- code cleaned up

2005-12-07 09:03:34 +00:00 · 2005-12-07 09:03:34 +00:00 · 39b2903ffe
parent 144f676cf5
commit 39b2903ffe
8 changed files with 315 additions and 197 deletions
--- a/Source/charon/sa/authenticator.c
+++ b/Source/charon/sa/authenticator.c
@ -1,7 +1,7 @@
 /**
 * @file authenticator.c
 *
- * @brief Implementation of authenticator.
+ * @brief Implementation of authenticator_t.
 *
 */
@ -35,6 +35,7 @@
 */
 #define IKE_V2_KEY_PAD_LEN strlen(IKE_V2_KEY_PAD)
 typedef struct private_authenticator_t private_authenticator_t;
 /**
@ -65,7 +66,7 @@ struct private_authenticator_t {
 	logger_t *logger;
 	/**
-	 * Creates the octets which are signed (RSA) or MACed (shared secret) as described in section 
+	 * @brief Creates the octets which are signed (RSA) or MACed (shared secret) as described in section 
 	 * 2.15 of draft.
 	 * 
 	 * @param this				calling object
@ -77,10 +78,14 @@ struct private_authenticator_t {
 	 * @return					octets as described in section 2.15. Memory gets allocated and has to get 
 	 * 							destroyed by caller.
 	 */
-	chunk_t (*allocate_octets) (private_authenticator_t *this,chunk_t last_message, chunk_t other_nonce,id_payload_t *my_id, bool initiator);
+	chunk_t (*allocate_octets) (private_authenticator_t *this,
 								chunk_t last_message,
 								chunk_t other_nonce,
 								id_payload_t *my_id,
 								bool initiator);
 	/**
-	 * Creates the AUTH data using auth method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
+	 * @brief Creates the AUTH data using auth method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
 	 * 
 	 * @param this				calling object
 	 * @param last_message		the last message
@ -88,17 +93,28 @@ struct private_authenticator_t {
 	 * @param nonce				Nonce data to include in auth data compution
 	 * @param id_payload		id_payload_t object representing an ID payload
 	 * @param initiator			Type of peer. TRUE, if it is original initiator, FALSE otherwise
-	 * @param shared_secret		shared secret as chunk_t. If shared secret is a string, the NULL termination is not included.
+	 * @param shared_secret		shared secret as chunk_t. If shared secret is a string,
-	 * @return					AUTH data as dscribed in section 2.15 for AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
+	 * 							the NULL termination is not included.
 	 * @return					AUTH data as dscribed in section 2.15 for 
 	 * 							AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
 	 * 							Memory gets allocated and has to get destroyed by caller.
 	 */
-	chunk_t (*allocate_auth_data_with_preshared_secret) (private_authenticator_t *this,chunk_t last_message, chunk_t nonce,id_payload_t *id_payload, bool initiator,chunk_t preshared_secret);
+	chunk_t (*allocate_auth_data_with_preshared_secret) (private_authenticator_t *this,
 															chunk_t last_message,
 															chunk_t nonce,
 															id_payload_t *id_payload,
 															bool initiator,
 															chunk_t preshared_secret);
 };
 /**
 * Implementation of private_authenticator_t.allocate_octets.
 */
-static chunk_t allocate_octets(private_authenticator_t *this,chunk_t last_message, chunk_t other_nonce,id_payload_t *my_id, bool initiator)
+static chunk_t allocate_octets(private_authenticator_t *this,
 								chunk_t last_message, 
 								chunk_t other_nonce,
 								id_payload_t *my_id,
 								bool initiator)
 {
 	chunk_t id_chunk = my_id->get_data(my_id);
 	u_int8_t id_with_header[4 + id_chunk.len];
@ -148,7 +164,12 @@ static chunk_t allocate_octets(private_authenticator_t *this,chunk_t last_messag
 /**
 * Implementation of private_authenticator_t.allocate_auth_data_with_preshared_secret.
 */
-static chunk_t allocate_auth_data_with_preshared_secret (private_authenticator_t *this,chunk_t last_message, chunk_t nonce,id_payload_t *id_payload, bool initiator,chunk_t preshared_secret)
+static chunk_t allocate_auth_data_with_preshared_secret (private_authenticator_t *this,
 															chunk_t last_message,
 															chunk_t nonce,
 															id_payload_t *id_payload,
 															bool initiator,
 															chunk_t preshared_secret)
 {
 	chunk_t key_pad = {ptr: IKE_V2_KEY_PAD, len:IKE_V2_KEY_PAD_LEN};
 	u_int8_t key_buffer[this->prf->get_block_size(this->prf)];
@ -174,7 +195,12 @@ static chunk_t allocate_auth_data_with_preshared_secret (private_authenticator_t
 /**
 * Implementation of authenticator_t.verify_auth_data.
 */
-static status_t verify_auth_data (private_authenticator_t *this,auth_payload_t *auth_payload, chunk_t last_received_packet,chunk_t my_nonce,id_payload_t *other_id_payload,bool initiator)
+static status_t verify_auth_data (private_authenticator_t *this,
 									auth_payload_t *auth_payload,
 									chunk_t last_received_packet,
 									chunk_t my_nonce,
 									id_payload_t *other_id_payload,
 									bool initiator)
 {
 	switch(auth_payload->get_auth_method(auth_payload))
 	{
@ -185,14 +211,21 @@ static status_t verify_auth_data (private_authenticator_t *this,auth_payload_t *
 			chunk_t preshared_secret;
 			status_t status;
-			status = charon->configuration_manager->get_shared_secret(charon->configuration_manager,other_id,&preshared_secret);
+			status = charon->configuration_manager->get_shared_secret(charon->configuration_manager,
 																		other_id,
 																		&preshared_secret);
 			other_id->destroy(other_id);
 			if (status != SUCCESS)
 			{
 				return status;	
 			}
-			chunk_t my_auth_data = this->allocate_auth_data_with_preshared_secret(this,last_received_packet,my_nonce,other_id_payload,initiator,preshared_secret);
+			chunk_t my_auth_data = this->allocate_auth_data_with_preshared_secret(this,
 																					last_received_packet,
 																					my_nonce,
 																					other_id_payload,
 																					initiator,
 																					preshared_secret);
 			if (auth_data.len != my_auth_data.len)
 			{
@ -219,7 +252,9 @@ static status_t verify_auth_data (private_authenticator_t *this,auth_payload_t *
 			auth_data = auth_payload->get_data(auth_payload);
-			status = charon->configuration_manager->get_rsa_public_key(charon->configuration_manager, other_id, &public_key);
+			status = charon->configuration_manager->get_rsa_public_key(charon->configuration_manager,
 																		other_id,
 																		&public_key);
 			other_id->destroy(other_id);
 			if (status != SUCCESS)
 			{
@ -243,7 +278,12 @@ static status_t verify_auth_data (private_authenticator_t *this,auth_payload_t *
 /**
 * Implementation of authenticator_t.compute_auth_data.
