I'm writing a BPF tool that maintains a per-process trace, which means I'll need a 2d data structure of some sort. To bypass the 512 byte limitation, I've decided that going with the supported structs (maps) is my best bet. After glancing at the iovisor docs, it seemed like BPF_HASH_OF_MAPS was the structure I needed. I presumed this structure offered a key-value pairing wherein the "value" was another BPF map. However, based on the parameters it takes, the "outer" structure seems to be an array (personally, from the github documenation, I can't tell the difference between BPF_HASH_OF_MAPS and BPF_ARRAY_OF_MAPS). Have I been misled: does the BPF_HASH_OF_MAPS structure provide hashmap like functionality?
You're correct. bcc doesn't make a different between BPF_HASH_OF_MAPS and BPF_ARRAY_OF_MAPS, as least in how they're exposed. In the kernel, they actually are two different data structures and a BPF hash of maps can have keys of various sizes.
bcc defines a hardcoded int as the key type (first int below) for the BPF_HASH_OF_MAPS maps:
#define BPF_HASH_OF_MAPS(_name, _inner_map_name, _max_entries) \
BPF_TABLE("hash_of_maps$" _inner_map_name, int, int, _name, _max_entries)
To use different key types, you can simply use BPF_TABLE in place of BPF_HASH_OF_MAPS.