From ed5ba027437262739fffb5711ae34c178854db19 Mon Sep 17 00:00:00 2001
From: Denys Fedoryshchenko <denys.f@collabora.com>
Date: Sat, 13 May 2023 22:29:29 +0300
Subject: [PATCH] Check for pppoe servers

---
 PPPOE_management.md | 124 +++++++++++++++++++++++---------------------
 1 file changed, 66 insertions(+), 58 deletions(-)

diff --git a/PPPOE_management.md b/PPPOE_management.md
index 966bb13..c49c17f 100644
--- a/PPPOE_management.md
+++ b/PPPOE_management.md
@@ -172,64 +172,6 @@ Most important message here is:
 ```
 As you can see, CHAP authentication failed. This is because of wrong password, MAC mismatch, or duplicate session (check billing logs).
 
-
-
-### Troubleshooting examples
-
-Verify if PPPoE handshake is working:
-The only fact is important is to trace sequence for specific user MAC if he sends correct PADI and receives correct PADO, and then sends PADR. For example:
-```
-tcpdump -ni bond0.2529 -vvv -e pppoed and ether host 6c:3b:6b:81:XX:XX
-
-21:35:47.131362 6c:3b:6b:81:XX:XX (oui Unknown) > Broadcast, ethertype PPPoE D (0x8863), length 60: PPPoE PADI [Host-Uniq 0x500FF5C517B8000005020600] [Service-Name "pr"]
-21:35:47.131408 90:e2:ba:ae:XX:XX (oui Unknown) > 6c:3b:6b:81:XX:XX (oui Unknown), ethertype PPPoE D (0x8863), length 80: PPPoE PADO [AC-Name "united"] [Service-Name "pr"] [AC-Cookie 0x6F71CC054D13DCE911CC1341F1FBDCE7A16830B204F2BEF7] [Host-Uniq 0x500FF5C517B8000005020600]
-21:35:47.143621 6c:3b:6b:81:XX:XX (oui Unknown) > 90:e2:ba:ae:XX:XX (oui Unknown), ethertype PPPoE D (0x8863), length 80: PPPoE PADR [Host-Uniq 0x500FF5C517B8000005020600] [AC-Cookie 0x6F71CC054D13DCE911CC1341F1FBDCE7A16830B204F2BEF7] [AC-Name "united"] [Service-Name "pr"]
-21:35:47.143936 90:e2:ba:ae:XX:XX (oui Unknown) > 6c:3b:6b:81:XX:XX (oui Unknown), ethertype PPPoE D (0x8863), length 52: PPPoE PADS [ses 0x8a48] [AC-Name "united"] [Service-Name "pr"] [Host-Uniq 0x500FF5C517B8000005020600]
-```
-Here we see complete handshake, PADI, PADO, PADR, PADS. If you see this sequence - PPPoE handshake is working.
-
-
-
-
-
-
-
-
-
-### Troubleshooting pppoe packets by tcpdump
-Monitor what PPPoE answer to client PADI:
-```
- tcpdump -nei bond0.372|grep PADO
-```
-Monitor traffic from specific mac
-```
-tcpdump -nei bond0.372 ether host 00:00:00:00:00:00
-```
-
-### Decoding values in accel-cmd pppoe interface show
-
-```
-interface:   connections:    state:    service-name policy:
------------------------------------------------------------
-bond0.2622              0    active    3
-bond0.2529           2251    active    3
-bond0.368            530    active    3
-bond0.923              0    active    1
-```
-* service-name policy is bitmask value - 1 means service-blank, 3 means service-blank+service-name-by-list,2 means service-name-by-list (only)
-```
-/* Answer requests with empty (0 size) service name */
-#define PPPOE_FLAG_ANSWER_BLANK         (1 << 0)
-/* Answer to assigned service names */
-#define PPPOE_FLAG_ANSWER_LIST          (1 << 1)
-/* Answer to ANY service name */
-#define PPPOE_FLAG_ANSWER_ANY           (1 << 2)
-/* Answer to global service name list */
-#define PPPOE_FLAG_ANSWER_GLOBAL        (1 << 3)
-
-```
-So for example 3 means bit 0 and bit 1 is set - so service-name policy is service-blank+service-name-by-list.
