Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

pixelserv - A Better One-pixel Webserver for Adblock

Discussion in 'Asuswrt-Merlin' started by kvic, Jul 28, 2015.

  1. kvic

    kvic Very Senior Member

    Joined:
    Aug 11, 2014
    Messages:
    1,936
    Location:
    Hong Kong
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    4,131
    Location:
    Switzerland
    AB-Solution has a built in backup function, it includes both the ca.crt and ca.key.
     
    Butterfly Bones likes this.
  4. kvic

    kvic Very Senior Member

    Joined:
    Aug 11, 2014
    Messages:
    1,936
    Location:
    Hong Kong
    v2.0.1-rc4
    • fixed 'stuck' issue
    Big thankyou to @Protik @quant88 @baltosml in participation on testing & hunting down the cause of this issue.

    The enthusiastic help of @Protik and @quant88 is tremendous! A full trace from @quant88 led to an eureka moment in understanding the cause.

    To get the latest release candidate for v2.0.1
    Code:
    sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/install-beta.sh)"
    
     
    hervon, rromeroa, Protik and 3 others like this.
  5. quant88

    quant88 Occasional Visitor

    Joined:
    Jan 20, 2017
    Messages:
    36
    Location:
    Singapore
    @kvic

    I am happy with the latest RC release. Together with ab-solution, my folks are enjoying faster and ad-less browsing with v2. :D

    Looking forward to v3 :)
     
    kvic likes this.
  6. kvic

    kvic Very Senior Member

    Joined:
    Aug 11, 2014
    Messages:
    1,936
    Location:
    Hong Kong
    Updated pixelserv-tls v2 benchmark blog post for the soon v2.0.1 release.

    Excerpt from the update:

    There are different schools of thought on DNS-based adblock. Some authors apparently have better understanding than other solutions. One school of thought is to return NXDOMAIN on a blocked advert host from DNS server/forwarder rather than 0.0.0.0. With NXDOMAIN, a client will not attempt to connect. In theory it should be faster...

    Enjoy the speed with v2 while you can :)
     
  7. elorimer

    elorimer Senior Member

    Joined:
    Dec 16, 2013
    Messages:
    412
    Glad to see this resolving. Because pixelserv-tls and ab-s seemed to be knocking out my OpenVPN servers, I've been running my 87U without them for the last week. When I am back onsite I will restore the setup and test.

    In the meantime, it has been striking to me how much faster pixelserv-tls is overall. Without it, dailymail.co.uk loads in 17.8s and foxnews.com loads in 21.8s. I always thought that weather.com was awful, but it seems comparatively efficient at 10.5s. I measured these times in Chrome, and it is interesting to me that long after Chrome thinks the page has loaded, ads, videos and whatnot are still loading! So times in the 3s range make for a huge improvement.

    My hometown blog loads in 67s. Like dial-up.
     
    Last edited: Dec 12, 2017
  8. kvic

    kvic Very Senior Member

    Joined:
    Aug 11, 2014
    Messages:
    1,936
    Location:
    Hong Kong
    @elorimer

    sounds weird if pixelserv-tls affects OpenVPN connection. Anyhow, you shall try v2.0.1-rc4.

    My run has been 20hrs. The metrics look very good :

    [​IMG]
     
  9. elorimer

    elorimer Senior Member

    Joined:
    Dec 16, 2013
    Messages:
    412
    No, not saying that. I had Ab-s, Skynet and pixelserv RC1 all running at current levels, and then something happened that caused the OpenVPN servers to stop and not restart on a reboot. I haven't been in a position to troubleshoot remotely, so I've left it all off until I can. In the meantime I've been quiet, as I don't know what might have been at issue.
     
    kvic likes this.
  10. kvic

    kvic Very Senior Member

    Joined:
    Aug 11, 2014
    Messages:
    1,936
    Location:
    Hong Kong
    v2.0.1-rc4 updated

    New build timestamp compiled: Dec 12 2017 23:05:03

    Change:

    Fixed a crash bug when the following conditions are true:
    • access a new ad domain without a certificate generated before
    • must access from Safari browser (desktop or mobile version)
    • manually enter the URL in the address bar
    All three conditions are fulfilled then previous builds of pixelserv-tls v2 will crash.

