New version 22, hope finally fixed occasional problem with multiple stick processes and connections in FIN_WAIT2 state, created by broken connections to browsers. To work-around this problem it has been necessary for users to regularly kill and restart the pixelserv binary.
Have also made the listening interface have no default - was formerly "br0" but that blocked use with tunnel or multiple interfaces, use "-n br0" for former behaviour.
Also changed the SIG used to poke for usage count to be logged, no longer use system SIGHUP, but use SIGUSR1.
The source code has option for task to run as restricted user (default "nobody"), but this doesn't work on the dd-wrt version under test, so option not compiled in.
Code:
root@DD-WRT:~# uname -arn
Linux DD-WRT 2.4.37 #7590 Sat Oct 10 02:59:44 CEST 2009 mips unknown
root@DD-WRT:~# ./pixelserv -?
Usage:./pixelserv [-i] [IP] [-p 80] [-n IF]
i = inetd mode, IP or hostname to listen on (all), p = port No/name, IF = interface name (all)
...
root@DD-WRT:~# ./pixelserv -p 88 -n br0
...
root@DD-WRT:~# tail /var/log/messages
...
Dec 2 23:38:02 DD-WRT daemon.info pixelserv[10752]: ./pixelserv V22 compiled: Dec 2 2010 22:35:50 from pixelserv22.c
Dec 2 23:38:02 DD-WRT daemon.notice pixelserv[10754]: Listening on br0 0.0.0.0:88
...
root@DD-WRT:~# kill -SIGUSR1 $(pidof pixelserv)
...
Dec 2 23:53:55 DD-WRT daemon.info pixelserv[10754]: 1002 pixels served
Source and compiled Broadcom binary (tomatousb gcc 4.2.4 toolchain)
pixserve22dd.zip
Description:
Source, build script and binary for pixelserv.c V22
sorry to bring back a dead thread but i'm having issues with whitlist and i have not received any help.
I have a music website that has lots of embedded youtube videos and half of them are just white and other half work without issues. Right clicking the whitespace leads to Adobe Flash player settings so its not something i'm doing wrong.
I went in the white list added the website to the top of the list and restarted my router but nothing? turn the script off and the all the videos work.
What am i doing wrong and how can i add this site to my whitelist? or is there a way to ignore flash media from being blocked with this script even if it has ads?
i'm currently away on travel so my response may be slow to non-existent as i will not be able to test out anything before i get back home early next month. with that said, pleas do say what is the site you are trying to use with the script.
my first guess as i have never had the problem your describing (and yes, i have been using the script from way back when to this day), is a configuration problem.
please make sure that you have followed the guide to the letter and if possible go through the troubleshooting section.
Posted: Fri Jul 29, 2011 15:31 Post subject: Whitelist issue
When i add domains to my whitelist, they remain blocked. If I ping the whitelisted domains, I yield 192.168.1.254. And yes, I am perpending my whitelist (before the hardcoded google domains).
All except the google domains show up as blocked (192.168.1.254). I manually deleted the domains from the dllhosts and dnsmasq.adblock.conf files with success, but the whitlist file does nothing.
Posted: Mon Aug 08, 2011 21:07 Post subject: back from veca
@bizarro
While admittedly I have only tried to test the quantserve example, I've found that the DOMAIN of quantserve.com is blocked...
So if you whitelist a host of that domain, it will still be blocked.
This is because the whitelist just takes out the strings specified in it from the blocked domain files... but the domain listing doesn't match the explicit FQDN of the host and there for it stays blocked...
sorry, but that is just how the script works...
sorry i can’t be of more help, nice challenge/refresher though.
Attached is a V27 of the pixelserv.c, looks like never got round to testing under dd-wrt (never worked out how to compile dd-wrt firmwares). Not changed since Dec 2010 - only issue I know about is that it can stop working if you make some lan/wan changes via web gui (I suspect it can keep listening on defunct interface) so I recommend it is killed and restarted in firewall script.
I recommend this version over V22 above since it is more selective about responses - sending a gif to a java script request can just cause page hangs/ script error reports. If you use the syslog it can be poked to report stats with one of
An error is when a connection is made and closed/broken before any data received or sent.
A bad request is something other than "GET", for example "POST", for these a 501 response is sent.
Null text response are sent when a .js* file requested, otherwise the usual null gif.
To keep size down, attached is a binary compiled with tomatousb (reportedly working in certain dd-wrt versions), and old tomato toolchain (.oldT) and only a few options: (recompile with -DVERBOSE to get more messages in log)
Dec 12 21:57:50 WRT54G-TM daemon.info pixelserv[2890]: ./pixelserv V27 compiled: Dec 12 2010 21:49:05 from pixelserv27.c
Dec 12 21:57:50 WRT54G-TM daemon.notice pixelserv[2892]: Listening on br0 192.168.1.1:80
Open question to OKI or anyone else with ability to compile for Atheros to post here.
The pixelserv routine would be much more useful if, it had a minor modification to have it call an arbitrary file, that would return not a simple string but a much larger string that would effectively put up a whole html page.
In other words, instead of directly putting out the 200 ok string, it would call a file that it would put out the string in that file. The string could be, the present string for a pixel, OR it could be something much larger.
Someone patched a version that would optionally output a warning triangle in place of the null pixel, but I never saw the source-code, can be useful to see more clearly what is being done. If the calling program expects an image (or script) then anything other than an image (or script) likely to cause error.
Would be easy to replace the whole of the null pixel image response string including http header:- see attached, tested only briefly on old router running K24 tomatousb:-
Code:
root@wrt54gs:/tmp/home/root# ./pixelserv -?
Usage:./pixelserv [-i inetd mode, no other params] [IP No/hostname (all)] [-p port (80)] [-n i/f (all)] [-f nullgiffile]
root@wrt54gs:/tmp/home/root# ./pixelserv -p 8081 -f nullgif.bin
pixelserv[10396]: ./pixelserv V28 compiled: Jul 3 2012 01:08:20 from pixelserv28.c
or just size if only a gif? - bit harder if header has to change on type and size of file content. Got any examples of what you have in mind you can put on pastebin or somewhere similar?
I got that far as well - there is an option to compile with support for selecting the port, useful 81, 8080, 8081 for test purposes - but not it seems for https port 443.
What is needed is the contents of a string that politely refuses the connection - but I suspect the initial handshaking is all about establishing the secure comms channel.
By definition of https connection, not a lot can done at router level, and you'll find websites using embedded IP addresses (they can use their own dns on page load) as well - to bypass DNS poisoning.