diff --git a/src/session/gtest_session_manager.cpp b/src/session/gtest_session_manager.cpp
index e1f4110..b7feca1 100644
--- a/src/session/gtest_session_manager.cpp
+++ b/src/session/gtest_session_manager.cpp
@@ -5,7 +5,7 @@
 #include "timestamp.h"
 
 /******************************************************************************
- * test packet TCP
+ * test packet: HTTP www.example.com
  ******************************************************************************/
 
 /*
@@ -281,6 +281,580 @@ unsigned char tcp_pkt3_c2s_ack[] = {
     0xc0, 0xa8, 0x26, 0x69, 0x5d, 0xb8, 0xd8, 0x22, 0xea, 0xcf, 0x00, 0x50, 0x7c, 0x8c, 0x89, 0x2d, 0x52, 0x57, 0x49, 0x63, 0x80, 0x10, 0x08, 0x04, 0xea, 0xce,
     0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x2c, 0x2b, 0x33, 0xa0, 0x48, 0x74, 0x32, 0x2a};
 
+/*
+ * Frame 4: 145 bytes on wire (1160 bits), 145 bytes captured (1160 bits) on interface en0, id 0
+ * Ethernet II, Src: Apple_0a:c5:ea (3c:a6:f6:0a:c5:ea), Dst: NewH3CTe_96:38:0e (48:73:97:96:38:0e)
+ *     Destination: NewH3CTe_96:38:0e (48:73:97:96:38:0e)
+ *     Source: Apple_0a:c5:ea (3c:a6:f6:0a:c5:ea)
+ *     Type: IPv4 (0x0800)
+ * Internet Protocol Version 4, Src: 192.168.38.105, Dst: 93.184.216.34
+ *     0100 .... = Version: 4
+ *     .... 0101 = Header Length: 20 bytes (5)
+ *     Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
+ *         0000 00.. = Differentiated Services Codepoint: Default (0)
+ *         .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
+ *     Total Length: 131
+ *     Identification: 0x0000 (0)
+ *     010. .... = Flags: 0x2, Don't fragment
+ *         0... .... = Reserved bit: Not set
+ *         .1.. .... = Don't fragment: Set
+ *         ..0. .... = More fragments: Not set
+ *     ...0 0000 0000 0000 = Fragment Offset: 0
+ *     Time to Live: 64
+ *     Protocol: TCP (6)
+ *     Header Checksum: 0x1d89 [correct]
+ *     [Header checksum status: Good]
+ *     [Calculated Checksum: 0x1d89]
+ *     Source Address: 192.168.38.105
+ *     Destination Address: 93.184.216.34
+ * Transmission Control Protocol, Src Port: 60111, Dst Port: 80, Seq: 1, Ack: 1, Len: 79
+ *     Source Port: 60111
+ *     Destination Port: 80
+ *     [Stream index: 0]
+ *     [Conversation completeness: Complete, WITH_DATA (31)]
+ *     [TCP Segment Len: 79]
+ *     Sequence Number: 1    (relative sequence number)
+ *     Sequence Number (raw): 2089584941
+ *     [Next Sequence Number: 80    (relative sequence number)]
+ *     Acknowledgment Number: 1    (relative ack number)
+ *     Acknowledgment number (raw): 1381452131
+ *     1000 .... = Header Length: 32 bytes (8)
+ *     Flags: 0x018 (PSH, ACK)
+ *         000. .... .... = Reserved: Not set
+ *         ...0 .... .... = Accurate ECN: Not set
+ *         .... 0... .... = Congestion Window Reduced: Not set
+ *         .... .0.. .... = ECN-Echo: Not set
+ *         .... ..0. .... = Urgent: Not set
+ *         .... ...1 .... = Acknowledgment: Set
+ *         .... .... 1... = Push: Set
+ *         .... .... .0.. = Reset: Not set
+ *         .... .... ..0. = Syn: Not set
+ *         .... .... ...0 = Fin: Not set
+ *         [TCP Flags: ·······AP···]
+ *     Window: 2052
+ *     [Calculated window size: 131328]
+ *     [Window size scaling factor: 64]
+ *     Checksum: 0x59f8 [correct]
+ *     [Checksum Status: Good]
+ *     [Calculated Checksum: 0x59f8]
+ *     Urgent Pointer: 0
+ *     Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
+ *         TCP Option - No-Operation (NOP)
+ *             Kind: No-Operation (1)
+ *         TCP Option - No-Operation (NOP)
+ *             Kind: No-Operation (1)
+ *         TCP Option - Timestamps
+ *             Kind: Time Stamp Option (8)
+ *             Length: 10
+ *             Timestamp value: 741028768: TSval 741028768, TSecr 1215574570
+ *             Timestamp echo reply: 1215574570
+ *     [Timestamps]
+ *         [Time since first frame in this TCP stream: 0.262783000 seconds]
+ *         [Time since previous frame in this TCP stream: 0.000218000 seconds]
+ *     [SEQ/ACK analysis]
+ *         [iRTT: 0.262565000 seconds]
+ *         [Bytes in flight: 79]
+ *         [Bytes sent since last PSH flag: 79]
+ *     TCP payload (79 bytes)
+ * Hypertext Transfer Protocol
+ *     GET / HTTP/1.1\r\n
+ *         [Expert Info (Chat/Sequence): GET / HTTP/1.1\r\n]
+ *             [GET / HTTP/1.1\r\n]
+ *             [Severity level: Chat]
+ *             [Group: Sequence]
+ *         Request Method: GET
+ *         Request URI: /
+ *         Request Version: HTTP/1.1
+ *     Host: www.example.com\r\n
+ *     User-Agent: curl/7.64.1\r\n
+ */
+//     Accept: */*\r\n
+//     \r\n
+//     [Full request URI: http://www.example.com/]
+//     [HTTP request 1/1]
+//     [Response in frame: 7]
+
+unsigned char tcp_pkt4_c2s_http_req[] = {
+    0x48, 0x73, 0x97, 0x96, 0x38, 0x0e, 0x3c, 0xa6, 0xf6, 0x0a, 0xc5, 0xea, 0x08, 0x00, 0x45, 0x00, 0x00, 0x83, 0x00, 0x00, 0x40, 0x00, 0x40, 0x06, 0x1d, 0x89,
+    0xc0, 0xa8, 0x26, 0x69, 0x5d, 0xb8, 0xd8, 0x22, 0xea, 0xcf, 0x00, 0x50, 0x7c, 0x8c, 0x89, 0x2d, 0x52, 0x57, 0x49, 0x63, 0x80, 0x18, 0x08, 0x04, 0x59, 0xf8,
+    0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x2c, 0x2b, 0x33, 0xa0, 0x48, 0x74, 0x32, 0x2a, 0x47, 0x45, 0x54, 0x20, 0x2f, 0x20, 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31,
+    0x2e, 0x31, 0x0d, 0x0a, 0x48, 0x6f, 0x73, 0x74, 0x3a, 0x20, 0x77, 0x77, 0x77, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x0d,
+    0x0a, 0x55, 0x73, 0x65, 0x72, 0x2d, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x3a, 0x20, 0x63, 0x75, 0x72, 0x6c, 0x2f, 0x37, 0x2e, 0x36, 0x34, 0x2e, 0x31, 0x0d, 0x0a,
+    0x41, 0x63, 0x63, 0x65, 0x70, 0x74, 0x3a, 0x20, 0x2a, 0x2f, 0x2a, 0x0d, 0x0a, 0x0d, 0x0a};
+
+/*
+ * Frame 5: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface en0, id 0
+ * Ethernet II, Src: NewH3CTe_96:38:0e (48:73:97:96:38:0e), Dst: Apple_0a:c5:ea (3c:a6:f6:0a:c5:ea)
+ *     Destination: Apple_0a:c5:ea (3c:a6:f6:0a:c5:ea)
+ *     Source: NewH3CTe_96:38:0e (48:73:97:96:38:0e)
+ *     Type: IPv4 (0x0800)
+ * Internet Protocol Version 4, Src: 93.184.216.34, Dst: 192.168.38.105
+ *     0100 .... = Version: 4
+ *     .... 0101 = Header Length: 20 bytes (5)
+ *     Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
+ *         0000 00.. = Differentiated Services Codepoint: Default (0)
+ *         .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
+ *     Total Length: 52
+ *     Identification: 0xd6b0 (54960)
+ *     000. .... = Flags: 0x0
+ *         0... .... = Reserved bit: Not set
+ *         .0.. .... = Don't fragment: Not set
+ *         ..0. .... = More fragments: Not set
+ *     ...0 0000 0000 0000 = Fragment Offset: 0
+ *     Time to Live: 42
+ *     Protocol: TCP (6)
+ *     Header Checksum: 0x9d27 [correct]
+ *     [Header checksum status: Good]
+ *     [Calculated Checksum: 0x9d27]
+ *     Source Address: 93.184.216.34
+ *     Destination Address: 192.168.38.105
+ * Transmission Control Protocol, Src Port: 80, Dst Port: 60111, Seq: 1, Ack: 80, Len: 0
+ *     Source Port: 80
+ *     Destination Port: 60111
+ *     [Stream index: 0]
+ *     [Conversation completeness: Complete, WITH_DATA (31)]
+ *     [TCP Segment Len: 0]
+ *     Sequence Number: 1    (relative sequence number)
+ *     Sequence Number (raw): 1381452131
+ *     [Next Sequence Number: 1    (relative sequence number)]
+ *     Acknowledgment Number: 80    (relative ack number)
+ *     Acknowledgment number (raw): 2089585020
+ *     1000 .... = Header Length: 32 bytes (8)
+ *     Flags: 0x010 (ACK)
+ *         000. .... .... = Reserved: Not set
+ *         ...0 .... .... = Accurate ECN: Not set
+ *         .... 0... .... = Congestion Window Reduced: Not set
+ *         .... .0.. .... = ECN-Echo: Not set
+ *         .... ..0. .... = Urgent: Not set
+ *         .... ...1 .... = Acknowledgment: Set
+ *         .... .... 0... = Push: Not set
+ *         .... .... .0.. = Reset: Not set
+ *         .... .... ..0. = Syn: Not set
+ *         .... .... ...0 = Fin: Not set
+ *         [TCP Flags: ·······A····]
+ *     Window: 128
+ *     [Calculated window size: 65536]
+ *     [Window size scaling factor: 512]
+ *     Checksum: 0xf0fd [correct]
+ *     [Checksum Status: Good]
+ *     [Calculated Checksum: 0xf0fd]
+ *     Urgent Pointer: 0
+ *     Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
+ *         TCP Option - No-Operation (NOP)
+ *             Kind: No-Operation (1)
+ *         TCP Option - No-Operation (NOP)
+ *             Kind: No-Operation (1)
+ *         TCP Option - Timestamps
+ *             Kind: Time Stamp Option (8)
+ *             Length: 10
+ *             Timestamp value: 1215574832: TSval 1215574832, TSecr 741028768
+ *             Timestamp echo reply: 741028768
+ *     [Timestamps]
+ *         [Time since first frame in this TCP stream: 0.568134000 seconds]
+ *         [Time since previous frame in this TCP stream: 0.305351000 seconds]
+ *     [SEQ/ACK analysis]
+ *         [This is an ACK to the segment in frame: 4]
+ *         [The RTT to ACK the segment was: 0.305351000 seconds]
+ *         [iRTT: 0.262565000 seconds]
+ */
+
+unsigned char tcp_pkt5_s2c_ack[] = {
+    0x3c, 0xa6, 0xf6, 0x0a, 0xc5, 0xea, 0x48, 0x73, 0x97, 0x96, 0x38, 0x0e, 0x08, 0x00, 0x45, 0x00, 0x00, 0x34, 0xd6, 0xb0, 0x00, 0x00, 0x2a, 0x06, 0x9d, 0x27,
+    0x5d, 0xb8, 0xd8, 0x22, 0xc0, 0xa8, 0x26, 0x69, 0x00, 0x50, 0xea, 0xcf, 0x52, 0x57, 0x49, 0x63, 0x7c, 0x8c, 0x89, 0x7c, 0x80, 0x10, 0x00, 0x80, 0xf0, 0xfd,
+    0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x48, 0x74, 0x33, 0x30, 0x2c, 0x2b, 0x33, 0xa0};
+
+/*
+ * Frame 6: 1354 bytes on wire (10832 bits), 1354 bytes captured (10832 bits) on interface en0, id 0
+ * Ethernet II, Src: NewH3CTe_96:38:0e (48:73:97:96:38:0e), Dst: Apple_0a:c5:ea (3c:a6:f6:0a:c5:ea)
+ *     Destination: Apple_0a:c5:ea (3c:a6:f6:0a:c5:ea)
+ *     Source: NewH3CTe_96:38:0e (48:73:97:96:38:0e)
+ *     Type: IPv4 (0x0800)
+ * Internet Protocol Version 4, Src: 93.184.216.34, Dst: 192.168.38.105
+ *     0100 .... = Version: 4
+ *     .... 0101 = Header Length: 20 bytes (5)
+ *     Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
+ *         0000 00.. = Differentiated Services Codepoint: Default (0)
+ *         .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
+ *     Total Length: 1340
+ *     Identification: 0xd6b1 (54961)
+ *     000. .... = Flags: 0x0
+ *         0... .... = Reserved bit: Not set
+ *         .0.. .... = Don't fragment: Not set
+ *         ..0. .... = More fragments: Not set
+ *     ...0 0000 0000 0000 = Fragment Offset: 0
+ *     Time to Live: 42
+ *     Protocol: TCP (6)
+ *     Header Checksum: 0x981e [correct]
+ *     [Header checksum status: Good]
+ *     [Calculated Checksum: 0x981e]
+ *     Source Address: 93.184.216.34
+ *     Destination Address: 192.168.38.105
+ * Transmission Control Protocol, Src Port: 80, Dst Port: 60111, Seq: 1, Ack: 80, Len: 1288
+ *     Source Port: 80
+ *     Destination Port: 60111
+ *     [Stream index: 0]
+ *     [Conversation completeness: Complete, WITH_DATA (31)]
+ *     [TCP Segment Len: 1288]
+ *     Sequence Number: 1    (relative sequence number)
+ *     Sequence Number (raw): 1381452131
+ *     [Next Sequence Number: 1289    (relative sequence number)]
+ *     Acknowledgment Number: 80    (relative ack number)
+ *     Acknowledgment number (raw): 2089585020
+ *     1000 .... = Header Length: 32 bytes (8)
+ *     Flags: 0x010 (ACK)
+ *         000. .... .... = Reserved: Not set
+ *         ...0 .... .... = Accurate ECN: Not set
+ *         .... 0... .... = Congestion Window Reduced: Not set
+ *         .... .0.. .... = ECN-Echo: Not set
+ *         .... ..0. .... = Urgent: Not set
+ *         .... ...1 .... = Acknowledgment: Set
+ *         .... .... 0... = Push: Not set
+ *         .... .... .0.. = Reset: Not set
+ *         .... .... ..0. = Syn: Not set
+ *         .... .... ...0 = Fin: Not set
+ *         [TCP Flags: ·······A····]
+ *     Window: 128
+ *     [Calculated window size: 65536]
+ *     [Window size scaling factor: 512]
+ *     Checksum: 0xe543 [correct]
+ *     [Checksum Status: Good]
+ *     [Calculated Checksum: 0xe543]
+ *     Urgent Pointer: 0
+ *     Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
+ *         TCP Option - No-Operation (NOP)
+ *             Kind: No-Operation (1)
+ *         TCP Option - No-Operation (NOP)
+ *             Kind: No-Operation (1)
+ *         TCP Option - Timestamps
+ *             Kind: Time Stamp Option (8)
+ *             Length: 10
+ *             Timestamp value: 1215574833: TSval 1215574833, TSecr 741028768
+ *             Timestamp echo reply: 741028768
+ *     [Timestamps]
+ *         [Time since first frame in this TCP stream: 0.568147000 seconds]
+ *         [Time since previous frame in this TCP stream: 0.000013000 seconds]
+ *     [SEQ/ACK analysis]
+ *         [iRTT: 0.262565000 seconds]
+ *         [Bytes in flight: 1288]
+ *         [Bytes sent since last PSH flag: 1288]
+ *     TCP payload (1288 bytes)
+ *     [Reassembled PDU in frame: 7]
+ *     TCP segment data (1288 bytes)
+ */
+
+unsigned char tcp_pkt6_s2c_http_resq_1[] = {
+    0x3c, 0xa6, 0xf6, 0x0a, 0xc5, 0xea, 0x48, 0x73, 0x97, 0x96, 0x38, 0x0e, 0x08, 0x00, 0x45, 0x00, 0x05, 0x3c, 0xd6, 0xb1, 0x00, 0x00, 0x2a, 0x06, 0x98, 0x1e,
+    0x5d, 0xb8, 0xd8, 0x22, 0xc0, 0xa8, 0x26, 0x69, 0x00, 0x50, 0xea, 0xcf, 0x52, 0x57, 0x49, 0x63, 0x7c, 0x8c, 0x89, 0x7c, 0x80, 0x10, 0x00, 0x80, 0xe5, 0x43,
+    0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x48, 0x74, 0x33, 0x31, 0x2c, 0x2b, 0x33, 0xa0, 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x31, 0x20, 0x32, 0x30, 0x30,
+    0x20, 0x4f, 0x4b, 0x0d, 0x0a, 0x41, 0x63, 0x63, 0x65, 0x70, 0x74, 0x2d, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x73, 0x3a, 0x20, 0x62, 0x79, 0x74, 0x65, 0x73, 0x0d,
+    0x0a, 0x41, 0x67, 0x65, 0x3a, 0x20, 0x33, 0x34, 0x32, 0x30, 0x34, 0x38, 0x0d, 0x0a, 0x43, 0x61, 0x63, 0x68, 0x65, 0x2d, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f,
+    0x6c, 0x3a, 0x20, 0x6d, 0x61, 0x78, 0x2d, 0x61, 0x67, 0x65, 0x3d, 0x36, 0x30, 0x34, 0x38, 0x30, 0x30, 0x0d, 0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74,
+    0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x74, 0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x3b, 0x20, 0x63, 0x68, 0x61, 0x72, 0x73, 0x65, 0x74, 0x3d,
+    0x55, 0x54, 0x46, 0x2d, 0x38, 0x0d, 0x0a, 0x44, 0x61, 0x74, 0x65, 0x3a, 0x20, 0x54, 0x75, 0x65, 0x2c, 0x20, 0x31, 0x39, 0x20, 0x44, 0x65, 0x63, 0x20, 0x32,
+    0x30, 0x32, 0x33, 0x20, 0x30, 0x38, 0x3a, 0x32, 0x36, 0x3a, 0x35, 0x36, 0x20, 0x47, 0x4d, 0x54, 0x0d, 0x0a, 0x45, 0x74, 0x61, 0x67, 0x3a, 0x20, 0x22, 0x33,
+    0x31, 0x34, 0x37, 0x35, 0x32, 0x36, 0x39, 0x34, 0x37, 0x22, 0x0d, 0x0a, 0x45, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x3a, 0x20, 0x54, 0x75, 0x65, 0x2c, 0x20,
+    0x32, 0x36, 0x20, 0x44, 0x65, 0x63, 0x20, 0x32, 0x30, 0x32, 0x33, 0x20, 0x30, 0x38, 0x3a, 0x32, 0x36, 0x3a, 0x35, 0x36, 0x20, 0x47, 0x4d, 0x54, 0x0d, 0x0a,
+    0x4c, 0x61, 0x73, 0x74, 0x2d, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x64, 0x3a, 0x20, 0x54, 0x68, 0x75, 0x2c, 0x20, 0x31, 0x37, 0x20, 0x4f, 0x63, 0x74,
+    0x20, 0x32, 0x30, 0x31, 0x39, 0x20, 0x30, 0x37, 0x3a, 0x31, 0x38, 0x3a, 0x32, 0x36, 0x20, 0x47, 0x4d, 0x54, 0x0d, 0x0a, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
+    0x3a, 0x20, 0x45, 0x43, 0x53, 0x20, 0x28, 0x73, 0x65, 0x64, 0x2f, 0x35, 0x38, 0x41, 0x41, 0x29, 0x0d, 0x0a, 0x56, 0x61, 0x72, 0x79, 0x3a, 0x20, 0x41, 0x63,
+    0x63, 0x65, 0x70, 0x74, 0x2d, 0x45, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x0d, 0x0a, 0x58, 0x2d, 0x43, 0x61, 0x63, 0x68, 0x65, 0x3a, 0x20, 0x48, 0x49,
+    0x54, 0x0d, 0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x3a, 0x20, 0x31, 0x32, 0x35, 0x36, 0x0d, 0x0a, 0x0d,
+    0x0a, 0x3c, 0x21, 0x64, 0x6f, 0x63, 0x74, 0x79, 0x70, 0x65, 0x20, 0x68, 0x74, 0x6d, 0x6c, 0x3e, 0x0a, 0x3c, 0x68, 0x74, 0x6d, 0x6c, 0x3e, 0x0a, 0x3c, 0x68,
+    0x65, 0x61, 0x64, 0x3e, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x3c, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x3e, 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x20, 0x44, 0x6f,
+    0x6d, 0x61, 0x69, 0x6e, 0x3c, 0x2f, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x3e, 0x0a, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x3c, 0x6d, 0x65, 0x74, 0x61, 0x20, 0x63, 0x68,
+    0x61, 0x72, 0x73, 0x65, 0x74, 0x3d, 0x22, 0x75, 0x74, 0x66, 0x2d, 0x38, 0x22, 0x20, 0x2f, 0x3e, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x3c, 0x6d, 0x65, 0x74, 0x61,
+    0x20, 0x68, 0x74, 0x74, 0x70, 0x2d, 0x65, 0x71, 0x75, 0x69, 0x76, 0x3d, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x74, 0x79, 0x70, 0x65, 0x22,
+    0x20, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x3d, 0x22, 0x74, 0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x3b, 0x20, 0x63, 0x68, 0x61, 0x72, 0x73,
+    0x65, 0x74, 0x3d, 0x75, 0x74, 0x66, 0x2d, 0x38, 0x22, 0x20, 0x2f, 0x3e, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x3c, 0x6d, 0x65, 0x74, 0x61, 0x20, 0x6e, 0x61, 0x6d,
+    0x65, 0x3d, 0x22, 0x76, 0x69, 0x65, 0x77, 0x70, 0x6f, 0x72, 0x74, 0x22, 0x20, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x3d, 0x22, 0x77, 0x69, 0x64, 0x74,
+    0x68, 0x3d, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x2d, 0x77, 0x69, 0x64, 0x74, 0x68, 0x2c, 0x20, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x2d, 0x73, 0x63,
+    0x61, 0x6c, 0x65, 0x3d, 0x31, 0x22, 0x20, 0x2f, 0x3e, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x3c, 0x73, 0x74, 0x79, 0x6c, 0x65, 0x20, 0x74, 0x79, 0x70, 0x65, 0x3d,
+    0x22, 0x74, 0x65, 0x78, 0x74, 0x2f, 0x63, 0x73, 0x73, 0x22, 0x3e, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x62, 0x6f, 0x64, 0x79, 0x20, 0x7b, 0x0a, 0x20, 0x20, 0x20,
+    0x20, 0x20, 0x20, 0x20, 0x20, 0x62, 0x61, 0x63, 0x6b, 0x67, 0x72, 0x6f, 0x75, 0x6e, 0x64, 0x2d, 0x63, 0x6f, 0x6c, 0x6f, 0x72, 0x3a, 0x20, 0x23, 0x66, 0x30,
+    0x66, 0x30, 0x66, 0x32, 0x3b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6d, 0x61, 0x72, 0x67, 0x69, 0x6e, 0x3a, 0x20, 0x30, 0x3b, 0x0a, 0x20,
+    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x70, 0x61, 0x64, 0x64, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x30, 0x3b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+    0x20, 0x66, 0x6f, 0x6e, 0x74, 0x2d, 0x66, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x3a, 0x20, 0x2d, 0x61, 0x70, 0x70, 0x6c, 0x65, 0x2d, 0x73, 0x79, 0x73, 0x74, 0x65,
+    0x6d, 0x2c, 0x20, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x2d, 0x75, 0x69, 0x2c, 0x20, 0x42, 0x6c, 0x69, 0x6e, 0x6b, 0x4d, 0x61, 0x63, 0x53, 0x79, 0x73, 0x74,
+    0x65, 0x6d, 0x46, 0x6f, 0x6e, 0x74, 0x2c, 0x20, 0x22, 0x53, 0x65, 0x67, 0x6f, 0x65, 0x20, 0x55, 0x49, 0x22, 0x2c, 0x20, 0x22, 0x4f, 0x70, 0x65, 0x6e, 0x20,
+    0x53, 0x61, 0x6e, 0x73, 0x22, 0x2c, 0x20, 0x22, 0x48, 0x65, 0x6c, 0x76, 0x65, 0x74, 0x69, 0x63, 0x61, 0x20, 0x4e, 0x65, 0x75, 0x65, 0x22, 0x2c, 0x20, 0x48,
+    0x65, 0x6c, 0x76, 0x65, 0x74, 0x69, 0x63, 0x61, 0x2c, 0x20, 0x41, 0x72, 0x69, 0x61, 0x6c, 0x2c, 0x20, 0x73, 0x61, 0x6e, 0x73, 0x2d, 0x73, 0x65, 0x72, 0x69,
+    0x66, 0x3b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x7d, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x64, 0x69, 0x76, 0x20,
+    0x7b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x77, 0x69, 0x64, 0x74, 0x68, 0x3a, 0x20, 0x36, 0x30, 0x30, 0x70, 0x78, 0x3b, 0x0a, 0x20, 0x20,
+    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6d, 0x61, 0x72, 0x67, 0x69, 0x6e, 0x3a, 0x20, 0x35, 0x65, 0x6d, 0x20, 0x61, 0x75, 0x74, 0x6f, 0x3b, 0x0a, 0x20, 0x20,
+    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x70, 0x61, 0x64, 0x64, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x32, 0x65, 0x6d, 0x3b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+    0x20, 0x20, 0x62, 0x61, 0x63, 0x6b, 0x67, 0x72, 0x6f, 0x75, 0x6e, 0x64, 0x2d, 0x63, 0x6f, 0x6c, 0x6f, 0x72, 0x3a, 0x20, 0x23, 0x66, 0x64, 0x66, 0x64, 0x66,
+    0x66, 0x3b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x62, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x2d, 0x72, 0x61, 0x64, 0x69, 0x75, 0x73, 0x3a, 0x20,
+    0x30, 0x2e, 0x35, 0x65, 0x6d, 0x3b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x62, 0x6f, 0x78, 0x2d, 0x73, 0x68, 0x61, 0x64, 0x6f, 0x77, 0x3a,
+    0x20, 0x32, 0x70, 0x78, 0x20, 0x33, 0x70, 0x78, 0x20, 0x37, 0x70, 0x78, 0x20, 0x32, 0x70, 0x78, 0x20, 0x72, 0x67, 0x62, 0x61, 0x28, 0x30, 0x2c, 0x30, 0x2c,
+    0x30, 0x2c, 0x30, 0x2e, 0x30, 0x32, 0x29, 0x3b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x7d, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x61, 0x3a, 0x6c, 0x69, 0x6e, 0x6b, 0x2c,
+    0x20, 0x61, 0x3a, 0x76, 0x69, 0x73, 0x69, 0x74, 0x65, 0x64, 0x20, 0x7b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x63, 0x6f, 0x6c, 0x6f, 0x72,
+    0x3a, 0x20, 0x23, 0x33, 0x38, 0x34, 0x38, 0x38, 0x66, 0x3b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x74, 0x65, 0x78, 0x74, 0x2d, 0x64, 0x65,
+    0x63, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x3a, 0x20, 0x6e, 0x6f, 0x6e, 0x65, 0x3b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x7d, 0x0a, 0x20, 0x20, 0x20, 0x20,
+    0x40, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x20, 0x28, 0x6d, 0x61, 0x78, 0x2d, 0x77, 0x69, 0x64, 0x74, 0x68, 0x3a, 0x20, 0x37, 0x30, 0x30, 0x70, 0x78, 0x29, 0x20,
+    0x7b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x64, 0x69, 0x76, 0x20, 0x7b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+    0x20, 0x20, 0x6d, 0x61, 0x72, 0x67, 0x69, 0x6e, 0x3a, 0x20, 0x30, 0x20, 0x61, 0x75, 0x74, 0x6f, 0x3b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+    0x20, 0x20, 0x20, 0x20, 0x77, 0x69, 0x64, 0x74, 0x68, 0x3a, 0x20, 0x61, 0x75, 0x74, 0x6f, 0x3b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7d,
+    0x0a, 0x20, 0x20, 0x20, 0x20, 0x7d, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x3c, 0x2f, 0x73, 0x74, 0x79, 0x6c, 0x65, 0x3e, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x3c, 0x2f,
+    0x68, 0x65};
+
+/*
+ * Frame 7: 385 bytes on wire (3080 bits), 385 bytes captured (3080 bits) on interface en0, id 0
+ * Ethernet II, Src: NewH3CTe_96:38:0e (48:73:97:96:38:0e), Dst: Apple_0a:c5:ea (3c:a6:f6:0a:c5:ea)
+ *     Destination: Apple_0a:c5:ea (3c:a6:f6:0a:c5:ea)
+ *     Source: NewH3CTe_96:38:0e (48:73:97:96:38:0e)
+ *     Type: IPv4 (0x0800)
+ * Internet Protocol Version 4, Src: 93.184.216.34, Dst: 192.168.38.105
+ *     0100 .... = Version: 4
+ *     .... 0101 = Header Length: 20 bytes (5)
+ *     Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
+ *         0000 00.. = Differentiated Services Codepoint: Default (0)
+ *         .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
+ *     Total Length: 371
+ *     Identification: 0xd6b2 (54962)
+ *     000. .... = Flags: 0x0
+ *         0... .... = Reserved bit: Not set
+ *         .0.. .... = Don't fragment: Not set
+ *         ..0. .... = More fragments: Not set
+ *     ...0 0000 0000 0000 = Fragment Offset: 0
+ *     Time to Live: 42
+ *     Protocol: TCP (6)
+ *     Header Checksum: 0x9be6 [correct]
+ *     [Header checksum status: Good]
+ *     [Calculated Checksum: 0x9be6]
+ *     Source Address: 93.184.216.34
+ *     Destination Address: 192.168.38.105
+ * Transmission Control Protocol, Src Port: 80, Dst Port: 60111, Seq: 1289, Ack: 80, Len: 319
+ *     Source Port: 80
+ *     Destination Port: 60111
+ *     [Stream index: 0]
+ *     [Conversation completeness: Complete, WITH_DATA (31)]
+ *     [TCP Segment Len: 319]
