Content-injection, as used in this article, means the inserting of HTML content into web pages going through a router. The idea is not new, and can be done in a variety of ways. Indeed, you might recall that years ago I did something similar using transproxy and privoxy, which I called the coova captive frame. With developments in CoovaChilli and the interest in ad-paid WiFi, it's time to review the feature once again, this time natively in CoovaChilli.

The WISPr 1.0 document by the Wi-Fi Alliance set out to defined the Best Current Practices for Wireless Internet Service Provider (WISP) Roaming in an effort to bring some consistency to authentication and billing on Wi-Fi Public Access Networks. While the document does give some good guidance on the minimal RADIUS requirements for AAA (Authentication, Authorization, and Accounting), and defines a methodology for automated login in a captive portal network, it was not designed to be a standard, so it says.

With CoovaChilli managing the traffic of multiple access points, it can now be configured to utilize the MAC Authentication features found in some WLAN products to learn the access point location of a subscriber device. To demonstrate the use of this feature, hear is an example using both the Cisco Aironet and the Alcatel-Lucent/Aruba OmniAccess switch.

The importance of the RADIUS shared secret and security:

• Provides data integrity; meaning that you have confidence that the information received came from the trusted (by knowing the secret) source without modification.

• Protects the user password during PAP authentication. Knowing the RADIUS shared secret, the clear-text password can be derived from the PAP encoded password.

• Protects the RADIUS server from a variety of attacks by requiring all RADIUS data pass verification against the shared secret.

On a recent project, we had the benefit of working with Ruckus Wireless access points in building captive portal and secure wireless networks. To illustrate how to use such hardware with CoovaChilli, consider the following example where we are using the Ruckus ZoneFlex 2925 and a simple Ubuntu PC running the CoovaChilli open-source access controller.

In the forum and elsewhere, we have seen people asking for CoovaChilli for their Ubiquiti routers. Of course, one easy way to use CoovaChilli is to be using the open-mesh / ROBIN firmware. Another way is to build CoovaChilli right into the Ubiquiti firmware using the Ubiquiti AirOS SDK.

In DHCP Discovery, we explored the DHCP protocol and the kind of information the client device reveals about itself. DHCP fingerprinting is taking that information in order to classify the operating system and/or vendor of the device. The technique is finding it's way into commercial applications, CoovaRADIUS included, but, it's easy to do yourself too; here's how.

RADIUS is a protocol "for carrying authentication, authorization, and configuration information between a Network Access Server (NAS) which desires to authenticate its links and a shared Authentication Server (AS)." RADIUS uses UDP packets that carry one or more RADIUS attributes.

There are several possible authentication protocols that can run within RADIUS. The simplest is PAP, where the user password is transmitted encoded with the shared secret between the NAS and AS.

The Neo Freerunner from Openmoko is addictive. I would call it a "phone," but I haven't really used that feature much yet. It's simply a nice, very nice, pocket sized Linux system with touch-screen, GPRS, GPS, and, of course, Wi-Fi. My Freerunner came with Google Android on it, but I wanted to start out with Openmoko's own firmware. With the latest version of their software, I found most features of the phone operational, complete with a nice soft keyboard. It is also very easy to build applications for the phone, using standard GNU tools and GUI building in X/GTK.

Writing open-source for system integrators is a challenge. To some extent, your users are your own competitors. But, why?