335 files changed, 5801 insertions, 5532 deletions

diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt
index 674554fe..0256d0d8 100644
--- a/doc/CMakeLists.txt
+++ b/doc/CMakeLists.txt
@@ -9,6 +9,13 @@
 
 find_package( Asciidoctor 1.5 )
 
+function(set_doc_target_properties _target)
+	set_target_properties(${_target} PROPERTIES
+		FOLDER "Documentation"
+		EXCLUDE_FROM_DEFAULT_BUILD True
+		)
+endfunction()
+
 set(MAN1_SOURCE_FILES)
 set(MAN4_SOURCE_FILES)
 set(MAN1_INSTALL_FILES)
@@ -17,14 +24,14 @@ set(HTML_INSTALL_FILES)
 
 macro (ADD_MAN_PAGE _page_name _man_section)
 	if(ASCIIDOCTOR_FOUND)
-		list(APPEND HTML_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/${_page_name}.html)
+		list(APPEND HTML_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/man_pages/${_page_name}.html)
 
 		if (${_man_section} EQUAL 1)
-			list(APPEND MAN1_SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/${_page_name}.adoc)
-			list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/${_page_name}.${_man_section})
+			list(APPEND MAN1_SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/man_pages/${_page_name}.adoc)
+			list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/man_pages/${_page_name}.${_man_section})
 		elseif (${_man_section} EQUAL 4)
-			list(APPEND MAN4_SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/${_page_name}.adoc)
-			list(APPEND MAN4_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/${_page_name}.${_man_section})
+			list(APPEND MAN4_SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/man_pages/${_page_name}.adoc)
+			list(APPEND MAN4_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/man_pages/${_page_name}.${_man_section})
 		else()
 			message(FATAL_ERROR "Unsupported manual page section ${_man_section} for ${_page_name}")
 		endif()
@@ -82,16 +89,17 @@ set(WIRESHARK_BUNDLE_RESOURCE_SHARE_MAN4_FILES ${MAN4_INSTALL_FILES} PARENT_SCOP
 set(LOGRAY_BUNDLE_RESOURCE_SHARE_MAN1_FILES ${WIRESHARK_BUNDLE_RESOURCE_SHARE_MAN1_FILES} PARENT_SCOPE)
 set(LOGRAY_BUNDLE_RESOURCE_SHARE_MAN4_FILES ${WIRESHARK_BUNDLE_RESOURCE_SHARE_MAN4_FILES} PARENT_SCOPE)
 
-set(MAN_INCLUDES diagnostic-options.adoc dissection-options.adoc)
+set(MAN_INCLUDES man_pages/diagnostic-options.adoc man_pages/dissection-options.adoc man_pages/files.adoc)
 
 if(ASCIIDOCTOR_FOUND)
 	ASCIIDOCTOR2ROFFMAN(1 ${MAN1_SOURCE_FILES})
 	ASCIIDOCTOR2ROFFMAN(4 ${MAN4_SOURCE_FILES})
 	ASCIIDOCTOR2HTMLMAN(${MAN1_SOURCE_FILES} ${MAN4_SOURCE_FILES})
 
-	add_custom_target(manpages DEPENDS
-		${MAN1_INSTALL_FILES}
-		${MAN4_INSTALL_FILES}
+	add_custom_target(manpages
+		DEPENDS
+			${MAN1_INSTALL_FILES}
+			${MAN4_INSTALL_FILES}
 	)
 	set_target_properties(manpages PROPERTIES FOLDER "Documentation")
 endif()
@@ -100,18 +108,19 @@ if(ASCIIDOCTOR_FOUND)
 	ASCIIDOCTOR2HTML(release-notes.adoc)
 	ASCIIDOCTOR2TXT(release-notes.adoc)
 
-	list(APPEND HTML_INSTALL_FILES "${CMAKE_CURRENT_BINARY_DIR}/release-notes.html")
-
 	add_custom_target(release_notes_html
 		DEPENDS
 			${CMAKE_CURRENT_BINARY_DIR}/release-notes.html
 	)
 	set_target_properties(release_notes_html PROPERTIES FOLDER "Documentation")
+
 	add_custom_target(release_notes_txt
 		DEPENDS
 			${CMAKE_CURRENT_BINARY_DIR}/release-notes.txt
+			release_notes_html
 	)
 	set_target_properties(release_notes_txt PROPERTIES FOLDER "Documentation")
+
 	add_custom_target(release_notes
 		DEPENDS
 			release_notes_html
@@ -119,26 +128,24 @@ if(ASCIIDOCTOR_FOUND)
 	)
 	set_target_properties(release_notes PROPERTIES FOLDER "Documentation")
 
-	add_custom_target(news
-		COMMAND ${CMAKE_COMMAND} -E copy_if_different
-			${CMAKE_CURRENT_BINARY_DIR}/release-notes.txt
-			${CMAKE_SOURCE_DIR}/NEWS
-		DEPENDS
-			release_notes_txt
-	)
-	set_target_properties(news PROPERTIES FOLDER "Documentation")
+	ASCIIDOCTOR2HTML(faq.adoc)
+	add_custom_target(faq_html DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/faq.html)
+	set_doc_target_properties(faq_html)
+
+	add_custom_target(faq DEPENDS faq_html)
+	set_doc_target_properties(faq)
 endif()
 
-add_custom_target(
-	docs ALL
+
+add_custom_target(docs
 	DEPENDS
-		${MAN1_INSTALL_FILES}
-		${MAN4_INSTALL_FILES}
 		${HTML_INSTALL_FILES}
 )
 set_target_properties(docs PROPERTIES FOLDER "Documentation")
 
 if(ASCIIDOCTOR_FOUND)
+	add_dependencies(docs manpages release_notes_html)
+
 	install(
 		FILES
 			${MAN1_INSTALL_FILES}
@@ -152,15 +159,470 @@ if(ASCIIDOCTOR_FOUND)
 		DESTINATION
 			${CMAKE_INSTALL_MANDIR}/man4
 	)
+
+
+	install(
+		FILES
+			${HTML_INSTALL_FILES}
+			${CMAKE_CURRENT_BINARY_DIR}/release-notes.html
+		DESTINATION
+			${CMAKE_INSTALL_DOCDIR}
+		COMPONENT "ReleaseNotes"
+	)
 endif()
 
-install(
-	FILES
-		${HTML_INSTALL_FILES}
-	DESTINATION
-		${CMAKE_INSTALL_DOCDIR}
+#
+# Wireshark User's and Developer's Guides
+#
+
+set(COMMON_GUIDE_FILES
+	common_src/gpl_appendix.adoc
+	common_src/typographic_conventions.adoc
+)
+
+set(WSUG_TITLE "Wireshark User's Guide")
+
+set(WSUG_FILES
+	wsug_src/wsug_advanced.adoc
+	wsug_src/wsug_build_install.adoc
+	wsug_src/wsug_capture.adoc
+	wsug_src/wsug_customize.adoc
+	wsug_src/wsug_files.adoc
+	wsug_src/wsug_howitworks.adoc
+	wsug_src/wsug_introduction.adoc
+	wsug_src/wsug_io.adoc
+	wsug_src/wsug_mate.adoc
+	wsug_src/wsug_messages.adoc
+	wsug_src/wsug_preface.adoc
+	wsug_src/wsug_protocols.adoc
+	wsug_src/wsug_statistics.adoc
+	wsug_src/wsug_telephony.adoc
+	wsug_src/wsug_tools.adoc
+	wsug_src/wsug_troubleshoot.adoc
+	wsug_src/wsug_use.adoc
+	wsug_src/wsug_work.adoc
+	wsug_src/capinfos-h.txt
+	wsug_src/dumpcap-h.txt
+	wsug_src/editcap-F.txt
+	wsug_src/editcap-T.txt
+	wsug_src/editcap-h.txt
+	wsug_src/mergecap-h.txt
+	wsug_src/rawshark-h.txt
+	wsug_src/reordercap-h.txt
+	wsug_src/text2pcap-h.txt
+	wsug_src/tshark-h.txt
+	wsug_src/wireshark-h.txt
+	${COMMON_GUIDE_FILES}
+)
+
+# Note: Images should be minimized using tools/compress-pngs.py.
+set(WSUG_GRAPHICS
+	wsug_src/images/caution.svg
+	wsug_src/images/important.svg
+	wsug_src/images/note.svg
+	wsug_src/images/related-ack.png
+	wsug_src/images/related-current.png
+	wsug_src/images/related-dup-ack.png
+	wsug_src/images/related-first.png
+	wsug_src/images/related-last.png
+	wsug_src/images/related-other.png
+	wsug_src/images/related-request.png
+	wsug_src/images/related-response.png
+	wsug_src/images/related-segment.png
+	wsug_src/images/tip.svg
+	wsug_src/images/toolbar/document-open.png
+	wsug_src/images/toolbar/edit-find.png
+	wsug_src/images/toolbar/filter-toolbar-add.png
+	wsug_src/images/toolbar/filter-toolbar-apply.png
+	wsug_src/images/toolbar/filter-toolbar-bookmark.png
+	wsug_src/images/toolbar/filter-toolbar-clear.png
+	wsug_src/images/toolbar/filter-toolbar-input.png
+	wsug_src/images/toolbar/filter-toolbar-recent.png
+	wsug_src/images/toolbar/go-first.png
+	wsug_src/images/toolbar/go-jump.png
+	wsug_src/images/toolbar/go-last.png
+	wsug_src/images/toolbar/go-next.png
+	wsug_src/images/toolbar/go-previous.png
+	wsug_src/images/toolbar/x-capture-file-close.png
+	wsug_src/images/toolbar/x-capture-file-reload.png
+	wsug_src/images/toolbar/x-capture-file-save.png
+	wsug_src/images/toolbar/x-capture-options.png
+	wsug_src/images/toolbar/x-capture-restart.png
+	wsug_src/images/toolbar/x-capture-start.png
+	wsug_src/images/toolbar/x-capture-stop.png
+	wsug_src/images/toolbar/x-colorize-packets.png
+	wsug_src/images/toolbar/x-resize-columns.png
+	wsug_src/images/toolbar/x-stay-last.png
+	wsug_src/images/toolbar/zoom-in.png
+	wsug_src/images/toolbar/zoom-original.png
+	wsug_src/images/toolbar/zoom-out.png
+	wsug_src/images/warning.svg
+	wsug_src/images/ws-about-codecs.png
+	wsug_src/images/ws-analyze-menu.png
+	wsug_src/images/ws-bytes-pane-popup-menu.png
+	wsug_src/images/ws-bytes-pane-tabs.png
+	wsug_src/images/ws-bytes-pane.png
+	wsug_src/images/ws-capture-file-properties.png
+	wsug_src/images/ws-capture-info.png
+	wsug_src/images/ws-capture-interfaces-main-macos.png
+	wsug_src/images/ws-capture-interfaces-main-win32.png
+	wsug_src/images/ws-capture-menu.png
+	wsug_src/images/ws-capture-options-compile-selected-bpfs.png
+	wsug_src/images/ws-capture-options-options.png
+	wsug_src/images/ws-capture-options-output.png
+	wsug_src/images/ws-capture-options-output.png
+	wsug_src/images/ws-capture-options.png
+	wsug_src/images/ws-choose-color-rule.png
+	wsug_src/images/ws-coloring-fields.png
+	wsug_src/images/ws-coloring-rules-dialog.png
+	wsug_src/images/ws-column-header-popup-menu.png
+	wsug_src/images/ws-decode-as.png
+	wsug_src/images/ws-details-pane-popup-menu.png
+	wsug_src/images/ws-details-pane.png
+	wsug_src/images/ws-diagram-pane-popup-menu.png
+	wsug_src/images/ws-diagram-pane.png
+	wsug_src/images/ws-display-filter-tcp.png # GTK+
+	wsug_src/images/ws-edit-menu.png
+	wsug_src/images/ws-enabled-protocols.png
+	wsug_src/images/ws-expert-colored-tree.png
+	wsug_src/images/ws-expert-column.png
+	wsug_src/images/ws-expert-information.png
+	wsug_src/images/ws-export-objects.png
+	wsug_src/images/ws-export-packet-dissections.png
+	wsug_src/images/ws-export-selected.png
+	wsug_src/images/ws-export-specified-packets.png
+	wsug_src/images/ws-file-import.png
+	wsug_src/images/ws-file-menu.png
+	wsug_src/images/ws-file-set-dialog.png # GTK+
+	wsug_src/images/ws-filter-add-expression.png # GTK+
+	wsug_src/images/ws-filter-toolbar.png
+	wsug_src/images/ws-filters.png # GTK+
+	wsug_src/images/ws-find-packet.png
+	wsug_src/images/ws-follow-http2-stream.png
+	wsug_src/images/ws-follow-sip-stream.png
+	wsug_src/images/ws-follow-stream.png
+	wsug_src/images/ws-go-menu.png
+	wsug_src/images/ws-goto-packet.png
+	wsug_src/images/ws-help-menu.png
+	wsug_src/images/ws-list-pane.png # Outdated
+	wsug_src/images/ws-main-toolbar.png
+	wsug_src/images/ws-main.png
+	wsug_src/images/ws-manage-interfaces.png
+	wsug_src/images/ws-mate-analysis.png
+	wsug_src/images/ws-mate-dns_pane.png
+	wsug_src/images/ws-mate-dns_pdu.png
+	wsug_src/images/ws-mate-ftp_over_gre.png
+	wsug_src/images/ws-mate-gop_analysis.png
+	wsug_src/images/ws-mate-isup_over_mtp3_over_ip.png
+	wsug_src/images/ws-mate-mmse_over_http.png
+	wsug_src/images/ws-mate-pdu_analysis.png
+	wsug_src/images/ws-mate-tcp-output.png
+	wsug_src/images/ws-mate-transform.png
+	wsug_src/images/ws-menu.png
+	wsug_src/images/ws-merge-qt5.png
+	wsug_src/images/ws-merge-win32.png
+	wsug_src/images/ws-open-qt5.png
+	wsug_src/images/ws-open-win32.png
+	wsug_src/images/ws-packet-format.png
+	wsug_src/images/ws-packet-pane-popup-menu.png
+	wsug_src/images/ws-packet-range.png
+	wsug_src/images/ws-packet-selected.png
+	wsug_src/images/ws-packet-sep-win.png
+	wsug_src/images/ws-pref-advanced.png
+	wsug_src/images/ws-pref-appearance-columns.png
+	wsug_src/images/ws-pref-appearance-fonts-and-colors.png
+	wsug_src/images/ws-pref-appearance-layout.png
+	wsug_src/images/ws-pref-appearance.png
+	wsug_src/images/ws-pref-capture.png
+	wsug_src/images/ws-pref-expert.png
+	wsug_src/images/ws-pref-filter-buttons.png
+	wsug_src/images/ws-pref-name-resolution.png
+	wsug_src/images/ws-pref-protocols.png
+	wsug_src/images/ws-pref-rsa-keys.png
+	wsug_src/images/ws-pref-statistics.png
+	wsug_src/images/ws-print.png
+	wsug_src/images/ws-save-as-qt5.png
+	wsug_src/images/ws-save-as-win32.png
+	wsug_src/images/ws-statistics-menu.png
+	wsug_src/images/ws-stats-conversations.png
+	wsug_src/images/ws-stats-endpoints.png
+	wsug_src/images/ws-stats-hierarchy.png
+	wsug_src/images/ws-stats-iographs.png
+	wsug_src/images/ws-stats-lte-mac-traffic.png
+	wsug_src/images/ws-stats-lte-rlc-traffic.png
+	wsug_src/images/ws-stats-packet-lengths.png
+	wsug_src/images/ws-stats-srt-smb2.png
+	wsug_src/images/ws-stats-wlan-traffic.png # GTK+
+	wsug_src/images/ws-statusbar-empty.png
+	wsug_src/images/ws-statusbar-filter.png
+	wsug_src/images/ws-statusbar-loaded.png
+	wsug_src/images/ws-statusbar-profile.png
+	wsug_src/images/ws-statusbar-selected.png
+	wsug_src/images/ws-tcp-analysis.png
+	wsug_src/images/ws-tel-playlist.png
+	wsug_src/images/ws-tel-rtp-player_1.png
+	wsug_src/images/ws-tel-rtp-player_2.png
+	wsug_src/images/ws-tel-rtp-player_3.png
+	wsug_src/images/ws-tel-rtp-player_button.png
+	wsug_src/images/ws-tel-rtp-streams.png
+	wsug_src/images/ws-tel-rtpstream-analysis_1.png
+	wsug_src/images/ws-tel-rtpstream-analysis_2.png
+	wsug_src/images/ws-tel-rtpstream-analysis_3.png
+	wsug_src/images/ws-tel-seq-dialog.png
+	wsug_src/images/ws-tel-voip-calls.png
+	wsug_src/images/ws-telephony-menu.png
+	wsug_src/images/ws-time-reference.png # GTK+
+	wsug_src/images/ws-tools-menu.png
+	wsug_src/images/ws-view-menu.png
+)
+
+set(WSDG_TITLE "Wireshark Developer's Guide")
+
+set(WSDG_FILES
+	wsdg_src/wsdg_asn2wrs.adoc
+	wsdg_src/wsdg_build_intro.adoc
+	wsdg_src/wsdg_capture.adoc
+	wsdg_src/wsdg_dissection.adoc
+	wsdg_src/wsdg_env_intro.adoc
+	wsdg_src/wsdg_libraries.adoc
+	wsdg_src/wsdg_lua_support.adoc
+	wsdg_src/wsdg_preface.adoc
+	wsdg_src/wsdg_quick_setup.adoc
+	wsdg_src/wsdg_sources.adoc
+	wsdg_src/wsdg_tests.adoc
+	wsdg_src/wsdg_tools.adoc
+	wsdg_src/wsdg_userinterface.adoc
+	wsdg_src/wsdg_works.adoc
+	${COMMON_GUIDE_FILES}
+)
+
+set(WSDG_GRAPHICS
+	wsdg_src/images/caution.svg
+	wsdg_src/images/git-triangular-workflow.gv
+	wsdg_src/images/git-triangular-workflow.svg
+	wsdg_src/images/important.svg
+	wsdg_src/images/note.svg
+	wsdg_src/images/tip.svg
+	wsdg_src/images/warning.svg
+	wsdg_src/images/ws-capture_internals.dia
+	wsdg_src/images/ws-capture_internals.png
+	wsdg_src/images/ws-capture-sync.dia
+	wsdg_src/images/ws-capture-sync.png
+	wsdg_src/images/ws-capture-sync.png
+	wsdg_src/images/ws-function-blocks.dia
+	wsdg_src/images/ws-function-blocks.svg
+	wsdg_src/images/ws-logo.png
 )
 
+set(WSUG_SOURCE
+	${WSUG_FILES}
+	${WSUG_GRAPHICS}
+)
+
+set(WSDG_SOURCE
+	${WSDG_FILES}
+	${WSDG_GRAPHICS}
+)
+
+# Note: file order here MATTERS!
+# new WSLUA_MODULE files must come right before any WSLUA_CONTINUE_MODULE
+# files for the same module
+set(WSLUA_MODULES
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_dumper.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_field.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_gui.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_int64.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_listener.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_pinfo.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_address.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_column.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_nstime.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_proto.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_dissector.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_pref.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_proto_expert.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_proto_field.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_tree.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_tvb.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_byte_array.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_file.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_file_handler.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_frame_info.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_capture_info.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_dir.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_wtap.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_utility.c
+	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_struct.c
+)
+
+# Empty file to trigger wsluarm generation.
+ADD_CUSTOM_COMMAND(
+	OUTPUT
+		wsluarm
+	COMMAND ${CMAKE_COMMAND} -E make_directory wsluarm_src
+	COMMAND ${Python3_EXECUTABLE}
+		${CMAKE_SOURCE_DIR}/tools/make-wsluarm.py
+		--output-directory wsluarm_src
+		${WSLUA_MODULES}
+	COMMAND ${CMAKE_COMMAND} -E touch
+		wsluarm
+	DEPENDS
+		${CMAKE_SOURCE_DIR}/tools/make-wsluarm.py
+		${WSLUA_MODULES}
+)
+
+set( WSDG_BUILT_DEPS wsluarm )
+
+set( ASCIIDOC_CONF_FILES
+	${CMAKE_CURRENT_SOURCE_DIR}/attributes.adoc
+	# XXX Add macros
+)
+
+if(ASCIIDOCTOR_FOUND)
+	# Generate the DocBook sources of user and developer guides
+
+	ASCIIDOCTOR2DOCBOOK(wsug_src/user-guide.adoc ${ASCIIDOC_CONF_FILES} ${WSUG_SOURCE} ${WSUG_BUILT_DEPS})
+	add_custom_target(user_guide_docbook DEPENDS generate_user-guide.xml)
+	set_doc_target_properties(user_guide_docbook)
+	set_target_properties(user_guide_docbook PROPERTIES EXCLUDE_FROM_ALL True)
+
+	ASCIIDOCTOR2DOCBOOK(wsdg_src/developer-guide.adoc ${ASCIIDOC_CONF_FILES} ${WSDG_SOURCE} ${WSDG_BUILT_DEPS})
+	add_custom_target(developer_guide_docbook DEPENDS generate_developer-guide.xml)
+	set_doc_target_properties(developer_guide_docbook)
+	set_target_properties(developer_guide_docbook PROPERTIES EXCLUDE_FROM_ALL True)
+
+	# Top-level guide targets.
+
+	add_custom_target(user_guides DEPENDS user_guide_docbook)
+	set_doc_target_properties(user_guides)
+	set_target_properties(user_guides PROPERTIES EXCLUDE_FROM_ALL True)
+
+	add_custom_target(developer_guides DEPENDS developer_guide_docbook)
+	set_doc_target_properties(developer_guides)
+	set_target_properties(developer_guides PROPERTIES EXCLUDE_FROM_ALL True)
+
+	add_custom_target(all_guides DEPENDS user_guides developer_guides )
+	set_doc_target_properties(all_guides)
+	set_target_properties(all_guides PROPERTIES EXCLUDE_FROM_ALL True)
+endif()
+
+# User's Guide chain.
+if(ASCIIDOCTOR_FOUND AND XSLTPROC_EXECUTABLE)
+	XML2HTML(
+		user_guide
+		wsug
+		single-page
+		user-guide.xml
+		WSUG_GRAPHICS
+	)
+
+	XML2HTML(
+		user_guide
+		wsug
+		chunked
+		user-guide.xml
+		WSUG_GRAPHICS
+	)
+	add_custom_target(user_guide_html
+		DEPENDS
+			wsug_html/index.html
+			wsug_html_chunked/index.html
+	)
+	set_doc_target_properties(user_guide_html)
+	set_target_properties(user_guide_html PROPERTIES EXCLUDE_FROM_ALL True)
+	add_dependencies(user_guides user_guide_html)
+	# Copy the WSUG to the build directory so that when running
+	# from the build directory ui/help_url.c will find the local file.
+	# It expects the WSUG in a different directory on Windows.
+	if(WIN32)
+		set(WSUG_DIR "${DATAFILE_DIR}/${WSUG_TITLE}")
+	else()
+		set(WSUG_DIR "${DATAFILE_DIR}/wsug_html_chunked")
+	endif()
+	# CMake 3.26 has copy_directory_if_different
+	add_custom_command(
+		TARGET user_guide_html
+		COMMAND ${CMAKE_COMMAND} -E copy_directory
+			"${CMAKE_CURRENT_BINARY_DIR}/wsug_html_chunked" "${WSUG_DIR}"
+		VERBATIM
+	)
+endif()
+
+if(ASCIIDOCTOR_FOUND AND ASCIIDOCTOR_PDF_EXECUTABLE)
+	ASCIIDOCTOR2PDF(${WSUG_TITLE} wsug_src/user-guide.adoc ${WSUG_SOURCE} ${WSUG_BUILT_DEPS})
+
+	add_custom_target(user_guide_pdf
+		DEPENDS
+			"${WSUG_TITLE}.pdf"
+	)
+	set_doc_target_properties(user_guide_pdf)
+	set_target_properties(user_guide_pdf PROPERTIES EXCLUDE_FROM_ALL True)
+	add_dependencies(user_guides user_guide_pdf)
+endif()
+
+if(ASCIIDOCTOR_FOUND AND ASCIIDOCTOR_EPUB_EXECUTABLE)
+	ASCIIDOCTOR2EPUB(${WSUG_TITLE} wsug_src/user-guide.adoc ${WSUG_SOURCE} ${WSUG_BUILT_DEPS})
+
+	add_custom_target(user_guide_epub
+		DEPENDS
+			"${WSUG_TITLE}.epub"
+	)
+	set_doc_target_properties(user_guide_epub)
+	set_target_properties(user_guide_epub PROPERTIES EXCLUDE_FROM_ALL True)
+	add_dependencies(user_guides user_guide_epub)
+endif()
+
+# Developer's Guide chain.
+if(ASCIIDOCTOR_FOUND AND XSLTPROC_EXECUTABLE)
+	XML2HTML(
+		developer_guide
+		wsdg
+		single-page
+		developer-guide.xml
+		WSDG_GRAPHICS
+	)
+
+	XML2HTML(
+		developer_guide
+		wsdg
+		chunked
+		developer-guide.xml
+		WSDG_GRAPHICS
+	)
+	add_custom_target(developer_guide_html
+		DEPENDS
+			wsdg_html/index.html
+			wsdg_html_chunked/index.html
+	)
+	set_doc_target_properties(developer_guide_html)
+	set_target_properties(developer_guide_html PROPERTIES EXCLUDE_FROM_ALL True)
+	add_dependencies(developer_guides developer_guide_html)
+endif()
+
+if(ASCIIDOCTOR_FOUND AND ASCIIDOCTOR_PDF_EXECUTABLE)
+	ASCIIDOCTOR2PDF(${WSDG_TITLE} wsdg_src/developer-guide.adoc ${WSDG_SOURCE} ${WSDG_BUILT_DEPS})
+
+	add_custom_target(developer_guide_pdf
+		DEPENDS
+			"${WSDG_TITLE}.pdf"
+	)
+	set_doc_target_properties(developer_guide_pdf)
+	set_target_properties(developer_guide_pdf PROPERTIES EXCLUDE_FROM_ALL True)
+	add_dependencies(developer_guides developer_guide_pdf)
+endif()
+
+if(ASCIIDOCTOR_FOUND AND ASCIIDOCTOR_EPUB_EXECUTABLE)
+	ASCIIDOCTOR2EPUB(${WSDG_TITLE} wsdg_src/developer-guide.adoc ${WSDG_SOURCE} ${WSDG_BUILT_DEPS})
+
+	add_custom_target(developer_guide_epub
+		DEPENDS
+			"${WSDG_TITLE}.epub"
+	)
+	set_doc_target_properties(developer_guide_epub)
+	set_target_properties(developer_guide_epub PROPERTIES EXCLUDE_FROM_ALL True)
+	add_dependencies(developer_guides developer_guide_epub)
+endif()
+
 #
 # Editor modelines  -  https://www.wireshark.org/tools/modelines.html
 #
diff --git a/doc/README.developer b/doc/README.developer
index 6d6ede97..9769dd68 100644
--- a/doc/README.developer
+++ b/doc/README.developer
@@ -165,7 +165,7 @@ functions won't accept a size_t on LLP64:
     unsigned byte_after_greet;
 
     i = strlen(greeting);
-    byte_after_greet = tvb_get_guint8(tvb, i); /* Compiler warning */
+    byte_after_greet = tvb_get_uint8(tvb, i); /* Compiler warning */
 
 Try to use the appropriate data type when you can. When you can't, you
 will have to cast to a compatible data type, e.g.
@@ -175,7 +175,7 @@ will have to cast to a compatible data type, e.g.
     uint8_t byte_after_greet;
 
     i = strlen(greeting);
-    byte_after_greet = tvb_get_guint8(tvb, (int) i); /* OK */
+    byte_after_greet = tvb_get_uint8(tvb, (int) i); /* OK */
 
 or
 
@@ -184,9 +184,9 @@ or
     uint8_t byte_after_greet;
 
     i = (int) strlen(greeting);
-    byte_after_greet = tvb_get_guint8(tvb, i); /* OK */
+    byte_after_greet = tvb_get_uint8(tvb, i); /* OK */
 
-See http://www.unix.org/version2/whatsnew/lp64_wp.html for more
+See https://unix.org/version2/whatsnew/lp64_wp.html for more
 information on the sizes of common types in different data models.
 
 A lot of legacy code still uses GLib types and I/O replacement API. These
@@ -208,14 +208,8 @@ the macros in <inttypes.h>, for example:
     proto_tree_add_uint64_format_value(tree, hf_uint64, tvb, offset, len,
                                        val, "%" PRIu64, val);
 
-For GLib routines, and only those, you can choose whichever format style
-you prefer:
-
-    uint64_t val = UINT64_C(1);
-    char *str1 = g_string_printf("%" G_GUINT64_FORMAT, val);
-    char *str2 = g_string_printf("%" PRIu64, val);
-
-These format macros will be the same modulo any GLib bugs.
+GLib provides the G_GUINT64_FORMAT and G_GINT64_FORMAT specifiers for
+64-bit integral types. You should use PRIu64 and PRId64 instead.
 
 When specifying an integral constant that doesn't fit in 32 bits, don't
 use "LL" at the end of the constant - not all compilers use "LL" for
@@ -725,6 +719,14 @@ should be stored in a 32-bit variable, such as an "int"; if you store it
 in an 8-bit or 16-bit variable, you run the risk of the variable
 overflowing.
 
+If your dissector uses recursion, you must ensure that your code does
+not do so excessively. If there isn't an inherent limit on recursion in
+your dissector, you can can add one using increment_dissection_depth and
+decrement_dissection_depth. Wireshark's CI system uses Clang-tidy to
+check for recursion; you might also need to add suppressions described at
+https://clang.llvm.org/extra/clang-tidy/#suppressing-undesired-diagnostics
+in order to pass CI checks.
+
 sprintf() -> snprintf()
 Prevent yourself from using the sprintf() function, as it does not test the
 length of the given output buffer and might be writing into unintended memory
@@ -772,7 +774,7 @@ Please avoid using tab expansions different from 8 column widths, as not all
 text editors in use by the developers support this. For a detailed discussion
 of tabs, spaces, and indentation, see
 
-    http://www.jwz.org/doc/tabs-vs-spaces.html
+    https://www.jwz.org/doc/tabs-vs-spaces.html
 
 We use EditorConfig (http://editorconfig.org) files to provide formatting
 hints. Most editors and IDEs support EditorConfig, either directly or via
@@ -973,7 +975,7 @@ not toLocal8Bit() or toLatin1().
 
 8. Miscellaneous notes
 
-Each commit in your branch corresponds to a different VCSVERSION string
+Each commit in your branch corresponds to a different VCS_VERSION string
 automatically defined in the header 'vcs_version.h' during the build. If you happen
 to find it convenient to disable this feature it can be done using:
 
diff --git a/doc/README.display_filter b/doc/README.display_filter
index ab4d74d1..ff6c6a53 100644
--- a/doc/README.display_filter
+++ b/doc/README.display_filter
@@ -437,7 +437,7 @@ Example: add an 'in' display filter operation
 
 This example has been discussed on ethereal-dev in April 2004.
 [Ethereal-dev] Need for an 'in' dfilter operator?
-(https://www.wireshark.org/lists/ethereal-dev/200404/msg00372.html)
+(https://lists.wireshark.org/archives/ethereal-dev/200404/msg00372.html)
 It illustrates how a more complex operation can be added to the display filter language.
 
 Question:
diff --git a/doc/README.dissector b/doc/README.dissector
index 464bba49..4258f96b 100644
--- a/doc/README.dissector
+++ b/doc/README.dissector
@@ -84,7 +84,7 @@ In the skeleton sample code the following strings should be substituted with
 your information.
 
 YOUR_NAME       Your name, of course. You do want credit, don't you?
-                It's the only payment you will receive....
+                It's the only payment you will receive...
 YOUR_EMAIL_ADDRESS  Keep those cards and letters coming.
 PROTONAME       The name of the protocol; this is displayed in the
                 top-level protocol tree item for that protocol.
@@ -273,8 +273,11 @@ uint64_t tvb_get_bits64(tvbuff_t *tvb, unsigned bit_offset, const int no_of_bits
 Single-byte accessors for 8-bit unsigned integers (uint8_t) and 8-bit
 signed integers (int8_t):
 
-uint8_t tvb_get_guint8(tvbuff_t *tvb, const int offset);
-int8_t tvb_get_gint8(tvbuff_t *tvb, const int offset);
+uint8_t tvb_get_uint8(tvbuff_t *tvb, const int offset);
+int8_t tvb_get_int8(tvbuff_t *tvb, const int offset);
+
+These functions were previously named tvb_get_guint8 and tvb_get_gint8. You
+can still use the old names but they have been deprecated.
 
 Network-to-host-order accessors:
 
@@ -371,38 +374,41 @@ Encoding-to_host-order accessors:
 
 16-bit unsigned (uint16_t) and signed (int16_t) integers:
 
-uint16_t tvb_get_guint16(tvbuff_t *tvb, const int offset, const unsigned encoding);
-int16_t tvb_get_gint16(tvbuff_t *tvb, const int offset, const unsigned encoding);
+uint16_t tvb_get_uint16(tvbuff_t *tvb, const int offset, const unsigned encoding);
+int16_t tvb_get_int16(tvbuff_t *tvb, const int offset, const unsigned encoding);
 
 24-bit unsigned and signed integers:
 
-uint32_t tvb_get_guint24(tvbuff_t *tvb, const int offset, const unsigned encoding);
-int32_t tvb_get_gint24(tvbuff_t *tvb, const int offset, const unsigned encoding);
+uint32_t tvb_get_uint24(tvbuff_t *tvb, const int offset, const unsigned encoding);
+int32_t tvb_get_int24(tvbuff_t *tvb, const int offset, const unsigned encoding);
 
 32-bit unsigned (uint32_t) and signed (int32_t) integers:
 
-uint32_t tvb_get_guint32(tvbuff_t *tvb, const int offset, const unsigned encoding);
-int32_t tvb_get_gint32(tvbuff_t *tvb, const int offset, const unsigned encoding);
+uint32_t tvb_get_uint32(tvbuff_t *tvb, const int offset, const unsigned encoding);
+int32_t tvb_get_int32(tvbuff_t *tvb, const int offset, const unsigned encoding);
 
 40-bit unsigned and signed integers:
 
-uint64_t tvb_get_guint40(tvbuff_t *tvb, const int offset, const unsigned encoding);
-int64_t tvb_get_gint40(tvbuff_t *tvb, const int offset, const unsigned encoding);
+uint64_t tvb_get_uint40(tvbuff_t *tvb, const int offset, const unsigned encoding);
+int64_t tvb_get_int40(tvbuff_t *tvb, const int offset, const unsigned encoding);
 
 48-bit unsigned and signed integers:
 
-uint64_t tvb_get_guint48(tvbuff_t *tvb, const int offset, const unsigned encoding);
-int64_t tvb_get_gint48(tvbuff_t *tvb, const int offset, const unsigned encoding);
+uint64_t tvb_get_uint48(tvbuff_t *tvb, const int offset, const unsigned encoding);
+int64_t tvb_get_int48(tvbuff_t *tvb, const int offset, const unsigned encoding);
 
 56-bit unsigned and signed integers:
 
-uint64_t tvb_get_guint56(tvbuff_t *tvb, const int offset, const unsigned encoding);
-int64_t tvb_get_gint56(tvbuff_t *tvb, const int offset, const unsigned encoding);
+uint64_t tvb_get_uint56(tvbuff_t *tvb, const int offset, const unsigned encoding);
+int64_t tvb_get_int56(tvbuff_t *tvb, const int offset, const unsigned encoding);
 
 64-bit unsigned (uint64_t) and signed (int64_t) integers:
 
-uint64_t tvb_get_guint64(tvbuff_t *tvb, const int offset, const unsigned encoding);
-int64_t tvb_get_gint64(tvbuff_t *tvb, const int offset, const unsigned encoding);
+uint64_t tvb_get_uint64(tvbuff_t *tvb, const int offset, const unsigned encoding);
+int64_t tvb_get_int64(tvbuff_t *tvb, const int offset, const unsigned encoding);
+
+These functions were previously named tvb_get_guintXX and tvb_get_gintXX. You
+can still use the old names but they have been deprecated.
 
 Single-precision and double-precision IEEE floating-point numbers:
 
@@ -477,7 +483,7 @@ the string is guaranteed to have a terminating NULL. If the string was truncated
 when copied into buffer, a NULL is placed at the end of buffer to terminate it.
 
 char *tvb_get_ts_23_038_7bits_string(wmem_allocator_t *scope, tvbuff_t *tvb,
-                                      const int bit_offset, int no_of_chars);
+                                     const int bit_offset, int no_of_chars);
 
 tvb_get_ts_23_038_7bits_string() returns a string of a given number of
 characters and encoded according to 3GPP TS 23.038 7 bits alphabet.
@@ -487,17 +493,18 @@ information).
 
 Byte Array Accessors:
 
-char *tvb_bytes_to_str(wmem_allocator_t *scope, tvbuff_t *tvb, const int offset, const int len);
+char *tvb_bytes_to_str(wmem_allocator_t *scope, tvbuff_t *tvb,
+                       const int offset, const int len);
 
 Formats a bunch of data from a tvbuff as bytes, returning a pointer
 to the string with the data formatted as two hex digits for each byte.
 The string pointed to is stored in an "wmem_alloc'd" buffer which will be freed
-depending on its scope (typically wmem_packet_scope which is freed after the frame).
+depending on its scope (typically pinfo->pool which is freed after the frame).
 The formatted string will contain the hex digits for at most the first 16 bytes of
 the data. If len is greater than 16 bytes, a trailing "..." will be added to the string.
 
 char *tvb_bytes_to_str_punct(wmem_allocator_t *scope, tvbuff_t *tvb,
-                              const int offset, const int len, const char punct);
+                             const int offset, const int len, const char punct);
 
 This function is similar to tvb_bytes_to_str(...) except that 'punct' is inserted
 between the hex representation of each byte.
@@ -512,7 +519,8 @@ passed-in 'bytes' array, based on the passed-in encoding. In other
 words, convert from a hex-ascii string in tvbuff, into the supplied
 GByteArray.
 
-char *tvb_bcd_dig_to_wmem_packet_str(tvbuff_t *tvb, const int offset, const int len, dgt_set_t *dgt, bool skip_first);
+char *tvb_bcd_dig_to_wmem_packet_str(tvbuff_t *tvb, const int offset,
+                                     const int len, dgt_set_t *dgt, bool skip_first);
 
 Given a tvbuff, an offset into the tvbuff, and a length that starts
 at that offset (which may be -1 for "all the way to the end of the
@@ -523,7 +531,7 @@ A pointer to the packet scope allocated string will be returned.
 Note: a tvbuff content of 0xf is considered a 'filler' and will end the conversion.
 
 Copying memory:
-void* tvb_memcpy(tvbuff_t *tvb, void* target, const int offset, size_t length);
+void *tvb_memcpy(tvbuff_t *tvb, void *target, const int offset, size_t length);
 
 Copies into the specified target the specified length's worth of data
 from the specified tvbuff, starting at the specified offset.
@@ -539,7 +547,7 @@ Pointer-retrieval:
  * no guarantee that the user will honor the 'length' and not overstep the
  * boundaries of the buffer. Also see the warning in the Portability section.
  */
-const uint8_t* tvb_get_ptr(tvbuff_t *tvb, const int offset, const int length);
+const uint8_t *tvb_get_ptr(tvbuff_t *tvb, const int offset, const int length);
 
 Length query:
 Get amount of captured data in the buffer (which is *NOT* necessarily the
@@ -824,14 +832,14 @@ information about its data type is needed. It helps to look at
 the header_field_info struct to see what information is expected:
 
 struct header_field_info {
-    const char      *name;
-    const char      *abbrev;
-    enum ftenum     type;
-    int             display;
-    const void      *strings;
-    uint64_t        bitmask;
-    const char      *blurb;
-    .....
+    const char        *name;
+    const char        *abbrev;
+    enum ftenum        type;
+    int                display;
+    const void        *strings;
+    uint64_t           bitmask;
+    const char        *blurb;
+    ...
 };
 
 name (FIELDNAME)
@@ -1194,11 +1202,11 @@ one can use a range_string struct.
 
 Thus a 'range_string' structure is a way to map ranges to strings.
 
-        typedef struct _range_string {
-                uint32_t       value_min;
-                uint32_t       value_max;
-                const char    *strptr;
-        } range_string;
+    typedef struct _range_string {
+        uint32_t       value_min;
+        uint32_t       value_max;
+        const char    *strptr;
+    } range_string;
 
 For fields of that type, you would declare an array of "range_string"s:
 
@@ -1304,19 +1312,20 @@ header_field_info struct (or an array of such structs), and
 calling the registration function along with the registration ID of
 the protocol that is the parent of the fields. Here is a complete example:
 
-    static int proto_eg = -1;
-    static int hf_field_a = -1;
-    static int hf_field_b = -1;
+    static int proto_eg;
+    static int hf_field_a;
+    static int hf_field_b;
 
     static hf_register_info hf[] = {
-
         { &hf_field_a,
-        { "Field A", "proto.field_a", FT_UINT8, BASE_HEX, NULL,
-            0xf0, "Field A represents Apples", HFILL }},
+            { "Field A", "proto.field_a", FT_UINT8, BASE_HEX, NULL,
+                0xf0, "Field A represents Apples", HFILL }
+        },
 
         { &hf_field_b,
-        { "Field B", "proto.field_b", FT_UINT16, BASE_DEC, VALS(vs),
-            0x0, "Field B represents Bananas", HFILL }}
+            { "Field B", "proto.field_b", FT_UINT16, BASE_DEC, VALS(vs),
+                0x0, "Field B represents Bananas", HFILL }
+        }
     };
 
     proto_eg = proto_register_protocol("Example Protocol",
@@ -1330,8 +1339,8 @@ information that the compiler created inside your array. Here's the
 layout of the hf_register_info struct:
 
 typedef struct hf_register_info {
-    int            *p_id; /* pointer to parent variable */
-    header_field_info hfinfo;
+    int               *p_id; /* pointer to parent variable */
+    header_field_info  hfinfo;
 } hf_register_info;
 
 Also be sure to use the handy array_length() macro found in packet.h
@@ -1346,14 +1355,15 @@ It is OK to have header fields with a different format be registered with
 the same abbreviation. For instance, the following is valid:
 
     static hf_register_info hf[] = {
-
         { &hf_field_8bit, /* 8-bit version of proto.field */
-        { "Field (8 bit)", "proto.field", FT_UINT8, BASE_DEC, NULL,
-            0x00, "Field represents FOO", HFILL }},
+            { "Field (8 bit)", "proto.field", FT_UINT8, BASE_DEC, NULL,
+                0x00, "Field represents FOO", HFILL }
+        },
 
         { &hf_field_32bit, /* 32-bit version of proto.field */
-        { "Field (32 bit)", "proto.field", FT_UINT32, BASE_DEC, NULL,
-            0x00, "Field represents FOO", HFILL }}
+            { "Field (32 bit)", "proto.field", FT_UINT32, BASE_DEC, NULL,
+                0x00, "Field represents FOO", HFILL }
+        }
     };
 
 This way a filter expression can match a header field, irrespective of the
@@ -1385,7 +1395,7 @@ handful of proto_XXX_DO_YYY() functions.
 
 Subtrees can be made with the proto_item_add_subtree() function:
 
-    item = proto_tree_add_item(....);
+    item = proto_tree_add_item(...);
     new_tree = proto_item_add_subtree(item, tree_type);
 
 This will add a subtree under the item in question; a subtree can be
@@ -1394,11 +1404,11 @@ so that the tree can be given an arbitrary depth.
 
 Subtree types are integers, assigned by
 "proto_register_subtree_array()". To register subtree types, pass an
-array of pointers to "gint" variables to hold the subtree type values to
+array of pointers to "int" variables to hold the subtree type values to
 "proto_register_subtree_array()":
 
-    static int ett_eg = -1;
-    static int ett_field_a = -1;
+    static int ett_eg;
+    static int ett_field_a;
 
     static int *ett[] = {
         &ett_eg,
@@ -1419,14 +1429,14 @@ you move to another packet.
 There are many functions that the programmer can use to add either
 protocol or field labels to the proto_tree, for example:
 
-    proto_item*
+    proto_item *
     proto_tree_add_item(tree, id, tvb, start, length, encoding);
 
-    proto_item*
+    proto_item *
     proto_tree_add_item_ret_int(tree, id, tvb, start, length, encoding,
         *retval);
 
-    proto_item*
+    proto_item *
     proto_tree_add_subtree(tree, tvb, start, length, idx, tree_item,
         text);
 
@@ -2016,11 +2026,11 @@ matched string from that value_string will be printed on the expansion line
 as well.
 
 Example: (from the SCSI dissector)
-    static int hf_scsi_inq_peripheral        = -1;
-    static int hf_scsi_inq_qualifier         = -1;
-    static int hf_scsi_inq_devtype           = -1;
+    static int hf_scsi_inq_peripheral;
+    static int hf_scsi_inq_qualifier;
+    static int hf_scsi_inq_devtype;
     ...
-    static int ett_scsi_inq_peripheral = -1;
+    static int ett_scsi_inq_peripheral;
     ...
     static int * const peripheral_fields[] = {
         &hf_scsi_inq_qualifier,
@@ -2031,17 +2041,20 @@ Example: (from the SCSI dissector)
     /* Qualifier and DeviceType */
     proto_tree_add_bitmask(tree, tvb, offset, hf_scsi_inq_peripheral,
         ett_scsi_inq_peripheral, peripheral_fields, ENC_BIG_ENDIAN);
-    offset+=1;
+    offset += 1;
     ...
         { &hf_scsi_inq_peripheral,
           {"Peripheral", "scsi.inquiry.peripheral", FT_UINT8, BASE_HEX,
-           NULL, 0, NULL, HFILL}},
+           NULL, 0, NULL, HFILL}
+        },
         { &hf_scsi_inq_qualifier,
           {"Qualifier", "scsi.inquiry.qualifier", FT_UINT8, BASE_HEX,
-           VALS (scsi_qualifier_val), 0xE0, NULL, HFILL}},
+           VALS (scsi_qualifier_val), 0xE0, NULL, HFILL}
+        },
         { &hf_scsi_inq_devtype,
           {"Device Type", "scsi.inquiry.devtype", FT_UINT8, BASE_HEX,
-           VALS (scsi_devtype_val), SCSI_DEV_BITS, NULL, HFILL}},
+           VALS (scsi_devtype_val), SCSI_DEV_BITS, NULL, HFILL}
+        },
     ...
 
 Which provides very pretty dissection of this one byte bitmask.
@@ -2146,18 +2159,16 @@ skeleton of how the programmer might code this.
 
     proto_tree_add_none_format(tree, hf_tr_rif_label, ..., "RIF: %s", rif);
 
-    for(i = 0; i < num_rings; i++) {
+    for (i = 0; i < num_rings; i++) {
         proto_item *pi;
 
-        pi = proto_tree_add_item(tree, hf_tr_rif_ring, ...,
-            ENC_BIG_ENDIAN);
+        pi = proto_tree_add_item(tree, hf_tr_rif_ring, ..., ENC_BIG_ENDIAN);
         proto_item_set_hidden(pi);
     }
-    for(i = 0; i < num_rings - 1; i++) {
+    for (i = 0; i < num_rings - 1; i++) {
         proto_item *pi;
 
-        pi = proto_tree_add_item(tree, hf_tr_rif_bridge, ...,
-            ENC_BIG_ENDIAN);
+        pi = proto_tree_add_item(tree, hf_tr_rif_bridge, ..., ENC_BIG_ENDIAN);
         proto_item_set_hidden(pi);
     }
 
@@ -2196,7 +2207,7 @@ to generate a COL_INFO line for a frame.
 
 val_to_str() handles the most common case:
 
-    const char*
+    const char *
     val_to_str(uint32_t val, const value_string *vs, const char *fmt)
 
 If the value 'val' is found in the 'value_string' table pointed to by
@@ -2214,7 +2225,7 @@ unmodified when 'val' isn't found.
 If you need to handle the failure case in some custom way, try_val_to_str()
 will return NULL if val isn't found:
 
-    const char*
+    const char *
     try_val_to_str(uint32_t val, const value_string *vs)
 
 Note that, you must check whether 'try_val_to_str()' returns NULL, and arrange
@@ -2336,13 +2347,13 @@ table using their unique identifier using one of the following APIs:
                             dissector_handle_t handle);
 
     void dissector_add_uint_range(const char *abbrev, struct epan_range *range,
-                            dissector_handle_t handle);
+                                  dissector_handle_t handle);
 
     void dissector_add_string(const char *name, const char *pattern,
-                            dissector_handle_t handle);
+                              dissector_handle_t handle);
 
     void dissector_add_for_decode_as(const char *name,
-                            dissector_handle_t handle);
+                                     dissector_handle_t handle);
 
     dissector_add_for_decode_as doesn't add a unique identifier in the dissector
     table, but it lets the user add it from the command line or, in Wireshark,
@@ -2383,7 +2394,7 @@ section of epan/dissectors/CMakeLists.txt
 1.10 Submitting code for your new dissector.
 
   See <https://www.wireshark.org/docs/wsdg_html_chunked/ChSrcContribute.html>
-  and <https://gitlab.com/wireshark/wireshark/-/wikis/Development/SubmittingPatches>.
+  and <https://wiki.wireshark.org/Development/SubmittingPatches>.
 
   - VERIFY that your dissector code does not use prohibited or deprecated APIs
     as follows:
@@ -2404,11 +2415,11 @@ section of epan/dissectors/CMakeLists.txt
 
   - TEST YOUR DISSECTOR BEFORE SUBMITTING IT.
     Use fuzz-test.sh and/or randpkt against your dissector. These are
-    described at <https://gitlab.com/wireshark/wireshark/-/wikis/FuzzTesting>.
+    described at <https://wiki.wireshark.org/FuzzTesting>.
 
   - Subscribe to <mailto:wireshark-dev[AT]wireshark.org> by sending an email to
     <mailto:wireshark-dev-request[AT]wireshark.org?body="help"> or visiting
-    <https://www.wireshark.org/lists/>.
+    <https://lists.wireshark.org/>.
 
   - 'git diff' to verify all your changes look good.
 
@@ -2425,11 +2436,11 @@ section of epan/dissectors/CMakeLists.txt
   - Create a Wiki page on the protocol at <https://gitlab.com/wireshark/editor-wiki>.
     (You'll need to request access to https://gitlab.com/wireshark/wiki-editors.)
     A template is provided so it is easy to setup in a consistent style.
-      See: <https://gitlab.com/wireshark/wireshark/-/wikis/HowToEdit>
-      and  <https://gitlab.com/wireshark/wireshark/-/wikis/ProtocolReference>
+      See: <https://wiki.wireshark.org/HowToEdit>
+      and  <https://wiki.wireshark.org/ProtocolReference>
 
   - If possible, add sample capture files to the sample captures page at
-    <https://gitlab.com/wireshark/wireshark/-/wikis/SampleCaptures>. These
+    <https://wiki.wireshark.org/SampleCaptures>. These
     files are used by the automated build system for fuzz testing.
 
   - If you don't think the wiki is the right place for your sample capture,
@@ -2494,12 +2505,12 @@ The conversation_new prototype:
 
 Where:
     uint32_t setup_frame     = The lowest numbered frame for this conversation
-    address* addr1          = first data packet address
-    address* addr2          = second data packet address
-    conversation_type ctype = conversation type, defined in conversation.h
+    address* addr1           = first data packet address
+    address* addr2           = second data packet address
+    conversation_type ctype  = conversation type, defined in conversation.h
     uint32_t port1           = first data packet port
     uint32_t port2           = second data packet port
-    unsigned options           = conversation options, NO_ADDR2 and/or NO_PORT2
+    unsigned options         = conversation options, NO_ADDR2 and/or NO_PORT2
 
 setup_frame indicates the first frame for this conversation, and is used to
 distinguish multiple conversations with the same addr1/port1 and addr2/port2
@@ -2533,7 +2544,7 @@ The conversation_new_full prototype:
         conversation_element_t *elements);
 
 Where:
-    uint32_t setup_frame              = The lowest numbered frame for
+    uint32_t setup_frame             = The lowest numbered frame for
         this conversation
     conversation_element_t *elements = An array of data types and
         values which identify this conversation. The array MUST be
@@ -2552,12 +2563,12 @@ The find_conversation prototype:
 
 Where:
     uint32_t frame_num       = a frame number to match
-    address* addr_a         = first address
-    address* addr_b         = second address
-    conversation_type ctype = conversation type
+    address* addr_a          = first address
+    address* addr_b          = second address
+    conversation_type ctype  = conversation type
     uint32_t port_a          = first data packet port
     uint32_t port_b          = second data packet port
-    unsigned options           = conversation options, NO_ADDR_B and/or NO_PORT_B
+    unsigned options         = conversation options, NO_ADDR_B and/or NO_PORT_B
 
 frame_num is a frame number to match. The conversation returned is where
     (frame_num >= conversation->setup_frame
@@ -2599,7 +2610,7 @@ The find_conversation_full prototype:
         conversation_element_t *elements);
 
 Where:
-    uint32_t setup_frame              = The lowest numbered frame for
+    uint32_t setup_frame             = The lowest numbered frame for
         this conversation
     conversation_element_t *elements = An array of data types and
         values which identify this conversation. The array MUST be
@@ -2780,7 +2791,7 @@ typedef struct {
 } my_entry_t;
 
 /* Registered protocol number */
-static int my_proto = -1;
+static int my_proto;
 
 /********************* in the dissector routine *********************/
 
@@ -2793,13 +2804,13 @@ my_entry_t *data_ptr;
 /* look up the conversation */
 
 conversation = find_conversation(pinfo->num, &pinfo->src, &pinfo->dst,
-        conversation_pt_to_conversation_type(pinfo->ptype), 
+        conversation_pt_to_conversation_type(pinfo->ptype),
         pinfo->srcport, pinfo->destport, 0);
 
 /* if conversation found get the data pointer that you stored */
-if (conversation)
+if (conversation) {
     data_ptr = (my_entry_t*)conversation_get_proto_data(conversation, my_proto);
-else {
+} else {
 
     /* new conversation create local data structure */
 
@@ -2880,8 +2891,7 @@ upon the conversation index and values inside the request packets.
 
     /* only allocate a new hash element when it's a request */
     opcode = 0;
-    if (!request_val && !reply)
-    {
+    if (!request_val && !reply) {
         new_request_key = wmem_alloc(wmem_file_scope(), sizeof(struct afs_request_key));
         *new_request_key = request_key;
 
@@ -2889,8 +2899,7 @@ upon the conversation index and values inside the request packets.
         request_val -> opcode = pntoh32(&afsh->opcode);
         opcode = request_val->opcode;
 
-        g_hash_table_insert(afs_request_hash, new_request_key,
-            request_val);
+        g_hash_table_insert(afs_request_hash, new_request_key, request_val);
     }
 
 
@@ -2946,36 +2955,33 @@ An example -
 static dissector_handle_t sub_dissector_handle;
 
 /* prototype for the dynamic dissector */
-static void sub_dissector(tvbuff_t *tvb, packet_info *pinfo,
-                proto_tree *tree);
+static void sub_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
 
 /* in the main protocol dissector, where the next dissector is setup */
 
 /* if conversation has a data field, create it and load structure */
 
-/* First check if a conversation already exists for this
-    socketpair
-*/
+/* First check if a conversation already exists for this socketpair */
     conversation = find_conversation(pinfo->num,
-                &pinfo->src, &pinfo->dst, conversation_type,
-                src_port, dst_port,  0);
+                                     &pinfo->src, &pinfo->dst, conversation_type,
+                                     src_port, dst_port,  0);
 
 /* If there is no such conversation, or if there is one but for
    someone else's protocol then we just create a new conversation
    and assign our protocol to it.
 */
-    if ( (conversation == NULL) ||
-         (conversation->dissector_handle != sub_dissector_handle) ) {
+    if ((conversation == NULL) ||
+        (conversation->dissector_handle != sub_dissector_handle)) {
         new_conv_info = wmem_alloc(wmem_file_scope(), sizeof(struct _new_conv_info));
         new_conv_info->data1 = value1;
 
-/* create the conversation for the dynamic port */
-            conversation = conversation_new(pinfo->num,
-            &pinfo->src, &pinfo->dst, protocol,
-                src_port, dst_port, new_conv_info, 0);
+        /* create the conversation for the dynamic port */
+        conversation = conversation_new(pinfo->num,
+                                        &pinfo->src, &pinfo->dst, protocol,
+                                        src_port, dst_port, new_conv_info, 0);
 
-/* set the dissector for the new conversation */
-            conversation_set_dissector(conversation, sub_dissector_handle);
+        /* set the dissector for the new conversation */
+        conversation_set_dissector(conversation, sub_dissector_handle);
     }
     ...
 
@@ -3019,8 +3025,8 @@ the same socketpair.
 There are two support routines that will allow the second port and/or
 address to be set later.
 
-conversation_set_port2( conversation_t *conv, uint32_t port);
-conversation_set_addr2( conversation_t *conv, address addr);
+conversation_set_port2(conversation_t *conv, uint32_t port);
+conversation_set_addr2(conversation_t *conv, address addr);
 
 These routines will change the second address or port for the
 conversation. So, the server port conversation will be converted into a
@@ -3051,19 +3057,20 @@ static dissector_handle_t sub_dissector_handle;
     IP/protocol/port
 */
     conversation = find_conversation(pinfo->num,
-                &server_src_addr, 0, protocol,
-                server_src_port, 0, NO_ADDR2 | NO_PORT_B);
+                                     &server_src_addr, 0, protocol,
+                                     server_src_port, 0, NO_ADDR2 | NO_PORT_B);
+
 /* If there is no such conversation, or if there is one but for
    someone else's protocol then we just create a new conversation
    and assign our protocol to it.
 */
-    if ( (conversation == NULL) ||
-         (conversation->dissector_handle != sub_dissector_handle) ) {
+    if ((conversation == NULL) ||
+        (conversation->dissector_handle != sub_dissector_handle)) {
         conversation = conversation_new(pinfo->num,
-        &server_src_addr, 0, conversation_type,
-        server_src_port, 0, new_conv_info, NO_ADDR2 | NO_PORT2);
+                                        &server_src_addr, 0, conversation_type,
+                                        server_src_port, 0, new_conv_info, NO_ADDR2 | NO_PORT2);
 
-/* set the dissector for the new conversation */
+        /* set the dissector for the new conversation */
         conversation_set_dissector(conversation, sub_dissector_handle);
     }
 
@@ -3210,16 +3217,16 @@ An example from packet-rtpproxy.c -
     rtpproxy_module = prefs_register_protocol(proto_rtpproxy, proto_reg_handoff_rtpproxy);
 
     prefs_register_bool_preference(rtpproxy_module, "establish_conversation",
-                                 "Establish Media Conversation",
-                                 "Specifies that RTP/RTCP/T.38/MSRP/etc streams are decoded based "
-                                 "upon port numbers found in RTPproxy answers",
-                                 &rtpproxy_establish_conversation);
+                                   "Establish Media Conversation",
+                                   "Specifies that RTP/RTCP/T.38/MSRP/etc streams are decoded based "
+                                   "upon port numbers found in RTPproxy answers",
+                                   &rtpproxy_establish_conversation);
 
     prefs_register_uint_preference(rtpproxy_module, "reply.timeout",
-                                 "RTPproxy reply timeout", /* Title */
-                                 "Maximum timeout value in waiting for reply from RTPProxy (in milliseconds).", /* Descr */
-                                 10,
-                                 &rtpproxy_timeout);
+                                   "RTPproxy reply timeout", /* Title */
+                                   "Maximum timeout value in waiting for reply from RTPProxy (in milliseconds).", /* Descr */
+                                   10,
+                                   &rtpproxy_timeout);
 
 This will create preferences "rtpproxy.establish_conversation" and
 "rtpproxy.reply.timeout", the first of which is an Boolean and the
@@ -3231,7 +3238,7 @@ a preference obsolete is to register it as such:
 
 /* Register a preference that used to be supported but no longer is. */
     void prefs_register_obsolete_preference(module_t *module,
-        const char *name);
+                                            const char *name);
 
 2.7 Reassembly/desegmentation for protocols running atop TCP.
 
@@ -3278,7 +3285,7 @@ reference to a callback which will be called with reassembled data:
             return 0;
 
         tcp_dissect_pdus(tvb, pinfo, tree, hartip_desegment, HARTIP_HEADER_LENGTH,
-                   get_dissect_hartip_len, dissect_hartip_pdu, data);
+                         get_dissect_hartip_len, dissect_hartip_pdu, data);
         return tvb_reported_length(tvb);
     }
 
@@ -3345,11 +3352,10 @@ your mind later: once you return a positive value from desegment_len, your PDU
 boundary is set in stone.
 
 static hf_register_info hf[] = {
-    {&hf_cstring,
-     {"C String", "c.string", FT_STRING, BASE_NONE, NULL, 0x0,
-      NULL, HFILL}
-     }
-   };
+    { &hf_cstring,
+        { "C String", "c.string", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }
+    }
+};
 
 /**
 *   Dissect a buffer containing ASCII C strings.
@@ -3362,11 +3368,12 @@ static hf_register_info hf[] = {
 static int dissect_cstr(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void *data _U_)
 {
     unsigned offset = 0;
-    while(offset < tvb_reported_length(tvb)) {
+
+    while (offset < tvb_reported_length(tvb)) {
         int available = tvb_reported_length_remaining(tvb, offset);
         int len = tvb_strnlen(tvb, offset, available);
 
-        if( -1 == len ) {
+        if (-1 == len) {
             /* we ran out of data: ask for more */
             pinfo->desegment_offset = offset;
             pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
@@ -3377,9 +3384,7 @@ static int dissect_cstr(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree,
 
         len += 1; /* Add one for the '\0' */
 
-        if (tree) {
-            proto_tree_add_item(tree, hf_cstring, tvb, offset, len, ENC_ASCII);
-        }
+        proto_tree_add_item(tree, hf_cstring, tvb, offset, len, ENC_ASCII);
         offset += (unsigned)len;
     }
 
@@ -3425,7 +3430,7 @@ are called to handle PDU data.
     dissect_dnp3_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
     {
         return udp_dissect_pdus(tvb, pinfo, tree, DNP_HDR_LEN, dnp3_udp_check_header,
-                   get_dnp3_message_len, dissect_dnp3_message, data);
+                                get_dnp3_message_len, dissect_dnp3_message, data);
     }
 
     static int
@@ -3436,7 +3441,7 @@ are called to handle PDU data.
         }
 
         tcp_dissect_pdus(tvb, pinfo, tree, true, DNP_HDR_LEN,
-                   get_dnp3_message_len, dissect_dnp3_message, data);
+                         get_dnp3_message_len, dissect_dnp3_message, data);
 
         return tvb_captured_length(tvb);
     }
@@ -3518,7 +3523,7 @@ Consider the following example using IP dissection, stolen from packet-ip.c:
     static build_valid_func ip_da_build_value[1] = {ip_value};
     static decode_as_value_t ip_da_values = {ip_prompt, 1, ip_da_build_value};
     static decode_as_t ip_da = {"ip", "ip.proto", 1, 0, &ip_da_values, NULL, NULL,
-                              decode_as_default_populate_list, decode_as_default_reset, decode_as_default_change, NULL};
+                                decode_as_default_populate_list, decode_as_default_reset, decode_as_default_change, NULL};
     ...
     ip_dissector_table = register_dissector_table("ip.proto", "IP protocol", ip_proto, FT_UINT8, BASE_DEC);
     ...
@@ -3594,23 +3599,23 @@ the ptvcursor advances its cursor so the next call to ptvcursor_add
 starts where this call finished. The 'encoding' parameter is relevant for
 certain type of fields (See above under proto_tree_add_item()).
 
-proto_item*
+proto_item *
 ptvcursor_add_ret_uint(ptvcursor_t* ptvc, int hf, int length, const unsigned encoding, uint32_t *retval);
     Like ptvcursor_add, but returns uint value retrieved
 
-proto_item*
+proto_item *
 ptvcursor_add_ret_int(ptvcursor_t* ptvc, int hf, int length, const unsigned encoding, int32_t *retval);
     Like ptvcursor_add, but returns int value retrieved
 
-proto_item*
+proto_item *
 ptvcursor_add_ret_string(ptvcursor_t* ptvc, int hf, int length, const unsigned encoding, wmem_allocator_t *scope, const uint8_t **retval);
     Like ptvcursor_add, but returns string retrieved
 
-proto_item*
+proto_item *
 ptvcursor_add_ret_boolean(ptvcursor_t* ptvc, int hf, int length, const unsigned encoding, bool *retval);
     Like ptvcursor_add, but returns boolean value retrieved
 
-proto_item*
+proto_item *
 ptvcursor_add_no_advance(ptvcursor_t* ptvc, int hf, int length, const unsigned encoding)
     Like ptvcursor_add, but does not advance the internal cursor.
 
@@ -3624,7 +3629,7 @@ ptvcursor_free(ptvcursor_t* ptvc)
 after your dissection with the ptvcursor API is completed.
 
 
-proto_tree*
+proto_tree *
 ptvcursor_push_subtree(ptvcursor_t* ptvc, proto_item* it, int ett_subtree)
     Pushes the current subtree in the tree stack of the cursor, creates a new
 one and sets this one as the working tree.
@@ -3633,7 +3638,7 @@ void
 ptvcursor_pop_subtree(ptvcursor_t* ptvc);
     Pops a subtree in the tree stack of the cursor
 
-proto_tree*
+proto_tree *
 ptvcursor_add_with_subtree(ptvcursor_t* ptvc, int hfindex, int length,
                             const unsigned encoding, int ett_subtree);
     Adds an item to the tree and creates a subtree.
@@ -3641,9 +3646,9 @@ If the length is unknown, length may be defined as SUBTREE_UNDEFINED_LENGTH.
 In this case, at the next pop, the item length will be equal to the advancement
 of the cursor since the creation of the subtree.
 
-proto_tree*
+proto_tree *
 ptvcursor_add_text_with_subtree(ptvcursor_t* ptvc, int length,
-                                int ett_subtree, const char* format, ...);
+                                int ett_subtree, const char *format, ...);
     Add a text node to the tree and create a subtree.
 If the length is unknown, length may be defined as SUBTREE_UNDEFINED_LENGTH.
 In this case, at the next pop, the item length will be equal to the advancement
@@ -3651,7 +3656,7 @@ of the cursor since the creation of the subtree.
 
 2.11.2 Miscellaneous functions.
 
-tvbuff_t*
+tvbuff_t *
 ptvcursor_tvbuff(ptvcursor_t* ptvc)
     Returns the tvbuff associated with the ptvcursor.
 
@@ -3659,7 +3664,7 @@ int
 ptvcursor_current_offset(ptvcursor_t* ptvc)
     Returns the current offset.
 
-proto_tree*
+proto_tree *
 ptvcursor_tree(ptvcursor_t* ptvc)
     Returns the proto_tree associated with the ptvcursor.
 
@@ -3667,7 +3672,7 @@ void
 ptvcursor_set_tree(ptvcursor_t* ptvc, proto_tree *tree)
     Sets a new proto_tree for the ptvcursor.
 
-proto_tree*
+proto_tree *
 ptvcursor_set_subtree(ptvcursor_t* ptvc, proto_item* it, int ett_subtree);
     Creates a subtree and adds it to the cursor as the working tree but does
 not save the old working tree.
@@ -3714,10 +3719,10 @@ necessary, in either case.
  *
  * Local variables:
  * c-basic-offset: 4
- * tab-width: 8
+ * tab-width: 4
  * indent-tabs-mode: nil
  * End:
  *
- * vi: set shiftwidth=4 tabstop=8 expandtab:
- * :indentSize=4:tabSize=8:noTabs=true:
+ * vi: set shiftwidth=4 tabstop=4 expandtab:
+ * :indentSize=4:tabSize=4:noTabs=true:
  */
diff --git a/docbook/README.adoc b/doc/README.documentation.adoc
index 58d08edf..850a870a 100644
--- a/docbook/README.adoc
+++ b/doc/README.documentation.adoc
@@ -6,7 +6,7 @@ This directory contains the source files needed to build the:
 
 - Wireshark User’s Guide
 - Wireshark Developer’s Guide
-- Release notes (NEWS)
+- Release notes
 - Lua Reference
 
 To build everything, build the `all_guides` target, e.g. `ninja
@@ -27,9 +27,8 @@ See the https://www.wireshark.org/docs/wsdg_html_chunked/ChToolsDocumentationToo
 
 The User’s and Developer’s Guides were originally written in DocBook and
 were later converted to https://asciidoc.org/[AsciiDoc]. We subsequently
-switched from AsciiDoc to Asciidoctor. As a result we currently use
-https://asciidoctor.org/docs/migration/[compat mode], but may switch
-to Asciidoctor’s modern markup at a later date.
+switched from AsciiDoc to Asciidoctor.
+We currently use Asciidoctor’s modern (>= 1.5.0) syntax.
 
 Please use the following conventions when writing documentation:
 
@@ -61,7 +60,7 @@ many (especially in a row) are distracting and annoying.
 
 == Custom Asciidoctor Macros
 
-The following custom macros are available in `docbook/asciidoctor-macros`:
+The following custom macros are available in `doc/asciidoctor-macros`:
 
 commaize-block::
 Sorts a list of items and separates them with commas with an "and" preceding the last item.
@@ -91,46 +90,4 @@ _attributes.adoc_. The User’s Guide and Developer’s Guide are split
 across several files, and only the top-level _user-guide.adoc_ and
 _developer-guide.adoc_ include _attributes.adoc_. As a result,
 some markup will be incomplete. You can work around this somewhat by
-adding some attributes such as `compat-mode experimental` to your Live
-Preview settings.
-
-= HTML Help Alternatives
-
-Ideally we would ship documentation with Wireshark that is pleasant to
-read, browsable, and searchable. Unfortunately we don't have an easy way
-to do this. The closest we've been able to come is by shipping an HTML
-Help (.chm) file on Windows. However, HTML Help a) is limited to Windows,
-b) crusty on normal displays, and c) really crusty on HiDPI displays.
-
-The following alternative formats are available, each with advantages
-and disadvantages:
-
-== WebHelp
-
-https://en.wikipedia.org/wiki/Web_help[WebHelp] has three main
-dependencies:
-
-- DocBook XSL, including...
-- webhelpindexer.jar
-- The user's local web browser
-
-This format generates both HTML pages and JavaScript, which might not run
-reliably on end user machines.
-
-== PDF
-
-PDF output is page oriented, with static page sizes. This _usually_ isn't
-a problem with modern reader software. However it doesn't look like we
-can reliably load a PDF file and jump to specific section on some
-platforms. For example, loading +++file:///path/to/user_guide.pdf#location+++
-works in Firefox & Chrome, but not in Safari, Preview, or Internet Explorer.
-
-== Qt Help
-
-Qt provides an extensive https://doc.qt.io/qt-5/qthelp-framework.html[help system].
-However, to use it we need to generate a Qt Help Project (.qhp) file,
-which isn't currently supported by Asciidoctor or via DocBook XSL.
-
-The default help application (Qt Assistant) is ugly. We'd probably want
-to write our own help viewer app or integrate help directly via
-QHelpEngine.
+adding the `experimental` attribute to your Live Preview settings.
diff --git a/doc/README.heuristic b/doc/README.heuristic
index 08e9464f..7f8a6364 100644
--- a/doc/README.heuristic
+++ b/doc/README.heuristic
@@ -125,15 +125,15 @@ test_PROTOABBREV(packet_info *pinfo _U_, tvbuff_t *tvb, int offset _U_, void *da
         return false;
 
     /* 1) first byte must be 0x42 */
-    if ( tvb_get_guint8(tvb, 0) != 0x42 )
+    if ( tvb_get_uint8(tvb, 0) != 0x42 )
         return false;
 
     /* 2) second byte is a type field and only can contain values between 0x20-0x33 */
-    if ( tvb_get_guint8(tvb, 1) < 0x20 || tvb_get_guint8(tvb, 1) > 0x33 )
+    if ( tvb_get_uint8(tvb, 1) < 0x20 || tvb_get_uint8(tvb, 1) > 0x33 )
         return false;
 
     /* 3) third byte is a flag field, where the lower 4 bits always contain the value 0 */
-    if ( tvb_get_guint8(tvb, 2) & 0x0f )
+    if ( tvb_get_uint8(tvb, 2) & 0x0f )
         return false;
 
     /* 4) fourth and fifth bytes contains a 16 bit length field, where the value can't be longer than 10000 bytes */
@@ -187,7 +187,7 @@ dissect_PROTOABBREV_heur_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree
     /*   and do the dissection */
     dissect_PROTOABBREV_tcp(tvb, pinfo, tree, data);
 
-    return (true);
+    return true;
 }
 
 static int
diff --git a/doc/README.request_response_tracking b/doc/README.request_response_tracking
index 9660a625..56200946 100644
--- a/doc/README.request_response_tracking
+++ b/doc/README.request_response_tracking
@@ -34,9 +34,9 @@ First we need to include the definitions for conversations.
 Then we also need a few header fields to show the relations between request
 and response as well as the response time.
 
-	static int hf_pana_response_in = -1;
-	static int hf_pana_response_to = -1;
-	static int hf_pana_response_time = -1;
+	static int hf_pana_response_in;
+	static int hf_pana_response_to;
+	static int hf_pana_response_time;
 
 We need a structure that holds all the information we need to remember
 between the request and the responses. One such structure will be allocated
diff --git a/doc/README.stats_tree b/doc/README.stats_tree
index 1b7e69e4..9d303d38 100644
--- a/doc/README.stats_tree
+++ b/doc/README.stats_tree
@@ -116,10 +116,10 @@ stats_tree_register(tapname, abbr, name, flags, packet_cb, init_cb, cleanup_cb);
  registers a new stats tree with default group REGISTER_STAT_GROUP_UNSORTED
 
 stats_tree_register_plugin(tapname, abbr, name, flags, packet_cb, init_cb, cleanup_cb);
- registers a new stats tree from a plugin with the default group
+ registers a new stats tree from a plugin with the default group REGISTER_STAT_GROUP_UNSORTED
 
-stats_tree_register_with_group(tapname, abbr, name, flags, packet_cb, init_cb, cleanup_cb, stat_group);
- registers a new stats tree under a particular stat group
+stats_tree_set_group(st_config, stat_group);
+ changes the menu statistics group for a stats tree
 
 stats_tree_parent_id_by_name( st, parent_name)
   returns the id of a candidate parent node given its name
diff --git a/doc/README.tapping b/doc/README.tapping
index 4fcb6389..da3a0f27 100644
--- a/doc/README.tapping
+++ b/doc/README.tapping
@@ -33,7 +33,7 @@ do and is done in four easy steps;
 1, We need tap.h so just add '#include <epan/tap.h>' (preceded by packet.h) to
 the includes.
 
-2, We need a tap handler so just add 'static int <protocol>_tap = -1;'
+2, We need a tap handler so just add 'static int <protocol>_tap;'
 
 3, Down in proto_register_<protocol>() you need to add
 '<protocol>_tap = register_tap("<protocol>");'
@@ -111,7 +111,15 @@ is a set of flags for the tap listener.  The flags that can be set are:
 	tree to be built.  It will require a protocol tree to be
 	built if either
 
-		1) it looks at the protocol tree in edt->tree
+		1) it looks at the protocol tree in edt->tree (N.B.: this
+		   flag does *NOT* guarantee that the tree contains all fields
+		   actually in the packet. Fields that are not referenced
+		   [by a filter, by custom columns, etc.] will be "faked" and
+		   not present. It is not necessary to include this flag if
+		   the tap has a filter string, though, as filtering implies
+		   needing the tree. So this case is rare. Actually making
+		   all fields present in the tree requires a visible tree,
+		   e.g. via epan_set_always_visible(), which hurts performance.)
 
 	or
 
@@ -126,7 +134,7 @@ is a set of flags for the tap listener.  The flags that can be set are:
     TL_REQUIRES_ERROR_PACKET
 
         set if your tap listener should be updated even when pinfo->flags.in_error_pkt is set
-        e.g. if it is inside an ICMP unreachable packet
+        e.g. if it is inside an ICMP unreachable packet.
 
     If no flags are needed, use TL_REQUIRES_NOTHING.
 
diff --git a/doc/README.wmem b/doc/README.wmem
index 8473a23b..239926b7 100644
--- a/doc/README.wmem
+++ b/doc/README.wmem
@@ -13,7 +13,7 @@ Correct use of these functions will make your code faster, and greatly reduce
 the chances that it will leak memory in exceptional cases.
 
 Wmem was originally conceived in this email to the wireshark-dev mailing list:
-https://www.wireshark.org/lists/wireshark-dev/201210/msg00178.html
+https://lists.wireshark.org/archives/wireshark-dev/201210/msg00178.html
 
 2. Usage for Consumers
 
diff --git a/doc/README.wslua b/doc/README.wslua
index c26dcf93..63bc1d51 100644
--- a/doc/README.wslua
+++ b/doc/README.wslua
@@ -44,9 +44,8 @@ Lua tables. (you can do so, but it's not advisable)
 Both of the scripts above are given the C-source files to search through
 by the make process, generated from the lists in epan/wslua/CMakeLists.txt.
 Naturally if you add new source files, you need to add them to the list in
-epan/wslua/CMakeLists.txt. You also have to add the module name into
-docbook/user-guide.xml and docbook/wsluarm.xml, and the source files into
-docbook/CMakeLists.txt, to get it to be generated in the user guide.
+epan/wslua/CMakeLists.txt. You also have to add the source files into
+doc/CMakeLists.txt, to get it to be generated in the user guide.
 
 Due to those documentation and registration scripts, you MUST follow some very
 specific conventions in the functions you write to expose C-side code to Lua,
@@ -255,10 +254,10 @@ type that make-taps.py has in its Python "types" and "comments" dictionaries.
 
 Note on Lua versions:
 
-Wireshark supports both Lua 5.1 and 5.2, which are defined as LUA_VERSION_NUM
-values 501 and 502 respectively.  When exposing things into Lua, make sure to
+Wireshark supports both Lua 5.3 and 5.4, which are defined as LUA_VERSION_NUM
+values 503 and 504 respectively.  When exposing things into Lua, make sure to
 use ifdef wrappers for things which changed between the versions of Lua.  See
-this for details: http://www.lua.org/manual/5.2/manual.html#8.3
+this for details: http://www.lua.org/manual/5.3/manual.html#8.3
 
 ==============================================================================
 
@@ -284,16 +283,15 @@ file as that WSLUA_MODULE comment.  You'll also note the documentation
 includes a sub-section for 'Non Method Functions', which it auto-generated
 from anything with a 'WSLUA_FUNCTION' macro (as opposed to class member
 functions, which use the 'WSLUA_METHOD' and 'WSLUA_CONSTRUCTOR' macros). Also,
-to make new wslua files generate documentation, it is not sufficient to just
-add this macro to a new file and add the file to the CMakeLists.txt; you also
-have to add the module name into docbook/user-guide.xml, and docbook/wsluarm.xml.
+to make new wslua files generate documentation, add this macro to a new file
+and add the file to the doc/CMakeLists.txt.
 
 
 WSLUA_CONTINUE_MODULE - like WSLUA_MODULE, except used at the top of a .c file
 to continue defining classes/functions/etc. within a previously declared module
 in a previous file (i.e., one that used WSLUA_MODULE). The module name must match
 the original one, and the .c file must be listed after the original one in the
-CMakeLists.txt lists in the docbook directory.
+CMakeLists.txt lists in the doc directory.
 
 
 WSLUA_ATTRIBUTE - this is another documentation-only "macro", only used within
diff --git a/docbook/asciidoctor-macros/README.adoc b/doc/asciidoctor-macros/README.adoc
index cc5d64e5..cc5d64e5 100644
--- a/docbook/asciidoctor-macros/README.adoc
+++ b/doc/asciidoctor-macros/README.adoc
diff --git a/docbook/asciidoctor-macros/commaize-block.rb b/doc/asciidoctor-macros/commaize-block.rb
index aff6a3c1..aff6a3c1 100644
--- a/docbook/asciidoctor-macros/commaize-block.rb
+++ b/doc/asciidoctor-macros/commaize-block.rb
diff --git a/docbook/asciidoctor-macros/commaize-block/extension.rb b/doc/asciidoctor-macros/commaize-block/extension.rb
index 710f1a7e..710f1a7e 100644
--- a/docbook/asciidoctor-macros/commaize-block/extension.rb
+++ b/doc/asciidoctor-macros/commaize-block/extension.rb
diff --git a/docbook/asciidoctor-macros/commaize-block/sample.adoc b/doc/asciidoctor-macros/commaize-block/sample.adoc
index 9cb2e1ec..9cb2e1ec 100644
--- a/docbook/asciidoctor-macros/commaize-block/sample.adoc
+++ b/doc/asciidoctor-macros/commaize-block/sample.adoc
diff --git a/docbook/asciidoctor-macros/cveidlink-inline-macro.rb b/doc/asciidoctor-macros/cveidlink-inline-macro.rb
index beb19a3b..beb19a3b 100644
--- a/docbook/asciidoctor-macros/cveidlink-inline-macro.rb
+++ b/doc/asciidoctor-macros/cveidlink-inline-macro.rb
diff --git a/docbook/asciidoctor-macros/cveidlink-inline-macro/extension.rb b/doc/asciidoctor-macros/cveidlink-inline-macro/extension.rb
index 2dec88da..2dec88da 100644
--- a/docbook/asciidoctor-macros/cveidlink-inline-macro/extension.rb
+++ b/doc/asciidoctor-macros/cveidlink-inline-macro/extension.rb
diff --git a/docbook/asciidoctor-macros/manarg-block.rb b/doc/asciidoctor-macros/manarg-block.rb
index 07a9bf26..07a9bf26 100644
--- a/docbook/asciidoctor-macros/manarg-block.rb
+++ b/doc/asciidoctor-macros/manarg-block.rb
diff --git a/docbook/asciidoctor-macros/manarg-block/extension.rb b/doc/asciidoctor-macros/manarg-block/extension.rb
index 2461e723..2461e723 100644
--- a/docbook/asciidoctor-macros/manarg-block/extension.rb
+++ b/doc/asciidoctor-macros/manarg-block/extension.rb
diff --git a/docbook/asciidoctor-macros/manarg-block/sample.adoc b/doc/asciidoctor-macros/manarg-block/sample.adoc
index 5b4a4019..5b4a4019 100644
--- a/docbook/asciidoctor-macros/manarg-block/sample.adoc
+++ b/doc/asciidoctor-macros/manarg-block/sample.adoc
diff --git a/docbook/asciidoctor-macros/ws_utils.rb b/doc/asciidoctor-macros/ws_utils.rb
index 9a4551a0..9a4551a0 100644
--- a/docbook/asciidoctor-macros/ws_utils.rb
+++ b/doc/asciidoctor-macros/ws_utils.rb
diff --git a/docbook/asciidoctor-macros/wsbuglink-inline-macro.rb b/doc/asciidoctor-macros/wsbuglink-inline-macro.rb
index 3f192aab..3f192aab 100644
--- a/docbook/asciidoctor-macros/wsbuglink-inline-macro.rb
+++ b/doc/asciidoctor-macros/wsbuglink-inline-macro.rb
diff --git a/docbook/asciidoctor-macros/wsbuglink-inline-macro/extension.rb b/doc/asciidoctor-macros/wsbuglink-inline-macro/extension.rb
index 6cdb665b..6cdb665b 100644
--- a/docbook/asciidoctor-macros/wsbuglink-inline-macro/extension.rb
+++ b/doc/asciidoctor-macros/wsbuglink-inline-macro/extension.rb
diff --git a/docbook/asciidoctor-macros/wssalink-inline-macro.rb b/doc/asciidoctor-macros/wssalink-inline-macro.rb
index 3172ea50..3172ea50 100644
--- a/docbook/asciidoctor-macros/wssalink-inline-macro.rb
+++ b/doc/asciidoctor-macros/wssalink-inline-macro.rb
diff --git a/docbook/asciidoctor-macros/wssalink-inline-macro/extension.rb b/doc/asciidoctor-macros/wssalink-inline-macro/extension.rb
index 3af9c8f3..3af9c8f3 100644
--- a/docbook/asciidoctor-macros/wssalink-inline-macro/extension.rb
+++ b/doc/asciidoctor-macros/wssalink-inline-macro/extension.rb
diff --git a/doc/asciidoctor-themes/wsug-theme.yml b/doc/asciidoctor-themes/wsug-theme.yml
new file mode 100644
index 00000000..d45e4307
--- /dev/null
+++ b/doc/asciidoctor-themes/wsug-theme.yml
@@ -0,0 +1,12 @@
+extends: default-with-fallback-font
+
+font:
+  catalog:
+    merge: true
+    Noto Sans Symbols: NotoSansSymbols-VariableFont_wght.ttf
+    Noto Sans Math: NotoSansMath-Regular.ttf
+  fallbacks:
+  - M+ 1p Fallback
+  - Noto Emoji
+  - Noto Sans Symbols
+  - Noto Sans Math
diff --git a/docbook/attributes.adoc b/doc/attributes.adoc
index 5c6db2ca..4a58a2a3 100644
--- a/docbook/attributes.adoc
+++ b/doc/attributes.adoc
@@ -1,6 +1,6 @@
 // Common attributes
 
-:wireshark-version: 4.2.6
+:wireshark-version: 4.4.0
 :logray-version: 0.9.0
 
 // Required for btn, kbd:, and menu: macros.
@@ -20,6 +20,12 @@ endif::[]
 :pdf-page-size: 210mm x 280mm
 
 // Include glyphs for up/down arrows
+// We have a custom theme that adds fallback fonts for more symbols,
+// like ⌃ and ⌄ (Up Arrowhead and Down Arrowhead), but setting the
+// proper directory to look for theme so that it will work for all
+// documents is somewhat annoying and done in FindAsciidoctor.cmake
+// This built-in theme should be an acceptable fallback when not
+// using the CMake target.
 :pdf-theme: default-with-fallback-font
 
 //
@@ -32,11 +38,11 @@ endif::[]
 :wireshark-qa-url: https://ask.wireshark.org/
 :wireshark-foundation-url: https://wiresharkfoundation.org/
 :sharkfest-url: https://sharkfest.wireshark.org/
+:wireshark-wiki-url: https://wiki.wireshark.org/
 
 // Wireshark secondary URLs (pages)
 :wireshark-bugs-url: {wireshark-gitlab-project-url}/-/issues
 :wireshark-code-review-url: {wireshark-gitlab-project-url}/-/merge_requests
-:wireshark-wiki-url: {wireshark-gitlab-project-url}/-/wikis/
 :wireshark-authors-url: {wireshark-main-url}about.html#authors
 :wireshark-code-browse-url: {wireshark-gitlab-project-url}/-/tree/master
 :wireshark-code-file-url: {wireshark-gitlab-project-url}/-/blob/master/
diff --git a/docbook/common_src/gpl_appendix.adoc b/doc/common_src/gpl_appendix.adoc
index 83744d3f..83744d3f 100644
--- a/docbook/common_src/gpl_appendix.adoc
+++ b/doc/common_src/gpl_appendix.adoc
diff --git a/docbook/common_src/typographic_conventions.adoc b/doc/common_src/typographic_conventions.adoc
index a098feef..dae74595 100644
--- a/docbook/common_src/typographic_conventions.adoc
+++ b/doc/common_src/typographic_conventions.adoc
@@ -4,7 +4,7 @@
 
 The following table shows the typographic conventions that are used in this guide.
 
-// https://github.com/oreillymedia/orm_book_samples/blob/master/asciidoc_only/preface.adoc
+// https://github.com/oreillymedia/orm_book_samples/blob/master/asciidoc_only/preface.asciidoc
 
 // AsciiDoc allows alternative markup for some styles, specifically
 // 'single quotes' and _underlines_ for italics and +plus signs+ and
diff --git a/docbook/custom_layer_single_html.xsl b/doc/custom_layer_single_html.xsl
index bdd136d8..bdd136d8 100644
--- a/docbook/custom_layer_single_html.xsl
+++ b/doc/custom_layer_single_html.xsl
diff --git a/doc/extcap_example.py b/doc/extcap_example.py
index 8c4a6b6d..60ec7e93 100755
--- a/doc/extcap_example.py
+++ b/doc/extcap_example.py
@@ -9,7 +9,7 @@
 # SPDX-License-Identifier: GPL-2.0-or-later
 #
 
-"""
+r"""
 This is a generic example, which produces pcap packages every n seconds, and
 is configurable via extcap options.
 
@@ -36,7 +36,6 @@ import re
 import argparse
 import time
 import struct
-import array
 from threading import Thread
 
 ERROR_USAGE          = 0
@@ -504,7 +503,7 @@ if __name__ == '__main__':
     if len(unknown) > 1:
         print("Extcap Example %d unknown arguments given" % len(unknown))
 
-    m = re.match('example(\d+)', args.extcap_interface)
+    m = re.match(r'example(\d+)', args.extcap_interface)
     if not m:
         sys.exit(ERROR_INTERFACE)
     interface = m.group(1)
diff --git a/doc/falcodump.adoc b/doc/falcodump.adoc
deleted file mode 100644
index cecca017..00000000
--- a/doc/falcodump.adoc
+++ /dev/null
@@ -1,145 +0,0 @@
-include::../docbook/attributes.adoc[]
-= falcodump(1)
-:doctype: manpage
-:stylesheet: ws.css
-:linkcss:
-:copycss: ../docbook/{stylesheet}
-
-== NAME
-
-falcodump - Dump log data to a file using a Falco source plugin.
-
-== SYNOPSIS
-
-[manarg]
-*falcodump*
-[ *--help* ]
-[ *--version* ]
-[ *--plugin-api-version* ]
-[ *--extcap-interfaces* ]
-[ *--extcap-dlts* ]
-[ *--extcap-interface*=<interface> ]
-[ *--extcap-config* ]
-[ *--extcap-capture-filter*=<capture filter> ]
-[ *--capture* ]
-[ *--fifo*=<path to file or pipe> ]
-[ *--plugin-source*=<source path or URL> ]
-
-== DESCRIPTION
-
-*falcodump* is an extcap tool that allows one to capture log messages from cloud providers.
-
-Each plugin is listed as a separate interface.
-For example, the AWS CloudTrail plugin is listed as “cloudtrail”.
-
-== OPTIONS
-
---help::
-Print program arguments.
-This will also list the configuration arguments for each plugin.
-
---version::
-Print the program version.
-
---plugin-api-version::
-Print the Falco plugin API version.
-
---extcap-interfaces::
-List the available interfaces.
-
---extcap-interface=<interface>::
-Use the specified interface.
-
---extcap-dlts::
-List the DLTs of the specified interface.
-
---extcap-config::
-List the configuration options of specified interface.
-
---extcap-capture-filter=<capture filter>::
-The capture filter.
-Must be a valid Sysdig / Falco filter.
-
---capture::
-Start capturing from the source specified by --plugin-source via the specified interface and write raw packet data to the location specified by --fifo.
-
---fifo=<path to file or pipe>::
-Save captured packet to file or send it through pipe.
-
---plugin-source=<source path or URL>::
-Capture from the specified location.
-
-== PLUGINS
-
-=== cloudtrail (AWS CloudTrail)
-
-CloudTrail sources can be S3 buckets or SQS queue URLs. S3 bucket URLs have the form
-
-s3://__bucket_name__/AWSLogs/__id__/CloudTrail/__region__/__year__/_month_/__day__
-
-The __region__, __year__, _month_, and __day__ components can be omitted in order to fetch more or less data.
-For example, the source s3://mybucket/AWSLogs/012345678/CloudTrail/us-west-2/2023 will fetch all CloudWatch logs for the year 2023.
-
-The cloudtrail plugin uses the AWS SDK for Go, which can obtain profile, region, and credential settings from a set of standard https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/[environment variables and configuration files].
-Falcodump will show a list of locally configured profiles and the current regions, and will let you supply a custom value as well.
-
-== EXAMPLES
-
-To see program arguments:
-
-    falcodump --help
-
-To see program version:
-
-    falcodump --version
-
-To see interfaces:
-
-    falcodump --extcap-interfaces
-
-Only one interface (falcodump) is supported.
-
-.Example output
-    interface {value=cloudtrail}{display=Falco plugin}
-
-To see interface DLTs:
-
-    falcodump --extcap-interface=cloudtrail --extcap-dlts
-
-.Example output
-    dlt {number=147}{name=cloudtrail}{display=USER0}
-
-To see interface configuration options:
-
-    falcodump --extcap-interface=cloudtrail --extcap-config
-
-.Example output
-    arg {number=0}{call=--plugin-source}{display=Plugin source}{type=string}{tooltip=The plugin data source. This us usually a URL.}{placeholder=Enter a source URL…}{required=true}{group=Capture}
-    arg {number=1}{call=cloudtrail-s3downloadconcurrency}{display=s3DownloadConcurrency}{type=integer}{default=1}{tooltip=Controls the number of background goroutines used to download S3 files (Default: 1)}{group=Capture}
-    arg {number=2}{call=cloudtrail-sqsdelete}{display=sqsDelete}{type=boolean}{default=true}{tooltip=If true then the plugin will delete sqs messages from the queue immediately after receiving them (Default: true)}{group=Capture}
-    arg {number=3}{call=cloudtrail-useasync}{display=useAsync}{type=boolean}{default=true}{tooltip=If true then async extraction optimization is enabled (Default: true)}{group=Capture}
-
-To capture AWS CloudTrail events from an S3 bucket:
-
-    falcodump --extcap-interface=cloudtrail --fifo=/tmp/cloudtrail.pcap --plugin-source=s3://aws-cloudtrail-logs.../CloudTrail/us-east-2/... --capture
-
-NOTE: kbd:[CTRL+C] should be used to stop the capture in order to ensure clean termination.
-
-== SEE ALSO
-
-xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4)
-//, xref:logray.html[logray](1)
-
-== NOTES
-
-*falcodump* is part of the *Logray* distribution.
-The latest version of *Logray* can be found at https://www.wireshark.org.
-
-HTML versions of the Wireshark project man pages are available at
-https://www.wireshark.org/docs/man-pages.
-
-== AUTHORS
-
-.Original Author
-[%hardbreaks]
-Gerald Combs <gerald[AT]wireshark.org>
diff --git a/docbook/faq.adoc b/doc/faq.adoc
index 43cfa207..9173e615 100644
--- a/docbook/faq.adoc
+++ b/doc/faq.adoc
@@ -1,7 +1,7 @@
 include::attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
-:copycss: {stylesheet}
+:copycss: {css_dir}/{stylesheet}
 :toc:
 
 = Wireshark Frequently Asked Questions
@@ -35,11 +35,8 @@ https://www.wireshark.org/about.html[About Wireshark] page.
 [#wheretogethelp]
 === Where can I get help?
 
-Community support is available on the
-https://ask.wireshark.org/[Q&A site]
-and on the wireshark-users mailing list.
-Subscription information and archives for all of Wireshark's mailing lists can be found at
-https://www.wireshark.org/mailman/listinfo[https://www.wireshark.org/mailman/listinfo].
+Community support is available on the https://ask.wireshark.org/[Q&A site] and on the wireshark-users mailing list.
+Subscription information and archives for all of Wireshark's mailing lists can be found at https://lists.wireshark.org/.
 // An IRC channel dedicated to Wireshark can be found at
 // irc://irc.freenode.net/wireshark[irc://irc.freenode.net/wireshark].
 
@@ -121,14 +118,14 @@ Wireshark as a DLL, you're probably doing it wrong.
 
 // While we try to make sure that Wireshark is as easy as possible to obtain and use, please keep in mind that it’s developed by a team of volunteers and that filling out compliance forms is pretty far beyond the scope of what those volunteers do.
 
-Please contact the https://sharkfestfoundation.org[Wireshark Foundation] and they will be able to help you for a nominal fee.
+Please contact the https://wiresharkfoundation.org[Wireshark Foundation] and they will be able to help you for a nominal fee.
 
 === Can you sign this legal agreement so that I can use Wireshark?
 
 // As with the previous question, Wireshark is developed by a team of volunteers.
 // Even if they were inclined to do so, they aren’t authorized to sign agreements on behalf of the project.
 
-Please contact the https://sharkfestfoundation.org[Wireshark Foundation] and they will be able to help you for a somewhat less nominal fee.
+Please contact the https://wiresharkfoundation.org[Wireshark Foundation] and they will be able to help you for a somewhat less nominal fee.
 
 === What protocols are currently supported?
 
@@ -177,7 +174,7 @@ Wireshark to do so), ATM connections (if the OS on which it's running
 allows Wireshark to do so), and the "any" device supported on Linux by
 recent versions of libpcap.
 
-See https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/NetworkMedia[the list of
+See {wireshark-wiki-url}CaptureSetup/NetworkMedia[the list of
 supported capture media on various OSes] for details (several items in
 there say "Unknown", which doesn't mean "Wireshark can't capture on
 them", it means "we don't know whether it can capture on them"; we
@@ -250,9 +247,9 @@ those network types.
 Each major release branch of Wireshark supports the versions of Windows that are within their product lifecycle at the time of the “.0” release for that branch.
 For example, Wireshark 3.2.0 was released in December 2019, shortly before Windows 7 reached the end of its extended support in January 2020. As a result, each of the Wireshark 3.2._x_ releases supports Windows 7, even after January 2020.
 See the
-link:https://www.wireshark.org/docs/wsug_html_chunked/ChIntroPlatforms.html[Microsoft Windows section of the User’s Guide]
+link:{wireshark-users-guide-url}ChIntroPlatforms.html[Microsoft Windows section of the User’s Guide]
 and the
-link:https://gitlab.com/wireshark/wireshark/-/wikis/Development/LifeCycle[End Of Life Planning section of the Release Life Cycle wiki page]
+link:{wireshark-wiki-url}Development/LifeCycle[End Of Life Planning section of the Release Life Cycle wiki page]
 for more details.
 
 Npcap might not work well on Windows 8 and earlier, so you might want to install WinPcap instead.
@@ -328,8 +325,8 @@ Some switches have the ability to replicate all traffic on all ports to
 a single port so that you can plug your analyzer into that single port
 to sniff all traffic. You would have to check the documentation for the
 switch to see if this is possible and, if so, to see how to do this. See
-https://gitlab.com/wireshark/wireshark/-/wikis/SwitchReference[the switch reference page] on
-https://gitlab.com/wireshark/wireshark/-/wikis[the Wireshark Wiki] for information on some
+{wireshark-wiki-url}SwitchReference[the switch reference page] on
+{wireshark-wiki-url}[the Wireshark Wiki] for information on some
 switches. (Note that it's a Wiki, so you can update or fix that
 information, or add additional information on those switches or
 information on new switches, yourself.)
@@ -555,7 +552,7 @@ various higher-level protocol implementations.
 In order to see the raw Ethernet packets, rather than "de-VLANized"
 packets, you would have to capture not on the virtual interface for the
 VLAN, but on the interface corresponding to the physical network device,
-if possible. See https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/VLAN[the
+if possible. See {wireshark-wiki-url}CaptureSetup/VLAN[the
 Wireshark Wiki item on VLAN capturing] for details.
 
 === Why does Wireshark hang after I stop a capture?
@@ -668,7 +665,7 @@ that name in the "Interface:" field and capturing on that device.
 If the attempt to capture on it succeeds, the interface is somehow not
 being reported by the mechanism Wireshark uses to get a list of
 interfaces. Try listing the interfaces with WinDump; see
-https://www.windump.org/[the WinDump Web site] for information on using
+https://www.winpcap.org/windump/[the WinDump Web site] for information on using
 WinDump.
 
 You would run WinDump with the `-D` flag; if it lists the interface,
@@ -693,7 +690,7 @@ If not, then see {npcap-main-url}[the main Npcap page] - check the "Patches, Bug
 
 If you are having trouble capturing on a particular network interface,
 first try capturing on that device with WinDump; see
-https://www.windump.org/[the WinDump Web site] for information on using
+https://www.winpcap.org/windump/[the WinDump Web site] for information on using
 WinDump.
 
 If you can capture on the interface with WinDump, send mail to
@@ -795,7 +792,7 @@ need to give your account sufficient privileges to capture packets. Only
 those interfaces that Wireshark can open for capturing show up in that
 list; if you don't have sufficient privileges to capture on any
 interfaces, no interfaces will show up in the list. See
-https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/CapturePrivileges[the Wireshark
+{wireshark-wiki-url}CaptureSetup/CapturePrivileges[the Wireshark
 Wiki item on capture privileges] for details on how to give a particular
 account or account group capture privileges on platforms where that can
 be done.
@@ -804,7 +801,7 @@ If you are running Wireshark from an account with sufficient
 privileges, then note that Wireshark relies on the libpcap library, and
 on the facilities that come with the OS on which it's running in order
 to do captures. On some OSes, those facilities aren't present by
-default; see https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/CaptureSupport[the
+default; see {wireshark-wiki-url}CaptureSetup/CaptureSupport[the
 Wireshark Wiki item on adding capture support] for details.
 
 And, even if you're running with an account that has sufficient
@@ -927,7 +924,7 @@ display IP addresses as host names, it will probably block for a long
 time trying to resolve the name because it will not be able to
 communicate with any DNS or NIS servers.
 
-See https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/WLAN[the Wireshark Wiki
+See {wireshark-wiki-url}CaptureSetup/WLAN[the Wireshark Wiki
 item on 802.11 capturing] for details.
 
 === How do I capture on an 802.11 device in monitor mode?
@@ -976,7 +973,7 @@ preferences file by adding a `tcp.check_checksum:false` line.
 === I've just installed Wireshark, and the traffic on my local LAN is boring. Where can I find more interesting captures?
 
 We have a collection of strange and exotic sample capture files at
-https://gitlab.com/wireshark/wireshark/-/wikis/SampleCaptures[https://gitlab.com/wireshark/wireshark/-/wikis/SampleCaptures]
+{wireshark-wiki-url}SampleCaptures[{wireshark-wiki-url}SampleCaptures]
 
 === Why doesn't Wireshark correctly identify RTP packets? It shows them only as UDP.
 
@@ -1048,8 +1045,8 @@ supported on your system.
 
 For some viruses/worms there might be a capture filter to recognize
 the virus traffic. Check the
-https://gitlab.com/wireshark/wireshark/-/wikis/CaptureFilters[CaptureFilters] page on the
-https://gitlab.com/wireshark/wireshark/-/wikis[Wireshark Wiki] to see if anybody's added
+{wireshark-wiki-url}CaptureFilters[CaptureFilters] page on the
+{wireshark-wiki-url}[Wireshark Wiki] to see if anybody's added
 such a filter.
 
