From 2b65e8efe11365b01c975fc570f5ff23e4fa3d13 Mon Sep 17 00:00:00 2001
From: Vladimir Stoilov <vladimir@safing.io>
Date: Wed, 14 Jun 2023 17:56:01 +0300
Subject: [PATCH] Add ebpf check for failed kernel functions

---
 firewall/interception/ebpf/bpf_bpfeb.o       | Bin 42760 -> 43024 bytes
 firewall/interception/ebpf/bpf_bpfel.o       | Bin 42760 -> 43024 bytes
 firewall/interception/ebpf/program/monitor.c |  10 ++++++++++
 3 files changed, 10 insertions(+)

diff --git a/firewall/interception/ebpf/bpf_bpfeb.o b/firewall/interception/ebpf/bpf_bpfeb.o
index a2bc593da2e3f89cdb662f341d25c4140947ee49..93a2bb8f51fd011e2cf92eef5ca20774e48c8c4e 100644
GIT binary patch
delta 5156
zcmaKvdvH`&9mmhPd4r*$8a9a#0tqy{!e+CZ$53QJXdZ=-X-bWq&NOs7B~-=<I@pNR
zU2E-RER--uAk;p#ye4B?r6ww^%yj#hmSU~xNEII)L#K42Vxd#DaU2~#zk5&Ell<YC
zz4v^+zw<lK-#KS@``_{gM!kU=@7Ta|;hVkUxk@Q-dq{nXToo6oGRaNS`?z>DFk^ek
zwUSj*GTfIH^7ISC13BA1mxxnI^BGcV<sY(XN2#1Rd<omr;tl^9eod(=;VTa+6;diY
z2~S{u1|zB94PMkOPh$TMTnwj_3g^O0;WRuOp08E;S-3plrR7u%FS7;b;3mtzfHzov
z6Yeyr^`XQzEOcK!hNai?RrtPu=aYrM$%`)M7b!LCYYg!vxCHxmupflu@P5llI0YN*
zY50fuzpPXRrtk~!t8g5C9mB0kB^FA-d0xzQVH$p)^`O_RQKe>oguRf56#kIP&niW~
zD*O*#pN8W~)q-jq?uPSVCR4&hYOjaq!AY3hw-3OJXoo?Sq~RKs@H;N0ymmD&W?5PR
zueDqaw^|Ov9hMv6FA8f_8i%)9re5uK%j@8;SpGb`+wyw&0m~cczxEL;Zh~1(ztLv+
z3Ck_;uw@2Q`-<f@_-$bZ&A@7ZXSoah0A@u?yWuOAlkf!0%9W;+ih#P{M~E~c-<-Lr
zW^tr2+pnissfBC}{TxoD2q!`_2AziIo1*4WVhLtilE_ACDEToQho#wKo+K=%gHfmy
zypH@EJZYGjs!h}(i)`k_40JxDlMoO~UBn@iRe2JwAl{5b;-|y-cfxEDbFz6};Z{Z~
zjWFZLHZ#hoSbY5xETqUT__XD(!!KICA5L3N(!xxbKu7kG%V<fFL0-ZY@G<hw@Wf%3
zOGc}@VYai+J@D%RCsZ#&wzD|(!57J;auWWK{2`tc{4WOaQ#h?u9a9${nMqx_of5V>
zPO<(OMzKf4i8LE-!iSG)q#b9%GapyxQp=pyIMtr#N#eRbhwBGd-0Rx0$(TuXx57WS
