Commit | Line | Data |
---|---|---|
ec8f24b7 | 1 | # SPDX-License-Identifier: GPL-2.0-only |
bb26b963 | 2 | config CIFS |
2a38e120 | 3 | tristate "SMB3 and CIFS support (advanced network filesystem)" |
bb26b963 AD |
4 | depends on INET |
5 | select NLS | |
d2b91521 SP |
6 | select CRYPTO |
7 | select CRYPTO_MD5 | |
5b454a64 | 8 | select CRYPTO_SHA256 |
5890184d | 9 | select CRYPTO_SHA512 |
5b454a64 | 10 | select CRYPTO_CMAC |
362d3129 | 11 | select CRYPTO_HMAC |
5b454a64 BG |
12 | select CRYPTO_AEAD2 |
13 | select CRYPTO_CCM | |
5fc3681f | 14 | select CRYPTO_GCM |
5f0b23ee | 15 | select CRYPTO_ECB |
5b454a64 | 16 | select CRYPTO_AES |
e7a1a2df | 17 | select KEYS |
4e456b30 | 18 | select DNS_RESOLVER |
0475c365 HL |
19 | select ASN1 |
20 | select OID_REGISTRY | |
d08089f6 | 21 | select NETFS_SUPPORT |
bb26b963 | 22 | help |
ed2f1d9c SF |
23 | This is the client VFS module for the SMB3 family of network file |
24 | protocols (including the most recent, most secure dialect SMB3.1.1). | |
25 | This module also includes support for earlier dialects such as | |
26 | SMB2.1, SMB2 and even the old Common Internet File System (CIFS) | |
27 | protocol. CIFS was the successor to the original network filesystem | |
28 | protocol, Server Message Block (SMB ie SMB1), the native file sharing | |
29 | mechanism for most early PC operating systems. | |
30 | ||
31 | The SMB3.1.1 protocol is supported by most modern operating systems | |
32 | and NAS appliances (e.g. Samba, Windows 11, Windows Server 2022, | |
33 | MacOS) and even in the cloud (e.g. Microsoft Azure) and also by the | |
34 | Linux kernel server, ksmbd. Support for the older CIFS protocol was | |
35 | included in Windows NT4, 2000 and XP (and later). Use of dialects | |
36 | older than SMB2.1 is often discouraged on public networks. | |
0fdfef9a SF |
37 | This module also provides limited support for OS/2 and Windows ME |
38 | and similar very old servers. | |
bb26b963 | 39 | |
ed2f1d9c SF |
40 | This module provides an advanced network file system client for |
41 | mounting to SMB3 (and CIFS) compliant servers. It includes support | |
42 | for DFS (hierarchical name space), secure per-user session | |
43 | establishment via Kerberos or NTLMv2, RDMA (smbdirect), advanced | |
44 | security features, per-share encryption, packet-signing, snapshots, | |
45 | directory leases, safe distributed caching (leases), multichannel, | |
46 | Unicode and other internationalization improvements. | |
2a38e120 SF |
47 | |
48 | In general, the default dialects, SMB3 and later, enable better | |
49 | performance, security and features, than would be possible with CIFS. | |
2a38e120 | 50 | |
ed2f1d9c SF |
51 | If you need to mount to Samba, Azure, ksmbd, Macs or Windows from this |
52 | machine, say Y. | |
bb26b963 | 53 | |
bb26b963 AD |
54 | config CIFS_STATS2 |
55 | bool "Extended statistics" | |
fcabb892 | 56 | depends on CIFS |
0d52df81 | 57 | default y |
bb26b963 AD |
58 | help |
59 | Enabling this option will allow more detailed statistics on SMB | |
60 | request timing to be displayed in /proc/fs/cifs/DebugData and also | |
61 | allow optional logging of slow responses to dmesg (depending on the | |
e68f4a7b SF |
62 | value of /proc/fs/cifs/cifsFYI). See Documentation/admin-guide/cifs/usage.rst |
63 | for more details. These additional statistics may have a minor effect | |
64 | on performance and memory utilization. | |
bb26b963 | 65 | |
0d52df81 | 66 | If unsure, say Y. |
bb26b963 | 67 | |
7420451f SF |
68 | config CIFS_ALLOW_INSECURE_LEGACY |
69 | bool "Support legacy servers which use less secure dialects" | |
70 | depends on CIFS | |
71 | default y | |
72 | help | |
73 | Modern dialects, SMB2.1 and later (including SMB3 and 3.1.1), have | |
74 | additional security features, including protection against | |
75 | man-in-the-middle attacks and stronger crypto hashes, so the use | |
76 | of legacy dialects (SMB1/CIFS and SMB2.0) is discouraged. | |
77 | ||
78 | Disabling this option prevents users from using vers=1.0 or vers=2.0 | |
79 | on mounts with cifs.ko | |
80 | ||
81 | If unsure, say Y. | |
82 | ||
bb26b963 | 83 | config CIFS_UPCALL |
1a4240f4 | 84 | bool "Kerberos/SPNEGO advanced session setup" |
e7a1a2df | 85 | depends on CIFS |
1a4240f4 WL |
86 | help |
87 | Enables an upcall mechanism for CIFS which accesses userspace helper | |
88 | utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets | |
89 | which are needed to mount to certain secure servers (for which more | |
2a38e120 | 90 | secure Kerberos authentication is required). If unsure, say Y. |
bb26b963 AD |
91 | |
92 | config CIFS_XATTR | |
50cfad78 EWI |
93 | bool "CIFS extended attributes" |
94 | depends on CIFS | |
95 | help | |
96 | Extended attributes are name:value pairs associated with inodes by | |
97 | the kernel or by users (see the attr(5) manual page for details). | |
98 | CIFS maps the name of extended attributes beginning with the user | |
99 | namespace prefix to SMB/CIFS EAs. EAs are stored on Windows | |
100 | servers without the user namespace prefix, but their names are | |
101 | seen by Linux cifs clients prefaced by the user namespace prefix. | |
102 | The system namespace (used by some filesystems to store ACLs) is | |
103 | not supported at this time. | |
104 | ||
105 | If unsure, say Y. | |
bb26b963 AD |
106 | |
107 | config CIFS_POSIX | |
50cfad78 EWI |
108 | bool "CIFS POSIX Extensions" |
109 | depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY && CIFS_XATTR | |
110 | help | |
111 | Enabling this option will cause the cifs client to attempt to | |
ed2f1d9c SF |
112 | negotiate a feature of the older cifs dialect with servers, such as |
113 | Samba 3.0.5 or later, that optionally can handle more POSIX like | |
114 | (rather than Windows like) file behavior. It also enables support | |
115 | for POSIX ACLs (getfacl and setfacl) to servers (such as Samba 3.10 | |
116 | and later) which can negotiate CIFS POSIX ACL support. This config | |
117 | option is not needed when mounting with SMB3.1.1. If unsure, say N. | |
bb26b963 | 118 | |
471b1f98 JP |
119 | config CIFS_DEBUG |
120 | bool "Enable CIFS debugging routines" | |
121 | default y | |
122 | depends on CIFS | |
123 | help | |
50cfad78 EWI |
124 | Enabling this option adds helpful debugging messages to |
125 | the cifs code which increases the size of the cifs module. | |
126 | If unsure, say Y. | |
127 | ||
bb26b963 AD |
128 | config CIFS_DEBUG2 |
129 | bool "Enable additional CIFS debugging routines" | |
471b1f98 | 130 | depends on CIFS_DEBUG |
bb26b963 | 131 | help |
50cfad78 EWI |
132 | Enabling this option adds a few more debugging routines |
133 | to the cifs code which slightly increases the size of | |
134 | the cifs module and can cause additional logging of debug | |
