Clean up configuration file and plugin folder description.

Have a separate section, before all the others, giving the top-level
directories under which those folders are placed, with names for use in
later sections.

Update the example personal application data folder on Windows to the NT
6.x-and-beyond standard.

Don't give the pathnames for configuration files in the table, just give
the name and the description.

For the global files, distinguish between macOS and other Unix-like
systems, and, for the latter, mention both /usr/XXX and /usr/local/XXX.

The preferences file isn't "wireshark.conf", and hasn't been that for
quite a while.

For all the configuration files, give the details of personal vs. global
files - they're different for different files.

Have separate sections for configuration files and plugin folders.  For
plugin folders, note both the use of the top-level plugin folder for Lua
scripts and the use of the per-Wireshark-version subfolder for compiled
plugins.

Use fixed-format text for the non-variable parts of pathnames, and
italics for the variable parts.

This should, among other things, make it easier for other documents,
such as the Lua documentation in the Wireshark wiki, to refer to folders
such as the configuration file and plugin folders.

Change-Id: I133c1e159e992827458bee64c4f37be5b50f9b6f
Reviewed-on: https://code.wireshark.org/review/23060
Reviewed-by: Guy Harris <guy@alum.mit.edu>

1 files changed, 226 insertions, 106 deletions

diff --git a/docbook/wsug_src/WSUG_app_files.asciidoc b/docbook/wsug_src/WSUG_app_files.asciidoc
index bc956839d6..87dd4477b9 100644
--- a/docbook/wsug_src/WSUG_app_files.asciidoc
+++ b/docbook/wsug_src/WSUG_app_files.asciidoc
@@ -76,13 +76,18 @@ can't. Other file formats have varying levels of support.
 
 * The current display filter
 
-[[ChAppFilesConfigurationSection]]
+[[ChConfigurationPluginFolders]]
 
-=== Configuration Files and Folders
+=== Configuration File and Plugin Folders
 
-Wireshark uses a number of files and folders while it is running. Some of these
-reside in the personal configuration folder and are used to maintain information
-between runs of Wireshark, while some of them are maintained in system areas.
+To match the different policies for Unix-like systems and Windows, and
+different policies used on different Unix-like systems, the folders
+containing configuration files and plugins are different on different
+platforms.  We indicate the location of the top-level folders under
+which configuration files and plugins are stored here, giving them
+placeholder names independent of their actual location, and use those
+names later when giving the location of the folders for configuration
+files and plugins.
 
 [TIP]
 ====
@@ -91,56 +96,92 @@ tab in the dialog box shown when you select _About Wireshark_ from the _Help_
 menu.
 ====
 
+==== Folders on Windows
+
+_APPDATA_ is the personal application data folder, e.g.:
+++C:\Users\++__username__++\AppData\Roaming\Wireshark++ (details can be
+found at: <<ChWindowsProfiles>>).
+
+_WIRESHARK_ is the Wireshark program folder, e.g.: `C:\Program
+Files\Wireshark`.
+
+==== Folders on Unix-like systems
+
+_XDG_CONFIG_HOME_ is the folder for user-specific configuration files. 
+It's usually $HOME++/.config++, where $HOME is the user's home folder, which
+is usually something such as ++/home/++__username__, or
+++/Users/++__username__ on macOS.
+
+If you are using macOS and you are running a copy of Wireshark
+installed as an application bundle, _APPDIR_ is the top-level directory
+of the Wireshark application bundle, which will typically be
+`/Applications/Wireshark.app`.  Otherwise, _INSTALLDIR_ is the top-level
+directory under which reside the subdirectories in which components of
+Wireshark are installed.  This will typically be `/usr` if Wireshark is
+bundled with the system (for example, provided as a package with a Linux
+distribution) and `/usr/local` if, for example, you've build Wireshark
+from source and installed it.
+
+[[ChAppFilesConfigurationSection]]
+
+=== Configuration Files
+
+Wireshark uses a number of configuration files while it is running. Some of these
+reside in the personal configuration folder and are used to maintain information
+between runs of Wireshark, while some of them are maintained in system areas.
+
 The content format of the configuration files is the same on all platforms.
-However, to match the different policies for Unix and Windows platforms,
-different folders are used for these files.
 
