pixelserv pixelserv - A Better One-pixel Webserver for Adblock

[kvic]

v2.0.1-rc4

• fixed 'stuck' issue

Big thankyou to @Protik @quant88 @baltosml in participation on testing & hunting down the cause of this issue.

The enthusiastic help of @Protik and @quant88 is tremendous! A full trace from @quant88 led to an eureka moment in understanding the cause.

To get the latest release candidate for v2.0.1

sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/install-beta.sh)"

 

[quant88]

@kvic

I am happy with the latest RC release. Together with ab-solution, my folks are enjoying faster and ad-less browsing with v2.

Looking forward to v3

 

[kvic]

Updated pixelserv-tls v2 benchmark blog post for the soon v2.0.1 release.

Excerpt from the update:

There are different schools of thought on DNS-based adblock. Some authors apparently have better understanding than other solutions. One school of thought is to return NXDOMAIN on a blocked advert host from DNS server/forwarder rather than 0.0.0.0. With NXDOMAIN, a client will not attempt to connect. In theory it should be faster...​

Enjoy the speed with v2 while you can

 

[elorimer]

Glad to see this resolving. Because pixelserv-tls and ab-s seemed to be knocking out my OpenVPN servers, I've been running my 87U without them for the last week. When I am back onsite I will restore the setup and test.

In the meantime, it has been striking to me how much faster pixelserv-tls is overall. Without it, dailymail.co.uk loads in 17.8s and foxnews.com loads in 21.8s. I always thought that weather.com was awful, but it seems comparatively efficient at 10.5s. I measured these times in Chrome, and it is interesting to me that long after Chrome thinks the page has loaded, ads, videos and whatnot are still loading! So times in the 3s range make for a huge improvement.

My hometown blog loads in 67s. Like dial-up.

 

[kvic]

@elorimer

sounds weird if pixelserv-tls affects OpenVPN connection. Anyhow, you shall try v2.0.1-rc4.

My run has been 20hrs. The metrics look very good :

 

[elorimer]

sounds weird if pixelserv-tls affects OpenVPN connection.

No, not saying that. I had Ab-s, Skynet and pixelserv RC1 all running at current levels, and then something happened that caused the OpenVPN servers to stop and not restart on a reboot. I haven't been in a position to troubleshoot remotely, so I've left it all off until I can. In the meantime I've been quiet, as I don't know what might have been at issue.

 

[kvic]

v2.0.1-rc4 updated

New build timestamp compiled: Dec 12 2017 23:05:03

Change:

Fixed a crash bug when the following conditions are true:

• access a new ad domain without a certificate generated before
• must access from Safari browser (desktop or mobile version)
• manually enter the URL in the address bar

All three conditions are fulfilled then previous builds of pixelserv-tls v2 will crash.

You can verify the build timestamp on servstats page.

You may use the below command to install the latest beta:

sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/install-beta.sh)"

 

[Martin_D]

Hi,

I dont know if this is a problem or not but my tav is 0ms
My router RT-5300

 

[kvic]

@MartinDEE

It's normal based on your screenshot. Have a good read on FAQ 11. Why is my 'tav' 0ms?

All your requests are plain HTTP which for me is <5ms 'tav'. Your RT-5300 has a 1.4GHz CPU much faster than my RT-56U.

You do have 502 HTTPS requests (look at 'slc') which are rejected because you don't have the CA certificate imported on your client devices.

When you have time, consider importing the CA certificate into your major client devices. Here is the guide: Import ca.crt into Clients.

Also a good idea to backup 'ca.crt' and 'ca.key'. Details see this FAQ. Not that they're important but will save you hassle re-importing on all clients in case they're damaged or overwritten on your router.

 

[Martin_D]

Hi Kvic

I have generated the CA certificate & I have a backup on a pc. I cant get it to work I have the certificate on a Ipad & one PC

slh 20 # of accepted HTTPS requests
slm 3 # of rejected HTTPS requests (missing certificate)
sle 0 # of rejected HTTPS requests (certificate available but bad)
slc 968 # of dropped HTTPS requests (client disconnect without sending any request)
slu 17 # of dropped HTTPS requests (unknown error)

 

[kvic]

@MartinDEE pls go over "Import ca.crt Client" in #911. Find the relevant section and slowly go over the tutorial. Perhaps you can focus on getting iPad imported & working first.

My last v2.0.1-rc4 after 12hrs

 

[kvic]

@kvic

I am happy with the latest RC release. Together with ab-solution, my folks are enjoying faster and ad-less browsing with v2.

Looking forward to v3

Current plan is at least one more major release in the v2 branch. The goal is to enable "SSL session caching" and/or "SSL context caching". Then HTTPS requests on average will be as fast as plain HTTP requests (i.e. in the <5ms 'tav' on a 800MHz RT-56U.)

After that will move to v3. The goal is to rewrite pixelserv-tls in asynchronous I/O. This will scale to >10K concurrent connections on a 800MHz RT-56U. But I'm sure when v3 will happen. lol.

