Image credit: Arlington Transit
vxcan is a Linux kernel driver/module that can be used to set up a virtual CAN tunnel across network namespaces. For example it allows you to generate virtual CAN frames on your host and send them to a container; or forward real CAN traffic between a USB-CAN adapter and a container, without exposing the entire host network to the container.
The following instructions are for a Raspberry Pi 4 model B running Raspberry Pi OS, on kernel 5.4.72-v7l+ (use `uname -r` to verify). It should work with fairly minor modifications for other OSes; some paths and package names may be different.
First, install some dependencies and download the vxcan module source code:
We'll also need a Makefile (make sure it's using tabs and not spaces!):
At this point you should have a directory with two files, vxcan.c and Makefile, so let's build the kernel module and load it:
Let's also add a file to /etc/modules-load.d so that the modules will load on startup. Create /etc/modules-load.d/can.conf and add the following:
Next, in a separate terminal let's start a container and install canutils within the container:
Then in our original terminal let's set up the vxcan network and move one end of it into the container's network namespace:
We moved vxcan1 into the container's namespace, so now back in the container we can run candump:
Finally, in our host we can send data to vxcan0 and have it show up in the container:
Bonus point: if you have a real CAN adapter, you can also forward traffic from that adapter into the container using cangw:
Questions? Feedback? Want to learn more about how Lager can help debug your CAN device? Contact us at firstname.lastname@example.org