From 653b74aacf451480b3a76617965831b6ad36f85f Mon Sep 17 00:00:00 2001 From: Suvendhu Hansa Date: Thu, 3 Jul 2025 11:25:50 +0530 Subject: [PATCH] icwmp: avoid unexpected DHCP release at runtime --- icwmp/Makefile | 1 + icwmp/files/etc/init.d/icwmpd | 95 ---------------- .../etc/uci-defaults/999-cwmp-conn-config | 107 ++++++++++++++++++ 3 files changed, 108 insertions(+), 95 deletions(-) create mode 100644 icwmp/files/etc/uci-defaults/999-cwmp-conn-config diff --git a/icwmp/Makefile b/icwmp/Makefile index 716f9b0cb..c30c0f9d4 100755 --- a/icwmp/Makefile +++ b/icwmp/Makefile @@ -88,6 +88,7 @@ define Package/icwmp/install $(INSTALL_BIN) ./files/etc/uci-defaults/90-cwmpfirewall $(1)/etc/uci-defaults/ $(INSTALL_BIN) ./files/etc/uci-defaults/95-set-random-inform-time $(1)/etc/uci-defaults/ $(INSTALL_BIN) ./files/etc/uci-defaults/85-migrate-gw-info $(1)/etc/uci-defaults/ + $(INSTALL_BIN) ./files/etc/uci-defaults/999-cwmp-conn-config $(1)/etc/uci-defaults/ $(INSTALL_BIN) ./files/etc/icwmpd/vendor_log.sh $(1)/etc/icwmpd/vendor_log.sh $(INSTALL_BIN) ./files/etc/icwmpd/firewall.cwmp $(1)/etc/icwmpd/firewall.cwmp $(INSTALL_DATA) ./files/lib/upgrade/keep.d/icwmp $(1)/lib/upgrade/keep.d/icwmp diff --git a/icwmp/files/etc/init.d/icwmpd b/icwmp/files/etc/init.d/icwmpd index b9d492112..d55177df0 100755 --- a/icwmp/files/etc/init.d/icwmpd +++ b/icwmp/files/etc/init.d/icwmpd @@ -16,79 +16,6 @@ log() { echo "${@}"|logger -t cwmp.init -p info } -regenerate_ssl_link() { - local cert_dir - - cert_dir="${1%/}" - if [ -f "${cert_dir}" ]; then - return 0 - fi - - # do not generate the c_rehash if its system default cert path - # ca-certificate package already generates c_rehash on compilation - [ ! -d "${cert_dir}" ] || [ "${cert_dir}" = "/etc/ssl/certs" ] && return 0 - - generate_links() { - local file_type="$1" - local files="${cert_dir}"/*."${file_type}" - for cfile in ${files}; do - if [ -f "${cfile}" ]; then - rehash="$(openssl x509 -hash -noout -in "${cfile}")" - if [ ! -f "${cert_dir}/${rehash}.0" ]; then - log "Generating c_rehash for ${cfile}=>${rehash}.0" - ln -s "${cfile}" "${cert_dir}/${rehash}.0" - fi - fi - done - } - - generate_links "pem" -} - -enable_dhcp_option43() { - local wan="${1}" - - ### Ask for DHCP Option 43 only if CWMP is enabled ### - local reqopts="$(uci -q get network."${wan}".reqopts)" - local proto="$(uci -q get network."${wan}".proto)" - local newreqopts="" - local option43_present=0 - - for ropt in $reqopts; do - case $ropt in - 43) option43_present=1 ;; - *) ;; - esac - done - - if [ ${option43_present} -eq 1 ]; then - return; - fi - - newreqopts="$reqopts 43" - if [ "${proto}" = "dhcp" ]; then - uci -q set network."${wan}".reqopts="$newreqopts" - uci commit network - ubus call network reload - fi -} - -set_vendor_id() { - local wan="${1}" - local proto="$(uci -q get network."${wan}".proto)" - - if [ "${proto}" = "dhcp" ]; then - vendorid="$(uci -q get network."${wan}".vendorid)" - if [ -z "${vendorid}" ]; then - uci -q set network."${wan}".vendorid="dslforum.org" - ubus call uci commit '{"config":"network"}' - elif [[ $vendorid != *"dslforum.org"* ]]; then - uci -q set network."