Hi Simon, Thanks so much for the fix! I've been testing it for two days and haven't been able to reproduce the issue. If anything changes, I'll let you know, but until then, we can assume this has been fixed.
Thanks again, LoV432 On Thu, May 8, 2025 at 8:21 PM Simon Kelley <si...@thekelleys.org.uk> wrote: > > > > On 5/7/25 10:03, Monib wrote: > > Hello, > > > > An OpenWRT user here who has been trying to set up split tunneling > > using https://docs.openwrt.melmac.net/pbr/, which uses dnsmasq and > > nftables, but I am having some issues. > > > > I am encountering an error: "netlink: Error: cache initialization > > failed: Protocol error" > > > > The issue starts happening semi-randomly but seems to occur when too > > many DNS requests are made in a short period. Once it appears, the > > relevant nftables sets stop being populated by dnsmasq. > > > > I reported this on the nftables mailing list: > > https://lore.kernel.org/netfilter-devel/aBpv9rBirbFkpWvB@calendula/T/#t > > > > They pointed out this: > > > >> EPROTO can be reported by libmnl with netlink sequence problems. > >> > >> Quickly browsing dnsmasq code, it looks like there is a pool of child > >> processes that are sharing a single nft_ctx handle to handle events, two > >> or more child processes are racing. > >> > >> I can expand libnftables(3) manpage to clarify this. > > > > To be frank, I don’t understand what most of this means, but it seems > > like this needs to be addressed from dnsmasq side? > > > > > Monib, > > I understand exactly what this means, and I think the nftables people > are exactly right. > > Thanks for your comprehensive bug report and the insight from the > nftable people, that saved me a huge amount of time diagnosing the problem. > > I just pushed an commit into the dnsmasq git repo that I hope will fix this. > https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=98189ff988d01d48929057037060d8cb2b4a22a6 > > You can pick the code up from there or as a tarball for 2.92test6 from > the dnsmasq website. > > Sadly, the changes build on some work earlier in the 2.92 development, > so I doubt the patch will backport cleanly to 2.90 or 2.91. > > > Cheers, > > Simon. > > > _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
