- Updated to new upstream.

9 files changed, 132 insertions, 176 deletions

diff --git a/src/charon/network/packet.c b/src/charon/network/packet.c
index f2fa91569..b47e6322f 100644
--- a/src/charon/network/packet.c
+++ b/src/charon/network/packet.c
@@ -1,10 +1,3 @@
-/**
- * @file packet.c
- * 
- * @brief Implementation of packet_t.
- * 
- */
-
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -19,12 +12,12 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id: packet.c 3589 2008-03-13 14:14:44Z martin $
  */
 
-
 #include "packet.h"
 
-
 typedef struct private_packet_t private_packet_t;
 
 /**
diff --git a/src/charon/network/packet.h b/src/charon/network/packet.h
index acf953032..2f126d465 100644
--- a/src/charon/network/packet.h
+++ b/src/charon/network/packet.h
@@ -1,10 +1,3 @@
-/**
- * @file packet.h
- * 
- * @brief Interface of packet_t.
- * 
- */
-
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id: packet.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup packet packet
+ * @{ @ingroup network
  */
 
 #ifndef PACKET_H_
@@ -30,105 +30,88 @@ typedef struct packet_t packet_t;
 #include <utils/host.h>
 
 /**
- * @brief Abstraction of an UDP-Packet, contains data, sender and receiver.
- *
- * @b Constructors:
- * - packet_create()
- *
- * @ingroup network
+ * Abstraction of an UDP-Packet, contains data, sender and receiver.
  */
 struct packet_t {
 
 	/**
-	 * @brief Set the source address.
+	 * Set the source address.
 	 * 
 	 * Set host_t is now owned by packet_t, it will destroy
 	 * it if necessary.
 	 * 
-	 * @param this		calling object
 	 * @param source	address to set as source
 	 */
 	void (*set_source) (packet_t *packet, host_t *source);
 	
 	/**
-	 * @brief Set the destination address.
+	 * Set the destination address.
 	 * 
 	 * Set host_t is now owned by packet_t, it will destroy
 	 * it if necessary.
 	 * 
-	 * @param this		calling object
 	 * @param source	address to set as destination
 	 */
 	void (*set_destination) (packet_t *packet, host_t *destination);
 	
 	/**
-	 * @brief Get the source address.
+	 * Get the source address.
 	 * 
 	 * Set host_t is still owned by packet_t, clone it
 	 * if needed.
 	 * 
-	 * @param this		calling object
 	 * @return			source address
 	 */
 	host_t *(*get_source) (packet_t *packet);
 	
 	/**
-	 * @brief Get the destination address.
+	 * Get the destination address.
 	 * 
 	 * Set host_t is still owned by packet_t, clone it
 	 * if needed.
 	 * 
-	 * @param this		calling object
 	 * @return			destination address
 	 */
 	host_t *(*get_destination) (packet_t *packet);
 	
 	/**
-	 * @brief Get the data from the packet.
+	 * Get the data from the packet.
 	 * 
 	 * The data pointed by the chunk is still owned 
 	 * by the packet. Clone it if needed.
 	 * 
-	 * @param this		calling object
 	 * @return			chunk containing the data
 	 */
 	chunk_t (*get_data) (packet_t *packet);
 	
 	/**
-	 * @brief Set the data in the packet.
+	 * Set the data in the packet.
 	 * 
 	 * Supplied chunk data is now owned by the 
 	 * packet. It will free it.
 	 * 
-	 * @param this		calling object
 	 * @param data		chunk with data to set
 	 */
 	void (*set_data) (packet_t *packet, chunk_t data);
 	
 	/**
-	 * @brief Clones a packet_t object.
+	 * Clones a packet_t object.
 	 *  
-	 * @param packet	calling object
-	 * @param clone		pointer to a packet_t object pointer where the new object is stored
+	 * @param clone		clone of the packet
 	 */
 	packet_t* (*clone) (packet_t *packet);
 	
