Thomas Gleixner | ec8f24b | 2019-05-19 13:07:45 +0100 | [diff] [blame] | 1 | # SPDX-License-Identifier: GPL-2.0-only |
Alexey Dobriyan | bb26b96 | 2008-10-18 20:28:49 -0700 | [diff] [blame] | 2 | config CIFS |
Steve French | 2a38e12 | 2017-07-08 18:48:15 -0500 | [diff] [blame] | 3 | tristate "SMB3 and CIFS support (advanced network filesystem)" |
Alexey Dobriyan | bb26b96 | 2008-10-18 20:28:49 -0700 | [diff] [blame] | 4 | depends on INET |
David Howells | 69c3c02 | 2023-10-06 18:16:15 +0100 | [diff] [blame] | 5 | select NETFS_SUPPORT |
Alexey Dobriyan | bb26b96 | 2008-10-18 20:28:49 -0700 | [diff] [blame] | 6 | select NLS |
Dr. David Alan Gilbert | de548452 | 2023-08-17 01:22:31 +0100 | [diff] [blame] | 7 | select NLS_UCS2_UTILS |
Shirish Pargaonkar | d2b9152 | 2010-10-21 14:25:08 -0500 | [diff] [blame] | 8 | select CRYPTO |
| 9 | select CRYPTO_MD5 |
Benjamin Gilbert | 5b454a6 | 2017-10-19 13:09:29 -0700 | [diff] [blame] | 10 | select CRYPTO_SHA256 |
Stefan Metzmacher | 5890184 | 2018-09-07 18:24:17 +0200 | [diff] [blame] | 11 | select CRYPTO_SHA512 |
Benjamin Gilbert | 5b454a6 | 2017-10-19 13:09:29 -0700 | [diff] [blame] | 12 | select CRYPTO_CMAC |
Steve French | 362d312 | 2010-11-14 03:34:30 +0000 | [diff] [blame] | 13 | select CRYPTO_HMAC |
Benjamin Gilbert | 5b454a6 | 2017-10-19 13:09:29 -0700 | [diff] [blame] | 14 | select CRYPTO_AEAD2 |
| 15 | select CRYPTO_CCM |
Aurelien Aptel | 5fc3681 | 2019-06-14 21:46:35 +0200 | [diff] [blame] | 16 | select CRYPTO_GCM |
Suresh Jayaraman | 5f0b23e | 2011-06-03 14:19:01 +0530 | [diff] [blame] | 17 | select CRYPTO_ECB |
Benjamin Gilbert | 5b454a6 | 2017-10-19 13:09:29 -0700 | [diff] [blame] | 18 | select CRYPTO_AES |
Steve French | e7a1a2d | 2019-06-30 18:00:41 -0500 | [diff] [blame] | 19 | select KEYS |
Shyam Prasad N | 4e456b3 | 2021-03-31 14:35:24 +0000 | [diff] [blame] | 20 | select DNS_RESOLVER |
Hyunchul Lee | 0475c36 | 2021-06-08 23:53:14 +0900 | [diff] [blame] | 21 | select ASN1 |
| 22 | select OID_REGISTRY |
David Howells | d08089f6 | 2022-01-24 21:13:24 +0000 | [diff] [blame] | 23 | select NETFS_SUPPORT |
Alexey Dobriyan | bb26b96 | 2008-10-18 20:28:49 -0700 | [diff] [blame] | 24 | help |
Steve French | ed2f1d9 | 2023-01-30 18:57:06 -0600 | [diff] [blame] | 25 | This is the client VFS module for the SMB3 family of network file |
| 26 | protocols (including the most recent, most secure dialect SMB3.1.1). |
| 27 | This module also includes support for earlier dialects such as |
| 28 | SMB2.1, SMB2 and even the old Common Internet File System (CIFS) |
| 29 | protocol. CIFS was the successor to the original network filesystem |
| 30 | protocol, Server Message Block (SMB ie SMB1), the native file sharing |
| 31 | mechanism for most early PC operating systems. |
Steve French | 2a38e12 | 2017-07-08 18:48:15 -0500 | [diff] [blame] | 32 | |
Steve French | ed2f1d9 | 2023-01-30 18:57:06 -0600 | [diff] [blame] | 33 | The SMB3.1.1 protocol is supported by most modern operating systems |
| 34 | and NAS appliances (e.g. Samba, Windows 11, Windows Server 2022, |
| 35 | MacOS) and even in the cloud (e.g. Microsoft Azure) and also by the |
| 36 | Linux kernel server, ksmbd. Support for the older CIFS protocol was |
