Reason:
The intention of initial version of this example was to provide
a loop-uprolling example and expected functionality was to drop
DNS packets requesting the DNS name contained in the map.
   But the functionality doesn't work as exepected because the
BPF program attached to the raw socket only filters the packets
received by the python program.

With these modifications, it still serves as a loop-unrolling
example, with slightly different functionality.

Inverted return values of bpf program. It keeps the packet if the
name in DNS packet is also exists in the map. All other packets
are dropped.
Python program is modified to read packets from raw socket.
DNS data from the packet is parsed and printed using dnslib library.

Makes it slightly easier to add more cache entries

examples: fix dns_matching

Partially reverts 80667b7b, "Fix unary operator handling of probe
reads with parens", keeping the test case. With 4c6ecb46,
"Restrict rewrite of unary operators to dereference operator," only
dereferences are rewritten, removing the need for the previous fix.

Reverting 80667b7b allows bcc to rewrite more dereferences, as
highlighted in the new test case.

The for loop was copying garbase characters after domain name.
Fixed this by adding correct terminating condition. Also removed
unnecessary code
Signed-off-by: Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>

Loop unrolling was not working because of if-condition in the loop.
Added #pragma unroll directive.
Signed-off-by: Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>

Changed key length to 255, maximum length of DNS domain name.
Also fixed double increment of loop variable. These both changes
fix buffer overrun.
Signed-off-by: Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>

bpf_probe_read*: src argument should be const void *.

Fix shared library loaded into multiple sections

Use ELF load sections in address -> symbol resolution

LPM trie maps require the BPF_F_NO_PREALLOC flag on creation. The
need for this flag is not obvious at first; this new macro should
help avoid the mistake.

Fix edge case when doing symbol name -> address resolution

For the following program:

    #include <linux/interrupt.h>

    // remember t(last-interrupt) on interface
    int kprobe__handle_irq_event_percpu(struct pt_regs *ctx, struct irq_desc *desc) {
        const char *irqname = desc->action->name;

        char c;

        bpf_probe_read(&c, 1, &irqname[0]);
        if (c != 'e') return 0;

        bpf_probe_read(&c, 1, &irqname[1]);
        if (c != 't') return 0;

        ...

LLVM gives warnings because irqaction->name is `const char *`:

    /virtual/main.c:10:27: warning: passing 'const char *' to parameter of type 'void *' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers]
        bpf_probe_read(&c, 1, &irqname[0]);
                              ^~~~~~~~~~~
    /virtual/main.c:13:27: warning: passing 'const char *' to parameter of type 'void *' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers]
        bpf_probe_read(&c, 1, &irqname[1]);
                              ^~~~~~~~~~~
    ...

Instead of adding casts in source everywhere fix bpf_probe_read* signature to
indicate the memory referenced by src won't be modified, as it should be.

P.S.

bpf_probe_read_str was in fact already marked so in several places in comments
but not in actual signature.

In order to run, some test programs depend on the availability
of binaries in locations that are part of PATH. So, we add a
generic utility to simplify this.
Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>

If netperf is not installed or installed at a location that is not
in PATH as recognized by Python, then 'test_brb' and 'test_brb2'
freeze after an OSError is raised. To avoid this, we proactively
check if the 'iperf', 'netserver' and 'netperf' binaries are
available before making the corresponding NSPopen() calls.
Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>

Fix 'test_debuginfo' from failing if a kernel symbol has multiple aliases

Update LINKS.md

The first symbol from /proc/kallsyms is read by 'test_debuginfo'
and the name obtained here is compared against the name obtained
from the BPF.ksym() library call. In some architectures such as
powerpc64le, a kernel symbol may have multiple aliases that refer
to the same address. So, to avoid the test from failing, we need
to compare the name returned by BPF.ksym() against all possible
aliases for the given address in /proc/kallsyms and look for a
match.
Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>

Signed-off-by: Gary Lin <glin@suse.com>

Signed-off-by: Colin Ian King <colin.king@canonical.com>

nfsdist: trace NFS operation latency distribution, similar to the other *dist tools.

Fix for incorrect tool arguments in the man pages

Improve string buffer checking on uprobe attach and detach

annotate program tag

Do not create instance for kprobe

Fix for bug in lesson 4 of the Python developer tutorial