 */
-static status_t compute_auth_data (private_authenticator_t *this,auth_payload_t **auth_payload, chunk_t last_sent_packet,chunk_t other_nonce,id_payload_t *my_id_payload,bool initiator)
+static status_t compute_auth_data (private_authenticator_t *this,
 									auth_payload_t **auth_payload,
 									chunk_t last_sent_packet,
 									chunk_t other_nonce,
 									id_payload_t *my_id_payload,
 									bool initiator)
 {
 	sa_config_t *sa_config = this->ike_sa->get_sa_config(this->ike_sa);
@ -255,7 +295,9 @@ static status_t compute_auth_data (private_authenticator_t *this,auth_payload_t
 			chunk_t preshared_secret;
 			status_t status;		
-			status = charon->configuration_manager->get_shared_secret(charon->configuration_manager,my_id,&preshared_secret);
+			status = charon->configuration_manager->get_shared_secret(charon->configuration_manager,
 																		my_id,
 																		&preshared_secret);
 			my_id->destroy(my_id);
 			if (status != SUCCESS)
@ -263,7 +305,12 @@ static status_t compute_auth_data (private_authenticator_t *this,auth_payload_t
 				return status;	
 			}
-			chunk_t auth_data = this->allocate_auth_data_with_preshared_secret(this,last_sent_packet,other_nonce,my_id_payload,initiator,preshared_secret);
+			chunk_t auth_data = this->allocate_auth_data_with_preshared_secret(this,
 																				last_sent_packet,
 																				other_nonce,
 																				my_id_payload,
 																				initiator,
 																				preshared_secret);
 			*auth_payload = auth_payload_create();
 			(*auth_payload)->set_auth_method((*auth_payload),SHARED_KEY_MESSAGE_INTEGRITY_CODE);
@ -279,7 +326,9 @@ static status_t compute_auth_data (private_authenticator_t *this,auth_payload_t
 			status_t status;
 			chunk_t octets, auth_data;
-			status = charon->configuration_manager->get_rsa_private_key(charon->configuration_manager, my_id, &private_key);
+			status = charon->configuration_manager->get_rsa_private_key(charon->configuration_manager,
 																		my_id,
 																		&private_key);
 			my_id->destroy(my_id);
 			if (status != SUCCESS)
 			{
--- a/Source/charon/sa/authenticator.h
+++ b/Source/charon/sa/authenticator.h
@ -24,16 +24,16 @@
 #define _AUTHENTICATOR_H_
 #include <types.h>
 #include <sa/ike_sa.h>
 #include <network/packet.h>
 #include <encoding/payloads/auth_payload.h>
 #include <encoding/payloads/id_payload.h>
 #include <network/packet.h>
 #include <sa/ike_sa.h>
 typedef struct authenticator_t authenticator_t;
 /**
- * @brief Class authenticator_t. Used to authenticate a peer.
+ * @brief Class used to authenticate a peer.
 * 
 * Currently the following two AUTH methods are supported:
 *  - SHARED_KEY_MESSAGE_INTEGRITY_CODE
@ -41,7 +41,10 @@ typedef struct authenticator_t authenticator_t;
 * 
 * This class retrieves needed data for specific AUTH methods (RSA keys, shared secrets, etc.)
 * over an internal stored protected_ike_sa_t object or directly from the configuration_manager_t over
- * the daemon_t object charon.
+ * the daemon_t object "charon".
 * 
 * @b Constructors:
 *  - authenticator_create()
 * 
 * @ingroup sa
 */
@ -55,18 +58,21 @@ struct authenticator_t {
 	 * - the nonce value sent to the other peer
 	 * - the ID payload of the other peer
 	 *
-	 * @param this 					authenticator_t object
+	 * @param this 					calling object
 	 * @param last_received_packet	binary representation of the last received IKEv2-Message
-	 * @param my_nonce				The sent nonce (without payload header)
+	 * @param my_nonce				the sent nonce (without payload header)
-	 * @param other_id_payload		The ID payload received from other peer
+	 * @param other_id_payload		the ID payload received from other peer
-	 * @param initiator				Type of other peer. TRUE, if it is original initiator, FALSE otherwise
+	 * @param initiator				type of other peer. TRUE, if it is original initiator, FALSE otherwise
 	 * 
 	 * @todo Document RSA error status types
 	 * 
 	 * @return
-	 * 								- SUCCESS if verification could be processed (does not mean the data could be verified)
+	 * 								- SUCCESS if verification could be processed
 	 * 									(does not mean the data could be verified)
 	 * 								- FAILED if verification failed
 	 * 								- NOT_SUPPORTED if AUTH method not supported
-	 * 								- NOT_FOUND if the data for specific AUTH method could not be found (e.g. shared secret, rsa key)
+	 * 								- NOT_FOUND if the data for specific AUTH method could not be found 
-	 * 								- TODO rsa errors!!
+	 * 									(e.g. shared secret, rsa key)
 	 */
 	status_t (*verify_auth_data) (authenticator_t *this,
 									auth_payload_t *auth_payload, 
@ -83,18 +89,19 @@ struct authenticator_t {
 	 * - the nonce value received from the other peer
 	 * - the ID payload of myself
 	 * 
-	 * @param this 					authenticator_t object
+	 * @param this 					calling object
 	 * @param[out] auth_payload		The object of typee auth_payload_t will be created at pointing location
 	 * @param last_sent_packet		binary representation of the last sent IKEv2-Message
-	 * @param other_nonce			The received nonce (without payload header)
+	 * @param other_nonce			the received nonce (without payload header)
-	 * @param my_id_payload			The ID payload going to send to other peer
+	 * @param my_id_payload			the ID payload going to send to other peer
-	 * @param initiator				Type of myself. TRUE, if I'm original initiator, FALSE otherwise
+	 * @param initiator				type of myself. TRUE, if I'm original initiator, FALSE otherwise
-
+	 *
 	 * @todo Document RSA error status types
 	 * 
 	 * @return
 	 * 								- SUCCESS if authentication data could be computed
 	 * 								- NOT_SUPPORTED if AUTH method not supported
 	 * 								- NOT_FOUND if the data for AUTH method could not be found
 	 * 								- TODO rsa errors!!
 	 */
 	status_t (*compute_auth_data) (authenticator_t *this,
 									auth_payload_t **auth_payload,
@ -106,7 +113,7 @@ struct authenticator_t {
 	/**
 	 * @brief Destroys a authenticator_t object.
 	 *
-	 * @param this 			authenticator_t object
+	 * @param this 			calling object
 	 */
 	void (*destroy) (authenticator_t *this);
 };
@ -116,13 +123,15 @@ struct authenticator_t {
 * 
 * @warning: The following functions of the assigned protected_ike_sa_t object 
 * must return a valid value:
- * - protected_ike_sa_t.get_sa_config
+ *  - protected_ike_sa_t.get_sa_config
- * - protected_ike_sa_t.get_prf
+ *  - protected_ike_sa_t.get_prf
- * - protected_ike_sa_t.get_logger
+ *  - protected_ike_sa_t.get_logger
 * This preconditions are not given in IKE_SA states INITIATOR_INIT or RESPONDER_INIT!
 * 
 * @param ike_sa		object of type protected_ike_sa_t
 * 
 * @return				authenticator_t object
 * 
 * @ingroup sa
 */
 authenticator_t *authenticator_create(protected_ike_sa_t *ike_sa);
--- a/Source/charon/sa/child_sa.h
+++ b/Source/charon/sa/child_sa.h
@ -21,8 +21,8 @@
 */
-#ifndef CHILD_SA_H_
+#ifndef _CHILD_SA_H_
-#define CHILD_SA_H_
+#define _CHILD_SA_H_
 #include <types.h>
 #include <transforms/prf_plus.h>
@ -70,4 +70,4 @@ struct child_sa_t {
 */
 child_sa_t * child_sa_create(protocol_id_t protocol_id, prf_plus_t *prf_plus);
-#endif /*CHILD_SA_H_*/
+#endif /*_CHILD_SA_H_*/
--- a/Source/charon/sa/ike_sa.c
+++ b/Source/charon/sa/ike_sa.c
@ -285,7 +285,8 @@ static status_t process_message (private_ike_sa_t *this, message_t *message)
 	is_request = message->get_request(message);
 	exchange_type = message->get_exchange_type(message);
-	this->logger->log(this->logger, CONTROL, "Process %s message of exchange type %s",(is_request) ? "REQUEST" : "RESPONSE",mapping_find(exchange_type_m,exchange_type));
+	this->logger->log(this->logger, CONTROL, "Process %s message of exchange type %s",
 					  (is_request) ? "REQUEST" : "RESPONSE",mapping_find(exchange_type_m,exchange_type));
 	message_id = message->get_message_id(message);
@ -305,7 +306,9 @@ static status_t process_message (private_ike_sa_t *this, message_t *message)
 		/* In a request, the message has to be this->message_id_in (other case is already handled) */
 		if (message_id != this->message_id_in)
 		{
-			this->logger->log(this->logger, ERROR | LEVEL1, "Message request with message id %d received, but %d expected",message_id,this->message_id_in);
+			this->logger->log(this->logger, ERROR | LEVEL1,
 								"Message request with message id %d received, but %d expected",
 								message_id,this->message_id_in);
 			return FAILED;
 		}
 	}
@ -314,7 +317,9 @@ static status_t process_message (private_ike_sa_t *this, message_t *message)
 		/* In a reply, the message has to be this->message_id_out -1 cause it is the reply to the last sent message*/
 		if (message_id != (this->message_id_out - 1))
 		{
-			this->logger->log(this->logger, ERROR | LEVEL1, "Message reply with message id %d received, but %d expected",message_id,this->message_id_in);
+			this->logger->log(this->logger, ERROR | LEVEL1,
 								"Message reply with message id %d received, but %d expected",
 								message_id,this->message_id_in);
 			return FAILED;
 		}
 	}
@ -379,7 +384,10 @@ static ike_sa_id_t* get_id(private_ike_sa_t *this)
 /**
 * Implementation of protected_ike_sa_t.compute_secrets.
