1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

pixelserv - A Better One-pixel Webserver for Adblock

Discussion in 'Asuswrt-Merlin' started by kvic, Jul 28, 2015.

  1. Mutzli

    Mutzli Regular Contributor

    Joined:
    Dec 22, 2014
    Messages:
    83
    Great add-on, unless something is wrong with my setup or the add-on doesn't work right, it's amazing how many sites are still not secured by DNSSEC. None of my banks use it.
     
  2. M@rco

    [email protected] Very Senior Member

    Joined:
    Dec 23, 2017
    Messages:
    701
    Location:
    /opt
    Pixelsrv doesn't provide DNSSEC. DNSSEC is a secure protocol to validate DNS queries. See for example this article for more info: https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en
     
  3. Mutzli

    Mutzli Regular Contributor

    Joined:
    Dec 22, 2014
    Messages:
    83
  4. M@rco

    [email protected] Very Senior Member

    Joined:
    Dec 23, 2017
    Messages:
    701
    Location:
    /opt
    Nevermind, I missed the last post on the previous page. That's why I didn't get what you were referring to.
     
  5. XIII

    XIII Very Senior Member

    Joined:
    Feb 27, 2014
    Messages:
    602
    Found another reason why I had troubles experimenting with TLS 1.3 on macOS:

    If AdGuard is enabled www.cloudflare.com will communicate via TLS 1.2 instead of 1.3...
     
  6. kvic

    kvic Part of the Furniture

    Joined:
    Aug 11, 2014
    Messages:
    2,351
    Location:
    22.4399N 114.2222E
    DNS in general has been working reliably well for many years. Perhaps that's why people do not see the urge adding DNSSEC.

    With blacklisted domains in DNS servers, you don't need that many add-ons (uBlock Origin, AdGuard and what else..?) duplicating the same effort.

    I have uBlock Origin but only for cosmetic fix-up on a few sites that I visit regularly. Personally I care less about layout or even adverts on sites that I visit, say, once every few weeks or less.
     
  7. XIII

    XIII Very Senior Member

    Joined:
    Feb 27, 2014
    Messages:
    602
    Yes; I started with uBlock origin (on Windows) and AdGuard (on macOS), but now that I have Diversion/pixelserv-tls I might need to reconsider my setup.
     
  8. Spydawg

    Spydawg Regular Contributor

    Joined:
    Sep 6, 2014
    Messages:
    91
    OK I have an issue with pixelserv and these forums. When installed and running these forums or slow and unresponsive. Task manager shows high CPU usage when I'm on these forums.
    I installed the cert for pixelserv.
    I installed AMTM added swap file then installed Diversion, Diversion installs entware and pixelserv, go back to AMTM to update Pixelserv to 2.2.0 "static" version.
    I increased the pixelserv -c from 100 to 500, thinking that more cache would help. it did not.

    Any ideas?

    Oh i also tested diversion lite (No pixelserv) and it works fine on these forums so I'm assuming its Pixelserv that's causing my issues.
     
  9. Spydawg

    Spydawg Regular Contributor

    Joined:
    Sep 6, 2014
    Messages:
    91
    Oh thought I'd add my pixelserv stats.

    Code:
    pixelserv-tls 2.2.0 (compiled: Oct 9 2018 10:35:46 flags: tls1_3) options: 192.168.1.2 -c 500
    
    uts    1d 17:39    process uptime
    log    1    critical (0) error (1) warning (2) notice (3) info (4) debug (5)
    kcc    21    number of active service threads
    kmx    57    maximum number of service threads
    kvg    8.94    average number of requests per service thread
    krq    1075    max number of requests by one service thread
    req    20701    total # of requests (HTTP, HTTPS, success, failure etc)
    avg    1203 bytes    average size of requests
    rmx    18454 bytes    largest size of request(s)
    tav    2 ms    average processing time (per request)
    tmx    2174 ms    longest processing time (per request)
    slh    11999    # of accepted HTTPS requests
    slm    351    # of rejected HTTPS requests (missing certificate)
    sle    0    # of rejected HTTPS requests (certificate available but not usable)
    slc    3021    # of dropped HTTPS requests (client disconnect without sending any request)
    slu    5129    # of dropped HTTPS requests (other TLS handshake errors)
    v13    0    slh/slc break-down: TLS 1.3
    v12    12021    slh/slc break-down: TLS 1.2
    v10    48    slh/slc break-down: TLS 1.0
    uca    0    slu break-down: # of unknown CA reported by clients
    ucb    0    slu break-down: # of bad certificate reported by clients
    uce    11    slu break-down: # of unknown cert reported by clients
    ush    67    slu break-down: # of shutdown by clients after ServerHello
    sct    91    cert cache: # of certs in cache
    sch    9220    cert cache: # of reuses of cached certs
    scm    91    cert cache: # of misses to find a cert in cache
    scp    0    cert cache: # of purges to give room for a new cert
    sst    4    sess cache: # of cached TLS sessions (for older non-RFC5077 clients)
    ssh    810    sess cache: # of reuses of cached TLS sessions
    ssm    511    sess cache: # of misses to find a TLS session in cache
    ssp    0    sess cache: # of purges to give room for a new TLS session
    nfe    568    # of GET requests for server-side scripting
    gif    7    # of GET requests for GIF
    ico    1    # of GET requests for ICO
    txt    6569    # of GET requests for Javascripts
    jpg    0    # of GET requests for JPG
    png    4    # of GET requests for PNG
    swf    0    # of GET requests for SWF
    sta    6    # of GET requests for HTML stats
    stt    0    # of GET requests for plain text stats
    ufe    75    # of GET requests /w unknown file extension
    opt    185    # of OPTIONS requests
    pst    1180    # of POST requests
    hed    0    # of HEAD requests (HTTP 501 response)
    rdr    2734    # of GET requests resulted in REDIRECT response
    nou    0    # of GET requests /w empty URL
    pth    2    # of GET requests /w malformed URL
    204    0    # of GET requests (HTTP 204 response)
    bad    48    # of unknown HTTP requests (HTTP 501 response)
    tmo    90    # of timeout requests (client connect w/o sending a request in 'select_timeout' secs)
    cls    3068    # of dropped requests (client disconnect without sending any request)
    cly    685    # of dropped requests (client disconnect before response sent)
    clt    0    # of dropped requests (reached maximum service threads)
    err    0    # of dropped requests (unknown reason)
     