 	/**
-	 * @brief Destroy the packet, freeing contained data.
-	 *  
-	 * @param packet	packet to destroy	
+	 * Destroy the packet, freeing contained data.
 	 */
 	void (*destroy) (packet_t *packet);
 };
 
 /**
- * @brief create an empty packet
+ * create an empty packet
  *  
  * @return packet_t object
- * 
- * @ingroup network
  */
 packet_t *packet_create(void);
 
-
-#endif /*PACKET_H_*/
+#endif /*PACKET_H_ @} */
diff --git a/src/charon/network/receiver.c b/src/charon/network/receiver.c
index 1de1dd3d2..885280a62 100644
--- a/src/charon/network/receiver.c
+++ b/src/charon/network/receiver.c
@@ -1,10 +1,3 @@
-/**
- * @file receiver.c
- *
- * @brief Implementation of receiver_t.
- *
- */
-
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id: receiver.c 3994 2008-05-21 21:52:59Z andreas $
  */
 
 #include <stdlib.h>
@@ -33,9 +28,8 @@
 #include <processing/jobs/job.h>
 #include <processing/jobs/process_message_job.h>
 #include <processing/jobs/callback_job.h>
+#include <crypto/hashers/hasher.h>
 
-/** length of the full cookie, including time (u_int32_t + SHA1()) */
-#define COOKIE_LENGTH 24
 /** lifetime of a cookie, in seconds */
 #define COOKIE_LIFETIME 10
 /** how many times to reuse the secret */
@@ -94,9 +88,9 @@ struct private_receiver_t {
  	u_int32_t secret_offset;
  	
  	/**
- 	 * the randomizer to use for secret generation
+ 	 * the RNG to use for secret generation
  	 */
- 	randomizer_t *randomizer;
+ 	rng_t *rng;
  	
  	/**
  	 * hasher to use for cookie calculation
@@ -145,11 +139,12 @@ static chunk_t cookie_build(private_receiver_t *this, message_t *message,
 {
 	u_int64_t spi = message->get_initiator_spi(message);
 	host_t *ip = message->get_source(message);
-	chunk_t input, hash = chunk_alloca(this->hasher->get_hash_size(this->hasher));
+	chunk_t input, hash;
 	
 	/* COOKIE = t | sha1( IPi | SPIi | t | secret ) */
 	input = chunk_cata("cccc", ip->get_address(ip), chunk_from_thing(spi),
 					  chunk_from_thing(t), secret);
+	hash = chunk_alloca(this->hasher->get_hash_size(this->hasher));
 	this->hasher->get_hash(this->hasher, input, hash.ptr);
 	return chunk_cat("cc", chunk_from_thing(t), hash);
 }
@@ -167,7 +162,8 @@ static bool cookie_verify(private_receiver_t *this, message_t *message,
 	now = time(NULL);
 	t = *(u_int32_t*)cookie.ptr;
 
