I'm testing chilli in a backpackers hostel here in Auckland, getting around 100 logins every day. Occasionally though we get duplicate session id's appear in the mysql radacct table, this seems to happen at-least once every 2 - 3 days. Does anyone know the chilli source file used to generate the session id?

Using the most recent github version(yesterday), compiled --with-nfcoova, and running with:

redir
kname=on

But the log file is filled with full of lines:
Oct 9 20:40:24 vyos coova-chilli[3799]: Having to re-launch chilli_redir... PID 16674 exited
Oct 9 20:40:24 vyos coova-chilli[3799]: Having to re-launch chilli_redir... PID 16676 exited
Oct 9 20:40:24 vyos coova-chilli[3799]: Having to re-launch chilli_redir... PID 16677 exited
Oct 9 20:40:24 vyos coova-chilli[3799]: Having to re-launch chilli_redir... PID 16678 exited
Oct 9 20:40:24 vyos coova-chilli[3799]: Having to re-launch chilli_redir... PID 16679 exited
Oct 9 20:40:25 vyos coova-chilli[3799]: Having to re-launch chilli_redir... PID 16680 exited
Oct 9 20:40:25 vyos coova-chilli[3799]: Having to re-launch chilli_redir... PID 16681 exited
Oct 9 20:40:25 vyos coova-chilli[3799]: Having to re-launch chilli_redir... PID 16682 exited
Oct 9 20:40:25 vyos coova-chilli[3799]: Having to re-launch chilli_redir... PID 16683 exited

Can somebody give me a hint on this?

I've made some modifications to the JS library and scripts around it to
accommodate PAP passwords and for better https support.

Scripts now check the $HS_UAMUISSL variable and if it's set to on defines chilliwww as "https:\/\/$HS_UAMALIASNAME.$HS_DNS_DOMAIN:$HS_UAMUIPORT" instead of chilliwww="http:\/\/$HS_UAMLISTEN:$HS_UAMPORT" so that a valid certificate could be used. This assumes that this name (like hotspot.example.com) is set to the $HS_UAMLISTEN address (10.1.0.1) and there's a certificate generated for this name. This is proved to work with startssl free certificates..

I have also made changes to chilli.js to work with https, in fact that's only about src url:

script.src = (location.protocol == 'http:' ? ('http://'+queryObj['uamip']+':'+queryObj['uamport']+'/') : decodeURIComponent(queryObj['ssl']) ) + 'www/chillijs.chi';

I was very surprised to see unencrypted traffic by default and would really like to push these changes to the code and to add some configuration examples as well. Can I just put it all in a single pull request?

I'm especially not sure about the PAP support, shall I make a variable for it? Here's the diff if it makes any sense:

diff -r -U 0 www.orig/ChilliLibrary.js www/ChilliLibrary.js
--- www.orig/ChilliLibrary.js   2014-11-25 15:33:21.000000000 +0300
+++ www/ChilliLibrary.js    2014-11-25 17:43:19.000000000 +0300
@@ -333 +333 @@
-       var logonUrl = chilliController.urlRoot() + 'logon?username=' + escape(username) + '&response='  + resp.response;
+       var logonUrl = chilliController.urlRoot() + 'logon?username=' + escape(username) + '&password='  + resp.response;
diff -r -U 0 www.orig/chilliController.js www/chilliController.js
--- www.orig/chilliController.js    2014-11-25 15:33:21.000000000 +0300
+++ www/chilliController.js 2014-11-25 18:07:58.000000000 +0300
@@ -278 +278 @@
-       script.src = 'http://'+chilliController.host+':'+chilliController.port+'/www/chilliform.chi';
+       script.src = (( chilliController.ssl ) ? "https" : "http") + '://'+chilliController.host+':'+chilliController.port+'/www/chilliform.chi';
diff -r -U 0 www.orig/chilliform.chi.sh www/chilliform.chi.sh
--- www.orig/chilliform.chi.sh  2014-11-25 15:33:21.000000000 +0300
+++ www/chilliform.chi.sh   2014-11-25 18:00:39.000000000 +0300
@@ -13 +13,6 @@
-chilliwww="http:\/\/$HS_UAMLISTEN:$HS_UAMPORT"
+if [ "$HS_UAMUISSL" = "on" ] 
+    then
+    chilliwww="https:\/\/$HS_UAMALIASNAME.$HS_DNS_DOMAIN:$HS_UAMUIPORT"
+else
+    chilliwww="http:\/\/$HS_UAMLISTEN:$HS_UAMPORT"
+fi
diff -r -U 0 www.orig/chillijs.chi.sh www/chillijs.chi.sh
--- www.orig/chillijs.chi.sh    2014-11-25 15:33:21.000000000 +0300
+++ www/chillijs.chi.sh 2014-11-25 17:58:35.000000000 +0300
@@ -15,2 +15,11 @@
-echo "chilliController.host = '$HS_UAMLISTEN';"
-echo "chilliController.port = $HS_UAMPORT;"
+if [ "$HS_UAMUISSL" = "on" ] 
+    then
+    echo "chilliController.ssl = true;"
+    echo "chilliController.host = '$HS_UAMALIASNAME.$HS_DNS_DOMAIN';"
+    echo "chilliController.port = $HS_UAMUIPORT;"
+
+else
+    echo "chilliController.host = '$HS_UAMLISTEN';"
+    echo "chilliController.port = $HS_UAMPORT;"
+fi
+

PS: I've also made some scripts for openwrt installation including heartbeat support based on nas ID, init scripts and importing values from the UCI-based config but I've no idea what's the best way to share this.

Hi,
When i use kmod in conjunction with UAM auh i get connection reset on "/logon"
In wire shark TCP RST package come immediately after /logon request

Please find attached my print screens with normal mode

and kmod enable

While i was trying to use Radius Vendor specific Attributes, the attribute names are all prefixed with "chillispot" rather than coovachilli.

Is it good to change them to be consistent with the project name ?

I have the following error in file src/dhcp.c at line 286:

dhcp.c:286:1: error: 'dhcp_get_appconn_addr' defined but not used [-Werror=unused-function]
 dhcp_get_appconn_addr(struct dhcp_conn_t *conn, struct in_addr *dst) {
 ^

This error occures when I try to compile with option --disable-uamanyip.

I think it is because the function dhcp_get_appconn_addr defined at line 286 is only called at line 3632, but this instruction is within #ifdef ENABLE_UAMANYIP condition.

Hi guys, I'm trying to figure out a rather annoying issue with regards to how CoovaChili handles Layer2 ARP/DHCP-requests when using default operational mode (Layer2 ARP/DHCP capture), and allowing an external DHCP to manage the IP-pool and client gateways/routers.

Planned usage/functionality

• Allow WAN-side DHCP-server to handle which IP-pool a LAN-based client belongs to (returning DHCP OFFER / DHCP ACK) based on the the dhcp-helper giaddress, returning DHCP-packets to the device pre-auth through the LAN-device (eth1/tun0) (this does work in Layer3-mode with a dhcp-helper installed).
• Keep track of MAC/IP/User bindings through L2 matching, so that we can automate most of the user-handling based on allocated MAC/IP/USERNAME and chilli_query.

Using Layer2 would allow us to avoid some of the pitfalls of cross-MAC IP-hopping, mimicing the functionaliy we have in our old Nocat-solution per today (MAC/IP ARP-checks are done there).
(Not that THAT method is secure, but it allows keeping track of MAC-IP-USER relations).

