Looking for advice on how to implement subprotocol detection

[0xA50C1A1]

I'm trying to create a dissector of the Schneider Electric's proprietary protocol UMAS, and there's nothing special about it except that it's implemented on top of Modbus. I don't wanna touch the Modbus dissector, so implementing a separate dissector and detecting UMAS as a Modbus subprotocol seems the most logical option for me.

But I've never dealt with subprotocols in nDPI, so I'm not quite sure how to implement it. Maybe there's some dissector that would be a good example?

[IvanNardi]

There aren't explicit rules and we have different patterns throughout the code.
However if:
a) the number of modbus sub-protocols is quite limited, and
b) their detection is trivial (let's say a magic word/number or checking the first few bytes of the first packet)
I think you can add that logic directly into the modbus code/dissector, like we already do in STUN, for example

[0xA50C1A1]

Thanks for the help, it turned out that it was enough to add a Modbus function code check in its dissector.