On Tue, Jul 15, 2003 at 07:34:38PM +0300, Alexey E. Suslikov wrote: > i am seriously confused. should i try GENERIC for completely clean > tests?
You're possibly the first person to try reply-to with translating states on vlan interfaces. pf attaches an mbuf tag after doing the state match and reverse-translation, which causes the packet to pass without a second state lookup after translation. It looks like that mbuf tag is lost somewhere in vlan code, so pf does a second state lookup after translation, which of course fails. I'm not using vlans, so I won't be of much help, I'm afraid. But if you're willing to update to -current and try patches, let us know. Daniel
