dave14305
Part of the Furniture
Yes, I think we need to rally again to meet the goal!Don't forget the cascading hash tables!
Yes, I think we need to rally again to meet the goal!Don't forget the cascading hash tables!
What we really need is OpenSSL 1.1.1 going forward..
While watching your webui support TLS 1.3 and also be able to use Chacha (tho AES still gets preferred due to hardware acceleration being available for it) might be nice for bragging purposes (cipher-wise, that made Asuswrt-Merlin more secure than a lot of public websites LOL), it brought little benefit in the real world.
I just updated to Rc3 to check this youtube blocking.
Normally when playing music and just letting the auto play go youtube will slip ads in before each song play which is super annoying.
After Rc3 I still noticed it after the first song I played, however I also let it auto playing for over an hour and I didn't get any ads coming up in between songs so it seems to be working
I appreciate Merlin share his experiment in detail..
Just want to re-assure pixelserv-tls users that going with TLS 1.3 (OpenSSL 1.1.1) brings non-trivial improvement in a couple of areas. Don't doubt for a moment about the worthiness of the move..
The TLS 1.3 improvement on round-trip is one thing that you will definitely benefit from in this case. It just won't bring any improvement in the webui or OpenVPN cases.
pixelserv-tls 2.2.1-rc.3 (compiled: Nov 14 2018 20:19:45 flags: tls1_3) options: 192.168.1.2
uts 2d 06:19 process uptime
log 1 critical (0) error (1) warning (2) notice (3) info (4) debug (5)
kcc 1 number of active service threads
kmx 47 maximum number of service threads
kvg 1.01 average number of requests per service thread
krq 25 max number of requests by one service thread
req 15523 total # of requests (HTTP, HTTPS, success, failure etc)
avg 402 bytes average size of requests
rmx 658 bytes largest size of request(s)
tav 26 ms average processing time (per request)
tmx 82 ms longest processing time (per request)
slh 150 # of accepted HTTPS requests
slm 21 # of rejected HTTPS requests (missing certificate)
sle 0 # of rejected HTTPS requests (certificate available but not usable)
slc 7311 # of dropped HTTPS requests (client disconnect without sending any request)
slu 8004 # of dropped HTTPS requests (other TLS handshake errors)
v13 154 slh/slc break-down: TLS 1.3
v12 7 slh/slc break-down: TLS 1.2
v10 0 slh/slc break-down: TLS 1.0
uca 17 slu break-down: # of unknown CA reported by clients
ucb 0 slu break-down: # of bad certificate reported by clients
uce 3 slu break-down: # of unknown cert reported by clients
ush 5754 slu break-down: # of shutdown by clients after ServerHello
sct 110 cert cache: # of certs in cache
sch 15315 cert cache: # of reuses of cached certs
scm 31 cert cache: # of misses to find a cert in cache
scp 0 cert cache: # of purges to give room for a new cert
sst 2 sess cache: # of cached TLS sessions (for older non-RFC5077 clients)
ssh 315 sess cache: # of reuses of cached TLS sessions
ssm 15 sess cache: # of misses to find a TLS session in cache
ssp 0 sess cache: # of purges to give room for a new TLS session
nfe 26 # of GET requests for server-side scripting
gif 0 # of GET requests for GIF
ico 0 # of GET requests for ICO
txt 1 # of GET requests for Javascripts
jpg 0 # of GET requests for JPG
png 112 # of GET requests for PNG
swf 0 # of GET requests for SWF
sta 9 # of GET requests for HTML stats
stt 0 # of GET requests for plain text stats
ufe 0 # of GET requests /w unknown file extension
opt 0 # of OPTIONS requests
pst 0 # of POST requests
hed 0 # of HEAD requests (HTTP 501 response)
rdr 0 # of GET requests resulted in REDIRECT response
nou 0 # of GET requests /w empty URL
pth 0 # of GET requests /w malformed URL
204 0 # of GET requests (HTTP 204 response)
bad 0 # of unknown HTTP requests (HTTP 501 response)
tmo 11 # of timeout requests (client connect w/o sending a request in 'select_timeout' secs)
cls 7311 # of dropped requests (client disconnect without sending any request)
cly 0 # of dropped requests (client disconnect before response sent)
clt 0 # of dropped requests (reached maximum service threads)
err 0 # of dropped requests (unknown reason)
pixelserv-tls 2.2.1-rc.3 (compiled: Nov 14 2018 20:19:45 flags: tls1_3) options: 10.19.1.2 -u admin
uts 4d 01:18 process uptime
log 1 critical (0) error (1) warning (2) notice (3) info (4) debug (5)
kcc 1 number of active service threads
kmx 29 maximum number of service threads
kvg 2.29 average number of requests per service thread
krq 109 max number of requests by one service thread
req 20888 total # of requests (HTTP, HTTPS, success, failure etc)
avg 804 bytes average size of requests
rmx 18496 bytes largest size of request(s)
tav 8 ms average processing time (per request)
tmx 598 ms longest processing time (per request)
slh 6735 # of accepted HTTPS requests
slm 247 # of rejected HTTPS requests (missing certificate)
sle 0 # of rejected HTTPS requests (certificate available but not usable)
slc 109 # of dropped HTTPS requests (client disconnect without sending any request)
slu 12910 # of dropped HTTPS requests (other TLS handshake errors)
v13 6218 slh/slc break-down: TLS 1.3
v12 552 slh/slc break-down: TLS 1.2
v10 0 slh/slc break-down: TLS 1.0
uca 0 slu break-down: # of unknown CA reported by clients
ucb 10512 slu break-down: # of bad certificate reported by clients
uce 0 slu break-down: # of unknown cert reported by clients
ush 2225 slu break-down: # of shutdown by clients after ServerHello
I completely agree!!! When I saw my sch just now I was FLOORED!!! 96,000 ads blocked in 17 hours! I’m convinced our 5 new Alexa Echos are the culprit!v2.2.y has rock solid performance with LAN clients, and much improved performance over WAN/VPN.
My latest servstats. HTTPS ads have taken over the world!
webui and OpenVPN...I don't want to get into any of these..
I just think you setup the discussion of TLS 1.3 (OpenSSL 1.1.1) in the wrong backdrop. Regardless TLS 1.3 should bring improvement to webui if you understand how it works..
2.2.1-rc.4 (2018-12-5)
Changes
- NEW enhance adblocking during playback of YouTube video
It's a mystery. The source code included in the Github release package is not updated for rc4.I wonder what magic @kvic has built into 2.2.1-rc4:
2.2.1-rc.4 (2018-12-5)
Changes
Notes on Blocking YouTube Adverts
- NEW enhance adblocking during playback of YouTube video
- You must point "manifest.googlevideo.com" to IP address of pixelserv-tls in order to experience the new way of blocking YouTube ads.
- For Entware users, you may need "opkg install libcurl" in case you see errors on startup.
- It's known phenomenon that if you recently spend some time on YouTube, tav might be skewed to a few hundred milliseconds. Rest assured that pixelserv-tls runs just as fast as before.
- Only "dynamic" versions are available for this test release. Hence, TLSv1.3 is not available together with the new enhancement.
Thread starter | Title | Forum | Replies | Date |
---|---|---|---|---|
C | Diversion Pixelserv replacement | Asuswrt-Merlin AddOns | 2 | |
L | Is Diversion better than NextDNS, PiHole or AdGuard Home? | Asuswrt-Merlin AddOns | 10 |
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!