 @@ -1,14 +1,14 @@
-/*	$NetBSD: if_wg.c,v 1.15 2020/08/20 21:35:13 riastradh Exp $	*/
+/*	$NetBSD: if_wg.c,v 1.16 2020/08/20 21:35:24 riastradh Exp $	*/
 /*
  * Copyright (C) Ryota Ozaki <ozaki.ryota@gmail.com>
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
 @@ -33,27 +33,27 @@
  * This is an implementation of WireGuard, a fast, modern, secure VPN protocol,
  * for the NetBSD kernel and rump kernels.
+ *
  * The implementation is based on the paper of WireGuard as of 2018-06-30 [1].
  * The paper is referred in the source code with label [W].  Also the
  * specification of the Noise protocol framework as of 2018-07-11 [2] is
  * referred with label [N].
+ *
  * [1] https://www.wireguard.com/papers/wireguard.pdf
  * [2] http://noiseprotocol.org/noise.pdf
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.15 2020/08/20 21:35:13 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.16 2020/08/20 21:35:24 riastradh Exp $");
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
 #endif
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/kernel.h>
 #include <sys/mbuf.h>
 #include <sys/socket.h>
 #include <sys/sockio.h>
 #include <sys/errno.h>
 #include <sys/ioctl.h>
 @@ -3002,27 +3002,27 @@ wg_session_hit_limits(struct wg_session
 		WG_DLOG("The session hits REJECT_AFTER_TIME\n");
 		return true;
 	} else if (wgs->wgs_send_counter > wg_reject_after_messages) {
 		WG_DLOG("The session hits REJECT_AFTER_MESSAGES\n");
 		return true;
+	}
 	return false;
+}
 static void
 wg_peer_softint(void *arg)
+{
-	struct wg_peer *wgp = (struct wg_peer *)arg;
+	struct wg_peer *wgp = arg;
 	struct wg_session *wgs;
 	struct mbuf *m;
 	struct psref psref;
 	wgs = wg_get_stable_session(wgp, &psref);
 	if (wgs->wgs_state != WGS_STATE_ESTABLISHED) {
 		/* XXX how to treat? */
 		WG_TRACE("skipped");
 		goto out;
+	}
 	if (wg_session_hit_limits(wgs)) {
 		wg_schedule_peer_task(wgp, WGP_TASK_SEND_INIT_MESSAGE);
 		goto out;
 @@ -3345,27 +3345,27 @@ wg_clone_create(struct if_clone *ifc, in
 		return error;
+	}
 	mutex_enter(&wg_softcs.lock);
 	LIST_INSERT_HEAD(&wg_softcs.list, wg, wg_list);
 	mutex_exit(&wg_softcs.lock);
 	return 0;
+}
 static int
 wg_clone_destroy(struct ifnet *ifp)
+{
-	struct wg_softc *wg = (void *) ifp;
+	struct wg_softc *wg = container_of(ifp, struct wg_softc, wg_if);
 	mutex_enter(&wg_softcs.lock);
 	LIST_REMOVE(wg, wg_list);
 	mutex_exit(&wg_softcs.lock);
 #ifdef WG_RUMPKERNEL
 	if (wg_user_mode(wg)) {
 		rumpuser_wg_destroy(wg->wg_user);
 		wg->wg_user = NULL;
+	}
 #endif
 	bpf_detach(ifp);
 @@ -3403,27 +3403,27 @@ wg_pick_peer_by_sa(struct wg_softc *wg,
 	rw_enter(wg->wg_rwlock, RW_READER);
 	rnh = wg_rnh(wg, sa->sa_family);
 	if (rnh == NULL)
 		goto out;
 	rn = rnh->rnh_matchaddr(sa, rnh);
 	if (rn == NULL || (rn->rn_flags & RNF_ROOT) != 0)
 		goto out;
 	WG_TRACE("success");
-	wga = (struct wg_allowedip *)rn;
+	wga = container_of(rn, struct wg_allowedip, wga_nodes[0]);
 	wgp = wga->wga_peer;
 	wg_get_peer(wgp, psref);
 out:
 	rw_exit(wg->wg_rwlock);
 	return wgp;
+}
 static void
 wg_fill_msg_data(struct wg_softc *wg, struct wg_peer *wgp,
     struct wg_session *wgs, struct wg_msg_data *wgmd)
+{