Arbore: fd3efd9bad

13685-low-memory-mode-in-logtail-may-no-longer-be-needed

13765-taildrive-server-unexpectedly-starts-on-apple-tv

22332-macos-sequoia-hostname

Aadi/speedtest-tailscaled

Xe/TS-envvar-name

Xe/debug-nixos-build

Xe/derphttp-panic-fix

Xe/disallow-local-ip-for-exit-node

Xe/do-windows-logserver-better

Xe/envvar-name-TS

Xe/gitops-pusher-acl-test-error-output

Xe/gitops-pusher-ffcli

Xe/gitops-pusher-three-version-problem

Xe/hello-vr

Xe/log-target-flag

Xe/log-target-registry-key

Xe/private-logcatcher-in-process

Xe/rel-144-fix-ipv6-broken-in-tests

Xe/reset-logid-on-logout-login

Xe/synology-does-actually-work-with-subnet-routes-til

Xe/tailtlsproxy

Xe/test-install-script-libvirtd

Xe/testcontrol-v6

Xe/tsnet-funnel

Xe/winui-bugreport-without-tailscaled

aaron/dnsapc

aaron/go-ole-ref

aaron/gocross

aaron/gocross_ps1_redir

aaron/loglog

aaron/migrate_windows

aaron/oss_17111

aaron/win_buildkite_go_syms

aaron/win_process_mitigations

actions/licenses

adding-address-ips-totestcontrolnode

adrian/fix-vet-failures

adrian/stricter-labels

adrian/vip

agottardo-patch-1

alexbrainman/use_wg_dns_code

alexc/better-localbackend-logging

alexc/mark-break-watcher-conn-recv-flaky

alexc/more-testing-for-tailscale-up

alexc/share-tka-tests

alexc/tka-dont-fetch-unneeded-bootstrap

alexc/upgrade-jsonv2

andrew/bump-esbuild

andrew/captive-portal-package

andrew/captive-use-atomic

andrew/cloudenv-location

andrew/context-dedup-errors

andrew/control-key-store

andrew/controlclient-dial

andrew/controlclient-use-last-addr

andrew/current-time

andrew/debug-integration-tests

andrew/debug-subnet-router

andrew/derp-bound-latency

andrew/disco-af-packet-refactor

andrew/dns-fallback

andrew/dns-more-logging

andrew/dns-wrap-errors

andrew/dnscache-debugging-1.22.2

andrew/dnscache-hard-code-localhost

andrew/doctor-conntrack

andrew/doctor-scutil

andrew/execqueue-metrics

andrew/fastjson

andrew/health-state

andrew/hostinfo-HavePortMap

andrew/ipn-debug-1.42.0

andrew/keyfallback

andrew/linux-router-v4-disabled

andrew/metrics-distribution

andrew/monitor-link-change

andrew/net-dns-systemd-no-stub

andrew/net-tsaddr-mapviaaddr

andrew/netns-macos-route

andrew/netns-more-logging

andrew/netstack-forwarder-debug

andrew/nixos-vm-tests

andrew/noise-conn-test

andrew/peer-ipv6-addrs

andrew/peer-status-KeyExpiry

andrew/peercap-ipv6-aaaa

andrew/pr-17281-test

andrew/prom-omit-metrics

andrew/router-drop-ula

andrew/slicesx-deduplicate

andrew/syncs-tsync

andrew/topk-no-duplicates

andrew/tstest-goroutine-ignore

andrew/upnp-unfork

andrew/util-dnsconfig

andrew/wgengine-filter-split

andrew/wgengine-router-debug

andrew/workgraph

angott/23782

angott/26146-define

angott/allow-thunderbolt-bridge

angott/captive-exit-node-disablement

angott/corp-18441

angott/dns-cli-stream

angott/dns-warnables

angott/doh-clients-sleep-mode

angott/ignore-some-warnings-startup

angott/sleep-debug-apis

angott/tvos-23087

angott/userdefaults-reader

annotations

apenwarr/check184

apenwarr/faketun

apenwarr/fixes

apenwarr/ioslogin

apenwarr/relogin

apenwarr/statefix

apenwarr/statetest

awly/appconnector-debug-logs

awly/go_124

awly/ipnlocal-watchnotifications-clientversion

awly/linux-sudoers-local-admin-poc

awly/tpm-command-caps

awly/tpm-seal-timing

awly/version-override

azure

bcreane/validate-subnet-route-accepts

bm/4via6

bm/tsoidc

bradfitz/1.14

bradfitz/1.18.1

bradfitz/1_16_stress_netmap

bradfitz/TwoDevicePing

bradfitz/acl_tags_in_tailscale_status

bradfitz/acme

bradfitz/allsrc

bradfitz/api_docs

bradfitz/appendf