 

[jrmwvu04]

Current plan is at least one more major release in the v2 branch. The goal is to enable "SSL session caching" and/or "SSL context caching". Then HTTPS requests on average will be as fast as plain HTTP requests (i.e. in the <5ms 'tav' on a 800MHz RT-56U.)

It will be fun to see it go faster than this.

 

[hervon]

I'm impressed by the tav:

pixelserv-tls: v2.0.1-rc4 compiled: Dec 11 2017 18:17:40 options: 192.168.1.2

uts 2d 00:47 process uptime
log 1 critical (0) error (1) warning (2) notice (3) info (4) debug (5)
kcc 1 number of active service threads
kmx 13 maximum number of service threads
kvg 1.11 average number of requests per service thread
krq 24 max number of requests by one service thread

req 23546 total # of requests (HTTP, HTTPS, success, failure etc)
avg 478 bytes average size of requests
rmx 3850 bytes largest size of request(s)
tav 1 ms average processing time (per request)
tmx 28 ms longest processing time (per request)

slh 3 # of accepted HTTPS requests
slm 20 # of rejected HTTPS requests (missing certificate)
sle 0 # of rejected HTTPS requests (certificate available but bad)
slc 2671 # of dropped HTTPS requests (client disconnect without sending any request)
slu 275 # of dropped HTTPS requests (unknown error)

nfe 161 # of GET requests for server-side scripting
gif 11 # of GET requests for GIF
ico 0 # of GET requests for ICO
txt 151 # of GET requests for Javascripts
jpg 0 # of GET requests for JPG
png 0 # of GET requests for PNG
swf 0 # of GET requests for SWF
sta 3 # of GET requests for HTML stats
stt 1 # of GET requests for plain text stats
ufe 7 # of GET requests /w unknown file extension

opt 0 # of OPTIONS requests
pst 0 # of POST requests
hed 0 # of HEAD requests (HTTP 501 response)
rdr 66 # of GET requests resulted in REDIRECT response
nou 0 # of GET requests /w empty URL
pth 0 # of GET requests /w malformed URL
204 0 # of GET requests (HTTP 204 response)
bad 1 # of unknown HTTP requests (HTTP 501 response)

tmo 0 # of timeout requests (client connect w/o sending a request in 'select_timeout' secs)
cls 2671 # of dropped requests (client disconnect without sending any request)
cly 0 # of dropped requests (client disconnect before response sent)
clt 0 # of dropped requests (reached maximum service threads)
err 0 # of dropped requests (unknown reason)

 

[Xentrk]

@kvic , Do you think pixelserv-tls will work on Openwrt? I use an old version of pixelserv from 2013 I found on GitHub. But would like to update if possible. This is for my travel router. https://www.gl-inet.com/ar300m/. Thank you.

 

[kvic]

@Xentrk

I doubt it but I cannot confirm. I also don't have the OpenWRT build environment.

According to this thread, ar300m ships with OpenWRT prebuild, and you can access OpenWRT through its GUI > advanced.

You may give it a try with manually downloading the Entware-ng mipsel zip file from my Github. Extract the executable and copy to AR300M.

Attempt to run it from command line. If the errors only complain about some missing libraries. There might be a way to fix it and get it working. If it crashes right the way, I'm afraid completely incompatible.

 

[Lost Dog]

@kvic , Do you think pixelserv-tls will work on Openwrt? I use an old version of pixelserv from 2013 I found on GitHub. But would like to update if possible. This is for my travel router. https://www.gl-inet.com/ar300m/. Thank you.

@Xentrik

If you get it working please update us (or I suppose if I get some time I could try as well). Are you running ab-solution on the AR300M (fantastic little router BTW)?

When I connect to my RT-AC56U running OpenVPN with the ar300m ab-solution / pixelserv-tls works through the OpenVPN tunnel. It does not however when using shadowsocks. I'd rather run using shadowsocks but would need to have ab-solution / pixelserv-tls on the ar300m to get adblocking.

 

[thelonelycoder]

I'd rather run using shadowsocks but would need to have ab-solution / pixelserv-tls on the ar300m to get adblocking.

AB-Solution will not work or install on a non-Asuswrt-Merlin router.

 

[FalconB]

Sorry if this has been asked before but I can't find an answer. So, I've used Pixelserv-tls along AB-Solution for quite a long time now, and it's working great. However, I see questions and discussions from time to time regarding certificates and how one should import it to the web-browser. What's up with that? Ads are currently beeing blocked for me, so what benefit do I get if I import the certificate?

 

[kvic]

@FalconB

See if the FAQ provides additional info on what's pixelserv-tls and how it works. Importing the CA certificate on clients allows graceful communication between clients and pixelserv-tls server for HTTPS ad requests which are trending upward everyday. You may also want to read this blog post: pixelserv-tls More is Less.