: 0x00001E95
-	"\x00h\x031\x00\x00\x1e\x96" + // 0x00680331: 0x00001E96
-	"\x00t\x03\b\x00\x00\x1e\x97" + // 0x00740308: 0x00001E97
-	"\x00w\x03\n\x00\x00\x1e\x98" + // 0x0077030A: 0x00001E98
-	"\x00y\x03\n\x00\x00\x1e\x99" + // 0x0079030A: 0x00001E99
-	"\x01\u007f\x03\a\x00\x00\x1e\x9b" + // 0x017F0307: 0x00001E9B
-	"\x00A\x03#\x00\x00\x1e\xa0" + // 0x00410323: 0x00001EA0
-	"\x00a\x03#\x00\x00\x1e\xa1" + // 0x00610323: 0x00001EA1
-	"\x00A\x03\t\x00\x00\x1e\xa2" + // 0x00410309: 0x00001EA2
-	"\x00a\x03\t\x00\x00\x1e\xa3" + // 0x00610309: 0x00001EA3
-	"\x00\xc2\x03\x01\x00\x00\x1e\xa4" + // 0x00C20301: 0x00001EA4
-	"\x00\xe2\x03\x01\x00\x00\x1e\xa5" + // 0x00E20301: 0x00001EA5
-	"\x00\xc2\x03\x00\x00\x00\x1e\xa6" + // 0x00C20300: 0x00001EA6
-	"\x00\xe2\x03\x00\x00\x00\x1e\xa7" + // 0x00E20300: 0x00001EA7
-	"\x00\xc2\x03\t\x00\x00\x1e\xa8" + // 0x00C20309: 0x00001EA8
-	"\x00\xe2\x03\t\x00\x00\x1e\xa9" + // 0x00E20309: 0x00001EA9
-	"\x00\xc2\x03\x03\x00\x00\x1e\xaa" + // 0x00C20303: 0x00001EAA
-	"\x00\xe2\x03\x03\x00\x00\x1e\xab" + // 0x00E20303: 0x00001EAB
-	"\x1e\xa0\x03\x02\x00\x00\x1e\xac" + // 0x1EA00302: 0x00001EAC
-	"\x1e\xa1\x03\x02\x00\x00\x1e\xad" + // 0x1EA10302: 0x00001EAD
-	"\x01\x02\x03\x01\x00\x00\x1e\xae" + // 0x01020301: 0x00001EAE
-	"\x01\x03\x03\x01\x00\x00\x1e\xaf" + // 0x01030301: 0x00001EAF
-	"\x01\x02\x03\x00\x00\x00\x1e\xb0" + // 0x01020300: 0x00001EB0
-	"\x01\x03\x03\x00\x00\x00\x1e\xb1" + // 0x01030300: 0x00001EB1
-	"\x01\x02\x03\t\x00\x00\x1e\xb2" + // 0x01020309: 0x00001EB2
-	"\x01\x03\x03\t\x00\x00\x1e\xb3" + // 0x01030309: 0x00001EB3
-	"\x01\x02\x03\x03\x00\x00\x1e\xb4" + // 0x01020303: 0x00001EB4
-	"\x01\x03\x03\x03\x00\x00\x1e\xb5" + // 0x01030303: 0x00001EB5
-	"\x1e\xa0\x03\x06\x00\x00\x1e\xb6" + // 0x1EA00306: 0x00001EB6
-	"\x1e\xa1\x03\x06\x00\x00\x1e\xb7" + // 0x1EA10306: 0x00001EB7
-	"\x00E\x03#\x00\x00\x1e\xb8" + // 0x00450323: 0x00001EB8
-	"\x00e\x03#\x00\x00\x1e\xb9" + // 0x00650323: 0x00001EB9
-	"\x00E\x03\t\x00\x00\x1e\xba" + // 0x00450309: 0x00001EBA
-	"\x00e\x03\t\x00\x00\x1e\xbb" + // 0x00650309: 0x00001EBB
-	"\x00E\x03\x03\x00\x00\x1e\xbc" + // 0x00450303: 0x00001EBC
-	"\x00e\x03\x03\x00\x00\x1e\xbd" + // 0x00650303: 0x00001EBD
-	"\x00\xca\x03\x01\x00\x00\x1e\xbe" + // 0x00CA0301: 0x00001EBE
-	"\x00\xea\x03\x01\x00\x00\x1e\xbf" + // 0x00EA0301: 0x00001EBF
-	"\x00\xca\x03\x00\x00\x00\x1e\xc0" + // 0x00CA0300: 0x00001EC0
-	"\x00\xea\x03\x00\x00\x00\x1e\xc1" + // 0x00EA0300: 0x00001EC1
-	"\x00\xca\x03\t\x00\x00\x1e\xc2" + // 0x00CA0309: 0x00001EC2
-	"\x00\xea\x03\t\x00\x00\x1e\xc3" + // 0x00EA0309: 0x00001EC3
-	"\x00\xca\x03\x03\x00\x00\x1e\xc4" + // 0x00CA0303: 0x00001EC4
-	"\x00\xea\x03\x03\x00\x00\x1e\xc5" + // 0x00EA0303: 0x00001EC5
-	"\x1e\xb8\x03\x02\x00\x00\x1e\xc6" + // 0x1EB80302: 0x00001EC6
-	"\x1e\xb9\x03\x02\x00\x00\x1e\xc7" + // 0x1EB90302: 0x00001EC7
-	"\x00I\x03\t\x00\x00\x1e\xc8" + // 0x00490309: 0x00001EC8
-	"\x00i\x03\t\x00\x00\x1e\xc9" + // 0x00690309: 0x00001EC9
-	"\x00I\x03#\x00\x00\x1e\xca" + // 0x00490323: 0x00001ECA
-	"\x00i\x03#\x00\x00\x1e\xcb" + // 0x00690323: 0x00001ECB
-	"\x00O\x03#\x00\x00\x1e\xcc" + // 0x004F0323: 0x00001ECC
-	"\x00o\x03#\x00\x00\x1e\xcd" + // 0x006F0323: 0x00001ECD
-	"\x00O\x03\t\x00\x00\x1e\xce" + // 0x004F0309: 0x00001ECE
-	"\x00o\x03\t\x00\x00\x1e\xcf" + // 0x006F0309: 0x00001ECF
-	"\x00\xd4\x03\x01\x00\x00\x1e\xd0" + // 0x00D40301: 0x00001ED0
-	"\x00\xf4\x03\x01\x00\x00\x1e\xd1" + // 0x00F40301: 0x00001ED1
-	"\x00\xd4\x03\x00\x00\x00\x1e\xd2" + // 0x00D40300: 0x00001ED2
-	"\x00\xf4\x03\x00\x00\x00\x1e\xd3" + // 0x00F40300: 0x00001ED3
-	"\x00\xd4\x03\t\x00\x00\x1e\xd4" + // 0x00D40309: 0x00001ED4
-	"\x00\xf4\x03\t\x00\x00\x1e\xd5" + // 0x00F40309: 0x00001ED5
-	"\x00\xd4\x03\x03\x00\x00\x1e\xd6" + // 0x00D40303: 0x00001ED6
-	"\x00\xf4\x03\x03\x00\x00\x1e\xd7" + // 0x00F40303: 0x00001ED7
-	"\x1e\xcc\x03\x02\x00\x00\x1e\xd8" + // 0x1ECC0302: 0x00001ED8
-	"\x1e\xcd\x03\x02\x00\x00\x1e\xd9" + // 0x1ECD0302: 0x00001ED9
-	"\x01\xa0\x03\x01\x00\x00\x1e\xda" + // 0x01A00301: 0x00001EDA
-	"\x01\xa1\x03\x01\x00\x00\x1e\xdb" + // 0x01A10301: 0x00001EDB
-	"\x01\xa0\x03\x00\x00\x00\x1e\xdc" + // 0x01A00300: 0x00001EDC
-	"\x01\xa1\x03\x00\x00\x00\x1e\xdd" + // 0x01A10300: 0x00001EDD
-	"\x01\xa0\x03\t\x00\x00\x1e\xde" + // 0x01A00309: 0x00001EDE
-	"\x01\xa1\x03\t\x00\x00\x1e\xdf" + // 0x01A10309: 0x00001EDF
-	"\x01\xa0\x03\x03\x00\x00\x1e\xe0" + // 0x01A00303: 0x00001EE0
-	"\x01\xa1\x03\x03\x00\x00\x1e\xe1" + // 0x01A10303: 0x00001EE1
-	"\x01\xa0\x03#\x00\x00\x1e\xe2" + // 0x01A00323: 0x00001EE2
-	"\x01\xa1\x03#\x00\x00\x1e\xe3" + // 0x01A10323: 0x00001EE3
-	"\x00U\x03#\x00\x00\x1e\xe4" + // 0x00550323: 0x00001EE4
-	"\x00u\x03#\x00\x00\x1e\xe5" + // 0x00750323: 0x00001EE5
-	"\x00U\x03\t\x00\x00\x1e\xe6" + // 0x00550309: 0x00001EE6
-	"\x00u\x03\t\x00\x00\x1e\xe7" + // 0x00750309: 0x00001EE7
-	"\x01\xaf\x03\x01\x00\x00\x1e\xe8" + // 0x01AF0301: 0x00001EE8
-	"\x01\xb0\x03\x01\x00\x00\x1e\xe9" + // 0x01B00301: 0x00001EE9
-	"\x01\xaf\x03\x00\x00\x00\x1e\xea" + // 0x01AF0300: 0x00001EEA
-	"\x01\xb0\x03\x00\x00\x00\x1e\xeb" + // 0x01B00300: 0x00001EEB
-	"\x01\xaf\x03\t\x00\x00\x1e\xec" + // 0x01AF0309: 0x00001EEC
-	"\x01\xb0\x03\t\x00\x00\x1e\xed" + // 0x01B00309: 0x00001EED
-	"\x01\xaf\x03\x03\x00\x00\x1e\xee" + // 0x01AF0303: 0x00001EEE
-	"\x01\xb0\x03\x03\x00\x00\x1e\xef" + // 0x01B00303: 0x00001EEF
-	"\x01\xaf\x03#\x00\x00\x1e\xf0" + // 0x01AF0323: 0x00001EF0
-	"\x01\xb0\x03#\x00\x00\x1e\xf1" + // 0x01B00323: 0x00001EF1
-	"\x00Y\x03\x00\x00\x00\x1e\xf2" + // 0x00590300: 0x00001EF2
-	"\x00y\x03\x00\x00\x00\x1e\xf3" + // 0x00790300: 0x00001EF3
-	"\x00Y\x03#\x00\x00\x1e\xf4" + // 0x00590323: 0x00001EF4
-	"\x00y\x03#\x00\x00\x1e\xf5" + // 0x00790323: 0x00001EF5
-	"\x00Y\x03\t\x00\x00\x1e\xf6" + // 0x00590309: 0x00001EF6
-	"\x00y\x03\t\x00\x00\x1e\xf7" + // 0x00790309: 0x00001EF7
-	"\x00Y\x03\x03\x00\x00\x1e\xf8" + // 0x00590303: 0x00001EF8
-	"\x00y\x03\x03\x00\x00\x1e\xf9" + // 0x00790303: 0x00001EF9
-	"\x03\xb1\x03\x13\x00\x00\x1f\x00" + // 0x03B10313: 0x00001F00
-	"\x03\xb1\x03\x14\x00\x00\x1f\x01" + // 0x03B10314: 0x00001F01
-	"\x1f\x00\x03\x00\x00\x00\x1f\x02" + // 0x1F000300: 0x00001F02
-	"\x1f\x01\x03\x00\x00\x00\x1f\x03" + // 0x1F010300: 0x00001F03
-	"\x1f\x00\x03\x01\x00\x00\x1f\x04" + // 0x1F000301: 0x00001F04
-	"\x1f\x01\x03\x01\x00\x00\x1f\x05" + // 0x1F010301: 0x00001F05
-	"\x1f\x00\x03B\x00\x00\x1f\x06" + // 0x1F000342: 0x00001F06
-	"\x1f\x01\x03B\x00\x00\x1f\a" + // 0x1F010342: 0x00001F07
-	"\x03\x91\x03\x13\x00\x00\x1f\b" + // 0x03910313: 0x00001F08
-	"\x03\x91\x03\x14\x00\x00\x1f\t" + // 0x03910314: 0x00001F09
-	"\x1f\b\x03\x00\x00\x00\x1f\n" + // 0x1F080300: 0x00001F0A
-	"\x1f\t\x03\x00\x00\x00\x1f\v" + // 0x1F090300: 0x00001F0B
-	"\x1f\b\x03\x01\x00\x00\x1f\f" + // 0x1F080301: 0x00001F0C
-	"\x1f\t\x03\x01\x00\x00\x1f\r" + // 0x1F090301: 0x00001F0D
-	"\x1f\b\x03B\x00\x00\x1f\x0e" + // 0x1F080342: 0x00001F0E
-	"\x1f\t\x03B\x00\x00\x1f\x0f" + // 0x1F090342: 0x00001F0F
-	"\x03\xb5\x03\x13\x00\x00\x1f\x10" + // 0x03B50313: 0x00001F10
-	"\x03\xb5\x03\x14\x00\x00\x1f\x11" + // 0x03B50314: 0x00001F11
-	"\x1f\x10\x03\x00\x00\x00\x1f\x12" + // 0x1F100300: 0x00001F12
-	"\x1f\x11\x03\x00\x00\x00\x1f\x13" + // 0x1F110300: 0x00001F13
-	"\x1f\x10\x03\x01\x00\x00\x1f\x14" + // 0x1F100301: 0x00001F14
-	"\x1f\x11\x03\x01\x00\x00\x1f\x15" + // 0x1F110301: 0x00001F15
-	"\x03\x95\x03\x13\x00\x00\x1f\x18" + // 0x03950313: 0x00001F18
-	"\x03\x95\x03\x14\x00\x00\x1f\x19" + // 0x03950314: 0x00001F19
-	"\x1f\x18\x03\x00\x00\x00\x1f\x1a" + // 0x1F180300: 0x00001F1A
-	"\x1f\x19\x03\x00\x00\x00\x1f\x1b" + // 0x1F190300: 0x00001F1B
-	"\x1f\x18\x03\x01\x00\x00\x1f\x1c" + // 0x1F180301: 0x00001F1C
-	"\x1f\x19\x03\x01\x00\x00\x1f\x1d" + // 0x1F190301: 0x00001F1D
-	"\x03\xb7\x03\x13\x00\x00\x1f " + // 0x03B70313: 0x00001F20
-	"\x03\xb7\x03\x14\x00\x00\x1f!" + // 0x03B70314: 0x00001F21
-	"\x1f \x03\x00\x00\x00\x1f\"" + // 0x1F200300: 0x00001F22
-	"\x1f!\x03\x00\x00\x00\x1f#" + // 0x1F210300: 0x00001F23
-	"\x1f \x03\x01\x00\x00\x1f$" + // 0x1F200301: 0x00001F24
-	"\x1f!\x03\x01\x00\x00\x1f%" + // 0x1F210301: 0x00001F25
-	"\x1f \x03B\x00\x00\x1f&" + // 0x1F200342: 0x00001F26
-	"\x1f!\x03B\x00\x00\x1f'" + // 0x1F210342: 0x00001F27
-	"\x03\x97\x03\x13\x00\x00\x1f(" + // 0x03970313: 0x00001F28
-	"\x03\x97\x03\x14\x00\x00\x1f)" + // 0x03970314: 0x00001F29
-	"\x1f(\x03\x00\x00\x00\x1f*" + // 0x1F280300: 0x00001F2A
-	"\x1f)\x03\x00\x00\x00\x1f+" + // 0x1F290300: 0x00001F2B
-	"\x1f(\x03\x01\x00\x00\x1f," + // 0x1F280301: 0x00001F2C
-	"\x1f)\x03\x01\x00\x00\x1f-" + // 0x1F290301: 0x00001F2D
-	"\x1f(\x03B\x00\x00\x1f." + // 0x1F280342: 0x00001F2E
-	"\x1f)\x03B\x00\x00\x1f/" + // 0x1F290342: 0x00001F2F
-	"\x03\xb9\x03\x13\x00\x00\x1f0" + // 0x03B90313: 0x00001F30
-	"\x03\xb9\x03\x14\x00\x00\x1f1" + // 0x03B90314: 0x00001F31
-	"\x1f0\x03\x00\x00\x00\x1f2" + // 0x1F300300: 0x00001F32
-	"\x1f1\x03\x00\x00\x00\x1f3" + // 0x1F310300: 0x00001F33
-	"\x1f0\x03\x01\x00\x00\x1f4" + // 0x1F300301: 0x00001F34
-	"\x1f1\x03\x01\x00\x00\x1f5" + // 0x1F310301: 0x00001F35
-	"\x1f0\x03B\x00\x00\x1f6" + // 0x1F300342: 0x00001F36
-	"\x1f1\x03B\x00\x00\x1f7" + // 0x1F310342: 0x00001F37
-	"\x03\x99\x03\x13\x00\x00\x1f8" + // 0x03990313: 0x00001F38
-	"\x03\x99\x03\x14\x00\x00\x1f9" + // 0x03990314: 0x00001F39
-	"\x1f8\x03\x00\x00\x00\x1f:" + // 0x1F380300: 0x00001F3A
-	"\x1f9\x03\x00\x00\x00\x1f;" + // 0x1F390300: 0x00001F3B
-	"\x1f8\x03\x01\x00\x00\x1f<" + // 0x1F380301: 0x00001F3C
-	"\x1f9\x03\x01\x00\x00\x1f=" + // 0x1F390301: 0x00001F3D
-	"\x1f8\x03B\x00\x00\x1f>" + // 0x1F380342: 0x00001F3E
-	"\x1f9\x03B\x00\x00\x1f?" + // 0x1F390342: 0x00001F3F
-	"\x03\xbf\x03\x13\x00\x00\x1f@" + // 0x03BF0313: 0x00001F40
-	"\x03\xbf\x03\x14\x00\x00\x1fA" + // 0x03BF0314: 0x00001F41
-	"\x1f@\x03\x00\x00\x00\x1fB" + // 0x1F400300: 0x00001F42
-	"\x1fA\x03\x00\x00\x00\x1fC" + // 0x1F410300: 0x00001F43
-	"\x1f@\x03\x01\x00\x00\x1fD" + // 0x1F400301: 0x00001F44
-	"\x1fA\x03\x01\x00\x00\x1fE" + // 0x1F410301: 0x00001F45
-	"\x03\x9f\x03\x13\x00\x00\x1fH" + // 0x039F0313: 0x00001F48
-	"\x03\x9f\x03\x14\x00\x00\x1fI" + // 0x039F0314: 0x00001F49
-	"\x1fH\x03\x00\x00\x00\x1fJ" + // 0x1F480300: 0x00001F4A
-	"\x1fI\x03\x00\x00\x00\x1fK" + // 0x1F490300: 0x00001F4B
-	"\x1fH\x03\x01\x00\x00\x1fL" + // 0x1F480301: 0x00001F4C
-	"\x1fI\x03\x01\x00\x00\x1fM" + // 0x1F490301: 0x00001F4D
-	"\x03\xc5\x03\x13\x00\x00\x1fP" + // 0x03C50313: 0x00001F50
-	"\x03\xc5\x03\x14\x00\x00\x1fQ" + // 0x03C50314: 0x00001F51
-	"\x1fP\x03\x00\x00\x00\x1fR" + // 0x1F500300: 0x00001F52
-	"\x1fQ\x03\x00\x00\x00\x1fS" + // 0x1F510300: 0x00001F53
-	"\x1fP\x03\x01\x00\x00\x1fT" + // 0x1F500301: 0x00001F54
-	"\x1fQ\x03\x01\x00\x00\x1fU" + // 0x1F510301: 0x00001F55
-	"\x1fP\x03B\x00\x00\x1fV" + // 0x1F500342: 0x00001F56
-	"\x1fQ\x03B\x00\x00\x1fW" + // 0x1F510342: 0x00001F57
-	"\x03\xa5\x03\x14\x00\x00\x1fY" + // 0x03A50314: 0x00001F59
-	"\x1fY\x03\x00\x00\x00\x1f[" + // 0x1F590300: 0x00001F5B
-	"\x1fY\x03\x01\x00\x00\x1f]" + // 0x1F590301: 0x00001F5D
-	"\x1fY\x03B\x00\x00\x1f_" + // 0x1F590342: 0x00001F5F
-	"\x03\xc9\x03\x13\x00\x00\x1f`" + // 0x03C90313: 0x00001F60
-	"\x03\xc9\x03\x14\x00\x00\x1fa" + // 0x03C90314: 0x00001F61
-	"\x1f`\x03\x00\x00\x00\x1fb" + // 0x1F600300: 0x00001F62
-	"\x1fa\x03\x00\x00\x00\x1fc" + // 0x1F610300: 0x00001F63
-	"\x1f`\x03\x01\x00\x00\x1fd" + // 0x1F600301: 0x00001F64
-	"\x1fa\x03\x01\x00\x00\x1fe" + // 0x1F610301: 0x00001F65
-	"\x1f`\x03B\x00\x00\x1ff" + // 0x1F600342: 0x00001F66
-	"\x1fa\x03B\x00\x00\x1fg" + // 0x1F610342: 0x00001F67
-	"\x03\xa9\x03\x13\x00\x00\x1fh" + // 0x03A90313: 0x00001F68
-	"\x03\xa9\x03\x14\x00\x00\x1fi" + // 0x03A90314: 0x00001F69
-	"\x1fh\x03\x00\x00\x00\x1fj" + // 0x1F680300: 0x00001F6A
-	"\x1fi\x03\x00\x00\x00\x1fk" + // 0x1F690300: 0x00001F6B
-	"\x1fh\x03\x01\x00\x00\x1fl" + // 0x1F680301: 0x00001F6C
-	"\x1fi\x03\x01\x00\x00\x1fm" + // 0x1F690301: 0x00001F6D
-	"\x1fh\x03B\x00\x00\x1fn" + // 0x1F680342: 0x00001F6E
-	"\x1fi\x03B\x00\x00\x1fo" + // 0x1F690342: 0x00001F6F
-	"\x03\xb1\x03\x00\x00\x00\x1fp" + // 0x03B10300: 0x00001F70
-	"\x03\xb5\x03\x00\x00\x00\x1fr" + // 0x03B50300: 0x00001F72
-	"\x03\xb7\x03\x00\x00\x00\x1ft" + // 0x03B70300: 0x00001F74
-	"\x03\xb9\x03\x00\x00\x00\x1fv" + // 0x03B90300: 0x00001F76
-	"\x03\xbf\x03\x00\x00\x00\x1fx" + // 0x03BF0300: 0x00001F78
-	"\x03\xc5\x03\x00\x00\x00\x1fz" + // 0x03C50300: 0x00001F7A
-	"\x03\xc9\x03\x00\x00\x00\x1f|" + // 0x03C90300: 0x00001F7C
-	"\x1f\x00\x03E\x00\x00\x1f\x80" + // 0x1F000345: 0x00001F80
-	"\x1f\x01\x03E\x00\x00\x1f\x81" + // 0x1F010345: 0x00001F81
-	"\x1f\x02\x03E\x00\x00\x1f\x82" + // 0x1F020345: 0x00001F82
-	"\x1f\x03\x03E\x00\x00\x1f\x83" + // 0x1F030345: 0x00001F83
-	"\x1f\x04\x03E\x00\x00\x1f\x84" + // 0x1F040345: 0x00001F84
-	"\x1f\x05\x03E\x00\x00\x1f\x85" + // 0x1F050345: 0x00001F85
-	"\x1f\x06\x03E\x00\x00\x1f\x86" + // 0x1F060345: 0x00001F86
-	"\x1f\a\x03E\x00\x00\x1f\x87" + // 0x1F070345: 0x00001F87
-	"\x1f\b\x03E\x00\x00\x1f\x88" + // 0x1F080345: 0x00001F88
-	"\x1f\t\x03E\x00\x00\x1f\x89" + // 0x1F090345: 0x00001F89
-	"\x1f\n\x03E\x00\x00\x1f\x8a" + // 0x1F0A0345: 0x00001F8A
-	"\x1f\v\x03E\x00\x00\x1f\x8b" + // 0x1F0B0345: 0x00001F8B
-	"\x1f\f\x03E\x00\x00\x1f\x8c" + // 0x1F0C0345: 0x00001F8C
-	"\x1f\r\x03E\x00\x00\x1f\x8d" + // 0x1F0D0345: 0x00001F8D
-	"\x1f\x0e\x03E\x00\x00\x1f\x8e" + // 0x1F0E0345: 0x00001F8E
-	"\x1f\x0f\x03E\x00\x00\x1f\x8f" + // 0x1F0F0345: 0x00001F8F
-	"\x1f \x03E\x00\x00\x1f\x90" + // 0x1F200345: 0x00001F90
-	"\x1f!\x03E\x00\x00\x1f\x91" + // 0x1F210345: 0x00001F91
-	"\x1f\"\x03E\x00\x00\x1f\x92" + // 0x1F220345: 0x00001F92
-	"\x1f#\x03E\x00\x00\x1f\x93" + // 0x1F230345: 0x00001F93
-	"\x1f$\x03E\x00\x00\x1f\x94" + // 0x1F240345: 0x00001F94
-	"\x1f%\x03E\x00\x00\x1f\x95" + // 0x1F250345: 0x00001F95
-	"\x1f&\x03E\x00\x00\x1f\x96" + // 0x1F260345: 0x00001F96
-	"\x1f'\x03E\x00\x00\x1f\x97" + // 0x1F270345: 0x00001F97
-	"\x1f(\x03E\x00\x00\x1f\x98" + // 0x1F280345: 0x00001F98
-	"\x1f)\x03E\x00\x00\x1f\x99" + // 0x1F290345: 0x00001F99
-	"\x1f*\x03E\x00\x00\x1f\x9a" + // 0x1F2A0345: 0x00001F9A
-	"\x1f+\x03E\x00\x00\x1f\x9b" + // 0x1F2B0345: 0x00001F9B
-	"\x1f,\x03E\x00\x00\x1f\x9c" + // 0x1F2C0345: 0x00001F9C
-	"\x1f-\x03E\x00\x00\x1f\x9d" + // 0x1F2D0345: 0x00001F9D
-	"\x1f.\x03E\x00\x00\x1f\x9e" + // 0x1F2E0345: 0x00001F9E
-	"\x1f/\x03E\x00\x00\x1f\x9f" + // 0x1F2F0345: 0x00001F9F
-	"\x1f`\x03E\x00\x00\x1f\xa0" + // 0x1F600345: 0x00001FA0
-	"\x1fa\x03E\x00\x00\x1f\xa1" + // 0x1F610345: 0x00001FA1
-	"\x1fb\x03E\x00\x00\x1f\xa2" + // 0x1F620345: 0x00001FA2
-	"\x1fc\x03E\x00\x00\x1f\xa3" + // 0x1F630345: 0x00001FA3
-	"\x1fd\x03E\x00\x00\x1f\xa4" + // 0x1F640345: 0x00001FA4
-	"\x1fe\x03E\x00\x00\x1f\xa5" + // 0x1F650345: 0x00001FA5
-	"\x1ff\x03E\x00\x00\x1f\xa6" + // 0x1F660345: 0x00001FA6
-	"\x1fg\x03E\x00\x00\x1f\xa7" + // 0x1F670345: 0x00001FA7
-	"\x1fh\x03E\x00\x00\x1f\xa8" + // 0x1F680345: 0x00001FA8
-	"\x1fi\x03E\x00\x00\x1f\xa9" + // 0x1F690345: 0x00001FA9
-	"\x1fj\x03E\x00\x00\x1f\xaa" + // 0x1F6A0345: 0x00001FAA
-	"\x1fk\x03E\x00\x00\x1f\xab" + // 0x1F6B0345: 0x00001FAB
-	"\x1fl\x03E\x00\x00\x1f\xac" + // 0x1F6C0345: 0x00001FAC
-	"\x1fm\x03E\x00\x00\x1f\xad" + // 0x1F6D0345: 0x00001FAD
-	"\x1fn\x03E\x00\x00\x1f\xae" + // 0x1F6E0345: 0x00001FAE
-	"\x1fo\x03E\x00\x00\x1f\xaf" + // 0x1F6F0345: 0x00001FAF
-	"\x03\xb1\x03\x06\x00\x00\x1f\xb0" + // 0x03B10306: 0x00001FB0
-	"\x03\xb1\x03\x04\x00\x00\x1f\xb1" + // 0x03B10304: 0x00001FB1
-	"\x1fp\x03E\x00\x00\x1f\xb2" + // 0x1F700345: 0x00001FB2
-	"\x03\xb1\x03E\x00\x00\x1f\xb3" + // 0x03B10345: 0x00001FB3
-	"\x03\xac\x03E\x00\x00\x1f\xb4" + // 0x03AC0345: 0x00001FB4
-	"\x03\xb1\x03B\x00\x00\x1f\xb6" + // 0x03B10342: 0x00001FB6
-	"\x1f\xb6\x03E\x00\x00\x1f\xb7" + // 0x1FB60345: 0x00001FB7
-	"\x03\x91\x03\x06\x00\x00\x1f\xb8" + // 0x03910306: 0x00001FB8
-	"\x03\x91\x03\x04\x00\x00\x1f\xb9" + // 0x03910304: 0x00001FB9
-	"\x03\x91\x03\x00\x00\x00\x1f\xba" + // 0x03910300: 0x00001FBA
-	"\x03\x91\x03E\x00\x00\x1f\xbc" + // 0x03910345: 0x00001FBC
-	"\x00\xa8\x03B\x00\x00\x1f\xc1" + // 0x00A80342: 0x00001FC1
-	"\x1ft\x03E\x00\x00\x1f\xc2" + // 0x1F740345: 0x00001FC2
-	"\x03\xb7\x03E\x00\x00\x1f\xc3" + // 0x03B70345: 0x00001FC3
-	"\x03\xae\x03E\x00\x00\x1f\xc4" + // 0x03AE0345: 0x00001FC4
-	"\x03\xb7\x03B\x00\x00\x1f\xc6" + // 0x03B70342: 0x00001FC6
-	"\x1f\xc6\x03E\x00\x00\x1f\xc7" + // 0x1FC60345: 0x00001FC7
-	"\x03\x95\x03\x00\x00\x00\x1f\xc8" + // 0x03950300: 0x00001FC8
-	"\x03\x97\x03\x00\x00\x00\x1f\xca" + // 0x03970300: 0x00001FCA
-	"\x03\x97\x03E\x00\x00\x1f\xcc" + // 0x03970345: 0x00001FCC
-	"\x1f\xbf\x03\x00\x00\x00\x1f\xcd" + // 0x1FBF0300: 0x00001FCD
-	"\x1f\xbf\x03\x01\x00\x00\x1f\xce" + // 0x1FBF0301: 0x00001FCE
-	"\x1f\xbf\x03B\x00\x00\x1f\xcf" + // 0x1FBF0342: 0x00001FCF
-	"\x03\xb9\x03\x06\x00\x00\x1f\xd0" + // 0x03B90306: 0x00001FD0
-	"\x03\xb9\x03\x04\x00\x00\x1f\xd1" + // 0x03B90304: 0x00001FD1
-	"\x03\xca\x03\x00\x00\x00\x1f\xd2" + // 0x03CA0300: 0x00001FD2
-	"\x03\xb9\x03B\x00\x00\x1f\xd6" + // 0x03B90342: 0x00001FD6
-	"\x03\xca\x03B\x00\x00\x1f\xd7" + // 0x03CA0342: 0x00001FD7
-	"\x03\x99\x03\x06\x00\x00\x1f\xd8" + // 0x03990306: 0x00001FD8
-	"\x03\x99\x03\x04\x00\x00\x1f\xd9" + // 0x03990304: 0x00001FD9
-	"\x03\x99\x03\x00\x00\x00\x1f\xda" + // 0x03990300: 0x00001FDA
-	"\x1f\xfe\x03\x00\x00\x00\x1f\xdd" + // 0x1FFE0300: 0x00001FDD
-	"\x1f\xfe\x03\x01\x00\x00\x1f\xde" + // 0x1FFE0301: 0x00001FDE
-	"\x1f\xfe\x03B\x00\x00\x1f\xdf" + // 0x1FFE0342: 0x00001FDF
-	"\x03\xc5\x03\x06\x00\x00\x1f\xe0" + // 0x03C50306: 0x00001FE0
-	"\x03\xc5\x03\x04\x00\x00\x1f\xe1" + // 0x03C50304: 0x00001FE1
-	"\x03\xcb\x03\x00\x00\x00\x1f\xe2" + // 0x03CB0300: 0x00001FE2
-	"\x03\xc1\x03\x13\x00\x00\x1f\xe4" + // 0x03C10313: 0x00001FE4
-	"\x03\xc1\x03\x14\x00\x00\x1f\xe5" + // 0x03C10314: 0x00001FE5
-	"\x03\xc5\x03B\x00\x00\x1f\xe6" + // 0x03C50342: 0x00001FE6
-	"\x03\xcb\x03B\x00\x00\x1f\xe7" + // 0x03CB0342: 0x00001FE7
-	"\x03\xa5\x03\x06\x00\x00\x1f\xe8" + // 0x03A50306: 0x00001FE8
-	"\x03\xa5\x03\x04\x00\x00\x1f\xe9" + // 0x03A50304: 0x00001FE9
-	"\x03\xa5\x03\x00\x00\x00\x1f\xea" + // 0x03A50300: 0x00001FEA
-	"\x03\xa1\x03\x14\x00\x00\x1f\xec" + // 0x03A10314: 0x00001FEC
-	"\x00\xa8\x03\x00\x00\x00\x1f\xed" + // 0x00A80300: 0x00001FED
-	"\x1f|\x03E\x00\x00\x1f\xf2" + // 0x1F7C0345: 0x00001FF2
-	"\x03\xc9\x03E\x00\x00\x1f\xf3" + // 0x03C90345: 0x00001FF3
-	"\x03\xce\x03E\x00\x00\x1f\xf4" + // 0x03CE0345: 0x00001FF4
-	"\x03\xc9\x03B\x00\x00\x1f\xf6" + // 0x03C90342: 0x00001FF6
-	"\x1f\xf6\x03E\x00\x00\x1f\xf7" + // 0x1FF60345: 0x00001FF7
-	"\x03\x9f\x03\x00\x00\x00\x1f\xf8" + // 0x039F0300: 0x00001FF8
-	"\x03\xa9\x03\x00\x00\x00\x1f\xfa" + // 0x03A90300: 0x00001FFA
-	"\x03\xa9\x03E\x00\x00\x1f\xfc" + // 0x03A90345: 0x00001FFC
-	"!\x90\x038\x00\x00!\x9a" + // 0x21900338: 0x0000219A
-	"!\x92\x038\x00\x00!\x9b" + // 0x21920338: 0x0000219B
-	"!\x94\x038\x00\x00!\xae" + // 0x21940338: 0x000021AE
-	"!\xd0\x038\x00\x00!\xcd" + // 0x21D00338: 0x000021CD
-	"!\xd4\x038\x00\x00!\xce" + // 0x21D40338: 0x000021CE
-	"!\xd2\x038\x00\x00!\xcf" + // 0x21D20338: 0x000021CF
-	"\"\x03\x038\x00\x00\"\x04" + // 0x22030338: 0x00002204
-	"\"\b\x038\x00\x00\"\t" + // 0x22080338: 0x00002209
-	"\"\v\x038\x00\x00\"\f" + // 0x220B0338: 0x0000220C
-	"\"#\x038\x00\x00\"$" + // 0x22230338: 0x00002224
-	"\"%\x038\x00\x00\"&" + // 0x22250338: 0x00002226
-	"\"<\x038\x00\x00\"A" + // 0x223C0338: 0x00002241
-	"\"C\x038\x00\x00\"D" + // 0x22430338: 0x00002244
-	"\"E\x038\x00\x00\"G" + // 0x22450338: 0x00002247
-	"\"H\x038\x00\x00\"I" + // 0x22480338: 0x00002249
-	"\x00=\x038\x00\x00\"`" + // 0x003D0338: 0x00002260
-	"\"a\x038\x00\x00\"b" + // 0x22610338: 0x00002262
-	"\"M\x038\x00\x00\"m" + // 0x224D0338: 0x0000226D
-	"\x00<\x038\x00\x00\"n" + // 0x003C0338: 0x0000226E
-	"\x00>\x038\x00\x00\"o" + // 0x003E0338: 0x0000226F
-	"\"d\x038\x00\x00\"p" + // 0x22640338: 0x00002270
-	"\"e\x038\x00\x00\"q" + // 0x22650338: 0x00002271
-	"\"r\x038\x00\x00\"t" + // 0x22720338: 0x00002274
-	"\"s\x038\x00\x00\"u" + // 0x22730338: 0x00002275
-	"\"v\x038\x00\x00\"x" + // 0x22760338: 0x00002278
-	"\"w\x038\x00\x00\"y" + // 0x22770338: 0x00002279
-	"\"z\x038\x00\x00\"\x80" + // 0x227A0338: 0x00002280
-	"\"{\x038\x00\x00\"\x81" + // 0x227B0338: 0x00002281
-	"\"\x82\x038\x00\x00\"\x84" + // 0x22820338: 0x00002284
-	"\"\x83\x038\x00\x00\"\x85" + // 0x22830338: 0x00002285
-	"\"\x86\x038\x00\x00\"\x88" + // 0x22860338: 0x00002288
-	"\"\x87\x038\x00\x00\"\x89" + // 0x22870338: 0x00002289
-	"\"\xa2\x038\x00\x00\"\xac" + // 0x22A20338: 0x000022AC
-	"\"\xa8\x038\x00\x00\"\xad" + // 0x22A80338: 0x000022AD
-	"\"\xa9\x038\x00\x00\"\xae" + // 0x22A90338: 0x000022AE
-	"\"\xab\x038\x00\x00\"\xaf" + // 0x22AB0338: 0x000022AF
-	"\"|\x038\x00\x00\"\xe0" + // 0x227C0338: 0x000022E0
-	"\"}\x038\x00\x00\"\xe1" + // 0x227D0338: 0x000022E1
-	"\"\x91\x038\x00\x00\"\xe2" + // 0x22910338: 0x000022E2
-	"\"\x92\x038\x00\x00\"\xe3" + // 0x22920338: 0x000022E3
-	"\"\xb2\x038\x00\x00\"\xea" + // 0x22B20338: 0x000022EA
-	"\"\xb3\x038\x00\x00\"\xeb" + // 0x22B30338: 0x000022EB
-	"\"\xb4\x038\x00\x00\"\xec" + // 0x22B40338: 0x000022EC
-	"\"\xb5\x038\x00\x00\"\xed" + // 0x22B50338: 0x000022ED
-	"0K0\x99\x00\x000L" + // 0x304B3099: 0x0000304C
-	"0M0\x99\x00\x000N" + // 0x304D3099: 0x0000304E
-	"0O0\x99\x00\x000P" + // 0x304F3099: 0x00003050
-	"0Q0\x99\x00\x000R" + // 0x30513099: 0x00003052
-	"0S0\x99\x00\x000T" + // 0x30533099: 0x00003054
-	"0U0\x99\x00\x000V" + // 0x30553099: 0x00003056
-	"0W0\x99\x00\x000X" + // 0x30573099: 0x00003058
-	"0Y0\x99\x00\x000Z" + // 0x30593099: 0x0000305A
-	"0[0\x99\x00\x000\\" + // 0x305B3099: 0x0000305C
-	"0]0\x99\x00\x000^" + // 0x305D3099: 0x0000305E
-	"0_0\x99\x00\x000`" + // 0x305F3099: 0x00003060
-	"0a0\x99\x00\x000b" + // 0x30613099: 0x00003062
-	"0d0\x99\x00\x000e" + // 0x30643099: 0x00003065
-	"0f0\x99\x00\x000g" + // 0x30663099: 0x00003067
-	"0h0\x99\x00\x000i" + // 0x30683099: 0x00003069
-	"0o0\x99\x00\x000p" + // 0x306F3099: 0x00003070
-	"0o0\x9a\x00\x000q" + // 0x306F309A: 0x00003071
-	"0r0\x99\x00\x000s" + // 0x30723099: 0x00003073
-	"0r0\x9a\x00\x000t" + // 0x3072309A: 0x00003074
-	"0u0\x99\x00\x000v" + // 0x30753099: 0x00003076
-	"0u0\x9a\x00\x000w" + // 0x3075309A: 0x00003077
-	"0x0\x99\x00\x000y" + // 0x30783099: 0x00003079
-	"0x0\x9a\x00\x000z" + // 0x3078309A: 0x0000307A
-	"0{0\x99\x00\x000|" + // 0x307B3099: 0x0000307C
-	"0{0\x9a\x00\x000}" + // 0x307B309A: 0x0000307D
-	"0F0\x99\x00\x000\x94" + // 0x30463099: 0x00003094
-	"0\x9d0\x99\x00\x000\x9e" + // 0x309D3099: 0x0000309E
-	"0\xab0\x99\x00\x000\xac" + // 0x30AB3099: 0x000030AC
-	"0\xad0\x99\x00\x000\xae" + // 0x30AD3099: 0x000030AE
-	"0\xaf0\x99\x00\x000\xb0" + // 0x30AF3099: 0x000030B0
-	"0\xb10\x99\x00\x000\xb2" + // 0x30B13099: 0x000030B2
-	"0\xb30\x99\x00\x000\xb4" + // 0x30B33099: 0x000030B4
-	"0\xb50\x99\x00\x000\xb6" + // 0x30B53099: 0x000030B6
-	"0\xb70\x99\x00\x000\xb8" + // 0x30B73099: 0x000030B8
-	"0\xb90\x99\x00\x000\xba" + // 0x30B93099: 0x000030BA
-	"0\xbb0\x99\x00\x000\xbc" + // 0x30BB3099: 0x000030BC
-	"0\xbd0\x99\x00\x000\xbe" + // 0x30BD3099: 0x000030BE
-	"0\xbf0\x99\x00\x000\xc0" + // 0x30BF3099: 0x000030C0
-	"0\xc10\x99\x00\x000\xc2" + // 0x30C13099: 0x000030C2
-	"0\xc40\x99\x00\x000\xc5" + // 0x30C43099: 0x000030C5
-	"0\xc60\x99\x00\x000\xc7" + // 0x30C63099: 0x000030C7
-	"0\xc80\x99\x00\x000\xc9" + // 0x30C83099: 0x000030C9
-	"0\xcf0\x99\x00\x000\xd0" + // 0x30CF3099: 0x000030D0
-	"0\xcf0\x9a\x00\x000\xd1" + // 0x30CF309A: 0x000030D1
-	"0\xd20\x99\x00\x000\xd3" + // 0x30D23099: 0x000030D3
-	"0\xd20\x9a\x00\x000\xd4" + // 0x30D2309A: 0x000030D4
-	"0\xd50\x99\x00\x000\xd6" + // 0x30D53099: 0x000030D6
-	"0\xd50\x9a\x00\x000\xd7" + // 0x30D5309A: 0x000030D7
-	"0\xd80\x99\x00\x000\xd9" + // 0x30D83099: 0x000030D9
-	"0\xd80\x9a\x00\x000\xda" + // 0x30D8309A: 0x000030DA
-	"0\xdb0\x99\x00\x000\xdc" + // 0x30DB3099: 0x000030DC
-	"0\xdb0\x9a\x00\x000\xdd" + // 0x30DB309A: 0x000030DD
-	"0\xa60\x99\x00\x000\xf4" + // 0x30A63099: 0x000030F4
-	"0\xef0\x99\x00\x000\xf7" + // 0x30EF3099: 0x000030F7
-	"0\xf00\x99\x00\x000\xf8" + // 0x30F03099: 0x000030F8
-	"0\xf10\x99\x00\x000\xf9" + // 0x30F13099: 0x000030F9
-	"0\xf20\x99\x00\x000\xfa" + // 0x30F23099: 0x000030FA
-	"0\xfd0\x99\x00\x000\xfe" + // 0x30FD3099: 0x000030FE
-	"\x10\x99\x10\xba\x00\x01\x10\x9a" + // 0x109910BA: 0x0001109A
-	"\x10\x9b\x10\xba\x00\x01\x10\x9c" + // 0x109B10BA: 0x0001109C
-	"\x10\xa5\x10\xba\x00\x01\x10\xab" + // 0x10A510BA: 0x000110AB
-	"\x111\x11'\x00\x01\x11." + // 0x11311127: 0x0001112E
-	"\x112\x11'\x00\x01\x11/" + // 0x11321127: 0x0001112F
-	"\x13G\x13>\x00\x01\x13K" + // 0x1347133E: 0x0001134B
-	"\x13G\x13W\x00\x01\x13L" + // 0x13471357: 0x0001134C
-	"\x14\xb9\x14\xba\x00\x01\x14\xbb" + // 0x14B914BA: 0x000114BB
-	"\x14\xb9\x14\xb0\x00\x01\x14\xbc" + // 0x14B914B0: 0x000114BC
-	"\x14\xb9\x14\xbd\x00\x01\x14\xbe" + // 0x14B914BD: 0x000114BE
-	"\x15\xb8\x15\xaf\x00\x01\x15\xba" + // 0x15B815AF: 0x000115BA
-	"\x15\xb9\x15\xaf\x00\x01\x15\xbb" + // 0x15B915AF: 0x000115BB
-	""
-	// Total size of tables: 53KB (54514 bytes)
diff --git a/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go
index 94290692..a01274a8 100644
--- a/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go
+++ b/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go
@@ -4,8 +4,6 @@
 
 package norm
 
-import "sync"
-
 const (
 	// Version is the Unicode edition from which the tables are derived.
 	Version = "9.0.0"
@@ -6689,949 +6687,947 @@ var nfkcSparseValues = [875]valueRange{
 }
 
 // recompMap: 7520 bytes (entries only)
-var recompMap map[uint32]rune
-var recompMapOnce sync.Once
+var recompMap = map[uint32]rune{
+	0x00410300: 0x00C0,
+	0x00410301: 0x00C1,
+	0x00410302: 0x00C2,
+	0x00410303: 0x00C3,
+	0x00410308: 0x00C4,
+	0x0041030A: 0x00C5,
+	0x00430327: 0x00C7,
+	0x00450300: 0x00C8,
+	0x00450301: 0x00C9,
+	0x00450302: 0x00CA,
+	0x00450308: 0x00CB,
+	0x00490300: 0x00CC,
+	0x00490301: 0x00CD,
+	0x00490302: 0x00CE,
+	0x00490308: 0x00CF,
+	0x004E0303: 0x00D1,
+	0x004F0300: 0x00D2,
+	0x004F0301: 0x00D3,
+	0x004F0302: 0x00D4,
+	0x004F0303: 0x00D5,
+	0x004F0308: 0x00D6,
+	0x00550300: 0x00D9,
+	0x00550301: 0x00DA,
+	0x00550302: 0x00DB,
+	0x00550308: 0x00DC,
+	0x00590301: 0x00DD,
+	0x00610300: 0x00E0,
+	0x00610301: 0x00E1,
+	0x00610302: 0x00E2,
+	0x00610303: 0x00E3,
+	0x00610308: 0x00E4,
+	0x0061030A: 0x00E5,
+	0x00630327: 0x00E7,
+	0x00650300: 0x00E8,
+	0x00650301: 0x00E9,
+	0x00650302: 0x00EA,
+	0x00650308: 0x00EB,
+	0x00690300: 0x00EC,
+	0x00690301: 0x00ED,
+	0x00690302: 0x00EE,
+	0x00690308: 0x00EF,
+	0x006E0303: 0x00F1,
+	0x006F0300: 0x00F2,
+	0x006F0301: 0x00F3,
+	0x006F0302: 0x00F4,
+	0x006F0303: 0x00F5,
+	0x006F0308: 0x00F6,
+	0x00750300: 0x00F9,
+	0x00750301: 0x00FA,
+	0x00750302: 0x00FB,
+	0x00750308: 0x00FC,
+	0x00790301: 0x00FD,
+	0x00790308: 0x00FF,
+	0x00410304: 0x0100,
+	0x00610304: 0x0101,
+	0x00410306: 0x0102,
+	0x00610306: 0x0103,
+	0x00410328: 0x0104,
+	0x00610328: 0x0105,
+	0x00430301: 0x0106,
+	0x00630301: 0x0107,
+	0x00430302: 0x0108,
+	0x00630302: 0x0109,
+	0x00430307: 0x010A,
+	0x00630307: 0x010B,
+	0x0043030C: 0x010C,
+	0x0063030C: 0x010D,
+	0x0044030C: 0x010E,
+	0x0064030C: 0x010F,
+	0x00450304: 0x0112,
+	0x00650304: 0x0113,
+	0x00450306: 0x0114,
+	0x00650306: 0x0115,
+	0x00450307: 0x0116,
+	0x00650307: 0x0117,
+	0x00450328: 0x0118,
+	0x00650328: 0x0119,
+	0x0045030C: 0x011A,
+	0x0065030C: 0x011B,
+	0x00470302: 0x011C,
+	0x00670302: 0x011D,
+	0x00470306: 0x011E,
+	0x00670306: 0x011F,
+	0x00470307: 0x0120,
+	0x00670307: 0x0121,
+	0x00470327: 0x0122,
+	0x00670327: 0x0123,
+	0x00480302: 0x0124,
+	0x00680302: 0x0125,
+	0x00490303: 0x0128,
+	0x00690303: 0x0129,
+	0x00490304: 0x012A,
+	0x00690304: 0x012B,
+	0x00490306: 0x012C,
+	0x00690306: 0x012D,
+	0x00490328: 0x012E,
+	0x00690328: 0x012F,
+	0x00490307: 0x0130,
+	0x004A0302: 0x0134,
+	0x006A0302: 0x0135,
+	0x004B0327: 0x0136,
+	0x006B0327: 0x0137,
+	0x004C0301: 0x0139,
+	0x006C0301: 0x013A,
+	0x004C0327: 0x013B,
+	0x006C0327: 0x013C,
+	0x004C030C: 0x013D,
+	0x006C030C: 0x013E,
+	0x004E0301: 0x0143,
+	0x006E0301: 0x0144,
+	0x004E0327: 0x0145,
+	0x006E0327: 0x0146,
+	0x004E030C: 0x0147,
+	0x006E030C: 0x0148,
+	0x004F0304: 0x014C,
+	0x006F0304: 0x014D,
+	0x004F0306: 0x014E,
+	0x006F0306: 0x014F,
+	0x004F030B: 0x0150,
+	0x006F030B: 0x0151,
+	0x00520301: 0x0154,
+	0x00720301: 0x0155,
+	0x00520327: 0x0156,
+	0x00720327: 0x0157,
+	0x0052030C: 0x0158,
+	0x0072030C: 0x0159,
+	0x00530301: 0x015A,
+	0x00730301: 0x015B,
+	0x00530302: 0x015C,
+	0x00730302: 0x015D,
+	0x00530327: 0x015E,
+	0x00730327: 0x015F,
+	0x0053030C: 0x0160,
+	0x0073030C: 0x0161,
+	0x00540327: 0x0162,
+	0x00740327: 0x0163,
+	0x0054030C: 0x0164,
+	0x0074030C: 0x0165,
+	0x00550303: 0x0168,
+	0x00750303: 0x0169,
+	0x00550304: 0x016A,
+	0x00750304: 0x016B,
+	0x00550306: 0x016C,
+	0x00750306: 0x016D,
+	0x0055030A: 0x016E,
+	0x0075030A: 0x016F,
+	0x0055030B: 0x0170,
+	0x0075030B: 0x0171,
+	0x00550328: 0x0172,
+	0x00750328: 0x0173,
+	0x00570302: 0x0174,
+	0x00770302: 0x0175,
+	0x00590302: 0x0176,
+	0x00790302: 0x0177,
+	0x00590308: 0x0178,
+	0x005A0301: 0x0179,
+	0x007A0301: 0x017A,
+	0x005A0307: 0x017B,
+	0x007A0307: 0x017C,
+	0x005A030C: 0x017D,
+	0x007A030C: 0x017E,
+	0x004F031B: 0x01A0,
+	0x006F031B: 0x01A1,
+	0x0055031B: 0x01AF,
+	0x0075031B: 0x01B0,
+	0x0041030C: 0x01CD,
+	0x0061030C: 0x01CE,
+	0x0049030C: 0x01CF,
+	0x0069030C: 0x01D0,
+	0x004F030C: 0x01D1,
+	0x006F030C: 0x01D2,
+	0x0055030C: 0x01D3,
+	0x0075030C: 0x01D4,
+	0x00DC0304: 0x01D5,
+	0x00FC0304: 0x01D6,
+	0x00DC0301: 0x01D7,
+	0x00FC0301: 0x01D8,
+	0x00DC030C: 0x01D9,
+	0x00FC030C: 0x01DA,
+	0x00DC0300: 0x01DB,
+	0x00FC0300: 0x01DC,
+	0x00C40304: 0x01DE,
+	0x00E40304: 0x01DF,
+	0x02260304: 0x01E0,
+	0x02270304: 0x01E1,
+	0x00C60304: 0x01E2,
+	0x00E60304: 0x01E3,
+	0x0047030C: 0x01E6,
+	0x0067030C: 0x01E7,
+	0x004B030C: 0x01E8,
+	0x006B030C: 0x01E9,
+	0x004F0328: 0x01EA,
+	0x006F0328: 0x01EB,
+	0x01EA0304: 0x01EC,
+	0x01EB0304: 0x01ED,
+	0x01B7030C: 0x01EE,
+	0x0292030C: 0x01EF,
+	0x006A030C: 0x01F0,
+	0x00470301: 0x01F4,
+	0x00670301: 0x01F5,
+	0x004E0300: 0x01F8,
+	0x006E0300: 0x01F9,
+	0x00C50301: 0x01FA,
+	0x00E50301: 0x01FB,
+	0x00C60301: 0x01FC,
+	0x00E60301: 0x01FD,
+	0x00D80301: 0x01FE,
+	0x00F80301: 0x01FF,
+	0x0041030F: 0x0200,
+	0x0061030F: 0x0201,
+	0x00410311: 0x0202,
+	0x00610311: 0x0203,
+	0x0045030F: 0x0204,
+	0x0065030F: 0x0205,
+	0x00450311: 0x0206,
+	0x00650311: 0x0207,
+	0x0049030F: 0x0208,
+	0x0069030F: 0x0209,
+	0x00490311: 0x020A,
+	0x00690311: 0x020B,
+	0x004F030F: 0x020C,
+	0x006F030F: 0x020D,
+	0x004F0311: 0x020E,
+	0x006F0311: 0x020F,
+	0x0052030F: 0x0210,
+	0x0072030F: 0x0211,
+	0x00520311: 0x0212,
+	0x00720311: 0x0213,
+	0x0055030F: 0x0214,
+	0x0075030F: 0x0215,
+	0x00550311: 0x0216,
+	0x00750311: 0x0217,
+	0x00530326: 0x0218,
+	0x00730326: 0x0219,
+	0x00540326: 0x021A,
+	0x00740326: 0x021B,
+	0x0048030C: 0x021E,
+	0x0068030C: 0x021F,
+	0x00410307: 0x0226,
+	0x00610307: 0x0227,
+	0x00450327: 0x0228,
+	0x00650327: 0x0229,
+	0x00D60304: 0x022A,
+	0x00F60304: 0x022B,
+	0x00D50304: 0x022C,
+	0x00F50304: 0x022D,
+	0x004F0307: 0x022E,
+	0x006F0307: 0x022F,
+	0x022E0304: 0x0230,
+	0x022F0304: 0x0231,
+	0x00590304: 0x0232,
+	0x00790304: 0x0233,
+	0x00A80301: 0x0385,
+	0x03910301: 0x0386,
+	0x03950301: 0x0388,
+	0x03970301: 0x0389,
+	0x03990301: 0x038A,
+	0x039F0301: 0x038C,
+	0x03A50301: 0x038E,
+	0x03A90301: 0x038F,
+	0x03CA0301: 0x0390,
+	0x03990308: 0x03AA,
+	0x03A50308: 0x03AB,
+	0x03B10301: 0x03AC,
+	0x03B50301: 0x03AD,
+	0x03B70301: 0x03AE,
+	0x03B90301: 0x03AF,
+	0x03CB0301: 0x03B0,
+	0x03B90308: 0x03CA,
+	0x03C50308: 0x03CB,
+	0x03BF0301: 0x03CC,
+	0x03C50301: 0x03CD,
+	0x03C90301: 0x03CE,
+	0x03D20301: 0x03D3,
+	0x03D20308: 0x03D4,
+	0x04150300: 0x0400,
+	0x04150308: 0x0401,
+	0x04130301: 0x0403,
+	0x04060308: 0x0407,
+	0x041A0301: 0x040C,
+	0x04180300: 0x040D,
+	0x04230306: 0x040E,
+	0x04180306: 0x0419,
+	0x04380306: 0x0439,
+	0x04350300: 0x0450,
+	0x04350308: 0x0451,
+	0x04330301: 0x0453,
+	0x04560308: 0x0457,
+	0x043A0301: 0x045C,
+	0x04380300: 0x045D,
+	0x04430306: 0x045E,
+	0x0474030F: 0x0476,
+	0x0475030F: 0x0477,
+	0x04160306: 0x04C1,
+	0x04360306: 0x04C2,
+	0x04100306: 0x04D0,
+	0x04300306: 0x04D1,
+	0x04100308: 0x04D2,
+	0x04300308: 0x04D3,
+	0x04150306: 0x04D6,
+	0x04350306: 0x04D7,
+	0x04D80308: 0x04DA,
+	0x04D90308: 0x04DB,
+	0x04160308: 0x04DC,
+	0x04360308: 0x04DD,
+	0x04170308: 0x04DE,
+	0x04370308: 0x04DF,
+	0x04180304: 0x04E2,
+	0x04380304: 0x04E3,
+	0x04180308: 0x04E4,
+	0x04380308: 0x04E5,
+	0x041E0308: 0x04E6,
+	0x043E0308: 0x04E7,
+	0x04E80308: 0x04EA,
+	0x04E90308: 0x04EB,
+	0x042D0308: 0x04EC,
+	0x044D0308: 0x04ED,
+	0x04230304: 0x04EE,
+	0x04430304: 0x04EF,
+	0x04230308: 0x04F0,
+	0x04430308: 0x04F1,
+	0x0423030B: 0x04F2,
+	0x0443030B: 0x04F3,
+	0x04270308: 0x04F4,
+	0x04470308: 0x04F5,
+	0x042B0308: 0x04F8,
+	0x044B0308: 0x04F9,
+	0x06270653: 0x0622,
+	0x06270654: 0x0623,
+	0x06480654: 0x0624,
+	0x06270655: 0x0625,
+	0x064A0654: 0x0626,
+	0x06D50654: 0x06C0,
+	0x06C10654: 0x06C2,
+	0x06D20654: 0x06D3,
+	0x0928093C: 0x0929,
+	0x0930093C: 0x0931,
+	0x0933093C: 0x0934,
+	0x09C709BE: 0x09CB,
+	0x09C709D7: 0x09CC,
+	0x0B470B56: 0x0B48,
+	0x0B470B3E: 0x0B4B,
+	0x0B470B57: 0x0B4C,
+	0x0B920BD7: 0x0B94,
+	0x0BC60BBE: 0x0BCA,
+	0x0BC70BBE: 0x0BCB,
+	0x0BC60BD7: 0x0BCC,
+	0x0C460C56: 0x0C48,
+	0x0CBF0CD5: 0x0CC0,
+	0x0CC60CD5: 0x0CC7,
+	0x0CC60CD6: 0x0CC8,
+	0x0CC60CC2: 0x0CCA,
+	0x0CCA0CD5: 0x0CCB,
+	0x0D460D3E: 0x0D4A,
+	0x0D470D3E: 0x0D4B,
+	0x0D460D57: 0x0D4C,
+	0x0DD90DCA: 0x0DDA,
+	0x0DD90DCF: 0x0DDC,
+	0x0DDC0DCA: 0x0DDD,
+	0x0DD90DDF: 0x0DDE,
+	0x1025102E: 0x1026,
+	0x1B051B35: 0x1B06,
+	0x1B071B35: 0x1B08,
+	0x1B091B35: 0x1B0A,
+	0x1B0B1B35: 0x1B0C,
+	0x1B0D1B35: 0x1B0E,
+	0x1B111B35: 0x1B12,
+	0x1B3A1B35: 0x1B3B,
+	0x1B3C1B35: 0x1B3D,
+	0x1B3E1B35: 0x1B40,
+	0x1B3F1B35: 0x1B41,
+	0x1B421B35: 0x1B43,
+	0x00410325: 0x1E00,
+	0x00610325: 0x1E01,
+	0x00420307: 0x1E02,
+	0x00620307: 0x1E03,
+	0x00420323: 0x1E04,
+	0x00620323: 0x1E05,
+	0x00420331: 0x1E06,
+	0x00620331: 0x1E07,
+	0x00C70301: 0x1E08,
+	0x00E70301: 0x1E09,
+	0x00440307: 0x1E0A,
+	0x00640307: 0x1E0B,
+	0x00440323: 0x1E0C,
+	0x00640323: 0x1E0D,
+	0x00440331: 0x1E0E,
+	0x00640331: 0x1E0F,
+	0x00440327: 0x1E10,
+	0x00640327: 0x1E11,
+	0x0044032D: 0x1E12,
+	0x0064032D: 0x1E13,
+	0x01120300: 0x1E14,
+	0x01130300: 0x1E15,
+	0x01120301: 0x1E16,
+	0x01130301: 0x1E17,
+	0x0045032D: 0x1E18,
+	0x0065032D: 0x1E19,
+	0x00450330: 0x1E1A,
+	0x00650330: 0x1E1B,
+	0x02280306: 0x1E1C,
+	0x02290306: 0x1E1D,
+	0x00460307: 0x1E1E,
+	0x00660307: 0x1E1F,
+	0x00470304: 0x1E20,
+	0x00670304: 0x1E21,
+	0x00480307: 0x1E22,
+	0x00680307: 0x1E23,
+	0x00480323: 0x1E24,
+	0x00680323: 0x1E25,
+	0x00480308: 0x1E26,
+	0x00680308: 0x1E27,
+	0x00480327: 0x1E28,
+	0x00680327: 0x1E29,
+	0x0048032E: 0x1E2A,
+	0x0068032E: 0x1E2B,
+	0x00490330: 0x1E2C,
+	0x00690330: 0x1E2D,
+	0x00CF0301: 0x1E2E,
+	0x00EF0301: 0x1E2F,
+	0x004B0301: 0x1E30,
+	0x006B0301: 0x1E31,
+	0x004B0323: 0x1E32,
+	0x006B0323: 0x1E33,
+	0x004B0331: 0x1E34,
+	0x006B0331: 0x1E35,
+	0x004C0323: 0x1E36,
+	0x006C0323: 0x1E37,
+	0x1E360304: 0x1E38,
+	0x1E370304: 0x1E39,
+	0x004C0331: 0x1E3A,
+	0x006C0331: 0x1E3B,
+	0x004C032D: 0x1E3C,
+	0x006C032D: 0x1E3D,
+	0x004D0301: 0x1E3E,
+	0x006D0301: 0x1E3F,
+	0x004D0307: 0x1E40,
+	0x006D0307: 0x1E41,
+	0x004D0323: 0x1E42,
+	0x006D0323: 0x1E43,
+	0x004E0307: 0x1E44,
+	0x006E0307: 0x1E45,
+	0x004E0323: 0x1E46,
+	0x006E0323: 0x1E47,
+	0x004E0331: 0x1E48,
+	0x006E0331: 0x1E49,
+	0x004E032D: 0x1E4A,
+	0x006E032D: 0x1E4B,
+	0x00D50301: 0x1E4C,
+	0x00F50301: 0x1E4D,
+	0x00D50308: 0x1E4E,
+	0x00F50308: 0x1E4F,
+	0x014C0300: 0x1E50,
+	0x014D0300: 0x1E51,
+	0x014C0301: 0x1E52,
+	0x014D0301: 0x1E53,
+	0x00500301: 0x1E54,
+	0x00700301: 0x1E55,
+	0x00500307: 0x1E56,
+	0x00700307: 0x1E57,
+	0x00520307: 0x1E58,
+	0x00720307: 0x1E59,
+	0x00520323: 0x1E5A,
+	0x00720323: 0x1E5B,
+	0x1E5A0304: 0x1E5C,
+	0x1E5B0304: 0x1E5D,
+	0x00520331: 0x1E5E,
+	0x00720331: 0x1E5F,
+	0x00530307: 0x1E60,
+	0x00730307: 0x1E61,
+	0x00530323: 0x1E62,
+	0x00730323: 0x1E63,
+	0x015A0307: 0x1E64,
+	0x015B0307: 0x1E65,
+	0x01600307: 0x1E66,
+	0x01610307: 0x1E67,
+	0x1E620307: 0x1E68,
+	0x1E630307: 0x1E69,
+	0x00540307: 0x1E6A,
+	0x00740307: 0x1E6B,
+	0x00540323: 0x1E6C,
+	0x00740323: 0x1E6D,
+	0x00540331: 0x1E6E,
+	0x00740331: 0x1E6F,
+	0x0054032D: 0x1E70,
+	0x0074032D: 0x1E71,
+	0x00550324: 0x1E72,
+	0x00750324: 0x1E73,
+	0x00550330: 0x1E74,
+	0x00750330: 0x1E75,
+	0x0055032D: 0x1E76,
+	0x0075032D: 0x1E77,
+	0x01680301: 0x1E78,
+	0x01690301: 0x1E79,
+	0x016A0308: 0x1E7A,
+	0x016B0308: 0x1E7B,
+	0x00560303: 0x1E7C,
+	0x00760303: 0x1E7D,
+	0x00560323: 0x1E7E,
+	0x00760323: 0x1E7F,
+	0x00570300: 0x1E80,
+	0x00770300: 0x1E81,
+	0x00570301: 0x1E82,
+	0x00770301: 0x1E83,
+	0x00570308: 0x1E84,
+	0x00770308: 0x1E85,
+	0x00570307: 0x1E86,
+	0x00770307: 0x1E87,
+	0x00570323: 0x1E88,
+	0x00770323: 0x1E89,
+	0x00580307: 0x1E8A,
+	0x00780307: 0x1E8B,
+	0x00580308: 0x1E8C,
+	0x00780308: 0x1E8D,
+	0x00590307: 0x1E8E,
+	0x00790307: 0x1E8F,
+	0x005A0302: 0x1E90,
+	0x007A0302: 0x1E91,
+	0x005A0323: 0x1E92,
+	0x007A0323: 0x1E93,
+	0x005A0331: 0x1E94,
+	0x007A0331: 0x1E95,
+	0x00680331: 0x1E96,
+	0x00740308: 0x1E97,
+	0x0077030A: 0x1E98,
+	0x0079030A: 0x1E99,
+	0x017F0307: 0x1E9B,
+	0x00410323: 0x1EA0,
+	0x00610323: 0x1EA1,
+	0x00410309: 0x1EA2,
+	0x00610309: 0x1EA3,
+	0x00C20301: 0x1EA4,
+	0x00E20301: 0x1EA5,
+	0x00C20300: 0x1EA6,
+	0x00E20300: 0x1EA7,
+	0x00C20309: 0x1EA8,
+	0x00E20309: 0x1EA9,
+	0x00C20303: 0x1EAA,
+	0x00E20303: 0x1EAB,
+	0x1EA00302: 0x1EAC,
+	0x1EA10302: 0x1EAD,
+	0x01020301: 0x1EAE,
+	0x01030301: 0x1EAF,
+	0x01020300: 0x1EB0,
+	0x01030300: 0x1EB1,
+	0x01020309: 0x1EB2,
+	0x01030309: 0x1EB3,
+	0x01020303: 0x1EB4,
+	0x01030303: 0x1EB5,
+	0x1EA00306: 0x1EB6,
+	0x1EA10306: 0x1EB7,
+	0x00450323: 0x1EB8,
+	0x00650323: 0x1EB9,
+	0x00450309: 0x1EBA,
+	0x00650309: 0x1EBB,
+	0x00450303: 0x1EBC,
+	0x00650303: 0x1EBD,
+	0x00CA0301: 0x1EBE,
+	0x00EA0301: 0x1EBF,
+	0x00CA0300: 0x1EC0,
+	0x00EA0300: 0x1EC1,
+	0x00CA0309: 0x1EC2,
+	0x00EA0309: 0x1EC3,
+	0x00CA0303: 0x1EC4,
+	0x00EA0303: 0x1EC5,
+	0x1EB80302: 0x1EC6,
+	0x1EB90302: 0x1EC7,
+	0x00490309: 0x1EC8,
+	0x00690309: 0x1EC9,
+	0x00490323: 0x1ECA,
+	0x00690323: 0x1ECB,
+	0x004F0323: 0x1ECC,
+	0x006F0323: 0x1ECD,
+	0x004F0309: 0x1ECE,
+	0x006F0309: 0x1ECF,
+	0x00D40301: 0x1ED0,
+	0x00F40301: 0x1ED1,
+	0x00D40300: 0x1ED2,
+	0x00F40300: 0x1ED3,
+	0x00D40309: 0x1ED4,
+	0x00F40309: 0x1ED5,
+	0x00D40303: 0x1ED6,
+	0x00F40303: 0x1ED7,
+	0x1ECC0302: 0x1ED8,
+	0x1ECD0302: 0x1ED9,
+	0x01A00301: 0x1EDA,
+	0x01A10301: 0x1EDB,
+	0x01A00300: 0x1EDC,
+	0x01A10300: 0x1EDD,
+	0x01A00309: 0x1EDE,
+	0x01A10309: 0x1EDF,
+	0x01A00303: 0x1EE0,
+	0x01A10303: 0x1EE1,
+	0x01A00323: 0x1EE2,
+	0x01A10323: 0x1EE3,
+	0x00550323: 0x1EE4,
+	0x00750323: 0x1EE5,
+	0x00550309: 0x1EE6,
+	0x00750309: 0x1EE7,
+	0x01AF0301: 0x1EE8,
+	0x01B00301: 0x1EE9,
+	0x01AF0300: 0x1EEA,
+	0x01B00300: 0x1EEB,
+	0x01AF0309: 0x1EEC,
+	0x01B00309: 0x1EED,
+	0x01AF0303: 0x1EEE,
+	0x01B00303: 0x1EEF,
+	0x01AF0323: 0x1EF0,
+	0x01B00323: 0x1EF1,
+	0x00590300: 0x1EF2,
+	0x00790300: 0x1EF3,
+	0x00590323: 0x1EF4,
+	0x00790323: 0x1EF5,
+	0x00590309: 0x1EF6,
+	0x00790309: 0x1EF7,
+	0x00590303: 0x1EF8,
+	0x00790303: 0x1EF9,
+	0x03B10313: 0x1F00,
+	0x03B10314: 0x1F01,
+	0x1F000300: 0x1F02,
+	0x1F010300: 0x1F03,
+	0x1F000301: 0x1F04,
+	0x1F010301: 0x1F05,
+	0x1F000342: 0x1F06,
+	0x1F010342: 0x1F07,
+	0x03910313: 0x1F08,
+	0x03910314: 0x1F09,
+	0x1F080300: 0x1F0A,
+	0x1F090300: 0x1F0B,
+	0x1F080301: 0x1F0C,
+	0x1F090301: 0x1F0D,
+	0x1F080342: 0x1F0E,
+	0x1F090342: 0x1F0F,
+	0x03B50313: 0x1F10,
+	0x03B50314: 0x1F11,
+	0x1F100300: 0x1F12,
+	0x1F110300: 0x1F13,
+	0x1F100301: 0x1F14,
+	0x1F110301: 0x1F15,
+	0x03950313: 0x1F18,
+	0x03950314: 0x1F19,
+	0x1F180300: 0x1F1A,
+	0x1F190300: 0x1F1B,
+	0x1F180301: 0x1F1C,
+	0x1F190301: 0x1F1D,
+	0x03B70313: 0x1F20,
+	0x03B70314: 0x1F21,
+	0x1F200300: 0x1F22,
+	0x1F210300: 0x1F23,
+	0x1F200301: 0x1F24,
+	0x1F210301: 0x1F25,
+	0x1F200342: 0x1F26,
+	0x1F210342: 0x1F27,
+	0x03970313: 0x1F28,
+	0x03970314: 0x1F29,
+	0x1F280300: 0x1F2A,
+	0x1F290300: 0x1F2B,
+	0x1F280301: 0x1F2C,
+	0x1F290301: 0x1F2D,
+	0x1F280342: 0x1F2E,
+	0x1F290342: 0x1F2F,
+	0x03B90313: 0x1F30,
+	0x03B90314: 0x1F31,
+	0x1F300300: 0x1F32,
+	0x1F310300: 0x1F33,
+	0x1F300301: 0x1F34,
+	0x1F310301: 0x1F35,
+	0x1F300342: 0x1F36,
+	0x1F310342: 0x1F37,
+	0x03990313: 0x1F38,
+	0x03990314: 0x1F39,
+	0x1F380300: 0x1F3A,
+	0x1F390300: 0x1F3B,
+	0x1F380301: 0x1F3C,
+	0x1F390301: 0x1F3D,
+	0x1F380342: 0x1F3E,
+	0x1F390342: 0x1F3F,
+	0x03BF0313: 0x1F40,
+	0x03BF0314: 0x1F41,
+	0x1F400300: 0x1F42,
+	0x1F410300: 0x1F43,
+	0x1F400301: 0x1F44,
+	0x1F410301: 0x1F45,
+	0x039F0313: 0x1F48,
+	0x039F0314: 0x1F49,
+	0x1F480300: 0x1F4A,
+	0x1F490300: 0x1F4B,
+	0x1F480301: 0x1F4C,
+	0x1F490301: 0x1F4D,
+	0x03C50313: 0x1F50,
+	0x03C50314: 0x1F51,
+	0x1F500300: 0x1F52,
+	0x1F510300: 0x1F53,
+	0x1F500301: 0x1F54,
+	0x1F510301: 0x1F55,
+	0x1F500342: 0x1F56,
+	0x1F510342: 0x1F57,
+	0x03A50314: 0x1F59,
+	0x1F590300: 0x1F5B,
+	0x1F590301: 0x1F5D,
+	0x1F590342: 0x1F5F,
+	0x03C90313: 0x1F60,
+	0x03C90314: 0x1F61,
+	0x1F600300: 0x1F62,
+	0x1F610300: 0x1F63,
+	0x1F600301: 0x1F64,
+	0x1F610301: 0x1F65,
+	0x1F600342: 0x1F66,
+	0x1F610342: 0x1F67,
+	0x03A90313: 0x1F68,
+	0x03A90314: 0x1F69,
+	0x1F680300: 0x1F6A,
+	0x1F690300: 0x1F6B,
+	0x1F680301: 0x1F6C,
+	0x1F690301: 0x1F6D,
+	0x1F680342: 0x1F6E,
+	0x1F690342: 0x1F6F,
+	0x03B10300: 0x1F70,
+	0x03B50300: 0x1F72,
+	0x03B70300: 0x1F74,
+	0x03B90300: 0x1F76,
+	0x03BF0300: 0x1F78,
+	0x03C50300: 0x1F7A,
+	0x03C90300: 0x1F7C,
+	0x1F000345: 0x1F80,
+	0x1F010345: 0x1F81,
+	0x1F020345: 0x1F82,
+	0x1F030345: 0x1F83,
+	0x1F040345: 0x1F84,
+	0x1F050345: 0x1F85,
+	0x1F060345: 0x1F86,
+	0x1F070345: 0x1F87,
+	0x1F080345: 0x1F88,
+	0x1F090345: 0x1F89,
+	0x1F0A0345: 0x1F8A,
+	0x1F0B0345: 0x1F8B,
+	0x1F0C0345: 0x1F8C,
+	0x1F0D0345: 0x1F8D,
+	0x1F0E0345: 0x1F8E,
+	0x1F0F0345: 0x1F8F,
+	0x1F200345: 0x1F90,
+	0x1F210345: 0x1F91,
+	0x1F220345: 0x1F92,
+	0x1F230345: 0x1F93,
+	0x1F240345: 0x1F94,
+	0x1F250345: 0x1F95,
+	0x1F260345: 0x1F96,
+	0x1F270345: 0x1F97,
+	0x1F280345: 0x1F98,
+	0x1F290345: 0x1F99,
+	0x1F2A0345: 0x1F9A,
+	0x1F2B0345: 0x1F9B,
+	0x1F2C0345: 0x1F9C,
+	0x1F2D0345: 0x1F9D,
+	0x1F2E0345: 0x1F9E,
+	0x1F2F0345: 0x1F9F,
+	0x1F600345: 0x1FA0,
+	0x1F610345: 0x1FA1,
+	0x1F620345: 0x1FA2,
+	0x1F630345: 0x1FA3,
+	0x1F640345: 0x1FA4,
+	0x1F650345: 0x1FA5,
+	0x1F660345: 0x1FA6,
+	0x1F670345: 0x1FA7,
+	0x1F680345: 0x1FA8,
+	0x1F690345: 0x1FA9,
+	0x1F6A0345: 0x1FAA,
+	0x1F6B0345: 0x1FAB,
+	0x1F6C0345: 0x1FAC,
+	0x1F6D0345: 0x1FAD,
+	0x1F6E0345: 0x1FAE,
+	0x1F6F0345: 0x1FAF,
+	0x03B10306: 0x1FB0,
+	0x03B10304: 0x1FB1,
+	0x1F700345: 0x1FB2,
+	0x03B10345: 0x1FB3,
+	0x03AC0345: 0x1FB4,
+	0x03B10342: 0x1FB6,
+	0x1FB60345: 0x1FB7,
+	0x03910306: 0x1FB8,
+	0x03910304: 0x1FB9,
+	0x03910300: 0x1FBA,
+	0x03910345: 0x1FBC,
+	0x00A80342: 0x1FC1,
+	0x1F740345: 0x1FC2,
+	0x03B70345: 0x1FC3,
+	0x03AE0345: 0x1FC4,
+	0x03B70342: 0x1FC6,
+	0x1FC60345: 0x1FC7,
+	0x03950300: 0x1FC8,
+	0x03970300: 0x1FCA,
+	0x03970345: 0x1FCC,
+	0x1FBF0300: 0x1FCD,
+	0x1FBF0301: 0x1FCE,
+	0x1FBF0342: 0x1FCF,
+	0x03B90306: 0x1FD0,
+	0x03B90304: 0x1FD1,
+	0x03CA0300: 0x1FD2,
+	0x03B90342: 0x1FD6,
+	0x03CA0342: 0x1FD7,
+	0x03990306: 0x1FD8,
+	0x03990304: 0x1FD9,
+	0x03990300: 0x1FDA,
+	0x1FFE0300: 0x1FDD,
+	0x1FFE0301: 0x1FDE,
+	0x1FFE0342: 0x1FDF,
+	0x03C50306: 0x1FE0,
+	0x03C50304: 0x1FE1,
+	0x03CB0300: 0x1FE2,
+	0x03C10313: 0x1FE4,
+	0x03C10314: 0x1FE5,
+	0x03C50342: 0x1FE6,
+	0x03CB0342: 0x1FE7,
+	0x03A50306: 0x1FE8,
+	0x03A50304: 0x1FE9,
+	0x03A50300: 0x1FEA,
+	0x03A10314: 0x1FEC,
+	0x00A80300: 0x1FED,
+	0x1F7C0345: 0x1FF2,
+	0x03C90345: 0x1FF3,
+	0x03CE0345: 0x1FF4,
+	0x03C90342: 0x1FF6,
+	0x1FF60345: 0x1FF7,
+	0x039F0300: 0x1FF8,
+	0x03A90300: 0x1FFA,
+	0x03A90345: 0x1FFC,
+	0x21900338: 0x219A,
+	0x21920338: 0x219B,
+	0x21940338: 0x21AE,
+	0x21D00338: 0x21CD,
+	0x21D40338: 0x21CE,
+	0x21D20338: 0x21CF,
+	0x22030338: 0x2204,
+	0x22080338: 0x2209,
+	0x220B0338: 0x220C,
+	0x22230338: 0x2224,
+	0x22250338: 0x2226,
+	0x223C0338: 0x2241,
+	0x22430338: 0x2244,
+	0x22450338: 0x2247,
+	0x22480338: 0x2249,
+	0x003D0338: 0x2260,
+	0x22610338: 0x2262,
+	0x224D0338: 0x226D,
+	0x003C0338: 0x226E,
+	0x003E0338: 0x226F,
+	0x22640338: 0x2270,
+	0x22650338: 0x2271,
+	0x22720338: 0x2274,
+	0x22730338: 0x2275,
+	0x22760338: 0x2278,
+	0x22770338: 0x2279,
+	0x227A0338: 0x2280,
+	0x227B0338: 0x2281,
+	0x22820338: 0x2284,
+	0x22830338: 0x2285,
+	0x22860338: 0x2288,
+	0x22870338: 0x2289,
+	0x22A20338: 0x22AC,
+	0x22A80338: 0x22AD,
+	0x22A90338: 0x22AE,
+	0x22AB0338: 0x22AF,
+	0x227C0338: 0x22E0,
+	0x227D0338: 0x22E1,
+	0x22910338: 0x22E2,
+	0x22920338: 0x22E3,
+	0x22B20338: 0x22EA,
+	0x22B30338: 0x22EB,
+	0x22B40338: 0x22EC,
+	0x22B50338: 0x22ED,
+	0x304B3099: 0x304C,
+	0x304D3099: 0x304E,
+	0x304F3099: 0x3050,
+	0x30513099: 0x3052,
+	0x30533099: 0x3054,
+	0x30553099: 0x3056,
+	0x30573099: 0x3058,
+	0x30593099: 0x305A,
+	0x305B3099: 0x305C,
+	0x305D3099: 0x305E,
+	0x305F3099: 0x3060,
+	0x30613099: 0x3062,
+	0x30643099: 0x3065,
+	0x30663099: 0x3067,
+	0x30683099: 0x3069,
+	0x306F3099: 0x3070,
+	0x306F309A: 0x3071,
+	0x30723099: 0x3073,
+	0x3072309A: 0x3074,
+	0x30753099: 0x3076,
+	0x3075309A: 0x3077,
+	0x30783099: 0x3079,
+	0x3078309A: 0x307A,
+	0x307B3099: 0x307C,
+	0x307B309A: 0x307D,
+	0x30463099: 0x3094,
+	0x309D3099: 0x309E,
+	0x30AB3099: 0x30AC,
+	0x30AD3099: 0x30AE,
+	0x30AF3099: 0x30B0,
+	0x30B13099: 0x30B2,
+	0x30B33099: 0x30B4,
+	0x30B53099: 0x30B6,
+	0x30B73099: 0x30B8,
+	0x30B93099: 0x30BA,
+	0x30BB3099: 0x30BC,
+	0x30BD3099: 0x30BE,
+	0x30BF3099: 0x30C0,
+	0x30C13099: 0x30C2,
+	0x30C43099: 0x30C5,
+	0x30C63099: 0x30C7,
+	0x30C83099: 0x30C9,
+	0x30CF3099: 0x30D0,
+	0x30CF309A: 0x30D1,
+	0x30D23099: 0x30D3,
+	0x30D2309A: 0x30D4,
+	0x30D53099: 0x30D6,
+	0x30D5309A: 0x30D7,
+	0x30D83099: 0x30D9,
+	0x30D8309A: 0x30DA,
+	0x30DB3099: 0x30DC,
+	0x30DB309A: 0x30DD,
+	0x30A63099: 0x30F4,
+	0x30EF3099: 0x30F7,
+	0x30F03099: 0x30F8,
+	0x30F13099: 0x30F9,
+	0x30F23099: 0x30FA,
+	0x30FD3099: 0x30FE,
+	0x109910BA: 0x1109A,
+	0x109B10BA: 0x1109C,
+	0x10A510BA: 0x110AB,
+	0x11311127: 0x1112E,
+	0x11321127: 0x1112F,
+	0x1347133E: 0x1134B,
+	0x13471357: 0x1134C,
+	0x14B914BA: 0x114BB,
+	0x14B914B0: 0x114BC,
+	0x14B914BD: 0x114BE,
+	0x15B815AF: 0x115BA,
+	0x15B915AF: 0x115BB,
+}
 
-const recompMapPacked = "" +
-	"\x00A\x03\x00\x00\x00\x00\xc0" + // 0x00410300: 0x000000C0
-	"\x00A\x03\x01\x00\x00\x00\xc1" + // 0x00410301: 0x000000C1
-	"\x00A\x03\x02\x00\x00\x00\xc2" + // 0x00410302: 0x000000C2
-	"\x00A\x03\x03\x00\x00\x00\xc3" + // 0x00410303: 0x000000C3
-	"\x00A\x03\b\x00\x00\x00\xc4" + // 0x00410308: 0x000000C4
-	"\x00A\x03\n\x00\x00\x00\xc5" + // 0x0041030A: 0x000000C5
-	"\x00C\x03'\x00\x00\x00\xc7" + // 0x00430327: 0x000000C7
-	"\x00E\x03\x00\x00\x00\x00\xc8" + // 0x00450300: 0x000000C8
-	"\x00E\x03\x01\x00\x00\x00\xc9" + // 0x00450301: 0x000000C9
-	"\x00E\x03\x02\x00\x00\x00\xca" + // 0x00450302: 0x000000CA
-	"\x00E\x03\b\x00\x00\x00\xcb" + // 0x00450308: 0x000000CB
-	"\x00I\x03\x00\x00\x00\x00\xcc" + // 0x00490300: 0x000000CC
-	"\x00I\x03\x01\x00\x00\x00\xcd" + // 0x00490301: 0x000000CD
-	"\x00I\x03\x02\x00\x00\x00\xce" + // 0x00490302: 0x000000CE
-	"\x00I\x03\b\x00\x00\x00\xcf" + // 0x00490308: 0x000000CF
-	"\x00N\x03\x03\x00\x00\x00\xd1" + // 0x004E0303: 0x000000D1
-	"\x00O\x03\x00\x00\x00\x00\xd2" + // 0x004F0300: 0x000000D2
-	"\x00O\x03\x01\x00\x00\x00\xd3" + // 0x004F0301: 0x000000D3
-	"\x00O\x03\x02\x00\x00\x00\xd4" + // 0x004F0302: 0x000000D4
-	"\x00O\x03\x03\x00\x00\x00\xd5" + // 0x004F0303: 0x000000D5
-	"\x00O\x03\b\x00\x00\x00\xd6" + // 0x004F0308: 0x000000D6
-	"\x00U\x03\x00\x00\x00\x00\xd9" + // 0x00550300: 0x000000D9
-	"\x00U\x03\x01\x00\x00\x00\xda" + // 0x00550301: 0x000000DA
-	"\x00U\x03\x02\x00\x00\x00\xdb" + // 0x00550302: 0x000000DB
-	"\x00U\x03\b\x00\x00\x00\xdc" + // 0x00550308: 0x000000DC
-	"\x00Y\x03\x01\x00\x00\x00\xdd" + // 0x00590301: 0x000000DD
-	"\x00a\x03\x00\x00\x00\x00\xe0" + // 0x00610300: 0x000000E0
-	"\x00a\x03\x01\x00\x00\x00\xe1" + // 0x00610301: 0x000000E1
-	"\x00a\x03\x02\x00\x00\x00\xe2" + // 0x00610302: 0x000000E2
-	"\x00a\x03\x03\x00\x00\x00\xe3" + // 0x00610303: 0x000000E3
-	"\x00a\x03\b\x00\x00\x00\xe4" + // 0x00610308: 0x000000E4
-	"\x00a\x03\n\x00\x00\x00\xe5" + // 0x0061030A: 0x000000E5
-	"\x00c\x03'\x00\x00\x00\xe7" + // 0x00630327: 0x000000E7
-	"\x00e\x03\x00\x00\x00\x00\xe8" + // 0x00650300: 0x000000E8
-	"\x00e\x03\x01\x00\x00\x00\xe9" + // 0x00650301: 0x000000E9
-	"\x00e\x03\x02\x00\x00\x00\xea" + // 0x00650302: 0x000000EA
-	"\x00e\x03\b\x00\x00\x00\xeb" + // 0x00650308: 0x000000EB
-	"\x00i\x03\x00\x00\x00\x00\xec" + // 0x00690300: 0x000000EC
-	"\x00i\x03\x01\x00\x00\x00\xed" + // 0x00690301: 0x000000ED
-	"\x00i\x03\x02\x00\x00\x00\xee" + // 0x00690302: 0x000000EE
-	"\x00i\x03\b\x00\x00\x00\xef" + // 0x00690308: 0x000000EF
-	"\x00n\x03\x03\x00\x00\x00\xf1" + // 0x006E0303: 0x000000F1
-	"\x00o\x03\x00\x00\x00\x00\xf2" + // 0x006F0300: 0x000000F2
-	"\x00o\x03\x01\x00\x00\x00\xf3" + // 0x006F0301: 0x000000F3
-	"\x00o\x03\x02\x00\x00\x00\xf4" + // 0x006F0302: 0x000000F4
-	"\x00o\x03\x03\x00\x00\x00\xf5" + // 0x006F0303: 0x000000F5
-	"\x00o\x03\b\x00\x00\x00\xf6" + // 0x006F0308: 0x000000F6
-	"\x00u\x03\x00\x00\x00\x00\xf9" + // 0x00750300: 0x000000F9
-	"\x00u\x03\x01\x00\x00\x00\xfa" + // 0x00750301: 0x000000FA
-	"\x00u\x03\x02\x00\x00\x00\xfb" + // 0x00750302: 0x000000FB
-	"\x00u\x03\b\x00\x00\x00\xfc" + // 0x00750308: 0x000000FC
-	"\x00y\x03\x01\x00\x00\x00\xfd" + // 0x00790301: 0x000000FD
-	"\x00y\x03\b\x00\x00\x00\xff" + // 0x00790308: 0x000000FF
-	"\x00A\x03\x04\x00\x00\x01\x00" + // 0x00410304: 0x00000100
-	"\x00a\x03\x04\x00\x00\x01\x01" + // 0x00610304: 0x00000101
-	"\x00A\x03\x06\x00\x00\x01\x02" + // 0x00410306: 0x00000102
-	"\x00a\x03\x06\x00\x00\x01\x03" + // 0x00610306: 0x00000103
-	"\x00A\x03(\x00\x00\x01\x04" + // 0x00410328: 0x00000104
-	"\x00a\x03(\x00\x00\x01\x05" + // 0x00610328: 0x00000105
-	"\x00C\x03\x01\x00\x00\x01\x06" + // 0x00430301: 0x00000106
-	"\x00c\x03\x01\x00\x00\x01\a" + // 0x00630301: 0x00000107
-	"\x00C\x03\x02\x00\x00\x01\b" + // 0x00430302: 0x00000108
-	"\x00c\x03\x02\x00\x00\x01\t" + // 0x00630302: 0x00000109
-	"\x00C\x03\a\x00\x00\x01\n" + // 0x00430307: 0x0000010A
-	"\x00c\x03\a\x00\x00\x01\v" + // 0x00630307: 0x0000010B
-	"\x00C\x03\f\x00\x00\x01\f" + // 0x0043030C: 0x0000010C
-	"\x00c\x03\f\x00\x00\x01\r" + // 0x0063030C: 0x0000010D
-	"\x00D\x03\f\x00\x00\x01\x0e" + // 0x0044030C: 0x0000010E
-	"\x00d\x03\f\x00\x00\x01\x0f" + // 0x0064030C: 0x0000010F
-	"\x00E\x03\x04\x00\x00\x01\x12" + // 0x00450304: 0x00000112
-	"\x00e\x03\x04\x00\x00\x01\x13" + // 0x00650304: 0x00000113
-	"\x00E\x03\x06\x00\x00\x01\x14" + // 0x00450306: 0x00000114
-	"\x00e\x03\x06\x00\x00\x01\x15" + // 0x00650306: 0x00000115
-	"\x00E\x03\a\x00\x00\x01\x16" + // 0x00450307: 0x00000116
-	"\x00e\x03\a\x00\x00\x01\x17" + // 0x00650307: 0x00000117
-	"\x00E\x03(\x00\x00\x01\x18" + // 0x00450328: 0x00000118
-	"\x00e\x03(\x00\x00\x01\x19" + // 0x00650328: 0x00000119
-	"\x00E\x03\f\x00\x00\x01\x1a" + // 0x0045030C: 0x0000011A
-	"\x00e\x03\f\x00\x00\x01\x1b" + // 0x0065030C: 0x0000011B
-	"\x00G\x03\x02\x00\x00\x01\x1c" + // 0x00470302: 0x0000011C
-	"\x00g\x03\x02\x00\x00\x01\x1d" + // 0x00670302: 0x0000011D
-	"\x00G\x03\x06\x00\x00\x01\x1e" + // 0x00470306: 0x0000011E
-	"\x00g\x03\x06\x00\x00\x01\x1f" + // 0x00670306: 0x0000011F
-	"\x00G\x03\a\x00\x00\x01 " + // 0x00470307: 0x00000120
-	"\x00g\x03\a\x00\x00\x01!" + // 0x00670307: 0x00000121
-	"\x00G\x03'\x00\x00\x01\"" + // 0x00470327: 0x00000122
-	"\x00g\x03'\x00\x00\x01#" + // 0x00670327: 0x00000123
-	"\x00H\x03\x02\x00\x00\x01$" + // 0x00480302: 0x00000124
-	"\x00h\x03\x02\x00\x00\x01%" + // 0x00680302: 0x00000125
-	"\x00I\x03\x03\x00\x00\x01(" + // 0x00490303: 0x00000128
-	"\x00i\x03\x03\x00\x00\x01)" + // 0x00690303: 0x00000129
-	"\x00I\x03\x04\x00\x00\x01*" + // 0x00490304: 0x0000012A
-	"\x00i\x03\x04\x00\x00\x01+" + // 0x00690304: 0x0000012B
-	"\x00I\x03\x06\x00\x00\x01," + // 0x00490306: 0x0000012C
-	"\x00i\x03\x06\x00\x00\x01-" + // 0x00690306: 0x0000012D
-	"\x00I\x03(\x00\x00\x01." + // 0x00490328: 0x0000012E
-	"\x00i\x03(\x00\x00\x01/" + // 0x00690328: 0x0000012F
-	"\x00I\x03\a\x00\x00\x010" + // 0x00490307: 0x00000130
-	"\x00J\x03\x02\x00\x00\x014" + // 0x004A0302: 0x00000134
-	"\x00j\x03\x02\x00\x00\x015" + // 0x006A0302: 0x00000135
-	"\x00K\x03'\x00\x00\x016" + // 0x004B0327: 0x00000136
-	"\x00k\x03'\x00\x00\x017" + // 0x006B0327: 0x00000137
-	"\x00L\x03\x01\x00\x00\x019" + // 0x004C0301: 0x00000139
-	"\x00l\x03\x01\x00\x00\x01:" + // 0x006C0301: 0x0000013A
-	"\x00L\x03'\x00\x00\x01;" + // 0x004C0327: 0x0000013B
-	"\x00l\x03'\x00\x00\x01<" + // 0x006C0327: 0x0000013C
-	"\x00L\x03\f\x00\x00\x01=" + // 0x004C030C: 0x0000013D
-	"\x00l\x03\f\x00\x00\x01>" + // 0x006C030C: 0x0000013E
-	"\x00N\x03\x01\x00\x00\x01C" + // 0x004E0301: 0x00000143
-	"\x00n\x03\x01\x00\x00\x01D" + // 0x006E0301: 0x00000144
-	"\x00N\x03'\x00\x00\x01E" + // 0x004E0327: 0x00000145
-	"\x00n\x03'\x00\x00\x01F" + // 0x006E0327: 0x00000146
-	"\x00N\x03\f\x00\x00\x01G" + // 0x004E030C: 0x00000147
-	"\x00n\x03\f\x00\x00\x01H" + // 0x006E030C: 0x00000148
-	"\x00O\x03\x04\x00\x00\x01L" + // 0x004F0304: 0x0000014C
-	"\x00o\x03\x04\x00\x00\x01M" + // 0x006F0304: 0x0000014D
-	"\x00O\x03\x06\x00\x00\x01N" + // 0x004F0306: 0x0000014E
-	"\x00o\x03\x06\x00\x00\x01O" + // 0x006F0306: 0x0000014F
-	"\x00O\x03\v\x00\x00\x01P" + // 0x004F030B: 0x00000150
-	"\x00o\x03\v\x00\x00\x01Q" + // 0x006F030B: 0x00000151
-	"\x00R\x03\x01\x00\x00\x01T" + // 0x00520301: 0x00000154
-	"\x00r\x03\x01\x00\x00\x01U" + // 0x00720301: 0x00000155
-	"\x00R\x03'\x00\x00\x01V" + // 0x00520327: 0x00000156
-	"\x00r\x03'\x00\x00\x01W" + // 0x00720327: 0x00000157
-	"\x00R\x03\f\x00\x00\x01X" + // 0x0052030C: 0x00000158
-	"\x00r\x03\f\x00\x00\x01Y" + // 0x0072030C: 0x00000159
-	"\x00S\x03\x01\x00\x00\x01Z" + // 0x00530301: 0x0000015A
-	"\x00s\x03\x01\x00\x00\x01[" + // 0x00730301: 0x0000015B
-	"\x00S\x03\x02\x00\x00\x01\\" + // 0x00530302: 0x0000015C
-	"\x00s\x03\x02\x00\x00\x01]" + // 0x00730302: 0x0000015D
-	"\x00S\x03'\x00\x00\x01^" + // 0x00530327: 0x0000015E
-	"\x00s\x03'\x00\x00\x01_" + // 0x00730327: 0x0000015F
-	"\x00S\x03\f\x00\x00\x01`" + // 0x0053030C: 0x00000160
-	"\x00s\x03\f\x00\x00\x01a" + // 0x0073030C: 0x00000161
-	"\x00T\x03'\x00\x00\x01b" + // 0x00540327: 0x00000162
-	"\x00t\x03'\x00\x00\x01c" + // 0x00740327: 0x00000163
-	"\x00T\x03\f\x00\x00\x01d" + // 0x0054030C: 0x00000164
-	"\x00t\x03\f\x00\x00\x01e" + // 0x0074030C: 0x00000165
-	"\x00U\x03\x03\x00\x00\x01h" + // 0x00550303: 0x00000168
-	"\x00u\x03\x03\x00\x00\x01i" + // 0x00750303: 0x00000169
-	"\x00U\x03\x04\x00\x00\x01j" + // 0x00550304: 0x0000016A
-	"\x00u\x03\x04\x00\x00\x01k" + // 0x00750304: 0x0000016B
-	"\x00U\x03\x06\x00\x00\x01l" + // 0x00550306: 0x0000016C
-	"\x00u\x03\x06\x00\x00\x01m" + // 0x00750306: 0x0000016D
-	"\x00U\x03\n\x00\x00\x01n" + // 0x0055030A: 0x0000016E
-	"\x00u\x03\n\x00\x00\x01o" + // 0x0075030A: 0x0000016F
-	"\x00U\x03\v\x00\x00\x01p" + // 0x0055030B: 0x00000170
-	"\x00u\x03\v\x00\x00\x01q" + // 0x0075030B: 0x00000171
-	"\x00U\x03(\x00\x00\x01r" + // 0x00550328: 0x00000172
-	"\x00u\x03(\x00\x00\x01s" + // 0x00750328: 0x00000173
-	"\x00W\x03\x02\x00\x00\x01t" + // 0x00570302: 0x00000174
-	"\x00w\x03\x02\x00\x00\x01u" + // 0x00770302: 0x00000175
-	"\x00Y\x03\x02\x00\x00\x01v" + // 0x00590302: 0x00000176
-	"\x00y\x03\x02\x00\x00\x01w" + // 0x00790302: 0x00000177
-	"\x00Y\x03\b\x00\x00\x01x" + // 0x00590308: 0x00000178
-	"\x00Z\x03\x01\x00\x00\x01y" + // 0x005A0301: 0x00000179
-	"\x00z\x03\x01\x00\x00\x01z" + // 0x007A0301: 0x0000017A
-	"\x00Z\x03\a\x00\x00\x01{" + // 0x005A0307: 0x0000017B
-	"\x00z\x03\a\x00\x00\x01|" + // 0x007A0307: 0x0000017C
-	"\x00Z\x03\f\x00\x00\x01}" + // 0x005A030C: 0x0000017D
-	"\x00z\x03\f\x00\x00\x01~" + // 0x007A030C: 0x0000017E
-	"\x00O\x03\x1b\x00\x00\x01\xa0" + // 0x004F031B: 0x000001A0
-	"\x00o\x03\x1b\x00\x00\x01\xa1" + // 0x006F031B: 0x000001A1
-	"\x00U\x03\x1b\x00\x00\x01\xaf" + // 0x0055031B: 0x000001AF
-	"\x00u\x03\x1b\x00\x00\x01\xb0" + // 0x0075031B: 0x000001B0
-	"\x00A\x03\f\x00\x00\x01\xcd" + // 0x0041030C: 0x000001CD
-	"\x00a\x03\f\x00\x00\x01\xce" + // 0x0061030C: 0x000001CE
-	"\x00I\x03\f\x00\x00\x01\xcf" + // 0x0049030C: 0x000001CF
-	"\x00i\x03\f\x00\x00\x01\xd0" + // 0x0069030C: 0x000001D0
-	"\x00O\x03\f\x00\x00\x01\xd1" + // 0x004F030C: 0x000001D1
-	"\x00o\x03\f\x00\x00\x01\xd2" + // 0x006F030C: 0x000001D2
-	"\x00U\x03\f\x00\x00\x01\xd3" + // 0x0055030C: 0x000001D3
-	"\x00u\x03\f\x00\x00\x01\xd4" + // 0x0075030C: 0x000001D4
-	"\x00\xdc\x03\x04\x00\x00\x01\xd5" + // 0x00DC0304: 0x000001D5
-	"\x00\xfc\x03\x04\x00\x00\x01\xd6" + // 0x00FC0304: 0x000001D6
-	"\x00\xdc\x03\x01\x00\x00\x01\xd7" + // 0x00DC0301: 0x000001D7
-	"\x00\xfc\x03\x01\x00\x00\x01\xd8" + // 0x00FC0301: 0x000001D8
-	"\x00\xdc\x03\f\x00\x00\x01\xd9" + // 0x00DC030C: 0x000001D9
-	"\x00\xfc\x03\f\x00\x00\x01\xda" + // 0x00FC030C: 0x000001DA
-	"\x00\xdc\x03\x00\x00\x00\x01\xdb" + // 0x00DC0300: 0x000001DB
-	"\x00\xfc\x03\x00\x00\x00\x01\xdc" + // 0x00FC0300: 0x000001DC
-	"\x00\xc4\x03\x04\x00\x00\x01\xde" + // 0x00C40304: 0x000001DE
-	"\x00\xe4\x03\x04\x00\x00\x01\xdf" + // 0x00E40304: 0x000001DF
-	"\x02&\x03\x04\x00\x00\x01\xe0" + // 0x02260304: 0x000001E0
-	"\x02'\x03\x04\x00\x00\x01\xe1" + // 0x02270304: 0x000001E1
-	"\x00\xc6\x03\x04\x00\x00\x01\xe2" + // 0x00C60304: 0x000001E2
-	"\x00\xe6\x03\x04\x00\x00\x01\xe3" + // 0x00E60304: 0x000001E3
-	"\x00G\x03\f\x00\x00\x01\xe6" + // 0x0047030C: 0x000001E6
-	"\x00g\x03\f\x00\x00\x01\xe7" + // 0x0067030C: 0x000001E7
-	"\x00K\x03\f\x00\x00\x01\xe8" + // 0x004B030C: 0x000001E8
-	"\x00k\x03\f\x00\x00\x01\xe9" + // 0x006B030C: 0x000001E9
-	"\x00O\x03(\x00\x00\x01\xea" + // 0x004F0328: 0x000001EA
-	"\x00o\x03(\x00\x00\x01\xeb" + // 0x006F0328: 0x000001EB
-	"\x01\xea\x03\x04\x00\x00\x01\xec" + // 0x01EA0304: 0x000001EC
-	"\x01\xeb\x03\x04\x00\x00\x01\xed" + // 0x01EB0304: 0x000001ED
-	"\x01\xb7\x03\f\x00\x00\x01\xee" + // 0x01B7030C: 0x000001EE
-	"\x02\x92\x03\f\x00\x00\x01\xef" + // 0x0292030C: 0x000001EF
-	"\x00j\x03\f\x00\x00\x01\xf0" + // 0x006A030C: 0x000001F0
-	"\x00G\x03\x01\x00\x00\x01\xf4" + // 0x00470301: 0x000001F4
-	"\x00g\x03\x01\x00\x00\x01\xf5" + // 0x00670301: 0x000001F5
-	"\x00N\x03\x00\x00\x00\x01\xf8" + // 0x004E0300: 0x000001F8
-	"\x00n\x03\x00\x00\x00\x01\xf9" + // 0x006E0300: 0x000001F9
-	"\x00\xc5\x03\x01\x00\x00\x01\xfa" + // 0x00C50301: 0x000001FA
-	"\x00\xe5\x03\x01\x00\x00\x01\xfb" + // 0x00E50301: 0x000001FB
-	"\x00\xc6\x03\x01\x00\x00\x01\xfc" + // 0x00C60301: 0x000001FC
-	"\x00\xe6\x03\x01\x00\x00\x01\xfd" + // 0x00E60301: 0x000001FD
-	"\x00\xd8\x03\x01\x00\x00\x01\xfe" + // 0x00D80301: 0x000001FE
-	"\x00\xf8\x03\x01\x00\x00\x01\xff" + // 0x00F80301: 0x000001FF
-	"\x00A\x03\x0f\x00\x00\x02\x00" + // 0x0041030F: 0x00000200
-	"\x00a\x03\x0f\x00\x00\x02\x01" + // 0x0061030F: 0x00000201
-	"\x00A\x03\x11\x00\x00\x02\x02" + // 0x00410311: 0x00000202
-	"\x00a\x03\x11\x00\x00\x02\x03" + // 0x00610311: 0x00000203
-	"\x00E\x03\x0f\x00\x00\x02\x04" + // 0x0045030F: 0x00000204
-	"\x00e\x03\x0f\x00\x00\x02\x05" + // 0x0065030F: 0x00000205
-	"\x00E\x03\x11\x00\x00\x02\x06" + // 0x00450311: 0x00000206
-	"\x00e\x03\x11\x00\x00\x02\a" + // 0x00650311: 0x00000207
-	"\x00I\x03\x0f\x00\x00\x02\b" + // 0x0049030F: 0x00000208
-	"\x00i\x03\x0f\x00\x00\x02\t" + // 0x0069030F: 0x00000209
-	"\x00I\x03\x11\x00\x00\x02\n" + // 0x00490311: 0x0000020A
-	"\x00i\x03\x11\x00\x00\x02\v" + // 0x00690311: 0x0000020B
-	"\x00O\x03\x0f\x00\x00\x02\f" + // 0x004F030F: 0x0000020C
-	"\x00o\x03\x0f\x00\x00\x02\r" + // 0x006F030F: 0x0000020D
-	"\x00O\x03\x11\x00\x00\x02\x0e" + // 0x004F0311: 0x0000020E
-	"\x00o\x03\x11\x00\x00\x02\x0f" + // 0x006F0311: 0x0000020F
-	"\x00R\x03\x0f\x00\x00\x02\x10" + // 0x0052030F: 0x00000210
-	"\x00r\x03\x0f\x00\x00\x02\x11" + // 0x0072030F: 0x00000211
-	"\x00R\x03\x11\x00\x00\x02\x12" + // 0x00520311: 0x00000212
-	"\x00r\x03\x11\x00\x00\x02\x13" + // 0x00720311: 0x00000213
-	"\x00U\x03\x0f\x00\x00\x02\x14" + // 0x0055030F: 0x00000214
-	"\x00u\x03\x0f\x00\x00\x02\x15" + // 0x0075030F: 0x00000215
-	"\x00U\x03\x11\x00\x00\x02\x16" + // 0x00550311: 0x00000216
-	"\x00u\x03\x11\x00\x00\x02\x17" + // 0x00750311: 0x00000217
-	"\x00S\x03&\x00\x00\x02\x18" + // 0x00530326: 0x00000218
-	"\x00s\x03&\x00\x00\x02\x19" + // 0x00730326: 0x00000219
-	"\x00T\x03&\x00\x00\x02\x1a" + // 0x00540326: 0x0000021A
-	"\x00t\x03&\x00\x00\x02\x1b" + // 0x00740326: 0x0000021B
-	"\x00H\x03\f\x00\x00\x02\x1e" + // 0x0048030C: 0x0000021E
-	"\x00h\x03\f\x00\x00\x02\x1f" + // 0x0068030C: 0x0000021F
-	"\x00A\x03\a\x00\x00\x02&" + // 0x00410307: 0x00000226
-	"\x00a\x03\a\x00\x00\x02'" + // 0x00610307: 0x00000227
-	"\x00E\x03'\x00\x00\x02(" + // 0x00450327: 0x00000228
-	"\x00e\x03'\x00\x00\x02)" + // 0x00650327: 0x00000229
-	"\x00\xd6\x03\x04\x00\x00\x02*" + // 0x00D60304: 0x0000022A
-	"\x00\xf6\x03\x04\x00\x00\x02+" + // 0x00F60304: 0x0000022B
-	"\x00\xd5\x03\x04\x00\x00\x02," + // 0x00D50304: 0x0000022C
-	"\x00\xf5\x03\x04\x00\x00\x02-" + // 0x00F50304: 0x0000022D
-	"\x00O\x03\a\x00\x00\x02." + // 0x004F0307: 0x0000022E
-	"\x00o\x03\a\x00\x00\x02/" + // 0x006F0307: 0x0000022F
-	"\x02.\x03\x04\x00\x00\x020" + // 0x022E0304: 0x00000230
-	"\x02/\x03\x04\x00\x00\x021" + // 0x022F0304: 0x00000231
-	"\x00Y\x03\x04\x00\x00\x022" + // 0x00590304: 0x00000232
-	"\x00y\x03\x04\x00\x00\x023" + // 0x00790304: 0x00000233
-	"\x00\xa8\x03\x01\x00\x00\x03\x85" + // 0x00A80301: 0x00000385
-	"\x03\x91\x03\x01\x00\x00\x03\x86" + // 0x03910301: 0x00000386
-	"\x03\x95\x03\x01\x00\x00\x03\x88" + // 0x03950301: 0x00000388
-	"\x03\x97\x03\x01\x00\x00\x03\x89" + // 0x03970301: 0x00000389
-	"\x03\x99\x03\x01\x00\x00\x03\x8a" + // 0x03990301: 0x0000038A
-	"\x03\x9f\x03\x01\x00\x00\x03\x8c" + // 0x039F0301: 0x0000038C
-	"\x03\xa5\x03\x01\x00\x00\x03\x8e" + // 0x03A50301: 0x0000038E
-	"\x03\xa9\x03\x01\x00\x00\x03\x8f" + // 0x03A90301: 0x0000038F
-	"\x03\xca\x03\x01\x00\x00\x03\x90" + // 0x03CA0301: 0x00000390
-	"\x03\x99\x03\b\x00\x00\x03\xaa" + // 0x03990308: 0x000003AA
-	"\x03\xa5\x03\b\x00\x00\x03\xab" + // 0x03A50308: 0x000003AB
-	"\x03\xb1\x03\x01\x00\x00\x03\xac" + // 0x03B10301: 0x000003AC
-	"\x03\xb5\x03\x01\x00\x00\x03\xad" + // 0x03B50301: 0x000003AD
-	"\x03\xb7\x03\x01\x00\x00\x03\xae" + // 0x03B70301: 0x000003AE
-	"\x03\xb9\x03\x01\x00\x00\x03\xaf" + // 0x03B90301: 0x000003AF
-	"\x03\xcb\x03\x01\x00\x00\x03\xb0" + // 0x03CB0301: 0x000003B0
-	"\x03\xb9\x03\b\x00\x00\x03\xca" + // 0x03B90308: 0x000003CA
-	"\x03\xc5\x03\b\x00\x00\x03\xcb" + // 0x03C50308: 0x000003CB
-	"\x03\xbf\x03\x01\x00\x00\x03\xcc" + // 0x03BF0301: 0x000003CC
-	"\x03\xc5\x03\x01\x00\x00\x03\xcd" + // 0x03C50301: 0x000003CD
-	"\x03\xc9\x03\x01\x00\x00\x03\xce" + // 0x03C90301: 0x000003CE
-	"\x03\xd2\x03\x01\x00\x00\x03\xd3" + // 0x03D20301: 0x000003D3
-	"\x03\xd2\x03\b\x00\x00\x03\xd4" + // 0x03D20308: 0x000003D4
-	"\x04\x15\x03\x00\x00\x00\x04\x00" + // 0x04150300: 0x00000400
-	"\x04\x15\x03\b\x00\x00\x04\x01" + // 0x04150308: 0x00000401
-	"\x04\x13\x03\x01\x00\x00\x04\x03" + // 0x04130301: 0x00000403
-	"\x04\x06\x03\b\x00\x00\x04\a" + // 0x04060308: 0x00000407
-	"\x04\x1a\x03\x01\x00\x00\x04\f" + // 0x041A0301: 0x0000040C
-	"\x04\x18\x03\x00\x00\x00\x04\r" + // 0x04180300: 0x0000040D
-	"\x04#\x03\x06\x00\x00\x04\x0e" + // 0x04230306: 0x0000040E
-	"\x04\x18\x03\x06\x00\x00\x04\x19" + // 0x04180306: 0x00000419
-	"\x048\x03\x06\x00\x00\x049" + // 0x04380306: 0x00000439
-	"\x045\x03\x00\x00\x00\x04P" + // 0x04350300: 0x00000450
-	"\x045\x03\b\x00\x00\x04Q" + // 0x04350308: 0x00000451
-	"\x043\x03\x01\x00\x00\x04S" + // 0x04330301: 0x00000453
-	"\x04V\x03\b\x00\x00\x04W" + // 0x04560308: 0x00000457
-	"\x04:\x03\x01\x00\x00\x04\\" + // 0x043A0301: 0x0000045C
-	"\x048\x03\x00\x00\x00\x04]" + // 0x04380300: 0x0000045D
-	"\x04C\x03\x06\x00\x00\x04^" + // 0x04430306: 0x0000045E
-	"\x04t\x03\x0f\x00\x00\x04v" + // 0x0474030F: 0x00000476
-	"\x04u\x03\x0f\x00\x00\x04w" + // 0x0475030F: 0x00000477
-	"\x04\x16\x03\x06\x00\x00\x04\xc1" + // 0x04160306: 0x000004C1
-	"\x046\x03\x06\x00\x00\x04\xc2" + // 0x04360306: 0x000004C2
-	"\x04\x10\x03\x06\x00\x00\x04\xd0" + // 0x04100306: 0x000004D0
-	"\x040\x03\x06\x00\x00\x04\xd1" + // 0x04300306: 0x000004D1
-	"\x04\x10\x03\b\x00\x00\x04\xd2" + // 0x04100308: 0x000004D2
-	"\x040\x03\b\x00\x00\x04\xd3" + // 0x04300308: 0x000004D3
-	"\x04\x15\x03\x06\x00\x00\x04\xd6" + // 0x04150306: 0x000004D6
-	"\x045\x03\x06\x00\x00\x04\xd7" + // 0x04350306: 0x000004D7
-	"\x04\xd8\x03\b\x00\x00\x04\xda" + // 0x04D80308: 0x000004DA
-	"\x04\xd9\x03\b\x00\x00\x04\xdb" + // 0x04D90308: 0x000004DB
-	"\x04\x16\x03\b\x00\x00\x04\xdc" + // 0x04160308: 0x000004DC
-	"\x046\x03\b\x00\x00\x04\xdd" + // 0x04360308: 0x000004DD
-	"\x04\x17\x03\b\x00\x00\x04\xde" + // 0x04170308: 0x000004DE
-	"\x047\x03\b\x00\x00\x04\xdf" + // 0x04370308: 0x000004DF
-	"\x04\x18\x03\x04\x00\x00\x04\xe2" + // 0x04180304: 0x000004E2
-	"\x048\x03\x04\x00\x00\x04\xe3" + // 0x04380304: 0x000004E3
-	"\x04\x18\x03\b\x00\x00\x04\xe4" + // 0x04180308: 0x000004E4
-	"\x048\x03\b\x00\x00\x04\xe5" + // 0x04380308: 0x000004E5
-	"\x04\x1e\x03\b\x00\x00\x04\xe6" + // 0x041E0308: 0x000004E6
-	"\x04>\x03\b\x00\x00\x04\xe7" + // 0x043E0308: 0x000004E7
-	"\x04\xe8\x03\b\x00\x00\x04\xea" + // 0x04E80308: 0x000004EA
-	"\x04\xe9\x03\b\x00\x00\x04\xeb" + // 0x04E90308: 0x000004EB
-	"\x04-\x03\b\x00\x00\x04\xec" + // 0x042D0308: 0x000004EC
-	"\x04M\x03\b\x00\x00\x04\xed" + // 0x044D0308: 0x000004ED
-	"\x04#\x03\x04\x00\x00\x04\xee" + // 0x04230304: 0x000004EE
-	"\x04C\x03\x04\x00\x00\x04\xef" + // 0x04430304: 0x000004EF
-	"\x04#\x03\b\x00\x00\x04\xf0" + // 0x04230308: 0x000004F0
-	"\x04C\x03\b\x00\x00\x04\xf1" + // 0x04430308: 0x000004F1
-	"\x04#\x03\v\x00\x00\x04\xf2" + // 0x0423030B: 0x000004F2
-	"\x04C\x03\v\x00\x00\x04\xf3" + // 0x0443030B: 0x000004F3
-	"\x04'\x03\b\x00\x00\x04\xf4" + // 0x04270308: 0x000004F4
-	"\x04G\x03\b\x00\x00\x04\xf5" + // 0x04470308: 0x000004F5
-	"\x04+\x03\b\x00\x00\x04\xf8" + // 0x042B0308: 0x000004F8
-	"\x04K\x03\b\x00\x00\x04\xf9" + // 0x044B0308: 0x000004F9
-	"\x06'\x06S\x00\x00\x06\"" + // 0x06270653: 0x00000622
-	"\x06'\x06T\x00\x00\x06#" + // 0x06270654: 0x00000623
-	"\x06H\x06T\x00\x00\x06$" + // 0x06480654: 0x00000624
-	"\x06'\x06U\x00\x00\x06%" + // 0x06270655: 0x00000625
-	"\x06J\x06T\x00\x00\x06&" + // 0x064A0654: 0x00000626
-	"\x06\xd5\x06T\x00\x00\x06\xc0" + // 0x06D50654: 0x000006C0
-	"\x06\xc1\x06T\x00\x00\x06\xc2" + // 0x06C10654: 0x000006C2
-	"\x06\xd2\x06T\x00\x00\x06\xd3" + // 0x06D20654: 0x000006D3
-	"\t(\t<\x00\x00\t)" + // 0x0928093C: 0x00000929
-	"\t0\t<\x00\x00\t1" + // 0x0930093C: 0x00000931
-	"\t3\t<\x00\x00\t4" + // 0x0933093C: 0x00000934
-	"\t\xc7\t\xbe\x00\x00\t\xcb" + // 0x09C709BE: 0x000009CB
-	"\t\xc7\t\xd7\x00\x00\t\xcc" + // 0x09C709D7: 0x000009CC
-	"\vG\vV\x00\x00\vH" + // 0x0B470B56: 0x00000B48
-	"\vG\v>\x00\x00\vK" + // 0x0B470B3E: 0x00000B4B
-	"\vG\vW\x00\x00\vL" + // 0x0B470B57: 0x00000B4C
-	"\v\x92\v\xd7\x00\x00\v\x94" + // 0x0B920BD7: 0x00000B94
-	"\v\xc6\v\xbe\x00\x00\v\xca" + // 0x0BC60BBE: 0x00000BCA
-	"\v\xc7\v\xbe\x00\x00\v\xcb" + // 0x0BC70BBE: 0x00000BCB
-	"\v\xc6\v\xd7\x00\x00\v\xcc" + // 0x0BC60BD7: 0x00000BCC
-	"\fF\fV\x00\x00\fH" + // 0x0C460C56: 0x00000C48
-	"\f\xbf\f\xd5\x00\x00\f\xc0" + // 0x0CBF0CD5: 0x00000CC0
-	"\f\xc6\f\xd5\x00\x00\f\xc7" + // 0x0CC60CD5: 0x00000CC7
-	"\f\xc6\f\xd6\x00\x00\f\xc8" + // 0x0CC60CD6: 0x00000CC8
-	"\f\xc6\f\xc2\x00\x00\f\xca" + // 0x0CC60CC2: 0x00000CCA
-	"\f\xca\f\xd5\x00\x00\f\xcb" + // 0x0CCA0CD5: 0x00000CCB
-	"\rF\r>\x00\x00\rJ" + // 0x0D460D3E: 0x00000D4A
-	"\rG\r>\x00\x00\rK" + // 0x0D470D3E: 0x00000D4B
-	"\rF\rW\x00\x00\rL" + // 0x0D460D57: 0x00000D4C
-	"\r\xd9\r\xca\x00\x00\r\xda" + // 0x0DD90DCA: 0x00000DDA
-	"\r\xd9\r\xcf\x00\x00\r\xdc" + // 0x0DD90DCF: 0x00000DDC
-	"\r\xdc\r\xca\x00\x00\r\xdd" + // 0x0DDC0DCA: 0x00000DDD
-	"\r\xd9\r\xdf\x00\x00\r\xde" + // 0x0DD90DDF: 0x00000DDE
-	"\x10%\x10.\x00\x00\x10&" + // 0x1025102E: 0x00001026
-	"\x1b\x05\x1b5\x00\x00\x1b\x06" + // 0x1B051B35: 0x00001B06
-	"\x1b\a\x1b5\x00\x00\x1b\b" + // 0x1B071B35: 0x00001B08
-	"\x1b\t\x1b5\x00\x00\x1b\n" + // 0x1B091B35: 0x00001B0A
-	"\x1b\v\x1b5\x00\x00\x1b\f" + // 0x1B0B1B35: 0x00001B0C
-	"\x1b\r\x1b5\x00\x00\x1b\x0e" + // 0x1B0D1B35: 0x00001B0E
-	"\x1b\x11\x1b5\x00\x00\x1b\x12" + // 0x1B111B35: 0x00001B12
-	"\x1b:\x1b5\x00\x00\x1b;" + // 0x1B3A1B35: 0x00001B3B
-	"\x1b<\x1b5\x00\x00\x1b=" + // 0x1B3C1B35: 0x00001B3D
-	"\x1b>\x1b5\x00\x00\x1b@" + // 0x1B3E1B35: 0x00001B40
-	"\x1b?\x1b5\x00\x00\x1bA" + // 0x1B3F1B35: 0x00001B41
-	"\x1bB\x1b5\x00\x00\x1bC" + // 0x1B421B35: 0x00001B43
-	"\x00A\x03%\x00\x00\x1e\x00" + // 0x00410325: 0x00001E00
-	"\x00a\x03%\x00\x00\x1e\x01" + // 0x00610325: 0x00001E01
-	"\x00B\x03\a\x00\x00\x1e\x02" + // 0x00420307: 0x00001E02
-	"\x00b\x03\a\x00\x00\x1e\x03" + // 0x00620307: 0x00001E03
-	"\x00B\x03#\x00\x00\x1e\x04" + // 0x00420323: 0x00001E04
-	"\x00b\x03#\x00\x00\x1e\x05" + // 0x00620323: 0x00001E05
-	"\x00B\x031\x00\x00\x1e\x06" + // 0x00420331: 0x00001E06
-	"\x00b\x031\x00\x00\x1e\a" + // 0x00620331: 0x00001E07
-	"\x00\xc7\x03\x01\x00\x00\x1e\b" + // 0x00C70301: 0x00001E08
-	"\x00\xe7\x03\x01\x00\x00\x1e\t" + // 0x00E70301: 0x00001E09
-	"\x00D\x03\a\x00\x00\x1e\n" + // 0x00440307: 0x00001E0A
-	"\x00d\x03\a\x00\x00\x1e\v" + // 0x00640307: 0x00001E0B
-	"\x00D\x03#\x00\x00\x1e\f" + // 0x00440323: 0x00001E0C
-	"\x00d\x03#\x00\x00\x1e\r" + // 0x00640323: 0x00001E0D
-	"\x00D\x031\x00\x00\x1e\x0e" + // 0x00440331: 0x00001E0E
-	"\x00d\x031\x00\x00\x1e\x0f" + // 0x00640331: 0x00001E0F
-	"\x00D\x03'\x00\x00\x1e\x10" + // 0x00440327: 0x00001E10
-	"\x00d\x03'\x00\x00\x1e\x11" + // 0x00640327: 0x00001E11
-	"\x00D\x03-\x00\x00\x1e\x12" + // 0x0044032D: 0x00001E12
-	"\x00d\x03-\x00\x00\x1e\x13" + // 0x0064032D: 0x00001E13
-	"\x01\x12\x03\x00\x00\x00\x1e\x14" + // 0x01120300: 0x00001E14
-	"\x01\x13\x03\x00\x00\x00\x1e\x15" + // 0x01130300: 0x00001E15
-	"\x01\x12\x03\x01\x00\x00\x1e\x16" + // 0x01120301: 0x00001E16
-	"\x01\x13\x03\x01\x00\x00\x1e\x17" + // 0x01130301: 0x00001E17
-	"\x00E\x03-\x00\x00\x1e\x18" + // 0x0045032D: 0x00001E18
-	"\x00e\x03-\x00\x00\x1e\x19" + // 0x0065032D: 0x00001E19
-	"\x00E\x030\x00\x00\x1e\x1a" + // 0x00450330: 0x00001E1A
-	"\x00e\x030\x00\x00\x1e\x1b" + // 0x00650330: 0x00001E1B
-	"\x02(\x03\x06\x00\x00\x1e\x1c" + // 0x02280306: 0x00001E1C
-	"\x02)\x03\x06\x00\x00\x1e\x1d" + // 0x02290306: 0x00001E1D
-	"\x00F\x03\a\x00\x00\x1e\x1e" + // 0x00460307: 0x00001E1E
-	"\x00f\x03\a\x00\x00\x1e\x1f" + // 0x00660307: 0x00001E1F
-	"\x00G\x03\x04\x00\x00\x1e " + // 0x00470304: 0x00001E20
-	"\x00g\x03\x04\x00\x00\x1e!" + // 0x00670304: 0x00001E21
-	"\x00H\x03\a\x00\x00\x1e\"" + // 0x00480307: 0x00001E22
-	"\x00h\x03\a\x00\x00\x1e#" + // 0x00680307: 0x00001E23
-	"\x00H\x03#\x00\x00\x1e$" + // 0x00480323: 0x00001E24
-	"\x00h\x03#\x00\x00\x1e%" + // 0x00680323: 0x00001E25
-	"\x00H\x03\b\x00\x00\x1e&" + // 0x00480308: 0x00001E26
-	"\x00h\x03\b\x00\x00\x1e'" + // 0x00680308: 0x00001E27
-	"\x00H\x03'\x00\x00\x1e(" + // 0x00480327: 0x00001E28
-	"\x00h\x03'\x00\x00\x1e)" + // 0x00680327: 0x00001E29
-	"\x00H\x03.\x00\x00\x1e*" + // 0x0048032E: 0x00001E2A
-	"\x00h\x03.\x00\x00\x1e+" + // 0x0068032E: 0x00001E2B
-	"\x00I\x030\x00\x00\x1e," + // 0x00490330: 0x00001E2C
-	"\x00i\x030\x00\x00\x1e-" + // 0x00690330: 0x00001E2D
-	"\x00\xcf\x03\x01\x00\x00\x1e." + // 0x00CF0301: 0x00001E2E
-	"\x00\xef\x03\x01\x00\x00\x1e/" + // 0x00EF0301: 0x00001E2F
-	"\x00K\x03\x01\x00\x00\x1e0" + // 0x004B0301: 0x00001E30
-	"\x00k\x03\x01\x00\x00\x1e1" + // 0x006B0301: 0x00001E31
-	"\x00K\x03#\x00\x00\x1e2" + // 0x004B0323: 0x00001E32
-	"\x00k\x03#\x00\x00\x1e3" + // 0x006B0323: 0x00001E33
-	"\x00K\x031\x00\x00\x1e4" + // 0x004B0331: 0x00001E34
-	"\x00k\x031\x00\x00\x1e5" + // 0x006B0331: 0x00001E35
-	"\x00L\x03#\x00\x00\x1e6" + // 0x004C0323: 0x00001E36
-	"\x00l\x03#\x00\x00\x1e7" + // 0x006C0323: 0x00001E37
-	"\x1e6\x03\x04\x00\x00\x1e8" + // 0x1E360304: 0x00001E38
-	"\x1e7\x03\x04\x00\x00\x1e9" + // 0x1E370304: 0x00001E39
-	"\x00L\x031\x00\x00\x1e:" + // 0x004C0331: 0x00001E3A
-	"\x00l\x031\x00\x00\x1e;" + // 0x006C0331: 0x00001E3B
-	"\x00L\x03-\x00\x00\x1e<" + // 0x004C032D: 0x00001E3C
-	"\x00l\x03-\x00\x00\x1e=" + // 0x006C032D: 0x00001E3D
-	"\x00M\x03\x01\x00\x00\x1e>" + // 0x004D0301: 0x00001E3E
-	"\x00m\x03\x01\x00\x00\x1e?" + // 0x006D0301: 0x00001E3F
-	"\x00M\x03\a\x00\x00\x1e@" + // 0x004D0307: 0x00001E40
-	"\x00m\x03\a\x00\x00\x1eA" + // 0x006D0307: 0x00001E41
-	"\x00M\x03#\x00\x00\x1eB" + // 0x004D0323: 0x00001E42
-	"\x00m\x03#\x00\x00\x1eC" + // 0x006D0323: 0x00001E43
-	"\x00N\x03\a\x00\x00\x1eD" + // 0x004E0307: 0x00001E44
-	"\x00n\x03\a\x00\x00\x1eE" + // 0x006E0307: 0x00001E45
-	"\x00N\x03#\x00\x00\x1eF" + // 0x004E0323: 0x00001E46
-	"\x00n\x03#\x00\x00\x1eG" + // 0x006E0323: 0x00001E47
-	"\x00N\x031\x00\x00\x1eH" + // 0x004E0331: 0x00001E48
-	"\x00n\x031\x00\x00\x1eI" + // 0x006E0331: 0x00001E49
-	"\x00N\x03-\x00\x00\x1eJ" + // 0x004E032D: 0x00001E4A
-	"\x00n\x03-\x00\x00\x1eK" + // 0x006E032D: 0x00001E4B
-	"\x00\xd5\x03\x01\x00\x00\x1eL" + // 0x00D50301: 0x00001E4C
-	"\x00\xf5\x03\x01\x00\x00\x1eM" + // 0x00F50301: 0x00001E4D
-	"\x00\xd5\x03\b\x00\x00\x1eN" + // 0x00D50308: 0x00001E4E
-	"\x00\xf5\x03\b\x00\x00\x1eO" + // 0x00F50308: 0x00001E4F
-	"\x01L\x03\x00\x00\x00\x1eP" + // 0x014C0300: 0x00001E50
-	"\x01M\x03\x00\x00\x00\x1eQ" + // 0x014D0300: 0x00001E51
-	"\x01L\x03\x01\x00\x00\x1eR" + // 0x014C0301: 0x00001E52
-	"\x01M\x03\x01\x00\x00\x1eS" + // 0x014D0301: 0x00001E53
-	"\x00P\x03\x01\x00\x00\x1eT" + // 0x00500301: 0x00001E54
-	"\x00p\x03\x01\x00\x00\x1eU" + // 0x00700301: 0x00001E55
-	"\x00P\x03\a\x00\x00\x1eV" + // 0x00500307: 0x00001E56
-	"\x00p\x03\a\x00\x00\x1eW" + // 0x00700307: 0x00001E57
-	"\x00R\x03\a\x00\x00\x1eX" + // 0x00520307: 0x00001E58
-	"\x00r\x03\a\x00\x00\x1eY" + // 0x00720307: 0x00001E59
-	"\x00R\x03#\x00\x00\x1eZ" + // 0x00520323: 0x00001E5A
-	"\x00r\x03#\x00\x00\x1e[" + // 0x00720323: 0x00001E5B
-	"\x1eZ\x03\x04\x00\x00\x1e\\" + // 0x1E5A0304: 0x00001E5C
-	"\x1e[\x03\x04\x00\x00\x1e]" + // 0x1E5B0304: 0x00001E5D
-	"\x00R\x031\x00\x00\x1e^" + // 0x00520331: 0x00001E5E
-	"\x00r\x031\x00\x00\x1e_" + // 0x00720331: 0x00001E5F
-	"\x00S\x03\a\x00\x00\x1e`" + // 0x00530307: 0x00001E60
-	"\x00s\x03\a\x00\x00\x1ea" + // 0x00730307: 0x00001E61
-	"\x00S\x03#\x00\x00\x1eb" + // 0x00530323: 0x00001E62
-	"\x00s\x03#\x00\x00\x1ec" + // 0x00730323: 0x00001E63
-	"\x01Z\x03\a\x00\x00\x1ed" + // 0x015A0307: 0x00001E64
-	"\x01[\x03\a\x00\x00\x1ee" + // 0x015B0307: 0x00001E65
-	"\x01`\x03\a\x00\x00\x1ef" + // 0x01600307: 0x00001E66
-	"\x01a\x03\a\x00\x00\x1eg" + // 0x01610307: 0x00001E67
-	"\x1eb\x03\a\x00\x00\x1eh" + // 0x1E620307: 0x00001E68
-	"\x1ec\x03\a\x00\x00\x1ei" + // 0x1E630307: 0x00001E69
-	"\x00T\x03\a\x00\x00\x1ej" + // 0x00540307: 0x00001E6A
-	"\x00t\x03\a\x00\x00\x1ek" + // 0x00740307: 0x00001E6B
-	"\x00T\x03#\x00\x00\x1el" + // 0x00540323: 0x00001E6C
-	"\x00t\x03#\x00\x00\x1em" + // 0x00740323: 0x00001E6D
-	"\x00T\x031\x00\x00\x1en" + // 0x00540331: 0x00001E6E
-	"\x00t\x031\x00\x00\x1eo" + // 0x00740331: 0x00001E6F
-	"\x00T\x03-\x00\x00\x1ep" + // 0x0054032D: 0x00001E70
-	"\x00t\x03-\x00\x00\x1eq" + // 0x0074032D: 0x00001E71
-	"\x00U\x03$\x00\x00\x1er" + // 0x00550324: 0x00001E72
-	"\x00u\x03$\x00\x00\x1es" + // 0x00750324: 0x00001E73
-	"\x00U\x030\x00\x00\x1et" + // 0x00550330: 0x00001E74
-	"\x00u\x030\x00\x00\x1eu" + // 0x00750330: 0x00001E75
-	"\x00U\x03-\x00\x00\x1ev" + // 0x0055032D: 0x00001E76
-	"\x00u\x03-\x00\x00\x1ew" + // 0x0075032D: 0x00001E77
-	"\x01h\x03\x01\x00\x00\x1ex" + // 0x01680301: 0x00001E78
-	"\x01i\x03\x01\x00\x00\x1ey" + // 0x01690301: 0x00001E79
-	"\x01j\x03\b\x00\x00\x1ez" + // 0x016A0308: 0x00001E7A
-	"\x01k\x03\b\x00\x00\x1e{" + // 0x016B0308: 0x00001E7B
-	"\x00V\x03\x03\x00\x00\x1e|" + // 0x00560303: 0x00001E7C
-	"\x00v\x03\x03\x00\x00\x1e}" + // 0x00760303: 0x00001E7D
-	"\x00V\x03#\x00\x00\x1e~" + // 0x00560323: 0x00001E7E
-	"\x00v\x03#\x00\x00\x1e\u007f" + // 0x00760323: 0x00001E7F
-	"\x00W\x03\x00\x00\x00\x1e\x80" + // 0x00570300: 0x00001E80
-	"\x00w\x03\x00\x00\x00\x1e\x81" + // 0x00770300: 0x00001E81
-	"\x00W\x03\x01\x00\x00\x1e\x82" + // 0x00570301: 0x00001E82
-	"\x00w\x03\x01\x00\x00\x1e\x83" + // 0x00770301: 0x00001E83
-	"\x00W\x03\b\x00\x00\x1e\x84" + // 0x00570308: 0x00001E84
-	"\x00w\x03\b\x00\x00\x1e\x85" + // 0x00770308: 0x00001E85
-	"\x00W\x03\a\x00\x00\x1e\x86" + // 0x00570307: 0x00001E86
-	"\x00w\x03\a\x00\x00\x1e\x87" + // 0x00770307: 0x00001E87
-	"\x00W\x03#\x00\x00\x1e\x88" + // 0x00570323: 0x00001E88
-	"\x00w\x03#\x00\x00\x1e\x89" + // 0x00770323: 0x00001E89
-	"\x00X\x03\a\x00\x00\x1e\x8a" + // 0x00580307: 0x00001E8A
-	"\x00x\x03\a\x00\x00\x1e\x8b" + // 0x00780307: 0x00001E8B
-	"\x00X\x03\b\x00\x00\x1e\x8c" + // 0x00580308: 0x00001E8C
-	"\x00x\x03\b\x00\x00\x1e\x8d" + // 0x00780308: 0x00001E8D
-	"\x00Y\x03\a\x00\x00\x1e\x8e" + // 0x00590307: 0x00001E8E
-	"\x00y\x03\a\x00\x00\x1e\x8f" + // 0x00790307: 0x00001E8F
-	"\x00Z\x03\x02\x00\x00\x1e\x90" + // 0x005A0302: 0x00001E90
-	"\x00z\x03\x02\x00\x00\x1e\x91" + // 0x007A0302: 0x00001E91
-	"\x00Z\x03#\x00\x00\x1e\x92" + // 0x005A0323: 0x00001E92
-	"\x00z\x03#\x00\x00\x1e\x93" + // 0x007A0323: 0x00001E93
-	"\x00Z\x031\x00\x00\x1e\x94" + // 0x005A0331: 0x00001E94
-	"\x00z\x031\x00\x00\x1e\x95" + // 0x007A0331: 0x00001E95
-	"\x00h\x031\x00\x00\x1e\x96" + // 0x00680331: 0x00001E96
-	"\x00t\x03\b\x00\x00\x1e\x97" + // 0x00740308: 0x00001E97
-	"\x00w\x03\n\x00\x00\x1e\x98" + // 0x0077030A: 0x00001E98
-	"\x00y\x03\n\x00\x00\x1e\x99" + // 0x0079030A: 0x00001E99
-	"\x01\u007f\x03\a\x00\x00\x1e\x9b" + // 0x017F0307: 0x00001E9B
-	"\x00A\x03#\x00\x00\x1e\xa0" + // 0x00410323: 0x00001EA0
-	"\x00a\x03#\x00\x00\x1e\xa1" + // 0x00610323: 0x00001EA1
-	"\x00A\x03\t\x00\x00\x1e\xa2" + // 0x00410309: 0x00001EA2
-	"\x00a\x03\t\x00\x00\x1e\xa3" + // 0x00610309: 0x00001EA3
-	"\x00\xc2\x03\x01\x00\x00\x1e\xa4" + // 0x00C20301: 0x00001EA4
-	"\x00\xe2\x03\x01\x00\x00\x1e\xa5" + // 0x00E20301: 0x00001EA5
-	"\x00\xc2\x03\x00\x00\x00\x1e\xa6" + // 0x00C20300: 0x00001EA6
-	"\x00\xe2\x03\x00\x00\x00\x1e\xa7" + // 0x00E20300: 0x00001EA7
-	"\x00\xc2\x03\t\x00\x00\x1e\xa8" + // 0x00C20309: 0x00001EA8
-	"\x00\xe2\x03\t\x00\x00\x1e\xa9" + // 0x00E20309: 0x00001EA9
-	"\x00\xc2\x03\x03\x00\x00\x1e\xaa" + // 0x00C20303: 0x00001EAA
-	"\x00\xe2\x03\x03\x00\x00\x1e\xab" + // 0x00E20303: 0x00001EAB
-	"\x1e\xa0\x03\x02\x00\x00\x1e\xac" + // 0x1EA00302: 0x00001EAC
-	"\x1e\xa1\x03\x02\x00\x00\x1e\xad" + // 0x1EA10302: 0x00001EAD
-	"\x01\x02\x03\x01\x00\x00\x1e\xae" + // 0x01020301: 0x00001EAE
-	"\x01\x03\x03\x01\x00\x00\x1e\xaf" + // 0x01030301: 0x00001EAF
-	"\x01\x02\x03\x00\x00\x00\x1e\xb0" + // 0x01020300: 0x00001EB0
-	"\x01\x03\x03\x00\x00\x00\x1e\xb1" + // 0x01030300: 0x00001EB1
-	"\x01\x02\x03\t\x00\x00\x1e\xb2" + // 0x01020309: 0x00001EB2
-	"\x01\x03\x03\t\x00\x00\x1e\xb3" + // 0x01030309: 0x00001EB3
-	"\x01\x02\x03\x03\x00\x00\x1e\xb4" + // 0x01020303: 0x00001EB4
-	"\x01\x03\x03\x03\x00\x00\x1e\xb5" + // 0x01030303: 0x00001EB5
-	"\x1e\xa0\x03\x06\x00\x00\x1e\xb6" + // 0x1EA00306: 0x00001EB6
-	"\x1e\xa1\x03\x06\x00\x00\x1e\xb7" + // 0x1EA10306: 0x00001EB7
-	"\x00E\x03#\x00\x00\x1e\xb8" + // 0x00450323: 0x00001EB8
-	"\x00e\x03#\x00\x00\x1e\xb9" + // 0x00650323: 0x00001EB9
-	"\x00E\x03\t\x00\x00\x1e\xba" + // 0x00450309: 0x00001EBA
-	"\x00e\x03\t\x00\x00\x1e\xbb" + // 0x00650309: 0x00001EBB
-	"\x00E\x03\x03\x00\x00\x1e\xbc" + // 0x00450303: 0x00001EBC
-	"\x00e\x03\x03\x00\x00\x1e\xbd" + // 0x00650303: 0x00001EBD
-	"\x00\xca\x03\x01\x00\x00\x1e\xbe" + // 0x00CA0301: 0x00001EBE
-	"\x00\xea\x03\x01\x00\x00\x1e\xbf" + // 0x00EA0301: 0x00001EBF
-	"\x00\xca\x03\x00\x00\x00\x1e\xc0" + // 0x00CA0300: 0x00001EC0
-	"\x00\xea\x03\x00\x00\x00\x1e\xc1" + // 0x00EA0300: 0x00001EC1
-	"\x00\xca\x03\t\x00\x00\x1e\xc2" + // 0x00CA0309: 0x00001EC2
-	"\x00\xea\x03\t\x00\x00\x1e\xc3" + // 0x00EA0309: 0x00001EC3
-	"\x00\xca\x03\x03\x00\x00\x1e\xc4" + // 0x00CA0303: 0x00001EC4
-	"\x00\xea\x03\x03\x00\x00\x1e\xc5" + // 0x00EA0303: 0x00001EC5
-	"\x1e\xb8\x03\x02\x00\x00\x1e\xc6" + // 0x1EB80302: 0x00001EC6
-	"\x1e\xb9\x03\x02\x00\x00\x1e\xc7" + // 0x1EB90302: 0x00001EC7
-	"\x00I\x03\t\x00\x00\x1e\xc8" + // 0x00490309: 0x00001EC8
-	"\x00i\x03\t\x00\x00\x1e\xc9" + // 0x00690309: 0x00001EC9
-	"\x00I\x03#\x00\x00\x1e\xca" + // 0x00490323: 0x00001ECA
-	"\x00i\x03#\x00\x00\x1e\xcb" + // 0x00690323: 0x00001ECB
-	"\x00O\x03#\x00\x00\x1e\xcc" + // 0x004F0323: 0x00001ECC
-	"\x00o\x03#\x00\x00\x1e\xcd" + // 0x006F0323: 0x00001ECD
-	"\x00O\x03\t\x00\x00\x1e\xce" + // 0x004F0309: 0x00001ECE
-	"\x00o\x03\t\x00\x00\x1e\xcf" + // 0x006F0309: 0x00001ECF
-	"\x00\xd4\x03\x01\x00\x00\x1e\xd0" + // 0x00D40301: 0x00001ED0
-	"\x00\xf4\x03\x01\x00\x00\x1e\xd1" + // 0x00F40301: 0x00001ED1
-	"\x00\xd4\x03\x00\x00\x00\x1e\xd2" + // 0x00D40300: 0x00001ED2
-	"\x00\xf4\x03\x00\x00\x00\x1e\xd3" + // 0x00F40300: 0x00001ED3
-	"\x00\xd4\x03\t\x00\x00\x1e\xd4" + // 0x00D40309: 0x00001ED4
-	"\x00\xf4\x03\t\x00\x00\x1e\xd5" + // 0x00F40309: 0x00001ED5
-	"\x00\xd4\x03\x03\x00\x00\x1e\xd6" + // 0x00D40303: 0x00001ED6
-	"\x00\xf4\x03\x03\x00\x00\x1e\xd7" + // 0x00F40303: 0x00001ED7
-	"\x1e\xcc\x03\x02\x00\x00\x1e\xd8" + // 0x1ECC0302: 0x00001ED8
-	"\x1e\xcd\x03\x02\x00\x00\x1e\xd9" + // 0x1ECD0302: 0x00001ED9
-	"\x01\xa0\x03\x01\x00\x00\x1e\xda" + // 0x01A00301: 0x00001EDA
-	"\x01\xa1\x03\x01\x00\x00\x1e\xdb" + // 0x01A10301: 0x00001EDB
-	"\x01\xa0\x03\x00\x00\x00\x1e\xdc" + // 0x01A00300: 0x00001EDC
-	"\x01\xa1\x03\x00\x00\x00\x1e\xdd" + // 0x01A10300: 0x00001EDD
-	"\x01\xa0\x03\t\x00\x00\x1e\xde" + // 0x01A00309: 0x00001EDE
-	"\x01\xa1\x03\t\x00\x00\x1e\xdf" + // 0x01A10309: 0x00001EDF
-	"\x01\xa0\x03\x03\x00\x00\x1e\xe0" + // 0x01A00303: 0x00001EE0
-	"\x01\xa1\x03\x03\x00\x00\x1e\xe1" + // 0x01A10303: 0x00001EE1
-	"\x01\xa0\x03#\x00\x00\x1e\xe2" + // 0x01A00323: 0x00001EE2
-	"\x01\xa1\x03#\x00\x00\x1e\xe3" + // 0x01A10323: 0x00001EE3
-	"\x00U\x03#\x00\x00\x1e\xe4" + // 0x00550323: 0x00001EE4
-	"\x00u\x03#\x00\x00\x1e\xe5" + // 0x00750323: 0x00001EE5
-	"\x00U\x03\t\x00\x00\x1e\xe6" + // 0x00550309: 0x00001EE6
-	"\x00u\x03\t\x00\x00\x1e\xe7" + // 0x00750309: 0x00001EE7
-	"\x01\xaf\x03\x01\x00\x00\x1e\xe8" + // 0x01AF0301: 0x00001EE8
-	"\x01\xb0\x03\x01\x00\x00\x1e\xe9" + // 0x01B00301: 0x00001EE9
-	"\x01\xaf\x03\x00\x00\x00\x1e\xea" + // 0x01AF0300: 0x00001EEA
-	"\x01\xb0\x03\x00\x00\x00\x1e\xeb" + // 0x01B00300: 0x00001EEB
-	"\x01\xaf\x03\t\x00\x00\x1e\xec" + // 0x01AF0309: 0x00001EEC
-	"\x01\xb0\x03\t\x00\x00\x1e\xed" + // 0x01B00309: 0x00001EED
-	"\x01\xaf\x03\x03\x00\x00\x1e\xee" + // 0x01AF0303: 0x00001EEE
-	"\x01\xb0\x03\x03\x00\x00\x1e\xef" + // 0x01B00303: 0x00001EEF
-	"\x01\xaf\x03#\x00\x00\x1e\xf0" + // 0x01AF0323: 0x00001EF0
-	"\x01\xb0\x03#\x00\x00\x1e\xf1" + // 0x01B00323: 0x00001EF1
-	"\x00Y\x03\x00\x00\x00\x1e\xf2" + // 0x00590300: 0x00001EF2
-	"\x00y\x03\x00\x00\x00\x1e\xf3" + // 0x00790300: 0x00001EF3
-	"\x00Y\x03#\x00\x00\x1e\xf4" + // 0x00590323: 0x00001EF4
-	"\x00y\x03#\x00\x00\x1e\xf5" + // 0x00790323: 0x00001EF5
-	"\x00Y\x03\t\x00\x00\x1e\xf6" + // 0x00590309: 0x00001EF6
-	"\x00y\x03\t\x00\x00\x1e\xf7" + // 0x00790309: 0x00001EF7
-	"\x00Y\x03\x03\x00\x00\x1e\xf8" + // 0x00590303: 0x00001EF8
-	"\x00y\x03\x03\x00\x00\x1e\xf9" + // 0x00790303: 0x00001EF9
-	"\x03\xb1\x03\x13\x00\x00\x1f\x00" + // 0x03B10313: 0x00001F00
-	"\x03\xb1\x03\x14\x00\x00\x1f\x01" + // 0x03B10314: 0x00001F01
-	"\x1f\x00\x03\x00\x00\x00\x1f\x02" + // 0x1F000300: 0x00001F02
-	"\x1f\x01\x03\x00\x00\x00\x1f\x03" + // 0x1F010300: 0x00001F03
-	"\x1f\x00\x03\x01\x00\x00\x1f\x04" + // 0x1F000301: 0x00001F04
-	"\x1f\x01\x03\x01\x00\x00\x1f\x05" + // 0x1F010301: 0x00001F05
-	"\x1f\x00\x03B\x00\x00\x1f\x06" + // 0x1F000342: 0x00001F06
-	"\x1f\x01\x03B\x00\x00\x1f\a" + // 0x1F010342: 0x00001F07
-	"\x03\x91\x03\x13\x00\x00\x1f\b" + // 0x03910313: 0x00001F08
-	"\x03\x91\x03\x14\x00\x00\x1f\t" + // 0x03910314: 0x00001F09
-	"\x1f\b\x03\x00\x00\x00\x1f\n" + // 0x1F080300: 0x00001F0A
-	"\x1f\t\x03\x00\x00\x00\x1f\v" + // 0x1F090300: 0x00001F0B
-	"\x1f\b\x03\x01\x00\x00\x1f\f" + // 0x1F080301: 0x00001F0C
-	"\x1f\t\x03\x01\x00\x00\x1f\r" + // 0x1F090301: 0x00001F0D
-	"\x1f\b\x03B\x00\x00\x1f\x0e" + // 0x1F080342: 0x00001F0E
-	"\x1f\t\x03B\x00\x00\x1f\x0f" + // 0x1F090342: 0x00001F0F
-	"\x03\xb5\x03\x13\x00\x00\x1f\x10" + // 0x03B50313: 0x00001F10
-	"\x03\xb5\x03\x14\x00\x00\x1f\x11" + // 0x03B50314: 0x00001F11
-	"\x1f\x10\x03\x00\x00\x00\x1f\x12" + // 0x1F100300: 0x00001F12
-	"\x1f\x11\x03\x00\x00\x00\x1f\x13" + // 0x1F110300: 0x00001F13
-	"\x1f\x10\x03\x01\x00\x00\x1f\x14" + // 0x1F100301: 0x00001F14
-	"\x1f\x11\x03\x01\x00\x00\x1f\x15" + // 0x1F110301: 0x00001F15
-	"\x03\x95\x03\x13\x00\x00\x1f\x18" + // 0x03950313: 0x00001F18
-	"\x03\x95\x03\x14\x00\x00\x1f\x19" + // 0x03950314: 0x00001F19
-	"\x1f\x18\x03\x00\x00\x00\x1f\x1a" + // 0x1F180300: 0x00001F1A
-	"\x1f\x19\x03\x00\x00\x00\x1f\x1b" + // 0x1F190300: 0x00001F1B
-	"\x1f\x18\x03\x01\x00\x00\x1f\x1c" + // 0x1F180301: 0x00001F1C
-	"\x1f\x19\x03\x01\x00\x00\x1f\x1d" + // 0x1F190301: 0x00001F1D
-	"\x03\xb7\x03\x13\x00\x00\x1f " + // 0x03B70313: 0x00001F20
-	"\x03\xb7\x03\x14\x00\x00\x1f!" + // 0x03B70314: 0x00001F21
-	"\x1f \x03\x00\x00\x00\x1f\"" + // 0x1F200300: 0x00001F22
-	"\x1f!\x03\x00\x00\x00\x1f#" + // 0x1F210300: 0x00001F23
-	"\x1f \x03\x01\x00\x00\x1f$" + // 0x1F200301: 0x00001F24
-	"\x1f!\x03\x01\x00\x00\x1f%" + // 0x1F210301: 0x00001F25
-	"\x1f \x03B\x00\x00\x1f&" + // 0x1F200342: 0x00001F26
-	"\x1f!\x03B\x00\x00\x1f'" + // 0x1F210342: 0x00001F27
-	"\x03\x97\x03\x13\x00\x00\x1f(" + // 0x03970313: 0x00001F28
-	"\x03\x97\x03\x14\x00\x00\x1f)" + // 0x03970314: 0x00001F29
-	"\x1f(\x03\x00\x00\x00\x1f*" + // 0x1F280300: 0x00001F2A
-	"\x1f)\x03\x00\x00\x00\x1f+" + // 0x1F290300: 0x00001F2B
-	"\x1f(\x03\x01\x00\x00\x1f," + // 0x1F280301: 0x00001F2C
-	"\x1f)\x03\x01\x00\x00\x1f-" + // 0x1F290301: 0x00001F2D
-	"\x1f(\x03B\x00\x00\x1f." + // 0x1F280342: 0x00001F2E
-	"\x1f)\x03B\x00\x00\x1f/" + // 0x1F290342: 0x00001F2F
-	"\x03\xb9\x03\x13\x00\x00\x1f0" + // 0x03B90313: 0x00001F30
-	"\x03\xb9\x03\x14\x00\x00\x1f1" + // 0x03B90314: 0x00001F31
-	"\x1f0\x03\x00\x00\x00\x1f2" + // 0x1F300300: 0x00001F32
-	"\x1f1\x03\x00\x00\x00\x1f3" + // 0x1F310300: 0x00001F33
-	"\x1f0\x03\x01\x00\x00\x1f4" + // 0x1F300301: 0x00001F34
-	"\x1f1\x03\x01\x00\x00\x1f5" + // 0x1F310301: 0x00001F35
-	"\x1f0\x03B\x00\x00\x1f6" + // 0x1F300342: 0x00001F36
-	"\x1f1\x03B\x00\x00\x1f7" + // 0x1F310342: 0x00001F37
-	"\x03\x99\x03\x13\x00\x00\x1f8" + // 0x03990313: 0x00001F38
-	"\x03\x99\x03\x14\x00\x00\x1f9" + // 0x03990314: 0x00001F39
-	"\x1f8\x03\x00\x00\x00\x1f:" + // 0x1F380300: 0x00001F3A
-	"\x1f9\x03\x00\x00\x00\x1f;" + // 0x1F390300: 0x00001F3B
-	"\x1f8\x03\x01\x00\x00\x1f<" + // 0x1F380301: 0x00001F3C
-	"\x1f9\x03\x01\x00\x00\x1f=" + // 0x1F390301: 0x00001F3D
-	"\x1f8\x03B\x00\x00\x1f>" + // 0x1F380342: 0x00001F3E
-	"\x1f9\x03B\x00\x00\x1f?" + // 0x1F390342: 0x00001F3F
-	"\x03\xbf\x03\x13\x00\x00\x1f@" + // 0x03BF0313: 0x00001F40
-	"\x03\xbf\x03\x14\x00\x00\x1fA" + // 0x03BF0314: 0x00001F41
-	"\x1f@\x03\x00\x00\x00\x1fB" + // 0x1F400300: 0x00001F42
-	"\x1fA\x03\x00\x00\x00\x1fC" + // 0x1F410300: 0x00001F43
-	"\x1f@\x03\x01\x00\x00\x1fD" + // 0x1F400301: 0x00001F44
-	"\x1fA\x03\x01\x00\x00\x1fE" + // 0x1F410301: 0x00001F45
-	"\x03\x9f\x03\x13\x00\x00\x1fH" + // 0x039F0313: 0x00001F48
-	"\x03\x9f\x03\x14\x00\x00\x1fI" + // 0x039F0314: 0x00001F49
-	"\x1fH\x03\x00\x00\x00\x1fJ" + // 0x1F480300: 0x00001F4A
-	"\x1fI\x03\x00\x00\x00\x1fK" + // 0x1F490300: 0x00001F4B
-	"\x1fH\x03\x01\x00\x00\x1fL" + // 0x1F480301: 0x00001F4C
-	"\x1fI\x03\x01\x00\x00\x1fM" + // 0x1F490301: 0x00001F4D
-	"\x03\xc5\x03\x13\x00\x00\x1fP" + // 0x03C50313: 0x00001F50
-	"\x03\xc5\x03\x14\x00\x00\x1fQ" + // 0x03C50314: 0x00001F51
-	"\x1fP\x03\x00\x00\x00\x1fR" + // 0x1F500300: 0x00001F52
-	"\x1fQ\x03\x00\x00\x00\x1fS" + // 0x1F510300: 0x00001F53
-	"\x1fP\x03\x01\x00\x00\x1fT" + // 0x1F500301: 0x00001F54
-	"\x1fQ\x03\x01\x00\x00\x1fU" + // 0x1F510301: 0x00001F55
-	"\x1fP\x03B\x00\x00\x1fV" + // 0x1F500342: 0x00001F56
-	"\x1fQ\x03B\x00\x00\x1fW" + // 0x1F510342: 0x00001F57
-	"\x03\xa5\x03\x14\x00\x00\x1fY" + // 0x03A50314: 0x00001F59
-	"\x1fY\x03\x00\x00\x00\x1f[" + // 0x1F590300: 0x00001F5B
-	"\x1fY\x03\x01\x00\x00\x1f]" + // 0x1F590301: 0x00001F5D
-	"\x1fY\x03B\x00\x00\x1f_" + // 0x1F590342: 0x00001F5F
-	"\x03\xc9\x03\x13\x00\x00\x1f`" + // 0x03C90313: 0x00001F60
-	"\x03\xc9\x03\x14\x00\x00\x1fa" + // 0x03C90314: 0x00001F61
-	"\x1f`\x03\x00\x00\x00\x1fb" + // 0x1F600300: 0x00001F62
-	"\x1fa\x03\x00\x00\x00\x1fc" + // 0x1F610300: 0x00001F63
-	"\x1f`\x03\x01\x00\x00\x1fd" + // 0x1F600301: 0x00001F64
-	"\x1fa\x03\x01\x00\x00\x1fe" + // 0x1F610301: 0x00001F65
-	"\x1f`\x03B\x00\x00\x1ff" + // 0x1F600342: 0x00001F66
-	"\x1fa\x03B\x00\x00\x1fg" + // 0x1F610342: 0x00001F67
-	"\x03\xa9\x03\x13\x00\x00\x1fh" + // 0x03A90313: 0x00001F68
-	"\x03\xa9\x03\x14\x00\x00\x1fi" + // 0x03A90314: 0x00001F69
-	"\x1fh\x03\x00\x00\x00\x1fj" + // 0x1F680300: 0x00001F6A
-	"\x1fi\x03\x00\x00\x00\x1fk" + // 0x1F690300: 0x00001F6B
-	"\x1fh\x03\x01\x00\x00\x1fl" + // 0x1F680301: 0x00001F6C
-	"\x1fi\x03\x01\x00\x00\x1fm" + // 0x1F690301: 0x00001F6D
-	"\x1fh\x03B\x00\x00\x1fn" + // 0x1F680342: 0x00001F6E
-	"\x1fi\x03B\x00\x00\x1fo" + // 0x1F690342: 0x00001F6F
-	"\x03\xb1\x03\x00\x00\x00\x1fp" + // 0x03B10300: 0x00001F70
-	"\x03\xb5\x03\x00\x00\x00\x1fr" + // 0x03B50300: 0x00001F72
-	"\x03\xb7\x03\x00\x00\x00\x1ft" + // 0x03B70300: 0x00001F74
-	"\x03\xb9\x03\x00\x00\x00\x1fv" + // 0x03B90300: 0x00001F76
-	"\x03\xbf\x03\x00\x00\x00\x1fx" + // 0x03BF0300: 0x00001F78
-	"\x03\xc5\x03\x00\x00\x00\x1fz" + // 0x03C50300: 0x00001F7A
-	"\x03\xc9\x03\x00\x00\x00\x1f|" + // 0x03C90300: 0x00001F7C
-	"\x1f\x00\x03E\x00\x00\x1f\x80" + // 0x1F000345: 0x00001F80
-	"\x1f\x01\x03E\x00\x00\x1f\x81" + // 0x1F010345: 0x00001F81
-	"\x1f\x02\x03E\x00\x00\x1f\x82" + // 0x1F020345: 0x00001F82
-	"\x1f\x03\x03E\x00\x00\x1f\x83" + // 0x1F030345: 0x00001F83
-	"\x1f\x04\x03E\x00\x00\x1f\x84" + // 0x1F040345: 0x00001F84
-	"\x1f\x05\x03E\x00\x00\x1f\x85" + // 0x1F050345: 0x00001F85
-	"\x1f\x06\x03E\x00\x00\x1f\x86" + // 0x1F060345: 0x00001F86
-	"\x1f\a\x03E\x00\x00\x1f\x87" + // 0x1F070345: 0x00001F87
-	"\x1f\b\x03E\x00\x00\x1f\x88" + // 0x1F080345: 0x00001F88
-	"\x1f\t\x03E\x00\x00\x1f\x89" + // 0x1F090345: 0x00001F89
-	"\x1f\n\x03E\x00\x00\x1f\x8a" + // 0x1F0A0345: 0x00001F8A
-	"\x1f\v\x03E\x00\x00\x1f\x8b" + // 0x1F0B0345: 0x00001F8B
-	"\x1f\f\x03E\x00\x00\x1f\x8c" + // 0x1F0C0345: 0x00001F8C
-	"\x1f\r\x03E\x00\x00\x1f\x8d" + // 0x1F0D0345: 0x00001F8D
-	"\x1f\x0e\x03E\x00\x00\x1f\x8e" + // 0x1F0E0345: 0x00001F8E
-	"\x1f\x0f\x03E\x00\x00\x1f\x8f" + // 0x1F0F0345: 0x00001F8F
-	"\x1f \x03E\x00\x00\x1f\x90" + // 0x1F200345: 0x00001F90
-	"\x1f!\x03E\x00\x00\x1f\x91" + // 0x1F210345: 0x00001F91
-	"\x1f\"\x03E\x00\x00\x1f\x92" + // 0x1F220345: 0x00001F92
-	"\x1f#\x03E\x00\x00\x1f\x93" + // 0x1F230345: 0x00001F93
-	"\x1f$\x03E\x00\x00\x1f\x94" + // 0x1F240345: 0x00001F94
-	"\x1f%\x03E\x00\x00\x1f\x95" + // 0x1F250345: 0x00001F95
-	"\x1f&\x03E\x00\x00\x1f\x96" + // 0x1F260345: 0x00001F96
-	"\x1f'\x03E\x00\x00\x1f\x97" + // 0x1F270345: 0x00001F97
-	"\x1f(\x03E\x00\x00\x1f\x98" + // 0x1F280345: 0x00001F98
-	"\x1f)\x03E\x00\x00\x1f\x99" + // 0x1F290345: 0x00001F99
-	"\x1f*\x03E\x00\x00\x1f\x9a" + // 0x1F2A0345: 0x00001F9A
-	"\x1f+\x03E\x00\x00\x1f\x9b" + // 0x1F2B0345: 0x00001F9B
-	"\x1f,\x03E\x00\x00\x1f\x9c" + // 0x1F2C0345: 0x00001F9C
-	"\x1f-\x03E\x00\x00\x1f\x9d" + // 0x1F2D0345: 0x00001F9D
-	"\x1f.\x03E\x00\x00\x1f\x9e" + // 0x1F2E0345: 0x00001F9E
-	"\x1f/\x03E\x00\x00\x1f\x9f" + // 0x1F2F0345: 0x00001F9F
-	"\x1f`\x03E\x00\x00\x1f\xa0" + // 0x1F600345: 0x00001FA0
-	"\x1fa\x03E\x00\x00\x1f\xa1" + // 0x1F610345: 0x00001FA1
-	"\x1fb\x03E\x00\x00\x1f\xa2" + // 0x1F620345: 0x00001FA2
-	"\x1fc\x03E\x00\x00\x1f\xa3" + // 0x1F630345: 0x00001FA3
-	"\x1fd\x03E\x00\x00\x1f\xa4" + // 0x1F640345: 0x00001FA4
-	"\x1fe\x03E\x00\x00\x1f\xa5" + // 0x1F650345: 0x00001FA5
-	"\x1ff\x03E\x00\x00\x1f\xa6" + // 0x1F660345: 0x00001FA6
-	"\x1fg\x03E\x00\x00\x1f\xa7" + // 0x1F670345: 0x00001FA7
-	"\x1fh\x03E\x00\x00\x1f\xa8" + // 0x1F680345: 0x00001FA8
-	"\x1fi\x03E\x00\x00\x1f\xa9" + // 0x1F690345: 0x00001FA9
-	"\x1fj\x03E\x00\x00\x1f\xaa" + // 0x1F6A0345: 0x00001FAA
-	"\x1fk\x03E\x00\x00\x1f\xab" + // 0x1F6B0345: 0x00001FAB
-	"\x1fl\x03E\x00\x00\x1f\xac" + // 0x1F6C0345: 0x00001FAC
-	"\x1fm\x03E\x00\x00\x1f\xad" + // 0x1F6D0345: 0x00001FAD
-	"\x1fn\x03E\x00\x00\x1f\xae" + // 0x1F6E0345: 0x00001FAE
-	"\x1fo\x03E\x00\x00\x1f\xaf" + // 0x1F6F0345: 0x00001FAF
-	"\x03\xb1\x03\x06\x00\x00\x1f\xb0" + // 0x03B10306: 0x00001FB0
-	"\x03\xb1\x03\x04\x00\x00\x1f\xb1" + // 0x03B10304: 0x00001FB1
-	"\x1fp\x03E\x00\x00\x1f\xb2" + // 0x1F700345: 0x00001FB2
-	"\x03\xb1\x03E\x00\x00\x1f\xb3" + // 0x03B10345: 0x00001FB3
-	"\x03\xac\x03E\x00\x00\x1f\xb4" + // 0x03AC0345: 0x00001FB4
-	"\x03\xb1\x03B\x00\x00\x1f\xb6" + // 0x03B10342: 0x00001FB6
-	"\x1f\xb6\x03E\x00\x00\x1f\xb7" + // 0x1FB60345: 0x00001FB7
-	"\x03\x91\x03\x06\x00\x00\x1f\xb8" + // 0x03910306: 0x00001FB8
-	"\x03\x91\x03\x04\x00\x00\x1f\xb9" + // 0x03910304: 0x00001FB9
-	"\x03\x91\x03\x00\x00\x00\x1f\xba" + // 0x03910300: 0x00001FBA
-	"\x03\x91\x03E\x00\x00\x1f\xbc" + // 0x03910345: 0x00001FBC
-	"\x00\xa8\x03B\x00\x00\x1f\xc1" + // 0x00A80342: 0x00001FC1
-	"\x1ft\x03E\x00\x00\x1f\xc2" + // 0x1F740345: 0x00001FC2
-	"\x03\xb7\x03E\x00\x00\x1f\xc3" + // 0x03B70345: 0x00001FC3
-	"\x03\xae\x03E\x00\x00\x1f\xc4" + // 0x03AE0345: 0x00001FC4
-	"\x03\xb7\x03B\x00\x00\x1f\xc6" + // 0x03B70342: 0x00001FC6
-	"\x1f\xc6\x03E\x00\x00\x1f\xc7" + // 0x1FC60345: 0x00001FC7
-	"\x03\x95\x03\x00\x00\x00\x1f\xc8" + // 0x03950300: 0x00001FC8
-	"\x03\x97\x03\x00\x00\x00\x1f\xca" + // 0x03970300: 0x00001FCA
-	"\x03\x97\x03E\x00\x00\x1f\xcc" + // 0x03970345: 0x00001FCC
-	"\x1f\xbf\x03\x00\x00\x00\x1f\xcd" + // 0x1FBF0300: 0x00001FCD
-	"\x1f\xbf\x03\x01\x00\x00\x1f\xce" + // 0x1FBF0301: 0x00001FCE
-	"\x1f\xbf\x03B\x00\x00\x1f\xcf" + // 0x1FBF0342: 0x00001FCF
-	"\x03\xb9\x03\x06\x00\x00\x1f\xd0" + // 0x03B90306: 0x00001FD0
-	"\x03\xb9\x03\x04\x00\x00\x1f\xd1" + // 0x03B90304: 0x00001FD1
-	"\x03\xca\x03\x00\x00\x00\x1f\xd2" + // 0x03CA0300: 0x00001FD2
-	"\x03\xb9\x03B\x00\x00\x1f\xd6" + // 0x03B90342: 0x00001FD6
-	"\x03\xca\x03B\x00\x00\x1f\xd7" + // 0x03CA0342: 0x00001FD7
-	"\x03\x99\x03\x06\x00\x00\x1f\xd8" + // 0x03990306: 0x00001FD8
-	"\x03\x99\x03\x04\x00\x00\x1f\xd9" + // 0x03990304: 0x00001FD9
-	"\x03\x99\x03\x00\x00\x00\x1f\xda" + // 0x03990300: 0x00001FDA
-	"\x1f\xfe\x03\x00\x00\x00\x1f\xdd" + // 0x1FFE0300: 0x00001FDD
-	"\x1f\xfe\x03\x01\x00\x00\x1f\xde" + // 0x1FFE0301: 0x00001FDE
-	"\x1f\xfe\x03B\x00\x00\x1f\xdf" + // 0x1FFE0342: 0x00001FDF
-	"\x03\xc5\x03\x06\x00\x00\x1f\xe0" + // 0x03C50306: 0x00001FE0
-	"\x03\xc5\x03\x04\x00\x00\x1f\xe1" + // 0x03C50304: 0x00001FE1
-	"\x03\xcb\x03\x00\x00\x00\x1f\xe2" + // 0x03CB0300: 0x00001FE2
-	"\x03\xc1\x03\x13\x00\x00\x1f\xe4" + // 0x03C10313: 0x00001FE4
-	"\x03\xc1\x03\x14\x00\x00\x1f\xe5" + // 0x03C10314: 0x00001FE5
-	"\x03\xc5\x03B\x00\x00\x1f\xe6" + // 0x03C50342: 0x00001FE6
-	"\x03\xcb\x03B\x00\x00\x1f\xe7" + // 0x03CB0342: 0x00001FE7
-	"\x03\xa5\x03\x06\x00\x00\x1f\xe8" + // 0x03A50306: 0x00001FE8
-	"\x03\xa5\x03\x04\x00\x00\x1f\xe9" + // 0x03A50304: 0x00001FE9
-	"\x03\xa5\x03\x00\x00\x00\x1f\xea" + // 0x03A50300: 0x00001FEA
-	"\x03\xa1\x03\x14\x00\x00\x1f\xec" + // 0x03A10314: 0x00001FEC
-	"\x00\xa8\x03\x00\x00\x00\x1f\xed" + // 0x00A80300: 0x00001FED
-	"\x1f|\x03E\x00\x00\x1f\xf2" + // 0x1F7C0345: 0x00001FF2
-	"\x03\xc9\x03E\x00\x00\x1f\xf3" + // 0x03C90345: 0x00001FF3
-	"\x03\xce\x03E\x00\x00\x1f\xf4" + // 0x03CE0345: 0x00001FF4
-	"\x03\xc9\x03B\x00\x00\x1f\xf6" + // 0x03C90342: 0x00001FF6
-	"\x1f\xf6\x03E\x00\x00\x1f\xf7" + // 0x1FF60345: 0x00001FF7
-	"\x03\x9f\x03\x00\x00\x00\x1f\xf8" + // 0x039F0300: 0x00001FF8
-	"\x03\xa9\x03\x00\x00\x00\x1f\xfa" + // 0x03A90300: 0x00001FFA
-	"\x03\xa9\x03E\x00\x00\x1f\xfc" + // 0x03A90345: 0x00001FFC
-	"!\x90\x038\x00\x00!\x9a" + // 0x21900338: 0x0000219A
-	"!\x92\x038\x00\x00!\x9b" + // 0x21920338: 0x0000219B
-	"!\x94\x038\x00\x00!\xae" + // 0x21940338: 0x000021AE
-	"!\xd0\x038\x00\x00!\xcd" + // 0x21D00338: 0x000021CD
-	"!\xd4\x038\x00\x00!\xce" + // 0x21D40338: 0x000021CE
-	"!\xd2\x038\x00\x00!\xcf" + // 0x21D20338: 0x000021CF
-	"\"\x03\x038\x00\x00\"\x04" + // 0x22030338: 0x00002204
-	"\"\b\x038\x00\x00\"\t" + // 0x22080338: 0x00002209
-	"\"\v\x038\x00\x00\"\f" + // 0x220B0338: 0x0000220C
-	"\"#\x038\x00\x00\"$" + // 0x22230338: 0x00002224
-	"\"%\x038\x00\x00\"&" + // 0x22250338: 0x00002226
-	"\"<\x038\x00\x00\"A" + // 0x223C0338: 0x00002241
-	"\"C\x038\x00\x00\"D" + // 0x22430338: 0x00002244
-	"\"E\x038\x00\x00\"G" + // 0x22450338: 0x00002247
-	"\"H\x038\x00\x00\"I" + // 0x22480338: 0x00002249
-	"\x00=\x038\x00\x00\"`" + // 0x003D0338: 0x00002260
-	"\"a\x038\x00\x00\"b" + // 0x22610338: 0x00002262
-	"\"M\x038\x00\x00\"m" + // 0x224D0338: 0x0000226D
-	"\x00<\x038\x00\x00\"n" + // 0x003C0338: 0x0000226E
-	"\x00>\x038\x00\x00\"o" + // 0x003E0338: 0x0000226F
-	"\"d\x038\x00\x00\"p" + // 0x22640338: 0x00002270
-	"\"e\x038\x00\x00\"q" + // 0x22650338: 0x00002271
-	"\"r\x038\x00\x00\"t" + // 0x22720338: 0x00002274
-	"\"s\x038\x00\x00\"u" + // 0x22730338: 0x00002275
-	"\"v\x038\x00\x00\"x" + // 0x22760338: 0x00002278
-	"\"w\x038\x00\x00\"y" + // 0x22770338: 0x00002279
-	"\"z\x038\x00\x00\"\x80" + // 0x227A0338: 0x00002280
-	"\"{\x038\x00\x00\"\x81" + // 0x227B0338: 0x00002281
-	"\"\x82\x038\x00\x00\"\x84" + // 0x22820338: 0x00002284
-	"\"\x83\x038\x00\x00\"\x85" + // 0x22830338: 0x00002285
-	"\"\x86\x038\x00\x00\"\x88" + // 0x22860338: 0x00002288
-	"\"\x87\x038\x00\x00\"\x89" + // 0x22870338: 0x00002289
-	"\"\xa2\x038\x00\x00\"\xac" + // 0x22A20338: 0x000022AC
-	"\"\xa8\x038\x00\x00\"\xad" + // 0x22A80338: 0x000022AD
-	"\"\xa9\x038\x00\x00\"\xae" + // 0x22A90338: 0x000022AE
-	"\"\xab\x038\x00\x00\"\xaf" + // 0x22AB0338: 0x000022AF
-	"\"|\x038\x00\x00\"\xe0" + // 0x227C0338: 0x000022E0
-	"\"}\x038\x00\x00\"\xe1" + // 0x227D0338: 0x000022E1
-	"\"\x91\x038\x00\x00\"\xe2" + // 0x22910338: 0x000022E2
-	"\"\x92\x038\x00\x00\"\xe3" + // 0x22920338: 0x000022E3
-	"\"\xb2\x038\x00\x00\"\xea" + // 0x22B20338: 0x000022EA
-	"\"\xb3\x038\x00\x00\"\xeb" + // 0x22B30338: 0x000022EB
-	"\"\xb4\x038\x00\x00\"\xec" + // 0x22B40338: 0x000022EC
-	"\"\xb5\x038\x00\x00\"\xed" + // 0x22B50338: 0x000022ED
-	"0K0\x99\x00\x000L" + // 0x304B3099: 0x0000304C
-	"0M0\x99\x00\x000N" + // 0x304D3099: 0x0000304E
-	"0O0\x99\x00\x000P" + // 0x304F3099: 0x00003050
-	"0Q0\x99\x00\x000R" + // 0x30513099: 0x00003052
-	"0S0\x99\x00\x000T" + // 0x30533099: 0x00003054
-	"0U0\x99\x00\x000V" + // 0x30553099: 0x00003056
-	"0W0\x99\x00\x000X" + // 0x30573099: 0x00003058
-	"0Y0\x99\x00\x000Z" + // 0x30593099: 0x0000305A
-	"0[0\x99\x00\x000\\" + // 0x305B3099: 0x0000305C
-	"0]0\x99\x00\x000^" + // 0x305D3099: 0x0000305E
-	"0_0\x99\x00\x000`" + // 0x305F3099: 0x00003060
-	"0a0\x99\x00\x000b" + // 0x30613099: 0x00003062
-	"0d0\x99\x00\x000e" + // 0x30643099: 0x00003065
-	"0f0\x99\x00\x000g" + // 0x30663099: 0x00003067
-	"0h0\x99\x00\x000i" + // 0x30683099: 0x00003069
-	"0o0\x99\x00\x000p" + // 0x306F3099: 0x00003070
-	"0o0\x9a\x00\x000q" + // 0x306F309A: 0x00003071
-	"0r0\x99\x00\x000s" + // 0x30723099: 0x00003073
-	"0r0\x9a\x00\x000t" + // 0x3072309A: 0x00003074
-	"0u0\x99\x00\x000v" + // 0x30753099: 0x00003076
-	"0u0\x9a\x00\x000w" + // 0x3075309A: 0x00003077
-	"0x0\x99\x00\x000y" + // 0x30783099: 0x00003079
-	"0x0\x9a\x00\x000z" + // 0x3078309A: 0x0000307A
-	"0{0\x99\x00\x000|" + // 0x307B3099: 0x0000307C
-	"0{0\x9a\x00\x000}" + // 0x307B309A: 0x0000307D
-	"0F0\x99\x00\x000\x94" + // 0x30463099: 0x00003094
-	"0\x9d0\x99\x00\x000\x9e" + // 0x309D3099: 0x0000309E
-	"0\xab0\x99\x00\x000\xac" + // 0x30AB3099: 0x000030AC
-	"0\xad0\x99\x00\x000\xae" + // 0x30AD3099: 0x000030AE
-	"0\xaf0\x99\x00\x000\xb0" + // 0x30AF3099: 0x000030B0
-	"0\xb10\x99\x00\x000\xb2" + // 0x30B13099: 0x000030B2
-	"0\xb30\x99\x00\x000\xb4" + // 0x30B33099: 0x000030B4
-	"0\xb50\x99\x00\x000\xb6" + // 0x30B53099: 0x000030B6
-	"0\xb70\x99\x00\x000\xb8" + // 0x30B73099: 0x000030B8
-	"0\xb90\x99\x00\x000\xba" + // 0x30B93099: 0x000030BA
-	"0\xbb0\x99\x00\x000\xbc" + // 0x30BB3099: 0x000030BC
-	"0\xbd0\x99\x00\x000\xbe" + // 0x30BD3099: 0x000030BE
-	"0\xbf0\x99\x00\x000\xc0" + // 0x30BF3099: 0x000030C0
-	"0\xc10\x99\x00\x000\xc2" + // 0x30C13099: 0x000030C2
-	"0\xc40\x99\x00\x000\xc5" + // 0x30C43099: 0x000030C5
-	"0\xc60\x99\x00\x000\xc7" + // 0x30C63099: 0x000030C7
-	"0\xc80\x99\x00\x000\xc9" + // 0x30C83099: 0x000030C9
-	"0\xcf0\x99\x00\x000\xd0" + // 0x30CF3099: 0x000030D0
-	"0\xcf0\x9a\x00\x000\xd1" + // 0x30CF309A: 0x000030D1
-	"0\xd20\x99\x00\x000\xd3" + // 0x30D23099: 0x000030D3
-	"0\xd20\x9a\x00\x000\xd4" + // 0x30D2309A: 0x000030D4
-	"0\xd50\x99\x00\x000\xd6" + // 0x30D53099: 0x000030D6
-	"0\xd50\x9a\x00\x000\xd7" + // 0x30D5309A: 0x000030D7
-	"0\xd80\x99\x00\x000\xd9" + // 0x30D83099: 0x000030D9
-	"0\xd80\x9a\x00\x000\xda" + // 0x30D8309A: 0x000030DA
-	"0\xdb0\x99\x00\x000\xdc" + // 0x30DB3099: 0x000030DC
-	"0\xdb0\x9a\x00\x000\xdd" + // 0x30DB309A: 0x000030DD
-	"0\xa60\x99\x00\x000\xf4" + // 0x30A63099: 0x000030F4
-	"0\xef0\x99\x00\x000\xf7" + // 0x30EF3099: 0x000030F7
-	"0\xf00\x99\x00\x000\xf8" + // 0x30F03099: 0x000030F8
-	"0\xf10\x99\x00\x000\xf9" + // 0x30F13099: 0x000030F9
-	"0\xf20\x99\x00\x000\xfa" + // 0x30F23099: 0x000030FA
-	"0\xfd0\x99\x00\x000\xfe" + // 0x30FD3099: 0x000030FE
-	"\x10\x99\x10\xba\x00\x01\x10\x9a" + // 0x109910BA: 0x0001109A
-	"\x10\x9b\x10\xba\x00\x01\x10\x9c" + // 0x109B10BA: 0x0001109C
-	"\x10\xa5\x10\xba\x00\x01\x10\xab" + // 0x10A510BA: 0x000110AB
-	"\x111\x11'\x00\x01\x11." + // 0x11311127: 0x0001112E
-	"\x112\x11'\x00\x01\x11/" + // 0x11321127: 0x0001112F
-	"\x13G\x13>\x00\x01\x13K" + // 0x1347133E: 0x0001134B
-	"\x13G\x13W\x00\x01\x13L" + // 0x13471357: 0x0001134C
-	"\x14\xb9\x14\xba\x00\x01\x14\xbb" + // 0x14B914BA: 0x000114BB
-	"\x14\xb9\x14\xb0\x00\x01\x14\xbc" + // 0x14B914B0: 0x000114BC
-	"\x14\xb9\x14\xbd\x00\x01\x14\xbe" + // 0x14B914BD: 0x000114BE
-	"\x15\xb8\x15\xaf\x00\x01\x15\xba" + // 0x15B815AF: 0x000115BA
-	"\x15\xb9\x15\xaf\x00\x01\x15\xbb" + // 0x15B915AF: 0x000115BB
-	""
-	// Total size of tables: 53KB (54006 bytes)
+// Total size of tables: 53KB (54006 bytes)
diff --git a/vendor/golang.org/x/text/unicode/norm/transform.go b/vendor/golang.org/x/text/unicode/norm/transform.go
index a1d366ae..9f47efba 100644
--- a/vendor/golang.org/x/text/unicode/norm/transform.go
+++ b/vendor/golang.org/x/text/unicode/norm/transform.go
@@ -18,6 +18,7 @@ func (Form) Reset() {}
 // Users should either catch ErrShortDst and allow dst to grow or have dst be at
 // least of size MaxTransformChunkSize to be guaranteed of progress.
 func (f Form) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error) {
+	n := 0
 	// Cap the maximum number of src bytes to check.
 	b := src
 	eof := atEOF
@@ -26,14 +27,13 @@ func (f Form) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error)
 		eof = false
 		b = b[:ns]
 	}
-	i, ok := formTable[f].quickSpan(inputBytes(b), 0, len(b), eof)
-	n := copy(dst, b[:i])
+	i, ok := formTable[f].quickSpan(inputBytes(b), n, len(b), eof)
+	n += copy(dst[n:], b[n:i])
 	if !ok {
 		nDst, nSrc, err = f.transform(dst[n:], src[n:], atEOF)
 		return nDst + n, nSrc + n, err
 	}
-
-	if err == nil && n < len(src) && !atEOF {
+	if n < len(src) && !atEOF {
 		err = transform.ErrShortSrc
 	}
 	return n, n, err
@@ -79,7 +79,7 @@ func (f Form) transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error)
 		nSrc += n
 		nDst += n
 		if ok {
-			if err == nil && n < rb.nsrc && !atEOF {
+			if n < rb.nsrc && !atEOF {
 				err = transform.ErrShortSrc
 			}
 			return nDst, nSrc, err
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 46b226d6..ac92dbe5 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -44,7 +44,7 @@ github.com/aws/aws-sdk-go/service/sts
 github.com/aws/aws-sdk-go/service/sts/stsiface
 # github.com/beorn7/perks v1.0.1
 github.com/beorn7/perks/quantile
-# github.com/certifi/gocertifi v0.0.0-20180118203423-deb3ae2ef261
+# github.com/certifi/gocertifi v0.0.0-20200211180108-c7c1fbc02894
 github.com/certifi/gocertifi
 # github.com/cloudflare/brotli-go v0.0.0-20191101163834-d34379f7ff93
 github.com/cloudflare/brotli-go
@@ -52,6 +52,9 @@ github.com/cloudflare/brotli-go/brotli
 github.com/cloudflare/brotli-go/common
 github.com/cloudflare/brotli-go/dec
 github.com/cloudflare/brotli-go/enc
+# github.com/cloudflare/cfssl v0.0.0-20141119014638-2f7f44e802e2
+github.com/cloudflare/cfssl/log
+github.com/cloudflare/cfssl/revoke
 # github.com/cloudflare/golibs v0.0.0-20170913112048-333127dbecfc
 github.com/cloudflare/golibs/lrucache
 # github.com/cloudflare/golz4 v0.0.0-20150217214814-ef862a3cdc58
@@ -244,7 +247,7 @@ golang.org/x/sys/windows/registry
 golang.org/x/sys/windows/svc
 golang.org/x/sys/windows/svc/eventlog
 golang.org/x/sys/windows/svc/mgr
-# golang.org/x/text v0.3.2
+# golang.org/x/text v0.3.0
 golang.org/x/text/secure/bidirule
 golang.org/x/text/transform
 golang.org/x/text/unicode/bidi

From c3fa4552aacf6a735667eb4b430a2a9624c017f6 Mon Sep 17 00:00:00 2001
From: cthuang <jack655114@gmail.com>
Date: Tue, 28 Apr 2020 08:55:27 +0800
Subject: [PATCH 046/100] TUN-2872: Exit with non-0 status code when the binary
 is updated so launchd will restart the service

---
 cmd/cloudflared/linux_service.go  |  4 --
 cmd/cloudflared/macos_service.go  |  2 +-
 cmd/cloudflared/tunnel/cmd.go     | 12 ++++--
 cmd/cloudflared/tunnel/signal.go  |  9 +++--
 cmd/cloudflared/updater/update.go | 64 ++++++++++++++++++++++++++-----
 go.mod                            |  1 +
 go.sum                            |  4 ++
 7 files changed, 75 insertions(+), 21 deletions(-)

diff --git a/cmd/cloudflared/linux_service.go b/cmd/cloudflared/linux_service.go
index fede6b23..62559bf4 100644
--- a/cmd/cloudflared/linux_service.go
+++ b/cmd/cloudflared/linux_service.go
@@ -118,10 +118,6 @@ case "$1" in
             echo "Starting $name"
             $cmd >> "$stdout_log" 2>> "$stderr_log" &
             echo $! > "$pid_file"
-            if ! is_running; then
-                echo "Unable to start, see $stdout_log and $stderr_log"
-                exit 1
-            fi
         fi
     ;;
     stop)
diff --git a/cmd/cloudflared/macos_service.go b/cmd/cloudflared/macos_service.go
index d4fd3f20..9ec162fa 100644
--- a/cmd/cloudflared/macos_service.go
+++ b/cmd/cloudflared/macos_service.go
@@ -60,7 +60,7 @@ func newLaunchdTemplate(installPath, stdoutPath, stderrPath string) *ServiceTemp
 			<false/>
 		</dict>
 		<key>ThrottleInterval</key>
-		<integer>20</integer>
+		<integer>5</integer>
 	</dict>
 </plist>`, launchdIdentifier, stdoutPath, stderrPath),
 	}
diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index e2a6488c..3f6198ff 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -39,6 +39,7 @@ import (
 	"github.com/getsentry/raven-go"
 	"github.com/gliderlabs/ssh"
 	"github.com/google/uuid"
+	"github.com/mitchellh/go-homedir"
 	"github.com/pkg/errors"
 	"gopkg.in/urfave/cli.v2"
 	"gopkg.in/urfave/cli.v2/altsrc"
@@ -433,7 +434,6 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 		defer wg.Done()
 		errC <- origin.StartTunnelDaemon(ctx, tunnelConfig, connectedSignal, cloudflaredID, reconnectCh)
 	}()
-
 	return waitToShutdown(&wg, errC, shutdownC, graceShutdownC, c.Duration("grace-period"))
 }
 
@@ -607,9 +607,15 @@ func notifySystemd(waitForSignal *signal.Signal) {
 
 func writePidFile(waitForSignal *signal.Signal, pidFile string) {
 	<-waitForSignal.Wait()
-	file, err := os.Create(pidFile)
+	expandedPath, err := homedir.Expand(pidFile)
 	if err != nil {
-		logger.WithError(err).Errorf("Unable to write pid to %s", pidFile)
+		logger.WithError(err).Errorf("Unable to expand %s, try to use absolute path in --pidfile", pidFile)
+		return
+	}
+	file, err := os.Create(expandedPath)
+	if err != nil {
+		logger.WithError(err).Errorf("Unable to write pid to %s", expandedPath)
+		return
 	}
 	defer file.Close()
 	fmt.Fprintf(file, "%d", os.Getpid())
diff --git a/cmd/cloudflared/tunnel/signal.go b/cmd/cloudflared/tunnel/signal.go
index afc26ccf..b1ec77e2 100644
--- a/cmd/cloudflared/tunnel/signal.go
+++ b/cmd/cloudflared/tunnel/signal.go
@@ -17,9 +17,11 @@ func waitForSignal(errC chan error, shutdownC chan struct{}) error {
 
 	select {
 	case err := <-errC:
+		logger.Infof("terminating due to error: %v", err)
 		close(shutdownC)
 		return err
-	case <-signals:
+	case s := <-signals:
+		logger.Infof("terminating due to signal %s", s)
 		close(shutdownC)
 	case <-shutdownC:
 	}
@@ -44,10 +46,12 @@ func waitForSignalWithGraceShutdown(errC chan error,
 
 	select {
 	case err := <-errC:
+		logger.Infof("Initiating graceful shutdown due to %v ...", err)
 		close(graceShutdownC)
 		close(shutdownC)
 		return err
-	case <-signals:
+	case s := <-signals:
+		logger.Infof("Initiating graceful shutdown due to signal %s ...", s)
 		close(graceShutdownC)
 		waitForGracePeriod(signals, errC, shutdownC, gracePeriod)
 	case <-graceShutdownC:
@@ -64,7 +68,6 @@ func waitForGracePeriod(signals chan os.Signal,
 	shutdownC chan struct{},
 	gracePeriod time.Duration,
 ) {
-	logger.Infof("Initiating graceful shutdown...")
 	// Unregister signal handler early, so the client can send a second SIGTERM/SIGINT
 	// to force shutdown cloudflared
 	signal.Stop(signals)
diff --git a/cmd/cloudflared/updater/update.go b/cmd/cloudflared/updater/update.go
index 96cdc95b..8f9c481b 100644
--- a/cmd/cloudflared/updater/update.go
+++ b/cmd/cloudflared/updater/update.go
@@ -2,6 +2,7 @@ package updater
 
 import (
 	"context"
+	"fmt"
 	"os"
 	"runtime"
 	"time"
@@ -32,6 +33,33 @@ EKx0BZogHSor9Wy5VztdFaAaVbsJiCbO
 	logger = log.CreateLogger()
 )
 
+// BinaryUpdated implements ExitCoder interface, the app will exit with status code 11
+// https://pkg.go.dev/gopkg.in/urfave/cli.v2?tab=doc#ExitCoder
+type statusSuccess struct {
+	newVersion string
+}
+
+func (u *statusSuccess) Error() string {
+	return fmt.Sprintf("cloudflared has been updated to version %s", u.newVersion)
+}
+
+func (u *statusSuccess) ExitCode() int {
+	return 11
+}
+
+// UpdateErr implements ExitCoder interface, the app will exit with status code 10
+type statusErr struct {
+	err error
+}
+
+func (e *statusErr) Error() string {
+	return fmt.Sprintf("failed to update cloudflared: %v", e.err)
+}
+
+func (e *statusErr) ExitCode() int {
+	return 10
+}
+
 type UpdateOutcome struct {
 	Updated bool
 	Version string
@@ -67,14 +95,15 @@ func checkForUpdateAndApply() UpdateOutcome {
 func Update(_ *cli.Context) error {
 	updateOutcome := loggedUpdate()
 	if updateOutcome.Error != nil {
-		os.Exit(10)
+		return &statusErr{updateOutcome.Error}
 	}
 
 	if updateOutcome.noUpdate() {
 		logger.Infof("cloudflared is up to date (%s)", updateOutcome.Version)
+		return nil
 	}
 
-	return updateOutcome.Error
+	return &statusSuccess{newVersion: updateOutcome.Version}
 }
 
 // Checks for an update and applies it if one is available
@@ -126,15 +155,19 @@ func (a *AutoUpdater) Run(ctx context.Context) error {
 			updateOutcome := loggedUpdate()
 			if updateOutcome.Updated {
 				os.Args = append(os.Args, "--is-autoupdated=true")
-				pid, err := a.listeners.StartProcess()
-				if err != nil {
-					logger.WithError(err).Error("Unable to restart server automatically")
-					return err
+				if IsSysV() {
+					// SysV doesn't have a mechanism to keep service alive, we have to restart the process
+					logger.Infof("Restarting service managed by SysV...")
+					pid, err := a.listeners.StartProcess()
+					if err != nil {
+						logger.WithError(err).Error("Unable to restart server automatically")
+						return &statusErr{err: err}
+					}
+					// stop old process after autoupdate. Otherwise we create a new process
+					// after each update
+					logger.Infof("PID of the new process is %d", pid)
 				}
-				// stop old process after autoupdate. Otherwise we create a new process
-				// after each update
-				logger.Infof("PID of the new process is %d", pid)
-				return nil
+				return &statusSuccess{newVersion: updateOutcome.Version}
 			}
 		}
 		select {
@@ -187,3 +220,14 @@ func SupportAutoUpdate() bool {
 func isRunningFromTerminal() bool {
 	return terminal.IsTerminal(int(os.Stdout.Fd()))
 }
+
+func IsSysV() bool {
+	if runtime.GOOS != "linux" {
+		return false
+	}
+
+	if _, err := os.Stat("/run/systemd/system"); err == nil {
+		return false
+	}
+	return true
+}
diff --git a/go.mod b/go.mod
index da0d2528..974a0b3f 100644
--- a/go.mod
+++ b/go.mod
@@ -3,6 +3,7 @@ module github.com/cloudflare/cloudflared
 go 1.12
 
 require (
+	github.com/BurntSushi/go-sumtype v0.0.0-20190304192233-fcb4a6205bdc // indirect
 	github.com/DATA-DOG/go-sqlmock v1.3.3
 	github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 // indirect
 	github.com/aws/aws-sdk-go v1.25.8
diff --git a/go.sum b/go.sum
index 985e4821..5c41f7d0 100644
--- a/go.sum
+++ b/go.sum
@@ -1,6 +1,8 @@
 bitbucket.org/liamstask/goose v0.0.0-20150115234039-8488cc47d90c/go.mod h1:hSVuE3qU7grINVSwrmzHfpg9k87ALBk+XaualNyUzI4=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+github.com/BurntSushi/go-sumtype v0.0.0-20190304192233-fcb4a6205bdc h1:nvTP+jmloR0+J4YQur/rLRdLcGVEU4SquDgH+Bo7gBY=
+github.com/BurntSushi/go-sumtype v0.0.0-20190304192233-fcb4a6205bdc/go.mod h1:7yTWMMG2vOm4ABVciEt4EgNVP7fxwtcKIb/EuiLiKqY=
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/DATA-DOG/go-sqlmock v1.3.3 h1:CWUqKXe0s8A2z6qCgkP4Kru7wC11YoAnoupUKFDnH08=
@@ -244,9 +246,11 @@ golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190221204921-83362c3779f5/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20191216052735-49a3e744a425 h1:VvQyQJN0tSuecqgcIxMWnnfG5kSmgy9KZR9sW3W5QeA=
 golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=

From fbe2989f61fcdcecc4062b6c10cdabb571a6d6d7 Mon Sep 17 00:00:00 2001
From: Igor Postelnik <igor@cloudflare.com>
Date: Tue, 5 May 2020 17:56:39 -0500
Subject: [PATCH 047/100] TUN-2955: Fix connection and goroutine leaks when
 tunnel conection is terminated on error. Only unregister tunnels that had
 connected successfully. Close edge connection used to unregister the tunnel.
 Use buffered channels for error channels where receiver may quit early on
 context cancellation.

---
 carrier/carrier.go          |  6 +++++-
 h2mux/h2mux.go              | 24 ++++++++++++++++++------
 origin/tunnel.go            |  7 ++++++-
 tunnelrpc/pogs/tunnelrpc.go |  1 +
 watcher/file.go             |  6 +++++-
 5 files changed, 35 insertions(+), 9 deletions(-)

diff --git a/carrier/carrier.go b/carrier/carrier.go
index 13e02c83..1bdfeb95 100644
--- a/carrier/carrier.go
+++ b/carrier/carrier.go
@@ -79,7 +79,11 @@ func Serve(remoteConn Connection, listener net.Listener, shutdownC <-chan struct
 		for {
 			conn, err := listener.Accept()
 			if err != nil {
-				errChan <- err
+				// don't block if parent goroutine quit early
+				select {
+				case errChan <- err:
+				default:
+				}
 				return
 			}
 			go serveConnection(remoteConn, conn, options)
diff --git a/h2mux/h2mux.go b/h2mux/h2mux.go
index 70da0447..6f7d407d 100644
--- a/h2mux/h2mux.go
+++ b/h2mux/h2mux.go
@@ -206,9 +206,9 @@ func Handshake(
 		initialStreamWindow:     m.config.DefaultWindowSize,
 		streamWindowMax:         m.config.MaxWindowSize,
 		streamWriteBufferMaxLen: m.config.StreamWriteBufferMaxLen,
-		r:                       m.r,
-		metricsUpdater:          m.muxMetricsUpdater,
-		bytesRead:               inBoundCounter,
+		r:              m.r,
+		metricsUpdater: m.muxMetricsUpdater,
+		bytesRead:      inBoundCounter,
 	}
 	m.muxWriter = &MuxWriter{
 		f:               m.f,
@@ -327,7 +327,11 @@ func (m *Muxer) Serve(ctx context.Context) error {
 			m.explicitShutdown.Fuse(false)
 			m.r.Close()
 			m.abort()
-			ch <- err
+			// don't block if parent goroutine quit early
+			select {
+			case ch <- err:
+			default:
+			}
 		}()
 		select {
 		case err := <-ch:
@@ -344,7 +348,11 @@ func (m *Muxer) Serve(ctx context.Context) error {
 			m.explicitShutdown.Fuse(false)
 			m.w.Close()
 			m.abort()
-			ch <- err
+			// don't block if parent goroutine quit early
+			select {
+			case ch <- err:
+			default:
+			}
 		}()
 		select {
 		case err := <-ch:
@@ -358,7 +366,11 @@ func (m *Muxer) Serve(ctx context.Context) error {
 		ch := make(chan error)
 		go func() {
 			err := m.muxMetricsUpdater.run(m.config.Logger)
-			ch <- err
+			// don't block if parent goroutine quit early
+			select {
+			case ch <- err:
+			default:
+			}
 		}()
 		select {
 		case err := <-ch:
diff --git a/origin/tunnel.go b/origin/tunnel.go
index a373ee22..42db204b 100644
--- a/origin/tunnel.go
+++ b/origin/tunnel.go
@@ -322,7 +322,10 @@ func ServeTunnel(
 			select {
 			case <-serveCtx.Done():
 				// UnregisterTunnel blocks until the RPC call returns
-				err := UnregisterTunnel(handler.muxer, config.GracePeriod, config.TransportLogger)
+				var err error
+				if connectedFuse.Value() {
+					err = UnregisterTunnel(handler.muxer, config.GracePeriod, config.TransportLogger)
+				}
 				handler.muxer.Shutdown()
 				return err
 			case <-updateMetricsTickC:
@@ -519,6 +522,8 @@ func UnregisterTunnel(muxer *h2mux.Muxer, gracePeriod time.Duration, logger *log
 		// RPC stream open error
 		return err
 	}
+	defer tunnelServer.Close()
+
 	// gracePeriod is encoded in int64 using capnproto
 	return tunnelServer.UnregisterTunnel(ctx, gracePeriod.Nanoseconds())
 }
diff --git a/tunnelrpc/pogs/tunnelrpc.go b/tunnelrpc/pogs/tunnelrpc.go
index 3b8092ed..279c0d09 100644
--- a/tunnelrpc/pogs/tunnelrpc.go
+++ b/tunnelrpc/pogs/tunnelrpc.go
@@ -521,6 +521,7 @@ type TunnelServer_PogsClient struct {
 }
 
 func (c TunnelServer_PogsClient) Close() error {
+	c.Client.Close()
 	return c.Conn.Close()
 }
 
diff --git a/watcher/file.go b/watcher/file.go
index 59f2a943..369abe67 100644
--- a/watcher/file.go
+++ b/watcher/file.go
@@ -30,7 +30,11 @@ func (f *File) Add(filepath string) error {
 
 // Shutdown stop the file watching run loop
 func (f *File) Shutdown() {
-	f.shutdown <- struct{}{}
+	// don't block if Start quit early
+	select {
+	case f.shutdown <- struct{}{}:
+	default:
+	}
 }
 
 // Start is a runloop to watch for files changes from the file paths added from Add()

From 7bb9e0af4c5491cfdbafd95b55b9db6c8f9524c5 Mon Sep 17 00:00:00 2001
From: cthuang <jack655114@gmail.com>
Date: Wed, 6 May 2020 11:15:29 +0800
Subject: [PATCH 048/100] Release 2020.5.0

---
 RELEASE_NOTES | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/RELEASE_NOTES b/RELEASE_NOTES
index bd94d447..e2aedcbc 100644
--- a/RELEASE_NOTES
+++ b/RELEASE_NOTES
@@ -1,3 +1,11 @@
+2020.5.0
+- 2020-05-01 TUN-2943: Copy certutil from edge into cloudflared
+- 2020-05-05 TUN-2955: Fix connection and goroutine leaks when tunnel conection is terminated on error. Only unregister tunnels that had connected successfully. Close edge connection used to unregister the tunnel. Use buffered channels for error channels where receiver may quit early on context cancellation.
+- 2020-04-30 TUN-2940: Added delay parameter to stdin reconnect command.
+- 2020-04-27 TUN-2921: Rework address selection logic to avoid corner cases
+- 2020-04-28 TUN-2872: Exit with non-0 status code when the binary is updated so launchd will restart the service
+- 2020-04-13 AUTH-2587 add config watcher and reload logic for access client forwarder
+
 2020.4.0
 - 2020-04-10 TUN-2881: Parameterize response meta information header name in the generating function
 - 2020-04-11 TUN-2894: ResponseMetaHeader should be public

From 8cc69f2a95750468d3da8f0c485944ee82931063 Mon Sep 17 00:00:00 2001
From: Igor Postelnik <igor@cloudflare.com>
Date: Thu, 7 May 2020 14:41:55 -0500
Subject: [PATCH 049/100] TUN-2860: Enable quick reconnect feature by default

---
 cmd/cloudflared/tunnel/cmd.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index 3f6198ff..d8d40248 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -1031,6 +1031,7 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 		altsrc.NewBoolFlag(&cli.BoolFlag{
 			Name:    "use-quick-reconnects",
 			Usage:   "Test reestablishing connections with the new 'connection digest' flow.",
+			Value:   true,
 			EnvVars: []string{"TUNNEL_USE_QUICK_RECONNECTS"},
 			Hidden:  true,
 		}),

From 2c878c47edc7629bd79896708740fb3002abf12b Mon Sep 17 00:00:00 2001
From: Michael Borkenstein <mborkenstein@cloudflare.com>
Date: Thu, 7 May 2020 14:58:33 -0500
Subject: [PATCH 050/100] AUTH-2564: error handling and minor fixes

---
 cmd/cloudflared/access/cmd.go | 55 +++++++++++++++++++++++++----------
 1 file changed, 39 insertions(+), 16 deletions(-)

diff --git a/cmd/cloudflared/access/cmd.go b/cmd/cloudflared/access/cmd.go
index 1ea949cc..d756d954 100644
--- a/cmd/cloudflared/access/cmd.go
+++ b/cmd/cloudflared/access/cmd.go
@@ -18,8 +18,8 @@ import (
 	"golang.org/x/net/idna"
 
 	"github.com/cloudflare/cloudflared/log"
-	raven "github.com/getsentry/raven-go"
-	cli "gopkg.in/urfave/cli.v2"
+	"github.com/getsentry/raven-go"
+	"gopkg.in/urfave/cli.v2"
 )
 
 const (
@@ -66,6 +66,20 @@ func Flags() []cli.Flag {
 	return []cli.Flag{} // no flags yet.
 }
 
+// Ensures exit with error code if actionFunc returns an error
+func errorHandler(actionFunc cli.ActionFunc) cli.ActionFunc {
+	return func(ctx *cli.Context) error {
+		err := actionFunc(ctx)
+
+		if err != nil {
+			// os.Exits with error code if err is cli.ExitCoder or cli.MultiError
+			cli.HandleExitCoder(err)
+			err = cli.Exit(err.Error(), 1)
+		}
+		return err
+	}
+}
+
 // Commands returns all the Access related subcommands
 func Commands() []*cli.Command {
 	return []*cli.Command{
@@ -81,7 +95,7 @@ func Commands() []*cli.Command {
 			Subcommands: []*cli.Command{
 				{
 					Name:   "login",
-					Action: login,
+					Action: errorHandler(login),
 					Usage:  "login <url of access application>",
 					Description: `The login subcommand initiates an authentication flow with your identity provider.
 					The subcommand will launch a browser. For headless systems, a url is provided.
@@ -97,7 +111,7 @@ func Commands() []*cli.Command {
 				},
 				{
 					Name:   "curl",
-					Action: curl,
+					Action: errorHandler(curl),
 					Usage:  "curl [--allow-request, -ar] <url> [<curl args>...]",
 					Description: `The curl subcommand wraps curl and automatically injects the JWT into a cf-access-token
 					header when using curl to reach an application behind Access.`,
@@ -106,7 +120,7 @@ func Commands() []*cli.Command {
 				},
 				{
 					Name:        "token",
-					Action:      generateToken,
+					Action:      errorHandler(generateToken),
 					Usage:       "token -app=<url of access application>",
 					ArgsUsage:   "url of Access application",
 					Description: `The token subcommand produces a JWT which can be used to authenticate requests.`,
@@ -118,7 +132,7 @@ func Commands() []*cli.Command {
 				},
 				{
 					Name:        "ssh",
-					Action:      ssh,
+					Action:      errorHandler(ssh),
 					Aliases:     []string{"rdp", "tcp"},
 					Usage:       "",
 					ArgsUsage:   "",
@@ -155,7 +169,7 @@ func Commands() []*cli.Command {
 				},
 				{
 					Name:        "ssh-config",
-					Action:      sshConfig,
+					Action:      errorHandler(sshConfig),
 					Usage:       "",
 					Description: `Prints an example configuration ~/.ssh/config`,
 					Flags: []cli.Flag{
@@ -171,7 +185,7 @@ func Commands() []*cli.Command {
 				},
 				{
 					Name:        "ssh-gen",
-					Action:      sshGen,
+					Action:      errorHandler(sshGen),
 					Usage:       "",
 					Description: `Generates a short lived certificate for given hostname`,
 					Flags: []cli.Flag{
@@ -188,7 +202,9 @@ func Commands() []*cli.Command {
 
 // login pops up the browser window to do the actual login and JWT generation
 func login(c *cli.Context) error {
-	raven.SetDSN(sentryDSN)
+	if err := raven.SetDSN(sentryDSN); err != nil {
+		return err
+	}
 	logger := log.CreateLogger()
 	args := c.Args()
 	rawURL := ensureURLScheme(args.First())
@@ -202,12 +218,15 @@ func login(c *cli.Context) error {
 		return err
 	}
 
-	token, err := token.GetTokenIfExists(appURL)
-	if err != nil || token == "" {
+	cfdToken, err := token.GetTokenIfExists(appURL)
+	if err != nil {
 		fmt.Fprintln(os.Stderr, "Unable to find token for provided application.")
 		return err
+	} else if cfdToken == "" {
+		fmt.Fprintln(os.Stderr, "token for provided application was empty.")
+		return errors.New("empty application token")
 	}
-	fmt.Fprintf(os.Stdout, "Successfully fetched your token:\n\n%s\n\n", string(token))
+	fmt.Fprintf(os.Stdout, "Successfully fetched your token:\n\n%s\n\n", cfdToken)
 
 	return nil
 }
@@ -224,7 +243,9 @@ func ensureURLScheme(url string) string {
 
 // curl provides a wrapper around curl, passing Access JWT along in request
 func curl(c *cli.Context) error {
-	raven.SetDSN(sentryDSN)
+	if err := raven.SetDSN(sentryDSN); err != nil {
+		return err
+	}
 	logger := log.CreateLogger()
 	args := c.Args()
 	if args.Len() < 1 {
@@ -258,7 +279,9 @@ func curl(c *cli.Context) error {
 
 // token dumps provided token to stdout
 func generateToken(c *cli.Context) error {
-	raven.SetDSN(sentryDSN)
+	if err := raven.SetDSN(sentryDSN); err != nil {
+		return err
+	}
 	appURL, err := url.Parse(c.String("app"))
 	if err != nil || c.NumFlags() < 1 {
 		fmt.Fprintln(os.Stderr, "Please provide a url.")
@@ -313,12 +336,12 @@ func sshGen(c *cli.Context) error {
 	// this fetchToken function mutates the appURL param. We should refactor that
 	fetchTokenURL := &url.URL{}
 	*fetchTokenURL = *originURL
-	token, err := token.FetchToken(fetchTokenURL)
+	cfdToken, err := token.FetchToken(fetchTokenURL)
 	if err != nil {
 		return err
 	}
 
-	if err := sshgen.GenerateShortLivedCertificate(originURL, token); err != nil {
+	if err := sshgen.GenerateShortLivedCertificate(originURL, cfdToken); err != nil {
 		return err
 	}
 

From 2b7fbbb7b77b14cb0a26483af3ef920ce638ea1f Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Fri, 1 May 2020 10:30:50 -0500
Subject: [PATCH 051/100] AUTH-2588 add DoH to service mode

---
 cmd/cloudflared/app_forward_service.go  | 48 ++++++++++++++++
 cmd/cloudflared/app_resolver_service.go | 73 ++++++++++++++++++++++++
 cmd/cloudflared/app_service.go          | 72 +++++++++---------------
 cmd/cloudflared/config/manager.go       | 22 +++++---
 cmd/cloudflared/config/manager_test.go  | 45 +++++++++------
 cmd/cloudflared/config/model.go         | 59 ++++++++++++++++++++
 cmd/cloudflared/main.go                 |  5 +-
 overwatch/app_manager.go                | 53 ++++++++++++++++++
 overwatch/manager.go                    | 17 ++++++
 overwatch/manager_test.go               | 74 +++++++++++++++++++++++++
 tunneldns/metrics.go                    | 19 ++++---
 11 files changed, 406 insertions(+), 81 deletions(-)
 create mode 100644 cmd/cloudflared/app_forward_service.go
 create mode 100644 cmd/cloudflared/app_resolver_service.go
 create mode 100644 overwatch/app_manager.go
 create mode 100644 overwatch/manager.go
 create mode 100644 overwatch/manager_test.go

diff --git a/cmd/cloudflared/app_forward_service.go b/cmd/cloudflared/app_forward_service.go
new file mode 100644
index 00000000..4c8446e2
--- /dev/null
+++ b/cmd/cloudflared/app_forward_service.go
@@ -0,0 +1,48 @@
+package main
+
+import (
+	"github.com/cloudflare/cloudflared/cmd/cloudflared/access"
+	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+)
+
+// ForwardServiceType is used to identify what kind of overwatch service this is
+const ForwardServiceType = "forward"
+
+// ForwarderService is used to wrap the access package websocket forwarders
+// into a service model for the overwatch package.
+// it also holds a reference to the config object that represents its state
+type ForwarderService struct {
+	forwarder config.Forwarder
+	shutdown  chan struct{}
+}
+
+// NewForwardService creates a new forwarder service
+func NewForwardService(f config.Forwarder) *ForwarderService {
+	return &ForwarderService{forwarder: f, shutdown: make(chan struct{}, 1)}
+}
+
+// Name is used to figure out this service is related to the others (normally the addr it binds to)
+// e.g. localhost:78641 or 127.0.0.1:2222 since this is a websocket forwarder
+func (s *ForwarderService) Name() string {
+	return s.forwarder.Listener
+}
+
+// Type is used to identify what kind of overwatch service this is
+func (s *ForwarderService) Type() string {
+	return ForwardServiceType
+}
+
+// Hash is used to figure out if this forwarder is the unchanged or not from the config file updates
+func (s *ForwarderService) Hash() string {
+	return s.forwarder.Hash()
+}
+
+// Shutdown stops the websocket listener
+func (s *ForwarderService) Shutdown() {
+	s.shutdown <- struct{}{}
+}
+
+// Run is the run loop that is started by the overwatch service
+func (s *ForwarderService) Run() error {
+	return access.StartForwarder(s.forwarder, s.shutdown)
+}
diff --git a/cmd/cloudflared/app_resolver_service.go b/cmd/cloudflared/app_resolver_service.go
new file mode 100644
index 00000000..f98ca4c8
--- /dev/null
+++ b/cmd/cloudflared/app_resolver_service.go
@@ -0,0 +1,73 @@
+package main
+
+import (
+	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/tunneldns"
+	"github.com/sirupsen/logrus"
+)
+
+// ResolverServiceType is used to identify what kind of overwatch service this is
+const ResolverServiceType = "resolver"
+
+// ResolverService is used to wrap the tunneldns package's DNS over HTTP
+// into a service model for the overwatch package.
+// it also holds a reference to the config object that represents its state
+type ResolverService struct {
+	resolver config.DNSResolver
+	shutdown chan struct{}
+	logger   *logrus.Logger
+}
+
+// NewResolverService creates a new resolver service
+func NewResolverService(r config.DNSResolver, logger *logrus.Logger) *ResolverService {
+	return &ResolverService{resolver: r,
+		shutdown: make(chan struct{}),
+		logger:   logger,
+	}
+}
+
+// Name is used to figure out this service is related to the others (normally the addr it binds to)
+// this is just "resolver" since there can only be one DNS resolver running
+func (s *ResolverService) Name() string {
+	return ResolverServiceType
+}
+
+// Type is used to identify what kind of overwatch service this is
+func (s *ResolverService) Type() string {
+	return ResolverServiceType
+}
+
+// Hash is used to figure out if this forwarder is the unchanged or not from the config file updates
+func (s *ResolverService) Hash() string {
+	return s.resolver.Hash()
+}
+
+// Shutdown stops the tunneldns listener
+func (s *ResolverService) Shutdown() {
+	s.shutdown <- struct{}{}
+}
+
+// Run is the run loop that is started by the overwatch service
+func (s *ResolverService) Run() error {
+	// create a listener
+	l, err := tunneldns.CreateListener(s.resolver.AddressOrDefault(), s.resolver.PortOrDefault(),
+		s.resolver.UpstreamsOrDefault(), s.resolver.BootstrapsOrDefault())
+	if err != nil {
+		return err
+	}
+
+	// start the listener.
+	readySignal := make(chan struct{})
+	err = l.Start(readySignal)
+	if err != nil {
+		l.Stop()
+		return err
+	}
+	<-readySignal
+	s.logger.Infof("start resolver on: %s:%d", s.resolver.AddressOrDefault(), s.resolver.PortOrDefault())
+
+	// wait for shutdown signal
+	<-s.shutdown
+	s.logger.Infof("shutdown on: %s:%d", s.resolver.AddressOrDefault(), s.resolver.PortOrDefault())
+	return l.Stop()
+}
diff --git a/cmd/cloudflared/app_service.go b/cmd/cloudflared/app_service.go
index 42cfa4eb..9407d6e2 100644
--- a/cmd/cloudflared/app_service.go
+++ b/cmd/cloudflared/app_service.go
@@ -1,36 +1,27 @@
 package main
 
 import (
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/access"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/overwatch"
 	"github.com/sirupsen/logrus"
 )
 
-type forwarderState struct {
-	forwarder config.Forwarder
-	shutdown  chan struct{}
-}
-
-func (s *forwarderState) Shutdown() {
-	s.shutdown <- struct{}{}
-}
-
 // AppService is the main service that runs when no command lines flags are passed to cloudflared
 // it manages all the running services such as tunnels, forwarders, DNS resolver, etc
 type AppService struct {
 	configManager    config.Manager
+	serviceManager   overwatch.Manager
 	shutdownC        chan struct{}
-	forwarders       map[string]forwarderState
 	configUpdateChan chan config.Root
 	logger           *logrus.Logger
 }
 
 // NewAppService creates a new AppService with needed supporting services
-func NewAppService(configManager config.Manager, shutdownC chan struct{}, logger *logrus.Logger) *AppService {
+func NewAppService(configManager config.Manager, serviceManager overwatch.Manager, shutdownC chan struct{}, logger *logrus.Logger) *AppService {
 	return &AppService{
 		configManager:    configManager,
+		serviceManager:   serviceManager,
 		shutdownC:        shutdownC,
-		forwarders:       make(map[string]forwarderState),
 		configUpdateChan: make(chan config.Root),
 		logger:           logger,
 	}
@@ -45,6 +36,7 @@ func (s *AppService) Run() error {
 // Shutdown kills all the running services
 func (s *AppService) Shutdown() error {
 	s.configManager.Shutdown()
+	s.shutdownC <- struct{}{}
 	return nil
 }
 
@@ -62,8 +54,8 @@ func (s *AppService) actionLoop() {
 		case c := <-s.configUpdateChan:
 			s.handleConfigUpdate(c)
 		case <-s.shutdownC:
-			for _, state := range s.forwarders {
-				state.Shutdown()
+			for _, service := range s.serviceManager.Services() {
+				service.Shutdown()
 			}
 			return
 		}
@@ -72,41 +64,27 @@ func (s *AppService) actionLoop() {
 
 func (s *AppService) handleConfigUpdate(c config.Root) {
 	// handle the client forward listeners
-	activeListeners := map[string]struct{}{}
+	activeServices := map[string]struct{}{}
 	for _, f := range c.Forwarders {
-		s.handleForwarderUpdate(f)
-		activeListeners[f.Listener] = struct{}{}
+		service := NewForwardService(f)
+		s.serviceManager.Add(service)
+		activeServices[service.Name()] = struct{}{}
 	}
 
-	// remove any listeners that are no longer active
-	for key, state := range s.forwarders {
-		if _, ok := activeListeners[key]; !ok {
-			state.Shutdown()
-			delete(s.forwarders, key)
+	// handle resolver changes
+	if c.Resolver.Enabled {
+		service := NewResolverService(c.Resolver, s.logger)
+		s.serviceManager.Add(service)
+		activeServices[service.Name()] = struct{}{}
+
+	}
+
+	// TODO: TUN-1451 - tunnels
+
+	// remove any services that are no longer active
+	for _, service := range s.serviceManager.Services() {
+		if _, ok := activeServices[service.Name()]; !ok {
+			s.serviceManager.Remove(service.Name())
 		}
 	}
-
-	// TODO: AUTH-2588, TUN-1451 - tunnels and dns proxy
-}
-
-// handle managing a forwarder service
-func (s *AppService) handleForwarderUpdate(f config.Forwarder) {
-	// check if we need to start a new listener or stop an old one
-	if state, ok := s.forwarders[f.Listener]; ok {
-		if state.forwarder.Hash() == f.Hash() {
-			return // the exact same listener, no changes, so move along
-		}
-		state.Shutdown() //shutdown the listener since a new one is starting
-	}
-	// add a new forwarder to the list
-	state := forwarderState{forwarder: f, shutdown: make(chan struct{}, 1)}
-	s.forwarders[f.Listener] = state
-
-	// start the forwarder
-	go func(f forwarderState) {
-		err := access.StartForwarder(f.forwarder, f.shutdown)
-		if err != nil {
-			s.logger.WithError(err).Errorf("Forwarder at address: %s", f.forwarder)
-		}
-	}(state)
 }
diff --git a/cmd/cloudflared/config/manager.go b/cmd/cloudflared/config/manager.go
index c02f4b85..8723b70d 100644
--- a/cmd/cloudflared/config/manager.go
+++ b/cmd/cloudflared/config/manager.go
@@ -28,14 +28,16 @@ type FileManager struct {
 	notifier   Notifier
 	configPath string
 	logger     *logrus.Logger
+	ReadConfig func(string) (Root, error)
 }
 
 // NewFileManager creates a config manager
-func NewFileManager(watcher watcher.Notifier, configPath string, logger *logrus.Logger) (Manager, error) {
+func NewFileManager(watcher watcher.Notifier, configPath string, logger *logrus.Logger) (*FileManager, error) {
 	m := &FileManager{
 		watcher:    watcher,
 		configPath: configPath,
 		logger:     logger,
+		ReadConfig: readConfigFromPath,
 	}
 	err := watcher.Add(configPath)
 	return m, err
@@ -58,11 +60,20 @@ func (m *FileManager) Start(notifier Notifier) error {
 
 // GetConfig reads the yaml file from the disk
 func (m *FileManager) GetConfig() (Root, error) {
-	if m.configPath == "" {
+	return m.ReadConfig(m.configPath)
+}
+
+// Shutdown stops the watcher
+func (m *FileManager) Shutdown() {
+	m.watcher.Shutdown()
+}
+
+func readConfigFromPath(configPath string) (Root, error) {
+	if configPath == "" {
 		return Root{}, errors.New("unable to find config file")
 	}
 
-	file, err := os.Open(m.configPath)
+	file, err := os.Open(configPath)
 	if err != nil {
 		return Root{}, err
 	}
@@ -76,11 +87,6 @@ func (m *FileManager) GetConfig() (Root, error) {
 	return config, nil
 }
 
-// Shutdown stops the watcher
-func (m *FileManager) Shutdown() {
-	m.watcher.Shutdown()
-}
-
 // File change notifications from the watcher
 
 // WatcherItemDidChange triggers when the yaml config is updated
diff --git a/cmd/cloudflared/config/manager_test.go b/cmd/cloudflared/config/manager_test.go
index b9ed82c8..419976aa 100644
--- a/cmd/cloudflared/config/manager_test.go
+++ b/cmd/cloudflared/config/manager_test.go
@@ -1,15 +1,12 @@
 package config
 
 import (
-	"bufio"
 	"os"
 	"testing"
-	"time"
 
 	"github.com/cloudflare/cloudflared/log"
 	"github.com/cloudflare/cloudflared/watcher"
 	"github.com/stretchr/testify/assert"
-	"gopkg.in/yaml.v2"
 )
 
 type mockNotifier struct {
@@ -20,17 +17,27 @@ func (n *mockNotifier) ConfigDidUpdate(c Root) {
 	n.configs = append(n.configs, c)
 }
 
-func writeConfig(t *testing.T, f *os.File, c *Root) {
-	f.Sync()
-	b, err := yaml.Marshal(c)
-	assert.NoError(t, err)
+type mockFileWatcher struct {
+	path     string
+	notifier watcher.Notification
+	ready    chan struct{}
+}
 
-	w := bufio.NewWriter(f)
-	_, err = w.Write(b)
-	assert.NoError(t, err)
+func (w *mockFileWatcher) Start(n watcher.Notification) {
+	w.notifier = n
+	w.ready <- struct{}{}
+}
 
-	err = w.Flush()
-	assert.NoError(t, err)
+func (w *mockFileWatcher) Add(string) error {
+	return nil
+}
+
+func (w *mockFileWatcher) Shutdown() {
+
+}
+
+func (w *mockFileWatcher) TriggerChange() {
+	w.notifier.WatcherItemDidChange(w.path)
 }
 
 func TestConfigChanged(t *testing.T) {
@@ -52,22 +59,24 @@ func TestConfigChanged(t *testing.T) {
 			},
 		},
 	}
-	writeConfig(t, f, c)
+	configRead := func(configPath string) (Root, error) {
+		return *c, nil
+	}
+	wait := make(chan struct{})
+	w := &mockFileWatcher{path: filePath, ready: wait}
 
-	w, err := watcher.NewFile()
-	assert.NoError(t, err)
 	logger := log.CreateLogger()
 	service, err := NewFileManager(w, filePath, logger)
+	service.ReadConfig = configRead
 	assert.NoError(t, err)
 
 	n := &mockNotifier{}
 	go service.Start(n)
 
+	<-wait
 	c.Forwarders = append(c.Forwarders, Forwarder{URL: "add.daltoniam.com", Listener: "127.0.0.1:8081"})
-	writeConfig(t, f, c)
+	w.TriggerChange()
 
-	// give it time to trigger
-	time.Sleep(10 * time.Millisecond)
 	service.Shutdown()
 
 	assert.Len(t, n.configs, 2, "did not get 2 config updates as expected")
diff --git a/cmd/cloudflared/config/model.go b/cmd/cloudflared/config/model.go
index 85312538..95d266e8 100644
--- a/cmd/cloudflared/config/model.go
+++ b/cmd/cloudflared/config/model.go
@@ -4,6 +4,7 @@ import (
 	"crypto/md5"
 	"fmt"
 	"io"
+	"strings"
 )
 
 // Forwarder represents a client side listener to forward traffic to the edge
@@ -19,6 +20,15 @@ type Tunnel struct {
 	ProtocolType string `json:"type"`
 }
 
+// DNSResolver represents a client side DNS resolver
+type DNSResolver struct {
+	Enabled    bool     `json:"enabled"`
+	Address    string   `json:"address"`
+	Port       uint16   `json:"port"`
+	Upstreams  []string `json:"upstreams"`
+	Bootstraps []string `json:"bootstraps"`
+}
+
 // Root is the base options to configure the service
 type Root struct {
 	OrgKey          string      `json:"org_key"`
@@ -26,6 +36,7 @@ type Root struct {
 	CheckinInterval int         `json:"checkin_interval"`
 	Forwarders      []Forwarder `json:"forwarders,omitempty"`
 	Tunnels         []Tunnel    `json:"tunnels,omitempty"`
+	Resolver        DNSResolver `json:"resolver"`
 }
 
 // Hash returns the computed values to see if the forwarder values change
@@ -35,3 +46,51 @@ func (f *Forwarder) Hash() string {
 	io.WriteString(h, f.Listener)
 	return fmt.Sprintf("%x", h.Sum(nil))
 }
+
+// Hash returns the computed values to see if the forwarder values change
+func (r *DNSResolver) Hash() string {
+	h := md5.New()
+	io.WriteString(h, r.Address)
+	io.WriteString(h, strings.Join(r.Bootstraps, ","))
+	io.WriteString(h, strings.Join(r.Upstreams, ","))
+	io.WriteString(h, fmt.Sprintf("%d", r.Port))
+	io.WriteString(h, fmt.Sprintf("%v", r.Enabled))
+	return fmt.Sprintf("%x", h.Sum(nil))
+}
+
+// EnabledOrDefault returns the enabled property
+func (r *DNSResolver) EnabledOrDefault() bool {
+	return r.Enabled
+}
+
+// AddressOrDefault returns the address or returns the default if empty
+func (r *DNSResolver) AddressOrDefault() string {
+	if r.Address != "" {
+		return r.Address
+	}
+	return "localhost"
+}
+
+// PortOrDefault return the port or returns the default if 0
+func (r *DNSResolver) PortOrDefault() uint16 {
+	if r.Port > 0 {
+		return r.Port
+	}
+	return 53
+}
+
+// UpstreamsOrDefault returns the upstreams or returns the default if empty
+func (r *DNSResolver) UpstreamsOrDefault() []string {
+	if len(r.Upstreams) > 0 {
+		return r.Upstreams
+	}
+	return []string{"https://1.1.1.1/dns-query", "https://1.0.0.1/dns-query"}
+}
+
+// BootstrapsOrDefault returns the bootstraps or returns the default if empty
+func (r *DNSResolver) BootstrapsOrDefault() []string {
+	if len(r.Bootstraps) > 0 {
+		return r.Bootstraps
+	}
+	return []string{"https://162.159.36.1/dns-query", "https://162.159.46.1/dns-query", "https://[2606:4700:4700::1111]/dns-query", "https://[2606:4700:4700::1001]/dns-query"}
+}
diff --git a/cmd/cloudflared/main.go b/cmd/cloudflared/main.go
index 33a857cb..97687984 100644
--- a/cmd/cloudflared/main.go
+++ b/cmd/cloudflared/main.go
@@ -11,6 +11,7 @@ import (
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/updater"
 	"github.com/cloudflare/cloudflared/log"
 	"github.com/cloudflare/cloudflared/metrics"
+	"github.com/cloudflare/cloudflared/overwatch"
 	"github.com/cloudflare/cloudflared/watcher"
 
 	raven "github.com/getsentry/raven-go"
@@ -180,7 +181,9 @@ func handleServiceMode(shutdownC chan struct{}) error {
 		return err
 	}
 
-	appService := NewAppService(configManager, shutdownC, logger)
+	serviceManager := overwatch.NewAppManager(nil)
+
+	appService := NewAppService(configManager, serviceManager, shutdownC, logger)
 	if err := appService.Run(); err != nil {
 		logger.WithError(err).Error("Failed to start app service")
 		return err
diff --git a/overwatch/app_manager.go b/overwatch/app_manager.go
new file mode 100644
index 00000000..bd341551
--- /dev/null
+++ b/overwatch/app_manager.go
@@ -0,0 +1,53 @@
+package overwatch
+
+// AppManager is the default implementation of overwatch service management
+type AppManager struct {
+	services  map[string]Service
+	errorChan chan error
+}
+
+// NewAppManager creates a new overwatch manager
+func NewAppManager(errorChan chan error) Manager {
+	return &AppManager{services: make(map[string]Service), errorChan: errorChan}
+}
+
+// Add takes in a new service to manage.
+// It stops the service if it already exist in the manager and is running
+// It then starts the newly added service
+func (m *AppManager) Add(service Service) {
+	// check for existing service
+	if currentService, ok := m.services[service.Name()]; ok {
+		if currentService.Hash() == service.Hash() {
+			return // the exact same service, no changes, so move along
+		}
+		currentService.Shutdown() //shutdown the listener since a new one is starting
+	}
+	m.services[service.Name()] = service
+
+	//start the service!
+	go m.serviceRun(service)
+}
+
+// Remove shutdowns the service by name and removes it from its current management list
+func (m *AppManager) Remove(name string) {
+	if currentService, ok := m.services[name]; ok {
+		currentService.Shutdown()
+	}
+	delete(m.services, name)
+}
+
+// Services returns all the current Services being managed
+func (m *AppManager) Services() []Service {
+	values := []Service{}
+	for _, value := range m.services {
+		values = append(values, value)
+	}
+	return values
+}
+
+func (m *AppManager) serviceRun(service Service) {
+	err := service.Run()
+	if err != nil && m.errorChan != nil {
+		m.errorChan <- err
+	}
+}
diff --git a/overwatch/manager.go b/overwatch/manager.go
new file mode 100644
index 00000000..58aff6f2
--- /dev/null
+++ b/overwatch/manager.go
@@ -0,0 +1,17 @@
+package overwatch
+
+// Service is the required functions for an object to be managed by the overwatch Manager
+type Service interface {
+	Name() string
+	Type() string
+	Hash() string
+	Shutdown()
+	Run() error
+}
+
+// Manager is based type to manage running services
+type Manager interface {
+	Add(Service)
+	Remove(string)
+	Services() []Service
+}
diff --git a/overwatch/manager_test.go b/overwatch/manager_test.go
new file mode 100644
index 00000000..d07e6cf0
--- /dev/null
+++ b/overwatch/manager_test.go
@@ -0,0 +1,74 @@
+package overwatch
+
+import (
+	"crypto/md5"
+	"errors"
+	"fmt"
+	"io"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+type mockService struct {
+	serviceName string
+	serviceType string
+	runError    error
+}
+
+func (s *mockService) Name() string {
+	return s.serviceName
+}
+
+func (s *mockService) Type() string {
+	return s.serviceType
+}
+
+func (s *mockService) Hash() string {
+	h := md5.New()
+	io.WriteString(h, s.serviceName)
+	io.WriteString(h, s.serviceType)
+	return fmt.Sprintf("%x", h.Sum(nil))
+}
+
+func (s *mockService) Shutdown() {
+}
+
+func (s *mockService) Run() error {
+	return s.runError
+}
+
+func TestManagerAddAndRemove(t *testing.T) {
+	m := NewAppManager(nil)
+
+	first := &mockService{serviceName: "first", serviceType: "mock"}
+	second := &mockService{serviceName: "second", serviceType: "mock"}
+	m.Add(first)
+	m.Add(second)
+	assert.Len(t, m.Services(), 2, "expected 2 services in the list")
+
+	m.Remove(first.Name())
+	services := m.Services()
+	assert.Len(t, services, 1, "expected 1 service in the list")
+	assert.Equal(t, second.Hash(), services[0].Hash(), "hashes should match. Wrong service was removed")
+}
+
+func TestManagerDuplicate(t *testing.T) {
+	m := NewAppManager(nil)
+
+	first := &mockService{serviceName: "first", serviceType: "mock"}
+	m.Add(first)
+	m.Add(first)
+	assert.Len(t, m.Services(), 1, "expected 1 service in the list")
+}
+
+func TestManagerErrorChannel(t *testing.T) {
+	errChan := make(chan error)
+	m := NewAppManager(errChan)
+
+	err := errors.New("test error")
+	first := &mockService{serviceName: "first", serviceType: "mock", runError: err}
+	m.Add(first)
+	respErr := <-errChan
+	assert.Equal(t, err, respErr, "errors don't match")
+}
diff --git a/tunneldns/metrics.go b/tunneldns/metrics.go
index 33f9eeae..bab53472 100644
--- a/tunneldns/metrics.go
+++ b/tunneldns/metrics.go
@@ -2,6 +2,7 @@ package tunneldns
 
 import (
 	"context"
+	"sync"
 
 	"github.com/coredns/coredns/plugin"
 	"github.com/coredns/coredns/plugin/metrics/vars"
@@ -12,6 +13,8 @@ import (
 	"github.com/prometheus/client_golang/prometheus"
 )
 
+var once sync.Once
+
 // MetricsPlugin is an adapter for CoreDNS and built-in metrics
 type MetricsPlugin struct {
 	Next plugin.Handler
@@ -19,13 +22,15 @@ type MetricsPlugin struct {
 
 // NewMetricsPlugin creates a plugin with configured metrics
 func NewMetricsPlugin(next plugin.Handler) *MetricsPlugin {
-	prometheus.MustRegister(vars.RequestCount)
-	prometheus.MustRegister(vars.RequestDuration)
-	prometheus.MustRegister(vars.RequestSize)
-	prometheus.MustRegister(vars.RequestDo)
-	prometheus.MustRegister(vars.RequestType)
-	prometheus.MustRegister(vars.ResponseSize)
-	prometheus.MustRegister(vars.ResponseRcode)
+	once.Do(func() {
+		prometheus.MustRegister(vars.RequestCount)
+		prometheus.MustRegister(vars.RequestDuration)
+		prometheus.MustRegister(vars.RequestSize)
+		prometheus.MustRegister(vars.RequestDo)
+		prometheus.MustRegister(vars.RequestType)
+		prometheus.MustRegister(vars.ResponseSize)
+		prometheus.MustRegister(vars.ResponseRcode)
+	})
 	return &MetricsPlugin{Next: next}
 }
 

From 83a1dc93d8de47d4eeac6c2fcf6cee7b2a59be6a Mon Sep 17 00:00:00 2001
From: Igor Postelnik <igor@cloudflare.com>
Date: Mon, 11 May 2020 16:12:19 -0500
Subject: [PATCH 052/100] Release 2020.5.1

---
 RELEASE_NOTES | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/RELEASE_NOTES b/RELEASE_NOTES
index e2aedcbc..8c3e7112 100644
--- a/RELEASE_NOTES
+++ b/RELEASE_NOTES
@@ -1,3 +1,8 @@
+2020.5.1
+- 2020-05-07 TUN-2860: Enable quick reconnect feature by default
+- 2020-05-07 AUTH-2564: error handling and minor fixes
+- 2020-05-01 AUTH-2588 add DoH to service mode
+
 2020.5.0
 - 2020-05-01 TUN-2943: Copy certutil from edge into cloudflared
 - 2020-05-05 TUN-2955: Fix connection and goroutine leaks when tunnel conection is terminated on error. Only unregister tunnels that had connected successfully. Close edge connection used to unregister the tunnel. Use buffered channels for error channels where receiver may quit early on context cancellation.

From 8c870c19a635a8ca6fc5c46a102cd9d3845622cd Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Wed, 13 May 2020 13:53:31 -0500
Subject: [PATCH 053/100] AUTH-2505 added aliases

---
 cmd/cloudflared/access/cmd.go | 20 +++++++++++---------
 cmd/cloudflared/tunnel/cmd.go |  2 ++
 validation/validation.go      |  2 +-
 validation/validation_test.go |  2 +-
 4 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/cmd/cloudflared/access/cmd.go b/cmd/cloudflared/access/cmd.go
index d756d954..d1e3f854 100644
--- a/cmd/cloudflared/access/cmd.go
+++ b/cmd/cloudflared/access/cmd.go
@@ -85,13 +85,13 @@ func Commands() []*cli.Command {
 	return []*cli.Command{
 		{
 			Name:     "access",
-			Category: "Access (BETA)",
+			Aliases:  []string{"forward"},
+			Category: "Access",
 			Usage:    "access <subcommand>",
-			Description: `(BETA) Cloudflare Access protects internal resources by securing, authenticating and monitoring access 
+			Description: `Cloudflare Access protects internal resources by securing, authenticating and monitoring access 
 			per-user and by application. With Cloudflare Access, only authenticated users with the required permissions are 
 			able to reach sensitive resources. The commands provided here allow you to interact with Access protected 
-			applications from the command line. This feature is considered beta. Your feedback is greatly appreciated!
-			https://cfl.re/CLIAuthBeta`,
+			applications from the command line.`,
 			Subcommands: []*cli.Command{
 				{
 					Name:   "login",
@@ -133,22 +133,24 @@ func Commands() []*cli.Command {
 				{
 					Name:        "ssh",
 					Action:      errorHandler(ssh),
-					Aliases:     []string{"rdp", "tcp"},
+					Aliases:     []string{"rdp", "tcp", "smb"},
 					Usage:       "",
 					ArgsUsage:   "",
 					Description: `The ssh subcommand sends data over a proxy to the Cloudflare edge.`,
 					Flags: []cli.Flag{
 						&cli.StringFlag{
-							Name:  sshHostnameFlag,
-							Usage: "specify the hostname of your application.",
+							Name:    sshHostnameFlag,
+							Aliases: []string{"tunnel-host", "T"},
+							Usage:   "specify the hostname of your application.",
 						},
 						&cli.StringFlag{
 							Name:  sshDestinationFlag,
 							Usage: "specify the destination address of your SSH server.",
 						},
 						&cli.StringFlag{
-							Name:  sshURLFlag,
-							Usage: "specify the host:port to forward data to Cloudflare edge.",
+							Name:    sshURLFlag,
+							Aliases: []string{"listener", "L"},
+							Usage:   "specify the host:port to forward data to Cloudflare edge.",
 						},
 						&cli.StringSliceFlag{
 							Name:    sshHeaderFlag,
diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index d8d40248..aac5a235 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -631,6 +631,8 @@ func hostnameFromURI(uri string) string {
 		return addPortIfMissing(u, 22)
 	case "rdp":
 		return addPortIfMissing(u, 3389)
+	case "smb":
+		return addPortIfMissing(u, 445)
 	case "tcp":
 		return addPortIfMissing(u, 7864) // just a random port since there isn't a default in this case
 	}
diff --git a/validation/validation.go b/validation/validation.go
index 97233864..21ba940d 100644
--- a/validation/validation.go
+++ b/validation/validation.go
@@ -23,7 +23,7 @@ const (
 )
 
 var (
-	supportedProtocols = []string{"http", "https", "rdp"}
+	supportedProtocols = []string{"http", "https", "rdp", "ssh", "smb", "tcp"}
 	validationTimeout  = time.Duration(30 * time.Second)
 )
 
diff --git a/validation/validation_test.go b/validation/validation_test.go
index 866414ad..b6ae8bf4 100644
--- a/validation/validation_test.go
+++ b/validation/validation_test.go
@@ -308,7 +308,7 @@ func TestNewAccessValidatorErr(t *testing.T) {
 
 	urls := []string{
 		"",
-		"tcp://test.cloudflareaccess.com",
+		"ftp://test.cloudflareaccess.com",
 		"wss://cloudflarenone.com",
 	}
 

From df3ad2b2235fdb375e4e316ab6844e42c4344553 Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Thu, 14 May 2020 10:26:09 -0500
Subject: [PATCH 054/100] AUTH-2529 added deprecation text to db-connect
 command

---
 cmd/cloudflared/access/cmd.go |  6 +++---
 dbconnect/cmd.go              | 12 ++++++++++--
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/cmd/cloudflared/access/cmd.go b/cmd/cloudflared/access/cmd.go
index d1e3f854..5b556b56 100644
--- a/cmd/cloudflared/access/cmd.go
+++ b/cmd/cloudflared/access/cmd.go
@@ -131,12 +131,12 @@ func Commands() []*cli.Command {
 					},
 				},
 				{
-					Name:        "ssh",
+					Name:        "tcp",
 					Action:      errorHandler(ssh),
-					Aliases:     []string{"rdp", "tcp", "smb"},
+					Aliases:     []string{"rdp", "ssh", "smb"},
 					Usage:       "",
 					ArgsUsage:   "",
-					Description: `The ssh subcommand sends data over a proxy to the Cloudflare edge.`,
+					Description: `The tcp subcommand sends data over a proxy to the Cloudflare edge.`,
 					Flags: []cli.Flag{
 						&cli.StringFlag{
 							Name:    sshHostnameFlag,
diff --git a/dbconnect/cmd.go b/dbconnect/cmd.go
index e24fec4d..7f55f1ee 100644
--- a/dbconnect/cmd.go
+++ b/dbconnect/cmd.go
@@ -15,11 +15,19 @@ import (
 // The tunnel package is responsible for appending this to tunnel.Commands().
 func Cmd() *cli.Command {
 	return &cli.Command{
-		Category:  "Database Connect (ALPHA)",
+		Category:  "Database Connect (ALPHA) - Deprecated",
 		Name:      "db-connect",
-		Usage:     "Access your SQL database from Cloudflare Workers or the browser",
+		Usage:     "deprecated: Access your SQL database from Cloudflare Workers or the browser",
 		ArgsUsage: " ",
 		Description: `
+		This feature has been deprecated. 
+		Please see: 
+
+		cloudflared access tcp --help 
+
+		for setting up database connections to the cloudflare edge.
+		
+
 		Creates a connection between your database and the Cloudflare edge.
 		Now you can execute SQL commands anywhere you can send HTTPS requests.
 

From 6a7418e1afefae16b5780d260e54060a22ca9eca Mon Sep 17 00:00:00 2001
From: Michael Borkenstein <mborkenstein@cloudflare.com>
Date: Mon, 18 May 2020 13:24:17 -0500
Subject: [PATCH 055/100] AUTH-2686: Added error handling to tunnel subcommand

---
 cmd/cloudflared/access/cmd.go     | 27 +++++++--------------------
 cmd/cloudflared/cliutil/errors.go | 17 +++++++++++++++++
 cmd/cloudflared/tunnel/cmd.go     | 11 ++++++-----
 3 files changed, 30 insertions(+), 25 deletions(-)
 create mode 100644 cmd/cloudflared/cliutil/errors.go

diff --git a/cmd/cloudflared/access/cmd.go b/cmd/cloudflared/access/cmd.go
index 5b556b56..72bd67d7 100644
--- a/cmd/cloudflared/access/cmd.go
+++ b/cmd/cloudflared/access/cmd.go
@@ -10,6 +10,7 @@ import (
 	"time"
 
 	"github.com/cloudflare/cloudflared/carrier"
+	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/shell"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/token"
 	"github.com/cloudflare/cloudflared/sshgen"
@@ -66,20 +67,6 @@ func Flags() []cli.Flag {
 	return []cli.Flag{} // no flags yet.
 }
 
-// Ensures exit with error code if actionFunc returns an error
-func errorHandler(actionFunc cli.ActionFunc) cli.ActionFunc {
-	return func(ctx *cli.Context) error {
-		err := actionFunc(ctx)
-
-		if err != nil {
-			// os.Exits with error code if err is cli.ExitCoder or cli.MultiError
-			cli.HandleExitCoder(err)
-			err = cli.Exit(err.Error(), 1)
-		}
-		return err
-	}
-}
-
 // Commands returns all the Access related subcommands
 func Commands() []*cli.Command {
 	return []*cli.Command{
@@ -95,7 +82,7 @@ func Commands() []*cli.Command {
 			Subcommands: []*cli.Command{
 				{
 					Name:   "login",
-					Action: errorHandler(login),
+					Action: cliutil.ErrorHandler(login),
 					Usage:  "login <url of access application>",
 					Description: `The login subcommand initiates an authentication flow with your identity provider.
 					The subcommand will launch a browser. For headless systems, a url is provided.
@@ -111,7 +98,7 @@ func Commands() []*cli.Command {
 				},
 				{
 					Name:   "curl",
-					Action: errorHandler(curl),
+					Action: cliutil.ErrorHandler(curl),
 					Usage:  "curl [--allow-request, -ar] <url> [<curl args>...]",
 					Description: `The curl subcommand wraps curl and automatically injects the JWT into a cf-access-token
 					header when using curl to reach an application behind Access.`,
@@ -120,7 +107,7 @@ func Commands() []*cli.Command {
 				},
 				{
 					Name:        "token",
-					Action:      errorHandler(generateToken),
+					Action:      cliutil.ErrorHandler(generateToken),
 					Usage:       "token -app=<url of access application>",
 					ArgsUsage:   "url of Access application",
 					Description: `The token subcommand produces a JWT which can be used to authenticate requests.`,
@@ -132,7 +119,7 @@ func Commands() []*cli.Command {
 				},
 				{
 					Name:        "tcp",
-					Action:      errorHandler(ssh),
+					Action:      cliutil.ErrorHandler(ssh),
 					Aliases:     []string{"rdp", "ssh", "smb"},
 					Usage:       "",
 					ArgsUsage:   "",
@@ -171,7 +158,7 @@ func Commands() []*cli.Command {
 				},
 				{
 					Name:        "ssh-config",
-					Action:      errorHandler(sshConfig),
+					Action:      cliutil.ErrorHandler(sshConfig),
 					Usage:       "",
 					Description: `Prints an example configuration ~/.ssh/config`,
 					Flags: []cli.Flag{
@@ -187,7 +174,7 @@ func Commands() []*cli.Command {
 				},
 				{
 					Name:        "ssh-gen",
-					Action:      errorHandler(sshGen),
+					Action:      cliutil.ErrorHandler(sshGen),
 					Usage:       "",
 					Description: `Generates a short lived certificate for given hostname`,
 					Flags: []cli.Flag{
diff --git a/cmd/cloudflared/cliutil/errors.go b/cmd/cloudflared/cliutil/errors.go
new file mode 100644
index 00000000..c0938349
--- /dev/null
+++ b/cmd/cloudflared/cliutil/errors.go
@@ -0,0 +1,17 @@
+package cliutil
+
+import "gopkg.in/urfave/cli.v2"
+
+// Ensures exit with error code if actionFunc returns an error
+func ErrorHandler(actionFunc cli.ActionFunc) cli.ActionFunc {
+	return func(ctx *cli.Context) error {
+		err := actionFunc(ctx)
+		if err != nil {
+			// os.Exits with error code if err is cli.ExitCoder or cli.MultiError
+			cli.HandleExitCoder(err)
+			err = cli.Exit(err.Error(), 1)
+		}
+		return err
+	}
+}
+
diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index aac5a235..b3576d51 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -17,6 +17,7 @@ import (
 
 	"github.com/cloudflare/cloudflared/awsuploader"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/buildinfo"
+	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/updater"
 	"github.com/cloudflare/cloudflared/connection"
@@ -100,7 +101,7 @@ func Commands() []*cli.Command {
 	cmds := []*cli.Command{
 		{
 			Name:      "login",
-			Action:    login,
+			Action:    cliutil.ErrorHandler(login),
 			Usage:     "Generate a configuration file with your login details",
 			ArgsUsage: " ",
 			Flags: []cli.Flag{
@@ -113,7 +114,7 @@ func Commands() []*cli.Command {
 		},
 		{
 			Name:   "proxy-dns",
-			Action: tunneldns.Run,
+			Action: cliutil.ErrorHandler(tunneldns.Run),
 			Usage:  "Run a DNS over HTTPS proxy server.",
 			Flags: []cli.Flag{
 				&cli.StringFlag{
@@ -162,7 +163,7 @@ func Commands() []*cli.Command {
 
 	cmds = append(cmds, &cli.Command{
 		Name:      "tunnel",
-		Action:    tunnel,
+		Action:    cliutil.ErrorHandler(tunnel),
 		Before:    Before,
 		Category:  "Tunnel",
 		Usage:     "Make a locally-running web service accessible over the internet using Argo Tunnel.",
@@ -662,13 +663,13 @@ func dbConnectCmd() *cli.Command {
 	}
 
 	// Override action to setup the Proxy, then if successful, start the tunnel daemon.
-	cmd.Action = func(c *cli.Context) error {
+	cmd.Action = cliutil.ErrorHandler(func(c *cli.Context) error {
 		err := dbconnect.CmdAction(c)
 		if err == nil {
 			err = tunnel(c)
 		}
 		return err
-	}
+	})
 
 	return cmd
 }

From b89cc22896c098f78de2647a6efe767825d8ccd0 Mon Sep 17 00:00:00 2001
From: Michael Borkenstein <mborkenstein@cloudflare.com>
Date: Mon, 4 May 2020 15:15:17 -0500
Subject: [PATCH 056/100] AUTH-2369: RDP Bastion prototype

---
 carrier/carrier.go                      |  3 +-
 cmd/cloudflared/access/carrier.go       |  7 ++--
 cmd/cloudflared/access/cmd.go           |  7 ++--
 cmd/cloudflared/tunnel/cmd.go           | 44 +++++++++++++++++++++----
 cmd/cloudflared/tunnel/configuration.go |  9 ++---
 h2mux/header.go                         |  5 +++
 sshserver/sshserver_unix.go             |  1 +
 websocket/websocket.go                  | 35 +++++++++++---------
 8 files changed, 78 insertions(+), 33 deletions(-)

diff --git a/carrier/carrier.go b/carrier/carrier.go
index 1bdfeb95..b36a0e51 100644
--- a/carrier/carrier.go
+++ b/carrier/carrier.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/token"
+	"github.com/cloudflare/cloudflared/h2mux"
 	"github.com/pkg/errors"
 )
 
@@ -145,7 +146,7 @@ func BuildAccessRequest(options *StartOptions) (*http.Request, error) {
 	if err != nil {
 		return nil, err
 	}
-	originRequest.Header.Set("cf-access-token", token)
+	originRequest.Header.Set(h2mux.CFAccessTokenHeader, token)
 
 	for k, v := range options.Headers {
 		if len(v) >= 1 {
diff --git a/cmd/cloudflared/access/carrier.go b/cmd/cloudflared/access/carrier.go
index ddcffbf3..c258f85b 100644
--- a/cmd/cloudflared/access/carrier.go
+++ b/cmd/cloudflared/access/carrier.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/cloudflare/cloudflared/carrier"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/h2mux"
 	"github.com/cloudflare/cloudflared/validation"
 	"github.com/pkg/errors"
 	cli "gopkg.in/urfave/cli.v2"
@@ -54,15 +55,15 @@ func ssh(c *cli.Context) error {
 	// get the headers from the cmdline and add them
 	headers := buildRequestHeaders(c.StringSlice(sshHeaderFlag))
 	if c.IsSet(sshTokenIDFlag) {
-		headers.Add("CF-Access-Client-Id", c.String(sshTokenIDFlag))
+		headers.Add(h2mux.CFAccessClientIDHeader, c.String(sshTokenIDFlag))
 	}
 	if c.IsSet(sshTokenSecretFlag) {
-		headers.Add("CF-Access-Client-Secret", c.String(sshTokenSecretFlag))
+		headers.Add(h2mux.CFAccessClientSecretHeader, c.String(sshTokenSecretFlag))
 	}
 
 	destination := c.String(sshDestinationFlag)
 	if destination != "" {
-		headers.Add("CF-Access-SSH-Destination", destination)
+		headers.Add(h2mux.CFJumpDestinationHeader, destination)
 	}
 
 	options := &carrier.StartOptions{
diff --git a/cmd/cloudflared/access/cmd.go b/cmd/cloudflared/access/cmd.go
index 72bd67d7..7f4f1abb 100644
--- a/cmd/cloudflared/access/cmd.go
+++ b/cmd/cloudflared/access/cmd.go
@@ -13,6 +13,7 @@ import (
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/shell"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/token"
+	"github.com/cloudflare/cloudflared/h2mux"
 	"github.com/cloudflare/cloudflared/sshgen"
 	"github.com/cloudflare/cloudflared/validation"
 	"github.com/pkg/errors"
@@ -262,7 +263,7 @@ func curl(c *cli.Context) error {
 	}
 
 	cmdArgs = append(cmdArgs, "-H")
-	cmdArgs = append(cmdArgs, fmt.Sprintf("cf-access-token: %s", tok))
+	cmdArgs = append(cmdArgs, fmt.Sprintf("%s: %s", h2mux.CFAccessTokenHeader, tok))
 	return shell.Run("curl", cmdArgs...)
 }
 
@@ -415,10 +416,10 @@ func isFileThere(candidate string) bool {
 func verifyTokenAtEdge(appUrl *url.URL, c *cli.Context) error {
 	headers := buildRequestHeaders(c.StringSlice(sshHeaderFlag))
 	if c.IsSet(sshTokenIDFlag) {
-		headers.Add("CF-Access-Client-Id", c.String(sshTokenIDFlag))
+		headers.Add(h2mux.CFAccessClientIDHeader, c.String(sshTokenIDFlag))
 	}
 	if c.IsSet(sshTokenSecretFlag) {
-		headers.Add("CF-Access-Client-Secret", c.String(sshTokenSecretFlag))
+		headers.Add(h2mux.CFAccessClientSecretHeader, c.String(sshTokenSecretFlag))
 	}
 	options := &carrier.StartOptions{OriginURL: appUrl.String(), Headers: headers}
 
diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index b3576d51..843462ba 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"net"
+	"net/http"
 	"net/url"
 	"os"
 	"reflect"
@@ -22,6 +23,7 @@ import (
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/updater"
 	"github.com/cloudflare/cloudflared/connection"
 	"github.com/cloudflare/cloudflared/dbconnect"
+	"github.com/cloudflare/cloudflared/h2mux"
 	"github.com/cloudflare/cloudflared/hello"
 	"github.com/cloudflare/cloudflared/metrics"
 	"github.com/cloudflare/cloudflared/origin"
@@ -81,9 +83,15 @@ const (
 	// hostKeyPath is the path of the dir to save SSH host keys too
 	hostKeyPath = "host-key-path"
 
+	//sshServerFlag enables cloudflared ssh proxy server
+	sshServerFlag = "ssh-server"
+
 	// socks5Flag is to enable the socks server to deframe
 	socks5Flag = "socks5"
 
+	// bastionFlag is to enable bastion, or jump host, operation
+	bastionFlag = "bastion"
+
 	noIntentMsg = "The --intent argument is required. Cloudflared looks up an Intent to determine what configuration to use (i.e. which tunnels to start). If you don't have any Intents yet, you can use a placeholder Intent Label for now. Then, when you make an Intent with that label, cloudflared will get notified and open the tunnels you specified in that Intent."
 )
 
@@ -343,12 +351,11 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 		c.Set("url", "https://"+helloListener.Addr().String())
 	}
 
-	if c.IsSet("ssh-server") {
+	if c.IsSet(sshServerFlag) {
 		if runtime.GOOS != "darwin" && runtime.GOOS != "linux" {
 			msg := fmt.Sprintf("--ssh-server is not supported on %s", runtime.GOOS)
 			logger.Error(msg)
 			return errors.New(msg)
-
 		}
 
 		logger.Infof("ssh-server set")
@@ -394,7 +401,7 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 		c.Set("url", "ssh://"+localServerAddress)
 	}
 
-	if host := hostnameFromURI(c.String("url")); host != "" {
+	if staticHost := hostnameFromURI(c.String("url")); isProxyDestinationConfigured(staticHost, c) {
 		listener, err := net.Listen("tcp", "127.0.0.1:")
 		if err != nil {
 			logger.WithError(err).Error("Cannot start Websocket Proxy Server")
@@ -406,15 +413,26 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 			streamHandler := websocket.DefaultStreamHandler
 			if c.IsSet(socks5Flag) {
 				logger.Info("SOCKS5 server started")
-				streamHandler = func(wsConn *websocket.Conn, remoteConn net.Conn) {
+				streamHandler = func(wsConn *websocket.Conn, remoteConn net.Conn, _ http.Header) {
 					dialer := socks.NewConnDialer(remoteConn)
 					requestHandler := socks.NewRequestHandler(dialer)
 					socksServer := socks.NewConnectionHandler(requestHandler)
 
 					socksServer.Serve(wsConn)
 				}
+			} else if c.IsSet(sshServerFlag) {
+				streamHandler = func(wsConn *websocket.Conn, remoteConn net.Conn, requestHeaders http.Header) {
+					if finalDestination := requestHeaders.Get(h2mux.CFJumpDestinationHeader); finalDestination != "" {
+						token := requestHeaders.Get(h2mux.CFAccessTokenHeader)
+						if err := websocket.SendSSHPreamble(remoteConn, finalDestination, token); err != nil {
+							logger.WithError(err).Error("Failed to send SSH preamble")
+							return
+						}
+					}
+					websocket.DefaultStreamHandler(wsConn, remoteConn, requestHeaders)
+				}
 			}
-			errC <- websocket.StartProxyServer(logger, listener, host, shutdownC, streamHandler)
+			errC <- websocket.StartProxyServer(logger, listener, staticHost, shutdownC, streamHandler)
 		}()
 		c.Set("url", "http://"+listener.Addr().String())
 	}
@@ -457,6 +475,11 @@ func Before(c *cli.Context) error {
 	return nil
 }
 
+// isProxyDestinationConfigured returns true if there is a static host set or if bastion mode is set.
+func isProxyDestinationConfigured(staticHost string, c *cli.Context) bool {
+	return staticHost != "" || c.IsSet(bastionFlag)
+}
+
 func startDeclarativeTunnel(ctx context.Context,
 	c *cli.Context,
 	cloudflaredID uuid.UUID,
@@ -882,7 +905,7 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 			Hidden:  shouldHide,
 		}),
 		altsrc.NewBoolFlag(&cli.BoolFlag{
-			Name:    "ssh-server",
+			Name:    sshServerFlag,
 			Value:   false,
 			Usage:   "Run an SSH Server",
 			EnvVars: []string{"TUNNEL_SSH_SERVER"},
@@ -1118,7 +1141,14 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 			Usage:   "specify if this tunnel is running as a SOCK5 Server",
 			EnvVars: []string{"TUNNEL_SOCKS"},
 			Value:   false,
-			Hidden:  false,
+			Hidden:  shouldHide,
+		}),
+		altsrc.NewBoolFlag(&cli.BoolFlag{
+			Name:    bastionFlag,
+			Value:   false,
+			Usage:   "Runs as jump host",
+			EnvVars: []string{"TUNNEL_BASTION"},
+			Hidden:  shouldHide,
 		}),
 	}
 }
diff --git a/cmd/cloudflared/tunnel/configuration.go b/cmd/cloudflared/tunnel/configuration.go
index 8cd15d6c..39772845 100644
--- a/cmd/cloudflared/tunnel/configuration.go
+++ b/cmd/cloudflared/tunnel/configuration.go
@@ -233,10 +233,11 @@ func prepareTunnelConfig(
 	if !c.IsSet("hello-world") && c.IsSet("origin-server-name") {
 		httpTransport.TLSClientConfig.ServerName = c.String("origin-server-name")
 	}
-
-	err = validation.ValidateHTTPService(originURL, hostname, httpTransport)
-	if err != nil {
-		logger.WithError(err).Error("unable to connect to the origin")
+	// If tunnel running in bastion mode, a connection to origin will not exist until initiated by the client.
+	if !c.IsSet(bastionFlag) {
+		if err = validation.ValidateHTTPService(originURL, hostname, httpTransport); err != nil {
+			logger.WithError(err).Error("unable to connect to the origin")
+		}
 	}
 
 	toEdgeTLSConfig, err := tlsconfig.CreateTunnelConfig(c)
diff --git a/h2mux/header.go b/h2mux/header.go
index 5490b050..58d418e2 100644
--- a/h2mux/header.go
+++ b/h2mux/header.go
@@ -25,6 +25,11 @@ const (
 	ResponseMetaHeaderField   = "cf-cloudflared-response-meta"
 	ResponseSourceCloudflared = "cloudflared"
 	ResponseSourceOrigin      = "origin"
+
+	CFAccessTokenHeader        = "cf-access-token"
+	CFJumpDestinationHeader    = "CF-Access-Jump-Destination"
+	CFAccessClientIDHeader     = "CF-Access-Client-Id"
+	CFAccessClientSecretHeader = "CF-Access-Client-Secret"
 )
 
 // H2RequestHeadersToH1Request converts the HTTP/2 headers coming from origintunneld
diff --git a/sshserver/sshserver_unix.go b/sshserver/sshserver_unix.go
index d4552832..8a5b9b2d 100644
--- a/sshserver/sshserver_unix.go
+++ b/sshserver/sshserver_unix.go
@@ -267,6 +267,7 @@ func (s *SSHProxy) proxyChannel(localChan, remoteChan gossh.Channel, localChanRe
 	}
 }
 
+
 // readPreamble reads a preamble from the SSH connection before any SSH traffic is sent.
 // This preamble is a JSON encoded struct containing the users JWT and ultimate destination.
 // The first 4 bytes contain the length of the preamble which follows immediately.
diff --git a/websocket/websocket.go b/websocket/websocket.go
index 823879aa..31d7f3d8 100644
--- a/websocket/websocket.go
+++ b/websocket/websocket.go
@@ -13,6 +13,7 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/cloudflare/cloudflared/h2mux"
 	"github.com/cloudflare/cloudflared/sshserver"
 	"github.com/gorilla/websocket"
 	"github.com/sirupsen/logrus"
@@ -118,13 +119,13 @@ func Stream(conn, backendConn io.ReadWriter) {
 
 // DefaultStreamHandler is provided to the the standard websocket to origin stream
 // This exist to allow SOCKS to deframe data before it gets to the origin
-func DefaultStreamHandler(wsConn *Conn, remoteConn net.Conn) {
+func DefaultStreamHandler(wsConn *Conn, remoteConn net.Conn, _ http.Header) {
 	Stream(wsConn, remoteConn)
 }
 
 // StartProxyServer will start a websocket server that will decode
 // the websocket data and write the resulting data to the provided
-func StartProxyServer(logger *logrus.Logger, listener net.Listener, remote string, shutdownC <-chan struct{}, streamHandler func(wsConn *Conn, remoteConn net.Conn)) error {
+func StartProxyServer(logger *logrus.Logger, listener net.Listener, staticHost string, shutdownC <-chan struct{}, streamHandler func(wsConn *Conn, remoteConn net.Conn, requestHeaders http.Header)) error {
 	upgrader := websocket.Upgrader{
 		ReadBufferSize:  1024,
 		WriteBufferSize: 1024,
@@ -137,7 +138,18 @@ func StartProxyServer(logger *logrus.Logger, listener net.Listener, remote strin
 	}()
 
 	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-		stream, err := net.Dial("tcp", remote)
+		// If remote is an empty string, get the destination from the client.
+		finalDestination := staticHost
+		if finalDestination == "" {
+			if jumpDestination := r.Header.Get(h2mux.CFJumpDestinationHeader); jumpDestination == "" {
+				logger.Error("Did not receive final destination from client. The --destination flag is likely not set")
+				return
+			} else {
+				finalDestination = jumpDestination
+			}
+		}
+
+		stream, err := net.Dial("tcp", finalDestination)
 		if err != nil {
 			logger.WithError(err).Error("Cannot connect to remote.")
 			return
@@ -162,24 +174,17 @@ func StartProxyServer(logger *logrus.Logger, listener net.Listener, remote strin
 			conn.Close()
 		}()
 
-		token := r.Header.Get("cf-access-token")
-		if destination := r.Header.Get("CF-Access-SSH-Destination"); destination != "" {
-			if err := sendSSHPreamble(stream, destination, token); err != nil {
-				logger.WithError(err).Error("Failed to send SSH preamble")
-				return
-			}
-		}
-
-		streamHandler(&Conn{conn}, stream)
+		streamHandler(&Conn{conn}, stream, r.Header)
 	})
 
 	return httpServer.Serve(listener)
 }
 
-// sendSSHPreamble sends the final SSH destination address to the cloudflared SSH proxy
+// SendSSHPreamble sends the final SSH destination address to the cloudflared SSH proxy
 // The destination is preceded by its length
-func sendSSHPreamble(stream net.Conn, destination, token string) error {
-	preamble := &sshserver.SSHPreamble{Destination: destination, JWT: token}
+// Not part of sshserver module to fix compilation for incompatible operating systems
+func SendSSHPreamble(stream net.Conn, destination, token string) error {
+	preamble := sshserver.SSHPreamble{Destination: destination, JWT: token}
 	payload, err := json.Marshal(preamble)
 	if err != nil {
 		return err

From 7a77ead423b290ed51a20d4872ba090cdd03466a Mon Sep 17 00:00:00 2001
From: Michael Borkenstein <mborkenstein@cloudflare.com>
Date: Wed, 20 May 2020 11:26:28 -0500
Subject: [PATCH 057/100] AUTH-2682: Create buster build

---
 cfsetup.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/cfsetup.yaml b/cfsetup.yaml
index a156da8e..06773696 100644
--- a/cfsetup.yaml
+++ b/cfsetup.yaml
@@ -1,4 +1,4 @@
-pinned_go: &pinned_go go=1.12.7-1
+pinned_go: &pinned_go go=1.12.9-1
 build_dir: &build_dir /cfsetup_build
 default-flavor: stretch
 stretch: &stretch
@@ -86,6 +86,8 @@ stretch: &stretch
 
 jessie: *stretch
 
+buster: *stretch
+
 # cfsetup compose
 default-stack: test_dbconnect
 test_dbconnect:

From a908453aa4e2455e1539b8441f4a9732aba16bac Mon Sep 17 00:00:00 2001
From: Igor Postelnik <igor@cloudflare.com>
Date: Thu, 21 May 2020 15:36:49 -0500
Subject: [PATCH 058/100] TUN-2928, TUN-2929, TUN-2930: Add tunnel subcommands
 to interact with tunnel store service

---
 cmd/cloudflared/cliutil/errors.go       |  26 +++-
 cmd/cloudflared/tunnel/cmd.go           |  12 +-
 cmd/cloudflared/tunnel/configuration.go |  39 +++--
 cmd/cloudflared/tunnel/subcommands.go   | 165 +++++++++++++++++++++
 tunnelstore/client.go                   | 184 ++++++++++++++++++++++++
 5 files changed, 412 insertions(+), 14 deletions(-)
 create mode 100644 cmd/cloudflared/tunnel/subcommands.go
 create mode 100644 tunnelstore/client.go

diff --git a/cmd/cloudflared/cliutil/errors.go b/cmd/cloudflared/cliutil/errors.go
index c0938349..e85e396b 100644
--- a/cmd/cloudflared/cliutil/errors.go
+++ b/cmd/cloudflared/cliutil/errors.go
@@ -1,12 +1,35 @@
 package cliutil
 
-import "gopkg.in/urfave/cli.v2"
+import (
+	"fmt"
+
+	"gopkg.in/urfave/cli.v2"
+)
+
+type usageError string
+
+func (ue usageError) Error() string {
+	return string(ue)
+}
+
+func UsageError(format string, args ...interface{}) error {
+	if len(args) == 0 {
+		return usageError(format)
+	} else {
+		msg := fmt.Sprintf(format, args...)
+		return usageError(msg)
+	}
+}
 
 // Ensures exit with error code if actionFunc returns an error
 func ErrorHandler(actionFunc cli.ActionFunc) cli.ActionFunc {
 	return func(ctx *cli.Context) error {
 		err := actionFunc(ctx)
 		if err != nil {
+			if _, ok := err.(usageError); ok {
+				msg := fmt.Sprintf("%s\nSee 'cloudflared %s --help'.", err.Error(), ctx.Command.FullName())
+				return cli.Exit(msg, -1)
+			}
 			// os.Exits with error code if err is cli.ExitCoder or cli.MultiError
 			cli.HandleExitCoder(err)
 			err = cli.Exit(err.Error(), 1)
@@ -14,4 +37,3 @@ func ErrorHandler(actionFunc cli.ActionFunc) cli.ActionFunc {
 		return err
 	}
 }
-
diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index 843462ba..5a9bdb85 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -168,6 +168,9 @@ func Commands() []*cli.Command {
 		c.Hidden = false
 		subcommands = append(subcommands, &c)
 	}
+	subcommands = append(subcommands, buildCreateCommand())
+	subcommands = append(subcommands, buildListCommand())
+	subcommands = append(subcommands, buildDeleteCommand())
 
 	cmds = append(cmds, &cli.Command{
 		Name:      "tunnel",
@@ -175,7 +178,7 @@ func Commands() []*cli.Command {
 		Before:    Before,
 		Category:  "Tunnel",
 		Usage:     "Make a locally-running web service accessible over the internet using Argo Tunnel.",
-		ArgsUsage: "[origin-url]",
+		ArgsUsage: " ",
 		Description: `Argo Tunnel asks you to specify a hostname on a Cloudflare-powered
 		domain you control and a local address. Traffic from that hostname is routed
 		(optionally via a Cloudflare Load Balancer) to this machine and appears on the
@@ -843,6 +846,13 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 			EnvVars: []string{"TUNNEL_API_CA_KEY"},
 			Hidden:  true,
 		}),
+		altsrc.NewStringFlag(&cli.StringFlag{
+			Name:    "api-url",
+			Usage:   "Base URL for Cloudflare API v4",
+			EnvVars: []string{"TUNNEL_API_URL"},
+			Value:   "https://api.cloudflare.com/client/v4",
+			Hidden:  true,
+		}),
 		altsrc.NewStringFlag(&cli.StringFlag{
 			Name:    "metrics",
 			Value:   "localhost:",
diff --git a/cmd/cloudflared/tunnel/configuration.go b/cmd/cloudflared/tunnel/configuration.go
index 39772845..883d3542 100644
--- a/cmd/cloudflared/tunnel/configuration.go
+++ b/cmd/cloudflared/tunnel/configuration.go
@@ -102,27 +102,29 @@ func dnsProxyStandAlone(c *cli.Context) bool {
 	return c.IsSet("proxy-dns") && (!c.IsSet("hostname") && !c.IsSet("tag") && !c.IsSet("hello-world"))
 }
 
-func getOriginCert(c *cli.Context) ([]byte, error) {
-	if c.String("origincert") == "" {
+func findOriginCert(c *cli.Context) (string, error) {
+	originCertPath := c.String("origincert")
+	if originCertPath == "" {
 		logger.Warnf("Cannot determine default origin certificate path. No file %s in %v", config.DefaultCredentialFile, config.DefaultConfigDirs)
 		if isRunningFromTerminal() {
 			logger.Errorf("You need to specify the origin certificate path with --origincert option, or set TUNNEL_ORIGIN_CERT environment variable. See %s for more information.", argumentsUrl)
-			return nil, fmt.Errorf("Client didn't specify origincert path when running from terminal")
+			return "", fmt.Errorf("Client didn't specify origincert path when running from terminal")
 		} else {
 			logger.Errorf("You need to specify the origin certificate path by specifying the origincert option in the configuration file, or set TUNNEL_ORIGIN_CERT environment variable. See %s for more information.", serviceUrl)
-			return nil, fmt.Errorf("Client didn't specify origincert path")
+			return "", fmt.Errorf("Client didn't specify origincert path")
 		}
 	}
-	// Check that the user has acquired a certificate using the login command
-	originCertPath, err := homedir.Expand(c.String("origincert"))
+	var err error
+	originCertPath, err = homedir.Expand(originCertPath)
 	if err != nil {
-		logger.WithError(err).Errorf("Cannot resolve path %s", c.String("origincert"))
-		return nil, fmt.Errorf("Cannot resolve path %s", c.String("origincert"))
+		logger.WithError(err).Errorf("Cannot resolve path %s", originCertPath)
+		return "", fmt.Errorf("Cannot resolve path %s", originCertPath)
 	}
+	// Check that the user has acquired a certificate using the login command
 	ok, err := config.FileExists(originCertPath)
 	if err != nil {
-		logger.Errorf("Cannot check if origin cert exists at path %s", c.String("origincert"))
-		return nil, fmt.Errorf("Cannot check if origin cert exists at path %s", c.String("origincert"))
+		logger.Errorf("Cannot check if origin cert exists at path %s", originCertPath)
+		return "", fmt.Errorf("Cannot check if origin cert exists at path %s", originCertPath)
 	}
 	if !ok {
 		logger.Errorf(`Cannot find a valid certificate for your origin at the path:
@@ -134,8 +136,15 @@ If you don't have a certificate signed by Cloudflare, run the command:
 
 	%s login
 `, originCertPath, os.Args[0])
-		return nil, fmt.Errorf("Cannot find a valid certificate at the path %s", originCertPath)
+		return "", fmt.Errorf("Cannot find a valid certificate at the path %s", originCertPath)
 	}
+
+	return originCertPath, nil
+}
+
+func readOriginCert(originCertPath string) ([]byte, error) {
+	logger.Debugf("Reading origin cert from %s", originCertPath)
+
 	// Easier to send the certificate as []byte via RPC than decoding it at this point
 	originCert, err := ioutil.ReadFile(originCertPath)
 	if err != nil {
@@ -145,6 +154,14 @@ If you don't have a certificate signed by Cloudflare, run the command:
 	return originCert, nil
 }
 
+func getOriginCert(c *cli.Context) ([]byte, error) {
+	if originCertPath, err := findOriginCert(c); err != nil {
+		return nil, err
+	} else {
+		return readOriginCert(originCertPath)
+	}
+}
+
 func prepareTunnelConfig(
 	c *cli.Context,
 	buildInfo *buildinfo.BuildInfo,
diff --git a/cmd/cloudflared/tunnel/subcommands.go b/cmd/cloudflared/tunnel/subcommands.go
new file mode 100644
index 00000000..f9493f57
--- /dev/null
+++ b/cmd/cloudflared/tunnel/subcommands.go
@@ -0,0 +1,165 @@
+package tunnel
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/pkg/errors"
+	"gopkg.in/urfave/cli.v2"
+	"gopkg.in/yaml.v2"
+
+	"github.com/cloudflare/cloudflared/certutil"
+	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
+	"github.com/cloudflare/cloudflared/tunnelstore"
+)
+
+var (
+	outputFormatFlag = &cli.StringFlag{
+		Name:  "output",
+		Aliases: []string{"o"},
+		Usage: "Render output using given `FORMAT`. Valid options are 'json' or 'yaml'",
+	}
+)
+
+const hideSubcommands = true
+
+func buildCreateCommand() *cli.Command {
+	return &cli.Command{
+		Name:      "create",
+		Action:    cliutil.ErrorHandler(createTunnel),
+		Usage:     "Create a new tunnel with given name",
+		ArgsUsage: "TUNNEL-NAME",
+		Hidden:    hideSubcommands,
+		Flags:     []cli.Flag{outputFormatFlag},
+	}
+}
+
+func createTunnel(c *cli.Context) error {
+	if c.NArg() != 1 {
+		return cliutil.UsageError(`"cloudflared tunnel create" requires exactly 1 argument, the name of tunnel to create.`)
+	}
+	name := c.Args().First()
+
+	client, err := newTunnelstoreClient(c)
+	if err != nil {
+		return err
+	}
+
+	tunnel, err := client.CreateTunnel(name)
+	if err != nil {
+		return errors.Wrap(err, "Error creating a new tunnel")
+	}
+
+	if outputFormat := c.String(outputFormatFlag.Name); outputFormat != "" {
+		return renderOutput(outputFormat, &tunnel)
+	}
+
+	logger.Infof("Created tunnel %s with id %s", tunnel.Name, tunnel.ID)
+	return nil
+}
+
+func buildListCommand() *cli.Command {
+	return &cli.Command{
+		Name:      "list",
+		Action:    cliutil.ErrorHandler(listTunnels),
+		Usage:     "List existing tunnels",
+		ArgsUsage: " ",
+		Hidden:    hideSubcommands,
+		Flags:     []cli.Flag{outputFormatFlag},
+	}
+}
+
+func listTunnels(c *cli.Context) error {
+	client, err := newTunnelstoreClient(c)
+	if err != nil {
+		return err
+	}
+
+	tunnels, err := client.ListTunnels()
+	if err != nil {
+		return errors.Wrap(err, "Error listing tunnels")
+	}
+
+	if outputFormat := c.String(outputFormatFlag.Name); outputFormat != "" {
+		return renderOutput(outputFormat, tunnels)
+	}
+	if len(tunnels) > 0 {
+		const listFormat = "%-40s%-40s%s\n"
+		fmt.Printf(listFormat, "ID", "NAME", "CREATED")
+		for _, t := range tunnels {
+			fmt.Printf(listFormat, t.ID, t.Name, t.CreatedAt.Format(time.RFC3339))
+		}
+	} else {
+		fmt.Println("You have no tunnels, use 'cloudflared tunnel create' to define a new tunnel")
+	}
+
+	return nil
+}
+
+func buildDeleteCommand() *cli.Command {
+	return &cli.Command{
+		Name:      "delete",
+		Action:    cliutil.ErrorHandler(deleteTunnel),
+		Usage:     "Delete existing tunnel with given ID",
+		ArgsUsage: "TUNNEL-ID",
+		Hidden:    hideSubcommands,
+	}
+}
+
+func deleteTunnel(c *cli.Context) error {
+	if c.NArg() != 1 {
+		return cliutil.UsageError(`"cloudflared tunnel delete" requires exactly 1 argument, the ID of the tunnel to delete.`)
+	}
+	id := c.Args().First()
+
+	client, err := newTunnelstoreClient(c)
+	if err != nil {
+		return err
+	}
+
+	if err := client.DeleteTunnel(id); err != nil {
+		return errors.Wrapf(err, "Error deleting tunnel %s", id)
+	}
+
+	return nil
+}
+
+func renderOutput(format string, v interface{}) error {
+	switch format {
+	case "json":
+		encoder := json.NewEncoder(os.Stdout)
+		encoder.SetIndent("", "  ")
+		return encoder.Encode(v)
+	case "yaml":
+		return yaml.NewEncoder(os.Stdout).Encode(v)
+	default:
+		return errors.Errorf("Unknown output format '%s'", format)
+	}
+}
+
+func newTunnelstoreClient(c *cli.Context) (tunnelstore.Client, error) {
+	originCertPath, err := findOriginCert(c)
+	if err != nil {
+		return nil, errors.Wrap(err, "Error locating origin cert")
+	}
+
+	blocks, err := readOriginCert(originCertPath)
+	if err != nil {
+		return nil, errors.Wrapf(err, "Can't read origin cert from %s", originCertPath)
+	}
+
+	cert, err := certutil.DecodeOriginCert(blocks)
+	if err != nil {
+		return nil, errors.Wrap(err, "Error decoding origin cert")
+	}
+
+	if cert.AccountID == "" {
+		return nil, errors.Errorf(`Origin certificate needs to be refreshed before creating new tunnels.\nDelete %s and run "cloudflared login" to obtain a new cert.`, originCertPath)
+	}
+
+	client := tunnelstore.NewRESTClient(c.String("api-url"), cert.AccountID, cert.ServiceKey)
+
+	return client, nil
+}
diff --git a/tunnelstore/client.go b/tunnelstore/client.go
new file mode 100644
index 00000000..fcd5f92c
--- /dev/null
+++ b/tunnelstore/client.go
@@ -0,0 +1,184 @@
+package tunnelstore
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	defaultTimeout  = 15 * time.Second
+	jsonContentType = "application/json"
+)
+
+var (
+	ErrTunnelNameConflict = errors.New("tunnel with name already exists")
+	ErrUnauthorized       = errors.New("unauthorized")
+	ErrBadRequest         = errors.New("incorrect request parameters")
+	ErrNotFound           = errors.New("not found")
+)
+
+type Tunnel struct {
+	ID        string    `json:"id"`
+	Name      string    `json:"name"`
+	CreatedAt time.Time `json:"created_at"`
+}
+
+type Client interface {
+	CreateTunnel(name string) (*Tunnel, error)
+	GetTunnel(id string) (*Tunnel, error)
+	DeleteTunnel(id string) error
+	ListTunnels() ([]Tunnel, error)
+}
+
+type RESTClient struct {
+	baseURL   string
+	authToken string
+	client    http.Client
+}
+
+var _ Client = (*RESTClient)(nil)
+
+func NewRESTClient(baseURL string, accountTag string, authToken string) *RESTClient {
+	if strings.HasSuffix(baseURL, "/") {
+		baseURL = baseURL[:len(baseURL)-1]
+	}
+	url := fmt.Sprintf("%s/accounts/%s/tunnels", baseURL, accountTag)
+	return &RESTClient{
+		baseURL:   url,
+		authToken: authToken,
+		client: http.Client{
+			Transport: &http.Transport{
+				TLSHandshakeTimeout:   defaultTimeout,
+				ResponseHeaderTimeout: defaultTimeout,
+			},
+			Timeout: defaultTimeout,
+		},
+	}
+}
+
+type newTunnel struct {
+	Name string `json:"name"`
+}
+
+func (r *RESTClient) CreateTunnel(name string) (*Tunnel, error) {
+	if name == "" {
+		return nil, errors.New("tunnel name required")
+	}
+	body, err := json.Marshal(&newTunnel{
+		Name: name,
+	})
+	if err != nil {
+		return nil, errors.Wrap(err, "Failed to serialize new tunnel request")
+	}
+
+	resp, err := r.sendRequest("POST", "", bytes.NewBuffer(body))
+	if err != nil {
+		return nil, errors.Wrap(err, "REST request failed")
+	}
+	defer resp.Body.Close()
+
+	switch resp.StatusCode {
+	case http.StatusOK:
+		return unmarshalTunnel(resp.Body)
+	case http.StatusConflict:
+		return nil, ErrTunnelNameConflict
+	}
+
+	return nil, statusCodeToError("create", resp)
+}
+
+func (r *RESTClient) GetTunnel(id string) (*Tunnel, error) {
+	resp, err := r.sendRequest("GET", id, nil)
+	if err != nil {
+		return nil, errors.Wrap(err, "REST request failed")
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode == http.StatusOK {
+		return unmarshalTunnel(resp.Body)
+	}
+
+	return nil, statusCodeToError("read", resp)
+}
+
+func (r *RESTClient) DeleteTunnel(id string) error {
+	resp, err := r.sendRequest("DELETE", id, nil)
+	if err != nil {
+		return errors.Wrap(err, "REST request failed")
+	}
+	defer resp.Body.Close()
+
+	return statusCodeToError("delete", resp)
+}
+
+func (r *RESTClient) ListTunnels() ([]Tunnel, error) {
+	resp, err := r.sendRequest("GET", "", nil)
+	if err != nil {
+		return nil, errors.Wrap(err, "REST request failed")
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode == http.StatusOK {
+		var tunnels []Tunnel
+		if err := json.NewDecoder(resp.Body).Decode(&tunnels); err != nil {
+			return nil, errors.Wrap(err, "failed to decode response")
+		}
+		return tunnels, nil
+	}
+
+	return nil, statusCodeToError("list", resp)
+}
+
+func (r *RESTClient) resolve(target string) string {
+	if target != "" {
+		return r.baseURL + "/" + target
+	}
+	return r.baseURL
+}
+
+func (r *RESTClient) sendRequest(method string, target string, body io.Reader) (*http.Response, error) {
+	url := r.resolve(target)
+	logrus.Debugf("%s %s", method, url)
+	req, err := http.NewRequest(method, url, body)
+	if err != nil {
+		return nil, errors.Wrapf(err, "can't create %s request", method)
+	}
+	if body != nil {
+		req.Header.Set("Content-Type", jsonContentType)
+	}
+	req.Header.Add("X-Auth-User-Service-Key", r.authToken)
+	return r.client.Do(req)
+}
+
+func unmarshalTunnel(reader io.Reader) (*Tunnel, error) {
+	var tunnel Tunnel
+	if err := json.NewDecoder(reader).Decode(&tunnel); err != nil {
+		return nil, errors.Wrap(err, "failed to decode response")
+	}
+	return &tunnel, nil
+}
+
+func statusCodeToError(op string, resp *http.Response) error {
+	switch resp.StatusCode {
+	case http.StatusOK:
+		return nil
+	case http.StatusBadRequest:
+		return ErrBadRequest
+	case http.StatusUnauthorized, http.StatusForbidden:
+		return ErrUnauthorized
+	case http.StatusNotFound:
+		return ErrNotFound
+	}
+	return errors.Errorf("API call to %s tunnel failed with status %d: %s", op,
+		resp.StatusCode, http.StatusText(resp.StatusCode))
+}
+
+

From 046be6325382ef7f1e81e92201e3e3fb613ca07e Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Wed, 29 Apr 2020 15:51:32 -0500
Subject: [PATCH 059/100] AUTH-2596 added new logger package and replaced
 logrus

---
 awsuploader/directory_upload_manager.go       |    8 +-
 awsuploader/directory_upload_manager_test.go  |    4 +-
 carrier/carrier.go                            |    5 +-
 carrier/carrier_test.go                       |    6 +-
 carrier/websocket.go                          |   24 +-
 cmd/cloudflared/access/carrier.go             |   23 +-
 cmd/cloudflared/access/cmd.go                 |   47 +-
 cmd/cloudflared/app_forward_service.go        |    8 +-
 cmd/cloudflared/app_resolver_service.go       |    8 +-
 cmd/cloudflared/app_service.go                |    8 +-
 cmd/cloudflared/buildinfo/build_info.go       |    4 +-
 cmd/cloudflared/config/configuration.go       |   30 +
 cmd/cloudflared/config/manager.go             |   11 +-
 cmd/cloudflared/config/manager_test.go        |    5 +-
 cmd/cloudflared/config/model.go               |   16 +-
 cmd/cloudflared/linux_service.go              |   53 +-
 cmd/cloudflared/macos_service.go              |   26 +-
 cmd/cloudflared/main.go                       |   18 +-
 cmd/cloudflared/service_template.go           |   13 +-
 cmd/cloudflared/token/token.go                |    8 +-
 cmd/cloudflared/transfer/transfer.go          |   18 +-
 cmd/cloudflared/tunnel/cmd.go                 |  153 +--
 cmd/cloudflared/tunnel/configuration.go       |   60 +-
 cmd/cloudflared/tunnel/logger.go              |   75 --
 cmd/cloudflared/tunnel/login.go               |    9 +-
 cmd/cloudflared/tunnel/server.go              |    8 +-
 cmd/cloudflared/tunnel/signal.go              |   10 +-
 cmd/cloudflared/tunnel/signal_test.go         |   19 +-
 cmd/cloudflared/tunnel/subcommands.go         |   34 +-
 cmd/cloudflared/updater/update.go             |   33 +-
 cmd/cloudflared/updater/update_test.go        |    4 +-
 cmd/cloudflared/windows_service.go            |   33 +-
 connection/connection.go                      |    6 +-
 connection/manager.go                         |   20 +-
 connection/manager_test.go                    |    4 +-
 connection/rpc.go                             |    4 +-
 dbconnect/proxy.go                            |   23 +-
 edgediscovery/allregions/discovery.go         |    8 +-
 edgediscovery/allregions/discovery_test.go    |    5 +-
 edgediscovery/allregions/region.go            |    4 +-
 edgediscovery/allregions/regions.go           |    4 +-
 edgediscovery/edgediscovery.go                |   42 +-
 edgediscovery/edgediscovery_test.go           |   18 +-
 go.mod                                        |   10 +-
 go.sum                                        |    3 +
 h2mux/h2mux.go                                |   12 +-
 h2mux/h2mux_test.go                           |   42 +-
 h2mux/muxmetrics.go                           |   25 +-
 h2mux/muxmetrics_test.go                      |    4 +-
 h2mux/muxreader.go                            |   36 +-
 h2mux/muxwriter.go                            |   50 +-
 hello/hello.go                                |   10 +-
 log/log.go                                    |   85 --
 logger/create.go                              |  150 +++
 logger/file_writer.go                         |  105 ++
 logger/file_writer_test.go                    |   56 +
 logger/formatter.go                           |   91 ++
 logger/manager.go                             |   59 +
 logger/manager_test.go                        |   18 +
 logger/mock_manager.go                        |   18 +
 logger/output.go                              |  132 +++
 logger/output_test.go                         |  104 ++
 metrics/metrics.go                            |    8 +-
 origin/supervisor.go                          |   29 +-
 origin/supervisor_test.go                     |   16 +-
 origin/tunnel.go                              |   88 +-
 originservice/originservice.go                |   10 +-
 sshlog/empty_manager.go                       |    6 +-
 sshlog/logger.go                              |   10 +-
 sshlog/logger_test.go                         |    5 +-
 sshlog/manager.go                             |   10 +-
 sshlog/session_logger.go                      |    4 +-
 sshlog/session_logger_test.go                 |    4 +-
 sshserver/host_keys.go                        |    8 +-
 sshserver/sshserver_unix.go                   |   44 +-
 sshserver/sshserver_windows.go                |    4 +-
 streamhandler/stream_handler.go               |   44 +-
 streamhandler/stream_handler_test.go          |   12 +-
 supervisor/supervisor.go                      |   10 +-
 tlsconfig/certreloader.go                     |   12 +-
 tunneldns/https_upstream.go                   |   19 +-
 tunneldns/tunnel.go                           |   32 +-
 tunnelrpc/log.go                              |    6 +-
 tunnelrpc/logtransport.go                     |   14 +-
 tunnelrpc/pogs/config.go                      |   13 +-
 tunnelrpc/pogs/config_test.go                 |    4 +-
 tunnelstore/client.go                         |   10 +-
 .../skittles}/LICENSE                         |    2 +-
 .../acmacalister/skittles/README.md           |   40 +
 .../acmacalister/skittles/skittles.go         |  153 +++
 .../LICENSE => alecthomas/units/COPYING}      |   24 +-
 vendor/github.com/alecthomas/units/README.md  |   11 +
 vendor/github.com/alecthomas/units/bytes.go   |   83 ++
 vendor/github.com/alecthomas/units/doc.go     |   13 +
 vendor/github.com/alecthomas/units/go.mod     |    1 +
 vendor/github.com/alecthomas/units/si.go      |   26 +
 vendor/github.com/alecthomas/units/util.go    |  138 +++
 vendor/github.com/cloudflare/cfssl/LICENSE    |   24 -
 vendor/github.com/cloudflare/cfssl/log/log.go |   98 --
 .../cloudflare/cfssl/revoke/revoke.go         |  146 ---
 .../go-windows-terminal-sequences/LICENSE     |    9 -
 .../go-windows-terminal-sequences/README.md   |   41 -
 .../go-windows-terminal-sequences/go.mod      |    1 -
 .../sequences.go                              |   36 -
 .../sequences_dummy.go                        |   11 -
 .../github.com/mattn/go-colorable/.travis.yml |    9 -
 .../github.com/mattn/go-colorable/README.md   |   48 -
 .../mattn/go-colorable/colorable_appengine.go |   29 -
 .../mattn/go-colorable/colorable_others.go    |   30 -
 .../mattn/go-colorable/colorable_windows.go   | 1005 -----------------
 vendor/github.com/mattn/go-colorable/go.mod   |    3 -
 vendor/github.com/mattn/go-colorable/go.sum   |    4 -
 .../mattn/go-colorable/noncolorable.go        |   55 -
 vendor/github.com/mattn/go-isatty/.travis.yml |   13 -
 vendor/github.com/mattn/go-isatty/LICENSE     |    9 -
 vendor/github.com/mattn/go-isatty/README.md   |   50 -
 vendor/github.com/mattn/go-isatty/doc.go      |    2 -
 vendor/github.com/mattn/go-isatty/go.mod      |    5 -
 vendor/github.com/mattn/go-isatty/go.sum      |    4 -
 .../mattn/go-isatty/isatty_android.go         |   23 -
 .../github.com/mattn/go-isatty/isatty_bsd.go  |   24 -
 .../mattn/go-isatty/isatty_others.go          |   15 -
 .../mattn/go-isatty/isatty_plan9.go           |   22 -
 .../mattn/go-isatty/isatty_solaris.go         |   22 -
 .../mattn/go-isatty/isatty_tcgets.go          |   19 -
 .../mattn/go-isatty/isatty_windows.go         |  125 --
 vendor/github.com/rifflock/lfshook/README.md  |   87 --
 vendor/github.com/rifflock/lfshook/lfshook.go |  194 ----
 vendor/github.com/sirupsen/logrus/.gitignore  |    2 -
 vendor/github.com/sirupsen/logrus/.travis.yml |   25 -
 .../github.com/sirupsen/logrus/CHANGELOG.md   |  200 ----
 vendor/github.com/sirupsen/logrus/LICENSE     |   21 -
 vendor/github.com/sirupsen/logrus/README.md   |  495 --------
 vendor/github.com/sirupsen/logrus/alt_exit.go |   76 --
 .../github.com/sirupsen/logrus/appveyor.yml   |   14 -
 vendor/github.com/sirupsen/logrus/doc.go      |   26 -
 vendor/github.com/sirupsen/logrus/entry.go    |  407 -------
 vendor/github.com/sirupsen/logrus/exported.go |  225 ----
 .../github.com/sirupsen/logrus/formatter.go   |   78 --
 vendor/github.com/sirupsen/logrus/go.mod      |   10 -
 vendor/github.com/sirupsen/logrus/go.sum      |   16 -
 vendor/github.com/sirupsen/logrus/hooks.go    |   34 -
 .../sirupsen/logrus/json_formatter.go         |  121 --
 vendor/github.com/sirupsen/logrus/logger.go   |  351 ------
 vendor/github.com/sirupsen/logrus/logrus.go   |  186 ---
 .../logrus/terminal_check_appengine.go        |   11 -
 .../sirupsen/logrus/terminal_check_bsd.go     |   13 -
 .../logrus/terminal_check_no_terminal.go      |   11 -
 .../logrus/terminal_check_notappengine.go     |   17 -
 .../sirupsen/logrus/terminal_check_solaris.go |   11 -
 .../sirupsen/logrus/terminal_check_unix.go    |   13 -
 .../sirupsen/logrus/terminal_check_windows.go |   34 -
 .../sirupsen/logrus/text_formatter.go         |  295 -----
 vendor/github.com/sirupsen/logrus/writer.go   |   64 --
 vendor/modules.txt                            |   17 +-
 watcher/file_test.go                          |    2 +-
 websocket/websocket.go                        |   12 +-
 websocket/websocket_test.go                   |    6 +-
 158 files changed, 2027 insertions(+), 5771 deletions(-)
 delete mode 100644 cmd/cloudflared/tunnel/logger.go
 delete mode 100644 log/log.go
 create mode 100644 logger/create.go
 create mode 100644 logger/file_writer.go
 create mode 100644 logger/file_writer_test.go
 create mode 100644 logger/formatter.go
 create mode 100644 logger/manager.go
 create mode 100644 logger/manager_test.go
 create mode 100644 logger/mock_manager.go
 create mode 100644 logger/output.go
 create mode 100644 logger/output_test.go
 rename vendor/github.com/{mattn/go-colorable => acmacalister/skittles}/LICENSE (96%)
 create mode 100644 vendor/github.com/acmacalister/skittles/README.md
 create mode 100644 vendor/github.com/acmacalister/skittles/skittles.go
 rename vendor/github.com/{rifflock/lfshook/LICENSE => alecthomas/units/COPYING} (52%)
 create mode 100644 vendor/github.com/alecthomas/units/README.md
 create mode 100644 vendor/github.com/alecthomas/units/bytes.go
 create mode 100644 vendor/github.com/alecthomas/units/doc.go
 create mode 100644 vendor/github.com/alecthomas/units/go.mod
 create mode 100644 vendor/github.com/alecthomas/units/si.go
 create mode 100644 vendor/github.com/alecthomas/units/util.go
 delete mode 100644 vendor/github.com/cloudflare/cfssl/LICENSE
 delete mode 100644 vendor/github.com/cloudflare/cfssl/log/log.go
 delete mode 100644 vendor/github.com/cloudflare/cfssl/revoke/revoke.go
 delete mode 100644 vendor/github.com/konsorten/go-windows-terminal-sequences/LICENSE
 delete mode 100644 vendor/github.com/konsorten/go-windows-terminal-sequences/README.md
 delete mode 100644 vendor/github.com/konsorten/go-windows-terminal-sequences/go.mod
 delete mode 100644 vendor/github.com/konsorten/go-windows-terminal-sequences/sequences.go
 delete mode 100644 vendor/github.com/konsorten/go-windows-terminal-sequences/sequences_dummy.go
 delete mode 100644 vendor/github.com/mattn/go-colorable/.travis.yml
 delete mode 100644 vendor/github.com/mattn/go-colorable/README.md
 delete mode 100644 vendor/github.com/mattn/go-colorable/colorable_appengine.go
 delete mode 100644 vendor/github.com/mattn/go-colorable/colorable_others.go
 delete mode 100644 vendor/github.com/mattn/go-colorable/colorable_windows.go
 delete mode 100644 vendor/github.com/mattn/go-colorable/go.mod
 delete mode 100644 vendor/github.com/mattn/go-colorable/go.sum
 delete mode 100644 vendor/github.com/mattn/go-colorable/noncolorable.go
 delete mode 100644 vendor/github.com/mattn/go-isatty/.travis.yml
 delete mode 100644 vendor/github.com/mattn/go-isatty/LICENSE
 delete mode 100644 vendor/github.com/mattn/go-isatty/README.md
 delete mode 100644 vendor/github.com/mattn/go-isatty/doc.go
 delete mode 100644 vendor/github.com/mattn/go-isatty/go.mod
 delete mode 100644 vendor/github.com/mattn/go-isatty/go.sum
 delete mode 100644 vendor/github.com/mattn/go-isatty/isatty_android.go
 delete mode 100644 vendor/github.com/mattn/go-isatty/isatty_bsd.go
 delete mode 100644 vendor/github.com/mattn/go-isatty/isatty_others.go
 delete mode 100644 vendor/github.com/mattn/go-isatty/isatty_plan9.go
 delete mode 100644 vendor/github.com/mattn/go-isatty/isatty_solaris.go
 delete mode 100644 vendor/github.com/mattn/go-isatty/isatty_tcgets.go
 delete mode 100644 vendor/github.com/mattn/go-isatty/isatty_windows.go
 delete mode 100644 vendor/github.com/rifflock/lfshook/README.md
 delete mode 100644 vendor/github.com/rifflock/lfshook/lfshook.go
 delete mode 100644 vendor/github.com/sirupsen/logrus/.gitignore
 delete mode 100644 vendor/github.com/sirupsen/logrus/.travis.yml
 delete mode 100644 vendor/github.com/sirupsen/logrus/CHANGELOG.md
 delete mode 100644 vendor/github.com/sirupsen/logrus/LICENSE
 delete mode 100644 vendor/github.com/sirupsen/logrus/README.md
 delete mode 100644 vendor/github.com/sirupsen/logrus/alt_exit.go
 delete mode 100644 vendor/github.com/sirupsen/logrus/appveyor.yml
 delete mode 100644 vendor/github.com/sirupsen/logrus/doc.go
 delete mode 100644 vendor/github.com/sirupsen/logrus/entry.go
 delete mode 100644 vendor/github.com/sirupsen/logrus/exported.go
 delete mode 100644 vendor/github.com/sirupsen/logrus/formatter.go
 delete mode 100644 vendor/github.com/sirupsen/logrus/go.mod
 delete mode 100644 vendor/github.com/sirupsen/logrus/go.sum
 delete mode 100644 vendor/github.com/sirupsen/logrus/hooks.go
 delete mode 100644 vendor/github.com/sirupsen/logrus/json_formatter.go
 delete mode 100644 vendor/github.com/sirupsen/logrus/logger.go
 delete mode 100644 vendor/github.com/sirupsen/logrus/logrus.go
 delete mode 100644 vendor/github.com/sirupsen/logrus/terminal_check_appengine.go
 delete mode 100644 vendor/github.com/sirupsen/logrus/terminal_check_bsd.go
 delete mode 100644 vendor/github.com/sirupsen/logrus/terminal_check_no_terminal.go
 delete mode 100644 vendor/github.com/sirupsen/logrus/terminal_check_notappengine.go
 delete mode 100644 vendor/github.com/sirupsen/logrus/terminal_check_solaris.go
 delete mode 100644 vendor/github.com/sirupsen/logrus/terminal_check_unix.go
 delete mode 100644 vendor/github.com/sirupsen/logrus/terminal_check_windows.go
 delete mode 100644 vendor/github.com/sirupsen/logrus/text_formatter.go
 delete mode 100644 vendor/github.com/sirupsen/logrus/writer.go

diff --git a/awsuploader/directory_upload_manager.go b/awsuploader/directory_upload_manager.go
index c679f76e..4cafd984 100644
--- a/awsuploader/directory_upload_manager.go
+++ b/awsuploader/directory_upload_manager.go
@@ -5,12 +5,12 @@ import (
 	"path/filepath"
 	"time"
 
-	"github.com/sirupsen/logrus"
+	"github.com/cloudflare/cloudflared/logger"
 )
 
 // DirectoryUploadManager is used to manage file uploads on an interval from a directory
 type DirectoryUploadManager struct {
-	logger        *logrus.Logger
+	logger        logger.Service
 	uploader      Uploader
 	rootDirectory string
 	sweepInterval time.Duration
@@ -23,7 +23,7 @@ type DirectoryUploadManager struct {
 // uploader is an Uploader to use as an actual uploading engine
 // directory is the directory to sweep for files to upload
 // sweepInterval is how often to iterate the directory and upload the files within
-func NewDirectoryUploadManager(logger *logrus.Logger, uploader Uploader, directory string, sweepInterval time.Duration, shutdownC chan struct{}) *DirectoryUploadManager {
+func NewDirectoryUploadManager(logger logger.Service, uploader Uploader, directory string, sweepInterval time.Duration, shutdownC chan struct{}) *DirectoryUploadManager {
 	workerCount := 10
 	manager := &DirectoryUploadManager{
 		logger:        logger,
@@ -97,7 +97,7 @@ func (m *DirectoryUploadManager) worker() {
 			return
 		case filepath := <-m.workQueue:
 			if err := m.Upload(filepath); err != nil {
-				m.logger.WithError(err).Error("Cannot upload file to s3 bucket")
+				m.logger.Errorf("Cannot upload file to s3 bucket: %s", err)
 			} else {
 				os.Remove(filepath)
 			}
diff --git a/awsuploader/directory_upload_manager_test.go b/awsuploader/directory_upload_manager_test.go
index 5e9e8852..67b5d94e 100644
--- a/awsuploader/directory_upload_manager_test.go
+++ b/awsuploader/directory_upload_manager_test.go
@@ -9,7 +9,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/sirupsen/logrus"
+	"github.com/cloudflare/cloudflared/logger"
 )
 
 type MockUploader struct {
@@ -49,7 +49,7 @@ func setupTestDirectory(t *testing.T) string {
 func createUploadManager(t *testing.T, shouldFailUpload bool) *DirectoryUploadManager {
 	rootDirectory := setupTestDirectory(t)
 	uploader := NewMockUploader(shouldFailUpload)
-	logger := logrus.New()
+	logger := logger.NewOutputWriter(logger.NewMockWriteManager())
 	shutdownC := make(chan struct{})
 	return NewDirectoryUploadManager(logger, uploader, rootDirectory, 1*time.Second, shutdownC)
 }
diff --git a/carrier/carrier.go b/carrier/carrier.go
index b36a0e51..1ef5a032 100644
--- a/carrier/carrier.go
+++ b/carrier/carrier.go
@@ -12,6 +12,7 @@ import (
 
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/token"
 	"github.com/cloudflare/cloudflared/h2mux"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/pkg/errors"
 )
 
@@ -129,13 +130,13 @@ func IsAccessResponse(resp *http.Response) bool {
 }
 
 // BuildAccessRequest builds an HTTP request with the Access token set
-func BuildAccessRequest(options *StartOptions) (*http.Request, error) {
+func BuildAccessRequest(options *StartOptions, logger logger.Service) (*http.Request, error) {
 	req, err := http.NewRequest(http.MethodGet, options.OriginURL, nil)
 	if err != nil {
 		return nil, err
 	}
 
-	token, err := token.FetchToken(req.URL)
+	token, err := token.FetchToken(req.URL, logger)
 	if err != nil {
 		return nil, err
 	}
diff --git a/carrier/carrier_test.go b/carrier/carrier_test.go
index 306f4980..e5b4dc6f 100644
--- a/carrier/carrier_test.go
+++ b/carrier/carrier_test.go
@@ -9,8 +9,8 @@ import (
 	"sync"
 	"testing"
 
+	"github.com/cloudflare/cloudflared/logger"
 	ws "github.com/gorilla/websocket"
-	"github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -43,7 +43,7 @@ func (s *testStreamer) Write(p []byte) (int, error) {
 
 func TestStartClient(t *testing.T) {
 	message := "Good morning Austin! Time for another sunny day in the great state of Texas."
-	logger := logrus.New()
+	logger := logger.NewOutputWriter(logger.NewMockWriteManager())
 	wsConn := NewWSConnection(logger, false)
 	ts := newTestWebSocketServer()
 	defer ts.Close()
@@ -68,7 +68,7 @@ func TestStartServer(t *testing.T) {
 		t.Fatalf("Error starting listener: %v", err)
 	}
 	message := "Good morning Austin! Time for another sunny day in the great state of Texas."
-	logger := logrus.New()
+	logger := logger.NewOutputWriter(logger.NewMockWriteManager())
 	shutdownC := make(chan struct{})
 	wsConn := NewWSConnection(logger, false)
 	ts := newTestWebSocketServer()
diff --git a/carrier/websocket.go b/carrier/websocket.go
index 3ea81d4c..e804f7bb 100644
--- a/carrier/websocket.go
+++ b/carrier/websocket.go
@@ -7,16 +7,16 @@ import (
 	"net/http"
 
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/token"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/socks"
 	cfwebsocket "github.com/cloudflare/cloudflared/websocket"
 	"github.com/gorilla/websocket"
-	"github.com/sirupsen/logrus"
 )
 
 // Websocket is used to carry data via WS binary frames over the tunnel from client to the origin
 // This implements the functions for glider proxy (sock5) and the carrier interface
 type Websocket struct {
-	logger  *logrus.Logger
+	logger  logger.Service
 	isSocks bool
 }
 
@@ -35,7 +35,7 @@ func (d *wsdialer) Dial(address string) (io.ReadWriteCloser, *socks.AddrSpec, er
 }
 
 // NewWSConnection returns a new connection object
-func NewWSConnection(logger *logrus.Logger, isSocks bool) Connection {
+func NewWSConnection(logger logger.Service, isSocks bool) Connection {
 	return &Websocket{
 		logger:  logger,
 		isSocks: isSocks,
@@ -45,9 +45,9 @@ func NewWSConnection(logger *logrus.Logger, isSocks bool) Connection {
 // ServeStream will create a Websocket client stream connection to the edge
 // it blocks and writes the raw data from conn over the tunnel
 func (ws *Websocket) ServeStream(options *StartOptions, conn io.ReadWriter) error {
-	wsConn, err := createWebsocketStream(options)
+	wsConn, err := createWebsocketStream(options, ws.logger)
 	if err != nil {
-		ws.logger.WithError(err).Errorf("failed to connect to %s", options.OriginURL)
+		ws.logger.Errorf("failed to connect to %s with error: %s", options.OriginURL, err)
 		return err
 	}
 	defer wsConn.Close()
@@ -73,7 +73,7 @@ func (ws *Websocket) StartServer(listener net.Listener, remote string, shutdownC
 // createWebsocketStream will create a WebSocket connection to stream data over
 // It also handles redirects from Access and will present that flow if
 // the token is not present on the request
-func createWebsocketStream(options *StartOptions) (*cfwebsocket.Conn, error) {
+func createWebsocketStream(options *StartOptions, logger logger.Service) (*cfwebsocket.Conn, error) {
 	req, err := http.NewRequest(http.MethodGet, options.OriginURL, nil)
 	if err != nil {
 		return nil, err
@@ -83,7 +83,7 @@ func createWebsocketStream(options *StartOptions) (*cfwebsocket.Conn, error) {
 	wsConn, resp, err := cfwebsocket.ClientConnect(req, nil)
 	defer closeRespBody(resp)
 	if err != nil && IsAccessResponse(resp) {
-		wsConn, err = createAccessAuthenticatedStream(options)
+		wsConn, err = createAccessAuthenticatedStream(options, logger)
 		if err != nil {
 			return nil, err
 		}
@@ -99,8 +99,8 @@ func createWebsocketStream(options *StartOptions) (*cfwebsocket.Conn, error) {
 // this probably means the token in storage is invalid (expired/revoked). If that
 // happens it deletes the token and runs the connection again, so the user can
 // login again and generate a new one.
-func createAccessAuthenticatedStream(options *StartOptions) (*websocket.Conn, error) {
-	wsConn, resp, err := createAccessWebSocketStream(options)
+func createAccessAuthenticatedStream(options *StartOptions, logger logger.Service) (*websocket.Conn, error) {
+	wsConn, resp, err := createAccessWebSocketStream(options, logger)
 	defer closeRespBody(resp)
 	if err == nil {
 		return wsConn, nil
@@ -118,7 +118,7 @@ func createAccessAuthenticatedStream(options *StartOptions) (*websocket.Conn, er
 	if err := token.RemoveTokenIfExists(originReq.URL); err != nil {
 		return nil, err
 	}
-	wsConn, resp, err = createAccessWebSocketStream(options)
+	wsConn, resp, err = createAccessWebSocketStream(options, logger)
 	defer closeRespBody(resp)
 	if err != nil {
 		return nil, err
@@ -128,8 +128,8 @@ func createAccessAuthenticatedStream(options *StartOptions) (*websocket.Conn, er
 }
 
 // createAccessWebSocketStream builds an Access request and makes a connection
-func createAccessWebSocketStream(options *StartOptions) (*websocket.Conn, *http.Response, error) {
-	req, err := BuildAccessRequest(options)
+func createAccessWebSocketStream(options *StartOptions, logger logger.Service) (*websocket.Conn, *http.Response, error) {
+	req, err := BuildAccessRequest(options, logger)
 	if err != nil {
 		return nil, nil, err
 	}
diff --git a/cmd/cloudflared/access/carrier.go b/cmd/cloudflared/access/carrier.go
index c258f85b..337792ab 100644
--- a/cmd/cloudflared/access/carrier.go
+++ b/cmd/cloudflared/access/carrier.go
@@ -8,22 +8,23 @@ import (
 	"github.com/cloudflare/cloudflared/carrier"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
 	"github.com/cloudflare/cloudflared/h2mux"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/validation"
 	"github.com/pkg/errors"
 	cli "gopkg.in/urfave/cli.v2"
 )
 
 // StartForwarder starts a client side websocket forward
-func StartForwarder(forwarder config.Forwarder, shutdown <-chan struct{}) error {
+func StartForwarder(forwarder config.Forwarder, shutdown <-chan struct{}, logger logger.Service) error {
 	validURLString, err := validation.ValidateUrl(forwarder.Listener)
 	if err != nil {
-		logger.WithError(err).Error("Error validating origin URL")
+		logger.Errorf("Error validating origin URL: %s", err)
 		return errors.Wrap(err, "error validating origin URL")
 	}
 
 	validURL, err := url.Parse(validURLString)
 	if err != nil {
-		logger.WithError(err).Error("Error parsing origin URL")
+		logger.Errorf("Error parsing origin URL: %s", err)
 		return errors.Wrap(err, "error parsing origin URL")
 	}
 
@@ -44,6 +45,12 @@ func StartForwarder(forwarder config.Forwarder, shutdown <-chan struct{}) error
 // useful for proxying other protocols (like ssh) over websockets
 // (which you can put Access in front of)
 func ssh(c *cli.Context) error {
+	logDirectory, logLevel := config.FindLogSettings()
+	logger, err := logger.New(logger.DefaultFile(logDirectory), logger.LogLevelString(logLevel))
+	if err != nil {
+		return errors.Wrap(err, "error setting up logger")
+	}
+
 	// get the hostname from the cmdline and error out if its not provided
 	rawHostName := c.String(sshHostnameFlag)
 	hostname, err := validation.ValidateHostname(rawHostName)
@@ -77,17 +84,21 @@ func ssh(c *cli.Context) error {
 	if c.NArg() > 0 || c.IsSet(sshURLFlag) {
 		localForwarder, err := config.ValidateUrl(c)
 		if err != nil {
-			logger.WithError(err).Error("Error validating origin URL")
+			logger.Errorf("Error validating origin URL: %s", err)
 			return errors.Wrap(err, "error validating origin URL")
 		}
 		forwarder, err := url.Parse(localForwarder)
 		if err != nil {
-			logger.WithError(err).Error("Error validating origin URL")
+			logger.Errorf("Error validating origin URL: %s", err)
 			return errors.Wrap(err, "error validating origin URL")
 		}
 
 		logger.Infof("Start Websocket listener on: %s", forwarder.Host)
-		return carrier.StartForwarder(wsConn, forwarder.Host, shutdownC, options)
+		err = carrier.StartForwarder(wsConn, forwarder.Host, shutdownC, options)
+		if err != nil {
+			logger.Errorf("Error on Websocket listener: %s", err)
+		}
+		return err
 	}
 
 	return carrier.StartClient(wsConn, &carrier.StdinoutStream{}, options)
diff --git a/cmd/cloudflared/access/cmd.go b/cmd/cloudflared/access/cmd.go
index 7f4f1abb..96359c7c 100644
--- a/cmd/cloudflared/access/cmd.go
+++ b/cmd/cloudflared/access/cmd.go
@@ -14,12 +14,12 @@ import (
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/shell"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/token"
 	"github.com/cloudflare/cloudflared/h2mux"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/sshgen"
 	"github.com/cloudflare/cloudflared/validation"
 	"github.com/pkg/errors"
 	"golang.org/x/net/idna"
 
-	"github.com/cloudflare/cloudflared/log"
 	"github.com/getsentry/raven-go"
 	"gopkg.in/urfave/cli.v2"
 )
@@ -53,7 +53,6 @@ Host cfpipe-{{.Hostname}}
 const sentryDSN = "https://56a9c9fa5c364ab28f34b14f35ea0f1b@sentry.io/189878"
 
 var (
-	logger         = log.CreateLogger()
 	shutdownC      chan struct{}
 	graceShutdownC chan struct{}
 )
@@ -195,7 +194,12 @@ func login(c *cli.Context) error {
 	if err := raven.SetDSN(sentryDSN); err != nil {
 		return err
 	}
-	logger := log.CreateLogger()
+
+	logger, err := logger.New()
+	if err != nil {
+		return errors.Wrap(err, "error setting up logger")
+	}
+
 	args := c.Args()
 	rawURL := ensureURLScheme(args.First())
 	appURL, err := url.Parse(rawURL)
@@ -203,8 +207,8 @@ func login(c *cli.Context) error {
 		logger.Errorf("Please provide the url of the Access application\n")
 		return err
 	}
-	if err := verifyTokenAtEdge(appURL, c); err != nil {
-		logger.WithError(err).Error("Could not verify token")
+	if err := verifyTokenAtEdge(appURL, c, logger); err != nil {
+		logger.Errorf("Could not verify token: %s", err)
 		return err
 	}
 
@@ -236,7 +240,11 @@ func curl(c *cli.Context) error {
 	if err := raven.SetDSN(sentryDSN); err != nil {
 		return err
 	}
-	logger := log.CreateLogger()
+	logger, err := logger.New()
+	if err != nil {
+		return errors.Wrap(err, "error setting up logger")
+	}
+
 	args := c.Args()
 	if args.Len() < 1 {
 		logger.Error("Please provide the access app and command you wish to run.")
@@ -244,7 +252,7 @@ func curl(c *cli.Context) error {
 	}
 
 	cmdArgs, allowRequest := parseAllowRequest(args.Slice())
-	appURL, err := getAppURL(cmdArgs)
+	appURL, err := getAppURL(cmdArgs, logger)
 	if err != nil {
 		return err
 	}
@@ -252,12 +260,12 @@ func curl(c *cli.Context) error {
 	tok, err := token.GetTokenIfExists(appURL)
 	if err != nil || tok == "" {
 		if allowRequest {
-			logger.Warn("You don't have an Access token set. Please run access token <access application> to fetch one.")
+			logger.Info("You don't have an Access token set. Please run access token <access application> to fetch one.")
 			return shell.Run("curl", cmdArgs...)
 		}
-		tok, err = token.FetchToken(appURL)
+		tok, err = token.FetchToken(appURL, logger)
 		if err != nil {
-			logger.Error("Failed to refresh token: ", err)
+			logger.Errorf("Failed to refresh token: %s", err)
 			return err
 		}
 	}
@@ -311,6 +319,11 @@ func sshConfig(c *cli.Context) error {
 
 // sshGen generates a short lived certificate for provided hostname
 func sshGen(c *cli.Context) error {
+	logger, err := logger.New()
+	if err != nil {
+		return errors.Wrap(err, "error setting up logger")
+	}
+
 	// get the hostname from the cmdline and error out if its not provided
 	rawHostName := c.String(sshHostnameFlag)
 	hostname, err := validation.ValidateHostname(rawHostName)
@@ -326,7 +339,7 @@ func sshGen(c *cli.Context) error {
 	// this fetchToken function mutates the appURL param. We should refactor that
 	fetchTokenURL := &url.URL{}
 	*fetchTokenURL = *originURL
-	cfdToken, err := token.FetchToken(fetchTokenURL)
+	cfdToken, err := token.FetchToken(fetchTokenURL, logger)
 	if err != nil {
 		return err
 	}
@@ -339,7 +352,7 @@ func sshGen(c *cli.Context) error {
 }
 
 // getAppURL will pull the appURL needed for fetching a user's Access token
-func getAppURL(cmdArgs []string) (*url.URL, error) {
+func getAppURL(cmdArgs []string, logger logger.Service) (*url.URL, error) {
 	if len(cmdArgs) < 1 {
 		logger.Error("Please provide a valid URL as the first argument to curl.")
 		return nil, errors.New("not a valid url")
@@ -413,7 +426,7 @@ func isFileThere(candidate string) bool {
 // verifyTokenAtEdge checks for a token on disk, or generates a new one.
 // Then makes a request to to the origin with the token to ensure it is valid.
 // Returns nil if token is valid.
-func verifyTokenAtEdge(appUrl *url.URL, c *cli.Context) error {
+func verifyTokenAtEdge(appUrl *url.URL, c *cli.Context, logger logger.Service) error {
 	headers := buildRequestHeaders(c.StringSlice(sshHeaderFlag))
 	if c.IsSet(sshTokenIDFlag) {
 		headers.Add(h2mux.CFAccessClientIDHeader, c.String(sshTokenIDFlag))
@@ -423,7 +436,7 @@ func verifyTokenAtEdge(appUrl *url.URL, c *cli.Context) error {
 	}
 	options := &carrier.StartOptions{OriginURL: appUrl.String(), Headers: headers}
 
-	if valid, err := isTokenValid(options); err != nil {
+	if valid, err := isTokenValid(options, logger); err != nil {
 		return err
 	} else if valid {
 		return nil
@@ -433,7 +446,7 @@ func verifyTokenAtEdge(appUrl *url.URL, c *cli.Context) error {
 		return err
 	}
 
-	if valid, err := isTokenValid(options); err != nil {
+	if valid, err := isTokenValid(options, logger); err != nil {
 		return err
 	} else if !valid {
 		return errors.New("failed to verify token")
@@ -443,8 +456,8 @@ func verifyTokenAtEdge(appUrl *url.URL, c *cli.Context) error {
 }
 
 // isTokenValid makes a request to the origin and returns true if the response was not a 302.
-func isTokenValid(options *carrier.StartOptions) (bool, error) {
-	req, err := carrier.BuildAccessRequest(options)
+func isTokenValid(options *carrier.StartOptions, logger logger.Service) (bool, error) {
+	req, err := carrier.BuildAccessRequest(options, logger)
 	if err != nil {
 		return false, errors.Wrap(err, "Could not create access request")
 	}
diff --git a/cmd/cloudflared/app_forward_service.go b/cmd/cloudflared/app_forward_service.go
index 4c8446e2..f815b5c7 100644
--- a/cmd/cloudflared/app_forward_service.go
+++ b/cmd/cloudflared/app_forward_service.go
@@ -3,6 +3,7 @@ package main
 import (
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/access"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/logger"
 )
 
 // ForwardServiceType is used to identify what kind of overwatch service this is
@@ -14,11 +15,12 @@ const ForwardServiceType = "forward"
 type ForwarderService struct {
 	forwarder config.Forwarder
 	shutdown  chan struct{}
+	logger    logger.Service
 }
 
 // NewForwardService creates a new forwarder service
-func NewForwardService(f config.Forwarder) *ForwarderService {
-	return &ForwarderService{forwarder: f, shutdown: make(chan struct{}, 1)}
+func NewForwardService(f config.Forwarder, logger logger.Service) *ForwarderService {
+	return &ForwarderService{forwarder: f, shutdown: make(chan struct{}, 1), logger: logger}
 }
 
 // Name is used to figure out this service is related to the others (normally the addr it binds to)
@@ -44,5 +46,5 @@ func (s *ForwarderService) Shutdown() {
 
 // Run is the run loop that is started by the overwatch service
 func (s *ForwarderService) Run() error {
-	return access.StartForwarder(s.forwarder, s.shutdown)
+	return access.StartForwarder(s.forwarder, s.shutdown, s.logger)
 }
diff --git a/cmd/cloudflared/app_resolver_service.go b/cmd/cloudflared/app_resolver_service.go
index f98ca4c8..1ba19f17 100644
--- a/cmd/cloudflared/app_resolver_service.go
+++ b/cmd/cloudflared/app_resolver_service.go
@@ -2,8 +2,8 @@ package main
 
 import (
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/tunneldns"
-	"github.com/sirupsen/logrus"
 )
 
 // ResolverServiceType is used to identify what kind of overwatch service this is
@@ -15,11 +15,11 @@ const ResolverServiceType = "resolver"
 type ResolverService struct {
 	resolver config.DNSResolver
 	shutdown chan struct{}
-	logger   *logrus.Logger
+	logger   logger.Service
 }
 
 // NewResolverService creates a new resolver service
-func NewResolverService(r config.DNSResolver, logger *logrus.Logger) *ResolverService {
+func NewResolverService(r config.DNSResolver, logger logger.Service) *ResolverService {
 	return &ResolverService{resolver: r,
 		shutdown: make(chan struct{}),
 		logger:   logger,
@@ -51,7 +51,7 @@ func (s *ResolverService) Shutdown() {
 func (s *ResolverService) Run() error {
 	// create a listener
 	l, err := tunneldns.CreateListener(s.resolver.AddressOrDefault(), s.resolver.PortOrDefault(),
-		s.resolver.UpstreamsOrDefault(), s.resolver.BootstrapsOrDefault())
+		s.resolver.UpstreamsOrDefault(), s.resolver.BootstrapsOrDefault(), s.logger)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/cloudflared/app_service.go b/cmd/cloudflared/app_service.go
index 9407d6e2..d2c0b0c3 100644
--- a/cmd/cloudflared/app_service.go
+++ b/cmd/cloudflared/app_service.go
@@ -2,8 +2,8 @@ package main
 
 import (
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/overwatch"
-	"github.com/sirupsen/logrus"
 )
 
 // AppService is the main service that runs when no command lines flags are passed to cloudflared
@@ -13,11 +13,11 @@ type AppService struct {
 	serviceManager   overwatch.Manager
 	shutdownC        chan struct{}
 	configUpdateChan chan config.Root
-	logger           *logrus.Logger
+	logger           logger.Service
 }
 
 // NewAppService creates a new AppService with needed supporting services
-func NewAppService(configManager config.Manager, serviceManager overwatch.Manager, shutdownC chan struct{}, logger *logrus.Logger) *AppService {
+func NewAppService(configManager config.Manager, serviceManager overwatch.Manager, shutdownC chan struct{}, logger logger.Service) *AppService {
 	return &AppService{
 		configManager:    configManager,
 		serviceManager:   serviceManager,
@@ -66,7 +66,7 @@ func (s *AppService) handleConfigUpdate(c config.Root) {
 	// handle the client forward listeners
 	activeServices := map[string]struct{}{}
 	for _, f := range c.Forwarders {
-		service := NewForwardService(f)
+		service := NewForwardService(f, s.logger)
 		s.serviceManager.Add(service)
 		activeServices[service.Name()] = struct{}{}
 	}
diff --git a/cmd/cloudflared/buildinfo/build_info.go b/cmd/cloudflared/buildinfo/build_info.go
index 80481716..aedface1 100644
--- a/cmd/cloudflared/buildinfo/build_info.go
+++ b/cmd/cloudflared/buildinfo/build_info.go
@@ -3,7 +3,7 @@ package buildinfo
 import (
 	"runtime"
 
-	"github.com/sirupsen/logrus"
+	"github.com/cloudflare/cloudflared/logger"
 )
 
 type BuildInfo struct {
@@ -22,7 +22,7 @@ func GetBuildInfo(cloudflaredVersion string) *BuildInfo {
 	}
 }
 
-func (bi *BuildInfo) Log(logger *logrus.Logger) {
+func (bi *BuildInfo) Log(logger logger.Service) {
 	logger.Infof("Version %s", bi.CloudflaredVersion)
 	logger.Infof("GOOS: %s, GOVersion: %s, GoArch: %s", bi.GoOS, bi.GoVersion, bi.GoArch)
 }
diff --git a/cmd/cloudflared/config/configuration.go b/cmd/cloudflared/config/configuration.go
index cb497dc2..9512782f 100644
--- a/cmd/cloudflared/config/configuration.go
+++ b/cmd/cloudflared/config/configuration.go
@@ -9,6 +9,7 @@ import (
 	homedir "github.com/mitchellh/go-homedir"
 	"gopkg.in/urfave/cli.v2"
 	"gopkg.in/urfave/cli.v2/altsrc"
+	"gopkg.in/yaml.v2"
 )
 
 var (
@@ -63,6 +64,35 @@ func FindDefaultConfigPath() string {
 	return ""
 }
 
+// FindLogSettings gets the log directory and level from the config file
+func FindLogSettings() (string, string) {
+	configPath := FindDefaultConfigPath()
+	defaultDirectory := filepath.Dir(configPath)
+	defaultLevel := "info"
+
+	file, err := os.Open(configPath)
+	if err != nil {
+		return defaultDirectory, defaultLevel
+	}
+	defer file.Close()
+
+	var config Root
+	if err := yaml.NewDecoder(file).Decode(&config); err != nil {
+		return defaultDirectory, defaultLevel
+	}
+
+	directory := defaultDirectory
+	if config.LogDirectory != "" {
+		directory = config.LogDirectory
+	}
+
+	level := defaultLevel
+	if config.LogLevel != "" {
+		level = config.LogLevel
+	}
+	return directory, level
+}
+
 // ValidateUnixSocket ensures --unix-socket param is used exclusively
 // i.e. it fails if a user specifies both --url and --unix-socket
 func ValidateUnixSocket(c *cli.Context) (string, error) {
diff --git a/cmd/cloudflared/config/manager.go b/cmd/cloudflared/config/manager.go
index 8723b70d..a286ab48 100644
--- a/cmd/cloudflared/config/manager.go
+++ b/cmd/cloudflared/config/manager.go
@@ -4,9 +4,8 @@ import (
 	"errors"
 	"os"
 
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/watcher"
-
-	"github.com/sirupsen/logrus"
 	"gopkg.in/yaml.v2"
 )
 
@@ -27,12 +26,12 @@ type FileManager struct {
 	watcher    watcher.Notifier
 	notifier   Notifier
 	configPath string
-	logger     *logrus.Logger
+	logger     logger.Service
 	ReadConfig func(string) (Root, error)
 }
 
 // NewFileManager creates a config manager
-func NewFileManager(watcher watcher.Notifier, configPath string, logger *logrus.Logger) (*FileManager, error) {
+func NewFileManager(watcher watcher.Notifier, configPath string, logger logger.Service) (*FileManager, error) {
 	m := &FileManager{
 		watcher:    watcher,
 		configPath: configPath,
@@ -94,7 +93,7 @@ func readConfigFromPath(configPath string) (Root, error) {
 func (m *FileManager) WatcherItemDidChange(filepath string) {
 	config, err := m.GetConfig()
 	if err != nil {
-		m.logger.WithError(err).Error("Failed to read new config")
+		m.logger.Errorf("Failed to read new config: %s", err)
 		return
 	}
 	m.logger.Info("Config file has been updated")
@@ -103,5 +102,5 @@ func (m *FileManager) WatcherItemDidChange(filepath string) {
 
 // WatcherDidError notifies of errors with the file watcher
 func (m *FileManager) WatcherDidError(err error) {
-	m.logger.WithError(err).Error("Config watcher encountered an error")
+	m.logger.Errorf("Config watcher encountered an error: %s", err)
 }
diff --git a/cmd/cloudflared/config/manager_test.go b/cmd/cloudflared/config/manager_test.go
index 419976aa..d64675af 100644
--- a/cmd/cloudflared/config/manager_test.go
+++ b/cmd/cloudflared/config/manager_test.go
@@ -4,7 +4,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/cloudflare/cloudflared/log"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/watcher"
 	"github.com/stretchr/testify/assert"
 )
@@ -65,7 +65,8 @@ func TestConfigChanged(t *testing.T) {
 	wait := make(chan struct{})
 	w := &mockFileWatcher{path: filePath, ready: wait}
 
-	logger := log.CreateLogger()
+	logger := logger.NewOutputWriter(logger.NewMockWriteManager())
+
 	service, err := NewFileManager(w, filePath, logger)
 	service.ReadConfig = configRead
 	assert.NoError(t, err)
diff --git a/cmd/cloudflared/config/model.go b/cmd/cloudflared/config/model.go
index 95d266e8..015afef9 100644
--- a/cmd/cloudflared/config/model.go
+++ b/cmd/cloudflared/config/model.go
@@ -23,20 +23,22 @@ type Tunnel struct {
 // DNSResolver represents a client side DNS resolver
 type DNSResolver struct {
 	Enabled    bool     `json:"enabled"`
-	Address    string   `json:"address"`
-	Port       uint16   `json:"port"`
-	Upstreams  []string `json:"upstreams"`
-	Bootstraps []string `json:"bootstraps"`
+	Address    string   `json:"address,omitempty"`
+	Port       uint16   `json:"port,omitempty"`
+	Upstreams  []string `json:"upstreams,omitempty"`
+	Bootstraps []string `json:"bootstraps,omitempty"`
 }
 
 // Root is the base options to configure the service
 type Root struct {
-	OrgKey          string      `json:"org_key"`
+	OrgKey          string      `json:"org_key" yaml:"orgKey"`
 	ConfigType      string      `json:"type"`
-	CheckinInterval int         `json:"checkin_interval"`
+	LogDirectory    string      `json:"log_directory" yaml:"logDirectory,omitempty"`
+	LogLevel        string      `json:"log_level" yaml:"logLevel"`
+	CheckinInterval int         `json:"checkin_interval" yaml:"checkinInterval"`
 	Forwarders      []Forwarder `json:"forwarders,omitempty"`
 	Tunnels         []Tunnel    `json:"tunnels,omitempty"`
-	Resolver        DNSResolver `json:"resolver"`
+	Resolver        DNSResolver `json:"resolver,omitempty"`
 }
 
 // Hash returns the computed values to see if the forwarder values change
diff --git a/cmd/cloudflared/linux_service.go b/cmd/cloudflared/linux_service.go
index 62559bf4..43d4ca83 100644
--- a/cmd/cloudflared/linux_service.go
+++ b/cmd/cloudflared/linux_service.go
@@ -8,6 +8,8 @@ import (
 	"path/filepath"
 
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/logger"
+	"github.com/pkg/errors"
 	cli "gopkg.in/urfave/cli.v2"
 )
 
@@ -178,7 +180,7 @@ func isSystemd() bool {
 	return false
 }
 
-func copyUserConfiguration(userConfigDir, userConfigFile, userCredentialFile string) error {
+func copyUserConfiguration(userConfigDir, userConfigFile, userCredentialFile string, logger logger.Service) error {
 	if err := ensureConfigDirExists(serviceConfigDir); err != nil {
 		return err
 	}
@@ -192,10 +194,16 @@ func copyUserConfiguration(userConfigDir, userConfigFile, userCredentialFile str
 	if err := copyConfig(srcConfigPath, destConfigPath); err != nil {
 		return err
 	}
+	logger.Infof("Copied %s to %s", srcConfigPath, destConfigPath)
 	return nil
 }
 
 func installLinuxService(c *cli.Context) error {
+	logger, err := logger.New()
+	if err != nil {
+		return errors.Wrap(err, "error setting up logger")
+	}
+
 	etPath, err := os.Executable()
 	if err != nil {
 		return fmt.Errorf("error determining executable path: %v", err)
@@ -205,8 +213,8 @@ func installLinuxService(c *cli.Context) error {
 	userConfigDir := filepath.Dir(c.String("config"))
 	userConfigFile := filepath.Base(c.String("config"))
 	userCredentialFile := config.DefaultCredentialFile
-	if err = copyUserConfiguration(userConfigDir, userConfigFile, userCredentialFile); err != nil {
-		logger.WithError(err).Infof("Failed to copy user configuration. Before running the service, ensure that %s contains two files, %s and %s",
+	if err = copyUserConfiguration(userConfigDir, userConfigFile, userCredentialFile, logger); err != nil {
+		logger.Errorf("Failed to copy user configuration: %s. Before running the service, ensure that %s contains two files, %s and %s", err,
 			serviceConfigDir, serviceCredentialFile, serviceConfigFile)
 		return err
 	}
@@ -214,41 +222,41 @@ func installLinuxService(c *cli.Context) error {
 	switch {
 	case isSystemd():
 		logger.Infof("Using Systemd")
-		return installSystemd(&templateArgs)
+		return installSystemd(&templateArgs, logger)
 	default:
 		logger.Infof("Using Sysv")
-		return installSysv(&templateArgs)
+		return installSysv(&templateArgs, logger)
 	}
 }
 
-func installSystemd(templateArgs *ServiceTemplateArgs) error {
+func installSystemd(templateArgs *ServiceTemplateArgs, logger logger.Service) error {
 	for _, serviceTemplate := range systemdTemplates {
 		err := serviceTemplate.Generate(templateArgs)
 		if err != nil {
-			logger.WithError(err).Infof("error generating service template")
+			logger.Errorf("error generating service template: %s", err)
 			return err
 		}
 	}
 	if err := runCommand("systemctl", "enable", "cloudflared.service"); err != nil {
-		logger.WithError(err).Infof("systemctl enable cloudflared.service error")
+		logger.Errorf("systemctl enable cloudflared.service error: %s", err)
 		return err
 	}
 	if err := runCommand("systemctl", "start", "cloudflared-update.timer"); err != nil {
-		logger.WithError(err).Infof("systemctl start cloudflared-update.timer error")
+		logger.Errorf("systemctl start cloudflared-update.timer error: %s", err)
 		return err
 	}
 	logger.Infof("systemctl daemon-reload")
 	return runCommand("systemctl", "daemon-reload")
 }
 
-func installSysv(templateArgs *ServiceTemplateArgs) error {
+func installSysv(templateArgs *ServiceTemplateArgs, logger logger.Service) error {
 	confPath, err := sysvTemplate.ResolvePath()
 	if err != nil {
-		logger.WithError(err).Infof("error resolving system path")
+		logger.Errorf("error resolving system path: %s", err)
 		return err
 	}
 	if err := sysvTemplate.Generate(templateArgs); err != nil {
-		logger.WithError(err).Infof("error generating system template")
+		logger.Errorf("error generating system template: %s", err)
 		return err
 	}
 	for _, i := range [...]string{"2", "3", "4", "5"} {
@@ -265,28 +273,33 @@ func installSysv(templateArgs *ServiceTemplateArgs) error {
 }
 
 func uninstallLinuxService(c *cli.Context) error {
+	logger, err := logger.New()
+	if err != nil {
+		return errors.Wrap(err, "error setting up logger")
+	}
+
 	switch {
 	case isSystemd():
 		logger.Infof("Using Systemd")
-		return uninstallSystemd()
+		return uninstallSystemd(logger)
 	default:
 		logger.Infof("Using Sysv")
-		return uninstallSysv()
+		return uninstallSysv(logger)
 	}
 }
 
-func uninstallSystemd() error {
+func uninstallSystemd(logger logger.Service) error {
 	if err := runCommand("systemctl", "disable", "cloudflared.service"); err != nil {
-		logger.WithError(err).Infof("systemctl disable cloudflared.service error")
+		logger.Errorf("systemctl disable cloudflared.service error: %s", err)
 		return err
 	}
 	if err := runCommand("systemctl", "stop", "cloudflared-update.timer"); err != nil {
-		logger.WithError(err).Infof("systemctl stop cloudflared-update.timer error")
+		logger.Errorf("systemctl stop cloudflared-update.timer error: %s", err)
 		return err
 	}
 	for _, serviceTemplate := range systemdTemplates {
 		if err := serviceTemplate.Remove(); err != nil {
-			logger.WithError(err).Infof("error removing service template")
+			logger.Errorf("error removing service template: %s", err)
 			return err
 		}
 	}
@@ -294,9 +307,9 @@ func uninstallSystemd() error {
 	return nil
 }
 
-func uninstallSysv() error {
+func uninstallSysv(logger logger.Service) error {
 	if err := sysvTemplate.Remove(); err != nil {
-		logger.WithError(err).Infof("error removing service template")
+		logger.Errorf("error removing service template: %s", err)
 		return err
 	}
 	for _, i := range [...]string{"2", "3", "4", "5"} {
diff --git a/cmd/cloudflared/macos_service.go b/cmd/cloudflared/macos_service.go
index 9ec162fa..2c280dfa 100644
--- a/cmd/cloudflared/macos_service.go
+++ b/cmd/cloudflared/macos_service.go
@@ -8,6 +8,7 @@ import (
 
 	"gopkg.in/urfave/cli.v2"
 
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/pkg/errors"
 )
 
@@ -105,6 +106,11 @@ func stderrPath() (string, error) {
 }
 
 func installLaunchd(c *cli.Context) error {
+	logger, err := logger.New()
+	if err != nil {
+		return errors.Wrap(err, "error setting up logger")
+	}
+
 	if isRootUser() {
 		logger.Infof("Installing Argo Tunnel client as a system launch daemon. " +
 			"Argo Tunnel client will run at boot")
@@ -116,35 +122,38 @@ func installLaunchd(c *cli.Context) error {
 	}
 	etPath, err := os.Executable()
 	if err != nil {
-		logger.WithError(err).Errorf("Error determining executable path")
+		logger.Errorf("Error determining executable path: %s", err)
 		return fmt.Errorf("Error determining executable path: %v", err)
 	}
 	installPath, err := installPath()
 	if err != nil {
+		logger.Errorf("Error determining install path: %s", err)
 		return errors.Wrap(err, "Error determining install path")
 	}
 	stdoutPath, err := stdoutPath()
 	if err != nil {
+		logger.Errorf("error determining stdout path: %s", err)
 		return errors.Wrap(err, "error determining stdout path")
 	}
 	stderrPath, err := stderrPath()
 	if err != nil {
+		logger.Errorf("error determining stderr path: %s", err)
 		return errors.Wrap(err, "error determining stderr path")
 	}
 	launchdTemplate := newLaunchdTemplate(installPath, stdoutPath, stderrPath)
 	if err != nil {
-		logger.WithError(err).Errorf("error creating launchd template")
+		logger.Errorf("error creating launchd template: %s", err)
 		return errors.Wrap(err, "error creating launchd template")
 	}
 	templateArgs := ServiceTemplateArgs{Path: etPath}
 	err = launchdTemplate.Generate(&templateArgs)
 	if err != nil {
-		logger.WithError(err).Errorf("error generating launchd template")
+		logger.Errorf("error generating launchd template: %s", err)
 		return err
 	}
 	plistPath, err := launchdTemplate.ResolvePath()
 	if err != nil {
-		logger.WithError(err).Infof("error resolving launchd template path")
+		logger.Errorf("error resolving launchd template path: %s", err)
 		return err
 	}
 
@@ -153,6 +162,11 @@ func installLaunchd(c *cli.Context) error {
 }
 
 func uninstallLaunchd(c *cli.Context) error {
+	logger, err := logger.New()
+	if err != nil {
+		return errors.Wrap(err, "error setting up logger")
+	}
+
 	if isRootUser() {
 		logger.Infof("Uninstalling Argo Tunnel as a system launch daemon")
 	} else {
@@ -176,12 +190,12 @@ func uninstallLaunchd(c *cli.Context) error {
 	}
 	plistPath, err := launchdTemplate.ResolvePath()
 	if err != nil {
-		logger.WithError(err).Infof("error resolving launchd template path")
+		logger.Errorf("error resolving launchd template path: %s", err)
 		return err
 	}
 	err = runCommand("launchctl", "unload", plistPath)
 	if err != nil {
-		logger.WithError(err).Infof("error unloading")
+		logger.Errorf("error unloading: %s", err)
 		return err
 	}
 
diff --git a/cmd/cloudflared/main.go b/cmd/cloudflared/main.go
index 97687984..20fd0743 100644
--- a/cmd/cloudflared/main.go
+++ b/cmd/cloudflared/main.go
@@ -9,7 +9,7 @@ import (
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/tunnel"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/updater"
-	"github.com/cloudflare/cloudflared/log"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/metrics"
 	"github.com/cloudflare/cloudflared/overwatch"
 	"github.com/cloudflare/cloudflared/watcher"
@@ -28,7 +28,6 @@ const (
 var (
 	Version   = "DEV"
 	BuildTime = "unknown"
-	logger    = log.CreateLogger()
 	// Mostly network errors that we don't want reported back to Sentry, this is done by substring match.
 	ignoredErrors = []string{
 		"connection reset by peer",
@@ -148,7 +147,6 @@ func userHomeDir() (string, error) {
 	// use with sudo.
 	homeDir, err := homedir.Dir()
 	if err != nil {
-		logger.WithError(err).Error("Cannot determine home directory for the user")
 		return "", errors.Wrap(err, "Cannot determine home directory for the user")
 	}
 	return homeDir, nil
@@ -167,17 +165,25 @@ func handleError(err error) {
 
 // cloudflared was started without any flags
 func handleServiceMode(shutdownC chan struct{}) error {
+	logDirectory, logLevel := config.FindLogSettings()
+
+	logger, err := logger.New(logger.DefaultFile(logDirectory), logger.LogLevelString(logLevel))
+	if err != nil {
+		return errors.Wrap(err, "error setting up logger")
+	}
+	logger.Infof("logging to directory: %s", logDirectory)
+
 	// start the main run loop that reads from the config file
 	f, err := watcher.NewFile()
 	if err != nil {
-		logger.WithError(err).Error("Cannot load config file")
+		logger.Errorf("Cannot load config file: %s", err)
 		return err
 	}
 
 	configPath := config.FindDefaultConfigPath()
 	configManager, err := config.NewFileManager(f, configPath, logger)
 	if err != nil {
-		logger.WithError(err).Error("Cannot setup config file for monitoring")
+		logger.Errorf("Cannot setup config file for monitoring: %s", err)
 		return err
 	}
 
@@ -185,7 +191,7 @@ func handleServiceMode(shutdownC chan struct{}) error {
 
 	appService := NewAppService(configManager, serviceManager, shutdownC, logger)
 	if err := appService.Run(); err != nil {
-		logger.WithError(err).Error("Failed to start app service")
+		logger.Errorf("Failed to start app service: %s", err)
 		return err
 	}
 	return nil
diff --git a/cmd/cloudflared/service_template.go b/cmd/cloudflared/service_template.go
index 13d56b75..5d997f82 100644
--- a/cmd/cloudflared/service_template.go
+++ b/cmd/cloudflared/service_template.go
@@ -73,21 +73,16 @@ func runCommand(command string, args ...string) error {
 	cmd := exec.Command(command, args...)
 	stderr, err := cmd.StderrPipe()
 	if err != nil {
-		logger.WithError(err).Infof("error getting stderr pipe")
 		return fmt.Errorf("error getting stderr pipe: %v", err)
 	}
 	err = cmd.Start()
 	if err != nil {
-		logger.WithError(err).Infof("error starting %s", command)
 		return fmt.Errorf("error starting %s: %v", command, err)
 	}
-	commandErr, _ := ioutil.ReadAll(stderr)
-	if len(commandErr) > 0 {
-		logger.Errorf("%s: %s", command, commandErr)
-	}
+
+	ioutil.ReadAll(stderr)
 	err = cmd.Wait()
 	if err != nil {
-		logger.WithError(err).Infof("%s returned error", command)
 		return fmt.Errorf("%s returned with error: %v", command, err)
 	}
 	return nil
@@ -148,8 +143,7 @@ func copyConfig(srcConfigPath, destConfigPath string) error {
 	// Copy or create config
 	destFile, exists, err := openFile(destConfigPath, true)
 	if err != nil {
-		logger.WithError(err).Infof("cannot open %s", destConfigPath)
-		return err
+		return fmt.Errorf("cannot open %s with error: %s", destConfigPath, err)
 	} else if exists {
 		// config already exists, do nothing
 		return nil
@@ -173,7 +167,6 @@ func copyConfig(srcConfigPath, destConfigPath string) error {
 		if err != nil {
 			return fmt.Errorf("unable to copy %s to %s: %v", srcConfigPath, destConfigPath, err)
 		}
-		logger.Infof("Copied %s to %s", srcConfigPath, destConfigPath)
 	}
 
 	return nil
diff --git a/cmd/cloudflared/token/token.go b/cmd/cloudflared/token/token.go
index e28b1fd6..433187b2 100644
--- a/cmd/cloudflared/token/token.go
+++ b/cmd/cloudflared/token/token.go
@@ -14,7 +14,7 @@ import (
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/path"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/transfer"
-	"github.com/cloudflare/cloudflared/log"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/origin"
 	"github.com/coreos/go-oidc/jose"
 )
@@ -23,8 +23,6 @@ const (
 	keyName = "token"
 )
 
-var logger = log.CreateLogger()
-
 type lock struct {
 	lockFilePath string
 	backoff      *origin.BackoffHandler
@@ -130,7 +128,7 @@ func isTokenLocked(lockFilePath string) bool {
 }
 
 // FetchToken will either load a stored token or generate a new one
-func FetchToken(appURL *url.URL) (string, error) {
+func FetchToken(appURL *url.URL, logger logger.Service) (string, error) {
 	if token, err := GetTokenIfExists(appURL); token != "" && err == nil {
 		return token, nil
 	}
@@ -156,7 +154,7 @@ func FetchToken(appURL *url.URL) (string, error) {
 	// this weird parameter is the resource name (token) and the key/value
 	// we want to send to the transfer service. the key is token and the value
 	// is blank (basically just the id generated in the transfer service)
-	token, err := transfer.Run(appURL, keyName, keyName, "", path, true)
+	token, err := transfer.Run(appURL, keyName, keyName, "", path, true, logger)
 	if err != nil {
 		return "", err
 	}
diff --git a/cmd/cloudflared/transfer/transfer.go b/cmd/cloudflared/transfer/transfer.go
index dbe5536a..24cfa745 100644
--- a/cmd/cloudflared/transfer/transfer.go
+++ b/cmd/cloudflared/transfer/transfer.go
@@ -14,7 +14,7 @@ import (
 
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/encrypter"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/shell"
-	"github.com/cloudflare/cloudflared/log"
+	"github.com/cloudflare/cloudflared/logger"
 )
 
 const (
@@ -22,15 +22,13 @@ const (
 	clientTimeout = time.Second * 60
 )
 
-var logger = log.CreateLogger()
-
 // Run does the transfer "dance" with the end result downloading the supported resource.
 // The expanded description is run is encapsulation of shared business logic needed
 // to request a resource (token/cert/etc) from the transfer service (loginhelper).
 // The "dance" we refer to is building a HTTP request, opening that in a browser waiting for
 // the user to complete an action, while it long polls in the background waiting for an
 // action to be completed to download the resource.
-func Run(transferURL *url.URL, resourceName, key, value, path string, shouldEncrypt bool) ([]byte, error) {
+func Run(transferURL *url.URL, resourceName, key, value, path string, shouldEncrypt bool, logger logger.Service) ([]byte, error) {
 	encrypterClient, err := encrypter.New("cloudflared_priv.pem", "cloudflared_pub.pem")
 	if err != nil {
 		return nil, err
@@ -51,7 +49,7 @@ func Run(transferURL *url.URL, resourceName, key, value, path string, shouldEncr
 	var resourceData []byte
 
 	if shouldEncrypt {
-		buf, key, err := transferRequest(baseStoreURL + "transfer/" + encrypterClient.PublicKey())
+		buf, key, err := transferRequest(baseStoreURL+"transfer/"+encrypterClient.PublicKey(), logger)
 		if err != nil {
 			return nil, err
 		}
@@ -67,7 +65,7 @@ func Run(transferURL *url.URL, resourceName, key, value, path string, shouldEncr
 
 		resourceData = decrypted
 	} else {
-		buf, _, err := transferRequest(baseStoreURL + encrypterClient.PublicKey())
+		buf, _, err := transferRequest(baseStoreURL+encrypterClient.PublicKey(), logger)
 		if err != nil {
 			return nil, err
 		}
@@ -99,17 +97,17 @@ func buildRequestURL(baseURL *url.URL, key, value string, cli bool) (string, err
 }
 
 // transferRequest downloads the requested resource from the request URL
-func transferRequest(requestURL string) ([]byte, string, error) {
+func transferRequest(requestURL string, logger logger.Service) ([]byte, string, error) {
 	client := &http.Client{Timeout: clientTimeout}
 	const pollAttempts = 10
 	// we do "long polling" on the endpoint to get the resource.
 	for i := 0; i < pollAttempts; i++ {
-		buf, key, err := poll(client, requestURL)
+		buf, key, err := poll(client, requestURL, logger)
 		if err != nil {
 			return nil, "", err
 		} else if len(buf) > 0 {
 			if err := putSuccess(client, requestURL); err != nil {
-				logger.WithError(err).Error("Failed to update resource success")
+				logger.Errorf("Failed to update resource success: %s", err)
 			}
 			return buf, key, nil
 		}
@@ -118,7 +116,7 @@ func transferRequest(requestURL string) ([]byte, string, error) {
 }
 
 // poll the endpoint for the request resource, waiting for the user interaction
-func poll(client *http.Client, requestURL string) ([]byte, string, error) {
+func poll(client *http.Client, requestURL string, logger logger.Service) ([]byte, string, error) {
 	resp, err := client.Get(requestURL)
 	if err != nil {
 		return nil, "", err
diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index 5a9bdb85..898b034c 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -25,6 +25,7 @@ import (
 	"github.com/cloudflare/cloudflared/dbconnect"
 	"github.com/cloudflare/cloudflared/h2mux"
 	"github.com/cloudflare/cloudflared/hello"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/metrics"
 	"github.com/cloudflare/cloudflared/origin"
 	"github.com/cloudflare/cloudflared/signal"
@@ -93,6 +94,9 @@ const (
 	bastionFlag = "bastion"
 
 	noIntentMsg = "The --intent argument is required. Cloudflared looks up an Intent to determine what configuration to use (i.e. which tunnels to start). If you don't have any Intents yet, you can use a placeholder Intent Label for now. Then, when you make an Intent with that label, cloudflared will get notified and open the tunnels you specified in that Intent."
+
+	debugLevelWarning = "At debug level, request URL, method, protocol, content legnth and header will be logged. " +
+		"Response status, content length and header will also be logged in debug level."
 )
 
 var (
@@ -212,7 +216,28 @@ func Init(v string, s, g chan struct{}) {
 	version, shutdownC, graceShutdownC = v, s, g
 }
 
+func createLogger(c *cli.Context, isTransport bool) (logger.Service, error) {
+	loggerOpts := []logger.Option{}
+	logPath := c.String("logfile")
+	if logPath != "" {
+		loggerOpts = append(loggerOpts, logger.DefaultFile(logPath))
+	}
+
+	logLevel := c.String("loglevel")
+	if isTransport {
+		logLevel = c.String("transport-loglevel")
+	}
+	loggerOpts = append(loggerOpts, logger.LogLevelString(logLevel))
+
+	return logger.New(loggerOpts...)
+}
+
 func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan struct{}) error {
+	logger, err := createLogger(c, false)
+	if err != nil {
+		return errors.Wrap(err, "error setting up logger")
+	}
+
 	_ = raven.SetDSN(sentryDSN)
 	var wg sync.WaitGroup
 	listeners := gracenet.Net{}
@@ -221,64 +246,45 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 	dnsReadySignal := make(chan struct{})
 
 	if c.String("config") == "" {
-		logger.Warnf("Cannot determine default configuration path. No file %v in %v", config.DefaultConfigFiles, config.DefaultConfigDirs)
-	}
-
-	if err := configMainLogger(c); err != nil {
-		return errors.Wrap(err, "Error configuring logger")
-	}
-
-	transportLogger, err := configTransportLogger(c)
-	if err != nil {
-		return errors.Wrap(err, "Error configuring transport logger")
+		logger.Infof("Cannot determine default configuration path. No file %v in %v", config.DefaultConfigFiles, config.DefaultConfigDirs)
 	}
 
 	if c.IsSet("trace-output") {
 		tmpTraceFile, err := ioutil.TempFile("", "trace")
 		if err != nil {
-			logger.WithError(err).Error("Failed to create new temporary file to save trace output")
+			logger.Errorf("Failed to create new temporary file to save trace output: %s", err)
 		}
 
 		defer func() {
 			if err := tmpTraceFile.Close(); err != nil {
-				logger.WithError(err).Errorf("Failed to close trace output file %s", tmpTraceFile.Name())
+				logger.Errorf("Failed to close trace output file %s with error: %s", tmpTraceFile.Name(), err)
 			}
 			if err := os.Rename(tmpTraceFile.Name(), c.String("trace-output")); err != nil {
-				logger.WithError(err).Errorf("Failed to rename temporary trace output file %s to %s", tmpTraceFile.Name(), c.String("trace-output"))
+				logger.Errorf("Failed to rename temporary trace output file %s to %s with error: %s", tmpTraceFile.Name(), c.String("trace-output"), err)
 			} else {
 				err := os.Remove(tmpTraceFile.Name())
 				if err != nil {
-					logger.WithError(err).Errorf("Failed to remove the temporary trace file %s", tmpTraceFile.Name())
+					logger.Errorf("Failed to remove the temporary trace file %s with error: %s", tmpTraceFile.Name(), err)
 				}
 			}
 		}()
 
 		if err := trace.Start(tmpTraceFile); err != nil {
-			logger.WithError(err).Error("Failed to start trace")
+			logger.Errorf("Failed to start trace: %s", err)
 			return errors.Wrap(err, "Error starting tracing")
 		}
 		defer trace.Stop()
 	}
 
-	if c.String("logfile") != "" {
-		if err := initLogFile(c, logger, transportLogger); err != nil {
-			logger.Error(err)
-		}
-	}
-
-	if err := handleDeprecatedOptions(c); err != nil {
-		return err
-	}
-
 	buildInfo := buildinfo.GetBuildInfo(version)
 	buildInfo.Log(logger)
-	logClientOptions(c)
+	logClientOptions(c, logger)
 
 	if c.IsSet("proxy-dns") {
 		wg.Add(1)
 		go func() {
 			defer wg.Done()
-			errC <- runDNSProxyServer(c, dnsReadySignal, shutdownC)
+			errC <- runDNSProxyServer(c, dnsReadySignal, shutdownC, logger)
 		}()
 	} else {
 		close(dnsReadySignal)
@@ -289,7 +295,7 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 
 	metricsListener, err := listeners.Listen("tcp", c.String("metrics"))
 	if err != nil {
-		logger.WithError(err).Error("Error opening metrics server listener")
+		logger.Errorf("Error opening metrics server listener: %s", err)
 		return errors.Wrap(err, "Error opening metrics server listener")
 	}
 	defer metricsListener.Close()
@@ -301,12 +307,12 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 
 	go notifySystemd(connectedSignal)
 	if c.IsSet("pidfile") {
-		go writePidFile(connectedSignal, c.String("pidfile"))
+		go writePidFile(connectedSignal, c.String("pidfile"), logger)
 	}
 
 	cloudflaredID, err := uuid.NewRandom()
 	if err != nil {
-		logger.WithError(err).Error("Cannot generate cloudflared ID")
+		logger.Errorf("Cannot generate cloudflared ID: %s", err)
 		return err
 	}
 
@@ -317,16 +323,16 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 	}()
 
 	if c.IsSet("use-declarative-tunnels") {
-		return startDeclarativeTunnel(ctx, c, cloudflaredID, buildInfo, &listeners)
+		return startDeclarativeTunnel(ctx, c, cloudflaredID, buildInfo, &listeners, logger)
 	}
 
 	// update needs to be after DNS proxy is up to resolve equinox server address
-	if updater.IsAutoupdateEnabled(c) {
+	if updater.IsAutoupdateEnabled(c, logger) {
 		logger.Infof("Autoupdate frequency is set to %v", c.Duration("autoupdate-freq"))
 		wg.Add(1)
 		go func() {
 			defer wg.Done()
-			autoupdater := updater.NewAutoUpdater(c.Duration("autoupdate-freq"), &listeners)
+			autoupdater := updater.NewAutoUpdater(c.Duration("autoupdate-freq"), &listeners, logger)
 			errC <- autoupdater.Run(ctx)
 		}()
 	}
@@ -335,14 +341,14 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 	if dnsProxyStandAlone(c) {
 		connectedSignal.Notify()
 		// no grace period, handle SIGINT/SIGTERM immediately
-		return waitToShutdown(&wg, errC, shutdownC, graceShutdownC, 0)
+		return waitToShutdown(&wg, errC, shutdownC, graceShutdownC, 0, logger)
 	}
 
 	if c.IsSet("hello-world") {
 		logger.Infof("hello-world set")
 		helloListener, err := hello.CreateTLSListener("127.0.0.1:")
 		if err != nil {
-			logger.WithError(err).Error("Cannot start Hello World Server")
+			logger.Errorf("Cannot start Hello World Server: %s", err)
 			return errors.Wrap(err, "Cannot start Hello World Server")
 		}
 		defer helloListener.Close()
@@ -369,13 +375,13 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 				c.String(accessKeyIDFlag), c.String(secretIDFlag), c.String(sessionTokenIDFlag), c.String(s3URLFlag))
 			if err != nil {
 				msg := "Cannot create uploader for SSH Server"
-				logger.WithError(err).Error(msg)
+				logger.Errorf("%s: %s", msg, err)
 				return errors.Wrap(err, msg)
 			}
 
 			if err := os.MkdirAll(sshLogFileDirectory, 0700); err != nil {
 				msg := fmt.Sprintf("Cannot create SSH log file directory %s", sshLogFileDirectory)
-				logger.WithError(err).Errorf(msg)
+				logger.Errorf("%s: %s", msg, err)
 				return errors.Wrap(err, msg)
 			}
 
@@ -389,14 +395,14 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 		server, err := sshserver.New(logManager, logger, version, localServerAddress, c.String("hostname"), c.Path(hostKeyPath), shutdownC, c.Duration(sshIdleTimeoutFlag), c.Duration(sshMaxTimeoutFlag))
 		if err != nil {
 			msg := "Cannot create new SSH Server"
-			logger.WithError(err).Error(msg)
+			logger.Errorf("%s: %s", msg, err)
 			return errors.Wrap(err, msg)
 		}
 		wg.Add(1)
 		go func() {
 			defer wg.Done()
 			if err = server.Start(); err != nil && err != ssh.ErrServerClosed {
-				logger.WithError(err).Error("SSH server error")
+				logger.Errorf("SSH server error: %s", err)
 				// TODO: remove when declarative tunnels are implemented.
 				close(shutdownC)
 			}
@@ -407,7 +413,7 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 	if staticHost := hostnameFromURI(c.String("url")); isProxyDestinationConfigured(staticHost, c) {
 		listener, err := net.Listen("tcp", "127.0.0.1:")
 		if err != nil {
-			logger.WithError(err).Error("Cannot start Websocket Proxy Server")
+			logger.Errorf("Cannot start Websocket Proxy Server: %s", err)
 			return errors.Wrap(err, "Cannot start Websocket Proxy Server")
 		}
 		wg.Add(1)
@@ -428,7 +434,7 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 					if finalDestination := requestHeaders.Get(h2mux.CFJumpDestinationHeader); finalDestination != "" {
 						token := requestHeaders.Get(h2mux.CFAccessTokenHeader)
 						if err := websocket.SendSSHPreamble(remoteConn, finalDestination, token); err != nil {
-							logger.WithError(err).Error("Failed to send SSH preamble")
+							logger.Errorf("Failed to send SSH preamble: %s", err)
 							return
 						}
 					}
@@ -440,6 +446,11 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 		c.Set("url", "http://"+listener.Addr().String())
 	}
 
+	transportLogger, err := createLogger(c, true)
+	if err != nil {
+		return errors.Wrap(err, "error setting up transport logger")
+	}
+
 	tunnelConfig, err := prepareTunnelConfig(c, buildInfo, version, logger, transportLogger)
 	if err != nil {
 		return err
@@ -447,8 +458,8 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 
 	reconnectCh := make(chan origin.ReconnectSignal, 1)
 	if c.IsSet("stdin-control") {
-		logger.Warn("Enabling control through stdin")
-		go stdinControl(reconnectCh)
+		logger.Info("Enabling control through stdin")
+		go stdinControl(reconnectCh, logger)
 	}
 
 	wg.Add(1)
@@ -456,21 +467,27 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 		defer wg.Done()
 		errC <- origin.StartTunnelDaemon(ctx, tunnelConfig, connectedSignal, cloudflaredID, reconnectCh)
 	}()
-	return waitToShutdown(&wg, errC, shutdownC, graceShutdownC, c.Duration("grace-period"))
+
+	return waitToShutdown(&wg, errC, shutdownC, graceShutdownC, c.Duration("grace-period"), logger)
 }
 
 func Before(c *cli.Context) error {
+	logger, err := createLogger(c, false)
+	if err != nil {
+		return errors.Wrap(err, "error setting up logger")
+	}
+
 	if c.String("config") == "" {
 		logger.Debugf("Cannot determine default configuration path. No file %v in %v", config.DefaultConfigFiles, config.DefaultConfigDirs)
 	}
 	inputSource, err := config.FindInputSourceContext(c)
 	if err != nil {
-		logger.WithError(err).Errorf("Cannot load configuration from %s", c.String("config"))
+		logger.Errorf("Cannot load configuration from %s: %s", c.String("config"), err)
 		return err
 	} else if inputSource != nil {
 		err := altsrc.ApplyInputSourceValues(c, inputSource, c.App.Flags)
 		if err != nil {
-			logger.WithError(err).Errorf("Cannot apply configuration from %s", c.String("config"))
+			logger.Errorf("Cannot apply configuration from %s: %s", c.String("config"), err)
 			return err
 		}
 		logger.Debugf("Applied configuration from %s", c.String("config"))
@@ -488,10 +505,11 @@ func startDeclarativeTunnel(ctx context.Context,
 	cloudflaredID uuid.UUID,
 	buildInfo *buildinfo.BuildInfo,
 	listeners *gracenet.Net,
+	logger logger.Service,
 ) error {
 	reverseProxyOrigin, err := defaultOriginConfig(c)
 	if err != nil {
-		logger.WithError(err)
+		logger.Errorf("%s", err)
 		return err
 	}
 	reverseProxyConfig, err := pogs.NewReverseProxyConfig(
@@ -502,7 +520,7 @@ func startDeclarativeTunnel(ctx context.Context,
 		c.Uint64("compression-quality"),
 	)
 	if err != nil {
-		logger.WithError(err).Error("Cannot initialize default client config because reverse proxy config is invalid")
+		logger.Errorf("Cannot initialize default client config because reverse proxy config is invalid: %s", err)
 		return err
 	}
 	defaultClientConfig := &pogs.ClientConfig{
@@ -522,22 +540,22 @@ func startDeclarativeTunnel(ctx context.Context,
 		ReverseProxyConfigs: []*pogs.ReverseProxyConfig{reverseProxyConfig},
 	}
 
-	autoupdater := updater.NewAutoUpdater(defaultClientConfig.SupervisorConfig.AutoUpdateFrequency, listeners)
+	autoupdater := updater.NewAutoUpdater(defaultClientConfig.SupervisorConfig.AutoUpdateFrequency, listeners, logger)
 
-	originCert, err := getOriginCert(c)
+	originCert, err := getOriginCert(c, logger)
 	if err != nil {
-		logger.WithError(err).Error("error getting origin cert")
+		logger.Errorf("error getting origin cert: %s", err)
 		return err
 	}
 	toEdgeTLSConfig, err := tlsconfig.CreateTunnelConfig(c)
 	if err != nil {
-		logger.WithError(err).Error("unable to create TLS config to connect with edge")
+		logger.Errorf("unable to create TLS config to connect with edge: %s", err)
 		return err
 	}
 
 	tags, err := NewTagSliceFromCLI(c.StringSlice("tag"))
 	if err != nil {
-		logger.WithError(err).Error("unable to parse tag")
+		logger.Errorf("unable to parse tag: %s", err)
 		return err
 	}
 
@@ -556,13 +574,13 @@ func startDeclarativeTunnel(ctx context.Context,
 
 	serviceDiscoverer, err := serviceDiscoverer(c, logger)
 	if err != nil {
-		logger.WithError(err).Error("unable to create service discoverer")
+		logger.Errorf("unable to create service discoverer: %s", err)
 		return err
 	}
 	supervisor, err := supervisor.NewSupervisor(defaultClientConfig, originCert, toEdgeTLSConfig,
-		serviceDiscoverer, cloudflaredConfig, autoupdater, updater.SupportAutoUpdate(), logger)
+		serviceDiscoverer, cloudflaredConfig, autoupdater, updater.SupportAutoUpdate(logger), logger)
 	if err != nil {
-		logger.WithError(err).Error("unable to create Supervisor")
+		logger.Errorf("unable to create Supervisor: %s", err)
 		return err
 	}
 	return supervisor.Run(ctx)
@@ -604,17 +622,18 @@ func waitToShutdown(wg *sync.WaitGroup,
 	errC chan error,
 	shutdownC, graceShutdownC chan struct{},
 	gracePeriod time.Duration,
+	logger logger.Service,
 ) error {
 	var err error
 	if gracePeriod > 0 {
-		err = waitForSignalWithGraceShutdown(errC, shutdownC, graceShutdownC, gracePeriod)
+		err = waitForSignalWithGraceShutdown(errC, shutdownC, graceShutdownC, gracePeriod, logger)
 	} else {
-		err = waitForSignal(errC, shutdownC)
+		err = waitForSignal(errC, shutdownC, logger)
 		close(graceShutdownC)
 	}
 
 	if err != nil {
-		logger.WithError(err).Error("Quitting due to error")
+		logger.Errorf("Quitting due to error: %s", err)
 	} else {
 		logger.Info("Quitting...")
 	}
@@ -632,16 +651,16 @@ func notifySystemd(waitForSignal *signal.Signal) {
 	daemon.SdNotify(false, "READY=1")
 }
 
-func writePidFile(waitForSignal *signal.Signal, pidFile string) {
+func writePidFile(waitForSignal *signal.Signal, pidFile string, logger logger.Service) {
 	<-waitForSignal.Wait()
 	expandedPath, err := homedir.Expand(pidFile)
 	if err != nil {
-		logger.WithError(err).Errorf("Unable to expand %s, try to use absolute path in --pidfile", pidFile)
+		logger.Errorf("Unable to expand %s, try to use absolute path in --pidfile: %s", pidFile, err)
 		return
 	}
 	file, err := os.Create(expandedPath)
 	if err != nil {
-		logger.WithError(err).Errorf("Unable to write pid to %s", expandedPath)
+		logger.Errorf("Unable to write pid to %s: %s", expandedPath, err)
 		return
 	}
 	defer file.Close()
@@ -888,15 +907,15 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 		altsrc.NewStringFlag(&cli.StringFlag{
 			Name:    "loglevel",
 			Value:   "info",
-			Usage:   "Application logging level {panic, fatal, error, warn, info, debug}. " + debugLevelWarning,
+			Usage:   "Application logging level {fatal, error, info, debug}. " + debugLevelWarning,
 			EnvVars: []string{"TUNNEL_LOGLEVEL"},
 			Hidden:  shouldHide,
 		}),
 		altsrc.NewStringFlag(&cli.StringFlag{
 			Name:    "transport-loglevel",
 			Aliases: []string{"proto-loglevel"}, // This flag used to be called proto-loglevel
-			Value:   "warn",
-			Usage:   "Transport logging level(previously called protocol logging level) {panic, fatal, error, warn, info, debug}",
+			Value:   "fatal",
+			Usage:   "Transport logging level(previously called protocol logging level) {fatal, error, info, debug}",
 			EnvVars: []string{"TUNNEL_PROTO_LOGLEVEL", "TUNNEL_TRANSPORT_LOGLEVEL"},
 			Hidden:  shouldHide,
 		}),
@@ -1163,7 +1182,7 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 	}
 }
 
-func stdinControl(reconnectCh chan origin.ReconnectSignal) {
+func stdinControl(reconnectCh chan origin.ReconnectSignal, logger logger.Service) {
 	for {
 		scanner := bufio.NewScanner(os.Stdin)
 		for scanner.Scan() {
@@ -1185,7 +1204,7 @@ func stdinControl(reconnectCh chan origin.ReconnectSignal) {
 				logger.Infof("Sending reconnect signal %+v", reconnect)
 				reconnectCh <- reconnect
 			default:
-				logger.Warn("Unknown command: ", command)
+				logger.Infof("Unknown command: %s", command)
 				fallthrough
 			case "help":
 				logger.Info(`Supported command: 
diff --git a/cmd/cloudflared/tunnel/configuration.go b/cmd/cloudflared/tunnel/configuration.go
index 883d3542..a085f1b5 100644
--- a/cmd/cloudflared/tunnel/configuration.go
+++ b/cmd/cloudflared/tunnel/configuration.go
@@ -15,6 +15,7 @@ import (
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/buildinfo"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
 	"github.com/cloudflare/cloudflared/edgediscovery"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/origin"
 	"github.com/cloudflare/cloudflared/tlsconfig"
 	tunnelpogs "github.com/cloudflare/cloudflared/tunnelrpc/pogs"
@@ -23,7 +24,6 @@ import (
 	"github.com/google/uuid"
 	"github.com/mitchellh/go-homedir"
 	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
 	"golang.org/x/crypto/ssh/terminal"
 	"gopkg.in/urfave/cli.v2"
 )
@@ -47,25 +47,16 @@ func findDefaultOriginCertPath() string {
 	return ""
 }
 
-func generateRandomClientID(logger *logrus.Logger) (string, error) {
+func generateRandomClientID(logger logger.Service) (string, error) {
 	u, err := uuid.NewRandom()
 	if err != nil {
-		logger.WithError(err).Error("couldn't create UUID for client ID")
+		logger.Errorf("couldn't create UUID for client ID %s", err)
 		return "", err
 	}
 	return u.String(), nil
 }
 
-func handleDeprecatedOptions(c *cli.Context) error {
-	// Fail if the user provided an old authentication method
-	if c.IsSet("api-key") || c.IsSet("api-email") || c.IsSet("api-ca-key") {
-		logger.Error("You don't need to give us your api-key anymore. Please use the new login method. Just run cloudflared login")
-		return fmt.Errorf("Client provided deprecated options")
-	}
-	return nil
-}
-
-func logClientOptions(c *cli.Context) {
+func logClientOptions(c *cli.Context, logger logger.Service) {
 	flags := make(map[string]interface{})
 	for _, flag := range c.LocalFlagNames() {
 		flags[flag] = c.Generic(flag)
@@ -79,7 +70,7 @@ func logClientOptions(c *cli.Context) {
 	}
 
 	if len(flags) > 0 {
-		logger.WithFields(flags).Info("Flags")
+		logger.Infof("Environment variables %v", flags)
 	}
 
 	envs := make(map[string]string)
@@ -102,10 +93,10 @@ func dnsProxyStandAlone(c *cli.Context) bool {
 	return c.IsSet("proxy-dns") && (!c.IsSet("hostname") && !c.IsSet("tag") && !c.IsSet("hello-world"))
 }
 
-func findOriginCert(c *cli.Context) (string, error) {
+func findOriginCert(c *cli.Context, logger logger.Service) (string, error) {
 	originCertPath := c.String("origincert")
 	if originCertPath == "" {
-		logger.Warnf("Cannot determine default origin certificate path. No file %s in %v", config.DefaultCredentialFile, config.DefaultConfigDirs)
+		logger.Infof("Cannot determine default origin certificate path. No file %s in %v", config.DefaultCredentialFile, config.DefaultConfigDirs)
 		if isRunningFromTerminal() {
 			logger.Errorf("You need to specify the origin certificate path with --origincert option, or set TUNNEL_ORIGIN_CERT environment variable. See %s for more information.", argumentsUrl)
 			return "", fmt.Errorf("Client didn't specify origincert path when running from terminal")
@@ -117,7 +108,7 @@ func findOriginCert(c *cli.Context) (string, error) {
 	var err error
 	originCertPath, err = homedir.Expand(originCertPath)
 	if err != nil {
-		logger.WithError(err).Errorf("Cannot resolve path %s", originCertPath)
+		logger.Errorf("Cannot resolve path %s: %s", originCertPath, err)
 		return "", fmt.Errorf("Cannot resolve path %s", originCertPath)
 	}
 	// Check that the user has acquired a certificate using the login command
@@ -142,35 +133,36 @@ If you don't have a certificate signed by Cloudflare, run the command:
 	return originCertPath, nil
 }
 
-func readOriginCert(originCertPath string) ([]byte, error) {
+func readOriginCert(originCertPath string, logger logger.Service) ([]byte, error) {
 	logger.Debugf("Reading origin cert from %s", originCertPath)
 
 	// Easier to send the certificate as []byte via RPC than decoding it at this point
 	originCert, err := ioutil.ReadFile(originCertPath)
 	if err != nil {
-		logger.WithError(err).Errorf("Cannot read %s to load origin certificate", originCertPath)
+		logger.Errorf("Cannot read %s to load origin certificate: %s", originCertPath, err)
 		return nil, fmt.Errorf("Cannot read %s to load origin certificate", originCertPath)
 	}
 	return originCert, nil
 }
 
-func getOriginCert(c *cli.Context) ([]byte, error) {
-	if originCertPath, err := findOriginCert(c); err != nil {
+func getOriginCert(c *cli.Context, logger logger.Service) ([]byte, error) {
+	if originCertPath, err := findOriginCert(c, logger); err != nil {
 		return nil, err
 	} else {
-		return readOriginCert(originCertPath)
+		return readOriginCert(originCertPath, logger)
 	}
 }
 
 func prepareTunnelConfig(
 	c *cli.Context,
 	buildInfo *buildinfo.BuildInfo,
-	version string, logger,
-	transportLogger *logrus.Logger,
+	version string,
+	logger logger.Service,
+	transportLogger logger.Service,
 ) (*origin.TunnelConfig, error) {
 	hostname, err := validation.ValidateHostname(c.String("hostname"))
 	if err != nil {
-		logger.WithError(err).Error("Invalid hostname")
+		logger.Errorf("Invalid hostname: %s", err)
 		return nil, errors.Wrap(err, "Invalid hostname")
 	}
 	isFreeTunnel := hostname == ""
@@ -184,7 +176,7 @@ func prepareTunnelConfig(
 
 	tags, err := NewTagSliceFromCLI(c.StringSlice("tag"))
 	if err != nil {
-		logger.WithError(err).Error("Tag parse failure")
+		logger.Errorf("Tag parse failure: %s", err)
 		return nil, errors.Wrap(err, "Tag parse failure")
 	}
 
@@ -192,13 +184,13 @@ func prepareTunnelConfig(
 
 	originURL, err := config.ValidateUrl(c)
 	if err != nil {
-		logger.WithError(err).Error("Error validating origin URL")
+		logger.Errorf("Error validating origin URL: %s", err)
 		return nil, errors.Wrap(err, "Error validating origin URL")
 	}
 
 	var originCert []byte
 	if !isFreeTunnel {
-		originCert, err = getOriginCert(c)
+		originCert, err = getOriginCert(c, logger)
 		if err != nil {
 			return nil, errors.Wrap(err, "Error getting origin cert")
 		}
@@ -206,7 +198,7 @@ func prepareTunnelConfig(
 
 	originCertPool, err := tlsconfig.LoadOriginCA(c, logger)
 	if err != nil {
-		logger.WithError(err).Error("Error loading cert pool")
+		logger.Errorf("Error loading cert pool: %s", err)
 		return nil, errors.Wrap(err, "Error loading cert pool")
 	}
 
@@ -233,7 +225,7 @@ func prepareTunnelConfig(
 	if c.IsSet("unix-socket") {
 		unixSocket, err := config.ValidateUnixSocket(c)
 		if err != nil {
-			logger.WithError(err).Error("Error validating --unix-socket")
+			logger.Errorf("Error validating --unix-socket: %s", err)
 			return nil, errors.Wrap(err, "Error validating --unix-socket")
 		}
 
@@ -253,13 +245,13 @@ func prepareTunnelConfig(
 	// If tunnel running in bastion mode, a connection to origin will not exist until initiated by the client.
 	if !c.IsSet(bastionFlag) {
 		if err = validation.ValidateHTTPService(originURL, hostname, httpTransport); err != nil {
-			logger.WithError(err).Error("unable to connect to the origin")
+			logger.Errorf("unable to connect to the origin: %s", err)
 		}
 	}
 
 	toEdgeTLSConfig, err := tlsconfig.CreateTunnelConfig(c)
 	if err != nil {
-		logger.WithError(err).Error("unable to create TLS config to connect with edge")
+		logger.Errorf("unable to create TLS config to connect with edge: %s", err)
 		return nil, errors.Wrap(err, "unable to create TLS config to connect with edge")
 	}
 
@@ -280,6 +272,7 @@ func prepareTunnelConfig(
 		IsFreeTunnel:         isFreeTunnel,
 		LBPool:               c.String("lb-pool"),
 		Logger:               logger,
+		TransportLogger:      transportLogger,
 		MaxHeartbeats:        c.Uint64("heartbeat-count"),
 		Metrics:              tunnelMetrics,
 		MetricsUpdateFreq:    c.Duration("metrics-update-freq"),
@@ -291,14 +284,13 @@ func prepareTunnelConfig(
 		RunFromTerminal:      isRunningFromTerminal(),
 		Tags:                 tags,
 		TlsConfig:            toEdgeTLSConfig,
-		TransportLogger:      transportLogger,
 		UseDeclarativeTunnel: c.Bool("use-declarative-tunnels"),
 		UseReconnectToken:    c.Bool("use-reconnect-token"),
 		UseQuickReconnects:   c.Bool("use-quick-reconnects"),
 	}, nil
 }
 
-func serviceDiscoverer(c *cli.Context, logger *logrus.Logger) (*edgediscovery.Edge, error) {
+func serviceDiscoverer(c *cli.Context, logger logger.Service) (*edgediscovery.Edge, error) {
 	// If --edge is specfied, resolve edge server addresses
 	if len(c.StringSlice("edge")) > 0 {
 		return edgediscovery.StaticEdge(logger, c.StringSlice("edge"))
diff --git a/cmd/cloudflared/tunnel/logger.go b/cmd/cloudflared/tunnel/logger.go
deleted file mode 100644
index 164de01b..00000000
--- a/cmd/cloudflared/tunnel/logger.go
+++ /dev/null
@@ -1,75 +0,0 @@
-package tunnel
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/cloudflare/cloudflared/log"
-	"github.com/rifflock/lfshook"
-	"github.com/sirupsen/logrus"
-	"gopkg.in/urfave/cli.v2"
-
-	"github.com/mitchellh/go-homedir"
-	"github.com/pkg/errors"
-)
-
-const debugLevelWarning = "At debug level, request URL, method, protocol, content legnth and header will be logged. " +
-	"Response status, content length and header will also be logged in debug level."
-
-var logger = log.CreateLogger()
-
-func configMainLogger(c *cli.Context) error {
-	logLevel, err := logrus.ParseLevel(c.String("loglevel"))
-	if err != nil {
-		logger.WithError(err).Error("Unknown logging level specified")
-		return errors.Wrap(err, "Unknown logging level specified")
-	}
-	logger.SetLevel(logLevel)
-	if logLevel == logrus.DebugLevel {
-		logger.Warn(debugLevelWarning)
-	}
-	return nil
-}
-
-func configTransportLogger(c *cli.Context) (*logrus.Logger, error) {
-	transportLogLevel, err := logrus.ParseLevel(c.String("transport-loglevel"))
-	if err != nil {
-		logger.WithError(err).Fatal("Unknown transport logging level specified")
-		return nil, errors.Wrap(err, "Unknown transport logging level specified")
-	}
-	transportLogger := logrus.New()
-	transportLogger.Level = transportLogLevel
-	return transportLogger, nil
-}
-
-func initLogFile(c *cli.Context, loggers ...*logrus.Logger) error {
-	filePath, err := homedir.Expand(c.String("logfile"))
-	if err != nil {
-		return errors.Wrap(err, "Cannot resolve logfile path")
-	}
-
-	fileMode := os.O_WRONLY | os.O_APPEND | os.O_CREATE | os.O_TRUNC
-	// do not truncate log file if the client has been autoupdated
-	if c.Bool("is-autoupdated") {
-		fileMode = os.O_WRONLY | os.O_APPEND | os.O_CREATE
-	}
-	f, err := os.OpenFile(filePath, fileMode, 0664)
-	if err != nil {
-		errors.Wrap(err, fmt.Sprintf("Cannot open file %s", filePath))
-	}
-	defer f.Close()
-	pathMap := lfshook.PathMap{
-		logrus.DebugLevel: filePath,
-		logrus.WarnLevel:  filePath,
-		logrus.InfoLevel:  filePath,
-		logrus.ErrorLevel: filePath,
-		logrus.FatalLevel: filePath,
-		logrus.PanicLevel: filePath,
-	}
-
-	for _, l := range loggers {
-		l.Hooks.Add(lfshook.NewHook(pathMap, &logrus.JSONFormatter{}))
-	}
-
-	return nil
-}
diff --git a/cmd/cloudflared/tunnel/login.go b/cmd/cloudflared/tunnel/login.go
index 1eb94936..3a9fbdb3 100644
--- a/cmd/cloudflared/tunnel/login.go
+++ b/cmd/cloudflared/tunnel/login.go
@@ -9,7 +9,9 @@ import (
 
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/transfer"
+	"github.com/cloudflare/cloudflared/logger"
 	homedir "github.com/mitchellh/go-homedir"
+	"github.com/pkg/errors"
 	cli "gopkg.in/urfave/cli.v2"
 )
 
@@ -19,6 +21,11 @@ const (
 )
 
 func login(c *cli.Context) error {
+	logger, err := logger.New()
+	if err != nil {
+		return errors.Wrap(err, "error setting up logger")
+	}
+
 	path, ok, err := checkForExistingCert()
 	if ok {
 		fmt.Fprintf(os.Stdout, "You have an existing certificate at %s which login would overwrite.\nIf this is intentional, please move or delete that file then run this command again.\n", path)
@@ -33,7 +40,7 @@ func login(c *cli.Context) error {
 		return err
 	}
 
-	_, err = transfer.Run(loginURL, "cert", "callback", callbackStoreURL, path, false)
+	_, err = transfer.Run(loginURL, "cert", "callback", callbackStoreURL, path, false, logger)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Failed to write the certificate due to the following error:\n%v\n\nYour browser will download the certificate instead. You will have to manually\ncopy it to the following path:\n\n%s\n", err, path)
 		return err
diff --git a/cmd/cloudflared/tunnel/server.go b/cmd/cloudflared/tunnel/server.go
index 4595566d..bb6598e3 100644
--- a/cmd/cloudflared/tunnel/server.go
+++ b/cmd/cloudflared/tunnel/server.go
@@ -1,6 +1,7 @@
 package tunnel
 
 import (
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/tunneldns"
 
 	"gopkg.in/urfave/cli.v2"
@@ -8,23 +9,20 @@ import (
 	"github.com/pkg/errors"
 )
 
-func runDNSProxyServer(c *cli.Context, dnsReadySignal, shutdownC chan struct{}) error {
+func runDNSProxyServer(c *cli.Context, dnsReadySignal, shutdownC chan struct{}, logger logger.Service) error {
 	port := c.Int("proxy-dns-port")
 	if port <= 0 || port > 65535 {
-		logger.Errorf("The 'proxy-dns-port' must be a valid port number in <1, 65535> range.")
 		return errors.New("The 'proxy-dns-port' must be a valid port number in <1, 65535> range.")
 	}
-	listener, err := tunneldns.CreateListener(c.String("proxy-dns-address"), uint16(port), c.StringSlice("proxy-dns-upstream"), c.StringSlice("proxy-dns-bootstrap"))
+	listener, err := tunneldns.CreateListener(c.String("proxy-dns-address"), uint16(port), c.StringSlice("proxy-dns-upstream"), c.StringSlice("proxy-dns-bootstrap"), logger)
 	if err != nil {
 		close(dnsReadySignal)
 		listener.Stop()
-		logger.WithError(err).Error("Cannot create the DNS over HTTPS proxy server")
 		return errors.Wrap(err, "Cannot create the DNS over HTTPS proxy server")
 	}
 
 	err = listener.Start(dnsReadySignal)
 	if err != nil {
-		logger.WithError(err).Error("Cannot start the DNS over HTTPS proxy server")
 		return errors.Wrap(err, "Cannot start the DNS over HTTPS proxy server")
 	}
 	<-shutdownC
diff --git a/cmd/cloudflared/tunnel/signal.go b/cmd/cloudflared/tunnel/signal.go
index b1ec77e2..41a92d69 100644
--- a/cmd/cloudflared/tunnel/signal.go
+++ b/cmd/cloudflared/tunnel/signal.go
@@ -5,12 +5,14 @@ import (
 	"os/signal"
 	"syscall"
 	"time"
+
+	"github.com/cloudflare/cloudflared/logger"
 )
 
 // waitForSignal notifies all routines to shutdownC immediately by closing the
 // shutdownC when one of the routines in main exits, or when this process receives
 // SIGTERM/SIGINT
-func waitForSignal(errC chan error, shutdownC chan struct{}) error {
+func waitForSignal(errC chan error, shutdownC chan struct{}, logger logger.Service) error {
 	signals := make(chan os.Signal, 10)
 	signal.Notify(signals, syscall.SIGTERM, syscall.SIGINT)
 	defer signal.Stop(signals)
@@ -39,6 +41,7 @@ func waitForSignal(errC chan error, shutdownC chan struct{}) error {
 func waitForSignalWithGraceShutdown(errC chan error,
 	shutdownC, graceShutdownC chan struct{},
 	gracePeriod time.Duration,
+	logger logger.Service,
 ) error {
 	signals := make(chan os.Signal, 10)
 	signal.Notify(signals, syscall.SIGTERM, syscall.SIGINT)
@@ -53,9 +56,9 @@ func waitForSignalWithGraceShutdown(errC chan error,
 	case s := <-signals:
 		logger.Infof("Initiating graceful shutdown due to signal %s ...", s)
 		close(graceShutdownC)
-		waitForGracePeriod(signals, errC, shutdownC, gracePeriod)
+		waitForGracePeriod(signals, errC, shutdownC, gracePeriod, logger)
 	case <-graceShutdownC:
-		waitForGracePeriod(signals, errC, shutdownC, gracePeriod)
+		waitForGracePeriod(signals, errC, shutdownC, gracePeriod, logger)
 	case <-shutdownC:
 		close(graceShutdownC)
 	}
@@ -67,6 +70,7 @@ func waitForGracePeriod(signals chan os.Signal,
 	errC chan error,
 	shutdownC chan struct{},
 	gracePeriod time.Duration,
+	logger logger.Service,
 ) {
 	// Unregister signal handler early, so the client can send a second SIGTERM/SIGINT
 	// to force shutdown cloudflared
diff --git a/cmd/cloudflared/tunnel/signal_test.go b/cmd/cloudflared/tunnel/signal_test.go
index 942706c2..0f5e735f 100644
--- a/cmd/cloudflared/tunnel/signal_test.go
+++ b/cmd/cloudflared/tunnel/signal_test.go
@@ -6,6 +6,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -27,6 +28,8 @@ func testChannelClosed(t *testing.T, c chan struct{}) {
 }
 
 func TestWaitForSignal(t *testing.T) {
+	logger := logger.NewOutputWriter(logger.NewMockWriteManager())
+
 	// Test handling server error
 	errC := make(chan error)
 	shutdownC := make(chan struct{})
@@ -36,7 +39,7 @@ func TestWaitForSignal(t *testing.T) {
 	}()
 
 	// received error, shutdownC should be closed
-	err := waitForSignal(errC, shutdownC)
+	err := waitForSignal(errC, shutdownC, logger)
 	assert.Equal(t, serverErr, err)
 	testChannelClosed(t, shutdownC)
 
@@ -56,7 +59,7 @@ func TestWaitForSignal(t *testing.T) {
 			syscall.Kill(syscall.Getpid(), sig)
 		}(sig)
 
-		err = waitForSignal(errC, shutdownC)
+		err = waitForSignal(errC, shutdownC, logger)
 		assert.Equal(t, nil, err)
 		assert.Equal(t, shutdownErr, <-errC)
 		testChannelClosed(t, shutdownC)
@@ -73,8 +76,10 @@ func TestWaitForSignalWithGraceShutdown(t *testing.T) {
 		errC <- serverErr
 	}()
 
+	logger := logger.NewOutputWriter(logger.NewMockWriteManager())
+
 	// received error, both shutdownC and graceshutdownC should be closed
-	err := waitForSignalWithGraceShutdown(errC, shutdownC, graceshutdownC, tick)
+	err := waitForSignalWithGraceShutdown(errC, shutdownC, graceshutdownC, tick, logger)
 	assert.Equal(t, serverErr, err)
 	testChannelClosed(t, shutdownC)
 	testChannelClosed(t, graceshutdownC)
@@ -84,7 +89,7 @@ func TestWaitForSignalWithGraceShutdown(t *testing.T) {
 	shutdownC = make(chan struct{})
 	graceshutdownC = make(chan struct{})
 	close(shutdownC)
-	err = waitForSignalWithGraceShutdown(errC, shutdownC, graceshutdownC, tick)
+	err = waitForSignalWithGraceShutdown(errC, shutdownC, graceshutdownC, tick, logger)
 	assert.NoError(t, err)
 	testChannelClosed(t, shutdownC)
 	testChannelClosed(t, graceshutdownC)
@@ -94,7 +99,7 @@ func TestWaitForSignalWithGraceShutdown(t *testing.T) {
 	shutdownC = make(chan struct{})
 	graceshutdownC = make(chan struct{})
 	close(graceshutdownC)
-	err = waitForSignalWithGraceShutdown(errC, shutdownC, graceshutdownC, tick)
+	err = waitForSignalWithGraceShutdown(errC, shutdownC, graceshutdownC, tick, logger)
 	assert.NoError(t, err)
 	testChannelClosed(t, shutdownC)
 	testChannelClosed(t, graceshutdownC)
@@ -117,7 +122,7 @@ func TestWaitForSignalWithGraceShutdown(t *testing.T) {
 			syscall.Kill(syscall.Getpid(), sig)
 		}(sig)
 
-		err = waitForSignalWithGraceShutdown(errC, shutdownC, graceshutdownC, tick)
+		err = waitForSignalWithGraceShutdown(errC, shutdownC, graceshutdownC, tick, logger)
 		assert.Equal(t, nil, err)
 		assert.Equal(t, graceShutdownErr, <-errC)
 		testChannelClosed(t, shutdownC)
@@ -143,7 +148,7 @@ func TestWaitForSignalWithGraceShutdown(t *testing.T) {
 			syscall.Kill(syscall.Getpid(), sig)
 		}(sig)
 
-		err = waitForSignalWithGraceShutdown(errC, shutdownC, graceshutdownC, tick)
+		err = waitForSignalWithGraceShutdown(errC, shutdownC, graceshutdownC, tick, logger)
 		assert.Equal(t, nil, err)
 		assert.Equal(t, shutdownErr, <-errC)
 		testChannelClosed(t, shutdownC)
diff --git a/cmd/cloudflared/tunnel/subcommands.go b/cmd/cloudflared/tunnel/subcommands.go
index f9493f57..9a6bb517 100644
--- a/cmd/cloudflared/tunnel/subcommands.go
+++ b/cmd/cloudflared/tunnel/subcommands.go
@@ -12,14 +12,15 @@ import (
 
 	"github.com/cloudflare/cloudflared/certutil"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/tunnelstore"
 )
 
 var (
 	outputFormatFlag = &cli.StringFlag{
-		Name:  "output",
+		Name:    "output",
 		Aliases: []string{"o"},
-		Usage: "Render output using given `FORMAT`. Valid options are 'json' or 'yaml'",
+		Usage:   "Render output using given `FORMAT`. Valid options are 'json' or 'yaml'",
 	}
 )
 
@@ -42,7 +43,12 @@ func createTunnel(c *cli.Context) error {
 	}
 	name := c.Args().First()
 
-	client, err := newTunnelstoreClient(c)
+	logger, err := logger.New()
+	if err != nil {
+		return errors.Wrap(err, "error setting up logger")
+	}
+
+	client, err := newTunnelstoreClient(c, logger)
 	if err != nil {
 		return err
 	}
@@ -72,7 +78,12 @@ func buildListCommand() *cli.Command {
 }
 
 func listTunnels(c *cli.Context) error {
-	client, err := newTunnelstoreClient(c)
+	logger, err := logger.New()
+	if err != nil {
+		return errors.Wrap(err, "error setting up logger")
+	}
+
+	client, err := newTunnelstoreClient(c, logger)
 	if err != nil {
 		return err
 	}
@@ -114,7 +125,12 @@ func deleteTunnel(c *cli.Context) error {
 	}
 	id := c.Args().First()
 
-	client, err := newTunnelstoreClient(c)
+	logger, err := logger.New()
+	if err != nil {
+		return errors.Wrap(err, "error setting up logger")
+	}
+
+	client, err := newTunnelstoreClient(c, logger)
 	if err != nil {
 		return err
 	}
@@ -139,13 +155,13 @@ func renderOutput(format string, v interface{}) error {
 	}
 }
 
-func newTunnelstoreClient(c *cli.Context) (tunnelstore.Client, error) {
-	originCertPath, err := findOriginCert(c)
+func newTunnelstoreClient(c *cli.Context, logger logger.Service) (tunnelstore.Client, error) {
+	originCertPath, err := findOriginCert(c, logger)
 	if err != nil {
 		return nil, errors.Wrap(err, "Error locating origin cert")
 	}
 
-	blocks, err := readOriginCert(originCertPath)
+	blocks, err := readOriginCert(originCertPath, logger)
 	if err != nil {
 		return nil, errors.Wrapf(err, "Can't read origin cert from %s", originCertPath)
 	}
@@ -159,7 +175,7 @@ func newTunnelstoreClient(c *cli.Context) (tunnelstore.Client, error) {
 		return nil, errors.Errorf(`Origin certificate needs to be refreshed before creating new tunnels.\nDelete %s and run "cloudflared login" to obtain a new cert.`, originCertPath)
 	}
 
-	client := tunnelstore.NewRESTClient(c.String("api-url"), cert.AccountID, cert.ServiceKey)
+	client := tunnelstore.NewRESTClient(c.String("api-url"), cert.AccountID, cert.ServiceKey, logger)
 
 	return client, nil
 }
diff --git a/cmd/cloudflared/updater/update.go b/cmd/cloudflared/updater/update.go
index 8f9c481b..4de6b406 100644
--- a/cmd/cloudflared/updater/update.go
+++ b/cmd/cloudflared/updater/update.go
@@ -10,9 +10,10 @@ import (
 	"golang.org/x/crypto/ssh/terminal"
 	"gopkg.in/urfave/cli.v2"
 
-	"github.com/cloudflare/cloudflared/log"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/equinox-io/equinox"
 	"github.com/facebookgo/grace/gracenet"
+	"github.com/pkg/errors"
 )
 
 const (
@@ -30,7 +31,6 @@ dsCmJ/QZ6aw0w9qkkwEpne1Lmo6+0pGexZzFZOH6w5amShn+RXt7qkSid9iWlzGq
 EKx0BZogHSor9Wy5VztdFaAaVbsJiCbO
 -----END ECDSA PUBLIC KEY-----
 `)
-	logger = log.CreateLogger()
 )
 
 // BinaryUpdated implements ExitCoder interface, the app will exit with status code 11
@@ -93,7 +93,12 @@ func checkForUpdateAndApply() UpdateOutcome {
 }
 
 func Update(_ *cli.Context) error {
-	updateOutcome := loggedUpdate()
+	logger, err := logger.New()
+	if err != nil {
+		return errors.Wrap(err, "error setting up logger")
+	}
+
+	updateOutcome := loggedUpdate(logger)
 	if updateOutcome.Error != nil {
 		return &statusErr{updateOutcome.Error}
 	}
@@ -107,13 +112,13 @@ func Update(_ *cli.Context) error {
 }
 
 // Checks for an update and applies it if one is available
-func loggedUpdate() UpdateOutcome {
+func loggedUpdate(logger logger.Service) UpdateOutcome {
 	updateOutcome := checkForUpdateAndApply()
 	if updateOutcome.Updated {
 		logger.Infof("cloudflared has been updated to version %s", updateOutcome.Version)
 	}
 	if updateOutcome.Error != nil {
-		logger.WithError(updateOutcome.Error).Error("update check failed")
+		logger.Errorf("update check failed: %s", updateOutcome.Error)
 	}
 
 	return updateOutcome
@@ -124,6 +129,7 @@ type AutoUpdater struct {
 	configurable     *configurable
 	listeners        *gracenet.Net
 	updateConfigChan chan *configurable
+	logger           logger.Service
 }
 
 // AutoUpdaterConfigurable is the attributes of AutoUpdater that can be reconfigured during runtime
@@ -132,7 +138,7 @@ type configurable struct {
 	freq    time.Duration
 }
 
-func NewAutoUpdater(freq time.Duration, listeners *gracenet.Net) *AutoUpdater {
+func NewAutoUpdater(freq time.Duration, listeners *gracenet.Net, logger logger.Service) *AutoUpdater {
 	updaterConfigurable := &configurable{
 		enabled: true,
 		freq:    freq,
@@ -145,6 +151,7 @@ func NewAutoUpdater(freq time.Duration, listeners *gracenet.Net) *AutoUpdater {
 		configurable:     updaterConfigurable,
 		listeners:        listeners,
 		updateConfigChan: make(chan *configurable),
+		logger:           logger,
 	}
 }
 
@@ -152,20 +159,20 @@ func (a *AutoUpdater) Run(ctx context.Context) error {
 	ticker := time.NewTicker(a.configurable.freq)
 	for {
 		if a.configurable.enabled {
-			updateOutcome := loggedUpdate()
+			updateOutcome := loggedUpdate(a.logger)
 			if updateOutcome.Updated {
 				os.Args = append(os.Args, "--is-autoupdated=true")
 				if IsSysV() {
 					// SysV doesn't have a mechanism to keep service alive, we have to restart the process
-					logger.Infof("Restarting service managed by SysV...")
+					a.logger.Info("Restarting service managed by SysV...")
 					pid, err := a.listeners.StartProcess()
 					if err != nil {
-						logger.WithError(err).Error("Unable to restart server automatically")
+						a.logger.Errorf("Unable to restart server automatically: %s", err)
 						return &statusErr{err: err}
 					}
 					// stop old process after autoupdate. Otherwise we create a new process
 					// after each update
-					logger.Infof("PID of the new process is %d", pid)
+					a.logger.Infof("PID of the new process is %d", pid)
 				}
 				return &statusSuccess{newVersion: updateOutcome.Version}
 			}
@@ -197,14 +204,14 @@ func (a *AutoUpdater) Update(newFreq time.Duration) {
 	a.updateConfigChan <- newConfigurable
 }
 
-func IsAutoupdateEnabled(c *cli.Context) bool {
-	if !SupportAutoUpdate() {
+func IsAutoupdateEnabled(c *cli.Context, l logger.Service) bool {
+	if !SupportAutoUpdate(l) {
 		return false
 	}
 	return !c.Bool("no-autoupdate") && c.Duration("autoupdate-freq") != 0
 }
 
-func SupportAutoUpdate() bool {
+func SupportAutoUpdate(logger logger.Service) bool {
 	if runtime.GOOS == "windows" {
 		logger.Info(noUpdateOnWindowsMessage)
 		return false
diff --git a/cmd/cloudflared/updater/update_test.go b/cmd/cloudflared/updater/update_test.go
index 218b22b4..d4ad93ee 100644
--- a/cmd/cloudflared/updater/update_test.go
+++ b/cmd/cloudflared/updater/update_test.go
@@ -4,13 +4,15 @@ import (
 	"context"
 	"testing"
 
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/facebookgo/grace/gracenet"
 	"github.com/stretchr/testify/assert"
 )
 
 func TestDisabledAutoUpdater(t *testing.T) {
 	listeners := &gracenet.Net{}
-	autoupdater := NewAutoUpdater(0, listeners)
+	logger := logger.NewOutputWriter(logger.NewMockWriteManager())
+	autoupdater := NewAutoUpdater(0, listeners, logger)
 	ctx, cancel := context.WithCancel(context.Background())
 	errC := make(chan error)
 	go func() {
diff --git a/cmd/cloudflared/windows_service.go b/cmd/cloudflared/windows_service.go
index 1c25699d..1cc34990 100644
--- a/cmd/cloudflared/windows_service.go
+++ b/cmd/cloudflared/windows_service.go
@@ -12,8 +12,11 @@ import (
 	"time"
 	"unsafe"
 
+	"github.com/cloudflare/cloudflared/logger"
+	"github.com/pkg/errors"
 	cli "gopkg.in/urfave/cli.v2"
 
+	"github.com/pkg/errors"
 	"golang.org/x/sys/windows"
 	"golang.org/x/sys/windows/svc"
 	"golang.org/x/sys/windows/svc/eventlog"
@@ -65,6 +68,12 @@ func runApp(app *cli.App, shutdownC, graceShutdownC chan struct{}) {
 	//     2. get ERROR_FAILED_SERVICE_CONTROLLER_CONNECT
 	// This involves actually trying to start the service.
 
+	logger, err := logger.New()
+	if err != nil {
+		os.Exit(1)
+		return
+	}
+
 	isIntSess, err := svc.IsAnInteractiveSession()
 	if err != nil {
 		logger.Fatalf("failed to determine if we are running in an interactive session: %v", err)
@@ -97,9 +106,15 @@ type windowsService struct {
 
 // called by the package code at the start of the service
 func (s *windowsService) Execute(serviceArgs []string, r <-chan svc.ChangeRequest, statusChan chan<- svc.Status) (ssec bool, errno uint32) {
+	logger, err := logger.New()
+	if err != nil {
+		os.Exit(1)
+		return
+	}
+
 	elog, err := eventlog.Open(windowsServiceName)
 	if err != nil {
-		logger.WithError(err).Errorf("Cannot open event log for %s", windowsServiceName)
+		logger.Errorf("Cannot open event log for %s with error: %s", windowsServiceName, err)
 		return
 	}
 	defer elog.Close()
@@ -160,6 +175,11 @@ func (s *windowsService) Execute(serviceArgs []string, r <-chan svc.ChangeReques
 }
 
 func installWindowsService(c *cli.Context) error {
+	logger, err := logger.New()
+	if err != nil {
+		return errors.Wrap(err, "error setting up logger")
+	}
+
 	logger.Infof("Installing Argo Tunnel Windows service")
 	exepath, err := os.Executable()
 	if err != nil {
@@ -168,7 +188,7 @@ func installWindowsService(c *cli.Context) error {
 	}
 	m, err := mgr.Connect()
 	if err != nil {
-		logger.WithError(err).Errorf("Cannot establish a connection to the service control manager")
+		logger.Errorf("Cannot establish a connection to the service control manager: %s", err)
 		return err
 	}
 	defer m.Disconnect()
@@ -189,18 +209,23 @@ func installWindowsService(c *cli.Context) error {
 	err = eventlog.InstallAsEventCreate(windowsServiceName, eventlog.Error|eventlog.Warning|eventlog.Info)
 	if err != nil {
 		s.Delete()
-		logger.WithError(err).Errorf("Cannot install event logger")
+		logger.Errorf("Cannot install event logger: %s", err)
 		return fmt.Errorf("SetupEventLogSource() failed: %s", err)
 	}
 	err = configRecoveryOption(s.Handle)
 	if err != nil {
-		logger.WithError(err).Errorf("Cannot set service recovery actions")
+		logger.Errorf("Cannot set service recovery actions: %s", err)
 		logger.Infof("See %s to manually configure service recovery actions", windowsServiceUrl)
 	}
 	return nil
 }
 
 func uninstallWindowsService(c *cli.Context) error {
+	logger, err := logger.New()
+	if err != nil {
+		return errors.Wrap(err, "error setting up logger")
+	}
+
 	logger.Infof("Uninstalling Argo Tunnel Windows Service")
 	m, err := mgr.Connect()
 	if err != nil {
diff --git a/connection/connection.go b/connection/connection.go
index b898403f..a49bf966 100644
--- a/connection/connection.go
+++ b/connection/connection.go
@@ -7,9 +7,9 @@ import (
 
 	"github.com/google/uuid"
 	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
 
 	"github.com/cloudflare/cloudflared/h2mux"
+	"github.com/cloudflare/cloudflared/logger"
 	tunnelpogs "github.com/cloudflare/cloudflared/tunnelrpc/pogs"
 )
 
@@ -43,8 +43,8 @@ func (c *Connection) Serve(ctx context.Context) error {
 }
 
 // Connect is used to establish connections with cloudflare's edge network
-func (c *Connection) Connect(ctx context.Context, parameters *tunnelpogs.ConnectParameters, logger *logrus.Entry) (tunnelpogs.ConnectResult, error) {
-	tsClient, err := NewRPCClient(ctx, c.muxer, logger.WithField("rpc", "connect"), openStreamTimeout)
+func (c *Connection) Connect(ctx context.Context, parameters *tunnelpogs.ConnectParameters, logger logger.Service) (tunnelpogs.ConnectResult, error) {
+	tsClient, err := NewRPCClient(ctx, c.muxer, logger, openStreamTimeout)
 	if err != nil {
 		return nil, errors.Wrap(err, "cannot create new RPC connection")
 	}
diff --git a/connection/manager.go b/connection/manager.go
index eeac2e01..00f85ba7 100644
--- a/connection/manager.go
+++ b/connection/manager.go
@@ -10,11 +10,11 @@ import (
 	"github.com/google/uuid"
 	"github.com/pkg/errors"
 	"github.com/prometheus/client_golang/prometheus"
-	"github.com/sirupsen/logrus"
 
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/buildinfo"
 	"github.com/cloudflare/cloudflared/edgediscovery"
 	"github.com/cloudflare/cloudflared/h2mux"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/streamhandler"
 	tunnelpogs "github.com/cloudflare/cloudflared/tunnelrpc/pogs"
 )
@@ -40,7 +40,7 @@ type EdgeManager struct {
 	// state is attributes of ConnectionManager that can change during runtime.
 	state *edgeManagerState
 
-	logger *logrus.Entry
+	logger logger.Service
 
 	metrics *metrics
 }
@@ -76,7 +76,7 @@ func NewEdgeManager(
 	tlsConfig *tls.Config,
 	serviceDiscoverer *edgediscovery.Edge,
 	cloudflaredConfig *CloudflaredConfig,
-	logger *logrus.Logger,
+	logger logger.Service,
 ) *EdgeManager {
 	return &EdgeManager{
 		streamHandler:     streamHandler,
@@ -84,7 +84,7 @@ func NewEdgeManager(
 		cloudflaredConfig: cloudflaredConfig,
 		serviceDiscoverer: serviceDiscoverer,
 		state:             newEdgeConnectionManagerState(edgeConnMgrConfigurable, userCredential),
-		logger:            logger.WithField("subsystem", "connectionManager"),
+		logger:            logger,
 		metrics:           newMetrics(packageNamespace, edgeManagerSubsystem),
 	}
 }
@@ -109,16 +109,16 @@ func (em *EdgeManager) Run(ctx context.Context) error {
 		if em.state.shouldCreateConnection(em.serviceDiscoverer.AvailableAddrs()) {
 			if connErr := em.newConnection(ctx, connIndex); connErr != nil {
 				if !connErr.ShouldRetry {
-					em.logger.WithError(connErr).Error(em.noRetryMessage())
+					em.logger.Errorf("connectionManager: %s with error: %s", em.noRetryMessage(), connErr)
 					return connErr
 				}
-				em.logger.WithError(connErr).Error("cannot create new connection")
+				em.logger.Errorf("connectionManager: cannot create new connection: %s", connErr)
 			} else {
 				connIndex++
 			}
 		} else if em.state.shouldReduceConnection() {
 			if err := em.closeConnection(ctx); err != nil {
-				em.logger.WithError(err).Error("cannot close connection")
+				em.logger.Errorf("connectionManager: cannot close connection: %s", err)
 			}
 		}
 	}
@@ -147,7 +147,7 @@ func (em *EdgeManager) newConnection(ctx context.Context, index int) *tunnelpogs
 		IsClient:          true,
 		HeartbeatInterval: configurable.HeartbeatInterval,
 		MaxHeartbeats:     configurable.MaxFailedHeartbeats,
-		Logger:            em.logger.WithField("subsystem", "muxer"),
+		Logger:            em.logger,
 	}, em.metrics.activeStreams)
 	if err != nil {
 		retryConnection(fmt.Sprintf("couldn't perform handshake with edge: %v", err))
@@ -178,7 +178,7 @@ func (em *EdgeManager) newConnection(ctx context.Context, index int) *tunnelpogs
 	}
 
 	em.state.newConnection(h2muxConn)
-	em.logger.Infof("connected to %s", connResult.ConnectedTo())
+	em.logger.Infof("connectionManager: connected to %s", connResult.ConnectedTo())
 
 	if connResult.ClientConfig() != nil {
 		em.streamHandler.UseConfiguration(ctx, connResult.ClientConfig())
@@ -198,7 +198,7 @@ func (em *EdgeManager) closeConnection(ctx context.Context) error {
 
 func (em *EdgeManager) serveConn(ctx context.Context, conn *Connection) {
 	err := conn.Serve(ctx)
-	em.logger.WithError(err).Warn("Connection closed")
+	em.logger.Errorf("connectionManager: Connection closed: %s", err)
 	em.state.closeConnection(conn)
 	em.serviceDiscoverer.GiveBack(conn.addr)
 }
diff --git a/connection/manager_test.go b/connection/manager_test.go
index 465fc951..791c5add 100644
--- a/connection/manager_test.go
+++ b/connection/manager_test.go
@@ -6,12 +6,12 @@ import (
 	"time"
 
 	"github.com/google/uuid"
-	"github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/buildinfo"
 	"github.com/cloudflare/cloudflared/edgediscovery"
 	"github.com/cloudflare/cloudflared/h2mux"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/streamhandler"
 	"github.com/cloudflare/cloudflared/tunnelrpc/pogs"
 )
@@ -48,7 +48,7 @@ var (
 func mockEdgeManager() *EdgeManager {
 	newConfigChan := make(chan<- *pogs.ClientConfig)
 	useConfigResultChan := make(<-chan *pogs.UseConfigurationResult)
-	logger := logrus.New()
+	logger := logger.NewOutputWriter(logger.NewMockWriteManager())
 	edge := edgediscovery.MockEdge(logger, []*net.TCPAddr{})
 	return NewEdgeManager(
 		streamhandler.NewStreamHandler(newConfigChan, useConfigResultChan, logger),
diff --git a/connection/rpc.go b/connection/rpc.go
index 9c10c334..8c125d92 100644
--- a/connection/rpc.go
+++ b/connection/rpc.go
@@ -5,10 +5,10 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/sirupsen/logrus"
 	rpc "zombiezen.com/go/capnproto2/rpc"
 
 	"github.com/cloudflare/cloudflared/h2mux"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/tunnelrpc"
 	tunnelpogs "github.com/cloudflare/cloudflared/tunnelrpc/pogs"
 )
@@ -18,7 +18,7 @@ import (
 func NewRPCClient(
 	ctx context.Context,
 	muxer *h2mux.Muxer,
-	logger *logrus.Entry,
+	logger logger.Service,
 	openStreamTimeout time.Duration,
 ) (client tunnelpogs.TunnelServer_PogsClient, err error) {
 	openStreamCtx, openStreamCancel := context.WithTimeout(ctx, openStreamTimeout)
diff --git a/dbconnect/proxy.go b/dbconnect/proxy.go
index 2a1a53ad..fbdfb0b9 100644
--- a/dbconnect/proxy.go
+++ b/dbconnect/proxy.go
@@ -11,17 +11,17 @@ import (
 	"time"
 
 	"github.com/cloudflare/cloudflared/hello"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/validation"
 	"github.com/gorilla/mux"
 	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
 )
 
 // Proxy is an HTTP server that proxies requests to a Client.
 type Proxy struct {
 	client          Client
 	accessValidator *validation.Access
-	logger          *logrus.Logger
+	logger          logger.Service
 }
 
 // NewInsecureProxy creates a Proxy that talks to a Client at an origin.
@@ -43,7 +43,12 @@ func NewInsecureProxy(ctx context.Context, origin string) (*Proxy, error) {
 		return nil, errors.Wrap(err, "could not connect to the database")
 	}
 
-	return &Proxy{client, nil, logrus.New()}, nil
+	logger, err := logger.New()
+	if err != nil {
+		return nil, errors.Wrap(err, "error setting up logger")
+	}
+
+	return &Proxy{client, nil, logger}, nil
 }
 
 // NewSecureProxy creates a Proxy that talks to a Client at an origin.
@@ -90,7 +95,8 @@ func (proxy *Proxy) IsAllowed(r *http.Request, verbose ...bool) bool {
 	// Warn administrators that invalid JWTs are being rejected. This is indicative
 	// of either a misconfiguration of the CLI or a massive failure of upstream systems.
 	if len(verbose) > 0 {
-		proxy.httpLog(r, err).Error("Failed JWT authentication")
+		cfRay := proxy.getRayHeader(r)
+		proxy.logger.Infof("dbproxy: Failed JWT authentication: cf-ray: %s %s", cfRay, err)
 	}
 
 	return false
@@ -234,13 +240,14 @@ func (proxy *Proxy) httpRespondErr(w http.ResponseWriter, r *http.Request, defau
 
 	proxy.httpRespond(w, r, status, err.Error())
 	if len(err.Error()) > 0 {
-		proxy.httpLog(r, err).Warn("Database proxy error")
+		cfRay := proxy.getRayHeader(r)
+		proxy.logger.Infof("dbproxy: Database proxy error: cf-ray: %s %s", cfRay, err)
 	}
 }
 
-// httpLog returns a logrus.Entry that is formatted to output a request Cf-ray.
-func (proxy *Proxy) httpLog(r *http.Request, err error) *logrus.Entry {
-	return proxy.logger.WithContext(r.Context()).WithField("CF-RAY", r.Header.Get("Cf-ray")).WithError(err)
+// getRayHeader returns the request's Cf-ray header.
+func (proxy *Proxy) getRayHeader(r *http.Request) string {
+	return r.Header.Get("Cf-ray")
 }
 
 // httpError extracts common errors and returns an status code and friendly error.
diff --git a/edgediscovery/allregions/discovery.go b/edgediscovery/allregions/discovery.go
index b18e3df6..8640f494 100644
--- a/edgediscovery/allregions/discovery.go
+++ b/edgediscovery/allregions/discovery.go
@@ -7,8 +7,8 @@ import (
 	"net"
 	"time"
 
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
 )
 
 const (
@@ -58,15 +58,15 @@ var friendlyDNSErrorLines = []string{
 }
 
 // EdgeDiscovery implements HA service discovery lookup.
-func edgeDiscovery(logger *logrus.Entry) ([][]*net.TCPAddr, error) {
+func edgeDiscovery(logger logger.Service) ([][]*net.TCPAddr, error) {
 	_, addrs, err := netLookupSRV(srvService, srvProto, srvName)
 	if err != nil {
 		_, fallbackAddrs, fallbackErr := fallbackLookupSRV(srvService, srvProto, srvName)
 		if fallbackErr != nil || len(fallbackAddrs) == 0 {
 			// use the original DNS error `err` in messages, not `fallbackErr`
-			logger.Errorln("Error looking up Cloudflare edge IPs: the DNS query failed:", err)
+			logger.Errorf("Error looking up Cloudflare edge IPs: the DNS query failed: %s", err)
 			for _, s := range friendlyDNSErrorLines {
-				logger.Errorln(s)
+				logger.Error(s)
 			}
 			return nil, errors.Wrapf(err, "Could not lookup srv records on _%v._%v.%v", srvService, srvProto, srvName)
 		}
diff --git a/edgediscovery/allregions/discovery_test.go b/edgediscovery/allregions/discovery_test.go
index 0ead20bc..b2be4350 100644
--- a/edgediscovery/allregions/discovery_test.go
+++ b/edgediscovery/allregions/discovery_test.go
@@ -3,7 +3,7 @@ package allregions
 import (
 	"testing"
 
-	"github.com/sirupsen/logrus"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -19,7 +19,8 @@ func TestEdgeDiscovery(t *testing.T) {
 		}
 	}
 
-	addrLists, err := edgeDiscovery(logrus.New().WithFields(logrus.Fields{}))
+	l := logger.NewOutputWriter(logger.NewMockWriteManager())
+	addrLists, err := edgeDiscovery(l)
 	assert.NoError(t, err)
 	actualAddrSet := map[string]bool{}
 	for _, addrs := range addrLists {
diff --git a/edgediscovery/allregions/region.go b/edgediscovery/allregions/region.go
index bf17a496..aee3fd93 100644
--- a/edgediscovery/allregions/region.go
+++ b/edgediscovery/allregions/region.go
@@ -2,8 +2,6 @@ package allregions
 
 import (
 	"net"
-
-	"github.com/sirupsen/logrus"
 )
 
 // Region contains cloudflared edge addresses. The edge is partitioned into several regions for
@@ -59,7 +57,7 @@ func (r Region) GetUnusedIP(excluding *net.TCPAddr) *net.TCPAddr {
 // Use the address, assigning it to a proxy connection.
 func (r Region) Use(addr *net.TCPAddr, connID int) {
 	if addr == nil {
-		logrus.Errorf("Attempted to use nil address for connection %d", connID)
+		//logrus.Errorf("Attempted to use nil address for connection %d", connID)
 		return
 	}
 	r.connFor[addr] = InUse(connID)
diff --git a/edgediscovery/allregions/regions.go b/edgediscovery/allregions/regions.go
index d51c3299..bacc75a1 100644
--- a/edgediscovery/allregions/regions.go
+++ b/edgediscovery/allregions/regions.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"net"
 
-	"github.com/sirupsen/logrus"
+	"github.com/cloudflare/cloudflared/logger"
 )
 
 // Regions stores Cloudflare edge network IPs, partitioned into two regions.
@@ -19,7 +19,7 @@ type Regions struct {
 // ------------------------------------
 
 // ResolveEdge resolves the Cloudflare edge, returning all regions discovered.
-func ResolveEdge(logger *logrus.Entry) (*Regions, error) {
+func ResolveEdge(logger logger.Service) (*Regions, error) {
 	addrLists, err := edgeDiscovery(logger)
 	if err != nil {
 		return nil, err
diff --git a/edgediscovery/edgediscovery.go b/edgediscovery/edgediscovery.go
index 0b90efce..c4db7249 100644
--- a/edgediscovery/edgediscovery.go
+++ b/edgediscovery/edgediscovery.go
@@ -6,8 +6,7 @@ import (
 	"sync"
 
 	"github.com/cloudflare/cloudflared/edgediscovery/allregions"
-
-	"github.com/sirupsen/logrus"
+	"github.com/cloudflare/cloudflared/logger"
 )
 
 const (
@@ -20,7 +19,7 @@ var errNoAddressesLeft = fmt.Errorf("There are no free edge addresses left")
 type Edge struct {
 	regions *allregions.Regions
 	sync.Mutex
-	logger *logrus.Entry
+	logger logger.Service
 }
 
 // ------------------------------------
@@ -29,37 +28,34 @@ type Edge struct {
 
 // ResolveEdge runs the initial discovery of the Cloudflare edge, finding Addrs that can be allocated
 // to connections.
-func ResolveEdge(l *logrus.Logger) (*Edge, error) {
-	logger := l.WithField("subsystem", subsystem)
-	regions, err := allregions.ResolveEdge(logger)
+func ResolveEdge(l logger.Service) (*Edge, error) {
+	regions, err := allregions.ResolveEdge(l)
 	if err != nil {
 		return new(Edge), err
 	}
 	return &Edge{
-		logger:  logger,
+		logger:  l,
 		regions: regions,
 	}, nil
 }
 
 // StaticEdge creates a list of edge addresses from the list of hostnames. Mainly used for testing connectivity.
-func StaticEdge(l *logrus.Logger, hostnames []string) (*Edge, error) {
-	logger := l.WithField("subsystem", subsystem)
+func StaticEdge(l logger.Service, hostnames []string) (*Edge, error) {
 	regions, err := allregions.StaticEdge(hostnames)
 	if err != nil {
 		return new(Edge), err
 	}
 	return &Edge{
-		logger:  logger,
+		logger:  l,
 		regions: regions,
 	}, nil
 }
 
 // MockEdge creates a Cloudflare Edge from arbitrary TCP addresses. Used for testing.
-func MockEdge(l *logrus.Logger, addrs []*net.TCPAddr) *Edge {
-	logger := l.WithField("subsystem", subsystem)
+func MockEdge(l logger.Service, addrs []*net.TCPAddr) *Edge {
 	regions := allregions.NewNoResolve(addrs)
 	return &Edge{
-		logger:  logger,
+		logger:  l,
 		regions: regions,
 	}
 }
@@ -83,24 +79,20 @@ func (ed *Edge) GetAddrForRPC() (*net.TCPAddr, error) {
 func (ed *Edge) GetAddr(connID int) (*net.TCPAddr, error) {
 	ed.Lock()
 	defer ed.Unlock()
-	logger := ed.logger.WithFields(logrus.Fields{
-		"connID":   connID,
-		"function": "GetAddr",
-	})
 
 	// If this connection has already used an edge addr, return it.
 	if addr := ed.regions.AddrUsedBy(connID); addr != nil {
-		logger.Debug("Returning same address back to proxy connection")
+		ed.logger.Debugf("edgediscovery - GetAddr: Returning same address back to proxy connection: connID: %d", connID)
 		return addr, nil
 	}
 
 	// Otherwise, give it an unused one
 	addr := ed.regions.GetUnusedAddr(nil, connID)
 	if addr == nil {
-		logger.Debug("No addresses left to give proxy connection")
+		ed.logger.Debugf("edgediscovery - GetAddr: No addresses left to give proxy connection: connID: %d", connID)
 		return nil, errNoAddressesLeft
 	}
-	logger.Debugf("Giving connection its new address %s", addr)
+	ed.logger.Debugf("edgediscovery - GetAddr: Giving connection its new address %s: connID: %d", addr, connID)
 	return addr, nil
 }
 
@@ -108,10 +100,6 @@ func (ed *Edge) GetAddr(connID int) (*net.TCPAddr, error) {
 func (ed *Edge) GetDifferentAddr(connID int) (*net.TCPAddr, error) {
 	ed.Lock()
 	defer ed.Unlock()
-	logger := ed.logger.WithFields(logrus.Fields{
-		"connID":   connID,
-		"function": "GetDifferentAddr",
-	})
 
 	oldAddr := ed.regions.AddrUsedBy(connID)
 	if oldAddr != nil {
@@ -119,11 +107,11 @@ func (ed *Edge) GetDifferentAddr(connID int) (*net.TCPAddr, error) {
 	}
 	addr := ed.regions.GetUnusedAddr(oldAddr, connID)
 	if addr == nil {
-		logger.Debug("No addresses left to give proxy connection")
+		ed.logger.Debugf("edgediscovery - GetDifferentAddr: No addresses left to give proxy connection: connID: %d", connID)
 		// note: if oldAddr were not nil, it will become available on the next iteration
 		return nil, errNoAddressesLeft
 	}
-	logger.Debugf("Giving connection its new address %s", addr)
+	ed.logger.Debugf("edgediscovery - GetDifferentAddr: Giving connection its new address %s: connID: %d", addr, connID)
 	return addr, nil
 }
 
@@ -139,6 +127,6 @@ func (ed *Edge) AvailableAddrs() int {
 func (ed *Edge) GiveBack(addr *net.TCPAddr) bool {
 	ed.Lock()
 	defer ed.Unlock()
-	ed.logger.WithField("function", "GiveBack").Debug("Address now unused")
+	ed.logger.Debug("edgediscovery - GiveBack: Address now unused")
 	return ed.regions.GiveBack(addr)
 }
diff --git a/edgediscovery/edgediscovery_test.go b/edgediscovery/edgediscovery_test.go
index 4b111be1..3439861a 100644
--- a/edgediscovery/edgediscovery_test.go
+++ b/edgediscovery/edgediscovery_test.go
@@ -4,7 +4,7 @@ import (
 	"net"
 	"testing"
 
-	"github.com/sirupsen/logrus"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -32,7 +32,7 @@ var (
 )
 
 func TestGiveBack(t *testing.T) {
-	l := logrus.New()
+	l := logger.NewOutputWriter(logger.NewMockWriteManager())
 	edge := MockEdge(l, []*net.TCPAddr{&addr0, &addr1, &addr2, &addr3})
 
 	// Give this connection an address
@@ -49,7 +49,7 @@ func TestGiveBack(t *testing.T) {
 }
 
 func TestRPCAndProxyShareSingleEdgeIP(t *testing.T) {
-	l := logrus.New()
+	l := logger.NewOutputWriter(logger.NewMockWriteManager())
 
 	// Make an edge with a single IP
 	edge := MockEdge(l, []*net.TCPAddr{&addr0})
@@ -66,7 +66,7 @@ func TestRPCAndProxyShareSingleEdgeIP(t *testing.T) {
 }
 
 func TestGetAddrForRPC(t *testing.T) {
-	l := logrus.New()
+	l := logger.NewOutputWriter(logger.NewMockWriteManager())
 	edge := MockEdge(l, []*net.TCPAddr{&addr0, &addr1, &addr2, &addr3})
 
 	// Get a connection
@@ -84,7 +84,7 @@ func TestGetAddrForRPC(t *testing.T) {
 }
 
 func TestOnePerRegion(t *testing.T) {
-	l := logrus.New()
+	l := logger.NewOutputWriter(logger.NewMockWriteManager())
 
 	// Make an edge with only one address
 	edge := MockEdge(l, []*net.TCPAddr{&addr0, &addr1})
@@ -108,7 +108,7 @@ func TestOnePerRegion(t *testing.T) {
 }
 
 func TestOnlyOneAddrLeft(t *testing.T) {
-	l := logrus.New()
+	l := logger.NewOutputWriter(logger.NewMockWriteManager())
 
 	// Make an edge with only one address
 	edge := MockEdge(l, []*net.TCPAddr{&addr0})
@@ -130,7 +130,7 @@ func TestOnlyOneAddrLeft(t *testing.T) {
 }
 
 func TestNoAddrsLeft(t *testing.T) {
-	l := logrus.New()
+	l := logger.NewOutputWriter(logger.NewMockWriteManager())
 
 	// Make an edge with no addresses
 	edge := MockEdge(l, []*net.TCPAddr{})
@@ -142,7 +142,7 @@ func TestNoAddrsLeft(t *testing.T) {
 }
 
 func TestGetAddr(t *testing.T) {
-	l := logrus.New()
+	l := logger.NewOutputWriter(logger.NewMockWriteManager())
 	edge := MockEdge(l, []*net.TCPAddr{&addr0, &addr1, &addr2, &addr3})
 
 	// Give this connection an address
@@ -158,7 +158,7 @@ func TestGetAddr(t *testing.T) {
 }
 
 func TestGetDifferentAddr(t *testing.T) {
-	l := logrus.New()
+	l := logger.NewOutputWriter(logger.NewMockWriteManager())
 	edge := MockEdge(l, []*net.TCPAddr{&addr0, &addr1, &addr2, &addr3})
 
 	// Give this connection an address
diff --git a/go.mod b/go.mod
index 974a0b3f..85aee5c3 100644
--- a/go.mod
+++ b/go.mod
@@ -5,12 +5,14 @@ go 1.12
 require (
 	github.com/BurntSushi/go-sumtype v0.0.0-20190304192233-fcb4a6205bdc // indirect
 	github.com/DATA-DOG/go-sqlmock v1.3.3
+	github.com/acmacalister/skittles v0.0.0-20160609003031-7423546701e1
+	github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4
 	github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 // indirect
 	github.com/aws/aws-sdk-go v1.25.8
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/certifi/gocertifi v0.0.0-20200211180108-c7c1fbc02894 // indirect
 	github.com/cloudflare/brotli-go v0.0.0-20191101163834-d34379f7ff93
-	github.com/cloudflare/cfssl v0.0.0-20141119014638-2f7f44e802e2
+	github.com/cloudflare/cfssl v0.0.0-20141119014638-2f7f44e802e2 // indirect
 	github.com/cloudflare/golibs v0.0.0-20170913112048-333127dbecfc
 	github.com/coredns/coredns v1.2.0
 	github.com/coreos/go-oidc v0.0.0-20171002155002-a93f71fdfe73
@@ -37,7 +39,7 @@ require (
 	github.com/kshvakov/clickhouse v1.3.11
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lib/pq v1.2.0
-	github.com/mattn/go-colorable v0.1.4
+	github.com/mattn/go-colorable v0.1.4 // indirect
 	github.com/mattn/go-isatty v0.0.10 // indirect
 	github.com/mattn/go-sqlite3 v1.11.0
 	github.com/mholt/caddy v0.0.0-20180807230124-d3b731e9255b // indirect
@@ -51,8 +53,8 @@ require (
 	github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4 // indirect
 	github.com/prometheus/common v0.7.0 // indirect
 	github.com/prometheus/procfs v0.0.5 // indirect
-	github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5
-	github.com/sirupsen/logrus v1.4.2
+	github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5 // indirect
+	github.com/sirupsen/logrus v1.4.2 // indirect
 	github.com/stretchr/testify v1.3.0
 	github.com/tinylib/msgp v1.1.0 // indirect
 	github.com/xo/dburl v0.0.0-20191005012637-293c3298d6c0
diff --git a/go.sum b/go.sum
index 5c41f7d0..774e3261 100644
--- a/go.sum
+++ b/go.sum
@@ -10,7 +10,10 @@ github.com/DATA-DOG/go-sqlmock v1.3.3/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q
 github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0=
 github.com/GeertJohan/go.rice v1.0.0/go.mod h1:eH6gbSOAUv07dQuZVnBmoDP8mgsM1rtixis4Tib9if0=
 github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c=
+github.com/acmacalister/skittles v0.0.0-20160609003031-7423546701e1 h1:RKnVV4C7qoN/sToLX2y1dqH7T6kKLMHcwRJlgwb9Ggk=
+github.com/acmacalister/skittles v0.0.0-20160609003031-7423546701e1/go.mod h1:gI5CyA/CEnS6eqNV22rqs4dG3aGfaSbXgPORIlwr2r0=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4 h1:Hs82Z41s6SdL1CELW+XaDYmOH4hkBN4/N9og/AsOv7E=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
diff --git a/h2mux/h2mux.go b/h2mux/h2mux.go
index 6f7d407d..a9af47bb 100644
--- a/h2mux/h2mux.go
+++ b/h2mux/h2mux.go
@@ -7,8 +7,8 @@ import (
 	"sync"
 	"time"
 
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/prometheus/client_golang/prometheus"
-	log "github.com/sirupsen/logrus"
 	"golang.org/x/net/http2"
 	"golang.org/x/net/http2/hpack"
 	"golang.org/x/sync/errgroup"
@@ -48,7 +48,7 @@ type MuxerConfig struct {
 	// The minimum number of heartbeats to send before terminating the connection.
 	MaxHeartbeats uint64
 	// Logger to use
-	Logger             *log.Entry
+	Logger             logger.Service
 	CompressionQuality CompressionSetting
 	// Initial size for HTTP2 flow control windows
 	DefaultWindowSize uint32
@@ -136,10 +136,10 @@ func Handshake(
 	handshakeSetting := http2.Setting{ID: SettingMuxerMagic, Val: MuxerMagicEdge}
 	compressionSetting := http2.Setting{ID: SettingCompression, Val: config.CompressionQuality.toH2Setting()}
 	if CompressionIsSupported() {
-		log.Debug("Compression is supported")
+		config.Logger.Debug("muxer: Compression is supported")
 		m.compressionQuality = config.CompressionQuality.getPreset()
 	} else {
-		log.Debug("Compression is not supported")
+		config.Logger.Debug("muxer: Compression is not supported")
 		compressionSetting = http2.Setting{ID: SettingCompression, Val: 0}
 	}
 
@@ -176,12 +176,12 @@ func Handshake(
 	// Sanity check to enusre idelDuration is sane
 	if idleDuration == 0 || idleDuration < defaultTimeout {
 		idleDuration = defaultTimeout
-		config.Logger.Warn("Minimum idle time has been adjusted to ", defaultTimeout)
+		config.Logger.Infof("muxer: Minimum idle time has been adjusted to %d", defaultTimeout)
 	}
 	maxRetries := config.MaxHeartbeats
 	if maxRetries == 0 {
 		maxRetries = defaultRetries
-		config.Logger.Warn("Minimum number of unacked heartbeats to send before closing the connection has been adjusted to ", maxRetries)
+		config.Logger.Infof("muxer: Minimum number of unacked heartbeats to send before closing the connection has been adjusted to %d", maxRetries)
 	}
 
 	compBytesBefore, compBytesAfter := NewAtomicCounter(0), NewAtomicCounter(0)
diff --git a/h2mux/h2mux_test.go b/h2mux/h2mux_test.go
index b7995232..5f6b8b5b 100644
--- a/h2mux/h2mux_test.go
+++ b/h2mux/h2mux_test.go
@@ -15,8 +15,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/pkg/errors"
-	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 	"golang.org/x/sync/errgroup"
 )
@@ -28,7 +28,7 @@ const (
 
 func TestMain(m *testing.M) {
 	if os.Getenv("VERBOSE") == "1" {
-		log.SetLevel(log.DebugLevel)
+		//TODO: set log level
 	}
 	os.Exit(m.Run())
 }
@@ -51,7 +51,7 @@ func NewDefaultMuxerPair(t assert.TestingT, testName string, f MuxedStreamFunc)
 			Handler:                 f,
 			IsClient:                true,
 			Name:                    "origin",
-			Logger:                  log.NewEntry(log.New()),
+			Logger:                  logger.NewOutputWriter(logger.NewMockWriteManager()),
 			DefaultWindowSize:       (1 << 8) - 1,
 			MaxWindowSize:           (1 << 15) - 1,
 			StreamWriteBufferMaxLen: 1024,
@@ -63,7 +63,7 @@ func NewDefaultMuxerPair(t assert.TestingT, testName string, f MuxedStreamFunc)
 			Timeout:                 testHandshakeTimeout,
 			IsClient:                false,
 			Name:                    "edge",
-			Logger:                  log.NewEntry(log.New()),
+			Logger:                  logger.NewOutputWriter(logger.NewMockWriteManager()),
 			DefaultWindowSize:       (1 << 8) - 1,
 			MaxWindowSize:           (1 << 15) - 1,
 			StreamWriteBufferMaxLen: 1024,
@@ -86,7 +86,7 @@ func NewCompressedMuxerPair(t assert.TestingT, testName string, quality Compress
 			IsClient:           true,
 			Name:               "origin",
 			CompressionQuality: quality,
-			Logger:             log.NewEntry(log.New()),
+			Logger:             logger.NewOutputWriter(logger.NewMockWriteManager()),
 			HeartbeatInterval:  defaultTimeout,
 			MaxHeartbeats:      defaultRetries,
 		},
@@ -96,7 +96,7 @@ func NewCompressedMuxerPair(t assert.TestingT, testName string, quality Compress
 			IsClient:           false,
 			Name:               "edge",
 			CompressionQuality: quality,
-			Logger:             log.NewEntry(log.New()),
+			Logger:             logger.NewOutputWriter(logger.NewMockWriteManager()),
 			HeartbeatInterval:  defaultTimeout,
 			MaxHeartbeats:      defaultRetries,
 		},
@@ -301,6 +301,7 @@ func TestSingleStreamLargeResponseBody(t *testing.T) {
 }
 
 func TestMultipleStreams(t *testing.T) {
+	l := logger.NewOutputWriter(logger.NewMockWriteManager())
 	f := MuxedStreamFunc(func(stream *MuxedStream) error {
 		if len(stream.Headers) != 1 {
 			t.Fatalf("expected %d headers, got %d", 1, len(stream.Headers))
@@ -308,13 +309,13 @@ func TestMultipleStreams(t *testing.T) {
 		if stream.Headers[0].Name != "client-token" {
 			t.Fatalf("expected header name %s, got %s", "client-token", stream.Headers[0].Name)
 		}
-		log.Debugf("Got request for stream %s", stream.Headers[0].Value)
+		l.Debugf("Got request for stream %s", stream.Headers[0].Value)
 		stream.WriteHeaders([]Header{
 			{Name: "response-token", Value: stream.Headers[0].Value},
 		})
-		log.Debugf("Wrote headers for stream %s", stream.Headers[0].Value)
+		l.Debugf("Wrote headers for stream %s", stream.Headers[0].Value)
 		stream.Write([]byte("OK"))
-		log.Debugf("Wrote body for stream %s", stream.Headers[0].Value)
+		l.Debugf("Wrote body for stream %s", stream.Headers[0].Value)
 		return nil
 	})
 	muxPair := NewDefaultMuxerPair(t, t.Name(), f)
@@ -332,7 +333,7 @@ func TestMultipleStreams(t *testing.T) {
 				[]Header{{Name: "client-token", Value: tokenString}},
 				nil,
 			)
-			log.Debugf("Got headers for stream %d", tokenId)
+			l.Debugf("Got headers for stream %d", tokenId)
 			if err != nil {
 				errorsC <- err
 				return
@@ -370,7 +371,7 @@ func TestMultipleStreams(t *testing.T) {
 	testFail := false
 	for err := range errorsC {
 		testFail = true
-		log.Error(err)
+		l.Errorf("%s", err)
 	}
 	if testFail {
 		t.Fatalf("TestMultipleStreams failed")
@@ -448,6 +449,8 @@ func TestMultipleStreamsFlowControl(t *testing.T) {
 }
 
 func TestGracefulShutdown(t *testing.T) {
+	l := logger.NewOutputWriter(logger.NewMockWriteManager())
+
 	sendC := make(chan struct{})
 	responseBuf := bytes.Repeat([]byte("Hello world"), 65536)
 
@@ -456,17 +459,17 @@ func TestGracefulShutdown(t *testing.T) {
 			{Name: "response-header", Value: "responseValue"},
 		})
 		<-sendC
-		log.Debugf("Writing %d bytes", len(responseBuf))
+		l.Debugf("Writing %d bytes", len(responseBuf))
 		stream.Write(responseBuf)
 		stream.CloseWrite()
-		log.Debugf("Wrote %d bytes", len(responseBuf))
+		l.Debugf("Wrote %d bytes", len(responseBuf))
 		// Reading from the stream will block until the edge closes its end of the stream.
 		// Otherwise, we'll close the whole connection before receiving the 'stream closed'
 		// message from the edge.
 		// Graceful shutdown works if you omit this, it just gives spurious errors for now -
 		// TODO ignore errors when writing 'stream closed' and we're shutting down.
 		stream.Read([]byte{0})
-		log.Debugf("Handler ends")
+		l.Debugf("Handler ends")
 		return nil
 	})
 	muxPair := NewDefaultMuxerPair(t, t.Name(), f)
@@ -483,7 +486,7 @@ func TestGracefulShutdown(t *testing.T) {
 	muxPair.EdgeMux.Shutdown()
 	close(sendC)
 	responseBody := make([]byte, len(responseBuf))
-	log.Debugf("Waiting for %d bytes", len(responseBuf))
+	l.Debugf("Waiting for %d bytes", len(responseBuf))
 	n, err := io.ReadFull(stream, responseBody)
 	if err != nil {
 		t.Fatalf("error from (*MuxedStream).Read with %d bytes read: %s", n, err)
@@ -676,6 +679,7 @@ func AssertIfPipeReadable(t *testing.T, pipe io.ReadCloser) {
 }
 
 func TestMultipleStreamsWithDictionaries(t *testing.T) {
+	l := logger.NewOutputWriter(logger.NewMockWriteManager())
 
 	for q := CompressionNone; q <= CompressionMax; q++ {
 		htmlBody := `<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"` +
@@ -812,7 +816,7 @@ func TestMultipleStreamsWithDictionaries(t *testing.T) {
 		testFail := false
 		for err := range errorsC {
 			testFail = true
-			log.Error(err)
+			l.Errorf("%s", err)
 		}
 		if testFail {
 			t.Fatalf("TestMultipleStreams failed")
@@ -826,6 +830,8 @@ func TestMultipleStreamsWithDictionaries(t *testing.T) {
 }
 
 func sampleSiteHandler(files map[string][]byte) MuxedStreamFunc {
+	l := logger.NewOutputWriter(logger.NewMockWriteManager())
+
 	return func(stream *MuxedStream) error {
 		var contentType string
 		var pathHeader Header
@@ -853,13 +859,13 @@ func sampleSiteHandler(files map[string][]byte) MuxedStreamFunc {
 		stream.WriteHeaders([]Header{
 			Header{Name: "content-type", Value: contentType},
 		})
-		log.Debugf("Wrote headers for stream %s", pathHeader.Value)
+		l.Debugf("Wrote headers for stream %s", pathHeader.Value)
 		file, ok := files[pathHeader.Value]
 		if !ok {
 			return fmt.Errorf("%s content is not preloaded", pathHeader.Value)
 		}
 		stream.Write(file)
-		log.Debugf("Wrote body for stream %s", pathHeader.Value)
+		l.Debugf("Wrote body for stream %s", pathHeader.Value)
 		return nil
 	}
 }
diff --git a/h2mux/muxmetrics.go b/h2mux/muxmetrics.go
index ef49e85f..2dcb6179 100644
--- a/h2mux/muxmetrics.go
+++ b/h2mux/muxmetrics.go
@@ -4,10 +4,9 @@ import (
 	"sync"
 	"time"
 
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/golang-collections/collections/queue"
 	"github.com/prometheus/client_golang/prometheus"
-
-	log "github.com/sirupsen/logrus"
 )
 
 // data points used to compute average receive window and send window size
@@ -22,7 +21,7 @@ type muxMetricsUpdater interface {
 	// metrics returns the latest metrics
 	metrics() *MuxerMetrics
 	// run is a blocking call to start the event loop
-	run(logger *log.Entry) error
+	run(logger logger.Service) error
 	// updateRTTChan is called by muxReader to report new RTT measurements
 	updateRTT(rtt *roundTripMeasurement)
 	//updateReceiveWindowChan is called by muxReader and muxWriter when receiveWindow size is updated
@@ -139,34 +138,30 @@ func (updater *muxMetricsUpdaterImpl) metrics() *MuxerMetrics {
 	return m
 }
 
-func (updater *muxMetricsUpdaterImpl) run(parentLogger *log.Entry) error {
-	logger := parentLogger.WithFields(log.Fields{
-		"subsystem": "mux",
-		"dir":       "metrics",
-	})
-	defer logger.Debug("event loop finished")
+func (updater *muxMetricsUpdaterImpl) run(logger logger.Service) error {
+	defer logger.Debug("mux - metrics: event loop finished")
 	for {
 		select {
 		case <-updater.abortChan:
-			logger.Infof("Stopping mux metrics updater")
+			logger.Infof("mux - metrics: Stopping mux metrics updater")
 			return nil
 		case roundTripMeasurement := <-updater.updateRTTChan:
 			go updater.rttData.update(roundTripMeasurement)
-			logger.Debug("Update rtt")
+			logger.Debug("mux - metrics: Update rtt")
 		case receiveWindow := <-updater.updateReceiveWindowChan:
 			go updater.receiveWindowData.update(receiveWindow)
-			logger.Debug("Update receive window")
+			logger.Debug("mux - metrics: Update receive window")
 		case sendWindow := <-updater.updateSendWindowChan:
 			go updater.sendWindowData.update(sendWindow)
-			logger.Debug("Update send window")
+			logger.Debug("mux - metrics: Update send window")
 		case inBoundBytes := <-updater.updateInBoundBytesChan:
 			// inBoundBytes is bytes/sec because the update interval is 1 sec
 			go updater.inBoundRate.update(inBoundBytes)
-			logger.Debugf("Inbound bytes %d", inBoundBytes)
+			logger.Debugf("mux - metrics: Inbound bytes %d", inBoundBytes)
 		case outBoundBytes := <-updater.updateOutBoundBytesChan:
 			// outBoundBytes is bytes/sec because the update interval is 1 sec
 			go updater.outBoundRate.update(outBoundBytes)
-			logger.Debugf("Outbound bytes %d", outBoundBytes)
+			logger.Debugf("mux - metrics: Outbound bytes %d", outBoundBytes)
 		}
 	}
 }
diff --git a/h2mux/muxmetrics_test.go b/h2mux/muxmetrics_test.go
index f74e5dda..8316ea50 100644
--- a/h2mux/muxmetrics_test.go
+++ b/h2mux/muxmetrics_test.go
@@ -5,7 +5,7 @@ import (
 	"testing"
 	"time"
 
-	log "github.com/sirupsen/logrus"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -91,7 +91,7 @@ func TestMuxMetricsUpdater(t *testing.T) {
 	abortChan := make(chan struct{})
 	compBefore, compAfter := NewAtomicCounter(0), NewAtomicCounter(0)
 	m := newMuxMetricsUpdater(abortChan, compBefore, compAfter)
-	logger := log.NewEntry(log.New())
+	logger := logger.NewOutputWriter(logger.NewMockWriteManager())
 
 	go func() {
 		errChan <- m.run(logger)
diff --git a/h2mux/muxreader.go b/h2mux/muxreader.go
index f0efab63..450aa15e 100644
--- a/h2mux/muxreader.go
+++ b/h2mux/muxreader.go
@@ -3,11 +3,12 @@ package h2mux
 import (
 	"bytes"
 	"encoding/binary"
+	"fmt"
 	"io"
 	"net/url"
 	"time"
 
-	log "github.com/sirupsen/logrus"
+	"github.com/cloudflare/cloudflared/logger"
 	"golang.org/x/net/http2"
 )
 
@@ -67,12 +68,8 @@ func (r *MuxReader) Shutdown() <-chan struct{} {
 	return done
 }
 
-func (r *MuxReader) run(parentLogger *log.Entry) error {
-	logger := parentLogger.WithFields(log.Fields{
-		"subsystem": "mux",
-		"dir":       "read",
-	})
-	defer logger.Debug("event loop finished")
+func (r *MuxReader) run(logger logger.Service) error {
+	defer logger.Debug("mux - read: event loop finished")
 
 	// routine to periodically update bytesRead
 	go func() {
@@ -90,13 +87,13 @@ func (r *MuxReader) run(parentLogger *log.Entry) error {
 	for {
 		frame, err := r.f.ReadFrame()
 		if err != nil {
-			errLogger := logger.WithError(err)
+			errorString := fmt.Sprintf("mux - read: %s", err)
 			if errorDetail := r.f.ErrorDetail(); errorDetail != nil {
-				errLogger = errLogger.WithField("errorDetail", errorDetail)
+				errorString = fmt.Sprintf("%s: errorDetail: %s", errorString, errorDetail)
 			}
 			switch e := err.(type) {
 			case http2.StreamError:
-				errLogger.Warn("stream error")
+				logger.Infof("%s: stream error", errorString)
 				// Ideally we wouldn't return here, since that aborts the muxer.
 				// We should communicate the error to the relevant MuxedStream
 				// data structure, so that callers of MuxedStream.Read() and
@@ -104,25 +101,25 @@ func (r *MuxReader) run(parentLogger *log.Entry) error {
 				// and keep the muxer going.
 				return r.streamError(e.StreamID, e.Code)
 			case http2.ConnectionError:
-				errLogger.Warn("connection error")
+				logger.Infof("%s: stream error", errorString)
 				return r.connectionError(err)
 			default:
 				if isConnectionClosedError(err) {
 					if r.streams.Len() == 0 {
 						// don't log the error here -- that would just be extra noise
-						logger.Debug("shutting down")
+						logger.Debug("mux - read: shutting down")
 						return nil
 					}
-					errLogger.Warn("connection closed unexpectedly")
+					logger.Infof("%s: connection closed unexpectedly", errorString)
 					return err
 				} else {
-					errLogger.Warn("frame read error")
+					logger.Infof("%s: frame read error", errorString)
 					return r.connectionError(err)
 				}
 			}
 		}
 		r.connActive.Signal()
-		logger.WithField("data", frame).Debug("read frame")
+		logger.Debugf("mux - read: read frame: data %v", frame)
 		switch f := frame.(type) {
 		case *http2.DataFrame:
 			err = r.receiveFrameData(f, logger)
@@ -158,7 +155,7 @@ func (r *MuxReader) run(parentLogger *log.Entry) error {
 			err = ErrUnexpectedFrameType
 		}
 		if err != nil {
-			logger.WithField("data", frame).WithError(err).Debug("frame error")
+			logger.Debugf("mux - read: read error: data %v", frame)
 			return r.connectionError(err)
 		}
 	}
@@ -279,8 +276,7 @@ func (r *MuxReader) handleStream(stream *MuxedStream) {
 }
 
 // Receives a data frame from a stream. A non-nil error is a connection error.
-func (r *MuxReader) receiveFrameData(frame *http2.DataFrame, parentLogger *log.Entry) error {
-	logger := parentLogger.WithField("stream", frame.Header().StreamID)
+func (r *MuxReader) receiveFrameData(frame *http2.DataFrame, logger logger.Service) error {
 	stream, err := r.getStreamForFrame(frame)
 	if err != nil {
 		return r.defaultStreamErrorHandler(err, frame.Header())
@@ -296,9 +292,9 @@ func (r *MuxReader) receiveFrameData(frame *http2.DataFrame, parentLogger *log.E
 	if frame.Header().Flags.Has(http2.FlagDataEndStream) {
 		if stream.receiveEOF() {
 			r.streams.Delete(stream.streamID)
-			logger.Debug("stream closed")
+			logger.Debugf("mux - read: stream closed: streamID: %d", frame.Header().StreamID)
 		} else {
-			logger.Debug("shutdown receive side")
+			logger.Debugf("mux - read: shutdown receive side: streamID: %d", frame.Header().StreamID)
 		}
 		return nil
 	}
diff --git a/h2mux/muxwriter.go b/h2mux/muxwriter.go
index dfe52d7f..c3844592 100644
--- a/h2mux/muxwriter.go
+++ b/h2mux/muxwriter.go
@@ -6,7 +6,7 @@ import (
 	"io"
 	"time"
 
-	log "github.com/sirupsen/logrus"
+	"github.com/cloudflare/cloudflared/logger"
 	"golang.org/x/net/http2"
 	"golang.org/x/net/http2/hpack"
 )
@@ -72,12 +72,8 @@ func tsToPingData(ts int64) [8]byte {
 	return pingData
 }
 
-func (w *MuxWriter) run(parentLogger *log.Entry) error {
-	logger := parentLogger.WithFields(log.Fields{
-		"subsystem": "mux",
-		"dir":       "write",
-	})
-	defer logger.Debug("event loop finished")
+func (w *MuxWriter) run(logger logger.Service) error {
+	defer logger.Debug("mux - write: event loop finished")
 
 	// routine to periodically communicate bytesWrote
 	go func() {
@@ -95,17 +91,17 @@ func (w *MuxWriter) run(parentLogger *log.Entry) error {
 	for {
 		select {
 		case <-w.abortChan:
-			logger.Debug("aborting writer thread")
+			logger.Debug("mux - write: aborting writer thread")
 			return nil
 		case errCode := <-w.goAwayChan:
-			logger.Debug("sending GOAWAY code ", errCode)
+			logger.Debugf("mux - write: sending GOAWAY code %v", errCode)
 			err := w.f.WriteGoAway(w.streams.LastPeerStreamID(), errCode, []byte{})
 			if err != nil {
 				return err
 			}
 			w.idleTimer.MarkActive()
 		case <-w.pingTimestamp.GetUpdateChan():
-			logger.Debug("sending PING ACK")
+			logger.Debug("mux - write: sending PING ACK")
 			err := w.f.WritePing(true, tsToPingData(w.pingTimestamp.Get()))
 			if err != nil {
 				return err
@@ -115,7 +111,7 @@ func (w *MuxWriter) run(parentLogger *log.Entry) error {
 			if !w.idleTimer.Retry() {
 				return ErrConnectionDropped
 			}
-			logger.Debug("sending PING")
+			logger.Debug("mux - write: sending PING")
 			err := w.f.WritePing(false, tsToPingData(time.Now().UnixNano()))
 			if err != nil {
 				return err
@@ -125,7 +121,7 @@ func (w *MuxWriter) run(parentLogger *log.Entry) error {
 			w.idleTimer.MarkActive()
 		case <-w.streamErrors.GetSignalChan():
 			for streamID, errCode := range w.streamErrors.GetErrors() {
-				logger.WithField("stream", streamID).WithField("code", errCode).Debug("resetting stream")
+				logger.Debugf("mux - write: resetting stream with code: %v streamID: %d", errCode, streamID)
 				err := w.f.WriteRSTStream(streamID, errCode)
 				if err != nil {
 					return err
@@ -145,19 +141,17 @@ func (w *MuxWriter) run(parentLogger *log.Entry) error {
 			if streamRequest.body != nil {
 				go streamRequest.flushBody()
 			}
-			streamLogger := logger.WithField("stream", streamID)
-			err := w.writeStreamData(streamRequest.stream, streamLogger)
+			err := w.writeStreamData(streamRequest.stream, logger)
 			if err != nil {
 				return err
 			}
 			w.idleTimer.MarkActive()
 		case streamID := <-w.readyStreamChan:
-			streamLogger := logger.WithField("stream", streamID)
 			stream, ok := w.streams.Get(streamID)
 			if !ok {
 				continue
 			}
-			err := w.writeStreamData(stream, streamLogger)
+			err := w.writeStreamData(stream, logger)
 			if err != nil {
 				return err
 			}
@@ -165,7 +159,7 @@ func (w *MuxWriter) run(parentLogger *log.Entry) error {
 		case useDict := <-w.useDictChan:
 			err := w.writeUseDictionary(useDict)
 			if err != nil {
-				logger.WithError(err).Warn("error writing use dictionary")
+				logger.Errorf("mux - write: error writing use dictionary: %s", err)
 				return err
 			}
 			w.idleTimer.MarkActive()
@@ -173,18 +167,18 @@ func (w *MuxWriter) run(parentLogger *log.Entry) error {
 	}
 }
 
-func (w *MuxWriter) writeStreamData(stream *MuxedStream, logger *log.Entry) error {
-	logger.Debug("writable")
+func (w *MuxWriter) writeStreamData(stream *MuxedStream, logger logger.Service) error {
+	logger.Debugf("mux - write: writable: streamID: %d", stream.streamID)
 	chunk := stream.getChunk()
 	w.metricsUpdater.updateReceiveWindow(stream.getReceiveWindow())
 	w.metricsUpdater.updateSendWindow(stream.getSendWindow())
 	if chunk.sendHeadersFrame() {
 		err := w.writeHeaders(chunk.streamID, chunk.headers)
 		if err != nil {
-			logger.WithError(err).Warn("error writing headers")
+			logger.Errorf("mux - write: error writing headers: %s: streamID: %d", err, stream.streamID)
 			return err
 		}
-		logger.Debug("output headers")
+		logger.Debugf("mux - write: output headers: streamID: %d", stream.streamID)
 	}
 
 	if chunk.sendWindowUpdateFrame() {
@@ -195,22 +189,22 @@ func (w *MuxWriter) writeStreamData(stream *MuxedStream, logger *log.Entry) erro
 		// window, unless the receiver treats this as a connection error"
 		err := w.f.WriteWindowUpdate(chunk.streamID, chunk.windowUpdate)
 		if err != nil {
-			logger.WithError(err).Warn("error writing window update")
+			logger.Errorf("mux - write: error writing window update: %s: streamID: %d", err, stream.streamID)
 			return err
 		}
-		logger.Debugf("increment receive window by %d", chunk.windowUpdate)
+		logger.Debugf("mux - write: increment receive window by %d streamID: %d", chunk.windowUpdate, stream.streamID)
 	}
 
 	for chunk.sendDataFrame() {
 		payload, sentEOF := chunk.nextDataFrame(int(w.maxFrameSize))
 		err := w.f.WriteData(chunk.streamID, sentEOF, payload)
 		if err != nil {
-			logger.WithError(err).Warn("error writing data")
+			logger.Errorf("mux - write: error writing data: %s: streamID: %d", err, stream.streamID)
 			return err
 		}
 		// update the amount of data wrote
 		w.bytesWrote.IncrementBy(uint64(len(payload)))
-		logger.WithField("len", len(payload)).Debug("output data")
+		logger.Errorf("mux - write: output data: %d: streamID: %d", len(payload), stream.streamID)
 
 		if sentEOF {
 			if stream.readBuffer.Closed() {
@@ -218,15 +212,15 @@ func (w *MuxWriter) writeStreamData(stream *MuxedStream, logger *log.Entry) erro
 				if !stream.gotReceiveEOF() {
 					// the peer may send data that we no longer want to receive. Force them into the
 					// closed state.
-					logger.Debug("resetting stream")
+					logger.Debugf("mux - write: resetting stream: streamID: %d", stream.streamID)
 					w.f.WriteRSTStream(chunk.streamID, http2.ErrCodeNo)
 				} else {
 					// Half-open stream transitioned into closed
-					logger.Debug("closing stream")
+					logger.Debugf("mux - write: closing stream: streamID: %d", stream.streamID)
 				}
 				w.streams.Delete(chunk.streamID)
 			} else {
-				logger.Debug("closing stream write side")
+				logger.Debugf("mux - write: closing stream write side: streamID: %d", stream.streamID)
 			}
 		}
 	}
diff --git a/hello/hello.go b/hello/hello.go
index 882361de..8c064b40 100644
--- a/hello/hello.go
+++ b/hello/hello.go
@@ -12,8 +12,8 @@ import (
 	"os"
 	"time"
 
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/gorilla/websocket"
-	"github.com/sirupsen/logrus"
 
 	"github.com/cloudflare/cloudflared/tlsconfig"
 )
@@ -91,7 +91,7 @@ const indexTemplate = `
 </html>
 `
 
-func StartHelloWorldServer(logger *logrus.Logger, listener net.Listener, shutdownC <-chan struct{}) error {
+func StartHelloWorldServer(logger logger.Service, listener net.Listener, shutdownC <-chan struct{}) error {
 	logger.Infof("Starting Hello World server at %s", listener.Addr())
 	serverName := defaultServerName
 	if hostname, err := os.Hostname(); err == nil {
@@ -148,7 +148,7 @@ func uptimeHandler(startTime time.Time) http.HandlerFunc {
 }
 
 // This handler will echo message
-func websocketHandler(logger *logrus.Logger, upgrader websocket.Upgrader) http.HandlerFunc {
+func websocketHandler(logger logger.Service, upgrader websocket.Upgrader) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		conn, err := upgrader.Upgrade(w, r, nil)
 		if err != nil {
@@ -158,12 +158,12 @@ func websocketHandler(logger *logrus.Logger, upgrader websocket.Upgrader) http.H
 		for {
 			mt, message, err := conn.ReadMessage()
 			if err != nil {
-				logger.WithError(err).Error("websocket read message error")
+				logger.Errorf("websocket read message error: %s", err)
 				break
 			}
 
 			if err := conn.WriteMessage(mt, message); err != nil {
-				logger.WithError(err).Error("websocket write message error")
+				logger.Errorf("websocket write message error: %s", err)
 				break
 			}
 		}
diff --git a/log/log.go b/log/log.go
deleted file mode 100644
index bc94e779..00000000
--- a/log/log.go
+++ /dev/null
@@ -1,85 +0,0 @@
-// this forks the logrus json formatter to rename msg -> message as that's the
-// expected field. Ideally the logger should make it easier for us.
-package log
-
-import (
-	"encoding/json"
-	"fmt"
-	"runtime"
-	"time"
-
-	"github.com/mattn/go-colorable"
-	"github.com/sirupsen/logrus"
-)
-
-var (
-	DefaultTimestampFormat = time.RFC3339Nano
-)
-
-type JSONFormatter struct {
-	// TimestampFormat sets the format used for marshaling timestamps.
-	TimestampFormat string
-}
-
-func CreateLogger() *logrus.Logger {
-	logger := logrus.New()
-	logger.Out = colorable.NewColorableStderr()
-	logger.Formatter = &logrus.TextFormatter{ForceColors: runtime.GOOS == "windows"}
-	return logger
-}
-
-func (f *JSONFormatter) Format(entry *logrus.Entry) ([]byte, error) {
-	data := make(logrus.Fields, len(entry.Data)+3)
-	for k, v := range entry.Data {
-		switch v := v.(type) {
-		case error:
-			// Otherwise errors are ignored by `encoding/json`
-			// https://github.com/sirupsen/logrus/issues/137
-			data[k] = v.Error()
-		default:
-			data[k] = v
-		}
-	}
-	prefixFieldClashes(data)
-
-	timestampFormat := f.TimestampFormat
-	if timestampFormat == "" {
-		timestampFormat = DefaultTimestampFormat
-	}
-
-	data["time"] = entry.Time.Format(timestampFormat)
-	data["message"] = entry.Message
-	data["level"] = entry.Level.String()
-
-	serialized, err := json.Marshal(data)
-	if err != nil {
-		return nil, fmt.Errorf("Failed to marshal fields to JSON, %v", err)
-	}
-	return append(serialized, '\n'), nil
-}
-
-// This is to not silently overwrite `time`, `msg` and `level` fields when
-// dumping it. If this code wasn't there doing:
-//
-//  logrus.WithField("level", 1).Info("hello")
-//
-// Would just silently drop the user provided level. Instead with this code
-// it'll logged as:
-//
-//  {"level": "info", "fields.level": 1, "msg": "hello", "time": "..."}
-//
-// It's not exported because it's still using Data in an opinionated way. It's to
-// avoid code duplication between the two default formatters.
-func prefixFieldClashes(data logrus.Fields) {
-	if t, ok := data["time"]; ok {
-		data["fields.time"] = t
-	}
-
-	if m, ok := data["msg"]; ok {
-		data["fields.msg"] = m
-	}
-
-	if l, ok := data["level"]; ok {
-		data["fields.level"] = l
-	}
-}
diff --git a/logger/create.go b/logger/create.go
new file mode 100644
index 00000000..58f7d603
--- /dev/null
+++ b/logger/create.go
@@ -0,0 +1,150 @@
+package logger
+
+import (
+	"fmt"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/alecthomas/units"
+)
+
+// Option is to encaspulate actions that will be called by Parse and run later to build an Options struct
+type Option func(*Options) error
+
+// Options is use to set logging configuration data
+type Options struct {
+	logFileDirectory        string
+	maxFileSize             units.Base2Bytes
+	maxFileCount            uint
+	terminalOutputDisabled  bool
+	supportedFileLevels     []Level
+	supportedTerminalLevels []Level
+}
+
+// DisableTerminal stops terminal output for the logger
+func DisableTerminal(disable bool) Option {
+	return func(c *Options) error {
+		c.terminalOutputDisabled = disable
+		return nil
+	}
+}
+
+// File sets a custom file to log events
+func File(path string, size units.Base2Bytes, count uint) Option {
+	return func(c *Options) error {
+		c.logFileDirectory = path
+		c.maxFileSize = size
+		c.maxFileCount = count
+		return nil
+	}
+}
+
+// DefaultFile configures the log options will the defaults
+func DefaultFile(directoryPath string) Option {
+	return func(c *Options) error {
+		size, err := units.ParseBase2Bytes("1MB")
+		if err != nil {
+			return err
+		}
+
+		c.logFileDirectory = directoryPath
+		c.maxFileSize = size
+		c.maxFileCount = 5
+		return nil
+	}
+}
+
+// SupportedFileLevels sets the supported logging levels for the log file
+func SupportedFileLevels(supported []Level) Option {
+	return func(c *Options) error {
+		c.supportedFileLevels = supported
+		return nil
+	}
+}
+
+// SupportedTerminalevels sets the supported logging levels for the terminal output
+func SupportedTerminalevels(supported []Level) Option {
+	return func(c *Options) error {
+		c.supportedTerminalLevels = supported
+		return nil
+	}
+}
+
+// LogLevelString sets the supported logging levels from a command line flag
+func LogLevelString(level string) Option {
+	return func(c *Options) error {
+		supported, err := ParseLevelString(level)
+		if err != nil {
+			return err
+		}
+		c.supportedFileLevels = supported
+		c.supportedTerminalLevels = supported
+		return nil
+	}
+}
+
+// Parse builds the Options struct so the caller knows what actions should be run
+func Parse(opts ...Option) (*Options, error) {
+	options := &Options{}
+	for _, opt := range opts {
+		if err := opt(options); err != nil {
+			return nil, err
+		}
+	}
+	return options, nil
+}
+
+// New setups a new logger based on the options.
+// The default behavior is to write to standard out
+func New(opts ...Option) (Service, error) {
+	config, err := Parse(opts...)
+
+	if err != nil {
+		return nil, err
+	}
+
+	l := NewOutputWriter(SharedWriteManager)
+	if config.logFileDirectory != "" {
+		l.Add(NewFileRollingWriter(config.logFileDirectory,
+			"cloudflared",
+			int64(config.maxFileSize),
+			config.maxFileCount),
+			NewDefaultFormatter(time.RFC3339Nano), config.supportedFileLevels...)
+	}
+
+	if !config.terminalOutputDisabled {
+		if len(config.supportedTerminalLevels) == 0 {
+			l.Add(os.Stdout, NewTerminalFormatter(""), InfoLevel)
+			l.Add(os.Stderr, NewTerminalFormatter(""), ErrorLevel, FatalLevel)
+		} else {
+			errLevels := []Level{}
+			outLevels := []Level{}
+			for _, level := range config.supportedTerminalLevels {
+				if level == ErrorLevel || level == FatalLevel {
+					errLevels = append(errLevels, level)
+				} else {
+					outLevels = append(outLevels, level)
+				}
+			}
+			l.Add(os.Stdout, NewTerminalFormatter(""), outLevels...)
+			l.Add(os.Stderr, NewTerminalFormatter(""), errLevels...)
+		}
+	}
+	return l, nil
+}
+
+// ParseLevelString returns the expected log levels based on the cmd flag
+func ParseLevelString(lvl string) ([]Level, error) {
+	switch strings.ToLower(lvl) {
+	case "fatal":
+		return []Level{FatalLevel}, nil
+	case "error":
+		return []Level{FatalLevel, ErrorLevel}, nil
+	case "info":
+		return []Level{FatalLevel, ErrorLevel, InfoLevel}, nil
+	case "debug":
+		return []Level{FatalLevel, ErrorLevel, InfoLevel, DebugLevel}, nil
+	}
+	return []Level{}, fmt.Errorf("not a valid log level: %q", lvl)
+}
diff --git a/logger/file_writer.go b/logger/file_writer.go
new file mode 100644
index 00000000..123c0b9e
--- /dev/null
+++ b/logger/file_writer.go
@@ -0,0 +1,105 @@
+package logger
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+)
+
+// FileRollingWriter maintains a set of log files numbered in order
+// to keep a subset of log data to ensure it doesn't grow pass defined limits
+type FileRollingWriter struct {
+	baseFileName string
+	directory    string
+	maxFileSize  int64
+	maxFileCount uint
+	fileHandle   *os.File
+}
+
+// NewFileRollingWriter creates a new rolling file writer.
+// directory is the working directory for the files
+// baseFileName is the log file name. This writer appends .log to the name for the file name
+// maxFileSize is the size in bytes of how large each file can be. Not a hard limit, general limit based after each write
+// maxFileCount is the number of rolled files to keep.
+func NewFileRollingWriter(directory, baseFileName string, maxFileSize int64, maxFileCount uint) *FileRollingWriter {
+	return &FileRollingWriter{
+		directory:    directory,
+		baseFileName: baseFileName,
+		maxFileSize:  maxFileSize,
+		maxFileCount: maxFileCount,
+	}
+}
+
+// Write is an implementation of io.writer the rolls the file once it reaches its max size
+// It is expected the caller to Write is doing so in a thread safe manner (as WriteManager does).
+func (w *FileRollingWriter) Write(p []byte) (n int, err error) {
+	logFile := buildPath(w.directory, w.baseFileName)
+	if w.fileHandle == nil {
+		h, err := os.OpenFile(logFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0664)
+		if err != nil {
+			return 0, err
+		}
+		w.fileHandle = h
+	}
+
+	// get size for rolling check
+	info, err := w.fileHandle.Stat()
+	if err != nil {
+		// failed to stat the file. Close the file handle and attempt to open a new handle on the next write
+		w.Close()
+		w.fileHandle = nil
+		return 0, err
+	}
+
+	// write to the file
+	written, err := w.fileHandle.Write(p)
+
+	// check if the file needs to be rolled
+	if err == nil && info.Size()+int64(written) > w.maxFileSize {
+		// close the file handle than do the renaming. A new one will be opened on the next write
+		w.Close()
+		w.rename(logFile, 1)
+	}
+
+	return written, err
+}
+
+// Close closes the file handle if it is open
+func (w *FileRollingWriter) Close() {
+	if w.fileHandle != nil {
+		w.fileHandle.Close()
+		w.fileHandle = nil
+	}
+}
+
+// rename is how the files are rolled. It works recursively to move the base log file to the rolled ones
+// e.g. cloudflared.log -> cloudflared-1.log,
+// but if cloudflared-1.log already exists, it is renamed to cloudflared-2.log,
+// then the other files move in to their postion
+func (w *FileRollingWriter) rename(sourcePath string, index uint) {
+	destinationPath := buildPath(w.directory, fmt.Sprintf("%s-%d", w.baseFileName, index))
+
+	// rolled to the max amount of files allowed on disk
+	if index >= w.maxFileCount {
+		os.Remove(destinationPath)
+	}
+
+	// if the rolled path already exist, rename it to cloudflared-2.log, then do this one.
+	// recursive call since the oldest one needs to be renamed, before the newer ones can be moved
+	if exists(destinationPath) {
+		w.rename(destinationPath, index+1)
+	}
+
+	os.Rename(sourcePath, destinationPath)
+}
+
+func buildPath(directory, fileName string) string {
+	return filepath.Join(directory, fileName+".log")
+}
+
+func exists(filePath string) bool {
+	if _, err := os.Stat(filePath); os.IsNotExist(err) {
+		return false
+	}
+	return true
+}
diff --git a/logger/file_writer_test.go b/logger/file_writer_test.go
new file mode 100644
index 00000000..5ceae609
--- /dev/null
+++ b/logger/file_writer_test.go
@@ -0,0 +1,56 @@
+package logger
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestFileWrite(t *testing.T) {
+	fileName := "test_file"
+	fileLog := fileName + ".log"
+	testData := []byte(string("hello Dalton, how are you doing?"))
+	defer func() {
+		os.Remove(fileLog)
+	}()
+
+	w := NewFileRollingWriter("", fileName, 1000, 2)
+	defer w.Close()
+
+	l, err := w.Write(testData)
+
+	assert.NoError(t, err)
+	assert.Equal(t, l, len(testData), "expected write length and data length to match")
+
+	d, err := ioutil.ReadFile(fileLog)
+	assert.FileExists(t, fileLog, "file doesn't exist at expected path")
+	assert.Equal(t, d, testData, "expected data in file to match test data")
+}
+
+func TestRolling(t *testing.T) {
+	fileName := "test_file"
+	firstFile := fileName + ".log"
+	secondFile := fileName + "-1.log"
+	thirdFile := fileName + "-2.log"
+
+	defer func() {
+		os.Remove(firstFile)
+		os.Remove(secondFile)
+		os.Remove(thirdFile)
+	}()
+
+	w := NewFileRollingWriter("", fileName, 1000, 2)
+	defer w.Close()
+
+	for i := 99; i >= 1; i-- {
+		testData := []byte(fmt.Sprintf("%d bottles of beer on the wall...", i))
+		w.Write(testData)
+	}
+	assert.FileExists(t, firstFile, "first file doesn't exist as expected")
+	assert.FileExists(t, secondFile, "second file doesn't exist as expected")
+	assert.FileExists(t, thirdFile, "third file doesn't exist as expected")
+	assert.False(t, exists(fileName+"-3.log"), "limited to two files and there is more")
+}
diff --git a/logger/formatter.go b/logger/formatter.go
new file mode 100644
index 00000000..bbcdbdff
--- /dev/null
+++ b/logger/formatter.go
@@ -0,0 +1,91 @@
+package logger
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/acmacalister/skittles"
+)
+
+// Level of logging
+type Level int
+
+const (
+	// InfoLevel is for standard log messages
+	InfoLevel Level = iota
+
+	// DebugLevel is for messages that are intended for purposes debugging only
+	DebugLevel
+
+	// ErrorLevel is for error message to indicte something has gone wrong
+	ErrorLevel
+
+	// FatalLevel is for error message that log and kill the program with an os.exit(1)
+	FatalLevel
+)
+
+// Formatter is the base interface for formatting logging messages before writing them out
+type Formatter interface {
+	Timestamp(Level, time.Time) string // format the timestamp string
+	Content(Level, string) string      // format content string (color for terminal, etc)
+}
+
+// DefaultFormatter writes a simple structure timestamp and the message per log line
+type DefaultFormatter struct {
+	format string
+}
+
+// NewDefaultFormatter creates the standard log formatter
+// format is the time format to use for timestamp formatting
+func NewDefaultFormatter(format string) Formatter {
+	return &DefaultFormatter{
+		format: format,
+	}
+}
+
+// Timestamp formats a log line timestamp with a brackets around them
+func (f *DefaultFormatter) Timestamp(l Level, d time.Time) string {
+	if f.format == "" {
+		return ""
+	}
+	return fmt.Sprintf("[%s]: ", d.Format(f.format))
+}
+
+// Content just writes the log line straight to the sources
+func (f *DefaultFormatter) Content(l Level, c string) string {
+	return c
+}
+
+// TerminalFormatter is setup for colored output
+type TerminalFormatter struct {
+	format string
+}
+
+// NewTerminalFormatter creates a Terminal formatter for colored output
+// format is the time format to use for timestamp formatting
+func NewTerminalFormatter(format string) Formatter {
+	return &TerminalFormatter{
+		format: format,
+	}
+}
+
+// Timestamp returns the log level with a matching color to the log type
+func (f *TerminalFormatter) Timestamp(l Level, d time.Time) string {
+	t := ""
+	switch l {
+	case InfoLevel:
+		t = skittles.Cyan("[INFO] ")
+	case ErrorLevel:
+		t = skittles.Red("[ERROR] ")
+	case DebugLevel:
+		t = skittles.Yellow("[DEBUG] ")
+	case FatalLevel:
+		t = skittles.Red("[FATAL] ")
+	}
+	return t
+}
+
+// Content just writes the log line straight to the sources
+func (f *TerminalFormatter) Content(l Level, c string) string {
+	return c
+}
diff --git a/logger/manager.go b/logger/manager.go
new file mode 100644
index 00000000..f044c181
--- /dev/null
+++ b/logger/manager.go
@@ -0,0 +1,59 @@
+package logger
+
+import "sync"
+
+// SharedWriteManager is a package level variable to allows multiple loggers to use the same write manager.
+// This is useful when multiple loggers will write to the same file to ensure they don't clobber each other.
+var SharedWriteManager = NewWriteManager()
+
+type writeData struct {
+	writeFunc func([]byte)
+	data      []byte
+}
+
+// WriteManager is a logging service that handles managing multiple writing streams
+type WriteManager struct {
+	shutdown  chan struct{}
+	writeChan chan writeData
+	writers   map[string]Service
+	wg        sync.WaitGroup
+}
+
+// NewWriteManager creates a write manager that implements OutputManager
+func NewWriteManager() OutputManager {
+	m := &WriteManager{
+		shutdown:  make(chan struct{}),
+		writeChan: make(chan writeData, 1000),
+	}
+
+	go m.run()
+	return m
+}
+
+// Append adds a message to the writer runloop
+func (m *WriteManager) Append(data []byte, callback func([]byte)) {
+	m.wg.Add(1)
+	m.writeChan <- writeData{data: data, writeFunc: callback}
+}
+
+// Shutdown stops the sync manager service
+func (m *WriteManager) Shutdown() {
+	m.wg.Wait()
+	close(m.shutdown)
+	close(m.writeChan)
+}
+
+// run is the main runloop that schedules log messages
+func (m *WriteManager) run() {
+	for {
+		select {
+		case event, ok := <-m.writeChan:
+			if ok {
+				event.writeFunc(event.data)
+				m.wg.Done()
+			}
+		case <-m.shutdown:
+			return
+		}
+	}
+}
diff --git a/logger/manager_test.go b/logger/manager_test.go
new file mode 100644
index 00000000..5cf9e7ba
--- /dev/null
+++ b/logger/manager_test.go
@@ -0,0 +1,18 @@
+package logger
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestWriteManger(t *testing.T) {
+	testData := []byte(string("hello Austin, how are you doing?"))
+	waitChan := make(chan []byte)
+	m := NewWriteManager()
+	m.Append(testData, func(b []byte) {
+		waitChan <- b
+	})
+	resp := <-waitChan
+	assert.Equal(t, testData, resp)
+}
diff --git a/logger/mock_manager.go b/logger/mock_manager.go
new file mode 100644
index 00000000..ea585577
--- /dev/null
+++ b/logger/mock_manager.go
@@ -0,0 +1,18 @@
+package logger
+
+// MockWriteManager does nothing and is provided for testing purposes
+type MockWriteManager struct {
+}
+
+// NewMockWriteManager creates an OutputManager that does nothing for testing purposes
+func NewMockWriteManager() OutputManager {
+	return &MockWriteManager{}
+}
+
+// Append is a mock stub
+func (m *MockWriteManager) Append(data []byte, callback func([]byte)) {
+}
+
+// Shutdown is a mock stub
+func (m *MockWriteManager) Shutdown() {
+}
diff --git a/logger/output.go b/logger/output.go
new file mode 100644
index 00000000..cdc7d195
--- /dev/null
+++ b/logger/output.go
@@ -0,0 +1,132 @@
+package logger
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"time"
+)
+
+// provided for testing
+var osExit = os.Exit
+
+// OutputManager is used to sync data of Output
+type OutputManager interface {
+	Append([]byte, func([]byte))
+	Shutdown()
+}
+
+// Service is the logging service that is either a group or single log writer
+type Service interface {
+	Error(message string)
+	Info(message string)
+	Debug(message string)
+	Fatal(message string)
+
+	Errorf(format string, args ...interface{})
+	Infof(format string, args ...interface{})
+	Debugf(format string, args ...interface{})
+	Fatalf(format string, args ...interface{})
+}
+
+type sourceGroup struct {
+	writer          io.Writer
+	formatter       Formatter
+	levelsSupported []Level
+}
+
+// OutputWriter is the standard logging implementation
+type OutputWriter struct {
+	groups     []sourceGroup
+	syncWriter OutputManager
+}
+
+// NewOutputWriter create a new logger
+func NewOutputWriter(syncWriter OutputManager) *OutputWriter {
+	return &OutputWriter{
+		syncWriter: syncWriter,
+		groups:     make([]sourceGroup, 0),
+	}
+}
+
+// Add a writer and formatter to output to
+func (s *OutputWriter) Add(writer io.Writer, formatter Formatter, levels ...Level) {
+	s.groups = append(s.groups, sourceGroup{writer: writer, formatter: formatter, levelsSupported: levels})
+}
+
+// Error writes an error to the logging sources
+func (s *OutputWriter) Error(message string) {
+	s.output(ErrorLevel, message)
+}
+
+// Info writes an info string to the logging sources
+func (s *OutputWriter) Info(message string) {
+	s.output(InfoLevel, message)
+}
+
+// Debug writes a debug string to the logging sources
+func (s *OutputWriter) Debug(message string) {
+	s.output(DebugLevel, message)
+}
+
+// Fatal writes a error string to the logging sources and runs does an os.exit()
+func (s *OutputWriter) Fatal(message string) {
+	s.output(FatalLevel, message)
+	s.syncWriter.Shutdown() // waits for the pending logging to finish
+	osExit(1)
+}
+
+// Errorf writes a formatted error to the logging sources
+func (s *OutputWriter) Errorf(format string, args ...interface{}) {
+	s.output(ErrorLevel, fmt.Sprintf(format, args...))
+}
+
+// Infof writes a formatted info statement to the logging sources
+func (s *OutputWriter) Infof(format string, args ...interface{}) {
+	s.output(InfoLevel, fmt.Sprintf(format, args...))
+}
+
+// Debugf writes a formatted debug statement to the logging sources
+func (s *OutputWriter) Debugf(format string, args ...interface{}) {
+	s.output(DebugLevel, fmt.Sprintf(format, args...))
+}
+
+// Fatalf writes a  writes a formatted error statement and runs does an os.exit()
+func (s *OutputWriter) Fatalf(format string, args ...interface{}) {
+	s.output(FatalLevel, fmt.Sprintf(format, args...))
+	s.syncWriter.Shutdown() // waits for the pending logging to finish
+	osExit(1)
+}
+
+// output does the actual write to the sync manager
+func (s *OutputWriter) output(l Level, content string) {
+	for _, group := range s.groups {
+		if isSupported(group, l) {
+			logLine := fmt.Sprintf("%s%s\n", group.formatter.Timestamp(l, time.Now()),
+				group.formatter.Content(l, content))
+			s.append(group, []byte(logLine))
+		}
+	}
+}
+
+func (s *OutputWriter) append(group sourceGroup, logLine []byte) {
+	s.syncWriter.Append(logLine, func(b []byte) {
+		group.writer.Write(b)
+	})
+}
+
+// isSupported checks if the log level is supported
+func isSupported(group sourceGroup, l Level) bool {
+	for _, level := range group.levelsSupported {
+		if l == level {
+			return true
+		}
+	}
+	return false
+}
+
+// Write implements io.Writer to support SetOutput of the log package
+func (s *OutputWriter) Write(p []byte) (n int, err error) {
+	s.Info(string(p))
+	return len(p), nil
+}
diff --git a/logger/output_test.go b/logger/output_test.go
new file mode 100644
index 00000000..02b68dcb
--- /dev/null
+++ b/logger/output_test.go
@@ -0,0 +1,104 @@
+package logger
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestLogLevel(t *testing.T) {
+	timeFormat := "2006-01-02"
+	f := NewDefaultFormatter(timeFormat)
+	m := NewWriteManager()
+
+	var testBuffer bytes.Buffer
+	logger := NewOutputWriter(m)
+	logger.Add(&testBuffer, f, InfoLevel, DebugLevel)
+
+	testTime := f.Timestamp(InfoLevel, time.Now())
+
+	testInfo := "hello Dalton, how are you doing?"
+	logger.Info(testInfo)
+
+	tesErr := "hello Austin, how did it break today?"
+	logger.Error(tesErr)
+
+	testDebug := "hello Bill, who are you?"
+	logger.Debug(testDebug)
+
+	m.Shutdown()
+
+	lines := strings.Split(testBuffer.String(), "\n")
+	assert.Len(t, lines, 3, "only expected two strings in the buffer")
+
+	infoLine := lines[0]
+	debugLine := lines[1]
+
+	compareInfo := fmt.Sprintf("%s%s", testTime, testInfo)
+	assert.Equal(t, compareInfo, infoLine, "expect the strings to match")
+
+	compareDebug := fmt.Sprintf("%s%s", testTime, testDebug)
+	assert.Equal(t, compareDebug, debugLine, "expect the strings to match")
+}
+
+func TestOutputWrite(t *testing.T) {
+	timeFormat := "2006-01-02"
+	f := NewDefaultFormatter(timeFormat)
+	m := NewWriteManager()
+
+	var testBuffer bytes.Buffer
+	logger := NewOutputWriter(m)
+	logger.Add(&testBuffer, f, InfoLevel)
+
+	testData := "hello Bob Bork, how are you doing?"
+	logger.Info(testData)
+	testTime := f.Timestamp(InfoLevel, time.Now())
+
+	m.Shutdown()
+
+	scanner := bufio.NewScanner(&testBuffer)
+	scanner.Scan()
+	line := scanner.Text()
+	assert.NoError(t, scanner.Err())
+
+	compareLine := fmt.Sprintf("%s%s", testTime, testData)
+	assert.Equal(t, compareLine, line, "expect the strings to match")
+}
+
+func TestFatalWrite(t *testing.T) {
+	timeFormat := "2006-01-02"
+	f := NewDefaultFormatter(timeFormat)
+	m := NewWriteManager()
+
+	var testBuffer bytes.Buffer
+	logger := NewOutputWriter(m)
+	logger.Add(&testBuffer, f, FatalLevel)
+
+	oldOsExit := osExit
+	defer func() { osExit = oldOsExit }()
+
+	var got int
+	myExit := func(code int) {
+		got = code
+	}
+
+	osExit = myExit
+
+	testData := "so long y'all"
+	logger.Fatal(testData)
+	testTime := f.Timestamp(FatalLevel, time.Now())
+
+	scanner := bufio.NewScanner(&testBuffer)
+	scanner.Scan()
+	line := scanner.Text()
+	assert.NoError(t, scanner.Err())
+
+	compareLine := fmt.Sprintf("%s%s", testTime, testData)
+	assert.Equal(t, compareLine, line, "expect the strings to match")
+	assert.Equal(t, got, 1, "exit code should be one for a fatal log")
+}
diff --git a/metrics/metrics.go b/metrics/metrics.go
index 89510d07..c28d6013 100644
--- a/metrics/metrics.go
+++ b/metrics/metrics.go
@@ -12,9 +12,9 @@ import (
 