+ *     Sequence Number: 1289    (relative sequence number)
+ *     Sequence Number (raw): 1381453419
+ *     [Next Sequence Number: 1608    (relative sequence number)]
+ *     Acknowledgment Number: 80    (relative ack number)
+ *     Acknowledgment number (raw): 2089585020
+ *     1000 .... = Header Length: 32 bytes (8)
+ *     Flags: 0x018 (PSH, ACK)
+ *         000. .... .... = Reserved: Not set
+ *         ...0 .... .... = Accurate ECN: Not set
+ *         .... 0... .... = Congestion Window Reduced: Not set
+ *         .... .0.. .... = ECN-Echo: Not set
+ *         .... ..0. .... = Urgent: Not set
+ *         .... ...1 .... = Acknowledgment: Set
+ *         .... .... 1... = Push: Set
+ *         .... .... .0.. = Reset: Not set
+ *         .... .... ..0. = Syn: Not set
+ *         .... .... ...0 = Fin: Not set
+ *         [TCP Flags: ·······AP···]
+ *     Window: 128
+ *     [Calculated window size: 65536]
+ *     [Window size scaling factor: 512]
+ *     Checksum: 0x955e [correct]
+ *     [Checksum Status: Good]
+ *     [Calculated Checksum: 0x955e]
+ *     Urgent Pointer: 0
+ *     Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
+ *         TCP Option - No-Operation (NOP)
+ *             Kind: No-Operation (1)
+ *         TCP Option - No-Operation (NOP)
+ *             Kind: No-Operation (1)
+ *         TCP Option - Timestamps
+ *             Kind: Time Stamp Option (8)
+ *             Length: 10
+ *             Timestamp value: 1215574833: TSval 1215574833, TSecr 741028768
+ *             Timestamp echo reply: 741028768
+ *     [Timestamps]
+ *         [Time since first frame in this TCP stream: 0.568149000 seconds]
+ *         [Time since previous frame in this TCP stream: 0.000002000 seconds]
+ *     [SEQ/ACK analysis]
+ *         [iRTT: 0.262565000 seconds]
+ *         [Bytes in flight: 1607]
+ *         [Bytes sent since last PSH flag: 1607]
+ *     TCP payload (319 bytes)
+ *     TCP segment data (319 bytes)
+ * [2 Reassembled TCP Segments (1607 bytes): #6(1288), #7(319)]
+ *     [Frame: 6, payload: 0-1287 (1288 bytes)]
+ *     [Frame: 7, payload: 1288-1606 (319 bytes)]
+ *     [Segment count: 2]
+ *     [Reassembled TCP length: 1607]
+ *     [Reassembled TCP Data: 485454502f312e3120323030204f4b0d0a4163636570742d52616e6765733a2062797465…]
+ * Hypertext Transfer Protocol
+ *     HTTP/1.1 200 OK\r\n
+ *         [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
+ *             [HTTP/1.1 200 OK\r\n]
+ *             [Severity level: Chat]
+ *             [Group: Sequence]
+ *         Response Version: HTTP/1.1
+ *         Status Code: 200
+ *         [Status Code Description: OK]
+ *         Response Phrase: OK
+ *     Accept-Ranges: bytes\r\n
+ *     Age: 342048\r\n
+ *     Cache-Control: max-age=604800\r\n
+ *     Content-Type: text/html; charset=UTF-8\r\n
+ *     Date: Tue, 19 Dec 2023 08:26:56 GMT\r\n
+ *     Etag: "3147526947"\r\n
+ *     Expires: Tue, 26 Dec 2023 08:26:56 GMT\r\n
+ *     Last-Modified: Thu, 17 Oct 2019 07:18:26 GMT\r\n
+ *     Server: ECS (sed/58AA)\r\n
+ *     Vary: Accept-Encoding\r\n
+ *     X-Cache: HIT\r\n
+ *     Content-Length: 1256\r\n
+ *         [Content length: 1256]
+ *     \r\n
+ *     [HTTP response 1/1]
+ *     [Time since request: 0.305366000 seconds]
+ *     [Request in frame: 4]
+ *     [Request URI: http://www.example.com/]
+ *     File Data: 1256 bytes
+ * Line-based text data: text/html (46 lines)
+ *     <!doctype html>\n
+ *     <html>\n
+ *     <head>\n
+ *         <title>Example Domain</title>\n
+ *     \n
+ *         <meta charset="utf-8" />\n
+ *         <meta http-equiv="Content-type" content="text/html; charset=utf-8" />\n
+ *         <meta name="viewport" content="width=device-width, initial-scale=1" />\n
+ *         <style type="text/css">\n
+ *         body {\n
+ *             background-color: #f0f0f2;\n
+ *             margin: 0;\n
+ *             padding: 0;\n
+ *             font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif;\n
+ *             \n
+ *         }\n
+ *         div {\n
+ *             width: 600px;\n
+ *             margin: 5em auto;\n
+ *             padding: 2em;\n
+ *             background-color: #fdfdff;\n
+ *             border-radius: 0.5em;\n
+ *             box-shadow: 2px 3px 7px 2px rgba(0,0,0,0.02);\n
+ *         }\n
+ *         a:link, a:visited {\n
+ *             color: #38488f;\n
+ *             text-decoration: none;\n
+ *         }\n
+ *         @media (max-width: 700px) {\n
+ *             div {\n
+ *                 margin: 0 auto;\n
+ *                 width: auto;\n
+ *             }\n
+ *         }\n
+ *         </style>    \n
+ *     </head>\n
+ *     \n
+ *     <body>\n
+ *     <div>\n
+ *         <h1>Example Domain</h1>\n
+ *         <p>This domain is for use in illustrative examples in documents. You may use this\n
+ *         domain in literature without prior coordination or asking for permission.</p>\n
+ *         <p><a href="https://www.iana.org/domains/example">More information...</a></p>\n
+ *     </div>\n
+ *     </body>\n
+ *     </html>\n
+ */
+
+unsigned char tcp_pkt7_s2c_http_resp_2[] = {
+    0x3c, 0xa6, 0xf6, 0x0a, 0xc5, 0xea, 0x48, 0x73, 0x97, 0x96, 0x38, 0x0e, 0x08, 0x00, 0x45, 0x00, 0x01, 0x73, 0xd6, 0xb2, 0x00, 0x00, 0x2a, 0x06, 0x9b, 0xe6,
+    0x5d, 0xb8, 0xd8, 0x22, 0xc0, 0xa8, 0x26, 0x69, 0x00, 0x50, 0xea, 0xcf, 0x52, 0x57, 0x4e, 0x6b, 0x7c, 0x8c, 0x89, 0x7c, 0x80, 0x18, 0x00, 0x80, 0x95, 0x5e,
+    0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x48, 0x74, 0x33, 0x31, 0x2c, 0x2b, 0x33, 0xa0, 0x61, 0x64, 0x3e, 0x0a, 0x0a, 0x3c, 0x62, 0x6f, 0x64, 0x79, 0x3e, 0x0a,
+    0x3c, 0x64, 0x69, 0x76, 0x3e, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x3c, 0x68, 0x31, 0x3e, 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x20, 0x44, 0x6f, 0x6d, 0x61,
+    0x69, 0x6e, 0x3c, 0x2f, 0x68, 0x31, 0x3e, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x3c, 0x70, 0x3e, 0x54, 0x68, 0x69, 0x73, 0x20, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e,
+    0x20, 0x69, 0x73, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x75, 0x73, 0x65, 0x20, 0x69, 0x6e, 0x20, 0x69, 0x6c, 0x6c, 0x75, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x76,
+    0x65, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x73, 0x20, 0x69, 0x6e, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x2e, 0x20, 0x59,
+    0x6f, 0x75, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x75, 0x73, 0x65, 0x20, 0x74, 0x68, 0x69, 0x73, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e,
+    0x20, 0x69, 0x6e, 0x20, 0x6c, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x77, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, 0x20, 0x70, 0x72, 0x69,
+    0x6f, 0x72, 0x20, 0x63, 0x6f, 0x6f, 0x72, 0x64, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x6f, 0x72, 0x20, 0x61, 0x73, 0x6b, 0x69, 0x6e, 0x67, 0x20,
+    0x66, 0x6f, 0x72, 0x20, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x2e, 0x3c, 0x2f, 0x70, 0x3e, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x3c, 0x70,
+    0x3e, 0x3c, 0x61, 0x20, 0x68, 0x72, 0x65, 0x66, 0x3d, 0x22, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x69, 0x61, 0x6e, 0x61,
+    0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x22, 0x3e, 0x4d, 0x6f, 0x72, 0x65,
+    0x20, 0x69, 0x6e, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x2e, 0x2e, 0x3c, 0x2f, 0x61, 0x3e, 0x3c, 0x2f, 0x70, 0x3e, 0x0a, 0x3c, 0x2f,
+    0x64, 0x69, 0x76, 0x3e, 0x0a, 0x3c, 0x2f, 0x62, 0x6f, 0x64, 0x79, 0x3e, 0x0a, 0x3c, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x3e, 0x0a};
+
+/*
+ * Frame 8: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface en0, id 0
+ * Ethernet II, Src: Apple_0a:c5:ea (3c:a6:f6:0a:c5:ea), Dst: NewH3CTe_96:38:0e (48:73:97:96:38:0e)
+ *     Destination: NewH3CTe_96:38:0e (48:73:97:96:38:0e)
+ *     Source: Apple_0a:c5:ea (3c:a6:f6:0a:c5:ea)
+ *     Type: IPv4 (0x0800)
+ * Internet Protocol Version 4, Src: 192.168.38.105, Dst: 93.184.216.34
+ *     0100 .... = Version: 4
+ *     .... 0101 = Header Length: 20 bytes (5)
+ *     Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
+ *         0000 00.. = Differentiated Services Codepoint: Default (0)
+ *         .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
+ *     Total Length: 52
+ *     Identification: 0x0000 (0)
+ *     010. .... = Flags: 0x2, Don't fragment
+ *         0... .... = Reserved bit: Not set
+ *         .1.. .... = Don't fragment: Set
+ *         ..0. .... = More fragments: Not set
+ *     ...0 0000 0000 0000 = Fragment Offset: 0
+ *     Time to Live: 64
+ *     Protocol: TCP (6)
+ *     Header Checksum: 0x1dd8 [correct]
+ *     [Header checksum status: Good]
+ *     [Calculated Checksum: 0x1dd8]
+ *     Source Address: 192.168.38.105
+ *     Destination Address: 93.184.216.34
+ * Transmission Control Protocol, Src Port: 60111, Dst Port: 80, Seq: 80, Ack: 1608, Len: 0
+ *     Source Port: 60111
+ *     Destination Port: 80
+ *     [Stream index: 0]
+ *     [Conversation completeness: Complete, WITH_DATA (31)]
+ *     [TCP Segment Len: 0]
+ *     Sequence Number: 80    (relative sequence number)
+ *     Sequence Number (raw): 2089585020
+ *     [Next Sequence Number: 80    (relative sequence number)]
+ *     Acknowledgment Number: 1608    (relative ack number)
+ *     Acknowledgment number (raw): 1381453738
+ *     1000 .... = Header Length: 32 bytes (8)
+ *     Flags: 0x010 (ACK)
+ *         000. .... .... = Reserved: Not set
+ *         ...0 .... .... = Accurate ECN: Not set
+ *         .... 0... .... = Congestion Window Reduced: Not set
+ *         .... .0.. .... = ECN-Echo: Not set
+ *         .... ..0. .... = Urgent: Not set
+ *         .... ...1 .... = Acknowledgment: Set
+ *         .... .... 0... = Push: Not set
+ *         .... .... .0.. = Reset: Not set
+ *         .... .... ..0. = Syn: Not set
+ *         .... .... ...0 = Fin: Not set
+ *         [TCP Flags: ·······A····]
+ *     Window: 2027
+ *     [Calculated window size: 129728]
+ *     [Window size scaling factor: 64]
+ *     Checksum: 0xe219 [correct]
+ *     [Checksum Status: Good]
+ *     [Calculated Checksum: 0xe219]
+ *     Urgent Pointer: 0
+ *     Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
+ *         TCP Option - No-Operation (NOP)
+ *             Kind: No-Operation (1)
+ *         TCP Option - No-Operation (NOP)
+ *             Kind: No-Operation (1)
+ *         TCP Option - Timestamps
+ *             Kind: Time Stamp Option (8)
+ *             Length: 10
+ *             Timestamp value: 741029073: TSval 741029073, TSecr 1215574833
+ *             Timestamp echo reply: 1215574833
+ *     [Timestamps]
+ *         [Time since first frame in this TCP stream: 0.568399000 seconds]
+ *         [Time since previous frame in this TCP stream: 0.000250000 seconds]
+ *     [SEQ/ACK analysis]
+ *         [This is an ACK to the segment in frame: 7]
+ *         [The RTT to ACK the segment was: 0.000250000 seconds]
+ *         [iRTT: 0.262565000 seconds]
+ */
+
+unsigned char tcp_pkt8_c2s_ack[] = {
+    0x48, 0x73, 0x97, 0x96, 0x38, 0x0e, 0x3c, 0xa6, 0xf6, 0x0a, 0xc5, 0xea, 0x08, 0x00, 0x45, 0x00, 0x00, 0x34, 0x00, 0x00, 0x40, 0x00, 0x40, 0x06, 0x1d, 0xd8,
+    0xc0, 0xa8, 0x26, 0x69, 0x5d, 0xb8, 0xd8, 0x22, 0xea, 0xcf, 0x00, 0x50, 0x7c, 0x8c, 0x89, 0x7c, 0x52, 0x57, 0x4f, 0xaa, 0x80, 0x10, 0x07, 0xeb, 0xe2, 0x19,
+    0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x2c, 0x2b, 0x34, 0xd1, 0x48, 0x74, 0x33, 0x31};
+
 /*
  * Frame 9: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface en0, id 0
  * Ethernet II, Src: Apple_0a:c5:ea (3c:a6:f6:0a:c5:ea), Dst: NewH3CTe_96:38:0e (48:73:97:96:38:0e)
@@ -361,7 +935,7 @@ unsigned char tcp_pkt3_c2s_ack[] = {
  *         [Time since previous frame in this TCP stream: 0.000565000 seconds]
  */
 
