What's new

pixelserv pixelserv - A Better One-pixel Webserver for Adblock

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Upgraded to rc5 from rc4 with no problems. Thanks for fixing the hanging problem. I was getting it every three to four hours on my ac86u.

That’s good to hear. Even better if we had gotten a reproducible case from you earlier. Perhaps next time. Thanks for the update.
 
Hi kvic,

Any chance you could push your latest commits to github? I run pixelserv on a raspberry pi and like to re-compile from time to time to pick up your latest changes:) Not that I've had any issues with the version I'm running (2.1.2)!

Cheers,
Dave.
 
Hi! I've been browsing the discussion for a couple hours but I can't find anybody with a problem similar to mine (at least in the last few hundreds of messages). I'm running Diversion with pixelserv-tls and, no matter what I do, I get no accepted HTTPS requests (slh) and most of the requests being dropped because of other TLS handshake errors (slu), with a few ones dropped because of missing certificate (slm). I enabled logging in pixelserv and this is what I keep on seeing in the router's interface (as expected):

Oct 1 18:19:50 pixelserv-tls[24478]: handshake failed: client 192.168.10.123:53613 server mc.yandex.ru. Lib(20) Func(138) Reason(227)
Oct 1 18:19:50 pixelserv-tls[24478]: handshake failed: client 192.168.10.123:53614 server (null). Lib(20) Func(161) Reason(373)
Oct 1 18:19:59 pixelserv-tls[24478]: handshake failed: client 192.168.10.123:53624 server (null). Lib(20) Func(161) Reason(373)
Oct 1 18:20:05 pixelserv-tls[24478]: handshake failed: client 192.168.10.123:53648 server (null). Lib(20) Func(161) Reason(373)
Oct 1 18:20:14 pixelserv-tls[24478]: handshake failed: client 192.168.10.123:53658 server secure.adnxs.com. Lib(20) Func(138) Reason(227)
Oct 1 18:20:14 pixelserv-tls[24478]: secure.adnxs.com _.adnxs.com missing
Oct 1 18:20:14 pixelserv-tls[24478]: handshake failed: client 192.168.10.123:53659 server secure.adnxs.com. Lib(20) Func(138) Reason(227)
Oct 1 18:20:14 pixelserv-tls[24478]: handshake failed: client 192.168.10.123:53660 server (null). Lib(20) Func(161) Reason(373)
Oct 1 18:20:14 pixelserv-tls[24478]: cert generated to disk: _.adnxs.com
Oct 1 18:21:06 pixelserv-tls[24478]: handshake failed: client 192.168.10.123:53702 server (null). Lib(20) Func(161) Reason(373)

I tried both the current version and the rc5, purged and regenerated the certificates, reinstalled entware, changed pixelserv IP. I also tried to install pixelserv manually (as opposed as through diversion) and both the statical/dynamically linked version. No matter what, this is what I keep on getting and it causes page loading delays, although the ads are correctly blocked. I'm running on RT-AC86U, 384.7beta3 (it was the same with 384.6 though). Adding the ca.crt to my client doesn't make any difference. Any ideas?
 
Hi! I've been browsing the discussion for a couple hours but I can't find anybody with a problem similar to mine (at least in the last few hundreds of messages). I'm running Diversion with pixelserv-tls and, no matter what I do, I get no accepted HTTPS requests (slh) and most of the requests being dropped because of other TLS handshake errors (slu), with a few ones dropped because of missing certificate (slm). I enabled logging in pixelserv and this is what I keep on seeing in the router's interface (as expected):

Oct 1 18:19:50 pixelserv-tls[24478]: handshake failed: client 192.168.10.123:53613 server mc.yandex.ru. Lib(20) Func(138) Reason(227)
Oct 1 18:19:50 pixelserv-tls[24478]: handshake failed: client 192.168.10.123:53614 server (null). Lib(20) Func(161) Reason(373)
Oct 1 18:19:59 pixelserv-tls[24478]: handshake failed: client 192.168.10.123:53624 server (null). Lib(20) Func(161) Reason(373)
Oct 1 18:20:05 pixelserv-tls[24478]: handshake failed: client 192.168.10.123:53648 server (null). Lib(20) Func(161) Reason(373)
Oct 1 18:20:14 pixelserv-tls[24478]: handshake failed: client 192.168.10.123:53658 server secure.adnxs.com. Lib(20) Func(138) Reason(227)
Oct 1 18:20:14 pixelserv-tls[24478]: secure.adnxs.com _.adnxs.com missing
Oct 1 18:20:14 pixelserv-tls[24478]: handshake failed: client 192.168.10.123:53659 server secure.adnxs.com. Lib(20) Func(138) Reason(227)
Oct 1 18:20:14 pixelserv-tls[24478]: handshake failed: client 192.168.10.123:53660 server (null). Lib(20) Func(161) Reason(373)
Oct 1 18:20:14 pixelserv-tls[24478]: cert generated to disk: _.adnxs.com
Oct 1 18:21:06 pixelserv-tls[24478]: handshake failed: client 192.168.10.123:53702 server (null). Lib(20) Func(161) Reason(373)

I tried both the current version and the rc5, purged and regenerated the certificates, reinstalled entware, changed pixelserv IP. I also tried to install pixelserv manually (as opposed as through diversion) and both the statical/dynamically linked version. No matter what, this is what I keep on getting and it causes page loading delays, although the ads are correctly blocked. I'm running on RT-AC86U, 384.7beta3 (it was the same with 384.6 though). Adding the ca.crt to my client doesn't make any difference. Any ideas?

