illumos/solaris support rebased onto main

Author: nshalman

.github/workflows/cross-illumos.yaml

@@ -0,0 +1,32 @@
+name: illumos-Cross
+
+on:
+  push:
+    branches:
+      - main
+      - 'illumos-*'
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    if: "!contains(github.event.head_commit.message, '[ci skip]')"
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version-file: 'go.mod'
+          check-latest: true
+        id: go
+
+      - name: SunOS build script
+        run: bash -x build.sh

.github/workflows/nshalman-sunos-releases.yml

@@ -0,0 +1,39 @@
+---
+name: "tagged-release"
+
+on:
+  push:
+    tags:
+      - "v*-sunos"
+
+jobs:
+  tagged-release:
+    name: "SunOS Tagged Release"
+    runs-on: "ubuntu-latest"
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version-file: 'go.mod'
+          check-latest: true
+        id: go
+
+      - name: SunOS build script
+        run: bash -x build.sh
+
+      - name: Create Release
+        uses: "marvinpinto/action-automatic-releases@latest"
+        with:
+          repo_token: "${{ secrets.GITHUB_TOKEN }}"
+          prerelease: false
+          files: |
+            cmd/tailscaled/tailscale.xml
+            sha256sums
+            tailscaled-illumos
+            tailscaled-solaris

AUTHORS

@@ -15,3 +15,4 @@
 # company that owns the rights to your contribution.
 
 Tailscale Inc.
+Nahum Shalman <[email protected]>

build.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -o xtrace
+set -o errexit
+
+export TS_USE_TOOLCHAIN=true
+# This prevents illumos libc from leaking into Solaris binaries when built on illumos
+export CGO_ENABLED=0
+
+fix_osabi () {
+	if [[ $(uname -s) == SunOS ]]; then
+		/usr/bin/elfedit \
+			-e "ehdr:ei_osabi ELFOSABI_SOLARIS" \
+			-e "ehdr:ei_abiversion EAV_SUNW_CURRENT" \
+			"${1?}"
+	else
+		elfedit --output-osabi "Solaris" --output-abiversion "1" "${1?}"
+	fi
+}
+
+for GOOS in illumos solaris; do
+	export GOOS
+	bash -x ./build_dist.sh --box ./cmd/tailscaled
+	fix_osabi tailscaled
+	mv tailscaled{,-${GOOS}}
+done
+
+ln cmd/tailscaled/tailscale.xml .
+shasum -a 256 tailscaled-* tailscale.xml >sha256sums
+rm ./tailscale.xml

cmd/tailscaled/tailscale-smartos-gz.xml

@@ -0,0 +1,36 @@
+<?xml version='1.0'?>
+<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
+<service_bundle type='manifest' name='export'>
+  <service name='vpn/tailscale' type='service' version='0'>
+    <create_default_instance enabled='true'/>
+    <single_instance/>
+    <dependency name='network' grouping='require_all' restart_on='error' type='service'>
+      <service_fmri value='svc:/milestone/network:default'/>
+    </dependency>
+    <dependency name='filesystem' grouping='require_all' restart_on='error' type='service'>
+      <service_fmri value='svc:/system/filesystem/local'/>
+    </dependency>
+    <method_context>
+      <method_credential group='root' user='root'/>
+    </method_context>
+    <exec_method name='start' type='method' exec='/opt/local/sbin/tailscaled' timeout_seconds='60'>
+      <method_context>
+        <method_environment>
+          <envvar name='SSL_CERT_FILE' value='/opt/tools/share/mozilla-rootcerts/cacert.pem'/>
+        </method_environment>
+      </method_context>
+    </exec_method>
+    <exec_method name='stop' type='method' exec=':kill' timeout_seconds='60'/>
+    <property_group name='application' type='application'/>
+    <property_group name='startd' type='framework'>
+      <propval name='duration' type='astring' value='child'/>
+      <propval name='ignore_error' type='astring' value='core,signal'/>
+    </property_group>
+    <stability value='Evolving'/>
+    <template>
+      <common_name>
+        <loctext xml:lang='C'>Tailscale</loctext>
+      </common_name>
+    </template>
+  </service>
+</service_bundle>

