[Swan] Valid packets dropping in the kernel
Dharma Indurthy
dharma at redoxengine.com
Fri Nov 2 19:00:22 UTC 2018
Hey, folks.
I have a conundrum. It looks very similar to
https://lists.libreswan.org/pipermail/swan/2018/002834.html, which doesn't
have an outcome yet, I don't think.
We have the following connection, one of a couple hundred -- the rest of
which seem to work fine as far as we can tell. I can't be sure, because I
can't detect the issue from my side.
conn customer
type=tunnel
authby=secret
left="172.20.109.76"
leftid=52.205.166.91
leftsourceip="172.20.109.76"
leftsubnets=" 10.253.1.53/32 10.253.0.1/32 "
right=12.131.93.13
rightsubnets=" 10.50.32.166/32 10.50.32.239/32 10.50.36.4/32 "
rightsourceip=12.131.93.13
auto=start
ike=aes256-sha1;modp1024
phase2alg=aes256-sha1;modp1024
ikelifetime=28800
salifetime=3600
dpdaction=restart
dpddelay=30
dpdtimeout=120
pfs=yes
SAs come up, and we can ping their side.
000 "orthooklahoma3937/1x1": 10.253.1.53/32===172.20.109.76
<172.20.109.76>[52.205.166.91]...12.131.93.13<12.131.93.13>===
10.50.32.166/32; erouted; eroute owner: #3166924
000 "orthooklahoma3937/1x1": oriented; my_ip=172.20.109.76;
their_ip=12.131.93.13; my_updown=ipsec _updown;
000 "orthooklahoma3937/1x1": xauth us:none, xauth them:none,
my_username=[any]; their_username=[any]
000 "orthooklahoma3937/1x1": our auth:secret, their auth:secret
000 "orthooklahoma3937/1x1": modecfg info: us:none, them:none, modecfg
policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "orthooklahoma3937/1x1": labeled_ipsec:no;
000 "orthooklahoma3937/1x1": policy_label:unset;
000 "orthooklahoma3937/1x1": ike_life: 28800s; ipsec_life: 3600s;
replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "orthooklahoma3937/1x1": retransmit-interval: 500ms;
retransmit-timeout: 60s;
000 "orthooklahoma3937/1x1": initial-contact:no; cisco-unity:no;
fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "orthooklahoma3937/1x1": policy:
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "orthooklahoma3937/1x1": conn_prio: 32,32; interface: ens5; metric:
0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "orthooklahoma3937/1x1": nflog-group: unset; mark: unset;
vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "orthooklahoma3937/1x1": our idtype: ID_IPV4_ADDR; our
id=52.205.166.91; their idtype: ID_IPV4_ADDR; their id=12.131.93.13
000 "orthooklahoma3937/1x1": dpd: action:restart; delay:30; timeout:120;
nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "orthooklahoma3937/1x1": newest ISAKMP SA: #0; newest IPsec SA:
#3166924;
000 "orthooklahoma3937/1x1": aliases: orthooklahoma3937
000 "orthooklahoma3937/1x1": IKE algorithms:
AES_CBC_256-HMAC_SHA1-MODP1024
000 "orthooklahoma3937/1x1": ESP algorithms:
AES_CBC_256-HMAC_SHA1_96-MODP1024
000 "orthooklahoma3937/1x1": ESP algorithm newest:
AES_CBC_256-HMAC_SHA1_96; pfsgroup=MODP1024
000 "orthooklahoma3937/1x2": 10.253.1.53/32===172.20.109.76
<172.20.109.76>[52.205.166.91]...12.131.93.13<12.131.93.13>===
10.50.32.239/32; erouted; eroute owner: #3167825
000 "orthooklahoma3937/1x2": oriented; my_ip=172.20.109.76;
their_ip=12.131.93.13; my_updown=ipsec _updown;
000 "orthooklahoma3937/1x2": xauth us:none, xauth them:none,
my_username=[any]; their_username=[any]
000 "orthooklahoma3937/1x2": our auth:secret, their auth:secret
000 "orthooklahoma3937/1x2": modecfg info: us:none, them:none, modecfg
policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "orthooklahoma3937/1x2": labeled_ipsec:no;
000 "orthooklahoma3937/1x2": policy_label:unset;
000 "orthooklahoma3937/1x2": ike_life: 28800s; ipsec_life: 3600s;
replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "orthooklahoma3937/1x2": retransmit-interval: 500ms;
retransmit-timeout: 60s;
000 "orthooklahoma3937/1x2": initial-contact:no; cisco-unity:no;
fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "orthooklahoma3937/1x2": policy:
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "orthooklahoma3937/1x2": conn_prio: 32,32; interface: ens5; metric:
0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "orthooklahoma3937/1x2": nflog-group: unset; mark: unset;
vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "orthooklahoma3937/1x2": our idtype: ID_IPV4_ADDR; our
id=52.205.166.91; their idtype: ID_IPV4_ADDR; their id=12.131.93.13
000 "orthooklahoma3937/1x2": dpd: action:restart; delay:30; timeout:120;
nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "orthooklahoma3937/1x2": newest ISAKMP SA: #0; newest IPsec SA:
#3167825;
000 "orthooklahoma3937/1x2": aliases: orthooklahoma3937
000 "orthooklahoma3937/1x2": IKE algorithms:
AES_CBC_256-HMAC_SHA1-MODP1024
000 "orthooklahoma3937/1x2": ESP algorithms:
AES_CBC_256-HMAC_SHA1_96-MODP1024
000 "orthooklahoma3937/1x2": ESP algorithm newest:
AES_CBC_256-HMAC_SHA1_96; pfsgroup=MODP1024
000 "orthooklahoma3937/1x3": 10.253.1.53/32===172.20.109.76
<172.20.109.76>[52.205.166.91]...12.131.93.13<12.131.93.13>===10.50.36.4/32;
erouted; eroute owner: #3165167
000 "orthooklahoma3937/1x3": oriented; my_ip=172.20.109.76;
their_ip=12.131.93.13; my_updown=ipsec _updown;
000 "orthooklahoma3937/1x3": xauth us:none, xauth them:none,
my_username=[any]; their_username=[any]
000 "orthooklahoma3937/1x3": our auth:secret, their auth:secret
000 "orthooklahoma3937/1x3": modecfg info: us:none, them:none, modecfg
policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "orthooklahoma3937/1x3": labeled_ipsec:no;
000 "orthooklahoma3937/1x3": policy_label:unset;
000 "orthooklahoma3937/1x3": ike_life: 28800s; ipsec_life: 3600s;
replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "orthooklahoma3937/1x3": retransmit-interval: 500ms;
retransmit-timeout: 60s;
000 "orthooklahoma3937/1x3": initial-contact:no; cisco-unity:no;
fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "orthooklahoma3937/1x3": policy:
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "orthooklahoma3937/1x3": conn_prio: 32,32; interface: ens5; metric:
0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "orthooklahoma3937/1x3": nflog-group: unset; mark: unset;
vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "orthooklahoma3937/1x3": our idtype: ID_IPV4_ADDR; our
id=52.205.166.91; their idtype: ID_IPV4_ADDR; their id=12.131.93.13
000 "orthooklahoma3937/1x3": dpd: action:restart; delay:30; timeout:120;
nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "orthooklahoma3937/1x3": newest ISAKMP SA: #0; newest IPsec SA:
#3165167;
000 "orthooklahoma3937/1x3": aliases: orthooklahoma3937
000 "orthooklahoma3937/1x3": IKE algorithms:
AES_CBC_256-HMAC_SHA1-MODP1024
000 "orthooklahoma3937/1x3": ESP algorithms:
AES_CBC_256-HMAC_SHA1_96-MODP1024
000 "orthooklahoma3937/1x3": ESP algorithm newest:
AES_CBC_256-HMAC_SHA1_96; pfsgroup=MODP1024
000 "orthooklahoma3937/2x1": 10.253.0.1/32===172.20.109.76
<172.20.109.76>[52.205.166.91]...12.131.93.13<12.131.93.13>===
10.50.32.166/32; erouted; eroute owner: #3166787
000 "orthooklahoma3937/2x1": oriented; my_ip=172.20.109.76;
their_ip=12.131.93.13; my_updown=ipsec _updown;
000 "orthooklahoma3937/2x1": xauth us:none, xauth them:none,
my_username=[any]; their_username=[any]
000 "orthooklahoma3937/2x1": our auth:secret, their auth:secret
000 "orthooklahoma3937/2x1": modecfg info: us:none, them:none, modecfg
policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "orthooklahoma3937/2x1": labeled_ipsec:no;
000 "orthooklahoma3937/2x1": policy_label:unset;
000 "orthooklahoma3937/2x1": ike_life: 28800s; ipsec_life: 3600s;
replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "orthooklahoma3937/2x1": retransmit-interval: 500ms;
retransmit-timeout: 60s;
000 "orthooklahoma3937/2x1": initial-contact:no; cisco-unity:no;
fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "orthooklahoma3937/2x1": policy:
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "orthooklahoma3937/2x1": conn_prio: 32,32; interface: ens5; metric:
0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "orthooklahoma3937/2x1": nflog-group: unset; mark: unset;
vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "orthooklahoma3937/2x1": our idtype: ID_IPV4_ADDR; our
id=52.205.166.91; their idtype: ID_IPV4_ADDR; their id=12.131.93.13
000 "orthooklahoma3937/2x1": dpd: action:restart; delay:30; timeout:120;
nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "orthooklahoma3937/2x1": newest ISAKMP SA: #0; newest IPsec SA:
#3166787;
000 "orthooklahoma3937/2x1": aliases: orthooklahoma3937
000 "orthooklahoma3937/2x1": IKE algorithms:
AES_CBC_256-HMAC_SHA1-MODP1024
000 "orthooklahoma3937/2x1": ESP algorithms:
AES_CBC_256-HMAC_SHA1_96-MODP1024
000 "orthooklahoma3937/2x1": ESP algorithm newest:
AES_CBC_256-HMAC_SHA1_96; pfsgroup=MODP1024
000 "orthooklahoma3937/2x2": 10.253.0.1/32===172.20.109.76
<172.20.109.76>[52.205.166.91]...12.131.93.13<12.131.93.13>===
10.50.32.239/32; erouted; eroute owner: #3166964
000 "orthooklahoma3937/2x2": oriented; my_ip=172.20.109.76;
their_ip=12.131.93.13; my_updown=ipsec _updown;
000 "orthooklahoma3937/2x2": xauth us:none, xauth them:none,
my_username=[any]; their_username=[any]
000 "orthooklahoma3937/2x2": our auth:secret, their auth:secret
000 "orthooklahoma3937/2x2": modecfg info: us:none, them:none, modecfg
policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "orthooklahoma3937/2x2": labeled_ipsec:no;
000 "orthooklahoma3937/2x2": policy_label:unset;
000 "orthooklahoma3937/2x2": ike_life: 28800s; ipsec_life: 3600s;
replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "orthooklahoma3937/2x2": retransmit-interval: 500ms;
retransmit-timeout: 60s;
000 "orthooklahoma3937/2x2": initial-contact:no; cisco-unity:no;
fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "orthooklahoma3937/2x2": policy:
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "orthooklahoma3937/2x2": conn_prio: 32,32; interface: ens5; metric:
0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "orthooklahoma3937/2x2": nflog-group: unset; mark: unset;
vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "orthooklahoma3937/2x2": our idtype: ID_IPV4_ADDR; our
id=52.205.166.91; their idtype: ID_IPV4_ADDR; their id=12.131.93.13
000 "orthooklahoma3937/2x2": dpd: action:restart; delay:30; timeout:120;
nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "orthooklahoma3937/2x2": newest ISAKMP SA: #0; newest IPsec SA:
#3166964;
000 "orthooklahoma3937/2x2": aliases: orthooklahoma3937
000 "orthooklahoma3937/2x2": IKE algorithms:
AES_CBC_256-HMAC_SHA1-MODP1024
000 "orthooklahoma3937/2x2": ESP algorithms:
AES_CBC_256-HMAC_SHA1_96-MODP1024
