Adblock support thread

Hi,
I'm getting a strange error while running adblock and the latest 23.05.02 on x86/64 platform.

While everything starts correctly, when the VDSL pppoe connection to my ISP goes down, dnsmasq segfaults while system tries to reconnect .

Thu Nov 23 05:58:16 2023 daemon.info pppd[2398]: No response to 5 echo-requests
Thu Nov 23 05:58:16 2023 daemon.notice pppd[2398]: Serial link appears to be disconnected.
Thu Nov 23 05:58:16 2023 daemon.info pppd[2398]: Connect time 3.9 minutes.
Thu Nov 23 05:58:16 2023 daemon.info pppd[2398]: Sent 1533807 bytes, received 8454250 bytes.
Thu Nov 23 05:58:16 2023 daemon.err odhcp6c[5651]: Failed to send RS (Network unreachable)
Thu Nov 23 05:58:16 2023 daemon.err odhcp6c[5651]: Failed to send RELEASE message to ff02::1:2 (Network unreachable)
Thu Nov 23 05:58:16 2023 daemon.notice netifd: Interface 'wan_6' is disabled
Thu Nov 23 05:58:16 2023 daemon.notice netifd: Network device 'pppoe-wan' link is down
Thu Nov 23 05:58:16 2023 daemon.notice netifd: Network alias 'pppoe-wan' link is down
Thu Nov 23 05:58:16 2023 daemon.notice netifd: Interface 'wan_6' has link connectivity loss
Thu Nov 23 05:58:16 2023 daemon.notice netifd: Interface 'wan' has lost the connection
Thu Nov 23 05:58:16 2023 daemon.notice netifd: wan_6 (5651): Command failed: ubus call network.interface notify_proto { "action": 0, "link-up": false, "keep": false, "interface": "wan_6" } (Permission denied)
Thu Nov 23 05:58:17 2023 user.notice ddns-scripts[5982]: raxi_v4: PID '5982' terminated by 'SIGTERM' at 2023-11-23 05:58
Thu Nov 23 05:58:17 2023 user.notice ddns-scripts[5983]: raxi_v6: PID '5983' terminated by 'SIGTERM' at 2023-11-23 05:58
Thu Nov 23 05:58:17 2023 user.notice ddns-scripts[5984]: 3cx: PID '5984' terminated by 'SIGTERM' at 2023-11-23 05:58
Thu Nov 23 05:58:17 2023 user.notice ddns-scripts[5985]: duckdns: PID '5985' terminated by 'SIGTERM' at 2023-11-23 05:58
Thu Nov 23 05:58:17 2023 daemon.err odhcp6c[5651]: Failed to send SOLICIT message to ff02::1:2 (Network unreachable)
Thu Nov 23 05:58:17 2023 daemon.notice netifd: Interface 'wan_6' is now down
Thu Nov 23 05:58:17 2023 daemon.warn dnsmasq[1]: no servers found in /tmp/resolv.conf.d/resolv.conf.auto, will retry
Thu Nov 23 05:58:17 2023 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Thu Nov 23 05:58:17 2023 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 112 names
Thu Nov 23 05:58:17 2023 daemon.info dnsmasq[1]: read /tmp/hosts/odhcpd - 2 names
Thu Nov 23 05:58:17 2023 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
Thu Nov 23 05:58:17 2023 daemon.warn odhcpd[2144]: No default route present, overriding ra_lifetime!
Thu Nov 23 05:58:18 2023 daemon.warn odhcpd[2144]: No default route present, overriding ra_lifetime!
Thu Nov 23 05:58:18 2023 daemon.warn odhcpd[2144]: No default route present, overriding ra_lifetime!
Thu Nov 23 05:58:18 2023 daemon.warn odhcpd[2144]: No default route present, overriding ra_lifetime!
Thu Nov 23 05:58:18 2023 daemon.warn odhcpd[2144]: No default route present, overriding ra_lifetime!
Thu Nov 23 05:58:18 2023 daemon.warn odhcpd[2144]: No default route present, overriding ra_lifetime!
Thu Nov 23 05:58:18 2023 daemon.warn odhcpd[2144]: No default route present, overriding ra_lifetime!
Thu Nov 23 05:58:18 2023 daemon.warn odhcpd[2144]: No default route present, overriding ra_lifetime!
Thu Nov 23 05:58:18 2023 daemon.warn odhcpd[2144]: No default route present, overriding ra_lifetime!
Thu Nov 23 05:58:18 2023 daemon.warn odhcpd[2144]: No default route present, overriding ra_lifetime!
