From ad6153eb883cb89baa232b373404aba42f7628f9 Mon Sep 17 00:00:00 2001
From: Michael Scherer <misc@redhat.com>
Date: Sat, 4 Jun 2016 15:30:47 +0200
Subject: [PATCH] Add support for smtp protocol detection

---
 probe.c  | 10 ++++++++++
 sslh.pod |  7 ++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/probe.c b/probe.c
index 9b4a63e..a396ae6 100644
--- a/probe.c
+++ b/probe.c
@@ -40,6 +40,7 @@ static int is_xmpp_protocol(const char *p, int len, struct proto*);
 static int is_http_protocol(const char *p, int len, struct proto*);
 static int is_tls_protocol(const char *p, int len, struct proto*);
 static int is_adb_protocol(const char *p, int len, struct proto*);
+static int is_smtp_protocol(const char *p, int len, struct proto*);
 static int is_true(const char *p, int len, struct proto* proto) { return 1; }
 
 /* Table of protocols that have a built-in probe
@@ -54,6 +55,7 @@ static struct proto builtins[] = {
     { "ssl",         NULL,     NULL,  1,        0,         is_tls_protocol },
     { "tls",         NULL,     NULL,  1,        0,         is_tls_protocol },
     { "adb",         NULL,     NULL,  1,        0,         is_adb_protocol },
+    { "smtp",        NULL,     NULL,  1,        0,         is_smtp_protocol },
     { "anyprot",     NULL,     NULL,  1,        0,         is_true }
 };
 
@@ -262,6 +264,14 @@ static int is_adb_protocol(const char *p, int len, struct proto *proto)
     return !memcmp(&p[0], "CNXN", 4) && !memcmp(&p[24], "host:", 5);
 }
 
+static int is_smtp_protocol(const char *p, int len, struct proto *proto)
+{
+    if (len < 5)
+        return PROBE_AGAIN;
+
+    return !strncmp(p, "HELO ", 5) || !strncmp(p, "EHLO ", 5);
+}
+
 static int regex_probe(const char *p, int len, struct proto *proto)
 {
 #ifdef ENABLE_REGEX
diff --git a/sslh.pod b/sslh.pod
index a90d4bd..e0a38bc 100644
--- a/sslh.pod
+++ b/sslh.pod
@@ -14,7 +14,7 @@ B<sslh> accepts connections on specified ports, and forwards
 them further based on tests performed on the first data
 packet sent by the remote client.
 
-Probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP are
+Probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP, SMTP are
 implemented, and any other protocol that can be tested using
 a regular expression, can be recognised. A typical use case
 is to allow serving several services on port 443 (e.g. to
@@ -146,6 +146,11 @@ typically I<localhost:5222>.
 Interface and port on which to forward HTTP connections,
 typically I<localhost:80>.
 
+=item B<--smtp> I<target address>
+
+Interface and port on which to forward SMTP connections,
+typically I<localhost:25>.
+
 =item B<--tinc> I<target address>
 
 Interface and port on which to forward tinc connections,