@@ -111,7 +111,7 @@ int cli_ac_addpatt(struct cli_matcher *root, struct cli_ac_patt *pattern)

             }

         }

-        if (root->ac_nocase)

+        if (root->ac_opts & AC_OPTION_NOCASE)

             next = pt->trans[cli_nocase((unsigned char) (pattern->pattern[i] & 0xff))];

         else

             next = pt->trans[(unsigned char) (pattern->pattern[i] & 0xff)];

@@ -146,7 +146,10 @@ int cli_ac_addpatt(struct cli_matcher *root, struct cli_ac_patt *pattern)

             root->ac_nodetable = (struct cli_ac_node **) newtable;

             root->ac_nodetable[root->ac_nodes - 1] = next;

-            pt->trans[(unsigned char) (pattern->pattern[i] & 0xff)] = next;

+            if (root->ac_opts & AC_OPTION_NOCASE)

+                pt->trans[cli_nocase((unsigned char) (pattern->pattern[i] & 0xff))] = next;

+            else

+                pt->trans[(unsigned char) (pattern->pattern[i] & 0xff)] = next;

         }

         pt = next;

@@ -408,7 +411,7 @@ int cli_ac_buildtrie(struct cli_matcher *root)

     return ac_maketrans(root);

 }

-int cli_ac_init(struct cli_matcher *root, uint8_t mindepth, uint8_t maxdepth, uint8_t dconf_prefiltering)

+int cli_ac_init(struct cli_matcher *root, uint8_t mindepth, uint8_t maxdepth, uint8_t dconf_prefiltering, uint8_t ac_opts)

 {

 #ifdef USE_MPOOL

     assert(root->mempool && "mempool must be initialized");

@@ -429,6 +432,7 @@ int cli_ac_init(struct cli_matcher *root, uint8_t mindepth, uint8_t maxdepth, ui

     root->ac_mindepth = mindepth;

     root->ac_maxdepth = maxdepth;

+    root->ac_opts = ac_opts;

     if (cli_mtargets[root->type].enable_prefiltering && dconf_prefiltering) {

         root->filter = mpool_malloc(root->mempool, sizeof(*root->filter));

@@ -843,9 +847,9 @@ int cli_ac_chklsig(const char *expr, const char *end, uint32_t *lsigcnt, unsigne

 	    match = 0;									\

     }

-inline static int ac_findmatch(const unsigned char *buffer, uint32_t offset, uint32_t fileoffset, uint32_t length, const struct cli_ac_patt *pattern, uint32_t *end)

+inline static int ac_findmatch(const unsigned char *buffer, uint32_t offset, uint32_t fileoffset, uint32_t length, const struct cli_ac_patt *pattern, uint32_t *end, uint8_t ac_opts)

 {

-    uint32_t bp, match;

+    uint32_t bp, pstart, match;

     uint16_t wc, i, j, specialcnt = pattern->special_pattern;

     struct cli_ac_special *special;

@@ -853,10 +857,17 @@ inline static int ac_findmatch(const unsigned char *buffer, uint32_t offset, uin

     if((offset + pattern->length > length) || (pattern->prefix_length > offset))

         return 0;

-    bp = offset + pattern->depth;

+    if (!pattern->nocase && (ac_opts & AC_OPTION_NOCASE)) {

+        bp = offset;

+        pstart = 0;

+    }

+    else {

+        bp = offset + pattern->depth;

+        pstart = pattern->depth;

+    }

     match = 1;

-    for(i = pattern->depth; i < pattern->length && bp < length; i++) {

+    for(i = pstart; i < pattern->length && bp < length; i++) {

         AC_MATCH_CHAR(pattern->pattern[i],buffer[bp]);

         if(!match)

             return 0;

@@ -1257,7 +1268,7 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v

     current = root->ac_root;

     for(i = 0; i < length; i++)  {

-        if (root->ac_nocase)

+        if (root->ac_opts & AC_OPTION_NOCASE)

             current = current->trans[cli_nocase(buffer[i])];

         else

             current = current->trans[buffer[i]];

@@ -1292,7 +1303,7 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v

                 }

                 pt = patt;

-                if(ac_findmatch(buffer, bp, offset + bp - patt->prefix_length, length, patt, &matchend)) {

+                if(ac_findmatch(buffer, bp, offset + bp - patt->prefix_length, length, patt, &matchend, root->ac_opts)) {

                     while(pt) {

                         if(pt->partno > mdata->min_partno)

                             break;

@@ -1561,19 +1572,23 @@ int cli_ac_addsig(struct cli_matcher *root, const char *virname, const char *hex

     }

     if (sigopts) {

-	i = 0;

-	while (sigopts[i] != '\0') {

-	    switch (sigopts[i]) {

-	    case 'i':

-		nocase = 1;

-		break;

-	    default:

-		cli_errmsg("cli_ac_addsig: Signature for %s uses invalid option: %02x\n", virname, sigopts[i]);

-		return CL_EMALFDB;

-	    }

+        i = 0;

+        while (sigopts[i] != '\0') {

+            switch (sigopts[i]) {

+            case 'i':

+                if (!(root->ac_opts & AC_OPTION_NOCASE)) {

+                    cli_errmsg("cli_ac_addsig: Signature for %s using nocase cannot be added to case-sensitive AC trie\n", virname);

+                    return CL_EMALFDB;

+                }

+                nocase = 1;

+                break;

+            default:

+                cli_errmsg("cli_ac_addsig: Signature for %s uses invalid option: %02x\n", virname, sigopts[i]);