| 37 | included in Windows NT4, 2000 and XP (and later). Use of dialects |
| 38 | older than SMB2.1 is often discouraged on public networks. |
Steve French | 0fdfef9 | 2018-06-28 19:30:23 -0500 | [diff] [blame] | 39 | This module also provides limited support for OS/2 and Windows ME |
| 40 | and similar very old servers. |
Alexey Dobriyan | bb26b96 | 2008-10-18 20:28:49 -0700 | [diff] [blame] | 41 | |
Steve French | ed2f1d9 | 2023-01-30 18:57:06 -0600 | [diff] [blame] | 42 | This module provides an advanced network file system client for |
| 43 | mounting to SMB3 (and CIFS) compliant servers. It includes support |
| 44 | for DFS (hierarchical name space), secure per-user session |
| 45 | establishment via Kerberos or NTLMv2, RDMA (smbdirect), advanced |
| 46 | security features, per-share encryption, packet-signing, snapshots, |
| 47 | directory leases, safe distributed caching (leases), multichannel, |
| 48 | Unicode and other internationalization improvements. |
Steve French | 2a38e12 | 2017-07-08 18:48:15 -0500 | [diff] [blame] | 49 | |
| 50 | In general, the default dialects, SMB3 and later, enable better |
| 51 | performance, security and features, than would be possible with CIFS. |
Steve French | 2a38e12 | 2017-07-08 18:48:15 -0500 | [diff] [blame] | 52 | |
Steve French | ed2f1d9 | 2023-01-30 18:57:06 -0600 | [diff] [blame] | 53 | If you need to mount to Samba, Azure, ksmbd, Macs or Windows from this |
| 54 | machine, say Y. |
Alexey Dobriyan | bb26b96 | 2008-10-18 20:28:49 -0700 | [diff] [blame] | 55 | |
Alexey Dobriyan | bb26b96 | 2008-10-18 20:28:49 -0700 | [diff] [blame] | 56 | config CIFS_STATS2 |
| 57 | bool "Extended statistics" |
Steve French | fcabb89 | 2018-07-31 01:21:37 -0500 | [diff] [blame] | 58 | depends on CIFS |
Steve French | 0d52df81 | 2021-06-08 16:43:41 -0500 | [diff] [blame] | 59 | default y |
Alexey Dobriyan | bb26b96 | 2008-10-18 20:28:49 -0700 | [diff] [blame] | 60 | help |
| 61 | Enabling this option will allow more detailed statistics on SMB |
| 62 | request timing to be displayed in /proc/fs/cifs/DebugData and also |
| 63 | allow optional logging of slow responses to dmesg (depending on the |
Steve French | e68f4a7 | 2020-12-11 23:31:16 -0600 | [diff] [blame] | 64 | value of /proc/fs/cifs/cifsFYI). See Documentation/admin-guide/cifs/usage.rst |
| 65 | for more details. These additional statistics may have a minor effect |
| 66 | on performance and memory utilization. |
Alexey Dobriyan | bb26b96 | 2008-10-18 20:28:49 -0700 | [diff] [blame] | 67 | |
Steve French | 0d52df81 | 2021-06-08 16:43:41 -0500 | [diff] [blame] | 68 | If unsure, say Y. |
Alexey Dobriyan | bb26b96 | 2008-10-18 20:28:49 -0700 | [diff] [blame] | 69 | |
Steve French | 7420451 | 2018-06-19 14:34:08 -0500 | [diff] [blame] | 70 | config CIFS_ALLOW_INSECURE_LEGACY |
| 71 | bool "Support legacy servers which use less secure dialects" |
| 72 | depends on CIFS |
| 73 | default y |
| 74 | help |
| 75 | Modern dialects, SMB2.1 and later (including SMB3 and 3.1.1), have |
| 76 | additional security features, including protection against |
| 77 | man-in-the-middle attacks and stronger crypto hashes, so the use |
