From 67e2dba0d5094c0601bc61b6a0ee3060fd9a43e7 Mon Sep 17 00:00:00 2001
From: Daniel <dhaavi@users.noreply.github.com>
Date: Wed, 10 Jan 2024 14:10:42 +0100
Subject: [PATCH 1/2] Use sk->sk_protocol instead of udp.pcflag to detect
 UDPLite protocol in eBPF

---
 .../ebpf/connection_listener/bpf_bpfeb.o      | Bin 36560 -> 32288 bytes
 .../ebpf/connection_listener/bpf_bpfel.o      | Bin 36560 -> 32288 bytes
 firewall/interception/ebpf/programs/monitor.c |   6 +++---
 firewall/interception/ebpf/programs/update.sh |   0
 4 files changed, 3 insertions(+), 3 deletions(-)
 mode change 100644 => 100755 firewall/interception/ebpf/programs/update.sh

diff --git a/firewall/interception/ebpf/connection_listener/bpf_bpfeb.o b/firewall/interception/ebpf/connection_listener/bpf_bpfeb.o
index e8e7cdb7b368369546e5e3dbddb1b97f06c90825..4049e6dc2ad85a000ced63e516ca94b2110e7b48 100644
GIT binary patch
delta 3032
zcmY+Gdr(wW9LLYOJVan&6<vXvTwc3(0bzOMP&^YIWHiNBQa(^I1yOeuOh|GmqevHL
z>t}`KW6hbOrgHT*6QvWD&1lnO_=B1Jqj6~R4|Aqu%IPuD(C>He#rx~b>^YzB_xJmq
zbM9f!T}DnS;RzWkP`bkBy<JfcZ5DcKbqG7b8oQ{(As%%i>DhKsPUEnHdLep^AvjyW
z?Wm@Dhe#r0RIe5Gwmrg0da4?ACh3oj_~Okjv6%FzlX~H7-m8yd*abV}TsR+HGs9&#
z$r;AD*#Sz-ZfC1YnMDRoG&wohH`^&B%06@A84!wjEWYHX5cJ8-(Z*x$i<7TFVp5@e
zUaLr|mU2JT#Lm(}$x%`ARX8@Y4*p3^hTAhU<Z&%A<!rQkON-1|BBc)|QcueuoJeab
z3ek!RbwV7WE}l9e@yL?)#px`(G#EK@0P@q{k<V(Q>BG}(FR(x}gfq)!ul7S`tqeTP
z0tYM>gT&?vdzk+o^8?I(pZSNF{~`0wGCyMY56~drV1WxpK=<3>Qg$6IaV6SLSQ&CR
z+@F(`vyVAXF+R;W3|n&wZGFsn0>U{5DxYJ{i;VSSHIHu-^Vc#yqcysQrF;oe)wQ;M
z7C5SPtL0I)XPDIuU*;7SwONk%gV;RQot7^*FmBbd^DjopQ`%Tzij*C2*V`^nLQ7Gb
zd>KZIs_VD2+-;2gjJp^=$yh&cbNyYgzBsFLJ&U$5ZW3bdU^E$KGtXrQNt5@&rQ$5P
z5yr4@gy@nyTPKTdg^H4OkdU8fn@_H}>K2HUG|9uzQ#{9ZjAi#gX=%B96a1xhavcnn
zW<g$YqI?`~l`eoS)u{p3Z~EO9av2uUZJXM}3L#t*xKX+S`9dUI#qdgsBY$pk5AqE(
zmK&uB-<oU}!cEVDFB$1XjzxYHxds_yIxj{}6YzI+ZlD1zT-u$LY|KM)6?W8cdADl$
z`gX{tB?>HG;uiFVJ9f{XW(wpA#!DG*v^e12ZV7h><3kpwU9{L8WE^6Aobf5fA29xe
z@fDr*`!3ugEO3MI&x|K6R&9*a7^{p+8P_nbXS@o+k2nJA7R$1aS*-dQv-42<ng6=Q
zY3wo7bC$1u%J?hB*L5}w^(KTCWTvaXviQFid*a}m1(^X)3bQg9moR2e>uF&A2F9%x
zCzV_5>0;c=_%)qV^e>lNVSzKyQ(K^TA`q!{q<e-~<SOIuV63*F%40mRK8fc?7QVxH
z!s6T*#;MxUh2OjKybnL<71LX{sqJm^s@mI{{Cj;JzGmM}XJw_czM)~|^3}_m)+}sT
zTEBYHg*{(LZC?9+sh#au7!xSNb@3IS^OI02=vLMkI;&PFt8K`BQy&vbBgN^(gZWu+
z3uR|6au3ssko%aPi5y}Yuc#O>_3uLI#Mf0ogqcA<_Jd5*1QA1L7Yn638+nLnieEEy
z&K;oyX+tASry^fx+JQXIbS|zh{$d6e=&w9F5t<MSB))L;6EYW&^b}KZ%E!+=P5Dly
zaYIsNn)1C&J8*s3U>L4tLK&cfMy9D?6VtRn3)7VEXPWXmnWp?6rYXOV=>Qdkm_Y>t
zOjE(2soxdKAjKmrPW3}fQ~a{2uL<R&>8QsHjlJIFEga|sV}%ksf<Ft2&|12e$W~ex
zzjMw;BTxU+lRjhW%SJpSZ0c+O*RssenF&T*KUl24r!O0E*A-ZC*a;N}zfLm}js6!L
z%$p_0z!}&s?a&ukTU3KS{Zp)eF@*4{$aehT4+}MK4R#ct(v6zE=TyAX*$<J!pDDgL
z@E<v-_)=l~NFB~t7M!p6RPYC@<q$-I)o?Bt2Y&|3<Oq2CtEZ3PMA$ZFKxaQDmO-Sy
bN@>0e<2d+Qz<abx>FfhP4!isiIqLim+=P?U