Issue:

• An end-user device located on the LAN-side of our network (routed in to the TUN/TAP-enabled interface eth2/tun0) sends a DHCP DISCOVER packet going out from LAN-side (via eth2) to WAN (eth1)
• DHCP-server recieves the request, with the helper sourceaddress set as the giaddr (from eth2/tun0) - eg. the helper address being the same address used for UAMLISTEN.
• DHCP-server replies, reaches the WAN-side, but stops dead there.

We thus get a deadlock when attempting to return the DHCP OFFER over eth2/tun0.

Additional info
A pure layer3-mode allows an installed dhcp-helper (located on the system itself) to achieve the wanted result, eg. ship out the GIADDR as the helpers address, but we're then losing control of the MAC/IP/USER definitions in CoovaChilli.

The same issue was quite well described on a post on LinkedIn in 2013 (linking the post here - (we're however using public IPs instead of private IPs).
https://www.linkedin.com/grp/post/158903-248465262

The dhcp-helper mentioned that we're currently using is Simon Kelley's work located here:
http://www.thekelleys.org.uk/dhcp-helper/
Might be something there that could be of assistance with regards to interface bindings and rules?

Network sketch
A sketch of the network as we wish to implement it:
[clients on different subnets] ---> [router] --(linknetLAN)--> chilli --> --(linknetWAN)--> DHCP
(and outbound to INET through WAN ofcourse)

I reviewed many other NAS , eg. mikrotik, m0n0 linux ,they can defined the mac format as:
00:11:22:33:44:55
00-11-22-33-44-55
0011.2233.4455
upper-case hex
lower-case hex

Is there any way coovachilli do this ?

Upload bandwidth limit is not working from 1.2.9 version up.
In 1.2.8 and previous versions it worked properly, but since 1.2.9 is not working any more.
In 1.3.0 (latest SVN as well) this problem still exists.

Detailed info here:
http://www.linkedin.com/groups/wisprbandwidthmaxup-limit-not-working-in-158903.S.267802350

Hi,

compiling Coova Chilli on OpenWrt commit b7384ce produces the following errors:

_uClibc-0.9.33.2/coova-chilli-1.3.1.3/bstring/.libs/libbstring.so ../bstring/.libs/libbstring.so -lrt
./.libs/libchilli.so: undefined reference to json_object_to_json_string' ./.libs/libchilli.so: undefined reference tojson_object_new_string'
./.libs/libchilli.so: undefined reference to `json_object_put'
collect2: error: ld returned 1 exit status

commit b7bd125 is fine, no errors.

Thanks in advance

Edy

If the dhcpif NIC has no cable plugged-in, coova-chilli removes it's ip address when started, with the message: "removing ip address from ethX".

It could mess up system routes and cause some issues with other services using that ip address. Also when you stop coova-chilli, one can never know if the previous ip address will be there or not, because it depends if the cable was plugged-in at the time coova-chilli was started!

Is there any reason for this very specific behavior? If not, would it be fine to remove it or make it consistent (either never remove ip, or always remove ip whether cable is plugged-in or not)?

I located the issue on function "net_open" of src/net.c.

The variable 'class' is not used if the debug flag is not activated.
dns.c:149:12

When I try to compile coova-chilli in r46409 I get following error.

