blob: 2517dc2423869bc3107d1cdef8bd61a6d79e92de [file] [log] [blame]
Thomas Gleixnerec8f24b2019-05-19 13:07:45 +01001# SPDX-License-Identifier: GPL-2.0-only
Alexey Dobriyanbb26b962008-10-18 20:28:49 -07002config CIFS
Steve French2a38e122017-07-08 18:48:15 -05003 tristate "SMB3 and CIFS support (advanced network filesystem)"
Alexey Dobriyanbb26b962008-10-18 20:28:49 -07004 depends on INET
David Howells69c3c022023-10-06 18:16:15 +01005 select NETFS_SUPPORT
Alexey Dobriyanbb26b962008-10-18 20:28:49 -07006 select NLS
Dr. David Alan Gilbertde5484522023-08-17 01:22:31 +01007 select NLS_UCS2_UTILS
Shirish Pargaonkard2b91522010-10-21 14:25:08 -05008 select CRYPTO
9 select CRYPTO_MD5
Benjamin Gilbert5b454a62017-10-19 13:09:29 -070010 select CRYPTO_SHA256
Stefan Metzmacher58901842018-09-07 18:24:17 +020011 select CRYPTO_SHA512
Benjamin Gilbert5b454a62017-10-19 13:09:29 -070012 select CRYPTO_CMAC
Steve French362d3122010-11-14 03:34:30 +000013 select CRYPTO_HMAC
Benjamin Gilbert5b454a62017-10-19 13:09:29 -070014 select CRYPTO_AEAD2
15 select CRYPTO_CCM
Aurelien Aptel5fc36812019-06-14 21:46:35 +020016 select CRYPTO_GCM
Suresh Jayaraman5f0b23e2011-06-03 14:19:01 +053017 select CRYPTO_ECB
Benjamin Gilbert5b454a62017-10-19 13:09:29 -070018 select CRYPTO_AES
Steve Frenche7a1a2d2019-06-30 18:00:41 -050019 select KEYS
Shyam Prasad N4e456b32021-03-31 14:35:24 +000020 select DNS_RESOLVER
Hyunchul Lee0475c362021-06-08 23:53:14 +090021 select ASN1
22 select OID_REGISTRY
David Howellsd08089f62022-01-24 21:13:24 +000023 select NETFS_SUPPORT
Alexey Dobriyanbb26b962008-10-18 20:28:49 -070024 help
Steve Frenched2f1d92023-01-30 18:57:06 -060025 This is the client VFS module for the SMB3 family of network file
26 protocols (including the most recent, most secure dialect SMB3.1.1).
27 This module also includes support for earlier dialects such as
28 SMB2.1, SMB2 and even the old Common Internet File System (CIFS)
29 protocol. CIFS was the successor to the original network filesystem
30 protocol, Server Message Block (SMB ie SMB1), the native file sharing
31 mechanism for most early PC operating systems.
Steve French2a38e122017-07-08 18:48:15 -050032
Steve Frenched2f1d92023-01-30 18:57:06 -060033 The SMB3.1.1 protocol is supported by most modern operating systems
34 and NAS appliances (e.g. Samba, Windows 11, Windows Server 2022,
35 MacOS) and even in the cloud (e.g. Microsoft Azure) and also by the
36 Linux kernel server, ksmbd. Support for the older CIFS protocol was
37 included in Windows NT4, 2000 and XP (and later). Use of dialects
38 older than SMB2.1 is often discouraged on public networks.
Steve French0fdfef92018-06-28 19:30:23 -050039 This module also provides limited support for OS/2 and Windows ME
40 and similar very old servers.
Alexey Dobriyanbb26b962008-10-18 20:28:49 -070041
Steve Frenched2f1d92023-01-30 18:57:06 -060042 This module provides an advanced network file system client for
43 mounting to SMB3 (and CIFS) compliant servers. It includes support
44 for DFS (hierarchical name space), secure per-user session
45 establishment via Kerberos or NTLMv2, RDMA (smbdirect), advanced
46 security features, per-share encryption, packet-signing, snapshots,
47 directory leases, safe distributed caching (leases), multichannel,
48 Unicode and other internationalization improvements.
Steve French2a38e122017-07-08 18:48:15 -050049
50 In general, the default dialects, SMB3 and later, enable better
51 performance, security and features, than would be possible with CIFS.
Steve French2a38e122017-07-08 18:48:15 -050052
Steve Frenched2f1d92023-01-30 18:57:06 -060053 If you need to mount to Samba, Azure, ksmbd, Macs or Windows from this
54 machine, say Y.