zd^>!`@?GQ-RZ`u(W_@e3{<7KIx>A4DoN28r+)XpN6m?0*=5lLg?YB_)dvW}Eq+hQa
zepvZa@{+Kz!<Fc5H}SU00_&-}O?Xzwe7o)L#P=UmYB6<EgyV7YY93PEN!paPO~S-g
zpXG_eFIg7*FDYjX64Sa1uq@>m{2m<2^TSy8H+Z~2d3o%z-D20uW0%!^BAlyk_gL4c
z1YDfhYSBU%?Nz{NpX2ZX8b23I(!T+uAz~iA0UzO=@Jh>^{@M<czB!a=5KETw?xU1e
zd{2fE<v9Dy!H9mr@*Zl*=9kvks{YXz<`#|;ZQstd5oJruE|VpWK4iHcmTfE{Nx_f8
zEJwmiBTfXu8-s_L244bMn4*+v)-Wp$lk2zOB(bW2e+5$>{k>9ZOR(#rmn_HeVOQ$W
z;M*&DnK;W5(qVLh+{Q5GDf7<86<+K*lf7wSB1W;yK~k*DGBU=>`gWR#NmcP-d@;6-
z&$J%%*AaUTyvEvd;bzNuaEE1v7GtCObqnCFK69pKAbM=UOvWnnk<R$yjuAee34bhM
zMmMcmw3mKmnTj$if>QpD+62UD;UN=lublV%EGba>ZFvdFVu0sq>lM@6-dy?yk~%uh
zIhK1*xP{VRo6+{V+IO$B^~iohsU(@idl|cEKQWrvxQTAAEWOH{ZHoOj!}Zywck{wo
z^@WaUwn=TCb6foa$F$7hn8R%j-{$aL4)1h0X~G?$)rTC*35SOrK9k{j=Q3P>&UAN#
zw!Y(7E;@Y0;fV}4%yhWS;YAMDIlRtX=%`F=axAwye2>Gs9Ddm0{SF^-_^87p87@g@
zxZ#z6IlW3XoOcSw9CoJK@JYtrs2!f=aIwSl9d2-Vt;6kkX5K9YWsO~qt;gYAX6`MW
z`a#osODHkm*qzCGa~%6|hn+w-I)QF{)A9MO!|yu$7l%I%SiVG6Q*Nf9>G}+pY{_s_
zr3rV2bi}lDuH3T5v2S*`+hJ$#Ha+0j4>+81`03#{J3E(~j}j$j|NS{R6{}ZQgon$L
z?S%`}U!U|3dxeaZ6b+ud$CSz&<s?62`uE+SHxHlMw>T>i=SuKO@Yu$~1%8~1Y?<5_
zVv~e@*=42g!0w-Q^zyk%-#rJ-nU`{3bLshYM7Js3C*>8kT(p!|TfI~10q!%twb^)5
zVMOWgi9@$_c#VH6OW+<yUk~>>S~~9w^op5EkJQ6SN6W3=?`Ww%U^N3eT?G%y#%BO4
z#2^kStNZw0&;$=TIs~6`bTNF|>NGzD#Q$udYqGgyWd%l^a;bm8(NaG#78q*EmA)*u
z^F*L0m%K(UWxn?O#6WBARbIXmike6H)!>A}*Hc5`RZR_rSLK8vQS*lK8cS(D&LbWC
zTX{E%Lrb8S?^NEc601I|N0iqk<w>hwQ{D~<m0jxPqMfDowS;Og@F!GWpM)yq>xA+R
z606Cj76)lya;e*tw?|@i+OHs?^7cr%UFwzmp4uzN(k`{HOVAere_zWATy?bgPlzV|
zlNJ0k!wO7R(D_p<$bSG?p=<uq$)u(OUEydt(AAE{SN<zZ@$W#(zulGhC~r_IbXf<{
zQlZ<?(m{`-#lP3l;@{_J@lQHh{QDg({sZ*yk4QR{3WJV=R2Z`QCFKoC`6;Jd8aVA}
zDNhGF_Js0A*fV-8(7gSm$H|y5o823gd&mFfBL>;kCUkIQf$Xe&9%?Un*{>AbDx$wD
z+Eg7}miVVFk^U)J+8Sv8uoS@mw*|^&p3>slpq{_guJwQ|9h5KScc-7uPSs0wV_;Y&
zN1mi5lr(Tnr?LHjA4G@EfumLC)k7hD!Tj-1v;M$T9bTm;O!wi+MRLjJ@sL=EO!^aO
z?Rv}%9d0l4cj9*TyfshydPSyauz7YhnqP{+FFf*=;hw=O*~R0aEN3>4WD~q{hj%>w
zv=@^&${N|Cy!13ZI!%v>HXBo4iroRpL9sRScTCg#RhUw~SG2jD`s{`g$Qe%ltJC!P
zY5M(X`tPF6#;2lP0IA?cUd|*6HcrzrRJUA)>S`IPtM{6|r!Fpz+}WTuu3HxlvdEqF
zfwEalRPCKnlQ_D~JG#$|AAM1eo1tSjc{<-*J=Q>ItB<cK=%r~A@##HY?;XiEL&w+X
zq#5VkZ>mqM(SxSv#F_%xhNS*E=F|z?O3XM$i4CdXF%v#nKjTP?m2uO1vi?9#o_Y3U
MlXtkojGwIdA49EyIRF3v

delta 4916
zcmZ9Pe{fXQ702&;BqR}%0)=d%1u_XjfDktOBLr|{36_uuVN1lKwk4fGNL!{&)v2+d
zyMLrL<B-nUTS{=SEWa5=8XHSdTU~97ky08uj;$4kFvHM{(z+c~GLGZ)bKbjaF5Jm`
z_wzmH++XM3_x2?<<o29(Q?>f|k%H%=E8YB?l~S%wxmWX-LN^WcjSIMr9_Y{Ca(kkD
zqEZfjN0nOmLLPBS<;UPxususOW#Q}aDWzr!4|XdRP%1A8pTm9(Bc<p~ZnT||#Qrus
z4Nk)s;CXNcejlFcs2PLsHJ|6rpka`4J;!Nyis8S&GYp@BYjoz0Kq7{P;b#nEX*QgN
z<37)%3Vxj%L(ZI}RLPH+;%jgj_HSX|3CG|L!%6rNSYyw?j}y;wD=-DIIe&s<a2ms1
zN+l}A@f<hSTA6|WKt33C+>la}|A)PpixPZ;#>6qM3ZCWmWjF@E1CPM%@G#6`$~xf>
z;OTG@{>0c*@aOb%9D7Eox&oE(1}?{6SIUi5mRG>C!NS$B%uqN8&o$fthlCwf9)p({
zUJf@Jrmnlw@Cvxi@E!1dhQG@Abz6*B34h;k6a28@RqzhOY*F1F!!7VL!b~m>|HkkJ
z_*IyUmbb%$hLbQSOfpxVhRK{$^lL;0aZ#UNSv$M#a-P>tk*P}N<vdS3rS4;RfGY!!
z>R?kKLGRL&>};q2kBlCJCs1=%RT7>`Epci17V2$W8F(i38ro2WNU^NIDWqrFf)RKU
z57p1$y>JD47E|87I&49x2Ih$9Q%%#0moQuDgcXNkI?JpYG5i(_CDaO^G`tR$oKQk{
z!x;}%=pK5I88eH}W@?!&CG<mX!WHm#YFSAP?xAM3svXvbJK(g>3Dt>^<19g4@JrOv
zI0?T&{Zp<q{C6gC0?xn}sfqE@am_5LP^qxs@9<H=6EH}b3{SzqpK743wcrU)E1ln5
z+RSNoUgSy=Iz6A)521vI=U|iRP{Iq~mko#E-y2>^ExSqyuh5&Co17+nta+icTAy#O
zDsH2j@wg=4je25BRo%TP;@ueWW?Z)&-lV)Gxk-2{t@u;2dyTrirK%`5!*(4n3FreY
zn-ULoD>a*#G~4ksbu||yoM3K}wj|7na0a<z@Kc7xei%P<kUb5{d6iTS!?M0Wfwzs}
zQ}9TUatk<RZDMzn%P9*F36EFzx{}v-O%Sh;@MV|-;8ws{!!h_%IzNrQosL4-rK3)z
zBA~|{oQQ0d*dHKft{%QKkYFek7^hqw=?IJWyg!C34R3>khB<EDD?xgA6qZL{_%UMG
