netfilter: nf_conntrack: use get_unaligned_be32() in tcp_sack()

The timestamp-only fast path dereferences the option stream as
*(__be32 *)ptr, which assumes 4-byte alignment that the TCP option
stream does not guarantee. Use get_unaligned_be32() instead, which
reads the value safely and already returns host byte order, so the
htonl() on the comparison constant can be dropped.

This matches the existing get_unaligned_be32() use later in the same
function.

Assisted-by: Claude:Opus-4.7
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Reviewed-by: Fernando Fernandez Mancera <fmancera@suse.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 027d69edba441014b8d6e4b6c7e6a6fd57d17bb5..ceeed3d7fe520ddb4a36cdf1f6bfb1e442b0dc3a 100644 (file)
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -405,11 +405,11 @@ static void tcp_sack(const struct sk_buff *skb, unsigned int dataoff,
                return;
 
        /* Fast path for timestamp-only option */
-       if (length == TCPOLEN_TSTAMP_ALIGNED
-           && *(__be32 *)ptr == htonl((TCPOPT_NOP << 24)
-                                      | (TCPOPT_NOP << 16)
-                                      | (TCPOPT_TIMESTAMP << 8)
-                                      | TCPOLEN_TIMESTAMP))
+       if (length == TCPOLEN_TSTAMP_ALIGNED &&
+           get_unaligned_be32(ptr) == ((TCPOPT_NOP << 24) |
+                                       (TCPOPT_NOP << 16) |
+                                       (TCPOPT_TIMESTAMP << 8) |
+                                       TCPOLEN_TIMESTAMP))
                return;
 
        while (length > 0) {