Alexey Dobriyanbb26b962008-10-18 20:28:49 -070055
Alexey Dobriyanbb26b962008-10-18 20:28:49 -070056config CIFS_STATS2
57 bool "Extended statistics"
Steve Frenchfcabb892018-07-31 01:21:37 -050058 depends on CIFS
Steve French0d52df812021-06-08 16:43:41 -050059 default y
Alexey Dobriyanbb26b962008-10-18 20:28:49 -070060 help
61 Enabling this option will allow more detailed statistics on SMB
62 request timing to be displayed in /proc/fs/cifs/DebugData and also
63 allow optional logging of slow responses to dmesg (depending on the
Steve Frenche68f4a72020-12-11 23:31:16 -060064 value of /proc/fs/cifs/cifsFYI). See Documentation/admin-guide/cifs/usage.rst
65 for more details. These additional statistics may have a minor effect
66 on performance and memory utilization.
Alexey Dobriyanbb26b962008-10-18 20:28:49 -070067
Steve French0d52df812021-06-08 16:43:41 -050068 If unsure, say Y.
Alexey Dobriyanbb26b962008-10-18 20:28:49 -070069
Steve French74204512018-06-19 14:34:08 -050070config CIFS_ALLOW_INSECURE_LEGACY
71 bool "Support legacy servers which use less secure dialects"
72 depends on CIFS
73 default y
74 help
75 Modern dialects, SMB2.1 and later (including SMB3 and 3.1.1), have
76 additional security features, including protection against
77 man-in-the-middle attacks and stronger crypto hashes, so the use
78 of legacy dialects (SMB1/CIFS and SMB2.0) is discouraged.
79
80 Disabling this option prevents users from using vers=1.0 or vers=2.0
81 on mounts with cifs.ko
82
83 If unsure, say Y.
84
Alexey Dobriyanbb26b962008-10-18 20:28:49 -070085config CIFS_UPCALL
Wang Lei1a4240f2010-08-04 15:16:33 +010086 bool "Kerberos/SPNEGO advanced session setup"
Steve Frenche7a1a2d2019-06-30 18:00:41 -050087 depends on CIFS
Wang Lei1a4240f2010-08-04 15:16:33 +010088 help
89 Enables an upcall mechanism for CIFS which accesses userspace helper
90 utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets
91 which are needed to mount to certain secure servers (for which more
Steve French2a38e122017-07-08 18:48:15 -050092 secure Kerberos authentication is required). If unsure, say Y.
Alexey Dobriyanbb26b962008-10-18 20:28:49 -070093
94config CIFS_XATTR
Enrico Weigelt, metux IT consult50cfad72019-03-06 23:22:59 +010095 bool "CIFS extended attributes"
96 depends on CIFS
97 help
98 Extended attributes are name:value pairs associated with inodes by
99 the kernel or by users (see the attr(5) manual page for details).
100 CIFS maps the name of extended attributes beginning with the user
101 namespace prefix to SMB/CIFS EAs. EAs are stored on Windows
102 servers without the user namespace prefix, but their names are
103 seen by Linux cifs clients prefaced by the user namespace prefix.
104 The system namespace (used by some filesystems to store ACLs) is
105 not supported at this time.
Alexey Dobriyanbb26b962008-10-18 20:28:49 -0700106
Enrico Weigelt, metux IT consult50cfad72019-03-06 23:22:59 +0100107 If unsure, say Y.
Alexey Dobriyanbb26b962008-10-18 20:28:49 -0700108
109config CIFS_POSIX
Enrico Weigelt, metux IT consult50cfad72019-03-06 23:22:59 +0100110 bool "CIFS POSIX Extensions"
111 depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY && CIFS_XATTR
112 help
113 Enabling this option will cause the cifs client to attempt to
Steve Frenched2f1d92023-01-30 18:57:06 -0600114 negotiate a feature of the older cifs dialect with servers, such as
115 Samba 3.0.5 or later, that optionally can handle more POSIX like
116 (rather than Windows like) file behavior. It also enables support
117 for POSIX ACLs (getfacl and setfacl) to servers (such as Samba 3.10
118 and later) which can negotiate CIFS POSIX ACL support. This config
119 option is not needed when mounting with SMB3.1.1. If unsure, say N.
Alexey Dobriyanbb26b962008-10-18 20:28:49 -0700120
Joe Perches471b1f92012-12-05 12:42:58 -0800121config CIFS_DEBUG
122 bool "Enable CIFS debugging routines"
123 default y
124 depends on CIFS
125 help
Enrico Weigelt, metux IT consult50cfad72019-03-06 23:22:59 +0100126 Enabling this option adds helpful debugging messages to
127 the cifs code which increases the size of the cifs module.
128 If unsure, say Y.
129
Alexey Dobriyanbb26b962008-10-18 20:28:49 -0700130config CIFS_DEBUG2
131 bool "Enable additional CIFS debugging routines"
Joe Perches471b1f92012-12-05 12:42:58 -0800132 depends on CIFS_DEBUG
Alexey Dobriyanbb26b962008-10-18 20:28:49 -0700133 help
Enrico Weigelt, metux IT consult50cfad72019-03-06 23:22:59 +0100134 Enabling this option adds a few more debugging routines
135 to the cifs code which slightly increases the size of
136 the cifs module and can cause additional logging of debug
137 messages in some error paths, slowing performance. This
138 option can be turned off unless you are debugging
139 cifs problems. If unsure, say N.
