diff --git a/crates/sui-core/src/authority_server.rs b/crates/sui-core/src/authority_server.rs index 6c8bdc956c391..2606211f5cf81 100644 --- a/crates/sui-core/src/authority_server.rs +++ b/crates/sui-core/src/authority_server.rs @@ -198,6 +198,7 @@ pub struct ValidatorServiceMetrics { forwarded_header_parse_error: IntCounter, forwarded_header_invalid: IntCounter, forwarded_header_not_included: IntCounter, + client_id_source_config_mismatch: IntCounter, } impl ValidatorServiceMetrics { @@ -329,6 +330,12 @@ impl ValidatorServiceMetrics { registry, ) .unwrap(), + client_id_source_config_mismatch: register_int_counter_with_registry!( + "validator_service_client_id_source_config_mismatch", + "Number of times detected that client id source config doesn't agree with x-forwarded-for header", + registry, + ) + .unwrap(), } } @@ -1227,17 +1234,19 @@ impl ValidatorService { let contents_len = header_contents.len(); // Network topology should not be very dynamic, therefore if it changes and the above // invariant is violated, we should fail loudly so that the node config can be updated. - assert!( - contents_len >= *num_hops, - "x-forwarded-for header value of {:?} contains {} values, but {} hops were specified. \ - Expected at least {} values. Please correctly set the `x-forwarded-for` value under \ - `client-id-source` in the node config.", - header_contents, - contents_len, - num_hops, - contents_len, - ); - let contents_len = header_contents.len(); + if contents_len < *num_hops { + error!( + "x-forwarded-for header value of {:?} contains {} values, but {} hops were specified. \ + Expected at least {} values. Please correctly set the `x-forwarded-for` value under \ + `client-id-source` in the node config.", + header_contents, + contents_len, + num_hops, + contents_len, + ); + self.metrics.client_id_source_config_mismatch.inc(); + return None; + } let Some(client_ip) = header_contents.get(contents_len - num_hops) else { error!(