1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

pixelserv compiled to run on router WRT54G

Discussion in 'Tomato Firmware' started by Jedis, Sep 5, 2009.

  1. HunterZ

    HunterZ LI Guru Member

    Thanks to buggage's weather.com test case suggestion, I was able to do a quick test and determine that disabling pipe reads seems to eliminate the hangs.

    To offer people some relief, here is an early HZ11 WIP that is built with STATS_PIPE disabled. As a result, you won't see average and maximum browser request sizes, but it may also stop the hanging. Let me know if it helps.

    As a bonus, this build also responds with an HTTP 204 (No Content) if the GET URL is /generate_204. The idea is to allow you to keep clients*.google.com blocked without getting false walled garden notices from Android devices. This feature can be turned off with the -2 option, and is shown in stats as the 204 counter. I haven't tested it with my Android devices yet, but it should be as simple as toggling their wifi connections with clients2.google.com and clients3.google.com removed from the adblock blocklist.

    Also, this is built with Tomatoware, so it includes a true static binary. I've also switched it so that 'pixelserv' (formerly 'pixelserv.fast') and 'pixelserv.static' are optimized for performance instead of size, while the old size optimized version is now named 'pixelserv.small'. All three should be functionally identical, while 'pixelserv.tiny' contains a bare minimum feature set as designated by previous pixelserv developers.

    If this version fixes the hangs for people, then I will prioritize tweaking pipe I/O tomorrow night to try to make it behave.
     

    Attached Files:

    pharma likes this.
  2. vincom

    vincom LI Guru Member

  3. mstombs

    mstombs Network Guru Member

    i too have no problem with cnn and weather with HZ10, also have no problem with canadiantire - but I only use the dnsmasq domain block method not hosts file so presumably not blocking something others are! Also those sites serve geographically localised versions, so we all get something personal!

    If a site you want doesn't load you need to find out which resource it wants and whitelist that site. Google Chrome has built-in developer tools with a network resource tab which is very useful in finding out what is failing.

    [edit]On a different ISP, no adblock with different PC the candiantire "PRODUCT REVIEWS" or "PRODUCT Q & A" do not work with any browser, so seems antivirus/firewall/ web monitor breaking the site!
     
    Last edited: Sep 23, 2014
    pharma likes this.
  4. pharma

    pharma Network Guru Member

    @HunterZ
    Few minutes ago I updated to your latest beta version and initially no problems but seems sluggish. I have to go to work soon so will update later as I can.


    @mstombs
    In part what you say is true, but people also get relief from HZ8 from the problem sites that HZ10 caused. It may indicate something between the two versions may be causing the issues. The difference was very noticeable with problem sites think most people don't favor adding what may turn out to be hundreds of sites to your whitelist.

    I think were both located in the US so geographically we should get "similar" versions served up! It is unusual you haven't had any "hung" sites and possibly something in how you have things setup. You might want to try just the "default" setup that most people will be using
     
  5. leandroong

    leandroong LI Guru Member

    No hang here for urls canadiantire.ca and weather.com. Problem might be related to adblock that you guys are using. I'm on Haarp adblock4.5 with firewall modification as follow:
    Code:
    stop() {
    elog "Stopping"
    rm "$CONF" &>/dev/null
    killall pixelserv &>/dev/null
    ifconfig $BRIDGE:1 down &>/dev/null
    iptables -D INPUT -p all -d $redirip -j REJECT &>/dev/null
    iptables -D INPUT -i $BRIDGE -p tcp -d $redirip --dport 80 -j ACCEPT &>/dev/null
    iptables -D INPUT -s $redirip -p all -j logdrop &>/dev/null
    iptables -D FORWARD -s $redirip -p all -j logdrop &>/dev/null
    elog "Done, restarting dnsmasq"
    service dnsmasq restart
    }
    [..]
    
    if [ "$PIXEL_IP" != "0" ]; then
    if ps | grep -v grep | grep -q "$prefix/pixelserv $redirip"; then
    elog "pixelserv already running, skipping"
    else
    elog "Setting up pixelserv on $redirip"
    
    iptables -vL INPUT | grep -q "$BRIDGE.*$redirip *tcp dpt:www" || {
    iptables -I INPUT -p all -d $redirip -j REJECT
    iptables -I INPUT -i $BRIDGE -p tcp -d $redirip --dport 80 -j ACCEPT
    iptables -I INPUT -s $redirip -p all -j logdrop
    iptables -I FORWARD -s $redirip -p all -j logdrop
    }
    ifconfig $BRIDGE:1 $redirip up
    "$prefix/pixelserv" $redirip $PIXEL_OPTS
    fi
    fi
    
    note: I'm on padavan FW.
     
  6. pharma

    pharma Network Guru Member

    Perhaps, but if Adblock is culprit I should see same behavior between HZ8 and HZ10. HZ8 is extremely fluid with no issues on every site I visited.
     
  7. leandroong

    leandroong LI Guru Member

    NO issue for me if I replace HZ10 to HZ8

    edit why not try Haarp script just change the firewall.
     
  8. leandroong

    leandroong LI Guru Member

    /media/optware/adblock/pixelserv version: V35.HZ10 compiled: Sep 21 2014 23:46:45
    145732 uts, 2407 req, 0 err, 0 tmo, 1 cls, 0 nou, 0 pth, 184 nfe, 1083 ufe, 31 gif, 1 bad, 0 txt, 0 jpg, 3 png, 0 swf, 2 ico, 1008 ssl, 3 sta, 0 stt, 91 rdr
     
  9. pharma

    pharma Network Guru Member

    I'm at work so can't test. I think you prove my point ... there are a lot of variables why some sites have issues, but the only way determine the real cause it to eliminate the exceptions ... Your setup is an exception because it is not the normal or default setup, similar perhaps to Mstomb's in that you have personal tweaks (ie, firewall changes, additional script changes) to make it work. Most users of Adblock are not going to have all your tweaks and will probably be using the default setup.

    I'm just happy HunterZ experienced the issue with HZ10 to help with debugging the problem -- it would be interesting to know if HunterZ also experienced the issue using HZ8. I'll try some additional testing after work.
     
  10. jerrm

    jerrm Network Guru Member

    @pharma is correct in there are a lot of variables to deal with.

    One thing of note is no one is talking about which lists they are using, "site x works OK here" reports between users don't mean much if we don't know if the same things are being blocked.

    The only thing of note with @leandroong's rules is only port 80 is being allowed. All ssl traffic is being rejected.

    FWIW, I've stayed at HZ8. Been happy with it, so saw no need to change. I'll load up the newer versions this evening.
     
  11. mstombs

    mstombs Network Guru Member

    - but his stats indicate ssl replies, so something else must be redirecting 443 to 80? We should try to differentiate between this pixelserv thread and the adblock ones...
     
  12. jerrm

    jerrm Network Guru Member

    Wouldn't surprise me if he has other rules somewhere. I don't try to piece together his posts anymore.
     
    koitsu likes this.
  13. HunterZ

    HunterZ LI Guru Member

    I have only experienced the hangs once or twice until being able to reproduce it frequently by doing a cache-bypass reload of the page (ctrl+F5 on Windows Firefox). I have been using Firebug to monitor individual connection attempts and measure their timing during a page load.

    People started mentioning the hang with HZ9, and this is likely because that's when I introduced a pipe() for IPC between the child processes and the main/parent process to report browser request sizes. I tried to improve the implementation in HZ10 (by having the socket select() monitor for incoming pipe data, and by setting both pipe ends to non-blocking) to but it didn't seem to help much.
     
  14. jerrm

    jerrm Network Guru Member

    @HunterZ how feasible is it to add a debug mode to log something like port, url, referrer, result.
     
  15. HunterZ

    HunterZ LI Guru Member

    @jerrm I had trouble getting it to output to a console, either because it runs sort of as a daemon or because it uses fork()ed subprocesses to handle each connection.

    I could log to syslog but it would be extremely spammy.

    Adding file logging would probably be possible, but it would be nontrivial to coordinate logging from the subprocesses and (being yet another I/O stream) it may end up having an even bigger impact on performance than the pipe that is already causing trouble.
     
  16. pharma

    pharma Network Guru Member

    Good point. In both cases when using HZ8 or HZ10 I'm using the same config file with two lists enabled, no Blacklist or Whitelist. With every change I reboot the router.

    SOURCES="$SOURCES http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext"
    SOURCES="$SOURCES http://www.malwaredomainlist.com/hostslist/hosts.txt"

    My setup is just about as plain as you can get ... config file on previous page at link below
    pixelserv compiled to run on router WRT54G
     
  17. leandroong

    leandroong LI Guru Member

    edit: remove confusion
     
    Last edited: Sep 24, 2014
  18. jerrm

    jerrm Network Guru Member

    I was thinking syslog. Syslog spam is fine if I'm, in control of it with a " -d " flag or similar. If I call something a "debug" mode, I'm very aggressive about what gets logged as it is not intended for normal use.

    Does logging have to coordinated? Could the child process log itself?
     
  19. HunterZ

    HunterZ LI Guru Member

    It has to be coordinated to the degree that multiple simultaneously-operating children do not log over the top of each other and make an unreadable mess.

    I believe that syslog() calls are mutexed or whatever, so they can be called from anywhere and it will turn out okay.

    Regarding the individual things you'd like logged:
    • port: I'll have to see if I can get this info to the child process.
    • url: This should be possible, although it's possible that it's currently being mangled (especially by the redirect code) with the assumption that nobody will care about it by the end.
    • referrer: This will be nontrivial. pixelserv didn't care about this before, and the redirect code looks at it in a way that may be destructive to the input.
    • result: What form are you thinking of? The entire raw HTTP response?

    Note that you can get most of this information on the browser side by using the Firebug extension in Firefox.

    Another thing I've been thinking of adding is cradle-to-grave time for connections, possibly breaking SSL connections out into their own stat.
     
  20. jerrm

    jerrm Network Guru Member

    referrer: Anything non-trivial may not be worth the trouble. Heisenberg principle of debugging applies. The thought was that if "site x has problems" then referrer helps show which requests are actually generated by site x.

    result: I was just thinking something like which response type was sent successfully or not.

    There are multiple ways on the client side, was wondering more if it would be simpler if you could say "enable debug and send the log."

    Of course if it's an ssl request, there wouldn't be the same data to log.

    You know best if it's worth the trouble or not, just thinking out loud.
     
  21. RacerDuke

    RacerDuke Network Newbie Member

    I know this is a bit of a deviation from the current discussion, but say I want to update to the current wip of both adblock.sh and pixelserv, do I need a new config file or can I use the one from the clean, lean and mean script?
     
  22. mstombs

    mstombs Network Guru Member

    There is (or was) a VERBOSE mode which put lots of stuff into syslog, enabled only by compile switch, but I used to also debug in non-daemon mode outputting stuff including hex_dump of what was received to a linux console (usually ubuntu, not router). For what is actually received/sent you need to monitor on the network using wireshark, or for short periods tcpdump on the router itself (I have yet to see if I can later open tcpdump files in wireshark for better diags). What used to slow web pages down was NO_REPLY, or a garbled reply which led to retries. Also there are SYN and ACKs sent by the kernel on your behalf which you cannot see from code side of pixelserv. There was a user once who had a version which dumped all the data into an SQL database, presumably on a network server - never shared the code as far as I know.
     
  23. HunterZ

    HunterZ LI Guru Member

    Current pixelserv is drop-in compatible with current adblock.

    jerrm told me in the adblock thread that you really just need the "SOURCES=" parts of the old config file unless you want to tweak adblock's behavior. I'm hoping he puts out a new example config.

    VERBOSE is still there - it directs the MYLOG macro to syslog instead of stubbing it out.

    There's also a TEST define that does some weird stuff, but it was only enabled in build.sh for pixelserv.host. I guess someone was working on a half-finished feature? I wonder if I should just remove it.
     
  24. mstombs

    mstombs Network Guru Member

    TEST is the mode that doesn't daemonize, so runs in immediate mode, enabling printfs to the console via TESTPRINT and a looks up the ID of the machine making connecting the connection etc. Won't be much help with pipes. I used to use in host mode!
     
  25. HunterZ

    HunterZ LI Guru Member

    Can someone with blocking issues in HZ9/HZ10 give this HZ11WIP2 version a try?

    It occurred to me that non-blocking pipe writes could be getting interrupted by the immediately subsequent pipe close and/or child exit, so I tried setting only the read end to non-blocking.

