log-pcap: remove early output initializing if offline

Remove early opening of output files if running in an offline mode, as
we don't yet know the timestamp to use.

Prevents the first pcap files being opened with a timestamp of 0,
bringing us back to the same behvaviour of pcap logging in 6.0.

Issue: 5374

diff --git a/src/log-pcap.c b/src/log-pcap.c
index dad889df43559167ed4608588f7a358245e71ce9..df6bf8293074f1acb99b6a86e303e9e82f61f407 100644 (file)
--- a/src/log-pcap.c
+++ b/src/log-pcap.c
@@ -1104,11 +1104,14 @@ static TmEcode PcapLogDataInit(ThreadVars *t, const void *initdata, void **data)
 #endif /* INIT_RING_BUFFER */
     }
 
-    if (pl->mode == LOGMODE_MULTI) {
-        PcapLogOpenFileCtx(td->pcap_log);
-    } else {
-        if (pl->filename == NULL) {
-            PcapLogOpenFileCtx(pl);
+    /* Don't early initialize output files if in a PCAP file mode. */
+    if (IsRunModeOffline(RunmodeGetCurrent())) {
+        if (pl->mode == LOGMODE_MULTI) {
+            PcapLogOpenFileCtx(td->pcap_log);
+        } else {
+            if (pl->filename == NULL) {
+                PcapLogOpenFileCtx(pl);
+            }
         }
     }