pixelserv compiled to run on router WRT54G

Discussion in 'Tomato Firmware' started by Jedis, Sep 5, 2009.

  1. jerrm

    jerrm Network Guru Member

  2. jerrm

    jerrm Network Guru Member

    @celluloid

    Please post output of "uname -a" - I can at least make the adblock install script give a warning.

    Also please post if you have luck with any pre-compiled version.
     
  3. celluloid

    celluloid Networkin' Nut Member

    Code:
    pixelserv-V35.HZ11FIX2.mips-dynamic   Bus error 
    pixelserv-V35.HZ12WIP1.mips.dynamic   Bus error
    pixelserv-V35.HZ12WIP1.mips     Illegal instruction
    pixelserv-V35.HZ8       Illegal instruction
    pixserv35         Seems to work
    
    # uname -a
    Linux RT-002EE483FAEE 2.4.37.11 #7 2014-12-25 11:06:04 CET mips GNU/Linux
    
     
  4. jerrm

    jerrm Network Guru Member

    Thanks.

    If using my script, there won't be any status Web UI status functionality with @mstombs version, but it should work otherwise - its all we had for a long time.
     
  5. celluloid

    celluloid Networkin' Nut Member

    Appreciate all the help.

    Is it possible to get an updated compiled version that would work with this router? I'm sure I'm not the only one experiencing this issue.
     
  6. HunterZ

    HunterZ Network Guru Member

    Does anyone know of an easy to set up K24 toolchain, or at least a reasonably up-to-date guide? A Linux cross-compiler toolchain is fine, as I have an x86-64 development box.
     
  7. jerrm

    jerrm Network Guru Member

    Maybe @shibby20's or @Toastman's git repo, then properly link up and path the tools/brcm/K24 folder?
     
  8. HunterZ

    HunterZ Network Guru Member

    Okay, these are built from untouched HZ12WIP1 sources with mipsel-linux-gcc from Shibby's K24 toolchain. Let me know if they work on the WRT54GL.
     

    Attached Files:

    Goggy and jerrm like this.
  9. celluloid

    celluloid Networkin' Nut Member

    This does work and provides statistics but gives the following warning:

    clock_gettime() reports CLOCK_MONOTONIC not supported; switching to less accurate CLOCK_REALTIME
     
  10. jerrm

    jerrm Network Guru Member

    Statically compiled MIPS, ARM and now MIPS K24 versions of @HunterZ's pixelserv v.35.HZ12WIP1 are available at http://tomato-adblock.weebly.com.

    The only real advantage over other sources is these are available via plain text http urls compatible with busybox wget.

    The MIPS and MIPSK24 versions are the same zip files @HunterZ last posted in this thread(MIPS, K24). I compiled the ARM version from @HunterZ's unaltered GitHub repo source and build scripts under @lancethepants ARM Tomatoware 1.03 environment.
     
    pharma, Goggy and HunterZ like this.
  11. HunterZ

    HunterZ Network Guru Member

    This is an expected warning:

    When I added time-based statistics tracking in the HZ11 series, I realized that the monotonic clock source would possibly not be available in Linux 2.4 (i.e. on older K24-based routers such as WRT54G). HZ12WIP1 was therefore a result of me thinking ahead to the possibility of someone wanting to run on a K24 router, as its only change was code added to fallback to the realtime clock source during startup when the monotonic one is not available.

    The only difference between the two clock sources is that the realtime one can be affected by changes to the system clock. This could cause your pixelserv time-based statistics to be thrown off if your router synchronizes its system time via NTP while pixelserv is in the middle of a timed operation. Not the end of the world!
     
  12. mstombs

    mstombs Network Guru Member

    Its a while since I looked but I believe the kernel version and mips r1/r2 are only relevant for building the firmware kernel. Userspace apps seem to be more transportable as long as library links are compatible, and the tomato dynamic linked version could run with dd-wrt or even a Ti AR7 mips adsl router. But there was a library change from original tomato to tomatousb. The static ones should be more transportable but a dynamic one built with same toolchain as other specific router firmware optimal (size/compatability).
     
  13. HunterZ

    HunterZ Network Guru Member

    The tomatoware build at least is not transportable, regardless of whether it is statically linked, according to celluloid's testing.

    I haven't tried my new K24 build on my RT-N66U yet to see if it works on K26 MIPSR2.
     
  14. jerrm

    jerrm Network Guru Member

    It runs, but still reports the montonic error. Not supported in the 2.4 uclibc?
     
  15. HunterZ

    HunterZ Network Guru Member

    Not surprising for the static version. Not sure what to expect for the dynamic one.
     
  16. jerrm

    jerrm Network Guru Member

    Seems to work OK, no warning.
     
