From 4b39769321221adef3b4ad79e984b408533acf0e Mon Sep 17 00:00:00 2001
From: psondej <patryk.sondej@grupawp.pl>
Date: Mon, 25 Nov 2024 20:10:10 +0100
Subject: [PATCH] fix: resolve deadlock in `Flush` function when handling
 ENOBUFS error

---
 conn.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/conn.go b/conn.go
index 25d88e0..fef9c2a 100644
--- a/conn.go
+++ b/conn.go
@@ -19,6 +19,7 @@ import (
 	"fmt"
 	"os"
 	"sync"
+	"syscall"
 
 	"github.com/google/nftables/binaryutil"
 	"github.com/google/nftables/expr"
@@ -266,8 +267,8 @@ func (cc *Conn) Flush() error {
 	// Fetch the requested acknowledgement for each message we sent.
 	for _, msg := range cc.messages {
 		if _, err := receiveAckAware(conn, msg.Header.Flags); err != nil {
-			if errors.Is(err, os.ErrPermission) {
-				// Kernel will only send one permission error to user space.
+			if errors.Is(err, os.ErrPermission) || errors.Is(err, syscall.ENOBUFS) {
+				// Kernel will only send one error to user space.
 				return err
 			}
 			errs = errors.Join(errs, err)