1# SPDX-License-Identifier: GPL-2.0-only 2config CIFS 3 tristate "SMB3 and CIFS support (advanced network filesystem)" 4 depends on INET 5 select NLS 6 select CRYPTO 7 select CRYPTO_MD5 8 select CRYPTO_SHA256 9 select CRYPTO_SHA512 10 select CRYPTO_CMAC 11 select CRYPTO_HMAC 12 select CRYPTO_AEAD2 13 select CRYPTO_CCM 14 select CRYPTO_GCM 15 select CRYPTO_ECB 16 select CRYPTO_AES 17 select KEYS 18 select DNS_RESOLVER 19 select ASN1 20 select OID_REGISTRY 21 select NETFS_SUPPORT 22 help 23 This is the client VFS module for the SMB3 family of network file 24 protocols (including the most recent, most secure dialect SMB3.1.1). 25 This module also includes support for earlier dialects such as 26 SMB2.1, SMB2 and even the old Common Internet File System (CIFS) 27 protocol. CIFS was the successor to the original network filesystem 28 protocol, Server Message Block (SMB ie SMB1), the native file sharing 29 mechanism for most early PC operating systems. 30 31 The SMB3.1.1 protocol is supported by most modern operating systems 32 and NAS appliances (e.g. Samba, Windows 11, Windows Server 2022, 33 MacOS) and even in the cloud (e.g. Microsoft Azure) and also by the 34 Linux kernel server, ksmbd. Support for the older CIFS protocol was 35 included in Windows NT4, 2000 and XP (and later). Use of dialects 36 older than SMB2.1 is often discouraged on public networks. 37 This module also provides limited support for OS/2 and Windows ME 38 and similar very old servers. 39 40 This module provides an advanced network file system client for 41 mounting to SMB3 (and CIFS) compliant servers. It includes support 42 for DFS (hierarchical name space), secure per-user session 43 establishment via Kerberos or NTLMv2, RDMA (smbdirect), advanced 44 security features, per-share encryption, packet-signing, snapshots, 45 directory leases, safe distributed caching (leases), multichannel, 46 Unicode and other internationalization improvements. 47 48 In general, the default dialects, SMB3 and later, enable better 49 performance, security and features, than would be possible with CIFS. 50 51 If you need to mount to Samba, Azure, ksmbd, Macs or Windows from this 52 machine, say Y. 53 54config CIFS_STATS2 55 bool "Extended statistics" 56 depends on CIFS 57 default y 58 help 59 Enabling this option will allow more detailed statistics on SMB 60 request timing to be displayed in /proc/fs/cifs/DebugData and also 61 allow optional logging of slow responses to dmesg (depending on the 62 value of /proc/fs/cifs/cifsFYI). See Documentation/admin-guide/cifs/usage.rst 63 for more details. These additional statistics may have a minor effect 64 on performance and memory utilization. 65 66 If unsure, say Y. 67 68config CIFS_ALLOW_INSECURE_LEGACY 69 bool "Support legacy servers which use less secure dialects" 70 depends on CIFS 71 default y 72 help 73 Modern dialects, SMB2.1 and later (including SMB3 and 3.1.1), have 74 additional security features, including protection against 75 man-in-the-middle attacks and stronger crypto hashes, so the use 76 of legacy dialects (SMB1/CIFS and SMB2.0) is discouraged. 77 78 Disabling this option prevents users from using vers=1.0 or vers=2.0 79 on mounts with cifs.ko 80 81 If unsure, say Y. 82 83config CIFS_UPCALL 84 bool "Kerberos/SPNEGO advanced session setup" 85 depends on CIFS 86 help 87 Enables an upcall mechanism for CIFS which accesses userspace helper 88 utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets 89 which are needed to mount to certain secure servers (for which more 90 secure Kerberos authentication is required). If unsure, say Y. 91 92config CIFS_XATTR 93 bool "CIFS extended attributes" 94 depends on CIFS 95 help 96 Extended attributes are name:value pairs associated with inodes by 97 the kernel or by users (see the attr(5) manual page for details). 98 CIFS maps the name of extended attributes beginning with the user 99 namespace prefix to SMB/CIFS EAs. EAs are stored on Windows 100 servers without the user namespace prefix, but their names are 101 seen by Linux cifs clients prefaced by the user namespace prefix. 