* cc: bcc function to detect the language of a process

bcc_procutils_language looks into /proc/$pid/cmdline, /proc/$pid/exe,
and /proc/$pid/maps to determine the language.
Python wrapper takes a list of candidate languages; if the detected
language is not part of the list, None is returned.

* u* tools: automatically detect the language

Uses the detect_language bcc helper. -l switch can override the
detected language. In uthreads and ucalls, the language can be
overwritten to 'none' to trace pthreads and syscalls respectively.

All tools use the -l switch to set the language, for consistency.

Improve helper Macros

* Bcc should look at mountns during symbol resolution.

Allow bcc to resolve symbols in processes that have mappings in a
different mount namespace.  This allows us to obtain stack traces from
the host when our target resides in a container.  With this change it's
possible to get stacks from targets that used to show up as unknown.

* When searching for perf-map files look in container, and then host.

Allow perf-map files to exist either in the container under the pid
that's specific to the container's pid namespace, or in the host
container using the pid that's specific to the initial pid namespace.
This lets us store the perf-map either in the continer or on the host,
depending upon which is easier for the person performing the debugging.

* Allow bcc to place uprobes and USDT probes in containers.

The uprobe/usdt mechanism uses the target's inode in order to determine
where to place the probe.  The inode lookup occurs at the time the file
path is written to uprobe_events.  If bpf_attach_uprobe() has been
passed a pid, and that pid is in a different mount namespace from the
caller, attempt to switch to the victim's mount namespace so that we can
select the correct inode for the probe.

* Add unit tests for the container improvements code.

With the current API it is not possible to load any kind of ebpf
program, for example BPF_PROG_TYPE_SCHED_CLS, this commit solves that by
defining load_func and unload_func as part of the public API.
Signed-off-by: Mauricio Vasquez B <mauricio.vasquez@polito.it>

syscount: Use zip_longest for Python 3 compatibility

LINKS.md

solisten: replace netaddr with socket library

This fixes the bcc module and all the affected tools for issues related to string handling in Python 3. Specifically, when passing Python strings to C libraries they are encoded as ASCII, and when constructing Python strings from C strings, they are decoded first.

docs: add the supplementary commits for LRU hashes

This commit addes two kernel commits for the LRU hashes to provide the
more information about LRU hashes. The original commits (29ba732acbee
and 8f8449384ec3) mark the inclusion of LRU hashes, but the commit
messages do not mention the details. The commits 3a08c2fd7634 and
961578b63474 actually implement the LRU list and provide the detailed
information about why LRU hash is created and how it works, and this can
help people to understand LRU hashes more quickly.
Signed-off-by: Gary Lin <glin@suse.com>

docs: update features list (new maps: array/hash of maps)

Verify format specifiers in bpf_trace_printk in rewriter

Fix the Markdown list in the README

snapcraft: add in some new tools missing from the snapcraft apps list

Add in bpflist and mysqld_qslower to apps list and re-order
dbstat in the list.
Signed-off-by: Colin Ian King <colin.king@canonical.com>

Verifies format specifiers while rewriting calls to bpf_trace_printk
and prints a warning the printk will be rejected by the kernel at
runtime.

For tests, redirects stderr at the file descriptor level in order to
catch warnings from the C library.

Use epoll in BPFPerfBuffer

bpflist: Add to tests and use Python directory listing

python: Allow module=None when resolving kernel symbols

Add build option for installing C++ examples

Smoke tests for the tools

This commit adds basic smoke tests for most tools in tools/ by
running the tool with either a short duration, or interrupting it
with a SIGINT after a short duration. The tests check the return
value from the tool to detect any Python exceptions or other
errors, but they do not read the standard error or standard output
and parse the tool's result.

Some tools are not covered by these smoke tests for reasons
documented in the test itself:

* btrfsdist and btrfsslower need btrfs
* cachetop doesn't like to run without a terminal
* dbslower, dbstat, and mysqld_qslower need a database engine
* deadlock_detector allocates a huge amount of memory
* softirqs doesn't work on new kernels and needs fixing (#1031)
* ugc needs a USDT-enabled runtime with GC probes
* zfsdist and zfsslower need zfs

This is a good place to start, but clearly for some tools,
especially those with a complex interface like trace and argdist,
we need more than just basic smoke tests.

syscount: Use ausyscalls if available to get syscall list

bpflist: Display processes with running BPF programs and maps

Prepare debian changelog for v0.3.0 tag

Signed-off-by: Brenden Blanco <bblanco@gmail.com>

This tool displays processes with running BPF programs and maps,
and also optionally kprobes and uprobes. This is a poor-man's version
that snoops BPF file descriptors, as proposed by @brendangregg.

Example:

```
PID    COMM             TYPE     COUNT
4058   fileslower       prog     4
4058   fileslower       map      2
4106   bashreadline     map      1
4106   bashreadline     prog     1
```

Resolves #1036.