Re: [squid-users] problem acessing surveillance camera

On 18/10/2013 1:43 a.m., Fred Maranhão wrote:
> 2013/10/16 Eliezer Croitoru:
>> Hey,
>>
>> I am not sure about it but it seems to me like there might be another thing
>> about it outside of squid.
> but bypassing squid is working. there is another test that I should do?

The TCP_MISS_ABORTED tells us the client gave up waiting for the proxy
to contact the camera at XXXXXXXXXX.dyndns.org:554.

It depends on how quickly the client ABORT is happening as to which
problems are more likely. It could be DNS delays in Squid locating an IP
to forward to, or it could be Squid found one and the network somewhere
between Squid and the camera is dropping packets. It is important to
know the network path between Squid and camera is possibly a completely
different path than between users browser and camera. It could also be
HTTP protocol problems the camera having with Squid requests.

1) sites_camera ACL should probably be a dstdomain.

   NP: dst ACL verifies that the domain is still pointing at the same IP
now as when Squid was configured last (and resolved the domain into a
dst ACL IP value). Making dyndns dynamic IP service a bit useless.

2) check if the proxy is able to resolve XXXXXXXXXX.dyndns.org properly.

3) ty to locate a network trace of TCP packets from Squid to the
camera. That might reveal some strange behaviour.

Amos

>
>> What vesrion of squid are you using?
> 3.3.9
>
> Squid Cache: Version 3.3.9
> configure options: '--build=x86_64-linux-gnu' '--prefix=/usr'
> '--includedir=${prefix}/include' '--mandir=${prefix}/share/man'
> '--infodir=${prefix}/share/info' '--sysconfdir=/etc'
> '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3'
> '--disable-maintainer-mode' '--disable-dependency-tracking'
> '--disable-silent-rules' '--srcdir=.' '--datadir=/usr/share/squid3'
> '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man'
> '--with-cppunit-basedir=/usr' '--enable-inline' '--enable-async-io=8'
> '--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap'
> '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores'
> '--enable-icap-client' '--enable-follow-x-forwarded-for'
> '--enable-auth'
> '--enable-auth-basic=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM'
> '--enable-auth-digest' '--enable-auth-ntlm' '--enable-auth-negotiate'
> '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group'
> '--enable-arp-acl' '--enable-esi' '--disable-translation'
> '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid'
> '--with-filedescriptors=65536' '--with-large-files'
> '--with-default-user=proxy' '--enable-linux-netfilter'
> 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -g -Wall -O2' 'LDFLAGS='
> 'CPPFLAGS=' 'CXXFLAGS=-g -O2 -g -Wall -O2'
> '--with-sqid=/tmp/buildd/squid3-3.3.9'
>
>> Eliezer
>>
>>
>> On 10/16/2013 04:04 PM, Fred Maranhão wrote:
>>> Hi,
>>>
>>> A user has an service that allow him to access her house cameras via
>>> web. It works bypassing squid, but when we configure squid in her
>>> browser, the camera image doesn't appears and this appears in the
>>> access.log:
>>>
>>> 10.XXX.XXX.XXX - - [16/Oct/2013:09:43:20 +0000] "GET
>>>
>>> http://XXXXXXXXXX.dyndns.org:554/user=XXXXXX&password=XXXXXX&channel=1&stream=0.sdp?
>>> HTTP/1.0" 200 349 "-" "QuickTime/7.7.4 (verqt=7.7.4;so=Windows
>>> NT5.1Service Pack 3)" TCP_MISS:HIER_DIRECT
>>> 10.XXX.XXX.XXX - - [16/Oct/2013:09:44:25 +0000] "POST
>>>
>>> http://XXXXXXXXXX.dyndns.org:554/user=XXXXXX&password=XXXXXX&channel=1&stream=0.sdp?
>>> HTTP/1.0" 200 873 "-" "QuickTime/7.7.4 (verqt=7.7.4;so=Windows
>>> NT5.1Service Pack 3)" TCP_MISS_ABORTED:HIER_DIRECT
>>>
>>> the rules in squid.conf are the following:
>>>
>>> ...
>>> acl sites_camera dst XXXXXXXXXX.dyndns.org
>>> acl ports_camera port 2180 554
>>> ...
>>> acl Safe_ports port 2180 554
>>> ...
>>> http_access allow sites_camera ports_camera
>>> ...
>>> http_access deny !Safe_ports
>>> ...
>>>
Received on Thu Oct 17 2013 - 22:07:17 MDT