Search squid archive

Re: problem acessing surveillance camera

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 18/10/2013 1:43 a.m., Fred Maranhão wrote:
2013/10/16 Eliezer Croitoru:
Hey,

I am not sure about it but it seems to me like there might be another thing
about it outside of squid.
but bypassing squid is working. there is another test that I should do?

The TCP_MISS_ABORTED tells us the client gave up waiting for the proxy to contact the camera at XXXXXXXXXX.dyndns.org:554.

It depends on how quickly the client ABORT is happening as to which problems are more likely. It could be DNS delays in Squid locating an IP to forward to, or it could be Squid found one and the network somewhere between Squid and the camera is dropping packets. It is important to know the network path between Squid and camera is possibly a completely different path than between users browser and camera. It could also be HTTP protocol problems the camera having with Squid requests.


1) sites_camera ACL should probably be a dstdomain.

NP: dst ACL verifies that the domain is still pointing at the same IP now as when Squid was configured last (and resolved the domain into a dst ACL IP value). Making dyndns dynamic IP service a bit useless.


2) check if the proxy is able to resolve XXXXXXXXXX.dyndns.org properly.

3) ty to locate a network trace of TCP packets from Squid to the camera. That might reveal some strange behaviour.


Amos



What vesrion of squid are you using?
3.3.9

Squid Cache: Version 3.3.9
configure options:  '--build=x86_64-linux-gnu' '--prefix=/usr'
'--includedir=${prefix}/include' '--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info' '--sysconfdir=/etc'
'--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3'
'--disable-maintainer-mode' '--disable-dependency-tracking'
'--disable-silent-rules' '--srcdir=.' '--datadir=/usr/share/squid3'
'--sysconfdir=/etc/squid3' '--mandir=/usr/share/man'
'--with-cppunit-basedir=/usr' '--enable-inline' '--enable-async-io=8'
'--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap'
'--enable-delay-pools' '--enable-cache-digests' '--enable-underscores'
'--enable-icap-client' '--enable-follow-x-forwarded-for'
'--enable-auth'
'--enable-auth-basic=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM'
'--enable-auth-digest' '--enable-auth-ntlm' '--enable-auth-negotiate'
'--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group'
'--enable-arp-acl' '--enable-esi' '--disable-translation'
'--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid'
'--with-filedescriptors=65536' '--with-large-files'
'--with-default-user=proxy' '--enable-linux-netfilter'
'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -g -Wall -O2' 'LDFLAGS='
'CPPFLAGS=' 'CXXFLAGS=-g -O2 -g -Wall -O2'
'--with-sqid=/tmp/buildd/squid3-3.3.9'

Eliezer


On 10/16/2013 04:04 PM, Fred Maranhão wrote:
Hi,

A user has an service that allow him to access her house cameras via
web. It works bypassing squid, but when we configure squid in her
browser, the camera image doesn't appears and this appears in the
access.log:

10.XXX.XXX.XXX - - [16/Oct/2013:09:43:20 +0000] "GET

http://XXXXXXXXXX.dyndns.org:554/user=XXXXXX&password=XXXXXX&channel=1&stream=0.sdp?
HTTP/1.0" 200 349 "-" "QuickTime/7.7.4 (verqt=7.7.4;so=Windows
NT5.1Service Pack 3)" TCP_MISS:HIER_DIRECT
10.XXX.XXX.XXX - - [16/Oct/2013:09:44:25 +0000] "POST

http://XXXXXXXXXX.dyndns.org:554/user=XXXXXX&password=XXXXXX&channel=1&stream=0.sdp?
HTTP/1.0" 200 873 "-" "QuickTime/7.7.4 (verqt=7.7.4;so=Windows
NT5.1Service Pack 3)" TCP_MISS_ABORTED:HIER_DIRECT

the rules in squid.conf are the following:

...
acl sites_camera dst XXXXXXXXXX.dyndns.org
acl ports_camera port 2180 554
...
acl Safe_ports port 2180 554
...
http_access allow sites_camera ports_camera
...
http_access deny !Safe_ports
...






[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux