1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
|
# SPDX-License-Identifier: GPL-2.0-only
config CIFS
tristate "SMB3 and CIFS support (advanced network filesystem)"
depends on INET
select NLS
select NLS_UCS2_UTILS
select CRYPTO
select CRYPTO_MD5
select CRYPTO_SHA256
select CRYPTO_SHA512
select CRYPTO_CMAC
select CRYPTO_HMAC
select CRYPTO_AEAD2
select CRYPTO_CCM
select CRYPTO_GCM
select CRYPTO_ECB
select CRYPTO_AES
select KEYS
select DNS_RESOLVER
select ASN1
select OID_REGISTRY
select NETFS_SUPPORT
help
This is the client VFS module for the SMB3 family of network file
protocols (including the most recent, most secure dialect SMB3.1.1).
This module also includes support for earlier dialects such as
SMB2.1, SMB2 and even the old Common Internet File System (CIFS)
protocol. CIFS was the successor to the original network filesystem
protocol, Server Message Block (SMB ie SMB1), the native file sharing
mechanism for most early PC operating systems.
The SMB3.1.1 protocol is supported by most modern operating systems
and NAS appliances (e.g. Samba, Windows 11, Windows Server 2022,
MacOS) and even in the cloud (e.g. Microsoft Azure) and also by the
Linux kernel server, ksmbd. Support for the older CIFS protocol was
included in Windows NT4, 2000 and XP (and later). Use of dialects
older than SMB2.1 is often discouraged on public networks.
This module also provides limited support for OS/2 and Windows ME
and similar very old servers.
This module provides an advanced network file system client for
mounting to SMB3 (and CIFS) compliant servers. It includes support
for DFS (hierarchical name space), secure per-user session
establishment via Kerberos or NTLMv2, RDMA (smbdirect), advanced
security features, per-share encryption, packet-signing, snapshots,
directory leases, safe distributed caching (leases), multichannel,
Unicode and other internationalization improvements.
In general, the default dialects, SMB3 and later, enable better
performance, security and features, than would be possible with CIFS.
If you need to mount to Samba, Azure, ksmbd, Macs or Windows from this
machine, say Y.
config CIFS_STATS2
bool "Extended statistics"
depends on CIFS
default y
help
Enabling this option will allow more detailed statistics on SMB
request timing to be displayed in /proc/fs/cifs/DebugData and also
allow optional logging of slow responses to dmesg (depending on the
value of /proc/fs/cifs/cifsFYI). See Documentation/admin-guide/cifs/usage.rst
for more details. These additional statistics may have a minor effect
on performance and memory utilization.
If unsure, say Y.
config CIFS_ALLOW_INSECURE_LEGACY
bool "Support legacy servers which use less secure dialects"
depends on CIFS
default y
help
Modern dialects, SMB2.1 and later (including SMB3 and 3.1.1), have
additional security features, including protection against
man-in-the-middle attacks and stronger crypto hashes, so the use
of legacy dialects (SMB1/CIFS and SMB2.0) is discouraged.
Disabling this option prevents users from using vers=1.0 or vers=2.0
on mounts with cifs.ko
If unsure, say Y.
config CIFS_UPCALL
bool "Kerberos/SPNEGO advanced session setup"
depends on CIFS
help
Enables an upcall mechanism for CIFS which accesses userspace helper
utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets
which are needed to mount to certain secure servers (for which more
secure Kerberos authentication is required). If unsure, say Y.
config CIFS_XATTR
bool "CIFS extended attributes"
depends on CIFS
help
Extended attributes are name:value pairs associated with inodes by
the kernel or by users (see the attr(5) manual page for details).
CIFS maps the name of extended attributes beginning with the user
namespace prefix to SMB/CIFS EAs. EAs are stored on Windows
servers without the user namespace prefix, but their names are
seen by Linux cifs clients prefaced by the user namespace prefix.
The system namespace (used by some filesystems to store ACLs) is
not supported at this time.
If unsure, say Y.
config CIFS_POSIX
bool "CIFS POSIX Extensions"
depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY && CIFS_XATTR
help
Enabling this option will cause the cifs client to attempt to
negotiate a feature of the older cifs dialect with servers, such as
Samba 3.0.5 or later, that optionally can handle more POSIX like
(rather than Windows like) file behavior. It also enables support
for POSIX ACLs (getfacl and setfacl) to servers (such as Samba 3.10
and later) which can negotiate CIFS POSIX ACL support. This config
option is not needed when mounting with SMB3.1.1. If unsure, say N.
config CIFS_DEBUG
bool "Enable CIFS debugging routines"
default y
depends on CIFS
help
Enabling this option adds helpful debugging messages to
the cifs code which increases the size of the cifs module.
If unsure, say Y.
config CIFS_DEBUG2
bool "Enable additional CIFS debugging routines"
depends on CIFS_DEBUG
help
Enabling this option adds a few more debugging routines
to the cifs code which slightly increases the size of
the cifs module and can cause additional logging of debug
messages in some error paths, slowing performance. This
option can be turned off unless you are debugging
cifs problems. If unsure, say N.
config CIFS_DEBUG_DUMP_KEYS
bool "Dump encryption keys for offline decryption (Unsafe)"
depends on CIFS_DEBUG
help
Enabling this will dump the encryption and decryption keys
used to communicate on an encrypted share connection on the
console. This allows Wireshark to decrypt and dissect
encrypted network captures. Enable this carefully.
If unsure, say N.
config CIFS_DFS_UPCALL
bool "DFS feature support"
depends on CIFS
help
Distributed File System (DFS) support is used to access shares
transparently in an enterprise name space, even if the share
moves to a different server. This feature also enables
an upcall mechanism for CIFS which contacts userspace helper
utilities to provide server name resolution (host names to
IP addresses) which is needed in order to reconnect to
servers if their addresses change or for implicit mounts of
DFS junction points. If unsure, say Y.
config CIFS_SWN_UPCALL
bool "SWN feature support"
depends on CIFS
help
The Service Witness Protocol (SWN) is used to get notifications
from a highly available server of resource state changes. This
feature enables an upcall mechanism for CIFS which contacts a
userspace daemon to establish the DCE/RPC connection to retrieve
the cluster available interfaces and resource change notifications.
If unsure, say Y.
config CIFS_NFSD_EXPORT
bool "Allow nfsd to export CIFS file system"
depends on CIFS && BROKEN
help
Allows NFS server to export a CIFS mounted share (nfsd over cifs)
if CIFS
config CIFS_SMB_DIRECT
bool "SMB Direct support"
depends on CIFS=m && INFINIBAND && INFINIBAND_ADDR_TRANS || CIFS=y && INFINIBAND=y && INFINIBAND_ADDR_TRANS=y
help
Enables SMB Direct support for SMB 3.0, 3.02 and 3.1.1.
SMB Direct allows transferring SMB packets over RDMA. If unsure,
say Y.
config CIFS_FSCACHE
bool "Provide CIFS client caching support"
depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y
help
Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data
to be cached locally on disk through the general filesystem cache
manager. If unsure, say N.
config CIFS_ROOT
bool "SMB root file system (Experimental)"
depends on CIFS=y && IP_PNP
help
Enables root file system support over SMB protocol.
Most people say N here.
endif
|