diff --git a/conf/kni/kni.conf b/conf/kni/kni.conf
index 6d17b59..81ece45 100644
--- a/conf/kni/kni.conf
+++ b/conf/kni/kni.conf
@@ -74,4 +74,23 @@ print_mode = 1
 
 #self test Shunt rules security policy id
 [self_test]
-sec_policy_id = -1
\ No newline at end of file
+sec_policy_id = -1
+
+#kni dynamic bypass
+[traceid2sslinfo_htable]
+mho_screen_print_ctrl = 0
+mho_thread_safe = 1
+mho_mutex_num = 160
+mho_hash_slot_size = 80000
+mho_hash_max_element_num = 320000
+mho_expire_time = 300
+mho_eliminate_type = FIFO
+
+[sslinfo2bypass_htable]
+mho_screen_print_ctrl = 0
+mho_thread_safe = 1
+mho_mutex_num = 160
+mho_hash_slot_size = 640000
+mho_hash_max_element_num = 2560000
+mho_expire_time = 300
+mho_eliminate_type = FIFO
\ No newline at end of file
diff --git a/entry/src/kni_entry.cpp b/entry/src/kni_entry.cpp
index 5c64a6c..91fba32 100644
--- a/entry/src/kni_entry.cpp
+++ b/entry/src/kni_entry.cpp
@@ -1184,7 +1184,7 @@ static int first_data_ssl_dynamic_bypass(struct streaminfo *stream, struct pme_i
 	ssl_chello_free(chello);
 	if(sslinfo2bypass_htable_search(g_kni_handle->sslinfo2bypass_htable,ssl_feature->value, ssl_feature->vlen,pmeinfo) == 0)
 	{
-		KNI_LOG_DEBUG(logger, "Dynamic bypass: passthrough ok, stream traceid = %s", pmeinfo->stream_traceid);
+		KNI_LOG_DEBUG(logger, "Dynamic bypass: passthrough ok, stream traceid = %s,ssl_pinningst=%d", pmeinfo->stream_traceid, pmeinfo->ssl_pinningst);
 		ret = 0; 
 	}
 	else
@@ -1947,7 +1947,7 @@ static long traceid2sslinfo_htable_search_cb(void *data, const uchar *key, uint
 	{
 		value = ALLOC(uint64_t, 1);
 		*value = *p_ssl_pinningst;
-		if(sslinfo2bypass_htable_add(ssl_feature->value, ssl_feature->vlen, (void *)value, logger) >= 0)
+		if(sslinfo2bypass_htable_add(ssl_feature->value, ssl_feature->vlen, (void *)value, logger) < 0)
 		{
 			KNI_LOG_ERROR(logger, "Dynamic bypass, fail add to table = sslinfo2bypass_htable, key = %s, key_size = %d",
 						ssl_feature->value, ssl_feature->vlen);
@@ -1977,10 +1977,11 @@ static int traceid2sslinfo_htable_search(MESA_htable_handle htable,char *key, in
 	return cb_ret;
 }
 
-static int ssl_dynamic_bypass_htable_add(struct pme_info *pmeinfo,void *logger)
+static int ssl_dynamic_bypass_htable_add(struct pme_info *pmeinfo)
 {
+	void *logger = g_kni_handle->local_logger;
 	long cb_ret;
-	long ret = -1;
+	int ret = -1;
 	MESA_htable_handle traceid2sslinfo_htable = g_kni_handle->threads_handle[pmeinfo->thread_seq].traceid2sslinfo_htable;
 	if(pmeinfo->ssl_intercept_state == 0)
 	{
@@ -2020,7 +2021,7 @@ static long traceid2pme_htable_search_cb(void *data, const uchar *key, uint size
 		wrapped_kni_cmsg_get(pmeinfo, cmsg, TFE_CMSG_SSL_ERROR, sizeof(pmeinfo->ssl_error), logger);
 		KNI_LOG_DEBUG(logger, "recv cmsg from tfe, stream traceid = %s, stream addr = %s, stream ssl intercept state = %d", pmeinfo->stream_traceid, pmeinfo->stream_addr,pmeinfo->ssl_intercept_state);
 
-		ssl_dynamic_bypass_htable_add(pmeinfo,logger);
+		ssl_dynamic_bypass_htable_add(pmeinfo);
 
 		can_destroy = judge_stream_can_destroy(pmeinfo, CALLER_TFE);
 		if(can_destroy == 1){