From 09833aef1ba1d699a570c92691a319056f3a607f Mon Sep 17 00:00:00 2001
From: Vinicius Fortuna <fortuna@users.noreply.github.com>
Date: Mon, 5 Jun 2023 15:26:37 -0400
Subject: [PATCH] refactor: split metrics collection into TCP and UDP

---
 cmd/outline-ss-server/main.go                 |   7 +-
 cmd/outline-ss-server/metrics.go              | 228 ++++++++++++++++
 .../outline-ss-server}/metrics_test.go        |  37 ++-
 cmd/outline-ss-server/server_test.go          |   3 +-
 internal/integration_test/integration_test.go |  15 +-
 service/metrics/metrics.go                    | 258 ------------------
 service/tcp.go                                |  33 ++-
 service/tcp_test.go                           |  13 +-
 service/udp.go                                |  42 ++-
 service/udp_test.go                           |  15 +-
 10 files changed, 335 insertions(+), 316 deletions(-)
 create mode 100644 cmd/outline-ss-server/metrics.go
 rename {service/metrics => cmd/outline-ss-server}/metrics_test.go (65%)

diff --git a/cmd/outline-ss-server/main.go b/cmd/outline-ss-server/main.go
index 04037724..013adcbd 100644
--- a/cmd/outline-ss-server/main.go
+++ b/cmd/outline-ss-server/main.go
@@ -30,7 +30,6 @@ import (
 	"github.com/Jigsaw-Code/outline-internal-sdk/transport/shadowsocks"
 	"github.com/Jigsaw-Code/outline-ss-server/ipinfo"
 	"github.com/Jigsaw-Code/outline-ss-server/service"
-	"github.com/Jigsaw-Code/outline-ss-server/service/metrics"
 	"github.com/op/go-logging"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
@@ -68,7 +67,7 @@ type ssPort struct {
 
 type SSServer struct {
 	natTimeout  time.Duration
-	m           metrics.ShadowsocksMetrics
+	m           *outlineMetrics
 	replayCache service.ReplayCache
 	ports       map[int]*ssPort
 }
@@ -179,7 +178,7 @@ func (s *SSServer) Stop() error {
 }
 
 // RunSSServer starts a shadowsocks server running, and returns the server or an error.
-func RunSSServer(filename string, natTimeout time.Duration, sm metrics.ShadowsocksMetrics, replayHistory int) (*SSServer, error) {
+func RunSSServer(filename string, natTimeout time.Duration, sm *outlineMetrics, replayHistory int) (*SSServer, error) {
 	server := &SSServer{
 		natTimeout:  natTimeout,
 		m:           sm,
@@ -280,7 +279,7 @@ func main() {
 		defer ip2info.Close()
 	}
 
