rubkv
October 15, 2023, 12:29am
10
Подтверждаю. Тоже есть периодические проблемы с доступом к Firebase через Мегафон и Ростелеком (Теле2). Начались примерно 3-4 дня назад. Database location: nam5 (не знаю имеет ли это значение).
Не знаю куда копать…
У меня все началось в ночь 7-8.10.2023. С каждым днем у большего числа людей начинает глючить. Домашние, мобильные сети, уже независимо от провайдера. Но еще есть у кого нормально работает. Видимо постепенно вводят свои блокировки
Все предыдущие домены, которые были недоступны год назад, работают.
rubkv
October 15, 2023, 4:43pm
13
Аналогично, всё так. С каждым днём всё большее количество пользователей жалуются на ошибку о недоступности БД Firebase. Подскажите, какая у вас локация серверов в Firebase, nam5 или другая?
Пока не понимаю как отловить заблокированные IP-адреса, чтобы сообщить здесь. У тех пользователей, у которых проблема с доступностью Firebase если включить VPN - всё работает отлично.
amen
October 15, 2023, 5:35pm
15
Такая же проблема, началась 3 дня назад.
Если кто найдет решение этой проблемы, было бы здорово.
С VPN тоже все работает.
rubkv
October 15, 2023, 6:26pm
16
Коллеги, есть у кого-нибудь возможность попробовать отловить какие IP-адреса все-таки попали под блокировку? У нас авторизации нет, но проблема с запуском приложений из-за недоступности Firebase - есть.
Я попробую сегодня собрать дамп через PCAPdroid , может тоже кто-нибудь попробует отловить заблокированные адреса? Едва ли такая частичная блокировка серверов Firebase носит преднамеренный характер?
Firebase изначально работал по протоколу XMPP, но сейчас он объявлен deprecated и используется HTTP API.Обсуждение: Блокировка Jabber/XMPP в России ?
У нас тоже проблема, у многих пользователей (зависит походу от интернет провайдера) не работают запросы к firestore, причем только во flutter-библиотеке. Firebase Admin SDK и Firebase web SDK ок.cloud_firestore | Flutter Package работет на XMPP и из за этого возникают проблемы. Пока непонятно как это решать.
usnevst
October 16, 2023, 7:50am
20
Firebase Cloud Messaging XMPP protocol Authorize send requests
// Production
fcm-xmpp.googleapis.com:5235
// Testing
fcm-xmpp.googleapis.com:5236
You must initiate a Transport Layer Security (TLS) connection. Note that FCM doesn’t currently support the STARTTLS extension.
opened 02:31PM - 19 Nov 22 UTC
closed 11:07AM - 21 Nov 22 UTC
type: bug
resolution: invalid
## Bug report
**Describe the bug**
In rare cases i get a TLS handshake excep… tion in my mobile app which doesn't fulfill the current request.
Here some details i encountered:
- the errors happen on emulators and physical devices
- they happen when performing CRUD requests against Firestore
- no Crashlytics entry is automatically created when such an error happens
### Steps to reproduce
Not reproducible
### Expected behavior
These kinds of errors should not happen and if so they should not abort the current request.
Also i would like to know why/when these kind of errors can happen and how i can handle them.
---
## Additional context
This is the error i get:
```
[tcp] tcp_input [C39.1:3] flags=[R] seq=1852302311, ack=0, win=0 state=ESTABLISHED rcv_nxt=1852302311, snd_una=1889288412
Connection 39: received failure notification
Connection 39: received ECONNRESET with incomplete TLS handshake - generating errSSLClosedNoNotify
Connection 39: failed to connect 3:-9816, reason -1
Connection 39: encountered error(3:-9816)
Task <D5EDE561-3569-4EC8-8108-93A1650CAF06>.<1> HTTP load failed, 0/0 bytes (error code: -1200 [3:-9816])
[tcp] tcp_input [C39.1:3] flags=[R] seq=1852302311, ack=0, win=0 state=CLOSED rcv_nxt=1852302311, snd_una=1889288412
Task <D5EDE561-3569-4EC8-8108-93A1650CAF06>.<1> finished with error [-1200] Error Domain=NSURLErrorDomain Code=-1200
"Es ist ein SSL-Fehler aufgetreten. Eine sichere Verbindung zum Server kann nicht hergestellt werden."
