Summary discussion here https://lists.freebsd.org/archives/freebsd-stable/2023-September/001448.html AMD64 VM of FreeBSD 14 from Sept 1st. TCPDUMP (in the base and in the ports) will not work properly when the timezone is set to something other than UTC. e.g. tcpdump -nei pflog0 will display log entries always in UTC, despite what /etc/localtime is set to. des@freebsd.org wrote in the email thread In stable/13, tcpdump reads /etc/localtime very early, and long before entering capability mode: 72111 tcpdump 0.007527 NAMI "/etc/localtime" 72111 tcpdump 0.007541 RET open 3 72111 tcpdump 0.007549 CALL read(0x3,0x1a9058bb78c0,0xd6b8) 72111 tcpdump 0.007627 RET read 2298/0x8fa 72111 tcpdump 0.007634 CALL close(0x3) 72111 tcpdump 0.007642 RET close 0 [...] 72111 tcpdump 0.024369 CALL cap_enter 72111 tcpdump 0.024381 RET cap_enter 0 In main and stable/14, it enters capability mode immediately before the first attempt to read /etc/localtime, which fails: 745 tcpdump 0.069967829 CALL cap_enter 745 tcpdump 0.070015646 RET cap_enter 0 745 tcpdump 0.070139522 CALL fstatat(AT_FDCWD,0x1c377723d38e,0x1c3773430d00 ,0) 745 tcpdump 0.070196299 NAMI "/etc/localtime" 745 tcpdump 0.070240578 RET fstatat -1 errno 94 Not permitted in capability mode 745 tcpdump 0.070487574 CALL fstatat(AT_FDCWD,0x1c377723d38e,0x1c3773430cd0,0) 745 tcpdump 0.070550458 NAMI "/etc/localtime" 745 tcpdump 0.070593003 RET fstatat -1 errno 94 Not permitted in capability mode The simplest workaround is to call tzset(3) before entering capability mode.
The patch in https://github.com/the-tcpdump-group/tcpdump/pull/1084 should be sufficient in principle but does not appear to work in practice. This is probably due to a bug in our tzcode adaptations. I will investigate further.
Correction: the patch works as long as you don't have WITH_DETECT_TZ_CHANGES defined, and most people don't.
Thanks both. Dag-Erling, I just applied your patch to my CURRENT system (main-n265074-6b635c74fd41), and the log entries are displayed in local time.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=7e0a7ef95fac1183854cab662bd9afa4647422d6 commit 7e0a7ef95fac1183854cab662bd9afa4647422d6 Author: Dag-Erling Smørgrav <des@FreeBSD.org> AuthorDate: 2023-09-15 21:36:41 +0000 Commit: Dag-Erling Smørgrav <des@FreeBSD.org> CommitDate: 2023-09-15 21:36:41 +0000 tcpdump: Initialize tzcode early. An explicit tzset() call is usually not needed as it happens implicitly the first time we call localtime() or mktime(), but in some cases (sandboxing, chroot) this may be too late. PR: 273807 MFC after: 3 days Reviewed by: jrm Differential Revision: https://reviews.freebsd.org/D41880 contrib/tcpdump/tcpdump.c | 2 ++ 1 file changed, 2 insertions(+)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=c7e9092572cde1a3b9d8a6dc8fb586d1deecef07 commit c7e9092572cde1a3b9d8a6dc8fb586d1deecef07 Author: Joseph Mingrone <jrm@FreeBSD.org> AuthorDate: 2023-09-18 13:26:21 +0000 Commit: Renato Botelho <garga@FreeBSD.org> CommitDate: 2023-09-18 13:28:51 +0000 net/tcpdump: Patch to honour local timezone Summary: Discussion: https://lists.freebsd.org/archives/freebsd-stable/2023-September/001448.html PR: 273807 (src patch) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D41886 net/tcpdump/Makefile | 4 ++++ net/tcpdump/distinfo | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-)
A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=51d54ed6151b5381bca703d85762d9d054463003 commit 51d54ed6151b5381bca703d85762d9d054463003 Author: Dag-Erling Smørgrav <des@FreeBSD.org> AuthorDate: 2023-09-15 21:36:41 +0000 Commit: Dag-Erling Smørgrav <des@FreeBSD.org> CommitDate: 2023-09-19 10:10:21 +0000 tcpdump: Initialize tzcode early. An explicit tzset() call is usually not needed as it happens implicitly the first time we call localtime() or mktime(), but in some cases (sandboxing, chroot) this may be too late. PR: 273807 MFC after: 3 days Reviewed by: jrm Differential Revision: https://reviews.freebsd.org/D41880 (cherry picked from commit 7e0a7ef95fac1183854cab662bd9afa4647422d6) contrib/tcpdump/tcpdump.c | 2 ++ 1 file changed, 2 insertions(+)
A commit in branch releng/14.0 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=c1b6110df0405b53e0191c5cea42a85dc19ffe46 commit c1b6110df0405b53e0191c5cea42a85dc19ffe46 Author: Dag-Erling Smørgrav <des@FreeBSD.org> AuthorDate: 2023-09-15 21:36:41 +0000 Commit: Dag-Erling Smørgrav <des@FreeBSD.org> CommitDate: 2023-09-19 10:45:29 +0000 tcpdump: Initialize tzcode early. An explicit tzset() call is usually not needed as it happens implicitly the first time we call localtime() or mktime(), but in some cases (sandboxing, chroot) this may be too late. PR: 273807 MFC after: 3 days Reviewed by: jrm Differential Revision: https://reviews.freebsd.org/D41880 Approved by: re (kib) (cherry picked from commit 7e0a7ef95fac1183854cab662bd9afa4647422d6) (cherry picked from commit 51d54ed6151b5381bca703d85762d9d054463003) contrib/tcpdump/tcpdump.c | 2 ++ 1 file changed, 2 insertions(+)