Project

General

Profile

Download (17.9 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/*
3
	status_ipsec.php
4
*/
5
/* ====================================================================
6
 *  Copyright (c)  2004-2015  Electric Sheep Fencing, LLC. All rights reserved.
7
 *  portions Copyright (c) 2008 Shrew Soft Inc <mgrooms@shrew.net>.
8
 *
9
 *  Parts of this code originally based on vpn_ipsec_sad.php from m0n0wall,
10
 *  Copyright (c) 2003-2004 Manuel Kasper (BSD 2 clause)
11
 *
12
 *  Redistribution and use in source and binary forms, with or without modification,
13
 *  are permitted provided that the following conditions are met:
14
 *
15
 *  1. Redistributions of source code must retain the above copyright notice,
16
 *      this list of conditions and the following disclaimer.
17
 *
18
 *  2. Redistributions in binary form must reproduce the above copyright
19
 *      notice, this list of conditions and the following disclaimer in
20
 *      the documentation and/or other materials provided with the
21
 *      distribution.
22
 *
23
 *  3. All advertising materials mentioning features or use of this software
24
 *      must display the following acknowledgment:
25
 *      "This product includes software developed by the pfSense Project
26
 *       for use in the pfSense software distribution. (http://www.pfsense.org/).
27
 *
28
 *  4. The names "pfSense" and "pfSense Project" must not be used to
29
 *       endorse or promote products derived from this software without
30
 *       prior written permission. For written permission, please contact
31
 *       coreteam@pfsense.org.
32
 *
33
 *  5. Products derived from this software may not be called "pfSense"
34
 *      nor may "pfSense" appear in their names without prior written
35
 *      permission of the Electric Sheep Fencing, LLC.
36
 *
37
 *  6. Redistributions of any form whatsoever must retain the following
38
 *      acknowledgment:
39
 *
40
 *  "This product includes software developed by the pfSense Project
41
 *  for use in the pfSense software distribution (http://www.pfsense.org/).
42
 *
43
 *  THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
44
 *  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
45
 *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
46
 *  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
47
 *  ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
48
 *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
49
 *  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
50
 *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
51
 *  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
52
 *  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
53
 *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
54
 *  OF THE POSSIBILITY OF SUCH DAMAGE.
55
 *
56
 *  ====================================================================
57
 *
58
 */
59

    
60
##|+PRIV
61
##|*IDENT=page-status-ipsec
62
##|*NAME=Status: IPsec
63
##|*DESCR=Allow access to the 'Status: IPsec' page.
64
##|*MATCH=status_ipsec.php*
65
##|-PRIV
66

    
67
require("guiconfig.inc");
68
require_once("ipsec.inc");
69

    
70
global $g;
71

    
72
if (!is_array($config['ipsec']['phase1'])) {
73
	$config['ipsec']['phase1'] = array();
74
}
75

    
76
// If this is just an AJAX call to update the table body, just generate the body and quit
77
if ($_REQUEST['ajax']) {
78
	print_ipsec_body();
79
	exit;
80
}
81

    
82
if ($_GET['act'] == 'connect') {
83
	if (ctype_digit($_GET['ikeid'])) {
84
		$ph1ent = ipsec_get_phase1($_GET['ikeid']);
85
		if (!empty($ph1ent)) {
86
			if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == 'ikev1' || isset($ph1ent['splitconn'])) {
87
				$ph2entries = ipsec_get_number_of_phase2($_GET['ikeid']);
88
				for ($i = 0; $i < $ph2entries; $i++) {
89
					$connid = escapeshellarg("con{$_GET['ikeid']}00{$i}");
90
					mwexec_bg("/usr/local/sbin/ipsec down {$connid}");
91
					mwexec_bg("/usr/local/sbin/ipsec up {$connid}");
92
				}
93
			} else {
94
				mwexec_bg("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']));
95
				mwexec_bg("/usr/local/sbin/ipsec up con" . escapeshellarg($_GET['ikeid']));
96
			}
97
		}
98
	}
99
} else if ($_GET['act'] == 'ikedisconnect') {
100
	if (ctype_digit($_GET['ikeid'])) {
101
		if (!empty($_GET['ikesaid']) && ctype_digit($_GET['ikesaid'])) {
102
			mwexec_bg("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']) . "[" . escapeshellarg($_GET['ikesaid']) . "]");
103
		} else {
104
			mwexec_bg("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']));
105
		}
106
	}
107
} else if ($_GET['act'] == 'childdisconnect') {
108
	if (ctype_digit($_GET['ikeid'])) {
109
		if (!empty($_GET['ikesaid']) && ctype_digit($_GET['ikesaid'])) {
110
			mwexec_bg("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']) . "{" . escapeshellarg($_GET['ikesaid']) . "}");
111
		}
112
	}
113
}
114

