Diversion Diversion - the Router Ad-Blocker

[dugaduga]

@thelonelycoder, how does one go about resetting statistics? I deleted everything in the stats folder and divstats still shows old stats, but minus unique devices

 

[thelonelycoder]

@thelonelycoder, how does one go about resetting statistics? I deleted everything in the stats folder and divstats still shows old stats, but minus unique devices

I replied in the other tread, but anyway.
In Diversion under d.

 

[dugaduga]

I replied in the other tread, but anyway.
In Diversion under d.

Tx, how can I manually re-enter the block count total for continuity after resetting the stats?

 

[thelonelycoder]

Tx, how can I manually re-enter the block count total for continuity after resetting the stats?

With ac in the o options.

 

[Mircica]

With 512Mb SWAP file!

using temporary pgl.yoyo.org hosts file to lower memory usage while updating
remote file newer: getting new hosts file
https://pgl.yoyo.org/adservers/serv...&showintro=0&mimetype=plaintext&useip=0.0.0.0
######################################################################## 100.0%
writing temporary pgl.yoyo.org blocking list

preparing temporary whitelist
preserving assembled hardcoded whitelist
updated /jffs/shared-Diversion-whitelist

downloading Large+ blocking list, 6 hosts file(s)
using 192.168.1.2 as blocking IP

processing file 1 of 6
remote file same: using local hosts file
https://hosts-file.net/emd.txt
processing file 1 done

processing file 2 of 6
remote file same: using local hosts file
https://hosts-file.net/exp.txt
processing file 2 done

processing file 3 of 6
remote file same: using local hosts file
https://hosts-file.net/hjk.txt
processing file 3 done

processing file 4 of 6
remote file same: using local hosts file
https://hosts-file.net/mmt.txt
processing file 4 done

processing file 5 of 6
remote file same: using local hosts file
https://hosts-file.net/psh.txt
processing file 5 done

processing file 6 of 6
remote file newer: getting new hosts file
https://hosts.oisd.nl/
######################################################################## 100.0%
processing file 6 done

removing whitelisted domains in blocking list, sorting file

/opt/bin/grep: memory exhausted
writing Large+ blocking list

update Large+ blocking list complete

I will try with more SWAP!

 

[Mircica]

Dear thelonelycoder
Can you add a 768MB swap file too?
More options will be great!
If I remember correctly first choice - 256MB - was enough not so long ago but now... 512MB is not enough right now!

1) print_red_line
echo " Select a Swap file size"
echo
echo " 1. 256MB"
echo " 2. 512MB"
echo " 3. 768MB"
echo " 4. 1GB"
echo " 5. 2GB"
while true; do
printf "\\n Enter size [1-5 e=Exit] ";read -r size
case "$size" in
1) swapsize=262144;break;;
2) swapsize=524288;break;;
3) swapsize=786432;break;;
4) swapsize=1048576;break;;
5) swapsize=2097152;break;;
[Ee]) exit_message;reload_menu;break;;
*) printf "\\n input is not an option\\n";;
esac
done

 

[dev_null]

How you created it? Can you share some links, I am interested because I want to block p*rn, gambling... Used to have something like that before but after uninstall and reinstall I've lost it.

FWIW, I use this:

https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/gambling-porn/hosts

 

[SomeWhereOverTheRainBow]

Dear thelonelycoder
Can you add a 768MB swap file too?
More options will be great!
If I remember correctly first choice - 256MB - was enough not so long ago but now... 512MB is not enough right now!

1) print_red_line
echo " Select a Swap file size"
echo
echo " 1. 256MB"
echo " 2. 512MB"
echo " 3. 768MB"
echo " 4. 1GB"
echo " 5. 2GB"
while true; do
printf "\\n Enter size [1-5 e=Exit] ";read -r size
case "$size" in
1) swapsize=262144;break;;
2) swapsize=524288;break;;
3) swapsize=786432;break;;
4) swapsize=1048576;break;;
5) swapsize=2097152;break;;
[Ee]) exit_message;reload_menu;break;;
*) printf "\\n input is not an option\\n";;
esac
done

What are you doing that requires more than 512? Or do I not want to know?

