iroh_relay/lib.rs
1//! Iroh's relay is a feature within [iroh](https://github.com/n0-computer/iroh), a peer-to-peer
2//! networking system designed to facilitate direct, encrypted connections between devices. Iroh
3//! aims to simplify decentralized communication by automatically handling connections through
4//! "relays" when direct connections aren't immediately possible. The relay server helps establish
5//! connections by temporarily routing encrypted traffic until a direct, P2P connection is
6//! feasible. Once this direct path is set up, the relay server steps back, and the data flows
7//! directly between devices. This approach allows Iroh to maintain a secure, low-latency
8//! connection, even in challenging network situations.
9//!
10//! This crate provides a complete setup for creating and interacting with iroh relays, including:
11//! - [`protos::relay`]: The protocol used to communicate between relay servers and clients. It's a
12//! revised version of the Designated Encrypted Relay for Packets (DERP) protocol written by
13//! Tailscale.
14#![cfg_attr(
15 feature = "server",
16 doc = "- [`server`]: A fully-fledged iroh-relay server over HTTP or HTTPS."
17)]
18#![cfg_attr(
19 not(feature = "server"),
20 doc = "- `server`: A fully-fledged iroh-relay server over HTTP or HTTPS."
21)]
22//!
23//! Optionally will also expose a QAD endpoint and metrics. (requires the feature flag `server`)
24//! - [`client`]: A client for establishing connections to the relay.
25//! - *Server Binary*: A CLI for running your own relay server. It can be configured to also offer
26//! QAD support and expose metrics.
27// Based on tailscale/derp/derp.go
28
29#![cfg_attr(iroh_docsrs, feature(doc_cfg))]
30#![deny(missing_docs, rustdoc::broken_intra_doc_links)]
31#![cfg_attr(not(test), deny(clippy::unwrap_used))]
32
33pub mod client;
34pub mod defaults;
35pub mod http;
36pub mod protos;
37pub mod quic;
38#[cfg(feature = "server")]
39pub mod server;
40pub mod tls;
41
42mod ping_tracker;
43
44mod key_cache;
45mod relay_map;
46pub use key_cache::KeyCache;
47
48#[cfg(not(wasm_browser))]
49pub mod dns;
50pub mod endpoint_info;
51
52pub use protos::relay::MAX_PACKET_SIZE;
53
54pub use self::{
55 ping_tracker::PingTracker,
56 relay_map::{RelayConfig, RelayMap, RelayQuicConfig},
57};
58
59/// This trait allows anything that ends up potentially
60/// wrapping a TLS stream use the underlying [`export_keying_material`]
61/// function.
62///
63/// [`export_keying_material`]: rustls::ConnectionCommon::export_keying_material
64/// Trait for extracting keying material from a TLS connection.
65///
66/// This is used during the relay handshake to establish a shared secret
67/// between the client and server for authentication purposes.
68pub trait ExportKeyingMaterial {
69 /// If this type ends up wrapping a TLS stream, then this tries
70 /// to export keying material by calling the underlying [`export_keying_material`]
71 /// function.
72 ///
73 /// However unlike that function, this returns `Option`, in case the
74 /// underlying stream might not be wrapping TLS, e.g. as in the case of
75 /// [`MaybeTlsStream`].
76 ///
77 /// For more information on what this function does, see the
78 /// [`export_keying_material`] documentation.
79 ///
80 /// [`export_keying_material`]: rustls::ConnectionCommon::export_keying_material
81 /// [`MaybeTlsStream`]: crate::server::streams::MaybeTlsStream
82 #[cfg_attr(wasm_browser, allow(unused))]
83 fn export_keying_material<T: AsMut<[u8]>>(
84 &self,
85 output: T,
86 label: &[u8],
87 context: Option<&[u8]>,
88 ) -> Option<T>;
89}