QoS issue with Asterisk running as non-root user

Hello,

I setup Asterisk running as non-root as explained here.
And it is working fine : music on hold, voicemail, meetme, calls.

I even tried as well with a different user than “asterisk”, something like “pbx”, and I had some trouble with meetme.
I finally find out that the howto forgot to tell that we should as well take care of the user and groupe names set in /etc/udev/rules.d/dahdi.rules file.
Afer a quick modif to this file Asterisk was running fine.

With the exception that in both cases, it doens’t want to set the CoS field (namely DSCP field in 802.1q tag of Ethernet frame).
Instead of that Asterisk CLI is warning : netsock.c:165 ast_netsock_set_qos: Unable to set SIP RTP CoS to 7.

I was a bit surprised because Asterisk was performing successfully the ToS marking (of IP frames), as ASterisk CLI was telling :

When I run Astersik as root user I don’t have this trouble.
My switch and server’s network interface are correctly configured with 802.1q VLAN and network communications are working fine.

In my opinion there must be a file or folder that needs correct permission, but I can’t find out wich one.
So if anybody have a clue or an idea I would be grateful.

Many Thanks

Anybody to help on this ?

Run as root or change the kernel source code not to treat this option as privileged.

I strongly suspect that setting type of service can only be done as root.

[quote]Run as root or change the kernel source code not to treat this option as privileged.

I strongly suspect that setting type of service can only be done as root.[/quote]

I don’t understand this, I am running 1.6.2.13 as a non-root user and I get:

== Using SIP RTP TOS bits 184 == Using SIP RTP CoS mark 5 == Using UDPTL TOS bits 184 == Using UDPTL CoS mark 5

Are these messages not be believed?

Ian

I’ve not actually tried running non-root, but I think I’ve seen other people complaining about CoS not taking.

In practice, Asterisk needs to be run on a dedicated system, so running non-root doesn’t give that much protection.

It is also possible that the policy varies between OSes, Linux distrutions and versions of these. Moreover, it is possible that some CoS settings are considered dangerous and others not.

The code certainly expect this to fail because of permissions, because it explicitly suggests that as a probable cause in the error message.

[code]int ast_netsock_set_qos(int netsocket, int tos, int cos, const char *desc)
{
int res;

    if ((res = setsockopt(netsocket, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)))

)
ast_log(LOG_WARNING, “Unable to set %s TOS to %d, may be you have no root privileges\n”, desc, tos);
else if (tos)
ast_verb(2, “Using %s TOS bits %d\n”, desc, tos);[/code]

I have never seen that message on my debian system, and my router shows a rapid increase in packets marked for ef when calls are in progress, so I suppose it's working!

Ian.

I have never seen that message on my debian system, and my router shows a rapid increase in packets marked for ef when calls are in progress, so I suppose it’s working!

Ian.

Alternatively, you can implement the QoS on your switch and especially if you need to set CoS. Most switches will not trust your cos label. You can set your DSCP also at your router egress.