go-iroh

module

v0.0.0-...-28e5946 Latest Latest Go to latest Published: Jun 4, 2026 License: MIT

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/tmc/go-iroh

Links

Open Source Insights

README ¶

go-iroh

go-iroh is a Go implementation of the iroh connectivity layer. It provides peer-to-peer QUIC endpoints identified by ed25519 public keys, with direct paths, relay fallback, QUIC Retry, multipath, QAD observed addresses, and QNT NAT traversal support.

The module is a clean-room Go port targeting wire compatibility with upstream Rust iroh. It is not affiliated with the n0 team.

Packages

Package	Purpose
`key`	endpoint IDs, Ed25519 keys, signatures
`netaddr`	endpoint addresses, transport addresses, relay URLs
`dns`	pkarr TXT encoding and stdlib/DoH/DoT lookupers
`relay`	public relay maps and relay configuration
`watch`	small generic watch values
`iroh`	Endpoint, Conn, Router, address lookup, metrics
`cmd/iroh-relay`	minimal local relay server
`cmd/iroh-dns-server`	minimal pkarr HTTP server

The transport internals live under internal/: relay protocol/client/server, net reports, socket path management, RFC 7250 TLS, and qng, the quic-go fork used for iroh/noq compatibility.

Install

go get github.com/tmc/go-iroh

This module currently declares Go 1.26 in go.mod.

Use

The iroh package is the main entry point:

ep, err := iroh.Bind(ctx, iroh.WithALPNs("example/1"))
if err != nil {
	return err
}
defer ep.Shutdown(ctx)

conn, err := ep.Connect(ctx, peerAddr, "example/1")
if err != nil {
	return err
}
defer conn.CloseWithError(0, "")

ALPN means Application-Layer Protocol Negotiation. It is the TLS extension that lets peers agree which application protocol a QUIC connection will carry, such as "example/1" or "n0/iroh/transfer/example/1". go-iroh uses ALPN values to route incoming connections to handlers.

The API takes ALPN values as Go strings. TLS ALPN values are byte strings on the wire; Go strings preserve arbitrary bytes, while keeping the common printable ASCII case simple.

See iroh/example_test.go for runnable direct-loopback Router and Endpoint examples.

Wire Compatibility

Relay, pkarr, DoH, and DoT connections use standard WebPKI TLS. Direct peer-to-peer QUIC uses TLS 1.3 Raw Public Keys (RFC 7250) with mutual endpoint authentication. Go's standard crypto/tls does not support RFC 7250, so this repository carries internal/itls/tls and drives it from internal/qng.

internal/qng is a quic-go v0.59.1 fork extended for the iroh/noq transport surface: multipath, QAD observed-address reporting, QNT NAT traversal, and pre-connection QUIC Retry admission. The fork-local READMEs document when those forks can be removed.

Validation

Run the local suite:

go test ./...

For a repeatable local check:

go test ./... -count=1

For loopback stream/datagram latency and throughput, with raw TCP and UDP baselines:

GOMAXPROCS=4 go test ./iroh -run '^$' -bench 'Benchmark(Conn|RawTCP|RawUDP)' -benchtime=5s -count=5

BenchmarkRawUDPMagicQueuedPingPong is the closest raw UDP latency baseline for the magic-socket path: it uses the same receive queue depth, pooled receive buffers, caller-buffer copy, and separate write queue shape as the direct IP transport.

Live Rust interop gates are opt-in because they require a checked-out and built Rust iroh tree:

GO_IROH_LIVE_RUST_INTEROP=1 \
IROH_RUST_REPO=/path/to/n0-computer/iroh \
go test ./internal/compat -run 'TestLiveRust' -count=1 -v

GO_IROH_LIVE_RUST_INTEROP=1 \
IROH_RUST_REPO=/path/to/n0-computer/iroh \
go test ./iroh -run TestLiveRustTransferFetchPingDirectPath -count=1 -v

Status

The normal local suite covers the public packages, qng transport extensions, and local relay/direct behavior. The opt-in Rust gates cover live echo, Rust transfer provider/upload, direct-path selection, and qlog evidence for QNT frames when the host environment provides the required binaries and network topology.

GOOS=js/GOARCH=wasm builds compile. Browser runtime support is limited by the platform: the relay WebSocket client has a js-specific dial path, but direct UDP QUIC, direct paths, and NAT traversal are not available in browser WebAssembly.

