From cd07d6ed1e8c3fbaba2b00d112dfee3c21789a52 Mon Sep 17 00:00:00 2001
From: Oleksandr Deundiak <olek@ockam.io>
Date: Thu, 7 Nov 2024 21:02:46 +0100
Subject: [PATCH] feat(rust): use `ockam_ebpf` from a dedicated repo

---
 Cargo.lock                                    |  13 +-
 .../rust/ockam/ockam_ebpf/.cargo/config.toml  |   5 -
 .../rust/ockam/ockam_ebpf/CHANGELOG.md        |  30 --
 .../rust/ockam/ockam_ebpf/Cargo.lock          | 189 ----------
 .../rust/ockam/ockam_ebpf/Cargo.toml          |  41 ---
 .../rust/ockam/ockam_ebpf/README.md           |  64 ----
 .../rust/ockam/ockam_ebpf/ockam_ebpf          | Bin 69896 -> 0 bytes
 .../rust/ockam/ockam_ebpf/rust-toolchain.toml |  13 -
 .../rust/ockam/ockam_ebpf/src/checksum.rs     |  37 --
 .../ockam/ockam_ebpf/src/checksum_helpers.rs  |  45 ---
 .../rust/ockam/ockam_ebpf/src/common.rs       | 345 ------------------
 .../rust/ockam/ockam_ebpf/src/conversion.rs   |  24 --
 .../rust/ockam/ockam_ebpf/src/entrypoint.rs   |  56 ---
 .../rust/ockam/ockam_ebpf/ubuntu_arm.yaml     |  56 ---
 .../rust/ockam/ockam_ebpf/ubuntu_x86.yaml     |  56 ---
 .../rust/ockam/ockam_transport_tcp/Cargo.toml |   3 +-
 .../src/privileged_portal/ebpf_support.rs     |   2 +-
 implementations/rust/ockam/xtask/CHANGELOG.md |  10 -
 implementations/rust/ockam/xtask/Cargo.toml   |  22 --
 implementations/rust/ockam/xtask/README.md    |  65 ----
 implementations/rust/ockam/xtask/src/main.rs  | 112 ------
 21 files changed, 9 insertions(+), 1179 deletions(-)
 delete mode 100644 implementations/rust/ockam/ockam_ebpf/.cargo/config.toml
 delete mode 100644 implementations/rust/ockam/ockam_ebpf/CHANGELOG.md
 delete mode 100644 implementations/rust/ockam/ockam_ebpf/Cargo.lock
 delete mode 100644 implementations/rust/ockam/ockam_ebpf/Cargo.toml
 delete mode 100644 implementations/rust/ockam/ockam_ebpf/README.md
 delete mode 100644 implementations/rust/ockam/ockam_ebpf/ockam_ebpf
 delete mode 100644 implementations/rust/ockam/ockam_ebpf/rust-toolchain.toml
 delete mode 100644 implementations/rust/ockam/ockam_ebpf/src/checksum.rs
 delete mode 100644 implementations/rust/ockam/ockam_ebpf/src/checksum_helpers.rs
 delete mode 100644 implementations/rust/ockam/ockam_ebpf/src/common.rs
 delete mode 100644 implementations/rust/ockam/ockam_ebpf/src/conversion.rs
 delete mode 100644 implementations/rust/ockam/ockam_ebpf/src/entrypoint.rs
 delete mode 100644 implementations/rust/ockam/ockam_ebpf/ubuntu_arm.yaml
 delete mode 100644 implementations/rust/ockam/ockam_ebpf/ubuntu_x86.yaml
 delete mode 100644 implementations/rust/ockam/xtask/CHANGELOG.md
 delete mode 100644 implementations/rust/ockam/xtask/Cargo.toml
 delete mode 100644 implementations/rust/ockam/xtask/README.md
 delete mode 100644 implementations/rust/ockam/xtask/src/main.rs

diff --git a/Cargo.lock b/Cargo.lock
index e306571687e..afc0a8443bb 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4816,6 +4816,11 @@ dependencies = [
  "utcnow",
 ]
 
+[[package]]
+name = "ockam_ebpf_prebuilt"
+version = "0.1.0"
+source = "git+https://github.com/build-trust/ockam-ebpf.git#1a8aed772d5388c113ce1b7268b464fbbd702762"
+
 [[package]]
 name = "ockam_executor"
 version = "0.88.0"
@@ -4994,6 +4999,7 @@ dependencies = [
  "minicbor",
  "nix 0.29.0",
  "ockam_core",
+ "ockam_ebpf_prebuilt",
  "ockam_macros",
  "ockam_node",
  "ockam_transport_core",
@@ -8791,13 +8797,6 @@ version = "0.13.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "66fee0b777b0f5ac1c69bb06d361268faafa61cd4682ae064a171c16c433e9e4"
 
-[[package]]
-name = "xtask"
-version = "0.1.0"
-dependencies = [
- "clap",
-]
-
 [[package]]
 name = "yaml-rust"
 version = "0.4.5"
diff --git a/implementations/rust/ockam/ockam_ebpf/.cargo/config.toml b/implementations/rust/ockam/ockam_ebpf/.cargo/config.toml
deleted file mode 100644
index d6b50e798a4..00000000000
--- a/implementations/rust/ockam/ockam_ebpf/.cargo/config.toml
+++ /dev/null
@@ -1,5 +0,0 @@
-[build]
-target = "bpfel-unknown-none"
-
-[unstable]
-build-std = ["core"]
diff --git a/implementations/rust/ockam/ockam_ebpf/CHANGELOG.md b/implementations/rust/ockam/ockam_ebpf/CHANGELOG.md
deleted file mode 100644
index 89518aeb7e1..00000000000
--- a/implementations/rust/ockam/ockam_ebpf/CHANGELOG.md
+++ /dev/null
@@ -1,30 +0,0 @@
-# Changelog
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## 0.1.0 - 2024-10-23
-
-### Added
-
-- Updated dependencies
-
-## 0.1.0 - 2024-10-16
-
-### Added
-
-- Fix ebpf non-contiguous memory access
-- Updated dependencies
-
-## 0.1.0 - 2024-09-23
-
-### Added
-
-- Add `ockam_ebpf`
-- Updated dependencies
-
-## v0.1.0 - 2024-08-21
-### Added
-
- - Initial implementation.
diff --git a/implementations/rust/ockam/ockam_ebpf/Cargo.lock b/implementations/rust/ockam/ockam_ebpf/Cargo.lock
deleted file mode 100644
index e7234cad7e2..00000000000
--- a/implementations/rust/ockam/ockam_ebpf/Cargo.lock
+++ /dev/null
@@ -1,189 +0,0 @@
-# This file is automatically @generated by Cargo.
-# It is not intended for manual editing.
-version = 3
-
-[[package]]
-name = "aya-ebpf"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d8dbaf5409a1a0982e5c9bdc0f499a55fe5ead39fe9c846012053faf0d404f73"
-dependencies = [
- "aya-ebpf-bindings",
- "aya-ebpf-cty",
- "aya-ebpf-macros",
- "rustversion",
-]
-
-[[package]]
-name = "aya-ebpf-bindings"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "783dc1a82a3d71d83286165381dcc1b1d41643f4b110733d135547527c000a9a"
-dependencies = [
- "aya-ebpf-cty",
-]
-
-[[package]]
-name = "aya-ebpf-cty"
-version = "0.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2cce099aaf3abb89f9a1f8594ffe07fa53738ebc2882fac624d10d9ba31a1b10"
-
-[[package]]
-name = "aya-ebpf-macros"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "72f47f7b4a75eb5f1d7ba0fb5628d247b1cf20388658899177875dabdda66865"
-dependencies = [
- "proc-macro-error",
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "aya-log-common"
-version = "0.1.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "befef9fe882e63164a2ba0161874e954648a72b0e1c4b361f532d590638c4eec"
-dependencies = [
- "num_enum",
-]
-
-[[package]]
-name = "aya-log-ebpf"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ae348f459df78a79e5cd5e164b6562b927033b97ca3b033605b341a474f44510"
-dependencies = [
- "aya-ebpf",
- "aya-log-common",
- "aya-log-ebpf-macros",
-]
-
-[[package]]
-name = "aya-log-ebpf-macros"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f6d8251a75f56077db51892041aa6b77c70ef2723845d7a210979700b2f01bc4"
-dependencies = [
- "aya-log-common",
- "aya-log-parser",
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "aya-log-parser"
-version = "0.1.13"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "14b102eb5c88c9aa0b49102d3fbcee08ecb0dfa81014f39b373311de7a7032cb"
-dependencies = [
- "aya-log-common",
-]
-
-[[package]]
-name = "network-types"
-version = "0.0.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e82e9f64c09f56aa7c80c3fa087997bd99a913f91d9c74d36cf5fd75dd5773e6"
-
-[[package]]
-name = "num_enum"
-version = "0.7.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4e613fc340b2220f734a8595782c551f1250e969d87d3be1ae0579e8d4065179"
-dependencies = [
- "num_enum_derive",
-]
-
-[[package]]
-name = "num_enum_derive"
-version = "0.7.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "af1844ef2428cc3e1cb900be36181049ef3d3193c63e43026cfe202983b27a56"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "ockam_ebpf"
-version = "0.1.0"
-dependencies = [
- "aya-ebpf",
- "aya-log-ebpf",
- "network-types",
-]
-
-[[package]]
-name = "proc-macro-error"
-version = "1.0.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c"
-dependencies = [
- "proc-macro-error-attr",
- "proc-macro2",
- "quote",
- "version_check",
-]
-
-[[package]]
-name = "proc-macro-error-attr"
-version = "1.0.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869"
-dependencies = [
- "proc-macro2",
- "quote",
- "version_check",
-]
-
-[[package]]
-name = "proc-macro2"
-version = "1.0.86"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77"
-dependencies = [
- "unicode-ident",
-]
-
-[[package]]
-name = "quote"
-version = "1.0.36"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7"
-dependencies = [
- "proc-macro2",
-]
-
-[[package]]
-name = "rustversion"
-version = "1.0.17"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "955d28af4278de8121b7ebeb796b6a45735dc01436d898801014aced2773a3d6"
-
-[[package]]
-name = "syn"
-version = "2.0.75"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f6af063034fc1935ede7be0122941bafa9bacb949334d090b77ca98b5817c7d9"
-dependencies = [
- "proc-macro2",
- "quote",
- "unicode-ident",
-]
-
-[[package]]
-name = "unicode-ident"
-version = "1.0.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
-
-[[package]]
-name = "version_check"
-version = "0.9.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
diff --git a/implementations/rust/ockam/ockam_ebpf/Cargo.toml b/implementations/rust/ockam/ockam_ebpf/Cargo.toml
deleted file mode 100644
index 7d81b9a2ada..00000000000
--- a/implementations/rust/ockam/ockam_ebpf/Cargo.toml
+++ /dev/null
@@ -1,41 +0,0 @@
-[package]
-name = "ockam_ebpf"
-version = "0.1.0"
-authors = ["Ockam Developers"]
-categories = ["network-programming"]
-edition = "2021"
-homepage = "https://github.com/build-trust/ockam"
-keywords = ["ockam", "crypto", "p2p", "cryptography", "encryption"]
-license = "Apache-2.0"
-publish = true
-readme = "README.md"
-repository = "https://github.com/build-trust/ockam/implementations/rust/ockam/ockam_ebpf"
-rust-version = "1.56.0"
-description = """
-eBPF program used by Ockam TCP Portals
-"""
-
-[dependencies]
-aya-ebpf = "0.1.1"
-aya-log-ebpf = "0.1.1"
-network-types = "0.0.7"
-
-[[bin]]
-name = "ockam_ebpf"
-path = "src/entrypoint.rs"
-
-[profile.dev]
-opt-level = 3
-debug = false
-debug-assertions = false
-overflow-checks = false
-lto = true
-panic = "abort"
-incremental = false
-codegen-units = 1
-rpath = false
-
-[profile.release]
-lto = true
-panic = "abort"
-codegen-units = 1
diff --git a/implementations/rust/ockam/ockam_ebpf/README.md b/implementations/rust/ockam/ockam_ebpf/README.md
deleted file mode 100644
index 14dc81b7545..00000000000
--- a/implementations/rust/ockam/ockam_ebpf/README.md
+++ /dev/null
@@ -1,64 +0,0 @@
-# ockam_ebpf
-
-[![crate][crate-image]][crate-link]
-[![docs][docs-image]][docs-link]
-[![license][license-image]][license-link]
-[![discuss][discuss-image]][discuss-link]
-
-Ockam is a library for building devices that communicate securely, privately
-and trustfully with cloud services and other devices.
-
-This crate contains the eBPF part of Ockam Reliable TCP Portals.
-
-### Build
-
-```bash
-cargo build-ebpf
-```
-
-Building eBPFs have roughly following requirements:
- - Linux
- - Rust nightly
- - Some dependencies to be installed
-
-Because of that crate with the eBPF code is kept out of the workspace.
-Example of a virtual machine to build it can be found in `ubuntu_x86.yaml`.
-
-Using ockam with eBPFs requires:
- - Linux
- - root (CAP_BPF, CAP_NET_RAW, CAP_NET_ADMIN, CAP_SYS_ADMIN)
-
-Example of a virtual machine to run ockam with eBPF can be found in `ubuntu_arm.yaml`.
-
-eBPF is a small architecture-independent object file that is small enough,
-to include it in the repo.
-
-The built eBPF object should be copied to `/implementations/rust/ockam/ockam_ebpf/ockam_ebpf`,
-from where it will be grabbed by `ockam_transport_tcp` crate.
-
-## Usage
-
-Add this to your `Cargo.toml`:
-
-```
-[dependencies]
-ockam_ebpf = "0.1.0"
-```
-
-## License
-
-This code is licensed under the terms of the [Apache License 2.0][license-link].
-
-[main-ockam-crate-link]: https://crates.io/crates/ockam
-
-[crate-image]: https://img.shields.io/crates/v/ockam_ebpf.svg
-[crate-link]: https://crates.io/crates/ockam_ebpf
-
-[docs-image]: https://docs.rs/ockam_ebpf/badge.svg
-[docs-link]: https://docs.rs/ockam_ebpf
-
-[license-image]: https://img.shields.io/badge/License-Apache%202.0-green.svg
-[license-link]: https://github.com/build-trust/ockam/blob/HEAD/LICENSE
-
-[discuss-image]: https://img.shields.io/badge/Discuss-Github%20Discussions-ff70b4.svg
-[discuss-link]: https://github.com/build-trust/ockam/discussions
diff --git a/implementations/rust/ockam/ockam_ebpf/ockam_ebpf b/implementations/rust/ockam/ockam_ebpf/ockam_ebpf
deleted file mode 100644
index 27239acff1a32e467524eb1a426ed279aa1cd9f6..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 69896
zcmeHw4R}=7b>QPiMx<^e<0uHWSq47{k`rOQVL+09YQZo@7z{GP#YuOA1|cMcKV4m6
zq^L<`rvzxz7CWIOakB>J$285hxUG%+b-#@2-A!ql-H>jx%O>82%_doPv)$mdjj`hm
zd;ad5_wIPCd4mK4p7%*}-nsYObMHC#@7(k5yYHi^_4iGmHq9~DH0Kp3i<wZzIrH{x
zXe$M`I<tZDw2;(HpG|jK$WG629Qbn@+?yyIag5R)6X<EvDZFO-bfVK9Qai+NCcvYF
zF^;!2Gu}oary&wK>Q#g~h*LfZ$p>)CXO-jw{PC)pA^FUiD4$;>dgMC`?sD^CIWZnN
zYbzfNuYmA|1l(Y}<hLJ+Q%N|7qu!9tmy?U-=s1@b^+oh?mIHB2spIeiSLRlR`ysp;
zZgrgX6AW*pa4v5!ypF<=dzeoQa2-df!{N0Q&iW1Vsitt0BEOtQzM2`?`a$|k4gNY#
zRf?fr%y1S6i4r#?e|8x|vgxyW$8bA+CWfKFua$tK7&w}X=VbX_3h~Xng9#TbVt7yD
z7wBddRKsPsW<g;P8oH_k(`BT*Rm&My4>8o68P0-w!E_JJ;QT5auAiD2QzXYbIp6fQ
zcDhNY*AvXlmGVHfz8!Aw8Tc9noaSnFx<2$e=_B*B(1F~qL%D0Y*>NEJ9)N!gs&N!G
zP~A_!ISpVAgzFe5I1K>rG&T;nGN1>%P#<_(%gvv{@JFTiR(CK|DdwX)7^)QKqdOR?
z6f@Kv3{{F5>JEk~#TBkQ7^)PvJKe!hrC4y?!BC~RALtH-D#i7qI~b}I*PHHOs8ZZM
zbO%F~x|s^DI~b}Ij~}{&p-Q3FK_49qRjNvGhAPF1(j5#{>K2I?7@JQx>KP^0v3Wj@
z8qqQAod~%@>HdGlct2OXuI7f3Vf8uKu73$ARFcU2@kAv>?=s$~BquQAkxGi*<D&PZ
z=shlaPm12-qW7feJuZ4rir!^>QAyEzT=bq4y~joGNzuEEYbq&vkBi=uqW8GyJt=yR
zi{6u>_qgaiDSD5K-jkyDxad78`i?V1eIq9wyF>KZND#wOVjWvbc(8qY5Q6O+`-8b|
zwDyhj5NcF6K1d?!>NbMd@3AIz^?g469>P}=uKPC$+$eB^zy}1b7r0K~{Q}ntTqAI`
zKyJXgf0f{^3}g2a#PZ<KuB+R999yEUPWd>tR9*ecglD+<J2>9sP*e-`yntf(N4X3&
zRx(`5<pjo_Q7$BaOM48J%l*XIHOl3FqCJMnmHy&Me-S%Ld(vNA=`Ws)Q?B$EPx^~1
z{l%01;!1z<WSnxPzj)GLT<I^K^cPq9i^njNrs9*_d?z@Ff%BLN%W(0X(@<<oQsMj&
zDMH;UeBZ(RdVmf~x>4rKnwirGuW-Ictc)Fj^TKTq(jfY*aGoK4#m`TlrS#?bN$UNY
z&rfeYFX?KYzsmDdd49ry;Y#f<oS$gDQo#Jw0{Q9cm6)w_J<d;eQpx$}MxURQ%XXah
z7%Er#i^ov8V$XSE&$(>JX^)|D*(%c>L*?=UT6+wYi`D|p-wc&2<Ce!zxok&kkD+qK
zzV;XvGk@-c{3@KUQohB{cNt3W&v!8Up@h1cra@Yt;hl~VS$REnrR%Y3S&xBI(ZbW!
