mirror of
https://github.com/juanfont/headscale.git
synced 2026-05-05 03:56:10 +02:00
ecaf56e0a0
Force-disconnect leaves stale routes in the container's network namespace: libnetwork removes the host-side veth but the namespace-internal route survives. The next ConnectNetwork on the same network then fails with "cannot program address X/16 in sandbox interface because it conflicts with existing route", and the route never resolves on its own. Bounded retry around ConnectNetwork exhausts MaxElapsedTime instead of recovering. Without Force, libnetwork drains the namespace routes synchronously during disconnect and ConnectNetwork sees a clean slate. Cable-pull semantic is preserved: docker still tears down the endpoint at the namespace level, leaving in-flight TCP half-open inside the container's view, verified via paired probe-timeout pairs in HA prober logs while both routers are physically disconnected. Fixes #3234