netfilter: add deprecation warning for dccp support

Add a deprecation warning for the xt_dccp match and the
nft exthdr code.

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/net/netfilter/nft_exthdr.c b/net/netfilter/nft_exthdr.c
index 5f01269a49bd1527c56585edaa5a574471314422..14d4ad7f518cfdac70ab7e9438ac030a2830a79f 100644 (file)
--- a/net/netfilter/nft_exthdr.c
+++ b/net/netfilter/nft_exthdr.c
@@ -796,6 +796,9 @@ nft_exthdr_select_ops(const struct nft_ctx *ctx,
                break;
 #ifdef CONFIG_NFT_EXTHDR_DCCP
        case NFT_EXTHDR_OP_DCCP:
+               pr_warn_once("The dccp option matching is deprecated and scheduled to be removed in 2027.\n"
+                            "Please contact the netfilter-devel mailing list or update your nftables rules.\n");
+
                if (tb[NFTA_EXTHDR_DREG])
                        return &nft_exthdr_dccp_ops;
                break;

diff --git a/net/netfilter/xt_dccp.c b/net/netfilter/xt_dccp.c
index 037ab93e25d0afff2e643922ba98bbda9cb719ea..3db81e041af9bf65b85305a25f506eae0bd71ef3 100644 (file)
--- a/net/netfilter/xt_dccp.c
+++ b/net/netfilter/xt_dccp.c
@@ -159,6 +159,9 @@ static int __init dccp_mt_init(void)
 {
        int ret;
 
+       pr_warn_once("The DCCP match is deprecated and scheduled to be removed in 2027.\n"
+                    "Please contact the netfilter-devel mailing list or update your iptables rules\n");
+
        /* doff is 8 bits, so the maximum option size is (4*256).  Don't put
         * this in BSS since DaveM is worried about locked TLB's for kernel
         * BSS. */