The p0f fingerprints haven't been updated in years, it doesn't look like this feature is still in a useful/working state. Add deprecation notices. We can remove them again if people still use this feature. Signed-off-by: Florian Westphal --- net/netfilter/nfnetlink_osf.c | 3 +++ net/netfilter/nft_osf.c | 3 +++ net/netfilter/xt_osf.c | 3 +++ 3 files changed, 9 insertions(+) diff --git a/net/netfilter/nfnetlink_osf.c b/net/netfilter/nfnetlink_osf.c index d64ce21c7b55..ca943ea71d1a 100644 --- a/net/netfilter/nfnetlink_osf.c +++ b/net/netfilter/nfnetlink_osf.c @@ -423,6 +423,9 @@ static int __init nfnl_osf_init(void) int err = -EINVAL; int i; + pr_warn_once("The osf nfnetlink helper is deprecated and scheduled to be removed in 2027.\n" + "Please contact the netfilter-devel mailing list\n"); + for (i = 0; i < ARRAY_SIZE(nf_osf_fingers); ++i) INIT_LIST_HEAD(&nf_osf_fingers[i]); diff --git a/net/netfilter/nft_osf.c b/net/netfilter/nft_osf.c index 18003433476c..38d3260a954c 100644 --- a/net/netfilter/nft_osf.c +++ b/net/netfilter/nft_osf.c @@ -147,6 +147,9 @@ static struct nft_expr_type nft_osf_type __read_mostly = { static int __init nft_osf_module_init(void) { + pr_warn_once("The osf expression is deprecated and scheduled to be removed in 2027.\n" + "Please contact the netfilter-devel mailing list or update your nftables rules\n"); + return nft_register_expr(&nft_osf_type); } diff --git a/net/netfilter/xt_osf.c b/net/netfilter/xt_osf.c index dc9485854002..0d8ee8542e16 100644 --- a/net/netfilter/xt_osf.c +++ b/net/netfilter/xt_osf.c @@ -48,6 +48,9 @@ static int __init xt_osf_init(void) { int err; + pr_warn_once("The osf match is deprecated and scheduled to be removed in 2027.\n" + "Please contact the netfilter-devel mailing list or update your iptables rules\n"); + err = xt_register_match(&xt_osf_match); if (err) { pr_err("Failed to register OS fingerprint " -- 2.53.0