diff --git a/src/tsg_action.cpp b/src/tsg_action.cpp
index fdfb13c..69f2a25 100644
--- a/src/tsg_action.cpp
+++ b/src/tsg_action.cpp
@@ -734,11 +734,11 @@ static unsigned char do_action_tamper(const struct streaminfo *a_stream, Maat_ru
     {
         _context=(struct tcpall_context *)dictator_malloc(a_stream->threadnum, sizeof(struct tcpall_context));
         memset(_context, 0, sizeof(struct tcpall_context));
-        _context->method_type=TSG_METHOD_TYPE_TAMPER;
-
         set_struct_project(a_stream, g_tsg_para.tcpall_project_id, (void *)_context);
+        _context->method_type=TSG_METHOD_TYPE_TAMPER;
+        _context->tamper_count = 1;
     }else{
-        if(_context->method_type == TSG_METHOD_TYPE_UNKNOWN)
+        if(_context->method_type != TSG_METHOD_TYPE_TAMPER)
         {
             _context->method_type=TSG_METHOD_TYPE_TAMPER;
         }
diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp
index 8248f37..8ee8a86 100644
--- a/src/tsg_entry.cpp
+++ b/src/tsg_entry.cpp
@@ -1738,6 +1738,7 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
 				break;
             case    TSG_METHOD_TYPE_TAMPER:
                 ret = send_tamper_xxx(a_stream, a_packet);
+                context->tamper_count += 1; 
                 if(ret==STATE_DROPPKT){
                     state|=APP_STATE_GIVEME|APP_STATE_DROPPKT;
                 }else{
diff --git a/src/tsg_entry.h b/src/tsg_entry.h
index 3706071..5de9da3 100644
--- a/src/tsg_entry.h
+++ b/src/tsg_entry.h
@@ -206,6 +206,7 @@ struct tcpall_context
 	{
 		struct mirrored_vlan *vlan;
 		struct leaky_bucket *bucket;
+        long tamper_count;
 		void *para;
 	};
 };
diff --git a/src/tsg_icmp.cpp b/src/tsg_icmp.cpp
index bcc9cb2..70d610e 100644
--- a/src/tsg_icmp.cpp
+++ b/src/tsg_icmp.cpp
@@ -213,21 +213,15 @@ static void format_icmp(const char *raw_pkt, char *icmp_buf, int *icmp_len, int
 
 unsigned char send_icmp_unreachable(const struct streaminfo *a_stream, const void *raw_pkt)
 {
-    char icmp_buf[ICMP_MAX_LEN]; 
-    unsigned char raw_route_dir = 0;
+    char icmp_buf[ICMP_MAX_LEN] = {0}; 
     int  icmp_len = 0;
 
-    if(a_stream == NULL){
-	    return STATE_DROPPKT;
-    }
-
-    if((a_stream->curdir==DIR_S2C)||(raw_pkt==NULL)){
+    if((a_stream==NULL)||(raw_pkt==NULL)){
         return STATE_DROPPKT;
-    }
+    }                                                                                                                        
 
     format_icmp((char *)raw_pkt, icmp_buf, &icmp_len, a_stream->addr.addrtype);
-    raw_route_dir = (a_stream->curdir==DIR_C2S) ? MESA_dir_reverse(a_stream->routedir) : a_stream->routedir;
-
-    return tsg_send_inject_packet(a_stream, SIO_EXCLUDE_THIS_LAYER_HDR, icmp_buf, icmp_len, raw_route_dir); 
+    tsg_send_inject_packet(a_stream, SIO_EXCLUDE_THIS_LAYER_HDR, icmp_buf, icmp_len, MESA_dir_reverse(a_stream->routedir)); 
+    return STATE_DROPPKT;
 }
 
diff --git a/src/tsg_tamper.cpp b/src/tsg_tamper.cpp
index 83274cf..8f09bae 100644
--- a/src/tsg_tamper.cpp
+++ b/src/tsg_tamper.cpp
@@ -32,28 +32,17 @@
 #define IPV6_UDP_PALYLOAD_START_INDEX 48  //ipv6_len(40) + udp_len(8)
 #define IPV6_IP_PAYLOAD_INDEX  4         //ipv6_payload_index(4)
 
-
-int tamper_calc(const struct streaminfo *a_stream, char *str, int endlen)
+int tamper_calc(char *str, int endlen)
 {
     int i = 0;
     int j = 0;
     char temp;
-    int startlen = 0;
-    int data_len = a_stream->ptcpdetail->datalen;   //tcp和udp结构体内容一样，取tcp的datalen即可
 
-
-    //判断是否需要偏移一个字节
-    if(data_len%2!=0){
-         startlen = 1;     
-    }
-
-    //最小交换paythod的第2个字节和第四个字节，否则不处理
-    if ((endlen - startlen) < 4){
+    if(endlen<4){    //最少满足2个16bit的长度，即最小4字节。
         return 0;
     }
 
-    //start_len+1 : 因为计算校验和是16bit为单位，这里调换16bit的低8bit。
-    for(i=startlen+1; i<endlen; i=i+2){
+    for(i=1; i<endlen; i=i+2){
         for (j=i+2; j<endlen; j=j+2){
             if(str[i] != str[j]){
                 temp = str[i];
@@ -79,18 +68,20 @@ unsigned char send_tamper_xxx(const struct streaminfo *a_stream, const void *raw
 
     p_trans_payload = (char *)a_stream->ptcpdetail->pdata;
     trans_layload_len = a_stream->ptcpdetail->datalen;
-    if((p_trans_payload==NULL)||(trans_layload_len<=0)){
+    if((p_trans_payload==NULL)||(trans_layload_len<=4)){
         return STATE_GIVEME;   
     }
 
     memcpy(tamper_buf, p_trans_payload, trans_layload_len);
-    ret = tamper_calc(a_stream, tamper_buf, trans_layload_len);
-    MESA_handle_runtime_log(g_tsg_para.logger,
-            RLOG_LV_DEBUG,
-            __FUNCTION__,
-            "Modify the index position of the payload: %d",
-            ret);
+    ret = tamper_calc(tamper_buf, trans_layload_len);
     if(ret > 0){
+        MESA_handle_runtime_log(g_tsg_para.logger,
+                            RLOG_LV_DEBUG,
+                            __FUNCTION__,
+                            "Modify the index(%d) position of the payload:(old: %x %x %x %x, new: %x %x %x %x)",
+                            ret,
+                            p_trans_payload[ret-1],p_trans_payload[ret],p_trans_payload[ret+1], p_trans_payload[ret+2],
+                            tamper_buf[ret-1], tamper_buf[ret], tamper_buf[ret+1], tamper_buf[ret+2]);
         ret=tsg_send_inject_packet(a_stream, SIO_DEFAULT, tamper_buf, trans_layload_len, a_stream->routedir); 
         if(ret == 0){
             return STATE_DROPPKT;