delta 7288
zcmY+Jdvp}l9mnt8gl7oG7bH+&4FvMoyfDNFLbgx~R<yJ}TOX5Uc9M+Q-5F+PAw0@#
zEmA<*Mn)~wit&w)D!R1dll4_mu%#X>=pUXOwLP5UqaLw6*4onV@6KKJdQW!l=l8q6
z`@8r4e!rQWh2gLHp*tf(Es?FupJ-cCw)m$^G_#sj5nNuy7NQ#uc>>92R<ZM`-&ajn
z#%>I|ZToscIJ1X!-Mp+hIJLa(!fG~=l!t{QRyDAaMM*BYf?P}TQ{nj1L_J$d^5H05
zSyXpK&-T>^Tg$am>qF_3v%@}79eh=uiLRVg_C6`3lT*)(GG3HVoH(&L*gWcr@e6In
z=+m|+e{9s$vAhtJPi*B+<~t^KbG|e0oie$MzZ`5kZ3%xRIDA?we=T2r`n~1+P=43s
zi#We6_@eqQ{!DO7jn@7G`Hs+qv76{Jo-T}UW^7`1tYFqgU1-Dq7|fjVAb&i6aLT?h
zm3x$dt-+4k`8=OLT)UY2yOe>4O3Z{_uCPPVKTIt3zf<&&D*7iB{bP#$FN%J5sGmk1
z->(cj84d{j?ZKXzOKOB`d8ju^mi*S>jJg?hzg0AMD*UFxe+sUtYvq3k3R5Nr_tx2U
zVsYv5_ln)q3jaL#Z02PC=lt?n`#66psH(rR@>ym0xx80DzpU~RMfGs-TvKcN_L7GE
zi&zFLDCzk|g@^LrialG#59W`yp3eCl!N+YbKM?e^5Ac1#!S?P8f2r91Lg8O4{Gh_y
z6c*8y>)#SwHfKgKFtcJJ|CM60DHxhFIXKWhf&V7hGiL_BF*u5=AACKhsq!wx?xvvQ
zoU8eZ!O%IA`IcbUIa=LbW%PN4UsCw7Al5OTzaI2=Ea5i<yE|r7zN(Dof{~6z{;ZeF
zMa_<iGd2rZ<KHI}Fv^8r&)7`jBM8}K#>#Wx5$KmQ(Z(G|heS@xLH{@Knc!jYr{G3#
z0sL?9bk3%s%4Uz2{5tq_!9JVz1_Zjb$>;#MS@J>fe973@_zW1En05$y+9dG^_$tYt
zfwhpQqnq7}3pO#m3U}x*Hf?~bp-)49D>x2b?MopCVKW$YGQ9x44HMuX3f1g;!2RGj
z_;DyMW8(2O`#CU9Ut56wAR>fS%V=|dg}xFWwAt@q?hhElx@`6cE;w~{9Q+aZEwJAM
z;d2N$O|=dFFZe8Qj<Nc&Qa=R7DfkbeFMw;H$HLUr*W-dy)<nTE$<WnzNNxjD6v?Iw
z{2gM>YU1E!jQK+NHUykX@FMWFk{5#!HlfGFdI}v)z5u*N@^`^G$xFanBrgT;lzbtW
z9z`_wdtizjZD={xuYW}fS7CsjQFO8%@Vk<8;19qEUCl5Uq2rf=3*h5mY<voa#Y9}G
zXixGz3J=5n%kppt5uJv^@XIOxXboc^T!~KsJRU}rKZL7-Di&2ut>Fw@un8)P2E?9U
z0gi)_E@6`c&jRBBY#7{(ejPpqa69^oF$Z14JX~;kj`Y_1ls^;#M}Eie1>XUVq7Gz*
zbL6jKA@m!ekHh9o@B(lSy;uo+H*A(+)8rjdY(SlG^kEx?`&Q}^DgL8S+t35PhVqZr
zkc6PifqpP#Y7GOJSpmQ%8wSzS$<P{ph6`~NOixIPOdNbWdYp{)fbW+Ke+^Gcw!!-(
z!(YQeTAwE8AiRTq6F$S>53z|Kg9~8fm~7~9jpMK(g0bL9z^lP%jb}kY?Nsng*x--S
z*PxuZ;x*`yK8j++i;{b=eq$4qsCWu#V=KaiKXTA`9(31%(HgtKn&b<>J(7`AQ4{DI
zFNc0bs22_>Lhw^TDWe)et9TC=Vx(IP`eZ~O6qE=Zb(A9tqc{{iD2{jndNgt*7>*jR
zlc&csL^!1g(MR=Zz|UytP#0=cd=ZLz*vH|NLPT7E(-autip0S(LXjTuDkjnq$$>Y(
zDgNliM|Da*X>&!Nf|r;4aQMNqk}gx}f)RYkk<ig`F}W{@PMvzzr9!~#DD`s0B(8+@
z_NmoKAgLQSZNzsCc(`;7NUZT@cp3oYz{6l1i?-GHsASUbWnpC$z%PTT+D5>XxXEM0
zs*Oj%Z;fM-F^G^sdd?ygd;fhBMzaW&-Y3!siD>*1jEzO2j5X1|iR0i2aE`AsilulM
zlOr4Y(^%+qC77OPq<3I5pSX-gTzri^DD}ueQ*EgCBdZ}GL1MyMaEIh|;6;+x!_gYa
zKLPKQya6`2N5ou2vMC8hE-1N8*offG;6X4I!!Y<pFd`HwfQRG_92tQCryM7t95y`y
zhJ&&=7~$nONm&k6f|BGoNm&8<S7C^>mZNJrBsq@F9fyqveGd8~7^Uc8!KM$;qdKWI
zQKU(qqx=iPq%`q(x=6!O;Sda)zQVW_4plBeFYXnRH!^k#I<h%IdQM6f!&Jc#V@R1`
