diff --git a/wireguard-go-rs/src/lib.rs b/wireguard-go-rs/src/lib.rs
index de839822101c..db500e6d2e71 100644
--- a/wireguard-go-rs/src/lib.rs
+++ b/wireguard-go-rs/src/lib.rs
@@ -199,14 +199,18 @@ impl Drop for Tunnel {
     }
 }
 
+/// Check whether `machines` contains valid, LF-separated maybenot machines. Return an error
+/// otherwise.
 pub fn validate_maybenot_machines(machines: &CStr) -> Result<(), Error> {
     use maybenot_ffi::MaybenotResult;
 
     let mut framework = MaybeUninit::uninit();
+    // SAFETY: `machines` is a null-terminated string, and `&mut framework` is a valid pointer
     let result =
         unsafe { maybenot_ffi::maybenot_start(machines.as_ptr(), 0.0, 0.0, &mut framework) };
 
     if result as u32 == MaybenotResult::Ok as u32 {
+        // SAFETY: `maybenot_start` succeeded, so `framework` points to a valid framework
         unsafe { maybenot_ffi::maybenot_stop(framework.assume_init()) };
         Ok(())
     } else {