diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml
index 2844f7e..c7717bc 100644
--- a/.trunk/trunk.yaml
+++ b/.trunk/trunk.yaml
@@ -2,18 +2,18 @@
 # To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml
 version: 0.1
 cli:
-  version: 1.22.8
+  version: 1.22.9
 # Trunk provides extensibility via plugins. (https://docs.trunk.io/plugins)
 plugins:
   sources:
     - id: trunk
-      ref: v1.6.5
+      ref: v1.6.7
       uri: https://github.com/trunk-io/plugins
 # Many linters and tools depend on runtimes - configure them here. (https://docs.trunk.io/runtimes)
 runtimes:
   enabled:
     - go@1.21.0
-    - node@18.12.1
+    - node@18.20.5
     - python@3.10.8
 # This is the section where you manage your linters. (https://docs.trunk.io/check/configuration)
 lint:
@@ -34,36 +34,36 @@ lint:
   enabled:
     - clang-format@16.0.3
     - clang-tidy@16.0.3
-    - codespell@2.3.0
+    - codespell@2.4.1
     - dustilock@1.2.0
-    - gitleaks@8.21.2
+    - gitleaks@8.23.3
     - include-what-you-use@0.20
     - kube-linter@0.6.4
     - markdown-link-check@3.13.6
     - pragma-once
     - pre-commit-hooks@5.0.0
-    - ruff@0.7.3
-    - semgrep@1.96.0
+    - ruff@0.9.3
+    - semgrep@1.104.0
     - taplo@0.9.3
     - terrascan@1.19.1
-    - trivy@0.56.2
-    - trufflehog-git@3.83.7
-    - trunk-toolbox@0.5.3
-    - vale@3.9.0
-    - actionlint@1.7.4
-    - bandit@1.7.10
-    - black@24.10.0
-    - checkov@3.2.296
+    - trivy@0.58.2
+    - trufflehog-git@3.88.2
+    - trunk-toolbox@0.5.4
+    - vale@3.9.4
+    - actionlint@1.7.7
+    - bandit@1.8.2
+    - black@25.1.0
+    - checkov@3.2.358
     - git-diff-check
     - hadolint@2.12.1-beta
-    - isort@5.13.2
-    - markdownlint@0.42.0
-    - osv-scanner@1.9.1
-    - prettier@3.3.3
-    - ruff@0.7.3
+    - isort@6.0.0
+    - markdownlint@0.44.0
+    - osv-scanner@1.9.2
+    - prettier@3.4.2
+    - ruff@0.9.3
     - shellcheck@0.10.0
     - shfmt@3.6.0
-    - trufflehog@3.83.7
+    - trufflehog@3.88.2
     - yamllint@1.35.1
 actions:
   disabled:
diff --git a/ratemon/runtime/c/compile_commands.json b/ratemon/runtime/c/compile_commands.json
new file mode 100644
index 0000000..504fa5c
--- /dev/null
+++ b/ratemon/runtime/c/compile_commands.json
@@ -0,0 +1,7 @@
+[
+  {
+    "directory": "/home/ccanel/src/ratemon/ratemon/runtime/c",
+    "command": "/usr/bin/g++ -g -std=c++20 -Wall -Wextra -shared -fPIC  $< -ldl -L${BOOST_LIB} -lboost_thread -lbpf",
+    "file": "libratemon_interp.cpp.cpp"
+  }
+]
diff --git a/ratemon/runtime/c/libratemon_interp.cpp b/ratemon/runtime/c/libratemon_interp.cpp
index acdddca..720d4e3 100644
--- a/ratemon/runtime/c/libratemon_interp.cpp
+++ b/ratemon/runtime/c/libratemon_interp.cpp
@@ -608,38 +608,24 @@ void initial_scheduling(int fd) {
   }
 }
 
-// For some reason, C++ function name mangling does not prevent us from
-// overriding accept(), so we do not need 'extern "C"'.
