Let conntrack track non-NATed short-lived connections

[2opremio]

Fixes #2494

Regression introduced by #2135

• Add integration test

[2opremio]

I was done coding an integration test when I realized we already have one doing almost exactly what I demonstrated at #2494 (comment)

The only difference is that it uses Weave. Maybe connections somehow do NATting? (I doubt it)

[2opremio]

There must be something wrong with the test because I just verified its short-lived connections aren't conntracked when running it locally.

• If I run sudo conntrack --buffer-size 212992 -E -o id -p tcp --any-nat while running the test no connections are shown by conntrack.
• The connections show if I remove the --any-nat parameter.

In other words, the integration test should had been failing.

[2opremio]

The existing test was working because, after all, the connection between the client and nginx (through Weave) was NATed. Here's the report.json.gz at the point at which the test was successful.

And here are the relevant pieces from the Endpoint topology:

    "host1-weaveworks-scope-7212-0;172.17.0.3;60566": {
      "id": "host1-weaveworks-scope-7212-0;172.17.0.3;60566",
      "topology": "endpoint",
      "counters": {},
      "sets": {},
      "adjacency": [
        ";10.32.0.2;80"
      ],
      "edges": {
        ";10.32.0.2;80": {}
      },
      "controls": {},
      "latestControls": {},
      "latest": {
        "addr": {
          "timestamp": "2017-05-18T19:22:16.618664092Z",
          "value": "172.17.0.3"
        },
        "port": {
          "timestamp": "2017-05-18T19:22:16.618664092Z",
          "value": "60566"
        },
        "conntracked": {
          "timestamp": "2017-05-18T19:22:16.618670138Z",
          "value": "true"
        }
      },
      "parents": {},
      "children": null
    },

    ";10.32.0.1;60566": {
      "id": ";10.32.0.1;60566",
      "topology": "endpoint",
      "counters": {},
      "sets": {},
      "adjacency": [
        ";10.32.0.2;80"
      ],
      "edges": {
        ";10.32.0.2;80": {}
      },
      "controls": {},
      "latestControls": {},
      "latest": {
        "addr": {
          "timestamp": "2017-05-18T19:22:16.61933701Z",
          "value": "10.32.0.1"
        },
        "copy_of": {
          "timestamp": "2017-05-18T19:22:16.61933701Z",
          "value": "host1-weaveworks-scope-7212-0;172.17.0.3;60566"
        },
        "port": {
          "timestamp": "2017-05-18T19:22:16.61933701Z",
          "value": "60566"
        },
        "conntracked": {
          "timestamp": "2017-05-18T19:22:16.618670138Z",
          "value": "true"
        }
      },
      "parents": {},
      "children": null
    },

    ";10.32.0.2;80": {
      "id": ";10.32.0.2;80",
      "topology": "endpoint",
      "counters": {},
      "sets": {},
      "adjacency": null,
      "edges": {},
      "controls": {},
      "latestControls": {},
      "latest": {
        "addr": {
          "timestamp": "2017-05-18T19:22:16.618672488Z",
          "value": "10.32.0.2"
        },
        "port": {
          "timestamp": "2017-05-18T19:22:16.618672488Z",
          "value": "80"
        },
        "conntracked": {
          "timestamp": "2017-05-18T19:22:16.618675297Z",
          "value": "true"
        }
      },
      "parents": {},
      "children": null
    },

This means that the connection was happening from IP 172.17.0.3 in the client container which was NATed to 10.32.0.1 before reaching the nginx container (IP ;10.32.0.2;80). I guess 10.32.0.1 is the Weave interface IP? (The client container has a Weave network IP `10.32.0.3).

This also means that I was doing something wrong when running the test locally (I was writing commands manually, so who knows ...)

I will re-add my test and see if it fails before adding my fix.

[2opremio]

The new test fails without the fix.

[2opremio]

@errordeveloper the netlify CI is a bit flakey