I'm attempting to track down the problem in kern/25999 (bimap statements
in ipnat.conf are causing corrupted translations), and I've jumped
into the ipnat code (possibly over my head) to try and figure out
what's causing the problem.  Please keep in mind that this is my
first time even _looking_ at this code, and it's quite possible
(even likely) that I'm just missing something.

In order to track down the problem and familiarize myself with the code,
I started sprinkling some debugging printf()s in various likely places
in sys/netinet/ip_nat.c, and I've located what seems to be a problem -
in nat_new(), a natinfo_t "ni" is declared, and from what I can tell,
on line 2161, with "in = ni.nai_ip;", it's used *without ever having
been initialized*.  &ni is passed to nat_newrdr(), but in fact
one of the first things new_rdr() does is to assign "in = ni->nai_ip;".
I have verified that the "address" in ni.nai_ip is the corrupt
address I see as a result of the bimap, but I'm still not
familiar enough with the code not to doubt myself.

It's also entirely possible that I'm missing something blindingly obvious;
if so, please be gentle.  :)

Thanks,

+j

-- 
Jeff Rizzo                                         http://www.redcrowgroup.com/