 */
-static void compute_secrets(private_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce)
+static void compute_secrets(private_ike_sa_t *this,
 							chunk_t dh_shared_secret,
 							chunk_t initiator_nonce,
 							chunk_t responder_nonce)
 {
 	u_int8_t ei_buffer[this->crypter_initiator->get_block_size(this->crypter_initiator)];
 	chunk_t ei_key = {ptr: ei_buffer, len: sizeof(ei_buffer)};
@ -454,10 +462,14 @@ static void compute_secrets(private_ike_sa_t *this,chunk_t dh_shared_secret,chun
 	this->logger->log_chunk(this->logger, PRIVATE, "Sk_er secret", &(er_key));
 	this->crypter_responder->set_key(this->crypter_responder,er_key);
-	prf_plus->allocate_bytes(prf_plus,this->crypter_responder->get_block_size(this->crypter_responder),&(this->secrets.pi_key));
+	prf_plus->allocate_bytes(prf_plus,
 								this->crypter_responder->get_block_size(this->crypter_responder),
 								&(this->secrets.pi_key));
 	this->logger->log_chunk(this->logger, PRIVATE, "Sk_pi secret", &(this->secrets.pi_key));
-	prf_plus->allocate_bytes(prf_plus,this->crypter_responder->get_block_size(this->crypter_responder),&(this->secrets.pr_key));
+	prf_plus->allocate_bytes(prf_plus,
 								this->crypter_responder->get_block_size(this->crypter_responder),
 								&(this->secrets.pr_key));
 	this->logger->log_chunk(this->logger, PRIVATE, "Sk_pr secret", &(this->secrets.pr_key));
 	prf_plus->destroy(prf_plus);
@ -619,11 +631,17 @@ static chunk_t get_key_pi (private_ike_sa_t *this)
 */
 static status_t create_transforms_from_proposal (private_ike_sa_t *this,ike_proposal_t *proposal)
 {
-	this->logger->log(this->logger, CONTROL|LEVEL1, "Going to create transform objects for proposal");
+	this->logger->log(this->logger, CONTROL|LEVEL2, "Going to create transform objects for proposal");
-	this->logger->log(this->logger, CONTROL|LEVEL1, "Encryption algorithm: %s with keylength %d",mapping_find(encryption_algorithm_m,proposal->encryption_algorithm),proposal->encryption_algorithm_key_length);
+	this->logger->log(this->logger, CONTROL|LEVEL2, "Encryption algorithm: %s with keylength %d",
-	this->logger->log(this->logger, CONTROL|LEVEL1, "integrity algorithm: %s with keylength %d",mapping_find(integrity_algorithm_m,proposal->integrity_algorithm),proposal->integrity_algorithm_key_length);
+						mapping_find(encryption_algorithm_m,proposal->encryption_algorithm),
-	this->logger->log(this->logger, CONTROL|LEVEL1, "prf: %s with keylength %d",mapping_find(pseudo_random_function_m,proposal->pseudo_random_function),proposal->pseudo_random_function_key_length);
+						proposal->encryption_algorithm_key_length);
 	this->logger->log(this->logger, CONTROL|LEVEL2, "Integrity algorithm: %s with keylength %d",
 						mapping_find(integrity_algorithm_m,proposal->integrity_algorithm),
 						proposal->integrity_algorithm_key_length);
 	this->logger->log(this->logger, CONTROL|LEVEL2, "PRF: %s with keylength %d",
 						mapping_find(pseudo_random_function_m,proposal->pseudo_random_function),
 						proposal->pseudo_random_function_key_length);
 	if (this->prf != NULL)
 	{
@ -632,7 +650,8 @@ static status_t create_transforms_from_proposal (private_ike_sa_t *this,ike_prop
 	this->prf = prf_create(proposal->pseudo_random_function);
 	if (this->prf == NULL)
 	{
-		this->logger->log(this->logger, ERROR|LEVEL1, "prf not supported!");
+		this->logger->log(this->logger, ERROR|LEVEL1, "PRF %s not supported!",
 							mapping_find(pseudo_random_function_m,proposal->pseudo_random_function));
 		return FAILED;
 	}
@ -640,10 +659,11 @@ static status_t create_transforms_from_proposal (private_ike_sa_t *this,ike_prop
 	{
 		this->crypter_initiator->destroy(this->crypter_initiator);
 	}
-	this->crypter_initiator = crypter_create(proposal->encryption_algorithm,proposal->encryption_algorithm_key_length);
+	this->crypter_initiator = crypter_create(proposal->encryption_algorithm,
 												proposal->encryption_algorithm_key_length);
 	if (this->crypter_initiator == NULL)
 	{
-		this->logger->log(this->logger, ERROR|LEVEL1, "encryption algorithm %s not supported!",
+		this->logger->log(this->logger, ERROR|LEVEL1, "Encryption algorithm %s not supported!",
 						  mapping_find(encryption_algorithm_m,proposal->encryption_algorithm));
 		return FAILED;
 	}
@ -652,7 +672,8 @@ static status_t create_transforms_from_proposal (private_ike_sa_t *this,ike_prop
 	{
 		this->crypter_responder->destroy(this->crypter_responder);
 	}
-	this->crypter_responder = crypter_create(proposal->encryption_algorithm,proposal->encryption_algorithm_key_length);
+	this->crypter_responder = crypter_create(proposal->encryption_algorithm,
 												proposal->encryption_algorithm_key_length);
 	/* check must not be done again */
 	if (this->signer_initiator != NULL)
@ -662,7 +683,8 @@ static status_t create_transforms_from_proposal (private_ike_sa_t *this,ike_prop
 	this->signer_initiator = signer_create(proposal->integrity_algorithm);
 	if (this->signer_initiator == NULL)
 	{
-		this->logger->log(this->logger, ERROR|LEVEL1, "integrity algorithm not supported!");
+		this->logger->log(this->logger, ERROR|LEVEL1, "Integrity algorithm %s not supported!",
 							mapping_find(integrity_algorithm_m,proposal->integrity_algorithm));
 		return FAILED;
 	}
@ -742,7 +764,9 @@ static status_t send_request (private_ike_sa_t *this,message_t * message)
 		return FAILED;
 	}
-	this->logger->log(this->logger, CONTROL|LEVEL2, "Add packet to global send queue");
+	this->logger->log(this->logger, CONTROL|LEVEL3,
 						"Add request packet with message id %d to global send queue",
 						this->message_id_out);
 	charon->send_queue->add(charon->send_queue, packet);
 	if (this->last_requested_message != NULL)
@ -751,12 +775,13 @@ static status_t send_request (private_ike_sa_t *this,message_t * message)
 		this->last_requested_message->destroy(this->last_requested_message);
 	}	
-	this->logger->log(this->logger, CONTROL|LEVEL2, "replace last requested message with new one");
+	this->logger->log(this->logger, CONTROL|LEVEL3, "Replace last requested message with new one");
 	this->last_requested_message = message;
 	retransmit_job = retransmit_request_job_create(this->message_id_out,this->ike_sa_id);
-	status = charon->configuration_manager->get_retransmit_timeout (charon->configuration_manager,retransmit_job->get_retransmit_count(retransmit_job),&timeout);
+	status = charon->configuration_manager->get_retransmit_timeout (charon->configuration_manager,
 												retransmit_job->get_retransmit_count(retransmit_job),&timeout);
 	if (status != SUCCESS)
 	{
@ -770,7 +795,9 @@ static status_t send_request (private_ike_sa_t *this,message_t * message)
 	}
 	/* message counter can now be increased */
-	this->logger->log(this->logger, CONTROL|LEVEL2, "Increase message counter for outgoing messages from %d",this->message_id_out);
+	this->logger->log(this->logger, CONTROL|LEVEL3,
 						"Increase message counter for outgoing messages from %d",
 						this->message_id_out);
 	this->message_id_out++;
 	return SUCCESS;	
 }
@ -785,7 +812,7 @@ static status_t send_response (private_ike_sa_t *this,message_t * message)
 	if (message->get_message_id(message) != this->message_id_in)
 	{
-		this->logger->log(this->logger, CONTROL|LEVEL2, "Message could not be sent cause id was not as expected");
+		this->logger->log(this->logger, ERROR, "Message could not be sent cause id was not as expected");
