diff --git a/pass-1/Makefile b/pass-1/Makefile
index 168d8ee..dd781f5 100644
--- a/pass-1/Makefile
+++ b/pass-1/Makefile
@@ -9,7 +9,9 @@ all: wrapper unwrapper
 
 rlocs.o: util.o
 
-wrapper: util.o rlocs.o
+packet.o: util.o
+
+wrapper: util.o rlocs.o packet.o
 
 clean:
 	rm -f wrapper unwrapper *.o
diff --git a/pass-1/packet.c b/pass-1/packet.c
new file mode 100644
index 0000000..fae2e40
--- /dev/null
+++ b/pass-1/packet.c
@@ -0,0 +1,35 @@
+#include "packet.h"
+
+// shamelessly copied from:
+// http://www.roman10.net/how-to-calculate-iptcpudp-checksumpart-2-implementation/
+unsigned short compute_checksum(unsigned short *addr, unsigned int count) {
+
+  unsigned long sum = 0;
+
+  while (count > 1) {
+    sum += * addr++;
+    count -= 2;
+  }
+
+  //if any bytes left, pad the bytes and add
+  if(count > 0) {
+    sum += ((*addr)&htons(0xFF00));
+  }
+
+  //Fold sum to 16 bits: add carrier to result
+  while (sum>>16) {
+      sum = (sum & 0xffff) + (sum >> 16);
+  }
+
+  //one's complement
+  sum = ~sum;
+
+  return ((unsigned short)sum);
+
+}
+
+void compute_ip_checksum(struct iphdr* pkt)
+{
+  pkt->check = 0x0000;
+  pkt->check = compute_checksum( (unsigned short*) pkt, pkt->ihl * 4 );
+}
diff --git a/pass-1/packet.h b/pass-1/packet.h
new file mode 100644
index 0000000..2eb8cbd
--- /dev/null
+++ b/pass-1/packet.h
@@ -0,0 +1,40 @@
+#ifndef _PACKET_H_
+#define _PACKET_H_
+
+#include <arpa/inet.h>
+#include <netinet/ip.h>
+#include <netinet/ip6.h>
+
+struct packet {
+    union {
+#ifdef __USE_BSD
+        struct ip ip;
+#else
+        struct iphdr ip;
+#endif
+        struct ip6_hdr ip6;
+    } hdr;
+    char payload[IP_MAXPACKET]; /* payload is this - header size, but OK */
+};
+
+// wrapper.c expects this name
+#define recv_pkt packet
+
+
+// It's all our code that uses this. 12 is much more than we need to
+// construct a wrapped packet at the moment.
+//
+// initial usage:
+//   0 - wrapping ip header, including enc_size
+//   1 - encrypted portion of payload, in scratch.
+//   2 - unencrypted portion of payload, in recv_pkt
+#define MAX_IOVS 12
+struct rsp_data {
+    int count;
+    struct iovec iovs[MAX_IOVS];
+    unsigned char scratch[IP_MAXPACKET]; // somewhere easy to put results
+};
+
+void compute_ip_checksum( struct iphdr* pkt );
+
+#endif
\ No newline at end of file
diff --git a/pass-1/util.c b/pass-1/util.c
index 78c234f..af51f56 100644
--- a/pass-1/util.c
+++ b/pass-1/util.c
@@ -52,43 +52,6 @@ int create_tun( const char* name )
     return fd;
 }
 
-
-// shamelessly copied from:
-// http://www.roman10.net/how-to-calculate-iptcpudp-checksumpart-2-implementation/
-unsigned short compute_checksum(unsigned short *addr, unsigned int count) {
-
-  unsigned long sum = 0;
-
-  while (count > 1) {
-    sum += * addr++;
-    count -= 2;
-  }
-
-  //if any bytes left, pad the bytes and add
-  if(count > 0) {
-    sum += ((*addr)&htons(0xFF00));
-  }
-
-  //Fold sum to 16 bits: add carrier to result
-  while (sum>>16) {
-      sum = (sum & 0xffff) + (sum >> 16);
-  }
-
-  //one's complement
-  sum = ~sum;
-
-  return ((unsigned short)sum);
-
-}
-
-void compute_ip_checksum(struct iphdr* pkt)
-{
-  pkt->check = 0x0000;
-  pkt->check = compute_checksum( (unsigned short*) pkt, pkt->ihl * 4 );
-}
-
-
-
 int link_set_up( char *link_name, int state )
 {
     int fd = socket( PF_INET, SOCK_DGRAM, IPPROTO_IP );
diff --git a/pass-1/util.h b/pass-1/util.h
index 5d857ca..1ca2ee7 100644
--- a/pass-1/util.h
+++ b/pass-1/util.h
@@ -14,8 +14,6 @@
 
 void* xmalloc( size_t bytes );
 int create_tun( const char* name );
-void compute_ip_checksum( struct iphdr* pkt );
-
 
 int link_set_up( char *link_name, int state );
 
diff --git a/pass-1/wrapper.c b/pass-1/wrapper.c
index 8895b2f..9949967 100644
--- a/pass-1/wrapper.c
+++ b/pass-1/wrapper.c
@@ -1,18 +1,11 @@
 #include "util.h"
 #include "rlocs.h"
 
-
-// We use a TUN device right now so we don't have to care about layer 2 headers
-// or complicated, hard scaling stuff. This isn't likely to scale very well.
-
-
 #include <assert.h>
 #include <unistd.h>
 #include <errno.h>
 
-#include <arpa/inet.h>
-#include <netinet/ip.h>
-#include <netinet/ip6.h>
+#include "packet.h"
 
 // We use writev() to send the packet, so we don't have to copy the
 // unencrypted part.
@@ -25,32 +18,6 @@ typedef struct wrapper {
     int same_if;
 } wrapper;
 
-struct recv_pkt {
-    union {
-#ifdef __USE_BSD
-        struct ip ip;
-#else
-        struct iphdr ip;
-#endif
-        struct ip6_hdr ip6;
-    } hdr;
-    char payload[IP_MAXPACKET]; /* payload is this - header size, but OK */
-};
-
-
-// It's all our code that uses this. 12 is more than we probably need to
-// construct a wrapped packet - just being careful.
-//
-// initial usage:
-//   0 - wrapping ip header, including enc_size
-//   1 - encrypted portion of payload, in scratch.
-//   2 - unencrypted portion of payload, in recv_pkt
-#define MAX_IOVS 12
-struct rsp_data {
-    int count;
-    struct iovec iovs[MAX_IOVS];
-    unsigned char scratch[IP_MAXPACKET]; // somewhere easy to put results
-};
 
 int wrap_ipv4_packet(struct rlocs* reg, struct recv_pkt* pkt, struct rsp_data* out)
 {
@@ -173,7 +140,7 @@ int wrap_ipv6_packet(struct rlocs *reg, struct recv_pkt* pkt, struct rsp_data* o
 int main(int argc, char** argv)
 {
     wrapper wrap;
-
+    
     if ( argc < 4 ) {
         warn( "Usage: %s <rloc database> <listen_ifname> <output_ifname>", argv[0] );
         return 1;