-unsigned char tcp_pkt4_c2s_fin[] = {
+unsigned char tcp_pkt9_c2s_fin[] = {
     0x48, 0x73, 0x97, 0x96, 0x38, 0x0e, 0x3c, 0xa6, 0xf6, 0x0a, 0xc5, 0xea, 0x08, 0x00, 0x45, 0x00, 0x00, 0x34, 0x00, 0x00, 0x40, 0x00, 0x40, 0x06, 0x1d, 0xd8,
     0xc0, 0xa8, 0x26, 0x69, 0x5d, 0xb8, 0xd8, 0x22, 0xea, 0xcf, 0x00, 0x50, 0x7c, 0x8c, 0x89, 0x7c, 0x52, 0x57, 0x4f, 0xaa, 0x80, 0x11, 0x08, 0x00, 0xe2, 0x03,
     0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x2c, 0x2b, 0x34, 0xd1, 0x48, 0x74, 0x33, 0x31};
@@ -450,13 +1024,94 @@ unsigned char tcp_pkt4_c2s_fin[] = {
  *         [iRTT: 0.262565000 seconds]
  */
 
-unsigned char tcp_pkt5_s2c_fin[] = {
+unsigned char tcp_pkt10_s2c_fin[] = {
     0x3c, 0xa6, 0xf6, 0x0a, 0xc5, 0xea, 0x48, 0x73, 0x97, 0x96, 0x38, 0x0e, 0x08, 0x00, 0x45, 0x00, 0x00, 0x34, 0xd6, 0xb3, 0x00, 0x00, 0x2a, 0x06, 0x9d, 0x24,
     0x5d, 0xb8, 0xd8, 0x22, 0xc0, 0xa8, 0x26, 0x69, 0x00, 0x50, 0xea, 0xcf, 0x52, 0x57, 0x4f, 0xaa, 0x7c, 0x8c, 0x89, 0x7d, 0x80, 0x11, 0x00, 0x80, 0xe8, 0x51,
     0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x48, 0x74, 0x34, 0x62, 0x2c, 0x2b, 0x34, 0xd1};
 