    It seems to work for me, but I'd like a second opinion.

    Update: Replaced WIP2 with WIP3, which categorizes .js files as txt responses. I should probably turn on URL or extension logging for ufe cases and try to categorize more as txt.
     

    Attached Files:

    Last edited: Sep 24, 2014
  26. leandroong

    leandroong LI Guru Member

    HZ11 servstats not working. No issue on surfing so far.
    edit:
    pidof and ps w not working also
    iptables is same

    edit2: static still has dependency
    Code:
    /media/optware/adblock # readelf -d pixelserv
    
    Dynamic section at offset 0x148 contains 29 entries:
      Tag        Type                         Name/Value
    0x00000001 (NEEDED)                     Shared library: [libgcc_s.so.1]
    0x0000000c (INIT)                       0x404478
    
    edit3: can't open your site, https://github.com/HunterZ/pixelserv/releases/tag/V35.HZ10
    url problem also on filehippo.com

    reverting back to HZ10 for the mean time
     
    Last edited: Sep 24, 2014
  27. pharma

    pharma Network Guru Member

    @HunterZ,
    Will try your most recent beta release later once I get home.
    thx
     
  28. HunterZ

    HunterZ LI Guru Member

    Doh, you're right, sorry. Somehow my old static build setting crept back into build.sh. I'll have to fix it tonight.

    The latest source is checked into Git, but it's not tagged as a release because it's a WIP. If you or someone else is able to compile a true static binary, the latest source is at https://github.com/HunterZ/pixelserv/archive/master.zip
     
  29. leandroong

    leandroong LI Guru Member

    Everything looks ok now. No surfing problem
    Attachment is static script compilation, copied from andreiDVJ, called it "lean-build.sh" and pixelservHZ11-static file

    edit: servstats working ...
     

    Attached Files:

    Last edited: Sep 24, 2014
  30. pharma

    pharma Network Guru Member

    @HunterZ,
    Have no issues with sites anymore. Pages come up pretty quick like HZ8.
    Using the pixelservHZ11-static provided by @leandroong and my original config file.
     
  31. HunterZ

    HunterZ LI Guru Member

    Thanks all. I'll fix things up tonight and double-down on using pipes (although I'm starting to rethink that too, as it would be a pain to pass non-constant amounts of data through them).
     
  32. buggage

    buggage LI Guru Member

    Haven't had much time to reply since my last post, but trying HZ11WIP3 tonight, and I couldn't get any pages (especially the ones i previously mentioned) to get locked up again. Seems to be working pretty well now. Thanks.
     
  33. mstombs

    mstombs Network Guru Member

    Note that that old build script doesn't include the recent, perhaps problematic options
    "-DSTATS_PIPE -DGEN204_REPLY"
    And doesn't "strip" work in tomatoware?
     
  34. leandroong

    leandroong LI Guru Member

    Here is another compiled static version with added option -DSTATS_PIPE -DGEN204_REPLY

    Note: yahoo main page loading issue again, take at least 1 min+
     

    Attached Files:

  35. leandroong

    leandroong LI Guru Member

    RE: slow yahoo main page loading fixed. Modified firewall as follow:
    Code:
    ...
    stop()
    ...
        ifconfig $BRIDGE:1 down &>/dev/null
        iptables -D INPUT -p all -d $redirip -j REJECT &>/dev/null
        iptables -D INPUT -i $BRIDGE -p tcp -d $redirip --dport 80 -j ACCEPT &>/dev/null
        iptables -D INPUT -i $BRIDGE -p tcp -d $redirip --dport 443 -j ACCEPT &>/dev/null
        iptables -D INPUT -s $redirip -p all -j logdrop &>/dev/null
        iptables -D FORWARD -s $redirip -p all -j logdrop &>/dev/null
    ..
    elog "Setting up pixelserv on $redirip"
    iptables -vL INPUT | grep -q "$BRIDGE.*$redirip *tcp dpt:www" || {
    iptables -I INPUT -p all -d $redirip -j REJECT
    iptables -I INPUT -i $BRIDGE -p tcp -d $redirip --dport 80 -j ACCEPT
    iptables -I INPUT -i $BRIDGE -p tcp -d $redirip --dport 443 -j ACCEPT
    iptables -I INPUT -s $redirip -p all -j logdrop &>/dev/null
    iptables -I FORWARD -s $redirip -p all -j logdrop &>/dev/null
    }
    
     
    Last edited: Sep 25, 2014
  36. leandroong

    leandroong LI Guru Member

    Looks perfect, no ads even on TOR browser.

    /media/optware/adblock/pixelserv version: V35.HZ11WIP3 compiled: Sep 25 2014 19:42:58
    5146 uts, 262 req, 267 avg, 1641 rmx, 0 err, 0 tmo, 4 cls, 0 nou, 0 pth, 5 nfe, 6 ufe, 0 gif, 19 bad, 38 txt, 0 jpg, 0 png, 0 swf, 0 ico, 184 ssl, 6 sta, 0 stt, 0 204, 0 rdr
     
    Last edited: Sep 25, 2014
  37. HunterZ

    HunterZ LI Guru Member

    I pushed a fixed build.sh to Git last night.

    I also fixed (but haven't checked in) the EPIPE-on-send() check, which was mistakenly checking the return value itself for EPIPE instead of checking errno. This should cause it to no longer show up in the syslog, and to be counted as FAIL_CLOSED (cls stat) instead of EXIT_FAILURE (err stat).
     
