diff --git a/src/netlink.c b/src/netlink.c
index b179b3184725..dd46487e0888 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -74,7 +74,7 @@ static int get_allowedips(struct sk_buff *skb, const u8 *ip, u8 cidr,
 {
 	struct nlattr *allowedip_nest;
 
-	allowedip_nest = nla_nest_start(skb, 0);
+	allowedip_nest = nla_nest_start_noflag(skb, 0);
 	if (!allowedip_nest)
 		return -EMSGSIZE;
 
@@ -94,7 +94,7 @@ static int
 get_peer(struct wg_peer *peer, struct allowedips_node **next_allowedips_node,
 	 u64 *allowedips_seq, struct sk_buff *skb)
 {
-	struct nlattr *allowedips_nest, *peer_nest = nla_nest_start(skb, 0);
+	struct nlattr *allowedips_nest, *peer_nest = nla_nest_start_noflag(skb, 0);
 	struct allowedips_node *allowedips_node = *next_allowedips_node;
 	bool fail;
 
@@ -156,7 +156,7 @@ get_peer(struct wg_peer *peer, struct allowedips_node **next_allowedips_node,
 	else if (*allowedips_seq != peer->device->peer_allowedips.seq)
 		goto no_allowedips;
 
-	allowedips_nest = nla_nest_start(skb, WGPEER_A_ALLOWEDIPS);
+	allowedips_nest = nla_nest_start_noflag(skb, WGPEER_A_ALLOWEDIPS);
 	if (!allowedips_nest)
 		goto err;
 
@@ -190,7 +190,7 @@ static int wg_get_device_start(struct netlink_callback *cb)
 	struct wg_device *wg;
 	int ret;
 
-	ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + genl_family.hdrsize, attrs,
+	ret = nlmsg_parse_deprecated(cb->nlh, GENL_HDRLEN + genl_family.hdrsize, attrs,
 			  genl_family.maxattr, device_policy, NULL);
 	if (ret < 0)
 		return ret;
@@ -247,7 +247,7 @@ static int wg_get_device_dump(struct sk_buff *skb, struct netlink_callback *cb)
 		up_read(&wg->static_identity.lock);
 	}
 
-	peers_nest = nla_nest_start(skb, WGDEVICE_A_PEERS);
+	peers_nest = nla_nest_start_noflag(skb, WGDEVICE_A_PEERS);
 	if (!peers_nest)
 		goto out;
 	ret = 0;
@@ -450,7 +450,7 @@ static int set_peer(struct wg_device *wg, struct nlattr **attrs)
 		int rem;
 
 		nla_for_each_nested(attr, attrs[WGPEER_A_ALLOWEDIPS], rem) {
-			ret = nla_parse_nested(allowedip, WGALLOWEDIP_A_MAX,
+			ret = nla_parse_nested_deprecated(allowedip, WGALLOWEDIP_A_MAX,
 					       attr, allowedip_policy, NULL);
 			if (ret < 0)
 				goto out;
@@ -561,7 +561,7 @@ static int wg_set_device(struct sk_buff *skb, struct genl_info *info)
 		int rem;
 
 		nla_for_each_nested(attr, info->attrs[WGDEVICE_A_PEERS], rem) {
-			ret = nla_parse_nested(peer, WGPEER_A_MAX, attr,
+			ret = nla_parse_nested_deprecated(peer, WGPEER_A_MAX, attr,
 					       peer_policy, NULL);
 			if (ret < 0)
 				goto out;
@@ -596,12 +596,10 @@ struct genl_ops genl_ops[] = {
 #endif
 		.dumpit = wg_get_device_dump,
 		.done = wg_get_device_done,
-		.policy = device_policy,
 		.flags = GENL_UNS_ADMIN_PERM
 	}, {
 		.cmd = WG_CMD_SET_DEVICE,
 		.doit = wg_set_device,
-		.policy = device_policy,
 		.flags = GENL_UNS_ADMIN_PERM
 	}
 };
@@ -617,6 +615,7 @@ __ro_after_init = {
 	.name = WG_GENL_NAME,
 	.version = WG_GENL_VERSION,
 	.maxattr = WGDEVICE_A_MAX,
+	.policy = device_policy,
 	.module = THIS_MODULE,
 	.netnsok = true
 };