Re: Raw CAN socket support in LXC?

[John Ernberg <john.ernberg@actia.se>]

On 2015-05-11 13:45, Pavel Pisa wrote:
> Hello John,
>
> On Friday 08 of May 2015 13:17:52 John Ernberg wrote:
>> Hi
>>
>> With the experimenting I have been able to do on an Ubuntu 14.04 LTS
>> computer, I cannot find any CAN or virtual CAN interfaces inside the
>> container.
>> When I change the config to specifically forward CAN interfaces, like this:
>> lxc.network.type = can
>> lxc.network.link = lxcbr0
>> lxc.network.flags = up
>> lxc.network.hwaddr = 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>> I get a series of parsing errors from LXC and the container cannot be
>> created.
>>
>> Creating a privileged container did not change anything.
>>
>> We will also take the systemd alternative into consideration, but the
>> current state is that we'd like to run with LXC, as they provide us with
>> more options for future changes to our use-cases.
> you cannot use Ethernet bridging. This cannot work.
> But you should be able to forward whole interface
> to the container
>
> lxc.network.type = phys
>
> I have not tried this for CAN, but it works with Ethernet
> and I expect that in this case there is no significant difference
> to CAN. But you lose (at least for Ethernet) access to the interface
> from the outer system.
>
> If you want to filter frames then you should be able to setup
> virtual CAN interface in the outer/host system, then setup CANGW
> to route messages in the interrest and the start container
> which hides virtual can interface from the outer system
> but CANGW setup should continue to work after this move of
> interface to other namespace.
>
> I am out of time with teaching now so I do not expect to find
> time to test that soon but I hope that hint is in the right
> direction. If there is some need to do code adaptations somebody
> of my colleagues could have interrest to look at it if we
> are sucesfull with gaining one of our partially related grant
> or we find other funding.
>
> Best wishes,
>
>                 Pavel
Hi Pavel,

I succeeded in forwarding the can interface into the container.
When I tried to open a socket, and bind it to the interface to make a 
test for receiving frames I got an error saying "socket: Address family 
not supported by protocol".
Looking around in LXC, and then the kernel, I discovered that the AF_CAN 
implementation does not support net_namespaces yet, and net_namespaces 
does not implement any handling for CAN, so we cannot open any kind of 
socket to actually read from the interface.

Is there anything quick and dirty I could try to see if socket traffic 
can be forwarded into the container on a phys-forwarded CAN interface? 
Or would a proper net_namespaces implementation for CAN be necessary?

Best regards // John Ernberg