 Note that Wireshark was not designed to be an intrusion detection
diff --git a/doc/logray-quick-start.adoc b/doc/logray-quick-start.adoc
new file mode 100644
index 00000000..d9007c37
--- /dev/null
+++ b/doc/logray-quick-start.adoc
@@ -0,0 +1,70 @@
+= Logray Quick Start
+
+Logray is a sibling application for Wireshark which focuses on system calls and log messages.
+It helps people understand, troubleshoot, and secure their systems via system calls and log messages similar to the way Wireshark helps people understand, troubleshoot, and secure their networks via packets.
+
+This document provides brief instructions for obtaining, using, and building Logray until more complete documentation comparable to the Wireshark Developer’s and User’s Guides can be written.
+
+== Getting Logray
+
+You can get Windows and macOS development packages from https://www.wireshark.org/download/automated/.
+Native system call captures aren't yet supported on those platforms, but they do come with the https://github.com/falcosecurity/plugins/blob/main/plugins/cloudtrail/README.md[CloudTrail plugin], which can pull AWS CloudTrail logs from an S3 bucket or SQS/SNS.
+
+If you wish to use Logray on Linux you will have to built it yourself.
+Instructions for doing that can be found in the <<building_logray,Building Logray>> section below.
+
+== Using Logray
+
+Logray shares a great deal of code with Wireshark, including most of its UI elements.
+If you are familiar with Wireshark, its interface and workflows should be familiar.
+
+One issue that you might run into initially is that system calls and logs deal with different information.
+As a result, the event list column preferences need to be configured to match the kind of data that you are analyzing.
+Logray's default configuration profile assumes that you are analyzing system calls.
+It ships with a "Cloudtrail" configuration profile which is geared toward CloudTrail events.
+You can find more information on working with configuration profiles in the https://www.wireshark.org/docs/wsug_html_chunked/ChCustConfigProfilesSection.html[Configuration Profiles] section in the Wireshark User's Guide.
+If you switch back and forth between system call and CloudTrail captures on a regular basis, you might find the "Automatic Profile Switching" feature useful.
+
+You can obtain system call captures using the https://github.com/draios/sysdig[sysdig command line tool] or by using Logray on a Linux system.
+
+The https://gitlab.com/wireshark/wireshark/-/blob/master/doc/falcodump.adoc[falcodump manpage] provides information how to use Falco Plugin extcap interface.
+
+== Building Logray[[building_logray]]
+
+Logray requires the same build environment as Wireshark.
+See the https://www.wireshark.org/docs/wsdg_html_chunked/[Wireshark Developer’s Guide] for instructions on setting that up.
+
+It additionally requires libsinsp and libscap from https://github.com/falcosecurity/libs/[falcosecurity/libs] and any desired plugins from https://github.com/falcosecurity/plugins/[falcosecurity/plugins].
+
+In order to build Logray, do the following:
+
+1. https://falco.org/docs/getting-started/source/[Build falcosecurity/libs].
+
+2. Build any desired https://github.com/falcosecurity/plugins/[Falco plugins] and copy them somewhere, such as `/usr/local/lib/falcosecurity/plugins`.
+
+3. Build the Wireshark sources with the following CMake options:
++
+--
+[horizontal]
+BUILD_logray:: Must be enabled, e.g. set to ON
+BUILD_falcodump:: Must be enabled, e.g. set to ON
+CMAKE_PREFIX_PATH:: If you installed libsinsp and libscap to a non-standard directory, https://cmake.org/cmake/help/latest/variable/CMAKE_PREFIX_PATH.html[this should point there].
+FALCO_PLUGINS:: Semicolon-separated paths to individual Falco plugins, e.g. `/path/to/libcloudtrail.so`.
+--
+
+.Example 1: Building on Linux using Make
+[sh]
+----
+# This assumes that falcosecurity-libs and the CloudTral plugin were installed in
+# `/opt/falco-libs/0.17.1`.
+cmake \
+  -DBUILD_logray=ON \
+  -DBUILD_falcodump=ON \
+  -DCMAKE_PREFIX_PATH=/opt/falco-libs/0.17.1 \
+  -DFALCO_PLUGINS=/opt/falco-libs/0.17.1/lib/falcosecurity/plugins/libcloudtrail.so \
+  ..
+make -j $(getconf _NPROCESSORS_ONLN)
+----
+
+
+If you want to add other Falco plugins later you can copy them to a `falco` subfolder in the Global Plugins folder. The path to the Global Plugins folder is shown in the About Logray Folders dialog.
diff --git a/doc/androiddump.adoc b/doc/man_pages/androiddump.adoc
index d68a3a3a..21f5f79b 100644
--- a/doc/androiddump.adoc
+++ b/doc/man_pages/androiddump.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = androiddump(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
diff --git a/doc/asn2deb.adoc b/doc/man_pages/asn2deb.adoc
index db976522..e02844cc 100644
--- a/doc/asn2deb.adoc
+++ b/doc/man_pages/asn2deb.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = asn2deb(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
diff --git a/doc/capinfos.adoc b/doc/man_pages/capinfos.adoc
index 4dec8136..c609ab72 100644
--- a/doc/capinfos.adoc
+++ b/doc/man_pages/capinfos.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = capinfos(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
@@ -93,11 +93,10 @@ the same way *Capinfos* handles this.
 == OPTIONS
 
 -a::
-Displays the start time of the capture.  *Capinfos* considers
-the earliest timestamp seen to be the start time, so the
-first packet in the capture is not necessarily the earliest -
-if packets exist "out-of-order", time-wise, in the capture,
-*Capinfos* detects this.
+Displays the timestamp of the earliest packet in the capture. The
+earliest packet in the capture is not necessarily the first packet in
+the capture - if packets exist "out-of-order", time-wise, in the
+capture, *Capinfos* detects this.
 
 -A::
 Generate all infos. By default *Capinfos* will display
@@ -162,11 +161,10 @@ Displays a count of the number of decryption secrets in the file. This informati
 is not available in table format.
 
 -e::
-Displays the end time of the capture.  *Capinfos* considers
-the latest timestamp seen to be the end time, so the
-last packet in the capture is not necessarily the latest -
-if packets exist "out-of-order", time-wise, in the capture,
-*Capinfos* detects this.
+Displays the timestamp of the latest packet in the capture. The latest
+packet in the capture is not necessarily the last packet in the capture
+- if packets exist "out-of-order", time-wise, in the capture, *Capinfos*
+detects this.
 
 -E::
 Displays the per-file encapsulation of the capture file.
@@ -285,8 +283,8 @@ Displays the size of the file, in bytes.  This reports
 the size of the capture file itself.
 
 -S::
-Display the start and end times as seconds since January
-1, 1970. Handy for synchronizing dumps using *editcap -t*.
+Display the earliest and latest packet timestamps as seconds since
+January 1, 1970. Handy for synchronizing dumps using *editcap -t*.
 
 -t::
 Displays the capture type of the capture file.
diff --git a/doc/captype.adoc b/doc/man_pages/captype.adoc
index 11eb6bf0..94c07274 100644
--- a/doc/captype.adoc
+++ b/doc/man_pages/captype.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = captype(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
diff --git a/doc/ciscodump.adoc b/doc/man_pages/ciscodump.adoc
index b721b284..10ce4b69 100644
--- a/doc/ciscodump.adoc
+++ b/doc/man_pages/ciscodump.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = ciscodump(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
diff --git a/doc/diagnostic-options.adoc b/doc/man_pages/diagnostic-options.adoc
index 1500168f..1500168f 100644
--- a/doc/diagnostic-options.adoc
+++ b/doc/man_pages/diagnostic-options.adoc
diff --git a/doc/dissection-options.adoc b/doc/man_pages/dissection-options.adoc
index 5c55a763..f46a06af 100644
--- a/doc/dissection-options.adoc
+++ b/doc/man_pages/dissection-options.adoc
@@ -111,6 +111,9 @@ MaxMind databases
 *N* to enable using external resolvers (e.g., DNS) for network address
 resolution; no effect without *n* also enabled.
 
+*s* to enable address resolution using SNI information found in captured
+handshake packets
+
 *t* to enable transport-layer port number resolution
 
 *v* to enable VLAN IDs to names resolution
diff --git a/doc/dpauxmon.adoc b/doc/man_pages/dpauxmon.adoc
index cf98cecb..9d2a9e5c 100644
--- a/doc/dpauxmon.adoc
+++ b/doc/man_pages/dpauxmon.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = dpauxmon(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
diff --git a/doc/dumpcap.adoc b/doc/man_pages/dumpcap.adoc
index a9998d2a..9fdcf72c 100644
--- a/doc/dumpcap.adoc
+++ b/doc/man_pages/dumpcap.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = dumpcap(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
@@ -21,6 +21,7 @@ dumpcap - Dump network traffic
 [ *-d* ]
 [ *-D*|*--list-interfaces* ]
 [ *-f* <capture filter> ]
+[ *-F* <file format> ]
 [ *-g* ]
 [ *-i*|*--interface* <capture interface>|rpcap://<host>:<port>/<capture interface>|TCP@<host>:<port>|- ]
 [ *-I*|*--monitor-mode* ]
@@ -34,6 +35,7 @@ dumpcap - Dump network traffic
 [ *--ifname* <name> ]
 [ *-P* ]
 [ *-q* ]
+[ *-Q* ]
 [ *-s*|*--snapshot-length* <capture snaplen> ]
 [ *-S* ]
 [ *-t* ]
@@ -57,9 +59,8 @@ dumpcap - Dump network traffic
 
 *Dumpcap* is a network traffic dump tool.  It lets you capture packet
 data from a live network and write the packets to a file.  *Dumpcap*'s
-default capture file format is *pcapng* format.
-When the *-P* option is specified, the output file is written in the
-*pcap* format.
+default capture file format is *pcapng* format. The *-F* option can
+be specified to write the output file in the *pcap* format instead.
 
 Without any options set it will use the libpcap, Npcap, or WinPcap library to
 capture traffic from the first available network interface and writes
@@ -92,7 +93,7 @@ were written.
 *filesize*:__value__ Stop writing to a capture file after it reaches a size of
 __value__ kB. If this option is used together with the -b option, dumpcap will
 stop writing to the current capture file and switch to the next one if filesize
-is reached.  Note that the filesize is limited to a maximum value of 2 GiB.
+is reached.  Note that the filesize is limited to a maximum value of 2 TB.
 
 *packets*:__value__ Stop writing to a capture file after __value__ packets
 have been written. Acts the same as *-c* <capture packet count>.
@@ -134,7 +135,7 @@ parameter takes exactly one criterion; to specify two criterion, each must be
 preceded by the *-b* option.
 
 *filesize*:__value__ switch to the next file after it reaches a size of
-__value__ kB.  Note that the filesize is limited to a maximum value of 2 GiB.
+__value__ kB.  Note that the filesize is limited to a maximum value of 2 TB.
 
 *interval*:__value__ switch to the next file when the time is an exact
 multiple of __value__ seconds.  For example, use 3600 to switch to a new file
@@ -214,6 +215,17 @@ this option. If the capture filter expression is not set specifically,
 the default capture filter expression is used if provided.
 --
 
+-F  <file format>::
+Set the file format of the output capture file written using the *-w*
+option. In situations that require the *pcapng* format, such as capturing
+from multiple interfaces, this option will be overridden. The option *-F*
+without a value will list the available formats. The default is the
+*pcapng* format.
+
+Fewer formats are supported than by xref:tshark.html[tshark](1); this is
+intentional for security reasons. Use *tshark* or capture and then convert
+the file with xref:editcap.html[editcap](1) if another format is needed.
+
 -g::
 This option causes the output file(s) to be created with group-read permission
 (meaning that the output file(s) can be read by other members of the calling
@@ -320,7 +332,8 @@ The machine-readable output is intended to be read by *Wireshark* and
 --
 
 -n::
-Save files as pcapng. This is the default.
+Save files as pcapng. This is the default. This option is deprecated
+and may be removed.
 
 -N  <packet limit>::
 +
@@ -352,7 +365,8 @@ promiscuous mode.
 -P::
 Save files as pcap instead of the default pcapng. In situations that require
 pcapng, such as capturing from multiple interfaces, this option will be
-overridden.
+overridden. This option is deprecated in favor of the *-F* option and
+may be removed.
 
 -q::
 +
@@ -367,6 +381,23 @@ might be set to "disabled" by default on at least some BSDs, so you'd
 have to explicitly set it to use it).
 --
 
+-Q::
++
+--
+When capturing packets, don't display, on the standard error, the initial
+message indicating on what interfaces the capture is being done, the
+messages indicating to what file a capture is being written, the continuous
+count of packets captured that is normally shown when saving a capture to
+a file, and the message at the end of the capture giving a count of packets
+captured.  This outputs less than the *-q* option; only true errors are
+displayed on the standard error.
+
+On systems that support the SIGINFO signal, such as various BSDs, you can
+cause the current count to be displayed by typing your "status" character
+(typically control-T, although it might be set to "disabled" by default on
+at least some BSDs, so you'd have to explicitly set it to use it).
+--
+
 -s|--snapshot-length  <capture snaplen>::
 +
 --
diff --git a/doc/editcap.adoc b/doc/man_pages/editcap.adoc
index 20fadc1a..5b4be3fc 100644
--- a/doc/editcap.adoc
+++ b/doc/man_pages/editcap.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = editcap(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
@@ -52,6 +52,13 @@ __outfile__
 
 [manarg]
 *editcap*
+*--extract-secrets*
+[ *-V* ]
+__infile__
+__outfile__
+
+[manarg]
+*editcap*
 *-h|--help*
 
 [manarg]
@@ -97,6 +104,13 @@ the same way *Editcap* handles this.
 *Editcap* can write the file in several output formats. The *-F*
 flag can be used to specify the format in which to write the capture
 file; *editcap -F* provides a list of the available output formats.
+*Editcap* can also compress the output file. The *--compress* option
+can specify the compression type. If that option is not given, then the desired
+compression method, if any, is deduced from the extension of __outfile__;
+e.g., if the output filename has the .gz extension, then the gzip format is used.
+
+*Editcap* can also be used to extract embedded decryption secrets from file
+formats like *pcapng* that contain them, in lieu of writing a capture file.
 
 == OPTIONS
 
@@ -452,13 +466,27 @@ additional configuration in protocol preferences.
 
 The file format is described by <secrets type> which can be one of:
 
-__tls__  TLS Key Log as described at https://developer.mozilla.org/NSS_Key_Log_Format +
-__wg__   WireGuard Key Log, see https://gitlab.com/wireshark/wireshark/-/wikis/WireGuard#key-log-format
+__opcua__  OPC UA Key Log, see https://ietf-opsawg-wg.github.io/draft-ietf-opsawg-pcap/draft-ietf-opsawg-pcapng.html#name-decryption-secrets-block +
+__ssh__  SSH Key Log, see {wireshark-wiki-url}SSH#key-log-format +
+__tls__  TLS Key Log, see https://tlswg.org/sslkeylogfile/draft-ietf-tls-keylogfile.html +
+__wg__   WireGuard Key Log, see {wireshark-wiki-url}WireGuard#key-log-format
 
 This option may be specified multiple times. The available options for
 <secrets type> can be listed with *--inject-secrets help*.
 --
 
+--extract-secrets::
++
+--
+Extracts each Decryption Secrets Block (DSB) contained within __infile__.
+If there is only one, it is written to __outfile__ instead of a capture file.
+If there is more than one, they are each written to unique output files named
+with an infix _nnnnn before the file extension of __outfile__ in a manner
+similar to the *-c* flag (unless writing to standard output.)
+
+Incompatible with other options except for *-V*.
+
+--
 --discard-all-secrets::
 +
 --
@@ -502,6 +530,14 @@ file. Does not discard comments added by *-a* in the same
 command line.
 --
 
+--compress <type>::
++
+--
+Compress the output file using the type compression format.
+*--compress* with no argument provides a list of the compression formats supported
+for writing. The type given takes precedence over the extension of __outfile__.
+--
+
 include::diagnostic-options.adoc[]
 
 == EXAMPLES
diff --git a/doc/etwdump.adoc b/doc/man_pages/etwdump.adoc
index b1070d38..f9df8ac6 100644
--- a/doc/etwdump.adoc
+++ b/doc/man_pages/etwdump.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = etwdump(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
diff --git a/doc/extcap.adoc b/doc/man_pages/extcap.adoc
index 511a59cc..ce8ae933 100644
--- a/doc/extcap.adoc
+++ b/doc/man_pages/extcap.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = extcap(4)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
@@ -29,8 +29,8 @@ The extcap subsystem is made of multiple extcap binaries that are automatically
 called by the GUI in a row. In the following chapters we will refer to them as
 "the extcaps".
 
-Extcaps may be any binary or script within the extcap directory. Please note, that scripts
-need to be executable without prefacing a script interpreter before the call.
+Extcaps may be any binary or script within the _extcap/wireshark_ or _extcap/logray_ directories.
+Please note that scripts need to be executable without prefacing a script interpreter before the call.
 
 WINDOWS USERS: Because of restrictions directly calling the script may not always work.
 In such a case, a batch file may be provided, which then in turn executes the script. Please
diff --git a/doc/man_pages/falcodump.adoc b/doc/man_pages/falcodump.adoc
new file mode 100644
index 00000000..9e5b94f0
--- /dev/null
+++ b/doc/man_pages/falcodump.adoc
@@ -0,0 +1,231 @@
+include::../attributes.adoc[]
+= falcodump(1)
+:doctype: manpage
+:stylesheet: ws.css
+:linkcss:
+:copycss: {css_dir}/{stylesheet}
+
+== NAME
+
+falcodump - Dump log data to a file using a Falco source plugin.
+
+== SYNOPSIS
+
+.Common options
+[manarg]
+*falcodump*
+[ *--help* ]
+[ *--version* ]
+[ *--plugin-api-version* ]
+[ *--extcap-interfaces* ]
+[ *--extcap-dlts* ]
+[ *--extcap-interface*=<interface> ]
+[ *--extcap-config* ]
+[ *--extcap-capture-filter*=<capture filter> ]
+[ *--capture* ]
+[ *--fifo*=<path to file or pipe> ]
+[ *--plugin-source*=<source path or URL> ]
+[ *--log-level*=<log level> ]
+[ *--log-file*=<path to file> ]
+
+.System call options
+[manarg]
+[ *--include-capture-processes=<TRUE or FALSE> ]
+[ *--include-switch-calls=<TRUE or FALSE> ]
+
+
+.CloudTrail plugin options
+[manarg]
+[ *--cloudtrail-s3downloadconcurrency*=<number of concurrent downloads> ]
+[ *--cloudtrail-s3interval*=<timeframe> ]
+[ *--cloudtrail-s3accountlist*=<comma separated account IDs> ]
+[ *--cloudtrail-sqsdelete*=<true or false> ]
+[ *--cloudtrail-useasync*=<true or false> ]
+[ *--cloudtrail-uses3sns*=<true or false> ]
+[ *--cloudtrail-aws-region*=<AWS region> ]
+[ *--cloudtrail-aws-profile*=<AWS profile> ]
+[ *--cloudtrail-aws-config*=<path> ]
+[ *--cloudtrail-aws-credentials*=<path to file> ]
+
+
+== DESCRIPTION
+
+*falcodump* is an extcap tool that allows one to capture log messages from cloud providers.
+
+Each plugin is listed as a separate interface.
+For example, the AWS CloudTrail plugin is listed as “cloudtrail”.
+
+== OPTIONS
+
+--help::
+Print program arguments.
+This will also list the configuration arguments for each plugin.
+
+--version::
+Print the program version.
+
+--plugin-api-version::
+Print the Falco plugin API version.
+
+--extcap-interfaces::
+List the available interfaces.
+
+--extcap-interface=<interface>::
+Use the specified interface.
+
+--extcap-dlts::
+List the DLTs of the specified interface.
+
+--extcap-config::
+List the configuration options of specified interface.
+
+--extcap-capture-filter=<capture filter>::
+The capture filter.
+Must be a valid Sysdig / Falco filter.
+
+--capture::
+Start capturing from the source specified by --plugin-source via the specified interface and write raw packet data to the location specified by --fifo.
+
+--fifo=<path to file or pipe>::
+Save captured packet to file or send it through pipe.
+
+--plugin-source=<source path or URL>::
+Capture from the specified location.
+
+--log-level::
+Set the log level
+
+--log-file::
+Set a log file to log messages in addition to the console
+
+== SYSTEM CALL OPTIONS
+
+--include-capture-processes::
+Include system calls for capture processes (falcodump, dumpcap, and Logray) if TRUE.
+Defaults to FALSE.
+
+--include-switch-calls::
+Include "switch" calls if TRUE.
+Defaults to FALSE.
+
+
+== PLUGINS
+
+=== cloudtrail (AWS CloudTrail)
+
+--cloudtrail-s3downloadconcurrency::
+Controls the number of background goroutines used to download S3 files (Default: 32)
+
+--cloudtrail-s3interval::
+Download log files over the specified interval (Default: no interval)
+
+--cloudtrail-s3accountlist::
+If source is an organization CloudTrail S3 bucket download log files for all specified account IDs (Default: no account IDs)
+
+--cloudtrail-sqsdelete::
+If true then the plugin will delete SQS messages from the queue immediately after receiving them (Default: true)
+
+--cloudtrail-useasync::
+If true then async extraction optimization is enabled (Default: true)
+
+--cloudtrail-uses3sns::
+If true then the plugin will expect SNS messages to originate from S3 instead of directly from Cloudtrail (Default: false)
+
+--cloudtrail-aws-profile::
+If non-empty overrides the AWS shared configuration profile (e.g. 'default') and environment variables such as AWS_PROFILE (Default: empty)
+
+--cloudtrail-aws-region::
+If non-empty overrides the AWS region specified in the profile (e.g. 'us-east-1') and environment variables such as AWS_REGION (Default: empty)
+
+--cloudtrail-aws-config::
+If non-empty overrides the AWS shared configuration filepath (e.g. ~/.aws/config) and env variables such as AWS_CONFIG_FILE (Default: empty)
+
+--cloudtrail-aws-credentials::
+If non-empty overrides the AWS shared credentials filepath (e.g. ~/.aws/credentials) and env variables such as AWS_SHARED_CREDENTIALS_FILE (Default: empty)
+
+CloudTrail sources can be S3 buckets or SQS queue URLs. S3 bucket URLs have the form
+
+'s3://__bucket_name__/__prefix__/AWSLogs/__account-id__/CloudTrail/__region__/__year__/__month__/__day__'
+
+For organization CloudTrail the S3 bucket URL can be
+
+'s3://__bucket_name__/__prefix__/AWSLogs/__org-id__/__account-id__/CloudTrail/__region__/__year__/__month__/__day__'
+
+The __region__, __year__, __month__, and __day__ components can be omitted in order to fetch more or less data.
+For example, the source 's3://mybucket/AWSLogs/012345678/CloudTrail/us-west-2/2023' will fetch all CloudWatch logs for the year 2023.
+
+If the URL ends with '__account-id__/' or '__account-id__/CloudTrail/' (for example 's3://mybucket/AWSLOGS/012345678912/') the option '--cloudtrail-s3interval' can be used to define the time frame. A s3interval of '1d' for example would get all events of the last 24 hours from all available regions. A s3interval of '2w-1w' would get all events from all regions from two weeks ago up to one week ago. The s3invterval can also be defined as a RFC 3339-style timestamp like '2024-02-29T18:07:17Z' or '2024-02-29T00:00:00Z-2024-03-01T23:59:59Z'.
+
+If the URL ends with 'AWSLogs/__org-id__' option '--cloudtrail-s3accountlist' can be used to specify account IDs. This can be combined with '--cloudtrail-s3interval'. A source like 's3://my-org-bucket/AWSLogs/o-123abc/' with '--cloudstrail-s3accountlist' set to '123456789012,987654321098' and '--cloudtrail-s3interval' set to '30m' would get all events of the last 30min from all regions for accounts 123456789012 and 987654321098.
+
+If source URL is the organization CloudTrail bucket (like 's3://my-org-bucket/AWSLogs/o-123abc') and '--s3accountlist' is not set the plugin iterates over all accounts (limited by '--s3interval' if set). Attention: Depending on the size of the organization and the time interval, this can take a long time.
+
+The cloudtrail plugin uses the AWS SDK for Go, which can obtain profile, region, and credential settings from a set of standard https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/[environment variables and configuration files].
+Falcodump will show a list of locally configured profiles and the current regions, and will let you supply a custom value as well.
+
+More information is available in the https://github.com/falcosecurity/plugins/blob/master/plugins/cloudtrail/README.md[README] of the CloudTrail plugin.
+
+== EXAMPLES
+
+To see program arguments:
+
+    falcodump --help
+
+To see program version:
+
+    falcodump --version
+
+To see interfaces:
+
+    falcodump --extcap-interfaces
+
+Only one interface (falcodump) is supported.
+
+.Example output
+    interface {value=cloudtrail}{display=Falco plugin}
+
+To see interface DLTs:
+
+    falcodump --extcap-interface=cloudtrail --extcap-dlts
+
+.Example output
+    dlt {number=147}{name=cloudtrail}{display=USER0}
+
+To see interface configuration options:
+
+    falcodump --extcap-interface=cloudtrail --extcap-config
+
+.Example output
+    arg {number=0}{call=--plugin-source}{display=Plugin source}{type=string}{tooltip=The plugin data source. This us usually a URL.}{placeholder=Enter a source URL…}{required=true}{group=Capture}
+    arg {number=1}{call=cloudtrail-s3downloadconcurrency}{display=s3DownloadConcurrency}{type=integer}{default=1}{tooltip=Controls the number of background goroutines used to download S3 files (Default: 1)}{group=Capture}
+    arg {number=2}{call=cloudtrail-sqsdelete}{display=sqsDelete}{type=boolean}{default=true}{tooltip=If true then the plugin will delete sqs messages from the queue immediately after receiving them (Default: true)}{group=Capture}
+    arg {number=3}{call=cloudtrail-useasync}{display=useAsync}{type=boolean}{default=true}{tooltip=If true then async extraction optimization is enabled (Default: true)}{group=Capture}
+
+To capture AWS CloudTrail events from an S3 bucket:
+
+    falcodump --extcap-interface=cloudtrail --fifo=/tmp/cloudtrail.pcap --plugin-source=s3://aws-cloudtrail-logs.../CloudTrail/us-east-2/... --capture
+
+or:
+
+    falcodump --capture --extcap-interface cloudtrail --fifo ~/cloudtrail.pcap --plugin-source s3://my-cloudtrail-bucket/AWSLogs/o-abc12345/123456789012/ --cloudtrail-s3downloadconcurrency 32 --cloudtrail-s3interval 5d-2d --cloudtrail-aws-region eu-west-1
+
+NOTE: kbd:[CTRL+C] should be used to stop the capture in order to ensure clean termination.
+
+== SEE ALSO
+
+xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4)
+//, xref:logray.html[logray](1)
+
+== NOTES
+
+*falcodump* is part of the *Logray* distribution.
+The latest version of *Logray* can be found at https://www.wireshark.org.
+
+HTML versions of the Wireshark project man pages are available at
+https://www.wireshark.org/docs/man-pages.
+
+== AUTHORS
+
+.Original Author
+[%hardbreaks]
+Gerald Combs <gerald[AT]wireshark.org>
diff --git a/doc/man_pages/files.adoc b/doc/man_pages/files.adoc
new file mode 100644
index 00000000..9653ff27
--- /dev/null
+++ b/doc/man_pages/files.adoc
@@ -0,0 +1,458 @@
+== FILES
+
+These files contain various *Wireshark* configuration settings.
+
+Preferences::
++
+--
+The __preferences__ files contain global (system-wide) and personal
+preference settings.  If the system-wide preference file exists, it is
+read first, overriding the default settings.  If the personal preferences
+file exists, it is read next, overriding any previous values.  Note: If
+the command line flag *-o* is used (possibly more than once), it will
+in turn override values from the preferences files.
+
+The preferences settings are in the form __prefname:value__,
+one per line,
+where __prefname__ is the name of the preference
+and __value__ is the value to
+which it should be set; white space is allowed between *:* and
+__value__.  A preference setting can be continued on subsequent lines by
+indenting the continuation lines with white space.  A *#* character
+starts a comment that runs to the end of the line:
+
+  # Vertical scrollbars should be on right side?
+  # TRUE or FALSE (case-insensitive).
+  gui.scrollbar_on_right: TRUE
+
+The global preferences file is looked for in the __wireshark__ directory
+under the __share__ subdirectory of the main installation directory.  On
+macOS, this would typically be
+__/Application/Wireshark.app/Contents/Resources/share__; on other
+UNIX-compatible systems, such as Linux, \*BSD, Solaris, and AIX, this
+would typically be __/usr/share/wireshark/preferences__ for
+system-installed packages and __/usr/local/share/wireshark/preferences__
+for locally-installed packages; on Windows, this would typically be
+__C:\Program Files\Wireshark\preferences__.
+
+On UNIX-compatible systems, the personal preferences file is looked for
+in __$XDG_CONFIG_HOME/wireshark/preferences__, (or, if
+__$XDG_CONFIG_HOME/wireshark__ does not exist while __$HOME/.wireshark__
+does exist, __$HOME/.wireshark/preferences__); this is typically
+__$HOME/.config/wireshark/preferences__.  On Windows,
+the personal preferences file is looked for in
+__%APPDATA%\Wireshark\preferences__ (or, if %APPDATA% isn't defined,
+__%USERPROFILE%\Application Data\Wireshark\preferences__).
+
+// tag::gui[]
+Note: Whenever the preferences are saved by using the __Save__ button
+in the __Edit:Preferences__ dialog box, your personal preferences file
+will be overwritten with the new settings, destroying any comments and
+unknown/obsolete settings that were in the file.
+// end::gui[]
+--
+
+// tag::gui[]
+Recent::
++
+--
+The __recent__ file contains personal settings (mostly GUI related) such
+as the current *Wireshark* window size.  The file is saved at program exit and
+read in at program start automatically.  Note: The command line flag *-o*
+may be used to override settings from this file.
+
+The settings in this file have the same format as in the __preferences__
+files, and the same directory as for the personal preferences file is
+used.
+
+Note: Whenever Wireshark is closed, your recent file
+will be overwritten with the new settings, destroying any comments and
+unknown/obsolete settings that were in the file.
+--
+// end::gui[]
+
+Disabled (Enabled) Protocols::
++
+--
+The __disabled_protos__ files contain system-wide and personal lists of
+protocols that have been disabled, so that their dissectors are never
+called.  The files contain protocol names, one per line, where the
+protocol name is the same name that would be used in a display filter
+for the protocol:
+
+  http
+  tcp     # a comment
+
+If a protocol is listed in the global __disabled_protos__ file it cannot
+be enabled by the user.
+// tag::gui[]
+Thus it is not displayed in the __Analyze::Enabled Protocols__ dialog box.
+// end::gui[]
+
+The global __disabled_protos__ file uses the same directory as the global
+preferences file.
+
+The personal __disabled_protos__ file uses the same directory as the
+personal preferences file.
+
+The __disabled_protos__ files list only protocols that are enabled by default
+but have been disabled; protocols that are disabled by default (such as some
+postdissectors) are not listed. There are analogous __enabled_protos__ files
+for protocols that are disabled by default but have been enabled.
+
+// tag::gui[]
+Note: Whenever the disabled protocols list is saved by using the __Save__
+button in the __Analyze:Enabled Protocols__ dialog box, your personal
+disabled protocols file will be overwritten with the new settings,
+destroying any comments that were in the file.
+// end::gui[]
+--
+
+Heuristic Dissectors::
++
+--
+The __heuristic_protos__ files contain system-wide and personal lists of
+heuristic dissectors and indicate whether they are enabled or disabled.
+The files contain heuristic dissector unique short names, one per line,
+followed by a comma and 0 for disabled and 1 for enabled:
+
+  quic,1
+  rtcp_stun,1
+  rtcp_udp,1
+  rtp_stun,0
+  rtp_udp,0
+  tls_tcp,1
+
+The global __heuristic_protos__ file uses the same directory as the global
+preferences file.
+
+The personal __heuristic_protos__ file uses the same directory as the
+personal preferences file.
+
+// The global heuristic_protos doesn't have the "set_cant_toggle"
+// features that the enabled_protos and disabled_protos files do.
+--
+
+Name Resolution (hosts)::
++
+--
+Entries in __hosts__ files in the global and personal preferences
+directory are used to resolve IPv4 and IPv6 addresses before any
+other attempts are made to resolve them.
+The file has the standard __hosts__ file syntax; each line contains one
+IP address and name, separated by whitespace. The personal __hosts__
+file, if present, overrides the one in the global directory.
+
+Capture filter name resolution is handled by libpcap on UNIX-compatible
+systems, such as Linux, macOS, \*BSD, Solaris, and AIX, and Npcap or
+WinPcap on Windows.  As such the Wireshark personal __hosts__ file will
+not be consulted for capture filter name resolution.
+--
+
+
+Name Resolution (subnets)::
++
+--
+If an IPv4 address cannot be translated via name resolution (no exact
+match is found) then a partial match is attempted via the __subnets__ file.
+Both the global __subnets__ file and personal __subnets__ files are used
+if they exist.
+
+Each line of this file consists of an IPv4 address, a subnet mask length
+separated only by a / and a name separated by whitespace. While the address
+must be a full IPv4 address, any values beyond the mask length are subsequently
+ignored.
+
+An example is:
+
+# Comments must be prepended by the # sign!
+192.168.0.0/24 ws_test_network
+
+A partially matched name will be printed as "subnet-name.remaining-address".
+For example, "192.168.0.1" under the subnet above would be printed as
+"ws_test_network.1"; if the mask length above had been 16 rather than 24, the
+printed address would be "ws_test_network.0.1".
+--
+
+Name Resolution (ethers)::
++
+--
+The __ethers__ files are consulted to correlate 6-byte hardware addresses to
+names.  First the personal __ethers__ file is tried and if an address is not
+found there the global __ethers__ file is tried next.
+
+Each line contains one hardware address and name, separated by
+whitespace.  The digits of the hardware address are separated by colons
+(:), dashes (-) or periods (.).  The same separator character must be
+used consistently in an address.  The following three lines are valid
+lines of an __ethers__ file:
+
+  ff:ff:ff:ff:ff:ff          Broadcast
+  c0-00-ff-ff-ff-ff          TR_broadcast
+  00.00.00.00.00.00          Zero_broadcast
+
+The global __ethers__ file is looked for in the __/etc__ directory on
+UNIX-compatible systems, such as Linux, macOS, \*BSD, Solaris, and AIX,
+and in the main installation directory (for example, __C:\Program
+Files\Wireshark__) on Windows systems.
+
+The personal __ethers__ file is looked for in the same directory as the personal
+preferences file.
+
+Capture filter name resolution is handled by libpcap on UNIX-compatible
+systems and Npcap or WinPcap on Windows.  As such the Wireshark personal
+__ethers__ file will not be consulted for capture filter name
+resolution.
+--
+
+Name Resolution (manuf)::
++
+--
+The __manuf__ file is used to match the 3-byte vendor portion of a 6-byte
+hardware address with the manufacturer's name; it can also contain well-known
+MAC addresses and address ranges specified with a netmask.  The format of the
+file is similar the __ethers__ files, except that entries such as:
+
+  00:00:0C      Cisco     Cisco Systems, Inc
+
+can be provided, with the 3-byte OUI and both an abbreviated and long name for
+a vendor, and entries such as:
+
+  00-00-0C-07-AC/40     All-HSRP-routers
+
+can be specified, with a MAC address and a mask indicating how many bits
+of the address must match.  The above entry, for example, has 40
+significant bits, or 5 bytes, and would match addresses from
+00-00-0C-07-AC-00 through 00-00-0C-07-AC-FF.  The mask need not be a
+multiple of 8.
+
+A global __manuf__ file is looked for in the same directory as the global
+preferences file, and a personal __manuf__ file is looked for in the same
+directory as the personal preferences file.
+
+In earlier versions of Wireshark, official information from the IEEE
+Registration Authority was distributed in this format as the global
+__manuf__ file. This information is now compiled in to speed program
+startup, but the internal information can be written out in this format
+with *tshark -G manuf*.
+
+In addition to the __manuf__ file, another file with the same format,
+__wka__, is looked for in the global directory. This file is distributed
+with Wireshark, and contains data about well-known MAC adddresses and
+address ranges assembled from various non IEEE but respected sources.
+--
+
+Name Resolution (services)::
++
+--
+The __services__ file is used to translate port numbers into names.
+Both the global __services__ file and personal __services__ files are used
+if they exist.
+
+The file has the standard __services__ file syntax; each line contains one
+(service) name and one transport identifier separated by white space.  The
+transport identifier includes one port number and one transport protocol name
+(typically tcp, udp, or sctp) separated by a /.
+
+An example is:
+
+mydns       5045/udp     # My own Domain Name Server
+mydns       5045/tcp     # My own Domain Name Server
+
+In earlier versions of Wireshark, official information from the IANA
+Registry was distributed in this format as the global __services__ file.
+This information is now compiled in to speed program startup, but the
+internal information can be written out in this format with *tshark -G services*.
+--
+
+Name Resolution (ipxnets)::
++
+--
+The __ipxnets__ files are used to correlate 4-byte IPX network numbers to
+names.  First the global __ipxnets__ file is tried and if that address is not
+found there the personal one is tried next.
+
+The format is the same as the __ethers__
+file, except that each address is four bytes instead of six.
+Additionally, the address can be represented as a single hexadecimal
+number, as is more common in the IPX world, rather than four hex octets.
+For example, these four lines are valid lines of an __ipxnets__ file:
+
+  C0.A8.2C.00              HR
+  c0-a8-1c-00              CEO
+  00:00:BE:EF              IT_Server1
+  110f                     FileServer3
+
+The global __ipxnets__ file is looked for in the __/etc__ directory on
+UNIX-compatible systems, such as Linux, macOS, \*BSD, Solaris, and AIX,
+and in the main installation directory (for example, __C:\Program
+Files\Wireshark__) on Windows systems.
+
+The personal __ipxnets__ file is looked for in the same directory as the
+personal preferences file.
+--
+
+Name Resolution (ss7pcs)::
++
+--
+The __ss7pcs__ file is used to translate SS7 point codes to names.
+It is read from the personal configuration directory.
+
+Each line in this file consists of one network indicator followed by a dash
+followed by a point code in decimal and a node name separated by whitespace.
+An example is:
+
+  2-1234 MyPointCode1
+
+--
+
+Name Resolution (vlans)::
++
+--
+The __vlans__ file is used to translate VLAN tag IDs into names.
+It is read from the personal configuration directory.
+
+Each line in this file consists of one VLAN tag ID separated by whitespace
+from a name.  An example is:
+
+  123    Server-Lan
+  2049   HR-Client-LAN
+
+--
+
+// tag::gui[]
+Capture Filters::
++
+--
+The __cfilters__ files contain system-wide and personal capture filters.
+Each line contains one filter, starting with the string displayed in the
+dialog box in quotation marks, followed by the filter string itself:
+
+  "HTTP" port 80
+  "DCERPC" port 135
+
+The global __cfilters__ file uses the same directory as the
+global preferences file.
+
+The personal __cfilters__ file uses the same directory as the personal
+preferences file.  It is written through the Capture:Capture Filters
+dialog.
+
+If the global __cfilters__ file exists, it is used only if the personal
+__cfilters__ file does not exist; global and personal capture filters are
+not merged.
+--
+
+Display Filters::
++
+--
+The __dfilters__ files contain system-wide and personal display filters.
+Each line contains one filter, starting with the string displayed in the
+dialog box in quotation marks, followed by the filter string itself:
+
+  "HTTP" http
+  "DCERPC" dcerpc
+
+The global __dfilters__ file uses the same directory as the
+global preferences file.
+
+The personal __dfilters__ file uses the same directory as the
+personal preferences file.  It is written through the Analyze:Display
+Filters dialog.
+
+If the global __dfilters__ file exists, it is used only if the personal
+__dfilters__ file does not exist; global and personal display filters are
+not merged.
+--
+
+Display Filter Macros::
++
+--
+The __dmacros__ files contain system-wide and personal display filter macros.
+Each line contains one filter, starting with the string displayed in the
+dialog box in quotation marks, followed by the macro expression itself:
+
+  "private_ipv6" ipv6 && $1 == fc00::/7
+  "private_ethernet" $1[0] & 0x0F == 2
+  "private_ipv4" $1 == 192.168.0.0/16 or $1 == 172.16.0.0/12 or $1 == 10.0.0.0/8
+
+The global __dmacros__ file uses the same directory as the
+global preferences file.
+
+The personal __dmacros__ file uses the same directory as the
+personal preferences file.  It is written through the Analyze:Display
+Filter Macros dialog.
+
+If the global __dmacros__ file exists, it is used only if the personal
+__dmacros__ file does not exist; global and personal display filters are
+not merged.
+
+Prior to Wireshark 4.4, a __dfilter_macros__ file with a somewhat different
+syntax was used. That file is looked for at startup if a __dmacros__ file is
+not found and used to migrate to the new format.
+--
+// end::gui[]
+
+Color Filters (Coloring Rules)::
++
+--
+The __colorfilters__ files contain system-wide and personal color filters.
+Each line contains one filter, starting with the string displayed in the
+dialog box, followed by the corresponding display filter.  Then the
+background and foreground colors are appended:
+
+  # a comment
+  @tcp@tcp@[59345,58980,65534][0,0,0]
+  @udp@udp@[28834,57427,65533][0,0,0]
+
+The global __colorfilters__ file uses the same directory as the
+global preferences file.
+
+The personal __colorfilters__ file uses the same directory as the
+personal preferences file.  It is written through the View:Coloring Rules
+dialog.
+
+If the global __colorfilters__ file exists, it is used only if the personal
+__colorfilters__ file does not exist; global and personal color filters are
+not merged.
+--
+
+Plugins::
++
+--
+Wireshark looks for plugins in both a personal plugin folder and a
+global plugin folder.
+
+On UNIX-compatible systems, such as Linux, macOS, \*BSD, Solaris, and
+AIX, the global plugin directory is __lib/wireshark/plugins/__ (on
+some systems substitute __lib64__ for __lib__) under the main installation
+directory (for example, __/usr/local/lib/wireshark/plugins/__). The personal
+plugin directory is __$HOME/.local/lib/wireshark/plugins__.
+
+On macOS, if Wireshark is installed as an application bundle, the global plugin
+folder is instead __%APPDIR%/Contents/PlugIns/wireshark__.
+
+On Windows, the global plugin folder is __plugins/__ under the main
+installation directory (for example, __C:\Program Files\Wireshark\plugins\__).
+The personal plugin folder is __%APPDATA%\Wireshark\plugins__ (or, if
+%APPDATA% isn't defined, __%USERPROFILE%\Application Data\Wireshark\plugins__).
+
+Lua plugins are stored in the plugin folders;
+compiled plugins are stored in subfolders of the plugin folders, with
+the subfolder name being the Wireshark minor version number (X.Y). There is
+another hierarchical level for each Wireshark plugin type (libwireshark,
+libwiretap and codecs).  For example, the location for a libwireshark plugin
+_foo.so_ (_foo.dll_ on Windows) would be _PLUGINDIR/X.Y/epan_
+(libwireshark used to be called libepan; the other folder names are _codecs_
+and _wiretap_).
+
+NOTE: On UNIX-compatible systems, Lua plugins (but not binary plugins) may also
+be placed in __$XDG_CONFIG_HOME/wireshark/plugins__,
+(or, if __$XDG_CONFIG_HOME/wireshark__ does not exist while __$HOME/.wireshark__
+does exist, __$HOME/.wireshark/plugins__.)
+
+Note that a dissector plugin module may support more than one protocol;
+there is not necessarily a one-to-one correspondence between dissector plugin
+modules and protocols.  Protocols supported by a dissector plugin module are
+enabled and disabled in the same way as protocols built into Wireshark.
+--
diff --git a/doc/idl2deb.adoc b/doc/man_pages/idl2deb.adoc
index 146672fd..f622fdf9 100644
--- a/doc/idl2deb.adoc
+++ b/doc/man_pages/idl2deb.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = idl2deb(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
diff --git a/doc/idl2wrs.adoc b/doc/man_pages/idl2wrs.adoc
index c046c536..605f441a 100644
--- a/doc/idl2wrs.adoc
+++ b/doc/man_pages/idl2wrs.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = idl2wrs(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
diff --git a/doc/mergecap.adoc b/doc/man_pages/mergecap.adoc
index a5c9a6c3..43412375 100644
--- a/doc/mergecap.adoc
+++ b/doc/man_pages/mergecap.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = mergecap(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
@@ -145,8 +145,19 @@ Causes *mergecap* to print a number of messages while it's working.
 
 -w  <outfile>|-::
 Sets the output filename. If the name is '*-*', stdout will be used.
+If the *--compress* option is not given, then the filename extension is
+used to deduce the desired compression method, if any; e.g., if the name has
+the extension '.gz', then the output file is compressed to a gzip archive.
 This setting is mandatory.
 
+--compress <type>::
++
+--
+Compress the output file using the type compression format.
+*--compress* with no argument provides a list of the compression formats supported
+for writing. The type given takes precedence over the extension of __outfile__.
+--
+
 include::diagnostic-options.adoc[]
 
 == EXAMPLES
diff --git a/doc/mmdbresolve.adoc b/doc/man_pages/mmdbresolve.adoc
index 4b880401..af66d6b4 100644
--- a/doc/mmdbresolve.adoc
+++ b/doc/man_pages/mmdbresolve.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = mmdbresolve(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
diff --git a/doc/randpkt.adoc b/doc/man_pages/randpkt.adoc
index 97104b70..a9b799a5 100644
--- a/doc/randpkt.adoc
+++ b/doc/man_pages/randpkt.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = randpkt(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
diff --git a/doc/randpktdump.adoc b/doc/man_pages/randpktdump.adoc
index 3e13a77f..8862b108 100644
--- a/doc/randpktdump.adoc
+++ b/doc/man_pages/randpktdump.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = randpktdump(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
diff --git a/doc/rawshark.adoc b/doc/man_pages/rawshark.adoc
index a52e594a..5b52f034 100644
--- a/doc/rawshark.adoc
+++ b/doc/man_pages/rawshark.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = rawshark(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
@@ -196,11 +196,12 @@ should not close rawshark's standard input handle prematurely, otherwise
 the C runtime might trigger an exception.
 --
 
--R  <read (display) filter>::
+-R|--read-filter <read (display) filter>::
 +
 --
 Cause the specified filter (which uses the syntax of read/display filters,
 rather than that of capture filters) to be applied before printing the output.
+Read filters and display filters are synonymous in *rawshark*.
 --
 
 -s::
@@ -226,216 +227,24 @@ could use *%D: %S (%N)*.
 -v|--version::
 Print the full version information and exit.
 
-include::dissection-options.adoc[tags=**;!tshark;!decode_as]
-
-include::diagnostic-options.adoc[]
-
-== READ FILTER SYNTAX
-
-For a complete table of protocol and protocol fields that are filterable
-in *TShark* see the xref:wireshark-filter.html[wireshark-filter](4) manual page.
-
-== FILES
-
-These files contains various *Wireshark* configuration values.
-
-Preferences::
-+
---
-The __preferences__ files contain global (system-wide) and personal
-preference settings. If the system-wide preference file exists, it is
-read first, overriding the default settings. If the personal preferences
-file exists, it is read next, overriding any previous values. Note: If
-the command line option *-o* is used (possibly more than once), it will
-in turn override values from the preferences files.
-
-The preferences settings are in the form __prefname:value__,
-one per line,
-where __prefname__ is the name of the preference
-and __value__ is the value to
-which it should be set; white space is allowed between *:* and
-__value__.  A preference setting can be continued on subsequent lines by
-indenting the continuation lines with white space.  A *#* character
-starts a comment that runs to the end of the line:
-
-  # Capture in promiscuous mode?
-  # TRUE or FALSE (case-insensitive).
-  capture.prom_mode: TRUE
-
-The global preferences file is looked for in the __wireshark__ directory
-under the __share__ subdirectory of the main installation directory.  On
-macOS, this would typically be
-__/Application/Wireshark.app/Contents/Resources/share__; on other
-UNIX-compatible systems, such as Linux, \*BSD, Solaris, and AIX, this
-would typically be __/usr/share/wireshark/preferences__ for
-system-installed packages and __/usr/local/share/wireshark/preferences__
-for locally-installed packages; on Windows, this would typically be
-__C:\Program Files\Wireshark\preferences__.
-
-On UNIX-compatible systems, the personal preferences file is looked for
-in __$XDG_CONFIG_HOME/wireshark/preferences__, (or, if
-__$XDG_CONFIG_HOME/wireshark__ does not exist while __$HOME/.wireshark__
-does exist, __$HOME/.wireshark/preferences__); this is typically
-__$HOME/.config/wireshark/preferences__.  On Windows,
-the personal preferences file is looked for in
-__%APPDATA%\Wireshark\preferences__ (or, if %APPDATA% isn't defined,
-__%USERPROFILE%\Application Data\Wireshark\preferences__).
---
-
-Disabled (Enabled) Protocols::
-+
---
-The __disabled_protos__ files contain system-wide and personal lists of
-protocols that have been disabled, so that their dissectors are never
-called.  The files contain protocol names, one per line, where the
-protocol name is the same name that would be used in a display filter
-for the protocol:
-
-  http
-  tcp     # a comment
-
-The global __disabled_protos__ file uses the same directory as the global
-preferences file.
-
-The personal __disabled_protos__ file uses the same directory as the
-personal preferences file.
---
-
-Name Resolution (hosts)::
-+
---
-If the personal __hosts__ file exists, it is
-used to resolve IPv4 and IPv6 addresses before any other
-attempts are made to resolve them.  The file has the standard __hosts__
-file syntax; each line contains one IP address and name, separated by
-whitespace. The same directory as for the personal preferences file is
-used.
-
-Capture filter name resolution is handled by libpcap on UNIX-compatible
-systems, such as Linux, macOS, \*BSD, Solaris, and AIX, and by Npcap or
-WinPcap on Windows.  As such the Wireshark personal __hosts__ file will
-not be consulted for capture filter name resolution.
---
-
-Name Resolution (subnets)::
-+
---
-If an IPv4 address cannot be translated via name resolution (no exact
-match is found) then a partial match is attempted via the __subnets__ file.
-
-Each line of this file consists of an IPv4 address, a subnet mask length
-separated only by a / and a name separated by whitespace. While the address
-must be a full IPv4 address, any values beyond the mask length are subsequently
-ignored.
-
-An example is:
-
-# Comments must be prepended by the # sign!
-192.168.0.0/24 ws_test_network
-
-A partially matched name will be printed as "subnet-name.remaining-address".
-For example, "192.168.0.1" under the subnet above would be printed as
-"ws_test_network.1"; if the mask length above had been 16 rather than 24, the
-printed address would be ``ws_test_network.0.1".
---
-
-Name Resolution (ethers)::
-+
---
-The __ethers__ files are consulted to correlate 6-byte hardware addresses to
-names. First the personal __ethers__ file is tried and if an address is not
-found there the global __ethers__ file is tried next.
-
-Each line contains one hardware address and name, separated by
-whitespace.  The digits of the hardware address are separated by colons
-(:), dashes (-) or periods (.).  The same separator character must be
-used consistently in an address. The following three lines are valid
-lines of an __ethers__ file:
-
-  ff:ff:ff:ff:ff:ff          Broadcast
-  c0-00-ff-ff-ff-ff          TR_broadcast
-  00.00.00.00.00.00          Zero_broadcast
-
-The global __ethers__ file is looked for in the __/etc__ directory on
-UNIX-compatible systems, such as Linux, macOS, \*BSD, Solaris, and AIX,
-and in the main installation directory (for example, __C:\Program
-Files\Wireshark__) on Windows systems.
-
-The personal __ethers__ file is looked for in the same directory as the personal
-preferences file.
-
-Capture filter name resolution is handled by libpcap on UNIX-compatible
-systems and Npcap or WinPcap on Windows.  As such the Wireshark personal
-__ethers__ file will not be consulted for capture filter name resolution.
---
-
-Name Resolution (manuf)::
+-Y|--display-filter <read (display) filter>::
 +
 --
-The __manuf__ file is used to match the 3-byte vendor portion of a 6-byte
-hardware address with the manufacturer's name; it can also contain well-known
-MAC addresses and address ranges specified with a netmask.  The format of the
-file is the same as the __ethers__ files, except that entries of the form:
-
-  00:00:0C      Cisco
-
-can be provided, with the 3-byte OUI and the name for a vendor, and
-entries such as:
-
-  00-00-0C-07-AC/40     All-HSRP-routers
-
-can be specified, with a MAC address and a mask indicating how many bits
-of the address must match. The above entry, for example, has 40
-significant bits, or 5 bytes, and would match addresses from
-00-00-0C-07-AC-00 through 00-00-0C-07-AC-FF. The mask need not be a
-multiple of 8.
-
-The __manuf__ file is looked for in the same directory as the global
-preferences file.
---
-
-Name Resolution (services)::
-+
---
-The __services__ file is used to translate port numbers into names.
-
-The file has the standard __services__ file syntax; each line contains one
-(service) name and one transport identifier separated by white space.  The
-transport identifier includes one port number and one transport protocol name
-(typically tcp, udp, or sctp) separated by a /.
-
-An example is:
-
-  mydns       5045/udp     # My own Domain Name Server
-  mydns       5045/tcp     # My own Domain Name Server
+Cause the specified filter (which uses the syntax of read/display filters,
+rather than that of capture filters) to be applied before printing the output.
+Read filters and display filters are synonymous in *rawshark*.
 --
 
-Name Resolution (ipxnets)::
-+
---
-The __ipxnets__ files are used to correlate 4-byte IPX network numbers to
-names. First the global __ipxnets__ file is tried and if that address is not
-found there the personal one is tried next.
+include::dissection-options.adoc[tags=**;!tshark;!decode_as]
 
-The format is the same as the __ethers__
-file, except that each address is four bytes instead of six.
-Additionally, the address can be represented as a single hexadecimal
-number, as is more common in the IPX world, rather than four hex octets.
-For example, these four lines are valid lines of an __ipxnets__ file:
+include::diagnostic-options.adoc[]
 
-  C0.A8.2C.00              HR
-  c0-a8-1c-00              CEO
-  00:00:BE:EF              IT_Server1
-  110f                     FileServer3
+== READ FILTER SYNTAX
 
-The global __ipxnets__ file is looked for in the __/etc__ directory on
-UNIX-compatible systems, such as Linux, macOS, \*BSD, Solaris, and AIX,
-and in the main installation directory (for example, __C:\Program
-Files\Wireshark__) on Windows systems.
+For a complete table of protocol and protocol fields that are filterable
+in *Rawshark* see the xref:wireshark-filter.html[wireshark-filter](4) manual page.
 
-The personal __ipxnets__ file is looked for in the same directory as the
-personal preferences file.
---
+include::files.adoc[tags=**;!gui]
 
 == ENVIRONMENT VARIABLES
 
diff --git a/doc/reordercap.adoc b/doc/man_pages/reordercap.adoc
index fd57b0a7..0d03b166 100644
--- a/doc/reordercap.adoc
+++ b/doc/man_pages/reordercap.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = reordercap(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
diff --git a/doc/sdjournal.adoc b/doc/man_pages/sdjournal.adoc
index bf9a3689..d8736704 100644
--- a/doc/sdjournal.adoc
+++ b/doc/man_pages/sdjournal.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = sdjournal(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
diff --git a/doc/sshdump.adoc b/doc/man_pages/sshdump.adoc
index 8acacd1f..562336c4 100644
--- a/doc/sshdump.adoc
+++ b/doc/man_pages/sshdump.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = sshdump(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
diff --git a/doc/text2pcap.adoc b/doc/man_pages/text2pcap.adoc
index ab894747..9c2a8195 100644
--- a/doc/text2pcap.adoc
+++ b/doc/man_pages/text2pcap.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = text2pcap(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
@@ -16,7 +16,7 @@ text2pcap - Generate a capture file from an ASCII hexdump of packets
 [ *-a* ]
 [ *-b* 2|8|16|64 ]
 [ *-D* ]
-[ *-e* <l3pid> ]
+[ *-e* <ethertype> ]
 [ *-E* <encapsulation type> ]
 [ *-F* <file format> ]
 [ *-i* <proto> ]
@@ -57,7 +57,11 @@ hexdumps of application-level data only.
 The *-F* flag can be used to specify the format in which to write the
 capture file, *text2pcap -F* provides a list of the available output
 formats. By default, it writes the packets to __outfile__ in the *pcapng*
-file format.
+file format. *Text2cap* also supports compression formats, which can
+be specified with the *--compress* options. If that option is not given,
+the the desired compression method, if any, is deduced from the extension
+of __outfile__; e.g. if it has the extension '.gz', then the output file
+is compressed to a gzip archive.
 
 *Text2pcap* understands a hexdump of the form generated by __od -Ax
  -tx1 -v__.  In other words, each byte is individually displayed, with
@@ -203,10 +207,10 @@ supports it (e.g. pcapng), and is also used when generating dummy headers
 to swap the source and destination addresses and ports as appropriate.
 --
 
--e <l3pid>::
+-e <ethertype>::
 +
 --
-Include a dummy Ethernet header before each packet. Specify the L3PID
+Include a dummy Ethernet header before each packet. Specify the EtherType
 for the Ethernet header in hex. Use this option if your dump has Layer
 3 header and payload (e.g. IP header), but no Layer 2
 encapsulation. Example: __-e 0x806__ to specify an ARP packet.
@@ -297,11 +301,11 @@ direction indicators or timestamps after the first byte along with any offsets.
 +
 --
 Include an EXPORTED_PDU header before each packet.  Specify, as a
-string, the dissector to be called for the packet (DISSECTOR_NAME tag). 
+string, the dissector to be called for the packet (DISSECTOR_NAME tag).
 Use this option if your dump is the payload for a single upper layer
 protocol (so specifying a link layer type would not work) and you wish
-to create a capture file without a full dummy protocol stack. 
-Automatically sets the link layer type to Wireshark Upper PDU export. 
+to create a capture file without a full dummy protocol stack.
+Automatically sets the link layer type to Wireshark Upper PDU export.
 Without this option, if the Upper PDU export link layer type (252) is
 selected the dissector defaults to "data".
 --
@@ -385,7 +389,7 @@ Print the full version information and exit.
 -4 <srcip>,<destip>::
 +
 --
-Prepend dummy IP header with specified IPv4 dest and source address.
+Prepend dummy IP header with specified IPv4 source and destination addresses.
 This option should be accompanied by one of the following options: -i, -s, -S, -T, -u
 Use this option to apply "custom" IP addresses.
 Example: __-4 10.0.0.1,10.0.0.2__ to use 10.0.0.1 and 10.0.0.2 for all IP packets.
@@ -394,13 +398,21 @@ Example: __-4 10.0.0.1,10.0.0.2__ to use 10.0.0.1 and 10.0.0.2 for all IP packet
 -6 <srcip>,<destip>::
 +
 --
-Prepend dummy IP header with specified IPv6 dest and source address.
+Prepend dummy IP header with specified IPv6 source and destination addresses.
 This option should be accompanied by one of the following options: -i, -s, -S, -T, -u
 Use this option to apply "custom" IP addresses.
 Example: __-6 2001:db8::b3ff:fe1e:8329,2001:0db8:85a3::8a2e:0370:7334__ to
 use 2001:db8::b3ff:fe1e:8329 and 2001:0db8:85a3::8a2e:0370:7334 for all IP packets.
 --
 
+--compress <type>::
++
+--
+Compress the output file using the type compression format.
+*--compress* with no argument provides a list of the compression formats supported
+for writing. The type given takes precedence over the extension of __outfile__.
+--
+
 include::diagnostic-options.adoc[]
 
 == SEE ALSO
diff --git a/doc/tshark.adoc b/doc/man_pages/tshark.adoc
index 543579d5..2893a7d3 100644
--- a/doc/tshark.adoc
+++ b/doc/man_pages/tshark.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = tshark(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
@@ -23,7 +23,9 @@ tshark - Dump and analyze network traffic
 
 [manarg]
 *tshark*
-*-G* [ <report type> ] [ --elastic-mapping-filter <protocols> ]
+*-G* [ <report type> ]
+[ --elastic-mapping-filter <protocols> ]
+[ *-C* <profile> ]
 
 [manarg]
 *tshark*
@@ -53,7 +55,7 @@ from the file and displaying a summary line on the standard output for
 each packet read.  *TShark* is able to detect, read and write the same
 capture files that are supported by *Wireshark*.  The input file
 doesn't need a specific filename extension; the file format and an
-optional gzip, zstd or lz4 compression will be automatically detected.  Near the
+optional gzip, Zstandard, or LZ4 compression will be automatically detected.  Near the
 beginning of the DESCRIPTION section of xref:wireshark.html[wireshark](1) or
 https://www.wireshark.org/docs/man-pages/wireshark.html is a detailed
 description of the way *Wireshark* handles this, which is the same way
@@ -62,7 +64,8 @@ description of the way *Wireshark* handles this, which is the same way
 Compressed file support uses (and therefore requires) the zlib library.
 If the zlib library is not present when compiling *TShark*, it will be
 possible to compile it, but the resulting program will be unable to read
-compressed files.
+compressed files. Similarly, LZ4 and ZStandard also require their respective
+libraries.
 
 When displaying packets on the standard output, *TShark* writes, by
 default, a summary line containing the fields specified by the
@@ -134,9 +137,16 @@ will be displayed along with the detail lines.
 When writing packets to a file, *TShark*, by default, writes the file
 in *pcapng* format, and writes all of the packets it sees to the output
 file.  The *-F* option can be used to specify the format in which to
-write the file.  This list of available file formats is displayed by the
-*-F* option without a value.  However, you can't specify a file format
-for a live capture.
+write the file.  The list of available file formats is displayed by the
+*-F* option without a value.  However, for a live capture, you can only
+specify a file format supported by xref:dumpcap.html[dumpcap](1), viz.
+*pcapng* or *pcap*. The *--compress* option can be used to specify
+a compression method as well; the list of supported compression methods
+for writing can be displayed by the *--compress* method without an
+argument. If the *--compress* option is not given, then the desired
+compression method, if any, is deduced from the extension of the filename
+given as argument to the *-w* option. Compression is not supported for
+live capture.
 
 When capturing packets, *TShark* writes to the standard error an
 initial line listing the interfaces from which packets are being
@@ -167,7 +177,9 @@ to dump one of several types of internal glossaries and then exit.
 Perform a two-pass analysis. This causes *TShark* to buffer output until the
 entire first pass is done, but allows it to fill in fields that require future
 knowledge, such as 'response in frame #' fields. Also permits reassembly
-frame dependencies to be calculated correctly.
+frame dependencies to be calculated correctly. This requires the ability
+to seek backwards on the input, and as such cannot be used with live captures
+or when reading from a pipe or FIFO.
 --
 
 -a|--autostop  <capture autostop condition>::
@@ -189,7 +201,8 @@ will stop writing to the current capture file and switch to the next one if
 filesize is reached.  When reading a capture file, *TShark* will stop reading
 the file after the number of bytes read exceeds this number (the complete
 packet  will be read, so more bytes than this number may be read).  Note that
-the filesize is limited to a maximum value of 2 GiB.
+the filesize is limited to a maximum value of 2 TB, although you might have
+problems before then if the number of packets exceeds exceeds 2^32^ (4294967296).
 
 *packets*:__value__ switch to the next file after it contains __value__
 packets.
@@ -241,7 +254,9 @@ parameter takes exactly one criterion; to specify two criterion, each must be
 preceded by the *-b* option.
 
 *filesize*:__value__ switch to the next file after it reaches a size of
-__value__ kB.  Note that the filesize is limited to a maximum value of 2 GiB.
+__value__ kB.  Note that the filesize is limited to a maximum value of 2 TB,
+although you might have problems before then if the number of packets exceeds
+exceeds 2^32^ (4294967296).
 
 *interval*:__value__ switch to the next file when the time is an exact
 multiple of __value__ seconds.  For example, use 3600 to switch to a new file
@@ -250,6 +265,10 @@ every hour on the hour.
 *packets*:__value__ switch to the next file after it contains __value__
 packets.
 
+*printname*:__filename__ print the name of the most recently written file
+to __filename__ after the file is closed. __filename__ can be `stdout` or `-`
+for standard output, or `stderr` for standard error.
+
 *nametimenum*:__value__ Choose between two save filename templates.  If
 __value__ is 1, make running file number part before start time part; this is
 the original and default behaviour (e.g. log_00001_20240714164426.pcap).  If
@@ -299,7 +318,9 @@ may differ from *-a packets:*<capture packet count>.
 -C  <configuration profile>::
 +
 --
-Run with the given configuration profile.
+Run with the given configuration profile. If used in conjucton with
+--global-profile, then the global profile with the associated name
+would be used.
 --
 
 -D|--list-interfaces::
@@ -322,7 +343,7 @@ is selected.  This option can be used multiple times on the command line.
 At least one field must be provided if the *-T fields* option is
 selected. Column types may be used prefixed with "_ws.col."
 
-Example: *tshark -e frame.number -e ip.addr -e udp -e _ws.col.info*
+Example: *tshark -T fields -e frame.number -e ip.addr -e udp -e _ws.col.info*
 
 Fields are separated by tab characters by default.  *-E* controls the
 format of the printed fields.
@@ -366,11 +387,14 @@ option may be used.
 
 *quote=d|s|n* Set the quote character to use to surround fields.  *d*
 uses double-quotes, *s* single-quotes, *n* no quotes (the default).
+If the quote character appears in a field value, it will be escaped
+by being duplicated.
 
 *escape=y|n* If *y*, the whitespace control characters (tab, line feed,
-carriage return, form feed, and vertical tab) and backspace will be
-replaced in field values by C-style escapes, e.g. "\n" for line feed.
-If *n*, field value strings will be printed as-is.  Defaults to *y*.
+carriage return, form feed, and vertical tab) backspace, and the
+backslash will be replaced in field values by C-style escapes, e.g.
+"\n" for line feed.  If *n*, field value strings will be printed as-is.
+Defaults to *y*.
 --
 
 -f  <capture filter>::
@@ -394,7 +418,9 @@ Example: *tshark -f "predef:MyPredefinedHostOnlyFilter"*
 Set the file format of the output capture file written using the *-w*
 option.  The output written with the *-w* option is raw packet data, not
 text, so there is no *-F* option to request text output.  The option *-F*
-without a value will list the available formats.
+without a value will list the available formats. The default is the
+*pcapng* format (unless the default has been changed in preferences.)
+.
 
 -g::
 This option causes the output file(s) to be created with group-read permission
@@ -405,8 +431,9 @@ user's group).
 +
 --
 The *-G* option will cause *TShark* to dump one of several types of glossaries
-and then exit.  If no specific glossary type is specified, then the *fields*
-report will be generated by default.
+and then exit.  If no glossary type is specified, then the *fields* report
+will be generated by default; this is deprecated and a future version will
+require the report type argument.  The *-G* option must be the first option given.
 Using the report type of *help* lists all the current report types.
 
 The available report types include:
@@ -443,10 +470,10 @@ is one record per line.  The fields are tab-delimited.
 [horizontal]
 Field 1:: dissector table name, e.g. "tcp.port"
 Field 2:: name used for the dissector table in the GUI
-Field 3:: type (textual representation of the ftenum type)
+Field 3:: type (textual representation of the ftenum type, or "heuristic")
 Field 4:: base for display (for integer types)
 Field 5:: protocol name
-Field 6:: "decode as" support
+Field 6:: "decode as" support (for non-heuristic tables)
 
 *elastic-mapping*  Dumps the ElasticSearch mapping file to stdout. Fields
 falling in the default case (string) won't be mapped.
@@ -506,7 +533,7 @@ Field 2:: text description of type (e.g. "IPv6 address")
 There is one record per line.  The fields are tab-delimited.
 
 [horizontal]
-Field 1:: underlying dissector (e.g. "tcp")
+Field 1:: heuristic dissector table name (e.g. "tcp")
 Field 2:: name of heuristic decoder (e.g. "ucp")
 Field 3:: heuristic enabled (e.g. "T" or "F")
 Field 4:: heuristic enabled by default (e.g. "T" or "F")
@@ -638,7 +665,7 @@ Protocol match filter used for ek|json|jsonraw|pdml output file types.
 Only the protocol's parent node is included. Child nodes are only
 included if explicitly specified in the filter.
 
-Example: *tshark -j "ip ip.flags http"*
+Example: *tshark -T json -j "ip ip.flags http"*
 --
 
 -J  <protocol match filter>::
@@ -648,7 +675,7 @@ Protocol top level filter used for ek|json|jsonraw|pdml output file types.
 The protocol's parent node and all child nodes are included.
 Lower-level protocols must be explicitly specified in the filter.
 
-Example: *tshark -J "tcp http"*
+Example: *tshark -T pdml -J "tcp http"*
 --
 
 -l::
@@ -662,7 +689,7 @@ normally used when piping a live capture to a program or script, so that
 output for a packet shows up as soon as the packet is seen and
 dissected, it should work just as well as true line-buffering.  We do
 this as a workaround for a deficiency in the Microsoft Visual C++ C
-library.)
+library.) This also sets *--update-interval* to 0 ms.
 
 This may be useful when piping the output of *TShark* to another
 program, as it means that the program to which the output is piped will
@@ -761,9 +788,13 @@ printed, just the statistics.
 +
 --
 Read packet data from __infile__, can be any supported capture file format
-(including gzipped files).  It is possible to use named pipes or stdin (-)
-here but only with certain (not compressed) capture file formats (in
-particular: those that can be read without seeking backwards).
+(including compressed files).  It is possible to use named pipes or stdin (-)
+here but only with certain capture file formats (in particular: those that
+can be read without seeking backwards.)
+
+TIP: Reading a live capture from the standard out of another process through
+a pipe can circumvent restrictions that apply to *TShark* during live capture,
+such as file formats or compression.
 --
 
 -R|--read-filter  <Read filter>::
@@ -903,7 +934,10 @@ Cause *TShark* to print a view of the packet details.
 +
 --
 Write raw packet data to __outfile__ or to the standard output if
-__outfile__ is '-'.
+__outfile__ is '-'. The *-F* and *--compress* options can be used
+to control the file format and compression method. If the latter is
+not given, then the extension may be used to deduce the desired
+compression algorithm, if supported, e.g. a gzip archive for '.gz'.
 
 NOTE: *-w* provides raw packet data, not text.  If you want text output
 you need to redirect stdout (e.g. using '>'), don't use the *-w*
@@ -1904,19 +1938,19 @@ queries collated by receiver address and then topic name.
 Calculate statistics on LBM Topic Resolution Packets. Displays topic
 queries collated by topic name and then receiver address.
 
-*-z* mac-lte,stat[,__filter__]::
+*-z* mac-3gpp,stat[,__filter__]::
 +
 --
-This option will activate a counter for LTE MAC messages.  You will get
+This option will activate a counter for LTE or NR MAC messages.  You will get
 information about the maximum number of UEs/TTI, common messages and
 various counters for each UE that appears in the log.
 
-Example: *tshark -z mac-lte,stat*.
+Example: *tshark -z mac-3gpp,stat*.
 
 This option can be used multiple times on the command line.
 
-Example: *-z "mac-lte,stat,mac-lte.rnti>3000"* will only collect stats for
-UEs with an assigned RNTI whose value is more than 3000.
+Example: *-z "mac-3gpp,stat,mac-lte.rnti>3000"* will only collect stats for
+LTE UEs with an assigned RNTI whose value is more than 3000.
 --
 
 *-z* megaco,rtd[,__filter__]::
@@ -1968,6 +2002,12 @@ Displays the total number of OSmux packets, and displays for each stream
 the number of packets, number of packets with the RTP market bit set,
 number of AMR frames, jitter analysis, and sequence number analysis.
 
+*-z* pfcp,srt[,__filter__]::
+Collect requests/response SRT (Service Response Time) data for PFCP.
+Data collected is the number of calls, minimum SRT, maximum SRT, average
+SRT, and sum SRT for certain commands.  Currently no statistics are gathered
+on unpaired messages.
+
 *-z* pingpongprotocol,stat[,__filter__]::
 Calculate statistics on the Ping Pong Protocol of Reliable
 Server Pooling.  For each message type, displays the number, rate
@@ -2018,19 +2058,19 @@ Minimum RTD, Maximum RTD, Average RTD, Minimum in Frame, and Maximum in Frame,
 along with the number of Open Requests (Unresponded Requests), Discarded
 Responses (Responses without matching request) and Duplicate Messages.
 
-*-z* rlc-lte,stat[,__filter__]::
+*-z* rlc-3gpp,stat[,__filter__]::
 +
 --
-This option will activate a counter for LTE RLC messages.  You will get
+This option will activate a counter for LTE or NR RLC messages.  You will get
 information about common messages and various counters for each UE that appears
 in the log.
 
-Example: *tshark -z rlc-lte,stat*.
+Example: *tshark -z rlc-3gpp,stat*.
 
 This option can be used multiple times on the command line.
 
-Example: *-z "rlc-lte,stat,rlc-lte.ueid>3000"* will only collect stats for
-UEs with a UEId of more than 3000.
+Example: *-z "rlc-3gpp,stat,rlc-nr.ueid>3000"* will only collect stats for
+NR UEs with a UEId of more than 3000.
 --
 
 *-z* rpc,programs::
@@ -2215,7 +2255,7 @@ Enable coloring of packets according to standard Wireshark color
 filters. On Windows colors are limited to the standard console
 character attribute colors. Other platforms require a terminal that
 handles 24-bit "true color" terminal escape sequences. See
-https://gitlab.com/wireshark/wireshark/-/wikis/ColoringRules for more information on
+{wireshark-wiki-url}ColoringRules for more information on
 configuring color filters.
 
 --no-duplicate-keys::
@@ -2252,6 +2292,27 @@ Output JSON containing elapsed times for each pass tshark does to process a capt
 file and the sum elapsed time for all passes. The per-pass output contains the total
 elapsed time and aggregate counters for per-packet operations (dissection and filtering).
 
+--compress <type>::
++
+--
+Compress the output file using the type compression format.
+*--compress* with no argument provides a list of the compression formats supported
+for writing. The type given takes precedence over the extension of __outfile__.
+
+NOTE: This option only works with the *-r* option, i.e., when reading a
+capture file, not for live captures.
+////
+The --compress-type option is not documented anywhere; it works with live captures,
+but only a limited set of capture options (multiple file mode (-b), but not
+ringbuffer mode (no -b files), and only compressed upon file rotation.)
+It works with TShark and dumpcap, but not from the command line in Wireshark
+(though the Wireshark GUI can pass the option to dumpcap.)
+
+Should we document it? Deprecate it in favor of also using compress? Do nothing
+until it has closer feature parity to *--compress* but for captures?
+////
+--
+
 include::dissection-options.adoc[tags=**;!not_tshark]
 
 include::diagnostic-options.adoc[]
@@ -2259,214 +2320,14 @@ include::diagnostic-options.adoc[]
 == CAPTURE FILTER SYNTAX
 
 See the manual page of xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or, if that doesn't exist, xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8),
-or, if that doesn't exist, https://gitlab.com/wireshark/wireshark/-/wikis/CaptureFilters.
+or, if that doesn't exist, {wireshark-wiki-url}CaptureFilters.
 
 == READ FILTER SYNTAX
 
 For a complete table of protocol and protocol fields that are filterable
 in *TShark* see the xref:wireshark-filter.html[wireshark-filter](4) manual page.
 
-== FILES
-
-These files contains various *Wireshark* configuration values.
-
-Preferences::
-+
---
-The __preferences__ files contain global (system-wide) and personal
-preference settings.  If the system-wide preference file exists, it is
-read first, overriding the default settings.  If the personal preferences
-file exists, it is read next, overriding any previous values.  Note: If
-the command line option *-o* is used (possibly more than once), it will
-in turn override values from the preferences files.
-
-The preferences settings are in the form __prefname:value__,
-one per line,
-where __prefname__ is the name of the preference
-and __value__ is the value to
-which it should be set; white space is allowed between *:* and
-__value__.  A preference setting can be continued on subsequent lines by
-indenting the continuation lines with white space.  A *#* character
-starts a comment that runs to the end of the line:
-
-  # Capture in promiscuous mode?
-  # TRUE or FALSE (case-insensitive).
-  capture.prom_mode: TRUE
-
-The global preferences file is looked for in the __wireshark__ directory
-under the __share__ subdirectory of the main installation directory.  On
-macOS, this would typically be
-__/Application/Wireshark.app/Contents/Resources/share__; on other
-UNIX-compatible systems, such as Linux, \*BSD, Solaris, and AIX, this
-would typically be __/usr/share/wireshark/preferences__ for
-system-installed packages and __/usr/local/share/wireshark/preferences__
-for locally-installed packages; on Windows, this would typically be
-__C:\Program Files\Wireshark\preferences__.
-
-On UNIX-compatible systems, the personal preferences file is looked for
-in __$XDG_CONFIG_HOME/wireshark/preferences__, (or, if
-__$XDG_CONFIG_HOME/wireshark__ does not exist while __$HOME/.wireshark__
-does exist, __$HOME/.wireshark/preferences__); this is typically
-__$HOME/.config/wireshark/preferences__.  On Windows,
-the personal preferences file is looked for in
-__%APPDATA%\Wireshark\preferences__ (or, if %APPDATA% isn't defined,
-__%USERPROFILE%\Application Data\Wireshark\preferences__).
---
-
-Disabled (Enabled) Protocols::
-+
---
-The __disabled_protos__ files contain system-wide and personal lists of
-protocols that have been disabled, so that their dissectors are never
-called.  The files contain protocol names, one per line, where the
-protocol name is the same name that would be used in a display filter
-for the protocol:
-
-  http
-  tcp     # a comment
-
-The global __disabled_protos__ file uses the same directory as the global
-preferences file.
-
-The personal __disabled_protos__ file uses the same directory as the
-personal preferences file.
---
-
-Name Resolution (hosts)::
-+
---
-If the personal __hosts__ file exists, it is
-used to resolve IPv4 and IPv6 addresses before any other
-attempts are made to resolve them.  The file has the standard __hosts__
-file syntax; each line contains one IP address and name, separated by
-whitespace.  The same directory as for the personal preferences file is
-used.
-
-Capture filter name resolution is handled by libpcap on UNIX-compatible
-systems, such as Linux, macOS, \*BSD, Solaris, and AIX, and by Npcap or
-WinPcap on Windows.  As such the Wireshark personal __hosts__ file will
-not be consulted for capture filter name resolution.
---
-
-Name Resolution (subnets)::
-+
---
-If an IPv4 address cannot be translated via name resolution (no exact
-match is found) then a partial match is attempted via the __subnets__ file.
-
-Each line of this file consists of an IPv4 address, a subnet mask length
-separated only by a / and a name separated by whitespace. While the address
-must be a full IPv4 address, any values beyond the mask length are subsequently
-ignored.
-
-An example is:
-
-# Comments must be prepended by the # sign!
-192.168.0.0/24 ws_test_network
-
-A partially matched name will be printed as "subnet-name.remaining-address".
-For example, "192.168.0.1" under the subnet above would be printed as
-"ws_test_network.1"; if the mask length above had been 16 rather than 24, the
-printed address would be ``ws_test_network.0.1".
---
-
-Name Resolution (ethers)::
-+
---
-The __ethers__ files are consulted to correlate 6-byte hardware addresses to
-names.  First the personal __ethers__ file is tried and if an address is not
-found there the global __ethers__ file is tried next.
-
-Each line contains one hardware address and name, separated by
-whitespace.  The digits of the hardware address are separated by colons
-(:), dashes (-) or periods (.).  The same separator character must be
-used consistently in an address.  The following three lines are valid
-lines of an __ethers__ file:
-
-  ff:ff:ff:ff:ff:ff          Broadcast
-  c0-00-ff-ff-ff-ff          TR_broadcast
-  00.00.00.00.00.00          Zero_broadcast
-
-The global __ethers__ file is looked for in the __/etc__ directory on
-UNIX-compatible systems, such as Linux, macOS, \*BSD, Solaris, and AIX,
-and in the main installation directory (for example, __C:\Program
-Files\Wireshark__) on Windows systems.
-
-The personal __ethers__ file is looked for in the same directory as the personal
-preferences file.
-
-Capture filter name resolution is handled by libpcap on UNIX-compatible
-systems and Npcap or WinPcap on Windows.  As such the Wireshark personal
-__ethers__ file will not be consulted for capture filter name resolution.
---
-
-Name Resolution (manuf)::
-+
---
-The __manuf__ file is used to match the 3-byte vendor portion of a 6-byte
-hardware address with the manufacturer's name; it can also contain well-known
-MAC addresses and address ranges specified with a netmask.  The format of the
-file is the same as the __ethers__ files, except that entries of the form:
-
-  00:00:0C      Cisco
-
-can be provided, with the 3-byte OUI and the name for a vendor, and
-entries such as:
-
-  00-00-0C-07-AC/40     All-HSRP-routers
-
-can be specified, with a MAC address and a mask indicating how many bits
-of the address must match.  The above entry, for example, has 40
-significant bits, or 5 bytes, and would match addresses from
-00-00-0C-07-AC-00 through 00-00-0C-07-AC-FF.  The mask need not be a
-multiple of 8.
-
-The __manuf__ file is looked for in the same directory as the global
-preferences file.
---
-
-Name Resolution (services)::
-+
---
-The __services__ file is used to translate port numbers into names.
-
-The file has the standard __services__ file syntax; each line contains one
-(service) name and one transport identifier separated by white space.  The
-transport identifier includes one port number and one transport protocol name
-(typically tcp, udp, or sctp) separated by a /.
-
-An example is:
-
-  mydns       5045/udp     # My own Domain Name Server
-  mydns       5045/tcp     # My own Domain Name Server
---
-
-Name Resolution (ipxnets)::
-+
---
-The __ipxnets__ files are used to correlate 4-byte IPX network numbers to
-names.  First the global __ipxnets__ file is tried and if that address is not
-found there the personal one is tried next.
-
-The format is the same as the __ethers__
-file, except that each address is four bytes instead of six.
-Additionally, the address can be represented as a single hexadecimal
-number, as is more common in the IPX world, rather than four hex octets.
-For example, these four lines are valid lines of an __ipxnets__ file:
-
-  C0.A8.2C.00              HR
-  c0-a8-1c-00              CEO
-  00:00:BE:EF              IT_Server1
-  110f                     FileServer3
-
-The global __ipxnets__ file is looked for in the __/etc__ directory on
-UNIX-compatible systems, such as Linux, macOS, \*BSD, Solaris, and AIX,
-and in the main installation directory (for example, __C:\Program
-Files\Wireshark__) on Windows systems.
-
-The personal __ipxnets__ file is looked for in the same directory as the
-personal preferences file.
---
+include::files.adoc[tags=**;!gui]
 
 == OUTPUT
 
diff --git a/doc/udpdump.adoc b/doc/man_pages/udpdump.adoc
index 8739ab6f..37b5934c 100644
--- a/doc/udpdump.adoc
+++ b/doc/man_pages/udpdump.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = udpdump(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
diff --git a/doc/wifidump.adoc b/doc/man_pages/wifidump.adoc
index e202d05a..d23ee092 100644
--- a/doc/wifidump.adoc
+++ b/doc/man_pages/wifidump.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = wifidump(1)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
diff --git a/doc/wireshark-filter.adoc b/doc/man_pages/wireshark-filter.adoc
index 3e8a7b84..2de71423 100644
--- a/doc/wireshark-filter.adoc
+++ b/doc/man_pages/wireshark-filter.adoc
@@ -1,9 +1,9 @@
-include::../docbook/attributes.adoc[]
+include::../attributes.adoc[]
 = wireshark-filter(4)
 :doctype: manpage
 :stylesheet: ws.css
 :linkcss:
-:copycss: ../docbook/{stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 == NAME
 
@@ -138,6 +138,9 @@ The filter language has the following functions:
     len(field)          - returns the byte length of a string or bytes field
     count(field)        - returns the number of field occurrences in a frame
     string(field)       - converts a non-string field to string
+    vals(field)         - converts a field value to its value string
+    dec(field)          - converts an unsigned integer to a decimal string
+    hex(field)          - converts an unsigned integer to a hexadecimal string
     max(f1,...,fn)      - return the maximum value
     min(f1,...,fn)      - return the minimum value
     abs(field)          - return the absolute value of numeric fields
@@ -155,11 +158,77 @@ byte fields. For example:
 
     string(frame.number) matches "[13579]$"
 
-gives you all the odd packets.
+gives you all the odd packets. Note that the "matches" operator implicitly
+converts types of their value string representation; to match against the
+decimal representation of an integer field use string().
+
+vals() converts an integer or boolean field value to a string using the
+field's associated value string, if it has one. This produces strings
+similar to those seen in custom columns. The resultant string can also
+be used with other operators. E.g.:
+
+    vals(pfcp.msg_type) contains "Request"
+
+would match all packets which have a PFCP request, even if that request is not
+matched with a response.
+
+dec() and hex() convert unsigned integer fields to decimal or hexadecimal
+representation. Currently dec() and string() give same result for an unsigned
+integer, but it is possible that in the future string() will use the native
+base of the field.
 
 max() and min() take any number of arguments and returns one value, respectively
 the largest/smallest. The arguments must all have the same type.
 
+There is also a set of functions to test IP addresses:
+
+    ip_special_name(ip)       - Returns the IP special-purpose block name as a string
+    ip_special_mask(ip)       - Returns the IP special-purpose block flags as a mask. The bits are:
+                                    4 3 2 1 0
+                                    ---------
+                                    S D F G R
+                                S = Source, D = Destination, F = Forwardable, G = Globally-reachable, R = Reserved-by-protocol
+
+    ip_linklocal(ip)          - true if the IPv4 or IPv6 address is link-local
+    ip_multicast(ip)          - true if the IPv4 or IPv6 address is multicast
+    ip_rfc1918(ipv4)          - true if the IPv4 address is private-use (from the allocation in RFC 1918)
+    ip_ula(ipv6)              - true if the IPv6 address is unique-local (ULA) as in RFC 4193
+
+=== Macros
+
+It is possible to define display filter macros. Macro are names that are
+replaced with the associated expression, possibly performing argument substitution.
+Macro expansions are purely textual replacements and performed recursively before compilation.
+They allow replacing long and often used expressions with easy to use names.
+
+Macros are defined using the GUI or directly in the "dmacros" configuration
+file. For example the definition
+
+    "addplusone" {$1 + $2 + 1}
+
+creates a macro called `addplusone` that takes two arguments and expands to the given expression.
+Arguments in the replacement expression are given using the dollar sign.
+
+Macros are invoked like function but preceded with a dollar sign
+(sometimes also called a sigil):
+
+    $addplusone(udp.src_port,udp.dst_port)
+
+results in the expression
+
+    {udp.src_port + udp.dst_port + 1}
+
+after argument substitution. There is an older alternative notation to invoke macros:
+
+    ${addplusone:udp.src_port;udp.dst_port}
+
+or
+
+    ${addplusone;udp.src_port;udp.dst_port}
+
+Both forms are equivalent and can be used interchangibly as a matter of
+preference.
+
 === Protocol field types
 
 Each protocol field is typed. The types are:
@@ -483,12 +552,46 @@ can be convenient:
     frame[4] == 0xff
     frame[1:4] contains 0x02
 
+An integer or boolean field that has a value string can be compared to
+to one of the strings that corresponds with a value.
+As with stringlike fields and comparisons, it is possible to perform
+the comparison with an unquoted literal, though this is deprecated and
+will not work if the literal contains a space (as with "Modify Bearer
+Response" above). Double quotes are recommended.
+
+If there is a unique reverse mapping from the string literal into a
+numeric value, the string is converted into that number and the
+comparison function is applied using arithmetic rules. If the mapping
+is not unique, then equality and inequality can be tested, but not the
+ordered comparisons.
+
+This is in contrast to the `string()` and `vals()` function, which
+convert the field value to a string and applies string (lexicographic)
+comparisons, as well as work with all operators that take strings.
+Therefore the following two filters give the same result:
+
+    gtpv2.message_type <= 35
+    gtpv2.message_type <= "Modify Bearer Response"
+
+whereas
+
+    vals(gtpv2.message_type) <= "Modify Bearer Response"
+
+matches all messages whose value string precedes "Modify Bearer Response"
+in lexicographical order, and
+
+    string(gtpv2.message_type) <= "35"
+
+matches all messages such that the message type comes before "35" in
+lexicographical order, i.e. would also match "170" (the message type
+for "Release Access Bearers Request.")
+
 === Bitwise operators
 
 It is also possible to define tests with bitwise operations. Currently the
 following bitwise operator is supported:
 
-    bitwise_and, &	Bitwise AND
+    bitand, bitwise_and, &	Bitwise AND
 
 The bitwise AND operation allows masking bits and testing to see if one or
 more bits are set. Bitwise AND operates on integer protocol fields and slices.
@@ -519,6 +622,13 @@ Arithmetic expressions are supported with the usual operators:
     /   Division
     %   Modulo (integer remainder)
 
+Arithmetic operations can be performed on numeric types. Numeric types are
+integers, floating point numbers and date and time values.
+
+Date and time values can only be multiplied by integers or floating point
+numbers (i.e: scalars) and furthermore the scalar multiplier must appear on
+the right-hand side of the arithmetic operation.
+
 For example it is possible to filter for UDP destination ports greater or
 equal by one to the source port with the expression:
 
@@ -537,13 +647,17 @@ or "A - B".
 
 === Protocol field references
 
-A variable using a sigil with the form ${some.proto.field} is called a field
+A variable using a sigil with the form $some.proto.field or ${some.proto.field} is called a field
 reference. A field reference is a field value read from the currently
 selected frame in the GUI. This is useful to build dynamic filters such as,
 frames since the last five minutes to the selected frame:
 
     frame.time_relative >= ${frame.time_relative} - 300
 
+or more simply
+
+    frame.time_relative >= $frame.time_relative - 300
+
 Field references share a similar notation to macros but are distinct
 syntactical elements in the filter language.
 
@@ -618,7 +732,7 @@ can find references and examples at the following locations:
 
 * `tshark -G fields` on the command line
 
-* The Wireshark wiki: https://gitlab.com/wireshark/wireshark/-/wikis/DisplayFilters
+* The Wireshark wiki: {wireshark-wiki-url}DisplayFilters
 
 == NOTES
 
@@ -631,11 +745,10 @@ See https://www.pcre.org/ for more information.
 
 This manpage does not describe the capture filter syntax, which is
 different. See the manual page of xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or, if that doesn't exist,
-xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8), or, if that doesn't exist, https://gitlab.com/wireshark/wireshark/-/wikis/CaptureFilters
+xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8), or, if that doesn't exist, {wireshark-wiki-url}CaptureFilters
 for a description of capture filters.
 
-Display Filters are also described in the User's Guide:
-https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html
+Display Filters are also described in the link:{wireshark-users-guide-url}ChWorkBuildDisplayFilterSection.html[Wireshark User's Guide].
 
