Skip to content

Commit

Permalink
checkpoint
Browse files Browse the repository at this point in the history
  • Loading branch information
ohnorobo committed Sep 22, 2023
1 parent ab329d2 commit 9b1637f
Showing 1 changed file with 12 additions and 12 deletions.
24 changes: 12 additions & 12 deletions docs/outcome.md
Original file line number Diff line number Diff line change
Expand Up @@ -79,12 +79,12 @@ Mismatch Errors are used when the connection is successful, but the content rece
| status_mismatch | The HTTP status code didn't match, eg. `403` instead of `200` |
| body_mismatch | The HTTP body didn't match, potentially a blockpage |
| tls_mismatch | An element of the TLS connection (certificate, cipher suite, or TLS version) didn't match |
| blockpage | The response was unexpected and matched a [known blockpage]((https://github.com/censoredplanet/censoredplanet-analysis/blob/master/pipeline/metadata/data/blockpage_signatures.json)) |
| blockpage | The response was unexpected and matched a [known blockpage](https://github.com/censoredplanet/censoredplanet-analysis/blob/master/pipeline/metadata/data/blockpage_signatures.json) |
| trusted_host | The response didn't match the expected response for the template. But it did match a common known server pattern, and is likely not censorship. This outcome is used for CDNs that respond in network-specific ways to domains they host. |

## DNS Outcomes

The Satellite data uses its own unique set of outcomes, and does not use stages. The outcomes are based on DNS and POSIX TCP/IP socket return codes.
The Satellite data uses its own unique set of outcomes, and does not use stages. The outcomes are based on DNS errors and POSIX TCP/IP socket return codes.

| Outcome | Additional Outcome Information | Explanation |
| ---------------------- | ---------------------- | ----------- |
Expand All @@ -93,15 +93,15 @@ The Satellite data uses its own unique set of outcomes, and does not use stages.
| ❗️ip.invalid | One of `:zero`, `:local_host`, `:local_net` | The DNS request returned an IP that could never be valid. eg. `0.0.0.0`, `127.0.0.1` `10.10.0.0`, `172.16.0.0 |
| ❗️ip.empty | | The DNS request returned an empty response |
| ✅tls.validcert | | An HTTPS connection to a returned IP address returned a valid certificate which matched the expected domain |
| ❗️tls.connerror | `:<returned_ip_autonymous_system_name` eg `:ROSTELCOM` or `:AS<as_number` eg `:15169` or `:missing_as_info` | Attempting to connect to all returned IP addresses failed |
| ❗️tls.baddomain | `:<certificate_common_domain_name>` eg. `:` | An HTTPS connection to a returned IP returned a certificate for an unexpected domain. Could indicate a MITM attempt |
| ❗️tls.badca | `:<certificate_authority_issuer_name` eg. `:` | An HTTPS connection to a returned IP returned an invalid certificate |
| ❗️http.blockpage | `:<blockpage_id>` eg. `` | An HTTPS request to the returned IP address failed, but an HTTP request returned a [known blockpage](((https://github.com/censoredplanet/censoredplanet-analysis/blob/master/pipeline/metadata/data/blockpage_signatures.json))) |
| ❗️dns.connrefused | | The DNS connection was refused |
| ❗️dns.error | `:<rcode_error_string>` eg. `:NXDomain` | The DNS request returned an [RCode]((https://datatracker.ietf.org/doc/html/rfc5395#section-2.3)) error |
| ❗️dns.msgsize | | The DNS connection was refused |
| ❗️tls.connerror | `:<returned_ip_autonymous_system_name>` eg `:ERTELECOM_DS_AS` </br> or `:AS<as_number>` eg `:15169` </br> or `:missing_as_info` | Attempting to connect to all returned IP addresses failed |
| ❗️tls.baddomain | `:<certificate_common_domain_name>` eg. `:dnsfilter.net` | An HTTPS connection to a returned IP returned a certificate for an unexpected domain. Could indicate a MITM attempt |
| ❗️tls.badca | `:<certificate_authority_issuer_name>` eg. `:Fortiguard SDNS Blocked Page` | An HTTPS connection to a returned IP returned an invalid certificate. Could indicate a MITM attempt |
| ❗️http.blockpage | `:<blockpage_id>` eg. `:f_gen_id_1_satellite` | An HTTPS request to the returned IP address failed, but an HTTP request returned a [known blockpage](https://github.com/censoredplanet/censoredplanet-analysis/blob/master/pipeline/metadata/data/blockpage_signatures.json) |
| ❗️dns.connrefused | | The DNS request was refused |
| ❗️dns.error | `:<rcode_error_string>` eg. `:NXDomain` | The DNS request returned an [RCode](https://datatracker.ietf.org/doc/html/rfc5395#section-2.3) error |
| ❗️dns.timedout | | The DNS request timed out |
| ❗️dns.msgsize | | The DNS request returned a message size error |
| ❗️dns.protocol_error | | The DNS request failed with a protocol error |
| ❗️unknown_error | | An unknown error occured |
|dns.hostunreach | | The IP address returned from the DNS request was unreachable |
| ❔setup.system_failure | | There was a test system failure, rendering the test invalid |
| ❔dns.hostunreach | | The DNS resolver was unreachable |
|setup.system_failure | | There was a test system failure, rendering the test invalid |
| ❗️unknown_error | | An unknown error occured |

0 comments on commit 9b1637f

Please sign in to comment.