libtool: compile: mips-openwrt-linux-musl-gcc -DHAVE_CONFIG_H -I. -I.. -I/trunk/openwrt/staging_dir/target-mips_34kc_musl-1.1.10/usr/include -I/trunk/openwrt/staging_dir/target-mips_34kc_musl-1.1.10/include -I/trunk/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_musl-1.1.10/usr/include -I/trunk/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_musl-1.1.10/include/fortify -I/trunk/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_musl-1.1.10/include -D_GNU_SOURCE -Wall -Werror -fno-builtin -fno-strict-aliasing -O2 -fomit-frame-pointer -funroll-loops -pipe -I../bstring -DDEFCHILLICONF="/etc/chilli.conf" -DDEFPIDFILE="/var/run/chilli.pid" -DDEFSTATEDIR="/var/run" -DSBINDIR="/usr/sbin" -Os -pipe -mno-branch-likely -mips32r2 -mtune=34kc -fno-caller-saves -fhonour-copts -Wno-error=unused-but-set-variable -msoft-float -mips16 -minterlink-mips16 -fstack-protector -Wl,-z,now -Wl,-z,relro -fpic -MT chilli.lo -MD -MP -MF .deps/chilli.Tpo -c chilli.c -fPIC -DPIC -o .libs/chilli.o
In file included from system.h:139:0,
from chilli.h:24,
from chilli.c:21:
/trunk/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_musl-1.1.10/include/sys/sysinfo.h:10:8: error: redefinition of 'struct sysinfo'
struct sysinfo {
^
In file included from system.h:83:0,
from chilli.h:24,
from chilli.c:21:
/trunk/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_musl-1.1.10/include/linux/sysinfo.h:7:8: note: originally defined here
struct sysinfo {
^
In file included from /trunk/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_musl-1.1.10/include/net/ethernet.h:10:0,
from system.h:174,
from chilli.h:24,
from chilli.c:21:
/trunk/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_musl-1.1.10/include/netinet/if_ether.h:96:8: error: redefinition of 'struct ethhdr'
struct ethhdr {
^
In file included from system.h:130:0,
from chilli.h:24,
from chilli.c:21:
/trunk/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_musl-1.1.10/include/linux/if_ether.h:139:8: note: originally defined here
struct ethhdr {
^
In file included from tun.h:26:0,
from chilli.h:26,
from chilli.c:21:
net.h:171:18: error: 'MAX_SELECT' undeclared here (not in a function)
select_fd desc[MAX_SELECT];
^
In file included from radius.h:178:0,
from chilli.h:28,
from chilli.c:21:
radius_pkt.h:28:25: error: 'RADIUS_AUTHLEN' undeclared here (not in a function)
uint8_t authenticator[RADIUS_AUTHLEN];
^
radius_pkt.h:29:19: error: 'RADIUS_PACKSIZE' undeclared here (not in a function)
uint8_t payload[RADIUS_PACKSIZE-RADIUS_HDRSIZE];
^
radius_pkt.h:29:35: error: 'RADIUS_HDRSIZE' undeclared here (not in a function)
uint8_t payload[RADIUS_PACKSIZE-RADIUS_HDRSIZE];
^
radius_pkt.h:39:16: error: 'RADIUS_ATTR_VLEN' undeclared here (not in a function)
uint8_t t[RADIUS_ATTR_VLEN-4];
^
In file included from chilli.h:28:0,
from chilli.c:21:
radius.h:204:15: error: 'RADIUS_SECRETSIZE' undeclared here (not in a function)
char secret[RADIUS_SECRETSIZE];
^
In file included from redir.h:25:0,
from chilli.h:29,
from chilli.c:21:
session.h:28:15: error: 'REDIR_USERURLSIZE' undeclared here (not in a function)
uint8_t url[REDIR_USERURLSIZE];
^
session.h:75:17: error: 'REDIR_USERNAMESIZE' undeclared here (not in a function)
char username[REDIR_USERNAMESIZE];
^
session.h:78:19: error: 'REDIR_MD5LEN' undeclared here (not in a function)
uint8_t uamchal[REDIR_MD5LEN];
^
session.h:121:18: error: 'REDIR_SESSIONID_LEN' undeclared here (not in a function)
char sessionid[REDIR_SESSIONID_LEN];
^
In file included from redir.h:26:0,
from chilli.h:29,
from chilli.c:21:
dhcp.h:198:31: error: 'MAX_RAWIF' undeclared here (not in a function)
struct _net_interface rawif[MAX_RAWIF];
^
dhcp.h:256:30: error: 'MAX_PASS_THROUGHS' undeclared here (not in a function)
pass_through pass_throughs[MAX_PASS_THROUGHS];
^
In file included from chilli.h:29:0,
from chilli.c:21:
redir.h:97:16: error: 'MAX_EAP_LEN' undeclared here (not in a function)
uint8_t data[MAX_EAP_LEN];
^
redir.h:102:20: error: 'RADIUS_CHAPSIZE' undeclared here (not in a function)
uint8_t password[RADIUS_CHAPSIZE];
^
redir.h:107:20: error: 'RADIUS_PWSIZE' undeclared here (not in a function)
uint8_t password[RADIUS_PWSIZE];
^
redir.h:125:19: error: 'REDIR_COOKIESIZE' undeclared here (not in a function)
char httpcookie[REDIR_COOKIESIZE]; /* Browser Cookies /
^
redir.h:126:13: error: 'REDIR_LANGSIZE' undeclared here (not in a function)
char lang[REDIR_LANGSIZE]; / Query string parameter for language /
^
In file included from chilli.h:33:0,
from chilli.c:21:
options.h:42:13: error: 'OPT_IPADDRLEN' undeclared here (not in a function)
char netc[OPT_IPADDRLEN];
^
options.h:323:20: error: 'MAX_UAM_DOMAINS' undeclared here (not in a function)
char uamdomains[MAX_UAM_DOMAINS];
^
options.h:327:17: error: 'MACOK_MAX' undeclared here (not in a function)
uint8_t macok[MACOK_MAX][PKT_ETH_ALEN]; /* Allowed MACs /
^
In file included from chilli.c:21:0:
chilli.h:114:20: error: 'RADIUS_MPPEKEYSSIZE' undeclared here (not in a function)
uint8_t lmntkeys[RADIUS_MPPEKEYSSIZE];
^
chilli.h:120:19: error: 'MS2SUCCSIZE' undeclared here (not in a function)
uint8_t ms2succ[MS2SUCCSIZE];
^
chilli.c: In function 'leaky_bucket_init':
chilli.c:602:43: error: 'BUCKET_TIME' undeclared (first use in this function)
conn->s_params.bandwidthmaxup / 8 * BUCKET_TIME;
^
chilli.c:602:43: note: each undeclared identifier is reported only once for each function it appears in
chilli.c:604:38: error: 'BUCKET_SIZE_MIN' undeclared (first use in this function)
if (conn->s_state.bucketupsize < BUCKET_SIZE_MIN)
^
chilli.c: In function 'checkconn':
chilli.c:1192:19: error: 'CHECK_INTERVAL' undeclared (first use in this function)
if (checkdiff < CHECK_INTERVAL)
^
chilli.c: In function 'chilli_req_attrs':
chilli.c:1287:12: error: 'MACSTRLEN' undeclared (first use in this function)
char mac[MACSTRLEN+1];
^
chilli.c:1287:8: error: unused variable 'mac' [-Werror=unused-variable]
char mac[MACSTRLEN+1];
^
chilli.c: In function 'chilli_auth_radius':
chilli.c:1526:19: error: 'RADIUS_MD5LEN' undeclared (first use in this function)
0, 0, 0, NULL, RADIUS_MD5LEN);
^
chilli.c: In function 'auth_radius':
chilli.c:1536:12: error: 'MACSTRLEN' undeclared (first use in this function)
char mac[MACSTRLEN+1];
^
chilli.c:1556:56: error: 'USERNAMESIZE' undeclared (first use in this function)
safe_strncpy(appconn->s_state.redir.username, mac, USERNAMESIZE);
^
chilli.c:1621:19: error: 'RADIUS_MD5LEN' undeclared (first use in this function)
0, 0, 0, NULL, RADIUS_MD5LEN);
^
chilli.c:1536:8: error: unused variable 'mac' [-Werror=unused-variable]
char mac[MACSTRLEN+1];
^
chilli.c: In function 'radius_access_challenge':
chilli.c:1689:19: error: 'RADIUS_MD5LEN' undeclared (first use in this function)
0, 0, 0, NULL, RADIUS_MD5LEN);
^
chilli.c: In function 'radius_access_accept':
chilli.c:1751:19: error: 'RADIUS_MD5LEN' undeclared (first use in this function)
0, 0, 0, NULL, RADIUS_MD5LEN);
^
chilli.c:1702:11: error: unused variable 'mppekey' [-Werror=unused-variable]
uint8_t mppekey[RADIUS_ATTR_VLEN];
^
chilli.c: In function 'dnprot_reject':
chilli.c:2123:58: error: 'USERNAMESIZE' undeclared (first use in this function)
safe_strncpy(appconn->s_state.redir.username, "-", USERNAMESIZE);
^
In file included from tun.h:25:0,
from chilli.h:26,
from chilli.c:21:
chilli.c: In function 'cb_tun_ind':
pkt.h:79:20: error: 'PKT_MAX_LEN' undeclared (first use in this function)

define PKT_BUFFER PKT_MAX_LEN

^
chilli.c:2522:17: note: in expansion of macro 'PKT_BUFFER'
uint8_t packet[PKT_BUFFER];
^
chilli.c:2522:10: error: unused variable 'packet' [-Werror=unused-variable]
uint8_t packet[PKT_BUFFER];
^
chilli.c: In function 'accounting_request':
chilli.c:3159:8: error: unused variable 'macstr' [-Werror=unused-variable]
char macstr[RADIUS_ATTR_VLEN];
^
chilli.c: In function 'access_request':
chilli.c:3612:22: error: 'USERNAMESIZE' undeclared (first use in this function)
if (uidattr->l-2 < USERNAMESIZE) {
^
chilli.c:3677:19: error: 'RADIUS_MD5LEN' undeclared (first use in this function)
0, 0, 0, NULL, RADIUS_MD5LEN);
^
chilli.c:3381:11: error: unused variable 'resp' [-Werror=unused-variable]
uint8_t resp[MAX_EAP_LEN]; / EAP response /
^
chilli.c:3373:8: error: unused variable 'macstr' [-Werror=unused-variable]
char macstr[RADIUS_ATTR_VLEN];
^
chilli.c:3370:8: error: unused variable 'pwd' [-Werror=unused-variable]
char pwd[RADIUS_ATTR_VLEN];
^
chilli.c: In function 'config_radius_session':
chilli.c:4160:10: error: unused variable 'attrs' [-Werror=unused-variable]
char attrs[RADIUS_ATTR_VLEN + 1];
^
chilli.c: In function 'cb_dhcp_request':
chilli.c:4956:13: error: 'MACSTRLEN' undeclared (first use in this function)
char mac[MACSTRLEN+1];
^
chilli.c:4960:55: error: 'USERNAMESIZE' undeclared (first use in this function)
safe_strncpy(appconn->s_state.redir.username, mac, USERNAMESIZE);
^
chilli.c:4956:9: error: unused variable 'mac' [-Werror=unused-variable]
char mac[MACSTRLEN+1];
^
chilli.c: In function 'chilli_cmd':
chilli.c:6831:17: error: 'USERNAMESIZE' undeclared (first use in this function)
uname, USERNAMESIZE);
^
cc1: all warnings being treated as errors
make[7]: ** [chilli.lo] Error 1
make[7]: Leaving directory /trunk/openwrt/build_dir/target-mips_34kc_musl-1.1.10/coova-chilli-1.3.0+20141128/src' make[6]: *** [all-recursive] Error 1 make[6]: Leaving directory/trunk/openwrt/build_dir/target-mips_34kc_musl-1.1.10/coova-chilli-1.3.0+20141128/src'
make[5]: *** [all-recursive] Error 1
make[5]: Leaving directory /trunk/openwrt/build_dir/target-mips_34kc_musl-1.1.10/coova-chilli-1.3.0+20141128' make[4]: *** [all] Error 2 make[4]: Leaving directory/trunk/openwrt/build_dir/target-mips_34kc_musl-1.1.10/coova-chilli-1.3.0+20141128'
make[3]: *** [/trunk/openwrt/build_dir/target-mips_34kc_musl-1.1.10/coova-chilli-1.3.0+20141128/.built] Error 2
make[3]: Leaving directory /trunk/openwrt/feeds/packages/net/coova-chilli' make[2]: *** [package/feeds/packages/coova-chilli/compile] Error 2 make[2]: Leaving directory/trunk/openwrt'
make[1]: *** [/trunk/openwrt/staging_dir/target-mips_34kc_musl-1.1.10/stamp/.package_compile] Error 2
make[1]: Leaving directory `/trunk/openwrt'
make: *** [world] Error 2

