[Dnsmasq-discuss] nftables netlink cache initialization failure with dnsmasq
Monib
monib619 at gmail.com
Sat May 10 12:39:31 UTC 2025
Hi Simon,
Thanks so much for the fix! I've been testing it for two days and
haven't been able to reproduce the issue.
If anything changes, I'll let you know, but until then, we can assume
this has been fixed.
Thanks again,
LoV432
On Thu, May 8, 2025 at 8:21 PM Simon Kelley <simon at thekelleys.org.uk> wrote:
>
>
>
> On 5/7/25 10:03, Monib wrote:
> > Hello,
> >
> > An OpenWRT user here who has been trying to set up split tunneling
> > using https://docs.openwrt.melmac.net/pbr/, which uses dnsmasq and
> > nftables, but I am having some issues.
> >
> > I am encountering an error: "netlink: Error: cache initialization
> > failed: Protocol error"
> >
> > The issue starts happening semi-randomly but seems to occur when too
> > many DNS requests are made in a short period. Once it appears, the
> > relevant nftables sets stop being populated by dnsmasq.
> >
> > I reported this on the nftables mailing list:
> > https://lore.kernel.org/netfilter-devel/aBpv9rBirbFkpWvB@calendula/T/#t
> >
> > They pointed out this:
> >
> >> EPROTO can be reported by libmnl with netlink sequence problems.
> >>
> >> Quickly browsing dnsmasq code, it looks like there is a pool of child processes that are sharing a single nft_ctx handle to handle events, two or more child processes are racing.
> >>
> >> I can expand libnftables(3) manpage to clarify this.
> >
> > To be frank, I don’t understand what most of this means, but it seems
> > like this needs to be addressed from dnsmasq side?
> >
>
>
> Monib,
>
> I understand exactly what this means, and I think the nftables people
> are exactly right.
>
> Thanks for your comprehensive bug report and the insight from the
> nftable people, that saved me a huge amount of time diagnosing the problem.
>
> I just pushed an commit into the dnsmasq git repo that I hope will fix this.
> https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=98189ff988d01d48929057037060d8cb2b4a22a6
>
> You can pick the code up from there or as a tarball for 2.92test6 from
> the dnsmasq website.
>
> Sadly, the changes build on some work earlier in the 2.92 development,
> so I doubt the patch will backport cleanly to 2.90 or 2.91.
>
>
> Cheers,
>
> Simon.
>
>
>
More information about the Dnsmasq-discuss
mailing list