ipset 5: last new feature addedv5.0-pre3

- the hash types can now store protocol together port, not only port
- lots of fixes everywhere: parser, error reporting, manpage

The last bits on the todo list before announcing ipset 5:

- recheck all the error messages
- add possibly more tests
- polish manpage

6 files changed, 55 insertions, 35 deletions

diff --git a/include/libipset/data.h b/include/libipset/data.h
index 936b807..cb35393 100644
--- a/include/libipset/data.h
+++ b/include/libipset/data.h
@@ -44,6 +44,7 @@ enum ipset_opt {
 	IPSET_OPT_NAMEREF,
 	IPSET_OPT_IP2,
 	IPSET_OPT_CIDR2,
+	IPSET_OPT_PROTO,
 	/* Swap/rename to */
 	IPSET_OPT_SETNAME2,
 	/* Flags */
@@ -93,6 +94,7 @@ enum ipset_opt {
 	| IPSET_FLAG(IPSET_OPT_NAMEREF)	\
 	| IPSET_FLAG(IPSET_OPT_IP2)	\
 	| IPSET_FLAG(IPSET_OPT_CIDR2)	\
+	| IPSET_FLAG(IPSET_OPT_PROTO)	\
 	| IPSET_FLAG(IPSET_OPT_CADT_FLAGS)\
 	| IPSET_FLAG(IPSET_OPT_BEFORE))
 
diff --git a/include/libipset/linux_ip_set.h b/include/libipset/linux_ip_set.h
index 4af75ba..0ad2b14 100644
--- a/include/libipset/linux_ip_set.h
+++ b/include/libipset/linux_ip_set.h
@@ -20,47 +20,47 @@
 /* Message types and commands */
 enum ipset_cmd {
 	IPSET_CMD_NONE,
-	IPSET_CMD_CREATE,	/* Create a new (empty) set */
-	IPSET_CMD_DESTROY,	/* Remove a (empty) set */
-	IPSET_CMD_FLUSH,	/* Remove all elements from a set */
-	IPSET_CMD_RENAME,	/* Rename a set */
-	IPSET_CMD_SWAP,		/* Swap two sets */
-	IPSET_CMD_LIST,		/* List sets */
-	IPSET_CMD_SAVE,		/* Save sets */
-	IPSET_CMD_ADD,		/* Add an element to a set */
-	IPSET_CMD_DEL,		/* Delete an element from a set */
-	IPSET_CMD_TEST,		/* Test an element in a set */
-	IPSET_CMD_HEADER,	/* Get set header data only */
-	IPSET_CMD_TYPE,		/* Get set type */
-	IPSET_CMD_PROTOCOL,	/* Return protocol version */
+	IPSET_CMD_CREATE,	/* 1: Create a new (empty) set */
+	IPSET_CMD_DESTROY,	/* 2: Remove a (empty) set */
+	IPSET_CMD_FLUSH,	/* 3: Remove all elements from a set */
+	IPSET_CMD_RENAME,	/* 4: Rename a set */
+	IPSET_CMD_SWAP,		/* 5: Swap two sets */
+	IPSET_CMD_LIST,		/* 6: List sets */
+	IPSET_CMD_SAVE,		/* 7: Save sets */
+	IPSET_CMD_ADD,		/* 8: Add an element to a set */
+	IPSET_CMD_DEL,		/* 9: Delete an element from a set */
+	IPSET_CMD_TEST,		/* 10: Test an element in a set */
+	IPSET_CMD_HEADER,	/* 11: Get set header data only */
+	IPSET_CMD_TYPE,		/* 12: Get set type */
+	IPSET_CMD_PROTOCOL,	/* 13: Return protocol version */
 	IPSET_MSG_MAX,		/* Netlink message commands */
 
 	/* Commands in userspace: */
-	IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* Enter restore mode */	
-	IPSET_CMD_HELP,		/* Get help */
-	IPSET_CMD_VERSION,	/* Get program version */
-	IPSET_CMD_QUIT,		/* Quit from interactive mode */
+	IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */	
+	IPSET_CMD_HELP,		/* 15: Get help */
+	IPSET_CMD_VERSION,	/* 16: Get program version */
+	IPSET_CMD_QUIT,		/* 17: Quit from interactive mode */
 
 	IPSET_CMD_MAX,
 
-	IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* Commit buffered commands */
+	IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */
 };
 