 == SEE ALSO
 
diff --git a/doc/man_pages/wireshark.adoc b/doc/man_pages/wireshark.adoc
new file mode 100644
index 00000000..c5e963e1
--- /dev/null
+++ b/doc/man_pages/wireshark.adoc
@@ -0,0 +1,1099 @@
+include::../attributes.adoc[]
+= wireshark(1)
+:doctype: manpage
+:stylesheet: ws.css
+:linkcss:
+:copycss: {css_dir}/{stylesheet}
+
+== NAME
+
+wireshark - Interactively dump and analyze network traffic
+
+== SYNOPSIS
+
+[manarg]
+*wireshark*
+[ *-i* <capture interface>|- ]
+[ *-f* <capture filter> ]
+[ *-Y* <display filter> ]
+[ *-w* <outfile> ]
+[ *options* ]
+[ <infile> ]
+
+[manarg]
+*wireshark*
+*-h|--help*
+
+[manarg]
+*wireshark*
+*-v|--version*
+
+== DESCRIPTION
+
+*Wireshark* is a GUI network protocol analyzer.  It lets you
+interactively browse packet data from a live network or from a
+previously saved capture file.  *Wireshark*'s native capture file
+formats are *pcapng* format and *pcap* format; it can read and write
+both formats..  *pcap* format is also the format used by *tcpdump* and
+various other tools; *tcpdump*, when using newer versions of the
+*libpcap* library, can also read some pcapng files, and, on newer
+versions of macOS, can read all pcapng files and can write them as well.
+
+*Wireshark* can also read / import the following file formats:
+
+* Oracle (previously Sun) *snoop* and *atmsnoop* captures
+
+* Finisar (previously Shomiti) *Surveyor* captures
+
+* Microsoft *Network Monitor* captures
+
+* Novell *LANalyzer* captures
+
+* AIX's *iptrace* captures
+
+* Cinco Networks *NetXRay* captures
+
+* NETSCOUT (previously Network Associates/Network General) Windows-based
+*Sniffer* captures
+
+* Network General/Network Associates DOS-based *Sniffer* captures
+(compressed or uncompressed)
+
+* LiveAction (previously WildPackets/Savvius) **Peek*/*EtherHelp*/*PacketGrabber* captures
+
+* *RADCOM*'s WAN/LAN analyzer captures
+
+* Viavi (previously Network Instruments) *Observer* captures
+
+* *Lucent/Ascend* router debug output
+
+* captures from HP-UX *nettl*
+
+* *Toshiba's* ISDN routers dump output
+
+* the output from *i4btrace* from the ISDN4BSD project
+
+* traces from the *EyeSDN* USB S0
+
+* the *IPLog* format output from the Cisco Secure Intrusion Detection System
+
+* *pppd logs* (pppdump format)
+
+* the output from VMS's *TCPIPtrace*/*TCPtrace*/*UCX$TRACE* utilities
+
+* the text output from the *DBS Etherwatch* VMS utility
+
+* Visual Networks' *Visual UpTime* traffic capture
+
+* the output from *CoSine* L2 debug
+
+* the output from InfoVista (previously Accellent) *5View* LAN agents
+
+* Endace Measurement Systems' ERF format captures
+
+* Linux Bluez Bluetooth stack *hcidump -w* traces
+
+* Catapult DCT2000 .out files
+
+* Gammu generated text output from Nokia DCT3 phones in Netmonitor mode
+
+* IBM Series (OS/400) Comm traces (ASCII & UNICODE)
+
+* Juniper Netscreen snoop files
+
+* Symbian OS btsnoop files
+
+* TamoSoft CommView files
+
+* Tektronix K12xx 32bit .rf5 format files
+
+* Tektronix K12 text file format captures
+
+* Apple PacketLogger files
+
+* Captures from Aethra Telecommunications' PC108 software for their test
+instruments
+
+* Citrix NetScaler Trace files
+
+* Android Logcat binary and text format logs
+
+* Colasoft Capsa and PacketBuilder captures
+
+* Micropross mplog files
+
+* Unigraf DPA-400 DisplayPort AUX channel monitor traces
+
+* 802.15.4 traces from Daintree's Sensor Network Analyzer
+
+* MPEG-2 Transport Streams as defined in ISO/IEC 13818-1
+
+* Log files from the _candump_ utility
+
+* Logs from the BUSMASTER tool
+
+* Ixia IxVeriWave raw captures
+
+* Rabbit Labs CAM Inspector files
+
+*  _systemd_ journal files
+
+* 3GPP TS 32.423 trace files
+
+There is no need to tell *Wireshark* what type of
+file you are reading; it will determine the file type by itself.
+*Wireshark* is also capable of reading any of these file formats if they
+are compressed using gzip, LZ4, or Zstandard, if compiled with the
+appropriate support.  *Wireshark* recognizes this directly from the file;
+the '.gz' or other extension is not required for this purpose.
+
+Like other protocol analyzers, *Wireshark*'s main window shows 3 views
+of a packet.  It shows a summary line, briefly describing what the
+packet is.  A packet details display is shown, allowing you to drill
+down to exact protocol or field that you interested in.  Finally, a hex
+dump shows you exactly what the packet looks like when it goes over the
+wire.
+
+In addition, *Wireshark* has some features that make it unique.  It can
+assemble all the packets in a TCP conversation and show you the ASCII
+(or EBCDIC, or hex) data in that conversation.  Display filters in
+*Wireshark* are very powerful; more fields are filterable in *Wireshark*
+than in other protocol analyzers, and the syntax you can use to create
+your filters is richer.  As *Wireshark* progresses, expect more and more
+protocol fields to be allowed in display filters.
+
+Packet capturing is performed with the pcap library.  The capture filter
+syntax follows the rules of the pcap library.  This syntax is different
+from the display filter syntax.
+
+Compressed file support uses (and therefore requires) the zlib library.
+If the zlib library is not present, *Wireshark* will compile, but will
+be unable to read compressed files.
+
+The pathname of a capture file to be read can be specified with the
+*-r* option or can be specified as a command-line argument.
+
+== OPTIONS
+
+Most users will want to start *Wireshark* without options and configure
+it from the menus instead.  Those users may just skip this section.
+
+-a|--autostop  <capture autostop condition>::
++
+--
+Specify a criterion that specifies when *Wireshark* is to stop writing
+to a capture file.  The criterion is of the form __test:value__,
+where __test__ is one of:
+
+*duration*:__value__ Stop writing to a capture file after __value__ seconds have
+elapsed. Floating point values (e.g. 0.5) are allowed.
+
+*files*:__value__ Stop writing to capture files after __value__ number of files
+were written.
+
+*filesize*:__value__ Stop writing to a capture file after it reaches a size of
+__value__ kB.  If this option is used together with the -b option, Wireshark
+will stop writing to the current capture file and switch to the next one if
+filesize is reached.  Note that the filesize is limited to a maximum value of
+2 TB, although you might have problems viewing the file in the GUI before then if
+the number of packets exceeds 2^31^ (2147483648).
+
+*packets*:__value__ Stop writing to a capture file after it contains __value__
+packets. Acts the same as *-c*<capture packet count>.
+--
+
+-b|--ring-buffer  <capture ring buffer option>::
++
+--
+Cause *Wireshark* to run in "multiple files" mode.  In "multiple files" mode,
+*Wireshark* will write to several capture files.  When the first capture file
+fills up, *Wireshark* will switch writing to the next file and so on.
+
+The created filenames are based on the filename given with the *-w* flag,
+the number of the file and on the creation date and time,
+e.g. outfile_00001_20240714120117.pcap, outfile_00002_20240714120523.pcap, ...
+
+With the __files__ option it's also possible to form a "ring buffer".
+This will fill up new files until the number of files specified,
+at which point *Wireshark* will discard the data in the first file and start
+writing to that file and so on.  If the __files__ option is not set,
+new files filled up until one of the capture stop conditions match (or
+until the disk is full).
+
+The criterion is of the form __key:value__,
+where __key__ is one of:
+
+*duration*:__value__ switch to the next file after __value__ seconds have
+elapsed, even if the current file is not completely filled up. Floating
+point values (e.g. 0.5) are allowed.
+
+*files*:__value__ begin again with the first file after __value__ number of
+files were written (form a ring buffer).  This value must be less than 100000.
+Caution should be used when using large numbers of files: some filesystems do
+not handle many files in a single directory well.  The *files* criterion
+requires one of the other criteria to be specified to
+control when to go to the next file.  It should be noted that each *-b*
+parameter takes exactly one criterion; to specify two criteria, each must be
+preceded by the *-b* option.
+
+*filesize*:__value__ switch to the next file after it reaches a size of
+__value__ kB.  Note that the filesize is limited to a maximum value of 2 TB,
+although you might have problems viewing the file in the GUI before then if
+the number of packets exceeds 2^31^ (2147483648).
+
+*interval*:__value__ switch to the next file when the time is an exact
+multiple of __value__ seconds.
+
+*packets*:__value__ switch to the next file after it contains __value__
+packets.
+
+Example: *-b filesize:1000 -b files:5* results in a ring buffer of five files
+of size one megabyte each.
+--
+
+-B|--buffer-size  <capture buffer size>::
++
+--
+Set capture buffer size (in MiB, default is 2 MiB).  This is used by
+the capture driver to buffer packet data until that data can be written
+to disk.  If you encounter packet drops while capturing, try to increase
+this size.  Note that, while *Wireshark* attempts to set the buffer size
+to 2 MiB by default, and can be told to set it to a larger value, the
+system or interface on which you're capturing might silently limit the
+capture buffer size to a lower value or raise it to a higher value.
+
+This is available on UNIX-compatible systems, such as Linux, macOS,
+\*BSD, Solaris, and AIX, with libpcap 1.0.0 or later, and on Windows.
+It is not available on UNIX-compatible systems with earlier versions of
+libpcap.
+
+This option can occur multiple times.  If used before the first
+occurrence of the *-i* option, it sets the default capture buffer size.
+If used after an *-i* option, it sets the capture buffer size for
+the interface specified by the last *-i* option occurring before
+this option.  If the capture buffer size is not set specifically,
+the default capture buffer size is used instead.
+--
+
+-c  <capture packet count>::
++
+--
+Set the maximum number of packets to read when capturing live
+data. Acts the same as *-a packets:*<capture packet count>.
+--
+
+-C  <configuration profile>::
++
+--
+Start with the given configuration profile.
+--
+
+--capture-comment <comment>::
++
+--
+When performing a capture file from the command line, with the *-k*
+flag, add a capture comment to the output file, if supported by the
+capture format.
+
+This option may be specified multiple times.  Note that Wireshark
+currently only displays the first comment of a capture file.
+--
+
+-D|--list-interfaces::
++
+--
+Print a list of the interfaces on which *Wireshark* can capture, and
+exit.  For each network interface, a number and an interface name,
+possibly followed by a text description of the interface, is printed.
+The interface name or the number can be supplied to the *-i* flag to
+specify an interface on which to capture.  The number can be useful on
+Windows systems, where the interfaces have long names that usually
+contain a GUID.
+--
+
+--display <X display to use>::
++
+--
+Specifies the X display to use.  A hostname and screen (otherhost:0.0)
+or just a screen (:0.0) can be specified.  This option is not available
+under macOS or Windows.
+--
+
+-f  <capture filter>::
++
+--
+Set the capture filter expression.
+
+This option can occur multiple times.  If used before the first
+occurrence of the *-i* option, it sets the default capture filter expression.
+If used after an *-i* option, it sets the capture filter expression for
+the interface specified by the last *-i* option occurring before
+this option.  If the capture filter expression is not set specifically,
+the default capture filter expression is used if provided.
+
+Pre-defined capture filter names, as shown in the GUI menu item Capture->Capture Filters,
+can be used by prefixing the argument with "predef:".
+Example: *-f "predef:MyPredefinedHostOnlyFilter"*
+--
+
+-F  <file format>::
+When performing a capture file from the command line, with the *-k* option,
+set the file format of the output capture file written using the *-w* option.
+In situations that require the *pcapng* format, such as capturing from
+multiple interfaces, this option will be overridden. The option *-F*
+without a value will list the available formats. The default is the
+*pcapng* format (unless the default has been changed in preferences.)
+
+This does not support every format to which Wireshark can convert a file;
+this is intentional for security reasons. Capture in a supported format and
+then save the file in a different format if so desired.
+
+--fullscreen::
++
+--
+Start Wireshark in full screen mode (kiosk mode). To exit from fullscreen mode,
+open the View menu and select the Full Screen option. Alternatively, press the
+F11 key (or Ctrl + Cmd + F for macOS).
+--
+
+-g  <packet number>::
+After reading in a capture file using the *-r* flag, go to the given __packet number__.
+
+-h|--help::
+Print the version number and options and exit.
+
+-H::
+Hide the capture info dialog during live packet capture.
+
+-i|--interface  <capture interface>|-::
++
+--
+Set the name of the network interface or pipe to use for live packet
+capture.
+
+Network interface names should match one of the names listed in "*wireshark
+-D*" (described above); a number, as reported by "*tshark -D*", can also
+be used.
+
+If no interface is specified, *Wireshark* searches the list of
+interfaces, choosing the first non-loopback interface if there are any
+non-loopback interfaces, and choosing the first loopback interface if
+there are no non-loopback interfaces.  If there are no interfaces at all,
+*Wireshark* reports an error and doesn't start the capture.
+
+Pipe names should be either the name of a FIFO (named pipe) or "-" to
+read data from the standard input.  On Windows systems, pipe names must be
+of the form +"\\.\pipe\+*pipename*".  Data read from pipes must be in
+standard pcapng or pcap format. Pcapng data must have the same
+endianness as the capturing host.
+
+"TCP@<host>:<port>" causes *Wireshark* to attempt to connect to the
+specified port on the specified host and read pcapng or pcap data.
+
+This option can occur multiple times. When capturing from multiple
+interfaces, the capture file will be saved in pcapng format.
+--
+
+-I|--monitor-mode::
++
+--
+Put the interface in "monitor mode"; this is supported only on IEEE
+802.11 Wi-Fi interfaces, and supported only on some operating systems.
+
+Note that in monitor mode the adapter might disassociate from the
+network with which it's associated, so that you will not be able to use
+any wireless networks with that adapter.  This could prevent accessing
+files on a network server, or resolving host names or network addresses,
+if you are capturing in monitor mode and are not connected to another
+network with another adapter.
+
+This option can occur multiple times.  If used before the first
+occurrence of the *-i* option, it enables the monitor mode for all interfaces.
+If used after an *-i* option, it enables the monitor mode for
+the interface specified by the last *-i* option occurring before
+this option.
+--
+
+-j::
+Use after *-J* to change the behavior when no exact match is found for
+the filter.  With this option select the first packet before.
+
+-J  <jump filter>::
++
+--
+After reading in a capture file using the *-r* flag, jump to the packet
+matching the filter (display filter syntax).  If no exact match is found
+the first packet after that is selected.
+--
+
+-k::
++
+--
+Start the capture session immediately.  If the *-i* flag was
+specified, the capture uses the specified interface.  Otherwise,
+*Wireshark* searches the list of interfaces, choosing the first
+non-loopback interface if there are any non-loopback interfaces, and
+choosing the first loopback interface if there are no non-loopback
+interfaces; if there are no interfaces, *Wireshark* reports an error and
+doesn't start the capture.
+--
+
+-l::
+Turn on automatic scrolling if the packet display is being updated
+automatically as packets arrive during a capture (as specified by the
+*-S* flag).
+
+-L|--list-data-link-types::
+List the data link types supported by the interface and exit.
+
+--list-time-stamp-types::
+List time stamp types supported for the interface. If no time stamp type can be
+set, no time stamp types are listed.
+
+-o  <preference/recent setting>::
++
+--
+Set a preference or recent value, overriding the default value and any value
+read from a preference/recent file.  The argument to the flag is a string of
+the form __prefname:value__, where __prefname__ is the name of the
+preference/recent value (which is the same name that would appear in the
+preference/recent file), and __value__ is the value to which it should be set.
+Since *Ethereal* 0.10.12, the recent settings replaces the formerly used
+-B, -P and -T flags to manipulate the GUI dimensions.
+
+If __prefname__ is "uat", you can override settings in various user access
+tables using the form "uat:__uat filename__:__uat record__".  __uat filename__
+must be the name of a UAT file, e.g. __user_dlts__.  __uat_record__ must be in
+the form of a valid record for that file, including quotes.  For instance, to
+specify a user DLT from the command line, you would use
+
+    -o "uat:user_dlts:\"User 0 (DLT=147)\",\"cops\",\"0\",\"\",\"0\",\"\""
+--
+
+-p|--no-promiscuous-mode::
++
+--
+__Don't__ put the interface into promiscuous mode.  Note that the
+interface might be in promiscuous mode for some other reason; hence,
+*-p* cannot be used to ensure that the only traffic that is captured is
+traffic sent to or from the machine on which *Wireshark* is running,
+broadcast traffic, and multicast traffic to addresses received by that
+machine.
+
+This option can occur multiple times.  If used before the first
+occurrence of the *-i* option, no interface will be put into the
+promiscuous mode.
+If used after an *-i* option, the interface specified by the last *-i*
+option occurring before this option will not be put into the
+promiscuous mode.
+--
+
+-P <path setting>::
++
+--
+Special path settings usually detected automatically.  This is used for
+special cases, e.g. starting Wireshark from a known location on an USB stick.
+
+The criterion is of the form __key:path__, where __key__ is one of:
+
+*persconf*:__path__ path of personal configuration files, like the
+preferences files.
+
+*persdata*:__path__ path of personal data files, it's the folder initially
+opened.  After the very first initialization, the recent file will keep the
+folder last used.
+--
+
+-r|--read-file  <infile>::
++
+--
+Read packet data from __infile__, can be any supported capture file format
+(including compressed files).  It's not possible to use named pipes or stdin
+here, unlike *TShark*! To capture from a pipe or from stdin use *-i -*.
+--
+
+-R|--read-filter  <read (display) filter>::
++
+--
+When reading a capture file specified with the *-r* flag, causes the
+specified filter (which uses the syntax of display filters, rather than
+that of capture filters) to be applied to all packets read from the
+capture file; packets not matching the filter are discarded.
+--
+
+-s|--snapshot-length  <capture snaplen>::
++
+--
+Set the default snapshot length to use when capturing live data.
+No more than __snaplen__ bytes of each network packet will be read into
+memory, or saved to disk.  A value of 0 specifies a snapshot length of
+262144, so that the full packet is captured; this is the default.
+
+This option can occur multiple times.  If used before the first
+occurrence of the *-i* option, it sets the default snapshot length.
+If used after an *-i* option, it sets the snapshot length for
+the interface specified by the last *-i* option occurring before
+this option.  If the snapshot length is not set specifically,
+the default snapshot length is used if provided.
+--
+
+-S::
+Automatically update the packet display as packets are coming in.
+
+--temp-dir <directory>::
++
+--
+Specifies the directory into which temporary files (including capture
+files) are to be written.  The default behavior on UNIX-compatible systems,
+such as Linux, macOS, \*BSD, Solaris, and AIX, is to use the environment
+variable __$TMPDIR__ if set, and the system default, typically __/tmp__, if it
+is not.  On Windows, the __%TEMP%__ environment variable is used, which
+typically defaults to __%USERPROFILE%\AppData\Local\Temp__.
+--
+
+--time-stamp-type <type>::
+Change the interface's timestamp method. See --list-time-stamp-types.
+
+--update-interval  <interval>::
+Set the length of time in milliseconds between new packet reports during
+a capture. Also sets the granularity of file duration conditions.
+The default value is 100ms.
+
+-v|--version::
+Print the full version information and exit.
+
+-w  <outfile>::
+Set the default capture file name, or '-' for standard output.
+
+-X <eXtension options>::
++
+--
+Specify an option to be passed to an *Wireshark* module.  The eXtension option
+is in the form __extension_key:value__, where __extension_key__ can be:
+
+*lua_script*:__lua_script_filename__ tells *Wireshark* to load the given script in addition to the
+default Lua scripts.
+
+**lua_script**__num__:__argument__ tells *Wireshark* to pass the given argument
+to the lua script identified by 'num', which is the number indexed order of the 'lua_script' command.
+For example, if only one script was loaded with '-X lua_script:my.lua', then '-X lua_script1:foo'
+will pass the string 'foo' to the 'my.lua' script.  If two scripts were loaded, such as '-X lua_script:my.lua'
+and '-X lua_script:other.lua' in that order, then a '-X lua_script2:bar' would pass the string 'bar' to the second lua
+script, namely 'other.lua'.
+
+*read_format*:__file_format__ tells *Wireshark* to use the given file format to read in the
+file (the file given in the *-r* command option).
+
+*stdin_descr*:__description__ tells *Wireshark* to use the given description when
+capturing from standard input (*-i -*).
+--
+
+-y|--linktype  <capture link type>::
++
+--
+If a capture is started from the command line with *-k*, set the data
+link type to use while capturing packets.  The values reported by *-L*
+are the values that can be used.
+
+This option can occur multiple times.  If used before the first
+occurrence of the *-i* option, it sets the default capture link type.
+If used after an *-i* option, it sets the capture link type for
+the interface specified by the last *-i* option occurring before
+this option.  If the capture link type is not set specifically,
+the default capture link type is used if provided.
+--
+
+-Y|--display-filter  <displaY filter>::
+Start with the given display filter.
+
+-z  <statistics>::
++
+--
+Get *Wireshark* to collect various types of statistics and display the result
+in a window that updates in semi-real time.
+
+Some of the currently implemented statistics are:
+--
+
+*-z help*::
+Display all possible values for *-z*.
+
+*-z* afp,srt[,__filter__]::
++
+--
+Show Apple Filing Protocol service response time statistics.
+--
+
+*-z* conv,__type__[,__filter__]::
++
+--
+Create a table that lists all conversations that could be seen in the
+capture.  __type__ specifies the conversation endpoint types for which we
+want to generate the statistics; currently the supported ones are:
+
+  "eth"   Ethernet addresses
+  "fc"    Fibre Channel addresses
+  "fddi"  FDDI addresses
+  "ip"    IPv4 addresses
+  "ipv6"  IPv6 addresses
+  "ipx"   IPX addresses
+  "tcp"   TCP/IP socket pairs   Both IPv4 and IPv6 are supported
+  "tr"    Token Ring addresses
+  "udp"   UDP/IP socket pairs   Both IPv4 and IPv6 are supported
+
+If the optional __filter__ is specified, only those packets that match the
+filter will be used in the calculations.
+
+The table is presented with one line for each conversation and displays
+the number of packets/bytes in each direction as well as the total
+number of packets/bytes.  By default, the table is sorted according to
+the total number of packets.
+
+These tables can also be generated at runtime by selecting the appropriate
+conversation type from the menu "Tools/Statistics/Conversation List/".
+--
+
+*-z* dcerpc,srt,__name-or-uuid__,__major__.__minor__[,__filter__]::
++
+--
+Collect call/reply SRT (Service Response Time) data for DCERPC interface
+__name__ or __uuid__, version __major__.__minor__.
+Data collected is the number of calls for each procedure, MinSRT, MaxSRT
+and AvgSRT.
+Interface __name__ and __uuid__ are case-insensitive.
+
+Example: [.nowrap]#*-z dcerpc,srt,12345778-1234-abcd-ef00-0123456789ac,1.0*# will collect data for the CIFS SAMR Interface.
+
+This option can be used multiple times on the command line.
+
+If the optional __filter__  is provided, the stats will only be calculated
+on those calls that match that filter.
+
+Example: [.nowrap]#*-z dcerpc,srt,12345778-1234-abcd-ef00-0123456789ac,1.0,ip.addr==1.2.3.4*# will collect SAMR
+SRT statistics for a specific host.
+--
+
+*-z* dhcp,stat[,__filter__]::
+Show DHCP (BOOTP) statistics.
+
+*-z* expert::
+Show expert information.
+
+*-z* fc,srt[,__filter__]::
++
+--
+Collect call/reply SRT (Service Response Time) data for FC.  Data collected
+is the number of calls for each Fibre Channel command, MinSRT, MaxSRT and AvgSRT.
+
+Example: *-z fc,srt*
+will calculate the Service Response Time as the time delta between the
+First packet of the exchange and the Last packet of the exchange.
+
+The data will be presented as separate tables for all normal FC commands,
+Only those commands that are seen in the capture will have its stats
+displayed.
+
+This option can be used multiple times on the command line.
+
+If the optional __filter__ is provided, the stats will only be calculated
+on those calls that match that filter.
+
+Example: *-z "fc,srt,fc.id==01.02.03"* will collect stats only for
+FC packets exchanged by the host at FC address 01.02.03 .
+--
+
+*-z* h225,counter[__,filter__]::
++
+--
+Count ITU-T H.225 messages and their reasons.  In the first column you get a
+list of H.225 messages and H.225 message reasons which occur in the current
+capture file.  The number of occurrences of each message or reason is displayed
+in the second column.
+
+Example: *-z h225,counter*
+
+This option can be used multiple times on the command line.
+
+If the optional __filter__ is provided, the stats will only be calculated
+on those calls that match that filter.
+
+Example: *-z "h225,counter,ip.addr==1.2.3.4"* will collect stats only for
+H.225 packets exchanged by the host at IP address 1.2.3.4 .
+--
+
+*-z* h225,srt[__,filter__]::
++
+--
+Collect request/response SRT (Service Response Time) data for ITU-T H.225 RAS.
+Data collected is the number of calls of each ITU-T H.225 RAS Message Type,
+Minimum SRT, Maximum SRT, Average SRT, Minimum in Packet, and Maximum in Packet.
+You will also get the number of Open Requests (Unresponded Requests),
+Discarded Responses (Responses without matching request) and Duplicate Messages.
+
+Example: *-z h225,srt*
+
+This option can be used multiple times on the command line.
+
+If the optional __filter__ is provided, the stats will only be calculated
+on those calls that match that filter.
+
+Example: *-z "h225,srt,ip.addr==1.2.3.4"* will collect stats only for
+ITU-T H.225 RAS packets exchanged by the host at IP address 1.2.3.4 .
+--
+
+*-z* io,stat::
++
+--
+Collect packet/bytes statistics for the capture in intervals of 1 second.
+This option will open a window with up to 5 color-coded graphs where
+number-of-packets-per-second or number-of-bytes-per-second statistics
+can be calculated and displayed.
+
+This option can be used multiple times on the command line.
+
+This graph window can also be opened from the Analyze:Statistics:Traffic:IO-Stat
+menu item.
+--
+
+*-z* ldap,srt[,__filter__]::
++
+--
+Collect call/reply SRT (Service Response Time) data for LDAP.  Data collected
+is the number of calls for each implemented LDAP command, MinSRT, MaxSRT and AvgSRT.
+
+Example: *-z ldap,srt*
+will calculate the Service Response Time as the time delta between the
+Request and the Response.
+
+The data will be presented as separate tables for all implemented LDAP commands,
+Only those commands that are seen in the capture will have its stats
+displayed.
+
+This option can be used multiple times on the command line.
+
+If the optional __filter__ is provided, the stats will only be calculated
+on those calls that match that filter.
+
+Example: use *-z "ldap,srt,ip.addr==10.1.1.1"* will collect stats only for
+LDAP packets exchanged by the host at IP address 10.1.1.1 .
+
+The only LDAP commands that are currently implemented and for which the stats will be available are:
+BIND
+SEARCH
+MODIFY
+ADD
+DELETE
+MODRDN
+COMPARE
+EXTENDED
+--
+
+*-z* megaco,srt[__,filter__]::
++
+--
+Collect request/response SRT (Service Response Time) data for MEGACO.
+(This is similar to *-z smb,srt*).  Data collected is the number of calls
+for each known MEGACO Command, Minimum SRT, Maximum SRT and Average SRT.
+
+Example: *-z megaco,srt*
+
+This option can be used multiple times on the command line.
+
+If the optional __filter__ is provided, the stats will only be calculated
+on those calls that match that filter.
+
+Example: *-z "megaco,srt,ip.addr==1.2.3.4"* will collect stats only for
+MEGACO packets exchanged by the host at IP address 1.2.3.4 .
+--
+
+*-z* mgcp,srt[__,filter__]::
++
+--
+Collect request/response SRT (Service Response Time) data for MGCP.
+(This is similar to *-z smb,srt*).  Data collected is the number of calls
+for each known MGCP Type, Minimum SRT, Maximum SRT and Average SRT.
+
+Example: *-z mgcp,srt*
+
+This option can be used multiple times on the command line.
+
+If the optional __filter__ is provided, the stats will only be calculated
+on those calls that match that filter.
+
+Example: *-z "mgcp,srt,ip.addr==1.2.3.4"* will collect stats only for
+MGCP packets exchanged by the host at IP address 1.2.3.4 .
+--
+
+*-z* mtp3,msus[,<filter>]::
+Show MTP3 MSU statistics.
+
+*-z* multicast,stat[,<filter>]::
+Show UDP multicast stream statistics.
+
+*-z* rpc,programs::
++
+--
+Collect call/reply SRT data for all known ONC-RPC programs/versions.
+Data collected is the number of calls for each protocol/version, MinSRT,
+MaxSRT and AvgSRT.
+--
+
+*-z* rpc,srt,__name-or-number__,__version__[,<filter>]::
++
+--
+Collect call/reply SRT (Service Response Time) data for program
+__name__/__version__ or __number__/__version__.
+Data collected is the number of calls for each procedure, MinSRT, MaxSRT and
+AvgSRT.
+Program __name__ is case-insensitive.
+
+Example: *-z rpc,srt,100003,3* will collect data for NFS v3.
+
+This option can be used multiple times on the command line.
+
+If the optional __filter__ is provided, the stats will only be calculated
+on those calls that match that filter.
+
+Example: [.nowrap]#*-z rpc,srt,nfs,3,nfs.fh.hash==0x12345678*# will collect NFS v3
+SRT statistics for a specific file.
+--
+
+*-z* scsi,srt,__cmdset__[,<filter>]::
++
+--
+Collect call/reply SRT (Service Response Time) data for SCSI commandset <cmdset>.
+
+Commandsets are 0:SBC   1:SSC  5:MMC
+
+Data collected
+is the number of calls for each procedure, MinSRT, MaxSRT and AvgSRT.
+
+Example: *-z scsi,srt,0* will collect data for SCSI BLOCK COMMANDS (SBC).
+
+This option can be used multiple times on the command line.
+
+If the optional __filter__ is provided, the stats will only be calculated
+on those calls that match that filter.
+
+Example: *-z scsi,srt,0,ip.addr==1.2.3.4* will collect SCSI SBC
+SRT statistics for a specific iscsi/ifcp/fcip host.
+--
+
+*-z* sip,stat[__,filter__]::
++
+--
+This option will activate a counter for SIP messages.  You will get the number
+of occurrences of each SIP Method and of each SIP Status-Code.  Additionally you
+also get the number of resent SIP Messages (only for SIP over UDP).
+
+Example: *-z sip,stat*
+
+This option can be used multiple times on the command line.
+
+If the optional __filter__ is provided, the stats will only be calculated
+on those calls that match that filter.
+
+Example: *-z "sip,stat,ip.addr==1.2.3.4"* will collect stats only for
+SIP packets exchanged by the host at IP address 1.2.3.4 .
+--
+
+*-z* smb,srt[,__filter__]::
++
+--
+Collect call/reply SRT (Service Response Time) data for SMB.  Data collected
+is the number of calls for each SMB command, MinSRT, MaxSRT and AvgSRT.
+
+Example: *-z smb,srt*
+
+The data will be presented as separate tables for all normal SMB commands,
+all Transaction2 commands and all NT Transaction commands.
+Only those commands that are seen in the capture will have their stats
+displayed.
+Only the first command in a xAndX command chain will be used in the
+calculation.  So for common SessionSetupAndX + TreeConnectAndX chains,
+only the SessionSetupAndX call will be used in the statistics.
+This is a flaw that might be fixed in the future.
+
+This option can be used multiple times on the command line.
+
+If the optional __filter__ is provided, the stats will only be calculated
+on those calls that match that filter.
+
+Example: *-z "smb,srt,ip.addr==1.2.3.4"* will collect stats only for
+SMB packets exchanged by the host at IP address 1.2.3.4 .
+--
+
+*-z* voip,calls::
++
+--
+This option will show a window that shows VoIP calls found in the capture file.
+This is the same window shown as when you go to the Statistics Menu and choose
+VoIP Calls.
+
+Example: *-z voip,calls*
+--
+
+*-z* wlan,stat[,<filter>]::
+Show IEEE 802.11 network and station statistics.
+
+*-z* wsp,stat[,<filter>]::
+Show WSP packet counters.
+
+include::dissection-options.adoc[tags=**;!tshark]
+
+include::diagnostic-options.adoc[]
+
+== INTERFACE
+
+The link:{wireshark-users-guide-url}[Wireshark User's Guide] contains a description of the user interface. It also may be installed locally along with Wireshark. Pressing the F1 key will attempt to open the guide locally if present, falling back to the online guide if not.
+
+== CAPTURE FILTER SYNTAX
+
+See the manual page of xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or, if that doesn't exist, xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8),
+or, if that doesn't exist, {wireshark-wiki-url}CaptureFilters.
+
+== DISPLAY FILTER SYNTAX
+
+For a complete table of protocol and protocol fields that are filterable
+in *Wireshark* see the xref:wireshark-filter.html[wireshark-filter](4) manual page.
+
+include::files.adoc[]
+
+== ENVIRONMENT VARIABLES
+
+// Should this be moved to an include file?
+
+WIRESHARK_CONFIG_DIR::
++
+--
+This environment variable overrides the location of personal
+configuration files.  On UNIX-compatible systems, such as Linux, macOS,
+\*BSD, Solaris, and AIX, it defaults to __$XDG_CONFIG_HOME/wireshark__
+(or, if that directory doesn't exist but __$HOME/.wireshark__ does
+exist, __$HOME/.wireshark__); this is typically
+__$HOME/.config/wireshark__.  On Windows, it defaults to
+__%APPDATA%\Wireshark__ (or, if %APPDATA% isn't defined,
+__%USERPROFILE%\Application Data\Wireshark__).  Available since
+Wireshark 3.0.
+--
+
+WIRESHARK_DEBUG_WMEM_OVERRIDE::
+Setting this environment variable forces the wmem framework to use the
+specified allocator backend for *all* allocations, regardless of which
+backend is normally specified by the code. This is mainly useful to developers
+when testing or debugging. See __README.wmem__ in the source distribution for
+details.
+
+WIRESHARK_RUN_FROM_BUILD_DIRECTORY::
+This environment variable causes the plugins and other data files to be
+loaded from the build directory (where the program was compiled) rather
+than from the standard locations.  It has no effect when the program in
+question is running with root (or setuid) permissions on UNIX-compatible
+systems, such as Linux, macOS, \*BSD, Solaris, and AIX.
+
+WIRESHARK_DATA_DIR::
+This environment variable causes the various data files to be loaded from
+a directory other than the standard locations.  It has no effect when the
+program in question is running with root (or setuid) permissions on
+UNIX-compatible systems.
+
+WIRESHARK_EXTCAP_DIR::
+This environment variable causes the various extcap programs and scripts
+to be run from a directory other than the standard locations.  It has no
+effect when the program in question is running with root (or setuid)
+permissions on UNIX-compatible systems.
+
+WIRESHARK_PLUGIN_DIR::
+This environment variable causes the various plugins to be loaded from
+a directory other than the standard locations.  It has no effect when the
+program in question is running with root (or setuid) permissions on
+UNIX-compatible systems.
+
+ERF_RECORDS_TO_CHECK::
+This environment variable controls the number of ERF records checked when
+deciding if a file really is in the ERF format.  Setting this environment
+variable a number higher than the default (20) would make false positives
+less likely.
+
+IPFIX_RECORDS_TO_CHECK::
+This environment variable controls the number of IPFIX records checked when
+deciding if a file really is in the IPFIX format.  Setting this environment
+variable a number higher than the default (20) would make false positives
+less likely.
+
+WIRESHARK_ABORT_ON_DISSECTOR_BUG::
+If this environment variable is set, *Wireshark* will call abort(3)
+when a dissector bug is encountered.  abort(3) will cause the program to
+exit abnormally; if you are running *Wireshark* in a debugger, it
+should halt in the debugger and allow inspection of the process, and, if
+you are not running it in a debugger, it will, on some OSes, assuming
+your environment is configured correctly, generate a core dump file.
+This can be useful to developers attempting to troubleshoot a problem
+with a protocol dissector.
+
+WIRESHARK_ABORT_ON_TOO_MANY_ITEMS::
+If this environment variable is set, *Wireshark* will call abort(3)
+if a dissector tries to add too many items to a tree (generally this
+is an indication of the dissector not breaking out of a loop soon enough).
+abort(3) will cause the program to exit abnormally; if you are running
+*Wireshark* in a debugger, it should halt in the debugger and allow
+inspection of the process, and, if you are not running it in a debugger,
+it will, on some OSes, assuming your environment is configured correctly,
+generate a core dump file.  This can be useful to developers attempting to
+troubleshoot a problem with a protocol dissector.
+
+WIRESHARK_QUIT_AFTER_CAPTURE::
+Cause *Wireshark* to exit after the end of the capture session.  This
+doesn't automatically start a capture; you must still use *-k* to do
+that.  You must also specify an autostop condition, e.g.  *-c* or *-a
+duration:...*.  This means that you will not be able to see the results
+of the capture after it stops; it's primarily useful for testing.
+
+WIRESHARK_LOG_LEVEL::
+This environment variable controls the verbosity of diagnostic messages to
+the console. From less verbose to most verbose levels can be `critical`,
+`warning`, `message`, `info`, `debug` or `noisy`. Levels above the
+current level are also active. Levels `critical` and `error` are always
+active.
+
+WIRESHARK_LOG_FATAL::
+Sets the fatal log level. Fatal log levels cause the program to abort.
+This level can be set to `Error`, `critical` or `warning`. `Error` is
+always fatal and is the default.
+
+WIRESHARK_LOG_DOMAINS::
+This environment variable selects which log domains are active. The filter is
+given as a case-insensitive comma separated list. If set only the included
+domains will be enabled. The default domain is always considered to be enabled.
+Domain filter lists can be preceded by '!' to invert the sense of the match.
+
+WIRESHARK_LOG_DEBUG::
+List of domains with `debug` log level. This sets the level of the provided
+log domains and takes precedence over the active domains filter. If preceded
+by '!' this disables the `debug` level instead.
+
+WIRESHARK_LOG_NOISY::
+Same as above but for `noisy` log level instead.
+
+== AUTHORS
+
+Wireshark would not be the powerful, featureful application it is without the generous contributions of hundreds of developers.
+
+A complete list of authors can be found in the AUTHORS file in Wireshark's source code repository and at https://www.wireshark.org/about.html#authors.
+
+== SEE ALSO
+
+xref:wireshark-filter.html[wireshark-filter](4), xref:tshark.html[tshark](1), xref:editcap.html[editcap](1), xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:dumpcap.html[dumpcap](1), xref:mergecap.html[mergecap](1),
+xref:text2pcap.html[text2pcap](1), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
+
+== NOTES
+
+This is the manual page for *Wireshark* {wireshark-version}.
+The latest version of *Wireshark* can be found at
+{wireshark-main-url}.
+
+HTML versions of the Wireshark project man pages are available at
+{wireshark-man-page-url}.
+
+The Wireshark's User Guide is available at
+{wireshark-users-guide-url}.
diff --git a/doc/packet-PROTOABBREV.c b/doc/packet-PROTOABBREV.c
index 6a2ce716..ee06f727 100644
--- a/doc/packet-PROTOABBREV.c
+++ b/doc/packet-PROTOABBREV.c
@@ -53,15 +53,15 @@ void proto_reg_handoff_PROTOABBREV(void);
 void proto_register_PROTOABBREV(void);
 
 /* Initialize the protocol and registered fields */
-static int proto_PROTOABBREV = -1;
-static int hf_FIELDABBREV = -1;
-static expert_field ei_PROTOABBREV_EXPERTABBREV = EI_INIT;
+static int proto_PROTOABBREV;
+static int hf_FIELDABBREV;
+static expert_field ei_PROTOABBREV_EXPERTABBREV;
 
 static dissector_handle_t PROTOABBREV_handle;
 static dissector_handle_t PROTOABBREV_tls_handle;
 
 /* Global sample preference ("controls" display of numbers) */
-static bool pref_hex = false;
+static bool pref_hex;
 /* Global sample port preference - real port preferences should generally
  * default to "" (for a range) or 0 (for a single uint) unless there is an
  * IANA-registered (or equivalent) port for your protocol. */
@@ -72,7 +72,7 @@ static unsigned tls_port_pref = PROTOABBREV_TLS_PORT;
 static range_t *tcp_port_range = PROTOABBREV_TCP_PORTS;
 
 /* Initialize the subtree pointers */
-static int ett_PROTOABBREV = -1;
+static int ett_PROTOABBREV;
 
 /* A sample #define of the minimum length (in bytes) of the protocol data.
  * If data is received with fewer than this many bytes it is rejected by
diff --git a/doc/plugins.example/hello.c b/doc/plugins.example/hello.c
index 7a252c80..5a9ccd81 100644
--- a/doc/plugins.example/hello.c
+++ b/doc/plugins.example/hello.c
@@ -9,6 +9,7 @@
 
 #define WS_BUILD_DLL
 #include <wireshark.h>
+#include <wsutil/plugins.h>
 #include <epan/packet.h>
 #include <epan/proto.h>
 
@@ -21,9 +22,9 @@ WS_DLL_PUBLIC_DEF const int plugin_want_major = WIRESHARK_VERSION_MAJOR;
 WS_DLL_PUBLIC_DEF const int plugin_want_minor = WIRESHARK_VERSION_MINOR;
 
 WS_DLL_PUBLIC void plugin_register(void);
+WS_DLL_PUBLIC uint32_t plugin_describe(void);
 
-
-static int proto_hello = -1;
+static int proto_hello;
 static dissector_handle_t handle_hello;
 
 static int
@@ -56,3 +57,9 @@ plugin_register(void)
     plug.register_handoff = proto_reg_handoff_hello; /* or NULL */
     proto_register_plugin(&plug);
 }
+
+uint32_t
+plugin_describe(void)
+{
+    return WS_PLUGIN_DESC_DISSECTOR;
+}
diff --git a/doc/release-notes.adoc b/doc/release-notes.adoc
index 1a169499..0a8c2e47 100644
--- a/doc/release-notes.adoc
+++ b/doc/release-notes.adoc
@@ -1,12 +1,14 @@
-include::../docbook/attributes.adoc[]
+include::attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
-:copycss: {stylesheet}
+:copycss: {css_dir}/{stylesheet}
 
 = Wireshark {wireshark-version} Release Notes
 // Asciidoctor Syntax Quick Reference:
 // https://asciidoctor.org/docs/asciidoc-syntax-quick-reference/
 
+This is the first release of the 4.4 branch.
+
 == What is Wireshark?
 
 Wireshark is the world’s most popular network protocol analyzer.
@@ -18,111 +20,483 @@ If you or your organization would like to contribute or become a sponsor, please
 
 == What’s New
 
-=== Bug Fixes
+// Add a summary of **major** changes here.
+// Add other changes to "New and Updated Features" below.
+
+Many improvements and fixes to the graphing dialogs, including
+I/O Graphs, Flow Graph / VoIP Calls, and TCP Stream Graphs.
+
+Wireshark now supports automatic profile switching.
+You can associate a display filter with a configuration profile, and when you open a capture file that matches the filter, Wireshark will automatically switch to that profile.
+
+Support for Lua 5.3 and 5.4 has been added, and support for Lua 5.1 and 5.2 has been removed.
+The Windows and macOS installers now ship with Lua 5.4.6.
+
+Improved display filter support for value strings (optional string representations for numeric fields).
+
+Display filter functions can be implemented as plugins, similar to protocol dissectors and file parsers.
+
+Display filters can be translated to pcap filters using menu:Edit[Copy,Display filter as pcap filter] if each display filter field has a corresponding pcap filter equivalent.
 
-If you are upgrading Wireshark 4.2.0 or 4.2.1 on Windows you will need to https://www.wireshark.org/download.html[download and install] Wireshark {wireshark-version} or later by hand.
+Custom columns can be defined using any valid field expression, such as
+display filter functions, packet slices, arithmetic calculations, logical tests,
+raw byte addressing, and protocol layer modifiers.
 
-A regression in the TCP Stream Graph "Time Sequence (tcptrace)" receive window line behavior introduced in 4.2.5 and 4.0.15 has been fixed. wsbuglink:19846[]
+Custom output fields for `tshark -e` can also be defined using any
+valid field expression.
 
-The following vulnerability has been fixed:
+Wireshark can be built with the zlib-ng instead of zlib for compressed file support.
+Zlib-ng is substantially faster than zlib.
+The official Windows and macOS packages include this feature.
 
-* wssalink:2024-10[]
-SPRT dissector crash.
-wsbuglink:19559[].
-// cveidlink:2024-xxx[].
-// Fixed in master: 8e5f8de883
-// Fixed in release-4.2: cef77b8fed
-// Fixed in release-4.0: cc67f836c0
-// CVSS AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
-// CWE-824
-// * SPRT parser crash. wsbuglink:19559[].
+Many other improvements have been made.
+See the “New and Updated Features” section below for more details.
 
-The following bugs have been fixed:
+//=== Bug Fixes
 
+//The following bugs have been fixed:
 //* wsbuglink:5000[]
 //* wsbuglink:6000[Wireshark bug]
 //* cveidlink:2014-2486[]
-//* Wireshark grabs your ID at 3 am, goes to Waffle House, and insults people.
-
-* RADIUS dissector's dictionary loading broken in many ways. wsbuglink:6466[].
-* 3.4 -> 3.6.5 ASCII display is broken on CentOS 7. wsbuglink:18096[].
-* Funnel/Lua: Closing child window disconnects buttons of parent. wsbuglink:18386[].
-* Lua detection fails with Alpine Linux: missing: LUA_LIBRARIES. wsbuglink:19841[].
-* vnd.3gpp.5gnas payloads of type SMS not decoded inside HTTP2 5GC. wsbuglink:19845[].
-* TCP Stream Graphs green sliding window line not displayed correctly. wsbuglink:19846[].
-* Wireshark window doesn't fully fit on screen on small resolutions and can't be resized properly on Russian language. wsbuglink:19861[].
-* Wireshark started from command line doesn't set gui.fileopen_remembered_dir correctly on Windows. wsbuglink:19891[].
-* Wireshark expects wrong length for DHCP Relay Agent Information Source Port Suboption. wsbuglink:19909[].
-* SIP P-Access-Network-Info header not correctly decoded. wsbuglink:19917[].
+//* Wireshark took a bite out of each of your freshly baked muffins until it found the perfect one.
 
 === New and Updated Features
 
-There are no new or updated features in this release.
+The following features are either new or have been significantly updated since version 4.2.0:
 
-// === Removed Features and Support
+* The Windows installers now ship with Npcap 1.79.
+  They previously shipped with Npcap 1.78.
 
-// === Removed Dissectors
+//* The Windows installers now ship with Qt 6.5.2.
+//  They previously shipped with Qt 6.2.3.
 
+* Improvements to the "I/O Graphs" dialog:
 
-=== New Protocol Support
+  ** A number of crasher bugs have been fixed.
 
-There are no new protocols in this release.
+  ** The protocol tree context menu can open a I/O graph of the currently
+     selected field. wsbuglink:11362[]
 
-=== Updated Protocol Support
+  ** Smaller intervals can be used, down to 1 microsecond. wsbuglink:13682[]
+
+  ** A larger number of I/O Graph item buckets can be used, up to 2^25^ (33 million)
+     items. wsbuglink:8460[]
+
+  ** The size of individual graph items has been reduced, which reduces memory utilization.
+
+  ** When the Y field or Y axis changes, the graph displays the new graph
+     correctly, retapping if necessary, instead of displaying information
+     based on stale data.
+
+  ** The graph is smarter about choosing whether to retap (expensive),
+     recalculate (moderately intensive), or replot (cheap) in order to
+     display the newly chosen options correctly with the least amount of
+     calculations. For instance, a graph that has previously been
+     plotted and is disabled and then reenabled without any other changes
+     will not require a new retap. wsbuglink:15822[]
+
+  ** LOAD graphs are graphed properly again. wsbuglink:18450[]
+
+  ** Y axes have human readable units with SI prefixes.
+     wsbuglink:12827[]
+
+  ** Bar widths are scaled to the size of the interval.
+
+  ** Bar border colors are a slightly darker color than that
+     of the graph itself, instead of always black. wsbuglink:17422[]
+
+  ** Time values have the correct width when axes are automatically reset.
+
+  ** The precision of the interval time shown in the hint message depends
+     on the interval.
+
+  ** The tracer follows the currently selected row on the table of graphs,
+     and does not appear on an invisible graph.
+
+  ** The tracer moves to the frame selected in the main window.
+     wsbuglink:12909[]
+
+  ** Pending graph changes are saved when changing profiles when the
+     I/O Graphs dialog is open.
+
+  ** I/O Graph dialog windows for closed capture files are no longer affected
+     by changing the list of graphs (either in that dialogs or in other dialogs
+     for the currently open file.)
+
+  ** Newly created temporary graphs, which will not be saved
+     unless the configuration has changed, are more clearly marked with
+     italics.
+
+  ** When "Time of Day" is selected for a graph, the absolute time will be
+     saved to CSV exports instead of the relative time. wsbuglink:13717[]
+
+  ** Graphs can be reordered by dragging and dropping their list entries. wsbuglink:13855[]
+
+  ** The graph layer order and legend order always matches the
+     order in the graph list. Legends also appear properly. wsbuglink:13854[]
+
+  ** The legend can be moved to other corners of the graph by right-clicking
+     on it and selecting its new location from a menu.
+
+  ** For purposes of displaying zero values, graphs with both lines and data point symbols are treated as line graphs, not scatter plots.
+
+  ** Logarithmic ticks are used when the Y axis is logarithmic.
+
+  ** The graph crosshairs context menu option works.
+
+  ** You can resize the graph list columns to their contents by right clicking on the list header.
+     wsbuglink:18102[]
+
+  ** The graph is more responsive to mouse movement, especially on Linux Wayland.
+
+* Improvements to the Sequence Diagram (Flow Graphs and VoIP Calls):
+
+  ** When exporting the graph as an image, the entire graph is shown
+     with up to 1000 items instead of only what was visible on-screen.
+     This value can be increased in the preferences. wsbuglink:13504[]
+
+  ** Endpoints that share the same address now have two distinct nodes
+     with a line between them. wsbuglink:12038[]
+
+  ** The "Comment" column can be resized by selecting the axis between the
+     "Comment" column and the graph and dragging, and auto-resized by
+     double-clicking the column. wsbuglink:4972[]
+
+  ** Tooltips are shown for elided comments.
+
+  ** The scroll direction via keyboard is no longer reversed. wsbuglink:12932[]
+
+  ** The column widths are fixed instead of resizing slightly depending
+     on the visible entries. wsbuglink:12931[]
+
+  ** The Y axis labels stay in the correct position without having to
+     click the btn:[Reset] button.
+
+  ** The progress bar appears correctly in the Flow Graph (non VoIP Calls).
+
+  ** The behavior of the "Any" and "Network" combobox is corrected.
+     wsbuglink:19818[]
+
+  ** "Limit to Display Filter" is checked if a display filter is applied
+     when the Flow Graph is opened, per the documentation.
+
+* TCP Stream Graphs:
+
+  ** A better decision is made about which side is the server and thus
+     the initially chosen direction in the graph.
+
+  ** The "Window Scaling" graph axis labels are corrected and show both graphs.
+
+  ** The graph crosshairs context menu option works.
+
+  ** Switching between relative and absolute sequence numbers works again.
+
+* The "Follow Stream" dialog can now show delta times between turns and all packets and events.
 
-// Add one protocol per line between the -- delimiters.
-// ag -A1 '(define PSNAME|proto_register_protocol[^_])' $(git diff --name-only v4.2.5.. | ag packet- | sort -u)
+* A number of graphs using the QCustomPlot widget ("I/O Graphs", "Flow Graph",
+  "TCP Stream Graphs", and "RTP Player") are more responsive to mouse
+  movement, especially on Linux when Wayland is used.
+
+* The "Find Packet" dialog can search backwards and find additional occurrences
+  of a string, hex value, or regular expression in a single frame.
+
+* When using "Go To Packet" with an undisplayed frame, the window goes to
+  nearest displayed frame by number. wsbuglink:2988[]
+
+* Display filter syntax enhancements:
+
+  ** Better handling of comparisons with value strings. Now the display filter engine can
+     correctly handle cases where multiple different numeric values map to the same value
+     string, including but not limited to range-type value strings.
+
+  ** Fields with value strings now support regular expression matching.
+
+  ** Date and time values now support arithmetic, with some restrictions:
+     the multiplier/divisor must be an integer or floating point number and appear on the right-hand
+     side of the operator.
+
+  ** The keyword "bitand" can be used as an alternative syntax for the bitwise-and operator.
+
+  ** Functions alone can now be used as an entire logical expression.
+     The result of the expression is the truthiness of the function return
+     value (or of all values if more than one). This is useful for example to write
+     "len(something)" instead of "len(something) != 0". Even more so if a function
+     returns itself a boolean value, it is now possible to write
+     "bool_test(some.field)" instead of having to write "bool_test(some.field) == True".
+     Both forms are now valid.
+
+  ** Display filter references can be written without curly braces. It
+     is now possible to write `$frame.number` instead of `${frame.number}` for example.
+
+  ** There are new display filter functions which test various IP address properties.
+     Check the
+     https://www.wireshark.org/docs/man-pages/wireshark-filter.html[wireshark-filter](5)
+     man page for more information.
+
+  ** There are new display filter functions which convert unsigned integer types to
+     decimal or hexadecimal, and convert fields with value strings into the
+     associated string for their value, which can be used to produce results similar to
+     custom columns. Check the
+     https://www.wireshark.org/docs/man-pages/wireshark-filter.html[wireshark-filter](5)
+     man page for more information.
+
+  ** Display filter macros can be written with a semicolon after the macro
+     name before the argument list, e.g. `${mymacro;arg1;...;argN}`, instead
+     of `${mymacro:arg1;...;argN}`. The version with semicolons works better
+     with pop-up suggestions when editing the display filter, so the version
+     with the colon might be removed in the future.
+
+  ** Display filter macros can be written using a function-like notation.
+     The macro `${mymacro:arg1;...;argN}` can be written
+     `$mymacro(arg1,...,argN)`.
+
+  ** AX.25 addresses are now filtered using the "CALLSIGN-SSID" string syntax.
+     Filtering based on the raw bytes values is still possible, like other
+     field types, with the `@` operator.  wsbuglink:17973[]
+
+* Display filter functions can be implemented as libwireshark plugins. Plugins are loaded
+  during startup from the usual binary plugin configuration directories. See the
+  `ipaddr.c` source file in the distribution for an example of a display filter C plugin
+  and the doc/plugins.example folder for generic instructions how to build a plugin.
+
+* Display filter autocompletions now also include display filter functions.
+
+* The display filter macro configuration file has changed format. It now uses
+  the same format as the "dfilters" file and has been renamed accordingly to
+  "dmacros". Internally it no longer uses the UAT API and the display filter macro
+  GUI dialog has been updated. There is some basic migration logic implemented
+  but it is advisable to check that the "dfilter_macros" (old) and
+  "dmacros" (new) files in the profile directory are consistent.
+
+* Custom columns can be defined using any valid field expression:
+
+  ** Display filter functions, like `len(tcp.payload)`, including nested functions
+     like `min(len(tcp.payload), len(udp.payload))` and newly defined functions
+     using the plugin system mentioned above. wsbuglink:15990[] wsbuglink:16181[]
+
+  ** Arithmetic calculations, like `ip.len * 8` or `tcp.srcport + tcp.dstport`.
+     wsbuglink:7752[]
+
+  ** Slices, like `tcp.payload[4:4]`. wsbuglink:10154[]
+
+  ** The layer operator, like `ip.proto#1`, which will return the protocol field in the
+     first IPv4 layer if there is tunneling. wsbuglink:18588[]
+
+  ** Raw byte addressing, like `@ip`, which will return the bytes of protocol
+     or FT_NONE fields, among others. wsbuglink:19076[]
+
+  ** Logical tests, like `tcp.port == 443`, which produce a check mark if
+     the test matches (similar to protocol and FT_NONE fields without `@`.)
+     This works with all logical operators, including e.g. regular expression
+     matching (`matches` or `~`.)
+
+  ** Defined display filter macros.
+
+  ** Any combination of the above also works.
+
+  ** Multifield columns are still available. For backwards compatibility,
+     `X or Y` is interpreted as a multifield column as before. To represent a
+     logical test for the presence of multiple fields instead of concatenating
+     values, use parenthesis, e.g. `(tcp.options.timestamp or tcp.options.nop)`.
+
+  ** Field references are not implemented because there's no sense of a
+     currently selected frame. "Resolved" column values (such as host name
+     resolution or value string lookup) are not supported for any of the new
+     expressions yet.
+
+* Custom output fields for `tshark -e <field>` can also be defined using any
+  valid field expression as above.
+
+  ** For custom output fields, `X or Y` is the usual logical test; to output
+     multiple fields use multiple `-e` terms as before.
+
+  ** The various `-E` options, including `-E occurrence`, all work as expected.
+
+* When selecting "Manage Interfaces" from "Capture Options", Wireshark only
+  attempts to reconnect to rpcap hosts that were active in the
+  last session, instead of every remote host that the current profile has ever
+  connected to. wsbuglink:17484[]
+
+* The "Resolved Addresses" dialog only shows what addresses and ports are
+  present in the file (not including information from static files), and
+  selected rows or the entire table can be saved or copied to the clipboard
+  in several formats. wsbuglink:16419[]
+
+* Dumpcap and Wireshark support the `-F` option when capturing a file
+  on the command line. wsbuglink:18009[]
+
+* When capturing on the command line dumpcap accepts a `-Q` option that is
+  quieter than `-q` and prints only errors to standard error, similar to tshark.
+  wsbuglink:14491[]
+
+* When capturing a file and requesting the `pcap` format, nanosecond resolution
+  time stamps will be written if the device and version of libpcap supports it.
+
+* When capturing using a file size autostop or ring buffer condition,
+  the maximum value is now 2 TB, up from 2GiB. Note that you may
+  have problems when the number of packets gets larger than 2^31^ or 2^32^,
+  though that is also true when no limit is set.
+
+* When capturing files in multiple file mode, a pattern that places the date and time
+  before the index number can be used (e.g., foo_20240714110102_00001.pcap instead of
+  foo_00001_20240714110102.pcap). This makes file names sortable in chronological order
+  across file sets from different captures. The "File Set" dialog has been updated to
+  handle the new pattern, which has been capable of being produced by tshark since
+  version 3.6.0.
+
+* Adding interfaces at startup is about twice as fast, and has many fewer
+  UAC pop-ups when Npcap is installed with access restricted to Administrators
+  on Windows.
+
+* The Lua version included with the Windows and macOS installers has been updated to 5.4.
+  While we have tried to help with backward compatibility by including lua_bitop library with
+  Lua 5.3 and 5.4 in addition to the native Lua support for bit operations
+  present in those versions, different versions of Lua are not guaranteed to
+  be compatible. If a Lua dissector has issues, check the manuals for
+  https://www.lua.org/manual/5.4/manual.html#8[Lua 5.4],
+  https://www.lua.org/manual/5.3/manual.html#8[Lua 5.3], and
+  https://www.lua.org/manual/5.2/manual.html#8[Lua 5.2] for
+  incompatibilities and suggested workarounds. Note that features marked as
+  deprecated in one version are removed in the subsequent version without
+  additional notice, so it can be worth checking the manual for previous versions.
+
+* Lua scripts in the plugins directories are now initially loaded via the same
+  internal Lua methods as `require()`. This avoids errors from loading plugins
+  twice, once by scanning the directory initially, and once by `require()`,
+  and also results in globals defined in plugins entering the global namespace.
+  Previously globals defined in plugins only entered the global namespace when
+  placed in the global plugins directory, but not the personal plugins directory.
+  Using globals in plugins remains deprecated style (both by Wireshark and in Lua
+  generally), that should be avoided via using other methods. wsbuglink:18589[]
+
+* Lua functions have been added to decompress and decode TvbRanges with other
+  compression types besides zlib, such as Brotli, Snappy, Zstd, and others,
+  matching the support in the C API. tvbrange:uncompress() has been deprecated
+  in favor of tvbrange:uncompress_zlib().
+
+* Lua Dumper now defaults to the pcapng file type, and to per-packet
+  encapsulation (creating interfaces on demand as necessary) when writing
+  pcapng wsbuglink:16403[]
+
+* Editcap has an `--extract-secrets` option to extract embedded decryption
+  secrets from a capture file. wsbuglink:18197[]
+
+* Global profiles can be used in tshark by using `--global-profile` option.
+
+* Capture files can be saved with LZ4 compression. LZ4 has an emphasis on
+  speed and may be particularly useful for large files.
+
+* Fast random access is supported with LZ4 compressed files when compressed
+  with independent blocks, which is the default. This provides much more
+  responsive GUI performance when jumping to different packets. Fast random
+  access has been supported with gzip compressed files since version 1.8.0,
+  but this is not supported for Zstd compressed files.
+
+* Mergecap, Editcap, TShark and Text2pcap have an `--compress` option to
+  compress output to different formats. For now, it supports the gzip
+  and LZ4 compression formats. When the option is not given, the desired
+  compression format can also be deduced from the output filename
+  extension, e.g. gzip for .gz.
+
+* Wireshark's Git repostory tags are now signed using SSH.
+  See
+  https://www.wireshark.org/docs/wsdg_html_chunked/ChSrcGitRepository.html#ChSrcWebInterface[the Developer's Guide]
+  for more details.
+
+=== Removed Features and Support
+
+* The tshark `-G` option with no argument is deprecated and will be removed in
+  a future version. Use `tshark -G fields` to produce the same report.
+
+=== Removed Dissectors
+
+The Parlay dissector has been removed.
+
+//=== New File Format Decoding Support
+
+//[commaize]
+//--
+//--
+
+=== New Protocol Support
+
+// Add one protocol per line between the -- delimiters in the format
+// “Full protocol name (Abbreviation)”
+// ag -A1 '(define PSNAME|proto_register_protocol[^_])' $(git diff --name-only v4.4.0.. | ag packet- | sort -u)
 [commaize]
 --
-DHCP
-E.212
-MySQL
-NAS-5GS
-ProtoBuf
-RADIUS
-RLC-LTE
-PKT CCC
-RTP
-SIP
-SPRT
-Thrift
-Wi-SUN
+Allied Telesis Resiliency Link (AT RL)
+ATN Security Label
+Bit Index Explicit Replication (BIER)
+Bus Mirroring Protocol
+EGNOS Message Server (EMS) file format
+Galileo E1-B I/NAV navigation messages
+IBM i RDMA Endpoint (iRDMA-EDP)
+IWBEMSERVICES
+MAC NR Framed (mac-nr-framed)
+Matter Bluetooth Transport Protocol (MatterBTP)
+MiWi P2P Star
+Monero
+NMEA 0183
+PLDM
+RDP authentication redirection virtual channel protocol (rdpear)
+RF4CE Network Layer (RF4CE)
+RF4CE Profile (RF4CE Profile)
+RK512
+SAP Remote Function Call (SAPRFC)
+SBAS L1 Navigation Message
+Scanner Access Now Easy (SANE)
+TREL
+WMIO
+ZeroMQ Message Transport Protocol (ZMTP)
 --
 
-=== New and Updated Capture File Support
+=== Updated Protocol Support
+
+IPv6: The "show address detail" preference is now enabled by default. The
+address details provided have been extended to include more special purpose address
+block properties (forwardable, globally-routable, etc).
+
+Too many other protocol updates have been made to list them all here.
+
+//=== New and Updated Capture File Support
 
 // There is no new or updated capture file support in this release.
 // Add one file type per line between the -- delimiters.
 [commaize]
 --
-log3gpp
+EGNOS Messager Server (EMS) files
+--
+
+// === New and Updated Capture Interfaces support
+[commaize]
+--
+u-blox GNSS receivers
 --
 
-=== Updated File Format Decoding Support
+//=== New and Updated Codec support
 
-There is no updated file format support in this release.
-// Add one file type per line between the -- delimiters.
-// [commaize]
-// --
-// --
+//_Non-empty section placeholder._
 
-// === New and Updated Capture Interfaces support
+=== Major API Changes
+
+* The entire code base has been updated to use C99 types instead of GLib types.
+This includes changing occurrences `gboolean`, which is an integer, to C99's native `bool` type in many places.
+See https://gitlab.com/wireshark/wireshark/-/issues/19116[issue 19116] for more details.
 
-// === New and Updated Codec support
+* The `tvb_get_guintX` and `tvb_get_gintX` functions in the tvbuff API have been renamed to `tvb_get_uintX` and `tvb_get_intX` (the GLib-style "g" has been removed).
+You can still use the old-style names, but they have been deprecated.
 
-// === Major API Changes
+* Plugins should provide a `plugin_describe()` function that returns an ORed
+  list of flags consisting of the plugin types used.
+  See _wsutil/plugins.h_ for details.
 
-== Prior Versions
+// == Prior Versions
 
-This document only describes the changes introduced in Wireshark {wireshark-version}.
-You can find release notes for prior versions at the following locations:
+// This document only describes the changes introduced in Wireshark {wireshark-version}.
+// You can find release notes for prior versions at the following locations:
 
-* https://www.wireshark.org/docs/relnotes/wireshark-4.2.5.html[Wireshark 4.2.5]
-* https://www.wireshark.org/docs/relnotes/wireshark-4.2.4.html[Wireshark 4.2.4]
-* https://www.wireshark.org/docs/relnotes/wireshark-4.2.3.html[Wireshark 4.2.3]
-* https://www.wireshark.org/docs/relnotes/wireshark-4.2.2.html[Wireshark 4.2.2]
-* https://www.wireshark.org/docs/relnotes/wireshark-4.2.1.html[Wireshark 4.2.1]
-* https://www.wireshark.org/docs/relnotes/wireshark-4.2.0.html[Wireshark 4.2.0]
+// * https://www.wireshark.org/docs/relnotes/wireshark-4.4.0.html[Wireshark 4.4.0]
 
 == Getting Wireshark
 
@@ -151,8 +525,7 @@ https://www.wireshark.org/docs/
 Community support is available on
 https://ask.wireshark.org/[Wireshark’s Q&A site]
 and on the wireshark-users mailing list.
-Subscription information and archives for all of Wireshark’s mailing lists can be found on
-https://www.wireshark.org/lists/[the web site].
+Subscription information and archives for all of Wireshark’s mailing lists can be found on https://lists.wireshark.org/lists/[the mailing list site].
 
 Bugs and feature requests can be reported on
 https://gitlab.com/wireshark/wireshark/-/issues[the issue tracker].
diff --git a/doc/wireshark.adoc b/doc/wireshark.adoc
deleted file mode 100644
index 24434827..00000000
--- a/doc/wireshark.adoc
+++ /dev/null
@@ -1,2735 +0,0 @@
-include::../docbook/attributes.adoc[]
-= wireshark(1)
-:doctype: manpage
-:stylesheet: ws.css
-:linkcss:
-:copycss: ../docbook/{stylesheet}
-
-== NAME
-
-wireshark - Interactively dump and analyze network traffic
-
-== SYNOPSIS
-
-[manarg]
-*wireshark*
-[ *-i* <capture interface>|- ]
-[ *-f* <capture filter> ]
-[ *-Y* <display filter> ]
-[ *-w* <outfile> ]
-[ *options* ]
-[ <infile> ]
-
-[manarg]
-*wireshark*
-*-h|--help*
-
-[manarg]
-*wireshark*
-*-v|--version*
-
-== DESCRIPTION
-
-*Wireshark* is a GUI network protocol analyzer.  It lets you
-interactively browse packet data from a live network or from a
-previously saved capture file.  *Wireshark*'s native capture file
-formats are *pcapng* format and *pcap* format; it can read and write
-both formats..  *pcap* format is also the format used by *tcpdump* and
-various other tools; *tcpdump*, when using newer versions of the
-*libpcap* library, can also read some pcapng files, and, on newer
-versions of macOS, can read all pcapng files and can write them as well.
-
-*Wireshark* can also read / import the following file formats:
-
-* Oracle (previously Sun) *snoop* and *atmsnoop* captures
-
-* Finisar (previously Shomiti) *Surveyor* captures
-
-* Microsoft *Network Monitor* captures
-
-* Novell *LANalyzer* captures
-
-* AIX's *iptrace* captures
-
-* Cinco Networks *NetXRay* captures
-
-* NETSCOUT (previously Network Associates/Network General) Windows-based
-*Sniffer* captures
-
-* Network General/Network Associates DOS-based *Sniffer* captures
-(compressed or uncompressed)
-
-* LiveAction (previously WildPackets/Savvius) **Peek*/*EtherHelp*/*PacketGrabber* captures
-
-* *RADCOM*'s WAN/LAN analyzer captures
-
-* Viavi (previously Network Instruments) *Observer* captures
-
-* *Lucent/Ascend* router debug output
-
-* captures from HP-UX *nettl*
-
-* *Toshiba's* ISDN routers dump output
-
-* the output from *i4btrace* from the ISDN4BSD project
-
-* traces from the *EyeSDN* USB S0
-
-* the *IPLog* format output from the Cisco Secure Intrusion Detection System
-
-* *pppd logs* (pppdump format)
-
-* the output from VMS's *TCPIPtrace*/*TCPtrace*/*UCX$TRACE* utilities
-
-* the text output from the *DBS Etherwatch* VMS utility
-
-* Visual Networks' *Visual UpTime* traffic capture
-
-* the output from *CoSine* L2 debug
-
-* the output from InfoVista (previously Accellent) *5View* LAN agents
-
-* Endace Measurement Systems' ERF format captures
-
-* Linux Bluez Bluetooth stack *hcidump -w* traces
-
-* Catapult DCT2000 .out files
-
-* Gammu generated text output from Nokia DCT3 phones in Netmonitor mode
-
-* IBM Series (OS/400) Comm traces (ASCII & UNICODE)
-
-* Juniper Netscreen snoop files
-
-* Symbian OS btsnoop files
-
-* TamoSoft CommView files
-
-* Tektronix K12xx 32bit .rf5 format files
-
-* Tektronix K12 text file format captures
-
-* Apple PacketLogger files
-
-* Captures from Aethra Telecommunications' PC108 software for their test
-instruments
-
-* Citrix NetScaler Trace files
-
-* Android Logcat binary and text format logs
-
-* Colasoft Capsa and PacketBuilder captures
-
-* Micropross mplog files
-
-* Unigraf DPA-400 DisplayPort AUX channel monitor traces
-
-* 802.15.4 traces from Daintree's Sensor Network Analyzer
-
-* MPEG-2 Transport Streams as defined in ISO/IEC 13818-1
-
-* Log files from the _candump_ utility
-
-* Logs from the BUSMASTER tool
-
-* Ixia IxVeriWave raw captures
-
-* Rabbit Labs CAM Inspector files
-
-*  _systemd_ journal files
-
-* 3GPP TS 32.423 trace files
-
-There is no need to tell *Wireshark* what type of
-file you are reading; it will determine the file type by itself.
-*Wireshark* is also capable of reading any of these file formats if they
-are compressed using gzip.  *Wireshark* recognizes this directly from
-the file; the '.gz' extension is not required for this purpose.
-
-Like other protocol analyzers, *Wireshark*'s main window shows 3 views
-of a packet.  It shows a summary line, briefly describing what the
-packet is.  A packet details display is shown, allowing you to drill
-down to exact protocol or field that you interested in.  Finally, a hex
-dump shows you exactly what the packet looks like when it goes over the
-wire.
-
-In addition, *Wireshark* has some features that make it unique.  It can
-assemble all the packets in a TCP conversation and show you the ASCII
-(or EBCDIC, or hex) data in that conversation.  Display filters in
-*Wireshark* are very powerful; more fields are filterable in *Wireshark*
-than in other protocol analyzers, and the syntax you can use to create
-your filters is richer.  As *Wireshark* progresses, expect more and more
-protocol fields to be allowed in display filters.
-
-Packet capturing is performed with the pcap library.  The capture filter
-syntax follows the rules of the pcap library.  This syntax is different
-from the display filter syntax.
-
-Compressed file support uses (and therefore requires) the zlib library.
-If the zlib library is not present, *Wireshark* will compile, but will
-be unable to read compressed files.
-
-The pathname of a capture file to be read can be specified with the
-*-r* option or can be specified as a command-line argument.
-
-== OPTIONS
-
-Most users will want to start *Wireshark* without options and configure
-it from the menus instead.  Those users may just skip this section.
-
--a|--autostop  <capture autostop condition>::
-+
---
-Specify a criterion that specifies when *Wireshark* is to stop writing
-to a capture file.  The criterion is of the form __test:value__,
-where __test__ is one of:
-
-*duration*:__value__ Stop writing to a capture file after __value__ seconds have
-elapsed. Floating point values (e.g. 0.5) are allowed.
-
-*files*:__value__ Stop writing to capture files after __value__ number of files
-were written.
-
-*filesize*:__value__ Stop writing to a capture file after it reaches a size of
-__value__ kB.  If this option is used together with the -b option, Wireshark
-will stop writing to the current capture file and switch to the next one if
-filesize is reached.  Note that the filesize is limited to a maximum value of
-2 GiB.
-
-*packets*:__value__ Stop writing to a capture file after it contains __value__
-packets. Acts the same as *-c*<capture packet count>.
---
-
--b|--ring-buffer  <capture ring buffer option>::
-+
---
-Cause *Wireshark* to run in "multiple files" mode.  In "multiple files" mode,
-*Wireshark* will write to several capture files.  When the first capture file
-fills up, *Wireshark* will switch writing to the next file and so on.
-
-The created filenames are based on the filename given with the *-w* flag,
-the number of the file and on the creation date and time,
-e.g. outfile_00001_20240714120117.pcap, outfile_00002_20240714120523.pcap, ...
-
-With the __files__ option it's also possible to form a "ring buffer".
-This will fill up new files until the number of files specified,
-at which point *Wireshark* will discard the data in the first file and start
-writing to that file and so on.  If the __files__ option is not set,
-new files filled up until one of the capture stop conditions match (or
-until the disk is full).
-
-The criterion is of the form __key:value__,
-where __key__ is one of:
-
-*duration*:__value__ switch to the next file after __value__ seconds have
-elapsed, even if the current file is not completely filled up. Floating
-point values (e.g. 0.5) are allowed.
-
-*files*:__value__ begin again with the first file after __value__ number of
-files were written (form a ring buffer).  This value must be less than 100000.
-Caution should be used when using large numbers of files: some filesystems do
-not handle many files in a single directory well.  The *files* criterion
-requires one of the other criteria to be specified to
-control when to go to the next file.  It should be noted that each *-b*
-parameter takes exactly one criterion; to specify two criteria, each must be
-preceded by the *-b* option.
-
-*filesize*:__value__ switch to the next file after it reaches a size of
-__value__ kB.  Note that the filesize is limited to a maximum value of 2 GiB.
-
-*interval*:__value__ switch to the next file when the time is an exact
-multiple of __value__ seconds.
-
-*packets*:__value__ switch to the next file after it contains __value__
-packets.
-
-Example: *-b filesize:1000 -b files:5* results in a ring buffer of five files
-of size one megabyte each.
---
-
--B|--buffer-size  <capture buffer size>::
-+
---
-Set capture buffer size (in MiB, default is 2 MiB).  This is used by
-the capture driver to buffer packet data until that data can be written
-to disk.  If you encounter packet drops while capturing, try to increase
-this size.  Note that, while *Wireshark* attempts to set the buffer size
-to 2 MiB by default, and can be told to set it to a larger value, the
-system or interface on which you're capturing might silently limit the
-capture buffer size to a lower value or raise it to a higher value.
-
-This is available on UNIX-compatible systems, such as Linux, macOS,
-\*BSD, Solaris, and AIX, with libpcap 1.0.0 or later, and on Windows.
-It is not available on UNIX-compatible systems with earlier versions of
-libpcap.
-
-This option can occur multiple times.  If used before the first
-occurrence of the *-i* option, it sets the default capture buffer size.
-If used after an *-i* option, it sets the capture buffer size for
-the interface specified by the last *-i* option occurring before
-this option.  If the capture buffer size is not set specifically,
-the default capture buffer size is used instead.
---
-
--c  <capture packet count>::
-+
---
-Set the maximum number of packets to read when capturing live
-data. Acts the same as *-a packets:*<capture packet count>.
---
-
--C  <configuration profile>::
-+
---
-Start with the given configuration profile.
---
-
---capture-comment <comment>::
-+
---
-When performing a capture file from the command line, with the *-k*
-flag, add a capture comment to the output file, if supported by the
-capture format.
-
-This option may be specified multiple times.  Note that Wireshark
-currently only displays the first comment of a capture file.
---
-
--D|--list-interfaces::
-+
---
-Print a list of the interfaces on which *Wireshark* can capture, and
-exit.  For each network interface, a number and an interface name,
-possibly followed by a text description of the interface, is printed.
-The interface name or the number can be supplied to the *-i* flag to
-specify an interface on which to capture.  The number can be useful on
-Windows systems, where the interfaces have long names that usually
-contain a GUID.
---
-
---display <X display to use>::
-+
---
-Specifies the X display to use.  A hostname and screen (otherhost:0.0)
-or just a screen (:0.0) can be specified.  This option is not available
-under macOS or Windows.
---
-
--f  <capture filter>::
-+
---
-Set the capture filter expression.
-
-This option can occur multiple times.  If used before the first
-occurrence of the *-i* option, it sets the default capture filter expression.
-If used after an *-i* option, it sets the capture filter expression for
-the interface specified by the last *-i* option occurring before
-this option.  If the capture filter expression is not set specifically,
-the default capture filter expression is used if provided.
-
-Pre-defined capture filter names, as shown in the GUI menu item Capture->Capture Filters,
-can be used by prefixing the argument with "predef:".
-Example: *-f "predef:MyPredefinedHostOnlyFilter"*
---
-
---fullscreen::
-+
---
-Start Wireshark in full screen mode (kiosk mode). To exit from fullscreen mode,
-open the View menu and select the Full Screen option. Alternatively, press the
-F11 key (or Ctrl + Cmd + F for macOS).
---
-
--g  <packet number>::
-After reading in a capture file using the *-r* flag, go to the given __packet number__.
-
--h|--help::
-Print the version number and options and exit.
-
--H::
-Hide the capture info dialog during live packet capture.
-
--i|--interface  <capture interface>|-::
-+
---
-Set the name of the network interface or pipe to use for live packet
-capture.
-
-Network interface names should match one of the names listed in "*wireshark
--D*" (described above); a number, as reported by "*tshark -D*", can also
-be used.
-
-If no interface is specified, *Wireshark* searches the list of
-interfaces, choosing the first non-loopback interface if there are any
-non-loopback interfaces, and choosing the first loopback interface if
-there are no non-loopback interfaces.  If there are no interfaces at all,
-*Wireshark* reports an error and doesn't start the capture.
-
-Pipe names should be either the name of a FIFO (named pipe) or "-" to
-read data from the standard input.  On Windows systems, pipe names must be
-of the form +"\\.\pipe\+*pipename*".  Data read from pipes must be in
-standard pcapng or pcap format. Pcapng data must have the same
-endianness as the capturing host.
-
-"TCP@<host>:<port>" causes *Wireshark* to attempt to connect to the
-specified port on the specified host and read pcapng or pcap data.
-
-This option can occur multiple times. When capturing from multiple
-interfaces, the capture file will be saved in pcapng format.
---
-
--I|--monitor-mode::
-+
---
-Put the interface in "monitor mode"; this is supported only on IEEE
-802.11 Wi-Fi interfaces, and supported only on some operating systems.
-
-Note that in monitor mode the adapter might disassociate from the
-network with which it's associated, so that you will not be able to use
-any wireless networks with that adapter.  This could prevent accessing
-files on a network server, or resolving host names or network addresses,
-if you are capturing in monitor mode and are not connected to another
-network with another adapter.
-
-This option can occur multiple times.  If used before the first
-occurrence of the *-i* option, it enables the monitor mode for all interfaces.
-If used after an *-i* option, it enables the monitor mode for
-the interface specified by the last *-i* option occurring before
-this option.
---
-
--j::
-Use after *-J* to change the behavior when no exact match is found for
-the filter.  With this option select the first packet before.
-
--J  <jump filter>::
-+
---
-After reading in a capture file using the *-r* flag, jump to the packet
-matching the filter (display filter syntax).  If no exact match is found
-the first packet after that is selected.
---
-
--k::
-+
---
-Start the capture session immediately.  If the *-i* flag was
-specified, the capture uses the specified interface.  Otherwise,
-*Wireshark* searches the list of interfaces, choosing the first
-non-loopback interface if there are any non-loopback interfaces, and
-choosing the first loopback interface if there are no non-loopback
-interfaces; if there are no interfaces, *Wireshark* reports an error and
-doesn't start the capture.
---
-
--l::
-Turn on automatic scrolling if the packet display is being updated
-automatically as packets arrive during a capture (as specified by the
-*-S* flag).
-
--L|--list-data-link-types::
-List the data link types supported by the interface and exit.
-
---list-time-stamp-types::
-List time stamp types supported for the interface. If no time stamp type can be
-set, no time stamp types are listed.
-
--o  <preference/recent setting>::
-+
---
-Set a preference or recent value, overriding the default value and any value
-read from a preference/recent file.  The argument to the flag is a string of
-the form __prefname:value__, where __prefname__ is the name of the
-preference/recent value (which is the same name that would appear in the
-preference/recent file), and __value__ is the value to which it should be set.
-Since *Ethereal* 0.10.12, the recent settings replaces the formerly used
--B, -P and -T flags to manipulate the GUI dimensions.
-
-If __prefname__ is "uat", you can override settings in various user access
-tables using the form "uat:__uat filename__:__uat record__".  __uat filename__
-must be the name of a UAT file, e.g. __user_dlts__.  __uat_record__ must be in
-the form of a valid record for that file, including quotes.  For instance, to
-specify a user DLT from the command line, you would use
-
-    -o "uat:user_dlts:\"User 0 (DLT=147)\",\"cops\",\"0\",\"\",\"0\",\"\""
---
-
--p|--no-promiscuous-mode::
-+
---
-__Don't__ put the interface into promiscuous mode.  Note that the
-interface might be in promiscuous mode for some other reason; hence,
-*-p* cannot be used to ensure that the only traffic that is captured is
-traffic sent to or from the machine on which *Wireshark* is running,
-broadcast traffic, and multicast traffic to addresses received by that
-machine.
-
-This option can occur multiple times.  If used before the first
-occurrence of the *-i* option, no interface will be put into the
-promiscuous mode.
-If used after an *-i* option, the interface specified by the last *-i*
-option occurring before this option will not be put into the
-promiscuous mode.
---
-
--P <path setting>::
-+
---
-Special path settings usually detected automatically.  This is used for
-special cases, e.g. starting Wireshark from a known location on an USB stick.
-
-The criterion is of the form __key:path__, where __key__ is one of:
-
-*persconf*:__path__ path of personal configuration files, like the
-preferences files.
-
-*persdata*:__path__ path of personal data files, it's the folder initially
-opened.  After the very first initialization, the recent file will keep the
-folder last used.
---
-
--r|--read-file  <infile>::
-+
---
-Read packet data from __infile__, can be any supported capture file format
-(including gzipped files).  It's not possible to use named pipes or stdin
-here! To capture from a pipe or from stdin use *-i -*
---
-
--R|--read-filter  <read (display) filter>::
-+
---
-When reading a capture file specified with the *-r* flag, causes the
-specified filter (which uses the syntax of display filters, rather than
-that of capture filters) to be applied to all packets read from the
-capture file; packets not matching the filter are discarded.
---
-
--s|--snapshot-length  <capture snaplen>::
-+
---
-Set the default snapshot length to use when capturing live data.
-No more than __snaplen__ bytes of each network packet will be read into
-memory, or saved to disk.  A value of 0 specifies a snapshot length of
-262144, so that the full packet is captured; this is the default.
-
-This option can occur multiple times.  If used before the first
-occurrence of the *-i* option, it sets the default snapshot length.
-If used after an *-i* option, it sets the snapshot length for
-the interface specified by the last *-i* option occurring before
-this option.  If the snapshot length is not set specifically,
-the default snapshot length is used if provided.
---
-
--S::
-Automatically update the packet display as packets are coming in.
-
---temp-dir <directory>::
-+
---
-Specifies the directory into which temporary files (including capture
-files) are to be written.  The default behavior on UNIX-compatible systems,
-such as Linux, macOS, \*BSD, Solaris, and AIX, is to use the environment
-variable __$TMPDIR__ if set, and the system default, typically __/tmp__, if it
-is not.  On Windows, the __%TEMP%__ environment variable is used, which
-typically defaults to __%USERPROFILE%\AppData\Local\Temp__.
---
-
---time-stamp-type <type>::
-Change the interface's timestamp method. See --list-time-stamp-types.
-
---update-interval  <interval>::
-Set the length of time in milliseconds between new packet reports during
-a capture. Also sets the granularity of file duration conditions.
-The default value is 100ms.
-
--v|--version::
-Print the full version information and exit.
-
--w  <outfile>::
-Set the default capture file name, or '-' for standard output.
-
--X <eXtension options>::
-+
---
-Specify an option to be passed to an *Wireshark* module.  The eXtension option
-is in the form __extension_key:value__, where __extension_key__ can be:
-
-*lua_script*:__lua_script_filename__ tells *Wireshark* to load the given script in addition to the
-default Lua scripts.
-
-**lua_script**__num__:__argument__ tells *Wireshark* to pass the given argument
-to the lua script identified by 'num', which is the number indexed order of the 'lua_script' command.
-For example, if only one script was loaded with '-X lua_script:my.lua', then '-X lua_script1:foo'
-will pass the string 'foo' to the 'my.lua' script.  If two scripts were loaded, such as '-X lua_script:my.lua'
-and '-X lua_script:other.lua' in that order, then a '-X lua_script2:bar' would pass the string 'bar' to the second lua
-script, namely 'other.lua'.
-
-*read_format*:__file_format__ tells *Wireshark* to use the given file format to read in the
-file (the file given in the *-r* command option).
-
-*stdin_descr*:__description__ tells *Wireshark* to use the given description when
-capturing from standard input (*-i -*).
---
-
--y|--linktype  <capture link type>::
-+
---
-If a capture is started from the command line with *-k*, set the data
-link type to use while capturing packets.  The values reported by *-L*
-are the values that can be used.
-
-This option can occur multiple times.  If used before the first
-occurrence of the *-i* option, it sets the default capture link type.
-If used after an *-i* option, it sets the capture link type for
-the interface specified by the last *-i* option occurring before
-this option.  If the capture link type is not set specifically,
-the default capture link type is used if provided.
---
-
--Y|--display-filter  <displaY filter>::
-Start with the given display filter.
-
--z  <statistics>::
-+
---
-Get *Wireshark* to collect various types of statistics and display the result
-in a window that updates in semi-real time.
-
-Some of the currently implemented statistics are:
---
-
-*-z help*::
-Display all possible values for *-z*.
-
-*-z* afp,srt[,__filter__]::
-+
---
-Show Apple Filing Protocol service response time statistics.
---
-
-*-z* conv,__type__[,__filter__]::
-+
---
-Create a table that lists all conversations that could be seen in the
-capture.  __type__ specifies the conversation endpoint types for which we
-want to generate the statistics; currently the supported ones are:
-
-  "eth"   Ethernet addresses
-  "fc"    Fibre Channel addresses
-  "fddi"  FDDI addresses
-  "ip"    IPv4 addresses
-  "ipv6"  IPv6 addresses
-  "ipx"   IPX addresses
-  "tcp"   TCP/IP socket pairs   Both IPv4 and IPv6 are supported
-  "tr"    Token Ring addresses
-  "udp"   UDP/IP socket pairs   Both IPv4 and IPv6 are supported
-
-If the optional __filter__ is specified, only those packets that match the
-filter will be used in the calculations.
-
-The table is presented with one line for each conversation and displays
-the number of packets/bytes in each direction as well as the total
-number of packets/bytes.  By default, the table is sorted according to
-the total number of packets.
-
-These tables can also be generated at runtime by selecting the appropriate
-conversation type from the menu "Tools/Statistics/Conversation List/".
---
-
-*-z* dcerpc,srt,__name-or-uuid__,__major__.__minor__[,__filter__]::
-+
---
-Collect call/reply SRT (Service Response Time) data for DCERPC interface
-__name__ or __uuid__, version __major__.__minor__.
-Data collected is the number of calls for each procedure, MinSRT, MaxSRT
-and AvgSRT.
-Interface __name__ and __uuid__ are case-insensitive.
-
-Example: [.nowrap]#*-z dcerpc,srt,12345778-1234-abcd-ef00-0123456789ac,1.0*# will collect data for the CIFS SAMR Interface.
-
-This option can be used multiple times on the command line.
-
-If the optional __filter__  is provided, the stats will only be calculated
-on those calls that match that filter.
-
-Example: [.nowrap]#*-z dcerpc,srt,12345778-1234-abcd-ef00-0123456789ac,1.0,ip.addr==1.2.3.4*# will collect SAMR
-SRT statistics for a specific host.
---
-
-*-z* dhcp,stat[,__filter__]::
-Show DHCP (BOOTP) statistics.
-
-*-z* expert::
-Show expert information.
-
-*-z* fc,srt[,__filter__]::
-+
---
-Collect call/reply SRT (Service Response Time) data for FC.  Data collected
-is the number of calls for each Fibre Channel command, MinSRT, MaxSRT and AvgSRT.
-
-Example: *-z fc,srt*
-will calculate the Service Response Time as the time delta between the
-First packet of the exchange and the Last packet of the exchange.
-
-The data will be presented as separate tables for all normal FC commands,
-Only those commands that are seen in the capture will have its stats
-displayed.
-
-This option can be used multiple times on the command line.
-
-If the optional __filter__ is provided, the stats will only be calculated
-on those calls that match that filter.
-
-Example: *-z "fc,srt,fc.id==01.02.03"* will collect stats only for
-FC packets exchanged by the host at FC address 01.02.03 .
---
-
-*-z* h225,counter[__,filter__]::
-+
---
-Count ITU-T H.225 messages and their reasons.  In the first column you get a
-list of H.225 messages and H.225 message reasons which occur in the current
-capture file.  The number of occurrences of each message or reason is displayed
-in the second column.
-
-Example: *-z h225,counter*
-
-This option can be used multiple times on the command line.
-
-If the optional __filter__ is provided, the stats will only be calculated
-on those calls that match that filter.
-
-Example: *-z "h225,counter,ip.addr==1.2.3.4"* will collect stats only for
-H.225 packets exchanged by the host at IP address 1.2.3.4 .
---
-
-*-z* h225,srt[__,filter__]::
-+
---
-Collect request/response SRT (Service Response Time) data for ITU-T H.225 RAS.
-Data collected is the number of calls of each ITU-T H.225 RAS Message Type,
-Minimum SRT, Maximum SRT, Average SRT, Minimum in Packet, and Maximum in Packet.
-You will also get the number of Open Requests (Unresponded Requests),
-Discarded Responses (Responses without matching request) and Duplicate Messages.
-
-Example: *-z h225,srt*
-
-This option can be used multiple times on the command line.
-
-If the optional __filter__ is provided, the stats will only be calculated
-on those calls that match that filter.
-
-Example: *-z "h225,srt,ip.addr==1.2.3.4"* will collect stats only for
-ITU-T H.225 RAS packets exchanged by the host at IP address 1.2.3.4 .
---
-
-*-z* io,stat::
-+
---
-Collect packet/bytes statistics for the capture in intervals of 1 second.
-This option will open a window with up to 5 color-coded graphs where
-number-of-packets-per-second or number-of-bytes-per-second statistics
-can be calculated and displayed.
-
-This option can be used multiple times on the command line.
-
-This graph window can also be opened from the Analyze:Statistics:Traffic:IO-Stat
-menu item.
---
-
-*-z* ldap,srt[,__filter__]::
-+
---
-Collect call/reply SRT (Service Response Time) data for LDAP.  Data collected
-is the number of calls for each implemented LDAP command, MinSRT, MaxSRT and AvgSRT.
-
-Example: *-z ldap,srt*
-will calculate the Service Response Time as the time delta between the
-Request and the Response.
-
-The data will be presented as separate tables for all implemented LDAP commands,
-Only those commands that are seen in the capture will have its stats
-displayed.
-
-This option can be used multiple times on the command line.
-
-If the optional __filter__ is provided, the stats will only be calculated
-on those calls that match that filter.
-
-Example: use *-z "ldap,srt,ip.addr==10.1.1.1"* will collect stats only for
-LDAP packets exchanged by the host at IP address 10.1.1.1 .
-
-The only LDAP commands that are currently implemented and for which the stats will be available are:
-BIND
-SEARCH
-MODIFY
-ADD
-DELETE
-MODRDN
-COMPARE
-EXTENDED
---
-
-*-z* megaco,srt[__,filter__]::
-+
---
-Collect request/response SRT (Service Response Time) data for MEGACO.
-(This is similar to *-z smb,srt*).  Data collected is the number of calls
-for each known MEGACO Command, Minimum SRT, Maximum SRT and Average SRT.
-
-Example: *-z megaco,srt*
-
-This option can be used multiple times on the command line.
-
-If the optional __filter__ is provided, the stats will only be calculated
-on those calls that match that filter.
-
-Example: *-z "megaco,srt,ip.addr==1.2.3.4"* will collect stats only for
-MEGACO packets exchanged by the host at IP address 1.2.3.4 .
---
-
-*-z* mgcp,srt[__,filter__]::
-+
---
-Collect request/response SRT (Service Response Time) data for MGCP.
-(This is similar to *-z smb,srt*).  Data collected is the number of calls
-for each known MGCP Type, Minimum SRT, Maximum SRT and Average SRT.
-
-Example: *-z mgcp,srt*
-
-This option can be used multiple times on the command line.
-
-If the optional __filter__ is provided, the stats will only be calculated
-on those calls that match that filter.
-
-Example: *-z "mgcp,srt,ip.addr==1.2.3.4"* will collect stats only for
-MGCP packets exchanged by the host at IP address 1.2.3.4 .
---
-
-*-z* mtp3,msus[,<filter>]::
-Show MTP3 MSU statistics.
-
-*-z* multicast,stat[,<filter>]::
-Show UDP multicast stream statistics.
-
-*-z* rpc,programs::
-+
---
-Collect call/reply SRT data for all known ONC-RPC programs/versions.
-Data collected is the number of calls for each protocol/version, MinSRT,
-MaxSRT and AvgSRT.
---
-
-*-z* rpc,srt,__name-or-number__,__version__[,<filter>]::
-+
---
-Collect call/reply SRT (Service Response Time) data for program
-__name__/__version__ or __number__/__version__.
-Data collected is the number of calls for each procedure, MinSRT, MaxSRT and
-AvgSRT.
-Program __name__ is case-insensitive.
-
-Example: *-z rpc,srt,100003,3* will collect data for NFS v3.
-
-This option can be used multiple times on the command line.
-
-If the optional __filter__ is provided, the stats will only be calculated
-on those calls that match that filter.
-
-Example: [.nowrap]#*-z rpc,srt,nfs,3,nfs.fh.hash==0x12345678*# will collect NFS v3
-SRT statistics for a specific file.
---
-
-*-z* scsi,srt,__cmdset__[,<filter>]::
-+
---
-Collect call/reply SRT (Service Response Time) data for SCSI commandset <cmdset>.
-
-Commandsets are 0:SBC   1:SSC  5:MMC
-
-Data collected
-is the number of calls for each procedure, MinSRT, MaxSRT and AvgSRT.
-
-Example: *-z scsi,srt,0* will collect data for SCSI BLOCK COMMANDS (SBC).
-
-This option can be used multiple times on the command line.
-
-If the optional __filter__ is provided, the stats will only be calculated
-on those calls that match that filter.
-
-Example: *-z scsi,srt,0,ip.addr==1.2.3.4* will collect SCSI SBC
-SRT statistics for a specific iscsi/ifcp/fcip host.
---
-
-*-z* sip,stat[__,filter__]::
-+
---
-This option will activate a counter for SIP messages.  You will get the number
-of occurrences of each SIP Method and of each SIP Status-Code.  Additionally you
-also get the number of resent SIP Messages (only for SIP over UDP).
-
-Example: *-z sip,stat*
-
-This option can be used multiple times on the command line.
-
-If the optional __filter__ is provided, the stats will only be calculated
-on those calls that match that filter.
-
-Example: *-z "sip,stat,ip.addr==1.2.3.4"* will collect stats only for
-SIP packets exchanged by the host at IP address 1.2.3.4 .
---
-
-*-z* smb,srt[,__filter__]::
-+
---
-Collect call/reply SRT (Service Response Time) data for SMB.  Data collected
-is the number of calls for each SMB command, MinSRT, MaxSRT and AvgSRT.
-
-Example: *-z smb,srt*
-
-The data will be presented as separate tables for all normal SMB commands,
-all Transaction2 commands and all NT Transaction commands.
-Only those commands that are seen in the capture will have their stats
-displayed.
-Only the first command in a xAndX command chain will be used in the
-calculation.  So for common SessionSetupAndX + TreeConnectAndX chains,
-only the SessionSetupAndX call will be used in the statistics.
-This is a flaw that might be fixed in the future.
-
-This option can be used multiple times on the command line.
-
-If the optional __filter__ is provided, the stats will only be calculated
-on those calls that match that filter.
-
-Example: *-z "smb,srt,ip.addr==1.2.3.4"* will collect stats only for
-SMB packets exchanged by the host at IP address 1.2.3.4 .
---
-
-*-z* voip,calls::
-+
---
-This option will show a window that shows VoIP calls found in the capture file.
-This is the same window shown as when you go to the Statistics Menu and choose
-VoIP Calls.
-
-Example: *-z voip,calls*
---
-
-*-z* wlan,stat[,<filter>]::
-Show IEEE 802.11 network and station statistics.
-
-*-z* wsp,stat[,<filter>]::
-Show WSP packet counters.
-
-include::dissection-options.adoc[tags=**;!tshark]
-
-include::diagnostic-options.adoc[]
-
-== INTERFACE
-
-=== MENU ITEMS
-
-menu:File[Open]::
-
-menu:File[Open Recent]::
-
-menu:File[Merge]::
-Merge another capture file to the currently loaded one.  The __File:Merge__
-dialog box allows the merge "Prepended", "Chronologically" or "Appended",
-relative to the already loaded one.
-
-menu:File[Close]::
-Open or close a capture file.  The __File:Open__ dialog box
-allows a filter to be specified; when the capture file is read, the
-filter is applied to all packets read from the file, and packets not
-matching the filter are discarded.  The __File:Open Recent__ is a submenu
-and will show a list of previously opened files.
-
-menu:File[Save]::
-
-menu:File[Save As]::
-Save the current capture, or the packets currently displayed from that
-capture, to a file.  Check boxes let you select whether to save all
-packets, or just those that have passed the current display filter and/or
-those that are currently marked, and an option menu lets you select (from
-a list of file formats in which at particular capture, or the packets
-currently displayed from that capture, can be saved), a file format in
-which to save it.
-
-menu:File[File Set,List Files]::
-Show a dialog box that lists all files of the file set matching the currently
-loaded file.  A file set is a compound of files resulting from a capture using
-the "multiple files" / "ringbuffer" mode, recognizable by the filename pattern,
-e.g.: Filename_00001_20240714101530.pcap.
-
-menu:File[File Set,Next File]::
-
-menu:File[File Set,Previous File]::
-If the currently loaded file is part of a file set (see above), open the
-next / previous file in that set.
-
-menu:File[Export]::
-Export captured data into an external format.  Note: the data cannot be
-imported back into Wireshark, so be sure to keep the capture file.
-
-menu:File[Print]::
-Print packet data from the current capture.  You can select the range of
-packets to be printed (which packets are printed), and the output format of
-each packet (how each packet is printed).  The output format will be similar
-to the displayed values, so a summary line, the packet details view, and/or
-the hex dump of the packet can be printed.
-
-menu:File[Quit]::
-Exit the application.
-
-menu:Edit[Copy,Description]::
-Copies the description of the selected field in the protocol tree to the clipboard.
-
-menu:Edit[Copy,Fieldname]::
-Copies the fieldname of the selected field in the protocol tree to the clipboard.
-
-menu:Edit[Copy,Value]::
-Copies the value of the selected field in the protocol tree to the clipboard.
-
-menu:Edit[Copy,As Filter]::
-+
---
-Create a display filter based on the data currently highlighted in the
-packet details and copy that filter to the clipboard.
-
-If that data is a field that can be tested in a display filter
-expression, the display filter will test that field; otherwise, the
-display filter will be based on the absolute offset within the packet.
-Therefore it could be unreliable if the packet contains protocols with
-variable-length headers, such as a source-routed token-ring packet.
---
-
-menu:Edit[Find Packet]::
-+
---
-Search forward or backward, starting with the currently selected packet
-(or the most recently selected packet, if no packet is selected).  Search
-criteria can be a display filter expression, a string of hexadecimal
-digits, or a text string.
-
-When searching for a text string, you can search the packet data, or you
-can search the text in the Info column in the packet list pane or in the
-packet details pane.
-
-Hexadecimal digits can be separated by colons, periods, or dashes.
-Text string searches can be ASCII or Unicode (or both), and may be
-case insensitive.
---
-
-menu:Edit[Find Next]::
-
-menu:Edit[Find Previous]::
-Search forward / backward for a packet matching the filter from the previous
-search, starting with the currently selected packet (or the most recently
-selected packet, if no packet is selected).
-
-menu:Edit[Mark Packet (toggle)]::
-Mark (or unmark if currently marked) the selected packet.  The field
-"frame.marked" is set for packets that are marked, so that, for example,
-a display filters can be used to display only marked packets, and so that
-the /"Edit:Find Packet" dialog can be used to find the next or previous
-marked packet.
-
-menu:Edit[Find Next Mark]::
-
-menu:Edit[Find Previous Mark]::
-Find next or previous marked packet.
-
-menu:Edit[Mark All Packets]::
-
-menu:Edit[Unmark All Packets]::
-Mark or unmark all packets that are currently displayed.
-
-menu:Edit[Time Reference,Set Time Reference (toggle)]::
-+
---
-Set (or unset if currently set) the selected packet as a Time Reference packet.
-When a packet is set as a Time Reference packet, the timestamps in the packet
-list pane will be replaced with the string "*REF*".
-The relative time timestamp in later packets will then be calculated relative
-to the timestamp of this Time Reference packet and not the first packet in
-the capture.
-
-Packets that have been selected as Time Reference packets will always be
-displayed in the packet list pane.  Display filters will not affect or
-hide these packets.
-
-If there is a column displayed for "Cumulative Bytes" this counter will
-be reset at every Time Reference packet.
---
-
-menu:Edit[Time Reference,Find Next]::
-
-menu:Edit[Time Reference,Find Previous]::
-Search forward or backward for a time referenced packet.
-
-menu:Edit[Configuration Profiles]::
-Manage configuration profiles to be able to use more than one set of preferences and configurations.
-
-menu:Edit[Preferences]::
-Set the GUI, capture, and protocol options (see /Preferences dialog below).
-
-menu:View[Main Toolbar]::
-
-menu:View[Filter Toolbar]::
-
-menu:View[Statusbar]::
-Show or hide the main window controls.
-
-menu:View[Packet List]::
-
-menu:View[Packet Details]::
-
-menu:View[Packet Bytes]::
-Show or hide the main window panes.
-
-menu:View[Time Display Format]::
-Set the format of the packet timestamp displayed in the packet list window.
-
-menu:View[Name Resolution,Resolve Name]::
-Try to resolve a name for the currently selected item.
-
-menu:View[Name Resolution,Enable for ... Layer]::
-Enable or disable translation of addresses to names in the display.
-
-menu:View[Colorize Packet List]::
-Enable or disable the coloring rules.
-Disabling will improve performance.
-
-menu:View[Auto Scroll in Live Capture]::
-Enable or disable the automatic scrolling of the packet list while a live capture is in progress.
-
-menu:View[Zoom In]::
-
-menu:View[Zoom Out]::
-Zoom into or out of the main window data (by changing the font size).
-
-menu:View[Normal Size]::
-Reset the zoom level back to normal font size.
-
-menu:View[Resize All Columns]::
-Resize all columns to best fit the current packet display.
-
-menu:View[Expand / Collapse Subtrees]::
-Expand or collapse the currently selected item and its subtrees in the packet details.
-
-menu:View[Expand All]::
-
-menu:View[Collapse All]::
-Expand or Collapse all branches of the packet details.
-
-menu:View[Colorize Conversation]::
-Select a color for a conversation.
-
-menu:View[Reset Coloring 1-10]::
-Reset a color for a conversation.
-
-menu:View[Coloring Rules]::
-Change the foreground and background colors of the packet information in
-the list of packets, based upon display filters.  The list of display
-filters is applied to each packet sequentially.  After the first display
-filter matches a packet, any additional display filters in the list are
-ignored.  Therefore, if you are filtering on the existence of protocols,
-you should list the higher-level protocols first, and the lower-level
-protocols last.
-
-How Colorization Works::
-+
---
-Packets are colored according to a list of color filters.  Each filter
-consists of a name, a filter expression and a coloration.  A packet is
-colored according to the first filter that it matches.  Color filter
-expressions use exactly the same syntax as display filter expressions.
-
-When Wireshark starts, the color filters are loaded from:
-
-1. The user's personal color filters file or, if that does not exist,
-2. The global color filters file.
-
-If neither of these exist then the packets will not be colored.
---
-
-menu:View[Show Packet In New Window]::
-Create a new window containing a packet details view and a hex dump
-window of the currently selected packet; this window will continue to
-display that packet's details and data even if another packet is
-selected.
-
-menu:View[Reload]::
-Reload a capture file.  Same as __File:Close__ and __File:Open__ the same file again.
-
-menu:Go[Back]::
-Go back in previously visited packets history.
-
-menu:Go[Forward]::
-Go forward in previously visited packets history.
-
-menu:Go[Go To Packet]::
-Go to a particular numbered packet.
-
-menu:Go[Go To Corresponding Packet]::
-If a field in the packet details pane containing a packet number is
-selected, go to the packet number specified by that field.  (This works
-only if the dissector that put that entry into the packet details put it
-into the details as a filterable field rather than just as text.) This
-can be used, for example, to go to the packet for the request
-corresponding to a reply, or the reply corresponding to a request, if
-that packet number has been put into the packet details.
-
-menu:Go[Previous Packet]::
-
-menu:Go[Next Packet]::
-
-menu:Go[First Packet]::
-
-menu:Go[Last Packet]::
-Go to the previous, next, first, or last packet in the capture.
-
-menu:Go[Previous Packet In Conversation]::
-
-menu:Go[Next Packet In Conversation]::
-Go to the previous or next packet of the TCP, UDP or IP conversation.
-
-menu:Capture[Interfaces]::
-Shows a dialog box with all currently known interfaces and displaying the
-current network traffic amount.  Capture sessions can be started from here.
-Beware: keeping this box open results in high system load!
-
-menu:Capture[Options]::
-Initiate a live packet capture (see /"Capture Options Dialog"
-below).  If no filename is specified, a temporary file will be created
-to hold the capture.  Temporary files are written in the directory listed
-in menu:Help[About Wireshark > Folders]. This location can be chosen with the
-command line option *--temp-dir*, or by setting the environment variable
-TMPDIR (on UNIX-compatible systems, such as Linux, macOS, \*BSD, Solaris,
-and AIX) or TEMP (on Windows) before starting **Wireshark**.
-
-menu:Capture[Start]::
-Start a live packet capture with the previously selected options.  This won't
-open the options dialog box, and can be convenient for repeatedly capturing
-with the same options.
-
-menu:Capture[Stop]::
-Stop a running live capture.
-
-menu:Capture[Restart]::
-While a live capture is running, stop it and restart with the same options
-again.  This can be convenient to remove irrelevant packets, if no valuable
-packets were captured so far.
-
-menu:Capture[Capture Filters]::
-Edit the saved list of capture filters, allowing filters to be added, changed, or deleted.
-
-menu:Analyze[Display Filters]::
-Edit the saved list of display filters, allowing filters to be added, changed, or deleted.
-
-menu:Analyze[Display Filter Macros]::
-Create shortcuts for complex macros.
-
-menu:Analyze[Apply as Filter]::
-+
---
-Create a display filter based on the data currently highlighted in the
-packet details and apply the filter.
-
-If that data is a field that can be tested in a display filter
-expression, the display filter will test that field; otherwise, the
-display filter will be based on the absolute offset within the packet.
-Therefore it could be unreliable if the packet contains protocols with
-variable-length headers, such as a source-routed token-ring packet.
-
-The *Selected* option creates a display filter that tests for a match
-of the data; the *Not Selected* option creates a display filter that
-tests for a non-match of the data.  The *And Selected*, *Or Selected*,
-*And Not Selected*, and *Or Not Selected* options add to the end of
-the display filter in the strip at the top (or bottom) an AND or OR
-operator followed by the new display filter expression.
---
-
-menu:Analyze[Prepare as Filter]::
-+
---
-Create a display filter based on the data currently highlighted in the
-packet details.  The filter strip at the top (or bottom) is updated but
-it is not yet applied.
---
-
-menu:Analyze[Enabled Protocols]::
-+
---
-Allow protocol dissection to be enabled or disabled for a specific
-protocol.  Individual protocols can be enabled or disabled by clicking
-on them in the list or by highlighting them and pressing the space bar.
-The entire list can be enabled, disabled, or inverted using the buttons
-below the list.
-
-When a protocol is disabled, dissection in a particular packet stops
-when that protocol is reached, and Wireshark moves on to the next packet.
-Any higher-layer protocols that would otherwise have been processed will
-not be displayed.  For example, disabling TCP will prevent the dissection
-and display of TCP, HTTP, SMTP, Telnet, and any other protocol exclusively
-dependent on TCP.
-
-The list of protocols can be saved, so that Wireshark will start up with
-the protocols in that list disabled.
---
-
-menu:Analyze[Decode As]::
-If you have a packet selected, present a dialog allowing you to change
-which dissectors are used to decode this packet.  The dialog has one
-panel each for the link layer, network layer and transport layer
-protocol/port numbers, and will allow each of these to be changed
-independently.  For example, if the selected packet is a TCP packet to
-port 12345, using this dialog you can instruct Wireshark to decode all
-packets to or from that TCP port as HTTP packets.
-
-menu:Analyze[User Specified Decodes]::
-Create a new window showing whether any protocol ID to dissector
-mappings have been changed by the user.  This window also allows the
-user to reset all decodes to their default values.
-
-menu:Analyze[Follow TCP Stream]::
-+
---
-If you have a TCP packet selected, display the contents of the data
-stream for the TCP connection to which that packet belongs, as text, in
-a separate window, and leave the list of packets in a filtered state,
-with only those packets that are part of that TCP connection being
-displayed.  You can revert to your old view by pressing ENTER in the
-display filter text box, thereby invoking your old display filter (or
-resetting it back to no display filter).
-
-The window in which the data stream is displayed lets you select:
-
-* whether to display the entire conversation, or one or the other side of
-it;
-
-* whether the data being displayed is to be treated as ASCII or EBCDIC
-text or as raw hex data;
-
-and lets you print what's currently being displayed, using the same
-print options that are used for the __File:Print Packet__ menu item, or
-save it as text to a file.
---
-
-menu:Analyze[Follow UDP Stream]::
-
-menu:Analyze[Follow TLS Stream]::
-Similar to Analyze:Follow TCP Stream.
-
-menu:Analyze[Expert Info]::
-
-menu:Analyze[Expert Info Composite]::
-Show anomalies found by Wireshark in a capture file.
-
-menu:Analyze[Conversation Filter]::
-
-menu:Statistics[Summary]::
-Show summary information about the capture, including elapsed time,
-packet counts, byte counts, and the like.  If a display filter is in
-effect, summary information will be shown about the capture and about
-the packets currently being displayed.
-
-menu:Statistics[Protocol Hierarchy]::
-Show the number of packets, and the number of bytes in those packets,
-for each protocol in the trace.  It organizes the protocols in the same
-hierarchy in which they were found in the trace.  Besides counting the
-packets in which the protocol exists, a count is also made for packets
-in which the protocol is the last protocol in the stack.  These
-last-protocol counts show you how many packets (and the byte count
-associated with those packets) *ended* in a particular protocol.  In
-the table, they are listed under "End Packets" and "End Bytes".
-
-menu:Statistics[Conversations]::
-Lists of conversations; selectable by protocol.
-See Statistics:Conversation List below.
-
-menu:Statistics[End Points]::
-List of End Point Addresses by protocol with packets, bytes, and other counts.
-
-menu:Statistics[Packet Lengths]::
-Grouped counts of packet lengths (0-19 bytes, 20-39 bytes, ...)
-
-menu:Statistics[I/O Graphs]::
-+
---
-Open a window where up to 5 graphs in different colors can be displayed
-to indicate number of packets or number of bytes per second for all packets
-matching the specified filter.
-By default only one graph will be displayed showing number of packets per second.
-
-The top part of the window contains the graphs and scales for the X and
-Y axis.  If the graph is too long to fit inside the window there is a
-horizontal scrollbar below the drawing area that can scroll the graphs
-to the left or the right.  The horizontal axis displays the time into
-the capture and the vertical axis will display the measured quantity at
-that time.
-
-Below the drawing area and the scrollbar are the controls.  On the
-bottom left there will be five similar sets of controls to control each
-individual graph such as "Display:<button>" which button will toggle
-that individual graph on/off.  If <button> is ticked, the graph will be
-displayed. "Color:<color>" which is just a button to show which color
-will be used to draw that graph. Finally "Filter:<filter-text>" which
-can be used to specify a display filter for that particular graph.
-
-If filter-text is empty then all packets will be used to calculate the
-quantity for that graph.  If filter-text is specified only those packets
-that match that display filter will be considered in the calculation of
-quantity.
-
-To the right of the 5 graph controls there are four menus to control
-global aspects of the draw area and graphs.  The "Unit:" menu is used to
-control what to measure; "packets/tick", "bytes/tick" or "advanced..."
-
-packets/tick will measure the number of packets matching the (if
-specified) display filter for the graph in each measurement interval.
-
-bytes/tick will measure the total number of bytes in all packets matching
-the (if specified) display filter for the graph in each measurement
-interval.
-
-advanced... see below
-
-"Tick interval:" specifies what measurement intervals to use.  The
-default is 1 second and means that the data will be counted over 1
-second intervals.
-
-"Pixels per tick:" specifies how many pixels wide each measurement
-interval will be in the drawing area.  The default is 5 pixels per tick.
-
-"Y-scale:" controls the max value for the y-axis.  Default value is
-"auto" which means that *Wireshark* will try to adjust the maxvalue
-automatically.
-
-"advanced..." If Unit:advanced...  is selected the window will display
-two more controls for each of the five graphs.  One control will be a
-menu where the type of calculation can be selected from
-SUM,COUNT,MAX,MIN,AVG and LOAD, and one control, textbox, where the name of a
-single display filter field can be specified.
-
-The following restrictions apply to type and field combinations:
-
-SUM: available for all types of integers and will calculate the SUM of
-all occurrences of this field in the measurement interval.  Note that
-some field can occur multiple times in the same packet and then all
-instances will be summed up.  Example: 'tcp.len' which will count the
-amount of payload data transferred across TCP in each interval.
-
-COUNT: available for all field types.  This will COUNT the number of times
-certain field occurs in each interval.  Note that some fields
-may occur multiple times in each packet and if that is the case
-then each instance will be counted independently and COUNT
-will be greater than the number of packets.
-
-MAX: available for all integer and relative time fields.  This will calculate
-the max seen integer/time value seen for the field during the interval.
-Example: 'smb.time' which will plot the maximum SMB response time.
-
-MIN: available for all integer and relative time fields.  This will calculate
-the min seen integer/time value seen for the field during the interval.
-Example: 'smb.time' which will plot the minimum SMB response time.
-
-AVG: available for all integer and relative time fields.This will
-calculate the average seen integer/time value seen for the field during
-the interval.  Example: 'smb.time' which will plot the average SMB
-response time.
-
-LOAD: available only for relative time fields (response times).
-
-Example of advanced:
-Display how NFS response time MAX/MIN/AVG changes over time:
-
-Set first graph to:
-
-   filter:nfs&&rpc.time
-   Calc:MAX rpc.time
-
-Set second graph to
-
-   filter:nfs&&rpc.time
-   Calc:AVG rpc.time
-
-Set third graph to
-
-   filter:nfs&&rpc.time
-   Calc:MIN rpc.time
-
-Example of advanced:
-Display how the average packet size from host a.b.c.d changes over time.
-
-Set first graph to
-
-   filter:ip.addr==a.b.c.d&&frame.pkt_len
-   Calc:AVG frame.pkt_len
-
-LOAD:
-The LOAD io-stat type is very different from anything you have ever seen
-before! While the response times themselves as plotted by MIN,MAX,AVG are
-indications on the Server load (which affects the Server response time),
-the LOAD measurement measures the Client LOAD.
-What this measures is how much workload the client generates,
-i.e. how fast will the client issue new commands when the previous ones
-completed.
-i.e. the level of concurrency the client can maintain.
-The higher the number, the more and faster is the client issuing new
-commands.  When the LOAD goes down, it may be due to client load making
-the client slower in issuing new commands (there may be other reasons as
-well, maybe the client just doesn't have any commands it wants to issue
-right then).
-
-Load is measured in concurrency/number of overlapping i/o and the value
-1000 means there is a constant load of one i/o.
-
-In each tick interval the amount of overlap is measured.
-See the graph below containing three commands:
-Below the graph are the LOAD values for each interval that would be calculated.
-
-  |     |     |     |     |     |     |     |     |
-  |     |     |     |     |     |     |     |     |
-  |     |  o=====*  |     |     |     |     |     |
-  |     |     |     |     |     |     |     |     |
-  |  o========*     | o============*  |     |     |
-  |     |     |     |     |     |     |     |     |
-  --------------------------------------------------> Time
-   500   1500   500  750   1000   500    0     0
---
-
-menu:Statistics[Conversation List]::
-+
---
-This option will open a new window that displays a list of all
-conversations between two endpoints.  The list has one row for each
-unique conversation and displays total number of packets/bytes seen as
-well as number of packets/bytes in each direction.
-
-By default the list is sorted according to the number of packets but by
-clicking on the column header; it is possible to re-sort the list in
-ascending or descending order by any column.
-
-By first selecting a conversation by clicking on it and then using the
-right mouse button (on those platforms that have a right
-mouse button) Wireshark will display a popup menu offering several different
-filter operations to apply to the capture.
-
-These statistics windows can also be invoked from the Wireshark command
-line using the *-z conv* argument.
---
-
-menu:Statistics[Service Response Time]::
-+
---
-
-* AFP
-
-* CAMEL
-
-* DCE-RPC
-
-Open a window to display Service Response Time statistics for an
-arbitrary DCE-RPC program
-interface and display *Procedure*, *Number of Calls*, *Minimum SRT*,
-*Maximum SRT* and *Average SRT* for all procedures for that
-program/version.  These windows opened will update in semi-real time to
-reflect changes when doing live captures or when reading new capture
-files into *Wireshark*.
-
-This dialog will also allow an optional filter string to be used.
-If an optional filter string is used only such DCE-RPC request/response pairs
-that match that filter will be used to calculate the statistics.  If no filter
-string is specified all request/response pairs will be used.
-
-* Diameter
-
-* Fibre Channel
-
-Open a window to display Service Response Time statistics for Fibre Channel
-and display *FC Type*, *Number of Calls*, *Minimum SRT*,
-*Maximum SRT* and *Average SRT* for all FC types.
-These windows opened will update in semi-real time to
-reflect changes when doing live captures or when reading new capture
-files into *Wireshark*.
-The Service Response Time is calculated as the time delta between the
-First packet of the exchange and the Last packet of the exchange.
-
-This dialog will also allow an optional filter string to be used.
-If an optional filter string is used only such FC first/last exchange pairs
-that match that filter will be used to calculate the statistics.  If no filter
-string is specified all request/response pairs will be used.
-
-* GTP
-
-* H.225 RAS
-
-Collect requests/response SRT (Service Response Time) data for ITU-T H.225 RAS.
-Data collected is *number of calls* for each known ITU-T H.225 RAS Message Type,
-*Minimum SRT*, *Maximum SRT*, *Average SRT*, *Minimum in Packet*, and *Maximum in Packet*.
-You will also get the number of *Open Requests* (Unresponded Requests),
-*Discarded Responses* (Responses without matching request) and Duplicate Messages.
-These windows opened will update in semi-real time to reflect changes when
-doing live captures or when reading new capture files into *Wireshark*.
-
-You can apply an optional filter string in a dialog box, before starting
-the calculation.  The statistics will only be calculated
-on those calls matching that filter.
-
-* LDAP
-
-* MEGACO
-
-* MGCP
-
-Collect requests/response SRT (Service Response Time) data for MGCP.
-Data collected is *number of calls* for each known MGCP Type,
-*Minimum SRT*, *Maximum SRT*, *Average SRT*, *Minimum in Packet*, and *Maximum in Packet*.
-These windows opened will update in semi-real time to reflect changes when
-doing live captures or when reading new capture files into *Wireshark*.
-
-You can apply an optional filter string in a dialog box, before starting
-the calculation.  The statistics will only be calculated
-on those calls matching that filter.
-
-* NCP
-
-* ONC-RPC
-
-Open a window to display statistics for an arbitrary ONC-RPC program interface
-and display *Procedure*, *Number of Calls*, *Minimum SRT*, *Maximum SRT* and *Average SRT* for all procedures for that program/version.
-These windows opened will update in semi-real time to reflect changes when
-doing live captures or when reading new capture files into *Wireshark*.
-
-This dialog will also allow an optional filter string to be used.
-If an optional filter string is used only such ONC-RPC request/response pairs
-that match that filter will be used to calculate the statistics.  If no filter
-string is specified all request/response pairs will be used.
-
-By first selecting a conversation by clicking on it and then using the
-right mouse button (on those platforms that have a right
-mouse button) Wireshark will display a popup menu offering several different
-filter operations to apply to the capture.
-
-* RADIUS
-
-* SCSI
-
-* SMB
-
-Collect call/reply SRT (Service Response Time) data for SMB.  Data collected
-is the number of calls for each SMB command, MinSRT, MaxSRT and AvgSRT.
-
-The data will be presented as separate tables for all normal SMB commands,
-all Transaction2 commands and all NT Transaction commands.
-Only those commands that are seen in the capture will have its stats
-displayed.
-Only the first command in a xAndX command chain will be used in the
-calculation.  So for common SessionSetupAndX + TreeConnectAndX chains,
-only the SessionSetupAndX call will be used in the statistics.
-This is a flaw that might be fixed in the future.
-
-You can apply an optional filter string in a dialog box, before starting
-the calculation.  The stats will only be calculated
-on those calls matching that filter.
-
-By first selecting a conversation by clicking on it and then using the
-right mouse button (on those platforms that have a right
-mouse button) Wireshark will display a popup menu offering several different
-filter operations to apply to the capture.
-
-* SMB2
---
-
-menu:Statistics[BOOTP-DHCP]::
-Show DHCP statistics.
-
-menu:Statistics[Compare]::
-Compare two capture files.
-
-menu:Statistics[Flow Graph]::
-Show protocol flows.
-
-menu:Statistics[HTTP]::
-HTTP Load Distribution, Packet Counter & Requests.
-
-menu:Statistics[IP Addresses]::
-Count, Rate, and Percent by IP Address.
-
-menu:Statistics[IP Destinations]::
-Count, Rate, and Percent by IP Address, protocol, and port.
-
-menu:Statistics[IP Protocol Types]::
-Count, Rate, and Percent by IP Protocol Types.
-
-menu:Statistics[ONC-RPC Programs]::
-This dialog will open a window showing aggregated SRT statistics for all ONC-RPC Programs/versions that exist in the capture file.
-
-menu:Statistics[TCP Stream Graph]::
-Show Round Trip, Throughput, Time-Sequence (Stevens), or Time-Sequence (tcptrace) graphs.
-
-menu:Statistics[UDP Multicast streams]::
-Multicast Streams counts, rates, and other statistics by source and destination address and port pairs.
-
-menu:Statistics[WLAN Traffic]::
-WLAN Traffic Statistics.
-
-menu:Telephony[ITU-T H.225]::
-+
---
-Count ITU-T H.225 messages and their reasons.  In the first column you get a
-list of H.225 messages and H.225 message reasons, which occur in the current
-capture file.  The number of occurrences of each message or reason will be displayed
-in the second column.
-This window opened will update in semi-real time to reflect changes when
-doing live captures or when reading new capture files into *Wireshark*.
-
-You can apply an optional filter string in a dialog box, before starting
-the counter.  The statistics will only be calculated
-on those calls matching that filter.
---
-
-menu:Telephony[SIP]::
-+
---
-Activate a counter for SIP messages.  You will get the number of occurrences of each
-SIP Method and of each SIP Status-Code.  Additionally you also get the number of
-resent SIP Messages (only for SIP over UDP).
-
-This window opened will update in semi-real time to reflect changes when
-doing live captures or when reading new capture files into *Wireshark*.
-
-You can apply an optional filter string in a dialog box, before starting
-the counter.  The statistics will only be calculated
-on those calls matching that filter.
---
-
-menu:Tools[Firewall ACL Rules]::
-Generate firewall rules for a selected packet.
-
-menu:Help[Contents]::
-Display the User's Guide.
-
-menu:Help[Supported Protocols]::
-List of supported protocols and display filter protocol fields.
-
-menu:Help[Manual Pages]::
-Display locally installed HTML versions of these manual pages in a web browser.
-
-menu:Help[Wireshark Online]::
-Various links to online resources to be open in a web browser, like https://www.wireshark.org.
-
-menu:Help[About Wireshark]::
-See various information about Wireshark (see /About dialog below), like the version, the folders used, the available plugins, ...
-
-=== WINDOWS
-
-Main Window::
-+
---
-The main window contains the usual things like the menu, some toolbars, the
-main area and a statusbar.  The main area is split into three panes, you can
-resize each pane using a "thumb" at the right end of each divider line.
-
-The main window is much more flexible than before.  The layout of the main
-window can be customized by the __Layout__ page in the dialog box popped
-up by __Edit:Preferences__, the following will describe the layout with the
-default settings.
---
-
-Main Toolbar::
-Some menu items are available for quick access here.  There is no way to
-customize the items in the toolbar, however the toolbar can be hidden by
-__View:Main Toolbar__.
-
-Filter Toolbar::
-+
---
-A display filter can be entered into the filter toolbar.
-A filter for HTTP, HTTPS, and DNS traffic might look like this:
-
-  tcp.port in {80 443 53}
-
-Selecting the __Filter:__ button lets you choose from a list of named
-filters that you can optionally save.  Pressing the Return or Enter
-keys, or selecting the __Apply__ button, will cause the filter to be
-applied to the current list of packets.  Selecting the __Reset__ button
-clears the display filter so that all packets are displayed (again).
-
-There is no way to customize the items in the toolbar, however the toolbar
-can be hidden by __View:Filter Toolbar__.
---
-
-Packet List Pane::
-+
---
-The top pane contains the list of network packets that you can scroll
-through and select.  By default, the packet number, packet timestamp,
-source and destination addresses, protocol, and description are
-displayed for each packet; the __Columns__ page in the dialog box popped
-up by __Edit:Preferences__ lets you change this (although, unfortunately,
-you currently have to save the preferences, and exit and restart
-Wireshark, for those changes to take effect).
-
-If you click on the heading for a column, the display will be sorted by
-that column; clicking on the heading again will reverse the sort order
-for that column.
-
-An effort is made to display information as high up the protocol stack
-as possible, e.g. IP addresses are displayed for IP packets, but the
-MAC layer address is displayed for unknown packet types.
-
-The right mouse button can be used to pop up a menu of operations.
-
-The middle mouse button can be used to mark a packet.
---
-
-Packet Details Pane::
-The middle pane contains a display of the details of the
-currently-selected packet.  The display shows each field and its value
-in each protocol header in the stack.  The right mouse button can be
-used to pop up a menu of operations.
-
-Packet Bytes Pane::
-+
---
-The lowest pane contains a hex and ASCII dump of the actual packet data.
-Selecting a field in the packet details highlights the corresponding
-bytes in this section.
-
-The right mouse button can be used to pop up a menu of operations.
---
-
-Statusbar::
-+
---
-The statusbar is divided into three parts, on the left some context dependent
-things are shown, like information about the loaded file, in the center the
-number of packets are displayed, and on the right the current configuration
-profile.
-
-The statusbar can be hidden by __View:Statusbar__.
---
-
-Preferences::
-Adjust the behavior of *Wireshark*.
-
-User Interface Preferences::
-Modify the UI to your own personal tastes.
-
-Selection Bars::
-The selection bar in the packet list and packet details can have either
-a "browse" or "select" behavior.  If the selection bar has a "browse"
-behavior, the arrow keys will move an outline of the selection bar,
-allowing you to browse the rest of the list or details without changing
-the selection until you press the space bar.  If the selection bar has a
-"select" behavior, the arrow keys will move the selection bar and change
-the selection to the new item in the packet list or packet details.
-
-Save Window Position::
-If this item is selected, the position of the main Wireshark window will
-be saved when Wireshark exits, and used when Wireshark is started again.
-
-Save Window Size::
-If this item is selected, the size of the main Wireshark window will
-be saved when Wireshark exits, and used when Wireshark is started again.
-
-Save Window Maximized state::
-If this item is selected the maximize state of the main Wireshark window
-will be saved when Wireshark exists, and used when Wireshark is started again.
-
-File Open Dialog Behavior::
-This item allows the user to select how Wireshark handles the listing
-of the "File Open" Dialog when opening trace files.  "Remember Last
-Directory" causes Wireshark to automatically position the dialog in the
-directory of the most recently opened file, even between launches of Wireshark.
-"Always Open in Directory" allows the user to define a persistent directory
-that the dialog will always default to.
-
-Directory::
-Allows the user to specify a persistent File Open directory.  Trailing
-slashes or backslashes will automatically be added.
-
-File Open Preview timeout::
-This items allows the user to define how much time is spend reading the
-capture file to present preview data in the File Open dialog.
-
-Open Recent maximum list entries::
-The File menu supports a recent file list.  This items allows the user to
-specify how many files are kept track of in this list.
-
-Ask for unsaved capture files::
-When closing a capture file or Wireshark itself if the file isn't saved yet
-the user is presented the option to save the file when this item is set.
-
-Wrap during find::
-This items determines the behavior when reaching the beginning or the end
-of a capture file.  When set the search wraps around and continues, otherwise
-it stops.
-
-Settings dialogs show a save button::
-This item determines if the various dialogs sport an explicit Save button
-or that save is implicit in OK / Apply.
-
-Web browser command::
-This entry specifies the command line to launch a web browser.  It is used
-to access online content, like the Wiki and user guide.  Use '%s' to place
-the request URL in the command line.
-
-Layout Preferences::
-The __Layout__ page lets you specify the general layout of the main window.
-You can choose from six different layouts and fill the three panes with the
-contents you like.
-
-Scrollbars::
-The vertical scrollbars in the three panes can be set to be either on
-the left or the right.
-
-Alternating row colors::
-
-Hex Display::
-The highlight method in the hex dump display for the selected protocol
-item can be set to use either inverse video, or bold characters.
-
-Toolbar style::
-
-Filter toolbar placement::
-
-Custom window title::
-
-Column Preferences::
-+
---
-The __Columns__ page lets you specify the number, title, and format
-of each column in the packet list.
-
-The __Column title__ entry is used to specify the title of the column
-displayed at the top of the packet list.  The type of data that the column
-displays can be specified using the __Column format__ option menu.
-The row of buttons on the left perform the following actions:
---
-
-New::
-Adds a new column to the list.
-
-Delete::
-Deletes the currently selected list item.
-
-Up / Down::
-Moves the selected list item up or down one position.
-
-Font Preferences::
-The __Font__ page lets you select the font to be used for most text.
-
-Color Preferences::
-The __Colors__ page can be used to change the color of the text
-displayed in the TCP stream window and for marked packets.  To change a color,
-simply select an attribute from the "Set:" menu and use the color selector to
-get the desired color.  The new text colors are displayed as a sample text.
-
-Capture Preferences::
-+
---
-The __Capture__ page lets you specify various parameters for capturing
-live packet data; these are used the first time a capture is started.
-
-The __Interface:__ combo box lets you specify the interface from which to
-capture packet data, or the name of a FIFO from which to get the packet
-data.
-
-The __Data link type:__ option menu lets you, for some interfaces, select
-the data link header you want to see on the packets you capture.  For
-example, in some OSes and with some versions of libpcap, you can choose,
-on an 802.11 interface, whether the packets should appear as Ethernet
-packets (with a fake Ethernet header) or as 802.11 packets.
-
-The __Limit each packet to ... bytes__ check box lets you set the
-snapshot length to use when capturing live data; turn on the check box,
-and then set the number of bytes to use as the snapshot length.
-
-The __Filter:__ text entry lets you set a capture filter expression to be
-used when capturing.
-
-If any of the environment variables SSH_CONNECTION, SSH_CLIENT,
-REMOTEHOST, DISPLAY, or SESSIONNAME are set, Wireshark will create a
-default capture filter that excludes traffic from the hosts and ports
-defined in those variables.
-
-The __Capture packets in promiscuous mode__ check box lets you specify
-whether to put the interface in promiscuous mode when capturing.
-
-The __Update list of packets in real time__ check box lets you specify
-that the display should be updated as packets are seen.
---
-
-Name Resolution Preferences::
-+
---
-The __Enable MAC name resolution__, __Enable network name resolution__ and
-__Enable transport name resolution__ check boxes let you specify whether
-MAC addresses, network addresses, and transport-layer port numbers
-should be translated to names.
-
-The __Enable concurrent DNS name resolution__ allows Wireshark to send out
-multiple name resolution requests and not wait for the result before
-continuing dissection.  This speeds up dissection with network name
-resolution but initially may miss resolutions.  The number of concurrent
-requests can be set here as well.
-
-__SMI paths__
-
-__SMI modules__
---
-
-RTP Player Preferences::
-This page allows you to select the number of channels visible in the
-RTP player window.  It determines the height of the window, more channels
-are possible and visible by means of a scroll bar.
-
-Protocol Preferences::
-There are also pages for various protocols that Wireshark dissects,
-controlling the way Wireshark handles those protocols.
-
-Edit Capture Filter List::
-
-Edit Display Filter List::
-
-Capture Filter::
-
-Display Filter::
-
-Read Filter::
-
-Search Filter::
-+
---
-The __Edit Capture Filter List__ dialog lets you create, modify, and
-delete capture filters, and the __Edit Display Filter List__ dialog lets
-you create, modify, and delete display filters.
-
-The __Capture Filter__ dialog lets you do all of the editing operations
-listed, and also lets you choose or construct a filter to be used when
-capturing packets.
-
-The __Display Filter__ dialog lets you do all of the editing operations
-listed, and also lets you choose or construct a filter to be used to
-filter the current capture being viewed.
-
-The __Read Filter__ dialog lets you do all of the editing operations
-listed, and also lets you choose or construct a filter to be used to
-as a read filter for a capture file you open.
-
-The __Search Filter__ dialog lets you do all of the editing operations
-listed, and also lets you choose or construct a filter expression to be
-used in a find operation.
-
-In all of those dialogs, the __Filter name__ entry specifies a
-descriptive name for a filter, e.g.  *Web and DNS traffic*.  The
-__Filter string__ entry is the text that actually describes the filtering
-action to take, as described above.The dialog buttons perform the
-following actions:
---
-
-New::
-If there is text in the two entry boxes, creates a new associated list item.
-
-Edit::
-Modifies the currently selected list item to match what's in the entry boxes.
-
-Delete::
-Deletes the currently selected list item.
-
-Add Expression...::
-+
---
-For display filter expressions, pops up a dialog box to allow you to
-construct a filter expression to test a particular field; it offers
-lists of field names, and, when appropriate, lists from which to select
-tests to perform on the field and values with which to compare it.  In
-that dialog box, the OK button will cause the filter expression you
-constructed to be entered into the __Filter string__ entry at the current
-cursor position.
---
-
-OK::
-+
---
-In the __Capture Filter__ dialog, closes the dialog box and makes the
-filter in the __Filter string__ entry the filter in the __Capture
- Preferences__ dialog.  In the __Display Filter__ dialog, closes the dialog
-box and makes the filter in the __Filter string__ entry the current
-display filter, and applies it to the current capture.  In the __Read
- Filter__ dialog, closes the dialog box and makes the filter in the
-__Filter string__ entry the filter in the __Open Capture File__ dialog.
-In the __Search Filter__ dialog, closes the dialog box and makes the
-filter in the __Filter string__ entry the filter in the __Find Packet__
-dialog.
---
-
-Apply::
-Makes the filter in the __Filter string__ entry the current display filter, and applies it to the current capture.
-
-Save::
-If the list of filters being edited is the list of
-capture filters, saves the current filter list to the personal capture
-filters file, and if the list of filters being edited is the list of
-display filters, saves the current filter list to the personal display
-filters file.
-
-Close::
-Closes the dialog without doing anything with the filter in the __Filter string__ entry.
-
-The Color Filters Dialog::
-This dialog displays a list of color filters and allows it to be modified.
-
-THE FILTER LIST::
-Single rows may be selected by clicking.  Multiple rows may be selected
-by using the ctrl and shift keys in combination with the mouse button.
-
-NEW::
-Adds a new filter at the bottom of the list and opens the Edit Color
-Filter dialog box.  You will have to alter the filter expression at
-least before the filter will be accepted.  The format of color filter
-expressions is identical to that of display filters.  The new filter is
-selected, so it may immediately be moved up and down, deleted or edited.
-To avoid confusion all filters are unselected before the new filter is
-created.
-
-EDIT::
-Opens the Edit Color Filter dialog box for the selected filter. (If this
-button is disabled you may have more than one filter selected, making it
-ambiguous which is to be edited.)
-
-ENABLE::
-Enables the selected color filter(s).
-
-DISABLE::
-Disables the selected color filter(s).
-
-DELETE::
-Deletes the selected color filter(s).
-
-EXPORT::
-Allows you to choose a file in which to save the current list of color
-filters.  You may also choose to save only the selected filters.  A
-button is provided to save the filters in the global color filters file
-(you must have sufficient permissions to write this file, of course).
-
-IMPORT::
-Allows you to choose a file containing color filters which are then
-added to the bottom of the current list.  All the added filters are
-selected, so they may be moved to the correct position in the list as a
-group.  To avoid confusion, all filters are unselected before the new
-filters are imported.  A button is provided to load the filters from the
-global color filters file.
-
-CLEAR::
-Deletes your personal color filters file, reloads the global color filters file, if any, and closes the dialog.
-
-UP::
-Moves the selected filter(s) up the list, making it more likely that they will be used to color packets.
-
-DOWN::
-Moves the selected filter(s) down the list, making it less likely that they will be used to color packets.
-
-OK::
-Closes the dialog and uses the color filters as they stand.
-
-APPLY::
-Colors the packets according to the current list of color filters, but does not close the dialog.
-
-SAVE::
-Saves the current list of color filters in your personal color filters
-file.  Unless you do this they will not be used the next time you start
-Wireshark.
-
-CLOSE::
-Closes the dialog without changing the coloration of the packets.  Note
-that changes you have made to the current list of color filters are not
-undone.
-
-Capture Options Dialog::
-+
---
-The __Capture Options Dialog__ lets you specify various parameters for
-capturing live packet data.
-
-The __Interface:__ field lets you specify the interface from which to
-capture packet data or a command from which to get the packet data via a
-pipe.
-
-The __Link layer header type:__ field lets you specify the interfaces link
-layer header type.  This field is usually disabled, as most interface have
-only one header type.
-
-The __Capture packets in promiscuous mode__ check box lets you specify
-whether the interface should be put into promiscuous mode when
-capturing.
-
-The __Limit each packet to ... bytes__ check box and field lets you
-specify a maximum number of bytes per packet to capture and save; if the
-check box is not checked, the limit will be 262144 bytes.
-
-The __Capture Filter:__ entry lets you specify the capture filter using a
-tcpdump-style filter string as described above.
-
-The __File:__ entry lets you specify the file into which captured packets
-should be saved, as in the __Printer Options__ dialog above.  If not
-specified, the captured packets will be saved in a temporary file; you
-can save those packets to a file with the __File:Save As__ menu item.
-
-The __Use multiple files__ check box lets you specify that the capture
-should be done in "multiple files" mode.  This option is disabled, if the
-__Update list of packets in real time__ option is checked.
-
-The __Next file every ...  megabyte(s)__ check box and fields lets
-you specify that a switch to a next file should be done
-if the specified filesize is reached.  You can also select the appropriate
-unit, but beware that the filesize has a maximum of 2 GiB.
-The check box is forced to be checked, as "multiple files" mode requires a
-file size to be specified.
-
-The __Next file every ... minute(s)__ check box and fields lets
-you specify that the switch to a next file should be done after the specified
-time has elapsed, even if the specified capture size is not reached.
-
-The __Ring buffer with ... files__ field lets you specify the number
-of files of a ring buffer.  This feature will capture into the first file
-again, after the specified number of files have been used.
-
-The __Stop capture after ... files__ field lets you specify the number
-of capture files used, until the capture is stopped.
-
-The __Stop capture after ... packet(s)__ check box and field let
-you specify that Wireshark should stop capturing after having captured
-some number of packets; if the check box is not checked, Wireshark will
-not stop capturing at some fixed number of captured packets.
-
-The __Stop capture after ... megabyte(s)__ check box and field lets
-you specify that Wireshark should stop capturing after the file to which
-captured packets are being saved grows as large as or larger than some
-specified number of megabytes.  If the check box is not checked, Wireshark
-will not stop capturing at some capture file size (although the operating
-system on which Wireshark is running, or the available disk space, may still
-limit the maximum size of a capture file).  This option is disabled, if
-"multiple files" mode is used,
-
-The __Stop capture after ...  second(s)__ check box and field let you
-specify that Wireshark should stop capturing after it has been capturing
-for some number of seconds; if the check box is not checked, Wireshark
-will not stop capturing after some fixed time has elapsed.
-
-The __Update list of packets in real time__ check box lets you specify
-whether the display should be updated as packets are captured and, if
-you specify that, the __Automatic scrolling in live capture__ check box
-lets you specify the packet list pane should automatically scroll to
-show the most recently captured packets as new packets arrive.
-
-The __Enable MAC name resolution__, __Enable network name resolution__ and
-__Enable transport name resolution__ check boxes let you specify whether
-MAC addresses, network addresses, and transport-layer port numbers
-should be translated to names.
---
-
-About::
-The __About__ dialog lets you view various information about Wireshark.
-
-menu:About[Wireshark]::
-The __Wireshark__ page lets you view general information about Wireshark,
-like the installed version, licensing information and such.
-
-menu:About[Authors]::
-The __Authors__ page shows the author and all contributors.
-
-menu:About[Folders]::
-The __Folders__ page lets you view the directory names where Wireshark is
-searching its various configuration and other files.
-
-menu:About[Plugins]::
-+
---
-The __Plugins__ page lets you view the dissector plugin modules
-available on your system.
-
-The __Plugins List__ shows the name and version of each dissector plugin
-module found on your system.
-
-On Unix-compatible systems, such as Linux, macOS, \*BSD, Solaris, and
-AIX, the plugins are looked for in the following directories: the
-__lib/wireshark/plugins/$VERSION__ directory under the main installation
-directory (for example, __/usr/local/lib/wireshark/plugins/$VERSION__),
-and then __$HOME/.wireshark/plugins__.
-
-On Windows systems, the plugins are looked for in the following
-directories: __plugins\$VERSION__ directory under the main installation
-directory (for example, __C:\Program Files\Wireshark\plugins\$VERSION__),
-and then __%APPDATA%\Wireshark\plugins\$VERSION__ (or, if %APPDATA% isn't
-defined, __%USERPROFILE%\Application Data\Wireshark\plugins\$VERSION__).
-
-$VERSION is the version number of the plugin interface, which
-is typically the version number of Wireshark.  Note that a dissector
-plugin module may support more than one protocol; there is not
-necessarily a one-to-one correspondence between dissector plugin modules
-and protocols.  Protocols supported by a dissector plugin module are
-enabled and disabled using the __Edit:Protocols__ dialog box, just as
-protocols built into Wireshark are.
---
-
-== CAPTURE FILTER SYNTAX
-
-See the manual page of xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or, if that doesn't exist, xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8),
-or, if that doesn't exist, https://gitlab.com/wireshark/wireshark/-/wikis/CaptureFilters.
-
-== DISPLAY FILTER SYNTAX
-
-For a complete table of protocol and protocol fields that are filterable
-in *Wireshark* see the xref:wireshark-filter.html[wireshark-filter](4) manual page.
-
-== FILES
-
-These files contains various *Wireshark* configuration settings.
-
-Preferences::
-+
---
-The __preferences__ files contain global (system-wide) and personal
-preference settings.  If the system-wide preference file exists, it is
-read first, overriding the default settings.  If the personal preferences
-file exists, it is read next, overriding any previous values.  Note: If
-the command line flag *-o* is used (possibly more than once), it will
-in turn override values from the preferences files.
-
-The preferences settings are in the form __prefname:value__,
-one per line,
-where __prefname__ is the name of the preference
-and __value__ is the value to
-which it should be set; white space is allowed between *:* and
-__value__.  A preference setting can be continued on subsequent lines by
-indenting the continuation lines with white space.  A *#* character
-starts a comment that runs to the end of the line:
-
-  # Vertical scrollbars should be on right side?
-  # TRUE or FALSE (case-insensitive).
-  gui.scrollbar_on_right: TRUE
-
-The global preferences file is looked for in the __wireshark__ directory
-under the __share__ subdirectory of the main installation directory.  On
-macOS, this would typically be
-__/Application/Wireshark.app/Contents/Resources/share__; on other
-UNIX-compatible systems, such as Linux, \*BSD, Solaris, and AIX, this
-would typically be __/usr/share/wireshark/preferences__ for
-system-installed packages and __/usr/local/share/wireshark/preferences__
-for locally-installed packages; on Windows, this would typically be
-__C:\Program Files\Wireshark\preferences__.
-
-On UNIX-compatible systems, the personal preferences file is looked for
-in __$XDG_CONFIG_HOME/wireshark/preferences__, (or, if
-__$XDG_CONFIG_HOME/wireshark__ does not exist while __$HOME/.wireshark__
-does exist, __$HOME/.wireshark/preferences__); this is typically
-__$HOME/.config/wireshark/preferences__.  On Windows,
-the personal preferences file is looked for in
-__%APPDATA%\Wireshark\preferences__ (or, if %APPDATA% isn't defined,
-__%USERPROFILE%\Application Data\Wireshark\preferences__).
-
-Note: Whenever the preferences are saved by using the __Save__ button
-in the __Edit:Preferences__ dialog box, your personal preferences file
-will be overwritten with the new settings, destroying any comments and
-unknown/obsolete settings that were in the file.
---
-
-Recent::
-+
---
-The __recent__ file contains personal settings (mostly GUI related) such
-as the current *Wireshark* window size.  The file is saved at program exit and
-read in at program start automatically.  Note: The command line flag *-o*
-may be used to override settings from this file.
-
-The settings in this file have the same format as in the __preferences__
-files, and the same directory as for the personal preferences file is
-used.
-
-Note: Whenever Wireshark is closed, your recent file
-will be overwritten with the new settings, destroying any comments and
-unknown/obsolete settings that were in the file.
---
-
-Disabled (Enabled) Protocols::
-+
---
-The __disabled_protos__ files contain system-wide and personal lists of
-protocols that have been disabled, so that their dissectors are never
-called.  The files contain protocol names, one per line, where the
-protocol name is the same name that would be used in a display filter
-for the protocol:
-
-  http
-  tcp     # a comment
-
-If a protocol is listed in the global __disabled_protos__ file, it is not
-displayed in the __Analyze:Enabled Protocols__ dialog box, and so cannot
-be enabled by the user.
-
-The global __disabled_protos__ file uses the same directory as the global
-preferences file.
-
-The personal __disabled_protos__ file uses the same directory as the
-personal preferences file.
-
-Note: Whenever the disabled protocols list is saved by using the __Save__
-button in the __Analyze:Enabled Protocols__ dialog box, your personal
-disabled protocols file will be overwritten with the new settings,
-destroying any comments that were in the file.
---
-
-Name Resolution (hosts)::
-+
---
-If the personal __hosts__ file exists, it is
-used to resolve IPv4 and IPv6 addresses before any other
-attempts are made to resolve them.  The file has the standard __hosts__
-file syntax; each line contains one IP address and name, separated by
-whitespace.  The same directory as for the personal preferences file is used.
-
-Capture filter name resolution is handled by libpcap on UNIX-compatible
-systems, such as Linux, macOS, \*BSD, Solaris, and AIX, and Npcap or
-WinPcap on Windows.  As such the Wireshark personal __hosts__ file will
-not be consulted for capture filter name resolution.
---
-
-
-Name Resolution (subnets)::
-+
---
-If an IPv4 address cannot be translated via name resolution (no exact
-match is found) then a partial match is attempted via the __subnets__ file.
-Both the global __subnets__ file and personal __subnets__ files are used
-if they exist.
-
-Each line of this file consists of an IPv4 address, a subnet mask length
-separated only by a / and a name separated by whitespace. While the address
-must be a full IPv4 address, any values beyond the mask length are subsequently
-ignored.
-
-An example is:
-
-# Comments must be prepended by the # sign!
-192.168.0.0/24 ws_test_network
-
-A partially matched name will be printed as "subnet-name.remaining-address".
-For example, "192.168.0.1" under the subnet above would be printed as
-"ws_test_network.1"; if the mask length above had been 16 rather than 24, the
-printed address would be "ws_test_network.0.1".
---
-
-Name Resolution (ethers)::
-+
---
-The __ethers__ files are consulted to correlate 6-byte hardware addresses to
-names.  First the personal __ethers__ file is tried and if an address is not
-found there the global __ethers__ file is tried next.
-
-Each line contains one hardware address and name, separated by
-whitespace.  The digits of the hardware address are separated by colons
-(:), dashes (-) or periods (.).  The same separator character must be
-used consistently in an address.  The following three lines are valid
-lines of an __ethers__ file:
-
-  ff:ff:ff:ff:ff:ff          Broadcast
-  c0-00-ff-ff-ff-ff          TR_broadcast
-  00.00.00.00.00.00          Zero_broadcast
-
-The global __ethers__ file is looked for in the __/etc__ directory on
-UNIX-compatible systems, such as Linux, macOS, \*BSD, Solaris, and AIX,
-and in the main installation directory (for example, __C:\Program
-Files\Wireshark__) on Windows systems.
-
-The personal __ethers__ file is looked for in the same directory as the personal
-preferences file.
-
-Capture filter name resolution is handled by libpcap on UNIX-compatible
-systems and Npcap or WinPcap on Windows.  As such the Wireshark personal
-__ethers__ file will not be consulted for capture filter name
-resolution.
---
-
-Name Resolution (manuf)::
-+
---
-The __manuf__ file is used to match the 3-byte vendor portion of a 6-byte
-hardware address with the manufacturer's name; it can also contain well-known
-MAC addresses and address ranges specified with a netmask.  The format of the
-file is the same as the __ethers__ files, except that entries such as:
-
-  00:00:0C      Cisco
-
-can be provided, with the 3-byte OUI and the name for a vendor, and
-entries such as:
-
-  00-00-0C-07-AC/40     All-HSRP-routers
-
-can be specified, with a MAC address and a mask indicating how many bits
-of the address must match.  The above entry, for example, has 40
-significant bits, or 5 bytes, and would match addresses from
-00-00-0C-07-AC-00 through 00-00-0C-07-AC-FF.  The mask need not be a
-multiple of 8.
-
-The __manuf__ file is looked for in the same directory as the global
-preferences file.
---
-
-Name Resolution (services)::
-+
---
-The __services__ file is used to translate port numbers into names.
-Both the global __services__ file and personal __services__ files are used
-if they exist.
-
-The file has the standard __services__ file syntax; each line contains one
-(service) name and one transport identifier separated by white space.  The
-transport identifier includes one port number and one transport protocol name
-(typically tcp, udp, or sctp) separated by a /.
-
-An example is:
-
-mydns       5045/udp     # My own Domain Name Server
-mydns       5045/tcp     # My own Domain Name Server
---
-
-Name Resolution (ipxnets)::
-+
---
-The __ipxnets__ files are used to correlate 4-byte IPX network numbers to
-names.  First the global __ipxnets__ file is tried and if that address is not
-found there the personal one is tried next.
-
-The format is the same as the __ethers__
-file, except that each address is four bytes instead of six.
-Additionally, the address can be represented as a single hexadecimal
-number, as is more common in the IPX world, rather than four hex octets.
-For example, these four lines are valid lines of an __ipxnets__ file:
-
-  C0.A8.2C.00              HR
-  c0-a8-1c-00              CEO
-  00:00:BE:EF              IT_Server1
-  110f                     FileServer3
-
-The global __ipxnets__ file is looked for in the __/etc__ directory on
-UNIX-compatible systems, such as Linux, macOS, \*BSD, Solaris, and AIX,
-and in the main installation directory (for example, __C:\Program
-Files\Wireshark__) on Windows systems.
-
-The personal __ipxnets__ file is looked for in the same directory as the
-personal preferences file.
---
-
-Capture Filters::
-+
---
-The __cfilters__ files contain system-wide and personal capture filters.
-Each line contains one filter, starting with the string displayed in the
-dialog box in quotation marks, followed by the filter string itself:
-
-  "HTTP" port 80
-  "DCERPC" port 135
-
-The global __cfilters__ file uses the same directory as the
-global preferences file.
-
-The personal __cfilters__ file uses the same directory as the personal
-preferences file.  It is written through the Capture:Capture Filters
-dialog.
-
-If the global __cfilters__ file exists, it is used only if the personal
-__cfilters__ file does not exist; global and personal capture filters are
-not merged.
---
-
-Display Filters::
-+
---
-The __dfilters__ files contain system-wide and personal display filters.
-Each line contains one filter, starting with the string displayed in the
-dialog box in quotation marks, followed by the filter string itself:
-
-  "HTTP" http
-  "DCERPC" dcerpc
-
-The global __dfilters__ file uses the same directory as the
-global preferences file.
-
-The personal __dfilters__ file uses the same directory as the
-personal preferences file.  It is written through the Analyze:Display
-Filters dialog.
-
-If the global __dfilters__ file exists, it is used only if the personal
-__dfilters__ file does not exist; global and personal display filters are
-not merged.
---
-
-Color Filters (Coloring Rules)::
-+
---
-The __colorfilters__ files contain system-wide and personal color filters.
-Each line contains one filter, starting with the string displayed in the
-dialog box, followed by the corresponding display filter.  Then the
-background and foreground colors are appended:
-
-  # a comment
-  @tcp@tcp@[59345,58980,65534][0,0,0]
-  @udp@udp@[28834,57427,65533][0,0,0]
-
-The global __colorfilters__ file uses the same directory as the
-global preferences file.
-
-The personal __colorfilters__ file uses the same directory as the
-personal preferences file.  It is written through the View:Coloring Rules
-dialog.
-
-If the global __colorfilters__ file exists, it is used only if the personal
-__colorfilters__ file does not exist; global and personal color filters are
-not merged.
---
-
-Plugins::
-See above in the description of the About:Plugins page.
-
-== ENVIRONMENT VARIABLES
-
-// Should this be moved to an include file?
-
-WIRESHARK_CONFIG_DIR::
-+
---
-This environment variable overrides the location of personal
-configuration files.  On UNIX-compatible systems, such as Linux, macOS,
-\*BSD, Solaris, and AIX, it defaults to __$XDG_CONFIG_HOME/wireshark__
-(or, if that directory doesn't exist but __$HOME/.wireshark__ does
-exist, __$HOME/.wireshark__); this is typically
-__$HOME/.config/wireshark__.  On Windows, it defaults to
-__%APPDATA%\Wireshark__ (or, if %APPDATA% isn't defined,
-__%USERPROFILE%\Application Data\Wireshark__).  Available since
-Wireshark 3.0.
---
-
-WIRESHARK_DEBUG_WMEM_OVERRIDE::
-Setting this environment variable forces the wmem framework to use the
-specified allocator backend for *all* allocations, regardless of which
-backend is normally specified by the code. This is mainly useful to developers
-when testing or debugging. See __README.wmem__ in the source distribution for
-details.
-
-WIRESHARK_RUN_FROM_BUILD_DIRECTORY::
-This environment variable causes the plugins and other data files to be
-loaded from the build directory (where the program was compiled) rather
-than from the standard locations.  It has no effect when the program in
-question is running with root (or setuid) permissions on UNIX-compatible
-systems, such as Linux, macOS, \*BSD, Solaris, and AIX.
-
-WIRESHARK_DATA_DIR::
-This environment variable causes the various data files to be loaded from
-a directory other than the standard locations.  It has no effect when the
-program in question is running with root (or setuid) permissions on
-UNIX-compatible systems.
-
-WIRESHARK_EXTCAP_DIR::
-This environment variable causes the various extcap programs and scripts
-to be run from a directory other than the standard locations.  It has no
-effect when the program in question is running with root (or setuid)
-permissions on UNIX-compatible systems.
-
-WIRESHARK_PLUGIN_DIR::
-This environment variable causes the various plugins to be loaded from
-a directory other than the standard locations.  It has no effect when the
-program in question is running with root (or setuid) permissions on
-UNIX-compatible systems.
-
-ERF_RECORDS_TO_CHECK::
-This environment variable controls the number of ERF records checked when
-deciding if a file really is in the ERF format.  Setting this environment
-variable a number higher than the default (20) would make false positives
-less likely.
-
-IPFIX_RECORDS_TO_CHECK::
-This environment variable controls the number of IPFIX records checked when
-deciding if a file really is in the IPFIX format.  Setting this environment
-variable a number higher than the default (20) would make false positives
-less likely.
-
-WIRESHARK_ABORT_ON_DISSECTOR_BUG::
-If this environment variable is set, *Wireshark* will call abort(3)
-when a dissector bug is encountered.  abort(3) will cause the program to
-exit abnormally; if you are running *Wireshark* in a debugger, it
-should halt in the debugger and allow inspection of the process, and, if
-you are not running it in a debugger, it will, on some OSes, assuming
-your environment is configured correctly, generate a core dump file.
-This can be useful to developers attempting to troubleshoot a problem
-with a protocol dissector.
-
-WIRESHARK_ABORT_ON_TOO_MANY_ITEMS::
-If this environment variable is set, *Wireshark* will call abort(3)
-if a dissector tries to add too many items to a tree (generally this
-is an indication of the dissector not breaking out of a loop soon enough).
-abort(3) will cause the program to exit abnormally; if you are running
-*Wireshark* in a debugger, it should halt in the debugger and allow
-inspection of the process, and, if you are not running it in a debugger,
-it will, on some OSes, assuming your environment is configured correctly,
-generate a core dump file.  This can be useful to developers attempting to
-troubleshoot a problem with a protocol dissector.
-
-WIRESHARK_QUIT_AFTER_CAPTURE::
-Cause *Wireshark* to exit after the end of the capture session.  This
-doesn't automatically start a capture; you must still use *-k* to do
-that.  You must also specify an autostop condition, e.g.  *-c* or *-a
-duration:...*.  This means that you will not be able to see the results
-of the capture after it stops; it's primarily useful for testing.
-
-WIRESHARK_LOG_LEVEL::
-This environment variable controls the verbosity of diagnostic messages to
-the console. From less verbose to most verbose levels can be `critical`,
-`warning`, `message`, `info`, `debug` or `noisy`. Levels above the
-current level are also active. Levels `critical` and `error` are always
-active.
-
-WIRESHARK_LOG_FATAL::
-Sets the fatal log level. Fatal log levels cause the program to abort.
-This level can be set to `Error`, `critical` or `warning`. `Error` is
-always fatal and is the default.
-
-WIRESHARK_LOG_DOMAINS::
-This environment variable selects which log domains are active. The filter is
-given as a case-insensitive comma separated list. If set only the included
-domains will be enabled. The default domain is always considered to be enabled.
-Domain filter lists can be preceded by '!' to invert the sense of the match.
-
-WIRESHARK_LOG_DEBUG::
-List of domains with `debug` log level. This sets the level of the provided
-log domains and takes precedence over the active domains filter. If preceded
-by '!' this disables the `debug` level instead.
-
-WIRESHARK_LOG_NOISY::
-Same as above but for `noisy` log level instead.
-
-== AUTHORS
-
-Wireshark would not be the powerful, featureful application it is without the generous contributions of hundreds of developers.
-
-A complete list of authors can be found in the AUTHORS file in Wireshark's source code repository and at https://www.wireshark.org/about.html#authors.
-
-== SEE ALSO
-
-xref:wireshark-filter.html[wireshark-filter](4), xref:tshark.html[tshark](1), xref:editcap.html[editcap](1), xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:dumpcap.html[dumpcap](1), xref:mergecap.html[mergecap](1),
-xref:text2pcap.html[text2pcap](1), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
-
-== NOTES
-
-This is the manual page for *Wireshark* {wireshark-version}.
-The latest version of *Wireshark* can be found at
-https://www.wireshark.org.
-
-HTML versions of the Wireshark project man pages are available at
-https://www.wireshark.org/docs/man-pages.
diff --git a/docbook/ws.css b/doc/ws.css
index ee79141b..ee79141b 100644
--- a/docbook/ws.css
+++ b/doc/ws.css
diff --git a/docbook/wsdg_src/developer-guide-docinfo.xml b/doc/wsdg_src/developer-guide-docinfo.xml
index 90f36d11..341b061b 100644
--- a/docbook/wsdg_src/developer-guide-docinfo.xml
+++ b/doc/wsdg_src/developer-guide-docinfo.xml
@@ -1,7 +1,7 @@
 <!-- Document information for the Developer's Guide. -->
 