  10. Makaveli

    Makaveli Senior Member

    Joined:
    Nov 4, 2016
    Messages:
    310
    Location:
    Canada
    Your TLS 1.3 break down is 0

    When are you going to upgrade your browser to a newer version that supports it?
     
  11. kvic

    kvic Part of the Furniture

    Joined:
    Aug 11, 2014
    Messages:
    2,351
    Location:
    22.4399N 114.2222E
    This issue has been raised by a few people in this and other threads. I answered a few times before. If you scroll back a few pages, you'll see the latest. If you scroll back a month or two, you should see another one.

    In a nutshell, the issue is not caused by pixelserv-tls.

    You've a few choices. To name two: 1) try to clear browser cache and pray for the issue goes away. 2) try to clear the browser cache and stay away from this forum for a few days. Good for mental health and it seemingly does resolve the problem on its own. :)
     
  12. kvic

    kvic Part of the Furniture

    Joined:
    Aug 11, 2014
    Messages:
    2,351
    Location:
    22.4399N 114.2222E
    More and more browsers support TLS 1.3 final indeed. Including today's iOS 12.1 release. Support for Safari & Chrome (v70) appear relying on iOS that requires an Apple Profile to enable unfortunately.
     
    Makaveli likes this.
  13. Spydawg

    Spydawg Regular Contributor

    Joined:
    Sep 6, 2014
    Messages:
    91
    I have cleared cache, a few times. Upgraded Chrome to beta and enabled TLS 1.3 in it.
    can't seem to get it to "fix"
     
  14. Makaveli

    Makaveli Senior Member

    Joined:
    Nov 4, 2016
    Messages:
    310
    Location:
    Canada
    The non beta version of Chrome has support for it and no need to go with a beta release.
     
    Last edited: Oct 31, 2018
  15. Protik

    Protik Senior Member

    Joined:
    Oct 31, 2017
    Messages:
    214
    Location:
    /boot
    Check if you have AiCloud enabled or not. If enabled, that occupies IP 192.168.2.2. If there is a conflict in IP, then the requests are not reaching pixelserv at all. So you can try disabling AiCloud, then restart pixelserv from diversion and see if that solves your problem.
     
  16. kvic

    kvic Part of the Furniture

    Joined:
    Aug 11, 2014
    Messages:
    2,351
    Location:
    22.4399N 114.2222E
    Take a break from the forum then..it'll heal itself eventually.
    Btw, your stats look far better than some as a starter that I've seen. It indicates a clean & neat LAN environment perhaps.
     
  17. Spydawg

    Spydawg Regular Contributor

    Joined:
    Sep 6, 2014
    Messages:
    91
    I have 6 computers running on the network, wife, kids, unraid server, tablets , multi gaming systems.
    And of course its mine that is having issues with Pixelserv. I started noticing that on my computer now has issues with windows updates and microsoft store when Pixelserv is active..

    I may re install windows 10 this coming weekend if its dosn't heal itself by then.
     
  18. kvic

    kvic Part of the Furniture

    Joined:
    Aug 11, 2014
    Messages:
    2,351
    Location:
    22.4399N 114.2222E
    Are you sure it's pixelserv-tls?

    You can set log LEVEL to 4 and monitor what domains & URLs are blocked i.e. redirected to pixelserv-tls.

    Code:
    $ wget -qO - http://<pixelserv ip>/log=4
    $ tail -f /tmp/syslog.log | grep pixelserv-tls | grep <windows pc IP>
    
    Then try your windows update or browse windows store.

    Usually when people are greedy in their blacklists, they get into weird issues. The above diagnosis could show you what domains should not have been blocked.
     
    quant88 likes this.
  19. Spydawg

    Spydawg Regular Contributor

    Joined:
    Sep 6, 2014
    Messages:
    91
    My system runs fine when I disable Pixelserv, I didn't add anything to the blacklist, using the defaults.

    I will try the set the log and see whats up.
     
  20. kvic

    kvic Part of the Furniture

    Joined:
    Aug 11, 2014
    Messages:
    2,351
    Location:
    22.4399N 114.2222E
    Oh well..default greed, next choice more greed...then more greed. Last one is max greed. Non-trivial number of ppl on this forum don't know what they're doing or judge what they're getting.

    Pls do keep me posted on the diagnosis. If it's a real issue from pixelserv-tls, it shall be an interesting one. And I can't wait to see..