The developers of the cryptographic library wolfSSL are working on a TCP/IP stack wolfIP, designed for embedded devices with limited resources and real-time systems requiring enhanced reliability (Safety-Critical). To ensure predictable resource usage, wolfIP does not utilize dynamic memory allocation; all buffers and socket tables are of fixed size and configured during compilation. The project code is written in C language and distributed under the GPLv3 license.
WolfIP can function as a TCP/IP stack operating in user space, replacing the network stacks of Linux, FreeBSD, and macOS. It is also suitable for use in embedded systems based on FreeRTOS, SafeRTOS, Zephyr, Azure RTOS ThreadX, NuttX, RTEMS, VxWorks, and QNX. Additionally, self-contained network applications can be developed using wolfIP, running directly on hardware (bare-metal). When combined with the wolfSSL library, TLS 1.3 support is available, enabling the creation of compact embedded systems that support HTTPS.
Main features of wolfIP:
- Utilization of pre-allocated buffers in static memory for processing network packets without Malloc and free calls.
- Can replace standard system network stacks on POSIX systems.
- Support for BSD sockets in non-blocking and blocking modes.
- Compact size of 4200 lines of code, four times smaller than the TCP/IP stack lwIP.
- Supports STM32 Ethernet network interfaces.
- Ability to test functionality using the TAP network interface without actual hardware.
- Developed with a focus on systems with heightened security requirements, including deterministic and reproducible configuration, Secure-by-default deployment model, component isolation, support for secure version updates, and long-term support.
- Addressing the needs of highly reliable systems by avoiding dynamic resource allocation, implementing fixed memory pools, controlling resource usage, ensuring predictable behavior, simplifying architecture, and supporting artifact generation for verification.
- Implementation of IPv4, UDP, TCP, IPSEC, ARP, ICMP, DHCP client, DNS client, and HTTP/HTTPS server. Supports