| 78 | of legacy dialects (SMB1/CIFS and SMB2.0) is discouraged. |
| 79 | |
| 80 | Disabling this option prevents users from using vers=1.0 or vers=2.0 |
| 81 | on mounts with cifs.ko |
| 82 | |
| 83 | If unsure, say Y. |
| 84 | |
Alexey Dobriyan | bb26b96 | 2008-10-18 20:28:49 -0700 | [diff] [blame] | 85 | config CIFS_UPCALL |
Wang Lei | 1a4240f | 2010-08-04 15:16:33 +0100 | [diff] [blame] | 86 | bool "Kerberos/SPNEGO advanced session setup" |
Steve French | e7a1a2d | 2019-06-30 18:00:41 -0500 | [diff] [blame] | 87 | depends on CIFS |
Wang Lei | 1a4240f | 2010-08-04 15:16:33 +0100 | [diff] [blame] | 88 | help |
| 89 | Enables an upcall mechanism for CIFS which accesses userspace helper |
| 90 | utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets |
| 91 | which are needed to mount to certain secure servers (for which more |
Steve French | 2a38e12 | 2017-07-08 18:48:15 -0500 | [diff] [blame] | 92 | secure Kerberos authentication is required). If unsure, say Y. |
Alexey Dobriyan | bb26b96 | 2008-10-18 20:28:49 -0700 | [diff] [blame] | 93 | |
| 94 | config CIFS_XATTR |
Enrico Weigelt, metux IT consult | 50cfad7 | 2019-03-06 23:22:59 +0100 | [diff] [blame] | 95 | bool "CIFS extended attributes" |
| 96 | depends on CIFS |
| 97 | help |
| 98 | Extended attributes are name:value pairs associated with inodes by |
| 99 | the kernel or by users (see the attr(5) manual page for details). |
| 100 | CIFS maps the name of extended attributes beginning with the user |
| 101 | namespace prefix to SMB/CIFS EAs. EAs are stored on Windows |
| 102 | servers without the user namespace prefix, but their names are |
| 103 | seen by Linux cifs clients prefaced by the user namespace prefix. |
| 104 | The system namespace (used by some filesystems to store ACLs) is |
| 105 | not supported at this time. |
Alexey Dobriyan | bb26b96 | 2008-10-18 20:28:49 -0700 | [diff] [blame] | 106 | |
Enrico Weigelt, metux IT consult | 50cfad7 | 2019-03-06 23:22:59 +0100 | [diff] [blame] | 107 | If unsure, say Y. |
Alexey Dobriyan | bb26b96 | 2008-10-18 20:28:49 -0700 | [diff] [blame] | 108 | |
| 109 | config CIFS_POSIX |
Enrico Weigelt, metux IT consult | 50cfad7 | 2019-03-06 23:22:59 +0100 | [diff] [blame] | 110 | bool "CIFS POSIX Extensions" |
| 111 | depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY && CIFS_XATTR |
| 112 | help |
| 113 | Enabling this option will cause the cifs client to attempt to |
Steve French | ed2f1d9 | 2023-01-30 18:57:06 -0600 | [diff] [blame] | 114 | negotiate a feature of the older cifs dialect with servers, such as |
| 115 | Samba 3.0.5 or later, that optionally can handle more POSIX like |
| 116 | (rather than Windows like) file behavior. It also enables support |
| 117 | for POSIX ACLs (getfacl and setfacl) to servers (such as Samba 3.10 |
| 118 | and later) which can negotiate CIFS POSIX ACL support. This config |
| 119 | option is not needed when mounting with SMB3.1.1. If unsure, say N. |
Alexey Dobriyan | bb26b96 | 2008-10-18 20:28:49 -0700 | [diff] [blame] | 120 | |
Joe Perches | 471b1f9 | 2012-12-05 12:42:58 -0800 | [diff] [blame] | 121 | config CIFS_DEBUG |
