Update INSTALL.md

Add `libfl-dev` to the dependencies on debian to prevent the following error:
```
[ 16%] Building CXX object src/cc/frontends/b/CMakeFiles/b_frontend.dir/loader.cc.o
In file included from /root/bcc/src/cc/frontends/b/parser.h:21:0,
                 from /root/bcc/src/cc/frontends/b/loader.cc:17:
/root/bcc/src/cc/frontends/b/lexer.h:22:23: fatal error: FlexLexer.h: No such file or directory
 #include <FlexLexer.h>
                       ^
compilation terminated.
```

Two minor fixes on Stack-trace table

avoid symbol demangling if the symbol is not a mangled symbol

Fix issue #1641

The bcc user space stack is not printed out properly.

From https://en.wikipedia.org/wiki/Name_mangling,
all mangled symbols begin with _Z, and an identifier
beginning with an underscore followed by a capital is
a reserved identifier in C, so conflict with user identifiers
is avoided.

Further, from the llvm demangle code
https://github.com/llvm-mirror/libcxxabi/blob/master/src/cxa_demangle.cpp
The demangled name has the following specification:
    <mangled-name> ::= _Z <encoding>
                   ::= <type>
    extension      ::= ___Z <encoding> _block_invoke
    extension      ::= ___Z <encoding> _block_invoke<decimal-digit>+
    extension      ::= ___Z <encoding> _block_invoke_<decimal-digit>+

In the issue #1641, the function name are "f" and "g", which is demangled
to type "float" and "__float128", according to the above implementation.

In bcc case, we only care about functions, so only do demangling
for symbols starting with _Z or ___Z.
Signed-off-by: Yonghong Song <yhs@fb.com>

skip kprobe functions outside normal text section

Fix spelling mistake in raised Exception

Add new targeted error injection tool

scripts: check virtual_list.h's list of helpers

Fix issue #1634.

When kernel is about to attach a kprobe, the following functions
are called:
  register_kprobe
    check_kprobe_address_safe
      kernel_text_address
        core_kernel_text

In core_kernel_text, we have:
        if (addr >= (unsigned long)_stext &&
            addr < (unsigned long)_etext)
                return 1;

Basically, any address outside of [_stext, _etext] will
be rejected.

The functions marked as __init are outside [_stext, _etext].
That is why vfs_caches_init_early and vfs_caches_init
are rejected by trace_kprobe.
Given a regex, this patch avoided attaching these functions
if their func addresses are outside [_stext, _etext] range.
Signed-off-by: Yonghong Song <yhs@fb.com>

sync bpf compat headers with latest net-next

add an example of accessing an externally created map in C++

Some application may need to access a pinned map which is not
created by bcc. This example shows how to incorporate such
maps with C++ APIs.

Basically, the application needs to create a TableStorage and
pre-populate it with pinned map before calling BPF constructor.
The bpf program defines this pinned map as an "extern" map.
Signed-off-by: Yonghong Song <yhs@fb.com>

add the tcpstates tool

docs: add latest eBPF helpers to features list

This patch extends the PYTHON_CMD cmake variable to allow a list of
Python binaries and installs the bcc Python bindings for each Python
installation. The Debian control files are updated to generate bindings
for Python 2 and Python 3. Compiled Python files are excluded from the
Debian packages.
Signed-off-by: Andreas Gerstmayr <andreas@gerstmayr.me>

Add move constructor for BPFStackTable

tcplife: switch to the new sock:inet_sock_set_state tracepoint

properly retrieve IP address from array for python2.7

for python2.7 IP address(src_ip,dst_ip) conversion doesn't work
as expected and throws

Traceback (most recent call last):
  File "_ctypes/callbacks.c", line 315, in 'calling callback function'
  File "/usr/local/lib/python2.7/site-packages/bcc/table.py", line 526, in raw_cb_
    callback(cpu, data, size)
  File "./examples/networking/tc_perf_event.py", line 60, in print_skb_event
    (cpu, socket.inet_ntop(socket.AF_INET6, src_ip),
ValueError: invalid length of packed IP address string

IP string looks like
[254, 128, 0, 0, 0, 0, 0, 0, 156, 237, 12, 255, 254, 42, 90, 31]
Signed-off-by: Nirmoy Das <ndas@suse.de>

bpf_override_return is a very powerful mechanism for error injection,
with the caveat that it requires whitelisting of the functions to be
overriden.

inject.py will take a call chain and optional set of predicates as
input, and inject the appropriate error when both the call chain and all
predicates are satisfied.
Signed-off-by: Howard McLauchlan <hmclauchlan@fb.com>

cmake: search for iperf3 if there is no iperf

Some destro just provide iperf3 like openSUSE Tumbleweed
Signed-off-by: Nirmoy Das <ndas@suse.de>

tools/slabratetop: detect the current memory allocator

fix fd leakage

Currently, slabratetop always included slub_def.h. For the system uses
SLAB, the definition of 'struct kmem_cache' is different and the eBPF
program would fetch the wrong field and print garbages.
Signed-off-by: Gary Lin <glin@suse.com>