pixelserv pixelserv - A Better One-pixel Webserver for Adblock

[kvic]

ram and cpu seem ok:
View attachment 12353

You have *plenty* of RAM left..

Slu ratio still looking high after 22 hours
https://prnt.sc/issyui

I suggest going back to v2.0.1 and establish a baseline from your normal browsing activities first..

 

[elorimer]

Mini How-To

1. temporarily turn on logging LEVEL to 4 (by using URI '/log=4'
2. watch your /tmp/syslog.log. You'll see which URL(s) go crazy.
3. reset logging LEVEL back to 1 (with URI '/log=1')

Slick. I didn't realize there were these things you could do on the fly with a URI, without ssl into the router.

I did find the blocked domain this way-- cdn-gl.imrworldwide.com. I can't find this in the web page source though, but it looks to be the A.C Neilsen cloud tracking.

 

[kvic]

Slick. I didn't realize there were these things you could do on the fly with a URI, without ssl into the router.

I did find the blocked domain this way-- cdn-gl.imrworldwide.com. I can't find this in the web page source though, but it looks to be the A.C Neilsen cloud tracking.

I have to look up ChangeLog to remind myself when this feature was added.

2016-3-13 v35.HZ12.Kh
* Added access log toggle through HTTP URL. This allows turning on/off access log without restarting pixelserv-tls.
* Added result code of a processed request to access log - for diagnosis purpose.

2015-10-3 v35.HZ12.Kc
* First release of pixelserv-tls
* Added support for HTTPS connections
* Added access log.
* Cleaned up warnings on AMD64​

You're already one of the 'expert' users. If you don't know, then..apparently I failed on marketing and user education that I'm trying to catch up a bit.

But seriously as I said last year myself only re-discovered the huge benefit of pixelserv-tls mid 2017.

 

[elorimer]

2016-3-13 v35.HZ12.Kh

That was two years ago. Those memory cells died long ago.

 

[elorimer]

What happened should be that one or more domains commonly exist in people's block list upsets fivethirtyeight.com. The website simply goes crazy and in desperate attempt to retrieve what it wants.

Without any domains blocked, the website doesn't look that crazy. Since in this case repeated attempts not hurting people's browsing experience, just let it be, rather than spending time to figure out and whitelist the 'wrongly blocked' domain(s).

Out of curiosity, would this be an error in the coding of the website? I let that tab sit open for a half hour or so and its crossed 500,000 attempts. This is quite unusual for blocking, particularly if it is for AC Nielsen, which offers the ability to opt out of their tracking.

 

[kvic]

Out of curiosity, would this be an error in the coding of the website? I let that tab sit open for a half hour or so and its crossed 500,000 attempts. This is quite unusual for blocking, particularly if it is for AC Nielsen, which offers the ability to opt out of their tracking.

It's quite obvious due to poor coding/exceptions handling on client side i.e the webpages.

But who knows..perhaps it was coded on purpose to slow down the page when people assert adblock. If so, the trick fails to slow down the browsing experience since pixelserv-tls responds so fast.

Worth checking how much CPU pixelserv-tls is using when you have the tab open..

 

[elorimer]

This is with an 87U.

With the web page closed, htop reports pixelserv-tls is using nothing, and the webui shows usage is around 0-2% on each core.

With the page open, htop is reporting pixelserv-tls is using between 5 and 10%, and the webgui is reporting one core around 10-15% and the other 5 to 8%.

In both case memory usage is 3.4%.

 

[Butterfly Bones]

@vesalius @Makaveli @Protik thank you for sharing the servstats.

Your slu seems okay to me. However, if anyone suspect you've done everything properly but still observe a large percentage (slu/req), then I have a build for armv7 that include traces to figure out what are the underlying reason.