cmd/tailscaled/tailscale.xml

@@ -0,0 +1,30 @@
+<?xml version='1.0'?>
+<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
+<service_bundle type='manifest' name='export'>
+  <service name='vpn/tailscale' type='service' version='0'>
+    <create_default_instance enabled='true'/>
+    <single_instance/>
+    <dependency name='network' grouping='require_all' restart_on='error' type='service'>
+      <service_fmri value='svc:/milestone/network:default'/>
+    </dependency>
+    <dependency name='filesystem' grouping='require_all' restart_on='error' type='service'>
+      <service_fmri value='svc:/system/filesystem/local'/>
+    </dependency>
+    <method_context>
+      <method_credential group='root' user='root'/>
+    </method_context>
+    <exec_method name='start' type='method' exec='/usr/local/sbin/tailscaled' timeout_seconds='60'/>
+    <exec_method name='stop' type='method' exec=':kill' timeout_seconds='60'/>
+    <property_group name='application' type='application'/>
+    <property_group name='startd' type='framework'>
+      <propval name='duration' type='astring' value='child'/>
+      <propval name='ignore_error' type='astring' value='core,signal'/>
+    </property_group>
+    <stability value='Evolving'/>
+    <template>
+      <common_name>
+        <loctext xml:lang='C'>Tailscale</loctext>
+      </common_name>
+    </template>
+  </service>
+</service_bundle>

cmd/tailscaled/tailscaled.go

@@ -74,7 +74,7 @@ import (
 // defaultTunName returns the default tun device name for the platform.
 func defaultTunName() string {
 	switch runtime.GOOS {
-	case "openbsd":
+	case "openbsd", "illumos", "solaris":
 		return "tun"
 	case "windows":
 		return "Tailscale"
@@ -84,7 +84,7 @@ func defaultTunName() string {
 		return "utun"
 	case "plan9":
 		return "auto"
-	case "aix", "solaris", "illumos":
+	case "aix":
 		return "userspace-networking"
 	case "linux":
 		switch distro.Get() {

go.mod

@@ -410,3 +410,5 @@ require (
 	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
 )
+
+replace github.com/tailscale/wireguard-go => github.com/nshalman/wireguard-go v0.0.20200321-0.20250114140547-94bec3171972

go.sum

@@ -748,6 +748,8 @@ github.com/nishanths/exhaustive v0.12.0 h1:vIY9sALmw6T/yxiASewa4TQcFsVYZQQRUQJhK
 github.com/nishanths/exhaustive v0.12.0/go.mod h1:mEZ95wPIZW+x8kC4TgC+9YCUgiST7ecevsVDTgc2obs=
 github.com/nishanths/predeclared v0.2.2 h1:V2EPdZPliZymNAn79T8RkNApBjMmVKh5XRpLm/w98Vk=
 github.com/nishanths/predeclared v0.2.2/go.mod h1:RROzoN6TnGQupbC+lqggsOlcgysk3LMK/HI84Mp280c=
+github.com/nshalman/wireguard-go v0.0.20200321-0.20250114140547-94bec3171972 h1:BzBBQHKXmdv6L2qivoRY2cz06R0REDlkc/JrPDXsHC4=
+github.com/nshalman/wireguard-go v0.0.20200321-0.20250114140547-94bec3171972/go.mod h1:BOm5fXUBFM+m9woLNBoxI9TaBXXhGNP50LX/TGIvGb4=
 github.com/nunnatsa/ginkgolinter v0.16.1 h1:uDIPSxgVHZ7PgbJElRDGzymkXH+JaF7mjew+Thjnt6Q=
 github.com/nunnatsa/ginkgolinter v0.16.1/go.mod h1:4tWRinDN1FeJgU+iJANW/kz7xKN5nYRAOfJDQUS9dOQ=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
@@ -963,8 +965,6 @@ github.com/tailscale/web-client-prebuilt v0.0.0-20250124233751-d4cd19a26976 h1:U
 github.com/tailscale/web-client-prebuilt v0.0.0-20250124233751-d4cd19a26976/go.mod h1:agQPE6y6ldqCOui2gkIh7ZMztTkIQKH049tv8siLuNQ=
 github.com/tailscale/wf v0.0.0-20240214030419-6fbb0a674ee6 h1:l10Gi6w9jxvinoiq15g8OToDdASBni4CyJOdHY1Hr8M=
 github.com/tailscale/wf v0.0.0-20240214030419-6fbb0a674ee6/go.mod h1:ZXRML051h7o4OcI0d3AaILDIad/Xw0IkXaHM17dic1Y=
-github.com/tailscale/wireguard-go v0.0.0-20250304000100-91a0587fb251 h1:h/41LFTrwMxB9Xvvug0kRdQCU5TlV1+pAMQw0ZtDE3U=
-github.com/tailscale/wireguard-go v0.0.0-20250304000100-91a0587fb251/go.mod h1:BOm5fXUBFM+m9woLNBoxI9TaBXXhGNP50LX/TGIvGb4=
 github.com/tailscale/xnet v0.0.0-20240729143630-8497ac4dab2e h1:zOGKqN5D5hHhiYUp091JqK7DPCqSARyUfduhGUY8Bek=
 github.com/tailscale/xnet v0.0.0-20240729143630-8497ac4dab2e/go.mod h1:orPd6JZXXRyuDusYilywte7k094d7dycXXU5YnWsrwg=
 github.com/tc-hib/winres v0.2.1 h1:YDE0FiP0VmtRaDn7+aaChp1KiF4owBiJa5l964l5ujA=

