diff --git a/common/include/kni_cmsg.h b/common/include/kni_cmsg.h
index 29527a4..3716f72 100644
--- a/common/include/kni_cmsg.h
+++ b/common/include/kni_cmsg.h
@@ -28,6 +28,7 @@ enum tfe_cmsg_tlv_type
     TFE_CMSG_TCP_RESTORE_PROTOCOL = 0xa,
     TFE_CMSG_TCP_RESTORE_WINDOW_CLIENT = 0xb,
     TFE_CMSG_TCP_RESTORE_WINDOW_SERVER = 0xc,
+    TFE_CMSG_TCP_RESTORE_INFO_PACKET_CUR_DIR = 0xd, 
 
     TFE_CMSG_POLICY_ID = 0x10,
     TFE_CMSG_STREAM_TRACE_ID = 0x11,
diff --git a/entry/include/tsg/tsg_rule.h b/entry/include/tsg/tsg_rule.h
index 37a6cbf..1b9192a 100644
--- a/entry/include/tsg/tsg_rule.h
+++ b/entry/include/tsg/tsg_rule.h
@@ -37,6 +37,7 @@ typedef enum _tsg_protocol
    PROTO_SIP,
    PROTO_BGP,
    PROTO_STREAMING_MEDIA,
+   PROTO_SSH,
    PROTO_MAX
 }tsg_protocol_t;
 
diff --git a/entry/include/tsg_rule.h b/entry/include/tsg_rule.h
index 37a6cbf..1b9192a 100644
--- a/entry/include/tsg_rule.h
+++ b/entry/include/tsg_rule.h
@@ -37,6 +37,7 @@ typedef enum _tsg_protocol
    PROTO_SIP,
    PROTO_BGP,
    PROTO_STREAMING_MEDIA,
+   PROTO_SSH,
    PROTO_MAX
 }tsg_protocol_t;
 
diff --git a/entry/src/kni_entry.cpp b/entry/src/kni_entry.cpp
index 8d13b48..a639a32 100644
--- a/entry/src/kni_entry.cpp
+++ b/entry/src/kni_entry.cpp
@@ -402,7 +402,8 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
 	void *logger = g_kni_handle->local_logger;
 	uint16_t bufflen = 0, serialize_len = 0;
 	unsigned char *buff = NULL;
-	uint8_t protocol_type = pmeinfo->protocol == PROTO_SSL ? 0x1 : 0x0;
+	//uint8_t protocol_type = pmeinfo->protocol == PROTO_SSL ? 0x1 : 0x0;
+	uint8_t protocol_type = 0x0;	
 	struct kni_cmsg *cmsg = kni_cmsg_init();
 	char *trace_id = NULL;
 	uint32_t seq = pktinfo->tcphdr->seq;
@@ -411,9 +412,31 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
 	uint16_t server_mss = htons(pmeinfo->server_tcpopt.mss);
 	uint16_t client_window = htons(pmeinfo->client_window);
 	uint16_t server_window = htons(pmeinfo->server_window);
+	unsigned char stream_curdir = stream->curdir;	
+	if(stream_curdir == DIR_S2C)
+	{
+		seq = pktinfo->tcphdr->ack_seq;
+		ack = pktinfo->tcphdr->seq;
+	}
+
 	char src_mac[6] = {0};
 	char dst_mac[6] = {0};
 	int policy_id;
+	
+	switch(pmeinfo->protocol)
+	{
+		case PROTO_SSL:
+		     protocol_type = 0x1;
+		     break;
+		
+		case PROTO_SSH:
+		     protocol_type = 0x2;
+		     break;
+		
+		default:
+		     protocol_type = 0x0;
+
+	}
 	//seq
 	int ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_SEQ, (const unsigned char*)&seq, 4, pmeinfo);
 	if(ret < 0) goto error_out;
@@ -456,6 +479,9 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
 	//server window
 	ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_WINDOW_SERVER, (const unsigned char*)&server_window, 2, pmeinfo);
 	if(ret < 0) goto error_out;
+	//current packet direction
+	ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_INFO_PACKET_CUR_DIR, (const unsigned char*)&stream_curdir, 1, pmeinfo);
+	if(ret < 0) goto error_out;
 	//maat policy id 
 	policy_id = pmeinfo->policy_id;
 	ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_POLICY_ID, (const unsigned char*)&policy_id, sizeof(policy_id), pmeinfo);
@@ -998,6 +1024,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
 	if(pmeinfo->protocol == PROTO_HTTP){
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_HTTP_STM], 0, FS_OP_ADD, 1);
 	}
+
 	//dup_traffic_stm
 	if(pmeinfo->has_dup_traffic == 1){
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DUP_TFC_STM], 0, FS_OP_ADD, 1);