bradfitz/autocert_force

bradfitz/avoid_initial

bradfitz/bench

bradfitz/browser_ext

bradfitz/bumptoolchain

bradfitz/calc_state

bradfitz/call_me_maybe_eps

bradfitz/cgnat_disable_v4

bradfitz/cherry-pick-iptables

bradfitz/cli_admin

bradfitz/cli_pretty

bradfitz/cli_ts2021_hang_test

bradfitz/cmd_printmetric

bradfitz/compontent_logs

bradfitz/controll

bradfitz/countrycode

bradfitz/darwin_creds

bradfitz/darwin_gw

bradfitz/dataplane_logs_no_logs_no_support

bradfitz/dctp_disco

bradfitz/debug_tstest

bradfitz/deephash_early_exit

bradfitz/deephash_methods

bradfitz/demo_client_hijack

bradfitz/demo_pinger

bradfitz/derp_flow

bradfitz/derp_flow_track

bradfitz/derp_mesh

bradfitz/derp_steer

bradfitz/derper_gcp

bradfitz/derpy_cast

bradfitz/devdrive

bradfitz/disco_change_remove_sync

bradfitz/distro_ubuntu

bradfitz/dot

bradfitz/dropped_by_filter_logspam

bradfitz/dup_add

bradfitz/eventbus_too_slow

bradfitz/evsub

bradfitz/exit_node_forward_dns

bradfitz/expiry_spin

bradfitz/explicit_empty_test_3808

bradfitz/feature_appconnectors

bradfitz/fix_ipn_cloner

bradfitz/foo

bradfitz/getstatus

bradfitz/go_vet

bradfitz/gocross_cgo_packages_test

bradfitz/gocross_wantver

bradfitz/gok_test

bradfitz/gokrazy_busybox

bradfitz/gokrazy_dns

bradfitz/grafana_auth_proxy

bradfitz/gui_netmap

bradfitz/gvisor_netstack

bradfitz/hello

bradfitz/hostinfo_basically_equal

bradfitz/hostinfo_ingress_bit

bradfitz/ignore_ula

bradfitz/integration_more_tun

bradfitz/integration_tests

bradfitz/ios_ish

bradfitz/ip_of

bradfitz/ipn_empty

bradfitz/ipv6_link_local_strip

bradfitz/ipx_set_contains

bradfitz/issue_1840_rebased_tree

bradfitz/issue_1849_rebased_tree

bradfitz/json2

bradfitz/key_rotation_prep

bradfitz/keyboard-interactive

bradfitz/kmod

bradfitz/lanscaping

bradfitz/lazy_wg_pushdown2

bradfitz/linux_default_route_interface

bradfitz/linux_v6_off

bradfitz/linuxfw_nil_table

bradfitz/lite-on-restart

bradfitz/lite_endpoint_update

bradfitz/log_rate_test

bradfitz/login_retry

bradfitz/machine_key

bradfitz/macos_progress

bradfitz/magicsock_relayserver

bradfitz/matrix

bradfitz/mcp

bradfitz/mesh_vpc

bradfitz/mutex_debug

bradfitz/negdep

bradfitz/netstack_drop_silent

bradfitz/netstack_fwd_close

bradfitz/netstack_port_map

bradfitz/nm_cache

bradfitz/nm_cache_disk

bradfitz/nodectx_ctx

bradfitz/nodepublic_uniq

bradfitz/nogreentea

bradfitz/noise_debug_more

bradfitz/notify_delta

bradfitz/percy/unforked-ssh-try-gomod

bradfitz/ping

bradfitz/ping_notes

bradfitz/plan9

bradfitz/port_intercept

bradfitz/portmap_gh_actions

bradfitz/portmap_test

bradfitz/porttrack

bradfitz/proposed-1.4.5

bradfitz/proposed_1.4.6

bradfitz/quic_dns

bradfitz/recursive_controlknob

bradfitz/release-branch-1.0

bradfitz/resume

bradfitz/rm_usermetrics_66KB

bradfitz/sassy

bradfitz/sessionactivetimeout

bradfitz/set_prefs_locked

bradfitz/shared_split_dns

bradfitz/silentdisco_knob

bradfitz/sleep

bradfitz/ssh_auth_none_demo

bradfitz/ssh_banner

bradfitz/ssh_config_from_env

bradfitz/ssh_policy_earlier

bradfitz/ssh_tsnet

bradfitz/syspolicy_key

bradfitz/tailpipe

bradfitz/tailssh_crash

bradfitz/tbug

bradfitz/tcp_flows

bradfitz/test

bradfitz/tidy

bradfitz/tinyderpclient

bradfitz/tkasig_type

bradfitz/u32

bradfitz/umaskless_permissions

bradfitz/updates

bradfitz/use_netstack_upstream

bradfitz/vizerrinternal2

bradfitz/vizinternal

bradfitz/vnet2

bradfitz/wait_unpause

bradfitz/wasm_play

bradfitz/wgengine_monitor_windows_take2

bradfitz/win_default_route

bradfitz/win_delete_retry

bradfitz/win_firewall_async

