checkpoint

censoredplanet · Sep 22, 2023 · 709f256 · 709f256
1 parent ef79485
commit 709f256
Showing 1 changed file with 20 additions and 8 deletions.
diff --git a/docs/outcome.md b/docs/outcome.md
@@ -61,7 +61,7 @@ Mismatch Errors are used when the connection is successful, but the content rece
 | system_failure          |  | There was a test system failure, rendering the test invalid |
 | unknown                 |  | The class of the outcome was not known. Usually these are new errors which should be investigated and classified |
 |                         |
-| **Protocol Errors**     | There were errors in the connection protocol |
+| **Protocol Errors**     |  | There were errors in the connection protocol |
 |                         |
 | ip.network_unreachable  |  | The network was unreachable |
 | ip.host_no_route        |  | No route to the host could be found |
@@ -73,7 +73,7 @@ Mismatch Errors are used when the connection is successful, but the content rece
 | http.empty              |  | Received no content when HTTP content was expected |
 | http.truncated_response |  | The HTTP response content was unexpectedly truncated |
 |                         |
-| **Mismatched Content**  | The connection completed successfully, but the content returned didn't match the content expected for the domain. |
+| **Mismatched Content**  |  | The connection completed successfully, but the content returned didn't match the content expected for the domain. |
 |                         |
 | mismatch                |  | Received a different response from the one expected. </br> For Discard no response is expected and any response is a mismatch, </br> for Echo a mirrored response is expected and anything else is a mismatch. </br> For HTTP/S the expected response is determined by sending multiple control domains to the server and building an expected template. This response is returned when more detail about the exact part of the template mismatched (eg. status, body) is not available. |
 | status_mismatch         | `:http_status_code` eg. `:301` | The HTTP status code didn't match, eg. `403` instead of `200` |
@@ -88,20 +88,32 @@ The Satellite data uses its own unique set of outcomes, and does not use stages.
 
 | Outcome                | Additional Outcome Information Included | Explanation |
 | ---------------------- | --------------------------------------- | ----------- |
+|                        |
+| **DNS Failures**       |  | The DNS request failed |
+|                        |
+| ❗️dns.error            | `:<rcode_error_string>` eg. `:NXDomain` | The DNS request returned an [RCode](https://datatracker.ietf.org/doc/html/rfc5395#section-2.3) error |
+| ❗️dns.connrefused      |  | The DNS request was refused |
+| ❗️dns.timedout         |  | The DNS request timed out |
+| ❗️dns.msgsize          |  | The DNS request returned a message size error |
+| ❗️dns.protocol_error   |  | The DNS request failed with a protocol error |
+| ❔dns.hostunreach      |  | The DNS resolver was unreachable |
+|                        |
+| **Returned IP addresses** |  | The DNS request responded successfully. Outcome is based on the returned content/IP addresses |
+|                        |
 | ✅ip.matchip           |  | The DNS request returned an expected (matching) IP address for the domain |
 | ✅ip.matchasn          |  | The DNS request returned an IP address matching the ASN of an expected IP address |
 | ❗️ip.invalid           | One of `:zero`, `:local_host`, `:local_net` | The DNS request returned an IP that could never be valid. eg. `0.0.0.0`, `127.0.0.1` `10.10.0.0`, `172.16.0.0`` |
 | ❗️ip.empty             |  | The DNS request returned an empty response |
+|                        |
+| **HTTP/S Responses**   |  | The DNS request successfully returned IP addresses. Analysis is based on follow-up HTTP/S requests sent to those IP addresses requesting the test domain |
+|                        |
 | ✅tls.validcert        |  | An HTTPS connection to a returned IP address returned a valid certificate which matched the expected domain |
 | ❗️tls.connerror        | `:<returned_ip_autonomous_system_name>` eg. `:ERTELECOM_DS_AS` </br> or `:AS<as_number>` eg. `:AS15169` </br> or `:missing_as_info` | Attempting to connect to all returned IP addresses failed |
 | ❗️tls.baddomain        | `:<certificate_common_domain_name>` eg. `:dnsfilter.net` | An HTTPS connection to a returned IP returned a certificate for an unexpected domain. Could indicate a MITM attempt |
 | ❗️tls.badca            | `:<certificate_authority_issuer_name>` eg. `:Fortiguard SDNS Blocked Page` | An HTTPS connection to a returned IP returned an invalid certificate. Could indicate a MITM attempt |
 | ❗️http.blockpage       | `:<blockpage_id>` eg. `:f_gen_id_1_satellite` | An HTTPS request to the returned IP address failed, but an HTTP request returned a [known blockpage](https://github.com/censoredplanet/censoredplanet-analysis/blob/master/pipeline/metadata/data/blockpage_signatures.json) |
-| ❗️dns.error            | `:<rcode_error_string>` eg. `:NXDomain` | The DNS request returned an [RCode](https://datatracker.ietf.org/doc/html/rfc5395#section-2.3) error |
-| ❗️dns.connrefused      |  | The DNS request was refused |
-| ❗️dns.timedout         |  | The DNS request timed out |
-| ❗️dns.msgsize          |  | The DNS request returned a message size error |
-| ❗️dns.protocol_error   |  | The DNS request failed with a protocol error |
-| ❔dns.hostunreach      |  | The DNS resolver was unreachable |
+|                        |
+| **Other Errors**       |
+|                        |
 | ❔setup.system_failure |  | There was a test system failure, rendering the test invalid |
 | ❗️unknown_error        |  | An unknown error occured |