From: Phil Sutter <psutter@xxxxxxxxxx> netfilter: Add deprecation notices for xtables Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1945179 Upstream Status: RHEL-only Upon loading legacy xtables table modules or the nft compat module, print a warning suggesting nftables. Signed-off-by: Phil Sutter <psutter@xxxxxxxxxx> diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index blahblah..blahblah 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c @@ -2484,6 +2484,9 @@ static int __init ebtables_init(void) { int ret; + pr_warn_ratelimited("This module is deprecated in Red Hat Enterprise Linux,\n" + "please use nftables instead (https://red.ht/nft_your_tables)\n"); + ret = xt_register_target(&ebt_standard_target); if (ret < 0) return ret; diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index blahblah..blahblah 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c @@ -1623,6 +1623,9 @@ static int __init arp_tables_init(void) { int ret; + pr_warn_ratelimited("This module is deprecated in Red Hat Enterprise Linux,\n" + "please use nftables instead (https://red.ht/nft_your_tables)\n"); + ret = register_pernet_subsys(&arp_tables_net_ops); if (ret < 0) goto err1; diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index blahblah..blahblah 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -1902,6 +1902,9 @@ static int __init ip_tables_init(void) { int ret; + pr_warn_ratelimited("This module is deprecated in Red Hat Enterprise Linux,\n" + "please use nftables instead (https://red.ht/nft_your_tables)\n"); + ret = register_pernet_subsys(&ip_tables_net_ops); if (ret < 0) goto err1; diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index blahblah..blahblah 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c @@ -1909,6 +1909,9 @@ static int __init ip6_tables_init(void) { int ret; + pr_warn_ratelimited("This module is deprecated in Red Hat Enterprise Linux,\n" + "please use nftables instead (https://red.ht/nft_your_tables)\n"); + ret = register_pernet_subsys(&ip6_tables_net_ops); if (ret < 0) goto err1; diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index blahblah..blahblah 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -6,6 +6,8 @@ /* Kernel module for IP set management */ +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + #include <linux/init.h> #include <linux/module.h> #include <linux/moduleparam.h> @@ -2362,8 +2364,12 @@ static struct pernet_operations ip_set_net_ops = { static int __init ip_set_init(void) { - int ret = register_pernet_subsys(&ip_set_net_ops); + int ret; + + pr_warn_ratelimited("This module is deprecated in Red Hat Enterprise Linux,\n" + "please use nftables instead (https://red.ht/nft_your_tables)\n"); + ret = register_pernet_subsys(&ip_set_net_ops); if (ret) { pr_err("ip_set: cannot register pernet_subsys.\n"); return ret; diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c index blahblah..blahblah 100644 --- a/net/netfilter/nft_compat.c +++ b/net/netfilter/nft_compat.c @@ -5,6 +5,8 @@ * This software has been sponsored by Sophos Astaro <http://www.sophos.com> */ +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + #include <linux/kernel.h> #include <linux/init.h> #include <linux/module.h> @@ -882,6 +884,9 @@ static int __init nft_compat_module_init(void) { int ret; + pr_warn_ratelimited("This module is deprecated in Red Hat Enterprise Linux,\n" + "please use nftables instead (https://red.ht/nft_your_tables)\n"); + ret = nft_register_expr(&nft_match_type); if (ret < 0) return ret; -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1226 _______________________________________________ kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure