From e6054d9f8fb884c26a7528b38733d6f3834e221d Mon Sep 17 00:00:00 2001 From: Suvendhu Hansa Date: Mon, 22 Sep 2025 12:56:25 +0530 Subject: [PATCH] icwmp: update dhcp on-boading - disable dhcp_discovery once on-boarded - Only allow `https` url through dhcp option 43 --- icwmp/Makefile | 4 ++-- .../files/etc/udhcpc.user.d/udhcpc_icwmp_opt43.user | 12 ++++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/icwmp/Makefile b/icwmp/Makefile index 1ee12390e..e7db161b3 100755 --- a/icwmp/Makefile +++ b/icwmp/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=icwmp -PKG_VERSION:=9.10.3 +PKG_VERSION:=9.10.4 LOCAL_DEV:=0 ifneq ($(LOCAL_DEV),1) PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git -PKG_SOURCE_VERSION:=31bed647eae9d3389085769118f1055d1620e1a2 +PKG_SOURCE_VERSION:=505d3d63e06d84b144ce2eb63ea89af723abf0ed PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz PKG_MIRROR_HASH:=skip endif diff --git a/icwmp/files/etc/udhcpc.user.d/udhcpc_icwmp_opt43.user b/icwmp/files/etc/udhcpc.user.d/udhcpc_icwmp_opt43.user index d6fbd85d2..5f0e449a7 100644 --- a/icwmp/files/etc/udhcpc.user.d/udhcpc_icwmp_opt43.user +++ b/icwmp/files/etc/udhcpc.user.d/udhcpc_icwmp_opt43.user @@ -77,6 +77,7 @@ get_opt43() { config_load cwmp config_get wan_intf cpe default_wan_interface "wan" config_get dhcp_discovery acs dhcp_discovery "0" +config_get_bool insecure_enable acs insecure_enable "0" config_get dhcp_url acs dhcp_url "" config_get min_wait_intvl acs dhcp_retry_min_wait_interval "0" config_get intvl_multi acs dhcp_retry_interval_multiplier "0" @@ -102,6 +103,17 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then return 0 fi + if [ "${insecure_enable}" -eq "0" ]; then + case $DHCP_ACS_URL in + https://*) + log "ACS url $DHCP_ACS_URL has https" + ;; + *) + return 0 + ;; + esac + fi + sec=$(uci -q get cwmp.acs) if [ -z "${sec}" ]; then