You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

clstokes/cli-switch-list-json

main

fran/conn25-dns-prep

amal/oss-18477-no-log-epipe

mjf/nmc-storage

bradfitz/gok_test

bradfitz/tailssh_crash

andrew/up-aws-ssm

nickkhyl/tsvnic-experiment

cmol/nattest_nocontrol_discorotate

release-branch/1.94

kevin/allow_service_host_access_hosted_service

mjf/netmap-split

dependabot/npm_and_yarn/client/web/lodash-4.17.23

hwh33/tsnet-service-listener-cleanup

rajsingh/36126-stdin-recording

fran/conn25-dns

rajsingh/fix-apiserver-pg-ownership-reclaim

tomhjp/cigocacher-token-from-env

cmol/run_portmapper_in_exec_queue

alexc/upgrade-jsonv2

dependabot/github_actions/actions/setup-go-6.2.0

dependabot/github_actions/github/codeql-action-4.31.10

dependabot/github_actions/DeterminateSystems/nix-installer-action-21

willh/rc-updates

mzb/dnat-exp

rajsinghtech/k8s-operator-ingress-ha-externalname

raggi/tsnet-ippacket

cmol/gokrazy-switch-to-official-kernel-builds

kevin/allow_service_host_access_hosted_service_test

irbekrm/cigocacher_tmp

tomhjp/no-golangci-lint-errors

dsnet/netlog-tailcfg

mpminardi/tsnet-test

dependabot/github_actions/actions/create-github-app-token-2.2.1

chaosinthecrd/recorder-default

chaosinthecrd/query-dns-resolve-containerboot

jonathan/netns_probe

fserb/wildcard-tls

fserb/tun-dns

release-branch/1.92

fserb/wildcard-revenge

raggi/ssh-shutdown

chaosinthecrd/query-dns-resolve-for-containerboot

jwhited/udprelay-metrics-per-batch

tomhjp/cigocacher-tool-debug

tomhjp/cigocacher-tool

dsnet/logpolicy-metrics

naman/serveconf-endpointinfo-tests

percy/corp35008

bradfitz/devdrive

jwhited/udprelay-xdp

cmol/natlab-experiments

cmol/delay-disco-key-exchange

tomhjp/cigocacher-cache

bradfitz/derper_gcp

bradfitz/mutex_debug

hwh33/add-unix-sockets-to-serve

tomhjp/bun

tomhjp/test-with-cigocached-down

tomhjp/cigocacher-windows

dependabot/go_modules/gokrazy/natlabapp/builddir/github.com/gokrazy/gokrazy/cmd/dhcp/golang.org/x/net-0.38.0

raggi/disco-key-tsmp2

bradfitz/lazy_wg_pushdown2

raggi/envknobs-gso-gro

aaron/oss_17111

tomhjp/win-go-brrr

release-branch/1.90

tomhjp/tsnet-auth-loop

jwhited/relay-set-flags-config

bradfitz/disco_change_remove_sync

alexc/better-localbackend-logging

bradfitz/cgnat_disable_v4

chaosinthecrd/k8s-operator-ha-ingress-readiness

dependabot/go_modules/gokrazy/tsapp/builddir/github.com/gokrazy/breakglass/golang.org/x/crypto-0.45.0

