forked from coova/coova-chilli
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
539 lines (478 loc) · 38.5 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
== ChangeLog (CoovaChilli-v1.6) ==
* system.h: Fix compilation with kernel 4.19 + musl (#502)
* docs: fix simple typo, tighest -> tightest (#523)
* Fix build with musl libc. (#524)
* Updated build to avoid making warnings fatal. (#524)
* Updated debian and rpm packaging sources. (#524)
* chilli: fix build with --enable-authedallowed (#525)
* Fix compilation with newer wolfSSL. (#499)
== ChangeLog (CoovaChilli-v1.5) ==
* Deal with the differing levels of support for 64 bit time_t by casting to long (#325)
* Drop the incomplete support for Sun Solaris. (#326)
* Use the md5 utility in scripts for checksums (#327)
* Set empty argument sections of functions with void (#328 #330)
* Switch from des_ to DES_ prefix functions. (#329)
* dnslog is no longer an option
* Fix indentation to indicate flow. (#331)
* Debian packaging: missing dependencies and new changelog entry (#333)
* Debian packaging: Updated compat and Standards-Version to current values (#333)
* Debian packaging: Removed conffiles that are already auto-selected as such (#333)
* Debian packaging: Turn python and python-gtk dependency into a Suggests (#333)
* setsockopt() with TCP_NODELAY incorrectly used SOL_SOCKET protocol level (#364)
* Fix TCP_NODELAY error. (#370)
* Error Log set by debug option. (#371)
* Fixed small typo in ChilliLibrary.js (#372)
* setsockopt failed after last commit #368 (#374)
* Fix build with ENABLE_SESSGARDEN but not HAVE_PATRICIA (#417)
* Fix init script (#418)
* Terminate if statement on a new line (#422)
* Fix compile with musl (#445)
* Change ifconfig to ip (#449)
* Fix wrong RADIUS proxy reply socket (#483)
* Fix compilation with --enable-redir and musl (#453)
* Fix session handling on DHCP NAK packages (#486)
* Fix macro expansion bug (#485)
* Fix byte counting with xt_coova due to endian differences (#497)
* Fix compilation without deprecated OpenSSL APIs (#498)
== ChangeLog (CoovaChilli-v1.4) ==
* input_packets and output_packets now exported for scripts to use. via #285
* NetBSD now included in the BSD specific ifdef statements. via #289
* Fixed build Linux kernel 4.4.14 and newer. via #292
* Dropped redundant line in clear_appcon(). via #295
* Fix support for browsers behind a proxy, visiting HTTPS sites. via #296
* Function name & line number now stated in LOG_DEBUG level syslog messages. via #298
* Add support for identitites to syslog to differentiate messages when running multiple instances. via #300
* Fix possible crash due to invalid buffer size. via #303
* Fix check in IP header for More Frag flag. via #304
* Fix spelling mistake
* Remove empty comments. via #311
* Start documenting the build and install process in INSTALL file from scratch. via #315
* Fix sslkeypass function for use with passphrase protected certificates. via #319, fixes #297
* Drop dnslog function. via #320
* Remove stale spec file. via #321
* Replace invalid email address with Github issues URL in configure script. via #322
* Drop bogus path to functions file in init.d script
* Added ETCDIR macro for use in chilli init.d script to accomodate installs in different prefix or sysconfdir. via #324
== ChangeLog (CoovaChilli-v1.3.2) ==
* Certificate bundles now support using SSL_CTX_use_certificate_chain_file() via #204
* Add a preliminary configuration file for use with Doxygen. via #142
* Spelling mistake fixed in login.chi.in
* writeconfig() includes macsuffix setting in generated config from conf/functions.in
* Static out of range error includes IP address
* RFC 7710 - Captive Portal URI DHCP option implemented
* ipt_coova Makefile refactored to fix build errors
* ipt_coova now uses netfilter uapi-headers from /usr/include/linux
* Code with misleading indentation pointed out by gcc-6 fixed
* Build with --enable-json fixed
* libjson-dev added to installed dependency list in Travis config file
* --enable-location without --enable-proxyvsa now permissible
== ChangeLog (CoovaChilli-v1.3.1.4) ==
* Update refs to site to http://coova.github.io/ and fix software name.
