diff --git a/src/gquic_process.cpp b/src/gquic_process.cpp
index f74ec57..cb5c3be 100644
--- a/src/gquic_process.cpp
+++ b/src/gquic_process.cpp
@@ -15,6 +15,38 @@
 #include "quic_analysis.h"
 #include "parser_quic.h"
 
+#ifndef	PRINTADDR
+#define	PRINTADDR(a, b)	((b)<RLOG_LV_FATAL ? printaddr(&(a->addr), a->threadnum) : "")
+#endif
+
+int dump_packet(struct streaminfo *pstream)
+{
+	int ret=0;
+	char filename[512]={0};
+	void *p_eth_rawpkt=NULL;
+	int eth_rawpkt_len=0;
+
+	ret=get_rawpkt_opt_from_streaminfo(pstream, RAW_PKT_GET_DATA, &p_eth_rawpkt);
+	if(ret==0)
+	{
+		ret=get_rawpkt_opt_from_streaminfo(pstream, RAW_PKT_GET_TOT_LEN, &eth_rawpkt_len);
+		if(ret<0)
+		{
+			return -1;
+		}
+		snprintf(filename, sizeof(filename), "%s-%s", g_quic_param.log_path, printaddr(&(pstream->addr), pstream->threadnum));
+		FILE *fp=fopen(filename, "a+");
+		if(fp)
+		{
+			fwrite(p_eth_rawpkt, eth_rawpkt_len, 1, fp);
+
+			fclose(fp);
+			fp=NULL;
+		}
+	}
+
+	return 0;
+}
 
 int is_iquic(enum _QUIC_VERSION quic_version)
 {
@@ -326,14 +358,15 @@ int get_stream_id(struct streaminfo *pstream, struct _quic_context* _context, ch
 	*used_len+=offset_len;
 
 	MESA_handle_runtime_log(g_quic_param.logger,
-						RLOG_LV_DEBUG,
-						"QUIC_FRAME",
-						"frame_type: 0X%02X stream_id: %u data length: %u offset length: %u addr: %s",
-						frame_type,
-						_context->quic_info.frame_hdr.stream_id,
-						_context->quic_info.frame_hdr.data_len,
-						offset_len,
-						printaddr(&pstream->addr, pstream->threadnum));
+							RLOG_LV_DEBUG,
+							"QUIC_FRAME",
+							"frame_type: 0X%02X stream_id: %u data length: %u offset length: %u addr: %s",
+							frame_type,
+							_context->quic_info.frame_hdr.stream_id,
+							_context->quic_info.frame_hdr.data_len,
+							offset_len,
+							PRINTADDR(pstream, g_quic_param.level)
+						);
 
 	return _context->quic_info.frame_hdr.stream_id;
 }
@@ -457,7 +490,8 @@ static enum _QUIC_VERSION parse_q0to43_header(struct streaminfo *pstream, struct
 							(((gquic_hdr->quic_version>>8)&0x0000000F)*10) + ((gquic_hdr->quic_version)&0x0000000F),
 							gquic_hdr->packet_number,
 							pstream->curdir,
-							printaddr(&pstream->addr, pstream->threadnum));
+							PRINTADDR(pstream, g_quic_param.level)
+						);
 
 	return (enum _QUIC_VERSION)gquic_hdr->quic_version;
 }
@@ -523,7 +557,8 @@ enum _QUIC_VERSION parse_quic_header(struct streaminfo *pstream, struct _quic_co
 							(((long_hdr->quic_version>>8)&0x0000000F)*10) + ((long_hdr->quic_version)&0x0000000F),
 							long_hdr->packet_number,
 							pstream->curdir,
-							printaddr(&pstream->addr, pstream->threadnum));
+							PRINTADDR(pstream, g_quic_param.level)
+						);
 	
 	return (enum _QUIC_VERSION)long_hdr->quic_version;
 }
@@ -577,8 +612,12 @@ enum _QUIC_VERSION is_quic_protocol(struct streaminfo *pstream, struct _quic_con
 				(quic_version==IQUIC_VERSION_RFC9000)
 			)
 			{
-				MESA_handle_runtime_log(g_quic_param.logger, RLOG_LV_DEBUG, "QUIC", "version: 0x%x addr: %s",
-							quic_version, printaddr(&pstream->addr, pstream->threadnum));
+				MESA_handle_runtime_log(g_quic_param.logger, 
+											RLOG_LV_DEBUG,
+											"QUIC",
+											"version: 0x%x addr: %s",
+											quic_version, PRINTADDR(pstream, g_quic_param.level)
+										);
 				