-	m := metrics.NewPrometheusShadowsocksMetrics(ip2info, prometheus.DefaultRegisterer)
+	m := newPrometheusOutlineMetrics(ip2info, prometheus.DefaultRegisterer)
 	m.SetBuildInfo(version)
 	_, err = RunSSServer(flags.ConfigFile, flags.natTimeout, m, flags.replayHistory)
 	if err != nil {
diff --git a/cmd/outline-ss-server/metrics.go b/cmd/outline-ss-server/metrics.go
new file mode 100644
index 00000000..6dbe6889
--- /dev/null
+++ b/cmd/outline-ss-server/metrics.go
@@ -0,0 +1,228 @@
+// Copyright 2023 Jigsaw Operations LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"strconv"
+	"time"
+
+	"github.com/Jigsaw-Code/outline-ss-server/ipinfo"
+	"github.com/Jigsaw-Code/outline-ss-server/service"
+	"github.com/Jigsaw-Code/outline-ss-server/service/metrics"
+	"github.com/prometheus/client_golang/prometheus"
+)
+
+type outlineMetrics struct {
+	ipinfo.IPInfoMap
+
+	buildInfo            *prometheus.GaugeVec
+	accessKeys           prometheus.Gauge
+	ports                prometheus.Gauge
+	dataBytes            *prometheus.CounterVec
+	dataBytesPerLocation *prometheus.CounterVec
+	timeToCipherMs       *prometheus.HistogramVec
+	// TODO: Add time to first byte.
+
+	tcpProbes               *prometheus.HistogramVec
+	tcpOpenConnections      *prometheus.CounterVec
+	tcpClosedConnections    *prometheus.CounterVec
+	tcpConnectionDurationMs *prometheus.HistogramVec
+
+	udpPacketsFromClientPerLocation *prometheus.CounterVec
+	udpAddedNatEntries              prometheus.Counter
+	udpRemovedNatEntries            prometheus.Counter
+}
+
+var _ service.TCPMetrics = (*outlineMetrics)(nil)
+var _ service.UDPMetrics = (*outlineMetrics)(nil)
+
+// newPrometheusOutlineMetrics constructs a metrics object that uses
+// `ipCountryDB` to convert IP addresses to countries, and reports all
+// metrics to Prometheus via `registerer`.  `ipCountryDB` may be nil, but
+// `registerer` must not be.
+func newPrometheusOutlineMetrics(ip2info ipinfo.IPInfoMap, registerer prometheus.Registerer) *outlineMetrics {
+	m := &outlineMetrics{
+		IPInfoMap: ip2info,
+		buildInfo: prometheus.NewGaugeVec(prometheus.GaugeOpts{
+			Namespace: "shadowsocks",
+			Name:      "build_info",
+			Help:      "Information on the outline-ss-server build",
+		}, []string{"version"}),
+		accessKeys: prometheus.NewGauge(prometheus.GaugeOpts{
+			Namespace: "shadowsocks",
+			Name:      "keys",
+			Help:      "Count of access keys",
+		}),
+		ports: prometheus.NewGauge(prometheus.GaugeOpts{
+			Namespace: "shadowsocks",
+			Name:      "ports",
+			Help:      "Count of open Shadowsocks ports",
+		}),
+		tcpProbes: prometheus.NewHistogramVec(prometheus.HistogramOpts{
+			Namespace: "shadowsocks",
+			Name:      "tcp_probes",
+			Buckets:   []float64{0, 49, 50, 51, 73, 91},
+			Help:      "Histogram of number of bytes from client to proxy, for detecting possible probes",
+		}, []string{"port", "status", "error"}),
+		tcpOpenConnections: prometheus.NewCounterVec(prometheus.CounterOpts{
+			Namespace: "shadowsocks",
+			Subsystem: "tcp",
+			Name:      "connections_opened",
+			Help:      "Count of open TCP connections",
+		}, []string{"location"}),
+		tcpClosedConnections: prometheus.NewCounterVec(prometheus.CounterOpts{
+			Namespace: "shadowsocks",
+			Subsystem: "tcp",
+			Name:      "connections_closed",
+			Help:      "Count of closed TCP connections",
+		}, []string{"location", "status", "access_key"}),
+		tcpConnectionDurationMs: prometheus.NewHistogramVec(
+			prometheus.HistogramOpts{
+				Namespace: "shadowsocks",
+				Subsystem: "tcp",
+				Name:      "connection_duration_ms",
+				Help:      "TCP connection duration distributions.",
+				Buckets: []float64{
+					100,
+					float64(time.Second.Milliseconds()),
+					float64(time.Minute.Milliseconds()),
+					float64(time.Hour.Milliseconds()),
+					float64(24 * time.Hour.Milliseconds()),     // Day
+					float64(7 * 24 * time.Hour.Milliseconds()), // Week
+				},
+			}, []string{"status"}),
+		dataBytes: prometheus.NewCounterVec(
+			prometheus.CounterOpts{
+				Namespace: "shadowsocks",
+				Name:      "data_bytes",
+				Help:      "Bytes transferred by the proxy, per access key",
+			}, []string{"dir", "proto", "access_key"}),
+		dataBytesPerLocation: prometheus.NewCounterVec(
+			prometheus.CounterOpts{
+				Namespace: "shadowsocks",
+				Name:      "data_bytes_per_location",
+				Help:      "Bytes transferred by the proxy, per location",
+			}, []string{"dir", "proto", "location"}),
+		timeToCipherMs: prometheus.NewHistogramVec(
+			prometheus.HistogramOpts{
+				Namespace: "shadowsocks",
+				Name:      "time_to_cipher_ms",
+				Help:      "Time needed to find the cipher",
+				Buckets:   []float64{0.1, 1, 10, 100, 1000},
+			}, []string{"proto", "found_key"}),
+		udpPacketsFromClientPerLocation: prometheus.NewCounterVec(
+			prometheus.CounterOpts{
+				Namespace: "shadowsocks",
+				Subsystem: "udp",
+				Name:      "packets_from_client_per_location",
+				Help:      "Packets received from the client, per location and status",
+			}, []string{"location", "status"}),
+		udpAddedNatEntries: prometheus.NewCounter(
+			prometheus.CounterOpts{
+				Namespace: "shadowsocks",
+				Subsystem: "udp",
+				Name:      "nat_entries_added",
+				Help:      "Entries added to the UDP NAT table",
+			}),
+		udpRemovedNatEntries: prometheus.NewCounter(
+			prometheus.CounterOpts{
+				Namespace: "shadowsocks",
+				Subsystem: "udp",
+				Name:      "nat_entries_removed",
+				Help:      "Entries removed from the UDP NAT table",
+			}),
+	}
+
+	// TODO: Is it possible to pass where to register the collectors?
+	registerer.MustRegister(m.buildInfo, m.accessKeys, m.ports, m.tcpProbes, m.tcpOpenConnections, m.tcpClosedConnections, m.tcpConnectionDurationMs,
+		m.dataBytes, m.dataBytesPerLocation, m.timeToCipherMs, m.udpPacketsFromClientPerLocation, m.udpAddedNatEntries, m.udpRemovedNatEntries)
+	return m
+}
+
+func (m *outlineMetrics) SetBuildInfo(version string) {
+	m.buildInfo.WithLabelValues(version).Set(1)
+}
+
+func (m *outlineMetrics) SetNumAccessKeys(numKeys int, ports int) {
+	m.accessKeys.Set(float64(numKeys))
+	m.ports.Set(float64(ports))
+}
+
+func (m *outlineMetrics) AddOpenTCPConnection(clientInfo ipinfo.IPInfo) {
+	m.tcpOpenConnections.WithLabelValues(clientInfo.CountryCode.String()).Inc()
+}
+
+// addIfNonZero helps avoid the creation of series that are always zero.
+func addIfNonZero(value int64, counterVec *prometheus.CounterVec, lvs ...string) {
+	if value > 0 {
+		counterVec.WithLabelValues(lvs...).Add(float64(value))
+	}
+}
+
+func (m *outlineMetrics) AddClosedTCPConnection(clientInfo ipinfo.IPInfo, accessKey, status string, data metrics.ProxyMetrics, duration time.Duration) {
+	m.tcpClosedConnections.WithLabelValues(clientInfo.CountryCode.String(), status, accessKey).Inc()
+	m.tcpConnectionDurationMs.WithLabelValues(status).Observe(duration.Seconds() * 1000)
+	addIfNonZero(data.ClientProxy, m.dataBytes, "c>p", "tcp", accessKey)
+	addIfNonZero(data.ClientProxy, m.dataBytesPerLocation, "c>p", "tcp", clientInfo.CountryCode.String())
+	addIfNonZero(data.ProxyTarget, m.dataBytes, "p>t", "tcp", accessKey)
+	addIfNonZero(data.ProxyTarget, m.dataBytesPerLocation, "p>t", "tcp", clientInfo.CountryCode.String())
+	addIfNonZero(data.TargetProxy, m.dataBytes, "p<t", "tcp", accessKey)
+	addIfNonZero(data.TargetProxy, m.dataBytesPerLocation, "p<t", "tcp", clientInfo.CountryCode.String())
+	addIfNonZero(data.ProxyClient, m.dataBytes, "c<p", "tcp", accessKey)
+	addIfNonZero(data.ProxyClient, m.dataBytesPerLocation, "c<p", "tcp", clientInfo.CountryCode.String())
+}
+
+func (m *outlineMetrics) AddUDPPacketFromClient(clientInfo ipinfo.IPInfo, accessKey, status string, clientProxyBytes, proxyTargetBytes int) {
+	m.udpPacketsFromClientPerLocation.WithLabelValues(clientInfo.CountryCode.String(), status).Inc()
+	addIfNonZero(int64(clientProxyBytes), m.dataBytes, "c>p", "udp", accessKey)
+	addIfNonZero(int64(clientProxyBytes), m.dataBytesPerLocation, "c>p", "udp", clientInfo.CountryCode.String())
+	addIfNonZero(int64(proxyTargetBytes), m.dataBytes, "p>t", "udp", accessKey)
+	addIfNonZero(int64(proxyTargetBytes), m.dataBytesPerLocation, "p>t", "udp", clientInfo.CountryCode.String())
+}
+
+func (m *outlineMetrics) AddUDPPacketFromTarget(clientInfo ipinfo.IPInfo, accessKey, status string, targetProxyBytes, proxyClientBytes int) {
+	addIfNonZero(int64(targetProxyBytes), m.dataBytes, "p<t", "udp", accessKey)
+	addIfNonZero(int64(targetProxyBytes), m.dataBytesPerLocation, "p<t", "udp", clientInfo.CountryCode.String())
+	addIfNonZero(int64(proxyClientBytes), m.dataBytes, "c<p", "udp", accessKey)
+	addIfNonZero(int64(proxyClientBytes), m.dataBytesPerLocation, "c<p", "udp", clientInfo.CountryCode.String())
+}
+
+func (m *outlineMetrics) AddUDPNatEntry() {
+	m.udpAddedNatEntries.Inc()
+}
+
+func (m *outlineMetrics) RemoveUDPNatEntry() {
+	m.udpRemovedNatEntries.Inc()
+}
+
+func (m *outlineMetrics) AddTCPProbe(status, drainResult string, port int, clientProxyBytes int64) {
+	m.tcpProbes.WithLabelValues(strconv.Itoa(port), status, drainResult).Observe(float64(clientProxyBytes))
+}
+
+func (m *outlineMetrics) AddTCPCipherSearch(accessKeyFound bool, timeToCipher time.Duration) {
+	foundStr := "false"
+	if accessKeyFound {
+		foundStr = "true"
+	}
+	m.timeToCipherMs.WithLabelValues("tcp", foundStr).Observe(timeToCipher.Seconds() * 1000)
+}
+
+func (m *outlineMetrics) AddUDPCipherSearch(accessKeyFound bool, timeToCipher time.Duration) {
+	foundStr := "false"
+	if accessKeyFound {
+		foundStr = "true"
+	}
+	m.timeToCipherMs.WithLabelValues("udp", foundStr).Observe(timeToCipher.Seconds() * 1000)
+}
diff --git a/service/metrics/metrics_test.go b/cmd/outline-ss-server/metrics_test.go
similarity index 65%
rename from service/metrics/metrics_test.go
rename to cmd/outline-ss-server/metrics_test.go
index 0d86491d..629d67cd 100644
--- a/service/metrics/metrics_test.go
+++ b/cmd/outline-ss-server/metrics_test.go
@@ -1,16 +1,31 @@
-package metrics
+// Copyright 2023 Jigsaw Operations LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
 
