naxsi as a dynamic module error on nginx 1.10.0

Anoop Alias anoopalias01 at gmail.com
Thu Apr 28 07:52:10 UTC 2016


Hi Andrew ,

Thank you. Here are some more from strace and whats shown in stdout
while compiling . Not sure if its gonna help .

##############################################

relevant portion of strace nginx -t

open("/etc/group", O_RDONLY|O_CLOEXEC)  = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=1122, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x7efdf5621000
read(5, "root:x:0:\nbin:x:1:\ndaemon:x:2:\ns"..., 4096) = 1122
close(5)                                = 0
munmap(0x7efdf5621000, 4096)            = 0
open("/etc/nginx/conf.d/dynamic_modules.conf", O_RDONLY) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=110, ...}) = 0
pread(5, "load_module \"/etc/nginx/modules/"..., 110, 0) = 110
open("/etc/nginx/modules/ngx_http_naxsi_module.so", O_RDONLY|O_CLOEXEC) = 6
read(6, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\344\3\0\0\0\0\0"...,
832) = 832
fstat(6, {st_mode=S_IFREG|0755, st_size=1499305, ...}) = 0
mmap(NULL, 2705464, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 6,
0) = 0x7efdf1a5d000
mprotect(0x7efdf1aca000, 2097152, PROT_NONE) = 0
mmap(0x7efdf1cca000, 163840, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 6, 0x6d000) = 0x7efdf1cca000
close(6)                                = 0
munmap(0x7efdf1a5d000, 2705464)         = 0
gettid()                                = 30492
write(3, "2016/04/28 03:42:08 [emerg] 3049"..., 232) = 232
write(2, "nginx: [emerg] dlopen() \"/etc/ng"..., 206nginx: [emerg]
dlopen() "/etc/nginx/modules/ngx_http_naxsi_module.so" failed
(/etc/nginx/modules/ngx_http_naxsi_module.so: undefined symbol:
psg_variant_map_new) in /etc/nginx/conf.d/dynamic_modules.conf:1
) = 206
close(5)                                = 0
close(4)                                = 0
write(2, "nginx: configuration file /etc/n"..., 60nginx: configuration
file /etc/nginx/nginx.conf test failed
) = 60
exit_group(1)                           = ?
+++ exited with 1 +++
##############################################
output of ltrace nginx -t

__errno_location()
                  = 0x7ff9024927c0
getpwnam("nobody")
                  = 0x7ff900739260
getgrnam("nobody")
                  = 0x7ff900739100
strcmp("worker_processes", "timer_resolution")
                  = 3
strcmp("worker_processes", "worker_processes")
                  = 0
strcmp("thread_pool", "load_module")
                  = 8
strcmp("thread_pool", "thread_pool")
                  = 0
memset(0x24410e0, '\0', 168)
                  = 0x24410e0
strcmp("pid", "pid")
                  = 0
strcmp("include", "include")
                  = 0
open64("/etc/nginx/conf.d/dynamic_module"..., 0, 00)
                  = 5
__fxstat64(1, 5, 0x7ffff68e03e8)
                  = 0
malloc(4096)
                  = 0x2448fe0
memcpy(0x24411ce, "/etc/nginx/conf.d/dynamic_module"..., 38)
                  = 0x24411ce
memset(0x24411f8, '\0', 80)
                  = 0x24411f8
memcpy(0x24412b8,
"\025\0\0\0\0\0\0\00\aD\002\0\0\0\0H\aD\002\0\0\0\0", 24)
= 0x24412b8
pread64(5, 0x2448fe0, 110, 0)
                  = 110
memcpy(0x2441248, "load_module "/etc/nginx/modules/"..., 110)
                  = 0x2441248
strcmp("load_module", "load_module")
                  = 0
dlopen("/etc/nginx/modules/ngx_http_naxs"..., 258)
                  = nil
dlerror()
                  = "/etc/nginx/modules/ngx_http_naxs"...
__memcpy_chk(0x7ffff68df490, 0x832228, 19, 2048)
                  = 0x7ffff68df490
memcpy(0x7ffff68df4a5, "emerg", 5)
                  = 0x7ffff68df4a5
syscall(186, 0x5956cc, 0x72656d65, 0)
                  = 0x777c
memcpy(0x7ffff68df4ac, "30588", 5)
                  = 0x7ffff68df4ac
memcpy(0x7ffff68df4b2, "30588", 5)
                  = 0x7ffff68df4b2
memcpy(0x7ffff68df4b9, "dlopen() "/etc/nginx/modules/ngx"..., 146)
                  = 0x7ffff68df4b9
memcpy(0x7ffff68df576, "1", 1)
                  = 0x7ffff68df576
write(3, "2016/04/28 03:48:34 [emerg] 3058"..., 232)
                  = 232
memcpy(0x7ffff68df4b2, "emerg", 5)
                  = 0x7ffff68df4b2
write(2, "nginx: [emerg] dlopen() "/etc/ng"..., 206nginx: [emerg]
dlopen() "/etc/nginx/modules/ngx_http_naxsi_module.so" failed
(/etc/nginx/modules/ngx_http_naxsi_module.so: undefined symbol:
psg_variant_map_new) in /etc/nginx/conf.d/dynamic_modules.conf:1
)                                     = 206
free(0x2448fe0)
                  = <void>
close(5)
                  = 0
free(0x24467b0)
                  = <void>
close(4)
                  = 0
free(0x24427a0)
                  = <void>
free(0x243e790)
                  = <void>
write(2, "nginx: configuration file /etc/n"..., 60nginx: configuration
file /etc/nginx/nginx.conf test failed
)                                      = 60
_ZNSt8ios_base4InitD1Ev(0x843dd0, 1, 864, 0x7ff9007381d0)
                  = 12
_ZNSt8ios_base4InitD1Ev(0x843da8, 1, 832, 0x7ff9007381b0)
                  = 11
memcmp(0x843d14, 0x7ffff68e0c00, 4, 0x7ff900738190)
                  = 0
_ZNSt8ios_base4InitD1Ev(0x843d10, 1, 768, 0x7ff900738170)
                  = 10
_ZNSt8ios_base4InitD1Ev(0x843b60, 1, 704, 0x7ff900738130)
                  = 9
_ZNSt8ios_base4InitD1Ev(0x843b40, 1, 672, 0x7ff900738110)
                  = 8
_ZNSt8ios_base4InitD1Ev(0x843b20, 1, 640, 0x7ff9007380f0)
                  = 7
_ZNSsD1Ev(0x843b00, 1, 608, 0x7ff9007380d0)
                  = 0
_ZNSt8ios_base4InitD1Ev(0x843af8, 1, 576, 0x7ff9007380b0)
                  = 6
_ZNSt8ios_base4InitD1Ev(0x843ac0, 1, 544, 0x7ff900738090)
                  = 5
_ZNSt8ios_base4InitD1Ev(0x843aa0, 1, 512, 0x7ff900738070)
                  = 4
_ZNSt8ios_base4InitD1Ev(0x843a98, 1, 480, 0x7ff900738050)
                  = 3
_ZNSsD1Ev(0x843980, 1, 448, 0x7ff900738030)
                  = 0
_ZNSsD1Ev(0x843988, 1, 416, 0x7ff900738010)
                  = 0
pthread_mutex_destroy(0x8439a0, 1, 384, 0x7ff900737ff0)
                  = 0
_ZNSt13bad_exceptionD2Ev(0x241c0c8, 1, 320, 0x7ff900737fb0)
                  = 0x830410
_ZdlPv(0x241c0a0, 1, 320, 0x7ff900737fb0)
                  = 0x244a4a0
_ZdlPv(0x241c0e0, 2, 0x7ff900736778, 0x244a4a0)
                  = 0
_ZNSt9bad_allocD2Ev(0x241c068, 1, 256, 0x7ff900737f70)
                  = 0x830410
_ZdlPv(0x241c040, 1, 256, 0x7ff900737f70)
                  = 0x241c090
_ZdlPv(0x241c080, 2, 0x7ff900736778, 0x241c090)
                  = 0x241c0d0
_ZNSt8ios_base4InitD1Ev(0x8439c9, 1, 224, 0x7ff900737f50)
                  = 0x7ff901c2e040
+++ exited (status 1) +++