zvK|8*Ek9kIXTFPZyFt5@?M|8ZkO^F92hqAL#dvu=EdAJC5BE2cg3!-~mZomKgK^Lw
znx?vODd8D5tDRW@(PXa$W0ZS7MLX&+Lw(fX*h?V&QHJU;+wuA+Lv@%dN*`sY4znSw
zk1|w;IYWJvp*qZVygn-S{9&=@kBU8iSnT<uV$UBId;X}{^M}QrKPvY8VX^0rid}bD
z?D?YtTOZ`|$Jz+uIu$wV*nK`8CwwL0S8cv)l=T>tht^}UcE3ER868V;dER6l)<6{e
zbED03#mpO>po#<Vk0Z}%_{SD0&Dc?z+fU7mY2+ubaM+KkG!VhH1&DFRTnzCHU#EUk
z{QUD{S{wTF57aZwKV^R)>HF&Y1M|#3;s-3Rx5R!d`vawY%DhvgzZ=(EOMp`${=ltB
zcO9>{Hj&2o=SG`{l;saB_4Sr=<++E)P`PY}YmcFF*-qCUL*>eI5s#sA(b|Ug=rL68
zy98&b+<z`OL**_IoS|}Kf-_X^Lctj-_cp;9D%Ta9p>h`q&QQ6F1!t(-cMHz27(3xZ
zz@fr<?dQm-2l^>Y%}y0Bcb$y*W%0Qvmhhfc{|CvO;_ZO{OZk-TfU@5e+mS9m7eqDC
zx}Mgb(9c5aPhR%Gb73L_zbCIduh-|^Xb0fPSco043+b+7J7AcrjDE{@0Q+h5HS)V&
zZ9AZtd3XR?N`*6<=Ew9q*q+F&;zqO|CS|l>Ms7cT8AF2MsM(R*Pg3~E{bM=t=-(N+
z{S<|#=dhiVVe`Y;55o!ZoqvYY1;UB%{IksW_VYRM#CQHV3P-;ru9*5-;0G?%%+GiG
z<T>|CkPq_PIsY~0^E8psK9kqpWFJxHQKs7h>EX{AnSY4VzXZz>D&J?unV-<1JfJEk
zOFx<u4?}Dq{s_hI2Vs!^7J(zbag4%ioR^WEqc9S#k@*)W{4@#=SJ!Vu+ZQ$Rwu{2|
zuPZS9@NvfVC}rcEhJ45`QufQEdSJfeb~I`Gq{J_;1AcaBy7~R{qp}_t<>xn8KUi^P
z|HvfyM@Ad5n(6ry_RF{OeyJGBFVCaVPQoV?y0Hy@K|g@wkfR&LPY?J<2w#cOjvi&N
zgC5-|_y&Ow2wX34oxuAAt`)dO;A(+MfvW_zGBo?9V7MyQPfv{Gr)(GDEC%)W7O{(L
z|448@9X@(E4fFbME#UD0;Q>$&?kmg4d|OlbeH<p71&8q$)=dzO>4u-?d9>;=3U-E1
z@I0OQB;&{jSKJxkk5|p??+~9V;WPYsPM_iK<WxP*bohJ>FTId&5XUETdLc{%a3N0p
zU?HKjFA%yW?T<UgLG*jI+c}o&r=Y(DPe{2yZhS&$%a^O)G1iL|-qtIQLrx6%evJ7J
zpJ2N%SHFK8*6-&;zqrVS>&^6wnholg#=(V{ajw2m&ettDG2@JtPp+I#MwFB7+*~=I
zC~-MI5>d{xmr>8Ta_%c}Inxp4<n>OjoDWZ$oOgmA^`y7k)e+_7^%2U6>%8pvcUM@>
zDH#8r!iFT*^)vqQn<rHTkAJ-0&TU6kVf~ie`1dm!Pz#syRGx9+C(Ospqa`Qj-$j)3
zWF9%cRpN5~MMOD|=aF-4(&U_)@$d7I<m@}a{-)gV@5!*75yn5-k5qvD_eC@K0i5db
z5AC2=7KH6RG<7Go_dXO!pTj5EFP5uMRkS|IpHhH6zdVKdMEzZ|^oL81iS@TBqW+Hf
z{VqHoubp!JJzJ9cyFH@*4&~7w8(PJz=L&6q&zGeBrbpBt`@>EDt#Mw1mJjQ(Q5J6a
z#6{9?6)$gTeTy-{^>38*8LpMl5GwR}h`$ae?|63qVukYqDrfNh<2QS5P~+T8dYOE`
z{ohhK%6@y^zi`#wZ!Y`ou^am5H(c}goXdWDst@#sEyQ|>;J1I0=vPwu>&b8b=Tu_;
znQD7hUE}wh%ljI6|AF=x+J1X`Ut`dZKL||({rH~%dm8O(glKPs{rEp33nS>q$8@&8
zd162Q_lQq1cHfQd$LAU;+`p60kN<pFza{72d78^tu)i*!AOF)OF6V)Wa-Q|qN#W;S
zzgFUM_C}O5pC5ngq{%roeynv7<;>^D=Yz$ja{PPh8qWJTe-!r|b3sJ?=JVsfbJE(;
z)I7(W9#PIydB%lTsh0hARC43|54d~<kMsHb_%D^XoM$4+na_`(nKU`4X8ilZNOI=)
z<3Ami^DXPge>9Rl^ZW6Kiq>bLe$>+R<G(MW{_^?p+oxQArRm4#4L60aH}d)M>!w_P
zrRm4Vr*+_mFL-{l{rF@Cz~1DW{vYx&>t;Qd`O>~E2;bQx=S1Mk25|L&eFcBc7Wlav
zV9oRe80@6GxE=3@aO8~pp7F}`GsJT>@Cu%vfqWX4v*W&xVnH5BXU<j4Fk7c#)vIKO
zpnZoqG|XX!=DfH4;8&}L7~IE?r^;2yelDL5H_5|=<qOd*<nW9YZ}@HjzQoUEy2aC`
z5pLqmzOns~FY-0{;%Rf}zt}mK^;hA1>lNfs?0WzibUwgUGwbWbM;|0bWcUBig$&_B
z{otKmLa39$&5m&4`xfw5J|{KmIjM8!lm7IQ>^VEAM?H5Qg=0I%n$UCQe1wCt|No%1
z|9@^R(PyL|mCsAXQ$k>$L!sxTF1dr~^}$Ah*v@eT&`WTY1mjAeonzO3E1Z{#ElM{%
zh~m?J|Mw8y=Hs{@K{sXh|Nj}`D=A(d+$2!;{~wh7{|9CN|3TURe{h}9$^QR?YXx5;
zaJ9gsz*PcU87{e(Al4V{dtTD+<FqekNs8&_{xZRgA`m(+l~-UKUVe^%vkcVhHQN6l
zte>4w4xG=9f(d~2i_rJmvl#*V=70KAEbjubQ)WRprZeMU)e{(t_6PfuGaq9d`TPRh
zX7};`J@GO2jwwggqfC$a<5ldw158i*!XINk_?`fcFLpk;@_n1jb(quHa*-Vs1Nr5>
zg5eXEKN&kITs4*7EK&Ks5>Y<OkL=6$T#3r}bVT_q|FJLMr>|JPg8U|t+vmq4%4hkF
zefd5dS-wJ_mp#Q@fPSy`_>TRa{KWyi(t9s551H{Lx8MJ2M7>)6VqdSDBI}jx`@sIk
zg8ak*`3f7??u{s)<tO&#TT!C&xe?{F{KLL{^Gj5|SrO&4{KCF`KmRA}m{&6IPR+RX
zBQ95g^KOnm*q85nk>xAt{oH|mjwaZ|_REWr^qAuZ_VxHeWIdLY|2LpF6lr3;JsDAN
zmjBn++Y?i!w`Z~A$~D>ZD$bj<|2?wa1|#at^85OF+c{-=d)_DwVCm@Xfrxsu{k<tp
ze}ske+cz2$a9!#832i;HE7HVn;_rRn<}J94Ke)nar1E9ht>&a3XFoyuci9h->0$a=
zkkQ-W_8#>$3OJ2}F<f0AjCQVy|GlYBXvlD({OAHMe{bq$(#NEqqZ0LdQ=Q^R?PNb{
z`Fm5?>d{}yep6lS_og}<i4V4S?5}U-^HWfxW*>IJ-<#?bziFrVO*=P`K6R(~O*_SJ
z+9`h1PVt*|t`)j90#^$ZziH<x!CM)cb5me^CckO<dsCzrHPQE`9w)Mi=O1kRaOHe&
zYMYFIU3`udo^OgK$3~aP;d`If_oliy9G|b<2Dc5j@`UPtZ>s3|>9fR0m**!^@U{OQ
zVhxo;=b4wv=X;gsCu|^-^}SDgZa~lXqJD4cI-H--KV+`SUT>A!_Yh0{J)uky^Cv#f
z^S?J$^n910Cg9I^F#FMZtbDE|>1EQ_V}*Wi%AW56=U|fm&U|MP#w)zg4#Jb~Z?x~z
zPP+chIt=Vkv@{F;-W2#huwR%<4e^~mz)%gb{i*r&A4d(rLJux|fT0@ViqZ!dsv$On
z^#O)z2x}GT8LA=f(E0#FH3S8qc!p|-9dh~rLp6k6XH3sf4dK%?#2Km~e5#K)Lp8+q
zwmu**>i4Fu)_hm~-W1ncp6~t^GjDVPM{Ks}@;eRx*dmX@KVGICWgcT3_si{p+bsYu
z1H}ELIPWwpGV85ZFxXK8_{((YDOn7!yD)U7VGA$bU-%>9@6S(A4w|20oImaZ#JlqM
z>3Q8e_1~v2ug9Rdfj^M-t*7ey^k$xd_KyAMt?VzXNBIj_kDWz2^Bsz-H9t+FzwjTS
z{N^gJ$Eryc*J{7z)&35}MCUe4_4lZhyF~QOP`P!2Gc3l=_%+~A;r!(1$Y|s<7ik_(
zck?+F=6#k7c5b+Ee=2&iGTRAtsy@Xq-O29(;Cm_PkH2RnKZhB4+Xdn`^8WJ#(N4Jy
z;)kE%e9UuJv~y6Rhv1DF08U!T^UX*2d4c_WGt-4syq+R{Uts>j$2q^OpZOfo6>Ha+
z^Sf%CZ;*cS+BabClYP@q*_FTde5K!ep742S9{Z;Mom2t3AH9RnPN_9PI{`@R?j!}n
zxlasLlI>F+XQ+~#K*t%XB(DQ?oS{nMED!V7Tje`jW&4KeJICML-{yzo%0BoViSHA>
zlH&E%wr`->((}+f-+RXA+UU8^F?pYao3n%Cb_aylLi`*0n-e4s?DvuWl92x5azD`t
zhRT)xl92x5N`FZ(^!?2V@t>G;sS@HpabX~ZOD7mA7qyExL*=sHL?;+3SNtal@t?Tj
zKS_xH#5@m8$a72cz0HKI!(4tYqZ9Ic#^rfSCm1SM?3)Bb<=!IYVW?d8Ht7UI<=!gs
z43&$uf#qkYTp70#43#V6Rf3^%Wj{xPVTBW?_fM;Sm)JO&Z47ZdLyiq|xE?B;ho}Os
ze4hIW<yW5Pr2VAC@75vhXR^PaRG#OkL0|Lp7t8Y;)dS9Rt#IeB<KJYS`+K6he&@MO
zJam%W{yM%q&xt;+?mXwO;}dMR``?vL@P=3ayV40>XZqijPVhcR|GUx&wDQ64XTB?)
zu)Zsu;B~FPj!!HQ`WQi-VCb*o6ALB&Hi>8Ge^)x;O8g>;XXt-dI<Z*d-!1VB{dIf-
zSG`!?I*DhfTwZYN1ViQCF7XVN`yRm=D)+sDGgNMa;0%?!RB(pMy+d$@%54;!p>jRJ
z87h|-Ogh0(xyvM;p>nz7=mbOME|++Q%3UEiL*+IJ&QQ6{f-_WZi{K2E%T}pQFjVec
z63<Y%cMHx?x%UXpP`PaH>I6gO-YfA8(e4diwJ;9i`4lEB!{#gPhx;T1RybdO9pj9D
zqgcDkyuX_n=A3FOUnIV|mkWf?P0+H`wLDm%{f>8<n~7uI2QHsqA@+OJ^DAn3JkfP*
zf9pCPfBbVRYS~WLy|UlBm+f+_2VCLkIv$_QcU5OW<@^$at0erurMde6&h@7~hQ6Oc
zzUS)u89d~Q>AAsakD*HPdP#e-Zc6fcNqe$xO3J#)lXX*)*Gt-CsFJd7@?_nVly#FQ
z>!u{zyV^XzOp4v>iQQ|Sqj<7zO0vGSCwe#gu02^dnR6@5d-zG2PdtXGU*x1~WgP0|
zaR<XuVqMGQRIq)cD&Gp{R^W)Kn;(Q<fOTyIvAtnU>bm=U{M&@DBwY7y61Y*|27wO<
zTrY5)!21QR6}U#=YJuE<b?+*{TN&2!c!~9d>rY+VPT`1SOVqU~AIFxeYsJs-C<TYk
zt#}utF_&+DVI{-m`x#7sF@6TqUyPr@^cUl2F#W}~`it>1nEqn?45q&rKZEHn#?N5-
zi}5p<{$l(LroR|JgXu5E&tUqC@iUnIV*CuIzZgG*=`Y65ApOPnGk7=~pnllDpgo4Z
zpTWag!FU<BJchoX!Q*kx_cM4rp858dXW3sKk8i&H<?(pw+h3k#e|b3iVg77)Y0t91
z3OxVXx4*oF!tXYM+GFV3U!E)RizJ?*Z-04<CH~zK&(OEOJj?#_>V%%{F6}Y&?Jv)=
zzdXzS@+|wyv+OUA$2H&n@+|wyv+OUAJA`k4d6xa<S@xI5_E&H|Is_8o_%XB~d;Um`
z^W4u+P_uue3gYoXzY@}$^Uln<TKIlHY6jmgL;I)T=S;s2#7Mu7VTJPr&X<R`!1vOR
zldY8rghQ6_eQ<uS+&n)D##d52zgKV0OWzM;3bx>p`Fx&0Fr4{~Q$EIS3&u0QGZf#K
zW`&H%_t;e*&wG7omZRwJuRqS|w?H}J&;S0qIrqfyHTfDnqg+^`Y`Rg_m+-^*nW1=o
zpLRb?_n6NXfg_(eM(JvZ8}w6*gzH_kV>DnE{yiAhPd5EmDWGUOn9UYAzik_}58cE3
zPeb|0{+-JO_3dBowxM&a&~oCh4U$OoQ{HEZtsds#4u&dqi{Jv~{5I4x>M!rPZ9P2B
z>mHsjg6F-_Ja5i#)5N~K&$UDB;MAMzAN_4)2RDfw+|x)3#Bl7-x=HNdLD4G&dT?6{
zN@q)e!{u?gqcIU&s-63bp2<+PbAQq^rQfz=Z3F+A3{^WP)H4~Xb{Y;Ko}p?->kjD|
zs&?+MdL~2Fj-w~WGgR#`;1JGGwaa>ArmQ#GWxX+zp=y`)#!QB|fAQ^@e$9i#2XWMd
zUeo5|n3G;}AK`k*Dh>zn(1W0ttmN>XO#;O(?%5!?*u_0!7x#!=+#_~z&sw2dBXG6A
zq`+2&P4^PSaf$5VCG9?rn$iWF-*%3xh|=BYcCgv+f$QWnNQ`=WYC+I0dHOX}M24H0
zGYcTn`R9gh!&t|82L3Ufv2!xqjI-Za=4J@zh8-h*RlSrf=iCa+AFtrKXw)AA=Lb=}
zE@V0^H)e(Yq94M&xo)(2L%m!C{VsTnCB*aIa3nMJmviou)K|?-A7p)hoYUF$hU1zO
z1HN4xZ|qF8FL5L={;-<LbmV%&>WKWE^MHIf^5vC}hcP&>Zv&U>Fqhw#?+M0z`Orv)
zYxo4)lezMxn9nh$v-5qUc6oK=i$|1??de?k>Pu9<cSe+t*Acn${o)nNcPCW+gx@od
z+&*7>6<d_~?!-jxGyl0yFEgJA?Gr75VE@ZEZa#$tl<R7bo7k_4JJ0SLk@RZL>&$I8
zUyZEStJClQG@^XG?#`9(OC>7b??sf4{SLYE{dS4UHxf}k_P6B9H*m%BP0hHrHKKgy
zF5?h`@}WN{YghbAWckpvDP&yxB4#MpRF7*oj=f^pXK13>b_B|g&oMK;{jwsW9*^bG
zV?$&;lAoXeyZXyUi2x^CkEple&Sk5Ls5kb%<+i_@rc7_omZaV;T*6`%YL5(`IFzTo
zeV6$}uty4QZ_k&c-u@z@-q;^(+FOnD0;fO1!ujI@8WV6`>G}d~JzOuD_ai3UKOz3B
z?0I&dr}ClS5wEWK(axtEdD~fPCpFG@$U$|Q**L?0z~Oo}bac3U|M5J|2<0Yws-6>M
zWSv&tKY`vh7;mHQpO`nF()s@5dGmZ6Ye3JF=a93-e>_|K$MyUi64OyXomWfgg7rcB
zC{h#*{%eLR#r3E=7^)Q4v+iK1QtSxQ9Sl_pTPc*IgP}@Ma{-*8O0nZYcQ8~bY}rW9
zP^H+BG+F1?O!hemzW=yI{KvB!sr<hGxCOnYU>AIf0PXXCtN4$xCF-@7|9EX1DFXe;
zShITVeT3`!RU8h@2zLnT`jtM8H@aT@$o1k!t`|RYz4(#q#gAMse&l-bBiFAbKDvI5
zz|{hi0$Ulj+)EJ0Ct5exxBED@OkK|%LC=%@6pvGMXg`H{mWeTwZ8!PvZJ7N><^2>?
z0lL8b6!_lcE=XaX=VCp7YC+cTowd)W(ZGcL7vs%$F--d5r+I!e-vu%LZ=CnT{?kh|
z;F)vDhd<BhGTf{k<G+0)I{-)QLe@K9;vtyyP;PHf0jRf0+P{PKasliAF=FeW{~c#Y
zyZ&<5cQ0_gALev+d&%`rU$~5vx$Wmvxcz)i+7C`1aJ^ak!DbO`KR5$L_H$bK<jVQ`
z5#`M1hyP@W%lXlWa^~~LKT_gyZi^^qKEM3?CQZ(w{8$sVTQ*3|dU&G#ncqKucUaB{
z<2zcm!Txz&`RT3sD|cL&7qK0k&olm2hxJ=><KOGFz$vsH4WBrbN6vp>KF6R@z%^WQ
za(*|Woca9r|GC8Fd@-V&`TX}UOq!fiGyZ)cqMZ5s_`e^PGs5^s>!||#&|l;(LBCUN
z-=e+uie>M?lA!>5ZzQ5V^ZD}!iq<DCSPGd>u8CiN!uf(7MTL)}NBnV=>~VGv!9Jt=
zr(A!}PGNh*_V<R*MJCkWdm^^KeE$90rd)s5#LqvW{$@nfpY7-W8Ppv5P=849%Khmt
zGavc|d%*b9>p39DpALCXgMW>K6<k68EeclNk6lH2(FN`Y)`j}h>&2g5FaGq|Wq&#<
z`by8$%<-q!m;LFeSM-<Td{?MH9qDOYSi1_7LpmM^uLnQ+6IgJ$rrPdPWj{J;I-eii
z{~q?^Tp?(uyzzIm=hFm*{TJhde)FA>)b_LF_nY5Be9C@vp3wdCwXT!*UW@me{|)u}
z!q)-${N{hfd`i}z@?1nY^ZCucT;g&bizsJ4zxnT!xSS&q<;>?dADA>br^avefk<-Z
z_nSWymNSCi=*IS&$0O-C|Ni#+uzpL<pIj4B&U}9Jn@e2IOJpz=KA+|DoBx>kl<a)=
zorrSg^PB(8q{%ro<KI^z%9+n^{#;nj2;<+4<u~UIafSDfe17xaELxw}x8EFhGiCR6
z+v}^`eJ1(*=3P^+ztZ%Zua2m{e17x0rd)re={M(dh6?Y$w%;6gJwW?CLIC!$pQYzI
zRWz$#{r&O&{yf_K2m7(0Sh#-`{p~dF&gJzu^(zS9*(B#E3~>4JxD<3;Y=NJ<0oF{9
zQH0r_pT4!7@cj^vBAVv}nSKf;{~q3%{rR(?9LTR>ITxsp$sD5}JTDyiWSFhfu<BLP
zAFjVKreO{cz?Hd`fU_U`GSzUq1rl8b$|~6><I~L%I!GU)Tgc%VE8g(k0(^;|%XEvU
zO(WdIXC$BfkT3Ez`94GCxO{o%T-IY>7skT50>tm~<(H(qX>~J&oBUsr@>NNG_}&2K
z@5?RU1;`{QnX@0%K=KG(Rg%LSCYjF8uS)XA^MqoMrP2EqC=cmtC6@!wGeF$0heGSC
zP&%vLOgX9+a{flI*e<Dlg#H=8@x3*p@15`F`l)a}@Dof4#isU&kX}SVDA$|CVPB$_
z8DkzM4MGez|G{v)-`lk_y?bl-w*DP=-r2Qx_wK!W^g!1ge7AH!cdT369^12bPb@Xq
z+dbf8Yug`55Yo5jk@T*<?J*39wRNYr3(*^d$98q^=^5;e?btgI+nj6<B?nwmo9Lyn
zj!nrsWABZv?$~^146yfYh{aYW*TrJ@t%bWy9h+ktAKJV=wRveQxpBj<q&96{yI~FT
zjkN<+YIAJ!#u#SNo?0CYC8nXQ10@fZaAR`a$_J8r_wCxgXUSl!f8VZM#HN=-jP>mq
z+#BoKyJxVkXW!m^I<~ue_uhfwrLok&K+I3n(>)kWlio4dJwTlL_VmR12J<mlyTO)<
z$`Xt9r@M9nOUN0-6#cw`4w%}=E@?$6Bz|rNVYS&!B!qtg`uj}hWf~Jh5rE8)v$ulb
ze+k3vG#cqSRJwulfP@<y&nCg^KS4u9`UQ;ASvh$7O~@C+aSehOKC{7VozOQhN@ot?
z?RKHxB;iX0-YVh4f}4C^gnl{AK~D%@F@e7Yoo;$Su1*QZWg~_gyjQ{%@wv&7Wu?#Y
ze+m5=p&Jz#6Z)qFHzoL2q93zY2m3c(izM9aIRTWeFNq$EO=!YzlW=3}nDCRLhd-C}
z3kBXK;V%hp^!&f2oc}1{^#a=@d=m{=j?*gPpO$cQ7UpsZzf1JlCiLee{81^VIWvgg
z+H#y%r99?L8q-dGCiLdr5Pmz$arTLR%pQJzOAGcOL4MeNo{)TvT$ufgK>L*95SZcD
zUN#i@&7qTWIIRDJ3_k(j7TB%O%qX3ei?`b)e6tn)VF{ODpMJN5vlYl^?jnr~|Cq1I
zukuk0<+G&bOrP%5fxhu-rC*d4=pkH=TXr6n@YNDNF7&27wg=MP2KOfeIQEf4P!D(^
zU&Q4YEgx@_28!`m){6lg`L#*IHtFlwJn_?C#FsqaGVzC`q7A?E0UY@?O9L_Vv0Es)
zpZ=T-EGB+j=5@ob^Bq}w<Tn<;QNClm{lMqfDGki<yTIENC?4hQl?uan<ToC`k>7Fr
zfy<=tT^PpukqKNFkGIDbA;vh~_AVxr;*tN^0FJE3>ay{OkKUfeV{m)wy^N#Ur^Ejx
z3-4{<cvHS=e7ONGL;tXaU$XF4eofD(KX2i6jbVOgEWBFmS(D!>3%_LHy>aH}mv>p1
z|HBr3$--L`VfynHUMB;VDbE=TuU-*Of6BryS$J<#xV&bdF#OwO;4t`@;6}dImT-QD
zEc}w-hJI8gO2hArg*Wr^+Ha5Jf*bnEyTkd73Xc4-eVz^A*c4-Y9KGK@4+U^+kNvIi
z1D7dZ^QtgDgaZ>?CjW5@Z%lE#Nq<goLm#`3;|)G;;gxH`@h2_(qJ<x63)7#o@S(Ng
z_;Cwwyr1L!@(OOs7h7kgxA4mK;rNple$m2@JP@WoXW>H|!tvu4-nfzDO?l4<ZpvFN
z6NJG>1vm7S4~F@-Tll!(hQ3V<GsEwQh0{m7fTf{7)Dh-?*24QA%9fwT#{f>_qfCH?