License

go-iroh is licensed under the MIT License. See LICENSE.

The forked quic-go code under internal/qng retains its upstream license notice in internal/qng/LICENSE.

Directories ¶

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Path	Synopsis
cmd
iroh command Command iroh is a small utility for working with iroh identities and addresses: generating and inspecting keys, and parsing endpoint info.	Command iroh is a small utility for working with iroh identities and addresses: generating and inspecting keys, and parsing endpoint info.
iroh-dns-server command Command iroh-dns-server runs the pkarr HTTP and DNS surfaces used by iroh discovery.	Command iroh-dns-server runs the pkarr HTTP and DNS surfaces used by iroh discovery.
iroh-relay command Command iroh-relay runs a small iroh relay server.	Command iroh-relay runs a small iroh relay server.
dns Package dns provides DNS-based endpoint discovery for go-iroh: publishing and resolving endpoint addressing information via DNS using the pkarr signed packet format.	Package dns provides DNS-based endpoint discovery for go-iroh: publishing and resolving endpoint addressing information via DNS using the pkarr signed packet format.
dnsserver Package dnsserver implements an embeddable iroh DNS and pkarr relay server.	Package dnsserver implements an embeddable iroh DNS and pkarr relay server.
endpointticket Package endpointticket encodes and decodes Rust-compatible iroh endpoint tickets.	Package endpointticket encodes and decodes Rust-compatible iroh endpoint tickets.
internal
compat Package compat holds cross-implementation parity tests comparing go-iroh against the reference Rust iroh implementation.	Package compat holds cross-implementation parity tests comparing go-iroh against the reference Rust iroh implementation.
itls/shim/boring Package boring is a minimal shim for the GOROOT-private crypto/internal/boring.	Package boring is a minimal shim for the GOROOT-private crypto/internal/boring.
itls/shim/byteorder Package byteorder is a minimal shim for the GOROOT-private internal/byteorder, providing just the little-endian uint32 reader that the vendored crypto/tls uses.	Package byteorder is a minimal shim for the GOROOT-private internal/byteorder, providing just the little-endian uint32 reader that the vendored crypto/tls uses.
itls/shim/cpu Package cpu is a minimal shim for the GOROOT-private internal/cpu, exposing just the feature flags the vendored crypto/tls reads.	Package cpu is a minimal shim for the GOROOT-private internal/cpu, exposing just the feature flags the vendored crypto/tls reads.
itls/shim/fips140deps_byteorder Package byteorder is a minimal shim for crypto/internal/fips140deps/byteorder.	Package byteorder is a minimal shim for crypto/internal/fips140deps/byteorder.
itls/shim/fips140tls Package fips140tls is a shim for crypto/tls/internal/fips140tls.	Package fips140tls is a shim for crypto/tls/internal/fips140tls.
itls/shim/fipsaes Package fipsaes is a shim for crypto/internal/fips140/aes, exposing just the Block type and constructor the vendored crypto/tls casts to.	Package fipsaes is a shim for crypto/internal/fips140/aes, exposing just the Block type and constructor the vendored crypto/tls casts to.
itls/shim/fipsgcm Package fipsgcm is a shim for crypto/internal/fips140/aes/gcm, providing the TLS GCM constructors the vendored crypto/tls uses.	Package fipsgcm is a shim for crypto/internal/fips140/aes/gcm, providing the TLS GCM constructors the vendored crypto/tls uses.
itls/shim/fipstls12 Package fipstls12 implements the TLS 1.2 PRF and extended-master-secret derivation (RFC 5246 §5, RFC 7627).	Package fipstls12 implements the TLS 1.2 PRF and extended-master-secret derivation (RFC 5246 §5, RFC 7627).
itls/shim/fipstls13 Package tls13 implements the TLS 1.3 Key Schedule as specified in RFC 8446, Section 7.1 and allowed by FIPS 140-3 IG 2.4.B Resolution 7.	Package tls13 implements the TLS 1.3 Key Schedule as specified in RFC 8446, Section 7.1 and allowed by FIPS 140-3 IG 2.4.B Resolution 7.
itls/shim/godebug Package godebug is a minimal shim for the GOROOT-private internal/godebug, providing just the Setting API that the vendored crypto/tls uses.	Package godebug is a minimal shim for the GOROOT-private internal/godebug, providing just the Setting API that the vendored crypto/tls uses.