 

[AurelM]

Hi,

New user here, many months reading, first time posting (actually just made an account).
I'm using an Asus RT-AC68U HW rev. A1 router using firmware AsusWRT-Merlin 384.14_beta1 with AMTM, Diversion, Skynet, uiDivStats and uiScribe scripts, all installed from amtm. Thank you to all of the coders whose code I've been using!

After installing Diversion, I've configured its email settings for it to be able to send notifications and the file backups. I've used a gmail account, but hit a few problems along the way (one of which was to enable Less secure app access in the gmail account settings).

The other however was that I am using a password with many non alphanumeric characters in it, one of them being $ . However, this is a special character in the linux shell, thus the password did not get stored correctly (it only stored the password up to this character). After escaping the character with \ , it worked. But this still bothered me, along with the message that the character " cannot be used, but it should with the same method of escaping the character.

I've then started to check which other non alphanumeric characters should be escaped (from the 32 ones easily accessible with an US style keyboard) and proceeded to modify the script to escape the characters by itself. The result is that the password is stored with the special characters escaped and also works in sending the emails. I've then decided to share it here, so here we go:

This is the file that should be edited:

/opt/share/diversion/file/functions.div

1. Add a new procedure (it doesn't really matter where as long as it's between #BOF and #EOF and not wihin another procedure or the main procedure itself; a good place would be to add it before the first procedure, which for the current 4.1.6 version is au_function() at line 63):

escape_password_special_characters(){
   i=0
   PASSWORD=
   while [ $i -lt `expr length "$value"` ]
   do
       case ${value:$i:1} in
           [\`\'\$\\\"])
               PASSWORD="$PASSWORD\\"
               ;;
           %)
               PASSWORD="$PASSWORD%"
               ;;
       esac
       PASSWORD="$PASSWORD${value:$i:1}"
       i=`expr $i + 1`
   done
}

2. Modify line where the password is read directly in the PASSWORD variable by reading it in the value variable and calling the newly created procedure, from:

       printf "\\n${RED_BG} Enter Password: ${NC} ";read -r PASSWORD

to

       printf "\\n${RED_BG} Enter Password: ${NC} ";read -r value;escape_password_special_characters

3. Modify lines where the password is stored in the PASSWORD variable by calling the newly created procedure, from:

               6)   printf "\\n Note: Password may NOT contain \" character.\\n"
                   printf "\\n $PASSWORD${RED} <-- current password${NC}\\n"
                   printf "${RED_BG} Enter Password: ${NC} [e=Exit] ";read -r value
                   PASSWORD=$value;break;;

to

               6)   printf "\\n $PASSWORD${RED} <-- current password${NC}\\n"
                   printf "${RED_BG} Enter Password: ${NC} [e=Exit] ";read -r value
                   escape_password_special_characters;break;;

Save the changes made to the file and this should be it until a reinstall or upgrade of Diversion which will overwrite the file.

Maybe @thelonelycoder could add something similar in the next releases if he sees value in it or maybe not if there's something wrong in doing this that I'm not seeing.

 

[jsbeddow]

Yes, I ran into this issue with email passwords months ago, forgot to report it (or politely ask about a fix within Diversion), and found it simpler to modify my password on the email account rather than dealing with it at this end. Glad you brought this up, thanks. I'm sure your solution works, but it would be great if @thelonelycoder could also "permanently" correct this.

 

[Treadler]

GOAL:block everything!

Testing over, large list has the tick of approval;-)

 

[Ro berto]

I've used a gmail account, but hit a few problems along the way (one of which was to enable Less secure app access in the gmail account settings).

what I did was to create another email address just for this purpose (Diversion email notifications/backups)

 

[relic]

Hi!

I'm still using an old MIPS-based Asus RT-N16 running Asuswrt-Merlin 374.43 LTS release (V39E3) (@john9527's fork)
with the latest @thelonelycoder's Diversion Standard 4.1.6.

According to
https://github.com/kvic-z/pixelserv-tls/wiki/Create-and-Import-the-CA-Certificate

Importing your CA cert on clients is not mandatory but recommended. Your Pixelserv CA cert is available through URL http://pixelserv ip/ca.crt.