  38. leandroong

    leandroong LI Guru Member

    #tomato common
    CC=$PREFIX"gcc -mips32"
    STRIP=$PREFIX"strip -s -R .note -R .comment -R .gnu.version -R .gnu.version_r"
    OPTS="-DDROP_ROOT -DNULLSERV_REPLIES -DSSL_RESP -DMULTIPORT -DIF_MODE -DSTATS_REPLY -DREDIRECT -DSTATS_PIPE -DGEN204_REPLY"

    you luck "-static" in OPTS

    edit: builds script I use to build static
    Code:
    #!/bin/sh
    
    SRC="util.c socket_handler.c pixelserv.c"
    OUT=pixelserv
    export PATH=/opt/tomatoware/:$PATH
    
    CC="gcc"
    CFLAGS="-Os -s -Wall -ffunction-sections -fdata-sections"
    LDFLAGS="-Wl,--gc-sections"
    STRIP="strip -s -R .note -R .comment -R .gnu.version -R .gnu.version_r"
    OPTS="-DDO_COUNT -DTEXT_REPLY -DDROP_ROOT -DNULLSERV_REPLIES -DSSL_RESP -DMULTIPORT -DIF_MODE -DREDIRECT -DSTATS_REPLY -DSTATS_PIPE -DGEN204_REPLY -static"
    BIN=$OUT
    $CC $CFLAGS $LDFLAGS $OPTS $SRC -o $BIN
    #$STRIP $BIN
    ls -laF $BIN
    
     
    Last edited: Sep 25, 2014
  39. HunterZ

    HunterZ LI Guru Member

    Static is set in LDFLAGS under the Tomato static section:
    Code:
    #tomato static - standard, optimized for performance
    CFLAGS="-O3 -s -Wall -ffunction-sections -fdata-sections"
    #LDFLAGS="-static -Wl,--gc-sections,-Bdynamic,-lgcc_s,-Bstatic"
    LDFLAGS="-static -Wl,--gc-sections"
     
  40. leandroong

    leandroong LI Guru Member

    Thanks, I just tried it.
    Code:
    /media/optware/build/pixelservHZ11 # readelf -d pixelserv.static
    
    There is no dynamic section in this file.
    /media/optware/build/pixelservHZ11 #
    
     
  41. HunterZ

    HunterZ LI Guru Member

    Development progress report: Working on using the pipe to report exit status in place of having the SIGCHLD handler collect exit codes. This takes advantage of the pipe already being present for reporting request sizes, and will hopefully allow me to replace the publicly exposed volatile sig_atomic_t counters with private counters that live inside of util.c.

    One snag was that the pipe code required MULTIPORT, so using the pipe for exit status required promoting STATS_PIPE, MULTIPORT, and PORT_MODE to base (always-compiled-in) features. Since I had to do that, I also removed READ_FILE, READ_GIF, and TINY, and promoted DO_COUNT.

    I figure this will make maintenance easier, and people can still use older builds if they want the removed features that I wasn't using, or if they want to disable any of the features that I've promoted to base features, or whatever.
     
  42. WaLLy3K

    WaLLy3K Serious Server Member

    For reference, anyone looking to compile the HZ pixelserv build on ARM based devices (EG: Asus AC68U), here's the relevant makefile as well as the HZ10 binary for people with less time on their hands than others ;)
     
    Goggy and HunterZ like this.
  43. hammer

    hammer Connected Client Member

    been away from this forum for some months, but a couple of days ago I decided to see if pixelserv was improved since my last visit...

    Just want to say thank you @HunterZ for all the improvements you have made. I've been running V35.HZ11WIP3 on TP-Link TL-WR1043N / OpenWrt 14.07 (and compiled with the OpenWrt toolchain) for the last days and it works great!

    One suggestion. Please add an explanation of the "servstats" output variables in the github readme.md (similar to what you have in post #400 http://www.linksysinfo.org/index.ph...run-on-router-wrt54g.30509/page-4#post-250075 but updated for the added variables).
     
  44. HunterZ

    HunterZ LI Guru Member

    That's a good idea. I'll add it to the todo list.

    I'm trying to get back into hacking on pixelserv, but I got a cold this weekend so it may be a bit longer.
     
  45. leandroong

    leandroong LI Guru Member

    no rush, take care yourself first. Up to now, I don't have any issue to complain. I consider it perfect job already.
     
  46. superdos

    superdos Networkin' Nut Member

    I wonder if anyone knows how to get the mobile version of joystiq.com (t.joystiq.com) when trying to view the site on the phone the "swipe-technology" (onswipe.com) is never loading and you have to turn of adblock to get it to load.
     
  47. HunterZ

    HunterZ LI Guru Member

    @superdos: Your question belongs in the adblock thread. You likely need to whitelist the relevant host in your blocklist.
     
  48. superdos

    superdos Networkin' Nut Member

    Right I'll check over there then, been trying to find the url that gets blocked but no luck so far.

    btw here's a compiled version of HZ11WIP3 if anyone is intrested. use it on my RT-AC68U
     

    Attached Files:

    Last edited: Oct 20, 2014
    WaLLy3K likes this.
  49. HunterZ

    HunterZ LI Guru Member

    Getting back up to speed on development. Pipe is now additionally used to report return status from children, removing the need for SIGCHLD handling. Reaping of zombie children is now performed in main, as is updating stat counters (from pipe data). This makes the signal handler much simpler, as it is now only used for stats reporting on SIGTERM/SIGUSR1 and exit on SIGTERM.

    I also disabled building everything except performance optimized dynamic and static flavors, as tiny is no longer supported by my codebase and the size optimized flavor is kind of pointless because it only shaves off a couple of kilobytes or so.

    I think I already mentioned that I removed a bunch of #ifdef's, making many features baseline in my build, and removing some obscure ones altogether. Some features are still optional for now, although I should probably baseline all of the ones that can be toggled via command line switches.
     
  50. HunterZ

    HunterZ LI Guru Member

    Here's HZ11WIP4 MIPS dynamic and static (source is on Github for those making ARM builds):
    Code:
    build.sh:
    - removed small and tiny builds
    - changed to tomatoware toolchain
    source code:
    - removed READ_FILE, READ_GIF, TINY, SAVE_RESP support
    - promoted STATS_PIPE, PORT_MODE, MULTIPORT, STATS_REPLY, GEN204_REPLY, REDIRECT, DO_COUNT, TEXT_REPLY, NULLSERV_REPLIES, SSL_RESP to base features and removed any #else code
    - moved child reaping and stats counting from signal handler to main()
    - child exit status is now reported on the stats pipe instead of via exit() codes
    - child exit states are now defined in an enum
    - a struct is now used for transferring multiple data fields across the stats pipe
    - treat any extension starting with .js as a text file
    - use SOMAXCONN as the default listen() backlog size
    - various minor tweaks
    I also fixed the command line toggle for the HTTP 204 response feature, which apparently I forgot to fully implement.

    Unfortunately I've had the stats URL hang on me once already with this build. I'm thinking of implementing a stack trace dump on either SIGUSR2 or SIGTERM in the hopes that it will be able to show where the program is still getting hung up.