| 122 | bool "Enable CIFS debugging routines" |
| 123 | default y |
| 124 | depends on CIFS |
| 125 | help |
Enrico Weigelt, metux IT consult | 50cfad7 | 2019-03-06 23:22:59 +0100 | [diff] [blame] | 126 | Enabling this option adds helpful debugging messages to |
| 127 | the cifs code which increases the size of the cifs module. |
| 128 | If unsure, say Y. |
| 129 | |
Alexey Dobriyan | bb26b96 | 2008-10-18 20:28:49 -0700 | [diff] [blame] | 130 | config CIFS_DEBUG2 |
| 131 | bool "Enable additional CIFS debugging routines" |
Joe Perches | 471b1f9 | 2012-12-05 12:42:58 -0800 | [diff] [blame] | 132 | depends on CIFS_DEBUG |
Alexey Dobriyan | bb26b96 | 2008-10-18 20:28:49 -0700 | [diff] [blame] | 133 | help |
Enrico Weigelt, metux IT consult | 50cfad7 | 2019-03-06 23:22:59 +0100 | [diff] [blame] | 134 | Enabling this option adds a few more debugging routines |
| 135 | to the cifs code which slightly increases the size of |
| 136 | the cifs module and can cause additional logging of debug |
| 137 | messages in some error paths, slowing performance. This |
| 138 | option can be turned off unless you are debugging |
| 139 | cifs problems. If unsure, say N. |
Alexey Dobriyan | bb26b96 | 2008-10-18 20:28:49 -0700 | [diff] [blame] | 140 | |
Aurélien Aptel | d38de3c6 | 2017-05-24 16:13:25 +0200 | [diff] [blame] | 141 | config CIFS_DEBUG_DUMP_KEYS |
| 142 | bool "Dump encryption keys for offline decryption (Unsafe)" |
Steve French | 2a38e12 | 2017-07-08 18:48:15 -0500 | [diff] [blame] | 143 | depends on CIFS_DEBUG |
Aurélien Aptel | d38de3c6 | 2017-05-24 16:13:25 +0200 | [diff] [blame] | 144 | help |
Enrico Weigelt, metux IT consult | 50cfad7 | 2019-03-06 23:22:59 +0100 | [diff] [blame] | 145 | Enabling this will dump the encryption and decryption keys |
| 146 | used to communicate on an encrypted share connection on the |
| 147 | console. This allows Wireshark to decrypt and dissect |
| 148 | encrypted network captures. Enable this carefully. |
| 149 | If unsure, say N. |
Aurélien Aptel | d38de3c6 | 2017-05-24 16:13:25 +0200 | [diff] [blame] | 150 | |
Steve French | 10e70af | 2009-02-22 01:33:07 +0000 | [diff] [blame] | 151 | config CIFS_DFS_UPCALL |
Enrico Weigelt, metux IT consult | 50cfad7 | 2019-03-06 23:22:59 +0100 | [diff] [blame] | 152 | bool "DFS feature support" |
Steve French | e7a1a2d | 2019-06-30 18:00:41 -0500 | [diff] [blame] | 153 | depends on CIFS |
Enrico Weigelt, metux IT consult | 50cfad7 | 2019-03-06 23:22:59 +0100 | [diff] [blame] | 154 | help |
| 155 | Distributed File System (DFS) support is used to access shares |
| 156 | transparently in an enterprise name space, even if the share |
| 157 | moves to a different server. This feature also enables |
| 158 | an upcall mechanism for CIFS which contacts userspace helper |
| 159 | utilities to provide server name resolution (host names to |
| 160 | IP addresses) which is needed in order to reconnect to |
| 161 | servers if their addresses change or for implicit mounts of |
| 162 | DFS junction points. If unsure, say Y. |
Steve French | 10e70af | 2009-02-22 01:33:07 +0000 | [diff] [blame] | 163 | |
Samuel Cabrero | 06f08da | 2020-11-30 19:02:49 +0100 | [diff] [blame] | 164 | config CIFS_SWN_UPCALL |
