Ensure WebRTC connections are partitioned
Categories
(Core :: WebRTC, defect, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox86 | --- | fixed |
People
(Reporter: annevk, Assigned: bwc)
References
(Blocks 1 open bug)
Details
Attachments
(1 file, 1 obsolete file)
From discussion with Byron and Jan-Ivar it appears name lookups and connections might not always be suitably partitioned using a principal.
Byron was willing to provide a couple pointers to the relevant code and I was hoping Tim (or colleague) would be willing to take a look as to how it might have to be adjusted to take advantage of network partitioning.
|
Assignee | |
Comment 1•5 years ago
|
||
Here's the code that we use to open TCP sockets:
We use a System principal for the proxy info lookup here:
We use the loading principal for the channel (in the web proxy case) here:
We do not seem to be using any principal when opening a TCP stream in the non-proxy case; this code just uses nsISocketTransport. I am not sure how one would tell this interface about principal stuff, but maybe SetOriginAttributes would be the thing to use?
I should note that I am working on delegating all DNS lookups for TCP to WebrtcTCPSocket (and therefore Necko) over in bug 1416220. I should also note that our mochitests exercise the localhost case on linux and OS X. Right now the patches for bug 1416220 are not working on the linux testers for some reason, although these tests do work on my own linux box. Not sure what is up with that, I may be tripping over some of the localhost-related policy.
|
Reporter | |
Comment 2•5 years ago
|
||
Thanks Byron! I hope that Tim has time to take a look. We should probably also look at the UDP connections?
|
|
Assignee | |
Comment 3•5 years ago
•
|
||
Right now, the DNS resolution for both UDP and TCP is handled here:
Bug 1416220 will stop using this for TCP, but UDP will continue to use it.
The UDP socket code does different things depending on how processes are set up:
For the socket process and parent process case, we use a plain NrSocket for UDP. Note that this is very low level API, and will certainly not be able to handle DNS on its own:
For the content process case, we use NrUdpSocketIpc, which in turn relies on UDPSocketChild, which may be able to handle DNS on its own:
In order to delegate DNS lookups to Necko for our UDP sockets, we would want to unify these two cases, probably relying on UDPSocketChild for both (unless on the parent process, but it is unclear if we even want to continue supporting that).
|
||
Comment 4•5 years ago
|
||
From the code, it looks that we can partition the WebRTC connections. Right now, the partition key is from the cookieJarSettings. So, we can have the connection partitioned if we can get the cookieJarSettings from the content.
For TCP connections, I think we can get the cookieJarSettings from the loadInfo passed by the mProxyConfig. And set it to the channel here.
For UDP connections, we can set the originAttributes to the nsISocketTransport directly. But I am not sure if we can get the loadInfo from the content in this case.
I need more time to check the DNS resolution.
Byron, I have two questions here. Does the loadInfo in the mProxyConfig came from the content document? Does WebRTC have another way to pass information from the content document other than mProxyConfig? Thanks.
|
|
Reporter | |
Updated•5 years ago
|
|
|
Assignee | |
Comment 5•5 years ago
|
||
(In reply to Tim Huang[:timhuang] from comment #4)
From the code, it looks that we can partition the WebRTC connections. Right now, the partition key is from the cookieJarSettings. So, we can have the connection partitioned if we can get the cookieJarSettings from the content.
For TCP connections, I think we can get the cookieJarSettings from the loadInfo passed by the
mProxyConfig. And set it to the channel here.For UDP connections, we can set the originAttributes to the
nsISocketTransportdirectly. But I am not sure if we can get the loadInfo from the content in this case.I need more time to check the DNS resolution.
Byron, I have two questions here. Does the loadInfo in the mProxyConfig came from the content document? Does WebRTC have another way to pass information from the content document other than mProxyConfig? Thanks.
Hmm, it seems not: https://searchfox.org/mozilla-central/rev/1843375acbbca68127713e402be222350ac99301/dom/media/webrtc/jsapi/PeerConnectionMedia.cpp#874
I think it would be possible to fix this, though. mProxyConfig is the only way we would pass this kind of information, although it has to go through the MediaTransportHandler ipdl as an NrSocketProxyConfig first.
|
|
Assignee | |
Comment 6•5 years ago
|
||
So would it be appropriate to use this LoadInfo c'tor with the Document's LoadPrincipal? Or is there some other way we should be doing this?
I seem to recall having some difficulty using the "real" principal here back when I wrote this code, but let me try.
|
|
Assignee | |
Comment 7•5 years ago
|
||
|
|
Assignee | |
Comment 8•5 years ago
|
||
Ok, the patch in comment 7 seems to work ok. In order to set the cookie jar stuff, I guess NewChannelFromURIWithProxyFlags would have to take another param, or maybe we could expose NewChannelFromURIWithProxyFlagsInternal since that takes a LoadInfo, which is what we already have.
|
|
||
Comment 9•5 years ago
|
||
(In reply to Byron Campen [:bwc] from comment #6)
So would it be appropriate to use this LoadInfo c'tor with the Document's LoadPrincipal? Or is there some other way we should be doing this?
Yes, I think this is correct. And the CookieJarSettings will be inherited from the document here.
(In reply to Byron Campen [:bwc] from comment #8)
Ok, the patch in comment 7 seems to work ok. In order to set the cookie jar stuff, I guess NewChannelFromURIWithProxyFlags would have to take another param, or maybe we could expose NewChannelFromURIWithProxyFlagsInternal since that takes a LoadInfo, which is what we already have.
I think you can set the cookieJarSettings to the loadInfo of the channel before opening it. So, we don't need the NewChannelFromURIWithProxyFlagsInternal.
|
|
Assignee | |
Comment 10•5 years ago
|
||
(In reply to Tim Huang[:timhuang] from comment #9)
(In reply to Byron Campen [:bwc] from comment #6)
So would it be appropriate to use this LoadInfo c'tor with the Document's LoadPrincipal? Or is there some other way we should be doing this?
Yes, I think this is correct. And the CookieJarSettings will be inherited from the document here.
(In reply to Byron Campen [:bwc] from comment #8)
Ok, the patch in comment 7 seems to work ok. In order to set the cookie jar stuff, I guess NewChannelFromURIWithProxyFlags would have to take another param, or maybe we could expose NewChannelFromURIWithProxyFlagsInternal since that takes a LoadInfo, which is what we already have.
I think you can set the cookieJarSettings to the loadInfo of the channel before opening it. So, we don't need the
NewChannelFromURIWithProxyFlagsInternal.
So I guess we can stomp the LoadInfo with nsIChannel::SetLoadInfo? I'll need to double check that we don't lose any of the flags by doing that.
|
||
Updated•5 years ago
|
|
|
||
Comment 11•5 years ago
|
||
(In reply to Byron Campen [:bwc] from comment #10)
So I guess we can stomp the LoadInfo with nsIChannel::SetLoadInfo? I'll need to double check that we don't lose any of the flags by doing that.
You don't need to set the whole loadInfo. The loadInfo will also be created when creating the channel. All you need to do is to set the CookieJarSettings to the loadInfo of the channel.
|
|
Assignee | |
Comment 12•5 years ago
•
|
||
|
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Comment 13•5 years ago
|
||
Try looks good.
|
|
Assignee | |
Comment 14•5 years ago
|
||
|
|
Assignee | |
Comment 15•5 years ago
|
||
Strawman patch up for review. What else needs to be done here besides the work over in bug 1416220?
|
|
||
Comment 16•5 years ago
|
||
I have a question regarding the non-proxy connections.
In which case the non-proxy connections could be established? If it could be established due to the script in the content, then I think we should also find a way to partition it. If not, and the content script cannot observe non-proxy channels, then I think it's fine.
Byron, could you answer this for me? Thanks.
|
|
Assignee | |
Comment 17•5 years ago
|
||
(In reply to Tim Huang[:timhuang] from comment #16)
I have a question regarding the non-proxy connections.
In which case the non-proxy connections could be established? If it could be established due to the script in the content, then I think we should also find a way to partition it. If not, and the content script cannot observe non-proxy channels, then I think it's fine.
Byron, could you answer this for me? Thanks.
Non-proxy connections would be established by JS in the same way proxied ones are, the thing that makes the difference is whether an http proxy is configured. The code that opens the non-proxied TCP socket is here:
How would one go about partitioning this? Bear in mind that at this stage, DNS lookup will be finished already. This is just establishing a raw TCP socket over which media data will flow, so there's not going to be any cacheing or anything, so maybe there's nothing to partition?
|
|
||
Comment 18•5 years ago
|
||
We have also partitioned the HTTP connection pool beside the HTTP cache. Could the non-proxy connections be reused? If so, I think we should also partition it.
|
|
Assignee | |
Comment 19•5 years ago
|
||
So in the non-proxy case, there is no http connection at all. It is a raw TCP socket.
|
|
||
Comment 20•5 years ago
|
||
Ah, I didn't get your point in the first place. I think you are right that there is no point to partition a raw TCP socket.
|
|
Assignee | |
Comment 21•5 years ago
|
||
|
||
Updated•5 years ago
|
|
||
Comment 22•5 years ago
|
||
There's a r+ patch which didn't land and no activity in this bug for 2 weeks.
:bwc, could you have a look please?
For more information, please visit auto_nag documentation.
|
|
Assignee | |
Comment 23•5 years ago
|
||
|
||
Updated•5 years ago
|
|
|
Assignee | |
Comment 24•5 years ago
|
||
Had to rebase, and re-test manually. Try looks good. Let's try landing again.
|
||
Comment 25•5 years ago
|
||
|
||
Comment 26•5 years ago
|
||
| bugherder | ||
Description
•