SIP ALG - Marking TOS/DSCP

SIP ALG - Marking TOS/DSCP

[allug4me allug4me]

Hi,

I am developing a module for a linux router. All the packets from LAN
to WAN are natted. I am using linux 2.6.18.2 kernel. Hence for SIP/RTP
packets from LAN to pass through I am using SIP Protocol Support of
Netfilter by enabling CONFIG_IP_NF_SIP as module.

The module I am developing needs to  mark the SIP, RTP and RTCP
packets with TOS/DSCP in IP Header and COS in the VLAN header.

Can anyone please help me to achieve this task?

Any pointers like documentation/suggestions to achieve this are
greatly appreciated.

Thank you very much for your help.

Best Regards,
marc

Re: SIP ALG - Marking TOS/DSCP

[Patrick McHardy]

allug4me allug4me wrote:
> I am developing a module for a linux router. All the packets from LAN
> to WAN are natted. I am using linux 2.6.18.2 kernel. Hence for SIP/RTP
> packets from LAN to pass through I am using SIP Protocol Support of
> Netfilter by enabling CONFIG_IP_NF_SIP as module.
> 
> The module I am developing needs to  mark the SIP, RTP and RTCP
> packets with TOS/DSCP in IP Header and COS in the VLAN header.
> 
> Can anyone please help me to achieve this task?


iptables doesn't support VLAN header mangling since its usually not
present, with the exception of bridged packets. DSCP marking of
SIP/RTP is quite simple and should be possible without a new module:


# SIP
iptables -t mangle -A POSTROUTING -p udp --dport 5060 -j DSCP --set-dscp ...

# RTP
iptables -t mangle -A POSTROUTING -m helper --helper sip -j DSCP
--set-dscp ...


RTCP is currently not recognized by the SIP helper, although it should
be trivial to add. If you do so please consider sending us the patch.

Re: SIP ALG - Marking TOS/DSCP

[allug4me allug4me]

Thank you very much Patrick for your help.

Using the commands you provided i was able to mark SIP packets.
But for RTP, the marking isn't done. I am not sure about the problem.

Is there any way to enable debug messages for sip helper so that it
can provide some insight?

Thanks for your help.
marc



On 4/11/07, Patrick McHardy <kaber@trash.net> wrote:
> allug4me allug4me wrote:
> > I am developing a module for a linux router. All the packets from LAN
> > to WAN are natted. I am using linux 2.6.18.2 kernel. Hence for SIP/RTP
> > packets from LAN to pass through I am using SIP Protocol Support of
> > Netfilter by enabling CONFIG_IP_NF_SIP as module.
> >
> > The module I am developing needs to  mark the SIP, RTP and RTCP
> > packets with TOS/DSCP in IP Header and COS in the VLAN header.
> >
> > Can anyone please help me to achieve this task?
>
>
> iptables doesn't support VLAN header mangling since its usually not
> present, with the exception of bridged packets. DSCP marking of
> SIP/RTP is quite simple and should be possible without a new module:
>
>
> # SIP
> iptables -t mangle -A POSTROUTING -p udp --dport 5060 -j DSCP --set-dscp ...
>
> # RTP
> iptables -t mangle -A POSTROUTING -m helper --helper sip -j DSCP
> --set-dscp ...
>
>
> RTCP is currently not recognized by the SIP helper, although it should
> be trivial to add. If you do so please consider sending us the patch.
>

Re: SIP ALG - Marking TOS/DSCP

[Patrick McHardy]

allug4me allug4me wrote:
> Thank you very much Patrick for your help.
> 
> Using the commands you provided i was able to mark SIP packets.
> But for RTP, the marking isn't done. I am not sure about the problem.
> 
> Is there any way to enable debug messages for sip helper so that it
> can provide some insight?


You can enabled debugging in the source. I'd suggest to try 2.6.21,
there were a number of problems in the SIP helper that only got
fixed recently.

Re: SIP ALG - Marking TOS/DSCP

[allug4me allug4me]

Thank you very much Patrick for your help.
I'll try 2.6.21

regards,
marc

On 4/12/07, Patrick McHardy <kaber@trash.net> wrote:
> allug4me allug4me wrote:
> > Thank you very much Patrick for your help.
> >
> > Using the commands you provided i was able to mark SIP packets.
> > But for RTP, the marking isn't done. I am not sure about the problem.
> >
> > Is there any way to enable debug messages for sip helper so that it
> > can provide some insight?
>
>
> You can enabled debugging in the source. I'd suggest to try 2.6.21,
> there were a number of problems in the SIP helper that only got
> fixed recently.
>