Long-Term Data weirdness

devbrodie · March 10, 2020, 2:44pm

Expected Behaviour:

Long Term Data should be storing all requests from all clients

Actual Behaviour:

Long term Data only shows data for approx 1 day, then stops storing activity. If I re-boot the pi, it works, but again for only approx 1 day, then stops

Iv'e searches many topics on this and can confirm...

PHP-SQLite3 is installed
the pi has 664 permissions on /etc/pihole/pihole-FTL.db
the pi has write permissions on same

If I use the "Query Log" and click "Show all", then I can see everything, it's just when using "Long Term Data" I get this weirdness.

Help please - it's driving me nuts...

Bucking_Horn · March 10, 2020, 5:22pm

Welcome to the Pi-hole community, devbrodie.

Please supply the token generated by

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

devbrodie · March 10, 2020, 6:31pm

Token:

https://tricorder.pi-hole.net/pcy2im3wpc

Bucking_Horn · March 10, 2020, 6:57pm

Illegal characters in some of your device names seem to cause database write errors, e.g. heth's-tablet.
Note that a couple of Internet standards restrict hostnames to only contain letters 'a' through 'z' (in a case-insensitive manner), the digits '0' through '9' and the hyphen/minus character ('-').

As this seems to disable the database connection in return, it may well be the root cause for lack of long-term database entries.

Removing the apostrophe from the name (as in heths-tablet) should fix this.

Pi-hole's web UI does actively safeguard against invalid hostnames.
How did you provide the names for your devices?

devbrodie · March 11, 2020, 8:04am

OK - I'll try renaming those devices - Thanks!

I named the devices by editing the hosts file on the Pi

devbrodie · March 13, 2020, 11:41am

Update - I renamed all devices I could find to remove any illegal characters.

My last entry in long term data was 3 days ago, yet in the query log, I see everything upto the last few minutes. Additionally, If I try to run a Long Term Data Query for a long date range (i.e. "This year") I get an "Unexpected error"

Any ideas?

New token...

https://tricorder.pi-hole.net/hzxeeco3bs

DL6ER · March 15, 2020, 6:29pm

Three possible solution:

Reject invalid host names, do never store them in the database
Modify invalid host names, remove invalid characters and store what is left
Accept invalid host names, store them in the database (and fix the bug we currently see)

We can achieve all three with small to medium code changes. No. 2 will be the most complicated one.

DanSchaper · March 15, 2020, 6:51pm

DL6ER · March 15, 2020, 7:37pm

Hostnames with ' are considered valid by dnsmasq, so we should probably accept them as well. Working on no. 3 now...

DL6ER · March 15, 2020, 9:36pm

Number 3 is now implemented in branch new/all_clients_network_table where we are doing some work on the code around the network table, anyways. The connected PR is

github.com/pi-hole/FTL

Add all clients FTL knows about to the network table

pi-hole:release/v5.0 ← pi-hole:new/all_clients_network_table

opened 10:12AM - 07 Mar 20 UTC

DL6ER

+406 -66

**By submitting this pull request, I confirm the following:** - [X] I have re…ad and understood the [contributors guide](https://github.com/pi-hole/pi-hole/blob/master/CONTRIBUTING.md). - [X] I have checked that [another pull request](https://github.com/pi-hole/FTL/pulls) for this purpose does not exist. - [X] I have considered, and confirmed that this submission will be valuable to others. - [X] I accept that this submission may not be used, and the pull request closed at the will of the maintainer. - [X] I give this submission freely, and claim no ownership to its content. **How familiar are you with the codebase?:** ## 10 --- Add all clients FTL knows about to the network table. This requires a yet to be done modification to the web interface to hide the mock hardware addresses we generate for these devices. This change will import distant clients not visible over ARP/neigh (like VPN connected or VLAN separated devices) in the network table. As there is no one unique identification criterion now (we used the MAC address for this, before), each IP change of a non-deterministic DHCP server will fill the network table with additional entries as there is no way to detect if client `.3` was `.5` yesterday without the MAC address. Maybe we need a setting for this defaulting to `false` which can then be enabled by power-users running VPNs, VLANs, etc. However, "normal" (as in: no power-) users will likely not have any clients in their network which are not also covered by ARP/neigh, so there may be no issue even with having this defaulting to `true`. Note that clients found through ARP/neigh will always have higher priority than "remaining" clients known to FTL. FTL's knowledge is only used to "fill the gaps".

