diff --git a/common/include/kni_utils.h b/common/include/kni_utils.h
index a78523a..ef0c6d4 100644
--- a/common/include/kni_utils.h
+++ b/common/include/kni_utils.h
@@ -92,6 +92,7 @@ enum kni_field{
 	KNI_FIELD_NULL_PKT,
 	KNI_FIELD_STATE_UNKNOWN,
 	KNI_FIELD_DUP_TFC_STM,
+	KNI_FIELD_DUP_TFC_BYTE,
 	KNI_FIELD_IPV4_STM,
 	KNI_FIELD_IPV6_STM,
 	KNI_FIELD_SSL_STM,
diff --git a/entry/src/kni_entry.cpp b/entry/src/kni_entry.cpp
index a78fe5b..58c0c82 100644
--- a/entry/src/kni_entry.cpp
+++ b/entry/src/kni_entry.cpp
@@ -286,12 +286,6 @@ static void pme_info_destroy(void *data){
 }
 
 static struct pme_info* pme_info_new(const struct streaminfo *stream, int thread_seq){
-	if(stream->addr.addrtype == ADDR_TYPE_IPV6){
-		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6_STM], 0, FS_OP_ADD, 1);
-	}
-	else{
-		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV4_STM], 0, FS_OP_ADD, 1);
-	}	
 	void *logger = g_kni_handle->local_logger;
 	struct pme_info* pmeinfo = ALLOC(struct pme_info, 1);
 	pmeinfo->addr_type = (enum addr_type_t)stream->addr.addrtype;
@@ -1054,6 +1048,7 @@ static int dabloom_search(struct pkt_info *pktinfo, int thread_seq){
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_SEARCH_SUCC], 0, FS_OP_ADD, 1);
 		if(ret == 1){
 			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_HIT], 0, FS_OP_ADD, 1);
+			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DUP_TFC_BYTE], 0, FS_OP_ADD, pktinfo->ip_totlen);
 		}
 		else{
 			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_MISS], 0, FS_OP_ADD, 1);
@@ -1231,6 +1226,7 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
 		}
 		if(pmeinfo->has_dup_traffic == 1){
 			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DUP_TFC_STM], 0, FS_OP_ADD, 1);
+			KNI_LOG_DEBUG(logger, "stream has dup traffic, traceid = %s", pmeinfo->stream_traceid);
 			if(g_kni_handle->dup_traffic_action == KNI_ACTION_BYPASS){
 				pmeinfo->action = KNI_ACTION_BYPASS;
 				pmeinfo->intercept_state=0;
@@ -1249,6 +1245,12 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
 			stream_addr, protocol_identify_res.domain, pmeinfo->policy_id, pmeinfo->action, action_str, pmeinfo->maat_hit, pmeinfo->stream_traceid);
 	FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_READY_STM], 0, FS_OP_ADD, 1);
 	FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_READY_BYTE], 0, FS_OP_ADD, pktinfo.ip_totlen);
+	if(stream->addr.addrtype == ADDR_TYPE_IPV6){
+		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6_STM], 0, FS_OP_ADD, 1);
+	}
+	else{
+		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV4_STM], 0, FS_OP_ADD, 1);
+	}	
 	switch(pmeinfo->action){
 		case KNI_ACTION_BYPASS:
 			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM_POLICY], 0, FS_OP_ADD, 1);
@@ -1317,9 +1319,16 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_NULL_PKT], 0, FS_OP_ADD, 1);
 		return APP_STATE_FAWPKT | APP_STATE_GIVEME;
 	}
-
+	int tfe_id = -1;
 	switch(stream->pktstate){
 		case OP_STATE_PENDING:
+			tfe_id = tfe_mgr_alive_node_get(g_kni_handle->_tfe_mgr, thread_seq);
+			if(tfe_id < 0){
+				KNI_LOG_ERROR(logger, "No alive tfe available, bypass and dropme");
+				FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1);
+				FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM_NO_TFE], 0, FS_OP_ADD, 1);
+				return APP_STATE_FAWPKT | APP_STATE_DROPME;
+			}
 			*pme = pmeinfo = pme_info_new(stream, thread_seq);
 			if(pmeinfo == NULL){
 				KNI_LOG_ERROR(logger, "Failed at new pmeinfo, bypass and dropme");
@@ -1327,16 +1336,8 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre
 				FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM_PME_NEW_FAIL], 0, FS_OP_ADD, 1);
 				return APP_STATE_FAWPKT | APP_STATE_DROPME;
 			}
+			pmeinfo->tfe_id = tfe_id;
 			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_PME_NEW_SUCC], 0, FS_OP_ADD, 1);
-			pmeinfo->tfe_id = tfe_mgr_alive_node_get(g_kni_handle->_tfe_mgr, thread_seq);
-			//printf("tfe_id = %d\n", pmeinfo->tfe_id);
-			if(pmeinfo->tfe_id < 0){
-				KNI_LOG_ERROR(logger, "No alive tfe available, bypass and dropme");
-				FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1);
-				FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM_NO_TFE], 0, FS_OP_ADD, 1);
-				pme_info_destroy(pmeinfo);
-				return APP_STATE_FAWPKT | APP_STATE_DROPME;
-			}
 			ret = pending_opstate(stream, pmeinfo, a_packet, thread_seq);
 			if(pmeinfo->error < 0){
 				goto error_out;
@@ -1861,7 +1862,8 @@ static struct kni_field_stat_handle * fs_init(const char *profile){
 	//others
 	fs_handle->fields[KNI_FIELD_NULL_PKT] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "null_pkt");
 	fs_handle->fields[KNI_FIELD_STATE_UNKNOWN] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "state_unknow");
-	fs_handle->fields[KNI_FIELD_DUP_TFC_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "dup_stm");
+	fs_handle->fields[KNI_FIELD_DUP_TFC_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "dup_tfc_stm");
+	fs_handle->fields[KNI_FIELD_DUP_TFC_BYTE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "dup_tfc_B");
 	fs_handle->fields[KNI_FIELD_IPV4_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "ipv4_stm");
 	fs_handle->fields[KNI_FIELD_IPV6_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "ipv6_stm");
 	fs_handle->fields[KNI_FIELD_SSL_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "ssl_stm");