more plan9 work

Change-Id: I1f6bd742130f348917df3a00b95b0997f84ba1b4
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

Makefile

@@ -111,12 +111,12 @@ publishdevnameserver: ## Build and publish k8s-nameserver image to location spec
 	TAGS="${TAGS}" REPOS=${REPO} PLATFORM=${PLATFORM} PUSH=true TARGET=k8s-nameserver ./build_docker.sh
 
 plan93:
-	GOOS=plan9 GOARCH=386 ${HOME}/hack/go/bin/go build -o ${HOME}/hack/rsc-plan9/td3 ./cmd/tailscaled
+	GOOS=plan9 GOARCH=386 ${HOME}/hack/go/bin/go build -o ${HOME}/hack/rsc-plan9/386/bin/tailscaled ./cmd/tailscaled
-	GOOS=plan9 GOARCH=386 ${HOME}/hack/go/bin/go build -o ${HOME}/hack/rsc-plan9/ts3 ./cmd/tailscale
+	GOOS=plan9 GOARCH=386 ${HOME}/hack/go/bin/go build -o ${HOME}/hack/rsc-plan9/386/bin/tailscale ./cmd/tailscale
 
 plan9a:
-	GOOS=plan9 GOARCH=amd64 ${HOME}/hack/go/bin/go build -o ${HOME}/hack/rsc-plan9/tda ./cmd/tailscaled
+	GOOS=plan9 GOARCH=amd64 ${HOME}/hack/go/bin/go build -o ${HOME}/hack/rsc-plan9/amd64/bin/tailscaled ./cmd/tailscaled
-	GOOS=plan9 GOARCH=amd64 ${HOME}/hack/go/bin/go build -o ${HOME}/hack/rsc-plan9/tsa ./cmd/tailscale
+	GOOS=plan9 GOARCH=amd64 ${HOME}/hack/go/bin/go build -o ${HOME}/hack/rsc-plan9/amd64/bin/tailscale ./cmd/tailscale
 
 
 .PHONY: sshintegrationtest

control/controlhttp/client.go

@@ -246,6 +246,11 @@ func (a *Dialer) dial(ctx context.Context) (*ClientConn, error) {
 		results[i].conn = nil // so we don't close it in the defer
 		return conn, nil
 	}
+	if ctx.Err() != nil {
+		a.logf("controlhttp: context aborted dialing")
+		return nil, ctx.Err()
+	}
+
 	merr := multierr.New(errs...)
 
 	// If we get here, then we didn't get anywhere with our dial plan; fall back to just using DNS.

logpolicy/logpolicy.go

@@ -627,7 +627,7 @@ func (opts Options) New() *Policy {
 		conf.IncludeProcSequence = true
 	}
 
-	if envknob.NoLogsNoSupport() || testenv.InTest() || runtime.GOOS == "plan9" {
+	if envknob.NoLogsNoSupport() || testenv.InTest() {
 		opts.Logf("You have disabled logging. Tailscale will not be able to provide support.")
 		conf.HTTPC = &http.Client{Transport: noopPretendSuccessTransport{}}
 	} else {

net/netcheck/netcheck.go

@@ -1188,6 +1188,10 @@ func (c *Client) measureAllICMPLatency(ctx context.Context, rs *reportState, nee
 	if len(need) == 0 {
 		return nil
 	}
+	if runtime.GOOS == "plan9" {
+		// ICMP isn't implemented.
+		return nil
+	}
 	ctx, done := context.WithTimeout(ctx, icmpProbeTimeout)
 	defer done()
 

net/tstun/wrap.go

@@ -931,7 +931,7 @@ func (t *Wrapper) Read(buffs [][]byte, sizes []int, offset int) (int, error) {
 		t.logf("XXX Wrapper.vectorInbound done")
 		return 0, io.EOF
 	}
-	t.logf("XXX Wrapper.vec in: err=%v, len(data)=%d, offset=%d", res.err, len(res.data), offset)
+	// t.logf("XXX Wrapper.vec in: err=%v, len(data)=%d, offset=%d", res.err, len(res.data), offset)
 	if res.err != nil && len(res.data) == 0 {
 		return 0, res.err
 	}
@@ -949,7 +949,7 @@ func (t *Wrapper) Read(buffs [][]byte, sizes []int, offset int) (int, error) {
 	var buffsGRO *gro.GRO
 	for _, data := range res.data {
 		p.Decode(data[res.dataOffset:])
-		t.logf("XXX Wrapper.Read decode (off=%d): %v", res.dataOffset, p.String())
+		// t.logf("XXX Wrapper.Read decode (off=%d): %v", res.dataOffset, p.String())
 
 		if m := t.destIPActivity.Load(); m != nil {
 			if fn := m[p.Dst.Addr()]; fn != nil {

ssh/tailssh/incubator_plan9.go

@@ -83,9 +83,8 @@ func (ss *sshSession) newIncubatorCommand(logf logger.Logf) (cmd *exec.Cmd, err
 	incubatorArgs := []string{
 		"be-child",
 		"ssh",
-		// "--login-shell=" + lu.LoginShell(),
+		// TODO: "--uid=" + lu.Uid,
-		// "--uid=" + lu.Uid,
+		// TODO: "--gid=" + lu.Gid,
-		// "--gid=" + lu.Gid,
 		"--local-user=" + lu.Username,
 		"--home-dir=" + lu.HomeDir,
 		"--remote-user=" + remoteUser,
@@ -363,20 +362,6 @@ func newCommand(cmdPath string, cmdEnviron []string, cmdArgs []string) *exec.Cmd
 	return cmd
 }
 