tomhjp/cigocacher-with-ci

raggi/disco-key-tsmp

bradfitz/nm_cache_disk

kevin/allow_serve_remote_destination

patrickod/swtpm-integration-test

bradfitz/nm_cache

bradfitz/getstatus

icio/netmap-diff-check

bradfitz/eventbus_too_slow

andrew/syncs-tsync

gesa/ssh-client-session-monitoring

raggi/latencyqueue

raggi/disco-key-rotate-graceful

jaxxstorm/static_endpoints

dsnet/migrate-omitzero

dsnet/jsonimports-ci

gesa/device-ui-bug

mikeodr/add-nixos-modules

alexc/tka-dont-fetch-unneeded-bootstrap

containerboot-exit-code

nickkhyl/healthnotify-on-release

bradfitz/cherry-pick-iptables

cmol/add_upnp_release_timeout

zofrex/auto-login-comments

release-branch/1.90.0

bradfitz/test

alexc/share-tka-tests

ptruby/initial-tailscale-ui-components-integration

releaase

release-branch/1.88

davidb/containerboot-disconnect-control

andrew/pr-17281-test

nickkhyl/lb-statemachine2

tomhjp/default-state-encryption

sfllaw/tailscale-ping-for-client-side-reachability

zofrex/set-url-wg-status-race-2

cmol/portupdate_eventbus_direct

bradfitz/evsub

tomhjp/k8s-e2e

zofrex/fix-test-wg-engine-status-race

bradfitz/magicsock_relayserver

alexc/mark-break-watcher-conn-recv-flaky

jonathan/derp-health-spam

ipv6-nameserver

knyar/sshcap

bradfitz/rm_usermetrics_66KB

percy/issue16983

dsnet/logtail-iopipe

bradfitz/cli_ts2021_hang_test

jamesbrad/controlhttp-race-dial

bradfitz/foo

knyar/serve-grants-headers

alexc/more-testing-for-tailscale-up

bradfitz/ios_ish

patrickod/hardware-attestation-key

tomhjp/poc-peer-relay-proxygroup

bradfitz/lite-on-restart

knyar/netmapdiff2

jwhited/relay-manager-logs

percy/oss14025-2

percy/oss14025

jonathan/darwin-netmon-thrashing

nickkhyl/locksmith

tomhjp/test

release-branch/1.86

cmol/decouple_magicsock_ipnlocal

dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0

dependabot/go_modules/github.com/docker/docker-28.0.0incompatible

icio/shrink-singleflight

aaron/gocross

mzb/corp-30906/direct-dnstype

jwhited/lazy-endpoint-control-knobs

jwhited/disable-peer-relay-if-cryptorouting-disabled

dylan/debug-peer-relay-sessions

kradalby/chaos-oss

sfllaw/traffic-steering/suggest-exit-node-steering

sam/tailscale-up-with-jwt

push-tyyxlsmpmlvz

k8s_priority_class

k8s-idp

rajsinghtech/tsidp-kubestore

dns-proxygroup

tomhjp/handle-multiple-messages-per-ws-frame

tomhjp/debug

tomhjp/disable-http2

sfllaw/traffic-steering/debug-set-location

tomhjp/k8s-proxy-auth-mode-reload

jwhited/peer-relay-pathological-intervals

jwhited/relay-manager-alloc-req-no-keepalives

fran/nat-conn-follower-only-flag

dsnet/jsonv1in2

mpminardi/policy-debugging

jwhited/verify-peer-periodically

tomhjp/k8s-proxy-svc

tomhjp/authkey-reissue

jwhited/peer-verify-every-packet-batch

dsnet/update-jsonv2

kevin/packet_to_vipService_by_ip_instead_of_host

release-branch/1.84

chaosinthecrd/k8s-operator-proxygroup-event-filter

jwhited/testing-mod-capver-checks

annotations

bradfitz/tinyderpclient

awly/tpm-seal-timing

awly/tpm-command-caps

nickkhyl/authreconfig-defer-unlock

dylan/derp-hosting-provider

nocross

kari/nilbus

patrickod/bump-circl

percy/drive-verbose

tomhjp/magicsock-endpoints

chaosinthecrd/k8s-operator-tailscale-service-ports

tomhjp/k8s-proxy-3

kevin/add_services_flag_to_tailscale_serve_and_enrich_output

exclude_int

irbekrm/pretendpoints

revert-15839-zofrex/refactor-control-health

kari/taildropsaf2

jwhited/relay-handshake

irbekrm/ingress_services

knyar/tnlocktest

nickkhyl/authreconfig-once

mjf/no-ws-on-ios

kevin/test_for_applyCheckoutAddr

knyar/lp

jwhited/ep-relay-capable

tomhjp/k8s-proxy-2

proxyclass/sa

dependabot/github_actions/golangci/golangci-lint-action-8.0.0

nickkhyl/context-with-lock

nickkhyl/ctxlock-generics

bradfitz/nodectx_ctx

nickkhyl/appendmatchingpeers

nickkhyl/nodecontext-lifecycle

patrickod/webui-sec-fetch-site

patrickod/safeweb-sec-fetch-site

chaosinthecrd/k8s-operator-network-proxy-ha-mode

kari/saftaildrop

dependabot/go_modules/gokrazy/tsapp/builddir/github.com/gokrazy/breakglass/golang.org/x/crypto-0.35.0

push-ykxypyzonmux

chaosinthecrd/configure-proxyclass-via-annotation

irbekrm/doc_tags

nickkhyl/fix-dialplan-resets

irbekrm/log_invalid_order

nickkhyl/viewer-improvements

release-branch/1.82

zofrex/poc-health-v2

dependabot/go_modules/gokrazy/tsapp/builddir/github.com/gokrazy/gokrazy/cmd/dhcp/golang.org/x/net-0.38.0

knyar/morebuntu

knyar/dnstest

jwhited/relay-peerapi

mpminardi/temp

jonathan/dns_loopback

kari/taildropsaf

bradfitz/mcp

rajsinghtech/k8s-operator/enphemeral

rajsinghtech/cmd/k8s-operator/enphemeral-proxy

raggi/iptables-kernel-bug-message

tomhjp/ingress-preshutdown

percy/issue14393

chart/k8s-operator

bradfitz/plan9

bradfitz/notify_delta

irbekrm/cert_share_kubestore

kevin/add_services_to_status_subcommand_for_serve

percy/corp27066-vizerror-wrapf

irbekrm/certsharev2

tomhjp/mock-acme-server

andrew/current-time

raggi/natc-6

mpminardi/test-cache-experiments

push-wmvmtoxuoumt

push-otwrlsqunmon

brianp/controlclient-timings

release-branch/1.80

raggi/stun-reply-source

jaxxstorm/ssm_kms

patrickod/backport-csrf-fix

fran/franwip3

patrickod/reverse-web-handler-order-csrf

scottjab/add-sparsefile-punching

icio/views-jsonv2

icio/opt-nojsonv2

raggi/stunc2

irbekrm/cert_share

zofrex/testwrapper-json-output

bradfitz/gocross_cgo_packages_test

fran/franwip2

awly/go_124

icio/testwrapper2

icio/go1.24-testwrapper

andrew/wgengine-filter-split

irbekrm/pc_pretendpoints

percy/movelocalapi

zach/temporary-cert-testing

raggi/netmon-darwin-route-restart

operator_direct_connections

raggi/derp-204-cache-control

raggi/mkversion-pre

zofrex/x-poc-e2e-netmap-packetfilter-test

angott/26146-define

mpminardi/bump-go-patch

knyar/installmore

knyar/install

raggi/hello-temp

andrew/execqueue-metrics

bradfitz/controll

tomhjp/dns-01-test-env

nickkhyl/tailscaled-deferredinit

bradfitz/browser_ext

irbekrm/funnel_on

bradfitz/syspolicy_key

raggi/natc-upstream-keepalive

percy/derp-track-drop-distribution

mpminardi/deadlock-test

dependabot/go_modules/gokrazy/natlabapp.arm64/builddir/github.com/gokrazy/gokrazy/cmd/dhcp/golang.org/x/net-0.33.0

