Harald Welte wrote:

> Thanks for your patch.  I think the original idea of that array was to
> have it working even if there is no /etc/protocols (small embedded
> system, ..).
> 
> So in a 'perfect' world, we would keep our small table for
> commonly-used protocol and only query /etc/protocols if we don't have a
> match.
> 
> Please also update iptables.c to make it consistent with
> iptables-save/restore.

I'm sorry to have taken so long to respond.
I've been studying this stuff and preparing a version of iptables-save 
that outputs in a XML format (with the appropriate DTD). I'm not quite 
finished yet.

As per your request, I've modified the patch to keep the protocol table.
Peeking more I saw that ip6tables-save.c has code to use 
getprotobynumber, so I've sort of reproduced that exactly.
The patch got quite small.

And iptables.c uses getprotobynumber in proto-to-name -- if there's 
somewhere else that requires change, I've not found it by myself.

When I'm finished with my little project, I'll post the code (rather 
small) to the list for review.

--
  Pedro Lamarão