UserInfo={NSErrorFailingURLStringKey=https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=myKey, NSLocalizedRecoverySuggestion=Soll die Verbindung zum Server trotzdem hergestellt werden?, _kCFStreamErrorDomainKey=3, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <D5EDE561-3569-4EC8-8108-93A1650CAF06>.<1>, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <D5EDE561-3569-4EC8-8108-93A1650CAF06>.<1>"
), NSLocalizedDescription=Es ist ein SSL-Fehler aufgetreten. Eine sichere Verbindung zum Server kann nicht hergestellt werden., NSErrorFailingURLKey=https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=myKey, NSUnderlyingError=0x281761fe0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9816, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9816, _NSURLErrorNWPathKey=satisfied (Path is satisfied), viable, interface: en0, ipv4, ipv6, dns}}, _kCFStreamErrorCodeKey=-9816}
[tcp] tcp_input [C39.1:3] flags=[R] seq=1852302311, ack=0, win=0 state=CLOSED rcv_nxt=1852302311, snd_una=1889288412
```
---
### Flutter doctor
Run `flutter doctor` and paste the output below:
<details><summary>Click To Expand</summary>
```
Doctor summary (to see all details, run flutter doctor -v):
[✓] Flutter (Channel stable, 3.3.5, on macOS 12.6.1 21G217 darwin-arm, locale en-CH)
[✓] Android toolchain - develop for Android devices (Android SDK version 33.0.0-rc1)
[✓] Xcode - develop for iOS and macOS (Xcode 13.4.1)
[✓] Chrome - develop for the web
[✓] Android Studio (version 2021.1)
[✓] IntelliJ IDEA Ultimate Edition (version 2022.2.3)
[✓] VS Code (version 1.73.0)
[✓] Connected device (4 available)
[✓] HTTP Host Availability
• No issues found!
```
</details>
---
### Flutter dependencies
Run `flutter pub deps -- --style=compact` and paste the output below:
<details><summary>Click To Expand</summary>
```
Dart SDK 2.18.2
Flutter SDK 3.3.5
mrcleaner 1.0.16+20
dependencies:
- badges 2.0.2 [flutter]
- beamer 1.5.3 [flutter flutter_web_plugins]
- camera 0.9.7+1 [camera_platform_interface camera_web flutter flutter_plugin_android_lifecycle quiver]
- cloud_firestore 4.0.4 [cloud_firestore_platform_interface cloud_firestore_web collection firebase_core firebase_core_platform_interface flutter meta]
- cloud_functions 4.0.3 [cloud_functions_platform_interface cloud_functions_web firebase_core firebase_core_platform_interface flutter]
- country_code_picker 2.0.2 [flutter modal_bottom_sheet collection universal_platform]
- cross_file 0.3.3+2 [js meta]
- email_validator 2.0.1
- file_picker 5.2.2 [flutter flutter_web_plugins flutter_plugin_android_lifecycle plugin_platform_interface ffi path win32]
- firebase_analytics 10.0.4 [firebase_analytics_platform_interface firebase_analytics_web firebase_core firebase_core_platform_interface flutter]
- firebase_app_check 0.1.1+3 [firebase_app_check_platform_interface firebase_app_check_web firebase_core firebase_core_platform_interface flutter]
- firebase_auth 4.1.1 [firebase_auth_platform_interface firebase_auth_web firebase_core firebase_core_platform_interface flutter meta]
- firebase_core 2.1.1 [firebase_core_platform_interface firebase_core_web flutter meta]
- firebase_crashlytics 3.0.4 [firebase_core firebase_core_platform_interface firebase_crashlytics_platform_interface flutter stack_trace]
- firebase_messaging 14.0.4 [firebase_core firebase_core_platform_interface firebase_messaging_platform_interface firebase_messaging_web flutter meta]
- firebase_storage 11.0.4 [firebase_core firebase_core_platform_interface firebase_storage_platform_interface firebase_storage_web flutter]
