From 9f7b585517f26804182be8125f0e68067b2950a8 Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Sun, 19 Apr 2026 10:28:39 +0700 Subject: [PATCH] Initial commit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Generic SRV records checker for happyDomain. For each SRV record attached to an svcs.UnknownSRV service, the checker resolves every target and probes reachability: - DNS resolution (A/AAAA), CNAME detection (RFC 2782 violation), null-target detection (RFC 2782 "service explicitly unavailable") - TCP connect to target:port for _tcp SRVs - UDP probe for _udp SRVs, using ICMP port-unreachable detection The checker also publishes TLS endpoints (host, port, SNI) for every SRV target hitting a well-known direct-TLS port (443, 465, 636, 853, 993, 995, 5061, 5223, …) via the EndpointDiscoverer SDK interface, so a downstream TLS checker can pick them up. The HTML report groups records as cards and surfaces the most common failure scenarios (DNS failure, CNAME target, TCP unreachable, null-target) at the top with remediation guidance. Co-Authored-By: Claude Opus 4.7 (1M context) --- .gitignore | 2 + Dockerfile | 14 +++ Makefile | 25 ++++ README.md | 154 +++++++++++++++++++++++ checker/collect.go | 210 +++++++++++++++++++++++++++++++ checker/definition.go | 75 +++++++++++ checker/provider.go | 72 +++++++++++ checker/report.go | 287 ++++++++++++++++++++++++++++++++++++++++++ checker/rule.go | 270 +++++++++++++++++++++++++++++++++++++++ checker/types.go | 54 ++++++++ go.mod | 45 +++++++ go.sum | 102 +++++++++++++++ main.go | 24 ++++ plugin/plugin.go | 14 +++ 14 files changed, 1348 insertions(+) create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100644 Makefile create mode 100644 README.md create mode 100644 checker/collect.go create mode 100644 checker/definition.go create mode 100644 checker/provider.go create mode 100644 checker/report.go create mode 100644 checker/rule.go create mode 100644 checker/types.go create mode 100644 go.mod create mode 100644 go.sum create mode 100644 main.go create mode 100644 plugin/plugin.go diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..0052216 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +checker-srv +*.so diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..304ff37 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,14 @@ +FROM golang:1.25-alpine AS builder + +ARG CHECKER_VERSION=custom-build + +WORKDIR /src +COPY go.mod go.sum ./ +RUN go mod download +COPY . . +RUN CGO_ENABLED=0 go build -ldflags "-X main.Version=${CHECKER_VERSION}" -o /checker-srv . + +FROM scratch +COPY --from=builder /checker-srv /checker-srv +EXPOSE 8080 +ENTRYPOINT ["/checker-srv"] diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..d311efb --- /dev/null +++ b/Makefile @@ -0,0 +1,25 @@ +CHECKER_NAME := checker-srv +CHECKER_IMAGE := happydomain/$(CHECKER_NAME) +CHECKER_VERSION ?= custom-build + +CHECKER_SOURCES := main.go $(wildcard checker/*.go) + +GO_LDFLAGS := -X main.Version=$(CHECKER_VERSION) + +.PHONY: all plugin docker clean + +all: $(CHECKER_NAME) + +$(CHECKER_NAME): $(CHECKER_SOURCES) + go build -ldflags "$(GO_LDFLAGS)" -o $@ . + +plugin: $(CHECKER_NAME).so + +$(CHECKER_NAME).so: $(CHECKER_SOURCES) $(wildcard plugin/*.go) + go build -buildmode=plugin -ldflags "$(GO_LDFLAGS)" -o $@ ./plugin/ + +docker: + docker build --build-arg CHECKER_VERSION=$(CHECKER_VERSION) -t $(CHECKER_IMAGE) . + +clean: + rm -f $(CHECKER_NAME) $(CHECKER_NAME).so diff --git a/README.md b/README.md new file mode 100644 index 0000000..c89e4cc --- /dev/null +++ b/README.md @@ -0,0 +1,154 @@ +# checker-srv + +Generic SRV records checker for [happyDomain](https://www.happydomain.org/). + +For every SRV record attached to a service, verifies: + +- DNS resolution of each target (A/AAAA) +- RFC 2782 compliance: target is not `"."` (null), target is not a CNAME +- TCP reachability on `target:port` (for `_tcp` SRVs) +- UDP reachability on `target:port` (for `_udp` SRVs), via ICMP port-unreachable detection + +TLS/certificate testing is intentionally out of scope — it belongs to a dedicated TLS checker. + +The HTML report surfaces the most common failure scenarios at the top with actionable remediation guidance (DNS failure, CNAME-as-target, TCP unreachable, explicit null-target). + +## Usage + +### Standalone HTTP server + +```bash +# Build and run +make +./checker-srv -listen :8080 +``` + +The server exposes: + +- `GET /health` — health check +- `GET /definition` — checker definition (options, rules, availability) +- `POST /collect` — collect SRV observations (happyDomain external checker protocol) +- `POST /evaluate` — evaluate observations against the rules +- `POST /report` — render the HTML report + +### Docker + +```bash +make docker +docker run -p 8080:8080 happydomain/checker-srv +``` + +### happyDomain plugin + +```bash +make plugin +# produces checker-srv.so, loadable by happyDomain as a Go plugin +``` + +The plugin exposes a `NewCheckerPlugin` symbol returning the checker +definition and observation provider, which happyDomain registers in its +global registries at load time. + +### Versioning + +The binary, plugin, and Docker image embed a version string overridable +at build time: + +```bash +make CHECKER_VERSION=1.2.3 +make plugin CHECKER_VERSION=1.2.3 +make docker CHECKER_VERSION=1.2.3 +``` + +### happyDomain remote endpoint + +Set the `endpoint` admin option for the SRV checker to the URL of the running checker-srv server (e.g., `http://checker-srv:8080`). happyDomain will delegate observation collection to this endpoint. + +## Protocol + +### POST /collect + +Request: +```json +{ + "key": "srv_records", + "target": {"userId": "...", "domainId": "...", "serviceId": "..."