[SOLVED] help understanding "modules"
Joined: 25 Jun 2008
Posts: 117

PostPosted: Fri Feb 01, 2019 7:54 pm    Post subject: [SOLVED] help understanding "modules"

I need some "big picture" help concerning modules...

When I executed "make menuconfig" I then selected some options as modules... when I compile I get output which includes stuff like
Building modules, stage 2.
  MODPOST 34 modules
  LD [M]  net/ipv4/netfilter/ip_tables.ko
  LD [M]  net/ipv4/netfilter/ipt_MASQUERADE.ko
  LD [M]  net/ipv4/netfilter/ipt_REJECT.ko
  LD [M]  net/ipv4/netfilter/iptable_filter.ko
  LD [M]  net/ipv4/netfilter/iptable_mangle.ko
  LD [M]  net/ipv4/netfilter/iptable_nat.ko
  LD [M]  net/ipv4/netfilter/nf_conntrack_ipv4.ko
  LD [M]  net/ipv4/netfilter/nf_defrag_ipv4.ko
  LD [M]  net/ipv4/netfilter/nf_log_arp.ko
  LD [M]  net/ipv4/netfilter/nf_log_ipv4.ko
  LD [M]  net/ipv4/netfilter/nf_nat_ipv4.ko
  LD [M]  net/ipv4/netfilter/nf_nat_masquerade_ipv4.ko
  LD [M]  net/ipv4/netfilter/nf_socket_ipv4.ko                                                                                                                                                                                                                                                                                           

and I suppose the "[M]" corresponds to a module selection -- Please Correct Me If That Is Incorrect/Naive Understanding.

However, after
make modules_install
genkernel --install initramfs
make install
grub-mkconfig -o /boot/grub/grub.cfg
lsmod does not show any modules, even though the manual page says it should "Show the status of modules in the Linux Kernel"... presumably that means no modules are loaded -- Please Correct Me If That Is Incorrect/Naive Understanding.

I believe the file /etc/conf.d/modules can be edited to indicate modules that should be loaded -- Please Correct Me If That Is Incorrect/Naive Understanding. However, examples it contains, like
#modules_2_6_23_gentoo_r5="ieee1394 ohci1394"
#modules_2_6_23="tun ieee1394"
seem to use syntax unrelated to output by the kernel compile -- LD [M] net/ipv4/netfilter/iptable_filter.ko for example -- so how do I get from the compile output to appropriate syntax for /etc/conf.d/modules ?

I conjecture that perhaps "make modules_install" somehow installs modules into the kernel so as to make them a different sort of "module" than what lsmod reports, and, moreover, that there is no need for me to put anything in /etc/conf.d/modules because "make modules_install" obviates that -- Please Correct Me If That Is Incorrect/Naive Understanding.

But if my conjecture is correct, then how can I follow along with which seems to indicate sanity checks like

$ lsmod | grep ^nf
nft_limit              12288  0
nft_counter            12288  0
nft_log                12288  0
nf_tables              61440  3 nft_limit,nft_counter,nft_log
nfnetlink              12288  1 nf_tables
nf_log_ipv4            12288  3
nf_log_common          12288  1 nf_log_ipv4
nf_reject_ipv4         12288  1 ipt_REJECT
nf_conntrack_ipv4      12288  8
nf_defrag_ipv4         12288  1 nf_conntrack_ipv4
nf_conntrack           45056  2 nf_conntrack_ipv4,xt_conntrack

Yes, I am in the weeds with net-firewall/nftables, but more generally I am confused regarding "modules".

I thought that perhaps I needed to start nftables so as to initiate module loading, but lsmod still shows no modules even after
# /etc/init.d/nftables start
 * Caching service dependencies ...                                                                                [ ok ]
 * Loading nftables state and starting firewall ...

Moreover, my kernel (4.14.83-gentoo #6 SMP) is built selecting "Enable loadable module support", and
# grep CONFIG_MODULES ./.config

Please explain the big picture with respect to these issues.

In case it is relevant to helping me get past confusion,
# rc-update show
                acpid |      default                           
            alsasound | boot                                   
               binfmt | boot                                   
             bootmisc | boot                                   
              cgroups |                                 sysinit
               cronie |      default                           
                cupsd |      default                           
                devfs |                                 sysinit
                dmesg |                                 sysinit
                 fsck | boot                                   
             hostname | boot                                   
              hwclock | boot                                   
              keymaps | boot                                   
            killprocs |                        shutdown       
    kmod-static-nodes |                                 sysinit
                local |      default nonetwork                 
           localmount | boot                                   
             loopback | boot                                   
               mdraid | boot                                   
              modules | boot                                   
             mount-ro |                        shutdown       
                 mtab | boot                                   
             net.eth0 |      default                           
             netmount |      default                           
           ntp-client |      default                           
                 ntpd |      default                           
               procfs | boot                                   
                 root | boot                                   
            savecache |                        shutdown       
                 sshd |      default                           
                 swap | boot                                   
               sysctl | boot                                   
                sysfs |                                 sysinit
            syslog-ng |      default                           
         termencoding | boot                                   
                 udev |                                 sysinit
         udev-trigger |                                 sysinit
              urandom | boot                                   

[Moderator edit: changed [quote] tags to [code] tags to preserve output layout. -Hu]

Last edited by dpaddy on Sat Feb 02, 2019 10:37 am; edited 1 time in total
Joined: 18 Apr 2009
Posts: 6562

PostPosted: Fri Feb 01, 2019 10:16 pm    Post subject:

Would be useful to see the output of the following:
uname -a
ls -l /lib/modules/
find /lib/modules/$(uname -r)/kernel/ -type f
emerge --info kmod eudev udev
Posts: 889

PostPosted: Sat Feb 02, 2019 10:10 am    Post subject:

Generally, modules aren't loaded into memory until needed, and generally, the kernel takes care of that automatically.

