ip: Replace as u8 casts with explicit From conversions for IpProtocol

According to the IANA protocol number specification
(https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml),
protocol numbers are always within the u8 range.

Using `as` for type conversion is dangerous because it can silently
discard higher-order data, leading to bugs that are hard to detect.

This change ensures all protocol number conversions are type-safe and
explicit, avoiding accidental data loss and aligning the code with the
protocol specification.

Author: liangwen12year

src/ip.rs

@@ -209,3 +209,16 @@ impl From<IpProtocol> for i32 {
         }
     }
 }
+
+impl From<u8> for IpProtocol {
+    fn from(d: u8) -> Self {
+        IpProtocol::from(d as i32)
+    }
+}
+
+impl From<IpProtocol> for u8 {
+    fn from(p: IpProtocol) -> u8 {
+        let v: i32 = p.into();
+        v as u8
+    }
+}

src/rule/attribute.rs

@@ -139,7 +139,7 @@ impl Nla for RuleAttribute {
             | Self::SuppressPrefixLen(value)
             | Self::Table(value) => emit_u32(buffer, *value).unwrap(),
             Self::L3MDev(value) => buffer[0] = (*value).into(),
-            Self::IpProtocol(value) => buffer[0] = i32::from(*value) as u8,
+            Self::IpProtocol(value) => buffer[0] = u8::from(*value),
             Self::Protocol(value) => buffer[0] = u8::from(*value),
             Self::Other(attr) => attr.emit_value(buffer),
         }
@@ -209,7 +209,7 @@ impl<'a, T: AsRef<[u8]> + ?Sized> Parseable<NlaBuffer<&'a T>>
                     .into(),
             ),
             FRA_IP_PROTO => Self::IpProtocol(IpProtocol::from(
-                parse_u8(payload).context("invalid FRA_IP_PROTO value")? as i32,
+                parse_u8(payload).context("invalid FRA_IP_PROTO value")?,
             )),
             FRA_SPORT_RANGE => Self::SourcePortRange(
                 RulePortRange::parse(payload)