forked from cloudflare/cfssl
-
Notifications
You must be signed in to change notification settings - Fork 0
/
connectivity.go
77 lines (67 loc) · 1.64 KB
/
connectivity.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
package scan
import (
"errors"
"net"
"strings"
"github.com/cloudflare/cf-tls/tls"
)
// Connectivity contains scanners testing basic connectivity to the host
var Connectivity = &Family{
Description: "Scans for basic connectivity with the host through DNS and TCP/TLS dials",
Scanners: map[string]*Scanner{
"DNSLookup": {
"Host can be resolved through DNS",
dnsLookupScan,
},
"TCPDial": {
"Host accepts TCP connection",
tcpDialScan,
},
"TLSDial": {
"Host can perform TLS handshake",
tlsDialScan,
},
},
}
// lookupAddrs is a list of host's addresses returned by DNS lookup
type lookupAddrs []string
func (addrs lookupAddrs) String() string {
return strings.Join(addrs, "\n")
}
// dnsLookupScan tests that DNS resolution of the host returns at least one address
func dnsLookupScan(host string) (grade Grade, output Output, err error) {
host, _, err = net.SplitHostPort(host)
if err != nil {
return
}
var addrs lookupAddrs
addrs, err = net.LookupHost(host)
if err != nil {
return
}
if len(addrs) == 0 {
err = errors.New("no addresses found for host")
}
grade, output = Good, addrs
return
}
// tcpDialScan tests that the host can be connected to through TCP.
func tcpDialScan(host string) (grade Grade, output Output, err error) {
conn, err := Dialer.Dial(Network, host)
if err != nil {
return
}
conn.Close()
grade = Good
return
}
// tlsDialScan tests that the host can perform a TLS Handshake.
func tlsDialScan(host string) (grade Grade, output Output, err error) {
conn, err := tls.DialWithDialer(Dialer, Network, host, defaultTLSConfig(host))
if err != nil {
return
}
conn.Close()
grade = Good
return
}