 	"golang.org/x/net/trace"
 
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
-	"github.com/sirupsen/logrus"
 )
 
 const (
@@ -22,7 +22,7 @@ const (
 	startupTime     = time.Millisecond * 500
 )
 
-func ServeMetrics(l net.Listener, shutdownC <-chan struct{}, logger *logrus.Logger) (err error) {
+func ServeMetrics(l net.Listener, shutdownC <-chan struct{}, logger logger.Service) (err error) {
 	var wg sync.WaitGroup
 	// Metrics port is privileged, so no need for further access control
 	trace.AuthRequest = func(*http.Request) (bool, bool) { return true, true }
@@ -43,7 +43,7 @@ func ServeMetrics(l net.Listener, shutdownC <-chan struct{}, logger *logrus.Logg
 		defer wg.Done()
 		err = server.Serve(l)
 	}()
-	logger.WithField("addr", fmt.Sprintf("%v/metrics", l.Addr())).Info("Starting metrics server")
+	logger.Infof("Starting metrics server on %s", fmt.Sprintf("%v/metrics", l.Addr()))
 	// server.Serve will hang if server.Shutdown is called before the server is
 	// fully started up. So add artificial delay.
 	time.Sleep(startupTime)
@@ -58,7 +58,7 @@ func ServeMetrics(l net.Listener, shutdownC <-chan struct{}, logger *logrus.Logg
 		logger.Info("Metrics server stopped")
 		return nil
 	}
-	logger.WithError(err).Error("Metrics server quit with error")
+	logger.Errorf("Metrics server quit with error: %s", err)
 	return err
 }
 
diff --git a/origin/supervisor.go b/origin/supervisor.go
index cd21b57f..b3c680f9 100644
--- a/origin/supervisor.go
+++ b/origin/supervisor.go
@@ -9,12 +9,12 @@ import (
 	"time"
 
 	"github.com/google/uuid"
-	"github.com/sirupsen/logrus"
 
 	"github.com/cloudflare/cloudflared/buffer"
 	"github.com/cloudflare/cloudflared/connection"
 	"github.com/cloudflare/cloudflared/edgediscovery"
 	"github.com/cloudflare/cloudflared/h2mux"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/signal"
 	tunnelpogs "github.com/cloudflare/cloudflared/tunnelrpc/pogs"
 )
@@ -56,7 +56,7 @@ type Supervisor struct {
 	nextConnectedIndex  int
 	nextConnectedSignal chan struct{}
 
-	logger *logrus.Entry
+	logger logger.Service
 
 	jwtLock sync.RWMutex
 	jwt     []byte
@@ -99,7 +99,7 @@ func NewSupervisor(config *TunnelConfig, u uuid.UUID) (*Supervisor, error) {
 		edgeIPs:           edgeIPs,
 		tunnelErrors:      make(chan tunnelError),
 		tunnelsConnecting: map[int]chan struct{}{},
-		logger:            config.Logger.WithField("subsystem", "supervisor"),
+		logger:            config.Logger,
 		connDigest:        make(map[uint8][]byte),
 		bufferPool:        buffer.NewPool(512 * 1024),
 	}, nil
@@ -123,7 +123,7 @@ func (s *Supervisor) Run(ctx context.Context, connectedSignal *signal.Signal, re
 		if timer, err := s.refreshAuth(ctx, refreshAuthBackoff, s.authenticate); err == nil {
 			refreshAuthBackoffTimer = timer
 		} else {
-			logger.WithError(err).Errorf("initial refreshAuth failed, retrying in %v", refreshAuthRetryDuration)
+			logger.Errorf("supervisor: initial refreshAuth failed, retrying in %v: %s", refreshAuthRetryDuration, err)
 			refreshAuthBackoffTimer = time.After(refreshAuthRetryDuration)
 		}
 	}
@@ -142,7 +142,7 @@ func (s *Supervisor) Run(ctx context.Context, connectedSignal *signal.Signal, re
 		case tunnelError := <-s.tunnelErrors:
 			tunnelsActive--
 			if tunnelError.err != nil {
-				logger.WithError(tunnelError.err).Warn("Tunnel disconnected due to error")
+				logger.Infof("supervisor: Tunnel disconnected due to error: %s", tunnelError.err)
 				tunnelsWaiting = append(tunnelsWaiting, tunnelError.index)
 				s.waitForNextTunnel(tunnelError.index)
 
@@ -165,7 +165,7 @@ func (s *Supervisor) Run(ctx context.Context, connectedSignal *signal.Signal, re
 		case <-refreshAuthBackoffTimer:
 			newTimer, err := s.refreshAuth(ctx, refreshAuthBackoff, s.authenticate)
 			if err != nil {
-				logger.WithError(err).Error("Authentication failed")
+				logger.Errorf("supervisor: Authentication failed: %s", err)
 				// Permanent failure. Leave the `select` without setting the
 				// channel to be non-null, so we'll never hit this case of the `select` again.
 				continue
@@ -182,9 +182,9 @@ func (s *Supervisor) Run(ctx context.Context, connectedSignal *signal.Signal, re
 			s.lastResolve = time.Now()
 			s.resolverC = nil
 			if result.err == nil {
-				logger.Debug("Service discovery refresh complete")
+				logger.Debug("supervisor: Service discovery refresh complete")
 			} else {
-				logger.WithError(result.err).Error("Service discovery error")
+				logger.Errorf("supervisor: Service discovery error: %s", result.err)
 			}
 		}
 	}
@@ -197,7 +197,7 @@ func (s *Supervisor) initialize(ctx context.Context, connectedSignal *signal.Sig
 	s.lastResolve = time.Now()
 	availableAddrs := int(s.edgeIPs.AvailableAddrs())
 	if s.config.HAConnections > availableAddrs {
-		logger.Warnf("You requested %d HA connections but I can give you at most %d.", s.config.HAConnections, availableAddrs)
+		logger.Infof("You requested %d HA connections but I can give you at most %d.", s.config.HAConnections, availableAddrs)
 		s.config.HAConnections = availableAddrs
 	}
 
@@ -355,12 +355,12 @@ func (s *Supervisor) refreshAuth(
 	backoff *BackoffHandler,
 	authenticate func(ctx context.Context, numPreviousAttempts int) (tunnelpogs.AuthOutcome, error),
 ) (retryTimer <-chan time.Time, err error) {
-	logger := s.config.Logger.WithField("subsystem", subsystemRefreshAuth)
+	logger := s.config.Logger
 	authOutcome, err := authenticate(ctx, backoff.Retries())
 	if err != nil {
 		s.config.Metrics.authFail.WithLabelValues(err.Error()).Inc()
 		if duration, ok := backoff.GetBackoffDuration(ctx); ok {
-			logger.WithError(err).Warnf("Retrying in %v", duration)
+			logger.Debugf("refresh_auth: Retrying in %v: %s", duration, err)
 			return backoff.BackoffTimer(), nil
 		}
 		return nil, err
@@ -376,13 +376,13 @@ func (s *Supervisor) refreshAuth(
 	case tunnelpogs.AuthUnknown:
 		duration := outcome.RefreshAfter()
 		s.config.Metrics.authFail.WithLabelValues(outcome.Error()).Inc()
-		logger.WithError(outcome).Warnf("Retrying in %v", duration)
+		logger.Debugf("refresh_auth: Retrying in %v: %s", duration, outcome)
 		return timeAfter(duration), nil
 	case tunnelpogs.AuthFail:
 		s.config.Metrics.authFail.WithLabelValues(outcome.Error()).Inc()
 		return nil, outcome
 	default:
-		err := fmt.Errorf("Unexpected outcome type %T", authOutcome)
+		err := fmt.Errorf("refresh_auth: Unexpected outcome type %T", authOutcome)
 		s.config.Metrics.authFail.WithLabelValues(err.Error()).Inc()
 		return nil, err
 	}
@@ -405,7 +405,6 @@ func (s *Supervisor) authenticate(ctx context.Context, numPreviousAttempts int)
 		return nil // noop
 	})
 	muxerConfig := s.config.muxerConfig(handler)
-	muxerConfig.Logger = muxerConfig.Logger.WithField("subsystem", subsystemRefreshAuth)
 	muxer, err := h2mux.Handshake(edgeConn, edgeConn, muxerConfig, s.config.Metrics.activeStreams)
 	if err != nil {
 		return nil, err
@@ -417,7 +416,7 @@ func (s *Supervisor) authenticate(ctx context.Context, numPreviousAttempts int)
 		<-muxer.Shutdown()
 	}()
 
-	tunnelServer, err := connection.NewRPCClient(ctx, muxer, s.logger.WithField("subsystem", subsystemRefreshAuth), openStreamTimeout)
+	tunnelServer, err := connection.NewRPCClient(ctx, muxer, s.logger, openStreamTimeout)
 	if err != nil {
 		return nil, err
 	}
diff --git a/origin/supervisor_test.go b/origin/supervisor_test.go
index 5f031221..21eeec60 100644
--- a/origin/supervisor_test.go
+++ b/origin/supervisor_test.go
@@ -9,13 +9,13 @@ import (
 
 	"github.com/google/uuid"
 	"github.com/prometheus/client_golang/prometheus"
-	"github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 
+	"github.com/cloudflare/cloudflared/logger"
 	tunnelpogs "github.com/cloudflare/cloudflared/tunnelrpc/pogs"
 )
 
-func testConfig(logger *logrus.Logger) *TunnelConfig {
+func testConfig(logger logger.Service) *TunnelConfig {
 	metrics := TunnelMetrics{}
 
 	metrics.authSuccess = prometheus.NewCounter(
@@ -40,8 +40,7 @@ func testConfig(logger *logrus.Logger) *TunnelConfig {
 }
 
 func TestRefreshAuthBackoff(t *testing.T) {
-	logger := logrus.New()
-	logger.Level = logrus.ErrorLevel
+	logger := logger.NewOutputWriter(logger.NewMockWriteManager())
 
 	var wait time.Duration
 	timeAfter = func(d time.Duration) <-chan time.Time {
@@ -85,8 +84,7 @@ func TestRefreshAuthBackoff(t *testing.T) {
 }
 
 func TestRefreshAuthSuccess(t *testing.T) {
-	logger := logrus.New()
-	logger.Level = logrus.ErrorLevel
+	logger := logger.NewOutputWriter(logger.NewMockWriteManager())
 
 	var wait time.Duration
 	timeAfter = func(d time.Duration) <-chan time.Time {
@@ -114,8 +112,7 @@ func TestRefreshAuthSuccess(t *testing.T) {
 }
 
 func TestRefreshAuthUnknown(t *testing.T) {
-	logger := logrus.New()
-	logger.Level = logrus.ErrorLevel
+	logger := logger.NewOutputWriter(logger.NewMockWriteManager())
 
 	var wait time.Duration
 	timeAfter = func(d time.Duration) <-chan time.Time {
@@ -143,8 +140,7 @@ func TestRefreshAuthUnknown(t *testing.T) {
 }
 
 func TestRefreshAuthFail(t *testing.T) {
-	logger := logrus.New()
-	logger.Level = logrus.ErrorLevel
+	logger := logger.NewOutputWriter(logger.NewMockWriteManager())
 
 	s, err := NewSupervisor(testConfig(logger), uuid.New())
 	if !assert.NoError(t, err) {
diff --git a/origin/tunnel.go b/origin/tunnel.go
index 42db204b..a68dedc0 100644
--- a/origin/tunnel.go
+++ b/origin/tunnel.go
@@ -17,13 +17,13 @@ import (
 	"github.com/google/uuid"
 	"github.com/pkg/errors"
 	"github.com/prometheus/client_golang/prometheus"
-	log "github.com/sirupsen/logrus"
 	"golang.org/x/sync/errgroup"
 
 	"github.com/cloudflare/cloudflared/buffer"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/buildinfo"
 	"github.com/cloudflare/cloudflared/connection"
 	"github.com/cloudflare/cloudflared/h2mux"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/signal"
 	"github.com/cloudflare/cloudflared/streamhandler"
 	"github.com/cloudflare/cloudflared/tunnelrpc"
@@ -68,7 +68,8 @@ type TunnelConfig struct {
 	IsAutoupdated        bool
 	IsFreeTunnel         bool
 	LBPool               string
-	Logger               *log.Logger
+	Logger               logger.Service
+	TransportLogger      logger.Service
 	MaxHeartbeats        uint64
 	Metrics              *TunnelMetrics
 	MetricsUpdateFreq    time.Duration
@@ -79,7 +80,6 @@ type TunnelConfig struct {
 	RunFromTerminal      bool
 	Tags                 []tunnelpogs.Tag
 	TlsConfig            *tls.Config
-	TransportLogger      *log.Logger
 	UseDeclarativeTunnel bool
 	WSGI                 bool
 	// OriginUrl may not be used if a user specifies a unix socket.
@@ -144,7 +144,7 @@ func (c *TunnelConfig) muxerConfig(handler h2mux.MuxedStreamHandler) h2mux.Muxer
 		IsClient:           true,
 		HeartbeatInterval:  c.HeartbeatInterval,
 		MaxHeartbeats:      c.MaxHeartbeats,
-		Logger:             c.TransportLogger.WithFields(log.Fields{}),
+		Logger:             c.TransportLogger,
 		CompressionQuality: h2mux.CompressionSetting(c.CompressionQuality),
 	}
 }
@@ -197,7 +197,6 @@ func ServeTunnelLoop(ctx context.Context,
 	bufferPool *buffer.Pool,
 	reconnectCh chan ReconnectSignal,
 ) error {
-	connectionLogger := config.Logger.WithField("connectionID", connectionID)
 	config.Metrics.incrementHaConnections()
 	defer config.Metrics.decrementHaConnections()
 	backoff := BackoffHandler{MaxRetries: config.Retries}
@@ -214,7 +213,7 @@ func ServeTunnelLoop(ctx context.Context,
 			ctx,
 			credentialManager,
 			config,
-			connectionLogger,
+			config.Logger,
 			addr, connectionID,
 			connectedFuse,
 			&backoff,
@@ -224,7 +223,7 @@ func ServeTunnelLoop(ctx context.Context,
 		)
 		if recoverable {
 			if duration, ok := backoff.GetBackoffDuration(ctx); ok {
-				connectionLogger.Infof("Retrying in %s seconds", duration)
+				config.Logger.Infof("Retrying in %s seconds: connectionID: %d", duration, connectionID)
 				backoff.Backoff(ctx)
 				continue
 			}
@@ -237,7 +236,7 @@ func ServeTunnel(
 	ctx context.Context,
 	credentialManager ReconnectTunnelCredentialManager,
 	config *TunnelConfig,
-	logger *log.Entry,
+	logger logger.Service,
 	addr *net.TCPAddr,
 	connectionID uint8,
 	connectedFuse *h2mux.BooleanFuse,
@@ -267,14 +266,13 @@ func ServeTunnel(
 	// Returns error from parsing the origin URL or handshake errors
 	handler, originLocalIP, err := NewTunnelHandler(ctx, config, addr, connectionID, bufferPool)
 	if err != nil {
-		errLog := logger.WithError(err)
 		switch err.(type) {
 		case connection.DialError:
-			errLog.Error("Unable to dial edge")
+			logger.Errorf("Unable to dial edge: %s connectionID: %d", err, connectionID)
 		case h2mux.MuxerHandshakeError:
-			errLog.Error("Handshake failed with edge server")
+			logger.Errorf("Handshake failed with edge server: %s connectionID: %d", err, connectionID)
 		default:
-			errLog.Error("Tunnel creation failure")
+			logger.Errorf("Tunnel creation failure: %s connectionID: %d", err, connectionID)
 			return err, false
 		}
 		return err, true
@@ -307,10 +305,10 @@ func ServeTunnel(
 			}
 			// log errors and proceed to RegisterTunnel
 			if tokenErr != nil {
-				logger.WithError(tokenErr).Error("Couldn't get reconnect token")
+				logger.Errorf("Couldn't get reconnect token: %s", tokenErr)
 			}
 			if eventDigestErr != nil {
-				logger.WithError(eventDigestErr).Error("Couldn't get event digest")
+				logger.Errorf("Couldn't get event digest: %s", eventDigestErr)
 			}
 		}
 		return RegisterTunnel(serveCtx, credentialManager, handler.muxer, config, logger, connectionID, originLocalIP, u)
@@ -365,7 +363,7 @@ func ServeTunnel(
 			logger.Info("Already connected to this server, selecting a different one")
 			return err, true
 		case serverRegisterTunnelError:
-			logger.WithError(castedErr.cause).Error("Register tunnel error from server side")
+			logger.Errorf("Register tunnel error from server side: %s", castedErr.cause)
 			// Don't send registration error return from server to Sentry. They are
 			// logged on server side
 			if incidents := config.IncidentLookup.ActiveIncidents(); len(incidents) > 0 {
@@ -373,17 +371,17 @@ func ServeTunnel(
 			}
 			return castedErr.cause, !castedErr.permanent
 		case clientRegisterTunnelError:
-			logger.WithError(castedErr.cause).Error("Register tunnel error on client side")
+			logger.Errorf("Register tunnel error on client side: %s", castedErr.cause)
 			return err, true
 		case muxerShutdownError:
 			logger.Info("Muxer shutdown")
 			return err, true
 		case *ReconnectSignal:
-			logger.Warnf("Restarting due to reconnect signal in %d seconds", castedErr.Delay)
+			logger.Infof("Restarting due to reconnect signal in %d seconds", castedErr.Delay)
 			castedErr.DelayBeforeReconnect()
 			return err, true
 		default:
-			logger.WithError(err).Error("Serve tunnel error")
+			logger.Errorf("Serve tunnel error: %s", err)
 			return err, true
 		}
 	}
@@ -395,13 +393,13 @@ func RegisterTunnel(
 	credentialManager ReconnectTunnelCredentialManager,
 	muxer *h2mux.Muxer,
 	config *TunnelConfig,
-	logger *log.Entry,
+	logger logger.Service,
 	connectionID uint8,
 	originLocalIP string,
 	uuid uuid.UUID,
 ) error {
 	config.TransportLogger.Debug("initiating RPC stream to register")
-	tunnelServer, err := connection.NewRPCClient(ctx, muxer, config.TransportLogger.WithField("subsystem", "rpc-register"), openStreamTimeout)
+	tunnelServer, err := connection.NewRPCClient(ctx, muxer, config.TransportLogger, openStreamTimeout)
 	if err != nil {
 		// RPC stream open error
 		return newClientRegisterTunnelError(err, config.Metrics.rpcFail, register)
@@ -432,14 +430,14 @@ func ReconnectTunnel(
 	eventDigest, connDigest []byte,
 	muxer *h2mux.Muxer,
 	config *TunnelConfig,
-	logger *log.Entry,
+	logger logger.Service,
 	connectionID uint8,
 	originLocalIP string,
 	uuid uuid.UUID,
 	credentialManager ReconnectTunnelCredentialManager,
 ) error {
 	config.TransportLogger.Debug("initiating RPC stream to reconnect")
-	tunnelServer, err := connection.NewRPCClient(ctx, muxer, config.TransportLogger.WithField("subsystem", "rpc-reconnect"), openStreamTimeout)
+	tunnelServer, err := connection.NewRPCClient(ctx, muxer, config.TransportLogger, openStreamTimeout)
 	if err != nil {
 		// RPC stream open error
 		return newClientRegisterTunnelError(err, config.Metrics.rpcFail, reconnect)
@@ -467,7 +465,7 @@ func ReconnectTunnel(
 
 func processRegistrationSuccess(
 	config *TunnelConfig,
-	logger *log.Entry,
+	logger logger.Service,
 	connectionID uint8,
 	registration *tunnelpogs.TunnelRegistration,
 	name registerRPCName,
@@ -486,10 +484,10 @@ func processRegistrationSuccess(
 	if isTrialTunnel := config.Hostname == ""; isTrialTunnel {
 		if url, err := url.Parse(registration.Url); err == nil {
 			for _, line := range asciiBox(trialZoneMsg(url.String()), 2) {
-				logger.Infoln(line)
+				logger.Info(line)
 			}
 		} else {
-			logger.Errorln("Failed to connect tunnel, please try again.")
+			logger.Error("Failed to connect tunnel, please try again.")
 			return fmt.Errorf("empty URL in response from Cloudflare edge")
 		}
 	}
@@ -514,10 +512,10 @@ func processRegisterTunnelError(err tunnelpogs.TunnelRegistrationError, metrics
 	}
 }
 
-func UnregisterTunnel(muxer *h2mux.Muxer, gracePeriod time.Duration, logger *log.Logger) error {
+func UnregisterTunnel(muxer *h2mux.Muxer, gracePeriod time.Duration, logger logger.Service) error {
 	logger.Debug("initiating RPC stream to unregister")
 	ctx := context.Background()
-	tunnelServer, err := connection.NewRPCClient(ctx, muxer, logger.WithField("subsystem", "rpc-unregister"), openStreamTimeout)
+	tunnelServer, err := connection.NewRPCClient(ctx, muxer, logger, openStreamTimeout)
 	if err != nil {
 		// RPC stream open error
 		return err
@@ -532,16 +530,16 @@ func LogServerInfo(
 	promise tunnelrpc.ServerInfo_Promise,
 	connectionID uint8,
 	metrics *TunnelMetrics,
-	logger *log.Entry,
+	logger logger.Service,
 ) {
 	serverInfoMessage, err := promise.Struct()
 	if err != nil {
-		logger.WithError(err).Warn("Failed to retrieve server information")
+		logger.Errorf("Failed to retrieve server information: %s", err)
 		return
 	}
 	serverInfo, err := tunnelpogs.UnmarshalServerInfo(serverInfoMessage)
 	if err != nil {
-		logger.WithError(err).Warn("Failed to retrieve server information")
+		logger.Errorf("Failed to retrieve server information: %s", err)
 		return
 	}
 	logger.Infof("Connected to %s", serverInfo.LocationName)
@@ -558,7 +556,7 @@ type TunnelHandler struct {
 	metrics        *TunnelMetrics
 	// connectionID is only used by metrics, and prometheus requires labels to be string
 	connectionID      string
-	logger            *log.Logger
+	logger            logger.Service
 	noChunkedEncoding bool
 
 	bufferPool *buffer.Pool
@@ -736,7 +734,7 @@ func (h *TunnelHandler) isEventStream(response *http.Response) bool {
 }
 
 func (h *TunnelHandler) writeErrorResponse(stream *h2mux.MuxedStream, err error) {
-	h.logger.WithError(err).Error("HTTP request error")
+	h.logger.Errorf("HTTP request error: %s", err)
 	stream.WriteHeaders([]h2mux.Header{
 		{Name: ":status", Value: "502"},
 		h2mux.CreateResponseMetaHeader(h2mux.ResponseMetaHeaderField, h2mux.ResponseSourceCloudflared),
@@ -746,41 +744,39 @@ func (h *TunnelHandler) writeErrorResponse(stream *h2mux.MuxedStream, err error)
 }
 
 func (h *TunnelHandler) logRequest(req *http.Request, cfRay string, lbProbe bool) {
-	logger := log.NewEntry(h.logger)
+	logger := h.logger
 	if cfRay != "" {
-		logger = logger.WithField("CF-RAY", cfRay)
-		logger.Debugf("%s %s %s", req.Method, req.URL, req.Proto)
+		logger.Debugf("CF-RAY: %s %s %s %s", cfRay, req.Method, req.URL, req.Proto)
 	} else if lbProbe {
-		logger.Debugf("Load Balancer health check %s %s %s", req.Method, req.URL, req.Proto)
+		logger.Debugf("CF-RAY: %s Load Balancer health check %s %s %s", cfRay, req.Method, req.URL, req.Proto)
 	} else {
-		logger.Warnf("All requests should have a CF-RAY header. Please open a support ticket with Cloudflare. %s %s %s ", req.Method, req.URL, req.Proto)
+		logger.Infof("CF-RAY: %s All requests should have a CF-RAY header. Please open a support ticket with Cloudflare. %s %s %s ", cfRay, req.Method, req.URL, req.Proto)
 	}
-	logger.Debugf("Request Headers %+v", req.Header)
+	logger.Debugf("CF-RAY: %s Request Headers %+v", cfRay, req.Header)
 
 	if contentLen := req.ContentLength; contentLen == -1 {
-		logger.Debugf("Request Content length unknown")
+		logger.Debugf("CF-RAY: %s Request Content length unknown", cfRay)
 	} else {
-		logger.Debugf("Request content length %d", contentLen)
+		logger.Debugf("CF-RAY: %s Request content length %d", cfRay, contentLen)
 	}
 }
 
 func (h *TunnelHandler) logResponseOk(r *http.Response, cfRay string, lbProbe bool) {
 	h.metrics.incrementResponses(h.connectionID, "200")
-	logger := log.NewEntry(h.logger)
+	logger := h.logger
 	if cfRay != "" {
-		logger = logger.WithField("CF-RAY", cfRay)
-		logger.Debugf("%s", r.Status)
+		logger.Debugf("CF-RAY: %s %s", cfRay, r.Status)
 	} else if lbProbe {
 		logger.Debugf("Response to Load Balancer health check %s", r.Status)
 	} else {
 		logger.Infof("%s", r.Status)
 	}
-	logger.Debugf("Response Headers %+v", r.Header)
+	logger.Debugf("CF-RAY: %s Response Headers %+v", cfRay, r.Header)
 
 	if contentLen := r.ContentLength; contentLen == -1 {
-		logger.Debugf("Response content length unknown")
+		logger.Debugf("CF-RAY: %s Response content length unknown", cfRay)
 	} else {
-		logger.Debugf("Response content length %d", contentLen)
+		logger.Debugf("CF-RAY: %s Response content length %d", cfRay, contentLen)
 	}
 }
 
diff --git a/originservice/originservice.go b/originservice/originservice.go
index 6f363c30..97fa69ef 100644
--- a/originservice/originservice.go
+++ b/originservice/originservice.go
@@ -15,7 +15,7 @@ import (
 	"github.com/cloudflare/cloudflared/buffer"
 	"github.com/cloudflare/cloudflared/h2mux"
 	"github.com/cloudflare/cloudflared/hello"
-	"github.com/cloudflare/cloudflared/log"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/websocket"
 	"github.com/pkg/errors"
 )
@@ -101,14 +101,14 @@ type WebsocketService struct {
 	shutdownC chan struct{}
 }
 
-func NewWebSocketService(tlsConfig *tls.Config, url *url.URL) (OriginService, error) {
+func NewWebSocketService(tlsConfig *tls.Config, url *url.URL, logger logger.Service) (OriginService, error) {
 	listener, err := net.Listen("tcp", "127.0.0.1:")
 	if err != nil {
 		return nil, errors.Wrap(err, "cannot start Websocket Proxy Server")
 	}
 	shutdownC := make(chan struct{})
 	go func() {
-		websocket.StartProxyServer(log.CreateLogger(), listener, url.String(), shutdownC, websocket.DefaultStreamHandler)
+		websocket.StartProxyServer(logger, listener, url.String(), shutdownC, websocket.DefaultStreamHandler)
 	}()
 	return &WebsocketService{
 		tlsConfig: tlsConfig,
@@ -157,14 +157,14 @@ type HelloWorldService struct {
 	bufferPool *buffer.Pool
 }
 
-func NewHelloWorldService(transport http.RoundTripper) (OriginService, error) {
+func NewHelloWorldService(transport http.RoundTripper, logger logger.Service) (OriginService, error) {
 	listener, err := hello.CreateTLSListener("127.0.0.1:")
 	if err != nil {
 		return nil, errors.Wrap(err, "cannot start Hello World Server")
 	}
 	shutdownC := make(chan struct{})
 	go func() {
-		hello.StartHelloWorldServer(log.CreateLogger(), listener, shutdownC)
+		hello.StartHelloWorldServer(logger, listener, shutdownC)
 	}()
 	return &HelloWorldService{
 		client:   transport,
diff --git a/sshlog/empty_manager.go b/sshlog/empty_manager.go
index bd9f3137..e95825e6 100644
--- a/sshlog/empty_manager.go
+++ b/sshlog/empty_manager.go
@@ -3,7 +3,7 @@ package sshlog
 import (
 	"io"
 
-	"github.com/sirupsen/logrus"
+	"github.com/cloudflare/cloudflared/logger"
 )
 
 //empty manager implements the Manager but does nothing (for testing and to disable logging unless the logs are set)
@@ -18,11 +18,11 @@ func NewEmptyManager() Manager {
 	return &emptyManager{}
 }
 
-func (m *emptyManager) NewLogger(name string, logger *logrus.Logger) (io.WriteCloser, error) {
+func (m *emptyManager) NewLogger(name string, logger logger.Service) (io.WriteCloser, error) {
 	return &emptyWriteCloser{}, nil
 }
 
-func (m *emptyManager) NewSessionLogger(name string, logger *logrus.Logger) (io.WriteCloser, error) {
+func (m *emptyManager) NewSessionLogger(name string, logger logger.Service) (io.WriteCloser, error) {
 	return &emptyWriteCloser{}, nil
 }
 
diff --git a/sshlog/logger.go b/sshlog/logger.go
index 96742c22..b62f87b3 100644
--- a/sshlog/logger.go
+++ b/sshlog/logger.go
@@ -9,7 +9,7 @@ import (
 	"sync"
 	"time"
 
-	"github.com/sirupsen/logrus"
+	"github.com/cloudflare/cloudflared/logger"
 )
 
 const (
@@ -24,7 +24,7 @@ type Logger struct {
 	filename      string
 	file          *os.File
 	writeBuffer   *bufio.Writer
-	logger        *logrus.Logger
+	logger        logger.Service
 	flushInterval time.Duration
 	maxFileSize   int64
 	done          chan struct{}
@@ -35,10 +35,10 @@ type Logger struct {
 // drained and closed when the caller is finished, so instances should call
 // Close when finished with this Logger instance. Writes will be flushed to disk
 // every second (fsync). filename is the name of the logfile to be created. The
-// logger variable is a logrus that will log all i/o, filesystem error etc, that
+// logger variable is a logger service that will log all i/o, filesystem error etc, that
 // that shouldn't end execution of the logger, but are useful to report to the
 // caller.
-func NewLogger(filename string, logger *logrus.Logger, flushInterval time.Duration, maxFileSize int64) (*Logger, error) {
+func NewLogger(filename string, logger logger.Service, flushInterval time.Duration, maxFileSize int64) (*Logger, error) {
 	if logger == nil {
 		return nil, errors.New("logger can't be nil")
 	}
@@ -87,7 +87,7 @@ func (l *Logger) writer() {
 		select {
 		case <-ticker.C:
 			if err := l.write(); err != nil {
-				l.logger.Errorln(err)
+				l.logger.Errorf("%s", err)
 			}
 		case <-l.done:
 			return
diff --git a/sshlog/logger_test.go b/sshlog/logger_test.go
index 4e08a504..061b9e33 100644
--- a/sshlog/logger_test.go
+++ b/sshlog/logger_test.go
@@ -8,20 +8,21 @@ import (
 	"testing"
 	"time"
 
-	"github.com/sirupsen/logrus"
+	"github.com/cloudflare/cloudflared/logger"
 )
 
 const logFileName = "test-logger.log"
 
 func createLogger(t *testing.T) *Logger {
 	os.Remove(logFileName)
-	l := logrus.New()
+	l := logger.NewOutputWriter(logger.NewMockWriteManager())
 	logger, err := NewLogger(logFileName, l, time.Millisecond, 1024)
 	if err != nil {
 		t.Fatal("couldn't create the logger!", err)
 	}
 	return logger
 }
+
 // AUTH-2115 TODO: fix this test
 //func TestWrite(t *testing.T) {
 //	testStr := "hi"
diff --git a/sshlog/manager.go b/sshlog/manager.go
index 3178eb03..c3045287 100644
--- a/sshlog/manager.go
+++ b/sshlog/manager.go
@@ -5,13 +5,13 @@ import (
 	"path/filepath"
 	"time"
 
-	"github.com/sirupsen/logrus"
+	"github.com/cloudflare/cloudflared/logger"
 )
 
 // Manager be managing logs bruh
 type Manager interface {
-	NewLogger(string, *logrus.Logger) (io.WriteCloser, error)
-	NewSessionLogger(string, *logrus.Logger) (io.WriteCloser, error)
+	NewLogger(string, logger.Service) (io.WriteCloser, error)
+	NewSessionLogger(string, logger.Service) (io.WriteCloser, error)
 }
 
 type manager struct {
@@ -25,10 +25,10 @@ func New(baseDirectory string) Manager {
 	}
 }
 
-func (m *manager) NewLogger(name string, logger *logrus.Logger) (io.WriteCloser, error) {
+func (m *manager) NewLogger(name string, logger logger.Service) (io.WriteCloser, error) {
 	return NewLogger(filepath.Join(m.baseDirectory, name), logger, time.Second, defaultFileSizeLimit)
 }
 
-func (m *manager) NewSessionLogger(name string, logger *logrus.Logger) (io.WriteCloser, error) {
+func (m *manager) NewSessionLogger(name string, logger logger.Service) (io.WriteCloser, error) {
 	return NewSessionLogger(filepath.Join(m.baseDirectory, name), logger, time.Second, defaultFileSizeLimit)
 }
diff --git a/sshlog/session_logger.go b/sshlog/session_logger.go
index 19a6d3bc..1f4ab262 100644
--- a/sshlog/session_logger.go
+++ b/sshlog/session_logger.go
@@ -3,7 +3,7 @@ package sshlog
 import (
 	"time"
 
-	"github.com/sirupsen/logrus"
+	"github.com/cloudflare/cloudflared/logger"
 	capnp "zombiezen.com/go/capnproto2"
 	"zombiezen.com/go/capnproto2/pogs"
 )
@@ -20,7 +20,7 @@ type sessionLogData struct {
 }
 
 // NewSessionLogger creates a new session logger by encapsulating a Logger object and writing capnp encoded messages to it
-func NewSessionLogger(filename string, logger *logrus.Logger, flushInterval time.Duration, maxFileSize int64) (*SessionLogger, error) {
+func NewSessionLogger(filename string, logger logger.Service, flushInterval time.Duration, maxFileSize int64) (*SessionLogger, error) {
 	l, err := NewLogger(filename, logger, flushInterval, maxFileSize)
 	if err != nil {
 		return nil, err
diff --git a/sshlog/session_logger_test.go b/sshlog/session_logger_test.go
index ccda3fe7..35d0aecb 100644
--- a/sshlog/session_logger_test.go
+++ b/sshlog/session_logger_test.go
@@ -5,7 +5,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/sirupsen/logrus"
+	"github.com/cloudflare/cloudflared/logger"
 	capnp "zombiezen.com/go/capnproto2"
 )
 
@@ -13,7 +13,7 @@ const sessionLogFileName = "test-session-logger.log"
 
 func createSessionLogger(t *testing.T) *SessionLogger {
 	os.Remove(sessionLogFileName)
-	l := logrus.New()
+	l := logger.NewOutputWriter(logger.NewMockWriteManager())
 	logger, err := NewSessionLogger(sessionLogFileName, l, time.Millisecond, 1024)
 	if err != nil {
 		t.Fatal("couldn't create the logger!", err)
diff --git a/sshserver/host_keys.go b/sshserver/host_keys.go
index fcdf3582..8c16d013 100644
--- a/sshserver/host_keys.go
+++ b/sshserver/host_keys.go
@@ -19,8 +19,8 @@ import (
 )
 
 const (
-	rsaFilename       = "ssh_host_rsa_key"
-	ecdsaFilename     = "ssh_host_ecdsa_key"
+	rsaFilename   = "ssh_host_rsa_key"
+	ecdsaFilename = "ssh_host_ecdsa_key"
 )
 
 var defaultHostKeyDir = filepath.Join(".cloudflared", "host_keys")
@@ -68,7 +68,7 @@ func (s *SSHProxy) configureRSAKey(basePath string) error {
 			return err
 		}
 
-		s.logger.Debug("Created new RSA SSH host key: ", keyPath)
+		s.logger.Debugf("Created new RSA SSH host key: %s", keyPath)
 	}
 	if err := s.SetOption(ssh.HostKeyFile(keyPath)); err != nil {
 		return errors.Wrap(err, "Could not set SSH RSA host key")
@@ -98,7 +98,7 @@ func (s *SSHProxy) configureECDSAKey(basePath string) error {
 			return err
 		}
 
-		s.logger.Debug("Created new ECDSA SSH host key: ", keyPath)
+		s.logger.Debugf("Created new ECDSA SSH host key: %s", keyPath)
 	}
 	if err := s.SetOption(ssh.HostKeyFile(keyPath)); err != nil {
 		return errors.Wrap(err, "Could not set SSH ECDSA host key")
diff --git a/sshserver/sshserver_unix.go b/sshserver/sshserver_unix.go
index 8a5b9b2d..98f86e5c 100644
--- a/sshserver/sshserver_unix.go
+++ b/sshserver/sshserver_unix.go
@@ -15,12 +15,12 @@ import (
 	"strings"
 	"time"
 
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/sshgen"
 	"github.com/cloudflare/cloudflared/sshlog"
 	"github.com/gliderlabs/ssh"
 	"github.com/google/uuid"
 	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
 	gossh "golang.org/x/crypto/ssh"
 )
 
@@ -66,7 +66,7 @@ func (c sshConn) Close() error {
 type SSHProxy struct {
 	ssh.Server
 	hostname   string
-	logger     *logrus.Logger
+	logger     logger.Service
 	shutdownC  chan struct{}
 	caCert     ssh.PublicKey
 	logManager sshlog.Manager
@@ -78,7 +78,7 @@ type SSHPreamble struct {
 }
 
 // New creates a new SSHProxy and configures its host keys and authentication by the data provided
-func New(logManager sshlog.Manager, logger *logrus.Logger, version, localAddress, hostname, hostKeyDir string, shutdownC chan struct{}, idleTimeout, maxTimeout time.Duration) (*SSHProxy, error) {
+func New(logManager sshlog.Manager, logger logger.Service, version, localAddress, hostname, hostKeyDir string, shutdownC chan struct{}, idleTimeout, maxTimeout time.Duration) (*SSHProxy, error) {
 	sshProxy := SSHProxy{
 		hostname:   hostname,
 		logger:     logger,
@@ -112,7 +112,7 @@ func (s *SSHProxy) Start() error {
 	go func() {
 		<-s.shutdownC
 		if err := s.Close(); err != nil {
-			s.logger.WithError(err).Error("Cannot close SSH server")
+			s.logger.Errorf("Cannot close SSH server: %s", err)
 		}
 	}()
 
@@ -141,9 +141,9 @@ func (s *SSHProxy) connCallback(ctx ssh.Context, conn net.Conn) net.Conn {
 	preamble, err := s.readPreamble(conn)
 	if err != nil {
 		if netErr, ok := err.(net.Error); ok && netErr.Timeout() {
-			s.logger.Warn("Could not establish session. Client likely does not have --destination set and is using old-style ssh config")
+			s.logger.Info("Could not establish session. Client likely does not have --destination set and is using old-style ssh config")
 		} else if err != io.EOF {
-			s.logger.WithError(err).Error("failed to read SSH preamble")
+			s.logger.Errorf("failed to read SSH preamble: %s", err)
 		}
 		return nil
 	}
@@ -151,7 +151,7 @@ func (s *SSHProxy) connCallback(ctx ssh.Context, conn net.Conn) net.Conn {
 
 	logger, sessionID, err := s.auditLogger()
 	if err != nil {
-		s.logger.WithError(err).Error("failed to configure logger")
+		s.logger.Errorf("failed to configure logger: %s", err)
 		return nil
 	}
 	ctx.SetValue(sshContextEventLogger, logger)
@@ -175,14 +175,14 @@ func (s *SSHProxy) channelHandler(srv *ssh.Server, conn *gossh.ServerConn, newCh
 		msg := fmt.Sprintf("channel type %s is not supported", newChan.ChannelType())
 		s.logger.Info(msg)
 		if err := newChan.Reject(gossh.UnknownChannelType, msg); err != nil {
-			s.logger.WithError(err).Error("Error rejecting SSH channel")
+			s.logger.Errorf("Error rejecting SSH channel: %s", err)
 		}
 		return
 	}
 
 	localChan, localChanReqs, err := newChan.Accept()
 	if err != nil {
-		s.logger.WithError(err).Error("Failed to accept session channel")
+		s.logger.Errorf("Failed to accept session channel: %s", err)
 		return
 	}
 	defer localChan.Close()
@@ -196,7 +196,7 @@ func (s *SSHProxy) channelHandler(srv *ssh.Server, conn *gossh.ServerConn, newCh
 
 	remoteChan, remoteChanReqs, err := client.OpenChannel(newChan.ChannelType(), newChan.ExtraData())
 	if err != nil {
-		s.logger.WithError(err).Error("Failed to open remote channel")
+		s.logger.Errorf("Failed to open remote channel: %s", err)
 		return
 	}
 
@@ -211,13 +211,13 @@ func (s *SSHProxy) proxyChannel(localChan, remoteChan gossh.Channel, localChanRe
 	done := make(chan struct{}, 2)
 	go func() {
 		if _, err := io.Copy(localChan, remoteChan); err != nil {
-			s.logger.WithError(err).Error("remote to local copy error")
+			s.logger.Errorf("remote to local copy error: %s", err)
 		}
 		done <- struct{}{}
 	}()
 	go func() {
 		if _, err := io.Copy(remoteChan, localChan); err != nil {
-			s.logger.WithError(err).Error("local to remote copy error")
+			s.logger.Errorf("local to remote copy error: %s", err)
 		}
 		done <- struct{}{}
 	}()
@@ -227,12 +227,12 @@ func (s *SSHProxy) proxyChannel(localChan, remoteChan gossh.Channel, localChanRe
 	localStderr := localChan.Stderr()
 	go func() {
 		if _, err := io.Copy(remoteStderr, localStderr); err != nil {
-			s.logger.WithError(err).Error("stderr local to remote copy error")
+			s.logger.Errorf("stderr local to remote copy error: %s", err)
 		}
 	}()
 	go func() {
 		if _, err := io.Copy(localStderr, remoteStderr); err != nil {
-			s.logger.WithError(err).Error("stderr remote to local copy error")
+			s.logger.Errorf("stderr remote to local copy error: %s", err)
 		}
 	}()
 
@@ -247,7 +247,7 @@ func (s *SSHProxy) proxyChannel(localChan, remoteChan gossh.Channel, localChanRe
 				return
 			}
 			if err := s.forwardChannelRequest(remoteChan, req); err != nil {
-				s.logger.WithError(err).Error("Failed to forward request")
+				s.logger.Errorf("Failed to forward request: %s", err)
 				return
 			}
 
@@ -258,7 +258,7 @@ func (s *SSHProxy) proxyChannel(localChan, remoteChan gossh.Channel, localChanRe
 				return
 			}
 			if err := s.forwardChannelRequest(localChan, req); err != nil {
-				s.logger.WithError(err).Error("Failed to forward request")
+				s.logger.Errorf("Failed to forward request: %s", err)
 				return
 			}
 		case <-done:
@@ -278,7 +278,7 @@ func (s *SSHProxy) readPreamble(conn net.Conn) (*SSHPreamble, error) {
 	}
 	defer func() {
 		if err := conn.SetReadDeadline(time.Time{}); err != nil {
-			s.logger.WithError(err).Error("Failed to unset conn read deadline")
+			s.logger.Errorf("Failed to unset conn read deadline: %s", err)
 		}
 	}()
 
@@ -341,7 +341,7 @@ func (s *SSHProxy) dialDestination(ctx ssh.Context) (*gossh.Client, error) {
 
 	signer, err := s.genSSHSigner(preamble.JWT)
 	if err != nil {
-		s.logger.WithError(err).Error("Failed to generate signed short lived cert")
+		s.logger.Errorf("Failed to generate signed short lived cert: %s", err)
 		return nil, err
 	}
 	s.logger.Debugf("Short lived certificate for %s connecting to %s:\n\n%s", ctx.User(), preamble.Destination, gossh.MarshalAuthorizedKey(signer.PublicKey()))
@@ -356,7 +356,7 @@ func (s *SSHProxy) dialDestination(ctx ssh.Context) (*gossh.Client, error) {
 
 	client, err := gossh.Dial("tcp", preamble.Destination, clientConfig)
 	if err != nil {
-		s.logger.WithError(err).Info("Failed to connect to destination SSH server")
+		s.logger.Errorf("Failed to connect to destination SSH server: %s", err)
 		return nil, err
 	}
 	return client, nil
@@ -421,7 +421,7 @@ func (s *SSHProxy) logChannelRequest(req *gossh.Request, conn *gossh.ServerConn,
 	case "exec":
 		var payload struct{ Value string }
 		if err := gossh.Unmarshal(req.Payload, &payload); err != nil {
-			s.logger.WithError(err).Errorf("Failed to unmarshal channel request payload: %s:%s", req.Type, req.Payload)
+			s.logger.Errorf("Failed to unmarshal channel request payload: %s:%s with error: %s", req.Type, req.Payload, err)
 		}
 		event = payload.Value
 
@@ -481,11 +481,11 @@ func (s *SSHProxy) logAuditEvent(conn *gossh.ServerConn, event, eventType string
 	}
 	data, err := json.Marshal(&ae)
 	if err != nil {
-		s.logger.WithError(err).Error("Failed to marshal audit event. malformed audit object")
+		s.logger.Errorf("Failed to marshal audit event. malformed audit object: %s", err)
 		return
 	}
 	line := string(data) + "\n"
 	if _, err := writer.Write([]byte(line)); err != nil {
-		s.logger.WithError(err).Error("Failed to write audit event.")
+		s.logger.Errorf("Failed to write audit event: %s", err)
 	}
 }
diff --git a/sshserver/sshserver_windows.go b/sshserver/sshserver_windows.go
index f87c582b..7b338417 100644
--- a/sshserver/sshserver_windows.go
+++ b/sshserver/sshserver_windows.go
@@ -7,8 +7,8 @@ import (
 
 	"time"
 
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/sshlog"
-	"github.com/sirupsen/logrus"
 )
 
 const SSHPreambleLength = 2
@@ -20,7 +20,7 @@ type SSHPreamble struct {
 	JWT         string
 }
 
-func New(_ sshlog.Manager, _ *logrus.Logger, _, _, _, _ string, _ chan struct{}, _, _ time.Duration) (*SSHServer, error) {
+func New(_ sshlog.Manager, _ logger.Service, _, _, _, _ string, _ chan struct{}, _, _ time.Duration) (*SSHServer, error) {
 	return nil, errors.New("cloudflared ssh server is not supported on windows")
 }
 
diff --git a/streamhandler/stream_handler.go b/streamhandler/stream_handler.go
index 66763bcd..2b40b0a1 100644
--- a/streamhandler/stream_handler.go
+++ b/streamhandler/stream_handler.go
@@ -7,11 +7,11 @@ import (
 	"strconv"
 
 	"github.com/cloudflare/cloudflared/h2mux"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/tunnelhostnamemapper"
 	"github.com/cloudflare/cloudflared/tunnelrpc"
 	"github.com/cloudflare/cloudflared/tunnelrpc/pogs"
 	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
 	"zombiezen.com/go/capnproto2/rpc"
 )
 
@@ -45,19 +45,19 @@ type StreamHandler struct {
 	useConfigResultChan <-chan *pogs.UseConfigurationResult
 	// originMapper maps tunnel hostname to origin service
 	tunnelHostnameMapper *tunnelhostnamemapper.TunnelHostnameMapper
-	logger               *logrus.Entry
+	logger               logger.Service
 }
 
 // NewStreamHandler creates a new StreamHandler
 func NewStreamHandler(newConfigChan chan<- *pogs.ClientConfig,
 	useConfigResultChan <-chan *pogs.UseConfigurationResult,
-	logger *logrus.Logger,
+	logger logger.Service,
 ) *StreamHandler {
 	return &StreamHandler{
 		newConfigChan:        newConfigChan,
 		useConfigResultChan:  useConfigResultChan,
 		tunnelHostnameMapper: tunnelhostnamemapper.NewTunnelHostnameMapper(),
-		logger:               logger.WithField("subsystem", "streamHandler"),
+		logger:               logger,
 	}
 }
 
@@ -66,14 +66,14 @@ func (s *StreamHandler) UseConfiguration(ctx context.Context, config *pogs.Clien
 	select {
 	case <-ctx.Done():
 		err := fmt.Errorf("Timeout while sending new config to Supervisor")
-		s.logger.Error(err)
+		s.logger.Errorf("streamHandler: %s", err)
 		return nil, err
 	case s.newConfigChan <- config:
 	}
 	select {
 	case <-ctx.Done():
 		err := fmt.Errorf("Timeout applying new configuration")
-		s.logger.Error(err)
+		s.logger.Errorf("streamHandler: %s", err)
 		return nil, err
 	case result := <-s.useConfigResultChan:
 		return result, nil
@@ -93,9 +93,9 @@ func (s *StreamHandler) UpdateConfig(newConfig []*pogs.ReverseProxyConfig) (fail
 	toAdd := s.tunnelHostnameMapper.ToAdd(newConfig)
 	for _, tunnelConfig := range toAdd {
 		tunnelHostname := tunnelConfig.TunnelHostname
-		originSerice, err := tunnelConfig.OriginConfig.Service()
+		originSerice, err := tunnelConfig.OriginConfig.Service(s.logger)
 		if err != nil {
-			s.logger.WithField("tunnelHostname", tunnelHostname).WithError(err).Error("Invalid origin service config")
+			s.logger.Errorf("streamHandler: tunnelHostname: %s Invalid origin service config: %s", tunnelHostname, err)
 			failedConfigs = append(failedConfigs, &pogs.FailedConfig{
 				Config: tunnelConfig,
 				Reason: tunnelConfig.FailReason(err),
@@ -103,7 +103,7 @@ func (s *StreamHandler) UpdateConfig(newConfig []*pogs.ReverseProxyConfig) (fail
 			continue
 		}
 		s.tunnelHostnameMapper.Add(tunnelConfig.TunnelHostname, originSerice)
-		s.logger.WithField("tunnelHostname", tunnelHostname).Infof("New origin service config: %v", originSerice.Summary())
+		s.logger.Infof("streamHandler: tunnelHostname: %s New origin service config: %v", tunnelHostname, originSerice.Summary())
 	}
 	return
 }
@@ -114,7 +114,7 @@ func (s *StreamHandler) ServeStream(stream *h2mux.MuxedStream) error {
 		return s.serveRPC(stream)
 	}
 	if err := s.serveRequest(stream); err != nil {
-		s.logger.Error(err)
+		s.logger.Errorf("streamHandler: %s", err)
 		return err
 	}
 	return nil
@@ -123,11 +123,10 @@ func (s *StreamHandler) ServeStream(stream *h2mux.MuxedStream) error {
 func (s *StreamHandler) serveRPC(stream *h2mux.MuxedStream) error {
 	stream.WriteHeaders([]h2mux.Header{{Name: ":status", Value: "200"}})
 	main := pogs.ClientService_ServerToClient(s)
-	rpcLogger := s.logger.WithField("subsystem", "clientserver-rpc")
 	rpcConn := rpc.NewConn(
-		tunnelrpc.NewTransportLogger(rpcLogger, rpc.StreamTransport(stream)),
+		tunnelrpc.NewTransportLogger(s.logger, rpc.StreamTransport(stream)),
 		rpc.MainInterface(main.Client),
-		tunnelrpc.ConnLog(s.logger.WithField("subsystem", "clientserver-rpc-transport")),
+		tunnelrpc.ConnLog(s.logger),
 	)
 	return rpcConn.Wait()
 }
@@ -151,8 +150,8 @@ func (s *StreamHandler) serveRequest(stream *h2mux.MuxedStream) error {
 		return errors.Wrap(err, "cannot create request")
 	}
 
-	logger := s.requestLogger(req, tunnelHostname)
-	logger.Debugf("Request Headers %+v", req.Header)
+	cfRay := s.logRequest(req, tunnelHostname)
+	s.logger.Debugf("streamHandler: tunnelHostname: %s CF-RAY: %s Request Headers %+v", tunnelHostname, cfRay, req.Header)
 
 	resp, err := originService.Proxy(stream, req)
 	if err != nil {
@@ -160,23 +159,22 @@ func (s *StreamHandler) serveRequest(stream *h2mux.MuxedStream) error {
 		return errors.Wrap(err, "cannot proxy request")
 	}
 
-	logger.WithField("status", resp.Status).Debugf("Response Headers %+v", resp.Header)
+	s.logger.Debugf("streamHandler: tunnelHostname: %s CF-RAY: %s status: %s Response Headers %+v", tunnelHostname, cfRay, resp.Status, resp.Header)
 	return nil
 }
 
-func (s *StreamHandler) requestLogger(req *http.Request, tunnelHostname h2mux.TunnelHostname) *logrus.Entry {
+func (s *StreamHandler) logRequest(req *http.Request, tunnelHostname h2mux.TunnelHostname) string {
 	cfRay := FindCfRayHeader(req)
 	lbProbe := IsLBProbeRequest(req)
-	logger := s.logger.WithField("tunnelHostname", tunnelHostname)
+	logger := s.logger
 	if cfRay != "" {
-		logger = logger.WithField("CF-RAY", cfRay)
-		logger.Debugf("%s %s %s", req.Method, req.URL, req.Proto)
+		logger.Debugf("streamHandler: tunnelHostname: %s CF-RAY: %s %s %s %s", tunnelHostname, cfRay, req.Method, req.URL, req.Proto)
 	} else if lbProbe {
-		logger.Debugf("Load Balancer health check %s %s %s", req.Method, req.URL, req.Proto)
+		logger.Debugf("streamHandler: tunnelHostname: %s CF-RAY: %s Load Balancer health check %s %s %s", tunnelHostname, cfRay, req.Method, req.URL, req.Proto)
 	} else {
-		logger.Warnf("Requests %v does not have CF-RAY header. Please open a support ticket with Cloudflare.", req)
+		logger.Infof("streamHandler: tunnelHostname: %s CF-RAY: %s Requests %v does not have CF-RAY header. Please open a support ticket with Cloudflare.", tunnelHostname, cfRay, req)
 	}
-	return logger
+	return cfRay
 }
 
 func (s *StreamHandler) writeErrorStatus(stream *h2mux.MuxedStream, status *httpErrorStatus) {
diff --git a/streamhandler/stream_handler_test.go b/streamhandler/stream_handler_test.go
index 721f5a6c..628524b3 100644
--- a/streamhandler/stream_handler_test.go
+++ b/streamhandler/stream_handler_test.go
@@ -12,9 +12,9 @@ import (
 	"time"
 
 	"github.com/cloudflare/cloudflared/h2mux"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/tunnelrpc/pogs"
 	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 	"golang.org/x/sync/errgroup"
 )
@@ -39,9 +39,10 @@ var (
 )
 
 func TestServeRequest(t *testing.T) {
+	l := logger.NewOutputWriter(logger.NewMockWriteManager())
 	configChan := make(chan *pogs.ClientConfig)
 	useConfigResultChan := make(chan *pogs.UseConfigurationResult)
-	streamHandler := NewStreamHandler(configChan, useConfigResultChan, logrus.New())
+	streamHandler := NewStreamHandler(configChan, useConfigResultChan, l)
 
 	message := []byte("Hello cloudflared")
 	httpServer := httptest.NewServer(&mockHTTPHandler{message})
@@ -72,8 +73,9 @@ func TestServeRequest(t *testing.T) {
 func createStreamHandler() *StreamHandler {
 	configChan := make(chan *pogs.ClientConfig)
 	useConfigResultChan := make(chan *pogs.UseConfigurationResult)
+	l := logger.NewOutputWriter(logger.NewMockWriteManager())
 
-	return NewStreamHandler(configChan, useConfigResultChan, logrus.New())
+	return NewStreamHandler(configChan, useConfigResultChan, l)
 }
 
 func createRequestMuxPair(t *testing.T, streamHandler *StreamHandler) *DefaultMuxerPair {
@@ -185,7 +187,7 @@ func NewDefaultMuxerPair(t *testing.T, h h2mux.MuxedStreamHandler) *DefaultMuxer
 			Handler:                 h,
 			IsClient:                true,
 			Name:                    "origin",
-			Logger:                  logrus.NewEntry(logrus.New()),
+			Logger:                  logger.NewOutputWriter(logger.NewMockWriteManager()),
 			DefaultWindowSize:       (1 << 8) - 1,
 			MaxWindowSize:           (1 << 15) - 1,
 			StreamWriteBufferMaxLen: 1024,
@@ -195,7 +197,7 @@ func NewDefaultMuxerPair(t *testing.T, h h2mux.MuxedStreamHandler) *DefaultMuxer
 			Timeout:                 testHandshakeTimeout,
 			IsClient:                false,
 			Name:                    "edge",
-			Logger:                  logrus.NewEntry(logrus.New()),
+			Logger:                  logger.NewOutputWriter(logger.NewMockWriteManager()),
 			DefaultWindowSize:       (1 << 8) - 1,
 			MaxWindowSize:           (1 << 15) - 1,
 			StreamWriteBufferMaxLen: 1024,
diff --git a/supervisor/supervisor.go b/supervisor/supervisor.go
index ca9764b1..8dee085d 100644
--- a/supervisor/supervisor.go
+++ b/supervisor/supervisor.go
@@ -16,10 +16,10 @@ import (
 	"github.com/cloudflare/cloudflared/connection"
 	"github.com/cloudflare/cloudflared/edgediscovery"
 	"github.com/cloudflare/cloudflared/h2mux"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/streamhandler"
 	"github.com/cloudflare/cloudflared/tunnelrpc/pogs"
 	"github.com/prometheus/client_golang/prometheus"
-	"github.com/sirupsen/logrus"
 )
 
 type Supervisor struct {
@@ -30,7 +30,7 @@ type Supervisor struct {
 	newConfigChan       <-chan *pogs.ClientConfig
 	useConfigResultChan chan<- *pogs.UseConfigurationResult
 	state               *state
-	logger              *logrus.Entry
+	logger              logger.Service
 	metrics             metrics
 }
 
@@ -62,7 +62,7 @@ func NewSupervisor(
 	cloudflaredConfig *connection.CloudflaredConfig,
 	autoupdater *updater.AutoUpdater,
 	supportAutoupdate bool,
-	logger *logrus.Logger,
+	logger logger.Service,
 ) (*Supervisor, error) {
 	newConfigChan := make(chan *pogs.ClientConfig)
 	useConfigResultChan := make(chan *pogs.UseConfigurationResult)
@@ -93,7 +93,7 @@ func NewSupervisor(
 		newConfigChan:       newConfigChan,
 		useConfigResultChan: useConfigResultChan,
 		state:               newState(defaultClientConfig),
-		logger:              logger.WithField("subsystem", "supervisor"),
+		logger:              logger,
 		metrics:             newMetrics(),
 	}, nil
 }
@@ -120,7 +120,7 @@ func (s *Supervisor) Run(ctx context.Context) error {
 	}
 
 	err := errGroup.Wait()
-	s.logger.Warnf("Supervisor terminated, reason: %v", err)
+	s.logger.Errorf("Supervisor terminated, reason: %v", err)
 	return err
 }
 
diff --git a/tlsconfig/certreloader.go b/tlsconfig/certreloader.go
index f8e1fdca..a8fb7499 100644
--- a/tlsconfig/certreloader.go
+++ b/tlsconfig/certreloader.go
@@ -8,9 +8,9 @@ import (
 	"runtime"
 	"sync"
 
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/getsentry/raven-go"
 	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
 	"gopkg.in/urfave/cli.v2"
 )
 
@@ -65,7 +65,7 @@ func (cr *CertReloader) LoadCert() error {
 	return nil
 }
 
-func LoadOriginCA(c *cli.Context, logger *logrus.Logger) (*x509.CertPool, error) {
+func LoadOriginCA(c *cli.Context, logger logger.Service) (*x509.CertPool, error) {
 	var originCustomCAPool []byte
 
 	originCAPoolFilename := c.String(OriginCAPoolFlag)
@@ -151,7 +151,7 @@ func CreateTunnelConfig(c *cli.Context) (*tls.Config, error) {
 	return tlsConfig, nil
 }
 
-func loadOriginCertPool(originCAPoolPEM []byte, logger *logrus.Logger) (*x509.CertPool, error) {
+func loadOriginCertPool(originCAPoolPEM []byte, logger logger.Service) (*x509.CertPool, error) {
 	// Get the global pool
 	certPool, err := loadGlobalCertPool(logger)
 	if err != nil {
@@ -161,19 +161,19 @@ func loadOriginCertPool(originCAPoolPEM []byte, logger *logrus.Logger) (*x509.Ce
 	// Then, add any custom origin CA pool the user may have passed
 	if originCAPoolPEM != nil {
 		if !certPool.AppendCertsFromPEM(originCAPoolPEM) {
-			logger.Warn("could not append the provided origin CA to the cloudflared certificate pool")
+			logger.Info("could not append the provided origin CA to the cloudflared certificate pool")
 		}
 	}
 
 	return certPool, nil
 }
 
-func loadGlobalCertPool(logger *logrus.Logger) (*x509.CertPool, error) {
+func loadGlobalCertPool(logger logger.Service) (*x509.CertPool, error) {
 	// First, obtain the system certificate pool
 	certPool, err := x509.SystemCertPool()
 	if err != nil {
 		if runtime.GOOS != "windows" { // See https://github.com/golang/go/issues/16736
-			logger.WithError(err).Warn("error obtaining the system certificates")
+			logger.Infof("error obtaining the system certificates: %s", err)
 		}
 		certPool = x509.NewCertPool()
 	}
diff --git a/tunneldns/https_upstream.go b/tunneldns/https_upstream.go
index 8494fd5f..b4c756fa 100644
--- a/tunneldns/https_upstream.go
+++ b/tunneldns/https_upstream.go
@@ -11,9 +11,9 @@ import (
 	"net/url"
 	"time"
 
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/miekg/dns"
 	"github.com/pkg/errors"
-	log "github.com/sirupsen/logrus"
 	"golang.org/x/net/http2"
 )
 
@@ -26,15 +26,16 @@ type UpstreamHTTPS struct {
 	client     *http.Client
 	endpoint   *url.URL
 	bootstraps []string
+	logger     logger.Service
 }
 
 // NewUpstreamHTTPS creates a new DNS over HTTPS upstream from endpoint
-func NewUpstreamHTTPS(endpoint string, bootstraps []string) (Upstream, error) {
+func NewUpstreamHTTPS(endpoint string, bootstraps []string, logger logger.Service) (Upstream, error) {
 	u, err := url.Parse(endpoint)
 	if err != nil {
 		return nil, err
 	}
-	return &UpstreamHTTPS{client: configureClient(u.Hostname()), endpoint: u, bootstraps: bootstraps}, nil
+	return &UpstreamHTTPS{client: configureClient(u.Hostname()), endpoint: u, bootstraps: bootstraps, logger: logger}, nil
 }
 
 // Exchange provides an implementation for the Upstream interface
@@ -48,12 +49,12 @@ func (u *UpstreamHTTPS) Exchange(ctx context.Context, query *dns.Msg) (*dns.Msg,
 		for _, bootstrap := range u.bootstraps {
 			endpoint, client, err := configureBootstrap(bootstrap)
 			if err != nil {
-				log.WithError(err).Errorf("failed to configure boostrap upstream %s", bootstrap)
+				u.logger.Errorf("failed to configure boostrap upstream %s: %s", bootstrap, err)
 				continue
 			}
-			msg, err := exchange(queryBuf, query.Id, endpoint, client)
+			msg, err := exchange(queryBuf, query.Id, endpoint, client, u.logger)
 			if err != nil {
-				log.WithError(err).Errorf("failed to connect to a boostrap upstream %s", bootstrap)
+				u.logger.Errorf("failed to connect to a boostrap upstream %s: %s", bootstrap, err)
 				continue
 			}
 			return msg, nil
@@ -61,10 +62,10 @@ func (u *UpstreamHTTPS) Exchange(ctx context.Context, query *dns.Msg) (*dns.Msg,
 		return nil, fmt.Errorf("failed to reach any bootstrap upstream: %v", u.bootstraps)
 	}
 
-	return exchange(queryBuf, query.Id, u.endpoint, u.client)
+	return exchange(queryBuf, query.Id, u.endpoint, u.client, u.logger)
 }
 
-func exchange(msg []byte, queryID uint16, endpoint *url.URL, client *http.Client) (*dns.Msg, error) {
+func exchange(msg []byte, queryID uint16, endpoint *url.URL, client *http.Client, logger logger.Service) (*dns.Msg, error) {
 	// No content negotiation for now, use DNS wire format
 	buf, backendErr := exchangeWireformat(msg, endpoint, client)
 	if backendErr == nil {
@@ -77,7 +78,7 @@ func exchange(msg []byte, queryID uint16, endpoint *url.URL, client *http.Client
 		return response, nil
 	}
 
-	log.WithError(backendErr).Errorf("failed to connect to an HTTPS backend %q", endpoint)
+	logger.Errorf("failed to connect to an HTTPS backend %q: %s", endpoint, backendErr)
 	return nil, backendErr
 }
 
diff --git a/tunneldns/tunnel.go b/tunneldns/tunnel.go
index 1cbe1136..e85d0a26 100644
--- a/tunneldns/tunnel.go
+++ b/tunneldns/tunnel.go
@@ -8,7 +8,8 @@ import (
 	"sync"
 	"syscall"
 
-	"github.com/cloudflare/cloudflared/log"
+	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/metrics"
 
 	"github.com/coredns/coredns/core/dnsserver"
@@ -18,26 +19,31 @@ import (
 	"gopkg.in/urfave/cli.v2"
 )
 
-var logger = log.CreateLogger()
-
 // Listener is an adapter between CoreDNS server and Warp runnable
 type Listener struct {
 	server *dnsserver.Server
 	wg     sync.WaitGroup
+	logger logger.Service
 }
 
 // Run implements a foreground runner
 func Run(c *cli.Context) error {
+	logDirectory, logLevel := config.FindLogSettings()
+	logger, err := logger.New(logger.DefaultFile(logDirectory), logger.LogLevelString(logLevel))
+	if err != nil {
+		return errors.Wrap(err, "error setting up logger")
+	}
+
 	metricsListener, err := net.Listen("tcp", c.String("metrics"))
 	if err != nil {
-		logger.WithError(err).Fatal("Failed to open the metrics listener")
+		logger.Fatalf("Failed to open the metrics listener: %s", err)
 	}
 
 	go metrics.ServeMetrics(metricsListener, nil, logger)
 
-	listener, err := CreateListener(c.String("address"), uint16(c.Uint("port")), c.StringSlice("upstream"), c.StringSlice("bootstrap"))
+	listener, err := CreateListener(c.String("address"), uint16(c.Uint("port")), c.StringSlice("upstream"), c.StringSlice("bootstrap"), logger)
 	if err != nil {
-		logger.WithError(err).Errorf("Failed to create the listeners")
+		logger.Errorf("Failed to create the listeners: %s", err)
 		return err
 	}
 
@@ -45,7 +51,7 @@ func Run(c *cli.Context) error {
 	readySignal := make(chan struct{})
 	err = listener.Start(readySignal)
 	if err != nil {
-		logger.WithError(err).Errorf("Failed to start the listeners")
+		logger.Errorf("Failed to start the listeners: %s", err)
 		return listener.Stop()
 	}
 	<-readySignal
@@ -59,7 +65,7 @@ func Run(c *cli.Context) error {
 	// Shut down server
 	err = listener.Stop()
 	if err != nil {
-		logger.WithError(err).Errorf("failed to stop")
+		logger.Errorf("failed to stop: %s", err)
 	}
 	return err
 }
@@ -80,7 +86,7 @@ func createConfig(address string, port uint16, p plugin.Handler) *dnsserver.Conf
 // Start blocks for serving requests
 func (l *Listener) Start(readySignal chan struct{}) error {
 	defer close(readySignal)
-	logger.WithField("addr", l.server.Address()).Infof("Starting DNS over HTTPS proxy server")
+	l.logger.Infof("Starting DNS over HTTPS proxy server on: %s", l.server.Address())
 
 	// Start UDP listener
 	if udp, err := l.server.ListenPacket(); err == nil {
@@ -117,12 +123,12 @@ func (l *Listener) Stop() error {
 }
 
 // CreateListener configures the server and bound sockets
-func CreateListener(address string, port uint16, upstreams []string, bootstraps []string) (*Listener, error) {
+func CreateListener(address string, port uint16, upstreams []string, bootstraps []string, logger logger.Service) (*Listener, error) {
 	// Build the list of upstreams
 	upstreamList := make([]Upstream, 0)
 	for _, url := range upstreams {
-		logger.WithField("url", url).Infof("Adding DNS upstream")
-		upstream, err := NewUpstreamHTTPS(url, bootstraps)
+		logger.Infof("Adding DNS upstream - url: %s", url)
+		upstream, err := NewUpstreamHTTPS(url, bootstraps, logger)
 		if err != nil {
 			return nil, errors.Wrap(err, "failed to create HTTPS upstream")
 		}
@@ -144,5 +150,5 @@ func CreateListener(address string, port uint16, upstreams []string, bootstraps
 		return nil, err
 	}
 
-	return &Listener{server: server}, nil
+	return &Listener{server: server, logger: logger}, nil
 }
diff --git a/tunnelrpc/log.go b/tunnelrpc/log.go
index 848012b8..262c0a72 100644
--- a/tunnelrpc/log.go
+++ b/tunnelrpc/log.go
@@ -3,14 +3,14 @@ package tunnelrpc
 import (
 	"context"
 
-	log "github.com/sirupsen/logrus"
+	"github.com/cloudflare/cloudflared/logger"
 	"golang.org/x/net/trace"
 	"zombiezen.com/go/capnproto2/rpc"
 )
 
 // ConnLogger wraps a logrus *log.Entry for a connection.
 type ConnLogger struct {
-	Entry *log.Entry
+	Entry logger.Service
 }
 
 func (c ConnLogger) Infof(ctx context.Context, format string, args ...interface{}) {
@@ -21,7 +21,7 @@ func (c ConnLogger) Errorf(ctx context.Context, format string, args ...interface
 	c.Entry.Errorf(format, args...)
 }
 
-func ConnLog(log *log.Entry) rpc.ConnOption {
+func ConnLog(log logger.Service) rpc.ConnOption {
 	return rpc.ConnLog(ConnLogger{log})
 }
 
diff --git a/tunnelrpc/logtransport.go b/tunnelrpc/logtransport.go
index 80fdc6a1..1d290ef4 100644
--- a/tunnelrpc/logtransport.go
+++ b/tunnelrpc/logtransport.go
@@ -5,7 +5,7 @@ import (
 	"bytes"
 	"context"
 
-	log "github.com/sirupsen/logrus"
+	"github.com/cloudflare/cloudflared/logger"
 	"zombiezen.com/go/capnproto2/encoding/text"
 	"zombiezen.com/go/capnproto2/rpc"
 	rpccapnp "zombiezen.com/go/capnproto2/std/capnp/rpc"
@@ -13,28 +13,28 @@ import (
 
 type transport struct {
 	rpc.Transport
-	l *log.Entry
+	l logger.Service
 }
 
-// New creates a new logger that proxies messages to and from t and
+// NewTransportLogger creates a new logger that proxies messages to and from t and
 // logs them to l.  If l is nil, then the log package's default
 // logger is used.
-func NewTransportLogger(l *log.Entry, t rpc.Transport) rpc.Transport {
+func NewTransportLogger(l logger.Service, t rpc.Transport) rpc.Transport {
 	return &transport{Transport: t, l: l}
 }
 
 func (t *transport) SendMessage(ctx context.Context, msg rpccapnp.Message) error {
-	t.l.Debugf("tx %s", formatMsg(msg))
+	t.l.Debugf("rpcconnect: tx %s", formatMsg(msg))
 	return t.Transport.SendMessage(ctx, msg)
 }
 
 func (t *transport) RecvMessage(ctx context.Context) (rpccapnp.Message, error) {
 	msg, err := t.Transport.RecvMessage(ctx)
 	if err != nil {
-		t.l.WithError(err).Debug("rx error")
+		t.l.Debugf("rpcconnect: rx error: %s", err)
 		return msg, err
 	}
-	t.l.Debugf("rx %s", formatMsg(msg))
+	t.l.Debugf("rpcconnect: rx %s", formatMsg(msg))
 	return msg, nil
 }
 
diff --git a/tunnelrpc/pogs/config.go b/tunnelrpc/pogs/config.go
index a15caca3..6ef537ae 100644
--- a/tunnelrpc/pogs/config.go
+++ b/tunnelrpc/pogs/config.go
@@ -11,6 +11,7 @@ import (
 	"time"
 
 	"github.com/cloudflare/cloudflared/h2mux"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/originservice"
 	"github.com/cloudflare/cloudflared/tlsconfig"
 	"github.com/cloudflare/cloudflared/tunnelrpc"
@@ -171,7 +172,7 @@ func (_ *ReverseProxyConfig) isFallibleConfig() {}
 //go-sumtype:decl OriginConfig
 type OriginConfig interface {
 	// Service returns a OriginService used to proxy to the origin
-	Service() (originservice.OriginService, error)
+	Service(logger.Service) (originservice.OriginService, error)
 	// go-sumtype requires at least one unexported method, otherwise it will complain that interface is not sealed
 	isOriginConfig()
 }
@@ -191,7 +192,7 @@ type HTTPOriginConfig struct {
 	ChunkedEncoding        bool
 }
 
-func (hc *HTTPOriginConfig) Service() (originservice.OriginService, error) {
+func (hc *HTTPOriginConfig) Service(logger logger.Service) (originservice.OriginService, error) {
 	rootCAs, err := tlsconfig.LoadCustomOriginCA(hc.OriginCAPool)
 	if err != nil {
 		return nil, err
@@ -239,7 +240,7 @@ type WebSocketOriginConfig struct {
 	OriginServerName string
 }
 
-func (wsc *WebSocketOriginConfig) Service() (originservice.OriginService, error) {
+func (wsc *WebSocketOriginConfig) Service(logger logger.Service) (originservice.OriginService, error) {
 	rootCAs, err := tlsconfig.LoadCustomOriginCA(wsc.OriginCAPool)
 	if err != nil {
 		return nil, err
@@ -254,14 +255,14 @@ func (wsc *WebSocketOriginConfig) Service() (originservice.OriginService, error)
 	if err != nil {
 		return nil, errors.Wrapf(err, "%s is not a valid URL", wsc.URLString)
 	}
-	return originservice.NewWebSocketService(tlsConfig, url)
+	return originservice.NewWebSocketService(tlsConfig, url, logger)
 }
 
 func (*WebSocketOriginConfig) isOriginConfig() {}
 
 type HelloWorldOriginConfig struct{}
 
-func (*HelloWorldOriginConfig) Service() (originservice.OriginService, error) {
+func (*HelloWorldOriginConfig) Service(logger logger.Service) (originservice.OriginService, error) {
 	helloCert, err := tlsconfig.GetHelloCertificateX509()
 	if err != nil {
 		return nil, errors.Wrap(err, "Cannot get Hello World server certificate")
@@ -282,7 +283,7 @@ func (*HelloWorldOriginConfig) Service() (originservice.OriginService, error) {
 		TLSHandshakeTimeout:   10 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
 	}
-	return originservice.NewHelloWorldService(transport)
+	return originservice.NewHelloWorldService(transport, logger)
 }
 
 func (*HelloWorldOriginConfig) isOriginConfig() {}
diff --git a/tunnelrpc/pogs/config_test.go b/tunnelrpc/pogs/config_test.go
index 38ba5976..199a3d47 100644
--- a/tunnelrpc/pogs/config_test.go
+++ b/tunnelrpc/pogs/config_test.go
@@ -8,6 +8,7 @@ import (
 
 	"github.com/stretchr/testify/assert"
 
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/tunnelrpc"
 	capnp "zombiezen.com/go/capnproto2"
 )
@@ -241,9 +242,10 @@ func TestOriginConfigInvalidURL(t *testing.T) {
 			URLString: "127.0.0.1:36192",
 		},
 	}
+	logger := logger.NewOutputWriter(logger.NewMockWriteManager())
 
 	for _, config := range invalidConfigs {
-		service, err := config.Service()
+		service, err := config.Service(logger)
 		assert.Error(t, err)
 		assert.Nil(t, service)
 	}
diff --git a/tunnelstore/client.go b/tunnelstore/client.go
index fcd5f92c..fbddee8a 100644
--- a/tunnelstore/client.go
+++ b/tunnelstore/client.go
@@ -9,8 +9,8 @@ import (
 	"strings"
 	"time"
 
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
 )
 
 const (
@@ -42,11 +42,12 @@ type RESTClient struct {
 	baseURL   string
 	authToken string
 	client    http.Client
+	logger    logger.Service
 }
 
 var _ Client = (*RESTClient)(nil)
 
-func NewRESTClient(baseURL string, accountTag string, authToken string) *RESTClient {
+func NewRESTClient(baseURL string, accountTag string, authToken string, logger logger.Service) *RESTClient {
 	if strings.HasSuffix(baseURL, "/") {
 		baseURL = baseURL[:len(baseURL)-1]
 	}
@@ -61,6 +62,7 @@ func NewRESTClient(baseURL string, accountTag string, authToken string) *RESTCli
 			},
 			Timeout: defaultTimeout,
 		},
+		logger: logger,
 	}
 }
 
@@ -146,7 +148,7 @@ func (r *RESTClient) resolve(target string) string {
 
 func (r *RESTClient) sendRequest(method string, target string, body io.Reader) (*http.Response, error) {
 	url := r.resolve(target)
-	logrus.Debugf("%s %s", method, url)
+	r.logger.Debugf("%s %s", method, url)
 	req, err := http.NewRequest(method, url, body)
 	if err != nil {
 		return nil, errors.Wrapf(err, "can't create %s request", method)
@@ -180,5 +182,3 @@ func statusCodeToError(op string, resp *http.Response) error {
 	return errors.Errorf("API call to %s tunnel failed with status %d: %s", op,
 		resp.StatusCode, http.StatusText(resp.StatusCode))
 }
-
-
diff --git a/vendor/github.com/mattn/go-colorable/LICENSE b/vendor/github.com/acmacalister/skittles/LICENSE
similarity index 96%
rename from vendor/github.com/mattn/go-colorable/LICENSE
rename to vendor/github.com/acmacalister/skittles/LICENSE
index 91b5cef3..e8ff4073 100644
--- a/vendor/github.com/mattn/go-colorable/LICENSE
+++ b/vendor/github.com/acmacalister/skittles/LICENSE
@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2016 Yasuhiro Matsumoto
+Copyright (c) 2016 Austin Cherry
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/github.com/acmacalister/skittles/README.md b/vendor/github.com/acmacalister/skittles/README.md
new file mode 100644
index 00000000..013ef2f9
--- /dev/null
+++ b/vendor/github.com/acmacalister/skittles/README.md
@@ -0,0 +1,40 @@
+Skittles
+========
+
+Miminal package for terminal colors/ANSI escape code.
+
+![alt tag](https://raw.githubusercontent.com/acmacalister/skittles/master/pictures/terminal-colors.png)
+
+## Install
+
+`go get github.com/acmacalister/skittles`
+
+`import "github.com/acmacalister/skittles"`
+
+## Example
+
+```go
+package main
+
+import (
+  "fmt"
+  "github.com/acmacalister/skittles"
+)
+
+func main() {
+  fmt.Println(skittles.Red("Red's my favorite color"))
+}
+```
+
+## Supported Platforms
+
+Only tested on OS X terminal app, but I would expect it to work with any unix based terminal.
+
+## Docs
+
+* [GoDoc](http://godoc.org/github.com/acmacalister/skittles)
+
+## Help
+
+* [Github](https://github.com/acmacalister)
+* [Twitter](http://twitter.com/acmacalister)
diff --git a/vendor/github.com/acmacalister/skittles/skittles.go b/vendor/github.com/acmacalister/skittles/skittles.go
new file mode 100644
index 00000000..aa61627c
--- /dev/null
+++ b/vendor/github.com/acmacalister/skittles/skittles.go
@@ -0,0 +1,153 @@
+// Miminal package for terminal colors/ANSI escape code.
+// Check out the source here https://github.com/acmacalister/skittles.
+// Also see the example directory for another example on how to use skittles.
+//
+//  package main
+//
+//  import (
+//    "fmt"
+//    "github.com/acmacalister/skittles"
+//  )
+//
+//  func main() {
+//    fmt.Println(skittles.Red("Red's my favorite color"))
+//  }
+package skittles
+
+import (
+	"fmt"
+	"strings"
+)
+
+// source: http://www.termsys.demon.co.uk/vtansi.htm
+// source: http://ascii-table.com/ansi-escape-sequences.php
+
+const (
+	nofmt             = "0"
+	bold              = "1"
+	underline         = "4"
+	blink             = "5"
+	inverse           = "7"  // attributes end at 7
+	black             = "30" // colors start at 30
+	red               = "31"
+	green             = "32"
+	yellow            = "33"
+	blue              = "34"
+	magenta           = "35"
+	cyan              = "36"
+	white             = "37" // colors end at 37
+	blackBackground   = "40" // background colors start at 40
+	redBackground     = "41"
+	greenBackground   = "42"
+	yellowBackground  = "43"
+	blueBackground    = "44"
+	magentaBackground = "45"
+	cyanBackground    = "46"
+	whiteBackground   = "47"
+)
+
+// makeFunction returns a function that formats some text with the provided list
+// of ANSI escape codes.
+func makeFunction(attributes []string) func(interface{}) string {
+	return func(text interface{}) string {
+		return fmt.Sprintf("\033[%sm%s\033[0m", strings.Join(attributes, ";"), text)
+	}
+}
+
+var (
+	// Reset resets all formatting.
+	Reset = makeFunction([]string{nofmt})
+	// Bold makes terminal text bold and doesn't add any color.
+	Bold = makeFunction([]string{bold})
+	// Underline makes terminal text underlined and doesn't add any color.
+	Underline = makeFunction([]string{underline})
+	// Blink makes terminal text blink and doesn't add any color.
+	Blink = makeFunction([]string{blink})
+	// Inverse inverts terminal text and doesn't add any color.
+	Inverse = makeFunction([]string{inverse})
+
+	// Black makes terminal text black.
+	Black = makeFunction([]string{black})
+	// Red makes terminal text red.
+	Red = makeFunction([]string{red})
+	// Green makes terminal text green.
+	Green = makeFunction([]string{green})
+	// Yellow makes terminal text yellow.
+	Yellow = makeFunction([]string{yellow})
+	// Blue makes terminal text blue.
+	Blue = makeFunction([]string{blue})
+	// Magenta makes terminal text magenta.
+	Magenta = makeFunction([]string{magenta})
+	// Cyan makes terminal text cyan.
+	Cyan = makeFunction([]string{cyan})
+	// White makes terminal text white.
+	White = makeFunction([]string{white})
+
+	// BoldBlack makes terminal text bold and black.
+	BoldBlack = makeFunction([]string{black, bold})
+	// BoldRed makes terminal text bold and red.
+	BoldRed = makeFunction([]string{red, bold})
+	// BoldGreen makes terminal text bold and green.
+	BoldGreen = makeFunction([]string{green, bold})
+	// BoldYellow makes terminal text bold and yellow.
+	BoldYellow = makeFunction([]string{yellow, bold})
+	// BoldBlue makes terminal text bold and blue.
+	BoldBlue = makeFunction([]string{blue, bold})
+	// BoldMagenta makes terminal text bold and magenta.
+	BoldMagenta = makeFunction([]string{magenta, bold})
+	// BoldCyan makes terminal text bold and cyan.
+	BoldCyan = makeFunction([]string{cyan, bold})
+	// BoldWhite makes terminal text bold and white.
+	BoldWhite = makeFunction([]string{white, bold})
+
+	// BlinkBlack makes terminal text blink and black.
+	BlinkBlack = makeFunction([]string{black, blink})
+	// BlinkRed makes terminal text blink and red.
+	BlinkRed = makeFunction([]string{red, blink})
+	// BlinkGreen makes terminal text blink and green.
+	BlinkGreen = makeFunction([]string{green, blink})
+	// BlinkYellow makes terminal text blink and yellow.
+	BlinkYellow = makeFunction([]string{yellow, blink})
+	// BlinkBlue makes terminal text blink and blue.
+	BlinkBlue = makeFunction([]string{blue, blink})
+	// BlinkMagenta makes terminal text blink and magenta.
+	BlinkMagenta = makeFunction([]string{magenta, blink})
+	// BlinkCyan makes terminal text blink and cyan.
+	BlinkCyan = makeFunction([]string{cyan, blink})
+	// BlinkWhite makes terminal text blink and white.
+	BlinkWhite = makeFunction([]string{white, blink})
+
+	// UnderlineBlack makes terminal text underlined and black.
+	UnderlineBlack = makeFunction([]string{black, underline})
+	// UnderlineRed makes terminal text underlined and red.
+	UnderlineRed = makeFunction([]string{red, underline})
+	// UnderlineGreen makes terminal text underlined and green.
+	UnderlineGreen = makeFunction([]string{green, underline})
+	// UnderlineYellow makes terminal text underlined and yellow.
+	UnderlineYellow = makeFunction([]string{yellow, underline})
+	// UnderlineBlue makes terminal text underlined and blue.
+	UnderlineBlue = makeFunction([]string{blue, underline})
+	// UnderlineMagenta makes terminal text underlined and magenta.
+	UnderlineMagenta = makeFunction([]string{magenta, underline})
+	// UnderlineCyan makes terminal text underlined and cyan.
+	UnderlineCyan = makeFunction([]string{cyan, underline})
+	// UnderlineWhite makes terminal text underlined and white.
+	UnderlineWhite = makeFunction([]string{white, underline})
+
+	// InverseBlack makes terminal text inverted and black.
+	InverseBlack = makeFunction([]string{black, inverse})
+	// InverseRed makes terminal text inverted and red.
+	InverseRed = makeFunction([]string{red, inverse})
+	// InverseGreen makes terminal text inverted and green.
+	InverseGreen = makeFunction([]string{green, inverse})
+	// InverseYellow makes terminal text inverted and yellow.
+	InverseYellow = makeFunction([]string{yellow, inverse})
+	// InverseBlue makes terminal text inverted and blue.
+	InverseBlue = makeFunction([]string{blue, inverse})
+	// InverseMagenta makes terminal text inverted and magenta.
+	InverseMagenta = makeFunction([]string{magenta, inverse})
+	// InverseCyan makes terminal text inverted and cyan.
+	InverseCyan = makeFunction([]string{cyan, inverse})
+	// InverseWhite makes terminal text inverted and white.
+	InverseWhite = makeFunction([]string{white, inverse})
+)
diff --git a/vendor/github.com/rifflock/lfshook/LICENSE b/vendor/github.com/alecthomas/units/COPYING
similarity index 52%
rename from vendor/github.com/rifflock/lfshook/LICENSE
rename to vendor/github.com/alecthomas/units/COPYING
index eb9d3214..2993ec08 100644
--- a/vendor/github.com/rifflock/lfshook/LICENSE
+++ b/vendor/github.com/alecthomas/units/COPYING
@@ -1,21 +1,19 @@
-The MIT License (MIT)
+Copyright (C) 2014 Alec Thomas
 
-Copyright (c) 2015 Michael Riffle
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
 
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
 
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/alecthomas/units/README.md b/vendor/github.com/alecthomas/units/README.md
new file mode 100644
index 00000000..bee884e3
--- /dev/null
+++ b/vendor/github.com/alecthomas/units/README.md
@@ -0,0 +1,11 @@
+# Units - Helpful unit multipliers and functions for Go
+
+The goal of this package is to have functionality similar to the [time](http://golang.org/pkg/time/) package.
+
+It allows for code like this:
+
+```go
+n, err := ParseBase2Bytes("1KB")
+// n == 1024
+n = units.Mebibyte * 512
+```
diff --git a/vendor/github.com/alecthomas/units/bytes.go b/vendor/github.com/alecthomas/units/bytes.go
new file mode 100644
index 00000000..eaadeb80
--- /dev/null
+++ b/vendor/github.com/alecthomas/units/bytes.go
@@ -0,0 +1,83 @@
+package units
+
+// Base2Bytes is the old non-SI power-of-2 byte scale (1024 bytes in a kilobyte,
+// etc.).
+type Base2Bytes int64
+
+// Base-2 byte units.
+const (
+	Kibibyte Base2Bytes = 1024
+	KiB                 = Kibibyte
+	Mebibyte            = Kibibyte * 1024
+	MiB                 = Mebibyte
+	Gibibyte            = Mebibyte * 1024
+	GiB                 = Gibibyte
+	Tebibyte            = Gibibyte * 1024
+	TiB                 = Tebibyte
+	Pebibyte            = Tebibyte * 1024
+	PiB                 = Pebibyte
+	Exbibyte            = Pebibyte * 1024
+	EiB                 = Exbibyte
+)
+
+var (
+	bytesUnitMap    = MakeUnitMap("iB", "B", 1024)
+	oldBytesUnitMap = MakeUnitMap("B", "B", 1024)
+)
+
+// ParseBase2Bytes supports both iB and B in base-2 multipliers. That is, KB
+// and KiB are both 1024.
+func ParseBase2Bytes(s string) (Base2Bytes, error) {
+	n, err := ParseUnit(s, bytesUnitMap)
+	if err != nil {
+		n, err = ParseUnit(s, oldBytesUnitMap)
+	}
+	return Base2Bytes(n), err
+}
+
+func (b Base2Bytes) String() string {
+	return ToString(int64(b), 1024, "iB", "B")
+}
+
+var (
+	metricBytesUnitMap = MakeUnitMap("B", "B", 1000)
+)
+
+// MetricBytes are SI byte units (1000 bytes in a kilobyte).
+type MetricBytes SI
+
+// SI base-10 byte units.
+const (
+	Kilobyte MetricBytes = 1000
+	KB                   = Kilobyte
+	Megabyte             = Kilobyte * 1000
+	MB                   = Megabyte
+	Gigabyte             = Megabyte * 1000
+	GB                   = Gigabyte
+	Terabyte             = Gigabyte * 1000
+	TB                   = Terabyte
+	Petabyte             = Terabyte * 1000
+	PB                   = Petabyte
+	Exabyte              = Petabyte * 1000
+	EB                   = Exabyte
+)
+
+// ParseMetricBytes parses base-10 metric byte units. That is, KB is 1000 bytes.
+func ParseMetricBytes(s string) (MetricBytes, error) {
+	n, err := ParseUnit(s, metricBytesUnitMap)
+	return MetricBytes(n), err
+}
+
+func (m MetricBytes) String() string {
+	return ToString(int64(m), 1000, "B", "B")
+}
+
+// ParseStrictBytes supports both iB and B suffixes for base 2 and metric,
+// respectively. That is, KiB represents 1024 and KB represents 1000.
+func ParseStrictBytes(s string) (int64, error) {
+	n, err := ParseUnit(s, bytesUnitMap)
+	if err != nil {
+		n, err = ParseUnit(s, metricBytesUnitMap)
+	}
+	return int64(n), err
+}
diff --git a/vendor/github.com/alecthomas/units/doc.go b/vendor/github.com/alecthomas/units/doc.go
new file mode 100644
index 00000000..156ae386
--- /dev/null
+++ b/vendor/github.com/alecthomas/units/doc.go
@@ -0,0 +1,13 @@
+// Package units provides helpful unit multipliers and functions for Go.
+//
+// The goal of this package is to have functionality similar to the time [1] package.
+//
+//
+// [1] http://golang.org/pkg/time/
+//
+// It allows for code like this:
+//
+//     n, err := ParseBase2Bytes("1KB")
+//     // n == 1024
+//     n = units.Mebibyte * 512
+package units
diff --git a/vendor/github.com/alecthomas/units/go.mod b/vendor/github.com/alecthomas/units/go.mod
new file mode 100644
index 00000000..f5721732
--- /dev/null
+++ b/vendor/github.com/alecthomas/units/go.mod
@@ -0,0 +1 @@
+module github.com/alecthomas/units
diff --git a/vendor/github.com/alecthomas/units/si.go b/vendor/github.com/alecthomas/units/si.go
new file mode 100644
index 00000000..8234a9d5
--- /dev/null
+++ b/vendor/github.com/alecthomas/units/si.go
@@ -0,0 +1,26 @@
+package units
+
+// SI units.
+type SI int64
+
+// SI unit multiples.
+const (
+	Kilo SI = 1000
+	Mega    = Kilo * 1000
+	Giga    = Mega * 1000
+	Tera    = Giga * 1000
+	Peta    = Tera * 1000
+	Exa     = Peta * 1000
+)
+
+func MakeUnitMap(suffix, shortSuffix string, scale int64) map[string]float64 {
+	return map[string]float64{
+		shortSuffix:  1,
+		"K" + suffix: float64(scale),
+		"M" + suffix: float64(scale * scale),
+		"G" + suffix: float64(scale * scale * scale),
+		"T" + suffix: float64(scale * scale * scale * scale),
+		"P" + suffix: float64(scale * scale * scale * scale * scale),
+		"E" + suffix: float64(scale * scale * scale * scale * scale * scale),
+	}
+}
diff --git a/vendor/github.com/alecthomas/units/util.go b/vendor/github.com/alecthomas/units/util.go
new file mode 100644
index 00000000..6527e92d
--- /dev/null
+++ b/vendor/github.com/alecthomas/units/util.go
@@ -0,0 +1,138 @@
+package units
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+)
+
+var (
+	siUnits = []string{"", "K", "M", "G", "T", "P", "E"}
+)
+
+func ToString(n int64, scale int64, suffix, baseSuffix string) string {
+	mn := len(siUnits)
+	out := make([]string, mn)
+	for i, m := range siUnits {
+		if n%scale != 0 || i == 0 && n == 0 {
+			s := suffix
+			if i == 0 {
+				s = baseSuffix
+			}
+			out[mn-1-i] = fmt.Sprintf("%d%s%s", n%scale, m, s)
+		}
+		n /= scale
+		if n == 0 {
+			break
+		}
+	}
+	return strings.Join(out, "")
+}
+
+// Below code ripped straight from http://golang.org/src/pkg/time/format.go?s=33392:33438#L1123
+var errLeadingInt = errors.New("units: bad [0-9]*") // never printed
+
+// leadingInt consumes the leading [0-9]* from s.
+func leadingInt(s string) (x int64, rem string, err error) {
+	i := 0
+	for ; i < len(s); i++ {
+		c := s[i]
+		if c < '0' || c > '9' {
+			break
+		}
+		if x >= (1<<63-10)/10 {
+			// overflow
+			return 0, "", errLeadingInt
+		}
+		x = x*10 + int64(c) - '0'
+	}
+	return x, s[i:], nil
+}
+
+func ParseUnit(s string, unitMap map[string]float64) (int64, error) {
+	// [-+]?([0-9]*(\.[0-9]*)?[a-z]+)+
+	orig := s
+	f := float64(0)
+	neg := false
+
+	// Consume [-+]?
+	if s != "" {
+		c := s[0]
+		if c == '-' || c == '+' {
+			neg = c == '-'
+			s = s[1:]
+		}
+	}
+	// Special case: if all that is left is "0", this is zero.
+	if s == "0" {
+		return 0, nil
+	}
+	if s == "" {
+		return 0, errors.New("units: invalid " + orig)
+	}
+	for s != "" {
+		g := float64(0) // this element of the sequence
+
+		var x int64
+		var err error
+
+		// The next character must be [0-9.]
+		if !(s[0] == '.' || ('0' <= s[0] && s[0] <= '9')) {
+			return 0, errors.New("units: invalid " + orig)
+		}
+		// Consume [0-9]*
+		pl := len(s)
+		x, s, err = leadingInt(s)
+		if err != nil {
+			return 0, errors.New("units: invalid " + orig)
+		}
+		g = float64(x)
+		pre := pl != len(s) // whether we consumed anything before a period
+
+		// Consume (\.[0-9]*)?
+		post := false
+		if s != "" && s[0] == '.' {
+			s = s[1:]
+			pl := len(s)
+			x, s, err = leadingInt(s)
+			if err != nil {
+				return 0, errors.New("units: invalid " + orig)
+			}
+			scale := 1.0
+			for n := pl - len(s); n > 0; n-- {
+				scale *= 10
+			}
+			g += float64(x) / scale
+			post = pl != len(s)
+		}
+		if !pre && !post {
+			// no digits (e.g. ".s" or "-.s")
+			return 0, errors.New("units: invalid " + orig)
+		}
+
+		// Consume unit.
+		i := 0
+		for ; i < len(s); i++ {
+			c := s[i]
+			if c == '.' || ('0' <= c && c <= '9') {
+				break
+			}
+		}
+		u := s[:i]
+		s = s[i:]
+		unit, ok := unitMap[u]
+		if !ok {
+			return 0, errors.New("units: unknown unit " + u + " in " + orig)
+		}
+
+		f += g * unit
+	}
+
+	if neg {
+		f = -f
+	}
+	if f < float64(-1<<63) || f > float64(1<<63-1) {
+		return 0, errors.New("units: overflow parsing unit")
+	}
+	return int64(f), nil
+}
diff --git a/vendor/github.com/cloudflare/cfssl/LICENSE b/vendor/github.com/cloudflare/cfssl/LICENSE
deleted file mode 100644
index bc5841fa..00000000
--- a/vendor/github.com/cloudflare/cfssl/LICENSE
+++ /dev/null
@@ -1,24 +0,0 @@
-Copyright (c) 2014 CloudFlare Inc.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-Redistributions of source code must retain the above copyright notice,
-this list of conditions and the following disclaimer.
-
-Redistributions in binary form must reproduce the above copyright notice,
-this list of conditions and the following disclaimer in the documentation
-and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/cloudflare/cfssl/log/log.go b/vendor/github.com/cloudflare/cfssl/log/log.go
deleted file mode 100644
index 1ec06f10..00000000
--- a/vendor/github.com/cloudflare/cfssl/log/log.go
+++ /dev/null
@@ -1,98 +0,0 @@
-// Package log implements a wrapper around the Go standard library's
-// logging package. Clients should set the current log level; only
-// messages below that level will actually be logged. For example, if
-// Level is set to LevelWarning, only log messages at the Warning,
-// Error, and Critical levels will be logged.
-package log
-
-import (
-	"fmt"
-	golog "log"
-)
-
-// The following constants represent logging levels in increasing levels of seriousness.
-const (
-	LevelDebug = iota
-	LevelInfo
-	LevelWarning
-	LevelError
-	LevelCritical
-)
-
-var levelPrefix = [...]string{
-	LevelDebug:    "[DEBUG] ",
-	LevelInfo:     "[INFO] ",
-	LevelWarning:  "[WARNING] ",
-	LevelError:    "[ERROR] ",
-	LevelCritical: "[CRITICAL] ",
-}
-
-// Level stores the current logging level.
-var Level = LevelDebug
-
-func outputf(l int, format string, v []interface{}) {
-	if l >= Level {
-		golog.Printf(fmt.Sprint(levelPrefix[l], format), v...)
-	}
-}
-
-func output(l int, v []interface{}) {
-	if l >= Level {
-		golog.Print(levelPrefix[l], fmt.Sprint(v...))
-	}
-}
-
-// Criticalf logs a formatted message at the "critical" level. The
-// arguments are handled in the same manner as fmt.Printf.
-func Criticalf(format string, v ...interface{}) {
-	outputf(LevelCritical, format, v)
-}
-
-// Critical logs its arguments at the "critical" level.
-func Critical(v ...interface{}) {
-	output(LevelCritical, v)
-}
-
-// Errorf logs a formatted message at the "error" level. The arguments
-// are handled in the same manner as fmt.Printf.
-func Errorf(format string, v ...interface{}) {
-	outputf(LevelError, format, v)
-}
-
-// Error logs its arguments at the "error" level.
-func Error(v ...interface{}) {
-	output(LevelError, v)
-}
-
-// Warningf logs a formatted message at the "warning" level. The
-// arguments are handled in the same manner as fmt.Printf.
-func Warningf(format string, v ...interface{}) {
-	outputf(LevelWarning, format, v)
-}
-
-// Warning logs its arguments at the "warning" level.
-func Warning(v ...interface{}) {
-	output(LevelWarning, v)
-}
-
-// Infof logs a formatted message at the "info" level. The arguments
-// are handled in the same manner as fmt.Printf.
-func Infof(format string, v ...interface{}) {
-	outputf(LevelInfo, format, v)
-}
-
-// Info logs its arguments at the "info" level.
-func Info(v ...interface{}) {
-	output(LevelInfo, v)
-}
-
-// Debugf logs a formatted message at the "debug" level. The arguments
-// are handled in the same manner as fmt.Printf.
-func Debugf(format string, v ...interface{}) {
-	outputf(LevelDebug, format, v)
-}
-
-// Debug logs its arguments at the "debug" level.
-func Debug(v ...interface{}) {
-	output(LevelDebug, v)
-}
diff --git a/vendor/github.com/cloudflare/cfssl/revoke/revoke.go b/vendor/github.com/cloudflare/cfssl/revoke/revoke.go
deleted file mode 100644
index 1cb3a19c..00000000
--- a/vendor/github.com/cloudflare/cfssl/revoke/revoke.go
+++ /dev/null
@@ -1,146 +0,0 @@
-// Package revoke provides functionality for checking the validity of
-// a cert. Specifically, the temporal validity of the certificate is
-// checked first, then any CRL in the cert is checked. OCSP is not
-// supported at this time.
-package revoke
-
-import (
-	"crypto/x509"
-	"crypto/x509/pkix"
-	"errors"
-	"io/ioutil"
-	"net/http"
-	neturl "net/url"
-	"time"
-
-	"github.com/cloudflare/cfssl/log"
-)
-
-// HardFail determines whether the failure to check the revocation
-// status of a certificate (i.e. due to network failure) causes
-// verification to fail (a hard failure).
-var HardFail = false
-
-// TODO (kyle): figure out a good mechanism for OCSP; this requires
-// presenting both the certificate and the issuer, and we don't have a
-// good way at this time of getting the issuer.
-
-// CRLSet associates a PKIX certificate list with the URL the CRL is
-// fetched from.
-var CRLSet = map[string]*pkix.CertificateList{}
-
-// We can't handle LDAP certificates, so this checks to see if the
-// URL string points to an LDAP resource so that we can ignore it.
-func ldapURL(url string) bool {
-	u, err := neturl.Parse(url)
-	if err != nil {
-		log.Warningf("invalid url %s: %v", url, err)
-		return false
-	}
-	if u.Scheme == "ldap" {
-		return true
-	}
-	return false
-}
-
-// revCheck should check the certificate for any revocations. It
-// returns a pair of booleans: the first indicates whether the certificate
-// is revoked, the second indicates whether the revocations were
-// successfully checked.. This leads to the following combinations:
-//
-//	false, false: an error was encountered while checking revocations.
-//
-//	false, true:  the certificate was checked successfully and
-//		      it is not revoked.
-//
-//      true, true:   the certificate was checked successfully and
-//		      it is revoked.
-func revCheck(cert *x509.Certificate) (revoked, ok bool) {
-	for _, url := range cert.CRLDistributionPoints {
-		if ldapURL(url) {
-			log.Infof("skipping LDAP CRL: %s", url)
-			continue
-		}
-
-		if revoked, ok := certIsRevokedCRL(cert, url); !ok {
-			log.Warning("error checking revocation via CRL")
-			if HardFail {
-				return true, false
-			}
-			return false, false
-		} else if revoked {
-			log.Info("certificate is revoked via CRL")
-			return true, true
-		}
-	}
-
-	return false, true
-}
-
-// fetchCRL fetches and parses a CRL.
-func fetchCRL(url string) (*pkix.CertificateList, error) {
-	resp, err := http.Get(url)
-	if err != nil {
-		return nil, err
-	} else if resp.StatusCode >= 300 {
-		return nil, errors.New("failed to retrieve CRL")
-	}
-
-	body, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-	resp.Body.Close()
-
-	return x509.ParseCRL(body)
-}
-
-// check a cert against a specific CRL. Returns the same bool pair
-// as revCheck.
-func certIsRevokedCRL(cert *x509.Certificate, url string) (revoked, ok bool) {
-	crl, ok := CRLSet[url]
-	if ok && crl == nil {
-		ok = false
-		delete(CRLSet, url)
-	}
-
-	var shouldFetchCRL = true
-	if ok {
-		if !crl.HasExpired(time.Now()) {
-			shouldFetchCRL = false
-		}
-	}
-
-	if shouldFetchCRL {
-		var err error
-		crl, err = fetchCRL(url)
-		if err != nil {
-			log.Warningf("failed to fetch CRL: %v", err)
-			return false, false
-		}
-		CRLSet[url] = crl
-	}
-
-	for _, revoked := range crl.TBSCertList.RevokedCertificates {
-		if cert.SerialNumber.Cmp(revoked.SerialNumber) == 0 {
-			log.Info("Serial number match: intermediate is revoked.")
-			return true, true
-		}
-	}
-
-	return false, true
-}
-
-// VerifyCertificate ensures that the certificate passed in hasn't
-// expired and checks the CRL for the server.
-func VerifyCertificate(cert *x509.Certificate) (revoked, ok bool) {
-	if !time.Now().Before(cert.NotAfter) {
-		log.Infof("Certificate expired %s\n", cert.NotAfter)
-		return true, true
-	} else if !time.Now().After(cert.NotBefore) {
-		log.Infof("Certificate isn't valid until %s\n", cert.NotBefore)
-		return true, true
-	}
-
-	return revCheck(cert)
-}
diff --git a/vendor/github.com/konsorten/go-windows-terminal-sequences/LICENSE b/vendor/github.com/konsorten/go-windows-terminal-sequences/LICENSE
deleted file mode 100644
index 14127cd8..00000000
--- a/vendor/github.com/konsorten/go-windows-terminal-sequences/LICENSE
+++ /dev/null
@@ -1,9 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2017 marvin + konsorten GmbH (open-source@konsorten.de)
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/github.com/konsorten/go-windows-terminal-sequences/README.md b/vendor/github.com/konsorten/go-windows-terminal-sequences/README.md
deleted file mode 100644
index 195333e5..00000000
--- a/vendor/github.com/konsorten/go-windows-terminal-sequences/README.md
+++ /dev/null
@@ -1,41 +0,0 @@
-# Windows Terminal Sequences
-
-This library allow for enabling Windows terminal color support for Go.
-
-See [Console Virtual Terminal Sequences](https://docs.microsoft.com/en-us/windows/console/console-virtual-terminal-sequences) for details.
-
-## Usage
-
-```go
-import (
-	"syscall"
-	
-	sequences "github.com/konsorten/go-windows-terminal-sequences"
-)
-
-func main() {
-	sequences.EnableVirtualTerminalProcessing(syscall.Stdout, true)
-}
-
-```
-
-## Authors
-
-The tool is sponsored by the [marvin + konsorten GmbH](http://www.konsorten.de).
-
-We thank all the authors who provided code to this library:
-
-* Felix Kollmann
-* Nicolas Perraut
-
-## License
-
-(The MIT License)
-
-Copyright (c) 2018 marvin + konsorten GmbH (open-source@konsorten.de)
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/github.com/konsorten/go-windows-terminal-sequences/go.mod b/vendor/github.com/konsorten/go-windows-terminal-sequences/go.mod
deleted file mode 100644
index 716c6131..00000000
--- a/vendor/github.com/konsorten/go-windows-terminal-sequences/go.mod
+++ /dev/null
@@ -1 +0,0 @@
-module github.com/konsorten/go-windows-terminal-sequences
diff --git a/vendor/github.com/konsorten/go-windows-terminal-sequences/sequences.go b/vendor/github.com/konsorten/go-windows-terminal-sequences/sequences.go
deleted file mode 100644
index ef18d8f9..00000000
--- a/vendor/github.com/konsorten/go-windows-terminal-sequences/sequences.go
+++ /dev/null
@@ -1,36 +0,0 @@
-// +build windows
-
-package sequences
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-var (
-	kernel32Dll    *syscall.LazyDLL  = syscall.NewLazyDLL("Kernel32.dll")
-	setConsoleMode *syscall.LazyProc = kernel32Dll.NewProc("SetConsoleMode")
-)
-
-func EnableVirtualTerminalProcessing(stream syscall.Handle, enable bool) error {
-	const ENABLE_VIRTUAL_TERMINAL_PROCESSING uint32 = 0x4
-
-	var mode uint32
-	err := syscall.GetConsoleMode(syscall.Stdout, &mode)
-	if err != nil {
-		return err
-	}
-
-	if enable {
-		mode |= ENABLE_VIRTUAL_TERMINAL_PROCESSING
-	} else {
-		mode &^= ENABLE_VIRTUAL_TERMINAL_PROCESSING
-	}
-
-	ret, _, err := setConsoleMode.Call(uintptr(unsafe.Pointer(stream)), uintptr(mode))
-	if ret == 0 {
-		return err
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/konsorten/go-windows-terminal-sequences/sequences_dummy.go b/vendor/github.com/konsorten/go-windows-terminal-sequences/sequences_dummy.go
deleted file mode 100644
index df61a6f2..00000000
--- a/vendor/github.com/konsorten/go-windows-terminal-sequences/sequences_dummy.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// +build linux darwin
-
-package sequences
-
-import (
-	"fmt"
-)
-
-func EnableVirtualTerminalProcessing(stream uintptr, enable bool) error {
-	return fmt.Errorf("windows only package")
-}
diff --git a/vendor/github.com/mattn/go-colorable/.travis.yml b/vendor/github.com/mattn/go-colorable/.travis.yml
deleted file mode 100644
index 98db8f06..00000000
--- a/vendor/github.com/mattn/go-colorable/.travis.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-language: go
-go:
-  - tip
-
-before_install:
-  - go get github.com/mattn/goveralls
-  - go get golang.org/x/tools/cmd/cover
-script:
-  - $HOME/gopath/bin/goveralls -repotoken xnXqRGwgW3SXIguzxf90ZSK1GPYZPaGrw
diff --git a/vendor/github.com/mattn/go-colorable/README.md b/vendor/github.com/mattn/go-colorable/README.md
deleted file mode 100644
index 56729a92..00000000
--- a/vendor/github.com/mattn/go-colorable/README.md
+++ /dev/null
@@ -1,48 +0,0 @@
-# go-colorable
-
-[![Godoc Reference](https://godoc.org/github.com/mattn/go-colorable?status.svg)](http://godoc.org/github.com/mattn/go-colorable)
-[![Build Status](https://travis-ci.org/mattn/go-colorable.svg?branch=master)](https://travis-ci.org/mattn/go-colorable)
-[![Coverage Status](https://coveralls.io/repos/github/mattn/go-colorable/badge.svg?branch=master)](https://coveralls.io/github/mattn/go-colorable?branch=master)
-[![Go Report Card](https://goreportcard.com/badge/mattn/go-colorable)](https://goreportcard.com/report/mattn/go-colorable)
-
-Colorable writer for windows.
-
-For example, most of logger packages doesn't show colors on windows. (I know we can do it with ansicon. But I don't want.)
-This package is possible to handle escape sequence for ansi color on windows.
-
-## Too Bad!
-
-![](https://raw.githubusercontent.com/mattn/go-colorable/gh-pages/bad.png)
-
-
-## So Good!
-
-![](https://raw.githubusercontent.com/mattn/go-colorable/gh-pages/good.png)
-
-## Usage
-
-```go
-logrus.SetFormatter(&logrus.TextFormatter{ForceColors: true})
-logrus.SetOutput(colorable.NewColorableStdout())
-
-logrus.Info("succeeded")
-logrus.Warn("not correct")
-logrus.Error("something error")
-logrus.Fatal("panic")
-```
-
-You can compile above code on non-windows OSs.
-
-## Installation
-
-```
-$ go get github.com/mattn/go-colorable
-```
-
-# License
-
-MIT
-
-# Author
-
-Yasuhiro Matsumoto (a.k.a mattn)
diff --git a/vendor/github.com/mattn/go-colorable/colorable_appengine.go b/vendor/github.com/mattn/go-colorable/colorable_appengine.go
deleted file mode 100644
index 0b0aef83..00000000
--- a/vendor/github.com/mattn/go-colorable/colorable_appengine.go
+++ /dev/null
@@ -1,29 +0,0 @@
-// +build appengine
-
-package colorable
-
-import (
-	"io"
-	"os"
-
-	_ "github.com/mattn/go-isatty"
-)
-
-// NewColorable returns new instance of Writer which handles escape sequence.
-func NewColorable(file *os.File) io.Writer {
-	if file == nil {
-		panic("nil passed instead of *os.File to NewColorable()")
-	}
-
-	return file
-}
-
-// NewColorableStdout returns new instance of Writer which handles escape sequence for stdout.
-func NewColorableStdout() io.Writer {
-	return os.Stdout
-}
-
-// NewColorableStderr returns new instance of Writer which handles escape sequence for stderr.
-func NewColorableStderr() io.Writer {
-	return os.Stderr
-}
diff --git a/vendor/github.com/mattn/go-colorable/colorable_others.go b/vendor/github.com/mattn/go-colorable/colorable_others.go
deleted file mode 100644
index 3fb771dc..00000000
--- a/vendor/github.com/mattn/go-colorable/colorable_others.go
+++ /dev/null
@@ -1,30 +0,0 @@
-// +build !windows
-// +build !appengine
-
-package colorable
-
-import (
-	"io"
-	"os"
-
-	_ "github.com/mattn/go-isatty"
-)
-
-// NewColorable returns new instance of Writer which handles escape sequence.
-func NewColorable(file *os.File) io.Writer {
-	if file == nil {
-		panic("nil passed instead of *os.File to NewColorable()")
-	}
-
-	return file
-}
-
-// NewColorableStdout returns new instance of Writer which handles escape sequence for stdout.
-func NewColorableStdout() io.Writer {
-	return os.Stdout
-}
-
-// NewColorableStderr returns new instance of Writer which handles escape sequence for stderr.
-func NewColorableStderr() io.Writer {
-	return os.Stderr
-}
diff --git a/vendor/github.com/mattn/go-colorable/colorable_windows.go b/vendor/github.com/mattn/go-colorable/colorable_windows.go
deleted file mode 100644
index 1bd628f2..00000000
--- a/vendor/github.com/mattn/go-colorable/colorable_windows.go
+++ /dev/null
@@ -1,1005 +0,0 @@
-// +build windows
-// +build !appengine
-
-package colorable
-
-import (
-	"bytes"
-	"io"
-	"math"
-	"os"
-	"strconv"
-	"strings"
-	"syscall"
-	"unsafe"
-
-	"github.com/mattn/go-isatty"
-)
-
-const (
-	foregroundBlue      = 0x1
-	foregroundGreen     = 0x2
-	foregroundRed       = 0x4
-	foregroundIntensity = 0x8
-	foregroundMask      = (foregroundRed | foregroundBlue | foregroundGreen | foregroundIntensity)
-	backgroundBlue      = 0x10
-	backgroundGreen     = 0x20
-	backgroundRed       = 0x40
-	backgroundIntensity = 0x80
-	backgroundMask      = (backgroundRed | backgroundBlue | backgroundGreen | backgroundIntensity)
-)
-
-const (
-	genericRead  = 0x80000000
-	genericWrite = 0x40000000
-)
-
-const (
-	consoleTextmodeBuffer = 0x1
-)
-
-type wchar uint16
-type short int16
-type dword uint32
-type word uint16
-
-type coord struct {
-	x short
-	y short
-}
-
-type smallRect struct {
-	left   short
-	top    short
-	right  short
-	bottom short
-}
-
-type consoleScreenBufferInfo struct {
-	size              coord
-	cursorPosition    coord
-	attributes        word
-	window            smallRect
-	maximumWindowSize coord
-}
-
-type consoleCursorInfo struct {
-	size    dword
-	visible int32
-}
-
-var (
-	kernel32                       = syscall.NewLazyDLL("kernel32.dll")
-	procGetConsoleScreenBufferInfo = kernel32.NewProc("GetConsoleScreenBufferInfo")
-	procSetConsoleTextAttribute    = kernel32.NewProc("SetConsoleTextAttribute")
-	procSetConsoleCursorPosition   = kernel32.NewProc("SetConsoleCursorPosition")
-	procFillConsoleOutputCharacter = kernel32.NewProc("FillConsoleOutputCharacterW")
-	procFillConsoleOutputAttribute = kernel32.NewProc("FillConsoleOutputAttribute")
-	procGetConsoleCursorInfo       = kernel32.NewProc("GetConsoleCursorInfo")
-	procSetConsoleCursorInfo       = kernel32.NewProc("SetConsoleCursorInfo")
-	procSetConsoleTitle            = kernel32.NewProc("SetConsoleTitleW")
-	procCreateConsoleScreenBuffer  = kernel32.NewProc("CreateConsoleScreenBuffer")
-)
-
-// Writer provides colorable Writer to the console
-type Writer struct {
-	out       io.Writer
-	handle    syscall.Handle
-	althandle syscall.Handle
-	oldattr   word
-	oldpos    coord
-	rest      bytes.Buffer
-}
-
-// NewColorable returns new instance of Writer which handles escape sequence from File.
-func NewColorable(file *os.File) io.Writer {
-	if file == nil {
-		panic("nil passed instead of *os.File to NewColorable()")
-	}
-
-	if isatty.IsTerminal(file.Fd()) {
-		var csbi consoleScreenBufferInfo
-		handle := syscall.Handle(file.Fd())
-		procGetConsoleScreenBufferInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&csbi)))
-		return &Writer{out: file, handle: handle, oldattr: csbi.attributes, oldpos: coord{0, 0}}
-	}
-	return file
-}
-
-// NewColorableStdout returns new instance of Writer which handles escape sequence for stdout.
-func NewColorableStdout() io.Writer {
-	return NewColorable(os.Stdout)
-}
-
-// NewColorableStderr returns new instance of Writer which handles escape sequence for stderr.
-func NewColorableStderr() io.Writer {
-	return NewColorable(os.Stderr)
-}
-
-var color256 = map[int]int{
-	0:   0x000000,
-	1:   0x800000,
-	2:   0x008000,
-	3:   0x808000,
-	4:   0x000080,
-	5:   0x800080,
-	6:   0x008080,
-	7:   0xc0c0c0,
-	8:   0x808080,
-	9:   0xff0000,
-	10:  0x00ff00,
-	11:  0xffff00,
-	12:  0x0000ff,
-	13:  0xff00ff,
-	14:  0x00ffff,
-	15:  0xffffff,
-	16:  0x000000,
-	17:  0x00005f,
-	18:  0x000087,
-	19:  0x0000af,
-	20:  0x0000d7,
-	21:  0x0000ff,
-	22:  0x005f00,
-	23:  0x005f5f,
-	24:  0x005f87,
-	25:  0x005faf,
-	26:  0x005fd7,
-	27:  0x005fff,
-	28:  0x008700,
-	29:  0x00875f,
-	30:  0x008787,
-	31:  0x0087af,
-	32:  0x0087d7,
-	33:  0x0087ff,
-	34:  0x00af00,
-	35:  0x00af5f,
-	36:  0x00af87,
-	37:  0x00afaf,
-	38:  0x00afd7,
-	39:  0x00afff,
-	40:  0x00d700,
-	41:  0x00d75f,
-	42:  0x00d787,
-	43:  0x00d7af,
-	44:  0x00d7d7,
-	45:  0x00d7ff,
-	46:  0x00ff00,
-	47:  0x00ff5f,
-	48:  0x00ff87,
-	49:  0x00ffaf,
-	50:  0x00ffd7,
-	51:  0x00ffff,
-	52:  0x5f0000,
-	53:  0x5f005f,
-	54:  0x5f0087,
-	55:  0x5f00af,
-	56:  0x5f00d7,
-	57:  0x5f00ff,
-	58:  0x5f5f00,
-	59:  0x5f5f5f,
-	60:  0x5f5f87,
-	61:  0x5f5faf,
-	62:  0x5f5fd7,
-	63:  0x5f5fff,
-	64:  0x5f8700,
-	65:  0x5f875f,
-	66:  0x5f8787,
-	67:  0x5f87af,
-	68:  0x5f87d7,
-	69:  0x5f87ff,
-	70:  0x5faf00,
-	71:  0x5faf5f,
-	72:  0x5faf87,
-	73:  0x5fafaf,
-	74:  0x5fafd7,
-	75:  0x5fafff,
-	76:  0x5fd700,
-	77:  0x5fd75f,
-	78:  0x5fd787,
-	79:  0x5fd7af,
-	80:  0x5fd7d7,
-	81:  0x5fd7ff,
-	82:  0x5fff00,
-	83:  0x5fff5f,
-	84:  0x5fff87,
-	85:  0x5fffaf,
-	86:  0x5fffd7,
-	87:  0x5fffff,
-	88:  0x870000,
-	89:  0x87005f,
-	90:  0x870087,
-	91:  0x8700af,
-	92:  0x8700d7,
-	93:  0x8700ff,
-	94:  0x875f00,
-	95:  0x875f5f,
-	96:  0x875f87,
-	97:  0x875faf,
-	98:  0x875fd7,
-	99:  0x875fff,
-	100: 0x878700,
-	101: 0x87875f,
-	102: 0x878787,
-	103: 0x8787af,
-	104: 0x8787d7,
-	105: 0x8787ff,
-	106: 0x87af00,
-	107: 0x87af5f,
-	108: 0x87af87,
-	109: 0x87afaf,
-	110: 0x87afd7,
-	111: 0x87afff,
-	112: 0x87d700,
-	113: 0x87d75f,
-	114: 0x87d787,
-	115: 0x87d7af,
-	116: 0x87d7d7,
-	117: 0x87d7ff,
-	118: 0x87ff00,
-	119: 0x87ff5f,
-	120: 0x87ff87,
-	121: 0x87ffaf,
-	122: 0x87ffd7,
-	123: 0x87ffff,
-	124: 0xaf0000,
-	125: 0xaf005f,
-	126: 0xaf0087,
-	127: 0xaf00af,
-	128: 0xaf00d7,
-	129: 0xaf00ff,
-	130: 0xaf5f00,
-	131: 0xaf5f5f,
-	132: 0xaf5f87,
-	133: 0xaf5faf,
-	134: 0xaf5fd7,
-	135: 0xaf5fff,
-	136: 0xaf8700,
-	137: 0xaf875f,
-	138: 0xaf8787,
-	139: 0xaf87af,
-	140: 0xaf87d7,
-	141: 0xaf87ff,
-	142: 0xafaf00,
-	143: 0xafaf5f,
-	144: 0xafaf87,
-	145: 0xafafaf,
-	146: 0xafafd7,
-	147: 0xafafff,
-	148: 0xafd700,
-	149: 0xafd75f,
-	150: 0xafd787,
-	151: 0xafd7af,
-	152: 0xafd7d7,
-	153: 0xafd7ff,
-	154: 0xafff00,
-	155: 0xafff5f,
-	156: 0xafff87,
-	157: 0xafffaf,
-	158: 0xafffd7,
-	159: 0xafffff,
-	160: 0xd70000,
-	161: 0xd7005f,
-	162: 0xd70087,
-	163: 0xd700af,
-	164: 0xd700d7,
-	165: 0xd700ff,
-	166: 0xd75f00,
-	167: 0xd75f5f,
-	168: 0xd75f87,
-	169: 0xd75faf,
-	170: 0xd75fd7,
-	171: 0xd75fff,
-	172: 0xd78700,
-	173: 0xd7875f,
-	174: 0xd78787,
-	175: 0xd787af,
-	176: 0xd787d7,
-	177: 0xd787ff,
-	178: 0xd7af00,
-	179: 0xd7af5f,
-	180: 0xd7af87,
-	181: 0xd7afaf,
-	182: 0xd7afd7,
-	183: 0xd7afff,
-	184: 0xd7d700,
-	185: 0xd7d75f,
-	186: 0xd7d787,
-	187: 0xd7d7af,
-	188: 0xd7d7d7,
-	189: 0xd7d7ff,
-	190: 0xd7ff00,
-	191: 0xd7ff5f,
-	192: 0xd7ff87,
-	193: 0xd7ffaf,
-	194: 0xd7ffd7,
-	195: 0xd7ffff,
-	196: 0xff0000,
-	197: 0xff005f,
-	198: 0xff0087,
-	199: 0xff00af,
-	200: 0xff00d7,
-	201: 0xff00ff,
-	202: 0xff5f00,
-	203: 0xff5f5f,
-	204: 0xff5f87,
-	205: 0xff5faf,
-	206: 0xff5fd7,
-	207: 0xff5fff,
-	208: 0xff8700,
-	209: 0xff875f,
-	210: 0xff8787,
-	211: 0xff87af,
-	212: 0xff87d7,
-	213: 0xff87ff,
-	214: 0xffaf00,
-	215: 0xffaf5f,
-	216: 0xffaf87,
-	217: 0xffafaf,
-	218: 0xffafd7,
-	219: 0xffafff,
-	220: 0xffd700,
-	221: 0xffd75f,
-	222: 0xffd787,
-	223: 0xffd7af,
-	224: 0xffd7d7,
-	225: 0xffd7ff,
-	226: 0xffff00,
-	227: 0xffff5f,
-	228: 0xffff87,
-	229: 0xffffaf,
-	230: 0xffffd7,
-	231: 0xffffff,
-	232: 0x080808,
-	233: 0x121212,
-	234: 0x1c1c1c,
-	235: 0x262626,
-	236: 0x303030,
-	237: 0x3a3a3a,
-	238: 0x444444,
-	239: 0x4e4e4e,
-	240: 0x585858,
-	241: 0x626262,
-	242: 0x6c6c6c,
-	243: 0x767676,
-	244: 0x808080,
-	245: 0x8a8a8a,
-	246: 0x949494,
-	247: 0x9e9e9e,
-	248: 0xa8a8a8,
-	249: 0xb2b2b2,
-	250: 0xbcbcbc,
-	251: 0xc6c6c6,
-	252: 0xd0d0d0,
-	253: 0xdadada,
-	254: 0xe4e4e4,
-	255: 0xeeeeee,
-}
-
-// `\033]0;TITLESTR\007`
-func doTitleSequence(er *bytes.Reader) error {
-	var c byte
-	var err error
-
-	c, err = er.ReadByte()
-	if err != nil {
-		return err
-	}
-	if c != '0' && c != '2' {
-		return nil
-	}
-	c, err = er.ReadByte()
-	if err != nil {
-		return err
-	}
-	if c != ';' {
-		return nil
-	}
-	title := make([]byte, 0, 80)
-	for {
-		c, err = er.ReadByte()
-		if err != nil {
-			return err
-		}
-		if c == 0x07 || c == '\n' {
-			break
-		}
-		title = append(title, c)
-	}
-	if len(title) > 0 {
-		title8, err := syscall.UTF16PtrFromString(string(title))
-		if err == nil {
-			procSetConsoleTitle.Call(uintptr(unsafe.Pointer(title8)))
-		}
-	}
-	return nil
-}
-
-// returns Atoi(s) unless s == "" in which case it returns def
-func atoiWithDefault(s string, def int) (int, error) {
-	if s == "" {
-		return def, nil
-	}
-	return strconv.Atoi(s)
-}
-
-// Write writes data on console
-func (w *Writer) Write(data []byte) (n int, err error) {
-	var csbi consoleScreenBufferInfo
-	procGetConsoleScreenBufferInfo.Call(uintptr(w.handle), uintptr(unsafe.Pointer(&csbi)))
-
-	handle := w.handle
-
-	var er *bytes.Reader
-	if w.rest.Len() > 0 {
-		var rest bytes.Buffer
-		w.rest.WriteTo(&rest)
-		w.rest.Reset()
-		rest.Write(data)
-		er = bytes.NewReader(rest.Bytes())
-	} else {
-		er = bytes.NewReader(data)
-	}
-	var bw [1]byte
-loop:
-	for {
-		c1, err := er.ReadByte()
-		if err != nil {
-			break loop
-		}
-		if c1 != 0x1b {
-			bw[0] = c1
-			w.out.Write(bw[:])
-			continue
-		}
-		c2, err := er.ReadByte()
-		if err != nil {
-			break loop
-		}
-
-		switch c2 {
-		case '>':
-			continue
-		case ']':
-			w.rest.WriteByte(c1)
-			w.rest.WriteByte(c2)
-			er.WriteTo(&w.rest)
-			if bytes.IndexByte(w.rest.Bytes(), 0x07) == -1 {
-				break loop
-			}
-			er = bytes.NewReader(w.rest.Bytes()[2:])
-			err := doTitleSequence(er)
-			if err != nil {
-				break loop
-			}
-			w.rest.Reset()
-			continue
-		// https://github.com/mattn/go-colorable/issues/27
-		case '7':
-			procGetConsoleScreenBufferInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&csbi)))
-			w.oldpos = csbi.cursorPosition
-			continue
-		case '8':
-			procSetConsoleCursorPosition.Call(uintptr(handle), *(*uintptr)(unsafe.Pointer(&w.oldpos)))
-			continue
-		case 0x5b:
-			// execute part after switch
-		default:
-			continue
-		}
-
-		w.rest.WriteByte(c1)
-		w.rest.WriteByte(c2)
-		er.WriteTo(&w.rest)
-
-		var buf bytes.Buffer
-		var m byte
-		for i, c := range w.rest.Bytes()[2:] {
-			if ('a' <= c && c <= 'z') || ('A' <= c && c <= 'Z') || c == '@' {
-				m = c
-				er = bytes.NewReader(w.rest.Bytes()[2+i+1:])
-				w.rest.Reset()
-				break
-			}
-			buf.Write([]byte(string(c)))
-		}
-		if m == 0 {
-			break loop
-		}
-
-		switch m {
-		case 'A':
-			n, err = atoiWithDefault(buf.String(), 1)
-			if err != nil {
-				continue
-			}
-			procGetConsoleScreenBufferInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&csbi)))
-			csbi.cursorPosition.y -= short(n)
-			procSetConsoleCursorPosition.Call(uintptr(handle), *(*uintptr)(unsafe.Pointer(&csbi.cursorPosition)))
-		case 'B':
-			n, err = atoiWithDefault(buf.String(), 1)
-			if err != nil {
-				continue
-			}
-			procGetConsoleScreenBufferInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&csbi)))
-			csbi.cursorPosition.y += short(n)
-			procSetConsoleCursorPosition.Call(uintptr(handle), *(*uintptr)(unsafe.Pointer(&csbi.cursorPosition)))
-		case 'C':
-			n, err = atoiWithDefault(buf.String(), 1)
-			if err != nil {
-				continue
-			}
-			procGetConsoleScreenBufferInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&csbi)))
-			csbi.cursorPosition.x += short(n)
-			procSetConsoleCursorPosition.Call(uintptr(handle), *(*uintptr)(unsafe.Pointer(&csbi.cursorPosition)))
-		case 'D':
-			n, err = atoiWithDefault(buf.String(), 1)
-			if err != nil {
-				continue
-			}
-			procGetConsoleScreenBufferInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&csbi)))
-			csbi.cursorPosition.x -= short(n)
-			if csbi.cursorPosition.x < 0 {
-				csbi.cursorPosition.x = 0
-			}
-			procSetConsoleCursorPosition.Call(uintptr(handle), *(*uintptr)(unsafe.Pointer(&csbi.cursorPosition)))
-		case 'E':
-			n, err = strconv.Atoi(buf.String())
-			if err != nil {
-				continue
-			}
-			procGetConsoleScreenBufferInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&csbi)))
-			csbi.cursorPosition.x = 0
-			csbi.cursorPosition.y += short(n)
-			procSetConsoleCursorPosition.Call(uintptr(handle), *(*uintptr)(unsafe.Pointer(&csbi.cursorPosition)))
-		case 'F':
-			n, err = strconv.Atoi(buf.String())
-			if err != nil {
-				continue
-			}
-			procGetConsoleScreenBufferInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&csbi)))
-			csbi.cursorPosition.x = 0
-			csbi.cursorPosition.y -= short(n)
-			procSetConsoleCursorPosition.Call(uintptr(handle), *(*uintptr)(unsafe.Pointer(&csbi.cursorPosition)))
-		case 'G':
-			n, err = strconv.Atoi(buf.String())
-			if err != nil {
-				continue
-			}
-			if n < 1 {
-				n = 1
-			}
-			procGetConsoleScreenBufferInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&csbi)))
-			csbi.cursorPosition.x = short(n - 1)
-			procSetConsoleCursorPosition.Call(uintptr(handle), *(*uintptr)(unsafe.Pointer(&csbi.cursorPosition)))
-		case 'H', 'f':
-			procGetConsoleScreenBufferInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&csbi)))
-			if buf.Len() > 0 {
-				token := strings.Split(buf.String(), ";")
-				switch len(token) {
-				case 1:
-					n1, err := strconv.Atoi(token[0])
-					if err != nil {
-						continue
-					}
-					csbi.cursorPosition.y = short(n1 - 1)
-				case 2:
-					n1, err := strconv.Atoi(token[0])
-					if err != nil {
-						continue
-					}
-					n2, err := strconv.Atoi(token[1])
-					if err != nil {
-						continue
-					}
-					csbi.cursorPosition.x = short(n2 - 1)
-					csbi.cursorPosition.y = short(n1 - 1)
-				}
-			} else {
-				csbi.cursorPosition.y = 0
-			}
-			procSetConsoleCursorPosition.Call(uintptr(handle), *(*uintptr)(unsafe.Pointer(&csbi.cursorPosition)))
-		case 'J':
-			n := 0
-			if buf.Len() > 0 {
-				n, err = strconv.Atoi(buf.String())
-				if err != nil {
-					continue
-				}
-			}
-			var count, written dword
-			var cursor coord
-			procGetConsoleScreenBufferInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&csbi)))
-			switch n {
-			case 0:
-				cursor = coord{x: csbi.cursorPosition.x, y: csbi.cursorPosition.y}
-				count = dword(csbi.size.x) - dword(csbi.cursorPosition.x) + dword(csbi.size.y-csbi.cursorPosition.y)*dword(csbi.size.x)
-			case 1:
-				cursor = coord{x: csbi.window.left, y: csbi.window.top}
-				count = dword(csbi.size.x) - dword(csbi.cursorPosition.x) + dword(csbi.window.top-csbi.cursorPosition.y)*dword(csbi.size.x)
-			case 2:
-				cursor = coord{x: csbi.window.left, y: csbi.window.top}
-				count = dword(csbi.size.x) - dword(csbi.cursorPosition.x) + dword(csbi.size.y-csbi.cursorPosition.y)*dword(csbi.size.x)
-			}
-			procFillConsoleOutputCharacter.Call(uintptr(handle), uintptr(' '), uintptr(count), *(*uintptr)(unsafe.Pointer(&cursor)), uintptr(unsafe.Pointer(&written)))
-			procFillConsoleOutputAttribute.Call(uintptr(handle), uintptr(csbi.attributes), uintptr(count), *(*uintptr)(unsafe.Pointer(&cursor)), uintptr(unsafe.Pointer(&written)))
-		case 'K':
-			n := 0
-			if buf.Len() > 0 {
-				n, err = strconv.Atoi(buf.String())
-				if err != nil {
-					continue
-				}
-			}
-			procGetConsoleScreenBufferInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&csbi)))
-			var cursor coord
-			var count, written dword
-			switch n {
-			case 0:
-				cursor = coord{x: csbi.cursorPosition.x, y: csbi.cursorPosition.y}
-				count = dword(csbi.size.x - csbi.cursorPosition.x)
-			case 1:
-				cursor = coord{x: csbi.window.left, y: csbi.cursorPosition.y}
-				count = dword(csbi.size.x - csbi.cursorPosition.x)
-			case 2:
-				cursor = coord{x: csbi.window.left, y: csbi.cursorPosition.y}
-				count = dword(csbi.size.x)
-			}
-			procFillConsoleOutputCharacter.Call(uintptr(handle), uintptr(' '), uintptr(count), *(*uintptr)(unsafe.Pointer(&cursor)), uintptr(unsafe.Pointer(&written)))
-			procFillConsoleOutputAttribute.Call(uintptr(handle), uintptr(csbi.attributes), uintptr(count), *(*uintptr)(unsafe.Pointer(&cursor)), uintptr(unsafe.Pointer(&written)))
-		case 'X':
-			n := 0
-			if buf.Len() > 0 {
-				n, err = strconv.Atoi(buf.String())
-				if err != nil {
-					continue
-				}
-			}
-			procGetConsoleScreenBufferInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&csbi)))
-			var cursor coord
-			var written dword
-			cursor = coord{x: csbi.cursorPosition.x, y: csbi.cursorPosition.y}
-			procFillConsoleOutputCharacter.Call(uintptr(handle), uintptr(' '), uintptr(n), *(*uintptr)(unsafe.Pointer(&cursor)), uintptr(unsafe.Pointer(&written)))
-			procFillConsoleOutputAttribute.Call(uintptr(handle), uintptr(csbi.attributes), uintptr(n), *(*uintptr)(unsafe.Pointer(&cursor)), uintptr(unsafe.Pointer(&written)))
-		case 'm':
-			procGetConsoleScreenBufferInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&csbi)))
-			attr := csbi.attributes
-			cs := buf.String()
-			if cs == "" {
-				procSetConsoleTextAttribute.Call(uintptr(handle), uintptr(w.oldattr))
-				continue
-			}
-			token := strings.Split(cs, ";")
-			for i := 0; i < len(token); i++ {
-				ns := token[i]
-				if n, err = strconv.Atoi(ns); err == nil {
-					switch {
-					case n == 0 || n == 100:
-						attr = w.oldattr
-					case 1 <= n && n <= 5:
-						attr |= foregroundIntensity
-					case n == 7:
-						attr = ((attr & foregroundMask) << 4) | ((attr & backgroundMask) >> 4)
-					case n == 22 || n == 25:
-						attr |= foregroundIntensity
-					case n == 27:
-						attr = ((attr & foregroundMask) << 4) | ((attr & backgroundMask) >> 4)
-					case 30 <= n && n <= 37:
-						attr &= backgroundMask
-						if (n-30)&1 != 0 {
-							attr |= foregroundRed
-						}
-						if (n-30)&2 != 0 {
-							attr |= foregroundGreen
-						}
-						if (n-30)&4 != 0 {
-							attr |= foregroundBlue
-						}
-					case n == 38: // set foreground color.
-						if i < len(token)-2 && (token[i+1] == "5" || token[i+1] == "05") {
-							if n256, err := strconv.Atoi(token[i+2]); err == nil {
-								if n256foreAttr == nil {
-									n256setup()
-								}
-								attr &= backgroundMask
-								attr |= n256foreAttr[n256]
-								i += 2
-							}
-						} else if len(token) == 5 && token[i+1] == "2" {
-							var r, g, b int
-							r, _ = strconv.Atoi(token[i+2])
-							g, _ = strconv.Atoi(token[i+3])
-							b, _ = strconv.Atoi(token[i+4])
-							i += 4
-							if r > 127 {
-								attr |= foregroundRed
-							}
-							if g > 127 {
-								attr |= foregroundGreen
-							}
-							if b > 127 {
-								attr |= foregroundBlue
-							}
-						} else {
-							attr = attr & (w.oldattr & backgroundMask)
-						}
-					case n == 39: // reset foreground color.
-						attr &= backgroundMask
-						attr |= w.oldattr & foregroundMask
-					case 40 <= n && n <= 47:
-						attr &= foregroundMask
-						if (n-40)&1 != 0 {
-							attr |= backgroundRed
-						}
-						if (n-40)&2 != 0 {
-							attr |= backgroundGreen
-						}
-						if (n-40)&4 != 0 {
-							attr |= backgroundBlue
-						}
-					case n == 48: // set background color.
-						if i < len(token)-2 && token[i+1] == "5" {
-							if n256, err := strconv.Atoi(token[i+2]); err == nil {
-								if n256backAttr == nil {
-									n256setup()
-								}
-								attr &= foregroundMask
-								attr |= n256backAttr[n256]
-								i += 2
-							}
-						} else if len(token) == 5 && token[i+1] == "2" {
-							var r, g, b int
-							r, _ = strconv.Atoi(token[i+2])
-							g, _ = strconv.Atoi(token[i+3])
-							b, _ = strconv.Atoi(token[i+4])
-							i += 4
-							if r > 127 {
-								attr |= backgroundRed
-							}
-							if g > 127 {
-								attr |= backgroundGreen
-							}
-							if b > 127 {
-								attr |= backgroundBlue
-							}
-						} else {
-							attr = attr & (w.oldattr & foregroundMask)
-						}
-					case n == 49: // reset foreground color.
-						attr &= foregroundMask
-						attr |= w.oldattr & backgroundMask
-					case 90 <= n && n <= 97:
-						attr = (attr & backgroundMask)
-						attr |= foregroundIntensity
-						if (n-90)&1 != 0 {
-							attr |= foregroundRed
-						}
-						if (n-90)&2 != 0 {
-							attr |= foregroundGreen
-						}
-						if (n-90)&4 != 0 {
-							attr |= foregroundBlue
-						}
-					case 100 <= n && n <= 107:
-						attr = (attr & foregroundMask)
-						attr |= backgroundIntensity
-						if (n-100)&1 != 0 {
-							attr |= backgroundRed
-						}
-						if (n-100)&2 != 0 {
-							attr |= backgroundGreen
-						}
-						if (n-100)&4 != 0 {
-							attr |= backgroundBlue
-						}
-					}
-					procSetConsoleTextAttribute.Call(uintptr(handle), uintptr(attr))
-				}
-			}
-		case 'h':
-			var ci consoleCursorInfo
-			cs := buf.String()
-			if cs == "5>" {
-				procGetConsoleCursorInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&ci)))
-				ci.visible = 0
-				procSetConsoleCursorInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&ci)))
-			} else if cs == "?25" {
-				procGetConsoleCursorInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&ci)))
-				ci.visible = 1
-				procSetConsoleCursorInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&ci)))
-			} else if cs == "?1049" {
-				if w.althandle == 0 {
-					h, _, _ := procCreateConsoleScreenBuffer.Call(uintptr(genericRead|genericWrite), 0, 0, uintptr(consoleTextmodeBuffer), 0, 0)
-					w.althandle = syscall.Handle(h)
-					if w.althandle != 0 {
-						handle = w.althandle
-					}
-				}
-			}
-		case 'l':
-			var ci consoleCursorInfo
-			cs := buf.String()
-			if cs == "5>" {
-				procGetConsoleCursorInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&ci)))
-				ci.visible = 1
-				procSetConsoleCursorInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&ci)))
-			} else if cs == "?25" {
-				procGetConsoleCursorInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&ci)))
-				ci.visible = 0
-				procSetConsoleCursorInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&ci)))
-			} else if cs == "?1049" {
-				if w.althandle != 0 {
-					syscall.CloseHandle(w.althandle)
-					w.althandle = 0
-					handle = w.handle
-				}
-			}
-		case 's':
-			procGetConsoleScreenBufferInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&csbi)))
-			w.oldpos = csbi.cursorPosition
-		case 'u':
-			procSetConsoleCursorPosition.Call(uintptr(handle), *(*uintptr)(unsafe.Pointer(&w.oldpos)))
-		}
-	}
-
-	return len(data), nil
-}
-
-type consoleColor struct {
-	rgb       int
-	red       bool
-	green     bool
-	blue      bool
-	intensity bool
-}
-
-func (c consoleColor) foregroundAttr() (attr word) {
-	if c.red {
-		attr |= foregroundRed
-	}
-	if c.green {
-		attr |= foregroundGreen
-	}
-	if c.blue {
-		attr |= foregroundBlue
-	}
-	if c.intensity {
-		attr |= foregroundIntensity
-	}
-	return
-}
-
-func (c consoleColor) backgroundAttr() (attr word) {
-	if c.red {
-		attr |= backgroundRed
-	}
-	if c.green {
-		attr |= backgroundGreen
-	}
-	if c.blue {
-		attr |= backgroundBlue
-	}
-	if c.intensity {
-		attr |= backgroundIntensity
-	}
-	return
-}
-
-var color16 = []consoleColor{
-	{0x000000, false, false, false, false},
-	{0x000080, false, false, true, false},
-	{0x008000, false, true, false, false},
-	{0x008080, false, true, true, false},
-	{0x800000, true, false, false, false},
-	{0x800080, true, false, true, false},
-	{0x808000, true, true, false, false},
-	{0xc0c0c0, true, true, true, false},
-	{0x808080, false, false, false, true},
-	{0x0000ff, false, false, true, true},
-	{0x00ff00, false, true, false, true},
-	{0x00ffff, false, true, true, true},
-	{0xff0000, true, false, false, true},
-	{0xff00ff, true, false, true, true},
-	{0xffff00, true, true, false, true},
-	{0xffffff, true, true, true, true},
-}
-
-type hsv struct {
-	h, s, v float32
-}
-
-func (a hsv) dist(b hsv) float32 {
-	dh := a.h - b.h
-	switch {
-	case dh > 0.5:
-		dh = 1 - dh
-	case dh < -0.5:
-		dh = -1 - dh
-	}
-	ds := a.s - b.s
-	dv := a.v - b.v
-	return float32(math.Sqrt(float64(dh*dh + ds*ds + dv*dv)))
-}
-
-func toHSV(rgb int) hsv {
-	r, g, b := float32((rgb&0xFF0000)>>16)/256.0,
-		float32((rgb&0x00FF00)>>8)/256.0,
-		float32(rgb&0x0000FF)/256.0
-	min, max := minmax3f(r, g, b)
-	h := max - min
-	if h > 0 {
-		if max == r {
-			h = (g - b) / h
-			if h < 0 {
-				h += 6
-			}
-		} else if max == g {
-			h = 2 + (b-r)/h
-		} else {
-			h = 4 + (r-g)/h
-		}
-	}
-	h /= 6.0
-	s := max - min
-	if max != 0 {
-		s /= max
-	}
-	v := max
-	return hsv{h: h, s: s, v: v}
-}
-
-type hsvTable []hsv
-
-func toHSVTable(rgbTable []consoleColor) hsvTable {
-	t := make(hsvTable, len(rgbTable))
-	for i, c := range rgbTable {
-		t[i] = toHSV(c.rgb)
-	}
-	return t
-}
-
-func (t hsvTable) find(rgb int) consoleColor {
-	hsv := toHSV(rgb)
-	n := 7
-	l := float32(5.0)
-	for i, p := range t {
-		d := hsv.dist(p)
-		if d < l {
-			l, n = d, i
-		}
-	}
-	return color16[n]
-}
-
-func minmax3f(a, b, c float32) (min, max float32) {
-	if a < b {
-		if b < c {
-			return a, c
-		} else if a < c {
-			return a, b
-		} else {
-			return c, b
-		}
-	} else {
-		if a < c {
-			return b, c
-		} else if b < c {
-			return b, a
-		} else {
-			return c, a
-		}
-	}
-}
-
-var n256foreAttr []word
-var n256backAttr []word
-
-func n256setup() {
-	n256foreAttr = make([]word, 256)
-	n256backAttr = make([]word, 256)
-	t := toHSVTable(color16)
-	for i, rgb := range color256 {
-		c := t.find(rgb)
-		n256foreAttr[i] = c.foregroundAttr()
-		n256backAttr[i] = c.backgroundAttr()
-	}
-}
diff --git a/vendor/github.com/mattn/go-colorable/go.mod b/vendor/github.com/mattn/go-colorable/go.mod
deleted file mode 100644
index ef3ca9d4..00000000
--- a/vendor/github.com/mattn/go-colorable/go.mod
+++ /dev/null
@@ -1,3 +0,0 @@
-module github.com/mattn/go-colorable
-
-require github.com/mattn/go-isatty v0.0.8
diff --git a/vendor/github.com/mattn/go-colorable/go.sum b/vendor/github.com/mattn/go-colorable/go.sum
deleted file mode 100644
index 2c12960e..00000000
--- a/vendor/github.com/mattn/go-colorable/go.sum
+++ /dev/null
@@ -1,4 +0,0 @@
-github.com/mattn/go-isatty v0.0.5 h1:tHXDdz1cpzGaovsTB+TVB8q90WEokoVmfMqoVcrLUgw=
-github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223 h1:DH4skfRX4EBpamg7iV4ZlCpblAHI6s6TDM39bFZumv8=
-golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
diff --git a/vendor/github.com/mattn/go-colorable/noncolorable.go b/vendor/github.com/mattn/go-colorable/noncolorable.go
deleted file mode 100644
index 95f2c6be..00000000
--- a/vendor/github.com/mattn/go-colorable/noncolorable.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package colorable
-
-import (
-	"bytes"
-	"io"
-)
-
-// NonColorable holds writer but removes escape sequence.
-type NonColorable struct {
-	out io.Writer
-}
-
-// NewNonColorable returns new instance of Writer which removes escape sequence from Writer.
-func NewNonColorable(w io.Writer) io.Writer {
-	return &NonColorable{out: w}
-}
-
-// Write writes data on console
-func (w *NonColorable) Write(data []byte) (n int, err error) {
-	er := bytes.NewReader(data)
-	var bw [1]byte
-loop:
-	for {
-		c1, err := er.ReadByte()
-		if err != nil {
-			break loop
-		}
-		if c1 != 0x1b {
-			bw[0] = c1
-			w.out.Write(bw[:])
-			continue
-		}
-		c2, err := er.ReadByte()
-		if err != nil {
-			break loop
-		}
-		if c2 != 0x5b {
-			continue
-		}
-
-		var buf bytes.Buffer
-		for {
-			c, err := er.ReadByte()
-			if err != nil {
-				break loop
-			}
-			if ('a' <= c && c <= 'z') || ('A' <= c && c <= 'Z') || c == '@' {
-				break
-			}
-			buf.Write([]byte(string(c)))
-		}
-	}
-
-	return len(data), nil
-}
diff --git a/vendor/github.com/mattn/go-isatty/.travis.yml b/vendor/github.com/mattn/go-isatty/.travis.yml
deleted file mode 100644
index 5597e026..00000000
--- a/vendor/github.com/mattn/go-isatty/.travis.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-language: go
-go:
-  - tip
-
-os:
-  - linux
-  - osx
-
-before_install:
-  - go get github.com/mattn/goveralls
-  - go get golang.org/x/tools/cmd/cover
-script:
-  - $HOME/gopath/bin/goveralls -repotoken 3gHdORO5k5ziZcWMBxnd9LrMZaJs8m9x5
diff --git a/vendor/github.com/mattn/go-isatty/LICENSE b/vendor/github.com/mattn/go-isatty/LICENSE
deleted file mode 100644
index 65dc692b..00000000
--- a/vendor/github.com/mattn/go-isatty/LICENSE
+++ /dev/null
@@ -1,9 +0,0 @@
-Copyright (c) Yasuhiro MATSUMOTO <mattn.jp@gmail.com>
-
-MIT License (Expat)
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/github.com/mattn/go-isatty/README.md b/vendor/github.com/mattn/go-isatty/README.md
deleted file mode 100644
index 1e69004b..00000000
--- a/vendor/github.com/mattn/go-isatty/README.md
+++ /dev/null
@@ -1,50 +0,0 @@
-# go-isatty
-
-[![Godoc Reference](https://godoc.org/github.com/mattn/go-isatty?status.svg)](http://godoc.org/github.com/mattn/go-isatty)
-[![Build Status](https://travis-ci.org/mattn/go-isatty.svg?branch=master)](https://travis-ci.org/mattn/go-isatty)
-[![Coverage Status](https://coveralls.io/repos/github/mattn/go-isatty/badge.svg?branch=master)](https://coveralls.io/github/mattn/go-isatty?branch=master)
-[![Go Report Card](https://goreportcard.com/badge/mattn/go-isatty)](https://goreportcard.com/report/mattn/go-isatty)
-
-isatty for golang
-
-## Usage
-
-```go
-package main
-
-import (
-	"fmt"
-	"github.com/mattn/go-isatty"
-	"os"
-)
-
-func main() {
-	if isatty.IsTerminal(os.Stdout.Fd()) {
-		fmt.Println("Is Terminal")
-	} else if isatty.IsCygwinTerminal(os.Stdout.Fd()) {
-		fmt.Println("Is Cygwin/MSYS2 Terminal")
-	} else {
-		fmt.Println("Is Not Terminal")
-	}
-}
-```
-
-## Installation
-
-```
-$ go get github.com/mattn/go-isatty
-```
-
-## License
-
-MIT
-
-## Author
-
-Yasuhiro Matsumoto (a.k.a mattn)
-
-## Thanks
-
-* k-takata: base idea for IsCygwinTerminal
-
-    https://github.com/k-takata/go-iscygpty
diff --git a/vendor/github.com/mattn/go-isatty/doc.go b/vendor/github.com/mattn/go-isatty/doc.go
deleted file mode 100644
index 17d4f90e..00000000
--- a/vendor/github.com/mattn/go-isatty/doc.go
+++ /dev/null
@@ -1,2 +0,0 @@
-// Package isatty implements interface to isatty
-package isatty
diff --git a/vendor/github.com/mattn/go-isatty/go.mod b/vendor/github.com/mattn/go-isatty/go.mod
deleted file mode 100644
index a8ddf404..00000000
--- a/vendor/github.com/mattn/go-isatty/go.mod
+++ /dev/null
@@ -1,5 +0,0 @@
-module github.com/mattn/go-isatty
-
-require golang.org/x/sys v0.0.0-20191008105621-543471e840be
-
-go 1.14
diff --git a/vendor/github.com/mattn/go-isatty/go.sum b/vendor/github.com/mattn/go-isatty/go.sum
deleted file mode 100644
index c141fc53..00000000
--- a/vendor/github.com/mattn/go-isatty/go.sum
+++ /dev/null
@@ -1,4 +0,0 @@
-golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a h1:aYOabOQFp6Vj6W1F80affTUvO9UxmJRx8K0gsfABByQ=
-golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191008105621-543471e840be h1:QAcqgptGM8IQBC9K/RC4o+O9YmqEm0diQn9QmZw/0mU=
-golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/vendor/github.com/mattn/go-isatty/isatty_android.go b/vendor/github.com/mattn/go-isatty/isatty_android.go
deleted file mode 100644
index d3567cb5..00000000
--- a/vendor/github.com/mattn/go-isatty/isatty_android.go
+++ /dev/null
@@ -1,23 +0,0 @@
-// +build android
-
-package isatty
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-const ioctlReadTermios = syscall.TCGETS
-
-// IsTerminal return true if the file descriptor is terminal.
-func IsTerminal(fd uintptr) bool {
-	var termios syscall.Termios
-	_, _, err := syscall.Syscall6(syscall.SYS_IOCTL, fd, ioctlReadTermios, uintptr(unsafe.Pointer(&termios)), 0, 0, 0)
-	return err == 0
-}
-
-// IsCygwinTerminal return true if the file descriptor is a cygwin or msys2
-// terminal. This is also always false on this environment.
-func IsCygwinTerminal(fd uintptr) bool {
-	return false
-}
diff --git a/vendor/github.com/mattn/go-isatty/isatty_bsd.go b/vendor/github.com/mattn/go-isatty/isatty_bsd.go
deleted file mode 100644
index 07e93039..00000000
--- a/vendor/github.com/mattn/go-isatty/isatty_bsd.go
+++ /dev/null
@@ -1,24 +0,0 @@
-// +build darwin freebsd openbsd netbsd dragonfly
-// +build !appengine
-
-package isatty
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-const ioctlReadTermios = syscall.TIOCGETA
-
-// IsTerminal return true if the file descriptor is terminal.
-func IsTerminal(fd uintptr) bool {
-	var termios syscall.Termios
-	_, _, err := syscall.Syscall6(syscall.SYS_IOCTL, fd, ioctlReadTermios, uintptr(unsafe.Pointer(&termios)), 0, 0, 0)
-	return err == 0
-}
-
-// IsCygwinTerminal return true if the file descriptor is a cygwin or msys2
-// terminal. This is also always false on this environment.
-func IsCygwinTerminal(fd uintptr) bool {
-	return false
-}
diff --git a/vendor/github.com/mattn/go-isatty/isatty_others.go b/vendor/github.com/mattn/go-isatty/isatty_others.go
deleted file mode 100644
index ff714a37..00000000
--- a/vendor/github.com/mattn/go-isatty/isatty_others.go
+++ /dev/null
@@ -1,15 +0,0 @@
-// +build appengine js nacl
-
-package isatty
-
-// IsTerminal returns true if the file descriptor is terminal which
-// is always false on js and appengine classic which is a sandboxed PaaS.
-func IsTerminal(fd uintptr) bool {
-	return false
-}
-
-// IsCygwinTerminal() return true if the file descriptor is a cygwin or msys2
-// terminal. This is also always false on this environment.
-func IsCygwinTerminal(fd uintptr) bool {
-	return false
-}
diff --git a/vendor/github.com/mattn/go-isatty/isatty_plan9.go b/vendor/github.com/mattn/go-isatty/isatty_plan9.go
deleted file mode 100644
index bc0a7092..00000000
--- a/vendor/github.com/mattn/go-isatty/isatty_plan9.go
+++ /dev/null
@@ -1,22 +0,0 @@
-// +build plan9
-
-package isatty
-
-import (
-	"syscall"
-)
-
-// IsTerminal returns true if the given file descriptor is a terminal.
-func IsTerminal(fd uintptr) bool {
-	path, err := syscall.Fd2path(fd)
-	if err != nil {
-		return false
-	}
-	return path == "/dev/cons" || path == "/mnt/term/dev/cons"
-}
-
-// IsCygwinTerminal return true if the file descriptor is a cygwin or msys2
-// terminal. This is also always false on this environment.
-func IsCygwinTerminal(fd uintptr) bool {
-	return false
-}
diff --git a/vendor/github.com/mattn/go-isatty/isatty_solaris.go b/vendor/github.com/mattn/go-isatty/isatty_solaris.go
deleted file mode 100644
index bdd5c79a..00000000
--- a/vendor/github.com/mattn/go-isatty/isatty_solaris.go
+++ /dev/null
@@ -1,22 +0,0 @@
-// +build solaris
-// +build !appengine
-
-package isatty
-
-import (
-	"golang.org/x/sys/unix"
-)
-
-// IsTerminal returns true if the given file descriptor is a terminal.
-// see: http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libbc/libc/gen/common/isatty.c
-func IsTerminal(fd uintptr) bool {
-	var termio unix.Termio
-	err := unix.IoctlSetTermio(int(fd), unix.TCGETA, &termio)
-	return err == nil
-}
-
-// IsCygwinTerminal return true if the file descriptor is a cygwin or msys2
-// terminal. This is also always false on this environment.
-func IsCygwinTerminal(fd uintptr) bool {
-	return false
-}
diff --git a/vendor/github.com/mattn/go-isatty/isatty_tcgets.go b/vendor/github.com/mattn/go-isatty/isatty_tcgets.go
deleted file mode 100644
index 453b025d..00000000
--- a/vendor/github.com/mattn/go-isatty/isatty_tcgets.go
+++ /dev/null
@@ -1,19 +0,0 @@
-// +build linux aix
-// +build !appengine
-// +build !android
-
-package isatty
-
-import "golang.org/x/sys/unix"
-
-// IsTerminal return true if the file descriptor is terminal.
-func IsTerminal(fd uintptr) bool {
-	_, err := unix.IoctlGetTermios(int(fd), unix.TCGETS)
-	return err == nil
-}
-
-// IsCygwinTerminal return true if the file descriptor is a cygwin or msys2
-// terminal. This is also always false on this environment.
-func IsCygwinTerminal(fd uintptr) bool {
-	return false
-}
diff --git a/vendor/github.com/mattn/go-isatty/isatty_windows.go b/vendor/github.com/mattn/go-isatty/isatty_windows.go
deleted file mode 100644
index 1fa86915..00000000
--- a/vendor/github.com/mattn/go-isatty/isatty_windows.go
+++ /dev/null
@@ -1,125 +0,0 @@
-// +build windows
-// +build !appengine
-
-package isatty
-
-import (
-	"errors"
-	"strings"
-	"syscall"
-	"unicode/utf16"
-	"unsafe"
-)
-
-const (
-	objectNameInfo uintptr = 1
-	fileNameInfo           = 2
-	fileTypePipe           = 3
-)
-
-var (
-	kernel32                         = syscall.NewLazyDLL("kernel32.dll")
-	ntdll                            = syscall.NewLazyDLL("ntdll.dll")
-	procGetConsoleMode               = kernel32.NewProc("GetConsoleMode")
-	procGetFileInformationByHandleEx = kernel32.NewProc("GetFileInformationByHandleEx")
-	procGetFileType                  = kernel32.NewProc("GetFileType")
-	procNtQueryObject                = ntdll.NewProc("NtQueryObject")
-)
-
-func init() {
-	// Check if GetFileInformationByHandleEx is available.
-	if procGetFileInformationByHandleEx.Find() != nil {
-		procGetFileInformationByHandleEx = nil
-	}
-}
-
-// IsTerminal return true if the file descriptor is terminal.
-func IsTerminal(fd uintptr) bool {
-	var st uint32
-	r, _, e := syscall.Syscall(procGetConsoleMode.Addr(), 2, fd, uintptr(unsafe.Pointer(&st)), 0)
-	return r != 0 && e == 0
-}
-
-// Check pipe name is used for cygwin/msys2 pty.
-// Cygwin/MSYS2 PTY has a name like:
-//   \{cygwin,msys}-XXXXXXXXXXXXXXXX-ptyN-{from,to}-master
-func isCygwinPipeName(name string) bool {
-	token := strings.Split(name, "-")
-	if len(token) < 5 {
-		return false
-	}
-
-	if token[0] != `\msys` &&
-		token[0] != `\cygwin` &&
-		token[0] != `\Device\NamedPipe\msys` &&
-		token[0] != `\Device\NamedPipe\cygwin` {
-		return false
-	}
-
-	if token[1] == "" {
-		return false
-	}
-
-	if !strings.HasPrefix(token[2], "pty") {
-		return false
-	}
-
-	if token[3] != `from` && token[3] != `to` {
-		return false
-	}
-
-	if token[4] != "master" {
-		return false
-	}
-
-	return true
-}
-
-// getFileNameByHandle use the undocomented ntdll NtQueryObject to get file full name from file handler
-// since GetFileInformationByHandleEx is not avilable under windows Vista and still some old fashion
-// guys are using Windows XP, this is a workaround for those guys, it will also work on system from
-// Windows vista to 10
-// see https://stackoverflow.com/a/18792477 for details
-func getFileNameByHandle(fd uintptr) (string, error) {
-	if procNtQueryObject == nil {
-		return "", errors.New("ntdll.dll: NtQueryObject not supported")
-	}
-
-	var buf [4 + syscall.MAX_PATH]uint16
-	var result int
-	r, _, e := syscall.Syscall6(procNtQueryObject.Addr(), 5,
-		fd, objectNameInfo, uintptr(unsafe.Pointer(&buf)), uintptr(2*len(buf)), uintptr(unsafe.Pointer(&result)), 0)
-	if r != 0 {
-		return "", e
-	}
-	return string(utf16.Decode(buf[4 : 4+buf[0]/2])), nil
-}
-
-// IsCygwinTerminal() return true if the file descriptor is a cygwin or msys2
-// terminal.
-func IsCygwinTerminal(fd uintptr) bool {
-	if procGetFileInformationByHandleEx == nil {
-		name, err := getFileNameByHandle(fd)
-		if err != nil {
-			return false
-		}
-		return isCygwinPipeName(name)
-	}
-
-	// Cygwin/msys's pty is a pipe.
-	ft, _, e := syscall.Syscall(procGetFileType.Addr(), 1, fd, 0, 0)
-	if ft != fileTypePipe || e != 0 {
-		return false
-	}
-
-	var buf [2 + syscall.MAX_PATH]uint16
-	r, _, e := syscall.Syscall6(procGetFileInformationByHandleEx.Addr(),
-		4, fd, fileNameInfo, uintptr(unsafe.Pointer(&buf)),
-		uintptr(len(buf)*2), 0, 0)
-	if r == 0 || e != 0 {
-		return false
-	}
-
-	l := *(*uint32)(unsafe.Pointer(&buf))
-	return isCygwinPipeName(string(utf16.Decode(buf[2 : 2+l/2])))
-}
diff --git a/vendor/github.com/rifflock/lfshook/README.md b/vendor/github.com/rifflock/lfshook/README.md
deleted file mode 100644
index ece313ea..00000000
--- a/vendor/github.com/rifflock/lfshook/README.md
+++ /dev/null
@@ -1,87 +0,0 @@
-# Local Filesystem Hook for Logrus
-
-[![GoDoc](https://godoc.org/github.com/rifflock/lfshook?status.svg)](http://godoc.org/github.com/rifflock/lfshook)
-
-Sometimes developers like to write directly to a file on the filesystem. This is a hook for [`logrus`](https://github.com/sirupsen/logrus) which designed to allow users to do that. The log levels are dynamic at instantiation of the hook, so it is capable of logging at some or all levels.
-
-## Example
-```go
-import (
-	"github.com/rifflock/lfshook"
-	"github.com/sirupsen/logrus"
-)
-
-var Log *logrus.Logger
-
-func NewLogger() *logrus.Logger {
-	if Log != nil {
-		return Log
-	}
-
-	pathMap := lfshook.PathMap{
-		logrus.InfoLevel:  "/var/log/info.log",
-		logrus.ErrorLevel: "/var/log/error.log",
-	}
-
-	Log = logrus.New()
-	Log.Hooks.Add(lfshook.NewHook(
-		pathMap,
-		&logrus.JSONFormatter{},
-	))
-	return Log
-}
-```
-
-### Formatters
-`lfshook` will strip colors from any `TextFormatter` type formatters when writing to local file, because the color codes don't look great in file.
-
-If no formatter is provided via `lfshook.NewHook`, a default text formatter will be used.
-
-### Log rotation
-In order to enable automatic log rotation it's possible to provide an io.Writer instead of the path string of a log file.
-In combination with packages like [file-rotatelogs](https://github.com/lestrrat-go/file-rotatelogs) log rotation can easily be achieved.
-
-```go
-package main
-
-import (
-	rotatelogs "github.com/lestrrat-go/file-rotatelogs"
-	"github.com/rifflock/lfshook"
-	"github.com/sirupsen/logrus"
-)
-
-var Log *logrus.Logger
-
-func NewLogger() *logrus.Logger {
-	if Log != nil {
-		return Log
-	}
-
-	path := "/var/log/go.log"
-	writer := rotatelogs.New(
-		path+".%Y%m%d%H%M",
-		rotatelogs.WithLinkName(path),
-		rotatelogs.WithMaxAge(time.Duration(86400)*time.Second),
-		rotatelogs.WithRotationTime(time.Duration(604800)*time.Second),
-	)
-
-	logrus.Hooks.Add(lfshook.NewHook(
-		lfshook.WriterMap{
-			logrus.InfoLevel:  writer,
-			logrus.ErrorLevel: writer,
-		},
-		&logrus.JSONFormatter,
-	))
-
-	Log = logrus.New()
-	Log.Hooks.Add(lfshook.NewHook(
-		pathMap,
-		&logrus.JSONFormatter{},
-	))
-
-	return Log
-}
-```
-
-### Note:
-User who run the go application must have read/write permissions to the selected log files. If the files do not exists yet, then user must have permission to the target directory.
diff --git a/vendor/github.com/rifflock/lfshook/lfshook.go b/vendor/github.com/rifflock/lfshook/lfshook.go
deleted file mode 100644
index 1e8d22af..00000000
--- a/vendor/github.com/rifflock/lfshook/lfshook.go
+++ /dev/null
@@ -1,194 +0,0 @@
-// Package lfshook is hook for sirupsen/logrus that used for writing the logs to local files.
-package lfshook
-
-import (
-	"fmt"
-	"github.com/sirupsen/logrus"
-	"io"
-	"log"
-	"os"
-	"path/filepath"
-	"reflect"
-	"sync"
-)
-
-// We are logging to file, strip colors to make the output more readable.
-var defaultFormatter = &logrus.TextFormatter{DisableColors: true}
-
-// PathMap is map for mapping a log level to a file's path.
-// Multiple levels may share a file, but multiple files may not be used for one level.
-type PathMap map[logrus.Level]string
-
-// WriterMap is map for mapping a log level to an io.Writer.
-// Multiple levels may share a writer, but multiple writers may not be used for one level.
-type WriterMap map[logrus.Level]io.Writer
-
-// LfsHook is a hook to handle writing to local log files.
-type LfsHook struct {
-	paths     PathMap
-	writers   WriterMap
-	levels    []logrus.Level
-	lock      *sync.Mutex
-	formatter logrus.Formatter
-
-	defaultPath      string
-	defaultWriter    io.Writer
-	hasDefaultPath   bool
-	hasDefaultWriter bool
-}
-
-// NewHook returns new LFS hook.
-// Output can be a string, io.Writer, WriterMap or PathMap.
-// If using io.Writer or WriterMap, user is responsible for closing the used io.Writer.
-func NewHook(output interface{}, formatter logrus.Formatter) *LfsHook {
-	hook := &LfsHook{
-		lock: new(sync.Mutex),
-	}
-
-	hook.SetFormatter(formatter)
-
-	switch output.(type) {
-	case string:
-		hook.SetDefaultPath(output.(string))
-		break
-	case io.Writer:
-		hook.SetDefaultWriter(output.(io.Writer))
-		break
-	case PathMap:
-		hook.paths = output.(PathMap)
-		for level := range output.(PathMap) {
-			hook.levels = append(hook.levels, level)
-		}
-		break
-	case WriterMap:
-		hook.writers = output.(WriterMap)
-		for level := range output.(WriterMap) {
-			hook.levels = append(hook.levels, level)
-		}
-		break
-	default:
-		panic(fmt.Sprintf("unsupported level map type: %v", reflect.TypeOf(output)))
-	}
-
-	return hook
-}
-
-// SetFormatter sets the format that will be used by hook.
-// If using text formatter, this method will disable color output to make the log file more readable.
-func (hook *LfsHook) SetFormatter(formatter logrus.Formatter) {
-	hook.lock.Lock()
-	defer hook.lock.Unlock()
-	if formatter == nil {
-		formatter = defaultFormatter
-	} else {
-		switch formatter.(type) {
-		case *logrus.TextFormatter:
-			textFormatter := formatter.(*logrus.TextFormatter)
-			textFormatter.DisableColors = true
-		}
-	}
-
-	hook.formatter = formatter
-}
-
-// SetDefaultPath sets default path for levels that don't have any defined output path.
-func (hook *LfsHook) SetDefaultPath(defaultPath string) {
-	hook.lock.Lock()
-	defer hook.lock.Unlock()
-	hook.defaultPath = defaultPath
-	hook.hasDefaultPath = true
-}
-
-// SetDefaultWriter sets default writer for levels that don't have any defined writer.
-func (hook *LfsHook) SetDefaultWriter(defaultWriter io.Writer) {
-	hook.lock.Lock()
-	defer hook.lock.Unlock()
-	hook.defaultWriter = defaultWriter
-	hook.hasDefaultWriter = true
-}
-
-// Fire writes the log file to defined path or using the defined writer.
-// User who run this function needs write permissions to the file or directory if the file does not yet exist.
-func (hook *LfsHook) Fire(entry *logrus.Entry) error {
-	hook.lock.Lock()
-	defer hook.lock.Unlock()
-	if hook.writers != nil || hook.hasDefaultWriter {
-		return hook.ioWrite(entry)
-	} else if hook.paths != nil || hook.hasDefaultPath {
-		return hook.fileWrite(entry)
-	}
-
-	return nil
-}
-
-// Write a log line to an io.Writer.
-func (hook *LfsHook) ioWrite(entry *logrus.Entry) error {
-	var (
-		writer io.Writer
-		msg    []byte
-		err    error
-		ok     bool
-	)
-
-	if writer, ok = hook.writers[entry.Level]; !ok {
-		if hook.hasDefaultWriter {
-			writer = hook.defaultWriter
-		} else {
-			return nil
-		}
-	}
-
-	// use our formatter instead of entry.String()
-	msg, err = hook.formatter.Format(entry)
-
-	if err != nil {
-		log.Println("failed to generate string for entry:", err)
-		return err
-	}
-	_, err = writer.Write(msg)
-	return err
-}
-
-// Write a log line directly to a file.
-func (hook *LfsHook) fileWrite(entry *logrus.Entry) error {
-	var (
-		fd   *os.File
-		path string
-		msg  []byte
-		err  error
-		ok   bool
-	)
-
-	if path, ok = hook.paths[entry.Level]; !ok {
-		if hook.hasDefaultPath {
-			path = hook.defaultPath
-		} else {
-			return nil
-		}
-	}
-
-	dir := filepath.Dir(path)
-	os.MkdirAll(dir, os.ModePerm)
-
-	fd, err = os.OpenFile(path, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0666)
-	if err != nil {
-		log.Println("failed to open logfile:", path, err)
-		return err
-	}
-	defer fd.Close()
-
-	// use our formatter instead of entry.String()
-	msg, err = hook.formatter.Format(entry)
-
-	if err != nil {
-		log.Println("failed to generate string for entry:", err)
-		return err
-	}
-	fd.Write(msg)
-	return nil
-}
-
-// Levels returns configured log levels.
-func (hook *LfsHook) Levels() []logrus.Level {
-	return logrus.AllLevels
-}
diff --git a/vendor/github.com/sirupsen/logrus/.gitignore b/vendor/github.com/sirupsen/logrus/.gitignore
deleted file mode 100644
index 6b7d7d1e..00000000
--- a/vendor/github.com/sirupsen/logrus/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-logrus
-vendor
diff --git a/vendor/github.com/sirupsen/logrus/.travis.yml b/vendor/github.com/sirupsen/logrus/.travis.yml
deleted file mode 100644
index 848938a6..00000000
--- a/vendor/github.com/sirupsen/logrus/.travis.yml
+++ /dev/null
@@ -1,25 +0,0 @@
-language: go
-go_import_path: github.com/sirupsen/logrus
-git:
-  depth: 1
-env:
-  - GO111MODULE=on
-  - GO111MODULE=off
-go: [ 1.11.x, 1.12.x ]
-os: [ linux, osx ]
-matrix:
-  exclude:
-    - go: 1.12.x
-      env: GO111MODULE=off
-    - go: 1.11.x
-      os: osx
-install:
-  - ./travis/install.sh
-  - if [[ "$GO111MODULE" ==  "on" ]]; then go mod download; fi
-  - if [[ "$GO111MODULE" == "off" ]]; then go get github.com/stretchr/testify/assert golang.org/x/sys/unix github.com/konsorten/go-windows-terminal-sequences; fi
-script:
-  - ./travis/cross_build.sh
-  - export GOMAXPROCS=4
-  - export GORACE=halt_on_error=1
-  - go test -race -v ./...
-  - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then go test -race -v -tags appengine ./... ; fi
diff --git a/vendor/github.com/sirupsen/logrus/CHANGELOG.md b/vendor/github.com/sirupsen/logrus/CHANGELOG.md
deleted file mode 100644
index 51a7ab0c..00000000
--- a/vendor/github.com/sirupsen/logrus/CHANGELOG.md
+++ /dev/null
@@ -1,200 +0,0 @@
-# 1.4.2
-  * Fixes build break for plan9, nacl, solaris
-# 1.4.1
-This new release introduces:
-  * Enhance TextFormatter to not print caller information when they are empty (#944)
-  * Remove dependency on golang.org/x/crypto (#932, #943) 
-
-Fixes:
-  * Fix Entry.WithContext method to return a copy of the initial entry (#941)
-
-# 1.4.0
-This new release introduces:
-  * Add `DeferExitHandler`, similar to `RegisterExitHandler` but prepending the handler to the list of handlers (semantically like `defer`) (#848).
-  * Add `CallerPrettyfier` to `JSONFormatter` and `TextFormatter (#909, #911)
-  * Add `Entry.WithContext()` and `Entry.Context`, to set a context on entries to be used e.g. in hooks (#919).
-
-Fixes:
-  * Fix wrong method calls `Logger.Print` and `Logger.Warningln` (#893).
-  * Update `Entry.Logf` to not do string formatting unless the log level is enabled (#903)
-  * Fix infinite recursion on unknown `Level.String()` (#907)
-  * Fix race condition in `getCaller` (#916).
-
-
-# 1.3.0
-This new release introduces:
-  * Log, Logf, Logln functions for Logger and Entry that take a Level
-
-Fixes:
-  * Building prometheus node_exporter on AIX (#840)
-  * Race condition in TextFormatter (#468)
-  * Travis CI import path (#868)
-  * Remove coloured output on Windows (#862)
-  * Pointer to func as field in JSONFormatter (#870)
-  * Properly marshal Levels (#873)
-
-# 1.2.0
-This new release introduces:
-  * A new method `SetReportCaller` in the `Logger` to enable the file, line and calling function from which the trace has been issued
-  * A new trace level named `Trace` whose level is below `Debug`
-  * A configurable exit function to be called upon a Fatal trace
-  * The `Level` object now implements `encoding.TextUnmarshaler` interface
-
-# 1.1.1
-This is a bug fix release.
-  * fix the build break on Solaris
-  * don't drop a whole trace in JSONFormatter when a field param is a function pointer which can not be serialized
-
-# 1.1.0
-This new release introduces:
-  * several fixes:
-    * a fix for a race condition on entry formatting
-    * proper cleanup of previously used entries before putting them back in the pool
-    * the extra new line at the end of message in text formatter has been removed
-  * a new global public API to check if a level is activated: IsLevelEnabled
-  * the following methods have been added to the Logger object
-    * IsLevelEnabled
-    * SetFormatter
-    * SetOutput
-    * ReplaceHooks
-  * introduction of go module
-  * an indent configuration for the json formatter
-  * output colour support for windows
-  * the field sort function is now configurable for text formatter
-  * the CLICOLOR and CLICOLOR\_FORCE environment variable support in text formater
-
-# 1.0.6
-
-This new release introduces:
-  * a new api WithTime which allows to easily force the time of the log entry
-    which is mostly useful for logger wrapper
-  * a fix reverting the immutability of the entry given as parameter to the hooks
-    a new configuration field of the json formatter in order to put all the fields
-    in a nested dictionnary
-  * a new SetOutput method in the Logger
-  * a new configuration of the textformatter to configure the name of the default keys
-  * a new configuration of the text formatter to disable the level truncation
-
-# 1.0.5
-
-* Fix hooks race (#707)
-* Fix panic deadlock (#695)
-
-# 1.0.4
-
-* Fix race when adding hooks (#612)
-* Fix terminal check in AppEngine (#635)
-
-# 1.0.3
-
-* Replace example files with testable examples
-
-# 1.0.2
-
-* bug: quote non-string values in text formatter (#583)
-* Make (*Logger) SetLevel a public method
-
-# 1.0.1
-
-* bug: fix escaping in text formatter (#575)
-
-# 1.0.0
-
-* Officially changed name to lower-case
-* bug: colors on Windows 10 (#541)
-* bug: fix race in accessing level (#512)
-
-# 0.11.5
-
-* feature: add writer and writerlevel to entry (#372)
-
-# 0.11.4
-
-* bug: fix undefined variable on solaris (#493)
-
-# 0.11.3
-
-* formatter: configure quoting of empty values (#484)
-* formatter: configure quoting character (default is `"`) (#484)
-* bug: fix not importing io correctly in non-linux environments (#481)
-
-# 0.11.2
-
-* bug: fix windows terminal detection (#476)
-
-# 0.11.1
-
-* bug: fix tty detection with custom out (#471)
-
-# 0.11.0
-
-* performance: Use bufferpool to allocate (#370)
-* terminal: terminal detection for app-engine (#343)
-* feature: exit handler (#375)
-
-# 0.10.0
-
-* feature: Add a test hook (#180)
-* feature: `ParseLevel` is now case-insensitive (#326)
-* feature: `FieldLogger` interface that generalizes `Logger` and `Entry` (#308)
-* performance: avoid re-allocations on `WithFields` (#335)
-
-# 0.9.0
-
-* logrus/text_formatter: don't emit empty msg
-* logrus/hooks/airbrake: move out of main repository
-* logrus/hooks/sentry: move out of main repository
-* logrus/hooks/papertrail: move out of main repository
-* logrus/hooks/bugsnag: move out of main repository
-* logrus/core: run tests with `-race`
-* logrus/core: detect TTY based on `stderr`
-* logrus/core: support `WithError` on logger
-* logrus/core: Solaris support
-
-# 0.8.7
-
-* logrus/core: fix possible race (#216)
-* logrus/doc: small typo fixes and doc improvements
-
-
-# 0.8.6
-
-* hooks/raven: allow passing an initialized client
-
-# 0.8.5
-
-* logrus/core: revert #208
-
-# 0.8.4
-
-* formatter/text: fix data race (#218)
-
-# 0.8.3
-
-* logrus/core: fix entry log level (#208)
-* logrus/core: improve performance of text formatter by 40%
-* logrus/core: expose `LevelHooks` type
-* logrus/core: add support for DragonflyBSD and NetBSD
-* formatter/text: print structs more verbosely
-
-# 0.8.2
-
-* logrus: fix more Fatal family functions
-
-# 0.8.1
-
-* logrus: fix not exiting on `Fatalf` and `Fatalln`
-
-# 0.8.0
-
-* logrus: defaults to stderr instead of stdout
-* hooks/sentry: add special field for `*http.Request`
-* formatter/text: ignore Windows for colors
-
-# 0.7.3
-
-* formatter/\*: allow configuration of timestamp layout
-
-# 0.7.2
-
-* formatter/text: Add configuration option for time format (#158)
diff --git a/vendor/github.com/sirupsen/logrus/LICENSE b/vendor/github.com/sirupsen/logrus/LICENSE
deleted file mode 100644
index f090cb42..00000000
--- a/vendor/github.com/sirupsen/logrus/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2014 Simon Eskildsen
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
diff --git a/vendor/github.com/sirupsen/logrus/README.md b/vendor/github.com/sirupsen/logrus/README.md
deleted file mode 100644
index a4796eb0..00000000
--- a/vendor/github.com/sirupsen/logrus/README.md
+++ /dev/null
@@ -1,495 +0,0 @@
-# Logrus <img src="http://i.imgur.com/hTeVwmJ.png" width="40" height="40" alt=":walrus:" class="emoji" title=":walrus:"/>&nbsp;[![Build Status](https://travis-ci.org/sirupsen/logrus.svg?branch=master)](https://travis-ci.org/sirupsen/logrus)&nbsp;[![GoDoc](https://godoc.org/github.com/sirupsen/logrus?status.svg)](https://godoc.org/github.com/sirupsen/logrus)
-
-Logrus is a structured logger for Go (golang), completely API compatible with
-the standard library logger.
-
-**Seeing weird case-sensitive problems?** It's in the past been possible to
-import Logrus as both upper- and lower-case. Due to the Go package environment,
-this caused issues in the community and we needed a standard. Some environments
-experienced problems with the upper-case variant, so the lower-case was decided.
-Everything using `logrus` will need to use the lower-case:
-`github.com/sirupsen/logrus`. Any package that isn't, should be changed.
-
-To fix Glide, see [these
-comments](https://github.com/sirupsen/logrus/issues/553#issuecomment-306591437).
-For an in-depth explanation of the casing issue, see [this
-comment](https://github.com/sirupsen/logrus/issues/570#issuecomment-313933276).
-
-**Are you interested in assisting in maintaining Logrus?** Currently I have a
-lot of obligations, and I am unable to provide Logrus with the maintainership it
-needs. If you'd like to help, please reach out to me at `simon at author's
-username dot com`.
-
-Nicely color-coded in development (when a TTY is attached, otherwise just
-plain text):
-
-![Colored](http://i.imgur.com/PY7qMwd.png)
-
-With `log.SetFormatter(&log.JSONFormatter{})`, for easy parsing by logstash
-or Splunk:
-
-```json
-{"animal":"walrus","level":"info","msg":"A group of walrus emerges from the
-ocean","size":10,"time":"2014-03-10 19:57:38.562264131 -0400 EDT"}
-
-{"level":"warning","msg":"The group's number increased tremendously!",
-"number":122,"omg":true,"time":"2014-03-10 19:57:38.562471297 -0400 EDT"}
-
-{"animal":"walrus","level":"info","msg":"A giant walrus appears!",
-"size":10,"time":"2014-03-10 19:57:38.562500591 -0400 EDT"}
-
-{"animal":"walrus","level":"info","msg":"Tremendously sized cow enters the ocean.",
-"size":9,"time":"2014-03-10 19:57:38.562527896 -0400 EDT"}
-
-{"level":"fatal","msg":"The ice breaks!","number":100,"omg":true,
-"time":"2014-03-10 19:57:38.562543128 -0400 EDT"}
-```
-
-With the default `log.SetFormatter(&log.TextFormatter{})` when a TTY is not
-attached, the output is compatible with the
-[logfmt](http://godoc.org/github.com/kr/logfmt) format:
-
-```text
-time="2015-03-26T01:27:38-04:00" level=debug msg="Started observing beach" animal=walrus number=8
-time="2015-03-26T01:27:38-04:00" level=info msg="A group of walrus emerges from the ocean" animal=walrus size=10
-time="2015-03-26T01:27:38-04:00" level=warning msg="The group's number increased tremendously!" number=122 omg=true
-time="2015-03-26T01:27:38-04:00" level=debug msg="Temperature changes" temperature=-4
-time="2015-03-26T01:27:38-04:00" level=panic msg="It's over 9000!" animal=orca size=9009
-time="2015-03-26T01:27:38-04:00" level=fatal msg="The ice breaks!" err=&{0x2082280c0 map[animal:orca size:9009] 2015-03-26 01:27:38.441574009 -0400 EDT panic It's over 9000!} number=100 omg=true
-```
-To ensure this behaviour even if a TTY is attached, set your formatter as follows:
-
-```go
-	log.SetFormatter(&log.TextFormatter{
-		DisableColors: true,
-		FullTimestamp: true,
-	})
-```
-
-#### Logging Method Name
-
-If you wish to add the calling method as a field, instruct the logger via:
-```go
-log.SetReportCaller(true)
-```
-This adds the caller as 'method' like so:
-
-```json
-{"animal":"penguin","level":"fatal","method":"github.com/sirupsen/arcticcreatures.migrate","msg":"a penguin swims by",
-"time":"2014-03-10 19:57:38.562543129 -0400 EDT"}
-```
-
-```text
-time="2015-03-26T01:27:38-04:00" level=fatal method=github.com/sirupsen/arcticcreatures.migrate msg="a penguin swims by" animal=penguin
-```
-Note that this does add measurable overhead - the cost will depend on the version of Go, but is
-between 20 and 40% in recent tests with 1.6 and 1.7.  You can validate this in your
-environment via benchmarks: 
-```
-go test -bench=.*CallerTracing
-```
-
-
-#### Case-sensitivity
-
-The organization's name was changed to lower-case--and this will not be changed
-back. If you are getting import conflicts due to case sensitivity, please use
-the lower-case import: `github.com/sirupsen/logrus`.
-
-#### Example
-
-The simplest way to use Logrus is simply the package-level exported logger:
-
-```go
-package main
-
-import (
-  log "github.com/sirupsen/logrus"
-)
-
-func main() {
-  log.WithFields(log.Fields{
-    "animal": "walrus",
-  }).Info("A walrus appears")
-}
-```
-
-Note that it's completely api-compatible with the stdlib logger, so you can
-replace your `log` imports everywhere with `log "github.com/sirupsen/logrus"`
-and you'll now have the flexibility of Logrus. You can customize it all you
-want:
-
-```go
-package main
-
-import (
-  "os"
-  log "github.com/sirupsen/logrus"
-)
-
-func init() {
-  // Log as JSON instead of the default ASCII formatter.
-  log.SetFormatter(&log.JSONFormatter{})
-
-  // Output to stdout instead of the default stderr
-  // Can be any io.Writer, see below for File example
-  log.SetOutput(os.Stdout)
-
-  // Only log the warning severity or above.
-  log.SetLevel(log.WarnLevel)
-}
-
-func main() {
-  log.WithFields(log.Fields{
-    "animal": "walrus",
-    "size":   10,
-  }).Info("A group of walrus emerges from the ocean")
-
-  log.WithFields(log.Fields{
-    "omg":    true,
-    "number": 122,
-  }).Warn("The group's number increased tremendously!")
-
-  log.WithFields(log.Fields{
-    "omg":    true,
-    "number": 100,
-  }).Fatal("The ice breaks!")
-
-  // A common pattern is to re-use fields between logging statements by re-using
-  // the logrus.Entry returned from WithFields()
-  contextLogger := log.WithFields(log.Fields{
-    "common": "this is a common field",
-    "other": "I also should be logged always",
-  })
-
-  contextLogger.Info("I'll be logged with common and other field")
-  contextLogger.Info("Me too")
-}
-```
-
-For more advanced usage such as logging to multiple locations from the same
-application, you can also create an instance of the `logrus` Logger:
-
-```go
-package main
-
-import (
-  "os"
-  "github.com/sirupsen/logrus"
-)
-
-// Create a new instance of the logger. You can have any number of instances.
-var log = logrus.New()
-
-func main() {
-  // The API for setting attributes is a little different than the package level
-  // exported logger. See Godoc.
-  log.Out = os.Stdout
-
-  // You could set this to any `io.Writer` such as a file
-  // file, err := os.OpenFile("logrus.log", os.O_CREATE|os.O_WRONLY, 0666)
-  // if err == nil {
-  //  log.Out = file
-  // } else {
-  //  log.Info("Failed to log to file, using default stderr")
-  // }
-
-  log.WithFields(logrus.Fields{
-    "animal": "walrus",
-    "size":   10,
-  }).Info("A group of walrus emerges from the ocean")
-}
-```
-
-#### Fields
-
-Logrus encourages careful, structured logging through logging fields instead of
-long, unparseable error messages. For example, instead of: `log.Fatalf("Failed
-to send event %s to topic %s with key %d")`, you should log the much more
-discoverable:
-
-```go
-log.WithFields(log.Fields{
-  "event": event,
-  "topic": topic,
-  "key": key,
-}).Fatal("Failed to send event")
-```
-
-We've found this API forces you to think about logging in a way that produces
-much more useful logging messages. We've been in countless situations where just
-a single added field to a log statement that was already there would've saved us
-hours. The `WithFields` call is optional.
-
-In general, with Logrus using any of the `printf`-family functions should be
-seen as a hint you should add a field, however, you can still use the
-`printf`-family functions with Logrus.
-
-#### Default Fields
-
-Often it's helpful to have fields _always_ attached to log statements in an
-application or parts of one. For example, you may want to always log the
-`request_id` and `user_ip` in the context of a request. Instead of writing
-`log.WithFields(log.Fields{"request_id": request_id, "user_ip": user_ip})` on
-every line, you can create a `logrus.Entry` to pass around instead:
-
-```go
-requestLogger := log.WithFields(log.Fields{"request_id": request_id, "user_ip": user_ip})
-requestLogger.Info("something happened on that request") # will log request_id and user_ip
-requestLogger.Warn("something not great happened")
-```
-
-#### Hooks
-
-You can add hooks for logging levels. For example to send errors to an exception
-tracking service on `Error`, `Fatal` and `Panic`, info to StatsD or log to
-multiple places simultaneously, e.g. syslog.
-
-Logrus comes with [built-in hooks](hooks/). Add those, or your custom hook, in
-`init`:
-
-```go
-import (
-  log "github.com/sirupsen/logrus"
-  "gopkg.in/gemnasium/logrus-airbrake-hook.v2" // the package is named "airbrake"
-  logrus_syslog "github.com/sirupsen/logrus/hooks/syslog"
-  "log/syslog"
-)
-
-func init() {
-
-  // Use the Airbrake hook to report errors that have Error severity or above to
-  // an exception tracker. You can create custom hooks, see the Hooks section.
-  log.AddHook(airbrake.NewHook(123, "xyz", "production"))
-
-  hook, err := logrus_syslog.NewSyslogHook("udp", "localhost:514", syslog.LOG_INFO, "")
-  if err != nil {
-    log.Error("Unable to connect to local syslog daemon")
-  } else {
-    log.AddHook(hook)
-  }
-}
-```
-Note: Syslog hook also support connecting to local syslog (Ex. "/dev/log" or "/var/run/syslog" or "/var/run/log"). For the detail, please check the [syslog hook README](hooks/syslog/README.md).
-
-A list of currently known of service hook can be found in this wiki [page](https://github.com/sirupsen/logrus/wiki/Hooks)
-
-
-#### Level logging
-
-Logrus has seven logging levels: Trace, Debug, Info, Warning, Error, Fatal and Panic.
-
-```go
-log.Trace("Something very low level.")
-log.Debug("Useful debugging information.")
-log.Info("Something noteworthy happened!")
-log.Warn("You should probably take a look at this.")
-log.Error("Something failed but I'm not quitting.")
-// Calls os.Exit(1) after logging
-log.Fatal("Bye.")
-// Calls panic() after logging
-log.Panic("I'm bailing.")
-```
-
-You can set the logging level on a `Logger`, then it will only log entries with
-that severity or anything above it:
-
-```go
-// Will log anything that is info or above (warn, error, fatal, panic). Default.
-log.SetLevel(log.InfoLevel)
-```
-
-It may be useful to set `log.Level = logrus.DebugLevel` in a debug or verbose
-environment if your application has that.
-
-#### Entries
-
-Besides the fields added with `WithField` or `WithFields` some fields are
-automatically added to all logging events:
-
-1. `time`. The timestamp when the entry was created.
-2. `msg`. The logging message passed to `{Info,Warn,Error,Fatal,Panic}` after
-   the `AddFields` call. E.g. `Failed to send event.`
-3. `level`. The logging level. E.g. `info`.
-
-#### Environments
-
-Logrus has no notion of environment.
-
-If you wish for hooks and formatters to only be used in specific environments,
-you should handle that yourself. For example, if your application has a global
-variable `Environment`, which is a string representation of the environment you
-could do:
-
-```go
-import (
-  log "github.com/sirupsen/logrus"
-)
-
-init() {
-  // do something here to set environment depending on an environment variable
-  // or command-line flag
-  if Environment == "production" {
-    log.SetFormatter(&log.JSONFormatter{})
-  } else {
-    // The TextFormatter is default, you don't actually have to do this.
-    log.SetFormatter(&log.TextFormatter{})
-  }
-}
-```
-
-This configuration is how `logrus` was intended to be used, but JSON in
-production is mostly only useful if you do log aggregation with tools like
-Splunk or Logstash.
-
-#### Formatters
-
-The built-in logging formatters are:
-
-* `logrus.TextFormatter`. Logs the event in colors if stdout is a tty, otherwise
-  without colors.
-  * *Note:* to force colored output when there is no TTY, set the `ForceColors`
-    field to `true`.  To force no colored output even if there is a TTY  set the
-    `DisableColors` field to `true`. For Windows, see
-    [github.com/mattn/go-colorable](https://github.com/mattn/go-colorable).
-  * When colors are enabled, levels are truncated to 4 characters by default. To disable
-    truncation set the `DisableLevelTruncation` field to `true`.
-  * All options are listed in the [generated docs](https://godoc.org/github.com/sirupsen/logrus#TextFormatter).
-* `logrus.JSONFormatter`. Logs fields as JSON.
-  * All options are listed in the [generated docs](https://godoc.org/github.com/sirupsen/logrus#JSONFormatter).
-
-Third party logging formatters:
-
-* [`FluentdFormatter`](https://github.com/joonix/log). Formats entries that can be parsed by Kubernetes and Google Container Engine.
-* [`GELF`](https://github.com/fabienm/go-logrus-formatters). Formats entries so they comply to Graylog's [GELF 1.1 specification](http://docs.graylog.org/en/2.4/pages/gelf.html).
-* [`logstash`](https://github.com/bshuster-repo/logrus-logstash-hook). Logs fields as [Logstash](http://logstash.net) Events.
-* [`prefixed`](https://github.com/x-cray/logrus-prefixed-formatter). Displays log entry source along with alternative layout.
-* [`zalgo`](https://github.com/aybabtme/logzalgo). Invoking the P͉̫o̳̼̊w̖͈̰͎e̬͔̭͂r͚̼̹̲ ̫͓͉̳͈ō̠͕͖̚f̝͍̠ ͕̲̞͖͑Z̖̫̤̫ͪa͉̬͈̗l͖͎g̳̥o̰̥̅!̣͔̲̻͊̄ ̙̘̦̹̦.
-* [`nested-logrus-formatter`](https://github.com/antonfisher/nested-logrus-formatter). Converts logrus fields to a nested structure.
-
-You can define your formatter by implementing the `Formatter` interface,
-requiring a `Format` method. `Format` takes an `*Entry`. `entry.Data` is a
-`Fields` type (`map[string]interface{}`) with all your fields as well as the
-default ones (see Entries section above):
-
-```go
-type MyJSONFormatter struct {
-}
-
-log.SetFormatter(new(MyJSONFormatter))
-
-func (f *MyJSONFormatter) Format(entry *Entry) ([]byte, error) {
-  // Note this doesn't include Time, Level and Message which are available on
-  // the Entry. Consult `godoc` on information about those fields or read the
-  // source of the official loggers.
-  serialized, err := json.Marshal(entry.Data)
-    if err != nil {
-      return nil, fmt.Errorf("Failed to marshal fields to JSON, %v", err)
-    }
-  return append(serialized, '\n'), nil
-}
-```
-
-#### Logger as an `io.Writer`
-
-Logrus can be transformed into an `io.Writer`. That writer is the end of an `io.Pipe` and it is your responsibility to close it.
-
-```go
-w := logger.Writer()
-defer w.Close()
-
-srv := http.Server{
-    // create a stdlib log.Logger that writes to
-    // logrus.Logger.
-    ErrorLog: log.New(w, "", 0),
-}
-```
-
-Each line written to that writer will be printed the usual way, using formatters
-and hooks. The level for those entries is `info`.
-
-This means that we can override the standard library logger easily:
-
-```go
-logger := logrus.New()
-logger.Formatter = &logrus.JSONFormatter{}
-
-// Use logrus for standard log output
-// Note that `log` here references stdlib's log
-// Not logrus imported under the name `log`.
-log.SetOutput(logger.Writer())
-```
-
-#### Rotation
-
-Log rotation is not provided with Logrus. Log rotation should be done by an
-external program (like `logrotate(8)`) that can compress and delete old log
-entries. It should not be a feature of the application-level logger.
-
-#### Tools
-
-| Tool | Description |
-| ---- | ----------- |
-|[Logrus Mate](https://github.com/gogap/logrus_mate)|Logrus mate is a tool for Logrus to manage loggers, you can initial logger's level, hook and formatter by config file, the logger will generated with different config at different environment.|
-|[Logrus Viper Helper](https://github.com/heirko/go-contrib/tree/master/logrusHelper)|An Helper around Logrus to wrap with spf13/Viper to load configuration with fangs! And to simplify Logrus configuration use some behavior of [Logrus Mate](https://github.com/gogap/logrus_mate). [sample](https://github.com/heirko/iris-contrib/blob/master/middleware/logrus-logger/example) |
-
-#### Testing
-
-Logrus has a built in facility for asserting the presence of log messages. This is implemented through the `test` hook and provides:
-
-* decorators for existing logger (`test.NewLocal` and `test.NewGlobal`) which basically just add the `test` hook
-* a test logger (`test.NewNullLogger`) that just records log messages (and does not output any):
-
-```go
-import(
-  "github.com/sirupsen/logrus"
-  "github.com/sirupsen/logrus/hooks/test"
-  "github.com/stretchr/testify/assert"
-  "testing"
-)
-
-func TestSomething(t*testing.T){
-  logger, hook := test.NewNullLogger()
-  logger.Error("Helloerror")
-
-  assert.Equal(t, 1, len(hook.Entries))
-  assert.Equal(t, logrus.ErrorLevel, hook.LastEntry().Level)
-  assert.Equal(t, "Helloerror", hook.LastEntry().Message)
-
-  hook.Reset()
-  assert.Nil(t, hook.LastEntry())
-}
-```
-
-#### Fatal handlers
-
-Logrus can register one or more functions that will be called when any `fatal`
-level message is logged. The registered handlers will be executed before
-logrus performs a `os.Exit(1)`. This behavior may be helpful if callers need
-to gracefully shutdown. Unlike a `panic("Something went wrong...")` call which can be intercepted with a deferred `recover` a call to `os.Exit(1)` can not be intercepted.
-
-```
-...
-handler := func() {
-  // gracefully shutdown something...
-}
-logrus.RegisterExitHandler(handler)
-...
-```
-
-#### Thread safety
-
-By default, Logger is protected by a mutex for concurrent writes. The mutex is held when calling hooks and writing logs.
-If you are sure such locking is not needed, you can call logger.SetNoLock() to disable the locking.
-
-Situation when locking is not needed includes:
-
-* You have no hooks registered, or hooks calling is already thread-safe.
-
-* Writing to logger.Out is already thread-safe, for example:
-
-  1) logger.Out is protected by locks.
-
-  2) logger.Out is a os.File handler opened with `O_APPEND` flag, and every write is smaller than 4k. (This allow multi-thread/multi-process writing)
-
-     (Refer to http://www.notthewizard.com/2014/06/17/are-files-appends-really-atomic/)
diff --git a/vendor/github.com/sirupsen/logrus/alt_exit.go b/vendor/github.com/sirupsen/logrus/alt_exit.go
deleted file mode 100644
index 8fd189e1..00000000
--- a/vendor/github.com/sirupsen/logrus/alt_exit.go
+++ /dev/null
@@ -1,76 +0,0 @@
-package logrus
-
-// The following code was sourced and modified from the
-// https://github.com/tebeka/atexit package governed by the following license:
-//
-// Copyright (c) 2012 Miki Tebeka <miki.tebeka@gmail.com>.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy of
-// this software and associated documentation files (the "Software"), to deal in
-// the Software without restriction, including without limitation the rights to
-// use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-// the Software, and to permit persons to whom the Software is furnished to do so,
-// subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in all
-// copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-// FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-// IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-// CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-import (
-	"fmt"
-	"os"
-)
-
-var handlers = []func(){}
-
-func runHandler(handler func()) {
-	defer func() {
-		if err := recover(); err != nil {
-			fmt.Fprintln(os.Stderr, "Error: Logrus exit handler error:", err)
-		}
-	}()
-
-	handler()
-}
-
-func runHandlers() {
-	for _, handler := range handlers {
-		runHandler(handler)
-	}
-}
-
-// Exit runs all the Logrus atexit handlers and then terminates the program using os.Exit(code)
-func Exit(code int) {
-	runHandlers()
-	os.Exit(code)
-}
-
-// RegisterExitHandler appends a Logrus Exit handler to the list of handlers,
-// call logrus.Exit to invoke all handlers. The handlers will also be invoked when
-// any Fatal log entry is made.
-//
-// This method is useful when a caller wishes to use logrus to log a fatal
-// message but also needs to gracefully shutdown. An example usecase could be
-// closing database connections, or sending a alert that the application is
-// closing.
-func RegisterExitHandler(handler func()) {
-	handlers = append(handlers, handler)
-}
-
-// DeferExitHandler prepends a Logrus Exit handler to the list of handlers,
-// call logrus.Exit to invoke all handlers. The handlers will also be invoked when
-// any Fatal log entry is made.
-//
-// This method is useful when a caller wishes to use logrus to log a fatal
-// message but also needs to gracefully shutdown. An example usecase could be
-// closing database connections, or sending a alert that the application is
-// closing.
-func DeferExitHandler(handler func()) {
-	handlers = append([]func(){handler}, handlers...)
-}
diff --git a/vendor/github.com/sirupsen/logrus/appveyor.yml b/vendor/github.com/sirupsen/logrus/appveyor.yml
deleted file mode 100644
index 96c2ce15..00000000
--- a/vendor/github.com/sirupsen/logrus/appveyor.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-version: "{build}"
-platform: x64
-clone_folder: c:\gopath\src\github.com\sirupsen\logrus
-environment:  
-  GOPATH: c:\gopath
-branches:  
-  only:
-    - master
-install:  
-  - set PATH=%GOPATH%\bin;c:\go\bin;%PATH%
-  - go version
-build_script:  
-  - go get -t
-  - go test
diff --git a/vendor/github.com/sirupsen/logrus/doc.go b/vendor/github.com/sirupsen/logrus/doc.go
deleted file mode 100644
index da67aba0..00000000
--- a/vendor/github.com/sirupsen/logrus/doc.go
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
-Package logrus is a structured logger for Go, completely API compatible with the standard library logger.
-
-
-The simplest way to use Logrus is simply the package-level exported logger:
-
-  package main
-
-  import (
-    log "github.com/sirupsen/logrus"
-  )
-
-  func main() {
-    log.WithFields(log.Fields{
-      "animal": "walrus",
-      "number": 1,
-      "size":   10,
-    }).Info("A walrus appears")
-  }
-
-Output:
-  time="2015-09-07T08:48:33Z" level=info msg="A walrus appears" animal=walrus number=1 size=10
-
-For a full guide visit https://github.com/sirupsen/logrus
-*/
-package logrus
diff --git a/vendor/github.com/sirupsen/logrus/entry.go b/vendor/github.com/sirupsen/logrus/entry.go
deleted file mode 100644
index 63e25583..00000000
--- a/vendor/github.com/sirupsen/logrus/entry.go
+++ /dev/null
@@ -1,407 +0,0 @@
-package logrus
-
-import (
-	"bytes"
-	"context"
-	"fmt"
-	"os"
-	"reflect"
-	"runtime"
-	"strings"
-	"sync"
-	"time"
-)
-
-var (
-	bufferPool *sync.Pool
-
-	// qualified package name, cached at first use
-	logrusPackage string
-
-	// Positions in the call stack when tracing to report the calling method
-	minimumCallerDepth int
-
-	// Used for caller information initialisation
-	callerInitOnce sync.Once
-)
-
-const (
-	maximumCallerDepth int = 25
-	knownLogrusFrames  int = 4
-)
-
-func init() {
-	bufferPool = &sync.Pool{
-		New: func() interface{} {
-			return new(bytes.Buffer)
-		},
-	}
-
-	// start at the bottom of the stack before the package-name cache is primed
-	minimumCallerDepth = 1
-}
-
-// Defines the key when adding errors using WithError.
-var ErrorKey = "error"
-
-// An entry is the final or intermediate Logrus logging entry. It contains all
-// the fields passed with WithField{,s}. It's finally logged when Trace, Debug,
-// Info, Warn, Error, Fatal or Panic is called on it. These objects can be
-// reused and passed around as much as you wish to avoid field duplication.
-type Entry struct {
-	Logger *Logger
-
-	// Contains all the fields set by the user.
-	Data Fields
-
-	// Time at which the log entry was created
-	Time time.Time
-
-	// Level the log entry was logged at: Trace, Debug, Info, Warn, Error, Fatal or Panic
-	// This field will be set on entry firing and the value will be equal to the one in Logger struct field.
-	Level Level
-
-	// Calling method, with package name
-	Caller *runtime.Frame
-
-	// Message passed to Trace, Debug, Info, Warn, Error, Fatal or Panic
-	Message string
-
-	// When formatter is called in entry.log(), a Buffer may be set to entry
-	Buffer *bytes.Buffer
-
-	// Contains the context set by the user. Useful for hook processing etc.
-	Context context.Context
-
-	// err may contain a field formatting error
-	err string
-}
-
-func NewEntry(logger *Logger) *Entry {
-	return &Entry{
-		Logger: logger,
-		// Default is three fields, plus one optional.  Give a little extra room.
-		Data: make(Fields, 6),
-	}
-}
-
-// Returns the string representation from the reader and ultimately the
-// formatter.
-func (entry *Entry) String() (string, error) {
-	serialized, err := entry.Logger.Formatter.Format(entry)
-	if err != nil {
-		return "", err
-	}
-	str := string(serialized)
-	return str, nil
-}
-
-// Add an error as single field (using the key defined in ErrorKey) to the Entry.
-func (entry *Entry) WithError(err error) *Entry {
-	return entry.WithField(ErrorKey, err)
-}
-
-// Add a context to the Entry.
-func (entry *Entry) WithContext(ctx context.Context) *Entry {
-	return &Entry{Logger: entry.Logger, Data: entry.Data, Time: entry.Time, err: entry.err, Context: ctx}
-}
-
-// Add a single field to the Entry.
-func (entry *Entry) WithField(key string, value interface{}) *Entry {
-	return entry.WithFields(Fields{key: value})
-}
-
-// Add a map of fields to the Entry.
-func (entry *Entry) WithFields(fields Fields) *Entry {
-	data := make(Fields, len(entry.Data)+len(fields))
-	for k, v := range entry.Data {
-		data[k] = v
-	}
-	fieldErr := entry.err
-	for k, v := range fields {
-		isErrField := false
-		if t := reflect.TypeOf(v); t != nil {
-			switch t.Kind() {
-			case reflect.Func:
-				isErrField = true
-			case reflect.Ptr:
-				isErrField = t.Elem().Kind() == reflect.Func
-			}
-		}
-		if isErrField {
-			tmp := fmt.Sprintf("can not add field %q", k)
-			if fieldErr != "" {
-				fieldErr = entry.err + ", " + tmp
-			} else {
-				fieldErr = tmp
-			}
-		} else {
-			data[k] = v
-		}
-	}
-	return &Entry{Logger: entry.Logger, Data: data, Time: entry.Time, err: fieldErr, Context: entry.Context}
-}
-
-// Overrides the time of the Entry.
-func (entry *Entry) WithTime(t time.Time) *Entry {
-	return &Entry{Logger: entry.Logger, Data: entry.Data, Time: t, err: entry.err, Context: entry.Context}
-}
-
-// getPackageName reduces a fully qualified function name to the package name
-// There really ought to be to be a better way...
-func getPackageName(f string) string {
-	for {
-		lastPeriod := strings.LastIndex(f, ".")
-		lastSlash := strings.LastIndex(f, "/")
-		if lastPeriod > lastSlash {
-			f = f[:lastPeriod]
-		} else {
-			break
-		}
-	}
-
-	return f
-}
-
-// getCaller retrieves the name of the first non-logrus calling function
-func getCaller() *runtime.Frame {
-
-	// cache this package's fully-qualified name
-	callerInitOnce.Do(func() {
-		pcs := make([]uintptr, 2)
-		_ = runtime.Callers(0, pcs)
-		logrusPackage = getPackageName(runtime.FuncForPC(pcs[1]).Name())
-
-		// now that we have the cache, we can skip a minimum count of known-logrus functions
-		// XXX this is dubious, the number of frames may vary
-		minimumCallerDepth = knownLogrusFrames
-	})
-
-	// Restrict the lookback frames to avoid runaway lookups
-	pcs := make([]uintptr, maximumCallerDepth)
-	depth := runtime.Callers(minimumCallerDepth, pcs)
-	frames := runtime.CallersFrames(pcs[:depth])
-
-	for f, again := frames.Next(); again; f, again = frames.Next() {
-		pkg := getPackageName(f.Function)
-
-		// If the caller isn't part of this package, we're done
-		if pkg != logrusPackage {
-			return &f
-		}
-	}
-
-	// if we got here, we failed to find the caller's context
-	return nil
-}
-
-func (entry Entry) HasCaller() (has bool) {
-	return entry.Logger != nil &&
-		entry.Logger.ReportCaller &&
-		entry.Caller != nil
-}
-
-// This function is not declared with a pointer value because otherwise
-// race conditions will occur when using multiple goroutines
-func (entry Entry) log(level Level, msg string) {
-	var buffer *bytes.Buffer
-
-	// Default to now, but allow users to override if they want.
-	//
-	// We don't have to worry about polluting future calls to Entry#log()
-	// with this assignment because this function is declared with a
-	// non-pointer receiver.
-	if entry.Time.IsZero() {
-		entry.Time = time.Now()
-	}
-
-	entry.Level = level
-	entry.Message = msg
-	if entry.Logger.ReportCaller {
-		entry.Caller = getCaller()
-	}
-
-	entry.fireHooks()
-
-	buffer = bufferPool.Get().(*bytes.Buffer)
-	buffer.Reset()
-	defer bufferPool.Put(buffer)
-	entry.Buffer = buffer
-
-	entry.write()
-
-	entry.Buffer = nil
-
-	// To avoid Entry#log() returning a value that only would make sense for
-	// panic() to use in Entry#Panic(), we avoid the allocation by checking
-	// directly here.
-	if level <= PanicLevel {
-		panic(&entry)
-	}
-}
-
-func (entry *Entry) fireHooks() {
-	entry.Logger.mu.Lock()
-	defer entry.Logger.mu.Unlock()
-	err := entry.Logger.Hooks.Fire(entry.Level, entry)
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "Failed to fire hook: %v\n", err)
-	}
-}
-
-func (entry *Entry) write() {
-	entry.Logger.mu.Lock()
-	defer entry.Logger.mu.Unlock()
-	serialized, err := entry.Logger.Formatter.Format(entry)
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "Failed to obtain reader, %v\n", err)
-	} else {
-		_, err = entry.Logger.Out.Write(serialized)
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "Failed to write to log, %v\n", err)
-		}
-	}
-}
-
-func (entry *Entry) Log(level Level, args ...interface{}) {
-	if entry.Logger.IsLevelEnabled(level) {
-		entry.log(level, fmt.Sprint(args...))
-	}
-}
-
-func (entry *Entry) Trace(args ...interface{}) {
-	entry.Log(TraceLevel, args...)
-}
-
-func (entry *Entry) Debug(args ...interface{}) {
-	entry.Log(DebugLevel, args...)
-}
-
-func (entry *Entry) Print(args ...interface{}) {
-	entry.Info(args...)
-}
-
-func (entry *Entry) Info(args ...interface{}) {
-	entry.Log(InfoLevel, args...)
-}
-
-func (entry *Entry) Warn(args ...interface{}) {
-	entry.Log(WarnLevel, args...)
-}
-
-func (entry *Entry) Warning(args ...interface{}) {
-	entry.Warn(args...)
-}
-
-func (entry *Entry) Error(args ...interface{}) {
-	entry.Log(ErrorLevel, args...)
-}
-
-func (entry *Entry) Fatal(args ...interface{}) {
-	entry.Log(FatalLevel, args...)
-	entry.Logger.Exit(1)
-}
-
-func (entry *Entry) Panic(args ...interface{}) {
-	entry.Log(PanicLevel, args...)
-	panic(fmt.Sprint(args...))
-}
-
-// Entry Printf family functions
-
-func (entry *Entry) Logf(level Level, format string, args ...interface{}) {
-	if entry.Logger.IsLevelEnabled(level) {
-		entry.Log(level, fmt.Sprintf(format, args...))
-	}
-}
-
-func (entry *Entry) Tracef(format string, args ...interface{}) {
-	entry.Logf(TraceLevel, format, args...)
-}
-
-func (entry *Entry) Debugf(format string, args ...interface{}) {
-	entry.Logf(DebugLevel, format, args...)
-}
-
-func (entry *Entry) Infof(format string, args ...interface{}) {
-	entry.Logf(InfoLevel, format, args...)
-}
-
-func (entry *Entry) Printf(format string, args ...interface{}) {
-	entry.Infof(format, args...)
-}
-
-func (entry *Entry) Warnf(format string, args ...interface{}) {
-	entry.Logf(WarnLevel, format, args...)
-}
-
-func (entry *Entry) Warningf(format string, args ...interface{}) {
-	entry.Warnf(format, args...)
-}
-
-func (entry *Entry) Errorf(format string, args ...interface{}) {
-	entry.Logf(ErrorLevel, format, args...)
-}
-
-func (entry *Entry) Fatalf(format string, args ...interface{}) {
-	entry.Logf(FatalLevel, format, args...)
-	entry.Logger.Exit(1)
-}
-
-func (entry *Entry) Panicf(format string, args ...interface{}) {
-	entry.Logf(PanicLevel, format, args...)
-}
-
-// Entry Println family functions
-
-func (entry *Entry) Logln(level Level, args ...interface{}) {
-	if entry.Logger.IsLevelEnabled(level) {
-		entry.Log(level, entry.sprintlnn(args...))
-	}
-}
-
-func (entry *Entry) Traceln(args ...interface{}) {
-	entry.Logln(TraceLevel, args...)
-}
-
-func (entry *Entry) Debugln(args ...interface{}) {
-	entry.Logln(DebugLevel, args...)
-}
-
-func (entry *Entry) Infoln(args ...interface{}) {
-	entry.Logln(InfoLevel, args...)
-}
-
-func (entry *Entry) Println(args ...interface{}) {
-	entry.Infoln(args...)
-}
-
-func (entry *Entry) Warnln(args ...interface{}) {
-	entry.Logln(WarnLevel, args...)
-}
-
-func (entry *Entry) Warningln(args ...interface{}) {
-	entry.Warnln(args...)
-}
-
-func (entry *Entry) Errorln(args ...interface{}) {
-	entry.Logln(ErrorLevel, args...)
-}
-
-func (entry *Entry) Fatalln(args ...interface{}) {
-	entry.Logln(FatalLevel, args...)
-	entry.Logger.Exit(1)
-}
-
-func (entry *Entry) Panicln(args ...interface{}) {
-	entry.Logln(PanicLevel, args...)
-}
-
-// Sprintlnn => Sprint no newline. This is to get the behavior of how
-// fmt.Sprintln where spaces are always added between operands, regardless of
-// their type. Instead of vendoring the Sprintln implementation to spare a
-// string allocation, we do the simplest thing.
-func (entry *Entry) sprintlnn(args ...interface{}) string {
-	msg := fmt.Sprintln(args...)
-	return msg[:len(msg)-1]
-}
diff --git a/vendor/github.com/sirupsen/logrus/exported.go b/vendor/github.com/sirupsen/logrus/exported.go
deleted file mode 100644
index 62fc2f21..00000000
--- a/vendor/github.com/sirupsen/logrus/exported.go
+++ /dev/null
@@ -1,225 +0,0 @@
-package logrus
-
-import (
-	"context"
-	"io"
-	"time"
-)
-
-var (
-	// std is the name of the standard logger in stdlib `log`
-	std = New()
-)
-
-func StandardLogger() *Logger {
-	return std
-}
-
-// SetOutput sets the standard logger output.
-func SetOutput(out io.Writer) {
-	std.SetOutput(out)
-}
-
-// SetFormatter sets the standard logger formatter.
-func SetFormatter(formatter Formatter) {
-	std.SetFormatter(formatter)
-}
-
-// SetReportCaller sets whether the standard logger will include the calling
-// method as a field.
-func SetReportCaller(include bool) {
-	std.SetReportCaller(include)
-}
-
-// SetLevel sets the standard logger level.
-func SetLevel(level Level) {
-	std.SetLevel(level)
-}
-
-// GetLevel returns the standard logger level.
-func GetLevel() Level {
-	return std.GetLevel()
-}
-
-// IsLevelEnabled checks if the log level of the standard logger is greater than the level param
-func IsLevelEnabled(level Level) bool {
-	return std.IsLevelEnabled(level)
-}
-
-// AddHook adds a hook to the standard logger hooks.
-func AddHook(hook Hook) {
-	std.AddHook(hook)
-}
-
-// WithError creates an entry from the standard logger and adds an error to it, using the value defined in ErrorKey as key.
-func WithError(err error) *Entry {
-	return std.WithField(ErrorKey, err)
-}
-
-// WithContext creates an entry from the standard logger and adds a context to it.
-func WithContext(ctx context.Context) *Entry {
-	return std.WithContext(ctx)
-}
-
-// WithField creates an entry from the standard logger and adds a field to
-// it. If you want multiple fields, use `WithFields`.
-//
-// Note that it doesn't log until you call Debug, Print, Info, Warn, Fatal
-// or Panic on the Entry it returns.
-func WithField(key string, value interface{}) *Entry {
-	return std.WithField(key, value)
-}
-
-// WithFields creates an entry from the standard logger and adds multiple
-// fields to it. This is simply a helper for `WithField`, invoking it
-// once for each field.
-//
-// Note that it doesn't log until you call Debug, Print, Info, Warn, Fatal
-// or Panic on the Entry it returns.
-func WithFields(fields Fields) *Entry {
-	return std.WithFields(fields)
-}
-
-// WithTime creats an entry from the standard logger and overrides the time of
-// logs generated with it.
-//
-// Note that it doesn't log until you call Debug, Print, Info, Warn, Fatal
-// or Panic on the Entry it returns.
-func WithTime(t time.Time) *Entry {
-	return std.WithTime(t)
-}
-
-// Trace logs a message at level Trace on the standard logger.
-func Trace(args ...interface{}) {
-	std.Trace(args...)
-}
-
-// Debug logs a message at level Debug on the standard logger.
-func Debug(args ...interface{}) {
-	std.Debug(args...)
-}
-
-// Print logs a message at level Info on the standard logger.
-func Print(args ...interface{}) {
-	std.Print(args...)
-}
-
-// Info logs a message at level Info on the standard logger.
-func Info(args ...interface{}) {
-	std.Info(args...)
-}
-
-// Warn logs a message at level Warn on the standard logger.
-func Warn(args ...interface{}) {
-	std.Warn(args...)
-}
-
-// Warning logs a message at level Warn on the standard logger.
-func Warning(args ...interface{}) {
-	std.Warning(args...)
-}
-
-// Error logs a message at level Error on the standard logger.
-func Error(args ...interface{}) {
-	std.Error(args...)
-}
-
-// Panic logs a message at level Panic on the standard logger.
-func Panic(args ...interface{}) {
-	std.Panic(args...)
-}
-
-// Fatal logs a message at level Fatal on the standard logger then the process will exit with status set to 1.
-func Fatal(args ...interface{}) {
-	std.Fatal(args...)
-}
-
-// Tracef logs a message at level Trace on the standard logger.
-func Tracef(format string, args ...interface{}) {
-	std.Tracef(format, args...)
-}
-
-// Debugf logs a message at level Debug on the standard logger.
-func Debugf(format string, args ...interface{}) {
-	std.Debugf(format, args...)
-}
-
-// Printf logs a message at level Info on the standard logger.
-func Printf(format string, args ...interface{}) {
-	std.Printf(format, args...)
-}
-
-// Infof logs a message at level Info on the standard logger.
-func Infof(format string, args ...interface{}) {
-	std.Infof(format, args...)
-}
-
-// Warnf logs a message at level Warn on the standard logger.
-func Warnf(format string, args ...interface{}) {
-	std.Warnf(format, args...)
-}
-
-// Warningf logs a message at level Warn on the standard logger.
-func Warningf(format string, args ...interface{}) {
-	std.Warningf(format, args...)
-}
-
-// Errorf logs a message at level Error on the standard logger.
-func Errorf(format string, args ...interface{}) {
-	std.Errorf(format, args...)
-}
-
-// Panicf logs a message at level Panic on the standard logger.
-func Panicf(format string, args ...interface{}) {
-	std.Panicf(format, args...)
-}
-
-// Fatalf logs a message at level Fatal on the standard logger then the process will exit with status set to 1.
-func Fatalf(format string, args ...interface{}) {
-	std.Fatalf(format, args...)
-}
-
-// Traceln logs a message at level Trace on the standard logger.
-func Traceln(args ...interface{}) {
-	std.Traceln(args...)
-}
-
-// Debugln logs a message at level Debug on the standard logger.
-func Debugln(args ...interface{}) {
-	std.Debugln(args...)
-}
-
-// Println logs a message at level Info on the standard logger.
-func Println(args ...interface{}) {
-	std.Println(args...)
-}
-
-// Infoln logs a message at level Info on the standard logger.
-func Infoln(args ...interface{}) {
-	std.Infoln(args...)
-}
-
-// Warnln logs a message at level Warn on the standard logger.
-func Warnln(args ...interface{}) {
-	std.Warnln(args...)
-}
-
-// Warningln logs a message at level Warn on the standard logger.
-func Warningln(args ...interface{}) {
-	std.Warningln(args...)
-}
-
-// Errorln logs a message at level Error on the standard logger.
-func Errorln(args ...interface{}) {
-	std.Errorln(args...)
-}
-
-// Panicln logs a message at level Panic on the standard logger.
-func Panicln(args ...interface{}) {
-	std.Panicln(args...)
-}
-
-// Fatalln logs a message at level Fatal on the standard logger then the process will exit with status set to 1.
-func Fatalln(args ...interface{}) {
-	std.Fatalln(args...)
-}
diff --git a/vendor/github.com/sirupsen/logrus/formatter.go b/vendor/github.com/sirupsen/logrus/formatter.go
deleted file mode 100644
index 40888377..00000000
--- a/vendor/github.com/sirupsen/logrus/formatter.go
+++ /dev/null
@@ -1,78 +0,0 @@
-package logrus
-
-import "time"
-
-// Default key names for the default fields
-const (
-	defaultTimestampFormat = time.RFC3339
-	FieldKeyMsg            = "msg"
-	FieldKeyLevel          = "level"
-	FieldKeyTime           = "time"
-	FieldKeyLogrusError    = "logrus_error"
-	FieldKeyFunc           = "func"
-	FieldKeyFile           = "file"
-)
-
-// The Formatter interface is used to implement a custom Formatter. It takes an
-// `Entry`. It exposes all the fields, including the default ones:
-//
-// * `entry.Data["msg"]`. The message passed from Info, Warn, Error ..
-// * `entry.Data["time"]`. The timestamp.
-// * `entry.Data["level"]. The level the entry was logged at.
-//
-// Any additional fields added with `WithField` or `WithFields` are also in
-// `entry.Data`. Format is expected to return an array of bytes which are then
-// logged to `logger.Out`.
-type Formatter interface {
-	Format(*Entry) ([]byte, error)
-}
-
-// This is to not silently overwrite `time`, `msg`, `func` and `level` fields when
-// dumping it. If this code wasn't there doing:
-//
-//  logrus.WithField("level", 1).Info("hello")
-//
-// Would just silently drop the user provided level. Instead with this code
-// it'll logged as:
-//
-//  {"level": "info", "fields.level": 1, "msg": "hello", "time": "..."}
-//
-// It's not exported because it's still using Data in an opinionated way. It's to
-// avoid code duplication between the two default formatters.
-func prefixFieldClashes(data Fields, fieldMap FieldMap, reportCaller bool) {
-	timeKey := fieldMap.resolve(FieldKeyTime)
-	if t, ok := data[timeKey]; ok {
-		data["fields."+timeKey] = t
-		delete(data, timeKey)
-	}
-
-	msgKey := fieldMap.resolve(FieldKeyMsg)
-	if m, ok := data[msgKey]; ok {
-		data["fields."+msgKey] = m
-		delete(data, msgKey)
-	}
-
-	levelKey := fieldMap.resolve(FieldKeyLevel)
-	if l, ok := data[levelKey]; ok {
-		data["fields."+levelKey] = l
-		delete(data, levelKey)
-	}
-
-	logrusErrKey := fieldMap.resolve(FieldKeyLogrusError)
-	if l, ok := data[logrusErrKey]; ok {
-		data["fields."+logrusErrKey] = l
-		delete(data, logrusErrKey)
-	}
-
-	// If reportCaller is not set, 'func' will not conflict.
-	if reportCaller {
-		funcKey := fieldMap.resolve(FieldKeyFunc)
-		if l, ok := data[funcKey]; ok {
-			data["fields."+funcKey] = l
-		}
-		fileKey := fieldMap.resolve(FieldKeyFile)
-		if l, ok := data[fileKey]; ok {
-			data["fields."+fileKey] = l
-		}
-	}
-}
diff --git a/vendor/github.com/sirupsen/logrus/go.mod b/vendor/github.com/sirupsen/logrus/go.mod
deleted file mode 100644
index 12fdf989..00000000
--- a/vendor/github.com/sirupsen/logrus/go.mod
+++ /dev/null
@@ -1,10 +0,0 @@
-module github.com/sirupsen/logrus
-
-require (
-	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/konsorten/go-windows-terminal-sequences v1.0.1
-	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/stretchr/objx v0.1.1 // indirect
-	github.com/stretchr/testify v1.2.2
-	golang.org/x/sys v0.0.0-20190422165155-953cdadca894
-)
diff --git a/vendor/github.com/sirupsen/logrus/go.sum b/vendor/github.com/sirupsen/logrus/go.sum
deleted file mode 100644
index 596c318b..00000000
--- a/vendor/github.com/sirupsen/logrus/go.sum
+++ /dev/null
@@ -1,16 +0,0 @@
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/konsorten/go-windows-terminal-sequences v0.0.0-20180402223658-b729f2633dfe h1:CHRGQ8V7OlCYtwaKPJi3iA7J+YdNKdo8j7nG5IgDhjs=
-github.com/konsorten/go-windows-terminal-sequences v0.0.0-20180402223658-b729f2633dfe/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33 h1:I6FyU15t786LL7oL/hn43zqTuEGr4PN7F4XJ1p4E3Y8=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894 h1:Cz4ceDQGXuKRnVBDTS23GTn/pU5OE2C0WrNTOYK1Uuc=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/vendor/github.com/sirupsen/logrus/hooks.go b/vendor/github.com/sirupsen/logrus/hooks.go
deleted file mode 100644
index 3f151cdc..00000000
--- a/vendor/github.com/sirupsen/logrus/hooks.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package logrus
-
-// A hook to be fired when logging on the logging levels returned from
-// `Levels()` on your implementation of the interface. Note that this is not
-// fired in a goroutine or a channel with workers, you should handle such
-// functionality yourself if your call is non-blocking and you don't wish for
-// the logging calls for levels returned from `Levels()` to block.
-type Hook interface {
-	Levels() []Level
-	Fire(*Entry) error
-}
-
-// Internal type for storing the hooks on a logger instance.
-type LevelHooks map[Level][]Hook
-
-// Add a hook to an instance of logger. This is called with
-// `log.Hooks.Add(new(MyHook))` where `MyHook` implements the `Hook` interface.
-func (hooks LevelHooks) Add(hook Hook) {
-	for _, level := range hook.Levels() {
-		hooks[level] = append(hooks[level], hook)
-	}
-}
-
-// Fire all the hooks for the passed level. Used by `entry.log` to fire
-// appropriate hooks for a log entry.
-func (hooks LevelHooks) Fire(level Level, entry *Entry) error {
-	for _, hook := range hooks[level] {
-		if err := hook.Fire(entry); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/sirupsen/logrus/json_formatter.go b/vendor/github.com/sirupsen/logrus/json_formatter.go
deleted file mode 100644
index 098a21a0..00000000
--- a/vendor/github.com/sirupsen/logrus/json_formatter.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package logrus
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"runtime"
-)
-
-type fieldKey string
-
-// FieldMap allows customization of the key names for default fields.
-type FieldMap map[fieldKey]string
-
-func (f FieldMap) resolve(key fieldKey) string {
-	if k, ok := f[key]; ok {
-		return k
-	}
-
-	return string(key)
-}
-
-// JSONFormatter formats logs into parsable json
-type JSONFormatter struct {
-	// TimestampFormat sets the format used for marshaling timestamps.
-	TimestampFormat string
-
-	// DisableTimestamp allows disabling automatic timestamps in output
-	DisableTimestamp bool
-
-	// DataKey allows users to put all the log entry parameters into a nested dictionary at a given key.
-	DataKey string
-
-	// FieldMap allows users to customize the names of keys for default fields.
-	// As an example:
-	// formatter := &JSONFormatter{
-	//   	FieldMap: FieldMap{
-	// 		 FieldKeyTime:  "@timestamp",
-	// 		 FieldKeyLevel: "@level",
-	// 		 FieldKeyMsg:   "@message",
-	// 		 FieldKeyFunc:  "@caller",
-	//    },
-	// }
-	FieldMap FieldMap
-
-	// CallerPrettyfier can be set by the user to modify the content
-	// of the function and file keys in the json data when ReportCaller is
-	// activated. If any of the returned value is the empty string the
-	// corresponding key will be removed from json fields.
-	CallerPrettyfier func(*runtime.Frame) (function string, file string)
-
-	// PrettyPrint will indent all json logs
-	PrettyPrint bool
-}
-
-// Format renders a single log entry
-func (f *JSONFormatter) Format(entry *Entry) ([]byte, error) {
-	data := make(Fields, len(entry.Data)+4)
-	for k, v := range entry.Data {
-		switch v := v.(type) {
-		case error:
-			// Otherwise errors are ignored by `encoding/json`
-			// https://github.com/sirupsen/logrus/issues/137
-			data[k] = v.Error()
-		default:
-			data[k] = v
-		}
-	}
-
-	if f.DataKey != "" {
-		newData := make(Fields, 4)
-		newData[f.DataKey] = data
-		data = newData
-	}
-
-	prefixFieldClashes(data, f.FieldMap, entry.HasCaller())
-
-	timestampFormat := f.TimestampFormat
-	if timestampFormat == "" {
-		timestampFormat = defaultTimestampFormat
-	}
-
-	if entry.err != "" {
-		data[f.FieldMap.resolve(FieldKeyLogrusError)] = entry.err
-	}
-	if !f.DisableTimestamp {
-		data[f.FieldMap.resolve(FieldKeyTime)] = entry.Time.Format(timestampFormat)
-	}
-	data[f.FieldMap.resolve(FieldKeyMsg)] = entry.Message
-	data[f.FieldMap.resolve(FieldKeyLevel)] = entry.Level.String()
-	if entry.HasCaller() {
-		funcVal := entry.Caller.Function
-		fileVal := fmt.Sprintf("%s:%d", entry.Caller.File, entry.Caller.Line)
-		if f.CallerPrettyfier != nil {
-			funcVal, fileVal = f.CallerPrettyfier(entry.Caller)
-		}
-		if funcVal != "" {
-			data[f.FieldMap.resolve(FieldKeyFunc)] = funcVal
-		}
-		if fileVal != "" {
-			data[f.FieldMap.resolve(FieldKeyFile)] = fileVal
-		}
-	}
-
-	var b *bytes.Buffer
-	if entry.Buffer != nil {
-		b = entry.Buffer
-	} else {
-		b = &bytes.Buffer{}
-	}
-
-	encoder := json.NewEncoder(b)
-	if f.PrettyPrint {
-		encoder.SetIndent("", "  ")
-	}
-	if err := encoder.Encode(data); err != nil {
-		return nil, fmt.Errorf("failed to marshal fields to JSON, %v", err)
-	}
-
-	return b.Bytes(), nil
-}
diff --git a/vendor/github.com/sirupsen/logrus/logger.go b/vendor/github.com/sirupsen/logrus/logger.go
deleted file mode 100644
index c0c0b1e5..00000000
--- a/vendor/github.com/sirupsen/logrus/logger.go
+++ /dev/null
@@ -1,351 +0,0 @@
-package logrus
-
-import (
-	"context"
-	"io"
-	"os"
-	"sync"
-	"sync/atomic"
-	"time"
-)
-
-type Logger struct {
-	// The logs are `io.Copy`'d to this in a mutex. It's common to set this to a
-	// file, or leave it default which is `os.Stderr`. You can also set this to
-	// something more adventurous, such as logging to Kafka.
-	Out io.Writer
-	// Hooks for the logger instance. These allow firing events based on logging
-	// levels and log entries. For example, to send errors to an error tracking
-	// service, log to StatsD or dump the core on fatal errors.
-	Hooks LevelHooks
-	// All log entries pass through the formatter before logged to Out. The
-	// included formatters are `TextFormatter` and `JSONFormatter` for which
-	// TextFormatter is the default. In development (when a TTY is attached) it
-	// logs with colors, but to a file it wouldn't. You can easily implement your
-	// own that implements the `Formatter` interface, see the `README` or included
-	// formatters for examples.
-	Formatter Formatter
-
-	// Flag for whether to log caller info (off by default)
-	ReportCaller bool
-
-	// The logging level the logger should log at. This is typically (and defaults
-	// to) `logrus.Info`, which allows Info(), Warn(), Error() and Fatal() to be
-	// logged.
-	Level Level
-	// Used to sync writing to the log. Locking is enabled by Default
-	mu MutexWrap
-	// Reusable empty entry
-	entryPool sync.Pool
-	// Function to exit the application, defaults to `os.Exit()`
-	ExitFunc exitFunc
-}
-
-type exitFunc func(int)
-
-type MutexWrap struct {
-	lock     sync.Mutex
-	disabled bool
-}
-
-func (mw *MutexWrap) Lock() {
-	if !mw.disabled {
-		mw.lock.Lock()
-	}
-}
-
-func (mw *MutexWrap) Unlock() {
-	if !mw.disabled {
-		mw.lock.Unlock()
-	}
-}
-
-func (mw *MutexWrap) Disable() {
-	mw.disabled = true
-}
-
-// Creates a new logger. Configuration should be set by changing `Formatter`,
-// `Out` and `Hooks` directly on the default logger instance. You can also just
-// instantiate your own:
-//
-//    var log = &Logger{
-//      Out: os.Stderr,
-//      Formatter: new(JSONFormatter),
-//      Hooks: make(LevelHooks),
-//      Level: logrus.DebugLevel,
-//    }
-//
-// It's recommended to make this a global instance called `log`.
-func New() *Logger {
-	return &Logger{
-		Out:          os.Stderr,
-		Formatter:    new(TextFormatter),
-		Hooks:        make(LevelHooks),
-		Level:        InfoLevel,
-		ExitFunc:     os.Exit,
-		ReportCaller: false,
-	}
-}
-
-func (logger *Logger) newEntry() *Entry {
-	entry, ok := logger.entryPool.Get().(*Entry)
-	if ok {
-		return entry
-	}
-	return NewEntry(logger)
-}
-
-func (logger *Logger) releaseEntry(entry *Entry) {
-	entry.Data = map[string]interface{}{}
-	logger.entryPool.Put(entry)
-}
-
-// Adds a field to the log entry, note that it doesn't log until you call
-// Debug, Print, Info, Warn, Error, Fatal or Panic. It only creates a log entry.
-// If you want multiple fields, use `WithFields`.
-func (logger *Logger) WithField(key string, value interface{}) *Entry {
-	entry := logger.newEntry()
-	defer logger.releaseEntry(entry)
-	return entry.WithField(key, value)
-}
-
-// Adds a struct of fields to the log entry. All it does is call `WithField` for
-// each `Field`.
-func (logger *Logger) WithFields(fields Fields) *Entry {
-	entry := logger.newEntry()
-	defer logger.releaseEntry(entry)
-	return entry.WithFields(fields)
-}
-
-// Add an error as single field to the log entry.  All it does is call
-// `WithError` for the given `error`.
-func (logger *Logger) WithError(err error) *Entry {
-	entry := logger.newEntry()
-	defer logger.releaseEntry(entry)
-	return entry.WithError(err)
-}
-
-// Add a context to the log entry.
-func (logger *Logger) WithContext(ctx context.Context) *Entry {
-	entry := logger.newEntry()
-	defer logger.releaseEntry(entry)
-	return entry.WithContext(ctx)
-}
-
-// Overrides the time of the log entry.
-func (logger *Logger) WithTime(t time.Time) *Entry {
-	entry := logger.newEntry()
-	defer logger.releaseEntry(entry)
-	return entry.WithTime(t)
-}
-
-func (logger *Logger) Logf(level Level, format string, args ...interface{}) {
-	if logger.IsLevelEnabled(level) {
-		entry := logger.newEntry()
-		entry.Logf(level, format, args...)
-		logger.releaseEntry(entry)
-	}
-}
-
-func (logger *Logger) Tracef(format string, args ...interface{}) {
-	logger.Logf(TraceLevel, format, args...)
-}
-
-func (logger *Logger) Debugf(format string, args ...interface{}) {
-	logger.Logf(DebugLevel, format, args...)
-}
-
-func (logger *Logger) Infof(format string, args ...interface{}) {
-	logger.Logf(InfoLevel, format, args...)
-}
-
-func (logger *Logger) Printf(format string, args ...interface{}) {
-	entry := logger.newEntry()
-	entry.Printf(format, args...)
-	logger.releaseEntry(entry)
-}
-
-func (logger *Logger) Warnf(format string, args ...interface{}) {
-	logger.Logf(WarnLevel, format, args...)
-}
-
-func (logger *Logger) Warningf(format string, args ...interface{}) {
-	logger.Warnf(format, args...)
-}
-
-func (logger *Logger) Errorf(format string, args ...interface{}) {
-	logger.Logf(ErrorLevel, format, args...)
-}
-
-func (logger *Logger) Fatalf(format string, args ...interface{}) {
-	logger.Logf(FatalLevel, format, args...)
-	logger.Exit(1)
-}
-
-func (logger *Logger) Panicf(format string, args ...interface{}) {
-	logger.Logf(PanicLevel, format, args...)
-}
-
-func (logger *Logger) Log(level Level, args ...interface{}) {
-	if logger.IsLevelEnabled(level) {
-		entry := logger.newEntry()
-		entry.Log(level, args...)
-		logger.releaseEntry(entry)
-	}
-}
-
-func (logger *Logger) Trace(args ...interface{}) {
-	logger.Log(TraceLevel, args...)
-}
-
-func (logger *Logger) Debug(args ...interface{}) {
-	logger.Log(DebugLevel, args...)
-}
-
-func (logger *Logger) Info(args ...interface{}) {
-	logger.Log(InfoLevel, args...)
-}
-
-func (logger *Logger) Print(args ...interface{}) {
-	entry := logger.newEntry()
-	entry.Print(args...)
-	logger.releaseEntry(entry)
-}
-
-func (logger *Logger) Warn(args ...interface{}) {
-	logger.Log(WarnLevel, args...)
-}
-
-func (logger *Logger) Warning(args ...interface{}) {
-	logger.Warn(args...)
-}
-
-func (logger *Logger) Error(args ...interface{}) {
-	logger.Log(ErrorLevel, args...)
-}
-
-func (logger *Logger) Fatal(args ...interface{}) {
-	logger.Log(FatalLevel, args...)
-	logger.Exit(1)
-}
-
-func (logger *Logger) Panic(args ...interface{}) {
-	logger.Log(PanicLevel, args...)
-}
-
-func (logger *Logger) Logln(level Level, args ...interface{}) {
-	if logger.IsLevelEnabled(level) {
-		entry := logger.newEntry()
-		entry.Logln(level, args...)
-		logger.releaseEntry(entry)
-	}
-}
-
-func (logger *Logger) Traceln(args ...interface{}) {
-	logger.Logln(TraceLevel, args...)
-}
-
-func (logger *Logger) Debugln(args ...interface{}) {
-	logger.Logln(DebugLevel, args...)
-}
-
-func (logger *Logger) Infoln(args ...interface{}) {
-	logger.Logln(InfoLevel, args...)
-}
-
-func (logger *Logger) Println(args ...interface{}) {
-	entry := logger.newEntry()
-	entry.Println(args...)
-	logger.releaseEntry(entry)
-}
-
-func (logger *Logger) Warnln(args ...interface{}) {
-	logger.Logln(WarnLevel, args...)
-}
-
-func (logger *Logger) Warningln(args ...interface{}) {
-	logger.Warnln(args...)
-}
-
-func (logger *Logger) Errorln(args ...interface{}) {
-	logger.Logln(ErrorLevel, args...)
-}
-
-func (logger *Logger) Fatalln(args ...interface{}) {
-	logger.Logln(FatalLevel, args...)
-	logger.Exit(1)
-}
-
-func (logger *Logger) Panicln(args ...interface{}) {
-	logger.Logln(PanicLevel, args...)
-}
-
-func (logger *Logger) Exit(code int) {
-	runHandlers()
-	if logger.ExitFunc == nil {
-		logger.ExitFunc = os.Exit
-	}
-	logger.ExitFunc(code)
-}
-
-//When file is opened with appending mode, it's safe to
-//write concurrently to a file (within 4k message on Linux).
-//In these cases user can choose to disable the lock.
-func (logger *Logger) SetNoLock() {
-	logger.mu.Disable()
-}
-
-func (logger *Logger) level() Level {
-	return Level(atomic.LoadUint32((*uint32)(&logger.Level)))
-}
-
-// SetLevel sets the logger level.
-func (logger *Logger) SetLevel(level Level) {
-	atomic.StoreUint32((*uint32)(&logger.Level), uint32(level))
-}
-
-// GetLevel returns the logger level.
-func (logger *Logger) GetLevel() Level {
-	return logger.level()
-}
-
-// AddHook adds a hook to the logger hooks.
-func (logger *Logger) AddHook(hook Hook) {
-	logger.mu.Lock()
-	defer logger.mu.Unlock()
-	logger.Hooks.Add(hook)
-}
-
-// IsLevelEnabled checks if the log level of the logger is greater than the level param
-func (logger *Logger) IsLevelEnabled(level Level) bool {
-	return logger.level() >= level
-}
-
-// SetFormatter sets the logger formatter.
-func (logger *Logger) SetFormatter(formatter Formatter) {
-	logger.mu.Lock()
-	defer logger.mu.Unlock()
-	logger.Formatter = formatter
-}
-
-// SetOutput sets the logger output.
-func (logger *Logger) SetOutput(output io.Writer) {
-	logger.mu.Lock()
-	defer logger.mu.Unlock()
-	logger.Out = output
-}
-
-func (logger *Logger) SetReportCaller(reportCaller bool) {
-	logger.mu.Lock()
-	defer logger.mu.Unlock()
-	logger.ReportCaller = reportCaller
-}
-
-// ReplaceHooks replaces the logger hooks and returns the old ones
-func (logger *Logger) ReplaceHooks(hooks LevelHooks) LevelHooks {
-	logger.mu.Lock()
-	oldHooks := logger.Hooks
-	logger.Hooks = hooks
-	logger.mu.Unlock()
-	return oldHooks
-}
diff --git a/vendor/github.com/sirupsen/logrus/logrus.go b/vendor/github.com/sirupsen/logrus/logrus.go
deleted file mode 100644
index 8644761f..00000000
--- a/vendor/github.com/sirupsen/logrus/logrus.go
+++ /dev/null
@@ -1,186 +0,0 @@
-package logrus
-
-import (
-	"fmt"
-	"log"
-	"strings"
-)
-
-// Fields type, used to pass to `WithFields`.
-type Fields map[string]interface{}
-
-// Level type
-type Level uint32
-
-// Convert the Level to a string. E.g. PanicLevel becomes "panic".
-func (level Level) String() string {
-	if b, err := level.MarshalText(); err == nil {
-		return string(b)
-	} else {
-		return "unknown"
-	}
-}
-
-// ParseLevel takes a string level and returns the Logrus log level constant.
-func ParseLevel(lvl string) (Level, error) {
-	switch strings.ToLower(lvl) {
-	case "panic":
-		return PanicLevel, nil
-	case "fatal":
-		return FatalLevel, nil
-	case "error":
-		return ErrorLevel, nil
-	case "warn", "warning":
-		return WarnLevel, nil
-	case "info":
-		return InfoLevel, nil
-	case "debug":
-		return DebugLevel, nil
-	case "trace":
-		return TraceLevel, nil
-	}
-
-	var l Level
-	return l, fmt.Errorf("not a valid logrus Level: %q", lvl)
-}
-
-// UnmarshalText implements encoding.TextUnmarshaler.
-func (level *Level) UnmarshalText(text []byte) error {
-	l, err := ParseLevel(string(text))
-	if err != nil {
-		return err
-	}
-
-	*level = Level(l)
-
-	return nil
-}
-
-func (level Level) MarshalText() ([]byte, error) {
-	switch level {
-	case TraceLevel:
-		return []byte("trace"), nil
-	case DebugLevel:
-		return []byte("debug"), nil
-	case InfoLevel:
-		return []byte("info"), nil
-	case WarnLevel:
-		return []byte("warning"), nil
-	case ErrorLevel:
-		return []byte("error"), nil
-	case FatalLevel:
-		return []byte("fatal"), nil
-	case PanicLevel:
-		return []byte("panic"), nil
-	}
-
-	return nil, fmt.Errorf("not a valid logrus level %d", level)
-}
-
-// A constant exposing all logging levels
-var AllLevels = []Level{
-	PanicLevel,
-	FatalLevel,
-	ErrorLevel,
-	WarnLevel,
-	InfoLevel,
-	DebugLevel,
-	TraceLevel,
-}
-
-// These are the different logging levels. You can set the logging level to log
-// on your instance of logger, obtained with `logrus.New()`.
-const (
-	// PanicLevel level, highest level of severity. Logs and then calls panic with the
-	// message passed to Debug, Info, ...
-	PanicLevel Level = iota
-	// FatalLevel level. Logs and then calls `logger.Exit(1)`. It will exit even if the
-	// logging level is set to Panic.
-	FatalLevel
-	// ErrorLevel level. Logs. Used for errors that should definitely be noted.
-	// Commonly used for hooks to send errors to an error tracking service.
-	ErrorLevel
-	// WarnLevel level. Non-critical entries that deserve eyes.
-	WarnLevel
-	// InfoLevel level. General operational entries about what's going on inside the
-	// application.
-	InfoLevel
-	// DebugLevel level. Usually only enabled when debugging. Very verbose logging.
-	DebugLevel
-	// TraceLevel level. Designates finer-grained informational events than the Debug.
-	TraceLevel
-)
-
-// Won't compile if StdLogger can't be realized by a log.Logger
-var (
-	_ StdLogger = &log.Logger{}
-	_ StdLogger = &Entry{}
-	_ StdLogger = &Logger{}
-)
-
-// StdLogger is what your logrus-enabled library should take, that way
-// it'll accept a stdlib logger and a logrus logger. There's no standard
-// interface, this is the closest we get, unfortunately.
-type StdLogger interface {
-	Print(...interface{})
-	Printf(string, ...interface{})
-	Println(...interface{})
-
-	Fatal(...interface{})
-	Fatalf(string, ...interface{})
-	Fatalln(...interface{})
-
-	Panic(...interface{})
-	Panicf(string, ...interface{})
-	Panicln(...interface{})
-}
-
-// The FieldLogger interface generalizes the Entry and Logger types
-type FieldLogger interface {
-	WithField(key string, value interface{}) *Entry
-	WithFields(fields Fields) *Entry
-	WithError(err error) *Entry
-
-	Debugf(format string, args ...interface{})
-	Infof(format string, args ...interface{})
-	Printf(format string, args ...interface{})
-	Warnf(format string, args ...interface{})
-	Warningf(format string, args ...interface{})
-	Errorf(format string, args ...interface{})
-	Fatalf(format string, args ...interface{})
-	Panicf(format string, args ...interface{})
-
-	Debug(args ...interface{})
-	Info(args ...interface{})
-	Print(args ...interface{})
-	Warn(args ...interface{})
-	Warning(args ...interface{})
-	Error(args ...interface{})
-	Fatal(args ...interface{})
-	Panic(args ...interface{})
-
-	Debugln(args ...interface{})
-	Infoln(args ...interface{})
-	Println(args ...interface{})
-	Warnln(args ...interface{})
-	Warningln(args ...interface{})
-	Errorln(args ...interface{})
-	Fatalln(args ...interface{})
-	Panicln(args ...interface{})
-
-	// IsDebugEnabled() bool
-	// IsInfoEnabled() bool
-	// IsWarnEnabled() bool
-	// IsErrorEnabled() bool
-	// IsFatalEnabled() bool
-	// IsPanicEnabled() bool
-}
-
-// Ext1FieldLogger (the first extension to FieldLogger) is superfluous, it is
-// here for consistancy. Do not use. Use Logger or Entry instead.
-type Ext1FieldLogger interface {
-	FieldLogger
-	Tracef(format string, args ...interface{})
-	Trace(args ...interface{})
-	Traceln(args ...interface{})
-}
diff --git a/vendor/github.com/sirupsen/logrus/terminal_check_appengine.go b/vendor/github.com/sirupsen/logrus/terminal_check_appengine.go
deleted file mode 100644
index 2403de98..00000000
--- a/vendor/github.com/sirupsen/logrus/terminal_check_appengine.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// +build appengine
-
-package logrus
-
-import (
-	"io"
-)
-
-func checkIfTerminal(w io.Writer) bool {
-	return true
-}
diff --git a/vendor/github.com/sirupsen/logrus/terminal_check_bsd.go b/vendor/github.com/sirupsen/logrus/terminal_check_bsd.go
deleted file mode 100644
index 3c4f43f9..00000000
--- a/vendor/github.com/sirupsen/logrus/terminal_check_bsd.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// +build darwin dragonfly freebsd netbsd openbsd
-
-package logrus
-
-import "golang.org/x/sys/unix"
-
-const ioctlReadTermios = unix.TIOCGETA
-
-func isTerminal(fd int) bool {
-	_, err := unix.IoctlGetTermios(fd, ioctlReadTermios)
-	return err == nil
-}
-
diff --git a/vendor/github.com/sirupsen/logrus/terminal_check_no_terminal.go b/vendor/github.com/sirupsen/logrus/terminal_check_no_terminal.go
deleted file mode 100644
index 97af92c6..00000000
--- a/vendor/github.com/sirupsen/logrus/terminal_check_no_terminal.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// +build js nacl plan9
-
-package logrus
-
-import (
-	"io"
-)
-
-func checkIfTerminal(w io.Writer) bool {
-	return false
-}
diff --git a/vendor/github.com/sirupsen/logrus/terminal_check_notappengine.go b/vendor/github.com/sirupsen/logrus/terminal_check_notappengine.go
deleted file mode 100644
index 3293fb3c..00000000
--- a/vendor/github.com/sirupsen/logrus/terminal_check_notappengine.go
+++ /dev/null
@@ -1,17 +0,0 @@
-// +build !appengine,!js,!windows,!nacl,!plan9
-
-package logrus
-
-import (
-	"io"
-	"os"
-)
-
-func checkIfTerminal(w io.Writer) bool {
-	switch v := w.(type) {
-	case *os.File:
-		return isTerminal(int(v.Fd()))
-	default:
-		return false
-	}
-}
diff --git a/vendor/github.com/sirupsen/logrus/terminal_check_solaris.go b/vendor/github.com/sirupsen/logrus/terminal_check_solaris.go
deleted file mode 100644
index f6710b3b..00000000
--- a/vendor/github.com/sirupsen/logrus/terminal_check_solaris.go
+++ /dev/null
@@ -1,11 +0,0 @@
-package logrus
-
-import (
-	"golang.org/x/sys/unix"
-)
-
-// IsTerminal returns true if the given file descriptor is a terminal.
-func isTerminal(fd int) bool {
-	_, err := unix.IoctlGetTermio(fd, unix.TCGETA)
-	return err == nil
-}
diff --git a/vendor/github.com/sirupsen/logrus/terminal_check_unix.go b/vendor/github.com/sirupsen/logrus/terminal_check_unix.go
deleted file mode 100644
index 355dc966..00000000
--- a/vendor/github.com/sirupsen/logrus/terminal_check_unix.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// +build linux aix
-
-package logrus
-
-import "golang.org/x/sys/unix"
-
-const ioctlReadTermios = unix.TCGETS
-
-func isTerminal(fd int) bool {
-	_, err := unix.IoctlGetTermios(fd, ioctlReadTermios)
-	return err == nil
-}
-
diff --git a/vendor/github.com/sirupsen/logrus/terminal_check_windows.go b/vendor/github.com/sirupsen/logrus/terminal_check_windows.go
deleted file mode 100644
index 572889db..00000000
--- a/vendor/github.com/sirupsen/logrus/terminal_check_windows.go
+++ /dev/null
@@ -1,34 +0,0 @@
-// +build !appengine,!js,windows
-
-package logrus
-
-import (
-	"io"
-	"os"
-	"syscall"
-
-	sequences "github.com/konsorten/go-windows-terminal-sequences"
-)
-
-func initTerminal(w io.Writer) {
-	switch v := w.(type) {
-	case *os.File:
-		sequences.EnableVirtualTerminalProcessing(syscall.Handle(v.Fd()), true)
-	}
-}
-
-func checkIfTerminal(w io.Writer) bool {
-	var ret bool
-	switch v := w.(type) {
-	case *os.File:
-		var mode uint32
-		err := syscall.GetConsoleMode(syscall.Handle(v.Fd()), &mode)
-		ret = (err == nil)
-	default:
-		ret = false
-	}
-	if ret {
-		initTerminal(w)
-	}
-	return ret
-}
diff --git a/vendor/github.com/sirupsen/logrus/text_formatter.go b/vendor/github.com/sirupsen/logrus/text_formatter.go
deleted file mode 100644
index e01587c4..00000000
--- a/vendor/github.com/sirupsen/logrus/text_formatter.go
+++ /dev/null
@@ -1,295 +0,0 @@
-package logrus
-
-import (
-	"bytes"
-	"fmt"
-	"os"
-	"runtime"
-	"sort"
-	"strings"
-	"sync"
-	"time"
-)
-
-const (
-	red    = 31
-	yellow = 33
-	blue   = 36
-	gray   = 37
-)
-
-var baseTimestamp time.Time
-
-func init() {
-	baseTimestamp = time.Now()
-}
-
-// TextFormatter formats logs into text
-type TextFormatter struct {
-	// Set to true to bypass checking for a TTY before outputting colors.
-	ForceColors bool
-
-	// Force disabling colors.
-	DisableColors bool
-
-	// Override coloring based on CLICOLOR and CLICOLOR_FORCE. - https://bixense.com/clicolors/
-	EnvironmentOverrideColors bool
-
-	// Disable timestamp logging. useful when output is redirected to logging
-	// system that already adds timestamps.
-	DisableTimestamp bool
-
-	// Enable logging the full timestamp when a TTY is attached instead of just
-	// the time passed since beginning of execution.
-	FullTimestamp bool
-
-	// TimestampFormat to use for display when a full timestamp is printed
-	TimestampFormat string
-
-	// The fields are sorted by default for a consistent output. For applications
-	// that log extremely frequently and don't use the JSON formatter this may not
-	// be desired.
-	DisableSorting bool
-
-	// The keys sorting function, when uninitialized it uses sort.Strings.
-	SortingFunc func([]string)
-
-	// Disables the truncation of the level text to 4 characters.
-	DisableLevelTruncation bool
-
-	// QuoteEmptyFields will wrap empty fields in quotes if true
-	QuoteEmptyFields bool
-
-	// Whether the logger's out is to a terminal
-	isTerminal bool
-
-	// FieldMap allows users to customize the names of keys for default fields.
-	// As an example:
-	// formatter := &TextFormatter{
-	//     FieldMap: FieldMap{
-	//         FieldKeyTime:  "@timestamp",
-	//         FieldKeyLevel: "@level",
-	//         FieldKeyMsg:   "@message"}}
-	FieldMap FieldMap
-
-	// CallerPrettyfier can be set by the user to modify the content
-	// of the function and file keys in the data when ReportCaller is
-	// activated. If any of the returned value is the empty string the
-	// corresponding key will be removed from fields.
-	CallerPrettyfier func(*runtime.Frame) (function string, file string)
-
-	terminalInitOnce sync.Once
-}
-
-func (f *TextFormatter) init(entry *Entry) {
-	if entry.Logger != nil {
-		f.isTerminal = checkIfTerminal(entry.Logger.Out)
-	}
-}
-
-func (f *TextFormatter) isColored() bool {
-	isColored := f.ForceColors || (f.isTerminal && (runtime.GOOS != "windows"))
-
-	if f.EnvironmentOverrideColors {
-		if force, ok := os.LookupEnv("CLICOLOR_FORCE"); ok && force != "0" {
-			isColored = true
-		} else if ok && force == "0" {
-			isColored = false
-		} else if os.Getenv("CLICOLOR") == "0" {
-			isColored = false
-		}
-	}
-
-	return isColored && !f.DisableColors
-}
-
-// Format renders a single log entry
-func (f *TextFormatter) Format(entry *Entry) ([]byte, error) {
-	data := make(Fields)
-	for k, v := range entry.Data {
-		data[k] = v
-	}
-	prefixFieldClashes(data, f.FieldMap, entry.HasCaller())
-	keys := make([]string, 0, len(data))
-	for k := range data {
-		keys = append(keys, k)
-	}
-
-	var funcVal, fileVal string
-
-	fixedKeys := make([]string, 0, 4+len(data))
-	if !f.DisableTimestamp {
-		fixedKeys = append(fixedKeys, f.FieldMap.resolve(FieldKeyTime))
-	}
-	fixedKeys = append(fixedKeys, f.FieldMap.resolve(FieldKeyLevel))
-	if entry.Message != "" {
-		fixedKeys = append(fixedKeys, f.FieldMap.resolve(FieldKeyMsg))
-	}
-	if entry.err != "" {
-		fixedKeys = append(fixedKeys, f.FieldMap.resolve(FieldKeyLogrusError))
-	}
-	if entry.HasCaller() {
-		if f.CallerPrettyfier != nil {
-			funcVal, fileVal = f.CallerPrettyfier(entry.Caller)
-		} else {
-			funcVal = entry.Caller.Function
-			fileVal = fmt.Sprintf("%s:%d", entry.Caller.File, entry.Caller.Line)
-		}
-
-		if funcVal != "" {
-			fixedKeys = append(fixedKeys, f.FieldMap.resolve(FieldKeyFunc))
-		}
-		if fileVal != "" {
-			fixedKeys = append(fixedKeys, f.FieldMap.resolve(FieldKeyFile))
-		}
-	}
-
-	if !f.DisableSorting {
-		if f.SortingFunc == nil {
-			sort.Strings(keys)
-			fixedKeys = append(fixedKeys, keys...)
-		} else {
-			if !f.isColored() {
-				fixedKeys = append(fixedKeys, keys...)
-				f.SortingFunc(fixedKeys)
-			} else {
-				f.SortingFunc(keys)
-			}
-		}
-	} else {
-		fixedKeys = append(fixedKeys, keys...)
-	}
-
-	var b *bytes.Buffer
-	if entry.Buffer != nil {
-		b = entry.Buffer
-	} else {
-		b = &bytes.Buffer{}
-	}
-
-	f.terminalInitOnce.Do(func() { f.init(entry) })
-
-	timestampFormat := f.TimestampFormat
-	if timestampFormat == "" {
-		timestampFormat = defaultTimestampFormat
-	}
-	if f.isColored() {
-		f.printColored(b, entry, keys, data, timestampFormat)
-	} else {
-
-		for _, key := range fixedKeys {
-			var value interface{}
-			switch {
-			case key == f.FieldMap.resolve(FieldKeyTime):
-				value = entry.Time.Format(timestampFormat)
-			case key == f.FieldMap.resolve(FieldKeyLevel):
-				value = entry.Level.String()
-			case key == f.FieldMap.resolve(FieldKeyMsg):
-				value = entry.Message
-			case key == f.FieldMap.resolve(FieldKeyLogrusError):
-				value = entry.err
-			case key == f.FieldMap.resolve(FieldKeyFunc) && entry.HasCaller():
-				value = funcVal
-			case key == f.FieldMap.resolve(FieldKeyFile) && entry.HasCaller():
-				value = fileVal
-			default:
-				value = data[key]
-			}
-			f.appendKeyValue(b, key, value)
-		}
-	}
-
-	b.WriteByte('\n')
-	return b.Bytes(), nil
-}
-
-func (f *TextFormatter) printColored(b *bytes.Buffer, entry *Entry, keys []string, data Fields, timestampFormat string) {
-	var levelColor int
-	switch entry.Level {
-	case DebugLevel, TraceLevel:
-		levelColor = gray
-	case WarnLevel:
-		levelColor = yellow
-	case ErrorLevel, FatalLevel, PanicLevel:
-		levelColor = red
-	default:
-		levelColor = blue
-	}
-
-	levelText := strings.ToUpper(entry.Level.String())
-	if !f.DisableLevelTruncation {
-		levelText = levelText[0:4]
-	}
-
-	// Remove a single newline if it already exists in the message to keep
-	// the behavior of logrus text_formatter the same as the stdlib log package
-	entry.Message = strings.TrimSuffix(entry.Message, "\n")
-
-	caller := ""
-	if entry.HasCaller() {
-		funcVal := fmt.Sprintf("%s()", entry.Caller.Function)
-		fileVal := fmt.Sprintf("%s:%d", entry.Caller.File, entry.Caller.Line)
-
-		if f.CallerPrettyfier != nil {
-			funcVal, fileVal = f.CallerPrettyfier(entry.Caller)
-		}
-
-		if fileVal == "" {
-			caller = funcVal
-		} else if funcVal == "" {
-			caller = fileVal
-		} else {
-			caller = fileVal + " " + funcVal
-		}
-	}
-
-	if f.DisableTimestamp {
-		fmt.Fprintf(b, "\x1b[%dm%s\x1b[0m%s %-44s ", levelColor, levelText, caller, entry.Message)
-	} else if !f.FullTimestamp {
-		fmt.Fprintf(b, "\x1b[%dm%s\x1b[0m[%04d]%s %-44s ", levelColor, levelText, int(entry.Time.Sub(baseTimestamp)/time.Second), caller, entry.Message)
-	} else {
-		fmt.Fprintf(b, "\x1b[%dm%s\x1b[0m[%s]%s %-44s ", levelColor, levelText, entry.Time.Format(timestampFormat), caller, entry.Message)
-	}
-	for _, k := range keys {
-		v := data[k]
-		fmt.Fprintf(b, " \x1b[%dm%s\x1b[0m=", levelColor, k)
-		f.appendValue(b, v)
-	}
-}
-
-func (f *TextFormatter) needsQuoting(text string) bool {
-	if f.QuoteEmptyFields && len(text) == 0 {
-		return true
-	}
-	for _, ch := range text {
-		if !((ch >= 'a' && ch <= 'z') ||
-			(ch >= 'A' && ch <= 'Z') ||
-			(ch >= '0' && ch <= '9') ||
-			ch == '-' || ch == '.' || ch == '_' || ch == '/' || ch == '@' || ch == '^' || ch == '+') {
-			return true
-		}
-	}
-	return false
-}
-
-func (f *TextFormatter) appendKeyValue(b *bytes.Buffer, key string, value interface{}) {
-	if b.Len() > 0 {
-		b.WriteByte(' ')
-	}
-	b.WriteString(key)
-	b.WriteByte('=')
-	f.appendValue(b, value)
-}
-
-func (f *TextFormatter) appendValue(b *bytes.Buffer, value interface{}) {
-	stringVal, ok := value.(string)
-	if !ok {
-		stringVal = fmt.Sprint(value)
-	}
-
-	if !f.needsQuoting(stringVal) {
-		b.WriteString(stringVal)
-	} else {
-		b.WriteString(fmt.Sprintf("%q", stringVal))
-	}
-}
diff --git a/vendor/github.com/sirupsen/logrus/writer.go b/vendor/github.com/sirupsen/logrus/writer.go
deleted file mode 100644
index 9e1f7513..00000000
--- a/vendor/github.com/sirupsen/logrus/writer.go
+++ /dev/null
@@ -1,64 +0,0 @@
-package logrus
-
-import (
-	"bufio"
-	"io"
-	"runtime"
-)
-
-func (logger *Logger) Writer() *io.PipeWriter {
-	return logger.WriterLevel(InfoLevel)
-}
-
-func (logger *Logger) WriterLevel(level Level) *io.PipeWriter {
-	return NewEntry(logger).WriterLevel(level)
-}
-
-func (entry *Entry) Writer() *io.PipeWriter {
-	return entry.WriterLevel(InfoLevel)
-}
-
-func (entry *Entry) WriterLevel(level Level) *io.PipeWriter {
-	reader, writer := io.Pipe()
-
-	var printFunc func(args ...interface{})
-
-	switch level {
-	case TraceLevel:
-		printFunc = entry.Trace
-	case DebugLevel:
-		printFunc = entry.Debug
-	case InfoLevel:
-		printFunc = entry.Info
-	case WarnLevel:
-		printFunc = entry.Warn
-	case ErrorLevel:
-		printFunc = entry.Error
-	case FatalLevel:
-		printFunc = entry.Fatal
-	case PanicLevel:
-		printFunc = entry.Panic
-	default:
-		printFunc = entry.Print
-	}
-
-	go entry.writerScanner(reader, printFunc)
-	runtime.SetFinalizer(writer, writerFinalizer)
-
-	return writer
-}
-
-func (entry *Entry) writerScanner(reader *io.PipeReader, printFunc func(args ...interface{})) {
-	scanner := bufio.NewScanner(reader)
-	for scanner.Scan() {
-		printFunc(scanner.Text())
-	}
-	if err := scanner.Err(); err != nil {
-		entry.Errorf("Error while reading from Writer: %s", err)
-	}
-	reader.Close()
-}
-
-func writerFinalizer(writer *io.PipeWriter) {
-	writer.Close()
-}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index ac92dbe5..307f6033 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -2,6 +2,10 @@
 github.com/BurntSushi/toml
 # github.com/DATA-DOG/go-sqlmock v1.3.3
 github.com/DATA-DOG/go-sqlmock
+# github.com/acmacalister/skittles v0.0.0-20160609003031-7423546701e1
+github.com/acmacalister/skittles
+# github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4
+github.com/alecthomas/units
 # github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239
 github.com/anmitsu/go-shlex
 # github.com/aws/aws-sdk-go v1.25.8
@@ -52,9 +56,6 @@ github.com/cloudflare/brotli-go/brotli
 github.com/cloudflare/brotli-go/common
 github.com/cloudflare/brotli-go/dec
 github.com/cloudflare/brotli-go/enc
-# github.com/cloudflare/cfssl v0.0.0-20141119014638-2f7f44e802e2
-github.com/cloudflare/cfssl/log
-github.com/cloudflare/cfssl/revoke
 # github.com/cloudflare/golibs v0.0.0-20170913112048-333127dbecfc
 github.com/cloudflare/golibs/lrucache
 # github.com/cloudflare/golz4 v0.0.0-20150217214814-ef862a3cdc58
@@ -137,8 +138,6 @@ github.com/jmespath/go-jmespath
 # github.com/jmoiron/sqlx v1.2.0
 github.com/jmoiron/sqlx
 github.com/jmoiron/sqlx/reflectx
-# github.com/konsorten/go-windows-terminal-sequences v1.0.2
-github.com/konsorten/go-windows-terminal-sequences
 # github.com/kshvakov/clickhouse v1.3.11
 github.com/kshvakov/clickhouse
 github.com/kshvakov/clickhouse/lib/binary
@@ -154,10 +153,6 @@ github.com/kshvakov/clickhouse/lib/writebuffer
 github.com/lib/pq
 github.com/lib/pq/oid
 github.com/lib/pq/scram
-# github.com/mattn/go-colorable v0.1.4
-github.com/mattn/go-colorable
-# github.com/mattn/go-isatty v0.0.10
-github.com/mattn/go-isatty
 # github.com/mattn/go-sqlite3 v1.11.0
 github.com/mattn/go-sqlite3
 # github.com/matttproud/golang_protobuf_extensions v1.0.1
@@ -194,10 +189,6 @@ github.com/prometheus/common/model
 github.com/prometheus/procfs
 github.com/prometheus/procfs/internal/fs
 github.com/prometheus/procfs/internal/util
-# github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5
-github.com/rifflock/lfshook
-# github.com/sirupsen/logrus v1.4.2
-github.com/sirupsen/logrus
 # github.com/stretchr/testify v1.3.0
 github.com/stretchr/testify/assert
 github.com/stretchr/testify/require
diff --git a/watcher/file_test.go b/watcher/file_test.go
index ab09fe42..93f57769 100644
--- a/watcher/file_test.go
+++ b/watcher/file_test.go
@@ -47,7 +47,7 @@ func TestFileChanged(t *testing.T) {
 	assert.NoError(t, err)
 
 	// give it time to trigger
-	time.Sleep(10 * time.Millisecond)
+	time.Sleep(20 * time.Millisecond)
 	service.Shutdown()
 
 	assert.Equal(t, filePath, n.eventPath, "notifier didn't get an new file write event")
diff --git a/websocket/websocket.go b/websocket/websocket.go
index 31d7f3d8..961a10f9 100644
--- a/websocket/websocket.go
+++ b/websocket/websocket.go
@@ -14,9 +14,9 @@ import (
 	"time"
 
 	"github.com/cloudflare/cloudflared/h2mux"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/sshserver"
 	"github.com/gorilla/websocket"
-	"github.com/sirupsen/logrus"
 )
 
 const (
@@ -125,7 +125,7 @@ func DefaultStreamHandler(wsConn *Conn, remoteConn net.Conn, _ http.Header) {
 
 // StartProxyServer will start a websocket server that will decode
 // the websocket data and write the resulting data to the provided
-func StartProxyServer(logger *logrus.Logger, listener net.Listener, staticHost string, shutdownC <-chan struct{}, streamHandler func(wsConn *Conn, remoteConn net.Conn, requestHeaders http.Header)) error {
+func StartProxyServer(logger logger.Service, listener net.Listener, staticHost string, shutdownC <-chan struct{}, streamHandler func(wsConn *Conn, remoteConn net.Conn, requestHeaders http.Header)) error {
 	upgrader := websocket.Upgrader{
 		ReadBufferSize:  1024,
 		WriteBufferSize: 1024,
@@ -151,7 +151,7 @@ func StartProxyServer(logger *logrus.Logger, listener net.Listener, staticHost s
 
 		stream, err := net.Dial("tcp", finalDestination)
 		if err != nil {
-			logger.WithError(err).Error("Cannot connect to remote.")
+			logger.Errorf("Cannot connect to remote: %s", err)
 			return
 		}
 		defer stream.Close()
@@ -162,7 +162,7 @@ func StartProxyServer(logger *logrus.Logger, listener net.Listener, staticHost s
 		}
 		conn, err := upgrader.Upgrade(w, r, nil)
 		if err != nil {
-			logger.WithError(err).Error("failed to upgrade")
+			logger.Errorf("failed to upgrade: %s", err)
 			return
 		}
 		conn.SetReadDeadline(time.Now().Add(pongWait))
@@ -250,14 +250,14 @@ func changeRequestScheme(req *http.Request) string {
 }
 
 // pinger simulates the websocket connection to keep it alive
-func pinger(logger *logrus.Logger, ws *websocket.Conn, done chan struct{}) {
+func pinger(logger logger.Service, ws *websocket.Conn, done chan struct{}) {
 	ticker := time.NewTicker(pingPeriod)
 	defer ticker.Stop()
 	for {
 		select {
 		case <-ticker.C:
 			if err := ws.WriteControl(websocket.PingMessage, []byte{}, time.Now().Add(writeWait)); err != nil {
-				logger.WithError(err).Debug("failed to send ping message")
+				logger.Debugf("failed to send ping message: %s", err)
 			}
 		case <-done:
 			return
diff --git a/websocket/websocket_test.go b/websocket/websocket_test.go
index 1b5eef48..615753a0 100644
--- a/websocket/websocket_test.go
+++ b/websocket/websocket_test.go
@@ -9,8 +9,8 @@ import (
 	"testing"
 
 	"github.com/cloudflare/cloudflared/hello"
+	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/tlsconfig"
-	"github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 	"golang.org/x/net/websocket"
 )
@@ -62,7 +62,7 @@ func TestGenerateAcceptKey(t *testing.T) {
 }
 
 func TestServe(t *testing.T) {
-	logger := logrus.New()
+	logger := logger.NewOutputWriter(logger.NewMockWriteManager())
 	shutdownC := make(chan struct{})
 	errC := make(chan error)
 	listener, err := hello.CreateTLSListener("localhost:1111")
@@ -105,7 +105,7 @@ func TestServe(t *testing.T) {
 // 	remoteAddress := "localhost:1113"
 // 	listenerAddress := "localhost:1112"
 // 	message := "Good morning Austin! Time for another sunny day in the great state of Texas."
-// 	logger := logrus.New()
+// 	logger := logger.NewOutputWriter(logger.NewMockWriteManager())
 // 	shutdownC := make(chan struct{})
 
 // 	listener, err := net.Listen("tcp", listenerAddress)

From be0514c5c93a47c9ff9d83b6a1301a1fc0b06d3f Mon Sep 17 00:00:00 2001
From: Michael Fornaro <dreamappsoftware@gmail.com>
Date: Fri, 29 May 2020 11:06:27 +1000
Subject: [PATCH 060/100] Adding support for multi-architecture images and
 binaries (#184)

* Allow Dockerfile --build-args to override GOOS and GOARCH defaults

Allow Dockerfile --build-args to override GOOS and GOARCH defaults

Support building multi architecture binaries

remove default OS and ARCH to avoid tag confusion when compiling image through Makefile

Tag image with corrosponding OS and ARCH build variables

updating Makefile

Signed-off-by: Michael Fornaro <20387402+xUnholy@users.noreply.github.com>

* remove duplicate import on windows_service.go

Signed-off-by: Michael Fornaro <20387402+xUnholy@users.noreply.github.com>
---
 Dockerfile                         | 11 ++++-----
 Makefile                           | 36 ++++++++++++++++++++++--------
 cmd/cloudflared/windows_service.go |  1 -
 3 files changed, 33 insertions(+), 15 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 97ef11e3..ca5716b6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,11 @@
 # use a builder image for building cloudflare
+ARG TARGET_GOOS
+ARG TARGET_GOARCH
 FROM golang:1.13.3 as builder
-ENV GO111MODULE=on
-ENV CGO_ENABLED=0
-ENV GOOS=linux
+ENV GO111MODULE=on \
+    CGO_ENABLED=0 \
+    TARGET_GOOS=${TARGET_GOOS} \
+    TARGET_GOARCH=${TARGET_GOARCH}
 
 WORKDIR /go/src/github.com/cloudflare/cloudflared/
 
@@ -12,8 +15,6 @@ COPY . .
 # compile cloudflared
 RUN make cloudflared
 
-# ---
-
 # use a distroless base image with glibc
 FROM gcr.io/distroless/base-debian10:nonroot
 
diff --git a/Makefile b/Makefile
index 7aef9225..12ec9209 100644
--- a/Makefile
+++ b/Makefile
@@ -7,17 +7,35 @@ PACKAGE_DIR   := $(CURDIR)/packaging
 INSTALL_BINDIR := usr/local/bin
 
 EQUINOX_FLAGS = --version="$(VERSION)" \
-				 --platforms="$(EQUINOX_BUILD_PLATFORMS)" \
-				 --app="$(EQUINOX_APP_ID)" \
-				 --token="$(EQUINOX_TOKEN)" \
-				 --channel="$(EQUINOX_CHANNEL)"
+	--platforms="$(EQUINOX_BUILD_PLATFORMS)" \
+	--app="$(EQUINOX_APP_ID)" \
+	--token="$(EQUINOX_TOKEN)" \
+	--channel="$(EQUINOX_CHANNEL)"
 
 ifeq ($(EQUINOX_IS_DRAFT), true)
 	EQUINOX_FLAGS := --draft $(EQUINOX_FLAGS)
 endif
 
-ifeq ($(GOARCH),)
-	GOARCH := amd64
+LOCAL_ARCH ?= $(shell uname -m)
+ifeq ($(LOCAL_ARCH),x86_64)
+    TARGET_ARCH ?= amd64
+else ifeq ($(shell echo $(LOCAL_ARCH) | head -c 5),armv8)
+    TARGET_ARCH ?= arm64
+else ifeq ($(LOCAL_ARCH),aarch64)
+    TARGET_ARCH ?= arm64
+else ifeq ($(shell echo $(LOCAL_ARCH) | head -c 4),armv)
+    TARGET_ARCH ?= arm
+else
+    $(error This system's architecture $(LOCAL_ARCH) isn't supported)
+endif
+
+LOCAL_OS ?= $(shell go env GOOS)
+ifeq ($(LOCAL_OS),linux)
+    TARGET_OS ?= linux
+else ifeq ($(LOCAL_OS),darwin)
+    TARGET_OS ?= darwin
+else
+    $(error This system's OS $(LOCAL_OS) isn't supported)
 endif
 
 .PHONY: all
@@ -29,11 +47,11 @@ clean:
 
 .PHONY: cloudflared
 cloudflared: tunnel-deps
-	go build -v -mod=vendor $(VERSION_FLAGS) $(IMPORT_PATH)/cmd/cloudflared
+	GOOS=$(TARGET_OS) GOARCH=$(TARGET_ARCH) go build -v -mod=vendor $(VERSION_FLAGS) $(IMPORT_PATH)/cmd/cloudflared
 
 .PHONY: container
 container:
-	docker build -t cloudflare/cloudflared:"$(VERSION)" .
+	docker build --build-arg=TARGET_ARCH=$(TARGET_ARCH) --build-arg=TARGET_OS=$(TARGET_OS) -t cloudflare/cloudflared-$(TARGET_OS)-$(TARGET_ARCH):"$(VERSION)" .
 
 .PHONY: test
 test: vet
@@ -48,7 +66,7 @@ cloudflared-deb: cloudflared
 	mkdir -p $(PACKAGE_DIR)
 	cp cloudflared $(PACKAGE_DIR)/cloudflared
 	fakeroot fpm -C $(PACKAGE_DIR) -s dir -t deb --deb-compression bzip2 \
-		-a $(GOARCH) -v $(VERSION) -n cloudflared cloudflared=/usr/local/bin/
+		-a $(TARGET_ARCH) -v $(VERSION) -n cloudflared cloudflared=/usr/local/bin/
 
 .PHONY: cloudflared-darwin-amd64.tgz
 cloudflared-darwin-amd64.tgz: cloudflared
diff --git a/cmd/cloudflared/windows_service.go b/cmd/cloudflared/windows_service.go
index 1cc34990..a78b4fdb 100644
--- a/cmd/cloudflared/windows_service.go
+++ b/cmd/cloudflared/windows_service.go
@@ -16,7 +16,6 @@ import (
 	"github.com/pkg/errors"
 	cli "gopkg.in/urfave/cli.v2"
 
-	"github.com/pkg/errors"
 	"golang.org/x/sys/windows"
 	"golang.org/x/sys/windows/svc"
 	"golang.org/x/sys/windows/svc/eventlog"

From fb82b2ced591279dc916ef834df699ca44efba1b Mon Sep 17 00:00:00 2001
From: cthuang <chungting@cloudflare.com>
Date: Fri, 29 May 2020 17:21:03 +0800
Subject: [PATCH 061/100] TUN-3019: Remove declarative tunnel entry code

---
 cmd/cloudflared/tunnel/cmd.go                 | 139 ----
 cmd/cloudflared/tunnel/configuration.go       |  10 -
 connection/connection.go                      |  57 --
 connection/manager.go                         | 302 -------
 connection/manager_test.go                    |  77 --
 go.mod                                        |   2 +-
 go.sum                                        |   4 +-
 origin/tunnel.go                              |  13 +-
 originservice/originservice.go                | 247 ------
 originservice/originservice_test.go           |  60 --
 streamhandler/request.go                      |  34 -
 streamhandler/stream_handler.go               | 189 -----
 streamhandler/stream_handler_test.go          | 261 ------
 supervisor/supervisor.go                      | 205 -----
 tunnelhostnamemapper/tunnelhostnamemapper.go  |  93 ---
 .../tunnelhostnamemapper_test.go              | 212 -----
 tunnelrpc/pogs/config.go                      | 775 ------------------
 tunnelrpc/pogs/config_test.go                 | 455 ----------
 tunnelrpc/pogs/tunnelrpc.go                   | 275 +------
 tunnelrpc/pogs/tunnelrpc_test.go              |  94 ---
 tunnelrpc/tunnelrpc.capnp                     |   3 +-
 tunnelrpc/tunnelrpc.capnp.go                  | 644 +++++++--------
 vendor/modules.txt                            |   2 +-
 vendor/zombiezen.com/go/capnproto2/AUTHORS    |   5 +
 .../zombiezen.com/go/capnproto2/CHANGELOG.md  |   5 +
 .../zombiezen.com/go/capnproto2/CONTRIBUTORS  |   6 +
 vendor/zombiezen.com/go/capnproto2/WORKSPACE  |  10 +-
 vendor/zombiezen.com/go/capnproto2/capn.go    |  11 +-
 vendor/zombiezen.com/go/capnproto2/doc.go     |  54 +-
 .../go/capnproto2/encoding/text/marshal.go    | 311 ++++---
 vendor/zombiezen.com/go/capnproto2/go.mod     |   6 -
 vendor/zombiezen.com/go/capnproto2/go.sum     |   8 +
 .../go/capnproto2/internal/packed/packed.go   |  23 +-
 vendor/zombiezen.com/go/capnproto2/mem.go     |   2 +-
 vendor/zombiezen.com/go/capnproto2/pointer.go |   2 +-
 .../go/capnproto2/schemas/schemas.go          |   2 +-
 36 files changed, 643 insertions(+), 3955 deletions(-)
 delete mode 100644 connection/connection.go
 delete mode 100644 connection/manager.go
 delete mode 100644 connection/manager_test.go
 delete mode 100644 originservice/originservice.go
 delete mode 100644 originservice/originservice_test.go
 delete mode 100644 streamhandler/request.go
 delete mode 100644 streamhandler/stream_handler.go
 delete mode 100644 streamhandler/stream_handler_test.go
 delete mode 100644 supervisor/supervisor.go
 delete mode 100644 tunnelhostnamemapper/tunnelhostnamemapper.go
 delete mode 100644 tunnelhostnamemapper/tunnelhostnamemapper_test.go
 delete mode 100644 tunnelrpc/pogs/config.go
 delete mode 100644 tunnelrpc/pogs/config_test.go
 delete mode 100644 vendor/zombiezen.com/go/capnproto2/go.mod
 create mode 100644 vendor/zombiezen.com/go/capnproto2/go.sum

diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index 898b034c..75b39209 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -21,7 +21,6 @@ import (
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/updater"
-	"github.com/cloudflare/cloudflared/connection"
 	"github.com/cloudflare/cloudflared/dbconnect"
 	"github.com/cloudflare/cloudflared/h2mux"
 	"github.com/cloudflare/cloudflared/hello"
@@ -32,10 +31,8 @@ import (
 	"github.com/cloudflare/cloudflared/socks"
 	"github.com/cloudflare/cloudflared/sshlog"
 	"github.com/cloudflare/cloudflared/sshserver"
-	"github.com/cloudflare/cloudflared/supervisor"
 	"github.com/cloudflare/cloudflared/tlsconfig"
 	"github.com/cloudflare/cloudflared/tunneldns"
-	"github.com/cloudflare/cloudflared/tunnelrpc/pogs"
 	"github.com/cloudflare/cloudflared/websocket"
 
 	"github.com/coreos/go-systemd/daemon"
@@ -93,8 +90,6 @@ const (
 	// bastionFlag is to enable bastion, or jump host, operation
 	bastionFlag = "bastion"
 
-	noIntentMsg = "The --intent argument is required. Cloudflared looks up an Intent to determine what configuration to use (i.e. which tunnels to start). If you don't have any Intents yet, you can use a placeholder Intent Label for now. Then, when you make an Intent with that label, cloudflared will get notified and open the tunnels you specified in that Intent."
-
 	debugLevelWarning = "At debug level, request URL, method, protocol, content legnth and header will be logged. " +
 		"Response status, content length and header will also be logged in debug level."
 )
@@ -322,10 +317,6 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 		cancel()
 	}()
 
-	if c.IsSet("use-declarative-tunnels") {
-		return startDeclarativeTunnel(ctx, c, cloudflaredID, buildInfo, &listeners, logger)
-	}
-
 	// update needs to be after DNS proxy is up to resolve equinox server address
 	if updater.IsAutoupdateEnabled(c, logger) {
 		logger.Infof("Autoupdate frequency is set to %v", c.Duration("autoupdate-freq"))
@@ -500,124 +491,6 @@ func isProxyDestinationConfigured(staticHost string, c *cli.Context) bool {
 	return staticHost != "" || c.IsSet(bastionFlag)
 }
 
-func startDeclarativeTunnel(ctx context.Context,
-	c *cli.Context,
-	cloudflaredID uuid.UUID,
-	buildInfo *buildinfo.BuildInfo,
-	listeners *gracenet.Net,
-	logger logger.Service,
-) error {
-	reverseProxyOrigin, err := defaultOriginConfig(c)
-	if err != nil {
-		logger.Errorf("%s", err)
-		return err
-	}
-	reverseProxyConfig, err := pogs.NewReverseProxyConfig(
-		c.String("hostname"),
-		reverseProxyOrigin,
-		c.Uint64("retries"),
-		c.Duration("proxy-connection-timeout"),
-		c.Uint64("compression-quality"),
-	)
-	if err != nil {
-		logger.Errorf("Cannot initialize default client config because reverse proxy config is invalid: %s", err)
-		return err
-	}
-	defaultClientConfig := &pogs.ClientConfig{
-		Version: pogs.InitVersion(),
-		SupervisorConfig: &pogs.SupervisorConfig{
-			AutoUpdateFrequency:    c.Duration("autoupdate-freq"),
-			MetricsUpdateFrequency: c.Duration("metrics-update-freq"),
-			GracePeriod:            c.Duration("grace-period"),
-		},
-		EdgeConnectionConfig: &pogs.EdgeConnectionConfig{
-			NumHAConnections:    uint8(c.Int("ha-connections")),
-			HeartbeatInterval:   c.Duration("heartbeat-interval"),
-			Timeout:             c.Duration("dial-edge-timeout"),
-			MaxFailedHeartbeats: c.Uint64("heartbeat-count"),
-		},
-		DoHProxyConfigs:     []*pogs.DoHProxyConfig{},
-		ReverseProxyConfigs: []*pogs.ReverseProxyConfig{reverseProxyConfig},
-	}
-
-	autoupdater := updater.NewAutoUpdater(defaultClientConfig.SupervisorConfig.AutoUpdateFrequency, listeners, logger)
-
-	originCert, err := getOriginCert(c, logger)
-	if err != nil {
-		logger.Errorf("error getting origin cert: %s", err)
-		return err
-	}
-	toEdgeTLSConfig, err := tlsconfig.CreateTunnelConfig(c)
-	if err != nil {
-		logger.Errorf("unable to create TLS config to connect with edge: %s", err)
-		return err
-	}
-
-	tags, err := NewTagSliceFromCLI(c.StringSlice("tag"))
-	if err != nil {
-		logger.Errorf("unable to parse tag: %s", err)
-		return err
-	}
-
-	intentLabel := c.String("intent")
-	if intentLabel == "" {
-		logger.Error("--intent was empty")
-		return fmt.Errorf(noIntentMsg)
-	}
-
-	cloudflaredConfig := &connection.CloudflaredConfig{
-		BuildInfo:     buildInfo,
-		CloudflaredID: cloudflaredID,
-		IntentLabel:   intentLabel,
-		Tags:          tags,
-	}
-
-	serviceDiscoverer, err := serviceDiscoverer(c, logger)
-	if err != nil {
-		logger.Errorf("unable to create service discoverer: %s", err)
-		return err
-	}
-	supervisor, err := supervisor.NewSupervisor(defaultClientConfig, originCert, toEdgeTLSConfig,
-		serviceDiscoverer, cloudflaredConfig, autoupdater, updater.SupportAutoUpdate(logger), logger)
-	if err != nil {
-		logger.Errorf("unable to create Supervisor: %s", err)
-		return err
-	}
-	return supervisor.Run(ctx)
-}
-
-func defaultOriginConfig(c *cli.Context) (pogs.OriginConfig, error) {
-	if c.IsSet("hello-world") {
-		return &pogs.HelloWorldOriginConfig{}, nil
-	}
-	originConfig := &pogs.HTTPOriginConfig{
-		TCPKeepAlive:           c.Duration("proxy-tcp-keepalive"),
-		DialDualStack:          !c.Bool("proxy-no-happy-eyeballs"),
-		TLSHandshakeTimeout:    c.Duration("proxy-tls-timeout"),
-		TLSVerify:              !c.Bool("no-tls-verify"),
-		OriginCAPool:           c.String("origin-ca-pool"),
-		OriginServerName:       c.String("origin-server-name"),
-		MaxIdleConnections:     c.Uint64("proxy-keepalive-connections"),
-		IdleConnectionTimeout:  c.Duration("proxy-keepalive-timeout"),
-		ProxyConnectionTimeout: c.Duration("proxy-connection-timeout"),
-		ExpectContinueTimeout:  c.Duration("proxy-expect-continue-timeout"),
-		ChunkedEncoding:        c.Bool("no-chunked-encoding"),
-	}
-	if c.IsSet("unix-socket") {
-		unixSocket, err := config.ValidateUnixSocket(c)
-		if err != nil {
-			return nil, errors.Wrap(err, "error validating --unix-socket")
-		}
-		originConfig.URLString = unixSocket
-	}
-	originAddr, err := config.ValidateUrl(c)
-	if err != nil {
-		return nil, errors.Wrap(err, "error validating origin URL")
-	}
-	originConfig.URLString = originAddr
-	return originConfig, nil
-}
-
 func waitToShutdown(wg *sync.WaitGroup,
 	errC chan error,
 	shutdownC, graceShutdownC chan struct{},
@@ -1064,18 +937,6 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 			EnvVars: []string{"TUNNEL_TRACE_OUTPUT"},
 			Hidden:  shouldHide,
 		}),
-		altsrc.NewBoolFlag(&cli.BoolFlag{
-			Name:    "use-declarative-tunnels",
-			Usage:   "Test establishing connections with declarative tunnel methods.",
-			EnvVars: []string{"TUNNEL_USE_DECLARATIVE"},
-			Hidden:  true,
-		}),
-		altsrc.NewStringFlag(&cli.StringFlag{
-			Name:    "intent",
-			Usage:   "The label of an Intent from which `cloudflared` should gets its tunnels from. Intents can be created in the Origin Registry UI.",
-			EnvVars: []string{"TUNNEL_INTENT"},
-			Hidden:  true,
-		}),
 		altsrc.NewBoolFlag(&cli.BoolFlag{
 			Name:    "use-reconnect-token",
 			Usage:   "Test reestablishing connections with the new 'reconnect token' flow.",
diff --git a/cmd/cloudflared/tunnel/configuration.go b/cmd/cloudflared/tunnel/configuration.go
index a085f1b5..274eafa0 100644
--- a/cmd/cloudflared/tunnel/configuration.go
+++ b/cmd/cloudflared/tunnel/configuration.go
@@ -14,7 +14,6 @@ import (
 
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/buildinfo"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
-	"github.com/cloudflare/cloudflared/edgediscovery"
 	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/origin"
 	"github.com/cloudflare/cloudflared/tlsconfig"
@@ -290,15 +289,6 @@ func prepareTunnelConfig(
 	}, nil
 }
 
-func serviceDiscoverer(c *cli.Context, logger logger.Service) (*edgediscovery.Edge, error) {
-	// If --edge is specfied, resolve edge server addresses
-	if len(c.StringSlice("edge")) > 0 {
-		return edgediscovery.StaticEdge(logger, c.StringSlice("edge"))
-	}
-	// Otherwise lookup edge server addresses through service discovery
-	return edgediscovery.ResolveEdge(logger)
-}
-
 func isRunningFromTerminal() bool {
 	return terminal.IsTerminal(int(os.Stdout.Fd()))
 }
diff --git a/connection/connection.go b/connection/connection.go
deleted file mode 100644
index a49bf966..00000000
--- a/connection/connection.go
+++ /dev/null
@@ -1,57 +0,0 @@
-package connection
-
-import (
-	"context"
-	"net"
-	"time"
-
-	"github.com/google/uuid"
-	"github.com/pkg/errors"
-
-	"github.com/cloudflare/cloudflared/h2mux"
-	"github.com/cloudflare/cloudflared/logger"
-	tunnelpogs "github.com/cloudflare/cloudflared/tunnelrpc/pogs"
-)
-
-const (
-	openStreamTimeout = 30 * time.Second
-)
-
-type Connection struct {
-	id          uuid.UUID
-	muxer       *h2mux.Muxer
-	addr        *net.TCPAddr
-	isLongLived bool
-	longLivedID int
-}
-
-func newConnection(muxer *h2mux.Muxer, addr *net.TCPAddr) (*Connection, error) {
-	id, err := uuid.NewRandom()
-	if err != nil {
-		return nil, err
-	}
-	return &Connection{
-		id:    id,
-		muxer: muxer,
-		addr:  addr,
-	}, nil
-}
-
-func (c *Connection) Serve(ctx context.Context) error {
-	// Serve doesn't return until h2mux is shutdown
-	return c.muxer.Serve(ctx)
-}
-
-// Connect is used to establish connections with cloudflare's edge network
-func (c *Connection) Connect(ctx context.Context, parameters *tunnelpogs.ConnectParameters, logger logger.Service) (tunnelpogs.ConnectResult, error) {
-	tsClient, err := NewRPCClient(ctx, c.muxer, logger, openStreamTimeout)
-	if err != nil {
-		return nil, errors.Wrap(err, "cannot create new RPC connection")
-	}
-	defer tsClient.Close()
-	return tsClient.Connect(ctx, parameters)
-}
-
-func (c *Connection) Shutdown() {
-	c.muxer.Shutdown()
-}
diff --git a/connection/manager.go b/connection/manager.go
deleted file mode 100644
index 00f85ba7..00000000
--- a/connection/manager.go
+++ /dev/null
@@ -1,302 +0,0 @@
-package connection
-
-import (
-	"context"
-	"crypto/tls"
-	"fmt"
-	"sync"
-	"time"
-
-	"github.com/google/uuid"
-	"github.com/pkg/errors"
-	"github.com/prometheus/client_golang/prometheus"
-
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/buildinfo"
-	"github.com/cloudflare/cloudflared/edgediscovery"
-	"github.com/cloudflare/cloudflared/h2mux"
-	"github.com/cloudflare/cloudflared/logger"
-	"github.com/cloudflare/cloudflared/streamhandler"
-	tunnelpogs "github.com/cloudflare/cloudflared/tunnelrpc/pogs"
-)
-
-const (
-	quickStartLink       = "https://developers.cloudflare.com/argo-tunnel/quickstart/"
-	faqLink              = "https://developers.cloudflare.com/argo-tunnel/faq/"
-	defaultRetryAfter    = time.Second * 5
-	packageNamespace     = "connection"
-	edgeManagerSubsystem = "edgemanager"
-)
-
-// EdgeManager manages connections with the edge
-type EdgeManager struct {
-	// streamHandler handles stream opened by the edge
-	streamHandler *streamhandler.StreamHandler
-	// TLSConfig is the TLS configuration to connect with edge
-	tlsConfig *tls.Config
-	// cloudflaredConfig is the cloudflared configuration that is determined when the process first starts
-	cloudflaredConfig *CloudflaredConfig
-	// serviceDiscoverer returns the next edge addr to connect to
-	serviceDiscoverer *edgediscovery.Edge
-	// state is attributes of ConnectionManager that can change during runtime.
-	state *edgeManagerState
-
-	logger logger.Service
-
-	metrics *metrics
-}
-
-type metrics struct {
-	// activeStreams is a gauge shared by all muxers of this process to expose the total number of active streams
-	activeStreams prometheus.Gauge
-}
-
-func newMetrics(namespace, subsystem string) *metrics {
-	return &metrics{
-		activeStreams: h2mux.NewActiveStreamsMetrics(namespace, subsystem),
-	}
-}
-
-// EdgeManagerConfigurable is the configurable attributes of a EdgeConnectionManager
-type EdgeManagerConfigurable struct {
-	TunnelHostnames []h2mux.TunnelHostname
-	*tunnelpogs.EdgeConnectionConfig
-}
-
-type CloudflaredConfig struct {
-	CloudflaredID uuid.UUID
-	Tags          []tunnelpogs.Tag
-	BuildInfo     *buildinfo.BuildInfo
-	IntentLabel   string
-}
-
-func NewEdgeManager(
-	streamHandler *streamhandler.StreamHandler,
-	edgeConnMgrConfigurable *EdgeManagerConfigurable,
-	userCredential []byte,
-	tlsConfig *tls.Config,
-	serviceDiscoverer *edgediscovery.Edge,
-	cloudflaredConfig *CloudflaredConfig,
-	logger logger.Service,
-) *EdgeManager {
-	return &EdgeManager{
-		streamHandler:     streamHandler,
-		tlsConfig:         tlsConfig,
-		cloudflaredConfig: cloudflaredConfig,
-		serviceDiscoverer: serviceDiscoverer,
-		state:             newEdgeConnectionManagerState(edgeConnMgrConfigurable, userCredential),
-		logger:            logger,
-		metrics:           newMetrics(packageNamespace, edgeManagerSubsystem),
-	}
-}
-
-func (em *EdgeManager) Run(ctx context.Context) error {
-	defer em.shutdown()
-
-	// Currently, declarative tunnels don't have any concept of a stable connection
-	// Each edge connection is transient and when it dies, it is replaced by a different one,
-	// not restarted.
-	// So in the future we should really change this so that n connections are stored individually
-	connIndex := 0
-	for {
-		select {
-		case <-ctx.Done():
-			return errors.Wrap(ctx.Err(), "EdgeConnectionManager terminated")
-		default:
-			time.Sleep(1 * time.Second)
-		}
-		// Create/delete connection one at a time, so we don't need to adjust for connections that are being created/deleted
-		// in shouldCreateConnection or shouldReduceConnection calculation
-		if em.state.shouldCreateConnection(em.serviceDiscoverer.AvailableAddrs()) {
-			if connErr := em.newConnection(ctx, connIndex); connErr != nil {
-				if !connErr.ShouldRetry {
-					em.logger.Errorf("connectionManager: %s with error: %s", em.noRetryMessage(), connErr)
-					return connErr
-				}
-				em.logger.Errorf("connectionManager: cannot create new connection: %s", connErr)
-			} else {
-				connIndex++
-			}
-		} else if em.state.shouldReduceConnection() {
-			if err := em.closeConnection(ctx); err != nil {
-				em.logger.Errorf("connectionManager: cannot close connection: %s", err)
-			}
-		}
-	}
-}
-
-func (em *EdgeManager) UpdateConfigurable(newConfigurable *EdgeManagerConfigurable) {
-	em.logger.Infof("New edge connection manager configuration %+v", newConfigurable)
-	em.state.updateConfigurable(newConfigurable)
-}
-
-func (em *EdgeManager) newConnection(ctx context.Context, index int) *tunnelpogs.ConnectError {
-	edgeTCPAddr, err := em.serviceDiscoverer.GetAddr(index)
-	if err != nil {
-		return retryConnection(fmt.Sprintf("edge address discovery error: %v", err))
-	}
-	configurable := em.state.getConfigurable()
-	edgeConn, err := DialEdge(ctx, configurable.Timeout, em.tlsConfig, edgeTCPAddr)
-	if err != nil {
-		return retryConnection(fmt.Sprintf("dial edge error: %v", err))
-	}
-	// Establish a muxed connection with the edge
-	// Client mux handshake with agent server
-	muxer, err := h2mux.Handshake(edgeConn, edgeConn, h2mux.MuxerConfig{
-		Timeout:           configurable.Timeout,
-		Handler:           em.streamHandler,
-		IsClient:          true,
-		HeartbeatInterval: configurable.HeartbeatInterval,
-		MaxHeartbeats:     configurable.MaxFailedHeartbeats,
-		Logger:            em.logger,
-	}, em.metrics.activeStreams)
-	if err != nil {
-		retryConnection(fmt.Sprintf("couldn't perform handshake with edge: %v", err))
-	}
-
-	h2muxConn, err := newConnection(muxer, edgeTCPAddr)
-	if err != nil {
-		return retryConnection(fmt.Sprintf("couldn't create h2mux connection: %v", err))
-	}
-
-	go em.serveConn(ctx, h2muxConn)
-
-	connResult, err := h2muxConn.Connect(ctx, &tunnelpogs.ConnectParameters{
-		CloudflaredID:       em.cloudflaredConfig.CloudflaredID,
-		CloudflaredVersion:  em.cloudflaredConfig.BuildInfo.CloudflaredVersion,
-		NumPreviousAttempts: 0,
-		OriginCert:          em.state.getUserCredential(),
-		IntentLabel:         em.cloudflaredConfig.IntentLabel,
-		Tags:                em.cloudflaredConfig.Tags,
-	}, em.logger)
-	if err != nil {
-		h2muxConn.Shutdown()
-		return retryConnection(fmt.Sprintf("couldn't connect to edge: %v", err))
-	}
-
-	if connErr := connResult.ConnectError(); connErr != nil {
-		return connErr
-	}
-
-	em.state.newConnection(h2muxConn)
-	em.logger.Infof("connectionManager: connected to %s", connResult.ConnectedTo())
-
-	if connResult.ClientConfig() != nil {
-		em.streamHandler.UseConfiguration(ctx, connResult.ClientConfig())
-	}
-	return nil
-}
-
-func (em *EdgeManager) closeConnection(ctx context.Context) error {
-	conn := em.state.getFirstConnection()
-	if conn == nil {
-		return fmt.Errorf("no connection to close")
-	}
-	conn.Shutdown()
-	// teardown will be handled by EdgeManager.serveConn in another goroutine
-	return nil
-}
-
-func (em *EdgeManager) serveConn(ctx context.Context, conn *Connection) {
-	err := conn.Serve(ctx)
-	em.logger.Errorf("connectionManager: Connection closed: %s", err)
-	em.state.closeConnection(conn)
-	em.serviceDiscoverer.GiveBack(conn.addr)
-}
-
-func (em *EdgeManager) noRetryMessage() string {
-	messageTemplate := "cloudflared could not register an Argo Tunnel on your account. Please confirm the following before trying again:" +
-		"1. You have Argo Smart Routing enabled in your account, See Enable Argo section of %s." +
-		"2. Your credential at %s is still valid. See %s."
-	return fmt.Sprintf(messageTemplate, quickStartLink, em.state.getConfigurable().UserCredentialPath, faqLink)
-}
-
-func (em *EdgeManager) shutdown() {
-	em.state.shutdown()
-}
-
-type edgeManagerState struct {
-	sync.RWMutex
-	configurable   *EdgeManagerConfigurable
-	userCredential []byte
-	conns          map[uuid.UUID]*Connection
-}
-
-func newEdgeConnectionManagerState(configurable *EdgeManagerConfigurable, userCredential []byte) *edgeManagerState {
-	return &edgeManagerState{
-		configurable:   configurable,
-		userCredential: userCredential,
-		conns:          make(map[uuid.UUID]*Connection),
-	}
-}
-
-func (ems *edgeManagerState) shouldCreateConnection(availableEdgeAddrs int) bool {
-	ems.RLock()
-	defer ems.RUnlock()
-	expectedHAConns := int(ems.configurable.NumHAConnections)
-	if availableEdgeAddrs < expectedHAConns {
-		expectedHAConns = availableEdgeAddrs
-	}
-	return len(ems.conns) < expectedHAConns
-}
-
-func (ems *edgeManagerState) shouldReduceConnection() bool {
-	ems.RLock()
-	defer ems.RUnlock()
-	return uint8(len(ems.conns)) > ems.configurable.NumHAConnections
-}
-
-func (ems *edgeManagerState) newConnection(conn *Connection) {
-	ems.Lock()
-	defer ems.Unlock()
-	ems.conns[conn.id] = conn
-}
-
-func (ems *edgeManagerState) closeConnection(conn *Connection) {
-	ems.Lock()
-	defer ems.Unlock()
-	delete(ems.conns, conn.id)
-}
-
-func (ems *edgeManagerState) getFirstConnection() *Connection {
-	ems.RLock()
-	defer ems.RUnlock()
-
-	for _, conn := range ems.conns {
-		return conn
-	}
-	return nil
-}
-
-func (ems *edgeManagerState) shutdown() {
-	ems.Lock()
-	defer ems.Unlock()
-	for _, conn := range ems.conns {
-		conn.Shutdown()
-	}
-}
-
-func (ems *edgeManagerState) getConfigurable() *EdgeManagerConfigurable {
-	ems.Lock()
-	defer ems.Unlock()
-	return ems.configurable
-}
-
-func (ems *edgeManagerState) updateConfigurable(newConfigurable *EdgeManagerConfigurable) {
-	ems.Lock()
-	defer ems.Unlock()
-	ems.configurable = newConfigurable
-}
-
-func (ems *edgeManagerState) getUserCredential() []byte {
-	ems.RLock()
-	defer ems.RUnlock()
-	return ems.userCredential
-}
-
-func retryConnection(cause string) *tunnelpogs.ConnectError {
-	return &tunnelpogs.ConnectError{
-		Cause:       cause,
-		RetryAfter:  defaultRetryAfter,
-		ShouldRetry: true,
-	}
-}
diff --git a/connection/manager_test.go b/connection/manager_test.go
deleted file mode 100644
index 791c5add..00000000
--- a/connection/manager_test.go
+++ /dev/null
@@ -1,77 +0,0 @@
-package connection
-
-import (
-	"net"
-	"testing"
-	"time"
-
-	"github.com/google/uuid"
-	"github.com/stretchr/testify/assert"
-
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/buildinfo"
-	"github.com/cloudflare/cloudflared/edgediscovery"
-	"github.com/cloudflare/cloudflared/h2mux"
-	"github.com/cloudflare/cloudflared/logger"
-	"github.com/cloudflare/cloudflared/streamhandler"
-	"github.com/cloudflare/cloudflared/tunnelrpc/pogs"
-)
-
-var (
-	configurable = &EdgeManagerConfigurable{
-		[]h2mux.TunnelHostname{
-			"http.example.com",
-			"ws.example.com",
-			"hello.example.com",
-		},
-		&pogs.EdgeConnectionConfig{
-			NumHAConnections:    1,
-			HeartbeatInterval:   1 * time.Second,
-			Timeout:             5 * time.Second,
-			MaxFailedHeartbeats: 3,
-			UserCredentialPath:  "/etc/cloudflared/cert.pem",
-		},
-	}
-	cloudflaredConfig = &CloudflaredConfig{
-		CloudflaredID: uuid.New(),
-		Tags: []pogs.Tag{
-			{Name: "pool", Value: "east-6"},
-		},
-		BuildInfo: &buildinfo.BuildInfo{
-			GoOS:               "linux",
-			GoVersion:          "1.12",
-			GoArch:             "amd64",
-			CloudflaredVersion: "2019.6.0",
-		},
-	}
-)
-
-func mockEdgeManager() *EdgeManager {
-	newConfigChan := make(chan<- *pogs.ClientConfig)
-	useConfigResultChan := make(<-chan *pogs.UseConfigurationResult)
-	logger := logger.NewOutputWriter(logger.NewMockWriteManager())
-	edge := edgediscovery.MockEdge(logger, []*net.TCPAddr{})
-	return NewEdgeManager(
-		streamhandler.NewStreamHandler(newConfigChan, useConfigResultChan, logger),
-		configurable,
-		[]byte{},
-		nil,
-		edge,
-		cloudflaredConfig,
-		logger,
-	)
-}
-
-func TestUpdateConfigurable(t *testing.T) {
-	m := mockEdgeManager()
-	newConfigurable := &EdgeManagerConfigurable{
-		[]h2mux.TunnelHostname{
-			"second.example.com",
-		},
-		&pogs.EdgeConnectionConfig{
-			NumHAConnections: 2,
-		},
-	}
-	m.UpdateConfigurable(newConfigurable)
-
-	assert.Equal(t, newConfigurable, m.state.getConfigurable())
-}
diff --git a/go.mod b/go.mod
index 85aee5c3..c849d998 100644
--- a/go.mod
+++ b/go.mod
@@ -70,7 +70,7 @@ require (
 	gopkg.in/square/go-jose.v2 v2.4.0 // indirect
 	gopkg.in/urfave/cli.v2 v2.0.0-20180128181224-d604b6ffeee8
 	gopkg.in/yaml.v2 v2.2.4
-	zombiezen.com/go/capnproto2 v0.0.0-20180616160808-7cfd211c19c7
+	zombiezen.com/go/capnproto2 v2.18.0+incompatible
 )
 
 // ../../go/pkg/mod/github.com/coredns/coredns@v1.2.0/plugin/metrics/metrics.go:40:49: too many arguments in call to prometheus.NewProcessCollector
diff --git a/go.sum b/go.sum
index 774e3261..4a33c5ab 100644
--- a/go.sum
+++ b/go.sum
@@ -9,9 +9,9 @@ github.com/DATA-DOG/go-sqlmock v1.3.3 h1:CWUqKXe0s8A2z6qCgkP4Kru7wC11YoAnoupUKFD
 github.com/DATA-DOG/go-sqlmock v1.3.3/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
 github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0=
 github.com/GeertJohan/go.rice v1.0.0/go.mod h1:eH6gbSOAUv07dQuZVnBmoDP8mgsM1rtixis4Tib9if0=
-github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c=
 github.com/acmacalister/skittles v0.0.0-20160609003031-7423546701e1 h1:RKnVV4C7qoN/sToLX2y1dqH7T6kKLMHcwRJlgwb9Ggk=
 github.com/acmacalister/skittles v0.0.0-20160609003031-7423546701e1/go.mod h1:gI5CyA/CEnS6eqNV22rqs4dG3aGfaSbXgPORIlwr2r0=
+github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4 h1:Hs82Z41s6SdL1CELW+XaDYmOH4hkBN4/N9og/AsOv7E=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
@@ -285,3 +285,5 @@ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 zombiezen.com/go/capnproto2 v0.0.0-20180616160808-7cfd211c19c7 h1:CZoOFlTPbKfAShKYrMuUfYbnXexFT1rYRUX1SPnrdE4=
 zombiezen.com/go/capnproto2 v0.0.0-20180616160808-7cfd211c19c7/go.mod h1:TMGa8HWGJkXiq4nHe9Zu/JgRF5oUtg4XizFC+Vexbec=
+zombiezen.com/go/capnproto2 v2.18.0+incompatible h1:mwfXZniffG5mXokQGHUJWGnqIBggoPfT/CEwon9Yess=
+zombiezen.com/go/capnproto2 v2.18.0+incompatible/go.mod h1:XO5Pr2SbXgqZwn0m0Ru54QBqpOf4K5AYBO+8LAOBQEQ=
diff --git a/origin/tunnel.go b/origin/tunnel.go
index a68dedc0..dc5bbb78 100644
--- a/origin/tunnel.go
+++ b/origin/tunnel.go
@@ -25,7 +25,6 @@ import (
 	"github.com/cloudflare/cloudflared/h2mux"
 	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/signal"
-	"github.com/cloudflare/cloudflared/streamhandler"
 	"github.com/cloudflare/cloudflared/tunnelrpc"
 	tunnelpogs "github.com/cloudflare/cloudflared/tunnelrpc/pogs"
 	"github.com/cloudflare/cloudflared/validation"
@@ -618,8 +617,8 @@ func (h *TunnelHandler) ServeStream(stream *h2mux.MuxedStream) error {
 		return reqErr
 	}
 
-	cfRay := streamhandler.FindCfRayHeader(req)
-	lbProbe := streamhandler.IsLBProbeRequest(req)
+	cfRay := findCfRayHeader(req)
+	lbProbe := isLBProbeRequest(req)
 	h.logRequest(req, cfRay, lbProbe)
 
 	var resp *http.Response
@@ -833,3 +832,11 @@ func activeIncidentsMsg(incidents []Incident) string {
 	return preamble + " " + strings.Join(incidentStrings, "; ")
 
 }
+
+func findCfRayHeader(h1 *http.Request) string {
+	return h1.Header.Get("Cf-Ray")
+}
+
+func isLBProbeRequest(req *http.Request) bool {
+	return strings.HasPrefix(req.UserAgent(), lbProbeUserAgentPrefix)
+}
diff --git a/originservice/originservice.go b/originservice/originservice.go
deleted file mode 100644
index 97fa69ef..00000000
--- a/originservice/originservice.go
+++ /dev/null
@@ -1,247 +0,0 @@
-// Package client defines and implements interface to proxy to HTTP, websocket and hello world origins
-package originservice
-
-import (
-	"bufio"
-	"crypto/tls"
-	"fmt"
-	"io"
-	"net"
-	"net/http"
-	"net/url"
-	"strconv"
-	"strings"
-
-	"github.com/cloudflare/cloudflared/buffer"
-	"github.com/cloudflare/cloudflared/h2mux"
-	"github.com/cloudflare/cloudflared/hello"
-	"github.com/cloudflare/cloudflared/logger"
-	"github.com/cloudflare/cloudflared/websocket"
-	"github.com/pkg/errors"
-)
-
-// OriginService is an interface to proxy requests to different type of origins
-type OriginService interface {
-	Proxy(stream *h2mux.MuxedStream, req *http.Request) (resp *http.Response, err error)
-	URL() *url.URL
-	Summary() string
-	Shutdown()
-}
-
-// HTTPService talks to origin using HTTP/HTTPS
-type HTTPService struct {
-	client          http.RoundTripper
-	originURL       *url.URL
-	chunkedEncoding bool
-	bufferPool      *buffer.Pool
-}
-
-func NewHTTPService(transport http.RoundTripper, url *url.URL, chunkedEncoding bool) OriginService {
-	return &HTTPService{
-		client:          transport,
-		originURL:       url,
-		chunkedEncoding: chunkedEncoding,
-		bufferPool:      buffer.NewPool(512 * 1024),
-	}
-}
-
-func (hc *HTTPService) Proxy(stream *h2mux.MuxedStream, req *http.Request) (*http.Response, error) {
-	const responseSourceOrigin = "origin"
-
-	// Support for WSGI Servers by switching transfer encoding from chunked to gzip/deflate
-	if !hc.chunkedEncoding {
-		req.TransferEncoding = []string{"gzip", "deflate"}
-		cLength, err := strconv.Atoi(req.Header.Get("Content-Length"))
-		if err == nil {
-			req.ContentLength = int64(cLength)
-		}
-	}
-
-	// Request origin to keep connection alive to improve performance
-	req.Header.Set("Connection", "keep-alive")
-
-	resp, err := hc.client.RoundTrip(req)
-	if err != nil {
-		return nil, errors.Wrap(err, "error proxying request to HTTP origin")
-	}
-	defer resp.Body.Close()
-
-	responseHeaders := h1ResponseToH2Response(resp)
-	responseHeaders = append(responseHeaders, h2mux.CreateResponseMetaHeader(h2mux.ResponseMetaHeaderField, responseSourceOrigin))
-	err = stream.WriteHeaders(responseHeaders)
-	if err != nil {
-		return nil, errors.Wrap(err, "error writing response header to HTTP origin")
-	}
-	if isEventStream(resp) {
-		writeEventStream(stream, resp.Body)
-	} else {
-		// Use CopyBuffer, because Copy only allocates a 32KiB buffer, and cross-stream
-		// compression generates dictionary on first write
-		buf := hc.bufferPool.Get()
-		defer hc.bufferPool.Put(buf)
-		io.CopyBuffer(stream, resp.Body, buf)
-	}
-	return resp, nil
-}
-
-func (hc *HTTPService) URL() *url.URL {
-	return hc.originURL
-}
-
-func (hc *HTTPService) Summary() string {
-	return fmt.Sprintf("HTTP service listening on %s", hc.originURL)
-}
-
-func (hc *HTTPService) Shutdown() {}
-
-// WebsocketService talks to origin using WS/WSS
-type WebsocketService struct {
-	tlsConfig *tls.Config
-	originURL *url.URL
-	shutdownC chan struct{}
-}
-
-func NewWebSocketService(tlsConfig *tls.Config, url *url.URL, logger logger.Service) (OriginService, error) {
-	listener, err := net.Listen("tcp", "127.0.0.1:")
-	if err != nil {
-		return nil, errors.Wrap(err, "cannot start Websocket Proxy Server")
-	}
-	shutdownC := make(chan struct{})
-	go func() {
-		websocket.StartProxyServer(logger, listener, url.String(), shutdownC, websocket.DefaultStreamHandler)
-	}()
-	return &WebsocketService{
-		tlsConfig: tlsConfig,
-		originURL: url,
-		shutdownC: shutdownC,
-	}, nil
-}
-
-func (wsc *WebsocketService) Proxy(stream *h2mux.MuxedStream, req *http.Request) (*http.Response, error) {
-	if !websocket.IsWebSocketUpgrade(req) {
-		return nil, fmt.Errorf("request is not a websocket connection")
-	}
-	conn, response, err := websocket.ClientConnect(req, wsc.tlsConfig)
-	if err != nil {
-		return nil, err
-	}
-	defer conn.Close()
-	err = stream.WriteHeaders(h1ResponseToH2Response(response))
-	if err != nil {
-		return nil, errors.Wrap(err, "error writing response header to websocket origin")
-	}
-	// Copy to/from stream to the undelying connection. Use the underlying
-	// connection because cloudflared doesn't operate on the message themselves
-	websocket.Stream(conn.UnderlyingConn(), stream)
-	return response, nil
-}
-
-func (wsc *WebsocketService) URL() *url.URL {
-	return wsc.originURL
-}
-
-func (wsc *WebsocketService) Summary() string {
-	return fmt.Sprintf("Websocket listening on %s", wsc.originURL)
-}
-
-func (wsc *WebsocketService) Shutdown() {
-	close(wsc.shutdownC)
-}
-
-// HelloWorldService talks to the hello world example origin
-type HelloWorldService struct {
-	client     http.RoundTripper
-	listener   net.Listener
-	originURL  *url.URL
-	shutdownC  chan struct{}
-	bufferPool *buffer.Pool
-}
-
-func NewHelloWorldService(transport http.RoundTripper, logger logger.Service) (OriginService, error) {
-	listener, err := hello.CreateTLSListener("127.0.0.1:")
-	if err != nil {
-		return nil, errors.Wrap(err, "cannot start Hello World Server")
-	}
-	shutdownC := make(chan struct{})
-	go func() {
-		hello.StartHelloWorldServer(logger, listener, shutdownC)
-	}()
-	return &HelloWorldService{
-		client:   transport,
-		listener: listener,
-		originURL: &url.URL{
-			Scheme: "https",
-			Host:   listener.Addr().String(),
-		},
-		shutdownC:  shutdownC,
-		bufferPool: buffer.NewPool(512 * 1024),
-	}, nil
-}
-
-func (hwc *HelloWorldService) Proxy(stream *h2mux.MuxedStream, req *http.Request) (*http.Response, error) {
-	// Request origin to keep connection alive to improve performance
-	req.Header.Set("Connection", "keep-alive")
-	resp, err := hwc.client.RoundTrip(req)
-	if err != nil {
-		return nil, errors.Wrap(err, "error proxying request to Hello World origin")
-	}
-	defer resp.Body.Close()
-
-	err = stream.WriteHeaders(h1ResponseToH2Response(resp))
-	if err != nil {
-		return nil, errors.Wrap(err, "error writing response header to Hello World origin")
-	}
-
-	// Use CopyBuffer, because Copy only allocates a 32KiB buffer, and cross-stream
-	// compression generates dictionary on first write
-	buf := hwc.bufferPool.Get()
-	defer hwc.bufferPool.Put(buf)
-	io.CopyBuffer(stream, resp.Body, buf)
-
-	return resp, nil
-}
-
-func (hwc *HelloWorldService) URL() *url.URL {
-	return hwc.originURL
-}
-
-func (hwc *HelloWorldService) Summary() string {
-	return fmt.Sprintf("Hello World service listening on %s", hwc.originURL)
-}
-
-func (hwc *HelloWorldService) Shutdown() {
-	hwc.listener.Close()
-}
-
-func isEventStream(resp *http.Response) bool {
-	// Check if content-type is text/event-stream. We need to check if the header value starts with text/event-stream
-	// because text/event-stream; charset=UTF-8 is also valid
-	// Ref: https://tools.ietf.org/html/rfc7231#section-3.1.1.1
-	for _, contentType := range resp.Header["content-type"] {
-		if strings.HasPrefix(strings.ToLower(contentType), "text/event-stream") {
-			return true
-		}
-	}
-	return false
-}
-
-func writeEventStream(stream *h2mux.MuxedStream, respBody io.ReadCloser) {
-	reader := bufio.NewReader(respBody)
-	for {
-		line, err := reader.ReadBytes('\n')
-		if err != nil {
-			break
-		}
-		stream.Write(line)
-	}
-}
-
-func h1ResponseToH2Response(h1 *http.Response) (h2 []h2mux.Header) {
-	h2 = []h2mux.Header{{Name: ":status", Value: fmt.Sprintf("%d", h1.StatusCode)}}
-	for headerName, headerValues := range h1.Header {
-		for _, headerValue := range headerValues {
-			h2 = append(h2, h2mux.Header{Name: strings.ToLower(headerName), Value: headerValue})
-		}
-	}
-	return
-}
diff --git a/originservice/originservice_test.go b/originservice/originservice_test.go
deleted file mode 100644
index 2a1c0a3d..00000000
--- a/originservice/originservice_test.go
+++ /dev/null
@@ -1,60 +0,0 @@
-package originservice
-
-import (
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestIsEventStream(t *testing.T) {
-	tests := []struct {
-		resp          *http.Response
-		isEventStream bool
-	}{
-		{
-			resp:          &http.Response{},
-			isEventStream: false,
-		},
-		{
-			// isEventStream checks all headers
-			resp: &http.Response{
-				Header: http.Header{
-					"accept":       []string{"text/html"},
-					"content-type": []string{"text/event-stream"},
-				},
-			},
-			isEventStream: true,
-		},
-		{
-			// Content-Type and text/event-stream are case-insensitive. text/event-stream can be followed by OWS parameter
-			resp: &http.Response{
-				Header: http.Header{
-					"content-type": []string{"Text/event-stream;charset=utf-8"},
-				},
-			},
-			isEventStream: true,
-		},
-		{
-			// Content-Type and text/event-stream are case-insensitive. text/event-stream can be followed by OWS parameter
-			resp: &http.Response{
-				Header: http.Header{
-					"content-type": []string{"appication/json", "text/html", "Text/event-stream;charset=utf-8"},
-				},
-			},
-			isEventStream: true,
-		},
-		{
-			// Not an event stream because the content-type value doesn't start with text/event-stream
-			resp: &http.Response{
-				Header: http.Header{
-					"content-type": []string{" text/event-stream"},
-				},
-			},
-			isEventStream: false,
-		},
-	}
-	for _, test := range tests {
-		assert.Equal(t, test.isEventStream, isEventStream(test.resp), "Header: %v", test.resp.Header)
-	}
-}
diff --git a/streamhandler/request.go b/streamhandler/request.go
deleted file mode 100644
index b6bb55d3..00000000
--- a/streamhandler/request.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package streamhandler
-
-import (
-	"net/http"
-	"net/url"
-	"strings"
-
-	"github.com/cloudflare/cloudflared/h2mux"
-	"github.com/pkg/errors"
-)
-
-const (
-	lbProbeUserAgentPrefix = "Mozilla/5.0 (compatible; Cloudflare-Traffic-Manager/1.0; +https://www.cloudflare.com/traffic-manager/;"
-)
-
-func FindCfRayHeader(h1 *http.Request) string {
-	return h1.Header.Get("Cf-Ray")
-}
-
-func IsLBProbeRequest(req *http.Request) bool {
-	return strings.HasPrefix(req.UserAgent(), lbProbeUserAgentPrefix)
-}
-
-func createRequest(stream *h2mux.MuxedStream, url *url.URL) (*http.Request, error) {
-	req, err := http.NewRequest(http.MethodGet, url.String(), h2mux.MuxedStreamReader{MuxedStream: stream})
-	if err != nil {
-		return nil, errors.Wrap(err, "unexpected error from http.NewRequest")
-	}
-	err = h2mux.H2RequestHeadersToH1Request(stream.Headers, req)
-	if err != nil {
-		return nil, errors.Wrap(err, "invalid request received")
-	}
-	return req, nil
-}
diff --git a/streamhandler/stream_handler.go b/streamhandler/stream_handler.go
deleted file mode 100644
index 2b40b0a1..00000000
--- a/streamhandler/stream_handler.go
+++ /dev/null
@@ -1,189 +0,0 @@
-package streamhandler
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"strconv"
-
-	"github.com/cloudflare/cloudflared/h2mux"
-	"github.com/cloudflare/cloudflared/logger"
-	"github.com/cloudflare/cloudflared/tunnelhostnamemapper"
-	"github.com/cloudflare/cloudflared/tunnelrpc"
-	"github.com/cloudflare/cloudflared/tunnelrpc/pogs"
-	"github.com/pkg/errors"
-	"zombiezen.com/go/capnproto2/rpc"
-)
-
-const (
-	statusPseudoHeader = ":status"
-)
-
-type httpErrorStatus struct {
-	status string
-	text   []byte
-}
-
-var (
-	statusBadRequest = newHTTPErrorStatus(http.StatusBadRequest)
-	statusNotFound   = newHTTPErrorStatus(http.StatusNotFound)
-	statusBadGateway = newHTTPErrorStatus(http.StatusBadGateway)
-)
-
-func newHTTPErrorStatus(status int) *httpErrorStatus {
-	return &httpErrorStatus{
-		status: strconv.Itoa(status),
-		text:   []byte(http.StatusText(status)),
-	}
-}
-
-// StreamHandler handles new stream opened by the edge. The streams can be used to proxy requests or make RPC.
-type StreamHandler struct {
-	// newConfigChan is a send-only channel to notify Supervisor of a new ClientConfig
-	newConfigChan chan<- *pogs.ClientConfig
-	// useConfigResultChan is a receive-only channel for Supervisor to communicate the result of applying a new ClientConfig
-	useConfigResultChan <-chan *pogs.UseConfigurationResult
-	// originMapper maps tunnel hostname to origin service
-	tunnelHostnameMapper *tunnelhostnamemapper.TunnelHostnameMapper
-	logger               logger.Service
-}
-
-// NewStreamHandler creates a new StreamHandler
-func NewStreamHandler(newConfigChan chan<- *pogs.ClientConfig,
-	useConfigResultChan <-chan *pogs.UseConfigurationResult,
-	logger logger.Service,
-) *StreamHandler {
-	return &StreamHandler{
-		newConfigChan:        newConfigChan,
-		useConfigResultChan:  useConfigResultChan,
-		tunnelHostnameMapper: tunnelhostnamemapper.NewTunnelHostnameMapper(),
-		logger:               logger,
-	}
-}
-
-// UseConfiguration implements ClientService
-func (s *StreamHandler) UseConfiguration(ctx context.Context, config *pogs.ClientConfig) (*pogs.UseConfigurationResult, error) {
-	select {
-	case <-ctx.Done():
-		err := fmt.Errorf("Timeout while sending new config to Supervisor")
-		s.logger.Errorf("streamHandler: %s", err)
-		return nil, err
-	case s.newConfigChan <- config:
-	}
-	select {
-	case <-ctx.Done():
-		err := fmt.Errorf("Timeout applying new configuration")
-		s.logger.Errorf("streamHandler: %s", err)
-		return nil, err
-	case result := <-s.useConfigResultChan:
-		return result, nil
-	}
-}
-
-// UpdateConfig replaces current originmapper mapping with mappings from newConfig
-func (s *StreamHandler) UpdateConfig(newConfig []*pogs.ReverseProxyConfig) (failedConfigs []*pogs.FailedConfig) {
-
-	// Delete old configs that aren't in the `newConfig`
-	toRemove := s.tunnelHostnameMapper.ToRemove(newConfig)
-	for _, hostnameToRemove := range toRemove {
-		s.tunnelHostnameMapper.Delete(hostnameToRemove)
-	}
-
-	// Add new configs that weren't in the old mapper
-	toAdd := s.tunnelHostnameMapper.ToAdd(newConfig)
-	for _, tunnelConfig := range toAdd {
-		tunnelHostname := tunnelConfig.TunnelHostname
-		originSerice, err := tunnelConfig.OriginConfig.Service(s.logger)
-		if err != nil {
-			s.logger.Errorf("streamHandler: tunnelHostname: %s Invalid origin service config: %s", tunnelHostname, err)
-			failedConfigs = append(failedConfigs, &pogs.FailedConfig{
-				Config: tunnelConfig,
-				Reason: tunnelConfig.FailReason(err),
-			})
-			continue
-		}
-		s.tunnelHostnameMapper.Add(tunnelConfig.TunnelHostname, originSerice)
-		s.logger.Infof("streamHandler: tunnelHostname: %s New origin service config: %v", tunnelHostname, originSerice.Summary())
-	}
-	return
-}
-
-// ServeStream implements MuxedStreamHandler interface
-func (s *StreamHandler) ServeStream(stream *h2mux.MuxedStream) error {
-	if stream.IsRPCStream() {
-		return s.serveRPC(stream)
-	}
-	if err := s.serveRequest(stream); err != nil {
-		s.logger.Errorf("streamHandler: %s", err)
-		return err
-	}
-	return nil
-}
-
-func (s *StreamHandler) serveRPC(stream *h2mux.MuxedStream) error {
-	stream.WriteHeaders([]h2mux.Header{{Name: ":status", Value: "200"}})
-	main := pogs.ClientService_ServerToClient(s)
-	rpcConn := rpc.NewConn(
-		tunnelrpc.NewTransportLogger(s.logger, rpc.StreamTransport(stream)),
-		rpc.MainInterface(main.Client),
-		tunnelrpc.ConnLog(s.logger),
-	)
-	return rpcConn.Wait()
-}
-
-func (s *StreamHandler) serveRequest(stream *h2mux.MuxedStream) error {
-	tunnelHostname := stream.TunnelHostname()
-	if !tunnelHostname.IsSet() {
-		s.writeErrorStatus(stream, statusBadRequest)
-		return fmt.Errorf("stream doesn't have tunnelHostname")
-	}
-
-	originService, ok := s.tunnelHostnameMapper.Get(tunnelHostname)
-	if !ok {
-		s.writeErrorStatus(stream, statusNotFound)
-		return fmt.Errorf("cannot map tunnel hostname %s to origin", tunnelHostname)
-	}
-
-	req, err := createRequest(stream, originService.URL())
-	if err != nil {
-		s.writeErrorStatus(stream, statusBadRequest)
-		return errors.Wrap(err, "cannot create request")
-	}
-
-	cfRay := s.logRequest(req, tunnelHostname)
-	s.logger.Debugf("streamHandler: tunnelHostname: %s CF-RAY: %s Request Headers %+v", tunnelHostname, cfRay, req.Header)
-
-	resp, err := originService.Proxy(stream, req)
-	if err != nil {
-		s.writeErrorStatus(stream, statusBadGateway)
-		return errors.Wrap(err, "cannot proxy request")
-	}
-
-	s.logger.Debugf("streamHandler: tunnelHostname: %s CF-RAY: %s status: %s Response Headers %+v", tunnelHostname, cfRay, resp.Status, resp.Header)
-	return nil
-}
-
-func (s *StreamHandler) logRequest(req *http.Request, tunnelHostname h2mux.TunnelHostname) string {
-	cfRay := FindCfRayHeader(req)
-	lbProbe := IsLBProbeRequest(req)
-	logger := s.logger
-	if cfRay != "" {
-		logger.Debugf("streamHandler: tunnelHostname: %s CF-RAY: %s %s %s %s", tunnelHostname, cfRay, req.Method, req.URL, req.Proto)
-	} else if lbProbe {
-		logger.Debugf("streamHandler: tunnelHostname: %s CF-RAY: %s Load Balancer health check %s %s %s", tunnelHostname, cfRay, req.Method, req.URL, req.Proto)
-	} else {
-		logger.Infof("streamHandler: tunnelHostname: %s CF-RAY: %s Requests %v does not have CF-RAY header. Please open a support ticket with Cloudflare.", tunnelHostname, cfRay, req)
-	}
-	return cfRay
-}
-
-func (s *StreamHandler) writeErrorStatus(stream *h2mux.MuxedStream, status *httpErrorStatus) {
-	_ = stream.WriteHeaders([]h2mux.Header{
-		{
-			Name:  statusPseudoHeader,
-			Value: status.status,
-		},
-		h2mux.CreateResponseMetaHeader(h2mux.ResponseMetaHeaderField, h2mux.ResponseSourceCloudflared),
-	})
-	_, _ = stream.Write(status.text)
-}
diff --git a/streamhandler/stream_handler_test.go b/streamhandler/stream_handler_test.go
deleted file mode 100644
index 628524b3..00000000
--- a/streamhandler/stream_handler_test.go
+++ /dev/null
@@ -1,261 +0,0 @@
-package streamhandler
-
-import (
-	"context"
-	"io"
-	"net"
-	"net/http"
-	"net/http/httptest"
-	"strconv"
-	"sync"
-	"testing"
-	"time"
-
-	"github.com/cloudflare/cloudflared/h2mux"
-	"github.com/cloudflare/cloudflared/logger"
-	"github.com/cloudflare/cloudflared/tunnelrpc/pogs"
-	"github.com/pkg/errors"
-	"github.com/stretchr/testify/assert"
-	"golang.org/x/sync/errgroup"
-)
-
-const (
-	testOpenStreamTimeout = time.Millisecond * 5000
-	testHandshakeTimeout  = time.Millisecond * 1000
-)
-
-var (
-	testTunnelHostname = h2mux.TunnelHostname("123.cftunnel.com")
-	baseHeaders        = []h2mux.Header{
-		{Name: ":method", Value: "GET"},
-		{Name: ":scheme", Value: "http"},
-		{Name: ":authority", Value: "example.com"},
-		{Name: ":path", Value: "/"},
-
-		// Regular headers must always come after the pseudoheaders
-		{Name: h2mux.RequestUserHeadersField, Value: ""},
-	}
-	tunnelHostnameHeader = h2mux.Header{Name: h2mux.CloudflaredProxyTunnelHostnameHeader, Value: testTunnelHostname.String()}
-)
-
-func TestServeRequest(t *testing.T) {
-	l := logger.NewOutputWriter(logger.NewMockWriteManager())
-	configChan := make(chan *pogs.ClientConfig)
-	useConfigResultChan := make(chan *pogs.UseConfigurationResult)
-	streamHandler := NewStreamHandler(configChan, useConfigResultChan, l)
-
-	message := []byte("Hello cloudflared")
-	httpServer := httptest.NewServer(&mockHTTPHandler{message})
-
-	reverseProxyConfigs := []*pogs.ReverseProxyConfig{
-		{
-			TunnelHostname: testTunnelHostname,
-			OriginConfig: &pogs.HTTPOriginConfig{
-				URLString: httpServer.URL,
-			},
-		},
-	}
-	streamHandler.UpdateConfig(reverseProxyConfigs)
-
-	muxPair := NewDefaultMuxerPair(t, streamHandler)
-	muxPair.Serve(t)
-
-	ctx, cancel := context.WithTimeout(context.Background(), testOpenStreamTimeout)
-	defer cancel()
-
-	headers := append(baseHeaders, tunnelHostnameHeader)
-	stream, err := muxPair.EdgeMux.OpenStream(ctx, headers, nil)
-	assert.NoError(t, err)
-	assertStatusHeader(t, http.StatusOK, stream.Headers)
-	assertRespBody(t, message, stream)
-}
-
-func createStreamHandler() *StreamHandler {
-	configChan := make(chan *pogs.ClientConfig)
-	useConfigResultChan := make(chan *pogs.UseConfigurationResult)
-	l := logger.NewOutputWriter(logger.NewMockWriteManager())
-
-	return NewStreamHandler(configChan, useConfigResultChan, l)
-}
-
-func createRequestMuxPair(t *testing.T, streamHandler *StreamHandler) *DefaultMuxerPair {
-	muxPair := NewDefaultMuxerPair(t, streamHandler)
-	muxPair.Serve(t)
-
-	return muxPair
-}
-
-func TestServeStatusBadRequest(t *testing.T) {
-	ctx, cancel := context.WithTimeout(context.Background(), testOpenStreamTimeout)
-	defer cancel()
-
-	// No tunnel hostname header, expect to get 400 Bad Request
-	stream, err := createRequestMuxPair(t, createStreamHandler()).EdgeMux.OpenStream(ctx, baseHeaders, nil)
-	assert.NoError(t, err)
-	assertStatusHeader(t, http.StatusBadRequest, stream.Headers)
-	assertRespBody(t, statusBadRequest.text, stream)
-}
-
-func TestServeInvalidContentLength(t *testing.T) {
-	ctx, cancel := context.WithTimeout(context.Background(), testOpenStreamTimeout)
-	defer cancel()
-
-	// Invalid content-length, wouldn't be able to create a request
-	// Expect to get 400 Bad Request
-	headers := append(baseHeaders, tunnelHostnameHeader)
-	headers = append(headers, h2mux.Header{
-		Name:  "content-length",
-		Value: "x",
-	})
-	streamHandler := createStreamHandler()
-	streamHandler.UpdateConfig([]*pogs.ReverseProxyConfig{
-		{
-			TunnelHostname: testTunnelHostname,
-			OriginConfig: &pogs.HTTPOriginConfig{
-				URLString: "",
-			},
-		},
-	})
-	mux := createRequestMuxPair(t, streamHandler).EdgeMux
-	stream, err := mux.OpenStream(ctx, headers, nil)
-	assert.NoError(t, err)
-	assertStatusHeader(t, http.StatusBadRequest, stream.Headers)
-	assertRespBody(t, statusBadRequest.text, stream)
-}
-
-func TestServeStatusNotFound(t *testing.T) {
-	ctx, cancel := context.WithTimeout(context.Background(), testOpenStreamTimeout)
-	defer cancel()
-
-	// No mapping for the tunnel hostname, expect to get 404 Not Found
-	headers := append(baseHeaders, tunnelHostnameHeader)
-	stream, err := createRequestMuxPair(t, createStreamHandler()).EdgeMux.OpenStream(ctx, headers, nil)
-	assert.NoError(t, err)
-	assertStatusHeader(t, http.StatusNotFound, stream.Headers)
-	assertRespBody(t, statusNotFound.text, stream)
-}
-
-func TestServeStatusBadGateway(t *testing.T) {
-	ctx, cancel := context.WithTimeout(context.Background(), testOpenStreamTimeout)
-	defer cancel()
-
-	// Nothing listening on empty url, so proxy would fail. Expect to get 502 Bad Gateway
-	reverseProxyConfigs := []*pogs.ReverseProxyConfig{
-		{
-			TunnelHostname: testTunnelHostname,
-			OriginConfig: &pogs.HTTPOriginConfig{
-				URLString: "",
-			},
-		},
-	}
-	streamHandler := createStreamHandler()
-	streamHandler.UpdateConfig(reverseProxyConfigs)
-	headers := append(baseHeaders, tunnelHostnameHeader)
-	stream, err := createRequestMuxPair(t, streamHandler).EdgeMux.OpenStream(ctx, headers, nil)
-	assert.NoError(t, err)
-	assertStatusHeader(t, http.StatusBadGateway, stream.Headers)
-	assertRespBody(t, statusBadGateway.text, stream)
-}
-
-func assertStatusHeader(t *testing.T, expectedStatus int, headers []h2mux.Header) {
-	assert.Equal(t, statusPseudoHeader, headers[0].Name)
-	assert.Equal(t, strconv.Itoa(expectedStatus), headers[0].Value)
-}
-
-func assertRespBody(t *testing.T, expectedRespBody []byte, stream *h2mux.MuxedStream) {
-	respBody := make([]byte, len(expectedRespBody))
-	_, err := stream.Read(respBody)
-	assert.NoError(t, err)
-	assert.Equal(t, expectedRespBody, respBody)
-}
-
-type DefaultMuxerPair struct {
-	OriginMuxConfig h2mux.MuxerConfig
-	OriginMux       *h2mux.Muxer
-	OriginConn      net.Conn
-	EdgeMuxConfig   h2mux.MuxerConfig
-	EdgeMux         *h2mux.Muxer
-	EdgeConn        net.Conn
-	doneC           chan struct{}
-}
-
-func NewDefaultMuxerPair(t *testing.T, h h2mux.MuxedStreamHandler) *DefaultMuxerPair {
-	origin, edge := net.Pipe()
-	p := &DefaultMuxerPair{
-		OriginMuxConfig: h2mux.MuxerConfig{
-			Timeout:                 testHandshakeTimeout,
-			Handler:                 h,
-			IsClient:                true,
-			Name:                    "origin",
-			Logger:                  logger.NewOutputWriter(logger.NewMockWriteManager()),
-			DefaultWindowSize:       (1 << 8) - 1,
-			MaxWindowSize:           (1 << 15) - 1,
-			StreamWriteBufferMaxLen: 1024,
-		},
-		OriginConn: origin,
-		EdgeMuxConfig: h2mux.MuxerConfig{
-			Timeout:                 testHandshakeTimeout,
-			IsClient:                false,
-			Name:                    "edge",
-			Logger:                  logger.NewOutputWriter(logger.NewMockWriteManager()),
-			DefaultWindowSize:       (1 << 8) - 1,
-			MaxWindowSize:           (1 << 15) - 1,
-			StreamWriteBufferMaxLen: 1024,
-		},
-		EdgeConn: edge,
-		doneC:    make(chan struct{}),
-	}
-	assert.NoError(t, p.Handshake(t.Name()))
-	return p
-}
-
-func (p *DefaultMuxerPair) Handshake(testName string) error {
-	ctx, cancel := context.WithTimeout(context.Background(), testHandshakeTimeout)
-	defer cancel()
-	errGroup, _ := errgroup.WithContext(ctx)
-	errGroup.Go(func() (err error) {
-		p.EdgeMux, err = h2mux.Handshake(p.EdgeConn, p.EdgeConn, p.EdgeMuxConfig, h2mux.NewActiveStreamsMetrics(testName, "edge"))
-		return errors.Wrap(err, "edge handshake failure")
-	})
-	errGroup.Go(func() (err error) {
-		p.OriginMux, err = h2mux.Handshake(p.OriginConn, p.OriginConn, p.OriginMuxConfig, h2mux.NewActiveStreamsMetrics(testName, "origin"))
-		return errors.Wrap(err, "origin handshake failure")
-	})
-
-	return errGroup.Wait()
-}
-
-func (p *DefaultMuxerPair) Serve(t assert.TestingT) {
-	ctx := context.Background()
-	var wg sync.WaitGroup
-	wg.Add(2)
-	go func() {
-		err := p.EdgeMux.Serve(ctx)
-		if err != nil && err != io.EOF && err != io.ErrClosedPipe {
-			t.Errorf("error in edge muxer Serve(): %s", err)
-		}
-		p.OriginMux.Shutdown()
-		wg.Done()
-	}()
-	go func() {
-		err := p.OriginMux.Serve(ctx)
-		if err != nil && err != io.EOF && err != io.ErrClosedPipe {
-			t.Errorf("error in origin muxer Serve(): %s", err)
-		}
-		p.EdgeMux.Shutdown()
-		wg.Done()
-	}()
-	go func() {
-		// notify when both muxes have stopped serving
-		wg.Wait()
-		close(p.doneC)
-	}()
-}
-
-type mockHTTPHandler struct {
-	message []byte
-}
-
-func (mth *mockHTTPHandler) ServeHTTP(w http.ResponseWriter, _ *http.Request) {
-	_, _ = w.Write(mth.message)
-}
diff --git a/supervisor/supervisor.go b/supervisor/supervisor.go
deleted file mode 100644
index 8dee085d..00000000
--- a/supervisor/supervisor.go
+++ /dev/null
@@ -1,205 +0,0 @@
-// Package supervisor is used by declarative tunnels to get/apply new config from the edge.
-package supervisor
-
-import (
-	"context"
-	"crypto/tls"
-	"fmt"
-	"os"
-	"os/signal"
-	"sync"
-	"syscall"
-
-	"golang.org/x/sync/errgroup"
-
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/updater"
-	"github.com/cloudflare/cloudflared/connection"
-	"github.com/cloudflare/cloudflared/edgediscovery"
-	"github.com/cloudflare/cloudflared/h2mux"
-	"github.com/cloudflare/cloudflared/logger"
-	"github.com/cloudflare/cloudflared/streamhandler"
-	"github.com/cloudflare/cloudflared/tunnelrpc/pogs"
-	"github.com/prometheus/client_golang/prometheus"
-)
-
-type Supervisor struct {
-	connManager         *connection.EdgeManager
-	streamHandler       *streamhandler.StreamHandler
-	autoupdater         *updater.AutoUpdater
-	supportAutoupdate   bool
-	newConfigChan       <-chan *pogs.ClientConfig
-	useConfigResultChan chan<- *pogs.UseConfigurationResult
-	state               *state
-	logger              logger.Service
-	metrics             metrics
-}
-
-type metrics struct {
-	configVersion prometheus.Gauge
-}
-
-func newMetrics() metrics {
-	configVersion := prometheus.NewGauge(prometheus.GaugeOpts{
-		Namespace: "supervisor",
-		Subsystem: "supervisor",
-		Name:      "config_version",
-		Help:      "Latest configuration version received from Cloudflare",
-	},
-	)
-	prometheus.MustRegister(
-		configVersion,
-	)
-	return metrics{
-		configVersion: configVersion,
-	}
-}
-
-func NewSupervisor(
-	defaultClientConfig *pogs.ClientConfig,
-	userCredential []byte,
-	tlsConfig *tls.Config,
-	serviceDiscoverer *edgediscovery.Edge,
-	cloudflaredConfig *connection.CloudflaredConfig,
-	autoupdater *updater.AutoUpdater,
-	supportAutoupdate bool,
-	logger logger.Service,
-) (*Supervisor, error) {
-	newConfigChan := make(chan *pogs.ClientConfig)
-	useConfigResultChan := make(chan *pogs.UseConfigurationResult)
-	streamHandler := streamhandler.NewStreamHandler(newConfigChan, useConfigResultChan, logger)
-	invalidConfigs := streamHandler.UpdateConfig(defaultClientConfig.ReverseProxyConfigs)
-
-	if len(invalidConfigs) > 0 {
-		for _, invalidConfig := range invalidConfigs {
-			logger.Errorf("Tunnel %+v is invalid, reason: %s", invalidConfig.Config, invalidConfig.Reason)
-		}
-		return nil, fmt.Errorf("At least 1 Tunnel config is invalid")
-	}
-
-	tunnelHostnames := make([]h2mux.TunnelHostname, len(defaultClientConfig.ReverseProxyConfigs))
-	for i, reverseProxyConfig := range defaultClientConfig.ReverseProxyConfigs {
-		tunnelHostnames[i] = reverseProxyConfig.TunnelHostname
-	}
-	defaultEdgeMgrConfigurable := &connection.EdgeManagerConfigurable{
-		TunnelHostnames:      tunnelHostnames,
-		EdgeConnectionConfig: defaultClientConfig.EdgeConnectionConfig,
-	}
-	return &Supervisor{
-		connManager: connection.NewEdgeManager(streamHandler, defaultEdgeMgrConfigurable, userCredential, tlsConfig,
-			serviceDiscoverer, cloudflaredConfig, logger),
-		streamHandler:       streamHandler,
-		autoupdater:         autoupdater,
-		supportAutoupdate:   supportAutoupdate,
-		newConfigChan:       newConfigChan,
-		useConfigResultChan: useConfigResultChan,
-		state:               newState(defaultClientConfig),
-		logger:              logger,
-		metrics:             newMetrics(),
-	}, nil
-}
-
-func (s *Supervisor) Run(ctx context.Context) error {
-	errGroup, groupCtx := errgroup.WithContext(ctx)
-
-	errGroup.Go(func() error {
-		return s.connManager.Run(groupCtx)
-	})
-
-	errGroup.Go(func() error {
-		return s.listenToNewConfig(groupCtx)
-	})
-
-	errGroup.Go(func() error {
-		return s.listenToShutdownSignal(groupCtx)
-	})
-
-	if s.supportAutoupdate {
-		errGroup.Go(func() error {
-			return s.autoupdater.Run(groupCtx)
-		})
-	}
-
-	err := errGroup.Wait()
-	s.logger.Errorf("Supervisor terminated, reason: %v", err)
-	return err
-}
-
-func (s *Supervisor) listenToShutdownSignal(serveCtx context.Context) error {
-	signals := make(chan os.Signal, 10)
-	signal.Notify(signals, syscall.SIGTERM, syscall.SIGINT)
-	defer signal.Stop(signals)
-
-	select {
-	case <-serveCtx.Done():
-		return serveCtx.Err()
-	case sig := <-signals:
-		return fmt.Errorf("received %v signal", sig)
-	}
-}
-
-func (s *Supervisor) listenToNewConfig(ctx context.Context) error {
-	for {
-		select {
-		case <-ctx.Done():
-			return ctx.Err()
-		case newConfig := <-s.newConfigChan:
-			s.useConfigResultChan <- s.notifySubsystemsNewConfig(newConfig)
-		}
-	}
-}
-
-func (s *Supervisor) notifySubsystemsNewConfig(newConfig *pogs.ClientConfig) *pogs.UseConfigurationResult {
-	s.logger.Infof("Received configuration %v", newConfig.Version)
-	if s.state.hasAppliedVersion(newConfig.Version) {
-		s.logger.Infof("%v has been applied", newConfig.Version)
-		return &pogs.UseConfigurationResult{
-			Success: true,
-		}
-	}
-	s.metrics.configVersion.Set(float64(newConfig.Version))
-
-	s.state.updateConfig(newConfig)
-	var tunnelHostnames []h2mux.TunnelHostname
-	for _, tunnelConfig := range newConfig.ReverseProxyConfigs {
-		tunnelHostnames = append(tunnelHostnames, tunnelConfig.TunnelHostname)
-	}
-	// Update connManager configurable
-	s.connManager.UpdateConfigurable(&connection.EdgeManagerConfigurable{
-		TunnelHostnames:      tunnelHostnames,
-		EdgeConnectionConfig: newConfig.EdgeConnectionConfig,
-	})
-	// Update streamHandler tunnelHostnameMapper mapping
-	failedConfigs := s.streamHandler.UpdateConfig(newConfig.ReverseProxyConfigs)
-
-	if s.supportAutoupdate {
-		s.autoupdater.Update(newConfig.SupervisorConfig.AutoUpdateFrequency)
-	}
-
-	return &pogs.UseConfigurationResult{
-		Success:       len(failedConfigs) == 0,
-		FailedConfigs: failedConfigs,
-	}
-}
-
-type state struct {
-	sync.RWMutex
-	currentConfig *pogs.ClientConfig
-}
-
-func newState(currentConfig *pogs.ClientConfig) *state {
-	return &state{
-		currentConfig: currentConfig,
-	}
-}
-
-func (s *state) hasAppliedVersion(incomingVersion pogs.Version) bool {
-	s.RLock()
-	defer s.RUnlock()
-	return s.currentConfig.Version.IsNewerOrEqual(incomingVersion)
-}
-
-func (s *state) updateConfig(newConfig *pogs.ClientConfig) {
-	s.Lock()
-	defer s.Unlock()
-	s.currentConfig = newConfig
-}
diff --git a/tunnelhostnamemapper/tunnelhostnamemapper.go b/tunnelhostnamemapper/tunnelhostnamemapper.go
deleted file mode 100644
index 554da985..00000000
--- a/tunnelhostnamemapper/tunnelhostnamemapper.go
+++ /dev/null
@@ -1,93 +0,0 @@
-package tunnelhostnamemapper
-
-import (
-	"sync"
-
-	"github.com/cloudflare/cloudflared/h2mux"
-	"github.com/cloudflare/cloudflared/originservice"
-	"github.com/cloudflare/cloudflared/tunnelrpc/pogs"
-)
-
-// TunnelHostnameMapper maps TunnelHostname to an OriginService
-type TunnelHostnameMapper struct {
-	sync.RWMutex
-	tunnelHostnameToOrigin map[h2mux.TunnelHostname]originservice.OriginService
-}
-
-func NewTunnelHostnameMapper() *TunnelHostnameMapper {
-	return &TunnelHostnameMapper{
-		tunnelHostnameToOrigin: make(map[h2mux.TunnelHostname]originservice.OriginService),
-	}
-}
-
-// Get an OriginService given a TunnelHostname
-func (om *TunnelHostnameMapper) Get(key h2mux.TunnelHostname) (originservice.OriginService, bool) {
-	om.RLock()
-	defer om.RUnlock()
-	originService, ok := om.tunnelHostnameToOrigin[key]
-	return originService, ok
-}
-
-// Add a mapping. If there is already an OriginService with this key, shutdown the old origin service and replace it
-// with the new one
-func (om *TunnelHostnameMapper) Add(key h2mux.TunnelHostname, os originservice.OriginService) {
-	om.Lock()
-	defer om.Unlock()
-	if oldOS, ok := om.tunnelHostnameToOrigin[key]; ok {
-		oldOS.Shutdown()
-	}
-	om.tunnelHostnameToOrigin[key] = os
-}
-
-// Delete a mapping, and shutdown its OriginService
-func (om *TunnelHostnameMapper) Delete(key h2mux.TunnelHostname) (keyFound bool) {
-	om.Lock()
-	defer om.Unlock()
-	if os, ok := om.tunnelHostnameToOrigin[key]; ok {
-		os.Shutdown()
-		delete(om.tunnelHostnameToOrigin, key)
-		return true
-	}
-	return false
-}
-
-// ToRemove finds all keys that should be removed from the TunnelHostnameMapper.
-func (om *TunnelHostnameMapper) ToRemove(newConfigs []*pogs.ReverseProxyConfig) (toRemove []h2mux.TunnelHostname) {
-	om.Lock()
-	defer om.Unlock()
-
-	// Convert into a set, for O(1) lookups instead of O(n)
-	newConfigSet := toSet(newConfigs)
-
-	// If a config in `om` isn't in `newConfigs`, it must be removed.
-	for hostname := range om.tunnelHostnameToOrigin {
-		if _, ok := newConfigSet[hostname]; !ok {
-			toRemove = append(toRemove, hostname)
-		}
-	}
-
-	return
-}
-
-// ToAdd filters the given configs, keeping those that should be added to the TunnelHostnameMapper.
-func (om *TunnelHostnameMapper) ToAdd(newConfigs []*pogs.ReverseProxyConfig) (toAdd []*pogs.ReverseProxyConfig) {
-	om.Lock()
-	defer om.Unlock()
-
-	// If a config in `newConfigs` isn't in `om`, it must be added.
-	for _, config := range newConfigs {
-		if _, ok := om.tunnelHostnameToOrigin[config.TunnelHostname]; !ok {
-			toAdd = append(toAdd, config)
-		}
-	}
-
-	return
-}
-
-func toSet(configs []*pogs.ReverseProxyConfig) map[h2mux.TunnelHostname]*pogs.ReverseProxyConfig {
-	m := make(map[h2mux.TunnelHostname]*pogs.ReverseProxyConfig)
-	for _, config := range configs {
-		m[config.TunnelHostname] = config
-	}
-	return m
-}
diff --git a/tunnelhostnamemapper/tunnelhostnamemapper_test.go b/tunnelhostnamemapper/tunnelhostnamemapper_test.go
deleted file mode 100644
index d8f8e655..00000000
--- a/tunnelhostnamemapper/tunnelhostnamemapper_test.go
+++ /dev/null
@@ -1,212 +0,0 @@
-package tunnelhostnamemapper
-
-import (
-	"fmt"
-	"net/http"
-	"net/url"
-	"reflect"
-	"sync"
-	"testing"
-	"time"
-
-	"github.com/cloudflare/cloudflared/h2mux"
-	"github.com/cloudflare/cloudflared/originservice"
-	"github.com/cloudflare/cloudflared/tunnelrpc/pogs"
-	"github.com/stretchr/testify/assert"
-)
-
-const (
-	routines = 1000
-)
-
-func TestTunnelHostnameMapperConcurrentAccess(t *testing.T) {
-	thm := NewTunnelHostnameMapper()
-
-	concurrentOps(t, func(i int) {
-		// om is empty
-		os, ok := thm.Get(tunnelHostname(i))
-		assert.False(t, ok)
-		assert.Nil(t, os)
-	})
-
-	firstURL, err := url.Parse("https://127.0.0.1:8080")
-	assert.NoError(t, err)
-	httpOS := originservice.NewHTTPService(http.DefaultTransport, firstURL, false)
-	concurrentOps(t, func(i int) {
-		thm.Add(tunnelHostname(i), httpOS)
-	})
-
-	concurrentOps(t, func(i int) {
-		os, ok := thm.Get(tunnelHostname(i))
-		assert.True(t, ok)
-		assert.Equal(t, httpOS, os)
-	})
-
-	secondURL, err := url.Parse("https://127.0.0.1:8080")
-	assert.NoError(t, err)
-	secondHTTPOS := originservice.NewHTTPService(http.DefaultTransport, secondURL, true)
-	concurrentOps(t, func(i int) {
-		// Add should httpOS with secondHTTPOS
-		thm.Add(tunnelHostname(i), secondHTTPOS)
-	})
-
-	concurrentOps(t, func(i int) {
-		os, ok := thm.Get(tunnelHostname(i))
-		assert.True(t, ok)
-		assert.Equal(t, secondHTTPOS, os)
-	})
-}
-
-func concurrentOps(t *testing.T, f func(i int)) {
-	var wg sync.WaitGroup
-	wg.Add(routines)
-	for i := 0; i < routines; i++ {
-		go func(i int) {
-			f(i)
-			wg.Done()
-		}(i)
-	}
-	wg.Wait()
-}
-
-func tunnelHostname(i int) h2mux.TunnelHostname {
-	return h2mux.TunnelHostname(fmt.Sprintf("%d.cftunnel.com", i))
-}
-
-func Test_toSet(t *testing.T) {
-
-	type args struct {
-		configs []*pogs.ReverseProxyConfig
-	}
-	tests := []struct {
-		name string
-		args args
-		want map[h2mux.TunnelHostname]*pogs.ReverseProxyConfig
-	}{
-		{
-			name: "empty slice should yield empty map",
-			args: args{},
-			want: map[h2mux.TunnelHostname]*pogs.ReverseProxyConfig{},
-		},
-		{
-			name: "multiple elements",
-			args: args{[]*pogs.ReverseProxyConfig{sampleConfig1(), sampleConfig2()}},
-			want: map[h2mux.TunnelHostname]*pogs.ReverseProxyConfig{
-				"mock.example.com":  sampleConfig1(),
-				"mock2.example.com": sampleConfig2(),
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if got := toSet(tt.args.configs); !reflect.DeepEqual(got, tt.want) {
-				t.Errorf("toSet() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
-
-func TestTunnelHostnameMapper_ToAdd(t *testing.T) {
-	type fields struct {
-		tunnelHostnameToOrigin map[h2mux.TunnelHostname]originservice.OriginService
-	}
-	type args struct {
-		newConfigs []*pogs.ReverseProxyConfig
-	}
-	tests := []struct {
-		name      string
-		fields    fields
-		args      args
-		wantToAdd []*pogs.ReverseProxyConfig
-	}{
-		{
-			name: "Mapper={}, NewConfig={}, toAdd={}",
-		},
-		{
-			name:      "Mapper={}, NewConfig={x}, toAdd={x}",
-			args:      args{newConfigs: []*pogs.ReverseProxyConfig{sampleConfig1()}},
-			wantToAdd: []*pogs.ReverseProxyConfig{sampleConfig1()},
-		},
-		{
-			name:      "Mapper={x}, NewConfig={x,y}, toAdd={y}",
-			args:      args{newConfigs: []*pogs.ReverseProxyConfig{sampleConfig2()}},
-			wantToAdd: []*pogs.ReverseProxyConfig{sampleConfig2()},
-			fields: fields{tunnelHostnameToOrigin: map[h2mux.TunnelHostname]originservice.OriginService{
-				h2mux.TunnelHostname(sampleConfig1().TunnelHostname): &originservice.HelloWorldService{},
-			}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			om := &TunnelHostnameMapper{
-				tunnelHostnameToOrigin: tt.fields.tunnelHostnameToOrigin,
-			}
-			if gotToAdd := om.ToAdd(tt.args.newConfigs); !reflect.DeepEqual(gotToAdd, tt.wantToAdd) {
-				t.Errorf("TunnelHostnameMapper.ToAdd() = %v, want %v", gotToAdd, tt.wantToAdd)
-			}
-		})
-	}
-}
-
-func TestTunnelHostnameMapper_ToRemove(t *testing.T) {
-	type fields struct {
-		tunnelHostnameToOrigin map[h2mux.TunnelHostname]originservice.OriginService
-	}
-	type args struct {
-		newConfigs []*pogs.ReverseProxyConfig
-	}
-	tests := []struct {
-		name         string
-		fields       fields
-		args         args
-		wantToRemove []h2mux.TunnelHostname
-	}{
-		{
-			name: "Mapper={}, NewConfig={}, toRemove={}",
-		},
-		{
-			name:         "Mapper={x}, NewConfig={}, toRemove={x}",
-			wantToRemove: []h2mux.TunnelHostname{sampleConfig1().TunnelHostname},
-			fields: fields{tunnelHostnameToOrigin: map[h2mux.TunnelHostname]originservice.OriginService{
-				h2mux.TunnelHostname(sampleConfig1().TunnelHostname): &originservice.HelloWorldService{},
-			}},
-		},
-		{
-			name: "Mapper={x}, NewConfig={x}, toRemove={}",
-			args: args{newConfigs: []*pogs.ReverseProxyConfig{sampleConfig1()}},
-			fields: fields{tunnelHostnameToOrigin: map[h2mux.TunnelHostname]originservice.OriginService{
-				h2mux.TunnelHostname(sampleConfig1().TunnelHostname): &originservice.HelloWorldService{},
-			}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			om := &TunnelHostnameMapper{
-				tunnelHostnameToOrigin: tt.fields.tunnelHostnameToOrigin,
-			}
-			if gotToRemove := om.ToRemove(tt.args.newConfigs); !reflect.DeepEqual(gotToRemove, tt.wantToRemove) {
-				t.Errorf("TunnelHostnameMapper.ToRemove() = %v, want %v", gotToRemove, tt.wantToRemove)
-			}
-		})
-	}
-}
-
-func sampleConfig1() *pogs.ReverseProxyConfig {
-	return &pogs.ReverseProxyConfig{
-		TunnelHostname:     "mock.example.com",
-		OriginConfig:       &pogs.HelloWorldOriginConfig{},
-		Retries:            18,
-		ConnectionTimeout:  5 * time.Second,
-		CompressionQuality: 3,
-	}
-}
-
-func sampleConfig2() *pogs.ReverseProxyConfig {
-	return &pogs.ReverseProxyConfig{
-		TunnelHostname:     "mock2.example.com",
-		OriginConfig:       &pogs.HelloWorldOriginConfig{},
-		Retries:            18,
-		ConnectionTimeout:  5 * time.Second,
-		CompressionQuality: 3,
-	}
-}
diff --git a/tunnelrpc/pogs/config.go b/tunnelrpc/pogs/config.go
deleted file mode 100644
index 6ef537ae..00000000
--- a/tunnelrpc/pogs/config.go
+++ /dev/null
@@ -1,775 +0,0 @@
-package pogs
-
-import (
-	"context"
-	"crypto/tls"
-	"crypto/x509"
-	"fmt"
-	"net"
-	"net/http"
-	"net/url"
-	"time"
-
-	"github.com/cloudflare/cloudflared/h2mux"
-	"github.com/cloudflare/cloudflared/logger"
-	"github.com/cloudflare/cloudflared/originservice"
-	"github.com/cloudflare/cloudflared/tlsconfig"
-	"github.com/cloudflare/cloudflared/tunnelrpc"
-
-	"github.com/pkg/errors"
-	capnp "zombiezen.com/go/capnproto2"
-	"zombiezen.com/go/capnproto2/pogs"
-	"zombiezen.com/go/capnproto2/rpc"
-	"zombiezen.com/go/capnproto2/server"
-)
-
-///
-/// Structs
-///
-
-// ClientConfig is a collection of FallibleConfig that determines how cloudflared should function
-type ClientConfig struct {
-	Version              Version
-	SupervisorConfig     *SupervisorConfig
-	EdgeConnectionConfig *EdgeConnectionConfig
-	DoHProxyConfigs      []*DoHProxyConfig `capnp:"dohProxyConfigs"`
-	ReverseProxyConfigs  []*ReverseProxyConfig
-}
-
-func (c *ClientConfig) MarshalBytes() ([]byte, error) {
-	msg, firstSeg, err := capnp.NewMessage(capnp.SingleSegment(nil))
-	if err != nil {
-		return nil, err
-	}
-	capnpEntity, err := tunnelrpc.NewRootClientConfig(firstSeg)
-	if err != nil {
-		return nil, err
-	}
-	err = MarshalClientConfig(capnpEntity, c)
-	if err != nil {
-		return nil, err
-	}
-	return msg.Marshal()
-}
-
-func UnmarshalClientConfigFromBytes(clientConfigBytes []byte) (*ClientConfig, error) {
-	msg, err := capnp.Unmarshal(clientConfigBytes)
-	if err != nil {
-		return nil, err
-	}
-	capnpClientConfig, err := tunnelrpc.ReadRootClientConfig(msg)
-	if err != nil {
-		return nil, err
-	}
-	pogsClientConfig, err := UnmarshalClientConfig(capnpClientConfig)
-	if err != nil {
-		return nil, err
-	}
-	return pogsClientConfig, nil
-}
-
-// Version type models the version of a ClientConfig
-type Version uint64
-
-func InitVersion() Version {
-	return Version(0)
-}
-
-func (v Version) IsNewerOrEqual(comparedVersion Version) bool {
-	return v >= comparedVersion
-}
-
-func (v Version) String() string {
-	return fmt.Sprintf("Version: %d", v)
-}
-
-// FallibleConfig is an interface implemented by configs that cloudflared might not be able to apply
-//go-sumtype:decl FallibleConfig
-type FallibleConfig interface {
-	FailReason(err error) string
-	isFallibleConfig()
-}
-
-// SupervisorConfig specifies config of components managed by Supervisor other than ConnectionManager
-type SupervisorConfig struct {
-	AutoUpdateFrequency    time.Duration
-	MetricsUpdateFrequency time.Duration
-	GracePeriod            time.Duration
-}
-
-// FailReason impelents FallibleConfig interface for SupervisorConfig
-func (sc *SupervisorConfig) FailReason(err error) string {
-	return fmt.Sprintf("Cannot apply SupervisorConfig, err: %v", err)
-}
-
-func (_ *SupervisorConfig) isFallibleConfig() {}
-
-// EdgeConnectionConfig specifies what parameters and how may connections should ConnectionManager establish with edge
-type EdgeConnectionConfig struct {
-	NumHAConnections    uint8
-	HeartbeatInterval   time.Duration
-	Timeout             time.Duration
-	MaxFailedHeartbeats uint64
-	UserCredentialPath  string
-}
-
-// FailReason impelents FallibleConfig interface for EdgeConnectionConfig
-func (cmc *EdgeConnectionConfig) FailReason(err error) string {
-	return fmt.Sprintf("Cannot apply EdgeConnectionConfig, err: %v", err)
-}
-
-func (_ *EdgeConnectionConfig) isFallibleConfig() {}
-
-// DoHProxyConfig is configuration for DNS over HTTPS service
-type DoHProxyConfig struct {
-	ListenHost string
-	ListenPort uint16
-	Upstreams  []string
-}
-
-// FailReason impelents FallibleConfig interface for DoHProxyConfig
-func (dpc *DoHProxyConfig) FailReason(err error) string {
-	return fmt.Sprintf("Cannot apply DoHProxyConfig, err: %v", err)
-}
-
-func (_ *DoHProxyConfig) isFallibleConfig() {}
-
-// ReverseProxyConfig how and for what hostnames can this cloudflared proxy
-type ReverseProxyConfig struct {
-	TunnelHostname     h2mux.TunnelHostname
-	OriginConfig       OriginConfig
-	Retries            uint64
-	ConnectionTimeout  time.Duration
-	CompressionQuality uint64
-}
-
-func NewReverseProxyConfig(
-	tunnelHostname string,
-	originConfig OriginConfig,
-	retries uint64,
-	connectionTimeout time.Duration,
-	compressionQuality uint64,
-) (*ReverseProxyConfig, error) {
-	if originConfig == nil {
-		return nil, fmt.Errorf("NewReverseProxyConfig: originConfigUnmarshaler was null")
-	}
-	return &ReverseProxyConfig{
-		TunnelHostname:     h2mux.TunnelHostname(tunnelHostname),
-		OriginConfig:       originConfig,
-		Retries:            retries,
-		ConnectionTimeout:  connectionTimeout,
-		CompressionQuality: compressionQuality,
-	}, nil
-}
-
-// FailReason impelents FallibleConfig interface for ReverseProxyConfig
-func (rpc *ReverseProxyConfig) FailReason(err error) string {
-	return fmt.Sprintf("Cannot apply ReverseProxyConfig, err: %v", err)
-}
-
-func (_ *ReverseProxyConfig) isFallibleConfig() {}
-
-//go-sumtype:decl OriginConfig
-type OriginConfig interface {
-	// Service returns a OriginService used to proxy to the origin
-	Service(logger.Service) (originservice.OriginService, error)
-	// go-sumtype requires at least one unexported method, otherwise it will complain that interface is not sealed
-	isOriginConfig()
-}
-
-type HTTPOriginConfig struct {
-	URLString              string        `capnp:"urlString"`
-	TCPKeepAlive           time.Duration `capnp:"tcpKeepAlive"`
-	DialDualStack          bool
-	TLSHandshakeTimeout    time.Duration `capnp:"tlsHandshakeTimeout"`
-	TLSVerify              bool          `capnp:"tlsVerify"`
-	OriginCAPool           string
-	OriginServerName       string
-	MaxIdleConnections     uint64
-	IdleConnectionTimeout  time.Duration
-	ProxyConnectionTimeout time.Duration
-	ExpectContinueTimeout  time.Duration
-	ChunkedEncoding        bool
-}
-
-func (hc *HTTPOriginConfig) Service(logger logger.Service) (originservice.OriginService, error) {
-	rootCAs, err := tlsconfig.LoadCustomOriginCA(hc.OriginCAPool)
-	if err != nil {
-		return nil, err
-	}
-
-	dialer := &net.Dialer{
-		Timeout:   hc.ProxyConnectionTimeout,
-		KeepAlive: hc.TCPKeepAlive,
-	}
-	if !hc.DialDualStack {
-		dialer.FallbackDelay = -1
-	}
-	dialContext := dialer.DialContext
-	transport := &http.Transport{
-		Proxy:       http.ProxyFromEnvironment,
-		DialContext: dialContext,
-		TLSClientConfig: &tls.Config{
-			RootCAs:            rootCAs,
-			ServerName:         hc.OriginServerName,
-			InsecureSkipVerify: hc.TLSVerify,
-		},
-		TLSHandshakeTimeout:   hc.TLSHandshakeTimeout,
-		MaxIdleConns:          int(hc.MaxIdleConnections),
-		IdleConnTimeout:       hc.IdleConnectionTimeout,
-		ExpectContinueTimeout: hc.ExpectContinueTimeout,
-	}
-	url, err := url.Parse(hc.URLString)
-	if err != nil {
-		return nil, errors.Wrapf(err, "%s is not a valid URL", hc.URLString)
-	}
-	if url.Scheme == "unix" {
-		transport.DialContext = func(ctx context.Context, _, _ string) (net.Conn, error) {
-			return dialContext(ctx, "unix", url.Host)
-		}
-	}
-	return originservice.NewHTTPService(transport, url, hc.ChunkedEncoding), nil
-}
-
-func (*HTTPOriginConfig) isOriginConfig() {}
-
-type WebSocketOriginConfig struct {
-	URLString        string `capnp:"urlString"`
-	TLSVerify        bool   `capnp:"tlsVerify"`
-	OriginCAPool     string
-	OriginServerName string
-}
-
-func (wsc *WebSocketOriginConfig) Service(logger logger.Service) (originservice.OriginService, error) {
-	rootCAs, err := tlsconfig.LoadCustomOriginCA(wsc.OriginCAPool)
-	if err != nil {
-		return nil, err
-	}
-	tlsConfig := &tls.Config{
-		RootCAs:            rootCAs,
-		ServerName:         wsc.OriginServerName,
-		InsecureSkipVerify: wsc.TLSVerify,
-	}
-
-	url, err := url.Parse(wsc.URLString)
-	if err != nil {
-		return nil, errors.Wrapf(err, "%s is not a valid URL", wsc.URLString)
-	}
-	return originservice.NewWebSocketService(tlsConfig, url, logger)
-}
-
-func (*WebSocketOriginConfig) isOriginConfig() {}
-
-type HelloWorldOriginConfig struct{}
-
-func (*HelloWorldOriginConfig) Service(logger logger.Service) (originservice.OriginService, error) {
-	helloCert, err := tlsconfig.GetHelloCertificateX509()
-	if err != nil {
-		return nil, errors.Wrap(err, "Cannot get Hello World server certificate")
-	}
-	rootCAs := x509.NewCertPool()
-	rootCAs.AddCert(helloCert)
-	transport := &http.Transport{
-		Proxy: http.ProxyFromEnvironment,
-		DialContext: (&net.Dialer{
-			Timeout:   30 * time.Second,
-			KeepAlive: 30 * time.Second,
-		}).DialContext,
-		TLSClientConfig: &tls.Config{
-			RootCAs: rootCAs,
-		},
-		MaxIdleConns:          100,
-		IdleConnTimeout:       90 * time.Second,
-		TLSHandshakeTimeout:   10 * time.Second,
-		ExpectContinueTimeout: 1 * time.Second,
-	}
-	return originservice.NewHelloWorldService(transport, logger)
-}
-
-func (*HelloWorldOriginConfig) isOriginConfig() {}
-
-/*
- * Boilerplate to convert between these structs and the primitive structs
- * generated by capnp-go.
- * Mnemonics for variable names in this section:
- *   - `p` is for POGS (plain old Go struct)
- *   - `s` (and `ss`) is for "capnp.Struct", which is the fundamental type
- *     underlying the capnp-go data structures.
- */
-
-func MarshalClientConfig(s tunnelrpc.ClientConfig, p *ClientConfig) error {
-	s.SetVersion(uint64(p.Version))
-
-	supervisorConfig, err := s.NewSupervisorConfig()
-	if err != nil {
-		return errors.Wrap(err, "failed to get SupervisorConfig")
-	}
-	if err = MarshalSupervisorConfig(supervisorConfig, p.SupervisorConfig); err != nil {
-		return errors.Wrap(err, "MarshalSupervisorConfig error")
-	}
-
-	edgeConnectionConfig, err := s.NewEdgeConnectionConfig()
-	if err != nil {
-		return errors.Wrap(err, "failed to get EdgeConnectionConfig")
-	}
-	if err := MarshalEdgeConnectionConfig(edgeConnectionConfig, p.EdgeConnectionConfig); err != nil {
-		return errors.Wrap(err, "MarshalEdgeConnectionConfig error")
-	}
-
-	if err := marshalDoHProxyConfigs(s, p.DoHProxyConfigs); err != nil {
-		return errors.Wrap(err, "marshalDoHProxyConfigs error")
-	}
-	if err := marshalReverseProxyConfigs(s, p.ReverseProxyConfigs); err != nil {
-		return errors.Wrap(err, "marshalReverseProxyConfigs error")
-	}
-	return nil
-}
-
-func MarshalSupervisorConfig(s tunnelrpc.SupervisorConfig, p *SupervisorConfig) error {
-	if err := pogs.Insert(tunnelrpc.SupervisorConfig_TypeID, s.Struct, p); err != nil {
-		return errors.Wrap(err, "failed to insert SupervisorConfig")
-	}
-	return nil
-}
-
-func MarshalEdgeConnectionConfig(s tunnelrpc.EdgeConnectionConfig, p *EdgeConnectionConfig) error {
-	if err := pogs.Insert(tunnelrpc.EdgeConnectionConfig_TypeID, s.Struct, p); err != nil {
-		return errors.Wrap(err, "failed to insert EdgeConnectionConfig")
-	}
-	return nil
-}
-
-func marshalDoHProxyConfigs(s tunnelrpc.ClientConfig, dohProxyConfigs []*DoHProxyConfig) error {
-	capnpList, err := s.NewDohProxyConfigs(int32(len(dohProxyConfigs)))
-	if err != nil {
-		return err
-	}
-	for i, unmarshalledConfig := range dohProxyConfigs {
-		err := MarshalDoHProxyConfig(capnpList.At(i), unmarshalledConfig)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func marshalReverseProxyConfigs(s tunnelrpc.ClientConfig, reverseProxyConfigs []*ReverseProxyConfig) error {
-	capnpList, err := s.NewReverseProxyConfigs(int32(len(reverseProxyConfigs)))
-	if err != nil {
-		return err
-	}
-	for i, unmarshalledConfig := range reverseProxyConfigs {
-		err := MarshalReverseProxyConfig(capnpList.At(i), unmarshalledConfig)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func UnmarshalClientConfig(s tunnelrpc.ClientConfig) (*ClientConfig, error) {
-	p := new(ClientConfig)
-	p.Version = Version(s.Version())
-
-	supervisorConfig, err := s.SupervisorConfig()
-	if err != nil {
-		return nil, errors.Wrap(err, "failed to get SupervisorConfig")
-	}
-	p.SupervisorConfig, err = UnmarshalSupervisorConfig(supervisorConfig)
-	if err != nil {
-		return nil, errors.Wrap(err, "UnmarshalSupervisorConfig error")
-	}
-
-	edgeConnectionConfig, err := s.EdgeConnectionConfig()
-	if err != nil {
-		return nil, errors.Wrap(err, "failed to get ConnectionManagerConfig")
-	}
-	p.EdgeConnectionConfig, err = UnmarshalEdgeConnectionConfig(edgeConnectionConfig)
-	if err != nil {
-		return nil, errors.Wrap(err, "UnmarshalConnectionManagerConfig error")
-	}
-
-	p.DoHProxyConfigs, err = unmarshalDoHProxyConfigs(s)
-	if err != nil {
-		return nil, errors.Wrap(err, "unmarshalDoHProxyConfigs error")
-	}
-
-	p.ReverseProxyConfigs, err = unmarshalReverseProxyConfigs(s)
-	if err != nil {
-		return nil, errors.Wrap(err, "unmarshalReverseProxyConfigs error")
-	}
-
-	return p, nil
-}
-
-func UnmarshalSupervisorConfig(s tunnelrpc.SupervisorConfig) (*SupervisorConfig, error) {
-	p := new(SupervisorConfig)
-	err := pogs.Extract(p, tunnelrpc.SupervisorConfig_TypeID, s.Struct)
-	return p, err
-}
-
-func UnmarshalEdgeConnectionConfig(s tunnelrpc.EdgeConnectionConfig) (*EdgeConnectionConfig, error) {
-	p := new(EdgeConnectionConfig)
-	err := pogs.Extract(p, tunnelrpc.EdgeConnectionConfig_TypeID, s.Struct)
-	return p, err
-}
-
-func unmarshalDoHProxyConfigs(s tunnelrpc.ClientConfig) ([]*DoHProxyConfig, error) {
-	var result []*DoHProxyConfig
-	marshalledDoHProxyConfigs, err := s.DohProxyConfigs()
-	if err != nil {
-		return nil, err
-	}
-	for i := 0; i < marshalledDoHProxyConfigs.Len(); i++ {
-		ss := marshalledDoHProxyConfigs.At(i)
-		dohProxyConfig, err := UnmarshalDoHProxyConfig(ss)
-		if err != nil {
-			return nil, err
-		}
-		result = append(result, dohProxyConfig)
-	}
-	return result, nil
-}
-
-func unmarshalReverseProxyConfigs(s tunnelrpc.ClientConfig) ([]*ReverseProxyConfig, error) {
-	var result []*ReverseProxyConfig
-	marshalledReverseProxyConfigs, err := s.ReverseProxyConfigs()
-	if err != nil {
-		return nil, err
-	}
-	for i := 0; i < marshalledReverseProxyConfigs.Len(); i++ {
-		ss := marshalledReverseProxyConfigs.At(i)
-		reverseProxyConfig, err := UnmarshalReverseProxyConfig(ss)
-		if err != nil {
-			return nil, err
-		}
-		result = append(result, reverseProxyConfig)
-	}
-	return result, nil
-}
-
-func MarshalUseConfigurationResult(s tunnelrpc.UseConfigurationResult, p *UseConfigurationResult) error {
-	capnpList, err := s.NewFailedConfigs(int32(len(p.FailedConfigs)))
-	if err != nil {
-		return errors.Wrap(err, "Cannot create new FailedConfigs")
-	}
-	for i, unmarshalledFailedConfig := range p.FailedConfigs {
-		err := MarshalFailedConfig(capnpList.At(i), unmarshalledFailedConfig)
-		if err != nil {
-			return errors.Wrapf(err, "Cannot MarshalFailedConfig at index %d", i)
-		}
-	}
-	s.SetSuccess(p.Success)
-	return nil
-}
-
-func UnmarshalUseConfigurationResult(s tunnelrpc.UseConfigurationResult) (*UseConfigurationResult, error) {
-	p := new(UseConfigurationResult)
-	var failedConfigs []*FailedConfig
-	marshalledFailedConfigs, err := s.FailedConfigs()
-	if err != nil {
-		return nil, errors.Wrap(err, "Cannot get FailedConfigs")
-	}
-	for i := 0; i < marshalledFailedConfigs.Len(); i++ {
-		ss := marshalledFailedConfigs.At(i)
-		failedConfig, err := UnmarshalFailedConfig(ss)
-		if err != nil {
-			return nil, errors.Wrapf(err, "Cannot UnmarshalFailedConfig at index %d", i)
-		}
-		failedConfigs = append(failedConfigs, failedConfig)
-	}
-	p.FailedConfigs = failedConfigs
-	p.Success = s.Success()
-	return p, nil
-}
-
-func MarshalDoHProxyConfig(s tunnelrpc.DoHProxyConfig, p *DoHProxyConfig) error {
-	return pogs.Insert(tunnelrpc.DoHProxyConfig_TypeID, s.Struct, p)
-}
-
-func UnmarshalDoHProxyConfig(s tunnelrpc.DoHProxyConfig) (*DoHProxyConfig, error) {
-	p := new(DoHProxyConfig)
-	err := pogs.Extract(p, tunnelrpc.DoHProxyConfig_TypeID, s.Struct)
-	return p, err
-}
-
-func MarshalReverseProxyConfig(s tunnelrpc.ReverseProxyConfig, p *ReverseProxyConfig) error {
-	s.SetTunnelHostname(p.TunnelHostname.String())
-	switch config := p.OriginConfig.(type) {
-	case *HTTPOriginConfig:
-		ss, err := s.OriginConfig().NewHttp()
-		if err != nil {
-			return err
-		}
-		if err := MarshalHTTPOriginConfig(ss, config); err != nil {
-			return err
-		}
-	case *WebSocketOriginConfig:
-		ss, err := s.OriginConfig().NewWebsocket()
-		if err != nil {
-			return err
-		}
-		if err := MarshalWebSocketOriginConfig(ss, config); err != nil {
-			return err
-		}
-	case *HelloWorldOriginConfig:
-		ss, err := s.OriginConfig().NewHelloWorld()
-		if err != nil {
-			return err
-		}
-		if err := MarshalHelloWorldOriginConfig(ss, config); err != nil {
-			return err
-		}
-	default:
-		return fmt.Errorf("Unknown type for config: %T", config)
-	}
-	s.SetRetries(p.Retries)
-	s.SetConnectionTimeout(p.ConnectionTimeout.Nanoseconds())
-	s.SetCompressionQuality(p.CompressionQuality)
-	return nil
-}
-
-func UnmarshalReverseProxyConfig(s tunnelrpc.ReverseProxyConfig) (*ReverseProxyConfig, error) {
-	p := new(ReverseProxyConfig)
-	tunnelHostname, err := s.TunnelHostname()
-	if err != nil {
-		return nil, err
-	}
-	p.TunnelHostname = h2mux.TunnelHostname(tunnelHostname)
-	switch s.OriginConfig().Which() {
-	case tunnelrpc.ReverseProxyConfig_originConfig_Which_http:
-		ss, err := s.OriginConfig().Http()
-		if err != nil {
-			return nil, err
-		}
-		config, err := UnmarshalHTTPOriginConfig(ss)
-		if err != nil {
-			return nil, err
-		}
-		p.OriginConfig = config
-	case tunnelrpc.ReverseProxyConfig_originConfig_Which_websocket:
-		ss, err := s.OriginConfig().Websocket()
-		if err != nil {
-			return nil, err
-		}
-		config, err := UnmarshalWebSocketOriginConfig(ss)
-		if err != nil {
-			return nil, err
-		}
-		p.OriginConfig = config
-	case tunnelrpc.ReverseProxyConfig_originConfig_Which_helloWorld:
-		ss, err := s.OriginConfig().HelloWorld()
-		if err != nil {
-			return nil, err
-		}
-		config, err := UnmarshalHelloWorldOriginConfig(ss)
-		if err != nil {
-			return nil, err
-		}
-		p.OriginConfig = config
-	}
-	p.Retries = s.Retries()
-	p.ConnectionTimeout = time.Duration(s.ConnectionTimeout())
-	p.CompressionQuality = s.CompressionQuality()
-	return p, nil
-}
-
-func MarshalHTTPOriginConfig(s tunnelrpc.HTTPOriginConfig, p *HTTPOriginConfig) error {
-	return pogs.Insert(tunnelrpc.HTTPOriginConfig_TypeID, s.Struct, p)
-}
-
-func UnmarshalHTTPOriginConfig(s tunnelrpc.HTTPOriginConfig) (*HTTPOriginConfig, error) {
-	p := new(HTTPOriginConfig)
-	err := pogs.Extract(p, tunnelrpc.HTTPOriginConfig_TypeID, s.Struct)
-	return p, err
-}
-
-func MarshalWebSocketOriginConfig(s tunnelrpc.WebSocketOriginConfig, p *WebSocketOriginConfig) error {
-	return pogs.Insert(tunnelrpc.WebSocketOriginConfig_TypeID, s.Struct, p)
-}
-
-func UnmarshalWebSocketOriginConfig(s tunnelrpc.WebSocketOriginConfig) (*WebSocketOriginConfig, error) {
-	p := new(WebSocketOriginConfig)
-	err := pogs.Extract(p, tunnelrpc.WebSocketOriginConfig_TypeID, s.Struct)
-	return p, err
-}
-
-func MarshalHelloWorldOriginConfig(s tunnelrpc.HelloWorldOriginConfig, p *HelloWorldOriginConfig) error {
-	return pogs.Insert(tunnelrpc.HelloWorldOriginConfig_TypeID, s.Struct, p)
-}
-
-func UnmarshalHelloWorldOriginConfig(s tunnelrpc.HelloWorldOriginConfig) (*HelloWorldOriginConfig, error) {
-	p := new(HelloWorldOriginConfig)
-	err := pogs.Extract(p, tunnelrpc.HelloWorldOriginConfig_TypeID, s.Struct)
-	return p, err
-}
-
-type ClientService interface {
-	UseConfiguration(ctx context.Context, config *ClientConfig) (*UseConfigurationResult, error)
-}
-
-type ClientService_PogsClient struct {
-	Client capnp.Client
-	Conn   *rpc.Conn
-}
-
-func (c *ClientService_PogsClient) Close() error {
-	return c.Conn.Close()
-}
-
-func (c *ClientService_PogsClient) UseConfiguration(
-	ctx context.Context,
-	config *ClientConfig,
-) (*UseConfigurationResult, error) {
-	client := tunnelrpc.ClientService{Client: c.Client}
-	promise := client.UseConfiguration(ctx, func(p tunnelrpc.ClientService_useConfiguration_Params) error {
-		clientServiceConfig, err := p.NewClientServiceConfig()
-		if err != nil {
-			return err
-		}
-		return MarshalClientConfig(clientServiceConfig, config)
-	})
-	retval, err := promise.Result().Struct()
-	if err != nil {
-		return nil, err
-	}
-	return UnmarshalUseConfigurationResult(retval)
-}
-
-func ClientService_ServerToClient(s ClientService) tunnelrpc.ClientService {
-	return tunnelrpc.ClientService_ServerToClient(ClientService_PogsImpl{s})
-}
-
-type ClientService_PogsImpl struct {
-	impl ClientService
-}
-
-func (i ClientService_PogsImpl) UseConfiguration(p tunnelrpc.ClientService_useConfiguration) error {
-	config, err := p.Params.ClientServiceConfig()
-	if err != nil {
-		return errors.Wrap(err, "Cannot get CloudflaredConfig parameter")
-	}
-	pogsConfig, err := UnmarshalClientConfig(config)
-	if err != nil {
-		return errors.Wrap(err, "Cannot unmarshal tunnelrpc.CloudflaredConfig to *CloudflaredConfig")
-	}
-	server.Ack(p.Options)
-	userConfigResult, err := i.impl.UseConfiguration(p.Ctx, pogsConfig)
-	if err != nil {
-		return err
-	}
-	result, err := p.Results.NewResult()
-	if err != nil {
-		return err
-	}
-	return MarshalUseConfigurationResult(result, userConfigResult)
-}
-
-type UseConfigurationResult struct {
-	Success       bool
-	FailedConfigs []*FailedConfig
-}
-
-type FailedConfig struct {
-	Config FallibleConfig
-	Reason string
-}
-
-func MarshalFailedConfig(s tunnelrpc.FailedConfig, p *FailedConfig) error {
-	switch config := p.Config.(type) {
-	case *SupervisorConfig:
-		ss, err := s.Config().NewSupervisor()
-		if err != nil {
-			return err
-		}
-		err = MarshalSupervisorConfig(ss, config)
-		if err != nil {
-			return err
-		}
-	case *EdgeConnectionConfig:
-		ss, err := s.Config().NewEdgeConnection()
-		if err != nil {
-			return err
-		}
-		err = MarshalEdgeConnectionConfig(ss, config)
-		if err != nil {
-			return err
-		}
-	case *DoHProxyConfig:
-		ss, err := s.Config().NewDoh()
-		if err != nil {
-			return err
-		}
-		err = MarshalDoHProxyConfig(ss, config)
-		if err != nil {
-			return err
-		}
-	case *ReverseProxyConfig:
-		ss, err := s.Config().NewReverseProxy()
-		if err != nil {
-			return err
-		}
-		err = MarshalReverseProxyConfig(ss, config)
-		if err != nil {
-			return err
-		}
-	default:
-		return fmt.Errorf("Unknown type for Config: %T", config)
-	}
-	s.SetReason(p.Reason)
-	return nil
-}
-
-func UnmarshalFailedConfig(s tunnelrpc.FailedConfig) (*FailedConfig, error) {
-	p := new(FailedConfig)
-	switch s.Config().Which() {
-	case tunnelrpc.FailedConfig_config_Which_supervisor:
-		ss, err := s.Config().Supervisor()
-		if err != nil {
-			return nil, errors.Wrap(err, "Cannot get SupervisorConfig from Config")
-		}
-		config, err := UnmarshalSupervisorConfig(ss)
-		if err != nil {
-			return nil, errors.Wrap(err, "Cannot UnmarshalSupervisorConfig")
-		}
-		p.Config = config
-	case tunnelrpc.FailedConfig_config_Which_edgeConnection:
-		ss, err := s.Config().EdgeConnection()
-		if err != nil {
-			return nil, errors.Wrap(err, "Cannot get ConnectionManager from Config")
-		}
-		config, err := UnmarshalEdgeConnectionConfig(ss)
-		if err != nil {
-			return nil, errors.Wrap(err, "Cannot UnmarshalConnectionManagerConfig")
-		}
-		p.Config = config
-	case tunnelrpc.FailedConfig_config_Which_doh:
-		ss, err := s.Config().Doh()
-		if err != nil {
-			return nil, errors.Wrap(err, "Cannot get Doh from Config")
-		}
-		config, err := UnmarshalDoHProxyConfig(ss)
-		if err != nil {
-			return nil, errors.Wrap(err, "Cannot UnmarshalDoHProxyConfig")
-		}
-		p.Config = config
-	case tunnelrpc.FailedConfig_config_Which_reverseProxy:
-		ss, err := s.Config().ReverseProxy()
-		if err != nil {
-			return nil, errors.Wrap(err, "Cannot get ReverseProxy from Config")
-		}
-		config, err := UnmarshalReverseProxyConfig(ss)
-		if err != nil {
-			return nil, errors.Wrap(err, "Cannot UnmarshalReverseProxyConfig")
-		}
-		p.Config = config
-	default:
-		return nil, fmt.Errorf("Unknown type for FailedConfig: %v", s.Config().Which())
-	}
-	reason, err := s.Reason()
-	if err != nil {
-		return nil, errors.Wrap(err, "Cannot get Reason")
-	}
-	p.Reason = reason
-	return p, nil
-}
diff --git a/tunnelrpc/pogs/config_test.go b/tunnelrpc/pogs/config_test.go
deleted file mode 100644
index 199a3d47..00000000
--- a/tunnelrpc/pogs/config_test.go
+++ /dev/null
@@ -1,455 +0,0 @@
-package pogs
-
-import (
-	"fmt"
-	"reflect"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-
-	"github.com/cloudflare/cloudflared/logger"
-	"github.com/cloudflare/cloudflared/tunnelrpc"
-	capnp "zombiezen.com/go/capnproto2"
-)
-
-// Assert *HTTPOriginConfig implements OriginConfig
-var _ OriginConfig = (*HTTPOriginConfig)(nil)
-
-// Assert *WebSocketOriginConfig implements OriginConfig
-var _ OriginConfig = (*WebSocketOriginConfig)(nil)
-
-// Assert *HelloWorldOriginConfig implements OriginConfig
-var _ OriginConfig = (*HelloWorldOriginConfig)(nil)
-
-func TestVersion(t *testing.T) {
-	firstVersion := InitVersion()
-	secondVersion := Version(1)
-	assert.False(t, firstVersion.IsNewerOrEqual(secondVersion))
-	assert.True(t, secondVersion.IsNewerOrEqual(firstVersion))
-	assert.True(t, secondVersion.IsNewerOrEqual(secondVersion))
-}
-
-func TestClientConfigCapnp(t *testing.T) {
-	for i, testCase := range ClientConfigTestCases() {
-		_, seg, err := capnp.NewMessage(capnp.SingleSegment(nil))
-		capnpEntity, err := tunnelrpc.NewClientConfig(seg)
-		if !assert.NoError(t, err) {
-			t.Fatal("Couldn't initialize a new message")
-		}
-		err = MarshalClientConfig(capnpEntity, testCase)
-		if !assert.NoError(t, err, "testCase index %v failed to marshal", i) {
-			continue
-		}
-		result, err := UnmarshalClientConfig(capnpEntity)
-		if !assert.NoError(t, err, "testCase index %v failed to unmarshal", i) {
-			continue
-		}
-		assert.Equal(t, testCase, result, "testCase index %v didn't preserve struct through marshalling and unmarshalling", i)
-	}
-}
-
-func ClientConfigTestCases() []*ClientConfig {
-
-	addDoHProxyConfigs := func(c *ClientConfig) {
-		c.DoHProxyConfigs = []*DoHProxyConfig{
-			sampleDoHProxyConfig(),
-		}
-	}
-	addReverseProxyConfigs := func(c *ClientConfig) {
-		c.ReverseProxyConfigs = []*ReverseProxyConfig{
-			sampleReverseProxyConfig(),
-			sampleReverseProxyConfig(func(c *ReverseProxyConfig) {
-			}),
-			sampleReverseProxyConfig(func(c *ReverseProxyConfig) {
-				c.OriginConfig = sampleHTTPOriginConfig()
-			}),
-			sampleReverseProxyConfig(func(c *ReverseProxyConfig) {
-				c.OriginConfig = sampleHTTPOriginConfigUnixPath()
-			}),
-			sampleReverseProxyConfig(func(c *ReverseProxyConfig) {
-				c.OriginConfig = sampleWebSocketOriginConfig()
-			}),
-		}
-	}
-
-	testCases := []*ClientConfig{
-		sampleClientConfig(),
-		sampleClientConfig(addDoHProxyConfigs),
-		sampleClientConfig(addReverseProxyConfigs),
-		sampleClientConfig(addDoHProxyConfigs, addReverseProxyConfigs),
-	}
-
-	return testCases
-}
-
-func TestClientConfig(t *testing.T) {
-	for _, testCase := range ClientConfigTestCases() {
-		b, err := testCase.MarshalBytes()
-		assert.NoError(t, err)
-
-		clientConfig, err := UnmarshalClientConfigFromBytes(b)
-		assert.NoError(t, err)
-
-		assert.Equal(t, testCase, clientConfig)
-	}
-}
-
-func TestUseConfigurationResult(t *testing.T) {
-	testCases := []*UseConfigurationResult{
-		&UseConfigurationResult{
-			Success: true,
-		},
-		&UseConfigurationResult{
-			Success: false,
-			FailedConfigs: []*FailedConfig{
-				{
-					Config: sampleReverseProxyConfig(),
-					Reason: "Invalid certificate",
-				},
-				{
-					Config: sampleDoHProxyConfig(),
-					Reason: "Cannot listen on port 53",
-				},
-			},
-		},
-	}
-	for i, testCase := range testCases {
-		_, seg, err := capnp.NewMessage(capnp.SingleSegment(nil))
-		capnpEntity, err := tunnelrpc.NewUseConfigurationResult(seg)
-		if !assert.NoError(t, err) {
-			t.Fatal("Couldn't initialize a new message")
-		}
-		err = MarshalUseConfigurationResult(capnpEntity, testCase)
-		if !assert.NoError(t, err, "testCase index %v failed to marshal", i) {
-			continue
-		}
-		result, err := UnmarshalUseConfigurationResult(capnpEntity)
-		if !assert.NoError(t, err, "testCase index %v failed to unmarshal", i) {
-			continue
-		}
-		assert.Equal(t, testCase, result, "testCase index %v didn't preserve struct through marshalling and unmarshalling", i)
-	}
-}
-
-func TestDoHProxyConfig(t *testing.T) {
-	testCases := []*DoHProxyConfig{
-		sampleDoHProxyConfig(),
-		sampleDoHProxyConfig(func(c *DoHProxyConfig) {
-			c.Upstreams = nil
-		}),
-	}
-	for i, testCase := range testCases {
-		_, seg, err := capnp.NewMessage(capnp.SingleSegment(nil))
-		capnpEntity, err := tunnelrpc.NewDoHProxyConfig(seg)
-		if !assert.NoError(t, err) {
-			t.Fatal("Couldn't initialize a new message")
-		}
-		err = MarshalDoHProxyConfig(capnpEntity, testCase)
-		if !assert.NoError(t, err, "testCase index %v failed to marshal", i) {
-			continue
-		}
-		result, err := UnmarshalDoHProxyConfig(capnpEntity)
-		if !assert.NoError(t, err, "testCase index %v failed to unmarshal", i) {
-			continue
-		}
-		assert.Equal(t, testCase, result, "testCase index %v didn't preserve struct through marshalling and unmarshalling", i)
-	}
-}
-
-func TestReverseProxyConfig(t *testing.T) {
-	testCases := []*ReverseProxyConfig{
-		sampleReverseProxyConfig(),
-		sampleReverseProxyConfig(func(c *ReverseProxyConfig) {
-			c.OriginConfig = sampleHTTPOriginConfig()
-		}),
-		sampleReverseProxyConfig(func(c *ReverseProxyConfig) {
-			c.OriginConfig = sampleHTTPOriginConfigUnixPath()
-		}),
-		sampleReverseProxyConfig(func(c *ReverseProxyConfig) {
-			c.OriginConfig = sampleWebSocketOriginConfig()
-		}),
-	}
-	for i, testCase := range testCases {
-		_, seg, err := capnp.NewMessage(capnp.SingleSegment(nil))
-		capnpEntity, err := tunnelrpc.NewReverseProxyConfig(seg)
-		if !assert.NoError(t, err) {
-			t.Fatal("Couldn't initialize a new message")
-		}
-		err = MarshalReverseProxyConfig(capnpEntity, testCase)
-		if !assert.NoError(t, err, "testCase index %v failed to marshal", i) {
-			continue
-		}
-		result, err := UnmarshalReverseProxyConfig(capnpEntity)
-		if !assert.NoError(t, err, "testCase index %v failed to unmarshal", i) {
-			continue
-		}
-		assert.Equal(t, testCase, result, "testCase index %v didn't preserve struct through marshalling and unmarshalling", i)
-	}
-}
-
-func TestHTTPOriginConfig(t *testing.T) {
-	testCases := []*HTTPOriginConfig{
-		sampleHTTPOriginConfig(),
-	}
-	for i, testCase := range testCases {
-		_, seg, err := capnp.NewMessage(capnp.SingleSegment(nil))
-		capnpEntity, err := tunnelrpc.NewHTTPOriginConfig(seg)
-		if !assert.NoError(t, err) {
-			t.Fatal("Couldn't initialize a new message")
-		}
-		err = MarshalHTTPOriginConfig(capnpEntity, testCase)
-		if !assert.NoError(t, err, "testCase index %v failed to marshal", i) {
-			continue
-		}
-		result, err := UnmarshalHTTPOriginConfig(capnpEntity)
-		if !assert.NoError(t, err, "testCase index %v failed to unmarshal", i) {
-			continue
-		}
-		assert.Equal(t, testCase, result, "testCase index %v didn't preserve struct through marshalling and unmarshalling", i)
-	}
-}
-
-func TestWebSocketOriginConfig(t *testing.T) {
-	testCases := []*WebSocketOriginConfig{
-		sampleWebSocketOriginConfig(),
-	}
-	for i, testCase := range testCases {
-		_, seg, err := capnp.NewMessage(capnp.SingleSegment(nil))
-		capnpEntity, err := tunnelrpc.NewWebSocketOriginConfig(seg)
-		if !assert.NoError(t, err) {
-			t.Fatal("Couldn't initialize a new message")
-		}
-		err = MarshalWebSocketOriginConfig(capnpEntity, testCase)
-		if !assert.NoError(t, err, "testCase index %v failed to marshal", i) {
-			continue
-		}
-		result, err := UnmarshalWebSocketOriginConfig(capnpEntity)
-		if !assert.NoError(t, err, "testCase index %v failed to unmarshal", i) {
-			continue
-		}
-		assert.Equal(t, testCase, result, "testCase index %v didn't preserve struct through marshalling and unmarshalling", i)
-	}
-}
-
-func TestOriginConfigInvalidURL(t *testing.T) {
-	invalidConfigs := []OriginConfig{
-		&HTTPOriginConfig{
-			// this url doesn't have a scheme
-			URLString: "127.0.0.1:36192",
-		},
-		&WebSocketOriginConfig{
-			URLString: "127.0.0.1:36192",
-		},
-	}
-	logger := logger.NewOutputWriter(logger.NewMockWriteManager())
-
-	for _, config := range invalidConfigs {
-		service, err := config.Service(logger)
-		assert.Error(t, err)
-		assert.Nil(t, service)
-	}
-}
-
-//////////////////////////////////////////////////////////////////////////////
-// Functions to generate sample data for ease of testing
-//
-// There's one "sample" function per struct type. Each goes like this:
-//   1. Initialize an instance of the relevant struct.
-//   2. Ensure the instance has no zero-valued fields. (This catches the
-//      error-case where a field was added, but we forgot to add code to
-//      marshal/unmarshal this field in CapnProto.)
-//   3. Apply one or more "override" functions (which accept a
-//      pointer-to-struct, so they can mutate the instance).
-
-// sampleClientConfig initializes a new ClientConfig literal,
-// applies any number of overrides to it, and returns it.
-func sampleClientConfig(overrides ...func(*ClientConfig)) *ClientConfig {
-	sample := &ClientConfig{
-		Version:              Version(1337),
-		SupervisorConfig:     sampleSupervisorConfig(),
-		EdgeConnectionConfig: sampleEdgeConnectionConfig(),
-	}
-	sample.ensureNoZeroFields()
-	for _, f := range overrides {
-		f(sample)
-	}
-	return sample
-}
-
-func sampleSupervisorConfig() *SupervisorConfig {
-	sample := &SupervisorConfig{
-		AutoUpdateFrequency:    21 * time.Hour,
-		MetricsUpdateFrequency: 11 * time.Minute,
-		GracePeriod:            31 * time.Second,
-	}
-	sample.ensureNoZeroFields()
-	return sample
-}
-
-func sampleEdgeConnectionConfig() *EdgeConnectionConfig {
-	sample := &EdgeConnectionConfig{
-		NumHAConnections:    49,
-		HeartbeatInterval:   5 * time.Second,
-		Timeout:             9 * time.Second,
-		MaxFailedHeartbeats: 9001,
-		UserCredentialPath:  "/Users/example/.cloudflared/cert.pem",
-	}
-	sample.ensureNoZeroFields()
-	return sample
-}
-
-// sampleDoHProxyConfig initializes a new DoHProxyConfig struct,
-// applies any number of overrides to it, and returns it.
-func sampleDoHProxyConfig(overrides ...func(*DoHProxyConfig)) *DoHProxyConfig {
-	sample := &DoHProxyConfig{
-		ListenHost: "127.0.0.1",
-		ListenPort: 53,
-		Upstreams:  []string{"1.1.1.1", "1.0.0.1"},
-	}
-	sample.ensureNoZeroFields()
-	for _, f := range overrides {
-		f(sample)
-	}
-	return sample
-}
-
-// sampleReverseProxyConfig initializes a new ReverseProxyConfig struct,
-// applies any number of overrides to it, and returns it.
-func sampleReverseProxyConfig(overrides ...func(*ReverseProxyConfig)) *ReverseProxyConfig {
-	sample := &ReverseProxyConfig{
-		TunnelHostname:     "mock-non-lb-tunnel.example.com",
-		OriginConfig:       &HelloWorldOriginConfig{},
-		Retries:            18,
-		ConnectionTimeout:  5 * time.Second,
-		CompressionQuality: 3,
-	}
-	sample.ensureNoZeroFields()
-	for _, f := range overrides {
-		f(sample)
-	}
-	return sample
-}
-
-func sampleHTTPOriginConfig(overrides ...func(*HTTPOriginConfig)) *HTTPOriginConfig {
-	sample := &HTTPOriginConfig{
-		URLString:              "https.example.com",
-		TCPKeepAlive:           7 * time.Second,
-		DialDualStack:          true,
-		TLSHandshakeTimeout:    11 * time.Second,
-		TLSVerify:              true,
-		OriginCAPool:           "/etc/cert.pem",
-		OriginServerName:       "secure.example.com",
-		MaxIdleConnections:     19,
-		IdleConnectionTimeout:  17 * time.Second,
-		ProxyConnectionTimeout: 15 * time.Second,
-		ExpectContinueTimeout:  21 * time.Second,
-		ChunkedEncoding:        true,
-	}
-	sample.ensureNoZeroFields()
-	for _, f := range overrides {
-		f(sample)
-	}
-	return sample
-}
-
-func sampleHTTPOriginConfigUnixPath(overrides ...func(*HTTPOriginConfig)) *HTTPOriginConfig {
-	sample := &HTTPOriginConfig{
-		URLString:              "unix:/var/lib/file.sock",
-		TCPKeepAlive:           7 * time.Second,
-		DialDualStack:          true,
-		TLSHandshakeTimeout:    11 * time.Second,
-		TLSVerify:              true,
-		OriginCAPool:           "/etc/cert.pem",
-		OriginServerName:       "secure.example.com",
-		MaxIdleConnections:     19,
-		IdleConnectionTimeout:  17 * time.Second,
-		ProxyConnectionTimeout: 15 * time.Second,
-		ExpectContinueTimeout:  21 * time.Second,
-		ChunkedEncoding:        true,
-	}
-	sample.ensureNoZeroFields()
-	for _, f := range overrides {
-		f(sample)
-	}
-	return sample
-}
-
-func sampleWebSocketOriginConfig(overrides ...func(*WebSocketOriginConfig)) *WebSocketOriginConfig {
-	sample := &WebSocketOriginConfig{
-		URLString:        "ssh://example.com",
-		TLSVerify:        true,
-		OriginCAPool:     "/etc/cert.pem",
-		OriginServerName: "secure.example.com",
-	}
-	sample.ensureNoZeroFields()
-	for _, f := range overrides {
-		f(sample)
-	}
-	return sample
-}
-
-func (c *ClientConfig) ensureNoZeroFields() {
-	ensureNoZeroFieldsInSample(reflect.ValueOf(c), []string{"DoHProxyConfigs", "ReverseProxyConfigs"})
-}
-
-func (c *SupervisorConfig) ensureNoZeroFields() {
-	ensureNoZeroFieldsInSample(reflect.ValueOf(c), []string{})
-}
-
-func (c *EdgeConnectionConfig) ensureNoZeroFields() {
-	ensureNoZeroFieldsInSample(reflect.ValueOf(c), []string{})
-}
-
-func (c *DoHProxyConfig) ensureNoZeroFields() {
-	ensureNoZeroFieldsInSample(reflect.ValueOf(c), []string{})
-}
-
-func (c *ReverseProxyConfig) ensureNoZeroFields() {
-	ensureNoZeroFieldsInSample(reflect.ValueOf(c), []string{})
-}
-
-func (c *HTTPOriginConfig) ensureNoZeroFields() {
-	ensureNoZeroFieldsInSample(reflect.ValueOf(c), []string{})
-}
-
-func (c *WebSocketOriginConfig) ensureNoZeroFields() {
-	ensureNoZeroFieldsInSample(reflect.ValueOf(c), []string{})
-}
-
-// ensureNoZeroFieldsInSample checks that all fields in the sample struct,
-// except those listed in `allowedZeroFieldNames`, are initialized to nonzero
-// values. Note that the value has to be a pointer for reflection to work
-// correctly:
-//     e := &ExampleStruct{ ... }
-//     ensureNoZeroFieldsInSample(reflect.ValueOf(e), []string{})
-//
-// Context:
-// Our tests work by taking a sample struct and marshalling/unmarshalling it.
-// This makes them easy to write, but introduces some risk: if we don't
-// include a field in the sample value, it won't be covered under tests.
-// This check reduces that risk by requiring fields to be either initialized
-// or explicitly uninitialized.
-func ensureNoZeroFieldsInSample(ptrToSampleValue reflect.Value, allowedZeroFieldNames []string) {
-	sampleValue := ptrToSampleValue.Elem()
-	structType := ptrToSampleValue.Type().Elem()
-
-	allowedZeroFieldSet := make(map[string]bool)
-	for _, name := range allowedZeroFieldNames {
-		if _, ok := structType.FieldByName(name); !ok {
-			panic(fmt.Sprintf("struct %v has no field %v", structType.Name(), name))
-		}
-		allowedZeroFieldSet[name] = true
-	}
-
-	for i := 0; i < structType.NumField(); i++ {
-		if allowedZeroFieldSet[structType.Field(i).Name] {
-			continue
-		}
-
-		zeroValue := reflect.Zero(structType.Field(i).Type)
-		if reflect.DeepEqual(zeroValue.Interface(), sampleValue.Field(i).Interface()) {
-			panic(fmt.Sprintf("In the sample value for struct %v, field %v was not initialized", structType.Name(), structType.Field(i).Name))
-		}
-	}
-}
diff --git a/tunnelrpc/pogs/tunnelrpc.go b/tunnelrpc/pogs/tunnelrpc.go
index 279c0d09..c12aedaa 100644
--- a/tunnelrpc/pogs/tunnelrpc.go
+++ b/tunnelrpc/pogs/tunnelrpc.go
@@ -3,11 +3,8 @@ package pogs
 import (
 	"context"
 	"fmt"
-	"time"
 
 	"github.com/cloudflare/cloudflared/tunnelrpc"
-	"github.com/google/uuid"
-	"github.com/pkg/errors"
 
 	capnp "zombiezen.com/go/capnproto2"
 	"zombiezen.com/go/capnproto2/pogs"
@@ -184,143 +181,6 @@ func UnmarshalRegistrationOptions(s tunnelrpc.RegistrationOptions) (*Registratio
 	return p, err
 }
 
-// ConnectResult models the result of Connect RPC, implemented by ConnectError and ConnectSuccess.
-type ConnectResult interface {
-	ConnectError() *ConnectError
-	ConnectedTo() string
-	ClientConfig() *ClientConfig
-	Marshal(s tunnelrpc.ConnectResult) error
-}
-
-func MarshalConnectResult(s tunnelrpc.ConnectResult, p ConnectResult) error {
-	return p.Marshal(s)
-}
-
-func UnmarshalConnectResult(s tunnelrpc.ConnectResult) (ConnectResult, error) {
-	switch s.Result().Which() {
-	case tunnelrpc.ConnectResult_result_Which_err:
-		capnpConnectError, err := s.Result().Err()
-		if err != nil {
-			return nil, err
-		}
-		return UnmarshalConnectError(capnpConnectError)
-	case tunnelrpc.ConnectResult_result_Which_success:
-		capnpConnectSuccess, err := s.Result().Success()
-		if err != nil {
-			return nil, err
-		}
-		return UnmarshalConnectSuccess(capnpConnectSuccess)
-	default:
-		return nil, fmt.Errorf("Unmarshal %v not implemented yet", s.Result().Which().String())
-	}
-}
-
-// ConnectSuccess is the concrete returned type when Connect RPC succeed
-type ConnectSuccess struct {
-	ServerLocationName string
-	Config             *ClientConfig
-}
-
-func (*ConnectSuccess) ConnectError() *ConnectError {
-	return nil
-}
-
-func (cs *ConnectSuccess) ConnectedTo() string {
-	return cs.ServerLocationName
-}
-
-func (cs *ConnectSuccess) ClientConfig() *ClientConfig {
-	return cs.Config
-}
-
-func (cs *ConnectSuccess) Marshal(s tunnelrpc.ConnectResult) error {
-	capnpConnectSuccess, err := s.Result().NewSuccess()
-	if err != nil {
-		return err
-	}
-
-	err = capnpConnectSuccess.SetServerLocationName(cs.ServerLocationName)
-	if err != nil {
-		return errors.Wrap(err, "failed to set ConnectSuccess.ServerLocationName")
-	}
-
-	if cs.Config != nil {
-		capnpClientConfig, err := capnpConnectSuccess.NewClientConfig()
-		if err != nil {
-			return errors.Wrap(err, "failed to initialize ConnectSuccess.ClientConfig")
-		}
-		if err := MarshalClientConfig(capnpClientConfig, cs.Config); err != nil {
-			return errors.Wrap(err, "failed to marshal ClientConfig")
-		}
-	}
-
-	return nil
-}
-
-func UnmarshalConnectSuccess(s tunnelrpc.ConnectSuccess) (*ConnectSuccess, error) {
-	p := new(ConnectSuccess)
-
-	serverLocationName, err := s.ServerLocationName()
-	if err != nil {
-		return nil, errors.Wrap(err, "failed to get tunnelrpc.ConnectSuccess.ServerLocationName")
-	}
-	p.ServerLocationName = serverLocationName
-
-	if s.HasClientConfig() {
-		capnpClientConfig, err := s.ClientConfig()
-		if err != nil {
-			return nil, errors.Wrap(err, "failed to get tunnelrpc.ConnectSuccess.ClientConfig")
-		}
-		p.Config, err = UnmarshalClientConfig(capnpClientConfig)
-		if err != nil {
-			return nil, errors.Wrap(err, "failed to get unmarshal ClientConfig")
-		}
-	}
-
-	return p, nil
-}
-
-// ConnectError is the concrete returned type when Connect RPC encounters some error
-type ConnectError struct {
-	Cause       string
-	RetryAfter  time.Duration
-	ShouldRetry bool
-}
-
-func (ce *ConnectError) ConnectError() *ConnectError {
-	return ce
-}
-
-func (*ConnectError) ConnectedTo() string {
-	return ""
-}
-
-func (*ConnectError) ClientConfig() *ClientConfig {
-	return nil
-}
-
-func (ce *ConnectError) Marshal(s tunnelrpc.ConnectResult) error {
-	capnpConnectError, err := s.Result().NewErr()
-	if err != nil {
-		return err
-	}
-	return MarshalConnectError(capnpConnectError, ce)
-}
-
-func MarshalConnectError(s tunnelrpc.ConnectError, p *ConnectError) error {
-	return pogs.Insert(tunnelrpc.ConnectError_TypeID, s.Struct, p)
-}
-
-func UnmarshalConnectError(s tunnelrpc.ConnectError) (*ConnectError, error) {
-	p := new(ConnectError)
-	err := pogs.Extract(p, tunnelrpc.ConnectError_TypeID, s.Struct)
-	return p, err
-}
-
-func (e *ConnectError) Error() string {
-	return e.Cause
-}
-
 type Tag struct {
 	Name  string `json:"name"`
 	Value string `json:"value"`
@@ -340,102 +200,10 @@ func UnmarshalServerInfo(s tunnelrpc.ServerInfo) (*ServerInfo, error) {
 	return p, err
 }
 
-type ConnectParameters struct {
-	OriginCert          []byte
-	CloudflaredID       uuid.UUID
-	NumPreviousAttempts uint8
-	Tags                []Tag
-	CloudflaredVersion  string
-	IntentLabel         string
-}
-
-func MarshalConnectParameters(s tunnelrpc.CapnpConnectParameters, p *ConnectParameters) error {
-	if err := s.SetOriginCert(p.OriginCert); err != nil {
-		return err
-	}
-	cloudflaredIDBytes, err := p.CloudflaredID.MarshalBinary()
-	if err != nil {
-		return err
-	}
-	if err := s.SetCloudflaredID(cloudflaredIDBytes); err != nil {
-		return err
-	}
-	s.SetNumPreviousAttempts(p.NumPreviousAttempts)
-	if len(p.Tags) > 0 {
-		tagsCapnpList, err := s.NewTags(int32(len(p.Tags)))
-		if err != nil {
-			return err
-		}
-		for i, tag := range p.Tags {
-			tagCapnp := tagsCapnpList.At(i)
-			if err := tagCapnp.SetName(tag.Name); err != nil {
-				return err
-			}
-			if err := tagCapnp.SetValue(tag.Value); err != nil {
-				return err
-			}
-		}
-	}
-	if err := s.SetCloudflaredVersion(p.CloudflaredVersion); err != nil {
-		return err
-	}
-	return s.SetIntentLabel(p.IntentLabel)
-}
-
-func UnmarshalConnectParameters(s tunnelrpc.CapnpConnectParameters) (*ConnectParameters, error) {
-	originCert, err := s.OriginCert()
-	if err != nil {
-		return nil, err
-	}
-
-	cloudflaredIDBytes, err := s.CloudflaredID()
-	if err != nil {
-		return nil, err
-	}
-	cloudflaredID, err := uuid.FromBytes(cloudflaredIDBytes)
-	if err != nil {
-		return nil, err
-	}
-
-	tagsCapnpList, err := s.Tags()
-	if err != nil {
-		return nil, err
-	}
-	var tags []Tag
-	for i := 0; i < tagsCapnpList.Len(); i++ {
-		tagCapnp := tagsCapnpList.At(i)
-		name, err := tagCapnp.Name()
-		if err != nil {
-			return nil, err
-		}
-		value, err := tagCapnp.Value()
-		if err != nil {
-			return nil, err
-		}
-		tags = append(tags, Tag{Name: name, Value: value})
-	}
-
-	cloudflaredVersion, err := s.CloudflaredVersion()
-	if err != nil {
-		return nil, err
-	}
-
-	intentLabel, err := s.IntentLabel()
-	return &ConnectParameters{
-		OriginCert:          originCert,
-		CloudflaredID:       cloudflaredID,
-		NumPreviousAttempts: s.NumPreviousAttempts(),
-		Tags:                tags,
-		CloudflaredVersion:  cloudflaredVersion,
-		IntentLabel:         intentLabel,
-	}, nil
-}
-
 type TunnelServer interface {
 	RegisterTunnel(ctx context.Context, originCert []byte, hostname string, options *RegistrationOptions) *TunnelRegistration
 	GetServerInfo(ctx context.Context) (*ServerInfo, error)
 	UnregisterTunnel(ctx context.Context, gracePeriodNanoSec int64) error
-	Connect(ctx context.Context, parameters *ConnectParameters) (ConnectResult, error)
 	Authenticate(ctx context.Context, originCert []byte, hostname string, options *RegistrationOptions) (*AuthenticateResponse, error)
 	ReconnectTunnel(ctx context.Context, jwt, eventDigest, connDigest []byte, hostname string, options *RegistrationOptions) (*TunnelRegistration, error)
 }
@@ -494,25 +262,8 @@ func (i TunnelServer_PogsImpl) UnregisterTunnel(p tunnelrpc.TunnelServer_unregis
 	return i.impl.UnregisterTunnel(p.Ctx, gracePeriodNanoSec)
 }
 
-func (i TunnelServer_PogsImpl) Connect(p tunnelrpc.TunnelServer_connect) error {
-	parameters, err := p.Params.Parameters()
-	if err != nil {
-		return err
-	}
-	pogsParameters, err := UnmarshalConnectParameters(parameters)
-	if err != nil {
-		return err
-	}
-	server.Ack(p.Options)
-	connectResult, err := i.impl.Connect(p.Ctx, pogsParameters)
-	if err != nil {
-		return err
-	}
-	result, err := p.Results.NewResult()
-	if err != nil {
-		return err
-	}
-	return connectResult.Marshal(result)
+func (i TunnelServer_PogsImpl) ObsoleteDeclarativeTunnelConnect(p tunnelrpc.TunnelServer_obsoleteDeclarativeTunnelConnect) error {
+	return fmt.Errorf("RPC to create declarative tunnel connection has been deprecated")
 }
 
 type TunnelServer_PogsClient struct {
@@ -578,25 +329,3 @@ func (c TunnelServer_PogsClient) UnregisterTunnel(ctx context.Context, gracePeri
 	_, err := promise.Struct()
 	return err
 }
-
-func (c TunnelServer_PogsClient) Connect(ctx context.Context,
-	parameters *ConnectParameters,
-) (ConnectResult, error) {
-	client := tunnelrpc.TunnelServer{Client: c.Client}
-	promise := client.Connect(ctx, func(p tunnelrpc.TunnelServer_connect_Params) error {
-		connectParameters, err := p.NewParameters()
-		if err != nil {
-			return err
-		}
-		err = MarshalConnectParameters(connectParameters, parameters)
-		if err != nil {
-			return err
-		}
-		return nil
-	})
-	retval, err := promise.Result().Struct()
-	if err != nil {
-		return nil, err
-	}
-	return UnmarshalConnectResult(retval)
-}
diff --git a/tunnelrpc/pogs/tunnelrpc_test.go b/tunnelrpc/pogs/tunnelrpc_test.go
index f28a825e..e133f877 100644
--- a/tunnelrpc/pogs/tunnelrpc_test.go
+++ b/tunnelrpc/pogs/tunnelrpc_test.go
@@ -2,12 +2,9 @@ package pogs
 
 import (
 	"fmt"
-	"reflect"
 	"testing"
-	"time"
 
 	"github.com/cloudflare/cloudflared/tunnelrpc"
-	"github.com/google/uuid"
 	"github.com/stretchr/testify/assert"
 	capnp "zombiezen.com/go/capnproto2"
 )
@@ -56,94 +53,3 @@ func TestTunnelRegistration(t *testing.T) {
 	}
 
 }
-
-func TestConnectResult(t *testing.T) {
-	testCases := []ConnectResult{
-		&ConnectError{
-			Cause:       "it broke",
-			ShouldRetry: false,
-			RetryAfter:  2 * time.Second,
-		},
-		&ConnectSuccess{
-			ServerLocationName: "SFO",
-			Config:             sampleClientConfig(),
-		},
-		&ConnectSuccess{
-			ServerLocationName: "",
-			Config:             nil,
-		},
-	}
-	for i, testCase := range testCases {
-		_, seg, err := capnp.NewMessage(capnp.SingleSegment(nil))
-		capnpEntity, err := tunnelrpc.NewConnectResult(seg)
-		if !assert.NoError(t, err) {
-			t.Fatal("Couldn't initialize a new message")
-		}
-		err = MarshalConnectResult(capnpEntity, testCase)
-		if !assert.NoError(t, err, "testCase #%v failed to marshal", i) {
-			continue
-		}
-		result, err := UnmarshalConnectResult(capnpEntity)
-		if !assert.NoError(t, err, "testCase #%v failed to unmarshal", i) {
-			continue
-		}
-		assert.Equal(t, testCase, result, "testCase index %v didn't preserve struct through marshalling and unmarshalling", i)
-	}
-}
-
-func TestConnectParameters(t *testing.T) {
-	testCases := []*ConnectParameters{
-		sampleConnectParameters(),
-		sampleConnectParameters(func(c *ConnectParameters) {
-			c.IntentLabel = "my_intent"
-		}),
-		sampleConnectParameters(func(c *ConnectParameters) {
-			c.Tags = nil
-		}),
-	}
-	for i, testCase := range testCases {
-		_, seg, err := capnp.NewMessage(capnp.SingleSegment(nil))
-		capnpEntity, err := tunnelrpc.NewCapnpConnectParameters(seg)
-		if !assert.NoError(t, err) {
-			t.Fatal("Couldn't initialize a new message")
-		}
-		err = MarshalConnectParameters(capnpEntity, testCase)
-		if !assert.NoError(t, err, "testCase index %v failed to marshal", i) {
-			continue
-		}
-		result, err := UnmarshalConnectParameters(capnpEntity)
-		if !assert.NoError(t, err, "testCase index %v failed to unmarshal", i) {
-			continue
-		}
-		assert.Equal(t, testCase, result, "testCase index %v didn't preserve struct through marshalling and unmarshalling", i)
-	}
-}
-
-func sampleConnectParameters(overrides ...func(*ConnectParameters)) *ConnectParameters {
-	cloudflaredID, err := uuid.Parse("ED7BA470-8E54-465E-825C-99712043E01C")
-	if err != nil {
-		panic(err)
-	}
-	sample := &ConnectParameters{
-		OriginCert:          []byte("my-origin-cert"),
-		CloudflaredID:       cloudflaredID,
-		NumPreviousAttempts: 19,
-		Tags: []Tag{
-			Tag{
-				Name:  "provision-method",
-				Value: "new",
-			},
-		},
-		CloudflaredVersion: "7.0",
-		IntentLabel:        "my_intent",
-	}
-	sample.ensureNoZeroFields()
-	for _, f := range overrides {
-		f(sample)
-	}
-	return sample
-}
-
-func (c *ConnectParameters) ensureNoZeroFields() {
-	ensureNoZeroFieldsInSample(reflect.ValueOf(c), []string{})
-}
diff --git a/tunnelrpc/tunnelrpc.capnp b/tunnelrpc/tunnelrpc.capnp
index 839fc0e5..cb707400 100644
--- a/tunnelrpc/tunnelrpc.capnp
+++ b/tunnelrpc/tunnelrpc.capnp
@@ -295,7 +295,8 @@ interface TunnelServer {
     registerTunnel @0 (originCert :Data, hostname :Text, options :RegistrationOptions) -> (result :TunnelRegistration);
     getServerInfo @1 () -> (result :ServerInfo);
     unregisterTunnel @2 (gracePeriodNanoSec :Int64) -> ();
-    connect @3 (parameters :CapnpConnectParameters) -> (result :ConnectResult);
+    # obsoleteDeclarativeTunnelConnect RPC deprecated in TUN-3019
+    obsoleteDeclarativeTunnelConnect @3 (parameters :CapnpConnectParameters) -> (result :ConnectResult);
     authenticate @4 (originCert :Data, hostname :Text, options :RegistrationOptions) -> (result :AuthenticateResponse);
     reconnectTunnel @5 (jwt :Data, eventDigest :Data, connDigest :Data, hostname :Text, options :RegistrationOptions) -> (result :TunnelRegistration);
 }
diff --git a/tunnelrpc/tunnelrpc.capnp.go b/tunnelrpc/tunnelrpc.capnp.go
index 775ceff9..5b824580 100644
--- a/tunnelrpc/tunnelrpc.capnp.go
+++ b/tunnelrpc/tunnelrpc.capnp.go
@@ -2874,9 +2874,9 @@ func (c TunnelServer) UnregisterTunnel(ctx context.Context, params func(TunnelSe
 	}
 	return TunnelServer_unregisterTunnel_Results_Promise{Pipeline: capnp.NewPipeline(c.Client.Call(call))}
 }
-func (c TunnelServer) Connect(ctx context.Context, params func(TunnelServer_connect_Params) error, opts ...capnp.CallOption) TunnelServer_connect_Results_Promise {
+func (c TunnelServer) ObsoleteDeclarativeTunnelConnect(ctx context.Context, params func(TunnelServer_obsoleteDeclarativeTunnelConnect_Params) error, opts ...capnp.CallOption) TunnelServer_obsoleteDeclarativeTunnelConnect_Results_Promise {
 	if c.Client == nil {
-		return TunnelServer_connect_Results_Promise{Pipeline: capnp.NewPipeline(capnp.ErrorAnswer(capnp.ErrNullClient))}
+		return TunnelServer_obsoleteDeclarativeTunnelConnect_Results_Promise{Pipeline: capnp.NewPipeline(capnp.ErrorAnswer(capnp.ErrNullClient))}
 	}
 	call := &capnp.Call{
 		Ctx: ctx,
@@ -2884,15 +2884,17 @@ func (c TunnelServer) Connect(ctx context.Context, params func(TunnelServer_conn
 			InterfaceID:   0xea58385c65416035,
 			MethodID:      3,
 			InterfaceName: "tunnelrpc/tunnelrpc.capnp:TunnelServer",
-			MethodName:    "connect",
+			MethodName:    "obsoleteDeclarativeTunnelConnect",
 		},
 		Options: capnp.NewCallOptions(opts),
 	}
 	if params != nil {
 		call.ParamsSize = capnp.ObjectSize{DataSize: 0, PointerCount: 1}
-		call.ParamsFunc = func(s capnp.Struct) error { return params(TunnelServer_connect_Params{Struct: s}) }
+		call.ParamsFunc = func(s capnp.Struct) error {
+			return params(TunnelServer_obsoleteDeclarativeTunnelConnect_Params{Struct: s})
+		}
 	}
-	return TunnelServer_connect_Results_Promise{Pipeline: capnp.NewPipeline(c.Client.Call(call))}
+	return TunnelServer_obsoleteDeclarativeTunnelConnect_Results_Promise{Pipeline: capnp.NewPipeline(c.Client.Call(call))}
 }
 func (c TunnelServer) Authenticate(ctx context.Context, params func(TunnelServer_authenticate_Params) error, opts ...capnp.CallOption) TunnelServer_authenticate_Results_Promise {
 	if c.Client == nil {
@@ -2942,7 +2944,7 @@ type TunnelServer_Server interface {
 
 	UnregisterTunnel(TunnelServer_unregisterTunnel) error
 
-	Connect(TunnelServer_connect) error
+	ObsoleteDeclarativeTunnelConnect(TunnelServer_obsoleteDeclarativeTunnelConnect) error
 
 	Authenticate(TunnelServer_authenticate) error
 
@@ -3006,11 +3008,11 @@ func TunnelServer_Methods(methods []server.Method, s TunnelServer_Server) []serv
 			InterfaceID:   0xea58385c65416035,
 			MethodID:      3,
 			InterfaceName: "tunnelrpc/tunnelrpc.capnp:TunnelServer",
-			MethodName:    "connect",
+			MethodName:    "obsoleteDeclarativeTunnelConnect",
 		},
 		Impl: func(c context.Context, opts capnp.CallOptions, p, r capnp.Struct) error {
-			call := TunnelServer_connect{c, opts, TunnelServer_connect_Params{Struct: p}, TunnelServer_connect_Results{Struct: r}}
-			return s.Connect(call)
+			call := TunnelServer_obsoleteDeclarativeTunnelConnect{c, opts, TunnelServer_obsoleteDeclarativeTunnelConnect_Params{Struct: p}, TunnelServer_obsoleteDeclarativeTunnelConnect_Results{Struct: r}}
+			return s.ObsoleteDeclarativeTunnelConnect(call)
 		},
 		ResultsSize: capnp.ObjectSize{DataSize: 0, PointerCount: 1},
 	})
@@ -3070,12 +3072,12 @@ type TunnelServer_unregisterTunnel struct {
 	Results TunnelServer_unregisterTunnel_Results
 }
 
-// TunnelServer_connect holds the arguments for a server call to TunnelServer.connect.
-type TunnelServer_connect struct {
+// TunnelServer_obsoleteDeclarativeTunnelConnect holds the arguments for a server call to TunnelServer.obsoleteDeclarativeTunnelConnect.
+type TunnelServer_obsoleteDeclarativeTunnelConnect struct {
 	Ctx     context.Context
 	Options capnp.CallOptions
-	Params  TunnelServer_connect_Params
-	Results TunnelServer_connect_Results
+	Params  TunnelServer_obsoleteDeclarativeTunnelConnect_Params
+	Results TunnelServer_obsoleteDeclarativeTunnelConnect_Results
 }
 
 // TunnelServer_authenticate holds the arguments for a server call to TunnelServer.authenticate.
@@ -3552,48 +3554,48 @@ func (p TunnelServer_unregisterTunnel_Results_Promise) Struct() (TunnelServer_un
 	return TunnelServer_unregisterTunnel_Results{s}, err
 }
 
-type TunnelServer_connect_Params struct{ capnp.Struct }
+type TunnelServer_obsoleteDeclarativeTunnelConnect_Params struct{ capnp.Struct }
 
-// TunnelServer_connect_Params_TypeID is the unique identifier for the type TunnelServer_connect_Params.
-const TunnelServer_connect_Params_TypeID = 0xa766b24d4fe5da35
+// TunnelServer_obsoleteDeclarativeTunnelConnect_Params_TypeID is the unique identifier for the type TunnelServer_obsoleteDeclarativeTunnelConnect_Params.
+const TunnelServer_obsoleteDeclarativeTunnelConnect_Params_TypeID = 0xa766b24d4fe5da35
 
-func NewTunnelServer_connect_Params(s *capnp.Segment) (TunnelServer_connect_Params, error) {
+func NewTunnelServer_obsoleteDeclarativeTunnelConnect_Params(s *capnp.Segment) (TunnelServer_obsoleteDeclarativeTunnelConnect_Params, error) {
 	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1})
-	return TunnelServer_connect_Params{st}, err
+	return TunnelServer_obsoleteDeclarativeTunnelConnect_Params{st}, err
 }
 
-func NewRootTunnelServer_connect_Params(s *capnp.Segment) (TunnelServer_connect_Params, error) {
+func NewRootTunnelServer_obsoleteDeclarativeTunnelConnect_Params(s *capnp.Segment) (TunnelServer_obsoleteDeclarativeTunnelConnect_Params, error) {
 	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1})
-	return TunnelServer_connect_Params{st}, err
+	return TunnelServer_obsoleteDeclarativeTunnelConnect_Params{st}, err
 }
 
-func ReadRootTunnelServer_connect_Params(msg *capnp.Message) (TunnelServer_connect_Params, error) {
+func ReadRootTunnelServer_obsoleteDeclarativeTunnelConnect_Params(msg *capnp.Message) (TunnelServer_obsoleteDeclarativeTunnelConnect_Params, error) {
 	root, err := msg.RootPtr()
-	return TunnelServer_connect_Params{root.Struct()}, err
+	return TunnelServer_obsoleteDeclarativeTunnelConnect_Params{root.Struct()}, err
 }
 
-func (s TunnelServer_connect_Params) String() string {
+func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Params) String() string {
 	str, _ := text.Marshal(0xa766b24d4fe5da35, s.Struct)
 	return str
 }
 
-func (s TunnelServer_connect_Params) Parameters() (CapnpConnectParameters, error) {
+func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Params) Parameters() (CapnpConnectParameters, error) {
 	p, err := s.Struct.Ptr(0)
 	return CapnpConnectParameters{Struct: p.Struct()}, err
 }
 
-func (s TunnelServer_connect_Params) HasParameters() bool {
+func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Params) HasParameters() bool {
 	p, err := s.Struct.Ptr(0)
 	return p.IsValid() || err != nil
 }
 
-func (s TunnelServer_connect_Params) SetParameters(v CapnpConnectParameters) error {
+func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Params) SetParameters(v CapnpConnectParameters) error {
 	return s.Struct.SetPtr(0, v.Struct.ToPtr())
 }
 
 // NewParameters sets the parameters field to a newly
 // allocated CapnpConnectParameters struct, preferring placement in s's segment.
-func (s TunnelServer_connect_Params) NewParameters() (CapnpConnectParameters, error) {
+func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Params) NewParameters() (CapnpConnectParameters, error) {
 	ss, err := NewCapnpConnectParameters(s.Struct.Segment())
 	if err != nil {
 		return CapnpConnectParameters{}, err
@@ -3602,82 +3604,82 @@ func (s TunnelServer_connect_Params) NewParameters() (CapnpConnectParameters, er
 	return ss, err
 }
 
-// TunnelServer_connect_Params_List is a list of TunnelServer_connect_Params.
-type TunnelServer_connect_Params_List struct{ capnp.List }
+// TunnelServer_obsoleteDeclarativeTunnelConnect_Params_List is a list of TunnelServer_obsoleteDeclarativeTunnelConnect_Params.
+type TunnelServer_obsoleteDeclarativeTunnelConnect_Params_List struct{ capnp.List }
 
-// NewTunnelServer_connect_Params creates a new list of TunnelServer_connect_Params.
-func NewTunnelServer_connect_Params_List(s *capnp.Segment, sz int32) (TunnelServer_connect_Params_List, error) {
+// NewTunnelServer_obsoleteDeclarativeTunnelConnect_Params creates a new list of TunnelServer_obsoleteDeclarativeTunnelConnect_Params.
+func NewTunnelServer_obsoleteDeclarativeTunnelConnect_Params_List(s *capnp.Segment, sz int32) (TunnelServer_obsoleteDeclarativeTunnelConnect_Params_List, error) {
 	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1}, sz)
-	return TunnelServer_connect_Params_List{l}, err
+	return TunnelServer_obsoleteDeclarativeTunnelConnect_Params_List{l}, err
 }
 
-func (s TunnelServer_connect_Params_List) At(i int) TunnelServer_connect_Params {
-	return TunnelServer_connect_Params{s.List.Struct(i)}
+func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Params_List) At(i int) TunnelServer_obsoleteDeclarativeTunnelConnect_Params {
+	return TunnelServer_obsoleteDeclarativeTunnelConnect_Params{s.List.Struct(i)}
 }
 
-func (s TunnelServer_connect_Params_List) Set(i int, v TunnelServer_connect_Params) error {
+func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Params_List) Set(i int, v TunnelServer_obsoleteDeclarativeTunnelConnect_Params) error {
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s TunnelServer_connect_Params_List) String() string {
+func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Params_List) String() string {
 	str, _ := text.MarshalList(0xa766b24d4fe5da35, s.List)
 	return str
 }
 
-// TunnelServer_connect_Params_Promise is a wrapper for a TunnelServer_connect_Params promised by a client call.
-type TunnelServer_connect_Params_Promise struct{ *capnp.Pipeline }
+// TunnelServer_obsoleteDeclarativeTunnelConnect_Params_Promise is a wrapper for a TunnelServer_obsoleteDeclarativeTunnelConnect_Params promised by a client call.
+type TunnelServer_obsoleteDeclarativeTunnelConnect_Params_Promise struct{ *capnp.Pipeline }
 
-func (p TunnelServer_connect_Params_Promise) Struct() (TunnelServer_connect_Params, error) {
+func (p TunnelServer_obsoleteDeclarativeTunnelConnect_Params_Promise) Struct() (TunnelServer_obsoleteDeclarativeTunnelConnect_Params, error) {
 	s, err := p.Pipeline.Struct()
-	return TunnelServer_connect_Params{s}, err
+	return TunnelServer_obsoleteDeclarativeTunnelConnect_Params{s}, err
 }
 
-func (p TunnelServer_connect_Params_Promise) Parameters() CapnpConnectParameters_Promise {
+func (p TunnelServer_obsoleteDeclarativeTunnelConnect_Params_Promise) Parameters() CapnpConnectParameters_Promise {
 	return CapnpConnectParameters_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
 }
 
-type TunnelServer_connect_Results struct{ capnp.Struct }
+type TunnelServer_obsoleteDeclarativeTunnelConnect_Results struct{ capnp.Struct }
 
-// TunnelServer_connect_Results_TypeID is the unique identifier for the type TunnelServer_connect_Results.
-const TunnelServer_connect_Results_TypeID = 0xfeac5c8f4899ef7c
+// TunnelServer_obsoleteDeclarativeTunnelConnect_Results_TypeID is the unique identifier for the type TunnelServer_obsoleteDeclarativeTunnelConnect_Results.
+const TunnelServer_obsoleteDeclarativeTunnelConnect_Results_TypeID = 0xfeac5c8f4899ef7c
 
-func NewTunnelServer_connect_Results(s *capnp.Segment) (TunnelServer_connect_Results, error) {
+func NewTunnelServer_obsoleteDeclarativeTunnelConnect_Results(s *capnp.Segment) (TunnelServer_obsoleteDeclarativeTunnelConnect_Results, error) {
 	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1})
-	return TunnelServer_connect_Results{st}, err
+	return TunnelServer_obsoleteDeclarativeTunnelConnect_Results{st}, err
 }
 
-func NewRootTunnelServer_connect_Results(s *capnp.Segment) (TunnelServer_connect_Results, error) {
+func NewRootTunnelServer_obsoleteDeclarativeTunnelConnect_Results(s *capnp.Segment) (TunnelServer_obsoleteDeclarativeTunnelConnect_Results, error) {
 	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1})
-	return TunnelServer_connect_Results{st}, err
+	return TunnelServer_obsoleteDeclarativeTunnelConnect_Results{st}, err
 }
 
-func ReadRootTunnelServer_connect_Results(msg *capnp.Message) (TunnelServer_connect_Results, error) {
+func ReadRootTunnelServer_obsoleteDeclarativeTunnelConnect_Results(msg *capnp.Message) (TunnelServer_obsoleteDeclarativeTunnelConnect_Results, error) {
 	root, err := msg.RootPtr()
-	return TunnelServer_connect_Results{root.Struct()}, err
+	return TunnelServer_obsoleteDeclarativeTunnelConnect_Results{root.Struct()}, err
 }
 
-func (s TunnelServer_connect_Results) String() string {
+func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Results) String() string {
 	str, _ := text.Marshal(0xfeac5c8f4899ef7c, s.Struct)
 	return str
 }
 
-func (s TunnelServer_connect_Results) Result() (ConnectResult, error) {
+func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Results) Result() (ConnectResult, error) {
 	p, err := s.Struct.Ptr(0)
 	return ConnectResult{Struct: p.Struct()}, err
 }
 
-func (s TunnelServer_connect_Results) HasResult() bool {
+func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Results) HasResult() bool {
 	p, err := s.Struct.Ptr(0)
 	return p.IsValid() || err != nil
 }
 
-func (s TunnelServer_connect_Results) SetResult(v ConnectResult) error {
+func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Results) SetResult(v ConnectResult) error {
 	return s.Struct.SetPtr(0, v.Struct.ToPtr())
 }
 
 // NewResult sets the result field to a newly
 // allocated ConnectResult struct, preferring placement in s's segment.
-func (s TunnelServer_connect_Results) NewResult() (ConnectResult, error) {
+func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Results) NewResult() (ConnectResult, error) {
 	ss, err := NewConnectResult(s.Struct.Segment())
 	if err != nil {
 		return ConnectResult{}, err
@@ -3686,37 +3688,37 @@ func (s TunnelServer_connect_Results) NewResult() (ConnectResult, error) {
 	return ss, err
 }
 
-// TunnelServer_connect_Results_List is a list of TunnelServer_connect_Results.
-type TunnelServer_connect_Results_List struct{ capnp.List }
+// TunnelServer_obsoleteDeclarativeTunnelConnect_Results_List is a list of TunnelServer_obsoleteDeclarativeTunnelConnect_Results.
+type TunnelServer_obsoleteDeclarativeTunnelConnect_Results_List struct{ capnp.List }
 
-// NewTunnelServer_connect_Results creates a new list of TunnelServer_connect_Results.
-func NewTunnelServer_connect_Results_List(s *capnp.Segment, sz int32) (TunnelServer_connect_Results_List, error) {
+// NewTunnelServer_obsoleteDeclarativeTunnelConnect_Results creates a new list of TunnelServer_obsoleteDeclarativeTunnelConnect_Results.
+func NewTunnelServer_obsoleteDeclarativeTunnelConnect_Results_List(s *capnp.Segment, sz int32) (TunnelServer_obsoleteDeclarativeTunnelConnect_Results_List, error) {
 	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1}, sz)
-	return TunnelServer_connect_Results_List{l}, err
+	return TunnelServer_obsoleteDeclarativeTunnelConnect_Results_List{l}, err
 }
 
-func (s TunnelServer_connect_Results_List) At(i int) TunnelServer_connect_Results {
-	return TunnelServer_connect_Results{s.List.Struct(i)}
+func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Results_List) At(i int) TunnelServer_obsoleteDeclarativeTunnelConnect_Results {
+	return TunnelServer_obsoleteDeclarativeTunnelConnect_Results{s.List.Struct(i)}
 }
 
-func (s TunnelServer_connect_Results_List) Set(i int, v TunnelServer_connect_Results) error {
+func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Results_List) Set(i int, v TunnelServer_obsoleteDeclarativeTunnelConnect_Results) error {
 	return s.List.SetStruct(i, v.Struct)
 }
 
-func (s TunnelServer_connect_Results_List) String() string {
+func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Results_List) String() string {
 	str, _ := text.MarshalList(0xfeac5c8f4899ef7c, s.List)
 	return str
 }
 
-// TunnelServer_connect_Results_Promise is a wrapper for a TunnelServer_connect_Results promised by a client call.
-type TunnelServer_connect_Results_Promise struct{ *capnp.Pipeline }
+// TunnelServer_obsoleteDeclarativeTunnelConnect_Results_Promise is a wrapper for a TunnelServer_obsoleteDeclarativeTunnelConnect_Results promised by a client call.
+type TunnelServer_obsoleteDeclarativeTunnelConnect_Results_Promise struct{ *capnp.Pipeline }
 
-func (p TunnelServer_connect_Results_Promise) Struct() (TunnelServer_connect_Results, error) {
+func (p TunnelServer_obsoleteDeclarativeTunnelConnect_Results_Promise) Struct() (TunnelServer_obsoleteDeclarativeTunnelConnect_Results, error) {
 	s, err := p.Pipeline.Struct()
-	return TunnelServer_connect_Results{s}, err
+	return TunnelServer_obsoleteDeclarativeTunnelConnect_Results{s}, err
 }
 
-func (p TunnelServer_connect_Results_Promise) Result() ConnectResult_Promise {
+func (p TunnelServer_obsoleteDeclarativeTunnelConnect_Results_Promise) Result() ConnectResult_Promise {
 	return ConnectResult_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
 }
 
@@ -4383,257 +4385,259 @@ func (p ClientService_useConfiguration_Results_Promise) Result() UseConfiguratio
 	return UseConfigurationResult_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
 }
 
-const schema_db8274f9144abc7e = "x\xda\xccz}\x90\x14uz\xff\xf3t\xcf\xd2\xbb\xb0" +
-	"\xcbL\xdbc\xfdv)\xf67\xc7\x8bQ8!\"G" +
-	"\xa2\x9b\xe4\xf6\x0d\xb8]\x0ea{g\x17u\xe5R\xf6" +
-	"\xce|w\xb6a\xa6{\xe8\xee\x01\x96\xe0\xf1R\x10e" +
-	"\x03'x\x90\x02\x0f\xaf\x00\x8f\xf8\x12\xbd\x13\x0f+\xa7" +
-	"\x11K\x93\xab\xa89\x13\xe5\x82)\xbd\x98\x8a\x11\xa8T" +
-	"\xac\xb3<\xd1\x94eJ\xed\xd4\xf3\xed\xd7\x1d\x96\x05L" +
-	"R\x95\x7f`\xea\xe9\xe7\xfb\xf2\xbc}\x9e\x97\xef\xde\xf4" +
-	"\xe3\xc9m\xc2\x82\x9a\xeb\x93\x00\xeaS5\x93\\6\xf7" +
-	"\x97\x9b\x8e\\\xf7\xd7\xdbA\x9d\x86\xe8~\xf7\xf9e\xe9" +
-	"\xcf\x9c\xed\xff\x045\xa2\x04\xb0pD\xda\x84\xca\x1eI" +
-	"\x02PvI\xff\x06\xe8\xd6\xfc\xd6\x9b\xef\x96\xdf\x95v" +
-	"\x80<-\xce,\x10s\xa9v\x19*\xdbj\x89\xf9\x9e" +
-	"\xda\x0d\x80\xee\xef\x97^?\xf6;\x07~A\xccB\xc4" +
-	"\x0c\xb8\xf0|\xed&T>\xe3\x9c\xffQ\xbb\x12\xd0\xfd" +
-	"x\x7f\xe3\x9f\x1f\xfd\xfbWv\x82|=\x82\x7fvC" +
-	"\xdd\xaf\x10P\x99Q\xf7\x13@\xf7\x1fn\xda|\xee\xee" +
-	"\x8f\xf7\xdd7\xf6\xdc\x04\xf1\xbdT7\x8a\xca\xdbu\x12" +
-	"\x88\xeeCw\xa5\xff\x16\x8f|\xba\x0f\xe4\x1bh\x1b\xa4" +
-	"\xcf\xcf\xd4M\x16\x00\x95\xbf\xabk\x05t_\xbf\xf1\xf9" +
-	"\xe7\xf6\xfe\xf4\xde\x1f\x80z=\"x\xeb?\xa8\xfbO" +
-	":\x07'\x13\xc3G?\xfaz\xe2\xc9\xd7\xaf\xf9!g" +
-	"p\x8f\x9f\xbe\xfd\xe9\xbd?\xfd\xda\xfb\xd0/H\x98\x00" +
-	"X8g\xb2E\xbc\x8b&\x93.\xf6\xbfujEi" +
-	"\xdf\x83\xc7\xbcK\xf3\xbd\xae\x9d\"\x08\x90pwt\x7f" +
-	"Z\xea\x7f8\xfb\xb0/N\x0d}\xaa\x9br\x01\x01\x17" +
-	"6O\xc9 \xa0\xbb\xe8W\xe7W\xde\xf6\xf4\xd0#>" +
-	"\x07\xbf\xe9\xad\xf5O\xd3\xe6\xdd\xf5t\x91W6\xa4v" +
-	"\xb7\xff\xee\xfd\x8fT\x9b\x85\xefU\xaa\x1fEeg=" +
-	"\xfd\xdcV\x7f;\xed7z\xeb\xa9U\x1f\xff\xb1\xfd8" +
-	"\xa8\xf30\xe1\xfe|\xd7\xd9\xf5s\x1e\x1bz\x99\xdf[" +
-	"\x04X\xf8Y\xc3/i\xeb\x86\xa9\xa4\xcb\x86\xbf\x9c\xbb" +
-	"\xe2\xfes\xcbO\xd0\xd61\xbbx\x97xrj\x0b*" +
-	"\xa7\xa6\x92i\x9e\xe5\xdco\xdc\xb8\xea\x85\x17\x9e*\x9c" +
-	"\xa8\xbe\x087\xf9\x9d\xc9e\xa8\x94\x92\xc4\xad'\x89\xfb" +
-	"\xdan|\xe7\xc5\x05\x89\xbf\x88\x1b\xb29\xf5>\x1d\xbe" +
-	" E\x0cw}\xfe\xcc_-\xf9\xf0\xcc\xb3q\x13\x9d" +
-	"N\x09d\xa2\xf3)\x12|`\x14K\xef\xb4\xb4\xbd\x00" +
-	"\xea\x0d\x88\xee\x9a\x03\x9b\x9d\xae\x83{\\\xe8G\x09\x05" +
-	"\xf2\x0ay\x13m\xd6$\x93\x835\x7f\xd0\xd1`|\xb8" +
-	"\xfd\xc5*o\xe4\xa7V\xe4e\xa8\xec\x92\xe9j;\xe5" +
-	"\x9f\x00~\xfa\xf8\xbd{\xbb\xcf.~Y\x9d\x86\x89j" +
-	"\xa1g\\\xb3\x09\x95E\xd7\xd0\xcf\x05\xd7p\xfb\x84\x1a" +
-	"\xacb\xe7Rk\xca\x1aT*\x0a\xfd\\\xa7p\xf6e" +
-	"w}\xff\x81\x9a\xf3\xdf\x7f\xb9Z\xa5\xe4\xe2\x0b\xefI" +
-	"[\xa8\xecK\xd3\xcf=\xe9\xff'\x02\xba\xd3\x9e\xfa\xbd" +
-	"\x1fw\xe4\xdf\xfe\xc58Q\xa444^P\x9a\x1a\xe9" +
-	"\xd7\xb5\x8d$\xe3\xd9y'\xfe\xe8\xdf\xf7\x9c>\x13\xf7" +
-	"\x94u\x8d\xdcew6\x92\xc2\xee\xfd\xfa\xc8\xa6\x15\xd7" +
-	"\x8d\xbeYm \xcey\xbcq\x14\x95S|\xbbg\xf9" +
-	"v\xc2y\xadi\xeb?~\xf3\x9d\x98\xd3\xceiz\x0f" +
-	"!\xe1\xaeXu\xd7\x9a\xba{\xce\x9e\x8d\x1f\xd4\xdc\xe4" +
-	"\x99\xae\x89\x0e:)?\xa0<\x7f\xf4\xcf\xce\xd1AR" +
-	"\xb5\xba\xd5\xa6\x01TX\x13WO\xd3#\x02\xc4\x82g" +
-	"<\xc7\xf9\xce\xf4\x16TJ\xd3\xb9\xe3L\xa7{-\xba" +
-	"\xbb\x9d\xad\xbe\xe5\x8e\xf7A\x9e&\x8e\xc1\x8a\xc7\x88\xf3" +
-	"\xd9\xe9<\x94\xa7\xdf\x8b\xca\xa9f\x09\xc0\xfd^a\xe0" +
-	"\xd5\x8f:\x8f\xfe\xa6zs.\xd0\xf1\xe6\x16T\x9e!" +
-	"\xbe\x85'\x9a\xb9}\x16.\xf8\x93\x0f\x0e<\xdc\xf9\xd1" +
-	"E\xbb\x7f\xf1\xff;Pi\xc8\xd0=\xea2\xdfRn" +
-	"\xcd\xf0\xcd\xbf\xbbx\xe5\xad3_\xba\x10\xd7\xc4\x8c\xcc" +
-	"\x05\x1e\xf9\x19\xd2\xc4\xd0-\xbf\xfe\xd6u\xdf\xfb\x9b\x0b" +
-	"U\xf6\xe3\x8c\xfd\x99\xb9\xa80\xbe\xa3F\xcc\x1f.\xfd" +
-	"\xe1\x99i\xc9i\x9fT]t\x12\xf1\xee\xcc\xacA\xe5" +
-	"\x10\xf1.<\x90y\x99.z\xc7{\x0fnh\xfd\xc1" +
-	"'\x9f\x92\\b\x15\xd0\xed\x9a1\x80\xcaC3h\xe7" +
-	"C3(\x96\x96?\xf1\xf67\x87\x0f\xbc\xf2\xd9\xb8\xd0" +
-	"\xbdd\xe6vT\xee\x9cI\xdc\xfd3\x09\xae\xfeT:" +
-	"|v\xeb\xbf\xfc\xe1\xe7q\xa9\xfe`\xd6{$\x95:" +
-	"\x8b\xa4\xda\xfc\xe1\xa1\xae\xfbW?\xf1\xe5\x18O\x9b\xf5" +
-	"\x1c1l\xe3\x0ca0\x8e\xe7iGgu\xa0rb" +
-	"\x16\x9d\xf7\xe4\xacV\x98\xe7:\x15\xc3`E\xab\x9c\xc8" +
-	"\xfdv\xf037?\xa7\x95\x8drK{\xc5\x19f\x86" +
-	"\xa3\xe74\x87\xf5\xb2V\xbbl\x1a6\xebATSb" +
-	"\x02 \x81\x00\xb2\xb6\x06@\xbd[D\xb5(\xa0\x8c\x98" +
-	"&\xb8\x96u\"\x0e\x8b\xa8:\x02\xca\x82\x90&D\x90" +
-	"\xd7\xcd\x04P\x8b\"\xaa\x1b\x05D1Mx'W\x1e" +
-	"\x00P7\x8a\xa8\xee\x10\xd0-3\xab\xa4\x19\xcc\x80\xa4" +
-	"\xb3\xc4\xb2\xb0\x1e\x04\xac\x07t-\xe6X#\xda`\x11" +
-	"\x92,F\x96\xd6lp\xb0\x01\x04l\x00t\x87\xcd\x8a" +
-	"e\xf7\x1b\x0e\xea\xc5^6d1\x1b\x87q\x12\x088" +
-	"\x09p\"\xf1:M\xc3`9'[\xc9\xe5\x98m\x03" +
-	"\x90d\xb5\xa1ds\x1e\x04Po\x14Q\xbd%&\xd9" +
-	"\"\x92\xec\x1b\"\xaam\x02\xba6\xb3\xd63k\xb9\x89" +
-	"9\xcd\xd1Mc\x85&\x96Xx\xed\\Qg\x86\xd3" +
-	"iB\xd2\x18\xd2\x0b\x98\x8aB\x01\x10S\x13_l\xc9" +
-	"F\xddvt\xa3\xd0\xc7\xe9\xad=fQ\xcf\x8d\xd0\xed" +
-	"\xea\xb9&\x9b[h\x0f\xf9\xda\x01\x00\x14d\xb9\x03\xa0" +
-	"U/\x18\xa6\xc5\xdc\xbcn\xe7H(\x10s\xce\x96A" +
-	"\xad\xa8\x199\x16\x1e4\xe9\xe2\x83\xbc\x03\xb2\\\x8e\xf9" +
-	"Z\xcc\xda\xb3{4K\x13K\xb6Z\x1f\xeac\xc9\x00" +
-	"\x80\xbaXD\xb5'\xa6\x8f\xdb\x96\x01\xa8\xcbET\xef" +
-	"\x88Y\xba\xbf\x03@\xed\x11Q]-\xa0kZzA" +
-	"7:\x19\x88V\xdc`\xb6ch%\x06\x00\x81\xc2\xb6" +
-	"\x98eR\xa2\x8d\xa9\x08\xa5\xab4Us\xb1\x00]\xac" +
-	"X4o7\xadb~\xa5w\x8eI\xda\xe6\xa6\x0c\x97" +
-	"I\xe3X\x9e\x1b\x87\xe4\xd6sl~\xc5f\xde\xba\x8a" +
-	"\xc5\x0d9\xbb\x97\xd9\x95\xa2c\x03\xa8\x89P\xfc\x86\x16" +
-	"\x00\xb5VD5-`\xab\xc5\x190\x15\x81z\xd5U" +
-	"/\xa7\xeb\x8aa\xb1\x82n;\xcc\xf2\xc8\xb3[I\xe1" +
-	"%;~ \xf9_JDu\xba\x80n\xc1\xd2r\xac" +
-	"\x87Y\xa8\x9b\xf9\x15\x9aafE\x96\xc3\x1a\x10\xb0f" +
-	"bOZ\xaa\xe9E\x96\xf7\xa4\x9b\x9f\xcb\xf0\xff)z" +
-	"\xeb]\xd7\x0b\xdf\x81(|\x1b\xf0K\xd7\x8f\xdfMQ" +
-	"\xfc6\x08_\xb8\x17\x07p\x83\xf8\xb9\xeb\x870E\x84" +
-	"#\xa2\xba\x95\"\xa2R&\x9d\xda \x9a\x16\xa6\"\x94" +
-	"\xf4\xb5\xc3\xf2\x05\xd2\xb4\x01\xad,G\x8a\xc6T\x90\xed" +
-	"=\x06)o\x0ec**e\xfce\x16[\xcf,\x9b" +
-	"\xf5@\xd227\x8e`*\xca\xfaUZ\x9fz\xb5Z" +
-	"\x0f\x0c\x1d\xae\x9ax\xbd\xc5r\x1ed\xf8\xcb{2\x9e" +
-	"\xd1\xd2\xa1\xd1\xee\x99\x19\x01Z\x18$\xdb\x06\x01\xd4\xad" +
-	"\"\xaa\xbbcA\xb2\x8b4\x7f\x9f\x88\xea~\x01e\xd1" +
-	"\xc7\xc3}\x14N{ET\x0f\x0b('\x12i*f" +
-	"\xe5C\x14N\xfbET\x8f\x08ca\x8f\xadg\x86\xb3" +
-	"X/\x80\xc4\xec\x88JW\\\xac\x17\x18\x88\xf6\xffB" +
-	"\xc0\x8d\xd1\x87\xaf\x8dP\x0f1\xe7%\xe9\xeaET\x1b" +
-	"\x09\xd8\xe9+s\x08\x02\xe8\xb4\xb0d\xbe\xfci\x9d\xf4" +
-	"\xaf\x0f\xd3=\xfe.\x96\x8f\xd4\x8d\xe1a\x87\xe8\xb0\x83" +
-	"\"\xaa?\x8a)\xfd\xa8\x05\xa0\x1e\x11Q}B@\xf4" +
-	"u\xfe\xd81\x00\xf5\x09\x11\xd5\x9f\x91\xce\x05O\xe7\xcf" +
-	"\xcc\xa5\x0eKD\xf55\xd2\xb9\xe8\xe9\xfcU\x0a\xbe\xd7" +
-	"DT\xdf\x12P\xaeI\xa4\xb1\x06@~\x93\xecxF" +
-	"D\xf5\xddK\xe1Z\xaehV\xf2CE\x0d2\x16\xcb" +
-	"w/\x0e\xe9F\xa5\xd4c\xb1\xf5:\x9a\x15\xbb\xddq" +
-	"XI*;v\x90\xa2\x92\x8eV\xb0q*`\x8f\x88" +
-	"\x98\x8a\x8aN@\"\x86{\xa2\xc5\xf2\xab\x98e\xeb\xa2" +
-	"i\x84YF7\x1cf8\xcb5\x90\x06Y1\xa4N" +
-	"\x80B\xbd~,Q$\xf9\xb0`F\xc8\x89\x05\x02\xfc" +
-	"\xe9\xae\xeb+q\x09\xe9\xa6MDu\xb9\x80\xcd\xf8%" +
-	"\x91I\x8f\xdd\xbd\x00j\x97\x88j\x9f\x80\xcd\xc2\x17D" +
-	"&M\xaa\x03\x11\xee'\x87\x1d\xa7\x8c\xa9\xa8\x18\xf5\x8d" +
-	"\xbd\x81\x0d\xdafn-\x03$\xf8\x0c+#\xff\xeb\xb0" +
-	"\x0f\xe7 \x16\xf3\x98\x8a\xba\xc9*O\x11/\x95\xcb[" +
-	"\xa9r0-\x9e*\xa3\xc4us$D\xe0\x1d\xdd\x03" +
-	"\x91\x04\xb2\xd0\xe6\x89\xa5\x0eF\xf7\xcf\xe4\xb4\x8a\xcd\xc6" +
-	"\x16!\xedC\x0e\x88\xcc\x0aq\xd7\x1e6+\xc5|/" +
-	"\x03\xc9\xb1F\x10A@\x9c\x18\x8d\x17\x9b]1\xc5{" +
-	"n<~\x82\x0d\xf3\xeb@<\xbf\xfa\xea\xef'\xf5\xf7" +
-	"\x89\xa8\x96\x05t\x8b\x84gF\x97\xc9\xc3=\xb8\xaeG" +
-	"\xec1\xb9sJ \xa0\x04\xe8V\xca\xb6c1\xad\x04" +
-	"\x18z\x1b\xf1O\xbd\x8a\xb4U\x05\x9f=Z\x92\xc7\xfd" +
-	"\xff\xa5\"\xe1\xea\xb3\xbd\x97y\xc7\xe4\xfac\xb1\xd4\x9b" +
-	"\xf3W#_\xdei\x1a\xd2U\xd7s>\x82y\xd9f" +
-	"\xbe_=P\xa9\x19\xa4\xe19\x946f\x8b\xa8\xde\x14" +
-	"O\xc3\xf3HE7\x88\xa8~C@\x89Y\x94Q\xc3" +
-	"\x99\x80w\xe8\x16\xdb\xab]1\x15M|.\x7f\x9dX" +
-	"Y\xaf\x9b\xc6En83\x0a\x97\xd0\x84\xdd7\xc7\xec" +
-	"\x1a\x98\xf0\xb6\xc1\xc8\xae\xd2Z6\x12X)\xc3J\x9a" +
-	"\x1e\xa1\x91o\xdcv\x90\xbe\x1d\xf1LX\xfe\xfae\x82" +
-	"W$\xb4z\xd6\xa2K\xc6\xf2\xech,\xa5\x06\x97\xdc" +
-	"E\xdd\xc4n\x11\xd5\x83\xb1K\x1e\xe8\x88\xa5\xd4 \xcf" +
-	"\x1e\"\x03\x1f\x16Q}T@\xf4\xd3\xecq\x82\xfcG" +
-	"ETO\x0a\x1c\xb0\xbb\xda;M\x03\xfdK\xd8\x00a" +
-	"G1\xcc4\xcb\x19d\x1a:\xdd\x86\xc3\xac\xf5\x1a\x16" +
-	"\x03H\xd8\xe2\xe8%fV\x9c\x10\"J\xdaF^\x82" +
-	"a\xbe\xcb[%i\x8e\x8du `\x1dE\xa4\xcd\xac" +
-	"N\x8b\xe5\x91\xac\xa1\x15{4\xd1\x19\xbe\x12\x05\x8d\x05" +
-	"\xf1\xe48\xea\xa1\x02n\xb3\x88\xea}\x04%\x18\x9b;" +
-	"\xc9;\xd7\x80\xc0\x91\x84d^\xd7\x11\x95t<!\xd6" +
-	"T5e<!N\xa2\x1a\x86\xb4\xb3CDu\xaf\x10" +
-	"\\\xad\xcb\x84V/B\xabM\xed7=[\x085u" +
-	"\x16\xc9\xeb\xd7\x0b:\x9aF\x1fW\x14F\x9a\xca\x99\xa5" +
-	"\xb2E\xae\xac\x9b\x86Z\xd1\x8a\xba\xe8\x8c\x84\x0b'\xd4" +
-	"\x05A\x92\x17\xca+\xcb\x19n,R\xc6-\x812\x94" +
-	"\x11\\\x06\x90\xdd\x88\"fw`\xe4.\xca6\xec\x00" +
-	"\xc8n&\xfa}\x18y\x8c\xb2\x13\xa7\x01d\xb7\x12}" +
-	"7\x86\xbd\xaa\xb2\x0b\x1f\x07\xc8\xee&\xf2A\x8cJ\x05" +
-	"\xe5\x00\xdf~?\xd1\x8f`T-(\x0f\xe1\\\x80\xec" +
-	"A\xa2\x9f$\xfa$\x81kR9\x81k\x00\xb2O\x11" +
-	"\xfdy\xa2K5i\xe4s\x1f\xb4\x00\xb2?#\xfa\xcf" +
-	"\x89^\xdb\x98\xc6Z\x00\xe5%N\x7f\x91\xe8\xaf\x11\xbd" +
-	"\xae)\x8du\x00\xca\xab\xb8\x1d \xfb\x0a\xd1\xcf\x10}" +
-	"2\xa6q2\x80r\x1a\x1f\x04\xc8\x9e!\xfa\xbbD\x9f" +
-	"2)\x8dS\x00\x94\x7f\xe6\xf7y\x8b\xe8\xe7\x88^\x9f" +
-	"Hc=\x80\xf2\xafx\x0c {\x8e\xe8\xbf!z\x83" +
-	"\x94\xc6\x06\x00\xe5\x03.\xd7\xaf\x89^+\x848\xd8\x9d" +
-	"\x8f\xc31\xb9\xa1\x1e\x95#\xa2i\x87\xae\xc0\xfc\x1e\x16" +
-	"\xbd\\\xd1c&\xa9\x89\xc5d4m\x06\xc4$\xa0[" +
-	"6\xcd\xe2\x8a\xb10\x7f\xb9\x8a\xc8w#H\x9aFw" +
-	">\x8cK\xcf\xf9\x96\x9b\x90\xc9i\xc5\xeerT#\xd9" +
-	"\xed\x15\xc7\xac\x94!\x93\xd7\x1c\x96\x0f\x13\xb5U1\x96" +
-	"Zf\xa9\x0f\x99U\xd2\x0d\xad\x08\xe1\x97\x89|1Y" +
-	"\xa9\xe8\xf9p\xef\x09\x0b;w\x88iN\xc5b6\x89" +
-	"v\x89\x8c+T{t\xa6\xdc\xd2\xa7\x15\xaaF\x11s" +
-	"\xa3\xf4\x10\xa2\xdd\xbc\x9b\xa3\xec\x90\x8cGaf\xbdV" +
-	"\xac\xb0+)\x06'lnz[\xbd\xe6\xe8r=p" +
-	"08\xbb|5\xdf_\x95y\xbd|x\xd1\xdc\xa5#" +
-	"\x126\x94\xd5\xf2g1]B\x94\xf3\x02k\x0d\xf9=" +
-	".dh\xef\x98\xdf\x84\x93M\xdfo\xaeT\x13\x05\xe6" +
-	"x\xbf\xba\x8d!\x93\xca\x03I+\xd9_qu/\xb3" +
-	"\x93W\xa2\xc5hVy\xf9\xfc\xdd\xd5\xd7\xd7\x13\x8d;" +
-	"D\x0f\xfco\x0a\xf1\xae\x1d{\x01\xb2m\x14\xb8\xcb1" +
-	"\xd4\xa1\xd2\xcdq\xa7\x8b\xc8}\x18U\xbd\x8a\xca\xf1\xa5" +
-	"\x87\xe8\xab1\xea\x8b\x94;9.\xac&\xfa0\xc7\xbb" +
-	"v\x0f\xef\x18\xdf>O\xf42\xc7;\xf4\xf0\xae\xc4\xf7" +
-	"/\x12}c\x1c\xef*8:\x06~%\xd1\xc3\xbbm" +
-	"\x1c\xa7v\x10}/\xc7\xbb\x84\x87w{\xf0i\x80\xec" +
-	"^\xa2\x1f\xe6xW\xe3\xe1\xdd!|\x0e {\x98\xe8" +
-	"\x8fr\xbc\x9b\xe4\xe1\xddq\xce\xffh\x88\xb3S:<" +
-	"\xbc;\xc1\xf11\xc4Y\xb7b\x15\xb3\x8e\xa5\x1b\x80\x85" +
-	"(6r\xe5o3Vn\x87dQ_\xcf\xc2\\\x94" +
-	"\xd7\xb5\xe2\xe2\x8aV\x84L\xd6\xd1rk\xa3\xd2\xbeh" +
-	"wiF\xde\xc6am-\xa3\x0c&\xc5s\xbdS\xb4" +
-	"W1K\x1f\x02\x8c\x9a\x81\xb0\xf6I\xf6\x98fuI" +
-	"\xc4kJfy\xe0\x17~+i\x1b\xbb\xf3E\xd6\x89" +
-	"A\x05$\x1aQ\x06\xd5\xe9\x8bi\x18\xe8\x95%}z" +
-	"fl\xbdQ\xf6\xdb\x8b\xa0n\xe9k\xad*H\xd8\xc6" +
-	"2\xcb9\x9d&\x1a\x8enT\xd8E\x1b\xe4\x86+\xc6" +
-	"Z\x96_\x82F\xce\xcc\xebF\x01.\xeak\xc4KM" +
-	"\x99b\x85\x1a\x8ff\x8c=\xd3\xc9sZ@\xe0\xd0E" +
-	"e\x87\xdc\x12M\x07Zs|U\xab\xc54;\xd6\xd8" +
-	"Np\x9a?\x15\xf5\x82\xcc\x9b\x04\xd4\x00\x84OZ\x18" +
-	"<\x0b\xc8'6\x81 ?&a\xf4\x9a\x82\xc1\xe3\x89" +
-	"\xfc\x90\x05\x82|@B!|k\xc4\xe0\x9dP\xde5" +
-	"\x0a\x82\xbcSB1|\xfe\xc3`\xe6.\x8ft\x80 " +
-	"\x97$L\x84o\xa1\x18\x0c\xece\x8dJ\xab;%\xac" +
-	"\x09\x1f\x161x\x15\x92o\xdb\x0e\x82\xbcDr\x83\x0e" +
-	"\x0aZ=1\xda\xd0\x0d\x00\x032\x1c2\xda\xd0\x0d\xe6" +
-	"T\x18tZ\x00m\xb8\xc5\x87\xe76t\x83I-$" +
-	"s\x9a\xc3\xda\xa8=\xf5>\xa2\x0f\xde\xd0\x86\xf1\x09\xa8" +
-	"x\xa9\x9eh\xfc\xda\xba#\xaa\xff\xc2\x11\xd6hT\xfe" +
-	"\x85}\xe8\x9e\xc7\xe3\xa5\xb5?N9\xb4\xdd\x1f\xc6\x9c" +
-	"\x8c\x8dSNP\xbd}RD\xf5\x0d!*\x1a\x02\x9f" +
-	"\x0e\x86\x86hZAc<\xc1\xec\xd0\xf7|\xbf\xec\xad" +
-	"\x9e \xbays\x98\x97\xc5\xe8meC\x94\x0e\xe2c" +
-	"\xc5\xa9\xb1\xb1\"\x06-\xb94&{\xc4\x87\x8cS/" +
-	"\xd3\xdf\xc5\x1bL\x9e\xce\x12\xdc%\x83GT\x0c\x1e\xbc" +
-	"e\x99\\\xabAr\x83&\x14\x83\\\x08U&\xbb\xca" +
-	"N\xbc\x97e\xfe;\xc9z\x1c\x07\xf1\xceI\x92Gz" +
-	"\x02\x85\xfb\xae\x89\x8d\xf6\x8a\xa6\xdfD&W\xc4\xfb\x80" +
-	"\x09t\xe5]8\xa8\xda\x93\xb4\x98\xf6\xffZ\xb8\xff\xe9" +
-	"\x99\xb1\xd1[\xe0\x7fo\x12\xf1\x0d\x11\xd5wb\xad\xdd" +
-	"\xdb\xcb\x00\xd4\xb7DT?\x89^\x94>\"G\xfdD" +
-	"\xc4\xdeX\x89.\x7fA\x8c\x9fS!\x1bOX5\xf8" +
-	"\x00@\xb6\x96\x12D\x9a'\xac\x84\x97\xb0d\x1c\x04\xc8" +
-	"\xa6\x88>=^\xa07\xe1\x00@\xb6\x91\xe8\xb3\xd1\xef" +
-	"\xc8\x83\xd7\xa8\x8a\x15\x81{\xd1,,\xd7\x8dq\xab\xbe" +
-	"\xe0\x89\x0b\x1d\x82\xcc\x8aE\xb8?\x16_\xbb\x17\xc7\xea" +
-	"\xe0p\xec\x84\xcc\xcaR\x88\xe7\xd1\x0e\xc79W1\xfd" +
-	"\x9d\xc0\x1cY?\xf8\xbc\xd8\xf3k\x89\xd80\xe0Xl" +
-	"N\x16\x18C}\xce\x9f?\xdd\x1d3\xc6w\x06\x01\xd4" +
-	"\xd5\"\xaa\xc3\x02\x07(\xb3\xbf\x9c\xd7\xd0aK-\xb6" +
-	"\xae\xc2$#7\x125\xc5\xd4\x16\xe6\xec~,SA" +
-	"\xbe\xd4b\xad\xeb*,\xce\x10\xbcv\x80\xa4\x9b\xf9\x8b" +
-	"\x9e9\xc6\xa9,og\x83Y3\xb7\x969c^\x81" +
-	"\xaa^*{\xa3\xa7\x8e\xf0\xa1\xb27\xfeP\xe9\xc3\xda" +
-	":r\xf0\xb2\x88\xea\xe6\x18\xac\x8d\x8cF\x1d\xf5\xf8\xa5" +
-	"\xc4\xffL\xf6\xffJ\x8fuTHKWRd\x86\x7f" +
-	"D\xf4\x15\x07\xfdW\xda\x13DO\xd0W9\x1c\x83\x10" +
-	"k0\xf6'&t\x88\xe0o\xfe_\x01\x00\x00\xff\xff" +
-	"\x86\xbe\xf5t"
+const schema_db8274f9144abc7e = "x\xda\xccZ{\x90\x15ev?\xa7\xfb\xde\xe9\x19`" +
+	"\xb8\xb7\xed\xb1\x18X`\x041+\xac\x10u\xd6\xc4\x9d" +
+	"$;O\xd8\x19\x16az\xee\x0c\xba#\xa6\xec\xb9\xf7" +
+	"\x9b\x99\x86\xbe\xdd\x97~\x00CpA\x0a\xa2L`\x05" +
+	"\x17R\xe0\xe2\x16\xe0\x12\x1fq\xb3\xe2be5jI" +
+	"\xb2\x1b$\xabQ6\x98\x92\x8dVT\xb0Rk\xad\xe5" +
+	"\xa2\xa6,Sj\xa7N\xbf\xe7\xce0\x03k\xfe\xc8?" +
+	":u\xee\xe9\xefq\x1e\xbf\xf3;\xe7\xe3\xfa\x9d\x93\x9a" +
+	"\xb8\x1b\xd2'\xab\x01\xe4C\xe9\x0a\x97-\xf8\xd5\xc6C" +
+	"\xd7\xfc\xd3V\x90g \xba\xdf}vi\xcd\xa7\xf6\xd6" +
+	"\xff\x804/\x00\xd4\x9f\xaa\xd8\x88\xd2\x9b\x15\x02\x80t" +
+	"\xb6\xe2\xbf\x00\xdd\xf4\x1f\xbc\xf6V\xe9-a\x1b\x883" +
+	"\x92\xca\x1c)?',E\xe9\xb4@\xca/\x0b\xeb\x01" +
+	"\xdd?-\xber\xe4\x8f\xf6\xfd\x92\x94\xb9X\x19\xb0\xfe" +
+	"\xa6\xca\x8d(uT\x92\xe6\xe2\xca\x15\x80\xeeG{k" +
+	"\xff\xf6\xf0\xbf\xbe\xb8\x1d\xc4\xaf\"\x04{\xdfQ\xf9k" +
+	"\x04\x94\xd6V\xfe\x04\xd0\xfd\xb7\xeb7\x9d\xbf\xf3\xa3=" +
+	"\xf7\x8e\xdc7Ezb\xd50J\xf3\xab\x04\xe0\xdd\x07" +
+	"o\xaf\xf9\x17<\xf4\xc9\x1e\x10\xaf\xa5e\x90~NW" +
+	"M\xe2\x00\xa5YU\x8d\x80\xee+\xd7=\xfb\xcc\xee\x9f" +
+	"\xde\xf3\x03\x90\xbf\x8a\x08\xfe\xf7\x7fV\xf5?\xb4\x8f\xec" +
+	")\\\xf8\xd1\xd7R?~\xe5\x8a\x1fz\x0a\xee\xd1\xd3" +
+	"\xb7>\xb9\xfb\xa7W\xbd\x07=\x9c\x80)\x80\xfa\xa1*" +
+	"\x93t\xb7W\x91-\xf6\xbe\xfe\xdc\xf2\xe2\x9e\x07\x8e\xf8" +
+	"\x87\xf6\xd6b\x938\x0eR\xee\xb6\x8eO\x8a=\x0f\xe5" +
+	"\x1e\x0a\xae\x93\xa6\x9f\xbe3\xe9C\x04\xac/N\xaaC" +
+	"@\xf7\xa6_\xbf\xbb\xe2\x96'\xfb\x1f\x0e4\xbc\x93\xee" +
+	"\x98\xbc\x91Nzt2\x1d\xe4\xc5\xf5\xd9\x9d\xcd\x7f|" +
+	"\xdf\xc3\xe5n\xf1\xd6:5y\x18\xa5\xb7'\xd3\x9fo" +
+	"N\xbe\x95\xd6\x1b\xfe\xc6s+?\xfaK\xeb1\x90\x17" +
+	"b\xca\xfd\xf9\x8es\xeb\xe6?\xda\x7f\xd2;7\x0fP" +
+	"\xdfS\xfd+:\xb7ZM\xb6\xac\xfe\x87\x05\xcb\xef;" +
+	"\xbf\xec\x18-\x9d\xf0\x8b\x7f\x88\xaa\xa9\x0d(M\x9fJ" +
+	"\xae\xb9r*i\xbfz\xdd\xca\xe7\x9f\x7fb\xe0X\xf9" +
+	"A<\x97?5u)J\xa7<\xed_x\xdaWv" +
+	"\xe0\x1b/\xdc\x90\xfa\xfb\xa4#\x872\xef\xd1\xe6\xbb2" +
+	"\xa4p\xfbgO\xfd\xe3\xe2\x0f\xce<\x9dt\xd1\xc2," +
+	"G\x17o\xce\xd2\xc5{\x87\xb1\xf8FC\xd3\xf3 _" +
+	"\x8b\xe8\xae\xde\xb7\xc9n\xdf\xbf\xcb\x85\x1e\x14\x90\x03\xa8" +
+	"W\xb3\x1bi1'K\x016\xeb\xfd\x96j\xfd\x83\xad" +
+	"/\x94E\xa3\xb7\xeb\xe9\xecR\x94\xde\xcd\xd2\xd1\xde\xce" +
+	"\xfe\x04\xf0\x93\xc7\xee\xd9\xddq\xae\xed\xa4<\x03S\xe5" +
+	"\x97\xbeK\xdc\x88\xd2\x1e\x91\xfe\xdc%z\xfe\x89,X" +
+	"\xa6\xee\x07\xfa\x15\xabQ:}\x05\xfd\xf9\xf2\x15\x9e\xfa" +
+	"\xd2\xdb\xbf\x7f\x7f\xfa\xdd\xef\x9f,7)\x85x\xfdY" +
+	"\xc9D\xe9}\x89\xfe\xfc\x8d4\x8d\x07tg<\xf1'" +
+	"\x7f\xd7R8\xfb\xcb1\xb2HR\xa7}(9\xd3\xe8" +
+	"\xaf\xb5\xd3\xe8\x8e\xe7\x16\x1e\xfb\x8b\xdf\xec:}&\x19" +
+	")/O\xf3B\xf6\xedid\xb0{\xbe6\xb4q\xf9" +
+	"5\xc3\xaf\x95;\xc8\xd3\xc4\xdaa\x94\xa6\xd7z\xee\xac" +
+	"\xa5\xe5\xb8w\x95\xe9[\xfe\xfd\x9bo$\x82v{\xed" +
+	";\x08)w\xf9\xca\xdbWW\xddu\xee\\r\xa3\xa1" +
+	"Z\xdfu\xb5\xb4\xd1q\xf1~\xe9\xd9\xc3\x7fs\x9e6" +
+	"\x12\xca\xcd\xfd\xe3\xda^\x94N\xd4z\xe6\xa9}\x98\x83" +
+	"D\xf2\x8c\x158O\x7f\xa5\x01\xa5S_\xf1\x02\xe7+" +
+	"t\xae\x9b\xeelf\xabn\xbe\xed=\x10g\xf0#\xb0" +
+	"\"=\xb3\x01\xa5+gz\x99>\xf3\x1e\x94\xe6\xcf\x12" +
+	"\x00\xdc\xef\x0d\xf4\x9e\xba\xd0z\xf8w\xe5\x8b\xfb\x880" +
+	"\xab\x01\xa59\xa4W?k\x96\xe7\x9f\xfa\x1b\xfe\xea\xfd" +
+	"}\x0f\xb5^\x18\xb5\xba:\xbb\x05\xa5\xa1\xd9t\x0eg" +
+	"\xf6\xb7\xa4\xa3\xb3\xbd\xc5\xbf\xdb\xb6\xe2\x1bsO|\x98" +
+	"\xb4\xc4\xae\xd9\x94\xbe\xd2\xe1\xd9d\x89\xfe\x9b\x7f\xfb\xad" +
+	"k\xbe\xf7\xcf\x1f\x96\xf9\xcfS<1{\x01J\xa7\xbd" +
+	"\x15_&\xe5\x0f\x96\xfc\xf0\xcc\x8c\xcc\x8c\x8f\xcb\x0eJ" +
+	"\x98Z\x7fa\xf6j\x94\xd2u\x9e\xa3\xeaN\xd2Ao" +
+	"{\xe7\x81\xf5\x8d?\xf8\xf8\x13\xba\x17_\x06t\xff}" +
+	"U/JUsh\xe5\xf4\x1c\xca\xa5e\x8f\x9f\xfd\xe6" +
+	"\xe0\xbe\x17?\x1d\x13\xba\x8f\xcd\xd9\x8a\xd2/<\xed\x13" +
+	"s\x08\xae\xfeZ8xn\xcb\x7f\xfe\xf9g\xc9[=" +
+	":\xf7\x1d\xba\xd5ss\xe9V\x9b>8\xd0~\xdf\xaa" +
+	"\xc7\xbfH*\xbc9w+\xa5\xe6\xa7\x9eB\x94\x8cc" +
+	"E\xda\xf4\xab[P\x9a\x7f5\xedw\xcd\xd5\xa4m;" +
+	"\xba\xce4\xb3\x94\xca\xffa\xf8g~Q^)\xe9\xa5" +
+	"\x86f\xc7\x1ed\xba\xad\xe6\x15\x9bu\xb1F\xabd\xe8" +
+	"\x16\xebD\x94\xb3|\x0a \x85\x00\xa2\xb2\x1a@\xbe\x93" +
+	"GY\xe3PD\xac!\xb8\x16U\x12\x0e\xf2(\xdb\x1c" +
+	"\x8a\x1cWC\x88 \xae\x9d\x0b k<\xca\x1b8D" +
+	"\xbe\x86\xf0Nt\xee\x07\x907\xf0(o\xe3\xd0-1" +
+	"\xb3\xa8\xe8L\x87\x8c\xbd\xd84q\x0ap8\x05\xd05" +
+	"\x99m\x0e)}\x1adXB,\xac^oc5p" +
+	"X\x0d\xe8\x0e\x1a\x8ei\xf5\xe86\xaaZ\x17\xeb7\x99" +
+	"\x85\x83X\x01\x1cV\x8c\x7f\xbdVC\xd7Y\xde\xce9" +
+	"\xf9<\xb3,\x00\xbaYet\xb3\xf9\x0f\x00\xc8\xd7\xf1" +
+	"(\xdf\x9c\xb8\xd9Mt\xb3\xaf\xf3(7q\xe8Z\xcc" +
+	"\\\xc7\xcce\x06\xe6\x15[5\xf4\xe5\x0a_d\xd1\xb1" +
+	"\xf3\x9a\xcat\xbb\xd5\x80\x8c\xde\xaf\x0e`6N\x05@" +
+	"\xcc\x8e\x7f\xb0\xc5\x1bT\xcbV\xf5\x81nO\xde\xd8i" +
+	"hj~\x88N7\xc5\xb3\xe4\xac\x06ZC\xbc\xb2\x17" +
+	"\x009Ql\x01hT\x07t\xc3dnA\xb5\xf2t" +
+	")\xe0\xf3\xf6\xe6>ES\xf4<\x8b6\xaa\x18\xbd\x91" +
+	"\xbfA\xce\xbb\xc7\"%\xe1\xedy\x9d\x8a\xa9\xf0EK" +
+	"\x9e\x12\xd9cq/\x80\xdc\xc6\xa3\xdc\x99\xb0\xc7-K" +
+	"\x01\xe4e<\xca\xb7%<\xdd\xd3\x02 w\xf2(\xaf" +
+	"\xe2\xd05Lu@\xd5[\x19\xf0f\xd2a\x96\xad+" +
+	"E\x06\x00\xa1\xc16\x1b%2\xa2\x85\xd9\x18\xa5\xcb," +
+	"\x95\x1e}\x81v\xa6i\xc6\xad\x86\xa9\x15V\xf8\xfb\x18" +
+	"dm\xcf\x95\xd1g\xc2\x18\x9e\xf7\x9cC\xf7V\xf3l" +
+	"\x91c1\xff;\xc7\xf4\x1c9\xaf\x8bY\x8ef[\x00" +
+	"r*\xba~u\x03\x80\\\xc9\xa3\\\xc3a\xa3\xe9)" +
+	"`6\x06\xf5\xb2\xa3NdkG7\xd9\x80j\xd9\xcc" +
+	"\xf4\xc5\xf3\x1a\xc9\xe0E+\xb9!\xc5_\x96Gy&" +
+	"\x87\xee\x80\xa9\xe4Y'3Q5\x0a\xcb\x15\xdd\xc8\xf1" +
+	",\x8fi\xe00=~$-QT\x8d\x15\xfc\xdb-" +
+	"\xca\xd7y\xff\xa7\xec\x9d\xe2\xba~\xfa\xf6\xc6\xe9[\x8d" +
+	"_\xb8A\xfen\x8c\xf3\xb7\x9a\xfb\xdc\x1d\x9d\xc0\xd5\xfc" +
+	"gn\x90\xc2\x94\x116\x8f\xf2\x16\xca\x08\xa7D6\xb5" +
+	"\x807L\xcc\xc6(\x19X\x87\x15\x06\xc8\xd2:4\xb2" +
+	"<\x19\x1a\xb3a\xb5\xf7\x15\x84\x821\x88\xd9\x98\xca\x04" +
+	"\x9f\x99l\x1d3-\xd6\x09\x19\xd3\xd80\x84\xd9\xb8\xea" +
+	"\x97Y}\xea\xe5Z=tt\xf4\xd5\xf8\xdf\x9b,\xef" +
+	"CF\xf0yg\x9d\xef\xb4\x9a\xc8iw\xcd\x8d\x01-" +
+	"J\x92\xbb\xfb\x00\xe4-<\xca;\x13I\xb2\x83,\x7f" +
+	"/\x8f\xf2^\x0eE>\xc0\xc3=\x94N\xbby\x94\x0f" +
+	"r(\xa6R5Df\xc5\x03\x94N{y\x94\x0fq" +
+	"#a\x8f\xadc\xba\xdd\xa6\x0e\x80\xc0\xacXJGl" +
+	"S\x07\x18\xf0\xd6\x97M\xb8\xca\x09\xeca\xf4Y\x86\xc6" +
+	"l\xd6\xc6\xf2\x9aB\xb9\xb3\x8e\xf9\xbf\x07\xc8:VT" +
+	"\xd3\xb5\xa7\xf0(\xd7\x12\xe2\xd3\xaf\xcc&l\xa0cD" +
+	"\\z\xe2\xbco\xa5\xff\x06\xbbt\x06\xab\x98\x01\x84\xd7" +
+	"F\x9b\x1d\xa0\xcd\xf6\xf3(\xff(\xe1\x8d\xc3&uT" +
+	"<\xca\x8fs\x88\x813\x1e=\x02 ?\xce\xa3\xfc3" +
+	"r\x06\xe7;\xe3\xa9\x05\x00\xf2\x13<\xca/\x913x" +
+	"\xdf\x19\xa7(+_\xe2Q~\x9dC1\x9d\xaa\xc14" +
+	"\x80\xf8\x1a9\xf8\x0c\x8f\xf2[\x17\x03\xbc\xbcf8\x85" +
+	"~M\x81:\x93\x15:\xda\"\xb9\xee\x14;M\xb6N" +
+	"E\xc3\xb1\x9am\x9b\x15\x85\x92m\x85\xb5+c+\x03" +
+	"\x16N\x05\xec\xe4\x11\xb31\x1b\x05$a\xb4&\x9a\xac" +
+	"\xb0\x92\x99\x96\xca\x1bzT~T\xddf\xba\xbdL\x01" +
+	"\xa1\x8fi\x91t\x1cx\xea\x0a\x92\x8cR,\xc0\x0b#" +
+	"\x86T\x1c\xa0J0\xd3u\x03#.&\xdb4\xf1(" +
+	"/\xe3p\x16~Ab\xb2cG\x17\x80\xdc\xce\xa3\xdc" +
+	"\xcd\xe1,\xees\x12\x93%\xe5\xde\xb8 d\x06m\xbb" +
+	"\x84\xd9\x98\xa5\x06\xce^\xcf\xfa,#\xbf\x86\x01\x12\xae" +
+	"F\x94)\xf8u0\xc0y\xe0\xb5\x02f\xe36\xb3," +
+	"R\xf8\x8b\x15\xf9F\xa2\x14\x86\xe9\xd5\xd0\xb8\xa2\xdd\x18" +
+	"_\"\x8c\x8e\x8e\xde\xf8\x06\"\xd7\xe4_K\xee\x8b\xcf" +
+	"_\x97W\x1c\x8b\x8dd'\xcd\xfd6\xf0\xcc\x8c\x00\xd9" +
+	"\x1a4\x1c\xad\xd0\xc5@\xb0\xcd!D\xe0\x10\xc7\x87\xe9" +
+	"6\xa3=ax?\x8c\xc7\xae\xbcQ\xe1\xedM\x16\xde" +
+	"\xc0\xfc=d\xfen\x1e\xe5\x12\x87\xaeF@\xa7\xb7\x1b" +
+	"\x1e\x0e\x84\xc7\xf5\x85\x9d\x86\x17\x9c\x02p(\x00\xbaN" +
+	"\xc9\xb2M\xa6\x14\x01\xa3h#\xfd\xa9\x97Q\xcf\xcap" +
+	"\xb5S\xc9xy\xff\xff\x89=\\>\x0d\xf0\xc1k\x04" +
+	"\x098\x92\xa8\xc9\xf9\xe0k\xf4>o5t\xe1\xb2\x89" +
+	"^\x80`~\x19Z\x14\xd0\x0a\xe2\xa0a}\x9eO\xf5" +
+	"d\x1e\x8f\xf2\xf5\xc9\xfa\xbc\x90Lt-\x8f\xf2\xd79" +
+	"\x14\x98I\xa56\x1a\x16\xf8\x9bn\xb6|R\x8b\xd9x" +
+	"\x144\xf1q\x12|_5\xf4Qa87N\x97\xc8" +
+	"\x85\x1d7&\xfc\x1a\xba\xf0\x96\xbe\xd8\xaf\xc2\x1a6\x14" +
+	"z\xa9\x8e\x15\x155F\xa3\xc0\xb9\xcd |;\xd6\x19" +
+	"\x97\x17\x07\xfc\xc1g\x0f\x8d\xbe\xb7\xe8\x90\x89\x02<\x9c" +
+	"\xa8\xb5\xe1!wP\x9b\xb1\x93Gy\x7f\xe2\x90\xfbZ" +
+	"\x12\xb56,\xc0\x07\xc8\xc1\x07y\x94\x1f\xe1\x10\x83\xfa" +
+	"{\x94 \xff\x11\x1e\xe5\xe3\x9c\x07\xd8\xed\xcd\xad\x86\x8e" +
+	"\xc1!,\x80\xa8\xd5\x18d\x8ai\xf71\x05\xed\x0e\xdd" +
+	"f\xe6:\x05\xb5\x10\x126\xdbj\x91\x19\x8e\x1dAD" +
+	"Q\xd9\xe0q3,\xb4\xfb_\x09\x8ama\x15pX" +
+	"E\x19i1\xb3\xd5d\x05$o(Z\xa7\xc2\xdb\x83" +
+	"\x97b\xa0\x91 \x9e\x19\xc3<\xc4\xec6\xf1(\xdfK" +
+	"P\x82\x89\x81\x94\xb8}5p\x1e\x92\xd0\x9d\xd7\xb6\xc4" +
+	"\\\xcf+\x88\xe9\xb2n\xcd+\x88\x15Dn\xc8:\xdb" +
+	"x\x94ws\xe1\xd1\xda\x0dh\xf43\xb4\xdc\xd5A7" +
+	"\xb4\x99PSe\xf1}\x03Z\xa5\xa2\xa1w{\x86\xc2" +
+	"\xd8Ry\xa3X2)\x94UC\x97\x1dESy{" +
+	"(\xfap\\[\x10$\xf9\xa9\xbc\xa2T\xe79\x8b\x8c" +
+	"qsh\x0ci\x08\x97\x02\xe46 \x8f\xb9m\x18\x87" +
+	"\x8bt7\xb6\x00\xe46\x91\xfc^\x8c#F\xda\x8e3" +
+	"\x00r[H\xbe\x13\xa3&V\xda\x81\x8f\x01\xe4v\x92" +
+	"x?\xc6TA\xda\xe7-\xbf\x97\xe4\x870f\x0b\xd2" +
+	"\x83\xb8\x00 \xb7\x9f\xe4\xc7I^\xc1y\x96\x94\x8e\xe1" +
+	"j\x80\xdc\x13$\x7f\x96\xe4B\xba\x86:v\xe9i4" +
+	"\x01r?#\xf9\xcfI^Y[\x83\x95\x00\xd2\x09O" +
+	"\xfe\x02\xc9_\"y\xd5\xf4\x1a\xac\x02\x90N\xe1V\x80" +
+	"\xdc\x8b$?C\xf2IX\x83\x93\x00\xa4\xd3\xf8\x00@" +
+	"\xee\x0c\xc9\xdf\"\xf9\xe4\x8a\x1a\x9c\x0c \xbd\xe9\x9d\xe7" +
+	"u\x92\x9f'\xf9\x94T\x0dN\x01\x90\xde\xc6#\x00\xb9" +
+	"\xf3$\xff\x1d\xc9\xab\x85\x1a\xac\x06\x90\xde\xf7\xee\xf5[" +
+	"\x92Wr\x11\x0ev\x14\x92pLa\xa8\xc6t\x847" +
+	"\xac(\x14X\xd0\xdc\xa2_+:\x8d\x0cu\xb7\x98\x89" +
+	"\xc7\xd0\x80\x98\x01tK\x86\xa1-\x1f\x09\xf3\x131\xa2" +
+	" \x8c c\xe8\x1d\x85(/\xfd\xe0[f@]^" +
+	"\xd1:J1G\xb2\x9a\x1d\xdbpJPWPlV" +
+	"\x88\x0a\xb5\xe9\xe8KL\xa3\xd8\x8d\xcc,\xaa\xba\xa2A" +
+	"\xf4\xcbx\xb1\x98q\x1c\xb5\x10\xad=.\xb1s\xfb\x99" +
+	"b;&\xb3\xe8j\x17\xa9\xb8\\yD\xd7\x95\x1a\xba" +
+	"\x95\x81\xb2\x19\xc5\x82\xb8<Dh\xb7\xf0\xc6\xb8:d" +
+	"\x92YX\xb7N\xd1\x1cv)dp\xdc\xae\xa7\xab\xd1" +
+	"\xef\x9a&j\x8e\xc3\x89\xda\xc4l\xbe\xa7\xac\xf2\xfa\xf5" +
+	"p\xd4@\xa6%\xbeltW3\x18\xd2\xb4sq\xcd" +
+	"\x0b\xbd\xd5\x1f4\xbfPGk'\xe2&\x1ay\x06q" +
+	"s\xa9\x96\x18`\xb6\xffW\x87\xdeo\x10=\x10\x94\xa2" +
+	"\xf5{~\xdd\xc5\xac\xcc\xa5X1\x1ebN\\\xbf\xdb" +
+	"\xbb\xbb;\xe39\x08\xef\x83\xff\xf5\x11\xde5c\x17@" +
+	"\xae\x89\x12w\x19F6\x94:<\xdci'q7\xc6" +
+	"\xacW\x92=|\xe9$\xf9*\x8c\xfb\"\xe9;\x1e." +
+	"\xac\"\xf9\xa0\x87w\xcd>\xde1o\xf9\x02\xc9K\x1e" +
+	"\xde\xa1\x8fwEo}\x8d\xe4\x1b\x92x\xe7\xe0\xf0\x08" +
+	"\xf8\x15x\x1f\xef\xee\xf6pj\x1b\xc9w{x\x97\xf2" +
+	"\xf1n\x17>\x09\x90\xdbM\xf2\x83\x1e\xde\xa5}\xbc;" +
+	"\x80\xcf\x00\xe4\x0e\x92\xfc\x11\x0f\xef*|\xbc;\xea\xe9" +
+	"?\x12\xe1\xec\xe4\x16\x1f\xef\x8ey\xf8\x18\xe1\xac\xeb\x98" +
+	"Z\xce6U\x1dp \xce\x8d|\xe9\xdb\x8c\x95\x9a!" +
+	"\xa3\xa9\xebXT\x8b\x0a\xaa\xa2\xb59\x8a\x06u9[" +
+	"\xc9\xaf\x89\xa9\xbdf\xb5+z\xc1\xc2Ae\x0d\xa3\x0a" +
+	"&$k\xbd\xadY+\x99\xa9\xf6\x03\xc6\xcd@\xc4}" +
+	"2\x9d\x86QN\x89<N\xc9L\x1f\xfc\xa2\xdf\x8a\xca" +
+	"\x86\x8e\x82\xc6Z1d@\xbc\x1eWP\x95~1t" +
+	"\x1d}Z\xd2\xad\xd6\x8d\xe4\x1b\xa5\xa0\xbd\x08yKw" +
+	"c\x19!a\x1bJ,o\xb7\x1a\xa8\xdb\xaa\xee\xb0Q" +
+	"\x0b\xe4\x07\x1d}\x0d+,F=o\x14T}\x00F" +
+	"\xf55\xfc\xc5\xc6O\x09\xa2\xe6e3&\xde\xef\xc4\xf9" +
+	"\x0d\xc0y\xd0E\xb4Cl\x88\xa7\x03\x8dy\xef\xabF" +
+	"\x93)V\xa2\xb1\x1dg\xb7`\\\xea'\x99?\x09H" +
+	"\x03Do]\x18\xbe\x17\x88\xc76\x02'>*`\xfc" +
+	"\xcc\x82\xe1\xab\x8a\xf8\xa0\x09\x9c\xb8O@.z\x84\xc4" +
+	"\xf0\x01Q\xdc1\x0c\x9c\xb8]@>z\x17\xc4p\x18" +
+	"\x7f\xc3\xd0$\x04N\xbcK\xc0T\xf4J\x8a\xe1(_" +
+	"\\K\xdcJ\x150\x1d=9b\xf8^$\xde\xb1\x15" +
+	"8\xb1Gp\xc3\x16\x0a\x1a\xfd{4\xa1\x1b\"\x06\xd4" +
+	"y\x98\xd1\x84n8\xc1\xc2\xb0\xd5\x02hB7\x9c\xc3" +
+	"\xf0\x17\x1b\xc4xZ\xe1|\x172y\xc5fM\xd4\xbb" +
+	"\xfa\xc0\x8e\x01\xb2C\x13&\xe7\xa6\xfc\xc5\x1a\xa6\xb1\x89" +
+	"wKL\x0e\xa3\xc1\xd7p\xcc\x0d\xa3&u\xd7cI" +
+	"\xde\x1d\xccZ\x0el\x0d&5\xc7\x13\xb3\x96cD\xc6" +
+	"\x8f\xf3(\xbf\xca\xc5\x8c\"\x0c\xf8p\xd4\x88\x86\x19v" +
+	"\xcd\xe3L\x1c\x83\xb4\x088q\xf9\xdc\xd1-\x18\x83\x1e" +
+	"gF\x7f)\x0b\xe2Z\x91\x1cFNM\x0c#1\xec" +
+	"\xd7\x85\x11\xa5%9\x9a\x9c:A\xf3\x97\xec>\xbdZ" +
+	"\x97\xf2\xe25|z\xc5\xf0\x99\\\x14)\xee\xaa\x057" +
+	"\xecP1,\x94P\xe6\xb2\xcbl\xd3\xbbX\xdd\x97\xa9" +
+	"\xe4c\x04\x88\xbfO\x86\xa2\xd5\xbfP\xb4\xee\xea\xc4\xdc" +
+	"O3\x82\x0e3\xb3<\xd9$\x8cc+\xff\xc0!\xa5" +
+	"\xcf\xd0\xc7\xb4\xfeU\xd1\xfa\xa7\xe7&\xe6ra\xfc\xbd" +
+	"F\xc2Wy\x94\xdfH\xf4}g\x97\x02\xc8\xaf\xf3(" +
+	"\x7f\x1c\xbfC]\xa0@\xfd\x98\xc7\xae\x04\x7f\x17?'" +
+	"\xc5\xcf\x88\xe5&\xabY\x1a\xef\x07\xc8UR\xf5\xa8\xf1" +
+	"\xaaY\xca\xaff\"\xf6\x01\xe4\xb2$\x9f\x99d\xef\xd3" +
+	"\xb1\x17 WK\xf2y\x18\xb4\xeb\xe1\x1b\x96c\xc6\xc8" +
+	"\xaf\x19\x03\xcbT}LJ\x18>\x8c\xa1Mx\xea\x98" +
+	"T\x14F\x82oG[\x82$G3)df\x8eR" +
+	"\xbc\x80V4\xeb\xb9\x8c\x99\xf18\xee\xc8\x05\xc9\xe7\xe7" +
+	"^@4\x12\x93\x82#\x89!Z\xe8\x0c\xf9\x99`8" +
+	"ug\xc2\x19w\xf4\x01\xc8\xabx\x94\x079\x0f\xa0\x8c" +
+	"\x9eRAA\x9b-1\xd9Z\x87\x09z~(\xee\x98" +
+	"\xa9g\xcc[=X\"\xb6\xbe\xc4d\x8dk\x1d\x96T" +
+	"\x08\xdfH@P\x8d\xc2\xa8\xc7\x911h\xe7\xad\xac/" +
+	"g\xe4\xd70{\xc4\xdbQ\xd9\xfbfW\xfc@\x12=" +
+	"ov%\x9f7\x03X[K\x01^\xe2Q\xde\x94\x80" +
+	"\xb5\xa1\xe1\xb8\xdd\x1e\x9bg\xfc\xdfP\x83\xdf\xeb\x89\x8f" +
+	"X\xb6p)\x0c4\xfa\xa7Ge\xf9_\xf5e\x9f\x07" +
+	"\xc2\xe7\x97\x09O\x10\xbdh_\xe6H\x0d\"\x10\xc2\xc4" +
+	"\xbfX\xa1M\xb8`\xf1\xff\x0d\x00\x00\xff\xff\xcb\x86\x19" +
+	"\x8c"
 
 func init() {
 	schemas.Register(schema_db8274f9144abc7e,
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 307f6033..edc7d64b 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -299,7 +299,7 @@ gopkg.in/urfave/cli.v2
 gopkg.in/urfave/cli.v2/altsrc
 # gopkg.in/yaml.v2 v2.2.4
 gopkg.in/yaml.v2
-# zombiezen.com/go/capnproto2 v0.0.0-20180616160808-7cfd211c19c7
+# zombiezen.com/go/capnproto2 v2.18.0+incompatible
 zombiezen.com/go/capnproto2
 zombiezen.com/go/capnproto2/encoding/text
 zombiezen.com/go/capnproto2/internal/fulfiller
diff --git a/vendor/zombiezen.com/go/capnproto2/AUTHORS b/vendor/zombiezen.com/go/capnproto2/AUTHORS
index 272a1a16..3ea1e9c7 100644
--- a/vendor/zombiezen.com/go/capnproto2/AUTHORS
+++ b/vendor/zombiezen.com/go/capnproto2/AUTHORS
@@ -10,8 +10,10 @@
 
 # Please keep the list sorted.
 
+Anapaya Systems AG
 CloudFlare Inc.
 Daniel Darabos <darabos.daniel@gmail.com>
+Dominik Roos <domi.roos@gmail.com>
 Eran Duchan <pavius@gmail.com>
 Evan Shaw <edsrzf@gmail.com>
 Google Inc.
@@ -20,8 +22,11 @@ James McKaskill <james@foobar.co.nz>
 Jason E. Aten <j.e.aten@gmail.com>
 Johan Hernandez <im@bithavoc.io>
 Joonsung Lee <joonsung@devsisters.com>
+Kiwi.com s.r.o.
 Lev Radomislensky <lev.radomislensky@gmail.com>
 Peter Waldschmidt <peterw@gnoso.com>
+Tiit Pikma <pikma@hot.ee>
 Tom Thorogood <me+github@tomthorogood.co.uk>
 TJ Holowaychuk <tj@apex.sh>
 William Laffin <william.laffin@gmail.com>
+Colin Arnott <colin@urandom.co.uk>
diff --git a/vendor/zombiezen.com/go/capnproto2/CHANGELOG.md b/vendor/zombiezen.com/go/capnproto2/CHANGELOG.md
index ae0ec8bf..c3f67286 100644
--- a/vendor/zombiezen.com/go/capnproto2/CHANGELOG.md
+++ b/vendor/zombiezen.com/go/capnproto2/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Go Cap'n Proto Release Notes
 
+## 2.17.3
+
+- Clear read limits for `const` messages in schemas.
+  ([#131](https://github.com/capnproto/go-capnproto2/pull/131))
+
 ## 2.17.0
 
 - Add `capnp.Canonicalize` function that implements the
diff --git a/vendor/zombiezen.com/go/capnproto2/CONTRIBUTORS b/vendor/zombiezen.com/go/capnproto2/CONTRIBUTORS
index bcdd5743..9a1aa311 100644
--- a/vendor/zombiezen.com/go/capnproto2/CONTRIBUTORS
+++ b/vendor/zombiezen.com/go/capnproto2/CONTRIBUTORS
@@ -18,6 +18,7 @@
 Alan Braithwaite <alan@cloudflare.com>
 Albert Strasheim <albert@cloudflare.com>
 Daniel Darabos <darabos.daniel@gmail.com>
+Dominik Roos <domi.roos@gmail.com>
 Eran Duchan <pavius@gmail.com>
 Evan Shaw <edsrzf@gmail.com>
 Ian Denhardt <ian@zenhack.net>
@@ -26,8 +27,13 @@ Jason E. Aten <j.e.aten@gmail.com>
 Johan Hernandez <im@bithavoc.io>
 Joonsung Lee <joonsung@devsisters.com>
 Lev Radomislensky <lev.radomislensky@gmail.com>
+Lukas Vogel <vogel@anapaya.net> <lukedirtwalker@gmail.com>
+Martin Sucha <martin.sucha@kiwi.com>
 Peter Waldschmidt <peterw@gnoso.com>
 Ross Light <light@google.com> <ross@zombiezen.com>
+Stephen Shirley <kormat@anapaya.net> <kormat@gmail.com>
+Tiit Pikma <pikma@hot.ee>
 Tom Thorogood <me+github@tomthorogood.co.uk>
 TJ Holowaychuk <tj@apex.sh>
 William Laffin <william.laffin@gmail.com>
+Colin Arnott <colin@urandom.co.uk>
diff --git a/vendor/zombiezen.com/go/capnproto2/WORKSPACE b/vendor/zombiezen.com/go/capnproto2/WORKSPACE
index 7b5176a9..7d3d0a61 100644
--- a/vendor/zombiezen.com/go/capnproto2/WORKSPACE
+++ b/vendor/zombiezen.com/go/capnproto2/WORKSPACE
@@ -4,17 +4,17 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 
 http_archive(
     name = "io_bazel_rules_go",
-    sha256 = "8b68d0630d63d95dacc0016c3bb4b76154fe34fca93efd65d1c366de3fcb4294",
-    urls = ["https://github.com/bazelbuild/rules_go/releases/download/0.12.1/rules_go-0.12.1.tar.gz"],
+    sha256 = "86ae934bd4c43b99893fc64be9d9fc684b81461581df7ea8fc291c816f5ee8c5",
+    urls = ["https://github.com/bazelbuild/rules_go/releases/download/0.18.3/rules_go-0.18.3.tar.gz"],
 )
 
 http_archive(
     name = "bazel_gazelle",
-    sha256 = "ddedc7aaeb61f2654d7d7d4fd7940052ea992ccdb031b8f9797ed143ac7e8d43",
-    urls = ["https://github.com/bazelbuild/bazel-gazelle/releases/download/0.12.0/bazel-gazelle-0.12.0.tar.gz"],
+    sha256 = "3c681998538231a2d24d0c07ed5a7658cb72bfb5fd4bf9911157c0e9ac6a2687",
+    urls = ["https://github.com/bazelbuild/bazel-gazelle/releases/download/0.17.0/bazel-gazelle-0.17.0.tar.gz"],
 )
 
-load("@io_bazel_rules_go//go:def.bzl", "go_register_toolchains", "go_rules_dependencies")
+load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
 
 go_rules_dependencies()
 
diff --git a/vendor/zombiezen.com/go/capnproto2/capn.go b/vendor/zombiezen.com/go/capnproto2/capn.go
index 6de4c836..c4701e6e 100644
--- a/vendor/zombiezen.com/go/capnproto2/capn.go
+++ b/vendor/zombiezen.com/go/capnproto2/capn.go
@@ -200,6 +200,9 @@ func (s *Segment) readListPtr(base Address, val rawPointer) (List, error) {
 		}
 		sz := hdr.structSize()
 		n := int32(hdr.offset())
+		if n < 0 {
+			return List{}, errListSize
+		}
 		// TODO(light): check that this has the same end address
 		if tsize, ok := sz.totalSize().times(n); !ok {
 			return List{}, errOverflow
@@ -214,11 +217,15 @@ func (s *Segment) readListPtr(base Address, val rawPointer) (List, error) {
 			flags:  isCompositeList,
 		}, nil
 	}
+	n := val.numListElements()
+	if n < 0 {
+		return List{}, errListSize
+	}
 	if lt == bit1List {
 		return List{
 			seg:    s,
 			off:    addr,
-			length: val.numListElements(),
+			length: n,
 			flags:  isBitList,
 		}, nil
 	}
@@ -226,7 +233,7 @@ func (s *Segment) readListPtr(base Address, val rawPointer) (List, error) {
 		seg:    s,
 		size:   val.elementSize(),
 		off:    addr,
-		length: val.numListElements(),
+		length: n,
 	}, nil
 }
 
diff --git a/vendor/zombiezen.com/go/capnproto2/doc.go b/vendor/zombiezen.com/go/capnproto2/doc.go
index ef7f6497..f4109f1a 100644
--- a/vendor/zombiezen.com/go/capnproto2/doc.go
+++ b/vendor/zombiezen.com/go/capnproto2/doc.go
@@ -81,10 +81,10 @@ Structs
 
 For the following schema:
 
-struct Foo @0x8423424e9b01c0af {
-  num @0 :UInt32;
-  bar @1 :Foo;
-}
+	struct Foo @0x8423424e9b01c0af {
+	  num @0 :UInt32;
+	  bar @1 :Foo;
+	}
 
 capnpc-go will generate:
 
@@ -168,9 +168,9 @@ For each group a typedef is created with a different method set for just the
 groups fields:
 
 	struct Foo {
-		group :Group {
-			field @0 :Bool;
-		}
+	  group :Group {
+	    field @0 :Bool;
+	  }
 	}
 
 generates the following:
@@ -194,10 +194,10 @@ Named unions are treated as a group with an inner unnamed union. Unnamed
 unions generate an enum Type_Which and a corresponding Which() function:
 
 	struct Foo {
-		union {
-			a @0 :Bool;
-			b @1 :Bool;
-		}
+	  union {
+	    a @0 :Bool;
+	    b @1 :Bool;
+	  }
 	}
 
 generates the following:
@@ -225,10 +225,10 @@ For voids in unions, there is a void setter that just sets the discriminator.
 For example:
 
 	struct Foo {
-		union {
-			a @0 :Void;
-			b @1 :Void;
-		}
+	  union {
+	    a @0 :Void;
+	    b @1 :Void;
+	  }
 	}
 
 generates the following:
@@ -241,14 +241,14 @@ the discriminator. This must be called before the group getter can be
 used to set values. For example:
 
 	struct Foo {
-		union {
-			a :group {
-				v :Bool
-			}
-			b :group {
-				v :Bool
-			}
-		}
+	  union {
+	    a :group {
+	      v :Bool
+	    }
+	    b :group {
+	      v :Bool
+	    }
+	  }
 	}
 
 and in usage:
@@ -293,10 +293,10 @@ but the tags can be customized with a $Go.tag or $Go.notag annotation.
 For example:
 
 	enum ElementSize {
-		empty @0           $Go.tag("void");
-		bit @1             $Go.tag("1 bit");
-		byte @2            $Go.tag("8 bits");
-		inlineComposite @7 $Go.notag;
+	  empty @0           $Go.tag("void");
+	  bit @1             $Go.tag("1 bit");
+	  byte @2            $Go.tag("8 bits");
+	  inlineComposite @7 $Go.notag;
 	}
 
 In the generated go file:
diff --git a/vendor/zombiezen.com/go/capnproto2/encoding/text/marshal.go b/vendor/zombiezen.com/go/capnproto2/encoding/text/marshal.go
index 48cdaf57..fde265c3 100644
--- a/vendor/zombiezen.com/go/capnproto2/encoding/text/marshal.go
+++ b/vendor/zombiezen.com/go/capnproto2/encoding/text/marshal.go
@@ -42,14 +42,14 @@ func MarshalList(typeID uint64, l capnp.List) (string, error) {
 
 // An Encoder writes the text format of Cap'n Proto messages to an output stream.
 type Encoder struct {
-	w     errWriter
+	w     indentWriter
 	tmp   []byte
 	nodes nodemap.Map
 }
 
 // NewEncoder returns a new encoder that writes to w.
 func NewEncoder(w io.Writer) *Encoder {
-	return &Encoder{w: errWriter{w: w}}
+	return &Encoder{w: indentWriter{w: w}}
 }
 
 // UseRegistry changes the registry that the encoder consults for
@@ -58,6 +58,12 @@ func (enc *Encoder) UseRegistry(reg *schemas.Registry) {
 	enc.nodes.UseRegistry(reg)
 }
 
+// SetIndent sets string to indent each level with.
+// An empty string disables indentation.
+func (enc *Encoder) SetIndent(indent string) {
+	enc.w.indentPerLevel = indent
+}
+
 // Encode writes the text representation of s to the stream.
 func (enc *Encoder) Encode(typeID uint64, s capnp.Struct) error {
 	if enc.w.err != nil {
@@ -133,8 +139,14 @@ func (enc *Encoder) marshalStruct(typeID uint64, s capnp.Struct) error {
 	if n.StructNode().DiscriminantCount() > 0 {
 		discriminant = s.Uint16(capnp.DataOffset(n.StructNode().DiscriminantOffset() * 2))
 	}
-	enc.w.WriteByte('(')
 	fields := codeOrderFields(n.StructNode())
+	if len(fields) == 0 {
+		enc.w.WriteString("()")
+		return nil
+	}
+	enc.w.WriteByte('(')
+	enc.w.Indent()
+	enc.w.NewLine()
 	first := true
 	for _, f := range fields {
 		if !(f.Which() == schema.Field_Which_slot || f.Which() == schema.Field_Which_group) {
@@ -144,7 +156,8 @@ func (enc *Encoder) marshalStruct(typeID uint64, s capnp.Struct) error {
 			continue
 		}
 		if !first {
-			enc.w.WriteString(", ")
+			enc.w.WriteByte(',')
+			enc.w.NewLineOrSpace()
 		}
 		first = false
 		name, err := f.NameBytes()
@@ -164,6 +177,8 @@ func (enc *Encoder) marshalStruct(typeID uint64, s capnp.Struct) error {
 			}
 		}
 	}
+	enc.w.NewLine()
+	enc.w.Unindent()
 	enc.w.WriteByte(')')
 	return nil
 }
@@ -298,101 +313,154 @@ func codeOrderFields(s schema.Node_structNode) []schema.Field {
 }
 
 func (enc *Encoder) marshalList(elem schema.Type, l capnp.List) error {
-	switch elem.Which() {
-	case schema.Type_Which_void:
-		enc.w.WriteString(capnp.VoidList{List: l}.String())
-	case schema.Type_Which_bool:
-		enc.w.WriteString(capnp.BitList{List: l}.String())
-	case schema.Type_Which_int8:
-		enc.w.WriteString(capnp.Int8List{List: l}.String())
-	case schema.Type_Which_int16:
-		enc.w.WriteString(capnp.Int16List{List: l}.String())
-	case schema.Type_Which_int32:
-		enc.w.WriteString(capnp.Int32List{List: l}.String())
-	case schema.Type_Which_int64:
-		enc.w.WriteString(capnp.Int64List{List: l}.String())
-	case schema.Type_Which_uint8:
-		enc.w.WriteString(capnp.UInt8List{List: l}.String())
-	case schema.Type_Which_uint16:
-		enc.w.WriteString(capnp.UInt16List{List: l}.String())
-	case schema.Type_Which_uint32:
-		enc.w.WriteString(capnp.UInt32List{List: l}.String())
-	case schema.Type_Which_uint64:
-		enc.w.WriteString(capnp.UInt64List{List: l}.String())
-	case schema.Type_Which_float32:
-		enc.w.WriteString(capnp.Float32List{List: l}.String())
-	case schema.Type_Which_float64:
-		enc.w.WriteString(capnp.Float64List{List: l}.String())
-	case schema.Type_Which_data:
-		enc.w.WriteString(capnp.DataList{List: l}.String())
-	case schema.Type_Which_text:
-		enc.w.WriteString(capnp.TextList{List: l}.String())
-	case schema.Type_Which_structType:
+	writeListItems := func(writeItem func(i int) error) error {
+		if l.Len() == 0 {
+			_, err := enc.w.WriteString("[]")
+			return err
+		}
 		enc.w.WriteByte('[')
+		enc.w.Indent()
+		enc.w.NewLine()
 		for i := 0; i < l.Len(); i++ {
-			if i > 0 {
-				enc.w.WriteString(", ")
-			}
-			err := enc.marshalStruct(elem.StructType().TypeId(), l.Struct(i))
+			err := writeItem(i)
 			if err != nil {
 				return err
 			}
+			if i == l.Len()-1 {
+				enc.w.NewLine()
+			} else {
+				enc.w.WriteByte(',')
+				enc.w.NewLineOrSpace()
+			}
 		}
+		enc.w.Unindent()
 		enc.w.WriteByte(']')
+		return nil
+	}
+	writeListItemsN := func(writeItem func(i int) (int, error)) error {
+		return writeListItems(func(i int) error {
+			_, err := writeItem(i)
+			return err
+		})
+	}
+	switch elem.Which() {
+	case schema.Type_Which_void:
+		return writeListItemsN(func(_ int) (int, error) {
+			return enc.w.WriteString("void")
+		})
+	case schema.Type_Which_bool:
+		p := capnp.BitList{List: l}
+		return writeListItemsN(func(i int) (int, error) {
+			if p.At(i) {
+				return enc.w.WriteString("true")
+			} else {
+				return enc.w.WriteString("false")
+			}
+		})
+	case schema.Type_Which_int8:
+		p := capnp.Int8List{List: l}
+		return writeListItemsN(func(i int) (int, error) {
+			return enc.w.WriteString(strconv.FormatInt(int64(p.At(i)), 10))
+		})
+	case schema.Type_Which_int16:
+		p := capnp.Int16List{List: l}
+		return writeListItemsN(func(i int) (int, error) {
+			return enc.w.WriteString(strconv.FormatInt(int64(p.At(i)), 10))
+		})
+	case schema.Type_Which_int32:
+		p := capnp.Int32List{List: l}
+		return writeListItemsN(func(i int) (int, error) {
+			return enc.w.WriteString(strconv.FormatInt(int64(p.At(i)), 10))
+		})
+	case schema.Type_Which_int64:
+		p := capnp.Int64List{List: l}
+		return writeListItemsN(func(i int) (int, error) {
+			return enc.w.WriteString(strconv.FormatInt(p.At(i), 10))
+		})
+	case schema.Type_Which_uint8:
+		p := capnp.UInt8List{List: l}
+		return writeListItemsN(func(i int) (int, error) {
+			return enc.w.WriteString(strconv.FormatUint(uint64(p.At(i)), 10))
+		})
+	case schema.Type_Which_uint16:
+		p := capnp.UInt16List{List: l}
+		return writeListItemsN(func(i int) (int, error) {
+			return enc.w.WriteString(strconv.FormatUint(uint64(p.At(i)), 10))
+		})
+	case schema.Type_Which_uint32:
+		p := capnp.UInt32List{List: l}
+		return writeListItemsN(func(i int) (int, error) {
+			return enc.w.WriteString(strconv.FormatUint(uint64(p.At(i)), 10))
+		})
+	case schema.Type_Which_uint64:
+		p := capnp.UInt64List{List: l}
+		return writeListItemsN(func(i int) (int, error) {
+			return enc.w.WriteString(strconv.FormatUint(p.At(i), 10))
+		})
+	case schema.Type_Which_float32:
+		p := capnp.Float32List{List: l}
+		return writeListItemsN(func(i int) (int, error) {
+			return enc.w.WriteString(strconv.FormatFloat(float64(p.At(i)), 'g', -1, 32))
+		})
+	case schema.Type_Which_float64:
+		p := capnp.Float64List{List: l}
+		return writeListItemsN(func(i int) (int, error) {
+			return enc.w.WriteString(strconv.FormatFloat(p.At(i), 'g', -1, 64))
+		})
+	case schema.Type_Which_data:
+		p := capnp.DataList{List: l}
+		return writeListItemsN(func(i int) (int, error) {
+			s, err := p.At(i)
+			if err != nil {
+				return enc.w.WriteString("<error>")
+			}
+			buf := strquote.Append(nil, s)
+			return enc.w.Write(buf)
+		})
+	case schema.Type_Which_text:
+		p := capnp.TextList{List: l}
+		return writeListItemsN(func(i int) (int, error) {
+			s, err := p.BytesAt(i)
+			if err != nil {
+				return enc.w.WriteString("<error>")
+			}
+			buf := strquote.Append(nil, s)
+			return enc.w.Write(buf)
+		})
+	case schema.Type_Which_structType:
+		return writeListItems(func(i int) error {
+			return enc.marshalStruct(elem.StructType().TypeId(), l.Struct(i))
+		})
 	case schema.Type_Which_list:
-		enc.w.WriteByte('[')
 		ee, err := elem.List().ElementType()
 		if err != nil {
 			return err
 		}
-		for i := 0; i < l.Len(); i++ {
-			if i > 0 {
-				enc.w.WriteString(", ")
-			}
+		return writeListItems(func(i int) error {
 			p, err := capnp.PointerList{List: l}.PtrAt(i)
 			if err != nil {
 				return err
 			}
-			err = enc.marshalList(ee, p.List())
-			if err != nil {
-				return err
-			}
-		}
-		enc.w.WriteByte(']')
+			return enc.marshalList(ee, p.List())
+		})
 	case schema.Type_Which_enum:
-		enc.w.WriteByte('[')
 		il := capnp.UInt16List{List: l}
 		typ := elem.Enum().TypeId()
 		// TODO(light): only search for node once
-		for i := 0; i < il.Len(); i++ {
-			if i > 0 {
-				enc.w.WriteString(", ")
-			}
-			enc.marshalEnum(typ, il.At(i))
-		}
-		enc.w.WriteByte(']')
+		return writeListItems(func(i int) error {
+			return enc.marshalEnum(typ, il.At(i))
+		})
 	case schema.Type_Which_interface:
-		enc.w.WriteByte('[')
-		for i := 0; i < l.Len(); i++ {
-			if i > 0 {
-				enc.w.WriteString(", ")
-			}
-			enc.w.WriteString(interfaceMarker)
-		}
-		enc.w.WriteByte(']')
+		return writeListItemsN(func(_ int) (int, error) {
+			return enc.w.WriteString(interfaceMarker)
+		})
 	case schema.Type_Which_anyPointer:
-		enc.w.WriteByte('[')
-		for i := 0; i < l.Len(); i++ {
-			if i > 0 {
-				enc.w.WriteString(", ")
-			}
-			enc.w.WriteString(anyPointerMarker)
-		}
-		enc.w.WriteByte(']')
+		return writeListItemsN(func(_ int) (int, error) {
+			return enc.w.WriteString(anyPointerMarker)
+		})
 	default:
 		return fmt.Errorf("unknown list type %v", elem.Which())
 	}
-	return nil
 }
 
 func (enc *Encoder) marshalEnum(typ uint64, val uint16) error {
@@ -419,37 +487,96 @@ func (enc *Encoder) marshalEnum(typ uint64, val uint16) error {
 	return nil
 }
 
-type errWriter struct {
+// indentWriter is helper for writing indented text
+type indentWriter struct {
 	w   io.Writer
 	err error
+
+	// indentPerLevel is a string to prepend to a line for every level of indentation.
+	indentPerLevel string
+
+	// current indent level
+	currentIndent int
+
+	// hasLineContent is true when we have written something on the current line.
+	hasLineContent bool
 }
 
-func (ew *errWriter) Write(p []byte) (int, error) {
-	if ew.err != nil {
-		return 0, ew.err
+func (iw *indentWriter) beforeWrite() {
+	if iw.err != nil {
+		return
+	}
+	if len(iw.indentPerLevel) > 0 && !iw.hasLineContent {
+		iw.hasLineContent = true
+		for i := 0; i < iw.currentIndent; i++ {
+			_, err := iw.w.Write([]byte(iw.indentPerLevel))
+			if err != nil {
+				iw.err = err
+				return
+			}
+		}
+	}
+}
+
+func (iw *indentWriter) Write(p []byte) (int, error) {
+	iw.beforeWrite()
+	if iw.err != nil {
+		return 0, iw.err
 	}
 	var n int
-	n, ew.err = ew.w.Write(p)
-	return n, ew.err
+	n, iw.err = iw.w.Write(p)
+	return n, iw.err
 }
 
-func (ew *errWriter) WriteString(s string) (int, error) {
-	if ew.err != nil {
-		return 0, ew.err
+func (iw *indentWriter) WriteString(s string) (int, error) {
+	iw.beforeWrite()
+	if iw.err != nil {
+		return 0, iw.err
 	}
 	var n int
-	n, ew.err = io.WriteString(ew.w, s)
-	return n, ew.err
+	n, iw.err = io.WriteString(iw.w, s)
+	return n, iw.err
 }
 
-func (ew *errWriter) WriteByte(b byte) error {
-	if ew.err != nil {
-		return ew.err
+func (iw *indentWriter) WriteByte(b byte) error {
+	iw.beforeWrite()
+	if iw.err != nil {
+		return iw.err
 	}
-	if bw, ok := ew.w.(io.ByteWriter); ok {
-		ew.err = bw.WriteByte(b)
+	if bw, ok := iw.w.(io.ByteWriter); ok {
+		iw.err = bw.WriteByte(b)
 	} else {
-		_, ew.err = ew.w.Write([]byte{b})
+		_, iw.err = iw.w.Write([]byte{b})
+	}
+	return iw.err
+}
+
+func (iw *indentWriter) Indent() {
+	iw.currentIndent++
+}
+
+func (iw *indentWriter) Unindent() {
+	iw.currentIndent--
+}
+
+func (iw *indentWriter) NewLine() {
+	if len(iw.indentPerLevel) > 0 && iw.hasLineContent {
+		if iw.err != nil {
+			return
+		}
+		if bw, ok := iw.w.(io.ByteWriter); ok {
+			iw.err = bw.WriteByte('\n')
+		} else {
+			_, iw.err = iw.w.Write([]byte{'\n'})
+		}
+		iw.hasLineContent = false
+	}
+}
+
+func (iw *indentWriter) NewLineOrSpace() {
+	if len(iw.indentPerLevel) > 0 {
+		iw.NewLine()
+	} else {
+		iw.WriteByte(' ')
 	}
-	return ew.err
 }
diff --git a/vendor/zombiezen.com/go/capnproto2/go.mod b/vendor/zombiezen.com/go/capnproto2/go.mod
deleted file mode 100644
index cecb1410..00000000
--- a/vendor/zombiezen.com/go/capnproto2/go.mod
+++ /dev/null
@@ -1,6 +0,0 @@
-module "zombiezen.com/go/capnproto2"
-
-require (
-	"github.com/kylelemons/godebug" v0.0.0-20170820004349-d65d576e9348
-	"golang.org/x/net" v0.0.0-20180218175443-cbe0f9307d01
-)
diff --git a/vendor/zombiezen.com/go/capnproto2/go.sum b/vendor/zombiezen.com/go/capnproto2/go.sum
new file mode 100644
index 00000000..0f3f0297
--- /dev/null
+++ b/vendor/zombiezen.com/go/capnproto2/go.sum
@@ -0,0 +1,8 @@
+github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/philhofer/fwd v1.0.0 h1:UbZqGr5Y38ApvM/V/jEljVxwocdweyH+vmYvRPBnbqQ=
+github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
+github.com/tinylib/msgp v1.1.0 h1:9fQd+ICuRIu/ue4vxJZu6/LzxN0HwMds2nq/0cFvxHU=
+github.com/tinylib/msgp v1.1.0/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE=
+golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01 h1:po1f06KS05FvIQQA2pMuOWZAUXiy1KYdIf0ElUU2Hhc=
+golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
diff --git a/vendor/zombiezen.com/go/capnproto2/internal/packed/packed.go b/vendor/zombiezen.com/go/capnproto2/internal/packed/packed.go
index 38573501..5cd2c120 100644
--- a/vendor/zombiezen.com/go/capnproto2/internal/packed/packed.go
+++ b/vendor/zombiezen.com/go/capnproto2/internal/packed/packed.go
@@ -142,6 +142,9 @@ func Unpack(dst, src []byte) ([]byte, error) {
 			dst = allocWords(dst, int(src[0]))
 			src = src[1:]
 			n := copy(dst[start:], src)
+			if n < len(dst)-start {
+				return dst, io.ErrUnexpectedEOF
+			}
 			src = src[n:]
 		}
 	}
@@ -281,22 +284,22 @@ func (r *Reader) ReadWord(p []byte) error {
 	switch tag {
 	case zeroTag:
 		z, err := r.rd.ReadByte()
-		if err == io.EOF {
-			r.err = io.ErrUnexpectedEOF
-			return nil
-		} else if err != nil {
+		if err != nil {
+			if err == io.EOF {
+				err = io.ErrUnexpectedEOF
+			}
 			r.err = err
-			return nil
+			return err
 		}
 		r.zeroes = int(z)
 	case unpackedTag:
 		l, err := r.rd.ReadByte()
-		if err == io.EOF {
-			r.err = io.ErrUnexpectedEOF
-			return nil
-		} else if err != nil {
+		if err != nil {
+			if err == io.EOF {
+				err = io.ErrUnexpectedEOF
+			}
 			r.err = err
-			return nil
+			return err
 		}
 		r.literal = int(l)
 	}
diff --git a/vendor/zombiezen.com/go/capnproto2/mem.go b/vendor/zombiezen.com/go/capnproto2/mem.go
index e3ee869a..11f84be5 100644
--- a/vendor/zombiezen.com/go/capnproto2/mem.go
+++ b/vendor/zombiezen.com/go/capnproto2/mem.go
@@ -360,7 +360,7 @@ func (ssa *singleSegmentArena) Allocate(sz Size, segs map[SegmentID]*Segment) (S
 	if hasCapacity(data, sz) {
 		return 0, data, nil
 	}
-	inc, err := nextAlloc(int64(len(data)), int64(maxSegmentSize()), sz)
+	inc, err := nextAlloc(int64(cap(data)), int64(maxSegmentSize()), sz)
 	if err != nil {
 		return 0, nil, fmt.Errorf("capnp: alloc %d bytes: %v", sz, err)
 	}
diff --git a/vendor/zombiezen.com/go/capnproto2/pointer.go b/vendor/zombiezen.com/go/capnproto2/pointer.go
index 9b69e6b3..6aa7ea8d 100644
--- a/vendor/zombiezen.com/go/capnproto2/pointer.go
+++ b/vendor/zombiezen.com/go/capnproto2/pointer.go
@@ -155,7 +155,7 @@ func (p Ptr) text() (b []byte, ok bool) {
 		// Text must be null-terminated.
 		return nil, false
 	}
-	return b[:len(b)-1 : len(b)], true
+	return b[: len(b)-1 : len(b)], true
 }
 
 // Data attempts to convert p into Data, returning nil if p is not a
diff --git a/vendor/zombiezen.com/go/capnproto2/schemas/schemas.go b/vendor/zombiezen.com/go/capnproto2/schemas/schemas.go
index 8da117e4..70a174cb 100644
--- a/vendor/zombiezen.com/go/capnproto2/schemas/schemas.go
+++ b/vendor/zombiezen.com/go/capnproto2/schemas/schemas.go
@@ -112,7 +112,7 @@ func (r *record) read() ([]byte, error) {
 		}
 		p := packed.NewReader(bufio.NewReader(z))
 		r.data, r.err = ioutil.ReadAll(p)
-		if err != nil {
+		if r.err != nil {
 			r.data = nil
 			return
 		}

From 3a086e9cc261e09223b253d6fed4a1cee56e2940 Mon Sep 17 00:00:00 2001
From: cthuang <chungting@cloudflare.com>
Date: Fri, 29 May 2020 19:12:04 +0800
Subject: [PATCH 062/100] TUN-3020: Remove declarative tunnel related RPC code

---
 tunnelrpc/tunnelrpc.capnp    |  219 +--
 tunnelrpc/tunnelrpc.capnp.go | 2616 ++--------------------------------
 2 files changed, 135 insertions(+), 2700 deletions(-)

diff --git a/tunnelrpc/tunnelrpc.capnp b/tunnelrpc/tunnelrpc.capnp
index cb707400..0afffc3f 100644
--- a/tunnelrpc/tunnelrpc.capnp
+++ b/tunnelrpc/tunnelrpc.capnp
@@ -56,204 +56,6 @@ struct RegistrationOptions {
     features @13 :List(Text);
 }
 
-struct CapnpConnectParameters {
-    # certificate and token to prove ownership of a zone
-    originCert @0 :Data;
-    # UUID assigned to this cloudflared obtained from Hello
-    cloudflaredID @1 :Data;
-    # number of previous attempts to send Connect
-    numPreviousAttempts @2 :UInt8;
-    # user defined labels for this cloudflared
-    tags @3 :List(Tag);
-    # release version of cloudflared
-    cloudflaredVersion @4 :Text;
-    # which intent this cloudflared instance should get its behaviour from
-    intentLabel @5 :Text;
-}
-
-struct ConnectResult {
-    result :union {
-        err @0 :ConnectError;
-        success @1 :ConnectSuccess;
-    }
-}
-
-struct ConnectError {
-    cause @0 :Text;
-    # How long should this connection wait to retry in ns
-    retryAfter @1 :Int64;
-    shouldRetry @2 :Bool;
-}
-
-struct ConnectSuccess {
-    # Information about the server this connection is established with
-    serverLocationName @0 :Text;
-    # How this cloudflared instance should be configured. This can be null if there isn't an intent for this origin yet
-    clientConfig @1 :ClientConfig;
-}
-
-struct ClientConfig {
-    # Version of this configuration. This value is opaque, but is guaranteed
-    # to monotonically increase in value. Any configuration supplied to
-    # useConfiguration() with a smaller `version` should be ignored.
-    version @0 :UInt64;
-    # supervisorConfig  is configuration for supervisor, the component that manages connection manager,
-    # autoupdater and metrics server
-    supervisorConfig @1 :SupervisorConfig;
-    # edgeConnectionConfig is configuration for connection manager, the componenet that manages connections with the edge
-    edgeConnectionConfig @2 :EdgeConnectionConfig;
-    # Configuration for cloudflared to run as a DNS-over-HTTPS proxy.
-    # cloudflared CLI option: `proxy-dns`
-    dohProxyConfigs @3 :List(DoHProxyConfig);
-    # Configuration for cloudflared to run as an HTTP reverse proxy.
-    reverseProxyConfigs @4 :List(ReverseProxyConfig);
-}
-
-struct SupervisorConfig {
-    # Frequency (in ns) to check Equinox for updates.
-    # Zero means auto-update is disabled.
-    # cloudflared CLI option: `autoupdate-freq`
-    autoUpdateFrequency @0 :Int64;
-    # Frequency (in ns) to update connection-based metrics.
-    # cloudflared CLI option: `metrics-update-freq`
-    metricsUpdateFrequency @1 :Int64;
-    # Time (in ns) to continue serving requests after cloudflared receives its
-    # first SIGINT/SIGTERM. A second SIGINT/SIGTERM will force cloudflared to
-    # shutdown immediately. For example, this field can be used to gracefully
-    # transition traffic to another cloudflared instance.
-    # cloudflared CLI option: `grace-period`
-    gracePeriod @2 :Int64;
-}
-
-struct EdgeConnectionConfig {
-    # cloudflared CLI option: `ha-connections`
-    numHAConnections @0 :UInt8;
-    # Interval (in ns) between heartbeats with the Cloudflare edge
-    # cloudflared CLI option: `heartbeat-interval`
-    heartbeatInterval @1 :Int64;
-    # Maximum wait time to connect with the edge.
-    timeout  @2 :Int64;
-    # Number of unacked heartbeats for cloudflared to send before
-    # closing the connection to the edge.
-    # cloudflared CLI option: `heartbeat-count`
-    maxFailedHeartbeats @3 :UInt64;
-    # Absolute path of the file containing certificate and token to connect with the edge
-    userCredentialPath @4 :Text;
-}
-
-struct ReverseProxyConfig {
-    tunnelHostname @0 :Text;
-    originConfig :union {
-        http @1 :HTTPOriginConfig;
-        websocket @2 :WebSocketOriginConfig;
-        helloWorld @3 :HelloWorldOriginConfig;
-    }
-    # Maximum number of retries for connection/protocol errors.
-    # cloudflared CLI option: `retries`
-    retries @4 :UInt64;
-    # maximum time (in ns) for cloudflared to wait to establish a connection
-    # to the origin. Zero means no timeout.
-    # cloudflared CLI option: `proxy-connect-timeout`
-    connectionTimeout @5 :Int64;
-    # (beta) Use cross-stream compression instead of HTTP compression.
-    # 0=off, 1=low, 2=medium, 3=high.
-    # For more context see the mapping here: https://github.com/cloudflare/cloudflared/blob/2019.3.2/h2mux/h2_dictionaries.go#L62
-    # cloudflared CLI option: `compression-quality`
-    compressionQuality @6 :UInt64;
-}
-
-struct WebSocketOriginConfig {
-    # URI of the origin service.
-    # cloudflared will start a websocket server that forwards data to this URI
-    # cloudflared CLI option: `url`
-    # cloudflared logic: https://github.com/cloudflare/cloudflared/blob/2019.3.2/cmd/cloudflared/tunnel/cmd.go#L304
-    urlString @0 :Text;
-    # Whether cloudflared should verify TLS connections to the origin.
-    # negation of cloudflared CLI option: `no-tls-verify`
-    tlsVerify @1 :Bool;
-    # originCAPool specifies the root CA that cloudflared should use when
-    # verifying TLS connections to the origin.
-    #   - if tlsVerify is false, originCAPool will be ignored.
-    #   - if tlsVerify is true and originCAPool is empty, the system CA pool
-    #     will be loaded if possible.
-    #   - if tlsVerify is true and originCAPool is non-empty, cloudflared will
-    #     treat it as the filepath to the root CA.
-    # cloudflared CLI option: `origin-ca-pool`
-    originCAPool @2 :Text;
-    # Hostname to use when verifying TLS connections to the origin.
-    # cloudflared CLI option: `origin-server-name`
-    originServerName @3 :Text;
-}
-
-struct HTTPOriginConfig {
-    # HTTP(S) URL of the origin service.
-    # cloudflared CLI option: `url`
-    urlString @0 :Text;
-    # the TCP keep-alive period (in ns) for an active network connection.
-    # Zero means keep-alives are not enabled.
-    # cloudflared CLI option: `proxy-tcp-keepalive`
-    tcpKeepAlive @1 :Int64;
-    # whether cloudflared should use a "happy eyeballs"-compliant procedure
-    # to connect to origins that resolve to both IPv4 and IPv6 addresses
-    # negation of cloudflared CLI option: `proxy-no-happy-eyeballs`
-    dialDualStack @2 :Bool;
-    # maximum time (in ns) for cloudflared to wait for a TLS handshake
-    # with the origin. Zero means no timeout.
-    # cloudflared CLI option: `proxy-tls-timeout`
-    tlsHandshakeTimeout @3 :Int64;
-    # Whether cloudflared should verify TLS connections to the origin.
-    # negation of cloudflared CLI option: `no-tls-verify`
-    tlsVerify @4 :Bool;
-    # originCAPool specifies the root CA that cloudflared should use when
-    # verifying TLS connections to the origin.
-    #   - if tlsVerify is false, originCAPool will be ignored.
-    #   - if tlsVerify is true and originCAPool is empty, the system CA pool
-    #     will be loaded if possible.
-    #   - if tlsVerify is true and originCAPool is non-empty, cloudflared will
-    #     treat it as the filepath to the root CA.
-    # cloudflared CLI option: `origin-ca-pool`
-    originCAPool @5 :Text;
-    # Hostname to use when verifying TLS connections to the origin.
-    # cloudflared CLI option: `origin-server-name`
-    originServerName @6 :Text;
-    # maximum number of idle (keep-alive) connections for cloudflared to
-    # keep open with the origin. Zero means no limit.
-    # cloudflared CLI option: `proxy-keepalive-connections`
-    maxIdleConnections @7 :UInt64;
-    # maximum time (in ns) for an idle (keep-alive) connection to remain
-    # idle before closing itself. Zero means no timeout.
-    # cloudflared CLI option: `proxy-keepalive-timeout`
-    idleConnectionTimeout @8 :Int64;
-    # maximum amount of time a dial will wait for a connect to complete.
-    proxyConnectionTimeout @9 :Int64;
-    # The amount of time to wait for origin's first response headers after fully
-    # writing the request headers if the request has an "Expect: 100-continue" header.
-    # Zero means no timeout and causes the body to be sent immediately, without
-    # waiting for the server to approve.
-    expectContinueTimeout @10 :Int64;
-    # Whether cloudflared should allow chunked transfer encoding to the
-    # origin. (This should be disabled for WSGI origins, for example.)
-    # negation of cloudflared CLI option: `no-chunked-encoding`
-	chunkedEncoding @11 :Bool;
-}
-
-# configuration for cloudflared to provide a DNS over HTTPS proxy server
-struct DoHProxyConfig {
-    # The hostname for the DoH proxy server to listen on.
-    # cloudflared CLI option: `proxy-dns-address`
-    listenHost @0 :Text;
-    # The port for the DoH proxy server to listen on.
-    # cloudflared CLI option: `proxy-dns-port`
-    listenPort @1 :UInt16;
-    # Upstream endpoint URLs for the DoH proxy server.
-    # cloudflared CLI option: `proxy-dns-upstream`
-    upstreams @2 :List(Text);
-}
-
-struct HelloWorldOriginConfig {
-    # nothing to configure
-}
-
 struct Tag {
     name @0 :Text;
     value @1 :Text;
@@ -269,21 +71,6 @@ struct ServerInfo {
     locationName @0 :Text;
 }
 
-struct UseConfigurationResult {
-    success @0 :Bool;
-    failedConfigs @1 :List(FailedConfig);
-}
-
-struct FailedConfig {
-    config :union {
-        supervisor @0 :SupervisorConfig;
-        edgeConnection @1 :EdgeConnectionConfig;
-        doh @2 :DoHProxyConfig;
-        reverseProxy @3 :ReverseProxyConfig;
-    }
-	reason @4 :Text;
-}
-
 struct AuthenticateResponse {
     permanentErr @0 :Text;
     retryableErr @1 :Text;
@@ -296,11 +83,7 @@ interface TunnelServer {
     getServerInfo @1 () -> (result :ServerInfo);
     unregisterTunnel @2 (gracePeriodNanoSec :Int64) -> ();
     # obsoleteDeclarativeTunnelConnect RPC deprecated in TUN-3019
-    obsoleteDeclarativeTunnelConnect @3 (parameters :CapnpConnectParameters) -> (result :ConnectResult);
+    obsoleteDeclarativeTunnelConnect @3 () -> ();
     authenticate @4 (originCert :Data, hostname :Text, options :RegistrationOptions) -> (result :AuthenticateResponse);
     reconnectTunnel @5 (jwt :Data, eventDigest :Data, connDigest :Data, hostname :Text, options :RegistrationOptions) -> (result :TunnelRegistration);
 }
-
-interface ClientService {
-    useConfiguration @0 (clientServiceConfig :ClientConfig) -> (result :UseConfigurationResult);
-}
diff --git a/tunnelrpc/tunnelrpc.capnp.go b/tunnelrpc/tunnelrpc.capnp.go
index 5b824580..6bc9c889 100644
--- a/tunnelrpc/tunnelrpc.capnp.go
+++ b/tunnelrpc/tunnelrpc.capnp.go
@@ -4,7 +4,6 @@ package tunnelrpc
 
 import (
 	context "golang.org/x/net/context"
-	strconv "strconv"
 	capnp "zombiezen.com/go/capnproto2"
 	text "zombiezen.com/go/capnproto2/encoding/text"
 	schemas "zombiezen.com/go/capnproto2/schemas"
@@ -567,1566 +566,6 @@ func (p RegistrationOptions_Promise) Struct() (RegistrationOptions, error) {
 	return RegistrationOptions{s}, err
 }
 
-type CapnpConnectParameters struct{ capnp.Struct }
-
-// CapnpConnectParameters_TypeID is the unique identifier for the type CapnpConnectParameters.
-const CapnpConnectParameters_TypeID = 0xa78f37418c1077c8
-
-func NewCapnpConnectParameters(s *capnp.Segment) (CapnpConnectParameters, error) {
-	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 5})
-	return CapnpConnectParameters{st}, err
-}
-
-func NewRootCapnpConnectParameters(s *capnp.Segment) (CapnpConnectParameters, error) {
-	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 5})
-	return CapnpConnectParameters{st}, err
-}
-
-func ReadRootCapnpConnectParameters(msg *capnp.Message) (CapnpConnectParameters, error) {
-	root, err := msg.RootPtr()
-	return CapnpConnectParameters{root.Struct()}, err
-}
-
-func (s CapnpConnectParameters) String() string {
-	str, _ := text.Marshal(0xa78f37418c1077c8, s.Struct)
-	return str
-}
-
-func (s CapnpConnectParameters) OriginCert() ([]byte, error) {
-	p, err := s.Struct.Ptr(0)
-	return []byte(p.Data()), err
-}
-
-func (s CapnpConnectParameters) HasOriginCert() bool {
-	p, err := s.Struct.Ptr(0)
-	return p.IsValid() || err != nil
-}
-
-func (s CapnpConnectParameters) SetOriginCert(v []byte) error {
-	return s.Struct.SetData(0, v)
-}
-
-func (s CapnpConnectParameters) CloudflaredID() ([]byte, error) {
-	p, err := s.Struct.Ptr(1)
-	return []byte(p.Data()), err
-}
-
-func (s CapnpConnectParameters) HasCloudflaredID() bool {
-	p, err := s.Struct.Ptr(1)
-	return p.IsValid() || err != nil
-}
-
-func (s CapnpConnectParameters) SetCloudflaredID(v []byte) error {
-	return s.Struct.SetData(1, v)
-}
-
-func (s CapnpConnectParameters) NumPreviousAttempts() uint8 {
-	return s.Struct.Uint8(0)
-}
-
-func (s CapnpConnectParameters) SetNumPreviousAttempts(v uint8) {
-	s.Struct.SetUint8(0, v)
-}
-
-func (s CapnpConnectParameters) Tags() (Tag_List, error) {
-	p, err := s.Struct.Ptr(2)
-	return Tag_List{List: p.List()}, err
-}
-
-func (s CapnpConnectParameters) HasTags() bool {
-	p, err := s.Struct.Ptr(2)
-	return p.IsValid() || err != nil
-}
-
-func (s CapnpConnectParameters) SetTags(v Tag_List) error {
-	return s.Struct.SetPtr(2, v.List.ToPtr())
-}
-
-// NewTags sets the tags field to a newly
-// allocated Tag_List, preferring placement in s's segment.
-func (s CapnpConnectParameters) NewTags(n int32) (Tag_List, error) {
-	l, err := NewTag_List(s.Struct.Segment(), n)
-	if err != nil {
-		return Tag_List{}, err
-	}
-	err = s.Struct.SetPtr(2, l.List.ToPtr())
-	return l, err
-}
-
-func (s CapnpConnectParameters) CloudflaredVersion() (string, error) {
-	p, err := s.Struct.Ptr(3)
-	return p.Text(), err
-}
-
-func (s CapnpConnectParameters) HasCloudflaredVersion() bool {
-	p, err := s.Struct.Ptr(3)
-	return p.IsValid() || err != nil
-}
-
-func (s CapnpConnectParameters) CloudflaredVersionBytes() ([]byte, error) {
-	p, err := s.Struct.Ptr(3)
-	return p.TextBytes(), err
-}
-
-func (s CapnpConnectParameters) SetCloudflaredVersion(v string) error {
-	return s.Struct.SetText(3, v)
-}
-
-func (s CapnpConnectParameters) IntentLabel() (string, error) {
-	p, err := s.Struct.Ptr(4)
-	return p.Text(), err
-}
-
-func (s CapnpConnectParameters) HasIntentLabel() bool {
-	p, err := s.Struct.Ptr(4)
-	return p.IsValid() || err != nil
-}
-
-func (s CapnpConnectParameters) IntentLabelBytes() ([]byte, error) {
-	p, err := s.Struct.Ptr(4)
-	return p.TextBytes(), err
-}
-
-func (s CapnpConnectParameters) SetIntentLabel(v string) error {
-	return s.Struct.SetText(4, v)
-}
-
-// CapnpConnectParameters_List is a list of CapnpConnectParameters.
-type CapnpConnectParameters_List struct{ capnp.List }
-
-// NewCapnpConnectParameters creates a new list of CapnpConnectParameters.
-func NewCapnpConnectParameters_List(s *capnp.Segment, sz int32) (CapnpConnectParameters_List, error) {
-	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 8, PointerCount: 5}, sz)
-	return CapnpConnectParameters_List{l}, err
-}
-
-func (s CapnpConnectParameters_List) At(i int) CapnpConnectParameters {
-	return CapnpConnectParameters{s.List.Struct(i)}
-}
-
-func (s CapnpConnectParameters_List) Set(i int, v CapnpConnectParameters) error {
-	return s.List.SetStruct(i, v.Struct)
-}
-
-func (s CapnpConnectParameters_List) String() string {
-	str, _ := text.MarshalList(0xa78f37418c1077c8, s.List)
-	return str
-}
-
-// CapnpConnectParameters_Promise is a wrapper for a CapnpConnectParameters promised by a client call.
-type CapnpConnectParameters_Promise struct{ *capnp.Pipeline }
-
-func (p CapnpConnectParameters_Promise) Struct() (CapnpConnectParameters, error) {
-	s, err := p.Pipeline.Struct()
-	return CapnpConnectParameters{s}, err
-}
-
-type ConnectResult struct{ capnp.Struct }
-type ConnectResult_result ConnectResult
-type ConnectResult_result_Which uint16
-
-const (
-	ConnectResult_result_Which_err     ConnectResult_result_Which = 0
-	ConnectResult_result_Which_success ConnectResult_result_Which = 1
-)
-
-func (w ConnectResult_result_Which) String() string {
-	const s = "errsuccess"
-	switch w {
-	case ConnectResult_result_Which_err:
-		return s[0:3]
-	case ConnectResult_result_Which_success:
-		return s[3:10]
-
-	}
-	return "ConnectResult_result_Which(" + strconv.FormatUint(uint64(w), 10) + ")"
-}
-
-// ConnectResult_TypeID is the unique identifier for the type ConnectResult.
-const ConnectResult_TypeID = 0xff8d9848747c956a
-
-func NewConnectResult(s *capnp.Segment) (ConnectResult, error) {
-	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 1})
-	return ConnectResult{st}, err
-}
-
-func NewRootConnectResult(s *capnp.Segment) (ConnectResult, error) {
-	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 1})
-	return ConnectResult{st}, err
-}
-
-func ReadRootConnectResult(msg *capnp.Message) (ConnectResult, error) {
-	root, err := msg.RootPtr()
-	return ConnectResult{root.Struct()}, err
-}
-
-func (s ConnectResult) String() string {
-	str, _ := text.Marshal(0xff8d9848747c956a, s.Struct)
-	return str
-}
-
-func (s ConnectResult) Result() ConnectResult_result { return ConnectResult_result(s) }
-
-func (s ConnectResult_result) Which() ConnectResult_result_Which {
-	return ConnectResult_result_Which(s.Struct.Uint16(0))
-}
-func (s ConnectResult_result) Err() (ConnectError, error) {
-	if s.Struct.Uint16(0) != 0 {
-		panic("Which() != err")
-	}
-	p, err := s.Struct.Ptr(0)
-	return ConnectError{Struct: p.Struct()}, err
-}
-
-func (s ConnectResult_result) HasErr() bool {
-	if s.Struct.Uint16(0) != 0 {
-		return false
-	}
-	p, err := s.Struct.Ptr(0)
-	return p.IsValid() || err != nil
-}
-
-func (s ConnectResult_result) SetErr(v ConnectError) error {
-	s.Struct.SetUint16(0, 0)
-	return s.Struct.SetPtr(0, v.Struct.ToPtr())
-}
-
-// NewErr sets the err field to a newly
-// allocated ConnectError struct, preferring placement in s's segment.
-func (s ConnectResult_result) NewErr() (ConnectError, error) {
-	s.Struct.SetUint16(0, 0)
-	ss, err := NewConnectError(s.Struct.Segment())
-	if err != nil {
-		return ConnectError{}, err
-	}
-	err = s.Struct.SetPtr(0, ss.Struct.ToPtr())
-	return ss, err
-}
-
-func (s ConnectResult_result) Success() (ConnectSuccess, error) {
-	if s.Struct.Uint16(0) != 1 {
-		panic("Which() != success")
-	}
-	p, err := s.Struct.Ptr(0)
-	return ConnectSuccess{Struct: p.Struct()}, err
-}
-
-func (s ConnectResult_result) HasSuccess() bool {
-	if s.Struct.Uint16(0) != 1 {
-		return false
-	}
-	p, err := s.Struct.Ptr(0)
-	return p.IsValid() || err != nil
-}
-
-func (s ConnectResult_result) SetSuccess(v ConnectSuccess) error {
-	s.Struct.SetUint16(0, 1)
-	return s.Struct.SetPtr(0, v.Struct.ToPtr())
-}
-
-// NewSuccess sets the success field to a newly
-// allocated ConnectSuccess struct, preferring placement in s's segment.
-func (s ConnectResult_result) NewSuccess() (ConnectSuccess, error) {
-	s.Struct.SetUint16(0, 1)
-	ss, err := NewConnectSuccess(s.Struct.Segment())
-	if err != nil {
-		return ConnectSuccess{}, err
-	}
-	err = s.Struct.SetPtr(0, ss.Struct.ToPtr())
-	return ss, err
-}
-
-// ConnectResult_List is a list of ConnectResult.
-type ConnectResult_List struct{ capnp.List }
-
-// NewConnectResult creates a new list of ConnectResult.
-func NewConnectResult_List(s *capnp.Segment, sz int32) (ConnectResult_List, error) {
-	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 8, PointerCount: 1}, sz)
-	return ConnectResult_List{l}, err
-}
-
-func (s ConnectResult_List) At(i int) ConnectResult { return ConnectResult{s.List.Struct(i)} }
-
-func (s ConnectResult_List) Set(i int, v ConnectResult) error { return s.List.SetStruct(i, v.Struct) }
-
-func (s ConnectResult_List) String() string {
-	str, _ := text.MarshalList(0xff8d9848747c956a, s.List)
-	return str
-}
-
-// ConnectResult_Promise is a wrapper for a ConnectResult promised by a client call.
-type ConnectResult_Promise struct{ *capnp.Pipeline }
-
-func (p ConnectResult_Promise) Struct() (ConnectResult, error) {
-	s, err := p.Pipeline.Struct()
-	return ConnectResult{s}, err
-}
-
-func (p ConnectResult_Promise) Result() ConnectResult_result_Promise {
-	return ConnectResult_result_Promise{p.Pipeline}
-}
-
-// ConnectResult_result_Promise is a wrapper for a ConnectResult_result promised by a client call.
-type ConnectResult_result_Promise struct{ *capnp.Pipeline }
-
-func (p ConnectResult_result_Promise) Struct() (ConnectResult_result, error) {
-	s, err := p.Pipeline.Struct()
-	return ConnectResult_result{s}, err
-}
-
-func (p ConnectResult_result_Promise) Err() ConnectError_Promise {
-	return ConnectError_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
-}
-
-func (p ConnectResult_result_Promise) Success() ConnectSuccess_Promise {
-	return ConnectSuccess_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
-}
-
-type ConnectError struct{ capnp.Struct }
-
-// ConnectError_TypeID is the unique identifier for the type ConnectError.
-const ConnectError_TypeID = 0xb14ce48f4e2abb0d
-
-func NewConnectError(s *capnp.Segment) (ConnectError, error) {
-	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 16, PointerCount: 1})
-	return ConnectError{st}, err
-}
-
-func NewRootConnectError(s *capnp.Segment) (ConnectError, error) {
-	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 16, PointerCount: 1})
-	return ConnectError{st}, err
-}
-
-func ReadRootConnectError(msg *capnp.Message) (ConnectError, error) {
-	root, err := msg.RootPtr()
-	return ConnectError{root.Struct()}, err
-}
-
-func (s ConnectError) String() string {
-	str, _ := text.Marshal(0xb14ce48f4e2abb0d, s.Struct)
-	return str
-}
-
-func (s ConnectError) Cause() (string, error) {
-	p, err := s.Struct.Ptr(0)
-	return p.Text(), err
-}
-
-func (s ConnectError) HasCause() bool {
-	p, err := s.Struct.Ptr(0)
-	return p.IsValid() || err != nil
-}
-
-func (s ConnectError) CauseBytes() ([]byte, error) {
-	p, err := s.Struct.Ptr(0)
-	return p.TextBytes(), err
-}
-
-func (s ConnectError) SetCause(v string) error {
-	return s.Struct.SetText(0, v)
-}
-
-func (s ConnectError) RetryAfter() int64 {
-	return int64(s.Struct.Uint64(0))
-}
-
-func (s ConnectError) SetRetryAfter(v int64) {
-	s.Struct.SetUint64(0, uint64(v))
-}
-
-func (s ConnectError) ShouldRetry() bool {
-	return s.Struct.Bit(64)
-}
-
-func (s ConnectError) SetShouldRetry(v bool) {
-	s.Struct.SetBit(64, v)
-}
-
-// ConnectError_List is a list of ConnectError.
-type ConnectError_List struct{ capnp.List }
-
-// NewConnectError creates a new list of ConnectError.
-func NewConnectError_List(s *capnp.Segment, sz int32) (ConnectError_List, error) {
-	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 16, PointerCount: 1}, sz)
-	return ConnectError_List{l}, err
-}
-
-func (s ConnectError_List) At(i int) ConnectError { return ConnectError{s.List.Struct(i)} }
-
-func (s ConnectError_List) Set(i int, v ConnectError) error { return s.List.SetStruct(i, v.Struct) }
-
-func (s ConnectError_List) String() string {
-	str, _ := text.MarshalList(0xb14ce48f4e2abb0d, s.List)
-	return str
-}
-
-// ConnectError_Promise is a wrapper for a ConnectError promised by a client call.
-type ConnectError_Promise struct{ *capnp.Pipeline }
-
-func (p ConnectError_Promise) Struct() (ConnectError, error) {
-	s, err := p.Pipeline.Struct()
-	return ConnectError{s}, err
-}
-
-type ConnectSuccess struct{ capnp.Struct }
-
-// ConnectSuccess_TypeID is the unique identifier for the type ConnectSuccess.
-const ConnectSuccess_TypeID = 0x8407e070e0d52605
-
-func NewConnectSuccess(s *capnp.Segment) (ConnectSuccess, error) {
-	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 2})
-	return ConnectSuccess{st}, err
-}
-
-func NewRootConnectSuccess(s *capnp.Segment) (ConnectSuccess, error) {
-	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 2})
-	return ConnectSuccess{st}, err
-}
-
-func ReadRootConnectSuccess(msg *capnp.Message) (ConnectSuccess, error) {
-	root, err := msg.RootPtr()
-	return ConnectSuccess{root.Struct()}, err
-}
-
-func (s ConnectSuccess) String() string {
-	str, _ := text.Marshal(0x8407e070e0d52605, s.Struct)
-	return str
-}
-
-func (s ConnectSuccess) ServerLocationName() (string, error) {
-	p, err := s.Struct.Ptr(0)
-	return p.Text(), err
-}
-
-func (s ConnectSuccess) HasServerLocationName() bool {
-	p, err := s.Struct.Ptr(0)
-	return p.IsValid() || err != nil
-}
-
-func (s ConnectSuccess) ServerLocationNameBytes() ([]byte, error) {
-	p, err := s.Struct.Ptr(0)
-	return p.TextBytes(), err
-}
-
-func (s ConnectSuccess) SetServerLocationName(v string) error {
-	return s.Struct.SetText(0, v)
-}
-
-func (s ConnectSuccess) ClientConfig() (ClientConfig, error) {
-	p, err := s.Struct.Ptr(1)
-	return ClientConfig{Struct: p.Struct()}, err
-}
-
-func (s ConnectSuccess) HasClientConfig() bool {
-	p, err := s.Struct.Ptr(1)
-	return p.IsValid() || err != nil
-}
-
-func (s ConnectSuccess) SetClientConfig(v ClientConfig) error {
-	return s.Struct.SetPtr(1, v.Struct.ToPtr())
-}
-
-// NewClientConfig sets the clientConfig field to a newly
-// allocated ClientConfig struct, preferring placement in s's segment.
-func (s ConnectSuccess) NewClientConfig() (ClientConfig, error) {
-	ss, err := NewClientConfig(s.Struct.Segment())
-	if err != nil {
-		return ClientConfig{}, err
-	}
-	err = s.Struct.SetPtr(1, ss.Struct.ToPtr())
-	return ss, err
-}
-
-// ConnectSuccess_List is a list of ConnectSuccess.
-type ConnectSuccess_List struct{ capnp.List }
-
-// NewConnectSuccess creates a new list of ConnectSuccess.
-func NewConnectSuccess_List(s *capnp.Segment, sz int32) (ConnectSuccess_List, error) {
-	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 0, PointerCount: 2}, sz)
-	return ConnectSuccess_List{l}, err
-}
-
-func (s ConnectSuccess_List) At(i int) ConnectSuccess { return ConnectSuccess{s.List.Struct(i)} }
-
-func (s ConnectSuccess_List) Set(i int, v ConnectSuccess) error { return s.List.SetStruct(i, v.Struct) }
-
-func (s ConnectSuccess_List) String() string {
-	str, _ := text.MarshalList(0x8407e070e0d52605, s.List)
-	return str
-}
-
-// ConnectSuccess_Promise is a wrapper for a ConnectSuccess promised by a client call.
-type ConnectSuccess_Promise struct{ *capnp.Pipeline }
-
-func (p ConnectSuccess_Promise) Struct() (ConnectSuccess, error) {
-	s, err := p.Pipeline.Struct()
-	return ConnectSuccess{s}, err
-}
-
-func (p ConnectSuccess_Promise) ClientConfig() ClientConfig_Promise {
-	return ClientConfig_Promise{Pipeline: p.Pipeline.GetPipeline(1)}
-}
-
-type ClientConfig struct{ capnp.Struct }
-
-// ClientConfig_TypeID is the unique identifier for the type ClientConfig.
-const ClientConfig_TypeID = 0xf0a143f1c95a678e
-
-func NewClientConfig(s *capnp.Segment) (ClientConfig, error) {
-	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 4})
-	return ClientConfig{st}, err
-}
-
-func NewRootClientConfig(s *capnp.Segment) (ClientConfig, error) {
-	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 4})
-	return ClientConfig{st}, err
-}
-
-func ReadRootClientConfig(msg *capnp.Message) (ClientConfig, error) {
-	root, err := msg.RootPtr()
-	return ClientConfig{root.Struct()}, err
-}
-
-func (s ClientConfig) String() string {
-	str, _ := text.Marshal(0xf0a143f1c95a678e, s.Struct)
-	return str
-}
-
-func (s ClientConfig) Version() uint64 {
-	return s.Struct.Uint64(0)
-}
-
-func (s ClientConfig) SetVersion(v uint64) {
-	s.Struct.SetUint64(0, v)
-}
-
-func (s ClientConfig) SupervisorConfig() (SupervisorConfig, error) {
-	p, err := s.Struct.Ptr(0)
-	return SupervisorConfig{Struct: p.Struct()}, err
-}
-
-func (s ClientConfig) HasSupervisorConfig() bool {
-	p, err := s.Struct.Ptr(0)
-	return p.IsValid() || err != nil
-}
-
-func (s ClientConfig) SetSupervisorConfig(v SupervisorConfig) error {
-	return s.Struct.SetPtr(0, v.Struct.ToPtr())
-}
-
-// NewSupervisorConfig sets the supervisorConfig field to a newly
-// allocated SupervisorConfig struct, preferring placement in s's segment.
-func (s ClientConfig) NewSupervisorConfig() (SupervisorConfig, error) {
-	ss, err := NewSupervisorConfig(s.Struct.Segment())
-	if err != nil {
-		return SupervisorConfig{}, err
-	}
-	err = s.Struct.SetPtr(0, ss.Struct.ToPtr())
-	return ss, err
-}
-
-func (s ClientConfig) EdgeConnectionConfig() (EdgeConnectionConfig, error) {
-	p, err := s.Struct.Ptr(1)
-	return EdgeConnectionConfig{Struct: p.Struct()}, err
-}
-
-func (s ClientConfig) HasEdgeConnectionConfig() bool {
-	p, err := s.Struct.Ptr(1)
-	return p.IsValid() || err != nil
-}
-
-func (s ClientConfig) SetEdgeConnectionConfig(v EdgeConnectionConfig) error {
-	return s.Struct.SetPtr(1, v.Struct.ToPtr())
-}
-
-// NewEdgeConnectionConfig sets the edgeConnectionConfig field to a newly
-// allocated EdgeConnectionConfig struct, preferring placement in s's segment.
-func (s ClientConfig) NewEdgeConnectionConfig() (EdgeConnectionConfig, error) {
-	ss, err := NewEdgeConnectionConfig(s.Struct.Segment())
-	if err != nil {
-		return EdgeConnectionConfig{}, err
-	}
-	err = s.Struct.SetPtr(1, ss.Struct.ToPtr())
-	return ss, err
-}
-
-func (s ClientConfig) DohProxyConfigs() (DoHProxyConfig_List, error) {
-	p, err := s.Struct.Ptr(2)
-	return DoHProxyConfig_List{List: p.List()}, err
-}
-
-func (s ClientConfig) HasDohProxyConfigs() bool {
-	p, err := s.Struct.Ptr(2)
-	return p.IsValid() || err != nil
-}
-
-func (s ClientConfig) SetDohProxyConfigs(v DoHProxyConfig_List) error {
-	return s.Struct.SetPtr(2, v.List.ToPtr())
-}
-
-// NewDohProxyConfigs sets the dohProxyConfigs field to a newly
-// allocated DoHProxyConfig_List, preferring placement in s's segment.
-func (s ClientConfig) NewDohProxyConfigs(n int32) (DoHProxyConfig_List, error) {
-	l, err := NewDoHProxyConfig_List(s.Struct.Segment(), n)
-	if err != nil {
-		return DoHProxyConfig_List{}, err
-	}
-	err = s.Struct.SetPtr(2, l.List.ToPtr())
-	return l, err
-}
-
-func (s ClientConfig) ReverseProxyConfigs() (ReverseProxyConfig_List, error) {
-	p, err := s.Struct.Ptr(3)
-	return ReverseProxyConfig_List{List: p.List()}, err
-}
-
-func (s ClientConfig) HasReverseProxyConfigs() bool {
-	p, err := s.Struct.Ptr(3)
-	return p.IsValid() || err != nil
-}
-
-func (s ClientConfig) SetReverseProxyConfigs(v ReverseProxyConfig_List) error {
-	return s.Struct.SetPtr(3, v.List.ToPtr())
-}
-
-// NewReverseProxyConfigs sets the reverseProxyConfigs field to a newly
-// allocated ReverseProxyConfig_List, preferring placement in s's segment.
-func (s ClientConfig) NewReverseProxyConfigs(n int32) (ReverseProxyConfig_List, error) {
-	l, err := NewReverseProxyConfig_List(s.Struct.Segment(), n)
-	if err != nil {
-		return ReverseProxyConfig_List{}, err
-	}
-	err = s.Struct.SetPtr(3, l.List.ToPtr())
-	return l, err
-}
-
-// ClientConfig_List is a list of ClientConfig.
-type ClientConfig_List struct{ capnp.List }
-
-// NewClientConfig creates a new list of ClientConfig.
-func NewClientConfig_List(s *capnp.Segment, sz int32) (ClientConfig_List, error) {
-	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 8, PointerCount: 4}, sz)
-	return ClientConfig_List{l}, err
-}
-
-func (s ClientConfig_List) At(i int) ClientConfig { return ClientConfig{s.List.Struct(i)} }
-
-func (s ClientConfig_List) Set(i int, v ClientConfig) error { return s.List.SetStruct(i, v.Struct) }
-
-func (s ClientConfig_List) String() string {
-	str, _ := text.MarshalList(0xf0a143f1c95a678e, s.List)
-	return str
-}
-
-// ClientConfig_Promise is a wrapper for a ClientConfig promised by a client call.
-type ClientConfig_Promise struct{ *capnp.Pipeline }
-
-func (p ClientConfig_Promise) Struct() (ClientConfig, error) {
-	s, err := p.Pipeline.Struct()
-	return ClientConfig{s}, err
-}
-
-func (p ClientConfig_Promise) SupervisorConfig() SupervisorConfig_Promise {
-	return SupervisorConfig_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
-}
-
-func (p ClientConfig_Promise) EdgeConnectionConfig() EdgeConnectionConfig_Promise {
-	return EdgeConnectionConfig_Promise{Pipeline: p.Pipeline.GetPipeline(1)}
-}
-
-type SupervisorConfig struct{ capnp.Struct }
-
-// SupervisorConfig_TypeID is the unique identifier for the type SupervisorConfig.
-const SupervisorConfig_TypeID = 0xf7f49b3f779ae258
-
-func NewSupervisorConfig(s *capnp.Segment) (SupervisorConfig, error) {
-	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 24, PointerCount: 0})
-	return SupervisorConfig{st}, err
-}
-
-func NewRootSupervisorConfig(s *capnp.Segment) (SupervisorConfig, error) {
-	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 24, PointerCount: 0})
-	return SupervisorConfig{st}, err
-}
-
-func ReadRootSupervisorConfig(msg *capnp.Message) (SupervisorConfig, error) {
-	root, err := msg.RootPtr()
-	return SupervisorConfig{root.Struct()}, err
-}
-
-func (s SupervisorConfig) String() string {
-	str, _ := text.Marshal(0xf7f49b3f779ae258, s.Struct)
-	return str
-}
-
-func (s SupervisorConfig) AutoUpdateFrequency() int64 {
-	return int64(s.Struct.Uint64(0))
-}
-
-func (s SupervisorConfig) SetAutoUpdateFrequency(v int64) {
-	s.Struct.SetUint64(0, uint64(v))
-}
-
-func (s SupervisorConfig) MetricsUpdateFrequency() int64 {
-	return int64(s.Struct.Uint64(8))
-}
-
-func (s SupervisorConfig) SetMetricsUpdateFrequency(v int64) {
-	s.Struct.SetUint64(8, uint64(v))
-}
-
-func (s SupervisorConfig) GracePeriod() int64 {
-	return int64(s.Struct.Uint64(16))
-}
-
-func (s SupervisorConfig) SetGracePeriod(v int64) {
-	s.Struct.SetUint64(16, uint64(v))
-}
-
-// SupervisorConfig_List is a list of SupervisorConfig.
-type SupervisorConfig_List struct{ capnp.List }
-
-// NewSupervisorConfig creates a new list of SupervisorConfig.
-func NewSupervisorConfig_List(s *capnp.Segment, sz int32) (SupervisorConfig_List, error) {
-	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 24, PointerCount: 0}, sz)
-	return SupervisorConfig_List{l}, err
-}
-
-func (s SupervisorConfig_List) At(i int) SupervisorConfig { return SupervisorConfig{s.List.Struct(i)} }
-
-func (s SupervisorConfig_List) Set(i int, v SupervisorConfig) error {
-	return s.List.SetStruct(i, v.Struct)
-}
-
-func (s SupervisorConfig_List) String() string {
-	str, _ := text.MarshalList(0xf7f49b3f779ae258, s.List)
-	return str
-}
-
-// SupervisorConfig_Promise is a wrapper for a SupervisorConfig promised by a client call.
-type SupervisorConfig_Promise struct{ *capnp.Pipeline }
-
-func (p SupervisorConfig_Promise) Struct() (SupervisorConfig, error) {
-	s, err := p.Pipeline.Struct()
-	return SupervisorConfig{s}, err
-}
-
-type EdgeConnectionConfig struct{ capnp.Struct }
-
-// EdgeConnectionConfig_TypeID is the unique identifier for the type EdgeConnectionConfig.
-const EdgeConnectionConfig_TypeID = 0xc744e349009087aa
-
-func NewEdgeConnectionConfig(s *capnp.Segment) (EdgeConnectionConfig, error) {
-	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 32, PointerCount: 1})
-	return EdgeConnectionConfig{st}, err
-}
-
-func NewRootEdgeConnectionConfig(s *capnp.Segment) (EdgeConnectionConfig, error) {
-	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 32, PointerCount: 1})
-	return EdgeConnectionConfig{st}, err
-}
-
-func ReadRootEdgeConnectionConfig(msg *capnp.Message) (EdgeConnectionConfig, error) {
-	root, err := msg.RootPtr()
-	return EdgeConnectionConfig{root.Struct()}, err
-}
-
-func (s EdgeConnectionConfig) String() string {
-	str, _ := text.Marshal(0xc744e349009087aa, s.Struct)
-	return str
-}
-
-func (s EdgeConnectionConfig) NumHAConnections() uint8 {
-	return s.Struct.Uint8(0)
-}
-
-func (s EdgeConnectionConfig) SetNumHAConnections(v uint8) {
-	s.Struct.SetUint8(0, v)
-}
-
-func (s EdgeConnectionConfig) HeartbeatInterval() int64 {
-	return int64(s.Struct.Uint64(8))
-}
-
-func (s EdgeConnectionConfig) SetHeartbeatInterval(v int64) {
-	s.Struct.SetUint64(8, uint64(v))
-}
-
-func (s EdgeConnectionConfig) Timeout() int64 {
-	return int64(s.Struct.Uint64(16))
-}
-
-func (s EdgeConnectionConfig) SetTimeout(v int64) {
-	s.Struct.SetUint64(16, uint64(v))
-}
-
-func (s EdgeConnectionConfig) MaxFailedHeartbeats() uint64 {
-	return s.Struct.Uint64(24)
-}
-
-func (s EdgeConnectionConfig) SetMaxFailedHeartbeats(v uint64) {
-	s.Struct.SetUint64(24, v)
-}
-
-func (s EdgeConnectionConfig) UserCredentialPath() (string, error) {
-	p, err := s.Struct.Ptr(0)
-	return p.Text(), err
-}
-
-func (s EdgeConnectionConfig) HasUserCredentialPath() bool {
-	p, err := s.Struct.Ptr(0)
-	return p.IsValid() || err != nil
-}
-
-func (s EdgeConnectionConfig) UserCredentialPathBytes() ([]byte, error) {
-	p, err := s.Struct.Ptr(0)
-	return p.TextBytes(), err
-}
-
-func (s EdgeConnectionConfig) SetUserCredentialPath(v string) error {
-	return s.Struct.SetText(0, v)
-}
-
-// EdgeConnectionConfig_List is a list of EdgeConnectionConfig.
-type EdgeConnectionConfig_List struct{ capnp.List }
-
-// NewEdgeConnectionConfig creates a new list of EdgeConnectionConfig.
-func NewEdgeConnectionConfig_List(s *capnp.Segment, sz int32) (EdgeConnectionConfig_List, error) {
-	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 32, PointerCount: 1}, sz)
-	return EdgeConnectionConfig_List{l}, err
-}
-
-func (s EdgeConnectionConfig_List) At(i int) EdgeConnectionConfig {
-	return EdgeConnectionConfig{s.List.Struct(i)}
-}
-
-func (s EdgeConnectionConfig_List) Set(i int, v EdgeConnectionConfig) error {
-	return s.List.SetStruct(i, v.Struct)
-}
-
-func (s EdgeConnectionConfig_List) String() string {
-	str, _ := text.MarshalList(0xc744e349009087aa, s.List)
-	return str
-}
-
-// EdgeConnectionConfig_Promise is a wrapper for a EdgeConnectionConfig promised by a client call.
-type EdgeConnectionConfig_Promise struct{ *capnp.Pipeline }
-
-func (p EdgeConnectionConfig_Promise) Struct() (EdgeConnectionConfig, error) {
-	s, err := p.Pipeline.Struct()
-	return EdgeConnectionConfig{s}, err
-}
-
-type ReverseProxyConfig struct{ capnp.Struct }
-type ReverseProxyConfig_originConfig ReverseProxyConfig
-type ReverseProxyConfig_originConfig_Which uint16
-
-const (
-	ReverseProxyConfig_originConfig_Which_http       ReverseProxyConfig_originConfig_Which = 0
-	ReverseProxyConfig_originConfig_Which_websocket  ReverseProxyConfig_originConfig_Which = 1
-	ReverseProxyConfig_originConfig_Which_helloWorld ReverseProxyConfig_originConfig_Which = 2
-)
-
-func (w ReverseProxyConfig_originConfig_Which) String() string {
-	const s = "httpwebsockethelloWorld"
-	switch w {
-	case ReverseProxyConfig_originConfig_Which_http:
-		return s[0:4]
-	case ReverseProxyConfig_originConfig_Which_websocket:
-		return s[4:13]
-	case ReverseProxyConfig_originConfig_Which_helloWorld:
-		return s[13:23]
-
-	}
-	return "ReverseProxyConfig_originConfig_Which(" + strconv.FormatUint(uint64(w), 10) + ")"
-}
-
-// ReverseProxyConfig_TypeID is the unique identifier for the type ReverseProxyConfig.
-const ReverseProxyConfig_TypeID = 0xc766a92976e389c4
-
-func NewReverseProxyConfig(s *capnp.Segment) (ReverseProxyConfig, error) {
-	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 32, PointerCount: 2})
-	return ReverseProxyConfig{st}, err
-}
-
-func NewRootReverseProxyConfig(s *capnp.Segment) (ReverseProxyConfig, error) {
-	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 32, PointerCount: 2})
-	return ReverseProxyConfig{st}, err
-}
-
-func ReadRootReverseProxyConfig(msg *capnp.Message) (ReverseProxyConfig, error) {
-	root, err := msg.RootPtr()
-	return ReverseProxyConfig{root.Struct()}, err
-}
-
-func (s ReverseProxyConfig) String() string {
-	str, _ := text.Marshal(0xc766a92976e389c4, s.Struct)
-	return str
-}
-
-func (s ReverseProxyConfig) TunnelHostname() (string, error) {
-	p, err := s.Struct.Ptr(0)
-	return p.Text(), err
-}
-
-func (s ReverseProxyConfig) HasTunnelHostname() bool {
-	p, err := s.Struct.Ptr(0)
-	return p.IsValid() || err != nil
-}
-
-func (s ReverseProxyConfig) TunnelHostnameBytes() ([]byte, error) {
-	p, err := s.Struct.Ptr(0)
-	return p.TextBytes(), err
-}
-
-func (s ReverseProxyConfig) SetTunnelHostname(v string) error {
-	return s.Struct.SetText(0, v)
-}
-
-func (s ReverseProxyConfig) OriginConfig() ReverseProxyConfig_originConfig {
-	return ReverseProxyConfig_originConfig(s)
-}
-
-func (s ReverseProxyConfig_originConfig) Which() ReverseProxyConfig_originConfig_Which {
-	return ReverseProxyConfig_originConfig_Which(s.Struct.Uint16(0))
-}
-func (s ReverseProxyConfig_originConfig) Http() (HTTPOriginConfig, error) {
-	if s.Struct.Uint16(0) != 0 {
-		panic("Which() != http")
-	}
-	p, err := s.Struct.Ptr(1)
-	return HTTPOriginConfig{Struct: p.Struct()}, err
-}
-
-func (s ReverseProxyConfig_originConfig) HasHttp() bool {
-	if s.Struct.Uint16(0) != 0 {
-		return false
-	}
-	p, err := s.Struct.Ptr(1)
-	return p.IsValid() || err != nil
-}
-
-func (s ReverseProxyConfig_originConfig) SetHttp(v HTTPOriginConfig) error {
-	s.Struct.SetUint16(0, 0)
-	return s.Struct.SetPtr(1, v.Struct.ToPtr())
-}
-
-// NewHttp sets the http field to a newly
-// allocated HTTPOriginConfig struct, preferring placement in s's segment.
-func (s ReverseProxyConfig_originConfig) NewHttp() (HTTPOriginConfig, error) {
-	s.Struct.SetUint16(0, 0)
-	ss, err := NewHTTPOriginConfig(s.Struct.Segment())
-	if err != nil {
-		return HTTPOriginConfig{}, err
-	}
-	err = s.Struct.SetPtr(1, ss.Struct.ToPtr())
-	return ss, err
-}
-
-func (s ReverseProxyConfig_originConfig) Websocket() (WebSocketOriginConfig, error) {
-	if s.Struct.Uint16(0) != 1 {
-		panic("Which() != websocket")
-	}
-	p, err := s.Struct.Ptr(1)
-	return WebSocketOriginConfig{Struct: p.Struct()}, err
-}
-
-func (s ReverseProxyConfig_originConfig) HasWebsocket() bool {
-	if s.Struct.Uint16(0) != 1 {
-		return false
-	}
-	p, err := s.Struct.Ptr(1)
-	return p.IsValid() || err != nil
-}
-
-func (s ReverseProxyConfig_originConfig) SetWebsocket(v WebSocketOriginConfig) error {
-	s.Struct.SetUint16(0, 1)
-	return s.Struct.SetPtr(1, v.Struct.ToPtr())
-}
-
-// NewWebsocket sets the websocket field to a newly
-// allocated WebSocketOriginConfig struct, preferring placement in s's segment.
-func (s ReverseProxyConfig_originConfig) NewWebsocket() (WebSocketOriginConfig, error) {
-	s.Struct.SetUint16(0, 1)
-	ss, err := NewWebSocketOriginConfig(s.Struct.Segment())
-	if err != nil {
-		return WebSocketOriginConfig{}, err
-	}
-	err = s.Struct.SetPtr(1, ss.Struct.ToPtr())
-	return ss, err
-}
-
-func (s ReverseProxyConfig_originConfig) HelloWorld() (HelloWorldOriginConfig, error) {
-	if s.Struct.Uint16(0) != 2 {
-		panic("Which() != helloWorld")
-	}
-	p, err := s.Struct.Ptr(1)
-	return HelloWorldOriginConfig{Struct: p.Struct()}, err
-}
-
-func (s ReverseProxyConfig_originConfig) HasHelloWorld() bool {
-	if s.Struct.Uint16(0) != 2 {
-		return false
-	}
-	p, err := s.Struct.Ptr(1)
-	return p.IsValid() || err != nil
-}
-
-func (s ReverseProxyConfig_originConfig) SetHelloWorld(v HelloWorldOriginConfig) error {
-	s.Struct.SetUint16(0, 2)
-	return s.Struct.SetPtr(1, v.Struct.ToPtr())
-}
-
-// NewHelloWorld sets the helloWorld field to a newly
-// allocated HelloWorldOriginConfig struct, preferring placement in s's segment.
-func (s ReverseProxyConfig_originConfig) NewHelloWorld() (HelloWorldOriginConfig, error) {
-	s.Struct.SetUint16(0, 2)
-	ss, err := NewHelloWorldOriginConfig(s.Struct.Segment())
-	if err != nil {
-		return HelloWorldOriginConfig{}, err
-	}
-	err = s.Struct.SetPtr(1, ss.Struct.ToPtr())
-	return ss, err
-}
-
-func (s ReverseProxyConfig) Retries() uint64 {
-	return s.Struct.Uint64(8)
-}
-
-func (s ReverseProxyConfig) SetRetries(v uint64) {
-	s.Struct.SetUint64(8, v)
-}
-
-func (s ReverseProxyConfig) ConnectionTimeout() int64 {
-	return int64(s.Struct.Uint64(16))
-}
-
-func (s ReverseProxyConfig) SetConnectionTimeout(v int64) {
-	s.Struct.SetUint64(16, uint64(v))
-}
-
-func (s ReverseProxyConfig) CompressionQuality() uint64 {
-	return s.Struct.Uint64(24)
-}
-
-func (s ReverseProxyConfig) SetCompressionQuality(v uint64) {
-	s.Struct.SetUint64(24, v)
-}
-
-// ReverseProxyConfig_List is a list of ReverseProxyConfig.
-type ReverseProxyConfig_List struct{ capnp.List }
-
-// NewReverseProxyConfig creates a new list of ReverseProxyConfig.
-func NewReverseProxyConfig_List(s *capnp.Segment, sz int32) (ReverseProxyConfig_List, error) {
-	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 32, PointerCount: 2}, sz)
-	return ReverseProxyConfig_List{l}, err
-}
-
-func (s ReverseProxyConfig_List) At(i int) ReverseProxyConfig {
-	return ReverseProxyConfig{s.List.Struct(i)}
-}
-
-func (s ReverseProxyConfig_List) Set(i int, v ReverseProxyConfig) error {
-	return s.List.SetStruct(i, v.Struct)
-}
-
-func (s ReverseProxyConfig_List) String() string {
-	str, _ := text.MarshalList(0xc766a92976e389c4, s.List)
-	return str
-}
-
-// ReverseProxyConfig_Promise is a wrapper for a ReverseProxyConfig promised by a client call.
-type ReverseProxyConfig_Promise struct{ *capnp.Pipeline }
-
-func (p ReverseProxyConfig_Promise) Struct() (ReverseProxyConfig, error) {
-	s, err := p.Pipeline.Struct()
-	return ReverseProxyConfig{s}, err
-}
-
-func (p ReverseProxyConfig_Promise) OriginConfig() ReverseProxyConfig_originConfig_Promise {
-	return ReverseProxyConfig_originConfig_Promise{p.Pipeline}
-}
-
-// ReverseProxyConfig_originConfig_Promise is a wrapper for a ReverseProxyConfig_originConfig promised by a client call.
-type ReverseProxyConfig_originConfig_Promise struct{ *capnp.Pipeline }
-
-func (p ReverseProxyConfig_originConfig_Promise) Struct() (ReverseProxyConfig_originConfig, error) {
-	s, err := p.Pipeline.Struct()
-	return ReverseProxyConfig_originConfig{s}, err
-}
-
-func (p ReverseProxyConfig_originConfig_Promise) Http() HTTPOriginConfig_Promise {
-	return HTTPOriginConfig_Promise{Pipeline: p.Pipeline.GetPipeline(1)}
-}
-
-func (p ReverseProxyConfig_originConfig_Promise) Websocket() WebSocketOriginConfig_Promise {
-	return WebSocketOriginConfig_Promise{Pipeline: p.Pipeline.GetPipeline(1)}
-}
-
-func (p ReverseProxyConfig_originConfig_Promise) HelloWorld() HelloWorldOriginConfig_Promise {
-	return HelloWorldOriginConfig_Promise{Pipeline: p.Pipeline.GetPipeline(1)}
-}
-
-type WebSocketOriginConfig struct{ capnp.Struct }
-
-// WebSocketOriginConfig_TypeID is the unique identifier for the type WebSocketOriginConfig.
-const WebSocketOriginConfig_TypeID = 0xf9c895683ed9ac4c
-
-func NewWebSocketOriginConfig(s *capnp.Segment) (WebSocketOriginConfig, error) {
-	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 3})
-	return WebSocketOriginConfig{st}, err
-}
-
-func NewRootWebSocketOriginConfig(s *capnp.Segment) (WebSocketOriginConfig, error) {
-	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 3})
-	return WebSocketOriginConfig{st}, err
-}
-
-func ReadRootWebSocketOriginConfig(msg *capnp.Message) (WebSocketOriginConfig, error) {
-	root, err := msg.RootPtr()
-	return WebSocketOriginConfig{root.Struct()}, err
-}
-
-func (s WebSocketOriginConfig) String() string {
-	str, _ := text.Marshal(0xf9c895683ed9ac4c, s.Struct)
-	return str
-}
-
-func (s WebSocketOriginConfig) UrlString() (string, error) {
-	p, err := s.Struct.Ptr(0)
-	return p.Text(), err
-}
-
-func (s WebSocketOriginConfig) HasUrlString() bool {
-	p, err := s.Struct.Ptr(0)
-	return p.IsValid() || err != nil
-}
-
-func (s WebSocketOriginConfig) UrlStringBytes() ([]byte, error) {
-	p, err := s.Struct.Ptr(0)
-	return p.TextBytes(), err
-}
-
-func (s WebSocketOriginConfig) SetUrlString(v string) error {
-	return s.Struct.SetText(0, v)
-}
-
-func (s WebSocketOriginConfig) TlsVerify() bool {
-	return s.Struct.Bit(0)
-}
-
-func (s WebSocketOriginConfig) SetTlsVerify(v bool) {
-	s.Struct.SetBit(0, v)
-}
-
-func (s WebSocketOriginConfig) OriginCAPool() (string, error) {
-	p, err := s.Struct.Ptr(1)
-	return p.Text(), err
-}
-
-func (s WebSocketOriginConfig) HasOriginCAPool() bool {
-	p, err := s.Struct.Ptr(1)
-	return p.IsValid() || err != nil
-}
-
-func (s WebSocketOriginConfig) OriginCAPoolBytes() ([]byte, error) {
-	p, err := s.Struct.Ptr(1)
-	return p.TextBytes(), err
-}
-
-func (s WebSocketOriginConfig) SetOriginCAPool(v string) error {
-	return s.Struct.SetText(1, v)
-}
-
-func (s WebSocketOriginConfig) OriginServerName() (string, error) {
-	p, err := s.Struct.Ptr(2)
-	return p.Text(), err
-}
-
-func (s WebSocketOriginConfig) HasOriginServerName() bool {
-	p, err := s.Struct.Ptr(2)
-	return p.IsValid() || err != nil
-}
-
-func (s WebSocketOriginConfig) OriginServerNameBytes() ([]byte, error) {
-	p, err := s.Struct.Ptr(2)
-	return p.TextBytes(), err
-}
-
-func (s WebSocketOriginConfig) SetOriginServerName(v string) error {
-	return s.Struct.SetText(2, v)
-}
-
-// WebSocketOriginConfig_List is a list of WebSocketOriginConfig.
-type WebSocketOriginConfig_List struct{ capnp.List }
-
-// NewWebSocketOriginConfig creates a new list of WebSocketOriginConfig.
-func NewWebSocketOriginConfig_List(s *capnp.Segment, sz int32) (WebSocketOriginConfig_List, error) {
-	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 8, PointerCount: 3}, sz)
-	return WebSocketOriginConfig_List{l}, err
-}
-
-func (s WebSocketOriginConfig_List) At(i int) WebSocketOriginConfig {
-	return WebSocketOriginConfig{s.List.Struct(i)}
-}
-
-func (s WebSocketOriginConfig_List) Set(i int, v WebSocketOriginConfig) error {
-	return s.List.SetStruct(i, v.Struct)
-}
-
-func (s WebSocketOriginConfig_List) String() string {
-	str, _ := text.MarshalList(0xf9c895683ed9ac4c, s.List)
-	return str
-}
-
-// WebSocketOriginConfig_Promise is a wrapper for a WebSocketOriginConfig promised by a client call.
-type WebSocketOriginConfig_Promise struct{ *capnp.Pipeline }
-
-func (p WebSocketOriginConfig_Promise) Struct() (WebSocketOriginConfig, error) {
-	s, err := p.Pipeline.Struct()
-	return WebSocketOriginConfig{s}, err
-}
-
-type HTTPOriginConfig struct{ capnp.Struct }
-
-// HTTPOriginConfig_TypeID is the unique identifier for the type HTTPOriginConfig.
-const HTTPOriginConfig_TypeID = 0xe4a6a1bc139211b4
-
-func NewHTTPOriginConfig(s *capnp.Segment) (HTTPOriginConfig, error) {
-	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 56, PointerCount: 3})
-	return HTTPOriginConfig{st}, err
-}
-
-func NewRootHTTPOriginConfig(s *capnp.Segment) (HTTPOriginConfig, error) {
-	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 56, PointerCount: 3})
-	return HTTPOriginConfig{st}, err
-}
-
-func ReadRootHTTPOriginConfig(msg *capnp.Message) (HTTPOriginConfig, error) {
-	root, err := msg.RootPtr()
-	return HTTPOriginConfig{root.Struct()}, err
-}
-
-func (s HTTPOriginConfig) String() string {
-	str, _ := text.Marshal(0xe4a6a1bc139211b4, s.Struct)
-	return str
-}
-
-func (s HTTPOriginConfig) UrlString() (string, error) {
-	p, err := s.Struct.Ptr(0)
-	return p.Text(), err
-}
-
-func (s HTTPOriginConfig) HasUrlString() bool {
-	p, err := s.Struct.Ptr(0)
-	return p.IsValid() || err != nil
-}
-
-func (s HTTPOriginConfig) UrlStringBytes() ([]byte, error) {
-	p, err := s.Struct.Ptr(0)
-	return p.TextBytes(), err
-}
-
-func (s HTTPOriginConfig) SetUrlString(v string) error {
-	return s.Struct.SetText(0, v)
-}
-
-func (s HTTPOriginConfig) TcpKeepAlive() int64 {
-	return int64(s.Struct.Uint64(0))
-}
-
-func (s HTTPOriginConfig) SetTcpKeepAlive(v int64) {
-	s.Struct.SetUint64(0, uint64(v))
-}
-
-func (s HTTPOriginConfig) DialDualStack() bool {
-	return s.Struct.Bit(64)
-}
-
-func (s HTTPOriginConfig) SetDialDualStack(v bool) {
-	s.Struct.SetBit(64, v)
-}
-
-func (s HTTPOriginConfig) TlsHandshakeTimeout() int64 {
-	return int64(s.Struct.Uint64(16))
-}
-
-func (s HTTPOriginConfig) SetTlsHandshakeTimeout(v int64) {
-	s.Struct.SetUint64(16, uint64(v))
-}
-
-func (s HTTPOriginConfig) TlsVerify() bool {
-	return s.Struct.Bit(65)
-}
-
-func (s HTTPOriginConfig) SetTlsVerify(v bool) {
-	s.Struct.SetBit(65, v)
-}
-
-func (s HTTPOriginConfig) OriginCAPool() (string, error) {
-	p, err := s.Struct.Ptr(1)
-	return p.Text(), err
-}
-
-func (s HTTPOriginConfig) HasOriginCAPool() bool {
-	p, err := s.Struct.Ptr(1)
-	return p.IsValid() || err != nil
-}
-
-func (s HTTPOriginConfig) OriginCAPoolBytes() ([]byte, error) {
-	p, err := s.Struct.Ptr(1)
-	return p.TextBytes(), err
-}
-
-func (s HTTPOriginConfig) SetOriginCAPool(v string) error {
-	return s.Struct.SetText(1, v)
-}
-
-func (s HTTPOriginConfig) OriginServerName() (string, error) {
-	p, err := s.Struct.Ptr(2)
-	return p.Text(), err
-}
-
-func (s HTTPOriginConfig) HasOriginServerName() bool {
-	p, err := s.Struct.Ptr(2)
-	return p.IsValid() || err != nil
-}
-
-func (s HTTPOriginConfig) OriginServerNameBytes() ([]byte, error) {
-	p, err := s.Struct.Ptr(2)
-	return p.TextBytes(), err
-}
-
-func (s HTTPOriginConfig) SetOriginServerName(v string) error {
-	return s.Struct.SetText(2, v)
-}
-
-func (s HTTPOriginConfig) MaxIdleConnections() uint64 {
-	return s.Struct.Uint64(24)
-}
-
-func (s HTTPOriginConfig) SetMaxIdleConnections(v uint64) {
-	s.Struct.SetUint64(24, v)
-}
-
-func (s HTTPOriginConfig) IdleConnectionTimeout() int64 {
-	return int64(s.Struct.Uint64(32))
-}
-
-func (s HTTPOriginConfig) SetIdleConnectionTimeout(v int64) {
-	s.Struct.SetUint64(32, uint64(v))
-}
-
-func (s HTTPOriginConfig) ProxyConnectionTimeout() int64 {
-	return int64(s.Struct.Uint64(40))
-}
-
-func (s HTTPOriginConfig) SetProxyConnectionTimeout(v int64) {
-	s.Struct.SetUint64(40, uint64(v))
-}
-
-func (s HTTPOriginConfig) ExpectContinueTimeout() int64 {
-	return int64(s.Struct.Uint64(48))
-}
-
-func (s HTTPOriginConfig) SetExpectContinueTimeout(v int64) {
-	s.Struct.SetUint64(48, uint64(v))
-}
-
-func (s HTTPOriginConfig) ChunkedEncoding() bool {
-	return s.Struct.Bit(66)
-}
-
-func (s HTTPOriginConfig) SetChunkedEncoding(v bool) {
-	s.Struct.SetBit(66, v)
-}
-
-// HTTPOriginConfig_List is a list of HTTPOriginConfig.
-type HTTPOriginConfig_List struct{ capnp.List }
-
-// NewHTTPOriginConfig creates a new list of HTTPOriginConfig.
-func NewHTTPOriginConfig_List(s *capnp.Segment, sz int32) (HTTPOriginConfig_List, error) {
-	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 56, PointerCount: 3}, sz)
-	return HTTPOriginConfig_List{l}, err
-}
-
-func (s HTTPOriginConfig_List) At(i int) HTTPOriginConfig { return HTTPOriginConfig{s.List.Struct(i)} }
-
-func (s HTTPOriginConfig_List) Set(i int, v HTTPOriginConfig) error {
-	return s.List.SetStruct(i, v.Struct)
-}
-
-func (s HTTPOriginConfig_List) String() string {
-	str, _ := text.MarshalList(0xe4a6a1bc139211b4, s.List)
-	return str
-}
-
-// HTTPOriginConfig_Promise is a wrapper for a HTTPOriginConfig promised by a client call.
-type HTTPOriginConfig_Promise struct{ *capnp.Pipeline }
-
-func (p HTTPOriginConfig_Promise) Struct() (HTTPOriginConfig, error) {
-	s, err := p.Pipeline.Struct()
-	return HTTPOriginConfig{s}, err
-}
-
-type DoHProxyConfig struct{ capnp.Struct }
-
-// DoHProxyConfig_TypeID is the unique identifier for the type DoHProxyConfig.
-const DoHProxyConfig_TypeID = 0xb167b0bebe562cd0
-
-func NewDoHProxyConfig(s *capnp.Segment) (DoHProxyConfig, error) {
-	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 2})
-	return DoHProxyConfig{st}, err
-}
-
-func NewRootDoHProxyConfig(s *capnp.Segment) (DoHProxyConfig, error) {
-	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 2})
-	return DoHProxyConfig{st}, err
-}
-
-func ReadRootDoHProxyConfig(msg *capnp.Message) (DoHProxyConfig, error) {
-	root, err := msg.RootPtr()
-	return DoHProxyConfig{root.Struct()}, err
-}
-
-func (s DoHProxyConfig) String() string {
-	str, _ := text.Marshal(0xb167b0bebe562cd0, s.Struct)
-	return str
-}
-
-func (s DoHProxyConfig) ListenHost() (string, error) {
-	p, err := s.Struct.Ptr(0)
-	return p.Text(), err
-}
-
-func (s DoHProxyConfig) HasListenHost() bool {
-	p, err := s.Struct.Ptr(0)
-	return p.IsValid() || err != nil
-}
-
-func (s DoHProxyConfig) ListenHostBytes() ([]byte, error) {
-	p, err := s.Struct.Ptr(0)
-	return p.TextBytes(), err
-}
-
-func (s DoHProxyConfig) SetListenHost(v string) error {
-	return s.Struct.SetText(0, v)
-}
-
-func (s DoHProxyConfig) ListenPort() uint16 {
-	return s.Struct.Uint16(0)
-}
-
-func (s DoHProxyConfig) SetListenPort(v uint16) {
-	s.Struct.SetUint16(0, v)
-}
-
-func (s DoHProxyConfig) Upstreams() (capnp.TextList, error) {
-	p, err := s.Struct.Ptr(1)
-	return capnp.TextList{List: p.List()}, err
-}
-
-func (s DoHProxyConfig) HasUpstreams() bool {
-	p, err := s.Struct.Ptr(1)
-	return p.IsValid() || err != nil
-}
-
-func (s DoHProxyConfig) SetUpstreams(v capnp.TextList) error {
-	return s.Struct.SetPtr(1, v.List.ToPtr())
-}
-
-// NewUpstreams sets the upstreams field to a newly
-// allocated capnp.TextList, preferring placement in s's segment.
-func (s DoHProxyConfig) NewUpstreams(n int32) (capnp.TextList, error) {
-	l, err := capnp.NewTextList(s.Struct.Segment(), n)
-	if err != nil {
-		return capnp.TextList{}, err
-	}
-	err = s.Struct.SetPtr(1, l.List.ToPtr())
-	return l, err
-}
-
-// DoHProxyConfig_List is a list of DoHProxyConfig.
-type DoHProxyConfig_List struct{ capnp.List }
-
-// NewDoHProxyConfig creates a new list of DoHProxyConfig.
-func NewDoHProxyConfig_List(s *capnp.Segment, sz int32) (DoHProxyConfig_List, error) {
-	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 8, PointerCount: 2}, sz)
-	return DoHProxyConfig_List{l}, err
-}
-
-func (s DoHProxyConfig_List) At(i int) DoHProxyConfig { return DoHProxyConfig{s.List.Struct(i)} }
-
-func (s DoHProxyConfig_List) Set(i int, v DoHProxyConfig) error { return s.List.SetStruct(i, v.Struct) }
-
-func (s DoHProxyConfig_List) String() string {
-	str, _ := text.MarshalList(0xb167b0bebe562cd0, s.List)
-	return str
-}
-
-// DoHProxyConfig_Promise is a wrapper for a DoHProxyConfig promised by a client call.
-type DoHProxyConfig_Promise struct{ *capnp.Pipeline }
-
-func (p DoHProxyConfig_Promise) Struct() (DoHProxyConfig, error) {
-	s, err := p.Pipeline.Struct()
-	return DoHProxyConfig{s}, err
-}
-
-type HelloWorldOriginConfig struct{ capnp.Struct }
-
-// HelloWorldOriginConfig_TypeID is the unique identifier for the type HelloWorldOriginConfig.
-const HelloWorldOriginConfig_TypeID = 0x8891f360e47c30d3
-
-func NewHelloWorldOriginConfig(s *capnp.Segment) (HelloWorldOriginConfig, error) {
-	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 0})
-	return HelloWorldOriginConfig{st}, err
-}
-
-func NewRootHelloWorldOriginConfig(s *capnp.Segment) (HelloWorldOriginConfig, error) {
-	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 0})
-	return HelloWorldOriginConfig{st}, err
-}
-
-func ReadRootHelloWorldOriginConfig(msg *capnp.Message) (HelloWorldOriginConfig, error) {
-	root, err := msg.RootPtr()
-	return HelloWorldOriginConfig{root.Struct()}, err
-}
-
-func (s HelloWorldOriginConfig) String() string {
-	str, _ := text.Marshal(0x8891f360e47c30d3, s.Struct)
-	return str
-}
-
-// HelloWorldOriginConfig_List is a list of HelloWorldOriginConfig.
-type HelloWorldOriginConfig_List struct{ capnp.List }
-
-// NewHelloWorldOriginConfig creates a new list of HelloWorldOriginConfig.
-func NewHelloWorldOriginConfig_List(s *capnp.Segment, sz int32) (HelloWorldOriginConfig_List, error) {
-	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 0, PointerCount: 0}, sz)
-	return HelloWorldOriginConfig_List{l}, err
-}
-
-func (s HelloWorldOriginConfig_List) At(i int) HelloWorldOriginConfig {
-	return HelloWorldOriginConfig{s.List.Struct(i)}
-}
-
-func (s HelloWorldOriginConfig_List) Set(i int, v HelloWorldOriginConfig) error {
-	return s.List.SetStruct(i, v.Struct)
-}
-
-func (s HelloWorldOriginConfig_List) String() string {
-	str, _ := text.MarshalList(0x8891f360e47c30d3, s.List)
-	return str
-}
-
-// HelloWorldOriginConfig_Promise is a wrapper for a HelloWorldOriginConfig promised by a client call.
-type HelloWorldOriginConfig_Promise struct{ *capnp.Pipeline }
-
-func (p HelloWorldOriginConfig_Promise) Struct() (HelloWorldOriginConfig, error) {
-	s, err := p.Pipeline.Struct()
-	return HelloWorldOriginConfig{s}, err
-}
-
 type Tag struct{ capnp.Struct }
 
 // Tag_TypeID is the unique identifier for the type Tag.
@@ -2346,354 +785,6 @@ func (p ServerInfo_Promise) Struct() (ServerInfo, error) {
 	return ServerInfo{s}, err
 }
 
-type UseConfigurationResult struct{ capnp.Struct }
-
-// UseConfigurationResult_TypeID is the unique identifier for the type UseConfigurationResult.
-const UseConfigurationResult_TypeID = 0xd58a254e7a792b87
-
-func NewUseConfigurationResult(s *capnp.Segment) (UseConfigurationResult, error) {
-	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 1})
-	return UseConfigurationResult{st}, err
-}
-
-func NewRootUseConfigurationResult(s *capnp.Segment) (UseConfigurationResult, error) {
-	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 1})
-	return UseConfigurationResult{st}, err
-}
-
-func ReadRootUseConfigurationResult(msg *capnp.Message) (UseConfigurationResult, error) {
-	root, err := msg.RootPtr()
-	return UseConfigurationResult{root.Struct()}, err
-}
-
-func (s UseConfigurationResult) String() string {
-	str, _ := text.Marshal(0xd58a254e7a792b87, s.Struct)
-	return str
-}
-
-func (s UseConfigurationResult) Success() bool {
-	return s.Struct.Bit(0)
-}
-
-func (s UseConfigurationResult) SetSuccess(v bool) {
-	s.Struct.SetBit(0, v)
-}
-
-func (s UseConfigurationResult) FailedConfigs() (FailedConfig_List, error) {
-	p, err := s.Struct.Ptr(0)
-	return FailedConfig_List{List: p.List()}, err
-}
-
-func (s UseConfigurationResult) HasFailedConfigs() bool {
-	p, err := s.Struct.Ptr(0)
-	return p.IsValid() || err != nil
-}
-
-func (s UseConfigurationResult) SetFailedConfigs(v FailedConfig_List) error {
-	return s.Struct.SetPtr(0, v.List.ToPtr())
-}
-
-// NewFailedConfigs sets the failedConfigs field to a newly
-// allocated FailedConfig_List, preferring placement in s's segment.
-func (s UseConfigurationResult) NewFailedConfigs(n int32) (FailedConfig_List, error) {
-	l, err := NewFailedConfig_List(s.Struct.Segment(), n)
-	if err != nil {
-		return FailedConfig_List{}, err
-	}
-	err = s.Struct.SetPtr(0, l.List.ToPtr())
-	return l, err
-}
-
-// UseConfigurationResult_List is a list of UseConfigurationResult.
-type UseConfigurationResult_List struct{ capnp.List }
-
-// NewUseConfigurationResult creates a new list of UseConfigurationResult.
-func NewUseConfigurationResult_List(s *capnp.Segment, sz int32) (UseConfigurationResult_List, error) {
-	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 8, PointerCount: 1}, sz)
-	return UseConfigurationResult_List{l}, err
-}
-
-func (s UseConfigurationResult_List) At(i int) UseConfigurationResult {
-	return UseConfigurationResult{s.List.Struct(i)}
-}
-
-func (s UseConfigurationResult_List) Set(i int, v UseConfigurationResult) error {
-	return s.List.SetStruct(i, v.Struct)
-}
-
-func (s UseConfigurationResult_List) String() string {
-	str, _ := text.MarshalList(0xd58a254e7a792b87, s.List)
-	return str
-}
-
-// UseConfigurationResult_Promise is a wrapper for a UseConfigurationResult promised by a client call.
-type UseConfigurationResult_Promise struct{ *capnp.Pipeline }
-
-func (p UseConfigurationResult_Promise) Struct() (UseConfigurationResult, error) {
-	s, err := p.Pipeline.Struct()
-	return UseConfigurationResult{s}, err
-}
-
-type FailedConfig struct{ capnp.Struct }
-type FailedConfig_config FailedConfig
-type FailedConfig_config_Which uint16
-
-const (
-	FailedConfig_config_Which_supervisor     FailedConfig_config_Which = 0
-	FailedConfig_config_Which_edgeConnection FailedConfig_config_Which = 1
-	FailedConfig_config_Which_doh            FailedConfig_config_Which = 2
-	FailedConfig_config_Which_reverseProxy   FailedConfig_config_Which = 3
-)
-
-func (w FailedConfig_config_Which) String() string {
-	const s = "supervisoredgeConnectiondohreverseProxy"
-	switch w {
-	case FailedConfig_config_Which_supervisor:
-		return s[0:10]
-	case FailedConfig_config_Which_edgeConnection:
-		return s[10:24]
-	case FailedConfig_config_Which_doh:
-		return s[24:27]
-	case FailedConfig_config_Which_reverseProxy:
-		return s[27:39]
-
-	}
-	return "FailedConfig_config_Which(" + strconv.FormatUint(uint64(w), 10) + ")"
-}
-
-// FailedConfig_TypeID is the unique identifier for the type FailedConfig.
-const FailedConfig_TypeID = 0xea20b390b257d1a5
-
-func NewFailedConfig(s *capnp.Segment) (FailedConfig, error) {
-	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 2})
-	return FailedConfig{st}, err
-}
-
-func NewRootFailedConfig(s *capnp.Segment) (FailedConfig, error) {
-	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 2})
-	return FailedConfig{st}, err
-}
-
-func ReadRootFailedConfig(msg *capnp.Message) (FailedConfig, error) {
-	root, err := msg.RootPtr()
-	return FailedConfig{root.Struct()}, err
-}
-
-func (s FailedConfig) String() string {
-	str, _ := text.Marshal(0xea20b390b257d1a5, s.Struct)
-	return str
-}
-
-func (s FailedConfig) Config() FailedConfig_config { return FailedConfig_config(s) }
-
-func (s FailedConfig_config) Which() FailedConfig_config_Which {
-	return FailedConfig_config_Which(s.Struct.Uint16(0))
-}
-func (s FailedConfig_config) Supervisor() (SupervisorConfig, error) {
-	if s.Struct.Uint16(0) != 0 {
-		panic("Which() != supervisor")
-	}
-	p, err := s.Struct.Ptr(0)
-	return SupervisorConfig{Struct: p.Struct()}, err
-}
-
-func (s FailedConfig_config) HasSupervisor() bool {
-	if s.Struct.Uint16(0) != 0 {
-		return false
-	}
-	p, err := s.Struct.Ptr(0)
-	return p.IsValid() || err != nil
-}
-
-func (s FailedConfig_config) SetSupervisor(v SupervisorConfig) error {
-	s.Struct.SetUint16(0, 0)
-	return s.Struct.SetPtr(0, v.Struct.ToPtr())
-}
-
-// NewSupervisor sets the supervisor field to a newly
-// allocated SupervisorConfig struct, preferring placement in s's segment.
-func (s FailedConfig_config) NewSupervisor() (SupervisorConfig, error) {
-	s.Struct.SetUint16(0, 0)
-	ss, err := NewSupervisorConfig(s.Struct.Segment())
-	if err != nil {
-		return SupervisorConfig{}, err
-	}
-	err = s.Struct.SetPtr(0, ss.Struct.ToPtr())
-	return ss, err
-}
-
-func (s FailedConfig_config) EdgeConnection() (EdgeConnectionConfig, error) {
-	if s.Struct.Uint16(0) != 1 {
-		panic("Which() != edgeConnection")
-	}
-	p, err := s.Struct.Ptr(0)
-	return EdgeConnectionConfig{Struct: p.Struct()}, err
-}
-
-func (s FailedConfig_config) HasEdgeConnection() bool {
-	if s.Struct.Uint16(0) != 1 {
-		return false
-	}
-	p, err := s.Struct.Ptr(0)
-	return p.IsValid() || err != nil
-}
-
-func (s FailedConfig_config) SetEdgeConnection(v EdgeConnectionConfig) error {
-	s.Struct.SetUint16(0, 1)
-	return s.Struct.SetPtr(0, v.Struct.ToPtr())
-}
-
-// NewEdgeConnection sets the edgeConnection field to a newly
-// allocated EdgeConnectionConfig struct, preferring placement in s's segment.
-func (s FailedConfig_config) NewEdgeConnection() (EdgeConnectionConfig, error) {
-	s.Struct.SetUint16(0, 1)
-	ss, err := NewEdgeConnectionConfig(s.Struct.Segment())
-	if err != nil {
-		return EdgeConnectionConfig{}, err
-	}
-	err = s.Struct.SetPtr(0, ss.Struct.ToPtr())
-	return ss, err
-}
-
-func (s FailedConfig_config) Doh() (DoHProxyConfig, error) {
-	if s.Struct.Uint16(0) != 2 {
-		panic("Which() != doh")
-	}
-	p, err := s.Struct.Ptr(0)
-	return DoHProxyConfig{Struct: p.Struct()}, err
-}
-
-func (s FailedConfig_config) HasDoh() bool {
-	if s.Struct.Uint16(0) != 2 {
-		return false
-	}
-	p, err := s.Struct.Ptr(0)
-	return p.IsValid() || err != nil
-}
-
-func (s FailedConfig_config) SetDoh(v DoHProxyConfig) error {
-	s.Struct.SetUint16(0, 2)
-	return s.Struct.SetPtr(0, v.Struct.ToPtr())
-}
-
-// NewDoh sets the doh field to a newly
-// allocated DoHProxyConfig struct, preferring placement in s's segment.
-func (s FailedConfig_config) NewDoh() (DoHProxyConfig, error) {
-	s.Struct.SetUint16(0, 2)
-	ss, err := NewDoHProxyConfig(s.Struct.Segment())
-	if err != nil {
-		return DoHProxyConfig{}, err
-	}
-	err = s.Struct.SetPtr(0, ss.Struct.ToPtr())
-	return ss, err
-}
-
-func (s FailedConfig_config) ReverseProxy() (ReverseProxyConfig, error) {
-	if s.Struct.Uint16(0) != 3 {
-		panic("Which() != reverseProxy")
-	}
-	p, err := s.Struct.Ptr(0)
-	return ReverseProxyConfig{Struct: p.Struct()}, err
-}
-
-func (s FailedConfig_config) HasReverseProxy() bool {
-	if s.Struct.Uint16(0) != 3 {
-		return false
-	}
-	p, err := s.Struct.Ptr(0)
-	return p.IsValid() || err != nil
-}
-
-func (s FailedConfig_config) SetReverseProxy(v ReverseProxyConfig) error {
-	s.Struct.SetUint16(0, 3)
-	return s.Struct.SetPtr(0, v.Struct.ToPtr())
-}
-
-// NewReverseProxy sets the reverseProxy field to a newly
-// allocated ReverseProxyConfig struct, preferring placement in s's segment.
-func (s FailedConfig_config) NewReverseProxy() (ReverseProxyConfig, error) {
-	s.Struct.SetUint16(0, 3)
-	ss, err := NewReverseProxyConfig(s.Struct.Segment())
-	if err != nil {
-		return ReverseProxyConfig{}, err
-	}
-	err = s.Struct.SetPtr(0, ss.Struct.ToPtr())
-	return ss, err
-}
-
-func (s FailedConfig) Reason() (string, error) {
-	p, err := s.Struct.Ptr(1)
-	return p.Text(), err
-}
-
-func (s FailedConfig) HasReason() bool {
-	p, err := s.Struct.Ptr(1)
-	return p.IsValid() || err != nil
-}
-
-func (s FailedConfig) ReasonBytes() ([]byte, error) {
-	p, err := s.Struct.Ptr(1)
-	return p.TextBytes(), err
-}
-
-func (s FailedConfig) SetReason(v string) error {
-	return s.Struct.SetText(1, v)
-}
-
-// FailedConfig_List is a list of FailedConfig.
-type FailedConfig_List struct{ capnp.List }
-
-// NewFailedConfig creates a new list of FailedConfig.
-func NewFailedConfig_List(s *capnp.Segment, sz int32) (FailedConfig_List, error) {
-	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 8, PointerCount: 2}, sz)
-	return FailedConfig_List{l}, err
-}
-
-func (s FailedConfig_List) At(i int) FailedConfig { return FailedConfig{s.List.Struct(i)} }
-
-func (s FailedConfig_List) Set(i int, v FailedConfig) error { return s.List.SetStruct(i, v.Struct) }
-
-func (s FailedConfig_List) String() string {
-	str, _ := text.MarshalList(0xea20b390b257d1a5, s.List)
-	return str
-}
-
-// FailedConfig_Promise is a wrapper for a FailedConfig promised by a client call.
-type FailedConfig_Promise struct{ *capnp.Pipeline }
-
-func (p FailedConfig_Promise) Struct() (FailedConfig, error) {
-	s, err := p.Pipeline.Struct()
-	return FailedConfig{s}, err
-}
-
-func (p FailedConfig_Promise) Config() FailedConfig_config_Promise {
-	return FailedConfig_config_Promise{p.Pipeline}
-}
-
-// FailedConfig_config_Promise is a wrapper for a FailedConfig_config promised by a client call.
-type FailedConfig_config_Promise struct{ *capnp.Pipeline }
-
-func (p FailedConfig_config_Promise) Struct() (FailedConfig_config, error) {
-	s, err := p.Pipeline.Struct()
-	return FailedConfig_config{s}, err
-}
-
-func (p FailedConfig_config_Promise) Supervisor() SupervisorConfig_Promise {
-	return SupervisorConfig_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
-}
-
-func (p FailedConfig_config_Promise) EdgeConnection() EdgeConnectionConfig_Promise {
-	return EdgeConnectionConfig_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
-}
-
-func (p FailedConfig_config_Promise) Doh() DoHProxyConfig_Promise {
-	return DoHProxyConfig_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
-}
-
-func (p FailedConfig_config_Promise) ReverseProxy() ReverseProxyConfig_Promise {
-	return ReverseProxyConfig_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
-}
-
 type AuthenticateResponse struct{ capnp.Struct }
 
 // AuthenticateResponse_TypeID is the unique identifier for the type AuthenticateResponse.
@@ -2889,7 +980,7 @@ func (c TunnelServer) ObsoleteDeclarativeTunnelConnect(ctx context.Context, para
 		Options: capnp.NewCallOptions(opts),
 	}
 	if params != nil {
-		call.ParamsSize = capnp.ObjectSize{DataSize: 0, PointerCount: 1}
+		call.ParamsSize = capnp.ObjectSize{DataSize: 0, PointerCount: 0}
 		call.ParamsFunc = func(s capnp.Struct) error {
 			return params(TunnelServer_obsoleteDeclarativeTunnelConnect_Params{Struct: s})
 		}
@@ -3014,7 +1105,7 @@ func TunnelServer_Methods(methods []server.Method, s TunnelServer_Server) []serv
 			call := TunnelServer_obsoleteDeclarativeTunnelConnect{c, opts, TunnelServer_obsoleteDeclarativeTunnelConnect_Params{Struct: p}, TunnelServer_obsoleteDeclarativeTunnelConnect_Results{Struct: r}}
 			return s.ObsoleteDeclarativeTunnelConnect(call)
 		},
-		ResultsSize: capnp.ObjectSize{DataSize: 0, PointerCount: 1},
+		ResultsSize: capnp.ObjectSize{DataSize: 0, PointerCount: 0},
 	})
 
 	methods = append(methods, server.Method{
@@ -3560,12 +1651,12 @@ type TunnelServer_obsoleteDeclarativeTunnelConnect_Params struct{ capnp.Struct }
 const TunnelServer_obsoleteDeclarativeTunnelConnect_Params_TypeID = 0xa766b24d4fe5da35
 
 func NewTunnelServer_obsoleteDeclarativeTunnelConnect_Params(s *capnp.Segment) (TunnelServer_obsoleteDeclarativeTunnelConnect_Params, error) {
-	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1})
+	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 0})
 	return TunnelServer_obsoleteDeclarativeTunnelConnect_Params{st}, err
 }
 
 func NewRootTunnelServer_obsoleteDeclarativeTunnelConnect_Params(s *capnp.Segment) (TunnelServer_obsoleteDeclarativeTunnelConnect_Params, error) {
-	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1})
+	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 0})
 	return TunnelServer_obsoleteDeclarativeTunnelConnect_Params{st}, err
 }
 
@@ -3579,37 +1670,12 @@ func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Params) String() string {
 	return str
 }
 
-func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Params) Parameters() (CapnpConnectParameters, error) {
-	p, err := s.Struct.Ptr(0)
-	return CapnpConnectParameters{Struct: p.Struct()}, err
-}
-
-func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Params) HasParameters() bool {
-	p, err := s.Struct.Ptr(0)
-	return p.IsValid() || err != nil
-}
-
-func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Params) SetParameters(v CapnpConnectParameters) error {
-	return s.Struct.SetPtr(0, v.Struct.ToPtr())
-}
-
-// NewParameters sets the parameters field to a newly
-// allocated CapnpConnectParameters struct, preferring placement in s's segment.
-func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Params) NewParameters() (CapnpConnectParameters, error) {
-	ss, err := NewCapnpConnectParameters(s.Struct.Segment())
-	if err != nil {
-		return CapnpConnectParameters{}, err
-	}
-	err = s.Struct.SetPtr(0, ss.Struct.ToPtr())
-	return ss, err
-}
-
 // TunnelServer_obsoleteDeclarativeTunnelConnect_Params_List is a list of TunnelServer_obsoleteDeclarativeTunnelConnect_Params.
 type TunnelServer_obsoleteDeclarativeTunnelConnect_Params_List struct{ capnp.List }
 
 // NewTunnelServer_obsoleteDeclarativeTunnelConnect_Params creates a new list of TunnelServer_obsoleteDeclarativeTunnelConnect_Params.
 func NewTunnelServer_obsoleteDeclarativeTunnelConnect_Params_List(s *capnp.Segment, sz int32) (TunnelServer_obsoleteDeclarativeTunnelConnect_Params_List, error) {
-	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1}, sz)
+	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 0, PointerCount: 0}, sz)
 	return TunnelServer_obsoleteDeclarativeTunnelConnect_Params_List{l}, err
 }
 
@@ -3634,22 +1700,18 @@ func (p TunnelServer_obsoleteDeclarativeTunnelConnect_Params_Promise) Struct() (
 	return TunnelServer_obsoleteDeclarativeTunnelConnect_Params{s}, err
 }
 
-func (p TunnelServer_obsoleteDeclarativeTunnelConnect_Params_Promise) Parameters() CapnpConnectParameters_Promise {
-	return CapnpConnectParameters_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
-}
-
 type TunnelServer_obsoleteDeclarativeTunnelConnect_Results struct{ capnp.Struct }
 
 // TunnelServer_obsoleteDeclarativeTunnelConnect_Results_TypeID is the unique identifier for the type TunnelServer_obsoleteDeclarativeTunnelConnect_Results.
 const TunnelServer_obsoleteDeclarativeTunnelConnect_Results_TypeID = 0xfeac5c8f4899ef7c
 
 func NewTunnelServer_obsoleteDeclarativeTunnelConnect_Results(s *capnp.Segment) (TunnelServer_obsoleteDeclarativeTunnelConnect_Results, error) {
-	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1})
+	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 0})
 	return TunnelServer_obsoleteDeclarativeTunnelConnect_Results{st}, err
 }
 
 func NewRootTunnelServer_obsoleteDeclarativeTunnelConnect_Results(s *capnp.Segment) (TunnelServer_obsoleteDeclarativeTunnelConnect_Results, error) {
-	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1})
+	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 0})
 	return TunnelServer_obsoleteDeclarativeTunnelConnect_Results{st}, err
 }
 
@@ -3663,37 +1725,12 @@ func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Results) String() string {
 	return str
 }
 
-func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Results) Result() (ConnectResult, error) {
-	p, err := s.Struct.Ptr(0)
-	return ConnectResult{Struct: p.Struct()}, err
-}
-
-func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Results) HasResult() bool {
-	p, err := s.Struct.Ptr(0)
-	return p.IsValid() || err != nil
-}
-
-func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Results) SetResult(v ConnectResult) error {
-	return s.Struct.SetPtr(0, v.Struct.ToPtr())
-}
-
-// NewResult sets the result field to a newly
-// allocated ConnectResult struct, preferring placement in s's segment.
-func (s TunnelServer_obsoleteDeclarativeTunnelConnect_Results) NewResult() (ConnectResult, error) {
-	ss, err := NewConnectResult(s.Struct.Segment())
-	if err != nil {
-		return ConnectResult{}, err
-	}
-	err = s.Struct.SetPtr(0, ss.Struct.ToPtr())
-	return ss, err
-}
-
 // TunnelServer_obsoleteDeclarativeTunnelConnect_Results_List is a list of TunnelServer_obsoleteDeclarativeTunnelConnect_Results.
 type TunnelServer_obsoleteDeclarativeTunnelConnect_Results_List struct{ capnp.List }
 
 // NewTunnelServer_obsoleteDeclarativeTunnelConnect_Results creates a new list of TunnelServer_obsoleteDeclarativeTunnelConnect_Results.
 func NewTunnelServer_obsoleteDeclarativeTunnelConnect_Results_List(s *capnp.Segment, sz int32) (TunnelServer_obsoleteDeclarativeTunnelConnect_Results_List, error) {
-	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1}, sz)
+	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 0, PointerCount: 0}, sz)
 	return TunnelServer_obsoleteDeclarativeTunnelConnect_Results_List{l}, err
 }
 
@@ -3718,10 +1755,6 @@ func (p TunnelServer_obsoleteDeclarativeTunnelConnect_Results_Promise) Struct()
 	return TunnelServer_obsoleteDeclarativeTunnelConnect_Results{s}, err
 }
 
-func (p TunnelServer_obsoleteDeclarativeTunnelConnect_Results_Promise) Result() ConnectResult_Promise {
-	return ConnectResult_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
-}
-
 type TunnelServer_authenticate_Params struct{ capnp.Struct }
 
 // TunnelServer_authenticate_Params_TypeID is the unique identifier for the type TunnelServer_authenticate_Params.
@@ -4152,533 +2185,152 @@ func (p TunnelServer_reconnectTunnel_Results_Promise) Result() TunnelRegistratio
 	return TunnelRegistration_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
 }
 
-type ClientService struct{ Client capnp.Client }
-
-// ClientService_TypeID is the unique identifier for the type ClientService.
-const ClientService_TypeID = 0xf143a395ed8b3133
-
-func (c ClientService) UseConfiguration(ctx context.Context, params func(ClientService_useConfiguration_Params) error, opts ...capnp.CallOption) ClientService_useConfiguration_Results_Promise {
-	if c.Client == nil {
-		return ClientService_useConfiguration_Results_Promise{Pipeline: capnp.NewPipeline(capnp.ErrorAnswer(capnp.ErrNullClient))}
-	}
-	call := &capnp.Call{
-		Ctx: ctx,
-		Method: capnp.Method{
-			InterfaceID:   0xf143a395ed8b3133,
-			MethodID:      0,
-			InterfaceName: "tunnelrpc/tunnelrpc.capnp:ClientService",
-			MethodName:    "useConfiguration",
-		},
-		Options: capnp.NewCallOptions(opts),
-	}
-	if params != nil {
-		call.ParamsSize = capnp.ObjectSize{DataSize: 0, PointerCount: 1}
-		call.ParamsFunc = func(s capnp.Struct) error { return params(ClientService_useConfiguration_Params{Struct: s}) }
-	}
-	return ClientService_useConfiguration_Results_Promise{Pipeline: capnp.NewPipeline(c.Client.Call(call))}
-}
-
-type ClientService_Server interface {
-	UseConfiguration(ClientService_useConfiguration) error
-}
-
-func ClientService_ServerToClient(s ClientService_Server) ClientService {
-	c, _ := s.(server.Closer)
-	return ClientService{Client: server.New(ClientService_Methods(nil, s), c)}
-}
-
-func ClientService_Methods(methods []server.Method, s ClientService_Server) []server.Method {
-	if cap(methods) == 0 {
-		methods = make([]server.Method, 0, 1)
-	}
-
-	methods = append(methods, server.Method{
-		Method: capnp.Method{
-			InterfaceID:   0xf143a395ed8b3133,
-			MethodID:      0,
-			InterfaceName: "tunnelrpc/tunnelrpc.capnp:ClientService",
-			MethodName:    "useConfiguration",
-		},
-		Impl: func(c context.Context, opts capnp.CallOptions, p, r capnp.Struct) error {
-			call := ClientService_useConfiguration{c, opts, ClientService_useConfiguration_Params{Struct: p}, ClientService_useConfiguration_Results{Struct: r}}
-			return s.UseConfiguration(call)
-		},
-		ResultsSize: capnp.ObjectSize{DataSize: 0, PointerCount: 1},
-	})
-
-	return methods
-}
-
-// ClientService_useConfiguration holds the arguments for a server call to ClientService.useConfiguration.
-type ClientService_useConfiguration struct {
-	Ctx     context.Context
-	Options capnp.CallOptions
-	Params  ClientService_useConfiguration_Params
-	Results ClientService_useConfiguration_Results
-}
-
-type ClientService_useConfiguration_Params struct{ capnp.Struct }
-
-// ClientService_useConfiguration_Params_TypeID is the unique identifier for the type ClientService_useConfiguration_Params.
-const ClientService_useConfiguration_Params_TypeID = 0xb9d4ef45c2b5fc5b
-
-func NewClientService_useConfiguration_Params(s *capnp.Segment) (ClientService_useConfiguration_Params, error) {
-	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1})
-	return ClientService_useConfiguration_Params{st}, err
-}
-
-func NewRootClientService_useConfiguration_Params(s *capnp.Segment) (ClientService_useConfiguration_Params, error) {
-	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1})
-	return ClientService_useConfiguration_Params{st}, err
-}
-
-func ReadRootClientService_useConfiguration_Params(msg *capnp.Message) (ClientService_useConfiguration_Params, error) {
-	root, err := msg.RootPtr()
-	return ClientService_useConfiguration_Params{root.Struct()}, err
-}
-
-func (s ClientService_useConfiguration_Params) String() string {
-	str, _ := text.Marshal(0xb9d4ef45c2b5fc5b, s.Struct)
-	return str
-}
-
-func (s ClientService_useConfiguration_Params) ClientServiceConfig() (ClientConfig, error) {
-	p, err := s.Struct.Ptr(0)
-	return ClientConfig{Struct: p.Struct()}, err
-}
-
-func (s ClientService_useConfiguration_Params) HasClientServiceConfig() bool {
-	p, err := s.Struct.Ptr(0)
-	return p.IsValid() || err != nil
-}
-
-func (s ClientService_useConfiguration_Params) SetClientServiceConfig(v ClientConfig) error {
-	return s.Struct.SetPtr(0, v.Struct.ToPtr())
-}
-
-// NewClientServiceConfig sets the clientServiceConfig field to a newly
-// allocated ClientConfig struct, preferring placement in s's segment.
-func (s ClientService_useConfiguration_Params) NewClientServiceConfig() (ClientConfig, error) {
-	ss, err := NewClientConfig(s.Struct.Segment())
-	if err != nil {
-		return ClientConfig{}, err
-	}
-	err = s.Struct.SetPtr(0, ss.Struct.ToPtr())
-	return ss, err
-}
-
-// ClientService_useConfiguration_Params_List is a list of ClientService_useConfiguration_Params.
-type ClientService_useConfiguration_Params_List struct{ capnp.List }
-
-// NewClientService_useConfiguration_Params creates a new list of ClientService_useConfiguration_Params.
-func NewClientService_useConfiguration_Params_List(s *capnp.Segment, sz int32) (ClientService_useConfiguration_Params_List, error) {
-	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1}, sz)
-	return ClientService_useConfiguration_Params_List{l}, err
-}
-
-func (s ClientService_useConfiguration_Params_List) At(i int) ClientService_useConfiguration_Params {
-	return ClientService_useConfiguration_Params{s.List.Struct(i)}
-}
-
-func (s ClientService_useConfiguration_Params_List) Set(i int, v ClientService_useConfiguration_Params) error {
-	return s.List.SetStruct(i, v.Struct)
-}
-
-func (s ClientService_useConfiguration_Params_List) String() string {
-	str, _ := text.MarshalList(0xb9d4ef45c2b5fc5b, s.List)
-	return str
-}
-
-// ClientService_useConfiguration_Params_Promise is a wrapper for a ClientService_useConfiguration_Params promised by a client call.
-type ClientService_useConfiguration_Params_Promise struct{ *capnp.Pipeline }
-
-func (p ClientService_useConfiguration_Params_Promise) Struct() (ClientService_useConfiguration_Params, error) {
-	s, err := p.Pipeline.Struct()
-	return ClientService_useConfiguration_Params{s}, err
-}
-
-func (p ClientService_useConfiguration_Params_Promise) ClientServiceConfig() ClientConfig_Promise {
-	return ClientConfig_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
-}
-
-type ClientService_useConfiguration_Results struct{ capnp.Struct }
-
-// ClientService_useConfiguration_Results_TypeID is the unique identifier for the type ClientService_useConfiguration_Results.
-const ClientService_useConfiguration_Results_TypeID = 0x91f7a001ca145b9d
-
-func NewClientService_useConfiguration_Results(s *capnp.Segment) (ClientService_useConfiguration_Results, error) {
-	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1})
-	return ClientService_useConfiguration_Results{st}, err
-}
-
-func NewRootClientService_useConfiguration_Results(s *capnp.Segment) (ClientService_useConfiguration_Results, error) {
-	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1})
-	return ClientService_useConfiguration_Results{st}, err
-}
-
-func ReadRootClientService_useConfiguration_Results(msg *capnp.Message) (ClientService_useConfiguration_Results, error) {
-	root, err := msg.RootPtr()
-	return ClientService_useConfiguration_Results{root.Struct()}, err
-}
-
-func (s ClientService_useConfiguration_Results) String() string {
-	str, _ := text.Marshal(0x91f7a001ca145b9d, s.Struct)
-	return str
-}
-
-func (s ClientService_useConfiguration_Results) Result() (UseConfigurationResult, error) {
-	p, err := s.Struct.Ptr(0)
-	return UseConfigurationResult{Struct: p.Struct()}, err
-}
-
-func (s ClientService_useConfiguration_Results) HasResult() bool {
-	p, err := s.Struct.Ptr(0)
-	return p.IsValid() || err != nil
-}
-
-func (s ClientService_useConfiguration_Results) SetResult(v UseConfigurationResult) error {
-	return s.Struct.SetPtr(0, v.Struct.ToPtr())
-}
-
-// NewResult sets the result field to a newly
-// allocated UseConfigurationResult struct, preferring placement in s's segment.
-func (s ClientService_useConfiguration_Results) NewResult() (UseConfigurationResult, error) {
-	ss, err := NewUseConfigurationResult(s.Struct.Segment())
-	if err != nil {
-		return UseConfigurationResult{}, err
-	}
-	err = s.Struct.SetPtr(0, ss.Struct.ToPtr())
-	return ss, err
-}
-
-// ClientService_useConfiguration_Results_List is a list of ClientService_useConfiguration_Results.
-type ClientService_useConfiguration_Results_List struct{ capnp.List }
-
-// NewClientService_useConfiguration_Results creates a new list of ClientService_useConfiguration_Results.
-func NewClientService_useConfiguration_Results_List(s *capnp.Segment, sz int32) (ClientService_useConfiguration_Results_List, error) {
-	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1}, sz)
-	return ClientService_useConfiguration_Results_List{l}, err
-}
-
-func (s ClientService_useConfiguration_Results_List) At(i int) ClientService_useConfiguration_Results {
-	return ClientService_useConfiguration_Results{s.List.Struct(i)}
-}
-
-func (s ClientService_useConfiguration_Results_List) Set(i int, v ClientService_useConfiguration_Results) error {
-	return s.List.SetStruct(i, v.Struct)
-}
-
-func (s ClientService_useConfiguration_Results_List) String() string {
-	str, _ := text.MarshalList(0x91f7a001ca145b9d, s.List)
-	return str
-}
-
-// ClientService_useConfiguration_Results_Promise is a wrapper for a ClientService_useConfiguration_Results promised by a client call.
-type ClientService_useConfiguration_Results_Promise struct{ *capnp.Pipeline }
-
-func (p ClientService_useConfiguration_Results_Promise) Struct() (ClientService_useConfiguration_Results, error) {
-	s, err := p.Pipeline.Struct()
-	return ClientService_useConfiguration_Results{s}, err
-}
-
-func (p ClientService_useConfiguration_Results_Promise) Result() UseConfigurationResult_Promise {
-	return UseConfigurationResult_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
-}
-
-const schema_db8274f9144abc7e = "x\xda\xccZ{\x90\x15ev?\xa7\xfb\xde\xe9\x19`" +
-	"\xb8\xb7\xed\xb1\x18X`\x041+\xac\x10u\xd6\xc4\x9d" +
-	"$;O\xd8\x19\x16az\xee\x0c\xba#\xa6\xec\xb9\xf7" +
-	"\x9b\x99\x86\xbe\xdd\x97~\x00CpA\x0a\xa2L`\x05" +
-	"\x17R\xe0\xe2\x16\xe0\x12\x1fq\xb3\xe2be5jI" +
-	"\xb2\x1b$\xabQ6\x98\x92\x8dVT\xb0Rk\xad\xe5" +
-	"\xa2\xa6,Sj\xa7N\xbf\xe7\xce0\x03k\xfe\xc8?" +
-	":u\xee\xe9\xefq\x1e\xbf\xf3;\xe7\xe3\xfa\x9d\x93\x9a" +
-	"\xb8\x1b\xd2'\xab\x01\xe4C\xe9\x0a\x97-\xf8\xd5\xc6C" +
-	"\xd7\xfc\xd3V\x90g \xba\xdf}vi\xcd\xa7\xf6\xd6" +
-	"\xff\x804/\x00\xd4\x9f\xaa\xd8\x88\xd2\x9b\x15\x02\x80t" +
-	"\xb6\xe2\xbf\x00\xdd\xf4\x1f\xbc\xf6V\xe9-a\x1b\x883" +
-	"\x92\xca\x1c)?',E\xe9\xb4@\xca/\x0b\xeb\x01" +
-	"\xdd?-\xber\xe4\x8f\xf6\xfd\x92\x94\xb9X\x19\xb0\xfe" +
-	"\xa6\xca\x8d(uT\x92\xe6\xe2\xca\x15\x80\xeeG{k" +
-	"\xff\xf6\xf0\xbf\xbe\xb8\x1d\xc4\xaf\"\x04{\xdfQ\xf9k" +
-	"\x04\x94\xd6V\xfe\x04\xd0\xfd\xb7\xeb7\x9d\xbf\xf3\xa3=" +
-	"\xf7\x8e\xdc7Ezb\xd50J\xf3\xab\x04\xe0\xdd\x07" +
-	"o\xaf\xf9\x17<\xf4\xc9\x1e\x10\xaf\xa5e\x90~NW" +
-	"M\xe2\x00\xa5YU\x8d\x80\xee+\xd7=\xfb\xcc\xee\x9f" +
-	"\xde\xf3\x03\x90\xbf\x8a\x08\xfe\xf7\x7fV\xf5?\xb4\x8f\xec" +
-	")\\\xf8\xd1\xd7R?~\xe5\x8a\x1fz\x0a\xee\xd1\xd3" +
-	"\xb7>\xb9\xfb\xa7W\xbd\x07=\x9c\x80)\x80\xfa\xa1*" +
-	"\x93t\xb7W\x91-\xf6\xbe\xfe\xdc\xf2\xe2\x9e\x07\x8e\xf8" +
-	"\x87\xf6\xd6b\x938\x0eR\xee\xb6\x8eO\x8a=\x0f\xe5" +
-	"\x1e\x0a\xae\x93\xa6\x9f\xbe3\xe9C\x04\xac/N\xaaC" +
-	"@\xf7\xa6_\xbf\xbb\xe2\x96'\xfb\x1f\x0e4\xbc\x93\xee" +
-	"\x98\xbc\x91Nzt2\x1d\xe4\xc5\xf5\xd9\x9d\xcd\x7f|" +
-	"\xdf\xc3\xe5n\xf1\xd6:5y\x18\xa5\xb7'\xd3\x9fo" +
-	"N\xbe\x95\xd6\x1b\xfe\xc6s+?\xfaK\xeb1\x90\x17" +
-	"b\xca\xfd\xf9\x8es\xeb\xe6?\xda\x7f\xd2;7\x0fP" +
-	"\xdfS\xfd+:\xb7ZM\xb6\xac\xfe\x87\x05\xcb\xef;" +
-	"\xbf\xec\x18-\x9d\xf0\x8b\x7f\x88\xaa\xa9\x0d(M\x9fJ" +
-	"\xae\xb9r*i\xbfz\xdd\xca\xe7\x9f\x7fb\xe0X\xf9" +
-	"A<\x97?5u)J\xa7<\xed_x\xdaWv" +
-	"\xe0\x1b/\xdc\x90\xfa\xfb\xa4#\x872\xef\xd1\xe6\xbb2" +
-	"\xa4p\xfbgO\xfd\xe3\xe2\x0f\xce<\x9dt\xd1\xc2," +
-	"G\x17o\xce\xd2\xc5{\x87\xb1\xf8FC\xd3\xf3 _" +
-	"\x8b\xe8\xae\xde\xb7\xc9n\xdf\xbf\xcb\x85\x1e\x14\x90\x03\xa8" +
-	"W\xb3\x1bi1'K\x016\xeb\xfd\x96j\xfd\x83\xad" +
-	"/\x94E\xa3\xb7\xeb\xe9\xecR\x94\xde\xcd\xd2\xd1\xde\xce" +
-	"\xfe\x04\xf0\x93\xc7\xee\xd9\xddq\xae\xed\xa4<\x03S\xe5" +
-	"\x97\xbeK\xdc\x88\xd2\x1e\x91\xfe\xdc%z\xfe\x89,X" +
-	"\xa6\xee\x07\xfa\x15\xabQ:}\x05\xfd\xf9\xf2\x15\x9e\xfa" +
-	"\xd2\xdb\xbf\x7f\x7f\xfa\xdd\xef\x9f,7)\x85x\xfdY" +
-	"\xc9D\xe9}\x89\xfe\xfc\x8d4\x8d\x07tg<\xf1'" +
-	"\x7f\xd7R8\xfb\xcb1\xb2HR\xa7}(9\xd3\xe8" +
-	"\xaf\xb5\xd3\xe8\x8e\xe7\x16\x1e\xfb\x8b\xdf\xec:}&\x19" +
-	")/O\xf3B\xf6\xedid\xb0{\xbe6\xb4q\xf9" +
-	"5\xc3\xaf\x95;\xc8\xd3\xc4\xdaa\x94\xa6\xd7z\xee\xac" +
-	"\xa5\xe5\xb8w\x95\xe9[\xfe\xfd\x9bo$\x82v{\xed" +
-	";\x08)w\xf9\xca\xdbWW\xddu\xee\\r\xa3\xa1" +
-	"Z\xdfu\xb5\xb4\xd1q\xf1~\xe9\xd9\xc3\x7fs\x9e6" +
-	"\x12\xca\xcd\xfd\xe3\xda^\x94N\xd4z\xe6\xa9}\x98\x83" +
-	"D\xf2\x8c\x158O\x7f\xa5\x01\xa5S_\xf1\x02\xe7+" +
-	"t\xae\x9b\xeelf\xabn\xbe\xed=\x10g\xf0#\xb0" +
-	"\"=\xb3\x01\xa5+gz\x99>\xf3\x1e\x94\xe6\xcf\x12" +
-	"\x00\xdc\xef\x0d\xf4\x9e\xba\xd0z\xf8w\xe5\x8b\xfb\x880" +
-	"\xab\x01\xa59\xa4W?k\x96\xe7\x9f\xfa\x1b\xfe\xea\xfd" +
-	"}\x0f\xb5^\x18\xb5\xba:\xbb\x05\xa5\xa1\xd9t\x0eg" +
-	"\xf6\xb7\xa4\xa3\xb3\xbd\xc5\xbf\xdb\xb6\xe2\x1bsO|\x98" +
-	"\xb4\xc4\xae\xd9\x94\xbe\xd2\xe1\xd9d\x89\xfe\x9b\x7f\xfb\xad" +
-	"k\xbe\xf7\xcf\x1f\x96\xf9\xcfS<1{\x01J\xa7\xbd" +
-	"\x15_&\xe5\x0f\x96\xfc\xf0\xcc\x8c\xcc\x8c\x8f\xcb\x0eJ" +
-	"\x98Z\x7fa\xf6j\x94\xd2u\x9e\xa3\xeaN\xd2Ao" +
-	"{\xe7\x81\xf5\x8d?\xf8\xf8\x13\xba\x17_\x06t\xff}" +
-	"U/JUsh\xe5\xf4\x1c\xca\xa5e\x8f\x9f\xfd\xe6" +
-	"\xe0\xbe\x17?\x1d\x13\xba\x8f\xcd\xd9\x8a\xd2/<\xed\x13" +
-	"s\x08\xae\xfeZ8xn\xcb\x7f\xfe\xf9g\xc9[=" +
-	":\xf7\x1d\xba\xd5ss\xe9V\x9b>8\xd0~\xdf\xaa" +
-	"\xc7\xbfH*\xbc9w+\xa5\xe6\xa7\x9eB\x94\x8cc" +
-	"E\xda\xf4\xab[P\x9a\x7f5\xedw\xcd\xd5\xa4m;" +
-	"\xba\xce4\xb3\x94\xca\xffa\xf8g~Q^)\xe9\xa5" +
-	"\x86f\xc7\x1ed\xba\xad\xe6\x15\x9bu\xb1F\xabd\xe8" +
-	"\x16\xebD\x94\xb3|\x0a \x85\x00\xa2\xb2\x1a@\xbe\x93" +
-	"GY\xe3PD\xac!\xb8\x16U\x12\x0e\xf2(\xdb\x1c" +
-	"\x8a\x1cWC\x88 \xae\x9d\x0b k<\xca\x1b8D" +
-	"\xbe\x86\xf0Nt\xee\x07\x907\xf0(o\xe3\xd0-1" +
-	"\xb3\xa8\xe8L\x87\x8c\xbd\xd84q\x0ap8\x05\xd05" +
-	"\x99m\x0e)}\x1adXB,\xac^oc5p" +
-	"X\x0d\xe8\x0e\x1a\x8ei\xf5\xe86\xaaZ\x17\xeb7\x99" +
-	"\x85\x83X\x01\x1cV\x8c\x7f\xbdVC\xd7Y\xde\xce9" +
-	"\xf9<\xb3,\x00\xbaYet\xb3\xf9\x0f\x00\xc8\xd7\xf1" +
-	"(\xdf\x9c\xb8\xd9Mt\xb3\xaf\xf3(7q\xe8Z\xcc" +
-	"\\\xc7\xcce\x06\xe6\x15[5\xf4\xe5\x0a_d\xd1\xb1" +
-	"\xf3\x9a\xcat\xbb\xd5\x80\x8c\xde\xaf\x0e`6N\x05@" +
-	"\xcc\x8e\x7f\xb0\xc5\x1bT\xcbV\xf5\x81nO\xde\xd8i" +
-	"hj~\x88N7\xc5\xb3\xe4\xac\x06ZC\xbc\xb2\x17" +
-	"\x009Ql\x01hT\x07t\xc3dnA\xb5\xf2t" +
-	")\xe0\xf3\xf6\xe6>ES\xf4<\x8b6\xaa\x18\xbd\x91" +
-	"\xbfA\xce\xbb\xc7\"%\xe1\xedy\x9d\x8a\xa9\xf0EK" +
-	"\x9e\x12\xd9cq/\x80\xdc\xc6\xa3\xdc\x99\xb0\xc7-K" +
-	"\x01\xe4e<\xca\xb7%<\xdd\xd3\x02 w\xf2(\xaf" +
-	"\xe2\xd05Lu@\xd5[\x19\xf0f\xd2a\x96\xad+" +
-	"E\x06\x00\xa1\xc16\x1b%2\xa2\x85\xd9\x18\xa5\xcb," +
-	"\x95\x1e}\x81v\xa6i\xc6\xad\x86\xa9\x15V\xf8\xfb\x18" +
-	"dm\xcf\x95\xd1g\xc2\x18\x9e\xf7\x9cC\xf7V\xf3l" +
-	"\x91c1\xff;\xc7\xf4\x1c9\xaf\x8bY\x8ef[\x00" +
-	"r*\xba~u\x03\x80\\\xc9\xa3\\\xc3a\xa3\xe9)" +
-	"`6\x06\xf5\xb2\xa3NdkG7\xd9\x80j\xd9\xcc" +
-	"\xf4\xc5\xf3\x1a\xc9\xe0E+\xb9!\xc5_\x96Gy&" +
-	"\x87\xee\x80\xa9\xe4Y'3Q5\x0a\xcb\x15\xdd\xc8\xf1" +
-	",\x8fi\xe00=~$-QT\x8d\x15\xfc\xdb-" +
-	"\xca\xd7y\xff\xa7\xec\x9d\xe2\xba~\xfa\xf6\xc6\xe9[\x8d" +
-	"_\xb8A\xfen\x8c\xf3\xb7\x9a\xfb\xdc\x1d\x9d\xc0\xd5\xfc" +
-	"gn\x90\xc2\x94\x116\x8f\xf2\x16\xca\x08\xa7D6\xb5" +
-	"\x807L\xcc\xc6(\x19X\x87\x15\x06\xc8\xd2:4\xb2" +
-	"<\x19\x1a\xb3a\xb5\xf7\x15\x84\x821\x88\xd9\x98\xca\x04" +
-	"\x9f\x99l\x1d3-\xd6\x09\x19\xd3\xd80\x84\xd9\xb8\xea" +
-	"\x97Y}\xea\xe5Z=tt\xf4\xd5\xf8\xdf\x9b,\xef" +
-	"CF\xf0yg\x9d\xef\xb4\x9a\xc8iw\xcd\x8d\x01-" +
-	"J\x92\xbb\xfb\x00\xe4-<\xca;\x13I\xb2\x83,\x7f" +
-	"/\x8f\xf2^\x0eE>\xc0\xc3=\x94N\xbby\x94\x0f" +
-	"r(\xa6R5Df\xc5\x03\x94N{y\x94\x0fq" +
-	"#a\x8f\xadc\xba\xdd\xa6\x0e\x80\xc0\xacXJGl" +
-	"S\x07\x18\xf0\xd6\x97M\xb8\xca\x09\xeca\xf4Y\x86\xc6" +
-	"l\xd6\xc6\xf2\x9aB\xb9\xb3\x8e\xf9\xbf\x07\xc8:VT" +
-	"\xd3\xb5\xa7\xf0(\xd7\x12\xe2\xd3\xaf\xcc&l\xa0cD" +
-	"\\z\xe2\xbco\xa5\xff\x06\xbbt\x06\xab\x98\x01\x84\xd7" +
-	"F\x9b\x1d\xa0\xcd\xf6\xf3(\xff(\xe1\x8d\xc3&uT" +
-	"<\xca\x8fs\x88\x813\x1e=\x02 ?\xce\xa3\xfc3" +
-	"r\x06\xe7;\xe3\xa9\x05\x00\xf2\x13<\xca/\x913x" +
-	"\xdf\x19\xa7(+_\xe2Q~\x9dC1\x9d\xaa\xc14" +
-	"\x80\xf8\x1a9\xf8\x0c\x8f\xf2[\x17\x03\xbc\xbcf8\x85" +
-	"~M\x81:\x93\x15:\xda\"\xb9\xee\x14;M\xb6N" +
-	"E\xc3\xb1\x9am\x9b\x15\x85\x92m\x85\xb5+c+\x03" +
-	"\x16N\x05\xec\xe4\x11\xb31\x1b\x05$a\xb4&\x9a\xac" +
-	"\xb0\x92\x99\x96\xca\x1bzT~T\xddf\xba\xbdL\x01" +
-	"\xa1\x8fi\x91t\x1cx\xea\x0a\x92\x8cR,\xc0\x0b#" +
-	"\x86T\x1c\xa0J0\xd3u\x03#.&\xdb4\xf1(" +
-	"/\xe3p\x16~Ab\xb2cG\x17\x80\xdc\xce\xa3\xdc" +
-	"\xcd\xe1,\xees\x12\x93%\xe5\xde\xb8 d\x06m\xbb" +
-	"\x84\xd9\x98\xa5\x06\xce^\xcf\xfa,#\xbf\x86\x01\x12\xae" +
-	"F\x94)\xf8u0\xc0y\xe0\xb5\x02f\xe36\xb3," +
-	"R\xf8\x8b\x15\xf9F\xa2\x14\x86\xe9\xd5\xd0\xb8\xa2\xdd\x18" +
-	"_\"\x8c\x8e\x8e\xde\xf8\x06\"\xd7\xe4_K\xee\x8b\xcf" +
-	"_\x97W\x1c\x8b\x8dd'\xcd\xfd6\xf0\xcc\x8c\x00\xd9" +
-	"\x1a4\x1c\xad\xd0\xc5@\xb0\xcd!D\xe0\x10\xc7\x87\xe9" +
-	"6\xa3=ax?\x8c\xc7\xae\xbcQ\xe1\xedM\x16\xde" +
-	"\xc0\xfc=d\xfen\x1e\xe5\x12\x87\xaeF@\xa7\xb7\x1b" +
-	"\x1e\x0e\x84\xc7\xf5\x85\x9d\x86\x17\x9c\x02p(\x00\xbaN" +
-	"\xc9\xb2M\xa6\x14\x01\xa3h#\xfd\xa9\x97Q\xcf\xcap" +
-	"\xb5S\xc9xy\xff\xff\x89=\\>\x0d\xf0\xc1k\x04" +
-	"\x098\x92\xa8\xc9\xf9\xe0k\xf4>o5t\xe1\xb2\x89" +
-	"^\x80`~\x19Z\x14\xd0\x0a\xe2\xa0a}\x9eO\xf5" +
-	"d\x1e\x8f\xf2\xf5\xc9\xfa\xbc\x90Lt-\x8f\xf2\xd79" +
-	"\x14\x98I\xa56\x1a\x16\xf8\x9bn\xb6|R\x8b\xd9x" +
-	"\x144\xf1q\x12|_5\xf4Qa87N\x97\xc8" +
-	"\x85\x1d7&\xfc\x1a\xba\xf0\x96\xbe\xd8\xaf\xc2\x1a6\x14" +
-	"z\xa9\x8e\x15\x155F\xa3\xc0\xb9\xcd |;\xd6\x19" +
-	"\x97\x17\x07\xfc\xc1g\x0f\x8d\xbe\xb7\xe8\x90\x89\x02<\x9c" +
-	"\xa8\xb5\xe1!wP\x9b\xb1\x93Gy\x7f\xe2\x90\xfbZ" +
-	"\x12\xb56,\xc0\x07\xc8\xc1\x07y\x94\x1f\xe1\x10\x83\xfa" +
-	"{\x94 \xff\x11\x1e\xe5\xe3\x9c\x07\xd8\xed\xcd\xad\x86\x8e" +
-	"\xc1!,\x80\xa8\xd5\x18d\x8ai\xf71\x05\xed\x0e\xdd" +
-	"f\xe6:\x05\xb5\x10\x126\xdbj\x91\x19\x8e\x1dAD" +
-	"Q\xd9\xe0q3,\xb4\xfb_\x09\x8ama\x15pX" +
-	"E\x19i1\xb3\xd5d\x05$o(Z\xa7\xc2\xdb\x83" +
-	"\x97b\xa0\x91 \x9e\x19\xc3<\xc4\xec6\xf1(\xdfK" +
-	"P\x82\x89\x81\x94\xb8}5p\x1e\x92\xd0\x9d\xd7\xb6\xc4" +
-	"\\\xcf+\x88\xe9\xb2n\xcd+\x88\x15Dn\xc8:\xdb" +
-	"x\x94ws\xe1\xd1\xda\x0dh\xf43\xb4\xdc\xd5A7" +
-	"\xb4\x99PSe\xf1}\x03Z\xa5\xa2\xa1w{\x86\xc2" +
-	"\xd8Ry\xa3X2)\x94UC\x97\x1dESy{" +
-	"(\xfap\\[\x10$\xf9\xa9\xbc\xa2T\xe79\x8b\x8c" +
-	"qsh\x0ci\x08\x97\x02\xe46 \x8f\xb9m\x18\x87" +
-	"\x8bt7\xb6\x00\xe46\x91\xfc^\x8c#F\xda\x8e3" +
-	"\x00r[H\xbe\x13\xa3&V\xda\x81\x8f\x01\xe4v\x92" +
-	"x?\xc6TA\xda\xe7-\xbf\x97\xe4\x870f\x0b\xd2" +
-	"\x83\xb8\x00 \xb7\x9f\xe4\xc7I^\xc1y\x96\x94\x8e\xe1" +
-	"j\x80\xdc\x13$\x7f\x96\xe4B\xba\x86:v\xe9i4" +
-	"\x01r?#\xf9\xcfI^Y[\x83\x95\x00\xd2\x09O" +
-	"\xfe\x02\xc9_\"y\xd5\xf4\x1a\xac\x02\x90N\xe1V\x80" +
-	"\xdc\x8b$?C\xf2IX\x83\x93\x00\xa4\xd3\xf8\x00@" +
-	"\xee\x0c\xc9\xdf\"\xf9\xe4\x8a\x1a\x9c\x0c \xbd\xe9\x9d\xe7" +
-	"u\x92\x9f'\xf9\x94T\x0dN\x01\x90\xde\xc6#\x00\xb9" +
-	"\xf3$\xff\x1d\xc9\xab\x85\x1a\xac\x06\x90\xde\xf7\xee\xf5[" +
-	"\x92Wr\x11\x0ev\x14\x92pLa\xa8\xc6t\x847" +
-	"\xac(\x14X\xd0\xdc\xa2_+:\x8d\x0cu\xb7\x98\x89" +
-	"\xc7\xd0\x80\x98\x01tK\x86\xa1-\x1f\x09\xf3\x131\xa2" +
-	" \x8c c\xe8\x1d\x85(/\xfd\xe0[f@]^" +
-	"\xd1:J1G\xb2\x9a\x1d\xdbpJPWPlV" +
-	"\x88\x0a\xb5\xe9\xe8KL\xa3\xd8\x8d\xcc,\xaa\xba\xa2A" +
-	"\xf4\xcbx\xb1\x98q\x1c\xb5\x10\xad=.\xb1s\xfb\x99" +
-	"b;&\xb3\xe8j\x17\xa9\xb8\\yD\xd7\x95\x1a\xba" +
-	"\x95\x81\xb2\x19\xc5\x82\xb8<Dh\xb7\xf0\xc6\xb8:d" +
-	"\x92YX\xb7N\xd1\x1cv)dp\xdc\xae\xa7\xab\xd1" +
-	"\xef\x9a&j\x8e\xc3\x89\xda\xc4l\xbe\xa7\xac\xf2\xfa\xf5" +
-	"p\xd4@\xa6%\xbeltW3\x18\xd2\xb4sq\xcd" +
-	"\x0b\xbd\xd5\x1f4\xbfPGk'\xe2&\x1ay\x06q" +
-	"s\xa9\x96\x18`\xb6\xffW\x87\xdeo\x10=\x10\x94\xa2" +
-	"\xf5{~\xdd\xc5\xac\xcc\xa5X1\x1ebN\\\xbf\xdb" +
-	"\xbb\xbb;\xe39\x08\xef\x83\xff\xf5\x11\xde5c\x17@" +
-	"\xae\x89\x12w\x19F6\x94:<\xdci'q7\xc6" +
-	"\xacW\x92=|\xe9$\xf9*\x8c\xfb\"\xe9;\x1e." +
-	"\xac\"\xf9\xa0\x87w\xcd>\xde1o\xf9\x02\xc9K\x1e" +
-	"\xde\xa1\x8fwEo}\x8d\xe4\x1b\x92x\xe7\xe0\xf0\x08" +
-	"\xf8\x15x\x1f\xef\xee\xf6pj\x1b\xc9w{x\x97\xf2" +
-	"\xf1n\x17>\x09\x90\xdbM\xf2\x83\x1e\xde\xa5}\xbc;" +
-	"\x80\xcf\x00\xe4\x0e\x92\xfc\x11\x0f\xef*|\xbc;\xea\xe9" +
-	"?\x12\xe1\xec\xe4\x16\x1f\xef\x8ey\xf8\x18\xe1\xac\xeb\x98" +
-	"Z\xce6U\x1dp \xce\x8d|\xe9\xdb\x8c\x95\x9a!" +
-	"\xa3\xa9\xebXT\x8b\x0a\xaa\xa2\xb59\x8a\x06u9[" +
-	"\xc9\xaf\x89\xa9\xbdf\xb5+z\xc1\xc2Ae\x0d\xa3\x0a" +
-	"&$k\xbd\xadY+\x99\xa9\xf6\x03\xc6\xcd@\xc4}" +
-	"2\x9d\x86QN\x89<N\xc9L\x1f\xfc\xa2\xdf\x8a\xca" +
-	"\x86\x8e\x82\xc6Z1d@\xbc\x1eWP\x95~1t" +
-	"\x1d}Z\xd2\xad\xd6\x8d\xe4\x1b\xa5\xa0\xbd\x08yKw" +
-	"c\x19!a\x1bJ,o\xb7\x1a\xa8\xdb\xaa\xee\xb0Q" +
-	"\x0b\xe4\x07\x1d}\x0d+,F=o\x14T}\x00F" +
-	"\xf55\xfc\xc5\xc6O\x09\xa2\xe6e3&\xde\xef\xc4\xf9" +
-	"\x0d\xc0y\xd0E\xb4Cl\x88\xa7\x03\x8dy\xef\xabF" +
-	"\x93)V\xa2\xb1\x1dg\xb7`\\\xea'\x99?\x09H" +
-	"\x03Do]\x18\xbe\x17\x88\xc76\x02'>*`\xfc" +
-	"\xcc\x82\xe1\xab\x8a\xf8\xa0\x09\x9c\xb8O@.z\x84\xc4" +
-	"\xf0\x01Q\xdc1\x0c\x9c\xb8]@>z\x17\xc4p\x18" +
-	"\x7f\xc3\xd0$\x04N\xbcK\xc0T\xf4J\x8a\xe1(_" +
-	"\\K\xdcJ\x150\x1d=9b\xf8^$\xde\xb1\x15" +
-	"8\xb1Gp\xc3\x16\x0a\x1a\xfd{4\xa1\x1b\"\x06\xd4" +
-	"y\x98\xd1\x84n8\xc1\xc2\xb0\xd5\x02hB7\x9c\xc3" +
-	"\xf0\x17\x1b\xc4xZ\xe1|\x172y\xc5fM\xd4\xbb" +
-	"\xfa\xc0\x8e\x01\xb2C\x13&\xe7\xa6\xfc\xc5\x1a\xa6\xb1\x89" +
-	"wKL\x0e\xa3\xc1\xd7p\xcc\x0d\xa3&u\xd7cI" +
-	"\xde\x1d\xccZ\x0el\x0d&5\xc7\x13\xb3\x96cD\xc6" +
-	"\x8f\xf3(\xbf\xca\xc5\x8c\"\x0c\xf8p\xd4\x88\x86\x19v" +
-	"\xcd\xe3L\x1c\x83\xb4\x088q\xf9\xdc\xd1-\x18\x83\x1e" +
-	"gF\x7f)\x0b\xe2Z\x91\x1cFNM\x0c#1\xec" +
-	"\xd7\x85\x11\xa5%9\x9a\x9c:A\xf3\x97\xec>\xbdZ" +
-	"\x97\xf2\xe25|z\xc5\xf0\x99\\\x14)\xee\xaa\x057" +
-	"\xecP1,\x94P\xe6\xb2\xcbl\xd3\xbbX\xdd\x97\xa9" +
-	"\xe4c\x04\x88\xbfO\x86\xa2\xd5\xbfP\xb4\xee\xea\xc4\xdc" +
-	"O3\x82\x0e3\xb3<\xd9$\x8cc+\xff\xc0!\xa5" +
-	"\xcf\xd0\xc7\xb4\xfeU\xd1\xfa\xa7\xe7&\xe6ra\xfc\xbd" +
-	"F\xc2Wy\x94\xdfH\xf4}g\x97\x02\xc8\xaf\xf3(" +
-	"\x7f\x1c\xbfC]\xa0@\xfd\x98\xc7\xae\x04\x7f\x17?'" +
-	"\xc5\xcf\x88\xe5&\xabY\x1a\xef\x07\xc8UR\xf5\xa8\xf1" +
-	"\xaaY\xca\xaff\"\xf6\x01\xe4\xb2$\x9f\x99d\xef\xd3" +
-	"\xb1\x17 WK\xf2y\x18\xb4\xeb\xe1\x1b\x96c\xc6\xc8" +
-	"\xaf\x19\x03\xcbT}LJ\x18>\x8c\xa1Mx\xea\x98" +
-	"T\x14F\x82oG[\x82$G3)df\x8eR" +
-	"\xbc\x80V4\xeb\xb9\x8c\x99\xf18\xee\xc8\x05\xc9\xe7\xe7" +
-	"^@4\x12\x93\x82#\x89!Z\xe8\x0c\xf9\x99`8" +
-	"ug\xc2\x19w\xf4\x01\xc8\xabx\x94\x079\x0f\xa0\x8c" +
-	"\x9eRAA\x9b-1\xd9Z\x87\x09z~(\xee\x98" +
-	"\xa9g\xcc[=X\"\xb6\xbe\xc4d\x8dk\x1d\x96T" +
-	"\x08\xdfH@P\x8d\xc2\xa8\xc7\x911h\xe7\xad\xac/" +
-	"g\xe4\xd70{\xc4\xdbQ\xd9\xfbfW\xfc@\x12=" +
-	"ov%\x9f7\x03X[K\x01^\xe2Q\xde\x94\x80" +
-	"\xb5\xa1\xe1\xb8\xdd\x1e\x9bg\xfc\xdfP\x83\xdf\xeb\x89\x8f" +
-	"X\xb6p)\x0c4\xfa\xa7Ge\xf9_\xf5e\x9f\x07" +
-	"\xc2\xe7\x97\x09O\x10\xbdh_\xe6H\x0d\"\x10\xc2\xc4" +
-	"\xbfX\xa1M\xb8`\xf1\xff\x0d\x00\x00\xff\xff\xcb\x86\x19" +
-	"\x8c"
+const schema_db8274f9144abc7e = "x\xda\xccX}\x8c\x14g\x19\x7f~\xf3\xee\xee\xdcq" +
+	"\xbb\xecMf\x89pis\x86\xd0\xd4\x12[\x8b'\x86" +
+	"\xe2\xc7\xdd\xd1\x03=\xe4c\xe7\x16LK\xa9\xe9\xdc\xde" +
+	"{\xc7\x9c\xbb3\xdb\x99\xd9+\x87\xa5\x85\x0b\xa4\xa5\xc1" +
+	"\xdaR0\x05[\x834\xc6T\x8d\x16?\xa254\xa1" +
+	"\xd1\xd8\x9a6V\x0c\x1a\xa84j)ilJP\xc4" +
+	"\x98\x9a\xea\x98gvgv8Z\x0a\xe5\x9f\xfe\xb7\xf7" +
+	"\x9b\xe7}\xbe\xdf\xe7\xf7\xbcw\xe3\x89T\x9f\xb2 \xfd" +
+	"z\x86\xc8(\xa63\x81\x9c\xff\xfbM\xfb\xaf\xf9\xe5\x14" +
+	"\x19]@p\xcf\xa1\xe5\x85\xb7\xfc\xa9?QZ\xa8D" +
+	"=\xb7\x8aM\xd0\xab\xfcS\xb7\xc4\xeb\x84\xe0\xd3\xd5\x97" +
+	"\x0e|r\xcf\x0b\xdbH\xebRZ\xc2\x84\x9e\x95\xa9M" +
+	"\xd0\xcd\x14K\xde\x9eZM\x08\xfe\xb9{\xf6\xf7\xbe\xf5" +
+	"\xdb\xe7\xb7\x93v-\xa8\xa9\xae\x9ez\x19\x04}G\xea" +
+	"\x87\x84\xe0\xa5\x8f\x1e\xfa\xc5C?\xbe\xef\x1bd\\\x0b" +
+	"\x10\xf1\xd1\x9e\xeb\xd2\xffa\x81\xcf\xa4{\x09\xc1\xeec" +
+	"\xcf\xac\xaa>\xbc\xef@CC\xf8]\xa6\x15\x85R\xc1" +
+	"\xb6\xc1\x7fW\xd7>Qz\xa2\xa9;\x1d\xba\x9a>\x0b" +
+	"BO5\xdd\x0dB\xb0\xf0\xe5S\xabW\xfeh\xf4;" +
+	"\x89\xb3;2\x9b\xf8\xec\xacA\x9c8\xbc \xf5\xb3\xa4" +
+	"_\xdb3o\xb0\xd9\xbd\x19\xf6\xeb\xea\xd3Kr\xf6\x99" +
+	"\xa9\xc3\xa4u]\x90\x8f\x9b\xd4\xe5\xd0W\xaa\x1c\xe5\xa0" +
+	"\xca\xc2\xcbo{dW\xfa\xd4#\xcfq\xf6\x12\x09I" +
+	"\xb7\xb1\xf4)\xd5\x85\xfe\x16K\xf7\xfcK\xfd\x90 \x04" +
+	"]O}\xea\x07KF\x8e\xbf0M\xb7\xc2\x0a\xeb\x1d" +
+	"g\xf5\xad\x1d\xfcks\xc7]\x84\xe0\xe4\xf5\x07\xbf\xf2" +
+	"\xb7\xaf\x1e9\xdat\x14\xac\xe6xG\x98\x9f\xd3\x1d\x9c" +
+	"\x1f\xe5\x949g\xcb\x1f?{\"\x11c.\xfb*(" +
+	"\x15\xac\xfa\xe2m\xe3\xed\x9bO\x9eL\x1eE6\x8cq" +
+	"V\x96\x8f.\xbc\xa3_\xae_t\xcb\x1b\xa4u\x89\xf3" +
+	"\xca\xb80\xbb\x18\xfa\xd2,\x1f\xe8\xcf\xde\x07\xfd\xd6\x9c" +
+	"J\x14<x\xcf\xc0\xea\x9b\xe6>{6\xa9\xaf?\xc7" +
+	"\xf9\xd6\xd7\xe6X\xdf\xe8\xa27?w\xcd\x83\xbf>;" +
+	"-\xaeP\xb0\x9e\x9b\x0f};\xeb\xd1\xb7\xb2\xf0\x99e" +
+	"\xdf<\xda\x95\xef:7\xad\xdf2,\xfb\xed\xdc8\xf4" +
+	"\xa7Y\xb6\xe7\xa7\xb9\xe7\xb8\x90_W\x1f;\xb9\xe5\xcf" +
+	"_z;i\xfa\xc9\xfc\xabl\xfa\x99<\x9b\xbe\xfb\xcc" +
+	"\xde\xcf\x7fm\xfd\xf7\xff\x97\xc8\xc2+\xf9)\xae\xb4_" +
+	"\xb7mYqk\xa9\xf2\xc7\xa2\x9f\xe5\x1b\xcaf\xcd\xae" +
+	"-\xee\xaf\xfb\x1b\xa4\xed[e\xd3\x97C\xb2\xd7\xab9" +
+	"\xb6'\x8b\x80\xd1)RD)\x10i\xe68\x91q\x87" +
+	"\x80QQ\xa0\x01\x05\xeeQ\xcdbp\x83\x80\xe1+\xd0" +
+	"\x14\xa5\x00\x85H\xbbs.\x91Q\x1106*\x80(" +
+	"@\x10i\xf5]D\xc6F\x01c\x9b\x82\xa0&\xdd\xaa" +
+	"iK\x9b\xf2\xfeR\xd7E\x96\x14d\x09\x81+}w" +
+	"\xd2\x1c\xaeP^&`u\xfc.\x1f9R\x90#\x04" +
+	"\x1b\x9c\xba\xeb\xad\xb5}X\x95!9\xeaJ\x0f\x1b\x90" +
+	"!\x05\x19\xc2\xc5\xc2[\xba\xd1\xf2|\xcb\x1e[\x13\xe2" +
+	"\xbdE\xa7b\x95'9\xbcl\xe8\xf0\xd5\x8b\x89\x00m" +
+	"\xd6:\"(\x9a\xb6\x84\xa8\xd7\x1a\xb3\x1dW\x06#\x96" +
+	"Wvl[\x92(\xfb\xf7\x0e\x9b\x15\xd3.\xcb\xd8P" +
+	"\xe6BC\x0d\x03%\xe9NH\xf7\x063\x91\xd4yE" +
+	"\xd35E\xd53\xb2qB\x97\xae#2\x06\x04\x8cb" +
+	"\"\xa1+\x97\x13\x19+\x04\x8c[\x12\x09]\xbb\x84g" +
+	"\x93\x80\xb1^A\xe0\xb8\xd6\x98e\xdf,I\xb8\xc9\xbc" +
+	"x\xbemV%\x11Ey\xbb\xd7\xa9\xf9\x96c{\xe8" +
+	"l]J\x02:\x13\x99z\xaf\x00\xea\xb6+\xc7,\xcf" +
+	"\x97n\x03\x9e\xd7\xcbQT=#\x15\x07\x91\xdbGd" +
+	"t\x0a\x18W)\x08\xc6\\\xb3,\x8b\xd2\x85\xe5\x8c\xac" +
+	"2m\xa7$d\x19iR\x90N\x18\x9dy\xb9F\x87" +
+	"\xa4W\xaf\xf8\x1e\xc5\xa7.~\xde\x95a\xc5\xca~\xf3" +
+	"x\xb1\xbb\xe1s!\xf6y\xf3\xdcV/\xc6\x89\xdf:" +
+	"Ldl\x110v&\x12\xbf\x83Kt\xbf\x80\xb1[" +
+	"\x81&\x9a\xad\xfc0\x97\xe8!\x01\xe31\x05Z*U" +
+	"@\x8aH\xdb\xcb%\xda-`\xecW\xce\xefX9!" +
+	"m\x7f\xc0\x1a#Uz-\x94]\x1c\xb0\xc6$\x09\xef" +
+	"J\x8b\xd8\xf6\x1e\xf9p\x86=\xa7\"}9 \xcb\x15" +
+	"\xd35}kB6\xbe\xdf\xdcHST\xd4K\xee\x8a" +
+	"i\xe5)\x9a\xf90\xbf\x1f\xa4\xc6\xbe\xf8\x84\xb3\x1c\x9b" +
+	"(\xbc\xfd-\x97\xb9%\xfa\x04\x8c\x15\x09\x97\x07?\x9e" +
+	"\x88#ry\xe5p+\x0e\xf5\xcbr2\xf2\xaa[V" +
+	"M\xab\x12\xcf\xb2f0\xfd\xa4~\xa1%s1\xff\x86" +
+	"\xc2\xac\xba\xa1w\xabk\xdda\x84\xec\xe3\xa2\xc8G}" +
+	"\x12\xcb\x89J\x1b!P\xda\x86\x96\x9b\xfaV,!*" +
+	"\xdd\xcd\xf8\xfdhy\xaaoG\x17Qi\x0b\xe3;\x11" +
+	"Ob}\x07\xbeKT\xda\xc9\xf0\xa3,\x9e\x12a\x07" +
+	"\xeb{B\xf5\xbb\x19\xdf\xcfx:U@\x9aH\x7f\x1c" +
+	"\xf3\x89J\x8f2\xfe\x13\xc63J\x01\x19\"\xfd \xc6" +
+	"\x89JO1~\x88q5]`2\xd2\x9f\x86KT" +
+	"\xfa9\xe3\xbfb\xbcmv\x01mD\xfa\xb3!~\x98" +
+	"\xf1\x17\x19o\x9fS@;\x91\xfe\x1bL\x11\x95\x9eg" +
+	"\xfc(\xe33P\xc0\x0c\"\xfd\x08\xf6\x11\x95\x8e2\xfe" +
+	"\x17\xc6;2\x05t\x10\xe9\xaf\x84\xfe\x1cc\xfc5\xc6" +
+	"\xb3\xa9\x02\xb2D\xfa_q\x80\xa8\xf4\x1a\xe3\x7fg<" +
+	"\xa7\x16\x90#\xd2O\x87q\xbd\xc9x\x9b\xa2 (W" +
+	",i\xfb\x83#\xc9\x8e\x9a\x90\xaeg9v\xf4\xb7p" +
+	"\xbc\xb8d\xb2I\x1dh\xb4{\xd1\xc93w \xdf\xda" +
+	"\xfc\x08\xc8\x13\x82\x9a\xe3TV\x9d\xdf\xa9y\xdf\x1c\xf3" +
+	"0\x93P\x14@gk\xd9!0\x184\xe7\x94Ey" +
+	"\xc7\x1e\x1c\x89y\xac\xd1:+\x1c\xea.\x9b\x95\xc1Z" +
+	"\xec\x89\xe5\xf5\xd7}\xa7^\xa3\xee\x11\xd3\x97#\x00)" +
+	"\xe0\x8d\xc0\xad\xdb\xcb\\\xa7\xba\x06\xd2\xadZ\xb6Y\xa1" +
+	"\xf8K\xd9\xa9\xd6\\\xe9y\xb0\x1c\xdb\xa8\x9b\x15K\xf8" +
+	"\x93h'\x05\xed\x84|\xbdn\x8d\xc4\xba\xedz\xb5\xe8" +
+	"\xca\x09\x0bN\xdd\xeb\xf7}YUk\xbe\x17{4*" +
+	"M\xbf\xeeJ\x8fCkF\xc3\x07g&:Z\x99\xde" +
+	"\xd1\xdd\xb5\xc5k\xcc1\xee\xe0\xb6\xf8\x96]7\x9f\xc8" +
+	"\x98'`\xdc\x98\xb8e\xd7\xf3-\xfb\x88\x80\xf1\x09\x05" +
+	"y\xbe\xea\xf1\x8d\x9a0+uy\xc1\xdd\xc9\\\xe6\xfc" +
+	"\x1f\xeam\xf0G\x92\xb4\x16\x13\x19m\x02FAA\xaf" +
+	"\x1b~Fg\xb4\x86]&G\x8eI\xbf\xf1k\xd0\x1e" +
+	"u\x98\xe5\xd5\xcb\x99\xa5\xe7\x9f\x1e\x92^\xfeR\\m" +
+	"\xad\x97\xd3\x9c\x15\xeff\xae\xb7a\x85\xcb1[\xa4\x89" +
+	"\xe2\xad\x1f\xd1*\xab\x1d\xdcD\x8a\xf6\xa4\x8a\xd6\x1e\x8d" +
+	"hm\xd6\x1ewI\xd1\xf6\xa8P\xe2G\x0a\xa2\xc7\x88" +
+	"\xb6\xe3\x01R\xb4\xed*D\xfc\xc6@\xb4\x82.\x98\x9c" +
+	"\x01R\xb4\xcd*R\xf1\xf3\x07\xd1\x02\xab\xdd9N\x8a" +
+	"f\xa9H\xc7\xcf\x17D+\xbev\xfb\x14)\xdaZ5" +
+	"\x88\xb8\x86z\x1bq\xf4!\x88RF\xdda\xd2\xfa\x10" +
+	"D\x1b\x03\"N\"\xeaC\x10\xf1\x9ex7\xe2\x0b\xa5" +
+	"\xa2\x1d\x8d\xf2\xbc\xa5\xf5\xf1\x12\xdah\x1f4\xfb\x87\xfa" +
+	"P\x04\xde/9\x0e\xc9\xee+i\xbew\xa8g\xc3N" +
+	"\x9eC\xe7j&\xf4\xf2*\x9e\x150f+\x08*N" +
+	"\x93\xe7\xf2\xab\x127\xeab\xfc\xd3p8b\xa1<\x1f" +
+	"f\xfd\x1f\x8e\xf5\x1fa\x8a|Q\xc08\x96\xb8\xbc\x7f" +
+	"`\xf0w\x02\xc6\x89\x04E\x1eg\xaa?&`\x9ck" +
+	"\xed\xff\xffx\x80\xc88'0\x94\xa0\x1c\xed\xbf,\xf8" +
+	"6\x0f\xe6\x90p\xd0 \x9c4v\x11\x95\xdax`\x17" +
+	"B\xc2I5\x08G\xc30Q\xa9\x93\xf1\xab\x92\x843" +
+	"\x07\xeb\x88J\xb3\x19\x9f\x07\x05\xaaL\xbc\x1d\xean\x8b" +
+	"\x92+\xce\xd8\x0a\xcb~\xc7)\x16=H\xe0/3\xad" +
+	"J\xdd\x95\xd4\x1a\xa2\x8dD\x0d\x0e$\xe6z\xe3\xa5\xd2" +
+	"?\xca\x1dW\xe2~\x19\x81\x07\x95\x14\xa8\x97\xb7\xf0\xbd" +
+	"\xaf\x87\x04\xaf\xc3\xea\xa5\x0c\x89\xf8\x1f\x19\xd3\x9a\xaa\xfd" +
+	"J\x17\xc6h!\xff\x7f\x00\x00\x00\xff\xff/\xf3\xa2\xe2"
 
 func init() {
 	schemas.Register(schema_db8274f9144abc7e,
 		0x82c325a07ad22a65,
-		0x8407e070e0d52605,
 		0x84cb9536a2cf6d3c,
 		0x85c8cea1ab1894f3,
-		0x8891f360e47c30d3,
-		0x91f7a001ca145b9d,
 		0x9b87b390babc2ccf,
-		0x9e12cfad042ba4f1,
 		0xa29a916d4ebdd894,
 		0xa353a3556df74984,
 		0xa766b24d4fe5da35,
-		0xa78f37418c1077c8,
-		0xaa7386f356bd398a,
-		0xb14ce48f4e2abb0d,
-		0xb167b0bebe562cd0,
 		0xb70431c0dc014915,
-		0xb9d4ef45c2b5fc5b,
-		0xbe403adc6d018a5a,
 		0xc082ef6e0d42ed1d,
-		0xc744e349009087aa,
-		0xc766a92976e389c4,
 		0xc793e50592935b4a,
 		0xcbd96442ae3bb01a,
 		0xd4d18de97bb12de3,
-		0xd58a254e7a792b87,
 		0xdc3ed6801961e502,
 		0xe3e37d096a5b564e,
-		0xe4a6a1bc139211b4,
-		0xea20b390b257d1a5,
 		0xea58385c65416035,
-		0xf0a143f1c95a678e,
-		0xf143a395ed8b3133,
 		0xf2c122394f447e8e,
 		0xf2c68e2547ec3866,
 		0xf41a0f001ad49e46,
-		0xf7f49b3f779ae258,
-		0xf9c895683ed9ac4c,
 		0xfc5edf80e39c0796,
-		0xfeac5c8f4899ef7c,
-		0xff8d9848747c956a)
+		0xfeac5c8f4899ef7c)
 }

From e376a13025e77805053ee22a63d89429b2d57731 Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Fri, 5 Jun 2020 15:10:09 -0500
Subject: [PATCH 063/100] AUTH-2645 protect against user mistaken flag input

---
 cmd/cloudflared/tunnel/cmd.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index 75b39209..84e547c4 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -401,6 +401,14 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 		c.Set("url", "ssh://"+localServerAddress)
 	}
 
+	url := c.String("url")
+	hostname := c.String("hostname")
+	if url == hostname && url != "" && hostname != "" {
+		errText := "hostname and url shouldn't match. See --help for more information"
+		logger.Error(errText)
+		return fmt.Errorf(errText)
+	}
+
 	if staticHost := hostnameFromURI(c.String("url")); isProxyDestinationConfigured(staticHost, c) {
 		listener, err := net.Listen("tcp", "127.0.0.1:")
 		if err != nil {

From 9e76e42e3c22dcf1eca9531c7320e770e0729eba Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Fri, 5 Jun 2020 14:52:30 -0500
Subject: [PATCH 064/100] AUTH-2687 don't copy config unnecessarily

---
 cmd/cloudflared/linux_service.go | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/cmd/cloudflared/linux_service.go b/cmd/cloudflared/linux_service.go
index 43d4ca83..99ec9c27 100644
--- a/cmd/cloudflared/linux_service.go
+++ b/cmd/cloudflared/linux_service.go
@@ -184,17 +184,24 @@ func copyUserConfiguration(userConfigDir, userConfigFile, userCredentialFile str
 	if err := ensureConfigDirExists(serviceConfigDir); err != nil {
 		return err
 	}
+
 	srcCredentialPath := filepath.Join(userConfigDir, userCredentialFile)
 	destCredentialPath := filepath.Join(serviceConfigDir, serviceCredentialFile)
-	if err := copyCredential(srcCredentialPath, destCredentialPath); err != nil {
-		return err
+	if srcCredentialPath != destCredentialPath {
+		if err := copyCredential(srcCredentialPath, destCredentialPath); err != nil {
+			return err
+		}
 	}
+
 	srcConfigPath := filepath.Join(userConfigDir, userConfigFile)
 	destConfigPath := filepath.Join(serviceConfigDir, serviceConfigFile)
-	if err := copyConfig(srcConfigPath, destConfigPath); err != nil {
-		return err
+	if srcConfigPath != destConfigPath {
+		if err := copyConfig(srcConfigPath, destConfigPath); err != nil {
+			return err
+		}
+		logger.Infof("Copied %s to %s", srcConfigPath, destConfigPath)
 	}
-	logger.Infof("Copied %s to %s", srcConfigPath, destConfigPath)
+
 	return nil
 }
 

From 8c59254488358951d7c21d8278aaf8e826b17113 Mon Sep 17 00:00:00 2001
From: Robert McNeil <rmcneil@cloudflare.com>
Date: Mon, 30 Mar 2020 12:36:32 -0700
Subject: [PATCH 065/100] DEVTOOLS-7321: Add scripts for macOS builds and
 homebrew uploads

---
 .teamcity/build-macos.sh     | 27 +++++++++++++++++
 .teamcity/update-homebrew.sh | 59 ++++++++++++++++++++++++++++++++++++
 cfsetup.yaml                 |  5 +++
 3 files changed, 91 insertions(+)
 create mode 100755 .teamcity/build-macos.sh
 create mode 100755 .teamcity/update-homebrew.sh

diff --git a/.teamcity/build-macos.sh b/.teamcity/build-macos.sh
new file mode 100755
index 00000000..43d47195
--- /dev/null
+++ b/.teamcity/build-macos.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+set -euo pipefail
+
+if ! git describe --tags --exact-match 2>/dev/null ; then
+    echo "Skipping public release for an untagged commit."
+    echo "##teamcity[buildStatus status='SUCCESS' text='Skipped due to lack of tag']"
+    exit 0
+fi
+
+if [[ "$(uname)" != "Darwin" ]] ; then
+    echo "This should be run on macOS"
+    exit 1
+fi
+
+go version
+export GO111MODULE=on
+
+# build 'cloudflared-darwin-amd64.tgz'
+mkdir -p artifacts
+FILENAME="$(pwd)/artifacts/cloudflared-darwin-amd64.tgz"
+export PATH="$PATH:/usr/local/bin"
+mkdir -p ../src/github.com/cloudflare/    
+cp -r . ../src/github.com/cloudflare/cloudflared
+cd ../src/github.com/cloudflare/cloudflared 
+GOCACHE="$PWD/../../../../" GOPATH="$PWD/../../../../" CGO_ENABLED=1 make cloudflared
+tar czf "$FILENAME" cloudflared
diff --git a/.teamcity/update-homebrew.sh b/.teamcity/update-homebrew.sh
new file mode 100755
index 00000000..7f898d3d
--- /dev/null
+++ b/.teamcity/update-homebrew.sh
@@ -0,0 +1,59 @@
+#!/bin/bash
+
+set -euo pipefail
+
+FILENAME="${PWD}/artifacts/cloudflared-darwin-amd64.tgz"
+
+if ! VERSION="$(git describe --tags --exact-match 2>/dev/null)" ; then
+    echo "Skipping public release for an untagged commit."
+    echo "##teamcity[buildStatus status='SUCCESS' text='Skipped due to lack of tag']"
+    exit 0
+fi
+
+if [[ ! -f "$FILENAME" ]] ; then
+    echo "Missing $FILENAME"
+    exit 1
+fi
+
+# upload to s3 bucket for use by Homebrew formula
+s3cmd \
+    --acl-public --signature-v2 --access_key="$AWS_ACCESS_KEY_ID" --secret_key="$AWS_SECRET_ACCESS_KEY" --host-bucket="%(bucket)s.s3.cfdata.org" \
+    put "$FILENAME" "s3://cftunnel-docs/dl/cloudflared-$VERSION-darwin-amd64.tgz"
+s3cmd \
+    --acl-public --signature-v2 --access_key="$AWS_ACCESS_KEY_ID" --secret_key="$AWS_SECRET_ACCESS_KEY" --host-bucket="%(bucket)s.s3.cfdata.org" \
+    cp "s3://cftunnel-docs/dl/cloudflared-$VERSION-darwin-amd64.tgz" "s3://cftunnel-docs/dl/cloudflared-stable-darwin-amd64.tgz"
+SHA256=$(sha256sum "$FILENAME" | cut -b1-64)
+
+# set up git (note that UserKnownHostsFile is an absolute path so we can cd wherever)
+mkdir -p tmp
+ssh-keyscan -t rsa github.com > tmp/github.txt
+export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=$PWD/tmp/github.txt"
+
+# clone Homebrew repo into tmp/homebrew-cloudflare
+git clone git@github.com:cloudflare/homebrew-cloudflare.git tmp/homebrew-cloudflare    
+cd tmp/homebrew-cloudflare
+git checkout -f master
+git reset --hard origin/master
+
+# modify cloudflared.rb
+URL="https://developers.cloudflare.com/argo-tunnel/dl/cloudflared-$VERSION-darwin-amd64.tgz"
+tee cloudflared.rb <<EOF
+class Cloudflared < Formula
+  desc 'Argo Tunnel'
+  homepage 'https://developers.cloudflare.com/argo-tunnel/'
+  url '$URL'
+  sha256 '$SHA256'
+  version '$VERSION'
+  def install
+    bin.install 'cloudflared'
+  end
+end
+EOF
+
+# push cloudflared.rb
+git add cloudflared.rb
+git diff
+git config user.name "cloudflare-warp-bot"
+git config user.email "warp-bot@cloudflare.com"
+git commit -m "Release Argo Tunnel $VERSION"
+git push -v origin master
diff --git a/cfsetup.yaml b/cfsetup.yaml
index 06773696..566040c9 100644
--- a/cfsetup.yaml
+++ b/cfsetup.yaml
@@ -83,6 +83,11 @@ stretch: &stretch
       - (cd / && go get github.com/BurntSushi/go-sumtype)
       - export PATH="$HOME/go/bin:$PATH"
       - make test
+  update-homebrew:
+    builddeps:
+      - s3cmd
+    post-cache:
+      - .teamcity/update-homebrew.sh
 
 jessie: *stretch
 

From 0ff491905f1e258a5e537782b680ad5dcc1b680a Mon Sep 17 00:00:00 2001
From: Robert McNeil <rmcneil@cloudflare.com>
Date: Sat, 25 Apr 2020 20:19:00 -0700
Subject: [PATCH 066/100] DEVTOOLS-7321: Use SSH key from env for pushing to
 GitHub

---
 .teamcity/update-homebrew.sh | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/.teamcity/update-homebrew.sh b/.teamcity/update-homebrew.sh
index 7f898d3d..5dac42c5 100755
--- a/.teamcity/update-homebrew.sh
+++ b/.teamcity/update-homebrew.sh
@@ -15,6 +15,11 @@ if [[ ! -f "$FILENAME" ]] ; then
     exit 1
 fi
 
+if [[ "${GITHUB_PRIVATE_KEY:-}" == "" ]] ; then
+    echo "Missing GITHUB_PRIVATE_KEY"
+    exit 1
+fi
+
 # upload to s3 bucket for use by Homebrew formula
 s3cmd \
     --acl-public --signature-v2 --access_key="$AWS_ACCESS_KEY_ID" --secret_key="$AWS_SECRET_ACCESS_KEY" --host-bucket="%(bucket)s.s3.cfdata.org" \
@@ -27,7 +32,9 @@ SHA256=$(sha256sum "$FILENAME" | cut -b1-64)
 # set up git (note that UserKnownHostsFile is an absolute path so we can cd wherever)
 mkdir -p tmp
 ssh-keyscan -t rsa github.com > tmp/github.txt
-export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=$PWD/tmp/github.txt"
+echo "$GITHUB_PRIVATE_KEY" > tmp/private.key
+chmod 0400 tmp/private.key
+export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=$PWD/tmp/github.txt -i $PWD/tmp/private.key -o IdentitiesOnly=yes"
 
 # clone Homebrew repo into tmp/homebrew-cloudflare
 git clone git@github.com:cloudflare/homebrew-cloudflare.git tmp/homebrew-cloudflare    

From e02d09a73164f5ba7a5b42f77e04d3407a8e041c Mon Sep 17 00:00:00 2001
From: Robert McNeil <rmcneil@cloudflare.com>
Date: Sat, 25 Apr 2020 20:19:33 -0700
Subject: [PATCH 067/100] DEVTOOLS-7321: Push to a test branch instead of to
 master

---
 .teamcity/update-homebrew.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.teamcity/update-homebrew.sh b/.teamcity/update-homebrew.sh
index 5dac42c5..6d606d9c 100755
--- a/.teamcity/update-homebrew.sh
+++ b/.teamcity/update-homebrew.sh
@@ -63,4 +63,8 @@ git diff
 git config user.name "cloudflare-warp-bot"
 git config user.email "warp-bot@cloudflare.com"
 git commit -m "Release Argo Tunnel $VERSION"
-git push -v origin master
+
+#git push -v origin master
+# don't push to master, push to some testing branch
+git checkout -b deploy-test
+git push -v origin deploy-test

From 2f70b05c64d853f18f58a299af8937f38b7d7ea7 Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Fri, 5 Jun 2020 09:26:06 -0500
Subject: [PATCH 068/100] AUTH-2169 make access login page more generic

---
 carrier/carrier.go                |  9 ++-------
 cmd/cloudflared/access/carrier.go |  2 --
 cmd/cloudflared/main.go           |  7 ++++++-
 overwatch/app_manager.go          | 18 ++++++++++++------
 overwatch/manager_test.go         |  5 ++++-
 websocket/notice_page.go          |  2 +-
 6 files changed, 25 insertions(+), 18 deletions(-)

diff --git a/carrier/carrier.go b/carrier/carrier.go
index 1ef5a032..6240b8e4 100644
--- a/carrier/carrier.go
+++ b/carrier/carrier.go
@@ -66,7 +66,7 @@ func StartForwarder(conn Connection, address string, shutdownC <-chan struct{},
 // StartClient will copy the data from stdin/stdout over a WebSocket connection
 // to the edge (originURL)
 func StartClient(conn Connection, stream io.ReadWriter, options *StartOptions) error {
-	return serveStream(conn, stream, options)
+	return conn.ServeStream(options, stream)
 }
 
 // Serve accepts incoming connections on the specified net.Listener.
@@ -103,12 +103,7 @@ func Serve(remoteConn Connection, listener net.Listener, shutdownC <-chan struct
 // serveConnection handles connections for the Serve() call
 func serveConnection(remoteConn Connection, c net.Conn, options *StartOptions) {
 	defer c.Close()
-	serveStream(remoteConn, c, options)
-}
-
-// serveStream will serve the data over the WebSocket stream
-func serveStream(remoteConn Connection, conn io.ReadWriter, options *StartOptions) error {
-	return remoteConn.ServeStream(options, conn)
+	remoteConn.ServeStream(options, c)
 }
 
 // IsAccessResponse checks the http Response to see if the url location
diff --git a/cmd/cloudflared/access/carrier.go b/cmd/cloudflared/access/carrier.go
index 337792ab..173ced25 100644
--- a/cmd/cloudflared/access/carrier.go
+++ b/cmd/cloudflared/access/carrier.go
@@ -18,13 +18,11 @@ import (
 func StartForwarder(forwarder config.Forwarder, shutdown <-chan struct{}, logger logger.Service) error {
 	validURLString, err := validation.ValidateUrl(forwarder.Listener)
 	if err != nil {
-		logger.Errorf("Error validating origin URL: %s", err)
 		return errors.Wrap(err, "error validating origin URL")
 	}
 
 	validURL, err := url.Parse(validURLString)
 	if err != nil {
-		logger.Errorf("Error parsing origin URL: %s", err)
 		return errors.Wrap(err, "error parsing origin URL")
 	}
 
diff --git a/cmd/cloudflared/main.go b/cmd/cloudflared/main.go
index 20fd0743..4160027d 100644
--- a/cmd/cloudflared/main.go
+++ b/cmd/cloudflared/main.go
@@ -187,7 +187,12 @@ func handleServiceMode(shutdownC chan struct{}) error {
 		return err
 	}
 
-	serviceManager := overwatch.NewAppManager(nil)
+	serviceCallback := func(t string, name string, err error) {
+		if err != nil {
+			logger.Errorf("%s service: %s encountered an error: %s", t, name, err)
+		}
+	}
+	serviceManager := overwatch.NewAppManager(serviceCallback)
 
 	appService := NewAppService(configManager, serviceManager, shutdownC, logger)
 	if err := appService.Run(); err != nil {
diff --git a/overwatch/app_manager.go b/overwatch/app_manager.go
index bd341551..9bbf6baf 100644
--- a/overwatch/app_manager.go
+++ b/overwatch/app_manager.go
@@ -1,14 +1,20 @@
 package overwatch
 
+// ServiceCallback is a service notify it's runloop finished.
+// the first parameter is the service type
+// the second parameter is the service name
+// the third parameter is an optional error if the service failed
+type ServiceCallback func(string, string, error)
+
 // AppManager is the default implementation of overwatch service management
 type AppManager struct {
-	services  map[string]Service
-	errorChan chan error
+	services map[string]Service
+	callback ServiceCallback
 }
 
 // NewAppManager creates a new overwatch manager
-func NewAppManager(errorChan chan error) Manager {
-	return &AppManager{services: make(map[string]Service), errorChan: errorChan}
+func NewAppManager(callback ServiceCallback) Manager {
+	return &AppManager{services: make(map[string]Service), callback: callback}
 }
 
 // Add takes in a new service to manage.
@@ -47,7 +53,7 @@ func (m *AppManager) Services() []Service {
 
 func (m *AppManager) serviceRun(service Service) {
 	err := service.Run()
-	if err != nil && m.errorChan != nil {
-		m.errorChan <- err
+	if m.callback != nil {
+		m.callback(service.Type(), service.Name(), err)
 	}
 }
diff --git a/overwatch/manager_test.go b/overwatch/manager_test.go
index d07e6cf0..988072f0 100644
--- a/overwatch/manager_test.go
+++ b/overwatch/manager_test.go
@@ -64,7 +64,10 @@ func TestManagerDuplicate(t *testing.T) {
 
 func TestManagerErrorChannel(t *testing.T) {
 	errChan := make(chan error)
-	m := NewAppManager(errChan)
+	serviceCallback := func(t string, name string, err error) {
+		errChan <- err
+	}
+	m := NewAppManager(serviceCallback)
 
 	err := errors.New("test error")
 	first := &mockService{serviceName: "first", serviceType: "mock", runError: err}
diff --git a/websocket/notice_page.go b/websocket/notice_page.go
index 8023f2f3..fc3fb4a7 100644
--- a/websocket/notice_page.go
+++ b/websocket/notice_page.go
@@ -253,7 +253,7 @@ func nonWebSocketRequestPage() []byte {
 					<div class="main-message">
 						<div class="title">  Success </div>
 						<div class="sub-title">
-						You are now logged in and can reach this application over SSH from your command line. 
+						You are now logged in and can reach this application. 
 							You can close this browser window.
 						</div>
 					</div>

From f8638839c0e1abeabee558d2421ab257aa16ce6f Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Fri, 5 Jun 2020 10:18:40 -0500
Subject: [PATCH 069/100] AUTH-2729 added log file and level to cmd flags to
 match config file settings

---
 cmd/cloudflared/access/carrier.go | 11 +++++++++++
 cmd/cloudflared/access/cmd.go     | 28 ++++++++++++++++++++--------
 cmd/cloudflared/tunnel/cmd.go     |  9 ++++++---
 3 files changed, 37 insertions(+), 11 deletions(-)

diff --git a/cmd/cloudflared/access/carrier.go b/cmd/cloudflared/access/carrier.go
index 173ced25..d6717ea1 100644
--- a/cmd/cloudflared/access/carrier.go
+++ b/cmd/cloudflared/access/carrier.go
@@ -44,6 +44,17 @@ func StartForwarder(forwarder config.Forwarder, shutdown <-chan struct{}, logger
 // (which you can put Access in front of)
 func ssh(c *cli.Context) error {
 	logDirectory, logLevel := config.FindLogSettings()
+
+	flagLogDirectory := c.String(sshLogDirectoryFlag)
+	if flagLogDirectory != "" {
+		logDirectory = flagLogDirectory
+	}
+
+	flagLogLevel := c.String(sshLogLevelFlag)
+	if flagLogLevel != "" {
+		logLevel = flagLogLevel
+	}
+
 	logger, err := logger.New(logger.DefaultFile(logDirectory), logger.LogLevelString(logLevel))
 	if err != nil {
 		return errors.Wrap(err, "error setting up logger")
diff --git a/cmd/cloudflared/access/cmd.go b/cmd/cloudflared/access/cmd.go
index 96359c7c..a255a662 100644
--- a/cmd/cloudflared/access/cmd.go
+++ b/cmd/cloudflared/access/cmd.go
@@ -25,14 +25,16 @@ import (
 )
 
 const (
-	sshHostnameFlag    = "hostname"
-	sshDestinationFlag = "destination"
-	sshURLFlag         = "url"
-	sshHeaderFlag      = "header"
-	sshTokenIDFlag     = "service-token-id"
-	sshTokenSecretFlag = "service-token-secret"
-	sshGenCertFlag     = "short-lived-cert"
-	sshConfigTemplate  = `
+	sshHostnameFlag     = "hostname"
+	sshDestinationFlag  = "destination"
+	sshURLFlag          = "url"
+	sshHeaderFlag       = "header"
+	sshTokenIDFlag      = "service-token-id"
+	sshTokenSecretFlag  = "service-token-secret"
+	sshGenCertFlag      = "short-lived-cert"
+	sshLogDirectoryFlag = "log-directory"
+	sshLogLevelFlag     = "log-level"
+	sshConfigTemplate   = `
 Add to your {{.Home}}/.ssh/config:
 
 Host {{.Hostname}}
@@ -154,6 +156,16 @@ func Commands() []*cli.Command {
 							Aliases: []string{"secret"},
 							Usage:   "specify an Access service token secret you wish to use.",
 						},
+						&cli.StringFlag{
+							Name:    sshLogDirectoryFlag,
+							Aliases: []string{"logfile"}, //added to match the tunnel side
+							Usage:   "Save application log to this directory for reporting issues.",
+						},
+						&cli.StringFlag{
+							Name:    sshLogLevelFlag,
+							Aliases: []string{"loglevel"}, //added to match the tunnel side
+							Usage:   "Application logging level {fatal, error, info, debug}. ",
+						},
 					},
 				},
 				{
diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index 84e547c4..c909c809 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -90,6 +90,8 @@ const (
 	// bastionFlag is to enable bastion, or jump host, operation
 	bastionFlag = "bastion"
 
+	logDirectoryFlag = "log-directory"
+
 	debugLevelWarning = "At debug level, request URL, method, protocol, content legnth and header will be logged. " +
 		"Response status, content length and header will also be logged in debug level."
 )
@@ -213,7 +215,7 @@ func Init(v string, s, g chan struct{}) {
 
 func createLogger(c *cli.Context, isTransport bool) (logger.Service, error) {
 	loggerOpts := []logger.Option{}
-	logPath := c.String("logfile")
+	logPath := c.String(logDirectoryFlag)
 	if logPath != "" {
 		loggerOpts = append(loggerOpts, logger.DefaultFile(logPath))
 	}
@@ -828,8 +830,9 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 			Hidden:  shouldHide,
 		}),
 		altsrc.NewStringFlag(&cli.StringFlag{
-			Name:    "logfile",
-			Usage:   "Save application log to this file for reporting issues.",
+			Name:    logDirectoryFlag,
+			Aliases: []string{"logfile"}, // This flag used to be called logfile when it was a single file
+			Usage:   "Save application log to this directory for reporting issues.",
 			EnvVars: []string{"TUNNEL_LOGFILE"},
 			Hidden:  shouldHide,
 		}),

From 0d87279b2f545f282cbd1b85c12512869c625fc4 Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Mon, 8 Jun 2020 17:01:48 -0500
Subject: [PATCH 070/100] AUTH-2785 service token flag fix and logger fix

---
 carrier/websocket.go              |  8 ++++++++
 cmd/cloudflared/access/carrier.go | 16 +++++++++++++---
 cmd/cloudflared/access/cmd.go     |  4 ++--
 cmd/cloudflared/cliutil/errors.go |  2 ++
 cmd/cloudflared/config/model.go   |  8 ++++++--
 cmd/cloudflared/main.go           |  6 ++++--
 6 files changed, 35 insertions(+), 9 deletions(-)

diff --git a/carrier/websocket.go b/carrier/websocket.go
index e804f7bb..d86cc29a 100644
--- a/carrier/websocket.go
+++ b/carrier/websocket.go
@@ -5,6 +5,7 @@ import (
 	"io"
 	"net"
 	"net/http"
+	"net/http/httputil"
 
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/token"
 	"github.com/cloudflare/cloudflared/logger"
@@ -80,6 +81,9 @@ func createWebsocketStream(options *StartOptions, logger logger.Service) (*cfweb
 	}
 	req.Header = options.Headers
 
+	dump, err := httputil.DumpRequest(req, false)
+	logger.Debugf("Websocket request: %s", string(dump))
+
 	wsConn, resp, err := cfwebsocket.ClientConnect(req, nil)
 	defer closeRespBody(resp)
 	if err != nil && IsAccessResponse(resp) {
@@ -133,5 +137,9 @@ func createAccessWebSocketStream(options *StartOptions, logger logger.Service) (
 	if err != nil {
 		return nil, nil, err
 	}
+
+	dump, err := httputil.DumpRequest(req, false)
+	logger.Debugf("Access Websocket request: %s", string(dump))
+
 	return cfwebsocket.ClientConnect(req, nil)
 }
diff --git a/cmd/cloudflared/access/carrier.go b/cmd/cloudflared/access/carrier.go
index d6717ea1..722cc0c1 100644
--- a/cmd/cloudflared/access/carrier.go
+++ b/cmd/cloudflared/access/carrier.go
@@ -26,9 +26,19 @@ func StartForwarder(forwarder config.Forwarder, shutdown <-chan struct{}, logger
 		return errors.Wrap(err, "error parsing origin URL")
 	}
 
+	// get the headers from the config file and add to the request
+	headers := make(http.Header)
+	if forwarder.TokenClientID != "" {
+		headers.Set(h2mux.CFAccessClientIDHeader, forwarder.TokenClientID)
+	}
+
+	if forwarder.TokenSecret != "" {
+		headers.Set(h2mux.CFAccessClientSecretHeader, forwarder.TokenSecret)
+	}
+
 	options := &carrier.StartOptions{
 		OriginURL: forwarder.URL,
-		Headers:   make(http.Header), //TODO: TUN-2688 support custom headers from config file
+		Headers:   headers, //TODO: TUN-2688 support custom headers from config file
 	}
 
 	// we could add a cmd line variable for this bool if we want the SOCK5 server to be on the client side
@@ -71,10 +81,10 @@ func ssh(c *cli.Context) error {
 	// get the headers from the cmdline and add them
 	headers := buildRequestHeaders(c.StringSlice(sshHeaderFlag))
 	if c.IsSet(sshTokenIDFlag) {
-		headers.Add(h2mux.CFAccessClientIDHeader, c.String(sshTokenIDFlag))
+		headers.Set(h2mux.CFAccessClientIDHeader, c.String(sshTokenIDFlag))
 	}
 	if c.IsSet(sshTokenSecretFlag) {
-		headers.Add(h2mux.CFAccessClientSecretHeader, c.String(sshTokenSecretFlag))
+		headers.Set(h2mux.CFAccessClientSecretHeader, c.String(sshTokenSecretFlag))
 	}
 
 	destination := c.String(sshDestinationFlag)
diff --git a/cmd/cloudflared/access/cmd.go b/cmd/cloudflared/access/cmd.go
index a255a662..2b12b5d3 100644
--- a/cmd/cloudflared/access/cmd.go
+++ b/cmd/cloudflared/access/cmd.go
@@ -146,12 +146,12 @@ func Commands() []*cli.Command {
 							Aliases: []string{"H"},
 							Usage:   "specify additional headers you wish to send.",
 						},
-						&cli.StringSliceFlag{
+						&cli.StringFlag{
 							Name:    sshTokenIDFlag,
 							Aliases: []string{"id"},
 							Usage:   "specify an Access service token ID you wish to use.",
 						},
-						&cli.StringSliceFlag{
+						&cli.StringFlag{
 							Name:    sshTokenSecretFlag,
 							Aliases: []string{"secret"},
 							Usage:   "specify an Access service token secret you wish to use.",
diff --git a/cmd/cloudflared/cliutil/errors.go b/cmd/cloudflared/cliutil/errors.go
index e85e396b..f197c335 100644
--- a/cmd/cloudflared/cliutil/errors.go
+++ b/cmd/cloudflared/cliutil/errors.go
@@ -3,6 +3,7 @@ package cliutil
 import (
 	"fmt"
 
+	"github.com/cloudflare/cloudflared/logger"
 	"gopkg.in/urfave/cli.v2"
 )
 
@@ -34,6 +35,7 @@ func ErrorHandler(actionFunc cli.ActionFunc) cli.ActionFunc {
 			cli.HandleExitCoder(err)
 			err = cli.Exit(err.Error(), 1)
 		}
+		logger.SharedWriteManager.Shutdown()
 		return err
 	}
 }
diff --git a/cmd/cloudflared/config/model.go b/cmd/cloudflared/config/model.go
index 015afef9..656853e7 100644
--- a/cmd/cloudflared/config/model.go
+++ b/cmd/cloudflared/config/model.go
@@ -9,8 +9,10 @@ import (
 
 // Forwarder represents a client side listener to forward traffic to the edge
 type Forwarder struct {
-	URL      string `json:"url"`
-	Listener string `json:"listener"`
+	URL           string `json:"url"`
+	Listener      string `json:"listener"`
+	TokenClientID string `json:"service_token_id" yaml:"serviceTokenID"`
+	TokenSecret   string `json:"secret_token_id" yaml:"serviceTokenSecret"`
 }
 
 // Tunnel represents a tunnel that should be started
@@ -46,6 +48,8 @@ func (f *Forwarder) Hash() string {
 	h := md5.New()
 	io.WriteString(h, f.URL)
 	io.WriteString(h, f.Listener)
+	io.WriteString(h, f.TokenClientID)
+	io.WriteString(h, f.TokenSecret)
 	return fmt.Sprintf("%x", h.Sum(nil))
 }
 
diff --git a/cmd/cloudflared/main.go b/cmd/cloudflared/main.go
index 4160027d..0f35a421 100644
--- a/cmd/cloudflared/main.go
+++ b/cmd/cloudflared/main.go
@@ -9,7 +9,7 @@ import (
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/tunnel"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/updater"
-	"github.com/cloudflare/cloudflared/logger"
+	log "github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/metrics"
 	"github.com/cloudflare/cloudflared/overwatch"
 	"github.com/cloudflare/cloudflared/watcher"
@@ -167,12 +167,14 @@ func handleError(err error) {
 func handleServiceMode(shutdownC chan struct{}) error {
 	logDirectory, logLevel := config.FindLogSettings()
 
-	logger, err := logger.New(logger.DefaultFile(logDirectory), logger.LogLevelString(logLevel))
+	logger, err := log.New(log.DefaultFile(logDirectory), log.LogLevelString(logLevel))
 	if err != nil {
 		return errors.Wrap(err, "error setting up logger")
 	}
 	logger.Infof("logging to directory: %s", logDirectory)
 
+	defer log.SharedWriteManager.Shutdown()
+
 	// start the main run loop that reads from the config file
 	f, err := watcher.NewFile()
 	if err != nil {

From e054c5bb7ba86625de8b50bf15b1e81dcb793edb Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Tue, 9 Jun 2020 11:44:09 -0500
Subject: [PATCH 071/100] Release 2020.6.0

---
 RELEASE_NOTES | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/RELEASE_NOTES b/RELEASE_NOTES
index 8c3e7112..0265628e 100644
--- a/RELEASE_NOTES
+++ b/RELEASE_NOTES
@@ -1,3 +1,23 @@
+2020.6.0
+- 2020-06-05 AUTH-2645 protect against user mistaken flag input
+- 2020-06-05 AUTH-2687 don't copy config unnecessarily
+- 2020-06-05 AUTH-2169 make access login page more generic
+- 2020-06-05 AUTH-2729 added log file and level to cmd flags to match config file settings
+- 2020-06-08 AUTH-2785 service token flag fix and logger fix
+- 2020-05-20 AUTH-2682: Create buster build
+- 2020-05-21 TUN-2928, TUN-2929, TUN-2930: Add tunnel subcommands to interact with tunnel store service
+- 2020-05-29 Adding support for multi-architecture images and binaries (#184)
+- 2020-05-29 TUN-3019: Remove declarative tunnel entry code
+- 2020-05-29 TUN-3020: Remove declarative tunnel related RPC code
+- 2020-05-13 AUTH-2505 added aliases
+- 2020-05-14 AUTH-2529 added deprecation text to db-connect command
+- 2020-05-18 AUTH-2686: Added error handling to tunnel subcommand
+- 2020-05-04 AUTH-2369: RDP Bastion prototype
+- 2020-04-29 AUTH-2596 added new logger package and replaced logrus
+- 2020-04-25 DEVTOOLS-7321: Use SSH key from env for pushing to GitHub
+- 2020-04-25 DEVTOOLS-7321: Push to a test branch instead of to master
+- 2020-03-30 DEVTOOLS-7321: Add scripts for macOS builds and homebrew uploads
+
 2020.5.1
 - 2020-05-07 TUN-2860: Enable quick reconnect feature by default
 - 2020-05-07 AUTH-2564: error handling and minor fixes

From 97a901a229a1471d6e5e37c084da3e7dff37d406 Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Tue, 9 Jun 2020 14:15:12 -0500
Subject: [PATCH 072/100] AUTH-2796 fixed windows build

---
 Makefile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Makefile b/Makefile
index 12ec9209..56158453 100644
--- a/Makefile
+++ b/Makefile
@@ -34,6 +34,8 @@ ifeq ($(LOCAL_OS),linux)
     TARGET_OS ?= linux
 else ifeq ($(LOCAL_OS),darwin)
     TARGET_OS ?= darwin
+else ifeq ($(LOCAL_OS),windows)
+    TARGET_OS ?= windows
 else
     $(error This system's OS $(LOCAL_OS) isn't supported)
 endif

From eb3c4a7a9fbdab1e79e56d0680d0708ec76792f2 Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Tue, 9 Jun 2020 15:33:32 -0500
Subject: [PATCH 073/100] Release 2020.6.1

---
 RELEASE_NOTES | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/RELEASE_NOTES b/RELEASE_NOTES
index 0265628e..1c3951cc 100644
--- a/RELEASE_NOTES
+++ b/RELEASE_NOTES
@@ -1,3 +1,6 @@
+2020.6.1
+- 2020-06-09 AUTH-2796 fixed windows build
+
 2020.6.0
 - 2020-06-05 AUTH-2645 protect against user mistaken flag input
 - 2020-06-05 AUTH-2687 don't copy config unnecessarily

From c716dd273c4e88a3b514c2b1ffebf058b8d37b53 Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Thu, 11 Jun 2020 11:08:05 -0500
Subject: [PATCH 074/100] AUTH-2648 updated usage text

---
 cmd/cloudflared/main.go       | 2 +-
 cmd/cloudflared/tunnel/cmd.go | 3 +++
 h2mux/muxwriter.go            | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/cmd/cloudflared/main.go b/cmd/cloudflared/main.go
index 0f35a421..561af284 100644
--- a/cmd/cloudflared/main.go
+++ b/cmd/cloudflared/main.go
@@ -61,7 +61,7 @@ func main() {
 	app := &cli.App{}
 	app.Name = "cloudflared"
 	app.Usage = "Cloudflare's command-line tool and agent"
-	app.ArgsUsage = "origin-url"
+	app.UsageText = "cloudflared [global options] [command] [command options]"
 	app.Copyright = fmt.Sprintf(
 		`(c) %d Cloudflare Inc.
    Your installation of cloudflared software constitutes a symbol of your signature indicating that you accept
diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index c909c809..84195b12 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -223,6 +223,9 @@ func createLogger(c *cli.Context, isTransport bool) (logger.Service, error) {
 	logLevel := c.String("loglevel")
 	if isTransport {
 		logLevel = c.String("transport-loglevel")
+		if logLevel == "" {
+			logLevel = "fatal"
+		}
 	}
 	loggerOpts = append(loggerOpts, logger.LogLevelString(logLevel))
 
diff --git a/h2mux/muxwriter.go b/h2mux/muxwriter.go
index c3844592..d2b955c1 100644
--- a/h2mux/muxwriter.go
+++ b/h2mux/muxwriter.go
@@ -204,7 +204,7 @@ func (w *MuxWriter) writeStreamData(stream *MuxedStream, logger logger.Service)
 		}
 		// update the amount of data wrote
 		w.bytesWrote.IncrementBy(uint64(len(payload)))
-		logger.Errorf("mux - write: output data: %d: streamID: %d", len(payload), stream.streamID)
+		logger.Debugf("mux - write: output data: %d: streamID: %d", len(payload), stream.streamID)
 
 		if sentEOF {
 			if stream.readBuffer.Closed() {

From ae8d784e36e5d6dee0dafe8f4ca6e66915d8397b Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Thu, 11 Jun 2020 12:02:34 -0500
Subject: [PATCH 075/100] AUTH-2763 don't redirect from curl command

---
 carrier/carrier.go                   |  2 +-
 cmd/cloudflared/access/cmd.go        |  2 +-
 cmd/cloudflared/token/token.go       | 14 +++++++++++++-
 cmd/cloudflared/transfer/transfer.go | 12 +++++++-----
 cmd/cloudflared/tunnel/login.go      |  2 +-
 5 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/carrier/carrier.go b/carrier/carrier.go
index 6240b8e4..b289729d 100644
--- a/carrier/carrier.go
+++ b/carrier/carrier.go
@@ -131,7 +131,7 @@ func BuildAccessRequest(options *StartOptions, logger logger.Service) (*http.Req
 		return nil, err
 	}
 
-	token, err := token.FetchToken(req.URL, logger)
+	token, err := token.FetchTokenWithRedirect(req.URL, logger)
 	if err != nil {
 		return nil, err
 	}
diff --git a/cmd/cloudflared/access/cmd.go b/cmd/cloudflared/access/cmd.go
index 2b12b5d3..02c8e820 100644
--- a/cmd/cloudflared/access/cmd.go
+++ b/cmd/cloudflared/access/cmd.go
@@ -351,7 +351,7 @@ func sshGen(c *cli.Context) error {
 	// this fetchToken function mutates the appURL param. We should refactor that
 	fetchTokenURL := &url.URL{}
 	*fetchTokenURL = *originURL
-	cfdToken, err := token.FetchToken(fetchTokenURL, logger)
+	cfdToken, err := token.FetchTokenWithRedirect(fetchTokenURL, logger)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/cloudflared/token/token.go b/cmd/cloudflared/token/token.go
index 433187b2..56c51776 100644
--- a/cmd/cloudflared/token/token.go
+++ b/cmd/cloudflared/token/token.go
@@ -127,8 +127,20 @@ func isTokenLocked(lockFilePath string) bool {
 	return exists && err == nil
 }
 
+// FetchTokenWithRedirect will either load a stored token or generate a new one
+// it appends a redirect URL to the access cli request if opening the browser
+func FetchTokenWithRedirect(appURL *url.URL, logger logger.Service) (string, error) {
+	return getToken(appURL, true, logger)
+}
+
 // FetchToken will either load a stored token or generate a new one
+// it doesn't append a redirect URL to the access cli request if opening the browser
 func FetchToken(appURL *url.URL, logger logger.Service) (string, error) {
+	return getToken(appURL, false, logger)
+}
+
+// getToken will either load a stored token or generate a new one
+func getToken(appURL *url.URL, shouldRedirect bool, logger logger.Service) (string, error) {
 	if token, err := GetTokenIfExists(appURL); token != "" && err == nil {
 		return token, nil
 	}
@@ -154,7 +166,7 @@ func FetchToken(appURL *url.URL, logger logger.Service) (string, error) {
 	// this weird parameter is the resource name (token) and the key/value
 	// we want to send to the transfer service. the key is token and the value
 	// is blank (basically just the id generated in the transfer service)
-	token, err := transfer.Run(appURL, keyName, keyName, "", path, true, logger)
+	token, err := transfer.Run(appURL, keyName, keyName, "", path, true, shouldRedirect, logger)
 	if err != nil {
 		return "", err
 	}
diff --git a/cmd/cloudflared/transfer/transfer.go b/cmd/cloudflared/transfer/transfer.go
index 24cfa745..52829b8c 100644
--- a/cmd/cloudflared/transfer/transfer.go
+++ b/cmd/cloudflared/transfer/transfer.go
@@ -28,12 +28,12 @@ const (
 // The "dance" we refer to is building a HTTP request, opening that in a browser waiting for
 // the user to complete an action, while it long polls in the background waiting for an
 // action to be completed to download the resource.
-func Run(transferURL *url.URL, resourceName, key, value, path string, shouldEncrypt bool, logger logger.Service) ([]byte, error) {
+func Run(transferURL *url.URL, resourceName, key, value, path string, shouldEncrypt bool, shouldRedirect bool, logger logger.Service) ([]byte, error) {
 	encrypterClient, err := encrypter.New("cloudflared_priv.pem", "cloudflared_pub.pem")
 	if err != nil {
 		return nil, err
 	}
-	requestURL, err := buildRequestURL(transferURL, key, value+encrypterClient.PublicKey(), shouldEncrypt)
+	requestURL, err := buildRequestURL(transferURL, key, value+encrypterClient.PublicKey(), shouldEncrypt, shouldRedirect)
 	if err != nil {
 		return nil, err
 	}
@@ -82,7 +82,7 @@ func Run(transferURL *url.URL, resourceName, key, value, path string, shouldEncr
 // BuildRequestURL creates a request suitable for a resource transfer.
 // it will return a constructed url based off the base url and query key/value provided.
 // cli will build a url for cli transfer request.
-func buildRequestURL(baseURL *url.URL, key, value string, cli bool) (string, error) {
+func buildRequestURL(baseURL *url.URL, key, value string, cli, shouldRedirect bool) (string, error) {
 	q := baseURL.Query()
 	q.Set(key, value)
 	baseURL.RawQuery = q.Encode()
@@ -90,8 +90,10 @@ func buildRequestURL(baseURL *url.URL, key, value string, cli bool) (string, err
 		return baseURL.String(), nil
 	}
 
-	q.Set("redirect_url", baseURL.String()) // we add the token as a query param on both the redirect_url
-	baseURL.RawQuery = q.Encode()           // and this actual baseURL.
+	if shouldRedirect {
+		q.Set("redirect_url", baseURL.String()) // we add the token as a query param on both the redirect_url and the main url
+	}
+	baseURL.RawQuery = q.Encode() // and this actual baseURL.
 	baseURL.Path = "cdn-cgi/access/cli"
 	return baseURL.String(), nil
 }
diff --git a/cmd/cloudflared/tunnel/login.go b/cmd/cloudflared/tunnel/login.go
index 3a9fbdb3..3a927259 100644
--- a/cmd/cloudflared/tunnel/login.go
+++ b/cmd/cloudflared/tunnel/login.go
@@ -40,7 +40,7 @@ func login(c *cli.Context) error {
 		return err
 	}
 
-	_, err = transfer.Run(loginURL, "cert", "callback", callbackStoreURL, path, false, logger)
+	_, err = transfer.Run(loginURL, "cert", "callback", callbackStoreURL, path, false, true, logger)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Failed to write the certificate due to the following error:\n%v\n\nYour browser will download the certificate instead. You will have to manually\ncopy it to the following path:\n\n%s\n", err, path)
 		return err

From 6e761cb7ae4fc4d368cb69f80e7731995af36a92 Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Fri, 12 Jun 2020 00:03:09 -0500
Subject: [PATCH 076/100] TUN-3090: Upgrade crypto dep

---
 go.mod                                        |   2 +-
 go.sum                                        |   2 +
 vendor/golang.org/x/crypto/blake2b/blake2b.go | 291 ++++++
 .../x/crypto/blake2b/blake2bAVX2_amd64.go     |  37 +
 .../x/crypto/blake2b/blake2bAVX2_amd64.s      | 750 +++++++++++++++
 .../x/crypto/blake2b/blake2b_amd64.go         |  24 +
 .../x/crypto/blake2b/blake2b_amd64.s          | 281 ++++++
 .../x/crypto/blake2b/blake2b_generic.go       | 182 ++++
 .../x/crypto/blake2b/blake2b_ref.go           |  11 +
 vendor/golang.org/x/crypto/blake2b/blake2x.go | 177 ++++
 .../golang.org/x/crypto/blake2b/register.go   |  32 +
 vendor/golang.org/x/crypto/blowfish/block.go  | 159 +++
 vendor/golang.org/x/crypto/blowfish/cipher.go |  99 ++
 vendor/golang.org/x/crypto/blowfish/const.go  | 199 ++++
 .../x/crypto/chacha20/chacha_arm64.go         |  16 +
 .../asm_arm64.s => chacha20/chacha_arm64.s}   |   3 +-
 .../x/crypto/chacha20/chacha_generic.go       | 398 ++++++++
 .../{internal => }/chacha20/chacha_noasm.go   |  11 +-
 .../x/crypto/chacha20/chacha_ppc64le.go       |  16 +
 .../chacha_ppc64le.s}                         |  30 +-
 .../x/crypto/chacha20/chacha_s390x.go         |  26 +
 .../{internal => }/chacha20/chacha_s390x.s    |  40 +-
 .../x/crypto/{internal => }/chacha20/xor.go   |  21 +-
 .../x/crypto/curve25519/const_amd64.h         |   8 -
 .../x/crypto/curve25519/const_amd64.s         |  20 -
 .../x/crypto/curve25519/cswap_amd64.s         |  65 --
 .../x/crypto/curve25519/curve25519.go         | 897 ++---------------
 ...mont25519_amd64.go => curve25519_amd64.go} |   2 +-
 ...{ladderstep_amd64.s => curve25519_amd64.s} | 420 +++++++-
 .../x/crypto/curve25519/curve25519_generic.go | 828 ++++++++++++++++
 .../x/crypto/curve25519/curve25519_noasm.go   |  11 +
 vendor/golang.org/x/crypto/curve25519/doc.go  |  23 -
 .../x/crypto/curve25519/freeze_amd64.s        |  73 --
 .../x/crypto/curve25519/mul_amd64.s           | 169 ----
 .../x/crypto/curve25519/square_amd64.s        | 132 ---
 .../crypto/internal/chacha20/chacha_arm64.go  |  31 -
 .../internal/chacha20/chacha_generic.go       | 264 -----
 .../internal/chacha20/chacha_ppc64le.go       |  53 -
 .../crypto/internal/chacha20/chacha_s390x.go  |  29 -
 vendor/golang.org/x/crypto/nacl/box/box.go    |  83 +-
 .../x/crypto/poly1305/bits_compat.go          |  39 +
 .../x/crypto/poly1305/bits_go1.13.go          |  21 +
 .../golang.org/x/crypto/poly1305/mac_noasm.go |   4 +-
 .../golang.org/x/crypto/poly1305/poly1305.go  |  34 +-
 .../golang.org/x/crypto/poly1305/sum_amd64.go |  65 +-
 .../golang.org/x/crypto/poly1305/sum_amd64.s  |  42 +-
 .../golang.org/x/crypto/poly1305/sum_arm.go   |  22 -
 vendor/golang.org/x/crypto/poly1305/sum_arm.s | 427 --------
 .../x/crypto/poly1305/sum_generic.go          | 374 ++++---
 .../golang.org/x/crypto/poly1305/sum_noasm.go |  16 -
 .../x/crypto/poly1305/sum_ppc64le.go          |  65 +-
 .../x/crypto/poly1305/sum_ppc64le.s           |  68 +-
 .../golang.org/x/crypto/poly1305/sum_s390x.go |  83 +-
 .../golang.org/x/crypto/poly1305/sum_s390x.s  | 633 +++++++-----
 .../x/crypto/poly1305/sum_vmsl_s390x.s        | 909 ------------------
 vendor/golang.org/x/crypto/ssh/certs.go       |  39 +-
 vendor/golang.org/x/crypto/ssh/cipher.go      |  53 +-
 .../ssh/internal/bcrypt_pbkdf/bcrypt_pbkdf.go |  93 ++
 vendor/golang.org/x/crypto/ssh/kex.go         |   6 +-
 vendor/golang.org/x/crypto/ssh/keys.go        | 482 ++++++++--
 vendor/golang.org/x/crypto/ssh/mux.go         |  23 +-
 vendor/golang.org/x/crypto/ssh/server.go      |   4 +-
 .../x/crypto/ssh/terminal/terminal.go         |  25 +-
 .../x/crypto/ssh/terminal/util_windows.go     |   4 +-
 vendor/modules.txt                            |   7 +-
 65 files changed, 5603 insertions(+), 3850 deletions(-)
 create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2b.go
 create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go
 create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s
 create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go
 create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s
 create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2b_generic.go
 create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2b_ref.go
 create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2x.go
 create mode 100644 vendor/golang.org/x/crypto/blake2b/register.go
 create mode 100644 vendor/golang.org/x/crypto/blowfish/block.go
 create mode 100644 vendor/golang.org/x/crypto/blowfish/cipher.go
 create mode 100644 vendor/golang.org/x/crypto/blowfish/const.go
 create mode 100644 vendor/golang.org/x/crypto/chacha20/chacha_arm64.go
 rename vendor/golang.org/x/crypto/{internal/chacha20/asm_arm64.s => chacha20/chacha_arm64.s} (99%)
 create mode 100644 vendor/golang.org/x/crypto/chacha20/chacha_generic.go
 rename vendor/golang.org/x/crypto/{internal => }/chacha20/chacha_noasm.go (50%)
 create mode 100644 vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go
 rename vendor/golang.org/x/crypto/{internal/chacha20/asm_ppc64le.s => chacha20/chacha_ppc64le.s} (95%)
 create mode 100644 vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
 rename vendor/golang.org/x/crypto/{internal => }/chacha20/chacha_s390x.s (87%)
 rename vendor/golang.org/x/crypto/{internal => }/chacha20/xor.go (73%)
 delete mode 100644 vendor/golang.org/x/crypto/curve25519/const_amd64.h
 delete mode 100644 vendor/golang.org/x/crypto/curve25519/const_amd64.s
 delete mode 100644 vendor/golang.org/x/crypto/curve25519/cswap_amd64.s
 rename vendor/golang.org/x/crypto/curve25519/{mont25519_amd64.go => curve25519_amd64.go} (99%)
 rename vendor/golang.org/x/crypto/curve25519/{ladderstep_amd64.s => curve25519_amd64.s} (76%)
 create mode 100644 vendor/golang.org/x/crypto/curve25519/curve25519_generic.go
 create mode 100644 vendor/golang.org/x/crypto/curve25519/curve25519_noasm.go
 delete mode 100644 vendor/golang.org/x/crypto/curve25519/doc.go
 delete mode 100644 vendor/golang.org/x/crypto/curve25519/freeze_amd64.s
 delete mode 100644 vendor/golang.org/x/crypto/curve25519/mul_amd64.s
 delete mode 100644 vendor/golang.org/x/crypto/curve25519/square_amd64.s
 delete mode 100644 vendor/golang.org/x/crypto/internal/chacha20/chacha_arm64.go
 delete mode 100644 vendor/golang.org/x/crypto/internal/chacha20/chacha_generic.go
 delete mode 100644 vendor/golang.org/x/crypto/internal/chacha20/chacha_ppc64le.go
 delete mode 100644 vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.go
 create mode 100644 vendor/golang.org/x/crypto/poly1305/bits_compat.go
 create mode 100644 vendor/golang.org/x/crypto/poly1305/bits_go1.13.go
 delete mode 100644 vendor/golang.org/x/crypto/poly1305/sum_arm.go
 delete mode 100644 vendor/golang.org/x/crypto/poly1305/sum_arm.s
 delete mode 100644 vendor/golang.org/x/crypto/poly1305/sum_noasm.go
 delete mode 100644 vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s
 create mode 100644 vendor/golang.org/x/crypto/ssh/internal/bcrypt_pbkdf/bcrypt_pbkdf.go

diff --git a/go.mod b/go.mod
index c849d998..c40affcb 100644
--- a/go.mod
+++ b/go.mod
@@ -58,7 +58,7 @@ require (
 	github.com/stretchr/testify v1.3.0
 	github.com/tinylib/msgp v1.1.0 // indirect
 	github.com/xo/dburl v0.0.0-20191005012637-293c3298d6c0
-	golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
+	golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9
 	golang.org/x/net v0.0.0-20191014212845-da9a3fd4c582
 	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 // indirect
 	golang.org/x/sync v0.0.0-20190423024810-112230192c58
diff --git a/go.sum b/go.sum
index 4a33c5ab..ec31440a 100644
--- a/go.sum
+++ b/go.sum
@@ -204,6 +204,8 @@ golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9 h1:vEg9joUBmeBcK9iSJftGNf3coIG4HqZElCPehJsfAYM=
+golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b.go b/vendor/golang.org/x/crypto/blake2b/blake2b.go
new file mode 100644
index 00000000..d2e98d42
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b.go
@@ -0,0 +1,291 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package blake2b implements the BLAKE2b hash algorithm defined by RFC 7693
+// and the extendable output function (XOF) BLAKE2Xb.
+//
+// BLAKE2b is optimized for 64-bit platforms—including NEON-enabled ARMs—and
+// produces digests of any size between 1 and 64 bytes.
+// For a detailed specification of BLAKE2b see https://blake2.net/blake2.pdf
+// and for BLAKE2Xb see https://blake2.net/blake2x.pdf
+//
+// If you aren't sure which function you need, use BLAKE2b (Sum512 or New512).
+// If you need a secret-key MAC (message authentication code), use the New512
+// function with a non-nil key.
+//
+// BLAKE2X is a construction to compute hash values larger than 64 bytes. It
+// can produce hash values between 0 and 4 GiB.
+package blake2b
+
+import (
+	"encoding/binary"
+	"errors"
+	"hash"
+)
+
+const (
+	// The blocksize of BLAKE2b in bytes.
+	BlockSize = 128
+	// The hash size of BLAKE2b-512 in bytes.
+	Size = 64
+	// The hash size of BLAKE2b-384 in bytes.
+	Size384 = 48
+	// The hash size of BLAKE2b-256 in bytes.
+	Size256 = 32
+)
+
+var (
+	useAVX2 bool
+	useAVX  bool
+	useSSE4 bool
+)
+
+var (
+	errKeySize  = errors.New("blake2b: invalid key size")
+	errHashSize = errors.New("blake2b: invalid hash size")
+)
+
+var iv = [8]uint64{
+	0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1,
+	0x510e527fade682d1, 0x9b05688c2b3e6c1f, 0x1f83d9abfb41bd6b, 0x5be0cd19137e2179,
+}
+
+// Sum512 returns the BLAKE2b-512 checksum of the data.
+func Sum512(data []byte) [Size]byte {
+	var sum [Size]byte
+	checkSum(&sum, Size, data)
+	return sum
+}
+
+// Sum384 returns the BLAKE2b-384 checksum of the data.
+func Sum384(data []byte) [Size384]byte {
+	var sum [Size]byte
+	var sum384 [Size384]byte
+	checkSum(&sum, Size384, data)
+	copy(sum384[:], sum[:Size384])
+	return sum384
+}
+
+// Sum256 returns the BLAKE2b-256 checksum of the data.
+func Sum256(data []byte) [Size256]byte {
+	var sum [Size]byte
+	var sum256 [Size256]byte
+	checkSum(&sum, Size256, data)
+	copy(sum256[:], sum[:Size256])
+	return sum256
+}
+
+// New512 returns a new hash.Hash computing the BLAKE2b-512 checksum. A non-nil
+// key turns the hash into a MAC. The key must be between zero and 64 bytes long.
+func New512(key []byte) (hash.Hash, error) { return newDigest(Size, key) }
+
+// New384 returns a new hash.Hash computing the BLAKE2b-384 checksum. A non-nil
+// key turns the hash into a MAC. The key must be between zero and 64 bytes long.
+func New384(key []byte) (hash.Hash, error) { return newDigest(Size384, key) }
+
+// New256 returns a new hash.Hash computing the BLAKE2b-256 checksum. A non-nil
+// key turns the hash into a MAC. The key must be between zero and 64 bytes long.
+func New256(key []byte) (hash.Hash, error) { return newDigest(Size256, key) }
+
+// New returns a new hash.Hash computing the BLAKE2b checksum with a custom length.
+// A non-nil key turns the hash into a MAC. The key must be between zero and 64 bytes long.
+// The hash size can be a value between 1 and 64 but it is highly recommended to use
+// values equal or greater than:
+// - 32 if BLAKE2b is used as a hash function (The key is zero bytes long).
+// - 16 if BLAKE2b is used as a MAC function (The key is at least 16 bytes long).
+// When the key is nil, the returned hash.Hash implements BinaryMarshaler
+// and BinaryUnmarshaler for state (de)serialization as documented by hash.Hash.
+func New(size int, key []byte) (hash.Hash, error) { return newDigest(size, key) }
+
+func newDigest(hashSize int, key []byte) (*digest, error) {
+	if hashSize < 1 || hashSize > Size {
+		return nil, errHashSize
+	}
+	if len(key) > Size {
+		return nil, errKeySize
+	}
+	d := &digest{
+		size:   hashSize,
+		keyLen: len(key),
+	}
+	copy(d.key[:], key)
+	d.Reset()
+	return d, nil
+}
+
+func checkSum(sum *[Size]byte, hashSize int, data []byte) {
+	h := iv
+	h[0] ^= uint64(hashSize) | (1 << 16) | (1 << 24)
+	var c [2]uint64
+
+	if length := len(data); length > BlockSize {
+		n := length &^ (BlockSize - 1)
+		if length == n {
+			n -= BlockSize
+		}
+		hashBlocks(&h, &c, 0, data[:n])
+		data = data[n:]
+	}
+
+	var block [BlockSize]byte
+	offset := copy(block[:], data)
+	remaining := uint64(BlockSize - offset)
+	if c[0] < remaining {
+		c[1]--
+	}
+	c[0] -= remaining
+
+	hashBlocks(&h, &c, 0xFFFFFFFFFFFFFFFF, block[:])
+
+	for i, v := range h[:(hashSize+7)/8] {
+		binary.LittleEndian.PutUint64(sum[8*i:], v)
+	}
+}
+
+type digest struct {
+	h      [8]uint64
+	c      [2]uint64
+	size   int
+	block  [BlockSize]byte
+	offset int
+
+	key    [BlockSize]byte
+	keyLen int
+}
+
+const (
+	magic         = "b2b"
+	marshaledSize = len(magic) + 8*8 + 2*8 + 1 + BlockSize + 1
+)
+
+func (d *digest) MarshalBinary() ([]byte, error) {
+	if d.keyLen != 0 {
+		return nil, errors.New("crypto/blake2b: cannot marshal MACs")
+	}
+	b := make([]byte, 0, marshaledSize)
+	b = append(b, magic...)
+	for i := 0; i < 8; i++ {
+		b = appendUint64(b, d.h[i])
+	}
+	b = appendUint64(b, d.c[0])
+	b = appendUint64(b, d.c[1])
+	// Maximum value for size is 64
+	b = append(b, byte(d.size))
+	b = append(b, d.block[:]...)
+	b = append(b, byte(d.offset))
+	return b, nil
+}
+
+func (d *digest) UnmarshalBinary(b []byte) error {
+	if len(b) < len(magic) || string(b[:len(magic)]) != magic {
+		return errors.New("crypto/blake2b: invalid hash state identifier")
+	}
+	if len(b) != marshaledSize {
+		return errors.New("crypto/blake2b: invalid hash state size")
+	}
+	b = b[len(magic):]
+	for i := 0; i < 8; i++ {
+		b, d.h[i] = consumeUint64(b)
+	}
+	b, d.c[0] = consumeUint64(b)
+	b, d.c[1] = consumeUint64(b)
+	d.size = int(b[0])
+	b = b[1:]
+	copy(d.block[:], b[:BlockSize])
+	b = b[BlockSize:]
+	d.offset = int(b[0])
+	return nil
+}
+
+func (d *digest) BlockSize() int { return BlockSize }
+
+func (d *digest) Size() int { return d.size }
+
+func (d *digest) Reset() {
+	d.h = iv
+	d.h[0] ^= uint64(d.size) | (uint64(d.keyLen) << 8) | (1 << 16) | (1 << 24)
+	d.offset, d.c[0], d.c[1] = 0, 0, 0
+	if d.keyLen > 0 {
+		d.block = d.key
+		d.offset = BlockSize
+	}
+}
+
+func (d *digest) Write(p []byte) (n int, err error) {
+	n = len(p)
+
+	if d.offset > 0 {
+		remaining := BlockSize - d.offset
+		if n <= remaining {
+			d.offset += copy(d.block[d.offset:], p)
+			return
+		}
+		copy(d.block[d.offset:], p[:remaining])
+		hashBlocks(&d.h, &d.c, 0, d.block[:])
+		d.offset = 0
+		p = p[remaining:]
+	}
+
+	if length := len(p); length > BlockSize {
+		nn := length &^ (BlockSize - 1)
+		if length == nn {
+			nn -= BlockSize
+		}
+		hashBlocks(&d.h, &d.c, 0, p[:nn])
+		p = p[nn:]
+	}
+
+	if len(p) > 0 {
+		d.offset += copy(d.block[:], p)
+	}
+
+	return
+}
+
+func (d *digest) Sum(sum []byte) []byte {
+	var hash [Size]byte
+	d.finalize(&hash)
+	return append(sum, hash[:d.size]...)
+}
+
+func (d *digest) finalize(hash *[Size]byte) {
+	var block [BlockSize]byte
+	copy(block[:], d.block[:d.offset])
+	remaining := uint64(BlockSize - d.offset)
+
+	c := d.c
+	if c[0] < remaining {
+		c[1]--
+	}
+	c[0] -= remaining
+
+	h := d.h
+	hashBlocks(&h, &c, 0xFFFFFFFFFFFFFFFF, block[:])
+
+	for i, v := range h {
+		binary.LittleEndian.PutUint64(hash[8*i:], v)
+	}
+}
+
+func appendUint64(b []byte, x uint64) []byte {
+	var a [8]byte
+	binary.BigEndian.PutUint64(a[:], x)
+	return append(b, a[:]...)
+}
+
+func appendUint32(b []byte, x uint32) []byte {
+	var a [4]byte
+	binary.BigEndian.PutUint32(a[:], x)
+	return append(b, a[:]...)
+}
+
+func consumeUint64(b []byte) ([]byte, uint64) {
+	x := binary.BigEndian.Uint64(b)
+	return b[8:], x
+}
+
+func consumeUint32(b []byte) ([]byte, uint32) {
+	x := binary.BigEndian.Uint32(b)
+	return b[4:], x
+}
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go
new file mode 100644
index 00000000..4d31dd0f
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go
@@ -0,0 +1,37 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build go1.7,amd64,!gccgo,!appengine
+
+package blake2b
+
+import "golang.org/x/sys/cpu"
+
+func init() {
+	useAVX2 = cpu.X86.HasAVX2
+	useAVX = cpu.X86.HasAVX
+	useSSE4 = cpu.X86.HasSSE41
+}
+
+//go:noescape
+func hashBlocksAVX2(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
+
+//go:noescape
+func hashBlocksAVX(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
+
+//go:noescape
+func hashBlocksSSE4(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
+
+func hashBlocks(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) {
+	switch {
+	case useAVX2:
+		hashBlocksAVX2(h, c, flag, blocks)
+	case useAVX:
+		hashBlocksAVX(h, c, flag, blocks)
+	case useSSE4:
+		hashBlocksSSE4(h, c, flag, blocks)
+	default:
+		hashBlocksGeneric(h, c, flag, blocks)
+	}
+}
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s
new file mode 100644
index 00000000..5593b1b3
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s
@@ -0,0 +1,750 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build go1.7,amd64,!gccgo,!appengine
+
+#include "textflag.h"
+
+DATA ·AVX2_iv0<>+0x00(SB)/8, $0x6a09e667f3bcc908
+DATA ·AVX2_iv0<>+0x08(SB)/8, $0xbb67ae8584caa73b
+DATA ·AVX2_iv0<>+0x10(SB)/8, $0x3c6ef372fe94f82b
+DATA ·AVX2_iv0<>+0x18(SB)/8, $0xa54ff53a5f1d36f1
+GLOBL ·AVX2_iv0<>(SB), (NOPTR+RODATA), $32
+
+DATA ·AVX2_iv1<>+0x00(SB)/8, $0x510e527fade682d1
+DATA ·AVX2_iv1<>+0x08(SB)/8, $0x9b05688c2b3e6c1f
+DATA ·AVX2_iv1<>+0x10(SB)/8, $0x1f83d9abfb41bd6b
+DATA ·AVX2_iv1<>+0x18(SB)/8, $0x5be0cd19137e2179
+GLOBL ·AVX2_iv1<>(SB), (NOPTR+RODATA), $32
+
+DATA ·AVX2_c40<>+0x00(SB)/8, $0x0201000706050403
+DATA ·AVX2_c40<>+0x08(SB)/8, $0x0a09080f0e0d0c0b
+DATA ·AVX2_c40<>+0x10(SB)/8, $0x0201000706050403
+DATA ·AVX2_c40<>+0x18(SB)/8, $0x0a09080f0e0d0c0b
+GLOBL ·AVX2_c40<>(SB), (NOPTR+RODATA), $32
+
+DATA ·AVX2_c48<>+0x00(SB)/8, $0x0100070605040302
+DATA ·AVX2_c48<>+0x08(SB)/8, $0x09080f0e0d0c0b0a
+DATA ·AVX2_c48<>+0x10(SB)/8, $0x0100070605040302
+DATA ·AVX2_c48<>+0x18(SB)/8, $0x09080f0e0d0c0b0a
+GLOBL ·AVX2_c48<>(SB), (NOPTR+RODATA), $32
+
+DATA ·AVX_iv0<>+0x00(SB)/8, $0x6a09e667f3bcc908
+DATA ·AVX_iv0<>+0x08(SB)/8, $0xbb67ae8584caa73b
+GLOBL ·AVX_iv0<>(SB), (NOPTR+RODATA), $16
+
+DATA ·AVX_iv1<>+0x00(SB)/8, $0x3c6ef372fe94f82b
+DATA ·AVX_iv1<>+0x08(SB)/8, $0xa54ff53a5f1d36f1
+GLOBL ·AVX_iv1<>(SB), (NOPTR+RODATA), $16
+
+DATA ·AVX_iv2<>+0x00(SB)/8, $0x510e527fade682d1
+DATA ·AVX_iv2<>+0x08(SB)/8, $0x9b05688c2b3e6c1f
+GLOBL ·AVX_iv2<>(SB), (NOPTR+RODATA), $16
+
+DATA ·AVX_iv3<>+0x00(SB)/8, $0x1f83d9abfb41bd6b
+DATA ·AVX_iv3<>+0x08(SB)/8, $0x5be0cd19137e2179
+GLOBL ·AVX_iv3<>(SB), (NOPTR+RODATA), $16
+
+DATA ·AVX_c40<>+0x00(SB)/8, $0x0201000706050403
+DATA ·AVX_c40<>+0x08(SB)/8, $0x0a09080f0e0d0c0b
+GLOBL ·AVX_c40<>(SB), (NOPTR+RODATA), $16
+
+DATA ·AVX_c48<>+0x00(SB)/8, $0x0100070605040302
+DATA ·AVX_c48<>+0x08(SB)/8, $0x09080f0e0d0c0b0a
+GLOBL ·AVX_c48<>(SB), (NOPTR+RODATA), $16
+
+#define VPERMQ_0x39_Y1_Y1 BYTE $0xc4; BYTE $0xe3; BYTE $0xfd; BYTE $0x00; BYTE $0xc9; BYTE $0x39
+#define VPERMQ_0x93_Y1_Y1 BYTE $0xc4; BYTE $0xe3; BYTE $0xfd; BYTE $0x00; BYTE $0xc9; BYTE $0x93
+#define VPERMQ_0x4E_Y2_Y2 BYTE $0xc4; BYTE $0xe3; BYTE $0xfd; BYTE $0x00; BYTE $0xd2; BYTE $0x4e
+#define VPERMQ_0x93_Y3_Y3 BYTE $0xc4; BYTE $0xe3; BYTE $0xfd; BYTE $0x00; BYTE $0xdb; BYTE $0x93
+#define VPERMQ_0x39_Y3_Y3 BYTE $0xc4; BYTE $0xe3; BYTE $0xfd; BYTE $0x00; BYTE $0xdb; BYTE $0x39
+
+#define ROUND_AVX2(m0, m1, m2, m3, t, c40, c48) \
+	VPADDQ  m0, Y0, Y0;   \
+	VPADDQ  Y1, Y0, Y0;   \
+	VPXOR   Y0, Y3, Y3;   \
+	VPSHUFD $-79, Y3, Y3; \
+	VPADDQ  Y3, Y2, Y2;   \
+	VPXOR   Y2, Y1, Y1;   \
+	VPSHUFB c40, Y1, Y1;  \
+	VPADDQ  m1, Y0, Y0;   \
+	VPADDQ  Y1, Y0, Y0;   \
+	VPXOR   Y0, Y3, Y3;   \
+	VPSHUFB c48, Y3, Y3;  \
+	VPADDQ  Y3, Y2, Y2;   \
+	VPXOR   Y2, Y1, Y1;   \
+	VPADDQ  Y1, Y1, t;    \
+	VPSRLQ  $63, Y1, Y1;  \
+	VPXOR   t, Y1, Y1;    \
+	VPERMQ_0x39_Y1_Y1;    \
+	VPERMQ_0x4E_Y2_Y2;    \
+	VPERMQ_0x93_Y3_Y3;    \
+	VPADDQ  m2, Y0, Y0;   \
+	VPADDQ  Y1, Y0, Y0;   \
+	VPXOR   Y0, Y3, Y3;   \
+	VPSHUFD $-79, Y3, Y3; \
+	VPADDQ  Y3, Y2, Y2;   \
+	VPXOR   Y2, Y1, Y1;   \
+	VPSHUFB c40, Y1, Y1;  \
+	VPADDQ  m3, Y0, Y0;   \
+	VPADDQ  Y1, Y0, Y0;   \
+	VPXOR   Y0, Y3, Y3;   \
+	VPSHUFB c48, Y3, Y3;  \
+	VPADDQ  Y3, Y2, Y2;   \
+	VPXOR   Y2, Y1, Y1;   \
+	VPADDQ  Y1, Y1, t;    \
+	VPSRLQ  $63, Y1, Y1;  \
+	VPXOR   t, Y1, Y1;    \
+	VPERMQ_0x39_Y3_Y3;    \
+	VPERMQ_0x4E_Y2_Y2;    \
+	VPERMQ_0x93_Y1_Y1
+
+#define VMOVQ_SI_X11_0 BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x1E
+#define VMOVQ_SI_X12_0 BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x26
+#define VMOVQ_SI_X13_0 BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x2E
+#define VMOVQ_SI_X14_0 BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x36
+#define VMOVQ_SI_X15_0 BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x3E
+
+#define VMOVQ_SI_X11(n) BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x5E; BYTE $n
+#define VMOVQ_SI_X12(n) BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x66; BYTE $n
+#define VMOVQ_SI_X13(n) BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x6E; BYTE $n
+#define VMOVQ_SI_X14(n) BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x76; BYTE $n
+#define VMOVQ_SI_X15(n) BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x7E; BYTE $n
+
+#define VPINSRQ_1_SI_X11_0 BYTE $0xC4; BYTE $0x63; BYTE $0xA1; BYTE $0x22; BYTE $0x1E; BYTE $0x01
+#define VPINSRQ_1_SI_X12_0 BYTE $0xC4; BYTE $0x63; BYTE $0x99; BYTE $0x22; BYTE $0x26; BYTE $0x01
+#define VPINSRQ_1_SI_X13_0 BYTE $0xC4; BYTE $0x63; BYTE $0x91; BYTE $0x22; BYTE $0x2E; BYTE $0x01
+#define VPINSRQ_1_SI_X14_0 BYTE $0xC4; BYTE $0x63; BYTE $0x89; BYTE $0x22; BYTE $0x36; BYTE $0x01
+#define VPINSRQ_1_SI_X15_0 BYTE $0xC4; BYTE $0x63; BYTE $0x81; BYTE $0x22; BYTE $0x3E; BYTE $0x01
+
+#define VPINSRQ_1_SI_X11(n) BYTE $0xC4; BYTE $0x63; BYTE $0xA1; BYTE $0x22; BYTE $0x5E; BYTE $n; BYTE $0x01
+#define VPINSRQ_1_SI_X12(n) BYTE $0xC4; BYTE $0x63; BYTE $0x99; BYTE $0x22; BYTE $0x66; BYTE $n; BYTE $0x01
+#define VPINSRQ_1_SI_X13(n) BYTE $0xC4; BYTE $0x63; BYTE $0x91; BYTE $0x22; BYTE $0x6E; BYTE $n; BYTE $0x01
+#define VPINSRQ_1_SI_X14(n) BYTE $0xC4; BYTE $0x63; BYTE $0x89; BYTE $0x22; BYTE $0x76; BYTE $n; BYTE $0x01
+#define VPINSRQ_1_SI_X15(n) BYTE $0xC4; BYTE $0x63; BYTE $0x81; BYTE $0x22; BYTE $0x7E; BYTE $n; BYTE $0x01
+
+#define VMOVQ_R8_X15 BYTE $0xC4; BYTE $0x41; BYTE $0xF9; BYTE $0x6E; BYTE $0xF8
+#define VPINSRQ_1_R9_X15 BYTE $0xC4; BYTE $0x43; BYTE $0x81; BYTE $0x22; BYTE $0xF9; BYTE $0x01
+
+// load msg: Y12 = (i0, i1, i2, i3)
+// i0, i1, i2, i3 must not be 0
+#define LOAD_MSG_AVX2_Y12(i0, i1, i2, i3) \
+	VMOVQ_SI_X12(i0*8);           \
+	VMOVQ_SI_X11(i2*8);           \
+	VPINSRQ_1_SI_X12(i1*8);       \
+	VPINSRQ_1_SI_X11(i3*8);       \
+	VINSERTI128 $1, X11, Y12, Y12
+
+// load msg: Y13 = (i0, i1, i2, i3)
+// i0, i1, i2, i3 must not be 0
+#define LOAD_MSG_AVX2_Y13(i0, i1, i2, i3) \
+	VMOVQ_SI_X13(i0*8);           \
+	VMOVQ_SI_X11(i2*8);           \
+	VPINSRQ_1_SI_X13(i1*8);       \
+	VPINSRQ_1_SI_X11(i3*8);       \
+	VINSERTI128 $1, X11, Y13, Y13
+
+// load msg: Y14 = (i0, i1, i2, i3)
+// i0, i1, i2, i3 must not be 0
+#define LOAD_MSG_AVX2_Y14(i0, i1, i2, i3) \
+	VMOVQ_SI_X14(i0*8);           \
+	VMOVQ_SI_X11(i2*8);           \
+	VPINSRQ_1_SI_X14(i1*8);       \
+	VPINSRQ_1_SI_X11(i3*8);       \
+	VINSERTI128 $1, X11, Y14, Y14
+
+// load msg: Y15 = (i0, i1, i2, i3)
+// i0, i1, i2, i3 must not be 0
+#define LOAD_MSG_AVX2_Y15(i0, i1, i2, i3) \
+	VMOVQ_SI_X15(i0*8);           \
+	VMOVQ_SI_X11(i2*8);           \
+	VPINSRQ_1_SI_X15(i1*8);       \
+	VPINSRQ_1_SI_X11(i3*8);       \
+	VINSERTI128 $1, X11, Y15, Y15
+
+#define LOAD_MSG_AVX2_0_2_4_6_1_3_5_7_8_10_12_14_9_11_13_15() \
+	VMOVQ_SI_X12_0;                   \
+	VMOVQ_SI_X11(4*8);                \
+	VPINSRQ_1_SI_X12(2*8);            \
+	VPINSRQ_1_SI_X11(6*8);            \
+	VINSERTI128 $1, X11, Y12, Y12;    \
+	LOAD_MSG_AVX2_Y13(1, 3, 5, 7);    \
+	LOAD_MSG_AVX2_Y14(8, 10, 12, 14); \
+	LOAD_MSG_AVX2_Y15(9, 11, 13, 15)
+
+#define LOAD_MSG_AVX2_14_4_9_13_10_8_15_6_1_0_11_5_12_2_7_3() \
+	LOAD_MSG_AVX2_Y12(14, 4, 9, 13); \
+	LOAD_MSG_AVX2_Y13(10, 8, 15, 6); \
+	VMOVQ_SI_X11(11*8);              \
+	VPSHUFD     $0x4E, 0*8(SI), X14; \
+	VPINSRQ_1_SI_X11(5*8);           \
+	VINSERTI128 $1, X11, Y14, Y14;   \
+	LOAD_MSG_AVX2_Y15(12, 2, 7, 3)
+
+#define LOAD_MSG_AVX2_11_12_5_15_8_0_2_13_10_3_7_9_14_6_1_4() \
+	VMOVQ_SI_X11(5*8);              \
+	VMOVDQU     11*8(SI), X12;      \
+	VPINSRQ_1_SI_X11(15*8);         \
+	VINSERTI128 $1, X11, Y12, Y12;  \
+	VMOVQ_SI_X13(8*8);              \
+	VMOVQ_SI_X11(2*8);              \
+	VPINSRQ_1_SI_X13_0;             \
+	VPINSRQ_1_SI_X11(13*8);         \
+	VINSERTI128 $1, X11, Y13, Y13;  \
+	LOAD_MSG_AVX2_Y14(10, 3, 7, 9); \
+	LOAD_MSG_AVX2_Y15(14, 6, 1, 4)
+
+#define LOAD_MSG_AVX2_7_3_13_11_9_1_12_14_2_5_4_15_6_10_0_8() \
+	LOAD_MSG_AVX2_Y12(7, 3, 13, 11); \
+	LOAD_MSG_AVX2_Y13(9, 1, 12, 14); \
+	LOAD_MSG_AVX2_Y14(2, 5, 4, 15);  \
+	VMOVQ_SI_X15(6*8);               \
+	VMOVQ_SI_X11_0;                  \
+	VPINSRQ_1_SI_X15(10*8);          \
+	VPINSRQ_1_SI_X11(8*8);           \
+	VINSERTI128 $1, X11, Y15, Y15
+
+#define LOAD_MSG_AVX2_9_5_2_10_0_7_4_15_14_11_6_3_1_12_8_13() \
+	LOAD_MSG_AVX2_Y12(9, 5, 2, 10);  \
+	VMOVQ_SI_X13_0;                  \
+	VMOVQ_SI_X11(4*8);               \
+	VPINSRQ_1_SI_X13(7*8);           \
+	VPINSRQ_1_SI_X11(15*8);          \
+	VINSERTI128 $1, X11, Y13, Y13;   \
+	LOAD_MSG_AVX2_Y14(14, 11, 6, 3); \
+	LOAD_MSG_AVX2_Y15(1, 12, 8, 13)
+
+#define LOAD_MSG_AVX2_2_6_0_8_12_10_11_3_4_7_15_1_13_5_14_9() \
+	VMOVQ_SI_X12(2*8);                \
+	VMOVQ_SI_X11_0;                   \
+	VPINSRQ_1_SI_X12(6*8);            \
+	VPINSRQ_1_SI_X11(8*8);            \
+	VINSERTI128 $1, X11, Y12, Y12;    \
+	LOAD_MSG_AVX2_Y13(12, 10, 11, 3); \
+	LOAD_MSG_AVX2_Y14(4, 7, 15, 1);   \
+	LOAD_MSG_AVX2_Y15(13, 5, 14, 9)
+
+#define LOAD_MSG_AVX2_12_1_14_4_5_15_13_10_0_6_9_8_7_3_2_11() \
+	LOAD_MSG_AVX2_Y12(12, 1, 14, 4);  \
+	LOAD_MSG_AVX2_Y13(5, 15, 13, 10); \
+	VMOVQ_SI_X14_0;                   \
+	VPSHUFD     $0x4E, 8*8(SI), X11;  \
+	VPINSRQ_1_SI_X14(6*8);            \
+	VINSERTI128 $1, X11, Y14, Y14;    \
+	LOAD_MSG_AVX2_Y15(7, 3, 2, 11)
+
+#define LOAD_MSG_AVX2_13_7_12_3_11_14_1_9_5_15_8_2_0_4_6_10() \
+	LOAD_MSG_AVX2_Y12(13, 7, 12, 3); \
+	LOAD_MSG_AVX2_Y13(11, 14, 1, 9); \
+	LOAD_MSG_AVX2_Y14(5, 15, 8, 2);  \
+	VMOVQ_SI_X15_0;                  \
+	VMOVQ_SI_X11(6*8);               \
+	VPINSRQ_1_SI_X15(4*8);           \
+	VPINSRQ_1_SI_X11(10*8);          \
+	VINSERTI128 $1, X11, Y15, Y15
+
+#define LOAD_MSG_AVX2_6_14_11_0_15_9_3_8_12_13_1_10_2_7_4_5() \
+	VMOVQ_SI_X12(6*8);              \
+	VMOVQ_SI_X11(11*8);             \
+	VPINSRQ_1_SI_X12(14*8);         \
+	VPINSRQ_1_SI_X11_0;             \
+	VINSERTI128 $1, X11, Y12, Y12;  \
+	LOAD_MSG_AVX2_Y13(15, 9, 3, 8); \
+	VMOVQ_SI_X11(1*8);              \
+	VMOVDQU     12*8(SI), X14;      \
+	VPINSRQ_1_SI_X11(10*8);         \
+	VINSERTI128 $1, X11, Y14, Y14;  \
+	VMOVQ_SI_X15(2*8);              \
+	VMOVDQU     4*8(SI), X11;       \
+	VPINSRQ_1_SI_X15(7*8);          \
+	VINSERTI128 $1, X11, Y15, Y15
+
+#define LOAD_MSG_AVX2_10_8_7_1_2_4_6_5_15_9_3_13_11_14_12_0() \
+	LOAD_MSG_AVX2_Y12(10, 8, 7, 1);  \
+	VMOVQ_SI_X13(2*8);               \
+	VPSHUFD     $0x4E, 5*8(SI), X11; \
+	VPINSRQ_1_SI_X13(4*8);           \
+	VINSERTI128 $1, X11, Y13, Y13;   \
+	LOAD_MSG_AVX2_Y14(15, 9, 3, 13); \
+	VMOVQ_SI_X15(11*8);              \
+	VMOVQ_SI_X11(12*8);              \
+	VPINSRQ_1_SI_X15(14*8);          \
+	VPINSRQ_1_SI_X11_0;              \
+	VINSERTI128 $1, X11, Y15, Y15
+
+// func hashBlocksAVX2(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
+TEXT ·hashBlocksAVX2(SB), 4, $320-48 // frame size = 288 + 32 byte alignment
+	MOVQ h+0(FP), AX
+	MOVQ c+8(FP), BX
+	MOVQ flag+16(FP), CX
+	MOVQ blocks_base+24(FP), SI
+	MOVQ blocks_len+32(FP), DI
+
+	MOVQ SP, DX
+	MOVQ SP, R9
+	ADDQ $31, R9
+	ANDQ $~31, R9
+	MOVQ R9, SP
+
+	MOVQ CX, 16(SP)
+	XORQ CX, CX
+	MOVQ CX, 24(SP)
+
+	VMOVDQU ·AVX2_c40<>(SB), Y4
+	VMOVDQU ·AVX2_c48<>(SB), Y5
+
+	VMOVDQU 0(AX), Y8
+	VMOVDQU 32(AX), Y9
+	VMOVDQU ·AVX2_iv0<>(SB), Y6
+	VMOVDQU ·AVX2_iv1<>(SB), Y7
+
+	MOVQ 0(BX), R8
+	MOVQ 8(BX), R9
+	MOVQ R9, 8(SP)
+
+loop:
+	ADDQ $128, R8
+	MOVQ R8, 0(SP)
+	CMPQ R8, $128
+	JGE  noinc
+	INCQ R9
+	MOVQ R9, 8(SP)
+
+noinc:
+	VMOVDQA Y8, Y0
+	VMOVDQA Y9, Y1
+	VMOVDQA Y6, Y2
+	VPXOR   0(SP), Y7, Y3
+
+	LOAD_MSG_AVX2_0_2_4_6_1_3_5_7_8_10_12_14_9_11_13_15()
+	VMOVDQA Y12, 32(SP)
+	VMOVDQA Y13, 64(SP)
+	VMOVDQA Y14, 96(SP)
+	VMOVDQA Y15, 128(SP)
+	ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
+	LOAD_MSG_AVX2_14_4_9_13_10_8_15_6_1_0_11_5_12_2_7_3()
+	VMOVDQA Y12, 160(SP)
+	VMOVDQA Y13, 192(SP)
+	VMOVDQA Y14, 224(SP)
+	VMOVDQA Y15, 256(SP)
+
+	ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
+	LOAD_MSG_AVX2_11_12_5_15_8_0_2_13_10_3_7_9_14_6_1_4()
+	ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
+	LOAD_MSG_AVX2_7_3_13_11_9_1_12_14_2_5_4_15_6_10_0_8()
+	ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
+	LOAD_MSG_AVX2_9_5_2_10_0_7_4_15_14_11_6_3_1_12_8_13()
+	ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
+	LOAD_MSG_AVX2_2_6_0_8_12_10_11_3_4_7_15_1_13_5_14_9()
+	ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
+	LOAD_MSG_AVX2_12_1_14_4_5_15_13_10_0_6_9_8_7_3_2_11()
+	ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
+	LOAD_MSG_AVX2_13_7_12_3_11_14_1_9_5_15_8_2_0_4_6_10()
+	ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
+	LOAD_MSG_AVX2_6_14_11_0_15_9_3_8_12_13_1_10_2_7_4_5()
+	ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
+	LOAD_MSG_AVX2_10_8_7_1_2_4_6_5_15_9_3_13_11_14_12_0()
+	ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
+
+	ROUND_AVX2(32(SP), 64(SP), 96(SP), 128(SP), Y10, Y4, Y5)
+	ROUND_AVX2(160(SP), 192(SP), 224(SP), 256(SP), Y10, Y4, Y5)
+
+	VPXOR Y0, Y8, Y8
+	VPXOR Y1, Y9, Y9
+	VPXOR Y2, Y8, Y8
+	VPXOR Y3, Y9, Y9
+
+	LEAQ 128(SI), SI
+	SUBQ $128, DI
+	JNE  loop
+
+	MOVQ R8, 0(BX)
+	MOVQ R9, 8(BX)
+
+	VMOVDQU Y8, 0(AX)
+	VMOVDQU Y9, 32(AX)
+	VZEROUPPER
+
+	MOVQ DX, SP
+	RET
+
+#define VPUNPCKLQDQ_X2_X2_X15 BYTE $0xC5; BYTE $0x69; BYTE $0x6C; BYTE $0xFA
+#define VPUNPCKLQDQ_X3_X3_X15 BYTE $0xC5; BYTE $0x61; BYTE $0x6C; BYTE $0xFB
+#define VPUNPCKLQDQ_X7_X7_X15 BYTE $0xC5; BYTE $0x41; BYTE $0x6C; BYTE $0xFF
+#define VPUNPCKLQDQ_X13_X13_X15 BYTE $0xC4; BYTE $0x41; BYTE $0x11; BYTE $0x6C; BYTE $0xFD
+#define VPUNPCKLQDQ_X14_X14_X15 BYTE $0xC4; BYTE $0x41; BYTE $0x09; BYTE $0x6C; BYTE $0xFE
+
+#define VPUNPCKHQDQ_X15_X2_X2 BYTE $0xC4; BYTE $0xC1; BYTE $0x69; BYTE $0x6D; BYTE $0xD7
+#define VPUNPCKHQDQ_X15_X3_X3 BYTE $0xC4; BYTE $0xC1; BYTE $0x61; BYTE $0x6D; BYTE $0xDF
+#define VPUNPCKHQDQ_X15_X6_X6 BYTE $0xC4; BYTE $0xC1; BYTE $0x49; BYTE $0x6D; BYTE $0xF7
+#define VPUNPCKHQDQ_X15_X7_X7 BYTE $0xC4; BYTE $0xC1; BYTE $0x41; BYTE $0x6D; BYTE $0xFF
+#define VPUNPCKHQDQ_X15_X3_X2 BYTE $0xC4; BYTE $0xC1; BYTE $0x61; BYTE $0x6D; BYTE $0xD7
+#define VPUNPCKHQDQ_X15_X7_X6 BYTE $0xC4; BYTE $0xC1; BYTE $0x41; BYTE $0x6D; BYTE $0xF7
+#define VPUNPCKHQDQ_X15_X13_X3 BYTE $0xC4; BYTE $0xC1; BYTE $0x11; BYTE $0x6D; BYTE $0xDF
+#define VPUNPCKHQDQ_X15_X13_X7 BYTE $0xC4; BYTE $0xC1; BYTE $0x11; BYTE $0x6D; BYTE $0xFF
+
+#define SHUFFLE_AVX() \
+	VMOVDQA X6, X13;         \
+	VMOVDQA X2, X14;         \
+	VMOVDQA X4, X6;          \
+	VPUNPCKLQDQ_X13_X13_X15; \
+	VMOVDQA X5, X4;          \
+	VMOVDQA X6, X5;          \
+	VPUNPCKHQDQ_X15_X7_X6;   \
+	VPUNPCKLQDQ_X7_X7_X15;   \
+	VPUNPCKHQDQ_X15_X13_X7;  \
+	VPUNPCKLQDQ_X3_X3_X15;   \
+	VPUNPCKHQDQ_X15_X2_X2;   \
+	VPUNPCKLQDQ_X14_X14_X15; \
+	VPUNPCKHQDQ_X15_X3_X3;   \
+
+#define SHUFFLE_AVX_INV() \
+	VMOVDQA X2, X13;         \
+	VMOVDQA X4, X14;         \
+	VPUNPCKLQDQ_X2_X2_X15;   \
+	VMOVDQA X5, X4;          \
+	VPUNPCKHQDQ_X15_X3_X2;   \
+	VMOVDQA X14, X5;         \
+	VPUNPCKLQDQ_X3_X3_X15;   \
+	VMOVDQA X6, X14;         \
+	VPUNPCKHQDQ_X15_X13_X3;  \
+	VPUNPCKLQDQ_X7_X7_X15;   \
+	VPUNPCKHQDQ_X15_X6_X6;   \
+	VPUNPCKLQDQ_X14_X14_X15; \
+	VPUNPCKHQDQ_X15_X7_X7;   \
+
+#define HALF_ROUND_AVX(v0, v1, v2, v3, v4, v5, v6, v7, m0, m1, m2, m3, t0, c40, c48) \
+	VPADDQ  m0, v0, v0;   \
+	VPADDQ  v2, v0, v0;   \
+	VPADDQ  m1, v1, v1;   \
+	VPADDQ  v3, v1, v1;   \
+	VPXOR   v0, v6, v6;   \
+	VPXOR   v1, v7, v7;   \
+	VPSHUFD $-79, v6, v6; \
+	VPSHUFD $-79, v7, v7; \
+	VPADDQ  v6, v4, v4;   \
+	VPADDQ  v7, v5, v5;   \
+	VPXOR   v4, v2, v2;   \
+	VPXOR   v5, v3, v3;   \
+	VPSHUFB c40, v2, v2;  \
+	VPSHUFB c40, v3, v3;  \
+	VPADDQ  m2, v0, v0;   \
+	VPADDQ  v2, v0, v0;   \
+	VPADDQ  m3, v1, v1;   \
+	VPADDQ  v3, v1, v1;   \
+	VPXOR   v0, v6, v6;   \
+	VPXOR   v1, v7, v7;   \
+	VPSHUFB c48, v6, v6;  \
+	VPSHUFB c48, v7, v7;  \
+	VPADDQ  v6, v4, v4;   \
+	VPADDQ  v7, v5, v5;   \
+	VPXOR   v4, v2, v2;   \
+	VPXOR   v5, v3, v3;   \
+	VPADDQ  v2, v2, t0;   \
+	VPSRLQ  $63, v2, v2;  \
+	VPXOR   t0, v2, v2;   \
+	VPADDQ  v3, v3, t0;   \
+	VPSRLQ  $63, v3, v3;  \
+	VPXOR   t0, v3, v3
+
+// load msg: X12 = (i0, i1), X13 = (i2, i3), X14 = (i4, i5), X15 = (i6, i7)
+// i0, i1, i2, i3, i4, i5, i6, i7 must not be 0
+#define LOAD_MSG_AVX(i0, i1, i2, i3, i4, i5, i6, i7) \
+	VMOVQ_SI_X12(i0*8);     \
+	VMOVQ_SI_X13(i2*8);     \
+	VMOVQ_SI_X14(i4*8);     \
+	VMOVQ_SI_X15(i6*8);     \
+	VPINSRQ_1_SI_X12(i1*8); \
+	VPINSRQ_1_SI_X13(i3*8); \
+	VPINSRQ_1_SI_X14(i5*8); \
+	VPINSRQ_1_SI_X15(i7*8)
+
+// load msg: X12 = (0, 2), X13 = (4, 6), X14 = (1, 3), X15 = (5, 7)
+#define LOAD_MSG_AVX_0_2_4_6_1_3_5_7() \
+	VMOVQ_SI_X12_0;        \
+	VMOVQ_SI_X13(4*8);     \
+	VMOVQ_SI_X14(1*8);     \
+	VMOVQ_SI_X15(5*8);     \
+	VPINSRQ_1_SI_X12(2*8); \
+	VPINSRQ_1_SI_X13(6*8); \
+	VPINSRQ_1_SI_X14(3*8); \
+	VPINSRQ_1_SI_X15(7*8)
+
+// load msg: X12 = (1, 0), X13 = (11, 5), X14 = (12, 2), X15 = (7, 3)
+#define LOAD_MSG_AVX_1_0_11_5_12_2_7_3() \
+	VPSHUFD $0x4E, 0*8(SI), X12; \
+	VMOVQ_SI_X13(11*8);          \
+	VMOVQ_SI_X14(12*8);          \
+	VMOVQ_SI_X15(7*8);           \
+	VPINSRQ_1_SI_X13(5*8);       \
+	VPINSRQ_1_SI_X14(2*8);       \
+	VPINSRQ_1_SI_X15(3*8)
+
+// load msg: X12 = (11, 12), X13 = (5, 15), X14 = (8, 0), X15 = (2, 13)
+#define LOAD_MSG_AVX_11_12_5_15_8_0_2_13() \
+	VMOVDQU 11*8(SI), X12;  \
+	VMOVQ_SI_X13(5*8);      \
+	VMOVQ_SI_X14(8*8);      \
+	VMOVQ_SI_X15(2*8);      \
+	VPINSRQ_1_SI_X13(15*8); \
+	VPINSRQ_1_SI_X14_0;     \
+	VPINSRQ_1_SI_X15(13*8)
+
+// load msg: X12 = (2, 5), X13 = (4, 15), X14 = (6, 10), X15 = (0, 8)
+#define LOAD_MSG_AVX_2_5_4_15_6_10_0_8() \
+	VMOVQ_SI_X12(2*8);      \
+	VMOVQ_SI_X13(4*8);      \
+	VMOVQ_SI_X14(6*8);      \
+	VMOVQ_SI_X15_0;         \
+	VPINSRQ_1_SI_X12(5*8);  \
+	VPINSRQ_1_SI_X13(15*8); \
+	VPINSRQ_1_SI_X14(10*8); \
+	VPINSRQ_1_SI_X15(8*8)
+
+// load msg: X12 = (9, 5), X13 = (2, 10), X14 = (0, 7), X15 = (4, 15)
+#define LOAD_MSG_AVX_9_5_2_10_0_7_4_15() \
+	VMOVQ_SI_X12(9*8);      \
+	VMOVQ_SI_X13(2*8);      \
+	VMOVQ_SI_X14_0;         \
+	VMOVQ_SI_X15(4*8);      \
+	VPINSRQ_1_SI_X12(5*8);  \
+	VPINSRQ_1_SI_X13(10*8); \
+	VPINSRQ_1_SI_X14(7*8);  \
+	VPINSRQ_1_SI_X15(15*8)
+
+// load msg: X12 = (2, 6), X13 = (0, 8), X14 = (12, 10), X15 = (11, 3)
+#define LOAD_MSG_AVX_2_6_0_8_12_10_11_3() \
+	VMOVQ_SI_X12(2*8);      \
+	VMOVQ_SI_X13_0;         \
+	VMOVQ_SI_X14(12*8);     \
+	VMOVQ_SI_X15(11*8);     \
+	VPINSRQ_1_SI_X12(6*8);  \
+	VPINSRQ_1_SI_X13(8*8);  \
+	VPINSRQ_1_SI_X14(10*8); \
+	VPINSRQ_1_SI_X15(3*8)
+
+// load msg: X12 = (0, 6), X13 = (9, 8), X14 = (7, 3), X15 = (2, 11)
+#define LOAD_MSG_AVX_0_6_9_8_7_3_2_11() \
+	MOVQ    0*8(SI), X12;        \
+	VPSHUFD $0x4E, 8*8(SI), X13; \
+	MOVQ    7*8(SI), X14;        \
+	MOVQ    2*8(SI), X15;        \
+	VPINSRQ_1_SI_X12(6*8);       \
+	VPINSRQ_1_SI_X14(3*8);       \
+	VPINSRQ_1_SI_X15(11*8)
+
+// load msg: X12 = (6, 14), X13 = (11, 0), X14 = (15, 9), X15 = (3, 8)
+#define LOAD_MSG_AVX_6_14_11_0_15_9_3_8() \
+	MOVQ 6*8(SI), X12;      \
+	MOVQ 11*8(SI), X13;     \
+	MOVQ 15*8(SI), X14;     \
+	MOVQ 3*8(SI), X15;      \
+	VPINSRQ_1_SI_X12(14*8); \
+	VPINSRQ_1_SI_X13_0;     \
+	VPINSRQ_1_SI_X14(9*8);  \
+	VPINSRQ_1_SI_X15(8*8)
+
+// load msg: X12 = (5, 15), X13 = (8, 2), X14 = (0, 4), X15 = (6, 10)
+#define LOAD_MSG_AVX_5_15_8_2_0_4_6_10() \
+	MOVQ 5*8(SI), X12;      \
+	MOVQ 8*8(SI), X13;      \
+	MOVQ 0*8(SI), X14;      \
+	MOVQ 6*8(SI), X15;      \
+	VPINSRQ_1_SI_X12(15*8); \
+	VPINSRQ_1_SI_X13(2*8);  \
+	VPINSRQ_1_SI_X14(4*8);  \
+	VPINSRQ_1_SI_X15(10*8)
+
+// load msg: X12 = (12, 13), X13 = (1, 10), X14 = (2, 7), X15 = (4, 5)
+#define LOAD_MSG_AVX_12_13_1_10_2_7_4_5() \
+	VMOVDQU 12*8(SI), X12;  \
+	MOVQ    1*8(SI), X13;   \
+	MOVQ    2*8(SI), X14;   \
+	VPINSRQ_1_SI_X13(10*8); \
+	VPINSRQ_1_SI_X14(7*8);  \
+	VMOVDQU 4*8(SI), X15
+
+// load msg: X12 = (15, 9), X13 = (3, 13), X14 = (11, 14), X15 = (12, 0)
+#define LOAD_MSG_AVX_15_9_3_13_11_14_12_0() \
+	MOVQ 15*8(SI), X12;     \
+	MOVQ 3*8(SI), X13;      \
+	MOVQ 11*8(SI), X14;     \
+	MOVQ 12*8(SI), X15;     \
+	VPINSRQ_1_SI_X12(9*8);  \
+	VPINSRQ_1_SI_X13(13*8); \
+	VPINSRQ_1_SI_X14(14*8); \
+	VPINSRQ_1_SI_X15_0
+
+// func hashBlocksAVX(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
+TEXT ·hashBlocksAVX(SB), 4, $288-48 // frame size = 272 + 16 byte alignment
+	MOVQ h+0(FP), AX
+	MOVQ c+8(FP), BX
+	MOVQ flag+16(FP), CX
+	MOVQ blocks_base+24(FP), SI
+	MOVQ blocks_len+32(FP), DI
+
+	MOVQ SP, BP
+	MOVQ SP, R9
+	ADDQ $15, R9
+	ANDQ $~15, R9
+	MOVQ R9, SP
+
+	VMOVDQU ·AVX_c40<>(SB), X0
+	VMOVDQU ·AVX_c48<>(SB), X1
+	VMOVDQA X0, X8
+	VMOVDQA X1, X9
+
+	VMOVDQU ·AVX_iv3<>(SB), X0
+	VMOVDQA X0, 0(SP)
+	XORQ    CX, 0(SP)          // 0(SP) = ·AVX_iv3 ^ (CX || 0)
+
+	VMOVDQU 0(AX), X10
+	VMOVDQU 16(AX), X11
+	VMOVDQU 32(AX), X2
+	VMOVDQU 48(AX), X3
+
+	MOVQ 0(BX), R8
+	MOVQ 8(BX), R9
+
+loop:
+	ADDQ $128, R8
+	CMPQ R8, $128
+	JGE  noinc
+	INCQ R9
+
+noinc:
+	VMOVQ_R8_X15
+	VPINSRQ_1_R9_X15
+
+	VMOVDQA X10, X0
+	VMOVDQA X11, X1
+	VMOVDQU ·AVX_iv0<>(SB), X4
+	VMOVDQU ·AVX_iv1<>(SB), X5
+	VMOVDQU ·AVX_iv2<>(SB), X6
+
+	VPXOR   X15, X6, X6
+	VMOVDQA 0(SP), X7
+
+	LOAD_MSG_AVX_0_2_4_6_1_3_5_7()
+	VMOVDQA X12, 16(SP)
+	VMOVDQA X13, 32(SP)
+	VMOVDQA X14, 48(SP)
+	VMOVDQA X15, 64(SP)
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+	SHUFFLE_AVX()
+	LOAD_MSG_AVX(8, 10, 12, 14, 9, 11, 13, 15)
+	VMOVDQA X12, 80(SP)
+	VMOVDQA X13, 96(SP)
+	VMOVDQA X14, 112(SP)
+	VMOVDQA X15, 128(SP)
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+	SHUFFLE_AVX_INV()
+
+	LOAD_MSG_AVX(14, 4, 9, 13, 10, 8, 15, 6)
+	VMOVDQA X12, 144(SP)
+	VMOVDQA X13, 160(SP)
+	VMOVDQA X14, 176(SP)
+	VMOVDQA X15, 192(SP)
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+	SHUFFLE_AVX()
+	LOAD_MSG_AVX_1_0_11_5_12_2_7_3()
+	VMOVDQA X12, 208(SP)
+	VMOVDQA X13, 224(SP)
+	VMOVDQA X14, 240(SP)
+	VMOVDQA X15, 256(SP)
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+	SHUFFLE_AVX_INV()
+
+	LOAD_MSG_AVX_11_12_5_15_8_0_2_13()
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+	SHUFFLE_AVX()
+	LOAD_MSG_AVX(10, 3, 7, 9, 14, 6, 1, 4)
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+	SHUFFLE_AVX_INV()
+
+	LOAD_MSG_AVX(7, 3, 13, 11, 9, 1, 12, 14)
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+	SHUFFLE_AVX()
+	LOAD_MSG_AVX_2_5_4_15_6_10_0_8()
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+	SHUFFLE_AVX_INV()
+
+	LOAD_MSG_AVX_9_5_2_10_0_7_4_15()
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+	SHUFFLE_AVX()
+	LOAD_MSG_AVX(14, 11, 6, 3, 1, 12, 8, 13)
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+	SHUFFLE_AVX_INV()
+
+	LOAD_MSG_AVX_2_6_0_8_12_10_11_3()
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+	SHUFFLE_AVX()
+	LOAD_MSG_AVX(4, 7, 15, 1, 13, 5, 14, 9)
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+	SHUFFLE_AVX_INV()
+
+	LOAD_MSG_AVX(12, 1, 14, 4, 5, 15, 13, 10)
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+	SHUFFLE_AVX()
+	LOAD_MSG_AVX_0_6_9_8_7_3_2_11()
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+	SHUFFLE_AVX_INV()
+
+	LOAD_MSG_AVX(13, 7, 12, 3, 11, 14, 1, 9)
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+	SHUFFLE_AVX()
+	LOAD_MSG_AVX_5_15_8_2_0_4_6_10()
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+	SHUFFLE_AVX_INV()
+
+	LOAD_MSG_AVX_6_14_11_0_15_9_3_8()
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+	SHUFFLE_AVX()
+	LOAD_MSG_AVX_12_13_1_10_2_7_4_5()
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+	SHUFFLE_AVX_INV()
+
+	LOAD_MSG_AVX(10, 8, 7, 1, 2, 4, 6, 5)
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+	SHUFFLE_AVX()
+	LOAD_MSG_AVX_15_9_3_13_11_14_12_0()
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
+	SHUFFLE_AVX_INV()
+
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, 16(SP), 32(SP), 48(SP), 64(SP), X15, X8, X9)
+	SHUFFLE_AVX()
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, 80(SP), 96(SP), 112(SP), 128(SP), X15, X8, X9)
+	SHUFFLE_AVX_INV()
+
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, 144(SP), 160(SP), 176(SP), 192(SP), X15, X8, X9)
+	SHUFFLE_AVX()
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, 208(SP), 224(SP), 240(SP), 256(SP), X15, X8, X9)
+	SHUFFLE_AVX_INV()
+
+	VMOVDQU 32(AX), X14
+	VMOVDQU 48(AX), X15
+	VPXOR   X0, X10, X10
+	VPXOR   X1, X11, X11
+	VPXOR   X2, X14, X14
+	VPXOR   X3, X15, X15
+	VPXOR   X4, X10, X10
+	VPXOR   X5, X11, X11
+	VPXOR   X6, X14, X2
+	VPXOR   X7, X15, X3
+	VMOVDQU X2, 32(AX)
+	VMOVDQU X3, 48(AX)
+
+	LEAQ 128(SI), SI
+	SUBQ $128, DI
+	JNE  loop
+
+	VMOVDQU X10, 0(AX)
+	VMOVDQU X11, 16(AX)
+
+	MOVQ R8, 0(BX)
+	MOVQ R9, 8(BX)
+	VZEROUPPER
+
+	MOVQ BP, SP
+	RET
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go
new file mode 100644
index 00000000..30e2fcd5
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go
@@ -0,0 +1,24 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !go1.7,amd64,!gccgo,!appengine
+
+package blake2b
+
+import "golang.org/x/sys/cpu"
+
+func init() {
+	useSSE4 = cpu.X86.HasSSE41
+}
+
+//go:noescape
+func hashBlocksSSE4(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
+
+func hashBlocks(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) {
+	if useSSE4 {
+		hashBlocksSSE4(h, c, flag, blocks)
+	} else {
+		hashBlocksGeneric(h, c, flag, blocks)
+	}
+}
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s
new file mode 100644
index 00000000..578e947b
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s
@@ -0,0 +1,281 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,!gccgo,!appengine
+
+#include "textflag.h"
+
+DATA ·iv0<>+0x00(SB)/8, $0x6a09e667f3bcc908
+DATA ·iv0<>+0x08(SB)/8, $0xbb67ae8584caa73b
+GLOBL ·iv0<>(SB), (NOPTR+RODATA), $16
+
+DATA ·iv1<>+0x00(SB)/8, $0x3c6ef372fe94f82b
+DATA ·iv1<>+0x08(SB)/8, $0xa54ff53a5f1d36f1
+GLOBL ·iv1<>(SB), (NOPTR+RODATA), $16
+
+DATA ·iv2<>+0x00(SB)/8, $0x510e527fade682d1
+DATA ·iv2<>+0x08(SB)/8, $0x9b05688c2b3e6c1f
+GLOBL ·iv2<>(SB), (NOPTR+RODATA), $16
+
+DATA ·iv3<>+0x00(SB)/8, $0x1f83d9abfb41bd6b
+DATA ·iv3<>+0x08(SB)/8, $0x5be0cd19137e2179
+GLOBL ·iv3<>(SB), (NOPTR+RODATA), $16
+
+DATA ·c40<>+0x00(SB)/8, $0x0201000706050403
+DATA ·c40<>+0x08(SB)/8, $0x0a09080f0e0d0c0b
+GLOBL ·c40<>(SB), (NOPTR+RODATA), $16
+
+DATA ·c48<>+0x00(SB)/8, $0x0100070605040302
+DATA ·c48<>+0x08(SB)/8, $0x09080f0e0d0c0b0a
+GLOBL ·c48<>(SB), (NOPTR+RODATA), $16
+
+#define SHUFFLE(v2, v3, v4, v5, v6, v7, t1, t2) \
+	MOVO       v4, t1; \
+	MOVO       v5, v4; \
+	MOVO       t1, v5; \
+	MOVO       v6, t1; \
+	PUNPCKLQDQ v6, t2; \
+	PUNPCKHQDQ v7, v6; \
+	PUNPCKHQDQ t2, v6; \
+	PUNPCKLQDQ v7, t2; \
+	MOVO       t1, v7; \
+	MOVO       v2, t1; \
+	PUNPCKHQDQ t2, v7; \
+	PUNPCKLQDQ v3, t2; \
+	PUNPCKHQDQ t2, v2; \
+	PUNPCKLQDQ t1, t2; \
+	PUNPCKHQDQ t2, v3
+
+#define SHUFFLE_INV(v2, v3, v4, v5, v6, v7, t1, t2) \
+	MOVO       v4, t1; \
+	MOVO       v5, v4; \
+	MOVO       t1, v5; \
+	MOVO       v2, t1; \
+	PUNPCKLQDQ v2, t2; \
+	PUNPCKHQDQ v3, v2; \
+	PUNPCKHQDQ t2, v2; \
+	PUNPCKLQDQ v3, t2; \
+	MOVO       t1, v3; \
+	MOVO       v6, t1; \
+	PUNPCKHQDQ t2, v3; \
+	PUNPCKLQDQ v7, t2; \
+	PUNPCKHQDQ t2, v6; \
+	PUNPCKLQDQ t1, t2; \
+	PUNPCKHQDQ t2, v7
+
+#define HALF_ROUND(v0, v1, v2, v3, v4, v5, v6, v7, m0, m1, m2, m3, t0, c40, c48) \
+	PADDQ  m0, v0;        \
+	PADDQ  m1, v1;        \
+	PADDQ  v2, v0;        \
+	PADDQ  v3, v1;        \
+	PXOR   v0, v6;        \
+	PXOR   v1, v7;        \
+	PSHUFD $0xB1, v6, v6; \
+	PSHUFD $0xB1, v7, v7; \
+	PADDQ  v6, v4;        \
+	PADDQ  v7, v5;        \
+	PXOR   v4, v2;        \
+	PXOR   v5, v3;        \
+	PSHUFB c40, v2;       \
+	PSHUFB c40, v3;       \
+	PADDQ  m2, v0;        \
+	PADDQ  m3, v1;        \
+	PADDQ  v2, v0;        \
+	PADDQ  v3, v1;        \
+	PXOR   v0, v6;        \
+	PXOR   v1, v7;        \
+	PSHUFB c48, v6;       \
+	PSHUFB c48, v7;       \
+	PADDQ  v6, v4;        \
+	PADDQ  v7, v5;        \
+	PXOR   v4, v2;        \
+	PXOR   v5, v3;        \
+	MOVOU  v2, t0;        \
+	PADDQ  v2, t0;        \
+	PSRLQ  $63, v2;       \
+	PXOR   t0, v2;        \
+	MOVOU  v3, t0;        \
+	PADDQ  v3, t0;        \
+	PSRLQ  $63, v3;       \
+	PXOR   t0, v3
+
+#define LOAD_MSG(m0, m1, m2, m3, src, i0, i1, i2, i3, i4, i5, i6, i7) \
+	MOVQ   i0*8(src), m0;     \
+	PINSRQ $1, i1*8(src), m0; \
+	MOVQ   i2*8(src), m1;     \
+	PINSRQ $1, i3*8(src), m1; \
+	MOVQ   i4*8(src), m2;     \
+	PINSRQ $1, i5*8(src), m2; \
+	MOVQ   i6*8(src), m3;     \
+	PINSRQ $1, i7*8(src), m3
+
+// func hashBlocksSSE4(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
+TEXT ·hashBlocksSSE4(SB), 4, $288-48 // frame size = 272 + 16 byte alignment
+	MOVQ h+0(FP), AX
+	MOVQ c+8(FP), BX
+	MOVQ flag+16(FP), CX
+	MOVQ blocks_base+24(FP), SI
+	MOVQ blocks_len+32(FP), DI
+
+	MOVQ SP, BP
+	MOVQ SP, R9
+	ADDQ $15, R9
+	ANDQ $~15, R9
+	MOVQ R9, SP
+
+	MOVOU ·iv3<>(SB), X0
+	MOVO  X0, 0(SP)
+	XORQ  CX, 0(SP)     // 0(SP) = ·iv3 ^ (CX || 0)
+
+	MOVOU ·c40<>(SB), X13
+	MOVOU ·c48<>(SB), X14
+
+	MOVOU 0(AX), X12
+	MOVOU 16(AX), X15
+
+	MOVQ 0(BX), R8
+	MOVQ 8(BX), R9
+
+loop:
+	ADDQ $128, R8
+	CMPQ R8, $128
+	JGE  noinc
+	INCQ R9
+
+noinc:
+	MOVQ R8, X8
+	PINSRQ $1, R9, X8
+
+	MOVO X12, X0
+	MOVO X15, X1
+	MOVOU 32(AX), X2
+	MOVOU 48(AX), X3
+	MOVOU ·iv0<>(SB), X4
+	MOVOU ·iv1<>(SB), X5
+	MOVOU ·iv2<>(SB), X6
+
+	PXOR X8, X6
+	MOVO 0(SP), X7
+
+	LOAD_MSG(X8, X9, X10, X11, SI, 0, 2, 4, 6, 1, 3, 5, 7)
+	MOVO X8, 16(SP)
+	MOVO X9, 32(SP)
+	MOVO X10, 48(SP)
+	MOVO X11, 64(SP)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+	SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+	LOAD_MSG(X8, X9, X10, X11, SI, 8, 10, 12, 14, 9, 11, 13, 15)
+	MOVO X8, 80(SP)
+	MOVO X9, 96(SP)
+	MOVO X10, 112(SP)
+	MOVO X11, 128(SP)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+	SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+	LOAD_MSG(X8, X9, X10, X11, SI, 14, 4, 9, 13, 10, 8, 15, 6)
+	MOVO X8, 144(SP)
+	MOVO X9, 160(SP)
+	MOVO X10, 176(SP)
+	MOVO X11, 192(SP)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+	SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+	LOAD_MSG(X8, X9, X10, X11, SI, 1, 0, 11, 5, 12, 2, 7, 3)
+	MOVO X8, 208(SP)
+	MOVO X9, 224(SP)
+	MOVO X10, 240(SP)
+	MOVO X11, 256(SP)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+	SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+	LOAD_MSG(X8, X9, X10, X11, SI, 11, 12, 5, 15, 8, 0, 2, 13)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+	SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+	LOAD_MSG(X8, X9, X10, X11, SI, 10, 3, 7, 9, 14, 6, 1, 4)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+	SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+	LOAD_MSG(X8, X9, X10, X11, SI, 7, 3, 13, 11, 9, 1, 12, 14)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+	SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+	LOAD_MSG(X8, X9, X10, X11, SI, 2, 5, 4, 15, 6, 10, 0, 8)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+	SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+	LOAD_MSG(X8, X9, X10, X11, SI, 9, 5, 2, 10, 0, 7, 4, 15)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+	SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+	LOAD_MSG(X8, X9, X10, X11, SI, 14, 11, 6, 3, 1, 12, 8, 13)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+	SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+	LOAD_MSG(X8, X9, X10, X11, SI, 2, 6, 0, 8, 12, 10, 11, 3)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+	SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+	LOAD_MSG(X8, X9, X10, X11, SI, 4, 7, 15, 1, 13, 5, 14, 9)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+	SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+	LOAD_MSG(X8, X9, X10, X11, SI, 12, 1, 14, 4, 5, 15, 13, 10)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+	SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+	LOAD_MSG(X8, X9, X10, X11, SI, 0, 6, 9, 8, 7, 3, 2, 11)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+	SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+	LOAD_MSG(X8, X9, X10, X11, SI, 13, 7, 12, 3, 11, 14, 1, 9)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+	SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+	LOAD_MSG(X8, X9, X10, X11, SI, 5, 15, 8, 2, 0, 4, 6, 10)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+	SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+	LOAD_MSG(X8, X9, X10, X11, SI, 6, 14, 11, 0, 15, 9, 3, 8)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+	SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+	LOAD_MSG(X8, X9, X10, X11, SI, 12, 13, 1, 10, 2, 7, 4, 5)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+	SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+	LOAD_MSG(X8, X9, X10, X11, SI, 10, 8, 7, 1, 2, 4, 6, 5)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+	SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+	LOAD_MSG(X8, X9, X10, X11, SI, 15, 9, 3, 13, 11, 14, 12, 0)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
+	SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 16(SP), 32(SP), 48(SP), 64(SP), X11, X13, X14)
+	SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 80(SP), 96(SP), 112(SP), 128(SP), X11, X13, X14)
+	SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 144(SP), 160(SP), 176(SP), 192(SP), X11, X13, X14)
+	SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 208(SP), 224(SP), 240(SP), 256(SP), X11, X13, X14)
+	SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
+
+	MOVOU 32(AX), X10
+	MOVOU 48(AX), X11
+	PXOR  X0, X12
+	PXOR  X1, X15
+	PXOR  X2, X10
+	PXOR  X3, X11
+	PXOR  X4, X12
+	PXOR  X5, X15
+	PXOR  X6, X10
+	PXOR  X7, X11
+	MOVOU X10, 32(AX)
+	MOVOU X11, 48(AX)
+
+	LEAQ 128(SI), SI
+	SUBQ $128, DI
+	JNE  loop
+
+	MOVOU X12, 0(AX)
+	MOVOU X15, 16(AX)
+
+	MOVQ R8, 0(BX)
+	MOVQ R9, 8(BX)
+
+	MOVQ BP, SP
+	RET
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b_generic.go b/vendor/golang.org/x/crypto/blake2b/blake2b_generic.go
new file mode 100644
index 00000000..3168a8aa
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b_generic.go
@@ -0,0 +1,182 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package blake2b
+
+import (
+	"encoding/binary"
+	"math/bits"
+)
+
+// the precomputed values for BLAKE2b
+// there are 12 16-byte arrays - one for each round
+// the entries are calculated from the sigma constants.
+var precomputed = [12][16]byte{
+	{0, 2, 4, 6, 1, 3, 5, 7, 8, 10, 12, 14, 9, 11, 13, 15},
+	{14, 4, 9, 13, 10, 8, 15, 6, 1, 0, 11, 5, 12, 2, 7, 3},
+	{11, 12, 5, 15, 8, 0, 2, 13, 10, 3, 7, 9, 14, 6, 1, 4},
+	{7, 3, 13, 11, 9, 1, 12, 14, 2, 5, 4, 15, 6, 10, 0, 8},
+	{9, 5, 2, 10, 0, 7, 4, 15, 14, 11, 6, 3, 1, 12, 8, 13},
+	{2, 6, 0, 8, 12, 10, 11, 3, 4, 7, 15, 1, 13, 5, 14, 9},
+	{12, 1, 14, 4, 5, 15, 13, 10, 0, 6, 9, 8, 7, 3, 2, 11},
+	{13, 7, 12, 3, 11, 14, 1, 9, 5, 15, 8, 2, 0, 4, 6, 10},
+	{6, 14, 11, 0, 15, 9, 3, 8, 12, 13, 1, 10, 2, 7, 4, 5},
+	{10, 8, 7, 1, 2, 4, 6, 5, 15, 9, 3, 13, 11, 14, 12, 0},
+	{0, 2, 4, 6, 1, 3, 5, 7, 8, 10, 12, 14, 9, 11, 13, 15}, // equal to the first
+	{14, 4, 9, 13, 10, 8, 15, 6, 1, 0, 11, 5, 12, 2, 7, 3}, // equal to the second
+}
+
+func hashBlocksGeneric(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) {
+	var m [16]uint64
+	c0, c1 := c[0], c[1]
+
+	for i := 0; i < len(blocks); {
+		c0 += BlockSize
+		if c0 < BlockSize {
+			c1++
+		}
+
+		v0, v1, v2, v3, v4, v5, v6, v7 := h[0], h[1], h[2], h[3], h[4], h[5], h[6], h[7]
+		v8, v9, v10, v11, v12, v13, v14, v15 := iv[0], iv[1], iv[2], iv[3], iv[4], iv[5], iv[6], iv[7]
+		v12 ^= c0
+		v13 ^= c1
+		v14 ^= flag
+
+		for j := range m {
+			m[j] = binary.LittleEndian.Uint64(blocks[i:])
+			i += 8
+		}
+
+		for j := range precomputed {
+			s := &(precomputed[j])
+
+			v0 += m[s[0]]
+			v0 += v4
+			v12 ^= v0
+			v12 = bits.RotateLeft64(v12, -32)
+			v8 += v12
+			v4 ^= v8
+			v4 = bits.RotateLeft64(v4, -24)
+			v1 += m[s[1]]
+			v1 += v5
+			v13 ^= v1
+			v13 = bits.RotateLeft64(v13, -32)
+			v9 += v13
+			v5 ^= v9
+			v5 = bits.RotateLeft64(v5, -24)
+			v2 += m[s[2]]
+			v2 += v6
+			v14 ^= v2
+			v14 = bits.RotateLeft64(v14, -32)
+			v10 += v14
+			v6 ^= v10
+			v6 = bits.RotateLeft64(v6, -24)
+			v3 += m[s[3]]
+			v3 += v7
+			v15 ^= v3
+			v15 = bits.RotateLeft64(v15, -32)
+			v11 += v15
+			v7 ^= v11
+			v7 = bits.RotateLeft64(v7, -24)
+
+			v0 += m[s[4]]
+			v0 += v4
+			v12 ^= v0
+			v12 = bits.RotateLeft64(v12, -16)
+			v8 += v12
+			v4 ^= v8
+			v4 = bits.RotateLeft64(v4, -63)
+			v1 += m[s[5]]
+			v1 += v5
+			v13 ^= v1
+			v13 = bits.RotateLeft64(v13, -16)
+			v9 += v13
+			v5 ^= v9
+			v5 = bits.RotateLeft64(v5, -63)
+			v2 += m[s[6]]
+			v2 += v6
+			v14 ^= v2
+			v14 = bits.RotateLeft64(v14, -16)
+			v10 += v14
+			v6 ^= v10
+			v6 = bits.RotateLeft64(v6, -63)
+			v3 += m[s[7]]
+			v3 += v7
+			v15 ^= v3
+			v15 = bits.RotateLeft64(v15, -16)
+			v11 += v15
+			v7 ^= v11
+			v7 = bits.RotateLeft64(v7, -63)
+
+			v0 += m[s[8]]
+			v0 += v5
+			v15 ^= v0
+			v15 = bits.RotateLeft64(v15, -32)
+			v10 += v15
+			v5 ^= v10
+			v5 = bits.RotateLeft64(v5, -24)
+			v1 += m[s[9]]
+			v1 += v6
+			v12 ^= v1
+			v12 = bits.RotateLeft64(v12, -32)
+			v11 += v12
+			v6 ^= v11
+			v6 = bits.RotateLeft64(v6, -24)
+			v2 += m[s[10]]
+			v2 += v7
+			v13 ^= v2
+			v13 = bits.RotateLeft64(v13, -32)
+			v8 += v13
+			v7 ^= v8
+			v7 = bits.RotateLeft64(v7, -24)
+			v3 += m[s[11]]
+			v3 += v4
+			v14 ^= v3
+			v14 = bits.RotateLeft64(v14, -32)
+			v9 += v14
+			v4 ^= v9
+			v4 = bits.RotateLeft64(v4, -24)
+
+			v0 += m[s[12]]
+			v0 += v5
+			v15 ^= v0
+			v15 = bits.RotateLeft64(v15, -16)
+			v10 += v15
+			v5 ^= v10
+			v5 = bits.RotateLeft64(v5, -63)
+			v1 += m[s[13]]
+			v1 += v6
+			v12 ^= v1
+			v12 = bits.RotateLeft64(v12, -16)
+			v11 += v12
+			v6 ^= v11
+			v6 = bits.RotateLeft64(v6, -63)
+			v2 += m[s[14]]
+			v2 += v7
+			v13 ^= v2
+			v13 = bits.RotateLeft64(v13, -16)
+			v8 += v13
+			v7 ^= v8
+			v7 = bits.RotateLeft64(v7, -63)
+			v3 += m[s[15]]
+			v3 += v4
+			v14 ^= v3
+			v14 = bits.RotateLeft64(v14, -16)
+			v9 += v14
+			v4 ^= v9
+			v4 = bits.RotateLeft64(v4, -63)
+
+		}
+
+		h[0] ^= v0 ^ v8
+		h[1] ^= v1 ^ v9
+		h[2] ^= v2 ^ v10
+		h[3] ^= v3 ^ v11
+		h[4] ^= v4 ^ v12
+		h[5] ^= v5 ^ v13
+		h[6] ^= v6 ^ v14
+		h[7] ^= v7 ^ v15
+	}
+	c[0], c[1] = c0, c1
+}
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b_ref.go b/vendor/golang.org/x/crypto/blake2b/blake2b_ref.go
new file mode 100644
index 00000000..da156a1b
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b_ref.go
@@ -0,0 +1,11 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !amd64 appengine gccgo
+
+package blake2b
+
+func hashBlocks(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) {
+	hashBlocksGeneric(h, c, flag, blocks)
+}
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2x.go b/vendor/golang.org/x/crypto/blake2b/blake2x.go
new file mode 100644
index 00000000..52c414db
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2x.go
@@ -0,0 +1,177 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package blake2b
+
+import (
+	"encoding/binary"
+	"errors"
+	"io"
+)
+
+// XOF defines the interface to hash functions that
+// support arbitrary-length output.
+type XOF interface {
+	// Write absorbs more data into the hash's state. It panics if called
+	// after Read.
+	io.Writer
+
+	// Read reads more output from the hash. It returns io.EOF if the limit
+	// has been reached.
+	io.Reader
+
+	// Clone returns a copy of the XOF in its current state.
+	Clone() XOF
+
+	// Reset resets the XOF to its initial state.
+	Reset()
+}
+
+// OutputLengthUnknown can be used as the size argument to NewXOF to indicate
+// the length of the output is not known in advance.
+const OutputLengthUnknown = 0
+
+// magicUnknownOutputLength is a magic value for the output size that indicates
+// an unknown number of output bytes.
+const magicUnknownOutputLength = (1 << 32) - 1
+
+// maxOutputLength is the absolute maximum number of bytes to produce when the
+// number of output bytes is unknown.
+const maxOutputLength = (1 << 32) * 64
+
+// NewXOF creates a new variable-output-length hash. The hash either produce a
+// known number of bytes (1 <= size < 2**32-1), or an unknown number of bytes
+// (size == OutputLengthUnknown). In the latter case, an absolute limit of
+// 256GiB applies.
+//
+// A non-nil key turns the hash into a MAC. The key must between
+// zero and 32 bytes long.
+func NewXOF(size uint32, key []byte) (XOF, error) {
+	if len(key) > Size {
+		return nil, errKeySize
+	}
+	if size == magicUnknownOutputLength {
+		// 2^32-1 indicates an unknown number of bytes and thus isn't a
+		// valid length.
+		return nil, errors.New("blake2b: XOF length too large")
+	}
+	if size == OutputLengthUnknown {
+		size = magicUnknownOutputLength
+	}
+	x := &xof{
+		d: digest{
+			size:   Size,
+			keyLen: len(key),
+		},
+		length: size,
+	}
+	copy(x.d.key[:], key)
+	x.Reset()
+	return x, nil
+}
+
+type xof struct {
+	d                digest
+	length           uint32
+	remaining        uint64
+	cfg, root, block [Size]byte
+	offset           int
+	nodeOffset       uint32
+	readMode         bool
+}
+
+func (x *xof) Write(p []byte) (n int, err error) {
+	if x.readMode {
+		panic("blake2b: write to XOF after read")
+	}
+	return x.d.Write(p)
+}
+
+func (x *xof) Clone() XOF {
+	clone := *x
+	return &clone
+}
+
+func (x *xof) Reset() {
+	x.cfg[0] = byte(Size)
+	binary.LittleEndian.PutUint32(x.cfg[4:], uint32(Size)) // leaf length
+	binary.LittleEndian.PutUint32(x.cfg[12:], x.length)    // XOF length
+	x.cfg[17] = byte(Size)                                 // inner hash size
+
+	x.d.Reset()
+	x.d.h[1] ^= uint64(x.length) << 32
+
+	x.remaining = uint64(x.length)
+	if x.remaining == magicUnknownOutputLength {
+		x.remaining = maxOutputLength
+	}
+	x.offset, x.nodeOffset = 0, 0
+	x.readMode = false
+}
+
+func (x *xof) Read(p []byte) (n int, err error) {
+	if !x.readMode {
+		x.d.finalize(&x.root)
+		x.readMode = true
+	}
+
+	if x.remaining == 0 {
+		return 0, io.EOF
+	}
+
+	n = len(p)
+	if uint64(n) > x.remaining {
+		n = int(x.remaining)
+		p = p[:n]
+	}
+
+	if x.offset > 0 {
+		blockRemaining := Size - x.offset
+		if n < blockRemaining {
+			x.offset += copy(p, x.block[x.offset:])
+			x.remaining -= uint64(n)
+			return
+		}
+		copy(p, x.block[x.offset:])
+		p = p[blockRemaining:]
+		x.offset = 0
+		x.remaining -= uint64(blockRemaining)
+	}
+
+	for len(p) >= Size {
+		binary.LittleEndian.PutUint32(x.cfg[8:], x.nodeOffset)
+		x.nodeOffset++
+
+		x.d.initConfig(&x.cfg)
+		x.d.Write(x.root[:])
+		x.d.finalize(&x.block)
+
+		copy(p, x.block[:])
+		p = p[Size:]
+		x.remaining -= uint64(Size)
+	}
+
+	if todo := len(p); todo > 0 {
+		if x.remaining < uint64(Size) {
+			x.cfg[0] = byte(x.remaining)
+		}
+		binary.LittleEndian.PutUint32(x.cfg[8:], x.nodeOffset)
+		x.nodeOffset++
+
+		x.d.initConfig(&x.cfg)
+		x.d.Write(x.root[:])
+		x.d.finalize(&x.block)
+
+		x.offset = copy(p, x.block[:todo])
+		x.remaining -= uint64(todo)
+	}
+	return
+}
+
+func (d *digest) initConfig(cfg *[Size]byte) {
+	d.offset, d.c[0], d.c[1] = 0, 0, 0
+	for i := range d.h {
+		d.h[i] = iv[i] ^ binary.LittleEndian.Uint64(cfg[i*8:])
+	}
+}
diff --git a/vendor/golang.org/x/crypto/blake2b/register.go b/vendor/golang.org/x/crypto/blake2b/register.go
new file mode 100644
index 00000000..efd689af
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/register.go
@@ -0,0 +1,32 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build go1.9
+
+package blake2b
+
+import (
+	"crypto"
+	"hash"
+)
+
+func init() {
+	newHash256 := func() hash.Hash {
+		h, _ := New256(nil)
+		return h
+	}
+	newHash384 := func() hash.Hash {
+		h, _ := New384(nil)
+		return h
+	}
+
+	newHash512 := func() hash.Hash {
+		h, _ := New512(nil)
+		return h
+	}
+
+	crypto.RegisterHash(crypto.BLAKE2b_256, newHash256)
+	crypto.RegisterHash(crypto.BLAKE2b_384, newHash384)
+	crypto.RegisterHash(crypto.BLAKE2b_512, newHash512)
+}
diff --git a/vendor/golang.org/x/crypto/blowfish/block.go b/vendor/golang.org/x/crypto/blowfish/block.go
new file mode 100644
index 00000000..9d80f195
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blowfish/block.go
@@ -0,0 +1,159 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package blowfish
+
+// getNextWord returns the next big-endian uint32 value from the byte slice
+// at the given position in a circular manner, updating the position.
+func getNextWord(b []byte, pos *int) uint32 {
+	var w uint32
+	j := *pos
+	for i := 0; i < 4; i++ {
+		w = w<<8 | uint32(b[j])
+		j++
+		if j >= len(b) {
+			j = 0
+		}
+	}
+	*pos = j
+	return w
+}
+
+// ExpandKey performs a key expansion on the given *Cipher. Specifically, it
+// performs the Blowfish algorithm's key schedule which sets up the *Cipher's
+// pi and substitution tables for calls to Encrypt. This is used, primarily,
+// by the bcrypt package to reuse the Blowfish key schedule during its
+// set up. It's unlikely that you need to use this directly.
+func ExpandKey(key []byte, c *Cipher) {
+	j := 0
+	for i := 0; i < 18; i++ {
+		// Using inlined getNextWord for performance.
+		var d uint32
+		for k := 0; k < 4; k++ {
+			d = d<<8 | uint32(key[j])
+			j++
+			if j >= len(key) {
+				j = 0
+			}
+		}
+		c.p[i] ^= d
+	}
+
+	var l, r uint32
+	for i := 0; i < 18; i += 2 {
+		l, r = encryptBlock(l, r, c)
+		c.p[i], c.p[i+1] = l, r
+	}
+
+	for i := 0; i < 256; i += 2 {
+		l, r = encryptBlock(l, r, c)
+		c.s0[i], c.s0[i+1] = l, r
+	}
+	for i := 0; i < 256; i += 2 {
+		l, r = encryptBlock(l, r, c)
+		c.s1[i], c.s1[i+1] = l, r
+	}
+	for i := 0; i < 256; i += 2 {
+		l, r = encryptBlock(l, r, c)
+		c.s2[i], c.s2[i+1] = l, r
+	}
+	for i := 0; i < 256; i += 2 {
+		l, r = encryptBlock(l, r, c)
+		c.s3[i], c.s3[i+1] = l, r
+	}
+}
+
+// This is similar to ExpandKey, but folds the salt during the key
+// schedule. While ExpandKey is essentially expandKeyWithSalt with an all-zero
+// salt passed in, reusing ExpandKey turns out to be a place of inefficiency
+// and specializing it here is useful.
+func expandKeyWithSalt(key []byte, salt []byte, c *Cipher) {
+	j := 0
+	for i := 0; i < 18; i++ {
+		c.p[i] ^= getNextWord(key, &j)
+	}
+
+	j = 0
+	var l, r uint32
+	for i := 0; i < 18; i += 2 {
+		l ^= getNextWord(salt, &j)
+		r ^= getNextWord(salt, &j)
+		l, r = encryptBlock(l, r, c)
+		c.p[i], c.p[i+1] = l, r
+	}
+
+	for i := 0; i < 256; i += 2 {
+		l ^= getNextWord(salt, &j)
+		r ^= getNextWord(salt, &j)
+		l, r = encryptBlock(l, r, c)
+		c.s0[i], c.s0[i+1] = l, r
+	}
+
+	for i := 0; i < 256; i += 2 {
+		l ^= getNextWord(salt, &j)
+		r ^= getNextWord(salt, &j)
+		l, r = encryptBlock(l, r, c)
+		c.s1[i], c.s1[i+1] = l, r
+	}
+
+	for i := 0; i < 256; i += 2 {
+		l ^= getNextWord(salt, &j)
+		r ^= getNextWord(salt, &j)
+		l, r = encryptBlock(l, r, c)
+		c.s2[i], c.s2[i+1] = l, r
+	}
+
+	for i := 0; i < 256; i += 2 {
+		l ^= getNextWord(salt, &j)
+		r ^= getNextWord(salt, &j)
+		l, r = encryptBlock(l, r, c)
+		c.s3[i], c.s3[i+1] = l, r
+	}
+}
+
+func encryptBlock(l, r uint32, c *Cipher) (uint32, uint32) {
+	xl, xr := l, r
+	xl ^= c.p[0]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[1]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[2]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[3]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[4]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[5]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[6]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[7]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[8]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[9]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[10]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[11]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[12]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[13]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[14]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[15]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[16]
+	xr ^= c.p[17]
+	return xr, xl
+}
+
+func decryptBlock(l, r uint32, c *Cipher) (uint32, uint32) {
+	xl, xr := l, r
+	xl ^= c.p[17]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[16]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[15]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[14]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[13]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[12]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[11]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[10]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[9]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[8]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[7]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[6]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[5]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[4]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[3]
+	xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[2]
+	xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[1]
+	xr ^= c.p[0]
+	return xr, xl
+}
diff --git a/vendor/golang.org/x/crypto/blowfish/cipher.go b/vendor/golang.org/x/crypto/blowfish/cipher.go
new file mode 100644
index 00000000..213bf204
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blowfish/cipher.go
@@ -0,0 +1,99 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package blowfish implements Bruce Schneier's Blowfish encryption algorithm.
+//
+// Blowfish is a legacy cipher and its short block size makes it vulnerable to
+// birthday bound attacks (see https://sweet32.info). It should only be used
+// where compatibility with legacy systems, not security, is the goal.
+//
+// Deprecated: any new system should use AES (from crypto/aes, if necessary in
+// an AEAD mode like crypto/cipher.NewGCM) or XChaCha20-Poly1305 (from
+// golang.org/x/crypto/chacha20poly1305).
+package blowfish // import "golang.org/x/crypto/blowfish"
+
+// The code is a port of Bruce Schneier's C implementation.
+// See https://www.schneier.com/blowfish.html.
+
+import "strconv"
+
+// The Blowfish block size in bytes.
+const BlockSize = 8
+
+// A Cipher is an instance of Blowfish encryption using a particular key.
+type Cipher struct {
+	p              [18]uint32
+	s0, s1, s2, s3 [256]uint32
+}
+
+type KeySizeError int
+
+func (k KeySizeError) Error() string {
+	return "crypto/blowfish: invalid key size " + strconv.Itoa(int(k))
+}
+
+// NewCipher creates and returns a Cipher.
+// The key argument should be the Blowfish key, from 1 to 56 bytes.
+func NewCipher(key []byte) (*Cipher, error) {
+	var result Cipher
+	if k := len(key); k < 1 || k > 56 {
+		return nil, KeySizeError(k)
+	}
+	initCipher(&result)
+	ExpandKey(key, &result)
+	return &result, nil
+}
+
+// NewSaltedCipher creates a returns a Cipher that folds a salt into its key
+// schedule. For most purposes, NewCipher, instead of NewSaltedCipher, is
+// sufficient and desirable. For bcrypt compatibility, the key can be over 56
+// bytes.
+func NewSaltedCipher(key, salt []byte) (*Cipher, error) {
+	if len(salt) == 0 {
+		return NewCipher(key)
+	}
+	var result Cipher
+	if k := len(key); k < 1 {
+		return nil, KeySizeError(k)
+	}
+	initCipher(&result)
+	expandKeyWithSalt(key, salt, &result)
+	return &result, nil
+}
+
+// BlockSize returns the Blowfish block size, 8 bytes.
+// It is necessary to satisfy the Block interface in the
+// package "crypto/cipher".
+func (c *Cipher) BlockSize() int { return BlockSize }
+
+// Encrypt encrypts the 8-byte buffer src using the key k
+// and stores the result in dst.
+// Note that for amounts of data larger than a block,
+// it is not safe to just call Encrypt on successive blocks;
+// instead, use an encryption mode like CBC (see crypto/cipher/cbc.go).
+func (c *Cipher) Encrypt(dst, src []byte) {
+	l := uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
+	r := uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
+	l, r = encryptBlock(l, r, c)
+	dst[0], dst[1], dst[2], dst[3] = byte(l>>24), byte(l>>16), byte(l>>8), byte(l)
+	dst[4], dst[5], dst[6], dst[7] = byte(r>>24), byte(r>>16), byte(r>>8), byte(r)
+}
+
+// Decrypt decrypts the 8-byte buffer src using the key k
+// and stores the result in dst.
+func (c *Cipher) Decrypt(dst, src []byte) {
+	l := uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
+	r := uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
+	l, r = decryptBlock(l, r, c)
+	dst[0], dst[1], dst[2], dst[3] = byte(l>>24), byte(l>>16), byte(l>>8), byte(l)
+	dst[4], dst[5], dst[6], dst[7] = byte(r>>24), byte(r>>16), byte(r>>8), byte(r)
+}
+
+func initCipher(c *Cipher) {
+	copy(c.p[0:], p[0:])
+	copy(c.s0[0:], s0[0:])
+	copy(c.s1[0:], s1[0:])
+	copy(c.s2[0:], s2[0:])
+	copy(c.s3[0:], s3[0:])
+}
diff --git a/vendor/golang.org/x/crypto/blowfish/const.go b/vendor/golang.org/x/crypto/blowfish/const.go
new file mode 100644
index 00000000..d0407759
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blowfish/const.go
@@ -0,0 +1,199 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// The startup permutation array and substitution boxes.
+// They are the hexadecimal digits of PI; see:
+// https://www.schneier.com/code/constants.txt.
+
+package blowfish
+
+var s0 = [256]uint32{
+	0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96,
+	0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
+	0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658,
+	0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
+	0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e,
+	0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
+	0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6,
+	0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
+	0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c,
+	0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
+	0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1,
+	0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
+	0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a,
+	0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
+	0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176,
+	0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
+	0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706,
+	0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
+	0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b,
+	0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
+	0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c,
+	0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
+	0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a,
+	0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
+	0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760,
+	0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
+	0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8,
+	0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
+	0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33,
+	0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
+	0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0,
+	0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
+	0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777,
+	0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
+	0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705,
+	0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
+	0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e,
+	0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
+	0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9,
+	0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
+	0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f,
+	0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
+	0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a,
+}
+
+var s1 = [256]uint32{
+	0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d,
+	0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
+	0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65,
+	0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
+	0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9,
+	0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
+	0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d,
+	0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
+	0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc,
+	0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
+	0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908,
+	0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
+	0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124,
+	0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
+	0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908,
+	0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
+	0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b,
+	0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
+	0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa,
+	0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
+	0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d,
+	0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
+	0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5,
+	0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
+	0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96,
+	0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
+	0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca,
+	0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
+	0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77,
+	0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
+	0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054,
+	0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
+	0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea,
+	0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
+	0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646,
+	0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
+	0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea,
+	0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
+	0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e,
+	0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
+	0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd,
+	0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
+	0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7,
+}
+
+var s2 = [256]uint32{
+	0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7,
+	0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
+	0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af,
+	0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
+	0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4,
+	0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
+	0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec,
+	0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
+	0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332,
+	0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
+	0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58,
+	0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
+	0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22,
+	0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
+	0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60,
+	0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
+	0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99,
+	0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
+	0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74,
+	0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
+	0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3,
+	0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
+	0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979,
+	0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
+	0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa,
+	0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
+	0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086,
+	0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
+	0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24,
+	0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
+	0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84,
+	0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
+	0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09,
+	0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
+	0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe,
+	0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
+	0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0,
+	0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
+	0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188,
+	0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
+	0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8,
+	0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
+	0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0,
+}
+
+var s3 = [256]uint32{
+	0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742,
+	0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
+	0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79,
+	0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
+	0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a,
+	0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
+	0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1,
+	0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
+	0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797,
+	0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
+	0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6,
+	0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
+	0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba,
+	0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
+	0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5,
+	0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
+	0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce,
+	0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
+	0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd,
+	0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
+	0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb,
+	0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
+	0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc,
+	0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
+	0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc,
+	0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
+	0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a,
+	0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
+	0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a,
+	0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
+	0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b,
+	0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
+	0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e,
+	0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
+	0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623,
+	0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
+	0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a,
+	0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
+	0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3,
+	0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
+	0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c,
+	0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
+	0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6,
+}
+
+var p = [18]uint32{
+	0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0,
+	0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
+	0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b,
+}
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go
new file mode 100644
index 00000000..b799e440
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go
@@ -0,0 +1,16 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build go1.11,!gccgo,!purego
+
+package chacha20
+
+const bufSize = 256
+
+//go:noescape
+func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
+
+func (c *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+	xorKeyStreamVX(dst, src, &c.key, &c.nonce, &c.counter)
+}
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/asm_arm64.s b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s
similarity index 99%
rename from vendor/golang.org/x/crypto/internal/chacha20/asm_arm64.s
rename to vendor/golang.org/x/crypto/chacha20/chacha_arm64.s
index b3a16ef7..89148153 100644
--- a/vendor/golang.org/x/crypto/internal/chacha20/asm_arm64.s
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s
@@ -2,8 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build go1.11
-// +build !gccgo,!appengine
+// +build go1.11,!gccgo,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_generic.go b/vendor/golang.org/x/crypto/chacha20/chacha_generic.go
new file mode 100644
index 00000000..a2ecf5c3
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_generic.go
@@ -0,0 +1,398 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package chacha20 implements the ChaCha20 and XChaCha20 encryption algorithms
+// as specified in RFC 8439 and draft-irtf-cfrg-xchacha-01.
+package chacha20
+
+import (
+	"crypto/cipher"
+	"encoding/binary"
+	"errors"
+	"math/bits"
+
+	"golang.org/x/crypto/internal/subtle"
+)
+
+const (
+	// KeySize is the size of the key used by this cipher, in bytes.
+	KeySize = 32
+
+	// NonceSize is the size of the nonce used with the standard variant of this
+	// cipher, in bytes.
+	//
+	// Note that this is too short to be safely generated at random if the same
+	// key is reused more than 2³² times.
+	NonceSize = 12
+
+	// NonceSizeX is the size of the nonce used with the XChaCha20 variant of
+	// this cipher, in bytes.
+	NonceSizeX = 24
+)
+
+// Cipher is a stateful instance of ChaCha20 or XChaCha20 using a particular key
+// and nonce. A *Cipher implements the cipher.Stream interface.
+type Cipher struct {
+	// The ChaCha20 state is 16 words: 4 constant, 8 of key, 1 of counter
+	// (incremented after each block), and 3 of nonce.
+	key     [8]uint32
+	counter uint32
+	nonce   [3]uint32
+
+	// The last len bytes of buf are leftover key stream bytes from the previous
+	// XORKeyStream invocation. The size of buf depends on how many blocks are
+	// computed at a time by xorKeyStreamBlocks.
+	buf [bufSize]byte
+	len int
+
+	// overflow is set when the counter overflowed, no more blocks can be
+	// generated, and the next XORKeyStream call should panic.
+	overflow bool
+
+	// The counter-independent results of the first round are cached after they
+	// are computed the first time.
+	precompDone      bool
+	p1, p5, p9, p13  uint32
+	p2, p6, p10, p14 uint32
+	p3, p7, p11, p15 uint32
+}
+
+var _ cipher.Stream = (*Cipher)(nil)
+
+// NewUnauthenticatedCipher creates a new ChaCha20 stream cipher with the given
+// 32 bytes key and a 12 or 24 bytes nonce. If a nonce of 24 bytes is provided,
+// the XChaCha20 construction will be used. It returns an error if key or nonce
+// have any other length.
+//
+// Note that ChaCha20, like all stream ciphers, is not authenticated and allows
+// attackers to silently tamper with the plaintext. For this reason, it is more
+// appropriate as a building block than as a standalone encryption mechanism.
+// Instead, consider using package golang.org/x/crypto/chacha20poly1305.
+func NewUnauthenticatedCipher(key, nonce []byte) (*Cipher, error) {
+	// This function is split into a wrapper so that the Cipher allocation will
+	// be inlined, and depending on how the caller uses the return value, won't
+	// escape to the heap.
+	c := &Cipher{}
+	return newUnauthenticatedCipher(c, key, nonce)
+}
+
+func newUnauthenticatedCipher(c *Cipher, key, nonce []byte) (*Cipher, error) {
+	if len(key) != KeySize {
+		return nil, errors.New("chacha20: wrong key size")
+	}
+	if len(nonce) == NonceSizeX {
+		// XChaCha20 uses the ChaCha20 core to mix 16 bytes of the nonce into a
+		// derived key, allowing it to operate on a nonce of 24 bytes. See
+		// draft-irtf-cfrg-xchacha-01, Section 2.3.
+		key, _ = HChaCha20(key, nonce[0:16])
+		cNonce := make([]byte, NonceSize)
+		copy(cNonce[4:12], nonce[16:24])
+		nonce = cNonce
+	} else if len(nonce) != NonceSize {
+		return nil, errors.New("chacha20: wrong nonce size")
+	}
+
+	key, nonce = key[:KeySize], nonce[:NonceSize] // bounds check elimination hint
+	c.key = [8]uint32{
+		binary.LittleEndian.Uint32(key[0:4]),
+		binary.LittleEndian.Uint32(key[4:8]),
+		binary.LittleEndian.Uint32(key[8:12]),
+		binary.LittleEndian.Uint32(key[12:16]),
+		binary.LittleEndian.Uint32(key[16:20]),
+		binary.LittleEndian.Uint32(key[20:24]),
+		binary.LittleEndian.Uint32(key[24:28]),
+		binary.LittleEndian.Uint32(key[28:32]),
+	}
+	c.nonce = [3]uint32{
+		binary.LittleEndian.Uint32(nonce[0:4]),
+		binary.LittleEndian.Uint32(nonce[4:8]),
+		binary.LittleEndian.Uint32(nonce[8:12]),
+	}
+	return c, nil
+}
+
+// The constant first 4 words of the ChaCha20 state.
+const (
+	j0 uint32 = 0x61707865 // expa
+	j1 uint32 = 0x3320646e // nd 3
+	j2 uint32 = 0x79622d32 // 2-by
+	j3 uint32 = 0x6b206574 // te k
+)
+
+const blockSize = 64
+
+// quarterRound is the core of ChaCha20. It shuffles the bits of 4 state words.
+// It's executed 4 times for each of the 20 ChaCha20 rounds, operating on all 16
+// words each round, in columnar or diagonal groups of 4 at a time.
+func quarterRound(a, b, c, d uint32) (uint32, uint32, uint32, uint32) {
+	a += b
+	d ^= a
+	d = bits.RotateLeft32(d, 16)
+	c += d
+	b ^= c
+	b = bits.RotateLeft32(b, 12)
+	a += b
+	d ^= a
+	d = bits.RotateLeft32(d, 8)
+	c += d
+	b ^= c
+	b = bits.RotateLeft32(b, 7)
+	return a, b, c, d
+}
+
+// SetCounter sets the Cipher counter. The next invocation of XORKeyStream will
+// behave as if (64 * counter) bytes had been encrypted so far.
+//
+// To prevent accidental counter reuse, SetCounter panics if counter is less
+// than the current value.
+//
+// Note that the execution time of XORKeyStream is not independent of the
+// counter value.
+func (s *Cipher) SetCounter(counter uint32) {
+	// Internally, s may buffer multiple blocks, which complicates this
+	// implementation slightly. When checking whether the counter has rolled
+	// back, we must use both s.counter and s.len to determine how many blocks
+	// we have already output.
+	outputCounter := s.counter - uint32(s.len)/blockSize
+	if s.overflow || counter < outputCounter {
+		panic("chacha20: SetCounter attempted to rollback counter")
+	}
+
+	// In the general case, we set the new counter value and reset s.len to 0,
+	// causing the next call to XORKeyStream to refill the buffer. However, if
+	// we're advancing within the existing buffer, we can save work by simply
+	// setting s.len.
+	if counter < s.counter {
+		s.len = int(s.counter-counter) * blockSize
+	} else {
+		s.counter = counter
+		s.len = 0
+	}
+}
+
+// XORKeyStream XORs each byte in the given slice with a byte from the
+// cipher's key stream. Dst and src must overlap entirely or not at all.
+//
+// If len(dst) < len(src), XORKeyStream will panic. It is acceptable
+// to pass a dst bigger than src, and in that case, XORKeyStream will
+// only update dst[:len(src)] and will not touch the rest of dst.
+//
+// Multiple calls to XORKeyStream behave as if the concatenation of
+// the src buffers was passed in a single run. That is, Cipher
+// maintains state and does not reset at each XORKeyStream call.
+func (s *Cipher) XORKeyStream(dst, src []byte) {
+	if len(src) == 0 {
+		return
+	}
+	if len(dst) < len(src) {
+		panic("chacha20: output smaller than input")
+	}
+	dst = dst[:len(src)]
+	if subtle.InexactOverlap(dst, src) {
+		panic("chacha20: invalid buffer overlap")
+	}
+
+	// First, drain any remaining key stream from a previous XORKeyStream.
+	if s.len != 0 {
+		keyStream := s.buf[bufSize-s.len:]
+		if len(src) < len(keyStream) {
+			keyStream = keyStream[:len(src)]
+		}
+		_ = src[len(keyStream)-1] // bounds check elimination hint
+		for i, b := range keyStream {
+			dst[i] = src[i] ^ b
+		}
+		s.len -= len(keyStream)
+		dst, src = dst[len(keyStream):], src[len(keyStream):]
+	}
+	if len(src) == 0 {
+		return
+	}
+
+	// If we'd need to let the counter overflow and keep generating output,
+	// panic immediately. If instead we'd only reach the last block, remember
+	// not to generate any more output after the buffer is drained.
+	numBlocks := (uint64(len(src)) + blockSize - 1) / blockSize
+	if s.overflow || uint64(s.counter)+numBlocks > 1<<32 {
+		panic("chacha20: counter overflow")
+	} else if uint64(s.counter)+numBlocks == 1<<32 {
+		s.overflow = true
+	}
+
+	// xorKeyStreamBlocks implementations expect input lengths that are a
+	// multiple of bufSize. Platform-specific ones process multiple blocks at a
+	// time, so have bufSizes that are a multiple of blockSize.
+
+	full := len(src) - len(src)%bufSize
+	if full > 0 {
+		s.xorKeyStreamBlocks(dst[:full], src[:full])
+	}
+	dst, src = dst[full:], src[full:]
+
+	// If using a multi-block xorKeyStreamBlocks would overflow, use the generic
+	// one that does one block at a time.
+	const blocksPerBuf = bufSize / blockSize
+	if uint64(s.counter)+blocksPerBuf > 1<<32 {
+		s.buf = [bufSize]byte{}
+		numBlocks := (len(src) + blockSize - 1) / blockSize
+		buf := s.buf[bufSize-numBlocks*blockSize:]
+		copy(buf, src)
+		s.xorKeyStreamBlocksGeneric(buf, buf)
+		s.len = len(buf) - copy(dst, buf)
+		return
+	}
+
+	// If we have a partial (multi-)block, pad it for xorKeyStreamBlocks, and
+	// keep the leftover keystream for the next XORKeyStream invocation.
+	if len(src) > 0 {
+		s.buf = [bufSize]byte{}
+		copy(s.buf[:], src)
+		s.xorKeyStreamBlocks(s.buf[:], s.buf[:])
+		s.len = bufSize - copy(dst, s.buf[:])
+	}
+}
+
+func (s *Cipher) xorKeyStreamBlocksGeneric(dst, src []byte) {
+	if len(dst) != len(src) || len(dst)%blockSize != 0 {
+		panic("chacha20: internal error: wrong dst and/or src length")
+	}
+
+	// To generate each block of key stream, the initial cipher state
+	// (represented below) is passed through 20 rounds of shuffling,
+	// alternatively applying quarterRounds by columns (like 1, 5, 9, 13)
+	// or by diagonals (like 1, 6, 11, 12).
+	//
+	//      0:cccccccc   1:cccccccc   2:cccccccc   3:cccccccc
+	//      4:kkkkkkkk   5:kkkkkkkk   6:kkkkkkkk   7:kkkkkkkk
+	//      8:kkkkkkkk   9:kkkkkkkk  10:kkkkkkkk  11:kkkkkkkk
+	//     12:bbbbbbbb  13:nnnnnnnn  14:nnnnnnnn  15:nnnnnnnn
+	//
+	//            c=constant k=key b=blockcount n=nonce
+	var (
+		c0, c1, c2, c3   = j0, j1, j2, j3
+		c4, c5, c6, c7   = s.key[0], s.key[1], s.key[2], s.key[3]
+		c8, c9, c10, c11 = s.key[4], s.key[5], s.key[6], s.key[7]
+		_, c13, c14, c15 = s.counter, s.nonce[0], s.nonce[1], s.nonce[2]
+	)
+
+	// Three quarters of the first round don't depend on the counter, so we can
+	// calculate them here, and reuse them for multiple blocks in the loop, and
+	// for future XORKeyStream invocations.
+	if !s.precompDone {
+		s.p1, s.p5, s.p9, s.p13 = quarterRound(c1, c5, c9, c13)
+		s.p2, s.p6, s.p10, s.p14 = quarterRound(c2, c6, c10, c14)
+		s.p3, s.p7, s.p11, s.p15 = quarterRound(c3, c7, c11, c15)
+		s.precompDone = true
+	}
+
+	// A condition of len(src) > 0 would be sufficient, but this also
+	// acts as a bounds check elimination hint.
+	for len(src) >= 64 && len(dst) >= 64 {
+		// The remainder of the first column round.
+		fcr0, fcr4, fcr8, fcr12 := quarterRound(c0, c4, c8, s.counter)
+
+		// The second diagonal round.
+		x0, x5, x10, x15 := quarterRound(fcr0, s.p5, s.p10, s.p15)
+		x1, x6, x11, x12 := quarterRound(s.p1, s.p6, s.p11, fcr12)
+		x2, x7, x8, x13 := quarterRound(s.p2, s.p7, fcr8, s.p13)
+		x3, x4, x9, x14 := quarterRound(s.p3, fcr4, s.p9, s.p14)
+
+		// The remaining 18 rounds.
+		for i := 0; i < 9; i++ {
+			// Column round.
+			x0, x4, x8, x12 = quarterRound(x0, x4, x8, x12)
+			x1, x5, x9, x13 = quarterRound(x1, x5, x9, x13)
+			x2, x6, x10, x14 = quarterRound(x2, x6, x10, x14)
+			x3, x7, x11, x15 = quarterRound(x3, x7, x11, x15)
+
+			// Diagonal round.
+			x0, x5, x10, x15 = quarterRound(x0, x5, x10, x15)
+			x1, x6, x11, x12 = quarterRound(x1, x6, x11, x12)
+			x2, x7, x8, x13 = quarterRound(x2, x7, x8, x13)
+			x3, x4, x9, x14 = quarterRound(x3, x4, x9, x14)
+		}
+
+		// Add back the initial state to generate the key stream, then
+		// XOR the key stream with the source and write out the result.
+		addXor(dst[0:4], src[0:4], x0, c0)
+		addXor(dst[4:8], src[4:8], x1, c1)
+		addXor(dst[8:12], src[8:12], x2, c2)
+		addXor(dst[12:16], src[12:16], x3, c3)
+		addXor(dst[16:20], src[16:20], x4, c4)
+		addXor(dst[20:24], src[20:24], x5, c5)
+		addXor(dst[24:28], src[24:28], x6, c6)
+		addXor(dst[28:32], src[28:32], x7, c7)
+		addXor(dst[32:36], src[32:36], x8, c8)
+		addXor(dst[36:40], src[36:40], x9, c9)
+		addXor(dst[40:44], src[40:44], x10, c10)
+		addXor(dst[44:48], src[44:48], x11, c11)
+		addXor(dst[48:52], src[48:52], x12, s.counter)
+		addXor(dst[52:56], src[52:56], x13, c13)
+		addXor(dst[56:60], src[56:60], x14, c14)
+		addXor(dst[60:64], src[60:64], x15, c15)
+
+		s.counter += 1
+
+		src, dst = src[blockSize:], dst[blockSize:]
+	}
+}
+
+// HChaCha20 uses the ChaCha20 core to generate a derived key from a 32 bytes
+// key and a 16 bytes nonce. It returns an error if key or nonce have any other
+// length. It is used as part of the XChaCha20 construction.
+func HChaCha20(key, nonce []byte) ([]byte, error) {
+	// This function is split into a wrapper so that the slice allocation will
+	// be inlined, and depending on how the caller uses the return value, won't
+	// escape to the heap.
+	out := make([]byte, 32)
+	return hChaCha20(out, key, nonce)
+}
+
+func hChaCha20(out, key, nonce []byte) ([]byte, error) {
+	if len(key) != KeySize {
+		return nil, errors.New("chacha20: wrong HChaCha20 key size")
+	}
+	if len(nonce) != 16 {
+		return nil, errors.New("chacha20: wrong HChaCha20 nonce size")
+	}
+
+	x0, x1, x2, x3 := j0, j1, j2, j3
+	x4 := binary.LittleEndian.Uint32(key[0:4])
+	x5 := binary.LittleEndian.Uint32(key[4:8])
+	x6 := binary.LittleEndian.Uint32(key[8:12])
+	x7 := binary.LittleEndian.Uint32(key[12:16])
+	x8 := binary.LittleEndian.Uint32(key[16:20])
+	x9 := binary.LittleEndian.Uint32(key[20:24])
+	x10 := binary.LittleEndian.Uint32(key[24:28])
+	x11 := binary.LittleEndian.Uint32(key[28:32])
+	x12 := binary.LittleEndian.Uint32(nonce[0:4])
+	x13 := binary.LittleEndian.Uint32(nonce[4:8])
+	x14 := binary.LittleEndian.Uint32(nonce[8:12])
+	x15 := binary.LittleEndian.Uint32(nonce[12:16])
+
+	for i := 0; i < 10; i++ {
+		// Diagonal round.
+		x0, x4, x8, x12 = quarterRound(x0, x4, x8, x12)
+		x1, x5, x9, x13 = quarterRound(x1, x5, x9, x13)
+		x2, x6, x10, x14 = quarterRound(x2, x6, x10, x14)
+		x3, x7, x11, x15 = quarterRound(x3, x7, x11, x15)
+
+		// Column round.
+		x0, x5, x10, x15 = quarterRound(x0, x5, x10, x15)
+		x1, x6, x11, x12 = quarterRound(x1, x6, x11, x12)
+		x2, x7, x8, x13 = quarterRound(x2, x7, x8, x13)
+		x3, x4, x9, x14 = quarterRound(x3, x4, x9, x14)
+	}
+
+	_ = out[31] // bounds check elimination hint
+	binary.LittleEndian.PutUint32(out[0:4], x0)
+	binary.LittleEndian.PutUint32(out[4:8], x1)
+	binary.LittleEndian.PutUint32(out[8:12], x2)
+	binary.LittleEndian.PutUint32(out[12:16], x3)
+	binary.LittleEndian.PutUint32(out[16:20], x12)
+	binary.LittleEndian.PutUint32(out[20:24], x13)
+	binary.LittleEndian.PutUint32(out[24:28], x14)
+	binary.LittleEndian.PutUint32(out[28:32], x15)
+	return out, nil
+}
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/chacha_noasm.go b/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go
similarity index 50%
rename from vendor/golang.org/x/crypto/internal/chacha20/chacha_noasm.go
rename to vendor/golang.org/x/crypto/chacha20/chacha_noasm.go
index fc268252..4635307b 100644
--- a/vendor/golang.org/x/crypto/internal/chacha20/chacha_noasm.go
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go
@@ -2,15 +2,12 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !arm64,!s390x,!ppc64le arm64,!go1.11 gccgo appengine
+// +build !arm64,!s390x,!ppc64le arm64,!go1.11 gccgo purego
 
 package chacha20
 
-const (
-	bufSize = 64
-	haveAsm = false
-)
+const bufSize = blockSize
 
-func (*Cipher) xorKeyStreamAsm(dst, src []byte) {
-	panic("not implemented")
+func (s *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+	s.xorKeyStreamBlocksGeneric(dst, src)
 }
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go
new file mode 100644
index 00000000..b7993303
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go
@@ -0,0 +1,16 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo,!purego
+
+package chacha20
+
+const bufSize = 256
+
+//go:noescape
+func chaCha20_ctr32_vsx(out, inp *byte, len int, key *[8]uint32, counter *uint32)
+
+func (c *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+	chaCha20_ctr32_vsx(&dst[0], &src[0], len(src), &c.key, &c.counter)
+}
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/asm_ppc64le.s b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s
similarity index 95%
rename from vendor/golang.org/x/crypto/internal/chacha20/asm_ppc64le.s
rename to vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s
index 54418522..23c60216 100644
--- a/vendor/golang.org/x/crypto/internal/chacha20/asm_ppc64le.s
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s
@@ -19,7 +19,7 @@
 // The differences in this and the original implementation are
 // due to the calling conventions and initialization of constants.
 
-// +build ppc64le,!gccgo,!appengine
+// +build !gccgo,!purego
 
 #include "textflag.h"
 
@@ -31,24 +31,7 @@
 #define TMP  R15
 
 #define CONSTBASE  R16
-
-#define X0   R11
-#define X1   R12
-#define X2   R14
-#define X3   R15
-#define X4   R16
-#define X5   R17
-#define X6   R18
-#define X7   R19
-#define X8   R20
-#define X9   R21
-#define X10  R22
-#define X11  R23
-#define X12  R24
-#define X13  R25
-#define X14  R26
-#define X15  R27
-
+#define BLOCKS R17
 
 DATA consts<>+0x00(SB)/8, $0x3320646e61707865
 DATA consts<>+0x08(SB)/8, $0x6b20657479622d32
@@ -72,13 +55,13 @@ DATA consts<>+0x90(SB)/8, $0x0000000100000000
 DATA consts<>+0x98(SB)/8, $0x0000000300000002
 GLOBL consts<>(SB), RODATA, $0xa0
 
-//func chaCha20_ctr32_vsx(out, inp []byte, len int, key *[32]byte, counter *[16]byte)
+//func chaCha20_ctr32_vsx(out, inp *byte, len int, key *[8]uint32, counter *uint32)
 TEXT ·chaCha20_ctr32_vsx(SB),NOSPLIT,$64-40
 	MOVD out+0(FP), OUT
 	MOVD inp+8(FP), INP
 	MOVD len+16(FP), LEN
 	MOVD key+24(FP), KEY
-	MOVD cnt+32(FP), CNT
+	MOVD counter+32(FP), CNT
 
 	// Addressing for constants
 	MOVD $consts<>+0x00(SB), CONSTBASE
@@ -86,6 +69,7 @@ TEXT ·chaCha20_ctr32_vsx(SB),NOSPLIT,$64-40
 	MOVD $32, R9
 	MOVD $48, R10
 	MOVD $64, R11
+	SRD $6, LEN, BLOCKS
 	// V16
 	LXVW4X (CONSTBASE)(R0), VS48
 	ADD $80,CONSTBASE
@@ -429,9 +413,9 @@ loop_vsx:
 	BNE  loop_outer_vsx
 
 done_vsx:
-	// Increment counter by 4
+	// Increment counter by number of 64 byte blocks
 	MOVD (CNT), R14
-	ADD  $4, R14
+	ADD  BLOCKS, R14
 	MOVD R14, (CNT)
 	RET
 
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
new file mode 100644
index 00000000..a9244bdf
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
@@ -0,0 +1,26 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo,!purego
+
+package chacha20
+
+import "golang.org/x/sys/cpu"
+
+var haveAsm = cpu.S390X.HasVX
+
+const bufSize = 256
+
+// xorKeyStreamVX is an assembly implementation of XORKeyStream. It must only
+// be called when the vector facility is available. Implementation in asm_s390x.s.
+//go:noescape
+func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
+
+func (c *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+	if cpu.S390X.HasVX {
+		xorKeyStreamVX(dst, src, &c.key, &c.nonce, &c.counter)
+	} else {
+		c.xorKeyStreamBlocksGeneric(dst, src)
+	}
+}
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.s b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s
similarity index 87%
rename from vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.s
rename to vendor/golang.org/x/crypto/chacha20/chacha_s390x.s
index 57df4044..89c658c4 100644
--- a/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.s
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build s390x,!gccgo,!appengine
+// +build !gccgo,!purego
 
 #include "go_asm.h"
 #include "textflag.h"
@@ -24,15 +24,6 @@ DATA ·constants<>+0x14(SB)/4, $0x3320646e
 DATA ·constants<>+0x18(SB)/4, $0x79622d32
 DATA ·constants<>+0x1c(SB)/4, $0x6b206574
 
-// EXRL targets:
-TEXT ·mvcSrcToBuf(SB), NOFRAME|NOSPLIT, $0
-	MVC $1, (R1), (R8)
-	RET
-
-TEXT ·mvcBufToDst(SB), NOFRAME|NOSPLIT, $0
-	MVC $1, (R8), (R9)
-	RET
-
 #define BSWAP V5
 #define J0    V6
 #define KEY0  V7
@@ -144,7 +135,7 @@ TEXT ·mvcBufToDst(SB), NOFRAME|NOSPLIT, $0
 	VMRHF v, w, c \ // c = {a[2], b[2], c[2], d[2]}
 	VMRLF v, w, d // d = {a[3], b[3], c[3], d[3]}
 
-// func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32, buf *[256]byte, len *int)
+// func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
 TEXT ·xorKeyStreamVX(SB), NOSPLIT, $0
 	MOVD $·constants<>(SB), R1
 	MOVD dst+0(FP), R2         // R2=&dst[0]
@@ -152,25 +143,10 @@ TEXT ·xorKeyStreamVX(SB), NOSPLIT, $0
 	MOVD key+48(FP), R5        // R5=key
 	MOVD nonce+56(FP), R6      // R6=nonce
 	MOVD counter+64(FP), R7    // R7=counter
-	MOVD buf+72(FP), R8        // R8=buf
-	MOVD len+80(FP), R9        // R9=len
 
 	// load BSWAP and J0
 	VLM (R1), BSWAP, J0
 
-	// set up tail buffer
-	ADD     $-1, R4, R12
-	MOVBZ   R12, R12
-	CMPUBEQ R12, $255, aligned
-	MOVD    R4, R1
-	AND     $~255, R1
-	MOVD    $(R3)(R1*1), R1
-	EXRL    $·mvcSrcToBuf(SB), R12
-	MOVD    $255, R0
-	SUB     R12, R0
-	MOVD    R0, (R9)               // update len
-
-aligned:
 	// setup
 	MOVD  $95, R0
 	VLM   (R5), KEY0, KEY1
@@ -217,9 +193,7 @@ loop:
 
 	// decrement length
 	ADD $-256, R4
-	BLT tail
 
-continue:
 	// rearrange vectors
 	SHUFFLE(X0, X1, X2, X3, M0, M1, M2, M3)
 	ADDV(J0, X0, X1, X2, X3)
@@ -245,16 +219,6 @@ continue:
 	MOVD $256(R3), R3
 
 	CMPBNE  R4, $0, chacha
-	CMPUBEQ R12, $255, return
-	EXRL    $·mvcBufToDst(SB), R12 // len was updated during setup
 
-return:
 	VSTEF $0, CTR, (R7)
 	RET
-
-tail:
-	MOVD R2, R9
-	MOVD R8, R2
-	MOVD R8, R3
-	MOVD $0, R4
-	JMP  continue
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/xor.go b/vendor/golang.org/x/crypto/chacha20/xor.go
similarity index 73%
rename from vendor/golang.org/x/crypto/internal/chacha20/xor.go
rename to vendor/golang.org/x/crypto/chacha20/xor.go
index 9c5ba0b3..c2d04851 100644
--- a/vendor/golang.org/x/crypto/internal/chacha20/xor.go
+++ b/vendor/golang.org/x/crypto/chacha20/xor.go
@@ -4,9 +4,7 @@
 
 package chacha20
 
-import (
-	"runtime"
-)
+import "runtime"
 
 // Platforms that have fast unaligned 32-bit little endian accesses.
 const unaligned = runtime.GOARCH == "386" ||
@@ -15,10 +13,10 @@ const unaligned = runtime.GOARCH == "386" ||
 	runtime.GOARCH == "ppc64le" ||
 	runtime.GOARCH == "s390x"
 
-// xor reads a little endian uint32 from src, XORs it with u and
+// addXor reads a little endian uint32 from src, XORs it with (a + b) and
 // places the result in little endian byte order in dst.
-func xor(dst, src []byte, u uint32) {
-	_, _ = src[3], dst[3] // eliminate bounds checks
+func addXor(dst, src []byte, a, b uint32) {
+	_, _ = src[3], dst[3] // bounds check elimination hint
 	if unaligned {
 		// The compiler should optimize this code into
 		// 32-bit unaligned little endian loads and stores.
@@ -29,15 +27,16 @@ func xor(dst, src []byte, u uint32) {
 		v |= uint32(src[1]) << 8
 		v |= uint32(src[2]) << 16
 		v |= uint32(src[3]) << 24
-		v ^= u
+		v ^= a + b
 		dst[0] = byte(v)
 		dst[1] = byte(v >> 8)
 		dst[2] = byte(v >> 16)
 		dst[3] = byte(v >> 24)
 	} else {
-		dst[0] = src[0] ^ byte(u)
-		dst[1] = src[1] ^ byte(u>>8)
-		dst[2] = src[2] ^ byte(u>>16)
-		dst[3] = src[3] ^ byte(u>>24)
+		a += b
+		dst[0] = src[0] ^ byte(a)
+		dst[1] = src[1] ^ byte(a>>8)
+		dst[2] = src[2] ^ byte(a>>16)
+		dst[3] = src[3] ^ byte(a>>24)
 	}
 }
diff --git a/vendor/golang.org/x/crypto/curve25519/const_amd64.h b/vendor/golang.org/x/crypto/curve25519/const_amd64.h
deleted file mode 100644
index b3f74162..00000000
--- a/vendor/golang.org/x/crypto/curve25519/const_amd64.h
+++ /dev/null
@@ -1,8 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-#define REDMASK51     0x0007FFFFFFFFFFFF
diff --git a/vendor/golang.org/x/crypto/curve25519/const_amd64.s b/vendor/golang.org/x/crypto/curve25519/const_amd64.s
deleted file mode 100644
index ee7b4bd5..00000000
--- a/vendor/golang.org/x/crypto/curve25519/const_amd64.s
+++ /dev/null
@@ -1,20 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-// +build amd64,!gccgo,!appengine
-
-// These constants cannot be encoded in non-MOVQ immediates.
-// We access them directly from memory instead.
-
-DATA ·_121666_213(SB)/8, $996687872
-GLOBL ·_121666_213(SB), 8, $8
-
-DATA ·_2P0(SB)/8, $0xFFFFFFFFFFFDA
-GLOBL ·_2P0(SB), 8, $8
-
-DATA ·_2P1234(SB)/8, $0xFFFFFFFFFFFFE
-GLOBL ·_2P1234(SB), 8, $8
diff --git a/vendor/golang.org/x/crypto/curve25519/cswap_amd64.s b/vendor/golang.org/x/crypto/curve25519/cswap_amd64.s
deleted file mode 100644
index cd793a5b..00000000
--- a/vendor/golang.org/x/crypto/curve25519/cswap_amd64.s
+++ /dev/null
@@ -1,65 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build amd64,!gccgo,!appengine
-
-// func cswap(inout *[4][5]uint64, v uint64)
-TEXT ·cswap(SB),7,$0
-	MOVQ inout+0(FP),DI
-	MOVQ v+8(FP),SI
-
-	SUBQ $1, SI
-	NOTQ SI
-	MOVQ SI, X15
-	PSHUFD $0x44, X15, X15
-
-	MOVOU 0(DI), X0
-	MOVOU 16(DI), X2
-	MOVOU 32(DI), X4
-	MOVOU 48(DI), X6
-	MOVOU 64(DI), X8
-	MOVOU 80(DI), X1
-	MOVOU 96(DI), X3
-	MOVOU 112(DI), X5
-	MOVOU 128(DI), X7
-	MOVOU 144(DI), X9
-
-	MOVO X1, X10
-	MOVO X3, X11
-	MOVO X5, X12
-	MOVO X7, X13
-	MOVO X9, X14
-
-	PXOR X0, X10
-	PXOR X2, X11
-	PXOR X4, X12
-	PXOR X6, X13
-	PXOR X8, X14
-	PAND X15, X10
-	PAND X15, X11
-	PAND X15, X12
-	PAND X15, X13
-	PAND X15, X14
-	PXOR X10, X0
-	PXOR X10, X1
-	PXOR X11, X2
-	PXOR X11, X3
-	PXOR X12, X4
-	PXOR X12, X5
-	PXOR X13, X6
-	PXOR X13, X7
-	PXOR X14, X8
-	PXOR X14, X9
-
-	MOVOU X0, 0(DI)
-	MOVOU X2, 16(DI)
-	MOVOU X4, 32(DI)
-	MOVOU X6, 48(DI)
-	MOVOU X8, 64(DI)
-	MOVOU X1, 80(DI)
-	MOVOU X3, 96(DI)
-	MOVOU X5, 112(DI)
-	MOVOU X7, 128(DI)
-	MOVOU X9, 144(DI)
-	RET
diff --git a/vendor/golang.org/x/crypto/curve25519/curve25519.go b/vendor/golang.org/x/crypto/curve25519/curve25519.go
index 75f24bab..4b9a655d 100644
--- a/vendor/golang.org/x/crypto/curve25519/curve25519.go
+++ b/vendor/golang.org/x/crypto/curve25519/curve25519.go
@@ -1,834 +1,95 @@
-// Copyright 2013 The Go Authors. All rights reserved.
+// Copyright 2019 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// We have an implementation in amd64 assembly so this code is only run on
-// non-amd64 platforms. The amd64 assembly does not support gccgo.
-// +build !amd64 gccgo appengine
-
-package curve25519
+// Package curve25519 provides an implementation of the X25519 function, which
+// performs scalar multiplication on the elliptic curve known as Curve25519.
+// See RFC 7748.
+package curve25519 // import "golang.org/x/crypto/curve25519"
 
 import (
-	"encoding/binary"
+	"crypto/subtle"
+	"fmt"
 )
 
-// This code is a port of the public domain, "ref10" implementation of
-// curve25519 from SUPERCOP 20130419 by D. J. Bernstein.
+// ScalarMult sets dst to the product scalar * point.
+//
+// Deprecated: when provided a low-order point, ScalarMult will set dst to all
+// zeroes, irrespective of the scalar. Instead, use the X25519 function, which
+// will return an error.
+func ScalarMult(dst, scalar, point *[32]byte) {
+	scalarMult(dst, scalar, point)
+}
 
-// fieldElement represents an element of the field GF(2^255 - 19). An element
-// t, entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77
-// t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on
-// context.
-type fieldElement [10]int32
+// ScalarBaseMult sets dst to the product scalar * base where base is the
+// standard generator.
+//
+// It is recommended to use the X25519 function with Basepoint instead, as
+// copying into fixed size arrays can lead to unexpected bugs.
+func ScalarBaseMult(dst, scalar *[32]byte) {
+	ScalarMult(dst, scalar, &basePoint)
+}
 
-func feZero(fe *fieldElement) {
-	for i := range fe {
-		fe[i] = 0
+const (
+	// ScalarSize is the size of the scalar input to X25519.
+	ScalarSize = 32
+	// PointSize is the size of the point input to X25519.
+	PointSize = 32
+)
+
+// Basepoint is the canonical Curve25519 generator.
+var Basepoint []byte
+
+var basePoint = [32]byte{9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
+
+func init() { Basepoint = basePoint[:] }
+
+func checkBasepoint() {
+	if subtle.ConstantTimeCompare(Basepoint, []byte{
+		0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	}) != 1 {
+		panic("curve25519: global Basepoint value was modified")
 	}
 }
 
-func feOne(fe *fieldElement) {
-	feZero(fe)
-	fe[0] = 1
+// X25519 returns the result of the scalar multiplication (scalar * point),
+// according to RFC 7748, Section 5. scalar, point and the return value are
+// slices of 32 bytes.
+//
+// scalar can be generated at random, for example with crypto/rand. point should
+// be either Basepoint or the output of another X25519 call.
+//
+// If point is Basepoint (but not if it's a different slice with the same
+// contents) a precomputed implementation might be used for performance.
+func X25519(scalar, point []byte) ([]byte, error) {
+	// Outline the body of function, to let the allocation be inlined in the
+	// caller, and possibly avoid escaping to the heap.
+	var dst [32]byte
+	return x25519(&dst, scalar, point)
 }
 
-func feAdd(dst, a, b *fieldElement) {
-	for i := range dst {
-		dst[i] = a[i] + b[i]
+func x25519(dst *[32]byte, scalar, point []byte) ([]byte, error) {
+	var in [32]byte
+	if l := len(scalar); l != 32 {
+		return nil, fmt.Errorf("bad scalar length: %d, expected %d", l, 32)
 	}
-}
-
-func feSub(dst, a, b *fieldElement) {
-	for i := range dst {
-		dst[i] = a[i] - b[i]
-	}
-}
-
-func feCopy(dst, src *fieldElement) {
-	for i := range dst {
-		dst[i] = src[i]
-	}
-}
-
-// feCSwap replaces (f,g) with (g,f) if b == 1; replaces (f,g) with (f,g) if b == 0.
-//
-// Preconditions: b in {0,1}.
-func feCSwap(f, g *fieldElement, b int32) {
-	b = -b
-	for i := range f {
-		t := b & (f[i] ^ g[i])
-		f[i] ^= t
-		g[i] ^= t
-	}
-}
-
-// load3 reads a 24-bit, little-endian value from in.
-func load3(in []byte) int64 {
-	var r int64
-	r = int64(in[0])
-	r |= int64(in[1]) << 8
-	r |= int64(in[2]) << 16
-	return r
-}
-
-// load4 reads a 32-bit, little-endian value from in.
-func load4(in []byte) int64 {
-	return int64(binary.LittleEndian.Uint32(in))
-}
-
-func feFromBytes(dst *fieldElement, src *[32]byte) {
-	h0 := load4(src[:])
-	h1 := load3(src[4:]) << 6
-	h2 := load3(src[7:]) << 5
-	h3 := load3(src[10:]) << 3
-	h4 := load3(src[13:]) << 2
-	h5 := load4(src[16:])
-	h6 := load3(src[20:]) << 7
-	h7 := load3(src[23:]) << 5
-	h8 := load3(src[26:]) << 4
-	h9 := (load3(src[29:]) & 0x7fffff) << 2
-
-	var carry [10]int64
-	carry[9] = (h9 + 1<<24) >> 25
-	h0 += carry[9] * 19
-	h9 -= carry[9] << 25
-	carry[1] = (h1 + 1<<24) >> 25
-	h2 += carry[1]
-	h1 -= carry[1] << 25
-	carry[3] = (h3 + 1<<24) >> 25
-	h4 += carry[3]
-	h3 -= carry[3] << 25
-	carry[5] = (h5 + 1<<24) >> 25
-	h6 += carry[5]
-	h5 -= carry[5] << 25
-	carry[7] = (h7 + 1<<24) >> 25
-	h8 += carry[7]
-	h7 -= carry[7] << 25
-
-	carry[0] = (h0 + 1<<25) >> 26
-	h1 += carry[0]
-	h0 -= carry[0] << 26
-	carry[2] = (h2 + 1<<25) >> 26
-	h3 += carry[2]
-	h2 -= carry[2] << 26
-	carry[4] = (h4 + 1<<25) >> 26
-	h5 += carry[4]
-	h4 -= carry[4] << 26
-	carry[6] = (h6 + 1<<25) >> 26
-	h7 += carry[6]
-	h6 -= carry[6] << 26
-	carry[8] = (h8 + 1<<25) >> 26
-	h9 += carry[8]
-	h8 -= carry[8] << 26
-
-	dst[0] = int32(h0)
-	dst[1] = int32(h1)
-	dst[2] = int32(h2)
-	dst[3] = int32(h3)
-	dst[4] = int32(h4)
-	dst[5] = int32(h5)
-	dst[6] = int32(h6)
-	dst[7] = int32(h7)
-	dst[8] = int32(h8)
-	dst[9] = int32(h9)
-}
-
-// feToBytes marshals h to s.
-// Preconditions:
-//   |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-//
-// Write p=2^255-19; q=floor(h/p).
-// Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
-//
-// Proof:
-//   Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
-//   Also have |h-2^230 h9|<2^230 so |19 2^(-255)(h-2^230 h9)|<1/4.
-//
-//   Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
-//   Then 0<y<1.
-//
-//   Write r=h-pq.
-//   Have 0<=r<=p-1=2^255-20.
-//   Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
-//
-//   Write x=r+19(2^-255)r+y.
-//   Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
-//
-//   Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
-//   so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
-func feToBytes(s *[32]byte, h *fieldElement) {
-	var carry [10]int32
-
-	q := (19*h[9] + (1 << 24)) >> 25
-	q = (h[0] + q) >> 26
-	q = (h[1] + q) >> 25
-	q = (h[2] + q) >> 26
-	q = (h[3] + q) >> 25
-	q = (h[4] + q) >> 26
-	q = (h[5] + q) >> 25
-	q = (h[6] + q) >> 26
-	q = (h[7] + q) >> 25
-	q = (h[8] + q) >> 26
-	q = (h[9] + q) >> 25
-
-	// Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20.
-	h[0] += 19 * q
-	// Goal: Output h-2^255 q, which is between 0 and 2^255-20.
-
-	carry[0] = h[0] >> 26
-	h[1] += carry[0]
-	h[0] -= carry[0] << 26
-	carry[1] = h[1] >> 25
-	h[2] += carry[1]
-	h[1] -= carry[1] << 25
-	carry[2] = h[2] >> 26
-	h[3] += carry[2]
-	h[2] -= carry[2] << 26
-	carry[3] = h[3] >> 25
-	h[4] += carry[3]
-	h[3] -= carry[3] << 25
-	carry[4] = h[4] >> 26
-	h[5] += carry[4]
-	h[4] -= carry[4] << 26
-	carry[5] = h[5] >> 25
-	h[6] += carry[5]
-	h[5] -= carry[5] << 25
-	carry[6] = h[6] >> 26
-	h[7] += carry[6]
-	h[6] -= carry[6] << 26
-	carry[7] = h[7] >> 25
-	h[8] += carry[7]
-	h[7] -= carry[7] << 25
-	carry[8] = h[8] >> 26
-	h[9] += carry[8]
-	h[8] -= carry[8] << 26
-	carry[9] = h[9] >> 25
-	h[9] -= carry[9] << 25
-	// h10 = carry9
-
-	// Goal: Output h[0]+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
-	// Have h[0]+...+2^230 h[9] between 0 and 2^255-1;
-	// evidently 2^255 h10-2^255 q = 0.
-	// Goal: Output h[0]+...+2^230 h[9].
-
-	s[0] = byte(h[0] >> 0)
-	s[1] = byte(h[0] >> 8)
-	s[2] = byte(h[0] >> 16)
-	s[3] = byte((h[0] >> 24) | (h[1] << 2))
-	s[4] = byte(h[1] >> 6)
-	s[5] = byte(h[1] >> 14)
-	s[6] = byte((h[1] >> 22) | (h[2] << 3))
-	s[7] = byte(h[2] >> 5)
-	s[8] = byte(h[2] >> 13)
-	s[9] = byte((h[2] >> 21) | (h[3] << 5))
-	s[10] = byte(h[3] >> 3)
-	s[11] = byte(h[3] >> 11)
-	s[12] = byte((h[3] >> 19) | (h[4] << 6))
-	s[13] = byte(h[4] >> 2)
-	s[14] = byte(h[4] >> 10)
-	s[15] = byte(h[4] >> 18)
-	s[16] = byte(h[5] >> 0)
-	s[17] = byte(h[5] >> 8)
-	s[18] = byte(h[5] >> 16)
-	s[19] = byte((h[5] >> 24) | (h[6] << 1))
-	s[20] = byte(h[6] >> 7)
-	s[21] = byte(h[6] >> 15)
-	s[22] = byte((h[6] >> 23) | (h[7] << 3))
-	s[23] = byte(h[7] >> 5)
-	s[24] = byte(h[7] >> 13)
-	s[25] = byte((h[7] >> 21) | (h[8] << 4))
-	s[26] = byte(h[8] >> 4)
-	s[27] = byte(h[8] >> 12)
-	s[28] = byte((h[8] >> 20) | (h[9] << 6))
-	s[29] = byte(h[9] >> 2)
-	s[30] = byte(h[9] >> 10)
-	s[31] = byte(h[9] >> 18)
-}
-
-// feMul calculates h = f * g
-// Can overlap h with f or g.
-//
-// Preconditions:
-//    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-//    |g| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-//
-// Postconditions:
-//    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-//
-// Notes on implementation strategy:
-//
-// Using schoolbook multiplication.
-// Karatsuba would save a little in some cost models.
-//
-// Most multiplications by 2 and 19 are 32-bit precomputations;
-// cheaper than 64-bit postcomputations.
-//
-// There is one remaining multiplication by 19 in the carry chain;
-// one *19 precomputation can be merged into this,
-// but the resulting data flow is considerably less clean.
-//
-// There are 12 carries below.
-// 10 of them are 2-way parallelizable and vectorizable.
-// Can get away with 11 carries, but then data flow is much deeper.
-//
-// With tighter constraints on inputs can squeeze carries into int32.
-func feMul(h, f, g *fieldElement) {
-	f0 := f[0]
-	f1 := f[1]
-	f2 := f[2]
-	f3 := f[3]
-	f4 := f[4]
-	f5 := f[5]
-	f6 := f[6]
-	f7 := f[7]
-	f8 := f[8]
-	f9 := f[9]
-	g0 := g[0]
-	g1 := g[1]
-	g2 := g[2]
-	g3 := g[3]
-	g4 := g[4]
-	g5 := g[5]
-	g6 := g[6]
-	g7 := g[7]
-	g8 := g[8]
-	g9 := g[9]
-	g1_19 := 19 * g1 // 1.4*2^29
-	g2_19 := 19 * g2 // 1.4*2^30; still ok
-	g3_19 := 19 * g3
-	g4_19 := 19 * g4
-	g5_19 := 19 * g5
-	g6_19 := 19 * g6
-	g7_19 := 19 * g7
-	g8_19 := 19 * g8
-	g9_19 := 19 * g9
-	f1_2 := 2 * f1
-	f3_2 := 2 * f3
-	f5_2 := 2 * f5
-	f7_2 := 2 * f7
-	f9_2 := 2 * f9
-	f0g0 := int64(f0) * int64(g0)
-	f0g1 := int64(f0) * int64(g1)
-	f0g2 := int64(f0) * int64(g2)
-	f0g3 := int64(f0) * int64(g3)
-	f0g4 := int64(f0) * int64(g4)
-	f0g5 := int64(f0) * int64(g5)
-	f0g6 := int64(f0) * int64(g6)
-	f0g7 := int64(f0) * int64(g7)
-	f0g8 := int64(f0) * int64(g8)
-	f0g9 := int64(f0) * int64(g9)
-	f1g0 := int64(f1) * int64(g0)
-	f1g1_2 := int64(f1_2) * int64(g1)
-	f1g2 := int64(f1) * int64(g2)
-	f1g3_2 := int64(f1_2) * int64(g3)
-	f1g4 := int64(f1) * int64(g4)
-	f1g5_2 := int64(f1_2) * int64(g5)
-	f1g6 := int64(f1) * int64(g6)
-	f1g7_2 := int64(f1_2) * int64(g7)
-	f1g8 := int64(f1) * int64(g8)
-	f1g9_38 := int64(f1_2) * int64(g9_19)
-	f2g0 := int64(f2) * int64(g0)
-	f2g1 := int64(f2) * int64(g1)
-	f2g2 := int64(f2) * int64(g2)
-	f2g3 := int64(f2) * int64(g3)
-	f2g4 := int64(f2) * int64(g4)
-	f2g5 := int64(f2) * int64(g5)
-	f2g6 := int64(f2) * int64(g6)
-	f2g7 := int64(f2) * int64(g7)
-	f2g8_19 := int64(f2) * int64(g8_19)
-	f2g9_19 := int64(f2) * int64(g9_19)
-	f3g0 := int64(f3) * int64(g0)
-	f3g1_2 := int64(f3_2) * int64(g1)
-	f3g2 := int64(f3) * int64(g2)
-	f3g3_2 := int64(f3_2) * int64(g3)
-	f3g4 := int64(f3) * int64(g4)
-	f3g5_2 := int64(f3_2) * int64(g5)
-	f3g6 := int64(f3) * int64(g6)
-	f3g7_38 := int64(f3_2) * int64(g7_19)
-	f3g8_19 := int64(f3) * int64(g8_19)
-	f3g9_38 := int64(f3_2) * int64(g9_19)
-	f4g0 := int64(f4) * int64(g0)
-	f4g1 := int64(f4) * int64(g1)
-	f4g2 := int64(f4) * int64(g2)
-	f4g3 := int64(f4) * int64(g3)
-	f4g4 := int64(f4) * int64(g4)
-	f4g5 := int64(f4) * int64(g5)
-	f4g6_19 := int64(f4) * int64(g6_19)
-	f4g7_19 := int64(f4) * int64(g7_19)
-	f4g8_19 := int64(f4) * int64(g8_19)
-	f4g9_19 := int64(f4) * int64(g9_19)
-	f5g0 := int64(f5) * int64(g0)
-	f5g1_2 := int64(f5_2) * int64(g1)
-	f5g2 := int64(f5) * int64(g2)
-	f5g3_2 := int64(f5_2) * int64(g3)
-	f5g4 := int64(f5) * int64(g4)
-	f5g5_38 := int64(f5_2) * int64(g5_19)
-	f5g6_19 := int64(f5) * int64(g6_19)
-	f5g7_38 := int64(f5_2) * int64(g7_19)
-	f5g8_19 := int64(f5) * int64(g8_19)
-	f5g9_38 := int64(f5_2) * int64(g9_19)
-	f6g0 := int64(f6) * int64(g0)
-	f6g1 := int64(f6) * int64(g1)
-	f6g2 := int64(f6) * int64(g2)
-	f6g3 := int64(f6) * int64(g3)
-	f6g4_19 := int64(f6) * int64(g4_19)
-	f6g5_19 := int64(f6) * int64(g5_19)
-	f6g6_19 := int64(f6) * int64(g6_19)
-	f6g7_19 := int64(f6) * int64(g7_19)
-	f6g8_19 := int64(f6) * int64(g8_19)
-	f6g9_19 := int64(f6) * int64(g9_19)
-	f7g0 := int64(f7) * int64(g0)
-	f7g1_2 := int64(f7_2) * int64(g1)
-	f7g2 := int64(f7) * int64(g2)
-	f7g3_38 := int64(f7_2) * int64(g3_19)
-	f7g4_19 := int64(f7) * int64(g4_19)
-	f7g5_38 := int64(f7_2) * int64(g5_19)
-	f7g6_19 := int64(f7) * int64(g6_19)
-	f7g7_38 := int64(f7_2) * int64(g7_19)
-	f7g8_19 := int64(f7) * int64(g8_19)
-	f7g9_38 := int64(f7_2) * int64(g9_19)
-	f8g0 := int64(f8) * int64(g0)
-	f8g1 := int64(f8) * int64(g1)
-	f8g2_19 := int64(f8) * int64(g2_19)
-	f8g3_19 := int64(f8) * int64(g3_19)
-	f8g4_19 := int64(f8) * int64(g4_19)
-	f8g5_19 := int64(f8) * int64(g5_19)
-	f8g6_19 := int64(f8) * int64(g6_19)
-	f8g7_19 := int64(f8) * int64(g7_19)
-	f8g8_19 := int64(f8) * int64(g8_19)
-	f8g9_19 := int64(f8) * int64(g9_19)
-	f9g0 := int64(f9) * int64(g0)
-	f9g1_38 := int64(f9_2) * int64(g1_19)
-	f9g2_19 := int64(f9) * int64(g2_19)
-	f9g3_38 := int64(f9_2) * int64(g3_19)
-	f9g4_19 := int64(f9) * int64(g4_19)
-	f9g5_38 := int64(f9_2) * int64(g5_19)
-	f9g6_19 := int64(f9) * int64(g6_19)
-	f9g7_38 := int64(f9_2) * int64(g7_19)
-	f9g8_19 := int64(f9) * int64(g8_19)
-	f9g9_38 := int64(f9_2) * int64(g9_19)
-	h0 := f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 + f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38
-	h1 := f0g1 + f1g0 + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + f7g4_19 + f8g3_19 + f9g2_19
-	h2 := f0g2 + f1g1_2 + f2g0 + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + f7g5_38 + f8g4_19 + f9g3_38
-	h3 := f0g3 + f1g2 + f2g1 + f3g0 + f4g9_19 + f5g8_19 + f6g7_19 + f7g6_19 + f8g5_19 + f9g4_19
-	h4 := f0g4 + f1g3_2 + f2g2 + f3g1_2 + f4g0 + f5g9_38 + f6g8_19 + f7g7_38 + f8g6_19 + f9g5_38
-	h5 := f0g5 + f1g4 + f2g3 + f3g2 + f4g1 + f5g0 + f6g9_19 + f7g8_19 + f8g7_19 + f9g6_19
-	h6 := f0g6 + f1g5_2 + f2g4 + f3g3_2 + f4g2 + f5g1_2 + f6g0 + f7g9_38 + f8g8_19 + f9g7_38
-	h7 := f0g7 + f1g6 + f2g5 + f3g4 + f4g3 + f5g2 + f6g1 + f7g0 + f8g9_19 + f9g8_19
-	h8 := f0g8 + f1g7_2 + f2g6 + f3g5_2 + f4g4 + f5g3_2 + f6g2 + f7g1_2 + f8g0 + f9g9_38
-	h9 := f0g9 + f1g8 + f2g7 + f3g6 + f4g5 + f5g4 + f6g3 + f7g2 + f8g1 + f9g0
-	var carry [10]int64
-
-	// |h0| <= (1.1*1.1*2^52*(1+19+19+19+19)+1.1*1.1*2^50*(38+38+38+38+38))
-	//   i.e. |h0| <= 1.2*2^59; narrower ranges for h2, h4, h6, h8
-	// |h1| <= (1.1*1.1*2^51*(1+1+19+19+19+19+19+19+19+19))
-	//   i.e. |h1| <= 1.5*2^58; narrower ranges for h3, h5, h7, h9
-
-	carry[0] = (h0 + (1 << 25)) >> 26
-	h1 += carry[0]
-	h0 -= carry[0] << 26
-	carry[4] = (h4 + (1 << 25)) >> 26
-	h5 += carry[4]
-	h4 -= carry[4] << 26
-	// |h0| <= 2^25
-	// |h4| <= 2^25
-	// |h1| <= 1.51*2^58
-	// |h5| <= 1.51*2^58
-
-	carry[1] = (h1 + (1 << 24)) >> 25
-	h2 += carry[1]
-	h1 -= carry[1] << 25
-	carry[5] = (h5 + (1 << 24)) >> 25
-	h6 += carry[5]
-	h5 -= carry[5] << 25
-	// |h1| <= 2^24; from now on fits into int32
-	// |h5| <= 2^24; from now on fits into int32
-	// |h2| <= 1.21*2^59
-	// |h6| <= 1.21*2^59
-
-	carry[2] = (h2 + (1 << 25)) >> 26
-	h3 += carry[2]
-	h2 -= carry[2] << 26
-	carry[6] = (h6 + (1 << 25)) >> 26
-	h7 += carry[6]
-	h6 -= carry[6] << 26
-	// |h2| <= 2^25; from now on fits into int32 unchanged
-	// |h6| <= 2^25; from now on fits into int32 unchanged
-	// |h3| <= 1.51*2^58
-	// |h7| <= 1.51*2^58
-
-	carry[3] = (h3 + (1 << 24)) >> 25
-	h4 += carry[3]
-	h3 -= carry[3] << 25
-	carry[7] = (h7 + (1 << 24)) >> 25
-	h8 += carry[7]
-	h7 -= carry[7] << 25
-	// |h3| <= 2^24; from now on fits into int32 unchanged
-	// |h7| <= 2^24; from now on fits into int32 unchanged
-	// |h4| <= 1.52*2^33
-	// |h8| <= 1.52*2^33
-
-	carry[4] = (h4 + (1 << 25)) >> 26
-	h5 += carry[4]
-	h4 -= carry[4] << 26
-	carry[8] = (h8 + (1 << 25)) >> 26
-	h9 += carry[8]
-	h8 -= carry[8] << 26
-	// |h4| <= 2^25; from now on fits into int32 unchanged
-	// |h8| <= 2^25; from now on fits into int32 unchanged
-	// |h5| <= 1.01*2^24
-	// |h9| <= 1.51*2^58
-
-	carry[9] = (h9 + (1 << 24)) >> 25
-	h0 += carry[9] * 19
-	h9 -= carry[9] << 25
-	// |h9| <= 2^24; from now on fits into int32 unchanged
-	// |h0| <= 1.8*2^37
-
-	carry[0] = (h0 + (1 << 25)) >> 26
-	h1 += carry[0]
-	h0 -= carry[0] << 26
-	// |h0| <= 2^25; from now on fits into int32 unchanged
-	// |h1| <= 1.01*2^24
-
-	h[0] = int32(h0)
-	h[1] = int32(h1)
-	h[2] = int32(h2)
-	h[3] = int32(h3)
-	h[4] = int32(h4)
-	h[5] = int32(h5)
-	h[6] = int32(h6)
-	h[7] = int32(h7)
-	h[8] = int32(h8)
-	h[9] = int32(h9)
-}
-
-// feSquare calculates h = f*f. Can overlap h with f.
-//
-// Preconditions:
-//    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-//
-// Postconditions:
-//    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-func feSquare(h, f *fieldElement) {
-	f0 := f[0]
-	f1 := f[1]
-	f2 := f[2]
-	f3 := f[3]
-	f4 := f[4]
-	f5 := f[5]
-	f6 := f[6]
-	f7 := f[7]
-	f8 := f[8]
-	f9 := f[9]
-	f0_2 := 2 * f0
-	f1_2 := 2 * f1
-	f2_2 := 2 * f2
-	f3_2 := 2 * f3
-	f4_2 := 2 * f4
-	f5_2 := 2 * f5
-	f6_2 := 2 * f6
-	f7_2 := 2 * f7
-	f5_38 := 38 * f5 // 1.31*2^30
-	f6_19 := 19 * f6 // 1.31*2^30
-	f7_38 := 38 * f7 // 1.31*2^30
-	f8_19 := 19 * f8 // 1.31*2^30
-	f9_38 := 38 * f9 // 1.31*2^30
-	f0f0 := int64(f0) * int64(f0)
-	f0f1_2 := int64(f0_2) * int64(f1)
-	f0f2_2 := int64(f0_2) * int64(f2)
-	f0f3_2 := int64(f0_2) * int64(f3)
-	f0f4_2 := int64(f0_2) * int64(f4)
-	f0f5_2 := int64(f0_2) * int64(f5)
-	f0f6_2 := int64(f0_2) * int64(f6)
-	f0f7_2 := int64(f0_2) * int64(f7)
-	f0f8_2 := int64(f0_2) * int64(f8)
-	f0f9_2 := int64(f0_2) * int64(f9)
-	f1f1_2 := int64(f1_2) * int64(f1)
-	f1f2_2 := int64(f1_2) * int64(f2)
-	f1f3_4 := int64(f1_2) * int64(f3_2)
-	f1f4_2 := int64(f1_2) * int64(f4)
-	f1f5_4 := int64(f1_2) * int64(f5_2)
-	f1f6_2 := int64(f1_2) * int64(f6)
-	f1f7_4 := int64(f1_2) * int64(f7_2)
-	f1f8_2 := int64(f1_2) * int64(f8)
-	f1f9_76 := int64(f1_2) * int64(f9_38)
-	f2f2 := int64(f2) * int64(f2)
-	f2f3_2 := int64(f2_2) * int64(f3)
-	f2f4_2 := int64(f2_2) * int64(f4)
-	f2f5_2 := int64(f2_2) * int64(f5)
-	f2f6_2 := int64(f2_2) * int64(f6)
-	f2f7_2 := int64(f2_2) * int64(f7)
-	f2f8_38 := int64(f2_2) * int64(f8_19)
-	f2f9_38 := int64(f2) * int64(f9_38)
-	f3f3_2 := int64(f3_2) * int64(f3)
-	f3f4_2 := int64(f3_2) * int64(f4)
-	f3f5_4 := int64(f3_2) * int64(f5_2)
-	f3f6_2 := int64(f3_2) * int64(f6)
-	f3f7_76 := int64(f3_2) * int64(f7_38)
-	f3f8_38 := int64(f3_2) * int64(f8_19)
-	f3f9_76 := int64(f3_2) * int64(f9_38)
-	f4f4 := int64(f4) * int64(f4)
-	f4f5_2 := int64(f4_2) * int64(f5)
-	f4f6_38 := int64(f4_2) * int64(f6_19)
-	f4f7_38 := int64(f4) * int64(f7_38)
-	f4f8_38 := int64(f4_2) * int64(f8_19)
-	f4f9_38 := int64(f4) * int64(f9_38)
-	f5f5_38 := int64(f5) * int64(f5_38)
-	f5f6_38 := int64(f5_2) * int64(f6_19)
-	f5f7_76 := int64(f5_2) * int64(f7_38)
-	f5f8_38 := int64(f5_2) * int64(f8_19)
-	f5f9_76 := int64(f5_2) * int64(f9_38)
-	f6f6_19 := int64(f6) * int64(f6_19)
-	f6f7_38 := int64(f6) * int64(f7_38)
-	f6f8_38 := int64(f6_2) * int64(f8_19)
-	f6f9_38 := int64(f6) * int64(f9_38)
-	f7f7_38 := int64(f7) * int64(f7_38)
-	f7f8_38 := int64(f7_2) * int64(f8_19)
-	f7f9_76 := int64(f7_2) * int64(f9_38)
-	f8f8_19 := int64(f8) * int64(f8_19)
-	f8f9_38 := int64(f8) * int64(f9_38)
-	f9f9_38 := int64(f9) * int64(f9_38)
-	h0 := f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38
-	h1 := f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38
-	h2 := f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19
-	h3 := f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38
-	h4 := f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38
-	h5 := f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38
-	h6 := f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19
-	h7 := f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38
-	h8 := f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38
-	h9 := f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2
-	var carry [10]int64
-
-	carry[0] = (h0 + (1 << 25)) >> 26
-	h1 += carry[0]
-	h0 -= carry[0] << 26
-	carry[4] = (h4 + (1 << 25)) >> 26
-	h5 += carry[4]
-	h4 -= carry[4] << 26
-
-	carry[1] = (h1 + (1 << 24)) >> 25
-	h2 += carry[1]
-	h1 -= carry[1] << 25
-	carry[5] = (h5 + (1 << 24)) >> 25
-	h6 += carry[5]
-	h5 -= carry[5] << 25
-
-	carry[2] = (h2 + (1 << 25)) >> 26
-	h3 += carry[2]
-	h2 -= carry[2] << 26
-	carry[6] = (h6 + (1 << 25)) >> 26
-	h7 += carry[6]
-	h6 -= carry[6] << 26
-
-	carry[3] = (h3 + (1 << 24)) >> 25
-	h4 += carry[3]
-	h3 -= carry[3] << 25
-	carry[7] = (h7 + (1 << 24)) >> 25
-	h8 += carry[7]
-	h7 -= carry[7] << 25
-
-	carry[4] = (h4 + (1 << 25)) >> 26
-	h5 += carry[4]
-	h4 -= carry[4] << 26
-	carry[8] = (h8 + (1 << 25)) >> 26
-	h9 += carry[8]
-	h8 -= carry[8] << 26
-
-	carry[9] = (h9 + (1 << 24)) >> 25
-	h0 += carry[9] * 19
-	h9 -= carry[9] << 25
-
-	carry[0] = (h0 + (1 << 25)) >> 26
-	h1 += carry[0]
-	h0 -= carry[0] << 26
-
-	h[0] = int32(h0)
-	h[1] = int32(h1)
-	h[2] = int32(h2)
-	h[3] = int32(h3)
-	h[4] = int32(h4)
-	h[5] = int32(h5)
-	h[6] = int32(h6)
-	h[7] = int32(h7)
-	h[8] = int32(h8)
-	h[9] = int32(h9)
-}
-
-// feMul121666 calculates h = f * 121666. Can overlap h with f.
-//
-// Preconditions:
-//    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-//
-// Postconditions:
-//    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-func feMul121666(h, f *fieldElement) {
-	h0 := int64(f[0]) * 121666
-	h1 := int64(f[1]) * 121666
-	h2 := int64(f[2]) * 121666
-	h3 := int64(f[3]) * 121666
-	h4 := int64(f[4]) * 121666
-	h5 := int64(f[5]) * 121666
-	h6 := int64(f[6]) * 121666
-	h7 := int64(f[7]) * 121666
-	h8 := int64(f[8]) * 121666
-	h9 := int64(f[9]) * 121666
-	var carry [10]int64
-
-	carry[9] = (h9 + (1 << 24)) >> 25
-	h0 += carry[9] * 19
-	h9 -= carry[9] << 25
-	carry[1] = (h1 + (1 << 24)) >> 25
-	h2 += carry[1]
-	h1 -= carry[1] << 25
-	carry[3] = (h3 + (1 << 24)) >> 25
-	h4 += carry[3]
-	h3 -= carry[3] << 25
-	carry[5] = (h5 + (1 << 24)) >> 25
-	h6 += carry[5]
-	h5 -= carry[5] << 25
-	carry[7] = (h7 + (1 << 24)) >> 25
-	h8 += carry[7]
-	h7 -= carry[7] << 25
-
-	carry[0] = (h0 + (1 << 25)) >> 26
-	h1 += carry[0]
-	h0 -= carry[0] << 26
-	carry[2] = (h2 + (1 << 25)) >> 26
-	h3 += carry[2]
-	h2 -= carry[2] << 26
-	carry[4] = (h4 + (1 << 25)) >> 26
-	h5 += carry[4]
-	h4 -= carry[4] << 26
-	carry[6] = (h6 + (1 << 25)) >> 26
-	h7 += carry[6]
-	h6 -= carry[6] << 26
-	carry[8] = (h8 + (1 << 25)) >> 26
-	h9 += carry[8]
-	h8 -= carry[8] << 26
-
-	h[0] = int32(h0)
-	h[1] = int32(h1)
-	h[2] = int32(h2)
-	h[3] = int32(h3)
-	h[4] = int32(h4)
-	h[5] = int32(h5)
-	h[6] = int32(h6)
-	h[7] = int32(h7)
-	h[8] = int32(h8)
-	h[9] = int32(h9)
-}
-
-// feInvert sets out = z^-1.
-func feInvert(out, z *fieldElement) {
-	var t0, t1, t2, t3 fieldElement
-	var i int
-
-	feSquare(&t0, z)
-	for i = 1; i < 1; i++ {
-		feSquare(&t0, &t0)
-	}
-	feSquare(&t1, &t0)
-	for i = 1; i < 2; i++ {
-		feSquare(&t1, &t1)
-	}
-	feMul(&t1, z, &t1)
-	feMul(&t0, &t0, &t1)
-	feSquare(&t2, &t0)
-	for i = 1; i < 1; i++ {
-		feSquare(&t2, &t2)
-	}
-	feMul(&t1, &t1, &t2)
-	feSquare(&t2, &t1)
-	for i = 1; i < 5; i++ {
-		feSquare(&t2, &t2)
-	}
-	feMul(&t1, &t2, &t1)
-	feSquare(&t2, &t1)
-	for i = 1; i < 10; i++ {
-		feSquare(&t2, &t2)
-	}
-	feMul(&t2, &t2, &t1)
-	feSquare(&t3, &t2)
-	for i = 1; i < 20; i++ {
-		feSquare(&t3, &t3)
-	}
-	feMul(&t2, &t3, &t2)
-	feSquare(&t2, &t2)
-	for i = 1; i < 10; i++ {
-		feSquare(&t2, &t2)
-	}
-	feMul(&t1, &t2, &t1)
-	feSquare(&t2, &t1)
-	for i = 1; i < 50; i++ {
-		feSquare(&t2, &t2)
-	}
-	feMul(&t2, &t2, &t1)
-	feSquare(&t3, &t2)
-	for i = 1; i < 100; i++ {
-		feSquare(&t3, &t3)
-	}
-	feMul(&t2, &t3, &t2)
-	feSquare(&t2, &t2)
-	for i = 1; i < 50; i++ {
-		feSquare(&t2, &t2)
-	}
-	feMul(&t1, &t2, &t1)
-	feSquare(&t1, &t1)
-	for i = 1; i < 5; i++ {
-		feSquare(&t1, &t1)
-	}
-	feMul(out, &t1, &t0)
-}
-
-func scalarMult(out, in, base *[32]byte) {
-	var e [32]byte
-
-	copy(e[:], in[:])
-	e[0] &= 248
-	e[31] &= 127
-	e[31] |= 64
-
-	var x1, x2, z2, x3, z3, tmp0, tmp1 fieldElement
-	feFromBytes(&x1, base)
-	feOne(&x2)
-	feCopy(&x3, &x1)
-	feOne(&z3)
-
-	swap := int32(0)
-	for pos := 254; pos >= 0; pos-- {
-		b := e[pos/8] >> uint(pos&7)
-		b &= 1
-		swap ^= int32(b)
-		feCSwap(&x2, &x3, swap)
-		feCSwap(&z2, &z3, swap)
-		swap = int32(b)
-
-		feSub(&tmp0, &x3, &z3)
-		feSub(&tmp1, &x2, &z2)
-		feAdd(&x2, &x2, &z2)
-		feAdd(&z2, &x3, &z3)
-		feMul(&z3, &tmp0, &x2)
-		feMul(&z2, &z2, &tmp1)
-		feSquare(&tmp0, &tmp1)
-		feSquare(&tmp1, &x2)
-		feAdd(&x3, &z3, &z2)
-		feSub(&z2, &z3, &z2)
-		feMul(&x2, &tmp1, &tmp0)
-		feSub(&tmp1, &tmp1, &tmp0)
-		feSquare(&z2, &z2)
-		feMul121666(&z3, &tmp1)
-		feSquare(&x3, &x3)
-		feAdd(&tmp0, &tmp0, &z3)
-		feMul(&z3, &x1, &z2)
-		feMul(&z2, &tmp1, &tmp0)
-	}
-
-	feCSwap(&x2, &x3, swap)
-	feCSwap(&z2, &z3, swap)
-
-	feInvert(&z2, &z2)
-	feMul(&x2, &x2, &z2)
-	feToBytes(out, &x2)
+	if l := len(point); l != 32 {
+		return nil, fmt.Errorf("bad point length: %d, expected %d", l, 32)
+	}
+	copy(in[:], scalar)
+	if &point[0] == &Basepoint[0] {
+		checkBasepoint()
+		ScalarBaseMult(dst, &in)
+	} else {
+		var base, zero [32]byte
+		copy(base[:], point)
+		ScalarMult(dst, &in, &base)
+		if subtle.ConstantTimeCompare(dst[:], zero[:]) == 1 {
+			return nil, fmt.Errorf("bad input point: low order point")
+		}
+	}
+	return dst[:], nil
 }
diff --git a/vendor/golang.org/x/crypto/curve25519/mont25519_amd64.go b/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.go
similarity index 99%
rename from vendor/golang.org/x/crypto/curve25519/mont25519_amd64.go
rename to vendor/golang.org/x/crypto/curve25519/curve25519_amd64.go
index 5822bd53..5120b779 100644
--- a/vendor/golang.org/x/crypto/curve25519/mont25519_amd64.go
+++ b/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build amd64,!gccgo,!appengine
+// +build amd64,!gccgo,!appengine,!purego
 
 package curve25519
 
diff --git a/vendor/golang.org/x/crypto/curve25519/ladderstep_amd64.s b/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.s
similarity index 76%
rename from vendor/golang.org/x/crypto/curve25519/ladderstep_amd64.s
rename to vendor/golang.org/x/crypto/curve25519/curve25519_amd64.s
index e0ac30c7..0250c888 100644
--- a/vendor/golang.org/x/crypto/curve25519/ladderstep_amd64.s
+++ b/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.s
@@ -5,9 +5,84 @@
 // This code was translated into a form compatible with 6a from the public
 // domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
 
-// +build amd64,!gccgo,!appengine
+// +build amd64,!gccgo,!appengine,!purego
 
-#include "const_amd64.h"
+#define REDMASK51     0x0007FFFFFFFFFFFF
+
+// These constants cannot be encoded in non-MOVQ immediates.
+// We access them directly from memory instead.
+
+DATA ·_121666_213(SB)/8, $996687872
+GLOBL ·_121666_213(SB), 8, $8
+
+DATA ·_2P0(SB)/8, $0xFFFFFFFFFFFDA
+GLOBL ·_2P0(SB), 8, $8
+
+DATA ·_2P1234(SB)/8, $0xFFFFFFFFFFFFE
+GLOBL ·_2P1234(SB), 8, $8
+
+// func freeze(inout *[5]uint64)
+TEXT ·freeze(SB),7,$0-8
+	MOVQ inout+0(FP), DI
+
+	MOVQ 0(DI),SI
+	MOVQ 8(DI),DX
+	MOVQ 16(DI),CX
+	MOVQ 24(DI),R8
+	MOVQ 32(DI),R9
+	MOVQ $REDMASK51,AX
+	MOVQ AX,R10
+	SUBQ $18,R10
+	MOVQ $3,R11
+REDUCELOOP:
+	MOVQ SI,R12
+	SHRQ $51,R12
+	ANDQ AX,SI
+	ADDQ R12,DX
+	MOVQ DX,R12
+	SHRQ $51,R12
+	ANDQ AX,DX
+	ADDQ R12,CX
+	MOVQ CX,R12
+	SHRQ $51,R12
+	ANDQ AX,CX
+	ADDQ R12,R8
+	MOVQ R8,R12
+	SHRQ $51,R12
+	ANDQ AX,R8
+	ADDQ R12,R9
+	MOVQ R9,R12
+	SHRQ $51,R12
+	ANDQ AX,R9
+	IMUL3Q $19,R12,R12
+	ADDQ R12,SI
+	SUBQ $1,R11
+	JA REDUCELOOP
+	MOVQ $1,R12
+	CMPQ R10,SI
+	CMOVQLT R11,R12
+	CMPQ AX,DX
+	CMOVQNE R11,R12
+	CMPQ AX,CX
+	CMOVQNE R11,R12
+	CMPQ AX,R8
+	CMOVQNE R11,R12
+	CMPQ AX,R9
+	CMOVQNE R11,R12
+	NEGQ R12
+	ANDQ R12,AX
+	ANDQ R12,R10
+	SUBQ R10,SI
+	SUBQ AX,DX
+	SUBQ AX,CX
+	SUBQ AX,R8
+	SUBQ AX,R9
+	MOVQ SI,0(DI)
+	MOVQ DX,8(DI)
+	MOVQ CX,16(DI)
+	MOVQ R8,24(DI)
+	MOVQ R9,32(DI)
+	RET
 
