Winsock Programmer's FAQ
Section 9: Glossary

There's not much to say about this section, except that I frequently refer you to corresponding and related entries in an online copy of The New Hacker's Dictionary (known online as The Jargon File), an excellent resource for understanding some of the culture and jargon of the original Internet. I link you there when I think that the TNHD reference clarifies or enhances the more straightforward definition I provide.

addressing - Networks have to have some way of uniquely identifying the hosts on the network. Like the telephone system, network addressing is usually done with numbers; TCP/IP, for example, uses IP addresses.

asynchronous - Asynchronous sockets are a refinement of non-blocking sockets, enabled with the WSAAsyncSelect() call. Whenever a call returns WSAEWOULDBLOCK, Winsock promises to send your program a window message when it's safe to try the call again, or when it has completed the request. This allows your program to go about its business until Winsock manages to complete the requested function. Asynchronous calls allow you to decouple the rest of your program from the network portions, so that a network fault or delay does not unduly impact your program's performance. Compare blocking. See also this example program to see how to use asynchronous sockets.

blocking - A function is said to "block" when it waits until it completes the requested operation or fails trying before returning. (Sockets are blocking by default under Winsock.) The main use for blocking calls in a Winsock program are when your program's only job in life is to communicate with the network, because while a call blocks, your program can do nothing else. This mode of operation is also called "synchronous." Compare asynchronous and non-blocking. See also this example program to see how to use blocking sockets.

bridge - A bridge is a multi-homed host that operates at layer 2 of the OSI model. Bridges connect two networks, usually of the same type. A bridge is somewhat smarter than a simple repeater, in that it can make decisions about moving data from one network to the other. Some bridges even reach up into layers 3 and 4 (traditional router and gateway territory) to add even more intelligence; these smarter devices are sometimes called "brouters."

BSD Unix - The Berkeley Software Distribution of Unix took an early lead over originator AT&T's offerings by providing extra features and functionality that didn't appear in AT&T Unix (also called System V) until later. One of these features was the "sockets" system for communicating over TCP/IP networks. Between that and its adoption by Sun Microsystems, Digital Equipment Corporation and others, BSD Unix was the most popular choice for Internet hosts from the mid 80's through the early 90's. The early 90's saw AT&T sue the Computer Software Research Group, the University of California at Berkeley organization that created BSD. The early 90's also saw System V adopt many traditional BSD features (including sockets). For those reasons, virtually all commercial Unixes eventually switched to System V. BSD is still available in several lineal descendants: FreeBSD, NetBSD, OpenBSD and BSD/OS. See also the BSD and Unix entries in TNHD.

client - A program that initiates a network connection. By extension, a client program usually has some kind of user interface, often a GUI. In a typical client/server protocol, the client is the active participant, in that it makes requests and the server responds.

datagram protocol - A datagram protocol, such as IP or UDP, delivers data in packets the same size as those that were sent. For example, if one host sends another two 50-byte datagrams, that host will receive two discrete 50-byte datagrams. Compare stream protocol.

delayed ACK algorithm - An optimization to TCP to improve throughput. There's a FAQ item that goes into detail on what the algorithm does and why it helps.

DNS - The Domain Name Service is one of the core Internet protocols and mechanisms. DNS is what translates human-readable names (e.g. "") into the binary IP addresses that are actually used to move data packets around on the Internet. Winsock uses DNS when you call the gethostbyname() and gethostbyaddr() functions.

domain name - Domain names are the human-readable addresses used on the Internet (e.g., ""). The Domain Name Service translates these names into IP addresses which TCP/IP programs use directly. Compare dotted quad.

dotted quad - An string representation of an IPv4 address, in the form "" -- that is, four decimal numbers separated by dots. Note that the future IPv6 addresses are commonly written as a series of 8 colon-separated 16-bit values in hexadecimal notation, with zeroes suppressed: "AC01:987C:::A39D::FF52:CC4C". Contrast this with the IP address and domain name entries.

frame - A frame is a type of packet. In common use, the term refers only to the lowest-level type of packet, the hardware packet. For example, an Ethernet frame or a PPP frame.

Within a single network, a frame is indivisible: it is never chopped up into smaller frames, and is never coalesced with other frames to make larger frames. However, when a frame is translated from one type of network to another by a gateway or a router (e.g. Ethernet to frame relay), a frame can be fragmented if the destination network type has a smaller MTU. There's an optimization called "Path MTU Discovery" that network stacks employ to avoid this fragmentation.

Most networks have fixed-size frames. (See the entry for MTU for more on frame sizes.) Even on networks with negotiated frame sizes, the size is usually only negotiated once, when the host joins the network. PPP works that way: the frame size is negotiated after the modem connects to the Internet provider, but before any user data is sent.

gateway - A multi-homed network host that operates at layer 4 of the OSI model. A gateway understands the transport layer protocols at the least (TCP, UDP, etc.) and sometimes understands elements from layer 5 (e.g. the FTP protocol). A gateway uses this information to filter data -- for example, it can reject disallowed operations, for example; and to translate items in the data stream -- for example, it can translate the network addresses from an internal format to an external format. Related terms include "packet filter" and "firewall:" a packet filter can be part of a gateway, and a gateway is one component of a firewall.

Also note that looser definitions exist, such as for a mail gateway, which lets people using one email system to send mail to people using another system.

host - A computer connected to a network. The term was coined by analogy with a restaurant host: the host offers "services" like seating your party and recommending items on the menu he thinks you will like. Back in the 70's when the term was coined, all networked computers offered services to multiple users -- they were too expensive to let just one person use them. (Today we call such machines servers.) When PCs began to be networked, the analogy weakened, but the term was then at least a decade old, so it's still in use today to mean any computer connected to a network, excepting special-purpose devices like routers that have a more specific name. Compare peer.

IP address - A binary value used by the IP protocol to determine how to deliver packets to their destination hosts. See the entry dotted-quad for a common representation of these addresses.

IPv4 - The Internet Protocol version 4. This is the current version. IPv4 addresses are 32 bits wide. Its headers are 20 bytes at minimum, and grow in chunks of 4 bytes. Compare IPv6.

IPv6 - The Internet Protocol version 6. This still-experimental version of IP is destined to replace version 4. "When" is still up in the air; my personal theory is "about 2 years after Microsoft ships a consumer operating system with IPv6 support". (As of this writing (2000.06.14) this still has not happened.) IPv6 improves on version 4 in two main areas: much larger addresses (128 bits, allowing for exponentially more hosts on the Internet) and extensibility. The base IPv6 header is 40 bytes.

Unlike the IPv4 header, the IPv6 header does not "grow" when optional services are used. Instead, the base IPv6 header just points to the "next" extension header, each of which also has a "next" pointer. (The last extension simply points to the TCP header, meaning "no more extensions".) This allows extensions to be added by chaining extension headers like a linked list, and it allows new extensions to be defined later without requring changes to intermediate hosts on the Internet. Extension headers are all at least 8 bytes. Compare IPv4.

lines of code - When I talk about lines of code in the basic examples section, I mean non-comment non-blank unique lines of code. Unique meaning code that's not shared with other example programs.

MTU - The Maximum Transmission Unit is the largest packet that a given network medium can carry. Ethernet, for example, has a fixed MTU of 1500 bytes, ATM has a fixed MTU of 48 bytes, and PPP has a negotiated MTU that is usually between 500 and 2000 bytes. (Note that ATM's 48-byte "cells" are at the extreme low level. Network stacks usually don't use the cells directly; instead, they run over a higher-level framing standard called AAL5, which has a 65536 byte MTU.)

multi-homed - A host with more than one network adapter. Sometimes a host is multi-homed to link two networks (as with a router). More commonly, a multi-homed host is simply connected to two networks, such as a machine on a LAN which also has a modem for connecting to an ISP.

Nagle algorithm - The Nagle algorithm is a TCP optimization that improves network efficiency. There's a FAQ item that describes how the Nagle algorithm works.

non-blocking - A non-blocking call is one that either completes immediately, or returns a WSAEWOULDBLOCK error, meaning that you should try the call again later. (You make a socket non-blocking by calling the ioctlsocket() function with the FIONBIO option.) A pure non-blocking socket is not very useful, because you have to spin in an infinite loop trying the call over and over until it succeeds. The only sane way to use a non-blocking socket is with one of the "select" functions: select(), WSAAsyncSelect(), and WSAEventSelect(). These let you ask Winsock to tell you when a socket operation will succeed. Compare blocking. See also this example program to see how to use select() to handle multiple non-blocking sockets in a single thread.