percy/derp-track-queue-depth

release-branch/1.78

bradfitz/lanscaping

andrew/topk-no-duplicates

irbekrm/lcdeprecated

awly/appconnector-debug-logs

irbekrm/vip_svcs_api

irbekrm/udp_fwd

kradalby/nix-dont-overlap-tool

irbekrm/egressc

jwhited/qd-slice

docker_state

will/status-tailnet

patrickod/bradtfitz-flow-rebased

percy/derpopt

tomhjp/consistent-state-test

walterp/docs-863-update-docker-run-command-on-docker-hub-page-for

mpminardi/derp-ideal-reconnect

irbekrm/tunmssg

percy/derp_sequence_diagram

mpminardi/derp-experiments

andrew/context-dedup-errors

irbekrm/containerboot_healthz

percy/issue24522-1-continuous-bandwidth

bradfitz/avoid_initial

raggi/derp-intern-key

percy/issue24522-2-region-restrict-yaml

andrew/dnscache-hard-code-localhost

irbekrm/debug

bradfitz/nodepublic_uniq

bradfitz/bench

fran/natc-raft

irbekrm/connector_multireplica

release-branch/1.76

bradfitz/percy/unforked-ssh-try-gomod

percy/unforked-ssh-try

bradfitz/mesh_vpc

knyar/metricshelp

irbekrm/serve_log

andrew/keyfallback

naman/web-client-update-fixes

percy/derp-jwt

andrew/wgengine-router-debug

bradfitz/cmd_printmetric

adrian/stricter-labels

bradfitz/ssh_config_from_env

kradalby/usermetrics-wgengine-errors

dsnet/slices-collect

tomhjp/tailscaled-kube-conf

mpminardi/dsm-7-2-builds-fix

13765-taildrive-server-unexpectedly-starts-on-apple-tv

angott/23782

bradfitz/vizerrinternal2

bradfitz/vizinternal

fran/fix-appc-routes

irbekrm/egressconfig

13685-low-memory-mode-in-logtail-may-no-longer-be-needed

angott/doh-clients-sleep-mode

release-branch/1.74

tomhjp/comparable-struct-as-key

adrian/vip

andrew/noise-conn-test

bradfitz/quic_dns

knyar/usermetrics-wgengine

raggi/eperm-health

fran/natc-consensus-prototype

bradfitz/dup_add

bradfitz/derp_flow_track

kradalby/userfacing-metrics-moar

angott/dns-cli-stream

maisem/tsnet-forward

angott/captive-exit-node-disablement

bradfitz/bumptoolchain

angott/tvos-23087

nickkhyl/http2-for-win-safesocket

irbekrm/egresshapm

dependabot/npm_and_yarn/cmd/tsconnect/micromatch-4.0.8

irbekrm/egressha

nickkhyl/authurl-notify-backport

jwhited/test-local-forwarder

release-branch/1.72

jonathan/missing_resolvers

knyar/userfacing-metrics

andrew/disco-af-packet-refactor

jwhited/gvisor-revert-gro

irbekrm/proxycidrs

22332-macos-sequoia-hostname

knyar/metrictype

dependabot/go_modules/github.com/docker/docker-26.1.5incompatible

bradfitz/vnet2

jwhited/derp-https-tcp-connect

raggi/callmebaby

raggi/linux6644

irbekrm/reload_config

maisem/flake-3

nickkhyl/syspolicy-new

irbekrm/dnat

raggi/dnsfallback

irbekrm/websocket

andrew/captive-use-atomic

marwan/offunc

jwhited/gVisor-gso-gro

release-branch/1.70

irbekrm/kubetestsetup

irbekrm/eks

dsnet/syncs-lock

raggi/derp-route-optimization

will-systray

bradfitz/json2

andrew/dns-more-logging

andrew/net-dns-systemd-no-stub

release-branch/1.68

fran/fix-appc-write-new-domain

adrian/fix-vet-failures

angott/dns-warnables

andrew/workgraph

agottardo-patch-1

bradfitz/resume

irbekrm/operator_linux_only

nickkhyl/posture-sn-override

kradalby/chaos

angott/ignore-some-warnings-startup

irbekrm/fixsubnets

irbekrm/dnstest

irbekrm/fix

irbekrm/accept_routes

percy/issue8593

percy/issue8593-prep

release-branch/1.66

icio/public-key-short

clairew/handle-auto-exit-node-value

knyar/install2

will/tsnet-udp

raggi/web-zst-precompress

raggi/gocross-empty-goos-goarch

andrew/dns-fallback

andrew/prom-omit-metrics

jwhited/android-packet-vectors

knyar/renew

bradfitz/debug_tstest

clairew/revert-storing-last-suggested

andrew/debug-integration-tests

fran/appc-ensmallen-gh-preset

ox/11854-3-sftp

percy/cherry-pick-2648d475d751b47755958f47a366e300b6b6de0a

ox/corp-19592

ox/11954-3

ox/11854

kevin/Split_Remove_advertised_routes_from_pref

bradfitz/dataplane_logs_no_logs_no_support

nickkhyl/ipn-user-identity

irbekrm/extsvcnftableslb

andrew/dns-wrap-errors

release-branch/1.64

noncombatant/safeweb-cleanup

bradfitz/login_retry

release-branch/1.64.0

fran/appc-store-routes-by-source

andrew/controlclient-use-last-addr

enable-exit-node-dst-logs

clairew/peer-node-capability-documentation

revert-11590-catzkorn/penguin

enable-exit-node-dst-logs-2

licenses/corp

licenses/android

licenses/cli

release-branch/1.62

clairew/log-dst-exit-node

fran/appc-domain-delte-prototype

irbekrm/maybe_fix_v6

oxtoacart/golden_memory

irbekrm/cherry_fix_panic

