SOLVED: Does pihole ever run diagnostic commands that would load these kmods?

I see in a recent trial install (Debian Trixie armel, <unsupported, yes, I know...> ) that even with all other services stopped/disabled, after running V6 for several hours, I see three newly inserted modules:

tcp_diag               12288  0
udp_diag               12288  0
inet_diag              24576  2 tcp_diag,udp_diag

TTBOMK, I have no services or cron jobs that would trigger these to be loaded. I see nothing in logs/dmesg that would indicate their insertion/loading. Just after booting I know that they weren't loaded. (I'm working my way through the system cutting out cruft/wasted memory/cpu cycles, etc.)

Were these perhaps loaded when I ran pihole -d ?

pihole -d tricorder : https://tricorder.pi-hole.net/rmSMfn1P/

Or maybe there is some other hard-coded chore/task that pihole* runs that would trigger their insertion/loading?

TIA,

Dave

PS. Running beautifully on 128MB RAM, 800MHz Kirkwood SoC, only mod is disabling dns.queryLogging.

These kernel modules provide special proc endpoint, e.g., /proc/net/tcp provided by tcp_diag. We are not loading the explicitly at any point, however,

is pretty likely as we are testing port usage during the debug log generation using ss. Without having checked ss's source code, I would not be surprised at all if it'd rely on mentioned /proc endpoints.

edit Now I did look up the source code and see my assumption being confirmed:

The kernel automatically loads these modules to provide the endpoints once called by an application.

1 Like

Thanks! Marked Solved.