checkpoint

docs/outcome.md

@@ -84,32 +84,24 @@ Mismatch Errors are used when the connection is successful, but the content rece
 
 ## DNS Outcomes
 
-The Satellite data uses its own unique set of outcomes, and does not use stages. The outcomes are based on 
-
-| Outcome                 | Explanation |
-| ----------------------- | ----------- |
-| ✅ip.matchip |  |
-| ✅ip.matchasn |  |
-| ip.invalid |  |
-| ip.empty |  |
-| ✅tls.validcert |  |
-| tls.connerror |  |
-| tls.baddomain |  |
-| tls.badca |  |
-| blockpage |  |
-| dns.connrefused |  |
-| dns.error |  |
-| dns.hostunreach |  |
-| dns.msgsize |  |
-| dns.timedout |  |
-|  |  |
-|  |  |
-|  |  |
-|  |  |
-|  |  |
-|  |  |
-|  |  |
-|  |  |
-|  |  |
-|  |  |
-1
+The Satellite data uses its own unique set of outcomes, and does not use stages. The outcomes are based on DNS and POSIX TCP/IP socket return codes.
+
+| Outcome                | Additional Outcome Information | Explanation |
+| ---------------------- | ---------------------- | ----------- |
+| ✅ip.matchip           |  | The DNS request returned an expected (matching) IP address for the domain |
+| ✅ip.matchasn          |  | The DNS request returned an IP address matching the ASN of an expected IP address |
+| ❗️ip.invalid           | One of `:zero`, `:local_host`, `:local_net` | The DNS request returned an IP that could never be valid. eg. `0.0.0.0`, `127.0.0.1` `10.10.0.0`, `172.16.0.0 |
+| ❗️ip.empty             |  | The DNS request returned an empty response |
+| ✅tls.validcert        |  | An HTTPS connection to a returned IP address returned a valid certificate which matched the expected domain |
+| ❗️tls.connerror        | `:<returned_ip_autonymous_system_name` eg `:ROSTELCOM` or `:AS<as_number` eg `:15169` or `:missing_as_info` | Attempting to connect to all returned IP addresses failed |
+| ❗️tls.baddomain        | `:<certificate_common_domain_name>` eg. `:` | An HTTPS connection to a returned IP returned a certificate for an unexpected domain. Could indicate a MITM attempt |
+| ❗️tls.badca            | `:<certificate_authority_issuer_name` eg. `:` | An HTTPS connection to a returned IP returned an invalid certificate |
+| ❗️http.blockpage       | `:<blockpage_id>` eg. `` | An HTTPS request to the returned IP address failed, but an HTTP request returned a [known blockpage](((https://github.com/censoredplanet/censoredplanet-analysis/blob/master/pipeline/metadata/data/blockpage_signatures.json))) |
+| ❗️dns.connrefused      |  | The DNS connection was refused |
+| ❗️dns.error            | `:<rcode_error_string>` eg. `:NXDomain` | The DNS request returned an [RCode]((https://datatracker.ietf.org/doc/html/rfc5395#section-2.3)) error |
+| ❗️dns.msgsize          |  | The DNS connection was refused |
+| ❗️dns.timedout         |  | The DNS request timed out |
+| ❗️dns.protocol_error   |  | The DNS request failed with a protocol error |
+| ❗️unknown_error        |  | An unknown error occured |
+| ❔dns.hostunreach      |  | The IP address returned from the DNS request was unreachable |
+| ❔setup.system_failure |  | There was a test system failure, rendering the test invalid |