I don't believe any of the services started at startup (the programs listed by `rc-update show`) invokes iptables, so the kernel doesn't have any need of the functionality provided by the modules you have listed.

The service called "modules" loads modules that have been manually specified in /etc/conf.d/modules
The lines you show will come into play on kernel version 2.6.23 and 2.6, effectively never for you, as the kernel is well past those versions. /etc/conf.d/modules can be configured to load modules regardless of kernel version by omitting the _2_6 from the lines that define the "modules" variable.

I load a few modules manually using settings in /etc/conf.d/modules, but NONE of them are iptables-related, and my system uses a fair amount of iptables functions and extended functions, all "modularized." The modules load when the iptables firewall is started.

Edit to add: I think all the modules you have listed apply to iptables, not to nftables. Modules "nf_*" are "netfilter" The system at "hypoid-2" does NOT run nftables ...

[cboldt@hypoid-2] 243 /home/cboldt > lsmod | grep table
iptable_filter         16384  1
ip_tables              24576  7 iptable_filter
x_tables               32768  10 xt_conntrack,iptable_filter,xt_LOG,xt_multiport,xt_tcpudp,xt_recent,xt_set,ipt_REJECT,ip_tables,xt_limit

[cboldt@hypoid-2] 244 /home/cboldt > lsmod | grep nf
nf_log_ipv4            16384  15
nf_log_common          16384  1 nf_log_ipv4
nf_conntrack_ipv4      16384  19
nf_defrag_ipv4         16384  1 nf_conntrack_ipv4
nf_reject_ipv4         16384  1 ipt_REJECT
nfnetlink              16384  1 ip_set
nf_conntrack_ftp       16384  0
nf_conntrack           86016  3 xt_conntrack,nf_conntrack_ipv4,nf_conntrack_ftp
binfmt_misc            16384  1
configs                40960  0

[cboldt@hypoid-2] 245 /home/cboldt > lsmod | grep xt
xt_LOG                 16384  15
xt_limit               16384  2
xt_tcpudp              16384  54
xt_recent              20480  10
xt_multiport           16384  78
xt_conntrack           16384  19
xt_set                 16384  2
ip_set                 40960  3 ip_set_hash_ip,xt_set,ip_set_hash_net
x_tables               32768  10 xt_conntrack,iptable_filter,xt_LOG,xt_multiport,xt_tcpudp,xt_recent,xt_set,ipt_REJECT,ip_tables,xt_limit
nf_conntrack           86016  3 xt_conntrack,nf_conntrack_ipv4,nf_conntrack_ftp

Edit to add more: `make modules_install` does nothing more than compile the modules then copy the compiled modules to the /lib/modules branch of the filesystem. "make" does not load any module(s) into memory.

`lsmod` shows which modules are loaded into memory. Modules are best loaded with the `modprobe` command, as `modprobe` brings in any modularized dependencies. Looking at the modules in MY system, `modprobe ip_set_hash_net` would also load the module "ip_set" ... but again, on my system, the mere use of an ipset command that uses the hash/net store and lookup method causes the kernel to automatically load all the necessary modules. A more primitive method of loading modules is `insmod` - no real harm comes from using that, just `modprobe` does a better job of looking after "things."

Edit to add a brief recapitulation of principles:

make modules_install compiles kernel functions that are designated to be compiled as modules, and copies the compiled modules to /lib/modules. Making, compiling and copying those modules is not loading their function into memory. That is, running `makes modules` or `make modules_install` will not cause the modules to be shown by `lsmod`

/etc/conf.d/modules is a support config file for /etc/init.d/modules, a service shown by `rc-update show` that loads modules from their location in /lib/modules, into memory where `lsmod` will show them. Syntax for /etc/conf.d/modules includes means to define module parameters (see /usr/src/linux/Documentation) and means to restrict loading modules into memory on a "per kernel version" basis.

The kernel can be and usually is configured to automatically load modules into memory, as needed. The service at /etc/init.d/modules (shown by `rc-updated show`) is used to deal with exceptions to this general rule.

Last edited by cboldt on Sat Feb 02, 2019 10:52 am; edited 1 time in total
Joined: 25 Jun 2008
Posts: 117

PostPosted: Sat Feb 02, 2019 10:34 am    Post subject:

Thanks to all for the feedback :!:

(Ant P. : I'm not ignoring you about "uname -a" etc., but I've just had hardware trouble so the system will be down till I can get parts)
