I have a protocol that I am trying to create a dissector for and have run into a small problem. Originally this protocol was intended for serial buses but it seems someone created an IP driver (I do not have source for this). While 99% of the protocol is a simple 1 to 1 on top of TCP there is a small quirk that I cannot determine how to deal with.
If the transmission contains 0x10:0x10 then the underlying protocol just sent 0x10. If it was 0x10:0x10:0x10 then 0x10:0x10 was sent and so on. I have validated this behaviour against the checksum being transmitted but I cannot handle this in wireshark.
I create a new guint8 * array to hold the "corrected" data and I can easily place it in a tvb buffer with tvb_new_real_data but wireshark then looses the link between the decoded fields and the hex data. I also tried creating a child and recalling the dissector but still the link was lost since my array of data has no link to the original hex bytes found in tvb.
So my question is. How can I easily skip over the duplicate 0x10 with my dissector without loosing the link to the hex data (thing at the bottom of wireshark sorry I don't know the proper name)? I could place a check before every tvb_get command in my code but that sounds absolutely horrible and like there should be a better method.
Thanks for the help.
