← View all posts
May 4, 2017

Moving STUN address gathering to the parent process

Contributed by Michael Froman, crossing IP communication streams since 2005

E10s (for electrolysis) adds multi-process to Firefox. With e10s, the parent Firefox browser process communicates with background child processes responsible for hosting web related content. For some users, depending on installed add-ons, e10s availability started as early as Firefox 48. In the effort to improve security and enable future additional sandbox restrictions on the content process, Firefox’s STUN address gathering now happens via Inter-Process Communication (IPC) in the parent process not in the content process. To learn more about the parent and content processes, and e10s in general, you can go here.

What changed in Firefox 55?

Bug 1345511 moves ICE STUN local address gathering from the content process to the master process in Firefox 55. This important step towards removing all socket bind, listen, and accept calls from the content process enables future additional sandbox restrictions. This also means that address gathering becomes asynchronous. ICE operations are queued while waiting for the completion of the gathering operation.  This matches ICE operation queuing while waiting for the async proxy resolution that happens during initial PeerConnection setup. All-in-all, while invisible to users, this change moves Firefox content processes one step closer to even better security.