Sharing virtual network with docker container

Asked 21/7, 2020 at 16:48 Answered 9/11, 2020 at 15:48

linux docker can-bus docker-network python-can

I am working on a project that requires me to create a virtual CAN network on my host machine

$ sudo modprobe vcan
$ sudo ip link add dev vcan0 type vcan
$ sudo ip link set up vcan0

My ifconfig :

My question is how can I share this interface with my docker container.

If its of any use I ran the following command find / -name "vcan0" -print 2>/dev/null on my host machine :

/sys/class/net/vcan0
/sys/devices/virtual/net/vcan0
/proc/sys/net/ipv4/conf/vcan0
/proc/sys/net/ipv4/neigh/vcan0

I can run the Docker container using docker run --rm -it --network=host ... . The only problem is there is no network isolation b/w docker host and containers anymore. Is there a way to achieve the above but without sharing the host network ?

Hierophant answered 21/7, 2020 at 16:48 Comment(0)

I haven't found a way to share a CAN network interface with a Docker container without --network=host, but there is a possible workaround. You can use a CAN-UDP bridge, like canneloni or can2udp, to send CAN frames over UDP.

I've used this in the past to connect a physical CAN bus on a remote device to a virtual CAN interface on my laptop. But it should work just as well for a Docker container.

One drawback is that you do have to create a vcan interface in the container. Which requires you to run the container in privileged mode.

Explode answered 23/7, 2020 at 18:22 Comment(1)

Thank you, I guess I probably use can2udp or end up sticking with --network=host at this moment. – Hierophant 30/7, 2020 at 19:44

I've written up a blog post that should get you most of the way there. At a high level you need to create a vxcan link and move one end of it into your docker container. Then you can forward traffic from your vcan interface to one end of the vxcan interface, and it will be transmitted to the vxcan inside the container. You'll just need to use the correct kernel headers package and in the final cangw step you'll need to specific vcan0 instead of can0.

https://www.lagerdata.com/blog/forwarding-can-bus-traffic-to-a-docker-container-using-vxcan-on-raspberry-pi

Lifesize answered 9/11, 2020 at 15:48 Comment(0)

You can use --cap-add=NET_ADMIN when you run docker image. This will allow you to create inside container:

$ sudo ip link add dev vcan0 type vcan
$ sudo ip link set up vcan0

Of course vcan driver is loaded on host.

Marrymars answered 1/9, 2020 at 6:35 Comment(2)

But it's not visible on the host. Or I'm missing something? – Wideranging 25/4 at 12:4

You can set it up on host. And than pass this param to docker run. --net=host Than vcan0 device will be available in running docker container. – Marrymars 13/9 at 7:39

Recommended topics

Hot tags