3 files changed, 16 insertions, 7 deletions

diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index 490ce20faf38..db46b4b5b2b9 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -440,6 +440,9 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
         /* Remove any debris in the socket control block */
         memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
 
+        /* Must drop socket now because of tproxy. */
+        skb_orphan(skb);
+
         return NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, dev, NULL,
                        ip_rcv_finish);
 
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c
index 155c008626c8..09172a65d9b6 100644
--- a/net/ipv4/netfilter/nf_nat_helper.c
+++ b/net/ipv4/netfilter/nf_nat_helper.c
@@ -191,7 +191,8 @@ nf_nat_mangle_tcp_packet(struct sk_buff *skb,
                                     ct, ctinfo);
                 /* Tell TCP window tracking about seq change */
                 nf_conntrack_tcp_update(skb, ip_hdrlen(skb),
-                                        ct, CTINFO2DIR(ctinfo));
+                                        ct, CTINFO2DIR(ctinfo),
+                                        (int)rep_len - (int)match_len);
 
                 nf_conntrack_event_cache(IPCT_NATSEQADJ, ct);
         }
@@ -377,6 +378,7 @@ nf_nat_seq_adjust(struct sk_buff *skb,
         struct tcphdr *tcph;
         int dir;
         __be32 newseq, newack;
+        s16 seqoff, ackoff;
         struct nf_conn_nat *nat = nfct_nat(ct);
         struct nf_nat_seq *this_way, *other_way;
 
@@ -390,15 +392,18 @@ nf_nat_seq_adjust(struct sk_buff *skb,
 
         tcph = (void *)skb->data + ip_hdrlen(skb);
         if (after(ntohl(tcph->seq), this_way->correction_pos))
-                newseq = htonl(ntohl(tcph->seq) + this_way->offset_after);
+                seqoff = this_way->offset_after;
         else
-                newseq = htonl(ntohl(tcph->seq) + this_way->offset_before);
+                seqoff = this_way->offset_before;
 
         if (after(ntohl(tcph->ack_seq) - other_way->offset_before,
                   other_way->correction_pos))
-                newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_after);
+                ackoff = other_way->offset_after;
         else
-                newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_before);
+                ackoff = other_way->offset_before;
+
+        newseq = htonl(ntohl(tcph->seq) + seqoff);
+        newack = htonl(ntohl(tcph->ack_seq) - ackoff);
 
         inet_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, 0);
         inet_proto_csum_replace4(&tcph->check, skb, tcph->ack_seq, newack, 0);
@@ -413,7 +418,7 @@ nf_nat_seq_adjust(struct sk_buff *skb,
         if (!nf_nat_sack_adjust(skb, tcph, ct, ctinfo))
                 return 0;
 
-        nf_conntrack_tcp_update(skb, ip_hdrlen(skb), ct, dir);
+        nf_conntrack_tcp_update(skb, ip_hdrlen(skb), ct, dir, seqoff);
 
         return 1;
 }
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index 43bbba7926ee..f8d67ccc64f3 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -128,7 +128,8 @@ tcp_timewait_state_process(struct inet_timewait_sock *tw, struct sk_buff *skb,
                         goto kill_with_rst;
 
                 /* Dup ACK? */
-                if (!after(TCP_SKB_CB(skb)->end_seq, tcptw->tw_rcv_nxt) ||
+                if (!th->ack ||
+                    !after(TCP_SKB_CB(skb)->end_seq, tcptw->tw_rcv_nxt) ||
                     TCP_SKB_CB(skb)->end_seq == TCP_SKB_CB(skb)->seq) {
                         inet_twsk_put(tw);
                         return TCP_TW_SUCCESS;