NAME
bsde_add_rule,
bsde_get_rule,
bsde_set_rule,
bsde_delete_rule —
file system firewall rules list
management
LIBRARY
library “libugidfw”
SYNOPSIS
#include
<ugidfw.h>
int
bsde_add_rule(int *rulenum,
struct mac_bsdextended_rule *rule,
size_t buflen, char
*errstr);
int
bsde_get_rule(int rulenum,
struct mac_bsdextended_rule *rule,
size_t errlen, char
*errstr);
int
bsde_set_rule(int rulenum,
struct mac_bsdextended_rule *rule,
size_t errlen, char
*errstr);
int
bsde_delete_rule(int
rulenum, size_t
errlen, char
*errstr);
DESCRIPTION
Thebsde_add_rule()
function fills the next available rule (in struct
mac_bsdextended_rule form, either from
bsde_get_rule() or
bsde_parse_rule(3)). If an error occurs,
*errstr is filled with the error string (up to
errlen characters, including the terminating
NUL). If successful and rulenum
is non-NULL, the rule number
used will be returned in *rulenum.
The
bsde_get_rule()
function fills in *rule with the rule numbered
rulenum. If an error occurs,
*errstr is filled in with the error string (up to
errlen characters, including the terminating
NUL).
The
bsde_set_rule()
function fills the slot numbered rulenum with the
specified rule (in struct mac_bsdextended_rule form,
either from bsde_get_rule() or
bsde_parse_rule(3)). If an error occurs,
*errstr is filled with the error string (up to
errlen characters, including the terminating
NUL).
The
bsde_delete_rule()
function deletes the rule numbered rulenum. If an
error occurs, *errstr is filled with the error string
(up to errlen characters, including the terminating
NUL).
RETURN VALUES
The bsde_get_rule(),
bsde_set_rule(), and
bsde_delete_rule() functions return 0 if successful;
otherwise the value -1 is returned and the value of
*errstr is filled in as documented in
DESCRIPTION.
SEE ALSO
bsde_get_rule_count(3), bsde_get_rule_slots(3), bsde_parse_rule(3), bsde_parse_rule_string(3), bsde_rule_to_string(3), libugidfw(3), mac_bsdextended(4), ugidfw(8)
AUTHORS
This software was contributed to the FreeBSD Project by Network Associates Labs, the Security Research Division of Network Associates Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (“CBOSS”), as part of the DARPA CHATS research program.