Alexey Dobriyanbb26b962008-10-18 20:28:49 -0700140
Aurélien Apteld38de3c62017-05-24 16:13:25 +0200141config CIFS_DEBUG_DUMP_KEYS
142 bool "Dump encryption keys for offline decryption (Unsafe)"
Steve French2a38e122017-07-08 18:48:15 -0500143 depends on CIFS_DEBUG
Aurélien Apteld38de3c62017-05-24 16:13:25 +0200144 help
Enrico Weigelt, metux IT consult50cfad72019-03-06 23:22:59 +0100145 Enabling this will dump the encryption and decryption keys
146 used to communicate on an encrypted share connection on the
147 console. This allows Wireshark to decrypt and dissect
148 encrypted network captures. Enable this carefully.
149 If unsure, say N.
Aurélien Apteld38de3c62017-05-24 16:13:25 +0200150
Steve French10e70af2009-02-22 01:33:07 +0000151config CIFS_DFS_UPCALL
Enrico Weigelt, metux IT consult50cfad72019-03-06 23:22:59 +0100152 bool "DFS feature support"
Steve Frenche7a1a2d2019-06-30 18:00:41 -0500153 depends on CIFS
Enrico Weigelt, metux IT consult50cfad72019-03-06 23:22:59 +0100154 help
155 Distributed File System (DFS) support is used to access shares
156 transparently in an enterprise name space, even if the share
157 moves to a different server. This feature also enables
158 an upcall mechanism for CIFS which contacts userspace helper
159 utilities to provide server name resolution (host names to
160 IP addresses) which is needed in order to reconnect to
161 servers if their addresses change or for implicit mounts of
162 DFS junction points. If unsure, say Y.
Steve French10e70af2009-02-22 01:33:07 +0000163
Samuel Cabrero06f08da2020-11-30 19:02:49 +0100164config CIFS_SWN_UPCALL
165 bool "SWN feature support"
166 depends on CIFS
167 help
168 The Service Witness Protocol (SWN) is used to get notifications
169 from a highly available server of resource state changes. This
Steve Frenche68f4a72020-12-11 23:31:16 -0600170 feature enables an upcall mechanism for CIFS which contacts a
Samuel Cabrero06f08da2020-11-30 19:02:49 +0100171 userspace daemon to establish the DCE/RPC connection to retrieve
172 the cluster available interfaces and resource change notifications.
173 If unsure, say Y.
174
Shirish Pargaonkar25720872011-02-25 10:48:55 -0600175config CIFS_NFSD_EXPORT
Enrico Weigelt, metux IT consult50cfad72019-03-06 23:22:59 +0100176 bool "Allow nfsd to export CIFS file system"
177 depends on CIFS && BROKEN
178 help
179 Allows NFS server to export a CIFS mounted share (nfsd over cifs)
Steve French675f36f2011-02-24 17:58:00 +0000180
Steve French77e3f332023-01-30 19:32:52 -0600181if CIFS
182
Long Li2b6ed882017-11-07 01:54:54 -0700183config CIFS_SMB_DIRECT
Steve Frenche9630662019-07-15 21:59:41 -0500184 bool "SMB Direct support"
Arnd Bergmann533d1da2018-05-25 23:29:59 +0200185 depends on CIFS=m && INFINIBAND && INFINIBAND_ADDR_TRANS || CIFS=y && INFINIBAND=y && INFINIBAND_ADDR_TRANS=y
Long Li2b6ed882017-11-07 01:54:54 -0700186 help
Steve Frenche9630662019-07-15 21:59:41 -0500187 Enables SMB Direct support for SMB 3.0, 3.02 and 3.1.1.
Long Li2b6ed882017-11-07 01:54:54 -0700188 SMB Direct allows transferring SMB packets over RDMA. If unsure,
Steve French2bcb4fd2020-04-07 10:23:27 -0500189 say Y.
Long Li2b6ed882017-11-07 01:54:54 -0700190
Steve French1d4ab902012-10-01 12:48:03 -0500191config CIFS_FSCACHE
Enrico Weigelt, metux IT consult50cfad72019-03-06 23:22:59 +0100192 bool "Provide CIFS client caching support"
David Howells70431bf2020-11-17 15:56:59 +0000193 depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y
Enrico Weigelt, metux IT consult50cfad72019-03-06 23:22:59 +0100194 help
195 Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data
196 to be cached locally on disk through the general filesystem cache
197 manager. If unsure, say N.
Paulo Alcantara (SUSE)8eecd1c2019-07-16 19:04:50 -0300198
199config CIFS_ROOT
200 bool "SMB root file system (Experimental)"
201 depends on CIFS=y && IP_PNP
202 help
203 Enables root file system support over SMB protocol.
204
205 Most people say N here.
Steve French77e3f332023-01-30 19:32:52 -0600206
207endif