Merge maps filtering on sets with identical keys #381
Description
When a ruleset contains a set, bpfilter will create a dedicated BPF hash map with the set's key as the key, and an empty value. Effectively using a BPF hash map as a set data structure.
If many sets are defined with the same key, bpfilter will create as many BPF hash map, eventually hitting the 64 maps per-program limit.
This should overcome this limitation by leveraging the BPF hash map's value field: instead of an empty value, bpfilter should store a bitmask to identify the original set the value is coming from.
For the following sets:
(ip4.saddr) in {192.168.1.1; 192.168.1.2} # First set with (ip4.saddr) key
(ip4.saddr) in {192.168.1.1; 192.168.1.3} # Second set with (ip4.saddr) key
bpfilter should generate the following BPF hash map:
192.168.1.1: 0b00000011
192.168.1.2: 0b00000001
192.168.1.3: 0b00000010
At runtime, the generated bytecode will have to ensure the value stored in the map has a bit set for the corresponding original set (the first, or the second, in the example above).