net/tstun/tstun_stub.go

@@ -1,7 +1,7 @@
 // Copyright (c) Tailscale Inc & AUTHORS
 // SPDX-License-Identifier: BSD-3-Clause
 
-//go:build aix || solaris || illumos
+//go:build aix
 
 package tstun
 

net/tstun/tun.go

@@ -1,7 +1,7 @@
 // Copyright (c) Tailscale Inc & AUTHORS
 // SPDX-License-Identifier: BSD-3-Clause
 
-//go:build !wasm && !tamago && !aix && !solaris && !illumos
+//go:build !wasm && !tamago && !aix
 
 // Package tun creates a tuntap device, working around OS-specific
 // quirks if necessary.

tool/go

@@ -4,4 +4,10 @@
 # currently-desired version from https://github.com/tailscale/go,
 # downloading it first if necessary.
 
+case $(uname -s) in
+	SunOS)
+		exec go "$@"
+		;;
+esac
+
 exec "$(dirname "$0")/../tool/gocross/gocross-wrapper.sh" "$@"

wgengine/router/router_solaris.go

@@ -0,0 +1,46 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+package router
+
+import (
+	"strings"
+
+	"github.com/tailscale/wireguard-go/tun"
+	"tailscale.com/health"
+	"tailscale.com/net/netmon"
+	"tailscale.com/types/logger"
+)
+
+// For now this router only supports the userspace WireGuard implementations.
+
+func newUserspaceRouter(logf logger.Logf, tundev tun.Device, linkMon *netmon.Monitor, health *health.Tracker) (Router, error) {
+	return newUserspaceSunosRouter(logf, tundev, linkMon, health)
+}
+
+func cleanUp(logf logger.Logf, interfaceName string) {
+	ipadm := []string{"ipadm", "show-addr", "-p", "-o", "addrobj"}
+	out, err := cmd(ipadm...).Output()
+	if err != nil {
+		logf("ipadm show-addr: %v\n%s", err, out)
+	}
+	for _, a := range strings.Fields(string(out)) {
+		s := strings.Split(a, "/")
+		if len(s) > 1 && strings.Contains(s[1], "tailscale") {
+			ipadm = []string{"ipadm", "down-addr", "-t", a}
+			cmdVerbose(logf, ipadm)
+			ipadm = []string{"ipadm", "delete-addr", a}
+			cmdVerbose(logf, ipadm)
+			ipadm = []string{"ipadm", "delete-if", s[0]}
+			cmdVerbose(logf, ipadm)
+		}
+	}
+	ifcfg := []string{"ifconfig", interfaceName, "unplumb"}
+	if out, err := cmd(ifcfg...).CombinedOutput(); err != nil {
+		logf("ifconfig unplumb: %v\n%s", err, out)
+	}
+	ifcfg = []string{"ifconfig", interfaceName, "inet6", "unplumb"}
+	if out, err := cmd(ifcfg...).CombinedOutput(); err != nil {
+		logf("ifconfig inet6 unplumb: %v\n%s", err, out)
+	}
+}