commit 4d130b0a883b4aebc36a88ca116746594e176c6a
Author: Jamal Hadi Salim <hadi@mojatatu.com>
Date:   Fri Nov 25 15:45:48 2016 -0400

    transparent proxy workaround so we can get the tcaction to work

diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index fa2dc8f692c6..29b303dbbfd9 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -482,8 +482,11 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
 	memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
 	IPCB(skb)->iif = skb->skb_iif;
 
-	/* Must drop socket now because of tproxy. */
-	skb_orphan(skb);
+	/* Must drop socket now because of tproxy,
+	 * if we didnt set it already as usable
+	 * */
+	if(skb->tc_index != 0xFFFF)
+		skb_orphan(skb);
 
 	return NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING,
 		       net, NULL, skb, dev, NULL,
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index 9ee208a348f5..10148f2eec03 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -77,12 +77,16 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
 	u32 pkt_len;
 	struct inet6_dev *idev;
 	struct net *net = dev_net(skb->dev);
+	struct sock *orig_sk = NULL;
 
 	if (skb->pkt_type == PACKET_OTHERHOST) {
 		kfree_skb(skb);
 		return NET_RX_DROP;
 	}
 
+	if(skb->tc_index == 0xFFFF)
+		orig_sk = skb->sk;
+
 	rcu_read_lock();
 
 	idev = __in6_dev_get(skb->dev);
@@ -202,8 +206,17 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
 
 	rcu_read_unlock();
 
+	if (skb->tc_index == 0xFFFF && !skb->sk && orig_sk)
+	{
+		skb_orphan(skb);
+		skb->sk = orig_sk;
+		skb->destructor = sock_edemux;
+		atomic_inc_not_zero(&skb->sk->sk_refcnt);
+	}
+
 	/* Must drop socket now because of tproxy. */
-	skb_orphan(skb);
+	if(skb->tc_index != 0xFFFF)
+		skb_orphan(skb);
 
 	return NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING,
 		       net, NULL, skb, dev, NULL,