zZI4Mygd;7d%uT`@4fnvCVcC*2{2)v^5^e@T2O`{Im`<HDyk#*(cEf*#WAI`4ESzMo
z$d&UqID>tF!1ew%MqV)-V{#XX8N!|<=Fe<0DU&fG=cvsdM&4EW<JAk?$cUb`rZN%v
z4=&atC34j;GD2oOJ6%M@Eiue5T4b2sqh21dbEKnX#y%ddFwB&r@{X3a>_W88FnvUq
zcs!q13u3u(@a%i*kp>g7w-|ddyg_HzEWP!9#+5WNbS@((<(;TCK#U$X>Ue9_^q-fA
zLpic`y7Q9(zC~YqbgH$fd_P9oI5D2%wT4&WJ*Km*;kpxFGVQ3|#w$e@@$#5mv{#r-
z^fi6g+N$z5S+gn8e^~sUPOYshiC(r$@9WIk(%Yk-j+yH7EH1IQ%Ho9<FV)$#f%W%T
zmisOKfyIwmyu;$1V?6!z7}p=r$#~$~$1TfC77to{&f-fJU$yx2F<vy$;#>4+yvmua
zhvR|7GRxj-@g|EqEPlY^Z5H>Aaam@J7wxh5Ig4NPnP*t3Mb^R=4Ov0|viRQ?|JUNt
zF>aV-@y!;`v6%0jTxnQdpo`Z{(<|3CJKxl)b%DfpET^?nx74yfYO%Ga4c4AE9I|5i
zEk0rKA1yxPGjB3}&@Nbx55~A`{TMfVrsHh^XM*l%Te!Y#%)YqV;>8xXSbU$w-?jJ=
zi@OJ|w6)a?Y)&>8>;B$A(KnPTNbyMS&_lg*oa%wm-r3`v+w{yQ%M$XvB4vwG^RFmp
z1Ft3T2}Rd@MLF%_mseI!^Q!VbU`4kmr;E3Y;`#Udy~^1x{<zV5m6MWJ8NaojU-T5X
zeM~1((s_q5TvE=Sdbrclyo%*3#Opx((m~SK3#ycpo(1<<TKp-azsCO}i{U;?^UJ8x
zU+9E$OuqDv8pCeo^h<-2M!&~rg=8ROwD_fiK}$>fA)~MHs+8Z45ntyrT3d~-;gUk;
zYF8*H>t$M=ATd0soKY*)p0-k5yI;8z<ySXo;@{%8U;GWeW-Huk*@_OMdzD)w{#+*a
zDmNxuk;|lL$y6fAP4-d@li(hsFDZAmY(>h_vK1zkHR6{J(!QUqaO1KSM=dRWlgZj)
zzBl9n$@qRxmoa`Wm7YN|Fl+@#gAq&9KxHj0@uQX|-uu;(jLLw-%SXAFVbR1pvdEl&
z9^*UGY0e-GDl9DxV!mFuOu1WSfK`^3__(DdeuJeYzTMIi-(l%e_TTBW4AP*>($XMl
zX&Io$(h}ci^i#^+F8;LTm-a_3E&hIAM;}&hPmn_+Uq6z8Tyg&C>jl@8dyv!YWPR<O
zTD^DY3kmP&Vx;lh*G)57mT37bk&@&R{e%cgic9n-p7IY0dS0`yy+@=FmP_Jt{q`80
z>o={`-Pd(2%aM-w=JU$Q>$Owu>-q9rQ@s5o{tHce=NZ05I`xwWX6dcF0?s+zy{pN&
zpwH}D>Wt{ZzN%X#BL!Y_KN~(Ob=k5H>3CnOt44LYk54guvae|}*_Tf;|4>pl3{2Yn
zVcs;!rz|s%iz3-ng#%N6^{g9}e`4ea8&?4zxYz0PH|Q&(^+)ONB{o6w#G96d58a@<
zZ_vNEK_9$9%S^0E7RpR)Ei<unX`xKTG8BF$T7R@JqI>qgvmm%}ky_o@7}{7bRnV_O
z8>7DRs=AF~UxnF;Mm=<3hP&@4I(y(%C#L%kuGHiEN_5_#`A%F14=r=r_0X=Vy8F;P
zx369Idxk9c4jnwa%<0mdhnE#~F$2ouAL^5b>)pOioyFMU8;fq!4M*y4>P!2wa9DR8
