don't skip connections from the host network namespace to the loopback IPs

def · def · commit afdfe9ed6fde · 2023-06-15T17:20:34.000+03:00
diff --git a/containers/container.go b/containers/container.go
@@ -484,7 +484,7 @@ func (c *Container) onConnectionOpen(pid uint32, fd uint64, src, dst netaddr.IPP
 			break
 		}
 	}
-	if !whitelisted && !common.IsIpPrivate(dst.IP()) {
+	if !whitelisted && !common.IsIpPrivate(dst.IP()) && !dst.IP().IsLoopback() {
 		return
 	}
 	c.lock.Lock()

Original file line number	Diff line number	Diff line change
`@@ -484,7 +484,7 @@ func (c *Container) onConnectionOpen(pid uint32, fd uint64, src, dst netaddr.IPP`
`484`	`484`	`break`
`485`	`485`	`}`
`486`	`486`	`}`
`487`		`- if !whitelisted && !common.IsIpPrivate(dst.IP()) {`
	`487`	`+ if !whitelisted && !common.IsIpPrivate(dst.IP()) && !dst.IP().IsLoopback() {`
`488`	`488`	`return`
`489`	`489`	`}`
`490`	`490`	`c.lock.Lock()`