Adblock support thread

Hi,

in OpenWrt stable & snapshot package repo you'll find the adblock package (plus LuCI companion/configuration package):

stable OpenWrt version 21.02.x.: adblock 4.1.3 plus luci companion package

latest snapshot version: adblock 4.1.3 plus luci companion package

Link to the latest adblock documentation

Feel free to test, ask questions or make suggestions.


Changelog

---
release 4.1.3

  • fix a small json syntax issue in adblock.sources
  • add easylist addon to reg_fr source
  • add switch 'adb_fetchinsecure' to allow insecure downloads without certificate check (disabled by default)
  • better explain 'adb_fetchparm' in readme
  • add a tcpdump option to resolve IPs in adblock reporting, set 'adb_represolve' accordingly (disabled by default). If enabled tcpdump will perform a reverse DNS (PTR) lookup for each IP address
  • add 'stalkerware' source
  • fix regex to prepare google safesearch domains
    ---
    release 4.1.2
  • preserve DNS cache after adblock processing (unbound & bind)
  • fix redirect issue with oisd basic url
  • cosmetics
    ---
    release 4.1.1
  • support the RPZ trigger 'RPZ-CLIENT-IP' to always allow/block certain clients based on their IP (currently only supported by bind!)
  • avoid promiscuous mode in tcpdump setup for adblock reporting
  • speed up dns report preparation
  • support dns report mailing (/etc/init.d/adblock report mail)
  • fix bind autodetection
  • update LuCI-frontend (separate PR)
  • update readme
    ---
    release 4.1.0-3
  • add a restrictive "jail mode only" variant, just point your jail directory to your primary dns directory
  • update readme
    release 4.1.0-2
  • add adguard_tracking source (list with cname trackers)
  • optimize/sort output of active sources in status
  • optimize log output in EMails
    ---
    release 4.1.0
  • major source changes:
    • split oisd.nl in basic and full variant
    • add swedish regional list
    • made archive categories for shallalist and utcapitole selectable via LuCI
    • made all list variants of energized and stevenblack selectable via LuCI
  • removed dns filereset mode
Ancient Releases (Unsupported!)

OpenWrt version 19.07: adblock 4.0.7 plus luci companion package
OpenWrt version 18.06: adblock 3.5.5 plus luci companion package
LEDE version 17.01: adblock 3.4.3 plus luci companion package


Have fun!
Dirk

27 Likes

At the first glance, it seems to work nicely.

logread -e "adblock" gives the following output:

Mon Dec 12 09:53:36 2016 daemon.err adblock.sh[944]: udhcpc: started, v1.25.1
Mon Dec 12 09:53:36 2016 daemon.err adblock.sh[944]: udhcpc: sending discover
Mon Dec 12 09:53:39 2016 daemon.err adblock.sh[944]: udhcpc: no lease, failing
Mon Dec 12 09:53:39 2016 daemon.err adblock.sh[944]: udhcpc: started, v1.25.1
Mon Dec 12 09:53:39 2016 daemon.err adblock.sh[944]: udhcpc: sending discover
Mon Dec 12 09:53:42 2016 daemon.err adblock.sh[944]: udhcpc: no lease, failing
Mon Dec 12 09:53:42 2016 user.notice adblock-[1.9.99-pre0] info: block lists with overall 132369 domains loaded (1.9.99-pre0, LEDE Reboot CURRENT r2437-854459a)

I removed the previous package and luci addon with luci.

udhcpc is the DHCP client fetching a WAN address from your ISP for your WAN interface. Nothing to do with adblock (or DNS) by itself.

Does your router get WAN address when adblock is disabled?

But you seem to have a lot of blocklists loaded. You might test first with only a few lists. And you might reboot the router one more time so that there are surely no leftovers in dnsmasq tmp from the previous ablock version.

My router gets a WAN address also when adblock is enabled.
As far as I can see adblock2 is working without a problem. I just don't understand the errormessages in the log.
My router has plenty of ram (512 MB), so I thought is is not a problem to enable almost every list.

@htmt
Does this dhcp "error" always appear (i.e. during a normal /etc/init.d/adblock restart) or only during boot?
What happen if you change ...

procd_set_param stderr 1 to procd_set_param stderr 0

in /etc/init.d/adblock?

Thanks for testing!

Yes the error appears always (reboot and restart).

Still the same errormessage.

I feel myself obliged to do so because adblock is why I bought this new router in the first place.
Thanks for making this great tool!

OK, please make a "/etc/init.d/dnsmasq restart" for two times. First with enabled block lists and second time without adblock (after /etc/init.d/adblock stop). In both cases please check the log for dnsmasq/dhcpc errors like you've posted above.

Thanks again!