- flutter 0.0.0 [characters collection material_color_utilities meta vector_math sky_engine]
- flutter_cache_manager 3.3.0 [clock collection file flutter http path path_provider pedantic rxdart sqflite uuid]
- flutter_image_compress 1.1.3 [flutter]
- flutter_localizations 0.0.0 [flutter intl characters clock collection material_color_utilities meta path vector_math]
- flutter_native_splash 2.2.2 [args flutter flutter_web_plugins image js lint meta path universal_io xml yaml]
- flutter_phone_direct_caller 2.1.1 [flutter]
- flutter_riverpod 2.1.1 [collection flutter meta riverpod state_notifier]
- flutter_sfsymbols 2.0.0 [flutter]
- flutter_spinkit 5.1.0 [flutter]
- get_it 7.2.0 [async collection]
- google_maps_flutter 2.1.8 [flutter flutter_plugin_android_lifecycle google_maps_flutter_platform_interface]
- grouped_list 5.1.1 [flutter]
- http 0.13.5 [async http_parser meta path]
- image 3.2.0 [archive meta xml]
- internet_connection_checker 0.0.1+4
- intl 0.17.0 [clock path]
- jiffy 5.0.0 [intl]
- package_info_plus 1.4.3+1 [flutter package_info_plus_platform_interface package_info_plus_linux package_info_plus_macos package_info_plus_windows package_info_plus_web]
- pdfx 2.3.0 [flutter flutter_web_plugins plugin_platform_interface js device_info_plus uuid meta extension synchronized universal_platform photo_view vector_math]
- photo_view 0.14.0 [flutter]
- share_plus 6.0.1 [cross_file meta mime flutter flutter_web_plugins share_plus_platform_interface file url_launcher ffi win32]
- shared_preferences 2.0.15 [flutter shared_preferences_android shared_preferences_ios shared_preferences_linux shared_preferences_macos shared_preferences_platform_interface shared_preferences_web shared_preferences_windows]
- sumup 0.5.0 [flutter]
- uni_links 0.5.1 [flutter uni_links_platform_interface uni_links_web]
- url_launcher 6.1.6 [flutter url_launcher_android url_launcher_ios url_launcher_linux url_launcher_macos url_launcher_platform_interface url_launcher_web url_launcher_windows]
- uuid 3.0.6 [crypto]
dev dependencies:
- flutter_test 0.0.0 [flutter test_api path fake_async clock stack_trace vector_math async boolean_selector characters collection matcher material_color_utilities meta source_span stream_channel string_scanner term_glyph]
- mocktail 0.3.0 [collection matcher test]
- very_good_analysis 2.4.0
transitive dependencies:
- _fe_analyzer_shared 40.0.0 [meta]
- _flutterfire_internals 1.0.7 [cloud_firestore_platform_interface cloud_firestore_web collection firebase_core firebase_core_platform_interface flutter meta]
- analyzer 4.1.0 [_fe_analyzer_shared collection convert crypto glob meta package_config path pub_semver source_span watcher yaml]
- archive 3.3.0 [crypto path]
- args 2.3.1
- async 2.9.0 [collection meta]
- boolean_selector 2.1.0 [source_span string_scanner]
- camera_platform_interface 2.2.0 [cross_file flutter plugin_platform_interface stream_transform]
- camera_web 0.2.1+6 [camera_platform_interface flutter flutter_web_plugins stream_transform]
- characters 1.2.1
- clock 1.1.1
- cloud_firestore_platform_interface 5.8.4 [_flutterfire_internals collection firebase_core flutter meta plugin_platform_interface]
- cloud_firestore_web 3.0.4 [_flutterfire_internals cloud_firestore_platform_interface collection firebase_core firebase_core_web flutter flutter_web_plugins js]
- cloud_functions_platform_interface 5.1.22 [firebase_core flutter meta plugin_platform_interface]
