1*e310dd91SPatrick Williams# dbus-pcap: A tool to analyse D-Bus traffic captures 2cf3c1e67SAndrew Jeffery 3cf3c1e67SAndrew Jeffery`dbus-pcap` is a tool to slice, dice and display captures of D-Bus traffic 4cf3c1e67SAndrew Jefferycaptured into a the standard `pcap` packet container. 5cf3c1e67SAndrew Jeffery 6cf3c1e67SAndrew JefferyD-Bus traffic on OpenBMC can be captured using `busctl`: 7cf3c1e67SAndrew Jeffery 8*e310dd91SPatrick Williams```sh 9*e310dd91SPatrick Williamsbusctl capture > /tmp/dbus.pcap 10cf3c1e67SAndrew Jeffery``` 11cf3c1e67SAndrew Jeffery 12cf3c1e67SAndrew Jeffery## Use 13cf3c1e67SAndrew Jeffery 14*e310dd91SPatrick Williams```sh 15cf3c1e67SAndrew Jeffery$ ./dbus-pcap --help 16cf3c1e67SAndrew Jefferyusage: dbus-pcap [-h] [--json] [--no-track-calls] file [expressions [expressions ...]] 17cf3c1e67SAndrew Jeffery 18cf3c1e67SAndrew Jefferypositional arguments: 19cf3c1e67SAndrew Jeffery file The pcap file 20cf3c1e67SAndrew Jeffery expressions DBus message match expressions 21cf3c1e67SAndrew Jeffery 22cf3c1e67SAndrew Jefferyoptional arguments: 23cf3c1e67SAndrew Jeffery -h, --help show this help message and exit 24cf3c1e67SAndrew Jeffery --json Emit a JSON representation of the messages 25cf3c1e67SAndrew Jeffery --no-track-calls Make a call response pass filters 26cf3c1e67SAndrew Jeffery``` 27cf3c1e67SAndrew Jeffery 28*e310dd91SPatrick Williams## Examples of Simple Invocations and Output 29cf3c1e67SAndrew Jeffery 30cf3c1e67SAndrew JefferyThe default output style: 31*e310dd91SPatrick Williams 32*e310dd91SPatrick Williams```sh 33cf3c1e67SAndrew Jeffery$ ./dbus-pcap dbus.pcap | head -n 3 34cf3c1e67SAndrew Jeffery1553600866.443112: CookedMessage(header=CookedHeader(fixed=FixedHeader(endian=108, type=4, flags=1, version=1, length=76, cookie=6919136), fields=[Field(type=<MessageFieldType.PATH: 1>, data='/xyz/openbmc_project/sensors/fan_tach/fan0_0'), Field(type=<MessageFieldType.INTERFACE: 2>, data='org.freedesktop.DBus.Properties'), Field(type=<MessageFieldType.MEMBER: 3>, data='PropertiesChanged'), Field(type=<MessageFieldType.SIGNATURE: 8>, data='sa{sv}as'), Field(type=<MessageFieldType.SENDER: 7>, data=':1.95')]), body=['xyz.openbmc_project.Sensor.Value', [['Value', 3210]], []]) 35cf3c1e67SAndrew Jeffery 36cf3c1e67SAndrew Jeffery1553600866.456774: CookedMessage(header=CookedHeader(fixed=FixedHeader(endian=108, type=4, flags=1, version=1, length=76, cookie=6919137), fields=[Field(type=<MessageFieldType.PATH: 1>, data='/xyz/openbmc_project/sensors/fan_tach/fan1_0'), Field(type=<MessageFieldType.INTERFACE: 2>, data='org.freedesktop.DBus.Properties'), Field(type=<MessageFieldType.MEMBER: 3>, data='PropertiesChanged'), Field(type=<MessageFieldType.SIGNATURE: 8>, data='sa{sv}as'), Field(type=<MessageFieldType.SENDER: 7>, data=':1.95')]), body=['xyz.openbmc_project.Sensor.Value', [['Value', 3081]], []]) 37cf3c1e67SAndrew Jeffery 38cf3c1e67SAndrew Jeffery... 39cf3c1e67SAndrew Jeffery``` 40cf3c1e67SAndrew Jeffery 41*e310dd91SPatrick WilliamsWith JSON output, useful for piping through 42*e310dd91SPatrick Williams[`jq`](https://stedolan.github.io/jq/): 43*e310dd91SPatrick Williams 44*e310dd91SPatrick Williams```sh 45cf3c1e67SAndrew Jeffery$ ./dbus-pcap --json | head -n 2 46cf3c1e67SAndrew Jeffery$ dbus-pcap --json dbus.pcap | head 47cf3c1e67SAndrew Jeffery[[[108, 4, 1, 1, 76, 6919136], [[1, "/xyz/openbmc_project/sensors/fan_tach/fan0_0"], [2, "org.freedesktop.DBus.Properties"], [3, "PropertiesChanged"], [8, "sa{sv}as"], [7, ":1.95"]]], ["xyz.openbmc_project.Sensor.Value", [["Value", 3210]], []]] 48cf3c1e67SAndrew Jeffery[[[108, 4, 1, 1, 76, 6919137], [[1, "/xyz/openbmc_project/sensors/fan_tach/fan1_0"], [2, "org.freedesktop.DBus.Properties"], [3, "PropertiesChanged"], [8, "sa{sv}as"], [7, ":1.95"]]], ["xyz.openbmc_project.Sensor.Value", [["Value", 3081]], []]] 49cf3c1e67SAndrew Jeffery... 50cf3c1e67SAndrew Jeffery``` 51cf3c1e67SAndrew Jeffery 52cf3c1e67SAndrew Jeffery## Discussion 53cf3c1e67SAndrew Jeffery 54cf3c1e67SAndrew JefferyWhile [Wireshark](https://www.wireshark.org/) has the ability to inspect D-Bus 55cf3c1e67SAndrew Jefferycaptures it falls down in terms of scriptability and the filters exposed by the 56cf3c1e67SAndrew Jefferydissector. 57cf3c1e67SAndrew Jeffery 58*e310dd91SPatrick WilliamsIn addition to parsing and displaying packet contents `dbus-pcap` can filter the 59*e310dd91SPatrick Williamscapture based on 60*e310dd91SPatrick Williams[standard D-Bus match expressions](https://dbus.freedesktop.org/doc/dbus-specification.html#message-bus-routing-match-rules) 61cf3c1e67SAndrew Jeffery(though does not yet support argument matching). 62