From 2a146307bc5d5d4703893edcbbf1e2006ad84bb0 Mon Sep 17 00:00:00 2001
From: Mikael Magnusson <mikma@users.sourceforge.net>
Date: Fri, 3 May 2019 21:54:48 +0000
Subject: Fill DHCP checksums

Try to work-around broken DHCP clients (such as FreeBSD),
with an iptables rule added to the default /etc/firewall.user.
And install the required iptables-mod-checksum package by default.
---
 build.sh                                     |  2 ++
 files/etc/uci-defaults/70_fill-dhcp-checksum | 11 +++++++++++
 2 files changed, 13 insertions(+)
 create mode 100644 files/etc/uci-defaults/70_fill-dhcp-checksum

diff --git a/build.sh b/build.sh
index 1ac2143..50ac784 100755
--- a/build.sh
+++ b/build.sh
@@ -7,6 +7,8 @@ ver=18.06.2
 dist=openwrt
 type=lxd
 super=fakeroot
+# iptables-mod-checksum is required by the work-around inserted by files/etc/uci-defaults/70_fill-dhcp-checksum.
+packages=iptables-mod-checksum
 
 # Workaround for Debian/Ubuntu systems which use C.UTF-8 which is unsupported by OpenWrt
 export LC_ALL=C
diff --git a/files/etc/uci-defaults/70_fill-dhcp-checksum b/files/etc/uci-defaults/70_fill-dhcp-checksum
new file mode 100644
index 0000000..6e9224a
--- /dev/null
+++ b/files/etc/uci-defaults/70_fill-dhcp-checksum
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+cat >> /etc/firewall.user << EOF
+
+# Fill DHCP checksums, try to work-around broken DHCP clients (such as FreeBSD).
+# It requires iptables-mod-checksum which is installed by default in lxd-openwrt.
+if [ -e /usr/lib/iptables/libxt_CHECKSUM.so ]; then
+    iptables -t mangle -A OUTPUT -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+fi
+
+EOF
-- 
cgit v1.2.3