From 46d4e3edae7982ba1dd487fe4e661d825bdf1a1a Mon Sep 17 00:00:00 2001
From: wario_is_here <mario.hofmann@yourdevice.ch>
Date: Wed, 17 Jun 2026 17:47:52 +0200
Subject: [PATCH] Send SV2 frames in a single write
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The encrypted header and payload were sent as two writes, so every frame
left as two TCP segments. Build them into one buffer and send once, so a
frame is a single segment — drops SV2 submit response time further (8.1
to 5.4 ms measured) on top of the TCP_NODELAY fix.
---
 components/stratum_v2/sv2_noise.c | 52 ++++++++++++++++++-------------
 1 file changed, 30 insertions(+), 22 deletions(-)

diff --git a/components/stratum_v2/sv2_noise.c b/components/stratum_v2/sv2_noise.c
index 3a9e4f5e1..b4310b332 100644
--- a/components/stratum_v2/sv2_noise.c
+++ b/components/stratum_v2/sv2_noise.c
@@ -501,36 +501,44 @@ int sv2_noise_send(sv2_noise_ctx_t *ctx, esp_transport_handle_t transport,
         return -1;
     }
 
-    // Encrypt header (6 bytes -> 22 bytes)
-    uint8_t enc_hdr[22];
-    if (noise_encrypt(ctx->send_key, ctx->send_nonce++, NULL, 0,
-                      frame, SV2_FRAME_HEADER_SIZE, enc_hdr) != 0) {
-        return -1;
-    }
-
-    if (noise_send_all(transport, enc_hdr, 22) != 0) {
-        return -1;
-    }
-
-    // Encrypt payload if present
     int payload_len = frame_len - SV2_FRAME_HEADER_SIZE;
-    if (payload_len > 0) {
-        uint8_t *enc_payload = malloc(payload_len + 16);
-        if (!enc_payload) return -1;
 
+    // Header-only frame: encrypt (6 -> 22 bytes) and send directly off the stack.
+    if (payload_len <= 0) {
+        uint8_t enc_hdr[22];
         if (noise_encrypt(ctx->send_key, ctx->send_nonce++, NULL, 0,
-                          frame + SV2_FRAME_HEADER_SIZE, payload_len,
-                          enc_payload) != 0) {
-            free(enc_payload);
+                          frame, SV2_FRAME_HEADER_SIZE, enc_hdr) != 0) {
             return -1;
         }
+        return noise_send_all(transport, enc_hdr, 22);
+    }
 
-        int ret = noise_send_all(transport, enc_payload, payload_len + 16);
-        free(enc_payload);
-        if (ret != 0) return -1;
+    // Build the encrypted header and payload contiguously and send them in a
+    // single write, so a frame leaves as one TCP segment instead of a header
+    // segment followed by a payload segment. The two parts use separate Noise
+    // nonces but are just consecutive bytes on the wire, so the receiver, which
+    // reads the 22-byte header first and then the payload, is unaffected.
+    int total_len = 22 + payload_len + 16;
+    uint8_t *out = malloc(total_len);
+    if (!out) return -1;
+
+    // Encrypt header (nonce N) into out[0..21]
+    if (noise_encrypt(ctx->send_key, ctx->send_nonce++, NULL, 0,
+                      frame, SV2_FRAME_HEADER_SIZE, out) != 0) {
+        free(out);
+        return -1;
     }
 
-    return 0;
+    // Encrypt payload (nonce N+1) into out[22..]
+    if (noise_encrypt(ctx->send_key, ctx->send_nonce++, NULL, 0,
+                      frame + SV2_FRAME_HEADER_SIZE, payload_len, out + 22) != 0) {
+        free(out);
+        return -1;
+    }
+
+    int ret = noise_send_all(transport, out, total_len);
+    free(out);
+    return ret;
 }
 
 int sv2_noise_recv(sv2_noise_ctx_t *ctx, esp_transport_handle_t transport,