iptables-save: Avoid /etc/protocols lookups

Instrument proto_to_name() to abort if given protocol number is not
among the well-known ones in xtables_chain_protos. Along with
xtables_parse_protocol() preferring said array for lookups as well, this
ensures reliable dump'n'restore regardless of /etc/protocols contents.

Another benefit is rule dump performance. A simple test-case dumping
100k rules matching on dccp protocol shows an 8s delta (2s vs. 10s for
legacy, 0.5s vs. 8s for nft) with this patch applied. For reference:

| for variant in nft legacy; do
| 	(
| 		echo "*filter"
| 		for ((i = 0; i < 100000; i++)); do
| 		        echo "-A FORWARD -p dccp -j ACCEPT"
| 		done
| 		echo "COMMIT"
| 	) | iptables-${variant}-restore
| 	time iptables-${variant}-save | wc -l
| 	iptables-${variant} -F
| done

Signed-off-by: Phil Sutter <phil@nwl.cc>

0 files changed, 0 insertions, 0 deletions