Extend cpp table API

* KVM hypercall analysis example

* Update README with KVM analysis example

When events were lost, we used to print a message to stderr, which is less useful.
Now, we allow attaching an optional callback that would be invoked when events
are lost, allowing the user's program to perform some additional processing.

Signed-off-by: Mauricio Vasquez B <mauricio.vasquez@polito.it>

Before this commit there was not a specify way to handle a map of type
array. A workaround was to use it as a hash table with int as key type.

This commit creates a new class (BPFArrayTable) that allows to get and
update the value of an element.
Signed-off-by: Mauricio Vasquez B <mauricio.vasquez@polito.it>

This commit extends the api for hash tables allowing to get, update and
delete elements
Signed-off-by: Mauricio Vasquez B <mauricio.vasquez@polito.it>

RFC: rework of shared table into multiple classes

Add table_storage.h to list of installed files for external c++ linking.
Signed-off-by: Brenden Blanco <bblanco@gmail.com>

Adds a reference to the ts_ member, for use by BPF class to access the
storage object and perform lookups.

Note that get_hash_table/get_stack_table don't have an error return, so
failure to lookup the table name will result in undefined behavior
(which is actually the case prior to this commit as well).

Also update indentation per clang-format
Signed-off-by: Brenden Blanco <bblanco@gmail.com>

Adds a TableStorage class for use by language frontends to store/access
references to loaded bpf maps. Includes support for shared and
namespaced maps, in a directory-like hierarchy.

Add a FileDesc helper class to automatically wrap open file descriptors.
The object prevents implicit copying of the fd (allows only
rvalue/move()), and takes care of the close() call.

Add a reference implementation of a TableStorageImpl that performs the
current default behavior expected by BPF_TABLE_PUBLIC, which is to share
maps between BPFModules in the same-process only. A stub implementation
for bpffs is started.

Update b/clang frontends to use this new class.

Also included is a framework for extracting the type information of maps
in an extensible way. Migrate BMapDeclVisitor to use this as the first
consumer.
Signed-off-by: Brenden Blanco <bblanco@gmail.com>

update tools diagram

funcslower: Trace slow kernel or user function calls

stacksnoop: Retire and move to examples/tracing

This tool attaches to entry and return points of specified
functions and traces function calls slower than a given threshold.

Resolves #915.

Move stacksnoop to examples/tracing. Originally we considered
leaving a script that redirects to the `trace` tool, but decided
not to. Any users of stacksnoop can migrate directly to `trace`.

Resolves #737.

Inserts element in map only if it does not already exist. Throws a
warning during rewriter step if used on a BPF array.

* Add an option to resolve address without demangling

* Expose new no-demangling option to Python

Fix some documentation mistakes

* tools: add tcptracer

This allows tracking TCP connections by tracking TCP connects, closes
and accepts.

This is different from existing tools like tcpconnect or tcpaccept in
that:

* It includes more information like network namespace or source ports
for tcpconnects or remote ports for tcpaccepts
* It traces tcp_close allowing to see when a connection ends
* It only shows information about established connections

* tcptracer: add to README

* tcptracer: add example

* tcptracer: add man page

* cc: bcc function to detect the language of a process

bcc_procutils_language looks into /proc/$pid/cmdline, /proc/$pid/exe,
and /proc/$pid/maps to determine the language.
Python wrapper takes a list of candidate languages; if the detected
language is not part of the list, None is returned.

* u* tools: automatically detect the language

Uses the detect_language bcc helper. -l switch can override the
detected language. In uthreads and ucalls, the language can be
overwritten to 'none' to trace pthreads and syscalls respectively.

All tools use the -l switch to set the language, for consistency.

Improve helper Macros

* Bcc should look at mountns during symbol resolution.

Allow bcc to resolve symbols in processes that have mappings in a
different mount namespace.  This allows us to obtain stack traces from
the host when our target resides in a container.  With this change it's
possible to get stacks from targets that used to show up as unknown.

* When searching for perf-map files look in container, and then host.

Allow perf-map files to exist either in the container under the pid
that's specific to the container's pid namespace, or in the host
container using the pid that's specific to the initial pid namespace.
This lets us store the perf-map either in the continer or on the host,
depending upon which is easier for the person performing the debugging.

* Allow bcc to place uprobes and USDT probes in containers.

The uprobe/usdt mechanism uses the target's inode in order to determine
where to place the probe.  The inode lookup occurs at the time the file
path is written to uprobe_events.  If bpf_attach_uprobe() has been
passed a pid, and that pid is in a different mount namespace from the
caller, attempt to switch to the victim's mount namespace so that we can
select the correct inode for the probe.

* Add unit tests for the container improvements code.

With the current API it is not possible to load any kind of ebpf
program, for example BPF_PROG_TYPE_SCHED_CLS, this commit solves that by
defining load_func and unload_func as part of the public API.
Signed-off-by: Mauricio Vasquez B <mauricio.vasquez@polito.it>

syscount: Use zip_longest for Python 3 compatibility

LINKS.md

solisten: replace netaddr with socket library

This fixes the bcc module and all the affected tools for issues related to string handling in Python 3. Specifically, when passing Python strings to C libraries they are encoded as ASCII, and when constructing Python strings from C strings, they are decoded first.