What's new

Diversion pixelserv-tls high CPU usage

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

what is your ultimate goal @luckycharms ? (there's a Merlin Firmware upgrade you should perform, v386.7...you're a bit behind)
Have you set up enough of a swap in diversion (2+ GB will be plenty helpful)?
If you're trying to enact some privacy/security for your LAN, the router will have to do some work, meaning processor cycles will use memory. that should only have a minimal impact on the speeds your clients send/receive data from the interwebz.
if you're seeing a load on the router when "no data is moving" on the LAN, you might want to look into just what might be talking to what/whom. On home networks today, there are "conveniences" that "call home" more than most people realise. I call this parasitic usage. to stop it, you have to find it, and that involves turning things off and looking into how they're configured and possibly even replacing them/eliminating them if the convenience isn't as beneficial as the "network headroom"
I concur. Sometimes simply turning everything off and turning it back on one at a time is enough to restore line speed. I turn off both router and modem. Turn the modem back on first and wait to for all its connected lights to restore. Then I turn back on the router. Obviously if you have other factors on the network, turn those Off and only restore them one at a time. During your restore process, do line speed testing at each layer.
 
Last edited:
Thanks for your replies... if 20% CPU usage is to be expected, then that's ok, as long as it's not affecting my transfer rates (those are suffering at the moment as well, but I'm not yet sure of the cause - thread here). I originally noticed this as I was looking for causes of my slow speeds.
 
are those spikes to 20%, or is it consistent 20% CPU?
did you do a factory reset of the router when you got the speed upgrade/new ISP package?

(am I the only one following @luckycharms ' tribulations and wondering what they're not telling us?)
 
Thanks for your replies... if 20% CPU usage is to be expected, then that's ok, as long as it's not affecting my transfer rates (those are suffering at the moment as well, but I'm not yet sure of the cause - thread here). I originally noticed this as I was looking for causes of my slow speeds.
Spikes of up to 20% could mean alot of traffic between pixelservtls usb storage and the router, while consistent 20% could just mean the "norm" for your environment.
 
Thanks all. It's pretty consistently chewing up 20% CPU. I presume the "norm" means devices accessing the internet that pixelserv interacts with? Otherwise, not sure why it's sitting there chewing up CPU. Hard to imagine so much background traffic...

I'll do a factory reset soon and will report back.
 
Thanks all. It's pretty consistently chewing up 20% CPU. I presume the "norm" means devices accessing the internet that pixelserv interacts with? Otherwise, not sure why it's sitting there chewing up CPU. Hard to imagine so much background traffic...

I'll do a factory reset soon and will report back.
The norm means, it sounds like it is normal behavior for pixelserv to operate with such demand on the cpu. After all, it is a server itself that not only stores certificates , it also has to make on the fly use of them per request and every new request it has to be able to make a new entry. it also logs, maintains and stores, usage statistics while performing all these task. In retrospect of all that it does, to hear that is only using 20% is quite interesting because all these operations are being done over your usb bus back and fourth between your entware repository which houses pixelserv-tls suffs( correct me if I am wrong), and your actual router. Some of the cpu usage might be the actual work being done between the usb storage and the router.
 
Last edited:
It would surprise me that it is using so much. I have pixelserv on logging 2 with 200 certs allowed in the cache. Looking at my stats, I have roughly 2 million requests so far for https certificates in the last 10 days and 140 certs actually in the cache. Of those, all but about 250 were served from the cache (that is, memory). (Amazon, Roku and Chromecast devices account for almost all the rejects.) So in the last 10 says pixelserv has only generated 140 certs. 10 yesterday. That's all its USB traffic. The logging goes into other processes. And pixelserv is only handling requests directed to it from dnsmasq. Those blocked requests would otherwise be using the router's own traffic handling, so it might even be pixelserv reduces the overall load.
 
It would surprise me that it is using so much. I have pixelserv on logging 2 with 200 certs allowed in the cache. Looking at my stats, I have roughly 2 million requests so far for https certificates in the last 10 days and 140 certs actually in the cache. Of those, all but about 250 were served from the cache (that is, memory). (Amazon, Roku and Chromecast devices account for almost all the rejects.) So in the last 10 says pixelserv has only generated 140 certs. 10 yesterday. That's all its USB traffic. The logging goes into other processes. And pixelserv is only handling requests directed to it from dnsmasq. Those blocked requests would otherwise be using the router's own traffic handling, so it might even be pixelserv reduces the overall load.
What type of USB storage do you use? Don't forget it has to deal with processing and storing its own internal statistics.
 
What type of USB storage do you use? Don't forget it has to deal with processing and storing its own internal statistics.
Just a metal 16gb USB stick (a stick, not a little nub). The internal stats are just counters in ram getting incremented, e.g.
Code:
  case SSL_HIT:        ++slh; break;
 
Last edited:
Just a metal 16gb USB stick (a stick, not a little nub). The internal stats are just counters in ram getting incremented, e.g.
Code:
  case SSL_HIT:        ++slh; break;
Whatever the case may be, the only way he is ever going to get to the bottom of it is looking at htop, or any other method where he is able to physically observe what active process is actually using that much CPU and/or memory. For example, it may have nothing to do with pixelserv-tls directly, it could be heavy writes from dnsmasq --log-async (or even using diversion in conjuction with Uidivstats), especially if he has a chatty client that continuously gets blocked which would create persistent log generation. here is an example case where that has happen before. https://www.snbforums.com/threads/issues-caused-from-dnsmasq.60216/
 
Last edited:
I was having the same pixesrv constant 25+% cpu usage. The moment I installed the ca.crt on all my devices, the issue resolved itself. Might want to validate that you have root cert installed.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top