##############################################

stdout while compiling


cd 'buildout/ruby/ruby-2.3.0-x86_64-linux/' && make
compiling /usr/local/rvm/gems/ruby-2.3.0/gems/passenger-5.0.27/src/ruby_native_extension/passenger_native_support.c
linking shared-object passenger_native_support.so
*** Phusion Passenger support files have been successfully compiled. ***
checking for Math library ... found
checking for POSIX realtime library ... found
 + ngx_http_passenger_module was configured
adding module in ngx_cache_purge-2.3
 + ngx_http_cache_purge_module was configured
configuring additional dynamic modules
adding module in naxsi-0.55rc1/naxsi_src
 + ngx_http_naxsi_module was configured
adding module in ngx_pagespeed-release-1.11.33.0-beta
mod_pagespeed_dir=ngx_pagespeed-release-1.11.33.0-beta/psol/include
build_from_source=false
checking for psol ... found
List of modules (in reverse order of applicability):
ngx_http_write_filter_module ngx_http_header_filter_module
ngx_http_chunked_filter_module ngx_http_v2_filter_module
ngx_http_range_header_filter_module ngx_http_gzip_filter_module
ngx_http_postpone_filter_module ngx_http_ssi_filter_module
ngx_http_charset_filter_module ngx_http_sub_filter_module
ngx_http_addition_filter_module ngx_http_gunzip_filter_module
ngx_http_userid_filter_module ngx_http_headers_filter_module
checking for psol-compiler-compat ... found
 + ngx_pagespeed was configured
checking for PCRE library ... found
checking for PCRE JIT support ... found
checking for OpenSSL library ... found
checking for zlib library ... found
creating objs/Makefile

Configuration summary
  + using threads
  + using system PCRE library
  + using system OpenSSL library
  + md5: using OpenSSL library
  + sha1: using OpenSSL library
  + using system zlib library

  nginx path prefix: "/etc/nginx"
  nginx binary file: "/usr/sbin/nginx"
  nginx modules path: "/etc/nginx/modules"
  nginx configuration prefix: "/etc/nginx"
  nginx configuration file: "/etc/nginx/nginx.conf"
  nginx pid file: "/var/run/nginx.pid"
  nginx error log file: "/var/log/nginx/error_log"
  nginx http access log file: "/var/log/nginx/access_log"
  nginx http client request body temporary files: "/var/cache/nginx/client_temp"
  nginx http proxy temporary files: "/var/cache/nginx/proxy_temp"
  nginx http fastcgi temporary files: "/var/cache/nginx/fastcgi_temp"
  nginx http uwsgi temporary files: "/var/cache/nginx/uwsgi_temp"
  nginx http scgi temporary files: "/var/cache/nginx/scgi_temp"

make -f objs/Makefile install
make[1]: Entering directory `/root/nDeploy/rpm_buildtree/nginx-1.10.0'
objs/Makefile:1631: warning: overriding recipe for target
`objs/addon/nginx_module/ngx_http_passenger_module.o'
objs/Makefile:1551: warning: ignoring old recipe for target
`objs/addon/nginx_module/ngx_http_passenger_module.o'
objs/Makefile:1638: warning: overriding recipe for target
`objs/addon/nginx_module/Configuration.o'
objs/Makefile:1558: warning: ignoring old recipe for target
`objs/addon/nginx_module/Configuration.o'
objs/Makefile:1645: warning: overriding recipe for target
`objs/addon/nginx_module/ContentHandler.o'
objs/Makefile:1565: warning: ignoring old recipe for target
`objs/addon/nginx_module/ContentHandler.o'
objs/Makefile:1652: warning: overriding recipe for target
`objs/addon/nginx_module/StaticContentHandler.o'
objs/Makefile:1572: warning: ignoring old recipe for target
`objs/addon/nginx_module/StaticContentHandler.o'
objs/Makefile:1659: warning: overriding recipe for target
`objs/addon/ngx_cache_purge-2.3/ngx_cache_purge_module.o'
objs/Makefile:1579: warning: ignoring old recipe for target
`objs/addon/ngx_cache_purge-2.3/ngx_cache_purge_module.o'
cc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror
-g -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protect
##########################################