z*u)S8!8m1%ir1$J*kr6$4q#%8%9-?|!E+>!0gGHhKNh@L>c@eXNygq|mrAa{hA1lJ
z2OEgtVJ)~4e7)p}j9qu~^!GzqjKsYP->2{cn7kUh#qQ}5R7?k1hzh?L5XZuld*Y=*
zbnX;Cb{`f(<5{{8ArfdDWf6M}?r<I!3vWD5Wril60mM1*d+70nMpMPpkQmFy_CT=!
z90j9F#5ZId{F3CQ-~%jpdTyhSDyR9ew~;Kd1$3x((I}knmh|Cs6C<?5NJ-D>(M1hA
zjvYfjWQ%>O@c&BOTvcMfxuzsE&r*19iEExMaq~ij7b$#^!pjxb6dq7GD_E2{Yra7l
z7*hBSg`ZG(pTY+eeplhYEBv{_|0!|HsG#TENq);2B~{f(iCbzFR^rjpt>`Z-am}F;
zw<Hv{6<(+CR>4<`e6=WNZFy8NdS2m!3LjBeIcv*5OZrwGe0^^1l-3GGHAUgNpsTCa
zZ*5al%F$YvEBb2{PAj}t;Y}r;IKRZLw<&y&!g;~;<U!%?Q3hTJKJIFn)B0vf6^WO)
z^=*YeRQRJ{*?BDsTh#z4W#2ZTWZI@weVdZywz>Je=N*~lXOniP=34py12HpWc%4L{
zibSSc&OmP}(Z`I8p0G7<jcu@urRn{KKG3OogNon`N+TnaSdlW4tk1EuA}4g+usw~O
zr#hIFXnn2MN%W;m*JFLIrMc!>gW0;9GBW6#uv6A|^i{=097ju8)<D*lilpIsj<rUt
z>KM9Vt}+DcR@zP(p1~X=ku)4_W!A_Vtk-f@CwwQVC5>KFH$8Fq@Z9bIv%^r(RdW-`
zq{Fhh=6NZmr`<k{_T$P4w&lpVW-?S+w#S@7E$Moi*=uH!#vt=7m!-{&@Q@B2*=aAE
z^i5aCw)9no<1o|JOdV_YI)<?V^H_h<F*ACKVFnIrGtWt6Tsz?y8IN>{R0_ez_7Oiu
z6ExbW;kp{~Beo?yYfi7;(bd(#V2ktXRwiTU*rUG6*Jx)@U<00}yV*3IGu$&)I0+&G
zv<*rVRYZ7FBCR)zee|YE8YZkM3bZqkP^7WX>t_fF^9E)3D4M=FQrh%1&rBmHDQmUK
zvP^>swwX>_8D`oY_;j*lCLAv6g{`hxW^bs+ZcCU>V2jd%PAJjUEmW@*Y{&9^t0;vj
zE!r76k|~933B7Da8!*-sN7C7pXW9v`U+Yh}{h?NaO~yzuGQ~tqTVZr|ghL%Hn=+*p
z5mMxPC?h?MP$e^zF&71Eh$Yhf6zHS@4=JO)Gn^K7sl*B_khYao5ggNA)v2LudoAXA
zrarJnvj;pOCMh49p1>{3L@i6k`TW&d=#4TJ-g}ys&1798skO6y3-_vt>|hg8IR}N8
zKw)FZMX3-{20|r~Gf0VdGf9dbO4}B_>*%&)^tvo*Wjs-@iL7V!rhIF4xPB-~Nptbs
zalAx|iqdqgR020I-9A`Vx3Z{yPfsOWmns;Qf|{XI)BUF7d0^s35AQxHiO3X-R|pAN
z$)-<1L#>IrM!c|h)5^f{Al;rQX@pcp(X`D@af2b!pyHjq!bH+=JUj%fuyY2*b`S{J
z_alZB7t!MgSj1(PfPN769cqf;42H2AES_@Ea?C!Aiu;Q0>67=BcuL{asP?vbZS&eY
z*f_JdKI=9w#DlfP)~Twa3l>D%^3U|V#C=;s80cv)&THCQ@w_F}93AJTupmf^X&9$(
zD!%Cq79J&E1kiL=YDp`dFj1JRQK*?Dl9?Y`q4WF~`r=W39N&a^8Lj((Mb5`dw)pP@
z$TJqR$YppzX7qc7<Xc$eDjLs8`2iM5(aZT}MZN$$q{#F`Y=<J_Es_mO`8bOVcGAC^
z>{1l?ZNhddGC82PS!`hD92QwW6I@Va8b1`ub^l<IZM31Iid+pIQRGSBFBQ2F>x)-l
ziU2vl1p3D$5fPFxfnKjq%2<GtQ`J7I$Yfuy$YkH9$mG9EktgA8RQv-I9L~CgMRw4H
zp3p$ZG@)OSX#rc2$$n6g$v&sZWWQOF$$m(YeVVXCQP6~8MWzY6rTh?!?4t3#$~et0
zC^C)j59Qbv7TJRu;>SW6SJC)q=qQ5ttv~t@egH+r=JyU<#LZ#oVIRFpn1!h)`EDtb
zU&v<<OZm_@WgZXZTKwRnCISollQQP>OYq`%LvZ(+Xs|7Ppk{1nDXyR3D&N=mvB1vs
z@#^4c=F0Y^(Bo%g@wd{v9&i;t<@lh@8^ndii}Fyu$J#kQvSq>cwJ${cy+L8^hKRpE
zh_71$hnv@RM*O2eVO@97y?$&kW_=gO(E4tEG{~**9(R;HGM0HG*uNfz$F~1uVZ^&H
Wh@;C@2RU?Gx`G0_4bklzqW=dY%k?J!

