Question about new buffer detection calling rust code

hello, everyone

I want to add a new app layer iot protocol into suricata code, use the scripts/, with two different buffer added.

After use it, I found these two different detect code get the data by share same rust function ‘rs_new_iot_get_request_buffer’ & ‘rs_new_iot_get_response_buffer’,

My question stands : should I change the default ‘rs_new_iot_get_request_buffer’ function to some ‘rs_new_iot_get_request_buffer1’/‘rs_new_iot_get_request_buffer2’, and retrive the real related iot message part to inspect?

If not, what is the suitable way not to do that?

I check the document of detection(27.4.4. Detection — Suricata 8.0.0-dev documentation) , but find nothing, is there any other guidence?

Thank u !

I write different rust get buffer code, seems it do work

Yes, these are just templates with an idea of how you might write your own. It is intended to replace them. There are lots of examples in the existing parsers. But it looks like you figured it out.