    
115
// Table body is composed here so that it can be more easily updated via AJAX
116
function print_ipsec_body() {
117
	global $config;
118

    
119
	$a_phase1 = &$config['ipsec']['phase1'];
120
	$status = ipsec_list_sa();
121
	$ipsecconnected = array();
122

    
123
	if (is_array($status)) {
124
		foreach ($status as $ikeid => $ikesa) {
125
			$con_id = substr($ikeid, 3);
126

    
127
			if ($ikesa['version'] == 1) {
128
				$ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00'));
129
				$ipsecconnected[$ph1idx] = $ph1idx;
130
			} else {
131
				$ipsecconnected[$con_id] = $ph1idx = $con_id;
132
			}
133

    
134
			print("<tr>\n");
135
			print("<td>\n");
136
			print(htmlspecialchars(ipsec_get_descr($ph1idx)));
137
			print("</td>\n");
138
			print("<td>\n");
139

    
140
			if (!empty($ikesa['local-id'])) {
141
				if ($ikesa['local-id'] == '%any') {
142
					print(gettext('Any identifier'));
143
				} else {
144
					print(htmlspecialchars($ikesa['local-id']));
145
				}
146
			} else {
147
				print(gettext("Unknown"));
148
			}
149

    
150
			print("</td>\n");
151
			print("<td>\n");
152

    
153
			if (!empty($ikesa['local-host'])) {
154
				print(htmlspecialchars($ikesa['local-host']));
155
			} else {
156
				print(gettext("Unknown"));
157
			}
158

    
159
			/*
160
			 * XXX: local-nat-t was defined by pfSense
161
			 * When strongswan team accepted the change, they changed it to
162
			 * nat-local. Keep both for a while and remove local-nat-t in
163
			 * the future
164
			 */
165
			if (isset($ikesa['local-nat-t']) || isset($ikesa['nat-local'])) {
166
				print("NAT-T");
167
			}
168

    
169
			print("</td>\n");
170
			print("<td>\n");
171

    
172
			$identity = "";
173
			if (!empty($ikesa['remote-id'])) {
174
				if ($ikesa['remote-id'] == '%any') {
175
					$identity = htmlspecialchars(gettext('Any identifier'));
176
				} else {
177
					$identity = htmlspecialchars($ikesa['remote-id']);
178
				}
179
			}
180

    
181
			if (!empty($ikesa['remote-xauth-id'])) {
182
				echo htmlspecialchars($ikesa['remote-xauth-id']);
183
				echo "<br/>{$identity}";
184
			} elseif (!empty($ikesa['remote-eap-id'])) {
185
				echo htmlspecialchars($ikesa['remote-eap-id']);
186
				echo "<br/>{$identity}";
187
			} else {
188
				if (empty($identity)) {
189
					print(gettext("Unknown"));
190
				} else {
191
					print($identity);
192
				}
193
			}
194

    
195
			print("</td>\n");
196
			print("<td>\n");
197

    
198
			if (!empty($ikesa['remote-host'])) {
199
				print(htmlspecialchars($ikesa['remote-host']));
200
			} else {
201
				print(gettext("Unknown"));
202
			}
203
			/*
204
			 * XXX: remote-nat-t was defined by pfSense
205
			 * When strongswan team accepted the change, they changed it to
206
			 * nat-remote. Keep both for a while and remove remote-nat-t in
207
			 * the future
208
			 */
209
			if (isset($ikesa['remote-nat-t']) || isset($ikesa['nat-remote'])) {
210
				print(" NAT-T");
211
			}
212

    
213
			print("</td>\n");
214
			print("<td>\n");
215
			print("IKEv" . htmlspecialchars($ikesa['version']));
216
			print("<br/>\n");
217

    
218
			if ($ikesa['initiator'] == 'yes') {
219
				print("initiator");
220
			} else {
221
				print("responder");
222
			}
223

    
224
			print("</td>\n");
225
			print("<td>\n");
226
			print(htmlspecialchars($ikesa['reauth-time']) . gettext(" seconds (") . convert_seconds_to_hms($ikesa['reauth-time']) . ")");
227
			print("</td>\n");
228
			print("<td>\n");
229
			print(htmlspecialchars($ikesa['encr-alg']));
230
			print("<br/>");
231
			print(htmlspecialchars($ikesa['integ-alg']));
232
			print("<br/>");
233
			print(htmlspecialchars($ikesa['prf-alg']));
234
			print("<br/>\n");
235
			print(htmlspecialchars($ikesa['dh-group']));
236
			print("</td>\n");
237
			print("<td>\n");
238

    
239
			if ($ikesa['state'] == 'ESTABLISHED') {
240
				print('<span class="text-success">');
241
			} else {
242
				print('<span>');
243
			}
244

    
245
			print(ucfirst(htmlspecialchars($ikesa['state'])));
246
			print("<br/>" . htmlspecialchars($ikesa['established']) . gettext(" seconds (" . convert_seconds_to_hms($ikesa['established']) . ") ago"));
247
			print("</span>");
248
			print("</td>\n");
249
			print("<td>\n");
250

    
251
			if ($ikesa['state'] != 'ESTABLISHED') {
252

    
253
			print('<a href="status_ipsec.php?act=connect&amp;ikeid=' . $con_id . '" class="btn btn-xs btn-success" data-toggle="tooltip" title="' . gettext("Connect VPN"). '" >');
254
			print('<i class="fa fa-sign-in icon-embed-btn"></i>');
255
			print(gettext("Connect VPN"));
256
			print("</a>\n");
257

    
258
			} else {
259

    
260
				print('<a href="status_ipsec.php?act=ikedisconnect&amp;ikeid=' . $con_id . '" class="btn btn-xs btn-danger" data-toggle="tooltip" title="' . gettext("Disconnect VPN") . '">');
261
				print('<i class="fa fa-trash icon-embed-btn"></i>');
262
				print(gettext("Disconnect"));
263
				print("</a><br />\n");
264

    
265
			}
266

    
267
			print("</td>\n");
268
			print("</tr>\n");
269
			print("<tr>\n");
270
			print("<td colspan = 10>\n");
271

    
272
			if (is_array($ikesa['child-sas']) && (count($ikesa['child-sas']) > 0)) {
273

    
274
				print('<div id="btnchildsa-' . $ikeid . '">');
275
				print('<a type="button" onclick="show_childsa(\'childsa-' . $ikeid . '\',\'btnchildsa-' . $ikeid. '\');" class="btn btn-sm btn-info">');
276
				print('<i class="fa fa-plus-circle icon-embed-btn"></i>');
277
				print(gettext('Show child SA entries'));
278
				print("</a>\n");
279
				print("	</div>\n");
280