Can you access pixelserv-tls servstats page over HTTPS?

https://yourpixelserv-tls-ip/servstats
 
Yup, works fine. I should add that all the TLS handshake errors are pinpointed as "shutdown by clients after ServerHello" (ush) on rc5.

Those errors are normal and we'll continue to see them until not all our apps/websites move to TLS v1.3 Final version.

You said you're not getting any slh increase? Is that true?
 
Those errors are normal and we'll continue to see them until not all our apps/websites move to TLS v1.3 Final version.

You said you're not getting any slh increase? Is that true?

Correct. The only way to see the slh counter increase is accessing servstats through HTTPS, otherwise the only counters ever moving are slm and mostly slu.
 
Correct. The only way to see the slh counter increase is accessing servstats through HTTPS, otherwise the only counters ever moving are slm and mostly slu.

Do you see any slh increase while visiting CNN.com?
 
Hmm, you should be getting slh hits while accessing ads from a client with a trusted ca.crt. What's even weirder is your servstats works fine through https. That last fact wouldn't be true if your cert was invalid or not imported to the client properly.

[edit: You might try and hard reset (turn off for 5min) the router to see if it helps.]
 
Do you see any slh increase while visiting CNN.com?

None. I just did and this is what I have now in servstats (I restarted pixelserv 10 mins ago).
 

Attachments

  • Screenshot 2018-10-01 18.48.13.png
    Screenshot 2018-10-01 18.48.13.png
    77.7 KB · Views: 455
None. I just did and this is what I have now in servstats (I restarted pixelserv 10 mins ago).

Strange.
Notice req value now and then reload CNN.com and check the req difference. See if it increase.
 
Strange.
Notice req value now and then reload CNN.com and check the req difference. See if it increase.

It does, by about 40, as I'd expect. I also imported the certificate to my iOS devices (enabling full trust for root certificates) and same thing. Kind of weird.
 
It does, by about 40, as I'd expect. I also imported the certificate to my iOS devices (enabling full trust for root certificates) and same thing. Kind of weird.

What browser you're using?

Also try again after rebooting your router.
 
What browser you're using?

When it comes to my desktop, I tried with Safari and Chrome on Mac, Chrome on Linux. Now, though, I tried on both platforms with Firefox (which has its own certificate storage) and sure enough slh is increasing, so this leads me to think there is something wrong with the current (as well as the previous) generated certificate. I'll try to generate a new one with a different openssl version and see if anything changes.
 
When it comes to my desktop, I tried with Safari and Chrome on Mac, Chrome on Linux. Now, though, I tried on both platforms with Firefox (which has its own certificate storage) and sure enough slh is increasing, so this leads me to think there is something wrong with the current (as well as the previous) generated certificate. I'll try to generate a new one with a different openssl version and see if anything changes.

So it's only working on FF?
 
So it's only working on FF?

Yup, slh increases when I use Firefox, not when I use anything using the system's certificate store. That's what now makes me believe something is not right with the generated certificate, rather than pixelserv's setup. I'll report back in a few mins when the new certs are up.
 
Yup, slh increases when I use Firefox, not when I use anything using the system's certificate store. That's what now makes me believe something is not right with the generated certificate, rather than pixelserv's setup. I'll report back in a few mins when the new certs are up.

So, generating a new certificate on my computer (LibreSSL 2.6.4) as opposed as on the router (OpenSSL 1.0.2p) got all clients to work. Very weird, but at least everything's fixed now.
 
So, generating a new certificate on my computer (LibreSSL 2.6.4) as opposed as on the router (OpenSSL 1.0.2p) got all clients to work. Very weird, but at least everything's fixed now.

Hmm strange.
But at least it's working now.
 
So, generating a new certificate on my computer (LibreSSL 2.6.4) as opposed as on the router (OpenSSL 1.0.2p) got all clients to work. Very weird, but at least everything's fixed now.

Interesting.. was the command used to generated the CA cert same in both cases? What are full command lines if I may ask?

If what you've described is correct, I think there is some issue we might need to take a closer look for new users using openssl 1.0.2p to generate a CA cert.
 
Any chance you could push your latest commits to github?

Should be soon I think. In weeks..not longer than October. Have been trying One More Thing..so perhaps one more rc run.

I run pixelserv on a raspberry pi and like to re-compile from time to time to pick up your latest changes:) Not that I've had any issues with the version I'm running (2.1.2)!

...running Pi Hole?

Curious what's the current status of OpenSSL 1.1.1 on Rasp Pi?

To make most out of v2.2, you'll need OpenSSL 1.1.1..
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top