    I also need to look at WaLLy3K's Makefile and put some documentation on Github.

    UPDATE: SSL (https) responses seem to be stalling sometimes for some reason. cnn.com seems to be a good test case.
     

    Attached Files:

    Last edited: Oct 26, 2014
    Goggy likes this.
  51. AndreDVJ

    AndreDVJ Addicted to LI Member

    For some reason the 'dynamic' binary you uploaded on your attachment won't run on my router. Probably it crashes right after the script attempted to start. I tried many times.
    Code:
    ADBLOCK: Setting up 192.168.1.254 on br0:adblk
    ADBLOCK: Setting up pixelserv on 192.168.1.254
    ./adblock.sh: line 1200: /mnt/storage/adblock/pixelserv: not found
    ADBLOCK: Writing File /etc/dnsmasq.custom
    ADBLOCK: Restarting dnsmasq
    ..
    Done.
    ADBLOCK: Exiting /mnt/storage/adblock/adblock.sh 0
    root@WNR3500L:/tmp/mnt/storage/adblock# ps | grep pixelserv
    10535 root  2508 S  grep pixelserv
    The static one runs fine. You may check the compile timestamp below.
    Code:
    ADBLOCK: Setting up 192.168.1.254 on br0:adblk
    ADBLOCK: Setting up pixelserv on 192.168.1.254
    pixelserv[11928]: /mnt/storage/adblock/pixelserv version: V35.HZ11WIP4 compiled: Oct 26 2014 11:00:53
    What I compiled myself from your sources runs fine though.
    Code:
    ADBLOCK: Setting up 192.168.1.254 on br0:adblk
    ADBLOCK: Setting up pixelserv on 192.168.1.254
    pixelserv[13015]: /mnt/storage/adblock/pixelserv version: V35.HZ11WIP4 compiled: Oct 26 2014 19:42:26
    All the outputs may seem useless, but to tell your sources compile fine (I didn't even have to mess with the build script, I just ran it) and the binary actually executes. I attached my binaries, just in case someone can't run the binaries attached on your post as well.
     

    Attached Files:

  52. HunterZ

    HunterZ LI Guru Member

    I can't run your pixelserv binary. Are you using Tomatoware or something else?

    Edit: I see the problem. Tomatoware is dynamically linking to its own libraries instead of the firmware ones. I'll talk with the Tomatoware author.
     
    Last edited: Oct 26, 2014
  53. AndreDVJ

    AndreDVJ Addicted to LI Member

    Got rid of this whole post after your finding. libc.so.0 gets loaded from tomatoware, I renamed the file and a 'ls' won't work. I'll try get rid of the dependency.

    EDIT: No luck. I only break stuff.
     
    Last edited: Oct 26, 2014
  54. HunterZ

    HunterZ LI Guru Member

    The problem is that the binaries contain the full path to the Tomatoware versions of the dynamic dependencies. Since we're running different Tomatoware prefixes, our dynamic binaries are not recognized as valid on the other person's router, and anyone who does not have Tomatoware at all would not be able to run either of our dynamic binaries at all.

    This is a flaw in Tomatoware, as it should produce binaries that can run with the router firmware's version of the dynamically linked libraries.

    See here for details: http://www.linksysinfo.org/index.php?threads/tomatoware.69742/page-2#post-252608

    Edit: If lancethepants is not able to fix Tomatoware before I want to release another binary, I will use my old cross-compiler toolchain for the dynamic binary and Tomatoware for the static one. I would prefer to be able to use Tomatoware for both because I think it uses a newer GCC and such.
     
  55. AndreDVJ

    AndreDVJ Addicted to LI Member

    Thanks! I do run Tomatoware under a different prefix (/opt/tomatoware). Well let's see what lance can come with.
     
  56. HunterZ

    HunterZ LI Guru Member

    Lance says it's an intentional choice to avoid having to worry about compatibility with Tomato's older libs, and suggests just building static. Since I'm already producing static binaries for the convenience of non-Tomato users, I may just drop dynamic binaries from my releases and let people build their own dynamic ones if desired.
     
  57. FameWolf

    FameWolf Serious Server Member

    @HunterZ Is there something I can subscribe to that will notify me when new versions of pixelserv for the adblock.sh script are available?
     
  58. HunterZ

    HunterZ LI Guru Member

    I think github provides rss feeds that you can monitor for releases. I've been posting betas here though, and if you want those you'll want to follow this thread.
     
  59. leandroong

    leandroong LI Guru Member

    Thanks again. Why HZ11 and not HZ12 version?
    edit: no issue on cnn.com
     
    Last edited: Oct 27, 2014
  60. FameWolf

    FameWolf Serious Server Member

    @HunterZ

    Currently on HZ10..got this when trying to install the posted HZ11. (the .fast is still showing HZ10 and the system insists pixelserv with no extension does not exist.)

    root@Guardian:/opt/adblock/dist# ls -l
    -rwxr-xr-x 1 root root 20240 Oct 27 03:10 pixelserv
    -rwxr-xr-x 1 root root 18616 Oct 27 01:17 pixelserv.fast
    -rwxr-xr-x 1 root root 322520 Oct 27 03:10 pixelserv.static
    -rwxr-xr-x 1 root root 6088 Oct 27 01:17 pixelserv.tiny
    -rwxr-xr-x 1 root root 20240 Oct 27 03:12 work
    root@Guardian:/opt/adblock/dist# ./pixelserv.fast
    pixelserv[14060]: ./pixelserv.fast version: V35.HZ10 compiled: Sep 14 2014 22:08:48
    root@Guardian:/opt/adblock/dist# ./pixelserv
    -sh: ./pixelserv: not found
    root@Guardian:/opt/adblock/dist#

    root@Guardian:/opt/adblock/dist# ./pixelserv.static
    pixelserv[14510]: ./pixelserv.static version: V35.HZ11WIP4 compiled: Oct 26 2014 11:00:53


    *update* Ok I see you talking about tomatoware and dynamic vs static...I think I'd much prefer running a 20k pixelserv vs a 322k one.
     
  61. HunterZ

    HunterZ LI Guru Member

    HZ12 does not exist. HZ11 is currently in beta, with WIP4 being the latest posted version.

    Yeah, not much I can do about it unfortunately.

    There are 2 downsides to the 20k one from here on out:
    • It's going to be an extra step for me, as I have to compile on a different machine (Linux box versus router).
    • It will be compiled with older tools and use older libraries, which may result in lower performance and more bugs.

    I'm thinking of just producing static builds from here on out, and letting other people do dynamic ones. The size difference doesn't matter on my router.
     
    pharma likes this.
  62. leandroong

    leandroong LI Guru Member

    How do I block this ads, from person.com, https://securepubads.g.doubleclick.net/gampad/google_ads.js
    edit: I mean, what to enter in blocklist of config

    edit2: I just enter this on config and seems to be working, "securepubads.g.doubleclick.net/gampad/google_ads.js"
    Then perform adblock.sh, I notice that pixelserv not working. Redo using adblock.sh force, and works again. I could be wrong, pls retest on your place.
     
    Last edited: Oct 27, 2014
  63. FameWolf

    FameWolf Serious Server Member

    I have no idea what's involved with compiling this thing under "entware" so this may be asking much more than I think but is it possible you could do a one time configure of a virtualbox VM with entware installed/configured to do the cross compile? A small shell script could even be configured to pull down the latest version from git.

    I did a quick search on web but didn't find anything under "entware compile tutorial"...is there one somewhere that states how to cross compile a package using it?
     
  64. WaLLy3K

    WaLLy3K Serious Server Member

    Pixelserv HZ11WIP4, compiled for ARM using RMerl's hndtools-arm-linux-2.6.36-uclibc-4.5.3 toolchain and compressed with UPX.

    *Edit: Old version deleted
     
    Last edited: Oct 30, 2014
  65. HunterZ

    HunterZ LI Guru Member

    @FameWolf: I already have a working cross-compiler toolchain. The thing is, I don't want to have to build on two machines and then bundle or upload two binaries, especially when the dynamic one will be using older libraries from the firmware, which could cause different behavior that I don't want to have to debug.

    The memory footprint of pixelserv static is likely to be tiny compared to dnsmasq with even a modest block list, so I don't see binary size as a huge concern.

    I may play with upx compression if I can find a working method/binary.
     
  66. mstombs

    mstombs Network Guru Member

    upx available on http://upx.sourceforge.net/
    IIRC correctly its all cross-platform so you can compress mipsel elf binaries on a windows machine.
     
  67. AndreDVJ

    AndreDVJ Addicted to LI Member

    I tried running upx on my router, and the compression ratio is impressive. The binary runs fine as well.
    Code:
    root@WNR3500L:/tmp/mnt/storage/upx-3.91-mipsel_linux# ./upx pixelserv.static
      Ultimate Packer for eXecutables
      Copyright (C) 1996 - 2013
    UPX 3.91  Markus Oberhumer, Laszlo Molnar & John Reiser  Sep 30th 2013
      File size  Ratio  Format  Name
      --------------------  ------  -----------  -----------
      322520 ->  158676  49.20%  linux/mipsel  pixelserv.static
    Packed 1 file.
     
  68. koitsu

    koitsu Network Guru Member

    Reminder: use of packed executables completely destroys most abilities to debug them in real-time or get things like core/crash dumps, etc.. Do not know if that's applicable here, but I strongly suggest providing both packed and non-packed executables if going that route. I myself have run into more than one occasion (on Windows anyway) where packed executables have misbehaved due to bugs in the packer.

    I also don't see the point in packed executables when they're being run (in the above examples shown) from USB sticks. 300KBytes vs. 150KBytes -- really not worth worrying about considering USB sticks these days are usually 2GB or larger. And if a USB stick isn't available, no problem: one can always download a binary into /tmp (RAM) and run it from there.
     
  69. AndreDVJ

    AndreDVJ Addicted to LI Member

    I agree with you koitsu. I don't worry about size, and would be stupid of me complaining about binary size when a 64GB USB flash drive is plugged on the router.

    I agree on people compiling by themselves from source, and if they want to download a binary, be static. At least we're trying some options to get the binary size down. Shouldn't hurt trying something new.
     
  70. HunterZ

    HunterZ LI Guru Member

    We're already aggressively stripping the binary as part of the build process, so upx isn't going to cause anything to be lost.

    I don't think debugging is something that most end users will care about. If Tomatoware would include execinfo.h, I'd ship a debug version that can produce stack dumps, but sadly this is not currently an option.
     
  71. WaLLy3K

    WaLLy3K Serious Server Member

    I would think your average user wouldn't care about compiling from source either, but it's good to have options available for people of either type of persuasion :)
     
  72. HunterZ

    HunterZ LI Guru Member

    Most likely people with debugging facilities will also have compiling ones. I hope to be able to add support for different build options when I get around to messing with the makefile stuff.
     
  73. remlei

    remlei Networkin' Nut Member

    Using latest pixelserv.static binary and this part of message appears on my router logs

    Nothings weird happening so far but it floods my router log.
     
  74. HunterZ

    HunterZ LI Guru Member

    Crap, you're right. I fixed that after releasing WIP4 and didn't think to publish it. Here's WIP5 with a fix. It's a UPX compressed static-only binary.

    Source is on Github as usual.

    P.S. The official UPX site has a precompiled mips UPX binary, so I added a UPX compression call to build.sh. Now it builds, compresses, *and* packages all on my RT-N66U :)

    Edit: @WaLLy3K: I noticed your ARM build is small - is it dynamically linked? I imagine it's a non-issue as it's probably just a couple of RMerlin users that currently care.
     

    Attached Files:

  75. pharma

    pharma Network Guru Member

    Thanks for V35.HZWIP5! Tried V35.HZWIP4 and found it slow and some web pages wouldn't render. Switched back to pixelserv-V35.HZ8 (which is fast without the page issue). Decided to try V35.HZWIP5 and found it just like pixelserv-V35.HZ8 ... fast with no pages issues. Using Jerrm's latest Adblock script ....

    Thanks for your efforts! :)
     
  76. HunterZ

    HunterZ LI Guru Member

    That's got to be coincidence because the logging change was the only thing functional in wip5. Wip4 actually had some fairly dramatic changes that I had hoped might make things more responsive (using pipes instead of signal handler for stats, changing connection queue size to a compiler-provided value, etc)

    I've seen hangs with wip4 too though. Trying to figure out some debugging options since I don't see any obvious code improvement opportunities at this point that might solve it.

