[Linux] How to stop Skype from eating all your bandwidth

In other words, how to throttle and limit bandwidth that Skype uses on your Linux box.

The Problem

I use Skype to talk to few friends and relatives who won't use anything else and Hangouts isn't that convenient anyway. The problem is that there is no way on the Linux client to limit the bandwidth usage, in my case it ends up uploading way too high quality video than required. I had to limit it.

What didn't work

Solution 1Use tc to shape the traffic

I thought this will be easy, just use some service like iptables to shape traffic. Found that tc is one such tool and as long as you can match a traffic pattern, you can shape it (in our case, limit the bandwidth). However, searching through the web you will realize that matching Skype traffic isn't very easy and reliable. They do a pretty good job obfuscating the traffic. So this didn't help.

Solution 2 – Use squid as proxy server and limit traffic using it

Another way was to use squid's delay pools feature to limit traffic flowing through it and then tell Skype to use this. This seemed like a trivial solution as well, if Skype weren't a disobedient kid to ignore your proxy settings. Yes! you heard it right, Skype will just ignore your proxy settings if it can connect to the Internet without it.

The Solution

After hours of searching and hair pulling action, I came up with an addition to Solution 2 – use iptables to block access to skype. Now, iptables doesn't really have per application rules (like what people are used to from Windows Firewall etc) but it can filter on user/group. Using this, I did the following-

  1. Install and start squid
  2. Create a group called nonet
  3. Use the following iptables rules to block all communication for the group nonet, but still allow access to 127.0.0.1:3128 where squid runs (order is important)-
    • sudo iptables -A OUTPUT -p tcp -s 127.0.0.1 –dport 3128 -m owner –gid-owner nonet -j ACCEPT
    • sudo iptables -A OUTPUT -m owner –gid-owner nonet -j REJECT –reject-with icmp-net-unreachable
  4. Run Skype as the nonet group like this-
    • sudo -g nonet PULSE_LATENCY_MSEC=60 /usr/bin/skype
  5. Skype should not be able to login. Goto Options>Advanced and set the HTTPS proxy to point to squid (default 127.0.0.1 port 3128).
  6. Skype should now be able to login using the proxy (it takes a minute or two though). If not, try restarting Skype.

 

(Note that you don't even need to enable delay queues for squid to control the bandwidth, at least for me Skype doesn't go over 20KBps Upload/Download when using a proxy.)

Leave a comment