contrib: add Wireshark plugins for NetworkDB by corhere · Pull Request #50316 · moby/moby

corhere · 2025-07-02T21:19:56Z

- What I did
- How I did it
Contribute a Wireshark plugin for decrypting and dissecting hashicorp/memberlist messages. And contribue a plugin for dissecting the NetworkDB messages transported as memberlist User messages.

Add a feature to NetworkDB to log the encryption keys to a file for the Wireshark memberlist plugin to consume, configured using an environment variable.

Screenshots

- How to verify it

NETWORKDBKEYLOGFILE=path/to/ndbkeys.txt dockerd
Set up the Wireshark plugins as documented in the README. Set the preference networkdb.keylog:path/to/ndbkeys.txt
Generate some NetworkDB traffic (e.g. create overlay networks, run containers attached to said networks) while capturing packets on TCP+UDP port 7946.
Observe that the captured packets are dissected to a sane-looking breakdown.

- Human readable description for the release notes

- A picture of a cute animal (not mandatory but encouraged)

Copilot

Pull Request Overview

Adds support for logging NetworkDB encryption keys for use by new Wireshark dissectors and contributes two Lua plugins for dissecting memberlist and NetworkDB gossip traffic.

Introduce logEncKeys to write hex-encoded keys to a file configurable via NETWORKDBKEYLOGFILE.
Invoke logEncKeys in SetKey and during cluster initialization.
Add two Lua dissectors (memberlist.lua and moby-networkdb.lua) plus updated documentation for installing and configuring them.

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
libnetwork/networkdb/debug.go	New `logEncKeys` function to write keys to a logfile
libnetwork/networkdb/cluster.go	Call `logEncKeys` in `SetKey` and `clusterInit`
contrib/wireshark/moby-networkdb.lua	Wireshark plugin for NetworkDB gossip messages
contrib/wireshark/memberlist.lua	Wireshark plugin for HashiCorp/memberlist protocol
contrib/wireshark/README.md	Documentation for installing and configuring plugins

Comments suppressed due to low confidence (3)

libnetwork/networkdb/debug.go:11

Consider adding unit tests to validate that logEncKeys correctly creates/appends to the file, handles missing env var, and logs errors when file operations fail.

func logEncKeys(ctx context.Context, keys ...[]byte) {

contrib/wireshark/moby-networkdb.lua:32

The variable dissector is undefined in this scope. Consider using a defined identifier such as protobuf_dissector or decodeas to correctly reference the failing dissector in the error message.

    if not ok then tree:add_expert_info(PI_DISSECTOR_BUG, PI_ERROR, "Dissector " .. dissector .. " failed: " .. tostring(err)) end

contrib/wireshark/moby-networkdb.lua:49

The variable dissector is undefined here as well. Use a valid reference (e.g. protobuf_dissector or the local decodeas value) to avoid runtime errors in this error path.

    if not ok then tree:add_expert_info(PI_DISSECTOR_BUG, PI_ERROR, "Dissector " .. dissector .. " failed: " .. tostring(err)) end

Contribute a Wireshark plugin for decrypting and dissecting hashicorp/memberlist messages. And contribue a plugin for dissecting the NetworkDB messages transported as memberlist User messages. Add a feature to NetworkDB to log the encryption keys to a file for the Wireshark memberlist plugin to consume, configured using an environment variable. Signed-off-by: Cory Snider <[email protected]>

corhere requested review from akerouanton, Copilot, robmry and thaJeztah July 2, 2025 21:19

corhere added this to 🔦 Maintainer spotlight Jul 2, 2025

corhere added area/contrib area/networking/d/overlay Networking labels Jul 2, 2025

github-project-automation Bot moved this to New in 🔦 Maintainer spotlight Jul 2, 2025

Copilot AI reviewed Jul 2, 2025

View reviewed changes

Comment thread contrib/wireshark/README.md Outdated

Comment thread libnetwork/networkdb/debug.go

Comment thread libnetwork/networkdb/cluster.go

corhere force-pushed the libn/networkdb-wireshark branch 2 times, most recently from bc318e2 to 860e3fb Compare July 3, 2025 18:05

corhere force-pushed the libn/networkdb-wireshark branch from 860e3fb to ebfafa1 Compare July 3, 2025 21:58

vvoland approved these changes Jul 8, 2025

View reviewed changes

akerouanton approved these changes Jul 8, 2025

View reviewed changes

vvoland merged commit 5c9e4c5 into moby:master Jul 8, 2025
160 checks passed

corhere deleted the libn/networkdb-wireshark branch July 8, 2025 17:49

thompson-shaun moved this from New to Complete in 🔦 Maintainer spotlight Jul 10, 2025

corhere mentioned this pull request Jul 25, 2025

[25.0] libnetwork/networkdb: backport all the fixes #50511

Merged

thaJeztah added this to the 29.0.0 milestone Oct 6, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

contrib: add Wireshark plugins for NetworkDB#50316

contrib: add Wireshark plugins for NetworkDB#50316
vvoland merged 1 commit intomoby:masterfrom
corhere:libn/networkdb-wireshark

corhere commented Jul 2, 2025

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

Conversation

corhere commented Jul 2, 2025

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull Request Overview

Reviewed Changes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants