[OS-BUILD PATCH] netfilter: Add deprecation notices for xtables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Phil Sutter <psutter@xxxxxxxxxx>

netfilter: Add deprecation notices for xtables

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1945179
Upstream Status: RHEL-only

Upon loading legacy xtables table modules or the nft compat module,
print a warning suggesting nftables.

diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index blahblah..blahblah 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -2484,6 +2484,9 @@ static int __init ebtables_init(void)
 {
 	int ret;
 
+	pr_warn_ratelimited("This module is deprecated in Red Hat Enterprise Linux,\n"
+			    "please use nftables instead (https://red.ht/nft_your_tables)\n");
+
 	ret = xt_register_target(&ebt_standard_target);
 	if (ret < 0)
 		return ret;
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index blahblah..blahblah 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -1623,6 +1623,9 @@ static int __init arp_tables_init(void)
 {
 	int ret;
 
+	pr_warn_ratelimited("This module is deprecated in Red Hat Enterprise Linux,\n"
+			    "please use nftables instead (https://red.ht/nft_your_tables)\n");
+
 	ret = register_pernet_subsys(&arp_tables_net_ops);
 	if (ret < 0)
 		goto err1;
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index blahblah..blahblah 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1902,6 +1902,9 @@ static int __init ip_tables_init(void)
 {
 	int ret;
 
+	pr_warn_ratelimited("This module is deprecated in Red Hat Enterprise Linux,\n"
+			    "please use nftables instead (https://red.ht/nft_your_tables)\n");
+
 	ret = register_pernet_subsys(&ip_tables_net_ops);
 	if (ret < 0)
 		goto err1;
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index blahblah..blahblah 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -1909,6 +1909,9 @@ static int __init ip6_tables_init(void)
 {
 	int ret;
 
+	pr_warn_ratelimited("This module is deprecated in Red Hat Enterprise Linux,\n"
+			    "please use nftables instead (https://red.ht/nft_your_tables)\n");
+
 	ret = register_pernet_subsys(&ip6_tables_net_ops);
 	if (ret < 0)
 		goto err1;
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index blahblah..blahblah 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -6,6 +6,8 @@
 
 /* Kernel module for IP set management */
 
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
 #include <linux/init.h>
 #include <linux/module.h>
 #include <linux/moduleparam.h>
@@ -2362,8 +2364,12 @@ static struct pernet_operations ip_set_net_ops = {
 static int __init
 ip_set_init(void)
 {
-	int ret = register_pernet_subsys(&ip_set_net_ops);
+	int ret;
+
+	pr_warn_ratelimited("This module is deprecated in Red Hat Enterprise Linux,\n"
+			    "please use nftables instead (https://red.ht/nft_your_tables)\n");
 
+	ret = register_pernet_subsys(&ip_set_net_ops);
 	if (ret) {
 		pr_err("ip_set: cannot register pernet_subsys.\n");
 		return ret;
diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c
index blahblah..blahblah 100644
--- a/net/netfilter/nft_compat.c
+++ b/net/netfilter/nft_compat.c
@@ -5,6 +5,8 @@
  * This software has been sponsored by Sophos Astaro <http://www.sophos.com>
  */
 
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
 #include <linux/kernel.h>
 #include <linux/init.h>
 #include <linux/module.h>
@@ -882,6 +884,9 @@ static int __init nft_compat_module_init(void)
 {
 	int ret;
 
+	pr_warn_ratelimited("This module is deprecated in Red Hat Enterprise Linux,\n"
+			    "please use nftables instead (https://red.ht/nft_your_tables)\n");
+
 	ret = nft_register_expr(&nft_match_type);
 	if (ret < 0)
 		return ret;

--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1226
_______________________________________________
kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [USB]     [Asterisk PBX]

  Powered by Linux