Re: Docker containers, vxcan and cangw

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Christian,

On 08/14/2018 04:34 AM, Christian Gagneraud wrote:


I'm working on a docker plugin that allows to connect docker containers via
a virtual can bus, see [1] (this is very experimental so far).
B/c Linux doesn't offer the equivalent of a bridge, i'm using the cangw to
achieve the same result.


       +-------+
       |       |                      +-------+
       |       |>vxcan0.1----vxcan0.0<| cont1 |
vcan0<| CANGW |                      +-------+
       |       |                      +-------+
       |       |>vxcan1.1----vxcan1.0<| cont2 |
       +-------+                      +-------+


$ docker network create --driver vxcan canbus0
$ docker run -d -it --name ecu0 ubuntu-canutils cat
$ docker run -d -it --name ecu1 ubuntu-canutils cat
$ docker network connect canbus0 ecu0
$ docker network connect canbus0 ecu1
$ docker exec -it ecu0 candump vcanXXX
$ docker exec -it ecu1 cangen vcanYYY

It just works.

My only concern is about cangw, i'm not using any filtering, I'm just
interconnecting peers all together.
Here is how I'm doing it:
-----------------------------------------------------
def attach_endpoint(self, endpoint_id, namespace_id):
     endpoint = self.endpoints[endpoint_id]
     endpoint.attach(namespace_id)
     for other_id, other in self.endpoints.items():
         if other_id != endpoint_id:
             self.gateway.add_rule(other.if_name, endpoint.if_name)
             self.gateway.add_rule(endpoint.if_name, other.if_name)
-----------------------------------------------------

As you can see, there are N*(N-1) rules, which doesn't scale well, but this
is not a requirement for now.

I'm just wondering if it is the right approach or if there is a more simple
and/or elegant way to achieve the same result.


Nice work!

I created some slides for AGL this April:

https://wiki.automotivelinux.org/agl-distro/apr2018-f2f

https://wiki.automotivelinux.org/_media/agl-distro/agl2018-socketcan.pdf

... which also uses can-gw to fit the various use-cases.
To be similar to veth the vxcan provides just an interconnection between namespaces without any 'CAN frame loopback' as we know it from vcan's.
IMO the setup depends on the use-case in the way, that you are also able to move a 'real' CAN interface into the docker container which removes it from the root namespace - an interesting move to capsulate the CAN access inside the Linux host. Additionally vcan's can be created inside the docker containers.
What kind of use-case do you have in mind that you need to link different namespaces/containers with vxcan? 

Best regards,
Oliver



Chris

[1] https://gitlab.com/chgans/can4docker/
[Index of Archives]     [Automotive Discussions]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]     [CAN Bus]

  Powered by Linux