diff --git a/firewall/interception/ebpf/connection_listener/bpf_bpfel.o b/firewall/interception/ebpf/connection_listener/bpf_bpfel.o
index 5241f58ebd540dab34c823871c8d4fafd3b05c6e..1c31943f1e2187d77302f5ed0927928351901a05 100644
GIT binary patch
delta 2866
zcmYk8ZBSHI7=X_?d<ZLx3&?)($8}-XyNe1eL=pmvXiA!*;)t2zLVoa}i-HOHaWS(Y
zSs3cI!U}|(DRi{7TNCC?Xf~tuquKuHj5;>ijQT^fn#N{y=skC@v+o)1J<s!goO}1)
z-Ft})iIFFKKoKKd=X`2hiIwT2DQMB>HN1?OkeY%ix@YoIeVz#F6FZDk7`IFY_v7lT
zgQ<G>24_t6x7eJzKkII>xpe;)^GlF|4RX)e4Z)Zb=f+vm7@KH-W<CSX#Rt+FqLFFo
z(K#3dk+8$r)G!@e7?TV2OioT_3eI{APs14o5^7C%3K^4|+owH9$V%exL2_yye@iP#
zt>9u0hw?;+2GgDj{yw~$z8D_cEpRv8$&YEt87JcTr`j3YQqDv0pZz!w!!bv_V*rn4
z4AJ|H7&8SSEz8CS!JG9tKdAkhH8I8fHYsg{Ay+9stX+3iarYY}v6t`|S#Kv)=GYu6
z$(|<JL$DLGCrI`z$$kW*IX2!7=W`ar5>JZx6H>PW9PVuQZW4K&@NvQ;5On96dr0IJ
z7;^9BZ$g2`=I$l&O@!AH9@W-(COCfwGL^OFK9cCyx|Gs5^L`TA2bXg5cndtrwK-Zz
zd;{SoZRYF?aeP?2nU}$N2RzDe=R>f$pao9*Q{YBHQNdPHy@hZa;V#0Pq0(>T+hLtQ
zyX;jG-$u9|d2EJ$dE;XjnTcjnvkT7qv-w82iTgU>g}LTVl6?(I3fDu@>=bixENW_i
zGllj12<-RU%tvE!(G3MfrTk;qUbL96hi{6qLGh>Xb?`?~6>O@om;B|?&mwg>_Qcwl
zSc&okb4iTF&&HA~QyE)j6kL)F=PG7+1pd6rFzdujBJ#_~0c4B8OOPG2;NJ?LT7!sx
zEE`iePeWv@WdH{rgefF0T@Lw+pG)E^jCy(HiZPC3irmd7yo~V17^`e+OjrluLxe9l
z<Z{tP!z4aH_!!|~!e<DdCwy6FHM(eoByJJDM|hI3S&5yHgRnxlh;V>#HR07<f#FK4
z+CXBrqYvaM@(67teu!`%;SUK%$c6fn#J?l_6X9zH>j%4|K>q?))&r7%N;t_2KQC~p
z8Q$1OcM&cm93Wgncmv@k!llu-iGCJcBz~Ci2T{(@i{uv^ht8v3I8ZfLob|#NRo1L=
z(sG6HFJ8D+HMjg43H?U+A>k*46MV4)*?rne3$J@}^Iv!_pCvbKQQBMPl()Ckx9tjb
zgc?Jw&ayIRbxqBx6}2ns*DS1AR$aU3tDQe^ZBF|huAS(pOi<_HV!Lts-HpG?`GN%u
zugYf3Tq{_c;YZOE>jdjG{4;c4t6<&47oqnMPe&ghZb2V3{BP_p?i4B;A%W?gf{hVR
zM?Y)0KZmiLeS(b>Pe;FM_(S{vzOY~s;&$|F#I5Lm68D8w!5))<Y>>|!c}3)cvLT7M
zJb;C`thW=F^-kilULh{)^NCwk49Mr5Jm7MCi24Qvt0Qhl-$dMsE?*L~zKyu7m#=_l
zd0F30T&~|kT$K$2Bp@3GiOYsD!%yM~TF3B~ki6_4CocOh8h#b)lfM@1w&D00^>Nqm
zL^n%hB7&D(+q`cnZ<gN;Gj4TGy-dIL(nk%yh%9|%Chl;^TTgu+t}A`2OJ<pVVX4dW
zl786(E04Hf{(&Dk1FqWmZE&btxdjfYYyAP)i34ky{J&Glmxk{)+$^{Sh|7FkzGmtk
zHi^DYICbQEkraaF-UGrOg8RKM;*tg7=Y@i?a5*1`li><}5$@qW0^Ys~QzQWwz%g?p
k?CL8P^FnZ{uU!1o2={T?76M;?x#;PHW}Mo#!>NAH|EKPjSpWb4