Usdx7!b^npu-CrKn*&`MI2fmAg82|tP

diff --git a/firewall/interception/ebpf/bpf_bpfel.o b/firewall/interception/ebpf/bpf_bpfel.o
index 1d5d5449c1a2b44b8a43be105aca44a2865fc787..f5396ab0ee2c9729a24d334d225cb2ef93de1414 100644
GIT binary patch
delta 5018
zcmZ9P4Nz3q701tgF3X}>!<X!01wquHMg)u?V~~}qfEAXATI$#l(vFIw8A!(ljb=Bg
zacCov%&mZFG{}eJBu%1S)2g-YTAldOV6in*+fG_!k_<_0&}q}q>9o`Td3zSG+~Mx~
z{m(h~`@Z`wE!VBK0jn+BYU?>Qx7tdYMivn@G(Ci0qA6-Bk=|>4kyK0*+5UXgzJw^W
zbArcG=R&P9Tb364a)=bsLnrX_=LN*IID9cgAA{e7jnk*#_n2oAjetEw`+^RlQJuHk
zv+lpJOo6j2oyeI>G#4BOCxEAeucVVo7rqLfCwvWDB>Wrj3gP#`HTuYMPhblyXp06>
zTchw@@H4_({c~V$F&_Ng$wU{>PcQgI*bl+(10NI)g1f*P_AvNu@UMAX8ARv6m%u*o
zW$;>}0MQJhn-Dy;Vem&_l-oBjf#_ZWksEeSpTqtZSL7x70-OZ&fhmt@7>_z|ESLw=
z2u=j2frH>QvA2O|f!{_wVQ@|!+UJHTm8cjF9%Tl2nQ%6^LO2&(ExZ`~4Pjp@se0jM
z;0EDR@YBLy1@9JK4t_y+MF8Su5i7xmgv-E3h0DPq;R^6Y;Z@)p!qw=|ABAhdpMZH_
zb>I=<Ab1qaGuH*Ce4>f(@Kiv!^7XluIkVlcp`4=)?k!l2Q#|8H(_jyADDw1tJ-I9;
zFb5{CDg!wO{1do*;CwLe)gbZ`Fn6O1xfJ{?o?+yb;7U9RW&B{CcNdt~fEP0!{PIMi
z*TEU!=q}9#*C2i$Hds$tn!6qhlcN@KTXcV!C(r=PyD)Lu2|gpd3;ZkLz2LBL5IhMr
zWFx*6%)RB*DVzcB0Vm_>Lw*O$y{$t&C%hGWIl=*Igt#e=X7Ft=7Y-tS4&IMv7xKTs
zKSd|PVAsM(438xpjEBPo`#kW^q@(#@4o$#M5g2EKV=>qq@R3P+s63^@2lrVN3nDKE
z<EV*2I8}kqNp)+%KNsErJ}>+vI0><ww&`URW$G#Y{fY(ZJNj%zmU}n6PBhH(-Jn0M
z$jW<O;(eI7XuEabmtePt4c1`pF5X&{DqfYPe7b(s_X0nHeKr=e3-%*e1YQG9$6>#W
z{sh7Ag0Fym$QOipT>aoA_`~2^U~X#=JOt(=fGmprJ9rovYf&7(eQb}nNPQWJ*+2;v
zIjzScK^_FT!RRk#;Kw8E180J-q4GK~zxMVSgNh!3ow*6TK=^5Jwf@D|Jb^;7JY&%W
zpYU#YD}<i~e_ePFn9l*OZ7-PLcjo874H6Ro?*jAo3!*3cg<HU_;3U|)z^{Un`DhJ8
z^hE>>f<xf<F$}`d8V2`+ec*oZb#M^OZ}M-!Vep?|Ux#pBypM%_U>9NrI39clc2w<1
zM%XAgx`x&w{kzpU*29amRXHP&yeKjp1gWXQs6b^3qXv~NjD}UNFd9&W!q~;CL>PNe
