diff --git a/service/shadowsocks.go b/service/shadowsocks.go
index 97329c3a..72170801 100644
--- a/service/shadowsocks.go
+++ b/service/shadowsocks.go
@@ -20,3 +20,12 @@ import "time"
 type ShadowsocksConnMetrics interface {
 	AddCipherSearch(accessKeyFound bool, timeToCipher time.Duration)
 }
+
+// NoOpShadowsocksConnMetrics is a [ShadowsocksConnMetrics] that doesn't do anything. Useful in tests
+// or if you don't want to track metrics.
+type NoOpShadowsocksConnMetrics struct{}
+
+var _ ShadowsocksConnMetrics = (*NoOpShadowsocksConnMetrics)(nil)
+
+func (m *NoOpShadowsocksConnMetrics) AddCipherSearch(accessKeyFound bool, timeToCipher time.Duration) {
+}
diff --git a/service/tcp.go b/service/tcp.go
index 8637663b..6a12afc0 100644
--- a/service/tcp.go
+++ b/service/tcp.go
@@ -117,6 +117,9 @@ type StreamAuthenticateFunc func(clientConn transport.StreamConn) (string, trans
 // NewShadowsocksStreamAuthenticator creates a stream authenticator that uses Shadowsocks.
 // TODO(fortuna): Offer alternative transports.
 func NewShadowsocksStreamAuthenticator(ciphers CipherList, replayCache *ReplayCache, metrics ShadowsocksConnMetrics) StreamAuthenticateFunc {
+	if metrics == nil {
+		metrics = &NoOpShadowsocksConnMetrics{}
+	}
 	return func(clientConn transport.StreamConn) (string, transport.StreamConn, *onet.ConnectionError) {
 		// Find the cipher and acess key id.
 		cipherEntry, clientReader, clientSalt, timeToCipher, keyErr := findAccessKey(clientConn, remoteIP(clientConn), ciphers)
@@ -241,6 +244,9 @@ func StreamServe(accept StreamAcceptFunc, handle StreamHandleFunc) {
 }
 
 func (h *streamHandler) Handle(ctx context.Context, clientConn transport.StreamConn, connMetrics TCPConnMetrics) {
+	if connMetrics == nil {
+		connMetrics = &NoOpTCPConnMetrics{}
+	}
 	var proxyMetrics metrics.ProxyMetrics
 	measuredClientConn := metrics.MeasureConn(clientConn, &proxyMetrics.ProxyClient, &proxyMetrics.ClientProxy)
 	connStart := time.Now()
diff --git a/service/udp.go b/service/udp.go
index 2d08a709..39091239 100644
--- a/service/udp.go
+++ b/service/udp.go
@@ -89,7 +89,19 @@ type packetHandler struct {
 
 // NewPacketHandler creates a UDPService
 func NewPacketHandler(natTimeout time.Duration, cipherList CipherList, m UDPMetrics, ssMetrics ShadowsocksConnMetrics) PacketHandler {
-	return &packetHandler{natTimeout: natTimeout, ciphers: cipherList, m: m, ssm: ssMetrics, targetIPValidator: onet.RequirePublicIP}
+	if m == nil {
+		m = &NoOpUDPMetrics{}
+	}
+	if ssMetrics == nil {
+		ssMetrics = &NoOpShadowsocksConnMetrics{}
+	}
+	return &packetHandler{
+		natTimeout:        natTimeout,
+		ciphers:           cipherList,
+		m:                 m,
+		ssm:               ssMetrics,
+		targetIPValidator: onet.RequirePublicIP,
+	}
 }
 
 // PacketHandler is a running UDP shadowsocks proxy that can be stopped.