    So far my most promising thought is to timestamp when I start handling a connection and then put in time delta checks at various points that log warnings if too much time has passed since the start time.
     
  77. WaLLy3K

    WaLLy3K Serious Server Member

    Static - dynamically linked would bring it down to 18Kb~. I can't even get the file as large as yours :p 108Kb~ before UPX.

    As far as I can tell, these would be the right options to be compiling with?
    Code:
    OPTS      := -DDROP_ROOT -DNULLSERV_REPLIES -DSSL_RESP -DMULTIPORT -DIF_MODE -DSTATS_REPLY -DREDIRECT -DSTATS_PIPE
    CC        := gcc
    CFLAGS    += -Os -s -Wall -ffunction-sections -fdata-sections
    LDFLAGS   += -static -Wl,--gc-sections
    I also seem to get this warning when compiling too:
    Code:
    socket_handler.c: In function ‘socket_handler’:
    socket_handler.c:342:7: warning: ‘rv’ may be used uninitialized in this function
    PATH=/brcm-arm/bin/:/brcm-arm/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games arm-brcm-linux-uclibcgnueabi-strip -s -R .note -R .comment -R .gnu.version -R .gnu.version_r dist/pixelserv.arm
     
  78. HunterZ

    HunterZ LI Guru Member

    Most of those -D flags are gone as of wip4. Refer to build.sh.

    It's possible that your ARM toolchain just has small libraries and/or that Tomatoware has big ones for whatever reason.

    Another small difference is that I switched to -O3 to optimize for performance instead of -Os to optimize for size. It only increased size by a few hundred bytes though.
     
  79. WaLLy3K

    WaLLy3K Serious Server Member

    I am (presuming you're talking about OPTS), most of this is just a straight copy paste from the latest build - but at least the compiler warning disappears with -O3.

    What would be the most effective opts to use, be then?
     
  80. HunterZ

    HunterZ LI Guru Member

    Looks like it's down to -DDROP_ROOT -DIF_MODE now. Everything else is a baseline feature now.
     
  81. WaLLy3K

    WaLLy3K Serious Server Member

    Great, thanks!
     

    Attached Files:

  82. remlei

    remlei Networkin' Nut Member

    weird, when I finally migrated to HunterZ pixelserv builds, pixelserv crash after maybe 3-5 minutes without any trace of logs what exactly happen.

    back to v34 now and crashing never happens.
     
  83. HunterZ

    HunterZ LI Guru Member

    I've never seen it crash. That's very concerning.

    What builds did you test, and have you verified that it was actually crashing versus just failing to start up?
     
  84. remlei

    remlei Networkin' Nut Member

    im using this build which I believe is the latest one you released

    and yes, pixelserv v35 is running fine after a few minutes, then it's just gone, terminated without any kind of errors. Checked router logs and I see nothing pixelserv error that can say something what happen, checked the 'top' process list, pixelserv is gone from the list. tried accessing xx.xx.xx.254 (xx is the local subnet you were using) and no, response at all (I mean, it just loads a while then connection reset)

    now using the old v34 for now, its been running fine for hours now and I believe it never crashed before when I used it with 70days router uptime.

    using Asus N16, with entware installed (I do believe entware has nothing to with this since its a static binary)
     
  85. mstombs

    mstombs Network Guru Member

    To try to help identify what change might be the issue, here's a quick history
    There was an old V35, which should be very similar to old v34
    http://www.linksysinfo.org/index.ph...run-on-router-wrt54g.30509/page-3#post-242718

    HunterZ merged this with h0tw1r3 version https://github.com/h0tw1r3/pixelserv and enabled the REDIRECT code, added stats reporting etc, V35-HZ8 was last before 'pipe' introduced
    http://www.linksysinfo.org/index.ph...run-on-router-wrt54g.30509/page-5#post-250351

    V35-HZ10 has size reporting via a pipe mechanism, and the 'fast version' happens to be the one I am still using...
    http://www.linksysinfo.org/index.ph...run-on-router-wrt54g.30509/page-6#post-250756
    Code:
    /mnt/usb4gb/pixelserv.fast version: V35.HZ10 compiled: Sep 14 2014 22:08:48
    4076878 uts, 100987 req, 1340 avg, 56822 rmx, 7 err, 10939 tmo, 207 cls, 1 nou, 1 pth, 3424 nfe, 39097 ufe, 850 gif, 795 bad, 0 txt, 13 jpg, 8 png, 29 swf, 9 ico, 40353 ssl, 94 sta, 14 stt, 5142 rdr
    The uptime seconds uts equates to some 47 days!

    Latest version has all stats via pipe and is tomatoware static binary
     
  86. remlei

    remlei Networkin' Nut Member

    ^running V35-HZ10 fast binary now and it seems that it runs fine now, tried running HZ11WIP5 and it still crash and this time its fast, like 30 seconds or so. No errors or whatsoever.

    I guess ill stop using WIP builds for now.
     
  87. leandroong

    leandroong LI Guru Member

    /media/optware/adblock/pixelserv version: V35.HZ11WIP5 compiled: Oct 29 2014 14:40:08
    290843 uts, 6631 req, 483 avg, 6716 rmx, 0 err, 0 tmo, 2 cls, 0 nou, 0 pth, 1101 nfe, 411 ufe, 12 gif, 613 bad, 1865 txt, 0 jpg, 4 png, 1 swf, 0 ico, 2092 ssl, 1 sta, 0 stt, 0 204, 529 rdr
     
  88. HunterZ

    HunterZ LI Guru Member

    Going to see if I can find an easy way to catch crashes with gdb.

    I may also give POST requests their own counter, as they seem to account for all of the hits on the 'bad' counter that I've seen.
     
  89. leandroong

    leandroong LI Guru Member

    I don't see any problem on my website surfing and yet bad counter keeps going higher.
    /media/optware/adblock/pixelserv version: V35.HZ11WIP5 compiled: Oct 29 2014 14:40:08
    342826 uts, 7459 req, 483 avg, 6716 rmx, 0 err, 0 tmo, 2 cls, 0 nou, 0 pth, 1186 nfe, 460 ufe, 12 gif, 704 bad, 2101 txt, 0 jpg, 4 png, 1 swf, 1 ico, 2418 ssl, 3 sta, 0 stt, 0 204, 567 rdr
     
  90. HunterZ

    HunterZ LI Guru Member

    Bad counter just shows the number of non-GET requests. Most or all of these end up being POST requests, which are actually valid. Pixelserv just doesn't explicitly recognize POST requests currently.

