detect: reduce datatype scope for various keywords

src/detect-app-layer-event.c

@@ -51,6 +51,16 @@
 
 #define MAX_ALPROTO_NAME 50
 
+typedef struct DetectAppLayerEventData_ {
+    AppProto alproto;
+    uint8_t event_id;
+
+    /* it's used to check if there are event set into the detect engine */
+    bool needs_detctx;
+
+    char *arg;
+} DetectAppLayerEventData;
+
 static int DetectAppLayerEventPktMatch(DetectEngineThreadCtx *det_ctx,
                                        Packet *p, const Signature *s, const SigMatchCtx *ctx);
 static int DetectAppLayerEventSetupP1(DetectEngineCtx *, Signature *, const char *);

src/detect-app-layer-event.h

@@ -24,16 +24,6 @@
 #ifndef __DETECT_APP_LAYER_EVENT_H__
 #define __DETECT_APP_LAYER_EVENT_H__
 
-typedef struct DetectAppLayerEventData_ {
-    AppProto alproto;
-    uint8_t event_id;
-
-    /* it's used to check if there are event set into the detect engine */
-    bool needs_detctx;
-
-    char *arg;
-} DetectAppLayerEventData;
-
 int DetectAppLayerEventPrepare(DetectEngineCtx *de_ctx, Signature *s);
 void DetectAppLayerEventRegister(void);
 

src/detect-app-layer-protocol.c

@@ -38,6 +38,11 @@
 static void DetectAppLayerProtocolRegisterTests(void);
 #endif
 
+typedef struct DetectAppLayerProtocolData_ {
+    AppProto alproto;
+    uint8_t negated;
+} DetectAppLayerProtocolData;
+
 static int DetectAppLayerProtocolPacketMatch(
         DetectEngineThreadCtx *det_ctx,
         Packet *p, const Signature *s, const SigMatchCtx *ctx)

src/detect-app-layer-protocol.h

@@ -24,11 +24,6 @@
 #ifndef __DETECT_APP_LAYER_PROTOCOL__H__
 #define __DETECT_APP_LAYER_PROTOCOL__H__
 
-typedef struct DetectAppLayerProtocolData_ {
-    AppProto alproto;
-    uint8_t negated;
-} DetectAppLayerProtocolData;
-
 void DetectAppLayerProtocolRegister(void);
 
 #endif /* __DETECT_APP_LAYER_PROTOCOL__H__ */

src/detect-base64-decode.c

@@ -27,6 +27,12 @@
 /* Arbitrary maximum buffer size for decoded base64 data. */
 #define BASE64_DECODE_MAX 65535
 
+typedef struct DetectBase64Decode_ {
+    uint32_t bytes;
+    uint32_t offset;
+    uint8_t relative;
+} DetectBase64Decode;
+
 static const char decode_pattern[] = "\\s*(bytes\\s+(\\d+),?)?"
     "\\s*(offset\\s+(\\d+),?)?"
     "\\s*(\\w+)?";

src/detect-base64-decode.h

@@ -18,13 +18,6 @@
 #ifndef __DETECT_BASE64_DECODE_H__
 #define __DETECT_BASE64_DECODE_H__
 
-
-typedef struct DetectBase64Decode_ {
-    uint32_t bytes;
-    uint32_t offset;
-    uint8_t relative;
-} DetectBase64Decode;
-
 void DetectBase64DecodeRegister(void);
 int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *, const Signature *,
     const SigMatchData *, const uint8_t *, uint32_t);

src/detect-csum.c

@@ -40,6 +40,15 @@
 #include "util-profiling.h"
 #include "detect-engine-build.h"
 
+#define DETECT_CSUM_VALID   "valid"
+#define DETECT_CSUM_INVALID "invalid"
+
+typedef struct DetectCsumData_ {
+    /* Indicates if the csum-<protocol> keyword in a rule holds the
+       keyvalue "valid" or "invalid" */
+    int16_t valid;
+} DetectCsumData;
+
 /* prototypes for the "ipv4-csum" rule keyword */
 static int DetectIPV4CsumMatch(DetectEngineThreadCtx *,
         Packet *, const Signature *, const SigMatchCtx *);

src/detect-csum.h

@@ -24,15 +24,6 @@
 #ifndef __DETECT_CSUM_H__
 #define __DETECT_CSUM_H__
 
-#define DETECT_CSUM_VALID "valid"
-#define DETECT_CSUM_INVALID "invalid"
-
-typedef struct DetectCsumData_ {
-    /* Indicates if the csum-<protocol> keyword in a rule holds the
-       keyvalue "valid" or "invalid" */
-    int16_t valid;
-} DetectCsumData;
-
 void DetectCsumRegister(void);
 
 #endif /* __DETECT_CSUM_H__ */