My solution looks like this:
-- "wifissh" wrapper around "ssh" that reads in ~/.wifissh config file, sets some environment variables, and then invokes the real ssh program with an LD_PRELOAD modules loaded to intercept network connections, ala skype_dsp_hijacker or trickle(1).
-- LD_PRELOAD library then intercepts all connects/writes (and maybe reads, it matters less?) and sends them over UDP (which has no congestion control (ignoring DCCP)) to the internal host configured in the ~/.wifissh file, which the sh/perl wrapper read and stuck in the environment for me, so I don't have to write config file parsing code C.
-- the ssh proxy host, running on my local network, acts like rinetd(8) except it's udp/tcp instead of tcp/tcp, and it has a specialized ACK protocol to the laptop.
-- the preload library's fake write(2) system call then blocks the caller (which thinks it's doing a real write) until it receives an ack. if it doesn't receive an ack soon enough, it goes fucking apeshit resending rapidly (or at least every 100 ms), since it doesn't have to worry about congesting the real interweb.
And then Brad is happy.
I can probably write this tomorrow, but without a laptop to test it on, I might not be so motivated until it's fixed.
And damn you