 <!-- Updated by tools/make-version.py -->
-<subtitle>For Wireshark 4.2</subtitle>
+<subtitle>For Wireshark 4.4</subtitle>
 
   <!-- <title><inlinegraphic entityref="WiresharkLogo" valign="middle" format="PNG"/> &DocumentTitle;</title> -->
 
diff --git a/docbook/wsdg_src/developer-guide.adoc b/doc/wsdg_src/developer-guide.adoc
index cc1c0bd5..8f4bcbbe 100644
--- a/docbook/wsdg_src/developer-guide.adoc
+++ b/doc/wsdg_src/developer-guide.adoc
@@ -16,7 +16,7 @@ endif::[]
 // XXX This should be surrounded by single quotes in the text. It’s
 // currently surrounded by plus signs for AsciiDoc compatibility.
 :dlt-glob: DLT_*
-:qt6-lts-version: 6.2.4
+:qt6-lts-version: 6.5.3
 :source-highlighter: coderay
 
 include::wsdg_preface.adoc[]
diff --git a/docbook/wsdg_src/images/caution.svg b/doc/wsdg_src/images/caution.svg
index 793c6020..793c6020 100644
--- a/docbook/wsdg_src/images/caution.svg
+++ b/doc/wsdg_src/images/caution.svg
diff --git a/docbook/wsdg_src/images/git-triangular-workflow.gv b/doc/wsdg_src/images/git-triangular-workflow.gv
index 809877a8..cb4fb174 100644
--- a/docbook/wsdg_src/images/git-triangular-workflow.gv
+++ b/doc/wsdg_src/images/git-triangular-workflow.gv
@@ -1,4 +1,4 @@
-// dot -Tsvg -o docbook/wsdg_graphics/git-triangular-workflow.svg docbook/wsdg_graphics/git-triangular-workflow.gv
+// dot -Tsvg -o doc/wsdg_graphics/git-triangular-workflow.svg doc/wsdg_graphics/git-triangular-workflow.gv
 