 import (
 	"testing"
 	"time"
 
 	"github.com/Jigsaw-Code/outline-ss-server/ipinfo"
+	"github.com/Jigsaw-Code/outline-ss-server/service/metrics"
 	"github.com/prometheus/client_golang/prometheus"
 )
 
 func TestMethodsDontPanic(t *testing.T) {
-	ssMetrics := NewPrometheusShadowsocksMetrics(nil, prometheus.NewPedanticRegistry())
-	proxyMetrics := ProxyMetrics{
+	ssMetrics := newPrometheusOutlineMetrics(nil, prometheus.NewPedanticRegistry())
+	proxyMetrics := metrics.ProxyMetrics{
 		ClientProxy: 1,
 		ProxyTarget: 2,
 		TargetProxy: 3,
@@ -30,7 +45,7 @@ func TestMethodsDontPanic(t *testing.T) {
 }
 
 func BenchmarkOpenTCP(b *testing.B) {
-	ssMetrics := NewPrometheusShadowsocksMetrics(nil, prometheus.NewRegistry())
+	ssMetrics := newPrometheusOutlineMetrics(nil, prometheus.NewRegistry())
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
 		ssMetrics.AddOpenTCPConnection(ipinfo.IPInfo{CountryCode: "ZZ"})
@@ -38,11 +53,11 @@ func BenchmarkOpenTCP(b *testing.B) {
 }
 
 func BenchmarkCloseTCP(b *testing.B) {
-	ssMetrics := NewPrometheusShadowsocksMetrics(nil, prometheus.NewRegistry())
+	ssMetrics := newPrometheusOutlineMetrics(nil, prometheus.NewRegistry())
 	clientInfo := ipinfo.IPInfo{CountryCode: "ZZ"}
 	accessKey := "key 1"
 	status := "OK"
-	data := ProxyMetrics{}
+	data := metrics.ProxyMetrics{}
 	timeToCipher := time.Microsecond
 	duration := time.Minute
 	b.ResetTimer()
@@ -53,11 +68,11 @@ func BenchmarkCloseTCP(b *testing.B) {
 }
 
 func BenchmarkProbe(b *testing.B) {
-	ssMetrics := NewPrometheusShadowsocksMetrics(nil, prometheus.NewRegistry())
+	ssMetrics := newPrometheusOutlineMetrics(nil, prometheus.NewRegistry())
 	status := "ERR_REPLAY"
 	drainResult := "other"
 	port := 12345
-	data := ProxyMetrics{}
+	data := metrics.ProxyMetrics{}
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
 		ssMetrics.AddTCPProbe(status, drainResult, port, data.ClientProxy)
@@ -65,7 +80,7 @@ func BenchmarkProbe(b *testing.B) {
 }
 
 func BenchmarkClientUDP(b *testing.B) {
-	ssMetrics := NewPrometheusShadowsocksMetrics(nil, prometheus.NewRegistry())
+	ssMetrics := newPrometheusOutlineMetrics(nil, prometheus.NewRegistry())
 	clientInfo := ipinfo.IPInfo{CountryCode: "ZZ"}
 	accessKey := "key 1"
 	status := "OK"
@@ -79,7 +94,7 @@ func BenchmarkClientUDP(b *testing.B) {
 }
 
 func BenchmarkTargetUDP(b *testing.B) {
-	ssMetrics := NewPrometheusShadowsocksMetrics(nil, prometheus.NewRegistry())
+	ssMetrics := newPrometheusOutlineMetrics(nil, prometheus.NewRegistry())
 	clientInfo := ipinfo.IPInfo{CountryCode: "ZZ"}
 	accessKey := "key 1"
 	status := "OK"
@@ -91,7 +106,7 @@ func BenchmarkTargetUDP(b *testing.B) {
 }
 
 func BenchmarkNAT(b *testing.B) {
-	ssMetrics := NewPrometheusShadowsocksMetrics(nil, prometheus.NewRegistry())
+	ssMetrics := newPrometheusOutlineMetrics(nil, prometheus.NewRegistry())
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
 		ssMetrics.AddUDPNatEntry()
diff --git a/cmd/outline-ss-server/server_test.go b/cmd/outline-ss-server/server_test.go
index c3a4ae16..0b7777b2 100644
--- a/cmd/outline-ss-server/server_test.go
+++ b/cmd/outline-ss-server/server_test.go
@@ -18,12 +18,11 @@ import (
 	"testing"
 	"time"
 
-	"github.com/Jigsaw-Code/outline-ss-server/service/metrics"
 	"github.com/prometheus/client_golang/prometheus"
 )
 
 func TestRunSSServer(t *testing.T) {
-	m := metrics.NewPrometheusShadowsocksMetrics(nil, prometheus.DefaultRegisterer)
+	m := newPrometheusOutlineMetrics(nil, prometheus.DefaultRegisterer)
 	server, err := RunSSServer("config_example.yml", 30*time.Second, m, 10000)
 	if err != nil {
 		t.Fatalf("RunSSServer() error = %v", err)
diff --git a/internal/integration_test/integration_test.go b/internal/integration_test/integration_test.go
index 3aa5161a..22eb27b6 100644
--- a/internal/integration_test/integration_test.go
+++ b/internal/integration_test/integration_test.go
@@ -113,7 +113,7 @@ func TestTCPEcho(t *testing.T) {
 	}
 	replayCache := service.NewReplayCache(5)
 	const testTimeout = 200 * time.Millisecond
-	handler := service.NewTCPHandler(proxyListener.Addr().(*net.TCPAddr).Port, cipherList, &replayCache, &metrics.NoOpMetrics{}, testTimeout)
+	handler := service.NewTCPHandler(proxyListener.Addr().(*net.TCPAddr).Port, cipherList, &replayCache, &service.NoOpTCPMetrics{}, testTimeout)
 	handler.SetTargetIPValidator(allowAll)
 	done := make(chan struct{})
 	go func() {
@@ -162,7 +162,7 @@ func TestTCPEcho(t *testing.T) {
 }
 
 type statusMetrics struct {
-	metrics.NoOpMetrics
+	service.NoOpTCPMetrics
 	sync.Mutex
 	statuses []string
 }
@@ -232,12 +232,11 @@ type udpRecord struct {
 
 // Fake metrics implementation for UDP
 type fakeUDPMetrics struct {
-	metrics.ShadowsocksMetrics
 	up, down []udpRecord
 	natAdded int
 }
 
-var _ metrics.ShadowsocksMetrics = (*fakeUDPMetrics)(nil)
+var _ service.UDPMetrics = (*fakeUDPMetrics)(nil)
 
 func (m *fakeUDPMetrics) GetIPInfo(ip net.IP) (ipinfo.IPInfo, error) {
 	return ipinfo.IPInfo{CountryCode: "QQ"}, nil
@@ -362,7 +361,7 @@ func BenchmarkTCPThroughput(b *testing.B) {
 		b.Fatal(err)
 	}
 	const testTimeout = 200 * time.Millisecond
-	handler := service.NewTCPHandler(proxyListener.Addr().(*net.TCPAddr).Port, cipherList, nil, &metrics.NoOpMetrics{}, testTimeout)
+	handler := service.NewTCPHandler(proxyListener.Addr().(*net.TCPAddr).Port, cipherList, nil, &service.NoOpTCPMetrics{}, testTimeout)
 	handler.SetTargetIPValidator(allowAll)
 	done := make(chan struct{})
 	go func() {
@@ -424,7 +423,7 @@ func BenchmarkTCPMultiplexing(b *testing.B) {
 	}
 	replayCache := service.NewReplayCache(service.MaxCapacity)
 	const testTimeout = 200 * time.Millisecond
-	handler := service.NewTCPHandler(proxyListener.Addr().(*net.TCPAddr).Port, cipherList, &replayCache, &metrics.NoOpMetrics{}, testTimeout)
+	handler := service.NewTCPHandler(proxyListener.Addr().(*net.TCPAddr).Port, cipherList, &replayCache, &service.NoOpTCPMetrics{}, testTimeout)
 	handler.SetTargetIPValidator(allowAll)
 	done := make(chan struct{})
 	go func() {
@@ -497,7 +496,7 @@ func BenchmarkUDPEcho(b *testing.B) {
 	if err != nil {
 		b.Fatal(err)
 	}
-	proxy := service.NewPacketHandler(time.Hour, cipherList, &metrics.NoOpMetrics{})
+	proxy := service.NewPacketHandler(time.Hour, cipherList, &service.NoOpUDPMetrics{})
 	proxy.SetTargetIPValidator(allowAll)
 	done := make(chan struct{})
 	go func() {
@@ -541,7 +540,7 @@ func BenchmarkUDPManyKeys(b *testing.B) {
 	if err != nil {
 		b.Fatal(err)
 	}
-	proxy := service.NewPacketHandler(time.Hour, cipherList, &metrics.NoOpMetrics{})
+	proxy := service.NewPacketHandler(time.Hour, cipherList, &service.NoOpUDPMetrics{})
 	proxy.SetTargetIPValidator(allowAll)
 	done := make(chan struct{})
 	go func() {
diff --git a/service/metrics/metrics.go b/service/metrics/metrics.go
index f370d3f9..f11bda5b 100644
--- a/service/metrics/metrics.go
+++ b/service/metrics/metrics.go
@@ -16,245 +16,10 @@ package metrics
 
 import (
 	"io"
-	"net"
-	"strconv"
-	"time"
 
 	"github.com/Jigsaw-Code/outline-internal-sdk/transport"
-	"github.com/Jigsaw-Code/outline-ss-server/ipinfo"
-	"github.com/prometheus/client_golang/prometheus"
 )
 
