Diversion Diversion - the Router Ad-Blocker v4.2.x (see new thread for 4.3.x)

[thelonelycoder]

I think I had the ipv4 rule for almost a year now, never see any hit in the Forward rule too.

So that could be left out. Let me run some tests.

 

[dave14305]

So that could be left out. Let me run some tests.

It would really depend on whether dnsmasq is advertising the router IP or not for DNS server, but if you’re using Diversion that could be a very safe assumption.

 

[thelonelycoder]

It would really depend on whether dnsmasq is advertising the router IP or not for DNS server, but if you’re using Diversion that could be a very safe assumption.

So, leave it in or not?
I see that it might be the case with a hard coded address from a device, maybe?
I guess better save than sorry.

 

[thelonelycoder]

Question folks i've notice as of late i'm getting a high slu count in Pixel serv where I have the ca.crt installed on my main browser on my desktop, also on my Cell phone and all other laptops in the network. However this still seems to be high any suggestions?

No iOS devices on my network except for when the woman is over with her Iphone and that device is not on the network currently.

View attachment 42660

You could activate the log level for pixelserv-tls if you're interested in what domains fail, and from which client.
In Diversion use ep, 2 and add the -l switch with log level 5 for debug. This prints a verbose log to the syslog.

Alternatively, you could start new with your auto-generated certs by going to ep, 3 and purge the domain certificates (option 1).

 

[Makaveli]

You could activate the log level for pixelserv-tls if you're interested in what domains fail, and from which client.
In Diversion use ep, 2 and add the -l switch with log level 5 for debug. This prints a verbose log to the syslog.

Alternatively, you could start new with your auto-generated certs by going to ep, 3 and purge the domain certificates (option 1).

Will give this a try thank you.

 

[iTyPsIDg]

I noticed that my guest networks that use Diversion don't benefit from the new tb option. Otherwise, it looks great.

 

[RMerlin]

I'm seeing that the FORWARD rule is never hit, only the INPUT. If I let my iOS army loose I get for example 32000 packets to the INPUT chain while FORWARD has 0.
Just an observation.

Traffic sent at the router (for instance from a client to dnsmasq) will go through the INPUT chain. FORWARD would be traffic leaving your LAN to go to the Internet.

 

[Treadler]

I able to add these two rules for ipv6. In my environment, all hits happen at INPUT table for both ipv4 and ipv6.

ip6tables -I INPUT -p udp --dport 53 -d $(nvram get ipv6_rtr_addr) -m string --hex-string "|0000410001|" --algo bm -j REJECT
ip6tables -I FORWARD -p udp --dport 53 -m string --hex-string "|0000410001|" --algo bm -j REJECT

Perhaps @Treadler can help to test this in your ipv6 environment? Can use

ip6tables -nvL INPUT | grep 'pkts\|0041'
ip6tables -nvL FORWARD | grep 'pkts\|0041'

to check if packet count increases when it hits the rules.

​

Ok, the “input” grep counts & increases.
Nil count on the “forward” grep.

My cheat sheet (uidivstats) shows zero type 65 after reenabling IPv6.

A thing of beauty!

 

[elorimer]

add the -l switch with log level 5 for debug

Yikes! You can get that at level 2, and keep it there without drowning.

 

[elorimer]

Question folks i've notice as of late i'm getting a high slu count in Pixel serv where I have the ca.crt installed on my main browser on my desktop, also on my Cell phone and all other laptops in the network. However this still seems to be high any suggestions?

No iOS devices on my network except for when the woman is over with her Iphone and that device is not on the network currently.

View attachment 42660

This is about where I am. Amazon Echos and Roku boxes account for the bulk of the rejected requests. Ever minute or so they seem to try a blocked query, and then retry it hundreds of times in the next few seconds.

I run a daily script that reports the blocked pairs (requested lookup/device), surpressing those I already know about.

 

[Riptide]

Hi

Is it possible to remove this once it is installed and if so how involved is that process?

When I attempt to run the following command to install:

curl -Os https://diversion.ch/install && sh install

I get this error:

'sh' is not recognized as an internal or external command, operable program or batch file.

The command is being run from a windows command prompt w/admin rights. I am able to use the SSH command from this same prompt to access my mining rig for example without issue.

I assume I need to be running a separate terminal completely like putty to do this?

 

[thelonelycoder]

Hi

Is it possible to remove this once it is installed and if so how involved is that process?

When I attempt to run the following command to install:

curl -Os https://diversion.ch/install && sh install

I get this error:


The command is being run from a windows command prompt w/admin rights. I am able to use the SSH command from this same prompt to access my mining rig for example without issue.

I assume I need to be running a separate terminal completely like putty to do this?

Use another SSH terminal like Xshell that does not override the system path. This problem was introduced in Asuswrt-Merlin 386.7.

 

[RMerlin]

Use another SSH terminal like Xshell that does not override the system path. This problem was introduced in Asuswrt-Merlin 386.7.

His problem is actually that he tried to run that in a Windows command prompt rather than on his router.

 

[thelonelycoder]

His problem is actually that he tried to run that in a Windows command prompt rather than on his router.

Why is there no Diversion version for Windows you ask?
Come gather 'round and let me tell you the story of when Bill met Woz at the Homebrew computer club...

 

[Kingp1n]

Does anyone know if the syslog msg below is related to Diversion? I saw a similar thread which was fixed by disabling pixerlserv but I don't use pixelserv. Thoughts?

Jul 12 20:47:21 kernel: potentially unexpected fatal signal 11.
Jul 12 20:47:21 kernel: CPU: 1 PID: 19001 Comm: dcd Tainted: P           O    4.1.51 #2
Jul 12 20:47:21 kernel: Hardware name: Broadcom-v8A (DT)
Jul 12 20:47:21 kernel: task: ffffffc02ff03500 ti: ffffffc027540000 task.ti: ffffffc027540000
Jul 12 20:47:21 kernel: PC is at 0x29d34
Jul 12 20:47:21 kernel: LR is at 0x29fb4
Jul 12 20:47:21 kernel: pc : [<0000000000029d34>] lr : [<0000000000029fb4>] pstate: 20070010
Jul 12 20:47:21 kernel: sp : 00000000ffedf880
Jul 12 20:47:21 kernel: x12: 00000000000a211c
Jul 12 20:47:21 kernel: x11: 0000000000081d64 x10: 0000000000000006
Jul 12 20:47:21 kernel: x9 : 0000000000000003 x8 : 0000000000000006
Jul 12 20:47:21 kernel: x7 : 00000000f5f00b14 x6 : 0000000000000035
Jul 12 20:47:21 kernel: x5 : 0000000000000049 x4 : 00000000f5f00b74
Jul 12 20:47:21 kernel: x3 : 0000000000000000 x2 : 0000000000000005
Jul 12 20:47:21 kernel: x1 : 000000000000000d x0 : 0000000000000000

 

[Treadler]

Does anyone know if the syslog msg below is related to Diversion? I saw a similar thread which was fixed by disabling pixerlserv but I don't use pixelserv. Thoughts?

Jul 12 20:47:21 kernel: potentially unexpected fatal signal 11.
Jul 12 20:47:21 kernel: CPU: 1 PID: 19001 Comm: dcd Tainted: P           O    4.1.51 #2
Jul 12 20:47:21 kernel: Hardware name: Broadcom-v8A (DT)
Jul 12 20:47:21 kernel: task: ffffffc02ff03500 ti: ffffffc027540000 task.ti: ffffffc027540000
Jul 12 20:47:21 kernel: PC is at 0x29d34
Jul 12 20:47:21 kernel: LR is at 0x29fb4
Jul 12 20:47:21 kernel: pc : [<0000000000029d34>] lr : [<0000000000029fb4>] pstate: 20070010
Jul 12 20:47:21 kernel: sp : 00000000ffedf880
Jul 12 20:47:21 kernel: x12: 00000000000a211c
Jul 12 20:47:21 kernel: x11: 0000000000081d64 x10: 0000000000000006
Jul 12 20:47:21 kernel: x9 : 0000000000000003 x8 : 0000000000000006
Jul 12 20:47:21 kernel: x7 : 00000000f5f00b14 x6 : 0000000000000035
Jul 12 20:47:21 kernel: x5 : 0000000000000049 x4 : 00000000f5f00b74
Jul 12 20:47:21 kernel: x3 : 0000000000000000 x2 : 0000000000000005
Jul 12 20:47:21 kernel: x1 : 000000000000000d x0 : 0000000000000000

Always thought that message was a consequence of using both Pixelserv + Aiprotect together (as I do).
Here, disabling Pixelserv makes the messages go away.
A puzzlement indeed!

 

[RMerlin]

A puzzlement indeed!

Anything that adds a virtual network interface will trigger that message. Pixelserv is just a popular addon that does.

 

[bluzfanmr1]

As a reminder since it's a common complaint, anyone wishing to parse the dcd crashes using scribe can do it by following the "crash" example files provided once you install scribe. You may need to customize it for your router, as I needed to do.

Example Files
Of note, example files are placed in /opt/share/sylog-ng/examples/ and /opt/share/logrotate/examples/ for common programs (skynet, pixelserv-tls, etc). These can be copied directly to /opt/etc/syslog-ng.d/ and /opt/etc/logrotate.d/ for use. Do not blindly copy all of these files to their respective ".d" directories however, as doing so will prevent syslog-ng from running. Editing files directly here is not recommended as they will likely be overwritten if you choose to update the filters.

/.../entware/share/syslog-ng/examples/crash
/.../entware/share/logrotate/examples/crash

Not noted there but buried in the thread is to make sure you update the file permissions for each new file you create:

chmod 0600 /opt/etc/syslog-ng.d/pixelserv
chmod 0600 /opt/etc/logrotate.d/pixelserv

Scribe Installation Thread

 

[Ellsworth]

I have been using diversion for years and it blocked millions of ads. Many pages had holes in them where ads used to be.

However, I have noticed lately even when using 4.3.1 those holes are filled with ads again. I have type 65 blocking enabled. If I look at the source of those ads on Microsoft Edge, they appear to come from aka.ads-ms.co which is in the blocking list I use. They seem to be put on the page after all the real information has been displayed. There seems to be something that is allowing those ads that is not controlled by diversion. I don't see any posts that have noted this difficulty with diversion.

 

[Treadler]

I have been using diversion for years and it blocked millions of ads. Many pages had holes in them where ads used to be.

However, I have noticed lately even when using 4.3.1 those holes are filled with ads again. I have type 65 blocking enabled. If I look at the source of those ads on Microsoft Edge, they appear to come from aka.ads-ms.co which is in the blocking list I use. They seem to be put on the page after all the real information has been displayed. There seems to be something that is allowing those ads that is not controlled by diversion. I don't see any posts that have noted this difficulty with diversion.

FWIW, the type 65 blocking doesn’t (yet) work over IPv6.
I don’t know if this might be your issue?