}, + "options": { + "service": {"_svctype": "svcs.UnknownSRV", "Service": {"srv": [ /* dns.SRV records */ ]}}, + "subdomain": "_sip._tcp", + "domain": "example.com", + "tcpTimeout": 3000, + "udpTimeout": 2000 + } +} +``` + +Response: +```json +{ + "data": { + "serviceDomain": "_sip._tcp.example.com", + "records": [ + { + "service": "sip", + "proto": "tcp", + "owner": "_sip._tcp.example.com", + "target": "sip1.example.com", + "port": 5061, + "priority": 10, + "weight": 20, + "addresses": ["203.0.113.5"], + "probes": [ + { + "address": "203.0.113.5:5061", + "proto": "tcp", + "connected": true, + "latencyMs": 12.4 + } + ] + } + ] + } +} +``` + +## Rules + +| Name | Description | +|---|---| +| `srv_records_present` | At least one SRV record is published. | +| `srv_null_target` | Detects `"."` targets (RFC 2782 — service intentionally unavailable). | +| `srv_target_not_cname` | Warns when an SRV target is a CNAME (RFC 2782 violation). | +| `srv_targets_resolve` | Every target resolves to at least one A/AAAA. | +| `srv_tcp_reachable` | Every `_tcp` SRV `target:port` accepts a TCP connection. | +| `srv_udp_reachable` | UDP targets do not return ICMP port-unreachable. | +| `srv_redundancy` | At least two distinct targets exist (no single point of failure). | + +## License & licensing roadmap + +This project is currently licensed under the **GNU Affero General Public +License v3.0** (see `LICENSE`), because it still imports +`happydns.ServiceMessage` from the happyDomain server module +(`git.happydns.org/happyDomain/model`), which is itself distributed under +AGPL-3.0 and a commercial license. + +The core checker types (`CheckerOptions`, `CheckerDefinition`, +`ObservationProvider`, `CheckRule`, …) have already been migrated to +[`checker-sdk-go`](https://git.happydns.org/checker-sdk-go); only the +service-message types remain on the AGPL side. + +**Planned relicensing:** as soon as the remaining `ServiceMessage` +dependency has been removed (moved into a dedicated permissively licensed +module), this project will be relicensed under the **MIT License**, in +line with the rest of the happyDomain checker ecosystem (see +`checker-dummy` for the target shape). + +**Contributors notice:** by submitting a contribution to this repository, +you accept that your contribution will be relicensed from AGPL-3.0 to MIT +at the time of the relicensing described above. If you do not agree with +this, please do not submit contributions until the relicensing has taken +place. + +The third-party Apache-2.0 attributions for `checker-sdk-go` are recorded +in `NOTICE` and must accompany any binary or source redistribution of this +project. diff --git a/checker/collect.go b/checker/collect.go new file mode 100644 index 0000000..212a703 --- /dev/null +++ b/checker/collect.go @@ -0,0 +1,210 @@ +package checker + +import ( + "context" + "encoding/json" + "fmt" + "net" + "strconv" + "strings" + "time" + + sdk "git.happydns.org/checker-sdk-go/checker" + happydns "git.happydns.org/happyDomain/model" +) + +// unknownSRVPayload mirrors svcs.UnknownSRV for JSON-decoding the service body. +// We decode SRV records by hand (instead of importing miekg/dns) so the +// checker stays light and its build surface minimal. +type unknownSRVPayload struct { + Records []struct { + Hdr struct { + Name string `json:"Name"` + } `json:"Hdr"` + Priority uint16 `json:"Priority"` + Weight uint16 `json:"Weight"` + Port uint16 `json:"Port"` + Target string `json:"Target"` + } `json:"srv"` +} + +func (p *srvProvider) Collect(ctx context.Context, opts sdk.CheckerOptions) (any, error) { + svcMsg, ok := sdk.GetOption[happydns.ServiceMessage](opts, "service") + if !ok { + return nil, fmt.Errorf("service not provided") + } + if svcMsg.Type != "svcs.UnknownSRV" { + return nil, fmt.Errorf("service type is %q, expected svcs.UnknownSRV", svcMsg.Type) + } + + var payload unknownSRVPayload + if err := json.Unmarshal(svcMsg.Service, &payload); err != nil { + return nil, fmt.Errorf("failed to decode UnknownSRV: %w", err) + } + if len(payload.Records) == 0 { + return nil, fmt.Errorf("service contains no SRV records") + } + + subdomain, _ := opts["subdomain"].(string) + domain, _ := opts["domain"].(string) + + // The service "address" (e.g. _sip._tcp.example.com) — used for reporting. + serviceDomain := strings.TrimSuffix(subdomain, ".") + if domain != "" { + if serviceDomain != "" { + serviceDomain += "." + strings.TrimSuffix(domain, ".") + } else { + serviceDomain = strings.TrimSuffix(domain, ".") + } + } + + tcpTimeout := durationOpt(opts, "tcpTimeout", 3000) + udpTimeout := durationOpt(opts, "udpTimeout", 2000) + + data := &SRVData{ServiceDomain: serviceDomain} + + for _, r := range payload.Records { + owner := strings.TrimSuffix(r.Hdr.Name, ".") + svc, proto := parseOwner(owner, serviceDomain) + + rec := SRVRecord{ + Service: svc, + Proto: proto, + Owner: owner, + Target: strings.TrimSuffix(r.Target, "."), + Port: r.Port, + Priority: r.Priority, + Weight: r.Weight, + } + + // RFC 2782: "." target means "service decidedly not available". + if rec.Target == "" || rec.Target == "." { + rec.IsNullTarget = true + data.Records = append(data.Records, rec) + continue + } + + // CNAME detection (RFC 2782 §"Usage rules": target MUST be a name that + // resolves to A/AAAA records directly, not a CNAME). + if cname, err := net.DefaultResolver.LookupCNAME(ctx, rec.Target); err == nil { + canon := strings.TrimSuffix(cname, ".") + if canon != "" && !strings.EqualFold(canon, rec.Target) { + rec.IsCNAME = true + rec.CNAMEChain = []string{rec.Target, canon} + } + } + + ips, err := net.DefaultResolver.LookupIPAddr(ctx, rec.Target) + if err != nil { + rec.ResolveError = err.Error() + data.Records = append(data.Records, rec) + continue + } + for _, ip := range ips { + rec.Addresses = append(rec.Addresses, ip.IP.String()) + } + + // Probe each resolved address. + for _, addr := range rec.Addresses { + hostport := net.JoinHostPort(addr, strconv.Itoa(int(rec.Port))) + switch proto { + case "udp": + rec.Probes = append(rec.Probes, probeUDP(ctx, hostport, udpTimeout)) + default: // tcp (and anything else) + rec.Probes = append(rec.Probes, probeTCP(ctx, hostport, tcpTimeout)) + } + } + + data.Records = append(data.Records, rec) + } + + return data, nil +} + +func parseOwner(owner, serviceDomain string) (svc, proto string) { + // Owner of form _service._proto[.domain] + s := strings.TrimSuffix(owner, "."+serviceDomain) + parts := strings.Split(s, ".") + if len(parts) >= 2 && strings.HasPrefix(parts[0], "_") && strings.HasPrefix(parts[1], "_") { + return strings.TrimPrefix(parts[0], "_"), strings.TrimPrefix(parts[1], "_") + } + return "", "tcp" +} + +func durationOpt(opts sdk.CheckerOptions, key string, defMs int) time.Duration { + ms := defMs + if v, ok := opts[key]; ok { + switch n := v.(type) { + case float64: + ms = int(n) + case int: + ms = n + } + } + if ms < 100 { + ms = 100 + } + if ms > 60000 { + ms = 60000 + } + return time.Duration(ms) * time.Millisecond +} + +func probeTCP(ctx context.Context, hostport string, timeout time.Duration) ProbeResult { + pr := ProbeResult{Address: hostport, Proto: "tcp"} + dialer := net.Dialer{Timeout: timeout} + start := time.Now() + ctx, cancel := context.WithTimeout(ctx, timeout) + defer cancel() + conn, err := dialer.DialContext(ctx, "tcp", hostport) + pr.LatencyMs = float64(time.Since(start).Microseconds()) / 1000.0 + if err != nil { + pr.Error = err.Error() + return pr + } + _ = conn.Close() + pr.Connected = true + return pr +} + +func probeUDP(ctx context.Context, hostport string, timeout time.Duration) ProbeResult { + pr := ProbeResult{Address: hostport, Proto: "udp"} + dialer := net.Dialer{Timeout: timeout} + ctx2, cancel := context.WithTimeout(ctx, timeout) + defer cancel() + conn, err := dialer.DialContext(ctx2, "udp", hostport) + if err != nil { + pr.Error = err.Error() + return pr + } + defer conn.Close() + + // Send a single zero byte. If the host has nothing listening and returns + // ICMP port-unreachable, a subsequent Read will fail with "connection + // refused". Silent drops (firewalled) remain indistinguishable from a + // working service — report as "reachable (no response)". + _ = conn.SetDeadline(time.Now().Add(timeout)) + if _, err := conn.Write([]byte{0}); err != nil { + pr.Error = err.Error() + return pr + } + buf := make([]byte, 1) + _, err = conn.Read(buf) + if err != nil { + if ne, ok := err.(net.Error); ok && ne.Timeout() { + // No ICMP unreachable came back: host probably accepts UDP, + // or packets are silently dropped. Treat as "reachable". + pr.Connected = true + pr.Error = "no UDP response (host may still be reachable)" + return pr + } + if strings.Contains(err.Error(), "refused") { + pr.Error = err.Error() + return pr + } + pr.Error = err.Error() + return pr + } + pr.Connected = true + return pr +} diff --git a/checker/definition.go b/checker/definition.go new file mode 100644 index 0000000..607e60c --- /dev/null +++ b/checker/definition.go @@ -0,0 +1,75 @@ +package checker + +import ( + "time" + + sdk "git.happydns.org/checker-sdk-go/checker" +) + +var Version = "built-in" + +func Definition() *sdk.CheckerDefinition { + return &sdk.CheckerDefinition{ + ID: "srv", + Name: "SRV Records Tester", + Version: Version, + Availability: sdk.CheckerAvailability{ + ApplyToService: true, + LimitToServices: []string{"svcs.UnknownSRV"}, + }, + HasHTMLReport: true, + ObservationKeys: []sdk.ObservationKey{ObservationKeySRV}, + Options: sdk.CheckerOptionsDocumentation{ + UserOpts: []sdk.CheckerOptionDocumentation{ + { + Id: "tcpTimeout", + Type: "number", + Label: "TCP connect timeout (ms)", + Default: float64(3000), + Description: "Max time to wait for a TCP handshake on each target.", + }, + { + Id: "udpTimeout", + Type: "number", + Label: "UDP probe timeout (ms)", + Default: float64(2000), + Description: "Max time to wait for a UDP response or ICMP unreachable.", + }, + }, + ServiceOpts: []sdk.CheckerOptionDocumentation{ + { + Id: "service", + Label: "Service", + AutoFill: sdk.AutoFillService, + Hide: true, + }, + { + Id: "subdomain", + Label: "Subdomain", + AutoFill: sdk.AutoFillSubdomain, + Hide: true, + }, + { + Id: "domain", + Label: "Domain", + AutoFill: sdk.AutoFillDomainName, + Hide: true, + }, + }, + }, + Rules: []sdk.CheckRule{ + RulePresent(), + RuleNullTarget(), + RuleTargetNotCNAME(), + RuleTargetsResolve(), + RuleTCPReachable(), + RuleUDPReachable(), + RuleRedundancy(), + }, + Interval: &sdk.CheckIntervalSpec{ + Min: 5 * time.Minute, + Max: 7 * 24 * time.Hour, + Default: 6 * time.Hour, + }, + } +} diff --git a/checker/provider.go b/checker/provider.go new file mode 100644 index 0000000..8fed05f --- /dev/null +++ b/checker/provider.go @@ -0,0 +1,72 @@ +package checker + +import ( + "fmt" + + sdk "git.happydns.org/checker-sdk-go/checker" +) + +func Provider() sdk.ObservationProvider { + return &srvProvider{} +} + +type srvProvider struct{} + +func (p *srvProvider) Key() sdk.ObservationKey { + return ObservationKeySRV +} + +func (p *srvProvider) Definition() *sdk.CheckerDefinition { + return Definition() +} + +// directTLSPorts lists TCP ports where clients speak TLS immediately upon +// connection (as opposed to STARTTLS upgrades). A dedicated TLS checker +// consumes these endpoints to validate certificates. +var directTLSPorts = map[uint16]bool{ + 443: true, // HTTPS + 465: true, // SMTPS + 563: true, // NNTPS + 636: true, // LDAPS + 853: true, // DoT + 989: true, // FTPS data + 990: true, // FTPS control + 992: true, // Telnet/TLS + 993: true, // IMAPS + 995: true, // POP3S + 5061: true, // SIPS + 5223: true, // XMPP client TLS + 5349: true, // STUN/TURN/TLS + 6697: true, // IRCS + 8443: true, // HTTPS alt +} + +// DiscoverEndpoints is invoked by the host right after Collect. It declares +// (host, port) pairs worth testing by other checkers — here: TLS endpoints +// whose SRV target points at a well-known direct-TLS port. +// +// STARTTLS SRVs (e.g. _xmpp-server._tcp on 5269, _sips._tcp notwithstanding) +// are intentionally not emitted yet: a dedicated "smtp-starttls" / "xmpp-starttls" +// endpoint type will be defined when the TLS checker grows that capability. +func (p *srvProvider) DiscoverEndpoints(data any) ([]sdk.DiscoveredEndpoint, error) { + d, ok := data.(*SRVData) + if !ok { + return nil, fmt.Errorf("unexpected data type %T", data) + } + var out []sdk.DiscoveredEndpoint + for _, r := range d.Records { + if r.IsNullTarget || r.Target == "" { + continue + } + if !directTLSPorts[r.Port] { + continue + } + out = append(out, sdk.DiscoveredEndpoint{ + Type: "tls", + Host: r.Target, + Port: r.Port, + SNI: r.Target, + }) + } + return out, nil +} diff --git a/checker/report.go b/checker/report.go new file mode 100644 index 0000000..0dfd9f6 --- /dev/null +++ b/checker/report.go @@ -0,0 +1,287 @@ +package checker + +import ( + "encoding/json" + "fmt" + "html/template" + "strings" +) + +// reportData is the view-model fed to the HTML template. +type reportData struct { + ServiceDomain string + Records []reportRecord + // Top-level alerts: the most common / most actionable failure scenarios, + // surfaced at the top of the report with remediation guidance. + Alerts []reportAlert + Totals reportTotals +} + +type reportRecord struct { + Owner string + Service string + Proto string + Target string + Port uint16 + Priority uint16 + Weight uint16 + IsNullTarget bool + IsCNAME bool + CNAMEChain string + Addresses []string + ResolveError string + Probes []reportProbe +} + +type reportProbe struct { + Address string + Proto string + Connected bool + LatencyMs float64 + Error string + StatusClass string + StatusLabel string +} + +type reportAlert struct { + Severity string // "crit", "warn", "info" + Title string + Body template.HTML +} + +type reportTotals struct { + Records int + OKProbes int + BadProbes int +} + +var htmlTpl = template.Must(template.New("srv").Parse(` + + + + +SRV Records Report + + + + +
+

SRV Records — {{if .ServiceDomain}}{{.ServiceDomain}}{{else}}service{{end}}

+
+ {{.Totals.Records}} record(s) + {{.Totals.OKProbes}} reachable probe(s) + {{if .Totals.BadProbes}}{{.Totals.BadProbes}} failed probe(s){{end}} +
+
+ +{{if .Alerts}} +
+

What needs attention

+ {{range .Alerts}} +
+
{{.Title}}
+
{{.Body}}
+
+ {{end}} +
+{{end}} + +
+

Records

+ {{range .Records}} +
+
+ {{if .IsNullTarget}}(null target){{else}}{{.Target}}{{end}}:{{.Port}} + prio {{.Priority}} · weight {{.Weight}} + {{if .Service}}_{{.Service}}._{{.Proto}}{{end}} + {{if .IsNullTarget}}null target{{end}} + {{if .IsCNAME}}target is CNAME{{end}} + {{if .ResolveError}}DNS error{{end}} +
+ + {{if .CNAMEChain}} +

CNAME chain: {{.CNAMEChain}} — RFC 2782 forbids a CNAME as SRV target.

