dbus-pcap: A DBus packet parser and matcher for pcap captures
busctl(1) offers a `capture` option that's useful for recording DBus
traffic on a system. The resulting pcap can be loaded into wireshark
where it can be analysed, but the wireshark dissector has (had?)
limitations (only parsed header fields and not the body of the packet).
dbus-pcap will parse the pcap using scapy to read the packets, then
implements a dbus wire-format dissector with DBus match expression
support to filter the packet stream according to the supplied match
rules.
Here's an example invocation that extracts IPMI transport messages during the
boot process of an OpenPOWER OpenBMC system:
> $ ./dbus-pcap witherspoon-boot.pcap "type='signal',path='/org/openbmc/HostIpmi/1'"
>
> [[[108, 4, 1, 1, 14, 9982], [[1, "/org/openbmc/HostIpmi/1"], [2, "org.openbmc.HostIpmi"], [3, "ReceivedMessage"], [8, "yyyyay"], [7, ":1.14"]]], [206, 58, 0, 90, [4, 56, 28, 19, 2, 0]]]
> [[[108, 4, 1, 1, 14, 9984], [[1, "/org/openbmc/HostIpmi/1"], [2, "org.openbmc.HostIpmi"], [3, "ReceivedMessage"], [8, "yyyyay"], [7, ":1.14"]]], [207, 58, 0, 90, [4, 57, 125, 16, 2, 0]]]
> [[[108, 4, 1, 1, 14, 9986], [[1, "/org/openbmc/HostIpmi/1"], [2, "org.openbmc.HostIpmi"], [3, "ReceivedMessage"], [8, "yyyyay"], [7, ":1.14"]]], [208, 58, 0, 90, [4, 58, 134, 17, 2, 0]]]
The messages are emitted in JSON form and can be parsed by `jq`.
Zero or more DBus match expressions can be provided. A match occurs when
the current packet matches all rules in an expression, for any
expression supplied on the commandline. If no expressions are provided
then all packets are matched by default. Neither argN nor namespace
match rules are supported in this initial patch.
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I3130426451207f556f33a17d540d6b32794e8503
diff --git a/amboar/obmc-scripts/dbus-pcap/requirements.txt b/amboar/obmc-scripts/dbus-pcap/requirements.txt
new file mode 100644
index 0000000..30564ab
--- /dev/null
+++ b/amboar/obmc-scripts/dbus-pcap/requirements.txt
@@ -0,0 +1 @@
+scapy