-	if (cookie.len != COOKIE_LENGTH || 
+	if (cookie.len != sizeof(u_int32_t) +
+			this->hasher->get_hash_size(this->hasher) || 
 		t < now - this->secret_offset - COOKIE_LIFETIME)
 	{
 		DBG2(DBG_NET, "received cookie lifetime expired, rejecting");
@@ -212,7 +208,8 @@ static bool cookie_required(private_receiver_t *this, message_t *message)
 		packet_t *packet = message->get_packet(message);
 		chunk_t data = packet->get_data(packet);
 		if (data.len < 
-			 IKE_HEADER_LENGTH + NOTIFY_PAYLOAD_HEADER_LENGTH + COOKIE_LENGTH ||
+			 IKE_HEADER_LENGTH + NOTIFY_PAYLOAD_HEADER_LENGTH +
+			 sizeof(u_int32_t) + this->hasher->get_hash_size(this->hasher) ||
 			*(data.ptr + 16) != NOTIFY || 
 			*(u_int16_t*)(data.ptr + IKE_HEADER_LENGTH + 6) != htons(COOKIE))
 		{
@@ -222,7 +219,7 @@ static bool cookie_required(private_receiver_t *this, message_t *message)
 		else
 		{
 			data.ptr += IKE_HEADER_LENGTH + NOTIFY_PAYLOAD_HEADER_LENGTH;
-			data.len = COOKIE_LENGTH;
+			data.len = sizeof(u_int32_t) + this->hasher->get_hash_size(this->hasher);
 			if (!cookie_verify(this, message, data))
 			{
 				DBG2(DBG_NET, "found cookie, but content invalid");
@@ -307,8 +304,7 @@ static job_requeue_t receive_packets(private_receiver_t *this)
 				DBG1(DBG_NET, "generating new cookie secret after %d uses",
 					 this->secret_used);
 				memcpy(this->secret_old, this->secret, SECRET_LENGTH);	
-				this->randomizer->get_pseudo_random_bytes(this->randomizer,
-												SECRET_LENGTH, this->secret);
+				this->rng->get_bytes(this->rng,	SECRET_LENGTH, this->secret);
 				this->secret_switch = now;
 				this->secret_used = 0;
 			}
@@ -320,7 +316,7 @@ static job_requeue_t receive_packets(private_receiver_t *this)
 		if (peer_to_aggressive(this, message))
 		{
 			DBG1(DBG_NET, "ignoring IKE_SA setup from %H, "
-				 "peer to aggressive", message->get_source(message));
+				 "peer too aggressive", message->get_source(message));
 			message->destroy(message);
 			return JOB_REQUEUE_DIRECT;
 		}
@@ -336,7 +332,7 @@ static job_requeue_t receive_packets(private_receiver_t *this)
 static void destroy(private_receiver_t *this)
 {
 	this->job->cancel(this->job);
-	this->randomizer->destroy(this->randomizer);
+	this->rng->destroy(this->rng);
 	this->hasher->destroy(this->hasher);
 	free(this);
 }
@@ -351,13 +347,25 @@ receiver_t *receiver_create()
 
 	this->public.destroy = (void(*)(receiver_t*)) destroy;
 	
-	this->randomizer = randomizer_create();
-	this->hasher = hasher_create(HASH_SHA1);
+	this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_PREFERRED);
+	if (this->hasher == NULL)
+	{
+		DBG1(DBG_NET, "creating cookie hasher failed, no hashers supported");
+		free(this);
+		return NULL;
+	}
+	this->rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
+	if (this->rng == NULL)
+	{
+		DBG1(DBG_NET, "creating cookie RNG failed, no RNG supported");
+		this->hasher->destroy(this->hasher);
+		free(this);
+		return NULL;
+	}
 	this->secret_switch = now;
 	this->secret_offset = random() % now;
 	this->secret_used = 0;
-	this->randomizer->get_pseudo_random_bytes(this->randomizer, SECRET_LENGTH,
-											  this->secret);
+	this->rng->get_bytes(this->rng, SECRET_LENGTH, this->secret);
 	memcpy(this->secret_old, this->secret, SECRET_LENGTH);
 
 	this->job = callback_job_create((callback_job_cb_t)receive_packets,
diff --git a/src/charon/network/receiver.h b/src/charon/network/receiver.h
index 1bfa7b764..810a51849 100644
--- a/src/charon/network/receiver.h
+++ b/src/charon/network/receiver.h
@@ -1,10 +1,3 @@
-/**
- * @file receiver.h
- *
- * @brief Interface of receiver_t.
- *
- */
-
 /*
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id: receiver.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup receiver receiver
+ * @{ @ingroup network
  */
 
 #ifndef RECEIVER_H_
@@ -30,7 +30,7 @@ typedef struct receiver_t receiver_t;
 #include <utils/host.h>
 