z-{||Z^cdgxFT(tXEWG+(hT|W$@QW7S{DCn2Sqrb-8je3@;g>ADvy<sf`76`m^z9aY
z!NME2h3U^&cy(7e{-lLpwD3dQ!}Mn@yt$j>O?l4>ZtA;sM>zec;D)}kCmi2y;bVdu
z`qths{UHm#D7c{?>I>74TX^#aIUea<_#Y48*uH9aX5+E_T-qJR$M=TuvHmQM{5n+@
zM}A`g9Qhp^%*G?$`A8VQv_Fd@zxJUlj{Hsra7=$>BpZ)-+lRw=<43YM^1B$okzd<K
zv+<a|?y)d_@nd29*vGRt@;h@dizC0fLs=a8RsLoeKl_O=e(JZgIHs@uoh**&FFqc|
z$37Xx&-`8%$MV!2%i_rINB~EE{ZD4&5pVu%7(aEKanqhJSh#Z{OON^0KApuE!R`3~
zz8LVv&t>DOJOLc@ANpc89`V+bVZ7}R7&qlPV&RtrH|^i~!!UiDg`c<Zx-W<6$1S|_
zUx(w5TlfVFAN`{+{TT~y{9}$c<vl03kuP>CoPNy0ooB=G$1ME3g%ABnn10;CAO6#D
z{BaAf{4<U><vlLADenafZ+|XKe@<{iAA3HW-yy*b|LW7>_=hcgTyR6*HWsEoV&Ro9
zWXpr?wKITYdpsM!vHgwxn=C!zhrSZVTgMqU@*J}8OM;v7jlLMBKV#v&|27<d%EH_K
zT{!-jg*X5EaQvu+$G#el@3ruAg8SwD%P{>J3-3J>jz4AL?SB=HKW5?0Ukk^NT6pZQ
z!|}Zqeok;x-u|zL>BlU*?muw6p+6<KslQ7W-uoZJ^cMv;^v&N0=XX+Y!@u!tIDW{&
zPYI6n*#2VQWO|dn@^8cV*>8pMq5s0TDbKitH=YaAkNwv$z4Prbe%!(@Soopugz3*(
zc>hb`_%REA_`ikYk6U>4-*LQ=e@t*ApYvTSy@g+}@I&Xr^k*%+|G$Uh$1MEe?}g)!
zTX^;V;CNHslY*P_UbOJe?}zCx2yW;be_-V&xZz*-!*G1Rg`XGP(D(k&F#RbDue*>f
zkBhh9;_vDoc9sry4-F!sy9edr3ApnIy0tcsQW)8t?$^%Jf$m*hyV6?s?da<sz*M{U
zKGN+h)q?|r>1_aqcM}}gyFERac2>S`<<|8Z*K|1S)!*8_ant6l53Fo=$YY;Hg>LJr
zhwgK>zJEiaW$U8#n-}eCUbHXXxG1d|45zp5+S{{Lp5!duGSD~Jy?O7deLEJd*}Q1^
zenh>d-fb=MW!>AFSHyR8FHf{|?MNZR<&DhHTTukZmK`frY+JsgrD=P5*^X|nImoeZ
zMWP6f&58K7<;xnIx2;&_b+>p;#IY$sWlURQuI|(QyVApL@PMX>oLX9%mNj>!SF|)X
zuW0N}$5T!ko_#HCY3_=5r<)pAv@GAzwSC(PuWMP?vZnO5<xTO#ita>Wsn=2<VWD(h
zbAb#CrSqB!WLPMjx1vCXh0=M;3uL(5bToKo*{~zsm1x=4w0t>KTspoyQ6LZam{4Ig
zTPR(8S%D1UvqpvGybMMU8Wxsz>A_|30#n5cC4|o{6;_Ud>AV6N!iS#<%ehdxcw?aq
z3ngsivHwbb*F)kNZ@}POCC)&O^W%zeB!_0hD&ZExZpsGHU8~^cd5noh`ry?9$Qz|U
zBZV6JQIML?j0=V=2V^$<w*~{@e(aw(Aa*N5%okaj{Hr<GK^0>Dwhmf<%mn>HXTVHz
zBM{whn0~qyeoE5+14afe3x)5saQZm`8od47%N!76;QyNRCVVr**m)!I8A*Rp1jBR-
M;orz#i$rk!f4!F0+yDRo

diff --git a/implementations/rust/ockam/ockam_ebpf/rust-toolchain.toml b/implementations/rust/ockam/ockam_ebpf/rust-toolchain.toml
deleted file mode 100644
index 24ce3918366..00000000000
--- a/implementations/rust/ockam/ockam_ebpf/rust-toolchain.toml
+++ /dev/null
@@ -1,13 +0,0 @@
-[toolchain]
-channel = "nightly"
-# The source code of rustc, provided by the rust-src component, is needed for
-# building eBPF programs.
-components = [
-    "cargo",
-    "clippy",
-    "rust-docs",
-    "rust-src",
-    "rust-std",
-    "rustc",
-    "rustfmt",
-]
diff --git a/implementations/rust/ockam/ockam_ebpf/src/checksum.rs b/implementations/rust/ockam/ockam_ebpf/src/checksum.rs
deleted file mode 100644
index 15d29a4d8ff..00000000000
--- a/implementations/rust/ockam/ockam_ebpf/src/checksum.rs
+++ /dev/null
@@ -1,37 +0,0 @@
-use crate::checksum_helpers::{checksum, checksum_update_word};
-use aya_ebpf::programs::TcContext;
-use network_types::ip::Ipv4Hdr;
-use network_types::tcp::TcpHdr;
-
-#[inline(always)]
-pub fn iph_update_csum(ctx: &TcContext, ipv4hdr: *mut Ipv4Hdr) {
-    unsafe {
-        let len = (*ipv4hdr).ihl() as usize * 4;
-
-        (*ipv4hdr).check = 0;
-
-        let check = checksum(ipv4hdr as usize, len, ctx.data_end());
-
-        (*ipv4hdr).check = check;
-    }
-}
-
-#[inline(always)]
-pub fn tcph_update_csum(ipv4hdr: *const Ipv4Hdr, tcphdr: *mut TcpHdr) {
-    // TODO: Theoretically, removing all big endian conversions will yield the same result.
-
-    unsafe {
-        // User-space code calculates checksum using 0.0.0.0 as src IP,  because it's not known
-        // at that moment. Here we will update the checksum in respect to the actual src IP value.
-        let original_check = u16::from_be((*tcphdr).check);
-
-        let actual_ip = (*ipv4hdr).src_addr;
-        let actual_ip_word1 = u16::from_be((actual_ip & 0xffff) as u16);
-        let actual_ip_word2 = u16::from_be((actual_ip >> 16) as u16);
-
-        let check = checksum_update_word(original_check, 0, actual_ip_word1);
-        let check = checksum_update_word(check, 0, actual_ip_word2);
-
-        (*tcphdr).check = check.to_be();
-    }
-}
diff --git a/implementations/rust/ockam/ockam_ebpf/src/checksum_helpers.rs b/implementations/rust/ockam/ockam_ebpf/src/checksum_helpers.rs
deleted file mode 100644
index 2d306e78180..00000000000
--- a/implementations/rust/ockam/ockam_ebpf/src/checksum_helpers.rs
+++ /dev/null
@@ -1,45 +0,0 @@
-/// Compute Internet checksum according to RFC 1071.
-pub fn checksum(packet: usize, size: usize, end: usize) -> u16 {
-    fold(sum(packet, size, end))
-}
-
-/// Checksum update according to RFC 1624.
-pub fn checksum_update_word(original_check: u16, old_word: u16, new_word: u16) -> u16 {
-    let mut csum = (!original_check) as u64;
-    csum += (!old_word) as u64;
-    csum += new_word as u64;
-
-    fold(csum)
-}
-
-/// Converts a checksum into u16 according to 1's complement addition
-fn fold(mut csum: u64) -> u16 {
-    for _i in 0..4 {
-        if (csum >> 16) > 0 {
-            csum = (csum & 0xffff) + (csum >> 16);
-        }
-    }
-    !(csum as u16)
-}
-
-/// Simple u16 sum for arbitrary data.
-///  WARNING: The data length should a multiple of 2.
-fn sum(ptr: usize, size: usize, end: usize) -> u64 {
-    let mut res = 0u64;
-
-    let mut p = ptr;
-
-    for _ in 0..size / 2 {
-        // we could check the sizing once even before calling this function and omit this check,
-        // but it seems like verifier is not clever enough to deduct that it's valid
-        // TODO: Check if #[repr(packed)] would help
-        if p + 2 > end {
-            break;
-        }
-
-        res += unsafe { *(p as *const u16) } as u64;
-        p += 2;
-    }
-
-    res
-}
diff --git a/implementations/rust/ockam/ockam_ebpf/src/common.rs b/implementations/rust/ockam/ockam_ebpf/src/common.rs
deleted file mode 100644
index 67f5ed80356..00000000000
--- a/implementations/rust/ockam/ockam_ebpf/src/common.rs
+++ /dev/null
@@ -1,345 +0,0 @@
-use core::cmp::PartialEq;
-use core::mem;
-
-use network_types::eth::{EthHdr, EtherType};
-use network_types::ip::{IpProto, Ipv4Hdr};
-use network_types::tcp::TcpHdr;
-
-use aya_ebpf::bindings::TC_ACT_PIPE;
-use aya_ebpf::macros::map;
-use aya_ebpf::maps::HashMap;
-use aya_ebpf::programs::TcContext;
-use aya_log_ebpf::{error, trace, warn};
-
-use crate::conversion::{convert_ockam_to_tcp, convert_tcp_to_ockam};
-
-pub type Proto = u8;
-
-pub type Port = u16;
-
-// TODO: May want to switch to `HashMap::pinned` for efficiency (to share eBPFs)
-// TODO: Split Inlet port map into inlet ingress and inlet egress maps for performance
-//  (and the same for outlets)
-
-/// Ports that we run inlets on
-#[map]
-static INLET_PORT_MAP: HashMap<Port, Proto> = HashMap::with_max_entries(1024, 0);
-
-/// Ports that we assigned for currently running connections
-#[map]
-static OUTLET_PORT_MAP: HashMap<Port, Proto> = HashMap::with_max_entries(1024, 0);
-
-#[derive(PartialEq)]
-pub enum Direction {
-    Ingress,
-    Egress,
-}
-
-#[inline(always)]
-pub fn try_handle(ctx: &TcContext, direction: Direction) -> Result<i32, i32> {
-    let ethhdr = match ptr_at::<EthHdr>(ctx, 0) {
-        None => {
-            // Can it happen?
