Fast UDP I/O for Firefox in Rust

Fast UDP I/O for Firefox in Rust

May 14, 2026 · By Max Inden

Around 20% of Firefox's HTTP traffic today uses HTTP/3, which runs over QUIC, which in turn runs over UDP. That is a lot of UDP packets flying around. And until recently, Firefox was handling all of them with APIs from the Netscape era.

Firefox uses NSPR for most of its network I/O. The N in NSPR stands for Netscape. When it comes to UDP, NSPR only offers PR_SendTo and PR_RecvFrom — thin wrappers around POSIX sendto and recvfrom. One datagram per system call. Every time. Operating systems have moved on. Linux has sendmmsg and recvmmsg. Some kernels and NICs support GSO (Generic Segmentation Offload) and GRO (Generic Receive Offload). Each of these can dramatically reduce the per-datagram overhead.

So Mozilla asked: can we replace this aging stack with something modern, memory-safe, and faster? The answer was yes. The result is a 4x throughput improvement in CPU-bound benchmarks.

Throughput gain
(CPU-bound)
20% Firefox HTTP/3
traffic share
1 yr From prototype
to rollout

The Basics: One Datagram at a Time

Traditionally, Firefox sends and receives single UDP datagrams via sendto and recvfrom. The OS passes each one to the NIC, which puts it on the wire. Simple, but expensive at scale — every datagram pays the full user-to-kernel transition cost, regardless of size.

+----------------------+ | Firefox | | +-----------+ | | | QUIC | | | +-----------+ | +----------------------+ | [ datagram ] | === User / Kernel === | [ datagram ] | +----------------------+ | OS | +----------------------+ | [ datagram ] | +----------------------+ | NIC | +----------------------+ | [ datagram ] | +----------------------+ | Internet | +----------------------+

Batching: Many Datagrams, One Call

Modern OSes offer multi-message APIs. On Linux: sendmmsg and recvmmsg. Send a batch of datagrams in a single system call. The overhead that is independent of payload size — context switch, syscall entry/exit, socket lock — is paid once per batch, not once per packet.

+--------------------------+ | Firefox | | +-----------+ | | | QUIC | | | +-----------+ | +--------------------------+ | [ datagram, datagram, datagram ] | ===== User / Kernel ===== | [ datagram, datagram, datagram ] | +--------------------------+ | OS | +--------------------------+ | [ datagram, datagram, datagram ] | +--------------------------+ | NIC | +--------------------------+ | [ datagram, datagram, datagram ] | +--------------------------+ | Internet | +--------------------------+

Segmentation Offload: One Giant, Many Small

GSO and GRO go further. Instead of batching multiple datagrams, you send one large UDP datagram — larger than the MTU — to the kernel. The kernel (or ideally the NIC) segments it into properly-sized packets, adds headers, and calculates checksums. On receive, multiple incoming packets get coalesced back into one large datagram.

+------------------------------+ | Firefox | | +-----------+ | | | QUIC | | | +-----------+ | +------------------------------+ | [ large segmented datagram ] | ====== User / Kernel ====== | [ large segmented datagram ] | +------------------------------+ | OS | +------------------------------+ | [ large segmented datagram ] | +------------------------------+ | NIC | +------------------------------+ | [ datagram, datagram, datagram ] | +------------------------------+ | Internet | +------------------------------+
Note: Wireshark does not yet support GSO, which makes network-level debugging more of an adventure when these optimizations are active. Cloudflare's comprehensive study has excellent benchmarks if you want the numbers.

The Rust Rewrite

The project started mid-2024. Goal: rewrite Firefox's QUIC UDP I/O in Rust, using modern syscalls across all tier-1 platforms (Windows, macOS, Linux, Android). Rust was the obvious choice — Firefox's QUIC state machine is already in Rust, so integration is seamless, and you get memory safety for free.

Instead of building from scratch, Mozilla built on top of quinn-udp, the UDP I/O library from the Quinn project. This sped things up massively. OS calls are full of idiosyncrasies, especially across versions, and Firefox supports some ancient ones — Android 5 was still on the supported list when this started.

By mid-2025, the new stack was rolling out to most Firefox users. CPU flamegraphs showed the majority of time now spent in actual I/O syscalls and cryptography — not in framework overhead.

Platform by Platform

Shipped

Linux

The smoothest rollout. Linux has the most mature UDP optimization stack: sendmmsg/recvmmsg for batching, plus GSO/GRO for segmentation offloading. quinn-udp prioritizes GSO over sendmmsg for transmission — GSO is faster, and combining both has diminishing returns. Firefox uses one UDP socket per connection for privacy (harder to correlate traffic), which means it cannot leverage sendmmsg's cross-4-tuple batching anyway. GSO is the clear winner here. The switch was largely uneventful.

