tcpdump -tttt option and timezone

[Raphael Raimbault <raphael.raimbault () netasq com>]

# tcpdump -n -tttt
06/13/2004 13:31:35.758527 192.168.2.1 > 192.168.2.254: icmp: echo request
06/13/2004 13:31:35.758684 192.168.2.254 > 192.168.2.1: icmp: echo reply

without time option, I have:
# tcpdump -n
15:31:30.808613 192.168.2.1 > 192.168.2.254: icmp: echo request
15:31:30.808769 192.168.2.254 > 192.168.2.1: icmp: echo reply

The reason is quite simple (based on 3.8.3 source code) in tcpdump.c:

[snip]
int tflag = 1;          /* print packet arrival time */
[snip]


int
main(int argc, char **argv)
[snip]
        case 't':
            --tflag;
            break;
[snip]

[snip]
    if (tflag > 0)
        thiszone = gmt2local(0);
[snip]


if -tttt option is enabled gmt2local isn't called and global
variable thiszone is alway equals to 0 which make ts_print
function in utils.c "fails".

There is a patch for 3.8.3 version:
--- tcpdump.c.orig      Sun Jun 13 15:50:49 2004
+++ tcpdump.c   Sun Jun 13 16:05:34 2004
@@ -615,7 +615,7 @@
                        /* NOTREACHED */
                }

-       if (tflag > 0)
+       if ((tflag > 0) || (tflag == -3))
                thiszone = gmt2local(0);

        if (RFileName != NULL) {



PS: another solution is to remove the "if (tflag > 0)" test.
This bug was discovered on FreeBSD 5.2.1 (tcpdump 3.7.2 +
multidlt) with but apply to all others platforms and also
on tcpdump-current.


--
 ---------------------------------------
  Raphael Raimbault - R&D Engineer

  NETASQ - Secure Internet Connectivity
  E-mail : raphael.raimbault () netasq com
  Telephone : +33 (0) 320 619 630
  Web : http://www.netasq.com
 ---------------------------------------

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature