Check how we want to isolate h2 proxy tunneling sessions
Categories
(Core :: Networking: HTTP, task)
Tracking
()
Tracking | Status | |
---|---|---|
firefox69 | --- | affected |
People
(Reporter: mayhemer, Unassigned)
References
Details
Request:
have one h2 tunnel -> one h2 session in 1:1 relation with a single TOKEN
Concern:
the connection isolation key consist of origin, origin attributes, tls flags, proxy info and now also the TOKEN
I think we over-isolate and we always create a new h2 session (+a connection to the proxy and a tunnel, obviously) for every new origin, container etc...
Maybe this is what we want, but I want to make sure we are aware of this issue and decide if that is really what we want from the perspective of possible scalability issues and performance.
The other option is to use one h2 session (+connection) bound to the token and let it carry create multiple tunnels to different origins (isolated normally); this means Necko changes...
Reporter | ||
Comment 1•6 years ago
|
||
Confirmed with the test from bug 1554190 that for different origins we use a single session with the proxy and multiple tunnels (streams). So this is WFM. The test also checks we isolate sessions (=connections) when the isolation token is changed.
Description
•