-// ShadowsocksMetrics registers metrics for the Shadowsocks service.
-type ShadowsocksMetrics interface {
-	ipinfo.IPInfoMap
-
-	SetBuildInfo(version string)
-
-	SetNumAccessKeys(numKeys int, numPorts int)
-
-	// TCP metrics
-	AddOpenTCPConnection(clientInfo ipinfo.IPInfo)
-	AddClosedTCPConnection(clientInfo ipinfo.IPInfo, accessKey, status string, data ProxyMetrics, duration time.Duration)
-
-	// UDP metrics
-	AddUDPPacketFromClient(clientInfo ipinfo.IPInfo, accessKey, status string, clientProxyBytes, proxyTargetBytes int)
-	AddUDPPacketFromTarget(clientInfo ipinfo.IPInfo, accessKey, status string, targetProxyBytes, proxyClientBytes int)
-	AddUDPNatEntry()
-	RemoveUDPNatEntry()
-
-	// Shadowsocks metrics
-	AddTCPProbe(status, drainResult string, port int, clientProxyBytes int64)
-	AddTCPCipherSearch(accessKeyFound bool, timeToCipher time.Duration)
-	AddUDPCipherSearch(accessKeyFound bool, timeToCipher time.Duration)
-}
-
-type shadowsocksMetrics struct {
-	ipinfo.IPInfoMap
-
-	buildInfo            *prometheus.GaugeVec
-	accessKeys           prometheus.Gauge
-	ports                prometheus.Gauge
-	dataBytes            *prometheus.CounterVec
-	dataBytesPerLocation *prometheus.CounterVec
-	timeToCipherMs       *prometheus.HistogramVec
-	// TODO: Add time to first byte.
-
-	tcpProbes               *prometheus.HistogramVec
-	tcpOpenConnections      *prometheus.CounterVec
-	tcpClosedConnections    *prometheus.CounterVec
-	tcpConnectionDurationMs *prometheus.HistogramVec
-
-	udpPacketsFromClientPerLocation *prometheus.CounterVec
-	udpAddedNatEntries              prometheus.Counter
-	udpRemovedNatEntries            prometheus.Counter
-}
-
-var _ ShadowsocksMetrics = (*shadowsocksMetrics)(nil)
-
-func newShadowsocksMetrics(ip2info ipinfo.IPInfoMap) *shadowsocksMetrics {
-	// Don't forget to pass the counters to the registerer.MustRegister call in NewPrometheusShadowsocksMetrics.
-	return &shadowsocksMetrics{
-		IPInfoMap: ip2info,
-		buildInfo: prometheus.NewGaugeVec(prometheus.GaugeOpts{
-			Namespace: "shadowsocks",
-			Name:      "build_info",
-			Help:      "Information on the outline-ss-server build",
-		}, []string{"version"}),
-		accessKeys: prometheus.NewGauge(prometheus.GaugeOpts{
-			Namespace: "shadowsocks",
-			Name:      "keys",
-			Help:      "Count of access keys",
-		}),
-		ports: prometheus.NewGauge(prometheus.GaugeOpts{
-			Namespace: "shadowsocks",
-			Name:      "ports",
-			Help:      "Count of open Shadowsocks ports",
-		}),
-		tcpProbes: prometheus.NewHistogramVec(prometheus.HistogramOpts{
-			Namespace: "shadowsocks",
-			Name:      "tcp_probes",
-			Buckets:   []float64{0, 49, 50, 51, 73, 91},
-			Help:      "Histogram of number of bytes from client to proxy, for detecting possible probes",
-		}, []string{"port", "status", "error"}),
-		tcpOpenConnections: prometheus.NewCounterVec(prometheus.CounterOpts{
-			Namespace: "shadowsocks",
-			Subsystem: "tcp",
-			Name:      "connections_opened",
-			Help:      "Count of open TCP connections",
-		}, []string{"location"}),
-		tcpClosedConnections: prometheus.NewCounterVec(prometheus.CounterOpts{
-			Namespace: "shadowsocks",
-			Subsystem: "tcp",
-			Name:      "connections_closed",
-			Help:      "Count of closed TCP connections",
-		}, []string{"location", "status", "access_key"}),
-		tcpConnectionDurationMs: prometheus.NewHistogramVec(
-			prometheus.HistogramOpts{
-				Namespace: "shadowsocks",
-				Subsystem: "tcp",
-				Name:      "connection_duration_ms",
-				Help:      "TCP connection duration distributions.",
-				Buckets: []float64{
-					100,
-					float64(time.Second.Milliseconds()),
-					float64(time.Minute.Milliseconds()),
-					float64(time.Hour.Milliseconds()),
-					float64(24 * time.Hour.Milliseconds()),     // Day
-					float64(7 * 24 * time.Hour.Milliseconds()), // Week
-				},
-			}, []string{"status"}),
-		dataBytes: prometheus.NewCounterVec(
-			prometheus.CounterOpts{
-				Namespace: "shadowsocks",
-				Name:      "data_bytes",
-				Help:      "Bytes transferred by the proxy, per access key",
-			}, []string{"dir", "proto", "access_key"}),
-		dataBytesPerLocation: prometheus.NewCounterVec(
-			prometheus.CounterOpts{
-				Namespace: "shadowsocks",
-				Name:      "data_bytes_per_location",
-				Help:      "Bytes transferred by the proxy, per location",
-			}, []string{"dir", "proto", "location"}),
-		timeToCipherMs: prometheus.NewHistogramVec(
-			prometheus.HistogramOpts{
-				Namespace: "shadowsocks",
-				Name:      "time_to_cipher_ms",
-				Help:      "Time needed to find the cipher",
-				Buckets:   []float64{0.1, 1, 10, 100, 1000},
-			}, []string{"proto", "found_key"}),
-		udpPacketsFromClientPerLocation: prometheus.NewCounterVec(
-			prometheus.CounterOpts{
-				Namespace: "shadowsocks",
-				Subsystem: "udp",
-				Name:      "packets_from_client_per_location",
-				Help:      "Packets received from the client, per location and status",
-			}, []string{"location", "status"}),
-		udpAddedNatEntries: prometheus.NewCounter(
-			prometheus.CounterOpts{
-				Namespace: "shadowsocks",
-				Subsystem: "udp",
-				Name:      "nat_entries_added",
-				Help:      "Entries added to the UDP NAT table",
-			}),
-		udpRemovedNatEntries: prometheus.NewCounter(
-			prometheus.CounterOpts{
-				Namespace: "shadowsocks",
-				Subsystem: "udp",
-				Name:      "nat_entries_removed",
-				Help:      "Entries removed from the UDP NAT table",
-			}),
-	}
-}
-
-// NewPrometheusShadowsocksMetrics constructs a metrics object that uses
-// `ipCountryDB` to convert IP addresses to countries, and reports all
-// metrics to Prometheus via `registerer`.  `ipCountryDB` may be nil, but
-// `registerer` must not be.
-func NewPrometheusShadowsocksMetrics(ip2info ipinfo.IPInfoMap, registerer prometheus.Registerer) ShadowsocksMetrics {
-	m := newShadowsocksMetrics(ip2info)
-	// TODO: Is it possible to pass where to register the collectors?
-	registerer.MustRegister(m.buildInfo, m.accessKeys, m.ports, m.tcpProbes, m.tcpOpenConnections, m.tcpClosedConnections, m.tcpConnectionDurationMs,
-		m.dataBytes, m.dataBytesPerLocation, m.timeToCipherMs, m.udpPacketsFromClientPerLocation, m.udpAddedNatEntries, m.udpRemovedNatEntries)
-	return m
-}
-
-func (m *shadowsocksMetrics) SetBuildInfo(version string) {
-	m.buildInfo.WithLabelValues(version).Set(1)
-}
-
-func (m *shadowsocksMetrics) SetNumAccessKeys(numKeys int, ports int) {
-	m.accessKeys.Set(float64(numKeys))
-	m.ports.Set(float64(ports))
-}
-
-func (m *shadowsocksMetrics) AddOpenTCPConnection(clientInfo ipinfo.IPInfo) {
-	m.tcpOpenConnections.WithLabelValues(clientInfo.CountryCode.String()).Inc()
-}
-
-// addIfNonZero helps avoid the creation of series that are always zero.
-func addIfNonZero(value int64, counterVec *prometheus.CounterVec, lvs ...string) {
-	if value > 0 {
-		counterVec.WithLabelValues(lvs...).Add(float64(value))
-	}
-}
-
-func (m *shadowsocksMetrics) AddClosedTCPConnection(clientInfo ipinfo.IPInfo, accessKey, status string, data ProxyMetrics, duration time.Duration) {
-	m.tcpClosedConnections.WithLabelValues(clientInfo.CountryCode.String(), status, accessKey).Inc()
-	m.tcpConnectionDurationMs.WithLabelValues(status).Observe(duration.Seconds() * 1000)
-	addIfNonZero(data.ClientProxy, m.dataBytes, "c>p", "tcp", accessKey)
-	addIfNonZero(data.ClientProxy, m.dataBytesPerLocation, "c>p", "tcp", clientInfo.CountryCode.String())
-	addIfNonZero(data.ProxyTarget, m.dataBytes, "p>t", "tcp", accessKey)
-	addIfNonZero(data.ProxyTarget, m.dataBytesPerLocation, "p>t", "tcp", clientInfo.CountryCode.String())
-	addIfNonZero(data.TargetProxy, m.dataBytes, "p<t", "tcp", accessKey)
-	addIfNonZero(data.TargetProxy, m.dataBytesPerLocation, "p<t", "tcp", clientInfo.CountryCode.String())
-	addIfNonZero(data.ProxyClient, m.dataBytes, "c<p", "tcp", accessKey)
-	addIfNonZero(data.ProxyClient, m.dataBytesPerLocation, "c<p", "tcp", clientInfo.CountryCode.String())
-}
-
-func (m *shadowsocksMetrics) AddUDPPacketFromClient(clientInfo ipinfo.IPInfo, accessKey, status string, clientProxyBytes, proxyTargetBytes int) {
-	m.udpPacketsFromClientPerLocation.WithLabelValues(clientInfo.CountryCode.String(), status).Inc()
-	addIfNonZero(int64(clientProxyBytes), m.dataBytes, "c>p", "udp", accessKey)
-	addIfNonZero(int64(clientProxyBytes), m.dataBytesPerLocation, "c>p", "udp", clientInfo.CountryCode.String())
-	addIfNonZero(int64(proxyTargetBytes), m.dataBytes, "p>t", "udp", accessKey)
-	addIfNonZero(int64(proxyTargetBytes), m.dataBytesPerLocation, "p>t", "udp", clientInfo.CountryCode.String())
-}
-
-func (m *shadowsocksMetrics) AddUDPPacketFromTarget(clientInfo ipinfo.IPInfo, accessKey, status string, targetProxyBytes, proxyClientBytes int) {
-	addIfNonZero(int64(targetProxyBytes), m.dataBytes, "p<t", "udp", accessKey)
-	addIfNonZero(int64(targetProxyBytes), m.dataBytesPerLocation, "p<t", "udp", clientInfo.CountryCode.String())
-	addIfNonZero(int64(proxyClientBytes), m.dataBytes, "c<p", "udp", accessKey)
-	addIfNonZero(int64(proxyClientBytes), m.dataBytesPerLocation, "c<p", "udp", clientInfo.CountryCode.String())
-}
-
-func (m *shadowsocksMetrics) AddUDPNatEntry() {
-	m.udpAddedNatEntries.Inc()
-}
-
-func (m *shadowsocksMetrics) RemoveUDPNatEntry() {
-	m.udpRemovedNatEntries.Inc()
-}
-
-func (m *shadowsocksMetrics) AddTCPProbe(status, drainResult string, port int, clientProxyBytes int64) {
-	m.tcpProbes.WithLabelValues(strconv.Itoa(port), status, drainResult).Observe(float64(clientProxyBytes))
-}
-
-func (m *shadowsocksMetrics) AddTCPCipherSearch(accessKeyFound bool, timeToCipher time.Duration) {
-	foundStr := "false"
-	if accessKeyFound {
-		foundStr = "true"
-	}
-	m.timeToCipherMs.WithLabelValues("tcp", foundStr).Observe(timeToCipher.Seconds() * 1000)
-}
-
-func (m *shadowsocksMetrics) AddUDPCipherSearch(accessKeyFound bool, timeToCipher time.Duration) {
-	foundStr := "false"
-	if accessKeyFound {
-		foundStr = "true"
-	}
-	m.timeToCipherMs.WithLabelValues("udp", foundStr).Observe(timeToCipher.Seconds() * 1000)
-}
-
 type ProxyMetrics struct {
 	ClientProxy int64
 	ProxyTarget int64
@@ -297,26 +62,3 @@ func (c *measuredConn) ReadFrom(r io.Reader) (int64, error) {
 func MeasureConn(conn transport.StreamConn, bytesSent, bytesReceived *int64) transport.StreamConn {
 	return &measuredConn{StreamConn: conn, writeCount: bytesSent, readCount: bytesReceived}
 }
-
-// NoOpMetrics is a fake ShadowsocksMetrics that doesn't do anything. Useful in tests
-// or if you don't want to track metrics.
-type NoOpMetrics struct{}
-
-func (m *NoOpMetrics) SetBuildInfo(version string) {}
-func (m *NoOpMetrics) AddClosedTCPConnection(clientInfo ipinfo.IPInfo, accessKey, status string, data ProxyMetrics, duration time.Duration) {
-}
-func (m *NoOpMetrics) GetIPInfo(net.IP) (ipinfo.IPInfo, error) {
-	return ipinfo.IPInfo{}, nil
-}
-func (m *NoOpMetrics) SetNumAccessKeys(numKeys int, numPorts int)    {}
-func (m *NoOpMetrics) AddOpenTCPConnection(clientInfo ipinfo.IPInfo) {}
-func (m *NoOpMetrics) AddUDPPacketFromClient(clientInfo ipinfo.IPInfo, accessKey, status string, clientProxyBytes, proxyTargetBytes int) {
-}
-func (m *NoOpMetrics) AddUDPPacketFromTarget(clientInfo ipinfo.IPInfo, accessKey, status string, targetProxyBytes, proxyClientBytes int) {
-}
-func (m *NoOpMetrics) AddUDPNatEntry()    {}
-func (m *NoOpMetrics) RemoveUDPNatEntry() {}
-func (m *NoOpMetrics) AddTCPProbe(status, drainResult string, port int, clientProxyBytes int64) {
-}
-func (m *NoOpMetrics) AddTCPCipherSearch(accessKeyFound bool, timeToCipher time.Duration) {}
-func (m *NoOpMetrics) AddUDPCipherSearch(accessKeyFound bool, timeToCipher time.Duration) {}
diff --git a/service/tcp.go b/service/tcp.go
index 397d992c..021f6ae0 100644
--- a/service/tcp.go
+++ b/service/tcp.go
@@ -35,6 +35,19 @@ import (
 	"github.com/shadowsocks/go-shadowsocks2/socks"
 )
 