oxtoacart/no_indent_status

angott/corp-18441

soniaappasamy/serve-funnel-ui

brafitz/remote-config

andrew/control-key-store

maisem/proxy-1

release-branch/1.60

andrew/netstack-forwarder-debug

oxtoacart/immediately_access_shares

irbekrm/splitkeys

oxtoacart/automount

angott/sleep-debug-apis

clairew/suggest-non-mullvad-exit-node

tom/tka4

clairew/add-latitude-longitude

irbekrm/operatorversion

oxtoacart/dsnet_codereview_fixes

clairew/client-suggest-node-poc

raggi/rand

flyingsquirrel_bak

will/containerboot-webui

irbekrm/clustermagicdns

noncombatant/add-hello-systemd

catzkorn/jira

release-branch/1.58

kradalby/view-only-type

clairew/add-disco-pong-padding

clairew/receive-icmp-errors

dgentry-b10911

irbekrm/proxyclass2

irbekrm/proxyclass

irbekrm/byocerts

knyar/worklifeposture

dsnet/httpio

will/webclient-mobile

will/webclient-csrf

irbekrm/static_crd

irbekrm/manifests_crd

maisem/exp-k8s

release-branch/1.44

irbekrm/containerbootdeclarativeconf

kube_exp

irbekrm/conf

raggi/stun-subprocess

andrew/nixos-vm-tests

irbekrm/set_args

andrew/peer-ipv6-addrs

irbekrm/external_services

irbekrm/os

irbekrm/pull_in_certs

irbekrm/kube_build_tags

release-branch/1.56

jwhited/derp-cmm-timestamp

soniaappasamy/use-swr

marwan/displayname

release-branch/1.54

danderson/debug-garden

jwhited/unsafe-exp

clairew/test-wrapper-file

bradfitz/compontent_logs

kradalby-keys-db-interface

kradalby/keys-db-interface

andrew/upnp-unfork

bm/tsoidc

irbekrm/le

knyar/restartmap

kristoffer/editable-tailnet-displayname

raggi/document-deprecated-approach

dsnet/statestore

awly/version-override

bradfitz/silentdisco_knob

richard/15372

raggi/icmplistener

awly/linux-sudoers-local-admin-poc

release-branch/1.52

soniaappasamy/web-auth-restructure

bradfitz/ipx_set_contains

knyar/derpmesh

irbekrm/chartandcli

richard/15037-2

bradfitz/linuxfw_nil_table

richard/15037

bradfitz/tbug

bradfitz/derp_mesh

will/sonia/web-tailscaled

tyler/serve-status

maisem/ni

maisem/hi

rhea/apple-test

dgentry-nix-flake

dgentry-coverage

c761d10

bradfitz/gocross_wantver

awly/ipnlocal-watchnotifications-clientversion

bradfitz/integration_more_tun

bradfitz/recursive_controlknob

dgentry-authkey

dependabot/npm_and_yarn/cmd/tsconnect/postcss-8.4.31

bm/4via6

bradfitz/sessionactivetimeout

release-branch/1.50

rhea/taildrop-resume

andrew/peercap-ipv6-aaaa

irbekrm/k8sipnftheuristics

irbekrm/kubeipnft

irbekrm/k8sipnft

dgentry-istoreos

knyar/posturemac

irbekrm/egress

raggi/restore-extra-records-dns

aaron/win_process_mitigations

danderson/lru-rollback

clairew/mdm-interface

angott/userdefaults-reader

andrew/bump-esbuild

andrew/netns-more-logging

release-branch/1.48

irbekrm/k8s-autopilot

dsnet/viewer-jsonv2

marwan/altmem_stash

irbekrm/k8s-nftables

marwan/postmem

maisem/fix-deadlock

bradfitz/matrix

irbekrm/egress-dns

bradfitz/wait_unpause

bradfitz/calc_state

irbekrm/svc_conditions

soniaappasamy/fix-test-flake

marwan/servedev

soniaappasamy/fix-web-client-lock

raggi/netfilter-runtime

raggi/netfilter-add-modes

marwan/scmem

bradfitz/ignore_ula

clairew/tstime-net

clairew/tstime-wgengine

bradfitz/tkasig_type

shayne/k8s-serve

bradfitz/gui_netmap

macsys-update

catzkorn/netcheckuout

andrew/doctor-conntrack

tsweb/client-ui

valscale/ptb

raggi/gotoolchain

irbekrm/improve_logout

maisem/doc

rhea/egress

noncombatant/large-int-string

release-branch/1.46

andrew/captive-portal-package

s/pmtud

andrew/derp-bound-latency

andrew/health-state

bradfitz/gokrazy_dns

clairew/use-tstime-etc

bradfitz/negdep

raggi/stunc

raggi/gvisor-hostarch-deptest

crawshaw/art-table

irbekrm/fix_logout_loop

clairew/refactor-new-timer

clairew/test-wrapper-write-file

s/tsnetd

bradfitz/countrycode

crawshaw/stunchild

tom/disco

raggi/v6masq

release-branch/1.42

raggi/heartbeat-timebomb

raggi/derp-probe-stun-loss

raggi/tsdebugger

tom/derp

andrew/ipn-debug-1.42.0

marwan/portlistrefactor

marwan/noconstructor

angott/allow-thunderbolt-bridge

marwan/polleropts

marwan/noconstructor2

andrew/slicesx-deduplicate

unraid-web

release-branch/1.40

kristoffer/enable-mips-pkgs

s/eq

raggi/atomiccloseonce

raggi/bump-goreleaserv2

marwan/tmp

catzkorn/addrsend

raggi/gofuzz

shayne/funnel_cmd

release-branch/1.38

dgentry/atomicfile

tom/tka6

maisem/k8s-cache

azure

andrew/fastjson

crawshaw/lnclose

crawshaw/tsnet1

crawshaw/httpconnect

Xe/tsnet-funnel

dgentry/sniproxy-dns

