DiffServ EF as a normal user

From: Mikael Bjerkeland
Date: Thu Nov 15 2007 - 03:50:42 EST


We recently configured DiffServ QoS in our network and wanted to tag all
RTP traffic from our SIP server with Expedited Forwarding. We set the
right TOS bit on our Asterisk server, reloaded and got an error message
about a permission problem or something along those lines. We
investigated further and came to the conclusion that since Asterisk was
running as a normal user we didn't have permissions to set EF, since it
appears to be reserved for the root user. Running Asterisk as root is,
as you probably understand, sub-optimal and imposes a security risk.

I've been searching for a way to give a normal user the right
permissions to set DiffServ EF, but couldn't find anything mentioning
As a temporary workaround we set another TOS bit in Asterisk and rewrite
it on our router, but I believe a better approach would be the
possibility to assign one or many normal users rights to use EF. Would
this be possible?

Mikael Bjerkeland

Attachment: signature.asc
Description: Dette er en digitalt signert meldingsdel