Thanks,
Anoop

On Thu, Apr 28, 2016 at 11:29 AM, Andrew Hutchings <ahutchings at nginx.com> wrote:
> Hi Anoop,
>
> The "config" file that comes with the source of a module is a shell script
> that is executed by our build system. If it modifies things inside our build
> system then there isn't a lot we can do for that.
>
> Things have improved with the way you define dynamic modules in that file
> but it is still possible to break the build with it.
>
> I am out of the office today but I'll see if I can reproduce the issue
> tomorrow and pin down the exact cause.
>
> Kind Regards
> Andrew
>
>
> On 28/04/16 06:42, Anoop Alias wrote:
>>
>> the passenger community is not aware of any issues where passenger
>> breaks other modules.
>>
>> Pardon me if I am wrong - I am not a c programmer so my knowledge here
>> is limited. But shouldn't nginx offer a mechanism by which one module
>> should not be interfering with loading of another module .
>>
>> I have not seen similar issues in the apache world and the apxs  seem
>> to be facilitating loading of multiple modules from various developers
>> without any issue.
>>
>>
>>
>> On Wed, Apr 27, 2016 at 9:24 PM, Andrew Hutchings <ahutchings at nginx.com>
>> wrote:
>>>
>>> Hi Anoop,
>>>
>>> Yes, it would probably be better to contact their community. I would also
>>> recommend trying the latest GitHub checkout of their 5.0 branch as the
>>> changes there may have already fixed it.
>>>
>>> Kind Regards
>>> Andrew
>>>
>>>
>>> On 27/04/16 16:52, Anoop Alias wrote:
>>>>
>>>>
>>>> Hi Andrew,
>>>>
>>>> Yes you are correct . Without passenger naxsi is loading and working
>>>> fine.
>>>>
>>>> So I should be contacting passenger list with the error right?
>>>>
>>>> Thank you,
>>>> Anoop
>>>>
>>>>
>>>>
>>>> On Wed, Apr 27, 2016 at 8:03 PM, Andrew Hutchings <ahutchings at nginx.com>
>>>> wrote:
>>>>>
>>>>>
>>>>> Hi Anoop,
>>>>>
>>>>> This looks to me like another module has broken the linking a bit.
>>>>> Possibly
>>>>> Passenger given the symbols triggering the error and the fact they
>>>>> released
>>>>> a fix for their module linking 8 days ago.
>>>>>
>>>>> Can you try compiling without Passenger and then starting NGINX to see
>>>>> if
>>>>> this fixes it?
>>>>>
>>>>> Kind Regards
>>>>> Andrew
>>>>>
>>>>>
>>>>> On 27/04/16 14:59, Anoop Alias wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>> I build naxsi-0.55rc1 as a module for nginx 1.10.0 and getting the
>>>>>> following 2 different error on centos7 and centos6
>>>>>>
>>>>>> Error on Centos6
>>>>>> nginx: [emerg] dlopen() "/etc/nginx/modules/ngx_http_naxsi_module.so"
>>>>>> failed (/etc/nginx/modules/ngx_http_naxsi_module.so: undefined symbol:
>>>>>> pp_get_app_type_name) in /etc/nginx/conf.d/dynamic_modules.conf:1
>>>>>>
>>>>>> # nginx -V nginx version: nginx/1.10.0 built by gcc 4.8.2 20140120
>>>>>> (Red Hat 4.8.2-15) (GCC)built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS
>>>>>> SNI support enabled configure arguments: --prefix=/etc/nginx
>>>>>> --sbin-path=/usr/sbin/nginx --modules-path=/etc/nginx/modules
>>>>>> --conf-path=/etc/nginx/nginx.conf
>>>>>> --error-log-path=/var/log/nginx/error_log
>>>>>> --http-log-path=/var/log/nginx/access_log
>>>>>> --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock
>>>>>> --http-client-body-temp-path=/var/cache/nginx/client_temp
>>>>>> --http-proxy-temp-path=/var/cache/nginx/proxy_temp
>>>>>> --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
>>>>>> --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
>>>>>> --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nobody
>>>>>> --group=nobody --with-http_ssl_module --with-http_realip_module
>>>>>> --with-http_addition_module --with-http_sub_module
>>>>>> --with-http_dav_module --with-http_flv_module --with-http_mp4_module
>>>>>> --with-http_gunzip_module --with-http_gzip_static_module
>>>>>> --with-http_random_index_module --with-http_secure_link_module