bradfitz/win_unattended_warning

bradfitz/win_wpad_pac

bradfitz/windns

bradfitz/ws_arg_test

brafitz/remote-config

brendan/convert-mdx-release-notes-to-goreleaser-chlog

brianp/controlclient-timings

buildjet

buildjet-vs-github

c22wen/api-docs

c22wen/magicsock.go

c22wen/route-addr

c761d10

catzkorn/addrsend

catzkorn/derp-benchmark

catzkorn/jira

catzkorn/netcheckuout

catzkorn/otel-derp

catzkorn/otel-init

chaosinthecrd/adding-server-url-multi-tailnet

chaosinthecrd/authkey-reissue

chaosinthecrd/configure-proxyclass-via-annotation

chaosinthecrd/k8s-operator-ha-ingress-readiness

chaosinthecrd/k8s-operator-network-proxy-ha-mode

chaosinthecrd/k8s-operator-proxygroup-event-filter

chaosinthecrd/k8s-operator-tailscale-service-ports

chaosinthecrd/map-error-response

chaosinthecrd/node-not-found-warnable

chaosinthecrd/query-dns-resolve-containerboot

chaosinthecrd/query-dns-resolve-for-containerboot

chaosinthecrd/userspace-tsnet-proxy

chart/k8s-operator

clairew/add-disco-pong-padding

clairew/add-latitude-longitude

clairew/client-suggest-node-poc

clairew/handle-auto-exit-node-value

clairew/log-dst-exit-node

clairew/mdm-interface

clairew/peer-node-capability-documentation

clairew/receive-icmp-errors

clairew/refactor-new-timer

clairew/revert-storing-last-suggested

clairew/suggest-non-mullvad-exit-node

clairew/test-wrapper-file

clairew/test-wrapper-write-file

clairew/tsnet_get_own_ip

clairew/tstime-net

clairew/tstime-wgengine

clairew/use-tstime-etc

clone

cloner

cmol/add_upnp_release_timeout

cmol/avoid-overwrite-new-disco

cmol/debug-write-netmap-to-disk

cmol/decouple_magicsock_ipnlocal

cmol/delay-disco-key-exchange

cmol/gokrazy-switch-to-official-kernel-builds

cmol/natlab-experiments

cmol/portupdate_eventbus_direct

cmol/run_portmapper_in_exec_queue

containerboot-exit-code

crawshaw/accumulatorcfg

crawshaw/activesum

crawshaw/art-table

crawshaw/br1

crawshaw/cgi

crawshaw/cloner

crawshaw/deephash

crawshaw/derp-nokeepalives

crawshaw/derpdial

crawshaw/derpdial2

crawshaw/derptimeout

crawshaw/dnsguid

crawshaw/dnswslhackery

crawshaw/e2e_test

crawshaw/e2etest

crawshaw/envtype

crawshaw/filchsync

crawshaw/hostinfo

crawshaw/httpconnect

crawshaw/ipn

crawshaw/ipn2

crawshaw/ipuint

crawshaw/jsonhandler

crawshaw/lnclose

crawshaw/loadtest

crawshaw/localapi404

crawshaw/magicdnsalways

crawshaw/magicsock

crawshaw/magicsock-infping

crawshaw/movefiles

crawshaw/newbackendserver

crawshaw/ondemanddomains

crawshaw/peerdoh

crawshaw/pidlisten

crawshaw/pinger2

crawshaw/preservenetinfo

crawshaw/rebind

crawshaw/restartlimit

crawshaw/socket

crawshaw/spray

crawshaw/stunchild

crawshaw/stunname

crawshaw/syno

crawshaw/tailcfg

crawshaw/tailscalestatus

crawshaw/tsnet1

crawshaw/tswebextra

crawshaw/updatefallback

crawshaw/upjson

crawshaw/wslresolvconf

crawshaw/xdp

cross-android

danderson/backport

danderson/bootstrap

danderson/debug-garden

danderson/ebpf

danderson/helm

danderson/k8s

danderson/kernel-tailscale

danderson/lru-rollback

danderson/magicsock-discokey

danderson/magicsock-node-key

danderson/mkversion

danderson/nodekey-cleanup

danderson/nodekey-delete-old

danderson/nodekey-move

danderson/tsburrito

danderson/tsweb-server

danderson/version-private3

davidb/containerboot-disconnect-control

dctp

dctp-1

dctp1

debug-testwrapper

dependabot/github_actions/actions/download-artifact-8.0.0

dependabot/github_actions/actions/upload-artifact-7.0.0

dependabot/github_actions/github/codeql-action-4.32.6

dependabot/go_modules/github.com/docker/cli-29.2.0incompatible

