1## dbus-pcap: A tool to analyse D-Bus traffic captures 2 3`dbus-pcap` is a tool to slice, dice and display captures of D-Bus traffic 4captured into a the standard `pcap` packet container. 5 6D-Bus traffic on OpenBMC can be captured using `busctl`: 7 8``` 9# busctl capture > /tmp/dbus.pcap 10``` 11 12## Use 13 14``` 15$ ./dbus-pcap --help 16usage: dbus-pcap [-h] [--json] [--no-track-calls] file [expressions [expressions ...]] 17 18positional arguments: 19 file The pcap file 20 expressions DBus message match expressions 21 22optional arguments: 23 -h, --help show this help message and exit 24 --json Emit a JSON representation of the messages 25 --no-track-calls Make a call response pass filters 26``` 27 28### Examples of Simple Invocations and Output 29 30The default output style: 31``` 32$ ./dbus-pcap dbus.pcap | head -n 3 331553600866.443112: CookedMessage(header=CookedHeader(fixed=FixedHeader(endian=108, type=4, flags=1, version=1, length=76, cookie=6919136), fields=[Field(type=<MessageFieldType.PATH: 1>, data='/xyz/openbmc_project/sensors/fan_tach/fan0_0'), Field(type=<MessageFieldType.INTERFACE: 2>, data='org.freedesktop.DBus.Properties'), Field(type=<MessageFieldType.MEMBER: 3>, data='PropertiesChanged'), Field(type=<MessageFieldType.SIGNATURE: 8>, data='sa{sv}as'), Field(type=<MessageFieldType.SENDER: 7>, data=':1.95')]), body=['xyz.openbmc_project.Sensor.Value', [['Value', 3210]], []]) 34 351553600866.456774: CookedMessage(header=CookedHeader(fixed=FixedHeader(endian=108, type=4, flags=1, version=1, length=76, cookie=6919137), fields=[Field(type=<MessageFieldType.PATH: 1>, data='/xyz/openbmc_project/sensors/fan_tach/fan1_0'), Field(type=<MessageFieldType.INTERFACE: 2>, data='org.freedesktop.DBus.Properties'), Field(type=<MessageFieldType.MEMBER: 3>, data='PropertiesChanged'), Field(type=<MessageFieldType.SIGNATURE: 8>, data='sa{sv}as'), Field(type=<MessageFieldType.SENDER: 7>, data=':1.95')]), body=['xyz.openbmc_project.Sensor.Value', [['Value', 3081]], []]) 36 37... 38``` 39 40With JSON output, useful for piping through (`jq`)[https://stedolan.github.io/jq/]: 41``` 42$ ./dbus-pcap --json | head -n 2 43$ dbus-pcap --json dbus.pcap | head 44[[[108, 4, 1, 1, 76, 6919136], [[1, "/xyz/openbmc_project/sensors/fan_tach/fan0_0"], [2, "org.freedesktop.DBus.Properties"], [3, "PropertiesChanged"], [8, "sa{sv}as"], [7, ":1.95"]]], ["xyz.openbmc_project.Sensor.Value", [["Value", 3210]], []]] 45[[[108, 4, 1, 1, 76, 6919137], [[1, "/xyz/openbmc_project/sensors/fan_tach/fan1_0"], [2, "org.freedesktop.DBus.Properties"], [3, "PropertiesChanged"], [8, "sa{sv}as"], [7, ":1.95"]]], ["xyz.openbmc_project.Sensor.Value", [["Value", 3081]], []]] 46... 47``` 48 49## Discussion 50 51While [Wireshark](https://www.wireshark.org/) has the ability to inspect D-Bus 52captures it falls down in terms of scriptability and the filters exposed by the 53dissector. 54 55In addition to parsing and displaying packet contents `dbus-pcap` can filter 56the capture based on [standard D-Bus match 57expressions](https://dbus.freedesktop.org/doc/dbus-specification.html#message-bus-routing-match-rules) 58(though does not yet support argument matching). 59