andrew/util-dnsconfig

andrew/cloudenv-location

release-branch/1.36

aaron/migrate_windows

crawshaw/pidlisten

andrew/router-drop-ula

will/vizerr

danderson/mkversion

crawshaw/activesum

andrew/doctor-scutil

danderson/version-private3

bradfitz/sassy

bradfitz/win_unattended_warning

andrew/hostinfo-HavePortMap

skriptble/ssh-recording-persist

crawshaw/ondemanddomains

danderson/helm

andrew/peer-status-KeyExpiry

bradfitz/noise_debug_more

release-branch/1.34

cloner

danderson/backport

clairew/tsnet_get_own_ip

bradfitz/tidy

raggi/tsweb-compression

bradfitz/fix_ipn_cloner

danderson/bootstrap

will/enforce-hostname

mihaip/delete-all-profiles

release-branch/1.32

shayne/serve_empty_text_handler

bradfitz/hostinfo_ingress_bit

mihaip/logout-async-start

net-audit-log/1.32

bradfitz/set_prefs_locked

mihaip/fas

bradfitz/port_intercept

andrew/net-tsaddr-mapviaaddr

danderson/tsburrito

andrew/tstest-goroutine-ignore

andrew/monitor-link-change

danderson/k8s

andrew/debug-subnet-router

andrew/metrics-distribution

crawshaw/accumulatorcfg

bradfitz/keyboard-interactive

bradfitz/tailpipe

raggi/accept-routes-filter

nyghtowl/tailnet-name2

dsnet/tunstats-v2

buildjet

buildjet-vs-github

andrew/netns-macos-route

walterp-api

andrew/linux-router-v4-disabled

bradfitz/distro_ubuntu

tom/iptables

release-branch/1.30

tom/tka2

andrew/dnscache-debugging-1.22.2

andrew/controlclient-dial

raggi/experiment-queues

bradfitz/u32

ip6tables

catzkorn/derp-benchmark

jwhited/wireguard-go-vectorized-bind

catzkorn/otel-init

bradfitz/appendf

mihaip/js-cli

dsnet/tsweb-499s

bradfitz/deephash_early_exit

crawshaw/xdp

dsnet/logtail-zstd-single-segment

Xe/gitops-pusher-three-version-problem

Xe/gitops-pusher-acl-test-error-output

Xe/gitops-pusher-ffcli

bradfitz/ssh_auth_none_demo

release-branch/1.28

catzkorn/otel-derp

bradfitz/shared_split_dns

nyghtowl/fix-resolved

release-branch/1.26

bradfitz/explicit_empty_test_3808

crawshaw/preservenetinfo

miriah-3808-reset-operator

dsnet/tsnet-logging

mihaip/wasm-taildrop

crawshaw/stunname

bradfitz/wasm_play

bradfitz/dot

bradfitz/tcp_flows

release-branch/1.24

raggi/netstack_fwd_close

bradfitz/netstack_fwd_close

merge-tag

cross-android

bradfitz/kmod

bradfitz/ssh_banner

bradfitz/ping

tom/integration

bradfitz/ssh_policy_earlier

bradfitz/derpy_cast

bradfitz/cli_admin

release-branch/1.22

aaron/go-ole-ref

bradfitz/key_rotation_prep

josh/tswebflags

release-branch/1.20

crawshaw/envtype

danderson/tsweb-server

bradfitz/autocert_force

bradfitz/use_netstack_upstream

Xe/winui-bugreport-without-tailscaled

bradfitz/hostinfo_basically_equal

release-branch/1.18

aaron/loglog

aaron/dnsapc

bradfitz/demo_client_hijack

bradfitz/windns

bradfitz/exit_node_forward_dns

bradfitz/1.18.1

Xe/tailtlsproxy

bradfitz/allsrc

josh/peermap

danderson/ebpf

bradfitz/1_16_stress_netmap

danderson/nodekey-move

danderson/nodekey-delete-old

danderson/nodekey-cleanup

danderson/magicsock-discokey

release-branch/1.16

danderson/magicsock-node-key

crawshaw/updatefallback

release-branch/1.14

bradfitz/1.14

bradfitz/updates

josh/immutable-views

bradfitz/portmap_gh_actions

danderson/kernel-tailscale

bradfitz/win_default_route

release-branch/1.12

jknodt/logging

simenghe/add-tsmpping-call

josh/opt-getstatus

Aadi/speedtest-tailscaled

dsnet/admin-cli

bradfitz/portmap_test

jknodt/portmap_test

upnpdebug

jknodt/upnp_reuse

crawshaw/peerdoh

josh/debug-flake

simenghe/pingresult-work

jknodt/derp_flow

tps/tailscaled

jknodt/vms_ref

jknodt/integ_test

josh/fast-time

josh/coarsetime

bradfitz/derp_flow

release-branch/1.10

josh/io_uring

josh/deflake-pipe-again

Xe/testcontrol-v6

jknodt/io-uring

simenghe/admin-ping-test

jknodt/periodic_probe

simenghe/isoping

Xe/private-logcatcher-in-process

simenghe/tcpnodeping

bradfitz/deephash_methods

crawshaw/deephash

josh/de-select-tstun-wrapper

Xe/debug-nixos-build

simenghe/isoping-experiment

crawshaw/dnswslhackery

jknodt/userderp

jknodt/bw_rep2

crawshaw/wslresolvconf

jknodt/upnp

crawshaw/magicdnsalways

simenghe/flakeresolve

rec_in_use_after_5_sec

bradfitz/acme

release-branch/1.8

simenghe/add-httphandlers-ping

simenghe/add-ping-route-testcontrol-mux

simeng-pingtest

Xe/test-install-script-libvirtd

apenwarr/check184

crawshaw/newbackendserver

adding-address-ips-totestcontrolnode

onebinary

Xe/synology-does-actually-work-with-subnet-routes-til