dependabot/npm_and_yarn/client/web/rollup-4.59.0

dgentry-authkey

dgentry-b10911

dgentry-coverage

dgentry-istoreos

dgentry-nix-flake

dgentry/atomicfile

dgentry/sniproxy-dns

dns-proxygroup

docker_state

dshynkev/dns-autoset

dshynkev/dns-name

dshynkev/dns-refactor

dsnet/admin-cli

dsnet/httpio

dsnet/jsonimports-ci

dsnet/jsonv1in2

dsnet/logpolicy-metrics

dsnet/logtail-iopipe

dsnet/logtail-zstd-single-segment

dsnet/migrate-omitzero

dsnet/netlog-tailcfg

dsnet/slices-collect

dsnet/statestore

dsnet/syncs-lock

dsnet/tsnet-logging

dsnet/tsweb-499s

dsnet/tunstats-v2

dsnet/update-jsonv2

dsnet/viewer-jsonv2

dylan/debug-peer-relay-sessions

dylan/derp-hosting-provider

enable-exit-node-dst-logs

enable-exit-node-dst-logs-2

exclude_int

flyingsquirrel_bak

fran/appc-domain-delte-prototype

fran/appc-ensmallen-gh-preset

fran/appc-store-routes-by-source

fran/conn25-dns

fran/conn25-rewrite-dns

fran/conn25-send-ips-to-connector-2

fran/fix-appc-routes

fran/fix-appc-write-new-domain

fran/franwip2

fran/franwip3

fran/natc-consensus-prototype

fran/natc-raft

fserb/natlab-flaky

gesa/device-ui-bug

gesa/ssh-client-session-monitoring

gesa/ssh-crash-local-user

go126

hwh33/add-unix-sockets-to-serve

hwh33/tsnet-service-listener-cleanup

icio/go1.24-testwrapper

icio/opt-nojsonv2

icio/public-key-short

icio/testwrapper2

ip6tables

ipv6-nameserver

irbekrm/accept_routes

irbekrm/byocerts

irbekrm/cert_share

irbekrm/cert_share_kubestore

irbekrm/certsharev2

irbekrm/chartandcli

irbekrm/cherry_fix_panic

irbekrm/cigocacher_tmp

irbekrm/clustermagicdns

irbekrm/conf

irbekrm/connector_multireplica

irbekrm/containerboot_healthz

irbekrm/containerbootdeclarativeconf

irbekrm/debug

irbekrm/dnat

irbekrm/dnstest

irbekrm/doc_tags

irbekrm/egress

irbekrm/egress-dns

irbekrm/egressc

irbekrm/egressconfig

irbekrm/egressha

irbekrm/egresshapm

irbekrm/eks

irbekrm/external_services

irbekrm/extsvcnftableslb

irbekrm/fix

irbekrm/fix_logout_loop

irbekrm/fixsubnets

irbekrm/funnel_on

irbekrm/improve_logout

irbekrm/ingress_services

irbekrm/k8s-autopilot

irbekrm/k8s-nftables

irbekrm/k8sipnft

irbekrm/k8sipnftheuristics

irbekrm/kube_build_tags

irbekrm/kubeipnft

irbekrm/kubetestsetup

irbekrm/lcdeprecated

irbekrm/le

irbekrm/log_invalid_order

irbekrm/manifests_crd

irbekrm/maybe_fix_v6

irbekrm/operator_linux_only

irbekrm/operatorversion

irbekrm/os

irbekrm/pc_pretendpoints

irbekrm/pretendpoints

irbekrm/proxycidrs

irbekrm/proxyclass

irbekrm/proxyclass2

irbekrm/pull_in_certs

irbekrm/reload_config

irbekrm/serve_log

irbekrm/set_args

irbekrm/splitkeys

irbekrm/static_crd

irbekrm/svc_conditions

irbekrm/tunmssg

irbekrm/udp_fwd

irbekrm/vip_svcs_api

irbekrm/websocket

jamesbrad/controlhttp-race-dial

jasonodonnell/sync

jaxxstorm/ssm_kms

jaxxstorm/static_endpoints

jknodt/bw_rep2

jknodt/derp_flow

jknodt/integ_test

jknodt/io-uring

jknodt/logging

jknodt/periodic_probe

jknodt/portmap_test

jknodt/upnp

jknodt/upnp_reuse

jknodt/userderp

jknodt/vms_ref

jonathan/derp-health-spam

jonathan/dns_loopback

jonathan/missing_resolvers

jonathan/netns_probe

josh/IPWithPort

josh/NewIPPort

josh/coarsetime

josh/de-select-tstun-wrapper

josh/debug-TestLikelyHomeRouterIPSyscallExec

josh/debug-flake

josh/deflake-pipe-again

josh/fast-time

josh/immutable-views

josh/io_uring

josh/longblock

josh/no-goroutine-per-udp-read-2

josh/opt-dp-wip

josh/opt-getstatus

josh/peermap

josh/remove-ipcgetfilter

josh/simplify-filch

josh/tswebflags

josh/udp-alloc-less

josh/wip/create-endpoint-no-public-key

josh/wip/endpoint-serialize