**Thu Nov 23 05:58:18 2023 kern.info kernel: [  245.886421] dnsmasq[10618]: segfault at 7fd08e08fa30 ip 0000563796275e2b sp 00007fff5b2bbc50 error 4 in dnsmasq[563796265000+29000]**
**Thu Nov 23 05:58:18 2023 kern.info kernel: [  245.887799] Code: 5c 00 74 04 8b 6c 24 6c 48 8d 43 50 45 31 f6 48 89 44 24 48 48 8b 15 fc 8e 02 00 48 63 c5 48 8b 7c 24 48 48 8b 92 98 01 00 00 <4c> 8b 24 c2 4c 89 e6 e8 81 f9 ff ff 41 89 c5 83 f8 ff 0f 84 f1 00**
Thu Nov 23 05:58:22 2023 daemon.notice pppd[2398]: Connection terminated.
Thu Nov 23 05:58:22 2023 daemon.info pppd[2398]: Connect time 3.9 minutes.
Thu Nov 23 05:58:22 2023 daemon.info pppd[2398]: Sent 1533807 bytes, received 8454250 bytes.
Thu Nov 23 05:58:23 2023 daemon.notice pppd[2398]: Modem hangup
Thu Nov 23 05:58:23 2023 daemon.info pppd[2398]: Exit.
Thu Nov 23 05:58:23 2023 daemon.notice netifd: Interface 'wan' is now down
Thu Nov 23 05:58:23 2023 daemon.notice netifd: Interface 'wan' is setting up now
Thu Nov 23 05:58:23 2023 daemon.info pppd[11847]: Plugin pppoe.so loaded.
Thu Nov 23 05:58:23 2023 daemon.info pppd[11847]: PPPoE plugin from pppd 2.4.9
Thu Nov 23 05:58:23 2023 daemon.notice pppd[11847]: pppd 2.4.9 started by root, uid 0
Thu Nov 23 05:58:24 2023 daemon.info dnsmasq[1]: started, version 2.89 cachesize 10000
Thu Nov 23 05:58:24 2023 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
Thu Nov 23 05:58:24 2023 daemon.info dnsmasq[1]: UBus support enabled: connected to system bus
Thu Nov 23 05:58:24 2023 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.25.100 -- 192.168.25.249, lease time 4h
Thu Nov 23 05:58:24 2023 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.24.100 -- 192.168.24.249, lease time 4h
Thu Nov 23 05:58:24 2023 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.23.100 -- 192.168.23.249, lease time 4h
Thu Nov 23 05:58:24 2023 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.22.100 -- 192.168.22.249, lease time 4h
Thu Nov 23 05:58:24 2023 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.21.100 -- 192.168.21.249, lease time 4h
Thu Nov 23 05:58:24 2023 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.99.100 -- 192.168.99.249, lease time 4h
Thu Nov 23 05:58:24 2023 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.19.100 -- 192.168.19.249, lease time 4h
Thu Nov 23 05:58:24 2023 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.15.100 -- 192.168.15.249, lease time 4h
Thu Nov 23 05:58:24 2023 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.11.100 -- 192.168.11.249, lease time 4h
Thu Nov 23 05:58:24 2023 daemon.info dnsmasq[1]: using only locally-known addresses for test
Thu Nov 23 05:58:24 2023 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Thu Nov 23 05:58:24 2023 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Thu Nov 23 05:58:24 2023 daemon.info dnsmasq[1]: using only locally-known addresses for local
Thu Nov 23 05:58:24 2023 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Thu Nov 23 05:58:24 2023 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Thu Nov 23 05:58:24 2023 daemon.info dnsmasq[1]: using only locally-known addresses for farai.org.zw
Thu Nov 23 05:58:24 2023 daemon.info dnsmasq[1]: using only locally-known addresses for zororomemorial.co.zw
Thu Nov 23 05:58:24 2023 daemon.info dnsmasq[1]: using standard nameservers for ..............
Thu Nov 23 05:58:24 2023 daemon.info dnsmasq[1]: using 530553 more local addresses
Thu Nov 23 05:58:25 2023 daemon.warn dnsmasq[1]: no servers found in /tmp/resolv.conf.d/resolv.conf.auto, will retry
Thu Nov 23 05:58:25 2023 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Thu Nov 23 05:58:25 2023 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 112 names
Thu Nov 23 05:58:25 2023 daemon.info dnsmasq[1]: read /tmp/hosts/odhcpd - 2 names
Thu Nov 23 05:58:25 2023 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
**Thu Nov 23 05:58:25 2023 kern.info kernel: [  252.923511] traps: dnsmasq[11849] general protection fault ip:5564fc07a7fc sp:7fff9b219e90 error:0 in dnsmasq[5564fc06a000+29000]**