 		return FAILED;	
 	}
@ -796,7 +823,9 @@ static status_t send_response (private_ike_sa_t *this,message_t * message)
 		return FAILED;
 	}
-	this->logger->log(this->logger, CONTROL|LEVEL2, "Add packet to global send queue");
+	this->logger->log(this->logger, CONTROL|LEVEL3,
 						"Add response packet with message id %d to global send queue",
 						this->message_id_in);
 	charon->send_queue->add(charon->send_queue, packet);
 	if (this->last_responded_message != NULL)
@ -805,11 +834,11 @@ static status_t send_response (private_ike_sa_t *this,message_t * message)
 		this->last_responded_message->destroy(this->last_responded_message);
 	}
-	this->logger->log(this->logger, CONTROL|LEVEL2, "replace last responded message with new one");
+	this->logger->log(this->logger, CONTROL|LEVEL3, "Replace last responded message with new one");
 	this->last_responded_message = message;
 	/* message counter can now be increased */
-	this->logger->log(this->logger, CONTROL|LEVEL2, "Increase message counter for incoming messages");
+	this->logger->log(this->logger, CONTROL|LEVEL3, "Increase message counter for incoming messages");
 	this->message_id_in++;
 	return SUCCESS;
@ -839,6 +868,9 @@ static message_t * get_last_requested_message (private_ike_sa_t *this)
 	return this->last_requested_message;
 }
 /**
 * Implementation of protected_ike_sa_t.get_state.
 */
 static ike_sa_state_t get_state (private_ike_sa_t *this)
 {
 	return this->current_state->get_state(this->current_state);
@ -869,11 +901,16 @@ static void reset_message_buffers (private_ike_sa_t *this)
 	this->last_replied_message_id = -1;
 }
 /**
 * Implementation of protected_ike_sa_t.create_delete_established_ike_sa_job.
 */
 static void create_delete_established_ike_sa_job (private_ike_sa_t *this,u_int32_t timeout)
 {
 	job_t *delete_job;
-	this->logger->log(this->logger, CONTROL | LEVEL1, "Going to create job to delete established IKE_SA in %d ms", timeout);
+	this->logger->log(this->logger, CONTROL | LEVEL1,
 						"Going to create job to delete established IKE_SA in %d ms",
 						timeout);
 	delete_job = (job_t *) delete_established_ike_sa_job_create(this->ike_sa_id);
 	charon->event_queue->add_relative(charon->event_queue,delete_job, timeout);
@ -890,7 +927,7 @@ static void destroy (private_ike_sa_t *this)
 					  this->ike_sa_id->is_initiator(this->ike_sa_id) ? "initiator" : "responder");
 	/* destroy child sa's */
-	this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy all child_sa's");
+	this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy all child_sa's");
 	while (this->child_sas->get_count(this->child_sas) > 0)
 	{
 		void *child_sa;
@ -902,86 +939,86 @@ static void destroy (private_ike_sa_t *this)
 	}
 	this->child_sas->destroy(this->child_sas);
-	this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy secrets");
+	this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy secrets");
 	allocator_free(this->secrets.d_key.ptr);
 	allocator_free(this->secrets.pi_key.ptr);
 	allocator_free(this->secrets.pr_key.ptr);
 	if (this->crypter_initiator != NULL)
 	{
-		this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy initiator crypter_t object");
+		this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy initiator crypter_t object");
 		this->crypter_initiator->destroy(this->crypter_initiator);
 	}
 	if (this->crypter_responder != NULL)
 	{
-		this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy responder crypter_t object");
+		this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy responder crypter_t object");
 		this->crypter_responder->destroy(this->crypter_responder);
 	}
 	if (this->signer_initiator != NULL)
 	{
-		this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy initiator signer_t object");
+		this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy initiator signer_t object");
 		this->signer_initiator->destroy(this->signer_initiator);
 	}
 	if (this->signer_responder != NULL)
 	{
-		this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy responder signer_t object");
+		this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy responder signer_t object");
 		this->signer_responder->destroy(this->signer_responder);
 	}
 	if (this->prf != NULL)
 	{
-		this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy prf_t object");
+		this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy prf_t object");
 		this->prf->destroy(this->prf);
 	}
 	/* destroy ike_sa_id */
-	this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy ike_sa_id object");
+	this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy ike_sa_id object");
 	this->ike_sa_id->destroy(this->ike_sa_id);
 	/* destroy stored requested message */
 	if (this->last_requested_message != NULL)
 	{
-		this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy last requested message");
+		this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy last requested message");
 		this->last_requested_message->destroy(this->last_requested_message);
 	}
 	/* destroy stored responded messages */
 	if (this->last_responded_message != NULL)
 	{
-		this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy last responded message");
+		this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy last responded message");
 		this->last_responded_message->destroy(this->last_responded_message);
 	}
 	/* destroy stored host_t objects */
 	if (this->me.host != NULL)
 	{
-		this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy my host_t object");
+		this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy my host_t object");
 		this->me.host->destroy(this->me.host);
 	}
 	/* destroy stored host_t objects */
 	if (this->other.host != NULL)
 	{
-		this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy other host_t object");
+		this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy other host_t object");
 		this->other.host->destroy(this->other.host);
 	}
 	this->randomizer->destroy(this->randomizer);
-	this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy current state object");
+	this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy current state object");
 	this->current_state->destroy(this->current_state);
-	this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy logger of IKE_SA");
+	this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy logger of IKE_SA");
 	charon->logger_manager->destroy_logger(charon->logger_manager, this->logger);
 	allocator_free(this);
 }
 /*
- * Described in Header
+ * Described in header.
 */
 ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
 {
@ -1057,10 +1094,12 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
 	/* at creation time, IKE_SA is in a initiator state */
 	if (ike_sa_id->is_initiator(ike_sa_id))
 	{
 		this->logger->log(this->logger, CONTROL | LEVEL2, "Create first state_t object of type INITIATOR_INIT");
 		this->current_state = (state_t *) initiator_init_create(&(this->protected));
 	}
 	else
 	{
 		this->logger->log(this->logger, CONTROL | LEVEL2, "Create first state_t object of type RESPONDER_INIT");
 		this->current_state = (state_t *) responder_init_create(&(this->protected));
 	}
 	return &(this->protected.public);
--- a/Source/charon/sa/ike_sa.h
+++ b/Source/charon/sa/ike_sa.h
@ -1,7 +1,7 @@
 /**
 * @file ike_sa.h
 *
- * @brief Interface of ike_sa_id_t.
+ * @brief Interface of ike_sa_t.
 *
 */
@ -36,19 +36,23 @@
 #include <transforms/signers/signer.h>
 /**
- * Nonce size in bytes of all sent nonces
+ * Nonce size in bytes for nonces sending to other peer.
 * 
 * @warning Nonce size MUST be between 16 and 256 bytes.
 * 
 * @ingroup sa
 */
 #define NONCE_SIZE 16
 typedef struct ike_sa_t ike_sa_t;
 /**
- * @brief Class ike_sa_t. An object of this type is managed by an
+ * @brief Class ike_sa_t representing an IKE_SA. 
- * ike_sa_manager_t object and represents an IKE_SA. Message processing
+ * 
- * is split up in different states. They will handle all related things
+ * An object of this type is managed by an ike_sa_manager_t object 
- * for their state.
+ * and represents an IKE_SA. Message processing is split up in different states. 
 * They will handle all related things for the state they represent.
 * 
 * @b Constructors:
 * - ike_sa_create()
@ -58,11 +62,14 @@ typedef struct ike_sa_t ike_sa_t;
 struct ike_sa_t {
 	/**
-	 * @brief Processes a incoming IKEv2-Message of type message_t
+	 * @brief Processes a incoming IKEv2-Message of type message_t.
 	 *
 	 * @param this ike_sa_t object object
 	 * @param[in] message message_t object to process
-	 * @return SUCCESSFUL if succeeded, FAILED otherwise
+	 * @return 				
 	 * 						- SUCCESS
 	 * 						- FAILED
 	 * 						- DELETE_ME if this IKE_SA MUST be deleted
 	 */
 	status_t (*process_message) (ike_sa_t *this,message_t *message);
@ -74,7 +81,7 @@ struct ike_sa_t {
 	 * @return				
 	 * 						- SUCCESS if initialization started
 	 * 						- FAILED if in wrong state
-	 * 						- DELETE_ME if initialization faild and SA should be deleted
+	 * 						- DELETE_ME if initialization failed and IKE_SA MUST be deleted
 	 */
 	status_t (*initialize_connection) (ike_sa_t *this, char *name);
@ -91,8 +98,10 @@ struct ike_sa_t {
 	/**
 	 * @brief Get the id of the SA.
 	 * 
 	 * Returned ike_sa_id_t object is not getting cloned!
 	 *
-	 * @param this 			ike_sa_t object object
+	 * @param this 			calling object
 	 * @return 				ike_sa's ike_sa_id_t
 	 */
 	ike_sa_id_t* (*get_id) (ike_sa_t *this);
@ -100,7 +109,7 @@ struct ike_sa_t {
 	/**
 	 * @brief Get the state of type of associated state object.
 	 *
-	 * @param this 			ike_sa_t object object
+	 * @param this 			calling object
 	 * @return 				state of IKE_SA
 	 */
 	ike_sa_state_t (*get_state) (ike_sa_t *this);
@ -108,7 +117,7 @@ struct ike_sa_t {
 	/**
 	 * @brief Destroys a ike_sa_t object.
 	 *
-	 * @param this 			ike_sa_t object
+	 * @param this 			calling object
 	 */
 	void (*destroy) (ike_sa_t *this);
 };
@ -117,27 +126,27 @@ struct ike_sa_t {
 typedef struct protected_ike_sa_t protected_ike_sa_t;
 /**
- * @brief Protected data of an ike_sa_t object.
+ * @brief Protected functions of an ike_sa_t object.
 * 
- * This members should only be accessed from 
+ * This members are only accessed out from 
- * the varius state classes.
+ * the various state_t implementations.
 * 
 * @ingroup sa
 */
 struct protected_ike_sa_t {
 	/**
-	 * Public part of a ike_sa_t object
+	 * Public interface of an ike_sa_t object.
 	 */
 	ike_sa_t public;
 	/**
-	 * Builds an empty IKEv2-Message and fills in default informations.
+	 * @brief Build an empty IKEv2-Message and fills in default informations.
 	 * 
 	 * Depending on the type of message (request or response), the message id is 
 	 * either message_id_out or message_id_in.
 	 * 
-	 * Used in every state.
+	 * Used in state_t Implementation to build an empty IKEv2-Message.
 	 * 
 	 * @param this				calling object
 	 * @param type				exchange type of new message
@ -147,17 +156,25 @@ struct protected_ike_sa_t {
 	void (*build_message) (protected_ike_sa_t *this, exchange_type_t type, bool request, message_t **message);
 	/**
-	 * Initiate a new connection with given configuration name
+	 * @brief Compute the shared secrets needed for encryption, signing, etc.
 	 * 
 	 * Preconditions:
 	 *  - Call of function protected_ike_sa_t.create_transforms_from_proposal
 	 * 
 	 * @param this 				calling object
 	 * @param dh_shared_secret	shared secret of diffie hellman exchange
 	 * @param initiator_nonce	nonce of initiator
 	 * @param responder_nonce	nonce of responder
 	 */
-	void (*compute_secrets) (protected_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce);
+	void (*compute_secrets) (protected_ike_sa_t *this,
 								chunk_t dh_shared_secret,
 								chunk_t initiator_nonce,
 								chunk_t responder_nonce);
 	/**
-	 * Gets the internal stored logger_t object for given ike_sa_t object.
+	 * @brief Get the internal stored logger_t object for given ike_sa_t object.
 	 * 
 	 * @warning Returned logger_t object is original one and managed by this object.
 	 * 
 	 * @param this 				calling object
 	 * @return					pointer to the internal stored logger_t object
@ -165,9 +182,7 @@ struct protected_ike_sa_t {
 	logger_t *(*get_logger) (protected_ike_sa_t *this);
 	/**
-	 * Gets the internal stored init_config_t object.
+	 * @brief Get the internal stored init_config_t object.
 	 * 
 	 * Returned value has to get checked for NULL value!
 	 * 
 	 * @param this 				calling object
 	 * @return					pointer to the internal stored init_config_t object
@ -175,7 +190,7 @@ struct protected_ike_sa_t {
 	init_config_t *(*get_init_config) (protected_ike_sa_t *this);
 	/**
-	 * Sets the internal init_config_t object.
+	 * @brief Set the internal init_config_t object.
 	 * 
 	 * @param this 				calling object
 	 * @param init_config		object of type init_config_t
@ -183,9 +198,7 @@ struct protected_ike_sa_t {
 	void (*set_init_config) (protected_ike_sa_t *this,init_config_t *init_config);
 	/**
-	 * Gets the internal stored sa_config_t object.
+	 * @brief Get the internal stored sa_config_t object.
 	 * 
 	 * Returned value has to get checked for NULL value!
 	 * 
 	 * @param this 				calling object
 	 * @return					pointer to the internal stored sa_config_t object
@ -193,7 +206,7 @@ struct protected_ike_sa_t {
 	sa_config_t *(*get_sa_config) (protected_ike_sa_t *this);
 	/**
-	 * Sets the internal sa_config_t object.
+	 * @brief Set the internal sa_config_t object.
 	 * 
 	 * @param this 				calling object
 	 * @param sa_config			object of type sa_config_t
@ -201,7 +214,7 @@ struct protected_ike_sa_t {
 	void (*set_sa_config) (protected_ike_sa_t *this,sa_config_t *sa_config);
 	/**
-	 * Gets the internal stored host_t object for my host.
+	 * @brief Get the internal stored host_t object for my host.