+/*
+ * Frame 11: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface en0, id 0
+ * Ethernet II, Src: Apple_0a:c5:ea (3c:a6:f6:0a:c5:ea), Dst: NewH3CTe_96:38:0e (48:73:97:96:38:0e)
+ *     Destination: NewH3CTe_96:38:0e (48:73:97:96:38:0e)
+ *     Source: Apple_0a:c5:ea (3c:a6:f6:0a:c5:ea)
+ *     Type: IPv4 (0x0800)
+ * Internet Protocol Version 4, Src: 192.168.38.105, Dst: 93.184.216.34
+ *     0100 .... = Version: 4
+ *     .... 0101 = Header Length: 20 bytes (5)
+ *     Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
+ *         0000 00.. = Differentiated Services Codepoint: Default (0)
+ *         .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
+ *     Total Length: 52
+ *     Identification: 0x0000 (0)
+ *     010. .... = Flags: 0x2, Don't fragment
+ *         0... .... = Reserved bit: Not set
+ *         .1.. .... = Don't fragment: Set
+ *         ..0. .... = More fragments: Not set
+ *     ...0 0000 0000 0000 = Fragment Offset: 0
+ *     Time to Live: 64
+ *     Protocol: TCP (6)
+ *     Header Checksum: 0x1dd8 [correct]
+ *     [Header checksum status: Good]
+ *     [Calculated Checksum: 0x1dd8]
+ *     Source Address: 192.168.38.105
+ *     Destination Address: 93.184.216.34
+ * Transmission Control Protocol, Src Port: 60111, Dst Port: 80, Seq: 81, Ack: 1609, Len: 0
+ *     Source Port: 60111
+ *     Destination Port: 80
+ *     [Stream index: 0]
+ *     [Conversation completeness: Complete, WITH_DATA (31)]
+ *     [TCP Segment Len: 0]
+ *     Sequence Number: 81    (relative sequence number)
+ *     Sequence Number (raw): 2089585021
+ *     [Next Sequence Number: 81    (relative sequence number)]
+ *     Acknowledgment Number: 1609    (relative ack number)
+ *     Acknowledgment number (raw): 1381453739
+ *     1000 .... = Header Length: 32 bytes (8)
+ *     Flags: 0x010 (ACK)
+ *         000. .... .... = Reserved: Not set
+ *         ...0 .... .... = Accurate ECN: Not set
+ *         .... 0... .... = Congestion Window Reduced: Not set
+ *         .... .0.. .... = ECN-Echo: Not set
+ *         .... ..0. .... = Urgent: Not set
+ *         .... ...1 .... = Acknowledgment: Set
+ *         .... .... 0... = Push: Not set
+ *         .... .... .0.. = Reset: Not set
+ *         .... .... ..0. = Syn: Not set
+ *         .... .... ...0 = Fin: Not set
+ *         [TCP Flags: ·······A····]
+ *     Window: 2048
+ *     [Calculated window size: 131072]
+ *     [Window size scaling factor: 64]
+ *     Checksum: 0xdf9d [correct]
+ *     [Checksum Status: Good]
+ *     [Calculated Checksum: 0xdf9d]
+ *     Urgent Pointer: 0
+ *     Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
+ *         TCP Option - No-Operation (NOP)
+ *             Kind: No-Operation (1)
+ *         TCP Option - No-Operation (NOP)
+ *             Kind: No-Operation (1)
+ *         TCP Option - Timestamps
+ *             Kind: Time Stamp Option (8)
+ *             Length: 10
+ *             Timestamp value: 741029381: TSval 741029381, TSecr 1215575138
+ *             Timestamp echo reply: 1215575138
+ *     [Timestamps]
+ *         [Time since first frame in this TCP stream: 0.876872000 seconds]
+ *         [Time since previous frame in this TCP stream: 0.000304000 seconds]
+ *     [SEQ/ACK analysis]
+ *         [This is an ACK to the segment in frame: 10]
+ *         [The RTT to ACK the segment was: 0.000304000 seconds]
+ *         [iRTT: 0.262565000 seconds]
+ */
+
+unsigned char tcp_pkt11_c2s_ack[] = {
+    0x48, 0x73, 0x97, 0x96, 0x38, 0x0e, 0x3c, 0xa6, 0xf6, 0x0a, 0xc5, 0xea, 0x08, 0x00, 0x45, 0x00, 0x00, 0x34, 0x00, 0x00, 0x40, 0x00, 0x40, 0x06, 0x1d, 0xd8,
+    0xc0, 0xa8, 0x26, 0x69, 0x5d, 0xb8, 0xd8, 0x22, 0xea, 0xcf, 0x00, 0x50, 0x7c, 0x8c, 0x89, 0x7d, 0x52, 0x57, 0x4f, 0xab, 0x80, 0x10, 0x08, 0x00, 0xdf, 0x9d,
+    0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x2c, 0x2b, 0x36, 0x05, 0x48, 0x74, 0x34, 0x62};
+
 /******************************************************************************
- * test packet UDP
+ * test packet: UDP www.badssl.com
  ******************************************************************************/
 
 /*
@@ -818,7 +1473,7 @@ unsigned char udp_pkt2_dns_resp[] = {
  * plugin
  ******************************************************************************/
 
-uint8_t PLUGIN_EX = 0;
+uint8_t plugin_ex = 0;
 const char *plugin_ctx = "hello world";
 
 void plugin_session_ex_free(struct session *sess, uint8_t idx, void *ex_ptr, void *arg)
@@ -830,7 +1485,7 @@ void plugin_session_ex_free(struct session *sess, uint8_t idx, void *ex_ptr, voi
 
 void plugin_init(void)
 {
-    PLUGIN_EX = session_get_ex_new_index("PLUGIN_EX", plugin_session_ex_free, NULL);
+    plugin_ex = session_get_ex_new_index("plugin_ex", plugin_session_ex_free, NULL);
 }
 
 void plugin_dispatch(struct session *sess, uint32_t event, void *arg)
@@ -841,11 +1496,11 @@ void plugin_dispatch(struct session *sess, uint32_t event, void *arg)
     if (event == SESSION_EVENT_OPENING)
     {
         char *pluin_ex = strdup("123");
-        session_set_ex_data(sess, PLUGIN_EX, pluin_ex);
+        session_set_ex_data(sess, plugin_ex, pluin_ex);
     }
     else
     {
-        char *pluin_ex = (char *)session_get0_ex_data(sess, PLUGIN_EX);
+        char *pluin_ex = (char *)session_get0_ex_data(sess, plugin_ex);
         EXPECT_STREQ(pluin_ex, "123");
     }
     printf("<= plugin_dispatch\n");
@@ -853,11 +1508,17 @@ void plugin_dispatch(struct session *sess, uint32_t event, void *arg)
 }
 
 /******************************************************************************
- * test case
+ * test case: INIT -> OPENING
  ******************************************************************************/
 
 #if 1
-TEST(SESSION_MANAGER, INIT_TO_OPENING_BY_TCP_SYN)
+/*
+ * packet: tcp syn packet
+ *
+ * note: the syn packet can trigger a change in session status from INIT to OPENING
+ *       only trigger OPENING event
+ */
+TEST(SESSION_MANAGER, INIT_TO_OPENING_BY_SYN)
 {
     char buffer[1024];
     uint64_t max_session_num = 16;
@@ -928,7 +1589,13 @@ TEST(SESSION_MANAGER, INIT_TO_OPENING_BY_TCP_SYN)
 #endif
 
 #if 1
-TEST(SESSION_MANAGER, INIT_TO_OPENING_BY_TCP_SYNACK)
+/*
+ * packet: tcp synack packet
+ *
+ * note: the synack packet can trigger a change in session status from INIT to OPENING
+ *       only trigger OPENING event
+ */
+TEST(SESSION_MANAGER, INIT_TO_OPENING_BY_SYNACK)
 {
     char buffer[1024];
     uint64_t max_session_num = 16;
@@ -998,7 +1665,17 @@ TEST(SESSION_MANAGER, INIT_TO_OPENING_BY_TCP_SYNACK)
 }
 #endif
 
+/******************************************************************************
+ * test case: INIT -> ACTIVE
+ ******************************************************************************/
+
 #if 1
+/*
+ * packet: udp c2s packet
+ *
+ * note: the udp c2s packet can trigger a change in session status from INIT to ACTIVE
+ *       trigger OPENING and ACTIVE event
+ */
 TEST(SESSION_MANAGER, INIT_TO_ACTIVE_BY_UDP_C2S)
 {
     char buffer[1024];
@@ -1070,6 +1747,12 @@ TEST(SESSION_MANAGER, INIT_TO_ACTIVE_BY_UDP_C2S)
 #endif
 
 #if 1
+/*
+ * packet: udp s2c packet
+ *
+ * note: the udp s2c packet can trigger a change in session status from INIT to ACTIVE
+ *       trigger OPENING and ACTIVE event
+ */
 TEST(SESSION_MANAGER, INIT_TO_ACTIVE_BY_UDP_S2C)
 {
     char buffer[1024];
@@ -1140,53 +1823,1566 @@ TEST(SESSION_MANAGER, INIT_TO_ACTIVE_BY_UDP_S2C)
 }
 #endif
 
-TEST(SESSION_MANAGER, OPENING_TO_ACTIVE_BY_TCP_PAYLOAD)
-{
-}
+/******************************************************************************
+ * test case: OPENING -> ACTIVE
+ ******************************************************************************/
 
