Sharing virtual network with docker container

Question

I am working on a project that requires me to create a virtual CAN network on my host machine

$ sudo modprobe vcan
$ sudo ip link add dev vcan0 type vcan
$ sudo ip link set up vcan0

My ifconfig :

My question is how can I share this interface with my docker container.

If its of any use I ran the following command find / -name "vcan0" -print 2>/dev/null on my host machine :

/sys/class/net/vcan0
/sys/devices/virtual/net/vcan0
/proc/sys/net/ipv4/conf/vcan0
/proc/sys/net/ipv4/neigh/vcan0

I can run the Docker container using docker run --rm -it --network=host ... . The only problem is there is no network isolation b/w docker host and containers anymore. Is there a way to achieve the above but without sharing the host network ?

Answer 1

I haven't found a way to share a CAN network interface with a Docker container without --network=host, but there is a possible workaround. You can use a CAN-UDP bridge, like canneloni or can2udp, to send CAN frames over UDP.

I've used this in the past to connect a physical CAN bus on a remote device to a virtual CAN interface on my laptop. But it should work just as well for a Docker container.

One drawback is that you do have to create a vcan interface in the container. Which requires you to run the container in privileged mode.

Answer 2

You can use --cap-add=NET_ADMIN when you run docker image. This will allow you to create inside container:

$ sudo ip link add dev vcan0 type vcan
$ sudo ip link set up vcan0

Of course vcan driver is loaded on host.