    
281
				print('<table class="table table-hover table-condensed" id="childsa-' . $ikeid . '" style="display:none">');
282
				print("<thead>\n");
283
				print('<tr class="bg-info">');
284
				print('<th><?=gettext("Local subnets")?></th>');
285
				print('<th><?=gettext("Local SPI(s)")?></th>');
286
				print('<th><?=gettext("Remote subnets")?></th>');
287
				print('<th><?=gettext("Times")?></th>');
288
				print('<th><?=gettext("Algo")?></th>');
289
				print('<th><?=gettext("Stats")?></th>');
290
				print('<th><!-- Buttons --></th>');
291
				print("</tr\n");
292
				print("</thead>\n");
293
				print("<tbody>\n");
294

    
295
				foreach ($ikesa['child-sas'] as $childid => $childsa) {
296
					print("<tr>");
297
					print("<td>\n");
298

    
299
					if (is_array($childsa['local-ts'])) {
300
						foreach ($childsa['local-ts'] as $lnets) {
301
							print(htmlspecialchars(ipsec_fixup_network($lnets)) . "<br />");
302
						}
303
					} else {
304
						print(gettext("Unknown"));
305
					}
306

    
307
					print("</td>\n");
308
					print("<td>\n");
309

    
310
					if (isset($childsa['spi-in'])) {
311
						print(gettext("Local: ") . htmlspecialchars($childsa['spi-in']));
312
					}
313

    
314
					if (isset($childsa['spi-out'])) {
315
						print('<br/>' . gettext('Remote: ') . htmlspecialchars($childsa['spi-out']));
316
					}
317

    
318
					print("</td>\n");
319
					print("<td>\n");
320

    
321
					if (is_array($childsa['remote-ts'])) {
322
						foreach ($childsa['remote-ts'] as $rnets) {
323
							print(htmlspecialchars(ipsec_fixup_network($rnets)) . '<br />');
324
						}
325
					} else {
326
						print(gettext("Unknown"));
327
					}
328

    
329
					print("</td>\n");
330
					print("<td>\n");
331

    
332
					print(gettext("Rekey: ") . htmlspecialchars($childsa['rekey-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['rekey-time']) . ")");
333
					print('<br/>' . gettext('Life: ') . htmlspecialchars($childsa['life-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['life-time']) . ")");
334
					print('<br/>' . gettext('Install: ') .htmlspecialchars($childsa['install-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['install-time']) . ")");
335

    
336

    
337
					print("</td>\n");
338
					print("<td>\n");
339

    
340
					print(htmlspecialchars($childsa['encr-alg']) . '<br/>');
341
					print(htmlspecialchars($childsa['integ-alg']) . '<br/>');
342

    
343
					if (!empty($childsa['prf-alg'])) {
344
						print(htmlspecialchars($childsa['prf-alg']) . '<br/>');
345
					}
346

    
347
					if (!empty($childsa['dh-group'])) {
348
						print(htmlspecialchars($childsa['dh-group']) . '<br/>');
349
					}
350

    
351
					if (!empty($childsa['esn'])) {
352
						print(htmlspecialchars($childsa['esn']) . '<br/>');
353
					}
354

    
355
					print(gettext("IPComp: "));
356
					if (!empty($childsa['cpi-in']) || !empty($childsa['cpi-out'])) {
357
						print(htmlspecialchars($childsa['cpi-in']) . " " . htmlspecialchars($childsa['cpi-out']));
358
					} else {
359
						print(gettext('none'));
360
					}
361

    
362
					print("</td>\n");
363
					print("<td>\n");
364

    
365
					print(gettext("Bytes-In: ") . htmlspecialchars(number_format($childsa['bytes-in'])) . ' (' . htmlspecialchars(format_bytes($childsa['bytes-in'])) . ')<br/>');
366
					print(gettext("Packets-In: ") . htmlspecialchars(number_format($childsa['packets-in'])) . '<br/>');
367
					print(gettext("Bytes-Out: ") . htmlspecialchars(number_format($childsa['bytes-out'])) . ' (' . htmlspecialchars(format_bytes($childsa['bytes-out'])) . ')<br/>');
368
					print(gettext("Packets-Out: ") . htmlspecialchars(number_format($childsa['packets-out'])) . '<br/>');
369