When disabling adblock, dnsmasq does not segfault on pppoe down.

My dnsmasq config :

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option port '53'
        option localservice '1'
        option nonegcache '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option ednspacket_max '1232'
        option confdir '/tmp/dnsmasq.d'
        option cachesize '10000'
        option dnsforwardmax '1000'
        option filterwin2k '1'
        list notinterface 'pppoe-wan'


config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '4h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

My Adblock config:

config adblock 'global'
        option adb_safesearch '0'
        option adb_dnsfilereset '0'
        option adb_mail '0'
        option adb_backup '1'
        option adb_maxqueue '16'
        option adb_backupdir '/root/adb'
        option adb_lookupdomain 'google.com'
        option adb_replisten '53 853 5353'
        option adb_forcedns '1'
        list adb_portlist '53'
        list adb_portlist '853'
        list adb_portlist '5353'
        option adb_repchunkcnt '5'
        option adb_repchunksize '10'
        option adb_fetchutil 'uclient-fetch'
        option adb_dns 'dnsmasq'
        option adb_debug '0'
        option adb_report '1'
        option adb_repiface 'any'
        option adb_dnsflush '1'
        option adb_enabled '1'
        list adb_zonelist 'lan'
        list adb_sources 'adguard'
        list adb_sources 'adguard_tracking'
        list adb_sources 'android_tracking'
        list adb_sources 'andryou'
        list adb_sources 'bitcoin'
        list adb_sources 'doh_blocklist'
        list adb_sources 'easyprivacy'
        list adb_sources 'firetv_tracking'
        list adb_sources 'notracking'
        list adb_sources 'openphish'
        list adb_sources 'phishing_army'
        list adb_sources 'reg_ru'
        list adb_sources 'smarttv_tracking'
        list adb_sources 'winhelp'
        list adb_sources 'winspy'
        list adb_sources 'yoyo'

Had no issues with this exact config while running 23.05.0 v20134 and always dnsmasq/adblock handled pppoe disconnects gracefully.

Maybe adblock bumps in too early during interface restart. Just set/raise the trigger delay and set it i.e. to 10 seconds (option 'adb_triggerdelay'). While at it, please remove the 'adb_maxqueue' option cause it's no longer used in recent adblock. Furthermore disable the option 'adb_dnsflush', it's only intended as a last resort if your router is really low on memory.

Hope this helps.

Thank you for taking the time to answer. Your input is great as always.
While I made the changes suggested, unfortunately the problem remained.

Trying to troubleshoot the problem some more, I came across this thread here : Dnsmasq segfault that seemed to be applicable.

While I do not use DoH, I had this entry (among some random others that seemed innocuous) in my /etc/adblock/adblock.whitelist file to allow the cloudflare agent in one of my containers

_v2-origintunneld._tcp.argotunnel.com

Decided to empty the whitelist file just in case and dnsmasq stopped crashing while the pppoe daemon is trying to connect while the wan interface is down.

Seems strange that this entry causes dnsmasq to segfault when pppoe is down and does not seem to interfere at all when restarting dnsmasq or coming up from a reboot.

Thank you again for taking the time to help.

