checkpoint

censoredplanet · Sep 19, 2023 · c522792 · c522792
1 parent a5e129c
commit c522792
Show file tree

Hide file tree

Showing 4 changed files with 139 additions and 24 deletions.
diff --git a/docs/diagrams/dns.msc b/docs/diagrams/dns.msc
@@ -0,0 +1,12 @@
+msc {
+  probe,remote;
+
+  probe box probe [label="Initial Test Setup"];
+  probe=>remote [ label = "Write DNS Query over UDP" ];
+  probe<=remote [ label = "Read Response" ];
+  probe box probe [label="Validate IP Match"];
+  probe=>remote [ label = "Query Non-matching IPs for Domain over HTTP/S" ];
+  probe<=remote [ label = "Read Responses" ];
+  probe box probe [label="Validate response certificate for domain"];
+  probe box probe [label="Test Complete"];
+}
diff --git a/docs/diagrams/dns.svg b/docs/diagrams/dns.svg
diff --git a/docs/outcome.md b/docs/outcome.md
@@ -1,46 +1,48 @@
-## Outcome Classification
+# Outcome Classification
 
-The `outcome` field classifies the result of a test into an enumeration of the different types of high-level outcomes. Outcome strings are of the format `stage/outcome`. For example `❗️read/timeout` means the test received a TCP timeout during the read stage. `✅match` means a test finished successfully.
+The `outcome` field classifies the result of a test into an enumeration of the different types of high-level outcomes. Outcome strings are of the format `stage/outcome`. For example `read/timeout` means the test received a TCP timeout during the read stage. `expected/match` means a test finished successfully.
 
-### Stages
+## Stages
 
-Stages are listed here in order. If a test reaches a later stage like `❗️content` then it successfully passed the earlier stages like `❗️dial` and `❗️read`.
+Stages are listed here in order. If a test reaches a later stage like `content` then it successfully passed the earlier stages like `dial` and `read`.
 
-Stages include emoji to make them easier to differentiate at a glance.
+| Stage       | Explanation |
+| ----------- | ----------- |
+| setup       | The initial setup phase for the test (mustering resources, opening ports, etc.) |
+| dial        | The initial TCP dial connection to the remote |
+| tls         | The TLS handshake. `HTTPS` only. The [SNI header](https://en.wikipedia.org/wiki/Server_Name_Indication) containing the test domain is sent in this stage |
+| write       | Writing to the remote. For non-`HTTPS` tests this is where the domain is sent |
+| read        | Reading from the remote |
+| http        | Verification of HTTP headers. `HTTP/S` only |
+| content     | Verification that the returned content matches the expected content. These are the most common types of errors and represent things like blockpages |
+| expected    | Verified an expected response |
+| unknown     | Unknown stage. Usually these are new outcomes which should be investigated and classified |
 
-| Stage         | Explanation |
-| ------------- | ----------- |
-| ❔setup       | The initial setup phase for the test (mustering resources, opening ports, etc.) |
-| ❗️dial        | The initial TCP dial connection to the remote |
-| ❗️tls         | The TLS handshake. `HTTPS` only. The [SNI header](https://en.wikipedia.org/wiki/Server_Name_Indication) containing the test domain is sent in this stage |
-| ❗️write       | Writing to the remote. For non-`HTTPS` tests this is where the domain is sent |
-| ❗️read        | Reading from the remote |
-| ❗️http        | Verification of HTTP headers. `HTTP/S` only |
-| ❗️content     | Verification that the returned content matches the expected content. These are the most common types of errors and represent things like blockpages |
-| ✅            | Verified an expected response |
-| ❔unknown     | Unknown stage. Usually these are new outcomes which should be investigated and classified |
-
-#### Stages per Probe
+### Stages per Probe
 
 Not all tests include every stage depending on the type of test. For example since the Echo protocol does not involve TLS Echo tests will never fail with outcomes classified as `tls`. Here are the stages for each test type.
 
-##### Discard
+#### Discard
 
 ![discard connection diagram](diagrams/discard.svg)
 
-##### Echo
+#### Echo
 
 ![echo connection diagram](diagrams/echo.svg)
 
-##### HTTP
+#### HTTP
 
 ![http connection diagram](diagrams/http.svg)
 
-##### HTTPS
+#### HTTPS
 
 ![https connection diagram](diagrams/https.svg)
 
-### Outcome Classes
+#### DNS
+
+![dns connection diagram](diagrams/dns.svg)
+
+## Outcome Classes
 
 Basic outcomes represent simplest types of errors, as well as the `match` case (no error detected).
 
@@ -76,4 +78,9 @@ Mismatch Errors are used when the connection is successful, but the content rece
 | body_mismatch           | The HTTP body didn't match, potentially a blockpage |
 | tls_mismatch            | An element of the TLS connection (certificate, cipher suite, or TLS version) didn't match |
 | blockpage               | The response was unexpected and matched a [known blockpage]((https://github.com/censoredplanet/censoredplanet-analysis/blob/master/pipeline/metadata/data/blockpage_signatures.json)) |
-| trusted_host            | The response didn't match the expected response for the template. But it did match a common known server pattern, and is likely not censorship. This outcome is used for CDNs that respond in network-specific ways to domains they host. |
+| trusted_host            | The response didn't match the expected response for the template. But it did match a common known server pattern, and is likely not censorship. This outcome is used for CDNs that respond in network-specific ways to domains they host. |
+
+## DNS Outcomes
+
+The Satellite data uses its own unique set of outcomes
+
diff --git a/docs/satellite_base_table.md b/docs/satellite_base_table.md