checkpoint

censoredplanet · Sep 22, 2023 · 911b3c0 · 911b3c0
1 parent 9b1637f
commit 911b3c0
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 19 deletions.
diff --git a/docs/diagrams/dns.msc b/docs/diagrams/dns.msc
@@ -5,8 +5,11 @@ msc {
   probe=>remote [ label = "Write DNS Query over UDP" ];
   probe<=remote [ label = "Read Response" ];
   probe box probe [label="Validate IP Match"];
-  probe=>remote [ label = "Query Non-matching IPs for Domain over HTTP/S" ];
+  probe=>remote [ label = "Query Non-matching IPs for Domain over HTTPS" ];
   probe<=remote [ label = "Read Responses" ];
   probe box probe [label="Validate response certificate for domain"];
+  probe=>remote [ label = "Query Non-matching IPs for Domain over HTTP" ];
+  probe<=remote [ label = "Read Responses" ];
+  probe box probe [label="Check response content"];
   probe box probe [label="Test Complete"];
 }
diff --git a/docs/diagrams/dns.svg b/docs/diagrams/dns.svg
diff --git a/docs/outcome.md b/docs/outcome.md
@@ -86,14 +86,14 @@ Mismatch Errors are used when the connection is successful, but the content rece
 
 The Satellite data uses its own unique set of outcomes, and does not use stages. The outcomes are based on DNS errors and POSIX TCP/IP socket return codes.
 
-| Outcome                | Additional Outcome Information | Explanation |
-| ---------------------- | ---------------------- | ----------- |
+| Outcome                | Additional Outcome Information Included | Explanation |
+| ---------------------- | --------------------------------------- | ----------- |
 | ✅ip.matchip           |  | The DNS request returned an expected (matching) IP address for the domain |
 | ✅ip.matchasn          |  | The DNS request returned an IP address matching the ASN of an expected IP address |
-| ❗️ip.invalid           | One of `:zero`, `:local_host`, `:local_net` | The DNS request returned an IP that could never be valid. eg. `0.0.0.0`, `127.0.0.1` `10.10.0.0`, `172.16.0.0 |
+| ❗️ip.invalid           | One of `:zero`, `:local_host`, `:local_net` | The DNS request returned an IP that could never be valid. eg. `0.0.0.0`, `127.0.0.1` `10.10.0.0`, `172.16.0.0`` |
 | ❗️ip.empty             |  | The DNS request returned an empty response |
 | ✅tls.validcert        |  | An HTTPS connection to a returned IP address returned a valid certificate which matched the expected domain |
-| ❗️tls.connerror        | `:<returned_ip_autonymous_system_name>` eg `:ERTELECOM_DS_AS` </br> or `:AS<as_number>` eg `:15169` </br> or `:missing_as_info` | Attempting to connect to all returned IP addresses failed |
+| ❗️tls.connerror        | `:<returned_ip_autonymous_system_name>` eg `:ERTELECOM_DS_AS` </br> or `:AS<as_number>` eg `:AS15169` </br> or `:missing_as_info` | Attempting to connect to all returned IP addresses failed |
 | ❗️tls.baddomain        | `:<certificate_common_domain_name>` eg. `:dnsfilter.net` | An HTTPS connection to a returned IP returned a certificate for an unexpected domain. Could indicate a MITM attempt |
 | ❗️tls.badca            | `:<certificate_authority_issuer_name>` eg. `:Fortiguard SDNS Blocked Page` | An HTTPS connection to a returned IP returned an invalid certificate. Could indicate a MITM attempt |
 | ❗️http.blockpage       | `:<blockpage_id>` eg. `:f_gen_id_1_satellite` | An HTTPS request to the returned IP address failed, but an HTTP request returned a [known blockpage](https://github.com/censoredplanet/censoredplanet-analysis/blob/master/pipeline/metadata/data/blockpage_signatures.json) |

diff --git a/docs/satellite_base_table.md b/docs/satellite_base_table.md