0

I was wondering how I should approach capturing incoming git requests in my server. Is there any specific piece of information that can suggest a packet might be git related?

I'm trying to detect any incoming "git clone" request by analyzing individual packets via eBPF and only let a "git clone" request pass if it matches a certain criteria.

Its Me
  • 3
  • 2
  • 1
    The kernel only sees the encrypted traffic, same as anyone tapping the wire. You're not one of the endpoints, you can't see the plaintext. – jthill Jun 09 '23 at 01:49
  • but there must be some way the computer is told that this specific directory needs to be fetched? or some sort of git signature? @jthill to be honest any solution would be fine as long as it doesn't cause too much cpu overhead. – Its Me Jun 09 '23 at 01:51
  • 1
    Do you control the git server? The best place to do this is by configuring git. Sniffing network traffic is really indirect and unlikely to succeed because of the encryption. – John Kugelman Jun 09 '23 at 02:16
  • I do control the git server, yes. But not sure how git could be configured to be used in such a way - i'll look into that. – Its Me Jun 09 '23 at 02:20
  • 2
    The server sees only the fetch `git clone` does, there's no separate clone request, there'd be no point. – jthill Jun 09 '23 at 02:39
  • I don't think what you want is actually possible this way. A solution to the overall problem (users should only be able to access specific repos) is either solved by setting restrictions on the repo itself (public vs private repos) or if you dont have access to the repo management, you could create a git proxy server, that fetches only the specified repos from the origin server, so that users clone from that proxy, and disable the access to the origin server alltogether – Malik Jun 09 '23 at 08:48

0 Answers0