${wan}".vendorid="${vendorid},dslforum.org" - ubus call uci commit '{"config":"network"}' - fi - fi -} - wait_for_resolvfile() { local time=$1 local tm=1 @@ -211,28 +138,6 @@ validate_defaults() { } boot() { - local dhcp_discovery wan_interface skip_dhcp_boot_options - - config_load cwmp - config_get wan_interface cpe default_wan_interface "wan" - config_get dhcp_discovery acs dhcp_discovery "0" - config_get skip_dhcp_boot_options acs skip_dhcp_boot_options "0" - - if [ "${dhcp_discovery}" = "enable" ] || [ "${dhcp_discovery}" = "1" ]; then - if [ "${skip_dhcp_boot_options}" -ne 1 ]; then - # Set dhcp option 43 if not already configured - enable_dhcp_option43 "${wan_interface}" - # Set dhcp option 60 - set_vendor_id "${wan_interface}" - fi - fi - - config_get ssl_capath acs ssl_capath - - if [ -n "${ssl_capath}" ]; then - regenerate_ssl_link "${ssl_capath}" - fi - # Copy backup data so that if it restart latter on, it gets the info copy_cwmp_etc_files_to_varstate mkdir -p /var/run/icwmpd/ diff --git a/icwmp/files/etc/uci-defaults/999-cwmp-conn-config b/icwmp/files/etc/uci-defaults/999-cwmp-conn-config new file mode 100644 index 000000000..0e0f761d9 --- /dev/null +++ b/icwmp/files/etc/uci-defaults/999-cwmp-conn-config @@ -0,0 +1,107 @@ +#!/bin/sh + +. /lib/functions.sh + +log() { + echo "${@}"|logger -t cwmp.defaults -p info +} + +set_vendor_id() { + local wan="${1}" + local proto="$(uci -q get network."${wan}".proto)" + + if [ "${proto}" = "dhcp" ]; then + vendorid="$(uci -q get network."${wan}".vendorid)" + if [ -z "${vendorid}" ]; then + uci -q set network."${wan}".vendorid="dslforum.org" + elif [[ $vendorid != *"dslforum.org"* ]]; then + uci -q set network."${wan}".vendorid="${vendorid},dslforum.org" + fi + fi +} + +enable_dhcp_option43() { + local wan="${1}" + + local reqopts="$(uci -q get network."${wan}".reqopts)" + local proto="$(uci -q get network."${wan}".proto)" + local newreqopts="" + local option43_present=0 + + for ropt in $reqopts; do + case $ropt in + 43) option43_present=1 ;; + *) ;; + esac + done + + if [ ${option43_present} -eq 1 ]; then + return; + fi + + newreqopts="$reqopts 43" + if [ "${proto}" = "dhcp" ]; then + uci -q set network."${wan}".reqopts="$newreqopts" + fi +} + +regenerate_ssl_link() { + local cert_dir + + cert_dir="${1%/}" + if [ -f "${cert_dir}" ]; then + return 0 + fi + + # do not generate the c_rehash if its system default cert path + # ca-certificate package already generates c_rehash on compilation + [ ! -d "${cert_dir}" ] || [ "${cert_dir}" = "/etc/ssl/certs" ] && return 0 + + generate_links() { + local file_type="$1" + local files="${cert_dir}"/*."${file_type}" + for cfile in ${files}; do + if [ -f "${cfile}" ]; then + rehash="$(openssl x509 -hash -noout -in "${cfile}")" + if [ ! -f "${cert_dir}/${rehash}.0" ]; then + log "Generating c_rehash for ${cfile}=>${rehash}.0" + ln -s "${cfile}" "${cert_dir}/${rehash}.0" + fi + fi + done + } + + generate_links "pem" +} + +configure_dhcp_discovery() { + local dhcp_discovery wan_interface skip_dhcp_boot_options + + config_load cwmp + config_get wan_interface cpe default_wan_interface "wan" + config_get dhcp_discovery acs dhcp_discovery "0" + config_get skip_dhcp_boot_options acs skip_dhcp_boot_options "0" + + if [ "${dhcp_discovery}" = "enable" ] || [ "${dhcp_discovery}" = "1" ]; then + if [ "${skip_dhcp_boot_options}" -ne 1 ]; then + # Set dhcp option 43 if not already configured + enable_dhcp_option43 "${wan_interface}" + # Set dhcp option 60 + set_vendor_id "${wan_interface}" + fi + fi +} + +configure_ssl_path() { + local ssl_capath + + config_load cwmp + config_get ssl_capath acs ssl_capath + + if [ -n "${ssl_capath}" ]; then + regenerate_ssl_link "${ssl_capath}" + fi +} + +configure_dhcp_discovery +configure_ssl_path