Openvswitch and incorrect UDP checksums

How should I fill DHCP checksums when using openvswitch? I need it as a work-around when running FreeBSD in a kvm/qemu/libvirt VM. The VM is connected to a LXD instance running openwrt with an openvswitch bridge.

I noticed the workaround for linux bridges in the mangle table on the host. Adding a similar rule on the LXC container which runs the DHCP server (dnsmasq) solves the problem: iptables -t mangle -A OUTPUT -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill. If this is the recommended solution then I think it should be documented.

The rules for linux bridges mentioned above are inserted by code in the following commit:

Yes, that rule should be present on any DHCP server that intends to serve clients that are picky about the UDP checksum.

LXD does that on the host when it acts as a DHCP server, so doing that in your DHCP server container seems appropriate.

Most modern clients don’t need this anymore, but it looks like FreeBSD’s DHCP client hasn’t gotten the needed fix.