diff --git a/gold/link/crypto_test.go b/gold/link/crypto_test.go
new file mode 100644
index 0000000..2fbc4b3
--- /dev/null
+++ b/gold/link/crypto_test.go
@@ -0,0 +1,24 @@
+package link
+
+import (
+	"bytes"
+	"crypto/rand"
+	"testing"
+)
+
+func TestXOR(t *testing.T) {
+	m := Me{
+		mask: 0x12345678_90abcdef,
+	}
+	buf := make([]byte, 65535)
+	for i := 1; i < 65536; i++ {
+		data := buf[:i]
+		_, err := rand.Read(data)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !bytes.Equal(m.xor(m.xor(data)), data) {
+			t.Fatal("unexpected xor at ", i)
+		}
+	}
+}
diff --git a/gold/link/listen.go b/gold/link/listen.go
index 5020382..646c860 100644
--- a/gold/link/listen.go
+++ b/gold/link/listen.go
@@ -7,6 +7,8 @@ import (
 	"runtime"
 	"strconv"
 	"sync"
+	"sync/atomic"
+	"unsafe"
 
 	"github.com/klauspost/compress/zstd"
 	"github.com/sirupsen/logrus"
@@ -20,6 +22,7 @@ func (m *Me) listen() (conn *net.UDPConn, err error) {
 	if err != nil {
 		return
 	}
+	logrus.Infoln("[listen] at", m.myend)
 	var mu sync.Mutex
 	for i := 0; i < runtime.NumCPU()*4; i++ {
 		go m.listenthread(conn, &mu)
@@ -52,7 +55,6 @@ func (m *Me) listenthread(conn *net.UDPConn, mu *sync.Mutex) {
 		}
 		p, ok := m.IsInPeer(packet.Src.String())
 		logrus.Debugln("[listen] recv from endpoint", addr, "src", packet.Src, "dst", packet.Dst)
-		// logrus.Debugln("[listen] recv:", hex.EncodeToString(lbf))
 		if !ok {
 			logrus.Warnln("[listen] packet from", packet.Src, "to", packet.Dst, "is refused")
 			packet.Put()
@@ -60,7 +62,7 @@ func (m *Me) listenthread(conn *net.UDPConn, mu *sync.Mutex) {
 		}
 		if p.endpoint == nil || p.endpoint.String() != addr.String() {
 			logrus.Infoln("[listen] set endpoint of peer", p.peerip, "to", addr.String())
-			p.endpoint = addr
+			atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(&p.endpoint)), unsafe.Pointer(addr))
 		}
 		switch {
 		case p.IsToMe(packet.Dst):
diff --git a/gold/link/recv.go b/gold/link/recv.go
index c459b8c..c889720 100644
--- a/gold/link/recv.go
+++ b/gold/link/recv.go
@@ -18,7 +18,15 @@ func (m *Me) wait(data []byte) *head.Packet {
 	if len(data) < 60 { // not a valid packet
 		return nil
 	}
+	bound := 256
+	endl := "..."
+	if len(data) < bound {
+		bound = len(data)
+		endl = "."
+	}
+	logrus.Debugln("[recv] data bytes", hex.EncodeToString(data[:bound]), endl)
 	data = m.xor(data)
+	logrus.Debugln("[recv] data xored", hex.EncodeToString(data[:bound]), endl)
 	flags := binary.LittleEndian.Uint16(data[10:12])
 	if flags&0x8000 == 0x8000 { // not a valid packet
 		return nil
diff --git a/gold/link/send.go b/gold/link/send.go
index 5bfd922..07e192d 100644
--- a/gold/link/send.go
+++ b/gold/link/send.go
@@ -2,6 +2,7 @@ package link
 
 import (
 	"bytes"
+	"encoding/hex"
 	"errors"
 	"fmt"
 	"io"
@@ -98,8 +99,17 @@ func (l *Link) write(p *head.Packet, teatype uint8, additional, mtu uint16, data
 		if peerep == nil {
 			return 0, errors.New("[send] nil endpoint of " + p.Dst.String())
 		}
+		bound := 256
+		endl := "..."
+		if len(d) < bound {
+			bound = len(d)
+			endl = "."
+		}
 		logrus.Debugln("[send] write", len(d), "bytes data from ep", l.me.myep.LocalAddr(), "to", peerep, "offset:", fmt.Sprintf("%04x", offset))
-		n, err = l.me.myep.WriteToUDP(l.me.xor(d), peerep)
+		logrus.Debugln("[send] data bytes", hex.EncodeToString(d[:bound]), endl)
+		d = l.me.xor(d)
+		n, err = l.me.myep.WriteToUDP(d, peerep)
+		logrus.Debugln("[send] data xored", hex.EncodeToString(d[:bound]), endl)
 		cl()
 	}
 	return
diff --git a/upper/services/tunnel/tunnel_test.go b/upper/services/tunnel/tunnel_test.go
index 1923f69..44bea4b 100644
--- a/upper/services/tunnel/tunnel_test.go
+++ b/upper/services/tunnel/tunnel_test.go
@@ -5,6 +5,7 @@ import (
 	"encoding/hex"
 	"io"
 	"testing"
+	"time"
 
 	curve "github.com/fumiama/go-x25519"
 	"github.com/sirupsen/logrus"
@@ -30,7 +31,7 @@ func TestTunnel(t *testing.T) {
 
 	m := link.NewMe(&link.MyConfig{
 		MyIPwithMask: "192.168.1.2/32",
-		MyEndpoint:   "127.0.0.1:1236",
+		MyEndpoint:   "127.0.0.1:21236",
 		PrivateKey:   selfpk.Private(),
 		SrcPort:      1,
 		DstPort:      1,
@@ -38,14 +39,14 @@ func TestTunnel(t *testing.T) {
 	})
 	m.AddPeer(&link.PeerConfig{
 		PeerIP:     "192.168.1.3",
-		EndPoint:   "127.0.0.1:1237",
+		EndPoint:   "127.0.0.1:21237",
 		AllowedIPs: []string{"192.168.1.3/32"},
 		PubicKey:   peerpk.Public(),
 		MTU:        4096,
 	})
 	p := link.NewMe(&link.MyConfig{
 		MyIPwithMask: "192.168.1.3/32",
-		MyEndpoint:   "127.0.0.1:1237",
+		MyEndpoint:   "127.0.0.1:21237",
 		PrivateKey:   peerpk.Private(),
 		SrcPort:      1,
 		DstPort:      1,
@@ -53,7 +54,7 @@ func TestTunnel(t *testing.T) {
 	})
 	p.AddPeer(&link.PeerConfig{
 		PeerIP:     "192.168.1.2",
-		EndPoint:   "127.0.0.1:1236",
+		EndPoint:   "127.0.0.1:21236",
 		AllowedIPs: []string{"192.168.1.2/32"},
 		PubicKey:   selfpk.Public(),
 		MTU:        4096,
@@ -69,6 +70,8 @@ func TestTunnel(t *testing.T) {
 	}
 	tunnpeer.Start(1, 1, 4096)
 
+	time.Sleep(time.Second * 10) // wait link up
+
 	sendb := ([]byte)("1234")
 	tunnme.Write(sendb)
 	buf := make([]byte, 4)