conntrack: fix BPF code for filtering on big-endian architectures

The BPF for checking the subsystem ID looks for it in the righthand byte of
`nlh->nlmsg_type`.  However, it will only be there on little-endian archi-
tectures.  The result is that on big-endian architectures the subsystem ID
doesn't match, all packets are immediately accepted, and all filters are
ignored.

Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896716
Fixes: b245e4092c5a ("src: allow to use nfct handler for conntrack and expectations at the same time")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

0 files changed, 0 insertions, 0 deletions