delta 7166
zcmZ9R3v?9K8OQHTHUR=b-g$7KAwZ1bk%u7$kgx?65FemW@qv?Nc9M+Q-Pz2{k_{je
zC~|<JjlF8ARE!UNi{kn~REVe*1X}1hRP@*$j#>|`$5y5GAg$8>H*?oqdk?es_dV|8
z`|e{iOV59mV-Kj^73!ibyDPn%IYrDb=DHz%y;Nyr`5<%MAYUG-T<X{R*ZCE@1JzbM
z`||>MWM0GF3#am-q3Q+e2K%ay6vn8pw!%_h&i2$+Smw*Gz&;-oSx=vgeWWs0idw&r
zB=o$VZwYBb*9X!C!-6`pj-Lx9O50a_oI?ugWGL#9DnQ7a&YwTeH{~wLPc||}&z$Pa
zXSpT)m0qq4u2Npe)C``jC_6Ik7Zm0wZ}H8;<|%LU<HM?ycQeZHM?%W6%+A7vigF+S
zs^~#wFTcB3Q}*$%iVKT3VT@D|T>ol+IR8Wa9UoWnxbj@)P|5y&1uq5@A&a_&-&;0Q
z$z+a~%~cAXkPJ`qaT5xQw@I3(`ufX%mM?~Nw`AQVS&#E|upX4GFG$w=`R)nxil33J
z?@4?wA3AaT#NSGq2P8f!@$dPK6RXsh6~3=z6z`dsEPh@xz9jLhd}w(gKRaQN@`udT
z<@*)o6<$zrL&0m3%j=o;ikUeDPfMz&_^XquYJMeY{w)Q;CH)48yEDa;U&~RBWKL8K
zSCsAiZ`F=+m@ltsQ}**iHM1AoCHdYd@vkL*T;i<~kL~09d-&qo@w|1ypn_laY1NJV
z&e}qLux60*8@{`CymALWflrTrTRW-XLCNnIyyoJYl{fjF7Z)m<`Ob^AiF+jL8xkLo
zco)B@Zl-dG8+G%P_59ho@dfWl)-L|%y1Cw4<=9k=g~GXv9R*)2JdT5JBc8z6``|*x
zHgts;I|W`Oe9jE;+p?~)jQth*k#O$;{{vhJ?gf7f{t5WtSf=FR7!n@>4-eR5??D(R
z42Qu}1Rnv<6nqq%z}10Cuw&@-TIh*SftLyX608ZPQJTRti6P(~oG=5EE&|7)zZd#2
zxZ^@E5V|02f`P-(3%(EBOi`9H_As~=90orJUII14ee*gPnPa`+BVaV!a11xdpTGs=
zgYp4*G4+G1@DzABFbw`2{6}z;2jOc76ipKR9e5153*5gV(07A}fUiSGz2IUn4a|xe
zs{m7!rQpeeE5LPvtHCn`H-Ik_94=<cRbY=A{}jR!VVDD6E_g235PTUpF8FeAr{F8V
zU4rL<Hw&H*-XVAac$eTS!LJKmRLnf~wh)$KcE`aKSrhm}!Cl}_z?8Zk@aN#`DHGr`
z;3bsa5<Eds{Y@+QVX_JC0iO-}40S^n$9`F=VEw7|yNIzHs8c-oV60!L0s6dw!LBBs
z5zx~lO7Rqfe+J($cnp|!eixo{Fa^+qX9{>V>RvoG;HyzHw3z{>toH|3c$g7wgdq_2
z<TJJ%Tnf(a@M>@)8f<_*3_c2<S>P_PDC$GttKfqwv<%AYz{~pV45v1i^h=<>QRth%
zw}AclqY!jqXaz?Fw}Fv>5a!6zV1Ltre=fKbd>42G>M)-B!4z2&o}GeQ!7m6-g7*tf
zgO6N<@u_hao)2Kyh`I;Qr{J3~iC*v-F!@k;1JFCFP=AP{z&DGDj-gSJQTp1R07k_A
z^2rgui%9(Ahc<5tZld*{ga*r@q?A^HaS`UC12!Fes~BK5SQC6XxJmHUVCt00Qt%3)
zCmGoaQ9nm97#(RUe-TW7#86Q&eu&bF&FrU+lsBRy{9_a)6}h8`7=St=rjBkUXSmZH
zLIvs&xygMR@X3Sz|M!7Msi5@@qXngixECBl13z6DJ)5B>@Ji_YB?GSoQ>v@cMou;L
zNt4U=Nlf1vKlB3@Wwie%7y6-&m@fntwMF4$N0*GbUN|llH7eB<?Q{5dC8Iq|gl$9*
z<v1lh;A|8?b~p5G@a_WlfMZ~q)iZ*-z<a<HDMkGjn4&ucJ_`0zs<M73!E{XfscZn<
zh@>B)GUek+>|hdxsx0pd;Zz8xvtXK7DL&Lm0f)hZzzKBT1g5)~+9uJ_FzAWf!6kxi
zFx}mxcT|@1IKIV*S3+MVd^)g$awZ936%2KPSA*vWUIV84ni}5@rhA!qEqICWK^m1P
z81rUbm|VNyP2e<`GSmaU156p}1$PtE4RQ*?4hTs^MvM3~xE&k@?*ZH3E-+o24!9Tm
z4)p$_V&RVo4uk1VcgY|8KJ@51L<4>ThRH8q1bTm2{TmEgHI7E2<YyhxI2R8)hX$6g
z&%@<T(PzsA*f->J9zH^^<W3G4O_V``;iC)}jQK001NImus+0)>E)S(rFwUD&E4Uwc
zrr`eIxq=6PuM(UOzFzP^FlB`%Gzff)&|~h(ZGy2KFuz;;IMkhe(W{S0{HVl_fjiI`
zvk%e5kzEezfp$23Lxu6s+7r)beC)K6>5rlb%HR~5_w~lqG=yESA)XMq(822z4s-={
z^7d&zDSr_r`o=1SWe?aN1bjg7eDLAP{N-ttUI!5W*a?_WV__IuMG6!Q!akJrBvYX{
zPD%Qe!XJymPD77^+~aRjiNBY4$P}{rJ{~LX6Ii*#(<FY4u2s=#qokiB@j{6gNvuiS
zCUMGVFPQ0i$<QtFc8PaOykFwO5`QT1XA*xc@qZ-FRi^S=FB#>HnA#WMDN3&hwoKAb
zlX$ko3nV@!B`PB6lM=6%cuT-H`^&XmGCU*k8xkLp_<e~#llU8nl`4MjlCqM4Redp)
zNIbEM*Ef`T)skwq#ET?eE^%DqRT6KMc;?`~A@7s)4@;a0c(@-v9U2s$_f_$~H%zTP
zD*1-#z7pmWlKxYPKd<6fPM_NNjimZs;z9JKExIU{xJ=?{)tQ&4e^BnFqRD#AvGg_u
zVrIf{>xlvtiA=Zbw&qx*g&7GwlGNPJq`?xFrnee;TfOF{CBaS$CnFJA5i_E!#kRC8
zM|9mtx*ByJt7Af<@wH|<(h@Trm$f*S=9sGtmeie?kw9e!l{CJsugnf&+gi-B+EPiO
zh#HP-Tb=%>wxJv5O2cQ}iYH@+YcSi0L=9VOPZ=qLHCuK^#IvJX)Mz$!)AfT7;&$3t
zGDrn|YEC2?wOLBnTsOw_xYMH1d>qjrY1yK!84Xlc(q(p9i#o1mHk*m4k!G&tu(+A<
zdx!@eCF5=?>Y0v?Y3VBs+h(StnL5U9whdzi+OgKCZ6@>>Lkk3&WUd`aILU}@BwW%(
zVlgBi(?|XoHPC3HhT~{hAAee+XU%Tb>lzyB7<>`GZY2_ijydWpJ&k4t1t#EXx|51i
zoWYzi!VlnQfTlsqL^~pglt^n%VIIw~J`MA|DGM|+e?hT~Ep97AN|>7#>7#6Ven@fC
z)m$@<HHldrCQC65E|_LKZY7wRtiw~!qKUwq)%(7>W|_@_9<%Mkcmz`v9u%QKN4Kzh
zg^;u@*R!%xu%uZ(L&stYA=QU&DxtL*omopf6?4sG#BJ4DBTj3e)!>sbVvJnTP}5cz
z^>u-%j-_Iz@FKzzc`mk*9!IL830g4+8`kiLh__OrqXv4288!7mv!IGaR$zd5QW_P>
zF_SCnHEi2vi#e{Tw{>dCHrE%Uv>uus!I5SDUKWh_ybdksjaDi+dzzL?q#Prv)v#6z
zXVt{&U=l)Ei;Wk-#)iqkRw1Mn2$V#2nik$kL@9gN+DX55Y&~fk%?^uN3D@7Rk(6sS
z$2_Ye7(Wn&q&c{EY&R04O=&t-EP}&J#|NY8Rtme{)ngIIp&g8!f;~e~(|OZzADB4k
z!RZr{pPB6D^@WJo$)-n1!(Q|EHS&eIn^poHr|EcNOCzNsi)PZS_YW8{4a%PE6($x9
z;o%ang33<&(?KFc-HIGiUi=y%U=W8{KD2@`??96UJ00XMosBYW*=7r@{<)$v{lmHP
zZz)8L-CjMTdPYqh8(=n9q?{>@xLBtqb=uXXvu2f6XZAK7P`spuG|+AD$7?3FY`lG_
z**fB;v>-{6YmlcOD}LM=JX~6QKY^y*u0^eQ#Kgwzz(!3(v6z|e6}po7mmbdb!uWzp
z;rV1DUS2O%{h#(po;x1D&@53I{f0pDJ&^O3ss8H#$&W#<jHzssu#<c_<ZekG26>w#
z4}shx<TLQEPvgz%2}v;`t+MAOc^Kq9Lav>F-yQIl)ho%vARiO*KM_FXR+XKU<RZwY
zBzY9%vyxo7mELUe*DOUu9Z&=M%_u8V1Nzx0E7Jf)l1%>eM|ajv{uPo;{`B)w)=vHn
zl03?Tf__ILhimY5UAay5fB4ACMUY!1`zXlt2AH*zKfNPlW%BQmWb)r6$>iTH$sRS>
zCMl>vk0eur=Y{+vCOGN|EQw^N_Pvr!?GFlhGycLVcu{4ig^U>e@}-dTCbB%H9z)7A
zFSRXHZtH=y0MD{ge4x<Mll)LAK2Q$gA-QK9NqD8jBg<j*OY*=nvIalU$uiCB8a(SK
z^M^Xi_}2K_N`JmMQK+2eW}-zY;>Qy=)XopuGWgM3A#0iuDClKp2%fYglf8RJ<|b=L
zzB+3&Ki9cW-Q)4StJbOqJw9Xg73gx^>Pys<(5-I7|6_f-dbV<qPhT@zImtWM%+5cV
r8}$8Nf*)8@ub%e!xiyXIqb{Fud!t&^#aE$f*v$8$DqYLZ-Cq7b|0w!x

diff --git a/firewall/interception/ebpf/programs/monitor.c b/firewall/interception/ebpf/programs/monitor.c
index 70bb19de..6f486419 100644
--- a/firewall/interception/ebpf/programs/monitor.c
+++ b/firewall/interception/ebpf/programs/monitor.c
@@ -170,10 +170,10 @@ int BPF_PROG(udp_v6_connect, struct sock *sk) {
 	udp_info->ipVersion = 6;
 
 	// Set protocol for UDPLite
-	if(us->udp.pcflag == 0) {
-		udp_info->protocol = UDP;
-	} else {
+	if(sk->sk_protocol == IPPROTO_UDPLITE) {
 		udp_info->protocol = UDPLite;
+	} else {
+		udp_info->protocol = UDP;
 	}
 
 	// Send event
diff --git a/firewall/interception/ebpf/programs/update.sh b/firewall/interception/ebpf/programs/update.sh
old mode 100644
new mode 100755

From 8312c7c6b51bce0e05b62c7b36e11d95db833106 Mon Sep 17 00:00:00 2001
From: Daniel <dhaavi@users.noreply.github.com>
Date: Thu, 11 Jan 2024 10:03:40 +0100
Subject: [PATCH 2/2] Add UDPLite check to ip4_datagram_connect hook

---
 .../ebpf/connection_listener/bpf_bpfeb.o      | Bin 32288 -> 32456 bytes
 .../ebpf/connection_listener/bpf_bpfel.o      | Bin 32288 -> 32456 bytes
 firewall/interception/ebpf/programs/monitor.c |  18 +++++++++++-------
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/firewall/interception/ebpf/connection_listener/bpf_bpfeb.o b/firewall/interception/ebpf/connection_listener/bpf_bpfeb.o
index 4049e6dc2ad85a000ced63e516ca94b2110e7b48..7c9e91d7fc08c2f663505f09277b49d41c45a58b 100644
GIT binary patch
delta 2361
zcmZ9OO>7%Q6oB81f46BXH%b$S8oD&K>!P-H3Q2m1@G1xqi69yEKo1pl!3r%+QcD$T
z634Q+MIwOPsYImaU@j;J4z65@6hXBT9CEZ!4>@pHsXg?-AreSbq6psGT{mxM<bCtL
z_ukB#-8VCG>$%weS2WMa<>`C*syuWI0OZvn*pEFNPJnr9W<m_BRQTmv4|2*1Wl|8n
z@eyRn{U|{a%#SaFt6e>zK8+j=U51mLmC)T$@j)j!_Tx$Qbt%{R?Zcl%=V9r+kg)*}
z>jH?M)Ij-!nC(oK|C8cKXY!M(sP}<z4D`iu*3aCzT_I?8<n$Pb=Mw#t9r@Tp5Emn8
zpGD5Op<dkQAd_eZf1dO`kmewAZyw?(auOe$XCwvk4fNN+WCjZG6Qv!H)5FN;Jb$Ji
z<P7;Ok4N4DSw4Vz#pgR9uaJMy=kGwSyoP#%@!P1cGVaIx&}0T$?Yhr@f?OR(y~TI{
z^-ae8sJA^neir1~an!dMlYiUe%qt)_XhB`ZNz4yB%s`)PmoW`^#yE+kK%`ITPKfcn
z()AMbO6M}g;}eKC8P_pEueL7+<XHeEDEeFjxk>RC7*m20V~W4RnBpspDSmN}>zg#7
zv1f1-_%+H<LK@Iyeu`gbObPswWOhJqk-yFSG=7UQ`E8HWeQ;L(O1t0j3@F_uo?_?i
ze(B)u$DhZv%hfN}?u(dm=0?=rxk5isEN;X!Z9Z)2S@rweS27({-!7SIZ9aD(f!2`g
z!&<8L{NO=%KHmcWs6Xb<9E87+=>TC9S(R8A5^<GX_(q&l_QLu1X{Wn|$3BY>XDi5g
z@*lz{j1RWFg@WRHd;#@@DqqhDqjTqaHC*381FhZ<2-6!ec2|X8sppT-3vo6z&TDLG
zTnutOQVJR(6^$DjH#Kf)+}7CExEtU)M4W&DBD+C$OUvFkn$Y~F#(9k`jf<S|4v3bx
z0lA`aL*u5#Esfh6+ZuNn(;XCbn1OgV$T37-^H@S-Q{%kGmd3?Bru+~q?HOFIXxz}a
zsc}o=w#K%`-51=48ZN*=VW@$dUmRXRjSicC9^z}n>i*4l>rYT)CnHXWma#!2IH!==
zzA;W|JgM=F#utNJFy?{=gO<t@&{8>X^ms5i{L+y6a`Eq@qnE~EW@;+$b)%QYJo3BO
z@!FbFjrpj0ymVyW(rFxzO$@2{@(*HB*~{<XjTEm=h*f1(3!<wUDA$#Z(z(4-5Konb
z@|kM5(nh&?yY}Y3a>|>?_+CxdCJef9uo*?QS{s*3S!LG>uWoxr_x7gGzu#l`F9oT|
F{{a{~43+=@

delta 2207
zcmZA1UuaWj6aet^eNED&otTccrr1GT|Cl<p*ReKzC^mG859_2(9}0?1wO~fm7zSgp
zX-yb?DC-81udqDkX=LC-B!XqI5%8st8Tc@m4+TYh5DZvQoMSsD_tu<yF1=sQ@0|19
zd;8r#JO8TEJ5@NTZ<X#@S>5#!0O+p|!3X#YJwZ5pXC|t;&7S_I*VDCh4I-3(6r>Tt
z*B2mYlKMpT&$iSl6{*I?ejBNd%>S;;+pDA1XYnuF0;>S+6##YDOfDW((dy#je_Hib
z7jI-$&Ijs+#u^>#TY!)M0CmL+Fcd|PQW7`J4}AsNk9qJr{vLF&7h}2#s*`;fhinh@
zgC3-Mn3?Ky?bLq{^h6&(4knz$6VQ{?5VJk-Ip|9VFitz(0zF6djN@NGCy!yAXFiMZ
z2J?p)7ntc{i;iD`&Wz*vp~Mp17?+vp02SMVpMqW;#CV&T>N~cFUV{FSE~w5N!uT&{
zT9F3xF+4xKVF{eDe=C{?#0kpJ>UaW0{{<}}osjx*e{bp!GgE(rnffi}98H+D6T|00
z7iq#AGfjvyQ-6Y)`qRwRpJAr{JTvugw7gKH358aoNE3?8G@<PHSI}juS6H3qZ!=T9
z=6DD6ee?HHf42{G9iMXivzLmVX49FxuY9JKyyj~@?Ewr2%;n`9dibHauo5;;mq*Pf
zsm|f%4WgN}{eyd3GqR6nhX8x#OzNchA$353DW-l_L1W##c!A#F=KaK9x((bhw=Jp%
zarfYkn-#->`u9DD@j>(G=BV;lJ?X3`w~GmXtHIN7o8DGl_tL>xzc(yw3CDzI-OhRA
z?u0ijoEI(#mxL?AHQ~C;Iq>ef65wsPO`i+?ANzvBVPQ)+COpfHudXl76X>*XUbrA!
z60Qi>gzL=o>G18c1i9gMJCd(Jdr&wmYzfDNXIrN8LwmfHXgV#N7cK~wge$@|;m2rt
zqdd@wBVND@9F$rAZnI|{Bf90z3*+A+o59Q%IqG3gzW<%u0ea0?J<u<FTzFD=M)-=`
z2Ls9dM9-m6U#~fF>vfkkKMpg~)7JbL{hXTr%uKGFH=8SmJ2F3EH*WY1sjNIuev`<a
zqc|H?A@e*trOGC<I;A2ef#bF*<5)A#ajcuj8jT4YCro+mbjS5Q`%r;Z(^!iJ5{|;g
dx;?Hl8zymk>ImI2+?pR<T3LHt?FFGi=zsG!08jt`

diff --git a/firewall/interception/ebpf/connection_listener/bpf_bpfel.o b/firewall/interception/ebpf/connection_listener/bpf_bpfel.o
index 1c31943f1e2187d77302f5ed0927928351901a05..cece72609e0da964205245ef0ca990c457f2f92e 100644
GIT binary patch
delta 2422
zcmZA3UuaWT7y$6^oHnsRg|xFV)vB>tjm44FwbsH|Gi94>eTYvA$_&`mf33}wVbiAE
z$X@!;VdQMAgFa+0qYrzi3uDcgQpO(o7<{TQArE`#-U<^`ROa`cdt$$Qhu(AV?>ql`
z{^Ta5S8DaOD#rEcsrx+z-P#2j0Iq(y4Re5Y6}$J@fa);2oA=(UBuuKQdk=<h9g5rH
zzZF0XpDsnh)>m(uYk_?_a-=-n^h2*YTW;@vaKzlrB+8FIf1t__GoLnv7PbIX@%qEG
zjvQ8_<-w8vwc1@CygaSEt=#~jnt~SW_bc0@pM{<Kv0T4W5O;pq1rWHPU=-sCSD)J5
zK?kB5TJV{CA03Hlp#QS&AUf*Yc>v4%v}Y$n6(|tw(?HWC*RX?*(;7}Vw;jUrVGSwg
zQ&@ldh=#25x77ZMhDqn2&^>t#1?G>?v&?OIPeYLf!dPM6`9JL7_^gH!^A7YPa~pce
z`Pe~#gL4{|ncL8-&U<kJJqsGD%ux>mYb+2!Z!lAX=gd(wxUHZLseXOy>I2lbj!gBV
zqJE6oqXFuBTW^qL6=;C8^9;>kQNuarC_2L&L0@5}`dMbGKe=fSs6k;fU<a6GrUpf3
zsz1+611vhP(TXhNmauYazsyYSSDd$Y_u=XPOGC{CaHVZpceba$hD(lrbSV8(ZvMRf
zi`rtIj2$rZW2x44EZB}$5Kk<nQS*50t`2saA9G!1Zv1F(7<&U~vKvWH^%Qb(>Yb;T
z=HKze{--t+u)D)cwQUuE7PJ4x_v(bH+&F)RhL5{SR7_3@$CG}b8E>t4rI@MyIp(nW
zVj`hJ<?kkLHG6B+0u$YWc&!UVfJ*)H5Z=SWG2x_eN;utU4>FAb$O;#Pi^3)0CE*p}
zYJ)v|7c~R`HiYf6@D-qCVvY$Xg;T<5ZX6#nJb=y$7lez#CE+FE72ztgM|)ah0rG}0
z;MWT!IvVy22*-qz!YSeOrajwXW;0-&6)p%Dg-gOq!Yjhnw|>W;QSEI2ZQ5^ty(iyd
zr)=j;AG$ei^Xu(X-ajlt3-(mFnU)Gu{gc(nOpix}-xnShzR>88VXQF#dEq(X1>s1v
zW7kge&E&Ivy%&$e@X3=&|JHl4-<P|+hwr)}Qy34LS}q!TH)m%BJB^z9O--80)F=3!
zQqu!!)(lP$sjA6gK5r_R*USsd*UeylNIf?>n^!PjG%xZ)q0SM%r=QJ-GXtTu314Y*
gXJ$ahbLRJ%58|uievsbzl;}pkq})>59~=~a1KKSN1poj5

