detect: reduce datatype scope for various keywords

3 years ago · 9fa0033966
parent ad76502df0
commit 9fa0033966
8 changed files with 30 additions and 31 deletions
--- a/src/detect-app-layer-event.c
+++ b/src/detect-app-layer-event.c
@ -51,6 +51,16 @@

 #define MAX_ALPROTO_NAME 50

+typedef struct DetectAppLayerEventData_ {
+    AppProto alproto;
+    uint8_t event_id;
+
+    /* it's used to check if there are event set into the detect engine */
+    bool needs_detctx;
+
+    char *arg;
+} DetectAppLayerEventData;
+
 static int DetectAppLayerEventPktMatch(DetectEngineThreadCtx *det_ctx,
                                       Packet *p, const Signature *s, const SigMatchCtx *ctx);
 static int DetectAppLayerEventSetupP1(DetectEngineCtx *, Signature *, const char *);
--- a/src/detect-app-layer-event.h
+++ b/src/detect-app-layer-event.h
@ -24,16 +24,6 @@
 #ifndef __DETECT_APP_LAYER_EVENT_H__
 #define __DETECT_APP_LAYER_EVENT_H__

-typedef struct DetectAppLayerEventData_ {
-    AppProto alproto;
-    uint8_t event_id;
-
-    /* it's used to check if there are event set into the detect engine */
-    bool needs_detctx;
-
-    char *arg;
-} DetectAppLayerEventData;
-
 int DetectAppLayerEventPrepare(DetectEngineCtx *de_ctx, Signature *s);
 void DetectAppLayerEventRegister(void);

--- a/src/detect-app-layer-protocol.c
+++ b/src/detect-app-layer-protocol.c
@ -38,6 +38,11 @@
 static void DetectAppLayerProtocolRegisterTests(void);
 #endif

+typedef struct DetectAppLayerProtocolData_ {
+    AppProto alproto;
+    uint8_t negated;
+} DetectAppLayerProtocolData;
+
 static int DetectAppLayerProtocolPacketMatch(
        DetectEngineThreadCtx *det_ctx,
        Packet *p, const Signature *s, const SigMatchCtx *ctx)
--- a/src/detect-app-layer-protocol.h
+++ b/src/detect-app-layer-protocol.h
@ -24,11 +24,6 @@
 #ifndef __DETECT_APP_LAYER_PROTOCOL__H__
 #define __DETECT_APP_LAYER_PROTOCOL__H__

-typedef struct DetectAppLayerProtocolData_ {
-    AppProto alproto;
-    uint8_t negated;
-} DetectAppLayerProtocolData;
-
 void DetectAppLayerProtocolRegister(void);

 #endif /* __DETECT_APP_LAYER_PROTOCOL__H__ */
--- a/src/detect-base64-decode.c
+++ b/src/detect-base64-decode.c
@ -27,6 +27,12 @@
 /* Arbitrary maximum buffer size for decoded base64 data. */
 #define BASE64_DECODE_MAX 65535

+typedef struct DetectBase64Decode_ {
+    uint32_t bytes;
+    uint32_t offset;
+    uint8_t relative;
+} DetectBase64Decode;
+
 static const char decode_pattern[] = "\\s*(bytes\\s+(\\d+),?)?"
    "\\s*(offset\\s+(\\d+),?)?"
    "\\s*(\\w+)?";
--- a/src/detect-base64-decode.h
+++ b/src/detect-base64-decode.h
@ -18,13 +18,6 @@
 #ifndef __DETECT_BASE64_DECODE_H__
 #define __DETECT_BASE64_DECODE_H__

-
-typedef struct DetectBase64Decode_ {
-    uint32_t bytes;
-    uint32_t offset;
-    uint8_t relative;
-} DetectBase64Decode;
-
 void DetectBase64DecodeRegister(void);
 int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *, const Signature *,
    const SigMatchData *, const uint8_t *, uint32_t);
--- a/src/detect-csum.c
+++ b/src/detect-csum.c
@ -40,6 +40,15 @@
 #include "util-profiling.h"
 #include "detect-engine-build.h"

+#define DETECT_CSUM_VALID   "valid"
+#define DETECT_CSUM_INVALID "invalid"
+
+typedef struct DetectCsumData_ {
+    /* Indicates if the csum-<protocol> keyword in a rule holds the
+       keyvalue "valid" or "invalid" */
+    int16_t valid;
+} DetectCsumData;
+
 /* prototypes for the "ipv4-csum" rule keyword */
 static int DetectIPV4CsumMatch(DetectEngineThreadCtx *,
        Packet *, const Signature *, const SigMatchCtx *);
--- a/src/detect-csum.h
+++ b/src/detect-csum.h
@ -24,15 +24,6 @@
 #ifndef __DETECT_CSUM_H__
 #define __DETECT_CSUM_H__

-#define DETECT_CSUM_VALID "valid"
-#define DETECT_CSUM_INVALID "invalid"
-
-typedef struct DetectCsumData_ {
-    /* Indicates if the csum-<protocol> keyword in a rule holds the
-       keyvalue "valid" or "invalid" */
-    int16_t valid;
-} DetectCsumData;
-
 void DetectCsumRegister(void);

 #endif /* __DETECT_CSUM_H__ */