Adding upstream version 4.2.2.upstream/4.2.2

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 124 insertions, 0 deletions

diff --git a/doc/etwdump.adoc b/doc/etwdump.adoc
new file mode 100644
index 00000000..b1070d38
--- /dev/null
+++ b/doc/etwdump.adoc
@@ -0,0 +1,124 @@
+include::../docbook/attributes.adoc[]
+= etwdump(1)
+:doctype: manpage
+:stylesheet: ws.css
+:linkcss:
+:copycss: ../docbook/{stylesheet}
+
+== NAME
+
+etwdump - Provide an interface to read Event Tracing for Windows (ETW)
+
+== SYNOPSIS
+
+[manarg]
+*etwdump*
+[ *--help* ]
+[ *--version* ]
+[ *--extcap-interfaces* ]
+[ *--extcap-dlts* ]
+[ *--extcap-interface*=<interface> ]
+[ *--extcap-config* ]
+[ *--capture* ]
+[ *--fifo*=<path to file or pipe> ]
+[ *--iue*=<Should undecidable events be included> ]
+[ *--etlfile*=<etl file> ]
+[ *--params*=<filter parameters> ]
+
+== DESCRIPTION
+
+*etwdump* is a extcap tool that provides access to a event trace log file or an event trace live session.
+It is only used to display event trace on Windows that includes readable text message and different protocols (like MBIM and IP packets).
+
+== OPTIONS
+
+--help::
+Print program arguments.
+
+--version::
+Print program version.
+
+--extcap-interfaces::
+List available interfaces.
+
+--extcap-interface=<interface>::
+Use specified interfaces.
+
+--extcap-dlts::
+List DLTs of specified interface.
+
+--extcap-config::
+List configuration options of specified interface.
+
+--capture::
+Start capturing from specified interface save saved it in place specified by --fifo.
+
+--fifo=<path to file or pipe>::
+Save captured packet to file or send it through pipe.
+
+--iue=<Should undecidable events be included>::
+Choose if the undecidable event is included.
+
+--etlfile=<Etl file>::
+Select etl file to display in Wireshark.
+
+--params=<filter parameters>::
+Input providers, keyword and level filters for the etl file and live session.
+
+== EXAMPLES
+
+To see program arguments:
+
+    etwdump --help
+
+To see program version:
+
+    etwdump --version
+
+To see interfaces:
+
+    etwdump --extcap-interfaces
+
+.Example output
+    interface {value=etwdump}{display=ETW reader}
+
+To see interface DLTs:
+
+    etwdump --extcap-interface=etwdump --extcap-dlts
+
+.Example output
+    dlt {number=1}{name=etwdump}{display=DLT_ETW}
+
+To see interface configuration options:
+
+    etwdump --extcap-interface=etwdump --extcap-config
+
+.Example output
+    arg {number=0}{call=--etlfile}{display=etl file}{type=fileselect}{tooltip=Select etl file to display in Wireshark}{group=Capture}
+    arg {number=1}{call=--params}{display=filter parmeters}{type=string}{tooltip=Input providers, keyword and level filters for the etl file and live session}{group=Capture}
+    arg {number=2}{call=--iue}{display=Should undecidable events be included}{type=boolflag}{default=false}{tooltip=Choose if the undecidable event is included}{group=Capture}
+
+To capture:
+
+    etwdump --extcap-interface etwdump --fifo=/tmp/etw.pcapng --capture --params "--p=Microsoft-Windows-Wmbclass-Opn --p=Microsoft-Windows-wmbclass --k=0xff --l=4"
+    etwdump --extcap-interface etwdump --fifo=/tmp/etw.pcapng --capture --params "--p=Microsoft-Windows-Wmbclass-Opn --p=Microsoft-Windows-NDIS-PacketCapture"
+
+NOTE: To stop capturing CTRL+C/kill/terminate the application.
+
+== SEE ALSO
+
+xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4)
+
+== NOTES
+
+*etwdump* is part of the *Wireshark* distribution.  The latest version
+of *Wireshark* can be found at https://www.wireshark.org.
+
+HTML versions of the Wireshark project man pages are available at
+https://www.wireshark.org/docs/man-pages.
+
+== AUTHORS
+
+.Original Author
+[%hardbreaks]
+Odysseus Yang <wiresharkyyh@outlook.com>