jwhited/android-packet-vectors

jwhited/derp-cmm-timestamp

jwhited/derp-https-tcp-connect

jwhited/disable-peer-relay-if-cryptorouting-disabled

jwhited/ep-relay-capable

jwhited/gVisor-gso-gro

jwhited/gvisor-revert-gro

jwhited/lazy-endpoint-control-knobs

jwhited/peer-relay-pathological-intervals

jwhited/peer-verify-every-packet-batch

jwhited/qd-slice

jwhited/relay-handshake

jwhited/relay-manager-alloc-req-no-keepalives

jwhited/relay-manager-logs

jwhited/relay-peerapi

jwhited/relay-set-flags-config

jwhited/test-local-forwarder

jwhited/testing-mod-capver-checks

jwhited/udprelay-metrics-per-batch

jwhited/udprelay-xdp

jwhited/unsafe-exp

jwhited/verify-peer-periodically

jwhited/wireguard-go-vectorized-bind

k8s-idp

k8s-proxy-l4-tcpforward

k8s_priority_class

kari/bindsock

kari/nilbus

kari/saftaildrop

kari/taildropsaf

kari/taildropsaf2

kevin/Split_Remove_advertised_routes_from_pref

kevin/add_services_flag_to_tailscale_serve_and_enrich_output

kevin/add_services_to_status_subcommand_for_serve

kevin/allow_serve_remote_destination

kevin/allow_service_host_access_hosted_service_test

kevin/packet_to_vipService_by_ip_instead_of_host

kevin/test_for_applyCheckoutAddr

knyar/derpmesh

knyar/dnstest

knyar/install

knyar/install2

knyar/installmore

knyar/lp

knyar/metricshelp

knyar/metrictype

knyar/morebuntu

knyar/netmapdiff2

knyar/posturemac

knyar/renew

knyar/restartmap

knyar/serve-grants-headers

knyar/sshcap

knyar/tnlocktest

knyar/userfacing-metrics

knyar/usermetrics-wgengine

knyar/worklifeposture

kradalby-keys-db-interface

kradalby/chaos

kradalby/chaos-oss

kradalby/keys-db-interface

kradalby/nix-dont-overlap-tool

kradalby/nixos-module

kradalby/userfacing-metrics-moar

kradalby/usermetrics-wgengine-errors

kradalby/view-only-type

kristoffer/editable-tailnet-displayname

kristoffer/enable-mips-pkgs

kube_exp

licenses/android

licenses/cli

licenses/corp

lzjluzijie/227_http_proxy

lzjluzijie/all_proxy

macsys-update

main

maisem/doc

maisem/exp-k8s

maisem/fix-deadlock

maisem/flake-3

maisem/hi

maisem/k8s-cache

maisem/ni

maisem/proxy-1

maisem/tsnet-forward

marwan/altmem_stash

marwan/displayname

marwan/noconstructor

marwan/noconstructor2

marwan/offunc

marwan/polleropts

marwan/portlistrefactor

marwan/postmem

marwan/scmem

marwan/servedev

marwan/tmp

merge-tag

mihaip/delete-all-profiles

mihaip/fas

mihaip/js-cli

mihaip/logout-async-start

mihaip/wasm-taildrop

mikeodr/add-nixos-modules

miriah-3808-reset-operator

mjf/no-ws-on-ios

mkramlich/macos-brew

mkramlich/macos-brew2

mpminardi/bump-go-patch

mpminardi/deadlock-test

mpminardi/derp-experiments

mpminardi/derp-ideal-reconnect

mpminardi/dsm-7-2-builds-fix

mpminardi/flaky-test-ssh

mpminardi/policy-debugging

mpminardi/temp

mpminardi/test-cache-experiments

mpminardi/tsnet-test

mzb/corp-30906/direct-dnstype

mzb/corp-34249/conn25-datapath

mzb/corp-35989/conn25-filters

mzb/dnat-exp

naman/ephem-expand-range

naman/netstack-bump-version

naman/netstack-incoming

naman/netstack-outgoing-udp-test

naman/netstack-request-logging

naman/netstack-subnet-routing

naman/netstack-use-tailscale-ip

naman/serveconf-endpointinfo-tests

naman/web-client-update-fixes

net-audit-log/1.32

netstat-unsafe

nickkhyl/appendmatchingpeers

nickkhyl/authreconfig-defer-unlock

nickkhyl/authreconfig-once

nickkhyl/authurl-notify-backport

nickkhyl/context-with-lock

nickkhyl/ctxlock-generics

nickkhyl/fix-dialplan-resets

nickkhyl/healthnotify-on-release

nickkhyl/http2-for-win-safesocket

nickkhyl/ipn-user-identity

nickkhyl/lb-statemachine2

