Running editcap with -r and with no packets selected should report an error
Summary
By default, editcap selects all packets to be written to the output file(s).
The -r
flag reverses the selection.
Thus, -r
, with no explicit packet selection, selects no packets to be written to the output file(s).
This is useful only if you want to create an empty file of a given file format, which is probably not very often what people want to do.
See https://ask.wireshark.org/question/27919/editcapexe-returns-file-mycapturefilepcapng-is-a-wireshark-pcapng-capture-file/ for a case where somebody did that and didn't realize that it would create an empty file.
Steps to reproduce
Run editcap with the -r
flag and no explicit packet selection.
What is the current bug behavior?
It writes an empty file.
What is the expected correct behavior?
It should fail, indicating that this command is guaranteed to produce an empty file.
Sample capture file
N/A
Relevant logs and/or screenshots
$ editcap -r ~/captures-too-big/afscrash.pcap /tmp/outfile
$ capinfos /tmp/outfile
File name: /tmp/outfile
File type: Wireshark/... - pcapng
File encapsulation: Unknown
File timestamp precision: UNKNOWN (-2)
Packet size limit: file hdr: (not set)
Number of packets: 0
...
Build information
Editcap (Wireshark) 3.6.6 (v3.6.6-0-g7d96674e2a30)
Copyright 1998-2022 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) using Clang 11.0.0 (clang-1100.0.33.16), with GLib 2.68.4,
with zlib 1.2.11.
Running on Mac OS X 10.16, build 20G417 (Darwin 20.6.0), with Intel(R) Core(TM)
i9-9980HK CPU @ 2.40GHz (with SSE4.2), with 65536 MB of physical memory, with
GLib 2.68.4, with zlib 1.2.11, with LC_TYPE=C, binary plugins supported (0
loaded).
Edited by Guy Harris