  17. HunterZ

    HunterZ Network Guru Member

    So I guess that would probably make the K24 uclibc dynamic build the most versatile for MIPS, but the static Tomatoware build may be best for K26 because it uses newer libs in lieu of firmware-provided ones.

    The static K24 uclibc is probably fairly useless on Tomato, but it may have the highest chance of working on non-Tomato MIPS+Linux routers (e.g. Merlin, DD-WRT, OpenWRT, etc.).
     
  18. HunterZ

    HunterZ Network Guru Member

    Now that I've got confirmation that HZ12WIP1 works on K24, I've gone ahead and pushed an HZ12 final release. There are no functional changes since HZ12WIP1 for K24, and nothing relevant since HZ11FIX2 for K26.

    Mainly I fixed up the Makefile that I have in the repo (thanks to whoever provided it - I forget now!) so that it takes the place of my build.sh script. It now builds and packages multiple native and cross-compiler targets, and also has a tomatoware target for me to use natively on my RT-N66U (where I build the K26 versions). There is also an ARM target that I haven't tested, and that is disabled by default because I don't have a toolchain or router to test with. These changes make it easier to support building for multiple platforms on an ongoing basis.

    Note that there is a new naming convention for the binaries: pixelserv.platform.optimization_type.linking_type. This allows them to live side-by-side; if you only care about one flavor, however, you can always copy/symlink/rename that one to just 'pixelserv'.

    Suggestions on choosing a version:
    • MIPS K26 (RT-N16, RT-N66U, etc.): pixelserv.tomatoware.performance.static is best because it statically links Tomatoware libraries that are likely newer than the ones baked into your firmware.
    • MIPS K24 (WRT54G etc.): pixelserv.mips.performance.dynamic is probably best, because the static version probably has the same libraries as your firmware if you're using Tomato, and may have incompatible libraries if you're using non-Tomato.
    • x86/x86_64 (PC): pixelserv.native_platform.performance.dynamic for performance+size. If you have issues, however, the debug flavor is convenient for use with a debugger. 64-bit OS users should also note that the 32-bit x86 build probably won't work for you due to the aggressive stripping process used; use x86_64.
    • ARM: jerrm has been graciously providing builds here: http://tomato-adblock.weebly.com/
     
  19. jerrm

    jerrm Network Guru Member

    Last edited: Sep 14, 2015
  20. JoeyJoeJoe

    JoeyJoeJoe Guest

    Just to be clear, static > dynamic for ARM?
     
  21. jerrm

    jerrm Network Guru Member

    Static. Since it was compiled under Tomatoware, the only time to use the dynamic would be if the full Tomatoware environment was installed on the router.
     
  22. JoeyJoeJoe

    JoeyJoeJoe Guest

  23. mstombs

    mstombs Network Guru Member

    Thanks, just to let you know pixelserv.mips.performance.dynamic version also works fine on my RT-N66U running K26 Asuswrt merlin

    Code:
    ./pixelserv version: V35.HZ12 compiled: Sep 13 2015 08:46:58 options: 192.168.66.254 -p 80 -p 81 -p 8080 -p 8081 -p 443 -o 2
    82547 uts, 2529 req, 646 avg, 11201 rmx, 662 tav, 4070 tmx, 0 err, 158 tmo, 7 cls, 0 nou, 0 pth, 77 nfe, 13 ufe, 28 gif, 0 bad, 611 txt, 0 jpg, 0 png, 0 swf, 1 ico, 1517 ssl, 3 sta, 0 stt, 0 204, 110 rdr, 4 pst, 0 hed
     
    Last edited: Sep 15, 2015
    HunterZ likes this.
  24. jerrm

    jerrm Network Guru Member

    Yeah, I debated to make the K24 mips dynamic build the only mips version I put in the adblock install. For now I stayed with the static build for K26.
     
  25. mstombs

    mstombs Network Guru Member

  26. HunterZ

    HunterZ Network Guru Member

    I played a year or two ago with using a utility that would wrap HTTP connections in HTTPS in order to route HTTPS connections to pixelserv's existing HTTP implementation, but there was no way to make it work without whitelisting a self-signed certificate on every device that wants to get real pixelserv data instead of a certificate error/warning. This is why pixelserv currently handles HTTPS by just closing the connection down as quickly as possible with an access denied error code, which doesn't look nice in the browser but is at least efficient and works out of the box with all devices.

    Does this fork that you linked to just give pixelserv the ability to serve empty data over HTTPS using a self-signed cert, or did he find a better way to handle it?
     