+                return CL_EMALFDB;

+            }

-	    i++;

-	}

+            i++;

+        }

     }

     if((new = (struct cli_ac_patt *) mpool_calloc(root->mempool, 1, sizeof(struct cli_ac_patt))) == NULL)

@@ -1881,6 +1896,8 @@ int cli_ac_addsig(struct cli_matcher *root, const char *virname, const char *hex

     /* setting nocase match */

     if (nocase) {

+	new->nocase = 1;

+

 	for (i = 0; i < new->length; ++i)

 	    if ((new->pattern[i] & CLI_MATCH_METADATA) == CLI_MATCH_CHAR)

 		new->pattern[i] += CLI_MATCH_NOCASE;

@@ -30,9 +30,14 @@

 #define AC_CH_MAXDIST 32

+/* AC scanning modes */

 #define AC_SCAN_VIR 1

 #define AC_SCAN_FT  2

+/* AC trie options */

+#define AC_OPTION_NOOPTS 0x0

+#define AC_OPTION_NOCASE 0x1

+

 struct cli_ac_data {

     int32_t ***offmatrix;

     uint32_t partsigs, lsigs, reloffsigs;

@@ -69,6 +74,7 @@ struct cli_ac_patt {

     uint32_t offdata[4], offset_min, offset_max;

     uint32_t boundary;

     uint8_t depth;

+    uint8_t nocase;

 };

 struct cli_ac_node {

@@ -96,7 +102,7 @@ int cli_ac_chklsig(const char *expr, const char *end, uint32_t *lsigcnt, unsigne

 void cli_ac_freedata(struct cli_ac_data *data);

 int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, void **customdata, struct cli_ac_result **res, const struct cli_matcher *root, struct cli_ac_data *mdata, uint32_t offset, cli_file_t ftype, struct cli_matched_type **ftoffset, unsigned int mode, cli_ctx *ctx);

 int cli_ac_buildtrie(struct cli_matcher *root);

-int cli_ac_init(struct cli_matcher *root, uint8_t mindepth, uint8_t maxdepth, uint8_t dconf_prefiltering);

+int cli_ac_init(struct cli_matcher *root, uint8_t mindepth, uint8_t maxdepth, uint8_t dconf_prefiltering, uint8_t ac_opts);

 int cli_ac_caloff(const struct cli_matcher *root, struct cli_ac_data *data, const struct cli_target_info *info);

 void cli_ac_free(struct cli_matcher *root);

 int cli_ac_addsig(struct cli_matcher *root, const char *virname, const char *hexsig, const char *sigopts, uint32_t sigid, uint16_t parts, uint16_t partno, uint16_t rtype, uint16_t type, uint32_t mindist, uint32_t maxdist, const char *offset, const uint32_t *lsigid, unsigned int options);

@@ -110,7 +110,7 @@ struct cli_matcher {

     struct filter *filter;

     uint16_t maxpatlen;

-    uint8_t ac_nocase, ac_only;

+    uint8_t ac_opts, ac_only;

     /* Perl-Compiled Regular Expressions */

 #if HAVE_PCRE

@@ -442,7 +442,7 @@ int cli_initroots(struct cl_engine *engine, unsigned int options)

 		root->ac_only = 1;

 	    cli_dbgmsg("Initialising AC pattern matcher of root[%d]\n", i);

-	    if((ret = cli_ac_init(root, engine->ac_mindepth, engine->ac_maxdepth, engine->dconf->other&OTHER_CONF_PREFILTERING))) {

+	    if((ret = cli_ac_init(root, engine->ac_mindepth, engine->ac_maxdepth, engine->dconf->other&OTHER_CONF_PREFILTERING, 0))) {

 		/* no need to free previously allocated memory here */

 		cli_errmsg("cli_initroots: Can't initialise AC pattern matcher\n");

 		return ret;

@@ -270,7 +270,7 @@ int init_regex_list(struct regex_matcher* matcher, uint8_t dconf_prefiltering)

 	matcher->suffixes.mempool = mp;

 	assert(mp && "mempool must be initialized");

 #endif

-	if((rc = cli_ac_init(&matcher->suffixes, 2, 32, dconf_prefiltering))) {

+	if((rc = cli_ac_init(&matcher->suffixes, 2, 32, dconf_prefiltering, 0))) {

 		return rc;

 	}

 #ifdef USE_MPOOL

@@ -94,7 +94,7 @@ START_TEST (test_ac_scanbuff) {

 #ifdef USE_MPOOL

     root->mempool = mpool_create();

 #endif

-    ret = cli_ac_init(root, CLI_DEFAULT_AC_MINDEPTH, CLI_DEFAULT_AC_MAXDEPTH, 1);

+    ret = cli_ac_init(root, CLI_DEFAULT_AC_MINDEPTH, CLI_DEFAULT_AC_MAXDEPTH, 1, 0);

     fail_unless(ret == CL_SUCCESS, "cli_ac_init() failed");

@@ -164,7 +164,7 @@ START_TEST (test_ac_scanbuff_allscan) {

 #ifdef USE_MPOOL

     root->mempool = mpool_create();

 #endif

-    ret = cli_ac_init(root, CLI_DEFAULT_AC_MINDEPTH, CLI_DEFAULT_AC_MAXDEPTH, 1);

+    ret = cli_ac_init(root, CLI_DEFAULT_AC_MINDEPTH, CLI_DEFAULT_AC_MAXDEPTH, 1, 0);

     fail_unless(ret == CL_SUCCESS, "cli_ac_init() failed");