Closed Bug 1553601 Opened 5 years ago Closed 5 years ago

Check how we want to isolate h2 proxy tunneling sessions

Categories

(Core :: Networking: HTTP, task)

Product:
Core
Component:
Networking: HTTP
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox69 --- affected

People

(Reporter: mayhemer, Unassigned)

References

Details

Request:
have one h2 tunnel -> one h2 session in 1:1 relation with a single TOKEN

Concern:
the connection isolation key consist of origin, origin attributes, tls flags, proxy info and now also the TOKEN

I think we over-isolate and we always create a new h2 session (+a connection to the proxy and a tunnel, obviously) for every new origin, container etc...

Maybe this is what we want, but I want to make sure we are aware of this issue and decide if that is really what we want from the perspective of possible scalability issues and performance.

The other option is to use one h2 session (+connection) bound to the token and let it carry create multiple tunnels to different origins (isolated normally); this means Necko changes...

Flags: needinfo?(dd.mozilla)

Confirmed with the test from bug 1554190 that for different origins we use a single session with the proxy and multiple tunnels (streams). So this is WFM. The test also checks we isolate sessions (=connections) when the isolation token is changed.

Status: NEW → RESOLVED
Closed: 5 years ago
Flags: needinfo?(dd.mozilla)
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.