From 98988b0af3dc2e84371cb8905c9def9a073fa69a Mon Sep 17 00:00:00 2001
From: sbruens <sbruens@users.noreply.github.com>
Date: Thu, 19 Dec 2024 17:07:58 -0500
Subject: [PATCH] Do not unpack first packets twice.

---
 service/udp.go | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/service/udp.go b/service/udp.go
index 8bfeedf8..4695b58f 100644
--- a/service/udp.go
+++ b/service/udp.go
@@ -453,10 +453,14 @@ func (a *association) HandlePacket(pkt []byte, lazySlice slicepool.LazySlice) {
 			return onet.NewConnectionError("ERR_CIPHER", "Failed to unpack data from client", err)
 		}
 
-		unpackStart := time.Now()
-		textData, err = shadowsocks.Unpack(nil, pkt, a.cryptoKey)
-		timeToCipher := time.Since(unpackStart)
-		a.ssm.AddCipherSearch(err == nil, timeToCipher)
+		if textData == nil {
+			// This is a subsequent packet. First packets are already decrypted as part of the
+			// initial access key search.
+			unpackStart := time.Now()
+			textData, err = shadowsocks.Unpack(nil, pkt, a.cryptoKey)
+			timeToCipher := time.Since(unpackStart)
+			a.ssm.AddCipherSearch(err == nil, timeToCipher)
+		}
 
 		if err != nil {
 			return onet.NewConnectionError("ERR_CIPHER", "Failed to unpack data from client", err)