-[[AppFilesTabFolders]]
-.Configuration files and folders overview
-[options="header"]
-|===============
-|File/Folder|Description|Unix/Linux folders|Windows folders
-|_preferences_|Settings from the Preferences dialog box.|/etc/wireshark.conf, $XDG_CONFIG_HOME/wireshark/preferences|%WIRESHARK%\wireshark.conf, %APPDATA%\Wireshark\preferences
-|_recent_|Recent GUI settings (e.g. recent files lists).|$XDG_CONFIG_HOME/wireshark/recent|%APPDATA%\Wireshark\recent
-|_cfilters_|Capture filters.|$XDG_CONFIG_HOME/wireshark/cfilters|%WIRESHARK%\cfilters, %APPDATA%\Wireshark\cfilters
-|_dfilters_|Display filters.|$XDG_CONFIG_HOME/wireshark/dfilters|%WIRESHARK%\dfilters, %APPDATA%\Wireshark\dfilters
-|_colorfilters_|Coloring rules.|$XDG_CONFIG_HOME/wireshark/colorfilters|%WIRESHARK%\colorfilters, %APPDATA%\Wireshark\colorfilters
-|_$$disabled_protos$$_|Disabled protocols.|$XDG_CONFIG_HOME/wireshark/disabled_protos|%WIRESHARK%\disabled_protos, %APPDATA%\Wireshark\disabled_protos
-|_ethers_|Ethernet name resolution.|/etc/ethers, $XDG_CONFIG_HOME/wireshark/ethers|%WIRESHARK%\ethers, %APPDATA%\Wireshark\ethers
-|_manuf_|Ethernet name resolution.|/etc/manuf, $XDG_CONFIG_HOME/wireshark/manuf|%WIRESHARK%\manuf, %APPDATA%\Wireshark\manuf
-|_hosts_|IPv4 and IPv6 name resolution.|/etc/hosts, $XDG_CONFIG_HOME/wireshark/hosts|%WIRESHARK%\hosts, %APPDATA%\Wireshark\hosts
-|_services_|Network services.|/etc/services, $XDG_CONFIG_HOME/wireshark/services|%WIRESHARK%\services, %APPDATA%\Wireshark\services
-|_subnets_|IPv4 subnet name resolution.|/etc/subnets, $XDG_CONFIG_HOME/wireshark/subnets|%WIRESHARK%\subnets, %APPDATA%\Wireshark\subnets
-|_ipxnets_|IPX name resolution.|/etc/ipxnets, $XDG_CONFIG_HOME/wireshark/ipxnets|%WIRESHARK%\ipxnets, %APPDATA%\Wireshark\ipxnets
-|_vlans_|VLAN ID name resolution.|$XDG_CONFIG_HOME/wireshark/vlans|%APPDATA%\Wireshark\vlans
-|_plugins_|Plugin directories.|/usr/share/wireshark/plugins, /usr/local/share/wireshark/plugins, $XDG_CONFIG_HOME/wireshark/plugins|%WIRESHARK%\plugins\<version>,%APPDATA%\Wireshark\plugins
-|_temp_|Temporary files.|Environment: TMPDIR|Environment: TMPDIR or TEMP
-|===============
+On Windows:
 
-[float]
-===== Windows folders
-%APPDATA% points to the personal configuration folder, e.g.: _C:\Documents and
-Settings\<username>\Application Data_ (details can be found at:
-<<ChWindowsProfiles>>),
+* The personal configuration folder for Wireshark is the
+`Wireshark` sub-folder of that folder, i.e. _APPDATA_`\Wireshark`.
+
+* The global configuration folder for Wireshark is the Wireshark program
+folder and is also used as the system configuration folder.
+
+On Unix-like systems:
+
+* The personal configuration folder is
+__XDG_CONFIG_HOME__++/wireshark++.  For backwards compatibility with
+Wireshark before 2.2, if __XDG_CONFIG_HOME__++/wireshark++ does not
+exist and $HOME++/.wireshark++ is present, then the latter will be used.
 