-            warn!(ctx, "SKIP non Ether");
-            return Ok(TC_ACT_PIPE);
-        }
-        Some(ethhdr) => ethhdr,
-    };
-
-    if unsafe { (*ethhdr).ether_type } != EtherType::Ipv4 {
-        trace!(ctx, "SKIP non IPv4");
-        return Ok(TC_ACT_PIPE);
-    }
-
-    let ipv4hdr = match ptr_at::<Ipv4Hdr>(ctx, EthHdr::LEN) {
-        None => {
-            // Should not happen
-            error!(ctx, "SKIP invalid IPv4 Header");
-            return Ok(TC_ACT_PIPE);
-        }
-        Some(ipv4hdr) => ipv4hdr,
-    };
-    let ipv4hdr_stack = unsafe { *ipv4hdr };
-
-    if direction == Direction::Ingress && ipv4hdr_stack.proto == IpProto::Tcp {
-        return handle_ingress_tcp_protocol(ctx, ipv4hdr);
-    }
-
-    if direction == Direction::Egress && is_ockam_proto(ipv4hdr_stack.proto as Proto) {
-        return handle_egress_ockam_protocol(ctx, ipv4hdr);
-    }
-
-    Ok(TC_ACT_PIPE)
-}
-
-#[inline(always)]
-fn is_ockam_proto(proto: Proto) -> bool {
-    // 146 to 252 are protocol values to be used for custom protocols on top of IPv4.
-    // Each ockam node with eBPF portals will generate a random value for itself to minimize risk
-    // of intersection with other nodes. Such intersection would not break anything, but decrease
-    // performance, as such nodes will receive a copy of packet dedicated for other nodes
-    // and discard them.
-    // The fact that protocol value is within this range doesn't guarantee that the packet is
-    // OCKAM protocol packet, but allows to early skip packets that are definitely not OCKAM
-    // protocol
-    proto >= 146 && proto <= 252
-}
-
-#[inline(always)]
-fn handle_ingress_tcp_protocol(ctx: &TcContext, ipv4hdr: *mut Ipv4Hdr) -> Result<i32, i32> {
-    let ipv4hdr_stack = unsafe { *ipv4hdr };
-    let ipv4hdr_ihl = ipv4hdr_stack.ihl();
-
-    // IPv4 header length must be between 20 and 60 bytes.
-    if ipv4hdr_ihl < 5 || ipv4hdr_ihl > 15 {
-        error!(ctx, "SKIP invalid IPv4 Header length for TCP");
-        return Ok(TC_ACT_PIPE);
-    }
-    let ipv4hdr_len = ipv4hdr_ihl as usize * 4;
-
-    let src_ip = ipv4hdr_stack.src_addr();
-    let dst_ip = ipv4hdr_stack.dst_addr();
-
-    let tcphdr = match ptr_at::<TcpHdr>(ctx, EthHdr::LEN + ipv4hdr_len) {
-        None => {
-            // Should not happen
-            // I haven't found if it's actually guaranteed, but the kernel code I found makes sure
-            // that tcp header is inside contiguous kmalloced piece of memory
-            error!(ctx, "SKIP invalid TCP Header for TCP");
-            return Ok(TC_ACT_PIPE);
-        }
-        Some(tcphdr) => tcphdr,
-    };
-    let tcphdr_stack = unsafe { *tcphdr };
-
-    let src_port = u16::from_be(tcphdr_stack.source);
-    let dst_port = u16::from_be(tcphdr_stack.dest);
-
-    let syn = tcphdr_stack.syn();
-    let ack = tcphdr_stack.ack();
-    let fin = tcphdr_stack.fin();
-    let rst = tcphdr_stack.rst();
-
-    if let Some(proto) = unsafe { INLET_PORT_MAP.get(&dst_port) } {
-        // Inlet logic
-        let proto = *proto;
-        trace!(
-            ctx,
-            "INLET. CONVERTING TCP PACKET TO {}. SRC: {}.{}.{}.{}:{}, DST: {}.{}.{}.{}:{}. SYN {} ACK {} FIN {} RST {}.",
-            proto,
-            src_ip.octets()[0],
-            src_ip.octets()[1],
-            src_ip.octets()[2],
-            src_ip.octets()[3],
-            src_port,
-            dst_ip.octets()[0],
-            dst_ip.octets()[1],
-            dst_ip.octets()[2],
-            dst_ip.octets()[3],
-            dst_port,
-            syn,
-            ack,
-            fin,
-            rst,
-        );
-
-        convert_tcp_to_ockam(ctx, ipv4hdr, proto);
-
-        return Ok(TC_ACT_PIPE);
-    }
-
-    if let Some(proto) = unsafe { OUTLET_PORT_MAP.get(&dst_port) } {
-        // Outlet logic
-        let proto = *proto;
-
-        trace!(
-            ctx,
-            "OUTLET. CONVERTING TCP PACKET TO {}. SRC: {}.{}.{}.{}:{}, DST: {}.{}.{}.{}:{}. SYN {} ACK {} FIN {} RST {}.",
-            proto,
-            src_ip.octets()[0],
-            src_ip.octets()[1],
-            src_ip.octets()[2],
-            src_ip.octets()[3],
-            src_port,
-            dst_ip.octets()[0],
-            dst_ip.octets()[1],
-            dst_ip.octets()[2],
-            dst_ip.octets()[3],
-            dst_port,
-            syn,
-            ack,
-            fin,
-            rst,
-        );
-
-        convert_tcp_to_ockam(ctx, ipv4hdr, proto);
-
-        return Ok(TC_ACT_PIPE);
-    }
-
-    trace!(
-        ctx,
-        "SKIPPED TCP PACKET SRC: {}.{}.{}.{}:{}, DST: {}.{}.{}.{}:{}. SYN {} ACK {} FIN {} RST {}.",
-        src_ip.octets()[0],
-        src_ip.octets()[1],
-        src_ip.octets()[2],
-        src_ip.octets()[3],
-        src_port,
-        dst_ip.octets()[0],
-        dst_ip.octets()[1],
-        dst_ip.octets()[2],
-        dst_ip.octets()[3],
-        dst_port,
-        syn,
-        ack,
-        fin,
-        rst,
-    );
-
-    Ok(TC_ACT_PIPE)
-}
-
-#[inline(always)]
-fn handle_egress_ockam_protocol(ctx: &TcContext, ipv4hdr: *mut Ipv4Hdr) -> Result<i32, i32> {
-    let ipv4hdr_stack = unsafe { *ipv4hdr };
-    let proto = ipv4hdr_stack.proto as u8;
-    let ipv4hdr_ihl = ipv4hdr_stack.ihl();
-    if ipv4hdr_ihl < 5 || ipv4hdr_ihl > 15 {
-        error!(ctx, "SKIP invalid IPv4 Header length for OCKAM");
-        return Ok(TC_ACT_PIPE);
-    }
-    let ipv4hdr_len = ipv4hdr_ihl as usize * 4;
-
-    let src_ip = ipv4hdr_stack.src_addr();
-    let dst_ip = ipv4hdr_stack.dst_addr();
-
-    if ptr_at::<TcpHdr>(ctx, EthHdr::LEN + ipv4hdr_len).is_none() {
-        if let Err(err) = ctx.pull_data((EthHdr::LEN + ipv4hdr_len + TcpHdr::LEN) as u32) {
-            error!(
-                ctx,
-                "Couldn't pull TCP header into contiguous memory. Err {}", err
-            );
-            return Err(TC_ACT_PIPE);
-        }
-    };
-
-    let ipv4hdr = match ptr_at::<Ipv4Hdr>(ctx, EthHdr::LEN) {
-        None => {
-            error!(ctx, "SKIP invalid IPv4 Header");
-            return Ok(TC_ACT_PIPE);
-        }
-        Some(ipv4hdr) => ipv4hdr,
-    };
-
-    let tcphdr = match ptr_at::<TcpHdr>(ctx, EthHdr::LEN + ipv4hdr_len) {
-        Some(tcphdr) => tcphdr,
-        None => {
-            error!(
-                ctx,
-                "Couldn't get TCP header after pulling it into contiguous memory."