dpkg-buildpackage of coova-chilli_1.3.0.tar.gz
fails complaining main-opt.c:781:29: error: ‘ptr’ may be used uninitialized in this function
[-Werror=maybe-uninitialized]

The command fails in jessie, not in wheezy.
Solved by changing line 781 from
char *tok, *str, *ptr;
to:
char *tok, *str, *ptr = NULL;

If I start the chilli process without stdin/stdout/stderr (which are closed by the calling program before), the chilli daemon does not function correctly.
The first error you will see is "Failed to create redir listen", but it seems to be a global problem, that a (valid) socket with fd 0 is not supported.
(Not sure, if this problem does only occur, if the debug mode is activated).

I have the following error in file src/redir.c:

redir.c: In function 'redir_main':
redir.c:3817:7: error: format '%d' expects argument of type 'int', but argument 5 has type 'long int' [-Werror=format=]
       redir_msg_send(REDIR_MSG_OPT_REDIR);
       ^
redir.c:3909:7: error: format '%d' expects argument of type 'int', but argument 5 has type 'long int' [-Werror=format=]
       redir_msg_send(REDIR_MSG_OPT_REDIR | REDIR_MSG_OPT_PARAMS);
       ^
redir.c:3931:7: error: format '%d' expects argument of type 'int', but argument 5 has type 'long int' [-Werror=format=]
       redir_msg_send(REDIR_MSG_OPT_REDIR | REDIR_MSG_OPT_PARAMS |
       ^
redir.c:3942:7: error: format '%d' expects argument of type 'int', but argument 5 has type 'long int' [-Werror=format=]
       redir_msg_send(REDIR_MSG_OPT_REDIR);
       ^
redir.c:3956:7: error: format '%d' expects argument of type 'int', but argument 5 has type 'long int' [-Werror=format=]
       redir_msg_send(0);
       ^
redir.c:3967:7: error: format '%d' expects argument of type 'int', but argument 5 has type 'long int' [-Werror=format=]
       redir_msg_send(REDIR_MSG_OPT_REDIR);
       ^
redir.c:3991:7: error: format '%d' expects argument of type 'int', but argument 5 has type 'long int' [-Werror=format=]
       redir_msg_send(0);
       ^
redir.c:4014:2: error: format '%d' expects argument of type 'int', but argument 5 has type 'long int' [-Werror=format=]
  redir_msg_send(REDIR_MSG_OPT_REDIR);
  ^
redir.c:4194:5: error: format '%d' expects argument of type 'int', but argument 5 has type 'long int' [-Werror=format=]
     redir_msg_send(REDIR_MSG_OPT_REDIR);
     ^
redir.c:4199:5: error: format '%d' expects argument of type 'int', but argument 5 has type 'long int' [-Werror=format=]
     redir_msg_send(REDIR_MSG_OPT_REDIR);
     ^
redir.c:4208:5: error: format '%d' expects argument of type 'int', but argument 5 has type 'long int' [-Werror=format=]
     redir_msg_send(0);
     ^

These errors occured when I tried to compile with option --disable-ipc-msg. These errors occured with --enable-ipc-msg too.

Hi,

Thank you for this great project.
I follow your work for about 2 years and I saw lot of changes.
The reason why I open this issue is that, as far as I know, there are at least three websites to get informations, binaries, source code, issue report or just contact maintainers:

• http://www.coova.org
• this organization on Github
• LinkedIn.

It could be a little bit confusing for people interested in contributing to this project.
Is it planned to centralized this project into a single website?
Is this organization the main point for all contributions?

err

I compile latest version of Coovachilli (29th July, 2015) in openwrt (r46569) successfully. I am able run chilli in device having RAM 64 Mb but unable to run in device with 32 Mb RAM. I used to run two instances in a device having only 32 Mb RAM older version.

When chilli is not running, free command show

root@test:~# free
             total         used         free       shared      buffers
Mem:         61300        21676        39624          172            0
-/+ buffers:              21676        39624
Swap:            0            0            0
root@test:~#

After running first instance of chilli

root@test:~# chilli
coova-chilli[7553]: (Re)processing options [/var/run/chilli.7553.cfg.bin]
coova-chilli[7554]: running chilli_opt on /var/run/chilli.7553.cfg.bin
coova-chilli[7553]: PID 7553 rereading binary file /var/run/chilli.7553.cfg.bin
coova-chilli[7553]: PID 7553 reloaded binary options file
root@test:~# free
             total         used         free       shared      buffers
Mem:         61300        39596        21704          184            0
-/+ buffers:              39596        21704
Swap:            0            0            0
root@test:~# 

After running second instance of chilli what I get

root@test:~# chilli -c /etc/chilli/main2.conf
coova-chilli[9144]: (Re)processing options [/var/run/chilli.9144.cfg.bin]
coova-chilli[9145]: running chilli_opt on /var/run/chilli.9144.cfg.bin
coova-chilli[9144]: PID 9144 rereading binary file /var/run/chilli.9144.cfg.bin
coova-chilli[9144]: PID 9144 reloaded binary options file
root@test:~# free
             total         used         free       shared      buffers
Mem:         61300        56920         4380          200            0
-/+ buffers:              56920         4380
Swap:            0            0            0
root@test:~# 

Every instance eat almost 17 Mb of RAM which is very high memory footprint for any package in openwrt. It is almost impossible to run chilli in device with 32 or 16 Mb RAM. Is it a memory leak

I have the following error in file src/options.c at lines 293 and 491:

options.c: In function 'options_fromfd':
options.c:293:25: error: 'struct options_t' has no member named 'proxysecret'
   if (!option_s_l(bt, &o.proxysecret)) return 0;
                         ^
options.c: In function 'options_save':
options.c:491:25: error: 'struct options_t' has no member named 'proxysecret'
   if (!option_s_s(bt, &o.proxysecret)) return 0;
                         ^

This error occures when I try to compile with option --disable-radproxy.

I think it is because the structure options_t defines this member only if ENABLE_RADPROXY is defined, but at line 491, this member is called even if this option is enable or not.

I have a pre-built app in Python Django that authenticates users using Social login (facebook / google). I want to use this app to Authenticate users. Basically, i want to provide internet access to anyone who logs in to facebook and then goes through phone number verification via OTP. I have CoovaChilli on my router and have setup a freeRadius server. Can you please help me to figure out how to make freeRadius server work with this python app. Alternatively, would it be easier to make my Python app interact directly with Coovachilli, and if yes then how ?