+// TCPMetrics is used to report metrics on TCP connections.
+type TCPMetrics interface {
+	ipinfo.IPInfoMap
+
+	// TCP metrics
+	AddOpenTCPConnection(clientInfo ipinfo.IPInfo)
+	AddClosedTCPConnection(clientInfo ipinfo.IPInfo, accessKey, status string, data metrics.ProxyMetrics, duration time.Duration)
+
+	// Shadowsocks TCP metrics
+	AddTCPProbe(status, drainResult string, port int, clientProxyBytes int64)
+	AddTCPCipherSearch(accessKeyFound bool, timeToCipher time.Duration)
+}
+
 func remoteIP(conn net.Conn) net.IP {
 	addr := conn.RemoteAddr()
 	if addr == nil {
@@ -108,7 +121,7 @@ func findEntry(firstBytes []byte, ciphers []*list.Element) (*CipherEntry, *list.
 type tcpHandler struct {
 	port        int
 	ciphers     CipherList
-	m           metrics.ShadowsocksMetrics
+	m           TCPMetrics
 	readTimeout time.Duration
 	// `replayCache` is a pointer to SSServer.replayCache, to share the cache among all ports.
 	replayCache       *ReplayCache
@@ -117,7 +130,7 @@ type tcpHandler struct {
 
