UDP checksum error causes DHCP service unavailability solution

Two days ago, when O & M colleagues deployed environments for customers, they encountered a situation where virtual machines could not obtain IP addresses.
When packets are captured by the virtual machine network adapter eth0, DHCP requests and replies are normal, but the virtual machine does not respond. You can manually configure the IP address to allow access.

If you analyze the problem from tcpdump or wireshark, you cannot see the exception.

At this time, we need to have good search capabilities. google goes to the following article:
Https://github.com/Metaswitch/calico/issues/40

The solution in this article is to add iptables rules on the computing node and add checksum in the udp message:
Iptables-a postrouting-t mangle-p udp-dport 68-j CHECKSUM-checksum-fill

Explanation of checksum-fill:

-Checksum-fill

Compute and fill in the checksum in a packet that lacks a checksum. this is particle ly useful, if you need to work around und old applications such as dhcpclients, that do not work well with checksum offloads, but don't want to disable checksum offload in your device.

Wireshark enables UDP checksum:

This solution does not solve the problem, but after knowing the udp checksum problem, we can further analyze the packets captured by wireshark, wireshark's validation of tcp, udp, and ip is disabled by default.
Enable UDP checksum check: edit-> preference-> select UDP protocol in protocol, and check the corresponding area.

Let's take a look at wireshark's package:

The error message of checksum may be caused by udp checksum offload.

Next, capture packets on each device that passes through the packet and find that the udp checksum error starts from the network node. Then, execute the following command on the network node data network adapter, and then OK:
Ethtool-K ethX tx off

Disable the Nic Checksum Offload function, but this may increase the cpu load.