From ec6a3f03e8c855c623c9ef2af75c9bb4409ee25a Mon Sep 17 00:00:00 2001
From: Daniel <dhaavi@users.noreply.github.com>
Date: Wed, 11 May 2022 13:19:31 +0200
Subject: [PATCH] Fix shutting down nfq interception with go-nfqueue v1.3.1

---
 firewall/interception/nfq/nfq.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/firewall/interception/nfq/nfq.go b/firewall/interception/nfq/nfq.go
index 820b7847..1128c467 100644
--- a/firewall/interception/nfq/nfq.go
+++ b/firewall/interception/nfq/nfq.go
@@ -25,6 +25,7 @@ type Queue struct {
 	nf                   atomic.Value
 	packets              chan pmpacket.Packet
 	cancelSocketCallback context.CancelFunc
+	canceled             *abool.AtomicBool
 	restart              chan struct{}
 
 	pendingVerdicts  uint64
@@ -50,6 +51,7 @@ func New(qid uint16, v6 bool) (*Queue, error) { //nolint:gocognit
 		restart:              make(chan struct{}, 1),
 		packets:              make(chan pmpacket.Packet, 1000),
 		cancelSocketCallback: cancel,
+		canceled:             abool.New(),
 		verdictCompleted:     make(chan struct{}, 1),
 	}
 
@@ -142,6 +144,11 @@ func (q *Queue) handleError(e error) int {
 		}
 	}
 
+	// Check if we have closed the queue already.
+	if q.canceled.IsSet() {
+		return 1
+	}
+
 	// Check if the queue was already closed. Unfortunately, the exposed error
 	// variable is in an internal stdlib package. Therefore, check for the error
 	// string instead. :(
@@ -222,6 +229,7 @@ func (q *Queue) Destroy() {
 		return
 	}
 
+	q.canceled.Set()
 	q.cancelSocketCallback()
 
 	if nf := q.getNfq(); nf != nil {