third-party: add chilli-redirect support

Signed-off-by: John Crispin <john@phrozen.org>

feeds/third-party/chilli-redirect/Makefile

@@ -0,0 +1,35 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=chilli-redirect
+PKG_RELEASE:=1
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_MAINTAINER:=John Crispin <john@phrozen.org>
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/chilli-redirect
+  SUBMENU:=Captive Portals
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=Chilli-Redirect
+endef
+
+define Package/chilli-redirect/description
+ Chilli Captive portal redirect support.
+endef
+
+define Build/Prepare
+	mkdir -p $(PKG_BUILD_DIR)
+endef
+
+define Build/Compile/Default
+
+endef
+Build/Compile = $(Build/Compile/Default)
+
+define Package/chilli-redirect/install
+	$(CP) ./files/* $(1)
+endef
+
+$(eval $(call BuildPackage,chilli-redirect))

feeds/third-party/chilli-redirect/files/etc/uci-defaults/99-chilli

@@ -0,0 +1,23 @@
+#!/bin/sh
+rm /etc/config/chilli
+cat > /etc/config/chilli <<EOF
+config chilli
+	option disabled '0'
+	option domain 'lan'
+	option uamanydns '1'
+	option lease '900'
+	option redir '1'
+	option papalwaysok '1'
+	option adminupdatefile '/var/run/chilli/local.conf'
+	option wwwdir '/etc/chilli/www'
+	option wwwbin '/etc/chilli/wwwsh'
+	option conup '/etc/chilli/conup.sh'
+	option condown '/etc/chilli/condown.sh'
+	option ipup '/etc/chilli/up.sh'
+	option ipdown '/etc/chilli/down.sh'
+	option cmdsocket '/var/run/chilli/chilli.sock'
+	option unixipc 'ipc.sock'
+	option pidfile '/var/run/chilli/chilli.pid'
+	option kname 'chilli'
+	option debug 0
+EOF

feeds/third-party/chilli-redirect/files/usr/share/ucentral/templates/third-party/chilli-redirect.uc

@@ -0,0 +1,45 @@
+{%
+let interfaces = services.lookup_interfaces("chilli-redirect");
+let enable = length(interfaces);
+services.set_enabled("chilli", enable);
+if (!enable)
+	return;
+let name = ethernet.calculate_name(interfaces[0]);
+let keys = {
+	uamport: 3990,
+	radiusauthport: 1812,
+	radiusacctport: 1813,
+	radiusserver1: true,
+	radiusserver2: true,
+	radiusnasid: true,
+	uamallowed: true,
+	uamdomain: true,
+	defidletimeout: 0,
+	definteriminterval: 300,
+	acctupdate: 9,
+	uamserver: true,
+	radiussecret: true,
+	nasmac: true,
+};
+%}
+
+set chilli.@chilli[0].dhcpif='{{ name }}'
+
+{% if (interfaces[0].role == "upstream"): %}
+set chilli.@chilli[0].net='198.18.0.0/255.255.254.0'
+set chilli.@chilli[0].statip='198.18.0.0/255.255.254.0'
+set chilli.@chilli[0].uamlisten='198.18.0.1'
+set chilli.@chilli[0].uamanyip='1'
+set chilli.@chilli[0].dns1='198.18.0.1'
+set chilli.@chilli[0].nasip='198.18.0.1'
+{% else %}
+set chilli.@chilli[0].net='10.0.0.0/255.255.254.0'
+set chilli.@chilli[0].statip='10.0.0.0/255.255.254.0'
+set chilli.@chilli[0].uamlisten='10.0.0.1'
+set chilli.@chilli[0].dns1='10.0.0.1'
+set chilli.@chilli[0].nasip='10.0.0.1'
+{% endif %}
+
+{% for (let k, v in keys): %}
+set chilli.@chilli[0].{{ k }}='{{ chilli_redirect[k] ? chilli_redirect[k] : v}}'
+{% endfor %}

