15 files changed, 221 insertions, 211 deletions

diff --git a/tunnel/winipcfg/interface_change_handler.go b/tunnel/winipcfg/interface_change_handler.go
index 4d229e78..af29801a 100644
--- a/tunnel/winipcfg/interface_change_handler.go
+++ b/tunnel/winipcfg/interface_change_handler.go
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: MIT
  *
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
  */
 
 package winipcfg
diff --git a/tunnel/winipcfg/luid.go b/tunnel/winipcfg/luid.go
index 02ba65b4..0c898b89 100644
--- a/tunnel/winipcfg/luid.go
+++ b/tunnel/winipcfg/luid.go
@@ -1,13 +1,13 @@
 /* SPDX-License-Identifier: MIT
  *
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
  */
 
 package winipcfg
 
 import (
 	"errors"
-	"net"
+	"net/netip"
 	"strings"
 
 	"golang.org/x/sys/windows"
@@ -76,10 +76,10 @@ func LUIDFromIndex(index uint32) (LUID, error) {
 
 // IPAddress method returns MibUnicastIPAddressRow struct that matches to provided 'ip' argument. Corresponds to GetUnicastIpAddressEntry
 // (https://docs.microsoft.com/en-us/windows/desktop/api/netioapi/nf-netioapi-getunicastipaddressentry)
-func (luid LUID) IPAddress(ip net.IP) (*MibUnicastIPAddressRow, error) {
+func (luid LUID) IPAddress(addr netip.Addr) (*MibUnicastIPAddressRow, error) {
 	row := &MibUnicastIPAddressRow{InterfaceLUID: luid}
 
-	err := row.Address.SetIP(ip, 0)
+	err := row.Address.SetAddr(addr)
 	if err != nil {
 		return nil, err
 	}
@@ -94,22 +94,24 @@ func (luid LUID) IPAddress(ip net.IP) (*MibUnicastIPAddressRow, error) {
 
 // AddIPAddress method adds new unicast IP address to the interface. Corresponds to CreateUnicastIpAddressEntry function
 // (https://docs.microsoft.com/en-us/windows/desktop/api/netioapi/nf-netioapi-createunicastipaddressentry).
-func (luid LUID) AddIPAddress(address net.IPNet) error {
+func (luid LUID) AddIPAddress(address netip.Prefix) error {
 	row := &MibUnicastIPAddressRow{}
 	row.Init()
 	row.InterfaceLUID = luid
-	err := row.Address.SetIP(address.IP, 0)
+	row.DadState = DadStatePreferred
+	row.ValidLifetime = 0xffffffff
+	row.PreferredLifetime = 0xffffffff
+	err := row.Address.SetAddr(address.Addr())
 	if err != nil {
 		return err
 	}
-	ones, _ := address.Mask.Size()
-	row.OnLinkPrefixLength = uint8(ones)
+	row.OnLinkPrefixLength = uint8(address.Bits())
 	return row.Create()
 }
 
 // AddIPAddresses method adds multiple new unicast IP addresses to the interface. Corresponds to CreateUnicastIpAddressEntry function
 // (https://docs.microsoft.com/en-us/windows/desktop/api/netioapi/nf-netioapi-createunicastipaddressentry).
-func (luid LUID) AddIPAddresses(addresses []net.IPNet) error {
+func (luid LUID) AddIPAddresses(addresses []netip.Prefix) error {
 	for i := range addresses {
 		err := luid.AddIPAddress(addresses[i])
 		if err != nil {
@@ -120,7 +122,7 @@ func (luid LUID) AddIPAddresses(addresses []net.IPNet) error {
 }
 
 // SetIPAddresses method sets new unicast IP addresses to the interface.
-func (luid LUID) SetIPAddresses(addresses []net.IPNet) error {
+func (luid LUID) SetIPAddresses(addresses []netip.Prefix) error {
 	err := luid.FlushIPAddresses(windows.AF_UNSPEC)
 	if err != nil {
 		return err
@@ -129,16 +131,15 @@ func (luid LUID) SetIPAddresses(addresses []net.IPNet) error {
 }
 
 // SetIPAddressesForFamily method sets new unicast IP addresses for a specific family to the interface.
-func (luid LUID) SetIPAddressesForFamily(family AddressFamily, addresses []net.IPNet) error {
+func (luid LUID) SetIPAddressesForFamily(family AddressFamily, addresses []netip.Prefix) error {
 	err := luid.FlushIPAddresses(family)
 	if err != nil {
 		return err
 	}
 	for i := range addresses {
-		asV4 := addresses[i].IP.To4()
-		if asV4 == nil && family == windows.AF_INET {
+		if !addresses[i].Addr().Is4() && family == windows.AF_INET {
 			continue
-		} else if asV4 != nil && family == windows.AF_INET6 {
+		} else if !addresses[i].Addr().Is6() && family == windows.AF_INET6 {
 			continue
 		}
 		err := luid.AddIPAddress(addresses[i])
@@ -151,17 +152,16 @@ func (luid LUID) SetIPAddressesForFamily(family AddressFamily, addresses []net.I
 
 // DeleteIPAddress method deletes interface's unicast IP address. Corresponds to DeleteUnicastIpAddressEntry function
 // (https://docs.microsoft.com/en-us/windows/desktop/api/netioapi/nf-netioapi-deleteunicastipaddressentry).
-func (luid LUID) DeleteIPAddress(address net.IPNet) error {
+func (luid LUID) DeleteIPAddress(address netip.Prefix) error {
 	row := &MibUnicastIPAddressRow{}
 	row.Init()
 	row.InterfaceLUID = luid
-	err := row.Address.SetIP(address.IP, 0)
+	err := row.Address.SetAddr(address.Addr())
 	if err != nil {
 		return err
 	}
 	// Note: OnLinkPrefixLength member is ignored by DeleteUnicastIpAddressEntry().
-	ones, _ := address.Mask.Size()
-	row.OnLinkPrefixLength = uint8(ones)
+	row.OnLinkPrefixLength = uint8(address.Bits())
 	return row.Delete()
 }
 
@@ -185,15 +185,17 @@ func (luid LUID) FlushIPAddresses(family AddressFamily) error {
 // Route method returns route determined with the input arguments. Corresponds to GetIpForwardEntry2 function
 // (https://docs.microsoft.com/en-us/windows/desktop/api/netioapi/nf-netioapi-getipforwardentry2).
 // NOTE: If the corresponding route isn't found, the method will return error.
-func (luid LUID) Route(destination net.IPNet, nextHop net.IP) (*MibIPforwardRow2, error) {
+func (luid LUID) Route(destination netip.Prefix, nextHop netip.Addr) (*MibIPforwardRow2, error) {
 	row := &MibIPforwardRow2{}
 	row.Init()
 	row.InterfaceLUID = luid
-	err := row.DestinationPrefix.SetIPNet(destination)
+	row.ValidLifetime = 0xffffffff
+	row.PreferredLifetime = 0xffffffff
+	err := row.DestinationPrefix.SetPrefix(destination)
 	if err != nil {
 		return nil, err
 	}
-	err = row.NextHop.SetIP(nextHop, 0)
+	err = row.NextHop.SetAddr(nextHop)
 	if err != nil {
 		return nil, err
 	}
@@ -207,15 +209,15 @@ func (luid LUID) Route(destination net.IPNet, nextHop net.IP) (*MibIPforwardRow2
 
 // AddRoute method adds a route to the interface. Corresponds to CreateIpForwardEntry2 function, with added splitDefault feature.
 // (https://docs.microsoft.com/en-us/windows/desktop/api/netioapi/nf-netioapi-createipforwardentry2)
-func (luid LUID) AddRoute(destination net.IPNet, nextHop net.IP, metric uint32) error {
+func (luid LUID) AddRoute(destination netip.Prefix, nextHop netip.Addr, metric uint32) error {
 	row := &MibIPforwardRow2{}
 	row.Init()
 	row.InterfaceLUID = luid
-	err := row.DestinationPrefix.SetIPNet(destination)
+	err := row.DestinationPrefix.SetPrefix(destination)
 	if err != nil {
 		return err
 	}
-	err = row.NextHop.SetIP(nextHop, 0)
+	err = row.NextHop.SetAddr(nextHop)
 	if err != nil {
 		return err
 	}
@@ -250,10 +252,9 @@ func (luid LUID) SetRoutesForFamily(family AddressFamily, routesData []*RouteDat
 		return err
 	}
 	for _, rd := range routesData {
-		asV4 := rd.Destination.IP.To4()
-		if asV4 == nil && family == windows.AF_INET {
+		if !rd.Destination.Addr().Is4() && family == windows.AF_INET {
 			continue
-		} else if asV4 != nil && family == windows.AF_INET6 {
+		} else if !rd.Destination.Addr().Is6() && family == windows.AF_INET6 {
 			continue
 		}
 		err := luid.AddRoute(rd.Destination, rd.NextHop, rd.Metric)
@@ -266,15 +267,15 @@ func (luid LUID) SetRoutesForFamily(family AddressFamily, routesData []*RouteDat
 
 // DeleteRoute method deletes a route that matches the criteria. Corresponds to DeleteIpForwardEntry2 function
 // (https://docs.microsoft.com/en-us/windows/desktop/api/netioapi/nf-netioapi-deleteipforwardentry2).
-func (luid LUID) DeleteRoute(destination net.IPNet, nextHop net.IP) error {
+func (luid LUID) DeleteRoute(destination netip.Prefix, nextHop netip.Addr) error {
 	row := &MibIPforwardRow2{}
 	row.Init()
 	row.InterfaceLUID = luid
-	err := row.DestinationPrefix.SetIPNet(destination)
+	err := row.DestinationPrefix.SetPrefix(destination)
 	if err != nil {
 		return err
 	}
-	err = row.NextHop.SetIP(nextHop, 0)
+	err = row.NextHop.SetAddr(nextHop)
 	if err != nil {
 		return err
 	}
@@ -307,17 +308,19 @@ func (luid LUID) FlushRoutes(family AddressFamily) error {
 }
 
 // DNS method returns all DNS server addresses associated with the adapter.
-func (luid LUID) DNS() ([]net.IP, error) {
+func (luid LUID) DNS() ([]netip.Addr, error) {
 	addresses, err := GetAdaptersAddresses(windows.AF_UNSPEC, GAAFlagDefault)
 	if err != nil {
 		return nil, err
 	}
-	r := make([]net.IP, 0, len(addresses))
+	r := make([]netip.Addr, 0, len(addresses))
 	for _, addr := range addresses {
 		if addr.LUID == luid {
 			for dns := addr.FirstDNSServerAddress; dns != nil; dns = dns.Next {
 				if ip := dns.Address.IP(); ip != nil {
-					r = append(r, ip)
+					if a, ok := netip.AddrFromSlice(ip); ok {
+						r = append(r, a)
+					}
 				} else {
 					return nil, windows.ERROR_INVALID_PARAMETER
 				}
@@ -328,17 +331,15 @@ func (luid LUID) DNS() ([]net.IP, error) {
 }
 
 // SetDNS method clears previous and associates new DNS servers and search domains with the adapter for a specific family.
-func (luid LUID) SetDNS(family AddressFamily, servers []net.IP, domains []string) error {
+func (luid LUID) SetDNS(family AddressFamily, servers []netip.Addr, domains []string) error {
 	if family != windows.AF_INET && family != windows.AF_INET6 {
 		return windows.ERROR_PROTOCOL_UNREACHABLE
 	}
 
 	var filteredServers []string
 	for _, server := range servers {
-		if v4 := server.To4(); v4 != nil && family == windows.AF_INET {
-			filteredServers = append(filteredServers, v4.String())
-		} else if v6 := server.To16(); v4 == nil && v6 != nil && family == windows.AF_INET6 {
-			filteredServers = append(filteredServers, v6.String())
+		if (server.Is4() && family == windows.AF_INET) || (server.Is6() && family == windows.AF_INET6) {
+			filteredServers = append(filteredServers, server.String())
 		}
 	}
 	servers16, err := windows.UTF16PtrFromString(strings.Join(filteredServers, ","))
@@ -353,17 +354,17 @@ func (luid LUID) SetDNS(family AddressFamily, servers []net.IP, domains []string
 	if err != nil {
 		return err
 	}
-	var maybeV6 uint64
+	dnsInterfaceSettings := &DnsInterfaceSettings{
+		Version:    DnsInterfaceSettingsVersion1,
+		Flags:      DnsInterfaceSettingsFlagNameserver | DnsInterfaceSettingsFlagSearchList,
+		NameServer: servers16,
+		SearchList: domains16,
+	}
 	if family == windows.AF_INET6 {
-		maybeV6 = disFlagsIPv6
+		dnsInterfaceSettings.Flags |= DnsInterfaceSettingsFlagIPv6
 	}
 	// For >= Windows 10 1809
-	err = setInterfaceDnsSettings(*guid, &dnsInterfaceSettings{
-		Version:    disVersion1,
-		Flags:      disFlagsNameServer | disFlagsSearchList | maybeV6,
-		NameServer: servers16,
-		SearchList: domains16,
-	})
+	err = SetInterfaceDnsSettings(*guid, dnsInterfaceSettings)
 	if err == nil || !errors.Is(err, windows.ERROR_PROC_NOT_FOUND) {
 		return err
 	}
diff --git a/tunnel/winipcfg/mksyscall.go b/tunnel/winipcfg/mksyscall.go
index e9e06676..d62d38df 100644
--- a/tunnel/winipcfg/mksyscall.go
+++ b/tunnel/winipcfg/mksyscall.go
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: MIT
  *
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
  */
 
 package winipcfg
diff --git a/tunnel/winipcfg/netsh.go b/tunnel/winipcfg/netsh.go
index 1f3d12d0..4f8e5b13 100644
--- a/tunnel/winipcfg/netsh.go
+++ b/tunnel/winipcfg/netsh.go
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: MIT
  *
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
  */
 
 package winipcfg
@@ -10,7 +10,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"net"
+	"net/netip"
 	"os/exec"
 	"path/filepath"
 	"strings"
@@ -57,7 +57,7 @@ const (
 	netshCmdTemplateAdd6   = "interface ipv6 add dnsservers name=%d address=%s validate=no"
 )
 
-func (luid LUID) fallbackSetDNSForFamily(family AddressFamily, dnses []net.IP) error {
+func (luid LUID) fallbackSetDNSForFamily(family AddressFamily, dnses []netip.Addr) error {
 	var templateFlush string
 	if family == windows.AF_INET {
 		templateFlush = netshCmdTemplateFlush4
@@ -72,10 +72,10 @@ func (luid LUID) fallbackSetDNSForFamily(family AddressFamily, dnses []net.IP) e
 	}
 	cmds = append(cmds, fmt.Sprintf(templateFlush, ipif.InterfaceIndex))
 	for i := 0; i < len(dnses); i++ {
-		if v4 := dnses[i].To4(); v4 != nil && family == windows.AF_INET {
-			cmds = append(cmds, fmt.Sprintf(netshCmdTemplateAdd4, ipif.InterfaceIndex, v4.String()))
-		} else if v6 := dnses[i].To16(); v4 == nil && v6 != nil && family == windows.AF_INET6 {
-			cmds = append(cmds, fmt.Sprintf(netshCmdTemplateAdd6, ipif.InterfaceIndex, v6.String()))
+		if dnses[i].Is4() && family == windows.AF_INET {
+			cmds = append(cmds, fmt.Sprintf(netshCmdTemplateAdd4, ipif.InterfaceIndex, dnses[i].String()))
+		} else if dnses[i].Is6() && family == windows.AF_INET6 {
+			cmds = append(cmds, fmt.Sprintf(netshCmdTemplateAdd6, ipif.InterfaceIndex, dnses[i].String()))
 		}
 	}
 	return runNetsh(cmds)
diff --git a/tunnel/winipcfg/route_change_handler.go b/tunnel/winipcfg/route_change_handler.go
index 75dcf82c..4b78331e 100644
--- a/tunnel/winipcfg/route_change_handler.go
+++ b/tunnel/winipcfg/route_change_handler.go
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: MIT
  *
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
  */
 
 package winipcfg
diff --git a/tunnel/winipcfg/types.go b/tunnel/winipcfg/types.go
index 02f7f788..8e8f4a59 100644
--- a/tunnel/winipcfg/types.go
+++ b/tunnel/winipcfg/types.go
@@ -1,12 +1,15 @@
 /* SPDX-License-Identifier: MIT
  *
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
  */
 
 package winipcfg
 
 import (
-	"net"
+	"encoding/binary"
+	"fmt"
+	"net/netip"
+	"strconv"
 	"unsafe"
 
 	"golang.org/x/sys/windows"
@@ -582,11 +585,15 @@ const (
 
 // RouteData structure describes a route to add
 type RouteData struct {
-	Destination net.IPNet
-	NextHop     net.IP
+	Destination netip.Prefix
+	NextHop     netip.Addr
 	Metric      uint32
 }
 
+func (routeData *RouteData) String() string {
+	return fmt.Sprintf("%+v", *routeData)
+}
+
 // IPAdapterDNSSuffix structure stores a DNS suffix in a linked list of DNS suffixes for a particular adapter.
 // https://docs.microsoft.com/en-us/windows/desktop/api/iptypes/ns-iptypes-_ip_adapter_dns_suffix
 type IPAdapterDNSSuffix struct {
@@ -679,8 +686,7 @@ func (row *MibIPInterfaceRow) Set() error {
 
 // get method returns all table rows as a Go slice.
 func (tab *mibIPInterfaceTable) get() (s []MibIPInterfaceRow) {
-	unsafeSlice(unsafe.Pointer(&s), unsafe.Pointer(&tab.table[0]), int(tab.numEntries))
-	return
+	return unsafe.Slice(&tab.table[0], tab.numEntries)
 }
 
 // free method frees the buffer allocated by the functions that return tables of network interfaces, addresses, and routes.
@@ -717,8 +723,7 @@ func (row *MibIfRow2) get() (ret error) {
 
 // get method returns all table rows as a Go slice.
 func (tab *mibIfTable2) get() (s []MibIfRow2) {
-	unsafeSlice(unsafe.Pointer(&s), unsafe.Pointer(&tab.table[0]), int(tab.numEntries))
-	return
+	return unsafe.Slice(&tab.table[0], tab.numEntries)
 }
 
 // free method frees the buffer allocated by the functions that return tables of network interfaces, addresses, and routes.
@@ -734,45 +739,82 @@ type RawSockaddrInet struct {
 	data   [26]byte
 }
 
-// SetIP method sets family, address, and port to the given IPv4 or IPv6 address and port.
+func ntohs(i uint16) uint16 {
+	return binary.BigEndian.Uint16((*[2]byte)(unsafe.Pointer(&i))[:])
+}
+
+func htons(i uint16) uint16 {
+	b := make([]byte, 2)
+	binary.BigEndian.PutUint16(b, i)
+	return *(*uint16)(unsafe.Pointer(&b[0]))
+}
+
+// SetAddrPort method sets family, address, and port to the given IPv4 or IPv6 address and port.
 // All other members of the structure are set to zero.
-func (addr *RawSockaddrInet) SetIP(ip net.IP, port uint16) error {
-	if v4 := ip.To4(); v4 != nil {
+func (addr *RawSockaddrInet) SetAddrPort(addrPort netip.AddrPort) error {
+	if addrPort.Addr().Is4() {
 		addr4 := (*windows.RawSockaddrInet4)(unsafe.Pointer(addr))
 		addr4.Family = windows.AF_INET
-		copy(addr4.Addr[:], v4)
-		addr4.Port = port
+		addr4.Addr = addrPort.Addr().As4()
+		addr4.Port = htons(addrPort.Port())
 		for i := 0; i < 8; i++ {
 			addr4.Zero[i] = 0
 		}
 		return nil
-	}
-
-	if v6 := ip.To16(); v6 != nil {
+	} else if addrPort.Addr().Is6() {
 		addr6 := (*windows.RawSockaddrInet6)(unsafe.Pointer(addr))
 		addr6.Family = windows.AF_INET6
-		addr6.Port = port
+		addr6.Addr = addrPort.Addr().As16()
+		addr6.Port = htons(addrPort.Port())
 		addr6.Flowinfo = 0
-		copy(addr6.Addr[:], v6)
-		addr6.Scope_id = 0
+		scopeId := uint32(0)
+		if z := addrPort.Addr().Zone(); z != "" {
+			if s, err := strconv.ParseUint(z, 10, 32); err == nil {
+				scopeId = uint32(s)
+			}
+		}
+		addr6.Scope_id = scopeId
 		return nil
 	}
-
 	return windows.ERROR_INVALID_PARAMETER
 }
 
-// IP method returns IPv4 or IPv6 address.
-// If the address is neither IPv4 not IPv6 nil is returned.
-func (addr *RawSockaddrInet) IP() net.IP {
+// SetAddr method sets family and address to the given IPv4 or IPv6 address.
+// All other members of the structure are set to zero.
+func (addr *RawSockaddrInet) SetAddr(netAddr netip.Addr) error {
+	return addr.SetAddrPort(netip.AddrPortFrom(netAddr, 0))
+}
+
+// AddrPort returns the IP address and port.
+func (addr *RawSockaddrInet) AddrPort() netip.AddrPort {
+	return netip.AddrPortFrom(addr.Addr(), addr.Port())
+}
+
+// Addr returns IPv4 or IPv6 address, or an invalid address if the address is neither.
+func (addr *RawSockaddrInet) Addr() netip.Addr {
 	switch addr.Family {
 	case windows.AF_INET:
-		return (*windows.RawSockaddrInet4)(unsafe.Pointer(addr)).Addr[:]
-
+		return netip.AddrFrom4((*windows.RawSockaddrInet4)(unsafe.Pointer(addr)).Addr)
 	case windows.AF_INET6:
-		return (*windows.RawSockaddrInet6)(unsafe.Pointer(addr)).Addr[:]
+		raw := (*windows.RawSockaddrInet6)(unsafe.Pointer(addr))
+		a := netip.AddrFrom16(raw.Addr)
+		if raw.Scope_id != 0 {
+			a = a.WithZone(strconv.FormatUint(uint64(raw.Scope_id), 10))
+		}
+		return a
 	}
+	return netip.Addr{}
+}
 
-	return nil
+// Port returns the port if the address if IPv4 or IPv6, or 0 if neither.
+func (addr *RawSockaddrInet) Port() uint16 {
+	switch addr.Family {
+	case windows.AF_INET:
+		return ntohs((*windows.RawSockaddrInet4)(unsafe.Pointer(addr)).Port)
+	case windows.AF_INET6:
+		return ntohs((*windows.RawSockaddrInet6)(unsafe.Pointer(addr)).Port)
+	}
+	return 0
 }
 
 // Init method initializes a MibUnicastIPAddressRow structure with default values for a unicast IP address entry on the local computer.
@@ -807,8 +849,7 @@ func (row *MibUnicastIPAddressRow) Delete() error {
 
 // get method returns all table rows as a Go slice.
 func (tab *mibUnicastIPAddressTable) get() (s []MibUnicastIPAddressRow) {
-	unsafeSlice(unsafe.Pointer(&s), unsafe.Pointer(&tab.table[0]), int(tab.numEntries))
-	return
+	return unsafe.Slice(&tab.table[0], tab.numEntries)
 }
 
 // free method frees the buffer allocated by the functions that return tables of network interfaces, addresses, and routes.
@@ -837,8 +878,7 @@ func (row *MibAnycastIPAddressRow) Delete() error {
 
 // get method returns all table rows as a Go slice.
 func (tab *mibAnycastIPAddressTable) get() (s []MibAnycastIPAddressRow) {
-	unsafeSlice(unsafe.Pointer(&s), unsafe.Pointer(&tab.table[0]), int(tab.numEntries))
-	return
+	return unsafe.Slice(&tab.table[0], tab.numEntries)
 }
 
 // free method frees the buffer allocated by the functions that return tables of network interfaces, addresses, and routes.
@@ -850,32 +890,30 @@ func (tab *mibAnycastIPAddressTable) free() {
 // IPAddressPrefix structure stores an IP address prefix.
 // https://docs.microsoft.com/en-us/windows/desktop/api/netioapi/ns-netioapi-_ip_address_prefix
 type IPAddressPrefix struct {
-	Prefix       RawSockaddrInet
+	RawPrefix    RawSockaddrInet
 	PrefixLength uint8
 	_            [2]byte
 }
 
-// SetIPNet method sets IP address prefix using net.IPNet.
-func (prefix *IPAddressPrefix) SetIPNet(net net.IPNet) error {
-	err := prefix.Prefix.SetIP(net.IP, 0)
+// SetPrefix method sets IP address prefix using netip.Prefix.
+func (prefix *IPAddressPrefix) SetPrefix(netPrefix netip.Prefix) error {
+	err := prefix.RawPrefix.SetAddr(netPrefix.Addr())
 	if err != nil {
 		return err
 	}
-	ones, _ := net.Mask.Size()
-	prefix.PrefixLength = uint8(ones)
+	prefix.PrefixLength = uint8(netPrefix.Bits())
 	return nil
 }
 
-// IPNet method returns IP address prefix as net.IPNet.
-// If the address is neither IPv4 not IPv6 an empty net.IPNet is returned. The resulting net.IPNet should be checked appropriately.
-func (prefix *IPAddressPrefix) IPNet() net.IPNet {
-	switch prefix.Prefix.Family {
+// Prefix returns IP address prefix as netip.Prefix.
+func (prefix *IPAddressPrefix) Prefix() netip.Prefix {
+	switch prefix.RawPrefix.Family {
 	case windows.AF_INET:
-		return net.IPNet{IP: (*windows.RawSockaddrInet4)(unsafe.Pointer(&prefix.Prefix)).Addr[:], Mask: net.CIDRMask(int(prefix.PrefixLength), 8*net.IPv4len)}
+		return netip.PrefixFrom(netip.AddrFrom4((*windows.RawSockaddrInet4)(unsafe.Pointer(&prefix.RawPrefix)).Addr), int(prefix.PrefixLength))
 	case windows.AF_INET6:
-		return net.IPNet{IP: (*windows.RawSockaddrInet6)(unsafe.Pointer(&prefix.Prefix)).Addr[:], Mask: net.CIDRMask(int(prefix.PrefixLength), 8*net.IPv6len)}
+		return netip.PrefixFrom(netip.AddrFrom16((*windows.RawSockaddrInet6)(unsafe.Pointer(&prefix.RawPrefix)).Addr), int(prefix.PrefixLength))
 	}
-	return net.IPNet{}
+	return netip.Prefix{}
 }
 
 // MibIPforwardRow2 structure stores information about an IP route entry.
@@ -930,8 +968,7 @@ func (row *MibIPforwardRow2) Delete() error {
 
 // get method returns all table rows as a Go slice.
 func (tab *mibIPforwardTable2) get() (s []MibIPforwardRow2) {
-	unsafeSlice(unsafe.Pointer(&s), unsafe.Pointer(&tab.table[0]), int(tab.numEntries))
-	return
+	return unsafe.Slice(&tab.table[0], tab.numEntries)
 }
 
 // free method frees the buffer allocated by the functions that return tables of network interfaces, addresses, and routes.
@@ -941,11 +978,11 @@ func (tab *mibIPforwardTable2) free() {
 }
 
 //
-// Undocumented DNS API
+// DNS API
 //
 
-// dnsInterfaceSettings is mean to be used with setInterfaceDnsSettings
-type dnsInterfaceSettings struct {
+// DnsInterfaceSettings is meant to be used with SetInterfaceDnsSettings
+type DnsInterfaceSettings struct {
 	Version             uint32
 	_                   [4]byte
 	Flags               uint64
@@ -960,37 +997,22 @@ type dnsInterfaceSettings struct {
 }
 
 const (
-	disVersion1 = 1
-	disVersion2 = 2
-
-	disFlagsIPv6                = 0x1
-	disFlagsNameServer          = 0x2
-	disFlagsSearchList          = 0x4
-	disFlagsRegistrationEnabled = 0x8
-	disFlagsRegisterAdapterName = 0x10
-	disFlagsDomain              = 0x20
-	disFlagsHostname            = 0x40 // ??
-	disFlagsEnableLLMNR         = 0x80
-	disFlagsQueryAdapterName    = 0x100
-	disFlagsProfileNameServer   = 0x200
-	disFlagsVersion2            = 0x400 // ?? - v2 only
-	disFlagsMoreFlags           = 0x800 // ?? - v2 only
+	DnsInterfaceSettingsVersion1 = 1 // for DnsInterfaceSettings
+	DnsInterfaceSettingsVersion2 = 2 // for DnsInterfaceSettingsEx
+	DnsInterfaceSettingsVersion3 = 3 // for DnsInterfaceSettings3
+
+	DnsInterfaceSettingsFlagIPv6                        = 0x0001
+	DnsInterfaceSettingsFlagNameserver                  = 0x0002
+	DnsInterfaceSettingsFlagSearchList                  = 0x0004
+	DnsInterfaceSettingsFlagRegistrationEnabled         = 0x0008
+	DnsInterfaceSettingsFlagRegisterAdapterName         = 0x0010
+	DnsInterfaceSettingsFlagDomain                      = 0x0020
+	DnsInterfaceSettingsFlagHostname                    = 0x0040
+	DnsInterfaceSettingsFlagEnableLLMNR                 = 0x0080
+	DnsInterfaceSettingsFlagQueryAdapterName            = 0x0100
+	DnsInterfaceSettingsFlagProfileNameserver           = 0x0200
+	DnsInterfaceSettingsFlagDisableUnconstrainedQueries = 0x0400 // v2 only
+	DnsInterfaceSettingsFlagSupplementalSearchList      = 0x0800 // v2 only
+	DnsInterfaceSettingsFlagDOH                         = 0x1000 // v3 only
+	DnsInterfaceSettingsFlagDOHProfile                  = 0x2000 // v3 only
 )
-
-// unsafeSlice updates the slice slicePtr to be a slice
-// referencing the provided data with its length & capacity set to
-// lenCap.
-//
-// TODO: when Go 1.16 or Go 1.17 is the minimum supported version,
-// update callers to use unsafe.Slice instead of this.
-func unsafeSlice(slicePtr, data unsafe.Pointer, lenCap int) {
-	type sliceHeader struct {
-		Data unsafe.Pointer
-		Len  int
-		Cap  int
-	}
-	h := (*sliceHeader)(slicePtr)
-	h.Data = data
-	h.Len = lenCap
-	h.Cap = lenCap
-}
diff --git a/tunnel/winipcfg/types_32.go b/tunnel/winipcfg/types_32.go
index 51a8d31c..1a8d4443 100644
--- a/tunnel/winipcfg/types_32.go
+++ b/tunnel/winipcfg/types_32.go
@@ -1,8 +1,8 @@
-// +build 386 arm
+//go:build 386 || arm
 
 /* SPDX-License-Identifier: MIT
  *
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
  */
 
 package winipcfg
diff --git a/tunnel/winipcfg/types_64.go b/tunnel/winipcfg/types_64.go
index 6623ce54..3a1fe07f 100644
--- a/tunnel/winipcfg/types_64.go
+++ b/tunnel/winipcfg/types_64.go
@@ -1,8 +1,8 @@
-// +build amd64 arm64
+//go:build amd64 || arm64
 
 /* SPDX-License-Identifier: MIT
  *
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
  */
 
 package winipcfg
diff --git a/tunnel/winipcfg/types_test.go b/tunnel/winipcfg/types_test.go
index 26268dbe..b72d73f5 100644
--- a/tunnel/winipcfg/types_test.go
+++ b/tunnel/winipcfg/types_test.go
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: MIT
  *
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
  */
 
 package winipcfg
@@ -957,7 +957,6 @@ func TestIPAddressPrefix(t *testing.T) {
 	offset := uintptr(unsafe.Pointer(&s.PrefixLength)) - sp
 	if offset != ipAddressPrefixPrefixLengthOffset {
 		t.Errorf("IPAddressPrefix.PrefixLength offset is %d although %d is expected", offset, ipAddressPrefixPrefixLengthOffset)
-
 	}
 }
 
diff --git a/tunnel/winipcfg/types_test_32.go b/tunnel/winipcfg/types_test_32.go
index fa3f91d5..9e62bfef 100644
--- a/tunnel/winipcfg/types_test_32.go
+++ b/tunnel/winipcfg/types_test_32.go
@@ -1,8 +1,8 @@
-// +build 386 arm
+//go:build 386 || arm
 
 /* SPDX-License-Identifier: MIT
  *
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
  */
 
 package winipcfg
diff --git a/tunnel/winipcfg/types_test_64.go b/tunnel/winipcfg/types_test_64.go
index d20cdb30..8a181575 100644
--- a/tunnel/winipcfg/types_test_64.go
+++ b/tunnel/winipcfg/types_test_64.go
@@ -1,8 +1,8 @@
-// +build amd64 arm64
+//go:build amd64 || arm64
 
 /* SPDX-License-Identifier: MIT
  *
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
  */
 
 package winipcfg
diff --git a/tunnel/winipcfg/unicast_address_change_handler.go b/tunnel/winipcfg/unicast_address_change_handler.go
index 517ff037..cf4fcb3a 100644
--- a/tunnel/winipcfg/unicast_address_change_handler.go
+++ b/tunnel/winipcfg/unicast_address_change_handler.go
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: MIT
  *
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
  */
 
 package winipcfg
diff --git a/tunnel/winipcfg/winipcfg.go b/tunnel/winipcfg/winipcfg.go
index dd09d3a0..e24157b9 100644
--- a/tunnel/winipcfg/winipcfg.go
+++ b/tunnel/winipcfg/winipcfg.go
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: MIT
  *
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
  */
 
 package winipcfg
@@ -170,18 +170,18 @@ func GetIPForwardTable2(family AddressFamily) ([]MibIPforwardRow2, error) {
 //sys	cancelMibChangeNotify2(notificationHandle windows.Handle) (ret error) = iphlpapi.CancelMibChangeNotify2
 
 //
-// Undocumented DNS API
+// DNS-related functions
 //
 
-//sys	setInterfaceDnsSettingsByPtr(guid *windows.GUID, settings *dnsInterfaceSettings) (ret error) = iphlpapi.SetInterfaceDnsSettings?
-//sys	setInterfaceDnsSettingsByQwords(guid1 uintptr, guid2 uintptr, settings *dnsInterfaceSettings) (ret error) = iphlpapi.SetInterfaceDnsSettings?
-//sys	setInterfaceDnsSettingsByDwords(guid1 uintptr, guid2 uintptr, guid3 uintptr, guid4 uintptr, settings *dnsInterfaceSettings) (ret error) = iphlpapi.SetInterfaceDnsSettings?
+//sys	setInterfaceDnsSettingsByPtr(guid *windows.GUID, settings *DnsInterfaceSettings) (ret error) = iphlpapi.SetInterfaceDnsSettings?
+//sys	setInterfaceDnsSettingsByQwords(guid1 uintptr, guid2 uintptr, settings *DnsInterfaceSettings) (ret error) = iphlpapi.SetInterfaceDnsSettings?
+//sys	setInterfaceDnsSettingsByDwords(guid1 uintptr, guid2 uintptr, guid3 uintptr, guid4 uintptr, settings *DnsInterfaceSettings) (ret error) = iphlpapi.SetInterfaceDnsSettings?
 
 // The GUID is passed by value, not by reference, which means different
 // things on different calling conventions.  On amd64, this means it's
 // passed by reference anyway, while on arm, arm64, and 386, it's split
 // into words.
-func setInterfaceDnsSettings(guid windows.GUID, settings *dnsInterfaceSettings) error {
+func SetInterfaceDnsSettings(guid windows.GUID, settings *DnsInterfaceSettings) error {
 	words := (*[4]uintptr)(unsafe.Pointer(&guid))
 	switch runtime.GOARCH {
 	case "amd64":
diff --git a/tunnel/winipcfg/winipcfg_test.go b/tunnel/winipcfg/winipcfg_test.go
index 7689a0c1..b49daf33 100644
--- a/tunnel/winipcfg/winipcfg_test.go
+++ b/tunnel/winipcfg/winipcfg_test.go
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: MIT
  *
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
  */
 
 /*
@@ -8,8 +8,8 @@
 Some tests in this file require:
 
 - A dedicated network adapter
-	Any network adapter will do. It may be virtual (Wintun etc.). The adapter name
-	must contain string "winipcfg_test".
+	Any network adapter will do. It may be virtual (WireGuardNT, Wintun,
+	etc.). The adapter name must contain string "winipcfg_test".
 	Tests will add, remove, flush DNS servers, change adapter IP address, manipulate
 	routes etc.
 	The adapter will not be returned to previous state, so use an expendable one.
@@ -22,8 +22,7 @@ Some tests in this file require:
 package winipcfg
 
 import (
-	"bytes"
-	"net"
+	"net/netip"
 	"strings"
 	"syscall"
 	"testing"
@@ -38,22 +37,13 @@ const (
 
 // TODO: Add IPv6 tests.
 var (
-	unexistentIPAddresToAdd = net.IPNet{
-		IP:   net.IP{172, 16, 1, 114},
-		Mask: net.IPMask{255, 255, 255, 0},
-	}
-	unexistentRouteIPv4ToAdd = RouteData{
-		Destination: net.IPNet{
-			IP:   net.IP{172, 16, 200, 0},
-			Mask: net.IPMask{255, 255, 255, 0},
-		},
-		NextHop: net.IP{172, 16, 1, 2},
-		Metric:  0,
-	}
-	dnsesToSet = []net.IP{
-		net.IPv4(8, 8, 8, 8),
-		net.IPv4(8, 8, 4, 4),
+	nonexistantIPv4ToAdd      = netip.MustParsePrefix("172.16.1.114/24")
+	nonexistentRouteIPv4ToAdd = RouteData{
+		Destination: netip.MustParsePrefix("172.16.200.0/24"),
+		NextHop:     netip.MustParseAddr("172.16.1.2"),
+		Metric:      0,
 	}
+	dnsesToSet = []netip.Addr{netip.MustParseAddr("8.8.8.8"), netip.MustParseAddr("8.8.4.4")}
 )
 
 func runningElevated() bool {
@@ -74,7 +64,7 @@ func getTestInterface() (*IPAdapterAddresses, error) {
 
 	marker := strings.ToLower(testInterfaceMarker)
 	for _, ifc := range ifcs {
-		if strings.Index(strings.ToLower(ifc.FriendlyName()), marker) != -1 {
+		if strings.Contains(strings.ToLower(ifc.FriendlyName()), marker) {
 			return ifc, nil
 		}
 	}
@@ -380,9 +370,9 @@ func TestAddDeleteIPAddress(t *testing.T) {
 		return
 	}
 
-	addr, err := ifc.LUID.IPAddress(unexistentIPAddresToAdd.IP)
+	addr, err := ifc.LUID.IPAddress(nonexistantIPv4ToAdd.Addr())
 	if err == nil {
-		t.Errorf("Unicast address %s already exists. Please set unexistentIPAddresToAdd appropriately.", unexistentIPAddresToAdd.IP.String())
+		t.Errorf("Unicast address %s already exists. Please set nonexistantIPv4ToAdd appropriately.", nonexistantIPv4ToAdd.Addr().String())
 		return
 	} else if err != windows.ERROR_NOT_FOUND {
 		t.Errorf("LUID.IPAddress() returned an error: %w", err)
@@ -410,7 +400,7 @@ func TestAddDeleteIPAddress(t *testing.T) {
 	for addr := ifc.FirstUnicastAddress; addr != nil; addr = addr.Next {
 		count--
 	}
-	err = ifc.LUID.AddIPAddresses([]net.IPNet{unexistentIPAddresToAdd})
+	err = ifc.LUID.AddIPAddresses([]netip.Prefix{nonexistantIPv4ToAdd})
 	if err != nil {
 		t.Errorf("LUID.AddIPAddresses() returned an error: %w", err)
 	}
@@ -424,26 +414,26 @@ func TestAddDeleteIPAddress(t *testing.T) {
 	if count != 1 {
 		t.Errorf("After adding there are %d new interface(s).", count)
 	}
-	addr, err = ifc.LUID.IPAddress(unexistentIPAddresToAdd.IP)
+	addr, err = ifc.LUID.IPAddress(nonexistantIPv4ToAdd.Addr())
 	if err != nil {
 		t.Errorf("LUID.IPAddress() returned an error: %w", err)
 	} else if addr == nil {
-		t.Errorf("Unicast address %s still doesn't exist, although it's added successfully.", unexistentIPAddresToAdd.IP.String())
+		t.Errorf("Unicast address %s still doesn't exist, although it's added successfully.", nonexistantIPv4ToAdd.Addr().String())
 	}
 	if !created {
 		t.Errorf("Notification handler has not been called on add.")
 	}
 