+ {{end}} + + {{if .ResolveError}} +

Resolution failed: {{.ResolveError}}

+ {{end}} + + {{if .Addresses}} +

Resolves to: {{range .Addresses}}{{.}} {{end}}

+ {{end}} + + {{if .Probes}} + + + + + {{range .Probes}} + + + + + + + + {{end}} +
AddressProtoStatusLatencyDetails
{{.Address}}{{.Proto}}{{.StatusLabel}}{{if .LatencyMs}}{{printf "%.1f ms" .LatencyMs}}{{end}}{{if .Error}}{{.Error}}{{end}}
+ {{end}} +
+ {{end}} +
+ + +`)) + +func (p *srvProvider) GetHTMLReport(raw json.RawMessage) (string, error) { + var d SRVData + if err := json.Unmarshal(raw, &d); err != nil { + return "", fmt.Errorf("failed to unmarshal SRV report: %w", err) + } + + rd := reportData{ServiceDomain: d.ServiceDomain} + rd.Totals.Records = len(d.Records) + + var resolveFails, cnames, nulls []string + tcpDown := map[string]string{} // addr → err + + for _, r := range d.Records { + rec := reportRecord{ + Owner: r.Owner, + Service: r.Service, + Proto: r.Proto, + Target: r.Target, + Port: r.Port, + Priority: r.Priority, + Weight: r.Weight, + IsNullTarget: r.IsNullTarget, + IsCNAME: r.IsCNAME, + Addresses: r.Addresses, + ResolveError: r.ResolveError, + } + if len(r.CNAMEChain) > 0 { + rec.CNAMEChain = strings.Join(r.CNAMEChain, " → ") + } + + if r.IsNullTarget { + nulls = append(nulls, r.Owner) + } + if r.IsCNAME { + cnames = append(cnames, r.Target) + } + if r.ResolveError != "" { + resolveFails = append(resolveFails, fmt.Sprintf("%s (%s)", r.Target, r.ResolveError)) + } + + for _, pr := range r.Probes { + rp := reportProbe{ + Address: pr.Address, + Proto: pr.Proto, + Connected: pr.Connected, + LatencyMs: pr.LatencyMs, + Error: pr.Error, + } + switch { + case pr.Connected: + rp.StatusClass = "ok" + rp.StatusLabel = "reachable" + rd.Totals.OKProbes++ + default: + rp.StatusClass = "crit" + rp.StatusLabel = "unreachable" + rd.Totals.BadProbes++ + if pr.Proto == "tcp" { + tcpDown[pr.Address] = pr.Error + } + } + rec.Probes = append(rec.Probes, rp) + } + rd.Records = append(rd.Records, rec) + } + + // ── Build actionable alerts for common failure scenarios ───────────── + if len(resolveFails) > 0 { + rd.Alerts = append(rd.Alerts, reportAlert{ + Severity: "crit", + Title: fmt.Sprintf("DNS resolution failed for %d SRV target(s)", len(resolveFails)), + Body: template.HTML(fmt.Sprintf( + "%s
Clients will not be able to reach the service. Fix: either publish A/AAAA records for the target(s), or remove the broken SRV record.", + strings.Join(resolveFails, "
"))), + }) + } + if len(cnames) > 0 { + rd.Alerts = append(rd.Alerts, reportAlert{ + Severity: "warn", + Title: "SRV target is a CNAME (RFC 2782 violation)", + Body: template.HTML(fmt.Sprintf( + "Target(s): %s
RFC 2782 requires SRV targets to resolve directly to A/AAAA. "+ + "Some clients will refuse to follow the CNAME. Fix: point the SRV record to a hostname with A/AAAA records, "+ + "or replace the CNAME with an ALIAS/ANAME at the DNS provider.", + ""+strings.Join(cnames, ", ")+"")), + }) + } + if len(tcpDown) > 0 { + var items []string + for a, e := range tcpDown { + items = append(items, fmt.Sprintf("%s: %s", a, e)) + } + rd.Alerts = append(rd.Alerts, reportAlert{ + Severity: "crit", + Title: fmt.Sprintf("%d target(s) unreachable on their advertised TCP port", len(tcpDown)), + Body: template.HTML(strings.Join(items, "
") + + "
Check: (1) the server is running and bound to the right port; " + + "(2) firewall/security-group allows inbound TCP to that port; " + + "(3) the SRV record is not pointing at an old IP."), + }) + } + if len(nulls) > 0 && len(nulls) == len(d.Records) { + rd.Alerts = append(rd.Alerts, reportAlert{ + Severity: "warn", + Title: "All SRV records use the null target (\".\"): service is explicitly disabled", + Body: template.HTML( + "RFC 2782 defines a single SRV record with target \".\" to signal that the service is " + + "intentionally not available. If this is what you want, the configuration is correct. " + + "If you expected clients to reach this service, replace the null target with a real hostname."), + }) + } + + var buf strings.Builder + if err := htmlTpl.Execute(&buf, rd); err != nil { + return "", fmt.Errorf("failed to render SRV HTML report: %w", err) + } + return buf.String(), nil +} diff --git a/checker/rule.go b/checker/rule.go new file mode 100644 index 0000000..9432681 --- /dev/null +++ b/checker/rule.go @@ -0,0 +1,270 @@ +package checker + +import ( + "context" + "fmt" + "strings" + + sdk "git.happydns.org/checker-sdk-go/checker" +) + +// getData is shared by every rule to pull the observation out of the store. +// Any error is surfaced as a StatusError CheckState with a uniform code. +func getData(ctx context.Context, obs sdk.ObservationGetter) (*SRVData, *sdk.CheckState) { + var d SRVData + if err := obs.Get(ctx, ObservationKeySRV, &d); err != nil { + return nil, &sdk.CheckState{ + Status: sdk.StatusError, + Message: fmt.Sprintf("Failed to load SRV observation: %v", err), + Code: "srv_obs_error", + } + } + return &d, nil +} + +// ── Rule: SRV records are present ───────────────────────────────────────────── + +type rulePresent struct{} + +func RulePresent() sdk.CheckRule { return &rulePresent{} } +func (rulePresent) Name() string { return "srv_records_present" } +func (rulePresent) Description() string { + return "At least one SRV record is published for this service." +} +func (rulePresent) Evaluate(ctx context.Context, obs sdk.ObservationGetter, _ sdk.CheckerOptions) sdk.CheckState { + d, cs := getData(ctx, obs) + if cs != nil { + return *cs + } + if len(d.Records) == 0 { + return sdk.CheckState{Status: sdk.StatusCrit, Code: "srv_missing", + Message: "No SRV records published."} + } + return sdk.CheckState{Status: sdk.StatusOK, Code: "srv_present", + Message: fmt.Sprintf("%d SRV record(s) published.", len(d.Records))} +} + +// ── Rule: Null target ("." means service explicitly unavailable) ────────────── + +type ruleNullTarget struct{} + +func RuleNullTarget() sdk.CheckRule { return &ruleNullTarget{} } +func (ruleNullTarget) Name() string { return "srv_null_target" } +func (ruleNullTarget) Description() string { + return "Detects SRV records with target \".\", which signals the service is intentionally not available." +} +func (ruleNullTarget) Evaluate(ctx context.Context, obs sdk.ObservationGetter, _ sdk.CheckerOptions) sdk.CheckState { + d, cs := getData(ctx, obs) + if cs != nil { + return *cs + } + var nulls []string + for _, r := range d.Records { + if r.IsNullTarget { + nulls = append(nulls, r.Owner) + } + } + if len(nulls) == 0 { + return sdk.CheckState{Status: sdk.StatusOK, Code: "srv_no_null", + Message: "No null-target SRV records."} + } + if len(nulls) == len(d.Records) { + return sdk.CheckState{Status: sdk.StatusWarn, Code: "srv_all_null", + Message: fmt.Sprintf("All %d SRV records use null target (\".\"): service explicitly disabled.", len(nulls))} + } + return sdk.CheckState{Status: sdk.StatusInfo, Code: "srv_some_null", + Message: fmt.Sprintf("%d record(s) have null target: %s", len(nulls), strings.Join(nulls, ", "))} +} + +// ── Rule: SRV target must not be a CNAME (RFC 2782) ─────────────────────────── + +type ruleTargetNotCNAME struct{} + +func RuleTargetNotCNAME() sdk.CheckRule { return &ruleTargetNotCNAME{} } +func (ruleTargetNotCNAME) Name() string { return "srv_target_not_cname" } +func (ruleTargetNotCNAME) Description() string { + return "RFC 2782: SRV targets must resolve directly to A/AAAA, not through a CNAME." +} +func (ruleTargetNotCNAME) Evaluate(ctx context.Context, obs sdk.ObservationGetter, _ sdk.CheckerOptions) sdk.CheckState { + d, cs := getData(ctx, obs) + if cs != nil { + return *cs + } + var bad []string + for _, r := range d.Records { + if r.IsNullTarget { + continue + } + if r.IsCNAME { + bad = append(bad, r.Target) + } + } + if len(bad) == 0 { + return sdk.CheckState{Status: sdk.StatusOK, Code: "srv_targets_not_cname", + Message: "All SRV targets resolve directly (no CNAME)."} + } + return sdk.CheckState{Status: sdk.StatusWarn, Code: "srv_targets_are_cname", + Message: fmt.Sprintf("RFC 2782 violation — SRV target(s) are CNAMEs: %s", strings.Join(bad, ", "))} +} + +// ── Rule: targets resolve to at least one IP ────────────────────────────────── + +type ruleTargetsResolve struct{} + +func RuleTargetsResolve() sdk.CheckRule { return &ruleTargetsResolve{} } +func (ruleTargetsResolve) Name() string { return "srv_targets_resolve" } +func (ruleTargetsResolve) Description() string { + return "Every SRV target resolves to at least one A/AAAA address." +} +func (ruleTargetsResolve) Evaluate(ctx context.Context, obs sdk.ObservationGetter, _ sdk.CheckerOptions) sdk.CheckState { + d, cs := getData(ctx, obs) + if cs != nil { + return *cs + } + var failed []string + var checked int + for _, r := range d.Records { + if r.IsNullTarget { + continue + } + checked++ + if len(r.Addresses) == 0 { + failed = append(failed, fmt.Sprintf("%s (%s)", r.Target, r.ResolveError)) + } + } + if checked == 0 { + return sdk.CheckState{Status: sdk.StatusInfo, Code: "srv_no_targets", + Message: "No resolvable targets to test."} + } + if len(failed) == 0 { + return sdk.CheckState{Status: sdk.StatusOK, Code: "srv_all_resolve", + Message: fmt.Sprintf("All %d target(s) resolve.", checked)} + } + return sdk.CheckState{Status: sdk.StatusCrit, Code: "srv_resolve_fail", + Message: fmt.Sprintf("Target(s) failed DNS resolution: %s", strings.Join(failed, "; "))} +} + +// ── Rule: TCP reachable ─────────────────────────────────────────────────────── + +type ruleTCPReachable struct{} + +func RuleTCPReachable() sdk.CheckRule { return &ruleTCPReachable{} } +func (ruleTCPReachable) Name() string { return "srv_tcp_reachable" } +func (ruleTCPReachable) Description() string { + return "Every TCP SRV target:port accepts a TCP connection." +} +func (ruleTCPReachable) Evaluate(ctx context.Context, obs sdk.ObservationGetter, _ sdk.CheckerOptions) sdk.CheckState { + d, cs := getData(ctx, obs) + if cs != nil { + return *cs + } + var total, ok int + var failed []string + for _, r := range d.Records { + if r.IsNullTarget || r.Proto != "tcp" { + continue + } + for _, pr := range r.Probes { + if pr.Proto != "tcp" { + continue + } + total++ + if pr.Connected { + ok++ + } else { + failed = append(failed, fmt.Sprintf("%s: %s", pr.Address, pr.Error)) + } + } + } + if total == 0 { + return sdk.CheckState{Status: sdk.StatusInfo, Code: "srv_tcp_na", + Message: "No TCP targets to test."} + } + if ok == total { + return sdk.CheckState{Status: sdk.StatusOK, Code: "srv_tcp_ok", + Message: fmt.Sprintf("All %d TCP target(s) reachable.", total)} + } + if ok == 0 { + return sdk.CheckState{Status: sdk.StatusCrit, Code: "srv_tcp_all_down", + Message: fmt.Sprintf("All %d TCP target(s) unreachable: %s", total, strings.Join(failed, "; "))} + } + return sdk.CheckState{Status: sdk.StatusWarn, Code: "srv_tcp_partial", + Message: fmt.Sprintf("%d/%d TCP target(s) unreachable: %s", total-ok, total, strings.Join(failed, "; "))} +} + +// ── Rule: UDP reachable (best-effort) ───────────────────────────────────────── + +type ruleUDPReachable struct{} + +func RuleUDPReachable() sdk.CheckRule { return &ruleUDPReachable{} } +func (ruleUDPReachable) Name() string { return "srv_udp_reachable" } +func (ruleUDPReachable) Description() string { + return "UDP SRV targets do not return ICMP port-unreachable." +} +func (ruleUDPReachable) Evaluate(ctx context.Context, obs sdk.ObservationGetter, _ sdk.CheckerOptions) sdk.CheckState { + d, cs := getData(ctx, obs) + if cs != nil { + return *cs + } + var total, ok int + var failed []string + for _, r := range d.Records { + if r.IsNullTarget || r.Proto != "udp" { + continue + } + for _, pr := range r.Probes { + if pr.Proto != "udp" { + continue + } + total++ + if pr.Connected { + ok++ + } else { + failed = append(failed, fmt.Sprintf("%s: %s", pr.Address, pr.Error)) + } + } + } + if total == 0 { + return sdk.CheckState{Status: sdk.StatusInfo, Code: "srv_udp_na", + Message: "No UDP targets to test."