102 The system namespace (used by some filesystems to store ACLs) is 103 not supported at this time. 104 105 If unsure, say Y. 106 107config CIFS_POSIX 108 bool "CIFS POSIX Extensions" 109 depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY && CIFS_XATTR 110 help 111 Enabling this option will cause the cifs client to attempt to 112 negotiate a feature of the older cifs dialect with servers, such as 113 Samba 3.0.5 or later, that optionally can handle more POSIX like 114 (rather than Windows like) file behavior. It also enables support 115 for POSIX ACLs (getfacl and setfacl) to servers (such as Samba 3.10 116 and later) which can negotiate CIFS POSIX ACL support. This config 117 option is not needed when mounting with SMB3.1.1. If unsure, say N. 118 119config CIFS_DEBUG 120 bool "Enable CIFS debugging routines" 121 default y 122 depends on CIFS 123 help 124 Enabling this option adds helpful debugging messages to 125 the cifs code which increases the size of the cifs module. 126 If unsure, say Y. 127 128config CIFS_DEBUG2 129 bool "Enable additional CIFS debugging routines" 130 depends on CIFS_DEBUG 131 help 132 Enabling this option adds a few more debugging routines 133 to the cifs code which slightly increases the size of 134 the cifs module and can cause additional logging of debug 135 messages in some error paths, slowing performance. This 136 option can be turned off unless you are debugging 137 cifs problems. If unsure, say N. 138 139config CIFS_DEBUG_DUMP_KEYS 140 bool "Dump encryption keys for offline decryption (Unsafe)" 141 depends on CIFS_DEBUG 142 help 143 Enabling this will dump the encryption and decryption keys 144 used to communicate on an encrypted share connection on the 145 console. This allows Wireshark to decrypt and dissect 146 encrypted network captures. Enable this carefully. 147 If unsure, say N. 148 149config CIFS_DFS_UPCALL 150 bool "DFS feature support" 151 depends on CIFS 152 help 153 Distributed File System (DFS) support is used to access shares 154 transparently in an enterprise name space, even if the share 155 moves to a different server. This feature also enables 156 an upcall mechanism for CIFS which contacts userspace helper 157 utilities to provide server name resolution (host names to 158 IP addresses) which is needed in order to reconnect to 159 servers if their addresses change or for implicit mounts of 160 DFS junction points. If unsure, say Y. 161 162config CIFS_SWN_UPCALL 163 bool "SWN feature support" 164 depends on CIFS 165 help 166 The Service Witness Protocol (SWN) is used to get notifications 167 from a highly available server of resource state changes. This 168 feature enables an upcall mechanism for CIFS which contacts a 169 userspace daemon to establish the DCE/RPC connection to retrieve 170 the cluster available interfaces and resource change notifications. 171 If unsure, say Y. 172 173config CIFS_NFSD_EXPORT 174 bool "Allow nfsd to export CIFS file system" 175 depends on CIFS && BROKEN 176 help 177 Allows NFS server to export a CIFS mounted share (nfsd over cifs) 178 179if CIFS 180 181config CIFS_SMB_DIRECT 182 bool "SMB Direct support" 183 depends on CIFS=m && INFINIBAND && INFINIBAND_ADDR_TRANS || CIFS=y && INFINIBAND=y && INFINIBAND_ADDR_TRANS=y 184 help 185 Enables SMB Direct support for SMB 3.0, 3.02 and 3.1.1. 186 SMB Direct allows transferring SMB packets over RDMA. If unsure, 187 say Y. 188 189config CIFS_FSCACHE 190 bool "Provide CIFS client caching support" 191 depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y 192 help 193 Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data 194 to be cached locally on disk through the general filesystem cache 195 manager. If unsure, say N. 196 197config CIFS_ROOT 198 bool "SMB root file system (Experimental)" 199 depends on CIFS=y && IP_PNP 200 help 201 Enables root file system support over SMB protocol. 202 203 Most people say N here. 204 205endif 206