-	err = ifc.LUID.DeleteIPAddress(unexistentIPAddresToAdd)
+	err = ifc.LUID.DeleteIPAddress(nonexistantIPv4ToAdd)
 	if err != nil {
 		t.Errorf("LUID.DeleteIPAddress() returned an error: %w", err)
 	}
 
 	time.Sleep(500 * time.Millisecond)
 
-	addr, err = ifc.LUID.IPAddress(unexistentIPAddresToAdd.IP)
+	addr, err = ifc.LUID.IPAddress(nonexistantIPv4ToAdd.Addr())
 	if err == nil {
-		t.Errorf("Unicast address %s still exists, although it's deleted successfully.", unexistentIPAddresToAdd.IP.String())
+		t.Errorf("Unicast address %s still exists, although it's deleted successfully.", nonexistantIPv4ToAdd.Addr().String())
 	} else if err != windows.ERROR_NOT_FOUND {
 		t.Errorf("LUID.IPAddress() returned an error: %w", err)
 	}
@@ -460,14 +450,13 @@ func TestGetRoutes(t *testing.T) {
 }
 
 func TestAddDeleteRoute(t *testing.T) {
-	findRoute := func(luid LUID, dest net.IPNet) ([]MibIPforwardRow2, error) {
+	findRoute := func(luid LUID, dest netip.Prefix) ([]MibIPforwardRow2, error) {
 		var family AddressFamily
-		switch {
-		case dest.IP.To4() != nil:
+		if dest.Addr().Is4() {
 			family = windows.AF_INET
-		case dest.IP.To16() != nil:
+		} else if dest.Addr().Is6() {
 			family = windows.AF_INET6
-		default:
+		} else {
 			return nil, windows.ERROR_INVALID_PARAMETER
 		}
 		r, err := GetIPForwardTable2(family)
@@ -475,9 +464,8 @@ func TestAddDeleteRoute(t *testing.T) {
 			return nil, err
 		}
 		matches := make([]MibIPforwardRow2, 0, len(r))
-		ones, _ := dest.Mask.Size()
 		for _, route := range r {
-			if route.InterfaceLUID == luid && route.DestinationPrefix.PrefixLength == uint8(ones) && route.DestinationPrefix.Prefix.Family == family && route.DestinationPrefix.Prefix.IP().Equal(dest.IP) {
+			if route.InterfaceLUID == luid && route.DestinationPrefix.PrefixLength == uint8(dest.Bits()) && route.DestinationPrefix.RawPrefix.Family == family && route.DestinationPrefix.RawPrefix.Addr() == dest.Addr() {
 				matches = append(matches, route)
 			}
 		}
@@ -494,20 +482,20 @@ func TestAddDeleteRoute(t *testing.T) {
 		return
 	}
 
-	_, err = ifc.LUID.Route(unexistentRouteIPv4ToAdd.Destination, unexistentRouteIPv4ToAdd.NextHop)
+	_, err = ifc.LUID.Route(nonexistentRouteIPv4ToAdd.Destination, nonexistentRouteIPv4ToAdd.NextHop)
 	if err == nil {
-		t.Error("LUID.Route() returned a route although it isn't added yet. Have you forgot to set unexistentRouteIPv4ToAdd appropriately?")
+		t.Error("LUID.Route() returned a route although it isn't added yet. Have you forgot to set nonexistentRouteIPv4ToAdd appropriately?")
 		return
 	} else if err != windows.ERROR_NOT_FOUND {
 		t.Errorf("LUID.Route() returned an error: %w", err)
 		return
 	}
 
-	routes, err := findRoute(ifc.LUID, unexistentRouteIPv4ToAdd.Destination)
+	routes, err := findRoute(ifc.LUID, nonexistentRouteIPv4ToAdd.Destination)
 	if err != nil {
 		t.Errorf("findRoute() returned an error: %w", err)
 	} else if len(routes) != 0 {
-		t.Errorf("findRoute() returned %d items although the route isn't added yet. Have you forgot to set unexistentRouteIPv4ToAdd appropriately?", len(routes))
+		t.Errorf("findRoute() returned %d items although the route isn't added yet. Have you forgot to set nonexistentRouteIPv4ToAdd appropriately?", len(routes))
 	}
 
 	var created, deleted bool
@@ -524,42 +512,42 @@ func TestAddDeleteRoute(t *testing.T) {
 	} else {
 		defer cb.Unregister()
 	}
-	err = ifc.LUID.AddRoute(unexistentRouteIPv4ToAdd.Destination, unexistentRouteIPv4ToAdd.NextHop, unexistentRouteIPv4ToAdd.Metric)
+	err = ifc.LUID.AddRoute(nonexistentRouteIPv4ToAdd.Destination, nonexistentRouteIPv4ToAdd.NextHop, nonexistentRouteIPv4ToAdd.Metric)
 	if err != nil {
 		t.Errorf("LUID.AddRoute() returned an error: %w", err)
 	}
 
 	time.Sleep(500 * time.Millisecond)
 
-	route, err := ifc.LUID.Route(unexistentRouteIPv4ToAdd.Destination, unexistentRouteIPv4ToAdd.NextHop)
+	route, err := ifc.LUID.Route(nonexistentRouteIPv4ToAdd.Destination, nonexistentRouteIPv4ToAdd.NextHop)
 	if err == windows.ERROR_NOT_FOUND {
 		t.Error("LUID.Route() returned nil although the route is added successfully.")
 	} else if err != nil {
 		t.Errorf("LUID.Route() returned an error: %w", err)
-	} else if !route.DestinationPrefix.Prefix.IP().Equal(unexistentRouteIPv4ToAdd.Destination.IP) || !route.NextHop.IP().Equal(unexistentRouteIPv4ToAdd.NextHop) {
+	} else if route.DestinationPrefix.RawPrefix.Addr() != nonexistentRouteIPv4ToAdd.Destination.Addr() || route.NextHop.Addr() != nonexistentRouteIPv4ToAdd.NextHop {
 		t.Error("LUID.Route() returned a wrong route!")
 	}
 	if !created {
 		t.Errorf("Route handler has not been called on add.")
 	}
 