* xt_coova.c with kernel version >= 3.10.0 fixed
* Compile with --enable-pppoe fixed
* Compile with --enable-location fixed
* enable_json should be =no by default or libchilli compile fails
* syslog params with --with-ipc-msg fixed
* When xt_coova is in use IP address is no longer removed from dhcpif
* Compile with --netfilter-queue fixed
* Support for vendor specific dhcp options (60/43) added
* HS_LOCATIONOPT82 now maps to locationopt82 flag
* HS_UDP_PORTS introduced in sample up.sh for permitting UDP ports in fw rules
* DHCP relay functionality fixed
* Introduce enable-json flag, support for JSON is no longer enabled by default
* www.coova.org is no longer permitted by default
* Most DEBUG level logging now only happens if enable.debug is true
* IPtables rules re-ordered
* Switch from mktemp() to mkstemp()
* JSON replies can now include nasid
* Added support for Travis CI https://travis-ci.org/coova/coova-chilli
* Switch from safe_snprintf() to snprintf()
* Switch from safe_fork() to fork()
* Update bstring library with fork from msteinert/bstring
* An attempt to close an unopened proxy socket is no longer performed
* Switch from strcpy(3) to strlcpy(3)
* Use `new_socket` instead of `0` and `1` descriptors
* Introduce CONTRIBUTING.md
* Update AVL headers from http://www.olsr.org/git/?p=oonf.git;a=tree;f=src-api/common;hb=HEAD
* Use AC_PROG_CC_C99 macro to specify C99 standard to compiler
* An attempt to reopen a socket just because writing would block is no longer performed
* Add license information for extern/strlcpy.c & libjson to LICENSE
* Correct sequence number is now used in a TCP RESET.
* SSLv2 & v3 support disabled
* sslciphers option added
* kmod_coova_sync gained layer3 support
* radius_reply() replaced by radius_pkt_send()
* Numerous churn to autoconf settings
* Numerous bug fixes
== ChangeLog (CoovaChilli-v1.3.1.3) ==
* Fix json encoding for radius reply.
== ChangeLog (CoovaChilli-v1.3.1.2) ==
* Add json support.
== ChangeLog (CoovaChilli-v1.3.1 git2763bb5) ==
* Added NethServer distro spec.in
* Pass redir_request *rreq to redir_main_exit()
* Add terminateTime to chilli session json object
* Pass redir_request *rreq to redir_main_exit() (Unbreaks building with OpenSSL support)
* Reference the members of socket struct correctly
* Do no drop IP fragments (needed for some UDP VPN)
* Fixed automake warnings
* Fix building using clang & dev_set_address() on the BSD's
* Fix indentation of closing brakets in check_options()
* Use ifaliasreq for BSDs & derivatives
* When calling redir_main_exit() from redir_main() pass it forked
* Allow Coova to be built using clang without any options enabled
* Fix CR/LF > LF
* Fix build with FreeBSD
* Moved on github (https://github.com/coova/coova-chilli)
* Added haserl dependency for miniportal
* Added libtool, automake and libssl-dev, iptables, gengetopt as dependencies to build a .deb from sources
* Now SO_REUSEPORT socket flag is checked at runtime
* Fix compile w/o patricia support
== ChangeLog (CoovaChilli current svn revision) ==
* New compile time option ''--enable-authedallowed'' which will allocate memory and enable the ''authedallowed'' runtime option
* New runtime option ''authedallowed'' which is used just like ''uamallowed'' but defines resources not to be subject to bandwidth limits or accounting (outside of "garden accounting")
* Smoothed out leaky bucket bandwidth calculation by considering fractions of seconds
* New runtime option ''uamauthedallowed'' is a boolean option that has all ''uamallowed'' resources put outside of bandwidth limits or accounting
* New runtime option ''postauthproxyssl'' to have postauth proxy send https to proxy, previously this was the default when redirssl is used
* Runtime option ''mmapring'' to enable using RX/TX rings when compiled with ''--with-mmap''
* Fix ICMP fragmentation needed messages to carrying original IP header plus 8 bytes (64bits)
* Added runtime option ''nosystemdns'' to prevent the use of the system DNS servers to be used for DHCP subscribers
* Added compile option ''--enable-wpad'' to add support for WPAD via DHCP and DNS, new runtime option ''--wpadpacfile=filename''
== ChangeLog (CoovaChilli-v1.3.0 svn revision 480) ==
* Removed chilli query command ''listip'', use ''list up'' instead
* Removed chilli query command ''listmac'', use ''list mac'' instead
* Added option ''only8021q'' to only handle VLAN traffic on an interface
* When not using enable-largelimits, the RADIUS queue will allocate packet storage dynamically
* Added AVL support for indexing locations and maintaining statistics
* Fixed memory usage issue and added options ''dhcphashsize'' and ''radiusqsize''
* Added runtime option ''redirurl'' to have a redirection URL put into the UAM query string parameters instead of a HTTP redirect
* Chomp off Ethernet trailer which would result in DNS parsing to fail
* Several compile-time bugs fixed
== ChangeLog (CoovaChilli-v1.2.9 svn revision 460) ==
* New compile time option ''--enable-useragent'' to turn on the recording of User-Agent in RADIUS
* New compile time option ''--enable-sessionstate'' to further extend the use of ChilliSpot-Session-State to indicate reasons for disconnect
* New compile time option ''--enable-sessionid'' to enable the use of a ChilliSpot-Session-Id that does not change during location awareness stop/start
* Change to RADIUS proxy to allow RADIUS accounting for determining location awareness
* New runtime option for proxyvsa called ''--locationupdate=/path/script'' to run a script on location change
* New runtime flag option for proxyvsa ''--locationstopstart'' to have the RADIUS acct session stopped, session-id updates, and started during location change
* New runtime flag option for proxyvsa ''--locationcopycalled'' to copy the Called-Station-Id from proxy RADIUS into that sent by chilli
* New runtime flag option for proxyvsa ''--locationimmediateupdate'' to have chilli do RADIUS acct immediately upon location change
* Fixed double RADIUS Accounting on macallowed/macallowlocal granted sessions; also adds MAC username
* Added runtime option ''--childmax=128'' to define the max number of child processes
* Added compile time option ''--enable-gardenaccounting'' to enable the splitting of garden vs. non-garden traffic
** Added runtime option ''--uamgardendata'' to enable walled garden accounting using RADIUS accounting only
** Added runtime option ''--uamotherdata'' to be used with above to also provide accounting for "other" traffic (DHCP, ARP, dropped, etc)
** Added runtime option ''--nousergardendata'' that will have walled garden traffic counted separately from other user traffic post-authentication
* Added option ''--vlanlocation'' to use VLAN as the ChilliSpot-Location
* Added option ''--locationopt82'' whereby DHCP option 82 is used as Location
* Added option ''--moreif'' to add additional LAN interfaces besides just dhcpif
* Changed to be less aggressive in saving status file, unless you use ''--statusfilesave''
* Added option ''--noarpentries'', do not create arp table entries in when using TAP.