 // func ladderstep(inout *[5][5]uint64)
 TEXT ·ladderstep(SB),0,$296-8
@@ -1375,3 +1450,344 @@ TEXT ·ladderstep(SB),0,$296-8
 	MOVQ AX,104(DI)
 	MOVQ R10,112(DI)
 	RET
+
+// func cswap(inout *[4][5]uint64, v uint64)
+TEXT ·cswap(SB),7,$0
+	MOVQ inout+0(FP),DI
+	MOVQ v+8(FP),SI
+
+	SUBQ $1, SI
+	NOTQ SI
+	MOVQ SI, X15
+	PSHUFD $0x44, X15, X15
+
+	MOVOU 0(DI), X0
+	MOVOU 16(DI), X2
+	MOVOU 32(DI), X4
+	MOVOU 48(DI), X6
+	MOVOU 64(DI), X8
+	MOVOU 80(DI), X1
+	MOVOU 96(DI), X3
+	MOVOU 112(DI), X5
+	MOVOU 128(DI), X7
+	MOVOU 144(DI), X9
+
+	MOVO X1, X10
+	MOVO X3, X11
+	MOVO X5, X12
+	MOVO X7, X13
+	MOVO X9, X14
+
+	PXOR X0, X10
+	PXOR X2, X11
+	PXOR X4, X12
+	PXOR X6, X13
+	PXOR X8, X14
+	PAND X15, X10
+	PAND X15, X11
+	PAND X15, X12
+	PAND X15, X13
+	PAND X15, X14
+	PXOR X10, X0
+	PXOR X10, X1
+	PXOR X11, X2
+	PXOR X11, X3
+	PXOR X12, X4
+	PXOR X12, X5
+	PXOR X13, X6
+	PXOR X13, X7
+	PXOR X14, X8
+	PXOR X14, X9
+
+	MOVOU X0, 0(DI)
+	MOVOU X2, 16(DI)
+	MOVOU X4, 32(DI)
+	MOVOU X6, 48(DI)
+	MOVOU X8, 64(DI)
+	MOVOU X1, 80(DI)
+	MOVOU X3, 96(DI)
+	MOVOU X5, 112(DI)
+	MOVOU X7, 128(DI)
+	MOVOU X9, 144(DI)
+	RET
+
+// func mul(dest, a, b *[5]uint64)
+TEXT ·mul(SB),0,$16-24
+	MOVQ dest+0(FP), DI
+	MOVQ a+8(FP), SI
+	MOVQ b+16(FP), DX
+
+	MOVQ DX,CX
+	MOVQ 24(SI),DX
+	IMUL3Q $19,DX,AX
+	MOVQ AX,0(SP)
+	MULQ 16(CX)
+	MOVQ AX,R8
+	MOVQ DX,R9
+	MOVQ 32(SI),DX
+	IMUL3Q $19,DX,AX
+	MOVQ AX,8(SP)
+	MULQ 8(CX)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 0(SI),AX
+	MULQ 0(CX)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 0(SI),AX
+	MULQ 8(CX)
+	MOVQ AX,R10
+	MOVQ DX,R11
+	MOVQ 0(SI),AX
+	MULQ 16(CX)
+	MOVQ AX,R12
+	MOVQ DX,R13
+	MOVQ 0(SI),AX
+	MULQ 24(CX)
+	MOVQ AX,R14
+	MOVQ DX,R15
+	MOVQ 0(SI),AX
+	MULQ 32(CX)
+	MOVQ AX,BX
+	MOVQ DX,BP
+	MOVQ 8(SI),AX
+	MULQ 0(CX)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 8(SI),AX
+	MULQ 8(CX)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 8(SI),AX
+	MULQ 16(CX)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 8(SI),AX
+	MULQ 24(CX)
+	ADDQ AX,BX
+	ADCQ DX,BP
+	MOVQ 8(SI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 32(CX)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 16(SI),AX
+	MULQ 0(CX)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 16(SI),AX
+	MULQ 8(CX)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 16(SI),AX
+	MULQ 16(CX)
+	ADDQ AX,BX
+	ADCQ DX,BP
+	MOVQ 16(SI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 24(CX)
+	ADDQ AX,R8
+	ADCQ DX,R9
+	MOVQ 16(SI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 32(CX)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 24(SI),AX
+	MULQ 0(CX)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ 24(SI),AX
+	MULQ 8(CX)
+	ADDQ AX,BX
+	ADCQ DX,BP
+	MOVQ 0(SP),AX
+	MULQ 24(CX)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 0(SP),AX
+	MULQ 32(CX)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 32(SI),AX
+	MULQ 0(CX)
+	ADDQ AX,BX
+	ADCQ DX,BP
+	MOVQ 8(SP),AX
+	MULQ 16(CX)
+	ADDQ AX,R10
+	ADCQ DX,R11
+	MOVQ 8(SP),AX
+	MULQ 24(CX)
+	ADDQ AX,R12
+	ADCQ DX,R13
+	MOVQ 8(SP),AX
+	MULQ 32(CX)
+	ADDQ AX,R14
+	ADCQ DX,R15
+	MOVQ $REDMASK51,SI
+	SHLQ $13,R8,R9
+	ANDQ SI,R8
+	SHLQ $13,R10,R11
+	ANDQ SI,R10
+	ADDQ R9,R10
+	SHLQ $13,R12,R13
+	ANDQ SI,R12
+	ADDQ R11,R12
+	SHLQ $13,R14,R15
+	ANDQ SI,R14
+	ADDQ R13,R14
+	SHLQ $13,BX,BP
+	ANDQ SI,BX
+	ADDQ R15,BX
+	IMUL3Q $19,BP,DX
+	ADDQ DX,R8
+	MOVQ R8,DX
+	SHRQ $51,DX
+	ADDQ R10,DX
+	MOVQ DX,CX
+	SHRQ $51,DX
+	ANDQ SI,R8
+	ADDQ R12,DX
+	MOVQ DX,R9
+	SHRQ $51,DX
+	ANDQ SI,CX
+	ADDQ R14,DX
+	MOVQ DX,AX
+	SHRQ $51,DX
+	ANDQ SI,R9
+	ADDQ BX,DX
+	MOVQ DX,R10
+	SHRQ $51,DX
+	ANDQ SI,AX
+	IMUL3Q $19,DX,DX
+	ADDQ DX,R8
+	ANDQ SI,R10
+	MOVQ R8,0(DI)
+	MOVQ CX,8(DI)
+	MOVQ R9,16(DI)
+	MOVQ AX,24(DI)
+	MOVQ R10,32(DI)
+	RET
+
+// func square(out, in *[5]uint64)
+TEXT ·square(SB),7,$0-16
+	MOVQ out+0(FP), DI
+	MOVQ in+8(FP), SI
+
+	MOVQ 0(SI),AX
+	MULQ 0(SI)
+	MOVQ AX,CX
+	MOVQ DX,R8
+	MOVQ 0(SI),AX
+	SHLQ $1,AX
+	MULQ 8(SI)
+	MOVQ AX,R9
+	MOVQ DX,R10
+	MOVQ 0(SI),AX
+	SHLQ $1,AX
+	MULQ 16(SI)
+	MOVQ AX,R11
+	MOVQ DX,R12
+	MOVQ 0(SI),AX
+	SHLQ $1,AX
+	MULQ 24(SI)
+	MOVQ AX,R13
+	MOVQ DX,R14
+	MOVQ 0(SI),AX
+	SHLQ $1,AX
+	MULQ 32(SI)
+	MOVQ AX,R15
+	MOVQ DX,BX
+	MOVQ 8(SI),AX
+	MULQ 8(SI)
+	ADDQ AX,R11
+	ADCQ DX,R12
+	MOVQ 8(SI),AX
+	SHLQ $1,AX
+	MULQ 16(SI)
+	ADDQ AX,R13
+	ADCQ DX,R14
+	MOVQ 8(SI),AX
+	SHLQ $1,AX
+	MULQ 24(SI)
+	ADDQ AX,R15
+	ADCQ DX,BX
+	MOVQ 8(SI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 32(SI)
+	ADDQ AX,CX
+	ADCQ DX,R8
+	MOVQ 16(SI),AX
+	MULQ 16(SI)
+	ADDQ AX,R15
+	ADCQ DX,BX
+	MOVQ 16(SI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 24(SI)
+	ADDQ AX,CX
+	ADCQ DX,R8
+	MOVQ 16(SI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 32(SI)
+	ADDQ AX,R9
+	ADCQ DX,R10
+	MOVQ 24(SI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 24(SI)
+	ADDQ AX,R9
+	ADCQ DX,R10
+	MOVQ 24(SI),DX
+	IMUL3Q $38,DX,AX
+	MULQ 32(SI)
+	ADDQ AX,R11
+	ADCQ DX,R12
+	MOVQ 32(SI),DX
+	IMUL3Q $19,DX,AX
+	MULQ 32(SI)
+	ADDQ AX,R13
+	ADCQ DX,R14
+	MOVQ $REDMASK51,SI
+	SHLQ $13,CX,R8
+	ANDQ SI,CX
+	SHLQ $13,R9,R10
+	ANDQ SI,R9
+	ADDQ R8,R9
+	SHLQ $13,R11,R12
+	ANDQ SI,R11
+	ADDQ R10,R11
+	SHLQ $13,R13,R14
+	ANDQ SI,R13
+	ADDQ R12,R13
+	SHLQ $13,R15,BX
+	ANDQ SI,R15
+	ADDQ R14,R15
+	IMUL3Q $19,BX,DX
+	ADDQ DX,CX
+	MOVQ CX,DX
+	SHRQ $51,DX
+	ADDQ R9,DX
+	ANDQ SI,CX
+	MOVQ DX,R8
+	SHRQ $51,DX
+	ADDQ R11,DX
+	ANDQ SI,R8
+	MOVQ DX,R9
+	SHRQ $51,DX
+	ADDQ R13,DX
+	ANDQ SI,R9
+	MOVQ DX,AX
+	SHRQ $51,DX
+	ADDQ R15,DX
+	ANDQ SI,AX
+	MOVQ DX,R10
+	SHRQ $51,DX
+	IMUL3Q $19,DX,DX
+	ADDQ DX,CX
+	ANDQ SI,R10
+	MOVQ CX,0(DI)
+	MOVQ R8,8(DI)
+	MOVQ R9,16(DI)
+	MOVQ AX,24(DI)
+	MOVQ R10,32(DI)
+	RET
diff --git a/vendor/golang.org/x/crypto/curve25519/curve25519_generic.go b/vendor/golang.org/x/crypto/curve25519/curve25519_generic.go
new file mode 100644
index 00000000..c43b13fc
--- /dev/null
+++ b/vendor/golang.org/x/crypto/curve25519/curve25519_generic.go
@@ -0,0 +1,828 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package curve25519
+
+import "encoding/binary"
+
+// This code is a port of the public domain, "ref10" implementation of
+// curve25519 from SUPERCOP 20130419 by D. J. Bernstein.
+
+// fieldElement represents an element of the field GF(2^255 - 19). An element
+// t, entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77
+// t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on
+// context.
+type fieldElement [10]int32
+
+func feZero(fe *fieldElement) {
+	for i := range fe {
+		fe[i] = 0
+	}
+}
+
+func feOne(fe *fieldElement) {
+	feZero(fe)
+	fe[0] = 1
+}
+
+func feAdd(dst, a, b *fieldElement) {
+	for i := range dst {
+		dst[i] = a[i] + b[i]
+	}
+}
+
+func feSub(dst, a, b *fieldElement) {
+	for i := range dst {
+		dst[i] = a[i] - b[i]
+	}
+}
+
+func feCopy(dst, src *fieldElement) {
+	for i := range dst {
+		dst[i] = src[i]
+	}
+}
+
+// feCSwap replaces (f,g) with (g,f) if b == 1; replaces (f,g) with (f,g) if b == 0.
+//
+// Preconditions: b in {0,1}.
+func feCSwap(f, g *fieldElement, b int32) {
+	b = -b
+	for i := range f {
+		t := b & (f[i] ^ g[i])
+		f[i] ^= t
+		g[i] ^= t
+	}
+}
+
+// load3 reads a 24-bit, little-endian value from in.
+func load3(in []byte) int64 {
+	var r int64
+	r = int64(in[0])
+	r |= int64(in[1]) << 8
+	r |= int64(in[2]) << 16
+	return r
+}
+
+// load4 reads a 32-bit, little-endian value from in.
+func load4(in []byte) int64 {
+	return int64(binary.LittleEndian.Uint32(in))
+}
+
+func feFromBytes(dst *fieldElement, src *[32]byte) {
+	h0 := load4(src[:])
+	h1 := load3(src[4:]) << 6
+	h2 := load3(src[7:]) << 5
+	h3 := load3(src[10:]) << 3
+	h4 := load3(src[13:]) << 2
+	h5 := load4(src[16:])
+	h6 := load3(src[20:]) << 7
+	h7 := load3(src[23:]) << 5
+	h8 := load3(src[26:]) << 4
+	h9 := (load3(src[29:]) & 0x7fffff) << 2
+
+	var carry [10]int64
+	carry[9] = (h9 + 1<<24) >> 25
+	h0 += carry[9] * 19
+	h9 -= carry[9] << 25
+	carry[1] = (h1 + 1<<24) >> 25
+	h2 += carry[1]
+	h1 -= carry[1] << 25
+	carry[3] = (h3 + 1<<24) >> 25
+	h4 += carry[3]
+	h3 -= carry[3] << 25
+	carry[5] = (h5 + 1<<24) >> 25
+	h6 += carry[5]
+	h5 -= carry[5] << 25
+	carry[7] = (h7 + 1<<24) >> 25
+	h8 += carry[7]
+	h7 -= carry[7] << 25
+
+	carry[0] = (h0 + 1<<25) >> 26
+	h1 += carry[0]
+	h0 -= carry[0] << 26
+	carry[2] = (h2 + 1<<25) >> 26
+	h3 += carry[2]
+	h2 -= carry[2] << 26
+	carry[4] = (h4 + 1<<25) >> 26
+	h5 += carry[4]
+	h4 -= carry[4] << 26
+	carry[6] = (h6 + 1<<25) >> 26
+	h7 += carry[6]
+	h6 -= carry[6] << 26
+	carry[8] = (h8 + 1<<25) >> 26
+	h9 += carry[8]
+	h8 -= carry[8] << 26
+
+	dst[0] = int32(h0)
+	dst[1] = int32(h1)
+	dst[2] = int32(h2)
+	dst[3] = int32(h3)
+	dst[4] = int32(h4)
+	dst[5] = int32(h5)
+	dst[6] = int32(h6)
+	dst[7] = int32(h7)
+	dst[8] = int32(h8)
+	dst[9] = int32(h9)
+}
+
+// feToBytes marshals h to s.
+// Preconditions:
+//   |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+//
+// Write p=2^255-19; q=floor(h/p).
+// Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
+//
+// Proof:
+//   Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
+//   Also have |h-2^230 h9|<2^230 so |19 2^(-255)(h-2^230 h9)|<1/4.
+//
+//   Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
+//   Then 0<y<1.
+//
+//   Write r=h-pq.
+//   Have 0<=r<=p-1=2^255-20.
+//   Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
+//
+//   Write x=r+19(2^-255)r+y.
+//   Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
+//
+//   Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
+//   so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
+func feToBytes(s *[32]byte, h *fieldElement) {
+	var carry [10]int32
+
+	q := (19*h[9] + (1 << 24)) >> 25
+	q = (h[0] + q) >> 26
+	q = (h[1] + q) >> 25
+	q = (h[2] + q) >> 26
+	q = (h[3] + q) >> 25
+	q = (h[4] + q) >> 26
+	q = (h[5] + q) >> 25
+	q = (h[6] + q) >> 26
+	q = (h[7] + q) >> 25
+	q = (h[8] + q) >> 26
+	q = (h[9] + q) >> 25
+
+	// Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20.
+	h[0] += 19 * q
+	// Goal: Output h-2^255 q, which is between 0 and 2^255-20.
+
+	carry[0] = h[0] >> 26
+	h[1] += carry[0]
+	h[0] -= carry[0] << 26
+	carry[1] = h[1] >> 25
+	h[2] += carry[1]
+	h[1] -= carry[1] << 25
+	carry[2] = h[2] >> 26
+	h[3] += carry[2]
+	h[2] -= carry[2] << 26
+	carry[3] = h[3] >> 25
+	h[4] += carry[3]
+	h[3] -= carry[3] << 25
+	carry[4] = h[4] >> 26
+	h[5] += carry[4]
+	h[4] -= carry[4] << 26
+	carry[5] = h[5] >> 25
+	h[6] += carry[5]
+	h[5] -= carry[5] << 25
+	carry[6] = h[6] >> 26
+	h[7] += carry[6]
+	h[6] -= carry[6] << 26
+	carry[7] = h[7] >> 25
+	h[8] += carry[7]
+	h[7] -= carry[7] << 25
+	carry[8] = h[8] >> 26
+	h[9] += carry[8]
+	h[8] -= carry[8] << 26
+	carry[9] = h[9] >> 25
+	h[9] -= carry[9] << 25
+	// h10 = carry9
+
+	// Goal: Output h[0]+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
+	// Have h[0]+...+2^230 h[9] between 0 and 2^255-1;
+	// evidently 2^255 h10-2^255 q = 0.
+	// Goal: Output h[0]+...+2^230 h[9].
+
+	s[0] = byte(h[0] >> 0)
+	s[1] = byte(h[0] >> 8)
+	s[2] = byte(h[0] >> 16)
+	s[3] = byte((h[0] >> 24) | (h[1] << 2))
+	s[4] = byte(h[1] >> 6)
+	s[5] = byte(h[1] >> 14)
+	s[6] = byte((h[1] >> 22) | (h[2] << 3))
+	s[7] = byte(h[2] >> 5)
+	s[8] = byte(h[2] >> 13)
+	s[9] = byte((h[2] >> 21) | (h[3] << 5))
+	s[10] = byte(h[3] >> 3)
+	s[11] = byte(h[3] >> 11)
+	s[12] = byte((h[3] >> 19) | (h[4] << 6))
+	s[13] = byte(h[4] >> 2)
+	s[14] = byte(h[4] >> 10)
+	s[15] = byte(h[4] >> 18)
+	s[16] = byte(h[5] >> 0)
+	s[17] = byte(h[5] >> 8)
+	s[18] = byte(h[5] >> 16)
+	s[19] = byte((h[5] >> 24) | (h[6] << 1))
+	s[20] = byte(h[6] >> 7)
+	s[21] = byte(h[6] >> 15)
+	s[22] = byte((h[6] >> 23) | (h[7] << 3))
+	s[23] = byte(h[7] >> 5)
+	s[24] = byte(h[7] >> 13)
+	s[25] = byte((h[7] >> 21) | (h[8] << 4))
+	s[26] = byte(h[8] >> 4)
+	s[27] = byte(h[8] >> 12)
+	s[28] = byte((h[8] >> 20) | (h[9] << 6))
+	s[29] = byte(h[9] >> 2)
+	s[30] = byte(h[9] >> 10)
+	s[31] = byte(h[9] >> 18)
+}
+
+// feMul calculates h = f * g
+// Can overlap h with f or g.
+//
+// Preconditions:
+//    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+//    |g| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+//
+// Postconditions:
+//    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+//
+// Notes on implementation strategy:
+//
+// Using schoolbook multiplication.
+// Karatsuba would save a little in some cost models.
+//
+// Most multiplications by 2 and 19 are 32-bit precomputations;
+// cheaper than 64-bit postcomputations.
+//
+// There is one remaining multiplication by 19 in the carry chain;
+// one *19 precomputation can be merged into this,
+// but the resulting data flow is considerably less clean.
+//
+// There are 12 carries below.
+// 10 of them are 2-way parallelizable and vectorizable.
+// Can get away with 11 carries, but then data flow is much deeper.
+//
+// With tighter constraints on inputs can squeeze carries into int32.
+func feMul(h, f, g *fieldElement) {
+	f0 := f[0]
+	f1 := f[1]
+	f2 := f[2]
+	f3 := f[3]
+	f4 := f[4]
+	f5 := f[5]
+	f6 := f[6]
+	f7 := f[7]
+	f8 := f[8]
+	f9 := f[9]
+	g0 := g[0]
+	g1 := g[1]
+	g2 := g[2]
+	g3 := g[3]
+	g4 := g[4]
+	g5 := g[5]
+	g6 := g[6]
+	g7 := g[7]
+	g8 := g[8]
+	g9 := g[9]
+	g1_19 := 19 * g1 // 1.4*2^29
+	g2_19 := 19 * g2 // 1.4*2^30; still ok
+	g3_19 := 19 * g3
+	g4_19 := 19 * g4
+	g5_19 := 19 * g5
+	g6_19 := 19 * g6
+	g7_19 := 19 * g7
+	g8_19 := 19 * g8
+	g9_19 := 19 * g9
+	f1_2 := 2 * f1
+	f3_2 := 2 * f3
+	f5_2 := 2 * f5
+	f7_2 := 2 * f7
+	f9_2 := 2 * f9
+	f0g0 := int64(f0) * int64(g0)
+	f0g1 := int64(f0) * int64(g1)
+	f0g2 := int64(f0) * int64(g2)
+	f0g3 := int64(f0) * int64(g3)
+	f0g4 := int64(f0) * int64(g4)
+	f0g5 := int64(f0) * int64(g5)
+	f0g6 := int64(f0) * int64(g6)
+	f0g7 := int64(f0) * int64(g7)
+	f0g8 := int64(f0) * int64(g8)
+	f0g9 := int64(f0) * int64(g9)
+	f1g0 := int64(f1) * int64(g0)
+	f1g1_2 := int64(f1_2) * int64(g1)
+	f1g2 := int64(f1) * int64(g2)
+	f1g3_2 := int64(f1_2) * int64(g3)
+	f1g4 := int64(f1) * int64(g4)
+	f1g5_2 := int64(f1_2) * int64(g5)
+	f1g6 := int64(f1) * int64(g6)
+	f1g7_2 := int64(f1_2) * int64(g7)
+	f1g8 := int64(f1) * int64(g8)
+	f1g9_38 := int64(f1_2) * int64(g9_19)
+	f2g0 := int64(f2) * int64(g0)
+	f2g1 := int64(f2) * int64(g1)
+	f2g2 := int64(f2) * int64(g2)
+	f2g3 := int64(f2) * int64(g3)
+	f2g4 := int64(f2) * int64(g4)
+	f2g5 := int64(f2) * int64(g5)
+	f2g6 := int64(f2) * int64(g6)
+	f2g7 := int64(f2) * int64(g7)
+	f2g8_19 := int64(f2) * int64(g8_19)
+	f2g9_19 := int64(f2) * int64(g9_19)
+	f3g0 := int64(f3) * int64(g0)
+	f3g1_2 := int64(f3_2) * int64(g1)
+	f3g2 := int64(f3) * int64(g2)
+	f3g3_2 := int64(f3_2) * int64(g3)
+	f3g4 := int64(f3) * int64(g4)
+	f3g5_2 := int64(f3_2) * int64(g5)
+	f3g6 := int64(f3) * int64(g6)
+	f3g7_38 := int64(f3_2) * int64(g7_19)
+	f3g8_19 := int64(f3) * int64(g8_19)
+	f3g9_38 := int64(f3_2) * int64(g9_19)
+	f4g0 := int64(f4) * int64(g0)
+	f4g1 := int64(f4) * int64(g1)
+	f4g2 := int64(f4) * int64(g2)
+	f4g3 := int64(f4) * int64(g3)
+	f4g4 := int64(f4) * int64(g4)
+	f4g5 := int64(f4) * int64(g5)
+	f4g6_19 := int64(f4) * int64(g6_19)
+	f4g7_19 := int64(f4) * int64(g7_19)
+	f4g8_19 := int64(f4) * int64(g8_19)
+	f4g9_19 := int64(f4) * int64(g9_19)
+	f5g0 := int64(f5) * int64(g0)
+	f5g1_2 := int64(f5_2) * int64(g1)
+	f5g2 := int64(f5) * int64(g2)
+	f5g3_2 := int64(f5_2) * int64(g3)
+	f5g4 := int64(f5) * int64(g4)
+	f5g5_38 := int64(f5_2) * int64(g5_19)
+	f5g6_19 := int64(f5) * int64(g6_19)
+	f5g7_38 := int64(f5_2) * int64(g7_19)
+	f5g8_19 := int64(f5) * int64(g8_19)
+	f5g9_38 := int64(f5_2) * int64(g9_19)
+	f6g0 := int64(f6) * int64(g0)
+	f6g1 := int64(f6) * int64(g1)
+	f6g2 := int64(f6) * int64(g2)
+	f6g3 := int64(f6) * int64(g3)
+	f6g4_19 := int64(f6) * int64(g4_19)
+	f6g5_19 := int64(f6) * int64(g5_19)
+	f6g6_19 := int64(f6) * int64(g6_19)
+	f6g7_19 := int64(f6) * int64(g7_19)
+	f6g8_19 := int64(f6) * int64(g8_19)
+	f6g9_19 := int64(f6) * int64(g9_19)
+	f7g0 := int64(f7) * int64(g0)
+	f7g1_2 := int64(f7_2) * int64(g1)
+	f7g2 := int64(f7) * int64(g2)
+	f7g3_38 := int64(f7_2) * int64(g3_19)
+	f7g4_19 := int64(f7) * int64(g4_19)
+	f7g5_38 := int64(f7_2) * int64(g5_19)
+	f7g6_19 := int64(f7) * int64(g6_19)
+	f7g7_38 := int64(f7_2) * int64(g7_19)
+	f7g8_19 := int64(f7) * int64(g8_19)
+	f7g9_38 := int64(f7_2) * int64(g9_19)
+	f8g0 := int64(f8) * int64(g0)
+	f8g1 := int64(f8) * int64(g1)
+	f8g2_19 := int64(f8) * int64(g2_19)
+	f8g3_19 := int64(f8) * int64(g3_19)
+	f8g4_19 := int64(f8) * int64(g4_19)
+	f8g5_19 := int64(f8) * int64(g5_19)
+	f8g6_19 := int64(f8) * int64(g6_19)
+	f8g7_19 := int64(f8) * int64(g7_19)
+	f8g8_19 := int64(f8) * int64(g8_19)
+	f8g9_19 := int64(f8) * int64(g9_19)
+	f9g0 := int64(f9) * int64(g0)
+	f9g1_38 := int64(f9_2) * int64(g1_19)
+	f9g2_19 := int64(f9) * int64(g2_19)
+	f9g3_38 := int64(f9_2) * int64(g3_19)
+	f9g4_19 := int64(f9) * int64(g4_19)
+	f9g5_38 := int64(f9_2) * int64(g5_19)
+	f9g6_19 := int64(f9) * int64(g6_19)
+	f9g7_38 := int64(f9_2) * int64(g7_19)
+	f9g8_19 := int64(f9) * int64(g8_19)
+	f9g9_38 := int64(f9_2) * int64(g9_19)
+	h0 := f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 + f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38
+	h1 := f0g1 + f1g0 + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + f7g4_19 + f8g3_19 + f9g2_19
+	h2 := f0g2 + f1g1_2 + f2g0 + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + f7g5_38 + f8g4_19 + f9g3_38
+	h3 := f0g3 + f1g2 + f2g1 + f3g0 + f4g9_19 + f5g8_19 + f6g7_19 + f7g6_19 + f8g5_19 + f9g4_19
+	h4 := f0g4 + f1g3_2 + f2g2 + f3g1_2 + f4g0 + f5g9_38 + f6g8_19 + f7g7_38 + f8g6_19 + f9g5_38
+	h5 := f0g5 + f1g4 + f2g3 + f3g2 + f4g1 + f5g0 + f6g9_19 + f7g8_19 + f8g7_19 + f9g6_19
+	h6 := f0g6 + f1g5_2 + f2g4 + f3g3_2 + f4g2 + f5g1_2 + f6g0 + f7g9_38 + f8g8_19 + f9g7_38
+	h7 := f0g7 + f1g6 + f2g5 + f3g4 + f4g3 + f5g2 + f6g1 + f7g0 + f8g9_19 + f9g8_19
+	h8 := f0g8 + f1g7_2 + f2g6 + f3g5_2 + f4g4 + f5g3_2 + f6g2 + f7g1_2 + f8g0 + f9g9_38
+	h9 := f0g9 + f1g8 + f2g7 + f3g6 + f4g5 + f5g4 + f6g3 + f7g2 + f8g1 + f9g0
+	var carry [10]int64
+
+	// |h0| <= (1.1*1.1*2^52*(1+19+19+19+19)+1.1*1.1*2^50*(38+38+38+38+38))
+	//   i.e. |h0| <= 1.2*2^59; narrower ranges for h2, h4, h6, h8
+	// |h1| <= (1.1*1.1*2^51*(1+1+19+19+19+19+19+19+19+19))
+	//   i.e. |h1| <= 1.5*2^58; narrower ranges for h3, h5, h7, h9
+
+	carry[0] = (h0 + (1 << 25)) >> 26
+	h1 += carry[0]
+	h0 -= carry[0] << 26
+	carry[4] = (h4 + (1 << 25)) >> 26
+	h5 += carry[4]
+	h4 -= carry[4] << 26
+	// |h0| <= 2^25
+	// |h4| <= 2^25
+	// |h1| <= 1.51*2^58
+	// |h5| <= 1.51*2^58
+
+	carry[1] = (h1 + (1 << 24)) >> 25
+	h2 += carry[1]
+	h1 -= carry[1] << 25
+	carry[5] = (h5 + (1 << 24)) >> 25
+	h6 += carry[5]
+	h5 -= carry[5] << 25
+	// |h1| <= 2^24; from now on fits into int32
+	// |h5| <= 2^24; from now on fits into int32
+	// |h2| <= 1.21*2^59
+	// |h6| <= 1.21*2^59
+
+	carry[2] = (h2 + (1 << 25)) >> 26
+	h3 += carry[2]
+	h2 -= carry[2] << 26
+	carry[6] = (h6 + (1 << 25)) >> 26
+	h7 += carry[6]
+	h6 -= carry[6] << 26
+	// |h2| <= 2^25; from now on fits into int32 unchanged
+	// |h6| <= 2^25; from now on fits into int32 unchanged
+	// |h3| <= 1.51*2^58
+	// |h7| <= 1.51*2^58
+
+	carry[3] = (h3 + (1 << 24)) >> 25
+	h4 += carry[3]
+	h3 -= carry[3] << 25
+	carry[7] = (h7 + (1 << 24)) >> 25
+	h8 += carry[7]
+	h7 -= carry[7] << 25
+	// |h3| <= 2^24; from now on fits into int32 unchanged
+	// |h7| <= 2^24; from now on fits into int32 unchanged
+	// |h4| <= 1.52*2^33
+	// |h8| <= 1.52*2^33
+
+	carry[4] = (h4 + (1 << 25)) >> 26
+	h5 += carry[4]
+	h4 -= carry[4] << 26
+	carry[8] = (h8 + (1 << 25)) >> 26
+	h9 += carry[8]
+	h8 -= carry[8] << 26
+	// |h4| <= 2^25; from now on fits into int32 unchanged
+	// |h8| <= 2^25; from now on fits into int32 unchanged
+	// |h5| <= 1.01*2^24
+	// |h9| <= 1.51*2^58
+
+	carry[9] = (h9 + (1 << 24)) >> 25
+	h0 += carry[9] * 19
+	h9 -= carry[9] << 25
+	// |h9| <= 2^24; from now on fits into int32 unchanged
+	// |h0| <= 1.8*2^37
+
+	carry[0] = (h0 + (1 << 25)) >> 26
+	h1 += carry[0]
+	h0 -= carry[0] << 26
+	// |h0| <= 2^25; from now on fits into int32 unchanged
+	// |h1| <= 1.01*2^24
+
+	h[0] = int32(h0)
+	h[1] = int32(h1)
+	h[2] = int32(h2)
+	h[3] = int32(h3)
+	h[4] = int32(h4)
+	h[5] = int32(h5)
+	h[6] = int32(h6)
+	h[7] = int32(h7)
+	h[8] = int32(h8)
+	h[9] = int32(h9)
+}
+
+// feSquare calculates h = f*f. Can overlap h with f.
+//
+// Preconditions:
+//    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+//
+// Postconditions:
+//    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+func feSquare(h, f *fieldElement) {
+	f0 := f[0]
+	f1 := f[1]
+	f2 := f[2]
+	f3 := f[3]
+	f4 := f[4]
+	f5 := f[5]
+	f6 := f[6]
+	f7 := f[7]
+	f8 := f[8]
+	f9 := f[9]
+	f0_2 := 2 * f0
+	f1_2 := 2 * f1
+	f2_2 := 2 * f2
+	f3_2 := 2 * f3
+	f4_2 := 2 * f4
+	f5_2 := 2 * f5
+	f6_2 := 2 * f6
+	f7_2 := 2 * f7
+	f5_38 := 38 * f5 // 1.31*2^30
+	f6_19 := 19 * f6 // 1.31*2^30
+	f7_38 := 38 * f7 // 1.31*2^30
+	f8_19 := 19 * f8 // 1.31*2^30
+	f9_38 := 38 * f9 // 1.31*2^30
+	f0f0 := int64(f0) * int64(f0)
+	f0f1_2 := int64(f0_2) * int64(f1)
+	f0f2_2 := int64(f0_2) * int64(f2)
+	f0f3_2 := int64(f0_2) * int64(f3)
+	f0f4_2 := int64(f0_2) * int64(f4)
+	f0f5_2 := int64(f0_2) * int64(f5)
+	f0f6_2 := int64(f0_2) * int64(f6)
+	f0f7_2 := int64(f0_2) * int64(f7)
+	f0f8_2 := int64(f0_2) * int64(f8)
+	f0f9_2 := int64(f0_2) * int64(f9)
+	f1f1_2 := int64(f1_2) * int64(f1)
+	f1f2_2 := int64(f1_2) * int64(f2)
+	f1f3_4 := int64(f1_2) * int64(f3_2)
+	f1f4_2 := int64(f1_2) * int64(f4)
+	f1f5_4 := int64(f1_2) * int64(f5_2)
+	f1f6_2 := int64(f1_2) * int64(f6)
+	f1f7_4 := int64(f1_2) * int64(f7_2)
+	f1f8_2 := int64(f1_2) * int64(f8)
+	f1f9_76 := int64(f1_2) * int64(f9_38)
+	f2f2 := int64(f2) * int64(f2)
+	f2f3_2 := int64(f2_2) * int64(f3)
+	f2f4_2 := int64(f2_2) * int64(f4)
+	f2f5_2 := int64(f2_2) * int64(f5)
+	f2f6_2 := int64(f2_2) * int64(f6)
+	f2f7_2 := int64(f2_2) * int64(f7)
+	f2f8_38 := int64(f2_2) * int64(f8_19)
+	f2f9_38 := int64(f2) * int64(f9_38)
+	f3f3_2 := int64(f3_2) * int64(f3)
+	f3f4_2 := int64(f3_2) * int64(f4)
+	f3f5_4 := int64(f3_2) * int64(f5_2)
+	f3f6_2 := int64(f3_2) * int64(f6)
+	f3f7_76 := int64(f3_2) * int64(f7_38)
+	f3f8_38 := int64(f3_2) * int64(f8_19)
+	f3f9_76 := int64(f3_2) * int64(f9_38)
+	f4f4 := int64(f4) * int64(f4)
+	f4f5_2 := int64(f4_2) * int64(f5)
+	f4f6_38 := int64(f4_2) * int64(f6_19)
+	f4f7_38 := int64(f4) * int64(f7_38)
+	f4f8_38 := int64(f4_2) * int64(f8_19)
+	f4f9_38 := int64(f4) * int64(f9_38)
+	f5f5_38 := int64(f5) * int64(f5_38)
+	f5f6_38 := int64(f5_2) * int64(f6_19)
+	f5f7_76 := int64(f5_2) * int64(f7_38)
+	f5f8_38 := int64(f5_2) * int64(f8_19)
+	f5f9_76 := int64(f5_2) * int64(f9_38)
+	f6f6_19 := int64(f6) * int64(f6_19)
+	f6f7_38 := int64(f6) * int64(f7_38)
+	f6f8_38 := int64(f6_2) * int64(f8_19)
+	f6f9_38 := int64(f6) * int64(f9_38)
+	f7f7_38 := int64(f7) * int64(f7_38)
+	f7f8_38 := int64(f7_2) * int64(f8_19)
+	f7f9_76 := int64(f7_2) * int64(f9_38)
+	f8f8_19 := int64(f8) * int64(f8_19)
+	f8f9_38 := int64(f8) * int64(f9_38)
+	f9f9_38 := int64(f9) * int64(f9_38)
+	h0 := f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38
+	h1 := f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38
+	h2 := f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19
+	h3 := f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38
+	h4 := f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38
+	h5 := f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38
+	h6 := f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19
+	h7 := f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38
+	h8 := f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38
+	h9 := f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2
+	var carry [10]int64
+
+	carry[0] = (h0 + (1 << 25)) >> 26
+	h1 += carry[0]
+	h0 -= carry[0] << 26
+	carry[4] = (h4 + (1 << 25)) >> 26
+	h5 += carry[4]
+	h4 -= carry[4] << 26
+
+	carry[1] = (h1 + (1 << 24)) >> 25
+	h2 += carry[1]
+	h1 -= carry[1] << 25
+	carry[5] = (h5 + (1 << 24)) >> 25
+	h6 += carry[5]
+	h5 -= carry[5] << 25
+
+	carry[2] = (h2 + (1 << 25)) >> 26
+	h3 += carry[2]
+	h2 -= carry[2] << 26
+	carry[6] = (h6 + (1 << 25)) >> 26
+	h7 += carry[6]
+	h6 -= carry[6] << 26
+
+	carry[3] = (h3 + (1 << 24)) >> 25
+	h4 += carry[3]
+	h3 -= carry[3] << 25
+	carry[7] = (h7 + (1 << 24)) >> 25
+	h8 += carry[7]
+	h7 -= carry[7] << 25
+
+	carry[4] = (h4 + (1 << 25)) >> 26
+	h5 += carry[4]
+	h4 -= carry[4] << 26
+	carry[8] = (h8 + (1 << 25)) >> 26
+	h9 += carry[8]
+	h8 -= carry[8] << 26
+
+	carry[9] = (h9 + (1 << 24)) >> 25
+	h0 += carry[9] * 19
+	h9 -= carry[9] << 25
+
+	carry[0] = (h0 + (1 << 25)) >> 26
+	h1 += carry[0]
+	h0 -= carry[0] << 26
+
+	h[0] = int32(h0)
+	h[1] = int32(h1)
+	h[2] = int32(h2)
+	h[3] = int32(h3)
+	h[4] = int32(h4)
+	h[5] = int32(h5)
+	h[6] = int32(h6)
+	h[7] = int32(h7)
+	h[8] = int32(h8)
+	h[9] = int32(h9)
+}
+
+// feMul121666 calculates h = f * 121666. Can overlap h with f.
+//
+// Preconditions:
+//    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+//
+// Postconditions:
+//    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+func feMul121666(h, f *fieldElement) {
+	h0 := int64(f[0]) * 121666
+	h1 := int64(f[1]) * 121666
+	h2 := int64(f[2]) * 121666
+	h3 := int64(f[3]) * 121666
+	h4 := int64(f[4]) * 121666
+	h5 := int64(f[5]) * 121666
+	h6 := int64(f[6]) * 121666
+	h7 := int64(f[7]) * 121666
+	h8 := int64(f[8]) * 121666
+	h9 := int64(f[9]) * 121666
+	var carry [10]int64
+
+	carry[9] = (h9 + (1 << 24)) >> 25
+	h0 += carry[9] * 19
+	h9 -= carry[9] << 25
+	carry[1] = (h1 + (1 << 24)) >> 25
+	h2 += carry[1]
+	h1 -= carry[1] << 25
+	carry[3] = (h3 + (1 << 24)) >> 25
+	h4 += carry[3]
+	h3 -= carry[3] << 25
+	carry[5] = (h5 + (1 << 24)) >> 25
+	h6 += carry[5]
+	h5 -= carry[5] << 25
+	carry[7] = (h7 + (1 << 24)) >> 25
+	h8 += carry[7]
+	h7 -= carry[7] << 25
+
+	carry[0] = (h0 + (1 << 25)) >> 26
+	h1 += carry[0]
+	h0 -= carry[0] << 26
+	carry[2] = (h2 + (1 << 25)) >> 26
+	h3 += carry[2]
+	h2 -= carry[2] << 26
+	carry[4] = (h4 + (1 << 25)) >> 26
+	h5 += carry[4]
+	h4 -= carry[4] << 26
+	carry[6] = (h6 + (1 << 25)) >> 26
+	h7 += carry[6]
+	h6 -= carry[6] << 26
+	carry[8] = (h8 + (1 << 25)) >> 26
+	h9 += carry[8]
+	h8 -= carry[8] << 26
+
+	h[0] = int32(h0)
+	h[1] = int32(h1)
+	h[2] = int32(h2)
+	h[3] = int32(h3)
+	h[4] = int32(h4)
+	h[5] = int32(h5)
+	h[6] = int32(h6)
+	h[7] = int32(h7)
+	h[8] = int32(h8)
+	h[9] = int32(h9)
+}
+
+// feInvert sets out = z^-1.
+func feInvert(out, z *fieldElement) {
+	var t0, t1, t2, t3 fieldElement
+	var i int
+
+	feSquare(&t0, z)
+	for i = 1; i < 1; i++ {
+		feSquare(&t0, &t0)
+	}
+	feSquare(&t1, &t0)
+	for i = 1; i < 2; i++ {
+		feSquare(&t1, &t1)
+	}
+	feMul(&t1, z, &t1)
+	feMul(&t0, &t0, &t1)
+	feSquare(&t2, &t0)
+	for i = 1; i < 1; i++ {
+		feSquare(&t2, &t2)
+	}
+	feMul(&t1, &t1, &t2)
+	feSquare(&t2, &t1)
+	for i = 1; i < 5; i++ {
+		feSquare(&t2, &t2)
+	}
+	feMul(&t1, &t2, &t1)
+	feSquare(&t2, &t1)
+	for i = 1; i < 10; i++ {
+		feSquare(&t2, &t2)
+	}
+	feMul(&t2, &t2, &t1)
+	feSquare(&t3, &t2)
+	for i = 1; i < 20; i++ {
+		feSquare(&t3, &t3)
+	}
+	feMul(&t2, &t3, &t2)
+	feSquare(&t2, &t2)
+	for i = 1; i < 10; i++ {
+		feSquare(&t2, &t2)
+	}
+	feMul(&t1, &t2, &t1)
+	feSquare(&t2, &t1)
+	for i = 1; i < 50; i++ {
+		feSquare(&t2, &t2)
+	}
+	feMul(&t2, &t2, &t1)
+	feSquare(&t3, &t2)
+	for i = 1; i < 100; i++ {
+		feSquare(&t3, &t3)
+	}
+	feMul(&t2, &t3, &t2)
+	feSquare(&t2, &t2)
+	for i = 1; i < 50; i++ {
+		feSquare(&t2, &t2)
+	}
+	feMul(&t1, &t2, &t1)
+	feSquare(&t1, &t1)
+	for i = 1; i < 5; i++ {
+		feSquare(&t1, &t1)
+	}
+	feMul(out, &t1, &t0)
+}
+
+func scalarMultGeneric(out, in, base *[32]byte) {
+	var e [32]byte
+
+	copy(e[:], in[:])
+	e[0] &= 248
+	e[31] &= 127
+	e[31] |= 64
+
+	var x1, x2, z2, x3, z3, tmp0, tmp1 fieldElement
+	feFromBytes(&x1, base)
+	feOne(&x2)
+	feCopy(&x3, &x1)
+	feOne(&z3)
+
+	swap := int32(0)
+	for pos := 254; pos >= 0; pos-- {
+		b := e[pos/8] >> uint(pos&7)
+		b &= 1
+		swap ^= int32(b)
+		feCSwap(&x2, &x3, swap)
+		feCSwap(&z2, &z3, swap)
+		swap = int32(b)
+
+		feSub(&tmp0, &x3, &z3)
+		feSub(&tmp1, &x2, &z2)
+		feAdd(&x2, &x2, &z2)
+		feAdd(&z2, &x3, &z3)
+		feMul(&z3, &tmp0, &x2)
+		feMul(&z2, &z2, &tmp1)
+		feSquare(&tmp0, &tmp1)
+		feSquare(&tmp1, &x2)
+		feAdd(&x3, &z3, &z2)
+		feSub(&z2, &z3, &z2)
+		feMul(&x2, &tmp1, &tmp0)
+		feSub(&tmp1, &tmp1, &tmp0)
+		feSquare(&z2, &z2)
+		feMul121666(&z3, &tmp1)
+		feSquare(&x3, &x3)
+		feAdd(&tmp0, &tmp0, &z3)
+		feMul(&z3, &x1, &z2)
+		feMul(&z2, &tmp1, &tmp0)
+	}
+
+	feCSwap(&x2, &x3, swap)
+	feCSwap(&z2, &z3, swap)
+
+	feInvert(&z2, &z2)
+	feMul(&x2, &x2, &z2)
+	feToBytes(out, &x2)
+}
diff --git a/vendor/golang.org/x/crypto/curve25519/curve25519_noasm.go b/vendor/golang.org/x/crypto/curve25519/curve25519_noasm.go
new file mode 100644
index 00000000..047d49af
--- /dev/null
+++ b/vendor/golang.org/x/crypto/curve25519/curve25519_noasm.go
@@ -0,0 +1,11 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !amd64 gccgo appengine purego
+
+package curve25519
+
+func scalarMult(out, in, base *[32]byte) {
+	scalarMultGeneric(out, in, base)
+}
diff --git a/vendor/golang.org/x/crypto/curve25519/doc.go b/vendor/golang.org/x/crypto/curve25519/doc.go
deleted file mode 100644
index da9b10d9..00000000
--- a/vendor/golang.org/x/crypto/curve25519/doc.go
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package curve25519 provides an implementation of scalar multiplication on
-// the elliptic curve known as curve25519. See https://cr.yp.to/ecdh.html
-package curve25519 // import "golang.org/x/crypto/curve25519"
-
-// basePoint is the x coordinate of the generator of the curve.
-var basePoint = [32]byte{9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
-
-// ScalarMult sets dst to the product in*base where dst and base are the x
-// coordinates of group points and all values are in little-endian form.
-func ScalarMult(dst, in, base *[32]byte) {
-	scalarMult(dst, in, base)
-}
-
-// ScalarBaseMult sets dst to the product in*base where dst and base are the x
-// coordinates of group points, base is the standard generator and all values
-// are in little-endian form.
-func ScalarBaseMult(dst, in *[32]byte) {
-	ScalarMult(dst, in, &basePoint)
-}
diff --git a/vendor/golang.org/x/crypto/curve25519/freeze_amd64.s b/vendor/golang.org/x/crypto/curve25519/freeze_amd64.s
deleted file mode 100644
index 39081610..00000000
--- a/vendor/golang.org/x/crypto/curve25519/freeze_amd64.s
+++ /dev/null
@@ -1,73 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-// +build amd64,!gccgo,!appengine
-
-#include "const_amd64.h"
-
-// func freeze(inout *[5]uint64)
-TEXT ·freeze(SB),7,$0-8
-	MOVQ inout+0(FP), DI
-
-	MOVQ 0(DI),SI
-	MOVQ 8(DI),DX
-	MOVQ 16(DI),CX
-	MOVQ 24(DI),R8
-	MOVQ 32(DI),R9
-	MOVQ $REDMASK51,AX
-	MOVQ AX,R10
-	SUBQ $18,R10
-	MOVQ $3,R11
-REDUCELOOP:
-	MOVQ SI,R12
-	SHRQ $51,R12
-	ANDQ AX,SI
-	ADDQ R12,DX
-	MOVQ DX,R12
-	SHRQ $51,R12
-	ANDQ AX,DX
-	ADDQ R12,CX
-	MOVQ CX,R12
-	SHRQ $51,R12
-	ANDQ AX,CX
-	ADDQ R12,R8
-	MOVQ R8,R12
-	SHRQ $51,R12
-	ANDQ AX,R8
-	ADDQ R12,R9
-	MOVQ R9,R12
-	SHRQ $51,R12
-	ANDQ AX,R9
-	IMUL3Q $19,R12,R12
-	ADDQ R12,SI
-	SUBQ $1,R11
-	JA REDUCELOOP
-	MOVQ $1,R12
-	CMPQ R10,SI
-	CMOVQLT R11,R12
-	CMPQ AX,DX
-	CMOVQNE R11,R12
-	CMPQ AX,CX
-	CMOVQNE R11,R12
-	CMPQ AX,R8
-	CMOVQNE R11,R12
-	CMPQ AX,R9
-	CMOVQNE R11,R12
-	NEGQ R12
-	ANDQ R12,AX
-	ANDQ R12,R10
-	SUBQ R10,SI
-	SUBQ AX,DX
-	SUBQ AX,CX
-	SUBQ AX,R8
-	SUBQ AX,R9
-	MOVQ SI,0(DI)
-	MOVQ DX,8(DI)
-	MOVQ CX,16(DI)
-	MOVQ R8,24(DI)
-	MOVQ R9,32(DI)
-	RET
diff --git a/vendor/golang.org/x/crypto/curve25519/mul_amd64.s b/vendor/golang.org/x/crypto/curve25519/mul_amd64.s
deleted file mode 100644
index 1f76d1a3..00000000
--- a/vendor/golang.org/x/crypto/curve25519/mul_amd64.s
+++ /dev/null
@@ -1,169 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-// +build amd64,!gccgo,!appengine
-
-#include "const_amd64.h"
-
-// func mul(dest, a, b *[5]uint64)
-TEXT ·mul(SB),0,$16-24
-	MOVQ dest+0(FP), DI
-	MOVQ a+8(FP), SI
-	MOVQ b+16(FP), DX
-
-	MOVQ DX,CX
-	MOVQ 24(SI),DX
-	IMUL3Q $19,DX,AX
-	MOVQ AX,0(SP)
-	MULQ 16(CX)
-	MOVQ AX,R8
-	MOVQ DX,R9
-	MOVQ 32(SI),DX
-	IMUL3Q $19,DX,AX
-	MOVQ AX,8(SP)
-	MULQ 8(CX)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 0(SI),AX
-	MULQ 0(CX)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 0(SI),AX
-	MULQ 8(CX)
-	MOVQ AX,R10
-	MOVQ DX,R11
-	MOVQ 0(SI),AX
-	MULQ 16(CX)
-	MOVQ AX,R12
-	MOVQ DX,R13
-	MOVQ 0(SI),AX
-	MULQ 24(CX)
-	MOVQ AX,R14
-	MOVQ DX,R15
-	MOVQ 0(SI),AX
-	MULQ 32(CX)
-	MOVQ AX,BX
-	MOVQ DX,BP
-	MOVQ 8(SI),AX
-	MULQ 0(CX)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 8(SI),AX
-	MULQ 8(CX)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 8(SI),AX
-	MULQ 16(CX)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 8(SI),AX
-	MULQ 24(CX)
-	ADDQ AX,BX
-	ADCQ DX,BP
-	MOVQ 8(SI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 32(CX)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 16(SI),AX
-	MULQ 0(CX)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 16(SI),AX
-	MULQ 8(CX)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 16(SI),AX
-	MULQ 16(CX)
-	ADDQ AX,BX
-	ADCQ DX,BP
-	MOVQ 16(SI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 24(CX)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 16(SI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 32(CX)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 24(SI),AX
-	MULQ 0(CX)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 24(SI),AX
-	MULQ 8(CX)
-	ADDQ AX,BX
-	ADCQ DX,BP
-	MOVQ 0(SP),AX
-	MULQ 24(CX)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 0(SP),AX
-	MULQ 32(CX)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 32(SI),AX
-	MULQ 0(CX)
-	ADDQ AX,BX
-	ADCQ DX,BP
-	MOVQ 8(SP),AX
-	MULQ 16(CX)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 8(SP),AX
-	MULQ 24(CX)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 8(SP),AX
-	MULQ 32(CX)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ $REDMASK51,SI
-	SHLQ $13,R8,R9
-	ANDQ SI,R8
-	SHLQ $13,R10,R11
-	ANDQ SI,R10
-	ADDQ R9,R10
-	SHLQ $13,R12,R13
-	ANDQ SI,R12
-	ADDQ R11,R12
-	SHLQ $13,R14,R15
-	ANDQ SI,R14
-	ADDQ R13,R14
-	SHLQ $13,BX,BP
-	ANDQ SI,BX
-	ADDQ R15,BX
-	IMUL3Q $19,BP,DX
-	ADDQ DX,R8
-	MOVQ R8,DX
-	SHRQ $51,DX
-	ADDQ R10,DX
-	MOVQ DX,CX
-	SHRQ $51,DX
-	ANDQ SI,R8
-	ADDQ R12,DX
-	MOVQ DX,R9
-	SHRQ $51,DX
-	ANDQ SI,CX
-	ADDQ R14,DX
-	MOVQ DX,AX
-	SHRQ $51,DX
-	ANDQ SI,R9
-	ADDQ BX,DX
-	MOVQ DX,R10
-	SHRQ $51,DX
-	ANDQ SI,AX
-	IMUL3Q $19,DX,DX
-	ADDQ DX,R8
-	ANDQ SI,R10
-	MOVQ R8,0(DI)
-	MOVQ CX,8(DI)
-	MOVQ R9,16(DI)
-	MOVQ AX,24(DI)
-	MOVQ R10,32(DI)
-	RET
diff --git a/vendor/golang.org/x/crypto/curve25519/square_amd64.s b/vendor/golang.org/x/crypto/curve25519/square_amd64.s
deleted file mode 100644
index 07511a45..00000000
--- a/vendor/golang.org/x/crypto/curve25519/square_amd64.s
+++ /dev/null
@@ -1,132 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-// +build amd64,!gccgo,!appengine
-
-#include "const_amd64.h"
-
-// func square(out, in *[5]uint64)
-TEXT ·square(SB),7,$0-16
-	MOVQ out+0(FP), DI
-	MOVQ in+8(FP), SI
-
-	MOVQ 0(SI),AX
-	MULQ 0(SI)
-	MOVQ AX,CX
-	MOVQ DX,R8
-	MOVQ 0(SI),AX
-	SHLQ $1,AX
-	MULQ 8(SI)
-	MOVQ AX,R9
-	MOVQ DX,R10
-	MOVQ 0(SI),AX
-	SHLQ $1,AX
-	MULQ 16(SI)
-	MOVQ AX,R11
-	MOVQ DX,R12
-	MOVQ 0(SI),AX
-	SHLQ $1,AX
-	MULQ 24(SI)
-	MOVQ AX,R13
-	MOVQ DX,R14
-	MOVQ 0(SI),AX
-	SHLQ $1,AX
-	MULQ 32(SI)
-	MOVQ AX,R15
-	MOVQ DX,BX
-	MOVQ 8(SI),AX
-	MULQ 8(SI)
-	ADDQ AX,R11
-	ADCQ DX,R12
-	MOVQ 8(SI),AX
-	SHLQ $1,AX
-	MULQ 16(SI)
-	ADDQ AX,R13
-	ADCQ DX,R14
-	MOVQ 8(SI),AX
-	SHLQ $1,AX
-	MULQ 24(SI)
-	ADDQ AX,R15
-	ADCQ DX,BX
-	MOVQ 8(SI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 32(SI)
-	ADDQ AX,CX
-	ADCQ DX,R8
-	MOVQ 16(SI),AX
-	MULQ 16(SI)
-	ADDQ AX,R15
-	ADCQ DX,BX
-	MOVQ 16(SI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 24(SI)
-	ADDQ AX,CX
-	ADCQ DX,R8
-	MOVQ 16(SI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 32(SI)
-	ADDQ AX,R9
-	ADCQ DX,R10
-	MOVQ 24(SI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 24(SI)
-	ADDQ AX,R9
-	ADCQ DX,R10
-	MOVQ 24(SI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 32(SI)
-	ADDQ AX,R11
-	ADCQ DX,R12
-	MOVQ 32(SI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 32(SI)
-	ADDQ AX,R13
-	ADCQ DX,R14
-	MOVQ $REDMASK51,SI
-	SHLQ $13,CX,R8
-	ANDQ SI,CX
-	SHLQ $13,R9,R10
-	ANDQ SI,R9
-	ADDQ R8,R9
-	SHLQ $13,R11,R12
-	ANDQ SI,R11
-	ADDQ R10,R11
-	SHLQ $13,R13,R14
-	ANDQ SI,R13
-	ADDQ R12,R13
-	SHLQ $13,R15,BX
-	ANDQ SI,R15
-	ADDQ R14,R15
-	IMUL3Q $19,BX,DX
-	ADDQ DX,CX
-	MOVQ CX,DX
-	SHRQ $51,DX
-	ADDQ R9,DX
-	ANDQ SI,CX
-	MOVQ DX,R8
-	SHRQ $51,DX
-	ADDQ R11,DX
-	ANDQ SI,R8
-	MOVQ DX,R9
-	SHRQ $51,DX
-	ADDQ R13,DX
-	ANDQ SI,R9
-	MOVQ DX,AX
-	SHRQ $51,DX
-	ADDQ R15,DX
-	ANDQ SI,AX
-	MOVQ DX,R10
-	SHRQ $51,DX
-	IMUL3Q $19,DX,DX
-	ADDQ DX,CX
-	ANDQ SI,R10
-	MOVQ CX,0(DI)
-	MOVQ R8,8(DI)
-	MOVQ R9,16(DI)
-	MOVQ AX,24(DI)
-	MOVQ R10,32(DI)
-	RET
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/chacha_arm64.go b/vendor/golang.org/x/crypto/internal/chacha20/chacha_arm64.go
deleted file mode 100644
index ad74e23a..00000000
--- a/vendor/golang.org/x/crypto/internal/chacha20/chacha_arm64.go
+++ /dev/null
@@ -1,31 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build go1.11
-// +build !gccgo
-
-package chacha20
-
-const (
-	haveAsm = true
-	bufSize = 256
-)
-
-//go:noescape
-func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
-
-func (c *Cipher) xorKeyStreamAsm(dst, src []byte) {
-
-	if len(src) >= bufSize {
-		xorKeyStreamVX(dst, src, &c.key, &c.nonce, &c.counter)
-	}
-
-	if len(src)%bufSize != 0 {
-		i := len(src) - len(src)%bufSize
-		c.buf = [bufSize]byte{}
-		copy(c.buf[:], src[i:])
-		xorKeyStreamVX(c.buf[:], c.buf[:], &c.key, &c.nonce, &c.counter)
-		c.len = bufSize - copy(dst[i:], c.buf[:len(src)%bufSize])
-	}
-}
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/chacha_generic.go b/vendor/golang.org/x/crypto/internal/chacha20/chacha_generic.go
deleted file mode 100644
index 6570847f..00000000
--- a/vendor/golang.org/x/crypto/internal/chacha20/chacha_generic.go
+++ /dev/null
@@ -1,264 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package ChaCha20 implements the core ChaCha20 function as specified
-// in https://tools.ietf.org/html/rfc7539#section-2.3.
-package chacha20
-
-import (
-	"crypto/cipher"
-	"encoding/binary"
-
-	"golang.org/x/crypto/internal/subtle"
-)
-
-// assert that *Cipher implements cipher.Stream
-var _ cipher.Stream = (*Cipher)(nil)
-
-// Cipher is a stateful instance of ChaCha20 using a particular key
-// and nonce. A *Cipher implements the cipher.Stream interface.
-type Cipher struct {
-	key     [8]uint32
-	counter uint32 // incremented after each block
-	nonce   [3]uint32
-	buf     [bufSize]byte // buffer for unused keystream bytes
-	len     int           // number of unused keystream bytes at end of buf
-}
-
-// New creates a new ChaCha20 stream cipher with the given key and nonce.
-// The initial counter value is set to 0.
-func New(key [8]uint32, nonce [3]uint32) *Cipher {
-	return &Cipher{key: key, nonce: nonce}
-}
-
-// ChaCha20 constants spelling "expand 32-byte k"
-const (
-	j0 uint32 = 0x61707865
-	j1 uint32 = 0x3320646e
-	j2 uint32 = 0x79622d32
-	j3 uint32 = 0x6b206574
-)
-
-func quarterRound(a, b, c, d uint32) (uint32, uint32, uint32, uint32) {
-	a += b
-	d ^= a
-	d = (d << 16) | (d >> 16)
-	c += d
-	b ^= c
-	b = (b << 12) | (b >> 20)
-	a += b
-	d ^= a
-	d = (d << 8) | (d >> 24)
-	c += d
-	b ^= c
-	b = (b << 7) | (b >> 25)
-	return a, b, c, d
-}
-
-// XORKeyStream XORs each byte in the given slice with a byte from the
-// cipher's key stream. Dst and src must overlap entirely or not at all.
-//
-// If len(dst) < len(src), XORKeyStream will panic. It is acceptable
-// to pass a dst bigger than src, and in that case, XORKeyStream will
-// only update dst[:len(src)] and will not touch the rest of dst.
-//
-// Multiple calls to XORKeyStream behave as if the concatenation of
-// the src buffers was passed in a single run. That is, Cipher
-// maintains state and does not reset at each XORKeyStream call.
-func (s *Cipher) XORKeyStream(dst, src []byte) {
-	if len(dst) < len(src) {
-		panic("chacha20: output smaller than input")
-	}
-	if subtle.InexactOverlap(dst[:len(src)], src) {
-		panic("chacha20: invalid buffer overlap")
-	}
-
-	// xor src with buffered keystream first
-	if s.len != 0 {
-		buf := s.buf[len(s.buf)-s.len:]
-		if len(src) < len(buf) {
-			buf = buf[:len(src)]
-		}
-		td, ts := dst[:len(buf)], src[:len(buf)] // BCE hint
-		for i, b := range buf {
-			td[i] = ts[i] ^ b
-		}
-		s.len -= len(buf)
-		if s.len != 0 {
-			return
-		}
-		s.buf = [len(s.buf)]byte{} // zero the empty buffer
-		src = src[len(buf):]
-		dst = dst[len(buf):]
-	}
-
-	if len(src) == 0 {
-		return
-	}
-	if haveAsm {
-		if uint64(len(src))+uint64(s.counter)*64 > (1<<38)-64 {
-			panic("chacha20: counter overflow")
-		}
-		s.xorKeyStreamAsm(dst, src)
-		return
-	}
-
-	// set up a 64-byte buffer to pad out the final block if needed
-	// (hoisted out of the main loop to avoid spills)
-	rem := len(src) % 64  // length of final block
-	fin := len(src) - rem // index of final block
-	if rem > 0 {
-		copy(s.buf[len(s.buf)-64:], src[fin:])
-	}
-
-	// pre-calculate most of the first round
-	s1, s5, s9, s13 := quarterRound(j1, s.key[1], s.key[5], s.nonce[0])
-	s2, s6, s10, s14 := quarterRound(j2, s.key[2], s.key[6], s.nonce[1])
-	s3, s7, s11, s15 := quarterRound(j3, s.key[3], s.key[7], s.nonce[2])
-
-	n := len(src)
-	src, dst = src[:n:n], dst[:n:n] // BCE hint
-	for i := 0; i < n; i += 64 {
-		// calculate the remainder of the first round
-		s0, s4, s8, s12 := quarterRound(j0, s.key[0], s.key[4], s.counter)
-
-		// execute the second round
-		x0, x5, x10, x15 := quarterRound(s0, s5, s10, s15)
-		x1, x6, x11, x12 := quarterRound(s1, s6, s11, s12)
-		x2, x7, x8, x13 := quarterRound(s2, s7, s8, s13)
-		x3, x4, x9, x14 := quarterRound(s3, s4, s9, s14)
-
-		// execute the remaining 18 rounds
-		for i := 0; i < 9; i++ {
-			x0, x4, x8, x12 = quarterRound(x0, x4, x8, x12)
-			x1, x5, x9, x13 = quarterRound(x1, x5, x9, x13)
-			x2, x6, x10, x14 = quarterRound(x2, x6, x10, x14)
-			x3, x7, x11, x15 = quarterRound(x3, x7, x11, x15)
-
-			x0, x5, x10, x15 = quarterRound(x0, x5, x10, x15)
-			x1, x6, x11, x12 = quarterRound(x1, x6, x11, x12)
-			x2, x7, x8, x13 = quarterRound(x2, x7, x8, x13)
-			x3, x4, x9, x14 = quarterRound(x3, x4, x9, x14)
-		}
-
-		x0 += j0
-		x1 += j1
-		x2 += j2
-		x3 += j3
-
-		x4 += s.key[0]
-		x5 += s.key[1]
-		x6 += s.key[2]
-		x7 += s.key[3]
-		x8 += s.key[4]
-		x9 += s.key[5]
-		x10 += s.key[6]
-		x11 += s.key[7]
-
-		x12 += s.counter
-		x13 += s.nonce[0]
-		x14 += s.nonce[1]
-		x15 += s.nonce[2]
-
-		// increment the counter
-		s.counter += 1
-		if s.counter == 0 {
-			panic("chacha20: counter overflow")
-		}
-
-		// pad to 64 bytes if needed
-		in, out := src[i:], dst[i:]
-		if i == fin {
-			// src[fin:] has already been copied into s.buf before
-			// the main loop
-			in, out = s.buf[len(s.buf)-64:], s.buf[len(s.buf)-64:]
-		}
-		in, out = in[:64], out[:64] // BCE hint
-
-		// XOR the key stream with the source and write out the result
-		xor(out[0:], in[0:], x0)
-		xor(out[4:], in[4:], x1)
-		xor(out[8:], in[8:], x2)
-		xor(out[12:], in[12:], x3)
-		xor(out[16:], in[16:], x4)
-		xor(out[20:], in[20:], x5)
-		xor(out[24:], in[24:], x6)
-		xor(out[28:], in[28:], x7)
-		xor(out[32:], in[32:], x8)
-		xor(out[36:], in[36:], x9)
-		xor(out[40:], in[40:], x10)
-		xor(out[44:], in[44:], x11)
-		xor(out[48:], in[48:], x12)
-		xor(out[52:], in[52:], x13)
-		xor(out[56:], in[56:], x14)
-		xor(out[60:], in[60:], x15)
-	}
-	// copy any trailing bytes out of the buffer and into dst
-	if rem != 0 {
-		s.len = 64 - rem
-		copy(dst[fin:], s.buf[len(s.buf)-64:])
-	}
-}
-
-// Advance discards bytes in the key stream until the next 64 byte block
-// boundary is reached and updates the counter accordingly. If the key
-// stream is already at a block boundary no bytes will be discarded and
-// the counter will be unchanged.
-func (s *Cipher) Advance() {
-	s.len -= s.len % 64
-	if s.len == 0 {
-		s.buf = [len(s.buf)]byte{}
-	}
-}
-
-// XORKeyStream crypts bytes from in to out using the given key and counters.
-// In and out must overlap entirely or not at all. Counter contains the raw
-// ChaCha20 counter bytes (i.e. block counter followed by nonce).
-func XORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) {
-	s := Cipher{
-		key: [8]uint32{
-			binary.LittleEndian.Uint32(key[0:4]),
-			binary.LittleEndian.Uint32(key[4:8]),
-			binary.LittleEndian.Uint32(key[8:12]),
-			binary.LittleEndian.Uint32(key[12:16]),
-			binary.LittleEndian.Uint32(key[16:20]),
-			binary.LittleEndian.Uint32(key[20:24]),
-			binary.LittleEndian.Uint32(key[24:28]),
-			binary.LittleEndian.Uint32(key[28:32]),
-		},
-		nonce: [3]uint32{
-			binary.LittleEndian.Uint32(counter[4:8]),
-			binary.LittleEndian.Uint32(counter[8:12]),
-			binary.LittleEndian.Uint32(counter[12:16]),
-		},
-		counter: binary.LittleEndian.Uint32(counter[0:4]),
-	}
-	s.XORKeyStream(out, in)
-}
-
-// HChaCha20 uses the ChaCha20 core to generate a derived key from a key and a
-// nonce. It should only be used as part of the XChaCha20 construction.
-func HChaCha20(key *[8]uint32, nonce *[4]uint32) [8]uint32 {
-	x0, x1, x2, x3 := j0, j1, j2, j3
-	x4, x5, x6, x7 := key[0], key[1], key[2], key[3]
-	x8, x9, x10, x11 := key[4], key[5], key[6], key[7]
-	x12, x13, x14, x15 := nonce[0], nonce[1], nonce[2], nonce[3]
-
-	for i := 0; i < 10; i++ {
-		x0, x4, x8, x12 = quarterRound(x0, x4, x8, x12)
-		x1, x5, x9, x13 = quarterRound(x1, x5, x9, x13)
-		x2, x6, x10, x14 = quarterRound(x2, x6, x10, x14)
-		x3, x7, x11, x15 = quarterRound(x3, x7, x11, x15)
-
-		x0, x5, x10, x15 = quarterRound(x0, x5, x10, x15)
-		x1, x6, x11, x12 = quarterRound(x1, x6, x11, x12)
-		x2, x7, x8, x13 = quarterRound(x2, x7, x8, x13)
-		x3, x4, x9, x14 = quarterRound(x3, x4, x9, x14)
-	}
-
-	var out [8]uint32
-	out[0], out[1], out[2], out[3] = x0, x1, x2, x3
-	out[4], out[5], out[6], out[7] = x12, x13, x14, x15
-	return out
-}
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/chacha_ppc64le.go b/vendor/golang.org/x/crypto/internal/chacha20/chacha_ppc64le.go
deleted file mode 100644
index d38a7d38..00000000
--- a/vendor/golang.org/x/crypto/internal/chacha20/chacha_ppc64le.go
+++ /dev/null
@@ -1,53 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build ppc64le,!gccgo,!appengine
-
-package chacha20
-
-import (
-	"encoding/binary"
-)
-
-var haveAsm = true
-
-const bufSize = 256
-
-//go:noescape
-func chaCha20_ctr32_vsx(out, inp *byte, len int, key *[8]uint32, counter *uint32)
-
-func (c *Cipher) xorKeyStreamAsm(dst, src []byte) {
-	// This implementation can handle buffers that aren't multiples of
-	// 256.
-	if len(src) >= bufSize {
-		chaCha20_ctr32_vsx(&dst[0], &src[0], len(src), &c.key, &c.counter)
-	} else if len(src)%bufSize != 0 {
-		chaCha20_ctr32_vsx(&c.buf[0], &c.buf[0], bufSize, &c.key, &c.counter)
-		start := len(src) - len(src)%bufSize
-		ts, td, tb := src[start:], dst[start:], c.buf[:]
-		// Unroll loop to XOR 32 bytes per iteration.
-		for i := 0; i < len(ts)-32; i += 32 {
-			td, tb = td[:len(ts)], tb[:len(ts)] // bounds check elimination
-			s0 := binary.LittleEndian.Uint64(ts[0:8])
-			s1 := binary.LittleEndian.Uint64(ts[8:16])
-			s2 := binary.LittleEndian.Uint64(ts[16:24])
-			s3 := binary.LittleEndian.Uint64(ts[24:32])
-			b0 := binary.LittleEndian.Uint64(tb[0:8])
-			b1 := binary.LittleEndian.Uint64(tb[8:16])
-			b2 := binary.LittleEndian.Uint64(tb[16:24])
-			b3 := binary.LittleEndian.Uint64(tb[24:32])
-			binary.LittleEndian.PutUint64(td[0:8], s0^b0)
-			binary.LittleEndian.PutUint64(td[8:16], s1^b1)
-			binary.LittleEndian.PutUint64(td[16:24], s2^b2)
-			binary.LittleEndian.PutUint64(td[24:32], s3^b3)
-			ts, td, tb = ts[32:], td[32:], tb[32:]
-		}
-		td, tb = td[:len(ts)], tb[:len(ts)] // bounds check elimination
-		for i, v := range ts {
-			td[i] = tb[i] ^ v
-		}
-		c.len = bufSize - (len(src) % bufSize)
-	}
-
-}
diff --git a/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.go b/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.go
deleted file mode 100644
index aad645b4..00000000
--- a/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.go
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build s390x,!gccgo,!appengine
-
-package chacha20
-
-import (
-	"golang.org/x/sys/cpu"
-)
-
-var haveAsm = cpu.S390X.HasVX
-
-const bufSize = 256
-
-// xorKeyStreamVX is an assembly implementation of XORKeyStream. It must only
-// be called when the vector facility is available.
-// Implementation in asm_s390x.s.
-//go:noescape
-func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32, buf *[256]byte, len *int)
-
-func (c *Cipher) xorKeyStreamAsm(dst, src []byte) {
-	xorKeyStreamVX(dst, src, &c.key, &c.nonce, &c.counter, &c.buf, &c.len)
-}
-
-// EXRL targets, DO NOT CALL!
-func mvcSrcToBuf()
-func mvcBufToDst()
diff --git a/vendor/golang.org/x/crypto/nacl/box/box.go b/vendor/golang.org/x/crypto/nacl/box/box.go
index 31b697be..7f3b830e 100644
--- a/vendor/golang.org/x/crypto/nacl/box/box.go
+++ b/vendor/golang.org/x/crypto/nacl/box/box.go
@@ -31,19 +31,30 @@ Thus large amounts of data should be chunked so that each message is small.
 chunk size.
 
 This package is interoperable with NaCl: https://nacl.cr.yp.to/box.html.
+Anonymous sealing/opening is an extension of NaCl defined by and interoperable
+with libsodium:
+https://libsodium.gitbook.io/doc/public-key_cryptography/sealed_boxes.
 */
 package box // import "golang.org/x/crypto/nacl/box"
 
 import (
+	cryptorand "crypto/rand"
 	"io"
 
+	"golang.org/x/crypto/blake2b"
 	"golang.org/x/crypto/curve25519"
 	"golang.org/x/crypto/nacl/secretbox"
 	"golang.org/x/crypto/salsa20/salsa"
 )
 
-// Overhead is the number of bytes of overhead when boxing a message.
-const Overhead = secretbox.Overhead
+const (
+	// Overhead is the number of bytes of overhead when boxing a message.
+	Overhead = secretbox.Overhead
+
+	// AnonymousOverhead is the number of bytes of overhead when using anonymous
+	// sealed boxes.
+	AnonymousOverhead = Overhead + 32
+)
 
 // GenerateKey generates a new public/private key pair suitable for use with
 // Seal and Open.
@@ -101,3 +112,71 @@ func Open(out, box []byte, nonce *[24]byte, peersPublicKey, privateKey *[32]byte
 func OpenAfterPrecomputation(out, box []byte, nonce *[24]byte, sharedKey *[32]byte) ([]byte, bool) {
 	return secretbox.Open(out, box, nonce, sharedKey)
 }
+
+// SealAnonymous appends an encrypted and authenticated copy of message to out,
+// which will be AnonymousOverhead bytes longer than the original and must not
+// overlap it. This differs from Seal in that the sender is not required to
+// provide a private key.
+func SealAnonymous(out, message []byte, recipient *[32]byte, rand io.Reader) ([]byte, error) {
+	if rand == nil {
+		rand = cryptorand.Reader
+	}
+	ephemeralPub, ephemeralPriv, err := GenerateKey(rand)
+	if err != nil {
+		return nil, err
+	}
+
+	var nonce [24]byte
+	if err := sealNonce(ephemeralPub, recipient, &nonce); err != nil {
+		return nil, err
+	}
+
+	if total := len(out) + AnonymousOverhead + len(message); cap(out) < total {
+		original := out
+		out = make([]byte, 0, total)
+		out = append(out, original...)
+	}
+	out = append(out, ephemeralPub[:]...)
+
+	return Seal(out, message, &nonce, recipient, ephemeralPriv), nil
+}
+
+// OpenAnonymous authenticates and decrypts a box produced by SealAnonymous and
+// appends the message to out, which must not overlap box. The output will be
+// AnonymousOverhead bytes smaller than box.
+func OpenAnonymous(out, box []byte, publicKey, privateKey *[32]byte) (message []byte, ok bool) {
+	if len(box) < AnonymousOverhead {
+		return nil, false
+	}
+
+	var ephemeralPub [32]byte
+	copy(ephemeralPub[:], box[:32])
+
+	var nonce [24]byte
+	if err := sealNonce(&ephemeralPub, publicKey, &nonce); err != nil {
+		return nil, false
+	}
+
+	return Open(out, box[32:], &nonce, &ephemeralPub, privateKey)
+}
+
+// sealNonce generates a 24 byte nonce that is a blake2b digest of the
+// ephemeral public key and the receiver's public key.
+func sealNonce(ephemeralPub, peersPublicKey *[32]byte, nonce *[24]byte) error {
+	h, err := blake2b.New(24, nil)
+	if err != nil {
+		return err
+	}
+
+	if _, err = h.Write(ephemeralPub[:]); err != nil {
+		return err
+	}
+
+	if _, err = h.Write(peersPublicKey[:]); err != nil {
+		return err
+	}
+
+	h.Sum(nonce[:0])
+
+	return nil
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/bits_compat.go b/vendor/golang.org/x/crypto/poly1305/bits_compat.go
new file mode 100644
index 00000000..157a69f6
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/bits_compat.go
@@ -0,0 +1,39 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !go1.13
+
+package poly1305
+
+// Generic fallbacks for the math/bits intrinsics, copied from
+// src/math/bits/bits.go. They were added in Go 1.12, but Add64 and Sum64 had
+// variable time fallbacks until Go 1.13.
+
+func bitsAdd64(x, y, carry uint64) (sum, carryOut uint64) {
+	sum = x + y + carry
+	carryOut = ((x & y) | ((x | y) &^ sum)) >> 63
+	return
+}
+
+func bitsSub64(x, y, borrow uint64) (diff, borrowOut uint64) {
+	diff = x - y - borrow
+	borrowOut = ((^x & y) | (^(x ^ y) & diff)) >> 63
+	return
+}
+
+func bitsMul64(x, y uint64) (hi, lo uint64) {
+	const mask32 = 1<<32 - 1
+	x0 := x & mask32
+	x1 := x >> 32
+	y0 := y & mask32
+	y1 := y >> 32
+	w0 := x0 * y0
+	t := x1*y0 + w0>>32
+	w1 := t & mask32
+	w2 := t >> 32
+	w1 += x0 * y1
+	hi = x1*y1 + w2 + w1>>32
+	lo = x * y
+	return
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/bits_go1.13.go b/vendor/golang.org/x/crypto/poly1305/bits_go1.13.go
new file mode 100644
index 00000000..a0a185f0
--- /dev/null
+++ b/vendor/golang.org/x/crypto/poly1305/bits_go1.13.go
@@ -0,0 +1,21 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build go1.13
+
+package poly1305
+
+import "math/bits"
+
+func bitsAdd64(x, y, carry uint64) (sum, carryOut uint64) {
+	return bits.Add64(x, y, carry)
+}
+
+func bitsSub64(x, y, borrow uint64) (diff, borrowOut uint64) {
+	return bits.Sub64(x, y, borrow)
+}
+
+func bitsMul64(x, y uint64) (hi, lo uint64) {
+	return bits.Mul64(x, y)
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/mac_noasm.go b/vendor/golang.org/x/crypto/poly1305/mac_noasm.go
index a8dd589a..d118f30e 100644
--- a/vendor/golang.org/x/crypto/poly1305/mac_noasm.go
+++ b/vendor/golang.org/x/crypto/poly1305/mac_noasm.go
@@ -2,10 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !amd64,!ppc64le gccgo appengine
+// +build !amd64,!ppc64le,!s390x gccgo purego
 
 package poly1305
 
 type mac struct{ macGeneric }
-
-func newMAC(key *[32]byte) mac { return mac{newMACGeneric(key)} }
diff --git a/vendor/golang.org/x/crypto/poly1305/poly1305.go b/vendor/golang.org/x/crypto/poly1305/poly1305.go
index d076a562..9d7a6af0 100644
--- a/vendor/golang.org/x/crypto/poly1305/poly1305.go
+++ b/vendor/golang.org/x/crypto/poly1305/poly1305.go
@@ -22,8 +22,16 @@ import "crypto/subtle"
 // TagSize is the size, in bytes, of a poly1305 authenticator.
 const TagSize = 16
 
-// Verify returns true if mac is a valid authenticator for m with the given
-// key.
+// Sum generates an authenticator for msg using a one-time key and puts the
+// 16-byte result into out. Authenticating two different messages with the same
+// key allows an attacker to forge messages at will.
+func Sum(out *[16]byte, m []byte, key *[32]byte) {
+	h := New(key)
+	h.Write(m)
+	h.Sum(out[:0])
+}
+
+// Verify returns true if mac is a valid authenticator for m with the given key.
 func Verify(mac *[16]byte, m []byte, key *[32]byte) bool {
 	var tmp [16]byte
 	Sum(&tmp, m, key)
@@ -40,10 +48,9 @@ func Verify(mac *[16]byte, m []byte, key *[32]byte) bool {
 // two different messages with the same key allows an attacker
 // to forge messages at will.
 func New(key *[32]byte) *MAC {
-	return &MAC{
-		mac:       newMAC(key),
-		finalized: false,
-	}
+	m := &MAC{}
+	initialize(key, &m.macState)
+	return m
 }
 
 // MAC is an io.Writer computing an authentication tag
@@ -52,7 +59,7 @@ func New(key *[32]byte) *MAC {
 // MAC cannot be used like common hash.Hash implementations,
 // because using a poly1305 key twice breaks its security.
 // Therefore writing data to a running MAC after calling
-// Sum causes it to panic.
+// Sum or Verify causes it to panic.
 type MAC struct {
 	mac // platform-dependent implementation
 
@@ -65,10 +72,10 @@ func (h *MAC) Size() int { return TagSize }
 // Write adds more data to the running message authentication code.
 // It never returns an error.
 //
-// It must not be called after the first call of Sum.
+// It must not be called after the first call of Sum or Verify.
 func (h *MAC) Write(p []byte) (n int, err error) {
 	if h.finalized {
-		panic("poly1305: write to MAC after Sum")
+		panic("poly1305: write to MAC after Sum or Verify")
 	}
 	return h.mac.Write(p)
 }
@@ -81,3 +88,12 @@ func (h *MAC) Sum(b []byte) []byte {
 	h.finalized = true
 	return append(b, mac[:]...)
 }
+
+// Verify returns whether the authenticator of all data written to
+// the message authentication code matches the expected value.
+func (h *MAC) Verify(expected []byte) bool {
+	var mac [TagSize]byte
+	h.mac.Sum(&mac)
+	h.finalized = true
+	return subtle.ConstantTimeCompare(expected, mac[:]) == 1
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_amd64.go b/vendor/golang.org/x/crypto/poly1305/sum_amd64.go
index 2dbf42aa..99e5a1d5 100644
--- a/vendor/golang.org/x/crypto/poly1305/sum_amd64.go
+++ b/vendor/golang.org/x/crypto/poly1305/sum_amd64.go
@@ -2,67 +2,46 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build amd64,!gccgo,!appengine
+// +build !gccgo,!purego
 
 package poly1305
 
 //go:noescape
-func initialize(state *[7]uint64, key *[32]byte)
+func update(state *macState, msg []byte)
 
-//go:noescape
-func update(state *[7]uint64, msg []byte)
+// mac is a wrapper for macGeneric that redirects calls that would have gone to
+// updateGeneric to update.
+//
+// Its Write and Sum methods are otherwise identical to the macGeneric ones, but
+// using function pointers would carry a major performance cost.
+type mac struct{ macGeneric }
 
-//go:noescape
-func finalize(tag *[TagSize]byte, state *[7]uint64)
-
-// Sum generates an authenticator for m using a one-time key and puts the
-// 16-byte result into out. Authenticating two different messages with the same
-// key allows an attacker to forge messages at will.
-func Sum(out *[16]byte, m []byte, key *[32]byte) {
-	h := newMAC(key)
-	h.Write(m)
-	h.Sum(out)
-}
-
-func newMAC(key *[32]byte) (h mac) {
-	initialize(&h.state, key)
-	return
-}
-
-type mac struct {
-	state [7]uint64 // := uint64{ h0, h1, h2, r0, r1, pad0, pad1 }
-
-	buffer [TagSize]byte
-	offset int
-}
-
-func (h *mac) Write(p []byte) (n int, err error) {
-	n = len(p)
+func (h *mac) Write(p []byte) (int, error) {
+	nn := len(p)
 	if h.offset > 0 {
-		remaining := TagSize - h.offset
-		if n < remaining {
-			h.offset += copy(h.buffer[h.offset:], p)
-			return n, nil
+		n := copy(h.buffer[h.offset:], p)
+		if h.offset+n < TagSize {
+			h.offset += n
+			return nn, nil
 		}
-		copy(h.buffer[h.offset:], p[:remaining])
-		p = p[remaining:]
+		p = p[n:]
 		h.offset = 0
-		update(&h.state, h.buffer[:])
+		update(&h.macState, h.buffer[:])
 	}
-	if nn := len(p) - (len(p) % TagSize); nn > 0 {
-		update(&h.state, p[:nn])
-		p = p[nn:]
+	if n := len(p) - (len(p) % TagSize); n > 0 {
+		update(&h.macState, p[:n])
+		p = p[n:]
 	}
 	if len(p) > 0 {
 		h.offset += copy(h.buffer[h.offset:], p)
 	}
-	return n, nil
+	return nn, nil
 }
 
 func (h *mac) Sum(out *[16]byte) {
-	state := h.state
+	state := h.macState
 	if h.offset > 0 {
 		update(&state, h.buffer[:h.offset])
 	}
-	finalize(out, &state)
+	finalize(out, &state.h, &state.s)
 }
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_amd64.s b/vendor/golang.org/x/crypto/poly1305/sum_amd64.s
index 7d600f13..8d394a21 100644
--- a/vendor/golang.org/x/crypto/poly1305/sum_amd64.s
+++ b/vendor/golang.org/x/crypto/poly1305/sum_amd64.s
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build amd64,!gccgo,!appengine
+// +build !gccgo,!purego
 
 #include "textflag.h"
 
@@ -54,10 +54,6 @@
 	ADCQ  t3, h1;                  \
 	ADCQ  $0, h2
 
-DATA ·poly1305Mask<>+0x00(SB)/8, $0x0FFFFFFC0FFFFFFF
-DATA ·poly1305Mask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC
-GLOBL ·poly1305Mask<>(SB), RODATA, $16
-
 // func update(state *[7]uint64, msg []byte)
 TEXT ·update(SB), $0-32
 	MOVQ state+0(FP), DI
@@ -110,39 +106,3 @@ done:
 	MOVQ R9, 8(DI)
 	MOVQ R10, 16(DI)
 	RET
-
-// func initialize(state *[7]uint64, key *[32]byte)
-TEXT ·initialize(SB), $0-16
-	MOVQ state+0(FP), DI
-	MOVQ key+8(FP), SI
-
-	// state[0...7] is initialized with zero
-	MOVOU 0(SI), X0
-	MOVOU 16(SI), X1
-	MOVOU ·poly1305Mask<>(SB), X2
-	PAND  X2, X0
-	MOVOU X0, 24(DI)
-	MOVOU X1, 40(DI)
-	RET
-
-// func finalize(tag *[TagSize]byte, state *[7]uint64)
-TEXT ·finalize(SB), $0-16
-	MOVQ tag+0(FP), DI
-	MOVQ state+8(FP), SI
-
-	MOVQ    0(SI), AX
-	MOVQ    8(SI), BX
-	MOVQ    16(SI), CX
-	MOVQ    AX, R8
-	MOVQ    BX, R9
-	SUBQ    $0xFFFFFFFFFFFFFFFB, AX
-	SBBQ    $0xFFFFFFFFFFFFFFFF, BX
-	SBBQ    $3, CX
-	CMOVQCS R8, AX
-	CMOVQCS R9, BX
-	ADDQ    40(SI), AX
-	ADCQ    48(SI), BX
-
-	MOVQ AX, 0(DI)
-	MOVQ BX, 8(DI)
-	RET
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_arm.go b/vendor/golang.org/x/crypto/poly1305/sum_arm.go
deleted file mode 100644
index 5dc321c2..00000000
--- a/vendor/golang.org/x/crypto/poly1305/sum_arm.go
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build arm,!gccgo,!appengine,!nacl
-
-package poly1305
-
-// This function is implemented in sum_arm.s
-//go:noescape
-func poly1305_auth_armv6(out *[16]byte, m *byte, mlen uint32, key *[32]byte)
-
-// Sum generates an authenticator for m using a one-time key and puts the
-// 16-byte result into out. Authenticating two different messages with the same
-// key allows an attacker to forge messages at will.
-func Sum(out *[16]byte, m []byte, key *[32]byte) {
-	var mPtr *byte
-	if len(m) > 0 {
-		mPtr = &m[0]
-	}
-	poly1305_auth_armv6(out, mPtr, uint32(len(m)), key)
-}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_arm.s b/vendor/golang.org/x/crypto/poly1305/sum_arm.s
deleted file mode 100644
index f70b4ac4..00000000
--- a/vendor/golang.org/x/crypto/poly1305/sum_arm.s
+++ /dev/null
@@ -1,427 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build arm,!gccgo,!appengine,!nacl
-
-#include "textflag.h"
-
-// This code was translated into a form compatible with 5a from the public
-// domain source by Andrew Moon: github.com/floodyberry/poly1305-opt/blob/master/app/extensions/poly1305.
-
-DATA ·poly1305_init_constants_armv6<>+0x00(SB)/4, $0x3ffffff
-DATA ·poly1305_init_constants_armv6<>+0x04(SB)/4, $0x3ffff03
-DATA ·poly1305_init_constants_armv6<>+0x08(SB)/4, $0x3ffc0ff
-DATA ·poly1305_init_constants_armv6<>+0x0c(SB)/4, $0x3f03fff
-DATA ·poly1305_init_constants_armv6<>+0x10(SB)/4, $0x00fffff
-GLOBL ·poly1305_init_constants_armv6<>(SB), 8, $20
-
-// Warning: the linker may use R11 to synthesize certain instructions. Please
-// take care and verify that no synthetic instructions use it.
-
-TEXT poly1305_init_ext_armv6<>(SB), NOSPLIT, $0
-	// Needs 16 bytes of stack and 64 bytes of space pointed to by R0.  (It
-	// might look like it's only 60 bytes of space but the final four bytes
-	// will be written by another function.) We need to skip over four
-	// bytes of stack because that's saving the value of 'g'.
-	ADD       $4, R13, R8
-	MOVM.IB   [R4-R7], (R8)
-	MOVM.IA.W (R1), [R2-R5]
-	MOVW      $·poly1305_init_constants_armv6<>(SB), R7
-	MOVW      R2, R8
-	MOVW      R2>>26, R9
-	MOVW      R3>>20, g
-	MOVW      R4>>14, R11
-	MOVW      R5>>8, R12
-	ORR       R3<<6, R9, R9
-	ORR       R4<<12, g, g
-	ORR       R5<<18, R11, R11
-	MOVM.IA   (R7), [R2-R6]
-	AND       R8, R2, R2
-	AND       R9, R3, R3
-	AND       g, R4, R4
-	AND       R11, R5, R5
-	AND       R12, R6, R6
-	MOVM.IA.W [R2-R6], (R0)
-	EOR       R2, R2, R2
-	EOR       R3, R3, R3
-	EOR       R4, R4, R4
-	EOR       R5, R5, R5
-	EOR       R6, R6, R6
-	MOVM.IA.W [R2-R6], (R0)
-	MOVM.IA.W (R1), [R2-R5]
-	MOVM.IA   [R2-R6], (R0)
-	ADD       $20, R13, R0
-	MOVM.DA   (R0), [R4-R7]
-	RET
-
-#define MOVW_UNALIGNED(Rsrc, Rdst, Rtmp, offset) \
-	MOVBU (offset+0)(Rsrc), Rtmp; \
-	MOVBU Rtmp, (offset+0)(Rdst); \
-	MOVBU (offset+1)(Rsrc), Rtmp; \
-	MOVBU Rtmp, (offset+1)(Rdst); \
-	MOVBU (offset+2)(Rsrc), Rtmp; \
-	MOVBU Rtmp, (offset+2)(Rdst); \
-	MOVBU (offset+3)(Rsrc), Rtmp; \
-	MOVBU Rtmp, (offset+3)(Rdst)
-
-TEXT poly1305_blocks_armv6<>(SB), NOSPLIT, $0
-	// Needs 24 bytes of stack for saved registers and then 88 bytes of
-	// scratch space after that. We assume that 24 bytes at (R13) have
-	// already been used: four bytes for the link register saved in the
-	// prelude of poly1305_auth_armv6, four bytes for saving the value of g
-	// in that function and 16 bytes of scratch space used around
-	// poly1305_finish_ext_armv6_skip1.
-	ADD     $24, R13, R12
-	MOVM.IB [R4-R8, R14], (R12)
-	MOVW    R0, 88(R13)
-	MOVW    R1, 92(R13)
-	MOVW    R2, 96(R13)
-	MOVW    R1, R14
-	MOVW    R2, R12
-	MOVW    56(R0), R8
-	WORD    $0xe1180008                // TST R8, R8 not working see issue 5921
-	EOR     R6, R6, R6
-	MOVW.EQ $(1<<24), R6
-	MOVW    R6, 84(R13)
-	ADD     $116, R13, g
-	MOVM.IA (R0), [R0-R9]
-	MOVM.IA [R0-R4], (g)
-	CMP     $16, R12
-	BLO     poly1305_blocks_armv6_done
-
-poly1305_blocks_armv6_mainloop:
-	WORD    $0xe31e0003                            // TST R14, #3 not working see issue 5921
-	BEQ     poly1305_blocks_armv6_mainloop_aligned
-	ADD     $100, R13, g
-	MOVW_UNALIGNED(R14, g, R0, 0)
-	MOVW_UNALIGNED(R14, g, R0, 4)
-	MOVW_UNALIGNED(R14, g, R0, 8)
-	MOVW_UNALIGNED(R14, g, R0, 12)
-	MOVM.IA (g), [R0-R3]
-	ADD     $16, R14
-	B       poly1305_blocks_armv6_mainloop_loaded
-
-poly1305_blocks_armv6_mainloop_aligned:
-	MOVM.IA.W (R14), [R0-R3]
-
-poly1305_blocks_armv6_mainloop_loaded:
-	MOVW    R0>>26, g
-	MOVW    R1>>20, R11
-	MOVW    R2>>14, R12
-	MOVW    R14, 92(R13)
-	MOVW    R3>>8, R4
-	ORR     R1<<6, g, g
-	ORR     R2<<12, R11, R11
-	ORR     R3<<18, R12, R12
-	BIC     $0xfc000000, R0, R0
-	BIC     $0xfc000000, g, g
-	MOVW    84(R13), R3
-	BIC     $0xfc000000, R11, R11
-	BIC     $0xfc000000, R12, R12
-	ADD     R0, R5, R5
-	ADD     g, R6, R6
-	ORR     R3, R4, R4
-	ADD     R11, R7, R7
-	ADD     $116, R13, R14
-	ADD     R12, R8, R8
-	ADD     R4, R9, R9
-	MOVM.IA (R14), [R0-R4]
-	MULLU   R4, R5, (R11, g)
-	MULLU   R3, R5, (R14, R12)
-	MULALU  R3, R6, (R11, g)
-	MULALU  R2, R6, (R14, R12)
-	MULALU  R2, R7, (R11, g)
-	MULALU  R1, R7, (R14, R12)
-	ADD     R4<<2, R4, R4
-	ADD     R3<<2, R3, R3
-	MULALU  R1, R8, (R11, g)
-	MULALU  R0, R8, (R14, R12)
-	MULALU  R0, R9, (R11, g)
-	MULALU  R4, R9, (R14, R12)
-	MOVW    g, 76(R13)
-	MOVW    R11, 80(R13)
-	MOVW    R12, 68(R13)
-	MOVW    R14, 72(R13)
-	MULLU   R2, R5, (R11, g)
-	MULLU   R1, R5, (R14, R12)
-	MULALU  R1, R6, (R11, g)
-	MULALU  R0, R6, (R14, R12)
-	MULALU  R0, R7, (R11, g)
-	MULALU  R4, R7, (R14, R12)
-	ADD     R2<<2, R2, R2
-	ADD     R1<<2, R1, R1
-	MULALU  R4, R8, (R11, g)
-	MULALU  R3, R8, (R14, R12)
-	MULALU  R3, R9, (R11, g)
-	MULALU  R2, R9, (R14, R12)
-	MOVW    g, 60(R13)
-	MOVW    R11, 64(R13)
-	MOVW    R12, 52(R13)
-	MOVW    R14, 56(R13)
-	MULLU   R0, R5, (R11, g)
-	MULALU  R4, R6, (R11, g)
-	MULALU  R3, R7, (R11, g)
-	MULALU  R2, R8, (R11, g)
-	MULALU  R1, R9, (R11, g)
-	ADD     $52, R13, R0
-	MOVM.IA (R0), [R0-R7]
-	MOVW    g>>26, R12
-	MOVW    R4>>26, R14
-	ORR     R11<<6, R12, R12
-	ORR     R5<<6, R14, R14
-	BIC     $0xfc000000, g, g
-	BIC     $0xfc000000, R4, R4
-	ADD.S   R12, R0, R0
-	ADC     $0, R1, R1
-	ADD.S   R14, R6, R6
-	ADC     $0, R7, R7
-	MOVW    R0>>26, R12
-	MOVW    R6>>26, R14
-	ORR     R1<<6, R12, R12
-	ORR     R7<<6, R14, R14
-	BIC     $0xfc000000, R0, R0
-	BIC     $0xfc000000, R6, R6
-	ADD     R14<<2, R14, R14
-	ADD.S   R12, R2, R2
-	ADC     $0, R3, R3
-	ADD     R14, g, g
-	MOVW    R2>>26, R12
-	MOVW    g>>26, R14
-	ORR     R3<<6, R12, R12
-	BIC     $0xfc000000, g, R5
-	BIC     $0xfc000000, R2, R7
-	ADD     R12, R4, R4
-	ADD     R14, R0, R0
-	MOVW    R4>>26, R12
-	BIC     $0xfc000000, R4, R8
-	ADD     R12, R6, R9
-	MOVW    96(R13), R12
-	MOVW    92(R13), R14
-	MOVW    R0, R6
-	CMP     $32, R12
-	SUB     $16, R12, R12
-	MOVW    R12, 96(R13)
-	BHS     poly1305_blocks_armv6_mainloop
-
-poly1305_blocks_armv6_done:
-	MOVW    88(R13), R12
-	MOVW    R5, 20(R12)
-	MOVW    R6, 24(R12)
-	MOVW    R7, 28(R12)
-	MOVW    R8, 32(R12)
-	MOVW    R9, 36(R12)
-	ADD     $48, R13, R0
-	MOVM.DA (R0), [R4-R8, R14]
-	RET
-
-#define MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp) \
-	MOVBU.P 1(Rsrc), Rtmp; \
-	MOVBU.P Rtmp, 1(Rdst); \
-	MOVBU.P 1(Rsrc), Rtmp; \
-	MOVBU.P Rtmp, 1(Rdst)
-
-#define MOVWP_UNALIGNED(Rsrc, Rdst, Rtmp) \
-	MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp); \
-	MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp)
-
-// func poly1305_auth_armv6(out *[16]byte, m *byte, mlen uint32, key *[32]key)
-TEXT ·poly1305_auth_armv6(SB), $196-16
-	// The value 196, just above, is the sum of 64 (the size of the context
-	// structure) and 132 (the amount of stack needed).
-	//
-	// At this point, the stack pointer (R13) has been moved down. It
-	// points to the saved link register and there's 196 bytes of free
-	// space above it.
-	//
-	// The stack for this function looks like:
-	//
-	// +---------------------
-	// |
-	// | 64 bytes of context structure
-	// |
-	// +---------------------
-	// |
-	// | 112 bytes for poly1305_blocks_armv6
-	// |
-	// +---------------------
-	// | 16 bytes of final block, constructed at
-	// | poly1305_finish_ext_armv6_skip8
-	// +---------------------
-	// | four bytes of saved 'g'
-	// +---------------------
-	// | lr, saved by prelude    <- R13 points here
-	// +---------------------
-	MOVW g, 4(R13)
-
-	MOVW out+0(FP), R4
-	MOVW m+4(FP), R5
-	MOVW mlen+8(FP), R6
-	MOVW key+12(FP), R7
-
-	ADD  $136, R13, R0 // 136 = 4 + 4 + 16 + 112
-	MOVW R7, R1
-
-	// poly1305_init_ext_armv6 will write to the stack from R13+4, but
-	// that's ok because none of the other values have been written yet.
-	BL    poly1305_init_ext_armv6<>(SB)
-	BIC.S $15, R6, R2
-	BEQ   poly1305_auth_armv6_noblocks
-	ADD   $136, R13, R0
-	MOVW  R5, R1
-	ADD   R2, R5, R5
-	SUB   R2, R6, R6
-	BL    poly1305_blocks_armv6<>(SB)
-
-poly1305_auth_armv6_noblocks:
-	ADD  $136, R13, R0
-	MOVW R5, R1
-	MOVW R6, R2
-	MOVW R4, R3
-
-	MOVW  R0, R5
-	MOVW  R1, R6
-	MOVW  R2, R7
-	MOVW  R3, R8
-	AND.S R2, R2, R2
-	BEQ   poly1305_finish_ext_armv6_noremaining
-	EOR   R0, R0
-	ADD   $8, R13, R9                           // 8 = offset to 16 byte scratch space
-	MOVW  R0, (R9)
-	MOVW  R0, 4(R9)
-	MOVW  R0, 8(R9)
-	MOVW  R0, 12(R9)
-	WORD  $0xe3110003                           // TST R1, #3 not working see issue 5921
-	BEQ   poly1305_finish_ext_armv6_aligned
-	WORD  $0xe3120008                           // TST R2, #8 not working see issue 5921
-	BEQ   poly1305_finish_ext_armv6_skip8
-	MOVWP_UNALIGNED(R1, R9, g)
-	MOVWP_UNALIGNED(R1, R9, g)
-
-poly1305_finish_ext_armv6_skip8:
-	WORD $0xe3120004                     // TST $4, R2 not working see issue 5921
-	BEQ  poly1305_finish_ext_armv6_skip4
-	MOVWP_UNALIGNED(R1, R9, g)
-
-poly1305_finish_ext_armv6_skip4:
-	WORD $0xe3120002                     // TST $2, R2 not working see issue 5921
-	BEQ  poly1305_finish_ext_armv6_skip2
-	MOVHUP_UNALIGNED(R1, R9, g)
-	B    poly1305_finish_ext_armv6_skip2
-
-poly1305_finish_ext_armv6_aligned:
-	WORD      $0xe3120008                             // TST R2, #8 not working see issue 5921
-	BEQ       poly1305_finish_ext_armv6_skip8_aligned
-	MOVM.IA.W (R1), [g-R11]
-	MOVM.IA.W [g-R11], (R9)
-
-poly1305_finish_ext_armv6_skip8_aligned:
-	WORD   $0xe3120004                             // TST $4, R2 not working see issue 5921
-	BEQ    poly1305_finish_ext_armv6_skip4_aligned
-	MOVW.P 4(R1), g
-	MOVW.P g, 4(R9)
-
-poly1305_finish_ext_armv6_skip4_aligned:
-	WORD    $0xe3120002                     // TST $2, R2 not working see issue 5921
-	BEQ     poly1305_finish_ext_armv6_skip2
-	MOVHU.P 2(R1), g
-	MOVH.P  g, 2(R9)
-
-poly1305_finish_ext_armv6_skip2:
-	WORD    $0xe3120001                     // TST $1, R2 not working see issue 5921
-	BEQ     poly1305_finish_ext_armv6_skip1
-	MOVBU.P 1(R1), g
-	MOVBU.P g, 1(R9)
-
-poly1305_finish_ext_armv6_skip1:
-	MOVW  $1, R11
-	MOVBU R11, 0(R9)
-	MOVW  R11, 56(R5)
-	MOVW  R5, R0
-	ADD   $8, R13, R1
-	MOVW  $16, R2
-	BL    poly1305_blocks_armv6<>(SB)
-
-poly1305_finish_ext_armv6_noremaining:
-	MOVW      20(R5), R0
-	MOVW      24(R5), R1
-	MOVW      28(R5), R2
-	MOVW      32(R5), R3
-	MOVW      36(R5), R4
-	MOVW      R4>>26, R12
-	BIC       $0xfc000000, R4, R4
-	ADD       R12<<2, R12, R12
-	ADD       R12, R0, R0
-	MOVW      R0>>26, R12
-	BIC       $0xfc000000, R0, R0
-	ADD       R12, R1, R1
-	MOVW      R1>>26, R12
-	BIC       $0xfc000000, R1, R1
-	ADD       R12, R2, R2
-	MOVW      R2>>26, R12
-	BIC       $0xfc000000, R2, R2
-	ADD       R12, R3, R3
-	MOVW      R3>>26, R12
-	BIC       $0xfc000000, R3, R3
-	ADD       R12, R4, R4
-	ADD       $5, R0, R6
-	MOVW      R6>>26, R12
-	BIC       $0xfc000000, R6, R6
-	ADD       R12, R1, R7
-	MOVW      R7>>26, R12
-	BIC       $0xfc000000, R7, R7
-	ADD       R12, R2, g
-	MOVW      g>>26, R12
-	BIC       $0xfc000000, g, g
-	ADD       R12, R3, R11
-	MOVW      $-(1<<26), R12
-	ADD       R11>>26, R12, R12
-	BIC       $0xfc000000, R11, R11
-	ADD       R12, R4, R9
-	MOVW      R9>>31, R12
-	SUB       $1, R12
-	AND       R12, R6, R6
-	AND       R12, R7, R7
-	AND       R12, g, g
-	AND       R12, R11, R11
-	AND       R12, R9, R9
-	MVN       R12, R12
-	AND       R12, R0, R0
-	AND       R12, R1, R1
-	AND       R12, R2, R2
-	AND       R12, R3, R3
-	AND       R12, R4, R4
-	ORR       R6, R0, R0
-	ORR       R7, R1, R1
-	ORR       g, R2, R2
-	ORR       R11, R3, R3
-	ORR       R9, R4, R4
-	ORR       R1<<26, R0, R0
-	MOVW      R1>>6, R1
-	ORR       R2<<20, R1, R1
-	MOVW      R2>>12, R2
-	ORR       R3<<14, R2, R2
-	MOVW      R3>>18, R3
-	ORR       R4<<8, R3, R3
-	MOVW      40(R5), R6
-	MOVW      44(R5), R7
-	MOVW      48(R5), g
-	MOVW      52(R5), R11
-	ADD.S     R6, R0, R0
-	ADC.S     R7, R1, R1
-	ADC.S     g, R2, R2
-	ADC.S     R11, R3, R3
-	MOVM.IA   [R0-R3], (R8)
-	MOVW      R5, R12
-	EOR       R0, R0, R0
-	EOR       R1, R1, R1
-	EOR       R2, R2, R2
-	EOR       R3, R3, R3
-	EOR       R4, R4, R4
-	EOR       R5, R5, R5
-	EOR       R6, R6, R6
-	EOR       R7, R7, R7
-	MOVM.IA.W [R0-R7], (R12)
-	MOVM.IA   [R0-R7], (R12)
-	MOVW      4(R13), g
-	RET
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_generic.go b/vendor/golang.org/x/crypto/poly1305/sum_generic.go
index bab76ef0..c942a659 100644
--- a/vendor/golang.org/x/crypto/poly1305/sum_generic.go
+++ b/vendor/golang.org/x/crypto/poly1305/sum_generic.go
@@ -2,171 +2,309 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+// This file provides the generic implementation of Sum and MAC. Other files
+// might provide optimized assembly implementations of some of this code.
+
 package poly1305
 
 import "encoding/binary"
 
-const (
-	msgBlock   = uint32(1 << 24)
-	finalBlock = uint32(0)
-)
+// Poly1305 [RFC 7539] is a relatively simple algorithm: the authentication tag
+// for a 64 bytes message is approximately
+//
+//     s + m[0:16] * r⁴ + m[16:32] * r³ + m[32:48] * r² + m[48:64] * r  mod  2¹³⁰ - 5
+//
+// for some secret r and s. It can be computed sequentially like
+//
+//     for len(msg) > 0:
+//         h += read(msg, 16)
+//         h *= r
+//         h %= 2¹³⁰ - 5
+//     return h + s
+//
+// All the complexity is about doing performant constant-time math on numbers
+// larger than any available numeric type.
 
-// sumGeneric generates an authenticator for msg using a one-time key and
-// puts the 16-byte result into out. This is the generic implementation of
-// Sum and should be called if no assembly implementation is available.
 func sumGeneric(out *[TagSize]byte, msg []byte, key *[32]byte) {
 	h := newMACGeneric(key)
 	h.Write(msg)
 	h.Sum(out)
 }
 
-func newMACGeneric(key *[32]byte) (h macGeneric) {
-	h.r[0] = binary.LittleEndian.Uint32(key[0:]) & 0x3ffffff
-	h.r[1] = (binary.LittleEndian.Uint32(key[3:]) >> 2) & 0x3ffff03
-	h.r[2] = (binary.LittleEndian.Uint32(key[6:]) >> 4) & 0x3ffc0ff
-	h.r[3] = (binary.LittleEndian.Uint32(key[9:]) >> 6) & 0x3f03fff
-	h.r[4] = (binary.LittleEndian.Uint32(key[12:]) >> 8) & 0x00fffff
+func newMACGeneric(key *[32]byte) macGeneric {
+	m := macGeneric{}
+	initialize(key, &m.macState)
+	return m
+}
 
-	h.s[0] = binary.LittleEndian.Uint32(key[16:])
-	h.s[1] = binary.LittleEndian.Uint32(key[20:])
-	h.s[2] = binary.LittleEndian.Uint32(key[24:])
-	h.s[3] = binary.LittleEndian.Uint32(key[28:])
-	return
+// macState holds numbers in saturated 64-bit little-endian limbs. That is,
+// the value of [x0, x1, x2] is x[0] + x[1] * 2⁶⁴ + x[2] * 2¹²⁸.
+type macState struct {
+	// h is the main accumulator. It is to be interpreted modulo 2¹³⁰ - 5, but
+	// can grow larger during and after rounds. It must, however, remain below
+	// 2 * (2¹³⁰ - 5).
+	h [3]uint64
+	// r and s are the private key components.
+	r [2]uint64
+	s [2]uint64
 }
 
 type macGeneric struct {
-	h, r [5]uint32
-	s    [4]uint32
+	macState
 
 	buffer [TagSize]byte
 	offset int
 }
 
-func (h *macGeneric) Write(p []byte) (n int, err error) {
-	n = len(p)
+// Write splits the incoming message into TagSize chunks, and passes them to
+// update. It buffers incomplete chunks.
+func (h *macGeneric) Write(p []byte) (int, error) {
+	nn := len(p)
 	if h.offset > 0 {
-		remaining := TagSize - h.offset
-		if n < remaining {
-			h.offset += copy(h.buffer[h.offset:], p)
-			return n, nil
+		n := copy(h.buffer[h.offset:], p)
+		if h.offset+n < TagSize {
+			h.offset += n
+			return nn, nil
 		}
-		copy(h.buffer[h.offset:], p[:remaining])
-		p = p[remaining:]
+		p = p[n:]
 		h.offset = 0
-		updateGeneric(h.buffer[:], msgBlock, &(h.h), &(h.r))
+		updateGeneric(&h.macState, h.buffer[:])
 	}
-	if nn := len(p) - (len(p) % TagSize); nn > 0 {
-		updateGeneric(p, msgBlock, &(h.h), &(h.r))
-		p = p[nn:]
+	if n := len(p) - (len(p) % TagSize); n > 0 {
+		updateGeneric(&h.macState, p[:n])
+		p = p[n:]
 	}
 	if len(p) > 0 {
 		h.offset += copy(h.buffer[h.offset:], p)
 	}
-	return n, nil
+	return nn, nil
 }
 
-func (h *macGeneric) Sum(out *[16]byte) {
-	H, R := h.h, h.r
+// Sum flushes the last incomplete chunk from the buffer, if any, and generates
+// the MAC output. It does not modify its state, in order to allow for multiple
+// calls to Sum, even if no Write is allowed after Sum.
+func (h *macGeneric) Sum(out *[TagSize]byte) {
+	state := h.macState
 	if h.offset > 0 {
-		var buffer [TagSize]byte
-		copy(buffer[:], h.buffer[:h.offset])
-		buffer[h.offset] = 1 // invariant: h.offset < TagSize
-		updateGeneric(buffer[:], finalBlock, &H, &R)
+		updateGeneric(&state, h.buffer[:h.offset])
 	}
-	finalizeGeneric(out, &H, &(h.s))
+	finalize(out, &state.h, &state.s)
 }
 
-func updateGeneric(msg []byte, flag uint32, h, r *[5]uint32) {
-	h0, h1, h2, h3, h4 := h[0], h[1], h[2], h[3], h[4]
-	r0, r1, r2, r3, r4 := uint64(r[0]), uint64(r[1]), uint64(r[2]), uint64(r[3]), uint64(r[4])
-	R1, R2, R3, R4 := r1*5, r2*5, r3*5, r4*5
+// [rMask0, rMask1] is the specified Poly1305 clamping mask in little-endian. It
+// clears some bits of the secret coefficient to make it possible to implement
+// multiplication more efficiently.
+const (
+	rMask0 = 0x0FFFFFFC0FFFFFFF
+	rMask1 = 0x0FFFFFFC0FFFFFFC
+)
 
-	for len(msg) >= TagSize {
-		// h += msg
-		h0 += binary.LittleEndian.Uint32(msg[0:]) & 0x3ffffff
-		h1 += (binary.LittleEndian.Uint32(msg[3:]) >> 2) & 0x3ffffff
-		h2 += (binary.LittleEndian.Uint32(msg[6:]) >> 4) & 0x3ffffff
-		h3 += (binary.LittleEndian.Uint32(msg[9:]) >> 6) & 0x3ffffff
-		h4 += (binary.LittleEndian.Uint32(msg[12:]) >> 8) | flag
+// initialize loads the 256-bit key into the two 128-bit secret values r and s.
+func initialize(key *[32]byte, m *macState) {
+	m.r[0] = binary.LittleEndian.Uint64(key[0:8]) & rMask0
+	m.r[1] = binary.LittleEndian.Uint64(key[8:16]) & rMask1
+	m.s[0] = binary.LittleEndian.Uint64(key[16:24])
+	m.s[1] = binary.LittleEndian.Uint64(key[24:32])
+}
 
-		// h *= r
-		d0 := (uint64(h0) * r0) + (uint64(h1) * R4) + (uint64(h2) * R3) + (uint64(h3) * R2) + (uint64(h4) * R1)
-		d1 := (d0 >> 26) + (uint64(h0) * r1) + (uint64(h1) * r0) + (uint64(h2) * R4) + (uint64(h3) * R3) + (uint64(h4) * R2)
-		d2 := (d1 >> 26) + (uint64(h0) * r2) + (uint64(h1) * r1) + (uint64(h2) * r0) + (uint64(h3) * R4) + (uint64(h4) * R3)
-		d3 := (d2 >> 26) + (uint64(h0) * r3) + (uint64(h1) * r2) + (uint64(h2) * r1) + (uint64(h3) * r0) + (uint64(h4) * R4)
-		d4 := (d3 >> 26) + (uint64(h0) * r4) + (uint64(h1) * r3) + (uint64(h2) * r2) + (uint64(h3) * r1) + (uint64(h4) * r0)
+// uint128 holds a 128-bit number as two 64-bit limbs, for use with the
+// bits.Mul64 and bits.Add64 intrinsics.
+type uint128 struct {
+	lo, hi uint64
+}
 
-		// h %= p
-		h0 = uint32(d0) & 0x3ffffff
-		h1 = uint32(d1) & 0x3ffffff
-		h2 = uint32(d2) & 0x3ffffff
-		h3 = uint32(d3) & 0x3ffffff
-		h4 = uint32(d4) & 0x3ffffff
+func mul64(a, b uint64) uint128 {
+	hi, lo := bitsMul64(a, b)
+	return uint128{lo, hi}
+}
 
-		h0 += uint32(d4>>26) * 5
-		h1 += h0 >> 26
-		h0 = h0 & 0x3ffffff
+func add128(a, b uint128) uint128 {
+	lo, c := bitsAdd64(a.lo, b.lo, 0)
+	hi, c := bitsAdd64(a.hi, b.hi, c)
+	if c != 0 {
+		panic("poly1305: unexpected overflow")
+	}
+	return uint128{lo, hi}
+}
 
-		msg = msg[TagSize:]
+func shiftRightBy2(a uint128) uint128 {
+	a.lo = a.lo>>2 | (a.hi&3)<<62
+	a.hi = a.hi >> 2
+	return a
+}
+
+// updateGeneric absorbs msg into the state.h accumulator. For each chunk m of
+// 128 bits of message, it computes
+//
+//     h₊ = (h + m) * r  mod  2¹³⁰ - 5
+//
+// If the msg length is not a multiple of TagSize, it assumes the last
+// incomplete chunk is the final one.
+func updateGeneric(state *macState, msg []byte) {
+	h0, h1, h2 := state.h[0], state.h[1], state.h[2]
+	r0, r1 := state.r[0], state.r[1]
+
+	for len(msg) > 0 {
+		var c uint64
+
+		// For the first step, h + m, we use a chain of bits.Add64 intrinsics.
+		// The resulting value of h might exceed 2¹³⁰ - 5, but will be partially
+		// reduced at the end of the multiplication below.
+		//
+		// The spec requires us to set a bit just above the message size, not to
+		// hide leading zeroes. For full chunks, that's 1 << 128, so we can just
+		// add 1 to the most significant (2¹²⁸) limb, h2.
+		if len(msg) >= TagSize {
+			h0, c = bitsAdd64(h0, binary.LittleEndian.Uint64(msg[0:8]), 0)
+			h1, c = bitsAdd64(h1, binary.LittleEndian.Uint64(msg[8:16]), c)
+			h2 += c + 1
+
+			msg = msg[TagSize:]
+		} else {
+			var buf [TagSize]byte
+			copy(buf[:], msg)
+			buf[len(msg)] = 1
+
+			h0, c = bitsAdd64(h0, binary.LittleEndian.Uint64(buf[0:8]), 0)
+			h1, c = bitsAdd64(h1, binary.LittleEndian.Uint64(buf[8:16]), c)
+			h2 += c
+
+			msg = nil
+		}
+
+		// Multiplication of big number limbs is similar to elementary school
+		// columnar multiplication. Instead of digits, there are 64-bit limbs.
+		//
+		// We are multiplying a 3 limbs number, h, by a 2 limbs number, r.
+		//
+		//                        h2    h1    h0  x
+		//                              r1    r0  =
+		//                       ----------------
+		//                      h2r0  h1r0  h0r0     <-- individual 128-bit products
+		//            +   h2r1  h1r1  h0r1
+		//               ------------------------
+		//                 m3    m2    m1    m0      <-- result in 128-bit overlapping limbs
+		//               ------------------------
+		//         m3.hi m2.hi m1.hi m0.hi           <-- carry propagation
+		//     +         m3.lo m2.lo m1.lo m0.lo
+		//        -------------------------------
+		//           t4    t3    t2    t1    t0      <-- final result in 64-bit limbs
+		//
+		// The main difference from pen-and-paper multiplication is that we do
+		// carry propagation in a separate step, as if we wrote two digit sums
+		// at first (the 128-bit limbs), and then carried the tens all at once.
+
+		h0r0 := mul64(h0, r0)
+		h1r0 := mul64(h1, r0)
+		h2r0 := mul64(h2, r0)
+		h0r1 := mul64(h0, r1)
+		h1r1 := mul64(h1, r1)
+		h2r1 := mul64(h2, r1)
+
+		// Since h2 is known to be at most 7 (5 + 1 + 1), and r0 and r1 have their
+		// top 4 bits cleared by rMask{0,1}, we know that their product is not going
+		// to overflow 64 bits, so we can ignore the high part of the products.
+		//
+		// This also means that the product doesn't have a fifth limb (t4).
+		if h2r0.hi != 0 {
+			panic("poly1305: unexpected overflow")
+		}
+		if h2r1.hi != 0 {
+			panic("poly1305: unexpected overflow")
+		}
+
+		m0 := h0r0
+		m1 := add128(h1r0, h0r1) // These two additions don't overflow thanks again
+		m2 := add128(h2r0, h1r1) // to the 4 masked bits at the top of r0 and r1.
+		m3 := h2r1
+
+		t0 := m0.lo
+		t1, c := bitsAdd64(m1.lo, m0.hi, 0)
+		t2, c := bitsAdd64(m2.lo, m1.hi, c)
+		t3, _ := bitsAdd64(m3.lo, m2.hi, c)
+
+		// Now we have the result as 4 64-bit limbs, and we need to reduce it
+		// modulo 2¹³⁰ - 5. The special shape of this Crandall prime lets us do
+		// a cheap partial reduction according to the reduction identity
+		//
+		//     c * 2¹³⁰ + n  =  c * 5 + n  mod  2¹³⁰ - 5
+		//
+		// because 2¹³⁰ = 5 mod 2¹³⁰ - 5. Partial reduction since the result is
+		// likely to be larger than 2¹³⁰ - 5, but still small enough to fit the
+		// assumptions we make about h in the rest of the code.
+		//
+		// See also https://speakerdeck.com/gtank/engineering-prime-numbers?slide=23
+
+		// We split the final result at the 2¹³⁰ mark into h and cc, the carry.
+		// Note that the carry bits are effectively shifted left by 2, in other
+		// words, cc = c * 4 for the c in the reduction identity.
+		h0, h1, h2 = t0, t1, t2&maskLow2Bits
+		cc := uint128{t2 & maskNotLow2Bits, t3}
+
+		// To add c * 5 to h, we first add cc = c * 4, and then add (cc >> 2) = c.
+
+		h0, c = bitsAdd64(h0, cc.lo, 0)
+		h1, c = bitsAdd64(h1, cc.hi, c)
+		h2 += c
+
+		cc = shiftRightBy2(cc)
+
+		h0, c = bitsAdd64(h0, cc.lo, 0)
+		h1, c = bitsAdd64(h1, cc.hi, c)
+		h2 += c
+
+		// h2 is at most 3 + 1 + 1 = 5, making the whole of h at most
+		//
+		//     5 * 2¹²⁸ + (2¹²⁸ - 1) = 6 * 2¹²⁸ - 1
 	}
 
-	h[0], h[1], h[2], h[3], h[4] = h0, h1, h2, h3, h4
+	state.h[0], state.h[1], state.h[2] = h0, h1, h2
 }
 
-func finalizeGeneric(out *[TagSize]byte, h *[5]uint32, s *[4]uint32) {
-	h0, h1, h2, h3, h4 := h[0], h[1], h[2], h[3], h[4]
+const (
+	maskLow2Bits    uint64 = 0x0000000000000003
+	maskNotLow2Bits uint64 = ^maskLow2Bits
+)
 
-	// h %= p reduction
-	h2 += h1 >> 26
-	h1 &= 0x3ffffff
-	h3 += h2 >> 26
-	h2 &= 0x3ffffff
-	h4 += h3 >> 26
-	h3 &= 0x3ffffff
-	h0 += 5 * (h4 >> 26)
-	h4 &= 0x3ffffff
-	h1 += h0 >> 26
-	h0 &= 0x3ffffff
+// select64 returns x if v == 1 and y if v == 0, in constant time.
+func select64(v, x, y uint64) uint64 { return ^(v-1)&x | (v-1)&y }
 
-	// h - p
-	t0 := h0 + 5
-	t1 := h1 + (t0 >> 26)
-	t2 := h2 + (t1 >> 26)
-	t3 := h3 + (t2 >> 26)
-	t4 := h4 + (t3 >> 26) - (1 << 26)
-	t0 &= 0x3ffffff
-	t1 &= 0x3ffffff
-	t2 &= 0x3ffffff
-	t3 &= 0x3ffffff
+// [p0, p1, p2] is 2¹³⁰ - 5 in little endian order.
+const (
+	p0 = 0xFFFFFFFFFFFFFFFB
+	p1 = 0xFFFFFFFFFFFFFFFF
+	p2 = 0x0000000000000003
+)
 
-	// select h if h < p else h - p
-	t_mask := (t4 >> 31) - 1
-	h_mask := ^t_mask
-	h0 = (h0 & h_mask) | (t0 & t_mask)
-	h1 = (h1 & h_mask) | (t1 & t_mask)
-	h2 = (h2 & h_mask) | (t2 & t_mask)
-	h3 = (h3 & h_mask) | (t3 & t_mask)
-	h4 = (h4 & h_mask) | (t4 & t_mask)
+// finalize completes the modular reduction of h and computes
+//
+//     out = h + s  mod  2¹²⁸
+//
+func finalize(out *[TagSize]byte, h *[3]uint64, s *[2]uint64) {
+	h0, h1, h2 := h[0], h[1], h[2]
 
-	// h %= 2^128
-	h0 |= h1 << 26
-	h1 = ((h1 >> 6) | (h2 << 20))
-	h2 = ((h2 >> 12) | (h3 << 14))
-	h3 = ((h3 >> 18) | (h4 << 8))
+	// After the partial reduction in updateGeneric, h might be more than
+	// 2¹³⁰ - 5, but will be less than 2 * (2¹³⁰ - 5). To complete the reduction
+	// in constant time, we compute t = h - (2¹³⁰ - 5), and select h as the
+	// result if the subtraction underflows, and t otherwise.
 
-	// s: the s part of the key
-	// tag = (h + s) % (2^128)
-	t := uint64(h0) + uint64(s[0])
-	h0 = uint32(t)
-	t = uint64(h1) + uint64(s[1]) + (t >> 32)
-	h1 = uint32(t)
-	t = uint64(h2) + uint64(s[2]) + (t >> 32)
-	h2 = uint32(t)
-	t = uint64(h3) + uint64(s[3]) + (t >> 32)
-	h3 = uint32(t)
+	hMinusP0, b := bitsSub64(h0, p0, 0)
+	hMinusP1, b := bitsSub64(h1, p1, b)
+	_, b = bitsSub64(h2, p2, b)
 
-	binary.LittleEndian.PutUint32(out[0:], h0)
-	binary.LittleEndian.PutUint32(out[4:], h1)
-	binary.LittleEndian.PutUint32(out[8:], h2)
-	binary.LittleEndian.PutUint32(out[12:], h3)
+	// h = h if h < p else h - p
+	h0 = select64(b, h0, hMinusP0)
+	h1 = select64(b, h1, hMinusP1)
+
+	// Finally, we compute the last Poly1305 step
+	//
+	//     tag = h + s  mod  2¹²⁸
+	//
+	// by just doing a wide addition with the 128 low bits of h and discarding
+	// the overflow.
+	h0, c := bitsAdd64(h0, s[0], 0)
+	h1, _ = bitsAdd64(h1, s[1], c)
+
+	binary.LittleEndian.PutUint64(out[0:8], h0)
+	binary.LittleEndian.PutUint64(out[8:16], h1)
 }
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_noasm.go b/vendor/golang.org/x/crypto/poly1305/sum_noasm.go
deleted file mode 100644
index 8a9c2070..00000000
--- a/vendor/golang.org/x/crypto/poly1305/sum_noasm.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build s390x,!go1.11 !arm,!amd64,!s390x,!ppc64le gccgo appengine nacl
-
-package poly1305
-
-// Sum generates an authenticator for msg using a one-time key and puts the
-// 16-byte result into out. Authenticating two different messages with the same
-// key allows an attacker to forge messages at will.
-func Sum(out *[TagSize]byte, msg []byte, key *[32]byte) {
-	h := newMAC(key)
-	h.Write(msg)
-	h.Sum(out)
-}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go b/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go
index 2402b637..2e7a120b 100644
--- a/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go
+++ b/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go
@@ -2,67 +2,46 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build ppc64le,!gccgo,!appengine
+// +build !gccgo,!purego
 
 package poly1305
 
 //go:noescape
-func initialize(state *[7]uint64, key *[32]byte)
+func update(state *macState, msg []byte)
 
-//go:noescape
-func update(state *[7]uint64, msg []byte)
+// mac is a wrapper for macGeneric that redirects calls that would have gone to
+// updateGeneric to update.
+//
+// Its Write and Sum methods are otherwise identical to the macGeneric ones, but
+// using function pointers would carry a major performance cost.
+type mac struct{ macGeneric }
 
-//go:noescape
-func finalize(tag *[TagSize]byte, state *[7]uint64)
-
-// Sum generates an authenticator for m using a one-time key and puts the
-// 16-byte result into out. Authenticating two different messages with the same
-// key allows an attacker to forge messages at will.
-func Sum(out *[16]byte, m []byte, key *[32]byte) {
-	h := newMAC(key)
-	h.Write(m)
-	h.Sum(out)
-}
-
-func newMAC(key *[32]byte) (h mac) {
-	initialize(&h.state, key)
-	return
-}
-
-type mac struct {
-	state [7]uint64 // := uint64{ h0, h1, h2, r0, r1, pad0, pad1 }
-
-	buffer [TagSize]byte
-	offset int
-}
-
-func (h *mac) Write(p []byte) (n int, err error) {
-	n = len(p)
+func (h *mac) Write(p []byte) (int, error) {
+	nn := len(p)
 	if h.offset > 0 {
-		remaining := TagSize - h.offset
-		if n < remaining {
-			h.offset += copy(h.buffer[h.offset:], p)
-			return n, nil
+		n := copy(h.buffer[h.offset:], p)
+		if h.offset+n < TagSize {
+			h.offset += n
+			return nn, nil
 		}
-		copy(h.buffer[h.offset:], p[:remaining])
-		p = p[remaining:]
+		p = p[n:]
 		h.offset = 0
-		update(&h.state, h.buffer[:])
+		update(&h.macState, h.buffer[:])
 	}
-	if nn := len(p) - (len(p) % TagSize); nn > 0 {
-		update(&h.state, p[:nn])
-		p = p[nn:]
+	if n := len(p) - (len(p) % TagSize); n > 0 {
+		update(&h.macState, p[:n])
+		p = p[n:]
 	}
 	if len(p) > 0 {
 		h.offset += copy(h.buffer[h.offset:], p)
 	}
-	return n, nil
+	return nn, nil
 }
 
 func (h *mac) Sum(out *[16]byte) {
-	state := h.state
+	state := h.macState
 	if h.offset > 0 {
 		update(&state, h.buffer[:h.offset])
 	}
-	finalize(out, &state)
+	finalize(out, &state.h, &state.s)
 }
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s b/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s
index 55c7167e..4e028138 100644
--- a/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s
+++ b/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build ppc64le,!gccgo,!appengine
+// +build !gccgo,!purego
 
 #include "textflag.h"
 
@@ -58,7 +58,6 @@ DATA ·poly1305Mask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC
 GLOBL ·poly1305Mask<>(SB), RODATA, $16
 
 // func update(state *[7]uint64, msg []byte)
-
 TEXT ·update(SB), $0-32
 	MOVD state+0(FP), R3
 	MOVD msg_base+8(FP), R4
@@ -180,68 +179,3 @@ done:
 	MOVD R9, 8(R3)
 	MOVD R10, 16(R3)
 	RET
-
-// func initialize(state *[7]uint64, key *[32]byte)
-TEXT ·initialize(SB), $0-16
-	MOVD state+0(FP), R3
-	MOVD key+8(FP), R4
-
-	// state[0...7] is initialized with zero
-	// Load key
-	MOVD 0(R4), R5
-	MOVD 8(R4), R6
-	MOVD 16(R4), R7
-	MOVD 24(R4), R8
-
-	// Address of key mask
-	MOVD $·poly1305Mask<>(SB), R9
-
-	// Save original key in state
-	MOVD R7, 40(R3)
-	MOVD R8, 48(R3)
-
-	// Get mask
-	MOVD (R9), R7
-	MOVD 8(R9), R8
-
-	// And with key
-	AND R5, R7, R5
-	AND R6, R8, R6
-
-	// Save masked key in state
-	MOVD R5, 24(R3)
-	MOVD R6, 32(R3)
-	RET
-
-// func finalize(tag *[TagSize]byte, state *[7]uint64)
-TEXT ·finalize(SB), $0-16
-	MOVD tag+0(FP), R3
-	MOVD state+8(FP), R4
-
-	// Get h0, h1, h2 from state
-	MOVD 0(R4), R5
-	MOVD 8(R4), R6
-	MOVD 16(R4), R7
-
-	// Save h0, h1
-	MOVD  R5, R8
-	MOVD  R6, R9
-	MOVD  $3, R20
-	MOVD  $-1, R21
-	SUBC  $-5, R5
-	SUBE  R21, R6
-	SUBE  R20, R7
-	MOVD  $0, R21
-	SUBZE R21
-
-	// Check for carry
-	CMP  $0, R21
-	ISEL $2, R5, R8, R5
-	ISEL $2, R6, R9, R6
-	MOVD 40(R4), R8
-	MOVD 48(R4), R9
-	ADDC R8, R5
-	ADDE R9, R6
-	MOVD R5, 0(R3)
-	MOVD R6, 8(R3)
-	RET
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_s390x.go b/vendor/golang.org/x/crypto/poly1305/sum_s390x.go
index ec99e07e..958fedc0 100644
--- a/vendor/golang.org/x/crypto/poly1305/sum_s390x.go
+++ b/vendor/golang.org/x/crypto/poly1305/sum_s390x.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build s390x,go1.11,!gccgo,!appengine
+// +build !gccgo,!purego
 
 package poly1305
 
@@ -10,33 +10,66 @@ import (
 	"golang.org/x/sys/cpu"
 )
 
-// poly1305vx is an assembly implementation of Poly1305 that uses vector
+// updateVX is an assembly implementation of Poly1305 that uses vector
 // instructions. It must only be called if the vector facility (vx) is
 // available.
 //go:noescape
-func poly1305vx(out *[16]byte, m *byte, mlen uint64, key *[32]byte)
+func updateVX(state *macState, msg []byte)
 
-// poly1305vmsl is an assembly implementation of Poly1305 that uses vector
-// instructions, including VMSL. It must only be called if the vector facility (vx) is
-// available and if VMSL is supported.
-//go:noescape
-func poly1305vmsl(out *[16]byte, m *byte, mlen uint64, key *[32]byte)
+// mac is a replacement for macGeneric that uses a larger buffer and redirects
+// calls that would have gone to updateGeneric to updateVX if the vector
+// facility is installed.
+//
+// A larger buffer is required for good performance because the vector
+// implementation has a higher fixed cost per call than the generic
+// implementation.
+type mac struct {
+	macState
 
-// Sum generates an authenticator for m using a one-time key and puts the
-// 16-byte result into out. Authenticating two different messages with the same
-// key allows an attacker to forge messages at will.
-func Sum(out *[16]byte, m []byte, key *[32]byte) {
-	if cpu.S390X.HasVX {
-		var mPtr *byte
-		if len(m) > 0 {
-			mPtr = &m[0]
-		}
-		if cpu.S390X.HasVXE && len(m) > 256 {
-			poly1305vmsl(out, mPtr, uint64(len(m)), key)
-		} else {
-			poly1305vx(out, mPtr, uint64(len(m)), key)
-		}
-	} else {
-		sumGeneric(out, m, key)
-	}
+	buffer [16 * TagSize]byte // size must be a multiple of block size (16)
+	offset int
+}
+
+func (h *mac) Write(p []byte) (int, error) {
+	nn := len(p)
+	if h.offset > 0 {
+		n := copy(h.buffer[h.offset:], p)
+		if h.offset+n < len(h.buffer) {
+			h.offset += n
+			return nn, nil
+		}
+		p = p[n:]
+		h.offset = 0
+		if cpu.S390X.HasVX {
+			updateVX(&h.macState, h.buffer[:])
+		} else {
+			updateGeneric(&h.macState, h.buffer[:])
+		}
+	}
+
+	tail := len(p) % len(h.buffer) // number of bytes to copy into buffer
+	body := len(p) - tail          // number of bytes to process now
+	if body > 0 {
+		if cpu.S390X.HasVX {
+			updateVX(&h.macState, p[:body])
+		} else {
+			updateGeneric(&h.macState, p[:body])
+		}
+	}
+	h.offset = copy(h.buffer[:], p[body:]) // copy tail bytes - can be 0
+	return nn, nil
+}
+
+func (h *mac) Sum(out *[TagSize]byte) {
+	state := h.macState
+	remainder := h.buffer[:h.offset]
+
+	// Use the generic implementation if we have 2 or fewer blocks left
+	// to sum. The vector implementation has a higher startup time.
+	if cpu.S390X.HasVX && len(remainder) > 2*TagSize {
+		updateVX(&state, remainder)
+	} else if len(remainder) > 0 {
+		updateGeneric(&state, remainder)
+	}
+	finalize(out, &state.h, &state.s)
 }
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_s390x.s b/vendor/golang.org/x/crypto/poly1305/sum_s390x.s
index ca5a309d..0fa9ee6e 100644
--- a/vendor/golang.org/x/crypto/poly1305/sum_s390x.s
+++ b/vendor/golang.org/x/crypto/poly1305/sum_s390x.s
@@ -2,115 +2,187 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build s390x,go1.11,!gccgo,!appengine
+// +build !gccgo,!purego
 
 #include "textflag.h"
 
-// Implementation of Poly1305 using the vector facility (vx).
+// This implementation of Poly1305 uses the vector facility (vx)
+// to process up to 2 blocks (32 bytes) per iteration using an
+// algorithm based on the one described in:
+//
+// NEON crypto, Daniel J. Bernstein & Peter Schwabe
+// https://cryptojedi.org/papers/neoncrypto-20120320.pdf
+//
+// This algorithm uses 5 26-bit limbs to represent a 130-bit
+// value. These limbs are, for the most part, zero extended and
+// placed into 64-bit vector register elements. Each vector
+// register is 128-bits wide and so holds 2 of these elements.
+// Using 26-bit limbs allows us plenty of headroom to accomodate
+// accumulations before and after multiplication without
+// overflowing either 32-bits (before multiplication) or 64-bits
+// (after multiplication).
+//
+// In order to parallelise the operations required to calculate
+// the sum we use two separate accumulators and then sum those
+// in an extra final step. For compatibility with the generic
+// implementation we perform this summation at the end of every
+// updateVX call.
+//
+// To use two accumulators we must multiply the message blocks
+// by r² rather than r. Only the final message block should be
+// multiplied by r.
+//
+// Example:
+//
+// We want to calculate the sum (h) for a 64 byte message (m):
+//
+//   h = m[0:16]r⁴ + m[16:32]r³ + m[32:48]r² + m[48:64]r
+//
+// To do this we split the calculation into the even indices
+// and odd indices of the message. These form our SIMD 'lanes':
+//
+//   h = m[ 0:16]r⁴ + m[32:48]r² +   <- lane 0
+//       m[16:32]r³ + m[48:64]r      <- lane 1
+//
+// To calculate this iteratively we refactor so that both lanes
+// are written in terms of r² and r:
+//
+//   h = (m[ 0:16]r² + m[32:48])r² + <- lane 0
+//       (m[16:32]r² + m[48:64])r    <- lane 1
+//                ^             ^
+//                |             coefficients for second iteration
+//                coefficients for first iteration
+//
+// So in this case we would have two iterations. In the first
+// both lanes are multiplied by r². In the second only the
+// first lane is multiplied by r² and the second lane is
+// instead multiplied by r. This gives use the odd and even
+// powers of r that we need from the original equation.
+//
+// Notation:
+//
+//   h - accumulator
+//   r - key
+//   m - message
+//
+//   [a, b]       - SIMD register holding two 64-bit values
+//   [a, b, c, d] - SIMD register holding four 32-bit values
+//   xᵢ[n]        - limb n of variable x with bit width i
+//
+// Limbs are expressed in little endian order, so for 26-bit
+// limbs x₂₆[4] will be the most significant limb and x₂₆[0]
+// will be the least significant limb.
 
-// constants
-#define MOD26 V0
-#define EX0   V1
-#define EX1   V2
-#define EX2   V3
+// masking constants
+#define MOD24 V0 // [0x0000000000ffffff, 0x0000000000ffffff] - mask low 24-bits
+#define MOD26 V1 // [0x0000000003ffffff, 0x0000000003ffffff] - mask low 26-bits
 
-// temporaries
-#define T_0 V4
-#define T_1 V5
-#define T_2 V6
-#define T_3 V7
-#define T_4 V8
+// expansion constants (see EXPAND macro)
+#define EX0 V2
+#define EX1 V3
+#define EX2 V4
 
-// key (r)
-#define R_0  V9
-#define R_1  V10
-#define R_2  V11
-#define R_3  V12
-#define R_4  V13
-#define R5_1 V14
-#define R5_2 V15
-#define R5_3 V16
-#define R5_4 V17
-#define RSAVE_0 R5
-#define RSAVE_1 R6
-#define RSAVE_2 R7
-#define RSAVE_3 R8
-#define RSAVE_4 R9
-#define R5SAVE_1 V28
-#define R5SAVE_2 V29
-#define R5SAVE_3 V30
-#define R5SAVE_4 V31
+// key (r², r or 1 depending on context)
+#define R_0 V5
+#define R_1 V6
+#define R_2 V7
+#define R_3 V8
+#define R_4 V9
 
-// message block
-#define F_0 V18
-#define F_1 V19
-#define F_2 V20
-#define F_3 V21
-#define F_4 V22
+// precalculated coefficients (5r², 5r or 0 depending on context)
+#define R5_1 V10
+#define R5_2 V11
+#define R5_3 V12
+#define R5_4 V13
 
-// accumulator
-#define H_0 V23
-#define H_1 V24
-#define H_2 V25
-#define H_3 V26
-#define H_4 V27
+// message block (m)
+#define M_0 V14
+#define M_1 V15
+#define M_2 V16
+#define M_3 V17
+#define M_4 V18
 
-GLOBL ·keyMask<>(SB), RODATA, $16
-DATA ·keyMask<>+0(SB)/8, $0xffffff0ffcffff0f
-DATA ·keyMask<>+8(SB)/8, $0xfcffff0ffcffff0f
+// accumulator (h)
+#define H_0 V19
+#define H_1 V20
+#define H_2 V21
+#define H_3 V22
+#define H_4 V23
 
-GLOBL ·bswapMask<>(SB), RODATA, $16
-DATA ·bswapMask<>+0(SB)/8, $0x0f0e0d0c0b0a0908
-DATA ·bswapMask<>+8(SB)/8, $0x0706050403020100
+// temporary registers (for short-lived values)
+#define T_0 V24
+#define T_1 V25
+#define T_2 V26
+#define T_3 V27
+#define T_4 V28
 
-GLOBL ·constants<>(SB), RODATA, $64
-// MOD26
-DATA ·constants<>+0(SB)/8, $0x3ffffff
-DATA ·constants<>+8(SB)/8, $0x3ffffff
+GLOBL ·constants<>(SB), RODATA, $0x30
 // EX0
-DATA ·constants<>+16(SB)/8, $0x0006050403020100
-DATA ·constants<>+24(SB)/8, $0x1016151413121110
+DATA ·constants<>+0x00(SB)/8, $0x0006050403020100
+DATA ·constants<>+0x08(SB)/8, $0x1016151413121110
 // EX1
-DATA ·constants<>+32(SB)/8, $0x060c0b0a09080706
-DATA ·constants<>+40(SB)/8, $0x161c1b1a19181716
+DATA ·constants<>+0x10(SB)/8, $0x060c0b0a09080706
+DATA ·constants<>+0x18(SB)/8, $0x161c1b1a19181716
 // EX2
-DATA ·constants<>+48(SB)/8, $0x0d0d0d0d0d0f0e0d
-DATA ·constants<>+56(SB)/8, $0x1d1d1d1d1d1f1e1d
+DATA ·constants<>+0x20(SB)/8, $0x0d0d0d0d0d0f0e0d
+DATA ·constants<>+0x28(SB)/8, $0x1d1d1d1d1d1f1e1d
 
-// h = (f*g) % (2**130-5) [partial reduction]
+// MULTIPLY multiplies each lane of f and g, partially reduced
+// modulo 2¹³⁰ - 5. The result, h, consists of partial products
+// in each lane that need to be reduced further to produce the
+// final result.
+//
+//   h₁₃₀ = (f₁₃₀g₁₃₀) % 2¹³⁰ + (5f₁₃₀g₁₃₀) / 2¹³⁰
+//
+// Note that the multiplication by 5 of the high bits is
+// achieved by precalculating the multiplication of four of the
+// g coefficients by 5. These are g51-g54.
 #define MULTIPLY(f0, f1, f2, f3, f4, g0, g1, g2, g3, g4, g51, g52, g53, g54, h0, h1, h2, h3, h4) \
 	VMLOF  f0, g0, h0        \
-	VMLOF  f0, g1, h1        \
-	VMLOF  f0, g2, h2        \
 	VMLOF  f0, g3, h3        \
+	VMLOF  f0, g1, h1        \
 	VMLOF  f0, g4, h4        \
+	VMLOF  f0, g2, h2        \
 	VMLOF  f1, g54, T_0      \
-	VMLOF  f1, g0, T_1       \
-	VMLOF  f1, g1, T_2       \
 	VMLOF  f1, g2, T_3       \
+	VMLOF  f1, g0, T_1       \
 	VMLOF  f1, g3, T_4       \
+	VMLOF  f1, g1, T_2       \
 	VMALOF f2, g53, h0, h0   \
-	VMALOF f2, g54, h1, h1   \
-	VMALOF f2, g0, h2, h2    \
 	VMALOF f2, g1, h3, h3    \
+	VMALOF f2, g54, h1, h1   \
 	VMALOF f2, g2, h4, h4    \
+	VMALOF f2, g0, h2, h2    \
 	VMALOF f3, g52, T_0, T_0 \
-	VMALOF f3, g53, T_1, T_1 \
-	VMALOF f3, g54, T_2, T_2 \
 	VMALOF f3, g0, T_3, T_3  \
+	VMALOF f3, g53, T_1, T_1 \
 	VMALOF f3, g1, T_4, T_4  \
+	VMALOF f3, g54, T_2, T_2 \
 	VMALOF f4, g51, h0, h0   \
-	VMALOF f4, g52, h1, h1   \
-	VMALOF f4, g53, h2, h2   \
 	VMALOF f4, g54, h3, h3   \
+	VMALOF f4, g52, h1, h1   \
 	VMALOF f4, g0, h4, h4    \
+	VMALOF f4, g53, h2, h2   \
 	VAG    T_0, h0, h0       \
-	VAG    T_1, h1, h1       \
-	VAG    T_2, h2, h2       \
 	VAG    T_3, h3, h3       \
-	VAG    T_4, h4, h4
+	VAG    T_1, h1, h1       \
+	VAG    T_4, h4, h4       \
+	VAG    T_2, h2, h2
 
-// carry h0->h1 h3->h4, h1->h2 h4->h0, h0->h1 h2->h3, h3->h4
+// REDUCE performs the following carry operations in four
+// stages, as specified in Bernstein & Schwabe:
+//
+//   1: h₂₆[0]->h₂₆[1] h₂₆[3]->h₂₆[4]
+//   2: h₂₆[1]->h₂₆[2] h₂₆[4]->h₂₆[0]
+//   3: h₂₆[0]->h₂₆[1] h₂₆[2]->h₂₆[3]
+//   4: h₂₆[3]->h₂₆[4]
+//
+// The result is that all of the limbs are limited to 26-bits
+// except for h₂₆[1] and h₂₆[4] which are limited to 27-bits.
+//
+// Note that although each limb is aligned at 26-bit intervals
+// they may contain values that exceed 2²⁶ - 1, hence the need
+// to carry the excess bits in each limb.
 #define REDUCE(h0, h1, h2, h3, h4) \
 	VESRLG $26, h0, T_0  \
 	VESRLG $26, h3, T_1  \
@@ -136,144 +208,155 @@ DATA ·constants<>+56(SB)/8, $0x1d1d1d1d1d1f1e1d
 	VN     MOD26, h3, h3 \
 	VAG    T_2, h4, h4
 
-// expand in0 into d[0] and in1 into d[1]
+// EXPAND splits the 128-bit little-endian values in0 and in1
+// into 26-bit big-endian limbs and places the results into
+// the first and second lane of d₂₆[0:4] respectively.
+//
+// The EX0, EX1 and EX2 constants are arrays of byte indices
+// for permutation. The permutation both reverses the bytes
+// in the input and ensures the bytes are copied into the
+// destination limb ready to be shifted into their final
+// position.
 #define EXPAND(in0, in1, d0, d1, d2, d3, d4) \
-	VGBM   $0x0707, d1       \ // d1=tmp
-	VPERM  in0, in1, EX2, d4 \
 	VPERM  in0, in1, EX0, d0 \
 	VPERM  in0, in1, EX1, d2 \
-	VN     d1, d4, d4        \
+	VPERM  in0, in1, EX2, d4 \
 	VESRLG $26, d0, d1       \
 	VESRLG $30, d2, d3       \
 	VESRLG $4, d2, d2        \
-	VN     MOD26, d0, d0     \
-	VN     MOD26, d1, d1     \
-	VN     MOD26, d2, d2     \
-	VN     MOD26, d3, d3
+	VN     MOD26, d0, d0     \ // [in0₂₆[0], in1₂₆[0]]
+	VN     MOD26, d3, d3     \ // [in0₂₆[3], in1₂₆[3]]
+	VN     MOD26, d1, d1     \ // [in0₂₆[1], in1₂₆[1]]
+	VN     MOD24, d4, d4     \ // [in0₂₆[4], in1₂₆[4]]
+	VN     MOD26, d2, d2     // [in0₂₆[2], in1₂₆[2]]
 
-// pack h4:h0 into h1:h0 (no carry)
-#define PACK(h0, h1, h2, h3, h4) \
-	VESLG $26, h1, h1  \
-	VESLG $26, h3, h3  \
-	VO    h0, h1, h0   \
-	VO    h2, h3, h2   \
-	VESLG $4, h2, h2   \
-	VLEIB $7, $48, h1  \
-	VSLB  h1, h2, h2   \
-	VO    h0, h2, h0   \
-	VLEIB $7, $104, h1 \
-	VSLB  h1, h4, h3   \
-	VO    h3, h0, h0   \
-	VLEIB $7, $24, h1  \
-	VSRLB h1, h4, h1
+// func updateVX(state *macState, msg []byte)
+TEXT ·updateVX(SB), NOSPLIT, $0
+	MOVD state+0(FP), R1
+	LMG  msg+8(FP), R2, R3 // R2=msg_base, R3=msg_len
 
-// if h > 2**130-5 then h -= 2**130-5
-#define MOD(h0, h1, t0, t1, t2) \
-	VZERO t0          \
-	VLEIG $1, $5, t0  \
-	VACCQ h0, t0, t1  \
-	VAQ   h0, t0, t0  \
-	VONE  t2          \
-	VLEIG $1, $-4, t2 \
-	VAQ   t2, t1, t1  \
-	VACCQ h1, t1, t1  \
-	VONE  t2          \
-	VAQ   t2, t1, t1  \
-	VN    h0, t1, t2  \
-	VNC   t0, t1, t1  \
-	VO    t1, t2, h0
-
-// func poly1305vx(out *[16]byte, m *byte, mlen uint64, key *[32]key)
-TEXT ·poly1305vx(SB), $0-32
-	// This code processes up to 2 blocks (32 bytes) per iteration
-	// using the algorithm described in:
-	// NEON crypto, Daniel J. Bernstein & Peter Schwabe
-	// https://cryptojedi.org/papers/neoncrypto-20120320.pdf
-	LMG out+0(FP), R1, R4 // R1=out, R2=m, R3=mlen, R4=key
-
-	// load MOD26, EX0, EX1 and EX2
+	// load EX0, EX1 and EX2
 	MOVD $·constants<>(SB), R5
-	VLM  (R5), MOD26, EX2
+	VLM  (R5), EX0, EX2
 
-	// setup r
-	VL   (R4), T_0
-	MOVD $·keyMask<>(SB), R6
-	VL   (R6), T_1
-	VN   T_0, T_1, T_0
-	EXPAND(T_0, T_0, R_0, R_1, R_2, R_3, R_4)
+	// generate masks
+	VGMG $(64-24), $63, MOD24 // [0x00ffffff, 0x00ffffff]
+	VGMG $(64-26), $63, MOD26 // [0x03ffffff, 0x03ffffff]
 
-	// setup r*5
-	VLEIG $0, $5, T_0
-	VLEIG $1, $5, T_0
+	// load h (accumulator) and r (key) from state
+	VZERO T_1               // [0, 0]
+	VL    0(R1), T_0        // [h₆₄[0], h₆₄[1]]
+	VLEG  $0, 16(R1), T_1   // [h₆₄[2], 0]
+	VL    24(R1), T_2       // [r₆₄[0], r₆₄[1]]
+	VPDI  $0, T_0, T_2, T_3 // [h₆₄[0], r₆₄[0]]
+	VPDI  $5, T_0, T_2, T_4 // [h₆₄[1], r₆₄[1]]
 
-	// store r (for final block)
-	VMLOF T_0, R_1, R5SAVE_1
-	VMLOF T_0, R_2, R5SAVE_2
-	VMLOF T_0, R_3, R5SAVE_3
-	VMLOF T_0, R_4, R5SAVE_4
-	VLGVG $0, R_0, RSAVE_0
-	VLGVG $0, R_1, RSAVE_1
-	VLGVG $0, R_2, RSAVE_2
-	VLGVG $0, R_3, RSAVE_3
-	VLGVG $0, R_4, RSAVE_4
+	// unpack h and r into 26-bit limbs
+	// note: h₆₄[2] may have the low 3 bits set, so h₂₆[4] is a 27-bit value
+	VN     MOD26, T_3, H_0            // [h₂₆[0], r₂₆[0]]
+	VZERO  H_1                        // [0, 0]
+	VZERO  H_3                        // [0, 0]
+	VGMG   $(64-12-14), $(63-12), T_0 // [0x03fff000, 0x03fff000] - 26-bit mask with low 12 bits masked out
+	VESLG  $24, T_1, T_1              // [h₆₄[2]<<24, 0]
+	VERIMG $-26&63, T_3, MOD26, H_1   // [h₂₆[1], r₂₆[1]]
+	VESRLG $+52&63, T_3, H_2          // [h₂₆[2], r₂₆[2]] - low 12 bits only
+	VERIMG $-14&63, T_4, MOD26, H_3   // [h₂₆[1], r₂₆[1]]
+	VESRLG $40, T_4, H_4              // [h₂₆[4], r₂₆[4]] - low 24 bits only
+	VERIMG $+12&63, T_4, T_0, H_2     // [h₂₆[2], r₂₆[2]] - complete
+	VO     T_1, H_4, H_4              // [h₂₆[4], r₂₆[4]] - complete
 
-	// skip r**2 calculation
+	// replicate r across all 4 vector elements
+	VREPF $3, H_0, R_0 // [r₂₆[0], r₂₆[0], r₂₆[0], r₂₆[0]]
+	VREPF $3, H_1, R_1 // [r₂₆[1], r₂₆[1], r₂₆[1], r₂₆[1]]
+	VREPF $3, H_2, R_2 // [r₂₆[2], r₂₆[2], r₂₆[2], r₂₆[2]]
+	VREPF $3, H_3, R_3 // [r₂₆[3], r₂₆[3], r₂₆[3], r₂₆[3]]
+	VREPF $3, H_4, R_4 // [r₂₆[4], r₂₆[4], r₂₆[4], r₂₆[4]]
+
+	// zero out lane 1 of h
+	VLEIG $1, $0, H_0 // [h₂₆[0], 0]
+	VLEIG $1, $0, H_1 // [h₂₆[1], 0]
+	VLEIG $1, $0, H_2 // [h₂₆[2], 0]
+	VLEIG $1, $0, H_3 // [h₂₆[3], 0]
+	VLEIG $1, $0, H_4 // [h₂₆[4], 0]
+
+	// calculate 5r (ignore least significant limb)
+	VREPIF $5, T_0
+	VMLF   T_0, R_1, R5_1 // [5r₂₆[1], 5r₂₆[1], 5r₂₆[1], 5r₂₆[1]]
+	VMLF   T_0, R_2, R5_2 // [5r₂₆[2], 5r₂₆[2], 5r₂₆[2], 5r₂₆[2]]
+	VMLF   T_0, R_3, R5_3 // [5r₂₆[3], 5r₂₆[3], 5r₂₆[3], 5r₂₆[3]]
+	VMLF   T_0, R_4, R5_4 // [5r₂₆[4], 5r₂₆[4], 5r₂₆[4], 5r₂₆[4]]
+
+	// skip r² calculation if we are only calculating one block
 	CMPBLE R3, $16, skip
 
-	// calculate r**2
-	MULTIPLY(R_0, R_1, R_2, R_3, R_4, R_0, R_1, R_2, R_3, R_4, R5SAVE_1, R5SAVE_2, R5SAVE_3, R5SAVE_4, H_0, H_1, H_2, H_3, H_4)
-	REDUCE(H_0, H_1, H_2, H_3, H_4)
-	VLEIG $0, $5, T_0
-	VLEIG $1, $5, T_0
-	VMLOF T_0, H_1, R5_1
-	VMLOF T_0, H_2, R5_2
-	VMLOF T_0, H_3, R5_3
-	VMLOF T_0, H_4, R5_4
-	VLR   H_0, R_0
-	VLR   H_1, R_1
-	VLR   H_2, R_2
-	VLR   H_3, R_3
-	VLR   H_4, R_4
+	// calculate r²
+	MULTIPLY(R_0, R_1, R_2, R_3, R_4, R_0, R_1, R_2, R_3, R_4, R5_1, R5_2, R5_3, R5_4, M_0, M_1, M_2, M_3, M_4)
+	REDUCE(M_0, M_1, M_2, M_3, M_4)
+	VGBM   $0x0f0f, T_0
+	VERIMG $0, M_0, T_0, R_0 // [r₂₆[0], r²₂₆[0], r₂₆[0], r²₂₆[0]]
+	VERIMG $0, M_1, T_0, R_1 // [r₂₆[1], r²₂₆[1], r₂₆[1], r²₂₆[1]]
+	VERIMG $0, M_2, T_0, R_2 // [r₂₆[2], r²₂₆[2], r₂₆[2], r²₂₆[2]]
+	VERIMG $0, M_3, T_0, R_3 // [r₂₆[3], r²₂₆[3], r₂₆[3], r²₂₆[3]]
+	VERIMG $0, M_4, T_0, R_4 // [r₂₆[4], r²₂₆[4], r₂₆[4], r²₂₆[4]]
 
-	// initialize h
-	VZERO H_0
-	VZERO H_1
-	VZERO H_2
-	VZERO H_3
-	VZERO H_4
+	// calculate 5r² (ignore least significant limb)
+	VREPIF $5, T_0
+	VMLF   T_0, R_1, R5_1 // [5r₂₆[1], 5r²₂₆[1], 5r₂₆[1], 5r²₂₆[1]]
+	VMLF   T_0, R_2, R5_2 // [5r₂₆[2], 5r²₂₆[2], 5r₂₆[2], 5r²₂₆[2]]
+	VMLF   T_0, R_3, R5_3 // [5r₂₆[3], 5r²₂₆[3], 5r₂₆[3], 5r²₂₆[3]]
+	VMLF   T_0, R_4, R5_4 // [5r₂₆[4], 5r²₂₆[4], 5r₂₆[4], 5r²₂₆[4]]
 
 loop:
-	CMPBLE R3, $32, b2
-	VLM    (R2), T_0, T_1
-	SUB    $32, R3
-	MOVD   $32(R2), R2
-	EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4)
-	VLEIB  $4, $1, F_4
-	VLEIB  $12, $1, F_4
+	CMPBLE R3, $32, b2 // 2 or fewer blocks remaining, need to change key coefficients
+
+	// load next 2 blocks from message
+	VLM (R2), T_0, T_1
+
+	// update message slice
+	SUB  $32, R3
+	MOVD $32(R2), R2
+
+	// unpack message blocks into 26-bit big-endian limbs
+	EXPAND(T_0, T_1, M_0, M_1, M_2, M_3, M_4)
+
+	// add 2¹²⁸ to each message block value
+	VLEIB $4, $1, M_4
+	VLEIB $12, $1, M_4
 
 multiply:
-	VAG    H_0, F_0, F_0
-	VAG    H_1, F_1, F_1
-	VAG    H_2, F_2, F_2
-	VAG    H_3, F_3, F_3
-	VAG    H_4, F_4, F_4
-	MULTIPLY(F_0, F_1, F_2, F_3, F_4, R_0, R_1, R_2, R_3, R_4, R5_1, R5_2, R5_3, R5_4, H_0, H_1, H_2, H_3, H_4)
+	// accumulate the incoming message
+	VAG H_0, M_0, M_0
+	VAG H_3, M_3, M_3
+	VAG H_1, M_1, M_1
+	VAG H_4, M_4, M_4
+	VAG H_2, M_2, M_2
+
+	// multiply the accumulator by the key coefficient
+	MULTIPLY(M_0, M_1, M_2, M_3, M_4, R_0, R_1, R_2, R_3, R_4, R5_1, R5_2, R5_3, R5_4, H_0, H_1, H_2, H_3, H_4)
+
+	// carry and partially reduce the partial products
 	REDUCE(H_0, H_1, H_2, H_3, H_4)
+
 	CMPBNE R3, $0, loop
 
 finish:
-	// sum vectors
+	// sum lane 0 and lane 1 and put the result in lane 1
 	VZERO  T_0
 	VSUMQG H_0, T_0, H_0
-	VSUMQG H_1, T_0, H_1
-	VSUMQG H_2, T_0, H_2
 	VSUMQG H_3, T_0, H_3
+	VSUMQG H_1, T_0, H_1
 	VSUMQG H_4, T_0, H_4
+	VSUMQG H_2, T_0, H_2
 
-	// h may be >= 2*(2**130-5) so we need to reduce it again
+	// reduce again after summation
+	// TODO(mundaym): there might be a more efficient way to do this
+	// now that we only have 1 active lane. For example, we could
+	// simultaneously pack the values as we reduce them.
 	REDUCE(H_0, H_1, H_2, H_3, H_4)
 
-	// carry h1->h4
+	// carry h[1] through to h[4] so that only h[4] can exceed 2²⁶ - 1
+	// TODO(mundaym): in testing this final carry was unnecessary.
+	// Needs a proof before it can be removed though.
 	VESRLG $26, H_1, T_1
 	VN     MOD26, H_1, H_1
 	VAQ    T_1, H_2, H_2
@@ -284,95 +367,137 @@ finish:
 	VN     MOD26, H_3, H_3
 	VAQ    T_3, H_4, H_4
 
-	// h is now < 2*(2**130-5)
-	// pack h into h1 (hi) and h0 (lo)
-	PACK(H_0, H_1, H_2, H_3, H_4)
-
-	// if h > 2**130-5 then h -= 2**130-5
-	MOD(H_0, H_1, T_0, T_1, T_2)
-
-	// h += s
-	MOVD  $·bswapMask<>(SB), R5
-	VL    (R5), T_1
-	VL    16(R4), T_0
-	VPERM T_0, T_0, T_1, T_0    // reverse bytes (to big)
-	VAQ   T_0, H_0, H_0
-	VPERM H_0, H_0, T_1, H_0    // reverse bytes (to little)
-	VST   H_0, (R1)
+	// h is now < 2(2¹³⁰ - 5)
+	// Pack each lane in h₂₆[0:4] into h₁₂₈[0:1].
+	VESLG $26, H_1, H_1
+	VESLG $26, H_3, H_3
+	VO    H_0, H_1, H_0
+	VO    H_2, H_3, H_2
+	VESLG $4, H_2, H_2
+	VLEIB $7, $48, H_1
+	VSLB  H_1, H_2, H_2
+	VO    H_0, H_2, H_0
+	VLEIB $7, $104, H_1
+	VSLB  H_1, H_4, H_3
+	VO    H_3, H_0, H_0
+	VLEIB $7, $24, H_1
+	VSRLB H_1, H_4, H_1
 
+	// update state
+	VSTEG $1, H_0, 0(R1)
+	VSTEG $0, H_0, 8(R1)
+	VSTEG $1, H_1, 16(R1)
 	RET
 
-b2:
+b2:  // 2 or fewer blocks remaining
 	CMPBLE R3, $16, b1
 
-	// 2 blocks remaining
-	SUB    $17, R3
-	VL     (R2), T_0
-	VLL    R3, 16(R2), T_1
-	ADD    $1, R3
-	MOVBZ  $1, R0
-	CMPBEQ R3, $16, 2(PC)
-	VLVGB  R3, R0, T_1
-	EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4)
-	CMPBNE R3, $16, 2(PC)
-	VLEIB  $12, $1, F_4
-	VLEIB  $4, $1, F_4
+	// Load the 2 remaining blocks (17-32 bytes remaining).
+	MOVD $-17(R3), R0    // index of final byte to load modulo 16
+	VL   (R2), T_0       // load full 16 byte block
+	VLL  R0, 16(R2), T_1 // load final (possibly partial) block and pad with zeros to 16 bytes
 
-	// setup [r²,r]
-	VLVGG $1, RSAVE_0, R_0
-	VLVGG $1, RSAVE_1, R_1
-	VLVGG $1, RSAVE_2, R_2
-	VLVGG $1, RSAVE_3, R_3
-	VLVGG $1, RSAVE_4, R_4
-	VPDI  $0, R5_1, R5SAVE_1, R5_1
-	VPDI  $0, R5_2, R5SAVE_2, R5_2
-	VPDI  $0, R5_3, R5SAVE_3, R5_3
-	VPDI  $0, R5_4, R5SAVE_4, R5_4
+	// The Poly1305 algorithm requires that a 1 bit be appended to
+	// each message block. If the final block is less than 16 bytes
+	// long then it is easiest to insert the 1 before the message
+	// block is split into 26-bit limbs. If, on the other hand, the
+	// final message block is 16 bytes long then we append the 1 bit
+	// after expansion as normal.
+	MOVBZ  $1, R0
+	MOVD   $-16(R3), R3   // index of byte in last block to insert 1 at (could be 16)
+	CMPBEQ R3, $16, 2(PC) // skip the insertion if the final block is 16 bytes long
+	VLVGB  R3, R0, T_1    // insert 1 into the byte at index R3
+
+	// Split both blocks into 26-bit limbs in the appropriate lanes.
+	EXPAND(T_0, T_1, M_0, M_1, M_2, M_3, M_4)
+
+	// Append a 1 byte to the end of the second to last block.
+	VLEIB $4, $1, M_4
+
+	// Append a 1 byte to the end of the last block only if it is a
+	// full 16 byte block.
+	CMPBNE R3, $16, 2(PC)
+	VLEIB  $12, $1, M_4
+
+	// Finally, set up the coefficients for the final multiplication.
+	// We have previously saved r and 5r in the 32-bit even indexes
+	// of the R_[0-4] and R5_[1-4] coefficient registers.
+	//
+	// We want lane 0 to be multiplied by r² so that can be kept the
+	// same. We want lane 1 to be multiplied by r so we need to move
+	// the saved r value into the 32-bit odd index in lane 1 by
+	// rotating the 64-bit lane by 32.
+	VGBM   $0x00ff, T_0         // [0, 0xffffffffffffffff] - mask lane 1 only
+	VERIMG $32, R_0, T_0, R_0   // [_,  r²₂₆[0], _,  r₂₆[0]]
+	VERIMG $32, R_1, T_0, R_1   // [_,  r²₂₆[1], _,  r₂₆[1]]
+	VERIMG $32, R_2, T_0, R_2   // [_,  r²₂₆[2], _,  r₂₆[2]]
+	VERIMG $32, R_3, T_0, R_3   // [_,  r²₂₆[3], _,  r₂₆[3]]
+	VERIMG $32, R_4, T_0, R_4   // [_,  r²₂₆[4], _,  r₂₆[4]]
+	VERIMG $32, R5_1, T_0, R5_1 // [_, 5r²₂₆[1], _, 5r₂₆[1]]
+	VERIMG $32, R5_2, T_0, R5_2 // [_, 5r²₂₆[2], _, 5r₂₆[2]]
+	VERIMG $32, R5_3, T_0, R5_3 // [_, 5r²₂₆[3], _, 5r₂₆[3]]
+	VERIMG $32, R5_4, T_0, R5_4 // [_, 5r²₂₆[4], _, 5r₂₆[4]]
 
 	MOVD $0, R3
 	BR   multiply
 
 skip:
-	VZERO H_0
-	VZERO H_1
-	VZERO H_2
-	VZERO H_3
-	VZERO H_4
-
 	CMPBEQ R3, $0, finish
 
-b1:
-	// 1 block remaining
-	SUB    $1, R3
-	VLL    R3, (R2), T_0
-	ADD    $1, R3
+b1:  // 1 block remaining
+
+	// Load the final block (1-16 bytes). This will be placed into
+	// lane 0.
+	MOVD $-1(R3), R0
+	VLL  R0, (R2), T_0 // pad to 16 bytes with zeros
+
+	// The Poly1305 algorithm requires that a 1 bit be appended to
+	// each message block. If the final block is less than 16 bytes
+	// long then it is easiest to insert the 1 before the message
+	// block is split into 26-bit limbs. If, on the other hand, the
+	// final message block is 16 bytes long then we append the 1 bit
+	// after expansion as normal.
 	MOVBZ  $1, R0
 	CMPBEQ R3, $16, 2(PC)
 	VLVGB  R3, R0, T_0
-	VZERO  T_1
-	EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4)
-	CMPBNE R3, $16, 2(PC)
-	VLEIB  $4, $1, F_4
-	VLEIG  $1, $1, R_0
-	VZERO  R_1
-	VZERO  R_2
-	VZERO  R_3
-	VZERO  R_4
-	VZERO  R5_1
-	VZERO  R5_2
-	VZERO  R5_3
-	VZERO  R5_4
 
-	// setup [r, 1]
-	VLVGG $0, RSAVE_0, R_0
-	VLVGG $0, RSAVE_1, R_1
-	VLVGG $0, RSAVE_2, R_2
-	VLVGG $0, RSAVE_3, R_3
-	VLVGG $0, RSAVE_4, R_4
-	VPDI  $0, R5SAVE_1, R5_1, R5_1
-	VPDI  $0, R5SAVE_2, R5_2, R5_2
-	VPDI  $0, R5SAVE_3, R5_3, R5_3
-	VPDI  $0, R5SAVE_4, R5_4, R5_4
+	// Set the message block in lane 1 to the value 0 so that it
+	// can be accumulated without affecting the final result.
+	VZERO T_1
+
+	// Split the final message block into 26-bit limbs in lane 0.
+	// Lane 1 will be contain 0.
+	EXPAND(T_0, T_1, M_0, M_1, M_2, M_3, M_4)
+
+	// Append a 1 byte to the end of the last block only if it is a
+	// full 16 byte block.
+	CMPBNE R3, $16, 2(PC)
+	VLEIB  $4, $1, M_4
+
+	// We have previously saved r and 5r in the 32-bit even indexes
+	// of the R_[0-4] and R5_[1-4] coefficient registers.
+	//
+	// We want lane 0 to be multiplied by r so we need to move the
+	// saved r value into the 32-bit odd index in lane 0. We want
+	// lane 1 to be set to the value 1. This makes multiplication
+	// a no-op. We do this by setting lane 1 in every register to 0
+	// and then just setting the 32-bit index 3 in R_0 to 1.
+	VZERO T_0
+	MOVD  $0, R0
+	MOVD  $0x10111213, R12
+	VLVGP R12, R0, T_1         // [_, 0x10111213, _, 0x00000000]
+	VPERM T_0, R_0, T_1, R_0   // [_,  r₂₆[0], _, 0]
+	VPERM T_0, R_1, T_1, R_1   // [_,  r₂₆[1], _, 0]
+	VPERM T_0, R_2, T_1, R_2   // [_,  r₂₆[2], _, 0]
+	VPERM T_0, R_3, T_1, R_3   // [_,  r₂₆[3], _, 0]
+	VPERM T_0, R_4, T_1, R_4   // [_,  r₂₆[4], _, 0]
+	VPERM T_0, R5_1, T_1, R5_1 // [_, 5r₂₆[1], _, 0]
+	VPERM T_0, R5_2, T_1, R5_2 // [_, 5r₂₆[2], _, 0]
+	VPERM T_0, R5_3, T_1, R5_3 // [_, 5r₂₆[3], _, 0]
+	VPERM T_0, R5_4, T_1, R5_4 // [_, 5r₂₆[4], _, 0]
+
+	// Set the value of lane 1 to be 1.
+	VLEIF $3, $1, R_0 // [_,  r₂₆[0], _, 1]
 
 	MOVD $0, R3
 	BR   multiply
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s b/vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s
deleted file mode 100644
index e60bbc1d..00000000
--- a/vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s
+++ /dev/null
@@ -1,909 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build s390x,go1.11,!gccgo,!appengine
-
-#include "textflag.h"
-
-// Implementation of Poly1305 using the vector facility (vx) and the VMSL instruction.
-
-// constants
-#define EX0   V1
-#define EX1   V2
-#define EX2   V3
-
-// temporaries
-#define T_0 V4
-#define T_1 V5
-#define T_2 V6
-#define T_3 V7
-#define T_4 V8
-#define T_5 V9
-#define T_6 V10
-#define T_7 V11
-#define T_8 V12
-#define T_9 V13
-#define T_10 V14
-
-// r**2 & r**4
-#define R_0  V15
-#define R_1  V16
-#define R_2  V17
-#define R5_1 V18
-#define R5_2 V19
-// key (r)
-#define RSAVE_0 R7
-#define RSAVE_1 R8
-#define RSAVE_2 R9
-#define R5SAVE_1 R10
-#define R5SAVE_2 R11
-
-// message block
-#define M0 V20
-#define M1 V21
-#define M2 V22
-#define M3 V23
-#define M4 V24
-#define M5 V25
-
-// accumulator
-#define H0_0 V26
-#define H1_0 V27
-#define H2_0 V28
-#define H0_1 V29
-#define H1_1 V30
-#define H2_1 V31
-
-GLOBL ·keyMask<>(SB), RODATA, $16
-DATA ·keyMask<>+0(SB)/8, $0xffffff0ffcffff0f
-DATA ·keyMask<>+8(SB)/8, $0xfcffff0ffcffff0f
-
-GLOBL ·bswapMask<>(SB), RODATA, $16
-DATA ·bswapMask<>+0(SB)/8, $0x0f0e0d0c0b0a0908
-DATA ·bswapMask<>+8(SB)/8, $0x0706050403020100
-
-GLOBL ·constants<>(SB), RODATA, $48
-// EX0
-DATA ·constants<>+0(SB)/8, $0x18191a1b1c1d1e1f
-DATA ·constants<>+8(SB)/8, $0x0000050403020100
-// EX1
-DATA ·constants<>+16(SB)/8, $0x18191a1b1c1d1e1f
-DATA ·constants<>+24(SB)/8, $0x00000a0908070605
-// EX2
-DATA ·constants<>+32(SB)/8, $0x18191a1b1c1d1e1f
-DATA ·constants<>+40(SB)/8, $0x0000000f0e0d0c0b
-
-GLOBL ·c<>(SB), RODATA, $48
-// EX0
-DATA ·c<>+0(SB)/8, $0x0000050403020100
-DATA ·c<>+8(SB)/8, $0x0000151413121110
-// EX1
-DATA ·c<>+16(SB)/8, $0x00000a0908070605
-DATA ·c<>+24(SB)/8, $0x00001a1918171615
-// EX2
-DATA ·c<>+32(SB)/8, $0x0000000f0e0d0c0b
-DATA ·c<>+40(SB)/8, $0x0000001f1e1d1c1b
-
-GLOBL ·reduce<>(SB), RODATA, $32
-// 44 bit
-DATA ·reduce<>+0(SB)/8, $0x0
-DATA ·reduce<>+8(SB)/8, $0xfffffffffff
-// 42 bit
-DATA ·reduce<>+16(SB)/8, $0x0
-DATA ·reduce<>+24(SB)/8, $0x3ffffffffff
-
-// h = (f*g) % (2**130-5) [partial reduction]
-// uses T_0...T_9 temporary registers
-// input: m02_0, m02_1, m02_2, m13_0, m13_1, m13_2, r_0, r_1, r_2, r5_1, r5_2, m4_0, m4_1, m4_2, m5_0, m5_1, m5_2
-// temp: t0, t1, t2, t3, t4, t5, t6, t7, t8, t9
-// output: m02_0, m02_1, m02_2, m13_0, m13_1, m13_2
-#define MULTIPLY(m02_0, m02_1, m02_2, m13_0, m13_1, m13_2, r_0, r_1, r_2, r5_1, r5_2, m4_0, m4_1, m4_2, m5_0, m5_1, m5_2, t0, t1, t2, t3, t4, t5, t6, t7, t8, t9) \
-	\ // Eliminate the dependency for the last 2 VMSLs
-	VMSLG m02_0, r_2, m4_2, m4_2                       \
-	VMSLG m13_0, r_2, m5_2, m5_2                       \ // 8 VMSLs pipelined
-	VMSLG m02_0, r_0, m4_0, m4_0                       \
-	VMSLG m02_1, r5_2, V0, T_0                         \
-	VMSLG m02_0, r_1, m4_1, m4_1                       \
-	VMSLG m02_1, r_0, V0, T_1                          \
-	VMSLG m02_1, r_1, V0, T_2                          \
-	VMSLG m02_2, r5_1, V0, T_3                         \
-	VMSLG m02_2, r5_2, V0, T_4                         \
-	VMSLG m13_0, r_0, m5_0, m5_0                       \
-	VMSLG m13_1, r5_2, V0, T_5                         \
-	VMSLG m13_0, r_1, m5_1, m5_1                       \
-	VMSLG m13_1, r_0, V0, T_6                          \
-	VMSLG m13_1, r_1, V0, T_7                          \
-	VMSLG m13_2, r5_1, V0, T_8                         \
-	VMSLG m13_2, r5_2, V0, T_9                         \
-	VMSLG m02_2, r_0, m4_2, m4_2                       \
-	VMSLG m13_2, r_0, m5_2, m5_2                       \
-	VAQ   m4_0, T_0, m02_0                             \
-	VAQ   m4_1, T_1, m02_1                             \
-	VAQ   m5_0, T_5, m13_0                             \
-	VAQ   m5_1, T_6, m13_1                             \
-	VAQ   m02_0, T_3, m02_0                            \
-	VAQ   m02_1, T_4, m02_1                            \
-	VAQ   m13_0, T_8, m13_0                            \
-	VAQ   m13_1, T_9, m13_1                            \
-	VAQ   m4_2, T_2, m02_2                             \
-	VAQ   m5_2, T_7, m13_2                             \
-
-// SQUARE uses three limbs of r and r_2*5 to output square of r
-// uses T_1, T_5 and T_7 temporary registers
-// input: r_0, r_1, r_2, r5_2
-// temp: TEMP0, TEMP1, TEMP2
-// output: p0, p1, p2
-#define SQUARE(r_0, r_1, r_2, r5_2, p0, p1, p2, TEMP0, TEMP1, TEMP2) \
-	VMSLG r_0, r_0, p0, p0     \
-	VMSLG r_1, r5_2, V0, TEMP0 \
-	VMSLG r_2, r5_2, p1, p1    \
-	VMSLG r_0, r_1, V0, TEMP1  \
-	VMSLG r_1, r_1, p2, p2     \
-	VMSLG r_0, r_2, V0, TEMP2  \
-	VAQ   TEMP0, p0, p0        \
-	VAQ   TEMP1, p1, p1        \
-	VAQ   TEMP2, p2, p2        \
-	VAQ   TEMP0, p0, p0        \
-	VAQ   TEMP1, p1, p1        \
-	VAQ   TEMP2, p2, p2        \
-
-// carry h0->h1->h2->h0 || h3->h4->h5->h3
-// uses T_2, T_4, T_5, T_7, T_8, T_9
-//       t6,  t7,  t8,  t9, t10, t11
-// input: h0, h1, h2, h3, h4, h5
-// temp: t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11
-// output: h0, h1, h2, h3, h4, h5
-#define REDUCE(h0, h1, h2, h3, h4, h5, t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11) \
-	VLM    (R12), t6, t7  \ // 44 and 42 bit clear mask
-	VLEIB  $7, $0x28, t10 \ // 5 byte shift mask
-	VREPIB $4, t8         \ // 4 bit shift mask
-	VREPIB $2, t11        \ // 2 bit shift mask
-	VSRLB  t10, h0, t0    \ // h0 byte shift
-	VSRLB  t10, h1, t1    \ // h1 byte shift
-	VSRLB  t10, h2, t2    \ // h2 byte shift
-	VSRLB  t10, h3, t3    \ // h3 byte shift
-	VSRLB  t10, h4, t4    \ // h4 byte shift
-	VSRLB  t10, h5, t5    \ // h5 byte shift
-	VSRL   t8, t0, t0     \ // h0 bit shift
-	VSRL   t8, t1, t1     \ // h2 bit shift
-	VSRL   t11, t2, t2    \ // h2 bit shift
-	VSRL   t8, t3, t3     \ // h3 bit shift
-	VSRL   t8, t4, t4     \ // h4 bit shift
-	VESLG  $2, t2, t9     \ // h2 carry x5
-	VSRL   t11, t5, t5    \ // h5 bit shift
-	VN     t6, h0, h0     \ // h0 clear carry
-	VAQ    t2, t9, t2     \ // h2 carry x5
-	VESLG  $2, t5, t9     \ // h5 carry x5
-	VN     t6, h1, h1     \ // h1 clear carry
-	VN     t7, h2, h2     \ // h2 clear carry
-	VAQ    t5, t9, t5     \ // h5 carry x5
-	VN     t6, h3, h3     \ // h3 clear carry
-	VN     t6, h4, h4     \ // h4 clear carry
-	VN     t7, h5, h5     \ // h5 clear carry
-	VAQ    t0, h1, h1     \ // h0->h1
-	VAQ    t3, h4, h4     \ // h3->h4
-	VAQ    t1, h2, h2     \ // h1->h2
-	VAQ    t4, h5, h5     \ // h4->h5
-	VAQ    t2, h0, h0     \ // h2->h0
-	VAQ    t5, h3, h3     \ // h5->h3
-	VREPG  $1, t6, t6     \ // 44 and 42 bit masks across both halves
-	VREPG  $1, t7, t7     \
-	VSLDB  $8, h0, h0, h0 \ // set up [h0/1/2, h3/4/5]
-	VSLDB  $8, h1, h1, h1 \
-	VSLDB  $8, h2, h2, h2 \
-	VO     h0, h3, h3     \
-	VO     h1, h4, h4     \
-	VO     h2, h5, h5     \
-	VESRLG $44, h3, t0    \ // 44 bit shift right
-	VESRLG $44, h4, t1    \
-	VESRLG $42, h5, t2    \
-	VN     t6, h3, h3     \ // clear carry bits
-	VN     t6, h4, h4     \
-	VN     t7, h5, h5     \
-	VESLG  $2, t2, t9     \ // multiply carry by 5
-	VAQ    t9, t2, t2     \
-	VAQ    t0, h4, h4     \
-	VAQ    t1, h5, h5     \
-	VAQ    t2, h3, h3     \
-
-// carry h0->h1->h2->h0
-// input: h0, h1, h2
-// temp: t0, t1, t2, t3, t4, t5, t6, t7, t8
-// output: h0, h1, h2
-#define REDUCE2(h0, h1, h2, t0, t1, t2, t3, t4, t5, t6, t7, t8) \
-	VLEIB  $7, $0x28, t3 \ // 5 byte shift mask
-	VREPIB $4, t4        \ // 4 bit shift mask
-	VREPIB $2, t7        \ // 2 bit shift mask
-	VGBM   $0x003F, t5   \ // mask to clear carry bits
-	VSRLB  t3, h0, t0    \
-	VSRLB  t3, h1, t1    \
-	VSRLB  t3, h2, t2    \
-	VESRLG $4, t5, t5    \ // 44 bit clear mask
-	VSRL   t4, t0, t0    \
-	VSRL   t4, t1, t1    \
-	VSRL   t7, t2, t2    \
-	VESRLG $2, t5, t6    \ // 42 bit clear mask
-	VESLG  $2, t2, t8    \
-	VAQ    t8, t2, t2    \
-	VN     t5, h0, h0    \
-	VN     t5, h1, h1    \
-	VN     t6, h2, h2    \
-	VAQ    t0, h1, h1    \
-	VAQ    t1, h2, h2    \
-	VAQ    t2, h0, h0    \
-	VSRLB  t3, h0, t0    \
-	VSRLB  t3, h1, t1    \
-	VSRLB  t3, h2, t2    \
-	VSRL   t4, t0, t0    \
-	VSRL   t4, t1, t1    \
-	VSRL   t7, t2, t2    \
-	VN     t5, h0, h0    \
-	VN     t5, h1, h1    \
-	VESLG  $2, t2, t8    \
-	VN     t6, h2, h2    \
-	VAQ    t0, h1, h1    \
-	VAQ    t8, t2, t2    \
-	VAQ    t1, h2, h2    \
-	VAQ    t2, h0, h0    \
-
-// expands two message blocks into the lower halfs of the d registers
-// moves the contents of the d registers into upper halfs
-// input: in1, in2, d0, d1, d2, d3, d4, d5
-// temp: TEMP0, TEMP1, TEMP2, TEMP3
-// output: d0, d1, d2, d3, d4, d5
-#define EXPACC(in1, in2, d0, d1, d2, d3, d4, d5, TEMP0, TEMP1, TEMP2, TEMP3) \
-	VGBM   $0xff3f, TEMP0      \
-	VGBM   $0xff1f, TEMP1      \
-	VESLG  $4, d1, TEMP2       \
-	VESLG  $4, d4, TEMP3       \
-	VESRLG $4, TEMP0, TEMP0    \
-	VPERM  in1, d0, EX0, d0    \
-	VPERM  in2, d3, EX0, d3    \
-	VPERM  in1, d2, EX2, d2    \
-	VPERM  in2, d5, EX2, d5    \
-	VPERM  in1, TEMP2, EX1, d1 \
-	VPERM  in2, TEMP3, EX1, d4 \
-	VN     TEMP0, d0, d0       \
-	VN     TEMP0, d3, d3       \
-	VESRLG $4, d1, d1          \
-	VESRLG $4, d4, d4          \
-	VN     TEMP1, d2, d2       \
-	VN     TEMP1, d5, d5       \
-	VN     TEMP0, d1, d1       \
-	VN     TEMP0, d4, d4       \
-
-// expands one message block into the lower halfs of the d registers
-// moves the contents of the d registers into upper halfs
-// input: in, d0, d1, d2
-// temp: TEMP0, TEMP1, TEMP2
-// output: d0, d1, d2
-#define EXPACC2(in, d0, d1, d2, TEMP0, TEMP1, TEMP2) \
-	VGBM   $0xff3f, TEMP0     \
-	VESLG  $4, d1, TEMP2      \
-	VGBM   $0xff1f, TEMP1     \
-	VPERM  in, d0, EX0, d0    \
-	VESRLG $4, TEMP0, TEMP0   \
-	VPERM  in, d2, EX2, d2    \
-	VPERM  in, TEMP2, EX1, d1 \
-	VN     TEMP0, d0, d0      \
-	VN     TEMP1, d2, d2      \
-	VESRLG $4, d1, d1         \
-	VN     TEMP0, d1, d1      \
-
-// pack h2:h0 into h1:h0 (no carry)
-// input: h0, h1, h2
-// output: h0, h1, h2
-#define PACK(h0, h1, h2) \
-	VMRLG  h1, h2, h2  \ // copy h1 to upper half h2
-	VESLG  $44, h1, h1 \ // shift limb 1 44 bits, leaving 20
-	VO     h0, h1, h0  \ // combine h0 with 20 bits from limb 1
-	VESRLG $20, h2, h1 \ // put top 24 bits of limb 1 into h1
-	VLEIG  $1, $0, h1  \ // clear h2 stuff from lower half of h1
-	VO     h0, h1, h0  \ // h0 now has 88 bits (limb 0 and 1)
-	VLEIG  $0, $0, h2  \ // clear upper half of h2
-	VESRLG $40, h2, h1 \ // h1 now has upper two bits of result
-	VLEIB  $7, $88, h1 \ // for byte shift (11 bytes)
-	VSLB   h1, h2, h2  \ // shift h2 11 bytes to the left
-	VO     h0, h2, h0  \ // combine h0 with 20 bits from limb 1
-	VLEIG  $0, $0, h1  \ // clear upper half of h1
-
-// if h > 2**130-5 then h -= 2**130-5
-// input: h0, h1
-// temp: t0, t1, t2
-// output: h0
-#define MOD(h0, h1, t0, t1, t2) \
-	VZERO t0          \
-	VLEIG $1, $5, t0  \
-	VACCQ h0, t0, t1  \
-	VAQ   h0, t0, t0  \
-	VONE  t2          \
-	VLEIG $1, $-4, t2 \
-	VAQ   t2, t1, t1  \
-	VACCQ h1, t1, t1  \
-	VONE  t2          \
-	VAQ   t2, t1, t1  \
-	VN    h0, t1, t2  \
-	VNC   t0, t1, t1  \
-	VO    t1, t2, h0  \
-
-// func poly1305vmsl(out *[16]byte, m *byte, mlen uint64, key *[32]key)
-TEXT ·poly1305vmsl(SB), $0-32
-	// This code processes 6 + up to 4 blocks (32 bytes) per iteration
-	// using the algorithm described in:
-	// NEON crypto, Daniel J. Bernstein & Peter Schwabe
-	// https://cryptojedi.org/papers/neoncrypto-20120320.pdf
-	// And as moddified for VMSL as described in
-	// Accelerating Poly1305 Cryptographic Message Authentication on the z14
-	// O'Farrell et al, CASCON 2017, p48-55
-	// https://ibm.ent.box.com/s/jf9gedj0e9d2vjctfyh186shaztavnht
-
-	LMG   out+0(FP), R1, R4 // R1=out, R2=m, R3=mlen, R4=key
-	VZERO V0                // c
-
-	// load EX0, EX1 and EX2
-	MOVD $·constants<>(SB), R5
-	VLM  (R5), EX0, EX2        // c
-
-	// setup r
-	VL    (R4), T_0
-	MOVD  $·keyMask<>(SB), R6
-	VL    (R6), T_1
-	VN    T_0, T_1, T_0
-	VZERO T_2                 // limbs for r
-	VZERO T_3
-	VZERO T_4
-	EXPACC2(T_0, T_2, T_3, T_4, T_1, T_5, T_7)
-
-	// T_2, T_3, T_4: [0, r]
-
-	// setup r*20
-	VLEIG $0, $0, T_0
-	VLEIG $1, $20, T_0       // T_0: [0, 20]
-	VZERO T_5
-	VZERO T_6
-	VMSLG T_0, T_3, T_5, T_5
-	VMSLG T_0, T_4, T_6, T_6
-
-	// store r for final block in GR
-	VLGVG $1, T_2, RSAVE_0  // c
-	VLGVG $1, T_3, RSAVE_1  // c
-	VLGVG $1, T_4, RSAVE_2  // c
-	VLGVG $1, T_5, R5SAVE_1 // c
-	VLGVG $1, T_6, R5SAVE_2 // c
-
-	// initialize h
-	VZERO H0_0
-	VZERO H1_0
-	VZERO H2_0
-	VZERO H0_1
-	VZERO H1_1
-	VZERO H2_1
-
-	// initialize pointer for reduce constants
-	MOVD $·reduce<>(SB), R12
-
-	// calculate r**2 and 20*(r**2)
-	VZERO R_0
-	VZERO R_1
-	VZERO R_2
-	SQUARE(T_2, T_3, T_4, T_6, R_0, R_1, R_2, T_1, T_5, T_7)
-	REDUCE2(R_0, R_1, R_2, M0, M1, M2, M3, M4, R5_1, R5_2, M5, T_1)
-	VZERO R5_1
-	VZERO R5_2
-	VMSLG T_0, R_1, R5_1, R5_1
-	VMSLG T_0, R_2, R5_2, R5_2
-
-	// skip r**4 calculation if 3 blocks or less
-	CMPBLE R3, $48, b4
-
-	// calculate r**4 and 20*(r**4)
-	VZERO T_8
-	VZERO T_9
-	VZERO T_10
-	SQUARE(R_0, R_1, R_2, R5_2, T_8, T_9, T_10, T_1, T_5, T_7)
-	REDUCE2(T_8, T_9, T_10, M0, M1, M2, M3, M4, T_2, T_3, M5, T_1)
-	VZERO T_2
-	VZERO T_3
-	VMSLG T_0, T_9, T_2, T_2
-	VMSLG T_0, T_10, T_3, T_3
-
-	// put r**2 to the right and r**4 to the left of R_0, R_1, R_2
-	VSLDB $8, T_8, T_8, T_8
-	VSLDB $8, T_9, T_9, T_9
-	VSLDB $8, T_10, T_10, T_10
-	VSLDB $8, T_2, T_2, T_2
-	VSLDB $8, T_3, T_3, T_3
-
-	VO T_8, R_0, R_0
-	VO T_9, R_1, R_1
-	VO T_10, R_2, R_2
-	VO T_2, R5_1, R5_1
-	VO T_3, R5_2, R5_2
-
-	CMPBLE R3, $80, load // less than or equal to 5 blocks in message
-
-	// 6(or 5+1) blocks
-	SUB    $81, R3
-	VLM    (R2), M0, M4
-	VLL    R3, 80(R2), M5
-	ADD    $1, R3
-	MOVBZ  $1, R0
-	CMPBGE R3, $16, 2(PC)
-	VLVGB  R3, R0, M5
-	MOVD   $96(R2), R2
-	EXPACC(M0, M1, H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_0, T_1, T_2, T_3)
-	EXPACC(M2, M3, H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_0, T_1, T_2, T_3)
-	VLEIB  $2, $1, H2_0
-	VLEIB  $2, $1, H2_1
-	VLEIB  $10, $1, H2_0
-	VLEIB  $10, $1, H2_1
-
-	VZERO  M0
-	VZERO  M1
-	VZERO  M2
-	VZERO  M3
-	VZERO  T_4
-	VZERO  T_10
-	EXPACC(M4, M5, M0, M1, M2, M3, T_4, T_10, T_0, T_1, T_2, T_3)
-	VLR    T_4, M4
-	VLEIB  $10, $1, M2
-	CMPBLT R3, $16, 2(PC)
-	VLEIB  $10, $1, T_10
-	MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, T_10, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
-	REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M2, M3, M4, T_4, T_5, T_2, T_7, T_8, T_9)
-	VMRHG  V0, H0_1, H0_0
-	VMRHG  V0, H1_1, H1_0
-	VMRHG  V0, H2_1, H2_0
-	VMRLG  V0, H0_1, H0_1
-	VMRLG  V0, H1_1, H1_1
-	VMRLG  V0, H2_1, H2_1
-
-	SUB    $16, R3
-	CMPBLE R3, $0, square
-
-load:
-	// load EX0, EX1 and EX2
-	MOVD $·c<>(SB), R5
-	VLM  (R5), EX0, EX2
-
-loop:
-	CMPBLE R3, $64, add // b4	// last 4 or less blocks left
-
-	// next 4 full blocks
-	VLM  (R2), M2, M5
-	SUB  $64, R3
-	MOVD $64(R2), R2
-	REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, T_0, T_1, T_3, T_4, T_5, T_2, T_7, T_8, T_9)
-
-	// expacc in-lined to create [m2, m3] limbs
-	VGBM   $0x3f3f, T_0     // 44 bit clear mask
-	VGBM   $0x1f1f, T_1     // 40 bit clear mask
-	VPERM  M2, M3, EX0, T_3
-	VESRLG $4, T_0, T_0     // 44 bit clear mask ready
-	VPERM  M2, M3, EX1, T_4
-	VPERM  M2, M3, EX2, T_5
-	VN     T_0, T_3, T_3
-	VESRLG $4, T_4, T_4
-	VN     T_1, T_5, T_5
-	VN     T_0, T_4, T_4
-	VMRHG  H0_1, T_3, H0_0
-	VMRHG  H1_1, T_4, H1_0
-	VMRHG  H2_1, T_5, H2_0
-	VMRLG  H0_1, T_3, H0_1
-	VMRLG  H1_1, T_4, H1_1
-	VMRLG  H2_1, T_5, H2_1
-	VLEIB  $10, $1, H2_0
-	VLEIB  $10, $1, H2_1
-	VPERM  M4, M5, EX0, T_3
-	VPERM  M4, M5, EX1, T_4
-	VPERM  M4, M5, EX2, T_5
-	VN     T_0, T_3, T_3
-	VESRLG $4, T_4, T_4
-	VN     T_1, T_5, T_5
-	VN     T_0, T_4, T_4
-	VMRHG  V0, T_3, M0
-	VMRHG  V0, T_4, M1
-	VMRHG  V0, T_5, M2
-	VMRLG  V0, T_3, M3
-	VMRLG  V0, T_4, M4
-	VMRLG  V0, T_5, M5
-	VLEIB  $10, $1, M2
-	VLEIB  $10, $1, M5
-
-	MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
-	CMPBNE R3, $0, loop
-	REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M3, M4, M5, T_4, T_5, T_2, T_7, T_8, T_9)
-	VMRHG  V0, H0_1, H0_0
-	VMRHG  V0, H1_1, H1_0
-	VMRHG  V0, H2_1, H2_0
-	VMRLG  V0, H0_1, H0_1
-	VMRLG  V0, H1_1, H1_1
-	VMRLG  V0, H2_1, H2_1
-
-	// load EX0, EX1, EX2
-	MOVD $·constants<>(SB), R5
-	VLM  (R5), EX0, EX2
-
-	// sum vectors
-	VAQ H0_0, H0_1, H0_0
-	VAQ H1_0, H1_1, H1_0
-	VAQ H2_0, H2_1, H2_0
-
-	// h may be >= 2*(2**130-5) so we need to reduce it again
-	// M0...M4 are used as temps here
-	REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5)
-
-next:  // carry h1->h2
-	VLEIB  $7, $0x28, T_1
-	VREPIB $4, T_2
-	VGBM   $0x003F, T_3
-	VESRLG $4, T_3
-
-	// byte shift
-	VSRLB T_1, H1_0, T_4
-
-	// bit shift
-	VSRL T_2, T_4, T_4
-
-	// clear h1 carry bits
-	VN T_3, H1_0, H1_0
-
-	// add carry
-	VAQ T_4, H2_0, H2_0
-
-	// h is now < 2*(2**130-5)
-	// pack h into h1 (hi) and h0 (lo)
-	PACK(H0_0, H1_0, H2_0)
-
-	// if h > 2**130-5 then h -= 2**130-5
-	MOD(H0_0, H1_0, T_0, T_1, T_2)
-
-	// h += s
-	MOVD  $·bswapMask<>(SB), R5
-	VL    (R5), T_1
-	VL    16(R4), T_0
-	VPERM T_0, T_0, T_1, T_0    // reverse bytes (to big)
-	VAQ   T_0, H0_0, H0_0
-	VPERM H0_0, H0_0, T_1, H0_0 // reverse bytes (to little)
-	VST   H0_0, (R1)
-	RET
-
-add:
-	// load EX0, EX1, EX2
-	MOVD $·constants<>(SB), R5
-	VLM  (R5), EX0, EX2
-
-	REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M3, M4, M5, T_4, T_5, T_2, T_7, T_8, T_9)
-	VMRHG  V0, H0_1, H0_0
-	VMRHG  V0, H1_1, H1_0
-	VMRHG  V0, H2_1, H2_0
-	VMRLG  V0, H0_1, H0_1
-	VMRLG  V0, H1_1, H1_1
-	VMRLG  V0, H2_1, H2_1
-	CMPBLE R3, $64, b4
-
-b4:
-	CMPBLE R3, $48, b3 // 3 blocks or less
-
-	// 4(3+1) blocks remaining
-	SUB    $49, R3
-	VLM    (R2), M0, M2
-	VLL    R3, 48(R2), M3
-	ADD    $1, R3
-	MOVBZ  $1, R0
-	CMPBEQ R3, $16, 2(PC)
-	VLVGB  R3, R0, M3
-	MOVD   $64(R2), R2
-	EXPACC(M0, M1, H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_0, T_1, T_2, T_3)
-	VLEIB  $10, $1, H2_0
-	VLEIB  $10, $1, H2_1
-	VZERO  M0
-	VZERO  M1
-	VZERO  M4
-	VZERO  M5
-	VZERO  T_4
-	VZERO  T_10
-	EXPACC(M2, M3, M0, M1, M4, M5, T_4, T_10, T_0, T_1, T_2, T_3)
-	VLR    T_4, M2
-	VLEIB  $10, $1, M4
-	CMPBNE R3, $16, 2(PC)
-	VLEIB  $10, $1, T_10
-	MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M4, M5, M2, T_10, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
-	REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M3, M4, M5, T_4, T_5, T_2, T_7, T_8, T_9)
-	VMRHG  V0, H0_1, H0_0
-	VMRHG  V0, H1_1, H1_0
-	VMRHG  V0, H2_1, H2_0
-	VMRLG  V0, H0_1, H0_1
-	VMRLG  V0, H1_1, H1_1
-	VMRLG  V0, H2_1, H2_1
-	SUB    $16, R3
-	CMPBLE R3, $0, square // this condition must always hold true!
-
-b3:
-	CMPBLE R3, $32, b2
-
-	// 3 blocks remaining
-
-	// setup [r²,r]
-	VSLDB $8, R_0, R_0, R_0
-	VSLDB $8, R_1, R_1, R_1
-	VSLDB $8, R_2, R_2, R_2
-	VSLDB $8, R5_1, R5_1, R5_1
-	VSLDB $8, R5_2, R5_2, R5_2
-
-	VLVGG $1, RSAVE_0, R_0
-	VLVGG $1, RSAVE_1, R_1
-	VLVGG $1, RSAVE_2, R_2
-	VLVGG $1, R5SAVE_1, R5_1
-	VLVGG $1, R5SAVE_2, R5_2
-
-	// setup [h0, h1]
-	VSLDB $8, H0_0, H0_0, H0_0
-	VSLDB $8, H1_0, H1_0, H1_0
-	VSLDB $8, H2_0, H2_0, H2_0
-	VO    H0_1, H0_0, H0_0
-	VO    H1_1, H1_0, H1_0
-	VO    H2_1, H2_0, H2_0
-	VZERO H0_1
-	VZERO H1_1
-	VZERO H2_1
-
-	VZERO M0
-	VZERO M1
-	VZERO M2
-	VZERO M3
-	VZERO M4
-	VZERO M5
-
-	// H*[r**2, r]
-	MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
-	REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, H0_1, H1_1, T_10, M5)
-
-	SUB    $33, R3
-	VLM    (R2), M0, M1
-	VLL    R3, 32(R2), M2
-	ADD    $1, R3
-	MOVBZ  $1, R0
-	CMPBEQ R3, $16, 2(PC)
-	VLVGB  R3, R0, M2
-
-	// H += m0
-	VZERO T_1
-	VZERO T_2
-	VZERO T_3
-	EXPACC2(M0, T_1, T_2, T_3, T_4, T_5, T_6)
-	VLEIB $10, $1, T_3
-	VAG   H0_0, T_1, H0_0
-	VAG   H1_0, T_2, H1_0
-	VAG   H2_0, T_3, H2_0
-
-	VZERO M0
-	VZERO M3
-	VZERO M4
-	VZERO M5
-	VZERO T_10
-
-	// (H+m0)*r
-	MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M3, M4, M5, V0, T_10, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
-	REDUCE2(H0_0, H1_0, H2_0, M0, M3, M4, M5, T_10, H0_1, H1_1, H2_1, T_9)
-
-	// H += m1
-	VZERO V0
-	VZERO T_1
-	VZERO T_2
-	VZERO T_3
-	EXPACC2(M1, T_1, T_2, T_3, T_4, T_5, T_6)
-	VLEIB $10, $1, T_3
-	VAQ   H0_0, T_1, H0_0
-	VAQ   H1_0, T_2, H1_0
-	VAQ   H2_0, T_3, H2_0
-	REDUCE2(H0_0, H1_0, H2_0, M0, M3, M4, M5, T_9, H0_1, H1_1, H2_1, T_10)
-
-	// [H, m2] * [r**2, r]
-	EXPACC2(M2, H0_0, H1_0, H2_0, T_1, T_2, T_3)
-	CMPBNE R3, $16, 2(PC)
-	VLEIB  $10, $1, H2_0
-	VZERO  M0
-	VZERO  M1
-	VZERO  M2
-	VZERO  M3
-	VZERO  M4
-	VZERO  M5
-	MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
-	REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, H0_1, H1_1, M5, T_10)
-	SUB    $16, R3
-	CMPBLE R3, $0, next   // this condition must always hold true!
-
-b2:
-	CMPBLE R3, $16, b1
-
-	// 2 blocks remaining
-
-	// setup [r²,r]
-	VSLDB $8, R_0, R_0, R_0
-	VSLDB $8, R_1, R_1, R_1
-	VSLDB $8, R_2, R_2, R_2
-	VSLDB $8, R5_1, R5_1, R5_1
-	VSLDB $8, R5_2, R5_2, R5_2
-
-	VLVGG $1, RSAVE_0, R_0
-	VLVGG $1, RSAVE_1, R_1
-	VLVGG $1, RSAVE_2, R_2
-	VLVGG $1, R5SAVE_1, R5_1
-	VLVGG $1, R5SAVE_2, R5_2
-
-	// setup [h0, h1]
-	VSLDB $8, H0_0, H0_0, H0_0
-	VSLDB $8, H1_0, H1_0, H1_0
-	VSLDB $8, H2_0, H2_0, H2_0
-	VO    H0_1, H0_0, H0_0
-	VO    H1_1, H1_0, H1_0
-	VO    H2_1, H2_0, H2_0
-	VZERO H0_1
-	VZERO H1_1
-	VZERO H2_1
-
-	VZERO M0
-	VZERO M1
-	VZERO M2
-	VZERO M3
-	VZERO M4
-	VZERO M5
-
-	// H*[r**2, r]
-	MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
-	REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M2, M3, M4, T_4, T_5, T_2, T_7, T_8, T_9)
-	VMRHG V0, H0_1, H0_0
-	VMRHG V0, H1_1, H1_0
-	VMRHG V0, H2_1, H2_0
-	VMRLG V0, H0_1, H0_1
-	VMRLG V0, H1_1, H1_1
-	VMRLG V0, H2_1, H2_1
-
-	// move h to the left and 0s at the right
-	VSLDB $8, H0_0, H0_0, H0_0
-	VSLDB $8, H1_0, H1_0, H1_0
-	VSLDB $8, H2_0, H2_0, H2_0
-
-	// get message blocks and append 1 to start
-	SUB    $17, R3
-	VL     (R2), M0
-	VLL    R3, 16(R2), M1
-	ADD    $1, R3
-	MOVBZ  $1, R0
-	CMPBEQ R3, $16, 2(PC)
-	VLVGB  R3, R0, M1
-	VZERO  T_6
-	VZERO  T_7
-	VZERO  T_8
-	EXPACC2(M0, T_6, T_7, T_8, T_1, T_2, T_3)
-	EXPACC2(M1, T_6, T_7, T_8, T_1, T_2, T_3)
-	VLEIB  $2, $1, T_8
-	CMPBNE R3, $16, 2(PC)
-	VLEIB  $10, $1, T_8
-
-	// add [m0, m1] to h
-	VAG H0_0, T_6, H0_0
-	VAG H1_0, T_7, H1_0
-	VAG H2_0, T_8, H2_0
-
-	VZERO M2
-	VZERO M3
-	VZERO M4
-	VZERO M5
-	VZERO T_10
-	VZERO M0
-
-	// at this point R_0 .. R5_2 look like [r**2, r]
-	MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M2, M3, M4, M5, T_10, M0, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
-	REDUCE2(H0_0, H1_0, H2_0, M2, M3, M4, M5, T_9, H0_1, H1_1, H2_1, T_10)
-	SUB    $16, R3, R3
-	CMPBLE R3, $0, next
-
-b1:
-	CMPBLE R3, $0, next
-
-	// 1 block remaining
-
-	// setup [r²,r]
-	VSLDB $8, R_0, R_0, R_0
-	VSLDB $8, R_1, R_1, R_1
-	VSLDB $8, R_2, R_2, R_2
-	VSLDB $8, R5_1, R5_1, R5_1
-	VSLDB $8, R5_2, R5_2, R5_2
-
-	VLVGG $1, RSAVE_0, R_0
-	VLVGG $1, RSAVE_1, R_1
-	VLVGG $1, RSAVE_2, R_2
-	VLVGG $1, R5SAVE_1, R5_1
-	VLVGG $1, R5SAVE_2, R5_2
-
-	// setup [h0, h1]
-	VSLDB $8, H0_0, H0_0, H0_0
-	VSLDB $8, H1_0, H1_0, H1_0
-	VSLDB $8, H2_0, H2_0, H2_0
-	VO    H0_1, H0_0, H0_0
-	VO    H1_1, H1_0, H1_0
-	VO    H2_1, H2_0, H2_0
-	VZERO H0_1
-	VZERO H1_1
-	VZERO H2_1
-
-	VZERO M0
-	VZERO M1
-	VZERO M2
-	VZERO M3
-	VZERO M4
-	VZERO M5
-
-	// H*[r**2, r]
-	MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
-	REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5)
-
-	// set up [0, m0] limbs
-	SUB    $1, R3
-	VLL    R3, (R2), M0
-	ADD    $1, R3
-	MOVBZ  $1, R0
-	CMPBEQ R3, $16, 2(PC)
-	VLVGB  R3, R0, M0
-	VZERO  T_1
-	VZERO  T_2
-	VZERO  T_3
-	EXPACC2(M0, T_1, T_2, T_3, T_4, T_5, T_6)// limbs: [0, m]
-	CMPBNE R3, $16, 2(PC)
-	VLEIB  $10, $1, T_3
-
-	// h+m0
-	VAQ H0_0, T_1, H0_0
-	VAQ H1_0, T_2, H1_0
-	VAQ H2_0, T_3, H2_0
-
-	VZERO M0
-	VZERO M1
-	VZERO M2
-	VZERO M3
-	VZERO M4
-	VZERO M5
-	MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
-	REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5)
-
-	BR next
-
-square:
-	// setup [r²,r]
-	VSLDB $8, R_0, R_0, R_0
-	VSLDB $8, R_1, R_1, R_1
-	VSLDB $8, R_2, R_2, R_2
-	VSLDB $8, R5_1, R5_1, R5_1
-	VSLDB $8, R5_2, R5_2, R5_2
-
-	VLVGG $1, RSAVE_0, R_0
-	VLVGG $1, RSAVE_1, R_1
-	VLVGG $1, RSAVE_2, R_2
-	VLVGG $1, R5SAVE_1, R5_1
-	VLVGG $1, R5SAVE_2, R5_2
-
-	// setup [h0, h1]
-	VSLDB $8, H0_0, H0_0, H0_0
-	VSLDB $8, H1_0, H1_0, H1_0
-	VSLDB $8, H2_0, H2_0, H2_0
-	VO    H0_1, H0_0, H0_0
-	VO    H1_1, H1_0, H1_0
-	VO    H2_1, H2_0, H2_0
-	VZERO H0_1
-	VZERO H1_1
-	VZERO H2_1
-
-	VZERO M0
-	VZERO M1
-	VZERO M2
-	VZERO M3
-	VZERO M4
-	VZERO M5
-
-	// (h0*r**2) + (h1*r)
-	MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9)
-	REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5)
-	BR next
diff --git a/vendor/golang.org/x/crypto/ssh/certs.go b/vendor/golang.org/x/crypto/ssh/certs.go
index 00ed9923..916c840b 100644
--- a/vendor/golang.org/x/crypto/ssh/certs.go
+++ b/vendor/golang.org/x/crypto/ssh/certs.go
@@ -17,12 +17,14 @@ import (
 // These constants from [PROTOCOL.certkeys] represent the algorithm names
 // for certificate types supported by this package.
 const (
-	CertAlgoRSAv01      = "ssh-rsa-cert-v01@openssh.com"
-	CertAlgoDSAv01      = "ssh-dss-cert-v01@openssh.com"
-	CertAlgoECDSA256v01 = "ecdsa-sha2-nistp256-cert-v01@openssh.com"
-	CertAlgoECDSA384v01 = "ecdsa-sha2-nistp384-cert-v01@openssh.com"
-	CertAlgoECDSA521v01 = "ecdsa-sha2-nistp521-cert-v01@openssh.com"
-	CertAlgoED25519v01  = "ssh-ed25519-cert-v01@openssh.com"
+	CertAlgoRSAv01        = "ssh-rsa-cert-v01@openssh.com"
+	CertAlgoDSAv01        = "ssh-dss-cert-v01@openssh.com"
+	CertAlgoECDSA256v01   = "ecdsa-sha2-nistp256-cert-v01@openssh.com"
+	CertAlgoECDSA384v01   = "ecdsa-sha2-nistp384-cert-v01@openssh.com"
+	CertAlgoECDSA521v01   = "ecdsa-sha2-nistp521-cert-v01@openssh.com"
+	CertAlgoSKECDSA256v01 = "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com"
+	CertAlgoED25519v01    = "ssh-ed25519-cert-v01@openssh.com"
+	CertAlgoSKED25519v01  = "sk-ssh-ed25519-cert-v01@openssh.com"
 )
 
 // Certificate types distinguish between host and user
@@ -37,6 +39,7 @@ const (
 type Signature struct {
 	Format string
 	Blob   []byte
+	Rest   []byte `ssh:"rest"`
 }
 
 // CertTimeInfinity can be used for OpenSSHCertV01.ValidBefore to indicate that
@@ -411,8 +414,8 @@ func (c *CertChecker) CheckCert(principal string, cert *Certificate) error {
 	return nil
 }
 
-// SignCert sets c.SignatureKey to the authority's public key and stores a
-// Signature, by authority, in the certificate.
+// SignCert signs the certificate with an authority, setting the Nonce,
+// SignatureKey, and Signature fields.
 func (c *Certificate) SignCert(rand io.Reader, authority Signer) error {
 	c.Nonce = make([]byte, 32)
 	if _, err := io.ReadFull(rand, c.Nonce); err != nil {
@@ -429,12 +432,14 @@ func (c *Certificate) SignCert(rand io.Reader, authority Signer) error {
 }
 
 var certAlgoNames = map[string]string{
-	KeyAlgoRSA:      CertAlgoRSAv01,
-	KeyAlgoDSA:      CertAlgoDSAv01,
-	KeyAlgoECDSA256: CertAlgoECDSA256v01,
-	KeyAlgoECDSA384: CertAlgoECDSA384v01,
-	KeyAlgoECDSA521: CertAlgoECDSA521v01,
-	KeyAlgoED25519:  CertAlgoED25519v01,
+	KeyAlgoRSA:        CertAlgoRSAv01,
+	KeyAlgoDSA:        CertAlgoDSAv01,
+	KeyAlgoECDSA256:   CertAlgoECDSA256v01,
+	KeyAlgoECDSA384:   CertAlgoECDSA384v01,
+	KeyAlgoECDSA521:   CertAlgoECDSA521v01,
+	KeyAlgoSKECDSA256: CertAlgoSKECDSA256v01,
+	KeyAlgoED25519:    CertAlgoED25519v01,
+	KeyAlgoSKED25519:  CertAlgoSKED25519v01,
 }
 
 // certToPrivAlgo returns the underlying algorithm for a certificate algorithm.
@@ -518,6 +523,12 @@ func parseSignatureBody(in []byte) (out *Signature, rest []byte, ok bool) {
 		return
 	}
 
+	switch out.Format {
+	case KeyAlgoSKECDSA256, CertAlgoSKECDSA256v01, KeyAlgoSKED25519, CertAlgoSKED25519v01:
+		out.Rest = in
+		return out, nil, ok
+	}
+
 	return out, in, ok
 }
 
diff --git a/vendor/golang.org/x/crypto/ssh/cipher.go b/vendor/golang.org/x/crypto/ssh/cipher.go
index a65a923b..8bd6b3da 100644
--- a/vendor/golang.org/x/crypto/ssh/cipher.go
+++ b/vendor/golang.org/x/crypto/ssh/cipher.go
@@ -16,9 +16,8 @@ import (
 	"hash"
 	"io"
 	"io/ioutil"
-	"math/bits"
 
-	"golang.org/x/crypto/internal/chacha20"
+	"golang.org/x/crypto/chacha20"
 	"golang.org/x/crypto/poly1305"
 )
 
@@ -120,7 +119,7 @@ var cipherModes = map[string]*cipherMode{
 	chacha20Poly1305ID: {64, 0, newChaCha20Cipher},
 
 	// CBC mode is insecure and so is not included in the default config.
-	// (See http://www.isg.rhul.ac.uk/~kp/SandPfinal.pdf). If absolutely
+	// (See https://www.ieee-security.org/TC/SP2013/papers/4977a526.pdf). If absolutely
 	// needed, it's possible to specify a custom Config to enable it.
 	// You should expect that an active attacker can recover plaintext if
 	// you do.
@@ -642,8 +641,8 @@ const chacha20Poly1305ID = "chacha20-poly1305@openssh.com"
 // the methods here also implement padding, which RFC4253 Section 6
 // also requires of stream ciphers.
 type chacha20Poly1305Cipher struct {
-	lengthKey  [8]uint32
-	contentKey [8]uint32
+	lengthKey  [32]byte
+	contentKey [32]byte
 	buf        []byte
 }
 
@@ -656,21 +655,21 @@ func newChaCha20Cipher(key, unusedIV, unusedMACKey []byte, unusedAlgs directionA
 		buf: make([]byte, 256),
 	}
 
-	for i := range c.contentKey {
-		c.contentKey[i] = binary.LittleEndian.Uint32(key[i*4 : (i+1)*4])
-	}
-	for i := range c.lengthKey {
-		c.lengthKey[i] = binary.LittleEndian.Uint32(key[(i+8)*4 : (i+9)*4])
-	}
+	copy(c.contentKey[:], key[:32])
+	copy(c.lengthKey[:], key[32:])
 	return c, nil
 }
 
 func (c *chacha20Poly1305Cipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error) {
-	nonce := [3]uint32{0, 0, bits.ReverseBytes32(seqNum)}
-	s := chacha20.New(c.contentKey, nonce)
-	var polyKey [32]byte
+	nonce := make([]byte, 12)
+	binary.BigEndian.PutUint32(nonce[8:], seqNum)
+	s, err := chacha20.NewUnauthenticatedCipher(c.contentKey[:], nonce)
+	if err != nil {
+		return nil, err
+	}
+	var polyKey, discardBuf [32]byte
 	s.XORKeyStream(polyKey[:], polyKey[:])
-	s.Advance() // skip next 32 bytes
+	s.XORKeyStream(discardBuf[:], discardBuf[:]) // skip the next 32 bytes
 
 	encryptedLength := c.buf[:4]
 	if _, err := io.ReadFull(r, encryptedLength); err != nil {
@@ -678,7 +677,11 @@ func (c *chacha20Poly1305Cipher) readCipherPacket(seqNum uint32, r io.Reader) ([
 	}
 
 	var lenBytes [4]byte
-	chacha20.New(c.lengthKey, nonce).XORKeyStream(lenBytes[:], encryptedLength)
+	ls, err := chacha20.NewUnauthenticatedCipher(c.lengthKey[:], nonce)
+	if err != nil {
+		return nil, err
+	}
+	ls.XORKeyStream(lenBytes[:], encryptedLength)
 
 	length := binary.BigEndian.Uint32(lenBytes[:])
 	if length > maxPacket {
@@ -724,11 +727,15 @@ func (c *chacha20Poly1305Cipher) readCipherPacket(seqNum uint32, r io.Reader) ([
 }
 
 func (c *chacha20Poly1305Cipher) writeCipherPacket(seqNum uint32, w io.Writer, rand io.Reader, payload []byte) error {
-	nonce := [3]uint32{0, 0, bits.ReverseBytes32(seqNum)}
-	s := chacha20.New(c.contentKey, nonce)
-	var polyKey [32]byte
+	nonce := make([]byte, 12)
+	binary.BigEndian.PutUint32(nonce[8:], seqNum)
+	s, err := chacha20.NewUnauthenticatedCipher(c.contentKey[:], nonce)
+	if err != nil {
+		return err
+	}
+	var polyKey, discardBuf [32]byte
 	s.XORKeyStream(polyKey[:], polyKey[:])
-	s.Advance() // skip next 32 bytes
+	s.XORKeyStream(discardBuf[:], discardBuf[:]) // skip the next 32 bytes
 
 	// There is no blocksize, so fall back to multiple of 8 byte
 	// padding, as described in RFC 4253, Sec 6.
@@ -748,7 +755,11 @@ func (c *chacha20Poly1305Cipher) writeCipherPacket(seqNum uint32, w io.Writer, r
 	}
 
 	binary.BigEndian.PutUint32(c.buf, uint32(1+len(payload)+padding))
-	chacha20.New(c.lengthKey, nonce).XORKeyStream(c.buf, c.buf[:4])
+	ls, err := chacha20.NewUnauthenticatedCipher(c.lengthKey[:], nonce)
+	if err != nil {
+		return err
+	}
+	ls.XORKeyStream(c.buf, c.buf[:4])
 	c.buf[4] = byte(padding)
 	copy(c.buf[5:], payload)
 	packetEnd := 5 + len(payload) + padding
diff --git a/vendor/golang.org/x/crypto/ssh/internal/bcrypt_pbkdf/bcrypt_pbkdf.go b/vendor/golang.org/x/crypto/ssh/internal/bcrypt_pbkdf/bcrypt_pbkdf.go
new file mode 100644
index 00000000..af81d266
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/internal/bcrypt_pbkdf/bcrypt_pbkdf.go
@@ -0,0 +1,93 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package bcrypt_pbkdf implements bcrypt_pbkdf(3) from OpenBSD.
+//
+// See https://flak.tedunangst.com/post/bcrypt-pbkdf and
+// https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libutil/bcrypt_pbkdf.c.
+package bcrypt_pbkdf
+
+import (
+	"crypto/sha512"
+	"errors"
+	"golang.org/x/crypto/blowfish"
+)
+
+const blockSize = 32
+
+// Key derives a key from the password, salt and rounds count, returning a
+// []byte of length keyLen that can be used as cryptographic key.
+func Key(password, salt []byte, rounds, keyLen int) ([]byte, error) {
+	if rounds < 1 {
+		return nil, errors.New("bcrypt_pbkdf: number of rounds is too small")
+	}
+	if len(password) == 0 {
+		return nil, errors.New("bcrypt_pbkdf: empty password")
+	}
+	if len(salt) == 0 || len(salt) > 1<<20 {
+		return nil, errors.New("bcrypt_pbkdf: bad salt length")
+	}
+	if keyLen > 1024 {
+		return nil, errors.New("bcrypt_pbkdf: keyLen is too large")
+	}
+
+	numBlocks := (keyLen + blockSize - 1) / blockSize
+	key := make([]byte, numBlocks*blockSize)
+
+	h := sha512.New()
+	h.Write(password)
+	shapass := h.Sum(nil)
+
+	shasalt := make([]byte, 0, sha512.Size)
+	cnt, tmp := make([]byte, 4), make([]byte, blockSize)
+	for block := 1; block <= numBlocks; block++ {
+		h.Reset()
+		h.Write(salt)
+		cnt[0] = byte(block >> 24)
+		cnt[1] = byte(block >> 16)
+		cnt[2] = byte(block >> 8)
+		cnt[3] = byte(block)
+		h.Write(cnt)
+		bcryptHash(tmp, shapass, h.Sum(shasalt))
+
+		out := make([]byte, blockSize)
+		copy(out, tmp)
+		for i := 2; i <= rounds; i++ {
+			h.Reset()
+			h.Write(tmp)
+			bcryptHash(tmp, shapass, h.Sum(shasalt))
+			for j := 0; j < len(out); j++ {
+				out[j] ^= tmp[j]
+			}
+		}
+
+		for i, v := range out {
+			key[i*numBlocks+(block-1)] = v
+		}
+	}
+	return key[:keyLen], nil
+}
+
+var magic = []byte("OxychromaticBlowfishSwatDynamite")
+
+func bcryptHash(out, shapass, shasalt []byte) {
+	c, err := blowfish.NewSaltedCipher(shapass, shasalt)
+	if err != nil {
+		panic(err)
+	}
+	for i := 0; i < 64; i++ {
+		blowfish.ExpandKey(shasalt, c)
+		blowfish.ExpandKey(shapass, c)
+	}
+	copy(out, magic)
+	for i := 0; i < 32; i += 8 {
+		for j := 0; j < 64; j++ {
+			c.Encrypt(out[i:i+8], out[i:i+8])
+		}
+	}
+	// Swap bytes due to different endianness.
+	for i := 0; i < 32; i += 4 {
+		out[i+3], out[i+2], out[i+1], out[i] = out[i], out[i+1], out[i+2], out[i+3]
+	}
+}
diff --git a/vendor/golang.org/x/crypto/ssh/kex.go b/vendor/golang.org/x/crypto/ssh/kex.go
index 16072004..7eedb209 100644
--- a/vendor/golang.org/x/crypto/ssh/kex.go
+++ b/vendor/golang.org/x/crypto/ssh/kex.go
@@ -212,7 +212,7 @@ func (group *dhGroup) Server(c packetConn, randSource io.Reader, magics *handsha
 		HostKey:   hostKeyBytes,
 		Signature: sig,
 		Hash:      crypto.SHA1,
-	}, nil
+	}, err
 }
 
 // ecdh performs Elliptic Curve Diffie-Hellman key exchange as
@@ -572,7 +572,7 @@ func (gex *dhGEXSHA) diffieHellman(theirPublic, myPrivate *big.Int) (*big.Int, e
 	return new(big.Int).Exp(theirPublic, myPrivate, gex.p), nil
 }
 
-func (gex *dhGEXSHA) Client(c packetConn, randSource io.Reader, magics *handshakeMagics) (*kexResult, error) {
+func (gex dhGEXSHA) Client(c packetConn, randSource io.Reader, magics *handshakeMagics) (*kexResult, error) {
 	// Send GexRequest
 	kexDHGexRequest := kexDHGexRequestMsg{
 		MinBits:      dhGroupExchangeMinimumBits,
@@ -677,7 +677,7 @@ func (gex *dhGEXSHA) Client(c packetConn, randSource io.Reader, magics *handshak
 // Server half implementation of the Diffie Hellman Key Exchange with SHA1 and SHA256.
 //
 // This is a minimal implementation to satisfy the automated tests.
-func (gex *dhGEXSHA) Server(c packetConn, randSource io.Reader, magics *handshakeMagics, priv Signer) (result *kexResult, err error) {
+func (gex dhGEXSHA) Server(c packetConn, randSource io.Reader, magics *handshakeMagics, priv Signer) (result *kexResult, err error) {
 	// Receive GexRequest
 	packet, err := c.readPacket()
 	if err != nil {
diff --git a/vendor/golang.org/x/crypto/ssh/keys.go b/vendor/golang.org/x/crypto/ssh/keys.go
index 96980479..31f26349 100644
--- a/vendor/golang.org/x/crypto/ssh/keys.go
+++ b/vendor/golang.org/x/crypto/ssh/keys.go
@@ -7,6 +7,8 @@ package ssh
 import (
 	"bytes"
 	"crypto"
+	"crypto/aes"
+	"crypto/cipher"
 	"crypto/dsa"
 	"crypto/ecdsa"
 	"crypto/elliptic"
@@ -25,17 +27,20 @@ import (
 	"strings"
 
 	"golang.org/x/crypto/ed25519"
+	"golang.org/x/crypto/ssh/internal/bcrypt_pbkdf"
 )
 
 // These constants represent the algorithm names for key types supported by this
 // package.
 const (
-	KeyAlgoRSA      = "ssh-rsa"
-	KeyAlgoDSA      = "ssh-dss"
-	KeyAlgoECDSA256 = "ecdsa-sha2-nistp256"
-	KeyAlgoECDSA384 = "ecdsa-sha2-nistp384"
-	KeyAlgoECDSA521 = "ecdsa-sha2-nistp521"
-	KeyAlgoED25519  = "ssh-ed25519"
+	KeyAlgoRSA        = "ssh-rsa"
+	KeyAlgoDSA        = "ssh-dss"
+	KeyAlgoECDSA256   = "ecdsa-sha2-nistp256"
+	KeyAlgoSKECDSA256 = "sk-ecdsa-sha2-nistp256@openssh.com"
+	KeyAlgoECDSA384   = "ecdsa-sha2-nistp384"
+	KeyAlgoECDSA521   = "ecdsa-sha2-nistp521"
+	KeyAlgoED25519    = "ssh-ed25519"
+	KeyAlgoSKED25519  = "sk-ssh-ed25519@openssh.com"
 )
 
 // These constants represent non-default signature algorithms that are supported
@@ -58,9 +63,13 @@ func parsePubKey(in []byte, algo string) (pubKey PublicKey, rest []byte, err err
 		return parseDSA(in)
 	case KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521:
 		return parseECDSA(in)
+	case KeyAlgoSKECDSA256:
+		return parseSKECDSA(in)
 	case KeyAlgoED25519:
 		return parseED25519(in)
-	case CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01, CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoED25519v01:
+	case KeyAlgoSKED25519:
+		return parseSKEd25519(in)
+	case CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01, CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoSKECDSA256v01, CertAlgoED25519v01, CertAlgoSKED25519v01:
 		cert, err := parseCert(in, certToPrivAlgo(algo))
 		if err != nil {
 			return nil, nil, err
@@ -553,9 +562,11 @@ func parseED25519(in []byte) (out PublicKey, rest []byte, err error) {
 		return nil, nil, err
 	}
 
-	key := ed25519.PublicKey(w.KeyBytes)
+	if l := len(w.KeyBytes); l != ed25519.PublicKeySize {
+		return nil, nil, fmt.Errorf("invalid size %d for Ed25519 public key", l)
+	}
 
-	return (ed25519PublicKey)(key), w.Rest, nil
+	return ed25519PublicKey(w.KeyBytes), w.Rest, nil
 }
 
 func (k ed25519PublicKey) Marshal() []byte {
@@ -573,9 +584,11 @@ func (k ed25519PublicKey) Verify(b []byte, sig *Signature) error {
 	if sig.Format != k.Type() {
 		return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, k.Type())
 	}
+	if l := len(k); l != ed25519.PublicKeySize {
+		return fmt.Errorf("ssh: invalid size %d for Ed25519 public key", l)
+	}
 
-	edKey := (ed25519.PublicKey)(k)
-	if ok := ed25519.Verify(edKey, b, sig.Blob); !ok {
+	if ok := ed25519.Verify(ed25519.PublicKey(k), b, sig.Blob); !ok {
 		return errors.New("ssh: signature did not verify")
 	}
 
@@ -685,6 +698,224 @@ func (k *ecdsaPublicKey) CryptoPublicKey() crypto.PublicKey {
 	return (*ecdsa.PublicKey)(k)
 }
 
+// skFields holds the additional fields present in U2F/FIDO2 signatures.
+// See openssh/PROTOCOL.u2f 'SSH U2F Signatures' for details.
+type skFields struct {
+	// Flags contains U2F/FIDO2 flags such as 'user present'
+	Flags byte
+	// Counter is a monotonic signature counter which can be
+	// used to detect concurrent use of a private key, should
+	// it be extracted from hardware.
+	Counter uint32
+}
+
+type skECDSAPublicKey struct {
+	// application is a URL-like string, typically "ssh:" for SSH.
+	// see openssh/PROTOCOL.u2f for details.
+	application string
+	ecdsa.PublicKey
+}
+
+func (k *skECDSAPublicKey) Type() string {
+	return KeyAlgoSKECDSA256
+}
+
+func (k *skECDSAPublicKey) nistID() string {
+	return "nistp256"
+}
+
+func parseSKECDSA(in []byte) (out PublicKey, rest []byte, err error) {
+	var w struct {
+		Curve       string
+		KeyBytes    []byte
+		Application string
+		Rest        []byte `ssh:"rest"`
+	}
+
+	if err := Unmarshal(in, &w); err != nil {
+		return nil, nil, err
+	}
+
+	key := new(skECDSAPublicKey)
+	key.application = w.Application
+
+	if w.Curve != "nistp256" {
+		return nil, nil, errors.New("ssh: unsupported curve")
+	}
+	key.Curve = elliptic.P256()
+
+	key.X, key.Y = elliptic.Unmarshal(key.Curve, w.KeyBytes)
+	if key.X == nil || key.Y == nil {
+		return nil, nil, errors.New("ssh: invalid curve point")
+	}
+
+	return key, w.Rest, nil
+}
+
+func (k *skECDSAPublicKey) Marshal() []byte {
+	// See RFC 5656, section 3.1.
+	keyBytes := elliptic.Marshal(k.Curve, k.X, k.Y)
+	w := struct {
+		Name        string
+		ID          string
+		Key         []byte
+		Application string
+	}{
+		k.Type(),
+		k.nistID(),
+		keyBytes,
+		k.application,
+	}
+
+	return Marshal(&w)
+}
+
+func (k *skECDSAPublicKey) Verify(data []byte, sig *Signature) error {
+	if sig.Format != k.Type() {
+		return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, k.Type())
+	}
+
+	h := ecHash(k.Curve).New()
+	h.Write([]byte(k.application))
+	appDigest := h.Sum(nil)
+
+	h.Reset()
+	h.Write(data)
+	dataDigest := h.Sum(nil)
+
+	var ecSig struct {
+		R *big.Int
+		S *big.Int
+	}
+	if err := Unmarshal(sig.Blob, &ecSig); err != nil {
+		return err
+	}
+
+	var skf skFields
+	if err := Unmarshal(sig.Rest, &skf); err != nil {
+		return err
+	}
+
+	blob := struct {
+		ApplicationDigest []byte `ssh:"rest"`
+		Flags             byte
+		Counter           uint32
+		MessageDigest     []byte `ssh:"rest"`
+	}{
+		appDigest,
+		skf.Flags,
+		skf.Counter,
+		dataDigest,
+	}
+
+	original := Marshal(blob)
+
+	h.Reset()
+	h.Write(original)
+	digest := h.Sum(nil)
+
+	if ecdsa.Verify((*ecdsa.PublicKey)(&k.PublicKey), digest, ecSig.R, ecSig.S) {
+		return nil
+	}
+	return errors.New("ssh: signature did not verify")
+}
+
+type skEd25519PublicKey struct {
+	// application is a URL-like string, typically "ssh:" for SSH.
+	// see openssh/PROTOCOL.u2f for details.
+	application string
+	ed25519.PublicKey
+}
+
+func (k *skEd25519PublicKey) Type() string {
+	return KeyAlgoSKED25519
+}
+
+func parseSKEd25519(in []byte) (out PublicKey, rest []byte, err error) {
+	var w struct {
+		KeyBytes    []byte
+		Application string
+		Rest        []byte `ssh:"rest"`
+	}
+
+	if err := Unmarshal(in, &w); err != nil {
+		return nil, nil, err
+	}
+
+	if l := len(w.KeyBytes); l != ed25519.PublicKeySize {
+		return nil, nil, fmt.Errorf("invalid size %d for Ed25519 public key", l)
+	}
+
+	key := new(skEd25519PublicKey)
+	key.application = w.Application
+	key.PublicKey = ed25519.PublicKey(w.KeyBytes)
+
+	return key, w.Rest, nil
+}
+
+func (k *skEd25519PublicKey) Marshal() []byte {
+	w := struct {
+		Name        string
+		KeyBytes    []byte
+		Application string
+	}{
+		KeyAlgoSKED25519,
+		[]byte(k.PublicKey),
+		k.application,
+	}
+	return Marshal(&w)
+}
+
+func (k *skEd25519PublicKey) Verify(data []byte, sig *Signature) error {
+	if sig.Format != k.Type() {
+		return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, k.Type())
+	}
+	if l := len(k.PublicKey); l != ed25519.PublicKeySize {
+		return fmt.Errorf("invalid size %d for Ed25519 public key", l)
+	}
+
+	h := sha256.New()
+	h.Write([]byte(k.application))
+	appDigest := h.Sum(nil)
+
+	h.Reset()
+	h.Write(data)
+	dataDigest := h.Sum(nil)
+
+	var edSig struct {
+		Signature []byte `ssh:"rest"`
+	}
+
+	if err := Unmarshal(sig.Blob, &edSig); err != nil {
+		return err
+	}
+
+	var skf skFields
+	if err := Unmarshal(sig.Rest, &skf); err != nil {
+		return err
+	}
+
+	blob := struct {
+		ApplicationDigest []byte `ssh:"rest"`
+		Flags             byte
+		Counter           uint32
+		MessageDigest     []byte `ssh:"rest"`
+	}{
+		appDigest,
+		skf.Flags,
+		skf.Counter,
+		dataDigest,
+	}
+
+	original := Marshal(blob)
+
+	if ok := ed25519.Verify(k.PublicKey, original, edSig.Signature); !ok {
+		return errors.New("ssh: signature did not verify")
+	}
+
+	return nil
+}
+
 // NewSignerFromKey takes an *rsa.PrivateKey, *dsa.PrivateKey,
 // *ecdsa.PrivateKey or any other crypto.Signer and returns a
 // corresponding Signer instance. ECDSA keys must use P-256, P-384 or
@@ -830,14 +1061,18 @@ func NewPublicKey(key interface{}) (PublicKey, error) {
 	case *dsa.PublicKey:
 		return (*dsaPublicKey)(key), nil
 	case ed25519.PublicKey:
-		return (ed25519PublicKey)(key), nil
+		if l := len(key); l != ed25519.PublicKeySize {
+			return nil, fmt.Errorf("ssh: invalid size %d for Ed25519 public key", l)
+		}
+		return ed25519PublicKey(key), nil
 	default:
 		return nil, fmt.Errorf("ssh: unsupported key type %T", key)
 	}
 }
 
 // ParsePrivateKey returns a Signer from a PEM encoded private key. It supports
-// the same keys as ParseRawPrivateKey.
+// the same keys as ParseRawPrivateKey. If the private key is encrypted, it
+// will return a PassphraseMissingError.
 func ParsePrivateKey(pemBytes []byte) (Signer, error) {
 	key, err := ParseRawPrivateKey(pemBytes)
 	if err != nil {
@@ -850,8 +1085,8 @@ func ParsePrivateKey(pemBytes []byte) (Signer, error) {
 // ParsePrivateKeyWithPassphrase returns a Signer from a PEM encoded private
 // key and passphrase. It supports the same keys as
 // ParseRawPrivateKeyWithPassphrase.
-func ParsePrivateKeyWithPassphrase(pemBytes, passPhrase []byte) (Signer, error) {
-	key, err := ParseRawPrivateKeyWithPassphrase(pemBytes, passPhrase)
+func ParsePrivateKeyWithPassphrase(pemBytes, passphrase []byte) (Signer, error) {
+	key, err := ParseRawPrivateKeyWithPassphrase(pemBytes, passphrase)
 	if err != nil {
 		return nil, err
 	}
@@ -867,8 +1102,21 @@ func encryptedBlock(block *pem.Block) bool {
 	return strings.Contains(block.Headers["Proc-Type"], "ENCRYPTED")
 }
 
+// A PassphraseMissingError indicates that parsing this private key requires a
+// passphrase. Use ParsePrivateKeyWithPassphrase.
+type PassphraseMissingError struct {
+	// PublicKey will be set if the private key format includes an unencrypted
+	// public key along with the encrypted private key.
+	PublicKey PublicKey
+}
+
+func (*PassphraseMissingError) Error() string {
+	return "ssh: this private key is passphrase protected"
+}
+
 // ParseRawPrivateKey returns a private key from a PEM encoded private key. It
-// supports RSA (PKCS#1), PKCS#8, DSA (OpenSSL), and ECDSA private keys.
+// supports RSA (PKCS#1), PKCS#8, DSA (OpenSSL), and ECDSA private keys. If the
+// private key is encrypted, it will return a PassphraseMissingError.
 func ParseRawPrivateKey(pemBytes []byte) (interface{}, error) {
 	block, _ := pem.Decode(pemBytes)
 	if block == nil {
@@ -876,7 +1124,7 @@ func ParseRawPrivateKey(pemBytes []byte) (interface{}, error) {
 	}
 
 	if encryptedBlock(block) {
-		return nil, errors.New("ssh: cannot decode encrypted private keys")
+		return nil, &PassphraseMissingError{}
 	}
 
 	switch block.Type {
@@ -890,33 +1138,35 @@ func ParseRawPrivateKey(pemBytes []byte) (interface{}, error) {
 	case "DSA PRIVATE KEY":
 		return ParseDSAPrivateKey(block.Bytes)
 	case "OPENSSH PRIVATE KEY":
-		return parseOpenSSHPrivateKey(block.Bytes)
+		return parseOpenSSHPrivateKey(block.Bytes, unencryptedOpenSSHKey)
 	default:
 		return nil, fmt.Errorf("ssh: unsupported key type %q", block.Type)
 	}
 }
 
 // ParseRawPrivateKeyWithPassphrase returns a private key decrypted with
-// passphrase from a PEM encoded private key. If wrong passphrase, return
-// x509.IncorrectPasswordError.
-func ParseRawPrivateKeyWithPassphrase(pemBytes, passPhrase []byte) (interface{}, error) {
+// passphrase from a PEM encoded private key. If the passphrase is wrong, it
+// will return x509.IncorrectPasswordError.
+func ParseRawPrivateKeyWithPassphrase(pemBytes, passphrase []byte) (interface{}, error) {
 	block, _ := pem.Decode(pemBytes)
 	if block == nil {
 		return nil, errors.New("ssh: no key found")
 	}
-	buf := block.Bytes
 
-	if encryptedBlock(block) {
-		if x509.IsEncryptedPEMBlock(block) {
-			var err error
-			buf, err = x509.DecryptPEMBlock(block, passPhrase)
-			if err != nil {
-				if err == x509.IncorrectPasswordError {
-					return nil, err
-				}
-				return nil, fmt.Errorf("ssh: cannot decode encrypted private keys: %v", err)
-			}
+	if block.Type == "OPENSSH PRIVATE KEY" {
+		return parseOpenSSHPrivateKey(block.Bytes, passphraseProtectedOpenSSHKey(passphrase))
+	}
+
+	if !encryptedBlock(block) || !x509.IsEncryptedPEMBlock(block) {
+		return nil, errors.New("ssh: not an encrypted key")
+	}
+
+	buf, err := x509.DecryptPEMBlock(block, passphrase)
+	if err != nil {
+		if err == x509.IncorrectPasswordError {
+			return nil, err
 		}
+		return nil, fmt.Errorf("ssh: cannot decode encrypted private keys: %v", err)
 	}
 
 	switch block.Type {
@@ -926,8 +1176,6 @@ func ParseRawPrivateKeyWithPassphrase(pemBytes, passPhrase []byte) (interface{},
 		return x509.ParseECPrivateKey(buf)
 	case "DSA PRIVATE KEY":
 		return ParseDSAPrivateKey(buf)
-	case "OPENSSH PRIVATE KEY":
-		return parseOpenSSHPrivateKey(buf)
 	default:
 		return nil, fmt.Errorf("ssh: unsupported key type %q", block.Type)
 	}
@@ -965,9 +1213,68 @@ func ParseDSAPrivateKey(der []byte) (*dsa.PrivateKey, error) {
 	}, nil
 }
 
-// Implemented based on the documentation at
-// https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key
-func parseOpenSSHPrivateKey(key []byte) (crypto.PrivateKey, error) {
+func unencryptedOpenSSHKey(cipherName, kdfName, kdfOpts string, privKeyBlock []byte) ([]byte, error) {
+	if kdfName != "none" || cipherName != "none" {
+		return nil, &PassphraseMissingError{}
+	}
+	if kdfOpts != "" {
+		return nil, errors.New("ssh: invalid openssh private key")
+	}
+	return privKeyBlock, nil
+}
+
+func passphraseProtectedOpenSSHKey(passphrase []byte) openSSHDecryptFunc {
+	return func(cipherName, kdfName, kdfOpts string, privKeyBlock []byte) ([]byte, error) {
+		if kdfName == "none" || cipherName == "none" {
+			return nil, errors.New("ssh: key is not password protected")
+		}
+		if kdfName != "bcrypt" {
+			return nil, fmt.Errorf("ssh: unknown KDF %q, only supports %q", kdfName, "bcrypt")
+		}
+
+		var opts struct {
+			Salt   string
+			Rounds uint32
+		}
+		if err := Unmarshal([]byte(kdfOpts), &opts); err != nil {
+			return nil, err
+		}
+
+		k, err := bcrypt_pbkdf.Key(passphrase, []byte(opts.Salt), int(opts.Rounds), 32+16)
+		if err != nil {
+			return nil, err
+		}
+		key, iv := k[:32], k[32:]
+
+		c, err := aes.NewCipher(key)
+		if err != nil {
+			return nil, err
+		}
+		switch cipherName {
+		case "aes256-ctr":
+			ctr := cipher.NewCTR(c, iv)
+			ctr.XORKeyStream(privKeyBlock, privKeyBlock)
+		case "aes256-cbc":
+			if len(privKeyBlock)%c.BlockSize() != 0 {
+				return nil, fmt.Errorf("ssh: invalid encrypted private key length, not a multiple of the block size")
+			}
+			cbc := cipher.NewCBCDecrypter(c, iv)
+			cbc.CryptBlocks(privKeyBlock, privKeyBlock)
+		default:
+			return nil, fmt.Errorf("ssh: unknown cipher %q, only supports %q or %q", cipherName, "aes256-ctr", "aes256-cbc")
+		}
+
+		return privKeyBlock, nil
+	}
+}
+
+type openSSHDecryptFunc func(CipherName, KdfName, KdfOpts string, PrivKeyBlock []byte) ([]byte, error)
+
+// parseOpenSSHPrivateKey parses an OpenSSH private key, using the decrypt
+// function to unwrap the encrypted portion. unencryptedOpenSSHKey can be used
+// as the decrypt function to parse an unencrypted private key. See
+// https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key.
+func parseOpenSSHPrivateKey(key []byte, decrypt openSSHDecryptFunc) (crypto.PrivateKey, error) {
 	const magic = "openssh-key-v1\x00"
 	if len(key) < len(magic) || string(key[:len(magic)]) != magic {
 		return nil, errors.New("ssh: invalid openssh private key format")
@@ -986,9 +1293,22 @@ func parseOpenSSHPrivateKey(key []byte) (crypto.PrivateKey, error) {
 	if err := Unmarshal(remaining, &w); err != nil {
 		return nil, err
 	}
+	if w.NumKeys != 1 {
+		// We only support single key files, and so does OpenSSH.
+		// https://github.com/openssh/openssh-portable/blob/4103a3ec7/sshkey.c#L4171
+		return nil, errors.New("ssh: multi-key files are not supported")
+	}
 
-	if w.KdfName != "none" || w.CipherName != "none" {
-		return nil, errors.New("ssh: cannot decode encrypted private keys")
+	privKeyBlock, err := decrypt(w.CipherName, w.KdfName, w.KdfOpts, w.PrivKeyBlock)
+	if err != nil {
+		if err, ok := err.(*PassphraseMissingError); ok {
+			pub, errPub := ParsePublicKey(w.PubKey)
+			if errPub != nil {
+				return nil, fmt.Errorf("ssh: failed to parse embedded public key: %v", errPub)
+			}
+			err.PublicKey = pub
+		}
+		return nil, err
 	}
 
 	pk1 := struct {
@@ -998,15 +1318,13 @@ func parseOpenSSHPrivateKey(key []byte) (crypto.PrivateKey, error) {
 		Rest    []byte `ssh:"rest"`
 	}{}
 
-	if err := Unmarshal(w.PrivKeyBlock, &pk1); err != nil {
-		return nil, err
+	if err := Unmarshal(privKeyBlock, &pk1); err != nil || pk1.Check1 != pk1.Check2 {
+		if w.CipherName != "none" {
+			return nil, x509.IncorrectPasswordError
+		}
+		return nil, errors.New("ssh: malformed OpenSSH key")
 	}
 
-	if pk1.Check1 != pk1.Check2 {
-		return nil, errors.New("ssh: checkint mismatch")
-	}
-
-	// we only handle ed25519 and rsa keys currently
 	switch pk1.Keytype {
 	case KeyAlgoRSA:
 		// https://github.com/openssh/openssh-portable/blob/master/sshkey.c#L2760-L2773
@@ -1025,10 +1343,8 @@ func parseOpenSSHPrivateKey(key []byte) (crypto.PrivateKey, error) {
 			return nil, err
 		}
 
-		for i, b := range key.Pad {
-			if int(b) != i+1 {
-				return nil, errors.New("ssh: padding not as expected")
-			}
+		if err := checkOpenSSHKeyPadding(key.Pad); err != nil {
+			return nil, err
 		}
 
 		pk := &rsa.PrivateKey{
@@ -1063,20 +1379,78 @@ func parseOpenSSHPrivateKey(key []byte) (crypto.PrivateKey, error) {
 			return nil, errors.New("ssh: private key unexpected length")
 		}
 
-		for i, b := range key.Pad {
-			if int(b) != i+1 {
-				return nil, errors.New("ssh: padding not as expected")
-			}
+		if err := checkOpenSSHKeyPadding(key.Pad); err != nil {
+			return nil, err
 		}
 
 		pk := ed25519.PrivateKey(make([]byte, ed25519.PrivateKeySize))
 		copy(pk, key.Priv)
 		return &pk, nil
+	case KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521:
+		key := struct {
+			Curve   string
+			Pub     []byte
+			D       *big.Int
+			Comment string
+			Pad     []byte `ssh:"rest"`
+		}{}
+
+		if err := Unmarshal(pk1.Rest, &key); err != nil {
+			return nil, err
+		}
+
+		if err := checkOpenSSHKeyPadding(key.Pad); err != nil {
+			return nil, err
+		}
+
+		var curve elliptic.Curve
+		switch key.Curve {
+		case "nistp256":
+			curve = elliptic.P256()
+		case "nistp384":
+			curve = elliptic.P384()
+		case "nistp521":
+			curve = elliptic.P521()
+		default:
+			return nil, errors.New("ssh: unhandled elliptic curve: " + key.Curve)
+		}
+
+		X, Y := elliptic.Unmarshal(curve, key.Pub)
+		if X == nil || Y == nil {
+			return nil, errors.New("ssh: failed to unmarshal public key")
+		}
+
+		if key.D.Cmp(curve.Params().N) >= 0 {
+			return nil, errors.New("ssh: scalar is out of range")
+		}
+
+		x, y := curve.ScalarBaseMult(key.D.Bytes())
+		if x.Cmp(X) != 0 || y.Cmp(Y) != 0 {
+			return nil, errors.New("ssh: public key does not match private key")
+		}
+
+		return &ecdsa.PrivateKey{
+			PublicKey: ecdsa.PublicKey{
+				Curve: curve,
+				X:     X,
+				Y:     Y,
+			},
+			D: key.D,
+		}, nil
 	default:
 		return nil, errors.New("ssh: unhandled key type")
 	}
 }
 
+func checkOpenSSHKeyPadding(pad []byte) error {
+	for i, b := range pad {
+		if int(b) != i+1 {
+			return errors.New("ssh: padding not as expected")
+		}
+	}
+	return nil
+}
+
 // FingerprintLegacyMD5 returns the user presentation of the key's
 // fingerprint as described by RFC 4716 section 4.
 func FingerprintLegacyMD5(pubKey PublicKey) string {
diff --git a/vendor/golang.org/x/crypto/ssh/mux.go b/vendor/golang.org/x/crypto/ssh/mux.go
index f1901627..9654c018 100644
--- a/vendor/golang.org/x/crypto/ssh/mux.go
+++ b/vendor/golang.org/x/crypto/ssh/mux.go
@@ -240,7 +240,7 @@ func (m *mux) onePacket() error {
 	id := binary.BigEndian.Uint32(packet[1:])
 	ch := m.chanList.getChan(id)
 	if ch == nil {
-		return fmt.Errorf("ssh: invalid channel %d", id)
+		return m.handleUnknownChannelPacket(id, packet)
 	}
 
 	return ch.handlePacket(packet)
@@ -328,3 +328,24 @@ func (m *mux) openChannel(chanType string, extra []byte) (*channel, error) {
 		return nil, fmt.Errorf("ssh: unexpected packet in response to channel open: %T", msg)
 	}
 }
+
+func (m *mux) handleUnknownChannelPacket(id uint32, packet []byte) error {
+	msg, err := decode(packet)
+	if err != nil {
+		return err
+	}
+
+	switch msg := msg.(type) {
+	// RFC 4254 section 5.4 says unrecognized channel requests should
+	// receive a failure response.
+	case *channelRequestMsg:
+		if msg.WantReply {
+			return m.sendMessage(channelRequestFailureMsg{
+				PeersID: msg.PeersID,
+			})
+		}
+		return nil
+	default:
+		return fmt.Errorf("ssh: invalid channel %d", id)
+	}
+}
diff --git a/vendor/golang.org/x/crypto/ssh/server.go b/vendor/golang.org/x/crypto/ssh/server.go
index 7a5a1d7a..7d42a8c8 100644
--- a/vendor/golang.org/x/crypto/ssh/server.go
+++ b/vendor/golang.org/x/crypto/ssh/server.go
@@ -284,8 +284,8 @@ func (s *connection) serverHandshake(config *ServerConfig) (*Permissions, error)
 
 func isAcceptableAlgo(algo string) bool {
 	switch algo {
-	case KeyAlgoRSA, KeyAlgoDSA, KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521, KeyAlgoED25519,
-		CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01, CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoED25519v01:
+	case KeyAlgoRSA, KeyAlgoDSA, KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521, KeyAlgoSKECDSA256, KeyAlgoED25519, KeyAlgoSKED25519,
+		CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01, CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoSKECDSA256v01, CertAlgoED25519v01, CertAlgoSKED25519v01:
 		return true
 	}
 	return false
diff --git a/vendor/golang.org/x/crypto/ssh/terminal/terminal.go b/vendor/golang.org/x/crypto/ssh/terminal/terminal.go
index 2f04ee5b..2ffb97bf 100644
--- a/vendor/golang.org/x/crypto/ssh/terminal/terminal.go
+++ b/vendor/golang.org/x/crypto/ssh/terminal/terminal.go
@@ -7,6 +7,7 @@ package terminal
 import (
 	"bytes"
 	"io"
+	"runtime"
 	"strconv"
 	"sync"
 	"unicode/utf8"
@@ -112,6 +113,7 @@ func NewTerminal(c io.ReadWriter, prompt string) *Terminal {
 }
 
 const (
+	keyCtrlC     = 3
 	keyCtrlD     = 4
 	keyCtrlU     = 21
 	keyEnter     = '\r'
@@ -150,8 +152,12 @@ func bytesToKey(b []byte, pasteActive bool) (rune, []byte) {
 		switch b[0] {
 		case 1: // ^A
 			return keyHome, b[1:]
+		case 2: // ^B
+			return keyLeft, b[1:]
 		case 5: // ^E
 			return keyEnd, b[1:]
+		case 6: // ^F
+			return keyRight, b[1:]
 		case 8: // ^H
 			return keyBackspace, b[1:]
 		case 11: // ^K
@@ -737,6 +743,9 @@ func (t *Terminal) readLine() (line string, err error) {
 						return "", io.EOF
 					}
 				}
+				if key == keyCtrlC {
+					return "", io.EOF
+				}
 				if key == keyPasteStart {
 					t.pasteActive = true
 					if len(t.line) == 0 {
@@ -939,6 +948,8 @@ func (s *stRingBuffer) NthPreviousEntry(n int) (value string, ok bool) {
 // readPasswordLine reads from reader until it finds \n or io.EOF.
 // The slice returned does not include the \n.
 // readPasswordLine also ignores any \r it finds.
+// Windows uses \r as end of line. So, on Windows, readPasswordLine
+// reads until it finds \r and ignores any \n it finds during processing.
 func readPasswordLine(reader io.Reader) ([]byte, error) {
 	var buf [1]byte
 	var ret []byte
@@ -947,10 +958,20 @@ func readPasswordLine(reader io.Reader) ([]byte, error) {
 		n, err := reader.Read(buf[:])
 		if n > 0 {
 			switch buf[0] {
+			case '\b':
+				if len(ret) > 0 {
+					ret = ret[:len(ret)-1]
+				}
 			case '\n':
-				return ret, nil
+				if runtime.GOOS != "windows" {
+					return ret, nil
+				}
+				// otherwise ignore \n
 			case '\r':
-				// remove \r from passwords on Windows
+				if runtime.GOOS == "windows" {
+					return ret, nil
+				}
+				// otherwise ignore \r
 			default:
 				ret = append(ret, buf[0])
 			}
diff --git a/vendor/golang.org/x/crypto/ssh/terminal/util_windows.go b/vendor/golang.org/x/crypto/ssh/terminal/util_windows.go
index 5cfdf8f3..f614e9cb 100644
--- a/vendor/golang.org/x/crypto/ssh/terminal/util_windows.go
+++ b/vendor/golang.org/x/crypto/ssh/terminal/util_windows.go
@@ -85,8 +85,8 @@ func ReadPassword(fd int) ([]byte, error) {
 	}
 	old := st
 
-	st &^= (windows.ENABLE_ECHO_INPUT)
-	st |= (windows.ENABLE_PROCESSED_INPUT | windows.ENABLE_LINE_INPUT | windows.ENABLE_PROCESSED_OUTPUT)
+	st &^= (windows.ENABLE_ECHO_INPUT | windows.ENABLE_LINE_INPUT)
+	st |= (windows.ENABLE_PROCESSED_OUTPUT | windows.ENABLE_PROCESSED_INPUT)
 	if err := windows.SetConsoleMode(windows.Handle(fd), st); err != nil {
 		return nil, err
 	}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index edc7d64b..d1f85fa7 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -194,11 +194,13 @@ github.com/stretchr/testify/assert
 github.com/stretchr/testify/require
 # github.com/xo/dburl v0.0.0-20191005012637-293c3298d6c0
 github.com/xo/dburl
-# golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
+# golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9
+golang.org/x/crypto/blake2b
+golang.org/x/crypto/blowfish
+golang.org/x/crypto/chacha20
 golang.org/x/crypto/curve25519
 golang.org/x/crypto/ed25519
 golang.org/x/crypto/ed25519/internal/edwards25519
-golang.org/x/crypto/internal/chacha20
 golang.org/x/crypto/internal/subtle
 golang.org/x/crypto/md4
 golang.org/x/crypto/nacl/box
@@ -207,6 +209,7 @@ golang.org/x/crypto/pbkdf2
 golang.org/x/crypto/poly1305
 golang.org/x/crypto/salsa20/salsa
 golang.org/x/crypto/ssh
+golang.org/x/crypto/ssh/internal/bcrypt_pbkdf
 golang.org/x/crypto/ssh/terminal
 # golang.org/x/net v0.0.0-20191014212845-da9a3fd4c582
 golang.org/x/net/bpf

From acb7d604fd64f2f6e7a870960239fa39312e89b5 Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Thu, 11 Jun 2020 18:44:39 -0500
Subject: [PATCH 077/100] TUN-3038: Add connections to tunnel list table

---
 cmd/cloudflared/tunnel/subcommands.go      | 31 +++++++++-
 cmd/cloudflared/tunnel/subcommands_test.go | 71 ++++++++++++++++++++++
 tunnelstore/client.go                      | 13 +++-
 3 files changed, 109 insertions(+), 6 deletions(-)
 create mode 100644 cmd/cloudflared/tunnel/subcommands_test.go

diff --git a/cmd/cloudflared/tunnel/subcommands.go b/cmd/cloudflared/tunnel/subcommands.go
index 9a6bb517..306ce13b 100644
--- a/cmd/cloudflared/tunnel/subcommands.go
+++ b/cmd/cloudflared/tunnel/subcommands.go
@@ -4,6 +4,8 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
+	"sort"
+	"strings"
 	"time"
 
 	"github.com/pkg/errors"
@@ -97,10 +99,10 @@ func listTunnels(c *cli.Context) error {
 		return renderOutput(outputFormat, tunnels)
 	}
 	if len(tunnels) > 0 {
-		const listFormat = "%-40s%-40s%s\n"
-		fmt.Printf(listFormat, "ID", "NAME", "CREATED")
+		const listFormat = "%-40s%-30s%-30s%s\n"
+		fmt.Printf(listFormat, "ID", "NAME", "CREATED", "CONNECTIONS")
 		for _, t := range tunnels {
-			fmt.Printf(listFormat, t.ID, t.Name, t.CreatedAt.Format(time.RFC3339))
+			fmt.Printf(listFormat, t.ID, t.Name, t.CreatedAt.Format(time.RFC3339), fmtConnections(t.Connections))
 		}
 	} else {
 		fmt.Println("You have no tunnels, use 'cloudflared tunnel create' to define a new tunnel")
@@ -109,6 +111,29 @@ func listTunnels(c *cli.Context) error {
 	return nil
 }
 
+func fmtConnections(connections []tunnelstore.Connection) string {
+
+	// Count connections per colo
+	numConnsPerColo := make(map[string]uint, len(connections))
+	for _, connection := range connections {
+		numConnsPerColo[connection.ColoName]++
+	}
+
+	// Get sorted list of colos
+	sortedColos := []string{}
+	for coloName := range numConnsPerColo {
+		sortedColos = append(sortedColos, coloName)
+	}
+	sort.Strings(sortedColos)
+
+	// Map each colo to its frequency, combine into output string.
+	var output []string
+	for _, coloName := range sortedColos {
+		output = append(output, fmt.Sprintf("%dx%s", numConnsPerColo[coloName], coloName))
+	}
+	return strings.Join(output, ", ")
+}
+
 func buildDeleteCommand() *cli.Command {
 	return &cli.Command{
 		Name:      "delete",
diff --git a/cmd/cloudflared/tunnel/subcommands_test.go b/cmd/cloudflared/tunnel/subcommands_test.go
new file mode 100644
index 00000000..202aeeb4
--- /dev/null
+++ b/cmd/cloudflared/tunnel/subcommands_test.go
@@ -0,0 +1,71 @@
+package tunnel
+
+import (
+	"testing"
+
+	"github.com/cloudflare/cloudflared/tunnelstore"
+
+	"github.com/google/uuid"
+)
+
+func Test_fmtConnections(t *testing.T) {
+	type args struct {
+		connections []tunnelstore.Connection
+	}
+	tests := []struct {
+		name string
+		args args
+		want string
+	}{
+		{
+			name: "empty",
+			args: args{
+				connections: []tunnelstore.Connection{},
+			},
+			want: "",
+		},
+		{
+			name: "trivial",
+			args: args{
+				connections: []tunnelstore.Connection{
+					{
+						ColoName: "DFW",
+						ID:       uuid.MustParse("ea550130-57fd-4463-aab1-752822231ddd"),
+					},
+				},
+			},
+			want: "1xDFW",
+		},
+		{
+			name: "many colos",
+			args: args{
+				connections: []tunnelstore.Connection{
+					{
+						ColoName: "YRV",
+						ID:       uuid.MustParse("ea550130-57fd-4463-aab1-752822231ddd"),
+					},
+					{
+						ColoName: "DFW",
+						ID:       uuid.MustParse("c13c0b3b-0fbf-453c-8169-a1990fced6d0"),
+					},
+					{
+						ColoName: "ATL",
+						ID:       uuid.MustParse("70c90639-e386-4e8d-9a4e-7f046d70e63f"),
+					},
+					{
+						ColoName: "DFW",
+						ID:       uuid.MustParse("30ad6251-0305-4635-a670-d3994f474981"),
+					},
+				},
+			},
+			want: "1xATL, 2xDFW, 1xYRV",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := fmtConnections(tt.args.connections); got != tt.want {
+				t.Errorf("fmtConnections() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
diff --git a/tunnelstore/client.go b/tunnelstore/client.go
index fbddee8a..58d332f8 100644
--- a/tunnelstore/client.go
+++ b/tunnelstore/client.go
@@ -10,6 +10,7 @@ import (
 	"time"
 
 	"github.com/cloudflare/cloudflared/logger"
+	"github.com/google/uuid"
 	"github.com/pkg/errors"
 )
 
@@ -26,9 +27,15 @@ var (
 )
 
 type Tunnel struct {
-	ID        string    `json:"id"`
-	Name      string    `json:"name"`
-	CreatedAt time.Time `json:"created_at"`
+	ID          string       `json:"id"`
+	Name        string       `json:"name"`
+	CreatedAt   time.Time    `json:"created_at"`
+	Connections []Connection `json:"connections"`
+}
+
+type Connection struct {
+	ColoName string    `json:"colo_name"`
+	ID       uuid.UUID `json:"uuid"`
 }
 
 type Client interface {

From 55acf7283cb07c387d7d97b27a8f96762df53cff Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Fri, 12 Jun 2020 11:20:36 -0500
Subject: [PATCH 078/100] AUTH-2810 added warn for backwards compatibility sake

---
 cmd/cloudflared/access/carrier.go |  3 ++-
 cmd/cloudflared/cliutil/errors.go | 14 ++++++++++++++
 cmd/cloudflared/main.go           |  6 +++---
 cmd/cloudflared/tunnel/cmd.go     |  4 ++--
 logger/create.go                  |  2 +-
 tunneldns/tunnel.go               |  3 ++-
 6 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/cmd/cloudflared/access/carrier.go b/cmd/cloudflared/access/carrier.go
index 722cc0c1..506c57c6 100644
--- a/cmd/cloudflared/access/carrier.go
+++ b/cmd/cloudflared/access/carrier.go
@@ -6,6 +6,7 @@ import (
 	"strings"
 
 	"github.com/cloudflare/cloudflared/carrier"
+	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
 	"github.com/cloudflare/cloudflared/h2mux"
 	"github.com/cloudflare/cloudflared/logger"
@@ -67,7 +68,7 @@ func ssh(c *cli.Context) error {
 
 	logger, err := logger.New(logger.DefaultFile(logDirectory), logger.LogLevelString(logLevel))
 	if err != nil {
-		return errors.Wrap(err, "error setting up logger")
+		return cliutil.PrintLoggerSetupError("error setting up logger", err)
 	}
 
 	// get the hostname from the cmdline and error out if its not provided
diff --git a/cmd/cloudflared/cliutil/errors.go b/cmd/cloudflared/cliutil/errors.go
index f197c335..afbb6fdb 100644
--- a/cmd/cloudflared/cliutil/errors.go
+++ b/cmd/cloudflared/cliutil/errors.go
@@ -2,8 +2,10 @@ package cliutil
 
 import (
 	"fmt"
+	"log"
 
 	"github.com/cloudflare/cloudflared/logger"
+	"github.com/pkg/errors"
 	"gopkg.in/urfave/cli.v2"
 )
 
@@ -39,3 +41,15 @@ func ErrorHandler(actionFunc cli.ActionFunc) cli.ActionFunc {
 		return err
 	}
 }
+
+// PrintLoggerSetupError returns an error to stdout to notify when a logger can't start
+func PrintLoggerSetupError(msg string, err error) error {
+	l, le := logger.New()
+	if le != nil {
+		log.Printf("%s: %s", msg, err)
+	} else {
+		l.Errorf("%s: %s", msg, err)
+	}
+
+	return errors.Wrap(err, msg)
+}
diff --git a/cmd/cloudflared/main.go b/cmd/cloudflared/main.go
index 561af284..3a318e2d 100644
--- a/cmd/cloudflared/main.go
+++ b/cmd/cloudflared/main.go
@@ -6,6 +6,7 @@ import (
 	"time"
 
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/access"
+	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/tunnel"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/updater"
@@ -165,16 +166,15 @@ func handleError(err error) {
 
 // cloudflared was started without any flags
 func handleServiceMode(shutdownC chan struct{}) error {
+	defer log.SharedWriteManager.Shutdown()
 	logDirectory, logLevel := config.FindLogSettings()
 
 	logger, err := log.New(log.DefaultFile(logDirectory), log.LogLevelString(logLevel))
 	if err != nil {
-		return errors.Wrap(err, "error setting up logger")
+		return cliutil.PrintLoggerSetupError("error setting up logger", err)
 	}
 	logger.Infof("logging to directory: %s", logDirectory)
 
-	defer log.SharedWriteManager.Shutdown()
-
 	// start the main run loop that reads from the config file
 	f, err := watcher.NewFile()
 	if err != nil {
diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index 84195b12..8514d60e 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -235,7 +235,7 @@ func createLogger(c *cli.Context, isTransport bool) (logger.Service, error) {
 func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan struct{}) error {
 	logger, err := createLogger(c, false)
 	if err != nil {
-		return errors.Wrap(err, "error setting up logger")
+		return cliutil.PrintLoggerSetupError("error setting up logger", err)
 	}
 
 	_ = raven.SetDSN(sentryDSN)
@@ -478,7 +478,7 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 func Before(c *cli.Context) error {
 	logger, err := createLogger(c, false)
 	if err != nil {
-		return errors.Wrap(err, "error setting up logger")
+		return cliutil.PrintLoggerSetupError("error setting up logger", err)
 	}
 
 	if c.String("config") == "" {
diff --git a/logger/create.go b/logger/create.go
index 58f7d603..085bde08 100644
--- a/logger/create.go
+++ b/logger/create.go
@@ -141,7 +141,7 @@ func ParseLevelString(lvl string) ([]Level, error) {
 		return []Level{FatalLevel}, nil
 	case "error":
 		return []Level{FatalLevel, ErrorLevel}, nil
-	case "info":
+	case "info", "warn":
 		return []Level{FatalLevel, ErrorLevel, InfoLevel}, nil
 	case "debug":
 		return []Level{FatalLevel, ErrorLevel, InfoLevel, DebugLevel}, nil
diff --git a/tunneldns/tunnel.go b/tunneldns/tunnel.go
index e85d0a26..4a4faf45 100644
--- a/tunneldns/tunnel.go
+++ b/tunneldns/tunnel.go
@@ -8,6 +8,7 @@ import (
 	"sync"
 	"syscall"
 
+	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
 	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/metrics"
@@ -31,7 +32,7 @@ func Run(c *cli.Context) error {
 	logDirectory, logLevel := config.FindLogSettings()
 	logger, err := logger.New(logger.DefaultFile(logDirectory), logger.LogLevelString(logLevel))
 	if err != nil {
-		return errors.Wrap(err, "error setting up logger")
+		return cliutil.PrintLoggerSetupError("error setting up logger", err)
 	}
 
 	metricsListener, err := net.Listen("tcp", c.String("metrics"))

From 1a6403b2fd2d50398dc7e1c35daeba1d3c0a3ed5 Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Fri, 12 Jun 2020 11:57:21 -0500
Subject: [PATCH 079/100] AUTH-2694 added destination header support to config
 file

---
 cmd/cloudflared/access/carrier.go | 4 ++++
 cmd/cloudflared/config/model.go   | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/cmd/cloudflared/access/carrier.go b/cmd/cloudflared/access/carrier.go
index 506c57c6..29e9b385 100644
--- a/cmd/cloudflared/access/carrier.go
+++ b/cmd/cloudflared/access/carrier.go
@@ -37,6 +37,10 @@ func StartForwarder(forwarder config.Forwarder, shutdown <-chan struct{}, logger
 		headers.Set(h2mux.CFAccessClientSecretHeader, forwarder.TokenSecret)
 	}
 
+	if forwarder.Destination != "" {
+		headers.Add(h2mux.CFJumpDestinationHeader, forwarder.Destination)
+	}
+
 	options := &carrier.StartOptions{
 		OriginURL: forwarder.URL,
 		Headers:   headers, //TODO: TUN-2688 support custom headers from config file
diff --git a/cmd/cloudflared/config/model.go b/cmd/cloudflared/config/model.go
index 656853e7..7838fa01 100644
--- a/cmd/cloudflared/config/model.go
+++ b/cmd/cloudflared/config/model.go
@@ -13,6 +13,7 @@ type Forwarder struct {
 	Listener      string `json:"listener"`
 	TokenClientID string `json:"service_token_id" yaml:"serviceTokenID"`
 	TokenSecret   string `json:"secret_token_id" yaml:"serviceTokenSecret"`
+	Destination   string `json:"destination"`
 }
 
 // Tunnel represents a tunnel that should be started
@@ -50,6 +51,7 @@ func (f *Forwarder) Hash() string {
 	io.WriteString(h, f.Listener)
 	io.WriteString(h, f.TokenClientID)
 	io.WriteString(h, f.TokenSecret)
+	io.WriteString(h, f.Destination)
 	return fmt.Sprintf("%x", h.Sum(nil))
 }
 

From 5fd348dcfc421fcd9ff81497a0bdd27d611db6ca Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Mon, 15 Jun 2020 09:46:44 -0500
Subject: [PATCH 080/100] Release 2020.6.2

---
 RELEASE_NOTES | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/RELEASE_NOTES b/RELEASE_NOTES
index 1c3951cc..cbf10495 100644
--- a/RELEASE_NOTES
+++ b/RELEASE_NOTES
@@ -1,3 +1,10 @@
+2020.6.2
+- 2020-06-11 AUTH-2648 updated usage text
+- 2020-06-11 AUTH-2763 don't redirect from curl command
+- 2020-06-12 TUN-3090: Upgrade crypto dep
+- 2020-06-11 TUN-3038: Add connections to tunnel list table
+- 2020-06-12 AUTH-2810 added warn for backwards compatibility sake
+
 2020.6.1
 - 2020-06-09 AUTH-2796 fixed windows build
 

From fd1941dfbe1c90f1669c2212d9bc41c6db3174c4 Mon Sep 17 00:00:00 2001
From: Robert McNeil <rmcneil@cloudflare.com>
Date: Mon, 15 Jun 2020 17:08:10 -0700
Subject: [PATCH 081/100] DEVTOOLS-7321: Add openssh-client pkg for missing
 ssh-keyscan

---
 cfsetup.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cfsetup.yaml b/cfsetup.yaml
index 566040c9..f7ddcb2c 100644
--- a/cfsetup.yaml
+++ b/cfsetup.yaml
@@ -85,6 +85,7 @@ stretch: &stretch
       - make test
   update-homebrew:
     builddeps:
+      - openssh-client
       - s3cmd
     post-cache:
       - .teamcity/update-homebrew.sh

From 554c97a8cb3e4169ee5069c0fefa8ff8780c90d2 Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Mon, 15 Jun 2020 17:00:37 -0500
Subject: [PATCH 082/100] AUTH-2813 adds back a single file support a
 cloudflared log file

---
 logger/file_writer.go      | 30 +++++++++++++++---
 logger/file_writer_test.go | 62 +++++++++++++++++++++++++++++++++++---
 logger/formatter.go        | 23 ++++++++++----
 3 files changed, 99 insertions(+), 16 deletions(-)

diff --git a/logger/file_writer.go b/logger/file_writer.go
index 123c0b9e..a1736ff1 100644
--- a/logger/file_writer.go
+++ b/logger/file_writer.go
@@ -33,7 +33,7 @@ func NewFileRollingWriter(directory, baseFileName string, maxFileSize int64, max
 // Write is an implementation of io.writer the rolls the file once it reaches its max size
 // It is expected the caller to Write is doing so in a thread safe manner (as WriteManager does).
 func (w *FileRollingWriter) Write(p []byte) (n int, err error) {
-	logFile := buildPath(w.directory, w.baseFileName)
+	logFile, isSingleFile := buildPath(w.directory, w.baseFileName)
 	if w.fileHandle == nil {
 		h, err := os.OpenFile(logFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0664)
 		if err != nil {
@@ -55,7 +55,7 @@ func (w *FileRollingWriter) Write(p []byte) (n int, err error) {
 	written, err := w.fileHandle.Write(p)
 
 	// check if the file needs to be rolled
-	if err == nil && info.Size()+int64(written) > w.maxFileSize {
+	if err == nil && info.Size()+int64(written) > w.maxFileSize && !isSingleFile {
 		// close the file handle than do the renaming. A new one will be opened on the next write
 		w.Close()
 		w.rename(logFile, 1)
@@ -77,7 +77,10 @@ func (w *FileRollingWriter) Close() {
 // but if cloudflared-1.log already exists, it is renamed to cloudflared-2.log,
 // then the other files move in to their postion
 func (w *FileRollingWriter) rename(sourcePath string, index uint) {
-	destinationPath := buildPath(w.directory, fmt.Sprintf("%s-%d", w.baseFileName, index))
+	destinationPath, isSingleFile := buildPath(w.directory, fmt.Sprintf("%s-%d", w.baseFileName, index))
+	if isSingleFile {
+		return //don't need to rename anything, it is a single file
+	}
 
 	// rolled to the max amount of files allowed on disk
 	if index >= w.maxFileCount {
@@ -93,8 +96,13 @@ func (w *FileRollingWriter) rename(sourcePath string, index uint) {
 	os.Rename(sourcePath, destinationPath)
 }
 
-func buildPath(directory, fileName string) string {
-	return filepath.Join(directory, fileName+".log")
+// return the path to the log file and if it is a single file or not.
+// true means a single file. false means a rolled file
+func buildPath(directory, fileName string) (string, bool) {
+	if !isDirectory(directory) { // not a directory, so try and treat it as a single file for backwards compatibility sake
+		return directory, true
+	}
+	return filepath.Join(directory, fileName+".log"), false
 }
 
 func exists(filePath string) bool {
@@ -103,3 +111,15 @@ func exists(filePath string) bool {
 	}
 	return true
 }
+
+func isDirectory(path string) bool {
+	if path == "" {
+		return true
+	}
+
+	fileInfo, err := os.Stat(path)
+	if err != nil {
+		return false
+	}
+	return fileInfo.IsDir()
+}
diff --git a/logger/file_writer_test.go b/logger/file_writer_test.go
index 5ceae609..3c7a66a1 100644
--- a/logger/file_writer_test.go
+++ b/logger/file_writer_test.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
+	"path/filepath"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -31,18 +32,23 @@ func TestFileWrite(t *testing.T) {
 }
 
 func TestRolling(t *testing.T) {
+	dirName := "testdir"
+	err := os.Mkdir(dirName, 0755)
+	assert.NoError(t, err)
+
 	fileName := "test_file"
-	firstFile := fileName + ".log"
-	secondFile := fileName + "-1.log"
-	thirdFile := fileName + "-2.log"
+	firstFile := filepath.Join(dirName, fileName+".log")
+	secondFile := filepath.Join(dirName, fileName+"-1.log")
+	thirdFile := filepath.Join(dirName, fileName+"-2.log")
 
 	defer func() {
+		os.RemoveAll(dirName)
 		os.Remove(firstFile)
 		os.Remove(secondFile)
 		os.Remove(thirdFile)
 	}()
 
-	w := NewFileRollingWriter("", fileName, 1000, 2)
+	w := NewFileRollingWriter(dirName, fileName, 1000, 2)
 	defer w.Close()
 
 	for i := 99; i >= 1; i-- {
@@ -52,5 +58,51 @@ func TestRolling(t *testing.T) {
 	assert.FileExists(t, firstFile, "first file doesn't exist as expected")
 	assert.FileExists(t, secondFile, "second file doesn't exist as expected")
 	assert.FileExists(t, thirdFile, "third file doesn't exist as expected")
-	assert.False(t, exists(fileName+"-3.log"), "limited to two files and there is more")
+	assert.False(t, exists(filepath.Join(dirName, fileName+"-3.log")), "limited to two files and there is more")
+}
+
+func TestSingleFile(t *testing.T) {
+	fileName := "test_file"
+	testData := []byte(string("hello Dalton, how are you doing?"))
+	defer func() {
+		os.Remove(fileName)
+	}()
+
+	w := NewFileRollingWriter(fileName, fileName, 1000, 2)
+	defer w.Close()
+
+	l, err := w.Write(testData)
+
+	assert.NoError(t, err)
+	assert.Equal(t, l, len(testData), "expected write length and data length to match")
+
+	d, err := ioutil.ReadFile(fileName)
+	assert.FileExists(t, fileName, "file doesn't exist at expected path")
+	assert.Equal(t, d, testData, "expected data in file to match test data")
+}
+
+func TestSingleFileInDirectory(t *testing.T) {
+	dirName := "testdir"
+	err := os.Mkdir(dirName, 0755)
+	assert.NoError(t, err)
+
+	fileName := "test_file"
+	fullPath := filepath.Join(dirName, fileName+".log")
+	testData := []byte(string("hello Dalton, how are you doing?"))
+	defer func() {
+		os.Remove(fullPath)
+		os.RemoveAll(dirName)
+	}()
+
+	w := NewFileRollingWriter(fullPath, fileName, 1000, 2)
+	defer w.Close()
+
+	l, err := w.Write(testData)
+
+	assert.NoError(t, err)
+	assert.Equal(t, l, len(testData), "expected write length and data length to match")
+
+	d, err := ioutil.ReadFile(fullPath)
+	assert.FileExists(t, fullPath, "file doesn't exist at expected path")
+	assert.Equal(t, d, testData, "expected data in file to match test data")
 }
diff --git a/logger/formatter.go b/logger/formatter.go
index bbcdbdff..4e609af5 100644
--- a/logger/formatter.go
+++ b/logger/formatter.go
@@ -2,6 +2,7 @@ package logger
 
 import (
 	"fmt"
+	"runtime"
 	"time"
 
 	"github.com/acmacalister/skittles"
@@ -58,14 +59,17 @@ func (f *DefaultFormatter) Content(l Level, c string) string {
 
 // TerminalFormatter is setup for colored output
 type TerminalFormatter struct {
-	format string
+	format        string
+	supportsColor bool
 }
 
 // NewTerminalFormatter creates a Terminal formatter for colored output
 // format is the time format to use for timestamp formatting
 func NewTerminalFormatter(format string) Formatter {
+	supportsColor := (runtime.GOOS != "windows")
 	return &TerminalFormatter{
-		format: format,
+		format:        format,
+		supportsColor: supportsColor,
 	}
 }
 
@@ -74,13 +78,13 @@ func (f *TerminalFormatter) Timestamp(l Level, d time.Time) string {
 	t := ""
 	switch l {
 	case InfoLevel:
-		t = skittles.Cyan("[INFO] ")
+		t = f.output("[INFO] ", skittles.Cyan)
 	case ErrorLevel:
-		t = skittles.Red("[ERROR] ")
+		t = f.output("[ERROR] ", skittles.Red)
 	case DebugLevel:
-		t = skittles.Yellow("[DEBUG] ")
+		t = f.output("[DEBUG] ", skittles.Yellow)
 	case FatalLevel:
-		t = skittles.Red("[FATAL] ")
+		t = f.output("[FATAL] ", skittles.Red)
 	}
 	return t
 }
@@ -89,3 +93,10 @@ func (f *TerminalFormatter) Timestamp(l Level, d time.Time) string {
 func (f *TerminalFormatter) Content(l Level, c string) string {
 	return c
 }
+
+func (f *TerminalFormatter) output(msg string, colorFunc func(interface{}) string) string {
+	if f.supportsColor {
+		return colorFunc(msg)
+	}
+	return msg
+}

From dc3a228d5189d1526171835e4c9506102b1f0a56 Mon Sep 17 00:00:00 2001
From: cthuang <chungting@cloudflare.com>
Date: Tue, 16 Jun 2020 08:45:03 +0800
Subject: [PATCH 083/100] Release 2020.6.3

---
 RELEASE_NOTES | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/RELEASE_NOTES b/RELEASE_NOTES
index cbf10495..b18b9bf4 100644
--- a/RELEASE_NOTES
+++ b/RELEASE_NOTES
@@ -1,3 +1,7 @@
+2020.6.3
+- 2020-06-15 DEVTOOLS-7321: Add openssh-client pkg for missing ssh-keyscan
+- 2020-06-15 AUTH-2813 adds back a single file support a cloudflared log file
+
 2020.6.2
 - 2020-06-11 AUTH-2648 updated usage text
 - 2020-06-11 AUTH-2763 don't redirect from curl command

From 448a7798f79942cec82c12ca96efe8f2e6f663b8 Mon Sep 17 00:00:00 2001
From: Igor Postelnik <igor@cloudflare.com>
Date: Tue, 2 Jun 2020 13:19:19 -0500
Subject: [PATCH 084/100] TUN-3015: Add a new cap'n'proto RPC interface for
 connection registration as well as matching client and server
 implementations. The old interface extends the new one for backward
 compatibility.