- cloud_functions_web 4.3.11 [cloud_functions_platform_interface firebase_core firebase_core_web flutter flutter_web_plugins js]
- collection 1.16.0
- convert 3.0.2 [typed_data]
- coverage 1.3.2 [args logging package_config path source_maps stack_trace vm_service]
- crypto 3.0.2 [typed_data]
- device_info_plus 4.1.3 [flutter device_info_plus_platform_interface device_info_plus_macos device_info_plus_linux device_info_plus_web device_info_plus_windows]
- device_info_plus_linux 3.0.0 [device_info_plus_platform_interface file flutter meta]
- device_info_plus_macos 3.0.0 [device_info_plus_platform_interface flutter]
- device_info_plus_platform_interface 3.0.0 [flutter meta plugin_platform_interface]
- device_info_plus_web 3.0.0 [device_info_plus_platform_interface flutter_web_plugins flutter]
- device_info_plus_windows 4.1.0 [device_info_plus_platform_interface ffi flutter win32]
- extension 0.5.0
- fake_async 1.3.1 [clock collection]
- ffi 2.0.1
- file 6.1.2 [meta path]
- firebase_analytics_platform_interface 3.3.12 [_flutterfire_internals firebase_core flutter meta plugin_platform_interface]
- firebase_analytics_web 0.5.1+3 [_flutterfire_internals firebase_analytics_platform_interface firebase_core firebase_core_web flutter flutter_web_plugins js]
- firebase_app_check_platform_interface 0.0.5+6 [_flutterfire_internals firebase_core flutter meta plugin_platform_interface]
- firebase_app_check_web 0.0.7+6 [_flutterfire_internals firebase_app_check_platform_interface firebase_core firebase_core_web flutter flutter_web_plugins js]
- firebase_auth_platform_interface 6.11.1 [_flutterfire_internals collection firebase_core flutter meta plugin_platform_interface]
- firebase_auth_web 5.1.1 [firebase_auth_platform_interface firebase_core firebase_core_web flutter flutter_web_plugins http_parser intl js meta]
- firebase_core_platform_interface 4.5.2 [collection flutter flutter_test meta plugin_platform_interface]
- firebase_core_web 2.0.1 [firebase_core_platform_interface flutter flutter_web_plugins js meta]
- firebase_crashlytics_platform_interface 3.3.5 [_flutterfire_internals collection firebase_core flutter meta plugin_platform_interface]
- firebase_messaging_platform_interface 4.2.5 [_flutterfire_internals firebase_core flutter meta plugin_platform_interface]
- firebase_messaging_web 3.2.5 [_flutterfire_internals firebase_core firebase_core_web firebase_messaging_platform_interface flutter flutter_web_plugins js meta]
- firebase_storage_platform_interface 4.1.22 [collection firebase_core flutter meta plugin_platform_interface]
- firebase_storage_web 3.3.14 [_flutterfire_internals async firebase_core firebase_core_web firebase_storage_platform_interface flutter flutter_web_plugins http js meta]
- flutter_plugin_android_lifecycle 2.0.6 [flutter]
- flutter_web_plugins 0.0.0 [flutter js characters collection material_color_utilities meta vector_math]
- frontend_server_client 2.1.3 [async path]
- glob 2.0.2 [async collection file path string_scanner]
- google_maps_flutter_platform_interface 2.2.0 [collection flutter plugin_platform_interface stream_transform]
- http_multi_server 3.2.0 [async]
- http_parser 4.0.1 [collection source_span string_scanner typed_data]
- io 1.0.3 [meta path string_scanner]
- js 0.6.4
- lint 1.8.2
- logging 1.0.2
- matcher 0.12.12 [stack_trace]
- material_color_utilities 0.1.5
- meta 1.8.0
- mime 1.0.2
- modal_bottom_sheet 2.1.0 [flutter]
- node_preamble 2.0.1
- package_config 2.0.2 [path]
- package_info_plus_linux 1.0.5 [package_info_plus_platform_interface flutter path]