Hi,

It seems that the community is giving a new breath of this project and this is a very good news.

But the code does not seems to follow conventions and coding standards.
Contributions proposed by the community may also follow differents conventions.
The project will be very difficult to manage and may be a turn-off for some contributors.

It will be great if this project adopts some conventions and coding standards.
I know nothing about the good practices in C++ and tools to continously verify the quality of the source code, but I found this interesting guide.

Hello.
I'm trying to enable the injection of content, but after several days of searching, I failed to find any documentation on the subject (Except some post on linkedin).

They would be so kind as to tell me that steps to enable this feature (A sample configuration if possible).

Thank you.

Hi ,

I am using DLink Router DIR 505 and using openwrt as firmware and installed Covachilli on it.
I am using radius server for authentication.

I am able to successfully authenticate with radius server from my home network and get internet.
But when I am installing the same router at my office network, it just gets stuck at the login page saying "Please wait".

Can someone please help in figuring out what could be the possible issue.

I also tried to access the radius logs to check if I am seeing my office IP details but there are none.

Appreciate someone`s help in this regard.

Thanks
Shankar

I have installed successfully coova chilli and now I'm trying to make it work. I have created a custom login page. Here is it the code

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">

    <title>Captive Portal</title>

    <!-- Bootstrap -->
    <link rel="stylesheet" type="text/css" href="bower_components/bootstrap/dist/css/bootstrap.min.css">
    <!-- Bootstrap material design theme -->
    <link rel="stylesheet" type="text/css" href="bower_components/bootstrap-material-design/dist/css/material.min.css">

    <script src="public/js/ChilliLibrary.js"></script>
    <script type="application/javascript">

        chilliController.host = "192.168.1.1"; // Hard Coding - not a good idea
        chilliController.port = "3990";
        chilliController.interval = 60;

        chilliController.onError = handleErrors;
        chilliController.onUpdate = updateUI;

        /* Action triggered when buttons are pressed */
        function connect() {
            var username =  document.getElementById('username').value ;
            var password =  document.getElementById('password').value ;

            if (username == null || username == '')
                return setElementValue('logonMessage', 'Username is required');

            showWaitPage(1000);
            chilliController.logon( username , password ) ;
        }

        function updateUI (cmd) {
            alert('You called the method' + cmd + '\n Your current state is =' + chilliController.clientState);
        }

        // If an error occurs, this handler will be called instead
        function handleErrors (code) {
            alert('The last contact with the Controller failed. Error code =' + code );
        }

        //  finally, get current state
        chilliController.refresh();
    </script>
</head>
<body>

    <nav class="navbar navbar-default shadow-z-1">
        <div class="navbar-header">
            <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-responsive-collapse">
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
            </button>
        <a class="navbar-brand" href="javascript:void(0)">NetFATE Captive Portal</a>
    </div>
    </nav>

    <div class="container">
        <div class="row" style="margin-top: 25px;">
            <div class="col-xs-8 col-xs-offset-2 col-md-4 col-md-offset-4 panel panel-default" style="padding: 55px;">
                <form class="form-horizontal" action="javascript:connect()">
                    <fieldset>
                        <div class="form-group">
                            <input id="username" class="form-control" type="text" name="username" placeholder="Username" autofocus>
                        </div>
                        <br>
                        <div class="form-group">
                            <input id="password" class="form-control" type="password" name="password" placeholder="Password">
                        </div>
                        <br>
                        <div class="form-group">
                            <a>Forgot the password?</a>
                        </div>
                        <div class="form-group">
                            <button class="btn btn-primary" type="submit">Login</button>
                        </div>
                    </fieldset>
                </form>
            </div>
        </div>
    </div>

    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
    <script src="bower_components/bootstrap/dist/js/bootstrap.min.js"></script>
    <script src="bower_components/bootstrap-material-design/dist/js/material.min.js"></script>

    <script type="text/javascript">
        $.material.init(); // Init material design effect
    </script>
</body>
</html>

quite things aren't clear for me. Should I call also chillicontroller.js? Is this the right way? Thank you for the support

Hi all,

I found a strange behavior of Chilli 1.3.1.3 in conjunction with RadiusDesk Dynamic Login Pages.
After Chilli redirects to the external login page the RD dynamic login pages it says "Fetching connection status..." and after a while it says "Error Failed to get status from CoovaChilli".
After I took a look in the browser with development tools I saw that is
trying to query this link:

http://10.1.0.1:3990/json/status?_dc=1443802869694&callback=Ext.data.JsonP.callback1

When I try to query this link directly in the browser the Coova Chilli
is redirect to RD login page.

Chilli logs:

coova-chilli[11813]: The path: json/status
coova-chilli[11813]: -->> Setting
userurl=[http://10.1.0.1:3990/json/status?_dc=1443803059684&callback=Ext.data.JsonP.callback13]
coova-chilli[11813]: redir_accept: Original request host=10.1.0.1:3990
coova-chilli[11813]: redir_wispr2_reply
coova-chilli[11497]: caught 17 via selfpipe
coova-chilli[11497]: child 11813 terminated
coova-chilli[11497]: Freed child process 11813 [[redir]]
coova-chilli[11814]: The path: www/coova.html
coova-chilli[11814]: Serving file coova.html
coova-chilli[11497]: caught 17 via selfpipe
coova-chilli[11497]: child 11814 terminated
coova-chilli[11497]: Freed child process 11814 [[redir]]

My Setup:

10.1.0.0/24 -> Chilli router -> WAN -> INTERNET -> RD server (FreeRadius

• MySQL + RadiusDesk with Dynamic Login Pages)

Chilli config:

HS_WANIF=eth0 # WAN Interface toward the Internet
HS_LANIF=eth1 # Subscriber Interface for client devices
HS_NETWORK=10.1.0.0 # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.255.0 # HotSpot Network Netmask
HS_UAMLISTEN=10.1.0.1 # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990 # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4990 # HotSpot UAM "UI" Port (on subscriber
network, for embedded portal)
HS_COAPORT=3799
HS_DYNIP=10.1.0.10
HS_DYNIP_MASK=255.255.255.0
HS_DNS_DOMAIN=MyDomain.ro
HS_DNS1=MyDNS1
HS_DNS2=MyDNS2
HS_NASID=NAS-01
HS_RADIUS=radiusdesk.MyDomain.ro
HS_RADIUS2=radiusdesk.MyDomain.ro
HS_RADSECRET=myradiussecret # Set to be your RADIUS shared secret
HS_UAMSECRET=myuamsecret # Set to be your UAM secret
HS_UAMALIASNAME=chilli
HS_UAMDOMAINS=".paypal.com,.paypalobjects.com,.MyDomain.ro"
HS_SSID="MyDomain-SSID"
HS_UAMSERVER=$HS_UAMLISTEN
HS_UAMFORMAT=http://radiusdesk.MyDomain.ro/cake2/rd_cake/dynamic_details/chilli_browser_detect/
HS_UAMHOMEPAGE=http://$HS_UAMLISTEN:$HS_UAMPORT/www/coova.html
HS_TCP_PORTS="80 443"
HS_UDP_PORTS="1701"
HS_MODE=hotspot
HS_TYPE=coovachilli
HS_RADAUTH=1812
HS_RADACCT=1813
HS_WWWDIR=/etc/chilli/www
HS_WWWBIN=/etc/chilli/wwwsh
HS_PROVIDER=MyDomain
HS_PROVIDER_LINK=http://www.MyDomain.ro/
HS_LOC_NAME="My HotSpot" # WISPr Location Name and used in portal
HS_LOC_NETWORK="My Network" # Network name
HS_REDIRSSL=on

Chilli version:
coova-chilli[11939]: (Re)processing options [/var/run/chilli.11939.cfg.bin]
coova-chilli[11940]: running chilli_opt on /var/run/chilli.11939.cfg.bin
coova-chilli 1.3.1.3

OS: stretch/sid

I've changed the UAM secrete also in dynamic login pages.

