From: Shaohua Li <s...@kernel.org> Date: Tue, 18 Jul 2017 12:03:37 -0700
> + /* Since this is being sent on the wire obfuscate hash a bit > + * to minimize possbility that any useful information to an > + * attacker is leaked. Only lower 20 bits are relevant. > + */ > + rol32(hash, 16); This doesn't help anything at all. I don't like things that try to give a sense of security (however little) but actually don't give any at all. I'd rather, therefore, that you remove this altogether. And note that maybe not using the same flow label prevents attacks of that nature, ever consider that?
