diff --git a/.gitignore b/.gitignore
index 392b865..27614cb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 _build
 **/*.merlin
-*.install
\ No newline at end of file
+*.install
+.vscode
\ No newline at end of file
diff --git a/async/dune b/async/dune
index d2a60fa..af4db41 100644
--- a/async/dune
+++ b/async/dune
@@ -1,9 +1,9 @@
 (library
  (name websocket_async)
-  (public_name websocket-async)
-  (modules websocket_async)
-  (optional)
-  (libraries websocket logs-async cohttp-async))
+ (public_name websocket-async)
+ (modules websocket_async)
+ (optional)
+ (libraries websocket logs-async cohttp-async))
 
 (executable
  (name wscat)
diff --git a/core/websocket.mli b/core/websocket.mli
index 7a25987..ea57c3a 100644
--- a/core/websocket.mli
+++ b/core/websocket.mli
@@ -21,6 +21,8 @@ val upgrade_present : Cohttp.Header.t -> bool
 
 exception Protocol_error of string
 
+val proto_error : ('b, Format.formatter, unit, 'a) format4 -> 'b
+
 module Rng : sig
   val init : ?state:Random.State.t -> unit -> int -> string
   (** [init ?state ()] is a function that returns a string of random
@@ -40,6 +42,9 @@ module Frame : sig
       | Nonctrl of int
 
     val to_string : t -> string
+    val to_enum : t -> int
+    val of_enum : int -> t
+    val is_ctrl : t -> bool
     val pp : Format.formatter -> t -> unit
   end
 
@@ -57,6 +62,7 @@ module Frame : sig
     t
 
   val close : int -> t
+  val of_bytes : ?opcode:Opcode.t -> ?extension:int -> ?final:bool -> bytes -> t
 end
 
 val check_origin :
diff --git a/dune b/dune
new file mode 100644
index 0000000..c90464f
--- /dev/null
+++ b/dune
@@ -0,0 +1 @@
+(vendored_dirs ocaml-cohttp)
diff --git a/dune-project b/dune-project
index 7675e94..4661d43 100644
--- a/dune-project
+++ b/dune-project
@@ -85,3 +85,28 @@
   (websocket (= :version))
   (lwt_log (>= 1.1.1))
   (cohttp-lwt-unix (>= 5.0.0))))
+
+(package
+ (name websocket-eio)
+ (synopsis "Websocket library (Eio)")
+ (description
+"\| The WebSocket Protocol enables two-way communication between a client
+"\| running untrusted code in a controlled environment to a remote host
+"\| that has opted-in to communications from that code.
+"\|
+"\| The security model used for this is the origin-based security model
+"\| commonly used by web browsers. The protocol consists of an opening
+"\| handshake followed by basic message framing, layered over TCP.
+"\|
+"\| The goal of this technology is to provide a mechanism for
+"\| browser-based applications that need two-way communication with
+"\| servers that does not rely on opening multiple HTTP connections (e.g.,
+"\| using XMLHttpRequest or <iframe>s and long polling).
