From c291b5fa23d33ee83a8239e1934127b3938849a0 Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Sat, 13 Apr 2024 11:04:42 -0400
Subject: [PATCH] enable TCp window shrinking

The default is a potential denial of service issue via TCP memory
exhaustion.
---
 sysctl.d/local.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sysctl.d/local.conf b/sysctl.d/local.conf
index 38f6e00..3dd68ee 100644
--- a/sysctl.d/local.conf
+++ b/sysctl.d/local.conf
@@ -10,6 +10,7 @@ net.ipv4.conf.*.rp_filter = 0
 
 net.ipv4.tcp_ecn = 1
 net.ipv4.tcp_slow_start_after_idle = 0
+net.ipv4.tcp_shrink_window = 1
 net.ipv4.tcp_notsent_lowat = 131072
 net.ipv4.tcp_fin_timeout = 30
 net.ipv4.tcp_rfc1337 = 1