Regards,
Laz

Did you use the package tcpdump-mini for traffic capturing? If so, please switch to the regular tcpdump package, it seems that the mini-variant no longer supports the "any" interface ...

That's much more a performance penalty in adblock ... I'll rework the reporting with the next major adblock update (no ETA! )

Thank you so much @dibdot

I believe port 853 should be removed from offered 'Forced Ports' in 'General Settings' tab. It is not possible to downgrade DoT to unencrypted connection and it leads to non-functioning configuration.

I don't think so. This is not about redirecting, but about preventing communication via this port so that direct accesses like this one no longer work:

dig -d @1.1.1.1 +tls-ca +tls-host=one.one.one.one example.com

So it breaks clients with DoT like Android phones with respective option enabled... OK, clear.

What about 5353? It's not even a real DNS and is meant to be used in LAN only. What's the point of breaking it?

These are only port options ... use it or leave it, it's up to you.

It directly configures firewall so it forwards ports 53, 853, and 5353 to local port 53. This is wrong in case of 853 and 5353. DoT cannot be downgraded, multicast requests cannot be answered by caching resolver. If you're trying to block those then block, not forward.

Many thanks for your reply, I used both tcpdump and tcpdump-mini, same error

Thanks! For further testing please start this in a ssh session for a few minutes and report back the output (please test only with the full tcpdump version):

tcpdump -p -w - -U -Q out -i any  port 53 | tcpdump -vv -N -r - | awk '/^ +/{print $0}'

ok, I‘ll do that coming next weekend with pleasure
thank you!

Hello can adblock be used with https://pymumu.github.io/smartdns/en/ that resolves DNS queries?

Shrug, I to play with a LOT of settings, and the last one I tried, no doubt changed others as well, for me, I had to set the following to false, now is working, yey!
-=- Advanced DNS Settings -=-
External DNS Lookup Domain - false
External domain to check for a successful DNS backend restart. Please note: To disable this check set this option to 'false'.

Sun Dec  3 00:20:10 2023 user.debug adblock-4.1.5[5918]: f_dnsup  ::: dns: dnsmasq, cache_cmd: -, lookup_cmd: /usr/bin/nslookup, lookup_domain: false, restart_rc: 0, dns_flush: 1, dns_timeout: 20, dns_cnt: 20, in_rc: 0, out_rc: 0
Sun Dec  3 00:20:10 2023 user.debug adblock-4.1.5[5918]: f_jsnup  ::: status: enabled, cnt: 210237, mail: 0, mail_service: /etc/adblock/adblock.mail, mail_cnt: 0, mail_pid: -
Sun Dec  3 00:20:10 2023 user.info adblock-4.1.5[5918]: blocklist with overall 210237 blocked domains loaded successfully (Bananapi BPI-R3, OpenWrt 23.05.0 r23497-6637af95aa)

Okay, I find a combination of both FireFox using secure DNS, AND, my VPN.
With BOTH OFF, no ads.
Not good...

hi dirk,
send the tcpdump capture at you by mail
thx!
mawe

How did this happen?

adguard, adguard_tracking, disconnect = 98872
adguard, adguard_tracking, disconnect, oisd_small, yoyo = 95688

Log Viewer:

Mon Dec  4 18:03:15 2023 user.info adblock-4.1.5[20640]: adblock instance started ::: action: reload, priority: 0, pid: 20640
Mon Dec  4 18:05:43 2023 user.info adblock-4.1.5[20640]: blocklist with overall 95688 blocked domains loaded successfully (OpenWrt 23.05.2 r23630-842932a63d, )
Mon Dec  4 18:06:44 2023 user.info adblock-4.1.5[21239]: adblock instance started ::: action: reload, priority: 0, pid: 21239
Mon Dec  4 18:09:03 2023 user.info adblock-4.1.5[21239]: blocklist with overall 98872 blocked domains loaded successfully (OpenWrt 23.05.2 r23630-842932a63d, )
Mon Dec  4 18:11:30 2023 user.info adblock-4.1.5[21798]: adblock instance started ::: action: reload, priority: 0, pid: 21798

This is expected and it's called "top level domain compression" - if a new feed contains many top level domains (like the added oisd feed), many/thousands of sub-domains can be removed from the final block list.