Do not attribute connections to containers based on loopback addresses

render/container.go

@@ -264,6 +264,11 @@ func MapContainer2IP(m report.Node) []string {
 			if !ok {
 				continue
 			}
+			// loopback addresses are shared among all namespaces
+			// so we can't use them to attribute connections to a container
+			if report.IsLoopback(addr) {
+				continue
+			}
 			id := report.MakeScopedEndpointNodeID(scope, addr, "")
 			result = append(result, id)
 		}

report/id.go

@@ -44,7 +44,7 @@ func makeAddressID(hostID, namespaceID, address string) string {
 	addressIP := net.ParseIP(address)
 	if addressIP != nil && LocalNetworks.Contains(addressIP) {
 		scope = hostID
-	} else if isLoopback(address) {
+	} else if IsLoopback(address) {
 		scope = hostID
 		if namespaceID != "" {
 			scope += "-" + namespaceID
@@ -176,7 +176,8 @@ func ExtractHostID(m Node) string {
 	return hostID
 }
 
-func isLoopback(address string) bool {
+// IsLoopback ascertains if an address comes from a loopback interface.
+func IsLoopback(address string) bool {
 	ip := net.ParseIP(address)
 	return ip != nil && ip.IsLoopback()
 }