 				_context->is_quic=TRUE;
 				_context->quic_info.quic_hdr.quic_version=quic_version;
@@ -651,7 +690,8 @@ int parse_extension_tag(struct streaminfo *pstream, struct _quic_stream **quic_s
 											"QUIC_VERSION",
 											"Quic version: 0X%X addr: %s",
 											*(unsigned int *)(stream->ext_tags[stream->ext_tag_num].value),
-											printaddr(&pstream->addr, pstream->threadnum));
+											PRINTADDR(pstream, g_quic_param.level)
+										);
 				break;
 			case	TAG_UAID:
 				stream->ua_idx=stream->ext_tag_num;
@@ -661,7 +701,8 @@ int parse_extension_tag(struct streaminfo *pstream, struct _quic_stream **quic_s
 											"QUIC_UA",
 											"User Agent: %s addr: %s",
 											stream->ext_tags[stream->ext_tag_num].value,
-											printaddr(&pstream->addr, pstream->threadnum));
+											PRINTADDR(pstream, g_quic_param.level)
+										);
 				stream->ext_tag_num++;
 				break;
 			case	TAG_SNI:
@@ -672,7 +713,8 @@ int parse_extension_tag(struct streaminfo *pstream, struct _quic_stream **quic_s
 											"QUIC_SNI",
 											"SNI: %s addr: %s",
 											stream->ext_tags[stream->ext_tag_num].value,
-											printaddr(&pstream->addr, pstream->threadnum));
+											PRINTADDR(pstream, g_quic_param.level)
+										);
 				stream->ext_tag_num++;
 				break;
 			default:
@@ -708,7 +750,7 @@ int gquic_frame_type_stream(struct streaminfo *pstream, struct _quic_context* _c
 	{
 		case	GQUIC_VERSION_Q041:
 			*used_len+=1; // unknown
-		//case	GQUIC_VERSION_Q044:
+		case	GQUIC_VERSION_Q044:
 			message_tag=(unsigned int)ntohl(*(unsigned int *)(payload+*used_len));
 			*used_len+=4;
 
@@ -719,11 +761,25 @@ int gquic_frame_type_stream(struct streaminfo *pstream, struct _quic_context* _c
 			message_tag=(unsigned int)ntohl(*(unsigned int *)(payload+*used_len));
 			*used_len+=4;
 
-			tag_num=*(unsigned int *)(payload+*used_len);
+			tag_num=*(unsigned short *)(payload+*used_len);
 			*used_len+=2; //tag_num
 			*used_len+=2; //padding
 			break;
 	}
+
+	if(tag_num>40 || tag_num<0)
+	{
+		MESA_handle_runtime_log(g_quic_param.logger,
+									RLOG_LV_FATAL,
+									"QUIC_TAG_NUM",
+									"Quic version: 0X%X addr: %s",
+									_context->quic_info.quic_hdr.quic_version,
+									printaddr(&pstream->addr, pstream->threadnum)
+								);
+		dump_packet(pstream);
+		
+		return state;
+	}
 	
 	switch(message_tag)
 	{
diff --git a/src/quic_analysis.cpp b/src/quic_analysis.cpp
index 23dff35..3aee5f1 100644
--- a/src/quic_analysis.cpp
+++ b/src/quic_analysis.cpp
@@ -108,8 +108,7 @@ void quic_release_stream(void** pme, int thread_seq)
 
 extern "C" int QUIC_INIT(void)
 {
-	int ret=0,level=30;
-	char log_path[1024]={0};
+	int ret=0;
 	FILE *fp=NULL;
 	char buf[2048]={0};
 	int region_id=0;
@@ -117,13 +116,15 @@ extern "C" int QUIC_INIT(void)
 
 	memset(&g_quic_param,0,sizeof(struct _quic_param_t));
 
-	MESA_load_profile_int_def(g_quic_proto_conffile, "QUIC", "LOG_LEVEL", &level, RLOG_LV_FATAL);
-	MESA_load_profile_string_def(g_quic_proto_conffile, "QUIC", "LOG_PATH", log_path, sizeof(log_path), "./log/quic/quic");
+	MESA_load_profile_int_def(g_quic_proto_conffile, "QUIC", "LOG_LEVEL", &g_quic_param.level, RLOG_LV_FATAL);
+	MESA_load_profile_string_def(g_quic_proto_conffile, "QUIC", "LOG_PATH", g_quic_param.log_path, sizeof(g_quic_param.log_path), "./log/quic/quic");
 	
-	g_quic_param.logger=MESA_create_runtime_log_handle(log_path, level);
+	MESA_load_profile_int_def(g_quic_proto_conffile, "QUIC", "DUMP_PCAKET_SWITCH", &g_quic_param.dump_packet_switch, 0);
+
+	g_quic_param.logger=MESA_create_runtime_log_handle(g_quic_param.log_path, g_quic_param.level);
 	if(g_quic_param.logger==NULL)
 	{
-		printf("MESA_create_runtime_log_handle failed, level: %d log_path: %s", level, log_path);
+		printf("MESA_create_runtime_log_handle failed, level: %d log_path: %s", g_quic_param.level, g_quic_param.log_path);
 		return -1;
 	}
 
diff --git a/src/quic_analysis.h b/src/quic_analysis.h
index e8866b7..29a4375 100644
--- a/src/quic_analysis.h
+++ b/src/quic_analysis.h
@@ -24,7 +24,10 @@ struct _quic_param_t
 	unsigned long long 	quic_interested_region_flag;
 	unsigned long long 	quic_region_cnt;
 	unsigned short 		quic_plugid;
-	char 				quic_conf_regionname[MAX_REGION_NUM][REGION_NAME_LEN];
+	int level;
+	int dump_packet_switch;
+	char quic_conf_regionname[MAX_REGION_NUM][REGION_NAME_LEN];
+	char log_path[128];
 	void *logger;
 };