 	 * 
 	 * @param this 				calling object
 	 * @return					pointer to the internal stored host_t object
@ -209,7 +222,7 @@ struct protected_ike_sa_t {
 	host_t *(*get_my_host) (protected_ike_sa_t *this);
 	/**
-	 * Gets the internal stored host_t object for other host.
+	 * @brief Get the internal stored host_t object for other host.
 	 * 
 	 * @param this 				calling object
 	 * @return					pointer to the internal stored host_t object
@ -217,7 +230,7 @@ struct protected_ike_sa_t {
 	host_t *(*get_other_host) (protected_ike_sa_t *this);
 	/**
-	 * Sets the internal stored host_t object for my host.
+	 * @brief Set the internal stored host_t object for my host.
 	 * 
 	 * Allready existing object gets destroyed. object gets not cloned!
 	 * 
@ -227,7 +240,7 @@ struct protected_ike_sa_t {
 	void (*set_my_host) (protected_ike_sa_t *this,host_t * my_host);
 	/**
-	 * Sets the internal stored host_t object for other host.
+	 * @brief Set the internal stored host_t object for other host.
 	 * 
 	 * Allready existing object gets destroyed. object gets not cloned!
 	 * 
@ -237,8 +250,8 @@ struct protected_ike_sa_t {
 	void (*set_other_host) (protected_ike_sa_t *this,host_t *other_host);
 	/**
-	 * Creates all needed transform objects for given ike_sa_t using 
+	 * @brief Create all needed transform objects for this IKE_SA using 
-	 * the informations stored in a ike_proposal_t object
+	 * the informations stored in a ike_proposal_t object.
 	 * 
 	 * Allready existing objects get destroyed.
 	 * 
@ -249,11 +262,11 @@ struct protected_ike_sa_t {
 	status_t (*create_transforms_from_proposal) (protected_ike_sa_t *this,ike_proposal_t * proposal);
 	/**
-	 * Sends the next request message.
+	 * @brief Send the next request message.
 	 * 
 	 * Also the first retransmit job is created.
 	 * 
-	 * Stored requested message gets destroyed. object gets not cloned!
+	 * Last stored requested message gets destroyed. Object gets not cloned!
 	 * 
 	 * @param this 				calling object
 	 * @param message			pointer to the message which should be sent
@ -264,9 +277,9 @@ struct protected_ike_sa_t {
 	status_t (*send_request) (protected_ike_sa_t *this,message_t * message);
 	/**
-	 * Sends the next response message.
+	 * @brief Send the next response message.
 	 * 
-	 * Stored responded message gets destroyed. object gets not cloned!
+	 * Last stored responded message gets destroyed. Object gets not cloned!
 	 * 
 	 * @param this 				calling object
 	 * @param message			pointer to the message which should be sent
@ -277,7 +290,7 @@ struct protected_ike_sa_t {
 	status_t (*send_response) (protected_ike_sa_t *this,message_t * message);
 	/**
-	 * Gets the internal stored randomizer_t object.
+	 * @brief Get the internal stored randomizer_t object.
 	 * 
 	 * @param this 				calling object
 	 * @return					pointer to the internal randomizer_t object
@ -285,10 +298,10 @@ struct protected_ike_sa_t {
 	randomizer_t *(*get_randomizer) (protected_ike_sa_t *this);
 	/**
-	 * Sets the new state_t object of the IKE_SA object.
+	 * @brief Set the new state_t object of the IKE_SA object.
 	 * 
 	 * The old state_t object gets not destroyed. It's the callers duty to 
-	 * make sure old state is destroyed (Normally the old state is the caller ).
+	 * make sure old state is destroyed (Normally the old state is the caller).
 	 * 
 	 * @param this 				calling object
 	 * @param state				pointer to the new state_t object
@ -296,7 +309,7 @@ struct protected_ike_sa_t {
 	void (*set_new_state) (protected_ike_sa_t *this,state_t *state);
 	/**
-	 * Sets the last replied message id.
+	 * @brief Set the last replied message id.
 	 * 
 	 * @param this 				calling object
 	 * @param message_id		message id
@ -304,7 +317,7 @@ struct protected_ike_sa_t {
 	void (*set_last_replied_message_id) (protected_ike_sa_t *this,u_int32_t message_id);
 	/**
-	 * Gets the internal stored initiator crypter_t object.
+	 * @brief Get the internal stored initiator crypter_t object.
 	 * 
 	 * @param this 				calling object
 	 * @return					pointer to crypter_t object
@ -312,7 +325,7 @@ struct protected_ike_sa_t {
 	crypter_t *(*get_crypter_initiator) (protected_ike_sa_t *this);
 	/**
-	 * Gets the internal stored initiator signer object.
+	 * @brief Get the internal stored initiator signer_t object.
 	 * 
 	 * @param this 				calling object
 	 * @return					pointer to signer_t object
@ -320,7 +333,7 @@ struct protected_ike_sa_t {
 	signer_t *(*get_signer_initiator) (protected_ike_sa_t *this);
 	/**
-	 * Gets the internal stored responder crypter_t object.
+	 * @brief Get the internal stored responder crypter_t object.
 	 * 
 	 * @param this 				calling object
 	 * @return					pointer to crypter_t object
@ -328,7 +341,7 @@ struct protected_ike_sa_t {
 	crypter_t *(*get_crypter_responder) (protected_ike_sa_t *this);
 	/**
-	 * Gets the internal stored responder signer object.
+	 * @brief Get the internal stored responder signer object.
 	 * 
 	 * @param this 				calling object
 	 * @return					pointer to signer_t object
@ -336,7 +349,7 @@ struct protected_ike_sa_t {
 	signer_t *(*get_signer_responder) (protected_ike_sa_t *this);
 	/**
-	 * Gets the internal stored prf_t object.
+	 * @brief Get the internal stored prf_t object.
 	 * 
 	 * @param this 				calling object
 	 * @return					pointer to prf_t object
@ -344,7 +357,7 @@ struct protected_ike_sa_t {
 	prf_t *(*get_prf) (protected_ike_sa_t *this);
 	/**
-	 * Gets the last responded message.
+	 * @brief Get the last responded message.
 	 *  
 	 * @param this 				calling object
 	 * @return					
@ -354,7 +367,7 @@ struct protected_ike_sa_t {
 	message_t *(*get_last_responded_message) (protected_ike_sa_t *this);
 	/**
-	 * Gets the last requested message.
+	 * @brief Get the last requested message.
 	 *  
 	 * @param this 				calling object
 	 * @return					
@ -364,7 +377,7 @@ struct protected_ike_sa_t {
 	message_t *(*get_last_requested_message) (protected_ike_sa_t *this);
 	/**
-	 * Gets the Shared key SK_pr.
+	 * @brief Get the Shared key SK_pr.
 	 * 
 	 * Returned value is not cloned!
 	 * 
@ -374,25 +387,24 @@ struct protected_ike_sa_t {
 	chunk_t (*get_key_pr) (protected_ike_sa_t *this);
 	/**
-	 * Gets the Shared key SK_pi.
+	 * @brief Get the Shared key SK_pi.
 	 * 
 	 * Returned value is not cloned!
 	 * 
 	 * @param this 				calling object
-	 * @return					SK_pr key
+	 * @return					SK_pi key
 	 */
 	chunk_t (*get_key_pi) (protected_ike_sa_t *this);
 	/**
-	 * Resets message id counters and does destroy stored received and sent messages.
+	 * @brief Resets message counters and does destroy stored received and sent messages.
 	 * 
 	 * @param this 				calling object
 	 */	
 	void (*reset_message_buffers) (protected_ike_sa_t *this);
 	/**
-	 * Creates a job of type DELETE_ESTABLISHED_IKE_SA for the current IKE_SA.
+	 * @brief Creates a job of type DELETE_ESTABLISHED_IKE_SA for the current IKE_SA.
