Kconfig (7862B)
1# SPDX-License-Identifier: GPL-2.0-only 2config CIFS 3 tristate "SMB3 and CIFS support (advanced network filesystem)" 4 depends on INET 5 select NLS 6 select CRYPTO 7 select CRYPTO_MD5 8 select CRYPTO_SHA256 9 select CRYPTO_SHA512 10 select CRYPTO_CMAC 11 select CRYPTO_HMAC 12 select CRYPTO_AEAD2 13 select CRYPTO_CCM 14 select CRYPTO_GCM 15 select CRYPTO_ECB 16 select CRYPTO_AES 17 select KEYS 18 select DNS_RESOLVER 19 select ASN1 20 select OID_REGISTRY 21 help 22 This is the client VFS module for the SMB3 family of NAS protocols, 23 (including support for the most recent, most secure dialect SMB3.1.1) 24 as well as for earlier dialects such as SMB2.1, SMB2 and the older 25 Common Internet File System (CIFS) protocol. CIFS was the successor 26 to the original dialect, the Server Message Block (SMB) protocol, the 27 native file sharing mechanism for most early PC operating systems. 28 29 The SMB3 protocol is supported by most modern operating systems 30 and NAS appliances (e.g. Samba, Windows 10, Windows Server 2016, 31 MacOS) and even in the cloud (e.g. Microsoft Azure). 32 The older CIFS protocol was included in Windows NT4, 2000 and XP (and 33 later) as well by Samba (which provides excellent CIFS and SMB3 34 server support for Linux and many other operating systems). Use of 35 dialects older than SMB2.1 is often discouraged on public networks. 36 This module also provides limited support for OS/2 and Windows ME 37 and similar very old servers. 38 39 This module provides an advanced network file system client 40 for mounting to SMB3 (and CIFS) compliant servers. It includes 41 support for DFS (hierarchical name space), secure per-user 42 session establishment via Kerberos or NTLM or NTLMv2, RDMA 43 (smbdirect), advanced security features, per-share encryption, 44 directory leases, safe distributed caching (oplock), optional packet 45 signing, Unicode and other internationalization improvements. 46 47 In general, the default dialects, SMB3 and later, enable better 48 performance, security and features, than would be possible with CIFS. 49 Note that when mounting to Samba, due to the CIFS POSIX extensions, 50 CIFS mounts can provide slightly better POSIX compatibility 51 than SMB3 mounts. SMB2/SMB3 mount options are also 52 slightly simpler (compared to CIFS) due to protocol improvements. 53 54 If you need to mount to Samba, Azure, Macs or Windows from this machine, say Y. 55 56config CIFS_STATS2 57 bool "Extended statistics" 58 depends on CIFS 59 default y 60 help 61 Enabling this option will allow more detailed statistics on SMB 62 request timing to be displayed in /proc/fs/cifs/DebugData and also 63 allow optional logging of slow responses to dmesg (depending on the 64 value of /proc/fs/cifs/cifsFYI). See Documentation/admin-guide/cifs/usage.rst 65 for more details. These additional statistics may have a minor effect 66 on performance and memory utilization. 67 68 If unsure, say Y. 69 70config CIFS_ALLOW_INSECURE_LEGACY 71 bool "Support legacy servers which use less secure dialects" 72 depends on CIFS 73 default y 74 help 75 Modern dialects, SMB2.1 and later (including SMB3 and 3.1.1), have 76 additional security features, including protection against 77 man-in-the-middle attacks and stronger crypto hashes, so the use 78 of legacy dialects (SMB1/CIFS and SMB2.0) is discouraged. 79 80 Disabling this option prevents users from using vers=1.0 or vers=2.0 81 on mounts with cifs.ko 82 83 If unsure, say Y. 84 85config CIFS_UPCALL 86 bool "Kerberos/SPNEGO advanced session setup" 87 depends on CIFS 88 help 89 Enables an upcall mechanism for CIFS which accesses userspace helper 90 utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets 91 which are needed to mount to certain secure servers (for which more 92 secure Kerberos authentication is required). If unsure, say Y. 93 94config CIFS_XATTR 95 bool "CIFS extended attributes" 96 depends on CIFS 97 help 98 Extended attributes are name:value pairs associated with inodes by 99 the kernel or by users (see the attr(5) manual page for details). 