From fda6e32aede813b50a8035e979f0b623b7f3aa1d Mon Sep 17 00:00:00 2001
From: William Robinet <william.robinet@conostix.com>
Date: Thu, 3 Aug 2023 11:09:56 +0200
Subject: [PATCH] Add -z option for printing timestamps in front of TCP headers

---
 base/network.h    | 1 +
 base/pcap-snoop.c | 9 ++++++---
 base/tcppack.c    | 7 ++++++-
 ssldump.1         | 3 +++
 4 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/base/network.h b/base/network.h
index e5a809a..1760157 100644
--- a/base/network.h
+++ b/base/network.h
@@ -124,5 +124,6 @@ extern UINT4 NET_print_flags;
 #define NET_PRINT_ACKS	    4
 #define NET_PRINT_NO_RESOLVE  8
 #define NET_PRINT_JSON  16
+#define NET_PRINT_TS    32
 #endif
 
diff --git a/base/pcap-snoop.c b/base/pcap-snoop.c
index 96f11a1..3d3a85b 100644
--- a/base/pcap-snoop.c
+++ b/base/pcap-snoop.c
@@ -111,7 +111,7 @@ int err_exit(str,num)
 int usage()
   {
     fprintf(stderr,"Usage: ssldump [-r dumpfile] [-i interface] [-l sslkeylogfile] [-w outpcapfile]\n");
-    fprintf(stderr,"               [-k keyfile] [-p password] [-vtaTnsAxVNde]\n");
+    fprintf(stderr,"               [-k keyfile] [-p password] [-vtaTznsAxVNde]\n");
     fprintf(stderr,"               [filter]\n");
     exit(0);
   }
@@ -120,7 +120,7 @@ int print_version()
   {
     printf(PACKAGE_STRING "\n");
     printf("Maintained by a bunch of volunteers, see https://github.com/adulau/ssldump/blob/master/CREDITS\n");
-    printf("Copyright (C) 2015-2021 the aforementioned volunteers\n");
+    printf("Copyright (C) 2015-2023 the aforementioned volunteers\n");
     printf("Copyright (C) 1998-2001 RTFM, Inc.\n");
     printf("All rights reserved.\n");
 #ifdef OPENSSL    
@@ -332,7 +332,7 @@ int main(argc,argv)
 
     signal(SIGINT,sig_handler);
     
-    while((c=getopt(argc,argv,"vr:F:f:S:jyTt:ai:k:l:w:p:nsAxXhHVNdqem:P"))!=EOF){
+    while((c=getopt(argc,argv,"vr:F:f:S:jyTt:ai:k:l:w:p:znsAxXhHVNdqem:P"))!=EOF){
       switch(c){
         case 'v':
           print_version();
@@ -354,6 +354,9 @@ int main(argc,argv)
           NET_print_flags |= NET_PRINT_JSON;
           SSL_print_flags |= SSL_PRINT_JSON;
           break;
+        case 'z':
+          NET_print_flags |= NET_PRINT_TS;
+          break;
 	case 'a':
 	  NET_print_flags |= NET_PRINT_ACKS;
 	  break;
diff --git a/base/tcppack.c b/base/tcppack.c
index d06885f..8763d89 100644
--- a/base/tcppack.c
+++ b/base/tcppack.c
@@ -397,7 +397,9 @@ static int print_tcp_packet(p)
   packet *p;
   {
     char *src=0,*dst=0;
-    
+
+    struct timeval *ts = &p->ts;
+
     if(!(NET_print_flags & NET_PRINT_TCP_HDR))
       return(0);
 
@@ -405,6 +407,9 @@ static int print_tcp_packet(p)
     lookuphostname(&p->r_addr.so_st,&dst);
     
     if(!(NET_print_flags & NET_PRINT_JSON)) {
+        if(NET_print_flags & NET_PRINT_TS) {
+            printf("%lld%c%4.4lld ", (long long)ts->tv_sec,'.',(long long)ts->tv_usec/100);
+        }
       printf("TCP: %s(%d) -> %s(%d) ",
         src,
         ntohs(p->tcp->th_sport),
diff --git a/ssldump.1 b/ssldump.1
index 348aea0..027aca7 100644
--- a/ssldump.1
+++ b/ssldump.1
@@ -251,6 +251,9 @@ program.
 Decorate the output for processing with nroff/troff. Not very
 useful for the average user.
 .TP
+.B \-z
+Add timestamp in front of TCP packet description (-T)
+.TP
 \fIexpression\fP
 .RS
 Selects what packets \fIssldump\fP will examine. Technically speaking,