  27. mstombs

    mstombs Network Guru Member

    It appears to need a whitelisted self-signed certificate for every ad domain - with some wildcard option. It's not useful to me if every client/browser combination needs to whitelist them all. I personally can't maintain a whitelisted cert to the router gui - partly because it should not be possible for any device to impersonate a real website and browsers are getting security fixes against potential exploits in this area all the time, and if you make changes to the router firmware the import process may need to be done again?

    So an interesting academic exercise only?

    Source is provided, I had a look and some effort needed to compile natively under an x86 VM I had available, but I did get there.
     
  28. roadkill

    roadkill Super Moderator Staff Member Member

    One possible solution is to cut the connection after downgrading it to port 80 using a redirect from a https signed page (router self signed) I think you shouldn't get a warning if the certificate is trusted

    Edit: meta-refresh will also work
    Code:
    <meta http-equiv="refresh" content="0;URL='http://pixelserv address/path'">
    Sent from my iPhone using Tapatalk
     
    Last edited: Oct 3, 2015
  29. HunterZ

    HunterZ Network Guru Member

    Yeah, that sounds pretty terrible.

    HTTPS->HTTP redirect may wig out some browsers. I tried using stunnel to provide a true HTTPS tunnel to pixelserv without requiring that pixelserv itself be able to handle HTTPS, but in the end rejected it because requiring every device that ever surfs the web on my LAN to accept a self-signed cert just isn't practical (are my guests really going to feel comfortable doing that?).

    HTTPS really ought to have a mode where it can negotiate throwaway encryption keys. Sure it would probably be susceptible to man-in-the-middle attacks, but at least it's deterring casual observation.
     
  30. jerrm

    jerrm Network Guru Member

    Seems like he is planning to generate certs more or less manually. If going to all the trouble of ssl-enabling pixelserv, I would auto generate the certs similar to what squid does when configured as a man in the middle proxy. A single CA installed on the clients and the pixelserv auto generating certs for each domain. As with everything else on these routers though, not necessarily having a full version of openssl may be an issue.

    It's the installing the CA cert on each client that's the deal breaker for me. The appeal of router based adlock is it is zero-config on the clients. Most folks are not running managed clients where they can (more or less) securely push down a new CA cert.

    I wouldn't want to do anything that potentially gets people in the habit of just clicking OK at a popup.
     
    visceralpsyche and HunterZ like this.
  31. mstombs

    mstombs Network Guru Member

    I came across a website that I couldn't read on an Android mobile the other day, the problem was repeated https error messages. So maybe some possible benefit if pixelserv could talk https/ssl/tls better to close the connection more cleanly? My lazy workaround in such cases is to enable work vpn connection which does not benefit from my router or mobile adblockplus adblocking...
     
  32. HunterZ

    HunterZ Network Guru Member

    pixelserv already does a very clean HTTPS shutdown, in that it reports a valid SSL access denied + terminate response to the hello message and then cleanly closes the socket. The effect on most web browsers is an access denied message, like this one in Firefox:
    If an entire site won't work for you due to pixelserv, then you're probably only going to be able to fix it via whitelisting because either the entire site is redirected to pixelserv, or a non-blocked site depends on access to a blocked one in order to provide basic functionality.
     
  33. mstombs

    mstombs Network Guru Member

    I rarely notice the ssl error message using Windows + Google Chrome + Adblockplus, more common with Firefox+Adblockplus seems more common with Android (+adblockplus), I guess you are still using the SSL error code I selected, I do remember trying others some of which may have worked better in other browsers, so a possible future code enhancement would be to make the response selectable, or maybe different for different browsers?

    https://github.com/HunterZ/pixelserv/blob/master/socket_handler.c#L222

    An easy to access description of available decimal codes

    https://en.wikipedia.org/wiki/Transport_Layer_Security#Alert_protocol

    I don't remember the specific errant web page above, but It wasn't anything out of the ordinary - must have just had a script that continuously looped generating messages as fast as I could cancel!
     
  34. HunterZ

    HunterZ Network Guru Member

    It would be nice if someone could provide some data on which codes would be good to use for which browsers, but I don't mind coding something up.
     
  35. HunterZ

    HunterZ Network Guru Member

    I'll draft a proper release on Github tomorrow, but I've implemented a -c option to allow you to specify a decimal alert description value for the SSL fatal error response.

    For now, here is a Shibby MIPS K24 binary for people to test, and the source has been pushed to Github.

    In other news, someone named '1ncorrect' on Github sent me a pull request that adds raspberry pi support to the Makefile, so that's now part of my fork as well. I don't have a development environment for that myself, though, so I won't be supplying official binaries.
     

