1*4882a593Smuzhiyun.. SPDX-License-Identifier: GPL-2.0 2*4882a593Smuzhiyun 3*4882a593Smuzhiyun================= 4*4882a593SmuzhiyunLSM/SeLinux secid 5*4882a593Smuzhiyun================= 6*4882a593Smuzhiyun 7*4882a593Smuzhiyunflowi structure: 8*4882a593Smuzhiyun 9*4882a593SmuzhiyunThe secid member in the flow structure is used in LSMs (e.g. SELinux) to indicate 10*4882a593Smuzhiyunthe label of the flow. This label of the flow is currently used in selecting 11*4882a593Smuzhiyunmatching labeled xfrm(s). 12*4882a593Smuzhiyun 13*4882a593SmuzhiyunIf this is an outbound flow, the label is derived from the socket, if any, or 14*4882a593Smuzhiyunthe incoming packet this flow is being generated as a response to (e.g. tcp 15*4882a593Smuzhiyunresets, timewait ack, etc.). It is also conceivable that the label could be 16*4882a593Smuzhiyunderived from other sources such as process context, device, etc., in special 17*4882a593Smuzhiyuncases, as may be appropriate. 18*4882a593Smuzhiyun 19*4882a593SmuzhiyunIf this is an inbound flow, the label is derived from the IPSec security 20*4882a593Smuzhiyunassociations, if any, used by the packet. 21