 /* Attributes at command level */
 enum {
 	IPSET_ATTR_UNSPEC,
-	IPSET_ATTR_PROTOCOL,	/* Protocol version */
-	IPSET_ATTR_SETNAME,	/* Name of the set */
-	IPSET_ATTR_TYPENAME,	/* Typename */
+	IPSET_ATTR_PROTOCOL,	/* 1: Protocol version */
+	IPSET_ATTR_SETNAME,	/* 2: Name of the set */
+	IPSET_ATTR_TYPENAME,	/* 3: Typename */
 	IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* rename/swap */
-	IPSET_ATTR_REVISION,	/* Settype revision */
-	IPSET_ATTR_FAMILY,	/* Settype family */
-	IPSET_ATTR_FLAGS,	/* Flags at command level */
-	IPSET_ATTR_DATA,	/* Nested attributes */
-	IPSET_ATTR_ADT,		/* Multiple data containers */
-	IPSET_ATTR_LINENO,	/* Restore lineno */
-	IPSET_ATTR_PROTOCOL_MIN,/* Minimal supported version number */
-	IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */
+	IPSET_ATTR_REVISION,	/* 4: Settype revision */
+	IPSET_ATTR_FAMILY,	/* 5: Settype family */
+	IPSET_ATTR_FLAGS,	/* 6: Flags at command level */
+	IPSET_ATTR_DATA,	/* 7: Nested attributes */
+	IPSET_ATTR_ADT,		/* 8: Multiple data containers */
+	IPSET_ATTR_LINENO,	/* 9: Restore lineno */
+	IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */
+	IPSET_ATTR_REVISION_MIN	= IPSET_ATTR_PROTOCOL_MIN, /* type rev min */
 	__IPSET_ATTR_CMD_MAX,
 };
 #define IPSET_ATTR_CMD_MAX	(__IPSET_ATTR_CMD_MAX - 1)
@@ -69,13 +69,14 @@ enum {
 enum {
 	IPSET_ATTR_IP = IPSET_ATTR_UNSPEC + 1,
 	IPSET_ATTR_IP_FROM = IPSET_ATTR_IP,
-	IPSET_ATTR_IP_TO,
-	IPSET_ATTR_CIDR,
-	IPSET_ATTR_PORT,
+	IPSET_ATTR_IP_TO,	/* 2 */
+	IPSET_ATTR_CIDR,	/* 3 */
+	IPSET_ATTR_PORT,	/* 4 */
 	IPSET_ATTR_PORT_FROM = IPSET_ATTR_PORT,
-	IPSET_ATTR_PORT_TO,
-	IPSET_ATTR_TIMEOUT,
-	IPSET_ATTR_CADT_FLAGS,
+	IPSET_ATTR_PORT_TO,	/* 5 */
+	IPSET_ATTR_TIMEOUT,	/* 6 */
+	IPSET_ATTR_PROTO,	/* 7 */
+	IPSET_ATTR_CADT_FLAGS,	/* 8 */
 	IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO,
 	/* Reserve empty slots */
 	IPSET_ATTR_CADT_MAX = 16,
@@ -147,4 +148,7 @@ enum ipset_adt {
 	IPSET_CADT_MAX,
 };
 
+#define IPSET_IPPROTO_ANY	255
+#define IPSET_IPPROTO_TCPUDP	254
+
 #endif /* __IP_SET_H */
diff --git a/include/libipset/linux_ip_set_hash.h b/include/libipset/linux_ip_set_hash.h
index 76d2489..db6977b 100644
--- a/include/libipset/linux_ip_set_hash.h
+++ b/include/libipset/linux_ip_set_hash.h
@@ -5,6 +5,8 @@
 enum {
 	IPSET_ERR_HASH_FULL = IPSET_ERR_TYPE_SPECIFIC,
 	IPSET_ERR_HASH_ELEM,
+	IPSET_ERR_INVALID_PROTO,
+	IPSET_ERR_MISSING_PROTO,
 };
 
 #endif /* __IP_SET_HASH_H */
diff --git a/include/libipset/parse.h b/include/libipset/parse.h
index 143e2b3..1e055ee 100644
--- a/include/libipset/parse.h
+++ b/include/libipset/parse.h
@@ -14,6 +14,7 @@
 #define IPSET_RANGE_SEPARATOR	"-"
 #define IPSET_ELEM_SEPARATOR	","
 #define IPSET_NAME_SEPARATOR	","
+#define IPSET_PROTO_SEPARATOR	":"
 
 struct ipset_session;
 
@@ -26,6 +27,10 @@ extern int ipset_parse_single_port(struct ipset_session *session,
 				   enum ipset_opt opt, const char *str);
 extern int ipset_parse_port(struct ipset_session *session,
                             enum ipset_opt opt, const char *str);
+extern int ipset_parse_proto(struct ipset_session *session,
+                             enum ipset_opt opt, const char *str);
+extern int ipset_parse_proto_port(struct ipset_session *session,
+				  enum ipset_opt opt, const char *str);
 extern int ipset_parse_family(struct ipset_session *session,
                               enum ipset_opt opt, const char *str);
 extern int ipset_parse_ip(struct ipset_session *session,
diff --git a/include/libipset/print.h b/include/libipset/print.h
index dbb70f3..1fc5abc 100644
--- a/include/libipset/print.h
+++ b/include/libipset/print.h
@@ -37,6 +37,12 @@ extern int ipset_print_name(char *buf, unsigned int len,
 extern int ipset_print_port(char *buf, unsigned int len,
 			    const struct ipset_data *data, enum ipset_opt opt,
 			    uint8_t env);
+extern int ipset_print_proto(char *buf, unsigned int len,
+			     const struct ipset_data *data, enum ipset_opt opt,
+			     uint8_t env);
+extern int ipset_print_proto_port(char *buf, unsigned int len,
+				  const struct ipset_data *data,
+				  enum ipset_opt opt, uint8_t env);
 extern int ipset_print_flag(char *buf, unsigned int len,
 			    const struct ipset_data *data, enum ipset_opt opt,
 			    uint8_t env);
diff --git a/include/libipset/session.h b/include/libipset/session.h
index cc0940e..02e8b36 100644
--- a/include/libipset/session.h
+++ b/include/libipset/session.h
@@ -23,6 +23,7 @@ struct ipset_handle;
 
 extern struct ipset_data * ipset_session_data(const struct ipset_session *session);
 extern struct ipset_handle * ipset_session_handle(const struct ipset_session *session);
+extern const struct ipset_type * ipset_saved_type(const struct ipset_session *session);
 
 enum ipset_err_type {
 	IPSET_ERROR,