DL6ER · March 15, 2020, 9:37pm

This will be fixed in Pi-hole v5.0 where we ensure that all data can contain correctly encoded UTF-8 characters.

DanSchaper · March 15, 2020, 10:01pm

So we allow and store invalid data? Seems to be the wrong approach in my view.

DL6ER · March 15, 2020, 10:29pm

The chain of thing is as follows:

FTL sees a request from some client 192.168.0.2
FTL sends a PTR for this IP
FTL receives a reply from someone (typically the embedded dnsmasq, could be some other source as well)
FTL stores what it got in the database

I think it is okay to store what we received as reply to our PTR earlier? When we receive something "invalid", the replying DNS server seems to be the one to blame.

DanSchaper · March 15, 2020, 11:00pm

If the PTR data (payload) is RFC compliant then store it. If the data is invalid then I wouldn't keep it. There's no use for it and the invalid payload may contain something we don't want.

DL6ER · March 23, 2020, 2:25pm

Next iteration: Host names are now validated for...

Length (maximum length is given by MAXHOSTNAMELEN given by the system through asm-generic/param.h, defaulting to 64, can be overwritten during compilation)

If the maximum length is exceeded, FTL truncates the hostname and logs:
```
[2020-03-23 14:59:00.475 14511] WARN: Hostname of client 192.168.0.219 too long, truncating to 64 chars!
```
Note: The truncated version of the host name is used
Valid characters (we accept A-Z a-z 0-9 _ - .)

If invalid characters or binary blobs are found, FTL does not import the hostname and logs:
```
[2020-03-23 14:59:00.745 14511] WARN: Hostname of client 127.0.0.63 contains invalid character: � (char code 195)
```
(I added the German umlaut ö as example here)

Note: Any host name containing invalid characters is discarded entirely (as if no host name is available)

I pushed my changes (branch new/all_clients_network_table).

github.com/pi-hole/FTL

Add all clients FTL knows about to the network table

pi-hole:release/v5.0 ← pi-hole:new/all_clients_network_table

opened 10:12AM - 07 Mar 20 UTC

DL6ER

+406 -66

**By submitting this pull request, I confirm the following:** - [X] I have re…ad and understood the [contributors guide](https://github.com/pi-hole/pi-hole/blob/master/CONTRIBUTING.md). - [X] I have checked that [another pull request](https://github.com/pi-hole/FTL/pulls) for this purpose does not exist. - [X] I have considered, and confirmed that this submission will be valuable to others. - [X] I accept that this submission may not be used, and the pull request closed at the will of the maintainer. - [X] I give this submission freely, and claim no ownership to its content. **How familiar are you with the codebase?:** ## 10 --- Add all clients FTL knows about to the network table. This requires a yet to be done modification to the web interface to hide the mock hardware addresses we generate for these devices. This change will import distant clients not visible over ARP/neigh (like VPN connected or VLAN separated devices) in the network table. As there is no one unique identification criterion now (we used the MAC address for this, before), each IP change of a non-deterministic DHCP server will fill the network table with additional entries as there is no way to detect if client `.3` was `.5` yesterday without the MAC address. Maybe we need a setting for this defaulting to `false` which can then be enabled by power-users running VPNs, VLANs, etc. However, "normal" (as in: no power-) users will likely not have any clients in their network which are not also covered by ARP/neigh, so there may be no issue even with having this defaulting to `true`. Note that clients found through ARP/neigh will always have higher priority than "remaining" clients known to FTL. FTL's knowledge is only used to "fill the gaps".

DanSchaper · March 23, 2020, 5:42pm

The Valid Characters seems logical as long as IDNs are converted to punycode before validation.

DL6ER · March 23, 2020, 9:01pm

That's in the responsibility of the client If I recall correctly what was in the RFC. I just checked, Firefox correctly does this (try www.allestörungen.de). If you directly fire this query through dig, it will not be converted. However, FTL A.K.A. dnsmasq is still able to handle them and we're only talking about client host names here. This validation does not touch the regular DNS server operation in any way.

DL6ER · March 29, 2020, 9:16pm

This code has been merged into the regular beta code so everyone will benefit. Please re-checkout the beta branches to continue receiving updates and new features:

pihole checkout ftl release/v5.0

Thanks for all your contributions!

system · April 19, 2020, 9:16pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.