} + } + if ok == total { + return sdk.CheckState{Status: sdk.StatusOK, Code: "srv_udp_ok", + Message: fmt.Sprintf("All %d UDP target(s) reachable.", total)} + } + return sdk.CheckState{Status: sdk.StatusWarn, Code: "srv_udp_issue", + Message: fmt.Sprintf("%d/%d UDP target(s) reported port unreachable: %s", total-ok, total, strings.Join(failed, "; "))} +} + +// ── Rule: redundancy (more than one usable target) ──────────────────────────── + +type ruleRedundancy struct{} + +func RuleRedundancy() sdk.CheckRule { return &ruleRedundancy{} } +func (ruleRedundancy) Name() string { return "srv_redundancy" } +func (ruleRedundancy) Description() string { + return "At least two distinct SRV targets exist (avoids single point of failure)." +} +func (ruleRedundancy) Evaluate(ctx context.Context, obs sdk.ObservationGetter, _ sdk.CheckerOptions) sdk.CheckState { + d, cs := getData(ctx, obs) + if cs != nil { + return *cs + } + targets := map[string]bool{} + for _, r := range d.Records { + if r.IsNullTarget { + continue + } + targets[r.Target] = true + } + if len(targets) >= 2 { + return sdk.CheckState{Status: sdk.StatusOK, Code: "srv_redundant", + Message: fmt.Sprintf("%d distinct targets.", len(targets))} + } + if len(targets) == 1 { + return sdk.CheckState{Status: sdk.StatusInfo, Code: "srv_single_target", + Message: "Single SRV target: no redundancy at DNS level."} + } + return sdk.CheckState{Status: sdk.StatusInfo, Code: "srv_no_targets_redundancy", + Message: "No usable SRV targets."} +} diff --git a/checker/types.go b/checker/types.go new file mode 100644 index 0000000..04ee6a7 --- /dev/null +++ b/checker/types.go @@ -0,0 +1,54 @@ +// Package checker implements the generic SRV records checker for happyDomain. +// +// For each SRV record attached to the target service it performs: +// +// - DNS resolution of every SRV target (A/AAAA, CNAME detection) +// - TCP connectivity test on target:port (_tcp SRVs) +// - UDP probe on target:port (_udp SRVs) +// +// TLS/certificate testing is intentionally out of scope: it is handled by a +// dedicated TLS checker. +// +// Checks are performed natively using the Go standard library (no external +// testsuite). +package checker + +import ( + sdk "git.happydns.org/checker-sdk-go/checker" +) + +const ObservationKeySRV sdk.ObservationKey = "srv_records" + +type SRVRecord struct { + Service string `json:"service"` + Proto string `json:"proto"` + Owner string `json:"owner"` + Target string `json:"target"` + Port uint16 `json:"port"` + Priority uint16 `json:"priority"` + Weight uint16 `json:"weight"` + + // DNS resolution results + IsNullTarget bool `json:"isNullTarget,omitempty"` // target == "." means "no service" + IsCNAME bool `json:"isCNAME,omitempty"` // RFC 2782: MUST NOT be CNAME + CNAMEChain []string `json:"cnameChain,omitempty"` + Addresses []string `json:"addresses,omitempty"` + ResolveError string `json:"resolveError,omitempty"` + + // Reachability checks per address + Probes []ProbeResult `json:"probes,omitempty"` +} + +type ProbeResult struct { + Address string `json:"address"` + Proto string `json:"proto"` // "tcp" or "udp" + Connected bool `json:"connected"` + LatencyMs float64 `json:"latencyMs,omitempty"` + Error string `json:"error,omitempty"` +} + +type SRVData struct { + ServiceDomain string `json:"serviceDomain"` // e.g. _sip._tcp.example.com + Records []SRVRecord `json:"records"` + CollectError string `json:"collectError,omitempty"` +} diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..54b1726 --- /dev/null +++ b/go.mod @@ -0,0 +1,45 @@ +module git.happydns.org/checker-srv + +go 1.25.0 + +require ( + git.happydns.org/checker-sdk-go v0.0.1 + git.happydns.org/happyDomain v0.7.0 +) + +require ( + github.com/bytedance/gopkg v0.1.3 // indirect + github.com/bytedance/sonic v1.15.0 // indirect + github.com/bytedance/sonic/loader v0.5.0 // indirect + github.com/cloudwego/base64x v0.1.6 // indirect + github.com/gabriel-vasile/mimetype v1.4.13 // indirect + github.com/gin-contrib/sse v1.1.0 // indirect + github.com/gin-gonic/gin v1.12.0 // indirect + github.com/go-playground/locales v0.14.1 // indirect + github.com/go-playground/universal-translator v0.18.1 // indirect + github.com/go-playground/validator/v10 v10.30.1 // indirect + github.com/goccy/go-json v0.10.5 // indirect + github.com/goccy/go-yaml v1.19.2 // indirect + github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12 // indirect + github.com/klauspost/cpuid/v2 v2.3.0 // indirect + github.com/leodido/go-urn v1.4.0 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + github.com/miekg/dns v1.1.72 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/pelletier/go-toml/v2 v2.2.4 // indirect + github.com/quic-go/qpack v0.6.0 // indirect + github.com/quic-go/quic-go v0.59.0 // indirect + github.com/twitchyliquid64/golang-asm v0.15.1 // indirect + github.com/ugorji/go/codec v1.3.1 // indirect + go.mongodb.org/mongo-driver/v2 v2.5.0 // indirect + golang.org/x/arch v0.24.0 // indirect + golang.org/x/crypto v0.49.0 // indirect + golang.org/x/mod v0.33.0 // indirect + golang.org/x/net v0.51.0 // indirect + golang.org/x/sync v0.20.0 // indirect + golang.org/x/sys v0.42.0 // indirect + golang.org/x/text v0.35.0 // indirect + golang.org/x/tools v0.42.0 // indirect + google.golang.org/protobuf v1.36.11 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..d96df1c --- /dev/null +++ b/go.sum @@ -0,0 +1,102 @@ +git.happydns.org/checker-sdk-go v0.0.1 h1:4RxCJr73HWKxjOyU/6NJMO8lXJmH0gMLA68EzTqLbQI= +git.happydns.org/checker-sdk-go v0.0.1/go.mod h1:aNAcfYFfbhvH9kJhE0Njp5GX0dQbxdRB0rJ0KvSC5nI= +git.happydns.org/happyDomain v0.7.0 h1:NV82/NbcSeRm0+IUZqaK3Vu9Ovl5+vv4AigUJZMdwws= +git.happydns.org/happyDomain v0.7.0/go.mod h1:5tgkmqFE65kK359rY49V++49wgZ0gco+Gh9X6tbL+bY= +github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M= +github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM= +github.com/bytedance/sonic v1.15.0 h1:/PXeWFaR5ElNcVE84U0dOHjiMHQOwNIx3K4ymzh/uSE= +github.com/bytedance/sonic v1.15.0/go.mod h1:tFkWrPz0/CUCLEF4ri4UkHekCIcdnkqXw9VduqpJh0k= +github.com/bytedance/sonic/loader v0.5.0 h1:gXH3KVnatgY7loH5/TkeVyXPfESoqSBSBEiDd5VjlgE= +github.com/bytedance/sonic/loader v0.5.