zl?lg!tA+8>s9NDTaD9a5@&{UN6$f^j;^FZ8;*+hK#EvhG3h4gIC9@8|f^InC5fPmb
zAn}IcW6OuUU(c_~QfKuORbNpT^^U5t)T=0EdoeP9LWIk~zt{a$3)P2O`8}yah=J*0
zR6yvgow$`@o#)S*dKX?KjELxe20IG$Q~nu~-39E3xDyKWQGZHmreT_A@FIQB@0qpU
zusmsSlfgkfzuHsWZdm#Z4jFvj;A{M8m9AXV->ml3e_(iT8$4q0sKJv8@7FNZ;8_MQ
zG`LiMP@NU1G%Ono-fZwrgI_ZEpuvX??l$<e!F)rAj`3o|zS&-yn?}%}!6OELX|UpR
zS|)3<!BY&LZg8PiYqC;n4a-)8ck0wNHEN&UvBu+WGwg@;D{DNdy@n-Z@Ogc2jc5HI
z49kZGe`fGM40aaX?|GuZ>%8~vSw%XhCPn4z6*UXil^8*OgX;`#GWZ39Uop7L;5S28
zYt}!i?*+X2;NF;+jN;;q+|blul{=kY|C^!=yDLO^qwV|})@T6v$NI(AN0dMGR%`Zz
zfKQPZhs+kl>_U#|CAu-szDwGr*?tE)W}~uSOV-mKB})0WB7Qxi+6m1=XT6I3&5`z_
z+6m1kAnPXh-EE3$!2vd$hQawmMRj1-??KPO{{&kNoe14%=y>R6(UayA6`WQSG;}g_
zi=h*t+eEKI{7l?`I{8~*_Yj6e7`h~&8M+7;@)L&kK%X@96zDUe!yJD_(G}4S{9luD
zQ_+Co_rQP4&{LoX`I^riNJjzdj-pWsh)%g5cKq3i<F-M>xU8|IcojMYU+#GL*w5Mt
z?G<e=#Z1fI3hZa?gw7WK)c^{lF1GB0n*;vC6+CWHxdhm2wbmM&YI~__t+A=LmukB;
zHr1>Xp`%mHIv%=H>a&-s*&3Va02`8Fh)y-@MCj;L+iQhOz!|B4bs}_hs$=mF;M@b&
z*i^IjLf?{j)+x|;4bAbR5gnjt0si{%3`7gK49x}j<{kBO171UO0~v<q_-sRSJm1ix
z<vG6E)>!||Jc3S(Y9)ZR7rM^SDbQOD&GC(f=J;kqb9~Uy9N%JSj&Ea)_U#UEflecU
z3!D&rfv4~Umc;OL1!oM+<-?+n;sfnIZP~X@9&t1ci{IYt12}Z>H;DseS8LCqQ_86`
z+mqa0Sl!4!n1dgkd1zkRznGACAF!u_FMCM*hQx81zyoFA=|twpWm1xN)L5P1u;}Yj
z6YnVYNA+TKmvs@2KTf=0rsm<kf!q<fkLdR9Ons?6SqD3u`Y-LJ>Jy#WQK&}svGydr
zy(2mEhFwc+<RWcz<mazqAJoS>{HZR~$f*H2F><4^b-a%2EKA6?*}f_94UNh}^_?S*
zv|(HaIq?HGKpHi5XvdKrtN0`u=ENQsa(JBP4+E#Df6&yrvg=!cja*D3xRcw*={@80
zfpNOm(A>$><MgF*`sRZ=oj!WdK>swgt~|EziO1u(gZBrqdYs-kPH!Kl_l(mAbknin
z+4-9aX?1C7Zsd`_sUV`{v4~aPrpI)kyWVQ;)<fODRKxmMPnqRX`m>$_?10SPlDI}(
zn>oenhTcNUby#=zE>%H&ySGHO=*+$n)v4?IN+x#VGS4ZcMZeKkV0jPgp}wVYCtD-d
i*Yup@g%isUN0cv4Z#!OKwRG$5<4djT4n1^y_WuEK+JVym

delta 4803
zcmZ9P3s98T701v0Sa~USMciGaB7p|M`T!9{O=LwAT%v$jQ<5}gGxdQPr&W`wq&{|?