Partial

Windows

Single-datagram WSASendMsg and WSARecvMsg work fine. But URO (coalesced receive) broke on ARM64 with WSL enabled — WSARecvMsg would not return a segment size, so Firefox could not tell where one QUIC packet ended and the next began. The reporter? A Mozilla employee. The fix? Max Inden bought the exact same laptop. URO remains disabled on Windows. USO (segmented send) also got rolled back after reports of increased packet loss and at least one network driver crash. More debugging needed. Microsoft has been notified.

Partial

macOS

Switching from sendto/recvfrom to sendmsg/recvmsg went smoothly. macOS does not support UDP segmentation offloading at all. It does have two undocumented syscalls — sendmsg_x and recvmsg_x — for batching. Lars from Mozilla added support behind a feature flag. After multiple bugfix iterations, Mozilla decided not to ship it. Undocumented APIs that Apple could remove at any time are not something you want in a browser used by hundreds of millions.

Shipped

Android

Android is not Linux. x86 Android routes socket calls through socketcall instead of direct syscalls, and seccomp filters will crash you if you get it wrong. One single-line fix in quinn-udp fixed the dispatch. On API level 25 and below, setting ECN bits via sendmsg returns EINVAL — quinn-udp now retries with ECN disabled. The Quinn community also caught a bug where Android rejected GSO with a single segment. The upside of using a shared library: Firefox benefits from every fix upstream.

ECN: A Nice Bonus

Modern syscalls come with another perk: ancillary data. Firefox can now send and receive Explicit Congestion Notification (ECN) bits across all major platforms. Nightly telemetry shows ~50% of QUIC connections now run on ECN-capable paths. With L4S gaining traction, this is a solid forward-looking win.

Mozilla replaced a Netscape-era UDP stack with a modern Rust implementation in about a year. Throughput on CPU-bound QUIC benchmarks jumped from under 1 Gbit/s to 4 Gbit/s. The rewrite is now live for most Firefox users. Not every optimization landed on every platform — Windows URO/USO and macOS batching are still works in progress — but the foundation is solid, memory-safe, and built on a community library that keeps improving.

Available Now

Get GoPeek

Open links on your current page without creating new tabs. Available on Edge and Firefox. Chrome support coming soon.

Microsoft Edge
Microsoft Edge
Add to Edge — free
Mozilla Firefox
Mozilla Firefox
Add to Firefox — free
Google Chrome
Google Chrome Soon
Coming to the Chrome Web Store

Comments

Post a Comment

Popular posts from this blog

Claude Opus 4.5 vs GLM-5.2

Image
Claude Opus 4.5 vs GLM-5.2 Claude Opus 4.5 (2025) and GLM-5.2 (2026) are frontier-tier reasoning models from Anthropic and Zhipu AI. Claude Opus 4.5 ships a 200k-token context window , while GLM-5.2 ships a 1M-token context window . On SWE-bench Pro, GLM-5.2 leads by 20.3 points . On pricing, GLM-5.2 costs $1.40/1M input tokens versus $5/1M for the alternative. This comparison covers specs, pricing, API access, capabilities, benchmarks, input and output token costs, and production fit for coding and agent workloads. Bottom line: GLM-5.2 is ~257% cheaper at $1.40/1M input tokens. Pay for Claude Opus 4.5 only when coding workflow support or multimodal vision is a hard requirement. Decision Scorecard Signal Claude Opus 4.5 GLM-5.2 How to read it Best for Reasoning-heavy apps, multimodal apps, and tool-calling agents Re...
Read more

The future of large files in Git is Git

Image
The future of large files in Git is Git If Git had a nemesis, it'd be large files. Large files bloat Git's storage, slow down git clone , and wreak havoc on Git forges. In 2015, GitHub released Git LFS—a Git extension that hacked around problems with large files. But Git LFS added new complications and storage costs. Meanwhile, the Git project has been quietly working on large files. And while LFS ain't dead yet, the latest Git release shows the path towards a future where LFS is, finally, obsolete. What you can do today: replace Git LFS with Git partial clone Git LFS works by storing large files outside your repo. When you clone a project via LFS, you get the repo's history and small files, but skip large files. Instead, Git LFS downloads only the large files you need for your working copy. In 2017, the Git project introduced partial clones that provide the same benefits as Git LFS: Partial clone allows us to avoid down...
Read more