 /**
- * @brief Receives packets from the socket and adds them to the job queue.
+ * Receives packets from the socket and adds them to the job queue.
  * 
  * The receiver starts a thread, wich reads on the blocking socket. A received
  * packet is preparsed and a process_message_job is queued in the job queue.
@@ -50,32 +50,23 @@ typedef struct receiver_t receiver_t;
  * 
  * Further, the number of half-initiated IKE_SAs is limited per peer. This
  * mades it impossible for a peer to flood the server with its real IP address.
- * 
- * @b Constructors:
- *  - receiver_create()
- * 
- * @ingroup network
  */
 struct receiver_t {
 	
 	/**
-	 * @brief Destroys a receiver_t object.
-	 *
-	 * @param receiver 	receiver object
+	 * Destroys a receiver_t object.
 	 */
 	void (*destroy) (receiver_t *receiver);
 };
 
 /**
- * @brief Create a receiver_t object.
+ * Create a receiver_t object.
  * 
  * The receiver thread will start working, get data
  * from the socket and add those packets to the job queue.
  * 
- * @return	receiver_t object
- * 
- * @ingroup network
+ * @return	receiver_t object, NULL if initialization fails
  */
 receiver_t * receiver_create(void);
 
-#endif /*RECEIVER_H_*/
+#endif /*RECEIVER_H_ @} */
diff --git a/src/charon/network/sender.c b/src/charon/network/sender.c
index f934dc509..60a08d0c3 100644
--- a/src/charon/network/sender.c
+++ b/src/charon/network/sender.c
@@ -1,10 +1,3 @@
-/**
- * @file sender.c
- *
- * @brief Implementation of sender_t.
- *
- */
-
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id: sender.c 3742 2008-04-03 09:19:12Z tobias $
  */
 
 #include <stdlib.h>
@@ -58,9 +53,14 @@ struct private_sender_t {
 	pthread_mutex_t mutex;
 
 	/**
-	 * condvar to signal for packets in list
+	 * condvar to signal for packets added to list
 	 */
-	pthread_cond_t condvar;
+	pthread_cond_t gotone;
+	
+	/**
+	 * condvar to signal for packets sent
+	 */
+	pthread_cond_t sentone;
 };
 
 /**
@@ -76,8 +76,8 @@ static void send_(private_sender_t *this, packet_t *packet)
 	
 	pthread_mutex_lock(&this->mutex);
 	this->list->insert_last(this->list, packet);
+	pthread_cond_signal(&this->gotone);
 	pthread_mutex_unlock(&this->mutex);
-	pthread_cond_signal(&this->condvar);
 }
 
 /**
@@ -95,12 +95,13 @@ static job_requeue_t send_packets(private_sender_t * this)
 		pthread_cleanup_push((void(*)(void*))pthread_mutex_unlock, (void*)&this->mutex);
 		pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
 		
-		pthread_cond_wait(&this->condvar, &this->mutex);
+		pthread_cond_wait(&this->gotone, &this->mutex);
 		
 		pthread_setcancelstate(oldstate, NULL);
 		pthread_cleanup_pop(0);
 	}
 	this->list->remove_first(this->list, (void**)&packet);
+	pthread_cond_signal(&this->sentone);
 	pthread_mutex_unlock(&this->mutex);
 	
 	charon->socket->send(charon->socket, packet);
@@ -114,10 +115,13 @@ static job_requeue_t send_packets(private_sender_t * this)
 static void destroy(private_sender_t *this)
 {
 	/* send all packets in the queue */
+	pthread_mutex_lock(&this->mutex);
 	while (this->list->get_count(this->list))
 	{
-		sched_yield();
+		pthread_cond_wait(&this->sentone, &this->mutex);
 	}
+	pthread_mutex_unlock(&this->mutex);
+	pthread_mutex_destroy(&this->mutex);
 	this->job->cancel(this->job);
 	this->list->destroy(this->list);
 	free(this);
@@ -135,7 +139,8 @@ sender_t * sender_create()
 