feeds/third-party/coova-chilli/Config.in

@@ -0,0 +1,48 @@
+# CoovaChilli advanced configuration
+
+if PACKAGE_coova-chilli
+
+config COOVACHILLI_PROXY
+	bool "Enable support for chilli proxy. Required for AAA Proxy through http"
+	default n
+
+config COOVACHILLI_REDIR
+	bool "Enable support for redir server. Required for uamregex"
+	default n
+
+config COOVACHILLI_MINIPORTAL
+	bool "Enable support Coova miniportal"
+	default n
+
+config COOVACHILLI_USERAGENT
+	bool "Enable recording user-agent"
+	default n
+
+config COOVACHILLI_UAMDOMAINFILE
+	bool "Enable loading of mass uamdomains from file"
+	default n
+
+config COOVACHILLI_LARGELIMITS
+	bool "Enable larger limits for use with non-embedded systems"
+	default n
+
+config COOVACHILLI_JSONINTERFACE
+	bool "Enable the JSON interface for the CoovaChilli Controller"
+	default n
+
+choice
+	prompt "SSL library"
+	default COOVACHILLI_NOSSL
+
+config COOVACHILLI_NOSSL
+	bool "No SSL support"
+
+config COOVACHILLI_WOLFSSL
+	bool "wolfSSL"
+
+config COOVACHILLI_OPENSSL
+	bool "OpenSSL"
+
+endchoice
+
+endif