-const (
-	// This controls whether we assert that our privileges were dropped
-	// using geteuid/getegid; it's a const and not an envknob because the
-	// incubator doesn't see the parent's environment.
-	//
-	// TODO(andrew): remove this const and always do this after sufficient
-	// testing, e.g. the 1.40 release
-	assertPrivilegesWereDropped = true
-
-	// TODO(andrew-d): verify that this works in more configurations before
-	// enabling by default.
-	assertPrivilegesWereDroppedByAttemptingToUnDrop = false
-)
-
 // launchProcess launches an incubator process for the provided session.
 // It is responsible for configuring the process execution environment.
 // The caller can wait for the process to exit by calling cmd.Wait().
@@ -391,7 +376,7 @@ func (ss *sshSession) launchProcess() error {
 
 	cmd := ss.cmd
 	cmd.Dir = "/"
-	cmd.Env = envForUser(ss.conn.localUser)
+	cmd.Env = append(os.Environ(), envForUser(ss.conn.localUser)...)
 	for _, kv := range ss.Environ() {
 		if acceptEnvPair(kv) {
 			cmd.Env = append(cmd.Env, kv)
@@ -439,12 +424,10 @@ func (ss *sshSession) startWithStdPipes() (err error) {
 }
 
 func envForUser(u *userMeta) []string {
-	// XXX TODO(bradfitz): fix this for plan9
 	return []string{
-		fmt.Sprintf("SHELL=%s", u.LoginShell()),
+		fmt.Sprintf("user=%s", u.Username),
-		fmt.Sprintf("USER=%s", u.Username),
+		fmt.Sprintf("home=%s", u.HomeDir),
-		fmt.Sprintf("HOME=%s", u.HomeDir),
+		fmt.Sprintf("path=%s", defaultPathForUser(&u.User)),
-		fmt.Sprintf("PATH=%s", defaultPathForUser(&u.User)),
 	}
 }
 
@@ -456,7 +439,8 @@ func acceptEnvPair(kv string) bool {
 	if !ok {
 		return false
 	}
-	return k == "TERM" || k == "LANG" || strings.HasPrefix(k, "LC_")
+	_ = k
+	return true // permit anything on plan9 during bringup, for debugging at least
 }
 
 func shellArgs(isShell bool, cmd string) []string {

ssh/tailssh/user.go

@@ -85,6 +85,9 @@ func defaultPathForUser(u *user.User) string {
 	if s := defaultPathTmpl(); s != "" {
 		return expandDefaultPathTmpl(s, u)
 	}
+	if runtime.GOOS == "plan9" {
+		return "/bin"
+	}
 	isRoot := u.Uid == "0"
 	switch distro.Get() {
 	case distro.Debian:

wgengine/magicsock/magicsock.go

@@ -3018,6 +3018,10 @@ func (c *Conn) DebugForcePreferDERP(n int) {
 // portableTrySetSocketBuffer sets SO_SNDBUF and SO_RECVBUF on pconn to socketBufferSize,
 // logging an error if it occurs.
 func portableTrySetSocketBuffer(pconn nettype.PacketConn, logf logger.Logf) {
+	if runtime.GOOS == "plan9" {
+		// Not supportd. Don't try. Avoid logspam.
+		return
+	}
 	if c, ok := pconn.(*net.UDPConn); ok {
 		// Attempt to increase the buffer size, and allow failures.
 		if err := c.SetReadBuffer(socketBufferSize); err != nil {

wgengine/magicsock/rebinding_conn.go

@@ -7,9 +7,11 @@ import (
 	"errors"
 	"net"
 	"net/netip"
+	"runtime"
 	"sync"
 	"sync/atomic"
 	"syscall"
+	"time"
 
 	"golang.org/x/net/ipv6"
 	"tailscale.com/net/netaddr"
@@ -150,6 +152,12 @@ func (c *RebindingUDPConn) closeLocked() error {
 		return errNilPConn
 	}
 	c.port = 0
+	if runtime.GOOS == "plan9" {
+		// Work around Go bug https://github.com/golang/go/issues/72770.
+		// This does https://go-review.googlesource.com/c/go/+/656395
+		// manually until the upstream Go bug is fixed + released.
+		c.pconn.SetReadDeadline(time.Now().Add(-time.Hour))
+	}
 	return c.pconn.Close()
 }
 

wgengine/router/router_plan9.go

@@ -60,8 +60,6 @@ func (r *plan9Router) Set(cfg *Config) error {
 		r.logf("XXX add %s /%d = %v", addr.Addr().String(), maskBits, err)
 	}
 
-	r.logf("XXX TODO: Set Routes %v", cfg.Routes)
-
 	ipr, err := os.OpenFile("/net/iproute", os.O_RDWR, 0)
 	if err != nil {
 		return fmt.Errorf("open /net/iproute: %w", err)
@@ -97,8 +95,13 @@ func (r *plan9Router) Set(cfg *Config) error {
 		}
 	}
 
-	r.logf("XXX TODO: Set LocalRoutes %v", cfg.LocalRoutes)
+	if len(cfg.LocalRoutes) > 0 {
-	// TODO(bradfitz): implement this.
+		r.logf("XXX TODO: Set LocalRoutes %v", cfg.LocalRoutes)
+	}
+	if len(cfg.SubnetRoutes) > 0 {
+		r.logf("XXX TODO: Set SubnetRoutes %v", cfg.SubnetRoutes)
+	}
+
 	return nil
 }