1# dbus-pcap: A tool to analyse D-Bus traffic captures 2 3`dbus-pcap` is a tool to slice, dice and display captures of D-Bus traffic 4captured into a the standard `pcap` packet container. 5 6D-Bus traffic on OpenBMC can be captured using `busctl`: 7 8```sh 9busctl capture > /tmp/dbus.pcap 10``` 11 12## Use 13 14```sh 15$ ./dbus-pcap --help 16usage: dbus-pcap [-h] [--json] [--no-track-calls] file [expressions [expressions ...]] 17 18positional arguments: 19 file The pcap file 20 expressions DBus message match expressions 21 22optional arguments: 23 -h, --help show this help message and exit 24 --json Emit a JSON representation of the messages 25 --no-track-calls Make a call response pass filters 26``` 27 28## Examples of Simple Invocations and Output 29 30The default output style: 31 32```sh 33$ ./dbus-pcap dbus.pcap | head -n 3 341553600866.443112: CookedMessage(header=CookedHeader(fixed=FixedHeader(endian=108, type=4, flags=1, version=1, length=76, cookie=6919136), fields=[Field(type=<MessageFieldType.PATH: 1>, data='/xyz/openbmc_project/sensors/fan_tach/fan0_0'), Field(type=<MessageFieldType.INTERFACE: 2>, data='org.freedesktop.DBus.Properties'), Field(type=<MessageFieldType.MEMBER: 3>, data='PropertiesChanged'), Field(type=<MessageFieldType.SIGNATURE: 8>, data='sa{sv}as'), Field(type=<MessageFieldType.SENDER: 7>, data=':1.95')]), body=['xyz.openbmc_project.Sensor.Value', [['Value', 3210]], []]) 35 361553600866.456774: CookedMessage(header=CookedHeader(fixed=FixedHeader(endian=108, type=4, flags=1, version=1, length=76, cookie=6919137), fields=[Field(type=<MessageFieldType.PATH: 1>, data='/xyz/openbmc_project/sensors/fan_tach/fan1_0'), Field(type=<MessageFieldType.INTERFACE: 2>, data='org.freedesktop.DBus.Properties'), Field(type=<MessageFieldType.MEMBER: 3>, data='PropertiesChanged'), Field(type=<MessageFieldType.SIGNATURE: 8>, data='sa{sv}as'), Field(type=<MessageFieldType.SENDER: 7>, data=':1.95')]), body=['xyz.openbmc_project.Sensor.Value', [['Value', 3081]], []]) 37 38... 39``` 40 41With JSON output, useful for piping through 42[`jq`](https://stedolan.github.io/jq/): 43 44```sh 45$ ./dbus-pcap --json | head -n 2 46$ dbus-pcap --json dbus.pcap | head 47[[[108, 4, 1, 1, 76, 6919136], [[1, "/xyz/openbmc_project/sensors/fan_tach/fan0_0"], [2, "org.freedesktop.DBus.Properties"], [3, "PropertiesChanged"], [8, "sa{sv}as"], [7, ":1.95"]]], ["xyz.openbmc_project.Sensor.Value", [["Value", 3210]], []]] 48[[[108, 4, 1, 1, 76, 6919137], [[1, "/xyz/openbmc_project/sensors/fan_tach/fan1_0"], [2, "org.freedesktop.DBus.Properties"], [3, "PropertiesChanged"], [8, "sa{sv}as"], [7, ":1.95"]]], ["xyz.openbmc_project.Sensor.Value", [["Value", 3081]], []]] 49... 50``` 51 52## Discussion 53 54While [Wireshark](https://www.wireshark.org/) has the ability to inspect D-Bus 55captures it falls down in terms of scriptability and the filters exposed by the 56dissector. 57 58In addition to parsing and displaying packet contents `dbus-pcap` can filter the 59capture based on 60[standard D-Bus match expressions](https://dbus.freedesktop.org/doc/dbus-specification.html#message-bus-routing-match-rules) 61(though does not yet support argument matching). 62