* Added option ''--injectext'' to enable redir injection extended script
* Added option ''--injectwispr'' to enable redir injection of WISPr
* Added option ''--patricia'' to use patricia tries for walled garden lookup
* Added option ''--extadmvsa'' extended administrative-user VSA script support
* Added option ''--dhcpnotidle'' DHCP counted for preventing idle-timeout
* Added option ''--ipv6'' to Enable IPv6 support (experimental)
* Added option ''--ipv6only'' to enable IPv6-Only (experimental)
== ChangeLog (CoovaChilli-v1.2.8 svn revision 450) ==
* New option ''--uamdomainttl'' to define a rewrite value for the DNS TTL on uamdomain matched responses
* Made the dynamic garden able to overwrite the oldest entries to make way for the new
* Increased the max packet size for ''--enable-largelimits'' and implemented ICMP fragmentation when packets truncated
* Added support for a DNS handler in loadable modules which will be able to mangle DNS passing through
* Added feature to adjust TCP Window based on leaky bucket remaining size
* Bug fix: in main-proxy use of error_buffer with cURL
* Bug fix: resetting leaky bucket state during logout
* Bug fix: DHCP gateway assignment missing value
== ChangeLog (CoovaChilli-v1.2.7 svn revision 443) ==
* Improved RADIUS queue robustness, and will only remove from queue after verifying shared secret
* Cleanup of printing functions for Layer2/Layer3 modes and chilli_query commands list, dhcp-list, listip, listmac
* Allow the replying to ARP for the ''uamlisten'' IP address in ''layer3'' mode
* Increased EAP message size limit
* Added ''uamanyipex'' that defines a subnet to exclude from ''uamanyip''
* Changed the name of ''anyipexclude'' to ''uamnatanyipex'' to be more accurate, see http://lists.coova.org/pipermail/chilli/2011-March/001616.html
* Support for Framed-IP-Netmask in RADIUS macauth replies
* Added new attributes for DHCP parameter setting in RADIUS macauth replies, see dictionary.coovachilli
* Added compile time option ''--disable-coa'' to optionally remove CoA support
* Added compile time option ''--disable-tcpreset'' to optionally disable TCP session resetting
* Fixups for BSD based systems
== ChangeLog (CoovaChilli-v1.2.6 svn revision 433) ==
* Added compile time option ''--enable-layer3'' and run-time option ''--layer3'' to enable a Layer3 (IP-Only) style captive portal - no DHCP
* Change to ''chilli_query logout'' to identify sessions based on options ''sessionid ...'' or ''ip ...'', not just MAC address
* Added compile time option ''--enable-uamdomainfile'' and run-time option ''--uamdomainfile filename'' to load regex style uamdomains
* Added compile time option ''--enable-redirdnsreq'' and run-time option ''--redirdnsreq'' to have chilli send a DNS query for the hostname found in the redirect (useful when relying heavily on DNS based walled garden using ''uamdomain'' or ''uamdomainfile'')
* Fixed ''uamdomain'' such that it will only match exactly the given name or prefixed with anything dot ('.') name
* Added Pragma no cache and Expires headers to redirect HTTP responses
* Fixed ''chilli_proxy'' bug for when DNS is down
* The default will now be to --disable-chillixml (enable with --enable-chillixml)
* Support for a module based approach to adding features to chilli, enabled with ''--enable-modules''
* A new light-weight configuration sub-system without help text enabled with ''--endable-miniconfig''
* Support for ''chilli_query'' can be removed at build-time with ''--disable-chilliquery''
* Added runtime option ''--noradallow'' to authorize sessions when RADIUS is not available
* Disabled session-based walled garden support per default, enable with ''--enable-sessgarden''
* Build time option ''--enable-dhcpopt'' to use the command line option ''--dhcpopt <hex-encoded-binary-dhcp-option>''
* Session-based content injection url support
* Fixed bug with json startTime value when system has librt
== ChangeLog (CoovaChilli-v1.2.5 svn revision 394) ==
* Removed CoovaChilli-Version from Access-Accept/Challenge/Reject to EAP NAS
* Fix to not update chilli session from a IPC request when already autheticated
* Fix for non-null terminates username when proxying EAP
* Added options ''--macup'' and ''--macdown'' defining scripts to run during DHCP up (assignment) and down (release)
* Added option flag ''--redir'' to turn on redir daemon when built with ''--enable-chilliredir''
* Release DHCP lease on a DHCP-Decline
* Added length checks in more places to verify proper packets
* Reviewed use of all string functions, now including snprintf.c in bstring
* Allow for the parsing of HTTP Proxy requests for clients configured with proxy
* Compile time option ''--enable-dnslog'' to allow for run-time option ''--dnslog'' to log all DNS requests
* Added compile time option ''--enable-ipwhitelist'' and runtime option --ipwhitelist to define a binary IP white list file (thanks to FON)
* Added compile time support for SSDP Multicast with ''--enable-ssdp'' thanks to Colin McFarlane
* Consolidated DNS parsing functions into one
== ChangeLog (CoovaChilli-v1.2.4 svn revision 371) ==
* Integrated changes from Comfone AG
** Implemented support for WISPr 2.0 username/password and EAP
** Implemented support for Radius CUI
** Fixed missing WISPr 1.0 reply on Radius timeout
** Clean-up of some redir.c debugging messages
** Removed NO_UAMWISPR configuration parameter
** Added NO_WISPR2 configuration parameter. Added NO_WISPR1 configuration parameter
** Allow multiple concurrent UAM login methods
** Added support Radius State attribute
** Changes made by Laurent Frelechoux (Comfone AG)
* Segfault bug fix in ''chilli_radconfig''
* Fix for EAPOL, thanks to Francesco Sinopoli
* Bug fix for ''--enable-chilliredir'' plus SSL
* Signal handling clean-ups, using self-pipe technique
* Better statedir handling - allowing full paths for various files
* A timeout for ''chilli_query'' hardcoded to 10 seconds
== ChangeLog (CoovaChilli-v1.2.3 svn revision 356) ==
* Allow use of absolute paths for unixipc option
* Use uamaliashostname for WISPr redirect if possible
* Bug fix for RADIUS (EAP) proxy
* Preliminary support for Netfilter NFQUEUE usage ''--with-nfqueue''
* Preliminary support for Coova Netfilter kernel module ''--with-nfcoova''
* Support for globbing of cmdsock filename(s) in chilli_query
* Compile option ''--enable-proxyvsa'' to have proxy port sniff out VSAs
* Compile option ''--enable-chilliscript'' to build the setuid ''chilli_script'' utility
* Runtime option ''--proxylocattr'' that defines the "location" attribute in MAC auth proxy requests
* Runtime option ''--proxymacaccept'' to have chilli always return AccessAccept for MAC auth proxy requests
* Improved ''chilli_redir'' main loop to optionally support poll/epoll (''--with-poll'') and no waiting for input
* Change such that MAC authentication happens during DHCP when not authentication, not just when 'unknown'
* Improved support for ethers file used with binary status file
* New option ''chilli_query listippool'' to list the IP address pool
* Bug fix in static ip allocation - particularly noticeable on 64bit
* Added ''Compiled with ...'' section to ''--help'' output to see compile time options
* Fix bootstrap: install missing automake files automatically
* Fixes concerning DHCP relay - rewriting of DHCP Server Identifier option, and more
* Fixes for RadSec support
* Fixes for using ''--uid'' and ''--gid''
* Fixes for anydns
== ChangeLog (CoovaChilli-v1.2.2 svn revision 291) ==
* Added support for RadSec secure (SSL/TLS) RADIUS tunneling
* Changed the generated cmdline.c (Makefile will apply patch) to be more forgiving of multiple uses of the same configuration entry.
