Skip logging context cancellation errors in TrafPol filter

internal/trafpol/filter.go

@@ -2,6 +2,7 @@ package trafpol
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"net"
 	"strconv"
@@ -155,7 +156,9 @@ table inet oc-daemon-filter {
 `
 	r := strings.NewReplacer("$FWMARK", fwMark)
 	rules := r.Replace(filterRules)
-	if stdout, stderr, err := execs.RunNft(ctx, rules); err != nil {
+	if stdout, stderr, err := execs.RunNft(ctx, rules); err != nil &&
+		!errors.Is(err, context.Canceled) {
+
 		log.WithError(err).WithFields(log.Fields{
 			"stdout": string(stdout),
 			"stderr": string(stderr),
@@ -165,7 +168,10 @@ table inet oc-daemon-filter {
 
 // unsetFilterRules unsets the filter rules.
 func unsetFilterRules(ctx context.Context) {
-	if stdout, stderr, err := execs.RunNft(ctx, "delete table inet oc-daemon-filter"); err != nil {
+	if stdout, stderr, err := execs.RunNft(ctx,
+		"delete table inet oc-daemon-filter"); err != nil &&
+		!errors.Is(err, context.Canceled) {
+
 		log.WithError(err).WithFields(log.Fields{
 			"stdout": string(stdout),
 			"stderr": string(stderr),
@@ -176,7 +182,9 @@ func unsetFilterRules(ctx context.Context) {
 // addAllowedDevice adds device to the allowed devices.
 func addAllowedDevice(ctx context.Context, device string) {
 	nftconf := fmt.Sprintf("add element inet oc-daemon-filter allowdevs { %s }", device)
-	if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil {
+	if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil &&
+		!errors.Is(err, context.Canceled) {
+
 		log.WithError(err).WithFields(log.Fields{
 			"stdout": string(stdout),
 			"stderr": string(stderr),
@@ -187,7 +195,9 @@ func addAllowedDevice(ctx context.Context, device string) {
 // removeAllowedDevice removes device from the allowed devices.
 func removeAllowedDevice(ctx context.Context, device string) {
 	nftconf := fmt.Sprintf("delete element inet oc-daemon-filter allowdevs { %s }", device)
-	if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil {
+	if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil &&
+		!errors.Is(err, context.Canceled) {
+
 		log.WithError(err).WithFields(log.Fields{
 			"stdout": string(stdout),
 			"stderr": string(stderr),
@@ -202,13 +212,19 @@ func setAllowedIPs(ctx context.Context, ips []*net.IPNet) {
 	// runs into "file exists" errors even though we remove duplicates from
 	// ips before calling this function and we flush the existing entries
 
-	if stdout, stderr, err := execs.RunNft(ctx, "flush set inet oc-daemon-filter allowhosts4"); err != nil {
+	if stdout, stderr, err := execs.RunNft(ctx,
+		"flush set inet oc-daemon-filter allowhosts4"); err != nil &&
+		!errors.Is(err, context.Canceled) {
+
 		log.WithError(err).WithFields(log.Fields{
 			"stdout": string(stdout),
 			"stderr": string(stderr),
 		}).Error("TrafPol error flushing allowed ipv4s")
 	}
-	if stdout, stderr, err := execs.RunNft(ctx, "flush set inet oc-daemon-filter allowhosts6"); err != nil {
+	if stdout, stderr, err := execs.RunNft(ctx,
+		"flush set inet oc-daemon-filter allowhosts6"); err != nil &&
+		!errors.Is(err, context.Canceled) {
+
 		log.WithError(err).WithFields(log.Fields{
 			"stdout": string(stdout),
 			"stderr": string(stderr),
@@ -221,7 +237,9 @@ func setAllowedIPs(ctx context.Context, ips []*net.IPNet) {
 		if ip.IP.To4() != nil {
 			// ipv4 address
 			nftconf := fmt.Sprintf(fmt4, ip)
-			if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil {
+			if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil &&
+				!errors.Is(err, context.Canceled) {
+
 				log.WithError(err).WithFields(log.Fields{
 					"stdout": string(stdout),
 					"stderr": string(stderr),
@@ -230,7 +248,9 @@ func setAllowedIPs(ctx context.Context, ips []*net.IPNet) {
 		} else {
 			// ipv6 address
 			nftconf := fmt.Sprintf(fmt6, ip)
-			if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil {
+			if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil &&
+				!errors.Is(err, context.Canceled) {
+
 				log.WithError(err).WithFields(log.Fields{
 					"stdout": string(stdout),
 					"stderr": string(stderr),
@@ -253,7 +273,9 @@ func portsToString(ports []uint16) string {
 func addPortalPorts(ctx context.Context, ports []uint16) {
 	p := portsToString(ports)
 	nftconf := fmt.Sprintf("add element inet oc-daemon-filter allowports { %s }", p)
-	if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil {
+	if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil &&
+		!errors.Is(err, context.Canceled) {
+
 		log.WithError(err).WithFields(log.Fields{
 			"stdout": string(stdout),
 			"stderr": string(stderr),
@@ -265,7 +287,9 @@ func addPortalPorts(ctx context.Context, ports []uint16) {
 func removePortalPorts(ctx context.Context, ports []uint16) {
 	p := portsToString(ports)
 	nftconf := fmt.Sprintf("delete element inet oc-daemon-filter allowports { %s }", p)
-	if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil {
+	if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil &&
+		!errors.Is(err, context.Canceled) {
+
 		log.WithError(err).WithFields(log.Fields{
 			"stdout": string(stdout),
 			"stderr": string(stderr),