diff --git a/Dockerfile b/Dockerfile
index c3754bc7..c9e2124c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-ARG TERWAY_POLICY_IMAGE=registry-cn-zhangjiakou.ack.aliyuncs.com/acs/terway:policy-2aace3f5@sha256:8a83476396a7a940f79fbf7ccea5aee33552b1316919cc20206513332bd3e39f
+ARG TERWAY_POLICY_IMAGE=registry-cn-zhangjiakou.ack.aliyuncs.com/acs/terway:policy-9557532b@sha256:5ff26d96219734e471456f34fcaa57663c72d36762a9236b289014a0a9233f7c
 ARG UBUNTU_IMAGE=registry.cn-hangzhou.aliyuncs.com/acs/ubuntu:22.04-update
 ARG CILIUM_LLVM_IMAGE=quay.io/cilium/cilium-llvm:547db7ec9a750b8f888a506709adb41f135b952e@sha256:4d6fa0aede3556c5fb5a9c71bc6b9585475ac9b1064f516d4c45c8fb691c9d9e
 ARG CILIUM_BPFTOOL_IMAGE=quay.io/cilium/cilium-bpftool:78448c1a37ff2b790d5e25c3d8b8ec3e96e6405f@sha256:99a9453a921a8de99899ef82e0822f0c03f65d97005c064e231c06247ad8597d
diff --git a/policy/cilium/0025-fix-edt-in-datapathv2.patch b/policy/cilium/0025-fix-edt-in-datapathv2.patch
new file mode 100644
index 00000000..c1c5a83a
--- /dev/null
+++ b/policy/cilium/0025-fix-edt-in-datapathv2.patch
@@ -0,0 +1,112 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: l1b0k <libokang.dev@gmail.com>
+Date: Tue, 30 Apr 2024 12:55:40 +0800
+Subject: fix edt in datapathv2
+
+Signed-off-by: l1b0k <libokang.dev@gmail.com>
+---
+ bpf/bpf_host.c                      |  6 +++++-
+ bpf/bpf_lxc.c                       | 10 +++++++---
+ bpf/include/bpf/ctx/skb.h           |  5 +++++
+ pkg/datapath/linux/config/config.go |  2 ++
+ 4 files changed, 19 insertions(+), 4 deletions(-)
+
+diff --git a/bpf/bpf_host.c b/bpf/bpf_host.c
+index e29bbc5c97..e496664e45 100644
+--- a/bpf/bpf_host.c
++++ b/bpf/bpf_host.c
+@@ -1002,7 +1002,7 @@ int to_netdev(struct __ctx_buff *ctx __maybe_unused)
+ 	};
+ 	__u16 __maybe_unused proto = 0;
+ 	__u32 __maybe_unused vlan_id;
+-	int ret = CTX_ACT_OK;
++	int ret = CTX_ACT_PIPE;
+
+ 	/* Filter allowed vlan id's and pass them back to kernel.
+ 	 */
+@@ -1103,6 +1103,10 @@ out:
+ 	send_trace_notify(ctx, TRACE_TO_NETWORK, 0, 0, 0,
+ 			  0, trace.reason, trace.monitor);
+
++    if ( ret == CTX_ACT_OK ) {
++        return CTX_ACT_PIPE;
++    }
++
+ 	return ret;
+ }
+ 
+diff --git a/bpf/bpf_lxc.c b/bpf/bpf_lxc.c
+index 8583abe9cd..c0c8ba8b7f 100644
+--- a/bpf/bpf_lxc.c
++++ b/bpf/bpf_lxc.c
+@@ -1366,7 +1366,7 @@ int handle_xgress(struct __ctx_buff *ctx)
+ 		goto out;
+ 	}
+ 
+-#if defined(ENABLE_BANDWIDTH_MANAGER)
++#if defined(ENABLE_BANDWIDTH_MANAGER) && defined(DATAPATH_IPVLAN)
+     edt_set_aggregate(ctx, LXC_ID);
+ 	ret = edt_sched_departure(ctx);
+ 	/* No send_drop_notify_error() here given we're rate-limiting. */
+@@ -1380,14 +1380,18 @@ int handle_xgress(struct __ctx_buff *ctx)
+ 	switch (proto) {
+ #ifdef ENABLE_IPV6
+ 	case bpf_htons(ETH_P_IPV6):
+-//		edt_set_aggregate(ctx, LXC_ID);
++#if defined(ENABLE_BANDWIDTH_MANAGER) && defined(DATAPATH_VETH)
++		edt_set_aggregate(ctx, LXC_ID);
++#endif
+ 		ep_tail_call(ctx, CILIUM_CALL_IPV6_FROM_LXC);
+ 		ret = DROP_MISSED_TAIL_CALL;
+ 		break;
+ #endif /* ENABLE_IPV6 */
+ #ifdef ENABLE_IPV4
+ 	case bpf_htons(ETH_P_IP):
+-//		edt_set_aggregate(ctx, LXC_ID);
++#if defined(ENABLE_BANDWIDTH_MANAGER) && defined(DATAPATH_VETH)
++		edt_set_aggregate(ctx, LXC_ID);
++#endif
+ 		ep_tail_call(ctx, CILIUM_CALL_IPV4_FROM_LXC);
+ 		ret = DROP_MISSED_TAIL_CALL;
+ 		break;
+diff --git a/bpf/include/bpf/ctx/skb.h b/bpf/include/bpf/ctx/skb.h
+index 01fa3f78fc..e40e270f82 100644
+--- a/bpf/include/bpf/ctx/skb.h
++++ b/bpf/include/bpf/ctx/skb.h
+@@ -18,12 +18,17 @@
+ # define TC_ACT_SHOT		2
+ #endif
+ 
++#ifndef TC_ACT_PIPE
++# define TC_ACT_PIPE		3
++#endif
++
+ #ifndef TC_ACT_REDIRECT
+ # define TC_ACT_REDIRECT	7
+ #endif
+ 
+ #define CTX_ACT_OK		TC_ACT_OK
+ #define CTX_ACT_DROP		TC_ACT_SHOT
++#define CTX_ACT_PIPE		TC_ACT_PIPE
+ #define CTX_ACT_TX		TC_ACT_REDIRECT
+ #define CTX_ACT_REDIRECT	TC_ACT_REDIRECT
+ 
+diff --git a/pkg/datapath/linux/config/config.go b/pkg/datapath/linux/config/config.go
+index dfc5096aac..060328adf9 100644
+--- a/pkg/datapath/linux/config/config.go
++++ b/pkg/datapath/linux/config/config.go
+@@ -869,9 +869,11 @@ func (h *HeaderfileWriter) writeTemplateConfig(fw *bufio.Writer, e datapath.Endp
+ 	switch option.Config.DatapathMode {
+ 	case datapathOption.DatapathModeIPvlan:
+ 		fmt.Fprintf(fw, "#define CONTAINER_DIRECT_ROUTING_DEV_IFINDEX 0\n")
++		fmt.Fprintf(fw, "#define DATAPATH_IPVLAN 1\n")
+ 	case datapathOption.DatapathModeVeth:
+ 		fmt.Fprintf(fw, "#define ENABLE_SKIP_FIB 1\n")
+ 		fmt.Fprintf(fw, "#define CONTAINER_DIRECT_ROUTING_DEV_IFINDEX %d\n", e.GetENIIndex())
++		fmt.Fprintf(fw, "#define DATAPATH_VETH 1\n")
+ 
+ 		// ENABLE_HOST_ROUTING has higher priority than ENABLE_REDIRECT
+ 		// CONTAINER_DIRECT_ROUTING_DEV_IFINDEX is used for both, but not for ipvl
+-- 
+2.44.0
+