OSI network model - Of all the reams of paper the ISO put out describing their overengineered Open Systems Interconnect, only one page ever spread much beyond the research lab: the one with their abstract view of a network stack on it. :) The OSI diagram is a model for thinking about network stacks, split into seven layers. It is presented below, with rough analogues from TCP/IP and Winsock.

    Application (7) the user-level protocol; e.g. FTP, HTTP, SMTP, etc.
    Presentation (6) optional data formatting layer; e.g. XDR or ASN.1
    Session (5) maintains any logical conversation(s); e.g. SSL, RTP
    Transport (4) determines which the program on the host will receive the packet; may also handle congestion control, reliability, etc.; e.g. TCP or UDP
    Network (3) host addressing, determines destination computer of the packet; e.g. IP
    Data Link (2) hardware addressing; e.g. the Ethernet frame
    Physical (1) the network interface, cabling, etc.; e.g. Ethernet

Layers 1 and 2 are the network hardware.

Layers 3 and 4 are the operating system's network stack.

TCP/IP doesn't map onto layer 5 very well. The simplest interpretation is that it's for protocols like RTP that add a logical conversation over the transport (layer 4). It can also mean things like SSL, which maintains a "session" in which several related conversations happen over a single TCP connection.

Layer 6 is often part of the application, since data representation can't usually be separated from the high-level protocol. The presentation layer, if it's present at all, is usually a cross-platform data representation like XDR or ASN.1. It could also be an encryption or data compression layer, though both of those could be lower in the model as well. (Secure IP (IPsec) is at layer 3, just like regular IP, for example.)

Layer 7 is the high-level application protocol.

The Winsock API does not correspond to any of the OSI layers. Roughly speaking, it's between layers 4 and 5.

packet - A packet is a particular block of data sent over a network. Packets are typically only discussed when talking about datagram protocols or hardware frames.

In stream protocols, packets are only useful concepts when working with the lowest levels of the network. From the application level, packets in stream protocols are mysterious, hard-to-predict things, so it's best simply to ignore the fact that packets do exist to avoid mismatches between expectation and reality.

packetization - Packetization is a process by which the network stack decides how to break up data sent by programs into network frames.

With a datagram protocol, packetization is straightforward: the stack sends each datagram as a single frame if possible, or fragments it into several frames if necessary. With a stream protocol, the network stack must decide how to break the data stream up into network frames. For TCP, the Nagle algorithm is the main influence on this process.

After the stack decides how much data to put in a frame, it wraps that data in network protocol headers before sending it to the hardware layer for sending on the network. In the case of TCP/IP, that's a TCP or UDP header on the inside, wrapped with an IP header.

peer - When two programs are sending data to each other over a network, they are peers. This term is usually seen in the phrase "remote peer", meaning "the host that you are exchanging data with".

poll - Repeatedly trying a call on a non-blocking socket until it succeeds. Example:

                int bytes;
                do {
                    if ((bytes = send(sd, buffer, buf_len, 0)) != SOCKET_ERROR) {
                while (WSAGetLastError() == WSAEWOULDBLOCK);

RFC - Request for Comments. RFCs are the Internet's standards mechanism: they document most of the protocols, mechanisms, procedures and best practices in use on the Internet. On my Important RFCs site I have several categorized lists of RFCs most important to application programmers. See also the entry in TNHD.

routing - The process of deciding how to move packets from one network to another. See also router.

router - A router is a multi-homed host that moves packets between two or more networks, based on configurable rules. The router looks at the contents of OSI layer 3 (e.g. the IP addresses in a packet), and then consults its rule set which tells it where the packet should go.

Most modern network hosts have at least some rudimentary routing capability. Consider a PC on a LAN that also has a modem for connecting to the Internet. It might have a "LAN route" so that all traffic destined for the LAN goes out the LAN adapter, and a "default route" so that all other traffic goes out the modem. Try the "route" and "netstat -r" commands on a Windows 95 or Windows NT machine.

server - A program that passively waits for network connections on a well-known port. A typical server program has no user interface, and it usually can handle multiple network connections at once. In a traditional client/server protocol, the server is completely passive: it only sends data as a result of data sent by the client. That sort of design is not mandatory, however.

silly window syndrome - Poorly-coded network programs in certain situations can cause the TCP window to grow and shrink rapidly by very small amounts. The delayed ACK algorithm minimizes the network degradations caused by such programs. There's a FAQ item that goes into details of how the silly window syndrome occurs and why the delayed ACK algorithm fixes the problem.

sliding window - A feature of TCP that allows a sender to have more than one unacknowledged packet "in flight" at a time, which improves network throughput. The TCP window only allows a sender to have as much unacknowledged data as the receiver has buffer space. Without this limit, a sender could send more data than a slow receiver can buffer, forcing the receiver to drop all the data it can't buffer. The sender would not see an acknowledgement for the dropped packets, so it would blindly retransmit the packets until space opened up in the receiver's buffer.

There's a FAQ item that goes into more detail on this topic.

stack - In network parlance, a stack is a set of layered programs, each of which talks to the ones above and below it. Below is an illustration of the most common kind of network stack, showing how an application program talks through the stack to the low-level network:

    Winsock application
    Winsock API
    Specific implementation of Winsock
    Protocol stack API
    Protocol stack (TCP/IP, IPX/SPX, DECnet, etc.)
    Hardware driver API (packet driver, NDIS, ODI, etc.)
    Hardware driver
    Networking hardware (network interface card, modem, CSU/DSU)
    Communications path (Ethernet cable, the telephone system)

There is a stack within the stack: the protocol stack. Just like the network stack, the protocol stack is a layered architecture, where higher-level components talk to lower-level components, and vice versa. (The model used when talking about protocol stacks is the OSI network model.)

Here's a simplified example of how a stack works, using FTP as an example:

  1. The FTP client sends some data to Winsock; for example, a command asking to download a particular file.
  2. Winsock prepends a TCP and IP header onto the data packet. (I'm purposely not going into how packetization really works here.)
  3. The TCP/IP packet is sent to the hardware which wraps the packet in a frame and sends it across the network.
  4. On most types of local area networks (LANs), all computers see all packets. The target computer knows which packets are for it by looking for its hardware address in the frame header. The hardware sends the data inside the frame up to the network stack.
  5. The network stack processes and removes the IP and TCP headers. This tells the network stack which program to deliver the data to.
  6. Winsock delivers the file download request to the FTP server.

As mentioned above, this example ignores how packetization works. It also ignores issues like corrupted/duplicated/missing network frames, flow control, and efficiency optimizations like the Nagle algorithm.

stream protocol - A stream protocol, such as TCP, delivers data in variable-length packets whose size have no necessary relationship with the size of the packets that were sent. For example, if one host sends two 50-byte packets to the other host, that host may receive them as 100 single-byte packets, as a single 100-byte packet, or as a handful of smaller packets. Further, those 100 bytes might be sandwiched between data from previous and successive sends. Compare datagram protocol.

TCP - The Transmission Control Protocol is a "reliable stream protocol"; Winsock gives you a TCP socket when you pass SOCK_STREAM as the second argument to socket(). "Reliable" means that Winsock always succeeds in sending the data to the remote peer: TCP can deal with lost, corrupted, duplicated and fragmented packets. The remote peer sees incoming data as a stream of individual bytes: there is no notion of packets, from the program's viewpoint. TCP can coalesce sends, for efficiency: if you make four quick send() calls to Winsock with 100, 50, 30 and 120 bytes in each, Winsock is likely to pack all these up into a single 300-byte TCP packet when it decides to send them out on the network. (This is called the Nagle algorithm.) Compare UDP.

UDP - See this FAQ item for a full description of the User Datagram Protocol.

This space intentionally left blank. :)

<< Unix Network Programming book review
Last modified on 19 October 2001 at 15:59 UTC-7 Please send corrections to
< Go to the main FAQ page << Go to the Home Page