    Note that all unrecognized HTTP request methods get an HTTP 501 Not Implemented response from pixelserv, which is probably appropriate.
     
  91. D.Raven

    D.Raven Serious Server Member

    Hi i updated to HZ11 WIP5 and since then i got: ssl_error_access_denied_alert,therefore i updated the adblock script to the latest version as well, everything was working fine when using HZ10 and the script version from september.

    wether with or without option "-2" and clients(2/3/4).google.com on the whitelist i still can't access w-lan on a samsung device (other devices( one+ & sony are working), for this device it only works with "google.com" on the whitelist.
    i can't access google.com and other "https" sites due to this error: "ssl_error_access_denied_alert", i haven't changed the blocklist or the config (except for option -2)
    is there anything i missed reading this thread or any other input ?

    pixelserv info:
    /tmp/mnt/sharepoint/adblock/pixelserv version: V35.HZ11WIP5 compiled: Oct 28 2014 22:51:22
    1050 uts, 220 req, 744 avg, 1066 rmx, 0 err, 0 tmo, 3 cls, 0 nou, 0 pth, 3 nfe, 2 ufe, 0 gif, 1 bad, 0 txt, 0 jpg, 0 png, 0 swf, 1 ico, 22 ssl, 11 sta, 0 stt, 0 204, 177 rdr
     
  92. jerrm

    jerrm Network Guru Member

    Over the past couple of weeks HZ11WIP5 has stopped responding three times. Never had that happen with HZ8, which I was on pretty much since it was released until two weeks ago.
     
  93. HunterZ

    HunterZ LI Guru Member

    Got it when doing what?

    This suggests that pixelserv is not involved in the issue. It's most likely an adblock issue.

    Again, this is not likely pixelserv's fault. Pixelserv only responds to connections that have been redirected by adblock.

    This shows that there have been no /generate_204 requests, and therefore the -2 option will have no bearing on your issue. I see very few SSL requests (10%) and many many redirects (80%), which is very strange.

    I've been running for about a week, and here are my stats:
    ./pixelserv version: V35.HZ11WIP5 compiled: Nov 1 2014 09:23:00
    625115 uts, 29978 req, 1746 avg, 81964 rmx, 0 err, 30 tmo, 114 cls, 0 nou, 0 pth, 1720 nfe, 815 ufe, 1192 gif, 2481 bad, 5868 txt, 248 jpg, 885 png, 0 swf, 55 ico, 10864 ssl, 2852 sta, 0 stt, 900 204, 1954 rdr

    That shows about 36% of requests being SSL, 3% being generate_204 (I have a few Android devices), and 6.5% being redirects.

    Are you able to come up with a test case that triggers it regularly?
     
  94. AndreDVJ

    AndreDVJ Addicted to LI Member

    Once per day pixelserv floods syslog with messages like this:
    Code:
    Nov  8 19:36:31 WNR3500L daemon.err pixelserv[10634]: attempt to send response for status=9 resulted in send() error: Connection reset by peer
    Nov  8 19:36:31 WNR3500L daemon.warn pixelserv[10634]: shutdown(new_fd, SHUT_WR) reported error: Transport endpoint is not connected
    Nov  8 19:36:31 WNR3500L daemon.warn pixelserv[10634]: connection handler exiting with FAIL_GENERAL status
    Is someone also experiencing this? I'm running HZ11 WIP5/
     
  95. HunterZ

    HunterZ LI Guru Member

    @AndreDVJ yeah I'm seeing that, now that you mention it. I should probably change that to a cls case.
     
  96. remlei

    remlei Networkin' Nut Member

    Using V35.HZ10 now and it seems that pixelserv is not respoding for some reason, accessing the pixelserv status just gaves me a infinite loading on the browser, checked the logs, nothing was there relating to pixelserv errors. (not sure if pixelserv uses syslog for logs). Unlike V35WIP builds, V35.HZ10 seems to be fine for 15-20hours and then just gave up. Checked the TOP process list and pixelserv is still running. That infinite loading issue on pixelserv makes the website render incomplete or site to load very slow (as it wait for the pixelserv to respond).

    ugh, now im back again to v34 and running fine now for 3 days.
     
  97. HunterZ

    HunterZ LI Guru Member

    V35.HZ11WIP6:
    - added stats counter info to README.md
    - removed vestigial size optimization stuff from build.sh
    - added HTTP POST counter
    - suppress ECONNRESET/ENOTCONN errors by default
    - log pipe-related errors
    - counter code cleanup
     

    Attached Files:

  98. HunterZ

    HunterZ LI Guru Member

    HZ11WIP7:
    - add debug binary building for use with entware GDB
    - add -f option to prevent daemonizing, for debugging purposes

    @remlei: This build was made with you in mind. Since you mentioned you have entware, you can install gdb and launch this version like so:
    Code:
    gdb --args ./pixelserv.debug 192.168.1.254 -f
    (replace the IP address with whatever you desire pixelserv to listen on) And then type 'run' at the GDB prompt and hit enter to launch pixelserv.

    If pixelserv crashes, GDB will catch it and tell you where it happened. This information could help me fix the crash for you.

    Edit: @jerrm: This is also potentially useful for hangs. When running in GDB you should be able to hit Ctrl+C while running to break and see where it's hung, and then type 'cont' to resume running.
     

    Attached Files:

    Last edited: Nov 9, 2014
  99. WaLLy3K

    WaLLy3K Serious Server Member

    ARM update compiled for those who enjoy the bleeding edge of their seat
     

    Attached Files:

    superdos and The Master like this.
  100. leandroong

    leandroong LI Guru Member

    /media/optware/adblock/pixelserv version: V35.HZ11WIP7 compiled: Nov 9 2014 16:03:55
    17654 uts, 1373 req, 513 avg, 2887 rmx, 0 err, 0 tmo, 1 cls, 0 nou, 0 pth, 332 nfe, 117 ufe, 2 gif, 0 bad, 463 txt, 0 jpg, 2 png, 0 swf, 1 ico, 236 ssl, 9 sta, 0 stt, 0 204, 210 rdr, 0 pst

    wow, 0 bad till now....
     

Share This Page