Change tcpdump rotate by time interval. (#4)

Author: summershrimp

Dockerfile

@@ -34,3 +34,4 @@ RUN chmod +x /etc/service/xinetd/run && chmod +x /etc/service/tcpdump/run
 
 ADD ctf.xinetd.example /etc/xinetd.d/ctf
 
+VOLUME /var/lib/tcpdump

README.md

@@ -1,23 +1,24 @@
 # ctf-xinetd
 A docker image to hold pwn challenges in ctf war
 
-# Introduction
+## Introduction
 This image contains xinetd to provide remote access services for pwn challenges, and also contains tcpdump to dump network traffics into pcap file.
 
-Notice: we use a modified xinetd version from our team to restrict syscalls called by xinetd services. ~~In order to use this feature, docker container must run with `--privileged` option.~~ No more `--privileged` needed now.
+Notice: 
+1. we use a modified [xinetd](https://github.com/Asuri-Team/xinetd-kafel) version from our team to restrict syscalls called by xinetd services. ~~In order to use this feature, docker container must run with `--privileged` option.~~ No more `--privileged` needed now.
+2. This docker image will produce docker volume each you create container from it. Better specify one using `-v your_dump_volume:/var/lib/tcpdump`.
 
-
-# Usage
+## Usage
 Please check Dockerfile.example
 
-# Env Vars
+## Env Vars
 | Key | Default Value | Description |
 | --- | ------------- | ----------- |
 | TCPDUMP_ENABLE | (empty) | Whether enable tcpdump or not |
-| TCPDUMP_DIR | /var/lib/tcpdump | Directory to write dump files (name=capture.pcap) |
-| TCPDUMP_SPLIT_SIZE | 10m | Max size of single capture file |
+| TCPDUMP_DIR | /var/lib/tcpdump | Directory to write dump files (name=capture-$timestr.pcap) |
+| TCPDUMP_ROTATE_SEC | 600 | Rotate time interval of capture file |
 | CTF_PORT | 20000 | Port to capture traffic from |
 
-# CAUTION!
+## CAUTION!
 1. Please DO NOT use your own start CMD or entrypoint for this docker image. If you really need to change it, please check [phusion/baseimage](https://github.com/phusion/baseimage-docker) for more details.
 

README.zh-CN.md

@@ -1,23 +1,25 @@
 # ctf-xinetd
 一个用于CTF线上赛运行PWN题目的Docker镜像
 
-# 简介
+## 简介
 这个镜像中包括了运行PWN题目的xinetd服务和用于记录流量的tcpdump服务。
 
-注意: 我们使用了修改版的[xinetd](https://github.com/Asuri-Team/xinetd-kafel). 在这个版本的xinetd中，可以很方便的限制服务所可以调用的系统调用。
-~~为了使用这一功能，在开启docker容器的时候必须添加`--privileged`选项。~~ 现已无需`--privileged`选项。
+注意: 
+1. 我们使用了修改版的[xinetd](https://github.com/Asuri-Team/xinetd-kafel). 在这个版本的xinetd中，可以很方便的限制服务所可以调用的系统调用。~~为了使用这一功能，在开启docker容器的时候必须添加`--privileged`选项。~~ 现已无需`--privileged`选项。
+2. 这个docker镜像将在每次创建容器的时候自动新建volume，并挂载到tcpdump路径。最好添加启动参数`-v your_dump_volume:/var/lib/tcpdump`手动指定一个docker volume。
 
-# 用法
+
+## 用法
 查看Dockerfile.example了解更多
 
-# 环境变量
+## 环境变量
 | Key | Default Value | Description |
 | --- | ------------- | ----------- |
 | TCPDUMP_ENABLE | (empty) | 是否启用tcpdump |
 | TCPDUMP_DIR | /var/lib/tcpdump | 记录流量的文件夹 (文件名=capture.pcap) |
-| TCPDUMP_SPLIT_SIZE | 10m | 流量文件的分割大小 |
+| TCPDUMP_ROTATE_SEC | 600 | 流量文件的分割时间间隔 (秒) |
 | CTF_PORT | 20000 | 记录流量的端口 |
 
-# 注意!
+## 注意!
 1. 一定不要修改本image的ENTRYPOINT或CWD, 如果你确定你在做什么，请阅读 [phusion/baseimage](https://github.com/phusion/baseimage-docker) 的文档获取更多信息。
 

tcpdump.sh

@@ -2,24 +2,25 @@
 
 if [ -z $TCPDUMP_ENABLE ]; then
     echo "Set TCPDUMP_ENABLE to enable packet capture."
+    sv stop tcpdump
     sleep 1d
     exit 0
 fi
 
-if [ -z $TCPDUMP_DIR ]; then
-    TCPDUMP_DIR=/var/lib/tcpdump
-fi
+TCPDUMP_DIR=/var/lib/tcpdump
 
-if [ -z $TCPDUMP_SPLIT_SIZE ]; then
-    TCPDUMP_SPLIT_SIZE=10m
+if [ -z $TCPDUMP_ROTATE_SEC ]; then
+    TCPDUMP_ROTATE_SEC=600
 fi
 
 if [ -z $CTF_PORT ]; then
     CTF_PORT=20000
 fi
 
+TCPDUMP_FILENAME="capture-%F-%H-%M-%S.pcap"
+
 mkdir -p $TCPDUMP_DIR
-echo "TCPDUMP: capture port: $CTF_PORT, split size: $TCPDUMP_SPLIT_SIZE"
-exec /usr/sbin/tcpdump -i eth0 port $CTF_PORT -w $TCPDUMP_DIR/capture.pcap -C $TCPDUMP_SPLIT_SIZE
+echo "TCPDUMP: capture port: $CTF_PORT, rotate interval: ${TCPDUMP_ROTATE_SEC}s, capture filename: capture-\$time.pcap"
+exec /usr/sbin/tcpdump -i eth0 port $CTF_PORT -U -w $TCPDUMP_DIR/$TCPDUMP_FILENAME -G $TCPDUMP_ROTATE_SEC