My slu is crazy too. My network is one Linux desktop, one chromebook, three Android phones (all with Pixelserv CA imported and shown as trusted). AC86U, Entware is aarch64. Uptime just over 24 hours

pixelserv-tls 2.1.0-rc.1 (compiled: Mar 17 2018 21:02:52 flags: tfo) options: 192.168.1.2
87295 uts, 1 log, 1 kcc, 33 kmx, 1.10 kvg, 25 krq, 24245 req, 946 avg, 29645 rmx, 42 tav, 2533 tmx, 319 slh, 26 slm, 0 sle, 5073 slc, 18100 slu, 100 sct, 23084 sch, 207 scm, 182 scp, 0 sst, 91 ssh, 5039 ssm, 0 ssp, 173 nfe, 4 gif, 42 ico, 102 txt, 0 jpg, 8 png, 0 swf, 39 sta, 4 stt, 37 ufe, 0 opt, 63 pst, 0 hed, 99 rdr, 0 nou, 0 pth, 0 204, 38 bad, 271 tmo, 5240 cls, 0 cly, 0 clt, 0 err

htop was at 4.2% last night and this morning, now at 4.7% AC86U RAM is well utilized!
https://ibb.co/jbwnEc

Used 484MB
Free 28MB
Total 512MB
94%

 

[kvic]

I just uploaded a rebuilt of 2.1.0-rc.1. It includes one debug trace on LEVEL 2. It looks like these in /tmp/syslog.log:

Mar 18 19:07:46 Asu pixelserv-tls[16931]: client 172.31.0.2 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 19:41:40 Asu pixelserv-tls[16931]: client 192.168.1.3 ssl error:140760FC:lib(20):func(118):reason(252)

They will tell why slu is increment. So if you want to investigate slu issue, pls run pixelserv-tls with option '-l 2' to get the traces when they happen. You can install this beta by the same one-liner script.

sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/install-beta.sh)"

Note that apart from the above difference the binaries are same as before. Also same version string but different compile time.

 

[Butterfly Bones]

I just uploaded a rebuilt of 2.1.0-rc.1. It includes one debug trace on LEVEL 2. It looks like these in /tmp/syslog.log:

Mar 18 19:07:46 Asu pixelserv-tls[16931]: client 172.31.0.2 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 19:41:40 Asu pixelserv-tls[16931]: client 192.168.1.3 ssl error:140760FC:lib(20):func(118):reason(252)

They will tell why slu is increment. So if you want to investigate slu issue, pls run pixelserv-tls with option '-l 2' to get the traces when they happen. You can install this beta by the same one-liner script.

sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/install-beta.sh)"

Note that apart from the above difference the binaries are same as before. Also same version string but different compile time.

Reinstalled and added -l 2 via AB-Solution. Got my hawkeye on!

 

[kvic]

Reinstalled and added -l 2 via AB-Solution. Got my hawkeye on!

Thank you.

Hopefully this will explain the large percentage (slu/req) for some ppl, and possibly lead to discovery of bugs. I encourage @quant88, @Protik and others curious about their high slu to give it a try too.

 

[Protik]

I got this:

Mar 18 10:22:03 pixelserv-tls[19030]: Listening on :192.168.2.2:80
Mar 18 10:22:08 pixelserv-tls[19030]: client 192.168.2.13 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 10:22:16 pixelserv-tls[19030]: client 192.168.2.13 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 10:22:29 pixelserv-tls[19030]: client 192.168.2.13 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 10:22:31 pixelserv-tls[19030]: client 192.168.2.13 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 10:22:57 pixelserv-tls[19030]: client 192.168.2.13 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 10:23:38 pixelserv-tls[19030]: client 192.168.2.13 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 10:23:58 pixelserv-tls[19030]: client 192.168.2.13 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 10:24:57 pixelserv-tls[19030]: client 192.168.2.13 ssl error:14094416:lib(20):func(148):reason(1046)

Interestingly this is an android phone with cert installed.

 

[Butterfly Bones]

Thank you.

Hopefully this will explain the large percentage (slu/req) for some ppl, and possibly lead to discovery of bugs. I encourage @quant88, @Protik and others curious about their high slu to give it a try too.

Got two hits. This is my Pixel 2 XL android 8.1 Oreo, totally stock, March security update and Pixelserv CA cert installed and trusted.

Maybe I should delete the cert, reboot and reinstall?! (shrug)

Mar 18 10:26:46 pixelserv-tls[2014]: client 192.168.1.6 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 10:27:39 pixelserv-tls[2014]: client 192.168.1.6 ssl error:14094416:lib(20):func(148):reason(1046)

 

[Protik]

Another one:

Mar 18 10:28:27 pixelserv-tls[19030]: client 192.168.2.20 ssl error:14094418:lib(20):func(148):reason(1048)
Mar 18 10:28:27 pixelserv-tls[19030]: client 192.168.2.20 ssl error:14094418:lib(20):func(148):reason(1048)
Mar 18 10:28:27 pixelserv-tls[19030]: client 192.168.2.20 ssl error:14094418:lib(20):func(148):reason(1048)
Mar 18 10:28:27 pixelserv-tls[19030]: client 192.168.2.20 ssl error:14094418:lib(20):func(148):reason(1048)
Mar 18 10:28:27 pixelserv-tls[19030]: client 192.168.2.20 ssl error:14094418:lib(20):func(148):reason(1048)
Mar 18 10:28:27 pixelserv-tls[19030]: client 192.168.2.20 ssl error:14094418:lib(20):func(148):reason(1048)
Mar 18 10:28:27 pixelserv-tls[19030]: client 192.168.2.20 ssl error:14094418:lib(20):func(148):reason(1048)
Mar 18 10:28:27 pixelserv-tls[19030]: client 192.168.2.20 ssl error:14094418:lib(20):func(148):reason(1048)
Mar 18 10:28:57 pixelserv-tls[19030]: client 192.168.2.13 ssl error:14094416:lib(20):func(148):reason(1046)

Iphone with cert installed.

 

[Raphie]

One thing I did find out was when copying a certificate back, the version from the new install was NOT overwritten.
You might want to check the date of the cert and key in the pixelserv dir.

 

[Butterfly Bones]

No joy after removal, reboot, reimport (192.168.1.2/ca.crt)

removed cert and reboot (no cert)

Mar 18 10:35:53 pixelserv-tls[2014]: client 192.168.1.6 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 10:35:56 pixelserv-tls[2014]: client 192.168.1.6 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 10:35:58 pixelserv-tls[2014]: client 192.168.1.6 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 10:36:02 pixelserv-tls[2014]: client 192.168.1.6 ssl error:14094416:lib(20):func(148):reason(1046)

new cert and reboot

Mar 18 10:41:38 pixelserv-tls[2014]: client 192.168.1.6 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 10:41:49 pixelserv-tls[2014]: client 192.168.1.6 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 10:41:52 pixelserv-tls[2014]: client 192.168.1.6 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 10:42:00 pixelserv-tls[2014]: client 192.168.1.6 ssl error:14094416:lib(20):func(148):reason(1046)

 

[Butterfly Bones]

Now something crazy. I have a Nexus 7 tablet on android 7.1.1 Nougat that shows the same errors.

Nexus 7
Mar 18 10:45:00 pixelserv-tls[2014]: client 192.168.1.7 ssl error:14094416:lib(20):func(148):reason(1046)

All my devices have DCHP assigned IP addresses.

I also have a Nexus 6 with same android system as the Nexus 7 (used as a house device, mostly casting to the TV). It has a SIM that is never used, very low cost use / minute plan as emergency backup). It is 192.168.1.12 and browsing to all the known problem sites in this thread shows nothing from pixelserv in the syslog. Tried various apps and nothing. zip. nada. zilch!

I verified that the cert Serial Number and SHA-256 and SHA-1 fingerprints are identical in all three devices.
Ok, the third android device is now giving the same error string. No idea why it took so long.
Now my Linux desktop is throwing errors.

