Hi, I setup SYNPROXY iptables rules as below for my web server serving one static simple page, then test the latency through https://check-host.net/check-http?host=https://www.bpfire.net, there are some country locations shows 4 - 5 seconds delay, which is caused by server sending small packet size, see the capture screenshot: https://github.com/vincentmli/xdp-tools/issues/7#issuecomment-2465554843 INTERFACE=eth0 sysctl -w net.ipv4.tcp_syncookies=2 sysctl -w net.ipv4.tcp_timestamps=1 sysctl -w net.netfilter.nf_conntrack_tcp_loose=0 iptables -t raw -I PREROUTING -i $INTERFACE -p tcp -m tcp --syn --dport 443 -j CT --notrack iptables -t filter -A INPUT -i $INTERFACE -p tcp -m tcp -m state --state INVALID,UNTRACKED --dport 443 -j SYNPROXY --sack-perm --timestamp --wscale 7 --mss 1460 Initially this issue was reported to me when one user attach XDP acceleration for iptables SYNPROXY, after I reproduced the latency and did more testing here https://github.com/vincentmli/xdp-tools/issues/7#issuecomment-2471174263, it narrows down to 'iptables -t filter -A INPUT -i $INTERFAC -p tcp -m tcp -m state --state INVALID,UNTRACKED --dport 443 -j SYNPROXY --sack-perm --timestamp --wscale 7 --mss 1460', if I remove '--sack-perm --timestamp --wscale 7 --mss 1460', the small packet size transmission issue does not occur. Any clue to solve this issue for iptables SYNPROXY? Thanks Vincent