feeds/third-party/coova-chilli/Makefile

@@ -0,0 +1,153 @@
+#
+# Copyright (C) 2007-2018 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=coova-chilli
+PKG_VERSION:=1.5
+PKG_RELEASE:=4
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/coova/coova-chilli/tar.gz/$(PKG_VERSION)?
+PKG_HASH:=75e15fd00a870b8a95df1440977c688a05a109f90b57bf679b931101d427d0fb
+
+PKG_MAINTAINER:=Jaehoon You <teslamint@gmail.com>
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=COPYING
+
+PKG_FIXUP:=autoreconf
+PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=0
+
+PKG_CONFIG_DEPENDS:= \
+  COOVACHILLI_JSONINTERFACE \
+  COOVACHILLI_LARGELIMITS \
+  COOVACHILLI_MINIPORTAL \
+  COOVACHILLI_NOSSL \
+  COOVACHILLI_OPENSSL \
+  COOVACHILLI_PROXY \
+  COOVACHILLI_REDIR \
+  COOVACHILLI_UAMDOMAINFILE \
+  COOVACHILLI_USERAGENT \
+  COOVACHILLI_WOLFSSL \
+  IPV6
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+define Package/coova-chilli
+  SUBMENU:=Captive Portals
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=+kmod-tun +librt +COOVACHILLI_MINIPORTAL:haserl \
+  +COOVACHILLI_WOLFSSL:libwolfssl +COOVACHILLI_OPENSSL:libopenssl \
+  +COOVACHILLI_JSONINTERFACE:libjson-c
+  TITLE:=Wireless LAN HotSpot controller (Coova Chilli Version)
+  URL:=https://coova.github.io/
+  MENU:=1
+endef
+
+define Package/coova-chilli/description
+	CoovaChilli is an open source access controller for wireless LAN
+	access points and is based on ChilliSpot. It is used for authenticating
+	users of a wireless (or wired) LAN. It supports web based login (UAM)
+	which is today's standard for public HotSpots and it supports Wireless
+	Protected Access (WPA) which is the standard of the future.
+	Authentication,	authorization and accounting (AAA) is handled by your
+	favorite radius server.
+endef
+
+define Package/coova-chilli/config
+  source "$(SOURCE)/Config.in"
+endef
+
+define KernelPackage/ipt-coova
+  URL:=http://www.coova.org/CoovaChilli
+  SUBMENU:=Netfilter Extensions
+  DEPENDS:=coova-chilli +kmod-ipt-core +libxtables
+  TITLE:=Coova netfilter module
+  FILES:=$(PKG_BUILD_DIR)/src/linux/xt_*.$(LINUX_KMOD_SUFFIX)
+  AUTOLOAD:=$(call AutoProbe,xt_coova)
+endef
+
+define KernelPackage/ipt-coova/description
+	Netfilter kernel module for CoovaChilli
+	Includes:
+	- coova
+endef
+
+DISABLE_NLS=
+
+TARGET_CFLAGS += $(FPIC) -Wno-error
+
+CONFIGURE_VARS += \
+       ARCH="$(LINUX_KARCH)" \
+       KERNEL_DIR="$(LINUX_DIR)"
+
+MAKE_FLAGS += \
+       ARCH="$(LINUX_KARCH)" \
+       KERNEL_DIR="$(LINUX_DIR)"
+
+MAKE_INSTALL_FLAGS += \
+       ARCH="$(LINUX_KARCH)" \
+       KERNEL_DIR="$(LINUX_DIR)" \
+       INSTALL_MOD_PATH="$(PKG_INSTALL_DIR)"
+
+define Build/Prepare
+$(call Build/Prepare/Default)
+	( cd $(PKG_BUILD_DIR) ; \
+		[ -f ./configure ] || { \
+			./bootstrap ; \
+		} \
+	)
+endef
+
+define Build/Configure
+	$(call Build/Configure/Default, \
+	$(if $(CONFIG_COOVACHILLI_PROXY),--enable,--disable)-chilliproxy \
+	$(if $(CONFIG_COOVACHILLI_REDIR),--enable,--disable)-chilliredir \
+	$(if $(CONFIG_COOVACHILLI_MINIPORTAL),--enable,--disable)-miniportal \
+	$(if $(CONFIG_COOVACHILLI_USERAGENT),--enable,--disable)-useragent \
+	$(if $(CONFIG_COOVACHILLI_LARGELIMITS),--enable,--disable)-largelimits \
+	$(if $(CONFIG_COOVACHILLI_JSONINTERFACE),--enable,--disable)-libjson \
+	$(if $(CONFIG_COOVACHILLI_JSONINTERFACE),--enable,--disable)-json \
+	$(if $(CONFIG_COOVACHILLI_UAMDOMAINFILE),--enable,--disable)-uamdomainfile \
+	$(if $(CONFIG_IPV6),--with,--without)-ipv6 \
+	$(if $(CONFIG_COOVACHILLI_WOLFSSL),--with,--without)-cyassl \
+	$(if $(CONFIG_COOVACHILLI_OPENSSL),--with,--without)-openssl \
+	$(if $(CONFIG_PACKAGE_kmod-ipt-coova),--with-nfcoova) \
+	--enable-chilliredir\
+	)
+endef
+
+define Package/coova-chilli/conffiles
+/etc/config/chilli
+endef
+
+define Package/coova-chilli/install
+	$(INSTALL_DIR) $(1)/etc
+	$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/chilli.conf $(1)/etc/
+	$(INSTALL_DIR) $(1)/etc/chilli
+	$(CP) $(PKG_INSTALL_DIR)/etc/chilli/* $(1)/etc/chilli/
+	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
+	$(INSTALL_DATA) ./files/chilli.hotplug $(1)/etc/hotplug.d/iface/30-chilli
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/chilli* $(1)/usr/sbin/
+	$(INSTALL_DIR) $(1)/usr/lib/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.so.* $(1)/usr/lib/
+	$(if $(CONFIG_PACKAGE_kmod-ipt-coova), \
+		$(INSTALL_DIR) $(1)/usr/lib/iptables; \
+		$(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib*.so $(1)/usr/lib/iptables/ \
+	)
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) files/chilli.init $(1)/etc/init.d/chilli
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DATA) files/chilli.config $(1)/etc/config/chilli
+endef
+
+$(eval $(call BuildPackage,coova-chilli))
+$(eval $(call KernelPackage,ipt-coova))

feeds/third-party/coova-chilli/files/chilli.config

@@ -0,0 +1,226 @@
+#
+# Sample Coova-Chilli configuration file
+#
+
+config chilli
+    # disable to running chilli. remove this option before running.
+    option disabled 1
+
+    # name of TUN device name. required.
+    option tundev 'tun0'
+
+    # name of network interface
+    option network ''
+
+    # Include this flag to include debug information.
+    #option debug 1
+
+    # Re-read configuration file at this interval. Will also cause new domain
+    # name lookups to be performed. Value is given in seconds.
+    #option interval 3600
+
+    # Directory to use for nonvolatile storage.
+    # The program must have write access to this directory.
+    # this option is currently ignored
+    #option statedir ./
+
+
+    # TUN parameters
+
+    # IP network address of external packet data network
+    # Used to allocate dynamic IP addresses and set up routing.
+    # Normally you do not need to uncomment this option.
+    #option net 192.168.182.0/24
+
+    # Dynamic IP address pool
+    # Used to allocate dynamic IP addresses to clients.
+    # If not set it defaults to the net tag.
+    # Do not uncomment this option unless you are an experienced user!
+    #option dynip 192.168.182.0/24
+
+    # Static IP address pool
+    # Used to allocate static IP addresses to clients.
+    # Do not uncomment this option unless you are an experienced user!
+    #option statip 192.168.182.0/24
+
+
+    # Primary DNS server.
+    # Will be suggested to the client.
+    # If omitted the system default will be used.
+    # Normally you do not need to uncomment this option.
+    #option dns1 172.16.0.5
+
+    # Secondary DNS server.
+    # Will be suggested to the client.
+    # If omitted the system default will be used.
+    # Normally you do not need to uncomment this option.
+    #option dns2 172.16.0.6
+
+    # Domain name
+    # Will be suggested to the client.
+    # Normally you do not need to uncomment this option.
+    #option domain key.chillispot.org
+
+    # Script executed after network interface has been brought up.
+    # Executed with the following parameters: <devicename> <ip address>
+    # <mask>
+    # Normally you do not need to modify this option.
+    option ipup /etc/chilli/up.sh
+
+    # Script executed after network interface has been taken down.
+    # Executed with the following parameters: <devicename> <ip address>
+    # <mask>
+    # Normally you do not need to modify this option.
+    option ipdown /etc/chilli/down.sh
+
+
+    # Radius parameters
+
+    # IP address to listen to
+    # Normally you do not need to uncomment this option.
+    #option radiuslisten 127.0.0.1
+
+    # IP address of radius server 1
+    # For most installations you need to modify this option.
+    option radiusserver1 rad01.chillispot.org
+
+    # IP address of radius server 2
+    # If you have only one radius server you should set radiusserver2 to the
+    # same value as radiusserver1.
+    # For most installations you need to modify this option.
+    option radiusserver2 rad02.chillispot.org
+
+    # Radius authentication port
+    # The UDP port number to use for radius authentication requests.
+    # The same port number is used for both radiusserver1 and radiusserver2.
+    # Normally you do not need to uncomment this option.
+    #option radiusauthport 1812
+
+    # Radius accounting port
+    # The UDP port number to use for radius accounting requests.
+    # The same port number is used for both radiusserver1 and radiusserver2.
+    # Normally you do not need to uncomment this option.
+    #option radiusacctport 1813
+
+    # Radius shared secret for both servers
+    # For all installations you should modify this option.
+    #option radiussecret testing123
+
+    # Radius NAS-Identifier
+    # Normally you do not need to uncomment this option.
+    #option radiusnasid nas01
+
+    # WISPr Location ID. Should be in the format: isocc=<ISO_Country_Code>,
+    # cc=<E.164_Country_Code>,ac=<E.164_Area_Code>,network=<ssid/ZONE>
+    # Normally you do not need to uncomment this option.