-            );
-            return Err(TC_ACT_PIPE);
-        }
-    };
-    let tcphdr_stack = unsafe { *tcphdr };
-
-    let src_port = u16::from_be(tcphdr_stack.source);
-    let dst_port = u16::from_be(tcphdr_stack.dest);
-
-    let syn = tcphdr_stack.syn();
-    let ack = tcphdr_stack.ack();
-    let fin = tcphdr_stack.fin();
-    let rst = tcphdr_stack.rst();
-
-    if let Some(port_proto) = unsafe { INLET_PORT_MAP.get(&src_port) } {
-        // Inlet logic
-        if proto == *port_proto {
-            trace!(
-                ctx,
-                "INLET. CONVERTING OCKAM {} packet to TCP. SRC: {}.{}.{}.{}:{}, DST: {}.{}.{}.{}:{}. SYN {} ACK {} FIN {} RST {}.",
-                proto,
-                src_ip.octets()[0],
-                src_ip.octets()[1],
-                src_ip.octets()[2],
-                src_ip.octets()[3],
-                src_port,
-                dst_ip.octets()[0],
-                dst_ip.octets()[1],
-                dst_ip.octets()[2],
-                dst_ip.octets()[3],
-                dst_port,
-                syn,
-                ack,
-                fin,
-                rst,
-            );
-
-            convert_ockam_to_tcp(ctx, ipv4hdr, tcphdr);
-
-            return Ok(TC_ACT_PIPE);
-        }
-    }
-
-    if let Some(port_proto) = unsafe { OUTLET_PORT_MAP.get(&src_port) } {
-        // Outlet logic
-        if proto == *port_proto {
-            trace!(
-                ctx,
-                "OUTLET. CONVERTING OCKAM {} packet to TCP. SRC: {}.{}.{}.{}:{}, DST: {}.{}.{}.{}:{}. SYN {} ACK {} FIN {} RST {}.",
-                proto,
-                src_ip.octets()[0],
-                src_ip.octets()[1],
-                src_ip.octets()[2],
-                src_ip.octets()[3],
-                src_port,
-                dst_ip.octets()[0],
-                dst_ip.octets()[1],
-                dst_ip.octets()[2],
-                dst_ip.octets()[3],
-                dst_port,
-                syn,
-                ack,
-                fin,
-                rst,
-            );
-
-            convert_ockam_to_tcp(ctx, ipv4hdr, tcphdr);
-
-            return Ok(TC_ACT_PIPE);
-        }
-    }
-
-    trace!(
-        ctx,
-        "SKIPPED OCKAM {} PACKET SRC: {}.{}.{}.{}:{}, DST: {}.{}.{}.{}:{}. SYN {} ACK {} FIN {} RST {}.",
-        proto,
-        src_ip.octets()[0],
-        src_ip.octets()[1],
-        src_ip.octets()[2],
-        src_ip.octets()[3],
-        src_port,
-        dst_ip.octets()[0],
-        dst_ip.octets()[1],
-        dst_ip.octets()[2],
-        dst_ip.octets()[3],
-        dst_port,
-        syn,
-        ack,
-        fin,
-        rst,
-    );
-
-    Ok(TC_ACT_PIPE)
-}
-
-#[inline(always)]
-pub fn ptr_at<T>(ctx: &TcContext, offset: usize) -> Option<*mut T> {
-    let start = ctx.data() + offset;
-    let end = ctx.data_end();
-
-    if start + mem::size_of::<T>() > end {
-        return None;
-    }
-
-    Some((start as *mut u8).cast::<T>())
-}
diff --git a/implementations/rust/ockam/ockam_ebpf/src/conversion.rs b/implementations/rust/ockam/ockam_ebpf/src/conversion.rs
deleted file mode 100644
index 78bc1860857..00000000000
--- a/implementations/rust/ockam/ockam_ebpf/src/conversion.rs
+++ /dev/null
@@ -1,24 +0,0 @@
-use crate::checksum::{iph_update_csum, tcph_update_csum};
-use crate::common::Proto;
-use aya_ebpf::programs::TcContext;
-use network_types::ip::{IpProto, Ipv4Hdr};
-use network_types::tcp::TcpHdr;
-
-#[inline(always)]
-pub fn convert_tcp_to_ockam(ctx: &TcContext, ipv4hdr: *mut Ipv4Hdr, ockam_proto: Proto) {
-    unsafe {
-        (*ipv4hdr).proto = core::mem::transmute(ockam_proto);
-    }
-
-    iph_update_csum(ctx, ipv4hdr);
-}
-
-#[inline(always)]
-pub fn convert_ockam_to_tcp(ctx: &TcContext, ipv4hdr: *mut Ipv4Hdr, tcphdr: *mut TcpHdr) {
-    unsafe {
-        (*ipv4hdr).proto = IpProto::Tcp;
-    }
-
-    iph_update_csum(ctx, ipv4hdr);
-    tcph_update_csum(ipv4hdr, tcphdr);
-}
diff --git a/implementations/rust/ockam/ockam_ebpf/src/entrypoint.rs b/implementations/rust/ockam/ockam_ebpf/src/entrypoint.rs
deleted file mode 100644
index 5bfea0fec66..00000000000
--- a/implementations/rust/ockam/ockam_ebpf/src/entrypoint.rs
+++ /dev/null
@@ -1,56 +0,0 @@
-//! This crate contains the eBPF part of Ockam Reliable TCP Portals.
-//!
-//! ## Build
-//!
-//! ```bash
-//! cargo build-ebpf
-//! ```
-//!
-//! Building eBPFs have roughly following requirements:
-//!  - Linux
-//!  - Rust nightly
-//!  - Some dependencies to be installed
-//!
-//! Because of that crate with the eBPF code is kept out of the workspace.
-//! Example of a virtual machine to build it can be found in `ubuntu_x86.yaml`.
-//!
-//! Using ockam with eBPFs requires:
-//!  - Linux
-//!  - root (CAP_BPF, CAP_NET_RAW, CAP_NET_ADMIN, CAP_SYS_ADMIN)
-//!
-//! Example of a virtual machine to run ockam with eBPF can be found in `ubuntu_arm.yaml`.
-//!
-//! eBPF is a small architecture-independent object file that is small enough,
-//! to include it in the repo.
-//!
-//! The built eBPF object should be copied to `/implementations/rust/ockam/ockam_ebpf/ockam_ebpf`,
-//! from where it will be grabbed by `ockam_transport_tcp` crate.
-
-#![no_std]
-#![no_main]
-
-use aya_ebpf::macros::classifier;
-use aya_ebpf::programs::TcContext;
-
-mod checksum;
-mod checksum_helpers;
-mod common;
-mod conversion;
-
-use crate::common::Direction;
-
-#[classifier]
-pub fn ockam_ingress(ctx: TcContext) -> i32 {
-    common::try_handle(&ctx, Direction::Ingress).unwrap_or_else(|ret| ret)
-}
-
-#[classifier]
-pub fn ockam_egress(ctx: TcContext) -> i32 {
-    common::try_handle(&ctx, Direction::Egress).unwrap_or_else(|ret| ret)
-}
-
-// TODO: Check if eBPF code can panic at all
-#[panic_handler]
-fn panic(_info: &core::panic::PanicInfo) -> ! {
-    unsafe { core::hint::unreachable_unchecked() }
-}
diff --git a/implementations/rust/ockam/ockam_ebpf/ubuntu_arm.yaml b/implementations/rust/ockam/ockam_ebpf/ubuntu_arm.yaml
deleted file mode 100644
index 8f7d9a6b723..00000000000
--- a/implementations/rust/ockam/ockam_ebpf/ubuntu_arm.yaml
+++ /dev/null
@@ -1,56 +0,0 @@
-arch: "aarch64"
-
-images:
-  # Try to use release-yyyyMMdd image if available. Note that release-yyyyMMdd will be removed after several months.
-  - location: "https://cloud-images.ubuntu.com/releases/22.04/release-20230518/ubuntu-22.04-server-cloudimg-amd64.img"
-    arch: "x86_64"
-    digest: "sha256:afb820a9260217fd4c5c5aacfbca74aa7cd2418e830dc64ca2e0642b94aab161"
-  - location: "https://cloud-images.ubuntu.com/releases/22.04/release-20230518/ubuntu-22.04-server-cloudimg-arm64.img"
-    arch: "aarch64"
-    digest: "sha256:b47f8be40b5f91c37874817c3324a72cea1982a5fdad031d9b648c9623c3b4e2"
-  # Fallback to the latest release image.
-  - location: "https://cloud-images.ubuntu.com/releases/22.04/release/ubuntu-22.04-server-cloudimg-amd64.img"
-    arch: "x86_64"
-  - location: "https://cloud-images.ubuntu.com/releases/22.04/release/ubuntu-22.04-server-cloudimg-arm64.img"
-    arch: "aarch64"
-
-memory: "12GiB"
-cpus: 12
-disk: "48GiB"
-ssh:
-  # You can choose any port or omit this. Specifying a value ensures same port bindings after restarts
-  # Forwarded to port 22 of the guest.
-  localPort: 4444
-# We are going to install all the necessary packages for our development environment.
-# These include Python 3 and the bpfcc tools package.
-provision:
-  - mode: system
-    script: |
-      #!/bin/bash
-      set -eux -o pipefail
-      export DEBIAN_FRONTEND=noninteractive
-      apt-get update
-      apt-get install --yes vim python3 python3-pip
-      apt-get install --yes apt-transport-https ca-certificates curl clang llvm jq
-      apt-get install --yes libelf-dev libpcap-dev libbfd-dev binutils-dev build-essential make
-      apt-get install --yes bsdutils
-      apt-get install --yes build-essential
-      apt-get install --yes pkgconf
-      apt-get install --yes zlib1g-dev libelf-dev
-      apt-get install --yes protobuf-compiler
-      apt-get install --yes libssl-dev
-      apt-get install --yes net-tools
-
-      apt-get install --yes bpfcc-tools bpftrace
-      apt-get install --yes linux-tools-common linux-tools-generic
-      apt-get install --yes linux-headers-$(uname -r) linux-tools-$(uname -r)
-
-      curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
-      /root/.cargo/bin/rustup toolchain install nightly --component rust-src
-      /root/.cargo/bin/cargo install bpf-linker
-
-  - mode: user
-    script: |
-      #!/bin/bash
-      set -eux -o pipefail
-      sudo cp /home/$(whoami).linux/.ssh/authorized_keys /root/.ssh/authorized_keys
diff --git a/implementations/rust/ockam/ockam_ebpf/ubuntu_x86.yaml b/implementations/rust/ockam/ockam_ebpf/ubuntu_x86.yaml
deleted file mode 100644
index 55abd8b01c4..00000000000
--- a/implementations/rust/ockam/ockam_ebpf/ubuntu_x86.yaml
+++ /dev/null
@@ -1,56 +0,0 @@
-arch: "x86_64"
-
-images:
-  # Try to use release-yyyyMMdd image if available. Note that release-yyyyMMdd will be removed after several months.
-  - location: "https://cloud-images.ubuntu.com/releases/22.04/release-20230518/ubuntu-22.04-server-cloudimg-amd64.img"
-    arch: "x86_64"
-    digest: "sha256:afb820a9260217fd4c5c5aacfbca74aa7cd2418e830dc64ca2e0642b94aab161"
-  - location: "https://cloud-images.ubuntu.com/releases/22.04/release-20230518/ubuntu-22.04-server-cloudimg-arm64.img"
-    arch: "aarch64"
-    digest: "sha256:b47f8be40b5f91c37874817c3324a72cea1982a5fdad031d9b648c9623c3b4e2"
-  # Fallback to the latest release image.
-  - location: "https://cloud-images.ubuntu.com/releases/22.04/release/ubuntu-22.04-server-cloudimg-amd64.img"
-    arch: "x86_64"
-  - location: "https://cloud-images.ubuntu.com/releases/22.04/release/ubuntu-22.04-server-cloudimg-arm64.img"
-    arch: "aarch64"
-
-memory: "12GiB"
-cpus: 12
-disk: "48GiB"
-ssh:
-  # You can choose any port or omit this. Specifying a value ensures same port bindings after restarts
-  # Forwarded to port 22 of the guest.
-  localPort: 3333
-# We are going to install all the necessary packages for our development environment.
-# These include Python 3 and the bpfcc tools package.
-provision:
-  - mode: system
-    script: |
-      #!/bin/bash
-      set -eux -o pipefail
-      export DEBIAN_FRONTEND=noninteractive
-      apt-get update
-      apt-get install --yes vim python3 python3-pip
-      apt-get install --yes apt-transport-https ca-certificates curl clang llvm jq
-      apt-get install --yes libelf-dev libpcap-dev libbfd-dev binutils-dev build-essential make
-      apt-get install --yes bsdutils
-      apt-get install --yes build-essential
-      apt-get install --yes pkgconf
-      apt-get install --yes zlib1g-dev libelf-dev
-      apt-get install --yes protobuf-compiler
-      apt-get install --yes libssl-dev
-      apt-get install --yes net-tools
-
-      apt-get install --yes bpfcc-tools bpftrace
-      apt-get install --yes linux-tools-common linux-tools-generic
-      apt-get install --yes linux-headers-$(uname -r) linux-tools-$(uname -r)
-
-      curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
-      /root/.cargo/bin/rustup toolchain install nightly --component rust-src
-      /root/.cargo/bin/cargo install bpf-linker
-
-  - mode: user
-    script: |
-      #!/bin/bash
-      set -eux -o pipefail
-      sudo cp /home/$(whoami).linux/.ssh/authorized_keys /root/.ssh/authorized_keys
diff --git a/implementations/rust/ockam/ockam_transport_tcp/Cargo.toml b/implementations/rust/ockam/ockam_transport_tcp/Cargo.toml
index 9c6cd56e9e9..4dc586cfa5c 100644
--- a/implementations/rust/ockam/ockam_transport_tcp/Cargo.toml
+++ b/implementations/rust/ockam/ockam_transport_tcp/Cargo.toml
@@ -29,7 +29,7 @@ no_std = ["ockam_macros/no_std", "ockam_transport_core/no_std"]
 alloc = []
 aws-lc = ["tokio-rustls/aws-lc-rs"]
 ring = ["tokio-rustls/ring"]
-privileged_portals = ["aya", "aya-log", "binary-layout", "caps", "nix"]
+privileged_portals = ["ockam_ebpf_prebuilt", "aya", "aya-log", "binary-layout", "caps", "nix"]
 
 [build-dependencies]
 cfg_aliases = "0.2.1"
@@ -40,6 +40,7 @@ cfg-if = "1.0.0"
 log = "0.4.21"
 minicbor = "0.24"
 ockam_core = { path = "../ockam_core", version = "^0.119.0" }
+ockam_ebpf_prebuilt = { git = "https://github.com/build-trust/ockam-ebpf.git", version = "0.1.0", default-features = false, features = ["prebuilt"], optional = true }
 ockam_macros = { path = "../ockam_macros", version = "^0.35.0" }
 ockam_node = { path = "../ockam_node", version = "^0.131.0" }
 ockam_transport_core = { path = "../ockam_transport_core", version = "^0.96.0" }
diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/ebpf_support.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/ebpf_support.rs
index 14f7337a025..7685a5c0226 100644
--- a/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/ebpf_support.rs
+++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/ebpf_support.rs
@@ -138,7 +138,7 @@ impl TcpTransportEbpfSupport {
         // like to specify the eBPF program at runtime rather than at compile-time, you can
         // reach for `Bpf::load_file` instead.
 
-        let ebpf_binary = aya::include_bytes_aligned!("../../../ockam_ebpf/ockam_ebpf");
+        let ebpf_binary = ockam_ebpf_prebuilt::EBPF_BINARY;
         let mut ebpf = Ebpf::load(ebpf_binary).map_err(map_ebpf_error)?;
         // eBPF can be read from the filesystem in the runtime for development purposes
         // let ebpf_binary = std::fs::read(PATH).unwrap();
diff --git a/implementations/rust/ockam/xtask/CHANGELOG.md b/implementations/rust/ockam/xtask/CHANGELOG.md
deleted file mode 100644
index f0e5ace9585..00000000000
--- a/implementations/rust/ockam/xtask/CHANGELOG.md
+++ /dev/null
@@ -1,10 +0,0 @@
-# Changelog
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## v0.1.0 - 2024-08-21
-### Added
-
- - Initial implementation.
diff --git a/implementations/rust/ockam/xtask/Cargo.toml b/implementations/rust/ockam/xtask/Cargo.toml
deleted file mode 100644
index f783a829ca2..00000000000
--- a/implementations/rust/ockam/xtask/Cargo.toml
+++ /dev/null
@@ -1,22 +0,0 @@
-[package]
-name = "xtask"
-version = "0.1.0"
-authors = ["Ockam Developers"]
-autoexamples = false
-categories = [
-  "network-programming",
-]
-edition = "2021"
-homepage = "https://github.com/build-trust/ockam"
-keywords = ["ockam", "crypto", "network", "networking", "tcp"]
-license = "Apache-2.0"
-publish = false
-readme = "README.md"
-repository = "https://github.com/build-trust/ockam/implementations/rust/ockam/xtask"
-rust-version = "1.70.0"
-description = """
-xtask to build eBPF object file.
-"""
-
-[dependencies]
-clap = { version = "4.1", features = ["derive"] }
diff --git a/implementations/rust/ockam/xtask/README.md b/implementations/rust/ockam/xtask/README.md
deleted file mode 100644
index f2fccfac354..00000000000
--- a/implementations/rust/ockam/xtask/README.md
+++ /dev/null
@@ -1,65 +0,0 @@
-# xtask
-
-[![crate][crate-image]][crate-link]
-[![docs][docs-image]][docs-link]
-[![license][license-image]][license-link]
-[![discuss][discuss-image]][discuss-link]
-
-Ockam is a library for building devices that communicate securely, privately
-and trustfully with cloud services and other devices.
-
-This xtask is designed for targets that require custom scripts to be built.
-Currently, its only purpose is to build `ockam_ebpf` eBPF object file.
-
-### Build
-
-```bash
-cargo build-ebpf
-```
-
-Building eBPFs have roughly following requirements:
- - Linux
- - Rust nightly
- - Some dependencies to be installed
-
-Because of that crate with the eBPF code is kept out of the workspace.
-Example of a virtual machine to build it can be found in `ubuntu_x86.yaml`.
-
-Using ockam with eBPFs requires:
- - Linux
- - root (CAP_BPF, CAP_NET_RAW, CAP_NET_ADMIN, CAP_SYS_ADMIN)
-
-Example of a virtual machine to run ockam with eBPF can be found in `ubuntu_arm.yaml`.
-
-eBPF is a small architecture-independent object file that is small enough,
-to include it in the repo.
-
-The built eBPF object should be copied to `/implementations/rust/ockam/ockam_ebpf/ockam_ebpf`,
-from where it will be grabbed by `ockam_transport_tcp` crate.
-
-## Usage
-
-Add this to your `Cargo.toml`:
-
-```
-[dependencies]
-xtask = "0.1.0"
-```
-
-## License
-
-This code is licensed under the terms of the [Apache License 2.0][license-link].
-
-[main-ockam-crate-link]: https://crates.io/crates/ockam
-
-[crate-image]: https://img.shields.io/crates/v/xtask.svg
-[crate-link]: https://crates.io/crates/xtask
-
-[docs-image]: https://docs.rs/xtask/badge.svg
-[docs-link]: https://docs.rs/xtask
-
-[license-image]: https://img.shields.io/badge/License-Apache%202.0-green.svg
-[license-link]: https://github.com/build-trust/ockam/blob/HEAD/LICENSE
-
-[discuss-image]: https://img.shields.io/badge/Discuss-Github%20Discussions-ff70b4.svg
-[discuss-link]: https://github.com/build-trust/ockam/discussions
diff --git a/implementations/rust/ockam/xtask/src/main.rs b/implementations/rust/ockam/xtask/src/main.rs
deleted file mode 100644
index 429ba588890..00000000000
--- a/implementations/rust/ockam/xtask/src/main.rs
+++ /dev/null
@@ -1,112 +0,0 @@
-//! This xtask is designed for targets that require custom scripts to be built.
-//! Currently, its only purpose is to build `ockam_ebpf` eBPF object file.
-//!
-//! ## Build
-//!
-//! ```bash
-//! cargo build-ebpf
-//! ```
-//!
-//! Building eBPFs have roughly following requirements:
-//!  - Linux
-//!  - Rust nightly
-//!  - Some dependencies to be installed
-//!
-//! Because of that crate with the eBPF code is kept out of the workspace.
-//! Example of a virtual machine to build it can be found in `ubuntu_x86.yaml`.
-//!
-//! Using ockam with eBPFs requires:
-//!  - Linux
-//!  - root (CAP_BPF, CAP_NET_RAW, CAP_NET_ADMIN, CAP_SYS_ADMIN)
-//!
-//! Example of a virtual machine to run ockam with eBPF can be found in `ubuntu_arm.yaml`.
-//!
-//! eBPF is a small architecture-independent object file that is small enough,
-//! to include it in the repo.
-//!
-//! The built eBPF object should be copied to `/implementations/rust/ockam/ockam_ebpf/ockam_ebpf`,
-//! from where it will be grabbed by `ockam_transport_tcp` crate.
-
-use std::{path::PathBuf, process::Command};
-
-use clap::Parser;
-
-#[derive(Debug, Copy, Clone)]
-pub enum Architecture {
-    BpfEl,
-    // eBPF code may need to be updated to behave correctly on big-endian (especially checksum calc)
-    // BpfEb,
-}
-
-impl std::str::FromStr for Architecture {
-    type Err = String;
-
-    fn from_str(s: &str) -> Result<Self, Self::Err> {
-        Ok(match s {
-            "bpfel-unknown-none" => Architecture::BpfEl,
-            // "bpfeb-unknown-none" => Architecture::BpfEb,
-            _ => return Err("invalid target".to_owned()),
-        })
-    }
-}
-
-impl std::fmt::Display for Architecture {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        f.write_str(match self {
-            Architecture::BpfEl => "bpfel-unknown-none",
-            // Architecture::BpfEb => "bpfeb-unknown-none",
-        })
-    }
-}
-
-#[derive(Debug, Parser, Clone)]
-pub struct Options {
-    /// Set the endianness of the BPF target
-    #[clap(default_value = "bpfel-unknown-none", long)]
-    target: Architecture,
-    #[clap(long, short, group = "profile_group")]
-    release: bool,
-    #[clap(long, group = "profile_group")]
-    profile: Option<String>,
-    #[clap(long)]
-    target_dir: Option<PathBuf>,
-}
-
-pub fn build_ebpf(opts: Options, dir: PathBuf) {
-    let target = format!("--target={}", opts.target);
-    let mut args = vec!["build", target.as_str(), "-Z", "build-std=core"];
-    if opts.release {
-        args.push("--release")
-    }
-
-    if let Some(profile) = &opts.profile {
-        args.push("--profile");
-        args.push(profile);
-    }
-
-    if let Some(target_dir) = &opts.target_dir {
-        args.push("--target-dir");
-        args.push(target_dir.to_str().unwrap());
-    }
-
-    // Command::new creates a child process which inherits all env variables. This means env
-    // vars set by the cargo xtask command are also inherited. RUSTUP_TOOLCHAIN is removed
-    // so the rust-toolchain.toml file in the -ebpf folder is honored.
-
-    let status = Command::new("cargo")
-        .current_dir(dir.clone())
-        .env_remove("RUSTUP_TOOLCHAIN")
-        .args(&args)
-        .status()
-        .expect("failed to run build bpf program");
-
-    assert!(status.success(), "failed to build bpf program");
-}
-
-fn main() {
-    let opts = Options::parse();
-
-    let dir = PathBuf::from("implementations/rust/ockam/ockam_ebpf");
-
-    build_ebpf(opts.clone(), dir.clone());
-}