itls/shim/hkdf Package hkdf is a minimal shim for crypto/internal/fips140/hkdf, implementing HKDF (RFC 5869) generically over hash.Hash, matching the API the vendored crypto/tls key schedule uses.	Package hkdf is a minimal shim for crypto/internal/fips140/hkdf, implementing HKDF (RFC 5869) generically over hash.Hash, matching the API the vendored crypto/tls key schedule uses.
itls/tls Package tls partially implements TLS 1.2, as specified in RFC 5246, and TLS 1.3, as specified in RFC 8446.	Package tls partially implements TLS 1.2, as specified in RFC 5246, and TLS 1.3, as specified in RFC 8446.
netreport Package netreport probes the local network environment to build a Report describing relay latencies and (where available) the public reflexive address of the host.	Package netreport probes the local network environment to build a Report describing relay latencies and (where available) the public reflexive address of the host.
pkarr Package pkarr implements the pkarr (https://pkarr.org) signed DNS packet format used by iroh for endpoint discovery.	Package pkarr implements the pkarr (https://pkarr.org) signed DNS packet format used by iroh for endpoint discovery.
qlogtest
qng
qng/cmd/qngregen command Command qngregen regenerates internal/qng from the quic-go module pinned in go.mod.	Command qngregen regenerates internal/qng from the quic-go module pinned in go.mod.
qng/internal/ackhandler
qng/internal/congestion
qng/internal/flowcontrol
qng/internal/handshake
qng/internal/monotime Package monotime provides a monotonic time representation that is useful for measuring elapsed time.	Package monotime provides a monotonic time representation that is useful for measuring elapsed time.
qng/internal/protocol
qng/internal/qerr
qng/internal/utils
qng/internal/utils/linkedlist Package list implements a doubly linked list.	Package list implements a doubly linked list.
qng/internal/utils/ringbuffer
qng/internal/wire
qng/qlog
qng/qlogwriter
qng/qlogwriter/jsontext Package jsontext provides a fast JSON encoder providing only the necessary features for qlog encoding.	Package jsontext provides a fast JSON encoder providing only the necessary features for qlog encoding.
qng/quicvarint
relayclient Package relayclient implements the client side of an iroh relay connection.	Package relayclient implements the client side of an iroh relay connection.
relayproto Package relayproto implements the iroh relay wire protocol: the framing, datagram, and handshake messages exchanged between a relay client and server.	Package relayproto implements the iroh relay wire protocol: the framing, datagram, and handshake messages exchanged between a relay client and server.
socket Package socket implements iroh's "magic socket": a single net.PacketConn, driven by quic-go, that multiplexes datagrams across several transports (direct UDP, relay, custom).	Package socket implements iroh's "magic socket": a single net.PacketConn, driven by quic-go, that multiplexes datagrams across several transports (direct UDP, relay, custom).
iroh Package iroh provides peer-to-peer QUIC connectivity between endpoints identified by ed25519 public keys, interoperable with the Rust iroh project (https://github.com/n0-computer/iroh).	Package iroh provides peer-to-peer QUIC connectivity between endpoints identified by ed25519 public keys, interoperable with the Rust iroh project (https://github.com/n0-computer/iroh).
key Package key provides Ed25519 keys, signatures, and endpoint identifiers for go-iroh.	Package key provides Ed25519 keys, signatures, and endpoint identifiers for go-iroh.
metrics Package metrics provides a small OpenMetrics registry for go-iroh counters.	Package metrics provides a small OpenMetrics registry for go-iroh counters.
netaddr Package netaddr provides endpoint and transport addresses for go-iroh.	Package netaddr provides endpoint and transport addresses for go-iroh.
relay Package relay provides the public configuration types for iroh relay servers: relay URLs grouped into a Map, per-relay Config, and the Mode selecting which relays an endpoint uses.	Package relay provides the public configuration types for iroh relay servers: relay URLs grouped into a Map, per-relay Config, and the Mode selecting which relays an endpoint uses.
relayserver Package relayserver implements the server side of the iroh relay protocol.	Package relayserver implements the server side of the iroh relay protocol.
watch Package watch provides an observable value: a Value that can be updated and one or more Observer handles that observe its changes.	Package watch provides an observable value: a Value that can be updated and one or more Observer handles that observe its changes.