* Added DHCP RADIUS values to the HTTP AAA protocol proxy
* Added option ''--uamhostname'' that will resolve (Local DNS) to ''uamlisten'' IP
* Fix memory leak when using SSL
* Bug fix for ''--framedservice'' option
== ChangeLog (CoovaChilli-v1.2.1 svn revision 281) ==
* Fix for when using WISPr-Session-Terminate-Time
* Fix for honoring WISPr-Redirection-URL in AccessAccept
* Fix making *.''domain'' optionally "local DNS" instead of default
* Fix for OpenSSL - cert file should not require full cert chain
* Fix for SSL when using chilliredir server, add port to mdata
* Bug fix for option ''--anyipexclude'' which stopped working (due to chilli_opt)
* Extended redir to support script content (miniportal) under SSL
* Fix and change to RADIUS handling to make it more robust and avoid major problems during timeouts
* New option ''--ethers'' that specifies a file with MAC Address and IP Address mappings
== ChangeLog (CoovaChilli-v1.2.0 svn revision 271) ==
* Bumped version to 1.2.0 (passing 1.1.0 to avoid confusion w/chillispot 1.1.0)
* Added option ''--uamaliasip'' (which defaults to 1.0.0.1) that defines a special IP - will always redir
* Added option ''--uamaliasname'' which defines a word hostname (combined with --domain) that is a DNS alias for ''uamaliasip''
* Added option ''--redirssl'' to turn on redirection of HTTPS (when used with OpenSSL or MatrixSSL)
* Added option ''--uamuissl'' to turn on SSL on the ''uamuiport'' instead of simple HTTP (requires SSL)
* Added option ''--sslkeyfile'' to set the SSL private key (in PEM) to use in hijack/uamuissl
* Added option ''--sslcertfile'' to set the SSL certificate (in PEM) to use in hijack/uamuissl
* Added support for MatrixSSL as an alternate to OpenSSL when compiled with ''--with-matrixssl''
* Change to RADIUS subsystem whereby the allocation of the queue is optional, as is the queue size
* Using the librt functions for clock management; faster than using time() and will never go backwards
* Support for Linux Packet MMAP RX/TX ring buffer packet interfaces
* Added option ''--anyipexclude'' (from forum) to define a network that is excluded from ''uamanyip''
* Support for poll/epoll as alternative to select (use with configure ''-with-poll'')
* Added new compile time feature ''--enable-chilliredir'' which will build and use a forked server for handling redirects
* With the above option also enabled, regular expression based walled garden can be set with one or more ''--uamregex spec''
* Added the '''miniportal''' project to CoovaChilli, for a light-weight haserl/shell captive portal
* Added support for SSL redirecting (with SSL cert violation, of course) and SSL on the local UAM sockets
* Added compile-type option ''--enable-chilliproxy'' to have the new ''chilli_proxy'' server built
* Added ''chilli_proxy'' to perform a RADIUS to/from HTTP translation for networks not wanting to use RADIUS
* Added compile-type option ''--with-curl'' to enable cURL library support instead of native chilli client
* Improved signgal handling and delegation to child processes (proxy/redir)
* Added Content-Type and Content-Length to chilli HTTP responses (redirect) - needed for some smart-clients (iPASS)
* Added option to ''chilli_query'' to have a session login with a certain username/password, (e.g. ''chilli_query login sessionid xxx username test password test'')
* Added example HTTP AAA PHP script, see doc/http-aaa-example.php
* Added ''sessionid'' (Acct-Session-Id in RADIUS) to initial redirect URL
* Bug fixed thanks to Wichert Akkerman (idle-timeout, '&' encoding, long passwords)
* Bug fix for when setting bandwidth limitations using chilli_query
* Changes default uamlogoutip from 1.1.1.1 to 1.0.0.0 because of reports it disc
onnects VPN connections.
* Added some compile time options to remove certain features (see configure script).
* Changed ''--usestatusfile'' option from flag to an argument that takes a string (filename)
* Compile-time option ''--enable-binstatusfile'' to enable the writing/reading of a binary status file
* New option ''seskeepalive'' to be used with above compile type option to indicate chilli should not stop sessions on shutdown
* Added VLAN-Id RADIUS attribute to accounting.
* Bug fix for VLAN ID in RADIUS and redirect URL
* Bug fix for HEX conversion error
== ChangeLog (CoovaChilli-v1.0.14 svn revision 208) ==
* Major reduction in initial memory usage as the MAC session pool will grow as needed.
* Separation of configuration from running server (experimental!! report problems!)
* Major changes to for the use of ''usetap'' option, whereby chilli will establish a tap interface
* New configuration setting for ''nexthop'' (for use with ''usetap'' when part of a bridge) which defines the next hop MAC address
* New utility ''chilli_opt'' which processes the configuration and writes out an architecture dependent binary configuration file
* New utility ''chilli_rtmon'', launched by chilli using ''rtmonfile'' option, will monitor the default route and write out the ''nexthop'' option and SIGHUP the running ''chilli''
* Support for VLAN / 802.1Q tags in Ethernet frames on the ''dhcpif'' network. The VLAN ID is sent to the portal in the ''vlan'' query string parameter and in the ChilliSpot-VLAN-Id RADIUS attribute
* Fixup for ''uamanydns'' whereby requests to anything other than ''dns1'' or ''dns2'' will be rewritten to access ''dns1'' instead of whatever setting the user has
* The ''dhcpbroadcast'' option will have the DHCP server respond to broadcast IP always (when no relay)
* The ''tcpmss'' option will rewrite the TCP Maximum Segment Size (TCP Option).