000 "orthooklahoma3937/2x2": ESP algorithm newest:
AES_CBC_256-HMAC_SHA1_96; pfsgroup=MODP1024
000 "orthooklahoma3937/2x3": 10.253.0.1/32===172.20.109.76
<172.20.109.76>[52.205.166.91]...12.131.93.13<12.131.93.13>===10.50.36.4/32;
erouted; eroute owner: #3162955
000 "orthooklahoma3937/2x3": oriented; my_ip=172.20.109.76;
their_ip=12.131.93.13; my_updown=ipsec _updown;
000 "orthooklahoma3937/2x3": xauth us:none, xauth them:none,
my_username=[any]; their_username=[any]
000 "orthooklahoma3937/2x3": our auth:secret, their auth:secret
000 "orthooklahoma3937/2x3": modecfg info: us:none, them:none, modecfg
policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "orthooklahoma3937/2x3": labeled_ipsec:no;
000 "orthooklahoma3937/2x3": policy_label:unset;
000 "orthooklahoma3937/2x3": ike_life: 28800s; ipsec_life: 3600s;
replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "orthooklahoma3937/2x3": retransmit-interval: 500ms;
retransmit-timeout: 60s;
000 "orthooklahoma3937/2x3": initial-contact:no; cisco-unity:no;
fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "orthooklahoma3937/2x3": policy:
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "orthooklahoma3937/2x3": conn_prio: 32,32; interface: ens5; metric:
0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "orthooklahoma3937/2x3": nflog-group: unset; mark: unset;
vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "orthooklahoma3937/2x3": our idtype: ID_IPV4_ADDR; our
id=52.205.166.91; their idtype: ID_IPV4_ADDR; their id=12.131.93.13
000 "orthooklahoma3937/2x3": dpd: action:restart; delay:30; timeout:120;
nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "orthooklahoma3937/2x3": newest ISAKMP SA: #3166786; newest IPsec SA:
#3162955;
000 "orthooklahoma3937/2x3": aliases: orthooklahoma3937
000 "orthooklahoma3937/2x3": IKE algorithms:
AES_CBC_256-HMAC_SHA1-MODP1024
000 "orthooklahoma3937/2x3": IKE algorithm newest:
AES_CBC_256-HMAC_SHA1-MODP1024
000 "orthooklahoma3937/2x3": ESP algorithms:
AES_CBC_256-HMAC_SHA1_96-MODP1024
000 "orthooklahoma3937/2x3": ESP algorithm newest:
AES_CBC_256-HMAC_SHA1_96; pfsgroup=MODP1024
000 #3166924: "orthooklahoma3937/1x1":4500 STATE_QUICK_I2 (sent QI2, IPsec
SA established); EVENT_SA_REPLACE in 918s; newest IPSEC; eroute owner;
isakmp#3166786; idle; import:admin initiate
000 #3166924: "orthooklahoma3937/1x1" esp.815a3ae9 at 12.131.93.13
esp.618dd3ad at 172.20.109.76 ref=0 refhim=0 Traffic: ESPin=0B ESPout=0B!
ESPmax=4194303B
000 #3167825: "orthooklahoma3937/1x2":4500 STATE_QUICK_I2 (sent QI2, IPsec
SA established); EVENT_SA_REPLACE in 1148s; newest IPSEC; eroute owner;
isakmp#3166786; idle; import:admin initiate
000 #3167825: "orthooklahoma3937/1x2" esp.73c12328 at 12.131.93.13
esp.b76a1e64 at 172.20.109.76 ref=0 refhim=0 Traffic: ESPin=0B ESPout=0B!
ESPmax=4194303B
000 #3165167: "orthooklahoma3937/1x3":4500 STATE_QUICK_I2 (sent QI2, IPsec
SA established); EVENT_SA_REPLACE in 82s; newest IPSEC; eroute owner;
isakmp#3136241; idle; import:admin initiate
000 #3165167: "orthooklahoma3937/1x3" esp.33a967a1 at 12.131.93.13
esp.72596d49 at 172.20.109.76 ref=0 refhim=0 Traffic: ESPin=0B ESPout=0B!
ESPmax=4194303B
000 #3166787: "orthooklahoma3937/2x1":4500 STATE_QUICK_I2 (sent QI2, IPsec
SA established); EVENT_SA_REPLACE in 891s; newest IPSEC; eroute owner;
isakmp#3166786; idle; import:admin initiate
000 #3166787: "orthooklahoma3937/2x1" esp.970dcc23 at 12.131.93.13
esp.207c2a70 at 172.20.109.76 ref=0 refhim=0 Traffic: ESPin=0B ESPout=0B!