bradfitz/netstack_port_map

bradfitz/demo_pinger

apenwarr/fixes

apenwarr/relogin

josh/NewIPPort

josh/IPWithPort

bradfitz/integration_tests

josh/opt-dp-wip

bradfitz/ping_notes

bradfitz/dropped_by_filter_logspam

bradfitz/netstack_drop_silent

bradfitz/log_rate_test

bradfitz/issue_1840_rebased_tree

bradfitz/issue_1849_rebased_tree

crawshaw/syno

apenwarr/statefix

apenwarr/statetest

josh/wip/endpoint-serialize

apenwarr/ioslogin

rosszurowski/cli-fix-typo

bradfitz/cli_pretty

bradfitz/win_delete_retry

bradfitz/sleep

naman/netstack-request-logging

naman/ephem-expand-range

bradfitz/macos_progress

bradfitz/ip_of

crawshaw/localapi404

crawshaw/movefiles

crawshaw/socket

crawshaw/cgi

naman/netstack-subnet-routing

josh/wip/create-endpoint-no-public-key

Xe/log-target-registry-key

release-branch/1.6

bradfitz/ipv6_link_local_strip

bradfitz/darwin_gw

Xe/disallow-local-ip-for-exit-node

release-branch/1.4

crawshaw/upjson

bradfitz/proposed_1.4.6

bradfitz/derp_steer

crawshaw/tailscalestatus

Xe/reset-logid-on-logout-login

naman/netstack-incoming

mkramlich/macos-brew2

naman/netstack-outgoing-udp-test

mkramlich/macos-brew

bradfitz/proposed-1.4.5

peske/ifacewatcher

Xe/hello-vr

crawshaw/filchsync

Xe/derphttp-panic-fix

peske/elnotfound

Xe/rel-144-fix-ipv6-broken-in-tests

bradfitz/darwin_creds

josh/longblock

josh/udp-alloc-less

josh/simplify-filch

josh/remove-ipcgetfilter

Xe/envvar-name-TS

Xe/TS-envvar-name

Xe/do-windows-logserver-better

Xe/log-target-flag

crawshaw/ipuint

bradfitz/hello

bradfitz/linux_v6_off

bradfitz/call_me_maybe_eps

bradfitz/api_docs

alexbrainman/use_wg_dns_code

naman/netstack-use-tailscale-ip

josh/debug-TestLikelyHomeRouterIPSyscallExec

noerror-not-notimp

bradfitz/umaskless_permissions

naman/netstack-bump-version

bradfitz/lite_endpoint_update

c22wen/api-docs

bradfitz/grafana_auth_proxy

crawshaw/dnsguid

nix-shell

release-branch/1.2

bradfitz/acl_tags_in_tailscale_status

bradfitz/expiry_spin

josh/no-goroutine-per-udp-read-2

crawshaw/tailcfg

bradfitz/wgengine_monitor_windows_take2

netstat-unsafe

bradfitz/ipn_empty

bradfitz/win_firewall_async

bradfitz/machine_key

apenwarr/faketun

crawshaw/cloner

crawshaw/jsonhandler

c22wen/route-addr

c22wen/magicsock.go

bradfitz/gvisor_netstack

crawshaw/loadtest

dshynkev/dns-autoset

crawshaw/e2etest

bradfitz/win_wpad_pac

release-branch/1.0

bradfitz/linux_default_route_interface

bradfitz/release-branch-1.0

crawshaw/restartlimit

clone

dshynkev/dns-name

dshynkev/dns-refactor

bradfitz/go_vet

crawshaw/tswebextra

crawshaw/pinger2

lzjluzijie/all_proxy

rate-limiting

lzjluzijie/227_http_proxy

crawshaw/rebind

crawshaw/hostinfo

crawshaw/derp-nokeepalives

crawshaw/derptimeout

crawshaw/derpdial2

crawshaw/derpdial

crawshaw/ipn

crawshaw/e2e_test

crawshaw/ipn2

crawshaw/magicsock

crawshaw/magicsock-infping

crawshaw/spray

crawshaw/br1

v1.94.1

v1.95.0-pre

v1.94.0

v1.92.5

v1.92.4

v1.92.3

v1.92.2

v1.92.1

v1.93.0-pre

v1.92.0

v1.90.9

v1.90.8

v1.90.7

v1.90.6

v1.90.5

v1.90.4

v1.90.3

v1.90.2

v1.90.1

v1.91.0-pre

v1.90.0

v1.88.4

v1.88.3

v1.88.2

v1.88.1

v1.88.0

v1.86.5

v1.86.4

v1.86.3

v1.86.2

v1.86.1

v1.86.0

v1.84.3

v1.84.2

v1.84.1

v1.84.0

v1.82.5

v1.82.4

v1.82.3

v1.82.2

v1.80.3

v1.80.2

v1.80.1

v1.80.0

v1.78.3

v1.78.2

v1.78.1

v1.78.0

v1.77.0-pre

v1.76.6

v1.76.3

v1.76.1

v1.76.0

v1.74.1

v1.74.0

v1.72.1

v1.72.0

v1.70.0

v1.68.2

v1.68.1

v1.68.0

v1.66.4

v1.66.3

v1.66.2

v1.66.1

v1.66.0

v1.64.2

v1.64.1

v1.64.0

v1.62.1

v1.62.0

v1.60.1

v1.60.0

v1.58.2

v1.58.1

v1.58.0

v1.44.3

v1.56.1

v1.56.0

v1.54.1

v1.54.0

v1.52.1

v1.52.0

v1.50.1

v1.50.0

v1.48.2

v1.48.1

v1.48.0

v1.46.1

v1.46.0

v1.44.2

v1.44.0

v1.42.1

v1.42.0

v1.40.1

v1.40.0

v1.38.4

v1.38.3

v1.38.2

v1.38.1

v1.38.0

v1.36.2

v1.36.1

v1.36.0

v1.34.2

v1.34.1

v1.34.0

v1.32.3

v1.32.2

v1.32.1

v1.32.0

v1.30.2

v1.30.1

v1.30.0

v1.28.0

v1.26.2

v1.26.1

v1.26.0

v1.24.2

v1.24.1

v1.24.0

v1.22.2

v1.22.1

v1.22.0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.18.2

v1.18.1

v1.18.0

v1.16.2

v1.16.1

v1.16.0

v1.14.6

v1.14.5

v1.14.4

v1.14.3

v1.14.0

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.12.0

v1.10.2

v1.10.1

v1.10.0

v1.8.8

v1.8.7

v1.8.6

v1.8.5

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.6.0

v1.4.6

v1.4.5

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.2.10

v1.2.9

v1.2.8

v1.2.7

v1.2.6

v1.2.5

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.1.0

v1.0.0

v0.100.0

v0.99.1

v0.99.0

v0.98.1

v0.98

v0.98.0

v0.97

v0.96.1

v0.96

cmd/cigocacher/d0d993f5d6576b5d97d0242c64bbe2de049d6486

coral-gitops

gitops-1.30.0

gitops-1.58.2

nginx-auth-0.1.2

v0.100.0-107

v0.100.0-153

v1.61.0-pre

v1.63.0-pre

v1.65.0-pre

v1.67.0-pre

v1.69.0-pre

v1.71.0-pre

v1.73.0-pre

v1.75.0-pre

v1.79.0-pre

v1.81.0-pre

v1.82.0

v1.83.0-pre

v1.85.0-pre

v1.87.0-pre

v1.89.0-pre

History

Will Norris 3ec5be3f51 all: remove AUTHORS file and references to it This file was never truly necessary and has never actually been used in the history of Tailscale's open source releases. A Brief History of AUTHORS files --- The AUTHORS file was a pattern developed at Google, originally for Chromium, then adopted by Go and a bunch of other projects. The problem was that Chromium originally had a copyright line only recognizing Google as the copyright holder. Because Google (and most open source projects) do not require copyright assignemnt for contributions, each contributor maintains their copyright. Some large corporate contributors then tried to add their own name to the copyright line in the LICENSE file or in file headers. This quickly becomes unwieldy, and puts a tremendous burden on anyone building on top of Chromium, since the license requires that they keep all copyright lines intact. The compromise was to create an AUTHORS file that would list all of the copyright holders. The LICENSE file and source file headers would then include that list by reference, listing the copyright holder as "The Chromium Authors". This also become cumbersome to simply keep the file up to date with a high rate of new contributors. Plus it's not always obvious who the copyright holder is. Sometimes it is the individual making the contribution, but many times it may be their employer. There is no way for the proejct maintainer to know. Eventually, Google changed their policy to no longer recommend trying to keep the AUTHORS file up to date proactively, and instead to only add to it when requested: https://opensource.google/docs/releasing/authors. They are also clear that: > Adding contributors to the AUTHORS file is entirely within the > project's discretion and has no implications for copyright ownership. It was primarily added to appease a small number of large contributors that insisted that they be recognized as copyright holders (which was entirely their right to do). But it's not truly necessary, and not even the most accurate way of identifying contributors and/or copyright holders. In practice, we've never added anyone to our AUTHORS file. It only lists Tailscale, so it's not really serving any purpose. It also causes confusion because Tailscalars put the "Tailscale Inc & AUTHORS" header in other open source repos which don't actually have an AUTHORS file, so it's ambiguous what that means. Instead, we just acknowledge that the contributors to Tailscale (whoever they are) are copyright holders for their individual contributions. We also have the benefit of using the DCO (developercertificate.org) which provides some additional certification of their right to make the contribution. The source file changes were purely mechanical with: git ls-files \| xargs sed -i -e 's/\(Tailscale Inc &\) AUTHORS/\1 contributors/g' Updates #cleanup Change-Id: Ia101a4a3005adb9118051b3416f5a64a4a45987d Signed-off-by: Will Norris <will@tailscale.com>		2 days ago
..
LICENSE	tstest/tailmac: add customized macOS virtualization tooling (#13146 )	1 year ago
Swift	all: remove AUTHORS file and references to it	2 days ago
TailMac.xcodeproj	tstest/natlab: add unix address to writer for dgram mode	1 year ago
Host.entitlements	tstest/tailmac: add customized macOS virtualization tooling (#13146 )	1 year ago
Makefile	tstest/tailmac: add customized macOS virtualization tooling (#13146 )	1 year ago
README.md	tstest/tailmac: add customized macOS virtualization tooling (#13146 )	1 year ago
TailMac.entitlements	tstest/tailmac: add customized macOS virtualization tooling (#13146 )	1 year ago

README.md

Lightweight macOS VM's for tstest and natlab

This utility is designed to provide custom virtual machine tooling support for macOS. The intent is to quickly create and spin up small, preconfigured virtual machines, for executing integration and unit tests.

