Paolo Lucente escribió: > Hi Sebastien, > > Hi > it might really depend on the scalability versus the accuracy of > the solution you need to develop. I see you having pretty much two > ways to go: > > First of all thank you for answer me :) > a) Basic behavioural analysis. Assume all packets flying between > the known range of RTP ports are RTP packets. If you know in advance > the expected packet size, double check this assumption by dividing > the number bytes by the number of packets. You might proceed without > restricting such check to only the RTP ports, but might be tricky > depending on the scenario. A dumb variation of this approach is > possible if you know in advance the RTP payload size (and accuracy > is not a prime issue): using the Pre-Tagging infrastructure to tag > all, say, UDP packets matching a particular payload size. > > pffff ... seems to be very complicate ! isn't it ? ;)
> b) Packet classification. The SIP pattern from the L7-filter project > recognizes SIP traffic; pmacct features a connection tracking module > for SIP which allows to expect upcoming RTP flows by looking into > INVITE and 200 messages. This might turn into a far more accurate > solution (again, depending on the scenario) but with potential > drawbacks due to the required deep-packet inspection. > > Most of new kernel support nf_conntrack_sip to match rtp and sip without use of l7-filter but I don't know If pmacct is abble to handle this ? > On a side node, remember a stateful approach like the one relying > on packet classification is more sensible to outages compared to > behavioural analysis. Of course, nothing prevents any combination > of the two solutions. > > We havent traffic under 50 Mbits. So I supose that l7-filter can do the job. > Here i'm assuming the easiest way to accomplish this, ie. every > host in the network is forced to speak RTP only passing through > a proxy and/or an AS does not hold. > > All MTA phone are connected through Openser/Asterisk proxy/registrar. > Cheers, > Paolo > > On Wed, Sep 03, 2008 at 02:26:29PM +0200, S?bastien CRAMATTE wrote: > >> Hello >> >> What is the best way to account SIP/RTP traffic with PMACCT ? >> Might we should use L7-filter ? I mean essentialy for RTP traffic not >> for SIP signalling >> >> Regards >> > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists > > > _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