+)
+ (tags (org:mirage org:xapi-project))
+ (depends
+  (ocaml (>= 5.0.0))
+  (websocket (= :version))
+  eio
+  cohttp-eio
+  (eio_main :with-test)))
diff --git a/eio/dune b/eio/dune
new file mode 100644
index 0000000..e3bb10c
--- /dev/null
+++ b/eio/dune
@@ -0,0 +1,4 @@
+(library
+ (name websocket_eio)
+ (public_name websocket-eio)
+ (libraries websocket cohttp-eio))
diff --git a/eio/io.ml b/eio/io.ml
new file mode 100644
index 0000000..1ff8b63
--- /dev/null
+++ b/eio/io.ml
@@ -0,0 +1,163 @@
+open Websocket
+open Astring
+open Eio
+
+type mode = Client of (int -> string) | Server
+
+let is_client mode = mode <> Server
+
+let xor mask msg =
+  for i = 0 to Bytes.length msg - 1 do
+    (* masking msg to send *)
+    Bytes.set msg i
+      Char.(to_int mask.[i mod 4] lxor to_int (Bytes.get msg i) |> of_byte)
+  done
+
+let is_bit_set idx v = (v lsr idx) land 1 = 1
+let set_bit v idx b = if b then v lor (1 lsl idx) else v land lnot (1 lsl idx)
+let int_value shift len v = (v lsr shift) land ((1 lsl len) - 1)
+
+let read_exactly src remaining =
+  try
+    Some (Buf_read.take remaining src)
+  with End_of_file -> None
+
+let read_uint16 ic =
+  match read_exactly ic 2 with
+  | None -> None
+  | Some s -> Some (EndianString.BigEndian.get_uint16 s 0)
+
+let read_int64 ic =
+  match read_exactly ic 8 with
+  | None -> None
+  | Some s -> Some (Int64.to_int @@ EndianString.BigEndian.get_int64 s 0)
+
+let write_frame_to_buf ~mode buf fr =
+  let open Frame in
+  let content = Bytes.unsafe_of_string fr.content in
+  let len = Bytes.length content in
+  let opcode = Opcode.to_enum fr.opcode in
+  let payload_len =
+    match len with
+    | n when n < 126 -> len
+    | n when n < 1 lsl 16 -> 126
+    | _ -> 127 in
+  let hdr = set_bit 0 15 fr.final in
+  (* We do not support extensions for now *)
+  let hdr = hdr lor (opcode lsl 8) in
+  let hdr = set_bit hdr 7 (is_client mode) in
+  let hdr = hdr lor payload_len in
+  (* Payload len is guaranteed to fit in 7 bits *)
+  Buf_write.BE.uint16 buf hdr;
+  ( match len with
+  | n when n < 126 -> ()
+  | n when n < 1 lsl 16 ->
+      Buf_write.BE.uint16 buf n
+  | n ->
+      Buf_write.BE.uint64 buf Int64.(of_int n);
+  );
+  ( match mode with
+  | Server -> ()
+  | Client random_string ->
+      let mask = random_string 4 in
+      Buf_write.string buf mask ;
+      if len > 0 then xor mask content ) ;
+  Buf_write.bytes buf content
+
+let close_with_code mode dst code =
+  write_frame_to_buf ~mode dst @@ Frame.close code
+
+let read_frame ic oc mode hdr =
+  let hdr_part1 = EndianString.BigEndian.get_int8 hdr 0 in
+  let hdr_part2 = EndianString.BigEndian.get_int8 hdr 1 in
+  let final = is_bit_set 7 hdr_part1 in
+  let extension = int_value 4 3 hdr_part1 in
+  let opcode = int_value 0 4 hdr_part1 in
+  let frame_masked = is_bit_set 7 hdr_part2 in
+  let length = int_value 0 7 hdr_part2 in
+  let opcode = Frame.Opcode.of_enum opcode in
+  let payload_len =
+    match length with
+    | i when i < 126 -> i
+    | 126 -> ( match read_uint16 ic with Some i -> i | None -> -1 )
+    | 127 -> ( match read_int64 ic with Some i -> i | None -> -1 )
+    | _ -> -1 in
+  if payload_len = -1 then proto_error "payload len = %d" length
+  else if extension <> 0 then (
+    close_with_code mode oc 1002 ;
+    proto_error "unsupported extension" )
+  else if Frame.Opcode.is_ctrl opcode && payload_len > 125 then (
+    close_with_code mode oc 1002 ;
+    proto_error "control frame too big" )
+  else
+    let mask =
+      if frame_masked then (
+        match read_exactly ic 4 with
