See https://lists.netfilter.org/pipermail/netfilter-devel/2005-March/018657.html "This patch fixes a kernel crashing bug when using NAT. The crash occurs in the case when we send out a UDP packet to a closed port on another host, with the UDP packet being SNATed. The remote host replies with an ICMP port unreachable (type 3, code 3). We need to adjust the ICMP packet, because the UDP packet was SNATed." This may have security consequences. Was fixed in 2.6.11 as part of http://linux.bkbits.net:8080/linux-2.6/cset%4041ec35b6VPThEopl5t0ffdbUp7PweQ
Rusty's patch is enormous, breaks the kABI of netfilter completely, and we're still fixing fallout from that change in 2.6.12-rcX But the patch in the netfilter posting is OK, simple, not a kABI breaker, and correct. I'll try to cons up a clean RHEL4 patch for davej, but no promises on getting to that this week as I'm very busy with existing stuff and leave for Chicago on Thursday afternoon.
Actually, the 2.6.9 based code we have in RHEL4 does not have this bug. It references the IP header via skb->nh.iph which is fine. Later code used a local variable to store the pointer, which is what introduced the bug. Therefore RHEL4 does not have this problem and we need do nothing.