Possibly fine for a follow-up, but I noticed we define a type in types/swarm as well, so in som places we need to convert one to the other; wondering if we need to alias one to the other (or have an internal type that's used as alias for both);

Micro-nit; the / is optional, but required when specifying a protocol; probably <portnum>[/<proto>] (or even <portnum>[</proto>] is more accurate. That last one is probably confusing though as it looks like a closing "html" tag 😂

Silly question; do we want <port>/ (trailing slash, but no proto) to be considered valid, or (also see above) make it only accepted if used together with a proto?

The only thing I'm eyeing is the use of uint16 in some places; while "correct" (as in it's he range accepted for ports), they also tend to be slightly awkward to use at times (e.g. a strconv.Itoa won't work).

But of course, it depends on how it's used; for this one, as it's constructing the Port, it means the caller already must've done' half the work (make sure the port-number is of the right type and range); I haven't looked yet how / where it's used and if that currently requires additional handling in callers 🤔

Correct. ParsePort is available for users who don't have a good reason to do half the work themselves.

Slightly related to the above (also depend on how it's used).

(Also still hate that net.JoinHostPort requires a string for the port 😠 😂 )

I am now second-guessing how these cases are handled. I can't think of a good justification to explain why some edge case inputs result in a zero-value PortRange while others result in an error. It also violates the Go convention where err == nil (or ok == true) signals that the other result parameters are meaningful.

One possibility would be to implicitly normalize the port numbers: if end < start { start, end = end, start }. That would allow us to make PortRangeFrom consistent with PortFrom, returning the zero value iff the protocol is empty, and eliminating the need for an error result parameter. But that would be inconsistent with ParsePortRange, and I am having a hard time justifying why PortRangeFrom(2, 1, TCP) is acceptable but ParsePortRange("2-1/tcp") is not.

Do we simply drop the error result, returning PortRange{} when end < start || proto == ""? That doesn't seem right either, as that would marshal to the empty string.

Perhaps we're just overthinking things. What if we split the difference and return ok bool, like netip.AddrFromSlice?

// PortFrom returns a Port with the given number and protocol.
//
// If no protocol is specified (i.e. proto == ""), then PortFrom returns Port{}, false.
func PortFrom(num uint16, proto PortProto) (p port, ok bool)

// PortRangeFrom returns a [PortRange] with the given start and end port numbers and protocol.
//
// If end < start or no protocol is specified (i.e. proto == ""), then PortRangeFrom returns PortRange{}, false.
func PortRangeFrom(start, end uint16, proto PortProto) (r PortRange, ok bool)

It's not like the error string is particularly informative apart from its nilness. Returning multiple values forces the caller to acknowledge that the constructor is not guaranteed to return a valid value for all inputs, and to handle (or explicitly ignore) the unhappy path.

It is notable that netip.PrefixFrom has a single result parameter despite not being guaranteed to return a valid value for all inputs either. It returns an invalid but nonzero value when the bits parameter is out of range. I do not think that such behaviour would make sense for either of our PortFrom or PortRangeFrom constructors. A netip.Prefix wraps a netip.Addr; even if the prefix length is bogus the IP address still could be meaningful. There is value in encoding and passing around such invalid Prefixes. In contrast, when end < start in a PortRangeFrom call the only possibly well-formed piece of information is the protocol, which unlike the Addr of an invalid Prefix, is not meaningful out of context. Since the caller of PortFrom or PortRangeFrom is expected to get a well-formed PortRange as the result, the zero value is not a valid result for the function. Therefore returning a single result that may be zero-valued would be considered in-band signalling, which is not best practice.

In summary, my recommendation would be to have both PortFrom and PortRangeFrom return an ok bool result parameter.

Okay yeah I think I can get behind that. Even when authoring the error solution, it didn't feel as nice as the PortFrom implementation. +1 to the argument and reference to netip.AddrFromSlice. At least we can give a consistent experience across Port(Range)From functions while forcing the user to acknowledge the potential invalid value. Still brings most of the value of a compile time check.

nit: could add a doc string