Package: src:linux Version: 4.9.30-2+deb9u2 Severity: normal Hello, there. I just encounter a situation which seems to indicate that nf_conntrack_ftp does not work as it should. The affected server has the following iptables rules regarding FTP: Chain INPUT (policy DROP 4 packets, 208 bytes) pkts bytes target prot opt in out source destination 87 13850 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 /* loopbac k@localhost */ 1 44 ACCEPT tcp -- ens3 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 flags:0x17/0x02 limit: avg 5/min burst 50 recent: SET name: FTP side: source mask: 255.255.255.255 0 0 LOGDROP tcp -- ens3 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 flags:0x17/0x02 recent: UPDATE seconds: 60 hit_count: 6 TTL-Match name: FTP side: source mask: 255.255.255.255 17 769 ACCEPT tcp -- ens3 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 0 0 ACCEPT tcp -- ens3 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:50000:50500 ctstate RELATED,ESTABLISHED […] Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 466 75053 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 /* loopbac k@localhost */ 14 1184 ACCEPT tcp -- * ens3 0.0.0.0/0 0.0.0.0/0 tcp spt:21 0 0 ACCEPT tcp -- * ens3 0.0.0.0/0 0.0.0.0/0 tcp spts:50000:50500 ctstate RELATED,ESTABLISHED […] As you can see, iptables is configured to let passive FTP connections pass, on the same port range than the one configured on the FTP service: root@pern /h/david {⌗0/⬓2}[0]꩜# cat /etc/pure- ftpd/conf/PassivePortRange 50000 50500 Still, the passive FTP connection can't be established, as it freezes when the client tries to open the passive data connection: 13:55:36.066536 IP client.59494 > server.ftp: Flags [S], seq 2083620944, win 32120, options [mss 1460], length 0 13:55:36.066589 IP server.ftp > client.59494: Flags [S.], seq 2534440145, ack 2083620945, win 29200, options [mss 1460], length 0 13:55:36.101446 IP client.59494 > server.ftp: Flags [.], ack 1, win 32120, length 0 13:55:41.111237 IP server.ftp > client.59494: Flags [P.], seq 1:320, ack 1, win 29200, length 319: FTP: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 13:55:41.144917 IP client.59494 > server.ftp: Flags [.], ack 320, win 31801, length 0 13:55:41.983515 IP client.59494 > server.ftp: Flags [P.], seq 1:11, ack 320, win 32120, length 10: FTP: AUTH TLS 13:55:41.983551 IP server.ftp > client.59494: Flags [.], ack 11, win 29200, length 0 13:55:41.983654 IP server.ftp > client.59494: Flags [P.], seq 320:365, ack 11, win 29200, length 45: FTP: 500 This security scheme is not implemented 13:55:42.017240 IP client.59494 > server.ftp: Flags [.], ack 365, win 32075, length 0 13:55:42.743558 IP client.59494 > server.ftp: Flags [P.], seq 11:21, ack 365, win 32120, length 10: FTP: AUTH SSL 13:55:42.743750 IP server.ftp > client.59494: Flags [P.], seq 365:410, ack 21, win 29200, length 45: FTP: 500 This security scheme is not implemented 13:55:42.777386 IP client.59494 > server.ftp: Flags [.], ack 410, win 32075, length 0 13:55:43.503046 IP client.59494 > server.ftp: Flags [P.], seq 21:36, ack 410, win 32120, length 15: FTP: USER **removed for security** 13:55:43.503210 IP server.ftp > client.59494: Flags [P.], seq 410:451, ack 36, win 29200, length 41: FTP: 331 User **removed for security** OK. Password required 13:55:43.536807 IP client.59494 > server.ftp: Flags [.], ack 451, win 32079, length 0 13:55:44.303051 IP client.59494 > server.ftp: Flags [P.], seq 36:63, ack 451, win 32120, length 27: FTP: PASS **removed for security** 13:55:44.328143 IP server.ftp > client.59494: Flags [P.], seq 451:483, ack 63, win 29200, length 32: FTP: 230 OK. Current directory is / 13:55:44.361804 IP client.59494 > server.ftp: Flags [.], ack 483, win 32088, length 0 13:55:45.103442 IP client.59494 > server.ftp: Flags [P.], seq 63:69, ack 483, win 32120, length 6: FTP: SYST 13:55:45.103606 IP server.ftp > client.59494: Flags [P.], seq 483:502, ack 69, win 29200, length 19: FTP: 215 UNIX Type: L8 13:55:45.137252 IP client.59494 > server.ftp: Flags [.], ack 502, win 32101, length 0 13:55:45.983146 IP client.59494 > server.ftp: Flags [P.], seq 69:75, ack 502, win 32120, length 6: FTP: FEAT 13:55:45.983254 IP server.ftp > client.59494: Flags [P.], seq 502:742, ack 75, win 29200, length 240: FTP: 211-Extensions supported: 13:55:46.016878 IP client.59494 > server.ftp: Flags [.], ack 742, win 31880, length 0 13:55:46.783712 IP client.59494 > server.ftp: Flags [P.], seq 75:89, ack 742, win 32120, length 14: FTP: OPTS UTF8 ON 13:55:46.783902 IP server.ftp > client.59494: Flags [P.], seq 742:765, ack 89, win 29200, length 23: FTP: 200 OK, UTF-8 enabled 13:55:46.817570 IP client.59494 > server.ftp: Flags [.], ack 765, win 32097, length 0 13:55:47.544469 IP client.59494 > server.ftp: Flags [P.], seq 89:94, ack 765, win 32120, length 5: FTP: PWD 13:55:47.544640 IP server.ftp > client.59494: Flags [P.], seq 765:799, ack 94, win 29200, length 34: FTP: 257 "/" is your current location 13:55:47.578287 IP client.59494 > server.ftp: Flags [.], ack 799, win 32086, length 0 13:55:48.342997 IP client.59494 > server.ftp: Flags [P.], seq 94:102, ack 799, win 32120, length 8: FTP: TYPE I 13:55:48.343143 IP server.ftp > client.59494: Flags [P.], seq 799:829, ack 102, win 29200, length 30: FTP: 200 TYPE is now 8-bit binary 13:55:48.376858 IP client.59494 > server.ftp: Flags [.], ack 829, win 32090, length 0 13:55:49.143326 IP client.59494 > server.ftp: Flags [P.], seq 102:108, ack 829, win 32120, length 6: FTP: PASV 13:55:49.143517 IP server.ftp > client.59494: Flags [P.], seq 829:879, ack 108, win 29200, length 50: FTP: 227 Entering Passive Mode (**removed for security**,196,84) 13:55:49.177260 IP client.59494 > server.ftp: Flags [.], ack 879, win 32070, length 0 13:55:49.943101 IP client.59494 > server.ftp: Flags [P.], seq 108:114, ack 879, win 32120, length 6: FTP: MLSD 13:55:49.943277 IP client.55391 > server.50260: Flags [S], seq 1498334446, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 13:55:49.984867 IP server.ftp > client.59494: Flags [.], ack 114, win 29200, length 0 13:55:52.940748 IP client.55391 > server.50260: Flags [S], seq 1498334446, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 13:55:57.065945 IP client.55391 > server.50260: Flags [S], seq 1814879207, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 13:56:00.063063 IP client.55391 > server.50260: Flags [S], seq 1814879207, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 13:56:05.423245 IP client.55391 > server.50260: Flags [S], seq 4001186743, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 13:56:08.425764 IP client.55391 > server.50260: Flags [S], seq 4001186743, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 During the time the client tries to open the passive data connection, the conntrack table only contains the control connection: root@pern /h/david {⌗0/⬓2}[0]꩜# conntrack -L -s 88.202.77.84 tcp 6 431989 ESTABLISHED src=client dst=server sport=59494 dport=21 src=server dst=client sport=21 dport=59494 [ASSURED] mark=0 use=1 conntrack v1.4.4 (conntrack-tools): 1 flow entries have been shown. The FTP counters above were retrieved after the FTP connection attempt; as you can see, iptables does not let them pass. Because the conntrack does not contain the passive data connection, it is manifestly because the nf_conntrack_ftp does not identify the passive data connection attempts as being related to the already established control connection. Should nf_conntrack_ftp do its job, there will be an entry in the conntrack, even if iptables were misconfigured and did not let these packets pass. I also strongly suspect a nf_conntrack_ftp failure as: * the client tries to connect to the passive port the server gave, so it's not a client error; anyway, I tried 2 clients (packages filezilla and ftp), so I'm pretty sure the client is not the problem; * the problem remains if I use -m state --state ESTABLISHED,RELATED for the passive data connection; I might add that it was what I did under Jessie and Wheezy and there was no problem. If you need more data to process this report, I will provide them in this report, as long as I can anonymise them enough; if I can't, I'll send them as a private message to the Debian maintainer requesting them. Regards. -- Package-specific info: ** Version: Linux version 4.9.0-3-amd64 (debian-kernel@lists.debian.org) (gcc version 6.3.0 20170516 (Debian 6.3.0-18) ) #1 SMP Debian 4.9.30- 2+deb9u2 (2017-06-26) ** Command line: BOOT_IMAGE=/boot/vmlinuz-4.9.0-3-amd64 root=UUID=9abb590f-8a5e-496f- ad2a-2c877415bdc5 ro console=ttyS0 ** Not tainted ** Kernel log: Unable to read kernel log; any relevant messages should be attached ** Model information sys_vendor: OpenStack Foundation product_name: OpenStack Nova product_version: 2014.2.4 chassis_vendor: QEMU chassis_version: pc-i440fx-vivid bios_vendor: SeaBIOS bios_version: 2:1.10.2-6e899082 ** Loaded modules: nfnetlink_queue nfnetlink_log nfnetlink bluetooth rfkill ip6table_mangle iptable_mangle binfmt_misc xt_connlimit ts_bm xt_string nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack xt_hashlimit xt_tcpudp xt_recent xt_comment nf_log_ipv6 ip6table_filter ip6_tables nf_log_ipv4 nf_log_common xt_LOG xt_limit iptable_filter kvm_intel kvm ppdev parport_pc parport sg irqbypass hid_generic crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid hid cirrus ttm drm_kms_helper virtio_balloon joydev evdev drm serio_raw acpi_cpufreq button pcspkr nf_conntrack_ftp nf_conntrack ip_tables x_tables autofs4 ext4 crc16 jbd2 crc32c_generic fscrypto ecb mbcache sd_mod ata_generic virtio_scsi virtio_net crc32c_intel uhci_hcd ata_piix ehci_hcd libata aesni_intel aes_x86_64 glue_helper lrw gf128mul ablk_helper usbcore cryptd usb_common psmouse virtio_pci virtio_ring virtio scsi_mod i2c_piix4 floppy ** Network interface configuration: source /etc/network/interfaces.d/* auto lo iface lo inet loopback allow-hotplug ens4 iface ens4 inet dhcp iface ens3 inet6 static address **removed for security** netmask 128 post-up /sbin/ip -6 route add 2001:41d0:302:1100::1 dev ens3 post-up /sbin/ip -6 route add default via 2001:41d0:302:1100::1 dev ens3 pre-down /sbin/ip -6 route del default via 2001:41d0:302:1100::1 dev ens3 pre-down /sbin/ip -6 route del 2001:41d0:302:1100::1 dev ens3 ** Network status: *** IP interfaces and addresses: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether fa:16:3e:ab:8b:78 brd ff:ff:ff:ff:ff:ff inet **removed for security** brd **removed for security** scope global ens3 valid_lft forever preferred_lft forever inet6 **renoved for security** scope global valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:feab:8b78/64 scope link valid_lft forever preferred_lft forever *** Device statistics: Inter- | Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo: 768873 5094 0 0 0 0 0 0 768 873 5094 0 0 0 0 0 0 ens3: 2572670 4306 0 0 0 0 0 0 1142527 4 565 0 0 0 0 0 0 *** Protocol statistics: Ip: Forwarding: 2 7432 total packets received 4 with invalid addresses 0 forwarded 0 incoming packets discarded 7413 incoming packets delivered 7349 requests sent out 32 outgoing packets dropped Icmp: 678 ICMP messages received 0 input ICMP message failed ICMP input histogram: destination unreachable: 325 echo requests: 353 678 ICMP messages sent 0 ICMP messages failed ICMP output histogram: destination unreachable: 325 echo replies: 353 IcmpMsg: InType3: 325 InType8: 353 OutType0: 353 OutType3: 325 Tcp: 521 active connection openings 240 passive connection openings 0 failed connection attempts 4 connection resets received 1 connections established 5209 segments received 5625 segments sent out 41 segments retransmitted 0 bad segments received 35 resets sent Udp: 2866 packets received 325 packets to unknown port received 0 packet receive errors 3239 packets sent 0 receive buffer errors 0 send buffer errors UdpLite: TcpExt: 482 TCP sockets finished time wait in fast timer 33 delayed acks sent Quick ack mode was activated 8 times 15 packets directly queued to recvmsg prequeue TCPDirectCopyFromPrequeue: 46534 908 packet headers predicted 5 packet headers predicted and directly queued to user 1483 acknowledgments not containing data payload received 709 predicted acknowledgments TCPSackRecovery: 12 TCPDSACKUndo: 3 1 congestion windows recovered without slow start after partial ack TCPLostRetransmit: 2 TCPSackFailures: 1 25 fast retransmits 3 forward retransmits 2 retransmits in slow start TCPTimeouts: 1 TCPLossProbes: 9 TCPSackRecoveryFail: 1 TCPDSACKOldSent: 8 TCPDSACKRecv: 6 14 connections reset due to unexpected data TCPSpuriousRTOs: 1 TCPSackMerged: 10 TCPSackShiftFallback: 19 IPReversePathFilter: 1 TCPRcvCoalesce: 113 TCPOFOQueue: 13 TCPOrigDataSent: 2835 IpExt: InOctets: 1297927 OutOctets: 1070535 InNoECTPkts: 7470 ** PCI devices: 00:00.0 Host bridge [0600]: Intel Corporation 440FX - 82441FX PMC [Natoma] [8086:1237] (rev 02) Subsystem: Red Hat, Inc Qemu virtual machine [1af4:1100] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 0 00:01.0 ISA bridge [0601]: Intel Corporation 82371SB PIIX3 ISA [Natoma/Triton II] [8086:7000] Subsystem: Red Hat, Inc Qemu virtual machine [1af4:1100] Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- 00:01.1 IDE interface [0101]: Intel Corporation 82371SB PIIX3 IDE [Natoma/Triton II] [8086:7010] (prog-if 80 [Master]) Subsystem: Red Hat, Inc Qemu virtual machine [1af4:1100] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 0 Region 0: [virtual] Memory at 000001f0 (32-bit, non- prefetchable) [size=8] Region 1: [virtual] Memory at 000003f0 (type 3, non- prefetchable) Region 2: [virtual] Memory at 00000170 (32-bit, non- prefetchable) [size=8] Region 3: [virtual] Memory at 00000370 (type 3, non- prefetchable) Region 4: I/O ports at c0a0 [size=16] Kernel driver in use: ata_piix Kernel modules: ata_piix, ata_generic 00:01.2 USB controller [0c03]: Intel Corporation 82371SB PIIX3 USB [Natoma/Triton II] [8086:7020] (rev 01) (prog-if 00 [UHCI]) Subsystem: Red Hat, Inc QEMU Virtual Machine [1af4:1100] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 0 Interrupt: pin D routed to IRQ 11 Region 4: I/O ports at c040 [size=32] Kernel driver in use: uhci_hcd Kernel modules: uhci_hcd 00:01.3 Bridge [0680]: Intel Corporation 82371AB/EB/MB PIIX4 ACPI [8086:7113] (rev 03) Subsystem: Red Hat, Inc Qemu virtual machine [1af4:1100] Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Interrupt: pin A routed to IRQ 9 Kernel driver in use: piix4_smbus Kernel modules: i2c_piix4 00:02.0 VGA compatible controller [0300]: Cirrus Logic GD 5446 [1013:00b8] (prog-if 00 [VGA controller]) Subsystem: Red Hat, Inc QEMU Virtual Machine [1af4:1100] Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Region 0: Memory at fc000000 (32-bit, prefetchable) [size=32M] Region 1: Memory at febd0000 (32-bit, non-prefetchable) [size=4K] Expansion ROM at 000c0000 [disabled] [size=128K] Kernel driver in use: cirrus Kernel modules: cirrusfb, cirrus 00:03.0 Ethernet controller [0200]: Red Hat, Inc Virtio network device [1af4:1000] Subsystem: Red Hat, Inc Virtio network device [1af4:0001] Physical Slot: 3 Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx+ Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 0 Interrupt: pin A routed to IRQ 10 Region 0: I/O ports at c060 [size=32] Region 1: Memory at febd1000 (32-bit, non-prefetchable) [size=4K] Expansion ROM at feb80000 [disabled] [size=256K] Capabilities: [40] MSI-X: Enable+ Count=3 Masked- Vector table: BAR=1 offset=00000000 PBA: BAR=1 offset=00000800 Kernel driver in use: virtio-pci Kernel modules: virtio_pci 00:04.0 SCSI storage controller [0100]: Red Hat, Inc Virtio SCSI [1af4:1004] Subsystem: Red Hat, Inc Virtio SCSI [1af4:0008] Physical Slot: 4 Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx+ Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 0 Interrupt: pin A routed to IRQ 11 Region 0: I/O ports at c000 [size=64] Region 1: Memory at febd2000 (32-bit, non-prefetchable) [size=4K] Capabilities: [40] MSI-X: Enable+ Count=4 Masked- Vector table: BAR=1 offset=00000000 PBA: BAR=1 offset=00000800 Kernel driver in use: virtio-pci Kernel modules: virtio_pci 00:05.0 Unclassified device [00ff]: Red Hat, Inc Virtio memory balloon [1af4:1002] Subsystem: Red Hat, Inc Virtio memory balloon [1af4:0005] Physical Slot: 5 Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 0 Interrupt: pin A routed to IRQ 10 Region 0: I/O ports at c080 [size=32] Kernel driver in use: virtio-pci Kernel modules: virtio_pci ** USB devices: not available -- System Information: Debian Release: 9.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages linux-image-4.9.0-3-amd64 depends on: ii initramfs-tools [linux-initramfs-tool] 0.130 ii kmod 23-2 ii linux-base 4.5 Versions of packages linux-image-4.9.0-3-amd64 recommends: pn firmware-linux-free <none> pn irqbalance <none> Versions of packages linux-image-4.9.0-3-amd64 suggests: pn debian-kernel-handbook <none> ii grub-pc 2.02~beta3-5 pn linux-doc-4.9 <none> Versions of packages linux-image-4.9.0-3-amd64 is related to: pn firmware-amd-graphics <none> pn firmware-atheros <none> pn firmware-bnx2 <none> pn firmware-bnx2x <none> pn firmware-brcm80211 <none> pn firmware-cavium <none> pn firmware-intel-sound <none> pn firmware-intelwimax <none> pn firmware-ipw2x00 <none> pn firmware-ivtv <none> pn firmware-iwlwifi <none> pn firmware-libertas <none> pn firmware-linux-nonfree <none> pn firmware-misc-nonfree <none> pn firmware-myricom <none> pn firmware-netxen <none> pn firmware-qlogic <none> pn firmware-realtek <none> pn firmware-samsung <none> pn firmware-siano <none> pn firmware-ti-connectivity <none> pn xen-hypervisor <none> -- no debconf information -- David Guyot Administrateur système / Sysadmin Europe Camions Interactive / Stockway Moulin Collot F-88500 Ambacourt Tél : +33 (0)3 29 30 47 85
Attachment:
signature.asc
Description: This is a digitally signed message part