--- zzzz-none-000/linux-5.4.213/net/netfilter/nf_conntrack_proto_tcp.c	2022-09-15 10:04:56.000000000 +0000
+++ miami-7690-761/linux-5.4.213/net/netfilter/nf_conntrack_proto_tcp.c	2024-05-29 11:20:02.000000000 +0000
@@ -31,10 +31,15 @@
 #include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
 #include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
 
+/* Do not check the TCP window for incoming packets  */
+int nf_ct_tcp_no_window_check __read_mostly = 1;
+EXPORT_SYMBOL_GPL(nf_ct_tcp_no_window_check);
+
 /* "Be conservative in what you do,
     be liberal in what you accept from others."
     If it's non-zero, we mark only out of window RST segments as INVALID. */
-static int nf_ct_tcp_be_liberal __read_mostly = 0;
+int nf_ct_tcp_be_liberal __read_mostly;
+EXPORT_SYMBOL_GPL(nf_ct_tcp_be_liberal);
 
 /* If it is set to zero, we disable picking up already established
    connections. */
@@ -476,6 +481,9 @@
 	s32 receiver_offset;
 	bool res, in_recv_win;
 
+	if (nf_ct_tcp_no_window_check)
+		return true;
+
 	/*
 	 * Get the required data from the packet.
 	 */
@@ -1139,7 +1147,7 @@
 		 IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED &&
 		 timeouts[new_state] > timeouts[TCP_CONNTRACK_UNACK])
 		timeout = timeouts[TCP_CONNTRACK_UNACK];
-	else if (ct->proto.tcp.last_win == 0 &&
+	else if (!nf_ct_tcp_no_window_check && ct->proto.tcp.last_win == 0 &&
 		 timeouts[new_state] > timeouts[TCP_CONNTRACK_RETRANS])
 		timeout = timeouts[TCP_CONNTRACK_RETRANS];
 	else