Mon Dec 12 16:53:58 2016 daemon.err adblock.sh[1843]: udhcpc: started, v1.25.1
Mon Dec 12 16:53:58 2016 daemon.err adblock.sh[1843]: udhcpc: sending discover
Mon Dec 12 16:54:01 2016 daemon.err adblock.sh[1843]: udhcpc: no lease, failing
Mon Dec 12 16:54:01 2016 daemon.err adblock.sh[1843]: udhcpc: started, v1.25.1
Mon Dec 12 16:54:01 2016 daemon.err adblock.sh[1843]: udhcpc: sending discover
Mon Dec 12 16:54:04 2016 daemon.err adblock.sh[1843]: udhcpc: no lease, failing
Mon Dec 12 16:54:05 2016 user.notice adblock-[1.9.99-pre0] info: block lists with overall 132369 domains loaded (1.9.99-pre0, LEDE Reboot CURRENT r2437-854459a)
Mon Dec 12 17:05:48 2016 daemon.err adblock.sh[2657]: udhcpc: started, v1.25.1
Mon Dec 12 17:05:48 2016 daemon.err adblock.sh[2657]: udhcpc: sending discover
Mon Dec 12 17:05:51 2016 daemon.err adblock.sh[2657]: udhcpc: no lease, failing
Mon Dec 12 17:05:51 2016 daemon.err adblock.sh[2657]: udhcpc: started, v1.25.1
Mon Dec 12 17:05:51 2016 daemon.err adblock.sh[2657]: udhcpc: sending discover
Mon Dec 12 17:05:54 2016 daemon.err adblock.sh[2657]: udhcpc: no lease, failing
Mon Dec 12 17:05:54 2016 user.notice adblock-[1.9.99-pre0] info: block lists with overall 132369 domains loaded (1.9.99-pre0, LEDE Reboot CURRENT r2437-854459a)

I wouldn't be surprised when the problem is outside of Adblock.
My router is, as of now, not fully supported by LEDE (TP-Link Archer C2600).

Adblocking is functional with this release.

If a full log is usefull, let me know.

So dns hijacking is no longer an option with adblock2?

I haven't mastered wrapping firewall rules in procd instance, but if you'd want to bring back the pixelserv, I found out uhttpd is really easy to include in PROCD instance.

On ipq806x LEDE Reboot CURRENT r2437+12 with uclient-fetch and ustream-mbedtls installed, adblock2 fails with error: fetch utility 'uclient-fetch' or 'wget' not found. Maybe the below will help:

root@EA8500:~# which /usr/bin/wget* root@EA8500:~# which uclient-fetch /bin/uclient-fetch root@EA8500:~# which /bin/wget* /bin/wget root@EA8500:~# ls -la $_ lrwxrwxrwx 1 root root 13 Dec 10 16:24 /bin/wget -> uclient-fetch

:slight_smile:
Still it's all about dns spoofing/hijacking but we do not longer need all the firewall/pixel server stuff for that. The dns server itself returns a simple 'NXDOMAIN'. This is nothing but Non-eXistent Internet or Intranet domain name, if domain name is unable to resolve using the dns server, a condition called the 'NXDOMAIN' occurred.

On client side you'll see things like that:

root@x250:/home/dirk# nslookup doubleclick.net
Server: 192.168.1.1
Address: 192.168.1.1#53
** server can't find doubleclick.net: NXDOMAIN

or that (captured during a youtube session):

root@x250:/home/dirk# tcpdump -nt -i wlan0 udp port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes
IP 192.168.1.103.40371 > 192.168.1.1.53: 44883+ A? www.google-analytics.com. (42)
IP 192.168.1.103.40371 > 192.168.1.1.53: 20204+ AAAA? www.google-analytics.com. (42)
IP 192.168.1.1.53 > 192.168.1.103.40371: 44883 NXDomain 0/0/0 (42)
IP 192.168.1.1.53 > 192.168.1.103.40371: 20204 NXDomain 0/0/0 (42)
[...]

simple & quite effective! :relaxed:

As I wrote in my initial post you have to set two options in adblock config, for uclient-fetch use the following:

option adb_fetch '/bin/uclient-fetch'
option adb_fetchparm '-q'

By DNS hijacking I meant that if I have a client in the local network with hardcoded DNS (rather than using DNS server offered by DHCP) it will no longer be forced to use my router's dns server, will it now, without firewall rules?

Ah, sorry, missed that, I was hoping adblock2 would auto-discover what I have installed. :wink:

adblock supports a wider range of router modes, incl. AP modes. Therefore it makes no sense to set firewall redirects like that. (same applies to adblock 1.x)

a guy who changed the default ssl-backend can add two config options, too. :slight_smile:
a positive side effect: you could use other tools like aria2 ...

Ah, I see the reason. It'd still make sense to set the redirects for the router mode, which I'd expect to be like 90% of the cases. :wink:

I've updated the download link in the first post for the new pre1 version, changes are:

  • procd fine tuning
  • many bugfixes

If nothing major comes up, I'll send a github PR before christmas ... :slight_smile:

1 Like

The initial adblock_1.9.99-pre0-1_all ran perfectly well for me. Now adblock_1.9.99-pre1-1_all is also running well perfectly for the past 12-14 hours or so. No issues to report on my end as far as functionality goes.

I must admit, I do wish that there still remained an option to keep the pixel server running to replace all of the DNS-related errors that come up now with this NXDOMAIN method. But anyway, I trust in your judgement and coding work 100% and I will continue testing all future releases as they are released.

Hi Dave,

thanks for testing!
Do you have example urls with "broken links" where ads are not delivered by https server? For ad related content from https server you will receive broken links, even with adblock 1.x cause we cannot redirect secured connections.

br
dirk

Just want to say thanks for this! I run your current version published in trunk (1.5.4-1 with the Luci counter part), and it's a great tool. Thanks for continuing to support it!

Tested on my TP-Link Archer C2600 and my travel-router GLi AR150.
Works like a charm! I love it.
Especially the AR150 can handle this version much easier than the previous version.

The LuCI app modified for the new adblock2 can be found from here:
https://www.dropbox.com/s/dobai5nfua5bifz/luci-app-adblock_git-16.352.65143-1741e5578-1_all.ipk?dl=0