Add logging of connection dropped by Weave NPC.

npc/metrics/metrics.go

@@ -2,6 +2,7 @@ package metrics
 
 import (
 	log "github.com/Sirupsen/logrus"
+	"net"
 	"net/http"
 	"os"
 	"strconv"
@@ -46,18 +47,44 @@ func gatherMetrics() {
 			tcp, _ := tcpLayer.(*layers.TCP)
 			if tcp.SYN && !tcp.ACK { // Only plain SYN constitutes a NEW TCP connection
 				blockedConnections.With(prometheus.Labels{"protocol": "tcp", "dport": strconv.Itoa(int(tcp.DstPort))}).Inc()
+				log.Warnf("TCP connection from port %v:%d to port %v:%d dropped by Weave NPC: %v", srcIP(packet), tcp.SrcPort, dstIP(packet), tcp.DstPort)
 				continue
 			}
 		}
 
 		if udpLayer := packet.Layer(layers.LayerTypeUDP); udpLayer != nil {
 			udp, _ := udpLayer.(*layers.UDP)
 			blockedConnections.With(prometheus.Labels{"protocol": "udp", "dport": strconv.Itoa(int(udp.DstPort))}).Inc()
+			log.Warnf("UDP connection from port %v:%d to port %v:%d dropped by Weave NPC: %v", srcIP(packet), udp.SrcPort, dstIP(packet), udp.DstPort)
 			continue
 		}
 	}
 }
 
+func srcIP(packet gopacket.Packet) string {
+	return ipToString(packet,
+		func(ip4 *layers.IPv4) net.IP { return ip4.SrcIP },
+		func(ip6 *layers.IPv6) net.IP { return ip6.SrcIP })
+}
+
+func dstIP(packet gopacket.Packet) string {
+	return ipToString(packet,
+		func(ip4 *layers.IPv4) net.IP { return ip4.DstIP },
+		func(ip6 *layers.IPv6) net.IP { return ip6.DstIP })
+}
+
+func ipToString(packet gopacket.Packet, ip4Getter func(*layers.IPv4) net.IP, ip6Getter func(*layers.IPv6) net.IP) string {
+	if ip4Layer := packet.Layer(layers.LayerTypeIPv4); ip4Layer != nil {
+		ip4, _ := ip4Layer.(*layers.IPv4)
+		return ip4Getter(ip4).String()
+	}
+	if ip6Layer := packet.Layer(layers.LayerTypeIPv6); ip6Layer != nil {
+		ip6, _ := ip6Layer.(*layers.IPv6)
+		return ip6Getter(ip6).String()
+	}
+	return "unknown"
+}
+
 func Start(addr string) error {
 	if err := prometheus.Register(blockedConnections); err != nil {
 		return err