delta 2223
zcmZA2OK1~a6ae6JZ*5Hc{c&1#OnpGqTGOI76*U#A&98`{B2`=z6q{H<rLU-nu@5Kw
zDs-V3xq@BBjkMq*8o_QV0XJR7g&^Xhq6k7kK|%3>o->&?C+Cv6GvAqW=5goFWcs(t
z{!*E+&R%)cl-4zCKm)+J^NX<uSguyxIT%&T%olyZt^w$22)pq&3Lu1A-L_?V^p^aK
zs-6}V&hOej)tGPWno{P+$>#ir_<^dx@IrtbE)UJl(;HPZpE&(TtGayR%#d<?8vyhy
z9twY#@MzE00aTw*5XE@2d!ADKD7xCO!H+S@`yXvv8Z2fXI_P=zdfZ>H-7BPgvJXwy
zPJV>-b*<WgRxj`l1HLv5G0%Ik;NN2!lAiC<0Xj9LJU>7;^=e2n??aC=*P=7b7JAI{
z7p&irax`RFU|CATICCvJ=Xq;AK>e_WN#<JgwC7KF15GzI6q$qQSIjp0Gjo%Jf$uCp
z1#^#r4oC%l@6pViz+$HSAT#BMnCXJT%#<HtcBr7k3mk61I~dc@$s9z-nQio0X39@8
zQ+|q>^3%+eKU#J-P(h{~04f+`rh;+L6L^94I6e}#pXw)>slMQO8uJ5B%<G<&wmZ*@
zIJo$u`B$3HW>N2B<ug;g-70EY`flsz4d%$;I`h77lM0xc{uOmUF&Ci9t#dcM?yLE)
zzd4}sMEG6+m^=OVlw}$Rjvt}7mS#CM+D(q(LT%3BNXZLuW#JNIru<IkCFbQov-0Pw
zlNT2_GgN_%R(@PQ3)8hwo7-;*hlC@-G2xC%I}oo7KvFm@oDt3n=Y$Kw#R@wBGZg_G
z0b%fo5fBauM}%X-9o%?+i1PqCDV!G02xo<J!Uf?XvqR5(h6UU?APo4ar#3$aghRp+
z;h1no*^WEu;^lzrq;Og|Bb*h^2^WOl%zJ6+6`Gw7pv{fT*VbI8f$;8`hT|@`*^t`n
z%(4h={t{jsp!)Kttrp%S+$MZT_(Y{`=&cOE@)f~4+ibq_ttQg70}k!k6Y1JctCp^9
zrfu+`866A;Zly{WWtoY=r^;^<L;LY7GcgoZLGyN~U5%Ty!|f_;64+0g``8!ETkMNw
z?FjV=>|4$Kk@mpX?$VKl&Bu{w;Osz2A=7v@sz+1i)YaYLWM3&rUtemp`Ue+ppxnQ9
GivI<jC;Sco

diff --git a/firewall/interception/ebpf/programs/monitor.c b/firewall/interception/ebpf/programs/monitor.c
index 6f486419..b436c695 100644
--- a/firewall/interception/ebpf/programs/monitor.c
+++ b/firewall/interception/ebpf/programs/monitor.c
@@ -105,19 +105,23 @@ int BPF_PROG(udp_v4_connect, struct sock *sk) {
 	// Read PID (Careful: This is the Thread Group ID in kernel speak!)
 	udp_info->pid = __builtin_bswap32((u32)(bpf_get_current_pid_tgid() >> 32));
 
-	// Set src and dist ports
+	// Set src and dst ports
 	udp_info->sport = __builtin_bswap16(sk->__sk_common.skc_num);
 	udp_info->dport = sk->__sk_common.skc_dport;
 
-	// Set src and dist IPs
+	// Set src and dst IPs
 	udp_info->saddr[0] = __builtin_bswap32(sk->__sk_common.skc_rcv_saddr);
 	udp_info->daddr[0] = __builtin_bswap32(sk->__sk_common.skc_daddr);
 
 	// Set IP version
 	udp_info->ipVersion = 4;
 
-	// Set protocol. No way to detect udplite for ipv4
-	udp_info->protocol = UDP;
+	// Set protocol
+	if(sk->sk_protocol == IPPROTO_UDPLITE) {
+		udp_info->protocol = UDPLite;
+	} else {
+		udp_info->protocol = UDP;
+	}
 
 	// Send event
 	bpf_ringbuf_submit(udp_info, 0);
@@ -154,11 +158,11 @@ int BPF_PROG(udp_v6_connect, struct sock *sk) {
 	// Read PID (Careful: This is the Thread Group ID in kernel speak!)
 	udp_info->pid = __builtin_bswap32((u32)(bpf_get_current_pid_tgid() >> 32));
 
-	// Set src and dist ports
+	// Set src and dst ports
 	udp_info->sport = __builtin_bswap16(sk->__sk_common.skc_num);
 	udp_info->dport = sk->__sk_common.skc_dport;
 
-	// Set src and dist IPs
+	// Set src and dst IPs
 	for(int i = 0; i < 4; i++) {
 		udp_info->saddr[i] = __builtin_bswap32(sk->__sk_common.skc_v6_rcv_saddr.in6_u.u6_addr32[i]);
 	}
@@ -169,7 +173,7 @@ int BPF_PROG(udp_v6_connect, struct sock *sk) {
 	// IP version
 	udp_info->ipVersion = 6;
 
-	// Set protocol for UDPLite
+	// Set protocol
 	if(sk->sk_protocol == IPPROTO_UDPLITE) {
 		udp_info->protocol = UDPLite;
 	} else {