From f3b00b72fd6b4cc2e3815e516d0b5c9e89d923af Mon Sep 17 00:00:00 2001
From: Jordan Whited <jordan@tailscale.com>
Date: Wed, 16 Jul 2025 21:01:49 -0700
Subject: [PATCH] wgengine/magicsock: don't reuse TCP conns across peer relay
 alloc reqs

They must be closed when the request completes.

Updates tailscale/corp#30534

Signed-off-by: Jordan Whited <jordan@tailscale.com>
---
 wgengine/magicsock/relaymanager.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/wgengine/magicsock/relaymanager.go b/wgengine/magicsock/relaymanager.go
index d7acf80b5..4225d7907 100644
--- a/wgengine/magicsock/relaymanager.go
+++ b/wgengine/magicsock/relaymanager.go
@@ -870,7 +870,11 @@ func doAllocate(ctx context.Context, server netip.AddrPort, discoKeys [2]key.Dis
 	if err != nil {
 		return udprelay.ServerEndpoint{}, err
 	}
-	resp, err := http.DefaultClient.Do(req)
+	transport := &http.Transport{
+		DisableKeepAlives: true, // this transport is meant to be used once
+	}
+	client := &http.Client{Transport: transport}
+	resp, err := client.Do(req)
 	if err != nil {
 		return udprelay.ServerEndpoint{}, err
 	}