netfilter.org has, for some years, been developing a patch called TARPIT, which takes a tcp connection and sets its window size to 0, forcing a timeout. This can be used by iptables to slow down unwanted connection attempts. This patch applies perfectly for vanilla sources, as does it for gentoo-sources, but it won't compile with gentoo-sources. Reproducible: Always Steps to Reproduce: 1. get iptables 2. get patch-o-matic 3. ./runme TARPIT 4. enable the module 5. make Actual Results: compile errors: "net/ipv4/netfilter/ipt_TARPIT.c:188: error: 'struct sk_buff' has no member named 'nh'" a thousand times (with different line numbers) Expected Results: compile seamlessly
I'm sorry but unsupported third-party patches are not a Gentoo bug. You can either fix the patch yourself or report the bug ustream to the tarpit patch authors.