* Added logoutURL to the JSON redir block
* WISPr LoginURL bug fix
== ChangeLog (CoovaChilli-v1.0.13 svn revision 199) ==
* Accepts the parameter ''ntresponse'' in the ''logon'' which is used in MS-CHAPv2 (does not require the mschapv2 option, but simply passes through the ntresponse into the MSCHAPv2-Response
* Added option ''mschapv2'' (requiring OpenSSL enabled with --with-openssl) to support MS-CHAPv2 authentication during what would otherwise be PAP authentication (doesn't impact CHAP authentication)
* Added option to ''chilli_response'' to generate NT-Responses from the ''challenge'', ''uamsecret'', ''username'', and ''password'' - suitable to be used to encode the ''ntresponse'' sent to the 'logon'' handler.
* Added options ''uid'' and ''gid'' to set the process user and group after being started by root (experimental)
* Added option ''noc2c'' to have clients configured with /32 networks - http://coova.org/lists/?0::558
* Expanded the output of ''chilli_query'' to include the input/output octets, the max input/output and total octets, and bandwidth limitation information for each session.
* Added iptables rules to ''etc/chilli/up.sh'' for improved VPN pass-through and PPPoE/Mesh MTU issues.
* Added VSA Attributes ''ChilliSpot-Max-Input-Gigawords'', ''ChilliSpot-Max-Output-Gigawords'', and ''ChilliSpot-Max-Total-Gigawords'' which hold the upper 32 bits of 64bit unsigned integer values for the corresponding ''ChilliSpot-Max-*-Octets'' attributes
* Service-Type for MAC authentication changed to Framed instead of Login
* Added option ''framedservice'' which changes the Service-Type from Login to Framed during normal (non MAC-auth) authentication
* Added support for a ChilliSpot-Config = ''admin-reset'' option in RADIUS responses which will have chilli release the DHCP lease for the session
* Added ''macreauth'' option to have chilli always re-attempt a MAC authentication when it does an initial redirection
* Added the special ''/macreauth'' URL which will do a MAC re-auth if the ''macauth'' option is true (does not check the ''macreauth'' option which controls the re-auth for initial redirects)
* Added option ''adminupdatefile'' which optionally defines a file to write ChilliSpot-Config administrative user session attributes to - when the file changes, chilli will reread it's configs
* Added options ''challengetimeout'' and ''challengetimeout2'' to control previously hard-coded values for challenge timeout
* Crashing bug fix for when using ''acctupate'' and there is a RADIUS timeout
* Fix to have Acct-Session-Id reset upon Reject from UAM authentication
* Added ''mtu'' option which sets the MTU returned by DHCP
* Added ''tcpwin'' option to adjust all TCP windows coming and going
* More parameters sent to the WISPr login URL.
== ChangeLog (CoovaChilli-v1.0.12 svn revision 171) ==
* Bug fix in RADIUS timeout, note that option ''radiustimeout'' is in '''seconds'''!
* Fix for dnsparanoia whereby chilli will reply with a host not found error instead of dropping the packet [http://coova.org/lists/?0::166 suggest by nextime]
* New option ''macauthdeny'' which will result in the black-listing of devices given an Access-Reject during MAC address authentication
* New internal state called ''splash'' in which clients are given Internet access, but enforcing the port 80 http redirect
* new option ''dhcpradius'' for mapping of some DHCP options into RADIUS attributes and visa versa during MAC authentication
* new options ''dhcpgateway'' and ''dhcpgatewayport'' to specific a DHCP gateway (relay) host IP Address and port
* New option (in development) ''routeif'' to specify which WAN interface to use for the default - this also enables the use of internal routing instead of everything defaulting to the tun/tap
* Anyip fixes by Gunther, thanks.
* Code cleanups
== ChangeLog (CoovaChilli-v1.0.11 svn revision 147) ==
* Bug fix for RADIUS VSAs being sent
== ChangeLog (CoovaChilli-v1.0.10 svn revision 144) ==
* Renamed packed network stack structures and put them in pkt.h
* Bug fix for DHCP relay (RFC 1542)
* Bug fix in IPC handling
* Memory leak fix in logging
== ChangeLog (CoovaChilli-v1.0.9 svn revision 133) ==
* Bug fix whereby the mac address of packets from the chilli redirect are overwritten
* Bug fix for 'leaky bucket' timediff calculations
* Bug fix for ''uamserver'' URLs already with a query string
* Bug fix for initial redirect url ''called'' parameter when ''nasmac'' is not configured
* New options ''radiustimeout'', ''radiusretry'', and ''radiusretrysec'' - thanks [http://coova.org/lists/?0::75 Oliver]
* Better Terminate-Cause for administrative reset (logout)
* Fewer defaults set in 'defaults' script - assume chilli defaults instead
* Fixes for native EAP over LAN (EAPOL) support
* Local web content filenames served by chilli now able to have mixed capitalization
* chilliController support for older IE browsers
== ChangeLog (CoovaChilli-v1.0.8 svn revision 124) ==
* New option ''uamdomain'' whereby entire domains, one per use of option, can be white-listed.
