Closed Bug 1901295 Opened 4 months ago Closed 2 months ago

[meta] Fast UDP for Firefox - basic end-to-end integration (single-packet)

Categories

(Core :: Networking, task, P2)

Product:
Core
Component:
Networking
Version:
Firefox 126
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
130 Branch
Tracking Flags:
Tracking Status
firefox130 --- fixed

People

(Reporter: mail, Assigned: mail)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Keywords: meta, Whiteboard: [necko-triaged])

Attachments

(1 file, 3 obsolete files)

Bug 1901295 - Use quinn-udp instead of NSPR for QUIC UDP I/O r=kershaw,jesup
48 bytes, text/x-phabricator-request
Details | Review
No description provided.
Blocks: 1901292
Component: Untriaged → Networking
Product: Firefox → Core
Severity: -- → N/A
Priority: -- → P2
Whiteboard: [necko-triaged]
Assignee: nobody → mail
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Type: enhancement → task

As the try run including this patch shows, this test fails because we disallow the use of networking functions from Rust. Unfortunately, this test failure has become a blocker for this project.

As @glandium mentioned, there seems to be no way to add neqo-udp to an exception list, so the only way forward seems to be to skip that test.

Since Tom, who originally introduced this check in bug 1376621, is on PTO, Freddy, do you know who can help?
Thanks.

Flags: needinfo?(fbraun)

Well, this is the first time I hear of this check. I am trying to find someone who can help find out.

Btw, how do you currently make neqo-udp proxy safe?

Flags: needinfo?(fbraun)
See Also: → 1620045, 1330608

(In reply to Frederik Braun [:freddy] from comment #3)

Well, this is the first time I hear of this check. I am trying to find someone who can help find out.

Btw, how do you currently make neqo-udp proxy safe?

See the code here.
Currently, when proxy is used, we disable HTTP/3.

I've asked in #tor-dev on OFTC and they do their own checks and also have a script for supporting audits here: https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/blob/main/audits/code_audit.sh

IIUC getsockopt and getsockname don't even do any actual networking Tom just added them because they might suggest networking code (networking wizards, please correct me!).

So, go ahead and remove those from https://searchfox.org/mozilla-central/source/python/mozbuild/mozbuild/action/check_binary.py#216

We still have https://bugzilla.mozilla.org/show_bug.cgi?id=1620045 open for follow-up work.

And just to clarify :kershaw, we're still disabling all of this when a proxy is used?

Flags: needinfo?(kershaw)

(In reply to Simon Friedberger (:simonf) from comment #5)

I've asked in #tor-dev on OFTC and they do their own checks and also have a script for supporting audits here: https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/blob/main/audits/code_audit.sh

IIUC getsockopt and getsockname don't even do any actual networking Tom just added them because they might suggest networking code (networking wizards, please correct me!).

So, go ahead and remove those from https://searchfox.org/mozilla-central/source/python/mozbuild/mozbuild/action/check_binary.py#216

Thanks for the clarification. I'll file another bug to remove getsockopt and getsockname.

We still have https://bugzilla.mozilla.org/show_bug.cgi?id=1620045 open for follow-up work.

And just to clarify :kershaw, we're still disabling all of this when a proxy is used?

Yes, correct. We currently disallow HTTP/3 when a proxy is used.

Flags: needinfo?(kershaw)

Thank you Frederik, Simon and Kershaw!

I have temporarily removed getsockname and getsockopt from check_binary.py in https://phabricator.services.mozilla.com/D212959. The check succeeds.

I'll file another bug to remove getsockopt and getsockname.

I am happy to extract the changes into a separate patch.

Depends on: 1903621

@petr following up on https://bugzilla.mozilla.org/show_bug.cgi?id=1898185. As part of this project quinn-udp will be used in Firefox itself. Thus simply disabling http3server on Solaris won't work once merged.

Do you have the capacity to work on an upstream fix, i.e. adding Solaris support to quinn-udp? This is tracked in https://github.com/quinn-rs/quinn/issues/1877.

I would assume, at least for a minimal fallback mode, that this won't involve much work.

Flags: needinfo?(petr.sumbera)

Ok, I thought that you finally will not use quinn-udp. I will have to look at it again. What is blocking me is:
https://github.com/rust-lang/libc/pull/3717
(any idea why simple pull request isn't getting anywhere?)

Flags: needinfo?(petr.sumbera)

Ok, I thought that you finally will not use quinn-udp.

Sorry for the confusion Petr. We will continue using quinn-udp. The confusion likely stems from the discussion in https://github.com/quinn-rs/quinn/issues/1749. I posted a clarification comment there. See https://github.com/quinn-rs/quinn/issues/1749#issuecomment-2211004631.

(any idea why simple pull request isn't getting anywhere?)

I am not sure. Let's see whether someone follows up after your recent ping. Vendoring in quinn-udp for now, as proposed here sounds like a good intermediate plan.

Boolean about:config pref, whether to use NSPR or quinn-udp. NSPR by default.

Attachment #9412289 - Attachment is obsolete: true
Depends on: 1907810
Attachment #9406170 - Attachment description: WIP: Bug 1901295 - Use quinn-udp instead of NSPR for QUIC UDP I/O → Bug 1901295 - Use quinn-udp instead of NSPR for QUIC UDP I/O r=kershaw,jesup
Depends on: 1909663
Pushed by kjang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/9668b5b82c9d Use quinn-udp instead of NSPR for QUIC UDP I/O r=necko-reviewers,jesup,supply-chain-reviewers,kershaw

https://hg.mozilla.org/mozilla-central/rev/9668b5b82c9d

Status: ASSIGNED → RESOLVED
Closed: 2 months ago
status-firefox130: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 130 Branch

https://phabricator.services.mozilla.com/D212959 adds optional support for QUIC
I/O via quinn-udp instead of NSPR. This is controlled via pref
network.http.http3.use_nspr_for_io. The default pref value was true, thus
not using quinn-udp, but NSPR as before.

This commit enables the use of quinn-udp on Firefox Nightly.

Blocks: 1910360

Comment on attachment 9416315 [details]
Bug 1901295 - use quinn-udp instead of NSPR for QUIC I/O on Nightly r=kershaw

Revision D217830 was moved to bug 1910360. Setting attachment 9416315 [details] to obsolete.

Attachment #9416315 - Attachment is obsolete: true

https://bugzilla.mozilla.org/show_bug.cgi?id=1901295 introduced optional
HTTP3/QUIC UDP IO via quinn-udp instead of NSPR, see
network.http.http3.use_nspr_for_io pref. NSPR uses sendto and recvfrom
syscall, quinn-udp uses sendmsg and recvmmsg syscall.

With network.http.network_access_on_socket_process.enabled true and
network.http.http3.use_nspr_for_io false Firefox panics due to seccomp
disallowing a recvmmsg syscall.

This commit allows sendmsg and recvmmsg in the SocketProcessSandboxPolicy
EvaluateSocketCall function.

Comment on attachment 9419001 [details]
Bug 1901295 - allow sendmsg and recvmmsg in SocketProcessSandboxPolicy r=kershaw

Revision D219110 was moved to bug 1912626. Setting attachment 9419001 [details] to obsolete.

Attachment #9419001 - Attachment is obsolete: true
Regressions: 1912626
Regressions: 1915369
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: