Hi, Just wanted to let you know that I forwarded the issue and your insight to dnsmasq, and they have applied a fix for it. https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2025q2/018168.html Thank you so much for your help and for pointing me in the right direction! Thanks, LoV432 On Wed, May 7, 2025 at 1:24 AM Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > Hi, > > On Tue, May 06, 2025 at 03:57:23PM +0500, Monib wrote: > > Hello, > > > > An OpenWRT user here who has been trying to set up split tunneling > > using https://docs.openwrt.melmac.net/pbr/, which uses dnsmasq and > > nftables, but I am having some issues. > > > > I am encountering an error — "netlink: Error: cache initialization > > failed: Protocol error" — which seems to be produced by nftables. This > > error message was introduced in the following commit: > > https://git.netfilter.org/nftables/commit/?id=a2ddb38f7eb818312c50be78028bc35145c039ae. > > The commit message says: "cache initialization failure (which should > > not ever happen) is not reported to the user." > > This commit you refer above is exposing an existing issue. > > > The issue starts happening semi-randomly but seems to occur when too > > many DNS requests are made in a short period. Once it appears, the > > relevant nftables sets stop being populated by dnsmasq. > > > > Here is what I see in the logs: > > > > Sun Mar 23 17:52:24 2025 daemon.err dnsmasq[4]: nftset inet fw4 > > pbr_wg_xray_4_dst_ip_cfg066ff5 netlink: Error: cache initialization > > failed: Protocol error > > EPROTO can be reported by libmnl with netlink sequence problems. > > Quickly browsing dnsmasq code, it looks like there is a pool of child > processes that are sharing a single nft_ctx handle to handle events, > two or more child processes are racing. > > I can expand libnftables(3) manpage to clarify this. > > Thanks for reporting.