But according to @thelonelycoder's comment to this issue
https://github.com/kvic-z/pixelserv-tls/issues/18#issuecomment-456516745
the last pixelserv-tls version for MIPS-based routers is v2.0.1,
so I cannot get the pixelserv certificate through http://pixelserv ip/ca.crt.

The similar(?) issue was reported here
https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-195#post-518676

So I'd like to clarify the following points:

1. Even without this pixelserv cert, HTTPS ads seem to be blocked (but the space left is not filled with a pixel-sized image, because HTTPS requests are just dropped).
   
   My pixelserv servstats page (http://pixelserv ip/servstats) contains:
   

   slh   8   # of accepted HTTPS requests
   slm   19   # of rejected HTTPS requests (missing certificate)
   sle   0   # of rejected HTTPS requests (certificate available but bad)
   slc   676   # of dropped HTTPS requests (client disconnect without sending any request)
   slu   1417   # of dropped HTTPS requests (unknown error)

   
   
2. If 1. is correct, is there any difference between Diversion Lite and Diversion Standard in the case when the pixelserv certificate is not imported?
   
   I've tried installing and comparing these two versions and so far don't see any difference (as I cannot get the pixelserv cert),
   e.g., images from blocked HTTPS domain are not loading even when using Diversion Lite.
   
   
3. Is it possible to get the latest pixelserv-tls version for MIPS-based routers by installing @Jack Yaz's pixelserv-tls in ep, 6, 3
   or is @Jack Yaz's version only for ARM-based routers?

Thank you.

 

[Mircica]

What are you doing that requires more than 512? Or do I not want to know?

I tried to update blocking list with second option-512MB but gives me errors, so I moved to third option 1GB and everything seems to work fine!

 

[Asad Ali]

@thelonelycoder Hey Bro one suggestion for you if and whenever it's possible and you're feeling lonely [emoji14][emoji14][emoji16]

Can you add an IP filter in the log follow option " Filtered by blocked domains" so that it only show blocked domains generating from that single IP/Device because right now it shows blocked domains from all the devices in your network and it's hard to pinpoint which device generates the blocked entry.

I know it can be done by enabling extra loging and using "Filtered by term" option but it generates a lot of noise and not as clean as "filter by blocked domains"

 

[dave14305]

@thelonelycoder Hey Bro one suggestion for you if and whenever it's possible and you're feeling lonely [emoji14][emoji14][emoji16]

Can you add an IP filter in the log follow option " Filtered by blocked domains" so that it only show blocked domains generating from that single IP/Device because right now it shows blocked domains from all the devices in your network and it's hard to pinpoint which device generates the blocked entry.

I know it can be done by enabling extra loging and using "Filtered by term" option but it generates a lot of noise and not as clean as "filter by blocked domains"

You would really only be able to do this sanely by having the log-queries=extra enabled so it will include the requesting IP in the log when it is being blocked. Otherwise, you get the query and source IP on one line, and the blocking indicator further down on a later line without the source IP included.

 

[Asad Ali]

You would really only be able to do this sanely by having the log-queries=extra enabled so it will include the requesting IP in the log when it is being blocked. Otherwise, you get the query and source IP on one line, and the blocking indicator further down on a later line without the source IP included.

I know that alternative workaround but as I said in my previous post it generates lots of noise and not as clean as "Filtered by blocked domains" filter.

 

[dave14305]

I know that alternative workaround but as I said in my previous post it generates lots of noise and not as clean as "Filtered by blocked domains" filter.

Right, I just mean to filter the blocked domains per a specific IP, Diversion would need to always enable the extra logging so it can get the blocked domain and the source IP in the same line. I think it'd be a useful feature, but the prerequisite would be the extra logging, in my limited experience.

 

[Asad Ali]

Right, I just mean to filter the blocked domains per a specific IP, Diversion would need to always enable the extra logging so it can get the blocked domain and the source IP in the same line. I think it'd be a useful feature, but the prerequisite would be the extra logging, in my limited experience.

Yes you need to enable extra logging for that to work since it's a feature of DNSMasq and Divereion rely on its logging features.

 

[Jumpstarter]

DNSMASQ --log-async using 100% of resources on randomly switching CPU'S any suggestion to fix this?
RT-AC68U 384.13 , the issue goes away when diversion is turned off. how is diversion causing this?