happyDomain/checker-sip
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
2 commits 1 branch 2 tags 77 KiB
  • Go 98.3%
  • Makefile 1%
  • Dockerfile 0.7%
Find a file
Exact
Pierre-Olivier Mercier 4b35851326 Include rules section
2026-04-30 08:47:20 +07:00
checker Initial commit 2026-04-26 19:53:22 +07:00
plugin Initial commit 2026-04-26 19:53:22 +07:00
.gitignore Initial commit 2026-04-26 19:53:22 +07:00
Dockerfile Initial commit 2026-04-26 19:53:22 +07:00
go.mod Initial commit 2026-04-26 19:53:22 +07:00
go.sum Initial commit 2026-04-26 19:53:22 +07:00
LICENSE Initial commit 2026-04-26 19:53:22 +07:00
main.go Initial commit 2026-04-26 19:53:22 +07:00
Makefile Initial commit 2026-04-26 19:53:22 +07:00
NOTICE Initial commit 2026-04-26 19:53:22 +07:00
README.md Include rules section 2026-04-30 08:47:20 +07:00

README.md

checker-sip

SIP / VoIP server checker for happyDomain.

Probes a domain's SIP deployment end-to-end from its DNS records:

  • RFC 3263 resolution. NAPTR → SRV (_sip._udp, _sip._tcp, _sips._tcp) → A/AAAA.
  • Reachability on every resolved target:port over UDP, TCP and TLS.
  • SIP OPTIONS ping. Raw RFC 3261 request; parses status line, Server / User-Agent, Allow methods, round-trip time.
  • Discovery entries. Every _sips._tcp target is published as a tls.endpoint.v1 DiscoveryEntry (via checker-tls/contract) so the TLS checker can verify chain, SAN, expiry and cipher posture without re-doing the SRV lookup. TLS issues reported by the TLS checker are folded back into this report via GetRelated("tls_probes").

Attaches to the abstract.SIP service (SRV records for _sip._udp, _sip._tcp, _sips._tcp). The happyDomain core registers the abstract service automatically; no extra configuration is required.

Usage

Standalone HTTP server

make
./checker-sip -listen :8080

Exposes the standard happyDomain external checker endpoints (/health, /definition, /collect, /evaluate, /report).

Docker

make docker
docker run -p 8080:8080 happydomain/checker-sip

happyDomain plugin

make plugin
# produces checker-sip.so, loadable as a Go plugin by happyDomain.

Options

Scope Id Description
Run domain SIP domain to test (auto-filled from the service domain).
Run timeout Per-endpoint probe timeout in seconds (default: 5).
Admin probeUDP Probe _sip._udp (default: true). Disable if UDP is firewalled.
Admin probeTCP Probe _sip._tcp (default: true).
Admin probeTLS Probe _sips._tcp (default: true).

Tests performed

  1. NAPTR lookup (SIP+D2U, SIP+D2T, SIPS+D2T).
  2. SRV lookup for the three transports.
  3. Fallback to <domain>:5060 / <domain>:5061 when no SRV is published, with a visible info marker in the report.
  4. A/AAAA resolution of every SRV target.
  5. TCP connect / UDP send / TLS handshake (with InsecureSkipVerify: true, cert posture is the TLS checker's job).
  6. SIP OPTIONS request with status, headers and Allow parsed.

Rules

Code Description Severity
sip.srv_present Verifies that _sip._udp / _sip._tcp / _sips._tcp SRV records are published and resolvable. CRITICAL
sip.transport_diversity Verifies that modern SIP transports (TCP, and ideally TLS) are published alongside legacy UDP. WARNING
sip.srv_targets_resolvable Verifies that every SRV target resolves to at least one A or AAAA address. CRITICAL
sip.endpoint_reachable Verifies that every discovered SIP endpoint accepts a connection on its transport. CRITICAL
sip.options_response Verifies that every reachable SIP endpoint answers OPTIONS with a 2xx response. CRITICAL
sip.options_capabilities Reviews the Allow header advertised in OPTIONS replies (INVITE support, Allow presence). WARNING
sip.ipv6_coverage Verifies at least one SIP endpoint is reachable over IPv6. INFO
sip.tls_quality Folds the downstream TLS checker findings (chain, hostname match, expiry) onto the SIP service. CRITICAL

License

Licensed under the MIT License (see LICENSE).