Summary

It would be reasonable to add an optional filter for packets that initiate IPoE sessions when an IPoE server is configured with start-session 'unclassified-packet'.

Use Case

Occasionally, misconfigured CPE devices or endpoints may leak traffic to the IPoE server, sending unsupported or unexpected IP addresses. This results in the IPoE sessions table being flooded with useless junk addresses.

Additional Information

There are two potential approaches to implementing this:

1. Filtering directly in accel-ppp. This appears to be the most native and least intrusive method.
2. Filtering via the firewall. Since the accel-ppp IPoE driver intercepts packets at an early stage, this would need to be done in the ingress hook / netdev table. This method has been tested and confirmed to work effectively, but it may require more careful control and CLI design, as it could interfere with other traffic in certain scenarios.