The contract for NetworkInterfaceASIO is that callers should not call startCommand() if NetworkInterfaceASIO::inShutdown() is true, but we don't enforce this in any way.

Additionally, jobs that have started in the network interface may not complete if NIA shuts down while they are still running. We currently stop the asio machinery by calling io_service::stop():

 * To effect a shutdown, the application will then need to call the io_service
 * object's stop() member function. This will cause the io_service run() call
 * to return as soon as possible, abandoning unfinished operations and without
 * permitting ready handlers to be dispatched.
 *
 * Alternatively, if the application requires that all operations and handlers
 * be allowed to finish normally, the work object may be explicitly destroyed.

To implement a more graceful shutdown, we should destroy our asio::io_service::work object instead of calling stop(), and ensure that all callbacks passed into startCommand get called. I would not be surprised if our current implementation was the cause of some subtle hangs. We will also need to add checks throughout the system for kInShutdown, to stop work from circulating further in the system once we've shut down.