It fails to decode the frames, obviously. But so does any other EtherType.
Florian was hinting
(https://lwn.net/ml/netdev/b52f4cdf-edcf-0757-1d6e-d4a831ec7943@xxxxxxxxx/)
at the recent pull requests submitted to tcpdump and libpcap that make
it possible to decode based on the string in
/sys/class/net/${master}/dsa/tagging. I admit I haven't actually
tested or studied those closely yet (there are more important things
to focus on ATM), but since my driver returns "8021q" in sysfs and
yours returns "edsa", I would presume tcpdump could use that
information.
No it does not. It is a valid EtherType, that is what is used to
trigger the decoding, it takes no notice of what is in
/sys/class/net/${master}/dsa/tagging, nor the extra meta-data added to
the pcap file. There is no need. you can identify it is a Marvell EDSA
header from the EtherType.
In fact, this tcpdump code for decoding EDSA pre-dated Florians
patches by a few years.
You only need the code which Florian added when you cannot identify
the header directly from the packet. And that is true for most of the
tagging protocols. But EDSA you can.
I suppose this is a valid point, but in that case any EtherType would do and technically using ETH_P_EDSA is just an one of the many possible choices for configuring the Marvell EDSA EtherType, you just need to pick one that is not going to trick the switching into thinking this is invalid LLC/SNAP.
Anyway, since you obviously know more on this topic than I do,
please make me understand what are the real problems in spoofing the
Ethertype as a Marvell one.
Despite there being an EDSA EtherType in the frame, what follows is
not an ESDA header. It is like having the IPv4 EtherType but what
following is not an IP header. Broken.