diff --git a/src/zfw_tc_ingress.c b/src/zfw_tc_ingress.c
index 0bd6013..4f97599 100644
--- a/src/zfw_tc_ingress.c
+++ b/src/zfw_tc_ingress.c
@@ -734,8 +734,28 @@ int bpf_sk_splice(struct __sk_buff *skb){
                     }
                     return TC_ACT_SHOT;
                 }
-                bpf_printk("fragment needed srcip=%x, destip=%x", inner_iph->saddr, inner_iph->daddr);
-                return TC_ACT_OK;
+                if(inner_iph->protocol == tcp){
+                    struct bpf_sock_tuple *o_session = (struct bpf_sock_tuple *)&inner_iph->saddr; 
+                    if ((unsigned long)(o_session + 1) > (unsigned long)skb->data_end){
+                        event.error_code = IP_TUPLE_TOO_BIG;
+                        send_event(&event);
+                        return TC_ACT_SHOT;
+                    }
+                    sk = bpf_skc_lookup_tcp(skb, o_session, sizeof(*o_session),BPF_F_CURRENT_NETNS, 0);
+                    if(sk){
+                        if (sk->state != BPF_TCP_LISTEN){
+                            bpf_printk("fragmentation needed srcip=%x, destip=%x, dport=%d", inner_iph->saddr, inner_iph->daddr, bpf_ntohs(o_session->ipv4.dport));
+                            /*if(local_diag->verbose){
+                            
+                                send_event(&event);
+                            }*/
+                            bpf_sk_release(sk);
+                            return TC_ACT_OK;
+                        }
+                        bpf_sk_release(sk);
+                    }
+                }
+                return TC_ACT_SHOT;
             }
             else{
                 return TC_ACT_SHOT;