100 CIFS maps the name of extended attributes beginning with the user 101 namespace prefix to SMB/CIFS EAs. EAs are stored on Windows 102 servers without the user namespace prefix, but their names are 103 seen by Linux cifs clients prefaced by the user namespace prefix. 104 The system namespace (used by some filesystems to store ACLs) is 105 not supported at this time. 106 107 If unsure, say Y. 108 109config CIFS_POSIX 110 bool "CIFS POSIX Extensions" 111 depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY && CIFS_XATTR 112 help 113 Enabling this option will cause the cifs client to attempt to 114 negotiate a newer dialect with servers, such as Samba 3.0.5 115 or later, that optionally can handle more POSIX like (rather 116 than Windows like) file behavior. It also enables 117 support for POSIX ACLs (getfacl and setfacl) to servers 118 (such as Samba 3.10 and later) which can negotiate 119 CIFS POSIX ACL support. If unsure, say N. 120 121config CIFS_DEBUG 122 bool "Enable CIFS debugging routines" 123 default y 124 depends on CIFS 125 help 126 Enabling this option adds helpful debugging messages to 127 the cifs code which increases the size of the cifs module. 128 If unsure, say Y. 129 130config CIFS_DEBUG2 131 bool "Enable additional CIFS debugging routines" 132 depends on CIFS_DEBUG 133 help 134 Enabling this option adds a few more debugging routines 135 to the cifs code which slightly increases the size of 136 the cifs module and can cause additional logging of debug 137 messages in some error paths, slowing performance. This 138 option can be turned off unless you are debugging 139 cifs problems. If unsure, say N. 140 141config CIFS_DEBUG_DUMP_KEYS 142 bool "Dump encryption keys for offline decryption (Unsafe)" 143 depends on CIFS_DEBUG 144 help 145 Enabling this will dump the encryption and decryption keys 146 used to communicate on an encrypted share connection on the 147 console. This allows Wireshark to decrypt and dissect 148 encrypted network captures. Enable this carefully. 149 If unsure, say N. 150 151config CIFS_DFS_UPCALL 152 bool "DFS feature support" 153 depends on CIFS 154 help 155 Distributed File System (DFS) support is used to access shares 156 transparently in an enterprise name space, even if the share 157 moves to a different server. This feature also enables 158 an upcall mechanism for CIFS which contacts userspace helper 159 utilities to provide server name resolution (host names to 160 IP addresses) which is needed in order to reconnect to 161 servers if their addresses change or for implicit mounts of 162 DFS junction points. If unsure, say Y. 163 164config CIFS_SWN_UPCALL 165 bool "SWN feature support" 166 depends on CIFS 167 help 168 The Service Witness Protocol (SWN) is used to get notifications 169 from a highly available server of resource state changes. This 170 feature enables an upcall mechanism for CIFS which contacts a 171 userspace daemon to establish the DCE/RPC connection to retrieve 172 the cluster available interfaces and resource change notifications. 173 If unsure, say Y. 174 175config CIFS_NFSD_EXPORT 176 bool "Allow nfsd to export CIFS file system" 177 depends on CIFS && BROKEN 178 help 179 Allows NFS server to export a CIFS mounted share (nfsd over cifs) 180 181config CIFS_SMB_DIRECT 182 bool "SMB Direct support" 183 depends on CIFS=m && INFINIBAND && INFINIBAND_ADDR_TRANS || CIFS=y && INFINIBAND=y && INFINIBAND_ADDR_TRANS=y 184 help 185 Enables SMB Direct support for SMB 3.0, 3.02 and 3.1.1. 186 SMB Direct allows transferring SMB packets over RDMA. If unsure, 187 say Y. 188 189config CIFS_FSCACHE 190 bool "Provide CIFS client caching support" 191 depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y 192 help 193 Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data 194 to be cached locally on disk through the general filesystem cache 195 manager. If unsure, say N. 196 197config CIFS_ROOT 198 bool "SMB root file system (Experimental)" 199 depends on CIFS=y && IP_PNP 200 help 201 Enables root file system support over SMB protocol. 202 203 Most people say N here.