Isn't it a strange coincidence, that a reasonably non-trivial netfilter bug gets the bugzilla ID 404 ?
Well, before I try to build some conspiracy theories about somebody manipulating the bug id number sequence generation of our bugzilla installation, I'd rather concentrate on the real work.
Dave Remien is an excellent bug reporter, so as a maintainer you can actually not expect anything more than his detailed documentation (yes, I know, certificate has expired, too lazy and busy to update it right now, stay tuned). From an outside perspective, it appears like packets get 'stuck' in nfnetlink_queue. In reality, it seems like the kernel is doing everything fine, just the library eats some packets from time to time, meaning that they remain inside the kernel queue and increase it's length (and thus leak memory) one at a time.
The real cause has yet to be discovered, I'm confident that there will be some news tomorrow.