From afdfb5aa4a3f2fc555a9d91bb6f3730a8962b777 Mon Sep 17 00:00:00 2001
From: John Crispin <john@phrozen.org>
Date: Sun, 19 Oct 2025 00:00:00 +0200
Subject: [PATCH] ucentral-tools: modernise build system and remove ip-collide

Update CMakeLists.txt to CMake 3.10 with comprehensive compiler
warnings and security hardening flags. Add strict warning flags
(-Wall, -Wextra, -Werror plus ~30 additional checks) and security
features (stack protector, RELRO). Separate Debug/Release
configurations with appropriate optimisation flags.

Remove ip-collide tool from build and installation as it's no longer
needed.

Signed-off-by: John Crispin <john@phrozen.org>
---
 feeds/ucentral/ucentral-tools/Makefile        |   2 +-
 .../ucentral-tools/src/CMakeLists.txt         | 120 ++++++++++++++----
 .../ucentral/ucentral-tools/src/ip-collide.c  |  86 -------------
 3 files changed, 97 insertions(+), 111 deletions(-)
 delete mode 100644 feeds/ucentral/ucentral-tools/src/ip-collide.c

diff --git a/feeds/ucentral/ucentral-tools/Makefile b/feeds/ucentral/ucentral-tools/Makefile
index 461311947..17b4a48c0 100644
--- a/feeds/ucentral/ucentral-tools/Makefile
+++ b/feeds/ucentral/ucentral-tools/Makefile
@@ -18,7 +18,7 @@ endef
 
 define Package/ucentral-tools/install
 	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/{dhcpdiscover,dnsprobe,radiusprobe,ip-collide} $(1)/usr/sbin/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/{dhcpdiscover,dnsprobe,radiusprobe} $(1)/usr/sbin/
 	$(CP) ./files/* $(1)
 endef
 
diff --git a/feeds/ucentral/ucentral-tools/src/CMakeLists.txt b/feeds/ucentral/ucentral-tools/src/CMakeLists.txt
index e15bf82da..18f727f01 100644
--- a/feeds/ucentral/ucentral-tools/src/CMakeLists.txt
+++ b/feeds/ucentral/ucentral-tools/src/CMakeLists.txt
@@ -1,36 +1,108 @@
-cmake_minimum_required(VERSION 2.6)
+cmake_minimum_required(VERSION 3.10)
 
-PROJECT(openwifi-tools C)
-INCLUDE(GNUInstallDirs)
-ADD_DEFINITIONS(-Os -ggdb -Wall -Werror --std=gnu99 -Wmissing-declarations)
+project(openwifi-tools C)
+include(GNUInstallDirs)
 
-SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
+# Set C standard
+set(CMAKE_C_STANDARD 99)
+set(CMAKE_C_STANDARD_REQUIRED ON)
 
-ADD_EXECUTABLE(firstcontact firstcontact.c)
-TARGET_LINK_LIBRARIES(firstcontact curl crypto ssl ubox)
-INSTALL(TARGETS firstcontact
-	RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR}
+# Comprehensive warning flags (cross-compilation friendly)
+set(WARNING_FLAGS
+    -Wall
+    -Wextra
+    -Werror
+    -Wformat=2
+    -Wformat-security
+    -Wnull-dereference
+    -Warray-bounds=2
+    -Wimplicit-fallthrough=3
+    -Wshift-overflow=2
+    -Wcast-qual
+    -Wstringop-overflow=4
+    -Wlogical-op
+    -Wduplicated-cond
+    -Wduplicated-branches
+    -Wformat-overflow=2
+    -Wformat-truncation=2
+    -Wmissing-declarations
+    -Wredundant-decls
+    -Wshadow
+    -Wstrict-overflow=4
+    -Wundef
+    -Wstrict-prototypes
+    -Wswitch-default
+    -Wbad-function-cast
+    -Wwrite-strings
+    -Wjump-misses-init
+    -Wold-style-definition
+    -Wmissing-prototypes
 )
 
-ADD_EXECUTABLE(dhcpdiscover dhcpdiscover.c)
-INSTALL(TARGETS dhcpdiscover
-	RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR}
+# Security hardening flags (cross-compilation friendly)
+set(SECURITY_FLAGS
+    -fstack-protector-strong
 )
 
-ADD_EXECUTABLE(dnsprobe dnsprobe.c)
-TARGET_LINK_LIBRARIES(dnsprobe ubox resolv)
-INSTALL(TARGETS dnsprobe
-	RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR}
+# Linker security flags (cross-compilation friendly)
+set(SECURITY_LINKER_FLAGS
+    -Wl,-z,relro
+    -Wl,-z,now
 )
 
