From 44c32587e3f9b98a30bfc4f6f742febf352382cd Mon Sep 17 00:00:00 2001
From: pptx704 <rafeed@omukk.dev>
Date: Thu, 16 Apr 2026 14:57:44 +0600
Subject: [PATCH] Cap network slot allocator at 32767 to match veth IP space

The veth addressing uses 10.12.0.0/16 with 2 IPs per slot. At slot
index 32768, vethOffset=65536 overflows byte arithmetic and wraps back
to 10.12.0.0, causing silent IP collisions with existing sandboxes.
Cap the allocator at 32767, which is the actual addressable limit.
---
 internal/network/allocator.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/network/allocator.go b/internal/network/allocator.go
index b7265e6..6a929d0 100644
--- a/internal/network/allocator.go
+++ b/internal/network/allocator.go
@@ -24,7 +24,7 @@ func (a *SlotAllocator) Allocate() (int, error) {
 	a.mu.Lock()
 	defer a.mu.Unlock()
 
-	for i := 1; i <= 65534; i++ {
+	for i := 1; i <= 32767; i++ {
 		if !a.inUse[i] {
 			a.inUse[i] = true
 			return i, nil