 digraph G {
     // XXX Integrate ws.css. Match it manually for now.
diff --git a/docbook/wsdg_src/images/git-triangular-workflow.svg b/doc/wsdg_src/images/git-triangular-workflow.svg
index 1f8ae3ac..1f8ae3ac 100644
--- a/docbook/wsdg_src/images/git-triangular-workflow.svg
+++ b/doc/wsdg_src/images/git-triangular-workflow.svg
diff --git a/docbook/wsdg_src/images/important.svg b/doc/wsdg_src/images/important.svg
index a2ee7012..a2ee7012 100644
--- a/docbook/wsdg_src/images/important.svg
+++ b/doc/wsdg_src/images/important.svg
diff --git a/docbook/wsdg_src/images/note.svg b/doc/wsdg_src/images/note.svg
index 803dc13e..803dc13e 100644
--- a/docbook/wsdg_src/images/note.svg
+++ b/doc/wsdg_src/images/note.svg
diff --git a/docbook/wsdg_src/images/tip.svg b/doc/wsdg_src/images/tip.svg
index 1a60b74a..1a60b74a 100644
--- a/docbook/wsdg_src/images/tip.svg
+++ b/doc/wsdg_src/images/tip.svg
diff --git a/docbook/wsdg_src/images/warning.svg b/doc/wsdg_src/images/warning.svg
index 80c0ba5c..80c0ba5c 100644
--- a/docbook/wsdg_src/images/warning.svg
+++ b/doc/wsdg_src/images/warning.svg
diff --git a/docbook/wsdg_src/images/ws-capture-sync.dia b/doc/wsdg_src/images/ws-capture-sync.dia
index 00ba9cf8..00ba9cf8 100644
--- a/docbook/wsdg_src/images/ws-capture-sync.dia
+++ b/doc/wsdg_src/images/ws-capture-sync.dia
diff --git a/docbook/wsdg_src/images/ws-capture-sync.png b/doc/wsdg_src/images/ws-capture-sync.png
index d46e1e94..d46e1e94 100644
--- a/docbook/wsdg_src/images/ws-capture-sync.png
+++ b/doc/wsdg_src/images/ws-capture-sync.png
diff --git a/docbook/wsdg_src/images/ws-capture_internals.dia b/doc/wsdg_src/images/ws-capture_internals.dia
index 0eae20e5..0eae20e5 100644
--- a/docbook/wsdg_src/images/ws-capture_internals.dia
+++ b/doc/wsdg_src/images/ws-capture_internals.dia
diff --git a/docbook/wsdg_src/images/ws-capture_internals.png b/doc/wsdg_src/images/ws-capture_internals.png
index 6d110af3..6d110af3 100644
--- a/docbook/wsdg_src/images/ws-capture_internals.png
+++ b/doc/wsdg_src/images/ws-capture_internals.png
diff --git a/docbook/wsdg_src/images/ws-dev-guide-cover.png b/doc/wsdg_src/images/ws-dev-guide-cover.png
index 8134d2d0..8134d2d0 100644
--- a/docbook/wsdg_src/images/ws-dev-guide-cover.png
+++ b/doc/wsdg_src/images/ws-dev-guide-cover.png
diff --git a/doc/wsdg_src/images/ws-function-blocks.dia b/doc/wsdg_src/images/ws-function-blocks.dia
new file mode 100644
index 00000000..bc17f05e
--- /dev/null
+++ b/doc/wsdg_src/images/ws-function-blocks.dia
diff --git a/doc/wsdg_src/images/ws-function-blocks.svg b/doc/wsdg_src/images/ws-function-blocks.svg
new file mode 100644
index 00000000..c9bc7f7e
--- /dev/null
+++ b/doc/wsdg_src/images/ws-function-blocks.svg
@@ -0,0 +1,449 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="463pt" height="663pt" viewBox="0 0 463 663" version="1.1">
+<defs>
+<g>
+<symbol overflow="visible" id="glyph0-0">
+<path style="stroke:none;" d="M 1.203125 0 L 1.203125 -9.140625 L 6.46875 -9.140625 L 6.46875 0 Z M 1.859375 -0.65625 L 5.8125 -0.65625 L 5.8125 -8.484375 L 1.859375 -8.484375 Z M 1.859375 -0.65625 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-1">
+<path style="stroke:none;" d="M 5.15625 -8.25 C 4.175781 -8.25 3.40625 -7.921875 2.84375 -7.265625 C 2.28125 -6.609375 2 -5.707031 2 -4.5625 C 2 -3.425781 2.257812 -2.53125 2.78125 -1.875 C 3.3125 -1.21875 4.097656 -0.890625 5.140625 -0.890625 C 5.546875 -0.890625 5.925781 -0.921875 6.28125 -0.984375 C 6.644531 -1.054688 6.992188 -1.140625 7.328125 -1.234375 L 7.328125 -0.25 C 6.992188 -0.113281 6.644531 -0.0195312 6.28125 0.03125 C 5.914062 0.09375 5.484375 0.125 4.984375 0.125 C 4.046875 0.125 3.265625 -0.0664062 2.640625 -0.453125 C 2.023438 -0.835938 1.5625 -1.378906 1.25 -2.078125 C 0.9375 -2.785156 0.78125 -3.617188 0.78125 -4.578125 C 0.78125 -5.503906 0.945312 -6.316406 1.28125 -7.015625 C 1.625 -7.722656 2.125 -8.273438 2.78125 -8.671875 C 3.4375 -9.066406 4.234375 -9.265625 5.171875 -9.265625 C 6.128906 -9.265625 6.96875 -9.085938 7.6875 -8.734375 L 7.234375 -7.75 C 6.953125 -7.882812 6.632812 -8 6.28125 -8.09375 C 5.9375 -8.195312 5.5625 -8.25 5.15625 -8.25 Z M 5.15625 -8.25 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-2">
+<path style="stroke:none;" d="M 7.046875 -3.4375 C 7.046875 -2.300781 6.757812 -1.421875 6.1875 -0.796875 C 5.613281 -0.179688 4.835938 0.125 3.859375 0.125 C 3.242188 0.125 2.695312 -0.0078125 2.21875 -0.28125 C 1.75 -0.5625 1.378906 -0.96875 1.109375 -1.5 C 0.835938 -2.03125 0.703125 -2.675781 0.703125 -3.4375 C 0.703125 -4.570312 0.988281 -5.445312 1.5625 -6.0625 C 2.132812 -6.675781 2.910156 -6.984375 3.890625 -6.984375 C 4.515625 -6.984375 5.0625 -6.84375 5.53125 -6.5625 C 6.007812 -6.289062 6.378906 -5.890625 6.640625 -5.359375 C 6.910156 -4.835938 7.046875 -4.195312 7.046875 -3.4375 Z M 1.875 -3.4375 C 1.875 -2.632812 2.03125 -1.992188 2.34375 -1.515625 C 2.664062 -1.046875 3.175781 -0.8125 3.875 -0.8125 C 4.5625 -0.8125 5.066406 -1.046875 5.390625 -1.515625 C 5.722656 -1.992188 5.890625 -2.632812 5.890625 -3.4375 C 5.890625 -4.25 5.722656 -4.882812 5.390625 -5.34375 C 5.066406 -5.8125 4.554688 -6.046875 3.859375 -6.046875 C 3.160156 -6.046875 2.65625 -5.8125 2.34375 -5.34375 C 2.03125 -4.882812 1.875 -4.25 1.875 -3.4375 Z M 1.875 -3.4375 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-3">
+<path style="stroke:none;" d="M 4.28125 -6.984375 C 4.414062 -6.984375 4.554688 -6.976562 4.703125 -6.96875 C 4.847656 -6.957031 4.976562 -6.9375 5.09375 -6.90625 L 4.953125 -5.875 C 4.835938 -5.894531 4.710938 -5.914062 4.578125 -5.9375 C 4.453125 -5.957031 4.328125 -5.96875 4.203125 -5.96875 C 3.859375 -5.96875 3.53125 -5.867188 3.21875 -5.671875 C 2.914062 -5.484375 2.671875 -5.210938 2.484375 -4.859375 C 2.304688 -4.515625 2.21875 -4.113281 2.21875 -3.65625 L 2.21875 0 L 1.09375 0 L 1.09375 -6.859375 L 2.015625 -6.859375 L 2.140625 -5.609375 L 2.1875 -5.609375 C 2.40625 -5.984375 2.691406 -6.304688 3.046875 -6.578125 C 3.398438 -6.847656 3.8125 -6.984375 4.28125 -6.984375 Z M 4.28125 -6.984375 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-4">
+<path style="stroke:none;" d="M 3.734375 -6.984375 C 4.328125 -6.984375 4.832031 -6.851562 5.25 -6.59375 C 5.675781 -6.34375 6 -5.984375 6.21875 -5.515625 C 6.445312 -5.054688 6.5625 -4.515625 6.5625 -3.890625 L 6.5625 -3.21875 L 1.875 -3.21875 C 1.882812 -2.4375 2.078125 -1.84375 2.453125 -1.4375 C 2.835938 -1.03125 3.375 -0.828125 4.0625 -0.828125 C 4.488281 -0.828125 4.867188 -0.867188 5.203125 -0.953125 C 5.546875 -1.035156 5.894531 -1.15625 6.25 -1.3125 L 6.25 -0.3125 C 5.90625 -0.164062 5.5625 -0.0546875 5.21875 0.015625 C 4.875 0.0859375 4.46875 0.125 4 0.125 C 3.351562 0.125 2.78125 -0.00390625 2.28125 -0.265625 C 1.78125 -0.535156 1.390625 -0.929688 1.109375 -1.453125 C 0.835938 -1.972656 0.703125 -2.613281 0.703125 -3.375 C 0.703125 -4.125 0.828125 -4.765625 1.078125 -5.296875 C 1.328125 -5.835938 1.679688 -6.253906 2.140625 -6.546875 C 2.597656 -6.835938 3.128906 -6.984375 3.734375 -6.984375 Z M 3.71875 -6.0625 C 3.1875 -6.0625 2.765625 -5.890625 2.453125 -5.546875 C 2.140625 -5.203125 1.953125 -4.722656 1.890625 -4.109375 L 5.390625 -4.109375 C 5.378906 -4.691406 5.238281 -5.160156 4.96875 -5.515625 C 4.707031 -5.878906 4.289062 -6.0625 3.71875 -6.0625 Z M 3.71875 -6.0625 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-5">
+<path style="stroke:none;" d="M 6.34375 0 L 1.234375 0 L 1.234375 -9.140625 L 6.34375 -9.140625 L 6.34375 -8.125 L 2.390625 -8.125 L 2.390625 -5.265625 L 6.109375 -5.265625 L 6.109375 -4.28125 L 2.390625 -4.28125 L 2.390625 -1.015625 L 6.34375 -1.015625 Z M 6.34375 0 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-6">
+<path style="stroke:none;" d="M 4.34375 -6.984375 C 5.195312 -6.984375 5.878906 -6.6875 6.390625 -6.09375 C 6.910156 -5.507812 7.171875 -4.625 7.171875 -3.4375 C 7.171875 -2.269531 6.910156 -1.382812 6.390625 -0.78125 C 5.878906 -0.175781 5.195312 0.125 4.34375 0.125 C 3.8125 0.125 3.375 0.0234375 3.03125 -0.171875 C 2.6875 -0.367188 2.414062 -0.601562 2.21875 -0.875 L 2.140625 -0.875 C 2.148438 -0.726562 2.164062 -0.539062 2.1875 -0.3125 C 2.207031 -0.09375 2.21875 0.09375 2.21875 0.25 L 2.21875 3.078125 L 1.09375 3.078125 L 1.09375 -6.859375 L 2.015625 -6.859375 L 2.15625 -5.921875 L 2.21875 -5.921875 C 2.414062 -6.222656 2.679688 -6.472656 3.015625 -6.671875 C 3.347656 -6.878906 3.789062 -6.984375 4.34375 -6.984375 Z M 4.140625 -6.046875 C 3.441406 -6.046875 2.945312 -5.847656 2.65625 -5.453125 C 2.375 -5.054688 2.226562 -4.457031 2.21875 -3.65625 L 2.21875 -3.4375 C 2.21875 -2.59375 2.351562 -1.941406 2.625 -1.484375 C 2.90625 -1.035156 3.421875 -0.8125 4.171875 -0.8125 C 4.585938 -0.8125 4.929688 -0.925781 5.203125 -1.15625 C 5.472656 -1.382812 5.671875 -1.695312 5.796875 -2.09375 C 5.929688 -2.488281 6 -2.941406 6 -3.453125 C 6 -4.234375 5.847656 -4.859375 5.546875 -5.328125 C 5.242188 -5.804688 4.773438 -6.046875 4.140625 -6.046875 Z M 4.140625 -6.046875 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-7">
+<path style="stroke:none;" d="M 3.6875 -6.96875 C 4.519531 -6.96875 5.132812 -6.785156 5.53125 -6.421875 C 5.9375 -6.054688 6.140625 -5.472656 6.140625 -4.671875 L 6.140625 0 L 5.328125 0 L 5.109375 -0.96875 L 5.0625 -0.96875 C 4.757812 -0.59375 4.441406 -0.316406 4.109375 -0.140625 C 3.785156 0.0351562 3.332031 0.125 2.75 0.125 C 2.125 0.125 1.609375 -0.0351562 1.203125 -0.359375 C 0.796875 -0.691406 0.59375 -1.207031 0.59375 -1.90625 C 0.59375 -2.59375 0.859375 -3.117188 1.390625 -3.484375 C 1.929688 -3.859375 2.757812 -4.0625 3.875 -4.09375 L 5.046875 -4.140625 L 5.046875 -4.546875 C 5.046875 -5.117188 4.921875 -5.515625 4.671875 -5.734375 C 4.421875 -5.953125 4.070312 -6.0625 3.625 -6.0625 C 3.257812 -6.0625 2.914062 -6.007812 2.59375 -5.90625 C 2.269531 -5.800781 1.96875 -5.679688 1.6875 -5.546875 L 1.34375 -6.390625 C 1.644531 -6.546875 2 -6.679688 2.40625 -6.796875 C 2.8125 -6.910156 3.238281 -6.96875 3.6875 -6.96875 Z M 4.015625 -3.3125 C 3.160156 -3.28125 2.566406 -3.144531 2.234375 -2.90625 C 1.910156 -2.664062 1.75 -2.328125 1.75 -1.890625 C 1.75 -1.503906 1.863281 -1.222656 2.09375 -1.046875 C 2.332031 -0.867188 2.632812 -0.78125 3 -0.78125 C 3.582031 -0.78125 4.066406 -0.9375 4.453125 -1.25 C 4.835938 -1.570312 5.03125 -2.066406 5.03125 -2.734375 L 5.03125 -3.359375 Z M 4.015625 -3.3125 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-8">
+<path style="stroke:none;" d="M 4.390625 -6.984375 C 5.210938 -6.984375 5.832031 -6.785156 6.25 -6.390625 C 6.664062 -5.992188 6.875 -5.351562 6.875 -4.46875 L 6.875 0 L 5.765625 0 L 5.765625 -4.390625 C 5.765625 -5.492188 5.25 -6.046875 4.21875 -6.046875 C 3.457031 -6.046875 2.929688 -5.832031 2.640625 -5.40625 C 2.359375 -4.976562 2.21875 -4.363281 2.21875 -3.5625 L 2.21875 0 L 1.09375 0 L 1.09375 -6.859375 L 2 -6.859375 L 2.15625 -5.921875 L 2.234375 -5.921875 C 2.453125 -6.285156 2.753906 -6.550781 3.140625 -6.71875 C 3.535156 -6.894531 3.953125 -6.984375 4.390625 -6.984375 Z M 4.390625 -6.984375 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-9">
+<path style="stroke:none;" d="M 11.734375 -9.140625 L 9.296875 0 L 8.140625 0 L 6.359375 -5.984375 C 6.285156 -6.234375 6.210938 -6.484375 6.140625 -6.734375 C 6.078125 -6.984375 6.023438 -7.203125 5.984375 -7.390625 C 5.941406 -7.578125 5.914062 -7.710938 5.90625 -7.796875 C 5.894531 -7.679688 5.847656 -7.441406 5.765625 -7.078125 C 5.679688 -6.722656 5.582031 -6.347656 5.46875 -5.953125 L 3.734375 0 L 2.578125 0 L 0.15625 -9.140625 L 1.359375 -9.140625 L 2.78125 -3.5625 C 2.882812 -3.164062 2.96875 -2.785156 3.03125 -2.421875 C 3.101562 -2.054688 3.164062 -1.707031 3.21875 -1.375 C 3.257812 -1.707031 3.320312 -2.070312 3.40625 -2.46875 C 3.488281 -2.863281 3.585938 -3.25 3.703125 -3.625 L 5.3125 -9.140625 L 6.5 -9.140625 L 8.171875 -3.578125 C 8.296875 -3.191406 8.398438 -2.800781 8.484375 -2.40625 C 8.566406 -2.019531 8.628906 -1.675781 8.671875 -1.375 C 8.710938 -1.695312 8.769531 -2.039062 8.84375 -2.40625 C 8.925781 -2.78125 9.019531 -3.171875 9.125 -3.578125 L 10.53125 -9.140625 Z M 11.734375 -9.140625 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-10">
+<path style="stroke:none;" d="M 1.65625 -9.4375 C 1.832031 -9.4375 1.984375 -9.375 2.109375 -9.25 C 2.242188 -9.132812 2.3125 -8.957031 2.3125 -8.71875 C 2.3125 -8.476562 2.242188 -8.296875 2.109375 -8.171875 C 1.984375 -8.054688 1.832031 -8 1.65625 -8 C 1.46875 -8 1.3125 -8.054688 1.1875 -8.171875 C 1.0625 -8.296875 1 -8.476562 1 -8.71875 C 1 -8.957031 1.0625 -9.132812 1.1875 -9.25 C 1.3125 -9.375 1.46875 -9.4375 1.65625 -9.4375 Z M 2.21875 -6.859375 L 2.21875 0 L 1.09375 0 L 1.09375 -6.859375 Z M 2.21875 -6.859375 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-11">
+<path style="stroke:none;" d="M 3.375 -0.796875 C 3.550781 -0.796875 3.726562 -0.8125 3.90625 -0.84375 C 4.082031 -0.875 4.226562 -0.90625 4.34375 -0.9375 L 4.34375 -0.078125 C 4.21875 -0.015625 4.046875 0.03125 3.828125 0.0625 C 3.609375 0.101562 3.394531 0.125 3.1875 0.125 C 2.832031 0.125 2.5 0.0625 2.1875 -0.0625 C 1.882812 -0.1875 1.640625 -0.398438 1.453125 -0.703125 C 1.265625 -1.015625 1.171875 -1.445312 1.171875 -2 L 1.171875 -5.984375 L 0.203125 -5.984375 L 0.203125 -6.53125 L 1.1875 -6.96875 L 1.640625 -8.4375 L 2.296875 -8.4375 L 2.296875 -6.859375 L 4.28125 -6.859375 L 4.28125 -5.984375 L 2.296875 -5.984375 L 2.296875 -2.015625 C 2.296875 -1.597656 2.394531 -1.289062 2.59375 -1.09375 C 2.800781 -0.894531 3.0625 -0.796875 3.375 -0.796875 Z M 3.375 -0.796875 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-12">
+<path style="stroke:none;" d="M 6.828125 -6.859375 L 6.828125 0 L 5.90625 0 L 5.734375 -0.90625 L 5.6875 -0.90625 C 5.457031 -0.550781 5.144531 -0.289062 4.75 -0.125 C 4.363281 0.0390625 3.945312 0.125 3.5 0.125 C 2.675781 0.125 2.054688 -0.0703125 1.640625 -0.46875 C 1.222656 -0.863281 1.015625 -1.5 1.015625 -2.375 L 1.015625 -6.859375 L 2.15625 -6.859375 L 2.15625 -2.4375 C 2.15625 -1.351562 2.660156 -0.8125 3.671875 -0.8125 C 4.429688 -0.8125 4.957031 -1.019531 5.25 -1.4375 C 5.539062 -1.863281 5.6875 -2.476562 5.6875 -3.28125 L 5.6875 -6.859375 Z M 6.828125 -6.859375 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-13">
+<path style="stroke:none;" d="M 5.203125 -4.828125 L 8.375 -4.828125 L 8.375 -0.34375 C 7.875 -0.1875 7.367188 -0.0703125 6.859375 0 C 6.359375 0.0820312 5.789062 0.125 5.15625 0.125 C 4.207031 0.125 3.410156 -0.0625 2.765625 -0.4375 C 2.117188 -0.820312 1.625 -1.363281 1.28125 -2.0625 C 0.945312 -2.769531 0.78125 -3.601562 0.78125 -4.5625 C 0.78125 -5.519531 0.96875 -6.347656 1.34375 -7.046875 C 1.71875 -7.742188 2.253906 -8.285156 2.953125 -8.671875 C 3.660156 -9.066406 4.515625 -9.265625 5.515625 -9.265625 C 6.023438 -9.265625 6.507812 -9.21875 6.96875 -9.125 C 7.425781 -9.03125 7.847656 -8.898438 8.234375 -8.734375 L 7.8125 -7.734375 C 7.476562 -7.878906 7.109375 -8 6.703125 -8.09375 C 6.304688 -8.195312 5.890625 -8.25 5.453125 -8.25 C 4.359375 -8.25 3.503906 -7.921875 2.890625 -7.265625 C 2.285156 -6.609375 1.984375 -5.707031 1.984375 -4.5625 C 1.984375 -3.84375 2.097656 -3.203125 2.328125 -2.640625 C 2.566406 -2.078125 2.9375 -1.640625 3.4375 -1.328125 C 3.945312 -1.023438 4.609375 -0.875 5.421875 -0.875 C 5.828125 -0.875 6.171875 -0.894531 6.453125 -0.9375 C 6.734375 -0.976562 6.988281 -1.03125 7.21875 -1.09375 L 7.21875 -3.796875 L 5.203125 -3.796875 Z M 5.203125 -4.828125 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-14">
+<path style="stroke:none;" d="M 8.1875 -3.21875 C 8.1875 -2.59375 8.054688 -2.023438 7.796875 -1.515625 C 7.546875 -1.003906 7.15625 -0.601562 6.625 -0.3125 C 6.101562 -0.0195312 5.4375 0.125 4.625 0.125 C 3.5 0.125 2.640625 -0.179688 2.046875 -0.796875 C 1.453125 -1.421875 1.15625 -2.238281 1.15625 -3.25 L 1.15625 -9.140625 L 2.296875 -9.140625 L 2.296875 -3.21875 C 2.296875 -2.46875 2.492188 -1.890625 2.890625 -1.484375 C 3.296875 -1.078125 3.898438 -0.875 4.703125 -0.875 C 5.523438 -0.875 6.117188 -1.09375 6.484375 -1.53125 C 6.859375 -1.96875 7.046875 -2.53125 7.046875 -3.21875 L 7.046875 -9.140625 L 8.1875 -9.140625 Z M 8.1875 -3.21875 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-15">
+<path style="stroke:none;" d="M 3.8125 0 L 0.515625 0 L 0.515625 -0.671875 L 1.59375 -0.90625 L 1.59375 -8.21875 L 0.515625 -8.46875 L 0.515625 -9.140625 L 3.8125 -9.140625 L 3.8125 -8.46875 L 2.734375 -8.21875 L 2.734375 -0.90625 L 3.8125 -0.671875 Z M 3.8125 0 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-16">
+<path style="stroke:none;" d=""/>
+</symbol>
+<symbol overflow="visible" id="glyph0-17">
+<path style="stroke:none;" d="M 0.515625 -3.5 C 0.515625 -4.539062 0.664062 -5.546875 0.96875 -6.515625 C 1.269531 -7.484375 1.742188 -8.359375 2.390625 -9.140625 L 3.453125 -9.140625 C 2.859375 -8.335938 2.410156 -7.453125 2.109375 -6.484375 C 1.804688 -5.523438 1.65625 -4.535156 1.65625 -3.515625 C 1.65625 -2.523438 1.804688 -1.554688 2.109375 -0.609375 C 2.410156 0.335938 2.851562 1.210938 3.4375 2.015625 L 2.390625 2.015625 C 1.742188 1.265625 1.269531 0.414062 0.96875 -0.53125 C 0.664062 -1.476562 0.515625 -2.46875 0.515625 -3.5 Z M 0.515625 -3.5 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-18">
+<path style="stroke:none;" d="M 9.21875 -4.578125 C 9.21875 -3.460938 8.992188 -2.507812 8.546875 -1.71875 C 8.097656 -0.9375 7.429688 -0.398438 6.546875 -0.109375 L 8.734375 2.171875 L 7.09375 2.171875 L 5.328125 0.109375 C 5.273438 0.109375 5.21875 0.109375 5.15625 0.109375 C 5.101562 0.117188 5.050781 0.125 5 0.125 C 4.050781 0.125 3.265625 -0.0664062 2.640625 -0.453125 C 2.015625 -0.847656 1.546875 -1.398438 1.234375 -2.109375 C 0.929688 -2.816406 0.78125 -3.644531 0.78125 -4.59375 C 0.78125 -5.53125 0.929688 -6.347656 1.234375 -7.046875 C 1.546875 -7.742188 2.015625 -8.289062 2.640625 -8.6875 C 3.265625 -9.082031 4.054688 -9.28125 5.015625 -9.28125 C 5.929688 -9.28125 6.695312 -9.082031 7.3125 -8.6875 C 7.9375 -8.300781 8.410156 -7.753906 8.734375 -7.046875 C 9.054688 -6.347656 9.21875 -5.523438 9.21875 -4.578125 Z M 2 -4.578125 C 2 -3.429688 2.238281 -2.523438 2.71875 -1.859375 C 3.207031 -1.203125 3.96875 -0.875 5 -0.875 C 6.039062 -0.875 6.800781 -1.203125 7.28125 -1.859375 C 7.757812 -2.523438 8 -3.429688 8 -4.578125 C 8 -5.734375 7.757812 -6.632812 7.28125 -7.28125 C 6.800781 -7.9375 6.046875 -8.265625 5.015625 -8.265625 C 3.984375 -8.265625 3.222656 -7.9375 2.734375 -7.28125 C 2.242188 -6.632812 2 -5.734375 2 -4.578125 Z M 2 -4.578125 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-19">
+<path style="stroke:none;" d="M 3.328125 -3.5 C 3.328125 -2.46875 3.175781 -1.476562 2.875 -0.53125 C 2.570312 0.414062 2.097656 1.265625 1.453125 2.015625 L 0.390625 2.015625 C 0.984375 1.210938 1.429688 0.335938 1.734375 -0.609375 C 2.035156 -1.554688 2.1875 -2.523438 2.1875 -3.515625 C 2.1875 -4.535156 2.035156 -5.523438 1.734375 -6.484375 C 1.429688 -7.453125 0.984375 -8.335938 0.390625 -9.140625 L 1.453125 -9.140625 C 2.097656 -8.359375 2.570312 -7.484375 2.875 -6.515625 C 3.175781 -5.546875 3.328125 -4.539062 3.328125 -3.5 Z M 3.328125 -3.5 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-20">
+<path style="stroke:none;" d="M 8.234375 0 L 7.078125 0 L 7.078125 -4.265625 L 2.390625 -4.265625 L 2.390625 0 L 1.234375 0 L 1.234375 -9.140625 L 2.390625 -9.140625 L 2.390625 -5.265625 L 7.078125 -5.265625 L 7.078125 -9.140625 L 8.234375 -9.140625 Z M 8.234375 0 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-21">
+<path style="stroke:none;" d="M 3.515625 0.125 C 2.660156 0.125 1.976562 -0.171875 1.46875 -0.765625 C 0.957031 -1.359375 0.703125 -2.242188 0.703125 -3.421875 C 0.703125 -4.597656 0.957031 -5.484375 1.46875 -6.078125 C 1.988281 -6.679688 2.675781 -6.984375 3.53125 -6.984375 C 4.0625 -6.984375 4.492188 -6.882812 4.828125 -6.6875 C 5.171875 -6.5 5.445312 -6.257812 5.65625 -5.96875 L 5.734375 -5.96875 C 5.722656 -6.082031 5.707031 -6.25 5.6875 -6.46875 C 5.664062 -6.6875 5.65625 -6.859375 5.65625 -6.984375 L 5.65625 -9.71875 L 6.78125 -9.71875 L 6.78125 0 L 5.875 0 L 5.703125 -0.921875 L 5.65625 -0.921875 C 5.445312 -0.628906 5.171875 -0.378906 4.828125 -0.171875 C 4.492188 0.0234375 4.054688 0.125 3.515625 0.125 Z M 3.703125 -0.8125 C 4.421875 -0.8125 4.925781 -1.007812 5.21875 -1.40625 C 5.519531 -1.800781 5.671875 -2.398438 5.671875 -3.203125 L 5.671875 -3.40625 C 5.671875 -4.257812 5.53125 -4.910156 5.25 -5.359375 C 4.96875 -5.816406 4.445312 -6.046875 3.6875 -6.046875 C 3.082031 -6.046875 2.628906 -5.804688 2.328125 -5.328125 C 2.023438 -4.847656 1.875 -4.203125 1.875 -3.390625 C 1.875 -2.566406 2.023438 -1.929688 2.328125 -1.484375 C 2.628906 -1.035156 3.085938 -0.8125 3.703125 -0.8125 Z M 3.703125 -0.8125 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-22">
+<path style="stroke:none;" d="M 5.546875 -1.890625 C 5.546875 -1.222656 5.296875 -0.71875 4.796875 -0.375 C 4.304688 -0.0390625 3.644531 0.125 2.8125 0.125 C 2.332031 0.125 1.921875 0.0820312 1.578125 0 C 1.234375 -0.0703125 0.929688 -0.175781 0.671875 -0.3125 L 0.671875 -1.328125 C 0.941406 -1.191406 1.269531 -1.066406 1.65625 -0.953125 C 2.039062 -0.835938 2.4375 -0.78125 2.84375 -0.78125 C 3.414062 -0.78125 3.828125 -0.867188 4.078125 -1.046875 C 4.335938 -1.234375 4.46875 -1.484375 4.46875 -1.796875 C 4.46875 -1.960938 4.421875 -2.113281 4.328125 -2.25 C 4.234375 -2.382812 4.0625 -2.519531 3.8125 -2.65625 C 3.570312 -2.789062 3.226562 -2.945312 2.78125 -3.125 C 2.332031 -3.289062 1.953125 -3.457031 1.640625 -3.625 C 1.328125 -3.800781 1.082031 -4.007812 0.90625 -4.25 C 0.738281 -4.488281 0.65625 -4.796875 0.65625 -5.171875 C 0.65625 -5.753906 0.890625 -6.203125 1.359375 -6.515625 C 1.835938 -6.828125 2.457031 -6.984375 3.21875 -6.984375 C 3.644531 -6.984375 4.035156 -6.941406 4.390625 -6.859375 C 4.753906 -6.785156 5.09375 -6.675781 5.40625 -6.53125 L 5.03125 -5.625 C 4.738281 -5.75 4.429688 -5.851562 4.109375 -5.9375 C 3.796875 -6.019531 3.472656 -6.0625 3.140625 -6.0625 C 2.679688 -6.0625 2.332031 -5.988281 2.09375 -5.84375 C 1.851562 -5.695312 1.734375 -5.492188 1.734375 -5.234375 C 1.734375 -5.046875 1.785156 -4.882812 1.890625 -4.75 C 2.003906 -4.625 2.191406 -4.5 2.453125 -4.375 C 2.710938 -4.25 3.0625 -4.097656 3.5 -3.921875 C 3.925781 -3.765625 4.289062 -3.597656 4.59375 -3.421875 C 4.90625 -3.253906 5.140625 -3.046875 5.296875 -2.796875 C 5.460938 -2.554688 5.546875 -2.253906 5.546875 -1.890625 Z M 5.546875 -1.890625 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-23">
+<path style="stroke:none;" d="M 2.203125 -4.640625 C 2.203125 -4.503906 2.191406 -4.328125 2.171875 -4.109375 C 2.160156 -3.890625 2.15625 -3.695312 2.15625 -3.53125 L 2.203125 -3.53125 C 2.253906 -3.601562 2.328125 -3.703125 2.421875 -3.828125 C 2.523438 -3.953125 2.628906 -4.082031 2.734375 -4.21875 C 2.847656 -4.351562 2.941406 -4.460938 3.015625 -4.546875 L 5.203125 -6.859375 L 6.53125 -6.859375 L 3.75 -3.921875 L 6.71875 0 L 5.359375 0 L 2.984375 -3.203125 L 2.203125 -2.515625 L 2.203125 0 L 1.09375 0 L 1.09375 -9.71875 L 2.203125 -9.71875 Z M 2.203125 -4.640625 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-24">
+<path style="stroke:none;" d="M 8.484375 0 L 7.140625 0 L 2.25 -7.59375 L 2.203125 -7.59375 C 2.222656 -7.289062 2.242188 -6.914062 2.265625 -6.46875 C 2.285156 -6.03125 2.296875 -5.578125 2.296875 -5.109375 L 2.296875 0 L 1.234375 0 L 1.234375 -9.140625 L 2.578125 -9.140625 L 7.453125 -1.578125 L 7.5 -1.578125 C 7.488281 -1.710938 7.476562 -1.914062 7.46875 -2.1875 C 7.457031 -2.457031 7.441406 -2.753906 7.421875 -3.078125 C 7.410156 -3.410156 7.40625 -3.710938 7.40625 -3.984375 L 7.40625 -9.140625 L 8.484375 -9.140625 Z M 8.484375 0 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-25">
+<path style="stroke:none;" d="M 5.515625 -3.875 C 5.398438 -4.226562 5.300781 -4.570312 5.21875 -4.90625 C 5.144531 -5.238281 5.085938 -5.5 5.046875 -5.6875 L 4.984375 -5.6875 C 4.953125 -5.5 4.894531 -5.238281 4.8125 -4.90625 C 4.738281 -4.570312 4.644531 -4.222656 4.53125 -3.859375 L 3.296875 -0.015625 L 2.015625 -0.015625 L 0.140625 -6.875 L 1.3125 -6.875 L 2.25 -3.21875 C 2.34375 -2.84375 2.429688 -2.46875 2.515625 -2.09375 C 2.609375 -1.71875 2.671875 -1.410156 2.703125 -1.171875 L 2.75 -1.171875 C 2.78125 -1.304688 2.816406 -1.476562 2.859375 -1.6875 C 2.910156 -1.90625 2.96875 -2.128906 3.03125 -2.359375 C 3.09375 -2.597656 3.15625 -2.8125 3.21875 -3 L 4.421875 -6.875 L 5.65625 -6.875 L 6.828125 -3 C 6.921875 -2.71875 7.015625 -2.40625 7.109375 -2.0625 C 7.203125 -1.71875 7.265625 -1.421875 7.296875 -1.171875 L 7.34375 -1.171875 C 7.375 -1.390625 7.429688 -1.6875 7.515625 -2.0625 C 7.609375 -2.4375 7.707031 -2.820312 7.8125 -3.21875 L 8.765625 -6.875 L 9.921875 -6.875 L 8.015625 -0.015625 L 6.6875 -0.015625 Z M 5.515625 -3.875 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-26">
+<path style="stroke:none;" d="M 3.84375 0.125 C 3.238281 0.125 2.695312 0.00390625 2.21875 -0.234375 C 1.75 -0.484375 1.378906 -0.867188 1.109375 -1.390625 C 0.835938 -1.910156 0.703125 -2.578125 0.703125 -3.390625 C 0.703125 -4.234375 0.84375 -4.921875 1.125 -5.453125 C 1.40625 -5.984375 1.785156 -6.367188 2.265625 -6.609375 C 2.753906 -6.859375 3.304688 -6.984375 3.921875 -6.984375 C 4.265625 -6.984375 4.597656 -6.945312 4.921875 -6.875 C 5.242188 -6.800781 5.507812 -6.710938 5.71875 -6.609375 L 5.375 -5.6875 C 5.164062 -5.757812 4.925781 -5.828125 4.65625 -5.890625 C 4.382812 -5.960938 4.128906 -6 3.890625 -6 C 2.546875 -6 1.875 -5.132812 1.875 -3.40625 C 1.875 -2.570312 2.035156 -1.9375 2.359375 -1.5 C 2.691406 -1.0625 3.179688 -0.84375 3.828125 -0.84375 C 4.203125 -0.84375 4.53125 -0.878906 4.8125 -0.953125 C 5.101562 -1.035156 5.367188 -1.128906 5.609375 -1.234375 L 5.609375 -0.25 C 5.378906 -0.125 5.125 -0.03125 4.84375 0.03125 C 4.5625 0.09375 4.226562 0.125 3.84375 0.125 Z M 3.84375 0.125 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-27">
+<path style="stroke:none;" d="M 4.625 -9.140625 L 1.234375 0 L 0.125 0 L 3.53125 -9.140625 Z M 4.625 -9.140625 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-28">
+<path style="stroke:none;" d="M 2.21875 0 L 1.09375 0 L 1.09375 -9.71875 L 2.21875 -9.71875 Z M 2.21875 0 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-29">
+<path style="stroke:none;" d="M 2.21875 -7.359375 C 2.21875 -7.066406 2.207031 -6.796875 2.1875 -6.546875 C 2.175781 -6.296875 2.164062 -6.097656 2.15625 -5.953125 L 2.21875 -5.953125 C 2.414062 -6.242188 2.679688 -6.484375 3.015625 -6.671875 C 3.359375 -6.867188 3.800781 -6.96875 4.34375 -6.96875 C 5.195312 -6.96875 5.878906 -6.671875 6.390625 -6.078125 C 6.910156 -5.492188 7.171875 -4.609375 7.171875 -3.421875 C 7.171875 -2.242188 6.910156 -1.359375 6.390625 -0.765625 C 5.867188 -0.171875 5.1875 0.125 4.34375 0.125 C 3.800781 0.125 3.359375 0.03125 3.015625 -0.15625 C 2.679688 -0.351562 2.414062 -0.59375 2.21875 -0.875 L 2.125 -0.875 L 1.890625 0 L 1.09375 0 L 1.09375 -9.71875 L 2.21875 -9.71875 Z M 4.140625 -6.046875 C 3.421875 -6.046875 2.921875 -5.832031 2.640625 -5.40625 C 2.359375 -4.988281 2.21875 -4.34375 2.21875 -3.46875 L 2.21875 -3.421875 C 2.21875 -2.578125 2.351562 -1.929688 2.625 -1.484375 C 2.90625 -1.035156 3.421875 -0.8125 4.171875 -0.8125 C 4.785156 -0.8125 5.242188 -1.035156 5.546875 -1.484375 C 5.847656 -1.929688 6 -2.582031 6 -3.4375 C 6 -5.175781 5.378906 -6.046875 4.140625 -6.046875 Z M 4.140625 -6.046875 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-30">
+<path style="stroke:none;" d="M 8.5625 -4.65625 C 8.5625 -3.113281 8.140625 -1.953125 7.296875 -1.171875 C 6.460938 -0.390625 5.289062 0 3.78125 0 L 1.234375 0 L 1.234375 -9.140625 L 4.0625 -9.140625 C 4.976562 -9.140625 5.769531 -8.96875 6.4375 -8.625 C 7.113281 -8.28125 7.632812 -7.773438 8 -7.109375 C 8.375 -6.453125 8.5625 -5.632812 8.5625 -4.65625 Z M 7.34375 -4.625 C 7.34375 -5.84375 7.039062 -6.734375 6.4375 -7.296875 C 5.84375 -7.867188 4.992188 -8.15625 3.890625 -8.15625 L 2.390625 -8.15625 L 2.390625 -0.984375 L 3.640625 -0.984375 C 6.109375 -0.984375 7.34375 -2.195312 7.34375 -4.625 Z M 7.34375 -4.625 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-31">
+<path style="stroke:none;" d="M 8.609375 -6.984375 C 9.390625 -6.984375 9.96875 -6.785156 10.34375 -6.390625 C 10.726562 -5.992188 10.921875 -5.351562 10.921875 -4.46875 L 10.921875 0 L 9.8125 0 L 9.8125 -4.421875 C 9.8125 -5.503906 9.347656 -6.046875 8.421875 -6.046875 C 7.753906 -6.046875 7.273438 -5.851562 6.984375 -5.46875 C 6.703125 -5.082031 6.5625 -4.519531 6.5625 -3.78125 L 6.5625 0 L 5.453125 0 L 5.453125 -4.421875 C 5.453125 -5.503906 4.984375 -6.046875 4.046875 -6.046875 C 3.347656 -6.046875 2.867188 -5.832031 2.609375 -5.40625 C 2.347656 -4.976562 2.21875 -4.363281 2.21875 -3.5625 L 2.21875 0 L 1.09375 0 L 1.09375 -6.859375 L 2 -6.859375 L 2.15625 -5.921875 L 2.234375 -5.921875 C 2.441406 -6.285156 2.726562 -6.550781 3.09375 -6.71875 C 3.457031 -6.894531 3.84375 -6.984375 4.25 -6.984375 C 5.320312 -6.984375 6.019531 -6.597656 6.34375 -5.828125 L 6.40625 -5.828125 C 6.632812 -6.222656 6.945312 -6.515625 7.34375 -6.703125 C 7.75 -6.890625 8.171875 -6.984375 8.609375 -6.984375 Z M 8.609375 -6.984375 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-32">
+<path style="stroke:none;" d="M 3.515625 -6.984375 C 3.972656 -6.984375 4.378906 -6.894531 4.734375 -6.71875 C 5.097656 -6.550781 5.410156 -6.296875 5.671875 -5.953125 L 5.734375 -5.953125 L 5.890625 -6.859375 L 6.78125 -6.859375 L 6.78125 0.109375 C 6.78125 1.097656 6.53125 1.835938 6.03125 2.328125 C 5.53125 2.828125 4.757812 3.078125 3.71875 3.078125 C 2.707031 3.078125 1.878906 2.929688 1.234375 2.640625 L 1.234375 1.59375 C 1.910156 1.957031 2.757812 2.140625 3.78125 2.140625 C 4.363281 2.140625 4.820312 1.960938 5.15625 1.609375 C 5.5 1.265625 5.671875 0.796875 5.671875 0.203125 L 5.671875 -0.0625 C 5.671875 -0.164062 5.671875 -0.3125 5.671875 -0.5 C 5.679688 -0.695312 5.691406 -0.832031 5.703125 -0.90625 L 5.65625 -0.90625 C 5.195312 -0.21875 4.488281 0.125 3.53125 0.125 C 2.644531 0.125 1.953125 -0.179688 1.453125 -0.796875 C 0.953125 -1.421875 0.703125 -2.296875 0.703125 -3.421875 C 0.703125 -4.515625 0.953125 -5.378906 1.453125 -6.015625 C 1.953125 -6.660156 2.640625 -6.984375 3.515625 -6.984375 Z M 3.671875 -6.046875 C 3.097656 -6.046875 2.65625 -5.816406 2.34375 -5.359375 C 2.03125 -4.898438 1.875 -4.25 1.875 -3.40625 C 1.875 -2.5625 2.023438 -1.914062 2.328125 -1.46875 C 2.640625 -1.019531 3.097656 -0.796875 3.703125 -0.796875 C 4.390625 -0.796875 4.890625 -0.976562 5.203125 -1.34375 C 5.523438 -1.71875 5.6875 -2.316406 5.6875 -3.140625 L 5.6875 -3.421875 C 5.6875 -4.359375 5.519531 -5.03125 5.1875 -5.4375 C 4.863281 -5.84375 4.359375 -6.046875 3.671875 -6.046875 Z M 3.671875 -6.046875 "/>
+</symbol>
+<symbol overflow="visible" id="glyph0-33">
+<path style="stroke:none;" d="M 3.859375 -9.140625 C 4.992188 -9.140625 5.851562 -8.96875 6.4375 -8.625 C 7.019531 -8.289062 7.3125 -7.707031 7.3125 -6.875 C 7.3125 -6.332031 7.160156 -5.882812 6.859375 -5.53125 C 6.566406 -5.175781 6.140625 -4.945312 5.578125 -4.84375 L 5.578125 -4.78125 C 5.960938 -4.726562 6.3125 -4.617188 6.625 -4.453125 C 6.9375 -4.285156 7.179688 -4.050781 7.359375 -3.75 C 7.535156 -3.457031 7.625 -3.070312 7.625 -2.59375 C 7.625 -1.769531 7.335938 -1.128906 6.765625 -0.671875 C 6.203125 -0.222656 5.429688 0 4.453125 0 L 1.234375 0 L 1.234375 -9.140625 Z M 4.078125 -5.25 C 4.867188 -5.25 5.40625 -5.375 5.6875 -5.625 C 5.976562 -5.875 6.125 -6.25 6.125 -6.75 C 6.125 -7.25 5.945312 -7.609375 5.59375 -7.828125 C 5.238281 -8.046875 4.675781 -8.15625 3.90625 -8.15625 L 2.390625 -8.15625 L 2.390625 -5.25 Z M 2.390625 -4.28125 L 2.390625 -0.96875 L 4.234375 -0.96875 C 5.046875 -0.96875 5.609375 -1.125 5.921875 -1.4375 C 6.242188 -1.757812 6.40625 -2.175781 6.40625 -2.6875 C 6.40625 -3.164062 6.238281 -3.550781 5.90625 -3.84375 C 5.570312 -4.132812 4.984375 -4.28125 4.140625 -4.28125 Z M 2.390625 -4.28125 "/>
+</symbol>
+<symbol overflow="visible" id="glyph1-0">
+<path style="stroke:none;" d="M 1.046875 0 L 1.046875 -8 L 5.65625 -8 L 5.65625 0 Z M 1.625 -0.578125 L 5.09375 -0.578125 L 5.09375 -7.421875 L 1.625 -7.421875 Z M 1.625 -0.578125 "/>
+</symbol>
+<symbol overflow="visible" id="glyph1-1">
+<path style="stroke:none;" d="M 7.5 -4.078125 C 7.5 -2.722656 7.128906 -1.703125 6.390625 -1.015625 C 5.648438 -0.335938 4.625 0 3.3125 0 L 1.09375 0 L 1.09375 -8 L 3.546875 -8 C 4.359375 -8 5.054688 -7.847656 5.640625 -7.546875 C 6.234375 -7.253906 6.691406 -6.816406 7.015625 -6.234375 C 7.335938 -5.648438 7.5 -4.929688 7.5 -4.078125 Z M 6.4375 -4.046875 C 6.4375 -5.109375 6.171875 -5.890625 5.640625 -6.390625 C 5.109375 -6.890625 4.363281 -7.140625 3.40625 -7.140625 L 2.09375 -7.140625 L 2.09375 -0.859375 L 3.1875 -0.859375 C 5.351562 -0.859375 6.4375 -1.921875 6.4375 -4.046875 Z M 6.4375 -4.046875 "/>
+</symbol>
+<symbol overflow="visible" id="glyph1-2">
+<path style="stroke:none;" d="M 1.453125 -8.25 C 1.609375 -8.25 1.742188 -8.195312 1.859375 -8.09375 C 1.972656 -8 2.03125 -7.84375 2.03125 -7.625 C 2.03125 -7.414062 1.972656 -7.257812 1.859375 -7.15625 C 1.742188 -7.050781 1.609375 -7 1.453125 -7 C 1.285156 -7 1.144531 -7.050781 1.03125 -7.15625 C 0.925781 -7.257812 0.875 -7.414062 0.875 -7.625 C 0.875 -7.84375 0.925781 -8 1.03125 -8.09375 C 1.144531 -8.195312 1.285156 -8.25 1.453125 -8.25 Z M 1.9375 -6 L 1.9375 0 L 0.953125 0 L 0.953125 -6 Z M 1.9375 -6 "/>
+</symbol>
+<symbol overflow="visible" id="glyph1-3">
+<path style="stroke:none;" d="M 4.859375 -1.65625 C 4.859375 -1.070312 4.640625 -0.628906 4.203125 -0.328125 C 3.773438 -0.0351562 3.195312 0.109375 2.46875 0.109375 C 2.050781 0.109375 1.691406 0.0703125 1.390625 0 C 1.085938 -0.0625 0.816406 -0.148438 0.578125 -0.265625 L 0.578125 -1.171875 C 0.816406 -1.046875 1.101562 -0.929688 1.4375 -0.828125 C 1.78125 -0.734375 2.128906 -0.6875 2.484375 -0.6875 C 2.984375 -0.6875 3.34375 -0.765625 3.5625 -0.921875 C 3.789062 -1.085938 3.90625 -1.300781 3.90625 -1.5625 C 3.90625 -1.71875 3.863281 -1.851562 3.78125 -1.96875 C 3.695312 -2.09375 3.550781 -2.210938 3.34375 -2.328125 C 3.132812 -2.453125 2.832031 -2.585938 2.4375 -2.734375 C 2.039062 -2.878906 1.703125 -3.023438 1.421875 -3.171875 C 1.148438 -3.328125 0.941406 -3.507812 0.796875 -3.71875 C 0.648438 -3.925781 0.578125 -4.195312 0.578125 -4.53125 C 0.578125 -5.03125 0.78125 -5.414062 1.1875 -5.6875 C 1.601562 -5.96875 2.148438 -6.109375 2.828125 -6.109375 C 3.191406 -6.109375 3.53125 -6.070312 3.84375 -6 C 4.164062 -5.9375 4.460938 -5.84375 4.734375 -5.71875 L 4.40625 -4.921875 C 4.144531 -5.035156 3.875 -5.128906 3.59375 -5.203125 C 3.320312 -5.273438 3.039062 -5.3125 2.75 -5.3125 C 2.351562 -5.3125 2.046875 -5.242188 1.828125 -5.109375 C 1.617188 -4.984375 1.515625 -4.804688 1.515625 -4.578125 C 1.515625 -4.410156 1.5625 -4.269531 1.65625 -4.15625 C 1.75 -4.039062 1.910156 -3.925781 2.140625 -3.8125 C 2.367188 -3.707031 2.675781 -3.582031 3.0625 -3.4375 C 3.4375 -3.289062 3.757812 -3.144531 4.03125 -3 C 4.300781 -2.851562 4.503906 -2.671875 4.640625 -2.453125 C 4.785156 -2.242188 4.859375 -1.976562 4.859375 -1.65625 Z M 4.859375 -1.65625 "/>
+</symbol>
+<symbol overflow="visible" id="glyph1-4">
+<path style="stroke:none;" d="M 3.265625 -6.109375 C 3.785156 -6.109375 4.226562 -5.992188 4.59375 -5.765625 C 4.96875 -5.546875 5.253906 -5.234375 5.453125 -4.828125 C 5.648438 -4.421875 5.75 -3.945312 5.75 -3.40625 L 5.75 -2.8125 L 1.640625 -2.8125 C 1.648438 -2.132812 1.820312 -1.617188 2.15625 -1.265625 C 2.488281 -0.910156 2.953125 -0.734375 3.546875 -0.734375 C 3.929688 -0.734375 4.269531 -0.765625 4.5625 -0.828125 C 4.851562 -0.898438 5.160156 -1.003906 5.484375 -1.140625 L 5.484375 -0.28125 C 5.171875 -0.144531 4.863281 -0.046875 4.5625 0.015625 C 4.269531 0.078125 3.914062 0.109375 3.5 0.109375 C 2.9375 0.109375 2.4375 -0.00390625 2 -0.234375 C 1.5625 -0.460938 1.21875 -0.804688 0.96875 -1.265625 C 0.726562 -1.722656 0.609375 -2.285156 0.609375 -2.953125 C 0.609375 -3.609375 0.71875 -4.171875 0.9375 -4.640625 C 1.164062 -5.117188 1.476562 -5.484375 1.875 -5.734375 C 2.269531 -5.984375 2.734375 -6.109375 3.265625 -6.109375 Z M 3.265625 -5.3125 C 2.785156 -5.3125 2.410156 -5.160156 2.140625 -4.859375 C 1.867188 -4.554688 1.707031 -4.132812 1.65625 -3.59375 L 4.71875 -3.59375 C 4.707031 -4.101562 4.585938 -4.515625 4.359375 -4.828125 C 4.128906 -5.148438 3.765625 -5.3125 3.265625 -5.3125 Z M 3.265625 -5.3125 "/>
+</symbol>
+<symbol overflow="visible" id="glyph1-5">
+<path style="stroke:none;" d="M 3.359375 0.109375 C 2.828125 0.109375 2.351562 0.00390625 1.9375 -0.203125 C 1.53125 -0.421875 1.207031 -0.757812 0.96875 -1.21875 C 0.726562 -1.675781 0.609375 -2.257812 0.609375 -2.96875 C 0.609375 -3.707031 0.734375 -4.304688 0.984375 -4.765625 C 1.234375 -5.234375 1.566406 -5.570312 1.984375 -5.78125 C 2.410156 -6 2.890625 -6.109375 3.421875 -6.109375 C 3.734375 -6.109375 4.03125 -6.078125 4.3125 -6.015625 C 4.59375 -5.953125 4.820312 -5.878906 5 -5.796875 L 4.703125 -4.96875 C 4.523438 -5.039062 4.316406 -5.101562 4.078125 -5.15625 C 3.835938 -5.21875 3.613281 -5.25 3.40625 -5.25 C 2.226562 -5.25 1.640625 -4.492188 1.640625 -2.984375 C 1.640625 -2.253906 1.78125 -1.695312 2.0625 -1.3125 C 2.351562 -0.925781 2.78125 -0.734375 3.34375 -0.734375 C 3.675781 -0.734375 3.96875 -0.765625 4.21875 -0.828125 C 4.46875 -0.898438 4.695312 -0.988281 4.90625 -1.09375 L 4.90625 -0.21875 C 4.707031 -0.113281 4.484375 -0.0351562 4.234375 0.015625 C 3.992188 0.078125 3.703125 0.109375 3.359375 0.109375 Z M 3.359375 0.109375 "/>
+</symbol>
+<symbol overflow="visible" id="glyph1-6">
+<path style="stroke:none;" d="M 2.953125 -0.6875 C 3.109375 -0.6875 3.265625 -0.695312 3.421875 -0.71875 C 3.578125 -0.75 3.703125 -0.78125 3.796875 -0.8125 L 3.796875 -0.0625 C 3.691406 -0.0078125 3.539062 0.03125 3.34375 0.0625 C 3.15625 0.09375 2.972656 0.109375 2.796875 0.109375 C 2.472656 0.109375 2.179688 0.0546875 1.921875 -0.046875 C 1.660156 -0.160156 1.445312 -0.347656 1.28125 -0.609375 C 1.113281 -0.878906 1.03125 -1.257812 1.03125 -1.75 L 1.03125 -5.25 L 0.171875 -5.25 L 0.171875 -5.71875 L 1.046875 -6.109375 L 1.4375 -7.375 L 2.015625 -7.375 L 2.015625 -6 L 3.75 -6 L 3.75 -5.25 L 2.015625 -5.25 L 2.015625 -1.765625 C 2.015625 -1.398438 2.101562 -1.128906 2.28125 -0.953125 C 2.457031 -0.773438 2.679688 -0.6875 2.953125 -0.6875 Z M 2.953125 -0.6875 "/>
+</symbol>
+<symbol overflow="visible" id="glyph1-7">
+<path style="stroke:none;" d="M 6.171875 -3.015625 C 6.171875 -2.023438 5.914062 -1.253906 5.40625 -0.703125 C 4.90625 -0.160156 4.226562 0.109375 3.375 0.109375 C 2.84375 0.109375 2.367188 -0.0078125 1.953125 -0.25 C 1.535156 -0.488281 1.207031 -0.84375 0.96875 -1.3125 C 0.726562 -1.78125 0.609375 -2.347656 0.609375 -3.015625 C 0.609375 -4.003906 0.859375 -4.765625 1.359375 -5.296875 C 1.867188 -5.835938 2.550781 -6.109375 3.40625 -6.109375 C 3.945312 -6.109375 4.425781 -5.988281 4.84375 -5.75 C 5.257812 -5.507812 5.582031 -5.160156 5.8125 -4.703125 C 6.050781 -4.242188 6.171875 -3.679688 6.171875 -3.015625 Z M 1.640625 -3.015625 C 1.640625 -2.304688 1.773438 -1.742188 2.046875 -1.328125 C 2.328125 -0.910156 2.773438 -0.703125 3.390625 -0.703125 C 3.992188 -0.703125 4.4375 -0.910156 4.71875 -1.328125 C 5.007812 -1.742188 5.15625 -2.304688 5.15625 -3.015625 C 5.15625 -3.722656 5.007812 -4.273438 4.71875 -4.671875 C 4.4375 -5.078125 3.992188 -5.28125 3.390625 -5.28125 C 2.773438 -5.28125 2.328125 -5.078125 2.046875 -4.671875 C 1.773438 -4.273438 1.640625 -3.722656 1.640625 -3.015625 Z M 1.640625 -3.015625 "/>
+</symbol>
+<symbol overflow="visible" id="glyph1-8">
+<path style="stroke:none;" d="M 3.75 -6.109375 C 3.863281 -6.109375 3.984375 -6.101562 4.109375 -6.09375 C 4.242188 -6.082031 4.359375 -6.066406 4.453125 -6.046875 L 4.328125 -5.140625 C 4.234375 -5.160156 4.128906 -5.175781 4.015625 -5.1875 C 3.898438 -5.207031 3.789062 -5.21875 3.6875 -5.21875 C 3.375 -5.21875 3.082031 -5.132812 2.8125 -4.96875 C 2.550781 -4.800781 2.335938 -4.566406 2.171875 -4.265625 C 2.015625 -3.960938 1.9375 -3.609375 1.9375 -3.203125 L 1.9375 0 L 0.953125 0 L 0.953125 -6 L 1.765625 -6 L 1.875 -4.90625 L 1.921875 -4.90625 C 2.109375 -5.238281 2.351562 -5.519531 2.65625 -5.75 C 2.96875 -5.988281 3.332031 -6.109375 3.75 -6.109375 Z M 3.75 -6.109375 "/>
+</symbol>
+<symbol overflow="visible" id="glyph1-9">
+<path style="stroke:none;" d="M 0.453125 -2.5625 L 0.453125 -3.4375 L 3.15625 -3.4375 L 3.15625 -2.5625 Z M 0.453125 -2.5625 "/>
+</symbol>
+<symbol overflow="visible" id="glyph1-10">
+<path style="stroke:none;" d="M 3.203125 -8 C 4.242188 -8 5.003906 -7.789062 5.484375 -7.375 C 5.960938 -6.96875 6.203125 -6.390625 6.203125 -5.640625 C 6.203125 -5.203125 6.101562 -4.789062 5.90625 -4.40625 C 5.707031 -4.019531 5.375 -3.707031 4.90625 -3.46875 C 4.445312 -3.226562 3.816406 -3.109375 3.015625 -3.109375 L 2.09375 -3.109375 L 2.09375 0 L 1.09375 0 L 1.09375 -8 Z M 3.109375 -7.140625 L 2.09375 -7.140625 L 2.09375 -3.984375 L 2.90625 -3.984375 C 3.664062 -3.984375 4.234375 -4.101562 4.609375 -4.34375 C 4.984375 -4.59375 5.171875 -5.007812 5.171875 -5.59375 C 5.171875 -6.113281 5.003906 -6.5 4.671875 -6.75 C 4.335938 -7.007812 3.816406 -7.140625 3.109375 -7.140625 Z M 3.109375 -7.140625 "/>
+</symbol>
+<symbol overflow="visible" id="glyph1-11">
+<path style="stroke:none;" d="M 1.9375 0 L 0.953125 0 L 0.953125 -8.515625 L 1.9375 -8.515625 Z M 1.9375 0 "/>
+</symbol>
+<symbol overflow="visible" id="glyph1-12">
+<path style="stroke:none;" d="M 5.96875 -6 L 5.96875 0 L 5.171875 0 L 5.015625 -0.796875 L 4.96875 -0.796875 C 4.78125 -0.484375 4.515625 -0.253906 4.171875 -0.109375 C 3.828125 0.0351562 3.457031 0.109375 3.0625 0.109375 C 2.34375 0.109375 1.800781 -0.0625 1.4375 -0.40625 C 1.070312 -0.757812 0.890625 -1.316406 0.890625 -2.078125 L 0.890625 -6 L 1.875 -6 L 1.875 -2.140625 C 1.875 -1.179688 2.320312 -0.703125 3.21875 -0.703125 C 3.882812 -0.703125 4.34375 -0.890625 4.59375 -1.265625 C 4.851562 -1.640625 4.984375 -2.175781 4.984375 -2.875 L 4.984375 -6 Z M 5.96875 -6 "/>
+</symbol>
+<symbol overflow="visible" id="glyph1-13">
+<path style="stroke:none;" d="M 3.078125 -6.109375 C 3.472656 -6.109375 3.828125 -6.035156 4.140625 -5.890625 C 4.460938 -5.742188 4.738281 -5.515625 4.96875 -5.203125 L 5.015625 -5.203125 L 5.15625 -6 L 5.9375 -6 L 5.9375 0.09375 C 5.9375 0.957031 5.71875 1.601562 5.28125 2.03125 C 4.84375 2.46875 4.164062 2.6875 3.25 2.6875 C 2.363281 2.6875 1.644531 2.5625 1.09375 2.3125 L 1.09375 1.40625 C 1.675781 1.71875 2.414062 1.875 3.3125 1.875 C 3.820312 1.875 4.222656 1.722656 4.515625 1.421875 C 4.816406 1.117188 4.96875 0.703125 4.96875 0.171875 L 4.96875 -0.0625 C 4.96875 -0.144531 4.96875 -0.269531 4.96875 -0.4375 C 4.976562 -0.601562 4.988281 -0.722656 5 -0.796875 L 4.953125 -0.796875 C 4.546875 -0.191406 3.925781 0.109375 3.09375 0.109375 C 2.3125 0.109375 1.703125 -0.160156 1.265625 -0.703125 C 0.828125 -1.253906 0.609375 -2.015625 0.609375 -2.984375 C 0.609375 -3.941406 0.828125 -4.703125 1.265625 -5.265625 C 1.703125 -5.828125 2.304688 -6.109375 3.078125 -6.109375 Z M 3.21875 -5.28125 C 2.71875 -5.28125 2.328125 -5.082031 2.046875 -4.6875 C 1.773438 -4.289062 1.640625 -3.722656 1.640625 -2.984375 C 1.640625 -2.242188 1.773438 -1.675781 2.046875 -1.28125 C 2.316406 -0.882812 2.710938 -0.6875 3.234375 -0.6875 C 3.835938 -0.6875 4.273438 -0.847656 4.546875 -1.171875 C 4.828125 -1.503906 4.96875 -2.03125 4.96875 -2.75 L 4.96875 -2.984375 C 4.96875 -3.804688 4.828125 -4.394531 4.546875 -4.75 C 4.265625 -5.101562 3.820312 -5.28125 3.21875 -5.28125 Z M 3.21875 -5.28125 "/>
+</symbol>
+<symbol overflow="visible" id="glyph1-14">
+<path style="stroke:none;" d="M 3.84375 -6.109375 C 4.5625 -6.109375 5.101562 -5.9375 5.46875 -5.59375 C 5.832031 -5.25 6.015625 -4.6875 6.015625 -3.90625 L 6.015625 0 L 5.046875 0 L 5.046875 -3.84375 C 5.046875 -4.800781 4.597656 -5.28125 3.703125 -5.28125 C 3.035156 -5.28125 2.570312 -5.09375 2.3125 -4.71875 C 2.0625 -4.351562 1.9375 -3.816406 1.9375 -3.109375 L 1.9375 0 L 0.953125 0 L 0.953125 -6 L 1.75 -6 L 1.890625 -5.1875 L 1.953125 -5.1875 C 2.140625 -5.5 2.40625 -5.726562 2.75 -5.875 C 3.09375 -6.03125 3.457031 -6.109375 3.84375 -6.109375 Z M 3.84375 -6.109375 "/>
+</symbol>
+<symbol overflow="visible" id="glyph1-15">
+<path style="stroke:none;" d="M 3.8125 -6.109375 C 4.550781 -6.109375 5.144531 -5.851562 5.59375 -5.34375 C 6.050781 -4.832031 6.28125 -4.054688 6.28125 -3.015625 C 6.28125 -1.992188 6.050781 -1.21875 5.59375 -0.6875 C 5.144531 -0.15625 4.546875 0.109375 3.796875 0.109375 C 3.335938 0.109375 2.957031 0.0195312 2.65625 -0.15625 C 2.351562 -0.332031 2.113281 -0.535156 1.9375 -0.765625 L 1.875 -0.765625 C 1.882812 -0.640625 1.894531 -0.476562 1.90625 -0.28125 C 1.925781 -0.0820312 1.9375 0.0820312 1.9375 0.21875 L 1.9375 2.6875 L 0.953125 2.6875 L 0.953125 -6 L 1.765625 -6 L 1.890625 -5.1875 L 1.9375 -5.1875 C 2.113281 -5.445312 2.347656 -5.664062 2.640625 -5.84375 C 2.929688 -6.019531 3.320312 -6.109375 3.8125 -6.109375 Z M 3.625 -5.28125 C 3.019531 -5.28125 2.585938 -5.109375 2.328125 -4.765625 C 2.078125 -4.421875 1.945312 -3.898438 1.9375 -3.203125 L 1.9375 -3.015625 C 1.9375 -2.273438 2.054688 -1.703125 2.296875 -1.296875 C 2.546875 -0.898438 3 -0.703125 3.65625 -0.703125 C 4.019531 -0.703125 4.316406 -0.800781 4.546875 -1 C 4.785156 -1.207031 4.960938 -1.484375 5.078125 -1.828125 C 5.191406 -2.179688 5.25 -2.582031 5.25 -3.03125 C 5.25 -3.71875 5.113281 -4.265625 4.84375 -4.671875 C 4.582031 -5.078125 4.175781 -5.28125 3.625 -5.28125 Z M 3.625 -5.28125 "/>
+</symbol>
+<symbol overflow="visible" id="glyph1-16">
+<path style="stroke:none;" d="M 3.21875 -6.109375 C 3.957031 -6.109375 4.5 -5.945312 4.84375 -5.625 C 5.195312 -5.300781 5.375 -4.789062 5.375 -4.09375 L 5.375 0 L 4.65625 0 L 4.46875 -0.84375 L 4.421875 -0.84375 C 4.160156 -0.519531 3.882812 -0.28125 3.59375 -0.125 C 3.3125 0.03125 2.914062 0.109375 2.40625 0.109375 C 1.863281 0.109375 1.410156 -0.03125 1.046875 -0.3125 C 0.691406 -0.601562 0.515625 -1.054688 0.515625 -1.671875 C 0.515625 -2.265625 0.75 -2.722656 1.21875 -3.046875 C 1.6875 -3.378906 2.410156 -3.554688 3.390625 -3.578125 L 4.40625 -3.625 L 4.40625 -3.984375 C 4.40625 -4.484375 4.296875 -4.828125 4.078125 -5.015625 C 3.867188 -5.210938 3.566406 -5.3125 3.171875 -5.3125 C 2.859375 -5.3125 2.554688 -5.265625 2.265625 -5.171875 C 1.984375 -5.078125 1.722656 -4.96875 1.484375 -4.84375 L 1.171875 -5.59375 C 1.429688 -5.726562 1.738281 -5.847656 2.09375 -5.953125 C 2.457031 -6.054688 2.832031 -6.109375 3.21875 -6.109375 Z M 3.515625 -2.90625 C 2.765625 -2.875 2.242188 -2.753906 1.953125 -2.546875 C 1.671875 -2.335938 1.53125 -2.039062 1.53125 -1.65625 C 1.53125 -1.320312 1.632812 -1.078125 1.84375 -0.921875 C 2.050781 -0.765625 2.3125 -0.6875 2.625 -0.6875 C 3.132812 -0.6875 3.554688 -0.828125 3.890625 -1.109375 C 4.234375 -1.390625 4.40625 -1.816406 4.40625 -2.390625 L 4.40625 -2.9375 Z M 3.515625 -2.90625 "/>
+</symbol>
+<symbol overflow="visible" id="glyph1-17">
+<path style="stroke:none;" d="M 0.015625 -6 L 1.0625 -6 L 2.359375 -2.59375 C 2.472656 -2.289062 2.570312 -2.003906 2.65625 -1.734375 C 2.75 -1.460938 2.820312 -1.203125 2.875 -0.953125 L 2.90625 -0.953125 C 2.957031 -1.140625 3.03125 -1.382812 3.125 -1.6875 C 3.21875 -1.988281 3.316406 -2.289062 3.421875 -2.59375 L 4.65625 -6 L 5.71875 -6 L 3.125 0.828125 C 2.914062 1.398438 2.644531 1.851562 2.3125 2.1875 C 1.976562 2.519531 1.519531 2.6875 0.9375 2.6875 C 0.757812 2.6875 0.601562 2.675781 0.46875 2.65625 C 0.332031 2.632812 0.21875 2.613281 0.125 2.59375 L 0.125 1.8125 C 0.207031 1.832031 0.304688 1.847656 0.421875 1.859375 C 0.535156 1.867188 0.65625 1.875 0.78125 1.875 C 1.125 1.875 1.398438 1.773438 1.609375 1.578125 C 1.828125 1.390625 2 1.132812 2.125 0.8125 L 2.4375 0.015625 Z M 0.015625 -6 "/>
+</symbol>
+<symbol overflow="visible" id="glyph1-18">
+<path style="stroke:none;" d="M 2.09375 0 L 1.09375 0 L 1.09375 -8 L 5.5625 -8 L 5.5625 -7.109375 L 2.09375 -7.109375 L 2.09375 -4.28125 L 5.34375 -4.28125 L 5.34375 -3.390625 L 2.09375 -3.390625 Z M 2.09375 0 "/>
+</symbol>
+<symbol overflow="visible" id="glyph1-19">
+<path style="stroke:none;" d="M 3.625 0 L 2.609375 0 L 2.609375 -7.109375 L 0.109375 -7.109375 L 0.109375 -8 L 6.109375 -8 L 6.109375 -7.109375 L 3.625 -7.109375 Z M 3.625 0 "/>
+</symbol>
+<symbol overflow="visible" id="glyph1-20">
+<path style="stroke:none;" d="M 4.515625 -7.21875 C 3.648438 -7.21875 2.972656 -6.929688 2.484375 -6.359375 C 1.992188 -5.785156 1.75 -5 1.75 -4 C 1.75 -3.007812 1.976562 -2.222656 2.4375 -1.640625 C 2.894531 -1.054688 3.582031 -0.765625 4.5 -0.765625 C 4.851562 -0.765625 5.1875 -0.796875 5.5 -0.859375 C 5.8125 -0.921875 6.117188 -1 6.421875 -1.09375 L 6.421875 -0.21875 C 6.117188 -0.101562 5.804688 -0.0195312 5.484375 0.03125 C 5.171875 0.0820312 4.796875 0.109375 4.359375 0.109375 C 3.546875 0.109375 2.863281 -0.0546875 2.3125 -0.390625 C 1.769531 -0.722656 1.363281 -1.195312 1.09375 -1.8125 C 0.820312 -2.4375 0.6875 -3.171875 0.6875 -4.015625 C 0.6875 -4.816406 0.832031 -5.523438 1.125 -6.140625 C 1.414062 -6.753906 1.847656 -7.234375 2.421875 -7.578125 C 3.003906 -7.929688 3.707031 -8.109375 4.53125 -8.109375 C 5.375 -8.109375 6.109375 -7.953125 6.734375 -7.640625 L 6.328125 -6.78125 C 6.078125 -6.894531 5.800781 -6.992188 5.5 -7.078125 C 5.195312 -7.171875 4.867188 -7.21875 4.515625 -7.21875 Z M 4.515625 -7.21875 "/>
+</symbol>
+<symbol overflow="visible" id="glyph2-0">
+<path style="stroke:none;" d="M 1.5 0 L 1.5 -11.421875 L 8.078125 -11.421875 L 8.078125 0 Z M 2.3125 -0.8125 L 7.265625 -0.8125 L 7.265625 -10.609375 L 2.3125 -10.609375 Z M 2.3125 -0.8125 "/>
+</symbol>
+<symbol overflow="visible" id="glyph2-1">
+<path style="stroke:none;" d="M 15.46875 -11.421875 L 12.5625 0 L 9.8125 0 L 8.25 -6 C 8.21875 -6.113281 8.175781 -6.285156 8.125 -6.515625 C 8.082031 -6.753906 8.03125 -7.015625 7.96875 -7.296875 C 7.914062 -7.578125 7.867188 -7.84375 7.828125 -8.09375 C 7.785156 -8.34375 7.753906 -8.535156 7.734375 -8.671875 C 7.722656 -8.535156 7.691406 -8.34375 7.640625 -8.09375 C 7.585938 -7.84375 7.535156 -7.578125 7.484375 -7.296875 C 7.429688 -7.023438 7.378906 -6.769531 7.328125 -6.53125 C 7.273438 -6.289062 7.234375 -6.109375 7.203125 -5.984375 L 5.65625 0 L 2.90625 0 L 0 -11.421875 L 2.390625 -11.421875 L 3.84375 -5.1875 C 3.90625 -4.9375 3.972656 -4.625 4.046875 -4.25 C 4.117188 -3.882812 4.1875 -3.515625 4.25 -3.140625 C 4.320312 -2.765625 4.375 -2.445312 4.40625 -2.1875 C 4.4375 -2.457031 4.484375 -2.773438 4.546875 -3.140625 C 4.609375 -3.515625 4.671875 -3.875 4.734375 -4.21875 C 4.804688 -4.5625 4.867188 -4.832031 4.921875 -5.03125 L 6.59375 -11.421875 L 8.875 -11.421875 L 10.546875 -5.03125 C 10.597656 -4.84375 10.65625 -4.570312 10.71875 -4.21875 C 10.789062 -3.875 10.859375 -3.515625 10.921875 -3.140625 C 10.992188 -2.765625 11.046875 -2.445312 11.078125 -2.1875 C 11.109375 -2.457031 11.15625 -2.773438 11.21875 -3.140625 C 11.28125 -3.515625 11.347656 -3.882812 11.421875 -4.25 C 11.503906 -4.625 11.570312 -4.9375 11.625 -5.1875 L 13.09375 -11.421875 Z M 15.46875 -11.421875 "/>
+</symbol>
+<symbol overflow="visible" id="glyph2-2">
+<path style="stroke:none;" d="M 2.453125 -12.15625 C 2.796875 -12.15625 3.097656 -12.070312 3.359375 -11.90625 C 3.617188 -11.738281 3.75 -11.429688 3.75 -10.984375 C 3.75 -10.554688 3.617188 -10.253906 3.359375 -10.078125 C 3.097656 -9.910156 2.796875 -9.828125 2.453125 -9.828125 C 2.085938 -9.828125 1.78125 -9.910156 1.53125 -10.078125 C 1.28125 -10.253906 1.15625 -10.554688 1.15625 -10.984375 C 1.15625 -11.429688 1.28125 -11.738281 1.53125 -11.90625 C 1.78125 -12.070312 2.085938 -12.15625 2.453125 -12.15625 Z M 3.625 -8.734375 L 3.625 0 L 1.25 0 L 1.25 -8.734375 Z M 3.625 -8.734375 "/>
+</symbol>
+<symbol overflow="visible" id="glyph2-3">
+<path style="stroke:none;" d="M 6.125 -8.890625 C 6.238281 -8.890625 6.375 -8.882812 6.53125 -8.875 C 6.695312 -8.863281 6.828125 -8.847656 6.921875 -8.828125 L 6.75 -6.59375 C 6.675781 -6.613281 6.566406 -6.628906 6.421875 -6.640625 C 6.273438 -6.660156 6.148438 -6.671875 6.046875 -6.671875 C 5.640625 -6.671875 5.25 -6.597656 4.875 -6.453125 C 4.5 -6.304688 4.195312 -6.070312 3.96875 -5.75 C 3.738281 -5.4375 3.625 -5.003906 3.625 -4.453125 L 3.625 0 L 1.25 0 L 1.25 -8.734375 L 3.0625 -8.734375 L 3.40625 -7.265625 L 3.515625 -7.265625 C 3.773438 -7.710938 4.128906 -8.09375 4.578125 -8.40625 C 5.023438 -8.726562 5.539062 -8.890625 6.125 -8.890625 Z M 6.125 -8.890625 "/>
+</symbol>
+<symbol overflow="visible" id="glyph2-4">
+<path style="stroke:none;" d="M 4.84375 -8.890625 C 6.050781 -8.890625 7.003906 -8.546875 7.703125 -7.859375 C 8.410156 -7.171875 8.765625 -6.191406 8.765625 -4.921875 L 8.765625 -3.78125 L 3.140625 -3.78125 C 3.160156 -3.101562 3.359375 -2.570312 3.734375 -2.1875 C 4.109375 -1.800781 4.632812 -1.609375 5.3125 -1.609375 C 5.875 -1.609375 6.382812 -1.664062 6.84375 -1.78125 C 7.300781 -1.894531 7.773438 -2.066406 8.265625 -2.296875 L 8.265625 -0.46875 C 7.835938 -0.25 7.382812 -0.09375 6.90625 0 C 6.4375 0.101562 5.867188 0.15625 5.203125 0.15625 C 4.328125 0.15625 3.550781 -0.00390625 2.875 -0.328125 C 2.207031 -0.648438 1.679688 -1.140625 1.296875 -1.796875 C 0.910156 -2.460938 0.71875 -3.296875 0.71875 -4.296875 C 0.71875 -5.328125 0.890625 -6.179688 1.234375 -6.859375 C 1.585938 -7.535156 2.070312 -8.039062 2.6875 -8.375 C 3.300781 -8.71875 4.019531 -8.890625 4.84375 -8.890625 Z M 4.859375 -7.203125 C 4.398438 -7.203125 4.019531 -7.050781 3.71875 -6.75 C 3.414062 -6.445312 3.238281 -5.984375 3.1875 -5.359375 L 6.53125 -5.359375 C 6.519531 -5.890625 6.378906 -6.328125 6.109375 -6.671875 C 5.847656 -7.023438 5.429688 -7.203125 4.859375 -7.203125 Z M 4.859375 -7.203125 "/>
+</symbol>
+<symbol overflow="visible" id="glyph2-5">
+<path style="stroke:none;" d="M 7.34375 -2.59375 C 7.34375 -1.707031 7.03125 -1.023438 6.40625 -0.546875 C 5.78125 -0.078125 4.847656 0.15625 3.609375 0.15625 C 3.003906 0.15625 2.484375 0.113281 2.046875 0.03125 C 1.609375 -0.0390625 1.171875 -0.171875 0.734375 -0.359375 L 0.734375 -2.3125 C 1.203125 -2.101562 1.707031 -1.925781 2.25 -1.78125 C 2.800781 -1.644531 3.285156 -1.578125 3.703125 -1.578125 C 4.171875 -1.578125 4.5 -1.644531 4.6875 -1.78125 C 4.882812 -1.925781 4.984375 -2.113281 4.984375 -2.34375 C 4.984375 -2.488281 4.941406 -2.617188 4.859375 -2.734375 C 4.785156 -2.847656 4.613281 -2.976562 4.34375 -3.125 C 4.082031 -3.28125 3.671875 -3.476562 3.109375 -3.71875 C 2.554688 -3.945312 2.101562 -4.175781 1.75 -4.40625 C 1.40625 -4.632812 1.144531 -4.910156 0.96875 -5.234375 C 0.800781 -5.566406 0.71875 -5.976562 0.71875 -6.46875 C 0.71875 -7.28125 1.03125 -7.882812 1.65625 -8.28125 C 2.289062 -8.6875 3.128906 -8.890625 4.171875 -8.890625 C 4.710938 -8.890625 5.226562 -8.835938 5.71875 -8.734375 C 6.21875 -8.628906 6.726562 -8.453125 7.25 -8.203125 L 6.53125 -6.5 C 6.101562 -6.675781 5.695312 -6.828125 5.3125 -6.953125 C 4.925781 -7.078125 4.535156 -7.140625 4.140625 -7.140625 C 3.441406 -7.140625 3.09375 -6.945312 3.09375 -6.5625 C 3.09375 -6.425781 3.132812 -6.300781 3.21875 -6.1875 C 3.3125 -6.070312 3.488281 -5.945312 3.75 -5.8125 C 4.007812 -5.6875 4.394531 -5.519531 4.90625 -5.3125 C 5.40625 -5.113281 5.835938 -4.90625 6.203125 -4.6875 C 6.566406 -4.46875 6.847656 -4.191406 7.046875 -3.859375 C 7.242188 -3.535156 7.34375 -3.113281 7.34375 -2.59375 Z M 7.34375 -2.59375 "/>
+</symbol>
+<symbol overflow="visible" id="glyph2-6">
+<path style="stroke:none;" d="M 3.625 -9.6875 C 3.625 -9.257812 3.609375 -8.847656 3.578125 -8.453125 C 3.554688 -8.054688 3.535156 -7.773438 3.515625 -7.609375 L 3.640625 -7.609375 C 3.921875 -8.054688 4.28125 -8.378906 4.71875 -8.578125 C 5.15625 -8.785156 5.640625 -8.890625 6.171875 -8.890625 C 7.117188 -8.890625 7.878906 -8.632812 8.453125 -8.125 C 9.023438 -7.625 9.3125 -6.816406 9.3125 -5.703125 L 9.3125 0 L 6.921875 0 L 6.921875 -5.109375 C 6.921875 -6.359375 6.453125 -6.984375 5.515625 -6.984375 C 4.804688 -6.984375 4.3125 -6.734375 4.03125 -6.234375 C 3.757812 -5.742188 3.625 -5.035156 3.625 -4.109375 L 3.625 0 L 1.25 0 L 1.25 -12.15625 L 3.625 -12.15625 Z M 3.625 -9.6875 "/>
+</symbol>
+<symbol overflow="visible" id="glyph2-7">
+<path style="stroke:none;" d="M 4.828125 -8.90625 C 6.003906 -8.90625 6.90625 -8.648438 7.53125 -8.140625 C 8.15625 -7.640625 8.46875 -6.867188 8.46875 -5.828125 L 8.46875 0 L 6.796875 0 L 6.34375 -1.1875 L 6.265625 -1.1875 C 5.898438 -0.71875 5.507812 -0.375 5.09375 -0.15625 C 4.675781 0.0507812 4.101562 0.15625 3.375 0.15625 C 2.59375 0.15625 1.945312 -0.0664062 1.4375 -0.515625 C 0.925781 -0.972656 0.671875 -1.671875 0.671875 -2.609375 C 0.671875 -3.535156 0.992188 -4.21875 1.640625 -4.65625 C 2.296875 -5.101562 3.273438 -5.347656 4.578125 -5.390625 L 6.09375 -5.4375 L 6.09375 -5.828125 C 6.09375 -6.285156 5.972656 -6.617188 5.734375 -6.828125 C 5.492188 -7.046875 5.160156 -7.15625 4.734375 -7.15625 C 4.304688 -7.15625 3.890625 -7.09375 3.484375 -6.96875 C 3.078125 -6.84375 2.671875 -6.691406 2.265625 -6.515625 L 1.484375 -8.125 C 1.953125 -8.375 2.472656 -8.566406 3.046875 -8.703125 C 3.617188 -8.835938 4.210938 -8.90625 4.828125 -8.90625 Z M 5.171875 -4.015625 C 4.398438 -3.992188 3.863281 -3.851562 3.5625 -3.59375 C 3.269531 -3.34375 3.125 -3.007812 3.125 -2.59375 C 3.125 -2.226562 3.226562 -1.96875 3.4375 -1.8125 C 3.65625 -1.65625 3.929688 -1.578125 4.265625 -1.578125 C 4.785156 -1.578125 5.21875 -1.726562 5.5625 -2.03125 C 5.914062 -2.34375 6.09375 -2.773438 6.09375 -3.328125 L 6.09375 -4.046875 Z M 5.171875 -4.015625 "/>
+</symbol>
+<symbol overflow="visible" id="glyph2-8">
+<path style="stroke:none;" d="M 3.625 -6.71875 C 3.625 -6.382812 3.609375 -6.054688 3.578125 -5.734375 C 3.554688 -5.410156 3.53125 -5.082031 3.5 -4.75 L 3.53125 -4.75 C 3.695312 -4.976562 3.863281 -5.207031 4.03125 -5.4375 C 4.195312 -5.664062 4.378906 -5.878906 4.578125 -6.078125 L 7.03125 -8.734375 L 9.71875 -8.734375 L 6.234375 -4.9375 L 9.921875 0 L 7.171875 0 L 4.65625 -3.53125 L 3.625 -2.71875 L 3.625 0 L 1.25 0 L 1.25 -12.15625 L 3.625 -12.15625 Z M 3.625 -6.71875 "/>
+</symbol>
+</g>
+</defs>
+<g id="surface1057">
+<rect x="0" y="0" width="463" height="663" style="fill:rgb(100%,100%,100%);fill-opacity:1;stroke:none;"/>
+<path style="fill-rule:evenodd;fill:rgb(89.803922%,89.803922%,89.803922%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 14 8 L 37 8 L 37 24 L 14 24 Z M 14 8 " transform="matrix(20,0,0,20,-278,-78)"/>
+<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 16 14 L 25 14 L 25 18 L 16 18 Z M 16 14 " transform="matrix(20,0,0,20,-278,-78)"/>
+<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
+  <use xlink:href="#glyph0-1" x="117.976562" y="247.710341"/>
+  <use xlink:href="#glyph0-2" x="126.032118" y="247.710341"/>
+  <use xlink:href="#glyph0-3" x="133.809896" y="247.710341"/>
+  <use xlink:href="#glyph0-4" x="138.809896" y="247.710341"/>
+</g>
+<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 26.968555 9.710156 L 35.968555 9.710156 L 35.968555 19.710156 L 26.968555 19.710156 Z M 26.968555 9.710156 " transform="matrix(20,0,0,20,-278,-78)"/>
+<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
+  <use xlink:href="#glyph0-5" x="270.371094" y="221.913466"/>
+  <use xlink:href="#glyph0-6" x="277.593316" y="221.913466"/>
+  <use xlink:href="#glyph0-7" x="285.371094" y="221.913466"/>
+  <use xlink:href="#glyph0-8" x="292.593316" y="221.913466"/>
+</g>
+<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 21 20 L 26 20 L 26 23 L 21 23 Z M 21 20 " transform="matrix(20,0,0,20,-278,-78)"/>
+<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
+  <use xlink:href="#glyph0-9" x="168.40625" y="357.710341"/>
+  <use xlink:href="#glyph0-10" x="180.350694" y="357.710341"/>
+  <use xlink:href="#glyph0-3" x="183.684028" y="357.710341"/>
+  <use xlink:href="#glyph0-4" x="188.684028" y="357.710341"/>
+  <use xlink:href="#glyph0-11" x="195.90625" y="357.710341"/>
+  <use xlink:href="#glyph0-7" x="200.628472" y="357.710341"/>
+  <use xlink:href="#glyph0-6" x="207.850694" y="357.710341"/>
+</g>
+<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 14.6375 20 L 20.3625 20 L 20.3625 23 L 14.6375 23 Z M 14.6375 20 " transform="matrix(20,0,0,20,-278,-78)"/>
+<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
+  <use xlink:href="#glyph0-1" x="48.113281" y="357.710341"/>
+  <use xlink:href="#glyph0-7" x="56.168837" y="357.710341"/>
+  <use xlink:href="#glyph0-6" x="63.391059" y="357.710341"/>
+  <use xlink:href="#glyph0-11" x="71.168837" y="357.710341"/>
+  <use xlink:href="#glyph0-12" x="75.891059" y="357.710341"/>
+  <use xlink:href="#glyph0-3" x="83.668837" y="357.710341"/>
+  <use xlink:href="#glyph0-4" x="88.668837" y="357.710341"/>
+</g>
+<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 16 11 L 25 11 L 25 12.9 L 16 12.9 Z M 16 11 " transform="matrix(20,0,0,20,-278,-78)"/>
+<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
+  <use xlink:href="#glyph0-13" x="107.429688" y="166.710341"/>
+  <use xlink:href="#glyph0-14" x="116.874132" y="166.710341"/>
+  <use xlink:href="#glyph0-15" x="126.318576" y="166.710341"/>
+  <use xlink:href="#glyph0-16" x="130.763021" y="166.710341"/>
+  <use xlink:href="#glyph0-17" x="134.096354" y="166.710341"/>
+  <use xlink:href="#glyph0-18" x="137.985243" y="166.710341"/>
+  <use xlink:href="#glyph0-11" x="147.985243" y="166.710341"/>
+  <use xlink:href="#glyph0-19" x="152.707465" y="166.710341"/>
+</g>
+<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 21.675 25.510742 C 22.406445 25.108984 22.77207 24.975 23.503516 24.975 C 24.234961 24.975 24.600781 25.108984 25.332031 25.510742 L 25.332031 27.653516 C 24.600781 28.055273 24.234961 28.189258 23.503516 28.189258 C 22.77207 28.189258 22.406445 28.055273 21.675 27.653516 Z M 21.675 25.510742 " transform="matrix(20,0,0,20,-278,-78)"/>
+<path style="fill:none;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 21.675 25.510742 C 22.406445 25.9125 22.77207 26.046484 23.503516 26.046484 C 24.234961 26.046484 24.600781 25.9125 25.332031 25.510742 " transform="matrix(20,0,0,20,-278,-78)"/>
+<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
+  <use xlink:href="#glyph0-20" x="165.273438" y="465.409559"/>
+  <use xlink:href="#glyph0-7" x="174.717882" y="465.409559"/>
+  <use xlink:href="#glyph0-3" x="181.940104" y="465.409559"/>
+  <use xlink:href="#glyph0-21" x="186.940104" y="465.409559"/>
+  <use xlink:href="#glyph0-21" x="194.717882" y="465.409559"/>
+  <use xlink:href="#glyph0-10" x="202.49566" y="465.409559"/>
+  <use xlink:href="#glyph0-22" x="205.828993" y="465.409559"/>
+  <use xlink:href="#glyph0-23" x="211.940104" y="465.409559"/>
+</g>
+<path style="fill:none;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-dasharray:0.1,0.1;stroke-miterlimit:10;" d="M 20.5 12.9 L 20.5 14 " transform="matrix(20,0,0,20,-278,-78)"/>
+<path style="fill:none;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-dasharray:0.1,0.1;stroke-miterlimit:10;" d="M 26.968555 14.710156 L 25 16 " transform="matrix(20,0,0,20,-278,-78)"/>
+<path style="fill:none;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-dasharray:0.1,0.1;stroke-miterlimit:10;" d="M 22.75 18 L 23.5 20 " transform="matrix(20,0,0,20,-278,-78)"/>
+<path style="fill:none;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-dasharray:0.1,0.1;stroke-miterlimit:10;" d="M 18.25 18 L 17.5 20 " transform="matrix(20,0,0,20,-278,-78)"/>
+<path style="fill:none;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-dasharray:0.1,0.1;stroke-miterlimit:10;" d="M 23.5 23 L 23.503516 24.975 " transform="matrix(20,0,0,20,-278,-78)"/>
+<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-dasharray:0.1,0.1;stroke-miterlimit:10;" d="M 29.95 12.541406 L 34.95 12.541406 L 34.95 14.541406 L 29.95 14.541406 Z M 29.95 12.541406 " transform="matrix(20,0,0,20,-278,-78)"/>
+<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
+  <use xlink:href="#glyph1-1" x="344.066406" y="197.828396"/>
+  <use xlink:href="#glyph1-2" x="352.121962" y="197.828396"/>
+  <use xlink:href="#glyph1-3" x="354.89974" y="197.828396"/>
+  <use xlink:href="#glyph1-3" x="360.177517" y="197.828396"/>
+  <use xlink:href="#glyph1-4" x="365.455295" y="197.828396"/>
+  <use xlink:href="#glyph1-5" x="371.844184" y="197.828396"/>
+  <use xlink:href="#glyph1-6" x="377.121962" y="197.828396"/>
+  <use xlink:href="#glyph1-7" x="381.288628" y="197.828396"/>
+  <use xlink:href="#glyph1-8" x="387.955295" y="197.828396"/>
+  <use xlink:href="#glyph1-3" x="392.677517" y="197.828396"/>
+</g>
+<path style="fill:none;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-dasharray:0.1,0.1;stroke-miterlimit:10;" d="M 17.5 23 L 17.502539 25.05 " transform="matrix(20,0,0,20,-278,-78)"/>
+<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
+  <use xlink:href="#glyph2-1" x="22" y="122.014106"/>
+  <use xlink:href="#glyph2-2" x="37.555556" y="122.014106"/>
+  <use xlink:href="#glyph2-3" x="42.555556" y="122.014106"/>
+  <use xlink:href="#glyph2-4" x="49.5" y="122.014106"/>
+  <use xlink:href="#glyph2-5" x="58.944444" y="122.014106"/>
+  <use xlink:href="#glyph2-6" x="67" y="122.014106"/>
+  <use xlink:href="#glyph2-7" x="77.555556" y="122.014106"/>
+  <use xlink:href="#glyph2-3" x="87.277778" y="122.014106"/>
+  <use xlink:href="#glyph2-8" x="94.5" y="122.014106"/>
+</g>
+<path style="fill-rule:evenodd;fill:rgb(70.19608%,70.19608%,70.19608%);fill-opacity:1;stroke-width:0.05;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 18.75 4 L 22.275391 4 L 22.275391 6.644141 L 18.75 6.644141 Z M 18.75 4 " transform="matrix(20,0,0,20,-278,-78)"/>
+<path style=" stroke:none;fill-rule:evenodd;fill:rgb(0%,0%,0%);fill-opacity:1;" d="M 104.636719 9.636719 L 159.867188 9.636719 L 159.867188 46.066406 L 104.636719 46.066406 Z M 104.636719 9.636719 "/>
+<path style="fill-rule:evenodd;fill:rgb(70.19608%,70.19608%,70.19608%);fill-opacity:1;stroke-width:0.05;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 19.227344 6.644141 L 21.041602 6.644141 L 21.041602 7.055273 L 19.322852 7.055273 Z M 19.227344 6.644141 " transform="matrix(20,0,0,20,-278,-78)"/>
+<path style="fill-rule:evenodd;fill:rgb(70.19608%,70.19608%,70.19608%);fill-opacity:1;stroke-width:0.05;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 21.041602 6.644141 L 21.798047 6.644141 L 21.702539 7.055273 L 21.041602 7.055273 Z M 21.041602 6.644141 " transform="matrix(20,0,0,20,-278,-78)"/>
+<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.05;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 21.164844 6.767383 L 21.329297 6.767383 L 21.329297 6.931836 L 21.164844 6.931836 Z M 21.164844 6.767383 " transform="matrix(20,0,0,20,-278,-78)"/>
+<path style="fill-rule:evenodd;fill:rgb(70.19608%,70.19608%,70.19608%);fill-opacity:1;stroke-width:0.05;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 20.160156 7.055273 L 20.865234 7.055273 L 20.865234 7.260938 L 21.217773 7.260938 L 21.217773 7.466602 L 19.807617 7.466602 L 19.807617 7.260938 L 20.160156 7.260938 Z M 20.160156 7.055273 " transform="matrix(20,0,0,20,-278,-78)"/>
+<path style="fill:none;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-dasharray:0.1,0.1;stroke-miterlimit:10;" d="M 20.512695 7.466602 L 20.5 11 " transform="matrix(20,0,0,20,-278,-78)"/>
+<path style="fill:none;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-dasharray:0.1,0.1;stroke-miterlimit:10;" d="M 20.3625 21.5 L 21 21.5 " transform="matrix(20,0,0,20,-278,-78)"/>
+<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-dasharray:0.1,0.1;stroke-miterlimit:10;" d="M 29.39082 14.516406 L 35.633398 14.516406 L 35.633398 17.016406 L 29.39082 17.016406 Z M 29.39082 14.516406 " transform="matrix(20,0,0,20,-278,-78)"/>
+<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
+  <use xlink:href="#glyph1-1" x="326.96875" y="242.328396"/>
+  <use xlink:href="#glyph1-2" x="335.024306" y="242.328396"/>
+  <use xlink:href="#glyph1-3" x="337.802083" y="242.328396"/>
+  <use xlink:href="#glyph1-3" x="343.079861" y="242.328396"/>
+  <use xlink:href="#glyph1-4" x="348.357639" y="242.328396"/>
+  <use xlink:href="#glyph1-5" x="354.746528" y="242.328396"/>
+  <use xlink:href="#glyph1-6" x="360.024306" y="242.328396"/>
+  <use xlink:href="#glyph1-7" x="364.190972" y="242.328396"/>
+  <use xlink:href="#glyph1-8" x="370.857639" y="242.328396"/>
+  <use xlink:href="#glyph1-9" x="375.579861" y="242.328396"/>
+  <use xlink:href="#glyph1-10" x="379.190972" y="242.328396"/>
+  <use xlink:href="#glyph1-11" x="385.857639" y="242.328396"/>
+  <use xlink:href="#glyph1-12" x="388.635417" y="242.328396"/>
+  <use xlink:href="#glyph1-13" x="395.579861" y="242.328396"/>
+  <use xlink:href="#glyph1-2" x="402.524306" y="242.328396"/>
+  <use xlink:href="#glyph1-14" x="405.302083" y="242.328396"/>
+  <use xlink:href="#glyph1-3" x="412.246528" y="242.328396"/>
+</g>
+<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-dasharray:0.1,0.1;stroke-miterlimit:10;" d="M 29.79707 17.023047 L 35.04707 17.023047 L 35.04707 19.023047 L 29.79707 19.023047 Z M 29.79707 17.023047 " transform="matrix(20,0,0,20,-278,-78)"/>
+<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
+  <use xlink:href="#glyph1-1" x="333.644531" y="287.461209"/>
+  <use xlink:href="#glyph1-2" x="341.700087" y="287.461209"/>
+  <use xlink:href="#glyph1-3" x="344.477865" y="287.461209"/>
+  <use xlink:href="#glyph1-15" x="349.755642" y="287.461209"/>
+  <use xlink:href="#glyph1-11" x="356.700087" y="287.461209"/>
+  <use xlink:href="#glyph1-16" x="359.477865" y="287.461209"/>
+  <use xlink:href="#glyph1-17" x="365.866753" y="287.461209"/>
+  <use xlink:href="#glyph1-9" x="371.700087" y="287.461209"/>
+  <use xlink:href="#glyph1-18" x="375.311198" y="287.461209"/>
+  <use xlink:href="#glyph1-2" x="381.144531" y="287.461209"/>
+  <use xlink:href="#glyph1-11" x="383.922309" y="287.461209"/>
+  <use xlink:href="#glyph1-6" x="386.700087" y="287.461209"/>
+  <use xlink:href="#glyph1-4" x="390.866753" y="287.461209"/>
+  <use xlink:href="#glyph1-8" x="397.255642" y="287.461209"/>
+  <use xlink:href="#glyph1-3" x="401.977865" y="287.461209"/>
+</g>
+<path style="fill:none;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-dasharray:0.1,0.1;stroke-miterlimit:10;" d="M 17.5 32.9 L 17.501172 33.805859 " transform="matrix(20,0,0,20,-278,-78)"/>
+<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 16.259766 34.60957 C 15.741211 34.597656 14.735547 34.847461 14.876953 35.382812 C 15.018359 35.918164 15.694141 36.037109 15.976953 35.882422 C 16.259766 35.72793 15.536914 36.632031 16.919922 36.869922 C 18.30293 37.107813 19.009961 36.727148 18.805664 36.453516 C 18.601367 36.179883 20.01582 37.096094 20.675977 36.572461 C 21.335938 36.049023 20.000195 35.549414 20.283008 35.620703 C 20.56582 35.692188 21.430273 35.596875 21.147266 34.704687 C 20.864453 33.812305 18.318555 34.502344 18.601367 34.371484 C 18.884375 34.240625 18.177148 33.586328 17.29707 33.717188 C 16.416992 33.848047 16.354492 34.085547 16.260352 34.608984 Z M 16.259766 34.60957 " transform="matrix(20,0,0,20,-278,-78)"/>
+<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
+  <use xlink:href="#glyph0-24" x="61.425781" y="636.597059"/>
+  <use xlink:href="#glyph0-4" x="71.148003" y="636.597059"/>
+  <use xlink:href="#glyph0-11" x="78.370226" y="636.597059"/>
+  <use xlink:href="#glyph0-25" x="83.092448" y="636.597059"/>
+  <use xlink:href="#glyph0-2" x="93.092448" y="636.597059"/>
+  <use xlink:href="#glyph0-3" x="100.870226" y="636.597059"/>
+  <use xlink:href="#glyph0-23" x="106.148003" y="636.597059"/>
+</g>
+<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-dasharray:0.1,0.1;stroke-miterlimit:10;" d="M 29.960156 10.607227 L 34.960156 10.607227 L 34.960156 12.607227 L 29.960156 12.607227 Z M 29.960156 10.607227 " transform="matrix(20,0,0,20,-278,-78)"/>
+<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
+  <use xlink:href="#glyph1-10" x="336.632812" y="159.144803"/>
+  <use xlink:href="#glyph1-8" x="343.299479" y="159.144803"/>
+  <use xlink:href="#glyph1-7" x="347.743924" y="159.144803"/>
+  <use xlink:href="#glyph1-6" x="354.41059" y="159.144803"/>
+  <use xlink:href="#glyph1-7" x="358.577257" y="159.144803"/>
+  <use xlink:href="#glyph1-5" x="365.243924" y="159.144803"/>
+  <use xlink:href="#glyph1-7" x="370.521701" y="159.144803"/>
+  <use xlink:href="#glyph1-11" x="377.188368" y="159.144803"/>
+  <use xlink:href="#glyph1-9" x="379.966146" y="159.144803"/>
+  <use xlink:href="#glyph1-19" x="383.021701" y="159.144803"/>
+  <use xlink:href="#glyph1-8" x="388.577257" y="159.144803"/>
+  <use xlink:href="#glyph1-4" x="393.021701" y="159.144803"/>
+  <use xlink:href="#glyph1-4" x="399.41059" y="159.144803"/>
+</g>
+<path style="fill:none;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-dasharray:0.1,0.1;stroke-miterlimit:10;" d="M 18.778516 32.95 L 18.753516 32.93457 " transform="matrix(20,0,0,20,-278,-78)"/>
+<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 14 28.9 L 21 28.9 L 21 32.9 L 14 32.9 Z M 14 28.9 " transform="matrix(20,0,0,20,-278,-78)"/>
+<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-dasharray:0.1,0.1;stroke-miterlimit:10;" d="M 14.825 30.25 L 20.175 30.25 L 20.175 32.25 L 14.825 32.25 Z M 14.825 30.25 " transform="matrix(20,0,0,20,-278,-78)"/>
+<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
+  <use xlink:href="#glyph1-20" x="33.113281" y="552.000271"/>
+  <use xlink:href="#glyph1-16" x="40.057726" y="552.000271"/>
+  <use xlink:href="#glyph1-15" x="46.446615" y="552.000271"/>
+  <use xlink:href="#glyph1-6" x="53.391059" y="552.000271"/>
+  <use xlink:href="#glyph1-12" x="57.557726" y="552.000271"/>
+  <use xlink:href="#glyph1-8" x="64.50217" y="552.000271"/>
+  <use xlink:href="#glyph1-4" x="68.946615" y="552.000271"/>
+  <use xlink:href="#glyph1-9" x="75.335503" y="552.000271"/>
+  <use xlink:href="#glyph1-18" x="78.946615" y="552.000271"/>
+  <use xlink:href="#glyph1-2" x="84.779948" y="552.000271"/>
+  <use xlink:href="#glyph1-11" x="87.557726" y="552.000271"/>
+  <use xlink:href="#glyph1-6" x="90.335503" y="552.000271"/>
+  <use xlink:href="#glyph1-4" x="94.50217" y="552.000271"/>
+  <use xlink:href="#glyph1-8" x="100.891059" y="552.000271"/>
+  <use xlink:href="#glyph1-3" x="105.613281" y="552.000271"/>
+</g>
+<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
+  <use xlink:href="#glyph0-8" x="14" y="517.011122"/>
+  <use xlink:href="#glyph0-6" x="21.777778" y="517.011122"/>
+  <use xlink:href="#glyph0-26" x="29.555556" y="517.011122"/>
+  <use xlink:href="#glyph0-7" x="35.666667" y="517.011122"/>
+  <use xlink:href="#glyph0-6" x="42.888889" y="517.011122"/>
+  <use xlink:href="#glyph0-16" x="50.666667" y="517.011122"/>
+  <use xlink:href="#glyph0-27" x="54" y="517.011122"/>
+  <use xlink:href="#glyph0-16" x="58.722222" y="517.011122"/>
+  <use xlink:href="#glyph0-28" x="62.055556" y="517.011122"/>
+  <use xlink:href="#glyph0-10" x="65.388889" y="517.011122"/>
+  <use xlink:href="#glyph0-29" x="68.722222" y="517.011122"/>
+  <use xlink:href="#glyph0-6" x="76.5" y="517.011122"/>
+  <use xlink:href="#glyph0-26" x="84.277778" y="517.011122"/>
+  <use xlink:href="#glyph0-7" x="90.388889" y="517.011122"/>
+  <use xlink:href="#glyph0-6" x="97.611111" y="517.011122"/>
+</g>
+<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 14.640039 25.05 L 20.365039 25.05 L 20.365039 28.05 L 14.640039 28.05 Z M 14.640039 25.05 " transform="matrix(20,0,0,20,-278,-78)"/>
+<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
+  <use xlink:href="#glyph0-30" x="43.027344" y="450.710341"/>
+  <use xlink:href="#glyph0-12" x="52.471788" y="450.710341"/>
+  <use xlink:href="#glyph0-31" x="60.249566" y="450.710341"/>
+  <use xlink:href="#glyph0-6" x="72.19401" y="450.710341"/>
+  <use xlink:href="#glyph0-26" x="79.971788" y="450.710341"/>
+  <use xlink:href="#glyph0-7" x="86.082899" y="450.710341"/>
+  <use xlink:href="#glyph0-6" x="93.305122" y="450.710341"/>
+</g>
+<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
+  <use xlink:href="#glyph0-26" x="26.914062" y="466.710341"/>
+  <use xlink:href="#glyph0-7" x="33.025174" y="466.710341"/>
+  <use xlink:href="#glyph0-6" x="40.247396" y="466.710341"/>
+  <use xlink:href="#glyph0-11" x="48.025174" y="466.710341"/>
+  <use xlink:href="#glyph0-12" x="52.747396" y="466.710341"/>
+  <use xlink:href="#glyph0-3" x="60.525174" y="466.710341"/>
+  <use xlink:href="#glyph0-4" x="65.525174" y="466.710341"/>
+  <use xlink:href="#glyph0-16" x="72.747396" y="466.710341"/>
+  <use xlink:href="#glyph0-4" x="76.080729" y="466.710341"/>
+  <use xlink:href="#glyph0-8" x="83.302951" y="466.710341"/>
+  <use xlink:href="#glyph0-32" x="91.080729" y="466.710341"/>
+  <use xlink:href="#glyph0-10" x="98.858507" y="466.710341"/>
+  <use xlink:href="#glyph0-8" x="102.19184" y="466.710341"/>
+  <use xlink:href="#glyph0-4" x="109.969618" y="466.710341"/>
+</g>
+<path style="fill:none;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-dasharray:0.1,0.1;stroke-miterlimit:10;" d="M 17.502539 28.05 L 17.5 28.9 " transform="matrix(20,0,0,20,-278,-78)"/>
+<path style="fill:none;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-dasharray:0.1,0.1;stroke-miterlimit:10;" d="M 21.625 26.57207 L 20.412109 26.565625 " transform="matrix(20,0,0,20,-278,-78)"/>
+<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 28.839062 20.271484 L 33.839062 20.271484 L 33.839062 23.271484 L 28.839062 23.271484 Z M 28.839062 20.271484 " transform="matrix(20,0,0,20,-278,-78)"/>
+<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
+  <use xlink:href="#glyph0-14" x="326.007812" y="363.140028"/>
+  <use xlink:href="#glyph0-11" x="335.452257" y="363.140028"/>
+  <use xlink:href="#glyph0-10" x="340.174479" y="363.140028"/>
+  <use xlink:href="#glyph0-28" x="343.507812" y="363.140028"/>
+  <use xlink:href="#glyph0-10" x="346.841146" y="363.140028"/>
+  <use xlink:href="#glyph0-11" x="350.174479" y="363.140028"/>
+  <use xlink:href="#glyph0-10" x="354.896701" y="363.140028"/>
+  <use xlink:href="#glyph0-4" x="358.230035" y="363.140028"/>
+  <use xlink:href="#glyph0-22" x="365.452257" y="363.140028"/>
+</g>
+<path style="fill:none;stroke-width:0.15;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 23.687305 34.999609 L 32.653906 34.999609 " transform="matrix(20,0,0,20,-278,-78)"/>
+<path style="fill:none;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 26.655469 34.756445 L 27.152539 34.757031 " transform="matrix(20,0,0,20,-278,-78)"/>
+<path style="fill:none;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 26.648438 35.236328 L 27.145508 35.237109 " transform="matrix(20,0,0,20,-278,-78)"/>
+<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
+  <use xlink:href="#glyph0-33" x="323.242188" y="638.292372"/>
+  <use xlink:href="#glyph0-12" x="331.575521" y="638.292372"/>
+  <use xlink:href="#glyph0-22" x="339.353299" y="638.292372"/>
+</g>
+<path style="fill:none;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-dasharray:0.1,0.1;stroke-miterlimit:10;" d="M 20.00293 32.968945 L 26.903906 34.756641 " transform="matrix(20,0,0,20,-278,-78)"/>
+</g>
+</svg>
diff --git a/docbook/wsdg_src/images/ws-logo.png b/doc/wsdg_src/images/ws-logo.png
index 04226f39..04226f39 100644
--- a/docbook/wsdg_src/images/ws-logo.png
+++ b/doc/wsdg_src/images/ws-logo.png
diff --git a/docbook/wsdg_src/images/wslua-new-dialog.png b/doc/wsdg_src/images/wslua-new-dialog.png
index 9de7e4a9..9de7e4a9 100644
--- a/docbook/wsdg_src/images/wslua-new-dialog.png
+++ b/doc/wsdg_src/images/wslua-new-dialog.png
diff --git a/docbook/wsdg_src/images/wslua-progdlg.png b/doc/wsdg_src/images/wslua-progdlg.png
index d8d95101..d8d95101 100644
--- a/docbook/wsdg_src/images/wslua-progdlg.png
+++ b/doc/wsdg_src/images/wslua-progdlg.png
diff --git a/docbook/wsdg_src/images/wslua-textwindow.png b/doc/wsdg_src/images/wslua-textwindow.png
index 7defd0fa..7defd0fa 100644
--- a/docbook/wsdg_src/images/wslua-textwindow.png
+++ b/doc/wsdg_src/images/wslua-textwindow.png
diff --git a/docbook/wsdg_src/wsdg_asn2wrs.adoc b/doc/wsdg_src/wsdg_asn2wrs.adoc
index e7e021ee..a5add171 100644
--- a/docbook/wsdg_src/wsdg_asn2wrs.adoc
+++ b/doc/wsdg_src/wsdg_asn2wrs.adoc
@@ -64,7 +64,7 @@ Reasons one might _not_ want to build as a plugin:
 * The CMakeFile is quite a bit more complex.
 * Building under the asn1 subtree keeps all such dissectors together.
 
-If you still think you'd like to build your module as a plugin, see https://gitlab.com/wireshark/wireshark/-/wikis/ASN1_plugin[Building ASN1 Plugins].
+If you still think you'd like to build your module as a plugin, see {wireshark-wiki-url}ASN1_plugin[Building ASN1 Plugins].
 
 [#UnderstandingErrorMessages]
 === Understanding Error Messages
@@ -432,7 +432,7 @@ Time TYPE = FT_STRING  DISPLAY = BASE_NONE  STRING = NULL BITMASK = 0
 [#SimpleASN1BasedDissector]
 === Simple ASN.1-Based Dissector
 
-// https://gitlab.com/wireshark/wireshark/-/wikis/uploads/__moin_import__/attachments/ASN1_sample/foo.tar.gz
+// {wireshark-wiki-moin-import-url}ASN1_sample/foo.tar.gz
 // all seven files as gzipped foo directory (suitable for unzipping in
 // wireshark/asn1 directory)
 
@@ -566,19 +566,19 @@ FOO-MESSAGE
 #define PSNAME "FOO"
 #define PFNAME "foo"
 #define FOO_PORT 5001    /* UDP port */
-static dissector_handle_t foo_handle=NULL;
+static dissector_handle_t foo_handle;
 
 void proto_reg_handoff_foo(void);
 void proto_register_foo(void);
 
 /* Initialize the protocol and registered fields */
-static int proto_foo = -1;
+static int proto_foo;
 static int global_foo_port = FOO_PORT;
 
 #include "packet-foo-hf.c"
 
 /* Initialize the subtree pointers */
-static int ett_foo = -1;
+static int ett_foo;
 
 #include "packet-foo-ett.c"
 
@@ -893,7 +893,7 @@ Replace all PROTOCOL/protocol references with the name of your protocol.
 #define PFNAME "protocol"
 
 /* Initialize the protocol and registered fields */
-int proto_protocol = -1;
+int proto_protocol;
 #include "packet-protocol-hf.c"
 
 /* Initialize the subtree pointers */
diff --git a/docbook/wsdg_src/wsdg_build_intro.adoc b/doc/wsdg_src/wsdg_build_intro.adoc
index d4ededb1..d4ededb1 100644
--- a/docbook/wsdg_src/wsdg_build_intro.adoc
+++ b/doc/wsdg_src/wsdg_build_intro.adoc
diff --git a/docbook/wsdg_src/wsdg_capture.adoc b/doc/wsdg_src/wsdg_capture.adoc
index 868f2a0f..868f2a0f 100644
--- a/docbook/wsdg_src/wsdg_capture.adoc
+++ b/doc/wsdg_src/wsdg_capture.adoc
diff --git a/docbook/wsdg_src/wsdg_dissection.adoc b/doc/wsdg_src/wsdg_dissection.adoc
index efc0a71a..0717a045 100644
--- a/docbook/wsdg_src/wsdg_dissection.adoc
+++ b/doc/wsdg_src/wsdg_dissection.adoc
@@ -70,7 +70,7 @@ With a little care, the plugin can be converted into a built-in dissector.
 
 #define FOO_PORT 1234
 
-static int proto_foo = -1;
+static int proto_foo;
 
 void
 proto_register_foo(void)
@@ -187,7 +187,7 @@ Here is the dissector's complete code:
 
 #define FOO_PORT 1234
 
-static int proto_foo = -1;
+static int proto_foo;
 
 static int
 dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, void *data _U_)
@@ -296,8 +296,8 @@ and `proto_register_subtree_array()`:
 .Registering data structures.
 [source,c]
 ----
-static int hf_foo_pdu_type = -1;
-static int ett_foo = -1;
+static int hf_foo_pdu_type;
+static int ett_foo;
 
 /* ... */
 
@@ -402,9 +402,9 @@ more variables to the hfarray, and a couple more procedure calls.
 [source,c]
 ----
 ...
-static int hf_foo_flags = -1;
-static int hf_foo_sequenceno = -1;
-static int hf_foo_initialip = -1;
+static int hf_foo_flags;
+static int hf_foo_sequenceno;
+static int hf_foo_initialip;
 ...
 
 static int
@@ -506,9 +506,9 @@ flags structure. For this we need to add some more data to the table though.
 #define FOO_END_FLAG        0x02
 #define FOO_PRIORITY_FLAG   0x04
 
-static int hf_foo_startflag = -1;
-static int hf_foo_endflag = -1;
-static int hf_foo_priorityflag = -1;
+static int hf_foo_startflag;
+static int hf_foo_endflag;
+static int hf_foo_priorityflag;
 
 static int
 dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
@@ -569,7 +569,7 @@ other things we can do to make things look even more pretty. At the moment our
 dissection shows the packets as "Foo Protocol" which whilst correct is a little
 uninformative. We can enhance this by adding a little more detail. First, let’s
 get hold of the actual value of the protocol type. We can use the handy function
-`tvb_get_guint8()` to do this. With this value in hand, there are a couple of
+`tvb_get_uint8()` to do this. With this value in hand, there are a couple of
 things we can do. First we can set the INFO column of the non-detailed view to
 show what sort of PDU it is - which is extremely helpful when looking at
 protocol traces. Second, we can also display this information in the dissection
@@ -582,7 +582,7 @@ static int
 dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
 {
     int offset = 0;
-    uint8_t packet_type = tvb_get_guint8(tvb, 0);
+    uint8_t packet_type = tvb_get_uint8(tvb, 0);
 
     col_set_str(pinfo->cinfo, COL_PROTOCOL, "FOO");
     /* Clear out stuff in the info column */
@@ -625,7 +625,7 @@ number being zero (assuming that's a noteworthy thing for this protocol).
 ----
 #include <epan/expert.h>
 
-static expert_field ei_foo_seqn_zero = EI_INIT;
+static expert_field ei_foo_seqn_zero;
 
 /* ... */
 
@@ -749,7 +749,7 @@ effect.
 .Decompressing data packets for dissection.
 [source,c]
 ----
-    uint8_t flags = tvb_get_guint8(tvb, offset);
+    uint8_t flags = tvb_get_uint8(tvb, offset);
     offset ++;
     if (flags & FLAG_COMPRESSED) { /* the remainder of the packet is compressed */
         uint16_t orig_size = tvb_get_ntohs(tvb, offset);
@@ -851,7 +851,7 @@ msg_pkt ::= SEQUENCE {
 #include <epan/reassemble.h>
    ...
 save_fragmented = pinfo->fragmented;
-flags = tvb_get_guint8(tvb, offset); offset++;
+flags = tvb_get_uint8(tvb, offset); offset++;
 if (flags & FL_FRAGMENT) { /* fragmented */
     tvbuff_t* new_tvb = NULL;
     fragment_data *frag_msg = NULL;
@@ -967,19 +967,19 @@ like the following. Of course the names may need to be adjusted.
 [source,c]
 ----
 ...
-static int hf_msg_fragments = -1;
-static int hf_msg_fragment = -1;
-static int hf_msg_fragment_overlap = -1;
-static int hf_msg_fragment_overlap_conflicts = -1;
-static int hf_msg_fragment_multiple_tails = -1;
-static int hf_msg_fragment_too_long_fragment = -1;
-static int hf_msg_fragment_error = -1;
-static int hf_msg_fragment_count = -1;
-static int hf_msg_reassembled_in = -1;
-static int hf_msg_reassembled_length = -1;
+static int hf_msg_fragments;
+static int hf_msg_fragment;
+static int hf_msg_fragment_overlap;
+static int hf_msg_fragment_overlap_conflicts;
+static int hf_msg_fragment_multiple_tails;
+static int hf_msg_fragment_too_long_fragment;
+static int hf_msg_fragment_error;
+static int hf_msg_fragment_count;
+static int hf_msg_reassembled_in;
+static int hf_msg_reassembled_length;
 ...
-static int ett_msg_fragment = -1;
-static int ett_msg_fragments = -1;
+static int ett_msg_fragment;
+static int ett_msg_fragments;
 ...
 static const fragment_items msg_frag_items = {
     /* Fragment subtrees */
@@ -1154,13 +1154,7 @@ string name with which to find it again.
 #include <epan/packet.h>
 #include <epan/tap.h>
 
-static int foo_tap = -1;
-
-struct FooTap {
-    int packet_type;
-    int priority;
-       ...
-};
+static int foo_tap;
 
 void proto_register_foo(void)
 {
@@ -1170,7 +1164,7 @@ void proto_register_foo(void)
 
 Whilst you can program a tap without protocol specific data, it is generally not
 very useful. Therefore it’s a good idea to declare a structure that can be
-passed through the tap. This needs to be a static structure as it will be used
+passed through the tap. This needs to be allocated in packet scope as it will be used
 after the dissection routine has returned. It’s generally best to pick out some
 generic parts of the protocol you are dissecting into the tap data. A packet
 type, a priority or a status code maybe. The structure really needs to be
@@ -1184,12 +1178,18 @@ of the dissector.
 .Calling a protocol tap
 [source,c]
 ----
+struct FooTap {
+    int packet_type;
+    int priority;
+       ...
+};
+
 static int
 dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
 {
        ...
-    fooinfo = wmem_alloc(pinfo->pool, sizeof(struct FooTap));
-    fooinfo->packet_type = tvb_get_guint8(tvb, 0);
+    struct FooTap *fooinfo = wmem_new0(pinfo->pool, struct FooTap);
+    fooinfo->packet_type = tvb_get_uint8(tvb, 0);
     fooinfo->priority = tvb_get_ntohs(tvb, 8);
        ...
     tap_queue_packet(foo_tap, pinfo, fooinfo);
@@ -1198,12 +1198,19 @@ dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
 }
 ----
 
+[TIP]
+====
+Allocate your structure using `wmem_new0()`, so it sets all values of your structure
+to zero. This way, if you add members later but forget to initialize them, they will
+have a consistent value, making troubleshooting easier.
+====
+
 This now enables those interested parties to listen in on the details
 of this protocol conversation.
 
 [#ChDissectStats]
 
-=== How to produce protocol stats
+=== How to produce protocol statistics (stats)
 
 Given that you have a tap interface for the protocol, you can use this
 to produce some interesting statistics (well presumably interesting!) from
@@ -1221,32 +1228,24 @@ Here is a mechanism to produce statistics from the above TAP interface.
 ----
 #include <epan/stats_tree.h>
 
-/* register all http trees */
-static void register_foo_stat_trees(void) {
-    stats_tree_register_plugin("foo", "foo", "Foo/Packet Types", 0,
+void proto_reg_handoff_foo(void) {
+       ...
+    stats_tree_register("foo", "foo", "Foo" STATS_TREE_MENU_SEPARATOR "Packet Types", 0,
         foo_stats_tree_packet, foo_stats_tree_init, NULL);
 }
-
-WS_DLL_PUBLIC_DEF void plugin_register_tap_listener(void)
-{
-    register_foo_stat_trees();
-}
 ----
 
-Working from the bottom up, first the plugin interface entry point is defined,
-`plugin_register_tap_listener()`. This simply calls the initialisation function
-`register_foo_stat_trees()`.
-
-This in turn calls the `stats_tree_register_plugin()` function, which takes three
-strings, an integer, and three callback functions.
+The interface entry point, `proto_reg_handoff_foo()`,
+calls the `stats_tree_register()` function, which takes three
+strings, an integer, and three callback functions:
 
-. This is the tap name that is registered.
+. This is the tap name that was registered using `register_tap()`.
 
 . An abbreviation of the stats name.
 
-. The name of the stats module. A “/” character can be used to make sub menus.
+. The name of the stats module. `STATS_TREE_MENU_SEPARATOR` can be used to make sub menus.
 
-. Flags for per-packet callback
+. Flags for per-packet callback, taken from `epan/stats_tree.h`.
 
 . The function that will called to generate the stats.
 
@@ -1256,6 +1255,13 @@ strings, an integer, and three callback functions.
 
 In this case we only need the first two functions, as there is nothing specific to clean up.
 
+[NOTE]
+====
+If you are registering statistics from a plugin, then your plugin should have
+a plugin interface entry point called `plugin_register_tap_listener()`,
+which should call `stats_tree_register_plugin()` instead of `stats_tree_register()`.
+====
+
 .Initialising a stats session
 [source,c]
 ----
@@ -1294,6 +1300,13 @@ In this case the processing of the stats is quite simple. First we call the
 call to `stats_tree_tick_pivot()` on the `st_node_packet_types` subtree allows
 us to record statistics by packet type.
 
+[NOTE]
+====
+Notice that stats trees and pivots are identified by their name string,
+_not_ by the identifier returned by
+`stats_tree_create_node()`/`stats_tree_create_pivot()`.
+====
+
 [#ChDissectConversation]
 
 === How to use conversations
diff --git a/docbook/wsdg_src/wsdg_env_intro.adoc b/doc/wsdg_src/wsdg_env_intro.adoc
index 91d51eaf..2bf6a922 100644
--- a/docbook/wsdg_src/wsdg_env_intro.adoc
+++ b/doc/wsdg_src/wsdg_env_intro.adoc
@@ -237,7 +237,7 @@ The Wireshark development team uses GitLab’s continuous integration (CI) syste
 Automated builds provide several useful services:
 
 * Cross-platform testing.
-  Inbound merge requests and commits can be tested on each of our supported plaforms, which ensures that a developer on one platform doesn’t break the build on other platforms.
+  Inbound merge requests and commits can be tested on each of our supported platforms, which ensures that a developer on one platform doesn’t break the build on other platforms.
 
 * A health indicator for the source code.
   The CI badges at {wireshark-gitlab-project-url} can quickly tell you how healthy the latest code is.
@@ -268,23 +268,24 @@ Jobs provide a link to the corresponding console logfile which provides addition
 
 Release packages are built on the following platforms:
 
-* Windows Server 2019 x86-64 (Win64, little endian, Visual Studio 2022)
+* Windows Server 2022 x64, Visual Studio 2022
 
-* Ubuntu 18.04 x86-64 (Linux, little endian, gcc, Clang)
+* Windows 11 Arm64, Visual Studio 2022
 
-* macOS 10.14 x86-64 (BSD, little endian, Clang)
+* Ubuntu 22.04 x64, gcc
 
-Static code analysis and fuzz tests are run on the following platforms:
+* macOS x64, clang
+
+* macOS Arm64, clang
 
-* Visual Studio Code Analysis (Win64, little endian, VS 2022)
+Static code analysis and fuzz tests are run on the following platforms:
 
-* Clang Code Analysis, Coverity Scan, and fuzz tests (Linux, little endian, Clang)
+* Visual Studio Code Analysis, Visual Studio 2022
 
-Each platform is represented at the status page by a single column, the most recent entries are at the top.
+* Clang Code Analysis, Coverity Scan, and fuzz tests, clang
 
 [#ChIntroHelp]
 
-
 === Reporting problems and getting help
 
 If you have problems, or need help with Wireshark, there are several
diff --git a/docbook/wsdg_src/wsdg_libraries.adoc b/doc/wsdg_src/wsdg_libraries.adoc
index d0f5f1d0..28bc52d5 100644
--- a/docbook/wsdg_src/wsdg_libraries.adoc
+++ b/doc/wsdg_src/wsdg_libraries.adoc
@@ -21,6 +21,7 @@ See <<ChSetupUNIXBuildEnvironmentSetup>> for details.
 On macOS, you can install pre-built packages using a third party package manager such as Homebrew or MacPorts.
 As with Linux, we provide `tools/macos-setup-brew.sh`, which will install the required Homebrew packages.
 We also provide `tools/macos-setup.sh`, which will download, build, and install required packages.
+Note that `tools/macos-setup.sh` installs into _/usr/local_ by default; you can change this with the `-p` flag.
 
 Windows doesn't have a good library package manager at the present time, so we provide our own pre-built libraries.
 They can be installed using `tools/win-setup.ps1` and are automatically installed when you run CMake.
@@ -299,6 +300,9 @@ https://dev-libs.wireshark.org/windows/packages/[].
 === Lua (Optional)
 
 The Lua library is used to add scripting support to Wireshark.
+Wireshark 4.2.x and earlier support Lua versions 5.1 and 5.2.
+Recent versions of Wireshark have added support for Lua 5.3 and 5.4
+as well.
 
 [#ChLibsUnixLua]
 
@@ -314,7 +318,7 @@ https://www.lua.org/download.html[].
 [discrete]
 ==== Windows
 
-We provide copies of the official packages at
+We provide packages for Windows, patched for UTF-8 support, at
 https://dev-libs.wireshark.org/windows/packages/[].
 
 [#ChLibsMaxMindDB]
diff --git a/docbook/wsdg_src/wsdg_lua_support.adoc b/doc/wsdg_src/wsdg_lua_support.adoc
index 8f7314bf..26c3849d 100644
--- a/docbook/wsdg_src/wsdg_lua_support.adoc
+++ b/doc/wsdg_src/wsdg_lua_support.adoc
@@ -10,17 +10,22 @@
 === Introduction
 
 Lua is a powerful light-weight programming language designed for extending
-applications. Wireshark contains an embedded Lua 5.2 interpreter which
-can be used to write dissectors, taps, and capture file readers
-and writers.
+applications. Wireshark contains an embedded Lua interpreter which can
+be used to write dissectors, taps, and capture file readers and writers.
+Wireshark versions 4.2.x and earlier support Lua 5.1 and 5.2, and newer
+versions support Lua 5.3 and 5.4. The Lua BitOp library is bundled with
+all version of Wireshark; Lua 5.3 and later also have native support for
+https://www.lua.org/manual/5.4/manual.html#3.4.2[bitwise operators].
 
 If Lua is enabled, Wireshark will first try to load a file named `init.lua`
 from the global link:{wireshark-users-guide-url}ChPluginFolders.html[_plugins directory_].
 and then from the user’s
 link:{wireshark-users-guide-url}ChAppFilesConfigurationSection.html[_personal plugins directory_].
 Then all files ending with _.lua_ are loaded from the global plugins
-directory. Then all files ending with _.lua_ in the personal Lua plugin's
-directory.
+directory and its subdirectories. Then all files ending with _.lua_ in the
+personal Lua plugins directory and its subdirectories are loaded. The
+files are processed in ASCIIbetical order (compared byte-by-byte, as `strcmp`),
+descending into each subdirectory depth-first in order.
 
 Whether or not Lua scripts are enabled can be controlled via the
 _$$enable_lua$$_ variable. Lua scripts are enabled by
@@ -48,10 +53,37 @@ run_user_scripts_when_superuser = true
 ----
 
 The command line option _$$-X lua_script:$$++file.lua++_ can also be used to load
-specific Lua scripts.
-
-The Lua code is executed after all protocol dissectors are
-initialized and before reading any file.
+specific Lua scripts. Arguments can be given to a script loaded at the command
+line with the option _$$-X lua_scriptN:$$++arg++_, where _N_ is the ordinal
+index of the script on the command line. For example, if two scripts were loaded
+on the command line with _$$-X lua_script:$$++my.lua++_ and
+_$$-X lua_script:$$++other.lua++_ in that order, then _$$-X lua_script1:$$++foo++_
+would pass _foo_ to _my.lua_ and _$$-X lua_script2:$$++bar++_ would pass _bar_ to
+_other.lua_. Multiple command line options could be passed to _my.lua_ by
+repeating the option _$$-X lua_script1:$$_.  Arguments are available in a script in
+a global table called _arg_, similar to when
+link:https://www.lua.org/manual/5.4/manual.html#7[running Lua standalone].
+
+[IMPORTANT]
+.Loading order matters
+====
+Lua dissectors, unlike <<ChapterDissection,compiled protocol dissectors>>, do
+not have separate <<ChDissectSetup,registration and handoff>> stages yet
+(see wsbuglink:15907[]). Each Lua dissector's registration and handoff is
+completed before moving to the next Lua file in turn.
+That means that the order in which Lua files are read is quite important;
+in order for a Lua dissector to register in a dissector table set up by another
+dissector, the latter dissector must have been already processed. The easiest
+way to ensure this is to put Lua dissectors that need to be registered first
+in files whose name is earlier in ASCIIbetical order (the name of the script
+does not necessarily need to relate to the name of the dissector.)
+
+The Lua code is executed after all compiled dissectors, both built-in and plugin,
+are initialized and before reading any file.
+This means that Lua dissectors can add themselves to tables registered by compiled
+dissectors, but not vice versa; compiled dissectors cannot add themselves to
+dissector tables registered by Lua dissectors.
+====
 
 Wireshark for Windows uses a modified Lua runtime
 (link:https://github.com/Lekensteyn/lua-unicode[lua-unicode]) to
@@ -223,6 +255,134 @@ end
 register_menu("Test/Packets", menuable_tap, MENU_TOOLS_UNSORTED)
 ----
 
+[#wslua_require_example]
+
+=== Example: Lua scripts with shared modules
+
+Lua plugins that depend on protocols, dissectors, dissector tables, and other
+items registered with Wireshark by other Lua scripts can access those through
+the Wireshark Lua API. The key is ensuring that the providing script is
+read first, as previously mentioned.
+
+It is also possible to depend on Lua functions defined in other Lua scripts.
+The recommended method is to load those scripts as
+link:https://www.lua.org/manual/5.4/manual.html#6.3[modules] via
+link:https://www.lua.org/manual/5.4/manual.html#pdf-require[require].
+Modules preferably should avoid defining globals, and should return a
+table containing functions indexed by name. Globals defined in modules will
+leak into the global namespace when `require()` is used, and name collisions
+can cause unexpected results. (As an aside, local variables are faster in
+Lua because global variables require extra table lookups.) Directories
+containing loaded Lua scripts (including those specified on the command line
+with _$$-X lua_script:$$++my.lua++_) are automatically added to the `require()`
+search path.
+
+For example, suppose there is a Lua script in the personal plugins directory
+named _bar.lua_ as follows:
+
+[source,lua]
+----
+-- bar.lua
+-- Converts an integer representing an IPv4 address into its dotted quad
+-- string representation.
+
+-- This is the module object, which will be returned at the end of this file.
+local M = {
+}
+
+M.GetIPAddressString = function(ip)
+    -- Lua BitOp library, included in all versions of Wireshark
+    --local octet1 = bit.rshift(bit.band(0xFF000000, ip), 24)
+    --local octet2 = bit.rshift(bit.band(0x00FF0000, ip), 16)
+    --local octet3 = bit.rshift(bit.band(0x0000FF00, ip), 8)
+    --local octet4 = bit.band(0x000000FF, ip)
+
+    -- Lua >= 5.3 native bit operators, supported in Wireshark >= 4.4
+    local octet1 = ip >> 24
+    local octet2 = ip >> 16 & 0xFF
+    local octet3 = ip >> 8 & 0xFF
+    local octet4 = ip & 0xFF
+
+    return octet1 .. "." .. octet2 .. "." .. octet3 .. "." .. octet4
+end
+
+-- Return the table we've created, which will be accessible as the return
+-- value of require() or dofile(), and at the global package.loaded["bar"]
+return M
+----
+
+Other Lua plugins that wish to use the module can then `require()` it
+(note that the _.lua_ extension is not used in `require()`, unlike the
+similar `dofile()`):
+
+[source,lua]
+----
+-- Foo dissector
+local p_foo = Proto("foo", "Foo")
+
+local bar = require("bar")
+
+local f_ip = ProtoField.ipv4("foo.ip", "IP")
+local f_ipint = ProtoField.uint32("foo.ipint", "IP as Uint32")
+local f_ipstr = ProtoField.string("foo.ipstr", "IP as String")
+
+p_foo.fields = { f_ip, f_ipint, f_ipstr }
+
+function p_foo.dissector(tvbuf, pktinfo, tree)
+
+    -- Set the protocol column to show this name
+    pktinfo.cols.protocol:set("FooMessage")
+
+    local pktlen = tvbuf:reported_length_remaining()
+
+    local subtree = tree:add(p_foo, tvbuf:range(0,pktlen))
+
+    local child, ipaddr = subtree:add_packet_field(f_ip, tvbuf(8, 4), ENC_BIG_ENDIAN)
+    local child, ipint = subtree:add_packet_field(f_ipint, tvbuf(8, 4), ENC_BIG_ENDIAN)
+
+    -- These two are the same string
+    subtree:add(f_ipstr, tvbuf(8,4), bar.GetIPAddressString(ipint))
+    subtree:add(f_ipstr, tvbuf(8,4), tostring(ipaddr))
+
+    return pktlen
+end
+
+DissectorTable.get("udp.port"):add(2012, p_foo)
+----
+
+Using `require()` is another way to control the order in which files are loaded.
+Lua `require()` ensures that a module is only executed once. Subsequent calls
+will return the same table already loaded.
+
+[IMPORTANT]
+.Avoid duplicate registration
+====
+In versions of Wireshark before 4.4, the initial loading of Lua plugins in the
+plugins directory does not register them in the table of already loaded modules
+used by `require()`. This means that Lua script in the plugins directory that
+are initially loaded can be executed a second time by `require()`. For scripts
+that register dissectors or tables with Wireshark, this will result in errors like
+`Proto new: there cannot be two protocols with the same description`. It is
+safer to `require()` only Lua scripts that define common functions but do not
+call the Wireshark Lua API to register protocols, dissectors, etc.
+
+In 4.4 and later, scripts in the plugin directories are loaded using the same
+internal methods as `require()`, which eliminates duplicate registration errors
+from loading of files in the plugin directory and using `require()`. This also
+means that the order in which plugins are loaded can be adjusted by using
+`require()` in addition to changing file names. However, duplicate registration
+errors can still happen with other methods of executing a file that do
+not check if it has already been loaded, like `dofile()`.
+====
+
+Lua scripts loaded on the command line are sandboxed into their own environment
+and globals defined in them do not leak in the general global environment.
+Modules loaded via `require()` within those scripts can escape that sandboxing,
+however. Plugins in the personal (but not global) directory had similar
+sandboxing prior to Wireshark 4.4, but now globals defined in plugins in the
+personal directory will enter the global namespace for other plugins, as has
+always been the case for plugins in the global plugin directory.
+
 [#wsluarm_modules]
 
 == Wireshark’s Lua API Reference Manual
diff --git a/docbook/wsdg_src/wsdg_preface.adoc b/doc/wsdg_src/wsdg_preface.adoc
index 6b20969c..6b20969c 100644
--- a/docbook/wsdg_src/wsdg_preface.adoc
+++ b/doc/wsdg_src/wsdg_preface.adoc
diff --git a/docbook/wsdg_src/wsdg_quick_setup.adoc b/doc/wsdg_src/wsdg_quick_setup.adoc
index 15458bea..7cfc636b 100644
--- a/docbook/wsdg_src/wsdg_quick_setup.adoc
+++ b/doc/wsdg_src/wsdg_quick_setup.adoc
@@ -224,7 +224,7 @@ to run it by entering `wireshark`.
 To build the Wireshark User's Guide and the Wireshark Developer's Guide,
 build the `all_guides` target, e.g.  `make all_guides` or `ninja
 all_guides`.  Detailed information to build these guides can be found in
-the file _docbook/README.adoc_ in the Wireshark sources.
+the file _doc/README.documentation.adoc_ in the Wireshark sources.
 
 ==== Optional: Create an installable or source code package
 
@@ -234,7 +234,7 @@ Source code tarball::
   Build the `dist` target.
 
 deb (Debian) package::
-  Create a symlink in the top-level source directory to _packaging/debian_, then run `dpkg-buildpackage`.
+  Create a symlink named _debian_ in the top-level source directory to _packaging/debian_, then run `dpkg-buildpackage`.
 
 RPM package::
   Build the `wireshark_rpm` target.
@@ -270,10 +270,13 @@ _wireshark-dev_ mailing list explaining your problem. Include the output from
 
 // Retain ChSetupWin32 for backward compatibility
 [#ChSetupWindows]
-=== Windows: Using Microsoft Visual Studio[[ChSetupWin32]]
+=== Windows
 
 A quick setup guide for Windows development with recommended configurations.
 
+[#ChSetupWindowsMSVC]
+==== Using Microsoft Visual Studio[[ChSetupWin32]]
+
 [WARNING]
 ====
 Unless you know exactly what you are doing, you
@@ -292,7 +295,7 @@ Known traps are:
 
 [#ChSetupChocolatey]
 
-==== Recommended: Install Chocolatey
+===== Recommended: Install Chocolatey
 
 https://chocolatey.org/[Chocolatey] is a native package manager for
 Windows. There are https://chocolatey.org/packages[packages] for most of
@@ -314,7 +317,7 @@ choco install -y git cmake python3
 
 [#ChSetupMSVC]
 
-==== Install Microsoft Visual Studio
+===== Install Microsoft Visual Studio
 
 Download and install https://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=Community&rel=17[“Microsoft Visual Studio 2022 Community Edition”].
 If you prefer you can instead download and install https://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=Community&rel=16[“Microsoft Visual Studio 2019 Community Edition”].
@@ -326,7 +329,8 @@ all the optional components other than
 
 * “MSVC ... VS 2022 {cpp}” item with the “... build tools (Latest)”
 * “Windows 11 SDK”
-* “{cpp} CMake tools for Windows"
+* “{cpp} CMake tools for Windows”
+* “MSVC ... Spectre-mitigated libs” (optional)
 
 (unless you want to use them for purposes other than Wireshark).
 
@@ -341,17 +345,15 @@ choco install -y visualstudio2022community visualstudio2022-workload-nativedeskt
 // https://github.com/microsoft/winget-pkgs/tree/master/manifests/m/Microsoft/VisualStudio
 
 You can use other Microsoft C compiler variants, but VS2022 is used to
-build the development releases and is the preferred option. It’s
-possible to compile Wireshark with a wide range of Microsoft C compiler
-variants. For details see <<ChToolsMSChain>>.
+build the development releases for Windows and is the preferred option
+on Windows.  It’s possible to compile Wireshark with a wide range of
+Microsoft C compiler variants.  For details see <<ChToolsMSChain>>.
 
 You may have to do this as Administrator.
 
-Compiling with gcc or Clang is not recommended and will
-certainly not work (at least not without a lot of advanced
-tweaking). For further details on this topic, see
-<<ChToolsGNUChain>>. This may change in future as releases
-of Visual Studio add more cross-platform support.
+It might be possible to build Wireshark using https://clang.llvm.org/docs/MSVCCompatibility.html[clang-cl], but this has not been tested.
+Compiling with plain gcc or Clang is not recommended and will certainly not work (at least not without a lot of advanced tweaking).
+For further details on this topic, see <<ChToolsGNUChain>>. This may change in future as releases of Visual Studio add more cross-platform support.
 
 // XXX - mention the compiler and PSDK web installers -
 // which significantly reduce download size - and find out the
@@ -359,11 +361,11 @@ of Visual Studio add more cross-platform support.
 
 Why is this recommended?
 While this is a huge download, the Community Editions of Visual Studio are free (as in beer) and include the Visual Studio integrated debugger.
-Visual Studio 2022 is also used to create official Wireshark builds, so it will likely have fewer development-related problems.
+Visual Studio 2022 is also used to create official Wireshark builds for Windows, so it will likely have fewer development-related problems.
 
 [#ChSetupQt]
 
-==== Install Qt
+===== Install Qt
 
 The main Wireshark application uses the Qt windowing toolkit. To install
 Qt, go to the https://www.qt.io/download[“Download Qt” page], select
@@ -391,7 +393,7 @@ to cmake.
 
 [#ChSetupPython]
 
-==== Install Python
+===== Install Python
 
 Get a Python 3 installer from https://python.org/download/[] and install Python.
 Its installation location varies depending on the options selected in the installer and on the version of Python that you are installing.
@@ -413,7 +415,7 @@ Chocolatey will likely install Python in one of the locations above, or possibly
 
 [#ChSetupGit]
 
-==== Install Git
+===== Install Git
 
 Please note that the following is not required to build Wireshark but can be
 quite helpful when working with the sources.
@@ -433,23 +435,23 @@ _Use Git from the Windows Command Prompt_ (in chocolatey the _/GitOnlyOnPath_
 option). Do *not* select the _Use Git and optional Unix tools from the Windows Command Prompt_
 option (in chocolatey the _/GitAndUnixToolsOnPath_ option).
 
-===== The Official Windows Installer
+====== The Official Windows Installer
 
 The official command-line installer is available at https://git-scm.com/download/win.
 
-===== Git Extensions
+====== Git Extensions
 
 Git Extensions is a native Windows graphical Git client for
 Windows. You can download the installer from
 https://github.com/gitextensions/gitextensions/releases/latest.
 
-===== TortoiseGit
+====== TortoiseGit
 
 TortoiseGit is a native Windows graphical Git
 similar to TortoiseSVN. You can download the installer from
 https://tortoisegit.org/download/.
 
-===== Command Line client via Chocolatey
+====== Command Line client via Chocolatey
 
 The command line client can be installed (and updated) using Chocolatey:
 ----
@@ -459,7 +461,7 @@ choco install -y git
 // winget has git.
 // https://github.com/microsoft/winget-pkgs/tree/master/manifests/g/Git/Git
 
-===== Others
+====== Others
 
 A list of other GUI interfaces for Git can be found at
 https://git-scm.com/downloads/guis
@@ -467,7 +469,7 @@ https://git-scm.com/downloads/guis
 
 [#ChSetupCMake]
 
-==== Install CMake
+===== Install CMake
 
 While CMake is required to build Wireshark, it might have been installed as a component of either Visual Studio or Qt.
 If that’s the case you can skip this step.
@@ -488,7 +490,7 @@ Chocolatey ensures cmake.exe is on your path.
 
 [#ChSetupAsciidoctor]
 
-==== Install Asciidoctor, Xsltproc, And DocBook
+===== Install Asciidoctor, Xsltproc, And DocBook
 
 https://asciidoctor.org/[Asciidoctor] can be run directly as a Ruby script or via a Java wrapper (AsciidoctorJ).
 The JavaScript flavor (Asciidoctor.js) isn’t yet supported.
@@ -509,7 +511,7 @@ path and that xsltproc uses the DocBook catalog.
 
 // winget has no Asciidoctor, xsltproc, or DocBook packages.
 
-==== Install winflexbison
+===== Install winflexbison
 
 Get the winFlexBison installer from
 https://sourceforge.net/projects/winflexbison/
@@ -526,7 +528,7 @@ Chocolatey ensures win_flex.exe is on your path.
 
 // winget has no bison package.
 
-==== Optional: Install Perl
+===== Optional: Install Perl
 
 If needed you can get a Perl installer from
 http://strawberryperl.com/
@@ -545,7 +547,7 @@ choco install -y activeperl
 // winget has StrawberryPerl.
 // https://github.com/microsoft/winget-pkgs/tree/master/manifests/s/StrawberryPerl/StrawberryPerl
 
-==== Install and Prepare Sources
+===== Install and Prepare Sources
 
 [TIP]
 .Make sure everything works
@@ -591,7 +593,7 @@ Make sure your repository path doesn't contain spaces.
 
 [#ChSetupPrepareCommandCom]
 
-==== Open a Visual Studio Command Prompt
+===== Open a Visual Studio Command Prompt
 
 From the Start Menu (or Start Screen), navigate to the “Visual Studio 2022” folder and choose the https://docs.microsoft.com/en-us/cpp/build/building-on-the-command-line?view=msvc-170#developer_command_prompt_shortcuts[Command Prompt] appropriate for the build you wish to make, e.g. “x64 Native Tools Command Prompt for VS 2022” for a 64-bit version.
 Depending on your version of Windows the Command Prompt list might be directly under “Visual Studio 2022” or you might have to dig for it under multiple folders, e.g. menu:Visual Studio 2022[Visual Studio Tools,Windows Desktop Command Prompts].
@@ -655,7 +657,7 @@ The build directory can be deleted at any time and the build files regenerated a
 
 [#ChWindowsGenerate]
 
-==== Generate the build files
+===== Generate the build files
 
 CMake is used to process the CMakeLists.txt files in the source tree and produce build files appropriate
 for your system.
@@ -694,7 +696,7 @@ the environment variables `WIRESHARK_BASE_DIR` and `CMAKE_PREFIX_PATH`.
 
 [#ChWindowsBuild]
 
-==== Build Wireshark
+===== Build Wireshark
 
 Now it’s time to build Wireshark!
 
@@ -725,19 +727,19 @@ and then building the solution again.
 
 The build files produced by CMake will regenerate themselves if required by changes in the source tree.
 
-==== Debug Environment Setup
+===== Debug Environment Setup
 
 You can debug using the Visual Studio Debugger or WinDbg. See the section
 on using the <<ChToolsDebugger, Debugger Tools>>.
 
-==== Optional: Create User’s and Developer’s Guide
+===== Optional: Create User’s and Developer’s Guide
 
 To build the Wireshark User's Guide and the Wireshark Developer's Guide,
 build the `all_guides` target, e.g.  `msbuild all_guides.vcxproj`.
 Detailed information to build these guides can be found in the file
-_docbook\README.adoc_ in the Wireshark sources.
+_doc\README.documentation.adoc_ in the Wireshark sources.
 
-==== Optional: Create a Wireshark Installer
+===== Optional: Create a Wireshark Installer
 
 Note: You should have successfully built Wireshark
 before doing the following.
@@ -772,14 +774,14 @@ It’s a good idea to test on a different machine than the developer machine.
 
 [#ChSetupMSYS2]
 
-=== Windows: Using MinGW-w64 with MSYS2
+==== Using MinGW-w64 with MSYS2
 
 MSYS2 comes with different environments/subsystems and the first thing you
 have to decide is which one to use. The differences among the environments
 are mainly environment variables, default compilers/linkers, architecture,
 system libraries used etc. If you are unsure, go with UCRT64.
 
-==== Building from source
+===== Building from source
 
 . Open the shell for the selected 64-bit environment.
 
@@ -801,7 +803,7 @@ system libraries used etc. If you are unsure, go with UCRT64.
 
 The application should be launched using the same shell.
 
-==== Building an .exe installer
+===== Building an .exe installer
 
 . Follow the instructions above to compile Wireshark from source.
 
@@ -816,7 +818,7 @@ Alternatively you can also use the PKGBUILD included in the Wireshark
 source distribution to compile Wireshark into a binary package that can be
 https://www.msys2.org/wiki/Creating-Packages/[installed using pacman].
 
-==== Comparison with MSVC toolchain
+===== Comparison with MSVC toolchain
 
 The official Wireshark Windows installer is compiled using Microsoft Visual
 Studio (MSVC). Currently the MSYS2 build has the following limitations compared to
@@ -832,7 +834,7 @@ the build using MSVC:
 
 [#ChSetupCross]
 
-=== Windows: Cross-compilation using Linux
+==== Cross-compilation using Linux
 
 It is possible to compile Wireshark for Microsoft Windows using Linux and MinGW.
 This way developers can deploy Wireshark on Windows systems without requiring
@@ -840,7 +842,7 @@ a Windows host machine. Building for Windows using a Linux host is also
 easier for devs already familiar with Linux, the build itself is faster and it
 uses a very mature C/C++ compiler (GCC) and debugger (GDB).
 
-==== Using Fedora Linux
+===== Using Fedora Linux
 
 https://fedoraproject.org/[Fedora Linux] provides the best out-of-the-box
 support for MinGW cross-compilation. Fedora is what the project uses to test
@@ -851,7 +853,7 @@ involve some trial and error to setup.
 The build instructions on Fedora follow the familiar recipe for building Wireshark
 using Linux.
 
-===== Building from source
+====== Building from source
 
 . Install needed dependencies:
 
@@ -872,7 +874,7 @@ Note that currently it is not possible to run the test-suite when cross-compilin
 
 If successful the installer can be found in `$CMAKE_BINARY_DIR/packaging/nsis`.
 
-===== Notes and comparison with MSVC builds
+====== Notes and comparison with MSVC builds
 
 * Only the MSVCRT C library for Microsoft Windows can be used. Support for the
   UCRT (Universal C Runtime) library on Fedora Linux is in the initial stages of
@@ -890,7 +892,7 @@ If successful the installer can be found in `$CMAKE_BINARY_DIR/packaging/nsis`.
 
 * AirPcap is not supported.
 
-==== Using Arch Linux
+===== Using Arch Linux
 
 https://archlinux.org/[Arch Linux] has good support for MinGW using packages
 from the https://aur.archlinux.org/[AUR]. Note that the mingw-w64 AUR packages
diff --git a/docbook/wsdg_src/wsdg_sources.adoc b/doc/wsdg_src/wsdg_sources.adoc
index 9e2a3c10..38078f37 100644
--- a/docbook/wsdg_src/wsdg_sources.adoc
+++ b/doc/wsdg_src/wsdg_sources.adoc
@@ -25,7 +25,7 @@ such as where to find specific functionality. This is done in
 
 https://git-scm.com/[Git] is used to keep track of the changes made to the Wireshark source code.
 The official repository is hosted at {wireshark-gitlab-project-url}[GitLab], and incoming changes are evaluated and reviewed there.
-For more information on GitLab see https://docs.gitlab.com/ce/gitlab-basics/[their documentation].
+For more information on GitLab see https://docs.gitlab.com/ee/[their documentation].
 
 .Why Git?
 
@@ -38,6 +38,7 @@ GitLab makes it easy to contribute.
 You can make changes locally and push them to your own work area at gitlab.com, or if your change is minor you can make changes entirely within your web browser.
 
 .Historical trivia: GitLab is the *fourth* iteration of our source code repository and code review system.
+// Five if you include "sending patches to Gerald."
 
 Wireshark originally used https://www.nongnu.org/cvs/[Concurrent Versions System] (CVS) and migrated to https://subversion.apache.org/[Subversion] in July 2004.
 We migrated from Subversion to Git and https://www.gerritcodereview.com/[Gerrit] in January 2014, and from Gerrit to GitLab in August 2020.
@@ -68,6 +69,11 @@ Stable release maintenance. For example, release-3.4 is used to manage the 3.4.x
 Tags for major releases and release candidates consist of a “v” followed by a version number such as “v3.2.1” or “v3.2.3rc0”.
 Major releases additionally have a tag prefixed with “wireshark-” followed by a version number, such as “wireshark-3.2.0”.
 
+Tags created after August 1, 2024 are signed using SSH. This includes the tags for versions 4.4.0rc1, 4.4.0, 4.2.7, and 4.0.17. If you wish to verify these tags, you must have the following entry in __~/.ssh/allowed_signers__:
+
+    gerald@wireshark.org namespaces="git" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHe1qOxwBietT54lZ3qawTc8B9unWP+T3JVR9l2rQaP
+
+Tags were signed using GPG prior to August 2024.
 
 [#ChSrcGitWeb]
 === Browsing And Searching The Source Code
@@ -233,14 +239,13 @@ CMake can compile Wireshark for several different build types:
 |Type |Compiler Flags |Description
 
 |`RelWithDebInfo`
-|`-O2 -g`
-|Default, build with default optimizations and generate debug symbols.
-Enables assertions and disables debug level logs
+|`-O2 -g -DNDEBUG`
+|Build with optimizations and generate debug symbols.
+Disables assertions and disables debug level logs
 
 |`Debug`
-|`-O0 -g -DWS_DEBUG -DWS_DEBUG_UTF_8`
-|For development, no optimization. Enables assertions
-and debug level logs
+|`-g -DWS_DEBUG`
+|For development, no optimization. Enables assertions and debug level logs
 
 |`Release`
 |`-O3 -DNDEBUG`
@@ -381,7 +386,7 @@ all log output generated at or above this level is sent to the log output.
 Note that if the <<ChSrcBuildType,build type>> is not set to `Debug`
 then by default all log output for the logging levels "debug" and
 "noisy" will be optimized away by the compiler and cannot be emitted to the log
-output, regardless of the logging setings. To enable debug logging for all build
+output, regardless of the logging settings. To enable debug logging for all build
 types, set the CMake variable `-DENABLE_DEBUG=ON`.
 
 There is also a special "echo" logging level used exclusively for temporary debugging print outs (usually
@@ -637,7 +642,7 @@ For the steps below we’ll pretend that your username is “henry.perry”.
 
 . Sign in to {wireshark-gitlab-project-url} by clicking “Sign in / Register” in the upper right corner of the web page and following the login instructions.
 
-. https://docs.gitlab.com/ce/ssh/[Add an SSH key to your account] as described in the GitLab documentation.
+. https://docs.gitlab.com/ee/user/ssh.html[Add an SSH key to your account] as described in the GitLab documentation.
 
 . Make sure you have a clone of the main repository as described in <<ChSrcGit>>.
 
@@ -875,7 +880,6 @@ If that is not possible, it *must* use a compatible license.
 The following licenses are currently allowed:
 
 * BSD {spdx-license-url}BSD-1-Clause.html[1], {spdx-license-url}BSD-2-Clause.html[2], {spdx-license-url}BSD-3-Clause.html[3] clause
-* {spdx-license-url}GPL-3.0-or-later.html[GPL version 3 or later] *with* the https://www.gnu.org/software/bison/manual/html_node/Conditions.html[Bison parser exception]
 * {spdx-license-url}ISC.html[ISC]
 * {spdx-license-url}LGPL-2.0-or-later.html[LGPL v2 or later], including {spdx-license-url}LGPL-2.1-or-later.html[v2.1]
 * {spdx-license-url}MIT.html[MIT] / {spdx-license-url}X11.html[X11]
@@ -960,8 +964,8 @@ $ git cherry-pick -x 1ab2c3d4
 $ ninja
 $ ...
 
-# OPTIONAL: Add entries to docbook/release-notes.adoc.
-$EDITOR docbook/release-notes.adoc
+# OPTIONAL: Add entries to doc/release-notes.adoc.
+$EDITOR doc/release-notes.adoc
 
 # If you made any changes, update your commit.
 git commit --amend -a
@@ -1086,6 +1090,12 @@ instead of
 https://1.na.dl.wireshark.org/download/src/wireshark-{wireshark-version}.tar.xz
 
 [discrete]
+===== Staying Current
+
+Wireshark releases are announced on the link:{wireshark-mailing-lists-url}[wireshark-announce] mailing list.
+A https://appvisor.com/pad/[PAD] file is also published at https://www.wireshark.org/wireshark-pad.xml which contains the current stable version and release date.
+
+[discrete]
 ===== Artwork
 
 Logo and icon artwork can be found in the _image_ directory in the
diff --git a/docbook/wsdg_src/wsdg_tests.adoc b/doc/wsdg_src/wsdg_tests.adoc
index a9435ca7..a9435ca7 100644
--- a/docbook/wsdg_src/wsdg_tests.adoc
+++ b/doc/wsdg_src/wsdg_tests.adoc
diff --git a/docbook/wsdg_src/wsdg_tools.adoc b/doc/wsdg_src/wsdg_tools.adoc
index f1d99e94..09f1b576 100644
--- a/docbook/wsdg_src/wsdg_tools.adoc
+++ b/doc/wsdg_src/wsdg_tools.adoc
@@ -131,7 +131,7 @@ after the cmake run. To only view the current cache, add option `-N`.
 
 Depending on your needs, it might be useful to save your CMake configuration options in a file outside your build directory.
 CMake supports this via its https://cmake.org/cmake/help/v3.23/manual/cmake-presets.7.html[presets] option.
-For example, adding the follwing to `CMakeUserPresets.json` would let you build using Ninja in the `build` directory, enable ccache, and set a custom Qt directory by running `cmake --preset mydev`:
+For example, adding the following to `CMakeUserPresets.json` would let you build using Ninja in the `build` directory, enable ccache, and set a custom Qt directory by running `cmake --preset mydev`:
 
 [source,json]
 ----
@@ -487,9 +487,7 @@ Edition, it will include an SDK.
 === Documentation Toolchain
 
 Wireshark’s documentation is split across two directories.
-The `doc` directory contains man pages written in Asciidoctor markup.
-The `docbook` directory contains the User’s Guide, Developer’s Guide, and the release notes, which are also written in Asciidoctor markup.
-The split is for historical reasons (described below), and the documentation will likely be consolidated into one directory in the future.
+The `doc` directory contains man pages, User’s Guide, Developer’s Guide, and the release notes, which are written in Asciidoctor markup.
 
 Our various output formats are generated using the following tools.
 Intermediate formats are in _italics_.
diff --git a/docbook/wsdg_src/wsdg_userinterface.adoc b/doc/wsdg_src/wsdg_userinterface.adoc
index a4fe17a3..a4fe17a3 100644
--- a/docbook/wsdg_src/wsdg_userinterface.adoc
+++ b/doc/wsdg_src/wsdg_userinterface.adoc
diff --git a/docbook/wsdg_src/wsdg_works.adoc b/doc/wsdg_src/wsdg_works.adoc
index baa75403..88c2f7a5 100644
--- a/docbook/wsdg_src/wsdg_works.adoc
+++ b/doc/wsdg_src/wsdg_works.adoc
@@ -19,7 +19,7 @@ The following will give you a simplified overview of Wireshark’s function bloc
 [#ChWorksFigOverview]
 
 .Wireshark function blocks
-image::images/ws-function-blocks.png[{pdf-scaledwidth}]
+image::images/ws-function-blocks.svg[{pdf-scaledwidth}]
 
 The function blocks in more detail:
 
diff --git a/docbook/wsug_src/capinfos-h.txt b/doc/wsug_src/capinfos-h.txt
index 6757bd19..caff07c7 100644
--- a/docbook/wsug_src/capinfos-h.txt
+++ b/doc/wsug_src/capinfos-h.txt
@@ -1,4 +1,4 @@
-Capinfos (Wireshark) 4.2.6 (v4.2.6rc0-2-g76ee960786d7)
+Capinfos (Wireshark) 4.4.0 (v4.4.0rc1-11-g13699b5b3e78)
 Print various information (infos) about capture files.
 See https://www.wireshark.org for more information.
 
@@ -21,10 +21,10 @@ Size infos:
 
 Time infos:
   -u display the capture duration (in seconds)
-  -a display the capture start time
-  -e display the capture end time
+  -a display the timestamp of the earliest packet
+  -e display the timestamp of the latest packet
   -o display the capture file chronological status (True/False)
-  -S display start and end times as seconds
+  -S display earliest and latest packet timestamps as seconds
 
 Statistic infos:
   -y display average data rate (in bytes/sec)
diff --git a/docbook/wsug_src/dumpcap-h.txt b/doc/wsug_src/dumpcap-h.txt
index 8d73aed7..d24cd18b 100644
--- a/docbook/wsug_src/dumpcap-h.txt
+++ b/doc/wsug_src/dumpcap-h.txt
@@ -1,4 +1,4 @@
-Dumpcap (Wireshark) 4.2.6 (v4.2.6rc0-2-g76ee960786d7)
+Dumpcap (Wireshark) 4.4.0 (v4.4.0rc1-11-g13699b5b3e78)
 Capture network packets and dump them into a pcapng or pcap file.
 See https://www.wireshark.org for more information.
 
@@ -7,8 +7,7 @@ Usage: dumpcap [options] ...
 Capture interface:
   -i <interface>, --interface <interface>
                            name or idx of interface (def: first non-loopback),
-                           or for remote capturing, use one of these formats:
-                               rpcap://<host>/<interface>
+                           or for remote capturing, use this format:
                                TCP@<host>:<port>
   --ifname <name>          name to use in the capture file for a pipe from which
                            we're capturing
diff --git a/docbook/wsug_src/editcap-F.txt b/doc/wsug_src/editcap-F.txt
index c566bd2c..4f2bf7f8 100644
--- a/docbook/wsug_src/editcap-F.txt
+++ b/doc/wsug_src/editcap-F.txt
@@ -19,6 +19,7 @@ editcap: The available capture file types for the "-F" flag are:
     logcat-threadtime - Android Logcat Threadtime text format
     logcat-time - Android Logcat Time text format
     modpcap - Modified tcpdump - pcap
+    mp2t - MPEG2 transport stream
     netmon1 - Microsoft NetMon 1.x
     netmon2 - Microsoft NetMon 2.x
     nettl - HP-UX nettl trace
diff --git a/docbook/wsug_src/editcap-T.txt b/doc/wsug_src/editcap-T.txt
index e975dcec..af5214ba 100644
--- a/docbook/wsug_src/editcap-T.txt
+++ b/doc/wsug_src/editcap-T.txt
@@ -27,12 +27,14 @@ editcap: The available encapsulation types for the "-T" flag are:
     cosine - CoSine L2 debug log
     dbus - D-Bus
     dct2000 - Catapult DCT2000
+    dect_nr - DECT-2020 New Radio (NR) MAC layer
     docsis - Data Over Cable Service Interface Specification
     docsis31_xra31 - DOCSIS with Excentis XRA pseudo-header
     dpauxmon - DisplayPort AUX channel with Unigraf pseudo-header
     dpnss_link - Digital Private Signalling System No 1 Link Layer
     dvbci - DVB-CI (Common Interface)
     ebhscr - Elektrobit High Speed Capture and Replay
+    ems - EMS (EGNOS Message Server) file
     enc - OpenBSD enc(4) encapsulating interface
     epon - Ethernet Passive Optical Network
     erf - Extensible Record Format
diff --git a/docbook/wsug_src/editcap-h.txt b/doc/wsug_src/editcap-h.txt
index c5aa64a5..93edff0b 100644
--- a/docbook/wsug_src/editcap-h.txt
+++ b/doc/wsug_src/editcap-h.txt
@@ -1,4 +1,4 @@
-Editcap (Wireshark) 4.2.6 (v4.2.6rc0-2-g76ee960786d7)
+Editcap (Wireshark) 4.4.0 (v4.4.0rc1-11-g13699b5b3e78)
 Edit and/or translate the format of capture files.
 See https://www.wireshark.org for more information.
 
@@ -79,6 +79,8 @@ Packet manipulation:
   -a <framenum>:<comment> Add or replace comment for given frame number
 
 Output File(s):
+                         if the output file(s) have the .gz extension, then
+                         gzip compression will be used
   -c <packets per file>  split the packet output to different files based on
                          uniform packet counts with a maximum of
                          <packets per file> each.
@@ -92,6 +94,8 @@ Output File(s):
                          list the encapsulation types.
   --inject-secrets <type>,<file>  Insert decryption secrets from <file>. List
                          supported secret types with "--inject-secrets help".
+  --extract-secrets      Extract decryption secrets into the output file instead.
+                         Incompatible with other options besides -V.
   --discard-all-secrets  Discard all decryption secrets from the input file
                          when writing the output file.  Does not discard
                          secrets added by "--inject-secrets" in the same
@@ -107,6 +111,7 @@ Output File(s):
                          Discard all packet comments from the input file
                          when writing the output file.  Does not discard
                          comments added by "-a" in the same command line.
+  --compress <type>      Compress the output file using the type compression format.
 
 Miscellaneous:
   -h, --help             display this help and exit.
diff --git a/docbook/wsug_src/images/caution.svg b/doc/wsug_src/images/caution.svg
index 793c6020..793c6020 100644
--- a/docbook/wsug_src/images/caution.svg
+++ b/doc/wsug_src/images/caution.svg
diff --git a/docbook/wsug_src/images/important.svg b/doc/wsug_src/images/important.svg
index a2ee7012..a2ee7012 100644
--- a/docbook/wsug_src/images/important.svg
+++ b/doc/wsug_src/images/important.svg
diff --git a/docbook/wsug_src/images/note.svg b/doc/wsug_src/images/note.svg
index 803dc13e..803dc13e 100644
--- a/docbook/wsug_src/images/note.svg
+++ b/doc/wsug_src/images/note.svg
diff --git a/docbook/wsug_src/images/related-ack.png b/doc/wsug_src/images/related-ack.png
index a60c5fbb..a60c5fbb 100644
--- a/docbook/wsug_src/images/related-ack.png
+++ b/doc/wsug_src/images/related-ack.png
diff --git a/docbook/wsug_src/images/related-current.png b/doc/wsug_src/images/related-current.png
index 02578c5e..02578c5e 100644
--- a/docbook/wsug_src/images/related-current.png
+++ b/doc/wsug_src/images/related-current.png
diff --git a/docbook/wsug_src/images/related-dup-ack.png b/doc/wsug_src/images/related-dup-ack.png
index a73dc646..a73dc646 100644
--- a/docbook/wsug_src/images/related-dup-ack.png
+++ b/doc/wsug_src/images/related-dup-ack.png
diff --git a/docbook/wsug_src/images/related-first.png b/doc/wsug_src/images/related-first.png
index 03e44ac0..03e44ac0 100644
--- a/docbook/wsug_src/images/related-first.png
+++ b/doc/wsug_src/images/related-first.png
diff --git a/docbook/wsug_src/images/related-last.png b/doc/wsug_src/images/related-last.png
index 9f740ebe..9f740ebe 100644
--- a/docbook/wsug_src/images/related-last.png
+++ b/doc/wsug_src/images/related-last.png
diff --git a/docbook/wsug_src/images/related-other.png b/doc/wsug_src/images/related-other.png
index 3bde3ace..3bde3ace 100644
--- a/docbook/wsug_src/images/related-other.png
+++ b/doc/wsug_src/images/related-other.png
diff --git a/docbook/wsug_src/images/related-request.png b/doc/wsug_src/images/related-request.png
index 472b850d..472b850d 100644
--- a/docbook/wsug_src/images/related-request.png
+++ b/doc/wsug_src/images/related-request.png
diff --git a/docbook/wsug_src/images/related-response.png b/doc/wsug_src/images/related-response.png
index 883274eb..883274eb 100644
--- a/docbook/wsug_src/images/related-response.png
+++ b/doc/wsug_src/images/related-response.png
diff --git a/docbook/wsug_src/images/related-segment.png b/doc/wsug_src/images/related-segment.png
index 9fff8a7e..9fff8a7e 100644
--- a/docbook/wsug_src/images/related-segment.png
+++ b/doc/wsug_src/images/related-segment.png
diff --git a/docbook/wsug_src/images/tip.svg b/doc/wsug_src/images/tip.svg
index 1a60b74a..1a60b74a 100644
--- a/docbook/wsug_src/images/tip.svg
+++ b/doc/wsug_src/images/tip.svg
diff --git a/docbook/wsug_src/images/toolbar/document-open.png b/doc/wsug_src/images/toolbar/document-open.png
index 516a261c..516a261c 100644
--- a/docbook/wsug_src/images/toolbar/document-open.png
+++ b/doc/wsug_src/images/toolbar/document-open.png
diff --git a/docbook/wsug_src/images/toolbar/edit-find.png b/doc/wsug_src/images/toolbar/edit-find.png
index f739ea98..f739ea98 100644
--- a/docbook/wsug_src/images/toolbar/edit-find.png
+++ b/doc/wsug_src/images/toolbar/edit-find.png
diff --git a/docbook/wsug_src/images/toolbar/filter-toolbar-add.png b/doc/wsug_src/images/toolbar/filter-toolbar-add.png
index ca3454e4..ca3454e4 100644
--- a/docbook/wsug_src/images/toolbar/filter-toolbar-add.png
+++ b/doc/wsug_src/images/toolbar/filter-toolbar-add.png
diff --git a/docbook/wsug_src/images/toolbar/filter-toolbar-apply.png b/doc/wsug_src/images/toolbar/filter-toolbar-apply.png
index 262646e7..262646e7 100644
--- a/docbook/wsug_src/images/toolbar/filter-toolbar-apply.png
+++ b/doc/wsug_src/images/toolbar/filter-toolbar-apply.png
diff --git a/docbook/wsug_src/images/toolbar/filter-toolbar-bookmark.png b/doc/wsug_src/images/toolbar/filter-toolbar-bookmark.png
index c7c4c951..c7c4c951 100644
--- a/docbook/wsug_src/images/toolbar/filter-toolbar-bookmark.png
+++ b/doc/wsug_src/images/toolbar/filter-toolbar-bookmark.png
diff --git a/docbook/wsug_src/images/toolbar/filter-toolbar-clear.png b/doc/wsug_src/images/toolbar/filter-toolbar-clear.png
index 1122947f..1122947f 100644
--- a/docbook/wsug_src/images/toolbar/filter-toolbar-clear.png
+++ b/doc/wsug_src/images/toolbar/filter-toolbar-clear.png
diff --git a/docbook/wsug_src/images/toolbar/filter-toolbar-input.png b/doc/wsug_src/images/toolbar/filter-toolbar-input.png
index 98962abd..98962abd 100644
--- a/docbook/wsug_src/images/toolbar/filter-toolbar-input.png
+++ b/doc/wsug_src/images/toolbar/filter-toolbar-input.png
diff --git a/docbook/wsug_src/images/toolbar/filter-toolbar-recent.png b/doc/wsug_src/images/toolbar/filter-toolbar-recent.png
index fff2d034..fff2d034 100644
--- a/docbook/wsug_src/images/toolbar/filter-toolbar-recent.png
+++ b/doc/wsug_src/images/toolbar/filter-toolbar-recent.png
diff --git a/docbook/wsug_src/images/toolbar/go-first.png b/doc/wsug_src/images/toolbar/go-first.png
index 95b485a0..95b485a0 100644
--- a/docbook/wsug_src/images/toolbar/go-first.png
+++ b/doc/wsug_src/images/toolbar/go-first.png
diff --git a/docbook/wsug_src/images/toolbar/go-jump.png b/doc/wsug_src/images/toolbar/go-jump.png
index cc13792d..cc13792d 100644
--- a/docbook/wsug_src/images/toolbar/go-jump.png
+++ b/doc/wsug_src/images/toolbar/go-jump.png
diff --git a/docbook/wsug_src/images/toolbar/go-last.png b/doc/wsug_src/images/toolbar/go-last.png
index 78ea4b70..78ea4b70 100644
--- a/docbook/wsug_src/images/toolbar/go-last.png
+++ b/doc/wsug_src/images/toolbar/go-last.png
diff --git a/docbook/wsug_src/images/toolbar/go-next.png b/doc/wsug_src/images/toolbar/go-next.png
index 0bc6a156..0bc6a156 100644
--- a/docbook/wsug_src/images/toolbar/go-next.png
+++ b/doc/wsug_src/images/toolbar/go-next.png
diff --git a/docbook/wsug_src/images/toolbar/go-previous.png b/doc/wsug_src/images/toolbar/go-previous.png
index 6870ea2f..6870ea2f 100644
--- a/docbook/wsug_src/images/toolbar/go-previous.png
+++ b/doc/wsug_src/images/toolbar/go-previous.png
diff --git a/docbook/wsug_src/images/toolbar/x-capture-file-close.png b/doc/wsug_src/images/toolbar/x-capture-file-close.png
index dab2f84c..dab2f84c 100644
--- a/docbook/wsug_src/images/toolbar/x-capture-file-close.png
+++ b/doc/wsug_src/images/toolbar/x-capture-file-close.png
diff --git a/docbook/wsug_src/images/toolbar/x-capture-file-reload.png b/doc/wsug_src/images/toolbar/x-capture-file-reload.png
index 22e6edb2..22e6edb2 100644
--- a/docbook/wsug_src/images/toolbar/x-capture-file-reload.png
+++ b/doc/wsug_src/images/toolbar/x-capture-file-reload.png
diff --git a/docbook/wsug_src/images/toolbar/x-capture-file-save.png b/doc/wsug_src/images/toolbar/x-capture-file-save.png
index 48ef2525..48ef2525 100644
--- a/docbook/wsug_src/images/toolbar/x-capture-file-save.png
+++ b/doc/wsug_src/images/toolbar/x-capture-file-save.png
diff --git a/docbook/wsug_src/images/toolbar/x-capture-options.png b/doc/wsug_src/images/toolbar/x-capture-options.png
index a3384e6a..a3384e6a 100644
--- a/docbook/wsug_src/images/toolbar/x-capture-options.png
+++ b/doc/wsug_src/images/toolbar/x-capture-options.png
diff --git a/docbook/wsug_src/images/toolbar/x-capture-restart.png b/doc/wsug_src/images/toolbar/x-capture-restart.png
index eb5eb0b6..eb5eb0b6 100644
--- a/docbook/wsug_src/images/toolbar/x-capture-restart.png
+++ b/doc/wsug_src/images/toolbar/x-capture-restart.png
diff --git a/docbook/wsug_src/images/toolbar/x-capture-start.png b/doc/wsug_src/images/toolbar/x-capture-start.png
index ac0a3d2b..ac0a3d2b 100644
--- a/docbook/wsug_src/images/toolbar/x-capture-start.png
+++ b/doc/wsug_src/images/toolbar/x-capture-start.png
diff --git a/docbook/wsug_src/images/toolbar/x-capture-stop.png b/doc/wsug_src/images/toolbar/x-capture-stop.png
index 7a64753d..7a64753d 100644
--- a/docbook/wsug_src/images/toolbar/x-capture-stop.png
+++ b/doc/wsug_src/images/toolbar/x-capture-stop.png
diff --git a/docbook/wsug_src/images/toolbar/x-colorize-packets.png b/doc/wsug_src/images/toolbar/x-colorize-packets.png
index 624b7eae..624b7eae 100644
--- a/docbook/wsug_src/images/toolbar/x-colorize-packets.png
+++ b/doc/wsug_src/images/toolbar/x-colorize-packets.png
diff --git a/doc/wsug_src/images/toolbar/x-reset-layout_2.png b/doc/wsug_src/images/toolbar/x-reset-layout_2.png
new file mode 100644
index 00000000..8d3287ef
--- /dev/null
+++ b/doc/wsug_src/images/toolbar/x-reset-layout_2.png
diff --git a/docbook/wsug_src/images/toolbar/x-resize-columns.png b/doc/wsug_src/images/toolbar/x-resize-columns.png
index f79cf321..f79cf321 100644
--- a/docbook/wsug_src/images/toolbar/x-resize-columns.png
+++ b/doc/wsug_src/images/toolbar/x-resize-columns.png
diff --git a/docbook/wsug_src/images/toolbar/x-stay-last.png b/doc/wsug_src/images/toolbar/x-stay-last.png
index eba7ae54..eba7ae54 100644
--- a/docbook/wsug_src/images/toolbar/x-stay-last.png
+++ b/doc/wsug_src/images/toolbar/x-stay-last.png
diff --git a/docbook/wsug_src/images/toolbar/zoom-in.png b/doc/wsug_src/images/toolbar/zoom-in.png
index 0025c34c..0025c34c 100644
--- a/docbook/wsug_src/images/toolbar/zoom-in.png
+++ b/doc/wsug_src/images/toolbar/zoom-in.png
diff --git a/docbook/wsug_src/images/toolbar/zoom-original.png b/doc/wsug_src/images/toolbar/zoom-original.png
index c8bb23e3..c8bb23e3 100644
--- a/docbook/wsug_src/images/toolbar/zoom-original.png
+++ b/doc/wsug_src/images/toolbar/zoom-original.png
diff --git a/docbook/wsug_src/images/toolbar/zoom-out.png b/doc/wsug_src/images/toolbar/zoom-out.png
index e582655d..e582655d 100644
--- a/docbook/wsug_src/images/toolbar/zoom-out.png
+++ b/doc/wsug_src/images/toolbar/zoom-out.png
diff --git a/docbook/wsug_src/images/warning.svg b/doc/wsug_src/images/warning.svg
index 80c0ba5c..80c0ba5c 100644
--- a/docbook/wsug_src/images/warning.svg
+++ b/doc/wsug_src/images/warning.svg
diff --git a/docbook/wsug_src/images/ws-about-codecs.png b/doc/wsug_src/images/ws-about-codecs.png
index 5f5c46fa..5f5c46fa 100644
--- a/docbook/wsug_src/images/ws-about-codecs.png
+++ b/doc/wsug_src/images/ws-about-codecs.png
diff --git a/docbook/wsug_src/images/ws-analyze-menu.png b/doc/wsug_src/images/ws-analyze-menu.png
index 5147d7aa..5147d7aa 100644
--- a/docbook/wsug_src/images/ws-analyze-menu.png
+++ b/doc/wsug_src/images/ws-analyze-menu.png
diff --git a/docbook/wsug_src/images/ws-asap-statistics.png b/doc/wsug_src/images/ws-asap-statistics.png
index d1a33072..d1a33072 100644
--- a/docbook/wsug_src/images/ws-asap-statistics.png
+++ b/doc/wsug_src/images/ws-asap-statistics.png
diff --git a/docbook/wsug_src/images/ws-bluetooth-devices.png b/doc/wsug_src/images/ws-bluetooth-devices.png
index b6d1e3c9..b6d1e3c9 100644
--- a/docbook/wsug_src/images/ws-bluetooth-devices.png
+++ b/doc/wsug_src/images/ws-bluetooth-devices.png
diff --git a/docbook/wsug_src/images/ws-bt-hci-summary.png b/doc/wsug_src/images/ws-bt-hci-summary.png
index 16b7bec6..16b7bec6 100644
--- a/docbook/wsug_src/images/ws-bt-hci-summary.png
+++ b/doc/wsug_src/images/ws-bt-hci-summary.png
diff --git a/docbook/wsug_src/images/ws-bytes-pane-popup-menu.png b/doc/wsug_src/images/ws-bytes-pane-popup-menu.png
index bee43bfc..bee43bfc 100644
--- a/docbook/wsug_src/images/ws-bytes-pane-popup-menu.png
+++ b/doc/wsug_src/images/ws-bytes-pane-popup-menu.png
diff --git a/docbook/wsug_src/images/ws-bytes-pane-tabs.png b/doc/wsug_src/images/ws-bytes-pane-tabs.png
index b9817a2c..b9817a2c 100644
--- a/docbook/wsug_src/images/ws-bytes-pane-tabs.png
+++ b/doc/wsug_src/images/ws-bytes-pane-tabs.png
diff --git a/docbook/wsug_src/images/ws-bytes-pane.png b/doc/wsug_src/images/ws-bytes-pane.png
index 70d1291a..70d1291a 100644
--- a/docbook/wsug_src/images/ws-bytes-pane.png
+++ b/doc/wsug_src/images/ws-bytes-pane.png
diff --git a/docbook/wsug_src/images/ws-calcappprotocol-statistics.png b/doc/wsug_src/images/ws-calcappprotocol-statistics.png
index 3c9d9fe9..3c9d9fe9 100644
--- a/docbook/wsug_src/images/ws-calcappprotocol-statistics.png
+++ b/doc/wsug_src/images/ws-calcappprotocol-statistics.png
diff --git a/docbook/wsug_src/images/ws-capture-file-properties.png b/doc/wsug_src/images/ws-capture-file-properties.png
index 816987b3..816987b3 100644
--- a/docbook/wsug_src/images/ws-capture-file-properties.png
+++ b/doc/wsug_src/images/ws-capture-file-properties.png
diff --git a/docbook/wsug_src/images/ws-capture-info.png b/doc/wsug_src/images/ws-capture-info.png
index e82ec0ad..e82ec0ad 100644
--- a/docbook/wsug_src/images/ws-capture-info.png
+++ b/doc/wsug_src/images/ws-capture-info.png
diff --git a/docbook/wsug_src/images/ws-capture-interfaces-main-macos.png b/doc/wsug_src/images/ws-capture-interfaces-main-macos.png
index 38698864..38698864 100644
--- a/docbook/wsug_src/images/ws-capture-interfaces-main-macos.png
+++ b/doc/wsug_src/images/ws-capture-interfaces-main-macos.png
diff --git a/docbook/wsug_src/images/ws-capture-interfaces-main-win32.png b/doc/wsug_src/images/ws-capture-interfaces-main-win32.png
index a50b64e8..a50b64e8 100644
--- a/docbook/wsug_src/images/ws-capture-interfaces-main-win32.png
+++ b/doc/wsug_src/images/ws-capture-interfaces-main-win32.png
diff --git a/docbook/wsug_src/images/ws-capture-menu.png b/doc/wsug_src/images/ws-capture-menu.png
index 5d001e18..5d001e18 100644
--- a/docbook/wsug_src/images/ws-capture-menu.png
+++ b/doc/wsug_src/images/ws-capture-menu.png
diff --git a/docbook/wsug_src/images/ws-capture-options-compile-selected-bpfs.png b/doc/wsug_src/images/ws-capture-options-compile-selected-bpfs.png
index 14501e0e..14501e0e 100644
--- a/docbook/wsug_src/images/ws-capture-options-compile-selected-bpfs.png
+++ b/doc/wsug_src/images/ws-capture-options-compile-selected-bpfs.png
diff --git a/docbook/wsug_src/images/ws-capture-options-options.png b/doc/wsug_src/images/ws-capture-options-options.png
index b72a54f9..b72a54f9 100644
--- a/docbook/wsug_src/images/ws-capture-options-options.png
+++ b/doc/wsug_src/images/ws-capture-options-options.png
diff --git a/docbook/wsug_src/images/ws-capture-options-output.png b/doc/wsug_src/images/ws-capture-options-output.png
index 097c7f0a..097c7f0a 100644
--- a/docbook/wsug_src/images/ws-capture-options-output.png
+++ b/doc/wsug_src/images/ws-capture-options-output.png
diff --git a/docbook/wsug_src/images/ws-capture-options.png b/doc/wsug_src/images/ws-capture-options.png
index 8a12d436..8a12d436 100644
--- a/docbook/wsug_src/images/ws-capture-options.png
+++ b/doc/wsug_src/images/ws-capture-options.png
diff --git a/docbook/wsug_src/images/ws-choose-color-rule.png b/doc/wsug_src/images/ws-choose-color-rule.png
index 263aa551..263aa551 100644
--- a/docbook/wsug_src/images/ws-choose-color-rule.png
+++ b/doc/wsug_src/images/ws-choose-color-rule.png
diff --git a/docbook/wsug_src/images/ws-coloring-fields.png b/doc/wsug_src/images/ws-coloring-fields.png
index 9a5171ab..9a5171ab 100644
--- a/docbook/wsug_src/images/ws-coloring-fields.png
+++ b/doc/wsug_src/images/ws-coloring-fields.png
diff --git a/docbook/wsug_src/images/ws-coloring-rules-dialog.png b/doc/wsug_src/images/ws-coloring-rules-dialog.png
index ac6d28e5..ac6d28e5 100644
--- a/docbook/wsug_src/images/ws-coloring-rules-dialog.png
+++ b/doc/wsug_src/images/ws-coloring-rules-dialog.png
diff --git a/docbook/wsug_src/images/ws-column-header-popup-menu.png b/doc/wsug_src/images/ws-column-header-popup-menu.png
index d895dd8a..d895dd8a 100644
--- a/docbook/wsug_src/images/ws-column-header-popup-menu.png
+++ b/doc/wsug_src/images/ws-column-header-popup-menu.png
diff --git a/docbook/wsug_src/images/ws-csp-statistics.png b/doc/wsug_src/images/ws-csp-statistics.png
index cbade243..cbade243 100644
--- a/docbook/wsug_src/images/ws-csp-statistics.png
+++ b/doc/wsug_src/images/ws-csp-statistics.png
diff --git a/docbook/wsug_src/images/ws-decode-as.png b/doc/wsug_src/images/ws-decode-as.png
index 2b37e567..2b37e567 100644
--- a/docbook/wsug_src/images/ws-decode-as.png
+++ b/doc/wsug_src/images/ws-decode-as.png
diff --git a/docbook/wsug_src/images/ws-details-pane-popup-menu.png b/doc/wsug_src/images/ws-details-pane-popup-menu.png
index c0980ba1..c0980ba1 100644
--- a/docbook/wsug_src/images/ws-details-pane-popup-menu.png
+++ b/doc/wsug_src/images/ws-details-pane-popup-menu.png
diff --git a/docbook/wsug_src/images/ws-details-pane.png b/doc/wsug_src/images/ws-details-pane.png
index cc0b9176..cc0b9176 100644
--- a/docbook/wsug_src/images/ws-details-pane.png
+++ b/doc/wsug_src/images/ws-details-pane.png
diff --git a/docbook/wsug_src/images/ws-diagram-pane-popup-menu.png b/doc/wsug_src/images/ws-diagram-pane-popup-menu.png
index 1e17628d..1e17628d 100644
--- a/docbook/wsug_src/images/ws-diagram-pane-popup-menu.png
+++ b/doc/wsug_src/images/ws-diagram-pane-popup-menu.png
diff --git a/docbook/wsug_src/images/ws-diagram-pane.png b/doc/wsug_src/images/ws-diagram-pane.png
index 117f1f58..117f1f58 100644
--- a/docbook/wsug_src/images/ws-diagram-pane.png
+++ b/doc/wsug_src/images/ws-diagram-pane.png
diff --git a/docbook/wsug_src/images/ws-display-filter-tcp.png b/doc/wsug_src/images/ws-display-filter-tcp.png
index 181f41d0..181f41d0 100644
--- a/docbook/wsug_src/images/ws-display-filter-tcp.png
+++ b/doc/wsug_src/images/ws-display-filter-tcp.png
diff --git a/docbook/wsug_src/images/ws-dns.png b/doc/wsug_src/images/ws-dns.png
index 4458e3cb..4458e3cb 100644
--- a/docbook/wsug_src/images/ws-dns.png
+++ b/doc/wsug_src/images/ws-dns.png
diff --git a/docbook/wsug_src/images/ws-edit-menu.png b/doc/wsug_src/images/ws-edit-menu.png
index 204e2194..204e2194 100644
--- a/docbook/wsug_src/images/ws-edit-menu.png
+++ b/doc/wsug_src/images/ws-edit-menu.png
diff --git a/docbook/wsug_src/images/ws-enabled-protocols.png b/doc/wsug_src/images/ws-enabled-protocols.png
index a7d149b1..a7d149b1 100644
--- a/docbook/wsug_src/images/ws-enabled-protocols.png
+++ b/doc/wsug_src/images/ws-enabled-protocols.png
diff --git a/docbook/wsug_src/images/ws-enrp-statistics.png b/doc/wsug_src/images/ws-enrp-statistics.png
index df0db91d..df0db91d 100644
--- a/docbook/wsug_src/images/ws-enrp-statistics.png
+++ b/doc/wsug_src/images/ws-enrp-statistics.png
diff --git a/docbook/wsug_src/images/ws-expert-colored-tree.png b/doc/wsug_src/images/ws-expert-colored-tree.png
index a203ff67..a203ff67 100644
--- a/docbook/wsug_src/images/ws-expert-colored-tree.png
+++ b/doc/wsug_src/images/ws-expert-colored-tree.png
diff --git a/docbook/wsug_src/images/ws-expert-column.png b/doc/wsug_src/images/ws-expert-column.png
index 66941afb..66941afb 100644
--- a/docbook/wsug_src/images/ws-expert-column.png
+++ b/doc/wsug_src/images/ws-expert-column.png
diff --git a/docbook/wsug_src/images/ws-expert-information.png b/doc/wsug_src/images/ws-expert-information.png
index 8fa63107..8fa63107 100644
--- a/docbook/wsug_src/images/ws-expert-information.png
+++ b/doc/wsug_src/images/ws-expert-information.png
diff --git a/docbook/wsug_src/images/ws-export-objects.png b/doc/wsug_src/images/ws-export-objects.png
index fc9a0244..fc9a0244 100644
--- a/docbook/wsug_src/images/ws-export-objects.png
+++ b/doc/wsug_src/images/ws-export-objects.png
diff --git a/docbook/wsug_src/images/ws-export-packet-dissections.png b/doc/wsug_src/images/ws-export-packet-dissections.png
index 4be7c958..4be7c958 100644
--- a/docbook/wsug_src/images/ws-export-packet-dissections.png
+++ b/doc/wsug_src/images/ws-export-packet-dissections.png
diff --git a/docbook/wsug_src/images/ws-export-pdus-to-file.png b/doc/wsug_src/images/ws-export-pdus-to-file.png
index a4969229..a4969229 100644
--- a/docbook/wsug_src/images/ws-export-pdus-to-file.png
+++ b/doc/wsug_src/images/ws-export-pdus-to-file.png
diff --git a/docbook/wsug_src/images/ws-export-selected.png b/doc/wsug_src/images/ws-export-selected.png
index 1c20f76f..1c20f76f 100644
--- a/docbook/wsug_src/images/ws-export-selected.png
+++ b/doc/wsug_src/images/ws-export-selected.png
diff --git a/docbook/wsug_src/images/ws-export-specified-packets.png b/doc/wsug_src/images/ws-export-specified-packets.png
index e8bb8aef..e8bb8aef 100644
--- a/docbook/wsug_src/images/ws-export-specified-packets.png
+++ b/doc/wsug_src/images/ws-export-specified-packets.png
diff --git a/docbook/wsug_src/images/ws-fgp-statistics.png b/doc/wsug_src/images/ws-fgp-statistics.png
index bfe4d50f..bfe4d50f 100644
--- a/docbook/wsug_src/images/ws-fgp-statistics.png
+++ b/doc/wsug_src/images/ws-fgp-statistics.png
diff --git a/docbook/wsug_src/images/ws-file-import-regex.png b/doc/wsug_src/images/ws-file-import-regex.png
index 3f57eb16..3f57eb16 100644
--- a/docbook/wsug_src/images/ws-file-import-regex.png
+++ b/doc/wsug_src/images/ws-file-import-regex.png
diff --git a/docbook/wsug_src/images/ws-file-import.png b/doc/wsug_src/images/ws-file-import.png
index e957d14e..e957d14e 100644
--- a/docbook/wsug_src/images/ws-file-import.png
+++ b/doc/wsug_src/images/ws-file-import.png
diff --git a/docbook/wsug_src/images/ws-file-menu.png b/doc/wsug_src/images/ws-file-menu.png
index d7e8d43a..d7e8d43a 100644
--- a/docbook/wsug_src/images/ws-file-menu.png
+++ b/doc/wsug_src/images/ws-file-menu.png
diff --git a/docbook/wsug_src/images/ws-file-set-dialog.png b/doc/wsug_src/images/ws-file-set-dialog.png
index fb470d2b..fb470d2b 100644
--- a/docbook/wsug_src/images/ws-file-set-dialog.png
+++ b/doc/wsug_src/images/ws-file-set-dialog.png
diff --git a/docbook/wsug_src/images/ws-filter-add-expression.png b/doc/wsug_src/images/ws-filter-add-expression.png
index e4f99703..e4f99703 100644
--- a/docbook/wsug_src/images/ws-filter-add-expression.png
+++ b/doc/wsug_src/images/ws-filter-add-expression.png
diff --git a/doc/wsug_src/images/ws-filter-macros.png b/doc/wsug_src/images/ws-filter-macros.png
new file mode 100644
index 00000000..001e724e
--- /dev/null
+++ b/doc/wsug_src/images/ws-filter-macros.png
diff --git a/docbook/wsug_src/images/ws-filter-toolbar.png b/doc/wsug_src/images/ws-filter-toolbar.png
index 1c680c64..1c680c64 100644
--- a/docbook/wsug_src/images/ws-filter-toolbar.png
+++ b/doc/wsug_src/images/ws-filter-toolbar.png
diff --git a/docbook/wsug_src/images/ws-filters.png b/doc/wsug_src/images/ws-filters.png
index afbb36ef..afbb36ef 100644
--- a/docbook/wsug_src/images/ws-filters.png
+++ b/doc/wsug_src/images/ws-filters.png
diff --git a/docbook/wsug_src/images/ws-find-packet.png b/doc/wsug_src/images/ws-find-packet.png
index e773d94c..e773d94c 100644
--- a/docbook/wsug_src/images/ws-find-packet.png
+++ b/doc/wsug_src/images/ws-find-packet.png
diff --git a/docbook/wsug_src/images/ws-flow-graph.png b/doc/wsug_src/images/ws-flow-graph.png
index 17dacdaf..17dacdaf 100644
--- a/docbook/wsug_src/images/ws-flow-graph.png
+++ b/doc/wsug_src/images/ws-flow-graph.png
diff --git a/docbook/wsug_src/images/ws-follow-http2-stream.png b/doc/wsug_src/images/ws-follow-http2-stream.png
index 616dfd7f..616dfd7f 100644
--- a/docbook/wsug_src/images/ws-follow-http2-stream.png
+++ b/doc/wsug_src/images/ws-follow-http2-stream.png
diff --git a/docbook/wsug_src/images/ws-follow-sip-stream.png b/doc/wsug_src/images/ws-follow-sip-stream.png
index 52f8181c..52f8181c 100644
--- a/docbook/wsug_src/images/ws-follow-sip-stream.png
+++ b/doc/wsug_src/images/ws-follow-sip-stream.png
diff --git a/docbook/wsug_src/images/ws-follow-stream.png b/doc/wsug_src/images/ws-follow-stream.png
index 1c926aff..1c926aff 100644
--- a/docbook/wsug_src/images/ws-follow-stream.png
+++ b/doc/wsug_src/images/ws-follow-stream.png
diff --git a/docbook/wsug_src/images/ws-go-menu.png b/doc/wsug_src/images/ws-go-menu.png
index d0231c9f..d0231c9f 100644
--- a/docbook/wsug_src/images/ws-go-menu.png
+++ b/doc/wsug_src/images/ws-go-menu.png
diff --git a/docbook/wsug_src/images/ws-goto-packet.png b/doc/wsug_src/images/ws-goto-packet.png
index 10092fc5..10092fc5 100644
--- a/docbook/wsug_src/images/ws-goto-packet.png
+++ b/doc/wsug_src/images/ws-goto-packet.png
diff --git a/doc/wsug_src/images/ws-gui-config-profiles.png b/doc/wsug_src/images/ws-gui-config-profiles.png
new file mode 100644
index 00000000..b1e22541
--- /dev/null
+++ b/doc/wsug_src/images/ws-gui-config-profiles.png
diff --git a/docbook/wsug_src/images/ws-help-menu.png b/doc/wsug_src/images/ws-help-menu.png
index f083a851..f083a851 100644
--- a/docbook/wsug_src/images/ws-help-menu.png
+++ b/doc/wsug_src/images/ws-help-menu.png
diff --git a/docbook/wsug_src/images/ws-list-pane.png b/doc/wsug_src/images/ws-list-pane.png
index 8770bc45..8770bc45 100644
--- a/docbook/wsug_src/images/ws-list-pane.png
+++ b/doc/wsug_src/images/ws-list-pane.png
diff --git a/doc/wsug_src/images/ws-main-toolbar.png b/doc/wsug_src/images/ws-main-toolbar.png
new file mode 100644
index 00000000..27fe78d1
--- /dev/null
+++ b/doc/wsug_src/images/ws-main-toolbar.png
diff --git a/docbook/wsug_src/images/ws-main.png b/doc/wsug_src/images/ws-main.png
index a975b9ef..a975b9ef 100644
--- a/docbook/wsug_src/images/ws-main.png
+++ b/doc/wsug_src/images/ws-main.png
diff --git a/docbook/wsug_src/images/ws-manage-interfaces.png b/doc/wsug_src/images/ws-manage-interfaces.png
index ff37aa28..ff37aa28 100644
--- a/docbook/wsug_src/images/ws-manage-interfaces.png
+++ b/doc/wsug_src/images/ws-manage-interfaces.png
diff --git a/docbook/wsug_src/images/ws-mate-analysis.png b/doc/wsug_src/images/ws-mate-analysis.png
index bb33b4f9..bb33b4f9 100644
--- a/docbook/wsug_src/images/ws-mate-analysis.png
+++ b/doc/wsug_src/images/ws-mate-analysis.png
diff --git a/docbook/wsug_src/images/ws-mate-dns_pane.png b/doc/wsug_src/images/ws-mate-dns_pane.png
index 99e5a075..99e5a075 100644
--- a/docbook/wsug_src/images/ws-mate-dns_pane.png
+++ b/doc/wsug_src/images/ws-mate-dns_pane.png
diff --git a/docbook/wsug_src/images/ws-mate-dns_pdu.png b/doc/wsug_src/images/ws-mate-dns_pdu.png
index 15063035..15063035 100644
--- a/docbook/wsug_src/images/ws-mate-dns_pdu.png
+++ b/doc/wsug_src/images/ws-mate-dns_pdu.png
diff --git a/docbook/wsug_src/images/ws-mate-ftp_over_gre.png b/doc/wsug_src/images/ws-mate-ftp_over_gre.png
index b7aa6371..b7aa6371 100644
--- a/docbook/wsug_src/images/ws-mate-ftp_over_gre.png
+++ b/doc/wsug_src/images/ws-mate-ftp_over_gre.png
diff --git a/docbook/wsug_src/images/ws-mate-gop_analysis.png b/doc/wsug_src/images/ws-mate-gop_analysis.png
index 6086fa76..6086fa76 100644
--- a/docbook/wsug_src/images/ws-mate-gop_analysis.png
+++ b/doc/wsug_src/images/ws-mate-gop_analysis.png
diff --git a/docbook/wsug_src/images/ws-mate-isup_over_mtp3_over_ip.png b/doc/wsug_src/images/ws-mate-isup_over_mtp3_over_ip.png
index a6e2baf1..a6e2baf1 100644
--- a/docbook/wsug_src/images/ws-mate-isup_over_mtp3_over_ip.png
+++ b/doc/wsug_src/images/ws-mate-isup_over_mtp3_over_ip.png
diff --git a/docbook/wsug_src/images/ws-mate-mmse_over_http.png b/doc/wsug_src/images/ws-mate-mmse_over_http.png
index 4ee2d4e7..4ee2d4e7 100644
--- a/docbook/wsug_src/images/ws-mate-mmse_over_http.png
+++ b/doc/wsug_src/images/ws-mate-mmse_over_http.png
diff --git a/docbook/wsug_src/images/ws-mate-pdu_analysis.png b/doc/wsug_src/images/ws-mate-pdu_analysis.png
index cf126e8e..cf126e8e 100644
--- a/docbook/wsug_src/images/ws-mate-pdu_analysis.png
+++ b/doc/wsug_src/images/ws-mate-pdu_analysis.png
diff --git a/doc/wsug_src/images/ws-mate-tcp-output.png b/doc/wsug_src/images/ws-mate-tcp-output.png
new file mode 100644
index 00000000..c6688867
--- /dev/null
+++ b/doc/wsug_src/images/ws-mate-tcp-output.png
diff --git a/docbook/wsug_src/images/ws-mate-transform.png b/doc/wsug_src/images/ws-mate-transform.png
index a943011d..a943011d 100644
--- a/docbook/wsug_src/images/ws-mate-transform.png
+++ b/doc/wsug_src/images/ws-mate-transform.png
diff --git a/docbook/wsug_src/images/ws-menu.png b/doc/wsug_src/images/ws-menu.png
index 3f7f847d..3f7f847d 100644
--- a/docbook/wsug_src/images/ws-menu.png
+++ b/doc/wsug_src/images/ws-menu.png
diff --git a/docbook/wsug_src/images/ws-merge-qt5.png b/doc/wsug_src/images/ws-merge-qt5.png
index e5d03684..e5d03684 100644
--- a/docbook/wsug_src/images/ws-merge-qt5.png
+++ b/doc/wsug_src/images/ws-merge-qt5.png
diff --git a/docbook/wsug_src/images/ws-merge-win32.png b/doc/wsug_src/images/ws-merge-win32.png
index c3233baf..c3233baf 100644
--- a/docbook/wsug_src/images/ws-merge-win32.png
+++ b/doc/wsug_src/images/ws-merge-win32.png
diff --git a/docbook/wsug_src/images/ws-netperfmeter-statistics.png b/doc/wsug_src/images/ws-netperfmeter-statistics.png
index 15a0c7aa..15a0c7aa 100644
--- a/docbook/wsug_src/images/ws-netperfmeter-statistics.png
+++ b/doc/wsug_src/images/ws-netperfmeter-statistics.png
diff --git a/docbook/wsug_src/images/ws-open-qt5.png b/doc/wsug_src/images/ws-open-qt5.png
index 01acf864..01acf864 100644
--- a/docbook/wsug_src/images/ws-open-qt5.png
+++ b/doc/wsug_src/images/ws-open-qt5.png
diff --git a/docbook/wsug_src/images/ws-open-win32.png b/doc/wsug_src/images/ws-open-win32.png
index 182942a2..182942a2 100644
--- a/docbook/wsug_src/images/ws-open-win32.png
+++ b/doc/wsug_src/images/ws-open-win32.png
diff --git a/docbook/wsug_src/images/ws-packet-format.png b/doc/wsug_src/images/ws-packet-format.png
index 74a24d46..74a24d46 100644
--- a/docbook/wsug_src/images/ws-packet-format.png
+++ b/doc/wsug_src/images/ws-packet-format.png
diff --git a/docbook/wsug_src/images/ws-packet-pane-popup-menu.png b/doc/wsug_src/images/ws-packet-pane-popup-menu.png
index 6a2cc4d5..6a2cc4d5 100644
--- a/docbook/wsug_src/images/ws-packet-pane-popup-menu.png
+++ b/doc/wsug_src/images/ws-packet-pane-popup-menu.png
diff --git a/docbook/wsug_src/images/ws-packet-range.png b/doc/wsug_src/images/ws-packet-range.png
index a35a008a..a35a008a 100644
--- a/docbook/wsug_src/images/ws-packet-range.png
+++ b/doc/wsug_src/images/ws-packet-range.png
diff --git a/docbook/wsug_src/images/ws-packet-selected.png b/doc/wsug_src/images/ws-packet-selected.png
index bafc07cd..bafc07cd 100644
--- a/docbook/wsug_src/images/ws-packet-selected.png
+++ b/doc/wsug_src/images/ws-packet-selected.png
diff --git a/docbook/wsug_src/images/ws-packet-sep-win.png b/doc/wsug_src/images/ws-packet-sep-win.png
index f9e507ff..f9e507ff 100644
--- a/docbook/wsug_src/images/ws-packet-sep-win.png
+++ b/doc/wsug_src/images/ws-packet-sep-win.png
diff --git a/docbook/wsug_src/images/ws-pingpongprotocol-statistics.png b/doc/wsug_src/images/ws-pingpongprotocol-statistics.png
index d67b7cdd..d67b7cdd 100644
--- a/docbook/wsug_src/images/ws-pingpongprotocol-statistics.png
+++ b/doc/wsug_src/images/ws-pingpongprotocol-statistics.png
diff --git a/docbook/wsug_src/images/ws-pref-advanced.png b/doc/wsug_src/images/ws-pref-advanced.png
index c7c44499..c7c44499 100644
--- a/docbook/wsug_src/images/ws-pref-advanced.png
+++ b/doc/wsug_src/images/ws-pref-advanced.png
diff --git a/docbook/wsug_src/images/ws-pref-appearance-columns.png b/doc/wsug_src/images/ws-pref-appearance-columns.png
index 84db3d9f..84db3d9f 100644
--- a/docbook/wsug_src/images/ws-pref-appearance-columns.png
+++ b/doc/wsug_src/images/ws-pref-appearance-columns.png
diff --git a/docbook/wsug_src/images/ws-pref-appearance-fonts-and-colors.png b/doc/wsug_src/images/ws-pref-appearance-fonts-and-colors.png
index 538a20f4..538a20f4 100644
--- a/docbook/wsug_src/images/ws-pref-appearance-fonts-and-colors.png
+++ b/doc/wsug_src/images/ws-pref-appearance-fonts-and-colors.png
diff --git a/docbook/wsug_src/images/ws-pref-appearance-layout.png b/doc/wsug_src/images/ws-pref-appearance-layout.png
index 6f896d1e..6f896d1e 100644
--- a/docbook/wsug_src/images/ws-pref-appearance-layout.png
+++ b/doc/wsug_src/images/ws-pref-appearance-layout.png
diff --git a/docbook/wsug_src/images/ws-pref-appearance.png b/doc/wsug_src/images/ws-pref-appearance.png
index ffc52e21..ffc52e21 100644
--- a/docbook/wsug_src/images/ws-pref-appearance.png
+++ b/doc/wsug_src/images/ws-pref-appearance.png
diff --git a/docbook/wsug_src/images/ws-pref-capture.png b/doc/wsug_src/images/ws-pref-capture.png
index 5c76d286..5c76d286 100644
--- a/docbook/wsug_src/images/ws-pref-capture.png
+++ b/doc/wsug_src/images/ws-pref-capture.png
diff --git a/docbook/wsug_src/images/ws-pref-expert.png b/doc/wsug_src/images/ws-pref-expert.png
index fe1594b9..fe1594b9 100644
--- a/docbook/wsug_src/images/ws-pref-expert.png
+++ b/doc/wsug_src/images/ws-pref-expert.png
diff --git a/docbook/wsug_src/images/ws-pref-filter-buttons.png b/doc/wsug_src/images/ws-pref-filter-buttons.png
index e45e736a..e45e736a 100644
--- a/docbook/wsug_src/images/ws-pref-filter-buttons.png
+++ b/doc/wsug_src/images/ws-pref-filter-buttons.png
diff --git a/docbook/wsug_src/images/ws-pref-name-resolution.png b/doc/wsug_src/images/ws-pref-name-resolution.png
index 3fdc7d55..3fdc7d55 100644
--- a/docbook/wsug_src/images/ws-pref-name-resolution.png
+++ b/doc/wsug_src/images/ws-pref-name-resolution.png
diff --git a/doc/wsug_src/images/ws-pref-protocols.png b/doc/wsug_src/images/ws-pref-protocols.png
new file mode 100644
index 00000000..2b73d3e6
--- /dev/null
+++ b/doc/wsug_src/images/ws-pref-protocols.png
diff --git a/docbook/wsug_src/images/ws-pref-rsa-keys.png b/doc/wsug_src/images/ws-pref-rsa-keys.png
index 21cb6200..21cb6200 100644
--- a/docbook/wsug_src/images/ws-pref-rsa-keys.png
+++ b/doc/wsug_src/images/ws-pref-rsa-keys.png
diff --git a/docbook/wsug_src/images/ws-pref-statistics.png b/doc/wsug_src/images/ws-pref-statistics.png
index 2bef021e..2bef021e 100644
--- a/docbook/wsug_src/images/ws-pref-statistics.png
+++ b/doc/wsug_src/images/ws-pref-statistics.png
diff --git a/docbook/wsug_src/images/ws-print.png b/doc/wsug_src/images/ws-print.png
index 9c3b79ec..9c3b79ec 100644
--- a/docbook/wsug_src/images/ws-print.png
+++ b/doc/wsug_src/images/ws-print.png
diff --git a/docbook/wsug_src/images/ws-resolved-addr.png b/doc/wsug_src/images/ws-resolved-addr.png
index c3868215..c3868215 100644
--- a/docbook/wsug_src/images/ws-resolved-addr.png
+++ b/doc/wsug_src/images/ws-resolved-addr.png
diff --git a/docbook/wsug_src/images/ws-rlc-graph.png b/doc/wsug_src/images/ws-rlc-graph.png
index e14bb72a..e14bb72a 100644
--- a/docbook/wsug_src/images/ws-rlc-graph.png
+++ b/doc/wsug_src/images/ws-rlc-graph.png
diff --git a/docbook/wsug_src/images/ws-save-as-qt5.png b/doc/wsug_src/images/ws-save-as-qt5.png
index 64d2eec5..64d2eec5 100644
--- a/docbook/wsug_src/images/ws-save-as-qt5.png
+++ b/doc/wsug_src/images/ws-save-as-qt5.png
diff --git a/docbook/wsug_src/images/ws-save-as-win32.png b/doc/wsug_src/images/ws-save-as-win32.png
index e50619f9..e50619f9 100644
--- a/docbook/wsug_src/images/ws-save-as-win32.png
+++ b/doc/wsug_src/images/ws-save-as-win32.png
diff --git a/docbook/wsug_src/images/ws-sctp-1-association.png b/doc/wsug_src/images/ws-sctp-1-association.png
index 0573ae84..0573ae84 100644
--- a/docbook/wsug_src/images/ws-sctp-1-association.png
+++ b/doc/wsug_src/images/ws-sctp-1-association.png
diff --git a/docbook/wsug_src/images/ws-sctp.png b/doc/wsug_src/images/ws-sctp.png
index 884a91e2..884a91e2 100644
--- a/docbook/wsug_src/images/ws-sctp.png
+++ b/doc/wsug_src/images/ws-sctp.png
diff --git a/docbook/wsug_src/images/ws-ssp-statistics.png b/doc/wsug_src/images/ws-ssp-statistics.png
index 8c6817b6..8c6817b6 100644
--- a/docbook/wsug_src/images/ws-ssp-statistics.png
+++ b/doc/wsug_src/images/ws-ssp-statistics.png
diff --git a/docbook/wsug_src/images/ws-statistics-menu.png b/doc/wsug_src/images/ws-statistics-menu.png
index e772bffa..e772bffa 100644
--- a/docbook/wsug_src/images/ws-statistics-menu.png
+++ b/doc/wsug_src/images/ws-statistics-menu.png
diff --git a/docbook/wsug_src/images/ws-stats-conversations.png b/doc/wsug_src/images/ws-stats-conversations.png
index fb4cd9e3..fb4cd9e3 100644
--- a/docbook/wsug_src/images/ws-stats-conversations.png
+++ b/doc/wsug_src/images/ws-stats-conversations.png
diff --git a/docbook/wsug_src/images/ws-stats-endpoints.png b/doc/wsug_src/images/ws-stats-endpoints.png
index 917726a2..917726a2 100644
--- a/docbook/wsug_src/images/ws-stats-endpoints.png
+++ b/doc/wsug_src/images/ws-stats-endpoints.png
diff --git a/docbook/wsug_src/images/ws-stats-hierarchy.png b/doc/wsug_src/images/ws-stats-hierarchy.png
index f904ece4..f904ece4 100644
--- a/docbook/wsug_src/images/ws-stats-hierarchy.png
+++ b/doc/wsug_src/images/ws-stats-hierarchy.png
diff --git a/docbook/wsug_src/images/ws-stats-http-requestsequences.png b/doc/wsug_src/images/ws-stats-http-requestsequences.png
index 8365673b..8365673b 100644
--- a/docbook/wsug_src/images/ws-stats-http-requestsequences.png
+++ b/doc/wsug_src/images/ws-stats-http-requestsequences.png
diff --git a/docbook/wsug_src/images/ws-stats-iographs.png b/doc/wsug_src/images/ws-stats-iographs.png
index 80e4cf7f..80e4cf7f 100644
--- a/docbook/wsug_src/images/ws-stats-iographs.png
+++ b/doc/wsug_src/images/ws-stats-iographs.png
diff --git a/docbook/wsug_src/images/ws-stats-lte-mac-traffic.png b/doc/wsug_src/images/ws-stats-lte-mac-traffic.png
index 441ab970..441ab970 100644
--- a/docbook/wsug_src/images/ws-stats-lte-mac-traffic.png
+++ b/doc/wsug_src/images/ws-stats-lte-mac-traffic.png
diff --git a/docbook/wsug_src/images/ws-stats-lte-rlc-traffic.png b/doc/wsug_src/images/ws-stats-lte-rlc-traffic.png
index 9fb13647..9fb13647 100644
--- a/docbook/wsug_src/images/ws-stats-lte-rlc-traffic.png
+++ b/doc/wsug_src/images/ws-stats-lte-rlc-traffic.png
diff --git a/docbook/wsug_src/images/ws-stats-packet-lengths.png b/doc/wsug_src/images/ws-stats-packet-lengths.png
index 7b22e4d1..7b22e4d1 100644
--- a/docbook/wsug_src/images/ws-stats-packet-lengths.png
+++ b/doc/wsug_src/images/ws-stats-packet-lengths.png
diff --git a/docbook/wsug_src/images/ws-stats-srt-smb2.png b/doc/wsug_src/images/ws-stats-srt-smb2.png
index 6e05af05..6e05af05 100644
--- a/docbook/wsug_src/images/ws-stats-srt-smb2.png
+++ b/doc/wsug_src/images/ws-stats-srt-smb2.png
diff --git a/docbook/wsug_src/images/ws-stats-wlan-traffic.png b/doc/wsug_src/images/ws-stats-wlan-traffic.png
index 8186b4ac..8186b4ac 100644
--- a/docbook/wsug_src/images/ws-stats-wlan-traffic.png
+++ b/doc/wsug_src/images/ws-stats-wlan-traffic.png
diff --git a/docbook/wsug_src/images/ws-statusbar-empty.png b/doc/wsug_src/images/ws-statusbar-empty.png
index 953acedc..953acedc 100644
--- a/docbook/wsug_src/images/ws-statusbar-empty.png
+++ b/doc/wsug_src/images/ws-statusbar-empty.png
diff --git a/docbook/wsug_src/images/ws-statusbar-filter.png b/doc/wsug_src/images/ws-statusbar-filter.png
index 1e09e0b1..1e09e0b1 100644
--- a/docbook/wsug_src/images/ws-statusbar-filter.png
+++ b/doc/wsug_src/images/ws-statusbar-filter.png
diff --git a/docbook/wsug_src/images/ws-statusbar-loaded.png b/doc/wsug_src/images/ws-statusbar-loaded.png
index 8b19b02c..8b19b02c 100644
--- a/docbook/wsug_src/images/ws-statusbar-loaded.png
+++ b/doc/wsug_src/images/ws-statusbar-loaded.png
diff --git a/docbook/wsug_src/images/ws-statusbar-profile.png b/doc/wsug_src/images/ws-statusbar-profile.png
index dcc309b6..dcc309b6 100644
--- a/docbook/wsug_src/images/ws-statusbar-profile.png
+++ b/doc/wsug_src/images/ws-statusbar-profile.png
diff --git a/docbook/wsug_src/images/ws-statusbar-selected.png b/doc/wsug_src/images/ws-statusbar-selected.png
index fd10c24c..fd10c24c 100644
--- a/docbook/wsug_src/images/ws-statusbar-selected.png
+++ b/doc/wsug_src/images/ws-statusbar-selected.png
diff --git a/docbook/wsug_src/images/ws-tcp-analysis.png b/doc/wsug_src/images/ws-tcp-analysis.png
index 9a376c51..9a376c51 100644
--- a/docbook/wsug_src/images/ws-tcp-analysis.png
+++ b/doc/wsug_src/images/ws-tcp-analysis.png
diff --git a/docbook/wsug_src/images/ws-tel-playlist.dia b/doc/wsug_src/images/ws-tel-playlist.dia
index 28eced58..28eced58 100644
--- a/docbook/wsug_src/images/ws-tel-playlist.dia
+++ b/doc/wsug_src/images/ws-tel-playlist.dia
diff --git a/docbook/wsug_src/images/ws-tel-playlist.png b/doc/wsug_src/images/ws-tel-playlist.png
index 4c586d05..4c586d05 100644
--- a/docbook/wsug_src/images/ws-tel-playlist.png
+++ b/doc/wsug_src/images/ws-tel-playlist.png
diff --git a/docbook/wsug_src/images/ws-tel-rtp-player_1.png b/doc/wsug_src/images/ws-tel-rtp-player_1.png
index 9e7249dc..9e7249dc 100644
--- a/docbook/wsug_src/images/ws-tel-rtp-player_1.png
+++ b/doc/wsug_src/images/ws-tel-rtp-player_1.png
diff --git a/docbook/wsug_src/images/ws-tel-rtp-player_1.xcf b/doc/wsug_src/images/ws-tel-rtp-player_1.xcf
index c48a0cad..c48a0cad 100644
--- a/docbook/wsug_src/images/ws-tel-rtp-player_1.xcf
+++ b/doc/wsug_src/images/ws-tel-rtp-player_1.xcf
diff --git a/docbook/wsug_src/images/ws-tel-rtp-player_2.png b/doc/wsug_src/images/ws-tel-rtp-player_2.png
index 8ec513e9..8ec513e9 100644
--- a/docbook/wsug_src/images/ws-tel-rtp-player_2.png
+++ b/doc/wsug_src/images/ws-tel-rtp-player_2.png
diff --git a/docbook/wsug_src/images/ws-tel-rtp-player_2.xcf b/doc/wsug_src/images/ws-tel-rtp-player_2.xcf
index 4411c7cb..4411c7cb 100644
--- a/docbook/wsug_src/images/ws-tel-rtp-player_2.xcf
+++ b/doc/wsug_src/images/ws-tel-rtp-player_2.xcf
diff --git a/docbook/wsug_src/images/ws-tel-rtp-player_3.png b/doc/wsug_src/images/ws-tel-rtp-player_3.png
index 6eb5c15d..6eb5c15d 100644
--- a/docbook/wsug_src/images/ws-tel-rtp-player_3.png
+++ b/doc/wsug_src/images/ws-tel-rtp-player_3.png
diff --git a/docbook/wsug_src/images/ws-tel-rtp-player_button.png b/doc/wsug_src/images/ws-tel-rtp-player_button.png
index a4a5183c..a4a5183c 100644
--- a/docbook/wsug_src/images/ws-tel-rtp-player_button.png
+++ b/doc/wsug_src/images/ws-tel-rtp-player_button.png
diff --git a/docbook/wsug_src/images/ws-tel-rtp-streams.png b/doc/wsug_src/images/ws-tel-rtp-streams.png
index d9ce9592..d9ce9592 100644
--- a/docbook/wsug_src/images/ws-tel-rtp-streams.png
+++ b/doc/wsug_src/images/ws-tel-rtp-streams.png
diff --git a/docbook/wsug_src/images/ws-tel-rtpstream-analysis_1.png b/doc/wsug_src/images/ws-tel-rtpstream-analysis_1.png
index 48b3de47..48b3de47 100644
--- a/docbook/wsug_src/images/ws-tel-rtpstream-analysis_1.png
+++ b/doc/wsug_src/images/ws-tel-rtpstream-analysis_1.png
diff --git a/docbook/wsug_src/images/ws-tel-rtpstream-analysis_2.png b/doc/wsug_src/images/ws-tel-rtpstream-analysis_2.png
index 2819ede0..2819ede0 100644
--- a/docbook/wsug_src/images/ws-tel-rtpstream-analysis_2.png
+++ b/doc/wsug_src/images/ws-tel-rtpstream-analysis_2.png
diff --git a/docbook/wsug_src/images/ws-tel-rtpstream-analysis_3.png b/doc/wsug_src/images/ws-tel-rtpstream-analysis_3.png
index cf3dccce..cf3dccce 100644
--- a/docbook/wsug_src/images/ws-tel-rtpstream-analysis_3.png
+++ b/doc/wsug_src/images/ws-tel-rtpstream-analysis_3.png
diff --git a/docbook/wsug_src/images/ws-tel-seq-dialog.png b/doc/wsug_src/images/ws-tel-seq-dialog.png
index 18f78cc3..18f78cc3 100644
--- a/docbook/wsug_src/images/ws-tel-seq-dialog.png
+++ b/doc/wsug_src/images/ws-tel-seq-dialog.png
diff --git a/docbook/wsug_src/images/ws-tel-voip-calls.png b/doc/wsug_src/images/ws-tel-voip-calls.png
index a8d8909c..a8d8909c 100644
--- a/docbook/wsug_src/images/ws-tel-voip-calls.png
+++ b/doc/wsug_src/images/ws-tel-voip-calls.png
diff --git a/docbook/wsug_src/images/ws-telephony-menu.png b/doc/wsug_src/images/ws-telephony-menu.png
index 38facaaf..38facaaf 100644
--- a/docbook/wsug_src/images/ws-telephony-menu.png
+++ b/doc/wsug_src/images/ws-telephony-menu.png
diff --git a/docbook/wsug_src/images/ws-time-reference.png b/doc/wsug_src/images/ws-time-reference.png
index 656dfab1..656dfab1 100644
--- a/docbook/wsug_src/images/ws-time-reference.png
+++ b/doc/wsug_src/images/ws-time-reference.png
diff --git a/docbook/wsug_src/images/ws-time-shift-details.png b/doc/wsug_src/images/ws-time-shift-details.png
index 8872a306..8872a306 100644
--- a/docbook/wsug_src/images/ws-time-shift-details.png
+++ b/doc/wsug_src/images/ws-time-shift-details.png
diff --git a/docbook/wsug_src/images/ws-time-shift.png b/doc/wsug_src/images/ws-time-shift.png
index dcfb6f7e..dcfb6f7e 100644
--- a/docbook/wsug_src/images/ws-time-shift.png
+++ b/doc/wsug_src/images/ws-time-shift.png
diff --git a/docbook/wsug_src/images/ws-tls-session-keys.png b/doc/wsug_src/images/ws-tls-session-keys.png
index ba0084f1..ba0084f1 100644
--- a/docbook/wsug_src/images/ws-tls-session-keys.png
+++ b/doc/wsug_src/images/ws-tls-session-keys.png
diff --git a/docbook/wsug_src/images/ws-tools-menu.png b/doc/wsug_src/images/ws-tools-menu.png
index edc753de..edc753de 100644
--- a/docbook/wsug_src/images/ws-tools-menu.png
+++ b/doc/wsug_src/images/ws-tools-menu.png
diff --git a/docbook/wsug_src/images/ws-udp-multicast-stream.png b/doc/wsug_src/images/ws-udp-multicast-stream.png
index b2bcbdec..b2bcbdec 100644
--- a/docbook/wsug_src/images/ws-udp-multicast-stream.png
+++ b/doc/wsug_src/images/ws-udp-multicast-stream.png
diff --git a/docbook/wsug_src/images/ws-user-guide-cover.png b/doc/wsug_src/images/ws-user-guide-cover.png
index 7aeda92a..7aeda92a 100644
--- a/docbook/wsug_src/images/ws-user-guide-cover.png
+++ b/doc/wsug_src/images/ws-user-guide-cover.png
diff --git a/docbook/wsug_src/images/ws-view-menu.png b/doc/wsug_src/images/ws-view-menu.png
index 78e932b1..78e932b1 100644
--- a/docbook/wsug_src/images/ws-view-menu.png
+++ b/doc/wsug_src/images/ws-view-menu.png
diff --git a/doc/wsug_src/images/ws-wireless-ieee-80211-pref.png b/doc/wsug_src/images/ws-wireless-ieee-80211-pref.png
new file mode 100644
index 00000000..327ca1d3
--- /dev/null
+++ b/doc/wsug_src/images/ws-wireless-ieee-80211-pref.png
diff --git a/doc/wsug_src/images/ws-wireless-key-examples.png b/doc/wsug_src/images/ws-wireless-key-examples.png
new file mode 100644
index 00000000..5e85b5ed
--- /dev/null
+++ b/doc/wsug_src/images/ws-wireless-key-examples.png
diff --git a/doc/wsug_src/images/ws-wireless-key-type.png b/doc/wsug_src/images/ws-wireless-key-type.png
new file mode 100644
index 00000000..cdce5d7d
--- /dev/null
+++ b/doc/wsug_src/images/ws-wireless-key-type.png
diff --git a/docbook/wsug_src/images/ws-wireless-menu.png b/doc/wsug_src/images/ws-wireless-menu.png
index 002289ed..002289ed 100644
--- a/docbook/wsug_src/images/ws-wireless-menu.png
+++ b/doc/wsug_src/images/ws-wireless-menu.png
diff --git a/docbook/wsug_src/mergecap-h.txt b/doc/wsug_src/mergecap-h.txt
index 6a35cc08..ffe8dd66 100644
--- a/docbook/wsug_src/mergecap-h.txt
+++ b/doc/wsug_src/mergecap-h.txt
@@ -1,4 +1,4 @@
-Mergecap (Wireshark) 4.2.6 (v4.2.6rc0-2-g76ee960786d7)
+Mergecap (Wireshark) 4.4.0 (v4.4.0rc1-11-g13699b5b3e78)
 Merge two or more capture files into one.
 See https://www.wireshark.org for more information.
 
@@ -9,10 +9,12 @@ Output:
                     default is to merge based on frame timestamps.
   -s <snaplen>      truncate packets to <snaplen> bytes of data.
   -w <outfile>|-    set the output filename to <outfile> or '-' for stdout.
+                    if the output filename has the .gz extension, it will be compressed to a gzip archive
   -F <capture type> set the output file type; default is pcapng.
                     an empty "-F" option will list the file types.
   -I <IDB merge mode> set the merge mode for Interface Description Blocks; default is 'all'.
                     an empty "-I" option will list the merge modes.
+  --compress <type> compress the output file using the type compression format.
 
 Miscellaneous:
   -h, --help        display this help and exit.
diff --git a/docbook/wsug_src/rawshark-h.txt b/doc/wsug_src/rawshark-h.txt
index 29c96da8..c7435001 100644
--- a/docbook/wsug_src/rawshark-h.txt
+++ b/doc/wsug_src/rawshark-h.txt
@@ -1,11 +1,12 @@
-Rawshark (Wireshark) 4.2.6 (v4.2.6rc0-2-g76ee960786d7)
+Rawshark (Wireshark) 4.4.0 (v4.4.0rc1-11-g13699b5b3e78)
 Dump and analyze network traffic.
 See https://www.wireshark.org for more information.
 
 Usage: rawshark [options] ...
 
 Input file:
-  -r <infile>              set the pipe or file name to read from
+  -r <infile>, --read-file <infile>
+                            set the pipe or file name to read from
 
 Processing:
   -d <encap:linktype>|<proto:protoname>
@@ -17,8 +18,11 @@ Processing:
   -N <name resolve flags>  enable specific name resolution(s): "mnNtdv"
   -p                       use the system's packet header format
                            (which may have 64-bit timestamps)
-  -R <read filter>         packet filter in Wireshark display filter syntax
+  -R <read filter>, --read-filter <read filter>
+                           packet filter in Wireshark display filter syntax
   -s                       skip PCAP header on input
+  -Y <display filter>, --display-filter <display filter>
+                           packet filter in Wireshark display filter syntax
   --enable-protocol <proto_name>
                            enable dissection of proto_name
   --disable-protocol <proto_name>
diff --git a/docbook/wsug_src/reordercap-h.txt b/doc/wsug_src/reordercap-h.txt
index 3ad3f20a..a12e9fe3 100644
--- a/docbook/wsug_src/reordercap-h.txt
+++ b/doc/wsug_src/reordercap-h.txt
@@ -1,4 +1,4 @@
-Reordercap (Wireshark) 4.2.6 (v4.2.6rc0-2-g76ee960786d7)
+Reordercap (Wireshark) 4.4.0 (v4.4.0rc1-11-g13699b5b3e78)
 Reorder timestamps of input file frames into output file.
 See https://www.wireshark.org for more information.
 
diff --git a/docbook/wsug_src/text2pcap-h.txt b/doc/wsug_src/text2pcap-h.txt
index 436623c0..934b2fe3 100644
--- a/docbook/wsug_src/text2pcap-h.txt
+++ b/doc/wsug_src/text2pcap-h.txt
@@ -1,4 +1,4 @@
-Text2pcap (Wireshark) 4.2.6 (v4.2.6rc0-2-g76ee960786d7)
+Text2pcap (Wireshark) 4.4.0 (v4.4.0rc1-11-g13699b5b3e78)
 Generate a capture file from an ASCII hexdump of packets.
 See https://www.wireshark.org for more information.
 
@@ -41,6 +41,8 @@ Input:
                          (def: 16: hexadecimal) No effect in hexdump mode.
 
 Output:
+                         if the output file(s) have the .gz extension, then
+                         gzip compression will be used.
   -F <capture type>      set the output file type; default is pcapng.
                          an empty "-F" option will list the file types.
   -E <encap type>        set the output file encapsulation type; default is
@@ -53,9 +55,10 @@ Output:
                          Example: -l 7 for ARCNet packets.
   -m <max-packet>        max packet length in output; default is 262144
   -N <intf-name>         assign name to the interface in the pcapng file.
-
+  --compress <type>      Compress the output file using the type compression format.
+                         
 Prepend dummy header:
-  -e <l3pid>             prepend dummy Ethernet II header with specified L3PID
+  -e <ethertype>         prepend dummy Ethernet II header with specified EtherType
                          (in HEX).
                          Example: -e 0x806 to specify an ARP packet.
   -i <proto>             prepend dummy IP header with specified IP protocol
@@ -64,10 +67,10 @@ Prepend dummy header:
                          link-layer type is Ethernet.
                          Example: -i 46
   -4 <srcip>,<destip>    prepend dummy IPv4 header with specified
-                         dest and source address.
+                         source and destination addresses.
                          Example: -4 10.0.0.1,10.0.0.2
   -6 <srcip>,<destip>    prepend dummy IPv6 header with specified
-                         dest and source address.
+                         source and destination addresses.
                          Example: -6 2001:db8::b3ff:fe1e:8329,2001:0db8:85a3::8a2e:0370:7334
   -u <srcp>,<destp>      prepend dummy UDP header with specified
                          source and destination ports (in DECIMAL).
@@ -79,11 +82,11 @@ Prepend dummy header:
                          Automatically prepends Ethernet & IP headers as well.
                          Example: -T 50,60
   -s <srcp>,<dstp>,<tag> prepend dummy SCTP header with specified
-                         source/dest ports and verification tag (in DECIMAL).
+                         source/destination ports and verification tag (in DECIMAL).
                          Automatically prepends Ethernet & IP headers as well.
                          Example: -s 30,40,34
   -S <srcp>,<dstp>,<ppi> prepend dummy SCTP header with specified
-                         source/dest ports and verification tag 0.
+                         source/destination ports and verification tag 0.
                          Automatically prepends a dummy SCTP DATA
                          chunk header with payload protocol identifier ppi.
                          Example: -S 30,40,34
diff --git a/docbook/wsug_src/tshark-h.txt b/doc/wsug_src/tshark-h.txt
index fddaca12..e7c12a2d 100644
--- a/docbook/wsug_src/tshark-h.txt
+++ b/doc/wsug_src/tshark-h.txt
@@ -1,4 +1,4 @@
-TShark (Wireshark) 4.2.6 (v4.2.6rc0-2-g76ee960786d7)
+TShark (Wireshark) 4.4.0 (v4.4.0rc1-11-g13699b5b3e78)
 Dump and analyze network traffic.
 See https://www.wireshark.org for more information.
 
@@ -39,6 +39,8 @@ Capture output:
                             packets:NUM - switch to next file after NUM packets
                            interval:NUM - switch to next file when the time is
                                           an exact multiple of NUM secs
+                         printname:FILE - print filename to FILE when written
+                                          (can use 'stdout' or 'stderr')
 Input file:
   -r <infile>, --read-file <infile>
                            set the filename to read from (or '-' for stdin)
@@ -54,7 +56,7 @@ Processing:
                            syntax
   -n                       disable all name resolutions (def: "mNd" enabled, or
                            as set in preferences)
-  -N <name resolve flags>  enable specific name resolution(s): "mnNtdv"
+  -N <name resolve flags>  enable specific name resolution(s): "mtndsNvg"
   -d <layer_type>==<selector>,<decode_as_protocol> ...
                            "Decode As", see the man page for details
                            Example: tcp.port==8888,http
@@ -75,11 +77,13 @@ Processing:
                            disable dissection of heuristic protocol
 Output:
   -w <outfile|->           write packets to a pcapng-format file named "outfile"
-                           (or '-' for stdout)
+                           (or '-' for stdout). If the output filename has the
+                           .gz extension, it will be compressed to a gzip archive
   --capture-comment <comment>
                            add a capture file comment, if supported
   -C <config profile>      start with specified configuration profile
-  -F <output file type>    set the output file type, default is pcapng
+  --global-profile         use the global profile instead of personal profile
+  -F <output file type>    set the output file type; default is pcapng.
                            an empty "-F" option will list the file types
   -V                       add output of packet tree        (Packet Details)
   -O <protocols>           Only show packet details of these protocols, comma
@@ -116,6 +120,7 @@ Output:
                            output format of time stamps (def: r: rel. to first)
   -u s|hms                 output format of seconds (def: s: seconds)
   -l                       flush standard output after each packet
+                           (implies --update-interval 0)
   -q                       be more quiet on stdout (e.g. when using statistics)
   -Q                       only log true errors to stderr (quieter than -q)
   -g                       enable group read access on the output file(s)
@@ -140,6 +145,7 @@ Output:
                            specified protocols within the mapping file
   --temp-dir <directory>   write temporary files to this directory
                            (default: /tmp)
+  --compress <type>        compress the output file using the type compression format
 
 Diagnostic output:
   --log-level <level>      sets the active log level ("critical", "warning", etc.)
diff --git a/docbook/wsug_src/user-guide-docinfo.xml b/doc/wsug_src/user-guide-docinfo.xml
index f6987c6e..4c1d50c7 100644
--- a/docbook/wsug_src/user-guide-docinfo.xml
+++ b/doc/wsug_src/user-guide-docinfo.xml
@@ -1,7 +1,7 @@
 <!-- Document information for the User's Guide. -->
 
 <!-- Updated by tools/make-version.py -->
-<subtitle>For Wireshark 4.2</subtitle>
+<subtitle>For Wireshark 4.4</subtitle>
 
 <!--
   <title><inlinegraphic entityref="WiresharkLogo" valign="middle" format="PNG"/> &DocumentTitle;</title>
diff --git a/docbook/wsug_src/user-guide.adoc b/doc/wsug_src/user-guide.adoc
index 7c80cf7b..7c80cf7b 100644
--- a/docbook/wsug_src/user-guide.adoc
+++ b/doc/wsug_src/user-guide.adoc
diff --git a/docbook/wsug_src/wireshark-h.txt b/doc/wsug_src/wireshark-h.txt
index b94e3565..954b0965 100644
--- a/docbook/wsug_src/wireshark-h.txt
+++ b/doc/wsug_src/wireshark-h.txt
@@ -1,4 +1,4 @@
-Wireshark 4.2.6 (v4.2.6rc0-2-g76ee960786d7)
+Wireshark 4.4.0 (v4.4.0rc1-11-g13699b5b3e78)
 Interactively dump and analyze network traffic.
 See https://www.wireshark.org for more information.
 
@@ -51,7 +51,7 @@ Processing:
   -R <read filter>, --read-filter <read filter>
                            packet filter in Wireshark display filter syntax
   -n                       disable all name resolutions (def: all enabled)
-  -N <name resolve flags>  enable specific name resolution(s): "mnNtdv"
+  -N <name resolve flags>  enable specific name resolution(s): "mtndsNvg"
   -d <layer_type>==<selector>,<decode_as_protocol> ...
                            "Decode As", see the man page for details
                            Example: tcp.port==8888,http
@@ -86,6 +86,8 @@ User interface:
 
 Output:
   -w <outfile|->           set the output filename (or '-' for stdout)
+  -F <capture type>        set the output file type; default is pcapng.
+                           an empty "-F" option will list the file types.
   --capture-comment <comment>
                            add a capture file comment, if supported
   --temp-dir <directory>   write temporary files to this directory
diff --git a/docbook/wsug_src/wsug_advanced.adoc b/doc/wsug_src/wsug_advanced.adoc
index 2c3aef5c..7550ee2c 100644
--- a/docbook/wsug_src/wsug_advanced.adoc
+++ b/doc/wsug_src/wsug_advanced.adoc
@@ -147,7 +147,7 @@ peer1_0: !!binary |
 How the old format data can be found in the new format:
 [options="header"]
 |===
-|New YAML format |Old YAML format | 
+|New YAML format |Old YAML format |
 a|
 ----
 ...
@@ -172,8 +172,11 @@ a|
 |===
 
 menu:Raw[]:: This allows you to load the unaltered stream data into a different
-  program for further examination. The display will look the same as the ASCII
-  setting, but “Save As” will result in a binary file.
+  program for further examination. The display will show the data as strings
+  of hex characters with each frame on a separate line, but “Save As”
+  will result in a binary file without any added line separators.
+
+You can optionally show the delta time each time the direction changes (turns) or for every packet or event.
 
 You can switch between streams using the “Stream” selector.
 
@@ -206,8 +209,8 @@ If a selected packet field does not show all the bytes (i.e., they are truncated
 when displayed) or if they are shown as bytes rather than string or if they require
 more formatting because they contain an image or HTML then this dialog can be used.
 
-This dialog can also be used to decode field bytes from base64, zlib compressed
-or quoted-printable and show the decoded bytes as configurable output.
+This dialog can also be used to decode field bytes from base64, various compressed
+formats or quoted-printable and show the decoded bytes as configurable output.
 It’s also possible to select a subset of bytes setting the start byte and end byte.
 
 You can choose from the following actions:
@@ -226,12 +229,14 @@ You can choose to decode the data from one of the following formats:
 
 menu:None[]:: This is the default which does not decode anything.
 
-menu:Base64[]:: This will decode from Base64.
+menu:Base64[]:: This will decode from Base64 or Base64Url.
 
-menu:Compressed[]:: This will decompress the buffer using zlib.
+menu:Compressed[]:: This will decompress the buffer using lz77, lz77huff, lznt1, snappy, zlib or zstd.
 
 menu:Hex Digits[]:: This will decode from a string of hex digits. Non-hex characters are skipped.
 
+menu:Percent-Encoding[]:: This will decode from a Percent-Encoded string.
+
 menu:Quoted-Printable[]:: This will decode from a Quoted-Printable string.
 
 menu:ROT-13[]:: This will decode ROT-13 encoded text.
@@ -259,7 +264,7 @@ menu:Image[]:: This will try to convert the bytes into an image.
 
 menu:ISO 8859-1[]:: In this view you see the bytes as ISO 8859-1.
 
-menu:Raw[]:: This allows you to load the unaltered stream data into a different
+menu:Raw[]:: This allows you to load the bytes into a different
   program for further examination. The display will show HEX data, but
   “Save As” will result in a binary file.
 
@@ -510,10 +515,6 @@ Next expected acknowledgment number:: The last-seen sequence number for
 segments. Set when there are no analysis flags and for zero window probes.
 
 // tcp_analyze_seq_info->lastack
-Last-seen acknowledgment number:: Always set. Note that this is not the
-same as the next expected acknowledgment number.
-
-// tcp_analyze_seq_info->lastack
 Last-seen acknowledgment number:: Always updated for each packet. Note
 that this is not the same as the next expected acknowledgment number.
 
@@ -531,7 +532,7 @@ direction and it’s less than the current acknowledgment number.
 Set when all of the following are true:
 
 * The segment size is zero.
-* The window size is non-zero and hasn’t changed.
+* The window size is non-zero and hasn’t changed, or there is valid SACK data.
 * The next expected sequence number and last-seen acknowledgment number are non-zero (i.e., the connection has been established).
 * SYN, FIN, and RST are not set.
 
@@ -643,7 +644,7 @@ reverse direction.
 Set when the all of the following are true:
 
 * The segment size is zero.
-* The window size is non-zero and not equal to the last-seen window size.
+* The window size is non-zero and not equal to the last-seen window size, and there is no valid SACK data.
 * The sequence number is equal to the next expected sequence number.
 * The acknowledgment number is equal to the last-seen acknowledgment number,
 * or to the next expected sequence number when answering to a ZeroWindowProbe.
@@ -722,10 +723,12 @@ data transfer will be found with a longer filter as closing a connection can be
 associated with FIN or RST packets, or even both :
 'tcp.completeness==31 or tcp.completeness==47 or tcp.completeness==63'
 
-Another way to select specific conversation values is to filter on the
-tcp.completeness.str field. Thus, 'tcp.completeness.str matches "(R.*|F)[^D]ASS"'
-will find all 'Complete, NO_DATA' conversations, while the 'Complete, WITH_DATA'
-ones will be found with 'tcp.completeness.str matches "(R.*|F)DASS"'.
+Another way to select specific conversation values is to filter on individual
+flags, the summary field, or a combination of them.
+Thus, '(tcp.completeness.fin==1 || tcp.completeness.rst==1) && tcp.completeness.str contains "DASS"'
+will find all 'Complete, WITH_DATA' conversations, while the 'Complete, NO_DATA'
+ones will be found with
+'(tcp.completeness.fin==1 || tcp.completeness.rst==1) && tcp.completeness.data==0 && tcp.completeness.str contains "ASS"'.
 
 [#ChAdvTimestamps]
 
@@ -756,20 +759,28 @@ While reading or writing capture files, Wireshark converts the time stamp data
 between the capture file format and the internal format as required.
 
 While capturing, Wireshark uses the libpcap (Npcap) capture library which
-supports microsecond resolution. Unless you are working with specialized
-capturing hardware, this resolution should be adequate.
+supports nanosecond resolution for both pcapng and pcap files, though some
+devices may only provide microsecond resolution, in which case that will be
+used. Unless you are working with specialized capturing hardware, this
+resolution should be adequate.
 
 ==== Capture File Formats
 
-Every capture file format that Wireshark knows supports time stamps. The time
-stamp precision supported by a specific capture file format differs widely and
-varies from one second “0” to one nanosecond “0.123456789”. Most file
-formats store the time stamps with a fixed precision (e.g., microseconds), while
-some file formats are even capable of storing the time stamp precision itself
-(whatever the benefit may be).
-
-The common libpcap capture file format that is used by Wireshark (and a lot of
-other tools) supports a fixed microsecond resolution “0.123456” only.
+The vast majority of capture file formats that Wireshark knows support time
+stamps.  The time stamp precision supported by a specific capture file format
+differs widely and varies from one second “0” to one nanosecond “0.123456789”.
+Most file formats store the time stamps with a fixed precision (e.g., microseconds,
+“0.123456”), while some file formats are capable of storing the time stamp
+precision itself or even having a different precision for different records
+in the file (whatever the benefit may be).
+
+The pcapng capture file format supports a wide range of time stamp resolutions,
+which can be different for each interface in the file, as well as records without
+time stamps. The common libpcap capture file format, which is widely supported by
+many other tools, supports two possible fixed resolutions, microsecond or
+nanosecond, indicated by a magic number at the start of the file. Wireshark and
+tools like editcap can convert pcap files with nanosecond resolution to microsecond
+resolution for use with tools that only support the original time stamp precision.
 
 Writing data into a capture file format that doesn’t provide the capability to
 store the actual precision will lead to loss of information. For example, if you
@@ -912,7 +923,7 @@ represent time internally as UTC.  When Wireshark is capturing, no
 conversion is necessary.  However, if the system time zone is not set
 correctly, the system’s UTC time might not be correctly set even if
 the system clock appears to display correct local time.  When capturing,
-Npcap has to convert the time to UTC before supplying it to Wireshark. 
+Npcap has to convert the time to UTC before supplying it to Wireshark.
 If the system’s time zone is not set correctly, that conversion will
 not be done correctly.
 
@@ -1271,14 +1282,17 @@ calculation, also known as checksum offloading. The network driver won’t
 calculate the checksum itself but will simply hand over an empty (zero or
 garbage filled) checksum field to the hardware.
 
-
 [NOTE]
 ====
-Checksum offloading often causes confusion as the network packets to be
-transmitted are handed over to Wireshark before the checksums are actually
-calculated. Wireshark gets these “empty” checksums and displays them as
-invalid, even though the packets will contain valid checksums when they leave
-the network hardware later.
+Checksum offloading often causes confusion as network packets to be
+transmitted are given to Wireshark before they are handed over to the
+hardware. Wireshark gets these “empty” checksums and displays them as
+invalid, even though the packets will contain valid checksums when they
+transit the network.
+
+This only applies to packets that are locally generated by the capture
+point. Received packets will have traveled through network hardware
+and should have correct checksums.
 ====
 
 
@@ -1294,4 +1308,32 @@ You can do two things to avoid this checksum offloading problem:
   Recent releases of Wireshark disable checksum validation by default due to the
   prevalence of offloading in modern hardware and operating systems.
 
+==== Partial Checksums
+
+TCP and UDP checksums are calculated over both the payload and from selected
+elements from the IPv4 or IPv6 header, known as the pseudo header. Linux
+and Windows, when offloading checksums, will calculate the contribution from
+the pseudo header and place it in the checksum field. The driver then directs
+the hardware to calculate the checksum over the payload area, which will
+produce the correct result including the pseudo header's portion of the sum
+as a matter of mathematics.
+
+This precomputation speeds up the hardware checksum calculation later,
+allows the driver to direct the hardware to do checksums over encapsulated
+payloads (__Local Checksum Offload__), and allows applications to send
+the kernel large "superpacket" buffers that will be later divided by
+the hardware into multiple maximum size packets when sent on the network
+(__TCP Segmentation Offload (TSO)__ and __Generic Segmentation Offload (GSO)__).
+
+[NOTE]
+====
+Wireshark 4.2.0 and later can calculate the partial checksum contribution
+from the pseudo header, and when validating TCP and UDP checksums will
+mark partial checksums as valid but partial. The packets with partial
+checksums will not be colored as Bad Checksums by the default coloring rules,
+and will still be used for reassembly. This eliminates spurious checksum
+errors seen on packets transmitted from the capturing host on those platforms
+that use partial checksums when offloading.
+====
+
 // End of WSUG Chapter Advanced
diff --git a/docbook/wsug_src/wsug_build_install.adoc b/doc/wsug_src/wsug_build_install.adoc
index 88199fcf..33035bde 100644
--- a/docbook/wsug_src/wsug_build_install.adoc
+++ b/doc/wsug_src/wsug_build_install.adoc
@@ -70,49 +70,6 @@ On the _Choose Components_ page of the installer you can select from the followi
 * *TShark* - A command-line network protocol analyzer. If you haven’t tried it
   you should.
 
-* *Plugins &amp; Extensions* - Extras for the Wireshark and TShark dissection engines
-
-  - *Codec Plugins* - Additional codec support.
-
-  - *Configuration Profiles* - Additional configuration profiles.
-
-  - *Dissector Plugins* - Additional protocol dissectors.
-
-  - *File Type Plugins - capture file support* - Extend wiretap support for capture file types. (e.g. usbdump)
-
-  - *Mate - Meta Analysis and Tracing Engine* - User configurable extension(s)
-    of the display filter engine, see <<ChMate>> for details.
-
-  - *SNMP MIBs* - SNMP MIBs for a more detailed SNMP dissection.
-
-  - *TRANSUM - performance analysis* - Plugin to calculate Response Time Element (RTE) statistics.
-
-  - *Tree Statistics Plugin* - Extended statistics. (see stats_tree in WSDG; Packet Lengths in WSUG)
-
-* *Tools* - Additional command line tools to work with capture files and troubleshoot
-
-  - *Capinfos* - Print information about capture files.
-
-  - *Captype* - Print the type(format) of capture files.
-
-  - *DFTest* - Show display filter byte-code, for debugging dfilter routines.
-
-  - *Editcap* - Copy packets to a new file, optionally trimming packets, omitting them,
-  or saving to a different format.
-
-  - *Mergecap* - Combine multiple saved capture files into a single output file.
-
-  - *MMDBResolve* - MaxMind Database resolution tool - read IPv4 and IPv6 addresses and
-  print their IP geolocation information.
-
-  - *Randpkt* - Create a pcap trace file full of random packets. (randpkt produces very bad packets)
-
-  - *Rawshark* - Dump and analyze raw pcap data.
-
-  - *Reordercap* - Copy packets to a new file, sorted by time.
-
-  - *Text2Pcap* - Generate a capture file from an ASCII hexdump of packets.
-
 * *External Capture (extcap)* - External Capture Interfaces
 
   - *Androiddump* - Provide capture interfaces from Android devices.
@@ -125,10 +82,6 @@ On the _Choose Components_ page of the installer you can select from the followi
 
   - *UDPdump* - Provide capture interface to receive UDP packets streamed from network devices.
 
-* *Documentation* - Local installation of the User’s Guide and FAQ. The Help buttons on
-  most dialogs will require an internet connection to show help pages if the
-  User’s Guide is not installed locally.
-
 [#ChBuildInstallWinAdditionalTasks]
 
 ==== Additional Tasks
@@ -271,6 +224,7 @@ documentation.
 === Installing Wireshark under macOS
 
 The official macOS packages can be downloaded from the Wireshark {wireshark-main-url}[main page] or the {wireshark-download-url}[download page].
+They are signed by *Wireshark Foundation*.
 Packages are distributed as disk images (.dmg) containing the application bundle.
 Package names contain the platform and version.
 To install Wireshark simply open the disk image and drag _Wireshark_ to your _/Applications_ folder.
diff --git a/docbook/wsug_src/wsug_capture.adoc b/doc/wsug_src/wsug_capture.adoc
index 3029c6c3..7ac3faf4 100644
--- a/docbook/wsug_src/wsug_capture.adoc
+++ b/doc/wsug_src/wsug_capture.adoc
@@ -488,7 +488,11 @@ Information about the folders used for capture files can be found in
 [options="header",cols="2,2,2,3,5"]
 |===
 |File Name|“Create a new file...”|“Use a ring buffer...”|Mode|Resulting filename(s) used
-|-|-|-|Single temporary file|wiresharkXXXXXX.pcap[ng] (where XXXXXX is a unique 6 character alphanumeric sequence)
+|-|-|-|Single temporary file|wireshark_<interface name>XXXXXX.pcap[ng]
+(<interface name> is the "friendly name" of the capture interface if available
+and the system name if not, when capturing on a single interface, and
+"N_interfaces" where N is the number of interfaces, when capturing on
+multiple interfaces; XXXXXX is a unique 6 character alphanumeric sequence.)
 |foo.cap|-|-|Single named file|foo.cap
 |foo.cap|x|-|Multiple files, continuous|foo_00001_20240714110102.cap, foo_00002_20240714110318.cap, ...
 |foo.cap|x|x|Multiple files, ring buffer|foo_00001_20240714110102.cap, foo_00002_20240714110318.cap, ...
diff --git a/docbook/wsug_src/wsug_customize.adoc b/doc/wsug_src/wsug_customize.adoc
index 9ca4a473..21b95ef2 100644
--- a/docbook/wsug_src/wsug_customize.adoc
+++ b/doc/wsug_src/wsug_customize.adoc
@@ -273,6 +273,20 @@ _value_ is the value to which it should be set. Multiple instances of `-o
 <preference settings> ` can be given on a single command line.
 +
 --
+
+[NOTE]
+.Preferences and Profiles
+====
+The preferences you specify on the command line will override any settings
+you have changed in any of your profiles; this includes when switching from
+one profile to another.
+
+If you change a setting using the Preferences dialog
+(see <<ChCustPreferencesSection>>) that you have also set on the command line,
+the command line option will then be ignored, and the setting will change
+as normal when you switch profiles.
+====
+
 An example of setting a single preference would be:
 
 ----
@@ -287,8 +301,8 @@ wireshark -o mgcp.display_dissect_tree:TRUE -o mgcp.udp.callagent_port:2627
 You can get a list of all available preference strings from the
 preferences file. See <<AppFiles>> for details.
 
-User access tables can be overridden using “uat,” followed by
-the UAT file name and a valid record for the file:
+<<ChUserTable,User Accessible Tables>> can be overridden using “uat,”
+followed by the UAT file name and a valid record for the file:
 
 ----
 wireshark -o "uat:user_dlts:\"User 0 (DLT=147)\",\"http\",\"0\",\"\",\"0\",\"\""
@@ -514,7 +528,7 @@ image::images/ws-coloring-fields.png[{screenshot-attrs}]
 
 [#ChCustProtocolDissectionSection]
 
-=== Control Protocol dissection
+=== Control Protocol Dissection
 
 The user can control how protocols are dissected.
 
@@ -651,6 +665,7 @@ These window title strings can contain variables which will be replaced by their
 
 The following variables are available.
 
+* %C = Capture comment from command line
 * %F = File path of the capture file
 * %P = Currently selected profile name
 * %S = Conditional separator (dash) that only shows when surrounded by variables with values or static text
@@ -690,12 +705,12 @@ The _Field Occurrence_ setting is count of the given field in the frame, for fie
 
 Selecting _Resolved_ causes name resolution to be applied to the field value, when available.
 
-==== Fonts and Color
+==== Font and Colors
 
 These preferences give you the option to select the font and colors used in the various packet panes.
 Most usable is to select a mono spaced font, which allows for a cleaner presentation, but using a proportional font is possible too.
 
-.Font and color preferences
+.Font and colors preferences
 image::images/ws-pref-appearance-fonts-and-colors.png[{screenshot-attrs}]
 
 ==== Layout
@@ -706,7 +721,7 @@ These preferences allow you to define the layout of the GUI once a capture file
 image::images/ws-pref-appearance-layout.png[{screenshot-attrs}]
 
 Make sure that you have at least one pane configured to contain the Packet list.
-Three panes can be active at the same time and they can be layed out as shown in the top layer.
+Three panes can be active at the same time and they can be laid out as shown in the top layer.
 The exact sizes of these panes can be changed as needed once a capture file is opened.
 
 Selecting _Show packet list separator_ causes the packet list entries to be slightly set apart, which may improve readability at the cost of the amount of packets shown in the packet list.
@@ -756,6 +771,8 @@ The interface list can always be populated after Wireshark is started via menu:C
 Selecting _Disable external capture interfaces_ prevents Wireshark from spawning extcap programs to list off their capture interfaces.
 This might be a time consuming operation delaying the start of the program, however on most systems this is not an issue.
 
+[#ChCustPrefsExpertSection]
+
 ==== Expert Items
 
 These preferences allow you to modify the severity set for expert items.
@@ -806,14 +823,17 @@ btn:[Copy from]:: Copy the list of user specified display filter buttons from an
 
 The columns in the entries are as follows.
 
-Selecting _Show in toolbar_ causes the column to be shown in the toolbar besides the display filter text entry.
+Selecting _Show in toolbar_ causes the button to be shown in the toolbar besides the display filter text entry.
 
 The _Button Label_ is the text shown on the button in the toolbar.
+The use of a double slash causes the button to create a dropdown list to allow grouping of multiple buttons, e.g. TCP//Syn and TCP//Res.
 
 The _Filter Expression_ is the <<ChWorkBuildDisplayFilterSection,display filter expression>> entered into the display filter text entry when the button is clicked.
 
 The _Comment_ is the comment text which appears in a bubble when the mouse hovers over the button.
 
+[#ChCustPrefsNameSection]
+
 ==== Name Resolution
 
 These preferences allow you to configure which numeric identifiers in protocols are translated into human readable text.
@@ -857,8 +877,12 @@ The _SMI (MIB and PIB) paths_ btn:[Edit...] button provides access to the dialog
 
 The _SMI (MIB and PIB) modules_ btn:[Edit...] button provides access to the dialog to manage the MIB/PIB modules to be loaded.
 
+Selecting _Enable IP geolocation_ causes the background MaxMind database IP geolocation resolver to be used to attempt to geolocate IP addresses in the packets.
+
 The _MaxMind database directories_ btn:[Edit...] button provides access to the dialog to manage the directories where the MaxMind database files can be found. See <<ChMaxMindDbPaths>>.
 
+[#ChCustPrefsProtocolsSection]
+
 ==== Protocols
 
 Wireshark supports quite a few protocols, which is reflected in the long list of child entries of the “Protocols” pane.
@@ -890,8 +914,15 @@ Currently only the IPv4, ICMP and ICMPv6 dissector use this preference.
 Selecting _Ignore duplicate frames_ causes a duplicate frame to appear in the packet list, but flagged as ignored, hence not dissected.
 The determination of a duplicate frame is made based on the SHA256 hash of the bytes in the frame.
 
+The preference _Deinterlacing conversations key_ gives you options for deinterlacing the conversations. While _NONE_ keeps the historical behaviour, the other options
+are built on three keys with the following meanings: _V_ (VLAN), _M_ (Mac Address), _I_ (Interface). Packets which seem identical because they have the
+same payload but have a different value for their VLAN Tag, a MAC Address, or were captured on different interfaces, will then be part of different conversations
+if the respective deinterlacing key is activated.
+
 The preference _The max number of hashes to keep in memory for determining duplicate frames_ allows you to set how large the set of frames to consider for duplication is.
 
+[#ChCustPrefsRSASection]
+
 ==== RSA Keys
 
 For more information see {wireshark-wiki-url}TLS.
@@ -969,47 +1000,13 @@ Configuration files stored in each profile include:
 
 * Display Filters (dfilters) (<<ChWorkDefineFilterSection>>)
 
+* Display Filter Macros (dmacros) (<<ChWorkDefineFilterMacrosSection>>)
+
 * Coloring Rules (colorfilters) (<<ChCustColorizationSection>>)
 
 * Disabled Protocols (disabled_protos) (<<ChAdvEnabledProtocols>>)
 
-* User Accessible Tables:
-+
---
-* Custom HTTP headers (custom_http_header_fields)
-
-* Custom IMF headers (imf_header_fields)
-
-* Custom LDAP AttributeValue types (custom_ldap_attribute_types)
-
-* Display Filter Macros (dfilter_macros) (<<ChDisplayFilterMacrosSection>>)
-
-* ESS Category Attributes (ess_category_attributes)
-  (<<ChEssCategoryAttributes>>)
-
-* MaxMind Database Paths (maxmind_db_paths) (<<ChMaxMindDbPaths>>)
-
-* K12 Protocols (k12_protos) (<<ChK12ProtocolsSection>>)
-
-* Object Identifier Names and Associated Syntaxes (<<ChObjectIdentifiers>>)
-
-* PRES Users Context List (pres_context_list) (<<ChPresContextList>>)
-
-* SCCP Users Table (sccp_users) (<<ChSccpUsers>>)
-
-* SNMP Enterprise Specific Trap Types (snmp_specific_traps)
-  (<<ChSNMPEnterpriseSpecificTrapTypes>>)
-
-* SNMP Users (snmp_users) (<<ChSNMPUsersSection>>)
-
-* User DLTs Table (user_dlts) (<<ChUserDLTsSection>>)
-
-* IKEv2 decryption table (ikev2_decryption_table) (<<ChIKEv2DecryptionSection>>)
-
-* Protobuf Search Paths (protobuf_search_paths) (<<ChProtobufSearchPaths>>)
-
-* Protobuf UDP Message Types (protobuf_udp_message_types) (<<ChProtobufUDPMessageTypes>>)
---
+* Most User Accessible Tables (<<ChUserTable>>)
 
 * Changed dissector assignments (__decode_as_entries__), which can be set in the “Decode
   As...” dialog box (<<ChAdvDecodeAs>>).
@@ -1053,6 +1050,10 @@ profile currently selected in the list. The name of the created profile
 is the same as the copied profile, with the text “(copy)” and is
 highlighted so that you can more easily change it.
 
+Auto switch packet limit::
+The number of packets to check for automatic profile switching, described below.
+Setting this to zero disables automatic profile switching.
+
 btn:[Import]::
 Profiles can be imported from zip-archives as well as directly from directory
 structures. Profiles, which already exist by name will be skipped, as well as
@@ -1074,46 +1075,92 @@ added and deleted profiles will not be deleted.
 btn:[Help]::
 Show this help page.
 
+==== Automatic Profile Switching
+
+You can configure Wireshark to automatically change configuration profiles by adding a display filter to the "Auto Switch Filter" setting for a profile.
+When you open a capture file, Wireshark will check each filter against a limited number of packets and will switch to the first profile with a matching filter.
+The number of packets is determined by the "Auto switch packet limit" setting, and a limit of 0 will disable this feature.
+Manually changing your profile will disable this behavior until you open a different capture file.
+
 [#ChUserTable]
 
-=== User Table
+=== User Accessible Tables
 
-The User Table editor is used for managing various tables in Wireshark. Its main
-dialog works very similarly to that of <<ChCustColorizationSection>>.
+User Accessible Tables are a type of preference table which may be
+associated with particular <<ChCustPrefsProtocolsSection,protocols>> or
+with the application as a whole.
 