+    #option radiuslocationid isocc=us,cc=1,ac=408,network=ACMEWISP_NewarkAirport
+
+    # WISPr Location Name. Should be in the format:
+    # <HOTSPOT_OPERATOR_NAME>,<LOCATION>
+    # Normally you do not need to uncomment this option.
+    #option radiuslocationname ACMEWISP,Gate_14_Terminal_C_of_Newark_Airport
+
+
+    # Radius proxy parameters
+
+    # IP address to listen to
+    # Normally you do not need to uncomment this option.
+    #option proxylisten 10.0.0.1
+
+    # UDP port to listen to.
+    # If not specified a port will be selected by the system
+    # Normally you do not need to uncomment this option.
+    #option proxyport 1645
+
+    # Client(s) from which we accept radius requests
+    # Normally you do not need to uncomment this option.
+    #option proxyclient 10.0.0.1/24
+
+    # Radius proxy shared secret for all clients
+    # If not specified defaults to radiussecret
+    # Normally you do not need to uncomment this option.
+    #option proxysecret testing123
+
+
+    # DHCP Parameters
+
+    # Ethernet interface to listen to.
+    # This is the network interface which is connected to the access points.
+    # In a typical configuration this option should be set to eth1.
+    option dhcpif eth1
+
+    # Use specified MAC address.
+    # An address in the range  00:00:5E:00:02:00 - 00:00:5E:FF:FF:FF falls
+    # within the IANA range of addresses and is not allocated for other
+    # purposes.
+    # Normally you do not need to uncomment this option.
+    #option dhcpmac 00:00:5E:00:02:00
+
+    # Time before DHCP lease expires
+    # Normally you do not need to uncomment this option.
+    #option lease 600
+
+
+    # Universal access method (UAM) parameters
+
+    # URL of web server handling authentication.
+    option uamserver https://radius.chillispot.org/hotspotlogin
+
+    # URL of welcome homepage.
+    # Unauthenticated users will be redirected to this URL. If not specified
+    # users will be redirected to the uamserver instead.
+    # Normally you do not need to uncomment this option.
+    #option uamhomepage http://192.168.182.1/welcome.html
+
+    # Shared between chilli and authentication web server
+    #option uamsecret ht2eb8ej6s4et3rg1ulp
+
+    # IP address to listen to for authentication requests
+    # Do not uncomment this option unless you are an experienced user!
+    #option uamlisten 192.168.182.1
+
+    # TCP port to listen to for authentication requests
+    # Do not uncomment this option unless you are an experienced user!
+    #option uamport 3990
+
+    # Comma separated list of domain names, IP addresses or network segments
+    # the client can access without first authenticating.
+    # It is possible to specify this option multiple times.
+    # Normally you do not need to uncomment this option.
+    #option uamallowed www.chillispot.org,10.11.12.0/24
+
+    # Comma separated list of domain names
+    # the client can access without first authenticating.
+    # It is possible to specify this option multiple times.
+    # Normally you do not need to uncomment this option.
+    #option uamdomain .chillispot.org,.coova.org
+
+    # If this flag is given unauthenticated users are allowed to use
+    # any DNS server.
+    # Normally you do not need to uncomment this option.
+    #option uamanydns
+
+
+    # MAC authentication
+
+    # If this flag is given users will be authenticated only on their MAC
+    # address.
+    # Normally you do not need to uncomment this option.
+    #option macauth
+
+    # List of MAC addresses.
+    # The MAC addresses specified in this list will be authenticated only on
+    # their MAC address.
+    # this option is ignored if the macauth tag is given.
+    # It is possible to specify this option multiple times.
+    # Normally you do not need to uncomment this option.
+    #option macallowed 00-0A-5E-AC-BE-51,00-30-1B-3C-32-E9
+
+    # Password to use for MAC authentication.
+    # Normally you do not need to uncomment this option.
+    #option macpasswd password
+
+    # Suffix to add to MAC address in order to form the username.
+    # Normally you do not need to uncomment this option.
+    #option macsuffix suffix
+

