diff --git a/bin/tsg_l7_protocol.conf b/bin/tsg_l7_protocol.conf
index dcc9431..08d168a 100644
--- a/bin/tsg_l7_protocol.conf
+++ b/bin/tsg_l7_protocol.conf
@@ -53,4 +53,5 @@ STRING	LDAP		100
 STRING	RTMP		337
 STRING	RTSP		176
 STRING	ESNI		8008
-STRING	Stratum		8169
\ No newline at end of file
+STRING	Stratum		8169
+STRING	ECH 		8173
\ No newline at end of file
diff --git a/inc/tsg_ssl_utils.h b/inc/tsg_ssl_utils.h
index 8d9637a..1d39b47 100644
--- a/inc/tsg_ssl_utils.h
+++ b/inc/tsg_ssl_utils.h
@@ -29,7 +29,7 @@ struct ssl_chello
 	char* alpn;
 	char* cipher_suites;
 	char* cipher_suites_tls13;
-    int is_encrypt_sni;
+	int is_encrypt_sni;
 	int is_encrypt_chello;
 };
 struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, enum chello_parse_result* result);
diff --git a/src/tsg_bridge.h b/src/tsg_bridge.h
index 7c460e2..bf017fd 100644
--- a/src/tsg_bridge.h
+++ b/src/tsg_bridge.h
@@ -77,12 +77,16 @@ struct hited_app_para
 
 struct session_runtime_process_context
 {
-	unsigned char is_esni;
-	unsigned char is_hitted_allow;
+	unsigned char is_esni:1;
+
+	unsigned char is_ech:1;
+	unsigned char is_hitted_allow:1;
+	unsigned char is_app_link:1;
+	unsigned char first_origin_pkt:1;
+	unsigned char padding_bit:3;
 	unsigned char deal_pkt_num;
-	unsigned char is_app_link;
 	unsigned char sync_cb_state;
-	unsigned char first_origin_pkt;
+	unsigned char padding[3];
 	unsigned short timeout;
 	enum TSG_PROTOCOL proto;
 	int matched_app_id;		// only app
@@ -220,5 +224,3 @@ char *srt_action_context_get_l4_protocol(const struct session_runtime_action_con
 const struct session_runtime_process_context *session_runtime_process_context_new(const struct streaminfo * a_stream);
 
 void session_runtime_process_context_free(const struct streaminfo *a_stream);
-
-
diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp
index 57d09cb..37bd5e8 100644
--- a/src/tsg_entry.cpp
+++ b/src/tsg_entry.cpp
@@ -1420,7 +1420,16 @@ int session_l7_protocol_identify(const struct streaminfo *a_stream, struct sessi
 						srt_process_context->ssl_sni=malloc_copy_string(chello->sni, strlen(chello->sni), a_stream->threadnum);
 					}
 
-					srt_process_context->is_esni=(int)chello->is_encrypt_sni;
+					if(chello->is_encrypt_sni==1)
+					{
+						srt_process_context->is_esni=1;
+					}
+					
+
+					if(chello->is_encrypt_chello==1)
+					{
+						srt_process_context->is_ech=1;
+					}
 					
 					ssl_chello_free(chello);
 					return 1;
@@ -2025,6 +2034,12 @@ size_t session_pending_state_deal(const struct streaminfo *a_stream, struct sess
 			unsigned int protocol_id=tsg_l7_protocol_name2id("ESNI", 4);
 			matched_cnt+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, protocol_id, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
 		}
+		
+		if(srt_process_context->is_ech)
+		{
+			unsigned int protocol_id=tsg_l7_protocol_name2id("ECH", 3);
+			matched_cnt+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, protocol_id, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
+		}
 
 		if(srt_process_context->proto==PROTO_HTTP && srt_process_context->http_url!=NULL)
 		{