-
 ### Troubleshooting radius packets by tcpdump
 
 Usually when user try to authenticate, radius server receives Access-Request packet from pppoe. If user is authenticated, radius server sends Access-Accept packet. If user is not authenticated, radius server sends Access-Reject packet. If radius server is not responding, it means that there is no connection between radius server and router or secret is invalid.<br>
@@ -293,3 +235,69 @@ tcpdump: listening on bond0, link-type EN10MB (Ethernet), snapshot length 262144
             0x0000:  011c f55c 5141 d61d f602 f854 f32b 6455
             0x0010:  da
 ```
+
+### Troubleshooting PPPoE session example
+
+Verify if PPPoE handshake is working:
+The only fact is important is to trace sequence for specific user MAC if he sends correct PADI and receives correct PADO, and then sends PADR. For example:
+```
+tcpdump -ni bond0.2529 -vvv -e pppoed and ether host 6c:3b:6b:81:XX:XX
+
+21:35:47.131362 6c:3b:6b:81:XX:XX (oui Unknown) > Broadcast, ethertype PPPoE D (0x8863), length 60: PPPoE PADI [Host-Uniq 0x500FF5C517B8000005020600] [Service-Name "pr"]
+21:35:47.131408 90:e2:ba:ae:XX:XX (oui Unknown) > 6c:3b:6b:81:XX:XX (oui Unknown), ethertype PPPoE D (0x8863), length 80: PPPoE PADO [AC-Name "united"] [Service-Name "pr"] [AC-Cookie 0x6F71CC054D13DCE911CC1341F1FBDCE7A16830B204F2BEF7] [Host-Uniq 0x500FF5C517B8000005020600]
+21:35:47.143621 6c:3b:6b:81:XX:XX (oui Unknown) > 90:e2:ba:ae:XX:XX (oui Unknown), ethertype PPPoE D (0x8863), length 80: PPPoE PADR [Host-Uniq 0x500FF5C517B8000005020600] [AC-Cookie 0x6F71CC054D13DCE911CC1341F1FBDCE7A16830B204F2BEF7] [AC-Name "united"] [Service-Name "pr"]
+21:35:47.143936 90:e2:ba:ae:XX:XX (oui Unknown) > 6c:3b:6b:81:XX:XX (oui Unknown), ethertype PPPoE D (0x8863), length 52: PPPoE PADS [ses 0x8a48] [AC-Name "united"] [Service-Name "pr"] [Host-Uniq 0x500FF5C517B8000005020600]
+```
+Here we see complete handshake, PADI, PADO, PADR, PADS. If you see this sequence - PPPoE handshake is working.
+
+### Decoding values in accel-cmd pppoe interface show
+
+```
+interface:   connections:    state:    service-name policy:
+-----------------------------------------------------------
+bond0.2622              0    active    3
+bond0.2529           2251    active    3
+bond0.368            530    active    3
+bond0.923              0    active    1
+```
+* service-name policy is bitmask value - 1 means service-blank, 3 means service-blank+service-name-by-list,2 means service-name-by-list (only)
+```
+/* Answer requests with empty (0 size) service name */
+#define PPPOE_FLAG_ANSWER_BLANK         (1 << 0)
+/* Answer to assigned service names */
+#define PPPOE_FLAG_ANSWER_LIST          (1 << 1)
+/* Answer to ANY service name */
+#define PPPOE_FLAG_ANSWER_ANY           (1 << 2)
+/* Answer to global service name list */
+#define PPPOE_FLAG_ANSWER_GLOBAL        (1 << 3)
+
+```
+So for example 3 means bit 0 and bit 1 is set - so service-name policy is service-blank+service-name-by-list.
+
+### Verify for other PPPoE servers in the network
+
+```
+pppoe01 ~ # pppoe-discovery -I bond0.2529
+Detected PPPoE server at interface bond0.2529
+Detected PPPoE server at interface bond0.2529
+Access-Concentrator: MikroTik
+Detected PPPoE server at interface bond0.2529
+       Service-Name: AL
+--------------------------------------------------
+AC-Ethernet-Address: 74:4d:28:c2:XX:XX
+Detected PPPoE server at interface bond0.2529
+Detected PPPoE server at interface bond0.2529
+Access-Concentrator: ahZZZ ZZZ
+Detected PPPoE server at interface bond0.2529
+       Service-Name: ahm
+--------------------------------------------------
+AC-Ethernet-Address: 6c:3b:6b:67:XX:XX
+Detected PPPoE server at interface bond0.2529
+Detected PPPoE server at interface bond0.2529
+Access-Concentrator: diab-AHHDJFDF
+Detected PPPoE server at interface bond0.2529
+       Service-Name: TR
+...       
+```
+As you can see there are 3 other PPPoE servers in the network, and they are all detected by pppoe-discovery. They might cause conflicts during PPPoE session establishment, so it is recommended to find and remove them.
+