Nov 16, 2010


dbus-dump is a tool to capture D-Bus messages in a libpcap capture file.

It takes an idea from dbus-scrape, which processes a strace output of dbus-monitor, and takes it further by stracing dbus-daemon, thus not relying on any eavesdropping (mis)configuration.

The intended purpose is to establish the libpcap capture format as a base for debugging tools like

Thanks to Will Thompson for mentioning the pcap idea.


$ sudo strace -p `pgrep -f 'dbus-daemon --system'` \
    -s 3000 -ttt -xx -o foo.strace
$ ./dbus-dump foo.strace foo.pcap
$ ./dbus-pcap-parse foo.pcap
Tue Nov 16 12:56:47 +0100 2010 #<DBus::Message:0xb741f340
Tue Nov 16 12:56:47 +0100 2010 #<DBus::Message:0xb741b060


It is written in Ruby. The pcap format is handled by a small bundled module. dbus-dump has no other dependencies. dbus-pcap-parse uses ruby-dbus.


This is an early proof-of-concept release, serving to introduce the libpcap format.

The main problem of dbus-dump is duplicating the messages, seeing them both when the daemon receives them and when it sends them (multiple times, for the signals).

The other tools haven't caught up yet:

$ /usr/sbin/tcpdump -r foo.pcap
reading from file foo.pcap, link-type 231
tcpdump: unknown data link type 231


Anonymous said...

Impressive stuff! I was hoping that someone would devise a method of at least storing D-BUS traffic in PCap trace files. :)

Any ideas as to what'd be necessary to extend tools to support the generated trace files (given that DLT_DBUS has just been added to LibPCap), out of interest?

Also, do you have any plans to build a Wireshark dissector for D-BUS any time soon?


Martin Vidner said...

Tyson: I'm glad that you like it.

I have no idea yet how to extend the other tools. I will get to it later.

Anyway, it should not be difficult to write a dissector in Lua.