Use NextHeader as a fallback for unknown IPv6 protocols

firewall/interception.go

@@ -79,20 +79,9 @@ func interceptionPrep() (err error) {
 func interceptionStart() error {
 	startAPIAuth()
 
-	interceptionModule.StartWorker("stat logger", func(ctx context.Context) error {
-		statLogger()
-		return nil
-	})
-
-	interceptionModule.StartWorker("packet handler", func(ctx context.Context) error {
-		run()
-		return nil
-	})
-
-	interceptionModule.StartWorker("ports state cleaner", func(ctx context.Context) error {
-		portsInUseCleaner()
-		return nil
-	})
+	interceptionModule.StartWorker("stat logger", statLogger)
+	interceptionModule.StartWorker("packet handler", packetHandler)
+	interceptionModule.StartWorker("ports state cleaner", portsInUseCleaner)
 
 	return interception.Start()
 }
@@ -328,22 +317,22 @@ func issueVerdict(conn *network.Connection, pkt packet.Packet, verdict network.V
 // 	return
 // }
 
-func run() {
+func packetHandler(ctx context.Context) error {
 	for {
 		select {
-		case <-interceptionModule.Stopping():
-			return
+		case <-ctx.Done():
+			return nil
 		case pkt := <-interception.Packets:
 			handlePacket(pkt)
 		}
 	}
 }
 
-func statLogger() {
+func statLogger(ctx context.Context) error {
 	for {
 		select {
-		case <-interceptionModule.Stopping():
-			return
+		case <-ctx.Done():
+			return nil
 		case <-time.After(10 * time.Second):
 			log.Tracef(
 				"filter: packets accepted %d, blocked %d, dropped %d, failed %d",

firewall/ports.go

@@ -1,6 +1,7 @@
 package firewall
 
 import (
+	"context"
 	"sync"
 	"time"
 
@@ -69,11 +70,11 @@ func GetPermittedPort() uint16 {
 	return 0
 }
 
-func portsInUseCleaner() {
+func portsInUseCleaner(ctx context.Context) error {
 	for {
 		select {
-		case <-interceptionModule.Stopping():
-			return
+		case <-ctx.Done():
+			return nil
 		case <-time.After(cleanerTickDuration):
 			cleanPortsInUse()
 		}