Mar 18 14:46:27 pixelserv-tls[2014]: client 192.168.1.5 ssl error:1408A0E3:lib(20):func(138):reason(227)

Other discussions here point to other ad blockers causing odd results in stats. I have none installed on any device, just AB-S on the 86U.

does this help?
https://home.kpn.nl/ojb-hamster/EnWIP/EnWeb/html/erro9r1s.htm

 

[Protik]

For me, slu was increasing when only two mobile devices (1 android and 1 iOS) device was active in the network. Later on when other devices became active, slh started increasing. I am only seeing these messages only from mobile devices.

I got this:

Mar 18 10:22:03 pixelserv-tls[19030]: Listening on :192.168.2.2:80
Mar 18 10:22:08 pixelserv-tls[19030]: client 192.168.2.13 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 10:22:16 pixelserv-tls[19030]: client 192.168.2.13 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 10:22:29 pixelserv-tls[19030]: client 192.168.2.13 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 10:22:31 pixelserv-tls[19030]: client 192.168.2.13 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 10:22:57 pixelserv-tls[19030]: client 192.168.2.13 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 10:23:38 pixelserv-tls[19030]: client 192.168.2.13 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 10:23:58 pixelserv-tls[19030]: client 192.168.2.13 ssl error:14094416:lib(20):func(148):reason(1046)
Mar 18 10:24:57 pixelserv-tls[19030]: client 192.168.2.13 ssl error:14094416:lib(20):func(148):reason(1046)

Interestingly this is an android phone with cert installed.

Another one:

Mar 18 10:28:27 pixelserv-tls[19030]: client 192.168.2.20 ssl error:14094418:lib(20):func(148):reason(1048)
Mar 18 10:28:27 pixelserv-tls[19030]: client 192.168.2.20 ssl error:14094418:lib(20):func(148):reason(1048)
Mar 18 10:28:27 pixelserv-tls[19030]: client 192.168.2.20 ssl error:14094418:lib(20):func(148):reason(1048)
Mar 18 10:28:27 pixelserv-tls[19030]: client 192.168.2.20 ssl error:14094418:lib(20):func(148):reason(1048)
Mar 18 10:28:27 pixelserv-tls[19030]: client 192.168.2.20 ssl error:14094418:lib(20):func(148):reason(1048)
Mar 18 10:28:27 pixelserv-tls[19030]: client 192.168.2.20 ssl error:14094418:lib(20):func(148):reason(1048)
Mar 18 10:28:27 pixelserv-tls[19030]: client 192.168.2.20 ssl error:14094418:lib(20):func(148):reason(1048)
Mar 18 10:28:27 pixelserv-tls[19030]: client 192.168.2.20 ssl error:14094418:lib(20):func(148):reason(1048)
Mar 18 10:28:57 pixelserv-tls[19030]: client 192.168.2.13 ssl error:14094416:lib(20):func(148):reason(1046)

Iphone with cert installed.

 

[kvic]

Seems like we're getting some progress. Note that based on previous high counts of slu I've seen, one or more error of the same type shall repeat itself many time. You could copy and paste to do a count in a good Windows editor. Or do it in SSH with e.g.:

$ grep pixelserv-tls /tmp/syslog.log|grep 'ssl error'|grep -c 'reason(1046)'

On Android clients, the traces will show some errors sporadically. I saw that on my android tablet too. That's 'normal'. I suspect some processes/apps handle their own SSL connections for whatever 'secret' reasons.

iOS clients are more consistent. I've yet to see a 'weird' error on my devices.

So if you have 10 thousands of slu, very likely the same error repeated 10 thousands times. Let's focus on these first.

 

[Protik]

So up to now I have slu value of 342. Of these,

admin@RT-AC68U-DF28:/tmp/home/root# grep pixelserv-tls /tmp/syslog.log|grep 'ssl error'|grep -c 'reason(1046)'
142
admin@RT-AC68U-DF28:/tmp/home/root# grep pixelserv-tls /tmp/syslog.log|grep 'ssl error'|grep -c 'reason(1048)'
48

Reason 1048 shows up for the iOS device and 1046 shows up for the Android device.