* New option ''dnsparanoia'' to drop DNS responses (pre-authentication) containing any non- A, CNAME, SOA, or MX records
* New option ''radiusoriginalurl'' to send ChilliSpot VSA ChilliSpot-OriginalURL(9) in Access-Request containing the original URL
* Fix for when uamlisten is not always ''net'' + 1 (first IP in network range)
* Fix for when ''proxysecret'' and ''radiussecret'' differ in generation of Message-Authenticator
* Added option ''definteriminterval'' to define a interim-interval (for accounting) when not otherwise set by RADIUS
* Will install and use libchilli and libbstring shared libraries
* Fix in 64-bit portability - thx ccesario for helping out
* Fix for use with DHCP Relay clients
== ChangeLog (CoovaChilli-v1.0.7 svn revision 95) ==
* First version of JSON interface, see [[CoovaChilli/JSON]]
* Improved build environment installing complete default configuration (based on build config --prefix)
* Removed default use of /etc/chilli.conf and made it based on build prefix (e.g. /usr/local/etc/chilli.conf)
* RADIUS Accounting-On (during server startup) and Accounting-Off (during server shutdown) support
* RADIUS Administrative-User accounting session giving device wide accounting
* Added option ''acctupdate'' which will allow for session parameter updates with RADIUS Accounting-Response
* New option ''tundev'' to explicitly set the TUN/TAP device, as in "tun1" or "tap3" (still be sure to use --usetap, if wanting TAP)
* Depreciated option ''papalwaysok'' - it is considered always on
* Better self determination of nasmac (Called-Station-Id)
* Sending ChilliSpot-Version attribute in access request
* Added option ''wisprlogin'' to specifically set the WISPr LoginURL
== ChangeLog (CoovaChilli-v1.0.6 svn revision 66) ==
* Updated hashing algorithm to lookup3 by Bob Jenkins
* Using [http://bstring.sourceforge.net/ bstring] in certain places instead of large, but static character arrays
* URL Checksum: md5 of the redirect url + ''uamsecret'' passed to captive portal (''md'' query string parameter)
* Allows any protocol defined in <tt>/etc/protocols</tt> in the ''uamallowed'' (using format <tt>proto:host:port</tt>)
* Allow the setting of a client/session specific walled garden (up to 4 entries) in an Access-Reject
* Allow a WISPr-Redirection-URL in an Access-Reject (the value of which is able to span multiple attributes)
* Added the ''openidauth'' option to allow inform a RADIUS server that OpenID auth is allowed (requires ''papalwaysok'')
* Added option ''defsessiontimeout'' to define a session time when not otherwise set by RADIUS
* Added option ''defidletimeout'' to define a session idle timeout when not otherwise set by RADIUS
== ChangeLog (CoovaChilli-v1.0.5 svn revision 60) ==
* Allow certain ICMP packets from external interface into chilli LAN for proper MTU negotiation - includes ICMP types 0, 3, 5, 11.
* Fixups in WPA RADIUS proxy code - allow for change of credentials (logging out previous session) and drop fewer authentication requests.
* Bug fix for when using local MAC authentication
== ChangeLog (CoovaChilli-v1.0.4 svn revision 51) ==
* Merged a version of the ''Any IP'' patch as option ''uamanyip''
* Fixed issue with userurl being truncated (no query string)
* Improved userurl handling and sending to uamhomepage and/or uamserver
* Wait for local content script to exit and ensure a clean socket shutdown (by Christian Loitsch; needed for IE7 and embedded portal)
* Fixed session-id not in access-request for UAM login bug
* Experimenting with new option ''usetap'' to use a TAP instead of TUN
== ChangeLog (CoovaChilli-v1.0.3 svn revision 39) ==
* The [http://www.gnu.org/software/gengetopt/gengetopt.html gengetopt] project accepted our changes to allow 'include <file>' in config files. The new cmdline.c is generated with gengetopt v2.19 or higher
* Added the ''wpaguests'' option to allow anonymous WPA access w/captive-portal
* Added option for ''localusers'' file to authenticate users from a local file (inspired by FON)
* Commented out the use of clearenv() as it is not on all platforms and not wanted
* Look for Acct-Session-ID in addition to User-Name in Disconnect-Request - if given, only that specific session is disconnected (thanks to Jeremy Childs for patch)
* Added option ''uamlogoutip'' (default 1.1.1.1) whereby any HTTP request to this address will result in the auto-logout of the associated session
* Support for CoARequest RADIUS requests to reconfigure session parameters (session-timeout, data/bandwidth limits, etc)
* New optional flag ''macallowlocal'' which when turned on results in the macallowed list being auto-logged in with any RADIUS (local "authentication")
* Port and protocol allowed in the ''uamallowed'' to allow for a more specific definition of the walled-garden
* Add option for ''uamuiport'' which is an alternate port for embedded local content (where as uamlisten/uamport is also used to grab the initial redirect)