-[#ChDisplayFilterMacrosSection]
+User Accessible Tables have a common editor dialog which works as described
+in <<ChCustPrefsExpertSection>> and <<ChCustFilterButtons>>. Note that
+the name of the file appears in the lower right corner of the dialog.
 
-=== Display Filter Macros
+The files are saved in a CSV format, where values are either double quoted
+ASCII strings (using C-style backslash escapes for non-printable characters)
+or unquoted hexstrings, depending on the field type. They can be edited directly
+when Wireshark is not running, though this is discouraged. Entries can
+also be appended to the table by passing an appropriate CSV formatted
+record string <<ChCustCommandLine,on the command line>>.
 
-Display Filter Macros are a mechanism to create shortcuts for complex filters.
-For example, defining a display filter macro named _$$tcp_conv$$_ whose text is
+// There's a number of newer dissector UATs that aren't mentioned here
+// and could use help sections.
 
-----
-(ip.src == $1 and ip.dst == $2 and tcp.srcport == $3 and tcp.dstport == $4)
-or (ip.src == $2 and ip.dst == $1 and tcp.srcport == $4 and tcp.dstport == $3)
-----
+Most UATs are stored in the
+<<ChCustConfigProfilesSection,configuration profile>>:
+
+--
+* Custom HTTP headers (custom_http_header_fields)
 
-would allow to use a display filter like
+* Custom IMF headers (imf_header_fields)
 
-----
-${tcp_conv:10.1.1.2;10.1.1.3;1200;1400}
-----
+* Custom LDAP AttributeValue types (custom_ldap_attribute_types)
 
-instead of typing the whole filter. Once defined, a macro can
-be used in <<ChWorkDefineFilterSection,saved display (but not
-capture) filters>> and <<ChCustFilterButtons,filter buttons>>.
+* <<ChCustFilterButtons,Display Filter Buttons>> (dfilter_buttons)
 
-Display Filter Macros can be managed with a user table, as described in
-<<ChUserTable>>, by selecting menu:Analyze[Display Filter Macros] from
-the menu.  The User Table has the following fields:
+* <<ChWorkDefineFilterMacrosSection,Display Filter Macros>> (dfilter_macros), prior to Wireshark 4.4
 
-Name::
-The name of the macro. The name must consist of ASCII alphanumerics or
-the '_' character. (Note that the presence of a '.' character would
-indicate a <<_field_references,field reference>>.)
+* <<ChCustPrefsNameSection,DNS Servers>> (addr_resolve_dns_servers)
+
+* <<ChEssCategoryAttributes,ESS Category Attributes>> (ess_category_attributes)
+
+* <<ChCustPrefsExpertSection,Expert Item Severity>> (expert_severity)
+
+* <<Ch80211Keys,IEEE 802.11 WLAN Decryption Keys>> (80211_keys)
+
+* <<ChIKEv2DecryptionSection,IKEv2 decryption table>> (ikev2_decryption_table)
+
+* <<ChStatIOGraphs,I/O Graphs>> (io_graphs)
+
+* <<ChK12ProtocolsSection,K12 Protocols>> (k12_protos)
+
+* <<ChObjectIdentifiers,Object Identifier Names and Associated Syntaxes>> ()
+
+* <<ChStatPacketLengths,Packet Lengths>> (packet_lengths)
+
+* <<ChPresContextList,PRES Users Context List>> (pres_context_list)
+
+* <<ChSccpUsers,SCCP Users Table>> (sccp_users)
+
+* <<ChSNMPEnterpriseSpecificTrapTypes,SNMP Enterprise Specific Trap Types>> (snmp_specific_traps)
+
+* <<ChSNMPUsersSection,SNMP Users>> (snmp_users)
+
+* <<ChUserDLTsSection,User DLTs Table>> (user_dlts)
+
+* <<ChProtobufSearchPaths,Protobuf Search Paths>> (protobuf_search_paths)
+
+* <<ChProtobufUDPMessageTypes,Protobuf UDP Message Types>> (protobuf_udp_message_types)
+--
+
+Other UATs are stored in the personal configuration directory and are
+common to all profiles:
+
+--
+* <<ChMaxMindDbPaths,MaxMind Database Paths>> (maxmind_db_paths)
+
+* <<ChCustPrefsRSASection,RSA Private Keys>> (rsa_keys) and <<ChCustPrefsRSASection,PKCS #11 Provider Libraries>> (pkcs11_libs)
 
-Text::
-The replacement text for the macro it uses $1, $2, $3, ... as the input arguments.
+* <<ChCustPrefsNameSection,SMI Modules>> (smi_modules) and <<ChCustPrefsNameSection,SMI Paths>> (smi_paths)
+--
 
 [#ChEssCategoryAttributes]
 
@@ -1148,9 +1195,18 @@ Database pathname::
 This specifies a directory containing MaxMind data files. Any files
 ending with _.mmdb_ will be automatically loaded.
 
-The locations for your data files are up to you, but `/usr/share/GeoIP`
-and `/var/lib/GeoIP` are common on Linux and `C:\ProgramData\GeoIP`,
-`C:\Program Files\Wireshark\GeoIP` might be good choices on Windows.
+By default Wireshark will always search for data files in
+`/usr/share/GeoIP` and `/var/lib/GeoIP` on non-Windows platforms
+and in `C:\ProgramData\GeoIP` and `C:\GeoIP` on Windows. You can
+put any additional search paths here, e.g. `C:\Program Files\Wireshark\GeoIP`
+might be a good choice on Windows.
+
+[NOTE]
+====
+While the default search paths are not listed in the user table, they
+are in the list viewable by opening menu:Help[About Wireshark] and
+selecting the "Folders" tab.
+====
 
 [#ChGeoIPDbPaths]
 
@@ -1160,6 +1216,191 @@ except GeoIP files must begin with _Geo_ and end with _.dat_. They are
 no longer supported and MaxMind stopped distributing GeoLite Legacy
 databases in April 2018.
 
+[#Ch80211Keys]
+
+=== IEEE 802.11 WLAN Decryption Keys
+
+Wireshark can decrypt WEP and WPA/WPA2/WPA3 in pre-shared (or personal) mode,
+as well as in enterprise mode. Security improvements in more recent 802.11
+releases require distinct session keys, instead of being able to decipher
+all traffic to a given access point with a single known password and SSID.
+
+You can add decryption keys using Wireshark's IEEE 802.11 preferences.
+Up to 64 keys are supported.
+
+==== Adding Keys
+
+Go to menu:Edit[Preferences >Protocols >IEEE 802.11], or, from the pop-up menu
+in the "Packet List" or "Packet Details" pane from a frame that contains IEEE
+802.11, menu:Protocol Preferences[IEEE 802.11 wireless LAN].
+You should see a window that looks like this:
+
+."IEEE 802.11 wireless LAN" preferences
+image::images/ws-wireless-ieee-80211-pref.png[{screenshot-attrs}]
+
+Click on the "Edit..." button next to "Decryption Keys" to add keys.
+You should see a window that looks like this:
+
+.802.11 Decryption Key Types
+image::images/ws-wireless-key-type.png[{screenshot-attrs}]
+
+When you click the **+** button to add a new key, there are five key types you
+can choose from: **wep**, **wpa-pwd**, **wpa-psk**, **tk**, or **msk**.
+The correct key type(s) depend on the Cipher Suite and Authentication and
+Key Management Suite (AKMS) used to encrypt the wireless traffic.
+
+wep:: The key must be provided as a string of hexadecimal numbers, with or
+without colons, and will be parsed as a WEP key. WEP keys can be 40-bit
+(5 bytes, or 10 hexadecimal characters), 104-bit, or occasionally 128-bit:
+
+ a1:b2:c3:d4:e5
+
+ 0102030405060708090a0b0c0d
+
+wpa-pwd:: The password and SSID are used to create a raw pre-shared WPA key.
+The password can be between 8 and 63 characters, and the SSID can be up to
+32 bytes. (Typically both are printable ASCII, but that is not a hard
+limitation of the specification, only a recommendation.)
+
+ MyPassword:MySSID
+
+You can optionally omit the colon and SSID, and Wireshark will try to decrypt
+packets using the last-seen SSID. This may not work for captures taken in busy
+environments, since the last-seen SSID may not be correct.
+
+ MyPassword
+
+[NOTE]
+====
+The WPA passphrase and SSID let you encode non-printable or otherwise troublesome
+characters using URI-style percent escapes, e.g., `%20` for a space. As a result
+you have to escape the percent characters themselves using `%25`. You also *must*
+escape colons in the passphrase or SSID themselves as `%3a`, in order to
+distinguish them from a colon as a separator between the passphrase and SSID.
+====
+
+[WARNING]
+====
+The WPA pass-phrase and SSID method is for WPA/WPA2-Personal only. It will
+not work for WPA3-Personal, which uses SAE (Simultaneous Authentication of
+Equals), nor for the Enterprise / 802.1X / EAP modes.
+====
+
+wpa-psk:: The key must be provided as a hexadecimal string, and is parsed as a
+PSK (Pre-Shared Key) or PMK (Pairwise Master Key). For WPA/WPA2-Personal,
+the PSK and the PMK are identical, and directly derived from the passphrase
+and SSID above. The keys can be 256 bits (32 bytes, 64 hex characters) or
+384 bits (48 bytes, 96 hex characters).
+
+ 0102030405060708091011...6061626364
+
+tk:: The key must be provided as a hexadecimal string, and is parsed as a
+PTK (Pairwise Transient Key) or GTK (Group Temporal Key). The keys can
+be 16 or 32 bytes (128 or 256 bits), depending on the cipher suite used.
+(5 and 13 byte WEP TKs are not yet supported.)
+
+msk:: The key must be provided as a hexadecimal string, and is parsed as
+a MSK (Master Session Key). This is used for FT-EAP (IEEE 802.11r
+Fast BSS Transition with EAP authentication). The key can be 64 or 128
+bytes.
+
+.802.11 Decryption Key Examples
+image::images/ws-wireless-key-examples.png[{screenshot-attrs}]
+
+////
+AirPcap was discontinued so this sections from the Wiki isn't relevant for many people currently
+==== Adding Keys: Wireless Toolbar
+
+If you are using the Windows version of Wireshark and you have an [AirPcap](/AirPcap) adapter you can add decryption keys using the wireless toolbar. If the toolbar isn't visible, you can show it by selecting *View-\>Wireless Toolbar*. Click on the *Decryption Keys...* button on the toolbar:
+
+![dot11-wireless-toolbar.png](uploads/__moin_import__/attachments/HowToDecrypt802.11/dot11-wireless-toolbar.png "dot11-wireless-toolbar.png")
+
+This will open the decryption key management window. As shown in the window you can select between three decryption modes: **None**, **Wireshark**, and **Driver**:
+
+![dot11-key-management.png](uploads/__moin_import__/attachments/HowToDecrypt802.11/dot11-key-management.png "dot11-key-management.png")
+
+Selecting **None** disables decryption. Selecting **Wireshark** uses Wireshark's built-in decryption features. **Driver** will pass the keys on to the [AirPcap](/AirPcap) adapter so that 802.11 traffic is decrypted before it's passed on to Wireshark. Driver mode only supports WEP keys.
+////
+
+==== Gotchas
+
+Along with decryption keys there are other preference settings that affect decryption.
+
+  - Make sure *Enable decryption* is selected.
+
+  - You may have to toggle *Assume Packets Have FCS* and *Ignore the Protection bit* depending on how your 802.11 driver delivers frames.
+
+===== Capturing the 4-way Handshake
+
+WPA and WPA2 use keys derived from an EAPOL handshake, which occurs when a machine joins a Wi-Fi network, to encrypt traffic. Unless **all four** handshake packets are present for the session you're trying to decrypt, Wireshark won't be able to decrypt the traffic. You can use the display filter **eapol** to locate EAPOL packets in your capture.
+
+In order to capture the handshake for a machine, you will need to force the machine to (re-)join the network while the capture is in progress. One way to do this is to put the machine to sleep (for smartphones and tablets, "turning off" the machine puts it to sleep) before you start the capture, start the capture, and then wake the machine up. You will need to do this for all machines whose traffic you want to see.
+
+If a TK is provided as a key, then the EAPOL 4-way handshake is not necessary,
+as the TK is what the handshake derives. However, all available TKs will be
+tried agi
+
+===== Too Many Associations
+
+WPA and WPA2 use individual keys for each device. Wireshark is able to handle
+up to 256 active associations, which should be enough in most circumstances.
+Nevertheless, if a capture has too many devices and too many associations, then
+while the packet list may show all packets decoded on the first pass, randomly
+accessing different packets in the packet details will result in some packets
+failing to be properly deciphered.
+
+Filtering out only the relevant packets (e.g. with "wlan.addr") and saving into
+a new file should get decryption working in all cases, though it may require
+editing keys in the preferences or restarting Wireshark in order to free used
+associations. For the same reason, it is possible to be able to decode packets
+in a capture file without any EAPOL packets in it, as long as Wireshark did see
+the handshake for this communication in another capture without being
+restarted or editing keys. This can sometimes lead to exporting selected
+packets to a new file, opening that file and decoding seeming to work, but
+then decoding suddenly fail on the new file after Wireshark is restarted or keys
+are edited. If decoding suddenly stops working on a capture make sure the needed
+EAPOL packets are still in it.
+
+===== WPA/WPA2 Enterprise/Rekeys
+
+As long as you can somehow extract the PMK from either the client or the Radius
+Server and configure the key (as PSK) all supported Wireshark versions will decode
+the traffic just fine up to the first EAPOL rekey.
+
+EAPoL rekey is often enabled for WPA/WPA2 enterprise and will change the used
+encryption key similar to the procedure for the initial connect, but it can also
+be configured and used for pre-shared (personal) mode.
+
+Decrypting IEEE 802.11r Fast BSS Transition roaming requires capturing
+reassociation frames for similar reasons, and is supported by recent
+Wireshark versions.
+
+===== WPA3 Per-Connection Decryption
+
+In WPA3, a different PMK is used for each connection in order to achieve forward
+secrecy. Capturing the 4-way handshake and knowing the network password is not
+enough to decrypt packets; you must obtain the PMK from either the client or
+access point (typically by enabling logging in `wpa_supplicant` or `hostapd`
+with the `-d -K` flags) and use this as the decryption key in Wireshark. Even
+then, the decryption will only work for packets between that client and access
+point, not for all devices on that network.
+
+===== TKs and Performance
+
+The TKs are the actual transient keys used to encrypt packets, which are derived
+during the handshake. If known, they can decrypt packets without having the
+handshake packets in a capture. However, having TKs as encryption keys in the
+table will affect IEEE 802.11 dissector performance as each encrypted
+packet will be tested against every TK until decryption is successful.
+If the table is configured with many TKs, none of which match any
+encrypted frame in the capture, performance can be slow.
+
+Once a match is found, an association is formed similar to in the usual
+method and decryption of other frames with the same key should be on
+par with normal decryption flow. Thus, if most frames in the capture
+match TKs (or other keys), and only a limited number of TKs are configured,
+the performance impact is slight.
+
 [#ChIKEv2DecryptionSection]
 
 === IKEv2 decryption table
@@ -1212,6 +1453,9 @@ Integrity algorithm of the IKE_SA.
 
 === Object Identifiers
 
+// This table appears under the BER dissector, perhaps it should be moved
+// to the "Name Resolution" preference section?
+
 Many protocols that use ASN.1 use Object Identifiers (OIDs) to uniquely identify
 certain pieces of information. In many cases, they are used in an extension
 mechanism so that new object identifiers (and associated values) may be defined
@@ -1346,7 +1590,7 @@ different SNMP-engines the first entry to match both is taken, if you need a
 catch all engine-id (empty) that entry should be the last one.
 
 Authentication model::
-Which auth model to use (either “MD5” or “SHA1”).
+Which auth model to use (either “MD5”, “SHA1”, "SHA2-224", "SHA2-256", "SHA2-384" or "SHA2-512").
 
 Password::
 The authentication password. Use _\xDD_ for unprintable characters. A
@@ -1356,7 +1600,7 @@ _\x01\x02\x03\x04\x05\x06_. The _\_ character must be treated as an unprintable
 character, i.e., it must be entered as _\x5C_ or _\x5c_.
 
 Privacy protocol::
-Which encryption algorithm to use (either “DES” or “AES”).
+Which encryption algorithm to use (either “DES”, “AES”, "AES192" or "AES256").
 
 Privacy password::
 The privacy password. Use _\xDD_ for unprintable characters. A hexadecimal
@@ -1365,6 +1609,11 @@ password 010203040506 must be entered as _\x01\x02\x03\x04\x05\x06_. The _\_
 character must be treated as an unprintable character, i.e., it must be entered
 as _\x5C_ or _\x5c_.
 
+Key expansion method::
+Which method to use to expand the key when the generated key provides too few bytes
+for the selected encryption method (either based on "draft-reeder-snmpv3-usm-3desede-00" or
+as implemented in AGENT++).
+
 [#ChK12ProtocolsSection]
 
 === Tektronix K12xx/15 RF5 protocols Table
diff --git a/docbook/wsug_src/wsug_files.adoc b/doc/wsug_src/wsug_files.adoc
index 3c4364bb..7819d484 100644
--- a/docbook/wsug_src/wsug_files.adoc
+++ b/doc/wsug_src/wsug_files.adoc
@@ -19,7 +19,7 @@ format as the default format to save captured packets. It is very flexible
 but other tools may not support it.
 
 Wireshark also supports the
-link:https://gitlab.com/wireshark/wireshark/-/wikis/Development/LibpcapFileFormat[libpcap] file
+{wireshark-wiki-url}/Development/LibpcapFileFormat[libpcap] file
 format. This is a much simpler format and is well established. However, it has
 some drawbacks: it’s not extensible and lacks some information that would be
 really helpful (e.g., being able to add a comment to a packet such as “the
@@ -49,7 +49,7 @@ The following data is saved for each packet:
 * The packet’s raw bytes
 
 A detailed description of the libpcap file format can be found at
-https://gitlab.com/wireshark/wireshark/-/wikis/Development/LibpcapFileFormat
+{wireshark-wiki-url}Development/LibpcapFileFormat
 
 [#ChIOFileNotContentSection]
 
@@ -162,9 +162,9 @@ _/usr/local/etc_.
 |_cfilters_|Capture filters.
 |_colorfilters_|Coloring rules.
 |__dfilter_buttons__|Display filter buttons.
-|__dfilter_macros__|Display filter macros.
 |_dfilters_|Display filters.
 |__disabled_protos__|Disabled protocols.
+|__dmacros__|Display filter macros.
 |_ethers_|Ethernet name resolution.
 |_hosts_|IPv4 and IPv6 name resolution.
 |_ipxnets_|IPX name resolution.
@@ -176,6 +176,7 @@ _/usr/local/etc_.
 |_ss7pcs_|SS7 point code resolution.
 |_subnets_|IPv4 subnet name resolution.
 |_vlans_|VLAN ID name resolution.
+|_wka_|Well-known MAC addresses.
 |===
 
 [discrete]
@@ -243,29 +244,6 @@ When you save any changes to the filter buttons, all the current display
 filter buttons are written to the personal display filter buttons file.
 --
 
-dfilter_macros::
-+
---
-This file contains all the display filter macros that you have defined and saved.
-It consists of one or more lines, where each line has the following format:
-
-----
-"<macro name>" <filter string>
-----
-
-At program start, if there is a __dfilter_macros__ file in the personal
-configuration folder, it is read. If there isn’t a __dfilter_macros__ file
-in the personal configuration folder, then, if there is a __dfilter_macros__
-file in the global configuration folder, it is read.
-
-When you press the Save button in the "Display Filter Macros" dialog box,
-all the current display filter macros are written to the personal display
-filter macros file.
-
-More information about Display Filter Macros is available in
-<<ChDisplayFilterMacrosSection>>
---
-
 dfilters::
 +
 --
@@ -309,6 +287,35 @@ the current set of disabled protocols is written to the personal
 disabled protocols file.
 --
 
+dmacros::
++
+--
+This file contains all the display filter macros that you have defined and saved.
+It consists of one or more lines, where each line has the following format:
+
+----
+"<macro name>" <macro expression>
+----
+
+At program start, if there is a __dmacros__ file in the personal
+configuration folder, it is read. If there isn’t a __dmacros__ file
+in the personal configuration folder, then, if there is a __dmacros__
+file in the global configuration folder, it is read.
+
+In versions of Wireshark prior to 4.4, the display filter macros were
+stored in a __dfilter_macros__ file with a somewhat different format,
+a <<ChUserTable,UAT>>. At program start if the __dmacros__ file
+is not found a __dfilter_macros__ file is looked for in the personal and
+global configuration folders and converted to the new format.
+
+When you press the Save button in the "Display Filter Macros" dialog box,
+all the current display filter macros are written to the personal display
+filter macros file.
+
+More information about Display Filter Macros is available in
+<<ChWorkDefineFilterMacrosSection>>
+--
+
 ethers::
 +
 --
@@ -317,10 +324,13 @@ a name, it consults the _ethers_ file in the personal configuration
 folder first.  If the address is not found in that file, Wireshark
 consults the _ethers_ file in the system configuration folder.
 
-This file has the same format as the _/etc/ethers_ file on some Unix-like systems.
+This file has a similar format to the _/etc/ethers_ file on some Unix-like systems.
 Each line in these files consists of one hardware address and name separated by
-whitespace. The digits of hardware addresses are separated by colons (:), dashes
-(-) or periods(.). The following are some examples:
+whitespace (tabs or spaces). The hardware addresses are expressed as pairs
+of hexadecimal digits separated by colons (:), dashes (-), or periods(.), with
+the same separator used in the entire address. A `#` can be used to indicate
+a comment that extends to the rest of the line. NIS lookups, as in some
+UNIX-like systems, are not supported. The following are some examples:
 
 ----
 ff-ff-ff-ff-ff-ff    Broadcast
@@ -381,12 +391,17 @@ be translated to a name, and never written by Wireshark.
 manuf::
 +
 --
-At program start, if there is a _manuf_ file in the global configuration folder, it is read.
+At program start, if there is a _manuf_ file in the global configuration
+folder, it is read first.  Then, if there is a _manuf_ file in the personal
+configuration folder, that is read; if there is an entry for a given address
+prefix in both files, the setting in the personal file overrides the entry
+in the global file.
 
 The entries in this file are used to translate MAC address prefixes into short and long manufacturer names.
 Each line consists of a MAC address prefix followed by an abbreviated manufacturer name and the full manufacturer name.
 Prefixes 24 bits long by default and may be followed by an optional length.
-Note that this is not the same format as the _ethers_ file.
+Note that this is not the same format as the _ethers_ file, which does not
+allow prefix lengths.
 
 Examples are:
 
@@ -395,6 +410,15 @@ Examples are:
 00:50:C2:00:30:00/36      Microsof        Microsoft
 ----
 
+In earlier versions of Wireshark, official information from the IEEE
+Registration Authority was distributed in this format as the _manuf_ file
+in the global configuration folder. In current versions of Wireshark, this
+information is compiled into the program to speed startup, but if a file
+is present in the global configuration folder it is still read, and can
+be used to supplement or replace the official data just as the personal
+file does. The compiled-in information can be written out in this format
+as a report with `tshark -G manuf`.
+
 The settings from this file are read in at program start and never written by Wireshark.
 --
 
@@ -455,7 +479,9 @@ At program start, if there is a _services_ file in the global
 configuration folder, it is read first.  Then, if there is a _services_
 file in the personal configuration folder, that is read; if there is an
 entry for a given port number in both files, the setting in the personal
-hosts file overrides the entry in the global hosts file.
+_services_ file overrides the entry in the global _services_ file.
+The format is that of the standard _services(5)_ file on UNIX-compatible
+systems.
 
 An example is:
 
@@ -464,6 +490,15 @@ mydns       5045/udp     # My own Domain Name Server
 mydns       5045/tcp     # My own Domain Name Server
 ----
 
+In earlier versions of Wireshark, official information from the IANA
+Service Name and Transport Protocol Port Number Registry was distributed
+in this format as the _services_ file in the global configuration folder.
+In current versions of Wireshark, this information is compiled into the
+program to speed startup, but if a file is present in the global configuration
+folder it is still read, and can be used to supplement or replace the official
+data just as the personal file does. The compiled-in information can be
+written out in this format as a report with `tshark -G services`.
+
 The settings from these files are read in at program start and never
 written by Wireshark.
 --
@@ -490,7 +525,7 @@ Wireshark.
 subnets::
 +
 --
-Wireshark uses the __subnets__ files to translate an IPv4 address into a
+Wireshark uses the __subnets__ file to translate an IPv4 address into a
 subnet name.  If no exact match from a __hosts__ file or from DNS is
 found, Wireshark will attempt a partial match for the subnet of the
 address.
@@ -519,6 +554,12 @@ printed address would be “ws_test_network.0.1”.
 
 The settings from these files are read in at program start and never
 written by Wireshark.
+
+The __subnets__ file also changes the behavior of the Endpoints and
+Conversations Statistics dialogs for the IPv4 protocol when the IPv4 user
+preference _Aggregate subnets in Statistics Dialogs_ is enabled. In this
+case, when an IPv4 address matches a subnet, the statistics dialog will
+show this subnet instead of the IPv4 address.
 --
 
 vlans::
@@ -540,6 +581,20 @@ The settings from this file are read in at program start or when changing
 the active profile and are never written by Wireshark.
 --
 
+wka::
++
+--
+At program start, if there is a _wka_ file in the global configuration folder,
+it is read.
+
+The entries in this file are used to translate MAC addresses and MAC address
+prefixes into names. The format is that of the _manuf_ file. This file is
+distributed with Wireshark, and contains data assembled from various non IEEE
+but respected sources.
+
+The settings from this file are read in at program start and never written by Wireshark.
+--
+
 [#ChPluginFolders]
 
 === Plugin folders
diff --git a/docbook/wsug_src/wsug_howitworks.adoc b/doc/wsug_src/wsug_howitworks.adoc
index 13cb8176..13cb8176 100644
--- a/docbook/wsug_src/wsug_howitworks.adoc
+++ b/doc/wsug_src/wsug_howitworks.adoc
diff --git a/docbook/wsug_src/wsug_introduction.adoc b/doc/wsug_src/wsug_introduction.adoc
index 78f32f57..1cfbfe4f 100644
--- a/docbook/wsug_src/wsug_introduction.adoc
+++ b/doc/wsug_src/wsug_introduction.adoc
@@ -266,7 +266,7 @@ mailto:{wireshark-dev-list-email}[].
 
 You can get the latest copy of the program from the Wireshark website at {wireshark-download-url}.
 The download page should automatically highlight the appropriate download for your platform and direct you to the nearest mirror.
-Official Windows and macOS installers are signed using trusted certificates on those platforms.
+Official Windows and macOS installers are signed by *Wireshark Foundation* using trusted certificates on those platforms.
 macOS installers are additionally notarized.
 
 A new Wireshark version typically becomes available every six weeks.
@@ -275,7 +275,7 @@ If you want to be notified about new Wireshark releases you should subscribe to
 You will find more details in <<ChIntroMailingLists>>.
 
 Each release includes a list of file hashes which are sent to the wireshark-announce mailing list and placed in a file named SIGNATURES-_x_._y_._z_.txt.
-Announcement messages are archived at https://www.wireshark.org/lists/wireshark-announce/ and SIGNATURES files can be found at https://www.wireshark.org/download/src/all-versions/.
+Announcement messages are archived at https://lists.wireshark.org/archives/wireshark-announce/ and SIGNATURES files can be found at https://www.wireshark.org/download/src/all-versions/.
 Both are GPG-signed and include verification instructions for Windows, Linux, and macOS.
 As noted above, you can also verify downloads on Windows and macOS using the code signature validation features on those systems.
 
diff --git a/docbook/wsug_src/wsug_io.adoc b/doc/wsug_src/wsug_io.adoc
index df8fced7..5cf4b038 100644
--- a/docbook/wsug_src/wsug_io.adoc
+++ b/doc/wsug_src/wsug_io.adoc
@@ -703,10 +703,13 @@ some features to handle these file sets in a convenient way.
 
 .How does Wireshark detect the files of a file set?
 ****
-A filename in a file set uses the format Prefix_Number_DateTimeSuffix which
-might look something like `test_00001_20240714183910.pcap`. All files of a file
+A filename in a file set uses the format Prefix_Number_DateTimeSuffix (or,
+in Wireshark 4.4.0 and later, Prefix_DateTime_NumberSuffix) which might
+look something like `test_00001_20240714183910.pcap`. All files of a file
 set share the same prefix (e.g., “test”) and suffix (e.g., “.pcap”) and a
-varying middle part.
+varying middle part. Files are also allowed to have a second compression
+suffix of types that Wireshark can open; the compression suffix does not
+have to match for all files in a set.
 
 To find the files of a file set, Wireshark scans the directory where the
 currently loaded file resides and checks for files matching the filename pattern
@@ -1023,7 +1026,7 @@ NOTE: As a developer you can add any dissector to the existing list or define a
 +
 NOTE: The file produced has a `Wireshark Upper PDU` encapsulation type that has somewhat limited support outside of Wireshark, but is very flexible and can contain PDUs for any protocol for which there is a Wireshark dissector.
 
-[#ChIOStripHeaders]
+[#ChIOStripHeadersDialog]
 
 ==== The “Strip Headers...” Dialog Box
 
diff --git a/docbook/wsug_src/wsug_mate.adoc b/doc/wsug_src/wsug_mate.adoc
index 6de78c70..9df35551 100644
--- a/docbook/wsug_src/wsug_mate.adoc
+++ b/doc/wsug_src/wsug_mate.adoc
@@ -17,7 +17,7 @@ was written to help troubleshooting gateways and other systems where a "use"
 involves more protocols. However, MATE can be used as well to analyze other
 issues regarding an interaction between packets like response times,
 incompleteness of transactions, presence/absence of certain attributes in a
-group of PDUs and more.
+group of Protocol Data Units (PDUs) and more.
 
 MATE is a Wireshark plugin that allows the user to specify how different
 frames are related to each other. To do so, MATE extracts data from the frames'
@@ -47,24 +47,25 @@ that timeout)
 
 These are the steps to try out MATE:
 
-* Run Wireshark and check if the plugin is installed correct (MATE should
-appear in Help->About->Plugins)
-* Get a configuration file e.g., tcp.mate (see {wireshark-wiki-url}Mate/Examples[Mate/Examples]
+* Run Wireshark and check if the plugin is installed (MATE should
+appear in Help->About Wireshark:Plugins)
+* Get a configuration file e.g., <<File_tcp_mate,tcp.mate>> (see {wireshark-wiki-url}Mate/Examples[Mate/Examples]
 for more) and place it somewhere on your harddisk.
-* Go to Preferences->Protocols->MATE and set the config filename to the file
-you want to use (you don't have to restart Wireshark)
+* Go to Edit->Preferences...->Protocols->MATE and set the Configuration Filename to the file
+you want to use and restart Wireshark.
 * Load a corresponding capture file (e.g.,
 {wireshark-wiki-url}uploads/27707187aeb30df68e70c8fb9d614981/http.cap[http.cap]) and see if MATE
 has added some new display filter fields, something like: `mate tcp_pdu:1->tcp_ses:1`
 or, at prompt: `path_to/wireshark -o "mate.config: tcp.mate" -r http.cap`.
 
-If anything went well, your packet details might look something like this:
+If everything went well, your packet details might look something like this:
 
+.Packet Details - MATE TCP Session (tcp.mate)
 image::images/ws-mate-tcp-output.png[]
 
 [#ChMateManual]
 
-=== MATE Manual
+=== MATE Overview
 
 ==== Introduction
 
@@ -81,45 +82,53 @@ will use the term "PDU" to refer to the objects created by MATE containing the
 relevant information extracted from the frame; I'll use "frame" to refer to the
 "raw" information extracted by the various dissectors that pre-analyzed the frame.
 
-For every PDU, MATE checks if it belongs to an existing "Group of PDUs" (Gop).
-If it does, it assigns the PDU to that Gop and moves any new relevant attributes
-to the Gop's attribute list. How and when do PDUs belong to Gops is described
+For every PDU, MATE checks if it belongs to an existing "Group of PDUs" (GOP).
+If it does, it assigns the PDU to that GOP and moves any new relevant attributes
+to the GOP's attribute list. How and when do PDUs belong to GOPs is described
 in the configuration file as well.
 
-Every time a Gop is assigned a new PDU, MATE will check if it matches the
-conditions to make it belong to a "Group of Groups" (Gog). Naturally the
-conditions that make a Gop belong to a Gog are taken from the configuration
+Every time a GOP is assigned a new PDU, MATE will check if it matches the
+conditions to make it belong to a "Group of Groups" (GOG). Naturally the
+conditions that make a GOP belong to a GOG are taken from the configuration
 file as well.
 
 Once MATE is done analyzing the frame it will be able to create a "protocol"
-tree for each frame based on the PDUs, the Gops they belong to and naturally any
-Gogs the former belongs to.
+tree for each frame based on the PDUs, the GOPs they belong to and naturally any
+GOGs the former belongs to.
 
 How to tell MATE what to extract, how to group it and then how to relate those
 groups is made using AVPs and AVPLs.
 
-Information in MATE is contained in Attribute/Value Pairs (AVPs). AVPs are made
+Information in MATE is contained in Attribute Value Pairs (AVPs). AVPs are made
 of two strings: the name and the value. AVPs are used in the configuration and
 there they have an operator as well. There are various ways AVPs can be matched
 against each other using those operators.
 
-AVPs are grouped into AVP Lists (AVPLs). PDUs, Gops and Gogs have an AVPL each.
+AVPs are grouped into AVP Lists (AVPLs). PDUs, GOPs and GOGs have an AVPL each.
 Their AVPLs will be matched in various ways against others coming from the
 configuration file.
 
 MATE will be instructed how to extract AVPs from frames in order to create a PDU
 with an AVPL. It will be instructed as well, how to match that AVPL against the
 AVPLs of other similar PDUs in order to relate them. In MATE the relationship
-between PDUs is a Gop, it has an AVPL as well. MATE will be configured with other
-AVPLs to operate against the Gop's AVPL to relate Gops together into Gogs.
+between PDUs is a GOP, it has an AVPL as well. MATE will be configured with other
+AVPLs to operate against the GOP's AVPL to relate GOPs together into GOGs.
 
 A good understanding on how AVPs and AVPLs work is fundamental to understand how
 MATE works.
 
+===== About MATE
+
+MATE was originally written by Luis Ontanon, a Telecommunications systems
+troubleshooter, as a way to save time filtering out the packets of a single call
+from huge capture files using just the calling number. Later he used the time he
+had saved to make it flexible enough to work with protocols other than the ones
+he was directly involved with.
+
 [#AVP]
-==== Attribute Value Pairs
+==== Attribute Value Pairs (AVP)
 
-Information used by MATE to relate different frames is contained in Attribute/
+Information used by MATE to relate different frames is contained in Attribute
 Value Pairs (AVPs). AVPs are made of two strings - the name and the value. When
 AVPs are used in the configuration, an operator is defined as well. There are
 various ways AVPs can be matched against each other using those operators.
@@ -129,16 +138,20 @@ various ways AVPs can be matched against each other using those operators.
   another_name= "1234 is the value"
 ----
 
-The name is a string used to refer to a "kind" of an AVP. Two AVPs won't match
+The name is a string used to refer to a "type" of an AVP. Two AVPs won't match
 unless their names are identical.
 
+
+The name must start with a lowercase letter (a-z) and can contain only alphanumeric characters
+(a-zA-Z0-9) and the special characters "_", "-", and ".". The name ends with an operator.
+
 You should not use uppercase characters in names, or names that start with “.” or
 “_”. Capitalized names are reserved for configuration parameters (we'll call them
 keywords); nothing forbids you from using capitalized strings for other things as
 well but it probably would be confusing. I'll avoid using capitalized words for
 anything but the keywords in this document, the reference manual, the examples
 and the base library. Names that start with a “.” would be very confusing as well
-because in the old grammar, AVPL transformations use names starting with a “.” to
+because in the old grammar, AVPL transforms use names starting with a “.” to
 indicate they belong to the replacement AVPL.
 
 The value is a string that is either set in the configuration (for configuration
@@ -146,17 +159,16 @@ AVPs) or by Wireshark while extracting interesting fields from a frame's tree.
 The values extracted from fields use the same representation as they do in filter
 strings except that no quotes are used.
 
-The name can contain only alphanumeric characters, "_", and ".". The name ends
-with an operator.
-
-The value will be dealt with as a string even if it is a number. If there are
+*The value will be dealt with as a string even if it is a number.* If there are
 any spaces in the value, the value must be between quotes "".
+Values that are also keywords such as True and False should also be wrapped
+in quotes ("True", "False").
 
 ----
-   ip_addr=10.10.10.11,
-   tcp_port=1234,
-   binary_data=01:23:45:67:89:ab:cd:ef,
-   parameter12=0x23aa,
+   ip_addr=10.10.10.11
+   tcp_port=1234
+   binary_data=01:23:45:67:89:ab:cd:ef
+   parameter12=0x23aa
    parameter_with_spaces="this value has spaces"
 ----
 
@@ -165,7 +177,7 @@ Remember two AVPs won't match unless their names are identical. In MATE, match
 operations are always made between the AVPs extracted from frames (called data
 AVPs) and the configuration's AVPs.
 
-Currently defined MATE's AVP match operators are:
+Currently defined MATE AVP match operators are:
 
 * <<Equal,Equal>> _=_ will match if the string given completely matches the data
 AVP's value string
@@ -186,20 +198,22 @@ higher than the string given
 * <<Exists,Exists>> _?_ (the ? can be omitted) will match as far as a data AVP of the
 given name exists
 
-==== AVP lists
+==== AVP lists (AVPL)
 
 An AVPL is a set of diverse AVPs that can be matched against other AVPLs. Every
-PDU, Gop and Gog has an AVPL that contains the information regarding it. The
-rules that MATE uses to group Pdus and Gops are AVPL operations.
+PDU, GOP and GOG has an AVPL that contains the information regarding it. The
+rules that MATE uses to group PDUs and GOPs are AVPL operations.
 
-There will never be two identical AVPs in a given AVPL. However, we can have
+*There will never be two identical AVPs in a given AVPL.* However, we can have
 more than one AVP with the same name in an AVPL as long as their values are
 different.
 
 Some AVPL examples:
 ----
-  ( addr=10.20.30.40, addr=192.168.0.1, tcp_port=21, tcp_port=32534, user_cmd=PORT, data_port=12344, data_addr=192.168.0.1 )
-  ( addr=10.20.30.40, addr=192.168.0.1, channel_id=22:23, message_type=Setup, calling_number=1244556673 )
+  ( addr=10.20.30.40, addr=192.168.0.1, tcp_port=21, tcp_port=32534, user_cmd=PORT,
+        data_port=12344, data_addr=192.168.0.1 )
+  ( addr=10.20.30.40, addr=192.168.0.1, channel_id=22:23, message_type=Setup,
+        calling_number=1244556673 )
   ( addr=10.20.30.40, addr=192.168.0.1, ses_id=01:23:45:67:89:ab:cd:ef )
   ( user_id=pippo, calling_number=1244556673, assigned_ip=10.23.22.123 )
 ----
@@ -207,74 +221,74 @@ Some AVPL examples:
 In MATE there are two types of AVPLs:
 
 * data AVPLs that contain information extracted from frames.
-* operation AVPLs that come from the configuration and are used to tell MATE how
+* configuration AVPLs that come from the configuration and are used to tell MATE how
 to relate items based on their data AVPLs.
 
-Data AVPLs can be operated against operation AVPLs in various ways:
+Data AVPLs can be operated against configuration AVPLs in various ways:
 
 * <<Loose,Loose Match>>: Will match if at least one of the AVPs of each AVPL
-match. If it matches it will return an AVPL containing all AVPs from the operand
-AVPL that did match the operator's AVPs.
-* <<Every,"Every" Match>>: Will match if none of the AVPs of the operator AVPL
-fails to match a present AVP in the operand AVPL, even if not all of the
-operator's AVPs have a match. If it matches it will return an AVPL containing
-all AVPs from the operand AVPL that did match one AVP in the operator AVPL.
-* <<Strict,Strict Match>>: Will match if and only if every one of the operator's
-AVPs have at least one match in the operand AVPL. If it matches it will return
-an AVPL containing the AVPs from the operand that matched.
+match. If it matches it will return an AVPL containing all AVPs from the data
+AVPL that did match the configuration AVPs.
+* <<Every,"Every" Match>>: Will match if none of the AVPs of the configuration AVPL
+fails to match a present AVP in the data AVPL, even if not all of the
+configuration AVPs have a match. If it matches it will return an AVPL containing
+all AVPs from the data AVPL that did match one AVP in the configuration AVPL.
+* <<Strict,Strict Match>>: Will match if and only if every one of the configuration
+AVPs have at least one match in the data AVPL. If it matches it will return
+an AVPL containing the AVPs from the data AVPL that matched.
 * There's also a <<Merge,Merge>> operation that is to be performed between AVPLs
-where all the AVPs that don't exist in the operand AVPL but exist in the operand
-will be added to the operand AVPL.
-* Other than that, there are <<Transform,Transformations>> - a combination
+where all the AVPs that don't exist in the data AVPL but exist in the configuration
+will be added to the data AVPL.
+* Other than that, there are <<Transform,Transforms>> - a combination
 of a match AVPL and an AVPL to merge.
 
-==== MATE Analysis
+=== MATE Frame Analysis
 
 MATE's analysis of a frame is performed in three phases:
 
-* In the first phase, MATE attempts to extract a MATE Pdu from the frame's
-protocol tree. MATE will create a Pdu if MATE's config has a _Pdu_ declaration
+* In the first phase, MATE attempts to extract a MATE PDU from the frame's
+protocol tree. MATE will create a PDU if MATE's config has a _Pdu_ declaration
 whose _Proto_ is contained in the frame.
 
-* In the second phase, if a Pdu has been extracted from the frame, MATE will try
-to group it to other Pdus into a Gop (Group of Pdus) by matching the key
-criteria given by a _Gop_ declaration. If there is no Gop yet with the key
-criteria for the Pdu, MATE will try to create a new Gop for it if it matches the
-_Start_ criteria given in the Gop declaration.
+* In the second phase, if a PDU has been extracted from the frame, MATE will try
+to group it to other PDUs into a GOP (Group of PDUs) by matching the key
+criteria given by a _Gop_ declaration. If there is no GOP yet with the key
+criteria for the PDU, MATE will try to create a new GOP for it if it matches the
+_Start_ criteria given in the _Gop_ declaration.
 
-* In the third phase, if there's a Gop for the Pdu, MATE will try to group this
-Gop with other Gops into a Gog (Group of Groups) using the criteria given by the
-_Member_ criteria of a Gog declaration.
+* In the third phase, if there's a GOP for the PDU, MATE will try to group this
+GOP with other GOPs into a GOG (Group of Groups) using the criteria given by the
+_Member_ criteria of a _Gog_ declaration.
 
+.MATE Analysis (PDU->GOP->GOG) flowchart
 image::images/ws-mate-analysis.png[]
 
 The extraction and matching logic comes from MATE's configuration; MATE's
-configuration file is declared by the _mate.config_ preference. By default it is
+configuration file is specified by the _mate.config_ preference. By default it is
 an empty string which means: do not configure MATE.
 
 The config file tells MATE what to look for in frames; How to make PDUs out of
-it; How will PDUs be related to other similar PDUs into Gops; And how Gops
-relate into Gogs.
+it; How will PDUs be related to other similar PDUs into GOPs; And how GOPs
+relate into GOGs.
 
 The MATE configuration file is a list of declarations. There are 4 types of
-declarations: _Transform_, _Pdu_, _Gop_ and _Gog_.
+declarations: _Transform_, _Pdu_, _Gop_, and _Gog_. A _Transform_ block must be
+before any of the other block declarations that may use it.
 
-===== Mate's PDU's
+==== Create PDUs (Phase 1)
 
 MATE will look in the tree of every frame to see if there is useful data to
 extract, and if there is, it will create one or more PDU objects containing the
 useful information.
 
-The first part of MATE's analysis is the "PDU extraction"; there are various
-"Actions" that are used to instruct MATE what has to be extracted from the
-current frame's tree into MATE's PDUs.
+The first part of MATE's analysis is the "PDU extraction".
 
-====== PDU data extraction
+===== PDU data extraction
 
-MATE will make a Pdu for each different proto field of Proto type present in the
+MATE will make a PDU for each different proto field of _Proto_ type present in the
 frame. MATE will fetch from the field's tree those fields that are defined in
 the <<Pdu>> declaration whose initial offset in the frame is within the
-boundaries of the current Proto and those of the given Transport and Payload
+boundaries of the current _Proto_ and those of the given _Transport_ and _Payload_
 statements.
 
 ----
@@ -284,18 +298,16 @@ Pdu dns_pdu Proto dns Transport ip {
     Extract dns_resp From dns.flags.response;
 };
 ----
-MATE will make a Pdu for each different proto field of Proto type present in the
-frame. MATE will fetch from the field's tree those fields that are defined in
-the <<Pdu>> AVPL whose initial offset in the frame is within the boundaries of
-the current Proto and those of the various assigned Transports.
 
+.Wireshark window - fields for PDU extraction
 image::images/ws-mate-dns_pane.png[]
 
-Once MATE has found a _Proto_ field for which to create a Pdu from the frame it
+Once MATE has found a _Proto_ field for which to create a PDU from the frame it
 will move backwards in the frame looking for the respective _Transport_ fields.
 After that it will create AVPs named as each of those given in the rest of the
 AVPL for every instance of the fields declared as its values.
 
+.Frame fields mapped to PDU attributes
 image::images/ws-mate-dns_pdu.png[]
 
 Sometimes we need information from more than one _Transport_ protocol. In that
@@ -303,61 +315,68 @@ case MATE will check the frame looking backwards to look for the various
 _Transport_ protocols in the given stack. MATE will choose only the closest
 transport boundary per "protocol" in the frame.
 
-This way we'll have all Pdus for every _Proto_ that appears in a frame match its
+This way we'll have all PDUs for every _Proto_ that appears in a frame match its
 relative transports.
 
 ----
 Pdu isup_pdu Proto isup Transport mtp3/ip {
-        Extract m3pc From mtp3.dpc;
-        Extract m3pc From mtp3.opc;
-        Extract cic From isup.cic;
-        Extract addr From ip.addr;
-        Extract isup_msg From isup.message_type;
+    Extract addr From ip.addr;
+
+    Extract m3pc From mtp3.dpc;
+    Extract m3pc From mtp3.opc;
+
+    Extract cic From isup.cic;
+    Extract isup_msg From isup.message_type;
 };
 ----
 
+.Frame containing multiple PDUs
 image::images/ws-mate-isup_over_mtp3_over_ip.png[]
 
-This allows to assign the right _Transport_ to the Pdu avoiding duplicate
+This allows to assign the right _Transport_ to the PDU avoiding duplicate
 transport protocol entries (in case of tunneled ip over ip for example).
 
 ----
 Pdu ftp_pdu Proto ftp Transport tcp/ip {
-        Extract addr From ip.addr;
-        Extract port From tcp.port;
-        Extract ftp_cmd From ftp.command;
+    Extract addr From ip.addr;
+    Extract port From tcp.port;
+    Extract ftp_cmd From ftp.command;
 };
 ----
 
+.Frame with encapsulated (tunneled) fields
 image::images/ws-mate-ftp_over_gre.png[]
 
 Other than the mandatory _Transport_ there is also an optional _Payload_
 statement, which works pretty much as _Transport_ but refers to elements after
 the _Proto_'s range. It is useful in those cases where the payload protocol
-might not appear in a Pdu but nevertheless the Pdu belongs to the same category.
+might not appear in a PDU but nevertheless the PDU belongs to the same category.
 
 ----
 Pdu mmse_over_http_pdu Proto http Transport tcp/ip {
 
-        Payload mmse;
+    Payload mmse;
+
+    Extract addr From ip.addr;
+    Extract port From tcp.port;
+
+    Extract content From http.content_type;
+    Extract host From http.host;
+    Extract http_rq From http.request;
+    Extract method From http.request.method;
+    Extract resp From http.response.code;
 
-        Extract addr From ip.addr;
-        Extract port From tcp.port;
-        Extract method From http.request.method;
-        Extract content From http.content_type;
-        Extract http_rq From http.request;
-        Extract resp From http.response.code;
-        Extract host From http.host;
-        Extract trx From mmse.transaction_id;
-        Extract msg_type From mmse.message_type;
-        Extract notify_status From mmse.status;
-        Extract send_status From mmse.response_status;
+    Extract msg_type From mmse.message_type;
+    Extract notify_status From mmse.status;
+    Extract send_status From mmse.response_status;
+    Extract trx From mmse.transaction_id;
 };
 ----
 
+.Extract from Payload fields
 image::images/ws-mate-mmse_over_http.png[]
 
-====== Conditions on which to create PDUs
+===== Conditions on which to create PDUs
 
 There might be cases in which we won't want MATE to create a PDU unless some of
 its extracted attributes meet or do not meet some criteria. For that we use the
@@ -367,8 +386,8 @@ _Criteria_ statements of the _Pdu_ declarations.
 Pdu isup_pdu Proto isup Transport mtp3/ip {
     ...
 
-   // MATE will create isup_pdu PDUs only when there is not a point code '1234'
-   Criteria Reject Strict (m3pc=1234);
+    // MATE will create isup_pdu PDUs only when there is not a point code '1234'
+    Criteria Reject Strict (m3pc=1234);
 };
 
 Pdu ftp_pdu Proto ftp Transport tcp/ip {
@@ -379,81 +398,82 @@ Pdu ftp_pdu Proto ftp Transport tcp/ip {
 };
 ----
 
-The _Criteria_ statement is given an action (_Accept_ or _Reject_), a match mode
+The _Criteria_ statement is given an action (_Accept_ or _Reject_), a match type
 (_Strict_, _Loose_ or _Every_) and an AVPL against which to match the currently
 extracted one.
 
-====== Transforming the attributes of a PDU
+===== Transforming the attributes of a PDU
 
-Once the fields have been extracted into the Pdu's AVPL, MATE will apply any
-declared transformation to it. The way transforms are applied and how they work
+Once the fields have been extracted into the PDU's AVPL, MATE will apply any
+declared _Transform_ to it. The way transforms are applied and how they work
 is described later on. However, it's useful to know that once the AVPL for the
-Pdu is created, it may be transformed before being analyzed. That way we can
+PDU is created, it may be transformed before being analyzed. That way we can
 massage the data to simplify the analysis.
 
-====== MATE's PDU tree
+===== MATE's PDU tree
 
-Every successfully created Pdu will add a MATE tree to the frame dissection. If
-the Pdu is not related to any Gop, the tree for the Pdu will contain just the
-Pdu's info, if it is assigned to a Gop, the tree will also contain the Gop items,
-and the same applies for the Gog level.
+Every successfully created PDU will add a MATE tree to the frame dissection. If
+the PDU is not related to any GOP, the tree for the PDU will contain just the
+PDU's info. If it is assigned to a GOP, the tree will also contain the GOP items,
+and the same applies for the GOG level.
 
 ----
 mate dns_pdu:1
     dns_pdu: 1
         dns_pdu time: 3.750000
         dns_pdu Attributes
-            dns_resp: 0
-            dns_id: 36012
+            dns_resp: False
+            dns_id: 0x8cac
             addr: 10.194.4.11
             addr: 10.194.24.35
 ----
 
-The Pdu's tree contains some filterable fields
+The PDU's tree contains some filterable fields
 
-* _mate.dns_pdu_ will contain the number of the "dns_pdu" Pdu
+* _mate.dns_pdu_ will contain the number of the "dns_pdu" PDU
 * _mate.dns_pdu.RelativeTime_ will contain the time passed since the beginning
 of the capture in seconds
-* the tree will contain the various attributes of the Pdu as well, these will
+* the tree will contain the various attributes of the PDU as well, these will
 all be strings (to be used in filters as "10.0.0.1", not as 10.0.0.1)
 ** mate.dns_pdu.dns_resp
 ** mate.dns_pdu.dns_id
 ** mate.dns_pdu.addr
 
-===== Grouping Pdus together (Gop)
+==== Grouping PDUs together (GOP) (Phase 2)
 
-Once MATE has created the Pdus it passes to the Pdu analysis phase. During the
-PDU analysis phase MATE will try to group Pdus of the same type into 'Groups of
-Pdus' (aka *Gop*s) and copy some AVPs from the Pdu's AVPL to the Gop's AVPL.
+Once MATE has created the PDUs it passes to the PDU analysis phase. During the
+PDU analysis phase MATE will try to group PDUs of the same type into 'Groups of
+PDUs' (aka *GOP*++s++) and copy some AVPs from the PDU's AVPL to the GOP's AVPL.
 
+.Grouping PDUs (GOP) flowchart
 image::images/ws-mate-pdu_analysis.png[]
 
-====== What can belong to a Gop
+===== What can belong to a GOP
 
-Given a Pdu, the first thing MATE will do is to check if there is any Gop
-declaration in the configuration for the given Pdu type. If so, it will use its
-_Match_ AVPL to match it against the Pdu's AVPL; if they don't match, the
-analysis phase is done. If there is a match, the AVPL is the Gop's candidate key
-which will be used to search the Gop's index for the Gop to which to assign
-the current PDU. If there is no such Gop and this Pdu does not match the
-_Start_ criteria of a Gop declaration for the Pdu type, the Pdu will remain
+Given a PDU, the first thing MATE will do is to check if there is any GOP
+declaration in the configuration for the given PDU type. If so, it will use its
+_Match_ AVPL to match it against the PDU's AVPL; if they don't match, the
+analysis phase is done. If there is a match, the AVPL is the GOP's candidate key
+which will be used to search the index of GOPs for the GOP to which to assign
+the current PDU. If there is no such GOP and this PDU does not match the
+_Start_ criteria of a _Gop_ declaration for the PDU type, the PDU will remain
 unassigned and only the analysis phase will be done.
 
 ----
-Gop ftp_ses On ftp_pdu Match (addr, addr, port, port);
-Gop dns_req On dns_pdu Match (addr, addr, dns_id);
-Gop isup_leg On isup_pdu Match (m3pc, m3pc, cic);
+Gop ftp_ses On ftp_pdu Match (addr, addr, port, port) {...};
+Gop dns_req On dns_pdu Match (addr, addr, dns_id) {...};
+Gop isup_leg On isup_pdu Match (m3pc, m3pc, cic) {...};
 ----
 
-====== Start of a Gop
+===== Start of a GOP
 
-If there was a match, the candidate key will be used to search the Gop's index
-to see if there is already a Gop matching the Gop's key the same way. If there
-is such a match in the Gops collection, and the PDU doesn't match the _Start_
-AVPL for its kind, the PDU will be assigned to the matching Gop. If it is a
-_Start_ match, MATE will check whether or not that Gop has been already
-stopped. If the Gop has been stopped, a new Gop will be created and will replace
-the old one in the Gop's index.
+If there was a match, the candidate key will be used to search the index of GOPs
+to see if there is already a GOP matching the GOP's key the same way. If there
+is such a match in the GOPs collection, and the PDU doesn't match the _Start_
+AVPL for its type, the PDU will be assigned to the matching GOP. If it is a
+_Start_ match, MATE will check whether or not that GOP has been already
+stopped. If the GOP has been stopped, a new GOP will be created and will replace
+the old one in the index of GOPs.
 
 ----
 Gop ftp_ses On ftp_pdu Match (addr, addr, port, port) {
@@ -461,7 +481,7 @@ Gop ftp_ses On ftp_pdu Match (addr, addr, port, port) {
 };
 
 Gop dns_req On dns_pdu Match (addr, addr, dns_id) {
-    Start (dns_resp=0);
+    Start (dns_resp="True");
 };
 
 Gop isup_leg On isup_pdu Match (m3pc, m3pc, cic) {
@@ -469,14 +489,14 @@ Gop isup_leg On isup_pdu Match (m3pc, m3pc, cic) {
 };
 ----
 
-If no _Start_ is given for a Gop, a Pdu whose AVPL matches an existing Gog's
-key will act as the start of a Gop.
+If no _Start_ is given for a GOP, a PDU whose AVPL matches an existing GOP's
+key will act as the start of a GOP.
 
-====== What goes into the Gop's AVPL
+===== What goes into the GOP's AVPL
 
-Once we know a Gop exists and the Pdu has been assigned to it, MATE will copy
-into the Gop's AVPL all the attributes matching the key plus any AVPs of the
-Pdu's AVPL matching the _Extra_ AVPL.
+Once we know a GOP exists and the PDU has been assigned to it, MATE will copy
+into the GOP's AVPL all the attributes matching the key plus any AVPs of the
+PDU's AVPL matching the _Extra_ AVPL.
 
 ----
 Gop ftp_ses On ftp_pdu Match (addr, addr, port, port) {
@@ -490,24 +510,24 @@ Gop isup_leg On isup_pdu Match (m3pc, m3pc, cic) {
 };
 ----
 
-====== End of a Gop
+===== End of a GOP
 
-Once the Pdu has been assigned to the Gop, MATE will check whether or not the
-Pdu matches the _Stop_, if it happens, MATE will mark the Gop as stopped. Even
-after stopped, a Gop may get assigned new Pdus matching its key, unless such
-Pdu matches _Start_. If it does, MATE will instead create a new Gop starting
-with that Pdu.
+Once the PDU has been assigned to the GOP, MATE will check whether or not the
+PDU matches the _Stop_, if it happens, MATE will mark the GOP as stopped. Even
+after stopped, a GOP may get assigned new PDUs matching its key, unless such
+PDU matches _Start_. If it does, MATE will instead create a new GOP starting
+with that PDU.
 
 ----
 Gop ftp_ses On ftp_pdu Match (addr, addr, port, port) {
     Start (ftp_cmd=USER);
-    Stop (ftp_cmd=QUIT); // The response to the QUIT command will be assigned to the same Gop
+    Stop (ftp_cmd=QUIT); // The response to the QUIT command will be assigned to the same GOP
     Extra (pasv_prt, pasv_addr);
 };
 
 Gop dns_req On dns_pdu Match (addr, addr, dns_id) {
-    Start (dns_resp=0);
-    Stop (dns_resp=1);
+    Start (dns_resp="False");
+    Stop (dns_resp="True");
 };
 
 Gop isup_leg On isup_pdu Match (m3pc, m3pc, cic) {
@@ -517,92 +537,102 @@ Gop isup_leg On isup_pdu Match (m3pc, m3pc, cic) {
 };
 ----
 
-If no _Stop_ criterium is stated for a given Gop, the Gop will be stopped as
-soon as it is created. However, as with any other Gop, Pdus matching the Gop's
-key will still be assigned to the Gop unless they match a _Start_ condition,
-in which case a new Gop using the same key will be created.
+If no _Stop_ criterium is stated for a given GOP, the GOP will be stopped as
+soon as it is created. However, as with any other GOP, PDUs matching the GOP's
+key will still be assigned to the GOP unless they match a _Start_ condition,
+in which case a new GOP using the same key will be created. To group multiple
+PDUs that match the _Start_, add a bogus _Stop_ such as
+----
+Gop frame_ses On frame_pdu Match (frame_time) {
+    Start (frame_time);
+    Stop (frame_time="FOO");
+};
+----
 
-===== Gop's tree
+===== GOP's tree
 
-For every frame containing a Pdu that belongs to a Gop, MATE will create a tree
-for that Gop.
+For every frame containing a PDU that belongs to a GOP, MATE will create a tree
+for that GOP.
 
 The example below represents the tree created by the _dns_pdu_ and _dns_req_
 examples.
 
 ----
 ...
-mate dns_pdu:6->dns_req:1
+MATE dns_pdu:6->dns_req:1
     dns_pdu: 6
         dns_pdu time: 2.103063
         dns_pdu time since beginning of Gop: 2.103063
-        dns_req: 1
-            dns_req Attributes
-                dns_id: 36012
-                addr: 10.194.4.11
-                addr: 10.194.24.35
-            dns_req Times
-                dns_req start time: 0.000000
-                dns_req hold time: 2.103063
-                dns_req duration: 2.103063
-            dns_req number of PDUs: 2
-                Start PDU: in frame 1
-                Stop PDU: in frame 6 (2.103063 : 2.103063)
         dns_pdu Attributes
-            dns_resp: 1
-            dns_id: 36012
+            dns_resp: True
+            dns_id: 0x8cac
+            addr: 10.194.4.11
+            addr: 10.194.24.35
+    dns_req: 1
+        GOP Key:  addr=10.194.4.11; addr=10.194.24.35; dns_id=0x8cac;
+        dns_req Attributes
+            dns_id: 0x8cac
             addr: 10.194.4.11
             addr: 10.194.24.35
+        dns_req Times
+            dns_req start time: 0.000000
+            dns_req hold time: 2.103063
+            dns_req duration: 2.103063
+        dns_req number of PDUs: 2
+            Start PDU: in frame 1
+            Stop PDU: in frame 6 (2.103063 : 2.103063)
+
 ----
 
-Other than the pdu's tree, this one contains information regarding the
-relationship between the Pdus that belong to the Gop. That way we have:
+Other than the PDU's tree, this one contains information regarding the
+relationship between the PDUs that belong to the GOP. That way we have:
 
-* mate.dns_req which contains the id of this dns_req Gop. This will be present
-in frames that belong to dns_req Gops.
+* mate.dns_req which contains the id of this dns_req GOP. This will be present
+in frames that belong to dns_req GOPs.
 * mate.dns_req.dns_id and mate.dns_req.addr which represent the values of the
-attributes copied into the Gop.
-* the timers of the Gop
+attributes copied into the GOP.
+* the timers of the GOP
 ** mate.dns_req.StartTime time (in seconds) passed since beginning of capture
-until Gop's start.
-** mate.dns_req.Time time passed between the start Pdu and the stop Pdu assigned
-to this Gop (only created if a Stop criterion has been declared for the Gop and
-a matching Pdu has arrived).
-** mate.dns_req.Duration time passed between the start Pdu and the last Pdu
-assigned to this Gop.
-* mate.dns_req.NumOfPdus the number of Pdus that belong to this Gop
-** a filterable list of frame numbers of the pdus of this Gop
+until GOP's start.
+** mate.dns_req.Time time passed between the start PDU and the stop PDU assigned
+to this GOP (only created if a Stop criterion has been declared for the GOP and
+a matching PDU has arrived).
+** mate.dns_req.Duration time passed between the start PDU and the last PDU
+assigned to this GOP.
+* mate.dns_req.NumOfPdus the number of PDUs that belong to this GOP
+** mate.dns_req.Pdu a filterable list of frame numbers of the PDUs of this GOP
 
-====== Gop's timers
+===== GOP's timers
 
-Note that there are two "timers" for a Gop:
+Note that there are two "timers" for a GOP:
 
-* *Time*, which is defined only for Gops that have been Stopped, and gives the
-time passed between the _Start_ and the _Stop_ Pdus.
-* *Duration*, which is defined for every Gop regardless of its state, and give
-the time passed between its _Start_ Pdu and the last Pdu that was assigned to
-that Gop.
+* *Time*, which is defined only for GOPs that have been Stopped, and gives the
+time passed between the _Start_ and the _Stop_ PDUs.
+* *Duration*, which is defined for every GOP regardless of its state, and give
+the time passed between its _Start_ PDU and the last PDU that was assigned to
+that GOP.
 
 So:
 
-* we can filter for Pdus that belong to Gops that have been Stopped with
+* we can filter for PDUs that belong to GOPs that have been Stopped with
 *mate.xxx.Time*
-* we can filter for Pdus that belong to unstopped Gops with *mate.xxx &&
-mate.xxx.Time*
-* we can filter for Pdus that belong to stopped Gops using *mate.xxx.Duration*
-* we can filter for Pdus that belong to Gops that have taken more (or less) time
+* we can filter for PDUs that belong to unstopped GOPs with *mate.xxx &&
+!mate.xxx.Time*
+* we can filter for PDUs that belong to stopped GOPs using *mate.xxx.Duration*
+* we can filter for PDUs that belong to GOPs that have taken more (or less) time
 that 0.5s to complete with *mate.xxx.Time > 0.5* (you can try these also as
 color filters to find out when response times start to grow)
 
-===== Grouping Gops together (Gog)
+==== Grouping GOPs together (GOG) (Phase 3)
 
-When Gops are created, or whenever their AVPL changes, Gops are (re)analyzed to
-check if they match an existent group of groups (Gog) or can create a new one.
-The Gop analysis is divided into two phases. In the first phase, the still
-unassigned Gop is checked to verify whether it belongs to an already existing
-Gog or may create a new one. The second phase eventually checks the Gog and
-registers its keys in the Gogs index.
+When GOPs are created, or whenever their AVPL changes, GOPs are (re)analyzed to
+check if they match an existent group of groups (GOG) or can create a new one.
+The GOP analysis is divided into two phases. In the first phase, the still
+unassigned GOP is checked to verify whether it belongs to an already existing
+GOG or may create a new one. The second phase eventually checks the GOG and
+registers its keys in the index of GOGs.
 
+.Grouping GOPs (GOG) flowchart
 image::images/ws-mate-gop_analysis.png[]
 
 There are several reasons for the author to believe that this feature needs to
@@ -610,41 +640,41 @@ be reimplemented, so probably there will be deep changes in the way this is done
 in the near future. This section of the documentation reflects the version of
 MATE as of Wireshark 0.10.9; in future releases this will change.
 
-====== Declaring a Group Of Groups
+===== Declaring a Group Of Groups (GOG)
 
-The first thing we have to do configuring a Gog is to tell MATE that it exists.
+The first thing we have to do configuring a GOG is to tell MATE that it exists.
 
 ----
-Gog web_use {
+Gog http_use {
    ...
 };
 ----
 
-====== Telling MATE what could be a Gog member
+===== Telling MATE what could be a GOG member
 
-Then we have to tell MATE what to look for a match in the candidate Gops.
+Then we have to tell MATE what to look for a match in the candidate GOPs.
 
 ----
-Gog web_use {
+Gog http_use {
     Member http_ses (host);
     Member dns_req (host);
 };
 ----
 
-====== Getting interesting data into the Gop
+===== Getting interesting data into the GOG
 
 Most often, also other attributes than those used for matching would be
-interesting. In order to copy from Gop to Gog other interesting attributes, we
-might use _Extra_ like we do for Gops.
+interesting. In order to copy from GOP to GOG other interesting attributes, we
+might use _Extra_ like we do for GOPs.
 
 ----
-Gog web_use {
+Gog http_use {
     ...
     Extra (cookie);
 };
 ----
 
-====== Gog's tree
+===== GOG's tree
 
 ----
 mate http_pdu:4->http_req:2->http_use:1
@@ -669,11 +699,16 @@ mate http_pdu:4->http_req:2->http_use:1
 
 We can filter on:
 
-* *mate.http_use.Duration* time elapsed between the first frame of a Gog and the last one assigned to it.
-* the attributes passed to the Gog
+* the timers of the GOG
+** *mate.http_use.StartTime* time (in seconds) passed since beginning of capture until GOG's start.
+** *mate.http_use.Duration* time elapsed between the first frame of a GOG and the last one assigned to it.
+* the attributes passed to the GOG
 ** *mate.http_use.host*
+* *mate.http_use.NumOfGops* the number of GOPs that belong to this GOG
+* *mate.http_use.GopStart* the start frame of a GOP
+* *mate.http_use.GopStop* the stop frame of a GOP
 
-===== AVPL Transforms
+==== Adjust data (AVPL Transforms)
 
 A Transform is a sequence of Match rules optionally completed with modification
 of the match result by an additional AVPL. Such modification may be an Insert
@@ -681,26 +716,26 @@ of the match result by an additional AVPL. Such modification may be an Insert
 AVPL before it is processed further. They come to be very helpful in several
 cases.
 
-====== Syntax
+===== Syntax
 
-AVPL Transformations are declared in the following way:
+AVPL Transforms are declared in the following way:
 
 ----
- Transform name {
-   Match [Strict|Every|Loose] match_avpl [Insert|Replace] modify_avpl ;
-   ...
- };
+Transform name {
+    Match [Strict|Every|Loose] match_avpl [Insert|Replace] modify_avpl;
+    ...
+};
 ----
 
-The *name* is the handle to the AVPL transformation. It is used to refer to the
+The *name* is the handle to the AVPL transform. It is used to refer to the
 transform when invoking it later.
 
 The _Match_ declarations instruct MATE what and how to match against the data
 AVPL and how to modify the data AVPL if the match succeeds. They will be
 executed in the order they appear in the config file whenever they are invoked.
 
-The optional match mode qualifier (_Strict_, _Every_, or _Loose_) is used
-to choose the match mode as explained above; _Strict_ is a default value which
+The optional match type qualifier (_Strict_, _Every_, or _Loose_) is used
+to choose the <<Match,Match type>>; _Strict_ is the default value which
 may be omitted.
 
 The optional modification mode qualifier instructs MATE how the modify AVPL
@@ -708,17 +743,28 @@ should be used:
 
 * the default value _Insert_ (which may be omitted) causes the _modify_avpl_
 to be *merged* to the existing data AVPL,
-* the _Replace_ causes all the matching AVPs from the data AVPL to be
+* _Replace_ causes all the matching AVPs from the data AVPL to be
 *replaced* by the _modify_avpl_.
 
 The _modify_avpl_ may be an empty one; this comes useful in some cases for
 both _Insert_ and _Replace_ modification modes.
 
+----
+Transform rm_client_from_http_resp1 {
+    Match (http_rq); //first match wins so the request won't get the not_rq attribute inserted
+    Match Every (addr) Insert (not_rq); //this line won't be evaluated if the first one matched so not_rq won't be inserted to requests
+};
+
+Transform rm_client_from_http_resp2 {
+    Match (not_rq, client) Replace (); //replace "client and not_rq" with nothing
+};
+----
+
 Examples:
 
 ----
- Transform insert_name_and {
-   Match Strict (host=10.10.10.10, port=2345) Insert (name=JohnDoe);
+Transform insert_name_and {
+    Match Strict (host=10.10.10.10, port=2345) Insert (name=JohnDoe);
 };
 ----
 
@@ -727,7 +773,7 @@ port=2345
 
 ----
 Transform insert_name_or {
-   Match Loose (host=10.10.10.10, port=2345) Insert (name=JohnDoe);
+    Match Loose (host=10.10.10.10, port=2345) Insert (name=JohnDoe);
 };
 ----
 
@@ -736,7 +782,7 @@ port=2345
 
 ----
 Transform replace_ip_address {
-   Match (host=10.10.10.10) Replace (host=192.168.10.10);
+    Match (host=10.10.10.10) Replace (host=192.168.10.10);
 };
 ----
 
@@ -744,7 +790,7 @@ replaces the original host=10.10.10.10 by host=192.168.10.10
 
 ----
 Transform add_ip_address {
-   Match (host=10.10.10.10) (host=192.168.10.10);
+    Match (host=10.10.10.10) (host=192.168.10.10);
 };
 ----
 
@@ -753,7 +799,7 @@ host=10.10.10.10 in it too
 
 ----
  Transform replace_may_be_surprising {
-   Match Loose (a=aaaa, b=bbbb) Replace (c=cccc, d=dddd);
+    Match Loose (a=aaaa, b=bbbb) Replace (c=cccc, d=dddd);
  };
 ----
 
@@ -765,10 +811,10 @@ intact,
 * (a=aaaa, b=bbbb) gets transformed to (c=cccc, d=dddd) because both a=aaaa and
 b=bbbb did match.
 
-====== Usage
+===== Usage
 
-Once declared, Transforms can be added to the declarations of PDUs, Gops or
-Gogs. This is done by adding the _Transform name_list_ statement to the
+Once declared, Transforms can be added to the declarations of PDUs, GOPs or
+GOGs. This is done by adding the _Transform name_list_ statement to the
 declaration:
 
 ----
@@ -781,15 +827,16 @@ Pdu my_proto_pdu Proto my_proto Transport ip {
 
 * In case of PDU, the list of transforms is applied against the PDU's AVPL
 after its creation.
-* In case of Gop and Gog, the list of transforms is applied against their
+* In case of GOP and GOG, the list of transforms is applied against their
 respective AVPLs when they are created and every time they change.
 
 ===== Operation
 
+.Applying Transform flowchart
 image::images/ws-mate-transform.png[]
 
-* A list of previously declared Transforms may be given to every Item (Pdu, Gop,
-or Gog), using the Transform statement.
+* A list of previously declared Transforms may be given to every Item (_Pdu_, _Gop_,
+or _Gog_), using the _Transform_ statement.
 * Every time the AVPL of an item changes, it will be operated against *all* the
 Transforms on the list given to that item. The Transforms on the list are
 applied left to right.
@@ -799,75 +846,83 @@ tried or until one of them succeeds.
 
 MATE's Transforms can be used for many different things, like:
 
-====== Multiple Start/Stop conditions for a Gop
+===== Multiple Start/Stop conditions for a GOP
 
-Using _Transforms_ we can add more than one start or stop condition to a Gop.
+Using _Transforms_ we can add more than one start or stop condition to a GOP.
 
 ----
 Transform start_cond {
-  Match (attr1=aaa,attr2=bbb) (msg_type=start);
-  Match (attr3=www,attr2=bbb) (msg_type=start);
-  Match (attr5^a) (msg_type=stop);
-  Match (attr6$z) (msg_type=stop);
+    Match (attr1=aaa,attr2=bbb) (msg_type=start);
+    Match (attr3=www,attr2=bbb) (msg_type=start);
+    Match (attr5^a) (msg_type=stop);
+    Match (attr6$z) (msg_type=stop);
 };
 
 Pdu pdu ... {
-  ...
-  Transform start_cond;
+    ...
+    Transform start_cond;
 }
 
 Gop gop ... {
-  Start (msg_type=start);
-  Stop (msg_type=stop);
-  ...
+    Start (msg_type=start);
+    Stop (msg_type=stop);
+    ...
 }
 ----
 
-====== Marking Gops and Gogs to filter them easily
+===== Marking GOPs and GOGs to filter them easily
 
 ----
 Transform marks {
-  Match (addr=10.10.10.10, user=john) (john_at_host);
-  Match (addr=10.10.10.10, user=tom) (tom_at_host);
+    Match (addr=10.10.10.10, user=john) (john_at_host);
+    Match (addr=10.10.10.10, user=tom) (tom_at_host);
 }
 
 ...
 
 Gop my_gop ... {
-  ...
-  Transform marks;
+    ...
+    Transform marks;
 }
 ----
 
-After that we can use a display filter *mate.gop.john_at_host* or
-*mate.gop.tom_at_host*
+After that we can use a display filter *mate.my_gop.john_at_host* or
+*mate.my_gop.tom_at_host*
 
-====== Adding direction knowledge to MATE
+===== Adding (Insert) direction knowledge to MATE
 
 ----
 Transform direction_as_text {
-  Match (src=192.168.0.2, dst=192.168.0.3) Replace (direction=from_2_to_3);
-  Match (src=192.168.0.3, dst=192.168.0.2) Replace (direction=from_3_to_2);
+    Match (src=192.168.0.2, dst=192.168.0.3) Insert (direction=from_2_to_3);
+    Match (src=192.168.0.3, dst=192.168.0.2) Insert (direction=from_3_to_2);
 };
 
 Pdu my_pdu Proto my_proto Transport tcp/ip {
-  Extract src From ip.src;
-  Extract dst From ip.dst;
-  Extract addr From ip.addr;
-  Extract port From tcp.port;
-  Extract start From tcp.flags.syn;
-  Extract stop From tcp.flags.fin;
-  Extract stop From tcp.flags.rst;
-  Transform direction_as_text;
+    Extract src From ip.src;
+    Extract dst From ip.dst;
+    Extract addr From ip.addr;
+    Extract port From tcp.port;
+    Extract start From tcp.flags.syn;
+    Extract stop From tcp.flags.fin;
+    Extract stop From tcp.flags.rst;
+    Transform direction_as_text;
 }
 
 Gop my_gop On my_pdu Match (addr,addr,port,port) {
-  ...
-  Extra (direction);
+    ...
+    Extra (direction);
 }
 ----
 
-====== NAT
+The original example (below) would delete _src_ and _dst_ then add _direction_.
+----
+Transform direction_as_text {
+    Match (src=192.168.0.2, dst=192.168.0.3) Replace (direction=from_2_to_3);
+    Match (src=192.168.0.3, dst=192.168.0.2) Replace (direction=from_3_to_2);
+};
+----
+
+===== NAT
 
 NAT can create problems when tracing, but we can easily work around it by
 Transforming the NATed IP address and the Ethernet address of the router into
@@ -875,34 +930,26 @@ the non-NAT address:
 
 ----
 Transform denat {
-  Match (addr=192.168.0.5, ether=01:02:03:04:05:06) Replace (addr=123.45.67.89);
-  Match (addr=192.168.0.6, ether=01:02:03:04:05:06) Replace (addr=123.45.67.90);
-  Match (addr=192.168.0.7, ether=01:02:03:04:05:06) Replace (addr=123.45.67.91);
+    Match (addr=192.168.0.5, ether=01:02:03:04:05:06) Replace (addr=123.45.67.89);
+    Match (addr=192.168.0.6, ether=01:02:03:04:05:06) Replace (addr=123.45.67.90);
+    Match (addr=192.168.0.7, ether=01:02:03:04:05:06) Replace (addr=123.45.67.91);
 }
 
 Pdu my_pdu Proto my_proto transport tcp/ip/eth {
-  Extract ether From eth.addr;
-  Extract addr From ip.addr;
-  Extract port From tcp.port;
-  Transform denat;
+    Extract ether From eth.addr;
+    Extract addr From ip.addr;
+    Extract port From tcp.port;
+    Transform denat;
 }
 ----
 
-==== About MATE
-
-MATE was originally written by Luis Ontanon, a Telecommunications systems
-troubleshooter, as a way to save time filtering out the packets of a single call
-from huge capture files using just the calling number. Later he used the time he
-had saved to make it flexible enough to work with protocols other than the ones
-he was directly involved with.
-
 [#ChMateConfigurationTutorial]
 
 === MATE's configuration tutorial
 
-We'll show a MATE configuration that first creates Gops for every DNS and HTTP
-request, then it ties the Gops together in a Gop based on the host. Finally,
-we'll separate into different Gogs request coming from different users.
+We'll show a MATE configuration that first creates GOPs for every DNS and HTTP
+request, then it ties the GOPs together in a GOG based on the host. Finally,
+we'll separate into different GOGs request coming from different users.
 
 With this MATE configuration loaded we can:
 
@@ -915,78 +962,78 @@ to isolate DNS and HTTP packets related to a visit of a certain user.
 that take more than 1.5 seconds to complete.
 
 The complete config file is available on the Wireshark Wiki:
-https://gitlab.com/wireshark/wireshark/-/wikis/Mate/Tutorial
+{wireshark-wiki-url}Mate/Tutorial
 
 Note: This example uses _dns.qry.name_ which is defined since Wireshark
-version 0.10.9. Supposing you have a mate plugin already installed you can test
+version 0.10.9. Supposing you have a MATE plugin already installed you can test
 it with the current Wireshark version.
 
-==== A Gop for DNS requests
+==== A GOP for DNS requests
 
-First we'll tell MATE how to create a Gop for each DNS request/response.
+First we'll tell MATE how to create a GOP for each DNS request/response.
 
-MATE needs to know what makes a DNS PDU. We describe it this using a Pdu
+MATE needs to know what makes a DNS PDU. We describe it using a _Pdu_
 declaration:
 
 ----
 Pdu dns_pdu Proto dns Transport ip {
-  Extract addr From ip.addr;
-  Extract dns_id From dns.id;
-  Extract dns_resp From dns.flags.response;
+    Extract addr From ip.addr;
+    Extract dns_id From dns.id;
+    Extract dns_resp From dns.flags.response;
 };
 ----
 
-Using _Proto dns_ we tell MATE to create Pdus every time it finds _dns_. Using
+Using _Proto dns_ we tell MATE to create PDUs every time it finds _dns_. Using
 _Transport ip_ we inform MATE that some of the fields we are interested are
 in the _ip_ part of the frame. Finally, we tell MATE to import _ip.addr_ as
 _addr_, _dns.id_ as _dns_id_ and _dns.flags.response_ as _dns_resp_.
 
 Once we've told MATE how to extract _dns_pdus_ we'll tell it how to match
-requests and responses and group them into a Gop. For this we'll use a _Gop_
-declaration to define the Gop, and then, _Start_ and _Stop_ statements to
-tell it when the Gop starts and ends.
+requests and responses and group them into a GOP. For this we'll use a _Gop_
+declaration to define the GOP, and then, _Start_ and _Stop_ statements to
+tell it when the GOP starts and ends.
 
 ----
 Gop dns_req On dns_pdu Match (addr,addr,dns_id) {
-  Start (dns_resp=0);
-  Stop (dns_resp=1);
+    Start (dns_resp="False");
+    Stop (dns_resp="True");
 };
 ----
 
-Using the *Gop* declaration we tell MATE that the *Name* of the Gop is _dns_req_,
-that _dns_pdus_ can become members of the Gop, and what is the key used to match
-the Pdus to the Gop.
+Using the *Gop* declaration we tell MATE that the *Name* of the GOP is _dns_req_,
+that _dns_pdus_s can become members of the GOP, and what is the key used to match
+the PDUs to the GOP.
 
-The key for this Gop is _"addr, addr, dns_id"_. That means that in order to
-belong to the same Gop, _dns_pdus_ have to have both addresses and the
+The key for this GOP is _"addr, addr, dns_id"_. That means that in order to
+belong to the same GOP, _dns_pdus_ have to have both addresses and the
 _request id_ identical. We then instruct MATE that a _dns_req_ starts whenever
-a _dns_pdu_ matches _"dns_resp=0"_ and that it stops when another _dns_pdu_
-matches _"dns_resp=1"_.
+a _dns_pdu_ matches _"dns_resp=++"++False++"++"_ and that it stops when another _dns_pdu_
+matches _"dns_resp=++"++True++"++"_.
 
 At this point, if we open a capture file using this configuration, we are able
 to use a display filter *mate.dns_req.Time > 1* to see only the packets of
 DNS requests that take more than one second to complete.
 
 We can use a display filter *mate.dns_req && ! mate.dns_req.Time* to find
-requests for which no response was given. *mate.xxx.Time* is set only for Gops
+requests for which no response was given. *mate.xxx.Time* is set only for GOPs
 that have being stopped.
 
-==== A Gop for HTTP requests
+==== A GOP for HTTP requests
 
-This other example creates a Gop for every HTTP request.
+This other example creates a GOP for every HTTP request.
 
 ----
 Pdu http_pdu Proto http Transport tcp/ip {
-  Extract addr From ip.addr;
-  Extract port From tcp.port;
-  Extract http_rq From http.request.method;
-  Extract http_rs From http.response;
-  DiscardPduData true;
+    Extract addr From ip.addr;
+    Extract port From tcp.port;
+    Extract http_rq From http.request.method;
+    Extract http_rs From http.response;
+    DiscardPduData true;
 };
 
 Gop http_req On http_pdu Match (addr, addr, port, port) {
-  Start (http_rq);
-  Stop (http_rs);
+    Start (http_rq);
+    Stop (http_rs);
 };
 ----
 
@@ -997,64 +1044,64 @@ response header takes more than one second to come
 * filtering with *mate.http_req.Duration > 1.5* will show those request that
 take more than 1.5 seconds to complete.
 
-You have to know that *mate.xxx.Time* gives the time in seconds between the pdu
-matching the GopStart and the Pdu matching the GopStop (yes, you can create
+You have to know that *mate.xxx.Time* gives the time in seconds between the PDU
+matching the GOP *Start* clause and the PDU matching the GOP *Stop* clause (yes, you can create
 timers using this!). On the other hand, *mate.xxx.Duration* gives you the time
-passed between the GopStart and the last pdu assigned to that Gop regardless
-whether it is a stop or not. After the GopStop, Pdus matching the Gop's Key will
-still be assigned to the same Gop as far as they don't match the GopStart, in
-which case a new Gop with the same key will be created.
+passed between the GOP *Start* and the last PDU assigned to that GOP regardless
+whether it is a *Stop* or not. After the GOP *Stop*, PDUs matching the GOP's Key will
+still be assigned to the same GOP as far as they don't match the GOP *Start*, in
+which case a new GOP with the same key will be created.
 
-==== Getting DNS and HTTP together into a Gog
+==== Getting DNS and HTTP together into a GOG
 
-We'll tie together to a single Gog all the http packets belonging to requests
-and responses to a certain host and the dns request and response used to resolve
-its domain name using the Pdu and Gop definitions of the previous examples
+We'll tie together to a single GOG all the HTTP packets belonging to requests
+and responses to a certain host and the DNS request and response used to resolve
+its domain name using the _Pdu_ and _Gop_ definitions of the previous examples
 
 To be able to group DNS and HTTP requests together, we need to import into the
-Pdus and Gops some part of information that both those protocols share. Once the
-Pdus and Gops have been defined, we can use _Extract_ (for Pdus) and
-_Extract_ (for Gops) statements to tell MATE what other protocol fields are to
-be added to Pdus' and Gops' AVPLs. We add the following statements to the
+PDUs and GOPs some part of information that both those protocols share. Once the
+PDUs and GOPs have been defined, we can use _Extract_ (for PDUs) and
+_Extract_ (for GOPs) statements to tell MATE what other protocol fields are to
+be added to PDU's and GOP's AVPLs. We add the following statements to the
 appropriate declarations:
 
 ----
-Extract host From http.host; // to Pdu http_pdu as the last Extract in the list
-Extra (host); // to Gop http_req after the Stop
+    Extract host From http.host; // to Pdu http_pdu as the last Extract in the list
+    Extra (host); // to Gop http_req after the Stop
 
-Extract host From dns.qry.name; // to Pdu dns_pdu as the last Extract in the list
-Extra (host); // to Gop dns_req after the Stop
+    Extract host From dns.qry.name; // to Pdu dns_pdu as the last Extract in the list
+    Extra (host); // to Gop dns_req after the Stop
 ----
 
 Here we've told MATE to import _http.host_ into _http_pdu_ and _dns.qry.name_
 into _dns_pdu_ as _host_. We also have to tell MATE to copy the _host_
-attribute from the Pdus to the Gops, we do this using _Extra_.
+attribute from the PDUs to the GOPs - we do this using _Extra_.
 
-Once we have all the data we need in Pdus and Gops, we tell MATE what makes
-different Gops belong to a certain Gog.
+Once we have all the data we need in PDUs and GOPs, we tell MATE what makes
+different GOPs belong to a certain GOG.
 
 ----
 Gog http_use {
-  Member http_req (host);
-  Member dns_req (host);
-  Expiration 0.75;
+    Member http_req (host);
+    Member dns_req (host);
+    Expiration 0.75;
 };
 ----
 
-Using the _Gog_ declaration, we tell MATE to define a Gog type _Named_
-_http_use_ whose expiration is 0.75 seconds after all the Gops that belong to it
-had been stopped. After that time, an eventual new Gop with the same key match
-will create a new Gog instead of been added to the previous Gog.
+Using the _Gog_ declaration, we tell MATE to define a GOG type named
+_http_use_ whose expiration is 0.75 seconds after all the GOPs that belong to it
+had been stopped. After that time, an eventual new GOP with the same key match
+will create a new GOG instead of been added to the previous GOG.
 
 Using the _Member_ statements, we tell MATE that *http_req*s with the same
-*host* belong to the same Gog, same thing for *dns_req*s.
+*host* belong to the same GOG, same thing for *dns_req*s.
 
-So far we have instructed mate to group every packet related to sessions towards
+So far we have instructed MATE to group every packet related to sessions towards
 a certain host. At this point if we open a capture file and:
 
 * a display filter *mate.http_use.Duration > 5* will show only those requests
 that have taken more than 5 seconds to complete starting from the DNS request
-and ending with the last packet of the http responses.
+and ending with the last packet of the HTTP responses.
 
 * a display filter *mate.http_use.host == "www.w3c.org"* will show all the
 packets (both DNS and HTTP) related to the requests directed to www.w3c.org
@@ -1065,60 +1112,60 @@ packets (both DNS and HTTP) related to the requests directed to www.w3c.org
 
 This configuration works fine if used for captures taken at the client's side
 but deeper in the network we'd got a real mess. Requests from many users get
-mixed together into _http_uses_. Gogs are created and stopped almost randomly
-(depending on the timing in which Gops start and stop). How do we get requests
+mixed together into _http_uses_. GOGs are created and stopped almost randomly
+(depending on the timing in which GOPs start and stop). How do we get requests
 from individual users separated from each other?
 
 MATE has a tool that can be used to resolve this kind of grouping issues. This
-tool are the _Transforms_. Once defined, they can be applied against Pdus,
-Gops and Gogs and they might replace or insert more attributes based on what's
-there. We'll use them to create an attribute named client, using which we'll
+tool are the _Transforms_. Once defined, they can be applied against PDUs,
+GOPs and GOGs and they might replace or insert more attributes based on what's
+there. We'll use them to create an attribute named *client*, using which we'll
 separate different requests.
 
-For DNS we need the ip.src of the request moved into the Gop only from the DNS
+For DNS we need the ip.src of the request moved into the GOP only from the DNS
 request.
 
 So we first tell MATE to import ip.src as client:
 
 ----
-Extract client From ip.src;
+    Extract client From ip.src;
 ----
 
-Next, we tell MATE to replace ( *dns_resp=1, client* ) with just *dns_resp=1* in
-the Pdu. That way, we'll keep the attribute *client* only in the DNS request
-Pdus (i.e., packets coming from the client).To do so, we have to add a
-_Transform_ declaration (in this case, with just one clause) before the Pdu
+Next, we tell MATE to replace ( *dns_resp="True", client* ) with just *dns_resp="True"* in
+the PDU. That way, we'll keep the attribute *client* only in the DNS request
+PDUs (i.e., packets coming from the client).To do so, we have to add a
+_Transform_ declaration (in this case, with just one clause) before the _Pdu_
 declaration which uses it:
 
 ----
 Transform rm_client_from_dns_resp {
-  Match (dns_resp=1, client) Replace (dns_resp=1);
+    Match (dns_resp="True", client) Replace (dns_resp="True");
 };
 ----
 
 Next, we invoke the transform by adding the following line after the _Extract_
-list of the dns_pdu Pdu:
+list of the dns_pdu PDU:
 
 ----
-  Transform rm_client_from_dns_resp;
+    Transform rm_client_from_dns_resp;
 ----
 
 HTTP is a little trickier. We have to remove the attribute carrying ip.src from
 both the response and the "continuations" of the response, but as there is
 nothing to filter on for the continuations, we have to add a fake attribute
-first. And then we have to remove client when the fake attribute appears.
+first. And then we have to remove *client* when the fake attribute appears.
 This is possible due to the fact that the _Match_ clauses in the _Transform_
 are executed one by one until one of them succeeds. First, we declare another
 two _Transforms_:
 
 ----
 Transform rm_client_from_http_resp1 {
-  Match (http_rq); //first match wins so the request won't get the not_rq attribute inserted
-  Match Every (addr) Insert (not_rq); //this line won't be evaluated if the first one matched so not_rq won't be inserted to requests
+    Match (http_rq); //first match wins so the request won't get the not_rq attribute inserted
+    Match Every (addr) Insert (not_rq); //this line won't be evaluated if the first one matched so not_rq won't be inserted to requests
 };
 
 Transform rm_client_from_http_resp2 {
-  Match (not_rq, client) Replace (); //replace "client and not_rq" with nothing (will happen only in the response and eventual parts of it)
+    Match (not_rq, client) Replace (); //replace "client and not_rq" with nothing (will happen only in the response and eventual parts of it)
 };
 ----
 
@@ -1126,8 +1173,8 @@ Next, we add another _Extract_ statement to the _http_pdu_ declaration, and
 apply both _Transforms_ declared above in a proper order:
 
 ----
-  Extract client From ip.src;
-  Transform rm_client_from_http_resp1, rm_client_from_http_resp2;
+    Extract client From ip.src;
+    Transform rm_client_from_http_resp1, rm_client_from_http_resp2;
 ----
 
 In MATE, all the _Transform_s listed for an item will be evaluated, while
@@ -1137,24 +1184,24 @@ first sequence before adding the _not_rq_ attribute. Then we apply the second
 _Transform_ which removes both _not_rq_ and _client_ if both are there. Yes,
 _Transform_s are cumbersome, but they are very useful.
 
-Once we got all what we need in the Pdus, we have to tell MATE to copy the
-attribute _client_ from the Pdus to the respective Gops, by adding client to
-_Extra_ lists of both Gop declarations:
+Once we got all what we need in the PDUs, we have to tell MATE to copy the
+attribute _client_ from the PDUs to the respective GOPs, by adding client to
+_Extra_ lists of both _Gop_ declarations:
 
 ----
-Extra (host, client);
+    Extra (host, client);
 ----
 
-On top of that, we need to modify the old declarations of Gop key to new ones
-that include both _client_ and _host_. So we change the Gog *Member*
+On top of that, we need to modify the old declarations of GOP key to new ones
+that include both _client_ and _host_. So we change the _Gog_ *Member*
 declarations the following way:
 
 ----
-  Member http_req (host, client);
-  Member dns_req (host, client);
+    Member http_req (host, client);
+    Member dns_req (host, client);
 ----
 
-Now we got it, every "usage" gets its own Gog.
+Now we got it, every "usage" gets its own GOG.
 
 [#ChMateConfigurationExamples]
 
@@ -1164,22 +1211,29 @@ The following is a collection of various configuration examples for MATE. Many
 of them are useless because the "conversations" facility does a better job.
 Anyway they are meant to help users understanding how to configure MATE.
 
-==== TCP session
+[#File_tcp_mate]
+==== TCP session (tcp.mate)
 
-The following example creates a GoP out of every TCP session.
+The following example creates a GOP out of every TCP session.
 
 ----
+Transform add_tcp_stop {
+    Match (tcp_flags_reset="True") Insert (tcp_stop="True");
+    Match (tcp_flags_fin="True") Insert (tcp_stop="True");
+};
+
 Pdu tcp_pdu Proto tcp Transport ip {
     Extract addr From ip.addr;
     Extract port From tcp.port;
     Extract tcp_start From tcp.flags.syn;
-    Extract tcp_stop From tcp.flags.reset;
-    Extract tcp_stop From tcp.flags.fin;
+    Extract tcp_flags_reset From tcp.flags.reset;
+    Extract tcp_flags_fin From tcp.flags.fin;
+    Transform add_tcp_stop;
 };
 
 Gop tcp_ses On tcp_pdu Match (addr, addr, port, port) {
-    Start (tcp_start=1);
-    Stop (tcp_stop=1);
+    Start (tcp_start="True");
+    Stop (tcp_stop="True");
 };
 
 Done;
@@ -1187,54 +1241,54 @@ Done;
 
 This probably would do fine in 99.9% of the cases but 10.0.0.1:20->10.0.0.2:22 and 10.0.0.1:22->10.0.0.2:20 would both fall into the same gop if they happen to overlap in time.
 
-* filtering with *mate.tcp_ses.Time > 1* will give all the sessions that last less than one second
+* filtering with *mate.tcp_ses.Time > 1* will give all the sessions that last more than one second
 * filtering with *mate.tcp_ses.NumOfPdus < 5* will show all tcp sessions that have less than 5 packets.
 * filtering with *mate.tcp_ses.Id == 3* will show all the packets for the third tcp session MATE has found
 
-==== a Gog for a complete FTP session
+==== a GOG for a complete FTP session
 
-This configuration allows to tie a complete passive ftp session (including the
-data transfer) in a single Gog.
+This configuration allows to tie a complete passive FTP session (including the
+data transfer) in a single GOG.
 
 ----
 Pdu ftp_pdu Proto ftp Transport tcp/ip {
-        Extract ftp_addr From ip.addr;
-        Extract ftp_port From tcp.port;
-        Extract ftp_resp From ftp.response.code;
-        Extract ftp_req From ftp.request.command;
-        Extract server_addr From ftp.passive.ip;
-        Extract server_port From ftp.passive.port;
-
-        LastPdu;
+    Extract ftp_addr From ip.addr;
+    Extract ftp_port From tcp.port;
+    Extract ftp_resp From ftp.response.code;
+    Extract ftp_req From ftp.request.command;
+    Extract server_addr From ftp.passive.ip;
+    Extract server_port From ftp.passive.port;
+
+    LastPdu true;
 };
 
 Pdu ftp_data_pdu Proto ftp-data Transport tcp/ip{
-        Extract server_addr From ip.src;
-        Extract server_port From tcp.srcport;
+    Extract server_addr From ip.src;
+    Extract server_port From tcp.srcport;
 
 };
 
-Gop ftp_data On ftp_data_pdu (server_addr, server_port) {
-        Start (server_addr);
+Gop ftp_data On ftp_data_pdu Match (server_addr, server_port) {
+    Start (server_addr);
 };
 
-Gop ftp_ctl On ftp_pdu (ftp_addr, ftp_addr, ftp_port, ftp_port) {
-        Start (ftp_resp=220);
-        Stop (ftp_resp=221);
-        Extra (server_addr, server_port);
+Gop ftp_ctl On ftp_pdu Match (ftp_addr, ftp_addr, ftp_port, ftp_port) {
+    Start (ftp_resp=220);
+    Stop (ftp_resp=221);
+    Extra (server_addr, server_port);
 };
 
 Gog ftp_ses {
-        Member ftp_ctl (ftp_addr, ftp_addr, ftp_port, ftp_port);
-        Member ftp_data (server_addr, server_port);
+    Member ftp_ctl (ftp_addr, ftp_addr, ftp_port, ftp_port);
+    Member ftp_data (server_addr, server_port);
 };
 
 Done;
 ----
 
 Note: not having anything to distinguish between ftp-data packets makes this
-config to create one Gop for every ftp-data packet instead of each transfer.
-Pre-started Gops would avoid this.
+config to create one GOP for every ftp-data packet instead of each transfer.
+Pre-started GOPs would avoid this.
 
 ==== using RADIUS to filter SMTP traffic of a specific user
 
@@ -1285,46 +1339,46 @@ Done;
 ----
 
 Filtering the capture file with *mate.user_mail.username == "theuser"* will
-filter the radius packets and smtp traffic for _"theuser"_.
+filter the RADIUS packets and SMTP traffic for _"theuser"_.
 
 ==== H323 Calls
 
-This configuration will create a Gog out of every call.
+This configuration will create a GOG out of every call.
 
 ----
 Pdu q931 Proto q931 Transport ip {
-        Extract addr From ip.addr;
-        Extract call_ref From q931.call_ref;
-        Extract q931_msg From q931.message_type;
-        Extract calling From q931.calling_party_number.digits;
-        Extract called From q931.called_party_number.digits;
-        Extract guid From h225.guid;
-        Extract q931_cause From q931.cause_value;
+    Extract addr From ip.addr;
+    Extract call_ref From q931.call_ref;
+    Extract q931_msg From q931.message_type;
+    Extract calling From q931.calling_party_number.digits;
+    Extract called From q931.called_party_number.digits;
+    Extract guid From h225.guid;
+    Extract q931_cause From q931.cause_value;
 };
 
 Gop q931_leg On q931 Match (addr, addr, call_ref) {
-        Start (q931_msg=5);
-        Stop (q931_msg=90);
-        Extra (calling, called, guid, q931_cause);
+    Start (q931_msg=5);
+    Stop (q931_msg=90);
+    Extra (calling, called, guid, q931_cause);
 };
 
 Pdu ras Proto h225.RasMessage Transport ip {
-        Extract addr From ip.addr;
-        Extract ras_sn From h225.requestSeqNum;
-        Extract ras_msg From h225.RasMessage;
-        Extract guid From h225.guid;
+    Extract addr From ip.addr;
+    Extract ras_sn From h225.requestSeqNum;
+    Extract ras_msg From h225.RasMessage;
+    Extract guid From h225.guid;
 };
 
 Gop ras_req On ras Match (addr, addr, ras_sn) {
-        Start (ras_msg {0|3|6|9|12|15|18|21|26|30} );
-        Stop (ras_msg {1|2|4|5|7|8|10|11|13|14|16|17|19|20|22|24|27|28|29|31});
-        Extra (guid);
+    Start (ras_msg {0|3|6|9|12|15|18|21|26|30} );
+    Stop (ras_msg {1|2|4|5|7|8|10|11|13|14|16|17|19|20|22|24|27|28|29|31});
+    Extra (guid);
 };
 
 Gog call {
-        Member ras_req (guid);
-        Member q931_leg (guid);
-        Extra (called,calling,q931_cause);
+    Member ras_req (guid);
+    Member q931_leg (guid);
+    Extra (called,calling,q931_cause);
 };
 
 Done;
@@ -1339,10 +1393,10 @@ with this we can:
 ==== MMS
 
 With this example, all the components of an MMS send or receive will be tied
-into a single Gog. Note that this example uses the _Payload_ clause because
+into a single GOG. Note that this example uses the _Payload_ clause because
 MMS delivery uses MMSE over either HTTP or WSP. As it is not possible to relate
 the retrieve request to a response by the means of MMSE only (the request is
-just an HTTP GET without any MMSE), a Gop is made of HTTP Pdus but MMSE data
+just an HTTP GET without any MMSE), a GOP is made of HTTP PDUs but MMSE data
 need to be extracted from the bodies.
 
 ----
@@ -1351,61 +1405,61 @@ need to be extracted from the bodies.
 ## tested against any capture file due to lack of the latter.
 
 Transform rm_client_from_http_resp1 {
-        Match (http_rq);
-        Match Every (addr) Insert (not_rq);
+    Match (http_rq);
+    Match Every (addr) Insert (not_rq);
 };
 
 Transform rm_client_from_http_resp2 {
-        Match (not_rq,ue) Replace ();
+    Match (not_rq,ue) Replace ();
 };
 
 Pdu mmse_over_http_pdu Proto http Transport tcp/ip {
-        Payload mmse;
-        Extract addr From ip.addr;
-        Extract port From tcp.port;
-        Extract http_rq From http.request;
-        Extract content From http.content_type;
-        Extract resp From http.response.code;
-        Extract method From http.request.method;
-        Extract host From http.host;
-        Extract content From http.content_type;
-        Extract trx From mmse.transaction_id;
-        Extract msg_type From mmse.message_type;
-        Extract notify_status From mmse.status;
-        Extract send_status From mmse.response_status;
-        Transform rm_client_from_http_resp1, rm_client_from_http_resp2;
+    Payload mmse;
+    Extract addr From ip.addr;
+    Extract port From tcp.port;
+    Extract http_rq From http.request;
+    Extract content From http.content_type;
+    Extract resp From http.response.code;
+    Extract method From http.request.method;
+    Extract host From http.host;
+    Extract content From http.content_type;
+    Extract trx From mmse.transaction_id;
+    Extract msg_type From mmse.message_type;
+    Extract notify_status From mmse.status;
+    Extract send_status From mmse.response_status;
+    Transform rm_client_from_http_resp1, rm_client_from_http_resp2;
 };
 
 Gop mmse_over_http On mmse_over_http_pdu Match (addr, addr, port, port) {
-        Start (http_rq);
-        Stop (http_rs);
-        Extra (host, ue, resp, notify_status, send_status, trx);
+    Start (http_rq);
+    Stop (http_rs);
+    Extra (host, ue, resp, notify_status, send_status, trx);
 };
 
 Transform mms_start {
-        Match Loose() Insert (mms_start);
+    Match Loose() Insert (mms_start);
 };
 
 Pdu mmse_over_wsp_pdu Proto wsp Transport ip {
-        Payload mmse;
-        Extract trx From mmse.transaction_id;
-        Extract msg_type From mmse.message_type;
-        Extract notify_status From mmse.status;
-        Extract send_status From mmse.response_status;
-        Transform mms_start;
+    Payload mmse;
+    Extract trx From mmse.transaction_id;
+    Extract msg_type From mmse.message_type;
+    Extract notify_status From mmse.status;
+    Extract send_status From mmse.response_status;
+    Transform mms_start;
 };
 
 Gop mmse_over_wsp On mmse_over_wsp_pdu Match (trx) {
-        Start (mms_start);
-        Stop (never);
-        Extra (ue, notify_status, send_status);
+    Start (mms_start);
+    Stop (never);
+    Extra (ue, notify_status, send_status);
 };
 
 Gog mms {
-        Member mmse_over_http (trx);
-        Member mmse_over_wsp (trx);
-        Extra (ue, notify_status, send_status, resp, host, trx);
-        Expiration 60.0;
+    Member mmse_over_http (trx);
+    Member mmse_over_wsp (trx);
+    Extra (ue, notify_status, send_status, resp, host, trx);
+    Expiration 60.0;
 };
 ----
 
@@ -1413,13 +1467,13 @@ Gog mms {
 
 === MATE's configuration library
 
-The MATE library (will) contains GoP definitions for several protocols. Library
+The MATE library (will) contains GOP definitions for several protocols. Library
 protocols are included in your MATE config using: +_Action=Include;
 Lib=proto_name;_+.
 