zl7{JkLwZBRjH&AbG&ZIptxePzlC%-6TI^)nn#2)jGL{%=Xfs5|$z=LJ-**;nxHEUZ
z-~XI*U*~?0yUjgT!)2>E$7(pxF}2c)nMjsyvIb)oP-16GjMq}S^Vq0$3m;6KL8OSr
z9Kp{YW)fLMF8?T^v*6#s#^pWm2h86i>IQp>>ccLgD|*Ee@2Y>mG6Bv=I?;9TRB#vg
z7I-qaJDt=W;qzcuo@2iNP8R+vI9>Q6c$$8Di8thj1!GY!dJ6~-fGdT$`yYaNL^t^7
zV~O6yJbmCF!`=eBA6zRO20sVZuy=u90KdoU%76|0XRsd}0snv~M3hN%3<61^F7Vr6
zw5#ulA^Pt)q9oY4oP+%scjP0w3?2{kgRg@7z(H^?m>07V{5g0MI1K(u?9JeBz;B?R
zE^u5v#^-@4mB^FttTF>UQ8)*jDVzt+6)pnL685K(nlHQvTq0ZoenfaNc%|?X@Dsuh
zg&@|6co_Us;ZpDx;ice4;Q)BAa2fcha3v;mLbw|I4wx4f1a}LE!B@bXxd`|wIPv$K
z3Wyu|`lE+uWZ!gRUCoGDhu!GljH3*~-pQe;ck}g(QcuX5<#d$+cO3WxTz>FqFyE_T
z)D$pJBZ8U+-im7%>SXY8T=}uc0rTAz59U4K&2)ozB@*oeXK=r=fqCF*h_A=Z^nU52
zr1@Z&T-Av4>;6)2s05Zj!o;N<{HAaf_#NR#!Ck_Sfk&f<9K^2$^K7|n63zf`1E=8X
zM{NM}Y=fv;xE367I7AyEj)|iVd<x8s!>H%Lzrr<w`gib2Ori^XLt=O>cfh!~;$e3c
z5dBFeIvR`;KMp_1V7wb#MPPHmua4GMz!OM?`z<sJqfP?jRWl0VGzEN0x|<F@EnEOT
zBfJ1S9<f{&>!$*xs#L!gn5mZOtAVVfmGH)5V9s}mPAJRDe_Z1INL+N>Ab2(G_Oihn
zz&u@SB3eCJmZehl&az*Io`pRdn;C)qRcr$90hbW$=P;izco(=E>_>e?nAg<~9uI#P
zxC6{%^@2}>`4vDG#eD$o1IAgDz)v6B-4>}HC+2Y)XHo3O668hDO)%z58Tc6x_Ji+%
zFQD@vm>+xl9fOW&w!@pi@xq(Ix%%28-jG`?TP%u675)XhnZjGadBWSk{2t(*w}bh4
zXWjuWk(dy;3e2}(7&EC6ZUC<ZkB2=1eg>SvuhuSz9gd)0a3lC4mO*&6?g3u{`@!wt
z%iu7WpX9%RyTF~WuR=I)-dSNk_y#7|!|~w1z>cn6DG0j)j_%>dv-SU$&9M4r>&)eu
zp?-LHIVkE&VRWGG38M$43Y{1XtP+GVfN~4tE>=Ea+=D7ZI1ZdEjE6?$3nzf*J3N)}
zE>Vlbfjdp{a(F^xz-3~`mqu0V{^bkqUjqxK;c_D)nh+rI4aKi5KWdF$UY@0Xqc@eO
zslB?XyfpOyTG?K#tYVzQOTn+}{_+BKQr}nMO+Aemn7)G!2$Qu7kMgcwQIR$AJiI7a
z5z#*lzE-GrRb-C6X_#&m>a!Idbx-fC@ZLXm4!3aHWf?rv;03zB!n^7*!?MQUpBcQv
z;6{U648FjhRvGc2-d^c_>J7tt%HVE;uNeHP!CxBujlpB)4v&(i2P?Bww!T*B4HX;q
za)VbJTx;-VgSQ&oWH6rxqAS{K*pC_fmct=?gSrhzkHH@q{BMK*WAI&r-TW4pR8BN_
zioy8?FDlZBRUW;hYN>isH&uC))*H^vx}(Y)*lt)F4Q?^G&EVq(pEUS=eWS{oeciBp
zZtyDK@Wj6^(&Z~XYP4Rna^@=EykSR<!Sf6*Gx!OEpEme8gX=p#Tlwg;&b8q{l0M#)
zlJFz!K{INjzSJ~D<#Y}<<;185boz^)kjEY!=NDXWe;?nzYGprbtiL-Ahm4>ie&(V&
z7MhpBx(xoLIz>xGH$lg4Q&cH>A9QZBqH04YLkEX-h}<yLis4f<n6p>e#{wRJbqaKy
z;ZKGRi_V&kzW@<M4TesJZWg@){&}w}YBjVMIx?hjq@4i65i#uH2FDe>Df$|;=Zvz?