* The option ''wwwbin'' which, when configured, is the program used to deliver local content (in the ''wwwdir'') with the extention ".chi" (perfect for haserl)
* The option ''wwwui'' which when used with ''uamuiport'' is the alternate program to use for local content
* The ''chilli_response'' binary taking 3 arguments <hex-challenge> <uamsecret> <password> and returning the appropriate response
* New options ''postauthproxy'' and ''postauthproxyport'' to configure an upstream transparent proxy to use post-authentication for http traffic
* Option ''papalwaysok'' to allow back-ward compatibility with UAM back-end's using PAP authentication (with ''password'') even when configured with a ''uamsecret''
== ChangeLog (CoovaChilli-v1.0.2 svn revision 17) ==
* Configurable TX queue length (option ''txqlen'') on the tun/tap tunnel (Linux only)
* Added option ''swapoctets'' to swap the meaning of input/output octets/packets
* Added option ''logfacility'' to change the syslog logging facility (default LOG_LOCAL6) [note: should probably change the name of debugfacility as it is really logpriority]
* Patches from the ChilliSpot CVS 1.1 version
** Added option ''conup'' defining a script for session/connection-up
** Added option ''condown'' defining a script for session/connection-down
* Patches contributed by WeSea (see: [http://chillispot.wesea.com/ their page])
** Added option "usestatusfile" to turn on the use of the status file
** Traffic to UAM interface not counted in leaky buckets
** Some tweaks to allow a Flash browser-based UAM solution
* Applied patch for OpenBSD and NetBSD found in ChilliSpot mailing-list
* Renamed and swapped meaning of config param ''uamwispr'' (mentioned below) to ''nouamwispr'' which defaults to ''off'' for compatibility - turn on this option to ''not'' have chilli send WISPr XML, but rather assume the UAM server is taking care of that.
* Renamed and swapped meaning of config param ''uamsuccess'' (mentioned below) to ''nouamsuccess'' which defaults to ''off'' for compatibility - turn on this feature to ''not'' return the user to the UAM server on login, but their original url instead.
== ChangeLog (CoovaChilli-v1.0.1 svn revision 2) ==
* Added the ability to use ''include <filename>'' in configuration files to include others. Using gengetopt version 2.16 and a patch is applied to the generated source.
* A ''chilli_radconfig'' utility to perform a NAS Administrative-User RADIUS login in order to collect configurations (using the new ChilliSpot-Config VSA).
* A ''chilli_query'' utility to interface directly with the chilli server (via a UNIX socket) and retrieve the status of all DHCP leases and sessions. Also, the utility can be used to instruct chilli to release a DHCP lease (and logout the user).
* Added the configuration parameters ''adminuser'' and ''adminpasswd'' which are used by ''chilli_radconfig'' in combination with the other RADIUS (server, secret, port) parameters.
* Fixed the handling of the originally requested URL and the forwarding of said in the UAM initial redirect query string (parameter ''userurl'').
* Passing query string argument ''loginurl'' to ''uamhomepage'' noting the URL to follow to login -- also making the redirect return WISPr directions to use the uamserver URL instead.
* Added the configuration parameter ''wwwdir'' which defines a directory which will serve local files for URLs of format: ''http://<uamlisten>:<uamport>/www/<filename>'' - only supports ''.html'', ''.gif'', and ''.jpg'' extensions.
* Added the configuration parameters ''dhcpstart'', and ''dhcpend'' which define the DHCP ippool range.
* Added the sending of ''hisip'' in the UAM initial redirect query string.
* Added the configuration parameter ''cmdsocket'' which is the path of the UNIX socket to use for chilli_query.
* Added the configuration parameter ''ssid'' which gets added to the UAM initial redirect query string.
* Added the configuration parameter ''vlan'' which gets added to the UAM initial redirect query string.
* Added the configuration parameter ''nasip'' which gets used in the RADIUS NAS-IP-Address attribute (the listen IP is used if not set).
* Added the configuration parameter ''nasmac'' which gets sent to the UAM server in the initial redirect query string as called.
* Added the configuration parameter ''uamwispr'' which turns off and on chilli's internal support for WISPr XML (turned off by default as it is assumed the back-office is driving the XML).
* Added the configuration parameter ''uamsuccess'' which turns off and on whether or not chilli will send the user back to the UAM server (instead of their original URL) once authenticated.
* Swapped input/output octets/packets in RADIUS to be more in-line with other WiFi gateways.
* Allocates "app connections" on demand instead of in bulk to reduce memory usage.
* Rearranged some code to improve the building process and reduce the memory footprint of the additional utilities.
* (Re)Configuration memory leak fixed.