-ADD_EXECUTABLE(radiusprobe radiusprobe.c)
-TARGET_LINK_LIBRARIES(radiusprobe radcli)
-INSTALL(TARGETS radiusprobe
-	RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR}
+# Debug flags
+set(DEBUG_FLAGS
+    -g3
+    -ggdb
+    -fno-omit-frame-pointer
+    -fno-optimize-sibling-calls
 )
 
-ADD_EXECUTABLE(ip-collide ip-collide.c)
-TARGET_LINK_LIBRARIES(ip-collide ubox)
-INSTALL(TARGETS ip-collide
-	RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR}
+# Release optimization flags
+set(RELEASE_FLAGS
+    -O2
+    -flto
+    -ffunction-sections
+    -fdata-sections
 )
+
+set(RELEASE_LINKER_FLAGS
+    -Wl,--gc-sections
+    -flto
+)
+
+# Apply flags based on build type
+if(CMAKE_BUILD_TYPE STREQUAL "Debug")
+    add_compile_options(${WARNING_FLAGS} ${SECURITY_FLAGS} ${DEBUG_FLAGS})
+    add_link_options(${SECURITY_LINKER_FLAGS})
+else()
+    add_compile_options(${WARNING_FLAGS} ${SECURITY_FLAGS} ${RELEASE_FLAGS})
+    add_link_options(${SECURITY_LINKER_FLAGS} ${RELEASE_LINKER_FLAGS})
+endif()
+
+set(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
+
+# Define all targets
+set(TARGETS firstcontact dhcpdiscover dnsprobe radiusprobe)
+
+# firstcontact executable
+add_executable(firstcontact firstcontact.c)
+target_link_libraries(firstcontact PRIVATE curl crypto ssl ubox)
+
+# dhcpdiscover executable  
+add_executable(dhcpdiscover dhcpdiscover.c)
+
+# dnsprobe executable
+add_executable(dnsprobe dnsprobe.c)
+target_link_libraries(dnsprobe PRIVATE ubox resolv)
+
+# radiusprobe executable
+add_executable(radiusprobe radiusprobe.c)
+target_link_libraries(radiusprobe PRIVATE radcli)
+
+# Install all targets
+install(TARGETS ${TARGETS}
+    RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR}
+    COMPONENT Runtime
+)
+
diff --git a/feeds/ucentral/ucentral-tools/src/ip-collide.c b/feeds/ucentral/ucentral-tools/src/ip-collide.c
deleted file mode 100644
index cf81fc8c1..000000000
--- a/feeds/ucentral/ucentral-tools/src/ip-collide.c
+++ /dev/null
@@ -1,86 +0,0 @@
-#include <arpa/inet.h>
-#include <net/if.h>
-
-#include <libubox/list.h>
-#include <libubox/ulog.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-struct route {
-	struct list_head list;
-	char devname[64];
-	uint32_t domain;
-	uint32_t mask;
-};
-
-static struct list_head routes = LIST_HEAD_INIT(routes);
-
-static int parse_routes(void)
-{
-	FILE *fp = fopen("/proc/net/route", "r");
-	int flgs, ref, use, metric, mtu, win, ir;
-	struct route *route;
-	unsigned long g;
-	int r;
-
-	r = fscanf(fp, "%*[^\n]\n");
-	if (r < 0) {
-		fprintf(stderr, "failed to parse routes\n");
-		return -1;
-	}
-	while (1) {
-		route = malloc(sizeof(*route));
-		if (!route)
-			break;
-		memset(route, 0, sizeof(*route));
-		r = fscanf(fp, "%63s%x%lx%X%d%d%d%x%d%d%d\n",
-			route->devname, &route->domain, &g, &flgs, &ref, &use, &metric, &route->mask,
-			&mtu, &win, &ir);
-		if (r != 11 && (r < 0) && feof(fp))
-			break;
-		list_add(&route->list, &routes);
-		printf("1 %s %x %x\n", route->devname, ntohl(route->domain), ntohl(route->mask));
-	}
-
-	fclose(fp);
-
-	return 0;
-}
-
-static int find_collisions(void)
-{
-	struct route *route;
-
-	list_for_each_entry(route, &routes, list) {
-		struct route *compare;
-
-		if (!route->domain || !route->mask)
-			continue;
-		list_for_each_entry(compare, &routes, list) {
-			if (!compare->domain || !compare->mask)
-				continue;
-			if (compare == route)
-				continue;
-			if (((route->domain & route->mask) == (compare->domain & route->mask)) ||
-			    ((route->domain & compare->mask) == (compare->domain & compare->mask))) {
-				ULOG_ERR("collision detected\n");
-				return 1;
-			}
-		}
-	}
-	ULOG_INFO("no collision detected\n");
-	return 0;
-}
-
-int main(int argc, char **argv)
-{
-	ulog_open(ULOG_SYSLOG | ULOG_STDIO, LOG_DAEMON, "ip-collide");
-
-	parse_routes();
-	if (!list_empty(&routes))
-		return find_collisions();
-
-	return 0;
-}