tool to capture D-Bus messages in a libpcap capture file
Ruby
Switch branches/tags
Nothing to show
Latest commit 400d002 Mar 10, 2014 @mvidner fixed syntax error in Ruby 2.0
./dbus-dump:13: syntax error, unexpected tSTRING_BEG, expecting ']'
  [hex.gsub '\x', ''].pack 'H*'
             ^
./dbus-dump:13: syntax error, unexpected ',', expecting keyword_end
  [hex.gsub '\x', ''].pack 'H*'
                 ^
Permalink
Failed to load latest commit information.
bin fixed syntax error in Ruby 2.0 Mar 10, 2014
lib/pcap
test/data Moved files around to prepare for gemification. Jan 9, 2011
.gitignore
README.markdown Mention own URL. Nov 19, 2010
Rakefile rake release will push a gem. Jan 9, 2011
VERSION Version bump to 0.2.1 Jan 9, 2011

README.markdown

dbus-dump

dbus-dump is a tool to capture D-Bus messages in a libpcap capture file.

It takes an idea from dbus-scrape, which processes a strace output of dbus-monitor, and takes it further by stracing dbus-daemon, thus not relying on any eavesdropping (mis)configuration.

The intended purpose is to establish the libpcap capture format as a base for debugging tools like

Thanks to Will Thompson for mentioning the pcap idea.

Usage

$ sudo strace -p `pgrep -f 'dbus-daemon --system'` \
    -s 3000 -ttt -xx -o foo.strace
$ ./dbus-dump foo.strace foo.pcap
$ ./dbus-pcap-parse foo.pcap
Tue Nov 16 12:56:47 +0100 2010 #<DBus::Message:0xb741f340
 @body_length=0,
 @destination="fi.epitest.hostap.WPASupplicant",
 @error_name=nil,
 @flags=0,
 @interface="fi.epitest.hostap.WPASupplicant.Interface",
 @member="scan",
 @message_type=1,
 @params=[],
 @path="/fi/epitest/hostap/WPASupplicant/Interfaces/180",
 @protocol=1,
 @reply_serial=nil,
 @sender=":1.7132",
 @serial=88639,
 @signature="">
Tue Nov 16 12:56:47 +0100 2010 #<DBus::Message:0xb741b060
 @body_length=4,
 @destination=":1.7132",
[...]>

Dependencies

It is written in Ruby. The pcap format is handled by a small bundled module. dbus-dump has no other dependencies. dbus-pcap-parse uses ruby-dbus.

Bugs

This is an early proof-of-concept release, serving to introduce the libpcap format.

The main problem of dbus-dump is duplicating the messages, seeing them both when the daemon receives them and when it sends them (multiple times, for the signals).

The other tools haven't caught up yet:

$ /usr/sbin/tcpdump -r foo.pcap
reading from file foo.pcap, link-type 231
tcpdump: unknown data link type 231

Contact

Written by Martin Vidner, martin at vidner dot net.