Re: tcpdump and timezone mismatch (STABLE 14 vs STABLE 13)

Reply: mike tancsa : "Re: tcpdump and timezone mismatch (STABLE 14 vs STABLE 13)"
In reply to: mike tancsa : "tcpdump and timezone mismatch (STABLE 14 vs STABLE 13)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Dag-Erling_Smørgrav <des_at_FreeBSD.org>
Date: Thu, 14 Sep 2023 20:49:11 UTC

mike tancsa <mike@sentex.net> writes:
> Just starting to play around with RELENG_14 and noticed one odd thing
> I didnt see in the UPDATING notes.  The server's Timezone is set to
> EDT (GMT-4), but tcpdumping the pflogs show it in UTC.

In stable/13, tcpdump reads /etc/localtime very early, and long before
entering capability mode:

 72111 tcpdump  0.007527 NAMI  "/etc/localtime"
 72111 tcpdump  0.007541 RET   open 3
 72111 tcpdump  0.007549 CALL  read(0x3,0x1a9058bb78c0,0xd6b8)
 72111 tcpdump  0.007627 RET   read 2298/0x8fa
 72111 tcpdump  0.007634 CALL  close(0x3)
 72111 tcpdump  0.007642 RET   close 0
 [...]
 72111 tcpdump  0.024369 CALL  cap_enter
 72111 tcpdump  0.024381 RET   cap_enter 0

In main and stable/14, it enters capability mode immediately before the
first attempt to read /etc/localtime, which fails:

   745 tcpdump  0.069967829 CALL  cap_enter
   745 tcpdump  0.070015646 RET   cap_enter 0
   745 tcpdump  0.070139522 CALL  fstatat(AT_FDCWD,0x1c377723d38e,0x1c3773430d00
,0)
   745 tcpdump  0.070196299 NAMI  "/etc/localtime"
   745 tcpdump  0.070240578 RET   fstatat -1 errno 94 Not permitted in capability mode
   745 tcpdump  0.070487574 CALL  fstatat(AT_FDCWD,0x1c377723d38e,0x1c3773430cd0,0)
   745 tcpdump  0.070550458 NAMI  "/etc/localtime"
   745 tcpdump  0.070593003 RET   fstatat -1 errno 94 Not permitted in capability mode

The simplest workaround is to call tzset(3) before entering capability
mode.

DES
-- 
Dag-Erling Smørgrav - des@FreeBSD.org