UCSPI for IPv6
What is ucspi-tcp6?
Dan Bernstein's UNIX Client-Server Program Interface, UCSPI is a cornerstone of reliable network communication under Unix.
IPv6 capabilities have been included by Felix von Leitner's
IPv6 patch.
Based on some additional research at the University of Applied Sciences in Frankfurt/Main (Germany),
now a full-featured version is available supporting in addition compactified IPv6 addresses and the well-known
classless prefix-notation for IPv4 and IPv6 networks.
ucspi-tcp6 has been build to confirm with Dan Bernstein's slashpackage scheme and uses a binary-compatible CDB for communication control.
Features
The current version of ucspi-tcp6 provides the following features:
- All client and server programs are fully IPv6 capable; supporting compactified and IPv6 LLU addresses; in particular for tcpserver and tcpclient.
- The tcprules database allows a CIDR expression of IPv4/IPv6 addresses and of course the evaluation of those within tcpserver. The promoted environment variables may include colons.
- rblsmtpd supports the inverse IPv6 nibble format for RBL and anti-RBL lookups and an interrogation format together with the Greetdelay option.
Dual-stack operation:
tcpserver simultaneously
accepts connections from IPv4 and IPv6 clients.
ucspi-tcp6 is 64-bit-enabled and running on a wide range of Unix systems including OmniOS and Raspbian.
Changelog
- Version 1.10 is a complete redesign based on fehQlibs
- Version 1.10.7 is a 'heritage' version carefully checked for correctness and conformance.
- Version 1.11.5 is the 'final' version now based on fehQlibs-15.
- Version 1.12.3 the 'never-say-never' version includes now the MAXCONIP feature and requires fehQlibs-18+ for GCC-10 compatibility.
- Version 1.13.0 takes care of current compilers and their airs and graces.
Version history
ucspi-tcp6 posseses the following family tree:
- ucspi-tcp-0.88 is the orginal version of Dan Bernstein.
- ucspi-tcp6-0.9x added IPv6 and CIDR capabilities (in particular for IPv4) together with Greetdelay and IPv6 lookup for rblsmtpd.
- ucspi-tcp6-1.0x maintenence release with increased OS compatibility and (premature) colon-support in tcprules cdb.
- ucspi-tcp6-1.10.x code refactoring based on fehQlibs.
- ucspi-tcp6-1.11 is ought to be the final version based on fehQlibs.
- ucspi-tcp6-1.12 is a refactoring release for GCC-10 including the MAXCONIP feature.
- ucspi-tcp6-1.13 again is a refactoring release for mostly GCC-14 and Clang-18.
Sources
| Version & Download | Description | fehQlibs version | Verification |
|---|---|---|---|
| ucspi-tcp6 1.13.02 | The twelfth (and already post-final) 1.13 takes care of modern 'C' requirements with minor adjustments for GCC 14.2. | fehQlibs-25+ | MD5: b09b06bede8fc6b965f179238b557779 Build: 20240923113310 |
| ucspi-tcp6 1.12.4 | The tenth (and already post-final) 1.12 complies well with current C compilers while supporting the MAXCONIP feature from the cdb. | fehQlibs-22 | MD5: 71aac0285a59bd91c3de48af0942f275 Build: 20230518211811 |
| ucspi-tcp6 1.11.6a | The eights (and already post-final) 1.11 takes advantage of fehQlibs-15 in order to provide a better IPv4 and DNS client compatibility in particular using 'well known' hostnames like localhost. In addition, GCC 10 compliance is now given using fehQlibs-15. | fehQlibs-16 and fehQlibs-15 | MD5: 4e59d975055aaf5fa8cbea94fb76f92c Build: 20200920111210 |
| ucspi-tcp6 1.10.7 | This eights 1.10 release supports fehQlibs-12 while providing maximum conformance with previous versions; in particular for tcprules. | fehQlibs-10 or fehQlibs-12 | MD5: b7d5652cb41354e4886488465432d49e Build: 20200827213555 |
ucspi-tcp6's source files are documented in doxygen.
Documentation
The main programs and helpers:
Updated man pages:
| Server apps | Client apps | Miscellaneous |
|---|---|---|
| rblsmtpd | date@ | addcr |
| recordio | finger@ | argv0 |
| tcprules | http@ | delcr |
| tcprulescheck | mconnect | fixcrio |
| tcpserver | tcpcat | tcp-environ |
| tcpclient | ||
| who@ |
How to install ucspi-tcp6
Prior of installing ucspi-tcp6-1.13 you need to install the fitting fehQlibs. Please follow instructions here.
ucspi-tcp6 uses D.J. Bernstein's /package
conventions for installation.
Typically, un-tar the archive under /package, change to net/ucspi-tcp6/ucspi-tcp6-<version>
and call package/install.
ucspi-tcp6 is pre-packaged to suite the AMD64 environment
and comes with additional man-pages.
Tickets, Change Requests, communication
An EZMLM mailing list keeps you updated with current developments, bug fixes, and features discussed. This list also can be used to file
- Defects (bug reports) and
- Change Requests (enhancements).
To inscribe use: ucspi mailing list
This list is also used for ucspi-ssl. As usual, I can't guarantee a certain response level; but reasonable issues will be answered.
Internals
CIDR Support
Main modification in ucspi-tcp6 is the enhanced format for tcpserver's rules.cdb. It supports now:
- Compactified IPv6 host addresses in the format:
fe80::a:b:cd:1234
- Classless IPv4/IPv6 net addresses declared in the common CIDR /prefix
notation:
127.0/8:allow fe80::/64:allow
- Evaluation of the CIDR addresses considers the longest matching prefix.
Thus, you can specify:
2001:a::/48:deny 2001:a:b:c::/64:allow
IPv6 for rblsmtpd RBL Lookups
rblsmtpd is able to do a RBL lookup even for IPv6 addresses constructing the TXT query in the following way:
However; I'm not aware of any exiting IPv6 RBL. Rather, within my package djbdnscurve6 you might find rbldns which can cope with those requirements.
DNS Stub Resolver
ucspi-tcp6 comes with a DNS stub resolver borrowed from fehQlibs. Thus IPv4 and IPv6 Name resolution is provided and allowing to specify dedicated Forwarder/Cache Servers and Name Qualification apart from /etc/resolv.conf.
In practice, you are allowed to use those services on your link-local IPv6 network, which actually protects your DNS queries and replies given a trusted network link.
*ix specific installation instructions
MacOS X
ucspi-tcp6 will compile with clang in case Xcode is installed.
Note: High Sierra seems to be broken beyond repair missing required symbols for fehQlibs in libc; while Mojave is working fine.
OmniOS (Illuminos)
ucspi-tcp6 starting with version 1.05 will compile under OmniOS. It has been tested with SunOS omni 5.11 and GCC 5.11 and 8.
Two tweaks are required:
- Link gcc to /usr/bin/cc
- Perhaps use conf-ld without the '-m64' argument.
RasPi/Raspbian Linux (RPi 3)
ucspi-tcp6 supports Raspbian Linux and the ARM(64) architecture out-of-the box.
Some samples are provided in the conf-cc and conf-ld file how to improve performance depending on the supporting HW architecture. See gcc ARM options for a comprehensive compilation of possibilities.
Within the src directory of ucspi-tcp6 use
to display the recognized SW and HW architecture.
ucspi-tcp6 works seamlessly using clang under FreeBSD 12 for the ARM64 architecture but now in 64 bit mode!