--- hipfw/rewrite.c	2013-08-19 18:30:29 +0000
+++ hipfw/rewrite.c	2016-03-08 19:40:20 +0100
@@ -74,7 +74,7 @@
 
 struct scratch_buffer {
     hip_ipq_packet_msg ipq;
-    uint8_t           *payload[HIP_MAX_PACKET];
+    uint8_t            payload[HIP_MAX_PACKET];
 } __attribute__((packed)); // no gaps between header and payload
 
 static struct scratch_buffer scratch_buffer;
@@ -146,24 +146,31 @@
     }
 
     if (ctx->ipq_packet != &scratch_buffer.ipq) {
-        // simply rebase the old pointers
+        // copy metadata (memberwise) and packet data
+        scratch_buffer.ipq = ctx->ipq_packet;
+        memcpy(scratch_buffer.payload, ctx->ipq_packet->payload,
+               ctx->ipq_packet->data_len);
+
+        // rebase pointers in ctx to point into scratch copy
         if (ctx->ip_version == 4) {
-            ctx->ip_hdr.ipv4 = rebase(ctx->ip_hdr.ipv4, ctx->ipq_packet,
-                                      &scratch_buffer.ipq);
+            ctx->ip_hdr.ipv4 = rebase(ctx->ip_hdr.ipv4, ctx->ipq_packet->payload,
+                                      scratch_buffer.payload);
         } else {
             HIP_ASSERT(ctx->ip_version == 6);
-            ctx->ip_hdr.ipv6 = rebase(ctx->ip_hdr.ipv6, ctx->ipq_packet,
-                                      &scratch_buffer.ipq);
+            ctx->ip_hdr.ipv6 = rebase(ctx->ip_hdr.ipv6, ctx->ipq_packet->payload,
+                                      scratch_buffer.payload);
         }
 
         switch (ctx->packet_type) {
         case ESP_PACKET:
-            ctx->transport_hdr.esp = rebase(ctx->transport_hdr.esp, ctx->ipq_packet,
-                                            &scratch_buffer.ipq);
+            ctx->transport_hdr.esp = rebase(ctx->transport_hdr.esp,
+                                            ctx->ipq_packet->payload,
+                                            scratch_buffer.payload);
             break;
         case HIP_PACKET:
-            ctx->transport_hdr.hip = rebase(ctx->transport_hdr.hip, ctx->ipq_packet,
-                                            &scratch_buffer.ipq);
+            ctx->transport_hdr.hip = rebase(ctx->transport_hdr.hip,
+                                            ctx->ipq_packet->payload,
+                                            scratch_buffer.payload);
             break;
         case OTHER_PACKET:
             break;
@@ -172,15 +179,14 @@
         }
 
         if (ctx->udp_encap_hdr) {
-            ctx->udp_encap_hdr = rebase(ctx->udp_encap_hdr, ctx->ipq_packet,
-                                        &scratch_buffer.ipq);
+            ctx->udp_encap_hdr = rebase(ctx->udp_encap_hdr,
+                                        ctx->ipq_packet->payload,
+                                        scratch_buffer.payload);
         }
 
-        // copy ipq packet plus payload
-        memcpy(&scratch_buffer.ipq, ctx->ipq_packet,
-               sizeof(*ctx->ipq_packet) + ctx->ipq_packet->data_len);
-        ctx->ipq_packet = &scratch_buffer.ipq;
-        ctx->modified   = 1;
+        ctx->ipq_packet          = &scratch_buffer.ipq;
+        ctx->ipq_packet->payload = scratch_buffer.payload;
+        ctx->modified            = 1;
     } else {
         // second invocation
         HIP_ASSERT(ctx->modified);