    You can verify the build timestamp on servstats page.

    You may use the below command to install the latest beta:
    Code:
    sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/install-beta.sh)"
    
     
    thelonelycoder likes this.
  11. MartinDEE

    MartinDEE Regular Contributor

    Joined:
    Sep 28, 2015
    Messages:
    53
    Hi,

    I dont know if this is a problem or not but my tav is 0ms
    My router RT-5300

    [​IMG]
     
  12. kvic

    kvic Very Senior Member

    Joined:
    Aug 11, 2014
    Messages:
    1,936
    Location:
    Hong Kong
    @MartinDEE

    It's normal based on your screenshot. Have a good read on FAQ 11. Why is my 'tav' 0ms?

    All your requests are plain HTTP which for me is <5ms 'tav'. Your RT-5300 has a 1.4GHz CPU much faster than my RT-56U.

    You do have 502 HTTPS requests (look at 'slc') which are rejected because you don't have the CA certificate imported on your client devices.

    When you have time, consider importing the CA certificate into your major client devices. Here is the guide: Import ca.crt into Clients.

    Also a good idea to backup 'ca.crt' and 'ca.key'. Details see this FAQ. Not that they're important but will save you hassle re-importing on all clients in case they're damaged or overwritten on your router.
     
    SMS786, Makaveli and heysoundude like this.
  13. MartinDEE

    MartinDEE Regular Contributor

    Joined:
    Sep 28, 2015
    Messages:
    53
    Hi Kvic

    I have generated the CA certificate & I have a backup on a pc. I cant get it to work I have the certificate on a Ipad & one PC

    [​IMG]

    slh 20 # of accepted HTTPS requests
    slm 3 # of rejected HTTPS requests (missing certificate)
    sle 0 # of rejected HTTPS requests (certificate available but bad)
    slc 968 # of dropped HTTPS requests (client disconnect without sending any request)
    slu 17 # of dropped HTTPS requests (unknown error)


    [​IMG]
     
  14. kvic

    kvic Very Senior Member

    Joined:
    Aug 11, 2014
    Messages:
    1,936
    Location:
    Hong Kong
    @MartinDEE pls go over "Import ca.crt Client" in #911. Find the relevant section and slowly go over the tutorial. Perhaps you can focus on getting iPad imported & working first.

    My last v2.0.1-rc4 after 12hrs
    [​IMG]
     
  15. kvic

    kvic Very Senior Member

    Joined:
    Aug 11, 2014
    Messages:
    1,936
    Location:
    Hong Kong
    Current plan is at least one more major release in the v2 branch. The goal is to enable "SSL session caching" and/or "SSL context caching". Then HTTPS requests on average will be as fast as plain HTTP requests (i.e. in the <5ms 'tav' on a 800MHz RT-56U.)

    After that will move to v3. The goal is to rewrite pixelserv-tls in asynchronous I/O. This will scale to >10K concurrent connections on a 800MHz RT-56U. But I'm sure when v3 will happen. lol.
     