nickkhyl/locksmith

nickkhyl/nodecontext-lifecycle

nickkhyl/posture-sn-override

nickkhyl/rioconn

nickkhyl/syspolicy-new

nickkhyl/tailscaled-deferredinit

nickkhyl/tsvnic-experiment

nickkhyl/viewer-improvements

nix-shell

nocross

noerror-not-notimp

noncombatant/add-hello-systemd

noncombatant/large-int-string

noncombatant/safeweb-cleanup

nyghtowl/fix-resolved

nyghtowl/tailnet-name2

onebinary

operator_direct_connections

ox/11854

ox/11854-3-sftp

ox/11954-3

ox/corp-19592

oxtoacart/automount

oxtoacart/dsnet_codereview_fixes

oxtoacart/golden_memory

oxtoacart/immediately_access_shares

oxtoacart/no_indent_status

patrickod/backport-csrf-fix

patrickod/bradtfitz-flow-rebased

patrickod/bump-circl

patrickod/hardware-attestation-key

patrickod/reverse-web-handler-order-csrf

patrickod/safeweb-sec-fetch-site

patrickod/swtpm-integration-test

patrickod/webui-sec-fetch-site

percy/cherry-pick-2648d475d751b47755958f47a366e300b6b6de0a

percy/corp27066-vizerror-wrapf

percy/corp35008

percy/derp-jwt

percy/derp-track-drop-distribution

percy/derp-track-queue-depth

percy/derp_sequence_diagram

percy/derpopt

percy/drive-verbose

percy/issue14393

percy/issue16983

percy/issue24522-1-continuous-bandwidth

percy/issue24522-2-region-restrict-yaml

percy/issue8593

percy/issue8593-prep

percy/movelocalapi

percy/oss14025

percy/oss14025-2

percy/unforked-ssh-try

peske/elnotfound

peske/ifacewatcher

proxyclass/sa

ptruby/initial-tailscale-ui-components-integration

push-otwrlsqunmon

push-tyyxlsmpmlvz

push-wmvmtoxuoumt

push-ykxypyzonmux

raggi/accept-routes-filter

raggi/atomiccloseonce

raggi/bump-goreleaserv2

raggi/callmebaby

raggi/derp-204-cache-control

raggi/derp-intern-key

raggi/derp-probe-stun-loss

raggi/derp-route-optimization

raggi/disco-key-rotate-graceful

raggi/disco-key-tsmp

raggi/disco-key-tsmp2

raggi/dnsfallback

raggi/document-deprecated-approach

raggi/envknobs-gso-gro

raggi/eperm-health

raggi/experiment-queues

raggi/gocross-empty-goos-goarch

raggi/gofuzz

raggi/gotoolchain

raggi/gvisor-hostarch-deptest

raggi/heartbeat-timebomb

raggi/hello-temp

raggi/icmplistener

raggi/iptables-kernel-bug-message

raggi/latencyqueue

raggi/linux6644

raggi/mkversion-pre

raggi/natc-6

raggi/natc-upstream-keepalive

raggi/netfilter-add-modes

raggi/netfilter-runtime

raggi/netmon-darwin-route-restart

raggi/netstack_fwd_close

raggi/rand

raggi/restore-extra-records-dns

raggi/rsh-prototype

raggi/ssh-shutdown

raggi/stun-reply-source

raggi/stun-subprocess

raggi/stunc

raggi/stunc2

raggi/tsdebugger

raggi/tsnet-ippacket

raggi/tsnet-listenservice-alongsidetun

raggi/tsweb-compression

raggi/v6masq

raggi/web-zst-precompress

rajsingh/36126-stdin-recording

rajsingh/fix-apiserver-pg-ownership-reclaim

rajsinghtech/cmd/k8s-operator/enphemeral-proxy

rajsinghtech/k8s-operator-ingress-ha-externalname

rajsinghtech/k8s-operator/enphemeral

rajsinghtech/peer-connection-metrics

rajsinghtech/peercaps-service-vips

rajsinghtech/serve-h2c-all-http2

rajsinghtech/tsidp-kubestore

rate-limiting

rec_in_use_after_5_sec

releaase

release-branch/1.0

release-branch/1.10

release-branch/1.12

release-branch/1.14

release-branch/1.16

release-branch/1.18

release-branch/1.2

release-branch/1.20

release-branch/1.22

release-branch/1.24

release-branch/1.26

release-branch/1.28

release-branch/1.30

release-branch/1.32

release-branch/1.34

release-branch/1.36

release-branch/1.38

release-branch/1.4

release-branch/1.40

release-branch/1.42

release-branch/1.44

release-branch/1.46

release-branch/1.48

release-branch/1.50

release-branch/1.52

release-branch/1.54

release-branch/1.56

release-branch/1.58

release-branch/1.6

release-branch/1.60

release-branch/1.62

release-branch/1.64

release-branch/1.64.0

release-branch/1.66

release-branch/1.68

release-branch/1.70

release-branch/1.72

release-branch/1.74

release-branch/1.76

release-branch/1.78

release-branch/1.8

release-branch/1.80

release-branch/1.82

release-branch/1.84

release-branch/1.86

release-branch/1.88

release-branch/1.90

release-branch/1.90.0

release-branch/1.92

release-branch/1.94

release-branch/1.96

revert-11590-catzkorn/penguin

revert-15839-zofrex/refactor-control-health

rhea/apple-test

rhea/egress

rhea/taildrop-resume

richard/15037

richard/15037-2

richard/15372

rosszurowski/cli-fix-typo

s/eq

s/pmtud

s/tsnetd

sam/tailscale-up-with-jwt

scottjab/add-sparsefile-punching

sfllaw/tailscale-ping-for-client-side-reachability

sfllaw/traffic-steering/debug-set-location

sfllaw/traffic-steering/suggest-exit-node-steering

shayne/funnel_cmd

shayne/k8s-serve

shayne/serve_empty_text_handler

simeng-pingtest

simenghe/add-httphandlers-ping

simenghe/add-ping-route-testcontrol-mux

simenghe/add-tsmpping-call

simenghe/admin-ping-test

simenghe/flakeresolve

simenghe/isoping

simenghe/isoping-experiment

simenghe/pingresult-work

simenghe/tcpnodeping

skriptble/ssh-recording-persist

soniaappasamy/fix-test-flake

soniaappasamy/fix-web-client-lock

soniaappasamy/serve-funnel-ui

soniaappasamy/use-swr

soniaappasamy/web-auth-restructure

tim/installer-id_like

tom/derp

tom/disco

tom/integration

tom/iptables

tom/tka2

tom/tka4

tom/tka6

tomhjp/authkey-reissue

tomhjp/cigocacher-cache

tomhjp/cigocacher-token-from-env

tomhjp/cigocacher-tool

tomhjp/cigocacher-with-ci

tomhjp/comparable-struct-as-key

tomhjp/consistent-state-test

tomhjp/debug-gocross

tomhjp/dns-01-test-env

tomhjp/handle-multiple-messages-per-ws-frame

tomhjp/ingress-preshutdown

tomhjp/k8s-proxy-2

tomhjp/k8s-proxy-3

tomhjp/magicsock-endpoints

tomhjp/mock-acme-server

tomhjp/poc-peer-relay-proxygroup

tomhjp/tailscaled-kube-conf

tomhjp/tsnet-auth-loop

tps/tailscaled

tsweb/client-ui

tyler/serve-status

unraid-web

upnpdebug

valscale/ptb

walterp-api

walterp/docs-863-update-docker-run-command-on-docker-hub-page-for

will-systray

will/containerboot-webui

will/enforce-hostname

will/sonia/web-tailscaled

will/status-tailnet

will/tsnet-udp

will/webclient-csrf

will/webclient-mobile

willh/rc-updates

zach/temporary-cert-testing

zofrex/auto-login-comments

zofrex/fix-test-wg-engine-status-race

zofrex/poc-health-v2

zofrex/set-url-wg-status-race-2

zofrex/testwrapper-json-output

zofrex/x-poc-e2e-netmap-packetfilter-test

Charlotte Brandhorst-Satzkorn 4f4f317174 api.md: direct TOC links to new publicapi docs location		1 an în urmă
..
device.md	4f4f317174 api.md: direct TOC links to new publicapi docs location	1 an în urmă
deviceinvites.md	c56e0c4934 publicapi: include device and user invites API documentation (#12168)	1 an în urmă
readme.md	4f4f317174 api.md: direct TOC links to new publicapi docs location	1 an în urmă
tailnet.md	4f4f317174 api.md: direct TOC links to new publicapi docs location	1 an în urmă
userinvites.md	c56e0c4934 publicapi: include device and user invites API documentation (#12168)	1 an în urmă

Tailscale API

The Tailscale API is a (mostly) RESTful API. Typically, both POST bodies and responses are JSON-encoded.

Base URL

The base URL for the Tailscale API is https://api.tailscale.com/api/v2/.

Examples in this document may abbreviate this to /api/v2/.

