wolfIP TCP/IP stack
wolfIP is a tiny, deterministic TCP/IP stack designed for embedded, real-time, and safety-critical systems. It removes the unpredictability common in networking stacks by eliminating runtime allocation and hidden threads, using compile-time configured buffers and a fixed socket table. The result is a networking core that behaves consistently.
The stack already runs as a userspace TCP/IP replacement on Linux, FreeBSD, and macOS, and scales down cleanly to embedded deployment including FreeRTOS, SafeRTOS, Zephyr, Azure RTOS ThreadX, NuttX, RTEMS, and commercial RTOS options such as VxWorks and QNX. It also supports bare-metal targets where a small,analyzable networking footprint is required.
wolfIP pairs naturally with wolfSSL to provide predictable TLS 1.3 secure connectivity, allowing developers to build HTTPS-enabled devices with a single tightly integrated networking and security stack.
Please email us at facts@wolfSSL.com with any questions or to learn more about TCP/IP stack.
Highlights
- No dynamic memory allocation (no malloc/free)
- No hidden threads or background tasks
- Compile-time deterministic memory usage
- Fixed number of sockets and packet buffers
- Small embedded-first code base (~4× smaller than lwIP core)
- BSD-like blocking and non-blocking socket API
- Seamless TLS 1.3 integration with wolfSSL
- HTTPS server capability on resource-constrained devices
- Designed for verification, testing, and certification workflows
Portable
- Userspace TCP/IP replacement on POSIX systems
- Clean BSD socket compatibility
- Bare-metal and RTOS friendly architecture
- Simple NIC driver callback interface (TX/RX/link)
- TAP interface testing without hardware
- Designed for reproducible integration across platforms
Support Operating Systems
- Bare-metal embedded targets
- Linux userspace TCP/IP replacement
- FreeBSD userspace TCP/IP replacement
- macOS userspace TCP/IP replacement
- FreeRTOS
- Zephyr (Coming soon)
- Azure RTOS ThreadX (Coming soon)
- NuttX (Coming soon)
- RTEMS (Coming soon)
- Any commercial RTOS targets where a fixed memory, single stack integration is valuable (examples: VxWorks, QNX) (Coming soon)
Supported Silicon & Network Interfaces
- STM32 Ethernet (MAC + PHY driver path)
- MCU Ethernet MAC families (Coming soon)
- Broader PHY coverage (RMII and MII) (Coming soon)
- BSP reference drivers (Coming soon)
CRA Support for wolfIP
wolfIP is developed with EU Cyber Resilience Act expectation in mind:
- Deterministic, reproducible configuration
- Clearly bounded features and services
- Secure-by-default deployment model
- Practical path to secure updates when paired with wolfSSL
- Designed for long-term maintenance workflow
wolfIP for DO-178C DAL-A Systems
wolfIP features for safety-critical systems:
- No runtime allocation
- Fixed memory pools
- Bounded resource usage
- Predictable timing behaviour
- Minimalist single-endpoint architecture
- Easier verification artifact generation
The static and analyzable architecture helps reduce uncertainty in worst case timing and memory analysis for aerospace and other high-assurance systems.
Features
- Core Networking:
- IPv4
- IPSEC
- ARP
- ICMP (echo reply, TTL exceeded)
- DHCP client
- DNS client
- UDP
- TCP
- TCP Capabilities
- MSS option
- Timestamp option
- Window scaling
- Congestion control
- Slow start
- Congestion avoidance
- Fast retransmit with SACK
- HTTPS server
- TLS up to TLS 1.3 via wolfSSL
- Clean TLS I/O callback mapping
- BSD-like socket API
- Blocking and non-blocking sockets
- No dynamic allocation
- Fixed socket count
- Static RX/TX packet buffers
- Optional multi-interface routing
wolfIP vs lwIP (Key Differentiators)
- ~4× smaller TCP/IP core code base (~4200 LOC vs ~17000 LOC)
- Deterministic memory model by default (not optional configuration)
- Fixed compile-time resource usage
- Userspace stack replacement on POSIX via library interposition
- Integrated HTTPS/TLS security path using wolfSSL
- Smaller audit and qualification surface
- Embedded endpoint-focused feature set instead of general-purpose routing stack
wolfIP: Deterministic TCP/IP for Safety-Critical Embedded Systems
Talk to us at these upcoming events:
| ICMC Booth #5 Arlington, VA, USA Apr 20th to 23rd |
| Microelectronics US Booth #429 Austin, TX, USA Apr 22nd to the 23rd |
| Black Hat Asia Booth #L4-519 Marina Sands, Singapore Apr 23rd to the 24th |
| National CyberSecurity Show Birmingham, UK Apr 28th to the 30th |
| CSFC-(DIBC 26 CMMC Day) Booth #216 MD, USA Mat 4th to the 5th |
| AMD Embedded Computing Summit San Jose, CA, USA May 5th |
OUR PRODUCTS
wolfSSL focuses on creating high-quality, portable, embedded security software. Our current products include the wolfSSL embedded TLS library, wolfCrypt embedded crypto engine, wolfMQTT, wolfSSH, and the wolfSSL JNI wrapper. As strong believers in open source, the majority of wolfSSL’s products are dual-licensed under both the GPLv2 and standard commercial licensing.
wolfSSL now supports TLS 1.3! Try it out today by downloading wolfSSL!
To learn more about wolfSSL and the wolfSSL embedded SSL/TLS library, we invite you to read our About Us page or visit the respective Product Page.
WHERE ARE WE USED?
Are you curious about where wolfSSL products are used? wolfSSL is actively being used in a wide range of markets and products including the smart grid, IoT, industrial automation, connected home, M2M, auto industry, games, applications, databases, sensors, VoIP, routers, appliances, cloud services, and more.
Over 5 Billion applications and devices are secured with wolfSSL products.
To learn more about specific markets which are currently using wolfSSL products, please visit our Case Studies page.
Securing the connected world with wolfSSL seamless TPM 2.0 integration
Infineon