Add -t 0 option to send pcap with current timestamp

Copilot · kYroL01 · Copilot · commit 0a9b31ac3eb3 · 2026-02-28T23:18:52.000Z
Co-authored-by: kYroL01 &lt;7222956+kYroL01@users.noreply.github.com&gt;
diff --git a/_codeql_detected_source_root b/_codeql_detected_source_root
@@ -0,0 +1 @@
+.
diff --git a/include/captagent/globals.h b/include/captagent/globals.h
@@ -50,6 +50,7 @@ extern char *backup_dir;
 extern char *global_node_name;
 extern int timestart;
 extern int serial;
+extern int use_current_timestamp;
 extern const char *captagent_config;
 
 extern struct capture_list main_ct;
diff --git a/src/captagent.c b/src/captagent.c
@@ -74,6 +74,7 @@ char *backup_dir;
 char *pid_file = NULL;
 int timestart;
 int serial;
+int use_current_timestamp = 0;
 const char *captagent_config;
 struct capture_list main_ct;
 struct action *clist[20];
@@ -127,6 +128,7 @@ void usage(int8_t e)
         "   -n  enable foreground mode\n"
         "   -f  [/path/to/rtpagent.xml] to specify a config file\n"
         "   -D  [/path/to/file.pcap] to specify a pcap file as input\n"
+        "   -t  [0] use current timestamp instead of pcap packet timestamp (0 = current time)\n"
         "   -x  [1 - 10] set debug level\n");
 	exit(e);
 }
@@ -280,7 +282,7 @@ int main(int argc, char *argv[])
 
     captagent_config = DEFAULT_CAPT_CONFIG;
 
-    while ((c = getopt(argc, argv, "adcvhnEKf:D:x:")) != EOF) {
+    while ((c = getopt(argc, argv, "adcvhnEKf:D:t:x:")) != EOF) {
 
         switch (c) {
         case 'v':
@@ -303,6 +305,11 @@ int main(int argc, char *argv[])
         case 'D':
             usefile = optarg;
             break;
+        case 't':
+            if (atoi(optarg) == 0) {
+                use_current_timestamp = 1;
+            }
+            break;
         case 'E':
             errout = 0;
             break;
diff --git a/src/modules/socket/pcap/socket_pcap.c b/src/modules/socket/pcap/socket_pcap.c
@@ -323,6 +323,8 @@ void callback_proto(unsigned char *arg, struct pcap_pkthdr *pkthdr, unsigned cha
     uint8_t ip_proto = 0, erspan_offset = 0;
     uint8_t tmp_ip_proto = 0, tmp_ip_len = 0, is_only_gre = 0;
 
+    time_t now = use_current_timestamp ? time(NULL) : 0;
+
     unsigned char* ethaddr  = NULL;
     unsigned char* mplsaddr = NULL;
 
@@ -449,8 +451,8 @@ void callback_proto(unsigned char *arg, struct pcap_pkthdr *pkthdr, unsigned cha
         _msg.rcinfo.ip_family = DLT_MTP2;
         _msg.rcinfo.ip_proto = DLT_MTP2;
 
-        _msg.rcinfo.time_sec = pkthdr->ts.tv_sec;
-        _msg.rcinfo.time_usec = pkthdr->ts.tv_usec;
+        _msg.rcinfo.time_sec = use_current_timestamp ? now : pkthdr->ts.tv_sec;
+        _msg.rcinfo.time_usec = use_current_timestamp ? 0 : pkthdr->ts.tv_usec;
         _msg.tcpflag = 0;
         _msg.parse_it = 1;
 
@@ -734,8 +736,8 @@ void callback_proto(unsigned char *arg, struct pcap_pkthdr *pkthdr, unsigned cha
                                   _msg.rcinfo.dst_port = ntohs(tcp_pkt->th_dport);
                                   _msg.rcinfo.ip_family = ip_ver == 4 ? AF_INET : AF_INET6;
                                   _msg.rcinfo.ip_proto = ip_proto;
-                                  _msg.rcinfo.time_sec = pkthdr->ts.tv_sec;
-                                  _msg.rcinfo.time_usec = pkthdr->ts.tv_usec;
+                                  _msg.rcinfo.time_sec = use_current_timestamp ? now : pkthdr->ts.tv_sec;
+                                  _msg.rcinfo.time_usec = use_current_timestamp ? 0 : pkthdr->ts.tv_usec;
                                   _msg.tcpflag = tcp_pkt->th_flags;
                                   _msg.parse_it = 1;
 
@@ -800,8 +802,8 @@ void callback_proto(unsigned char *arg, struct pcap_pkthdr *pkthdr, unsigned cha
                                   _msg.rcinfo.dst_port = ntohs(tcp_pkt->th_dport);
                                   _msg.rcinfo.ip_family = ip_ver == 4 ? AF_INET : AF_INET6;
                                   _msg.rcinfo.ip_proto = ip_proto;
-                                  _msg.rcinfo.time_sec = pkthdr->ts.tv_sec;
-                                  _msg.rcinfo.time_usec = pkthdr->ts.tv_usec;
+                                  _msg.rcinfo.time_sec = use_current_timestamp ? now : pkthdr->ts.tv_sec;
+                                  _msg.rcinfo.time_usec = use_current_timestamp ? 0 : pkthdr->ts.tv_usec;
                                   _msg.tcpflag = tcp_pkt->th_flags;
                                   _msg.parse_it = 1;
 
@@ -853,8 +855,8 @@ void callback_proto(unsigned char *arg, struct pcap_pkthdr *pkthdr, unsigned cha
                               _msg.rcinfo.dst_mac = mac_dst;
                               _msg.rcinfo.ip_family = ip_ver == 4 ? AF_INET : AF_INET6;
                               _msg.rcinfo.ip_proto = ip_proto;
-                              _msg.rcinfo.time_sec = pkthdr->ts.tv_sec;
-                              _msg.rcinfo.time_usec = pkthdr->ts.tv_usec;
+                              _msg.rcinfo.time_sec = use_current_timestamp ? now : pkthdr->ts.tv_sec;
+                              _msg.rcinfo.time_usec = use_current_timestamp ? 0 : pkthdr->ts.tv_usec;
                               _msg.tcpflag = 0;
                               _msg.parse_it = 1;
 
@@ -916,8 +918,8 @@ void callback_proto(unsigned char *arg, struct pcap_pkthdr *pkthdr, unsigned cha
                                _msg.rcinfo.dst_mac = mac_dst;
                                _msg.rcinfo.ip_family = ip_ver == 4 ? AF_INET : AF_INET6;
                                _msg.rcinfo.ip_proto = ip_proto;
-                               _msg.rcinfo.time_sec = pkthdr->ts.tv_sec;
-                               _msg.rcinfo.time_usec = pkthdr->ts.tv_usec;
+                               _msg.rcinfo.time_sec = use_current_timestamp ? now : pkthdr->ts.tv_sec;
+                               _msg.rcinfo.time_usec = use_current_timestamp ? 0 : pkthdr->ts.tv_usec;
                                _msg.tcpflag = 0;
                                _msg.parse_it = 1;
 