-int accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen) {
-  static int (*real_accept)(int, struct sockaddr *, socklen_t *) =
-      (int (*)(int, struct sockaddr *, socklen_t *))dlsym(RTLD_NEXT, "accept");
-  if (real_accept == NULL) {
-    RM_PRINTF("ERROR: failed to query dlsym for 'accept': %s\n", dlerror());
-    return -1;
-  }
-  int fd = real_accept(sockfd, addr, addrlen);
-  if (fd == -1) {
-    RM_PRINTF("ERROR: real 'accept' failed\n");
-    return fd;
-  }
+int check_family(struct sockaddr *addr) {
   if (addr != NULL && addr->sa_family != AF_INET) {
-    RM_PRINTF("WARNING: got 'accept' for non-AF_INET sa_family=%u\n",
-              addr->sa_family);
+    RM_PRINTF("WARNING: got non-AF_INET sa_family=%u\n", addr->sa_family);
     if (addr->sa_family == AF_INET6) {
-      RM_PRINTF("WARNING: (continued) got 'accept' for AF_INET6\n");
+      RM_PRINTF("WARNING: (continued) got AF_INET6\n");
     }
-    return fd;
+    return -1;
   }
+  return 0;
+}
 
-  // If we have been signalled to quit, then do nothing more.
-  if (!run)
-    return fd;
+void register_fd_for_monitoring(int fd) {
   // One-time setup.
   lock_setup.lock();
   if (!setup_done) {
     if (!setup()) {
       lock_setup.unlock();
-      return fd;
+      return;
     }
     setup_done = true;
   }
@@ -647,7 +633,7 @@ int accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen) {
   // Look up the four-tuple.
   struct rm_flow flow;
   if (!get_flow(fd, &flow))
-    return fd;
+    return;
   RM_PRINTF("flow: %u:%u->%u:%u\n", flow.remote_addr, flow.remote_port,
             flow.local_addr, flow.local_port);
   // Ignore flows that are not in the monitor port range.
@@ -657,17 +643,68 @@ int accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen) {
         "INFO: ignoring flow on remote port %u, not in monitor port range: "
         "[%u, %u]\n",
         flow.remote_port, monitor_port_start, monitor_port_end);
-    return fd;
+    return;
   }
   fd_to_flow[fd] = flow;
   // Change the CCA to BPF_CUBIC.
   if (!set_cca(fd, RM_BPF_CUBIC))
-    return fd;
+    return;
   // Initial scheduling for this flow.
   lock_scheduler.lock();
   initial_scheduling(fd);
   lock_scheduler.unlock();
   RM_PRINTF("INFO: successful 'accept' for FD=%d, got FD=%d\n", sockfd, fd);
+}
+
+// For some reason, C++ function name mangling does not prevent us from
+// overriding accept(), so we do not need 'extern "C"'.
+int accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen) {
+  static int (*real_accept)(int, struct sockaddr *, socklen_t *) =
+      (int (*)(int, struct sockaddr *, socklen_t *))dlsym(RTLD_NEXT, "accept");
+  if (real_accept == NULL) {
+    RM_PRINTF("ERROR: failed to query dlsym for 'accept': %s\n", dlerror());
+    return -1;
+  }
+  int fd = real_accept(sockfd, addr, addrlen);
+  if (fd == -1) {
+    RM_PRINTF("ERROR: real 'accept' failed\n");
+    return fd;
+  }
+  if (check_family(addr) != 0)
+    return fd;
+
+  // If we have been signalled to quit, then do nothing more.
+  if (!run)
+    return fd;
+
+  register_fd_for_monitoring(fd);
+  return fd;
+}
+
+// TODO: With iperf, the receiver (where we want to run this) is the listener
+// and calls accept(). In ibg, the receiver is the initiator and calls
+// connect(). Therefore, we need to support monitoring a flow from both accept()
+// and connect().
+int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) {
+  static int (*real_connect)(int, struct sockaddr *, socklen_t *) =
+      (int (*)(int, struct sockaddr *, socklen_t *))dlsym(RTLD_NEXT, "connect");
+  if (real_connect == NULL) {
+    RM_PRINTF("ERROR: failed to query dlsym for 'connect': %s\n", dlerror());
+    return -1;
+  }
+  int fd = real_connect(sockfd, addr, addrlen);
+  if (fd == -1) {
+    RM_PRINTF("ERROR: real 'connect' failed\n");
+    return fd;
+  }
+  if (check_family(addr) != 0)
+    return fd;
+
+  // If we have been signalled to quit, then do nothing more.
+  if (!run)
+    return fd;
+
+  register_fd_for_monitoring(fd);
   return fd;
 }