On 18/10/2013 1:43 a.m., Fred Maranhão wrote:
2013/10/16 Eliezer Croitoru:
Hey,
I am not sure about it but it seems to me like there might be another thing
about it outside of squid.
but bypassing squid is working. there is another test that I should do?
The TCP_MISS_ABORTED tells us the client gave up waiting for the proxy
to contact the camera at XXXXXXXXXX.dyndns.org:554.
It depends on how quickly the client ABORT is happening as to which
problems are more likely. It could be DNS delays in Squid locating an IP
to forward to, or it could be Squid found one and the network somewhere
between Squid and the camera is dropping packets. It is important to
know the network path between Squid and camera is possibly a completely
different path than between users browser and camera. It could also be
HTTP protocol problems the camera having with Squid requests.
1) sites_camera ACL should probably be a dstdomain.
NP: dst ACL verifies that the domain is still pointing at the same IP
now as when Squid was configured last (and resolved the domain into a
dst ACL IP value). Making dyndns dynamic IP service a bit useless.
2) check if the proxy is able to resolve XXXXXXXXXX.dyndns.org properly.
3) ty to locate a network trace of TCP packets from Squid to the
camera. That might reveal some strange behaviour.
Amos
What vesrion of squid are you using?
3.3.9
Squid Cache: Version 3.3.9
configure options: '--build=x86_64-linux-gnu' '--prefix=/usr'
'--includedir=${prefix}/include' '--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info' '--sysconfdir=/etc'
'--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3'
'--disable-maintainer-mode' '--disable-dependency-tracking'
'--disable-silent-rules' '--srcdir=.' '--datadir=/usr/share/squid3'
'--sysconfdir=/etc/squid3' '--mandir=/usr/share/man'
'--with-cppunit-basedir=/usr' '--enable-inline' '--enable-async-io=8'
'--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap'
'--enable-delay-pools' '--enable-cache-digests' '--enable-underscores'
'--enable-icap-client' '--enable-follow-x-forwarded-for'
'--enable-auth'
'--enable-auth-basic=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM'
'--enable-auth-digest' '--enable-auth-ntlm' '--enable-auth-negotiate'
'--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group'
'--enable-arp-acl' '--enable-esi' '--disable-translation'
'--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid'
'--with-filedescriptors=65536' '--with-large-files'
'--with-default-user=proxy' '--enable-linux-netfilter'
'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -g -Wall -O2' 'LDFLAGS='
'CPPFLAGS=' 'CXXFLAGS=-g -O2 -g -Wall -O2'
'--with-sqid=/tmp/buildd/squid3-3.3.9'
Eliezer
On 10/16/2013 04:04 PM, Fred Maranhão wrote:
Hi,
A user has an service that allow him to access her house cameras via
web. It works bypassing squid, but when we configure squid in her
browser, the camera image doesn't appears and this appears in the
access.log:
10.XXX.XXX.XXX - - [16/Oct/2013:09:43:20 +0000] "GET
http://XXXXXXXXXX.dyndns.org:554/user=XXXXXX&password=XXXXXX&channel=1&stream=0.sdp?
HTTP/1.0" 200 349 "-" "QuickTime/7.7.4 (verqt=7.7.4;so=Windows
NT5.1Service Pack 3)" TCP_MISS:HIER_DIRECT
10.XXX.XXX.XXX - - [16/Oct/2013:09:44:25 +0000] "POST
http://XXXXXXXXXX.dyndns.org:554/user=XXXXXX&password=XXXXXX&channel=1&stream=0.sdp?
HTTP/1.0" 200 873 "-" "QuickTime/7.7.4 (verqt=7.7.4;so=Windows
NT5.1Service Pack 3)" TCP_MISS_ABORTED:HIER_DIRECT
the rules in squid.conf are the following:
...
acl sites_camera dst XXXXXXXXXX.dyndns.org
acl ports_camera port 2180 554
...
acl Safe_ports port 2180 554
...
http_access allow sites_camera ports_camera
...
http_access deny !Safe_ports
...