+        | None -> proto_error "could not read mask"
+        | Some mask -> mask )
+      else String.empty in
+    if payload_len = 0 then Frame.create ~opcode ~extension ~final ()
+    else (
+      match read_exactly ic payload_len with
+      | None -> proto_error "could not read payload (len=%d)" payload_len
+      | Some payload ->
+          let payload = Bytes.unsafe_of_string payload in
+          if frame_masked then xor mask payload ;
+          let frame = Frame.of_bytes ~opcode ~extension ~final payload in
+          frame )
+
+let make_read_frame ~mode ic oc () =
+  match read_exactly ic 2 with
+  | None -> raise End_of_file
+  | Some hdr -> read_frame ic oc mode hdr
+
+module Connected_client = struct
+  type t =
+    { buffer: Buf_write.t;
+      endp: Conduit.endp;
+      ic: Buf_read.t;
+      http_request: Cohttp.Request.t;
+      standard_frame_replies: bool;
+      read_frame: unit -> Frame.t }
+
+  let source {endp; _} = endp
+
+  let create http_request endp ic oc =
+    let read_frame = make_read_frame ~mode:Server ic oc in
+    { buffer = oc;
+      endp;
+      ic;
+      http_request;
+      standard_frame_replies = false;
+      read_frame }
+
+  let send {buffer; _} frame =
+    write_frame_to_buf ~mode:Server buffer frame
+
+  let send_multiple {buffer; _} frames =
+    List.iter (write_frame_to_buf ~mode:Server buffer) frames
+
+  let standard_recv t =
+    let fr = t.read_frame () in
+    match fr.Frame.opcode with
+    | Frame.Opcode.Ping ->
+        send t @@ Frame.create ~opcode:Frame.Opcode.Pong () ;
+        fr
+    | Frame.Opcode.Close ->
+        (* Immediately echo and pass this last message to the user *)
+        if String.length fr.Frame.content >= 2 then
+          send t
+          @@ Frame.create ~opcode:Frame.Opcode.Close
+               ~content:
+                 String.(sub ~start:0 ~stop:2 fr.Frame.content |> Sub.to_string)
+               ()
+        else send t @@ Frame.close 1000 ;
+        fr
+    | _ -> fr
+
+  let recv t =
+    if t.standard_frame_replies then standard_recv t else t.read_frame ()
+
+  let http_request {http_request; _} = http_request
+  let make_standard t = {t with standard_frame_replies= true}
+end
diff --git a/eio/websocket_eio.ml b/eio/websocket_eio.ml
new file mode 100644
index 0000000..5e10ca4
--- /dev/null
+++ b/eio/websocket_eio.ml
@@ -0,0 +1,62 @@
+(*
+ * Copyright (c) 2016-2018 Maciej Wos <maciej.wos@gmail.com>
+ * Copyright (c) 2012-2018 Vincent Bernardoff <vb@luminar.eu.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ *)
+open Websocket
+module Ws_io = Io
+
+let send_frames stream (oc : Eio.Buf_write.t) =
+  let rec send_frame stream =
+    let fr = Eio.Stream.take stream in
+    Ws_io.write_frame_to_buf ~mode:Server oc fr ;
+    send_frame stream in
+  send_frame stream
+
+let read_frames ic oc handler_fn : unit =
+  let read_frame = Ws_io.make_read_frame ~mode:Server ic oc in
+  let rec inner () =
+    handler_fn @@ read_frame () ;
+    inner () in
+  inner ()
+
+let upgrade_connection (request : Http.Request.t) incoming_handler =
+  let request = request in
+  let headers = Http.Request.headers request in
+  let key =
+    match Http.Header.get headers "sec-websocket-key" with
+    | None ->
+        invalid_arg "upgrade_connection: missing header `sec-websocket-key`"
+    | Some key -> key in
+  let hash = b64_encoded_sha1sum (key ^ websocket_uuid) in
+  let response_headers =
+    Http.Header.of_list
+      [ ("Upgrade", "websocket"); ("Connection", "Upgrade");
+        ("Sec-WebSocket-Accept", hash) ] in
+  let frames_out_stream = Eio.Stream.create max_int in
+  let frames_out_fn v = Eio.Stream.add frames_out_stream v in
+  let f (ic : Eio.Buf_read.t) (oc : Eio.Buf_write.t) =
+    Eio.Fiber.both
+      (* output: data for the client is written to the output
+       * channel of the tcp connection *)
+        (fun () -> send_frames frames_out_stream oc )
+      (* input: data from the client is read from the input channel
+       * of the tcp connection; pass it to handler function *)
+        (fun () -> read_frames ic oc incoming_handler ) in
+  let resp : Cohttp_eio.Server.response_action =
+    let http_response = Http.Response.make ~status:`Switching_protocols ~version:`HTTP_1_1 ~headers:response_headers () in
+    `Expert (http_response, f)
+  in 
+  (resp, frames_out_fn)
diff --git a/eio/websocket_eio.mli b/eio/websocket_eio.mli
new file mode 100644
index 0000000..889ac93
--- /dev/null
+++ b/eio/websocket_eio.mli
@@ -0,0 +1,12 @@
+open Websocket
+
+val upgrade_connection :
+  Http.Request.t ->
+  (Frame.t -> unit) ->
+  Cohttp_eio.Server.response_action * (Frame.t -> unit)
+(** [upgrade_connection req incoming_handler] takes [req], a
+        connection request, and [incoming_handler], a function that will
+        process incoming websocket frames, and returns ([response_action],
+        [push_frame]) where [response_action] is used to produce a
+        {!Cohttp_lwt.Server.t} and [push_frame] is used to send websocket
+        frames to the client. *)
diff --git a/test/dune b/test/dune
index bf71085..795b496 100644
--- a/test/dune
+++ b/test/dune
@@ -6,4 +6,9 @@
 (executable
  (name upgrade_connection)
  (modules upgrade_connection)
- (libraries logs.fmt logs.lwt websocket_cohttp_lwt))
+ (libraries lwt.unix logs.fmt logs.lwt websocket_cohttp_lwt))
+
+(executable
+ (name eio_upgrade_connection)
+ (modules eio_upgrade_connection)
+ (libraries eio_main websocket_eio))
diff --git a/test/eio_upgrade_connection.ml b/test/eio_upgrade_connection.ml
new file mode 100644
index 0000000..d7de03d
--- /dev/null
+++ b/test/eio_upgrade_connection.ml
@@ -0,0 +1,92 @@
+open Eio.Std
+open Websocket
+
+let html_response s =
+  Cohttp_eio.Server.respond_string ~status:`OK ~body:s ()
+
+let handler ~sw con req _body : Cohttp_eio.Server.response_action =
+  let open Frame in
+  let uri = Http.Request.resource req in
+  match uri with
+  | "/" ->
+      traceln "[PATH] /" ;
+      let resp =
+        html_response
+          {|
+        <html>
+        <head>
+            <meta charset="utf-8">
+            <script src="//code.jquery.com/jquery-1.11.3.min.js"></script>
+            <script>
+                console.log("Hello World!");
+                $(window).on('load', function(){
+                    ws = new WebSocket('ws://localhost:7777/ws');
+                    console.log(ws);
+                    ws.onmessage = function(x) {
+                        console.log(x.data);
+                        var m = "<- Pong " + parseInt((x.data.substring(8)) - 1);
+                        $('#msg').html("<p>" + x.data + "</p><p>" + m + "</p>");
+                        ws.send(m);
+                    };
+                });
+        </script>
+        </head>
+        <body>
+            <div id='msg'></div>
+        </body>
+        </html>
+        |}
+      in
+      `Response resp
+  | "/ws" ->
+      traceln "[PATH] /ws" ;
+      let resp, send_frame =
+        Websocket_eio.upgrade_connection req (fun {opcode; content; _} ->
+            match opcode with
+            | Opcode.Close -> traceln "[RECV] CLOSE"
+            | _ -> traceln "[RECV] %s" content ) in
