Since the tree is already locked for 3.3, this is a post-3.3 issue, so there's no reason to get agitated over it yet :)
These counters are increased with every packet, and per-packet cost has the most impact on performance (as compared to per-connection), so this has to be efficient. Associating the right counters with a given interface pointer (struct ifnet *) in O(1) (constant time, independant of the number of interfaces) is therefore what we need. Traversing the list of interfaces linearly to find the right pointer is not good enough, and hashing a pointer into an array index seems overkill as well. A good solution would be to add a field to struct ifnet itself (either the counters themselves or a pointer to an optional sub-struct), then the access would be of constant time. We'd have to adjust the pf ioctl to fetch statistics for a specified interface and add some switch to pfctl so you can specify it on the command line. This part wouldn't be much of a problem. Let's postpone this after 3.3-release, when we have all the time we need to do it right :) Daniel