 // NewTCPService creates a TCPService
 // `replayCache` is a pointer to SSServer.replayCache, to share the cache among all ports.
-func NewTCPHandler(port int, ciphers CipherList, replayCache *ReplayCache, m metrics.ShadowsocksMetrics, timeout time.Duration) TCPHandler {
+func NewTCPHandler(port int, ciphers CipherList, replayCache *ReplayCache, m TCPMetrics, timeout time.Duration) TCPHandler {
 	return &tcpHandler{
 		port:              port,
 		ciphers:           ciphers,
@@ -331,3 +344,19 @@ func drainErrToString(drainErr error) string {
 		return "other"
 	}
 }
+
+// NoOpTCPMetrics is a [TCPMetrics] that doesn't do anything. Useful in tests
+// or if you don't want to track metrics.
+type NoOpTCPMetrics struct{}
+
+var _ TCPMetrics = (*NoOpTCPMetrics)(nil)
+
+func (m *NoOpTCPMetrics) AddClosedTCPConnection(clientInfo ipinfo.IPInfo, accessKey, status string, data metrics.ProxyMetrics, duration time.Duration) {
+}
+func (m *NoOpTCPMetrics) GetIPInfo(net.IP) (ipinfo.IPInfo, error) {
+	return ipinfo.IPInfo{}, nil
+}
+func (m *NoOpTCPMetrics) AddOpenTCPConnection(clientInfo ipinfo.IPInfo) {}
+func (m *NoOpTCPMetrics) AddTCPProbe(status, drainResult string, port int, clientProxyBytes int64) {
+}
+func (m *NoOpTCPMetrics) AddTCPCipherSearch(accessKeyFound bool, timeToCipher time.Duration) {}
diff --git a/service/tcp_test.go b/service/tcp_test.go
index 6792c7e9..5018c26d 100644
--- a/service/tcp_test.go
+++ b/service/tcp_test.go
@@ -216,14 +216,13 @@ func BenchmarkTCPFindCipherRepeat(b *testing.B) {
 
 // Stub metrics implementation for testing replay defense.
 type probeTestMetrics struct {
-	metrics.ShadowsocksMetrics
 	mu          sync.Mutex
 	probeData   []int64
 	probeStatus []string
 	closeStatus []string
 }
 
-var _ metrics.ShadowsocksMetrics = (*probeTestMetrics)(nil)
+var _ TCPMetrics = (*probeTestMetrics)(nil)
 
 func (m *probeTestMetrics) AddClosedTCPConnection(clientInfo ipinfo.IPInfo, accessKey, status string, data metrics.ProxyMetrics, duration time.Duration) {
 	m.mu.Lock()
@@ -234,17 +233,8 @@ func (m *probeTestMetrics) AddClosedTCPConnection(clientInfo ipinfo.IPInfo, acce
 func (m *probeTestMetrics) GetIPInfo(net.IP) (ipinfo.IPInfo, error) {
 	return ipinfo.IPInfo{}, nil
 }
-func (m *probeTestMetrics) SetNumAccessKeys(numKeys int, numPorts int) {
-}
 func (m *probeTestMetrics) AddOpenTCPConnection(clientInfo ipinfo.IPInfo) {
 }
-func (m *probeTestMetrics) AddUDPPacketFromClient(clientInfo ipinfo.IPInfo, accessKey, status string, clientProxyBytes, proxyTargetBytes int) {
-}
-func (m *probeTestMetrics) AddUDPPacketFromTarget(clientInfo ipinfo.IPInfo, accessKey, status string, targetProxyBytes, proxyClientBytes int) {
-}
-func (m *probeTestMetrics) AddUDPNatEntry()    {}
-func (m *probeTestMetrics) RemoveUDPNatEntry() {}
-
 func (m *probeTestMetrics) AddTCPProbe(status, drainResult string, port int, clientProxyBytes int64) {
 	m.mu.Lock()
 	m.probeData = append(m.probeData, clientProxyBytes)
@@ -253,7 +243,6 @@ func (m *probeTestMetrics) AddTCPProbe(status, drainResult string, port int, cli
 }
 
 func (m *probeTestMetrics) AddTCPCipherSearch(accessKeyFound bool, timeToCipher time.Duration) {}
-func (m *probeTestMetrics) AddUDPCipherSearch(accessKeyFound bool, timeToCipher time.Duration) {}
 
 func (m *probeTestMetrics) countStatuses() map[string]int {
 	counts := make(map[string]int)
diff --git a/service/udp.go b/service/udp.go
index c9ac4150..0c028b15 100644
--- a/service/udp.go
+++ b/service/udp.go
@@ -25,11 +25,24 @@ import (
 	"github.com/Jigsaw-Code/outline-internal-sdk/transport/shadowsocks"
 	"github.com/Jigsaw-Code/outline-ss-server/ipinfo"
 	onet "github.com/Jigsaw-Code/outline-ss-server/net"
-	"github.com/Jigsaw-Code/outline-ss-server/service/metrics"
 	logging "github.com/op/go-logging"
 	"github.com/shadowsocks/go-shadowsocks2/socks"
 )
 
+// UDPMetrics is used to report metrics on UDP connections.
+type UDPMetrics interface {
+	ipinfo.IPInfoMap
+
+	// UDP metrics
+	AddUDPPacketFromClient(clientInfo ipinfo.IPInfo, accessKey, status string, clientProxyBytes, proxyTargetBytes int)
+	AddUDPPacketFromTarget(clientInfo ipinfo.IPInfo, accessKey, status string, targetProxyBytes, proxyClientBytes int)
+	AddUDPNatEntry()
+	RemoveUDPNatEntry()
+
+	// Shadowsocks metrics
+	AddUDPCipherSearch(accessKeyFound bool, timeToCipher time.Duration)
+}
+
 // Max UDP buffer size for the server code.
 const serverUDPBufferSize = 64 * 1024
 
