Docker | Dashbutton | network packet capture

I’m using Docker to host openHAB.

I’ve some problems using Amazon Dashbuttons because of failed packet capturing on the network interface.

I’ve already searched for some solutions and found some things.

Own network interface for openHAB within the host external network (macvlan)
I have found a good solution which seems working for me from network prospective.
Creating Docker network, create bridge and route both …

docker network create -d macvlan -o parent=eth0 --subnet --gateway --ip-range --aux-address 'host=' pubnet

sudo ip link add pubnet-shim link eth0 type macvlan mode bridge
sudo ip addr add dev pubnet-shim
sudo ip link set pubnet-shim up
sudo ip route add dev pubnet-shim

Now I’m able to have a Docker container with a real IP from my local network.

I’m starting the OH container using this command.

docker run -d -e USER_ID=9001 -e GROUP_ID=9001 -e CRYPTO_POLICY=unlimited --restart=always --net=pubnet --ip -v /etc/localtime:/etc/localtime:ro -v /etc/timezone:/etc/timezone:ro -v /opt/openhab/conf:/openhab/conf -v /opt/openhab/userdata:/openhab/userdata -v /opt/openhab/addons:/openhab/addons --device="/dev/ttyUSB0" --name openhab openhab/openhab:2.5.11

OH is starting. Better than the static IP would be a DHCP release. But this is another topic.
If I want to add a dashbutton I will get furthermore this error messages …

2021-01-19 10:14:29.117 [ERROR] [nal.capturing.PacketCapturingService] - Capturing packets on device eth0 failed.
org.pcap4j.core.PcapNativeException: eth0: You don't have permission to capture on that device (socket: Operation not permitted)
	at org.pcap4j.core.PcapNetworkInterface.openLive( ~[bundleFile:?]
	at org.openhab.binding.amazondashbutton.internal.pcap.PcapNetworkInterfaceWrapper.openLive( ~[bundleFile:?]
	at org.openhab.binding.amazondashbutton.internal.capturing.PacketCapturingService.startCapturing( [bundleFile:?]
	at org.openhab.binding.amazondashbutton.internal.capturing.PacketCapturingService.startCapturing( [bundleFile:?]
	at org.openhab.binding.amazondashbutton.internal.discovery.AmazonDashButtonDiscoveryService.startCapturing( [bundleFile:?]
	at org.openhab.binding.amazondashbutton.internal.discovery.AmazonDashButtonDiscoveryService.updateListenerRegistry( [bundleFile:?]
	at org.openhab.binding.amazondashbutton.internal.discovery.AmazonDashButtonDiscoveryService.startScan( [bundleFile:?]
	at org.eclipse.smarthome.config.discovery.AbstractDiscoveryService.startScan( [bundleFile:?]

I already have played with those Docker parameters, too.

  • --cap-add NET_ADMIN --cap-add NET_RAW
  • --cap-add NET_ADMIN --cap-add NET_RAW --privileged=true
  • --privileged=true
  • run Docker with sudo, too. With and without the parameter above.

All of them didn’t solve the issue.

What is wrong? Is there something more needed as what I’ve found? If yes, please let me know.

The instructions at dockerhub for the openHAB container also requires --net=host instead of the round about way that you’ve given the container it’s own IP address. I’ve only ever seen it work with --net=host, NET_ADMIN, NET_RAW, and running openHAB as user root. Note that giving it privledged=true is not sufficient because the entrypoint script kicks off openHAB as user 9001 by default. You’ll need to pass in the environment variable USER_ID=0 (I think the container follows that convention, you’ll have to double check) so openHAB itself actually runs as root.

Tried this…

sudo docker run -it -e USER_ID=0 -e GROUP_ID=9001 -e CRYPTO_POLICY=unlimited --restart=always --net=host --cap-add NET_ADMIN --cap-add NET_RAW --privileged=true -v /etc/localtime:/etc/localtime:ro -v /etc/timezone:/etc/timezone:ro -v /opt/openhab/conf:/openhab/conf -v /opt/openhab/userdata:/openhab/userdata -v /opt/openhab/addons:/openhab/addons --device="/dev/ttyUSB0" --name openhab openhab/openhab:2.5.11

Using USER_ID=0 will stop the container immediately.
adduser: The UID 0 is already in use.

Then I’ve tried this.

sudo docker run -it -e USER_ID=9001 -e GROUP_ID=9001 -e CRYPTO_POLICY=unlimited --restart=always --net=host --cap-add NET_ADMIN --cap-add NET_RAW --privileged=true -v /etc/localtime:/etc/localtime:ro -v /etc/timezone:/etc/timezone:ro -v /opt/openhab/conf:/openhab/conf -v /opt/openhab/userdata:/openhab/userdata -v /opt/openhab/addons:/openhab/addons --device="/dev/ttyUSB0" --name openhab openhab/openhab:2.5.11

With the same result. Cannot scan network.