Skip to content

Probe types

import { Callout } from ‘@astrojs/starlight/components’;

FourEyes uses a closed executor registry: the node protocol carries only fixed, declared probe types via a typed oneof config. There is deliberately no slot for the server to push arbitrary commands or scripts. (The browser transaction type is a closed step-list enum, not server-pushed JavaScript — see the security model.)

Availability, full httptrace timing breakdown, status codes, redirects, and TLS expiry. HTTP ≥ 400 is a measured failure, not a Go error.

Basic port/connectivity checks.

Resolution against arbitrary servers with DNSSEC and broad record-type coverage (A, AAAA, CNAME, MX, TXT, NS, SOA, PTR, CAA, …).

  • Ping: latency (min/avg/max/mdev) and loss. Tries unprivileged datagram ICMP first (normal user), falls back to raw sockets (CAP_NET_RAW/root).
  • Traceroute: raw-socket TTL incrementing with hop-by-hop results. Requires CAP_NET_RAW/root and fails honestly otherwise.

Node-to-node loss & latency. The server resolves each node’s mTLS source address and injects it into the assignment so nodes stay outbound-only. The building block of auto-mesh.

Receive-only session monitoring. The node embeds gobgp as a library and snapshots the session each round: FSM state, uptime, IPv4/IPv6 RIB-in counts, and UPDATE tally. ESTABLISHED is success; any other state is a measured failure. Listens on privileged TCP/179. FourEyes never originates or withdraws routes.

Drives headless Chromium via chromedp to load a page and capture Navigation Timing phases, paint metrics, resource counts, and transfer cost. Chromium is a separate, lazily-fetched artifact — it keeps the Go binary CGO-free. Configure with FOUREYES_BROWSER_BINARY, or disable download with FOUREYES_BROWSER_DISABLE_DOWNLOAD.

A closed step-list oneof (navigate / click / fill / wait / assert) driving multi-step headless-Chromium flows. Fail-fast: the first failing step aborts; overall success requires every step to pass. There is no string or bytes script field anywhere.

Single-ended SIP signaling health via OPTIONS/REGISTER with digest auth, using a pure-Go SIP stack. A 2xx response is success; 4xx/5xx/transport/timeout is a measured failure with detail. This is signaling-only — it does not validate the media/RTP path.

Full RTP / E-model MOS voice validation is planned but needs a far-end peer and is not shipped yet. See the [Roadmap](/reference/roadmap/).
FeaturePrivilege needed
Ping (datagram ICMP)None (normal user, with standard sysctls)
TracerouteCAP_NET_RAW / root
BGPPrivileged TCP/179
BrowserNone (Chromium fetched on first use)

Unprivileged features preserve the no-privilege install thesis; richer features (traceroute, BGP) simply fail honestly when they can’t bind.