z9XuiSd*Sak;wM1&h`s~A^`Wvqq#Pg3Xb%3=U@dlG`(o%(1IRSSw^R8H44%8gsb(Du
z?Gyh2=+rS5<%#}~{rEf=iMF>Q#~R9{y%p1}p-kFa;kSk|$vPQ26qXLy;D#ZZN_#7o
zSwpF`w*oqvO4iBH5ovF4MWr>AN!H2G(M<MY!c&9RP$pUXf>vlKm2B`JpjSGKHs~`n
z8qk2DIsUGpc>ux}gHtR6*eB(v=6JW^pBlt5!DkqFfDA)(1Hb5E{wuk`BK}Hohpc_j
zm4@~}R~wq+gNEk#T0?t6Fl;mo+@Q|T+#qad9-zU{9N#MX6->y3vr)wGbNeHP=Jv-$
zZ^0L`APEPe9x-51cKMfR`))pjl#7<TR_|-+P^0vUm&ZR;i})neMY&GPu;^cl<_D4e
zUx_{<I>5&=6n-w^xu>W3zB7A@h>rGjT=ZpW$@dk<M|BS7$a)^$VO)6EOwEfvin_5-
zzj!cPZ`hrpuIQb+OVxFKe)n9}r&a3|9o`+A7H2Ql>BRZHX<y=~M+aIfQu%)4vK}?r
zIYro-bVqCHIG@9Wk@&boMV$$IzHm(%z}buoU*Z{XKI3BR&I!LgXgzo)ZrH@FFOJZk
zjL^4Dtp_7N39Yt!b~?qGkDeW&>qqF9M(9H$^ch1lUL2u6`L<4{+ut_O*QVBk`wMi#
zfveN=YUa|il9E|9bNG_yTxQi2I?BG}*AzIa0Gm~;FC9#?p5L!;9XzZ2`n5x)>aNaj
zpRC<&K2@o6+lmu{IDgtjZ)%%s1zYvewuLIFKWi&iwK})GSk>wE?Zt_8lJzfM&?nmG
uSQ}gQt@ecpwM|aj2Xy}7xrvchNA<?*&4=e$;r;sP;f2<bm-Vf~+5ZPF2!UJx

diff --git a/firewall/interception/ebpf/program/monitor.c b/firewall/interception/ebpf/program/monitor.c
index 66177495..9ba6a309 100644
--- a/firewall/interception/ebpf/program/monitor.c
+++ b/firewall/interception/ebpf/program/monitor.c
@@ -90,6 +90,11 @@ int BPF_PROG(udp_v4_connect, struct sock *sk) {
 		return 0;
 	}
 
+	// ip4_datagram_connect return error
+	if (sk->__sk_common.skc_dport == 0) {
+		return 0;
+	}
+
   // Allocate space for the event.
 	struct Event *udp_info;
 	udp_info = bpf_ringbuf_reserve(&events, sizeof(struct Event), 0);
@@ -128,6 +133,11 @@ int BPF_PROG(udp_v6_connect, struct sock *sk) {
 		return 0;
 	}
 
+	// ip6_datagram_connect return error
+	if (sk->__sk_common.skc_dport == 0) {
+		return 0;
+	}
+
   // Make sure its udp6 socket
 	struct udp6_sock *us = bpf_skc_to_udp6_sock(sk);
 	if (!us) {