-	routes, err = findRoute(ifc.LUID, unexistentRouteIPv4ToAdd.Destination)
+	routes, err = findRoute(ifc.LUID, nonexistentRouteIPv4ToAdd.Destination)
 	if err != nil {
 		t.Errorf("findRoute() returned an error: %w", err)
 	} else if len(routes) != 1 {
 		t.Errorf("findRoute() returned %d items although %d is expected.", len(routes), 1)
-	} else if !routes[0].DestinationPrefix.Prefix.IP().Equal(unexistentRouteIPv4ToAdd.Destination.IP) {
-		t.Errorf("findRoute() returned a wrong route. Dest: %s; expected: %s.", routes[0].DestinationPrefix.Prefix.IP().String(), unexistentRouteIPv4ToAdd.Destination.IP.String())
+	} else if routes[0].DestinationPrefix.RawPrefix.Addr() != nonexistentRouteIPv4ToAdd.Destination.Addr() {
+		t.Errorf("findRoute() returned a wrong route. Dest: %s; expected: %s.", routes[0].DestinationPrefix.RawPrefix.Addr().String(), nonexistentRouteIPv4ToAdd.Destination.Addr().String())
 	}
 
-	err = ifc.LUID.DeleteRoute(unexistentRouteIPv4ToAdd.Destination, unexistentRouteIPv4ToAdd.NextHop)
+	err = ifc.LUID.DeleteRoute(nonexistentRouteIPv4ToAdd.Destination, nonexistentRouteIPv4ToAdd.NextHop)
 	if err != nil {
 		t.Errorf("LUID.DeleteRoute() returned an error: %w", err)
 	}
 
 	time.Sleep(500 * time.Millisecond)
 
-	_, err = ifc.LUID.Route(unexistentRouteIPv4ToAdd.Destination, unexistentRouteIPv4ToAdd.NextHop)
+	_, err = ifc.LUID.Route(nonexistentRouteIPv4ToAdd.Destination, nonexistentRouteIPv4ToAdd.NextHop)
 	if err == nil {
 		t.Error("LUID.Route() returned a route although it is removed successfully.")
 	} else if err != windows.ERROR_NOT_FOUND {
@@ -569,7 +557,7 @@ func TestAddDeleteRoute(t *testing.T) {
 		t.Errorf("Route handler has not been called on delete.")
 	}
 
-	routes, err = findRoute(ifc.LUID, unexistentRouteIPv4ToAdd.Destination)
+	routes, err = findRoute(ifc.LUID, nonexistentRouteIPv4ToAdd.Destination)
 	if err != nil {
 		t.Errorf("findRoute() returned an error: %w", err)
 	} else if len(routes) != 0 {
@@ -606,7 +594,7 @@ func TestFlushDNS(t *testing.T) {
 		t.Errorf("LUID.DNS() returned an error: %w", err)
 	}
 	for _, a := range dns {
-		if len(a) != 16 || a.To4() != nil || !((a[15] == 1 || a[15] == 2 || a[15] == 3) && bytes.HasPrefix(a, []byte{0xfe, 0xc0, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00})) {
+		if a.Is4() {
 			n++
 		}
 	}
@@ -651,7 +639,7 @@ func TestSetDNS(t *testing.T) {
 		t.Errorf("dnsesToSet contains %d items, while DNSServerAddresses contains %d.", len(dnsesToSet), len(newDNSes))
 	} else {
 		for i := range dnsesToSet {
-			if !dnsesToSet[i].Equal(newDNSes[i]) {
+			if dnsesToSet[i] != newDNSes[i] {
 				t.Errorf("dnsesToSet[%d] = %s while DNSServerAddresses[%d] = %s.", i, dnsesToSet[i].String(), i, newDNSes[i].String())
 			}
 		}
diff --git a/tunnel/winipcfg/zwinipcfg_windows.go b/tunnel/winipcfg/zwinipcfg_windows.go
index ac89fec1..3a0d8680 100644
--- a/tunnel/winipcfg/zwinipcfg_windows.go
+++ b/tunnel/winipcfg/zwinipcfg_windows.go
@@ -289,7 +289,7 @@ func notifyUnicastIPAddressChange(family AddressFamily, callback uintptr, caller
 	return
 }
 
-func setInterfaceDnsSettingsByDwords(guid1 uintptr, guid2 uintptr, guid3 uintptr, guid4 uintptr, settings *dnsInterfaceSettings) (ret error) {
+func setInterfaceDnsSettingsByDwords(guid1 uintptr, guid2 uintptr, guid3 uintptr, guid4 uintptr, settings *DnsInterfaceSettings) (ret error) {
 	ret = procSetInterfaceDnsSettings.Find()
 	if ret != nil {
 		return
@@ -301,24 +301,24 @@ func setInterfaceDnsSettingsByDwords(guid1 uintptr, guid2 uintptr, guid3 uintptr
 	return
 }
 
-func setInterfaceDnsSettingsByPtr(guid *windows.GUID, settings *dnsInterfaceSettings) (ret error) {
+func setInterfaceDnsSettingsByQwords(guid1 uintptr, guid2 uintptr, settings *DnsInterfaceSettings) (ret error) {
 	ret = procSetInterfaceDnsSettings.Find()
 	if ret != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procSetInterfaceDnsSettings.Addr(), 2, uintptr(unsafe.Pointer(guid)), uintptr(unsafe.Pointer(settings)), 0)
+	r0, _, _ := syscall.Syscall(procSetInterfaceDnsSettings.Addr(), 3, uintptr(guid1), uintptr(guid2), uintptr(unsafe.Pointer(settings)))
 	if r0 != 0 {
 		ret = syscall.Errno(r0)
 	}
 	return
 }
 
-func setInterfaceDnsSettingsByQwords(guid1 uintptr, guid2 uintptr, settings *dnsInterfaceSettings) (ret error) {
+func setInterfaceDnsSettingsByPtr(guid *windows.GUID, settings *DnsInterfaceSettings) (ret error) {
 	ret = procSetInterfaceDnsSettings.Find()
 	if ret != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procSetInterfaceDnsSettings.Addr(), 3, uintptr(guid1), uintptr(guid2), uintptr(unsafe.Pointer(settings)))
+	r0, _, _ := syscall.Syscall(procSetInterfaceDnsSettings.Addr(), 2, uintptr(unsafe.Pointer(guid)), uintptr(unsafe.Pointer(settings)), 0)
 	if r0 != 0 {
 		ret = syscall.Errno(r0)
 	}