- package_info_plus_macos 1.3.0 [flutter]
- package_info_plus_platform_interface 1.0.2 [flutter meta plugin_platform_interface]
- package_info_plus_web 1.0.5 [flutter flutter_web_plugins http meta package_info_plus_platform_interface]
- package_info_plus_windows 2.1.0 [package_info_plus_platform_interface ffi flutter win32]
- path 1.8.2
- path_provider 2.0.10 [flutter path_provider_android path_provider_ios path_provider_linux path_provider_macos path_provider_platform_interface path_provider_windows]
- path_provider_android 2.0.14 [flutter path_provider_platform_interface]
- path_provider_ios 2.0.9 [flutter path_provider_platform_interface]
- path_provider_linux 2.1.7 [ffi flutter path path_provider_platform_interface xdg_directories]
- path_provider_macos 2.0.6 [flutter path_provider_platform_interface]
- path_provider_platform_interface 2.0.4 [flutter platform plugin_platform_interface]
- path_provider_windows 2.1.3 [ffi flutter path path_provider_platform_interface win32]
- pedantic 1.11.1
- petitparser 5.0.0 [meta]
- platform 3.1.0
- plugin_platform_interface 2.1.3 [meta]
- pool 1.5.0 [async stack_trace]
- process 4.2.4 [file path platform]
- pub_semver 2.1.1 [collection meta]
- quiver 3.1.0 [matcher]
- riverpod 2.1.1 [collection meta stack_trace state_notifier]
- rxdart 0.27.4
- share_plus_platform_interface 3.1.2 [cross_file flutter meta mime plugin_platform_interface]
- shared_preferences_android 2.0.14 [flutter shared_preferences_platform_interface]
- shared_preferences_ios 2.1.1 [flutter shared_preferences_platform_interface]
- shared_preferences_linux 2.1.1 [file flutter path path_provider_linux path_provider_platform_interface shared_preferences_platform_interface]
- shared_preferences_macos 2.0.4 [flutter shared_preferences_platform_interface]
- shared_preferences_platform_interface 2.1.0 [flutter plugin_platform_interface]
- shared_preferences_web 2.0.4 [flutter flutter_web_plugins shared_preferences_platform_interface]
- shared_preferences_windows 2.1.1 [file flutter path path_provider_platform_interface path_provider_windows shared_preferences_platform_interface]
- shelf 1.3.0 [async collection http_parser path stack_trace stream_channel]
- shelf_packages_handler 3.0.0 [path shelf shelf_static]
- shelf_static 1.1.0 [convert http_parser mime path shelf]
- shelf_web_socket 1.0.1 [shelf stream_channel web_socket_channel]
- sky_engine 0.0.99
- source_map_stack_trace 2.1.0 [path stack_trace source_maps]
- source_maps 0.10.10 [source_span]
- source_span 1.9.0 [collection path term_glyph]
- sqflite 2.0.2+1 [flutter sqflite_common path]
- sqflite_common 2.2.1+1 [synchronized path meta]
- stack_trace 1.10.0 [path]
- state_notifier 0.7.2+1 [meta]
- stream_channel 2.1.0 [async]
- stream_transform 2.0.0
- string_scanner 1.1.1 [source_span]
- synchronized 3.0.0+2
- term_glyph 1.2.1
- test 1.21.4 [analyzer async boolean_selector collection coverage http_multi_server io js node_preamble package_config path pool shelf shelf_packages_handler shelf_static shelf_web_socket source_span stack_trace stream_channel typed_data web_socket_channel webkit_inspection_protocol yaml test_api test_core]
- test_api 0.4.12 [async boolean_selector collection meta source_span stack_trace stream_channel string_scanner term_glyph matcher]
- test_core 0.4.16 [analyzer async args boolean_selector collection coverage frontend_server_client glob io meta package_config path pool source_map_stack_trace source_maps source_span stack_trace stream_channel vm_service yaml matcher test_api]