| 165 | bool "SWN feature support" |
| 166 | depends on CIFS |
| 167 | help |
| 168 | The Service Witness Protocol (SWN) is used to get notifications |
| 169 | from a highly available server of resource state changes. This |
Steve French | e68f4a7 | 2020-12-11 23:31:16 -0600 | [diff] [blame] | 170 | feature enables an upcall mechanism for CIFS which contacts a |
Samuel Cabrero | 06f08da | 2020-11-30 19:02:49 +0100 | [diff] [blame] | 171 | userspace daemon to establish the DCE/RPC connection to retrieve |
| 172 | the cluster available interfaces and resource change notifications. |
| 173 | If unsure, say Y. |
| 174 | |
Shirish Pargaonkar | 2572087 | 2011-02-25 10:48:55 -0600 | [diff] [blame] | 175 | config CIFS_NFSD_EXPORT |
Enrico Weigelt, metux IT consult | 50cfad7 | 2019-03-06 23:22:59 +0100 | [diff] [blame] | 176 | bool "Allow nfsd to export CIFS file system" |
| 177 | depends on CIFS && BROKEN |
| 178 | help |
| 179 | Allows NFS server to export a CIFS mounted share (nfsd over cifs) |
Steve French | 675f36f | 2011-02-24 17:58:00 +0000 | [diff] [blame] | 180 | |
Steve French | 77e3f33 | 2023-01-30 19:32:52 -0600 | [diff] [blame] | 181 | if CIFS |
| 182 | |
Long Li | 2b6ed88 | 2017-11-07 01:54:54 -0700 | [diff] [blame] | 183 | config CIFS_SMB_DIRECT |
Steve French | e963066 | 2019-07-15 21:59:41 -0500 | [diff] [blame] | 184 | bool "SMB Direct support" |
Arnd Bergmann | 533d1da | 2018-05-25 23:29:59 +0200 | [diff] [blame] | 185 | depends on CIFS=m && INFINIBAND && INFINIBAND_ADDR_TRANS || CIFS=y && INFINIBAND=y && INFINIBAND_ADDR_TRANS=y |
Long Li | 2b6ed88 | 2017-11-07 01:54:54 -0700 | [diff] [blame] | 186 | help |
Steve French | e963066 | 2019-07-15 21:59:41 -0500 | [diff] [blame] | 187 | Enables SMB Direct support for SMB 3.0, 3.02 and 3.1.1. |
Long Li | 2b6ed88 | 2017-11-07 01:54:54 -0700 | [diff] [blame] | 188 | SMB Direct allows transferring SMB packets over RDMA. If unsure, |
Steve French | 2bcb4fd | 2020-04-07 10:23:27 -0500 | [diff] [blame] | 189 | say Y. |
Long Li | 2b6ed88 | 2017-11-07 01:54:54 -0700 | [diff] [blame] | 190 | |
Steve French | 1d4ab90 | 2012-10-01 12:48:03 -0500 | [diff] [blame] | 191 | config CIFS_FSCACHE |
Enrico Weigelt, metux IT consult | 50cfad7 | 2019-03-06 23:22:59 +0100 | [diff] [blame] | 192 | bool "Provide CIFS client caching support" |
David Howells | 70431bf | 2020-11-17 15:56:59 +0000 | [diff] [blame] | 193 | depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y |
Enrico Weigelt, metux IT consult | 50cfad7 | 2019-03-06 23:22:59 +0100 | [diff] [blame] | 194 | help |
| 195 | Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data |
| 196 | to be cached locally on disk through the general filesystem cache |
| 197 | manager. If unsure, say N. |
Paulo Alcantara (SUSE) | 8eecd1c | 2019-07-16 19:04:50 -0300 | [diff] [blame] | 198 | |
| 199 | config CIFS_ROOT |
| 200 | bool "SMB root file system (Experimental)" |
| 201 | depends on CIFS=y && IP_PNP |
| 202 | help |
| 203 | Enables root file system support over SMB protocol. |
| 204 | |
| 205 | Most people say N here. |
Steve French | 77e3f33 | 2023-01-30 19:32:52 -0600 | [diff] [blame] | 206 | |
| 207 | endif |