    Attached Files:

  36. HunterZ

    HunterZ Network Guru Member

  37. mstombs

    mstombs Network Guru Member

    The small pixelserv.mips.performance.dynamic running fine on my asuswrt-merlin N66U router, not tested new option yet...

    Code:
    /mnt/usb4gb/pixelserv version: V35.HZ13 compiled: Oct 6 2015 22:34:24 options: 192.168.66.254 -p 80 -p 81 -p 8080 -p 8081 -p 443 -o 2
    616 uts, 21 req, 242 avg, 509 rmx, 24 tav, 127 tmx, 0 err, 0 tmo, 0 cls, 0 nou, 0 pth, 0 nfe, 0 ufe, 0 gif, 0 bad, 2 txt, 0 jpg, 0 png, 0 swf, 1 ico, 16 ssl, 2 sta, 0 stt, 0 204, 0 rdr, 0 pst, 0 hed
     
  38. QSxx

    QSxx Network Guru Member

    K24 compatible pixelserv.mips.performance.static here - extensive testing as you can see :)

    Code:
    /jffs/adblock/pixelserv version: V35.HZ13 compiled: Oct 6 2015 22:34:25 options: 10.1.1.4
    98577 uts, 5270 req, 340 avg, 8245 rmx, 91 tav, 10003 tmx, 0 err, 20 tmo, 214 cls, 0 nou, 0 pth, 34 nfe, 100 ufe, 262 gif, 0 bad, 547 txt, 0 jpg, 5 png, 0 swf, 0 ico, 4025 ssl, 5 sta, 0 stt, 0 204, 40 rdr, 18 pst, 0 hed 
     
  39. mstombs

    mstombs Network Guru Member

    Last edited: Nov 4, 2015
  40. JoeyJoeJoe

    JoeyJoeJoe Guest

    Has anyone compiled HZ13 for ARM?
     
  41. AndreDVJ

    AndreDVJ LI Guru Member

    I compiled with Tomatoware on my R7000. I will attach the whole zip file created by the compilation process, though you should use pixelserv.tomatoware.performance.static.

    Code:
    root@R7000:/tmp/mnt/storage/software/pixelserv-35.HZ13# make tomatoware
    === Building pixelserv version V35.HZ13 ===
    === Creating deployment directory ===
    mkdir -p dist
    === Building tomatoware ===
    gcc  -g -Wall  -DDROP_ROOT -DIF_MODE util.c socket_handler.c pixelserv.c -o dist/pixelserv.tomatoware.debug.dynamic
    gcc  -O3 -s -Wall -ffunction-sections -fdata-sections -fno-strict-aliasing  -Wl,--gc-sections -DDROP_ROOT -DIF_MODE util.c socket_handler.c pixelserv.c -o dist/pixelserv.tomatoware.performance.dynamic
    gcc  -g -Wall -static  -DDROP_ROOT -DIF_MODE util.c socket_handler.c pixelserv.c -o dist/pixelserv.tomatoware.debug.static
    gcc  -O3 -s -Wall -ffunction-sections -fdata-sections -fno-strict-aliasing -static  -Wl,--gc-sections -DDROP_ROOT -DIF_MODE util.c socket_handler.c pixelserv.c -o dist/pixelserv.tomatoware.performance.static
    strip -s -R .note -R .comment -R .gnu.version dist/pixelserv.tomatoware.performance.*
    upx -9 dist/pixelserv.tomatoware.performance.*
                           Ultimate Packer for eXecutables
                              Copyright (C) 1996 - 2015
    UPX 3.92        Markus Oberhumer, Laszlo Molnar & John Reiser   Mar 30th 2015
    
            File size         Ratio      Format      Name
       --------------------   ------   -----------   -----------
         21964 ->     13584   61.85%   linux/armel   pixelserv.tomatoware.performance.dynamic
        128988 ->     68896   53.41%   linux/armel   pixelserv.tomatoware.performance.static
       --------------------   ------   -----------   -----------
        150952 ->     82480   54.64%                 [ 2 files ]
    
    Packed 2 files.
    rm -f dist/pixelserv.V35.HZ13.tomatoware.zip
    zip -j dist/pixelserv.V35.HZ13.tomatoware.zip LICENSE README.md dist/pixelserv.tomatoware.*
      adding: LICENSE (deflated 66%)
      adding: README.md (deflated 55%)
      adding: pixelserv.tomatoware.debug.dynamic (deflated 55%)
      adding: pixelserv.tomatoware.debug.static (deflated 54%)
      adding: pixelserv.tomatoware.performance.dynamic (deflated 4%)
      adding: pixelserv.tomatoware.performance.static (deflated 3%)
    
     

    Attached Files:

    JoeyJoeJoe likes this.
  42. JoeyJoeJoe

    JoeyJoeJoe Guest

    Thank you, thank you, thank you!
     
