From e0fde6e9134afcf3ddd307ff13f4891e189cd6ea Mon Sep 17 00:00:00 2001
From: Suvendhu Hansa <suvendhu.hansa@iopsys.eu>
Date: Mon, 7 Apr 2025 18:02:23 +0530
Subject: [PATCH] Fix apply firewall rules at reload event

---
 src/common.h     | 2 +-
 src/cwmp.c       | 2 +-
 src/http.c       | 2 +-
 src/session.c    | 4 ++--
 src/ubus_utils.c | 6 ++++++
 src/uci_utils.c  | 2 +-
 6 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/common.h b/src/common.h
index e9252d6..eb2de0c 100644
--- a/src/common.h
+++ b/src/common.h
@@ -135,7 +135,6 @@ typedef struct config {
 	bool acs_getrpc;
 	bool auto_tc_enable;
 	bool auto_cdu_enable;
-	bool cr_ip_port_change;
 	int retry_min_wait_interval;
 	int retry_interval_multiplier;
 
@@ -224,6 +223,7 @@ typedef struct cwmp {
 	struct ubus_event_handler *intf_ev;
 	bool throttle_session_triggered;
 	bool acs_changed;
+	bool cr_ip_port_change;
 	int curr_delay_reboot;
 	time_t curr_schedule_reboot;
 	char ip_acs[128];
diff --git a/src/cwmp.c b/src/cwmp.c
index b581354..9c91141 100644
--- a/src/cwmp.c
+++ b/src/cwmp.c
@@ -353,7 +353,7 @@ int main(int argc, char **argv)
 	http_server_start();
 
 	apply_allowed_cr_ip_port();
-	cwmp_ctx.conf.cr_ip_port_change = false;
+	cwmp_ctx.cr_ip_port_change = false;
 
 	uloop_run();
 	uloop_done();
diff --git a/src/http.c b/src/http.c
index 9d57352..1d0b0c4 100644
--- a/src/http.c
+++ b/src/http.c
@@ -685,7 +685,7 @@ void icwmp_http_server_init(void)
 		cr_port_str[5] = '\0';
 		set_uci_path_value(NULL, "cwmp.cpe.port", cr_port_str);
 		connection_request_port_value_change(cr_port);
-		cwmp_ctx.conf.cr_ip_port_change = true;
+		cwmp_ctx.cr_ip_port_change = true;
 	}
 
 	CWMP_LOG(INFO, "Connection Request server initiated with the port: %d", cr_port);
diff --git a/src/session.c b/src/session.c
index 9e956dc..6dd0768 100644
--- a/src/session.c
+++ b/src/session.c
@@ -697,10 +697,10 @@ int run_session_end_func(void)
 		CWMP_LOG(ERROR, "config reload failed at session end");
 	}
 
-	if (cwmp_ctx.conf.cr_ip_port_change == true) {
+	if (cwmp_ctx.cr_ip_port_change == true) {
 		CWMP_LOG(INFO, "Allowed CR IPs are changed");
 		apply_allowed_cr_ip_port();
-		cwmp_ctx.conf.cr_ip_port_change = false;
+		cwmp_ctx.cr_ip_port_change = false;
 	}
 
 	reinit_cwmp_periodic_session_feature();
diff --git a/src/ubus_utils.c b/src/ubus_utils.c
index b2cd2c9..1ead5b4 100644
--- a/src/ubus_utils.c
+++ b/src/ubus_utils.c
@@ -88,6 +88,12 @@ static int reload_cmd(struct blob_buf *b)
 			blobmsg_add_u32(b, "status", 0);
 			blobmsg_add_string(b, "info", "icwmpd config reloaded");
 
+			if (cwmp_ctx.cr_ip_port_change == true) {
+				CWMP_LOG(INFO, "Allowed CR IPs are changed");
+				apply_allowed_cr_ip_port();
+				cwmp_ctx.cr_ip_port_change = false;
+			}
+
 			if (cwmp_ctx.acs_changed) {
 				CWMP_LOG(INFO, "%s: Schedule session with new ACS since URL changed", __func__);
 				uloop_timeout_cancel(&session_timer);
diff --git a/src/uci_utils.c b/src/uci_utils.c
index 8ee5f63..38f7f31 100644
--- a/src/uci_utils.c
+++ b/src/uci_utils.c
@@ -464,7 +464,7 @@ static void config_get_cpe_elements(struct uci_section *s)
 
 	if (CWMP_STRCMP(cwmp_ctx.conf.valid_cr_ip, allowed_cr_ip) != 0) {
 		snprintf(cwmp_ctx.conf.valid_cr_ip, sizeof(cwmp_ctx.conf.valid_cr_ip), "%s", allowed_cr_ip);
-		cwmp_ctx.conf.cr_ip_port_change = true;
+		cwmp_ctx.cr_ip_port_change = true;
 	}
 
 	CWMP_LOG(DEBUG, "CWMP CONFIG - cpe allowed_cr_ip: %s", cwmp_ctx.conf.valid_cr_ip);