feeds/third-party/coova-chilli/files/chilli.hotplug

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+[ "$ACTION" == "ifup" ] || exit 0
+
+[ "$INTERFACE" = "wan" ] && {
+	/etc/init.d/chilli restart
+}

feeds/third-party/coova-chilli/files/chilli.init

@@ -0,0 +1,93 @@
+#!/bin/sh /etc/rc.common
+
+START=90
+STOP=89
+USE_PROCD=1
+
+service_triggers() {
+	procd_add_reload_trigger "chilli"
+}
+
+config_cb() {
+	chilli_conf="/var/run/chilli_${2}.conf"
+	[ -e "$chilli_conf" ] && rm -f "$chilli_conf"
+}
+
+option_cb() {
+	case "$1" in
+		# ignored/internal settings
+		disabled)
+			;;
+		# UCI settings
+		network)
+			. /lib/functions/network.sh
+			local ifname
+			network_get_device ifname "$2"
+			echo "dhcpif=\"$ifname\"" >> "$chilli_conf"
+			;;
+		# boolean settings
+		acctupdate|chillixml|coanoipcheck|debug|dhcpbroadcast|dhcpmacset|dhcpnotidle|\
+		dhcpradius|dnsparanoia|domaindnslocal|eapolenable|fg|forgiving|framedservice|\
+		ieee8021q|injectwispr|ipv6|ipv6only|layer3|locationcopycalled|\
+		locationimmediateupdate|locationopt82|locationstopstart|macallowlocal|\
+		macauth|macauthdeny|macreauth|mmapring|mschapv2|noarpentries|noc2c|nochallenge|\
+		nodynip|noradallow|nosystemdns|nouamsuccess|nousergardendata|nowispr1|nowispr2|\
+		only8021q|openidauth|papalwaysok|patricia|postauthproxyssl|proxymacaccept|\
+		proxyonacct|radiusoriginalurl|radsec|redir|redirdnsreq|redirssl|redirurl|reload|\
+		routeonetone|scalewin|seskeepalive|statusfilesave|strictdhcp|strictmacauth|\
+		swapoctets|uamallowpost|uamanydns|uamanyip|uamauthedallowed|uamgardendata|\
+		uamnatanyip|uamotherdata|uamuissl|usetap|vlanlocation|wpaguests)
+			[ "$2" = "true" -o "$2" = "1" ] && echo "$1" >> "$chilli_conf"
+			;;
+		*)
+			echo "$1=\"$2\"" >> "$chilli_conf"
+			;;
+	esac
+}
+
+start_chilli() {
+	local cfg="$1"
+	local base="/var/run/chilli_${cfg}"
+
+	config_get_bool disabled "$1" 'disabled' 0
+	[ $disabled = 1 ] && return
+
+	procd_open_instance "$cfg"
+	procd_set_param command /usr/sbin/chilli
+	procd_set_param file "$chilli_conf"
+	procd_append_param command \
+		--fg \
+		--conf "${base}.conf" \
+		--pidfile "${base}.pid" \
+		--cmdsocket "${base}.sock" \
+		--unixipc "${base}.ipc"
+	procd_set_param respawn
+	procd_set_param stdout 1
+	procd_set_param stderr 1
+	procd_close_instance
+}
+
+start_service() {
+	config_load chilli
+	config_foreach start_chilli chilli
+}
+
+stop_service() {
+	rm -f /var/run/chilli_*
+}
+
+reload_chilli() {
+	local pid
+	local cfg="$1"
+	local base="/var/run/chilli_${cfg}"
+	if [ -f "${base}.pid" ]; then
+		pid="$(cat "${base}.pid")"
+		[ -f "/var/run/chilli.${pid}.cfg.bin" ] && rm -f "/var/run/chilli.${pid}.cfg.bin"
+		chilli_query -s "${base}.sock" reload
+	fi
+}
+
+reload_service() {
+	config_load chilli
+	config_foreach reload_chilli chilli
+}

feeds/third-party/coova-chilli/patches/100-fix_compile_kmod.patch

@@ -0,0 +1,13 @@
+--- a/src/linux/Makefile
++++ b/src/linux/Makefile
+@@ -25,8 +25,8 @@ lib%.o: lib%.c
+ 	$(CC) $(CFLAGS) -fPIC -O2 -Wall -D_INIT=lib$*_init -c -o $@ $<;
+ 
+ install: modules_install libxt_coova.so
+-	mkdir -p $(DESTDIR)/lib/xtables/
+-	cp libxt_coova.so $(DESTDIR)/lib/xtables/
++	mkdir -p $(DESTDIR)/usr/lib/iptables/
++	cp libxt_coova.so $(DESTDIR)/usr/lib/iptables/
+ 
+ distdir:
+ 