  16. jrmwvu04

    jrmwvu04 Senior Member

    Joined:
    Mar 29, 2016
    Messages:
    380
    Location:
    United States
    It will be fun to see it go faster than this.
    [​IMG]
     
    kvic likes this.
  17. hervon

    hervon Occasional Visitor

    Joined:
    Oct 13, 2014
    Messages:
    39
    I'm impressed by the tav:

    pixelserv-tls: v2.0.1-rc4 compiled: Dec 11 2017 18:17:40 options: 192.168.1.2

    uts 2d 00:47 process uptime
    log 1 critical (0) error (1) warning (2) notice (3) info (4) debug (5)
    kcc 1 number of active service threads
    kmx 13 maximum number of service threads
    kvg 1.11 average number of requests per service thread
    krq 24 max number of requests by one service thread

    req 23546 total # of requests (HTTP, HTTPS, success, failure etc)
    avg 478 bytes average size of requests
    rmx 3850 bytes largest size of request(s)
    tav 1 ms average processing time (per request)
    tmx 28 ms longest processing time (per request)

    slh 3 # of accepted HTTPS requests
    slm 20 # of rejected HTTPS requests (missing certificate)
    sle 0 # of rejected HTTPS requests (certificate available but bad)
    slc 2671 # of dropped HTTPS requests (client disconnect without sending any request)
    slu 275 # of dropped HTTPS requests (unknown error)

    nfe 161 # of GET requests for server-side scripting
    gif 11 # of GET requests for GIF
    ico 0 # of GET requests for ICO
    txt 151 # of GET requests for Javascripts
    jpg 0 # of GET requests for JPG
    png 0 # of GET requests for PNG
    swf 0 # of GET requests for SWF
    sta 3 # of GET requests for HTML stats
    stt 1 # of GET requests for plain text stats
    ufe 7 # of GET requests /w unknown file extension

    opt 0 # of OPTIONS requests
    pst 0 # of POST requests
    hed 0 # of HEAD requests (HTTP 501 response)
    rdr 66 # of GET requests resulted in REDIRECT response
    nou 0 # of GET requests /w empty URL
    pth 0 # of GET requests /w malformed URL
    204 0 # of GET requests (HTTP 204 response)
    bad 1 # of unknown HTTP requests (HTTP 501 response)

    tmo 0 # of timeout requests (client connect w/o sending a request in 'select_timeout' secs)
    cls 2671 # of dropped requests (client disconnect without sending any request)
    cly 0 # of dropped requests (client disconnect before response sent)
    clt 0 # of dropped requests (reached maximum service threads)
    err 0 # of dropped requests (unknown reason)
     
    kvic likes this.
  18. Xentrk

    Xentrk Very Senior Member

    Joined:
    Jul 21, 2016
    Messages:
    1,239
    Location:
    Thailand
    @kvic , Do you think pixelserv-tls will work on Openwrt? I use an old version of pixelserv from 2013 I found on GitHub. But would like to update if possible. This is for my travel router. https://www.gl-inet.com/ar300m/. Thank you.
     
  19. kvic

    kvic Very Senior Member

    Joined:
    Aug 11, 2014
    Messages:
    1,936
    Location:
    Hong Kong
    @Xentrk

    I doubt it but I cannot confirm. I also don't have the OpenWRT build environment.

    According to this thread, ar300m ships with OpenWRT prebuild, and you can access OpenWRT through its GUI > advanced.

    You may give it a try with manually downloading the Entware-ng mipsel zip file from my Github. Extract the executable and copy to AR300M.

    Attempt to run it from command line. If the errors only complain about some missing libraries. There might be a way to fix it and get it working. If it crashes right the way, I'm afraid completely incompatible.
     
    Xentrk likes this.
  20. Lost Dog

    Lost Dog Regular Contributor

    Joined:
    Dec 26, 2013
    Messages:
    78
    @Xentrik

    If you get it working please update us (or I suppose if I get some time I could try as well). Are you running ab-solution on the AR300M (fantastic little router BTW)?

    When I connect to my RT-AC56U running OpenVPN with the ar300m ab-solution / pixelserv-tls works through the OpenVPN tunnel. It does not however when using shadowsocks. I'd rather run using shadowsocks but would need to have ab-solution / pixelserv-tls on the ar300m to get adblocking.
     
  21. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    4,131
    Location:
    Switzerland
    AB-Solution will not work or install on a non-Asuswrt-Merlin router.
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!