 For Every protocol with a library entry, we'll find defined what from the PDU is
-needed to create a GoP for that protocol, eventually any criteria and the very
-essential GoP definition (i.e., __GopDef__, _GopStart_ and _GopStop_).
+needed to create a GOP for that protocol, eventually any criteria and the very
+essential GOP definition (i.e., __Gop__, _Start_ and _Stop_).
 
 [NOTE]
 ====
@@ -1432,20 +1486,36 @@ these in the new format.
 
 ===== TCP
 
-It will create a GoP for every TCP session, If it is used it should be the last
+It will create a GOP for every TCP session. If it is used it should be the last
 one in the list. And every other proto on top of TCP should be declared with
-_Stop=TRUE;_ so the a TCP PDU is not created where we got already one going on.
+_LastPdu=TRUE;_ so that a TCP PDU is not created where another pdu type exists.
 
 ----
-   Action=PduDef; Name=tcp_pdu; Proto=tcp; Transport=ip; addr=ip.addr; port=tcp.port; tcp_start=tcp.flags.syn; tcp_stop=tcp.flags.fin; tcp_stop=tcp.flags.reset;
-   Action=GopDef; Name=tcp_session; On=tcp_pdu; addr; addr; port; port;
-   Action=GopStart; For=tcp_session; tcp_start=1;
-   Action=GopStop; For=tcp_session; tcp_stop=1;
+Transform add_tcp_stop {
+    Match (tcp_flags_reset="True") Insert (tcp_stop="True");
+    Match (tcp_flags_fin="True") Insert (tcp_stop="True");
+};
+
+Pdu tcp_pdu Proto tcp Transport ip {
+    Extract addr From ip.addr;
+    Extract port From tcp.port;
+    Extract tcp_start From tcp.flags.syn;
+    Extract tcp_flags_reset From tcp.flags.reset;
+    Extract tcp_flags_fin From tcp.flags.fin;
+    Transform add_tcp_stop;
+};
+
+Gop tcp_ses On tcp_pdu Match (addr, addr, port, port) {
+    Start (tcp_start="True");
+    Stop (tcp_stop="True");
+};
+
+Done;
 ----
 
 ===== DNS
 
-will create a GoP containing every request and its response (eventually
+will create a GOP containing every request and its response (eventually
 retransmissions too).
 
 ----
@@ -1458,7 +1528,7 @@ Action=GopStop; For=dns_req; dns_rsp=1;
 
 ===== RADIUS
 
-A Gop for every transaction.
+A GOP for every transaction.
 
 ----
 Action=PduDef; Name=radius_pdu; Proto=radius; Transport=udp/ip; addr=ip.addr; port=udp.port; radius_id=radius.id; radius_code=radius.code;
@@ -1482,7 +1552,7 @@ Action=GopExtra; For=rtsp_ses; rtsp_ses; rtsp_url;
 
 ==== VoIP/Telephony
 
-Most protocol definitions here will create one Gop for every Call Leg unless
+Most protocol definitions here will create one GOP for every Call Leg unless
 stated.
 
 ===== ISUP
@@ -1529,7 +1599,7 @@ Action=GopStop; For=sip; sip_method=BYE;
 
 ===== MEGACO
 
-Will create a Gop out of every transaction.
+Will create a GOP out of every transaction.
 
 To "tie" them to your call's GoG use: _Action=GogKey; Name=your_call; On=mgc_tr;
 addr!mgc_addr; megaco_ctx;_
@@ -1547,7 +1617,7 @@ Action=GopExtra; For=mgc_tr; term^DS1; megaco_ctx!Choose one;
 
 === MATE's reference manual
 
-==== Attribute Value Pairs
+==== Attribute Value Pairs (AVP)
 
 MATE uses AVPs for almost everything: to keep the data it has extracted from the
 frames' trees as well as to keep the elements of the configuration.
@@ -1555,11 +1625,11 @@ frames' trees as well as to keep the elements of the configuration.
 These "pairs" (actually tuples) are made of a name, a value and, in case of
 configuration AVPs, an operator. Names and values are strings. AVPs with
 operators other than '=' are used only in the configuration and are used for
-matching AVPs of Pdus, GoPs and GoGs in the analysis phase.
+matching AVPs of PDUs, GOPs and GOGs in the analysis phase.
 
 ===== Name
 
-The name is a string used to refer to a class of AVPs. Two attributes won't
+The name is a string used to refer to a type of AVP. Two attributes won't
 match unless their names are identical. Capitalized names are reserved for
 keywords (you can use them for your elements if you want but I think it's not
 the case). MATE attribute names can be used in Wireshark's display filters the
@@ -1573,7 +1643,7 @@ AVPs) or by MATE while extracting interesting fields from a dissection tree
 and/or manipulating them later. The values extracted from fields use the same
 representation as they do in filter strings.
 
-===== Operators
+==== AVP Operators (=,!,{},^,$,~,<,>,?)
 
 Currently only match operators are defined (there are plans to (re)add transform
 attributes but some internal issues have to be solved before that). The match
@@ -1604,7 +1674,7 @@ higher than the configuration value string.
 what the value string is.
 
 [#Equal]
-====== Equal AVP Operator
+===== Equal AVP Operator (=)
 
 This operator tests whether the values of the operator and the operand AVP are
 equal.
@@ -1614,7 +1684,7 @@ attrib=aaa *matches* attrib=aaa +
 attrib=aaa *does not match* attrib=bbb
 
 [#NotEqual]
-====== Not equal AVP operator
+===== Not equal AVP operator (!)
 
 This operator matches if the value strings of two AVPs are not equal.
 
@@ -1623,7 +1693,7 @@ attrib=aaa matches attrib!bbb +
 attrib=aaa does not match attrib!aaa
 
 [#OneOf]
-====== "One of" AVP operator
+===== "One of" AVP operator ({})
 
 The "one of" operator matches if the data AVP value is equal to one of the
 values listed in the "one of" AVP.
@@ -1634,7 +1704,7 @@ attrib=2 matches attrib{1|2|3} +
 attrib=4 does not match attrib{1|2|3}
 
 [#StartsWith]
-====== "Starts with" AVP operator
+===== "Starts with" AVP operator (^)
 
 The "starts with" operator matches if the first characters of the data AVP
 value are identical to the configuration AVP value.
@@ -1647,7 +1717,7 @@ attrib=abcd does not match attrib^bcd +
 attrib=abc does not match attrib^abcd +
 
 [#EndsWith]
-====== "Ends with" operator
+===== "Ends with" operator ($)
 
 The ends with operator will match if the last bytes of the data AVP value are
 equal to the configuration AVP value.
@@ -1658,7 +1728,7 @@ attrib=yz does not match attrib$xyz +
 attrib=abc...wxyz does not match attrib$abc
 
 [#Contains]
-====== Contains operator
+===== Contains operator (~)
 
 The "contains" operator will match if the data AVP value contains a string
 identical to the configuration AVP value.
@@ -1670,7 +1740,7 @@ attrib=abcde matches attrib~cde +
 attrib=abcde does not match attrib~xyz
 
 [#LowerThan]
-====== "Lower than" operator
+===== "Lower than" operator (<)
 
 The "lower than" operator will match if the data AVP value is semantically lower
 than the configuration AVP value.
@@ -1687,7 +1757,7 @@ BUGS
 It should check whether the values are numbers and compare them numerically
 
 [#HigherThan]
-====== "Higher than" operator
+===== "Higher than" operator (>)
 
 The "higher than" operator will match if the data AVP value is semantically
 higher than the configuration AVP value.
@@ -1705,7 +1775,7 @@ BUGS
 It should check whether the values are numbers and compare them numerically
 
 [#Exists]
-====== Exists operator
+===== Exists operator (?)
 
 The exists operator will always match as far as the two operands have the same
 name.
@@ -1716,14 +1786,15 @@ attrib=abc matches attrib? +
 attrib=abc matches attrib (this is just an alternative notation of the previous example) +
 obviously attrib=abc does not match other_attrib? +
 
-==== Attribute/Value Pair List (AVPL)
-Pdus, GoPs and GoGs use an AVPL to contain the tracing information. An AVPL is
+==== Attribute Value Pair List (AVPL)
+PDUs, GOPs and GOGs use an AVPL to contain the tracing information. An AVPL is
 an unsorted set of <<AVP,AVPs>> that can be matched against other AVPLs.
 
-===== Operations between AVPLs
+[#Match]
+==== Operations between AVPLs (Match)
 
 There are three types of match operations that can be performed between AVPLs.
-The Pdu's/GoP's/GoG's AVPL will be always one of the operands; the AVPL operator
+The PDU's/GOP's/GOG's AVPL will be always one of the operands; the AVPL operator
 (match type) and the second operand AVPL will always come from the
 <<Config,configuration>>.
 Note that a diverse AVP match operator may be specified for each AVP in the
@@ -1733,7 +1804,7 @@ An AVPL match operation returns a result AVPL. In <<Transform,Transform>>s, the
 result AVPL may be replaced by another AVPL. The replacement means that the
 existing data AVPs are dropped and the replacement AVPL from the
 <<Config,configuration>> is <<Merge,Merged>> to the data AVPL of the
-Pdu/GoP/GoG.
+PDU/GOP/GOG.
 
 * <<Loose,Loose Match>>: Will match if at least one of the AVPs of the two
 operand AVPLs match. If it matches, it returns a result AVPL containing all AVPs
@@ -1748,15 +1819,15 @@ configuration AVPL has at least one match in the data AVPL. If it matches, it
 returns a result AVPL containing those AVPs from the data AVPL that matched.
 
 [#Loose]
-====== Loose Match
+===== Loose Match
 
 A loose match between AVPLs succeeds if at least one of the data AVPs matches at
 least one of the configuration AVPs. Its result AVPL contains all the data AVPs
 that matched.
 
-Loose matches are used in Extra operations against the <<Pdu,Pdu>>'s AVPL to
-merge the result into <<Gop,Gop>>'s AVPL, and against <<Gop,Gop>>'s AVPL to
-merge the result into <<Gog,Gog>>'s AVPL. They may also be used in
+Loose matches are used in Extra operations against the <<Pdu,PDU>>'s AVPL to
+merge the result into <<Gop,GOP>>'s AVPL, and against <<Gop,GOP>>'s AVPL to
+merge the result into <<Gog,GOG>>'s AVPL. They may also be used in
 <<Criteria,Criteria>> and <<Transform,Transform>>s.
 
 [NOTE]
@@ -1775,7 +1846,7 @@ Loose Match Examples
 (attr_a=aaa, attr_b=bbb, attr_c=xxx) Match Loose (attr_a=xxx; attr_c=ccc) ==> No Match!
 
 [#Every]
-====== Every Match
+===== Every Match
 
 An "every" match between AVPLs succeeds if none of the configuration's AVPs that
 have a counterpart in the data AVPL fails to match. Its result AVPL contains all
@@ -1800,13 +1871,13 @@ https://gitlab.com/wireshark/wireshark/-/issues/12184[issue 12184].
 (attr_a=aaa; attr_b=bbb; attr_c=xxx) Match Every (attr_a=xxx, attr_c=ccc) ==> No Match!
 
 [#Strict]
-====== Strict Match
+===== Strict Match
 
 A Strict match between AVPLs succeeds if and only if every AVP in the
 configuration AVPL has at least one counterpart in the data AVPL and none of the
 AVP matches fails. The result AVPL contains all the data AVPs that matched.
 
-These are used between Gop keys (key AVPLs) and Pdu AVPLs. They may also be used
+These are used between GOP keys (key AVPLs) and PDU AVPLs. They may also be used
 in <<Criteria,Criteria>> and <<Transform,Transform>>s.
 
 Examples
@@ -1820,118 +1891,94 @@ Examples
 (attr_a=aaa, attr_b=bbb, attr_c=xxx) Match Strict (attr_a?, attr_c?, attr_d?) ==> No Match!
 
 [#Merge]
-====== AVPL Merge
+==== AVPL Merge
 
 An AVPL may be merged into another one. That would add to the latter every AVP
 from the former that does not already exist there.
 
 This operation is done
 
-* between the result of a key match and the Gop's or Gog's AVPL,
-* between the result of an Extra match and the Gop's or Gog's AVPL,
-* between the result of a <<Transform,Transform>> match and Pdu's/Gop's AVPL. If
+* between the result of a key match and the GOP's or GOG's AVPL,
+* between the result of an Extra match and the GOP's or GOG's AVPL,
+* between the result of a <<Transform,Transform>> match and PDU's/GOP's AVPL. If
 the operation specified by the Match clause is Replace, the result AVPL of the
 match is removed from the item's AVPL before the modify_avpl is merged into it.
 
 Examples
 
-(attr_a=aaa, attr_b=bbb) Merge (attr_a=aaa, attr_c=xxx) former becomes (attr_a=aaa, attr_b=bbb, attr_c=xxx)
+(attr_a=aaa, attr_b=bbb) "merge" (attr_a=aaa, attr_c=xxx) former becomes (attr_a=aaa, attr_b=bbb, attr_c=xxx)
 
-(attr_a=aaa, attr_b=bbb) Merge (attr_a=aaa, attr_a=xxx) former becomes (attr_a=aaa, attr_a=xxx, attr_b=bbb)
+Can't have multiple "attr_a" with same value "aaa"
 
-(attr_a=aaa, attr_b=bbb) Merge (attr_c=xxx, attr_d=ddd) former becomes (attr_a=aaa, attr_b=bbb, attr_c=xxx, attr_d=ddd)
+(attr_a=aaa, attr_b=bbb) "merge" (attr_a=aaa, attr_a=xxx) former becomes (attr_a=aaa, attr_a=xxx, attr_b=bbb)
 
-[#Transform]
-====== Transforms
+Multiple "attr_a" with different values "aaa" and "xxx"
 
-A Transform is a sequence of Match rules optionally followed by an instruction
-how to modify the match result using an additional AVPL. Such modification may
-be an Insert (merge) or a Replace. The syntax is as follows:
+(attr_a=aaa, attr_b=bbb) "merge" (attr_c=xxx, attr_d=ddd) former becomes (attr_a=aaa, attr_b=bbb, attr_c=xxx, attr_d=ddd)
 
-----
-Transform name {
-    Match [Strict|Every|Loose] match_avpl [[Insert|Replace] modify_avpl] ; // may occur multiple times, at least once
-};
-----
-
-For examples of Transforms, check the <<ChMateManual,Manual>> page.
-
-TODO: migrate the examples here?
-
-The list of Match rules inside a Transform is processed top to bottom;
-the processing ends as soon as either a Match rule succeeds or all have been
-tried in vain.
-
-Transforms can be used as helpers to manipulate an item's AVPL before the item
-is processed further. An item declaration may contain a Transform clause
-indicating a list of previously declared Transforms. Regardless whether the
-individual transforms succeed or fail, the list is always executed completely
-and in the order given, i.e., left to right.
-
-In MATE configuration file, a Transform must be declared before declaring any
-item which uses it.
+All AVP names are unique so resulting AVPL contains all AVPs from both AVPLs
 
 [#Config]
-=== Configuration AVPLs
+=== Configuration Reference (mate.config)
 [#Pdu]
-==== Pdsu's configuration actions
+==== PDU declaration block
 
 The following configuration AVPLs deal with PDU creation and data extraction.
 
-===== Pdu declaration block header
+===== _Pdu_ declaration block header
 
 In each frame of the capture, MATE will look for source _proto_name_'s PDUs in
 the order in which the declarations appear in its configuration and will create
-Pdus of every type it can from that frame, unless specifically instructed that
-some Pdu type is the last one to be looked for in the frame. If told so for a
-given type, MATE will extract all Pdus of that type and the previously declared
+PDUs of every type it can from that frame, unless specifically instructed that
+some PDU type is the last one to be looked for in the frame. If told so for a
+given type, MATE will extract all PDUs of that type and the previously declared
 types it finds in the frame but not those declared later.
 
-The complete declaration of a Pdu looks as below; the mandatory order of the
+The complete declaration of a _Pdu_ looks as below; the mandatory order of the
 diverse clauses is as shown.
 
 ----
-    Pdu name Proto proto_name Transport proto1[/proto2/proto3[/...]]] {
-      Payload proto; //optional, no default value
-      Extract attribute From proto.field ; //may occur multiple times, at least once
-      Transform (transform1[, transform2[, ...]]); //optional
-      Criteria [{Accept|Reject}] [{Strict|Every|Loose} match_avpl];
-      DropUnassigned {true|false}; //optional, default=false
-      DiscardPduData {true|false}; //optional, default=false
-      LastExtracted {true|false}; //optional, default=false
-    };
+Pdu name Proto proto_name Transport {proto1[/proto2/proto3[/...]|mate}; {
+    Payload proto; //optional, no default value
+    Extract attribute From proto.field ; //may occur multiple times, at least once
+    Transform transform1[, transform2[, ...]]; //optional
+    Criteria {Accept|Reject} {Strict|Every|Loose} match_avpl; //optional
+    DropUnassigned {TRUE|FALSE}; //optional, default=FALSE
+    DiscardPduData {TRUE|FALSE}; //optional, default=FALSE
+    LastPdu {TRUE|FALSE}; //optional, default=FALSE
+};
 ----
 
-===== Pdu name
+====== Pdu name
 
-The _name_ is a mandatory attribute of a Pdu declaration. It is chosen
+The _name_ is a mandatory attribute of a _Pdu_ declaration. It is chosen
 arbitrarily, except that each _name_ may only be used once in MATE's
 configuration, regardless the class of an item it is used for. The _name_ is
-used to distinguish between different types of Pdus, Gops, and Gogs. The _name_
-is also used as part of the filterable fields' names related to this type of Pdu
+used to distinguish between different types of PDUs, GOPs, and GOGs. The _name_
+is also used as part of the filterable fields' names related to this type of PDU
 which MATE creates.
 
-However, several Pdu declarations may share the same _name_. In such case, all
+However, several _Pdu_ declarations may share the same _name_. In such case, all
 of them are created from each source PDU matching their _Proto_, _Transport_,
 and _Payload_ clauses, while the bodies of their declarations may be totally
 different from each other. Together with the _Accept_ (or _Reject_) clauses,
-this feature is useful when it is necessary to build the Pdu's AVPL from
+this feature is useful when it is necessary to build the PDU's AVPL from
 different sets of source fields depending on contents (or mere presence) of
 other source fields.
 
 ====== Proto and Transport clauses
 
 Every instance of the protocol _proto_name_ PDU in a frame will generate one
-Pdu with the AVPs extracted from fields that are in the _proto_name_'s range
+PDU with the AVPs extracted from fields that are in the _proto_name_'s range
 and/or the ranges of underlying protocols specified by the _Transport_ list.
-It is a mandatory attribute of a Pdu declaration. The _proto_name_ is the name
+It is a mandatory attribute of a _Pdu_ declaration. The _proto_name_ is the name
 of the protocol as used in Wireshark display filter.
 
-The Pdu's _Proto_, and its _Transport_ list of protocols separated by / tell
-MATE which fields of a frame can get into the Pdu's AVPL. In order that MATE
+The PDU's _Proto_, and its _Transport_ list of protocols separated by / tell
+MATE which fields of a frame can get into the PDU's AVPL. In order that MATE
 would extract an attribute from a frame's protocol tree, the area representing
 the field in the hex display of the frame must be within the area of either the
-_Proto_ or its relative _Transport_ s. _Transport_ s are chosen moving backwards
+_Proto_ or its relative _Transport_++s++. _Transport_++s++ are chosen moving backwards
 from the protocol area, in the order they are given.
 
 _Proto http Transport tcp/ip_ does what you'd expect it to - it selects the
@@ -1943,24 +1990,24 @@ too doesn't work so far.
 
 Once we've selected the _Proto_ and _Transport_ ranges, MATE will fetch those
 protocol fields belonging to them whose extraction is declared using the
-_Extract_ clauses for the Pdu type. The _Transport_ list is also mandatory,
+_Extract_ clauses for the PDU type. The _Transport_ list is also mandatory,
 if you actually don't want to use any transport protocol, use _Transport mate_.
 (This didn't work until 0.10.9).
 
-====== Payload clause
+===== Payload clause
 
-Other than the Pdu's _Proto_ and its _Transport_ protocols, there is also a
+Other than the PDU's _Proto_ and its _Transport_ protocols, there is also a
 _Payload_ attribute to tell MATE from which ranges of _Proto_'s payload to
-extract fields of a frame into the Pdu. In order to extract an attribute from a
+extract fields of a frame into the PDU. In order to extract an attribute from a
 frame's tree the highlighted area of the field in the hex display must be within
-the area of the _Proto_'s relative payload(s). _Payload_ s are chosen moving
+the area of the _Proto_'s relative payload(s). _Payload_++s++ are chosen moving
 forward from the protocol area, in the order they are given.
 _Proto http Transport tcp/ip Payload mmse_ will select the first mmse range
 after the current http range. Once we've selected the _Payload_ ranges, MATE
 will fetch those protocol fields belonging to them whose extraction is declared
-using the _Extract_ clauses for the Pdu type.
+using the _Extract_ clauses for the PDU type.
 
-====== Extract clause
+===== Extract clause
 
 Each _Extract_ clause tells MATE which protocol field value to extract as an AVP
 value and what string to use as the AVP name. The protocol fields are referred
@@ -1968,294 +2015,330 @@ to using the names used in Wireshark display filters. If there is more than one
 such protocol field in the frame, each instance that fulfills the criteria
 stated above is extracted into its own AVP. The AVP names may be chosen
 arbitrarily, but to be able to match values originally coming from different
-Pdus (e.g., hostname from DNS query and a hostname from HTTP GET request) later
+PDUs (e.g., hostname from DNS query and a hostname from HTTP GET request) later
 in the analysis, identical AVP names must be assigned to them and the dissectors
 must provide the field values in identical format (which is not always the case).
 
-====== Transform clause
+===== Transform clause
 
-The _Transform_ clause specifies a list of previously declared _Transform_ s to
-be performed on the Pdu's AVPL after all protocol fields have been extracted to
+The _Transform_ clause specifies a list of previously declared _Transform_++s++ to
+be performed on the PDU's AVPL after all protocol fields have been extracted to
 it. The list is always executed completely, left to right. On the contrary, the
 list of Match clauses inside each individual _Transform_ is executed only until
 the first match succeeds.
 
 [#Criteria]
-====== Criteria clause
+===== Criteria clause
 
-This clause tells MATE whether to use the Pdu for analysis. It specifies a match
-AVPL, an AVPL match type (_Strict_, _Every_, or _Loose_) and the action to be
+This clause tells MATE whether to use the PDU for analysis. It specifies a match
+AVPL, an AVPL <<Match,Match type>> (_Strict_, _Every_, or _Loose_) and the action to be
 performed (_Accept_ or _Reject_) if the match succeeds. Once every attribute has
 been extracted and eventual transform list has been executed, and if the
-_Criteria_ clause is present, the Pdu's AVPL is matched against the match AVPL;
-if the match succeeds, the action specified is executed, i.e., the Pdu is
+_Criteria_ clause is present, the PDU's AVPL is matched against the match AVPL;
+if the match succeeds, the action specified is executed, i.e., the PDU is
 accepted or rejected. The default behaviors used if the respective keywords are
 omitted are _Strict_ and _Accept_. Accordingly, if the clause is omitted, all
-Pdus are accepted.
+PDUs are accepted.
 
-====== DropUnassigned clause
+===== DropUnassigned clause
 
-If set to _TRUE_, MATE will destroy the Pdu if it cannot assign it to a Gop.
+If set to _TRUE_, MATE will destroy the PDU if it cannot assign it to a GOP.
 If set to _FALSE_ (the default if not given), MATE will keep them.
 
-====== DiscardPduData clause
+===== DiscardPduData clause
 
-If set to _TRUE_, MATE will delete the Pdu's AVPL once it has analyzed it and
-eventually extracted some AVPs from it into the Gop's AVPL. This is useful to
+If set to _TRUE_, MATE will delete the PDU's AVPL once it has analyzed it and
+eventually extracted some AVPs from it into the GOP's AVPL. This is useful to
 save memory (of which MATE uses a lot). If set to _FALSE_ (the default if not
-given), MATE will keep the Pdu attributes.
+given), MATE will keep the PDU attributes.
 
-====== LastExtracted clause
+===== LastPdu clause
 
 If set to _FALSE_ (the default if not given), MATE will continue to look for
-Pdus of other types in the frame. If set to _TRUE_, it will not try to create
-Pdus of other types from the current frame, yet it will continue to try for the
+PDUs of other types in the frame. If set to _TRUE_, it will not try to create
+PDUs of other types from the current frame, yet it will continue to try for the
 current type.
 
 [#Gop]
-===== Gop's configuration actions
+==== GOP declaration block
 
-====== Gop declaration block header
+===== _Gop_ declaration block header
 
-Declares a Gop type and its prematch candidate key.
+Declares a Gop type and its candidate key.
 
 ----
-    Gop name On pduname Match key {
-      Start match_avpl; // optional
-      Stop match_avpl; // optional
-      Extra match_avpl; // optional
-      Transform transform_list; // optional
-      Expiration time; // optional
-      IdleTimeout time; // optional
-      Lifetime time; // optional
-      DropUnassigned [TRUE|FALSE]; //optional
-      ShowTree [NoTree|PduTree|FrameTree|BasicTree]; //optional
-      ShowTimes [TRUE|FALSE]; //optional, default TRUE
-    };
+Gop name On pduname Match key {
+    Start match_avpl; // optional
+    Stop match_avpl; // optional
+    Extra match_avpl; // optional
+    Transform transform_list; // optional
+    Expiration time; // optional
+    IdleTimeout time; // optional
+    Lifetime time; // optional
+    DropUnassigned [TRUE|FALSE]; //optional
+    ShowTree [NoTree|PduTree|FrameTree|BasicTree]; //optional
+    ShowTimes [TRUE|FALSE]; //optional, default TRUE
+};
 ----
 
 ====== Gop name
 
-The _name_ is a mandatory attribute of a Gop declaration. It is chosen
+The _name_ is a mandatory attribute of a _Gop_ declaration. It is chosen
 arbitrarily, except that each _name_ may only be used once in MATE's
 configuration, regardless the class of an item it is used for. The _name_ is
-used to distinguish between different types of Pdus, Gops, and Gogs. The _name_
+used to distinguish between different types of PDUs, GOPs, and GOGs. The _name_
 is also used as part of the filterable fields' names related to this type of
-Gop which MATE creates.
+GOP which MATE creates.
 
 ====== On clause
 
-The _name_ of Pdus which this type of Gop is supposed to be groupping. It is
+The _name_ of PDUs which this type of GOP is supposed to be grouping. It is
 mandatory.
 
 ====== Match clause
 
-Defines what AVPs form up the _key_ part of the Gop's AVPL (the Gop's _key_ AVPL
-or simply the Gop's _key_). All Pdus matching the _key_ AVPL of an active Gop
-are assigned to that Gop; a Pdu which contains the AVPs whose attribute names
-are listed in the Gop's _key_ AVPL, but they do not strictly match any active
-Gop's _key_ AVPL, will create a new Gop (unless a _Start_ clause is given).
-When a Gop is created, the elements of its key AVPL are copied from the creating
-Pdu.
+Defines what AVPs form up the _key_ part of the GOP's AVPL (the GOP's _key_ AVPL
+or simply the GOP's _key_). All PDUs matching the _key_ AVPL of an active GOP
+are assigned to that GOP; a PDU which contains the AVPs whose attribute names
+are listed in the GOP's _key_ AVPL, but they do not strictly match any active
+GOP's _key_ AVPL, will create a new GOP (unless a _Start_ clause is given).
+When a GOP is created, the elements of its key AVPL are copied from the creating
+PDU.
 
-====== Start clause
+===== Start clause
 
-If given, it tells MATE what match_avpl must a Pdu's AVPL match, in addition to
-matching the Gop's _key_, in order to start a Gop. If not given, any Pdu whose
-AVPL matches the Gop's _key_ AVPL will act as a start for a Gop. The Pdu's AVPs
-matching the match_avpl are not automatically copied into the Gop's AVPL.
+If given, it tells MATE what match_avpl must a PDU's AVPL match, in addition to
+matching the GOP's _key_, in order to start a GOP. If not given, any PDU whose
+AVPL matches the GOP's _key_ AVPL will act as a start for a GOP. The PDU's AVPs
+matching the match_avpl are not automatically copied into the GOP's AVPL.
 
-====== Stop clause
+===== Stop clause
 
-If given, it tells MATE what match_avpl must a Pdu's AVPL match, in addition to
-matching the Gop's key, in order to stop a Gop. If omitted, the Gop is
-"auto-stopped" - that is, the Gop is marked as stopped as soon as it is created.
-The Pdu's AVPs matching the match_avpl are not automatically copied into the
-Gop's AVPL.
+If given, it tells MATE what match_avpl must a PDU's AVPL match, in addition to
+matching the GOP's _key_, in order to stop a GOP. If omitted, the GOP is
+"auto-stopped" - that is, the GOP is marked as stopped as soon as it is created.
+The PDU's AVPs matching the match_avpl are not automatically copied into the
+GOP's AVPL.
 
-====== Extra clause
+===== Extra clause
 
-If given, tells MATE which AVPs from the Pdu's AVPL are to be copied into the
-Gop's AVPL in addition to the Gop's key.
+If given, tells MATE which AVPs from the PDU's AVPL are to be copied into the
+GOP's AVPL in addition to the GOP's key.
 
-====== Transform clause
+===== Transform clause
 
-The _Transform_ clause specifies a list of previously declared _Transform_ s to
-be performed on the Gop's AVPL after the AVPs from each new Pdu, specified by
-the key AVPL and the _Extra_ clause's match_avpl, have been merged into it.
+The _Transform_ clause specifies a list of previously declared _Transform_++s++ to
+be performed on the GOP's AVPL after the AVPs from each new PDU, specified by
+the _key_ AVPL and the _Extra_ clause's match_avpl, have been merged into it.
 The list is always executed completely, left to right. On the contrary, the list
 of _Match_ clauses inside each individual _Transform_ is executed only until
 the first match succeeds.
 
-====== Expiration clause
+===== Expiration clause
 
-A (floating) number of seconds after a Gop is _Stop_ ped during which further
-Pdus matching the _Stop_ ped Gop's key but not the _Start_ condition will still
-be assigned to that Gop. The default value of zero has an actual meaning of
-infinity, as it disables this timer, so all Pdus matching the _Stop_ ped Gop's
-key will be assigned to that Gop unless they match the _Start_ condition.
+A (floating) number of seconds after a GOP is _Stop_ ped during which further
+PDUs matching the _Stop_ ped GOP's key but not the _Start_ condition will still
+be assigned to that GOP. The default value of zero has an actual meaning of
+infinity, as it disables this timer, so all PDUs matching the _Stop_ ped GOP's
+key will be assigned to that GOP unless they match the _Start_ condition.
 
-====== IdleTimeout clause
+===== IdleTimeout clause
 
-A (floating) number of seconds elapsed from the last Pdu assigned to the Gop
-after which the Gop will be considered released. The default value of zero has
-an actual meaning of infinity, as it disables this timer, so the Gop won't be
-released even if no Pdus arrive - unless the _Lifetime_ timer expires.
+A (floating) number of seconds elapsed from the last PDU assigned to the GOP
+after which the GOP will be considered released. The default value of zero has
+an actual meaning of infinity, as it disables this timer, so the GOP won't be
+released even if no PDUs arrive - unless the _Lifetime_ timer expires.
 
-====== Lifetime clause
+===== Lifetime clause
 
-A (floating) of seconds after the Gop _Start_ after which the Gop will be
+A (floating) of seconds after the GOP _Start_ after which the GOP will be
 considered released regardless anything else. The default value of zero has an
 actual meaning of infinity.
 
-====== DropUnassigned clause
+===== DropUnassigned clause
 
-Whether or not a Gop that has not being assigned to any Gog should be discarded.
-If _TRUE_, the Gop is discarded right after creation. If _FALSE_, the default,
-the unassigned Gop is kept. Setting it to _TRUE_ helps save memory and speed up
+Whether or not a GOP that has not being assigned to any GOG should be discarded.
+If _TRUE_, the GOP is discarded right after creation. If _FALSE_, the default,
+the unassigned GOP is kept. Setting it to _TRUE_ helps save memory and speed up
 filtering.
 
-====== TreeMode clause
+===== TreeMode clause
 
-Controls the display of Pdus subtree of the Gop:
+Controls the display of PDUs subtree of the GOP:
 
 * _NoTree_: completely suppresses showing the tree
-* _PduTree_: the tree is shown and shows the Pdus by Pdu Id
-* _FrameTree_: the tree is shown and shows the Pdus by the frame number in which
+* _PduTree_: the tree is shown and shows the PDUs by PDU Id
+* _FrameTree_: the tree is shown and shows the PDUs by the frame number in which
 they are
 * _BasicTree_: needs investigation
 
-====== ShowTimes clause
+===== ShowTimes clause
 
-Whether or not to show the times subtree of the Gop. If _TRUE_, the default,
-the subtree with the timers is added to the Gop's tree. If _FALSE_, the subtree
+Whether or not to show the times subtree of the GOP. If _TRUE_, the default,
+the subtree with the timers is added to the GOP's tree. If _FALSE_, the subtree
 is suppressed.
 
 [#Gog]
-===== Gog's configuration actions
+==== GOG declaration block
 
-====== Gop declaration block header
+===== _Gog_ declaration block header
 
-Declares a Gog type and its prematch candidate key.
+Declares a Gog type and its candidate key.
 
 ----
-    Gog name {
-      Member gopname (key); // mandatory, at least one
-      Extra match_avpl; // optional
-      Transform transform_list; // optional
-      Expiration time; // optional, default 2.0
-      GopTree [NoTree|PduTree|FrameTree|BasicTree]; // optional
-      ShowTimes [TRUE|FALSE]; // optional, default TRUE
-    };
+Gog name {
+    Member gopname (key); // mandatory, at least one
+    Extra match_avpl; // optional
+    Transform transform_list; // optional
+    Expiration time; // optional, default 2.0
+    GopTree [NoTree|PduTree|FrameTree|BasicTree]; // optional
+    ShowTimes [TRUE|FALSE]; // optional, default TRUE
+};
 ----
 
-====== Gop name
+====== Gog name
 
-The _name_ is a mandatory attribute of a Gog declaration. It is chosen
+The _name_ is a mandatory attribute of a _Gog_ declaration. It is chosen
 arbitrarily, except that each _name_ may only be used once in MATE's
 configuration, regardless the class of an item it is used for. The _name_ is
-used to distinguish between different types of Pdus, Gops, and Gogs. The _name_
+used to distinguish between different types of PDUs, GOPs, and GOGs. The _name_
 is also used as part of the filterable fields' names related to this type of
-Gop which MATE creates.
+GOG which MATE creates.
 
-====== Member clause
+===== Member clause
 
-Defines the _key_ AVPL for the Gog individually for each Gop type _gopname_.
-All _gopname_ type Gops whose _key_ AVPL matches the corresponding _key_ AVPL
-of an active Gog are assigned to that Gog; a Gop which contains the AVPs whose
-attribute names are listed in the Gog's corresponding _key_ AVPL, but they do
-not strictly match any active Gog's _key_ AVPL, will create a new Gog. When a
-Gog is created, the elements of its _key_ AVPL are copied from the creating Gop.
+Defines the _key_ AVPL for the GOG individually for each GOP type _gopname_.
+All _gopname_ type GOPs whose _key_ AVPL matches the corresponding _key_ AVPL
+of an active GOG are assigned to that GOG; a GOP which contains the AVPs whose
+attribute names are listed in the GOG's corresponding _key_ AVPL, but they do
+not strictly match any active GOG's _key_ AVPL, will create a new GOG. When a
+GOG is created, the elements of its _key_ AVPL are copied from the creating GOP.
 
 Although the _key_ AVPLs are specified separately for each of the Member
-_gopname_ s, in most cases they are identical, as the very purpose of a Gog is
-to group together Gops made of Pdus of different types.
+_gopname_++s++, in most cases they are identical, as the very purpose of a GOG is
+to group together GOPs made of PDUs of different types.
 
-====== Extra clause
+===== Extra clause
 
-If given, tells MATE which AVPs from any of the Gop's AVPL are to be copied
-into the Gog's AVPL in addition to the Gog's key.
+If given, tells MATE which AVPs from any of the GOP's AVPL are to be copied
+into the GOG's AVPL in addition to the GOG's key.
 
-====== Expiration clause
+===== Expiration clause
 
-A (floating) number of seconds after all the Gops assigned to a Gog have been
-released during which new Gops matching any of the session keys should still be
-assigned to the existing Gog instead of creating a new one. Its value can range
+A (floating) number of seconds after all the GOPs assigned to a GOG have been
+released during which new GOPs matching any of the session keys should still be
+assigned to the existing GOG instead of creating a new one. Its value can range
 from 0.0 to infinite. Defaults to 2.0 seconds.
 
-====== Transform clause
+===== Transform clause
 
-The _Transform_ clause specifies a list of previously declared _Transform_ s to
-be performed on the Gog's AVPL after the AVPs from each new Gop, specified by
+The _Transform_ clause specifies a list of previously declared _Transform_++s++ to
+be performed on the GOG's AVPL after the AVPs from each new GOP, specified by
 the _key_ AVPL and the _Extra_ clause's match_avpl, have been merged into it.
 The list is always executed completely, left to right. On the contrary, the list
 of _Match_ clauses inside each individual _Transform_ is executed only until
 the first match succeeds.
 
-====== TreeMode clause
+===== TreeMode clause
 
-Controls the display of Gops subtree of the Gog:
+Controls the display of GOPs subtree of the GOG:
 
 * _NoTree_: completely suppresses showing the tree
 * _BasicTree_: needs investigation
 * _FullTree_: needs investigation
 
-====== ShowTimes clause
+===== ShowTimes clause
 
-Whether or not to show the times subtree of the Gog. If _TRUE_, the default,
-the subtree with the timers is added to the Gog's tree. If _FALSE_, the subtree
+Whether or not to show the times subtree of the GOG. If _TRUE_, the default,
+the subtree with the timers is added to the GOG's tree. If _FALSE_, the subtree
 is suppressed.
 
-===== Settings Config AVPL
+[#Transform]
+==== Transform declaration block
+
+A Transform is a sequence of Match rules optionally followed by an instruction
+how to modify the match result using an additional AVPL. Such modification may
+be an Insert (merge) or a Replace. The syntax is as follows:
+
+----
+Transform name {
+    Match [Strict|Every|Loose] match_avpl [[Insert|Replace] modify_avpl] ; // may occur multiple times, at least once
+};
+----
+
+For examples of Transforms, check the <<ChMateManual,Manual>> page.
+
+TODO: migrate the examples here?
+
+The list of Match rules inside a Transform is processed top to bottom;
+the processing ends as soon as either a Match rule succeeds or all have been
+tried in vain.
+
+Transforms can be used as helpers to manipulate an item's AVPL before the item
+is processed further. An item declaration may contain a Transform clause
+indicating a list of previously declared Transforms. Regardless whether the
+individual transforms succeed or fail, the list is always executed completely
+and in the order given, i.e., left to right.
+
+In MATE configuration file, a Transform must be declared before declaring any
+item which uses it.
+
+==== Settings configuration AVPL
+
+[NOTE]
+====
+The *Settings* parameters have been moved to other configuration parameters
+or deprecated. Leave for now until rest of document is updated for current syntax.
+====
 
 The *Settings* config element is used to pass to MATE various operational
 parameters. the possible parameters are
 
-====== GogExpiration
+===== GogExpiration
 
-How long in seconds after all the gops assigned to a gog have been released new
-gops matching any of the session keys should create a new gog instead of being
+How long in seconds after all the GOPs assigned to a GOG have been released new
+GOPs matching any of the session keys should create a new GOG instead of being
 assigned to the previous one. Its value can range from 0.0 to infinite.
 Defaults to 2.0 seconds.
 
-====== DiscardPduData
+===== DiscardPduData
 
-Whether or not the AVPL of every Pdu should be deleted after it was being
+Whether or not the AVPL of every PDU should be deleted after it was being
 processed (saves memory). It can be either _TRUE_ or _FALSE_. Defaults to _TRUE_.
 Setting it to _FALSE_ can save you from a headache if your config does not work.
 
-====== DiscardUnassignedPdu
+===== DiscardUnassignedPdu
 
-Whether Pdus should be deleted if they are not assigned to any Gop. It can be
+Whether PDUs should be deleted if they are not assigned to any GOP. It can be
 either _TRUE_ or _FALSE_. Defaults to _FALSE_. Set it to _TRUE_ to save memory
-if unassigned Pdus are useless.
+if unassigned PDUs are useless.
 
-====== DiscardUnassignedGop
+===== DiscardUnassignedGop
 
-Whether GoPs should be deleted if they are not assigned to any session. It can
+Whether GOPs should be deleted if they are not assigned to any session. It can
 be either _TRUE_ or _FALSE_. Defaults to _FALSE_. Setting it to _TRUE_ saves
 memory.
 
-====== ShowPduTree
+===== ShowPduTree
 
-====== ShowGopTimes
+===== ShowGopTimes
 
-===== Debugging Stuff
+==== Debugging Stuff
 
 The following settings are used to debug MATE and its configuration. All levels
 are integers ranging from 0 (print only errors) to 9 (flood me with junk),
 defaulting to 0.
 
-====== Debug declaration block header
+===== Debug declaration block header
 
 ----
-    Debug {
-      Filename "path/name"; //optional, no default value
-      Level [0-9]; //optional, generic debug level
-      Pdu Level [0-9]; //optional, specific debug level for Pdu handling
-      Gop Level [0-9]; //optional, specific debug level for Gop handling
-      Gog Level [0-9]; //optional, specific debug level for Gog handling
-    };
+Debug {
+    Filename "path/name"; //optional, no default value
+    Level [0-9]; //optional, generic debug level
+    Pdu Level [0-9]; //optional, specific debug level for Pdu handling
+    Gop Level [0-9]; //optional, specific debug level for Gop handling
+    Gog Level [0-9]; //optional, specific debug level for Gog handling
+};
 ----
 
 ====== Filename clause
@@ -2272,27 +2355,27 @@ ranging from 0 (print only errors) to 9 (flood me with junk).
 
 ====== Pdu Level clause
 
-Sets the level of debugging for messages regarding Pdu creation. It is an
+Sets the level of debugging for messages regarding PDU creation. It is an
 integer ranging from 0 (print only errors) to 9 (flood me with junk).
 
 ====== Gop Level clause
 
-Sets the level of debugging for messages regarding Pdu analysis (that is how do
-they fit into ?GoPs). It is an integer ranging from 0 (print only errors) to 9
+Sets the level of debugging for messages regarding PDU analysis (that is how do
+they fit into ?GOPs). It is an integer ranging from 0 (print only errors) to 9
 (flood me with junk).
 
 ====== Gog Level clause
 
-Sets the level of debugging for messages regarding GoP analysis (that is how do
-they fit into ?GoGs). It is an integer ranging from 0 (print only errors) to 9
+Sets the level of debugging for messages regarding GOP analysis (that is how do
+they fit into ?GOGs). It is an integer ranging from 0 (print only errors) to 9
 (flood me with junk).
 
-====== Settings Example
+===== Settings Example
 ----
 Action=Settings; SessionExpiration=3.5; DiscardPduData=FALSE;
 ----
 
-===== Action=Include
+==== Action=Include
 
 Will include a file to the configuration.
 
@@ -2300,17 +2383,17 @@ Will include a file to the configuration.
 Action=Include; {Filename=filename;|Lib=libname;}
 ----
 
-====== Filename
+===== Filename
 
 The filename of the file to include. If it does not begin with '/' it will look
 for the file in the current path.
 
-====== Lib
+===== Lib
 
 The name of the lib config to include. will look for libname.mate in
 wiresharks_dir/matelib.
 
-====== Include Example
+===== Include Example
 ----
 Action=Include; Filename=rtsp.mate;
 ----
diff --git a/docbook/wsug_src/wsug_messages.adoc b/doc/wsug_src/wsug_messages.adoc
index bd3291ed..bd3291ed 100644
--- a/docbook/wsug_src/wsug_messages.adoc
+++ b/doc/wsug_src/wsug_messages.adoc
diff --git a/docbook/wsug_src/wsug_preface.adoc b/doc/wsug_src/wsug_preface.adoc
index c343a805..c343a805 100644
--- a/docbook/wsug_src/wsug_preface.adoc
+++ b/doc/wsug_src/wsug_preface.adoc
diff --git a/docbook/wsug_src/wsug_protocols.adoc b/doc/wsug_src/wsug_protocols.adoc
index 8f2b8b92..8f2b8b92 100644
--- a/docbook/wsug_src/wsug_protocols.adoc
+++ b/doc/wsug_src/wsug_protocols.adoc
diff --git a/docbook/wsug_src/wsug_statistics.adoc b/doc/wsug_src/wsug_statistics.adoc
index 93d4f179..66e014b2 100644
--- a/docbook/wsug_src/wsug_statistics.adoc
+++ b/doc/wsug_src/wsug_statistics.adoc
@@ -188,8 +188,10 @@ In the screenshot there are many more TLS and Git PDUs than there are packets.
 
 A network conversation is the traffic between two specific endpoints. For
 example, an IP conversation is all the traffic between two IP addresses. The
-description of the known endpoint types can be found in
-<<ChStatEndpoints>>.
+description of the known endpoint types can be found in <<ChStatEndpoints>>.
+
+The conversations are influenced by the _Deinterlacing conversations key_
+preference.
 
 [#ChStatConversationsWindow]
 
@@ -444,7 +446,9 @@ The sum of the values of the field specified in “Y Field” per interval.
 
 COUNT FRAMES(Y Field):::
 The number of frames that contain the field specified in “Y Field” per interval.
-Unlike the plain “Packets” graph, this always displays <<ChStatIOGraphsMissingValues, zero values>>.
+// Unlike the plain “Packets” graph, this always displays <<ChStatIOGraphsMissingValues, zero values>>.
+// Above is no longer true. COUNT FRAMES is now exactly the same as Packets, except that the Y Field
+// is used instead of just the filter. Everything you can graph with one you can graph with the other.
 
 COUNT FIELDS(Y Field):::
 The number of instances of the field specified in “Y Field” per interval.
@@ -454,19 +458,24 @@ MAX(Y Field), MIN(Y Field), AVG(Y Field):::
 The maximum, minimum, and arithmetic mean values of the specified “Y Field” per interval.
 For MAX and MIN values, hovering and clicking the graph will show and take you to the packet with the MAX or MIN value in the interval instead of the most recent packet.
 
-// io_graph_item.c says:
-// "LOAD graphs plot the QUEUE-depth of the connection over time"
-// (for response time fields such as smb.time, rpc.time, etc.)
-// This interval is expressed in milliseconds.
 LOAD(Y Field):::
-If the “Y Field” is a relative time value, this is the sum of the “Y Field” values divided by the interval time.
-This can be useful for tracking response times.
+The queue depth, i.e., number of concurrent requests or calls, in each interval expressed in Erlangs.
+Requires “Y Field” be a relative time value, and treats it as the duration of an event which
+ended in the containing packet. Useful for response time fields like `smb.time`.
+
+THROUGHPUT(Y Field):::
+If the “Y Field” is a payload counted in Bytes (as frame.len, ip.len, ipv6.plen..), this is the throughput expressed in bits per second.
 
 Y Field::
 The display filter field from which to extract values for the Y axis calculations listed above.
 
 SMA Period::
-Show an average of values over a specified period of intervals.
+Show a simple moving average of values over a specified period of intervals.
+
+Y Axis Factor::
+Scale the Y axis for this graph by multiplying by a constant factor, e.g. to
+graph bits if the “Y Field” contains bytes, or to present multiple graphs at
+a similar scale.
 
 The chart as a whole can be configured using the controls under the graph list:
 
@@ -474,10 +483,14 @@ btn:[{plus}]::
 Add a new graph.
 
 btn:[-]::
-Add a new graph.
+Remove the selected graph(s).
 
 btn:[Copy]::
-Copy the selected graph.
+Copy the selected graph(s).
+
+btn:[⌃]:: Move the selected graph(s) up in the list.
+
+btn:[⌄]:: Move the selected graph(s) down in the list.
 
 btn:[Clear]::
 Remove all graphs.
@@ -498,16 +511,18 @@ Automatic updates::
 Redraw each graph automatically.
 
 Enable legend::
-Show a legend for graphs with more than one type of Y axis.
+Show a graph legend.
 
 The main dialog buttons along the bottom let you do the following:
 
-The btn:[Help] button will take you to this section of the User’s Guide.
+btn:[Help] will take you to this section of the User’s Guide.
 
-The btn:[Copy] button will copy values from selected graphs to the clipboard in CSV
+btn:[Reset] will autoscale the axes to full display all graphs.
+
+btn:[Copy] will copy values from selected graphs to the clipboard in CSV
 (Comma Separated Values) format.
 
-btn:[Copy from] will let you copy graphs from another profile.
+btn:[Copy from] will let you copy graphs from another profile to the current dialog.
 
 btn:[Close] will close this dialog.
 
@@ -523,17 +538,20 @@ You can see a list of useful keyboard shortcuts by right-clicking on the graph.
 [discrete]
 ==== Missing Values Are Zero
 
-Wireshark's I/O Graph window doesn’t distinguish between missing and zero values.
-For scatter plots it is assumed that zero values indicate missing data, and those values are omitted.
-Zero values are shown in line graphs, and bar charts.
-
-// No longer true as of eb4e2cca69.
-// For _plain_ (Packets, Bytes, and Bits) scatter plots, it is assumed that zero values indicate missing data, and those values are omitted.
-// Zero values are shown in line graphs, bar charts, and _calculated_ scatter plots.
-// Scatter plots are considered calculated if they have a calculated Y axis field or if a moving average is set.
+Wireshark's I/O Graph window counts or calculates summary statistics over intervals.
+If a packet or field does not occur in a given interval, the calculation might yield zero.
+This is particularly likely for very small intervals. For "counting" graphs
+(Packets, Bytes, Bits, COUNT FRAMES, COUNT FIELDS) zero values are omitted from scatter
+plots, but shown in line graphs and bar charts. For the summary statistics SUM, MAX, and AVG,
+values are always omitted if the Y field was not present in the interval.
+For LOAD graphs, values are omitted if no field's time indicated that an event was
+was present in the interval.
+(Note for LOAD graphs that a response time can contribute to earlier intervals than
+the one containing the packet if the duration is longer than the interval.)
 
 // If you need to display zero values in a scatter plot, you can do so by making the Y Axis a calculated field.
 // For example, the calculated equivalent of “Packets” is a “COUNT FRAMES” Y Axis with a Y Field set to “frame”.
+// XXX - No longer true as of eb4e2cca69.
 
 [#ChStatSRT]
 
@@ -548,12 +566,14 @@ This information is available for many protocols, including the following:
 * Diameter
 * Fibre Channel
 * GTP
+* GTPv2
 * H.225 RAS
 * LDAP
 * MEGACO
 * MGCP
 * NCP
 * ONC-RPC
+* PFCP
 * RADIUS
 * SCSI
 * SMB
@@ -806,7 +826,7 @@ Illustrated” series of books.
 
 Time Sequence (tcptrace):: Shows TCP metrics similar to the
 http://www.tcptrace.org/[tcptrace] utility, including forward segments,
-acknowledgments, selective acknowledgments, reverse window sizes, and
+acknowledgements, selective acknowledgements, reverse window sizes, and
 zero windows.
 
 Throughput:: Average throughput and goodput.
diff --git a/docbook/wsug_src/wsug_telephony.adoc b/doc/wsug_src/wsug_telephony.adoc
index 4f856f0c..33a60575 100644
--- a/docbook/wsug_src/wsug_telephony.adoc
+++ b/doc/wsug_src/wsug_telephony.adoc
@@ -33,7 +33,7 @@ RTP Player is able to play any codec supported by an installed plugin. The codec
 
 * Open menu:Help[About Wireshark] window
 * Select the menu:Plugins[] tab
-* In the menu:Filter by type[] menu on the top-right, select codec 
+* In the menu:Filter by type[] menu on the top-right, select codec
 
 .List of supported codecs
 image::images/ws-about-codecs.png[{screenshot-attrs}]
@@ -154,7 +154,7 @@ traffic. It finds calls by their signaling and shows related RTP streams. The cu
 * SKINNY
 * UNISTIM
 
-See https://gitlab.com/wireshark/wireshark/-/wikis/VOIPProtocolFamily[VOIPProtocolFamily] for an overview of the used VoIP protocols.
+See {wireshark-wiki-url}VOIPProtocolFamily[VOIPProtocolFamily] for an overview of the used VoIP protocols.
 
 VoIP Calls window can be opened as window showing all protocol types (menu:Telephony[VoIP Calls] window) or limited to SIP messages only (menu:Telephony[SIP Flows] window).
 
@@ -193,7 +193,7 @@ The A-Interface Base Station Management Application Part (BSMAP) Statistics wind
 
 ==== A-I/F DTAP Statistics Window
 
-The A-Interface Direct Transfer Application Part (DTAP) Statistics widow shows the messages list and the number of the captured messages. There is a possibility to filter the messages, copy or save the date into a file. 
+The A-Interface Direct Transfer Application Part (DTAP) Statistics widow shows the messages list and the number of the captured messages. There is a possibility to filter the messages, copy or save the date into a file.
 
 [#ChTelGSM]
 
@@ -244,7 +244,7 @@ NOTE: That graph shows data of a single bearer and direction. The user can also
 .The RLC Graph window
 image::images/ws-rlc-graph.png[{screenshot-attrs}]
 
-[.small]#_The image of the RLC Graph is borrowed from link:https://gitlab.com/wireshark/wireshark/-/wikis/RLC-LTE[Wireshark wiki]._#
+[.small]#_The image of the RLC Graph is borrowed from link:{wireshark-wiki-url}RLC-LTE[the Wireshark wiki]._#
 
 [#ChTelLTERLCTraffic]
 
@@ -608,7 +608,7 @@ Window has same features as <<ChTelVoipCalls,VoIP Calls>> window.
 
 === SIP Statistics Window
 
-SIP Statistics window shows captured SIP transactions. It is divided into SIP Responses and SIP Requests. In this window the user can filter, copy or save the statistics into a file.  
+SIP Statistics window shows captured SIP transactions. It is divided into SIP Responses and SIP Requests. In this window the user can filter, copy or save the statistics into a file.
 
 [#ChTelWAPWSPPacketCounter]
 
diff --git a/docbook/wsug_src/wsug_tools.adoc b/doc/wsug_src/wsug_tools.adoc
index 3a83d05f..3a83d05f 100644
--- a/docbook/wsug_src/wsug_tools.adoc
+++ b/doc/wsug_src/wsug_tools.adoc
diff --git a/docbook/wsug_src/wsug_troubleshoot.adoc b/doc/wsug_src/wsug_troubleshoot.adoc
index ededd77b..ededd77b 100644
--- a/docbook/wsug_src/wsug_troubleshoot.adoc
+++ b/doc/wsug_src/wsug_troubleshoot.adoc
diff --git a/docbook/wsug_src/wsug_use.adoc b/doc/wsug_src/wsug_use.adoc
index 7861a7da..c2511ba4 100644
--- a/docbook/wsug_src/wsug_use.adoc
+++ b/doc/wsug_src/wsug_use.adoc
@@ -272,8 +272,8 @@ bytes pane to a text file in a number of formats including plain, CSV,
 and XML. It is discussed further in <<ChIOExportSelectedDialog>>.
 
 |menu:Export Objects[]           ||
-These menu items allow you to export captured DICOM, HTTP, IMF, SMB, or
-TFTP objects into local files. It pops up a corresponding object list
+These menu items allow you to export captured DICOM, FTP-DATA, HTTP, IMF, SMB,
+or TFTP objects into local files. It pops up a corresponding object list
 (which is discussed further in <<ChIOExportObjectsDialog>>)
 
 |menu:Print...[]                      |kbd:[Ctrl+P]|
@@ -320,7 +320,7 @@ Packet...”.
 This menu item tries to find the previous packet matching the settings from
 “Find Packet...”.
 
-|menu:Mark/Unmark Packet[]                    |kbd:[Ctrl+M]      |
+|menu:Mark/Unmark Selected[]                  |kbd:[Ctrl+M]      |
 This menu item marks the currently selected packet. See
 <<ChWorkMarkPacketSection>> for details.
 
@@ -336,7 +336,7 @@ Find the next marked packet.
 |menu:Previous Mark[]                         |kbd:[Ctrl+Shift+B] |
 Find the previous marked packet.
 
-|menu:Ignore/Unignore Packet[]                |kbd:[Ctrl+D]      |
+|menu:Ignore/Unignore Selected[]              |kbd:[Ctrl+D]      |
 This menu item marks the currently selected packet as ignored. See
 <<ChWorkIgnorePacketSection>> for details.
 
@@ -442,35 +442,34 @@ The fields “Automatic”, “Seconds” and “...seconds” are mutually excl
 |menu:Name Resolution[Enable for MAC Layer]||This item allows you to control whether or not Wireshark translates MAC addresses into names, see <<ChAdvNameResolutionSection>>.
 |menu:Name Resolution[Enable for Network Layer]||This item allows you to control whether or not Wireshark translates network addresses into names, see <<ChAdvNameResolutionSection>>.
 |menu:Name Resolution[Enable for Transport Layer]||This item allows you to control whether or not Wireshark translates transport addresses into names, see <<ChAdvNameResolutionSection>>.
-|menu:Colorize Packet List[]||This item allows you to control whether or not Wireshark should colorize the packet list.
-
-Enabling colorization will slow down the display of new packets while
-capturing or loading capture files.
-
-|menu:Auto Scroll in Live Capture[] |                   |This item allows you to specify that Wireshark should scroll the packet list pane as new packets come in, so you are always looking at the last packet.  If you do not specify this, Wireshark simply adds new packets onto the end of the list, but does not scroll the packet list pane.
 |menu:Zoom In[]                     |kbd:[Ctrl+&#43;]   | Zoom into the packet data (increase the font size).
 |menu:Zoom Out[]                    |kbd:[Ctrl+-]       | Zoom out of the packet data (decrease the font size).
 |menu:Normal Size[]                 |kbd:[Ctrl+=]       | Set zoom level back to 100% (set font size back to normal).
-|menu:Resize All Columns[]          |kbd:[Shift+Ctrl+R] | Resize all column widths so the content will fit into it.
-
-Resizing may take a significant amount of time, especially if a large capture file is loaded.
-
-|menu:Displayed Columns[]                           |                   |This menu items folds out with a list of all configured columns. These columns can now be shown or hidden in the packet list.
 |menu:Expand Subtrees[]                             |kbd:[Shift+→]|This menu item expands the currently selected subtree in the packet details tree.
 |menu:Collapse Subtrees[]                           |kbd:[Shift+←]|This menu item collapses the currently selected subtree in the packet details tree.
 |menu:Expand All[]                                  |kbd:[Ctrl+→] |Wireshark keeps a list of all the protocol subtrees that are expanded, and uses it to ensure that the correct subtrees are expanded when you display a packet. This menu item expands all subtrees in all packets in the capture.
 |menu:Collapse All[]                                |kbd:[Ctrl+←] |This menu item collapses the tree view of all packets in the capture list.
+|menu:Colorize Packet List[]||This item allows you to control whether or not Wireshark should colorize the packet list.
+
+Enabling colorization will slow down the display of new packets while
+capturing or loading capture files.
+
 |menu:Colorize Conversation[]                       |                   |This menu item brings up a submenu that allows you to color packets in the packet list pane based on the addresses of the currently selected packet. This makes it easy to distinguish packets belonging to different conversations. <<ChCustColorizationSection>>.
 |menu:Colorize Conversation[Color 1-10]             |                   |These menu items enable one of the ten temporary color filters based on the currently selected conversation.
 |menu:Colorize Conversation[Reset coloring]         |                   |This menu item clears all temporary coloring rules.
 |menu:Colorize Conversation[New Coloring Rule...]   |                   |This menu item opens a dialog window in which a new permanent coloring rule can be created based on the currently selected conversation.
 |menu:Coloring Rules...[]                           |                   |This menu item brings up a dialog box that allows you to color packets in the packet list pane according to filter expressions you choose. It can be very useful for spotting certain types of packets, see <<ChCustColorizationSection>>.
+|menu:Resize All Columns[]          |kbd:[Shift+Ctrl+R] | Resize all column widths so the content will fit into it.
+
+Resizing may take a significant amount of time, especially if a large capture file is loaded.
+
 |menu:Internals[]                                   |                   |Information about various internal data structures. See <<ChUseInternals>> below for more information.
 
 |menu:Show Packet in New Window[] ||
 Shows the selected packet in a separate window. The separate window
-shows only the packet details and bytes. See <<ChWorkPacketSepView>> for
-details.
+shows only the packet details and bytes of that packet, and will
+continue to do so even if another packet is selected in the main window.
+See <<ChWorkPacketSepView>> for details.
 
 |menu:Reload[]                                      |kbd:[Ctrl+R]       |This menu item allows you to reload the current capture file.
 |===
@@ -504,13 +503,15 @@ image::images/ws-go-menu.png[{screenshot-attrs}]
 |menu:Back[]                            |kbd:[Alt+←] |Jump to the recently visited packet in the packet history, much like the page history in a web browser.
 |menu:Forward[]                         |kbd:[Alt+→] |Jump to the next visited packet in the packet history, much like the page history in a web browser.
 |menu:Go to Packet...[]                 |kbd:[Ctrl+G]       |Bring up a window frame that allows you to specify a packet number, and then goes to that packet. See <<ChWorkGoToPacketSection>> for details.
-|menu:Go to Corresponding Packet[]      |                   |Go to the corresponding packet of the currently selected protocol field. If the selected field doesn’t correspond to a packet, this item is greyed out.
+|menu:Go to Corresponding Packet[]      |                   |Go to the corresponding packet of the currently selected protocol field (e.g., the reply
+corresponding to a request packet, or vice versa). If the selected field doesn’t correspond to a packet, this item is greyed out.
 |menu:Previous Packet[]                 |kbd:[Ctrl+↑]|Move to the previous packet in the list.  This can be used to move to the previous packet even if the packet list doesn’t have keyboard focus.
 |menu:Next Packet[]                     |kbd:[Ctrl+↓]|Move to the next packet in the list.  This can be used to move to the previous packet even if the packet list doesn’t have keyboard focus.
 |menu:First Packet[]                    |kbd:[Ctrl+Home]    |Jump to the first packet of the capture file.
 |menu:Last Packet[]                     |kbd:[Ctrl+End]     |Jump to the last packet of the capture file.
 |menu:Previous Packet In Conversation[] |kbd:[Ctrl+&#44;]  |Move to the previous packet in the current conversation.  This can be used to move to the previous packet even if the packet list doesn’t have keyboard focus.
 |menu:Next Packet In Conversation[]     |kbd:[Ctrl+.]       |Move to the next packet in the current conversation.  This can be used to move to the previous packet even if the packet list doesn’t have keyboard focus.
+|menu:Auto Scroll in Live Capture[] |                   |This item allows you to specify that Wireshark should scroll the packet list pane as new packets come in, so you are always looking at the last packet.  If you do not specify this, Wireshark simply adds new packets onto the end of the list, but does not scroll the packet list pane.
 |===
 
 [#ChUseCaptureMenuSection]
@@ -581,6 +582,12 @@ macros. You can name filter macros, and you can save them for future
 use.
 See <<ChWorkDefineFilterMacrosSection>>.
 
+|menu:Display Filter Expression...[]    ||
+Shows a dialog box that allows you to build a display filter expression
+to apply. This shows possible fields and their applicable relations and
+values, and allows you to search by name and description.
+See <<ChWorkFilterAddExpressionSection>>.
+
 |menu:Apply as Column[]             |kbd:[Shift+Ctrl+I]|
 Adds the selected protocol item in the packet details pane as a column
 to the packet list.
@@ -621,6 +628,13 @@ on providing TLS keys.
 |menu:Follow[HTTP Stream]           ||
 Same functionality as “Follow TCP Stream” but for HTTP streams.
 
+|menu:Show Packet Bytes[]           ||
+Open a window allowing for decoding and reformatting packet bytes.
+You can do actions like Base64 decode, decompress, interpret as
+a different character encoding, interpret bytes as an image format,
+and save, print, or copy to the clipboard the results.
+See <<ChAdvShowPacketBytes>> for more information.
+
 |menu:Expert Info[]                 ||
 Open a window showing expert information found in the capture.
 Some protocol dissectors add packet detail items for notable or unusual
@@ -785,7 +799,7 @@ image::images/ws-help-menu.png[{screenshot-attrs}]
 [options="header",cols="3,2,5"]
 |===
 |Menu Item|Accelerator|Description
-|menu:Contents[]|F1| This menu item brings up a basic help system.
+|menu:User's Guide[]|F1| This menu item brings up the Wireshark User's Guide you're reading right now.
 |menu:Manual Pages[...]|| This menu item starts a Web browser showing one of the locally installed html manual pages.
 |menu:Website[]|| This menu item starts a Web browser showing the webpage from: link:{wireshark-main-url}[].
 |menu:FAQs[]|| This menu item starts a Web browser showing various FAQs.
@@ -857,6 +871,7 @@ image::images/ws-main-toolbar.png[{screenshot-attrs}]
 |image:images/toolbar/zoom-out.png[{toolbar-icon-attrs}]         |btn:[Zoom Out]|menu:View[Zoom Out]| Zoom out of the packet data (decrease the font size).
 |image:images/toolbar/zoom-original.png[{toolbar-icon-attrs}]    |btn:[Normal Size]|menu:View[Normal Size]| Set zoom level back to 100%.
 |image:images/toolbar/x-resize-columns.png[{toolbar-icon-attrs}] |btn:[Resize Columns]|menu:View[Resize Columns]| Resize columns, so the content fits into them.
+|image:images/toolbar/x-reset-layout_2.png[{toolbar-icon-attrs}] |btn:[Reset Layout]|menu:View[Reset Layout]| Reset layout to default size.
 // --
 //|image:images/toolbar/stock_colorselector_24.png[{toolbar-icon-attrs}]|btn:[Coloring Rules...]|menu:View[Coloring Rules...]| This item brings up a dialog box that allows you to color packets in the packet list pane according to filter expressions you choose. It can be very useful for spotting certain types of packets. More detail on this subject is provided in <<ChCustColorizationSection>>.
 |===
diff --git a/docbook/wsug_src/wsug_wireless.adoc b/doc/wsug_src/wsug_wireless.adoc
index 2431707e..445d6abb 100644
--- a/docbook/wsug_src/wsug_wireless.adoc
+++ b/doc/wsug_src/wsug_wireless.adoc
@@ -9,6 +9,7 @@
 === Introduction
 
 The Wireless menu provides access to statistics related to wireless traffic.
+For configuring keys to decrypt wireless traffic, see <<Ch80211Keys>>
 
 [#ChWirelessBluetoothATTServerAttributes]
 
diff --git a/docbook/wsug_src/wsug_work.adoc b/doc/wsug_src/wsug_work.adoc
index 7c28ec3a..39499a89 100644
--- a/docbook/wsug_src/wsug_work.adoc
+++ b/doc/wsug_src/wsug_work.adoc
@@ -167,7 +167,7 @@ Same functionality as “Follow TCP Stream” but for DCCP streams.
 
 |menu:Follow[TLS Stream] |menu:Analyze[] |
 Same functionality as “Follow TCP Stream” but for TLS or SSL streams.
-See the wiki page on link:{wireshark-wiki-url}SSL[SSL] for instructions
+See the wiki page on link:{wireshark-wiki-url}TLS[TLS] for instructions
 on providing TLS keys.
 
 |menu:Follow[HTTP Stream] |menu:Analyze[] |
@@ -266,7 +266,7 @@ Same functionality as “Follow TCP Stream” but for UDP “streams”.
 
 |menu:Follow[TLS Stream] |menu:Analyze[] |
 Same functionality as “Follow TCP Stream” but for TLS or SSL streams.
-See the wiki page on link:{wireshark-wiki-url}SSL[SSL] for instructions
+See the wiki page on link:{wireshark-wiki-url}TLS[TLS] for instructions
 on providing TLS keys.
 
 |menu:Follow[HTTP Stream] |menu:Analyze[] |
@@ -918,16 +918,16 @@ You can perform the arithmetic operations on numeric fields shown in <<Arithmeti
 [#ArithmeticOps]
 
 .Display Filter Arithmetic Operations
-[options="header",cols="1,1,4"]
+[options="header",cols="1,1,1,4"]
 |===
-|Name            |Syntax    | Description
-|Unary minus     |-A        | Negation of A
-|Addition        |A + B     | Add B to A
-|Subtraction     |A - B     | Subtract B from A
-|Multiplication  |A * B     | Multiply A times B
-|Division        |A / B     | Divide A by B
-|Modulo          |A % B     | Remainder of A divided by B
-|Bitwise AND     |A & B     | Bitwise AND of A and B
+|Name            |Syntax    | Alternative | Description
+|Unary minus     |-A        |             | Negation of A
+|Addition        |A + B     |             | Add B to A
+|Subtraction     |A - B     |             | Subtract B from A
+|Multiplication  |A * B     |             | Multiply A times B
+|Division        |A / B     |             | Divide A by B
+|Modulo          |A % B     |             | Remainder of A divided by B
+|Bitwise AND     |A & B     | A bitand B  | Bitwise AND of A and B
 |===
 
 An unfortunate quirk in the filter syntax is that the subtraction
@@ -956,6 +956,9 @@ The display filter language has a number of functions to convert fields, see
 |len     |Returns the byte length of a string or bytes field.
 |count   |Returns the number of field occurrences in a frame.
 |string  |Converts a non-string field to a string.
+|vals    |Converts a field value to its value string, if it has one.
+|dec     |Converts an unsigned integer field to a decimal string.
+|hex     |Converts an unsigned integer field to a hexadecimal string.
 |max     |Return the maximum value for the arguments.
 |min     |Return the minimum value for the arguments.
 |abs     |Return the absolute value for the argument.
@@ -987,6 +990,9 @@ To match IP addresses ending in 255 in a block of subnets (172.16 to 172.31):
 string(ip.dst) matches r"^172\.(1[6-9]|2[0-9]|3[0-1])\.[0-9]{1,3}\.255"
 ----
 
+The `vals` function converts an integer or boolean field value to a string
+using the field's associated value string, if it has one.
+
 The functions max() and min() take any number of arguments of the same type
 and returns the largest/smallest respectively of the set.
 
@@ -1012,10 +1018,9 @@ the DNS response in the current frame:
 http && ip.dst eq ${dns.a}
 ----
 
-The notation of field references is similar to that of
-<<ChDisplayFilterMacrosSection,macros>> but they are syntactically
-distinct. Field references, like other complex filters, make excellent
-use cases for <<ChWorkDefineFilterMacrosSection,macros>>,
+The notation of field references is similar to that of macros but they are
+syntactically distinct. Field references, like other complex filters, make
+excellent use cases for <<ChWorkDefineFilterMacrosSection,macros>>,
 <<ChWorkDefineFilterSection,saved filters>>, and
 <<ChCustFilterButtons,filter buttons>>
 
@@ -1187,6 +1192,7 @@ Closes the dialog without saving any changes.
 
 === Defining And Saving Filter Macros
 
+Display Filter Macros are a mechanism to create shortcuts for complex filters.
 You can define a filter macro with Wireshark and label it for later use.
 This can save time in remembering and retyping some of the more complex filters
 you use.
@@ -1202,11 +1208,50 @@ image::images/ws-filter-macros.png[{screenshot-attrs}]
 
 . To add a new filter macro, click the btn:[{plus}] button in the bottom-left corner. A new row will appear in the Display Filter Macros table above.
 
-. Enter the name of your macro in the `Name` column. Enter your filter macro in the `Text` column.
+. Enter the name of your macro in the `Macro Name` column. Enter your filter macro in the `Macro Expression` column.
 
 . To save your modifications, click the btn:[OK] button in the bottom-right corner of the <<FilterMacrosDialog>>.
 
-To learn more about display filter macro syntax, see <<ChDisplayFilterMacrosSection>>.
+==== Display Filter Macros syntax
+
+Display filter macros are invoked with the macro name and a number of
+input arguments. There are several supported syntaxes.
+
+The `Macro Name` must consist of ASCII alphanumerics or the '_' character.
+(Note that the presence of a '.' character would indicate a
+<<_field_references,field reference>>.)
+
+The `Macro Expression` is replacement text for the macro name. It substitutes
+$1, $2, $3, ... with the input arguments.
+
+For example, defining a display filter macro named _$$tcp_conv$$_ whose text is
+
+----
+(ip.src == $1 and ip.dst == $2 and tcp.srcport == $3 and tcp.dstport == $4)
+or (ip.src == $2 and ip.dst == $1 and tcp.srcport == $4 and tcp.dstport == $3)
+----
+
+would allow to use a display filter like
+
+----
+$tcp_conv(10.1.1.2,10.1.1.3,1200,1400)
+----
+
+or alternatively
+
+----
+${tcp_conv:10.1.1.2;10.1.1.3;1200;1400}
+----
+
+or
+
+----
+${tcp_conv;10.1.1.2;10.1.1.3;1200;1400}
+----
+
+instead of typing the whole filter. Both notations are equivalent. Once defined, a macro can
+be used in <<ChWorkDefineFilterSection,saved display (but not
+capture) filters>> and <<ChCustFilterButtons,filter buttons>>.
 
 [#ChWorkFindPacketSection]
 
@@ -1321,7 +1366,7 @@ see <<ChIOPacketRangeSection>>.
 There are several ways to mark and unmark packets. From the menu:Edit[] menu
 you can select from the following:
 
-* menu:Mark/Unmark Packet[] toggles the marked state of a single packet.
+* menu:Mark/Unmark Selected[] toggles the marked state of the current selection.
   This option is also available in the packet list context menu.
 
 * menu:Mark All Displayed[] set the mark state of all displayed packets.
@@ -1346,8 +1391,8 @@ else. It will be lost when the capture file is closed.
 There are several ways to ignore and unignore packets. From the
 menu:Edit[] menu you can select from the following:
 
-* menu:Ignore/Unignore Packet[] toggles the ignored state of a single
-  packet. This option is also available in the packet list context menu.
+* menu:Ignore/Unignore Selected[] toggles the ignored state of the current selection.
+  This option is also available in the packet list context menu.
 
 * menu:Ignore All Displayed[] set the ignored state of all displayed packets.
 
@@ -1416,9 +1461,10 @@ new request. It’s possible to set multiple time references in the capture file
 The time references will not be saved permanently and will be lost when you
 close the capture file.
 
-Time referencing will only be useful if the time display format is set to
-“Seconds Since First Captured Packet”. If one of the other time display formats
-are used, time referencing will have no effect (and will make no sense either).
+Time referencing supercedes the value for the time relative to first
+capture packet. It affects the default Time column if the time display
+format is set to “Seconds Since First Captured Packet”, or a “Relative Time”
+column if one has been added. It also affects the `frame.time_relative` field.
 
 To work with time references, choose one of the menu:Time Reference[] items in
 the menu:[Edit] menu or from the pop-up menu of the “Packet List” pane. See
@@ -1439,7 +1485,12 @@ image::images/ws-time-reference.png[{screenshot-attrs}]
 
 A time referenced packet will be marked with the string $$*REF*$$ in the Time
 column (see packet number 10). All subsequent packets will show the time since
-the last time reference.
+the last time reference. If there is a column displayed for “Cumulative Bytes”
+its counter will also reset at every time reference packet.
+# Somewhat odd that cumulative bytes also resets.
+
+Time referenced packets will always be displayed in the packet list pane.
+Display filters will not affect or hide these packets.
 
 [#ChWorkShiftTimePacketSection]
 
diff --git a/docbook/CMakeLists.txt b/docbook/CMakeLists.txt
deleted file mode 100644
index 29cc73f7..00000000
--- a/docbook/CMakeLists.txt
+++ /dev/null
@@ -1,490 +0,0 @@
-# CMakeLists.txt
-#
-# Wireshark - Network traffic analyzer
-# By Gerald Combs <gerald@wireshark.org>
-# Copyright 1998 Gerald Combs
-#
-# SPDX-License-Identifier: GPL-2.0-or-later
-#
-
-# To do:
-# - Make the build targets top-level on Windows, similar to the NSIS,
-#   WiX, and PortableApps targets?
-
-function(set_docbook_target_properties _target)
-	set_target_properties(${_target} PROPERTIES
-		FOLDER "Documentation"
-		EXCLUDE_FROM_DEFAULT_BUILD True
-		)
-endfunction(set_docbook_target_properties)
-
-set(COMMON_FILES
-	common_src/gpl_appendix.adoc
-	common_src/typographic_conventions.adoc
-)
-
-set(WSUG_TITLE "Wireshark User's Guide")
-
-set(WSUG_FILES
-	wsug_src/wsug_advanced.adoc
-	wsug_src/wsug_build_install.adoc
-	wsug_src/wsug_capture.adoc
-	wsug_src/wsug_customize.adoc
-	wsug_src/wsug_files.adoc
-	wsug_src/wsug_howitworks.adoc
-	wsug_src/wsug_introduction.adoc
-	wsug_src/wsug_io.adoc
-	wsug_src/wsug_mate.adoc
-	wsug_src/wsug_messages.adoc
-	wsug_src/wsug_preface.adoc
-	wsug_src/wsug_protocols.adoc
-	wsug_src/wsug_statistics.adoc
-	wsug_src/wsug_telephony.adoc
-	wsug_src/wsug_tools.adoc
-	wsug_src/wsug_troubleshoot.adoc
-	wsug_src/wsug_use.adoc
-	wsug_src/wsug_work.adoc
-	wsug_src/capinfos-h.txt
-	wsug_src/dumpcap-h.txt
-	wsug_src/editcap-F.txt
-	wsug_src/editcap-T.txt
-	wsug_src/editcap-h.txt
-	wsug_src/mergecap-h.txt
-	wsug_src/rawshark-h.txt
-	wsug_src/reordercap-h.txt
-	wsug_src/text2pcap-h.txt
-	wsug_src/tshark-h.txt
-	wsug_src/wireshark-h.txt
-	${COMMON_FILES}
-)
-
-# Note: Images should be minimized using tools/compress-pngs.py.
-set(WSUG_GRAPHICS
-	wsug_src/images/caution.svg
-	wsug_src/images/important.svg
-	wsug_src/images/note.svg
-	wsug_src/images/related-ack.png
-	wsug_src/images/related-current.png
-	wsug_src/images/related-dup-ack.png
-	wsug_src/images/related-first.png
-	wsug_src/images/related-last.png
-	wsug_src/images/related-other.png
-	wsug_src/images/related-request.png
-	wsug_src/images/related-response.png
-	wsug_src/images/related-segment.png
-	wsug_src/images/tip.svg
-	wsug_src/images/toolbar/document-open.png
-	wsug_src/images/toolbar/edit-find.png
-	wsug_src/images/toolbar/filter-toolbar-add.png
-	wsug_src/images/toolbar/filter-toolbar-apply.png
-	wsug_src/images/toolbar/filter-toolbar-bookmark.png
-	wsug_src/images/toolbar/filter-toolbar-clear.png
-	wsug_src/images/toolbar/filter-toolbar-input.png
-	wsug_src/images/toolbar/filter-toolbar-recent.png
-	wsug_src/images/toolbar/go-first.png
-	wsug_src/images/toolbar/go-jump.png
-	wsug_src/images/toolbar/go-last.png
-	wsug_src/images/toolbar/go-next.png
-	wsug_src/images/toolbar/go-previous.png
-	wsug_src/images/toolbar/x-capture-file-close.png
-	wsug_src/images/toolbar/x-capture-file-reload.png
-	wsug_src/images/toolbar/x-capture-file-save.png
-	wsug_src/images/toolbar/x-capture-options.png
-	wsug_src/images/toolbar/x-capture-restart.png
-	wsug_src/images/toolbar/x-capture-start.png
-	wsug_src/images/toolbar/x-capture-stop.png
-	wsug_src/images/toolbar/x-colorize-packets.png
-	wsug_src/images/toolbar/x-resize-columns.png
-	wsug_src/images/toolbar/x-stay-last.png
-	wsug_src/images/toolbar/zoom-in.png
-	wsug_src/images/toolbar/zoom-original.png
-	wsug_src/images/toolbar/zoom-out.png
-	wsug_src/images/warning.svg
-	wsug_src/images/ws-about-codecs.png
-	wsug_src/images/ws-analyze-menu.png
-	wsug_src/images/ws-bytes-pane-popup-menu.png
-	wsug_src/images/ws-bytes-pane-tabs.png
-	wsug_src/images/ws-bytes-pane.png
-	wsug_src/images/ws-capture-file-properties.png
-	wsug_src/images/ws-capture-info.png
-	wsug_src/images/ws-capture-interfaces-main-macos.png
-	wsug_src/images/ws-capture-interfaces-main-win32.png
-	wsug_src/images/ws-capture-menu.png
-	wsug_src/images/ws-capture-options-compile-selected-bpfs.png
-	wsug_src/images/ws-capture-options-options.png
-	wsug_src/images/ws-capture-options-output.png
-	wsug_src/images/ws-capture-options-output.png
-	wsug_src/images/ws-capture-options.png
-	wsug_src/images/ws-choose-color-rule.png
-	wsug_src/images/ws-coloring-fields.png
-	wsug_src/images/ws-coloring-rules-dialog.png
-	wsug_src/images/ws-column-header-popup-menu.png
-	wsug_src/images/ws-decode-as.png
-	wsug_src/images/ws-details-pane-popup-menu.png
-	wsug_src/images/ws-details-pane.png
-	wsug_src/images/ws-diagram-pane-popup-menu.png
-	wsug_src/images/ws-diagram-pane.png
-	wsug_src/images/ws-display-filter-tcp.png # GTK+
-	wsug_src/images/ws-edit-menu.png
-	wsug_src/images/ws-enabled-protocols.png
-	wsug_src/images/ws-expert-colored-tree.png
-	wsug_src/images/ws-expert-column.png
-	wsug_src/images/ws-expert-information.png
-	wsug_src/images/ws-export-objects.png
-	wsug_src/images/ws-export-packet-dissections.png
-	wsug_src/images/ws-export-selected.png
-	wsug_src/images/ws-export-specified-packets.png
-	wsug_src/images/ws-file-import.png
-	wsug_src/images/ws-file-menu.png
-	wsug_src/images/ws-file-set-dialog.png # GTK+
-	wsug_src/images/ws-filter-add-expression.png # GTK+
-	wsug_src/images/ws-filter-toolbar.png
-	wsug_src/images/ws-filters.png # GTK+
-	wsug_src/images/ws-find-packet.png
-	wsug_src/images/ws-follow-http2-stream.png
-	wsug_src/images/ws-follow-sip-stream.png
-	wsug_src/images/ws-follow-stream.png
-	wsug_src/images/ws-go-menu.png
-	wsug_src/images/ws-goto-packet.png
-	wsug_src/images/ws-help-menu.png
-	wsug_src/images/ws-list-pane.png # Outdated
-	wsug_src/images/ws-main-toolbar.png
-	wsug_src/images/ws-main.png
-	wsug_src/images/ws-manage-interfaces.png
-	wsug_src/images/ws-mate-analysis.png
-	wsug_src/images/ws-mate-dns_pane.png
-	wsug_src/images/ws-mate-dns_pdu.png
-	wsug_src/images/ws-mate-ftp_over_gre.png
-	wsug_src/images/ws-mate-gop_analysis.png
-	wsug_src/images/ws-mate-isup_over_mtp3_over_ip.png
-	wsug_src/images/ws-mate-mmse_over_http.png
-	wsug_src/images/ws-mate-pdu_analysis.png
-	wsug_src/images/ws-mate-tcp-output.png
-	wsug_src/images/ws-mate-transform.png
-	wsug_src/images/ws-menu.png
-	wsug_src/images/ws-merge-qt5.png
-	wsug_src/images/ws-merge-win32.png
-	wsug_src/images/ws-open-qt5.png
-	wsug_src/images/ws-open-win32.png
-	wsug_src/images/ws-packet-format.png
-	wsug_src/images/ws-packet-pane-popup-menu.png
-	wsug_src/images/ws-packet-range.png
-	wsug_src/images/ws-packet-selected.png
-	wsug_src/images/ws-packet-sep-win.png
-	wsug_src/images/ws-pref-advanced.png
-	wsug_src/images/ws-pref-appearance-columns.png
-	wsug_src/images/ws-pref-appearance-fonts-and-colors.png
-	wsug_src/images/ws-pref-appearance-layout.png
-	wsug_src/images/ws-pref-appearance.png
-	wsug_src/images/ws-pref-capture.png
-	wsug_src/images/ws-pref-expert.png
-	wsug_src/images/ws-pref-filter-buttons.png
-	wsug_src/images/ws-pref-name-resolution.png
-	wsug_src/images/ws-pref-protocols.png
-	wsug_src/images/ws-pref-rsa-keys.png
-	wsug_src/images/ws-pref-statistics.png
-	wsug_src/images/ws-print.png
-	wsug_src/images/ws-save-as-qt5.png
-	wsug_src/images/ws-save-as-win32.png
-	wsug_src/images/ws-statistics-menu.png
-	wsug_src/images/ws-stats-conversations.png
-	wsug_src/images/ws-stats-endpoints.png
-	wsug_src/images/ws-stats-hierarchy.png
-	wsug_src/images/ws-stats-iographs.png
-	wsug_src/images/ws-stats-lte-mac-traffic.png
-	wsug_src/images/ws-stats-lte-rlc-traffic.png
-	wsug_src/images/ws-stats-packet-lengths.png
-	wsug_src/images/ws-stats-srt-smb2.png
-	wsug_src/images/ws-stats-wlan-traffic.png # GTK+
-	wsug_src/images/ws-statusbar-empty.png
-	wsug_src/images/ws-statusbar-filter.png
-	wsug_src/images/ws-statusbar-loaded.png
-	wsug_src/images/ws-statusbar-profile.png
-	wsug_src/images/ws-statusbar-selected.png
-	wsug_src/images/ws-tcp-analysis.png
-	wsug_src/images/ws-tel-playlist.png
-	wsug_src/images/ws-tel-rtp-player_1.png
-	wsug_src/images/ws-tel-rtp-player_2.png
-	wsug_src/images/ws-tel-rtp-player_3.png
-	wsug_src/images/ws-tel-rtp-player_button.png
-	wsug_src/images/ws-tel-rtp-streams.png
-	wsug_src/images/ws-tel-rtpstream-analysis_1.png
-	wsug_src/images/ws-tel-rtpstream-analysis_2.png
-	wsug_src/images/ws-tel-rtpstream-analysis_3.png
-	wsug_src/images/ws-tel-seq-dialog.png
-	wsug_src/images/ws-tel-voip-calls.png
-	wsug_src/images/ws-telephony-menu.png
-	wsug_src/images/ws-time-reference.png # GTK+
-	wsug_src/images/ws-tools-menu.png
-	wsug_src/images/ws-view-menu.png
-)
-
-set(WSDG_TITLE "Wireshark Developer's Guide")
-
-set(WSDG_FILES
-	wsdg_src/wsdg_asn2wrs.adoc
-	wsdg_src/wsdg_build_intro.adoc
-	wsdg_src/wsdg_capture.adoc
-	wsdg_src/wsdg_dissection.adoc
-	wsdg_src/wsdg_env_intro.adoc
-	wsdg_src/wsdg_libraries.adoc
-	wsdg_src/wsdg_lua_support.adoc
-	wsdg_src/wsdg_preface.adoc
-	wsdg_src/wsdg_quick_setup.adoc
-	wsdg_src/wsdg_sources.adoc
-	wsdg_src/wsdg_tests.adoc
-	wsdg_src/wsdg_tools.adoc
-	wsdg_src/wsdg_userinterface.adoc
-	wsdg_src/wsdg_works.adoc
-	${COMMON_FILES}
-)
-
-set(WSDG_GRAPHICS
-	wsdg_src/images/caution.svg
-	wsdg_src/images/git-triangular-workflow.gv
-	wsdg_src/images/git-triangular-workflow.svg
-	wsdg_src/images/important.svg
-	wsdg_src/images/note.svg
-	wsdg_src/images/tip.svg
-	wsdg_src/images/warning.svg
-	wsdg_src/images/ws-capture_internals.dia
-	wsdg_src/images/ws-capture_internals.png
-	wsdg_src/images/ws-capture-sync.dia
-	wsdg_src/images/ws-capture-sync.png
-	wsdg_src/images/ws-capture-sync.png
-	wsdg_src/images/ws-function-blocks.dia
-	wsdg_src/images/ws-function-blocks.png
-	wsdg_src/images/ws-logo.png
-)
-
-set(WSUG_SOURCE
-	${WSUG_FILES}
-	${WSUG_GRAPHICS}
-)
-
-# Ensure ws.css is available when the user tries to open generated .html files.
-if(NOT CMAKE_SOURCE_DIR STREQUAL CMAKE_BINARY_DIR)
-	add_custom_command(
-		OUTPUT ws.css
-		COMMAND ${CMAKE_COMMAND} -E copy_if_different
-			${CMAKE_CURRENT_SOURCE_DIR}/ws.css
-			${CMAKE_CURRENT_BINARY_DIR}/ws.css
-		DEPENDS
-			${CMAKE_CURRENT_SOURCE_DIR}/ws.css
-	)
-	add_custom_target(copy_ws.css DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/ws.css)
-else()
-	add_custom_target(copy_ws.css)
-endif()
-
-set( WSUG_BUILT_DEPS copy_ws.css)
-
-set(WSDG_SOURCE
-	${WSDG_FILES}
-	${WSDG_GRAPHICS}
-)
-
-# Note: file order here MATTERS!
-# new WSLUA_MODULE files must come right before any WSLUA_CONTINUE_MODULE
-# files for the same module
-set(WSLUA_MODULES
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_dumper.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_field.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_gui.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_int64.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_listener.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_pinfo.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_address.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_column.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_nstime.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_proto.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_dissector.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_pref.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_proto_expert.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_proto_field.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_tree.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_tvb.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_byte_array.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_file.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_file_handler.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_frame_info.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_capture_info.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_dir.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_wtap.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_utility.c
-	${CMAKE_SOURCE_DIR}/epan/wslua/wslua_struct.c
-)
-
-# Empty file to trigger wsluarm generation.
-ADD_CUSTOM_COMMAND(
-	OUTPUT
-		wsluarm
-	COMMAND ${CMAKE_COMMAND} -E make_directory wsluarm_src
-	COMMAND ${Python3_EXECUTABLE}
-		${CMAKE_CURRENT_SOURCE_DIR}/make-wsluarm.py
-		--output-directory wsluarm_src
-		${WSLUA_MODULES}
-	COMMAND ${CMAKE_COMMAND} -E touch
-		wsluarm
-	DEPENDS
-		${CMAKE_CURRENT_SOURCE_DIR}/make-wsluarm.py
-		${WSLUA_MODULES}
-)
-
-set( WSDG_BUILT_DEPS copy_ws.css wsluarm )
-
-set( ASCIIDOC_CONF_FILES
-	attributes.adoc
-	# XXX Add macros
-)
-
-if(ASCIIDOCTOR_FOUND)
-	# Generate the DocBook sources of user and developer guides
-
-	ASCIIDOCTOR2DOCBOOK(wsug_src/user-guide.adoc ${ASCIIDOC_CONF_FILES} ${WSUG_SOURCE} ${WSUG_BUILT_DEPS})
-	add_custom_target(user_guide_docbook DEPENDS generate_user-guide.xml)
-	set_docbook_target_properties(user_guide_docbook)
-
-	ASCIIDOCTOR2DOCBOOK(wsdg_src/developer-guide.adoc ${ASCIIDOC_CONF_FILES} ${WSDG_SOURCE} ${WSDG_BUILT_DEPS})
-	add_custom_target(developer_guide_docbook DEPENDS generate_developer-guide.xml)
-	set_docbook_target_properties(developer_guide_docbook)
-
-	# Top-level guide targets.
-
-	add_custom_target(user_guides DEPENDS user_guide_docbook)
-	set_docbook_target_properties(user_guides)
-
-	add_custom_target(developer_guides DEPENDS developer_guide_docbook)
-	set_docbook_target_properties(developer_guides)
-
-	add_custom_target(all_guides DEPENDS user_guides developer_guides )
-	set_docbook_target_properties(all_guides)
-endif()
-
-# User's Guide chain.
-if(ASCIIDOCTOR_FOUND AND XSLTPROC_EXECUTABLE)
-	XML2HTML(
-		user_guide
-		wsug
-		single-page
-		user-guide.xml
-		WSUG_GRAPHICS
-	)
-
-	XML2HTML(
-		user_guide
-		wsug
-		chunked
-		user-guide.xml
-		WSUG_GRAPHICS
-	)
-	add_custom_target(
-		user_guide_html
-		DEPENDS
-			wsug_html/index.html
-			wsug_html_chunked/index.html
-	)
-	set_docbook_target_properties(user_guide_html)
-	add_dependencies(user_guides user_guide_html)
-endif()
-
-if(ASCIIDOCTOR_FOUND AND ASCIIDOCTOR_PDF_EXECUTABLE)
-	ASCIIDOCTOR2PDF(${WSUG_TITLE} wsug_src/user-guide.adoc ${WSUG_SOURCE} ${WSUG_BUILT_DEPS})
-
-	add_custom_target(
-		user_guide_pdf
-		DEPENDS
-			"${WSUG_TITLE}.pdf"
-	)
-	set_docbook_target_properties(user_guide_pdf)
-	add_dependencies(user_guides user_guide_pdf)
-endif()
-
-if(ASCIIDOCTOR_FOUND AND ASCIIDOCTOR_EPUB_EXECUTABLE)
-	ASCIIDOCTOR2EPUB(${WSUG_TITLE} wsug_src/user-guide.adoc ${WSUG_SOURCE} ${WSUG_BUILT_DEPS})
-
-	add_custom_target(
-		user_guide_epub
-		DEPENDS
-			"${WSUG_TITLE}.epub"
-	)
-	set_docbook_target_properties(user_guide_epub)
-	add_dependencies(user_guides user_guide_epub)
-endif()
-
-# Developer's Guide chain.
-if(ASCIIDOCTOR_FOUND AND XSLTPROC_EXECUTABLE)
-	XML2HTML(
-		developer_guide
-		wsdg
-		single-page
-		developer-guide.xml
-		WSDG_GRAPHICS
-	)
-
-	XML2HTML(
-		developer_guide
-		wsdg
-		chunked
-		developer-guide.xml
-		WSDG_GRAPHICS
-	)
-	add_custom_target(
-		developer_guide_html
-		DEPENDS
-			wsdg_html/index.html
-			wsdg_html_chunked/index.html
-	)
-	set_docbook_target_properties(developer_guide_html)
-	add_dependencies(developer_guides developer_guide_html)
-endif()
-
-if(ASCIIDOCTOR_FOUND AND ASCIIDOCTOR_PDF_EXECUTABLE)
-	ASCIIDOCTOR2PDF(${WSDG_TITLE} wsdg_src/developer-guide.adoc ${WSDG_SOURCE} ${WSDG_BUILT_DEPS})
-
-	add_custom_target(
-		developer_guide_pdf
-		DEPENDS
-			"${WSDG_TITLE}.pdf"
-	)
-	set_docbook_target_properties(developer_guide_pdf)
-	add_dependencies(developer_guides developer_guide_pdf)
-endif()
-
-if(ASCIIDOCTOR_FOUND AND ASCIIDOCTOR_EPUB_EXECUTABLE)
-	ASCIIDOCTOR2EPUB(${WSDG_TITLE} wsdg_src/developer-guide.adoc ${WSDG_SOURCE} ${WSDG_BUILT_DEPS})
-
-	add_custom_target(
-		developer_guide_epub
-		DEPENDS
-			"${WSDG_TITLE}.epub"
-	)
-	set_docbook_target_properties(developer_guide_epub)
-	add_dependencies(developer_guides developer_guide_epub)
-endif()
-
-# FAQ
-
-add_custom_target( faq_html DEPENDS faq.html )
-set_docbook_target_properties(faq_html)
-
-add_custom_target( faq )
-set_docbook_target_properties(faq)
-add_dependencies ( faq faq_html )
-
-if( ASCIIDOCTOR_FOUND )
-	ASCIIDOCTOR2HTML( faq.adoc )
-endif()
-
-#
-# Editor modelines  -  https://www.wireshark.org/tools/modelines.html
-#
-# Local variables:
-# c-basic-offset: 8
-# tab-width: 8
-# indent-tabs-mode: t
-# End:
-#
-# vi: set shiftwidth=8 tabstop=8 noexpandtab:
-# :indentSize=8:tabSize=8:noTabs=false:
-#
diff --git a/docbook/logray-quick-start.adoc b/docbook/logray-quick-start.adoc
deleted file mode 100644
index 2e053c64..00000000
--- a/docbook/logray-quick-start.adoc
+++ /dev/null
@@ -1,57 +0,0 @@
-= Logray Quick Start
-
-Logray is a sibling application for Wireshark which focuses on log messages.
-It helps people understand, troubleshoot, and secure their systems via log messages similar to the way Wireshark helps people understand, troubleshoot, and secure their networks via packets.
-
-This document provides brief instructions for building Logray until more complete documentation comparable to the Wireshark Developer’s and User’s Guides can be written.
-
-== Building Logray
-
-Logray requires the same build environment as Wireshark.
-See the https://www.wireshark.org/docs/wsdg_html_chunked/[Wireshark Developer’s Guide] for instructions on setting that up.
-
-It additionally requires libsinsp and libscap from https://github.com/falcosecurity/libs/[falcosecurity/libs] and any desired plugins from https://github.com/falcosecurity/plugins/[falcosecurity/plugins].
-
-In order to build Logray, do the following:
-
-1. https://falco.org/docs/getting-started/source/[Build falcosecurity/libs].
-
-2. Build falcosecurity/plugins.
-
-3. Build the Wireshark sources with the following CMake options:
-+
---
-[horizontal]
-BUILD_logray:: Must be enabled, e.g. set to ON
-SINSP_INCLUDEDIR:: The path to your local falcosecurity/libs directory
-SINSP_LIBDIR:: The path to your falcosecurity/libs build directory
---
-
-4. Create a directory named `falco` in your Logray plugins directory, and either copy in or symlink any desired Falco plugins.
-
-.Example 1: Building on macOS using Ninja
-[sh]
-----
-cmake -G Ninja \
-  -DBUILD_logray=ON \
-  -DSINSP_INCLUDEDIR=/path/to/falcosecurity/libs \
-  -DSINSP_LIBDIR=/path/to/falcosecurity/libs/build \
-  ..
-ninja
-mkdir run/Logray.app/Contents/PlugIns/logray/3-7/falco
-(cd run/Logray.app/Contents/PlugIns/logray/3-7/falco ; ln -sn /path/to/falcosecurity-plugins/plugins/cloudtrail/libcloudtrail.so )
-----
-
-.Example 2: Building on Linux using Make
-[sh]
-----
-cmake \
-  -DBUILD_logray=ON \
-  -DSINSP_INCLUDEDIR=/path/to/falcosecurity/libs \
-  -DSINSP_LIBDIR=/path/to/falcosecurity/libs/build \
-  ..
-make -j $(getconf _NPROCESSORS_ONLN)
-mkdir run/plugins/3.7/falco
-(cd run/plugins/3.7/falco ; ln -sn /path/to/falcosecurity-plugins/plugins/cloudtrail/libcloudtrail.so )
-----
-
diff --git a/docbook/wsdg_src/images/ws-function-blocks.dia b/docbook/wsdg_src/images/ws-function-blocks.dia
deleted file mode 100644
index cc857810..00000000
--- a/docbook/wsdg_src/images/ws-function-blocks.dia
+++ /dev/null
diff --git a/docbook/wsdg_src/images/ws-function-blocks.png b/docbook/wsdg_src/images/ws-function-blocks.png
deleted file mode 100644
index 169e19e5..00000000
--- a/docbook/wsdg_src/images/ws-function-blocks.png
+++ /dev/null
diff --git a/docbook/wsug_src/images/ws-filter-macros.png b/docbook/wsug_src/images/ws-filter-macros.png
deleted file mode 100644
index 861f1b5b..00000000
--- a/docbook/wsug_src/images/ws-filter-macros.png
+++ /dev/null
diff --git a/docbook/wsug_src/images/ws-gui-config-profiles.png b/docbook/wsug_src/images/ws-gui-config-profiles.png
deleted file mode 100644
index 38c594dc..00000000
--- a/docbook/wsug_src/images/ws-gui-config-profiles.png
+++ /dev/null
diff --git a/docbook/wsug_src/images/ws-main-toolbar.png b/docbook/wsug_src/images/ws-main-toolbar.png
deleted file mode 100644
index 0de939f6..00000000
--- a/docbook/wsug_src/images/ws-main-toolbar.png
+++ /dev/null
diff --git a/docbook/wsug_src/images/ws-mate-tcp-output.png b/docbook/wsug_src/images/ws-mate-tcp-output.png
deleted file mode 100644
index c547639a..00000000
--- a/docbook/wsug_src/images/ws-mate-tcp-output.png
+++ /dev/null
diff --git a/docbook/wsug_src/images/ws-pref-protocols.png b/docbook/wsug_src/images/ws-pref-protocols.png
deleted file mode 100644
index 821b7cca..00000000
--- a/docbook/wsug_src/images/ws-pref-protocols.png
+++ /dev/null
diff --git a/docbook/make-wsluarm.py b/tools/make-wsluarm.py
index 52330756..52330756 100755
--- a/docbook/make-wsluarm.py
+++ b/tools/make-wsluarm.py