[Dnsmasq-discuss] nftables netlink cache initialization failure with dnsmasq
Simon Kelley
simon at thekelleys.org.uk
Thu May 8 15:21:03 UTC 2025
On 5/7/25 10:03, Monib wrote:
> Hello,
>
> An OpenWRT user here who has been trying to set up split tunneling
> using https://docs.openwrt.melmac.net/pbr/, which uses dnsmasq and
> nftables, but I am having some issues.
>
> I am encountering an error: "netlink: Error: cache initialization
> failed: Protocol error"
>
> The issue starts happening semi-randomly but seems to occur when too
> many DNS requests are made in a short period. Once it appears, the
> relevant nftables sets stop being populated by dnsmasq.
>
> I reported this on the nftables mailing list:
> https://lore.kernel.org/netfilter-devel/aBpv9rBirbFkpWvB@calendula/T/#t
>
> They pointed out this:
>
>> EPROTO can be reported by libmnl with netlink sequence problems.
>>
>> Quickly browsing dnsmasq code, it looks like there is a pool of child processes that are sharing a single nft_ctx handle to handle events, two or more child processes are racing.
>>
>> I can expand libnftables(3) manpage to clarify this.
>
> To be frank, I don’t understand what most of this means, but it seems
> like this needs to be addressed from dnsmasq side?
>
Monib,
I understand exactly what this means, and I think the nftables people
are exactly right.
Thanks for your comprehensive bug report and the insight from the
nftable people, that saved me a huge amount of time diagnosing the problem.
I just pushed an commit into the dnsmasq git repo that I hope will fix this.
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=98189ff988d01d48929057037060d8cb2b4a22a6
You can pick the code up from there or as a tarball for 2.92test6 from
the dnsmasq website.
Sadly, the changes build on some work earlier in the 2.92 development,
so I doubt the patch will backport cleanly to 2.90 or 2.91.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list