@@ -73,12 +86,12 @@ func findAccessKeyUDP(clientIP net.IP, dst, src []byte, cipherList CipherList) (
 type packetHandler struct {
 	natTimeout        time.Duration
 	ciphers           CipherList
-	m                 metrics.ShadowsocksMetrics
+	m                 UDPMetrics
 	targetIPValidator onet.TargetIPValidator
 }
 
 // NewPacketHandler creates a UDPService
-func NewPacketHandler(natTimeout time.Duration, cipherList CipherList, m metrics.ShadowsocksMetrics) PacketHandler {
+func NewPacketHandler(natTimeout time.Duration, cipherList CipherList, m UDPMetrics) PacketHandler {
 	return &packetHandler{natTimeout: natTimeout, ciphers: cipherList, m: m, targetIPValidator: onet.RequirePublicIP}
 }
 
@@ -296,11 +309,11 @@ type natmap struct {
 	sync.RWMutex
 	keyConn map[string]*natconn
 	timeout time.Duration
-	metrics metrics.ShadowsocksMetrics
+	metrics UDPMetrics
 	running *sync.WaitGroup
 }
 
-func newNATmap(timeout time.Duration, sm metrics.ShadowsocksMetrics, running *sync.WaitGroup) *natmap {
+func newNATmap(timeout time.Duration, sm UDPMetrics, running *sync.WaitGroup) *natmap {
 	m := &natmap{metrics: sm, running: running}
 	m.keyConn = make(map[string]*natconn)
 	m.timeout = timeout
@@ -377,7 +390,7 @@ var maxAddrLen int = len(socks.ParseAddr("[2001:db8::1]:12345"))
 
 // copy from target to client until read timeout
 func timedCopy(clientAddr net.Addr, clientConn net.PacketConn, targetConn *natconn,
-	keyID string, sm metrics.ShadowsocksMetrics) {
+	keyID string, sm UDPMetrics) {
 	// pkt is used for in-place encryption of downstream UDP packets, with the layout
 	// [padding?][salt][address][body][tag][extra]
 	// Padding is only used if the address is IPv4.
@@ -448,3 +461,20 @@ func timedCopy(clientAddr net.Addr, clientConn net.PacketConn, targetConn *natco
 		sm.AddUDPPacketFromTarget(targetConn.clientInfo, keyID, status, bodyLen, proxyClientBytes)
 	}
 }
+
+// NoOpUDPMetrics is a [UDPMetrics] that doesn't do anything. Useful in tests
+// or if you don't want to track metrics.
+type NoOpUDPMetrics struct{}
+
+var _ UDPMetrics = (*NoOpUDPMetrics)(nil)
+
+func (m *NoOpUDPMetrics) GetIPInfo(net.IP) (ipinfo.IPInfo, error) {
+	return ipinfo.IPInfo{}, nil
+}
+func (m *NoOpUDPMetrics) AddUDPPacketFromClient(clientInfo ipinfo.IPInfo, accessKey, status string, clientProxyBytes, proxyTargetBytes int) {
+}
+func (m *NoOpUDPMetrics) AddUDPPacketFromTarget(clientInfo ipinfo.IPInfo, accessKey, status string, targetProxyBytes, proxyClientBytes int) {
+}
+func (m *NoOpUDPMetrics) AddUDPNatEntry()                                                    {}
+func (m *NoOpUDPMetrics) RemoveUDPNatEntry()                                                 {}
+func (m *NoOpUDPMetrics) AddUDPCipherSearch(accessKeyFound bool, timeToCipher time.Duration) {}
diff --git a/service/udp_test.go b/service/udp_test.go
index ff295a64..bb4e99e8 100644
--- a/service/udp_test.go
+++ b/service/udp_test.go
@@ -25,7 +25,6 @@ import (
 	"github.com/Jigsaw-Code/outline-internal-sdk/transport/shadowsocks"
 	"github.com/Jigsaw-Code/outline-ss-server/ipinfo"
 	onet "github.com/Jigsaw-Code/outline-ss-server/net"
-	"github.com/Jigsaw-Code/outline-ss-server/service/metrics"
 	logging "github.com/op/go-logging"
 	"github.com/shadowsocks/go-shadowsocks2/socks"
 	"github.com/stretchr/testify/assert"
@@ -100,22 +99,15 @@ type udpReport struct {
 
 // Stub metrics implementation for testing NAT behaviors.
 type natTestMetrics struct {
-	metrics.ShadowsocksMetrics
 	natEntriesAdded int
 	upstreamPackets []udpReport
 }
 
-var _ metrics.ShadowsocksMetrics = (*natTestMetrics)(nil)
+var _ UDPMetrics = (*natTestMetrics)(nil)
 
-func (m *natTestMetrics) AddClosedTCPConnection(clientInfo ipinfo.IPInfo, accessKey, status string, data metrics.ProxyMetrics, duration time.Duration) {
-}
 func (m *natTestMetrics) GetIPInfo(net.IP) (ipinfo.IPInfo, error) {
 	return ipinfo.IPInfo{}, nil
 }
-func (m *natTestMetrics) SetNumAccessKeys(numKeys int, numPorts int) {
-}
-func (m *natTestMetrics) AddOpenTCPConnection(clientInfo ipinfo.IPInfo) {
-}
 func (m *natTestMetrics) AddUDPPacketFromClient(clientInfo ipinfo.IPInfo, accessKey, status string, clientProxyBytes, proxyTargetBytes int) {
 	m.upstreamPackets = append(m.upstreamPackets, udpReport{clientInfo, accessKey, status, clientProxyBytes, proxyTargetBytes})
 }
@@ -124,10 +116,7 @@ func (m *natTestMetrics) AddUDPPacketFromTarget(clientInfo ipinfo.IPInfo, access
 func (m *natTestMetrics) AddUDPNatEntry() {
 	m.natEntriesAdded++
 }
-func (m *natTestMetrics) RemoveUDPNatEntry() {}
-func (m *natTestMetrics) AddTCPProbe(status, drainResult string, port int, clientProxyBytes int64) {
-}
-func (m *natTestMetrics) AddTCPCipherSearch(accessKeyFound bool, timeToCipher time.Duration) {}
+func (m *natTestMetrics) RemoveUDPNatEntry()                                                 {}
 func (m *natTestMetrics) AddUDPCipherSearch(accessKeyFound bool, timeToCipher time.Duration) {}
 
 // Takes a validation policy, and returns the metrics it