  43. Beast

    Beast Network Guru Member

    Installed on RT-N16 and get this error in log:
    daemon.err pixelserv[19833]: Failed to open /tmp/pixelcerts: Permission denied
     
  44. The Master

    The Master Network Guru Member


    Thanks but what should i use with my R7000?! A bit confused.
     
  45. HunterZ

    HunterZ Network Guru Member

    He says you should download the zip and use pixelserv.tomatoware.performance.static

    Looks like it was built natively on an R7000 using tomatoware.
     
  46. The Master

    The Master Network Guru Member

    ARgg..okok i miss read it :) Thanks... I try it.
     
  47. Beast

    Beast Network Guru Member

    Hi
    Installed the following pixelserv on my RT-N16. But have permission problems with "pixelcerts".
    How can I fix this, or can the author plz fix pixelserv (kd) so that it writes the proper permissions
    to pixelcets file, as it creates it in the tmp directory.

    pixelserv version: V35.HZ12.Kd compiled: Oct 12 2015

    daemon.notice pixelserv[4567]: pubads.g.doubleclick.net _.g.doubleclick.net missing

    daemon.err pixelserv[4567]: Failed to open /tmp/pixelcerts: Permission denied
     
  48. HunterZ

    HunterZ Network Guru Member

    You'll probably need to ask on the forum where that fork is supported. I don't think anyone here is really knowledgeable about it.
     
  49. mstombs

    mstombs Network Guru Member

    I added the forum support link above, this fork designed for asuswrt merlin builds, should be possible to port back to Tomatousb but the author won't have tried!

    http://www.snbforums.com/threads/pixelserv-a-better-one-pixel-webserver-for-adblock.26114/

    By the way he has updated github recently with a new version

    https://github.com/kvic-z/pixelserv-tls/releases/tag/V35.H12.Ke
     
  50. Beast

    Beast Network Guru Member

    Thanks I will try that one and see if it works. I was hoping it would work on tomato. Guess I will do some
    digging and find out how he is generating the certs. Everything else other then the certs. seems to work just fine on tomato.

    Just checked out the link, and it appears there is some manual work required to built the certs file. Maybe HunterZ will look at this in the future. Hoping.

    Thanks
     
    Last edited: Nov 4, 2015
  51. jerrm

    jerrm Network Guru Member

    mstombs and Goggy like this.
  52. JoeyJoeJoe

    JoeyJoeJoe Guest

    Since upgrading to HZ13 I've noticed pages hanging on googletagservices and google-analytics. Any idea why?

    Edit: Using R7000 with performance static.
     
    Last edited by a moderator: Nov 10, 2015
  53. HunterZ

    HunterZ Network Guru Member

    I looked into returning actual data on SSL connections to pixelserv when I first started working on it - via stunnel so that I wouldn't have to put SSL stuff in pixelserv itself - and decided that it wasn't worth the effort because you have to import the certs into every browser on every device that you want to have it interoperate with. I'm not interested in a non-plug-and-play solution like this, which will really never work for mobile devices and such and would be a confusing pain for non-technical visitors to my home.

    There have been no functional changes since HZ12, except adding support for overriding the default SSL alert code (it still reports the old access_denied value as a default if you don't override it).
     
  54. JoeyJoeJoe

    JoeyJoeJoe Guest

    It was an error in the adblock script and not pixelserv. An update of the update has fixed it.
     
  55. PeaceKeeper

    PeaceKeeper New Member Member

    Working great. The only issue I've noticed is that if you use the scripts adblock.sh?stop/start/restart/force, the webui says pixelserv isn't running. Whenever I make changes to the config, I simply start pixelserv by pushing stop and executing /jffs/adblock/adblock.sh through the tools-system command.
     
  56. Beast

    Beast Network Guru Member

    Script been working very well. But just yesterday, some of the skip add videos on youtube have returned. Anyone know the exact url's to black list to make them go away???

    They used to not show up by just using the minimal sources, (17200 unique hosts to block), I uncommented one of the other sources and its up to (29361 unique hosts to block). But the add's still show up.

    So which url or more do I have to blacklist to get rid of them.??
    TIA
     
  57. PeaceKeeper

    PeaceKeeper New Member Member

    I haven't noticed any youtube ads, but you should be able to find the url of the resource with developer tools (F12).


    I'm currently having the opposite problem. One person on my network wants to watch CBS videos. I'm not really sure how to work around that because they use a ton of ad services with host detection. If anyone has any suggestions, please let me know.
     
  58. HunterZ

    HunterZ Network Guru Member

    I have to turn off adblock to stream Xfinity (Comcast) videos as well. I tried whitelisting some blocked sites, but apparently didn't hit the right combo. It probably also differs depending on which channel's content I'm streaming via the Xfinity site, as I'm pretty sure it comes from their individual back-ends (CBS has terrible performance compared to ABC, and CBS wants you to pay for access to their crappy streaming if you don't go through Comcast!).
     
  59. HunterZ

    HunterZ Network Guru Member

    So my mother-in-law just showed me that Safari on her Macbook throws a fit when trying to access blocked sites, complaining about SSL certificates not being accepted. Apparently Safari clutters up the OS install with cached ad server SSL certificates and assumes there's a problem with the certificate when adblock says Access Denied; it was rather sad seeing it ask the user which of a half-dozen yieldmanager.com (or whatever) certificates should be fed to the server to try to resolve the "issue" (so much for "Apple just works").

    Since I recently added configurable alert code support to pixelserv, I'm now trying the Internal Error (80) code to see if it works any better.
     
    mstombs, Goggy and WaLLy3K like this.
  60. WaLLy3K

    WaLLy3K Networkin' Nut Member

    Is THAT what it is? It doesn't happen often to me (I don't often visit http://cultofmac.com, where the issue always occurs), but it's a massive PITA having to hit cancel on each page.
     
  61. HunterZ

    HunterZ Network Guru Member

    Wow, that's an awful site. Auto-playing videos and the sidebar repeats over and over instead of just sticking to the window.

    Try using a different SSL alert code number in pixelserv with the -c parameter and let me know if it helps (I'm using -c 80 right now).
     
  62. WaLLy3K

    WaLLy3K Networkin' Nut Member

    Haaaaa. It's fucking awful for those exact reasons.

    Doing a manual 'killall pixelserv; /path/to/pixelserv -c 80' seems to be working fine for me!

    I've applied it by modifying this within adblock.sh:
    Code:
    # additional options for pixelserv
    PIXEL_OPTS="-c 80"
     
  63. hammer

    hammer Connected Client Member

    By request from @ΦDroid I did a arm64 build for Android of the latest version. I have no idea if there are any advantages compared to a regular arm build. The arm64 build is not compressed by UPX as it does not handle the binary format.
    The arm64 build was tested by @ΦDroid on a OnePlus Two and confirmed working. I have tested the regular arm build on a OnePlus One.

    Compiled using Android NDK, Revision 10e configured for API level 21 (Android 5.0+) with toolchain "aarch64-linux-android-4.9" (arm64) and "linux-androideabi-4.9" (arm).
     

    Attached Files:

    ΦDroid, Goggy and HunterZ like this.
  64. Michael Malone

    Michael Malone Network Newbie Member

    Does anyone know the best way to set this up for a broadcom based Linksys WRT54GL 1.1?
    I am running Shibby Tomato 1.26 132 Mini and can't use JFFS because there is no space or I can't get any space working. I almost have it, but has to be entirely run from /tmp which is confusing. I would like it to run automatically upon boot, but I'm screwing something up. Router has 16mb, flash only 4mb. I am using 2015-11-11 release mod by jerrms.

    Trying "PIXEL_IP=0" and "RAMLIST=1" in config.ini
     
  65. HunterZ

    HunterZ Network Guru Member

    Sounds like you may want to ask in the adblock thread, since you're not using pixelserv?
     
  66. Michael Malone

    Michael Malone Network Newbie Member

    ok, I'll check the other thread. I am using pixelserv on another router and I thought the difference was a single option in the config.ini to turn it off using the same script.
     
  67. mstombs

    mstombs Network Guru Member

    If you are running adblock using only scripts in nvram you must be downloading the blocklist to ram every boot after wan connected, so you could add a download of a small pixelserv binary, but you would need to host is somewhere for yourself. Whether the current mipsel binary runs on your ancient router is a valid question which only you can answer - I am not sure what kernel version and toolchain shibby uses for wrt54gl, but jerrm's adblock script does include a download of the latest k24 dynamic which 'should' work.
     
    Michael Malone likes this.
  68. HunterZ

    HunterZ Network Guru Member

    You could also do what I've done, and put it all on another computer on your LAN and access it via a CIFS mount. It's a little tricky but it works.

    I finally got a second USB stick for xmas, and intend to use my old one as local storage on the router for ablock/pixelserv/entware/tomatoware/etc.
     
  69. Michael Malone

    Michael Malone Network Newbie Member

    I actually got it working .... on the old WRT54G by using the installer. I don't know if there is a minor error in the script, but the installer script installs everything perfectly. Check it out, with Pixelserv.

    Linksys WRT54GL v1.1 [4MB Flash 16MB Ram]
    *JFFS is too small to be enabled [All files will be placed in: /tmp/adblock]

    Shibby TomatoUSB
    19-10-2015 - [RELEASE] v132-EN
    http://tomato.groov.pl/download/K26/build5x-132-EN/tomato-K26-1.28.RT-MIPSR1-132-Mini.zip

    MiniIPv6 - Seems to be missing OpenSSL
    http://tomato.groov.pl/download/K26/build5x-132-EN/tomato-K26-1.28.RT-MIPSR1-132-MiniIPv6.zip

    WAN Up
    [TomatoUSB] Admin: Scripts -> http://192.168.1.1/admin-scripts.asp

    # For a custom location uncomment and edit PREFIX value
    # export PREFIX=/opt/bin
    export PREFIX=/tmp/adblock
    wget -O - http://goo.gl/GfA7cQ | sh
    sleep 5
    /tmp/adblock/adblock.sh cron && echo Success!

    ----

    Block Lists: default
    http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext
    http://winhelp2002.mvps.org/hosts.txt

    Messages ....
    [TomatoUSB] Tools: System Commands -> http://192.168.1.1/tools-shell.asp
    cat /var/log/messages | grep ADBLOCK

    Test ....
    http://doubleclick.net/test.gif
    Do You See a Single Pixel? [PixelServ Working!]
    or
    Error 404 (Not Found)!! -> http://doubleclick.net/test.gif [Blocked -no PixelServ]
    or
    DoubleClick by Google -> http://doubleclick.net [Not Blocked at ALL]

    Stopping ....
    [TomatoUSB] Tools: System Commands -> http://192.168.1.1/tools-shell.asp
    /tmp/adblock/adblock.sh stop
     
    Last edited: Feb 3, 2016
    plikmuny and Vladimic like this.
  70. Vladimic

    Vladimic New Member Member

    Michael Malone thanks for sharing!
    This is the best adblock solution, I've been used so far. I've tested the installation script on my Asus RT-AC68R/U running Shibby Tomato and it works.
    1. The only issue I've found is that it stops working when I turn on dnscrypt-proxy option.
    Is it possible to have both running? It would by very nice if the adblock worked nicely with dnscrypt-proxy enabled.
     
  71. HunterZ

    HunterZ Network Guru Member

    Why would adblock work with dnscrypt? The whole point is to spoof DNS entries to redirect clients to pixelserv.

    Edit: Also, you'll be more likely to get an answer in the adblock thread, as pixelserv has nothing to do with DNS.
     
  72. Vladimic

    Vladimic New Member Member

    Well as far as I know, a DNS entry gets encrypted on its way from router to outside dns server. In my case form router to openDNS server. In fact it is not encrypted on a way form a client (laptop or phone connected to LAN) to the router. So before dnscrypt-proxy sends encrypted token to outside dns server, it should receive it in clear text format. Therefore, theoretically there is still space to spoof clear text DNS entry. Again aforementioned is just my assumptions, as I'm not expert in this area.
     
  73. torstenj1969

    torstenj1969 Networkin' Nut Member

    Hi HunterZ!

    I have some troubles with URL's and I don't know how to solve this. When I use pixelserv than the Webpage displays a little white cross with black background.
    When I add the URL within a browser than it show's the pixelserv.

    Will give you an example: (Screenshot here http://i.imgur.com/rWrJyeK.png)

    Take a look at: http://www.cloudtime.to/video/89feee3d33e41
    If you add "c.statcounter.com" to the blacklist and replace it the pixelserv than you will see this "broken link" Icon within all Browsers.

    "http://c.statcounter.com/10874167/0/c0acb295/1/" is the full URL and I have no clue what is behind this. I have tried it with different mime types and still the same result.

    Do you have any clue how to remove this? It is blocked but it seems not realy blocked.
    What the hell I'm doing wrong?

    Million thanks for your support!
     
    Last edited: Jun 5, 2016
  74. HunterZ

    HunterZ Network Guru Member

    @torstenj1969 You're not doing anything wrong. The problem here is that pixelserv can't tell from the URL (which is all it has to work with) that it's supposed to be serving an image, so it instead serves up an empty text file (which is the correct response in most cases, as most directory-only URLs really resolve to HTML files). The web page then tells the browser to interpret the result as an image, and since it got no image data it shows a broken file symbol.

    There may not be a way to solve this. The only thing I can think of is to allow you to supply a set of regular expressions that determine which kind of response should be sent based on pattern matching in the URL, but I'm not even sure how well that would work because it depends on being able to find a reliable pattern to match on. Note that pixelserv doesn't see the domain name - just the part after it.
     
    koitsu likes this.
  75. koitsu

    koitsu Network Guru Member

    Basically, there's really no way for pixelserv to know if the path portion of a URL should refer to an image (i.e. should return an empty 1x1 pixel image/gif), or refer to HTML content (i.e. should return a 0-byte text/html document). The only way it'd know is if it actually did a HEAD request on the original source URL, which would hurt performance badly -- and starts to make it more of a kind of "content filtering proxy" (which is something squid does -- it's a caching proxy for a reason (the caching part is important)). Not to mention, several sites don't honour HEAD (return HTTP 405), while others do something different with HEAD vs. GET (and using GET is painful because if the content returned is large; severing the socket early can lead to other complications).

    In other words: @HunterZ's explanation of how complex this problem is to try and solve is fully justified. I really can't think of a way to "magically" solve this.

    This is where things like uBlock Origin and other client-side blockers have an advantage: they simply block the request from even happening (in the browser) to begin with, and it's based on a series of complex regex rules.
     
  76. torstenj1969

    torstenj1969 Networkin' Nut Member

    I solved the problem now.
    It is a http Link but in real it is an https link. Currently I have no clue how the did it but I know how to solve this.

    Thanks to all of you!
     
  77. plikmuny

    plikmuny New Member Member

    Hi, cn you tell me step by step procedure to install this Pixelserv onto my R7000 with Tomato Shibby Firmware ?
    i am a noob here willing to learn things and i want to install Pixelserv onto my Router and get it working 100%.
    I dont know if Privoxy is better than Pixelserv or is Pixelserv is better compared to Privoxy in terms of Adblocking.
    I want to know that also.. i am here to learn and Experiment.

    Pls guide me to get this Pixelserv working on R7000. Thanks in Advance.
     
  78. plikmuny

    plikmuny New Member Member

    I have successfully installed this Script using the method described above by Michael.
    One problem is i am not able to block youtube ads. Before it was not appearing, but now it appears on every video. Its very annoying,
    here is my adblock.ini config....
    Code:
    ##
    
    # The only required line in the config file
    SOURCES=""   
    
    # a few example options
    #dnsmasq_logqueries=1
    #web_refreshtime=300
    #web_reportlines=200
    #LISTMODE=OPTIMIZE
    
    
    ## Remove comments from below lists to enable them
    
    ## Sources (uncomment desired blocklists) [must be compatible to the hosts file format!]
    ## MVPS HOSTS (~1731k) [default]:
    SOURCES="$SOURCES https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
    
    ## AIO (~6754k) [default]:
    SOURCES="$SOURCES https://raw.githubusercontent.com/hl2guide/All-in-One-Customized-Adblock-List/master/deanoman-adblocklist.txt"
    
    ## Youtubeadsblock (~352k) [default]:
    SOURCES="$SOURCES https://raw.githubusercontent.com/anudeepND/youtubeadsblacklist/master/hosts.txt"
    
    ## hpHosts ad/tracking servers (~400k) [default]:
    SOURCES="$SOURCES http://hosts-file.net/ad_servers.txt"
    
    ## The Cameleon Project (~600k) [default]:
    SOURCES="$SOURCES http://sysctl.org/cameleon/hosts"
    
    ## MalwareDomainList.com (~40k) [default]:
    SOURCES="$SOURCES http://www.malwaredomainlist.com/hostslist/hosts.txt"
    
    ## Blacklist additional sites
    ## (add hostnames inside the quotes, space-separated, without http://)
    BLACKLIST="r4---sn-vgqs7nez.googlevideo.com r4.sn-vgqs7nez.googlevideo.com www.youtube-nocookie.com i1.ytimg.com r17---sn-vgqsenes.googlevideo.com r2---sn-vgqs7n7k.googlevideo.com clients6.google.com r1---sn-vgqsen7z.googlevideo.com r1.sn-vgqsen7z.googlevideo.com r20---sn-vgqs7ne7.googlevideo.com r20.sn-vgqs7ne7.googlevideo.com"
    
    ## Whitelist sites from blocking
    ## (add hostnames inside the quotes, space-separated, without http://)"
    WHITELIST=""
    
    can anyone pls suggest me what i am doing wrong here ? or is there a way to block Youtube ads almost 100% ?
     
  79. koitsu

    koitsu Network Guru Member

    You already have an existing thread about this issue. I suggest users reply there.
     
  80. mstombs

    mstombs Network Guru Member

    Blast from the past, 9 yrar old thread! The Asuswrt forum ssl version still undergoing active development, but pixelserv is still just a dummy target but no longer a 4kB binary, heavy lifting needs to be done by the scripts that configure the dns poisoning.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice