diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 3637a39e402f..cf32a8c8edc8 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -498,17 +498,19 @@ EXPORT_SYMBOL(ip_idents_reserve);
 void __ip_select_ident(struct iphdr *iph, int segs)
 {
 	static u32 ip_idents_hashrnd __read_mostly;
+	static u32 ip_idents_hashrnd_extra __read_mostly;
 	static bool hashrnd_initialized = false;
 	u32 hash, id;
 
 	if (unlikely(!hashrnd_initialized)) {
 		hashrnd_initialized = true;
 		get_random_bytes(&ip_idents_hashrnd, sizeof(ip_idents_hashrnd));
+		get_random_bytes(&ip_idents_hashrnd_extra, sizeof(ip_idents_hashrnd_extra));
 	}
 
 	hash = jhash_3words((__force u32)iph->daddr,
 			    (__force u32)iph->saddr,
-			    iph->protocol,
+			    iph->protocol ^ ip_idents_hashrnd_extra,
 			    ip_idents_hashrnd);
 	id = ip_idents_reserve(hash, segs);
 	iph->id = htons(id);
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index d41df24edf6f..7f9e15ad85fa 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -545,15 +545,18 @@ static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
 static void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
 {
 	static u32 ip6_idents_hashrnd __read_mostly;
+	static u32 ip6_idents_hashrnd_extra __read_mostly;
 	static bool hashrnd_initialized = false;
 	u32 hash, id;
 
 	if (unlikely(!hashrnd_initialized)) {
 		hashrnd_initialized = true;
 		get_random_bytes(&ip6_idents_hashrnd, sizeof(ip6_idents_hashrnd));
+		get_random_bytes(&ip6_idents_hashrnd_extra, sizeof(ip6_idents_hashrnd_extra));
 	}
 	hash = __ipv6_addr_jhash(&rt->rt6i_dst.addr, ip6_idents_hashrnd);
 	hash = __ipv6_addr_jhash(&rt->rt6i_src.addr, hash);
+	hash = jhash_1word(hash, ip6_idents_hashrnd_extra);
 
 	id = ip_idents_reserve(hash, 1);
 	fhdr->identification = htonl(id);