Skip to content

Commit

Permalink
more to shutdown
Browse files Browse the repository at this point in the history
  • Loading branch information
@paulgmiller
paulgmiller committed Nov 20, 2024
1 parent 64e2977 commit 687be64
Showing 1 changed file with 8 additions and 3 deletions.
11 changes: 8 additions & 3 deletions pkg/nfqinterceptor/nfqinterceptor.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,13 +64,19 @@ type nfqInterceptor struct {
queueid int
NetfilterBug1766Fix bool
interceptAll bool //!c.config.AdminNetworkPolicy && !c.config.BaselineAdminNetworkPolicy

//populated late and saved for close
nf *nfqueue.Nfqueue
}

func (n nfqInterceptor) Stop(ctx context.Context) {
func (n *nfqInterceptor) Stop(ctx context.Context) {
n.cleanNFTablesRules(ctx)
if n.nf != nil {
n.nf.Close()
}
}

func (n nfqInterceptor) Run(ctx context.Context, renderVerdict func(networkpolicy.Packet) int) error {
func (n *nfqInterceptor) Run(ctx context.Context, renderVerdict func(networkpolicy.Packet) int) error {
logger := klog.FromContext(ctx)
registerMetrics(ctx)
go wait.UntilWithContext(ctx, func(ctx context.Context) {
Expand Down Expand Up @@ -117,7 +123,6 @@ func (n nfqInterceptor) Run(ctx context.Context, renderVerdict func(networkpolic
logger.Info("could not open nfqueue socket", "error", err)
return err
}
defer nf.Close()

logger.Info("Syncing nftables rules")
_ = n.Sync(ctx, sets.Set[string]{}, sets.Set[string]{}) //why bother with empties?
Expand Down

0 comments on commit 687be64

Please sign in to comment.