Re: tcpdump and timezone mismatch (STABLE 14 vs STABLE 13)
Date: Thu, 14 Sep 2023 20:49:11 UTC
mike tancsa <mike@sentex.net> writes: > Just starting to play around with RELENG_14 and noticed one odd thing > I didnt see in the UPDATING notes. The server's Timezone is set to > EDT (GMT-4), but tcpdumping the pflogs show it in UTC. In stable/13, tcpdump reads /etc/localtime very early, and long before entering capability mode: 72111 tcpdump 0.007527 NAMI "/etc/localtime" 72111 tcpdump 0.007541 RET open 3 72111 tcpdump 0.007549 CALL read(0x3,0x1a9058bb78c0,0xd6b8) 72111 tcpdump 0.007627 RET read 2298/0x8fa 72111 tcpdump 0.007634 CALL close(0x3) 72111 tcpdump 0.007642 RET close 0 [...] 72111 tcpdump 0.024369 CALL cap_enter 72111 tcpdump 0.024381 RET cap_enter 0 In main and stable/14, it enters capability mode immediately before the first attempt to read /etc/localtime, which fails: 745 tcpdump 0.069967829 CALL cap_enter 745 tcpdump 0.070015646 RET cap_enter 0 745 tcpdump 0.070139522 CALL fstatat(AT_FDCWD,0x1c377723d38e,0x1c3773430d00 ,0) 745 tcpdump 0.070196299 NAMI "/etc/localtime" 745 tcpdump 0.070240578 RET fstatat -1 errno 94 Not permitted in capability mode 745 tcpdump 0.070487574 CALL fstatat(AT_FDCWD,0x1c377723d38e,0x1c3773430cd0,0) 745 tcpdump 0.070550458 NAMI "/etc/localtime" 745 tcpdump 0.070593003 RET fstatat -1 errno 94 Not permitted in capability mode The simplest workaround is to call tzset(3) before entering capability mode. DES -- Dag-Erling Smørgrav - des@FreeBSD.org