72 lines
2.6 KiB
Markdown
72 lines
2.6 KiB
Markdown
# checker-sip
|
|
|
|
SIP / VoIP server checker for [happyDomain](https://www.happydomain.org/).
|
|
|
|
Probes a domain's SIP deployment end-to-end from its DNS records:
|
|
|
|
- **RFC 3263 resolution.** NAPTR → SRV (`_sip._udp`, `_sip._tcp`,
|
|
`_sips._tcp`) → A/AAAA.
|
|
- **Reachability** on every resolved `target:port` over UDP, TCP and TLS.
|
|
- **SIP `OPTIONS` ping.** Raw RFC 3261 request; parses status line,
|
|
`Server` / `User-Agent`, `Allow` methods, round-trip time.
|
|
- **Discovery entries.** Every `_sips._tcp` target is published as a
|
|
`tls.endpoint.v1` `DiscoveryEntry` (via
|
|
[`checker-tls/contract`](../checker-tls/README.md)) so the TLS checker
|
|
can verify chain, SAN, expiry and cipher posture without re-doing the
|
|
SRV lookup. TLS issues reported by the TLS checker are folded back
|
|
into this report via `GetRelated("tls_probes")`.
|
|
|
|
Attaches to the `abstract.SIP` service (SRV records for `_sip._udp`,
|
|
`_sip._tcp`, `_sips._tcp`). The happyDomain core registers the abstract
|
|
service automatically; no extra configuration is required.
|
|
|
|
## Usage
|
|
|
|
### Standalone HTTP server
|
|
|
|
```bash
|
|
make
|
|
./checker-sip -listen :8080
|
|
```
|
|
|
|
Exposes the standard happyDomain external checker endpoints (`/health`,
|
|
`/definition`, `/collect`, `/evaluate`, `/report`).
|
|
|
|
### Docker
|
|
|
|
```bash
|
|
make docker
|
|
docker run -p 8080:8080 happydomain/checker-sip
|
|
```
|
|
|
|
### happyDomain plugin
|
|
|
|
```bash
|
|
make plugin
|
|
# produces checker-sip.so, loadable as a Go plugin by happyDomain.
|
|
```
|
|
|
|
## Options
|
|
|
|
| Scope | Id | Description |
|
|
| ----- | ----------- | ---------------------------------------------------------------------- |
|
|
| Run | `domain` | SIP domain to test (auto-filled from the service domain). |
|
|
| Run | `timeout` | Per-endpoint probe timeout in seconds (default: `5`). |
|
|
| Admin | `probeUDP` | Probe `_sip._udp` (default: `true`). Disable if UDP is firewalled. |
|
|
| Admin | `probeTCP` | Probe `_sip._tcp` (default: `true`). |
|
|
| Admin | `probeTLS` | Probe `_sips._tcp` (default: `true`). |
|
|
|
|
## Tests performed
|
|
|
|
1. NAPTR lookup (`SIP+D2U`, `SIP+D2T`, `SIPS+D2T`).
|
|
2. SRV lookup for the three transports.
|
|
3. Fallback to `<domain>:5060` / `<domain>:5061` when no SRV is
|
|
published, with a visible info marker in the report.
|
|
4. A/AAAA resolution of every SRV target.
|
|
5. TCP connect / UDP send / TLS handshake (with
|
|
`InsecureSkipVerify: true` — cert posture is the TLS checker's job).
|
|
6. SIP `OPTIONS` request with status, headers and `Allow` parsed.
|
|
|
|
## License
|
|
|
|
Licensed under the **MIT License** (see `LICENSE`).
|