# checker-sip

SIP / VoIP server checker for [happyDomain](https://www.happydomain.org/).

Probes a domain's SIP deployment end-to-end from its DNS records:

- **RFC 3263 resolution.** NAPTR → SRV (`_sip._udp`, `_sip._tcp`,
  `_sips._tcp`) → A/AAAA.
- **Reachability** on every resolved `target:port` over UDP, TCP and TLS.
- **SIP `OPTIONS` ping.** Raw RFC 3261 request; parses status line,
  `Server` / `User-Agent`, `Allow` methods, round-trip time.
- **Discovery entries.** Every `_sips._tcp` target is published as a
  `tls.endpoint.v1` `DiscoveryEntry` (via
  [`checker-tls/contract`](../checker-tls/README.md)) so the TLS checker
  can verify chain, SAN, expiry and cipher posture without re-doing the
  SRV lookup. TLS issues reported by the TLS checker are folded back
  into this report via `GetRelated("tls_probes")`.

Attaches to the `abstract.SIP` service (SRV records for `_sip._udp`,
`_sip._tcp`, `_sips._tcp`). The happyDomain core registers the abstract
service automatically; no extra configuration is required.

## Usage

### Standalone HTTP server

```bash
make
./checker-sip -listen :8080
```

Exposes the standard happyDomain external checker endpoints (`/health`,
`/definition`, `/collect`, `/evaluate`, `/report`).

### Docker

```bash
make docker
docker run -p 8080:8080 happydomain/checker-sip
```

### happyDomain plugin

```bash
make plugin
# produces checker-sip.so, loadable as a Go plugin by happyDomain.
```

## Options

| Scope | Id          | Description                                                            |
| ----- | ----------- | ---------------------------------------------------------------------- |
| Run   | `domain`    | SIP domain to test (auto-filled from the service domain).              |
| Run   | `timeout`   | Per-endpoint probe timeout in seconds (default: `5`).                  |
| Admin | `probeUDP`  | Probe `_sip._udp` (default: `true`). Disable if UDP is firewalled.    |
| Admin | `probeTCP`  | Probe `_sip._tcp` (default: `true`).                                   |
| Admin | `probeTLS`  | Probe `_sips._tcp` (default: `true`).                                  |

## Tests performed

1. NAPTR lookup (`SIP+D2U`, `SIP+D2T`, `SIPS+D2T`).
2. SRV lookup for the three transports.
3. Fallback to `<domain>:5060` / `<domain>:5061` when no SRV is
   published, with a visible info marker in the report.
4. A/AAAA resolution of every SRV target.
5. TCP connect / UDP send / TLS handshake (with
   `InsecureSkipVerify: true` — cert posture is the TLS checker's job).
6. SIP `OPTIONS` request with status, headers and `Allow` parsed.

## License

Licensed under the **MIT License** (see `LICENSE`).