Eric Dumazet <eric.duma...@gmail.com> writes: [...]
> Since this sock_gen_cookie() is lock-free and IRQ ready, it should be > not be a problem to pretend it works with a const socket. > > I am a bit unsure about revealing in socket cookie a precise count of > sockets created on a netns. Some attackers might use this in a side > channel attack. That is true. We expose this information already via the inode number allocator for sockets. It is a bit imprecise because of using CPU batches.