Changed key length to 255, maximum length of DNS domain name.
Also fixed double increment of loop variable. These both changes
fix buffer overrun.
Signed-off-by: Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>

bpf_probe_read*: src argument should be const void *.

Fix shared library loaded into multiple sections

Use ELF load sections in address -> symbol resolution

LPM trie maps require the BPF_F_NO_PREALLOC flag on creation. The
need for this flag is not obvious at first; this new macro should
help avoid the mistake.

Fix edge case when doing symbol name -> address resolution

For the following program:

    #include <linux/interrupt.h>

    // remember t(last-interrupt) on interface
    int kprobe__handle_irq_event_percpu(struct pt_regs *ctx, struct irq_desc *desc) {
        const char *irqname = desc->action->name;

        char c;

        bpf_probe_read(&c, 1, &irqname[0]);
        if (c != 'e') return 0;

        bpf_probe_read(&c, 1, &irqname[1]);
        if (c != 't') return 0;

        ...

LLVM gives warnings because irqaction->name is `const char *`:

    /virtual/main.c:10:27: warning: passing 'const char *' to parameter of type 'void *' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers]
        bpf_probe_read(&c, 1, &irqname[0]);
                              ^~~~~~~~~~~
    /virtual/main.c:13:27: warning: passing 'const char *' to parameter of type 'void *' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers]
        bpf_probe_read(&c, 1, &irqname[1]);
                              ^~~~~~~~~~~
    ...

Instead of adding casts in source everywhere fix bpf_probe_read* signature to
indicate the memory referenced by src won't be modified, as it should be.

P.S.

bpf_probe_read_str was in fact already marked so in several places in comments
but not in actual signature.

In order to run, some test programs depend on the availability
of binaries in locations that are part of PATH. So, we add a
generic utility to simplify this.
Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>

If netperf is not installed or installed at a location that is not
in PATH as recognized by Python, then 'test_brb' and 'test_brb2'
freeze after an OSError is raised. To avoid this, we proactively
check if the 'iperf', 'netserver' and 'netperf' binaries are
available before making the corresponding NSPopen() calls.
Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>

Fix 'test_debuginfo' from failing if a kernel symbol has multiple aliases

Update LINKS.md

The first symbol from /proc/kallsyms is read by 'test_debuginfo'
and the name obtained here is compared against the name obtained
from the BPF.ksym() library call. In some architectures such as
powerpc64le, a kernel symbol may have multiple aliases that refer
to the same address. So, to avoid the test from failing, we need
to compare the name returned by BPF.ksym() against all possible
aliases for the given address in /proc/kallsyms and look for a
match.
Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>

Signed-off-by: Gary Lin <glin@suse.com>

Signed-off-by: Colin Ian King <colin.king@canonical.com>

nfsdist: trace NFS operation latency distribution, similar to the other *dist tools.

Fix for incorrect tool arguments in the man pages

Improve string buffer checking on uprobe attach and detach

annotate program tag

Do not create instance for kprobe

Fix for bug in lesson 4 of the Python developer tutorial

during debug of production systems it's difficult to trace back
the kernel reported 'bpf_prog_4985bb0bd6c69631' symbols to the source code
of the program, hence teach bcc to store the main function source
in the /var/tmp/bcc/bpf_prog_4985bb0bd6c69631/ directory.

This program tag is stable. Every time the script is called the tag
will be the same unless source code of the program changes.
During active development of bcc scripts the /var/tmp/bcc/ dir can
get a bunch of stale tags. The users have to trim that dir manually.

Python scripts can be modified to use this feature too, but probably
need to be gated by the flag. For c++ api I think it makes sense
to store the source code always, since the cost is minimal and
c++ api is used by long running services.

Example:
$ ./examples/cpp/LLCStat
$ ls -l /var/tmp/bcc/bpf_prog_4985bb0bd6c69631/
total 16
-rw-r--r--. 1 root root 226 Sep  1 17:30 on_cache_miss.c
-rw-r--r--. 1 root root 487 Sep  1 17:30 on_cache_miss.rewritten.c
-rw-r--r--. 1 root root 224 Sep  1 17:30 on_cache_ref.c
-rw-r--r--. 1 root root 484 Sep  1 17:30 on_cache_ref.rewritten.c

Note that there are two .c files there, since two different
bpf programs have exactly the same bytecode hence same prog_tag.

$ cat /var/tmp/bcc/bpf_prog_4985bb0bd6c69631/on_cache_miss.c
int on_cache_miss(struct bpf_perf_event_data *ctx) {
    struct event_t key = {};
    get_key(&key);

    u64 zero = 0, *val;
    val = miss_count.lookup_or_init(&key, &zero);
...
Signed-off-by: Alexei Starovoitov <ast@fb.com>

bpf_obj_get_info() to retreive prog_tag from the kernel based on prog_fd (kernel 4.13+)
bpf_prog_compute_tag() to compute prog_tag from a set of bpf_insns (kernel independent)
bpf_prog_get_tag() to retrieve prog_tag from /proc/pid/fdinfo/fd (kernel 4.10+)
Signed-off-by: Alexei Starovoitov <ast@fb.com>

docs: update features list

examples: fixed http_filter example

Loop unrolling wasn't happening because of variable upper
bound. Making it const fixes the problem.

Tested with 4.13.0-rc6 on fedora 26