Fill DHCP checksums

Try to work-around broken DHCP clients (such as FreeBSD), with an iptables rule added to the default /etc/firewall.user. And install the required iptables-mod-checksum package by default.
author: Mikael Magnusson <mikma@users.sourceforge.net> 2019-05-03 21:54:48 +0000
committer: Mikael Magnusson <mikma@users.sourceforge.net> 2019-05-04 20:28:28 +0000
commit: 2a146307bc5d5d4703893edcbbf1e2006ad84bb0 (patch)
tree: ab931d8cd92a61e3eae6d7d80e38bc2346e95ed5 /files/etc
parent: 3f997d12e574de2668ded4fa7e95cee9132ac50f (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/files/etc/uci-defaults/70_fill-dhcp-checksum b/files/etc/uci-defaults/70_fill-dhcp-checksum
new file mode 100644
index 0000000..6e9224a
--- /dev/null
+++ b/files/etc/uci-defaults/70_fill-dhcp-checksum
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+cat >> /etc/firewall.user << EOF
+
+# Fill DHCP checksums, try to work-around broken DHCP clients (such as FreeBSD).
+# It requires iptables-mod-checksum which is installed by default in lxd-openwrt.
+if [ -e /usr/lib/iptables/libxt_CHECKSUM.so ]; then
+    iptables -t mangle -A OUTPUT -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+fi
+
+EOF
author	Mikael Magnusson <mikma@users.sourceforge.net>	2019-05-03 21:54:48 +0000
committer	Mikael Magnusson <mikma@users.sourceforge.net>	2019-05-04 20:28:28 +0000
commit	2a146307bc5d5d4703893edcbbf1e2006ad84bb0 (patch)
tree	ab931d8cd92a61e3eae6d7d80e38bc2346e95ed5 /files/etc
parent	3f997d12e574de2668ded4fa7e95cee9132ac50f (diff)