+#if 1
+/*
+ * packet: tcp syn packet && tcp c2s payload packet
+ *
+ *
+ * note: the syn packet can trigger a change in session status from INIT to OPENING
+ *       only trigger OPENING event
+ * note: the tcp c2s packet can trigger a change in session status from OPENING to ACTIVE
+ *       trigger OPENING and ACTIVE event
+ */
+TEST(SESSION_MANAGER, OPENING_TO_ACTIVE_BY_SYN_AND_C2S_PAYLOAD)
+{
+    char buffer[1024];
+    uint64_t max_session_num = 16;
+    struct packet pkt;
+    struct session *sess = NULL;
+    struct session_manager *mgr = NULL;
+
+    timestamp_update();
+    plugin_init();
+
+    mgr = session_manager_create(max_session_num);
+    EXPECT_TRUE(mgr != NULL);
+    session_manager_set_session_eventcb(mgr, plugin_dispatch, (void *)plugin_ctx);
+    session_manager_set_packet_timeout(mgr, 1000);
+    session_manager_set_closing_timeout(mgr, 2000);
+
+    /**************************************************************************
+     * syn packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt1_c2s_syn, sizeof(tcp_pkt1_c2s_syn));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 78);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 0);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 1);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 0);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) == session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == TCP_SYN_RECVED);
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    timestamp_update();
+    printf("\n===> Atfer SYN Packet <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    // update timestamp
+    usleep(1000);
+    timestamp_update();
+
+    /**************************************************************************
+     * c2s payload packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt4_c2s_http_req, sizeof(tcp_pkt4_c2s_http_req));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_ACTIVE);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 78 + 145);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 0);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 1 + 1);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 0);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) < session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == (TCP_SYN_RECVED | TCP_C2S_PAYLOAD_RECVED));
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    timestamp_update();
+    printf("\n===> Atfer C2S Payload Packet <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    /**************************************************************************
+     * timeout
+     **************************************************************************/
+
+    printf("\n===> Atfer timeout <=== \n\n");
+    for (int i = 0; i < 4; i++)
+    {
+        timestamp_update();
+        session_manager_dispatch(mgr);
+        sleep(1);
+    }
+
+    // check sess mgr
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    // destory
+    session_manager_destroy(mgr);
+}
+#endif
+
+#if 1
+/*
+ * packet: tcp syn packet && tcp s2c payload packet
+ *
+ *
+ * note: the syn packet can trigger a change in session status from INIT to OPENING
+ *       only trigger OPENING event
+ * note: the tcp s2c packet can trigger a change in session status from OPENING to ACTIVE
+ *       trigger OPENING and ACTIVE event
+ */
+TEST(SESSION_MANAGER, OPENING_TO_ACTIVE_BY_SYN_AND_S2C_PAYLOAD)
+{
+    char buffer[1024];
+    uint64_t max_session_num = 16;
+    struct packet pkt;
+    struct session *sess = NULL;
+    struct session_manager *mgr = NULL;
+
+    timestamp_update();
+    plugin_init();
+
+    mgr = session_manager_create(max_session_num);
+    EXPECT_TRUE(mgr != NULL);
+    session_manager_set_session_eventcb(mgr, plugin_dispatch, (void *)plugin_ctx);
+    session_manager_set_packet_timeout(mgr, 1000);
+    session_manager_set_closing_timeout(mgr, 2000);
+
+    /**************************************************************************
+     * syn packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt1_c2s_syn, sizeof(tcp_pkt1_c2s_syn));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 78);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 0);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 1);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 0);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) == session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == TCP_SYN_RECVED);
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    timestamp_update();
+    printf("\n===> Atfer SYN Packet <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    // update timestamp
+    usleep(1000);
+    timestamp_update();
+
+    /**************************************************************************
+     * s2c payload packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt6_s2c_http_resq_1, sizeof(tcp_pkt6_s2c_http_resq_1));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_ACTIVE);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 78);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 1354);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 1);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 1);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) < session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_S2C);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == (TCP_SYN_RECVED | TCP_S2C_PAYLOAD_RECVED));
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    timestamp_update();
+    printf("\n===> Atfer C2S Payload Packet <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    /**************************************************************************
+     * timeout
+     **************************************************************************/
+
+    printf("\n===> Atfer timeout <=== \n\n");
+    for (int i = 0; i < 4; i++)
+    {
+        timestamp_update();
+        session_manager_dispatch(mgr);
+        sleep(1);
+    }
+
+    // check sess mgr
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    // destory
+    session_manager_destroy(mgr);
+}
+#endif
+
+#if 1
+/*
+ * packet: tcp synack packet && tcp c2s payload packet
+ *
+ * note: the synack packet can trigger a change in session status from INIT to OPENING
+ *       only trigger OPENING event
+ * note: the tcp c2s packet can trigger a change in session status from OPENING to ACTIVE
+ *       trigger OPENING and ACTIVE event
+ */
+TEST(SESSION_MANAGER, OPENING_TO_ACTIVE_BY_SYNACK_AND_C2S_PAYLOAD)
+{
+    char buffer[1024];
+    uint64_t max_session_num = 16;
+    struct packet pkt;
+    struct session *sess = NULL;
+    struct session_manager *mgr = NULL;
+
+    timestamp_update();
+    plugin_init();
+
+    mgr = session_manager_create(max_session_num);
+    EXPECT_TRUE(mgr != NULL);
+    session_manager_set_session_eventcb(mgr, plugin_dispatch, (void *)plugin_ctx);
+    session_manager_set_packet_timeout(mgr, 1000);
+    session_manager_set_closing_timeout(mgr, 2000);
+
+    /**************************************************************************
+     * synack packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt2_s2c_syn_ack, sizeof(tcp_pkt2_s2c_syn_ack));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "93.184.216.34:80 -> 192.168.38.105:60111, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_S2C);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 0);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 74);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 0);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 1);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) == session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_S2C);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == TCP_SYNACK_RECVED);
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    timestamp_update();
+    printf("\n===> Atfer SYNACK Packet <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    // update timestamp
+    usleep(1000);
+    timestamp_update();
+
+    /**************************************************************************
+     * c2s payload packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt4_c2s_http_req, sizeof(tcp_pkt4_c2s_http_req));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "93.184.216.34:80 -> 192.168.38.105:60111, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_S2C);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_ACTIVE);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 145);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 74);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 1);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 1);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) < session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == (TCP_SYNACK_RECVED | TCP_C2S_PAYLOAD_RECVED));
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    timestamp_update();
+    printf("\n===> Atfer C2S Payload Packet <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    /**************************************************************************
+     * timeout
+     **************************************************************************/
+
+    printf("\n===> Atfer timeout <=== \n\n");
+    for (int i = 0; i < 4; i++)
+    {
+        timestamp_update();
+        session_manager_dispatch(mgr);
+        sleep(1);
+    }
+
+    // check sess mgr
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    // destory
+    session_manager_destroy(mgr);
+}
+#endif
+
+#if 1
+/*
+ * packet: tcp synack packet && tcp s2c payload packet
+ *
+ * note: the synack packet can trigger a change in session status from INIT to OPENING
+ *       only trigger OPENING event
+ * note: the tcp s2c packet can trigger a change in session status from OPENING to ACTIVE
+ *       trigger OPENING and ACTIVE event
+ */
+TEST(SESSION_MANAGER, OPENING_TO_ACTIVE_BY_SYNACK_AND_S2C_PAYLOAD)
+{
+    char buffer[1024];
+    uint64_t max_session_num = 16;
+    struct packet pkt;
+    struct session *sess = NULL;
+    struct session_manager *mgr = NULL;
+
+    timestamp_update();
+    plugin_init();
+
+    mgr = session_manager_create(max_session_num);
+    EXPECT_TRUE(mgr != NULL);
+    session_manager_set_session_eventcb(mgr, plugin_dispatch, (void *)plugin_ctx);
+    session_manager_set_packet_timeout(mgr, 1000);
+    session_manager_set_closing_timeout(mgr, 2000);
+
+    /**************************************************************************
+     * synack packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt2_s2c_syn_ack, sizeof(tcp_pkt2_s2c_syn_ack));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "93.184.216.34:80 -> 192.168.38.105:60111, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_S2C);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 0);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 74);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 0);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 1);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) == session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_S2C);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == TCP_SYNACK_RECVED);
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    timestamp_update();
+    printf("\n===> Atfer SYNACK Packet <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    // update timestamp
+    usleep(1000);
+    timestamp_update();
+
+    /**************************************************************************
+     * s2c payload packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt6_s2c_http_resq_1, sizeof(tcp_pkt6_s2c_http_resq_1));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "93.184.216.34:80 -> 192.168.38.105:60111, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_S2C);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_ACTIVE);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 0);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 74 + 1354);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 0);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 1 + 1);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) < session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_S2C);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == (TCP_SYNACK_RECVED | TCP_S2C_PAYLOAD_RECVED));
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    timestamp_update();
+    printf("\n===> Atfer S2C Payload Packet <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    /**************************************************************************
+     * timeout
+     **************************************************************************/
+
+    printf("\n===> Atfer timeout <=== \n\n");
+    for (int i = 0; i < 4; i++)
+    {
+        timestamp_update();
+        session_manager_dispatch(mgr);
+        sleep(1);
+    }
+
+    // check sess mgr
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    // destory
+    session_manager_destroy(mgr);
+}
+#endif
+
+#if 1
+/*
+ * packet: tcp syn packet && tcp synack packet && tcp ack packet && tcp c2s payload packet
+ *
+ * note: the syn packet can trigger a change in session status from INIT to OPENING
+ *       only trigger OPENING event
+ * note: the synack packet still keep session status OPENING
+ *       will not trigger OPENING event
+ * note: the ack packet still keep session status OPENING
+ *       will not trigger OPENING event
+ * note: the tcp c2s packet can trigger a change in session status from OPENING to ACTIVE
+ *       trigger ACTIVE event
+ */
+// SYN && SYNACK && ACK && C2S PAYLOAY
+TEST(SESSION_MANAGER, OPENING_TO_ACTIVE_BY_SYN_AND_SYNACK_AND_ACK_AND_C2S_PAYLOAD)
+{
+    char buffer[1024];
+    uint64_t max_session_num = 16;
+    struct packet pkt;
+    struct session *sess = NULL;
+    struct session_manager *mgr = NULL;
+
+    timestamp_update();
+    plugin_init();
+
+    mgr = session_manager_create(max_session_num);
+    EXPECT_TRUE(mgr != NULL);
+    session_manager_set_session_eventcb(mgr, plugin_dispatch, (void *)plugin_ctx);
+    session_manager_set_packet_timeout(mgr, 1000);
+    session_manager_set_closing_timeout(mgr, 2000);
+
+    /**************************************************************************
+     * syn packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt1_c2s_syn, sizeof(tcp_pkt1_c2s_syn));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 78);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 0);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 1);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 0);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) == session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == TCP_SYN_RECVED);
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    timestamp_update();
+    printf("\n===> Atfer SYN Packet <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    // update timestamp
+    usleep(1000);
+    timestamp_update();
+
+    /**************************************************************************
+     * synack packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt2_s2c_syn_ack, sizeof(tcp_pkt2_s2c_syn_ack));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 78);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 74);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 1);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 1);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) < session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_S2C);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == (TCP_SYN_RECVED | TCP_SYNACK_RECVED));
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    timestamp_update();
+    printf("\n===> Atfer SYNACK Packet <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    // update timestamp
+    usleep(1000);
+    timestamp_update();
+
+    /**************************************************************************
+     * ack packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt3_c2s_ack, sizeof(tcp_pkt3_c2s_ack));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 78 + 66);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 74);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 1 + 1);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 1);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) < session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == (TCP_SYN_RECVED | TCP_SYNACK_RECVED));
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    timestamp_update();
+    printf("\n===> Atfer ACK Packet <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    // update timestamp
+    usleep(1000);
+    timestamp_update();
+
+    /**************************************************************************
+     * c2s payload packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt4_c2s_http_req, sizeof(tcp_pkt4_c2s_http_req));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_ACTIVE);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 78 + 66 + 145);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 74);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 1 + 1 + 1);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 1);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) < session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == (TCP_SYN_RECVED | TCP_SYNACK_RECVED | TCP_C2S_PAYLOAD_RECVED));
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    timestamp_update();
+    printf("\n===> Atfer C2S TCP Payload Packet <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    /**************************************************************************
+     * timeout
+     **************************************************************************/
+
+    printf("\n===> Atfer timeout <=== \n\n");
+    for (int i = 0; i < 4; i++)
+    {
+        timestamp_update();
+        session_manager_dispatch(mgr);
+        sleep(1);
+    }
+
+    // check sess mgr
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    // destory
+    session_manager_destroy(mgr);
+}
+#endif
+
+/******************************************************************************
+ * test case: ACTIVE -> CLOSING
+ ******************************************************************************/
+
+#if 1
 TEST(SESSION_MANAGER, ACTIVE_TO_CLOSING_BY_2_TCP_FINS)
 {
+    // have test on TCP_FULL_STREAM
 }
+#endif
 
-TEST(SESSION_MANAGER, ACTIVE_TO_CLOSING_BY_TCP_RST)
+TEST(SESSION_MANAGER, ACTIVE_TO_CLOSING_BY_TCP_C2S_RST)
 {
+    // TODO
 }
 
+TEST(SESSION_MANAGER, ACTIVE_TO_CLOSING_BY_TCP_S2C_RST)
+{
+    // TODO
+}
+
+#if 1
 TEST(SESSION_MANAGER, ACTIVE_TO_CLOSING_BY_TCP_TIMEOUT)
 {
+    // have test on above(when timeout)
 }
+#endif
 
+#if 1
 TEST(SESSION_MANAGER, ACTIVE_TO_CLOSING_BY_UDP_TIMEOUT)
 {
+    // have test on INIT_TO_ACTIVE_BY_UDP_C2S or INIT_TO_ACTIVE_BY_UDP_S2C
 }
+#endif
 
+/******************************************************************************
+ * test case: OPENING -> CLOSING
+ ******************************************************************************/
+
+#if 1
 TEST(SESSION_MANAGER, OPENING_TO_CLOSING_BY_TCP_TIMEOUT)
 {
+    // have test on INIT_TO_OPENING_BY_SYN or INIT_TO_OPENING_BY_SYNACK
 }
+#endif
 
-TEST(SESSION_MANAGER, OPENING_TO_CLOSING_BY_UDP_TIMEOUT)
-{
-}
+/******************************************************************************
+ * test case: CLOSING -> CLOSED
+ ******************************************************************************/
 
+#if 1
 TEST(SESSION_MANAGER, CLOSING_TO_CLOSED_BY_TCP_TIMEOUT)
 {
+    // have test on above(when timeout)
 }
+#endif
 
+#if 1
 TEST(SESSION_MANAGER, CLOSING_TO_CLOSED_BY_UDP_TIMEOUT)
 {
+    // have test on above(when timeout)
 }
+#endif
+
+/******************************************************************************
+ * test case: other
+ ******************************************************************************/
 