 	 * 
 	 * 
 	 * @param this 				calling object
 	 * @param timeout			timeout after the IKE_SA gets deleted
@ -402,17 +414,15 @@ struct protected_ike_sa_t {
 };
 /**
- * Creates an ike_sa_t object with a specific ike_sa_id_t object
+ * @brief Creates an ike_sa_t object with a specific ID.
 * 
 * @warning the Content of internal ike_sa_id_t object can change over time
 * 			e.g. when a IKE_SA_INIT has been finished.
 *
 * @param[in] ike_sa_id 	ike_sa_id_t object to associate with new IKE_SA.
 *				 			The object is internal getting cloned
 *							and so has to be destroyed by the caller.
 *
 * @warning the Content of internal ike_sa_id_t object can change over time
 * 			e.g. when a IKE_SA_INIT has been finished.
 *
 * @return 					ike_sa_t object
 * 
 * @ingroup sa
--- a/Source/charon/sa/ike_sa_manager.c
+++ b/Source/charon/sa/ike_sa_manager.c
@ -39,41 +39,48 @@ typedef struct ike_sa_entry_t ike_sa_entry_t;
 */
 struct ike_sa_entry_t {
 	/**
-	 * destructor, also destroys ike_sa
+	 * Destructor, also destroys associated ike_sa_t object.
 	 */
 	status_t (*destroy) (ike_sa_entry_t *this);
 	/**
-	 * Number of threads waiting for this ike_sa
+	 * Number of threads waiting for this ike_sa_t object.
 	 */
 	int waiting_threads;
 	/**
-	 * condvar where threads can wait until it's free again
+	 * Condvar where threads can wait until ike_sa_t object is free for use again.
 	 */
 	pthread_cond_t condvar;
 	/**
-	 * is this ike_sa currently checked out?
+	 * Is this ike_sa currently checked out?
 	 */
 	bool checked_out;
 	/**
 	 * Does this SA drives out new threads?
 	 */
 	bool driveout_new_threads;
 	/**
 	 * Does this SA drives out waiting threads?
 	 */
 	bool driveout_waiting_threads;
 	/**
-	 * identifiaction of ike_sa (SPIs)
+	 * Identifiaction of an IKE_SA (SPIs).
 	 */
 	ike_sa_id_t *ike_sa_id;
 	/**
-	 * the contained ike_sa
+	 * The contained ike_sa_t object.
 	 */
 	ike_sa_t *ike_sa;
 };
 /**
- * Implements ike_sa_entry_t.destroy.
+ * Implementation of ike_sa_entry_t.destroy.
 */
 static status_t ike_sa_entry_destroy(ike_sa_entry_t *this)
 {
@ -85,12 +92,12 @@ static status_t ike_sa_entry_destroy(ike_sa_entry_t *this)
 }
 /**
- * @brief creates a new entry for the ike_sa list
+ * @brief Creates a new entry for the ike_sa_t list.
 *
 * This constructor additionaly creates a new and empty SA.
 *
- * @param ike_sa_id		the associated ike_sa_id_t, will be cloned
+ * @param ike_sa_id		The associated ike_sa_id_t, will be cloned
- * @return				created entry, with ike_sa and ike_sa_id
+ * @return				ike_sa_entry_t object
 */
 static ike_sa_entry_t *ike_sa_entry_create(ike_sa_id_t *ike_sa_id)
 {
@ -116,36 +123,37 @@ static ike_sa_entry_t *ike_sa_entry_create(ike_sa_id_t *ike_sa_id)
 	return this;
 }
 typedef struct private_ike_sa_manager_t private_ike_sa_manager_t;
 /**
- * Additional private members to ike_sa_manager_t
+ * Additional private members of ike_sa_manager_t.
 */
 struct private_ike_sa_manager_t {
 	/**
-	 * Public members
+	 * Public interface of ike_sa_manager_t.
 	 */
 	 ike_sa_manager_t public;
 	/**
-	 * @brief get next spi
+	 * @brief Get next spi.
 	 *
 	 * we give out SPIs incremental.
 	 *
 	 * We give out SPIs incremental starting at 1.
 	 * 
 	 * @param this			the ike_sa_manager
 	 * @return 				the next spi
 	 */
 	u_int64_t (*get_next_spi) (private_ike_sa_manager_t *this);
 	/**
-	 * @brief find the ike_sa_entry in the list by SPIs.
+	 * @brief Find the ike_sa_entry_t object in the list by SPIs.
 	 *
 	 * This function simply iterates over the linked list. A hash-table
 	 * would be more efficient when storing a lot of IKE_SAs...
 	 *
-	 * @param this			the ike_sa_manager containing the list
+	 * @param this			calling object
 	 * @param ike_sa_id		id of the ike_sa, containing SPIs
-	 * @param entry[out]	pointer to set to the found entry
+	 * @param[out] entry	pointer to set to the found entry
 	 * @return				
 	 * 						- SUCCESS when found,
 	 * 						- NOT_FOUND when no such ike_sa_id in list
@ -153,14 +161,14 @@ struct private_ike_sa_manager_t {
 	 status_t (*get_entry_by_id) (private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id, ike_sa_entry_t **entry);
 	 /**
-	 * @brief find the ike_sa_entry in the list by pointer to SA.
+	 * @brief Find the ike_sa_entry_t in the list by pointer to SA.
 	 *
 	 * This function simply iterates over the linked list. A hash-table
 	 * would be more efficient when storing a lot of IKE_SAs...
 	 *
-	 * @param this			the ike_sa_manager containing the list
+	 * @param this			calling object
-	 * @param ike_sa			pointer to the ike_sa
+	 * @param ike_sa		pointer to the ike_sa
-	 * @param entry[out]		pointer to set to the found entry
+	 * @param[out] entry	pointer to set to the found entry
 	 * @return				
 	 * 						- SUCCESS when found,
 	 * 						- NOT_FOUND when no such ike_sa_id in list
@ -168,9 +176,9 @@ struct private_ike_sa_manager_t {
 	 status_t (*get_entry_by_sa) (private_ike_sa_manager_t *this, ike_sa_t *ike_sa, ike_sa_entry_t **entry);
 	 /**
-	  * @brief delete an entry from the linked list
+	  * @brief Felete an entry from the linked list.
 	  *
-	  * @param this		the ike_sa_manager containing the list
+	  * @param this			calling object
 	  * @param entry		entry to delete
 	  * @return				
 	  * 					- SUCCESS when found,
@ -179,28 +187,28 @@ struct private_ike_sa_manager_t {
 	 status_t (*delete_entry) (private_ike_sa_manager_t *this, ike_sa_entry_t *entry);
 	 /**
-	  * lock for exclusivly accessing the manager
+	  * Lock for exclusivly accessing the manager.
 	  */
 	 pthread_mutex_t mutex;
 	 /**
-	  * Logger used for this IKE SA Manager
+	  * Logger used for this IKE SA Manager.
 	  */
 	 logger_t *logger;
 	 /**
-	  * Linked list with entries for the ike_sa
+	  * Linked list with entries for the ike_sa_t objects.
 	  */
 	 linked_list_t *ike_sa_list;
 	 /**
-	  * Next SPI, needed for incremental creation of SPIs
+	  * Next SPI, needed for incremental creation of SPIs.
 	  */
 	 u_int64_t next_spi;
 };
 /**
- * Implements private_ike_sa_manager_t.get_entry_by_id.
+ * Implementation of private_ike_sa_manager_t.get_entry_by_id.
 */
 static status_t get_entry_by_id(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id, ike_sa_entry_t **entry)
 {
@ -256,7 +264,7 @@ static status_t get_entry_by_id(private_ike_sa_manager_t *this, ike_sa_id_t *ike
 }
 /**
- * Implements private_ike_sa_manager_t.get_entry_by_sa.
+ * Implementation of private_ike_sa_manager_t.get_entry_by_sa.
 */
 static status_t get_entry_by_sa(private_ike_sa_manager_t *this, ike_sa_t *ike_sa, ike_sa_entry_t **entry)
 {
@ -288,7 +296,7 @@ static status_t get_entry_by_sa(private_ike_sa_manager_t *this, ike_sa_t *ike_sa
 }
 /**
- * Implements private_ike_sa_manager_s.delete_entry.
+ * Implementation of private_ike_sa_manager_s.delete_entry.
 */
 static status_t delete_entry(private_ike_sa_manager_t *this, ike_sa_entry_t *entry)
 {
@ -319,7 +327,7 @@ static status_t delete_entry(private_ike_sa_manager_t *this, ike_sa_entry_t *ent
 /**
- * Implements private_ike_sa_manager_t.get_next_spi.
+ * Implementation of private_ike_sa_manager_t.get_next_spi.
 */
 static u_int64_t get_next_spi(private_ike_sa_manager_t *this)
 {
@ -333,7 +341,7 @@ static u_int64_t get_next_spi(private_ike_sa_manager_t *this)
 }
 /**
- * Implementation of ike_sa_manager.create_and_checkout.
+ * Implementation of of ike_sa_manager.create_and_checkout.
 */
 static void create_and_checkout(private_ike_sa_manager_t *this,ike_sa_t **ike_sa)
 {
@ -363,7 +371,7 @@ static void create_and_checkout(private_ike_sa_manager_t *this,ike_sa_t **ike_sa
 }
 /**
- * Implementation of ike_sa_manager.checkout.
+ * Implementation of of ike_sa_manager.checkout.
 */
 static status_t checkout(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id, ike_sa_t **ike_sa)
 {
@ -482,7 +490,7 @@ static status_t checkout(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id,
 }
 /**
- * Implements ike_sa_manager_t.checkin.
+ * Implementation of ike_sa_manager_t.checkin.
 */
 static status_t checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa)
 {
@ -519,7 +527,7 @@ static status_t checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa)
 /**
- * Implements ike_sa_manager_t.checkin_and_delete.
+ * Implementation of ike_sa_manager_t.checkin_and_delete.
 */
 static status_t checkin_and_delete(private_ike_sa_manager_t *this, ike_sa_t *ike_sa)
 {
@ -564,7 +572,7 @@ static status_t checkin_and_delete(private_ike_sa_manager_t *this, ike_sa_t *ike
 }
 /**
- * Implements ike_sa_manager_t.delete.
+ * Implementation of ike_sa_manager_t.delete.
 */
 static status_t delete(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id)
 {
@ -607,7 +615,7 @@ static status_t delete(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id)
 }
 /**
- * Implements ike_sa_manager_t.destroy.
+ * Implementation of ike_sa_manager_t.destroy.
 */
 static void destroy(private_ike_sa_manager_t *this)
 {
@ -666,7 +674,7 @@ static void destroy(private_ike_sa_manager_t *this)
 }
 /*
- * Described in header
+ * Described in header.
 */
 ike_sa_manager_t *ike_sa_manager_create()
 {
--- a/Source/charon/sa/ike_sa_manager.h
+++ b/Source/charon/sa/ike_sa_manager.h
@ -20,8 +20,8 @@
 * for more details.
 */
-#ifndef IKE_SA_MANAGER_H_
+#ifndef _IKE_SA_MANAGER_H_
-#define IKE_SA_MANAGER_H_
+#define _IKE_SA_MANAGER_H_
 #include <types.h>
 #include <sa/ike_sa.h>
@ -30,7 +30,7 @@
 typedef struct ike_sa_manager_t ike_sa_manager_t;
 /**
- * @brief The IKE_SA-Manager manages the IKE_SAs ;-).
+ * @brief The IKE_SA-Manager is responsible for managing all initiated and responded IKE_SA's.
 *
 * To avoid access from multiple threads, IKE_SAs must be checked out from
 * the manager, and checked in after usage. 
@ -39,6 +39,8 @@ typedef struct ike_sa_manager_t ike_sa_manager_t;
 * @todo checking of double-checkouts from the same threads would be nice.
 * This could be done by comparing thread-ids via pthread_self()...
 * 
 * @todo Managing of ike_sa_t objects in a hash table instead of linked list.
 * 
 * @b Constructors:
 * - ike_sa_manager_create()
 * 
@ -46,7 +48,7 @@ typedef struct ike_sa_manager_t ike_sa_manager_t;
 */
 struct ike_sa_manager_t {
 	/**
-	 * @brief Checkout an IKE_SA, create it when necesarry
+	 * @brief Checkout an IKE_SA, create it when necesarry.
 	 * 
 	 * Checks out a SA by its ID. An SA will be created, when:
 	 * - Responder SPI is not set (when received an IKE_SA_INIT from initiator)
@ -69,19 +71,16 @@ struct ike_sa_manager_t {
 	/**
 	 * @brief Create and checkout an IKE_SA as original initator.
 	 * 
-	 * Creates and checks out a SA as initiator. An SA will be created, when:
+	 * Creates and checks out a SA as initiator.
 	 * Management of SPIs is the managers job, he will set it.
 	 * 
 	 * @warning checking out two times without checking in will
 	 * result in a deadlock!
 	 * 
 	 * @param ike_sa_manager 	the manager object
 	 * @param ike_sa[out] 		checked out SA
 	 */
 	void (*create_and_checkout) (ike_sa_manager_t* ike_sa_manager,ike_sa_t **ike_sa);
 	/**
-	 * @brief Checkin the SA after usage
+	 * @brief Checkin the SA after usage.
 	 * 
 	 * @warning the SA pointer MUST NOT be used after checkin! 
 	 * The SA must be checked out again!
@ -95,7 +94,7 @@ struct ike_sa_manager_t {
 	 */
 	status_t (*checkin) (ike_sa_manager_t* ike_sa_manager, ike_sa_t *ike_sa);
 	/**
-	 * @brief delete a SA, wich was not checked out
+	 * @brief Delete a SA, which was not checked out.
 	 * 
 	 * @warning do not use this when the SA is already checked out, this will
 	 * deadlock!
@ -109,7 +108,7 @@ struct ike_sa_manager_t {
 	status_t (*delete) (ike_sa_manager_t* ike_sa_manager, ike_sa_id_t *ike_sa_id);
 	/**
-	 * @brief delete a checked out SA
+	 * @brief Delete a checked out SA.
 	 *
 	 * @param ike_sa_manager 	the manager object
 	 * @param ike_sa			SA to delete
@ -120,9 +119,9 @@ struct ike_sa_manager_t {
 	status_t (*checkin_and_delete) (ike_sa_manager_t* ike_sa_manager, ike_sa_t *ike_sa);
 	/**
-	 * @brief Destroys the manager with all associated SAs
+	 * @brief Destroys the manager with all associated SAs.
 	 * 
-	 * Threads will be driven out, so all SAs can be deleted cleanly
+	 * Threads will be driven out, so all SAs can be deleted cleanly.
 	 * 
 	 * @param ike_sa_manager the manager object
 	 */
@ -130,12 +129,12 @@ struct ike_sa_manager_t {
 };
 /**
- * @brief Create a manager
+ * @brief Create a manager.
 * 
- * @returns ike_sa_manager_t object
+ * @returns 	ike_sa_manager_t object
 * 
 * @ingroup sa
 */
 ike_sa_manager_t *ike_sa_manager_create();
-#endif /*IKE_SA_MANAGER_H_*/
+#endif /*_IKE_SA_MANAGER_H_*/
--- a/Source/charon/utils/logger.c
+++ b/Source/charon/utils/logger.c
@ -97,6 +97,10 @@ static void prepend_prefix(private_logger_t *this, logger_level_t loglevel, char
 	{
 		log_type = '?';
 	}
 	else if (loglevel & AUDIT)
 	{
 		log_type = '>';
 	}
 	else
 	{
 		log_type = '-';