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo= +github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M= +github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/gabriel-vasile/mimetype v1.4.13 h1:46nXokslUBsAJE/wMsp5gtO500a4F3Nkz9Ufpk2AcUM= +github.com/gabriel-vasile/mimetype v1.4.13/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s= +github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w= +github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM= +github.com/gin-gonic/gin v1.12.0 h1:b3YAbrZtnf8N//yjKeU2+MQsh2mY5htkZidOM7O0wG8= +github.com/gin-gonic/gin v1.12.0/go.mod h1:VxccKfsSllpKshkBWgVgRniFFAzFb9csfngsqANjnLc= +github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= +github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= +github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= +github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= +github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= +github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= +github.com/go-playground/validator/v10 v10.30.1 h1:f3zDSN/zOma+w6+1Wswgd9fLkdwy06ntQJp0BBvFG0w= +github.com/go-playground/validator/v10 v10.30.1/go.mod h1:oSuBIQzuJxL//3MelwSLD5hc2Tu889bF0Idm9Dg26cM= +github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4= +github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= +github.com/goccy/go-yaml v1.19.2 h1:PmFC1S6h8ljIz6gMRBopkjP1TVT7xuwrButHID66PoM= +github.com/goccy/go-yaml v1.19.2/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= +github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= +github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12 h1:9Nu54bhS/H/Kgo2/7xNSUuC5G28VR8ljfrLKU2G4IjU= +github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12/go.mod h1:TBzl5BIHNXfS9+C35ZyJaklL7mLDbgUkcgXzSLa8Tk0= +github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y= +github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0= +github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= +github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/miekg/dns v1.1.72 h1:vhmr+TF2A3tuoGNkLDFK9zi36F2LS+hKTRW0Uf8kbzI= +github.com/miekg/dns v1.1.72/go.mod h1:+EuEPhdHOsfk6Wk5TT2CzssZdqkmFhf8r+aVyDEToIs= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4= +github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8= +github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII= +github.com/quic-go/quic-go v0.59.0 h1:OLJkp1Mlm/aS7dpKgTc6cnpynnD2Xg7C1pwL6vy/SAw= +github.com/quic-go/quic-go v0.59.0/go.mod h1:upnsH4Ju1YkqpLXC305eW3yDZ4NfnNbmQRCMWS58IKU= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= +github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI= +github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08= +github.com/ugorji/go/codec v1.3.1 h1:waO7eEiFDwidsBN6agj1vJQ4AG7lh2yqXyOXqhgQuyY= +github.com/ugorji/go/codec v1.3.1/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4= +go.mongodb.org/mongo-driver/v2 v2.5.0 h1:yXUhImUjjAInNcpTcAlPHiT7bIXhshCTL3jVBkF3xaE= +go.mongodb.org/mongo-driver/v2 v2.5.0/go.mod h1:yOI9kBsufol30iFsl1slpdq1I0eHPzybRWdyYUs8K/0= +go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y= +go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU= +golang.org/x/arch v0.24.0 h1:qlJ3M9upxvFfwRM51tTg3Yl+8CP9vCC1E7vlFpgv99Y= +golang.org/x/arch v0.24.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A= +golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= +golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= +golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8= +golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w= +golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo= +golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y= +golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= +golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= +golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= +golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= +golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k= +golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0= +google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= +google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/main.go b/main.go new file mode 100644 index 0000000..3dd784e --- /dev/null +++ b/main.go @@ -0,0 +1,24 @@ +// Command checker-srv is the standalone binary for the SRV checker. +package main + +import ( + "flag" + "log" + + sdk "git.happydns.org/checker-sdk-go/checker" + srv "git.happydns.org/checker-srv/checker" +) + +var Version = "custom-build" + +var listenAddr = flag.String("listen", ":8080", "HTTP listen address") + +func main() { + flag.Parse() + srv.Version = Version + + server := sdk.NewServer(srv.Provider()) + if err := server.ListenAndServe(*listenAddr); err != nil { + log.Fatalf("server error: %v", err) + } +} diff --git a/plugin/plugin.go b/plugin/plugin.go new file mode 100644 index 0000000..bb8003e --- /dev/null +++ b/plugin/plugin.go @@ -0,0 +1,14 @@ +// Command plugin is the happyDomain plugin entrypoint for the SRV checker. +package main + +import ( + sdk "git.happydns.org/checker-sdk-go/checker" + srv "git.happydns.org/checker-srv/checker" +) + +var Version = "custom-build" + +func NewCheckerPlugin() (*sdk.CheckerDefinition, sdk.ObservationProvider, error) { + srv.Version = Version + return srv.Definition(), srv.Provider(), nil +}