On 1/23/08 4:08 PM, Chris Cappuccio wrote:
Just use the 'tos' tag in pf.conf to match against the IP tos field.
Most equipment sets this to something predictable, like 0x68 for RTP and
0xb8 for SIP.... Just use tcpdump to see what your RTP traffic is tagged
as, and also prioritize SIP above RTP. You could also try matching based
on IP addresses if they are predictable, or a combination of the two.
It's a good practice, if possible, to put VoIP gear on a separate VLAN
and/or IP subnet. Less broadcast contention for VoIP traffic that way.
Using just the tos tag by itself may lead to applications cheating to get
priority bandwidth.
This came up awhile back. Since pf doesn't (yet) re-mark tos/dscp bits,
trusting those bits isn't a good idea.
dn
