Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 14 Sep 2023 22:49:11 +0200
From:      =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@FreeBSD.org>
To:        mike tancsa <mike@sentex.net>
Cc:        FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>, jrm@FreeBSD.org
Subject:   Re: tcpdump and timezone mismatch (STABLE 14 vs STABLE 13)
Message-ID:  <86edj0pjjs.fsf@ltc.des.no>
In-Reply-To: <b45dcba7-4ec1-4bea-8eeb-f5be01e29b5b@sentex.net> (mike tancsa's message of "Thu, 14 Sep 2023 12:24:45 -0400")
References:  <b45dcba7-4ec1-4bea-8eeb-f5be01e29b5b@sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
mike tancsa <mike@sentex.net> writes:
> Just starting to play around with RELENG_14 and noticed one odd thing
> I didnt see in the UPDATING notes.  The server's Timezone is set to
> EDT (GMT-4), but tcpdumping the pflogs show it in UTC.

In stable/13, tcpdump reads /etc/localtime very early, and long before
entering capability mode:

 72111 tcpdump  0.007527 NAMI  "/etc/localtime"
 72111 tcpdump  0.007541 RET   open 3
 72111 tcpdump  0.007549 CALL  read(0x3,0x1a9058bb78c0,0xd6b8)
 72111 tcpdump  0.007627 RET   read 2298/0x8fa
 72111 tcpdump  0.007634 CALL  close(0x3)
 72111 tcpdump  0.007642 RET   close 0
 [...]
 72111 tcpdump  0.024369 CALL  cap_enter
 72111 tcpdump  0.024381 RET   cap_enter 0

In main and stable/14, it enters capability mode immediately before the
first attempt to read /etc/localtime, which fails:

   745 tcpdump  0.069967829 CALL  cap_enter
   745 tcpdump  0.070015646 RET   cap_enter 0
   745 tcpdump  0.070139522 CALL  fstatat(AT_FDCWD,0x1c377723d38e,0x1c37734=
30d00
,0)
   745 tcpdump  0.070196299 NAMI  "/etc/localtime"
   745 tcpdump  0.070240578 RET   fstatat -1 errno 94 Not permitted in capa=
bility mode
   745 tcpdump  0.070487574 CALL  fstatat(AT_FDCWD,0x1c377723d38e,0x1c37734=
30cd0,0)
   745 tcpdump  0.070550458 NAMI  "/etc/localtime"
   745 tcpdump  0.070593003 RET   fstatat -1 errno 94 Not permitted in capa=
bility mode

The simplest workaround is to call tzset(3) before entering capability
mode.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@FreeBSD.org

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86edj0pjjs.fsf>