PRODUCTS

wolfIP TCP/IP stack

wolfIP is a tiny, deterministic TCP/IP stack designed for embedded, real-time, and safety-critical systems. It removes the unpredictability common in networking stacks by eliminating runtime allocation and hidden threads, using compile-time configured buffers and a fixed socket table. The result is a networking core that behaves consistently. 

The stack already runs as a userspace TCP/IP replacement on Linux, FreeBSD, and macOS, and scales down cleanly to embedded deployment including FreeRTOS, SafeRTOS, Zephyr, Azure RTOS ThreadX, NuttX, RTEMS, and commercial RTOS options such as VxWorks and QNX. It also supports bare-metal targets where a small,analyzable networking footprint is required. 

wolfIP pairs naturally with wolfSSL to provide predictable TLS 1.3 secure connectivity, allowing developers to build HTTPS-enabled devices with a single tightly integrated networking and security stack.

Please email us at facts@wolfSSL.com with any questions or to learn more about TCP/IP stack.

wolfBoot provides open-source cybersecurity with industry-leading support. It ensures power failure safety, offers Post-Quantum options including hash-based signature schemes, and is compliant with CNSA 2.0 standards.

Clone the Repo Now

Get the latest open source GPLv3 version now!

View README

Highlights

  • No dynamic memory allocation (no malloc/free)
  • No hidden threads or background tasks
  • Compile-time deterministic memory usage
  • Fixed number of sockets and packet buffers
  • Small embedded-first code base (~4× smaller than lwIP core)
  • BSD-like blocking and non-blocking socket API
  • Seamless TLS 1.3 integration with wolfSSL
  • HTTPS server capability on resource-constrained devices
  • Designed for verification, testing, and certification workflows

Portable

  • Userspace TCP/IP replacement on POSIX systems
  • Clean BSD socket compatibility
  • Bare-metal and RTOS friendly architecture
  • Simple NIC driver callback interface (TX/RX/link)
  • TAP interface testing without hardware
  • Designed for reproducible integration across platforms

Support Operating Systems

  • Bare-metal embedded targets
  • Linux userspace TCP/IP replacement
  • FreeBSD userspace TCP/IP replacement
  • macOS userspace TCP/IP replacement
  • FreeRTOS
  • Zephyr (Coming soon)
  • Azure RTOS ThreadX (Coming soon)
  • NuttX (Coming soon)
  • RTEMS (Coming soon)
  • Any commercial RTOS targets where a fixed memory, single stack integration is valuable (examples: VxWorks, QNX) (Coming soon)

Supported Silicon & Network Interfaces

  • STM32 Ethernet (MAC + PHY driver path)
  • MCU Ethernet MAC families (Coming soon)
  • Broader PHY coverage (RMII and MII) (Coming soon)
  • BSP reference drivers (Coming soon)

CRA Support for wolfIP
wolfIP is developed with EU Cyber Resilience Act expectation in mind:

  • Deterministic, reproducible configuration
  • Clearly bounded features and services
  • Secure-by-default deployment model
  • Practical path to secure updates when paired with wolfSSL
  • Designed for long-term maintenance workflow

wolfIP for DO-178C DAL-A Systems
wolfIP features for safety-critical systems:

  • No runtime allocation
  • Fixed memory pools
  • Bounded resource usage
  • Predictable timing behaviour
  • Minimalist single-endpoint architecture
  • Easier verification artifact generation

The static and analyzable architecture helps reduce uncertainty in worst case timing and memory analysis for aerospace and other high-assurance systems.

Features

  • Core Networking:
    • IPv4
    • IPSEC
    • ARP
    • ICMP (echo reply, TTL exceeded)
    • DHCP client
    • DNS client
    • UDP
    • TCP
  • TCP Capabilities
    • MSS option
    • Timestamp option
    • Window scaling
    • Congestion control
      • Slow start
      • Congestion avoidance
      • Fast retransmit with SACK
  • HTTPS server
  • TLS up to TLS 1.3 via wolfSSL
  • Clean TLS I/O callback mapping
  • BSD-like socket API
  • Blocking and non-blocking sockets
  • No dynamic allocation
  • Fixed socket count
  • Static RX/TX packet buffers
  • Optional multi-interface routing

wolfIP vs lwIP (Key Differentiators)

  • ~4× smaller TCP/IP core code base (~4200 LOC vs ~17000 LOC)
  • Deterministic memory model by default (not optional configuration)
  • Fixed compile-time resource usage
  • Userspace stack replacement on POSIX via library interposition
  • Integrated HTTPS/TLS security path using wolfSSL
  • Smaller audit and qualification surface
  • Embedded endpoint-focused feature set instead of general-purpose routing stack

Works Well With

  • wolfSSL – A lightweight C-language-based SSL/TLS library targeted for embedded, RTOS, or resource-constrained environments
  • DO-178C DAL A Support – Offers DO-178C Level A certification support with wolfCrypt as a COTS solution for connected avionics applications