Using the same configuration file with Chilli 1.3.0 this issue is not appears.
I've used 1.3.1.3 because 1.3.0 I had to do some changes to the code to compile it correctly (changes which seems to be done in 1.3.1.3).

Tried Coova Chilli 1.3.0 on Debian OS and also on OpenWRT with a TP-LINK TL-MR3420.
Coova Chilli 1.3.1.3 I've tried only on Debian OS.

Anybody has any idea what is the issue?

Kind regards,
Adrian

Hi,

I have several errors using the experimental option --enable-netnat:

nat.c:38:3: error: passing argument 2 of 'iphash_new' from incompatible pointer type [-Werror]
   iphash_new(&iface->nat, m, size, callback);
   ^
In file included from nat.h:25:0,
                 from net.h:27,
                 from tun.h:26,
                 from chilli.h:27,
                 from nat.c:24:
iphash.h:53:5: note: expected 'struct iphashm_t **' but argument is of type 'struct natm_t **'
 int iphash_new(struct iphash_t **this, struct iphashm_t **member, int listsize, iphash_callback callback);
     ^
nat.c: In function 'nat_do':
nat.c:46:10: error: implicit declaration of function 'ethhdr' [-Werror=implicit-function-declaration]
   struct pkt_ethhdr_t *ethh = ethhdr(pack);
          ^
nat.c:46:31: error: initialization makes pointer from integer without a cast [-Werror]
   struct pkt_ethhdr_t *ethh = ethhdr(pack);
                               ^
nat.c:47:10: error: implicit declaration of function 'iphdr' [-Werror=implicit-function-declaration]
   struct pkt_iphdr_t  *iph  = iphdr(pack);
          ^
nat.c:47:31: error: initialization makes pointer from integer without a cast [-Werror]
   struct pkt_iphdr_t  *iph  = iphdr(pack);
                               ^
nat.c:48:10: error: implicit declaration of function 'udphdr' [-Werror=implicit-function-declaration]
   struct pkt_udphdr_t *udph = udphdr(pack);
          ^
nat.c:48:31: error: initialization makes pointer from integer without a cast [-Werror]
   struct pkt_udphdr_t *udph = udphdr(pack);
                               ^
nat.c:57:3: error: implicit declaration of function 'iphash_get' [-Werror=implicit-function-declaration]
   iphash_get(iface->nat, &p, &addr, udph->dst);
   ^
nat.c:60:5: error: implicit declaration of function 'iphash_add' [-Werror=implicit-function-declaration]
     iphash_add(iface->nat, &p, &addr, udph->dst);
     ^
nat.c:69:4: error: 'natm_t' has no member named 'dst_port'
   p->dst_port = udph->dst;
    ^
nat.c:70:4: error: 'natm_t' has no member named 'src_port'
   p->src_port = udph->src;
    ^
nat.c:46:24: error: unused variable 'ethh' [-Werror=unused-variable]
   struct pkt_ethhdr_t *ethh = ethhdr(pack);
                        ^
nat.c: In function 'nat_undo':
nat.c:82:31: error: initialization makes pointer from integer without a cast [-Werror]
   struct pkt_ethhdr_t *ethh = ethhdr(pack);
                               ^
nat.c:83:31: error: initialization makes pointer from integer without a cast [-Werror]
   struct pkt_iphdr_t  *iph  = iphdr(pack);
                               ^
nat.c:84:31: error: initialization makes pointer from integer without a cast [-Werror]
   struct pkt_udphdr_t *udph = udphdr(pack);
                               ^
nat.c:100:16: error: 'natm_t' has no member named 'src_port'
   udph->dst = p->src_port;
                ^
nat.c:82:24: error: unused variable 'ethh' [-Werror=unused-variable]
   struct pkt_ethhdr_t *ethh = ethhdr(pack);
                        ^
nat.c: In function 'nat_init':
nat.c:39:1: error: control reaches end of non-void function [-Werror=return-type]
 }
 ^

I've been looking at RADIUS errors that show up after enabling radsec: chilli will frequently loose track of RADIUS packets, causing it to reject valid replies from a RADIUS server. After fixing a few errors with debug logging (see #37 and #36) I managed to catch this in the debug logs.

Summarising the debug output I see the following happening:

Received id=4 Access-Reject
    id=1    timeout=1422542915  retx=1
    id=5    timeout=1422542923  retx=1
    id=6    timeout=1422542924  retx=1

Received id=5 Access-Reject
    id=1    timeout=1422542915  retx=1
    id=6    timeout=1422542924  retx=1

Received id=6 Access-Reject
    id=1    timeout=1422542915  retx=1

Rescheduling id=1
    id=1    timeout=1422542925.170894   retx=2

Send code=RADIUS_CODE_ACCESS_REQUEST id=4
    id=4    timeout=1422542925  retx=0

This looks correct until you get to the point where packet 1 is resend for the second time: after the second retransmit the queue looks correct and only contains packet 1. The next event (which happens in the same second) is sending a new authentication request, and after that has happened packet 1 has suddenly disappeared from the queue. If you look at the log entries surrounding that moment the queue seems to get confused:

radius.c: 366: 0 (Debug) sending radius packet (code=1, id=4, len=269)

next 1, first 0, last 0
n=  0 id=  4 state=  1 next= -1 prev= -1 1422542925   549235 0
radius.c: 1535: 0 (Debug) RADIUS id=4 sent to 127.0.0.1:1812
main-radsec.c: 94: 0 (Debug) main-radsec.c:process_radius
main-radsec.c: 126: 0 (Debug) ssl_write 269
radius.c: 657: 0 (Debug) radius_timeout(0) 1422542916    50088
next 1, first 0, last 0
n=  0 id=  4 state=  1 next= -1 prev= -1 1422542925   549235 0
radius.c: 736: 0 (Debug) radius_timeout
next 1, first 0, last 0
n=  0 id=  4 state=  1 next= -1 prev= -1 1422542925   549235 0
radius.c: 657: 0 (Debug) radius_timeout(1) 1422542916   170125
next 7, first 1, last 1
n=  1 id=  1 state=  1 next= -1 prev= -1 1422542925   170894 2
radius.c: 736: 0 (Debug) radius_timeout
radius.c: 740: 0 (Debug) first 1, timeout 1422542925   170894
next 7, first 1, last 1
n=  1 id=  1 state=  1 next= -1 prev= -1 1422542925   170894 2

This seems to indicate chilli is sending packet 4, but it’s also checking for packet timeouts at the same time. During this you see the queue contents changing: part of this sees a queue with only packet 4, and then you suddenly see code which has a queue only containing packet 1. The next event in the log is a reply for packet 1 arriving:

radius.c: 1907: 0 (Debug) Received RADIUS packet id=1
radius.c: 271: 0 (Debug) idx 0 pid 4 id 1
radius.c: 392: 0 (Debug) bad idx (-1)
radius.c: 1947: 0 (Debug) RADIUS id 1 was not found in queue!
redir.c: 2858: 0 (Debug) radius_ind() failed!

