Tracking: WebAssembly support for iroh

[matheus23]

We're working on Wasm support so you can use iroh-net in rust applications in browsers. See also the accompanying blogpost.

Here's some prior issues with requests for this:

• Build Web Assembly  #1803
• Iroh on the web #2671

This is a non-exhaustive list of things that need to land for Wasm support:

• feat(iroh-net): Add a Watchable struct for use in the Endpoint API #2806
• netcheck: Implement https probe #1218
• quinn upstreaming (not strictly necessary, since we're on a fork, but definitely helpful):
  • feat(quinn-proto): Make compilable in wasm32-unknown-unknown and run wasm tests in CI quinn-rs/quinn#1996
  • feat(quinn,quinn-udp): Avoid socket2 and std::net::UdpSocket dependencies in wasm32-unknown-unknown target quinn-rs/quinn#2037
• Indirection/abstraction over tokio::spawn and friends #2979 (not strictly necessary in full, but some indirection for tokio::spawn is necessary)

[amiyatulu]

Thanks for the blogspot, and about relay servers. Will Ockam be helpful in end to end encryption?

Also can I use any relay server to connect, other wise it will lead to centralization (e.g. storing relay server addresses in dht)

[DougAnderson444]

Great blog post, thank you Philipp.

Glad to see Phase 3 being WebRTC, as this means self signed certificates for secure connections (something websocket's can't do, so domain-less nodes are stuck at ws:// instead of wss://).

As far as that complexity, you may want to check out str0m if you haven't already. This was being looked at for libp2p but hasn't been implemented yet.

Overall I'm glad to see this route being examined. One of the reasons holding me back from using iroh was lack of browser and webrtc support. So yeah, LFG!

[matheus23]

Thanks for the blogspot, and about relay servers. Will Ockam be helpful in end to end encryption?

The traffic that's relayed is already encrypted end-to-end, because we're using QUIC :) (Yes, we're compiling a whole QUIC network stack to Wasm and run it in the browser 🙃 ).

Also can I use any relay server to connect, other wise it will lead to centralization (e.g. storing relay server addresses in dht)

Yes, relay servers are identified by URL. As a node, you can decide to use any "home" relay server you want.
By default, number 0 runs three: one in Asia, one in Europe and one in the US (at the moment).
But you can simply run one on your own via the binary behind the relay feature in iroh-net + DNS and some TLS config.
And if there are any relay servers you want to use from iroh, you configure them via the RelayMap::from_url (or configure a whole set using RelayMap::from_nodes).

[matheus23]

For anyone who's following this issue: We've got preliminary iroh support for browsers via WebAssembly.
During this preliminary support phase, you'll need to depend on a branch to be able to use it, but we'll release it properly soon.

To try it out, add this git dependency to your Crates.toml:

iroh = { git = "https://github.com/n0-computer/iroh.git", branch = "matheus23/iroh-browser", default-features = false }

Running cargo build --target=wasm32-unknown-unknown should now just work, assuming the rest of your project is set up to support browsers, too.

Some caveats:

• WebAssembly support won't be compatible with the features metrics, test-utils, discovery-local-network, nor discovery-pkarr-dht, unfortunately.
• Browser support specifically hooks in to wasm-bindgens bindings generation, so using iroh in browser requires setting up wasm-bindgen. We also leverage wasm-bindgen-futures, so async iroh code will use javascript promises on the main browser thread.
• Using iroh from browsers will be similar to using iroh in a "relay only" mode. When you connect to another node, the traffic will be end-to-end encrypted for the node you connect to in particular, however, it won't try to hole-punch or try to establish a direct connection, as that's not possible in browsers without deeply integrating with WebRTC. Instead, traffic is relayed via a WebSocket connections to relays.

Remember, this is specifically support for iroh in browsers, which we expect to be the biggest use case for compiling iroh to WebAssembly. We don't support other related things such as compiling to wasm32-unknown-unknown without wasm-bindgen nor compiling to wasm32-wasi or similar.