The primary driver is to provide support for VZVirtioNetworkDeviceConfiguration which is not supported by other popular macOS VM hosts. This also gives us the freedom to fully customize and script all virtual machine setup and interaction. VZVirtioNetworkDeviceConfiguration lets us directly inject and sink network traffic for simulating various network conditions, protocols, and topologies and ensure that the TailScale clients handle all of these situations correctly.

This may also be used as a drop-in replacement for UTM or Tart on ARM Macs for quickly spinning up test VMs. It has the added benefit that, unlike UTM which uses AppleScript, it can be run via SSH.

This uses Virtualization.framework which only supports arm64. The binaries only build for arm64.

Components

The application is built in two components:

The tailmac command line utility is used to set up and configure VM instances. The Host.app does the heavy lifting.

You will typically initiate all interactions via the tailmac command-line util.

For a full list of options:

tailmac -h

Building

% make all

Will build both the tailmac command line util and Host.app. You will need a developer account. The default bundle identifiers default to TailScale owned ids, so if you don't have (or aren't using) a TailScale dev account, you will need to change this. This should build automatically as long as you have a valid developer cert. Signing is automatic. The binaries both require the virtualization entitlement, so they do need to be signed.

There are separate recipes in the makefile to rebuild the individual components if needed.

All binaries are copied to the bin directory.

Locations

All vm images, restore images, block device files, save states, and other supporting files are persisted at ~/VM.bundle

Each vm gets its own directory. These can be archived for posterity to preserve a particular image and/or state. The mere existence of a directory containing all of the required files in ~/VM.bundle is sufficient for tailmac to be able to see and run it. ~/VM.bundle and it's contents is tailmac's state. No other state is maintained elsewhere.

Each vm has its own custom configuration which can be modified while the vm is idle. It's simple JSON - you may modify this directly, or using 'tailmac configure'.

Installing

Default a parameters

The default virtio socket device port is 51009
The default server socket for the virtual network device is /tmp/qemu-dgram.sock
The default memory size is 4Gb
The default mac address for the socket based networking is 52:cc:cc:cc:cc:01
The default mac address for the standard ethernet interface is 52:cc:cc:cc:ce:01

Creating and managing VMs

You generally perform all interactions via the tailmac command line util. A NAT ethernet device is provided so you can ssh into your instance. The ethernet IP will be dhcp assigned by the host and can be determined by parsing the contents of /var/db/dhcpd_leases

Creation

To create a new VM (this will grab a restore image for what apples deems a 'latest; if needed). Restore images are large (on the order of 10 Gb) and installation after downloading takes a few minutes. If you wish to use a custom restore image, specify it with the --image option. If RestoreImage.ipsw exists in ~/VM.bundle, it will be used. macOS versions from 12 to 15 have been tested and appear to work correctly.

tailmac create --id my_vm_id

With a custom restore image and parameters:

tailmac create --id my_custom_vm_id --image "/images/macos_ventura.ipsw" --mac 52:cc:cc:cc:cc:07 --mem 8000000000 --sock "/temp/custom.sock" --port 52345

A typical workflow would be to create single VM, manually set it up the way you wish including the installation of any required client side software (tailscaled or the client-side test harness for example) then clone that images as required and back up your images for future use.

Fetching and persisting pre-configured images is left as an exercise for the reader (for now). A previously used image can simply be copied to the ~/VM.bundle directory under a unique path and tailmac will automatically pick it up. No versioning is supported so old images may stop working in the future.

To delete a VM image, you may simply remove it's directory under ~/VM.bundle or

tailmac delete --id my_stale_vm

Note that the disk size is fixed, but should be sufficient (perhaps even excessive) for most lightweight workflows.

Restore Images

To refresh an existing restore image:

tailmac refresh

Restore images can also be obtained directly from Apple for all macOS releases. Note Apple restore images are raw installs, and the OS will require configuration, user setup, etc before being useful. Cloning a vm after clicking through the setup, creating a user and disabling things like the lock screen and enabling auto-login will save you time in the future.

Cloning

To clone an existing vm (this will clone the mac and port as well)

tailmac clone --id old_vm_id --target-id new_vm_id

Configuration

To reconfigure a existing vm:

tailmac configure --id vm_id --mac 11:22:33:44:55:66 --port 12345  --ethermac 22:33:44:55:66:77 -sock "/tmp/my.sock"

Running a VM

To list the available VM images

tailmac ls

To launch an VM

tailmac run --id machine_1

You may invoke multiple vms, but the limit on the number of concurrent instances is on the order of 2. Use the --tail option to watch the stdout of the Host.app process. There is currently no way to list the running VM instances, but invoking stop or halt for a vm instance that is not running is perfectly safe.

To gracefully stop a running VM and save its state (this is a fire and forget thing):

tailmac stop --id machine_1

Manually closing a VM's window will save the VM's state (if possible) and is the equivalent of running 'tailmac stop --id vm_id'

To halt a running vm without saving its state:

tailmac halt --id machine_1