So we see that chilli can no longer find packet 1 on its queue, and aborts. Also interesting is that the next event is a reply for packet 4, which gets rejected due to a bad authenticator:

radius.c: 1907: 0 (Debug) Received RADIUS packet id=4
radius.c: 271: 0 (Debug) idx 0 pid 4 id 4
radius.c: 404: 0 (Debug) radius_queue_out
next 1, first 0, last 0
n=  0 id=  4 state=  1 next= -1 prev= -1 1422542925   549235 0
radius.c: 1721: 0 (Debug) Authenticator B4BA94473792C626C486C8D176FA34C6(pkt) != A7AA4B0EF5F8943AE253B39D0C9F5A0F(calc)
radius.c: 415: 0 (Debug) Authenticator does not match! req-id=4 res-id=4

I am guessing that a bad authenticator should not happen in your environment, or is at least extremely rare. What could have happened here that when the packet queue was broken the authentication for packet 4 also got overwritten.

I think we can refactor the miniportal using html+js.. with the help of @mpangrazzi! What do you think @wlanmac @sevan ?

Hi all,

don't know if it's the right place, but I've done some heavy lifting to ChilliLibrary.js in order to adapt it to the particular setup of my company.

You can find it here: https://github.com/mpangrazzi/pepper

It could be useful if someone uses a modern JS build system like Browserify. I've plans to make it also fully usable with node.js, so one could easily build a smart client using, for example, nw.js.

Cheers,
Michele

I have the following error in file src/dhcp.c at lines 4873 and 4880:

dhcp.c: In function 'dhcp_pppoed':
dhcp.c:4873:28: error: format '%x' expects argument of type 'unsigned int', but argument 4 has type 'uint8_t *' [-Werror=format=]
   l * 2, p + sizeof(struct pkt_pppoe_taghdr_t));
                            ^
dhcp.c:4880:34: error: format '%x' expects argument of type 'unsigned int', but argument 6 has type 'uint8_t *' [-Werror=format=]
   t, l, l * 2, p + sizeof(struct pkt_pppoe_taghdr_t));
                                  ^

This error occures when I try to compile with option --enable-pppoe.

I'm on a 100mbit fiber optic line and have been testing throughput on coova-chilli 1.3.0 using different routers loaded with openwrt barrier-breaker. I've been using speedtest.net to get my results and cabling everything in, no tests over wifi. I'm getting around 45mbits on a TP-Link TL-WR1043ND v2, the CPU is 720Mhz with 64mb ram. I also tried on a Mikrotik RB951G-2hnd and got roughly the same. Ubiquiti Air-router gets less, about 30mbits. If I bypass chilli and use straight nat lan to wan on the routers with openwrt I get very close to my line speed of 100mbits. Is there anything that can be done to maximize throughput when using coova chilli? I also tried wifidog and there's no problems with throughput, I tested wifidog 1.2.1, the only problem is that it doesn't have all the features chilli does.

Hi,

I have the following error when I try to compile on OpenWRT 14.07 or 15.05 with netfilter module enabled and --with-nfcoova:

 fatal error: asm/linkage.h: No such file or directory
 #include <asm/linkage.h>
                         ^

I followed this answer and tried to fix it, but the error still occures.

This code from radius_addattr() in radius.c looks strange:

    if ((length+vlen+2) > RADIUS_PACKSIZE) {
      syslog(LOG_ERR, "No more space!");
      return -1;
    }

    length += vlen + 8;

You increase the packet length by vlen+8, but you do the buffer overrun check using vlen+2

Hi,

I have encountered the following error when I tried to compile this project using the option --with-nfqueue on OpenWRT env:

dhcp.c: In function 'nfqueue_cb_in':
dhcp.c:886:3: error: passing argument 2 of 'nfq_get_payload' from incompatible pointer type [-Werror]
   ret = nfq_get_payload(nfa, &data);
   ^
In file included from net.h:37:0,
                 from tun.h:26,
                 from chilli.h:27,
                 from dhcp.c:22:
/home/openwrt/15.05/staging_dir/target-mips_34kc_uClibc-0.9.33.2/usr/include/libnetfilter_queue/libnetfilter_queue.h:119:12: note: expected 'unsigned char **' but argument is of type 'char **'
 extern int nfq_get_payload(struct nfq_data *nfad, unsigned char **data);
            ^
dhcp.c: In function 'nfqueue_cb_out':
dhcp.c:942:3: error: passing argument 2 of 'nfq_get_payload' from incompatible pointer type [-Werror]
   ret = nfq_get_payload(nfa, &data);
   ^
In file included from net.h:37:0,
                 from tun.h:26,
                 from chilli.h:27,
                 from dhcp.c:22:
/home/openwrt/15.05/staging_dir/target-mips_34kc_uClibc-0.9.33.2/usr/include/libnetfilter_queue/libnetfilter_queue.h:119:12: note: expected 'unsigned char **' but argument is of type 'char **'
 extern int nfq_get_payload(struct nfq_data *nfad, unsigned char **data);
            ^

I can fix these errors using these patches:

--- a/src/dhcp.c
+++ b/src/dhcp.c
@@ -865,7 +865,7 @@
   struct nfqnl_msg_packet_hdr *ph;
   struct nfqnl_msg_packet_hw *hw;
   u_int32_t id = 0;
-  char *data;
+  unsigned char *data;
   int ret;

   int result = NF_DROP;
@@ -928,7 +928,7 @@
           struct nfq_data *nfa, void *cbdata) {
   struct nfqnl_msg_packet_hdr *ph;
   u_int32_t id = 0;
-  char *data;
+  unsigned char *data;
   int ret;

   int result = NF_DROP;

--- a/src/queue.c
+++ b/src/queue.c
@@ -13,7 +13,7 @@
   struct nfqnl_msg_packet_hdr *ph;
   u_int32_t mark,ifi;
   int id = 0;
-  char *data;
+  unsigned char *data;
   int ret;

   ph = nfq_get_msg_packet_hdr(tb);

Hi cam I use coova-chilli with an existing radius server (QNAP based) and an existing WiFi infrastructure? Is there any config quide for such a case?

I have the following error in file src/chilli.c at lines 4380 and 4386:

chilli.c: In function 'cb_radius_auth_conf':
chilli.c:4386:23: error: unused variable 'dhcpconn' [-Werror=unused-variable]
   struct dhcp_conn_t *dhcpconn = (struct dhcp_conn_t *)appconn->dnlink;
                       ^
chilli.c:4380:7: warning: variable 'force_ip' set but not used [-Wunused-but-set-variable]
   int force_ip = 0;

This error occures when I try to compile with option --disable-dhcpradius.

I saw a reference to xt_coova in a different thread. What I understand is that with it you no longer need TUN/TAP? I run a OpenWRT router with limited hardware, performance is important. Where can I find more details on what it is and how to use xt_coova?

Thanks

Due to the poor documentation, it is pretty hard figure out how to make work coova chilli controller. I don't understand some variables in the config file. I would like to address the user to a login page located to an external server but I don't understand this variables and how to use them.