---
 go.mod                               |    1 -
 tunnelrpc/pogs/connectionrpc.go      |  208 ++++
 tunnelrpc/pogs/connectionrpc_test.go |  129 +++
 tunnelrpc/pogs/errors.go             |   53 +
 tunnelrpc/pogs/support_test.go       |   41 +
 tunnelrpc/pogs/tunnelrpc.go          |    1 +
 tunnelrpc/tunnelrpc.capnp            |   50 +-
 tunnelrpc/tunnelrpc.capnp.go         | 1388 +++++++++++++++++++++++---
 8 files changed, 1743 insertions(+), 128 deletions(-)
 create mode 100644 tunnelrpc/pogs/connectionrpc.go
 create mode 100644 tunnelrpc/pogs/connectionrpc_test.go
 create mode 100644 tunnelrpc/pogs/errors.go
 create mode 100644 tunnelrpc/pogs/support_test.go

diff --git a/go.mod b/go.mod
index c40affcb..a311c606 100644
--- a/go.mod
+++ b/go.mod
@@ -54,7 +54,6 @@ require (
 	github.com/prometheus/common v0.7.0 // indirect
 	github.com/prometheus/procfs v0.0.5 // indirect
 	github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5 // indirect
-	github.com/sirupsen/logrus v1.4.2 // indirect
 	github.com/stretchr/testify v1.3.0
 	github.com/tinylib/msgp v1.1.0 // indirect
 	github.com/xo/dburl v0.0.0-20191005012637-293c3298d6c0
diff --git a/tunnelrpc/pogs/connectionrpc.go b/tunnelrpc/pogs/connectionrpc.go
new file mode 100644
index 00000000..eb1e9dac
--- /dev/null
+++ b/tunnelrpc/pogs/connectionrpc.go
@@ -0,0 +1,208 @@
+package pogs
+
+import (
+	"context"
+	"errors"
+	"net"
+	"time"
+
+	"github.com/google/uuid"
+	"zombiezen.com/go/capnproto2/pogs"
+	"zombiezen.com/go/capnproto2/server"
+
+	"github.com/cloudflare/cloudflared/tunnelrpc"
+)
+
+type RegistrationServer interface {
+	RegisterConnection(ctx context.Context, auth []byte, tunnelID uuid.UUID, connIndex byte, options *ConnectionOptions) (*ConnectionDetails, error)
+	UnregisterConnection(ctx context.Context)
+}
+
+type ClientInfo struct {
+	ClientID []byte `capnp:"clientId"` // must be a slice for capnp compatibility
+	Features []string
+	Version  string
+	Arch     string
+}
+
+type ConnectionOptions struct {
+	Client             ClientInfo
+	OriginLocalIP      net.IP `capnp:"originLocalIp"`
+	ReplaceExisting    bool
+	CompressionQuality uint8
+}
+
+func (p *ConnectionOptions) MarshalCapnproto(s tunnelrpc.ConnectionOptions) error {
+	return pogs.Insert(tunnelrpc.ConnectionOptions_TypeID, s.Struct, p)
+}
+
+func (p *ConnectionOptions) UnmarshalCapnproto(s tunnelrpc.ConnectionOptions) error {
+	return pogs.Extract(p, tunnelrpc.ConnectionOptions_TypeID, s.Struct)
+}
+
+type ConnectionDetails struct {
+	UUID     uuid.UUID
+	Location string
+}
+
+func (details *ConnectionDetails) MarshalCapnproto(s tunnelrpc.ConnectionDetails) error {
+	if err := s.SetUuid(details.UUID[:]); err != nil {
+		return err
+	}
+	if err := s.SetLocationName(details.Location); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (details *ConnectionDetails) UnmarshalCapnproto(s tunnelrpc.ConnectionDetails) error {
+	uuidBytes, err := s.Uuid()
+	if err != nil {
+		return err
+	}
+	details.UUID, err = uuid.FromBytes(uuidBytes)
+	if err != nil {
+		return err
+	}
+	details.Location, err = s.LocationName()
+	if err != nil {
+		return err
+	}
+
+	return err
+}
+
+func MarshalError(s tunnelrpc.ConnectionError, err error) error {
+	if err := s.SetCause(err.Error()); err != nil {
+		return err
+	}
+	if retryableErr, ok := err.(*RetryableError); ok {
+		s.SetShouldRetry(true)
+		s.SetRetryAfter(int64(retryableErr.Delay))
+	}
+
+	return nil
+}
+
+func (i TunnelServer_PogsImpl) RegisterConnection(p tunnelrpc.RegistrationServer_registerConnection) error {
+	server.Ack(p.Options)
+
+	auth, err := p.Params.Auth()
+	if err != nil {
+		return err
+	}
+	uuidBytes, err := p.Params.TunnelId()
+	if err != nil {
+		return err
+	}
+	tunnelID, err := uuid.FromBytes(uuidBytes)
+	if err != nil {
+		return err
+	}
+	connIndex := p.Params.ConnIndex()
+	options, err := p.Params.Options()
+	if err != nil {
+		return err
+	}
+	var pogsOptions ConnectionOptions
+	err = pogsOptions.UnmarshalCapnproto(options)
+	if err != nil {
+		return err
+	}
+
+	connDetails, callError := i.impl.RegisterConnection(p.Ctx, auth, tunnelID, connIndex, &pogsOptions)
+
+	resp, err := p.Results.NewResult()
+	if err != nil {
+		return err
+	}
+
+	if callError != nil {
+		if connError, err := resp.Result().NewError(); err != nil {
+			return err
+		} else {
+			return MarshalError(connError, callError)
+		}
+	}
+
+	if details, err := resp.Result().NewConnectionDetails(); err != nil {
+		return err
+	} else {
+		return connDetails.MarshalCapnproto(details)
+	}
+}
+
+func (i TunnelServer_PogsImpl) UnregisterConnection(p tunnelrpc.RegistrationServer_unregisterConnection) error {
+	server.Ack(p.Options)
+
+	i.impl.UnregisterConnection(p.Ctx)
+	return nil
+}
+
+func (c TunnelServer_PogsClient) RegisterConnection(ctx context.Context, auth []byte, tunnelID uuid.UUID, connIndex byte, options *ConnectionOptions) (*ConnectionDetails, error) {
+	client := tunnelrpc.TunnelServer{Client: c.Client}
+	promise := client.RegisterConnection(ctx, func(p tunnelrpc.RegistrationServer_registerConnection_Params) error {
+		err := p.SetAuth(auth)
+		if err != nil {
+			return err
+		}
+		err = p.SetTunnelId(tunnelID[:])
+		if err != nil {
+			return err
+		}
+		p.SetConnIndex(connIndex)
+		connectionOptions, err := p.NewOptions()
+		if err != nil {
+			return err
+		}
+		err = options.MarshalCapnproto(connectionOptions)
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+	response, err := promise.Result().Struct()
+	if err != nil {
+		return nil, wrapRPCError(err)
+	}
+	result := response.Result()
+	switch result.Which() {
+	case tunnelrpc.ConnectionResponse_result_Which_error:
+		resultError, err := result.Error()
+		if err != nil {
+			return nil, wrapRPCError(err)
+		}
+		cause, err := resultError.Cause()
+		if err != nil {
+			return nil, wrapRPCError(err)
+		}
+		err = errors.New(cause)
+		if resultError.ShouldRetry() {
+			err = RetryErrorAfter(err, time.Duration(resultError.RetryAfter()))
+		}
+		return nil, err
+
+	case tunnelrpc.ConnectionResponse_result_Which_connectionDetails:
+		connDetails, err := result.ConnectionDetails()
+		if err != nil {
+			return nil, wrapRPCError(err)
+		}
+		details := new(ConnectionDetails)
+		if err = details.UnmarshalCapnproto(connDetails); err != nil {
+			return nil, wrapRPCError(err)
+		}
+		return details, nil
+	}
+
+	return nil, newRPCError("unknown result which %d", result.Which())
+}
+
+func (c TunnelServer_PogsClient) Unregister(ctx context.Context) error {
+	client := tunnelrpc.TunnelServer{Client: c.Client}
+	promise := client.UnregisterConnection(ctx, func(p tunnelrpc.RegistrationServer_unregisterConnection_Params) error {
+		return nil
+	})
+	_, err := promise.Struct()
+	return wrapRPCError(err)
+}
diff --git a/tunnelrpc/pogs/connectionrpc_test.go b/tunnelrpc/pogs/connectionrpc_test.go
new file mode 100644
index 00000000..f520c2e1
--- /dev/null
+++ b/tunnelrpc/pogs/connectionrpc_test.go
@@ -0,0 +1,129 @@
+package pogs
+
+import (
+	"context"
+	"errors"
+	"net"
+	"testing"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	capnp "zombiezen.com/go/capnproto2"
+	"zombiezen.com/go/capnproto2/rpc"
+
+	"github.com/cloudflare/cloudflared/tunnelrpc"
+)
+
+func TestMarshalConnectionOptions(t *testing.T) {
+	clientID := uuid.New()
+	orig := ConnectionOptions{
+		Client: ClientInfo{
+			ClientID: clientID[:],
+			Features: []string{"a", "b"},
+			Version:  "1.2.3",
+			Arch:     "macos",
+		},
+		OriginLocalIP:      []byte{10, 2, 3, 4},
+		ReplaceExisting:    false,
+		CompressionQuality: 1,
+	}
+
+	_, seg, err := capnp.NewMessage(capnp.SingleSegment(nil))
+	require.NoError(t, err)
+	capnpOpts, err := tunnelrpc.NewConnectionOptions(seg)
+	require.NoError(t, err)
+
+	err = orig.MarshalCapnproto(capnpOpts)
+	assert.NoError(t, err)
+
+	var pogsOpts ConnectionOptions
+	err = pogsOpts.UnmarshalCapnproto(capnpOpts)
+	assert.NoError(t, err)
+
+	assert.Equal(t, orig, pogsOpts)
+}
+
+func TestConnectionRegistrationRPC(t *testing.T) {
+	p1, p2 := net.Pipe()
+	t1, t2 := rpc.StreamTransport(p1), rpc.StreamTransport(p2)
+
+	// Server-side
+	testImpl := testConnectionRegistrationServer{}
+	srv := TunnelServer_ServerToClient(&testImpl)
+	serverConn := rpc.NewConn(t1, rpc.MainInterface(srv.Client))
+	defer serverConn.Wait()
+
+	ctx := context.Background()
+	clientConn := rpc.NewConn(t2)
+	defer clientConn.Close()
+	client := TunnelServer_PogsClient{
+		Client: clientConn.Bootstrap(ctx),
+		Conn:   clientConn,
+	}
+	defer client.Close()
+
+	clientID := uuid.New()
+	options := &ConnectionOptions{
+		Client: ClientInfo{
+			ClientID: clientID[:],
+			Features: []string{"foo"},
+			Version:  "1.2.3",
+			Arch:     "macos",
+		},
+		OriginLocalIP:      net.IP{10, 20, 30, 40},
+		ReplaceExisting:    true,
+		CompressionQuality: 0,
+	}
+
+	expectedDetails := ConnectionDetails{
+		UUID:     uuid.New(),
+		Location: "TEST",
+	}
+	testImpl.details = &expectedDetails
+	testImpl.err = nil
+
+	// success
+	tunnelID := uuid.New()
+	details, err := client.Register(ctx, []byte{1, 2, 3}, tunnelID, 2, options)
+	assert.NoError(t, err)
+	assert.Equal(t, expectedDetails, *details)
+
+	// regular error
+	testImpl.details = nil
+	testImpl.err = errors.New("internal")
+
+	_, err = client.Register(ctx, []byte{1, 2, 3}, tunnelID, 2, options)
+	assert.EqualError(t, err, "internal")
+
+	// retriable error
+	testImpl.details = nil
+	const delay = 27*time.Second
+	testImpl.err = RetryErrorAfter(errors.New("retryable"), delay)
+
+	_, err = client.Register(ctx, []byte{1, 2, 3}, tunnelID, 2, options)
+	assert.EqualError(t, err, "retryable")
+
+	re, ok := err.(*RetryableError)
+	assert.True(t, ok)
+	assert.Equal(t, delay, re.Delay)
+}
+
+type testConnectionRegistrationServer struct {
+	mockTunnelServerBase
+
+	details *ConnectionDetails
+	err     error
+}
+
+func (t testConnectionRegistrationServer) Register(ctx context.Context, auth []byte, tunnelUUID uuid.UUID, connIndex byte, options *ConnectionOptions) (*ConnectionDetails, error) {
+	if t.err != nil {
+		return nil, t.err
+	}
+	if t.details != nil {
+		return t.details, nil
+	}
+
+	panic("either details or err mush be set")
+}
diff --git a/tunnelrpc/pogs/errors.go b/tunnelrpc/pogs/errors.go
new file mode 100644
index 00000000..7fd2a497
--- /dev/null
+++ b/tunnelrpc/pogs/errors.go
@@ -0,0 +1,53 @@
+package pogs
+
+import (
+	"fmt"
+	"time"
+)
+
+type RetryableError struct {
+	err   error
+	Delay time.Duration
+}
+
+func (re *RetryableError) Error() string {
+	return re.err.Error()
+}
+
+// RetryErrorAfter wraps err to indicate that client should retry after delay
+func RetryErrorAfter(err error, delay time.Duration) *RetryableError {
+	return &RetryableError{
+		err:   err,
+		Delay: delay,
+	}
+}
+
+func (re *RetryableError) Unwrap() error {
+	return re.err
+}
+
+// RPCError is used to indicate errors returned by the RPC subsystem rather
+// than failure of a remote operation
+type RPCError struct {
+	err error
+}
+
+func (re *RPCError) Error() string {
+	return re.err.Error()
+}
+
+func wrapRPCError(err error) *RPCError {
+	return &RPCError{
+		err: err,
+	}
+}
+
+func newRPCError(format string, args ...interface{}) *RPCError {
+	return &RPCError{
+		fmt.Errorf(format, args...),
+	}
+}
+
+func (re *RPCError) Unwrap() error {
+	return re.err
+}
\ No newline at end of file
diff --git a/tunnelrpc/pogs/support_test.go b/tunnelrpc/pogs/support_test.go
new file mode 100644
index 00000000..8aa459c4
--- /dev/null
+++ b/tunnelrpc/pogs/support_test.go
@@ -0,0 +1,41 @@
+package pogs
+
+import (
+	"context"
+
+	"github.com/google/uuid"
+)
+
+// mockTunnelServerBase provides a placeholder implementation
+// for TunnelServer interface that can be used to build
+// mocks for specific unit tests without having to implement every method
+type mockTunnelServerBase struct{}
+
+func (mockTunnelServerBase) Register(ctx context.Context, auth []byte, tunnelUUID uuid.UUID, connIndex byte, options *ConnectionOptions) (*ConnectionDetails, error) {
+	panic("unexpected call to Register")
+}
+
+func (mockTunnelServerBase) Unregister(ctx context.Context) {
+	panic("unexpected call to Unregister")
+}
+
+func (mockTunnelServerBase) RegisterTunnel(ctx context.Context, originCert []byte, hostname string, options *RegistrationOptions) *TunnelRegistration {
+	panic("unexpected call to RegisterTunnel")
+}
+
+func (mockTunnelServerBase) GetServerInfo(ctx context.Context) (*ServerInfo, error) {
+	panic("unexpected call to GetServerInfo")
+}
+
+func (mockTunnelServerBase) UnregisterTunnel(ctx context.Context, gracePeriodNanoSec int64) error {
+	panic("unexpected call to UnregisterTunnel")
+}
+
+func (mockTunnelServerBase) Authenticate(ctx context.Context, originCert []byte, hostname string, options *RegistrationOptions) (*AuthenticateResponse, error) {
+	panic("unexpected call to Authenticate")
+}
+
+func (mockTunnelServerBase) ReconnectTunnel(ctx context.Context, jwt, eventDigest, connDigest []byte, hostname string, options *RegistrationOptions) (*TunnelRegistration, error) {
+	panic("unexpected call to ReconnectTunnel")
+}
+
diff --git a/tunnelrpc/pogs/tunnelrpc.go b/tunnelrpc/pogs/tunnelrpc.go
index c12aedaa..3f3fffb5 100644
--- a/tunnelrpc/pogs/tunnelrpc.go
+++ b/tunnelrpc/pogs/tunnelrpc.go
@@ -201,6 +201,7 @@ func UnmarshalServerInfo(s tunnelrpc.ServerInfo) (*ServerInfo, error) {
 }
 
 type TunnelServer interface {
+	RegistrationServer
 	RegisterTunnel(ctx context.Context, originCert []byte, hostname string, options *RegistrationOptions) *TunnelRegistration
 	GetServerInfo(ctx context.Context) (*ServerInfo, error)
 	UnregisterTunnel(ctx context.Context, gracePeriodNanoSec int64) error
diff --git a/tunnelrpc/tunnelrpc.capnp b/tunnelrpc/tunnelrpc.capnp
index 0afffc3f..af9b890c 100644
--- a/tunnelrpc/tunnelrpc.capnp
+++ b/tunnelrpc/tunnelrpc.capnp
@@ -78,7 +78,55 @@ struct AuthenticateResponse {
     hoursUntilRefresh @3 :UInt8;
 }
 
-interface TunnelServer {
+struct ClientInfo {
+    # The tunnel client's unique identifier, used to verify a reconnection.
+    clientId @0 :Data;
+    # Set of features this cloudflared knows it supports
+    features @1 :List(Text);
+    # Information about the running binary.
+    version @2 :Text;
+    # Client OS and CPU info
+    arch @3 :Text;
+}
+
+struct ConnectionOptions {
+    # client details
+    client @0 :ClientInfo;
+    # origin LAN IP
+    originLocalIp @1 :Data;
+    # What to do if connection already exists
+    replaceExisting @2 :Bool;
+    # cross stream compression setting, 0 - off, 3 - high
+    compressionQuality @3 :UInt8;
+}
+
+struct ConnectionResponse {
+    result :union {
+        error @0 :ConnectionError;
+        connectionDetails @1 :ConnectionDetails;
+    }
+}
+
+struct ConnectionError {
+    cause @0 :Text;
+    # How long should this connection wait to retry in ns
+    retryAfter @1 :Int64;
+    shouldRetry @2 :Bool;
+}
+
+struct ConnectionDetails {
+    # identifier of this connection
+    uuid @0 :Data;
+    # airport code of the colo where this connection landed
+    locationName @1 :Text;
+}
+
+interface RegistrationServer {
+    registerConnection @0 (auth :Data, tunnelId :Data, connIndex :UInt8, options :ConnectionOptions) -> (result :ConnectionResponse);
+    unregisterConnection @1 () -> ();
+}
+
+interface TunnelServer extends (RegistrationServer) {
     registerTunnel @0 (originCert :Data, hostname :Text, options :RegistrationOptions) -> (result :TunnelRegistration);
     getServerInfo @1 () -> (result :ServerInfo);
     unregisterTunnel @2 (gracePeriodNanoSec :Int64) -> ();
diff --git a/tunnelrpc/tunnelrpc.capnp.go b/tunnelrpc/tunnelrpc.capnp.go
index 6bc9c889..de429999 100644
--- a/tunnelrpc/tunnelrpc.capnp.go
+++ b/tunnelrpc/tunnelrpc.capnp.go
@@ -4,6 +4,7 @@ package tunnelrpc
 
 import (
 	context "golang.org/x/net/context"
+	strconv "strconv"
 	capnp "zombiezen.com/go/capnproto2"
 	text "zombiezen.com/go/capnproto2/encoding/text"
 	schemas "zombiezen.com/go/capnproto2/schemas"
@@ -900,6 +901,1012 @@ func (p AuthenticateResponse_Promise) Struct() (AuthenticateResponse, error) {
 	return AuthenticateResponse{s}, err
 }
 
+type ClientInfo struct{ capnp.Struct }
+
+// ClientInfo_TypeID is the unique identifier for the type ClientInfo.
+const ClientInfo_TypeID = 0x83ced0145b2f114b
+
+func NewClientInfo(s *capnp.Segment) (ClientInfo, error) {
+	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 4})
+	return ClientInfo{st}, err
+}
+
+func NewRootClientInfo(s *capnp.Segment) (ClientInfo, error) {
+	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 4})
+	return ClientInfo{st}, err
+}
+
+func ReadRootClientInfo(msg *capnp.Message) (ClientInfo, error) {
+	root, err := msg.RootPtr()
+	return ClientInfo{root.Struct()}, err
+}
+
+func (s ClientInfo) String() string {
+	str, _ := text.Marshal(0x83ced0145b2f114b, s.Struct)
+	return str
+}
+
+func (s ClientInfo) ClientId() ([]byte, error) {
+	p, err := s.Struct.Ptr(0)
+	return []byte(p.Data()), err
+}
+
+func (s ClientInfo) HasClientId() bool {
+	p, err := s.Struct.Ptr(0)
+	return p.IsValid() || err != nil
+}
+
+func (s ClientInfo) SetClientId(v []byte) error {
+	return s.Struct.SetData(0, v)
+}
+
+func (s ClientInfo) Features() (capnp.TextList, error) {
+	p, err := s.Struct.Ptr(1)
+	return capnp.TextList{List: p.List()}, err
+}
+
+func (s ClientInfo) HasFeatures() bool {
+	p, err := s.Struct.Ptr(1)
+	return p.IsValid() || err != nil
+}
+
+func (s ClientInfo) SetFeatures(v capnp.TextList) error {
+	return s.Struct.SetPtr(1, v.List.ToPtr())
+}
+
+// NewFeatures sets the features field to a newly
+// allocated capnp.TextList, preferring placement in s's segment.
+func (s ClientInfo) NewFeatures(n int32) (capnp.TextList, error) {
+	l, err := capnp.NewTextList(s.Struct.Segment(), n)
+	if err != nil {
+		return capnp.TextList{}, err
+	}
+	err = s.Struct.SetPtr(1, l.List.ToPtr())
+	return l, err
+}
+
+func (s ClientInfo) Version() (string, error) {
+	p, err := s.Struct.Ptr(2)
+	return p.Text(), err
+}
+
+func (s ClientInfo) HasVersion() bool {
+	p, err := s.Struct.Ptr(2)
+	return p.IsValid() || err != nil
+}
+
+func (s ClientInfo) VersionBytes() ([]byte, error) {
+	p, err := s.Struct.Ptr(2)
+	return p.TextBytes(), err
+}
+
+func (s ClientInfo) SetVersion(v string) error {
+	return s.Struct.SetText(2, v)
+}
+
+func (s ClientInfo) Arch() (string, error) {
+	p, err := s.Struct.Ptr(3)
+	return p.Text(), err
+}
+
+func (s ClientInfo) HasArch() bool {
+	p, err := s.Struct.Ptr(3)
+	return p.IsValid() || err != nil
+}
+
+func (s ClientInfo) ArchBytes() ([]byte, error) {
+	p, err := s.Struct.Ptr(3)
+	return p.TextBytes(), err
+}
+
+func (s ClientInfo) SetArch(v string) error {
+	return s.Struct.SetText(3, v)
+}
+
+// ClientInfo_List is a list of ClientInfo.
+type ClientInfo_List struct{ capnp.List }
+
+// NewClientInfo creates a new list of ClientInfo.
+func NewClientInfo_List(s *capnp.Segment, sz int32) (ClientInfo_List, error) {
+	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 0, PointerCount: 4}, sz)
+	return ClientInfo_List{l}, err
+}
+
+func (s ClientInfo_List) At(i int) ClientInfo { return ClientInfo{s.List.Struct(i)} }
+
+func (s ClientInfo_List) Set(i int, v ClientInfo) error { return s.List.SetStruct(i, v.Struct) }
+
+func (s ClientInfo_List) String() string {
+	str, _ := text.MarshalList(0x83ced0145b2f114b, s.List)
+	return str
+}
+
+// ClientInfo_Promise is a wrapper for a ClientInfo promised by a client call.
+type ClientInfo_Promise struct{ *capnp.Pipeline }
+
+func (p ClientInfo_Promise) Struct() (ClientInfo, error) {
+	s, err := p.Pipeline.Struct()
+	return ClientInfo{s}, err
+}
+
+type ConnectionOptions struct{ capnp.Struct }
+
+// ConnectionOptions_TypeID is the unique identifier for the type ConnectionOptions.
+const ConnectionOptions_TypeID = 0xb4bf9861fe035d04
+
+func NewConnectionOptions(s *capnp.Segment) (ConnectionOptions, error) {
+	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 2})
+	return ConnectionOptions{st}, err
+}
+
+func NewRootConnectionOptions(s *capnp.Segment) (ConnectionOptions, error) {
+	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 2})
+	return ConnectionOptions{st}, err
+}
+
+func ReadRootConnectionOptions(msg *capnp.Message) (ConnectionOptions, error) {
+	root, err := msg.RootPtr()
+	return ConnectionOptions{root.Struct()}, err
+}
+
+func (s ConnectionOptions) String() string {
+	str, _ := text.Marshal(0xb4bf9861fe035d04, s.Struct)
+	return str
+}
+
+func (s ConnectionOptions) Client() (ClientInfo, error) {
+	p, err := s.Struct.Ptr(0)
+	return ClientInfo{Struct: p.Struct()}, err
+}
+
+func (s ConnectionOptions) HasClient() bool {
+	p, err := s.Struct.Ptr(0)
+	return p.IsValid() || err != nil
+}
+
+func (s ConnectionOptions) SetClient(v ClientInfo) error {
+	return s.Struct.SetPtr(0, v.Struct.ToPtr())
+}
+
+// NewClient sets the client field to a newly
+// allocated ClientInfo struct, preferring placement in s's segment.
+func (s ConnectionOptions) NewClient() (ClientInfo, error) {
+	ss, err := NewClientInfo(s.Struct.Segment())
+	if err != nil {
+		return ClientInfo{}, err
+	}
+	err = s.Struct.SetPtr(0, ss.Struct.ToPtr())
+	return ss, err
+}
+
+func (s ConnectionOptions) OriginLocalIp() ([]byte, error) {
+	p, err := s.Struct.Ptr(1)
+	return []byte(p.Data()), err
+}
+
+func (s ConnectionOptions) HasOriginLocalIp() bool {
+	p, err := s.Struct.Ptr(1)
+	return p.IsValid() || err != nil
+}
+
+func (s ConnectionOptions) SetOriginLocalIp(v []byte) error {
+	return s.Struct.SetData(1, v)
+}
+
+func (s ConnectionOptions) ReplaceExisting() bool {
+	return s.Struct.Bit(0)
+}
+
+func (s ConnectionOptions) SetReplaceExisting(v bool) {
+	s.Struct.SetBit(0, v)
+}
+
+func (s ConnectionOptions) CompressionQuality() uint8 {
+	return s.Struct.Uint8(1)
+}
+
+func (s ConnectionOptions) SetCompressionQuality(v uint8) {
+	s.Struct.SetUint8(1, v)
+}
+
+// ConnectionOptions_List is a list of ConnectionOptions.
+type ConnectionOptions_List struct{ capnp.List }
+
+// NewConnectionOptions creates a new list of ConnectionOptions.
+func NewConnectionOptions_List(s *capnp.Segment, sz int32) (ConnectionOptions_List, error) {
+	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 8, PointerCount: 2}, sz)
+	return ConnectionOptions_List{l}, err
+}
+
+func (s ConnectionOptions_List) At(i int) ConnectionOptions {
+	return ConnectionOptions{s.List.Struct(i)}
+}
+
+func (s ConnectionOptions_List) Set(i int, v ConnectionOptions) error {
+	return s.List.SetStruct(i, v.Struct)
+}
+
+func (s ConnectionOptions_List) String() string {
+	str, _ := text.MarshalList(0xb4bf9861fe035d04, s.List)
+	return str
+}
+
+// ConnectionOptions_Promise is a wrapper for a ConnectionOptions promised by a client call.
+type ConnectionOptions_Promise struct{ *capnp.Pipeline }
+
+func (p ConnectionOptions_Promise) Struct() (ConnectionOptions, error) {
+	s, err := p.Pipeline.Struct()
+	return ConnectionOptions{s}, err
+}
+
+func (p ConnectionOptions_Promise) Client() ClientInfo_Promise {
+	return ClientInfo_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
+}
+
+type ConnectionResponse struct{ capnp.Struct }
+type ConnectionResponse_result ConnectionResponse
+type ConnectionResponse_result_Which uint16
+
+const (
+	ConnectionResponse_result_Which_error             ConnectionResponse_result_Which = 0
+	ConnectionResponse_result_Which_connectionDetails ConnectionResponse_result_Which = 1
+)
+
+func (w ConnectionResponse_result_Which) String() string {
+	const s = "errorconnectionDetails"
+	switch w {
+	case ConnectionResponse_result_Which_error:
+		return s[0:5]
+	case ConnectionResponse_result_Which_connectionDetails:
+		return s[5:22]
+
+	}
+	return "ConnectionResponse_result_Which(" + strconv.FormatUint(uint64(w), 10) + ")"
+}
+
+// ConnectionResponse_TypeID is the unique identifier for the type ConnectionResponse.
+const ConnectionResponse_TypeID = 0xdbaa9d03d52b62dc
+
+func NewConnectionResponse(s *capnp.Segment) (ConnectionResponse, error) {
+	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 1})
+	return ConnectionResponse{st}, err
+}
+
+func NewRootConnectionResponse(s *capnp.Segment) (ConnectionResponse, error) {
+	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 1})
+	return ConnectionResponse{st}, err
+}
+
+func ReadRootConnectionResponse(msg *capnp.Message) (ConnectionResponse, error) {
+	root, err := msg.RootPtr()
+	return ConnectionResponse{root.Struct()}, err
+}
+
+func (s ConnectionResponse) String() string {
+	str, _ := text.Marshal(0xdbaa9d03d52b62dc, s.Struct)
+	return str
+}
+
+func (s ConnectionResponse) Result() ConnectionResponse_result { return ConnectionResponse_result(s) }
+
+func (s ConnectionResponse_result) Which() ConnectionResponse_result_Which {
+	return ConnectionResponse_result_Which(s.Struct.Uint16(0))
+}
+func (s ConnectionResponse_result) Error() (ConnectionError, error) {
+	if s.Struct.Uint16(0) != 0 {
+		panic("Which() != error")
+	}
+	p, err := s.Struct.Ptr(0)
+	return ConnectionError{Struct: p.Struct()}, err
+}
+
+func (s ConnectionResponse_result) HasError() bool {
+	if s.Struct.Uint16(0) != 0 {
+		return false
+	}
+	p, err := s.Struct.Ptr(0)
+	return p.IsValid() || err != nil
+}
+
+func (s ConnectionResponse_result) SetError(v ConnectionError) error {
+	s.Struct.SetUint16(0, 0)
+	return s.Struct.SetPtr(0, v.Struct.ToPtr())
+}
+
+// NewError sets the error field to a newly
+// allocated ConnectionError struct, preferring placement in s's segment.
+func (s ConnectionResponse_result) NewError() (ConnectionError, error) {
+	s.Struct.SetUint16(0, 0)
+	ss, err := NewConnectionError(s.Struct.Segment())
+	if err != nil {
+		return ConnectionError{}, err
+	}
+	err = s.Struct.SetPtr(0, ss.Struct.ToPtr())
+	return ss, err
+}
+
+func (s ConnectionResponse_result) ConnectionDetails() (ConnectionDetails, error) {
+	if s.Struct.Uint16(0) != 1 {
+		panic("Which() != connectionDetails")
+	}
+	p, err := s.Struct.Ptr(0)
+	return ConnectionDetails{Struct: p.Struct()}, err
+}
+
+func (s ConnectionResponse_result) HasConnectionDetails() bool {
+	if s.Struct.Uint16(0) != 1 {
+		return false
+	}
+	p, err := s.Struct.Ptr(0)
+	return p.IsValid() || err != nil
+}
+
+func (s ConnectionResponse_result) SetConnectionDetails(v ConnectionDetails) error {
+	s.Struct.SetUint16(0, 1)
+	return s.Struct.SetPtr(0, v.Struct.ToPtr())
+}
+
+// NewConnectionDetails sets the connectionDetails field to a newly
+// allocated ConnectionDetails struct, preferring placement in s's segment.
+func (s ConnectionResponse_result) NewConnectionDetails() (ConnectionDetails, error) {
+	s.Struct.SetUint16(0, 1)
+	ss, err := NewConnectionDetails(s.Struct.Segment())
+	if err != nil {
+		return ConnectionDetails{}, err
+	}
+	err = s.Struct.SetPtr(0, ss.Struct.ToPtr())
+	return ss, err
+}
+
+// ConnectionResponse_List is a list of ConnectionResponse.
+type ConnectionResponse_List struct{ capnp.List }
+
+// NewConnectionResponse creates a new list of ConnectionResponse.
+func NewConnectionResponse_List(s *capnp.Segment, sz int32) (ConnectionResponse_List, error) {
+	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 8, PointerCount: 1}, sz)
+	return ConnectionResponse_List{l}, err
+}
+
+func (s ConnectionResponse_List) At(i int) ConnectionResponse {
+	return ConnectionResponse{s.List.Struct(i)}
+}
+
+func (s ConnectionResponse_List) Set(i int, v ConnectionResponse) error {
+	return s.List.SetStruct(i, v.Struct)
+}
+
+func (s ConnectionResponse_List) String() string {
+	str, _ := text.MarshalList(0xdbaa9d03d52b62dc, s.List)
+	return str
+}
+
+// ConnectionResponse_Promise is a wrapper for a ConnectionResponse promised by a client call.
+type ConnectionResponse_Promise struct{ *capnp.Pipeline }
+
+func (p ConnectionResponse_Promise) Struct() (ConnectionResponse, error) {
+	s, err := p.Pipeline.Struct()
+	return ConnectionResponse{s}, err
+}
+
+func (p ConnectionResponse_Promise) Result() ConnectionResponse_result_Promise {
+	return ConnectionResponse_result_Promise{p.Pipeline}
+}
+
+// ConnectionResponse_result_Promise is a wrapper for a ConnectionResponse_result promised by a client call.
+type ConnectionResponse_result_Promise struct{ *capnp.Pipeline }
+
+func (p ConnectionResponse_result_Promise) Struct() (ConnectionResponse_result, error) {
+	s, err := p.Pipeline.Struct()
+	return ConnectionResponse_result{s}, err
+}
+
+func (p ConnectionResponse_result_Promise) Error() ConnectionError_Promise {
+	return ConnectionError_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
+}
+
+func (p ConnectionResponse_result_Promise) ConnectionDetails() ConnectionDetails_Promise {
+	return ConnectionDetails_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
+}
+
+type ConnectionError struct{ capnp.Struct }
+
+// ConnectionError_TypeID is the unique identifier for the type ConnectionError.
+const ConnectionError_TypeID = 0xf5f383d2785edb86
+
+func NewConnectionError(s *capnp.Segment) (ConnectionError, error) {
+	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 16, PointerCount: 1})
+	return ConnectionError{st}, err
+}
+
+func NewRootConnectionError(s *capnp.Segment) (ConnectionError, error) {
+	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 16, PointerCount: 1})
+	return ConnectionError{st}, err
+}
+
+func ReadRootConnectionError(msg *capnp.Message) (ConnectionError, error) {
+	root, err := msg.RootPtr()
+	return ConnectionError{root.Struct()}, err
+}
+
+func (s ConnectionError) String() string {
+	str, _ := text.Marshal(0xf5f383d2785edb86, s.Struct)
+	return str
+}
+
+func (s ConnectionError) Cause() (string, error) {
+	p, err := s.Struct.Ptr(0)
+	return p.Text(), err
+}
+
+func (s ConnectionError) HasCause() bool {
+	p, err := s.Struct.Ptr(0)
+	return p.IsValid() || err != nil
+}
+
+func (s ConnectionError) CauseBytes() ([]byte, error) {
+	p, err := s.Struct.Ptr(0)
+	return p.TextBytes(), err
+}
+
+func (s ConnectionError) SetCause(v string) error {
+	return s.Struct.SetText(0, v)
+}
+
+func (s ConnectionError) RetryAfter() int64 {
+	return int64(s.Struct.Uint64(0))
+}
+
+func (s ConnectionError) SetRetryAfter(v int64) {
+	s.Struct.SetUint64(0, uint64(v))
+}
+
+func (s ConnectionError) ShouldRetry() bool {
+	return s.Struct.Bit(64)
+}
+
+func (s ConnectionError) SetShouldRetry(v bool) {
+	s.Struct.SetBit(64, v)
+}
+
+// ConnectionError_List is a list of ConnectionError.
+type ConnectionError_List struct{ capnp.List }
+
+// NewConnectionError creates a new list of ConnectionError.
+func NewConnectionError_List(s *capnp.Segment, sz int32) (ConnectionError_List, error) {
+	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 16, PointerCount: 1}, sz)
+	return ConnectionError_List{l}, err
+}
+
+func (s ConnectionError_List) At(i int) ConnectionError { return ConnectionError{s.List.Struct(i)} }
+
+func (s ConnectionError_List) Set(i int, v ConnectionError) error {
+	return s.List.SetStruct(i, v.Struct)
+}
+
+func (s ConnectionError_List) String() string {
+	str, _ := text.MarshalList(0xf5f383d2785edb86, s.List)
+	return str
+}
+
+// ConnectionError_Promise is a wrapper for a ConnectionError promised by a client call.
+type ConnectionError_Promise struct{ *capnp.Pipeline }
+
+func (p ConnectionError_Promise) Struct() (ConnectionError, error) {
+	s, err := p.Pipeline.Struct()
+	return ConnectionError{s}, err
+}
+
+type ConnectionDetails struct{ capnp.Struct }
+
+// ConnectionDetails_TypeID is the unique identifier for the type ConnectionDetails.
+const ConnectionDetails_TypeID = 0xb5f39f082b9ac18a
+
+func NewConnectionDetails(s *capnp.Segment) (ConnectionDetails, error) {
+	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 2})
+	return ConnectionDetails{st}, err
+}
+
+func NewRootConnectionDetails(s *capnp.Segment) (ConnectionDetails, error) {
+	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 2})
+	return ConnectionDetails{st}, err
+}
+
+func ReadRootConnectionDetails(msg *capnp.Message) (ConnectionDetails, error) {
+	root, err := msg.RootPtr()
+	return ConnectionDetails{root.Struct()}, err
+}
+
+func (s ConnectionDetails) String() string {
+	str, _ := text.Marshal(0xb5f39f082b9ac18a, s.Struct)
+	return str
+}
+
+func (s ConnectionDetails) Uuid() ([]byte, error) {
+	p, err := s.Struct.Ptr(0)
+	return []byte(p.Data()), err
+}
+
+func (s ConnectionDetails) HasUuid() bool {
+	p, err := s.Struct.Ptr(0)
+	return p.IsValid() || err != nil
+}
+
+func (s ConnectionDetails) SetUuid(v []byte) error {
+	return s.Struct.SetData(0, v)
+}
+
+func (s ConnectionDetails) LocationName() (string, error) {
+	p, err := s.Struct.Ptr(1)
+	return p.Text(), err
+}
+
+func (s ConnectionDetails) HasLocationName() bool {
+	p, err := s.Struct.Ptr(1)
+	return p.IsValid() || err != nil
+}
+
+func (s ConnectionDetails) LocationNameBytes() ([]byte, error) {
+	p, err := s.Struct.Ptr(1)
+	return p.TextBytes(), err
+}
+
+func (s ConnectionDetails) SetLocationName(v string) error {
+	return s.Struct.SetText(1, v)
+}
+
+// ConnectionDetails_List is a list of ConnectionDetails.
+type ConnectionDetails_List struct{ capnp.List }
+
+// NewConnectionDetails creates a new list of ConnectionDetails.
+func NewConnectionDetails_List(s *capnp.Segment, sz int32) (ConnectionDetails_List, error) {
+	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 0, PointerCount: 2}, sz)
+	return ConnectionDetails_List{l}, err
+}
+
+func (s ConnectionDetails_List) At(i int) ConnectionDetails {
+	return ConnectionDetails{s.List.Struct(i)}
+}
+
+func (s ConnectionDetails_List) Set(i int, v ConnectionDetails) error {
+	return s.List.SetStruct(i, v.Struct)
+}
+
+func (s ConnectionDetails_List) String() string {
+	str, _ := text.MarshalList(0xb5f39f082b9ac18a, s.List)
+	return str
+}
+
+// ConnectionDetails_Promise is a wrapper for a ConnectionDetails promised by a client call.
+type ConnectionDetails_Promise struct{ *capnp.Pipeline }
+
+func (p ConnectionDetails_Promise) Struct() (ConnectionDetails, error) {
+	s, err := p.Pipeline.Struct()
+	return ConnectionDetails{s}, err
+}
+
+type RegistrationServer struct{ Client capnp.Client }
+
+// RegistrationServer_TypeID is the unique identifier for the type RegistrationServer.
+const RegistrationServer_TypeID = 0xf71695ec7fe85497
+
+func (c RegistrationServer) RegisterConnection(ctx context.Context, params func(RegistrationServer_registerConnection_Params) error, opts ...capnp.CallOption) RegistrationServer_registerConnection_Results_Promise {
+	if c.Client == nil {
+		return RegistrationServer_registerConnection_Results_Promise{Pipeline: capnp.NewPipeline(capnp.ErrorAnswer(capnp.ErrNullClient))}
+	}
+	call := &capnp.Call{
+		Ctx: ctx,
+		Method: capnp.Method{
+			InterfaceID:   0xf71695ec7fe85497,
+			MethodID:      0,
+			InterfaceName: "tunnelrpc/tunnelrpc.capnp:RegistrationServer",
+			MethodName:    "registerConnection",
+		},
+		Options: capnp.NewCallOptions(opts),
+	}
+	if params != nil {
+		call.ParamsSize = capnp.ObjectSize{DataSize: 8, PointerCount: 3}
+		call.ParamsFunc = func(s capnp.Struct) error { return params(RegistrationServer_registerConnection_Params{Struct: s}) }
+	}
+	return RegistrationServer_registerConnection_Results_Promise{Pipeline: capnp.NewPipeline(c.Client.Call(call))}
+}
+func (c RegistrationServer) UnregisterConnection(ctx context.Context, params func(RegistrationServer_unregisterConnection_Params) error, opts ...capnp.CallOption) RegistrationServer_unregisterConnection_Results_Promise {
+	if c.Client == nil {
+		return RegistrationServer_unregisterConnection_Results_Promise{Pipeline: capnp.NewPipeline(capnp.ErrorAnswer(capnp.ErrNullClient))}
+	}
+	call := &capnp.Call{
+		Ctx: ctx,
+		Method: capnp.Method{
+			InterfaceID:   0xf71695ec7fe85497,
+			MethodID:      1,
+			InterfaceName: "tunnelrpc/tunnelrpc.capnp:RegistrationServer",
+			MethodName:    "unregisterConnection",
+		},
+		Options: capnp.NewCallOptions(opts),
+	}
+	if params != nil {
+		call.ParamsSize = capnp.ObjectSize{DataSize: 0, PointerCount: 0}
+		call.ParamsFunc = func(s capnp.Struct) error { return params(RegistrationServer_unregisterConnection_Params{Struct: s}) }
+	}
+	return RegistrationServer_unregisterConnection_Results_Promise{Pipeline: capnp.NewPipeline(c.Client.Call(call))}
+}
+
+type RegistrationServer_Server interface {
+	RegisterConnection(RegistrationServer_registerConnection) error
+
+	UnregisterConnection(RegistrationServer_unregisterConnection) error
+}
+
+func RegistrationServer_ServerToClient(s RegistrationServer_Server) RegistrationServer {
+	c, _ := s.(server.Closer)
+	return RegistrationServer{Client: server.New(RegistrationServer_Methods(nil, s), c)}
+}
+
+func RegistrationServer_Methods(methods []server.Method, s RegistrationServer_Server) []server.Method {
+	if cap(methods) == 0 {
+		methods = make([]server.Method, 0, 2)
+	}
+
+	methods = append(methods, server.Method{
+		Method: capnp.Method{
+			InterfaceID:   0xf71695ec7fe85497,
+			MethodID:      0,
+			InterfaceName: "tunnelrpc/tunnelrpc.capnp:RegistrationServer",
+			MethodName:    "registerConnection",
+		},
+		Impl: func(c context.Context, opts capnp.CallOptions, p, r capnp.Struct) error {
+			call := RegistrationServer_registerConnection{c, opts, RegistrationServer_registerConnection_Params{Struct: p}, RegistrationServer_registerConnection_Results{Struct: r}}
+			return s.RegisterConnection(call)
+		},
+		ResultsSize: capnp.ObjectSize{DataSize: 0, PointerCount: 1},
+	})
+
+	methods = append(methods, server.Method{
+		Method: capnp.Method{
+			InterfaceID:   0xf71695ec7fe85497,
+			MethodID:      1,
+			InterfaceName: "tunnelrpc/tunnelrpc.capnp:RegistrationServer",
+			MethodName:    "unregisterConnection",
+		},
+		Impl: func(c context.Context, opts capnp.CallOptions, p, r capnp.Struct) error {
+			call := RegistrationServer_unregisterConnection{c, opts, RegistrationServer_unregisterConnection_Params{Struct: p}, RegistrationServer_unregisterConnection_Results{Struct: r}}
+			return s.UnregisterConnection(call)
+		},
+		ResultsSize: capnp.ObjectSize{DataSize: 0, PointerCount: 0},
+	})
+
+	return methods
+}
+
+// RegistrationServer_registerConnection holds the arguments for a server call to RegistrationServer.registerConnection.
+type RegistrationServer_registerConnection struct {
+	Ctx     context.Context
+	Options capnp.CallOptions
+	Params  RegistrationServer_registerConnection_Params
+	Results RegistrationServer_registerConnection_Results
+}
+
+// RegistrationServer_unregisterConnection holds the arguments for a server call to RegistrationServer.unregisterConnection.
+type RegistrationServer_unregisterConnection struct {
+	Ctx     context.Context
+	Options capnp.CallOptions
+	Params  RegistrationServer_unregisterConnection_Params
+	Results RegistrationServer_unregisterConnection_Results
+}
+
+type RegistrationServer_registerConnection_Params struct{ capnp.Struct }
+
+// RegistrationServer_registerConnection_Params_TypeID is the unique identifier for the type RegistrationServer_registerConnection_Params.
+const RegistrationServer_registerConnection_Params_TypeID = 0xe6646dec8feaa6ee
+
+func NewRegistrationServer_registerConnection_Params(s *capnp.Segment) (RegistrationServer_registerConnection_Params, error) {
+	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 3})
+	return RegistrationServer_registerConnection_Params{st}, err
+}
+
+func NewRootRegistrationServer_registerConnection_Params(s *capnp.Segment) (RegistrationServer_registerConnection_Params, error) {
+	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 8, PointerCount: 3})
+	return RegistrationServer_registerConnection_Params{st}, err
+}
+
+func ReadRootRegistrationServer_registerConnection_Params(msg *capnp.Message) (RegistrationServer_registerConnection_Params, error) {
+	root, err := msg.RootPtr()
+	return RegistrationServer_registerConnection_Params{root.Struct()}, err
+}
+
+func (s RegistrationServer_registerConnection_Params) String() string {
+	str, _ := text.Marshal(0xe6646dec8feaa6ee, s.Struct)
+	return str
+}
+
+func (s RegistrationServer_registerConnection_Params) Auth() ([]byte, error) {
+	p, err := s.Struct.Ptr(0)
+	return []byte(p.Data()), err
+}
+
+func (s RegistrationServer_registerConnection_Params) HasAuth() bool {
+	p, err := s.Struct.Ptr(0)
+	return p.IsValid() || err != nil
+}
+
+func (s RegistrationServer_registerConnection_Params) SetAuth(v []byte) error {
+	return s.Struct.SetData(0, v)
+}
+
+func (s RegistrationServer_registerConnection_Params) TunnelId() ([]byte, error) {
+	p, err := s.Struct.Ptr(1)
+	return []byte(p.Data()), err
+}
+
+func (s RegistrationServer_registerConnection_Params) HasTunnelId() bool {
+	p, err := s.Struct.Ptr(1)
+	return p.IsValid() || err != nil
+}
+
+func (s RegistrationServer_registerConnection_Params) SetTunnelId(v []byte) error {
+	return s.Struct.SetData(1, v)
+}
+
+func (s RegistrationServer_registerConnection_Params) ConnIndex() uint8 {
+	return s.Struct.Uint8(0)
+}
+
+func (s RegistrationServer_registerConnection_Params) SetConnIndex(v uint8) {
+	s.Struct.SetUint8(0, v)
+}
+
+func (s RegistrationServer_registerConnection_Params) Options() (ConnectionOptions, error) {
+	p, err := s.Struct.Ptr(2)
+	return ConnectionOptions{Struct: p.Struct()}, err
+}
+
+func (s RegistrationServer_registerConnection_Params) HasOptions() bool {
+	p, err := s.Struct.Ptr(2)
+	return p.IsValid() || err != nil
+}
+
+func (s RegistrationServer_registerConnection_Params) SetOptions(v ConnectionOptions) error {
+	return s.Struct.SetPtr(2, v.Struct.ToPtr())
+}
+
+// NewOptions sets the options field to a newly
+// allocated ConnectionOptions struct, preferring placement in s's segment.
+func (s RegistrationServer_registerConnection_Params) NewOptions() (ConnectionOptions, error) {
+	ss, err := NewConnectionOptions(s.Struct.Segment())
+	if err != nil {
+		return ConnectionOptions{}, err
+	}
+	err = s.Struct.SetPtr(2, ss.Struct.ToPtr())
+	return ss, err
+}
+
+// RegistrationServer_registerConnection_Params_List is a list of RegistrationServer_registerConnection_Params.
+type RegistrationServer_registerConnection_Params_List struct{ capnp.List }
+
+// NewRegistrationServer_registerConnection_Params creates a new list of RegistrationServer_registerConnection_Params.
+func NewRegistrationServer_registerConnection_Params_List(s *capnp.Segment, sz int32) (RegistrationServer_registerConnection_Params_List, error) {
+	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 8, PointerCount: 3}, sz)
+	return RegistrationServer_registerConnection_Params_List{l}, err
+}
+
+func (s RegistrationServer_registerConnection_Params_List) At(i int) RegistrationServer_registerConnection_Params {
+	return RegistrationServer_registerConnection_Params{s.List.Struct(i)}
+}
+
+func (s RegistrationServer_registerConnection_Params_List) Set(i int, v RegistrationServer_registerConnection_Params) error {
+	return s.List.SetStruct(i, v.Struct)
+}
+
+func (s RegistrationServer_registerConnection_Params_List) String() string {
+	str, _ := text.MarshalList(0xe6646dec8feaa6ee, s.List)
+	return str
+}
+
+// RegistrationServer_registerConnection_Params_Promise is a wrapper for a RegistrationServer_registerConnection_Params promised by a client call.
+type RegistrationServer_registerConnection_Params_Promise struct{ *capnp.Pipeline }
+
+func (p RegistrationServer_registerConnection_Params_Promise) Struct() (RegistrationServer_registerConnection_Params, error) {
+	s, err := p.Pipeline.Struct()
+	return RegistrationServer_registerConnection_Params{s}, err
+}
+
+func (p RegistrationServer_registerConnection_Params_Promise) Options() ConnectionOptions_Promise {
+	return ConnectionOptions_Promise{Pipeline: p.Pipeline.GetPipeline(2)}
+}
+
+type RegistrationServer_registerConnection_Results struct{ capnp.Struct }
+
+// RegistrationServer_registerConnection_Results_TypeID is the unique identifier for the type RegistrationServer_registerConnection_Results.
+const RegistrationServer_registerConnection_Results_TypeID = 0xea50d822450d1f17
+
+func NewRegistrationServer_registerConnection_Results(s *capnp.Segment) (RegistrationServer_registerConnection_Results, error) {
+	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1})
+	return RegistrationServer_registerConnection_Results{st}, err
+}
+
+func NewRootRegistrationServer_registerConnection_Results(s *capnp.Segment) (RegistrationServer_registerConnection_Results, error) {
+	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1})
+	return RegistrationServer_registerConnection_Results{st}, err
+}
+
+func ReadRootRegistrationServer_registerConnection_Results(msg *capnp.Message) (RegistrationServer_registerConnection_Results, error) {
+	root, err := msg.RootPtr()
+	return RegistrationServer_registerConnection_Results{root.Struct()}, err
+}
+
+func (s RegistrationServer_registerConnection_Results) String() string {
+	str, _ := text.Marshal(0xea50d822450d1f17, s.Struct)
+	return str
+}
+
+func (s RegistrationServer_registerConnection_Results) Result() (ConnectionResponse, error) {
+	p, err := s.Struct.Ptr(0)
+	return ConnectionResponse{Struct: p.Struct()}, err
+}
+
+func (s RegistrationServer_registerConnection_Results) HasResult() bool {
+	p, err := s.Struct.Ptr(0)
+	return p.IsValid() || err != nil
+}
+
+func (s RegistrationServer_registerConnection_Results) SetResult(v ConnectionResponse) error {
+	return s.Struct.SetPtr(0, v.Struct.ToPtr())
+}
+
+// NewResult sets the result field to a newly
+// allocated ConnectionResponse struct, preferring placement in s's segment.
+func (s RegistrationServer_registerConnection_Results) NewResult() (ConnectionResponse, error) {
+	ss, err := NewConnectionResponse(s.Struct.Segment())
+	if err != nil {
+		return ConnectionResponse{}, err
+	}
+	err = s.Struct.SetPtr(0, ss.Struct.ToPtr())
+	return ss, err
+}
+
+// RegistrationServer_registerConnection_Results_List is a list of RegistrationServer_registerConnection_Results.
+type RegistrationServer_registerConnection_Results_List struct{ capnp.List }
+
+// NewRegistrationServer_registerConnection_Results creates a new list of RegistrationServer_registerConnection_Results.
+func NewRegistrationServer_registerConnection_Results_List(s *capnp.Segment, sz int32) (RegistrationServer_registerConnection_Results_List, error) {
+	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 0, PointerCount: 1}, sz)
+	return RegistrationServer_registerConnection_Results_List{l}, err
+}
+
+func (s RegistrationServer_registerConnection_Results_List) At(i int) RegistrationServer_registerConnection_Results {
+	return RegistrationServer_registerConnection_Results{s.List.Struct(i)}
+}
+
+func (s RegistrationServer_registerConnection_Results_List) Set(i int, v RegistrationServer_registerConnection_Results) error {
+	return s.List.SetStruct(i, v.Struct)
+}
+
+func (s RegistrationServer_registerConnection_Results_List) String() string {
+	str, _ := text.MarshalList(0xea50d822450d1f17, s.List)
+	return str
+}
+
+// RegistrationServer_registerConnection_Results_Promise is a wrapper for a RegistrationServer_registerConnection_Results promised by a client call.
+type RegistrationServer_registerConnection_Results_Promise struct{ *capnp.Pipeline }
+
+func (p RegistrationServer_registerConnection_Results_Promise) Struct() (RegistrationServer_registerConnection_Results, error) {
+	s, err := p.Pipeline.Struct()
+	return RegistrationServer_registerConnection_Results{s}, err
+}
+
+func (p RegistrationServer_registerConnection_Results_Promise) Result() ConnectionResponse_Promise {
+	return ConnectionResponse_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
+}
+
+type RegistrationServer_unregisterConnection_Params struct{ capnp.Struct }
+
+// RegistrationServer_unregisterConnection_Params_TypeID is the unique identifier for the type RegistrationServer_unregisterConnection_Params.
+const RegistrationServer_unregisterConnection_Params_TypeID = 0xf9cb7f4431a307d0
+
+func NewRegistrationServer_unregisterConnection_Params(s *capnp.Segment) (RegistrationServer_unregisterConnection_Params, error) {
+	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 0})
+	return RegistrationServer_unregisterConnection_Params{st}, err
+}
+
+func NewRootRegistrationServer_unregisterConnection_Params(s *capnp.Segment) (RegistrationServer_unregisterConnection_Params, error) {
+	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 0})
+	return RegistrationServer_unregisterConnection_Params{st}, err
+}
+
+func ReadRootRegistrationServer_unregisterConnection_Params(msg *capnp.Message) (RegistrationServer_unregisterConnection_Params, error) {
+	root, err := msg.RootPtr()
+	return RegistrationServer_unregisterConnection_Params{root.Struct()}, err
+}
+
+func (s RegistrationServer_unregisterConnection_Params) String() string {
+	str, _ := text.Marshal(0xf9cb7f4431a307d0, s.Struct)
+	return str
+}
+
+// RegistrationServer_unregisterConnection_Params_List is a list of RegistrationServer_unregisterConnection_Params.
+type RegistrationServer_unregisterConnection_Params_List struct{ capnp.List }
+
+// NewRegistrationServer_unregisterConnection_Params creates a new list of RegistrationServer_unregisterConnection_Params.
+func NewRegistrationServer_unregisterConnection_Params_List(s *capnp.Segment, sz int32) (RegistrationServer_unregisterConnection_Params_List, error) {
+	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 0, PointerCount: 0}, sz)
+	return RegistrationServer_unregisterConnection_Params_List{l}, err
+}
+
+func (s RegistrationServer_unregisterConnection_Params_List) At(i int) RegistrationServer_unregisterConnection_Params {
+	return RegistrationServer_unregisterConnection_Params{s.List.Struct(i)}
+}
+
+func (s RegistrationServer_unregisterConnection_Params_List) Set(i int, v RegistrationServer_unregisterConnection_Params) error {
+	return s.List.SetStruct(i, v.Struct)
+}
+
+func (s RegistrationServer_unregisterConnection_Params_List) String() string {
+	str, _ := text.MarshalList(0xf9cb7f4431a307d0, s.List)
+	return str
+}
+
+// RegistrationServer_unregisterConnection_Params_Promise is a wrapper for a RegistrationServer_unregisterConnection_Params promised by a client call.
+type RegistrationServer_unregisterConnection_Params_Promise struct{ *capnp.Pipeline }
+
+func (p RegistrationServer_unregisterConnection_Params_Promise) Struct() (RegistrationServer_unregisterConnection_Params, error) {
+	s, err := p.Pipeline.Struct()
+	return RegistrationServer_unregisterConnection_Params{s}, err
+}
+
+type RegistrationServer_unregisterConnection_Results struct{ capnp.Struct }
+
+// RegistrationServer_unregisterConnection_Results_TypeID is the unique identifier for the type RegistrationServer_unregisterConnection_Results.
+const RegistrationServer_unregisterConnection_Results_TypeID = 0xb046e578094b1ead
+
+func NewRegistrationServer_unregisterConnection_Results(s *capnp.Segment) (RegistrationServer_unregisterConnection_Results, error) {
+	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 0})
+	return RegistrationServer_unregisterConnection_Results{st}, err
+}
+
+func NewRootRegistrationServer_unregisterConnection_Results(s *capnp.Segment) (RegistrationServer_unregisterConnection_Results, error) {
+	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 0})
+	return RegistrationServer_unregisterConnection_Results{st}, err
+}
+
+func ReadRootRegistrationServer_unregisterConnection_Results(msg *capnp.Message) (RegistrationServer_unregisterConnection_Results, error) {
+	root, err := msg.RootPtr()
+	return RegistrationServer_unregisterConnection_Results{root.Struct()}, err
+}
+
+func (s RegistrationServer_unregisterConnection_Results) String() string {
+	str, _ := text.Marshal(0xb046e578094b1ead, s.Struct)
+	return str
+}
+
+// RegistrationServer_unregisterConnection_Results_List is a list of RegistrationServer_unregisterConnection_Results.
+type RegistrationServer_unregisterConnection_Results_List struct{ capnp.List }
+
+// NewRegistrationServer_unregisterConnection_Results creates a new list of RegistrationServer_unregisterConnection_Results.
+func NewRegistrationServer_unregisterConnection_Results_List(s *capnp.Segment, sz int32) (RegistrationServer_unregisterConnection_Results_List, error) {
+	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 0, PointerCount: 0}, sz)
+	return RegistrationServer_unregisterConnection_Results_List{l}, err
+}
+
+func (s RegistrationServer_unregisterConnection_Results_List) At(i int) RegistrationServer_unregisterConnection_Results {
+	return RegistrationServer_unregisterConnection_Results{s.List.Struct(i)}
+}
+
+func (s RegistrationServer_unregisterConnection_Results_List) Set(i int, v RegistrationServer_unregisterConnection_Results) error {
+	return s.List.SetStruct(i, v.Struct)
+}
+
+func (s RegistrationServer_unregisterConnection_Results_List) String() string {
+	str, _ := text.MarshalList(0xb046e578094b1ead, s.List)
+	return str
+}
+
+// RegistrationServer_unregisterConnection_Results_Promise is a wrapper for a RegistrationServer_unregisterConnection_Results promised by a client call.
+type RegistrationServer_unregisterConnection_Results_Promise struct{ *capnp.Pipeline }
+
+func (p RegistrationServer_unregisterConnection_Results_Promise) Struct() (RegistrationServer_unregisterConnection_Results, error) {
+	s, err := p.Pipeline.Struct()
+	return RegistrationServer_unregisterConnection_Results{s}, err
+}
+
 type TunnelServer struct{ Client capnp.Client }
 
 // TunnelServer_TypeID is the unique identifier for the type TunnelServer.
@@ -1027,6 +2034,46 @@ func (c TunnelServer) ReconnectTunnel(ctx context.Context, params func(TunnelSer
 	}
 	return TunnelServer_reconnectTunnel_Results_Promise{Pipeline: capnp.NewPipeline(c.Client.Call(call))}
 }
+func (c TunnelServer) RegisterConnection(ctx context.Context, params func(RegistrationServer_registerConnection_Params) error, opts ...capnp.CallOption) RegistrationServer_registerConnection_Results_Promise {
+	if c.Client == nil {
+		return RegistrationServer_registerConnection_Results_Promise{Pipeline: capnp.NewPipeline(capnp.ErrorAnswer(capnp.ErrNullClient))}
+	}
+	call := &capnp.Call{
+		Ctx: ctx,
+		Method: capnp.Method{
+			InterfaceID:   0xf71695ec7fe85497,
+			MethodID:      0,
+			InterfaceName: "tunnelrpc/tunnelrpc.capnp:RegistrationServer",
+			MethodName:    "registerConnection",
+		},
+		Options: capnp.NewCallOptions(opts),
+	}
+	if params != nil {
+		call.ParamsSize = capnp.ObjectSize{DataSize: 8, PointerCount: 3}
+		call.ParamsFunc = func(s capnp.Struct) error { return params(RegistrationServer_registerConnection_Params{Struct: s}) }
+	}
+	return RegistrationServer_registerConnection_Results_Promise{Pipeline: capnp.NewPipeline(c.Client.Call(call))}
+}
+func (c TunnelServer) UnregisterConnection(ctx context.Context, params func(RegistrationServer_unregisterConnection_Params) error, opts ...capnp.CallOption) RegistrationServer_unregisterConnection_Results_Promise {
+	if c.Client == nil {
+		return RegistrationServer_unregisterConnection_Results_Promise{Pipeline: capnp.NewPipeline(capnp.ErrorAnswer(capnp.ErrNullClient))}
+	}
+	call := &capnp.Call{
+		Ctx: ctx,
+		Method: capnp.Method{
+			InterfaceID:   0xf71695ec7fe85497,
+			MethodID:      1,
+			InterfaceName: "tunnelrpc/tunnelrpc.capnp:RegistrationServer",
+			MethodName:    "unregisterConnection",
+		},
+		Options: capnp.NewCallOptions(opts),
+	}
+	if params != nil {
+		call.ParamsSize = capnp.ObjectSize{DataSize: 0, PointerCount: 0}
+		call.ParamsFunc = func(s capnp.Struct) error { return params(RegistrationServer_unregisterConnection_Params{Struct: s}) }
+	}
+	return RegistrationServer_unregisterConnection_Results_Promise{Pipeline: capnp.NewPipeline(c.Client.Call(call))}
+}
 
 type TunnelServer_Server interface {
 	RegisterTunnel(TunnelServer_registerTunnel) error
@@ -1040,6 +2087,10 @@ type TunnelServer_Server interface {
 	Authenticate(TunnelServer_authenticate) error
 
 	ReconnectTunnel(TunnelServer_reconnectTunnel) error
+
+	RegisterConnection(RegistrationServer_registerConnection) error
+
+	UnregisterConnection(RegistrationServer_unregisterConnection) error
 }
 
 func TunnelServer_ServerToClient(s TunnelServer_Server) TunnelServer {
@@ -1049,7 +2100,7 @@ func TunnelServer_ServerToClient(s TunnelServer_Server) TunnelServer {
 
 func TunnelServer_Methods(methods []server.Method, s TunnelServer_Server) []server.Method {
 	if cap(methods) == 0 {
-		methods = make([]server.Method, 0, 6)
+		methods = make([]server.Method, 0, 8)
 	}
 
 	methods = append(methods, server.Method{
@@ -1136,6 +2187,34 @@ func TunnelServer_Methods(methods []server.Method, s TunnelServer_Server) []serv
 		ResultsSize: capnp.ObjectSize{DataSize: 0, PointerCount: 1},
 	})
 
+	methods = append(methods, server.Method{
+		Method: capnp.Method{
+			InterfaceID:   0xf71695ec7fe85497,
+			MethodID:      0,
+			InterfaceName: "tunnelrpc/tunnelrpc.capnp:RegistrationServer",
+			MethodName:    "registerConnection",
+		},
+		Impl: func(c context.Context, opts capnp.CallOptions, p, r capnp.Struct) error {
+			call := RegistrationServer_registerConnection{c, opts, RegistrationServer_registerConnection_Params{Struct: p}, RegistrationServer_registerConnection_Results{Struct: r}}
+			return s.RegisterConnection(call)
+		},
+		ResultsSize: capnp.ObjectSize{DataSize: 0, PointerCount: 1},
+	})
+
+	methods = append(methods, server.Method{
+		Method: capnp.Method{
+			InterfaceID:   0xf71695ec7fe85497,
+			MethodID:      1,
+			InterfaceName: "tunnelrpc/tunnelrpc.capnp:RegistrationServer",
+			MethodName:    "unregisterConnection",
+		},
+		Impl: func(c context.Context, opts capnp.CallOptions, p, r capnp.Struct) error {
+			call := RegistrationServer_unregisterConnection{c, opts, RegistrationServer_unregisterConnection_Params{Struct: p}, RegistrationServer_unregisterConnection_Results{Struct: r}}
+			return s.UnregisterConnection(call)
+		},
+		ResultsSize: capnp.ObjectSize{DataSize: 0, PointerCount: 0},
+	})
+
 	return methods
 }
 
@@ -2185,152 +3264,209 @@ func (p TunnelServer_reconnectTunnel_Results_Promise) Result() TunnelRegistratio
 	return TunnelRegistration_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
 }
 
-const schema_db8274f9144abc7e = "x\xda\xccX}\x8c\x14g\x19\x7f~\xf3\xee\xee\xdcq" +
-	"\xbb\xecMf\x89pis\x86\xd0\xd4\x12[\x8b'\x86" +
-	"\xe2\xc7\xdd\xd1\x03=\xe4c\xe7\x16LK\xa9\xe9\xdc\xde" +
-	"{\xc7\x9c\xbb3\xdb\x99\xd9+\x87\xa5\x85\x0b\xa4\xa5\xc1" +
-	"\xdaR0\x05[\x834\xc6T\x8d\x16?\xa254\xa1" +
-	"\xd1\xd8\x9a6V\x0c\x1a\xa84j)ilJP\xc4" +
-	"\x98\x9a\xea\x98gvgv8Z\x0a\xe5\x9f\xfe\xb7\xf7" +
-	"\x9b\xe7}\xbe\xdf\xe7\xf7\xbcw\xe3\x89T\x9f\xb2 \xfd" +
-	"z\x86\xc8(\xa63\x81\x9c\xff\xfbM\xfb\xaf\xf9\xe5\x14" +
-	"\x19]@p\xcf\xa1\xe5\x85\xb7\xfc\xa9?QZ\xa8D" +
-	"=\xb7\x8aM\xd0\xab\xfcS\xb7\xc4\xeb\x84\xe0\xd3\xd5\x97" +
-	"\x0e|r\xcf\x0b\xdbH\xebRZ\xc2\x84\x9e\x95\xa9M" +
-	"\xd0\xcd\x14K\xde\x9eZM\x08\xfe\xb9{\xf6\xf7\xbe\xf5" +
-	"\xdb\xe7\xb7\x93v-\xa8\xa9\xae\x9ez\x19\x04}G\xea" +
-	"\x87\x84\xe0\xa5\x8f\x1e\xfa\xc5C?\xbe\xef\x1bd\\\x0b" +
-	"\x10\xf1\xd1\x9e\xeb\xd2\xffa\x81\xcf\xa4{\x09\xc1\xeec" +
-	"\xcf\xac\xaa>\xbc\xef@CC\xf8]\xa6\x15\x85R\xc1" +
-	"\xb6\xc1\x7fW\xd7>Qz\xa2\xa9;\x1d\xba\x9a>\x0b" +
-	"BO5\xdd\x0dB\xb0\xf0\xe5S\xabW\xfeh\xf4;" +
-	"\x89\xb3;2\x9b\xf8\xec\xacA\x9c8\xbc \xf5\xb3\xa4" +
-	"_\xdb3o\xb0\xd9\xbd\x19\xf6\xeb\xea\xd3Kr\xf6\x99" +
-	"\xa9\xc3\xa4u]\x90\x8f\x9b\xd4\xe5\xd0W\xaa\x1c\xe5\xa0" +
-	"\xca\xc2\xcbo{dW\xfa\xd4#\xcfq\xf6\x12\x09I" +
-	"\xb7\xb1\xf4)\xd5\x85\xfe\x16K\xf7\xfcK\xfd\x90 \x04" +
-	"]O}\xea\x07KF\x8e\xbf0M\xb7\xc2\x0a\xeb\x1d" +
-	"g\xf5\xad\x1d\xfcks\xc7]\x84\xe0\xe4\xf5\x07\xbf\xf2" +
-	"\xb7\xaf\x1e9\xdat\x14\xac\xe6xG\x98\x9f\xd3\x1d\x9c" +
-	"\x1f\xe5\x949g\xcb\x1f?{\"\x11c.\xfb*(" +
-	"\x15\xac\xfa\xe2m\xe3\xed\x9bO\x9eL\x1eE6\x8cq" +
-	"V\x96\x8f.\xbc\xa3_\xae_t\xcb\x1b\xa4u\x89\xf3" +
-	"\xca\xb80\xbb\x18\xfa\xd2,\x1f\xe8\xcf\xde\x07\xfd\xd6\x9c" +
-	"J\x14<x\xcf\xc0\xea\x9b\xe6>{6\xa9\xaf?\xc7" +
-	"\xf9\xd6\xd7\xe6X\xdf\xe8\xa27?w\xcd\x83\xbf>;" +
-	"-\xaeP\xb0\x9e\x9b\x0f};\xeb\xd1\xb7\xb2\xf0\x99e" +
-	"\xdf<\xda\x95\xef:7\xad\xdf2,\xfb\xed\xdc8\xf4" +
-	"\xa7Y\xb6\xe7\xa7\xb9\xe7\xb8\x90_W\x1f;\xb9\xe5\xcf" +
-	"_z;i\xfa\xc9\xfc\xabl\xfa\x99<\x9b\xbe\xfb\xcc" +
-	"\xde\xcf\x7fm\xfd\xf7\xff\x97\xc8\xc2+\xf9)\xae\xb4_" +
-	"\xb7mYqk\xa9\xf2\xc7\xa2\x9f\xe5\x1b\xcaf\xcd\xae" +
-	"-\xee\xaf\xfb\x1b\xa4\xed[e\xd3\x97C\xb2\xd7\xab9" +
-	"\xb6'\x8b\x80\xd1)RD)\x10i\xe68\x91q\x87" +
-	"\x80QQ\xa0\x01\x05\xeeQ\xcdbp\x83\x80\xe1+\xd0" +
-	"\x14\xa5\x00\x85H\xbbs.\x91Q\x1106*\x80(" +
-	"@\x10i\xf5]D\xc6F\x01c\x9b\x82\xa0&\xdd\xaa" +
-	"iK\x9b\xf2\xfeR\xd7E\x96\x14d\x09\x81+}w" +
-	"\xd2\x1c\xaeP^&`u\xfc.\x1f9R\x90#\x04" +
-	"\x1b\x9c\xba\xeb\xad\xb5}X\x95!9\xeaJ\x0f\x1b\x90" +
-	"!\x05\x19\xc2\xc5\xc2[\xba\xd1\xf2|\xcb\x1e[\x13\xe2" +
-	"\xbdE\xa7b\x95'9\xbcl\xe8\xf0\xd5\x8b\x89\x00m" +
-	"\xd6:\"(\x9a\xb6\x84\xa8\xd7\x1a\xb3\x1dW\x06#\x96" +
-	"Wvl[\x92(\xfb\xf7\x0e\x9b\x15\xd3.\xcb\xd8P" +
-	"\xe6BC\x0d\x03%\xe9NH\xf7\x063\x91\xd4yE" +
-	"\xd35E\xd53\xb2qB\x97\xae#2\x06\x04\x8cb" +
-	"\"\xa1+\x97\x13\x19+\x04\x8c[\x12\x09]\xbb\x84g" +
-	"\x93\x80\xb1^A\xe0\xb8\xd6\x98e\xdf,I\xb8\xc9\xbc" +
-	"x\xbemV%\x11Ey\xbb\xd7\xa9\xf9\x96c{\xe8" +
-	"l]J\x02:\x13\x99z\xaf\x00\xea\xb6+\xc7,\xcf" +
-	"\x97n\x03\x9e\xd7\xcbQT=#\x15\x07\x91\xdbGd" +
-	"t\x0a\x18W)\x08\xc6\\\xb3,\x8b\xd2\x85\xe5\x8c\xac" +
-	"2m\xa7$d\x19iR\x90N\x18\x9dy\xb9F\x87" +
-	"\xa4W\xaf\xf8\x1e\xc5\xa7.~\xde\x95a\xc5\xca~\xf3" +
-	"x\xb1\xbb\xe1s!\xf6y\xf3\xdcV/\xc6\x89\xdf:" +
-	"Ldl\x110v&\x12\xbf\x83Kt\xbf\x80\xb1[" +
-	"\x81&\x9a\xad\xfc0\x97\xe8!\x01\xe31\x05Z*U" +
-	"@\x8aH\xdb\xcb%\xda-`\xecW\xce\xefX9!" +
-	"m\x7f\xc0\x1a#Uz-\x94]\x1c\xb0\xc6$\x09\xef" +
-	"J\x8b\xd8\xf6\x1e\xf9p\x86=\xa7\"}9 \xcb\x15" +
-	"\xd35}kB6\xbe\xdf\xdcHST\xd4K\xee\x8a" +
-	"i\xe5)\x9a\xf90\xbf\x1f\xa4\xc6\xbe\xf8\x84\xb3\x1c\x9b" +
-	"(\xbc\xfd-\x97\xb9%\xfa\x04\x8c\x15\x09\x97\x07?\x9e" +
-	"\x88#ry\xe5p+\x0e\xf5\xcbr2\xf2\xaa[V" +
-	"M\xab\x12\xcf\xb2f0\xfd\xa4~\xa1%s1\xff\x86" +
-	"\xc2\xac\xba\xa1w\xabk\xdda\x84\xec\xe3\xa2\xc8G}" +
-	"\x12\xcb\x89J\x1b!P\xda\x86\x96\x9b\xfaV,!*" +
-	"\xdd\xcd\xf8\xfdhy\xaaoG\x17Qi\x0b\xe3;\x11" +
-	"Ob}\x07\xbeKT\xda\xc9\xf0\xa3,\x9e\x12a\x07" +
-	"\xeb{B\xf5\xbb\x19\xdf\xcfx:U@\x9aH\x7f\x1c" +
-	"\xf3\x89J\x8f2\xfe\x13\xc63J\x01\x19\"\xfd \xc6" +
-	"\x89JO1~\x88q5]`2\xd2\x9f\x86KT" +
-	"\xfa9\xe3\xbfb\xbcmv\x01mD\xfa\xb3!~\x98" +
-	"\xf1\x17\x19o\x9fS@;\x91\xfe\x1bL\x11\x95\x9eg" +
-	"\xfc(\xe33P\xc0\x0c\"\xfd\x08\xf6\x11\x95\x8e2\xfe" +
-	"\x17\xc6;2\x05t\x10\xe9\xaf\x84\xfe\x1cc\xfc5\xc6" +
-	"\xb3\xa9\x02\xb2D\xfa_q\x80\xa8\xf4\x1a\xe3\x7fg<" +
-	"\xa7\x16\x90#\xd2O\x87q\xbd\xc9x\x9b\xa2 (W" +
-	",i\xfb\x83#\xc9\x8e\x9a\x90\xaeg9v\xf4\xb7p" +
-	"\xbc\xb8d\xb2I\x1dh\xb4{\xd1\xc93w \xdf\xda" +
-	"\xfc\x08\xc8\x13\x82\x9a\xe3TV\x9d\xdf\xa9y\xdf\x1c\xf3" +
-	"0\x93P\x14@gk\xd9!0\x184\xe7\x94Ey" +
-	"\xc7\x1e\x1c\x89y\xac\xd1:+\x1c\xea.\x9b\x95\xc1Z" +
-	"\xec\x89\xe5\xf5\xd7}\xa7^\xa3\xee\x11\xd3\x97#\x00)" +
-	"\xe0\x8d\xc0\xad\xdb\xcb\\\xa7\xba\x06\xd2\xadZ\xb6Y\xa1" +
-	"\xf8K\xd9\xa9\xd6\\\xe9y\xb0\x1c\xdb\xa8\x9b\x15K\xf8" +
-	"\x93h'\x05\xed\x84|\xbdn\x8d\xc4\xba\xedz\xb5\xe8" +
-	"\xca\x09\x0bN\xdd\xeb\xf7}YUk\xbe\x17{4*" +
-	"M\xbf\xeeJ\x8fCkF\xc3\x07g&:Z\x99\xde" +
-	"\xd1\xdd\xb5\xc5k\xcc1\xee\xe0\xb6\xf8\x96]7\x9f\xc8" +
-	"\x98'`\xdc\x98\xb8e\xd7\xf3-\xfb\x88\x80\xf1\x09\x05" +
-	"y\xbe\xea\xf1\x8d\x9a0+uy\xc1\xdd\xc9\\\xe6\xfc" +
-	"\x1f\xeam\xf0G\x92\xb4\x16\x13\x19m\x02FAA\xaf" +
-	"\x1b~Fg\xb4\x86]&G\x8eI\xbf\xf1k\xd0\x1e" +
-	"u\x98\xe5\xd5\xcb\x99\xa5\xe7\x9f\x1e\x92^\xfeR\\m" +
-	"\xad\x97\xd3\x9c\x15\xeff\xae\xb7a\x85\xcb1[\xa4\x89" +
-	"\xe2\xad\x1f\xd1*\xab\x1d\xdcD\x8a\xf6\xa4\x8a\xd6\x1e\x8d" +
-	"hm\xd6\x1ewI\xd1\xf6\xa8P\xe2G\x0a\xa2\xc7\x88" +
-	"\xb6\xe3\x01R\xb4\xed*D\xfc\xc6@\xb4\x82.\x98\x9c" +
-	"\x01R\xb4\xcd*R\xf1\xf3\x07\xd1\x02\xab\xdd9N\x8a" +
-	"f\xa9H\xc7\xcf\x17D+\xbev\xfb\x14)\xdaZ5" +
-	"\x88\xb8\x86z\x1bq\xf4!\x88RF\xdda\xd2\xfa\x10" +
-	"D\x1b\x03\"N\"\xeaC\x10\xf1\x9ex7\xe2\x0b\xa5" +
-	"\xa2\x1d\x8d\xf2\xbc\xa5\xf5\xf1\x12\xdah\x1f4\xfb\x87\xfa" +
-	"P\x04\xde/9\x0e\xc9\xee+i\xbew\xa8g\xc3N" +
-	"\x9eC\xe7j&\xf4\xf2*\x9e\x150f+\x08*N" +
-	"\x93\xe7\xf2\xab\x127\xeab\xfc\xd3p8b\xa1<\x1f" +
-	"f\xfd\x1f\x8e\xf5\x1fa\x8a|Q\xc08\x96\xb8\xbc\x7f" +
-	"`\xf0w\x02\xc6\x89\x04E\x1eg\xaa?&`\x9ck" +
-	"\xed\xff\xffx\x80\xc88'0\x94\xa0\x1c\xed\xbf,\xf8" +
-	"6\x0f\xe6\x90p\xd0 \x9c4v\x11\x95\xdax`\x17" +
-	"B\xc2I5\x08G\xc30Q\xa9\x93\xf1\xab\x92\x843" +
-	"\x07\xeb\x88J\xb3\x19\x9f\x07\x05\xaaL\xbc\x1d\xean\x8b" +
-	"\x92+\xce\xd8\x0a\xcb~\xc7)\x16=H\xe0/3\xad" +
-	"J\xdd\x95\xd4\x1a\xa2\x8dD\x0d\x0e$\xe6z\xe3\xa5\xd2" +
-	"?\xca\x1dW\xe2~\x19\x81\x07\x95\x14\xa8\x97\xb7\xf0\xbd" +
-	"\xaf\x87\x04\xaf\xc3\xea\xa5\x0c\x89\xf8\x1f\x19\xd3\x9a\xaa\xfd" +
-	"J\x17\xc6h!\xff\x7f\x00\x00\x00\xff\xff/\xf3\xa2\xe2"
+const schema_db8274f9144abc7e = "x\xda\xccY\x7fp\x14\xe5\xf9\x7f\x9e}\xef\xb2\x17H" +
+	"\xbc[\xf6\x88\x98\xd1o\xbee`\xac\xd1\xa81\xa5\x83" +
+	"T\x9b\x04\x035\x91\x1f\xd9\x1ct\x1cE\xc7\xcd\xddK" +
+	"\xb2\xe9\xdd\xee\xb9\xbb\x17\x13\x0a\x82\x11\xaa8\xfe\x16\xaa" +
+	"Ri\x15\xc7v\xb0\xb5J\xd5i\xed\xe8T\xdaZ\xed" +
+	"hU\x1c\xe8\x80\xd2i+\xd2V\x06k\x8bv\x1c:" +
+	"\xeav\x9e\xdd\xdb\x1f\xb9\x84$h\xff\xe8\x7f7\xcf>" +
+	"\xef\xf3>\xbf\x9f\xcf\xfb\xdc\xf9i\xb1Mh\x8e?>" +
+	"\x0d@Y\x1b\xafrx\xe3\x1bk\x1e\x9c\xfb\xab\x11P" +
+	"\xea\x11\x9d\xeb\x9f\xedJ\x1f\xb7G\xde\x828\x13\x01Z" +
+	".\x8e\xafAY\x89\x8b\x00\xf2\xd2\xf8_\x01\x9d\xcb\xa4" +
+	"\xf3\xaeL\xbf\xfe\xea\x8d \xd5G\x99c\xc4\xdc\\\xd5" +
+	"\x88r{\x151_\\E\xcc\x17\x15^\xdb\xf1\xe5\xad" +
+	"/o\x04\xa9^\x08\x99\x01[\xce\x12\xd7\xa0|\xb1H" +
+	"\x9c\x17\x8a\xcb\x01\x9d\x0f\xb6\xcc\xfa\xe1C\xaf\xbe\xb4\x09" +
+	"\xa43\x11\xcaw+\xe2\x9b\x08(s\xf1q@g\xf6" +
+	"\xe0\xdck~\xf9\xc2\x93\xf7\x82\xd2\x84\xe8\x1c\xec={" +
+	"\x1f\xdb\xfe\xe8[\xb0\x12E\x14\x00Z\xe2\x89\x1d\xc4;" +
+	"3q\x1d\xa0\xf3\xda9\xcf\xfe\xfc\xce'o\xfa\x0e(" +
+	"g\"\x02\xb8\xba\x0d'\xfeM\x0c\xb7%Z\x01\x9d-" +
+	"\xfb\x9f[V\xb8k\xdb\x0e\xef6\xf7\xfb\xd3\x09A\x80" +
+	"\x98\xb3\xb1\xf3\xa3\xc2\xca\x873\x0f\x97\xf5 \xc3[v" +
+	"&\x8e!`\xcbs\x89\x06\x04t\xe6\xbdyx\xf9\xd2" +
+	"\x9f\xac\xfeA\xe4\xec\x81\xea5t\xf6\xb1\xff\xbb\xacz" +
+	"\xe8\xf0\xe2'@j\xf2\xbf\xec\xab\xee\xa1/\xb1\xab\xd8" +
+	"\xa7\xea}\xbfx\xaa\xd2\xc5\x02\xf1\xec\xa9\xeeE\xf9p" +
+	"5\xf9\xe2\xcf\xd5\xe4\xb5[vo;;\xf1\xbd\x0f\x9e" +
+	"\xaep\xb1\xcb\xfc\xc2\xb4^\x94\x0fL#\xe6}\xd3\xc8" +
+	"\xd6\x99\x9dx\xf0\xf9\xe6\xd8O\xa3\x8e\x9b7\xfd\x08\xd9" +
+	"\xda9\x9d\x1cw\xc6{\x0bk\xf5\xf7G\x9e\xaf\x90\xe6" +
+	"2\xbe;\xbd\x0b\xe5O\xa6\x93\xb4\xe3.s\xd7\x95\xf7" +
+	"\xdc\x1d?|\xcf\x8b\xa4h$b\xf1\x04qo\xad1" +
+	"Q\xdeYC?\x1f\xa99\x95\x01:\xf5O|\xe5\xc7" +
+	"\x0bs\x07^\x1eGSyn\xea\x98\xdc\x9c\xa2_M" +
+	")R\xf4P\xd3\xaeo\xbe{\xdb\x9e\xbdeE\x91\xc4" +
+	"lN\xb9A\xd9\x9e\xa2\xa0\x041\xadp\x92\xcb\xf9\\" +
+	"j\x00\xe5=\xae\xb8\xdf\xb9\xdc\xc2a\xf5\xb4\x0d\xbf\xff" +
+	"\xea\xc1H\x18\xf6\xa4\xdeF\x889\xcb\xbe~\xe5@\xf5" +
+	"\xbaC\x87\xa2\x17\xbd\x90r=r\xc0=\xfa\xf7\xef\x1f" +
+	"\xb9\xe3h!\xf7\x177\x95|\x9f\x1dO-\x10\x00e" +
+	"I\xa2\x08\x9c\xdaP\xbbh\xf6\xfe\xee#^$=\x11" +
+	"\xefI\x0b\x89!>\x83D\xcc\xbb\xa6\x9d\xaf\x9a\x7f\xf9" +
+	"\x11\x90\xea\xd9\xa8\xc4\x9e;c\x01\xca\xf3f\xb8\xd50" +
+	"\xe3&\x94;\xe5S\x01\x9c\xdb\xaf\xefX~\xe1\xec\xdd" +
+	"\xc7\xa2*](SV\xc9Ke\x92\xb7z\xfe\xd1\xaf" +
+	"\xcd\xbd\xfd7\xc7*\x1c\xe92\x16\xe4F\x94\xd7\xc9d" +
+	"\xfa01\xbf\xbf\xf8\xbb{\xeb\x93\xf5\x1fV\xb8\x89\xca" +
+	"\xaee\xbb<\x80\xf2.\xe2myL~\x91\xd2\xf5[" +
+	"o]=\xf4\xc6\x8d\x1f\xfc\xab2\xa2\xae\xe8\x87f\xf6" +
+	"\xa0\xfc\xf4L\x12\xbdk&\xc5\xff\xde\x15\x7f[\x7ft" +
+	"k\xddGc\xecR\xea\x06P\xe6u\xc4\xa9\xd6\xdd$" +
+	"\xef\xa6_\xce\xeb\xe2\xc3\xcd\x1d\xeb_>\x1eI\xf8\x9d" +
+	"u]\x94\xf0\xdf\x16\x1f8\xb4\xe1\x8fW\x7f\x1c5\xf8" +
+	"\x91\xba\xb7\xc9\xe0g\xea\xc8\xe0\xb5\xef\xdf\x7f\xe9\x1d\xab" +
+	"~\xf4i\xb4\x8a\xeaF\xe8\xa8]\xd2u\x9e7\x8b\xb1" +
+	"\xecy\xfe\xcf\xec\xb9Y\xb5\xa8\x17\x17\xb4\x97\xec~\xae" +
+	"\xdbZV\xb5y\x0fo\xb5\x8a\x86n\xf1nD%\xc5" +
+	"b\x001\x04\x90\xd4\x01\x00\xe5\x1a\x86J^@\x091" +
+	"M\x01\x964\"\xf63Tl\x01%AHS\xc7\x90" +
+	"\xae\x9d\x0d\xa0\xe4\x19*C\x02\"K#\x03\x90Jw" +
+	"\x03(C\x0c\x95\x8d\x02:En\x16T\x9d\xeb\x90\xb4" +
+	"\x17\x99&\xd6\x80\x805\x80\x8e\xc9msX\xed\xcdC" +
+	"\x92G\xc8\xe2\xc0u6\xd6\x82\x80\xb5\x80N\xbfQ2" +
+	"\xad\x95\xba\x8dZ\xbe\x87\xaf6\xb9\x85\xfdX\x05\x02V" +
+	"\x01\x06\xe6\xb1\xb1\xe6]\x92\xd7\xb8n';\xf5\xd5F" +
+	"\x85Q]\xe3\x19\xd5U6jc\xc4\xa8\x1b\x16RS" +
+	"g\xa8\xdc,\xa0\xc4\xcaVmj\x04P60Tn" +
+	"\x15\xd0\xc9\xba\x97t\xe6\x00 \xd0w5W\xed\x92\xc9" +
+	"-\xa2\x9d\x02\xd8\xcd\xd05\xeb\x14\xc0\xf5\x83\xdc\xb44" +
+	"C\xf7\xcdL\xaaf\xb6?p\xc5\x04\xa1Z4\xa4Y" +
+	"\xb6\xa6\xf7\xadp\xe9\xad\xddF^\xcb\x0e\x93U5\xae" +
+	"\x9eg,\x00@\x94f^\x01\x80\x82$-\x04h\xd5" +
+	"\xfat\xc3\xe4NN\xb3\xb2\x86\xaes`Y{}\xaf" +
+	"\x9aW\xf5,\x0f.\xaa\x1a{\x91wA\x86\x9b\x83\xdc" +
+	"<W\x8d$\xc8\x9cn\xd5TY\xc1Rj\x02?." +
+	"\xba\x02@\xe9`\xa8tG\xfc\xb8\x94\xfc\xb8\x84\xa1r" +
+	"y\xc4\x8f+\xc9\x8f\xdd\x0c\x95U\x02:\x86\xa9\xf5i" +
+	"\xfa%\x1c\x98\x19\x8d\xb1e\xebj\x81\x93\xcf\xca\xfeX" +
+	"o\x14m\xcd\xd0-L\x85}\x14\x10S\x11O\xc5\xc7" +
+	"\x89:Y\x9b\xa5\x83=\xdc\xcb\xe8sMn\x89\xa5\xbc" +
+	"\xad$X\xac\xc6q\\\xd5\xcf\xba\x00@\x99\xc3P9" +
+	"_\xc0Z\xfc\xd4\xf1to\xa2|=\x9f\xa1r\x91\x80" +
+	"\x0d\xdc4\x0d\x13Sa\xc5\x97\xef\xce\x96/@C\xef" +
+	"\xe0\xb6\xaa\xe5\x914\x0c\x86L\x85\x86\x93\xb9\xb8\xa4\x9b" +
+	"\xbcO\xb3lnz\xe49\xad\xe4\xe7\x82\xa5\xc4\x027" +
+	"\xd7n\x03PR\x0c\x95\xd3\x05t\xfaL5\xcb\xbb\xb9" +
+	"\x89\x9a\x91[\xa6\xeaF\x86\xf1,\xc6A\xc0x\xe4\xd2" +
+	"SN\xf6\xd2\x1en\x95\xf2\xb6\x05\xc1\xa9\x89\xcf\x9b\xbc" +
+	"\xec\x84\xf2\xf1\xee\x06O\xe7t\xa0\xf3\xba\xd9a\xe5\x07" +
+	"\xa9qCoX8Ajl\xa6$\xba\x99\xa1\xb2%" +
+	"RbwQ\x12\xdd\xc9Py@@)\x16Kc\x0c" +
+	"@\xba\x9f\x92h\x0bC\xe5Aat\x7f\xe0\x83\\\xb7" +
+	";\xb4>\x10\xb9\x15RI\xc5\x0e\xad\x8f\x03\xb3>o" +
+	"\x9a%&\xf1\x87\xd1k\x19yn\xf3\x0e\x9e\xcd\xab\xa6" +
+	"jk\x83\xdc\xfb^NF?\xa8\x13\x09\xecq#B" +
+	"\x87\x0d}L\x98\xc2\xa4.\x87\x0a\xad\x89\xbaE\xc8\xbe" +
+	"\xbchk\xa2\xa1[\x15\x0dp\x01\x80\xb2\x8a\xa1\xd2\x1f" +
+	"\x89\x0e7\x01\x94\x1cC\xa5( \x96\x83S\x18\x09\x9b" +
+	"\xba\xc4\xb0\xdc\xd5\xb7\x85\xb1m\xf5\xfa\x1f\xa6B [" +
+	"\xf6\x9dW\xe5K\x0ch\xc8\xaa\xf9\xceb\x10\x01\x93\x17" +
+	"\xf3j\x96/\xc2rG\x03D\x10\x10\xdd\x80\x15\x8a&" +
+	"\xb7,\xd4\x0c])\xa9y\x8d\xd9\xc3c\xfa\xfc\x84\xd6" +
+	"R=\x8aZ\xde\xb56\x11X{VcX\xeb\x81\xb5" +
+	"M4\xc3\xcea\xa8\xcc\x170Y*i\xb9@\xc1\xbc" +
+	"\x91u\x83\x00\xc9ej\x81\x8fi\xceU\x93\xd6\xc6\xa8" +
+	"\xca\xeaV\x93ni\xfc/u\xcd\x89\xa1\x00\x99\x0e\xee" +
+	"h\x09U\xa6jnc\xa8,\x89\xa8\xdcyA\xc4\x0e" +
+	"_\xe5\xa5\xbd\xa1\x1d\xe27\xf8\xb0\xafU\x03/P\xa7" +
+	"\xf4\x9dY6\xa6\x1d\xc4\xcbB\x9e\x89\xf4\x8bV\xc7\xf2" +
+	"b\x83k!\xe98\xdf\xd7Q\x1e\xc6.\x80\xcc\x102" +
+	"\xccl\xc4PM\xf9\x06\\\x08\x90YK\xf4\x9b1\xd4" +
+	"T\xde\x84\xf5\x00\x99\x0dD\xbf\x15\x03\xc8\"o\xc6G" +
+	"\x012\xb7\x12\xf9>b\x8f1\xb7\xf9\xc8[]\xf1[" +
+	"\x88\xfe \xd1\xe3\xb14\xc6\x01\xe4\xed\xd8\x08\x90\xb9\x8f" +
+	"\xe8O\x11\xbdJHc\x15\xe1?\x1c\x00\xc8<A\xf4" +
+	"g\x89.\xc6\xd3\x84\xda\xe4g\xd0\x04\xc8\xfc\x8c\xe8\xbf" +
+	"&zbV\x1a\x13\x00\xf2n\x97\xfe<\xd1_!z" +
+	"\xf5ii\xac\x06\x90\x7f\x8b#\x00\x99\x97\x88\xbe\x97\xe8" +
+	"\xd30\x8d\xd3\x00\xe4=\xb8\x0d \xb3\x97\xe8\x7f\"\xfa" +
+	"\xf4\xaa4N\x07\x90\xff\xe0\xea\xb3\x9f\xe8\xef\x10\xbd&" +
+	"\x96\xc6\x1az\x0a\xe1\x0e\x80\xcc;D\xff\x07\xd1k\xc5" +
+	"4\xd6\x02\xc8\xef\xb9v\x1d%zB\xa8\xc03~F" +
+	"U\x80\x16fXA\xc8x\xb9\x8a\xd1K\xf7n#I" +
+	"\xc0\x04\x93\xe1S\x15\x10\x93\x80N\xd10\xf2\xcbFg" +
+	"j\xd2V\xfb,\x1f \xa5\xc2\xc7\x0f \x11\x839\x0b" +
+	"IC\xef\xcc\x05\x8d\xa0\xb2\xaf\xf8\x9ahV{\xc96" +
+	"JEh\xc8\xa96\xcf\x05]\xc5,\xe9\x8bM\xa3\xb0" +
+	"\x02\xb9Y\xd0t5?I\xbf\xa9\x06\x01\xab\xa1\xdc\x12" +
+	"|\xd9z\xa9\xd0m\xf2A\x0d\x8d\x92\xd5n\xdb\xbc " +
+	"\x16m+\xd0\xe8\xc4p/\xc8h\xa12\xa3\x1b\x8a\x0b" +
+	"V\xa8}S\xe9STe_d\xa8|I\xc0\xa4\x1e" +
+	"iH\x0d\x83j\xbe\xf4Y\xda\xd3\xe8\xd1\xdd\xd3\xea\x8d" +
+	"\xfe(\xde\xa0\xe9\x90`\xa8\xa4\x05l5\xbdq\x93\xf2" +
+	"_I\x93\xb7\x92\xd1\x00,\xe9\xbf)\\\xf9\x18Y<" +
+	"\xd0=BY\xfe\x94\xd5\xef\xe3\xb6\xf7\x8bP=AR" +
+	"1:VO\xeet\x0f\xb7\x92S1=|MV\x18" +
+	"/Ni\x8a\x8f3\xc3}\x8c\x17\x99\xc8\x8d\xe3M\xe4" +
+	"\xaeq&rOt\"\x0b\xe5\x89L\x83\xa2\xc8PY" +
+	"+`\x92@{0 <\xfdF?O(\x01:\xf5" +
+	"\x1c\x07\x1c\xf2s824\x82\xdd\xca\xe4\x18hj\xc6" +
+	"\xfa\xd8rR7\x07\x0b\x8b\x8a\x9b\xd9\x89\xa2\xda\xea]" +
+	"J\xd95\x8b\xc5\x01\x82\xe5\x0d\xfa\x0b\x02i\xd7\x1a\x10" +
+	"\xa4\x9d\"\x86\x0b\x0e\xf4\xf7\x19\xd2v\x13\x04i\xab\x88" +
+	"B\xb0\xe0B\x7f\x91%m\xbe\x05\x04i\x93\x88,\xd8" +
+	"O\xa1\xff\xc4n\x1e\x9e\x86 H\xebD\x8c\x05k6" +
+	"\xf4\x1f\xe8\xd2\xb5\x03 H\x9a\x88\xf1`\xf5\x85\xfe\xa6" +
+	"F\xbaj\x04\x04i\xa5\xe8\xf8N\x82V\xcf\x8e6t" +
+	"\xfc\xcc\x84\x0677\xdb\xd0\xf1\xc1\x1f\xfaP\x02\xa0\x0d" +
+	"\x1d\x1fi\xb2\x13AM\x97\xcb\x7f\xb7A\x92^nm" +
+	"\x04\xba\xbc\xaa\xc7r\xd9C\x1b*1\x8c\xec'\x00>" +
+	"+\xc0\xe9\xe1\x0d\x9f\xa7\x81\x8c\x13\\\xef\x9e\xe0\xdd\x1e" +
+	"\x91K\x98\xad\x86\xa12K\x98\x14\xa6\xc5Nd\x85\x9f" +
+	"\xb4I:L\xf2\xff?\x90\xbf\x87`\xce+\x0c\x95\xfd" +
+	"\x91\"\xdcG\xc4\xd7\x19*\x07#0\xe7\x00U\xe6~" +
+	"\x86\xca\x87\xe1\xb2\xe3\x9f\xb7\x00(\x1f2\xec\x89\xc0\x06" +
+	"\xe9\x13b\xfc\x98\x86\xab\x0b\x1a\xd0\x03\x0dq\xbc\x1b " +
+	"\x93\xa0\xa1\x9bvAC\xcc\x03\x0d\x12\xf6\x02dRD" +
+	"?=\x0a\x1aN\xc3+\x002\xb3\x88>\x07\x05\x14y" +
+	"dQR2CX\x957\xfa\x96h\xfa\xb8\x93\xc8\xdf" +
+	"\xbe\xa0\xbdX\xd5\xf2%\x93C8\x08\xcbM\xa2#2" +
+	"\x9b\xbd\xb5L\xfbjJ\xbf\x0c%O\x0e-\x14A@" +
+	"\xf1\xe4\xde[S\x9a\x13\x8bL\xd3@\xb3\x02r^\x10" +
+	"B\xce\x00q\x12r\xbe\x94\xa1\xb2\x82B\xd1\xe6\x85B" +
+	"\xe9\x0dArCV-Y|\x8c\x0d\xc0\xb8\x19\xbc\x91" +
+	"\xad~\xa3\x94\xcf\xf5p\x10ms\xb8\xc2\x05\x93B\xcf" +
+	"\x0cO\xfa\x1d'\xe1v\x1c\x7f\xf7\x89\xfe\x8aSj\xde" +
+	"\x06\x82\xd4D\x1d\xc7_\xe7\xa1\xbf\xc8\x96\xbe\xf0(\x08" +
+	"\xd2\x19a\x03@\xdf\x07\xcc\xd0G\x97\xbc\xf7\xc1\xcd\xd1" +
+	"6\xecF\xfco\xbc\x1c\xbd\xa1s\x12\x95>j\xfdC" +
+	"m\\\x9c\xca\xb4\x0c\xfe\xff\xa8\xa8\xf4\xea\xcf\xfb\x88\xf6" +
+	"\x07\xc9\x7f\x02\x00\x00\xff\xffU\xcf\xfa\xff"
 
 func init() {
 	schemas.Register(schema_db8274f9144abc7e,
 		0x82c325a07ad22a65,
+		0x83ced0145b2f114b,
 		0x84cb9536a2cf6d3c,
 		0x85c8cea1ab1894f3,
+		0x97b3c5c260257622,
 		0x9b87b390babc2ccf,
 		0xa29a916d4ebdd894,
 		0xa353a3556df74984,
 		0xa766b24d4fe5da35,
+		0xb046e578094b1ead,
+		0xb4bf9861fe035d04,
+		0xb5f39f082b9ac18a,
 		0xb70431c0dc014915,
 		0xc082ef6e0d42ed1d,
 		0xc793e50592935b4a,
 		0xcbd96442ae3bb01a,
 		0xd4d18de97bb12de3,
+		0xdbaa9d03d52b62dc,
 		0xdc3ed6801961e502,
 		0xe3e37d096a5b564e,
+		0xe6646dec8feaa6ee,
+		0xea50d822450d1f17,
 		0xea58385c65416035,
 		0xf2c122394f447e8e,
 		0xf2c68e2547ec3866,
 		0xf41a0f001ad49e46,
+		0xf5f383d2785edb86,
+		0xf71695ec7fe85497,
+		0xf9cb7f4431a307d0,
 		0xfc5edf80e39c0796,
 		0xfeac5c8f4899ef7c)
 }

From 8f75feac94126067b3840c30e8f9622196f88e90 Mon Sep 17 00:00:00 2001
From: Igor Postelnik <igor@cloudflare.com>
Date: Thu, 11 Jun 2020 21:47:40 -0500
Subject: [PATCH 085/100] TUN-3085: Pass connection authentication information
 using TunnelAuth struct

---
 tunnelrpc/pogs/connectionrpc.go      |  33 +-
 tunnelrpc/pogs/connectionrpc_test.go |  21 +-
 tunnelrpc/pogs/support_test.go       |   8 +-
 tunnelrpc/tunnelrpc.capnp            |   7 +-
 tunnelrpc/tunnelrpc.capnp.go         | 454 ++++++++++++++++-----------
 5 files changed, 334 insertions(+), 189 deletions(-)

diff --git a/tunnelrpc/pogs/connectionrpc.go b/tunnelrpc/pogs/connectionrpc.go
index eb1e9dac..971f5393 100644
--- a/tunnelrpc/pogs/connectionrpc.go
+++ b/tunnelrpc/pogs/connectionrpc.go
@@ -14,7 +14,7 @@ import (
 )
 
 type RegistrationServer interface {
-	RegisterConnection(ctx context.Context, auth []byte, tunnelID uuid.UUID, connIndex byte, options *ConnectionOptions) (*ConnectionDetails, error)
+	RegisterConnection(ctx context.Context, auth TunnelAuth, tunnelID uuid.UUID, connIndex byte, options *ConnectionOptions) (*ConnectionDetails, error)
 	UnregisterConnection(ctx context.Context)
 }
 
@@ -32,6 +32,11 @@ type ConnectionOptions struct {
 	CompressionQuality uint8
 }
 
+type TunnelAuth struct {
+	AccountTag   string
+	TunnelSecret []byte
+}
+
 func (p *ConnectionOptions) MarshalCapnproto(s tunnelrpc.ConnectionOptions) error {
 	return pogs.Insert(tunnelrpc.ConnectionOptions_TypeID, s.Struct, p)
 }
@@ -40,6 +45,14 @@ func (p *ConnectionOptions) UnmarshalCapnproto(s tunnelrpc.ConnectionOptions) er
 	return pogs.Extract(p, tunnelrpc.ConnectionOptions_TypeID, s.Struct)
 }
 
+func (a *TunnelAuth) MarshalCapnproto(s tunnelrpc.TunnelAuth) error {
+	return pogs.Insert(tunnelrpc.TunnelAuth_TypeID, s.Struct, a)
+}
+
+func (a *TunnelAuth) UnmarshalCapnproto(s tunnelrpc.TunnelAuth) error {
+	return pogs.Extract(a, tunnelrpc.TunnelAuth_TypeID, s.Struct)
+}
+
 type ConnectionDetails struct {
 	UUID     uuid.UUID
 	Location string
@@ -92,6 +105,11 @@ func (i TunnelServer_PogsImpl) RegisterConnection(p tunnelrpc.RegistrationServer
 	if err != nil {
 		return err
 	}
+	var pogsAuth TunnelAuth
+	err = pogsAuth.UnmarshalCapnproto(auth)
+	if err != nil {
+		return err
+	}
 	uuidBytes, err := p.Params.TunnelId()
 	if err != nil {
 		return err
@@ -111,7 +129,7 @@ func (i TunnelServer_PogsImpl) RegisterConnection(p tunnelrpc.RegistrationServer
 		return err
 	}
 
-	connDetails, callError := i.impl.RegisterConnection(p.Ctx, auth, tunnelID, connIndex, &pogsOptions)
+	connDetails, callError := i.impl.RegisterConnection(p.Ctx, pogsAuth, tunnelID, connIndex, &pogsOptions)
 
 	resp, err := p.Results.NewResult()
 	if err != nil {
@@ -140,10 +158,17 @@ func (i TunnelServer_PogsImpl) UnregisterConnection(p tunnelrpc.RegistrationServ
 	return nil
 }
 
-func (c TunnelServer_PogsClient) RegisterConnection(ctx context.Context, auth []byte, tunnelID uuid.UUID, connIndex byte, options *ConnectionOptions) (*ConnectionDetails, error) {
+func (c TunnelServer_PogsClient) RegisterConnection(ctx context.Context, auth TunnelAuth, tunnelID uuid.UUID, connIndex byte, options *ConnectionOptions) (*ConnectionDetails, error) {
 	client := tunnelrpc.TunnelServer{Client: c.Client}
 	promise := client.RegisterConnection(ctx, func(p tunnelrpc.RegistrationServer_registerConnection_Params) error {
-		err := p.SetAuth(auth)
+		tunnelAuth, err := p.NewAuth()
+		if err != nil {
+			return err
+		}
+		if err = auth.MarshalCapnproto(tunnelAuth); err != nil {
+			return err
+		}
+		err = p.SetAuth(tunnelAuth)
 		if err != nil {
 			return err
 		}
diff --git a/tunnelrpc/pogs/connectionrpc_test.go b/tunnelrpc/pogs/connectionrpc_test.go
index f520c2e1..b4e7ee7f 100644
--- a/tunnelrpc/pogs/connectionrpc_test.go
+++ b/tunnelrpc/pogs/connectionrpc_test.go
@@ -16,6 +16,8 @@ import (
 	"github.com/cloudflare/cloudflared/tunnelrpc"
 )
 
+const testAccountTag = "abc123"
+
 func TestMarshalConnectionOptions(t *testing.T) {
 	clientID := uuid.New()
 	orig := ConnectionOptions{
@@ -47,6 +49,7 @@ func TestMarshalConnectionOptions(t *testing.T) {
 
 func TestConnectionRegistrationRPC(t *testing.T) {
 	p1, p2 := net.Pipe()
+
 	t1, t2 := rpc.StreamTransport(p1), rpc.StreamTransport(p2)
 
 	// Server-side
@@ -84,9 +87,14 @@ func TestConnectionRegistrationRPC(t *testing.T) {
 	testImpl.details = &expectedDetails
 	testImpl.err = nil
 
+	auth := TunnelAuth{
+		AccountTag:   testAccountTag,
+		TunnelSecret: []byte{1, 2, 3, 4},
+	}
+
 	// success
 	tunnelID := uuid.New()
-	details, err := client.Register(ctx, []byte{1, 2, 3}, tunnelID, 2, options)
+	details, err := client.RegisterConnection(ctx, auth, tunnelID, 2, options)
 	assert.NoError(t, err)
 	assert.Equal(t, expectedDetails, *details)
 
@@ -94,15 +102,15 @@ func TestConnectionRegistrationRPC(t *testing.T) {
 	testImpl.details = nil
 	testImpl.err = errors.New("internal")
 
-	_, err = client.Register(ctx, []byte{1, 2, 3}, tunnelID, 2, options)
+	_, err = client.RegisterConnection(ctx, auth, tunnelID, 2, options)
 	assert.EqualError(t, err, "internal")
 
 	// retriable error
 	testImpl.details = nil
-	const delay = 27*time.Second
+	const delay = 27 * time.Second
 	testImpl.err = RetryErrorAfter(errors.New("retryable"), delay)
 
-	_, err = client.Register(ctx, []byte{1, 2, 3}, tunnelID, 2, options)
+	_, err = client.RegisterConnection(ctx, auth, tunnelID, 2, options)
 	assert.EqualError(t, err, "retryable")
 
 	re, ok := err.(*RetryableError)
@@ -117,7 +125,10 @@ type testConnectionRegistrationServer struct {
 	err     error
 }
 
-func (t testConnectionRegistrationServer) Register(ctx context.Context, auth []byte, tunnelUUID uuid.UUID, connIndex byte, options *ConnectionOptions) (*ConnectionDetails, error) {
+func (t *testConnectionRegistrationServer) RegisterConnection(ctx context.Context, auth TunnelAuth, tunnelID uuid.UUID, connIndex byte, options *ConnectionOptions) (*ConnectionDetails, error) {
+	if auth.AccountTag != testAccountTag {
+		panic("bad account tag: " + auth.AccountTag)
+	}
 	if t.err != nil {
 		return nil, t.err
 	}
diff --git a/tunnelrpc/pogs/support_test.go b/tunnelrpc/pogs/support_test.go
index 8aa459c4..bd54329a 100644
--- a/tunnelrpc/pogs/support_test.go
+++ b/tunnelrpc/pogs/support_test.go
@@ -11,12 +11,12 @@ import (
 // mocks for specific unit tests without having to implement every method
 type mockTunnelServerBase struct{}
 
-func (mockTunnelServerBase) Register(ctx context.Context, auth []byte, tunnelUUID uuid.UUID, connIndex byte, options *ConnectionOptions) (*ConnectionDetails, error) {
-	panic("unexpected call to Register")
+func (mockTunnelServerBase) RegisterConnection(ctx context.Context, auth TunnelAuth, tunnelID uuid.UUID, connIndex byte, options *ConnectionOptions) (*ConnectionDetails, error) {
+	panic("unexpected call to RegisterConnection")
 }
 
-func (mockTunnelServerBase) Unregister(ctx context.Context) {
-	panic("unexpected call to Unregister")
+func (mockTunnelServerBase) UnregisterConnection(ctx context.Context) {
+	panic("unexpected call to UnregisterConnection")
 }
 
 func (mockTunnelServerBase) RegisterTunnel(ctx context.Context, originCert []byte, hostname string, options *RegistrationOptions) *TunnelRegistration {
diff --git a/tunnelrpc/tunnelrpc.capnp b/tunnelrpc/tunnelrpc.capnp
index af9b890c..1342df23 100644
--- a/tunnelrpc/tunnelrpc.capnp
+++ b/tunnelrpc/tunnelrpc.capnp
@@ -121,8 +121,13 @@ struct ConnectionDetails {
     locationName @1 :Text;
 }
 
+struct TunnelAuth {
+  accountTag @0 :Text;
+  tunnelSecret @1 :Data;
+}
+
 interface RegistrationServer {
-    registerConnection @0 (auth :Data, tunnelId :Data, connIndex :UInt8, options :ConnectionOptions) -> (result :ConnectionResponse);
+    registerConnection @0 (auth :TunnelAuth, tunnelId :Data, connIndex :UInt8, options :ConnectionOptions) -> (result :ConnectionResponse);
     unregisterConnection @1 () -> ();
 }
 
diff --git a/tunnelrpc/tunnelrpc.capnp.go b/tunnelrpc/tunnelrpc.capnp.go
index de429999..b3b644dd 100644
--- a/tunnelrpc/tunnelrpc.capnp.go
+++ b/tunnelrpc/tunnelrpc.capnp.go
@@ -1484,6 +1484,90 @@ func (p ConnectionDetails_Promise) Struct() (ConnectionDetails, error) {
 	return ConnectionDetails{s}, err
 }
 
+type TunnelAuth struct{ capnp.Struct }
+
+// TunnelAuth_TypeID is the unique identifier for the type TunnelAuth.
+const TunnelAuth_TypeID = 0x9496331ab9cd463f
+
+func NewTunnelAuth(s *capnp.Segment) (TunnelAuth, error) {
+	st, err := capnp.NewStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 2})
+	return TunnelAuth{st}, err
+}
+
+func NewRootTunnelAuth(s *capnp.Segment) (TunnelAuth, error) {
+	st, err := capnp.NewRootStruct(s, capnp.ObjectSize{DataSize: 0, PointerCount: 2})
+	return TunnelAuth{st}, err
+}
+
+func ReadRootTunnelAuth(msg *capnp.Message) (TunnelAuth, error) {
+	root, err := msg.RootPtr()
+	return TunnelAuth{root.Struct()}, err
+}
+
+func (s TunnelAuth) String() string {
+	str, _ := text.Marshal(0x9496331ab9cd463f, s.Struct)
+	return str
+}
+
+func (s TunnelAuth) AccountTag() (string, error) {
+	p, err := s.Struct.Ptr(0)
+	return p.Text(), err
+}
+
+func (s TunnelAuth) HasAccountTag() bool {
+	p, err := s.Struct.Ptr(0)
+	return p.IsValid() || err != nil
+}
+
+func (s TunnelAuth) AccountTagBytes() ([]byte, error) {
+	p, err := s.Struct.Ptr(0)
+	return p.TextBytes(), err
+}
+
+func (s TunnelAuth) SetAccountTag(v string) error {
+	return s.Struct.SetText(0, v)
+}
+
+func (s TunnelAuth) TunnelSecret() ([]byte, error) {
+	p, err := s.Struct.Ptr(1)
+	return []byte(p.Data()), err
+}
+
+func (s TunnelAuth) HasTunnelSecret() bool {
+	p, err := s.Struct.Ptr(1)
+	return p.IsValid() || err != nil
+}
+
+func (s TunnelAuth) SetTunnelSecret(v []byte) error {
+	return s.Struct.SetData(1, v)
+}
+
+// TunnelAuth_List is a list of TunnelAuth.
+type TunnelAuth_List struct{ capnp.List }
+
+// NewTunnelAuth creates a new list of TunnelAuth.
+func NewTunnelAuth_List(s *capnp.Segment, sz int32) (TunnelAuth_List, error) {
+	l, err := capnp.NewCompositeList(s, capnp.ObjectSize{DataSize: 0, PointerCount: 2}, sz)
+	return TunnelAuth_List{l}, err
+}
+
+func (s TunnelAuth_List) At(i int) TunnelAuth { return TunnelAuth{s.List.Struct(i)} }
+
+func (s TunnelAuth_List) Set(i int, v TunnelAuth) error { return s.List.SetStruct(i, v.Struct) }
+
+func (s TunnelAuth_List) String() string {
+	str, _ := text.MarshalList(0x9496331ab9cd463f, s.List)
+	return str
+}
+
+// TunnelAuth_Promise is a wrapper for a TunnelAuth promised by a client call.
+type TunnelAuth_Promise struct{ *capnp.Pipeline }
+
+func (p TunnelAuth_Promise) Struct() (TunnelAuth, error) {
+	s, err := p.Pipeline.Struct()
+	return TunnelAuth{s}, err
+}
+
 type RegistrationServer struct{ Client capnp.Client }
 
 // RegistrationServer_TypeID is the unique identifier for the type RegistrationServer.
@@ -1618,9 +1702,9 @@ func (s RegistrationServer_registerConnection_Params) String() string {
 	return str
 }
 
-func (s RegistrationServer_registerConnection_Params) Auth() ([]byte, error) {
+func (s RegistrationServer_registerConnection_Params) Auth() (TunnelAuth, error) {
 	p, err := s.Struct.Ptr(0)
-	return []byte(p.Data()), err
+	return TunnelAuth{Struct: p.Struct()}, err
 }
 
 func (s RegistrationServer_registerConnection_Params) HasAuth() bool {
@@ -1628,8 +1712,19 @@ func (s RegistrationServer_registerConnection_Params) HasAuth() bool {
 	return p.IsValid() || err != nil
 }
 
-func (s RegistrationServer_registerConnection_Params) SetAuth(v []byte) error {
-	return s.Struct.SetData(0, v)
+func (s RegistrationServer_registerConnection_Params) SetAuth(v TunnelAuth) error {
+	return s.Struct.SetPtr(0, v.Struct.ToPtr())
+}
+
+// NewAuth sets the auth field to a newly
+// allocated TunnelAuth struct, preferring placement in s's segment.
+func (s RegistrationServer_registerConnection_Params) NewAuth() (TunnelAuth, error) {
+	ss, err := NewTunnelAuth(s.Struct.Segment())
+	if err != nil {
+		return TunnelAuth{}, err
+	}
+	err = s.Struct.SetPtr(0, ss.Struct.ToPtr())
+	return ss, err
 }
 
 func (s RegistrationServer_registerConnection_Params) TunnelId() ([]byte, error) {
@@ -1709,6 +1804,10 @@ func (p RegistrationServer_registerConnection_Params_Promise) Struct() (Registra
 	return RegistrationServer_registerConnection_Params{s}, err
 }
 
+func (p RegistrationServer_registerConnection_Params_Promise) Auth() TunnelAuth_Promise {
+	return TunnelAuth_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
+}
+
 func (p RegistrationServer_registerConnection_Params_Promise) Options() ConnectionOptions_Promise {
 	return ConnectionOptions_Promise{Pipeline: p.Pipeline.GetPipeline(2)}
 }
@@ -3264,177 +3363,181 @@ func (p TunnelServer_reconnectTunnel_Results_Promise) Result() TunnelRegistratio
 	return TunnelRegistration_Promise{Pipeline: p.Pipeline.GetPipeline(0)}
 }
 
-const schema_db8274f9144abc7e = "x\xda\xccY\x7fp\x14\xe5\xf9\x7f\x9e}\xef\xb2\x17H" +
-	"\xbc[\xf6\x88\x98\xd1o\xbee`\xac\xd1\xa81\xa5\x83" +
-	"T\x9b\x04\x035\x91\x1f\xd9\x1ct\x1cE\xc7\xcd\xddK" +
-	"\xb2\xe9\xdd\xee\xb9\xbb\x17\x13\x0a\x82\x11\xaa8\xfe\x16\xaa" +
-	"Ri\x15\xc7v\xb0\xb5J\xd5i\xed\xe8T\xdaZ\xed" +
-	"hU\x1c\xe8\x80\xd2i+\xd2V\x06k\x8bv\x1c:" +
-	"\xeav\x9e\xdd\xdb\x1f\xb9\x84$h\xff\xe8\x7f7\xcf>" +
-	"\xef\xf3>\xbf\x9f\xcf\xfb\xdc\xf9i\xb1Mh\x8e?>" +
-	"\x0d@Y\x1b\xafrx\xe3\x1bk\x1e\x9c\xfb\xab\x11P" +
-	"\xea\x11\x9d\xeb\x9f\xedJ\x1f\xb7G\xde\x828\x13\x01Z" +
-	".\x8e\xafAY\x89\x8b\x00\xf2\xd2\xf8_\x01\x9d\xcb\xa4" +
-	"\xf3\xaeL\xbf\xfe\xea\x8d \xd5G\x99c\xc4\xdc\\\xd5" +
-	"\x88r{\x151_\\E\xcc\x17\x15^\xdb\xf1\xe5\xad" +
-	"/o\x04\xa9^\x08\x99\x01[\xce\x12\xd7\xa0|\xb1H" +
-	"\x9c\x17\x8a\xcb\x01\x9d\x0f\xb6\xcc\xfa\xe1C\xaf\xbe\xb4\x09" +
-	"\xa43\x11\xcaw+\xe2\x9b\x08(s\xf1q@g\xf6" +
-	"\xe0\xdck~\xf9\xc2\x93\xf7\x82\xd2\x84\xe8\x1c\xec={" +
-	"\x1f\xdb\xfe\xe8[\xb0\x12E\x14\x00Z\xe2\x89\x1d\xc4;" +
-	"3q\x1d\xa0\xf3\xda9\xcf\xfe\xfc\xce'o\xfa\x0e(" +
-	"g\"\x02\xb8\xba\x0d'\xfeM\x0c\xb7%Z\x01\x9d-" +
-	"\xfb\x9f[V\xb8k\xdb\x0e\xef6\xf7\xfb\xd3\x09A\x80" +
-	"\x98\xb3\xb1\xf3\xa3\xc2\xca\x873\x0f\x97\xf5 \xc3[v" +
-	"&\x8e!`\xcbs\x89\x06\x04t\xe6\xbdyx\xf9\xd2" +
-	"\x9f\xac\xfeA\xe4\xec\x81\xea5t\xf6\xb1\xff\xbb\xacz" +
-	"\xe8\xf0\xe2'@j\xf2\xbf\xec\xab\xee\xa1/\xb1\xab\xd8" +
-	"\xa7\xea}\xbfx\xaa\xd2\xc5\x02\xf1\xec\xa9\xeeE\xf9p" +
-	"5\xf9\xe2\xcf\xd5\xe4\xb5[vo;;\xf1\xbd\x0f\x9e" +
-	"\xaep\xb1\xcb\xfc\xc2\xb4^\x94\x0fL#\xe6}\xd3\xc8" +
-	"\xd6\x99\x9dx\xf0\xf9\xe6\xd8O\xa3\x8e\x9b7\xfd\x08\xd9" +
-	"\xda9\x9d\x1cw\xc6{\x0bk\xf5\xf7G\x9e\xaf\x90\xe6" +
-	"2\xbe;\xbd\x0b\xe5O\xa6\x93\xb4\xe3.s\xd7\x95\xf7" +
-	"\xdc\x1d?|\xcf\x8b\xa4h$b\xf1\x04qo\xad1" +
-	"Q\xdeYC?\x1f\xa99\x95\x01:\xf5O|\xe5\xc7" +
-	"\x0bs\x07^\x1eGSyn\xea\x98\xdc\x9c\xa2_M" +
-	")R\xf4P\xd3\xaeo\xbe{\xdb\x9e\xbdeE\x91\xc4" +
-	"lN\xb9A\xd9\x9e\xa2\xa0\x041\xadp\x92\xcb\xf9\\" +
-	"j\x00\xe5=\xae\xb8\xdf\xb9\xdc\xc2a\xf5\xb4\x0d\xbf\xff" +
-	"\xea\xc1H\x18\xf6\xa4\xdeF\x889\xcb\xbe~\xe5@\xf5" +
-	"\xbaC\x87\xa2\x17\xbd\x90r=r\xc0=\xfa\xf7\xef\x1f" +
-	"\xb9\xe3h!\xf7\x177\x95|\x9f\x1dO-\x10\x00e" +
-	"I\xa2\x08\x9c\xdaP\xbbh\xf6\xfe\xee#^$=\x11" +
-	"\xefI\x0b\x89!>\x83D\xcc\xbb\xa6\x9d\xaf\x9a\x7f\xf9" +
-	"\x11\x90\xea\xd9\xa8\xc4\x9e;c\x01\xca\xf3f\xb8\xd50" +
-	"\xe3&\x94;\xe5S\x01\x9c\xdb\xaf\xefX~\xe1\xec\xdd" +
-	"\xc7\xa2*](SV\xc9Ke\x92\xb7z\xfe\xd1\xaf" +
-	"\xcd\xbd\xfd7\xc7*\x1c\xe92\x16\xe4F\x94\xd7\xc9d" +
-	"\xfa01\xbf\xbf\xf8\xbb{\xeb\x93\xf5\x1fV\xb8\x89\xca" +
-	"\xaee\xbb<\x80\xf2.\xe2myL~\x91\xd2\xf5[" +
-	"o]=\xf4\xc6\x8d\x1f\xfc\xab2\xa2\xae\xe8\x87f\xf6" +
-	"\xa0\xfc\xf4L\x12\xbdk&\xc5\xff\xde\x15\x7f[\x7ft" +
-	"k\xddGc\xecR\xea\x06P\xe6u\xc4\xa9\xd6\xdd$" +
-	"\xef\xa6_\xce\xeb\xe2\xc3\xcd\x1d\xeb_>\x1eI\xf8\x9d" +
-	"u]\x94\xf0\xdf\x16\x1f8\xb4\xe1\x8fW\x7f\x1c5\xf8" +
-	"\x91\xba\xb7\xc9\xe0g\xea\xc8\xe0\xb5\xef\xdf\x7f\xe9\x1d\xab" +
-	"~\xf4i\xb4\x8a\xeaF\xe8\xa8]\xd2u\x9e7\x8b\xb1" +
-	"\xecy\xfe\xcf\xec\xb9Y\xb5\xa8\x17\x17\xb4\x97\xec~\xae" +
-	"\xdbZV\xb5y\x0fo\xb5\x8a\x86n\xf1nD%\xc5" +
-	"b\x001\x04\x90\xd4\x01\x00\xe5\x1a\x86J^@\x091" +
-	"M\x01\x964\"\xf63Tl\x01%AHS\xc7\x90" +
-	"\xae\x9d\x0d\xa0\xe4\x19*C\x02\"K#\x03\x90Jw" +
-	"\x03(C\x0c\x95\x8d\x02:En\x16T\x9d\xeb\x90\xb4" +
-	"\x17\x99&\xd6\x80\x805\x80\x8e\xc9msX\xed\xcdC" +
-	"\x92G\xc8\xe2\xc0u6\xd6\x82\x80\xb5\x80N\xbfQ2" +
-	"\xad\x95\xba\x8dZ\xbe\x87\xaf6\xb9\x85\xfdX\x05\x02V" +
-	"\x01\x06\xe6\xb1\xb1\xe6]\x92\xd7\xb8n';\xf5\xd5F" +
-	"\x85Q]\xe3\x19\xd5U6jc\xc4\xa8\x1b\x16RS" +
-	"g\xa8\xdc,\xa0\xc4\xcaVmj\x04P60Tn" +
-	"\x15\xd0\xc9\xba\x97t\xe6\x00 \xd0w5W\xed\x92\xc9" +
-	"-\xa2\x9d\x02\xd8\xcd\xd05\xeb\x14\xc0\xf5\x83\xdc\xb44" +
-	"C\xf7\xcdL\xaaf\xb6?p\xc5\x04\xa1Z4\xa4Y" +
-	"\xb6\xa6\xf7\xadp\xe9\xad\xddF^\xcb\x0e\x93U5\xae" +
-	"\x9eg,\x00@\x94f^\x01\x80\x82$-\x04h\xd5" +
-	"\xfat\xc3\xe4NN\xb3\xb2\x86\xaes`Y{}\xaf" +
-	"\x9aW\xf5,\x0f.\xaa\x1a{\x91wA\x86\x9b\x83\xdc" +
-	"<W\x8d$\xc8\x9cn\xd5TY\xc1Rj\x02?." +
-	"\xba\x02@\xe9`\xa8tG\xfc\xb8\x94\xfc\xb8\x84\xa1r" +
-	"y\xc4\x8f+\xc9\x8f\xdd\x0c\x95U\x02:\x86\xa9\xf5i" +
-	"\xfa%\x1c\x98\x19\x8d\xb1e\xebj\x81\x93\xcf\xca\xfeX" +
-	"o\x14m\xcd\xd0-L\x85}\x14\x10S\x11O\xc5\xc7" +
-	"\x89:Y\x9b\xa5\x83=\xdc\xcb\xe8sMn\x89\xa5\xbc" +
-	"\xad$X\xac\xc6q\\\xd5\xcf\xba\x00@\x99\xc3P9" +
-	"_\xc0Z\xfc\xd4\xf1to\xa2|=\x9f\xa1r\x91\x80" +
-	"\x0d\xdc4\x0d\x13Sa\xc5\x97\xef\xce\x96/@C\xef" +
-	"\xe0\xb6\xaa\xe5\x914\x0c\x86L\x85\x86\x93\xb9\xb8\xa4\x9b" +
-	"\xbcO\xb3lnz\xe49\xad\xe4\xe7\x82\xa5\xc4\x027" +
-	"\xd7n\x03PR\x0c\x95\xd3\x05t\xfaL5\xcb\xbb\xb9" +
-	"\x89\x9a\x91[\xa6\xeaF\x86\xf1,\xc6A\xc0x\xe4\xd2" +
-	"SN\xf6\xd2\x1en\x95\xf2\xb6\x05\xc1\xa9\x89\xcf\x9b\xbc" +
-	"\xec\x84\xf2\xf1\xee\x06O\xe7t\xa0\xf3\xba\xd9a\xe5\x07" +
-	"\xa9qCoX8Ajl\xa6$\xba\x99\xa1\xb2%" +
-	"RbwQ\x12\xdd\xc9Py@@)\x16Kc\x0c" +
-	"@\xba\x9f\x92h\x0bC\xe5Aat\x7f\xe0\x83\\\xb7" +
-	";\xb4>\x10\xb9\x15RI\xc5\x0e\xad\x8f\x03\xb3>o" +
-	"\x9a%&\xf1\x87\xd1k\x19yn\xf3\x0e\x9e\xcd\xab\xa6" +
-	"jk\x83\xdc\xfb^NF?\xa8\x13\x09\xecq#B" +
-	"\x87\x0d}L\x98\xc2\xa4.\x87\x0a\xad\x89\xbaE\xc8\xbe" +
-	"\xbchk\xa2\xa1[\x15\x0dp\x01\x80\xb2\x8a\xa1\xd2\x1f" +
-	"\x89\x0e7\x01\x94\x1cC\xa5( \x96\x83S\x18\x09\x9b" +
-	"\xba\xc4\xb0\xdc\xd5\xb7\x85\xb1m\xf5\xfa\x1f\xa6B [" +
-	"\xf6\x9dW\xe5K\x0ch\xc8\xaa\xf9\xceb\x10\x01\x93\x17" +
-	"\xf3j\x96/\xc2rG\x03D\x10\x10\xdd\x80\x15\x8a&" +
-	"\xb7,\xd4\x0c])\xa9y\x8d\xd9\xc3c\xfa\xfc\x84\xd6" +
-	"R=\x8aZ\xde\xb56\x11X{VcX\xeb\x81\xb5" +
-	"M4\xc3\xcea\xa8\xcc\x170Y*i\xb9@\xc1\xbc" +
-	"\x91u\x83\x00\xc9ej\x81\x8fi\xceU\x93\xd6\xc6\xa8" +
-	"\xca\xeaV\x93ni\xfc/u\xcd\x89\xa1\x00\x99\x0e\xee" +
-	"h\x09U\xa6jnc\xa8,\x89\xa8\xdcyA\xc4\x0e" +
-	"_\xe5\xa5\xbd\xa1\x1d\xe27\xf8\xb0\xafU\x03/P\xa7" +
-	"\xf4\x9dY6\xa6\x1d\xc4\xcbB\x9e\x89\xf4\x8bV\xc7\xf2" +
-	"b\x83k!\xe98\xdf\xd7Q\x1e\xc6.\x80\xcc\x102" +
-	"\xccl\xc4PM\xf9\x06\\\x08\x90YK\xf4\x9b1\xd4" +
-	"T\xde\x84\xf5\x00\x99\x0dD\xbf\x15\x03\xc8\"o\xc6G" +
-	"\x012\xb7\x12\xf9>b\x8f1\xb7\xf9\xc8[]\xf1[" +
-	"\x88\xfe \xd1\xe3\xb14\xc6\x01\xe4\xed\xd8\x08\x90\xb9\x8f" +
-	"\xe8O\x11\xbdJHc\x15\xe1?\x1c\x00\xc8<A\xf4" +
-	"g\x89.\xc6\xd3\x84\xda\xe4g\xd0\x04\xc8\xfc\x8c\xe8\xbf" +
-	"&zbV\x1a\x13\x00\xf2n\x97\xfe<\xd1_!z" +
-	"\xf5ii\xac\x06\x90\x7f\x8b#\x00\x99\x97\x88\xbe\x97\xe8" +
-	"\xd30\x8d\xd3\x00\xe4=\xb8\x0d \xb3\x97\xe8\x7f\"\xfa" +
-	"\xf4\xaa4N\x07\x90\xff\xe0\xea\xb3\x9f\xe8\xef\x10\xbd&" +
-	"\x96\xc6\x1az\x0a\xe1\x0e\x80\xcc;D\xff\x07\xd1k\xc5" +
-	"4\xd6\x02\xc8\xef\xb9v\x1d%zB\xa8\xc03~F" +
-	"U\x80\x16fXA\xc8x\xb9\x8a\xd1K\xf7n#I" +
-	"\xc0\x04\x93\xe1S\x15\x10\x93\x80N\xd10\xf2\xcbFg" +
-	"j\xd2V\xfb,\x1f \xa5\xc2\xc7\x0f \x11\x839\x0b" +
-	"IC\xef\xcc\x05\x8d\xa0\xb2\xaf\xf8\x9ahV{\xc96" +
-	"JEh\xc8\xa96\xcf\x05]\xc5,\xe9\x8bM\xa3\xb0" +
-	"\x02\xb9Y\xd0t5?I\xbf\xa9\x06\x01\xab\xa1\xdc\x12" +
-	"|\xd9z\xa9\xd0m\xf2A\x0d\x8d\x92\xd5n\xdb\xbc " +
-	"\x16m+\xd0\xe8\xc4p/\xc8h\xa12\xa3\x1b\x8a\x0b" +
-	"V\xa8}S\xe9STe_d\xa8|I\xc0\xa4\x1e" +
-	"iH\x0d\x83j\xbe\xf4Y\xda\xd3\xe8\xd1\xdd\xd3\xea\x8d" +
-	"\xfe(\xde\xa0\xe9\x90`\xa8\xa4\x05l5\xbdq\x93\xf2" +
-	"_I\x93\xb7\x92\xd1\x00,\xe9\xbf)\\\xf9\x18Y<" +
-	"\xd0=BY\xfe\x94\xd5\xef\xe3\xb6\xf7\x8bP=AR" +
-	"1:VO\xeet\x0f\xb7\x92S1=|MV\x18" +
-	"/Ni\x8a\x8f3\xc3}\x8c\x17\x99\xc8\x8d\xe3M\xe4" +
-	"\xaeq&rOt\"\x0b\xe5\x89L\x83\xa2\xc8PY" +
-	"+`\x92@{0 <\xfdF?O(\x01:\xf5" +
-	"\x1c\x07\x1c\xf2s824\x82\xdd\xca\xe4\x18hj\xc6" +
-	"\xfa\xd8rR7\x07\x0b\x8b\x8a\x9b\xd9\x89\xa2\xda\xea]" +
-	"J\xd95\x8b\xc5\x01\x82\xe5\x0d\xfa\x0b\x02i\xd7\x1a\x10" +
-	"\xa4\x9d\"\x86\x0b\x0e\xf4\xf7\x19\xd2v\x13\x04i\xab\x88" +
-	"B\xb0\xe0B\x7f\x91%m\xbe\x05\x04i\x93\x88,\xd8" +
-	"O\xa1\xff\xc4n\x1e\x9e\x86 H\xebD\x8c\x05k6" +
-	"\xf4\x1f\xe8\xd2\xb5\x03 H\x9a\x88\xf1`\xf5\x85\xfe\xa6" +
-	"F\xbaj\x04\x04i\xa5\xe8\xf8N\x82V\xcf\x8e6t" +
-	"\xfc\xcc\x84\x0677\xdb\xd0\xf1\xc1\x1f\xfaP\x02\xa0\x0d" +
-	"\x1d\x1fi\xb2\x13AM\x97\xcb\x7f\xb7A\x92^nm" +
-	"\x04\xba\xbc\xaa\xc7r\xd9C\x1b*1\x8c\xec'\x00>" +
-	"+\xc0\xe9\xe1\x0d\x9f\xa7\x81\x8c\x13\\\xef\x9e\xe0\xdd\x1e" +
-	"\x91K\x98\xad\x86\xa12K\x98\x14\xa6\xc5Nd\x85\x9f" +
-	"\xb4I:L\xf2\xff?\x90\xbf\x87`\xce+\x0c\x95\xfd" +
-	"\x91\"\xdcG\xc4\xd7\x19*\x07#0\xe7\x00U\xe6~" +
-	"\x86\xca\x87\xe1\xb2\xe3\x9f\xb7\x00(\x1f2\xec\x89\xc0\x06" +
-	"\xe9\x13b\xfc\x98\x86\xab\x0b\x1a\xd0\x03\x0dq\xbc\x1b " +
-	"\x93\xa0\xa1\x9bvAC\xcc\x03\x0d\x12\xf6\x02dRD" +
-	"?=\x0a\x1aN\xc3+\x002\xb3\x88>\x07\x05\x14y" +
-	"dQR2CX\x957\xfa\x96h\xfa\xb8\x93\xc8\xdf" +
-	"\xbe\xa0\xbdX\xd5\xf2%\x93C8\x08\xcbM\xa2#2" +
-	"\x9b\xbd\xb5L\xfbjJ\xbf\x0c%O\x0e-\x14A@" +
-	"\xf1\xe4\xde[S\x9a\x13\x8bL\xd3@\xb3\x02r^\x10" +
-	"B\xce\x00q\x12r\xbe\x94\xa1\xb2\x82B\xd1\xe6\x85B" +
-	"\xe9\x0dArCV-Y|\x8c\x0d\xc0\xb8\x19\xbc\x91" +
-	"\xad~\xa3\x94\xcf\xf5p\x10ms\xb8\xc2\x05\x93B\xcf" +
-	"\x0cO\xfa\x1d'\xe1v\x1c\x7f\xf7\x89\xfe\x8aSj\xde" +
-	"\x06\x82\xd4D\x1d\xc7_\xe7\xa1\xbf\xc8\x96\xbe\xf0(\x08" +
-	"\xd2\x19a\x03@\xdf\x07\xcc\xd0G\x97\xbc\xf7\xc1\xcd\xd1" +
-	"6\xecF\xfco\xbc\x1c\xbd\xa1s\x12\x95>j\xfdC" +
-	"m\\\x9c\xca\xb4\x0c\xfe\xff\xa8\xa8\xf4\xea\xcf\xfb\x88\xf6" +
-	"\x07\xc9\x7f\x02\x00\x00\xff\xffU\xcf\xfa\xff"
+const schema_db8274f9144abc7e = "x\xda\xccYkl\x1c\xd5\xf5?g\xee\xaeg\xfdb" +
+	"=\x99M\x9cX\xf0\xf7\xbfQ\"\x8a!\x80\xe3R\x85" +
+	"\x14j;\xd8)6yx\xbcq\xc5#A\x8cwo" +
+	"\xecqwg63\xb3\xc6N\x13\x92\x98\xa4\x10Dy" +
+	"\x84\x84G\x0a-\x04\xa9UiiI\xa1j\xa9\xa8J" +
+	"\xfa\x82\x8agP\xa8\x02\xa4jKH[\xa2P\xda@" +
+	"\x85\xa8\x80\xa9\xce\xcc\xce\xc3kc;\xd0\x0f\xfd\xb6:" +
+	"s\xee\xbd\xe7}~\xe7\xec\xf9\xcb\xc56\xa19.V" +
+	"\x03([\xe3\x15\x0eozi\xe3\xfd\x0b\x7f5\x06J" +
+	"\x03\xa2s\xdd\x13\xdd\xa9\xf7\xed\xb1\xd7 \xceD\x80\x16" +
+	"-\xbe\x11\xe5\xcdq\x11@\x1e\x8d\xff\x15\xd0\xb9L:" +
+	"\xef\xaa\xd4\x8b\xcf_\x0fRC\x949F\xcc\xeb*\x9a" +
+	"P\xceW\x10\xb3VA\xcc\x17\xe5_\xd8\xf7\xf9=\xcf" +
+	"l\x07\xa9A\x08\x99\x01[\xfa\xc4\x8d(k\"qr" +
+	"q5\xa0\xf3\xce\xee\xb9\xdf{\xe0\xf9\xa7w\x80t&" +
+	"B\xe9\xed\xcd\xe2\xab\x08(\xdf.\xfe\x10\xd0i]\xfe" +
+	"\xdc\xe3\x0d-w\xee.{W \xc6\xe6D\x13\xca\xed" +
+	"\x09\xba\xed\xe2\xc4\xb5\x80\xce\xfc\xe1\x85\xd7\xfc\xf27\x8f" +
+	"\xde\x05\xca\"D\xe7H\xff\xd9/\xb3\xfb\x1ez\x0d\xfa" +
+	"PD\x01\xa0\xe5\x81\xc4>\xbax\xbf\xcb\xfb\xc29O" +
+	"\xfc\xec\xb6Go\xf8\x06(g\"\x02\xb8\x8a\xcc\xae\xfc" +
+	"71\x9cU\xd9\x0a\xe8\xec>\xfc\xf3U\xf9\xdb\xf7\xee" +
+	"\xf3Ds\xbf+\x95\x82\x001g{\xd7{\xf9\xbe\x07" +
+	"\xd3\x0f\x96\x84&+\xb5tV\x9eD\xc0\x96+*\x1b" +
+	"\x11\xd0\xb9\xe0\xd5c\xabW\xfeh\xfdw\"g\x8bU" +
+	"\x1b\xe9\xec\xc3\xffwY\xe5\xc8\xb1\xe5\x8f\x80\xb4\xc8\xff" +
+	"\xb2\xa1\xaa\x97\xbe\xc4\xd6\xb1\x8f\xd4\xbb\x7f\xf1X\xb9?" +
+	"\\U\xf3U\xfd(o\xab\"U7W\x91\x89o:" +
+	"\xb0\xf7\xec\xc4\xb7\xde\xf9\xf1dvQ\xab\xfbQ.V" +
+	"\x13\xf3\x86j\xd2uv\x17\x1ey\xb29\xf6\x93\xa8\x95" +
+	"\x0fV\x1f']\x8fU\x93\x95\xcfxkY\xad\xfe\xf6" +
+	"\xd8\x93e\xb7\xb9\x8c;j\xbaQ\xbe\xa7\x86n\xdbS" +
+	"C\xcc\xddW\xdd\xb1+~\xec\x8e\xa7H\xd0\x88{\xe3" +
+	"\x09\xd7'\xb5&\xca\x9d\xb5\xf4\xb3\xbd\xb6\x9e\x01:\x0d" +
+	"\x8f|\xe1\x07\xcb\xb2\xaf<3\x89\xa4\xf2\x81\xba\x93\xf2" +
+	"su\xf4\xebwu$\xe8\xd1E\xfb\xbf\xfa\xe6\xd7\x0f" +
+	"\x1e*\x09\x8at\xcdB\xc9u\xca\x85\x129%\xf0i" +
+	"\x99\x91\\\xce+\xa4!\x94\xf3\x92\x1b\x87.\xb7pL" +
+	"\x9d\xb7\xf5\xf7_<\x12qC^z\x1d!\xe6\xac\xfa" +
+	"\xf2UC\x95\x9b\x8f\x1e\x8d>\xa4J\xaeE\x8a\xee\xd1" +
+	"\xbf\x7f\xfb\xf8\xad'\xf2\xd9\xbf\xb8\xa1\xe4\xdbl\x8f\xb4" +
+	"T\x00\x94\x1f\x96\xc8\x03\xf5\x8d\xb5\x9d\xf3\x0f\xf7\x1c\xf7" +
+	"<\xe9]\xb1s\xd62bx`\x16]q\xc15\xed" +
+	"|\xed\x92\xcb\x8f\x83\xd4\xc0\xc6e\xc1\x81YKQ>" +
+	"8\x8b\x0e<7\xeb\x06\x94\x8f\xc9\xf5\x00\xce-\xd7u" +
+	"\xac\xbep\xfe\x81\x93Q\x91^\x96)\xaa\xe47e\xba" +
+	"o\xfd\x92\x13_Zx\xcboO\x96\x19\xd2e\xacL" +
+	"5\xa1</E\xaa\xcfN\xb5\x02\xbe\xbd\xfc\x9b\x87\x1a" +
+	"\x92\x0d\xef\x96\x99\x89r\xb4\xe5\xc2\xd4\x10\xca+\x89\xb7" +
+	"\xa5+\xf5\x14\x85\xeb\xd7^\xbbz\xe4\xa5\xeb\xdf\xf9W" +
+	"\xb9G\xdd\xab/\x9e\xd3\x8b\xb22\x87\xae^9\x87\xfc" +
+	"\x7f\xd7\x9a\xbfm9\xb1g\xce{\x13\xf4zk\xce\x10" +
+	"\xcaXO\x9c\x1f\xce\xb9A^G\xbf\x9c\x17\xc5\x07\x9b" +
+	";\xb6<\xf3~$\xe0;\xeb\xbb)\xe0\xef\x14\xef=" +
+	"\xba\xf5\x8fW\x7f\x10U\xb8\xbd\xfeuR\xb8\xaf\x9e\x14" +
+	"\xde\xf4\xf6=\x97\xde\xba\xf6\xfb\x1fE\xb3\xa8~\x8c\x8e" +
+	"\xdaE]\xe79\xb3\x10\xcb\x9c\xe7\xff\xcc\x9c\x9bQ\x0b" +
+	"zai{\xd1\x1e\xe4\xba\xadeT\x9b\xf7\xf2V\xab" +
+	"`\xe8\x16\xefAT\xeaX\x0c \x86\x00\x92:\x04\xa0" +
+	"\\\xc3P\xc9\x09(!\xa6\xc8\xc1\x92F\xc4A\x86\x8a" +
+	"-\xa0$\x08)\xaa\x18\xd2\x86\xf9\x00J\x8e\xa12\"" +
+	" \xb2\x142\x00\xa9\xb8\x0b@\x19a\xa8l\x17\xd0)" +
+	"p3\xaf\xea\\\x87\xa4\xddi\x9aX\x03\x02\xd6\x00:" +
+	"&\xb7\xcdQ\xb5?\x07I\x1e!\x8bC\xd7\xdaX\x0b" +
+	"\x02\xd6\x02:\x83F\xd1\xb4\xfat\x1b\xb5\\/_o" +
+	"r\x0b\x07\xb1\x02\x04\xac\x00\x0c\xd4c\x13\xd5\xbb$\xa7" +
+	"q\xddNv\xe9\xeb\x8d2\xa5\xba'S\xaa\xbb\xa4\xd4" +
+	"\xf6\x88R\xdb\x96\x01(\x9b\x18*7\x0a(\xb1\x92V" +
+	";\x9a\xa8-0Tn\x16\xd0\xc9\xb8\x8fte\x01 " +
+	"\x90w=W\xed\xa2\xc9-\xa2\x9d\x06\xd8\xc3\xd0U\xeb" +
+	"4\xc0-\xc3\xdc\xb44C\xf7\xd5L\xaaff00" +
+	"\xc5\x14\xae\xea\x1c\xd1,[\xd3\x07\xd6\xb8\xf4\xd6\x1e#" +
+	"\xa7eFI\xab\x1aW\xce3\x96\x02 J\xb3\xaf\x04" +
+	"@A\x92\x96\x01\xb4j\x03\xbaar'\xabY\x19C" +
+	"\xd79\xb0\x8c\xbd\xa5_\xcd\xa9z\x86\x07\x0fUL|" +
+	"\xc8{ \xcd\xcdan\x9e\xabF\x02dA\x8fj\xaa" +
+	",o)5\x81\x1d;\xaf\x04P:\x18*=\x11;" +
+	"\xae$;\xae`\xa8\\\x1e\xb1c\x1f\xd9\xb1\x87\xa1\xb2" +
+	"V@\xc70\xb5\x01M\xbf\x84\x033\xa3>\xb6l]" +
+	"\xcds\xb2Y\xc9\x1e[\x8c\x82\xad\x19\xba\x85ua\x1d" +
+	"\x05\xc4\xba\xa9\xbd\xee)\x90\xa4\xd8&\xfb$\x02i\xcf" +
+	"\"i?\xcbP\xf9\\D\xdaf\x0a\xe5\xf3\x19*\x17" +
+	"\x09\xe8\xa8\x99\x8cQ\xd4\xed5\xc0\xd4\x812\xa7\xa49" +
+	"$3&\x0f\xe5\xf5\x9f\x8dO\x12wd\xef\x0c\x89\xde" +
+	"\xcb\xbd\x9c:\xd7\xe4\x96X\xcc\xd9$M\x8d\xe3x\xe2" +
+	",\x06P\x160T\xce\x17\xb0\x16?r<y\x16\xed" +
+	"\x0a\xe5i\xe4\xa6i\x98X\x17\xd6\x9c\x92\xf6\x99\xd2\x03" +
+	"h\xe8\x1d\xdcV\xb5\x1c\x92\x8d\x826Wf\xa3\xe9\x9c" +
+	"\\\xd4M>\xa0Y67=\xf2\x82V\xf2t\xdeR" +
+	"b\x81\xe9j\xf7\x02(u\x0c\x95\xd3\x05t\x06L5" +
+	"\xc3{\xb8\x89\x9a\x91]\xa5\xeaF\x9a\xf1\x0c\xc6A\xc0" +
+	"x\xe4\xd1\xd3N\xf5\xd1^n\x15s\xb6\x05\xc1\xa9\xa9" +
+	"\xcf\x9b\xbcd\x84\xd2\xf1\x9eFO\xe6T \xf3\xe6\xf9" +
+	"a\xed\x09\xdc\xbd\xad?L\xdd 8wR`\xdc\xc8" +
+	"P\xd9\x1dI\xf2\xdb)\x8coc\xa8\xdc+\xa0\x14\x8b" +
+	"\xa50\x06 \xddCa\xbc\x9b\xa1r\xbf0\xbeB\xf1" +
+	"a\xae\xdb\x1d\xda\x00\x88\xdc\x0a\xa9$b\x876\xc0\x81" +
+	"Y\x9f6\xd0\x13\xd3\xd8\xc3\xe8\xb7\x8c\x1c\xb7y\x07\xcf" +
+	"\xe4TS\xb5\xb5a\xee}/\x05\xa3\xef\xd4\xa9.\xec" +
+	"u=B\x87\x0d}\x82\x9b\xc2\xa0.\xb9\x0a\xad\xa9\xea" +
+	"U\xc8\xbe\xba`k\xa2\xa1[e%x)\x80\xb2\x96" +
+	"\xa12\x18\xf1\x0e7\x01\x94,C\xa5  \x96\x9c\x93" +
+	"\x1f\x0b\xdb\x8a\xc4\xb0\xd4W\xf6\x86\xbem\xf5*0\xd6" +
+	"\x85\xb8\xbbd;\xaf\xce\xac0\xa01\xa3\xe6\xba\x0a\x81" +
+	"\x07L^\xc8\xa9\x19\xde\x89\xa5\x9a\x0a\x88  \xba\x0e" +
+	"\xcb\x17LnY\xa8\x19\xbaRTs\x1a\xb3G't" +
+	"\x9a)\xb5\xa5|\x14\xb5\x9cUVz\x9a\xc2\\\x0f\xb4" +
+	"]D\xa5\xe7\x1c\x86\xca\x12\x01\x93\xc5\xa2\x96\x0d\x04\xcc" +
+	"\x19\x19\xd7\x09\x90\\\xa5\xe6\xf9\x84\xf6P1mn\x8c" +
+	"\xcb\xac\x1e5\xe9\xa6\xc6\xffR\xdd\x9e\x1a\x8c\x90\xea\xe0" +
+	"6\xb7Pd\xca\xe66\x86\xca\x8a\x88\xc8]\x8b#z" +
+	"\xf8\"\xaf\xec\x0f\xf5\x10\xbf\xc2G}\xa9\x1ay\x9e*" +
+	"\xa5o\xcc\x922\xed ^\x16\xf2L%_4;V" +
+	"\x17\x1a]\x0dI\xc6%\xbe\x8c\xf2(v\x03\xa4G\x90" +
+	"az;\x86b\xca\xdbp\x19@z\x13\xd1o\xc4P" +
+	"Ry\x076\x00\xa4\xb7\x12\xfdf\x0c@\x93\xbc\x13\x1f" +
+	"\x02H\xdfL\xe4\xbb\x89=\xc6\xdc\xe2#\xefq\xaf\xdf" +
+	"M\xf4\xfb\x89\x1e\x8f\xa50\x0e \xdf\x87M\x00\xe9\xbb" +
+	"\x89\xfe\x18\xd1+\x84\x14V\x00\xc8\xfbq\x08 \xfd\x08" +
+	"\xd1\x9f \xba\x18O\x11n\x94\x1fG\x13 \xfdS\xa2" +
+	"\xff\x9a\xe8\x89\xb9)L\xd0\x80\xe1\xd2\x9f$\xfa\xb3D" +
+	"\xaf\x9c\x97\xc2J\x1a7p\x0c \xfd4\xd1\x0f\x11\xbd" +
+	"\x0aSX\x05 \x1f\xc4\xbd\x00\xe9CD\xff\x13\xd1\xab" +
+	"+RX\x0d \xff\xc1\x95\xe70\xd1\xdf zM," +
+	"\x855\x00\xf2\x9fq\x1f@\xfa\x0d\xa2\xff\x83\xe8\xb5b" +
+	"\x0ak\x01\xe4\xb7\\\xbdN\x10=!\x94!*?\xa2" +
+	"\xca`\x133\xac\xc0e\xbc\x94\xc5\xe8\x85{\x8f\x91$" +
+	"h\x84\xc9p\xb2\x06\xc4$\xa0S0\x8c\xdc\xaa\xf1\x91" +
+	"\x9a\xb4\xd5\x01\xcb\x87hu\xe1\xf8\x05H\xc4\xa0\xcfB" +
+	"\xd2\xd0\xbb\xb2A!(\xaf+\xbe$\x9a\xd5^\xb4\x8d" +
+	"b\x01\x1a\xb3\xaa\xcd\xb3AU1\x8b\xfar\xd3\xc8\xaf" +
+	"An\xe65]\xcdMSo*A\xc0J(\x95\x04" +
+	"\xffn\xbd\x98\xef1\xf9\xb0\x86F\xd1j\xb7m\x9e\x17" +
+	"\x0b\xb6\x15H\xf4\xf1\x803\x88h\xa1<\xa2\x1b\x0bK" +
+	"\xd7\xa8\x033\xa9S\x8bC\xdc\x94\xd4#\x05\xa9qX" +
+	"\xcd\x15?Iy\x1a\xdf\xba{[\xbd\xd6\x1f\xc5\x1b\xd4" +
+	"\x1d\x12\x0c\x95\x94\x80\xad\xa6\xd7n\xea\xfc9m\xfaR" +
+	"2\x1e\x80%\xfd\xa9\xc6\xbd\x1f#\xab\x0fzG(\xdd" +
+	"?c\xf1\x07\xb8\xed\xfd\xa2\xb9\x82@\xb1\x18m\xab\xa7" +
+	"v\xba\x97[\xc9\x99\xa8\x1e\xce\xb3e\xca\x8b3\xea\xe2" +
+	"\x93\xf4p\x1f\xe3E:r\xd3d\x1d\xb9{\x92\x8e\xdc" +
+	"\x1b\xed\xc8B\xa9#S\xa3(0T6\x09\x98\xa4\xb1" +
+	"\x01\xeb\xc2}\xd48\xa1\xc7\x8fJ\x14\x0a]z\x96\x03" +
+	"\x8e\xf8\xd1\x1ci\x1f\xc1\x9egz443\xb5}\x94" +
+	"9\xad\xc1\x83\xe5\xc9L\x07\x8eV\xefQ\x8a\xb3\xb9," +
+	"\x0e\x10,\x92\xd0_VH\xfb7\x82 }W\xc4p" +
+	"\xd9\x82\xfenE\xba\xcf\x04A\xda#\xa2\x10,\xdb\xd0" +
+	"_\xaaI;o\x02A\xda!\"\x0bve\xe8\x8f\xfb" +
+	"\xcd\xa3U\x08\x82\xb4Y\xc4X\xb0\x1fD\x7fY m" +
+	"\x18\x02A\xd2D\x8c\x07k8\xf4\xb7F\xd2\xba1\x10" +
+	"\xa4>\xd1\xf1\x8d\x04\xad\x9e\x1em\xe8\xf81\x0a\x8dn" +
+	"\x94\xb6\xa1\xe3\xc3@\xf4A\x05@\x1b:>\xe6d\x1f" +
+	"\x07:].\x7f\x86\x84$M\x91m\x04\xbf\xbc\xfc\xc7" +
+	"R\x01\x806Tb\x18\xd9\x95\x00|R\xa8\xd3\xcb\x1b" +
+	"?M)\x99\xc4\xb9\xde;\xc1\x0e!r/\xa1\xb7\x1a" +
+	"\x86\xca\\aZ\xc0\x16\xfb8-\xfc\xa0M\xd2a\xba" +
+	"\xff\xff\x83\xfb\x0f\x12\xe0y\x96\xa1r8\x92\x8e/\x13" +
+	"\xf1E\x86\xca\x91\x08\xe0y\x85r\xf40C\xe5\xddp" +
+	"\xf1\xf2\xcf\x9b\x00\x94w\x19\xf6F\x00\x84\xf4!1~" +
+	"@m\xd6\x85\x0f\xe8\xc1\x878\xee\x02H'\xa8\xfd\xa6" +
+	"\\\xf8\x10\xf3\xe0\x83\x84\xfd\x00\xe9:\xa2\x9f\x1e\x85\x0f" +
+	"\xf3\xf0J\x80\xf4\\\xa2/@\x01E\x1eY\xda\x14\xcd" +
+	"\x10`\xe5\x8c\x81\x15\x9a>iO\xf27Ah/W" +
+	"\xb5\\\xd1\xe4\x10\xb6\xc4R\x91\xe8\x88tioE\xd4" +
+	"\xbe\x9e\xc2/M\xc1\x93E\x0bE\x10P<\xb5\xc9k" +
+	"F\x1d\xa3\xd34\x0d4\xcb\xc0\xe7\xe2\x10|\x06\xd8\x93" +
+	"0\xf4\xa5\x0c\x955\xe4\x8a6\xcf\x15J\x7f\x08\x97\x1b" +
+	"3j\xd1\xe2\x13t\x00\xc6\xcd`Z\xb6\x06\x8db." +
+	"\xdb\xcbA\xb4\xcd\xd12\x13L\x0bB\xd3<\xe9W\x9c" +
+	"\x84[q\xfc=,\xfa\xebV\xa9y/\x08\xd2\"\xaa" +
+	"8\xfej\x11\xfd\xa5\xba\xf4\x99\x87@\x90\xce\x08\x0b\x00" +
+	"\xfa6`\x86>>\xe5\xbd\x0fn\x8c\xb6a\x0f\xe2\x7f" +
+	"c\x86\xf4\xda\xcf)d\xfa\xb8U\x14\x95qq&}" +
+	"3\xf8\xe3\xa6,\xd3+?\xed8\xed7\x92\xff\x04\x00" +
+	"\x00\xff\xff\xed\xc3%H"
 
 func init() {
 	schemas.Register(schema_db8274f9144abc7e,
@@ -3442,6 +3545,7 @@ func init() {
 		0x83ced0145b2f114b,
 		0x84cb9536a2cf6d3c,
 		0x85c8cea1ab1894f3,
+		0x9496331ab9cd463f,
 		0x97b3c5c260257622,
 		0x9b87b390babc2ccf,
 		0xa29a916d4ebdd894,

From 3ec500bdbb9049b0a772b816822eb775d5085be6 Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Mon, 15 Jun 2020 13:33:41 -0500
Subject: [PATCH 086/100] TUN-3084: Generate and store tunnel_secret value
 during tunnel creation

---
 cmd/cloudflared/tunnel/subcommands.go      | 96 +++++++++++++++++++---
 cmd/cloudflared/tunnel/subcommands_test.go |  8 ++
 tunnelstore/client.go                      | 10 ++-
 3 files changed, 97 insertions(+), 17 deletions(-)

diff --git a/cmd/cloudflared/tunnel/subcommands.go b/cmd/cloudflared/tunnel/subcommands.go
index 306ce13b..07740789 100644
--- a/cmd/cloudflared/tunnel/subcommands.go
+++ b/cmd/cloudflared/tunnel/subcommands.go
@@ -1,9 +1,11 @@
 package tunnel
 
 import (
+	"crypto/rand"
 	"encoding/json"
 	"fmt"
 	"os"
+	"path/filepath"
 	"sort"
 	"strings"
 	"time"
@@ -15,6 +17,7 @@ import (
 	"github.com/cloudflare/cloudflared/certutil"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
 	"github.com/cloudflare/cloudflared/logger"
+	"github.com/cloudflare/cloudflared/tunnelrpc/pogs"
 	"github.com/cloudflare/cloudflared/tunnelstore"
 )
 
@@ -39,6 +42,13 @@ func buildCreateCommand() *cli.Command {
 	}
 }
 
+// generateTunnelSecret as an array of 32 bytes using secure random number generator
+func generateTunnelSecret() ([]byte, error) {
+	randomBytes := make([]byte, 32)
+	_, err := rand.Read(randomBytes)
+	return randomBytes, err
+}
+
 func createTunnel(c *cli.Context) error {
 	if c.NArg() != 1 {
 		return cliutil.UsageError(`"cloudflared tunnel create" requires exactly 1 argument, the name of tunnel to create.`)
@@ -50,16 +60,40 @@ func createTunnel(c *cli.Context) error {
 		return errors.Wrap(err, "error setting up logger")
 	}
 
-	client, err := newTunnelstoreClient(c, logger)
+	tunnelSecret, err := generateTunnelSecret()
 	if err != nil {
 		return err
 	}
 
-	tunnel, err := client.CreateTunnel(name)
+	originCertPath, err := findOriginCert(c, logger)
+	if err != nil {
+		return errors.Wrap(err, "Error locating origin cert")
+	}
+	cert, err := getOriginCertFromContext(originCertPath, logger)
+	if err != nil {
+		return err
+	}
+	client := newTunnelstoreClient(c, cert, logger)
+
+	tunnel, err := client.CreateTunnel(name, tunnelSecret)
 	if err != nil {
 		return errors.Wrap(err, "Error creating a new tunnel")
 	}
 
+	if writeFileErr := writeTunnelCredentials(tunnel.ID, cert.AccountID, originCertPath, tunnelSecret, logger); err != nil {
+		var errorLines []string
+		errorLines = append(errorLines, fmt.Sprintf("Your tunnel '%v' was created with ID %v. However, cloudflared couldn't write to the tunnel credentials file at %v.json.", tunnel.Name, tunnel.ID, tunnel.ID))
+		errorLines = append(errorLines, fmt.Sprintf("The file-writing error is: %v", writeFileErr))
+		if deleteErr := client.DeleteTunnel(tunnel.ID); deleteErr != nil {
+			errorLines = append(errorLines, fmt.Sprintf("Cloudflared tried to delete the tunnel for you, but encountered an error. You should use `cloudflared tunnel delete %v` to delete the tunnel yourself, because the tunnel can't be run without the tunnelfile.", tunnel.ID))
+			errorLines = append(errorLines, fmt.Sprintf("The delete tunnel error is: %v", deleteErr))
+		} else {
+			errorLines = append(errorLines, fmt.Sprintf("The tunnel was deleted, because the tunnel can't be run without the tunnelfile"))
+		}
+		errorMsg := strings.Join(errorLines, "\n")
+		return errors.New(errorMsg)
+	}
+
 	if outputFormat := c.String(outputFormatFlag.Name); outputFormat != "" {
 		return renderOutput(outputFormat, &tunnel)
 	}
@@ -68,6 +102,34 @@ func createTunnel(c *cli.Context) error {
 	return nil
 }
 
+func tunnelFilePath(tunnelID, originCertPath string) (string, error) {
+	fileName := fmt.Sprintf("%v.json", tunnelID)
+	return filepath.Clean(fmt.Sprintf("%v/../%v", originCertPath, fileName)), nil
+}
+
+func writeTunnelCredentials(tunnelID, accountID, originCertPath string, tunnelSecret []byte, logger logger.Service) error {
+	filePath, err := tunnelFilePath(tunnelID, originCertPath)
+	if err != nil {
+		return err
+	}
+	logger.Infof("Writing tunnel credentials to %v. cloudflared chose this file based on where your origin certificate was found.", filePath)
+	logger.Infof("Keep this file secret. To revoke these credentials, delete the tunnel.")
+	file, err := os.Create(filePath)
+	if err != nil {
+		return errors.Wrap(err, fmt.Sprintf("Unable to write to %s", filePath))
+	}
+	defer file.Close()
+	body, err := json.Marshal(pogs.TunnelAuth{
+		AccountTag:   accountID,
+		TunnelSecret: tunnelSecret,
+	})
+	if err != nil {
+		return errors.Wrap(err, "Unable to marshal tunnel credentials to JSON")
+	}
+	fmt.Fprintf(file, "%d", body)
+	return nil
+}
+
 func buildListCommand() *cli.Command {
 	return &cli.Command{
 		Name:      "list",
@@ -85,10 +147,15 @@ func listTunnels(c *cli.Context) error {
 		return errors.Wrap(err, "error setting up logger")
 	}
 
-	client, err := newTunnelstoreClient(c, logger)
+	originCertPath, err := findOriginCert(c, logger)
+	if err != nil {
+		return errors.Wrap(err, "Error locating origin cert")
+	}
+	cert, err := getOriginCertFromContext(originCertPath, logger)
 	if err != nil {
 		return err
 	}
+	client := newTunnelstoreClient(c, cert, logger)
 
 	tunnels, err := client.ListTunnels()
 	if err != nil {
@@ -155,10 +222,15 @@ func deleteTunnel(c *cli.Context) error {
 		return errors.Wrap(err, "error setting up logger")
 	}
 
-	client, err := newTunnelstoreClient(c, logger)
+	originCertPath, err := findOriginCert(c, logger)
+	if err != nil {
+		return errors.Wrap(err, "Error locating origin cert")
+	}
+	cert, err := getOriginCertFromContext(originCertPath, logger)
 	if err != nil {
 		return err
 	}
+	client := newTunnelstoreClient(c, cert, logger)
 
 	if err := client.DeleteTunnel(id); err != nil {
 		return errors.Wrapf(err, "Error deleting tunnel %s", id)
@@ -180,11 +252,12 @@ func renderOutput(format string, v interface{}) error {
 	}
 }
 
-func newTunnelstoreClient(c *cli.Context, logger logger.Service) (tunnelstore.Client, error) {
-	originCertPath, err := findOriginCert(c, logger)
-	if err != nil {
-		return nil, errors.Wrap(err, "Error locating origin cert")
-	}
+func newTunnelstoreClient(c *cli.Context, cert *certutil.OriginCert, logger logger.Service) tunnelstore.Client {
+	client := tunnelstore.NewRESTClient(c.String("api-url"), cert.AccountID, cert.ServiceKey, logger)
+	return client
+}
+
+func getOriginCertFromContext(originCertPath string, logger logger.Service) (*certutil.OriginCert, error) {
 
 	blocks, err := readOriginCert(originCertPath, logger)
 	if err != nil {
@@ -199,8 +272,5 @@ func newTunnelstoreClient(c *cli.Context, logger logger.Service) (tunnelstore.Cl
 	if cert.AccountID == "" {
 		return nil, errors.Errorf(`Origin certificate needs to be refreshed before creating new tunnels.\nDelete %s and run "cloudflared login" to obtain a new cert.`, originCertPath)
 	}
-
-	client := tunnelstore.NewRESTClient(c.String("api-url"), cert.AccountID, cert.ServiceKey, logger)
-
-	return client, nil
+	return cert, nil
 }
diff --git a/cmd/cloudflared/tunnel/subcommands_test.go b/cmd/cloudflared/tunnel/subcommands_test.go
index 202aeeb4..36b86daf 100644
--- a/cmd/cloudflared/tunnel/subcommands_test.go
+++ b/cmd/cloudflared/tunnel/subcommands_test.go
@@ -6,6 +6,7 @@ import (
 	"github.com/cloudflare/cloudflared/tunnelstore"
 
 	"github.com/google/uuid"
+	"github.com/stretchr/testify/assert"
 )
 
 func Test_fmtConnections(t *testing.T) {
@@ -69,3 +70,10 @@ func Test_fmtConnections(t *testing.T) {
 		})
 	}
 }
+
+func TestTunnelfilePath(t *testing.T) {
+	actual, err := tunnelFilePath("tunnel", "~/.cloudflared/cert.pem")
+	assert.NoError(t, err)
+	expected := "~/.cloudflared/tunnel.json"
+	assert.Equal(t, expected, actual)
+}
diff --git a/tunnelstore/client.go b/tunnelstore/client.go
index 58d332f8..2730cdb1 100644
--- a/tunnelstore/client.go
+++ b/tunnelstore/client.go
@@ -39,7 +39,7 @@ type Connection struct {
 }
 
 type Client interface {
-	CreateTunnel(name string) (*Tunnel, error)
+	CreateTunnel(name string, tunnelSecret []byte) (*Tunnel, error)
 	GetTunnel(id string) (*Tunnel, error)
 	DeleteTunnel(id string) error
 	ListTunnels() ([]Tunnel, error)
@@ -74,15 +74,17 @@ func NewRESTClient(baseURL string, accountTag string, authToken string, logger l
 }
 
 type newTunnel struct {
-	Name string `json:"name"`
+	Name         string `json:"name"`
+	TunnelSecret []byte `json:"tunnel_secret"`
 }
 
-func (r *RESTClient) CreateTunnel(name string) (*Tunnel, error) {
+func (r *RESTClient) CreateTunnel(name string, tunnelSecret []byte) (*Tunnel, error) {
 	if name == "" {
 		return nil, errors.New("tunnel name required")
 	}
 	body, err := json.Marshal(&newTunnel{
-		Name: name,
+		Name:         name,
+		TunnelSecret: tunnelSecret,
 	})
 	if err != nil {
 		return nil, errors.Wrap(err, "Failed to serialize new tunnel request")

From 6e5ccd7c85f668db03a387ebf3960dca400c20ce Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Tue, 16 Jun 2020 10:33:03 -0500
Subject: [PATCH 087/100] AUTH-2815 add the log file to support the config.yaml
 file

added small delay to handle the possiblity of the server not being started yet
---
 cmd/cloudflared/tunnel/cmd.go    | 18 ++++++++++++++----
 socks/connection_handler_test.go |  3 ++-
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index 8514d60e..beb328de 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -215,7 +215,12 @@ func Init(v string, s, g chan struct{}) {
 
 func createLogger(c *cli.Context, isTransport bool) (logger.Service, error) {
 	loggerOpts := []logger.Option{}
-	logPath := c.String(logDirectoryFlag)
+
+	logPath := c.String("logfile")
+	if logPath != "" {
+		logPath = c.String(logDirectoryFlag)
+	}
+
 	if logPath != "" {
 		loggerOpts = append(loggerOpts, logger.DefaultFile(logPath))
 	}
@@ -833,12 +838,17 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 			Hidden:  shouldHide,
 		}),
 		altsrc.NewStringFlag(&cli.StringFlag{
-			Name:    logDirectoryFlag,
-			Aliases: []string{"logfile"}, // This flag used to be called logfile when it was a single file
-			Usage:   "Save application log to this directory for reporting issues.",
+			Name:    "logfile",
+			Usage:   "Save application log to this file for reporting issues.",
 			EnvVars: []string{"TUNNEL_LOGFILE"},
 			Hidden:  shouldHide,
 		}),
+		altsrc.NewStringFlag(&cli.StringFlag{
+			Name:    logDirectoryFlag,
+			Usage:   "Save application log to this directory for reporting issues.",
+			EnvVars: []string{"TUNNEL_LOGDIRECTORY"},
+			Hidden:  shouldHide,
+		}),
 		altsrc.NewIntFlag(&cli.IntFlag{
 			Name:   "ha-connections",
 			Value:  4,
diff --git a/socks/connection_handler_test.go b/socks/connection_handler_test.go
index 8fb9dda3..40bc9d87 100644
--- a/socks/connection_handler_test.go
+++ b/socks/connection_handler_test.go
@@ -6,6 +6,7 @@ import (
 	"net"
 	"net/http"
 	"testing"
+	"time"
 
 	"github.com/stretchr/testify/assert"
 	"golang.org/x/net/proxy"
@@ -58,7 +59,6 @@ func startTestServer(t *testing.T, httpHandler func(w http.ResponseWriter, r *ht
 
 	// start the servers
 	go http.ListenAndServe(":8085", mux)
-
 }
 
 func respondWithJSON(w http.ResponseWriter, v interface{}, status int) {
@@ -78,6 +78,7 @@ func OkJSONResponseHandler(w http.ResponseWriter, r *http.Request) {
 
 func TestSocksConnection(t *testing.T) {
 	startTestServer(t, OkJSONResponseHandler)
+	time.Sleep(100 * time.Millisecond)
 	b := sendSocksRequest(t)
 	assert.True(t, len(b) > 0, "no data returned!")
 

From 12c615e2e6043fcc2334cc92499b112d46d97a34 Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Tue, 16 Jun 2020 14:13:06 -0500
Subject: [PATCH 088/100] Release 2020.6.4

---
 RELEASE_NOTES | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/RELEASE_NOTES b/RELEASE_NOTES
index b18b9bf4..ea6378dd 100644
--- a/RELEASE_NOTES
+++ b/RELEASE_NOTES
@@ -1,3 +1,9 @@
+2020.6.4
+- 2020-06-11 TUN-3085: Pass connection authentication information using TunnelAuth struct
+- 2020-06-15 TUN-3084: Generate and store tunnel_secret value during tunnel creation
+- 2020-06-16 AUTH-2815 add the log file to support the config.yaml file
+- 2020-06-02 TUN-3015: Add a new cap'n'proto RPC interface for connection registration as well as matching client and server implementations. The old interface extends the new one for backward compatibility.
+
 2020.6.3
 - 2020-06-15 DEVTOOLS-7321: Add openssh-client pkg for missing ssh-keyscan
 - 2020-06-15 AUTH-2813 adds back a single file support a cloudflared log file

From 0f893fab47bb8b91c0986e4e1f3fbace51a57f57 Mon Sep 17 00:00:00 2001
From: Robert McNeil <rmcneil@cloudflare.com>
Date: Tue, 16 Jun 2020 11:24:56 -0700
Subject: [PATCH 089/100] DEVTOOLS-7321: Don't skip macOS builds based on tag

---
 .teamcity/build-macos.sh | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/.teamcity/build-macos.sh b/.teamcity/build-macos.sh
index 43d47195..9ea3e1f4 100755
--- a/.teamcity/build-macos.sh
+++ b/.teamcity/build-macos.sh
@@ -2,12 +2,6 @@
 
 set -euo pipefail
 
-if ! git describe --tags --exact-match 2>/dev/null ; then
-    echo "Skipping public release for an untagged commit."
-    echo "##teamcity[buildStatus status='SUCCESS' text='Skipped due to lack of tag']"
-    exit 0
-fi
-
 if [[ "$(uname)" != "Darwin" ]] ; then
     echo "This should be run on macOS"
     exit 1

From 7b2f286210851232fd9d3efbfe5980a78f8a4be5 Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Tue, 16 Jun 2020 14:42:58 -0500
Subject: [PATCH 090/100] fix for a flaky test

---
 sshlog/session_logger_test.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sshlog/session_logger_test.go b/sshlog/session_logger_test.go
index 35d0aecb..60b4dac2 100644
--- a/sshlog/session_logger_test.go
+++ b/sshlog/session_logger_test.go
@@ -25,12 +25,12 @@ func TestSessionLogWrite(t *testing.T) {
 	testStr := "hi"
 	logger := createSessionLogger(t)
 	defer func() {
-		logger.Close()
 		os.Remove(sessionLogFileName)
 	}()
 
 	logger.Write([]byte(testStr))
-	time.Sleep(2 * time.Millisecond)
+	logger.Close()
+
 	f, err := os.Open(sessionLogFileName)
 	if err != nil {
 		t.Fatal("couldn't read the log file!", err)

From 425554077f06b319fe5ad8281bff048277197a7a Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Tue, 16 Jun 2020 16:18:24 -0500
Subject: [PATCH 091/100] AUTH-2815 flag check was wrong. stupid oversight

---
 cmd/cloudflared/tunnel/cmd.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index beb328de..9402cd73 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -217,7 +217,7 @@ func createLogger(c *cli.Context, isTransport bool) (logger.Service, error) {
 	loggerOpts := []logger.Option{}
 
 	logPath := c.String("logfile")
-	if logPath != "" {
+	if logPath == "" {
 		logPath = c.String(logDirectoryFlag)
 	}
 

From b95b289a8c8d88275ae5bb325c5166cb56bac3e8 Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Tue, 16 Jun 2020 17:55:33 -0500
Subject: [PATCH 092/100] TUN-3101: Tunnel list command should only show
 non-deleted, by default

---
 cmd/cloudflared/tunnel/subcommands.go | 20 ++++++++++++++++++--
 tunnelstore/client.go                 |  1 +
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/cmd/cloudflared/tunnel/subcommands.go b/cmd/cloudflared/tunnel/subcommands.go
index 07740789..5a979dad 100644
--- a/cmd/cloudflared/tunnel/subcommands.go
+++ b/cmd/cloudflared/tunnel/subcommands.go
@@ -22,6 +22,11 @@ import (
 )
 
 var (
+	showDeletedFlag = &cli.BoolFlag{
+		Name:    "show-deleted",
+		Aliases: []string{"d"},
+		Usage:   "Include deleted tunnels in the list",
+	}
 	outputFormatFlag = &cli.StringFlag{
 		Name:    "output",
 		Aliases: []string{"o"},
@@ -137,7 +142,7 @@ func buildListCommand() *cli.Command {
 		Usage:     "List existing tunnels",
 		ArgsUsage: " ",
 		Hidden:    hideSubcommands,
-		Flags:     []cli.Flag{outputFormatFlag},
+		Flags:     []cli.Flag{outputFormatFlag, showDeletedFlag},
 	}
 }
 
@@ -157,11 +162,22 @@ func listTunnels(c *cli.Context) error {
 	}
 	client := newTunnelstoreClient(c, cert, logger)
 
-	tunnels, err := client.ListTunnels()
+	allTunnels, err := client.ListTunnels()
 	if err != nil {
 		return errors.Wrap(err, "Error listing tunnels")
 	}
 
+	var tunnels []tunnelstore.Tunnel
+	if c.Bool("show-deleted") {
+		tunnels = allTunnels
+	} else {
+		for _, tunnel := range allTunnels {
+			if tunnel.DeletedAt.IsZero() {
+				tunnels = append(tunnels, tunnel)
+			}
+		}
+	}
+
 	if outputFormat := c.String(outputFormatFlag.Name); outputFormat != "" {
 		return renderOutput(outputFormat, tunnels)
 	}
diff --git a/tunnelstore/client.go b/tunnelstore/client.go
index 2730cdb1..3f772852 100644
--- a/tunnelstore/client.go
+++ b/tunnelstore/client.go
@@ -30,6 +30,7 @@ type Tunnel struct {
 	ID          string       `json:"id"`
 	Name        string       `json:"name"`
 	CreatedAt   time.Time    `json:"created_at"`
+	DeletedAt   time.Time    `json:"deleted_at"`
 	Connections []Connection `json:"connections"`
 }
 

From a1a8645294d2e573f4f639d4f145cc7e356ed62d Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Tue, 16 Jun 2020 17:43:22 -0500
Subject: [PATCH 093/100] TUN-3066: Command line action for tunnel run

---
 cmd/cloudflared/tunnel/cmd.go         |  5 +-
 cmd/cloudflared/tunnel/subcommands.go | 69 +++++++++++++++++++++++----
 2 files changed, 63 insertions(+), 11 deletions(-)

diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index 9402cd73..d5d3b439 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -172,6 +172,7 @@ func Commands() []*cli.Command {
 	subcommands = append(subcommands, buildCreateCommand())
 	subcommands = append(subcommands, buildListCommand())
 	subcommands = append(subcommands, buildDeleteCommand())
+	subcommands = append(subcommands, buildRunCommand())
 
 	cmds = append(cmds, &cli.Command{
 		Name:      "tunnel",
@@ -1092,8 +1093,8 @@ func stdinControl(reconnectCh chan origin.ReconnectSignal, logger logger.Service
 				logger.Infof("Unknown command: %s", command)
 				fallthrough
 			case "help":
-				logger.Info(`Supported command: 
-reconnect [delay] 
+				logger.Info(`Supported command:
+reconnect [delay]
 - restarts one randomly chosen connection with optional delay before reconnect`)
 			}
 		}
diff --git a/cmd/cloudflared/tunnel/subcommands.go b/cmd/cloudflared/tunnel/subcommands.go
index 5a979dad..a8dc7f98 100644
--- a/cmd/cloudflared/tunnel/subcommands.go
+++ b/cmd/cloudflared/tunnel/subcommands.go
@@ -4,6 +4,7 @@ import (
 	"crypto/rand"
 	"encoding/json"
 	"fmt"
+	"io/ioutil"
 	"os"
 	"path/filepath"
 	"sort"
@@ -32,6 +33,14 @@ var (
 		Aliases: []string{"o"},
 		Usage:   "Render output using given `FORMAT`. Valid options are 'json' or 'yaml'",
 	}
+	forceFlag = &cli.StringFlag{
+		Name:    "force",
+		Aliases: []string{"f"},
+		Usage: "By default, if a tunnel is currently being run from a cloudflared, you can't " +
+			"simultaneously rerun it again from a second cloudflared. The --force flag lets you " +
+			"overwrite the previous tunnel. If you want to use a single hostname with multiple " +
+			"tunnels, you can do so with Cloudflare's Load Balancer product.",
+	}
 )
 
 const hideSubcommands = true
@@ -117,13 +126,6 @@ func writeTunnelCredentials(tunnelID, accountID, originCertPath string, tunnelSe
 	if err != nil {
 		return err
 	}
-	logger.Infof("Writing tunnel credentials to %v. cloudflared chose this file based on where your origin certificate was found.", filePath)
-	logger.Infof("Keep this file secret. To revoke these credentials, delete the tunnel.")
-	file, err := os.Create(filePath)
-	if err != nil {
-		return errors.Wrap(err, fmt.Sprintf("Unable to write to %s", filePath))
-	}
-	defer file.Close()
 	body, err := json.Marshal(pogs.TunnelAuth{
 		AccountTag:   accountID,
 		TunnelSecret: tunnelSecret,
@@ -131,8 +133,23 @@ func writeTunnelCredentials(tunnelID, accountID, originCertPath string, tunnelSe
 	if err != nil {
 		return errors.Wrap(err, "Unable to marshal tunnel credentials to JSON")
 	}
-	fmt.Fprintf(file, "%d", body)
-	return nil
+	logger.Infof("Writing tunnel credentials to %v. cloudflared chose this file based on where your origin certificate was found.", filePath)
+	logger.Infof("Keep this file secret. To revoke these credentials, delete the tunnel.")
+	return ioutil.WriteFile(filePath, body, 400)
+}
+
+func readTunnelCredentials(tunnelID, originCertPath string) (*pogs.TunnelAuth, error) {
+	filePath, err := tunnelFilePath(tunnelID, originCertPath)
+	if err != nil {
+		return nil, err
+	}
+	body, err := ioutil.ReadFile(filePath)
+	if err != nil {
+		return nil, errors.Wrapf(err, "couldn't read tunnel credentials from %v", filePath)
+	}
+	auth := pogs.TunnelAuth{}
+	err = json.Unmarshal(body, &auth)
+	return &auth, errors.Wrap(err, "couldn't parse tunnel credentials from JSON")
 }
 
 func buildListCommand() *cli.Command {
@@ -290,3 +307,37 @@ func getOriginCertFromContext(originCertPath string, logger logger.Service) (*ce
 	}
 	return cert, nil
 }
+
+func buildRunCommand() *cli.Command {
+	return &cli.Command{
+		Name:      "run",
+		Action:    cliutil.ErrorHandler(runTunnel),
+		Usage:     "Proxy a local web server by running the given tunnel",
+		ArgsUsage: "TUNNEL-ID",
+		Hidden:    hideSubcommands,
+		Flags:     []cli.Flag{forceFlag},
+	}
+}
+
+func runTunnel(c *cli.Context) error {
+	if c.NArg() != 1 {
+		return cliutil.UsageError(`"cloudflared tunnel run" requires exactly 1 argument, the ID of the tunnel to run.`)
+	}
+	id := c.Args().First()
+
+	logger, err := logger.New()
+	if err != nil {
+		return errors.Wrap(err, "error setting up logger")
+	}
+
+	originCertPath, err := findOriginCert(c, logger)
+	if err != nil {
+		return errors.Wrap(err, "Error locating origin cert")
+	}
+	credentials, err := readTunnelCredentials(id, originCertPath)
+	if err != nil {
+		return err
+	}
+	logger.Debugf("Read credentials for %v", credentials.AccountTag)
+	panic("TODO: start tunnel supervisor")
+}

From 4f9cfa654270ab581871839031e2344063140237 Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Tue, 16 Jun 2020 17:20:09 -0500
Subject: [PATCH 094/100] TUN-3100 make updater report the right text

---
 cmd/cloudflared/updater/update.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/cloudflared/updater/update.go b/cmd/cloudflared/updater/update.go
index 4de6b406..6457a4ac 100644
--- a/cmd/cloudflared/updater/update.go
+++ b/cmd/cloudflared/updater/update.go
@@ -67,7 +67,7 @@ type UpdateOutcome struct {
 }
 
 func (uo *UpdateOutcome) noUpdate() bool {
-	return uo.Error != nil && uo.Updated == false
+	return uo.Error == nil && uo.Updated == false
 }
 
 func checkForUpdateAndApply() UpdateOutcome {

From 9131e842a5fbc4e95fe04f87b787062a955b569d Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Wed, 17 Jun 2020 14:40:53 -0500
Subject: [PATCH 095/100] Release 2020.6.5

---
 RELEASE_NOTES | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/RELEASE_NOTES b/RELEASE_NOTES
index ea6378dd..03480404 100644
--- a/RELEASE_NOTES
+++ b/RELEASE_NOTES
@@ -1,3 +1,11 @@
+2020.6.5
+- 2020-06-16 DEVTOOLS-7321: Don't skip macOS builds based on tag
+- 2020-06-16 fix for a flaky test
+- 2020-06-16 AUTH-2815 flag check was wrong. stupid oversight
+- 2020-06-16 TUN-3101: Tunnel list command should only show non-deleted, by default
+- 2020-06-16 TUN-3066: Command line action for tunnel run
+- 2020-06-16 TUN-3100 make updater report the right text
+
 2020.6.4
 - 2020-06-11 TUN-3085: Pass connection authentication information using TunnelAuth struct
 - 2020-06-15 TUN-3084: Generate and store tunnel_secret value during tunnel creation

From 4d3ebaf9844daf183ee7dc30c61dec8d57e16591 Mon Sep 17 00:00:00 2001
From: Adam Chalmers <achalmers@cloudflare.com>
Date: Wed, 17 Jun 2020 13:33:55 -0500
Subject: [PATCH 096/100] TUN-3106: Pass NamedTunnel config to StartServer

---
 cmd/cloudflared/main.go               |  2 +-
 cmd/cloudflared/tunnel/cmd.go         |  6 +++---
 cmd/cloudflared/tunnel/subcommands.go |  3 ++-
 origin/supervisor.go                  |  7 +++++--
 origin/supervisor_test.go             |  8 ++++----
 origin/tunnel.go                      | 20 +++++++++++++-------
 6 files changed, 28 insertions(+), 18 deletions(-)

diff --git a/cmd/cloudflared/main.go b/cmd/cloudflared/main.go
index 3a318e2d..71263059 100644
--- a/cmd/cloudflared/main.go
+++ b/cmd/cloudflared/main.go
@@ -129,7 +129,7 @@ func action(version string, shutdownC, graceShutdownC chan struct{}) cli.ActionF
 		tags := make(map[string]string)
 		tags["hostname"] = c.String("hostname")
 		raven.SetTagsContext(tags)
-		raven.CapturePanic(func() { err = tunnel.StartServer(c, version, shutdownC, graceShutdownC) }, nil)
+		raven.CapturePanic(func() { err = tunnel.StartServer(c, version, shutdownC, graceShutdownC, nil) }, nil)
 		exitCode := 0
 		if err != nil {
 			handleError(err)
diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index d5d3b439..f3b8476d 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -207,7 +207,7 @@ func Commands() []*cli.Command {
 }
 
 func tunnel(c *cli.Context) error {
-	return StartServer(c, version, shutdownC, graceShutdownC)
+	return StartServer(c, version, shutdownC, graceShutdownC, nil)
 }
 
 func Init(v string, s, g chan struct{}) {
@@ -238,7 +238,7 @@ func createLogger(c *cli.Context, isTransport bool) (logger.Service, error) {
 	return logger.New(loggerOpts...)
 }
 
-func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan struct{}) error {
+func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan struct{}, namedTunnel *origin.NamedTunnelConfig) error {
 	logger, err := createLogger(c, false)
 	if err != nil {
 		return cliutil.PrintLoggerSetupError("error setting up logger", err)
@@ -475,7 +475,7 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		errC <- origin.StartTunnelDaemon(ctx, tunnelConfig, connectedSignal, cloudflaredID, reconnectCh)
+		errC <- origin.StartTunnelDaemon(ctx, tunnelConfig, connectedSignal, cloudflaredID, reconnectCh, namedTunnel)
 	}()
 
 	return waitToShutdown(&wg, errC, shutdownC, graceShutdownC, c.Duration("grace-period"), logger)
diff --git a/cmd/cloudflared/tunnel/subcommands.go b/cmd/cloudflared/tunnel/subcommands.go
index a8dc7f98..b49882bd 100644
--- a/cmd/cloudflared/tunnel/subcommands.go
+++ b/cmd/cloudflared/tunnel/subcommands.go
@@ -18,6 +18,7 @@ import (
 	"github.com/cloudflare/cloudflared/certutil"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
 	"github.com/cloudflare/cloudflared/logger"
+	"github.com/cloudflare/cloudflared/origin"
 	"github.com/cloudflare/cloudflared/tunnelrpc/pogs"
 	"github.com/cloudflare/cloudflared/tunnelstore"
 )
@@ -339,5 +340,5 @@ func runTunnel(c *cli.Context) error {
 		return err
 	}
 	logger.Debugf("Read credentials for %v", credentials.AccountTag)
-	panic("TODO: start tunnel supervisor")
+	return StartServer(c, version, shutdownC, graceShutdownC, &origin.NamedTunnelConfig{Auth: *credentials, ID: id})
 }
diff --git a/origin/supervisor.go b/origin/supervisor.go
index b3c680f9..027d3173 100644
--- a/origin/supervisor.go
+++ b/origin/supervisor.go
@@ -68,6 +68,8 @@ type Supervisor struct {
 	connDigest     map[uint8][]byte
 
 	bufferPool *buffer.Pool
+
+	namedTunnel *NamedTunnelConfig
 }
 
 type resolveResult struct {
@@ -80,7 +82,7 @@ type tunnelError struct {
 	err   error
 }
 
-func NewSupervisor(config *TunnelConfig, u uuid.UUID) (*Supervisor, error) {
+func NewSupervisor(config *TunnelConfig, cloudflaredUUID uuid.UUID, namedTunnel *NamedTunnelConfig) (*Supervisor, error) {
 	var (
 		edgeIPs *edgediscovery.Edge
 		err     error
@@ -94,7 +96,7 @@ func NewSupervisor(config *TunnelConfig, u uuid.UUID) (*Supervisor, error) {
 		return nil, err
 	}
 	return &Supervisor{
-		cloudflaredUUID:   u,
+		cloudflaredUUID:   cloudflaredUUID,
 		config:            config,
 		edgeIPs:           edgeIPs,
 		tunnelErrors:      make(chan tunnelError),
@@ -102,6 +104,7 @@ func NewSupervisor(config *TunnelConfig, u uuid.UUID) (*Supervisor, error) {
 		logger:            config.Logger,
 		connDigest:        make(map[uint8][]byte),
 		bufferPool:        buffer.NewPool(512 * 1024),
+		namedTunnel:       namedTunnel,
 	}, nil
 }
 
diff --git a/origin/supervisor_test.go b/origin/supervisor_test.go
index 21eeec60..7b1ff701 100644
--- a/origin/supervisor_test.go
+++ b/origin/supervisor_test.go
@@ -48,7 +48,7 @@ func TestRefreshAuthBackoff(t *testing.T) {
 		return time.After(d)
 	}
 
-	s, err := NewSupervisor(testConfig(logger), uuid.New())
+	s, err := NewSupervisor(testConfig(logger), uuid.New(), nil)
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
@@ -92,7 +92,7 @@ func TestRefreshAuthSuccess(t *testing.T) {
 		return time.After(d)
 	}
 
-	s, err := NewSupervisor(testConfig(logger), uuid.New())
+	s, err := NewSupervisor(testConfig(logger), uuid.New(), nil)
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
@@ -120,7 +120,7 @@ func TestRefreshAuthUnknown(t *testing.T) {
 		return time.After(d)
 	}
 
-	s, err := NewSupervisor(testConfig(logger), uuid.New())
+	s, err := NewSupervisor(testConfig(logger), uuid.New(), nil)
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
@@ -142,7 +142,7 @@ func TestRefreshAuthUnknown(t *testing.T) {
 func TestRefreshAuthFail(t *testing.T) {
 	logger := logger.NewOutputWriter(logger.NewMockWriteManager())
 
-	s, err := NewSupervisor(testConfig(logger), uuid.New())
+	s, err := NewSupervisor(testConfig(logger), uuid.New(), nil)
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
diff --git a/origin/tunnel.go b/origin/tunnel.go
index dc5bbb78..20361e5d 100644
--- a/origin/tunnel.go
+++ b/origin/tunnel.go
@@ -26,6 +26,7 @@ import (
 	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/signal"
 	"github.com/cloudflare/cloudflared/tunnelrpc"
+	"github.com/cloudflare/cloudflared/tunnelrpc/pogs"
 	tunnelpogs "github.com/cloudflare/cloudflared/tunnelrpc/pogs"
 	"github.com/cloudflare/cloudflared/validation"
 	"github.com/cloudflare/cloudflared/websocket"
@@ -178,8 +179,13 @@ func (c *TunnelConfig) SupportedFeatures() []string {
 	return basic
 }
 
-func StartTunnelDaemon(ctx context.Context, config *TunnelConfig, connectedSignal *signal.Signal, cloudflaredID uuid.UUID, reconnectCh chan ReconnectSignal) error {
-	s, err := NewSupervisor(config, cloudflaredID)
+type NamedTunnelConfig struct {
+	Auth pogs.TunnelAuth
+	ID   string
+}
+
+func StartTunnelDaemon(ctx context.Context, config *TunnelConfig, connectedSignal *signal.Signal, cloudflaredID uuid.UUID, reconnectCh chan ReconnectSignal, namedTunnel *NamedTunnelConfig) error {
+	s, err := NewSupervisor(config, cloudflaredID, namedTunnel)
 	if err != nil {
 		return err
 	}
@@ -192,7 +198,7 @@ func ServeTunnelLoop(ctx context.Context,
 	addr *net.TCPAddr,
 	connectionID uint8,
 	connectedSignal *signal.Signal,
-	u uuid.UUID,
+	cloudflaredUUID uuid.UUID,
 	bufferPool *buffer.Pool,
 	reconnectCh chan ReconnectSignal,
 ) error {
@@ -216,7 +222,7 @@ func ServeTunnelLoop(ctx context.Context,
 			addr, connectionID,
 			connectedFuse,
 			&backoff,
-			u,
+			cloudflaredUUID,
 			bufferPool,
 			reconnectCh,
 		)
@@ -240,7 +246,7 @@ func ServeTunnel(
 	connectionID uint8,
 	connectedFuse *h2mux.BooleanFuse,
 	backoff *BackoffHandler,
-	u uuid.UUID,
+	cloudflaredUUID uuid.UUID,
 	bufferPool *buffer.Pool,
 	reconnectCh chan ReconnectSignal,
 ) (err error, recoverable bool) {
@@ -300,7 +306,7 @@ func ServeTunnel(
 						connDigest = digest
 					}
 				}
-				return ReconnectTunnel(serveCtx, token, eventDigest, connDigest, handler.muxer, config, logger, connectionID, originLocalIP, u, credentialManager)
+				return ReconnectTunnel(serveCtx, token, eventDigest, connDigest, handler.muxer, config, logger, connectionID, originLocalIP, cloudflaredUUID, credentialManager)
 			}
 			// log errors and proceed to RegisterTunnel
 			if tokenErr != nil {
@@ -310,7 +316,7 @@ func ServeTunnel(
 				logger.Errorf("Couldn't get event digest: %s", eventDigestErr)
 			}
 		}
-		return RegisterTunnel(serveCtx, credentialManager, handler.muxer, config, logger, connectionID, originLocalIP, u)
+		return RegisterTunnel(serveCtx, credentialManager, handler.muxer, config, logger, connectionID, originLocalIP, cloudflaredUUID)
 	})
 
 	errGroup.Go(func() error {

From 3886021ba583857abc80d93fc8535f8a69431fc3 Mon Sep 17 00:00:00 2001
From: cthuang <chungting@cloudflare.com>
Date: Thu, 18 Jun 2020 21:17:43 +0800
Subject: [PATCH 097/100] TUN-3107: UnregisterConnection shouldn't wrap nil
 error as RPC error

---
 tunnelrpc/pogs/connectionrpc.go | 5 ++++-
 tunnelrpc/pogs/errors.go        | 9 ++++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/tunnelrpc/pogs/connectionrpc.go b/tunnelrpc/pogs/connectionrpc.go
index 971f5393..9327eea3 100644
--- a/tunnelrpc/pogs/connectionrpc.go
+++ b/tunnelrpc/pogs/connectionrpc.go
@@ -229,5 +229,8 @@ func (c TunnelServer_PogsClient) Unregister(ctx context.Context) error {
 		return nil
 	})
 	_, err := promise.Struct()
-	return wrapRPCError(err)
+	if err != nil {
+		return wrapRPCError(err)
+	}
+	return nil
 }
diff --git a/tunnelrpc/pogs/errors.go b/tunnelrpc/pogs/errors.go
index 7fd2a497..d64ab5e9 100644
--- a/tunnelrpc/pogs/errors.go
+++ b/tunnelrpc/pogs/errors.go
@@ -37,9 +37,12 @@ func (re *RPCError) Error() string {
 }
 
 func wrapRPCError(err error) *RPCError {
-	return &RPCError{
-		err: err,
+	if err != nil {
+		return &RPCError{
+			err: err,
+		}
 	}
+	return nil
 }
 
 func newRPCError(format string, args ...interface{}) *RPCError {
@@ -50,4 +53,4 @@ func newRPCError(format string, args ...interface{}) *RPCError {
 
 func (re *RPCError) Unwrap() error {
 	return re.err
-}
\ No newline at end of file
+}

From e3a9aa4296b1a585bf17bb4ea25fdd6c539d3a00 Mon Sep 17 00:00:00 2001
From: Michael Borkenstein <mborkenstein@cloudflare.com>
Date: Wed, 17 Jun 2020 10:13:39 -0500
Subject: [PATCH 098/100] AUTH-2652: Adds .docker-images to push images to
 docker hub

---
 .docker-images | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 .docker-images

diff --git a/.docker-images b/.docker-images
new file mode 100644
index 00000000..9743ef78
--- /dev/null
+++ b/.docker-images
@@ -0,0 +1,8 @@
+images:
+  - name: cloudflared
+    dockerfile: Dockerfile
+    context: .
+    registries:
+    - name: docker.io/michael9127
+      user: env:DOCKER_USER
+      password: env:DOCKER_PASSWORD  

From b46acd7f6381dbfff81b265c3d8a06988424af62 Mon Sep 17 00:00:00 2001
From: Michael Borkenstein <mborkenstein@cloudflare.com>
Date: Tue, 23 Jun 2020 16:23:40 -0500
Subject: [PATCH 099/100] AUTH-2685: Adds script to create release

---
 Makefile          |  10 ++++
 cfsetup.yaml      |  64 +++++++++++++++++++++++
 github_release.py | 128 ++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 202 insertions(+)
 create mode 100755 github_release.py

diff --git a/Makefile b/Makefile
index 56158453..41fc274c 100644
--- a/Makefile
+++ b/Makefile
@@ -40,6 +40,12 @@ else
     $(error This system's OS $(LOCAL_OS) isn't supported)
 endif
 
+ifeq ($(TARGET_OS), windows)
+	EXECUTABLE_PATH=./cloudflared.exe
+else
+	EXECUTABLE_PATH=./cloudflared
+endif
+
 .PHONY: all
 all: cloudflared test
 
@@ -88,6 +94,10 @@ homebrew-release: homebrew-upload
 release: bin/equinox
 	bin/equinox release $(EQUINOX_FLAGS) -- $(VERSION_FLAGS) $(IMPORT_PATH)/cmd/cloudflared
 
+.PHONY: github-release
+github-release: cloudflared
+	python3 github_release.py --path $(EXECUTABLE_PATH) --release-version $(VERSION)
+
 bin/equinox:
 	mkdir -p bin
 	curl -s https://bin.equinox.io/c/75JtLRTsJ3n/release-tool-beta-$(EQUINOX_PLATFORM).tgz | tar xz -C bin/
diff --git a/cfsetup.yaml b/cfsetup.yaml
index f7ddcb2c..55420ee9 100644
--- a/cfsetup.yaml
+++ b/cfsetup.yaml
@@ -31,6 +31,18 @@ stretch: &stretch
       - export GOOS=linux
       - export GOARCH=amd64
       - make release
+  github-release-linux-amd64:
+    build_dir: *build_dir
+    builddeps:
+      - *pinned_go
+      - build-essential
+      - python3-setuptools
+      - python3-pip
+    post-cache:
+      - pip3 install pygithub
+      - export GOOS=linux
+      - export GOARCH=amd64
+      - make github-release
   release-linux-armv6:
     build_dir: *build_dir
     builddeps:
@@ -42,6 +54,20 @@ stretch: &stretch
       - export GOARCH=arm
       - export CC=arm-linux-gnueabihf-gcc
       - make release
+  github-release-linux-armv6:
+    build_dir: *build_dir
+    builddeps:
+      - *pinned_go
+      - crossbuild-essential-armhf
+      - gcc-arm-linux-gnueabihf
+      - python3-setuptools
+      - python3-pip
+    post-cache:
+      - pip3 install pygithub
+      - export GOOS=linux
+      - export GOARCH=arm
+      - export CC=arm-linux-gnueabihf-gcc
+      - make github-release
   release-linux-386:
     build_dir: *build_dir
     builddeps:
@@ -51,6 +77,18 @@ stretch: &stretch
       - export GOOS=linux
       - export GOARCH=386
       - make release
+  github-release-linux-386:
+    build_dir: *build_dir
+    builddeps:
+      - *pinned_go
+      - gcc-multilib
+      - python3-setuptools
+      - python3-pip
+    post-cache:
+      - pip3 install pygithub
+      - export GOOS=linux
+      - export GOARCH=386
+      - make github-release
   release-windows-amd64:
     build_dir: *build_dir
     builddeps:
@@ -61,6 +99,19 @@ stretch: &stretch
       - export GOARCH=amd64
       - export CC=x86_64-w64-mingw32-gcc
       - make release
+  github-release-windows-amd64:
+    build_dir: *build_dir
+    builddeps:
+      - *pinned_go
+      - gcc-mingw-w64
+      - python3-setuptools
+      - python3-pip
+    post-cache:
+      - pip3 install pygithub
+      - export GOOS=windows
+      - export GOARCH=amd64
+      - export CC=x86_64-w64-mingw32-gcc
+      - make github-release
   release-windows-386:
     build_dir: *build_dir
     builddeps:
@@ -71,6 +122,19 @@ stretch: &stretch
       - export GOARCH=386
       - export CC=i686-w64-mingw32-gcc-win32
       - make release
+  github-release-windows-386:
+    build_dir: *build_dir
+    builddeps:
+      - *pinned_go
+      - gcc-mingw-w64
+      - python3-setuptools
+      - python3-pip
+    post-cache:
+      - pip3 install pygithub
+      - export GOOS=windows
+      - export GOARCH=386
+      - export CC=i686-w64-mingw32-gcc-win32
+      - make github-release
   test:
     build_dir: *build_dir
     builddeps:
diff --git a/github_release.py b/github_release.py
new file mode 100755
index 00000000..6ced8032
--- /dev/null
+++ b/github_release.py
@@ -0,0 +1,128 @@
+#!/usr/bin/python3
+"""
+Creates Github Releases and uploads assets
+"""
+
+import argparse
+import logging
+import os
+
+from github import Github, GithubException, UnknownObjectException
+
+FORMAT = "%(levelname)s - %(asctime)s: %(message)s"
+logging.basicConfig(format=FORMAT)
+
+CLOUDFLARED_REPO = os.environ.get("GITHUB_REPO", "cloudflare/cloudflared")
+GITHUB_CONFLICT_CODE = "already_exists"
+
+
+def assert_tag_exists(repo, version):
+    """ Raise exception if repo does not contain a tag matching version """
+    tags = repo.get_tags()
+    if not tags or tags[0].name != version:
+        raise Exception("Tag {} not found".format(version))
+
+
+def get_or_create_release(repo, version, dry_run=False):
+    """
+    Get a Github Release matching the version tag or create a new one.
+    If a conflict occurs on creation, attempt to fetch the Release on last time
+    """
+    try:
+        release = repo.get_release(version)
+        logging.info("Release %s found", version)
+        return release
+    except UnknownObjectException:
+        logging.info("Release %s not found", version)
+
+    # We dont want to create a new release tag if one doesnt already exist
+    assert_tag_exists(repo, version)
+
+    if dry_run:
+        logging.info("Skipping Release creation because of dry-run")
+        return
+
+    try:
+        logging.info("Creating release %s", version)
+        return repo.create_git_release(version, version, "")
+    except GithubException as e:
+        errors = e.data.get("errors", [])
+        if e.status == 422 and any(
+            [err.get("code") == GITHUB_CONFLICT_CODE for err in errors]
+        ):
+            logging.warning(
+                "Conflict: Release was likely just made by a different build: %s",
+                e.data,
+            )
+            return repo.get_release(version)
+        raise e
+
+
+def parse_args():
+    """ Parse and validate args """
+    parser = argparse.ArgumentParser(
+        description="Creates Github Releases and uploads assets."
+    )
+    parser.add_argument(
+        "--api-key", default=os.environ.get("API_KEY"), help="Github API key"
+    )
+    parser.add_argument(
+        "--release-version",
+        metavar="version",
+        default=os.environ.get("VERSION"),
+        help="Release version",
+    )
+    parser.add_argument(
+        "--path", default=os.environ.get("ASSET_PATH"), help="Asset path"
+    )
+    parser.add_argument(
+        "--name", default=os.environ.get("ASSET_NAME"), help="Asset Name"
+    )
+    parser.add_argument(
+        "--dry-run", action="store_true", help="Do not create release or upload asset"
+    )
+
+    args = parser.parse_args()
+    is_valid = True
+    if not args.release_version:
+        logging.error("Missing release version")
+        is_valid = False
+
+    if not args.path:
+        logging.error("Missing asset path")
+        is_valid = False
+
+    if not args.name:
+        logging.error("Missing asset name")
+        is_valid = False
+
+    if not args.api_key:
+        logging.error("Missing API key")
+        is_valid = False
+
+    if is_valid:
+        return args
+
+    parser.print_usage()
+    exit(1)
+
+
+def main():
+    """ Attempts to upload Asset to Github Release. Creates Release if it doesnt exist """
+    try:
+        args = parse_args()
+        client = Github(args.api_key)
+        repo = client.get_repo(CLOUDFLARED_REPO)
+        release = get_or_create_release(repo, args.release_version, args.dry_run)
+
+        if args.dry_run:
+            logging.info("Skipping asset upload because of dry-run")
+            return
+
+        release.upload_asset(args.path, name=args.name)
+    except Exception as e:
+        logging.exception(e)
+        exit(1)
+
+
+main()

From 0c65daaa7dbb66e16d8716abcb9684fc81988263 Mon Sep 17 00:00:00 2001
From: Dalton <dalton@cloudflare.com>
Date: Thu, 18 Jun 2020 16:55:40 -0500
Subject: [PATCH 100/100] AUTH-2712 mac package build script and better config
 file handling when started as a service

---
 .gitignore                              |  1 +
 .mac_resources/scripts/postinstall      |  7 +++
 .mac_resources/uninstall.sh             |  5 ++
 cmd/cloudflared/config/configuration.go | 80 +++++++++++++++++++++++--
 cmd/cloudflared/config/manager_test.go  |  3 -
 cmd/cloudflared/config/model.go         | 13 ++--
 cmd/cloudflared/main.go                 |  2 +-
 make-mac-pkg.sh                         | 31 ++++++++++
 wix.json                                | 45 ++++++++++++++
 9 files changed, 171 insertions(+), 16 deletions(-)
 create mode 100755 .mac_resources/scripts/postinstall
 create mode 100644 .mac_resources/uninstall.sh
 create mode 100755 make-mac-pkg.sh
 create mode 100644 wix.json

diff --git a/.gitignore b/.gitignore
index 2de5db2f..65164567 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,6 +9,7 @@ guide/public
 \#*\#
 cscope.*
 cloudflared
+cloudflared.pkg
 cloudflared.exe
 !cmd/cloudflared/
 .DS_Store
diff --git a/.mac_resources/scripts/postinstall b/.mac_resources/scripts/postinstall
new file mode 100755
index 00000000..deb4ecbf
--- /dev/null
+++ b/.mac_resources/scripts/postinstall
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# uninstall first in case this is an upgrade
+/usr/local/bin/cloudflared service uninstall
+
+# install the new service using launchctl
+/usr/local/bin/cloudflared service install
\ No newline at end of file
diff --git a/.mac_resources/uninstall.sh b/.mac_resources/uninstall.sh
new file mode 100644
index 00000000..28563df9
--- /dev/null
+++ b/.mac_resources/uninstall.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+/usr/local/bin/cloudflared service uninstall
+rm /usr/local/bin/cloudflared
+pkgutil --forget com.cloudflare.cloudflared
\ No newline at end of file
diff --git a/cmd/cloudflared/config/configuration.go b/cmd/cloudflared/config/configuration.go
index 9512782f..ed72f3c0 100644
--- a/cmd/cloudflared/config/configuration.go
+++ b/cmd/cloudflared/config/configuration.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 	"os"
 	"path/filepath"
+	"runtime"
 
 	"github.com/cloudflare/cloudflared/validation"
 	homedir "github.com/mitchellh/go-homedir"
@@ -13,16 +14,54 @@ import (
 )
 
 var (
-	// File names from which we attempt to read configuration.
+	// DefaultConfigFiles is the file names from which we attempt to read configuration.
 	DefaultConfigFiles = []string{"config.yml", "config.yaml"}
 
+	// DefaultUnixConfigLocation is the primary location to find a config file
+	DefaultUnixConfigLocation = "/usr/local/etc/cloudflared"
+
+	// DefaultUnixLogLocation is the primary location to find log files
+	DefaultUnixLogLocation = "/var/log/cloudflared"
+
 	// Launchd doesn't set root env variables, so there is default
 	// Windows default config dir was ~/cloudflare-warp in documentation; let's keep it compatible
-	DefaultConfigDirs = []string{"~/.cloudflared", "~/.cloudflare-warp", "~/cloudflare-warp", "/usr/local/etc/cloudflared", "/etc/cloudflared"}
+	DefaultConfigDirs = []string{"~/.cloudflared", "~/.cloudflare-warp", "~/cloudflare-warp", "/etc/cloudflared", DefaultUnixConfigLocation}
 )
 
 const DefaultCredentialFile = "cert.pem"
 
+// DefaultConfigDirectory returns the default directory of the config file
+func DefaultConfigDirectory() string {
+	if runtime.GOOS == "windows" {
+		path := os.Getenv("CFDPATH")
+		if path == "" {
+			path = filepath.Join(os.Getenv("ProgramFiles(x86)"), "cloudflared")
+			if _, err := os.Stat(path); os.IsNotExist(err) { //doesn't exist, so return an empty failure string
+				return ""
+			}
+		}
+		return path
+	}
+	return DefaultUnixConfigLocation
+}
+
+// DefaultLogDirectory returns the default directory for log files
+func DefaultLogDirectory() string {
+	if runtime.GOOS == "windows" {
+		return DefaultConfigDirectory()
+	}
+	return DefaultUnixLogLocation
+}
+
+// DefaultConfigPath returns the default location of a config file
+func DefaultConfigPath() string {
+	dir := DefaultConfigDirectory()
+	if dir == "" {
+		return DefaultConfigFiles[0]
+	}
+	return filepath.Join(dir, DefaultConfigFiles[0])
+}
+
 // FileExists checks to see if a file exist at the provided path.
 func FileExists(path string) (bool, error) {
 	f, err := os.Open(path)
@@ -64,10 +103,43 @@ func FindDefaultConfigPath() string {
 	return ""
 }
 
+// FindOrCreateConfigPath returns the first path that contains a config file
+// or creates one in the primary default path if it doesn't exist
+func FindOrCreateConfigPath() string {
+	path := FindDefaultConfigPath()
+
+	if path == "" {
+		// create the default directory if it doesn't exist
+		path = DefaultConfigPath()
+		if err := os.MkdirAll(filepath.Dir(path), os.ModePerm); err != nil {
+			return ""
+		}
+
+		// write a new config file out
+		file, err := os.Create(path)
+		if err != nil {
+			return ""
+		}
+		defer file.Close()
+
+		logDir := DefaultLogDirectory()
+		os.MkdirAll(logDir, os.ModePerm) //try and create it. Doesn't matter if it succeed or not, only byproduct will be no logs
+
+		c := Root{
+			LogDirectory: logDir,
+		}
+		if err := yaml.NewEncoder(file).Encode(&c); err != nil {
+			return ""
+		}
+	}
+
+	return path
+}
+
 // FindLogSettings gets the log directory and level from the config file
 func FindLogSettings() (string, string) {
-	configPath := FindDefaultConfigPath()
-	defaultDirectory := filepath.Dir(configPath)
+	configPath := FindOrCreateConfigPath()
+	defaultDirectory := DefaultLogDirectory()
 	defaultLevel := "info"
 
 	file, err := os.Open(configPath)
diff --git a/cmd/cloudflared/config/manager_test.go b/cmd/cloudflared/config/manager_test.go
index d64675af..7121fa54 100644
--- a/cmd/cloudflared/config/manager_test.go
+++ b/cmd/cloudflared/config/manager_test.go
@@ -49,9 +49,6 @@ func TestConfigChanged(t *testing.T) {
 		os.Remove(filePath)
 	}()
 	c := &Root{
-		OrgKey:          "abcd",
-		ConfigType:      "mytype",
-		CheckinInterval: 1,
 		Forwarders: []Forwarder{
 			{
 				URL:      "test.daltoniam.com",
diff --git a/cmd/cloudflared/config/model.go b/cmd/cloudflared/config/model.go
index 7838fa01..e1c40233 100644
--- a/cmd/cloudflared/config/model.go
+++ b/cmd/cloudflared/config/model.go
@@ -34,14 +34,11 @@ type DNSResolver struct {
 
 // Root is the base options to configure the service
 type Root struct {
-	OrgKey          string      `json:"org_key" yaml:"orgKey"`
-	ConfigType      string      `json:"type"`
-	LogDirectory    string      `json:"log_directory" yaml:"logDirectory,omitempty"`
-	LogLevel        string      `json:"log_level" yaml:"logLevel"`
-	CheckinInterval int         `json:"checkin_interval" yaml:"checkinInterval"`
-	Forwarders      []Forwarder `json:"forwarders,omitempty"`
-	Tunnels         []Tunnel    `json:"tunnels,omitempty"`
-	Resolver        DNSResolver `json:"resolver,omitempty"`
+	LogDirectory string      `json:"log_directory" yaml:"logDirectory,omitempty"`
+	LogLevel     string      `json:"log_level" yaml:"logLevel,omitempty"`
+	Forwarders   []Forwarder `json:"forwarders,omitempty" yaml:"forwarders,omitempty"`
+	Tunnels      []Tunnel    `json:"tunnels,omitempty" yaml:"tunnels,omitempty"`
+	Resolver     DNSResolver `json:"resolver,omitempty" yaml:"resolver,omitempty"`
 }
 
 // Hash returns the computed values to see if the forwarder values change
diff --git a/cmd/cloudflared/main.go b/cmd/cloudflared/main.go
index 71263059..0dcd746c 100644
--- a/cmd/cloudflared/main.go
+++ b/cmd/cloudflared/main.go
@@ -182,7 +182,7 @@ func handleServiceMode(shutdownC chan struct{}) error {
 		return err
 	}
 
-	configPath := config.FindDefaultConfigPath()
+	configPath := config.FindOrCreateConfigPath()
 	configManager, err := config.NewFileManager(f, configPath, logger)
 	if err != nil {
 		logger.Errorf("Cannot setup config file for monitoring: %s", err)
diff --git a/make-mac-pkg.sh b/make-mac-pkg.sh
new file mode 100755
index 00000000..95659452
--- /dev/null
+++ b/make-mac-pkg.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+TARGET_DIRECTORY=".build"
+BINARY_NAME="cloudflared"
+VERSION=$(git describe --tags --always --dirty="-dev")
+PRODUCT="cloudflared"
+
+
+echo "building cloudflared"
+make cloudflared
+
+echo "creating build directory"
+mkdir ${TARGET_DIRECTORY}
+mkdir ${TARGET_DIRECTORY}/contents
+cp -r .mac_resources/scripts ${TARGET_DIRECTORY}/scripts
+
+echo "move cloudflared into the build directory"
+mv $BINARY_NAME {$TARGET_DIRECTORY}/contents/${PRODUCT}
+
+echo "build the installer package"
+pkgbuild --identifier com.cloudflare.${PRODUCT} \
+    --version ${VERSION} \
+    --scripts ${TARGET_DIRECTORY}/scripts \
+    --root ${TARGET_DIRECTORY}/contents \
+    --install-location /usr/local/bin \
+    ${PRODUCT}.pkg
+    # TODO: our iOS/Mac account doesn't have this installer certificate type. 
+    # need to find how we can get it --sign "Developer ID Installer: Cloudflare" \
+    
+echo "cleaning up the build directory"
+rm -rf $TARGET_DIRECTORY
diff --git a/wix.json b/wix.json
new file mode 100644
index 00000000..3966a2ce
--- /dev/null
+++ b/wix.json
@@ -0,0 +1,45 @@
+{
+  "product": "cloudflared",
+  "company": "cloudflare",
+  "license": "LICENSE",
+  "upgrade-code": "23f90fdd-9328-47ea-ab52-5380855a4b12",
+  "files": {
+    "guid": "35e5e858-9372-4449-bf73-1cd6f7267128",
+    "items": [
+      "cloudflared.exe"
+    ]
+  },
+  "env": {
+    "guid": "6bb74449-d10d-4f4a-933e-6fc9fa006eae",
+    "vars": [
+        {
+          "name": "CFDPATH",
+          "value": "[INSTALLDIR].",
+          "permanent": "no",
+          "system": "yes",
+          "action": "set",
+          "part": "all"
+        }
+    ]
+  },
+  "shortcuts": {},
+  "choco": {
+    "description": "cloudflared connects your machine or user identity to Cloudflare's global network.",
+    "project-url": "https://github.com/cloudflare/cloudflared",
+    "license-url": "https://github.com/cloudflare/cloudflared/blob/master/LICENSE"
+  },
+  "hooks": [
+    {
+      "command": "sc.exe create Cloudflared binPath=\"[INSTALLDIR]cloudflared.exe\" type=share start=auto DisplayName=\"Cloudflared\"",
+      "when": "install"
+    },
+    {
+      "command": "sc.exe start Cloudflared",
+      "when": "install"
+    },
+    {
+      "command": "sc.exe delete Cloudflared",
+      "when": "uninstall"
+    }
+  ]
+}
\ No newline at end of file