ruth at mildmac.es
2008-Jul-19 17:10 UTC
[asterisk-users] asterisk-users Digest, Vol 48, Issue 56
Hola, Estoy de vacaciones hasta el 1 de Agosto. Para dar soporte sobre la centralita de telefonia: voip at mildmac.es Perdonen las molestias. Ruth Llaneza Lapausa - Tecnico de VoIP. ruth.llaneza at mildmac.es Tlf: 902 199 384 Mildmac SA ? www.mildmac.es ? mildmac at mildmac.es C/ Hnos. Garc?a Noblejas 41, 6? planta. 28037 - Madrid Tlf: +34 91 501 33 02 Fax: +34 91 501 57 45
Bill Michaelson
2008-Jul-19 17:19 UTC
[asterisk-users] asterisk-users Digest, Vol 48, Issue 56
> Message: 1 > Date: Fri, 18 Jul 2008 20:35:47 -0700 > From: Dave Platt <dplatt at radagast.org>> I'm preparing for a client install of * by doing a fresh one in-house. > Unlike my earlier installation that runs asterisk as superuser, my > current experimental box runs without such privilege. This is causing > it to moan that it can't set TOS. I absolutely don't want to install it > on the client LAN without this capability. If need be, I'll set the > binary to run setuid root. > > But I'm looking for something more elegant. While googling, I found a > suggestion to use iptables mangle rules to set TOS for all packets going > out of the box on ports like 5060 and 10000:20000. Not a bad hack, but > indiscriminate and this box will be handling other traffic besides the > RTP. I'd like to do better. > > > It is possible for an iptables filter/rule to match packets in the > OUTPUT chain based on the UID or GID of the process which created > them, if you have the "owner" module loaded. You should be able to > add a rule to the OUTPUT chain of the mangle table which will set the > TOS properly for any and all outbound packets generated locally by the > non-root user ID which you're using to run Asterisk. >I've used LARTC and I'm aware of the capability, but keying on UID did not occur to me. Thank you - it's a good solution.> Come to think of it, I think I need to do this myself. I'm using the > "ultimate Linux traffic conditioning" configuration (modified very > slightly) to prioritize my system's outbound traffic into multiple > queues by TOS, and it's probably mis-queueing the RTP traffic because > my Debian install of Asterisk is running under a non-root UID. >Glad to be of assistance.> >> I thought of using POSIX access control to enable asterisk to do TOS >> setting without being root (would this be CAP_NET_RAW?), which sounds >> perfect, but so far I'm operating with stock ubuntu hardy, and I would >> like to avoid a kernel build to add this capability. >> >> Any other ideas? >> > > Seems like "iptables -t mangle -A OUTPUT -m owner --uid-owner $ASTERISK" > would be along the lines of what you want? Mark the packets with the > TOS you want... and then consider using the Linux traffic-shaping > system to make sure that they really do get transmitted ahead of > non-urgent packets: >Traffic-shaping in the box would probably be overkill for my purpose because the nature of the routing in this box will limit the contention from this source. I think I just need to have the packets treated well once they hit the local network. But this is also a worthwhile consideration, and probably useful in other circumstances. Again, thanks for the reply - it's right on target and solves my problem nicely. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20080719/648f6949/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3221 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20080719/648f6949/attachment.bin