 TEST(SESSION_MANAGER, TABLE_FULL_DISCARD)
 {
+    // TODO
 }
 
+#if 1
+/*
+ * packet: tcp syn packet
+ *         tcp synack packet
+ *         tcp ack packet
+ *         tcp c2s http req packet
+ *         tcp s2c ack packet
+ *         tcp s2c http resq packet1
+ *         tcp s2c http resq packet2
+ *         tcp c2s ack packet
+ *         tcp c2s fin packet
+ *         tcp s2c fin packet
+ *         tcp c2s ack packet
+ *
+ * note: the syn packet can trigger a change in session status from INIT to OPENING
+ *       trigger OPENING event
+ * note: the synack packet still keep session status OPENING
+ *       will not trigger event
+ * note: the ack packet still keep session status OPENING
+ *       will not trigger event
+ * note: the tcp c2s http req packet can trigger a change in session status from OPENING to ACTIVE
+ *       trigger ACTIVE event
+ * note: the tcp s2c ack packet still keep session status ACTIVE
+ *       trigger ACTIVE event
+ * note: the tcp s2c http resq packet1 still keep session status ACTIVE
+ *       trigger ACTIVE event
+ * note: the tcp s2c http resq packet2 still keep session status ACTIVE
+ *       trigger ACTIVE event
+ * note: the tcp c2s ack packet still keep session status ACTIVE
+ *       trigger ACTIVE event
+ * note: the tcp c2s fin packet still keep session status ACTIVE
+ *       trigger ACTIVE event
+ * note: the tcp s2c fin packet can trigger a change in session status from ACTIVE to CLOSING
+ *       trigger CLOSING event
+ * note: the tcp c2s ack packet still keep session status CLOSING
+ *       will not trigger event
+ */
 TEST(SESSION_MANAGER, TCP_FULL_STREAM)
 {
-}
+    char buffer[1024];
+    uint64_t max_session_num = 16;
+    struct packet pkt;
+    struct session *sess = NULL;
+    struct session_manager *mgr = NULL;
 
+    timestamp_update();
+    plugin_init();
+
+    mgr = session_manager_create(max_session_num);
+    EXPECT_TRUE(mgr != NULL);
+    session_manager_set_session_eventcb(mgr, plugin_dispatch, (void *)plugin_ctx);
+    session_manager_set_packet_timeout(mgr, 1000);
+    session_manager_set_closing_timeout(mgr, 2000);
+
+    /**************************************************************************
+     * syn packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt1_c2s_syn, sizeof(tcp_pkt1_c2s_syn));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 78);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 0);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 1);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 0);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) == session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == TCP_SYN_RECVED);
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    timestamp_update();
+    printf("\n===> Atfer SYN Packet <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    // update timestamp
+    usleep(1000);
+    timestamp_update();
+
+    /**************************************************************************
+     * synack packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt2_s2c_syn_ack, sizeof(tcp_pkt2_s2c_syn_ack));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 78);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 74);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 1);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 1);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) < session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_S2C);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == (TCP_SYN_RECVED | TCP_SYNACK_RECVED));
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    timestamp_update();
+    printf("\n===> Atfer SYNACK Packet <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    // update timestamp
+    usleep(1000);
+    timestamp_update();
+
+    /**************************************************************************
+     * ack packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt3_c2s_ack, sizeof(tcp_pkt3_c2s_ack));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 78 + 66);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 74);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 1 + 1);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 1);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) < session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == (TCP_SYN_RECVED | TCP_SYNACK_RECVED));
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    timestamp_update();
+    printf("\n===> Atfer ACK Packet <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    // update timestamp
+    usleep(1000);
+    timestamp_update();
+
+    /**************************************************************************
+     * c2s http req packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt4_c2s_http_req, sizeof(tcp_pkt4_c2s_http_req));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_ACTIVE);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 78 + 66 + 145);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 74);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 1 + 1 + 1);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 1);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) < session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == (TCP_SYN_RECVED | TCP_SYNACK_RECVED | TCP_C2S_PAYLOAD_RECVED));
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    timestamp_update();
+    printf("\n===> Atfer C2S HTTP Req Packet <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    // update timestamp
+    usleep(1000);
+    timestamp_update();
+
+    /**************************************************************************
+     * s2c ack packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt5_s2c_ack, sizeof(tcp_pkt5_s2c_ack));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_ACTIVE);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 78 + 66 + 145);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 74 + 66);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 1 + 1 + 1);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 1 + 1);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) < session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_S2C);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == (TCP_SYN_RECVED | TCP_SYNACK_RECVED | TCP_C2S_PAYLOAD_RECVED));
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    timestamp_update();
+    printf("\n===> Atfer S2C Ack Packet <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    // update timestamp
+    usleep(1000);
+    timestamp_update();
+
+    /**************************************************************************
+     * s2c http resp packet1
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt6_s2c_http_resq_1, sizeof(tcp_pkt6_s2c_http_resq_1));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_ACTIVE);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 78 + 66 + 145);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 74 + 66 + 1354);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 1 + 1 + 1);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 1 + 1 + 1);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) < session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_S2C);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == (TCP_SYN_RECVED | TCP_SYNACK_RECVED | TCP_C2S_PAYLOAD_RECVED | TCP_S2C_PAYLOAD_RECVED));
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    timestamp_update();
+    printf("\n===> Atfer S2C HTTP Resp Packet1 <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    // update timestamp
+    usleep(1000);
+    timestamp_update();
+
+    /**************************************************************************
+     * s2c http resp packet2
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt7_s2c_http_resp_2, sizeof(tcp_pkt7_s2c_http_resp_2));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_ACTIVE);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 78 + 66 + 145);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 74 + 66 + 1354 + 385);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 1 + 1 + 1);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 1 + 1 + 1 + 1);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) < session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_S2C);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == (TCP_SYN_RECVED | TCP_SYNACK_RECVED | TCP_C2S_PAYLOAD_RECVED | TCP_S2C_PAYLOAD_RECVED));
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    timestamp_update();
+    printf("\n===> Atfer S2C HTTP Resp Packet2 <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    // update timestamp
+    usleep(1000);
+    timestamp_update();
+
+    /**************************************************************************
+     * c2s ack packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt8_c2s_ack, sizeof(tcp_pkt8_c2s_ack));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_ACTIVE);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 78 + 66 + 145 + 66);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 74 + 66 + 1354 + 385);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 1 + 1 + 1 + 1);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 1 + 1 + 1 + 1);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) < session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == (TCP_SYN_RECVED | TCP_SYNACK_RECVED | TCP_C2S_PAYLOAD_RECVED | TCP_S2C_PAYLOAD_RECVED));
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    timestamp_update();
+    printf("\n===> Atfer C2S Ack Packet2 <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    // update timestamp
+    usleep(1000);
+    timestamp_update();
+
+    /**************************************************************************
+     * c2s fin packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt9_c2s_fin, sizeof(tcp_pkt9_c2s_fin));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_ACTIVE);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 78 + 66 + 145 + 66 + 66);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 74 + 66 + 1354 + 385);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 1 + 1 + 1 + 1 + 1);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 1 + 1 + 1 + 1);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) < session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == (TCP_SYN_RECVED | TCP_SYNACK_RECVED | TCP_C2S_PAYLOAD_RECVED | TCP_S2C_PAYLOAD_RECVED | TCP_C2S_FIN_RECVED));
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    timestamp_update();
+    printf("\n===> Atfer C2S FIN Packet <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    // update timestamp
+    usleep(1000);
+    timestamp_update();
+
+    /**************************************************************************
+     * s2c fin packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt10_s2c_fin, sizeof(tcp_pkt10_s2c_fin));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSING);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 78 + 66 + 145 + 66 + 66);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 74 + 66 + 1354 + 385 + 66);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 1 + 1 + 1 + 1 + 1);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 1 + 1 + 1 + 1 + 1);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) < session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_S2C);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == (TCP_SYN_RECVED | TCP_SYNACK_RECVED | TCP_C2S_PAYLOAD_RECVED | TCP_S2C_PAYLOAD_RECVED | TCP_C2S_FIN_RECVED | TCP_S2C_FIN_RECVED));
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    timestamp_update();
+    printf("\n===> Atfer C2S FIN Packet <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    // update timestamp
+    usleep(1000);
+    timestamp_update();
+
+    /**************************************************************************
+     * c2s ack packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)tcp_pkt11_c2s_ack, sizeof(tcp_pkt11_c2s_ack));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSING);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 78 + 66 + 145 + 66 + 66);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 74 + 66 + 1354 + 385 + 66);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 1 + 1 + 1 + 1 + 1);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 1 + 1 + 1 + 1 + 1);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) < session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == NULL);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_NONE);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, tcp_builtin_ex) == (TCP_SYN_RECVED | TCP_SYNACK_RECVED | TCP_C2S_PAYLOAD_RECVED | TCP_S2C_PAYLOAD_RECVED | TCP_C2S_FIN_RECVED | TCP_S2C_FIN_RECVED));
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 1);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    /**************************************************************************
+     * timeout
+     **************************************************************************/
+
+    printf("\n===> Atfer timeout <=== \n\n");
+    for (int i = 0; i < 4; i++)
+    {
+        timestamp_update();
+        session_manager_dispatch(mgr);
+        sleep(1);
+    }
+
+    // check sess mgr
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    // destory
+    session_manager_destroy(mgr);
+}
+#endif
+
+#if 1
+/*
+ * packet: udp c2s packet & udp s2c packet
+ *
+ * note: the udp c2s packet can trigger a change in session status from INIT to ACTIVE
+ *       trigger OPENING and ACTIVE event
+ * note: the udp s2c packet keep the session status in ACTIVE
+ *       trigger ACTIVE event
+ */
 TEST(SESSION_MANAGER, UDP_FULL_STREAM)
 {
+    char buffer[1024];
+    uint64_t max_session_num = 16;
+    struct packet pkt;
+    struct session *sess = NULL;
+    struct session_manager *mgr = NULL;
+
+    timestamp_update();
+    plugin_init();
+
+    mgr = session_manager_create(max_session_num);
+    EXPECT_TRUE(mgr != NULL);
+    session_manager_set_session_eventcb(mgr, plugin_dispatch, (void *)plugin_ctx);
+    session_manager_set_packet_timeout(mgr, 1000);
+    session_manager_set_closing_timeout(mgr, 2000);
+
+    /**************************************************************************
+     * UDP c2s packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)udp_pkt1_dns_req, sizeof(udp_pkt1_dns_req));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "192.168.38.105:61099 -> 121.14.154.93:53, proto: 17, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_ACTIVE);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_UDP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 74);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 0);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 1);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 0);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) == session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, udp_builtin_ex) == UDP_C2S_RECVED);
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 1);
+
+    timestamp_update();
+    printf("\n===> Atfer UDP c2s Packet <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    // update timestamp
+    usleep(1000);
+    timestamp_update();
+
+    /**************************************************************************
+     * UDP s2c packet
+     **************************************************************************/
+
+    packet_parse(&pkt, (const char *)udp_pkt2_dns_resp, sizeof(udp_pkt2_dns_resp));
+    sess = session_manager_find_session(mgr, &pkt);
+    EXPECT_TRUE(sess);
+
+    // check session info
+    EXPECT_TRUE(session_get_id(sess) == 0);
+    memset(buffer, 0, sizeof(buffer));
+    tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
+    EXPECT_STREQ(buffer, "192.168.38.105:61099 -> 121.14.154.93:53, proto: 17, zone: 0");
+    EXPECT_TRUE(session_get_tuple6_dir(sess) == SESSION_DIR_C2S);
+    EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_ACTIVE);
+    EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_UDP);
+    EXPECT_TRUE(session_get_c2s_bytes(sess) == 74);
+    EXPECT_TRUE(session_get_s2c_bytes(sess) == 550);
+    EXPECT_TRUE(session_get_c2s_packets(sess) == 1);
+    EXPECT_TRUE(session_get_s2c_packets(sess) == 1);
+    EXPECT_TRUE(session_get0_c2s_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get0_s2c_1st_md(sess) == NULL);
+    EXPECT_TRUE(session_get_create_time(sess) != 0);
+    EXPECT_TRUE(session_get_last_time(sess) != 0);
+    EXPECT_TRUE(session_get_create_time(sess) < session_get_last_time(sess));
+    EXPECT_TRUE(session_get0_cur_pkt(sess) == &pkt);
+    EXPECT_TRUE(session_get_cur_dir(sess) == SESSION_DIR_S2C);
+    EXPECT_TRUE((uint64_t)session_get0_ex_data(sess, udp_builtin_ex) == (UDP_C2S_RECVED | UDP_S2C_RECVED));
+
+    // check session manager info
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 1);
+
+    timestamp_update();
+    printf("\n===> Atfer UDP c2s Packet <=== \n\n");
+    session_manager_dispatch(mgr);
+
+    /**************************************************************************
+     * timeout
+     **************************************************************************/
+
+    for (int i = 0; i < 4; i++)
+    {
+        timestamp_update();
+        session_manager_dispatch(mgr);
+        sleep(1);
+    }
+
+    // check sess mgr
+    EXPECT_TRUE(session_manager_get_tcp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_tcp_active_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_opening_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_closing_sess_num(mgr) == 0);
+    EXPECT_TRUE(session_manager_get_udp_active_sess_num(mgr) == 0);
+
+    // destory
+    session_manager_destroy(mgr);
 }
+#endif
 