+      (* send a message to the client every second *)
+      let num_ref = ref 10 in
+      let rec go () =
+        if !num_ref = 0 then traceln "[INFO] Test done"
+        else
+          let msg = Printf.sprintf "-> Ping %d" !num_ref in
+          traceln "[SEND] %s" msg ;
+          send_frame @@ Frame.create ~content:msg () ;
+          decr num_ref ;
+          Eio_unix.sleep 1. ;
+          go () in
+      Fiber.fork ~sw go ; resp
+  | _ ->
+      traceln "[PATH] Catch-all";
+      `Response (Http.Response.make ~status:`Not_found (), Cohttp_eio.Body.of_string "")
+      
+let start_server env sw port =
+  traceln "[SERV] Listening for HTTP on port %d" port ;
+  let server = Cohttp_eio.Server.make_response_action ~callback:(handler ~sw) () in
+  let socket = Eio.Net.listen ~sw ~backlog:5 env#net (`Tcp (Eio.Net.Ipaddr.V4.loopback, port)) in
+  Cohttp_eio.Server.run ~port ~on_error:(Eio.traceln "%a" Fmt.exn) socket server 
+
+let () =
+  let port = ref 7777 in
+  let cert = ref "" in
+  let key = ref "" in
+  let speclist =
+    Arg.align
+      [ ("-cert", Arg.Set_string cert, " cert file");
+        ("-key", Arg.Set_string key, " key file");
+        ( "-v",
+          Arg.Unit (fun () -> Logs.set_level (Some Info)),
+          " Set loglevel to info" );
+        ( "-vv",
+          Arg.Unit (fun () -> Logs.set_level (Some Debug)),
+          " Set loglevel to debug" ) ] in
+  let anon_fun s =
+    match int_of_string_opt s with
+    | None -> invalid_arg "argument must be a port number"
+    | Some p -> port := p in
+  let usage_msg = "Usage: " ^ Sys.argv.(0) ^ " <options> port\nOptions are:" in
+  Arg.parse speclist anon_fun usage_msg ;
+  Eio_main.run @@ fun env -> 
+  Switch.run @@ fun sw -> 
+  start_server env sw !port
diff --git a/websocket-eio.opam b/websocket-eio.opam
new file mode 100644
index 0000000..7c59473
--- /dev/null
+++ b/websocket-eio.opam
@@ -0,0 +1,50 @@
+# This file is generated by dune, edit dune-project instead
+opam-version: "2.0"
+synopsis: "Websocket library (Eio)"
+description: """
+The WebSocket Protocol enables two-way communication between a client
+running untrusted code in a controlled environment to a remote host
+that has opted-in to communications from that code.
+
+The security model used for this is the origin-based security model
+commonly used by web browsers. The protocol consists of an opening
+handshake followed by basic message framing, layered over TCP.
+
+The goal of this technology is to provide a mechanism for
+browser-based applications that need two-way communication with
+servers that does not rely on opening multiple HTTP connections (e.g.,
+using XMLHttpRequest or <iframe>s and long polling).
+"""
+maintainer: ["Vincent Bernardoff <vb@luminar.eu.org>"]
+authors: ["Vincent Bernardoff <vb@luminar.eu.org>"]
+license: "ISC"
+tags: ["org:mirage" "org:xapi-project"]
+homepage: "https://github.com/vbmithr/ocaml-websocket"
+doc: "https://vbmithr.github.io/ocaml-websocket/doc"
+bug-reports: "https://github.com/vbmithr/ocaml-websocket/issues"
+depends: [
+  "dune" {>= "2.9"}
+  "ocaml" {>= "5.0.0"}
+  "websocket" {= version}
+  "eio"
+  "cohttp-eio"
+  "eio_main" {with-test}
+  "odoc" {with-doc}
+]
+build: [
+  ["dune" "subst"] {dev}
+  [
+    "dune"
+    "build"
+    "-p"
+    name
+    "-j"
+    jobs
+    "--promote-install-files=false"
+    "@install"
+    "@runtest" {with-test}
+    "@doc" {with-doc}
+  ]
+  ["dune" "install" "-p" name "--create-install-files" name]
+]
+dev-repo: "git+https://github.com/vbmithr/ocaml-websocket.git"