 	this->list = linked_list_create();
 	pthread_mutex_init(&this->mutex, NULL);
-	pthread_cond_init(&this->condvar, NULL);
+	pthread_cond_init(&this->gotone, NULL);
+	pthread_cond_init(&this->sentone, NULL);
 
 	this->job = callback_job_create((callback_job_cb_t)send_packets,
 									this, NULL, NULL);
diff --git a/src/charon/network/sender.h b/src/charon/network/sender.h
index 8d611cc90..4a67c7e72 100644
--- a/src/charon/network/sender.h
+++ b/src/charon/network/sender.h
@@ -1,10 +1,3 @@
-/**
- * @file sender.h
- *
- * @brief Interface of sender_t.
- *
- */
-
 /*
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id: sender.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup sender sender
+ * @{ @ingroup network
  */
 
 #ifndef SENDER_H_
@@ -30,45 +30,35 @@ typedef struct sender_t sender_t;
 #include <network/packet.h>
 
 /**
- * @brief Thread responsible for sending packets over the socket.
- * 
- * @b Constructors:
- *  - sender_create()
- * 
- * @ingroup network
+ * Thread responsible for sending packets over the socket.
  */
 struct sender_t {
 	
 	/**
-	 * @brief Send a packet over the network.
+	 * Send a packet over the network.
 	 *
 	 * This function is non blocking and adds the packet to a queue.
 	 * Whenever the sender thread thinks it's good to send the packet,
 	 * it'll do so.
 	 *
-	 * @param this		calling object
  	 * @param packet	packet to send
 	 */
 	void (*send) (sender_t *this, packet_t *packet);
 	
 	/**
-	 * @brief Destroys a sender object.
-	 *
-	 * @param this	 	calling object
+	 * Destroys a sender object.
 	 */
 	void (*destroy) (sender_t *this);
 };
 
 /**
- * @brief Create the sender thread.
+ * Create the sender thread.
  * 
  * The thread will start to work, getting packets
  * from its queue and sends them out.
  * 
  * @return		created sender object
- * 
- * @ingroup network
  */
 sender_t * sender_create(void);
 
-#endif /*SENDER_H_*/
+#endif /*SENDER_H_ @} */
diff --git a/src/charon/network/socket-raw.c b/src/charon/network/socket-raw.c
index 3b76ae570..5d1623ffd 100644
--- a/src/charon/network/socket-raw.c
+++ b/src/charon/network/socket-raw.c
@@ -1,10 +1,3 @@
-/**
- * @file socket.c
- *
- * @brief Implementation of socket_t.
- *
- */
-
 /*
  * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
  * Copyright (C) 2005-2006 Martin Willi
@@ -20,8 +13,13 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id: socket-raw.c 3870 2008-04-24 13:49:20Z martin $
  */
 
+/* for struct in6_pktinfo */
+#define _GNU_SOURCE
+
 #include <pthread.h>
 #include <sys/types.h>
 #include <sys/socket.h>
diff --git a/src/charon/network/socket.c b/src/charon/network/socket.c
index a4c407579..60ea5f7c8 100644
--- a/src/charon/network/socket.c
+++ b/src/charon/network/socket.c
@@ -1,10 +1,3 @@
-/**
- * @file socket.c
- *
- * @brief Implementation of socket_t.
- *
- */
-
 /*
  * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
  * Copyright (C) 2005-2007 Martin Willi
@@ -20,8 +13,13 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id: socket.c 3870 2008-04-24 13:49:20Z martin $
  */
 
+/* for struct in6_pktinfo */
+#define _GNU_SOURCE
+
 #include <pthread.h>
 #include <sys/types.h>
 #include <sys/socket.h>
diff --git a/src/charon/network/socket.h b/src/charon/network/socket.h
index 4d8251325..077da4bba 100644
--- a/src/charon/network/socket.h
+++ b/src/charon/network/socket.h
@@ -1,10 +1,3 @@
-/**
- * @file socket.h
- * 
- * @brief Interface for socket_t.
- * 
- */
-
 /*
  * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
  * Copyright (C) 2005-2006 Martin Willi
@@ -20,6 +13,13 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id: socket.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup socket socket
+ * @{ @ingroup network
  */
 
