diff --git a/apps/sdlan/src/quic/sdlan_quic_channel.erl b/apps/sdlan/src/quic/sdlan_quic_channel.erl
index 68d5dda..bad5a8d 100644
--- a/apps/sdlan/src/quic/sdlan_quic_channel.erl
+++ b/apps/sdlan/src/quic/sdlan_quic_channel.erl
@@ -250,6 +250,8 @@ handle_event(internal, {frame, <<?PACKET_POLICY_REQUEST, Body/binary>>}, registe
         #sdl_policy_request{src_identity_id = SrcIdentityId, dst_identity_id = DstIdentityId, version = Version} ?= PolicyRequest,
 
         {ok, Rules} = get_rules(SrcIdentityId, DstIdentityId),
+        logger:debug("[sdlan_channel] policy_request src_identity_id: ~p, dst_identity_id: ~p, rules: ~p", [SrcIdentityId, DstIdentityId, Rules]),
+
         RuleBin = iolist_to_binary(lists:map(fun({Proto, Port}) -> <<Proto:8, Port:16>> end, Rules)),
         PolicyResponsePkt = sdlan_pb:encode_msg(#sdl_policy_response {
             src_identity_id = SrcIdentityId,
diff --git a/message.proto b/message.proto
index df6ba9b..0d2637c 100644
--- a/message.proto
+++ b/message.proto
@@ -106,7 +106,7 @@ message SDLPolicyResponse {
     uint32 dst_identity_id = 3;
     // 版本号，客户端需要比较版本号确定是否覆盖; 请求端自己去管理版本号，服务端只是原样回写
     uint32 version = 4;
-    // 4+1+2 的稀疏序列化规则
+    // 1 + 2稀疏序列化规则, 按照: <<Proto:8, Port:16>> 这个格式序列号所有的规则信息; 下发的数据默认都是allow，deny规则的服务器端已经屏蔽
     bytes rules = 5;
 }