[satvikpendem]

WebAssembly support won't be compatible with the features metrics, test-utils, discovery-local-network, nor discovery-pkarr-dht, unfortunately.

Is this just for the current alpha release or it won't be compatible at all with WASM in the future as well?

[matheus23]

Is this just for the current alpha release or it won't be compatible at all with WASM in the future as well?

metrics and test-utils feature support might come in the future.

However, discovery-local-network relies on mDNS, which is simply unavailable in browser sandboxes today.
Similarly, discovery-pkarr-dht relies on UDP sockets being available to participate in the mainline DHT, which are also unavailable in browsers.
So no, we cannot provide support for these features in browsers.

You mentioned "with Wasm", though, so, are you referring to using Wasm in environments outside the browser?
I do think there's a path forward eventually with targeting wasm-wasi. We haven't looked into that yet, but if you have a use-case where you can deploy wasm-wasi, but cannot deploy native libraries/binaries, then this might be possible eventually.

[TotalKrill]

Instead, traffic is relayed via a WebSocket connections to relays.

Is this always the case? My questions is because I am interested in solutions where regular servers also participate, and opening a direct websocket connection to a server from a browser client is very possible. But the other way is not as easy.

By regular server, I mean applications running on a PC (windows, linux, mac)

[matheus23]

Yes. In the current iroh browser alpha, iroh will always maintain a websocket connection to its home relay.

Keep in mind though: iroh in the browser can totally talk to iroh running as a regular native application! They are 100% compatible.

[TotalKrill]

Thank you for that answer! I hope that when it leaves alpha, it will be able to establish websockets connections directly between clients if possible!

I have this idea where I would like browserbased clients to scuttlebut information to PC nodes that are locked inside internet less networks that the clients can join/leave. But I guess I would be limited by local-discovery not being available before direct websocket connections becomes an issue anyway

[satvikpendem]

You mentioned "with Wasm", though, so, are you referring to using Wasm in environments outside the browser?

Thanks, I did mean just browsers as you mentioned the browser version uses WASM. Would be cool to see outside browsers too though.

[ethnh]

• Using iroh from browsers will be similar to using iroh in a "relay only" mode. When you connect to another node, the traffic will be end-to-end encrypted for the node you connect to in particular, however, it won't try to hole-punch or try to establish a direct connection, as that's not possible in browsers without deeply integrating with WebRTC. Instead, traffic is relayed via a WebSocket connections to relays.

is there any documentation on relays?

Is there a way for WSS or WebTransport connections to do direct p2p? sad that webrtc isn't perfect w3c/webrtc-pc#2553 w3c/webrtc-pc#317 (comment) w3c/webrtc-pc#230 arewedistributedyet/arewedistributedyet#7

[matheus23]

is there any documentation on relays?

Yeah: https://www.iroh.computer/docs/concepts/relay

Is there a way for WSS or WebTransport connections to do direct p2p? sad that webrtc isn't perfect

Yes and no. In theory you can establish connections from a browser to another endpoint with a public IP address (and might in some network conditions even successfully hole-punch through stateful firewalls and NATs), but you can not connect two browser endpoints to each other directly.
There is no API for accepting incoming WebTransport connections in the browser, and even outgoing connections require to either having TLS set up on one end or use serverCertificateHashes.

That said, serverCertificateHashes might not be a tool to rely on long-term: w3c/webtransport#623

[arlyon]

With regards to local network detection in the browser, I have rolled my own P2P communication thing for a project I've been working on (https://litehouse.arlyon.dev) on top of webrtc and currently use a custom signaling server that lets you discover foreign nodes that share your IP address as resolved by the signaling node. It is used to simplify linking your home to your account for the first time. I realise that custom signaling servers are off the table for iroh but would it be feasible for iroh to offer a similar discovery system to complement mdns?

[matheus23]

I realise that custom signaling servers are off the table for iroh but would it be feasible for iroh to offer a similar discovery system to complement mdns?

iroh allows you to customize discovery with whatever logic you want - including in browsers.

With this you might be able to discover other NodeIds in your vicinity as well as their corresponding home RelayUrls.