ESPmax=4194303B
000 #3166964: "orthooklahoma3937/2x2":4500 STATE_QUICK_I2 (sent QI2, IPsec
SA established); EVENT_SA_REPLACE in 602s; newest IPSEC; eroute owner;
isakmp#3166786; idle; import:admin initiate
000 #3166964: "orthooklahoma3937/2x2" esp.61180b3 at 12.131.93.13
esp.50ff9d05 at 172.20.109.76 ref=0 refhim=0 Traffic: ESPin=1KB ESPout=1KB!
ESPmax=4194303B
000 #3162278: "orthooklahoma3937/2x3":4500 STATE_QUICK_I2 (sent QI2, IPsec
SA established); EVENT_SA_EXPIRE in 437s; isakmp#3136241; idle;
import:admin initiate
000 #3162278: "orthooklahoma3937/2x3" esp.e4c24f90 at 12.131.93.13
esp.cadf8591 at 172.20.109.76 ref=0 refhim=0 Traffic: ESPin=0B ESPout=0B!
ESPmax=4194303B
000 #3162955: "orthooklahoma3937/2x3":4500 STATE_QUICK_R2 (IPsec SA
established); EVENT_SA_REPLACE in 399s; newest IPSEC; eroute owner;
isakmp#3136241; idle; import:admin initiate
000 #3162955: "orthooklahoma3937/2x3" esp.d783e492 at 12.131.93.13
esp.1d0a885d at 172.20.109.76 ref=0 refhim=0 Traffic: ESPin=42KB ESPout=0B!
ESPmax=4194303B
000 #3166786: "orthooklahoma3937/2x3":4500 STATE_MAIN_R3 (sent MR3, ISAKMP
SA established); EVENT_SA_REPLACE in 26486s; newest ISAKMP; nodpd; idle;
import:admin initiate
We have duplicate SAs for some reason -- you can see that for 2x3, not sure
if that matters. It's the 1x1 SA that's pertinent. We NAT the source and
target ips via PREROUTING and POSTROUTING rules, and I can see traffic
initiated by the customer hitting PREROUTING but never hitting POSTROUTING
and never leaving the box.
18:52:14.753803 IP 12.131.93.13.4500 > 172.20.109.76.4500: UDP-encap:
ESP(spi=0x57369ff6,seq=0x14254d), length 100
18:52:14.753803 IP 10.50.32.166 > 10.253.1.53: ICMP echo request, id 2, seq
16669, length 40
18:52:17.969079 IP 12.131.93.13.4500 > 172.20.109.76.4500: UDP-encap:
ESP(spi=0x57369ff6,seq=0x14254e), length 100
18:52:17.969079 IP 10.50.32.166.52406 > 10.253.1.53.10675: Flags [S], seq
3790895996, win 8192, options [mss 1406,nop,wscale 8,nop,nop,sackOK],
length 0
xfrm_stat shows XfrmInTmplMismatch incrementing in step with these dropped
packets.
Bouncing the connection restores bidirectional traffic for a while:
18:56:06.735691 IP 12.131.93.13.4500 > 172.20.109.76.4500: UDP-encap:
ESP(spi=0x029214bc,seq=0x8), length 100
18:56:06.735691 IP 10.50.32.166 > 10.253.1.53: ICMP echo request, id 2, seq
16721, length 40
18:56:06.735747 IP 10.153.32.166 > 172.20.75.204: ICMP echo request, id 2,
seq 16721, length 40
18:56:06.735958 IP 172.20.75.204 > 10.153.32.166: ICMP echo reply, id 2,
seq 16721, length 40
18:56:06.736002 IP 172.20.109.76.4500 > 12.131.93.13.4500: UDP-encap:
ESP(spi=0xd9b8a40f,seq=0x8), length 100
18:56:07.734062 IP 12.131.93.13.4500 > 172.20.109.76.4500: UDP-encap:
ESP(spi=0x029214bc,seq=0x9), length 100
18:56:07.734062 IP 10.50.32.166 > 10.253.1.53: ICMP echo request, id 2, seq
16722, length 40
18:56:07.734199 IP 10.153.32.166 > 172.20.75.204: ICMP echo request, id 2,
seq 16722, length 40
18:56:07.734454 IP 172.20.75.204 > 10.153.32.166: ICMP echo reply, id 2,
seq 16722, length 40
Eventually, the failure recurs.
Any insight? Is there more info I can provide?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20181102/b77d3777/attachment-0001.html>
More information about the Swan
mailing list