HS_UAMSERVER

HS_UAMFORMAT

HS_UAMHOMEPAGE

HS_UAMSERVICE

HS_UAMSERVER should be the variable which point to the address so should be an IP address but I don't know how to use correctly the above remaining variables. Which is the difference between the second and third variable? and what is HS_UAMSERVICE? The config file suggests to read this link http://www.coova.org/CoovaChilli/UAMService but it is down

Hi,

compiling Coova Chilli on OpenWrt commit 44e44bd produces the following errors:

redir.c: In function 'redir_main':
redir.c:3794:7: error: format '%ld' expects argument of type 'long int', but argument 6 has type 'unsigned int' [-Werror=format=]
redir_msg_send(REDIR_MSG_OPT_REDIR);
^
redir.c:3886:7: error: format '%ld' expects argument of type 'long int', but argument 6 has type 'unsigned int' [-Werror=format=]
redir_msg_send(REDIR_MSG_OPT_REDIR | REDIR_MSG_OPT_PARAMS);
^
redir.c:3908:7: error: format '%ld' expects argument of type 'long int', but argument 6 has type 'unsigned int' [-Werror=format=]
redir_msg_send(REDIR_MSG_OPT_REDIR | REDIR_MSG_OPT_PARAMS |
^
redir.c:3919:7: error: format '%ld' expects argument of type 'long int', but argument 6 has type 'unsigned int' [-Werror=format=]
redir_msg_send(REDIR_MSG_OPT_REDIR);
^
redir.c:3933:7: error: format '%ld' expects argument of type 'long int', but argument 6 has type 'unsigned int' [-Werror=format=]
redir_msg_send(0);
^
redir.c:3944:7: error: format '%ld' expects argument of type 'long int', but argument 6 has type 'unsigned int' [-Werror=format=]
redir_msg_send(REDIR_MSG_OPT_REDIR);
^
redir.c:3968:7: error: format '%ld' expects argument of type 'long int', but argument 6 has type 'unsigned int' [-Werror=format=]
redir_msg_send(0);
^
redir.c:3991:2: error: format '%ld' expects argument of type 'long int', but argument 6 has type 'unsigned int' [-Werror=format=]
redir_msg_send(REDIR_MSG_OPT_REDIR);
^
redir.c:4171:5: error: format '%ld' expects argument of type 'long int', but argument 6 has type 'unsigned int' [-Werror=format=]
redir_msg_send(REDIR_MSG_OPT_REDIR);
^
redir.c:4176:5: error: format '%ld' expects argument of type 'long int', but argument 6 has type 'unsigned int' [-Werror=format=]
redir_msg_send(REDIR_MSG_OPT_REDIR);
^
redir.c:4185:5: error: format '%ld' expects argument of type 'long int', but argument 6 has type 'unsigned int' [-Werror=format=]
redir_msg_send(0);
^

commit ddc50ba is fine, no errors.

Thanks in advance

Edy

I found three sections where realloc is not used correctly:

• src/cmdline.mini.c#L117
• src/garden.c#L236
• src/garden.c#L287

If realloc fails, you will loose memory in the old pointer because it has been reassigned to null.
You should write something like that:

//Store the result in a temporary pointer
char **tmp = (char **)realloc(lp, *given * sizeof(char *));

if (tmp == NULL) {
    //In case of failure, do want you want (syslog, exception...).
} else {
    //In case of success, you can reassign the pointer
    lp = tmp;
}

I have the following error in file src/dhcp.c at line 5502:

dhcp.c: In function 'dhcp_data_req':
dhcp.c:5502:12: error: unused variable 'tag' [-Werror=unused-variable]
   uint16_t tag = 0;

This error occures when I try to compile with option --disable-ieee8021q.

There are several short-coming of Captive Portal implementations. Take, for instance, handling HTTPS connections. Some implementations might time out the connection (assuming the request doesn't fall in the walled garden), others might return a TCP reset, even others might terminate the TLS (with browser errors) to issue the redirect. (Chilli allows you do do all three ;)

There is generally a need for better Detection of CP networks, Notification of resources that fall outside the walled garden of CP networks, and a more standardized protocol for Client Interaction.

Proposal to deliver CP information via DHCP/IPv6-RA

Proposal to notify client with ICMP when blocked by CP

IETF CP mailing list discussion

This issue is to track any development progress related to any new standards.

Coova-Chilli in its lastest version still implements SSLv3.

SSLv3 is considered unsafe and should be removed.

Issued on the Ports 3990 & 4990

Regards,
m4xw

Someone reported the problem in detail in 2012.

http://www.coova.org/node/5171

Tested upto kernel 3.10.x, the problem still exist. Almost indepedent of coova chilli version, but it has been confirmed to only shows up on giga wired network and newer kernel versions.

Perhaps someone can bisect the kernel version to nail to the changes in the kernel which triggers this.

Hi,

We are trying to implement a captive solution wherein we are using Cova Chilli and FreeRadius.
We have hosted our own captive app (built in Java) on tomcat sever.
Our goal is to enable authentication through Social Login(Using either facebook/google oauth) instead of using any local authentication mechanism provided by Free Radius auth modules.

We are facing issues for enabling social login authentication through FreeRadius.
Can you please provide any suggestions in this regard.

Cheers
Shankar.

Hi,

I have the following error when I try to build coova-chilli using OpenWRT buildroot:

Makefile.am: error: required file './README' not found

This file were removed by commit 11b1d7e

@PINKRA Is it possible to restore this file?

Recent OpenWrt trunk switches to musl C library and it breaks coova-chilli to compile.
Before that, DD-WRT also switches to musl, and they fix the problem by themselves.
Anyway, here's quick and dirty patch for this problem, but I think there's a better and elegant solution exists:

--- a/src/system.h
+++ b/src/system.h
@@ -78,11 +78,6 @@
 #include <sys/stat.h>
 #endif

-#ifdef HAVE_LINUX_SYSINFO_H
-#define _LINUX_KERNEL_H
-#include <linux/sysinfo.h>
-#endif
-
 #ifdef HAVE_TIME_H
 #include <time.h>
 #endif
@@ -123,6 +118,11 @@
 #include <signal.h>
 #endif

+#ifdef HAVE_SYS_SYSINFO_H
+#define _LINUX_SYSINFO_H
+#include <sys/sysinfo.h>
+#endif
+
 #if defined(__linux__)
 #include <asm/types.h>
 #include <linux/if.h>
@@ -135,10 +135,6 @@
 #include <linux/un.h>
 #endif

-#ifdef HAVE_SYS_SYSINFO_H
-#include <sys/sysinfo.h>
-#endif
-
 #elif defined (__FreeBSD__)  || defined (__APPLE__) || defined (__OpenBSD__) || defined (__NetBSD__)
 #include <net/if.h>
 #include <net/bpf.h>
@@ -170,10 +166,6 @@
 #include <net/if_tun.h>
 #endif

-#ifdef HAVE_NET_ETHERNET_H
-#include <net/ethernet.h>
-#endif
-
 #ifdef HAVE_ASM_TYPES_H
 #include <asm/types.h>
 #endif
--- a/src/chilli_limits.h
+++ b/src/chilli_limits.h
@@ -18,8 +18,8 @@
  *
  */

-#ifndef _LIMITS_H
-#define _LIMITS_H
+#ifndef _CHILLI_LIMITS_H
+#define _CHILLI_LIMITS_H

 /*
  * extracted from various .h files, needs some cleanup.

Any comments?

Hi,

I have the following error when I try to compile with options:

• --enable-debug and --enable-miniconfig:
• or --enable-debug2 and --enable-miniconfig

cmdline.mini.c:32:0: error: "_debug_" redefined [-Werror]
 #define _debug_ 0
 ^
In file included from chilli.h:25:0,
                 from cmdline.mini.c:27:
debug.h:25:0: note: this is the location of the previous definition
 #define _debug_ 2
 ^

Works fine when --disable-debug, --disable-debug2 and --enable-miniconfig are set.