 #ifndef SOCKET_H_
@@ -33,38 +33,36 @@ typedef struct socket_t socket_t;
 #include <utils/linked_list.h>
 
 /**
- * @brief Maximum size of a packet.
- *
- * 3000 Bytes should be sufficient, see IKEv2 RFC.
+ * Maximum size of a packet.
  *
- * @ingroup network
+ * 3000 Bytes should be sufficient, see IKEv2 RFC. However, we currently
+ * do not support HASH_AND_URL certificates, so we require to transmit
+ * the full certificates. To run our multi-CA test with 2 intermediate CAs,
+ * 5000 bytes is sufficient.
  */
-#define MAX_PACKET 3000
+#define MAX_PACKET 5000
 
 /**
- * @brief Abstraction of all sockets (IPv6/IPv6 send/receive).
+ * Abstraction of all sockets (IPv4/IPv6 send/receive).
  *
  * All available sockets are bound and the receive function
- * reads from them. To allow binding of other daemons (pluto) to
- * UDP/500, this implementation uses RAW sockets. An installed
- * "Linux socket filter" filters out all non-IKEv2 traffic and handles
- * just IKEv2 messages. An other daemon (pluto) must handle all traffic
- * seperatly, e.g. ignore IKEv2 traffic, since charon handles that. 
- * 
- * @b Constructors:
- * - socket_create()
- * 
- * @ingroup network
+ * reads from them. There are actually two implementations:
+ * The first uses raw sockets to allow binding of other daemons (pluto) to
+ * UDP/500. An installed "Linux socket filter" filters out all non-IKEv2 
+ * traffic and handles just IKEv2 messages. An other daemon (pluto) must 
+ * handle all traffic seperatly, e.g. ignore IKEv2 traffic, since charon 
+ * handles that.
+ * The other implementation uses normal sockets and is built if
+ * --disable-pluto is given to the configure script.
  */
 struct socket_t {
 	
 	/**
-	 * @brief Receive a packet.
+	 * Receive a packet.
 	 * 
 	 * Reads a packet from the socket and sets source/dest
 	 * appropriately.
 	 * 
-	 * @param this			socket_t object to work on
 	 * @param packet		pinter gets address from allocated packet_t
 	 * @return 				
 	 * 						- SUCCESS when packet successfully received
@@ -73,14 +71,13 @@ struct socket_t {
 	status_t (*receive) (socket_t *this, packet_t **packet);
 	
 	/**
-	 * @brief Send a packet.
+	 * Send a packet.
 	 * 
 	 * Sends a packet to the net using destination from the packet.
 	 * Packet is sent using default routing mechanisms, thus the 
 	 * source address in packet is ignored.
 	 * 
-	 * @param this			socket_t object to work on
-	 * @param packet[out]	packet_t to send
+	 * @param packet		packet_t to send
 	 * @return 				
 	 * 						- SUCCESS when packet successfully sent
 	 * 						- FAILED when unable to send
@@ -88,23 +85,16 @@ struct socket_t {
 	status_t (*send) (socket_t *this, packet_t *packet);
 	
 	/**
-	 * @brief Destroy sockets.
-	 * 
-	 * close sockets and destroy socket_t object
-	 * 
-	 * @param this 			socket_t to destroy
+	 * Destroy socket.
 	 */
 	void (*destroy) (socket_t *this);
 };
 
 /**
- * @brief Create a socket_t, wich binds multiple sockets.
+ * Create a socket_t, wich binds multiple sockets.
  *
  * @return  				socket_t object
- *
- * @ingroup network
  */
 socket_t *socket_create();
 
-
-#endif /*SOCKET_H_*/
+#endif /*SOCKET_H_ @} */