I'm writing an XDP filter (in C) which matches on some header fields and depending on e.g. the source address, it should do some actions. Now for my case I'd like to move everything possible to compile-time, so there is no need for an user-space program for configuring the ruleset (the ruleset is already known during compile-time). Of course this ruleset stays fix during the complete runtime, under no circumstances will there be a change in the ruleset (without recompilation)
My initial idea was to put the ruleset in an array, search if the e.g. address is contained in that array and then retrieve additional parameters from that matched element in the array.
Now I think this approach illustrates what I mean by doing the complete configuration already during compile-time. The drawback is that the matching in the array is gonna be rather slow and some map/hash-table approach would be nice.
Does anyone have an idea how to do this? (baking the map/hash-table with the ruleset into the binary)
The thing I came across quite frequently during my online research was obviously the xdp-maps. But I didn't find a way how to populate them already during compile-time. And as a matter of facts I don't need this possibility of communicating to some userspace process.
TL;DR. Static initialization of BPF maps is only supported for prog arrays and maps of maps at the moment. Hashmaps are not supported.
Examples of static initialization
Unfortunately, at the moment, libbpf will error with the following if you try to statically initialize any other type of map:
libbpf: map 'static_init_array': should be map-in-map or prog-array.
Error: failed to open BPF object file: Operation not supported