- typed_data 1.3.1 [collection]
- uni_links_platform_interface 1.0.0 [flutter plugin_platform_interface]
- uni_links_web 0.1.0 [flutter flutter_web_plugins uni_links_platform_interface]
- universal_io 2.0.4 [collection crypto meta typed_data]
- universal_platform 1.0.0+1
- url_launcher_android 6.0.19 [flutter url_launcher_platform_interface]
- url_launcher_ios 6.0.17 [flutter url_launcher_platform_interface]
- url_launcher_linux 3.0.1 [flutter url_launcher_platform_interface]
- url_launcher_macos 3.0.1 [flutter url_launcher_platform_interface]
- url_launcher_platform_interface 2.1.1 [flutter plugin_platform_interface]
- url_launcher_web 2.0.13 [flutter flutter_web_plugins url_launcher_platform_interface]
- url_launcher_windows 3.0.1 [flutter url_launcher_platform_interface]
- vector_math 2.1.2
- vm_service 8.3.0
- watcher 1.0.1 [async path]
- web_socket_channel 2.2.0 [async crypto stream_channel]
- webkit_inspection_protocol 1.1.0 [logging]
- win32 3.0.1 [ffi]
- xdg_directories 0.2.0+1 [meta path process]
- xml 6.1.0 [collection meta petitparser]
- yaml 3.1.1 [collection source_span string_scanner]
```
</details>
---
it is just a wrapper around native Firebase SDKs
amen
October 16, 2023, 9:30am
21
В Android Cloud Firestore такая же проблема, flutter не используется, да и FCM не используем.
rubkv
October 16, 2023, 9:54am
22
Аналогично. Flutter и не FCM не используем в этом проекте, но доступа у пользователей без VPN - нет. Значит вряд ли ошибка в блокировке XMPP?
Экспериментальным путем выяснили, что проблема с доступом к Cloud Firestore, доступ к Firebase Remote Config, например, есть у всех пользователей.
usnevst
October 16, 2023, 10:08am
23
У firebaseremoteconfig.googleapis.com туча адресов, у firestore.googleapis.com один. Они иногда пересекаются.
Адреса firestore.googleapis.com для разных geoip клиентов
142.250.179.234
rubkv
October 16, 2023, 11:10am
24
Если я правильно смотрю дамп, то нет ответа на Client Hello как минимум от двух IP-адресов.
25 2.264054 192.168.1.118 216.58.209.202 TLSv1 234 Client Hello
61 3.566939 192.168.1.118 216.58.211.226 TLSv1 583 Client Hello
По некоторым IP-адресам есть ответ Server Hello:
Но не уверен, что правильно смотрю.
usnevst
October 16, 2023, 6:05pm
25
Чем заканчиваются TCP streams c этими Retransmission?
PCAPdroid использует zdtun , реализуя логику tun2socket. Пишет пакеты клиента на VPN интерфейсе, транслируя дату в сетевые сокеты. ACK’ает пакеты клиента при удачной записи в сокет, связь с ответом сервера косвенная. Дампы, при блокировке, могут сильно отличаться от снятых на внешнем интерфейсе или далее в сети. Retransmission может совсем не быть в дампах PCAPdroid, при реальной блокировке. Получается, надо смотреть все streams.
РКН ранее уже блокировал Google . Было масштабней, не нужно было искать иголку в стогу сена. Но можно использовать тот опыт для сбора всех адресов используемых гуглом для apis. Только не понятно, каких apis, блокируют ли проблемные адреса на всех ТСПУ, что именно по адресам блокируют.
usnevst
October 17, 2023, 12:18pm
27
Мобильные платформы существуют в мире единорогов и розовых пони, там никогда не бывает сетевых сбоев. “client is offline” (unavailable) возвращает также когда проблемы с бэкендом, но апи доступно и отвечает. Идеальная цель для РКН, могут кошмарить и отмараживаться.
Удалось выяснить, к какому домену идут эти запросы?
murka
October 18, 2023, 7:10am
30
googleapis.com
firestore.googleapis.com
oauth2.googleapis.com
play.googleapis.com
dns.google