-%WIRESHARK% points to the Wireshark program folder, e.g.: _C:\Program
-Files\Wireshark_
+* If you are using macOS and you are running a copy of Wireshark
+installed as an application bundle, the global configuration folder is
+__APPDIR__++/Contents/Resources/share/wireshark++.  Otherwise, the
+global configuration folder is __INSTALLDIR__++/share/wireshark++.
+
+* The `/etc` folder is the system configuration folder.  The folder
+actually used on your system may vary, maybe something like:
+`/usr/local/etc`.
 
 [float]
-===== Unix/Linux folders
-The _/etc_ folder is the global Wireshark configuration folder. The folder
-actually used on your system may vary, maybe something like: _/usr/local/etc_.
 
-$XDG_CONFIG_HOME/wireshark usually expands to $HOME/.config/wireshark and
-$HOME is usually something like: _/home/<username>_.
-For backwards compatibility with Wireshark before 2.2, if
-$XDG_CONFIG_HOME/wireshark does not exist and $HOME/.wireshark is present, then
-the latter will be used.
+[[AppFilesTabFolders]]
+.Configuration files overview
+[options="header"]
+|===============
+|File/Folder|Description
+|_preferences_|Settings from the Preferences dialog box.
+|_recent_|Recent GUI settings (e.g. recent files lists).
+|_cfilters_|Capture filters.
+|_dfilters_|Display filters.
+|_colorfilters_|Coloring rules.
+|_$$disabled_protos$$_|Disabled protocols.
+|_ethers_|Ethernet name resolution.
+|_manuf_|Ethernet name resolution.
+|_hosts_|IPv4 and IPv6 name resolution.
+|_services_|Network services.
+|_subnets_|IPv4 subnet name resolution.
+|_ipxnets_|IPX name resolution.
+|_vlans_|VLAN ID name resolution.
+|===============
 
 [float]
 ===== File contents
 
-_preferences/wireshark.conf_::
+_preferences_::
 This file contains your Wireshark preferences, including defaults for capturing
 and displaying packets. It is a simple text file containing statements of the
 form:
@@ -150,8 +191,14 @@ form:
 variable: value
 ----
 
-The settings from this file are read in at program start and written to disk
-when you press the Save button in the ``Preferences'' dialog box.
+At program start, if there is a _preferences_ file in the global
+configuration folder, it is read first.  Then, if there is a
+_preferences_ file in the personal configuration folder, that is read;
+if there is a preference set in both files, the setting in the personal
+preferences file overrides the setting in the global preference file.
+
+If you press the Save button in the ``Preferences'' dialog box, all the
+current settings are written to the personal preferences file.
 --
 
 _recent_::
@@ -176,8 +223,14 @@ consists of one or more lines, where each line has the following format:
 "<filter name>" <filter string>
 ----
 
-The settings from this file are read in at program start and written to disk
-when you press the Save button in the ``Capture Filters'' dialog box.
+At program start, if there is a _cfilters_ file in the personal
+configuration folder, it is read.  If there isn't a _cfilters_ file in
+the personal configuration folder, then, if there is a _cfilters_ file
+in the global configuration folder, it is read.
+
+When you press the Save button in the ``Capture Filters'' dialog box,
+all the current capture filters are written to the personal capture
+filters file.
 --
 
 _dfilters_::
@@ -189,8 +242,14 @@ consists of one or more lines, where each line has the following format:
 "<filter name>" <filter string>
 ----
 
-The settings from this file are read in at program start and written to disk
-when you press the Save button in the ``Display Filters'' dialog box.
+At program start, if there is a _dfilters_ file in the personal
+configuration folder, it is read.  If there isn't a _dfilters_ file in
+the personal configuration folder, then, if there is a _dfilters_ file
+in the global configuration folder, it is read.
+
+When you press the Save button in the ``Display Filters'' dialog box,
+all the current capture filters are written to the personal display
+filters file.
 --
 
 _colorfilters_::
@@ -202,8 +261,14 @@ consists of one or more lines, where each line has the following format:
 @<filter name>@<filter string>@[<bg RGB(16-bit)>][<fg RGB(16-bit)>]
 ----
 
