[solved] How to grab FDB per VLAN entries on DSA

Hi to all

on swconfig devices, there was a straight way to get FDB entries for every VLAN separate

for example:

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '6t 0 '

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '6t 0t '

config switch_vlan
        option device 'switch0'
        option vlan '100'
        option ports '6t 0t '

config interface 'lan1'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option netmask '255.255.255.0'
        option gateway '169.254.1.1'
        option dns '169.254.1.1'
        option macaddr '0e:01:01:00:01:01'
        option ipaddr '169.254.1.101'

config interface 'lan2'
        option type 'bridge'
        option ifname 'eth0.2'
        option proto 'none'

config interface 'lan100'
        option type 'bridge'
        option ifname 'eth0.100'
        option proto 'none'

this way, every VLAN get corespondent br-lanXXX
and then, from script

....
for DEV in $(cat /proc/net/dev | grep -Eo 'br-lan[0-9]+' | sort -us); do
    cat "/sys/class/net/$DEV/brforward" | hexdump -v -e '5/1 "%02x:" 1/1 "%02x " 1/1 "%u " 1/1 "%u " 1/4 "%u " 1/1 "%u " 3/1 "" "\n"' | \
    while IFS=' ' read MAC PORTLO ISLOCAL TIMER PORTHI; do
        if [ "$ISLOCAL" != "1" ]; then
            PORTNO=$((PORTHI << 16 | PORTLO))
            PTH=$(grep -l $PORTNO /sys/class/net/"$DEV"/lower_*/brport/port_no)
            PTH=${PTH/\/brport\/port_no/}
            INT=$(echo $PTH|cut -d'_' -f2)
            IDX=$(cat $PTH/ifindex)
            if [ -z "${INT##*.*}" ]; then VLAN=$(echo $INT | cut -d'.' -f2); else continue; fi
            IFS=':'; set -- $MAC
            echo $VLAN.$(printf "%d\n" 0x$1).$(printf "%d\n" 0x$2).$(printf "%d\n" 0x$3).$(printf "%d\n" 0x$4).$(printf "%d\n" 0x$5).$(printf "%d\n" 0x$6),$IDX >> /tmp/snmp/fdb
        fi
    done
done

you could grab learned mac addressess on this bridge AND extract VLAN ID from interface name
this way working perfectly and LibreNMS could display properly FDB entries for each vlan separate

so far, so good

but, on DSA, ther is one main bridge

config device
        option type 'bridge'
        option name 'switch'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'wan'

config bridge-vlan
        option device 'switch'
        option vlan '1'
        list ports 'lan4:u*'
        list ports 'wan:u*'

config bridge-vlan
        option device 'switch'
        option vlan '2'
        list ports 'lan1:u*'
        list ports 'wan:t'

config bridge-vlan
        option device 'switch'
        option vlan '100'
        list ports 'lan2:u*'
        list ports 'wan:t'

config bridge-vlan
        option device 'switch'
        option vlan '200'
        list ports 'lan3:u*'
        list ports 'wan:t'

config interface 'vlan1'
        option proto 'dhcp'
        option device 'switch.1'

config interface 'vlan2'
        option proto 'none'
        option device 'switch.2'

config interface 'vlan100'
        option proto 'none'
        option device 'switch.100'

config interface 'vlan200'
        option proto 'none'
        option device 'switch.200'

so, every interface is part of primary bridge (here called switch) and there is no information in cat /sys/class/net/$DEV/brforward bacause we use only one bridge. Ok, FDB entries are there, but they are all mixed up, it is impossible to guess which mac belong to which vlan

maybe i am missing something because i am new to DSA ?
how to grab FDB table for each VLAN on DSA device ?

tnx in advance

Have a look at bridge from ip-bridge package. You should be able to get MAC address, vlan, and DSA-port-device from it, or see where to find them (if possible) under /sys/class/net

Examples (masked MAC addresses):
This is from my mt7621 device configured with all (DSA-port-devices) in a single vlan-filtering bridge, with bridge-vlans defining

uci show dhcp.@host[0] | sed -E "s/[0-9a-fA-F]+:/aa:/g"
dhcp.cfg09fe63=host
dhcp.cfg09fe63.mac='aa:aa:aa:aa:aa:9a'
dhcp.cfg09fe63.ip='10.53.6.100'
dhcp.cfg09fe63.name='ccgx'
dhcp.cfg09fe63.dns='1'


bridge fdb show | grep $(uci get dhcp.@host[0].mac) | sed -E "s/[0-9a-fA-F]+:/aa:/g"
aa:aa:aa:aa:aa:9a dev lan4 vlan 1 master br0 
aa:aa:aa:aa:aa:9a dev lan4 vlan 1 self 


bridge fdb show vlan 20 | sed -E "s/[0-9a-fA-F]+:/aa:/g"
aa:aa:aa:aa:aa:1c dev sfp vlan 20 offload master br0 
aa:aa:aa:aa:aa:44 dev sfp vlan 20 offload master br0 
aa:aa:aa:aa:aa:e0 dev sfp vlan 20 offload master br0 
aa:aa:aa:aa:aa:41 dev sfp vlan 20 offload master br0 
aa:aa:aa:aa:aa:dc dev sfp vlan 20 offload master br0 
aa:aa:aa:aa:aa:dc dev sfp vlan 20 offload master br0 
aa:aa:aa:aa:aa:2b dev sfp vlan 20 offload master br0 
aa:aa:aa:aa:aa:5f dev sfp vlan 20 offload master br0 
aa:aa:aa:aa:aa:6d dev sfp vlan 20 offload master br0 
aa:aa:aa:aa:aa:e8 dev sfp vlan 20 offload master br0 
aa:aa:aa:aa:aa:99 dev sfp vlan 20 offload master br0 
aa:aa:aa:aa:aa:c2 dev sfp vlan 20 offload master br0 
aa:aa:aa:aa:aa:b6 dev sfp vlan 20 offload master br0 permanent
aa:aa:aa:aa:aa:b5 dev lan5 vlan 20 offload master br0 permanent
aa:aa:aa:aa:aa:b1 dev br0 vlan 20 offload master br0 permanent


bridge fdb show br br0 brport sfp vlan 11 | sed -E "s/[0-9a-fA-F]+:/aa:/g"
aa:aa:aa:aa:aa:27 vlan 11 offload master br0 
aa:aa:aa:aa:aa:41 vlan 11 offload master br0 
aa:aa:aa:aa:aa:b6 vlan 11 offload master br0 permanent

hope that helps

Hi
@johnth

looks promising ...
will try to rewrite snmp scripts for weekend and give you feedback

tnx for pointing out ip-bridge

Hi @johnth

yes, much much easier for parsing than before ... tnx

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.