diff --git a/src/dns-trace.ebpf.c b/src/dns-trace.ebpf.c
index 037a62e..539bb70 100644
--- a/src/dns-trace.ebpf.c
+++ b/src/dns-trace.ebpf.c
@@ -216,7 +216,7 @@ static int dnsanswer(struct __sk_buff *skb, struct ethhdr eth, struct iphdr ip,
     uint16_t tid = 0;
     //struct dns_answer s_dnsanswer;
     //struct query_section s_query = {0};
-    unsigned char buf[256] = {0};
+    unsigned char buf[256] = {0}; // Max dns domain name length
     uint32_t offset = sizeof(struct ethhdr) + sizeof(struct iphdr) + sizeof(struct udphdr);
     __be16 udplen;
     // uint32_t offset2 = sizeof(struct ethhdr) + sizeof(struct iphdr);
@@ -232,10 +232,14 @@ static int dnsanswer(struct __sk_buff *skb, struct ethhdr eth, struct iphdr ip,
     /* Get DNS header */
     //bpf_skb_load_bytes(skb, offset, &dns, sizeof(struct dnshdr));
 
-    if (udplen <= 0 || udplen > 256 || udplen < sizeof(struct dnshdr))
+    if (udplen < 0)
+        return 0;
+
+    if (udplen > 256 || udplen < sizeof(struct dnshdr))
         udplen = sizeof(struct dnshdr);
         //return 0;
 
+
     //if (udplen == offset || udplen < offset)
     //    udplen = sizeof(struct dnshdr);
 
@@ -245,6 +249,7 @@ static int dnsanswer(struct __sk_buff *skb, struct ethhdr eth, struct iphdr ip,
     //if (udplen > offset) // Works
     //    return 0;
     if (udplen >= offset && udplen <= skb->len){
+
     }
     bpf_printk("ok"); 
     if (udplen < offset)
@@ -252,6 +257,10 @@ static int dnsanswer(struct __sk_buff *skb, struct ethhdr eth, struct iphdr ip,
         udplen = sizeof(struct dnshdr);
         //return 0;
 
+    if (udplen > offset)
+        udplen = sizeof(struct dnshdr);
+        
+
     //__u32 plen = bpf_ntohs(udp.len) - 8;
     uint32_t plen = udplen & 0xff;
     bpf_printk("ok"); 
@@ -264,12 +273,12 @@ static int dnsanswer(struct __sk_buff *skb, struct ethhdr eth, struct iphdr ip,
     bpf_printk("%d %d %d", offset, udplen, udplen - 8);
     // bpf_printk("%d", offset + ntohs(udp.len) - 8); // -> we have 99
 
-    if (offset + ntohs(udp.len) > skb->len) {
+    if (offset + udplen > skb->len) {
         bpf_printk("outbound");
         //return 0;
         plen = sizeof(struct dnshdr);
     }
-
+    // plen = 57;
     if(bpf_skb_load_bytes(skb, offset, &buf, plen) < 0){
         bpf_printk("failed");
         // bpf_ringbuf_discard(s_event, 0);
@@ -333,11 +342,16 @@ static int dnsanswer(struct __sk_buff *skb, struct ethhdr eth, struct iphdr ip,
     
     return 0;
 }
+
+/*
+ * skb -> http://oldvger.kernel.org/~davem/skb_data.html
+ */
+
 SEC("socket")
 int detect_dns(struct __sk_buff *skb) {
     //void *data = (void *)(long)skb->data;
     //void *data_end = (void *)(long)skb->data_end;
-    //struct ethhdr *eth = data;
+    //struct ethhdr *eth2 = data;
     struct ethhdr eth = {0};
     struct iphdr ip = {0};
     struct udphdr udp = {0};
@@ -347,6 +361,7 @@ int detect_dns(struct __sk_buff *skb) {
 
     //if (data + sizeof(struct ethhdr) + sizeof(struct iphdr) + sizeof(struct udphdr) > data_end)
     //    return 0;
+
     if (skb->len < sizeof(struct ethhdr) + sizeof(struct iphdr) + sizeof(struct udphdr))
         return 0;
 
diff --git a/src/dns-trace.ebpf.o b/src/dns-trace.ebpf.o
index acaba94..0b7373e 100644
Binary files a/src/dns-trace.ebpf.o and b/src/dns-trace.ebpf.o differ