 // opening -> closing : self protect
 // opening -> closed
diff --git a/src/session/session.cpp b/src/session/session.cpp
index 248ef25..8cdfcc6 100644
--- a/src/session/session.cpp
+++ b/src/session/session.cpp
@@ -393,47 +393,42 @@ static void tcp_ex_data_tostring(uint64_t ex_data, char *buffer, size_t buffer_l
     int nused = 0;
     if (ex_data & TCP_SYN_RECVED)
     {
-        snprintf(buffer + nused, buffer_len - nused, "TCP_SYN_RECVED ");
+        nused += snprintf(buffer + nused, buffer_len - nused, "TCP_SYN_RECVED ");
     }
 
     if (ex_data & TCP_SYNACK_RECVED)
     {
-        snprintf(buffer + nused, buffer_len - nused, "TCP_SYNACK_RECVED ");
-    }
-
-    if (ex_data & TCP_ACK_RECVED)
-    {
-        snprintf(buffer + nused, buffer_len - nused, "TCP_ACK_RECVED ");
+        nused += snprintf(buffer + nused, buffer_len - nused, "TCP_SYNACK_RECVED ");
     }
 
     if (ex_data & TCP_C2S_PAYLOAD_RECVED)
     {
-        snprintf(buffer + nused, buffer_len - nused, "TCP_C2S_PAYLOAD_RECVED ");
+        nused += snprintf(buffer + nused, buffer_len - nused, "TCP_C2S_PAYLOAD_RECVED ");
     }
 
     if (ex_data & TCP_S2C_PAYLOAD_RECVED)
     {
-        snprintf(buffer + nused, buffer_len - nused, "TCP_S2C_PAYLOAD_RECVED ");
+        nused += snprintf(buffer + nused, buffer_len - nused, "TCP_S2C_PAYLOAD_RECVED ");
     }
 
     if (ex_data & TCP_C2S_FIN_RECVED)
     {
-        snprintf(buffer + nused, buffer_len - nused, "TCP_C2S_FIN_RECVED ");
+        nused += snprintf(buffer + nused, buffer_len - nused, "TCP_C2S_FIN_RECVED ");
     }
 
     if (ex_data & TCP_S2C_FIN_RECVED)
     {
-        snprintf(buffer + nused, buffer_len - nused, "TCP_S2C_FIN_RECVED ");
+        nused += snprintf(buffer + nused, buffer_len - nused, "TCP_S2C_FIN_RECVED ");
     }
 
     if (ex_data & TCP_C2S_RST_RECVED)
     {
-        snprintf(buffer + nused, buffer_len - nused, "TCP_C2S_RST_RECVED ");
+        nused += snprintf(buffer + nused, buffer_len - nused, "TCP_C2S_RST_RECVED ");
     }
 
     if (ex_data & TCP_S2C_RST_RECVED)
     {
-        snprintf(buffer + nused, buffer_len - nused, "TCP_S2C_RST_RECVED ");
+        nused += snprintf(buffer + nused, buffer_len - nused, "TCP_S2C_RST_RECVED ");
     }
 }
 
@@ -531,21 +526,21 @@ void session_dump(struct session *sess)
     char buffer[128] = {0};
     tuple6_tostring(session_get0_tuple6(sess), buffer, sizeof(buffer));
 
-    printf("session id               : %" PRIu64 "\n", session_get_id(sess));
-    printf("session tuple6           : %s\n", buffer);
-    printf("session tuple6 dir       : %s\n", session_dir_tostring(session_get_tuple6_dir(sess)));
-    printf("session state            : %s\n", session_state_tostring(session_get_state(sess)));
-    printf("session type             : %s\n", session_type_tostring(session_get_type(sess)));
-    printf("session c2s packets      : %" PRIu64 "\n", session_get_c2s_packets(sess));
-    printf("session c2s bytes        : %" PRIu64 "\n", session_get_c2s_bytes(sess));
-    printf("session s2c packets      : %" PRIu64 "\n", session_get_s2c_packets(sess));
-    printf("session s2c bytes        : %" PRIu64 "\n", session_get_s2c_bytes(sess));
-    printf("session c2s 1st metadata : %p\n", (void *)session_get0_c2s_1st_md(sess));
-    printf("session s2c 1st metadata : %p\n", (void *)session_get0_s2c_1st_md(sess));
-    printf("session create time      : %" PRIu64 "\n", session_get_create_time(sess));
-    printf("session last time        : %" PRIu64 "\n", session_get_last_time(sess));
-    printf("session current packet   : %p\n", (void *)session_get0_cur_pkt(sess));
-    printf("session current dir      : %s\n", session_dir_tostring(session_get_cur_dir(sess)));
+    printf("session id                 : %" PRIu64 "\n", session_get_id(sess));
+    printf("session tuple6 key         : %s\n", buffer);
+    printf("session tuple6 dir         : %s\n", session_dir_tostring(session_get_tuple6_dir(sess)));
+    printf("session state              : %s\n", session_state_tostring(session_get_state(sess)));
+    printf("session type               : %s\n", session_type_tostring(session_get_type(sess)));
+    printf("session c2s packets        : %" PRIu64 "\n", session_get_c2s_packets(sess));
+    printf("session c2s bytes          : %" PRIu64 "\n", session_get_c2s_bytes(sess));
+    printf("session s2c packets        : %" PRIu64 "\n", session_get_s2c_packets(sess));
+    printf("session s2c bytes          : %" PRIu64 "\n", session_get_s2c_bytes(sess));
+    printf("session c2s 1st metadata   : %p\n", (void *)session_get0_c2s_1st_md(sess));
+    printf("session s2c 1st metadata   : %p\n", (void *)session_get0_s2c_1st_md(sess));
+    printf("session create time        : %" PRIu64 "\n", session_get_create_time(sess));
+    printf("session last time          : %" PRIu64 "\n", session_get_last_time(sess));
+    printf("session current packet ptr : %p\n", (void *)session_get0_cur_pkt(sess));
+    printf("session current packet dir : %s\n", session_dir_tostring(session_get_cur_dir(sess)));
     printf("session ex data: \n");
     for (uint8_t i = 0; i < g_ex_manager.count; i++)
     {
diff --git a/src/session/session_manager.cpp b/src/session/session_manager.cpp
index 336c877..6baa2c7 100644
--- a/src/session/session_manager.cpp
+++ b/src/session/session_manager.cpp
@@ -296,11 +296,13 @@ static void update_tcp_ex_data(struct session *sess, const struct packet *pkt, e
      {
           if (curr_dir == SESSION_DIR_C2S)
           {
-               session_set_ex_data(sess, tcp_builtin_ex, (void *)(state & TCP_C2S_RST_RECVED));
+               state |= TCP_C2S_RST_RECVED;
+               session_set_ex_data(sess, tcp_builtin_ex, (void *)(state));
           }
           else
           {
-               session_set_ex_data(sess, tcp_builtin_ex, (void *)(state & TCP_S2C_RST_RECVED));
+               state |= TCP_S2C_RST_RECVED;
+               session_set_ex_data(sess, tcp_builtin_ex, (void *)(state));
           }
      }
 
@@ -308,11 +310,13 @@ static void update_tcp_ex_data(struct session *sess, const struct packet *pkt, e
      {
           if (curr_dir == SESSION_DIR_C2S)
           {
-               session_set_ex_data(sess, tcp_builtin_ex, (void *)(state & TCP_C2S_FIN_RECVED));
+               state |= TCP_C2S_FIN_RECVED;
+               session_set_ex_data(sess, tcp_builtin_ex, (void *)(state));
           }
           else
           {
-               session_set_ex_data(sess, tcp_builtin_ex, (void *)(state & TCP_S2C_FIN_RECVED));
+               state |= TCP_S2C_FIN_RECVED;
+               session_set_ex_data(sess, tcp_builtin_ex, (void *)(state));
           }
      }
 
@@ -320,28 +324,27 @@ static void update_tcp_ex_data(struct session *sess, const struct packet *pkt, e
      {
           if (packet_has_tcp_flag_ack(pkt))
           {
-               session_set_ex_data(sess, tcp_builtin_ex, (void *)(state | TCP_SYNACK_RECVED));
+               state |= TCP_SYNACK_RECVED;
+               session_set_ex_data(sess, tcp_builtin_ex, (void *)(state));
           }
           else
           {
-               session_set_ex_data(sess, tcp_builtin_ex, (void *)(state | TCP_SYN_RECVED));
+               state |= TCP_SYN_RECVED;
+               session_set_ex_data(sess, tcp_builtin_ex, (void *)(state));
           }
      }
 
-     if (packet_has_tcp_flag_ack(pkt) && curr_dir == SESSION_DIR_C2S)
-     {
-          session_set_ex_data(sess, tcp_builtin_ex, (void *)(state | TCP_ACK_RECVED));
-     }
-
      if (packet_get_tcp_pld_len(pkt) > 0)
      {
           if (curr_dir == SESSION_DIR_C2S)
           {
-               session_set_ex_data(sess, tcp_builtin_ex, (void *)(state | TCP_C2S_PAYLOAD_RECVED));
+               state |= TCP_C2S_PAYLOAD_RECVED;
+               session_set_ex_data(sess, tcp_builtin_ex, (void *)(state));
           }
           else
           {
-               session_set_ex_data(sess, tcp_builtin_ex, (void *)(state | TCP_S2C_PAYLOAD_RECVED));
+               state |= TCP_S2C_PAYLOAD_RECVED;
+               session_set_ex_data(sess, tcp_builtin_ex, (void *)(state));
           }
      }
 }
diff --git a/src/session/session_private.h b/src/session/session_private.h
index 5d565aa..73436b8 100644
--- a/src/session/session_private.h
+++ b/src/session/session_private.h
@@ -22,16 +22,15 @@ enum tcp_ex_data
     // HANDSHAKE
     TCP_SYN_RECVED = 1 << 0,
     TCP_SYNACK_RECVED = 1 << 1,
-    TCP_ACK_RECVED = 1 << 2,
     // ESTABLISHED
-    TCP_C2S_PAYLOAD_RECVED = 1 << 3,
-    TCP_S2C_PAYLOAD_RECVED = 1 << 4,
+    TCP_C2S_PAYLOAD_RECVED = 1 << 2,
+    TCP_S2C_PAYLOAD_RECVED = 1 << 3,
     // FIN
-    TCP_C2S_FIN_RECVED = 1 << 5,
-    TCP_S2C_FIN_RECVED = 1 << 6,
+    TCP_C2S_FIN_RECVED = 1 << 4,
+    TCP_S2C_FIN_RECVED = 1 << 5,
     // RST
-    TCP_C2S_RST_RECVED = 1 << 7,
-    TCP_S2C_RST_RECVED = 1 << 8,
+    TCP_C2S_RST_RECVED = 1 << 6,
+    TCP_S2C_RST_RECVED = 1 << 7,
 };
 
 enum udp_ex_data