feeds/third-party/coova-chilli/patches/200-wolfssl.patch

@@ -0,0 +1,53 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -397,7 +397,7 @@ AC_ARG_WITH([cyassl],
+  [AS_HELP_STRING([--with-cyassl], [enable support for cyassl])],[],[with_cyassl=no])
+ 
+ AS_IF([test x"$with_cyassl" != xno],
+-  [AC_CHECK_LIB([cyassl], [CyaSSL_Init],
++  [AC_CHECK_LIB([cyassl], [wolfSSL_Init],
+               [AC_SUBST([LIBSSL], ["-lcyassl"])
+                AC_DEFINE([HAVE_CYASSL], [1],
+                          [Define if you have cyassl])
+--- a/src/ippool.c
++++ b/src/ippool.c
+@@ -35,6 +35,7 @@ int ippool_print(int fd, struct ippool_t
+   char * sep = "-- %-15s ------------------------------------------------------------\n";
+ 
+ #define ERR 0
++#undef USED /* defined in <wolfssl/wolfcrypt/integer.h> */
+ #define USED 1
+ #define FREE 2
+ #define LIST 3
+--- a/src/md5.h
++++ b/src/md5.h
+@@ -35,7 +35,6 @@
+ #define MD5Update MD5_Update
+ #define MD5Final MD5_Final
+ 
+-typedef struct CYASSL_MD5_CTX MD5_CTX;
+ #else
+ 
+ struct MD5Context {
+--- a/src/ssl.c
++++ b/src/ssl.c
+@@ -131,7 +131,7 @@ _openssl_env_init(openssl_env *env, char
+    */
+   const long options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION;
+   env->meth = SSLv23_method();
+-  env->ctx = SSL_CTX_new(env->meth);
++  env->ctx = SSL_CTX_new((void *)env->meth);
+   SSL_CTX_set_options(env->ctx, options);
+   if (_options.sslciphers) {
+     SSL_CTX_set_cipher_list(env->ctx, _options.sslciphers);
+--- a/src/ssl.h
++++ b/src/ssl.h
+@@ -48,6 +48,8 @@ typedef struct {
+ #include <time.h>
+ #include <string.h>
+ 
++#define OPENSSL_NO_ENGINE
++#include <cyassl/options.h>
+ #include <cyassl/ssl.h>
+ #include <cyassl/openssl/bio.h>
+ #include <cyassl/openssl/crypto.h>

feeds/third-party/coova-chilli/patches/300-sysinfo.patch

@@ -0,0 +1,23 @@
+From 196b783b5ea7f8d6cf57ddbd41dc1881ef47a1c4 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Wed, 11 Dec 2019 19:33:58 -0800
+Subject: [PATCH] system.h: Fix compilation with kernel 4.19 + musl
+
+<linux/netlink.h> includes <linux/sysinfo.h> , which redefines struct sysinfo, leading to an error.
+Define the linux header as included to solve compilation.
+
+Signed-off-by: Rosen Penev <rosenp@gmail.com>
+---
+ src/system.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/src/system.h
++++ b/src/system.h
+@@ -114,6 +114,7 @@
+ 
+ #ifdef HAVE_SYS_SYSINFO_H
+ #include <sys/sysinfo.h>
++#define _LINUX_SYSINFO_H
+ #else
+ #ifdef HAVE_LINUX_SYSINFO_H
+ #define _LINUX_KERNEL_H

feeds/third-party/coova-chilli/patches/400-fix-version.patch

@@ -0,0 +1,11 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -2,7 +2,7 @@
+ # Process this file with autoconf to produce a configure script.
+ 
+ AC_PREREQ([2.59])
+-AC_INIT([coova-chilli],[1.4],[https://github.com/coova/coova-chilli/issues])
++AC_INIT([coova-chilli],[1.5],[https://github.com/coova/coova-chilli/issues])
+ AC_CONFIG_SRCDIR([src/chilli.c])
+ 
+ AM_INIT_AUTOMAKE

profiles/chilli-redirect.yml

@@ -0,0 +1,9 @@
+---
+description: Add the chilli redirect dependencies
+feeds:
+  - name: third_party
+    path: ../../feeds/third-party
+
+packages:
+  - coova-chilli
+  - chilli-redirect