Network
Nexus OS inverts the traditional network architecture. In Linux, the TCP/IP stack runs inside the kernel — a 30-million-line attack surface where a malformed packet can crash the entire system.
In Nexus: the kernel delivers the mail; it does not read the letter.
Architecture
┌──────────────────────────────────────────────┐
│ Application (curl, browser, etc.) │
├──────────────────────────────────────────────┤
│ POSIX Shim (socket, connect, send) │ Membrane
│ or Native ION Channel API │
├──────────────────────────────────────────────┤
│ LwIP TCP/IP Stack (Grafted) │ Userland
│ or UTCP Sovereign Transport │
├──────────────────────────────────────────────┤
│ Per-Process ION Rings (proc_rx, proc_tx) │ Zero-Copy
├──────────────────────────────────────────────┤
│ NetSwitch (L2 Demux) │ Kernel
├──────────────────────────────────────────────┤
│ VirtIO-Net Driver (HAL) │ Raw Frames
└──────────────────────────────────────────────┘Components
- Network Membrane — The userland network stack (grafted LwIP + POSIX shim)
- UTCP — Sovereign transport protocol for Nexus-to-Nexus traffic
- Libertaria Wire Frame — The Libertaria protocol stack wire format
The NetSwitch
The NetSwitch is the only networking code that runs inside the kernel. It is a simple L2 packet demultiplexer:
- The VirtIO-Net driver delivers a raw Ethernet frame
- The NetSwitch reads the EtherType field (2 bytes)
- Based on the EtherType, it places the frame on the correct ION Ring:
| EtherType | Destination | Protocol |
|---|---|---|
0x0800 | Membrane fiber | IPv4 (LwIP) |
0x86DD | Membrane fiber | IPv6 (LwIP) |
0x88B5 | UTCP fiber | Sovereign transport |
0x4C57 | LWF fiber | Libertaria Wire Frame |
The NetSwitch does not parse headers, compute checksums, or manage connections. It reads two bytes and routes.
Why This Matters
Isolation: If a network-facing application (curl, a web server, an MQTT client) crashes due to a malformed packet, only that application's fiber dies. The kernel continues running. The NetSwitch continues routing. Other applications are unaffected.
Security: The TCP/IP stack is outside the kernel's trust boundary. A vulnerability in LwIP cannot escalate to kernel privileges because LwIP runs in a userland fiber with a restricted capability set.
Sovereignty: For internal Nexus-to-Nexus traffic, UTCP provides identity-centric transport that doesn't depend on IP addresses, DNS, or any legacy infrastructure. Nodes know each other by cryptographic identity (CellID), not by IP.