135 | messages in some error paths, slowing performance. This | |
136 | option can be turned off unless you are debugging | |
137 | cifs problems. If unsure, say N. | |
bb26b963 | 138 | |
d38de3c6 AA |
139 | config CIFS_DEBUG_DUMP_KEYS |
140 | bool "Dump encryption keys for offline decryption (Unsafe)" | |
2a38e120 | 141 | depends on CIFS_DEBUG |
d38de3c6 | 142 | help |
50cfad78 EWI |
143 | Enabling this will dump the encryption and decryption keys |
144 | used to communicate on an encrypted share connection on the | |
145 | console. This allows Wireshark to decrypt and dissect | |
146 | encrypted network captures. Enable this carefully. | |
147 | If unsure, say N. | |
d38de3c6 | 148 | |
10e70afa | 149 | config CIFS_DFS_UPCALL |
50cfad78 | 150 | bool "DFS feature support" |
e7a1a2df | 151 | depends on CIFS |
50cfad78 EWI |
152 | help |
153 | Distributed File System (DFS) support is used to access shares | |
154 | transparently in an enterprise name space, even if the share | |
155 | moves to a different server. This feature also enables | |
156 | an upcall mechanism for CIFS which contacts userspace helper | |
157 | utilities to provide server name resolution (host names to | |
158 | IP addresses) which is needed in order to reconnect to | |
159 | servers if their addresses change or for implicit mounts of | |
160 | DFS junction points. If unsure, say Y. | |
10e70afa | 161 | |
06f08dab SC |
162 | config CIFS_SWN_UPCALL |
163 | bool "SWN feature support" | |
164 | depends on CIFS | |
165 | help | |
166 | The Service Witness Protocol (SWN) is used to get notifications | |
167 | from a highly available server of resource state changes. This | |
e68f4a7b | 168 | feature enables an upcall mechanism for CIFS which contacts a |
06f08dab SC |
169 | userspace daemon to establish the DCE/RPC connection to retrieve |
170 | the cluster available interfaces and resource change notifications. | |
171 | If unsure, say Y. | |
172 | ||
25720873 | 173 | config CIFS_NFSD_EXPORT |
50cfad78 EWI |
174 | bool "Allow nfsd to export CIFS file system" |
175 | depends on CIFS && BROKEN | |
176 | help | |
177 | Allows NFS server to export a CIFS mounted share (nfsd over cifs) | |
675f36fb | 178 | |
77e3f338 SF |
179 | if CIFS |
180 | ||
2b6ed880 | 181 | config CIFS_SMB_DIRECT |
e9630660 | 182 | bool "SMB Direct support" |
533d1dae | 183 | depends on CIFS=m && INFINIBAND && INFINIBAND_ADDR_TRANS || CIFS=y && INFINIBAND=y && INFINIBAND_ADDR_TRANS=y |
2b6ed880 | 184 | help |
e9630660 | 185 | Enables SMB Direct support for SMB 3.0, 3.02 and 3.1.1. |
2b6ed880 | 186 | SMB Direct allows transferring SMB packets over RDMA. If unsure, |
2bcb4fd6 | 187 | say Y. |
2b6ed880 | 188 | |
1d4ab907 | 189 | config CIFS_FSCACHE |
50cfad78 | 190 | bool "Provide CIFS client caching support" |
70431bfd | 191 | depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y |
50cfad78 EWI |
192 | help |
193 | Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data | |
194 | to be cached locally on disk through the general filesystem cache | |
195 | manager. If unsure, say N. | |
8eecd1c2 PAS |
196 | |
197 | config CIFS_ROOT | |
198 | bool "SMB root file system (Experimental)" | |
199 | depends on CIFS=y && IP_PNP | |
200 | help | |
201 | Enables root file system support over SMB protocol. | |
202 | ||
203 | Most people say N here. | |
77e3f338 SF |
204 | |
205 | endif |