>>>>>> --with-http_stub_status_module --with-http_auth_request_module
>>>>>> --add-dynamic-module=naxsi-0.55rc1/naxsi_src --with-file-aio
>>>>>> --with-threads --with-stream --with-stream_ssl_module
>>>>>> --with-http_slice_module --with-ipv6 --with-http_v2_module
>>>>>> --add-dynamic-module=ngx_pagespeed-release-1.11.33.0-beta
>>>>>> --with-cc=/opt/rh/devtoolset-2/root/usr/bin/gcc
>>>>>>
>>>>>>
>>>>>>
>>>>>> --add-module=/usr/local/rvm/gems/ruby-2.3.0/gems/passenger-5.0.27/src/nginx_module
>>>>>> --add-module=ngx_cache_purge-2.3 --with-cc-opt='-O2 -g -pipe -Wall
>>>>>> -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
>>>>>> --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic'
>>>>>> --with-ld-opt=-Wl,-E
>>>>>>
>>>>>> Error on Centos7
>>>>>>
>>>>>> nginx -t nginx: [emerg] dlopen()
>>>>>> "/etc/nginx/modules/ngx_http_naxsi_module.so" failed
>>>>>> (/etc/nginx/modules/ngx_http_naxsi_module.so: undefined symbol:
>>>>>> psg_variant_map_new) in /etc/nginx/conf.d/dynamic_modules.conf:1
>>>>>>
>>>>>> # nginx -V nginx version: nginx/1.10.0 built by gcc 4.8.5 20150623
>>>>>> (Red Hat 4.8.5-4) (GCC)built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS
>>>>>> SNI support enabled configure arguments: --prefix=/etc/nginx
>>>>>> --sbin-path=/usr/sbin/nginx --modules-path=/etc/nginx/modules
>>>>>> --conf-path=/etc/nginx/nginx.conf
>>>>>> --error-log-path=/var/log/nginx/error_log
>>>>>> --http-log-path=/var/log/nginx/access_log
>>>>>> --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock
>>>>>> --http-client-body-temp-path=/var/cache/nginx/client_temp
>>>>>> --http-proxy-temp-path=/var/cache/nginx/proxy_temp
>>>>>> --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
>>>>>> --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
>>>>>> --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nobody
>>>>>> --group=nobody --with-http_ssl_module --with-http_realip_module
>>>>>> --with-http_addition_module --with-http_sub_module
>>>>>> --with-http_dav_module --with-http_flv_module --with-http_mp4_module
>>>>>> --with-http_gunzip_module --with-http_gzip_static_module
>>>>>> --with-http_random_index_module --with-http_secure_link_module
>>>>>> --with-http_stub_status_module --with-http_auth_request_module
>>>>>> --add-dynamic-module=naxsi-0.55rc1/naxsi_src --with-file-aio
>>>>>> --with-threads --with-stream --with-stream_ssl_module
>>>>>> --with-http_slice_module --with-ipv6 --with-http_v2_module
>>>>>> --add-dynamic-module=ngx_pagespeed-release-1.11.33.0-beta
>>>>>>
>>>>>>
>>>>>>
>>>>>> --add-module=/usr/local/rvm/gems/ruby-2.3.0/gems/passenger-5.0.27/src/nginx_module
>>>>>> --add-module=ngx_cache_purge-2.3 --with-cc-opt='-O2 -g -pipe -Wall
>>>>>> -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
>>>>>> --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic'
>>>>>> --with-ld-opt=-Wl,-E
>>>>>>
>>>>>> if naxsi loading is disabled .Everything works.
>>>>>>
>>>>>> NAXSI changelog for 0.55rc1 at
>>>>>> https://github.com/nbs-system/naxsi/releases
>>>>>>
>>>>>> states
>>>>>>
>>>>>> Confirmed support as a dynamic module (introduced in nginx 1.9.11)
>>>>>>
>>>>>> Just wanted to know if this is an issue with NAXSI itself or something
>>>>>> to do with my configure args for nginx .
>>>>>>
>>>>>> Thank you,
>>>>>>
>>>>>
>>>>> --
>>>>> Andrew Hutchings (LinuxJedi)
>>>>> Technical Product Manager, NGINX Inc.
>>>>>
>>>>> _______________________________________________
>>>>> nginx mailing list
>>>>> nginx at nginx.org
>>>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>> --
>>> Andrew Hutchings (LinuxJedi)
>>> Technical Product Manager, NGINX Inc.
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>>
>>
>>
>
> --
> Andrew Hutchings (LinuxJedi)
> Technical Product Manager, NGINX Inc.
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx



-- 
Anoop P Alias



More information about the nginx mailing list