Authentication

Requests to the Tailscale API are authenticated with an API access token (sometimes called an API key). Access tokens can be supplied as the username portion of HTTP Basic authentication (leave the password blank) or as an OAuth Bearer token:

# passing token with basic auth
curl -u "tskey-api-xxxxx:" https://api.tailscale.com/api/v2/...

# passing token as bearer token
curl -H "Authorization: Bearer tskey-api-xxxxx" https://api.tailscale.com/api/v2/...

Access tokens for individual users can be created and managed from the Keys page of the admin console. These tokens will have the same permissions as the owning user, and can be set to expire in 1 to 90 days. Access tokens are identifiable by the prefix tskey-api-.

Alternatively, an OAuth client can be used to create short-lived access tokens with scoped permission. OAuth clients don't expire, and can therefore be used to provide ongoing access to the API, creating access tokens as needed. OAuth clients and the access tokens they create are not tied to an individual Tailscale user. OAuth client secrets are identifiable by the prefix tskey-client-. Learn more about OAuth clients.

Errors

The Tailscale API returns status codes consistent with standard HTTP conventions. In addition to the status code, errors may include additional information in the response body:

{
  "message": "additional error information"
}

Pagination

The Tailscale API does not currently support pagination. All results are returned at once.

APIs

Device

Get a device: GET /api/v2/device/{deviceid}
Delete a device: DELETE /api/v2/device/{deviceID}
Expire device key: POST /api/v2/device/{deviceID}/expire
Routes
- Get device routes: GET /api/v2/device/{deviceID}/routes
- Set device routes: POST /api/v2/device/{deviceID}/routes
Authorize
- Authorize a device: POST /api/v2/device/{deviceID}/authorized
Tags
- Update tags: POST /api/v2/device/{deviceID}/tags
Keys
- Update device key: POST /api/v2/device/{deviceID}/key
IP Addresses
- Set device IPv4 address: POST /api/v2/device/{deviceID}/ip
Device posture attributes
- Get device posture attributes: GET /api/v2/device/{deviceID}/attributes
- Set custom device posture attributes: POST /api/v2/device/{deviceID}/attributes/{attributeKey}
- Delete custom device posture attributes: DELETE /api/v2/device/{deviceID}/attributes/{attributeKey}
Device invites
- List device invites: GET /api/v2/device/{deviceID}/device-invites
- Create device invites: POST /api/v2/device/{deviceID}/device-invites

Tailnet

Policy File
- Get policy file: GET /api/v2/tailnet/{tailnet}/acl
- Update policy file: POST /api/v2/tailnet/{tailnet}/acl
- Preview rule matches: POST /api/v2/tailnet/{tailnet}/acl/preview
- Validate and test policy file: POST /api/v2/tailnet/{tailnet}/acl/validate
Devices
- List tailnet devices: GET /api/v2/tailnet/{tailnet}/devices
Keys
- List tailnet keys: GET /api/v2/tailnet/{tailnet}/keys
- Create an auth key: POST /api/v2/tailnet/{tailnet}/keys
- Get a key: GET /api/v2/tailnet/{tailnet}/keys/{keyid}
- Delete a key: DELETE /api/v2/tailnet/{tailnet}/keys/{keyid}
DNS
- Nameservers
- Get nameservers: GET /api/v2/tailnet/{tailnet}/dns/nameservers
- Set nameservers: POST /api/v2/tailnet/{tailnet}/dns/nameservers
- Preferences
- Get DNS preferences: GET /api/v2/tailnet/{tailnet}/dns/preferences
- Set DNS preferences: POST /api/v2/tailnet/{tailnet}/dns/preferences
- Search Paths
- Get search paths: GET /api/v2/tailnet/{tailnet}/dns/searchpaths
- Set search paths: POST /api/v2/tailnet/{tailnet}/dns/searchpaths
- Split DNS
- Get split DNS: GET /api/v2/tailnet/{tailnet}/dns/split-dns
- Update split DNS: PATCH /api/v2/tailnet/{tailnet}/dns/split-dns
- Set split DNS: PUT /api/v2/tailnet/{tailnet}/dns/split-dns
User invites
- List user invites: GET /api/v2/tailnet/{tailnet}/user-invites
- Create user invites: POST /api/v2/tailnet/{tailnet}/user-invites

User invites

Get user invite: GET /api/v2/user-invites/{userInviteId}
Delete user invite: DELETE /api/v2/user-invites/{userInviteId}
Resend user invite (by email): POST /api/v2/user-invites/{userInviteId}/resend

Device invites

Get device invite: GET /api/v2/device-invites/{deviceInviteId}
Delete device invite: DELETE /api/v2/device-invites/{deviceInviteId}
Resend device invite (by email): POST /api/v2/device-invites/{deviceInviteId}/resend
Accept device invite POST /api/v2/device-invites/-/accept