diff --git a/crates/sui-core/src/traffic_controller/mod.rs b/crates/sui-core/src/traffic_controller/mod.rs index 8d1dbbe0a8c319..b90d3c73bc3e9a 100644 --- a/crates/sui-core/src/traffic_controller/mod.rs +++ b/crates/sui-core/src/traffic_controller/mod.rs @@ -186,16 +186,20 @@ impl TrafficController { pub async fn check(&self, client: &Option, proxied_client: &Option) -> bool { let check_with_dry_run_maybe = |allowed| -> bool { match (allowed, self.dry_run_mode()) { - // check succeeded + // request allowed (true, _) => true, - // check failed while in dry-run mode + // request blocked while in dry-run mode (false, true) => { debug!("Dry run mode: Blocked request from client {:?}", client); self.metrics.num_dry_run_blocked_requests.inc(); true } - // check failed - (false, false) => false, + // request blocked + (false, false) => { + debug!("Blocked request from client {:?}", client); + self.metrics.requests_blocked_at_protocol.inc(); + true + } } }; @@ -520,8 +524,7 @@ async fn handle_policy_response( .is_none() { // Only increment the metric if the client was not already blocked - debug!("Blocking client: {:?}", client); - metrics.requests_blocked_at_protocol.inc(); + debug!("Adding client {:?} to blocklist", client); metrics.connection_ip_blocklist_len.inc(); } } @@ -535,8 +538,7 @@ async fn handle_policy_response( .is_none() { // Only increment the metric if the client was not already blocked - debug!("Blocking proxied client: {:?}", client); - metrics.requests_blocked_at_protocol.inc(); + debug!("Adding proxied client {:?} to blocklist", client); metrics.proxy_ip_blocklist_len.inc(); } }