I find myself needing to encapsulate IP in TCP, for reasons not really
worth going into here (the principal part is a NAT box whose
configuration is out of my control).

I seem to recall seeing, in the past, various statements that doing
this leads to bad interactions between timing algorithms at various
levels.  What I'm wondering is, can someone describe how best to
minimize such effects?  To pick one simple example, should TCP_NODELAY
be turned on or off on the tunnel connection?

The underlying connectivity at the bottleneck is a DSL line.  Latency
is tens of milliseconds

21 packets transmitted, 21 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 26.959/41.102/92.283/22.027 ms

and bandwidth I haven't measured (and can't easily do so now, though I
probably can in a day or two if it matters), but is perhaps on the slow
side of decent DSL speeds.

This is being done on NetBSD; in particular, I have source, so things
that involve hacking on the encapsulation endpoint TCP stacks are not
out of the question.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B