diff --git a/ansible/install_config/group_vars/rpm_version.yml b/ansible/install_config/group_vars/rpm_version.yml
index d8dafcd0..057c0582 100644
--- a/ansible/install_config/group_vars/rpm_version.yml
+++ b/ansible/install_config/group_vars/rpm_version.yml
@@ -51,8 +51,8 @@ mrzcpd_rpm_version:
   mrzcpd: mrzcpd-4.4.8.566081c
 
 sapp_rpm_version:
-  sapp: sapp-4.2.49.1c4b0a6
-  tcpdump_mesa: tcpdump_mesa-1.0.6.faa4eba
+  sapp: sapp-4.2.50.dbc910b
+  tcpdump_mesa: tcpdump_mesa-1.0.8.da3eeea
 
 tfe_rpm_version:
   tfe: tfe-4.5.13.acc67e3
@@ -70,8 +70,8 @@ http_healthcheck_rpm_version:
   http_healthcheck: http_healthcheck-21.06.01.d0685bb
 
 wannat_wangw_rpm_version:
-  libwangw: libwangw-1.3.4.893165a
+  libwangw: libwangw-1.3.5.5e6c78d
 
 wire_graft_rpm_version:  
-  wire_graft: wire_graft_plug-1.3.5.9de921b
-  libwire_graft: libwire_graft-1.3.5.9de921b
+  wire_graft: wire_graft_plug-1.3.6.2832a3c
+  libwire_graft: libwire_graft-1.3.6.2832a3c
diff --git a/ansible/roles/sapp/templates/sapp.toml.j2.j2 b/ansible/roles/sapp/templates/sapp.toml.j2.j2
index 87355789..a1aee5df 100644
--- a/ansible/roles/sapp/templates/sapp.toml.j2.j2
+++ b/ansible/roles/sapp/templates/sapp.toml.j2.j2
@@ -75,12 +75,31 @@ dictator_enable=1
 ### note, polling_priority = call sapp_recv_pkt every call polling_entry times,     
     polling_priority=1
 
+    [packet_io.under_ddos]
+### note, to reduce impact of ddos attack,set some stream bypass, all plugins will not process these streams   
+{% raw %}stream_bypass_enabled={{ sapp_stream_bypass_under_ddos.enable }}
+{% endraw %}
+	
+### note, cpu usage value is percent, for example, config value is 85, means 85%, valid range: [1,100]    
+### sapp change to bypass state immediately when realtime cpu usage > bypass_trigger_cpu_usage
+    bypass_trigger_cpu_usage=90    
+### note, unit of get_cpu_usage_interval is milliseconds(ms)     
+    get_cpu_usage_interval=500
+### note, use the average of the last $smooth_avg_window times as current realtime value 
+    smooth_avg_window=2
+
+    decrease_ratio="0.95"
+    increase_ratio="1.005"
+### note, unit of bypass_observe_time is second(s)     
+    recovery_observe_time=30
+	
 [PROTOCOL_FEATURE]
     ipv6_decapsulation_enabled=1
     ipv6_send_packet_enabled=1
     tcp_drop_pure_ack_pkt=0
     tcp_syn_option_parse_enabled=1 
     skip_not_ip_layer_over_eth=0
+	skip_gtp_seq_field_for_inject=1
 
 [DUPLICATE_PKT]
 [dup_pkt.traffic.original]
diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01 b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01
index ea4db871..57bafeb0 100644
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01
@@ -21,6 +21,9 @@ wannat:
 ddossketch:
   enable: 0/1
 
+sapp_stream_bypass_under_ddos
+  enable: 0/1  
+
 app:
   identify_by:
     user_defined_signature: 0/1
diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01 b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01
index d486a62b..c3d57496 100644
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01
@@ -17,6 +17,9 @@ wannat:
 
 ddossketch:
   enable: 0/1
+ 
+sapp_stream_bypass_under_ddos
+  enable: 0/1   
 
 data_center:
   name: City instance