-The settings from this file are read in at program start and written to disk
-when you press the Save button in the ``Coloring Rules'' dialog box.
+At program start, if there is a _colorfilters_ file in the personal
+configuration folder, it is read.  If there isn't a _colorfilters_ file
+in the personal configuration folder, then, if there is a _colorfilters_
+file in the global configuration folder, it is read.
+
+Wwhen you press the Save button in the ``Coloring Rules'' dialog box,
+all the current color filters are written to the personal color filters
+file.
 --
 
 _$$disabled_protos$$_::
@@ -216,14 +281,23 @@ tcp
 udp
 ----
 
-The settings from this file are read in at program start and written to disk
-when you press the Save button in the ``Enabled Protocols'' dialog box.
+At program start, if there is a _$$disabled_protos$$_ file in the global
+configuration folder, it is read first.  Then, if there is a
+_$$disabled_protos$$_ file in the personal configuration folder, that is
+read; if there is an entry for a protocol set in both files, the setting
+in the personal disabled protocols file overrides the setting in the
+global disabled protocols file.
+
+When you press the Save button in the ``Enabled Protocols'' dialog box,
+the current set of disabled protocols is written to the personal
+disabled protocols file.
 --
 
 _ethers_::
-When Wireshark is trying to translate Ethernet hardware addresses to names, it
-consults the files listed in <<AppFilesTabFolders>>. If an address is not found
-in /etc/ethers, Wireshark looks in $XDG_CONFIG_HOME/wireshark/ethers
+When Wireshark is trying to translate an hardware MAC address to
+a name, it consults the _ethers_ file in the personal configuration
+folder first.  If the address is not found in that file, Wireshark
+consults the _ethers_ file in the system configuration folder.
 +
 --
 Each line in these files consists of one hardware address and name separated by
@@ -236,14 +310,17 @@ c0-00-ff-ff-ff-ff    TR_broadcast
 00.2b.08.93.4b.a1    Freds_machine
 ----
 
-The settings from this file are read in at program start and never written by
-Wireshark.
+The settings from this file are read in when a MAC address is to be
+translated to a name, and never written by Wireshark.
 --
 
 _manuf_::
-Wireshark uses the files listed in <<AppFilesTabFolders>> to translate the first
-three bytes of an Ethernet address into a manufacturers name. This file has the
-same format as the ethers file, except addresses are three bytes long.
+At program start, if there is a _manuf_ file in the global
+configuration folder, it is read.
++
+The entries in this file are used to translate the first three bytes of
+an Ethernet address into a manufacturers name.  This file has the same
+format as the ethers file, except addresses are three bytes long.
 +
 --
 An example is:
@@ -257,11 +334,17 @@ Wireshark.
 --
 
 _hosts_::
-Wireshark uses the files listed in <<AppFilesTabFolders>> to translate IPv4 and
+Wireshark uses the entries in the _hosts_ files to translate IPv4 and
 IPv6 addresses into names.
 +
+At program start, if there is a _hosts_ file in the global configuration
+folder, it is read first.  Then, if there is a _hosts_ file in the
+personal configuration folder, that is read; if there is an entry for a
+given IP address in both files, the setting in the personal hosts file
+overrides the entry in the global hosts file.
++
 --
-This file has the same format as the usual /etc/hosts file on Unix systems.
+This file has the same format as the usual `/etc/hosts` file on Unix systems.
 
 An example is:
 
@@ -275,8 +358,13 @@ Wireshark.
 --
 
 _services_::
-Wireshark uses the files listed in <<AppFilesTabFolders>> to translate port
-numbers into names.
+Wireshark uses the _services_ files to translate port numbers into names.
++
+At program start, if there is a _services_ file in the global
+configuration folder, it is read first.  Then, if there is a _services_
+file in the personal configuration folder, that is read; if there is an
+entry for a given port number in both files, the setting in the personal
+hosts file overrides the entry in the global hosts file.
 +
 --
 An example is:
@@ -286,20 +374,27 @@ mydns       5045/udp     # My own Domain Name Server
 mydns       5045/tcp     # My own Domain Name Server
 ----
 
-The settings from this file are read in at program start and never written by
-Wireshark.
+The settings from these files are read in at program start and never
+written by Wireshark.
 --
 
 _subnets_::
-Wireshark uses the files listed in <<AppFilesTabFolders>> to translate an IPv4
-address into a subnet name. If no exact match from the hosts file or from DNS is
-found, Wireshark will attempt a partial match for the subnet of the address.
+Wireshark uses the __subnets__ files to translate an IPv4 address into a
+subnet name.  If no exact match from a __hosts__ file or from DNS is
+found, Wireshark will attempt a partial match for the subnet of the
+address.
++
+At program start, if there is a _subnets_ file in the personal
+configuration folder, it is read first.  Then, if there is a _subnets_
+file in the global configuration folder, that is read; if there is a
+preference set in both files, the setting in the global preferences file
+overrides the setting in the personal preference file.
 +
 --
-Each line of this file consists of an IPv4 address, a subnet mask length
-separated only by a '/' and a name separated by whitespace. While the address
-must be a full IPv4 address, any values beyond the mask length are subsequently
-ignored.
+Each line in one of these files consists of an IPv4 address, a subnet
+mask length separated only by a '/' and a name separated by whitespace. 
+While the address must be a full IPv4 address, any values beyond the
+mask length are subsequently ignored.
 
 An example is:
 ----
@@ -312,12 +407,15 @@ For example, ``192.168.0.1'' under the subnet above would be printed as
 ``ws_test_network.1"; if the mask length above had been 16 rather than 24, the
 printed address would be ``ws_test_network.0.1''.
 
-The settings from this file are read in at program start and never written by
-Wireshark.
+The settings from these files are read in at program start and never
+written by Wireshark.
 --
 
 _ipxnets_::
-Wireshark uses the files listed in <<AppFilesTabFolders>> to translate IPX network numbers into names.
+When Wireshark is trying to translate an IPX network number to
+a name, it consults the _ipxnets_ file in the personal configuration
+folder first.  If the address is not found in that file, Wireshark
+consults the _ipxnets_ file in the system configuration folder.
 +
 --
 
@@ -329,12 +427,15 @@ c0-a8-1c-00      CEO
 110f             FileServer3
 ----
 
-The settings from this file are read in at program start and never written by
-Wireshark.
+The settings from this file are read in when an IPX network number is to
+be translated to a name, and never written by Wireshark.
 --
 
 _vlans_::
-Wireshark uses the files listed in <<AppFilesTabFolders>> to translate VLAN tag IDs into names.
+Wireshark uses the _vlans_ file to translate VLAN tag IDs into names.
++
+At program start, if there is a _vlans_ file in the personal
+configuration folder, it is read.
 +
 --
 Each line in this file consists of one VLAN tag ID and a describing name separated by whitespace or tab.
@@ -349,14 +450,6 @@ The settings from this file are read in at program start and never written by
 Wireshark.
 --
 
-_plugins_ folder::
-Wireshark searches for plugins in the directories listed in
-<<AppFilesTabFolders>>. They are searched in the order listed.
-
-_temp_ folder::
-If you start a new capture and don't specify a filename for it, Wireshark uses
-this directory to store that file; see <<ChCapCaptureFiles>>.
-
 [[ChProtocolHelp]]
 
 ==== Protocol help configuration
@@ -415,7 +508,7 @@ location template. If ${PATH} isn't present in the location template the value
 will be appended to the location.
 
 Suppose the file
-_$$C:\Users\sam.clemens\AppData\Roaming\Wireshark\protocol_help\wikipedia.ini$$_
+`C:\Users\sam.clemens\AppData\Roaming\Wireshark\protocol_help\wikipedia.ini`
 contains the following:
 ----
 
@@ -479,6 +572,37 @@ Source port=Transmission_Control_Protocol#TCP_ports
 
 ----
 
+[[ChPluginFolders]]
+
+=== Plugin folders
+
+Wireshark supports plugins for various purposes.  Plugins can either be
+scripts written in Lua or code written in C or C++ and compiled to
+machine code.
+
+Wireshark looks for plugins in both a personal plugin folder and a
+global plugin folder.  Lua plugins are stored in the plugin folders;
+compiled plugins are stored in subfolders of the plugin folders, with
+the subfolder name being the Wireshark version number.
+
+On Windows:
+
+* The personal plugin folder is _APPDATA_`\Wireshark\plugins`.
+
+* The global plugin folder is _WIRESHARK_`\plugins`.
+
+On Unix-like systems:
+
+* The personal plugin folder is
+__XDG_CONFIG_HOME__++/wireshark/plugins++ or, if
+__XDG_CONFIG_HOME__++/wireshark++ does not exist and
+$HOME++/.wireshark++ is present, $HOME++/.wireshark/plugins++. 
+
+* If you are running on macOS and Wireshark is installed as an
+application bundle, the global plugin folder is
+_APPDIR_`/Contents/PlugIns/wireshark`, otherwise it's
+_INSTALLDIR_`/share/wireshark/plugins`.
+
 [[ChWindowsFolder]]
 
 === Windows folders
@@ -507,28 +631,24 @@ former location. The defaults mentioned here might not apply.
 The following guides you to the right place where to look for Wireshark's
 profile data.
 
-Windows 8, Windows 7, Windows Vista, and associated server editions::
-_C:\Users\<username>\AppData\Roaming\Wireshark_
-
-Windows XP and Windows Server 2003 footnoteref:[historical,No longer supported by Wireshark. For historical reference only.]::
-_C:\Documents and Settings\<username>\Application Data_. ``Documents and
-Settings'' and ``Application Data'' might be internationalized.
+Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Vista, and associated server editions::
+++C:\Users\++__username__++\AppData\Roaming\Wireshark++.
 
-Windows 2000 footnoteref:[historical]::
-_C:\Documents and Settings\<username>\Application Data_. ``Documents and
+Windows XP, Windows Server 2003, and Windows 2000 footnoteref:[historical,No longer supported by Wireshark. For historical reference only.]::
+++C:\Documents and Settings\++__username__++\Application Data++. ``Documents and
 Settings'' and ``Application Data'' might be internationalized.
 
 Windows NT 4 footnoteref:[historical]::
-_C:\WINNT\Profiles\<username>\Application Data\Wireshark_
+++C:\WINNT\Profiles\++__username__++\Application Data\Wireshark++
 
 Windows ME, Windows 98 with user profiles footnoteref:[historical]::
 In Windows ME and 98 you could enable separate user profiles. In that case,
-something like _C:\windows\Profiles\<username>\Application Data\Wireshark_
+something like ++C:\windows\Profiles\++__username__++\Application Data\Wireshark++
 is used.
 
 Windows ME, Windows 98 without user profiles footnoteref:[historical]::
 Without user profiles enabled the default location for all users was
-_C:\windows\Application Data\Wireshark_
+++C:\windows\Application Data\Wireshark++.
 
 [[ChWindowsRoamingProfiles]]
 
@@ -540,7 +660,7 @@ They will be stored on the domain server instead.
 
 Your settings will travel with you from computer to computer with one exception.
 The ``Local Settings'' folder in your profile data (typically something like:
-__C:\Documents and Settings\<username>\Local Settings__) will not be
+++C:\Documents and Settings\++__username__++\Local Settings++) will not be
 transferred to the domain server. This is the default for temporary capture
 files.
 
@@ -551,14 +671,14 @@ files.
 Wireshark uses the folder which is set by the TMPDIR or TEMP environment
 variable. This variable will be set by the Windows installer.
 
-Windows 8, Windows 7, Windows Vista, and associated server editions::
-_C:\Users\<username>\AppData\Local\Temp_
+Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Vista, and associated server editions::
+++C:\Users\++__username__++\AppData\Local\Temp++
 
 Windows XP, Windows Server 2003, Windows 2000 footnoteref:[historical]::
-_C:\Documents and Settings\<username>\Local Settings\Temp_
+++C:\Documents and Settings\++__username__++\Local Settings\Temp++
 
 Windows NT footnoteref:[historical]::
-_C:\TEMP_
+++C:\TEMP++
 
 ++++++++++++++++++++++++++++++++++++++
 <!-- End of WSUG Appendix Files -->