QoS tagging for SIP and RTP

Forums Network Management Networking QoS tagging for SIP and RTP

  • This topic is empty.
Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
  • #42084

    I don’t see this exact question in previous forum posts.

    In my first cut I followed the example at http://www.zeroshell.net/eng/qos/ and used the “level 7” filters to classify SIP and RTP traffic as VoIP. I also used the level 7 filters to classify Skype traffic.

    When I make a Skype call I do see traffic categorized as “Skype”, so that seems to be working.

    However, I never see traffic tagged as “VoIP” even when I had call up with two way sound (no silence packets). I can and have changed the SIP detection as it will always use UDP port 5060 at one side or the other. But RTP can use a wide range of ports and I see other traffic that sometimes uses the ports that RTP would use, so just tagging everything that uses ports 10,000 through 20,000 is not pleasing to me.

    The NAP and connection tracking portions modules in the system seem to “do the right thing”, so they obviously know what ports the RTP stream is on. Anyway to get that information into the packet tagging for QoS?

    Is there an update for the level 7 RTP detection routines?

    Any other way to reliably detect UDP RTP datagrams?

    At present this is not a show stopper as I am putting all traffic other than VoIP on one external link and the VoIP on the second. The only non-VoIP traffic on the second link is incoming SMTP, typically spam, which is properly being classified as “bulk” so it is lower priority than the VoIP and my outbound traffic on this is quite low (acks). So my voice quality is okay and likely to remain so. I’d just like to “dot my I’s, and cross my T’s” and get all the VoIP traffic properly tagged.




    did you update the l7 protocol definitions to the latest version? It helped me to make zeroshell identifying SIP packets…

    You can download the latest definitions at sourceforge.net

    latest files are from: 28.05.2009

    Download the file, rename it to l7-protocols.tgz and place it in the following directory on your zeroshell box
    After that, you need to reboot the system.


    PS: You can verify the update by checking the top left corner of the “L7 Filter Manager” window… Now it should show something like “l7-protocols-2008-XXX”, after the update it should show “l7-protocols-2009-05-28”


    Hi mailsvb,

    Thank you for the suggestion. I’ve loaded the most recent L7 filter definitions per your suggestion. My L7 window now shows l7-protocols-2009-05-28 and the RTP filter in that .tgz file is dated 28May2009.

    However it does no better than the old one for me. Looking at the filter, I see this comment:

    # RTP headers are *very* short and compact. They have almost nothing in
    # them that can be matched by l7-filter. As RTP connections take place
    # between even numbered ports, you should probably check for that before
    # applying this pattern. If you want to match them along with their
    # associated SIP packets, you might try setting up some iptables rules
    # that watch for SIP packets and then also match any other UDP packets
    # that are going between the same two IP addresses.

    I am new enough at iptables that I haven’t a clue how to set “up some iptables rules that watch for SIP packets and then also match any other UDP packets that are going between the same two IP addresses”.

    Well, I think I can and have gotten matches for the SIP packets. I just don’t know how to then match up other UDP packets going between the same two IP addresses. Any ideas?


    Okay, this seems to work for me to tag the RTP packets associated with a call setup by SIP:

    In “IPTABLE PARAMETERS” free form field, enter the following:

    -m helper --helper sip

    From what little I turned up during searching for this, it appears that you need to tag the SIP flow first. Or maybe have the nf_conntrack_sip module loaded. It sure does not seem to be well documented.

    But based on a sample size of two calls, it does seem to properly detect the RTP stream and classify it for QoS.


    Can someone give more details on how to set this up please?

    I’m not sure where to find “IPTABLE PARAMETERS” free form field.


    On the classifier page of QoS, click on “add” and it is the 4th row.


    Excellent – thanks again!

Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.