    
370
					print("</td>\n");
371
					print("<td>\n");
372
					print('<a href="status_ipsec.php?act=childdisconnect&amp;ikeid=' . $con_id . '&amp;ikesaid=' . $childsa['uniqueid'] . '" class="btn btn-xs btn-warning" data-toggle="tooltip" title="' . gettext('Disconnect Child SA') . '">');
373
					print('<i class="fa fa-trash icon-embed-btn"></i>');
374
					print(gettext("Disconnect"));
375
					print("</a>\n");
376
					print("</td>\n");
377
					print("</tr>\n");
378

    
379
				}
380

    
381
				print("</tbody>\n");
382
				print("	</table>\n");
383
				print("</td>\n");
384
				print("</tr>\n");
385

    
386
			}
387

    
388
			unset($con_id);
389
		}
390

    
391
	}
392

    
393
	$rgmap = array();
394
	if (is_array($a_phase1)) {
395
		foreach ($a_phase1 as $ph1ent) {
396
			if (isset($ph1ent['disabled'])) {
397
				continue;
398
			}
399

    
400
			$rgmap[$ph1ent['remote-gateway']] = $ph1ent['remote-gateway'];
401

    
402
			if ($ipsecconnected[$ph1ent['ikeid']]) {
403
				continue;
404
			}
405

    
406
			print("<tr>\n");
407
			print("<td>\n");
408

    
409
			print(htmlspecialchars($ph1ent['descr']));
410
			print("</td>\n");
411
			print("<td>\n");
412
			list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local");
413

    
414
			if (empty($myid_data)) {
415
				print(gettext("Unknown"));
416
			} else {
417
				print(htmlspecialchars($myid_data));
418
			}
419

    
420
			print("</td>\n");
421
			print("<td>\n");
422
			$ph1src = ipsec_get_phase1_src($ph1ent);
423

    
424
			if (empty($ph1src)) {
425
				print(gettext("Unknown"));
426
			} else {
427
				print(htmlspecialchars($ph1src));
428
			}
429

    
430
			print("</td>\n");
431
			print("<td>\n");
432

    
433
			list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap);
434

    
435
			if (empty($peerid_data)) {
436
				print(gettext("Unknown"));
437
			} else {
438
				print(htmlspecialchars($peerid_data));
439
			}
440
			print("			</td>\n");
441
			print("			<td>\n");
442
			$ph1src = ipsec_get_phase1_dst($ph1ent);
443

    
444
			if (empty($ph1src)) {
445
				print(gettext("Unknown"));
446
			} else {
447
				print(htmlspecialchars($ph1src));
448
			}
449

    
450
			print("</td>\n");
451
			print("<td>\n");
452
			print("</td>\n");
453
			print("<td>\n");
454
			print("</td>\n");
455
			print("<td>\n");
456
			print("</td>\n");
457

    
458
			if (isset($ph1ent['mobile'])) {
459

    
460
				print("<td>\n");
461
				print(gettext("Awaiting connections"));
462
				print("</td>\n");
463
				print("<td>\n");
464
				print("</td>\n");
465
				print("</td>\n");
466
			} else {
467

    
468
				print("<td>\n");
469
				print(gettext("Disconnected"));
470
				print("</td>\n");
471
				print("<td>\n");
472
				print('<a href="status_ipsec.php?act=connect&amp;ikeid=' . $ph1ent['ikeid'] . '" class="btn btn-xs btn-success">');
473
				print('<i class="fa fa-sign-in icon-embed-btn"></i>');
474
				print(gettext("Connect VPN"));
475
				print("</a>\n");
476
				print("</td>\n");
477

    
478
			}
479
			print("</tr>\n");
480
		}
481
	}
482

    
483
	unset($ipsecconnected, $phase1, $rgmap);
484
}
485

    
486
$pgtitle = array(gettext("Status"), gettext("IPsec"), gettext("Overview"));
487
$shortcut_section = "ipsec";
488

    
489
include("head.inc");
490

    
491
$tab_array = array();
492
$tab_array[] = array(gettext("Overview"), true, "status_ipsec.php");
493
$tab_array[] = array(gettext("Leases"), false, "status_ipsec_leases.php");
494
$tab_array[] = array(gettext("SADs"), false, "status_ipsec_sad.php");
495
$tab_array[] = array(gettext("SPDs"), false, "status_ipsec_spd.php");
496
display_top_tabs($tab_array);
497
?>
498

    
499
<div class="panel panel-default">
500
	<div class="panel-heading"><h2 class="panel-title"><?=gettext("IPsec Status");?></h2></div>
501
	<div class="panel-body table-responsive">
502
		<table class="table table-striped table-condensed table-hover sortable-theme-bootstrap" data-sortable>
503
			<thead>
504
				<tr>
505
					<th><?=gettext("Description")?></th>
506
					<th><?=gettext("Local ID")?></th>
507
					<th><?=gettext("Local IP")?></th>
508
					<th><?=gettext("Remote ID")?></th>
509
					<th><?=gettext("Remote IP")?></th>
510
					<th><?=gettext("Role")?></th>
511
					<th><?=gettext("Reauth")?></th>
512
					<th><?=gettext("Algo")?></th>
513
					<th><?=gettext("Status")?></th>
514
					<th></th>
515
				</tr>
516
			</thead>
517
			<tbody id="ipsec-body">
518
				<tr>
519
					<td colspan="9">
520
						<?=print_info_box(gettext("Collecting IPSec status information"), warning, "")?>
521
					</td>
522
				</tr>
523
			</tbody>
524
		</table>
525
	</div>
526
</div>
527

    
528
<?php
529
unset($status);
530

    
531
if (ipsec_enabled()) {
532
	print('<div class="infoblock">');
533
} else {
534
	print('<div class="infoblock blockopen">');
535
}
536

    
537
print_info_box(sprintf(gettext('IPsec can be configured %1$shere%2$s.'), '<a href="vpn_ipsec.php">', '</a>'), 'info', false);
538
?>
539
</div>
540

    
541
<script type="text/javascript">
542
//<![CDATA[
543

    
544
// Array in which to keep the SA show/hide state
545
sa_open = new Array();
546

    
547
function show_childsa(id, buttonid) {
548
	$('#' + id).show();
549
	$('#' + buttonid).hide();
550

    
551
	// Record the ID of the SA we have revealed so that it can automatically be shown on AJAX reload
552
	idnum = id.replace( /^\D+/g, '');
553
	sa_open[idnum] = true;
554
}
555

    
556
events.push(function() {
557
	ajax_lock = false;	// Mutex so we don't make a call until the previous call is finished
558
	sa_open = [];
559

    
560
	// Fetch the tbody contents from the server
561
	function update_table() {
562
		if (ajax_lock) {
563
			return;
564
		}
565

    
566
		ajax_lock = true;
567

    
568
		ajaxRequest = $.ajax(
569
			{
570
				url: "/status_ipsec.php",
571
				type: "post",
572
				data: {
573
					ajax: 	"ajax"
574
				}
575
			}
576
		);
577

    
578
		// Deal with the results of the above ajax call
579
		ajaxRequest.done(function (response, textStatus, jqXHR) {
580
			$('#ipsec-body').html(response);
581
			ajax_lock = false;
582

    
583
			// Check the sa_open array for SAs we have chosen to show
584
			$('[id^=childsa-con]').each(function(idx) {
585
				sa_idx = idx + 1;
586

    
587
				if (sa_open[sa_idx]) {
588
					show_childsa("childsa-con" + sa_idx, "btnchildsa-con" + sa_idx);
589
				}
590
			});
591

    
592
			// and do it again
593
			setTimeout(update_table, 5000);
594
		});
595
	}
596

    
597
	// Populate the tbody on page load
598
	update_table();
599
});
600
//]]>
601
</script>
602

    
603
<?php
604
include("foot.inc"); ?>
(165-165/225)