tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / fs / cifs / Kconfig
at v5.1 218 lines 8.9 kB view raw
1config CIFS 2 tristate "SMB3 and CIFS support (advanced network filesystem)" 3 depends on INET 4 select NLS 5 select CRYPTO 6 select CRYPTO_MD4 7 select CRYPTO_MD5 8 select CRYPTO_SHA256 9 select CRYPTO_SHA512 10 select CRYPTO_CMAC 11 select CRYPTO_HMAC 12 select CRYPTO_ARC4 13 select CRYPTO_AEAD2 14 select CRYPTO_CCM 15 select CRYPTO_ECB 16 select CRYPTO_AES 17 select CRYPTO_DES 18 help 19 This is the client VFS module for the SMB3 family of NAS protocols, 20 (including support for the most recent, most secure dialect SMB3.1.1) 21 as well as for earlier dialects such as SMB2.1, SMB2 and the older 22 Common Internet File System (CIFS) protocol. CIFS was the successor 23 to the original dialect, the Server Message Block (SMB) protocol, the 24 native file sharing mechanism for most early PC operating systems. 25 26 The SMB3 protocol is supported by most modern operating systems 27 and NAS appliances (e.g. Samba, Windows 10, Windows Server 2016, 28 MacOS) and even in the cloud (e.g. Microsoft Azure). 29 The older CIFS protocol was included in Windows NT4, 2000 and XP (and 30 later) as well by Samba (which provides excellent CIFS and SMB3 31 server support for Linux and many other operating systems). Use of 32 dialects older than SMB2.1 is often discouraged on public networks. 33 This module also provides limited support for OS/2 and Windows ME 34 and similar very old servers. 35 36 This module provides an advanced network file system client 37 for mounting to SMB3 (and CIFS) compliant servers. It includes 38 support for DFS (hierarchical name space), secure per-user 39 session establishment via Kerberos or NTLM or NTLMv2, RDMA 40 (smbdirect), advanced security features, per-share encryption, 41 directory leases, safe distributed caching (oplock), optional packet 42 signing, Unicode and other internationalization improvements. 43 44 In general, the default dialects, SMB3 and later, enable better 45 performance, security and features, than would be possible with CIFS. 46 Note that when mounting to Samba, due to the CIFS POSIX extensions, 47 CIFS mounts can provide slightly better POSIX compatibility 48 than SMB3 mounts. SMB2/SMB3 mount options are also 49 slightly simpler (compared to CIFS) due to protocol improvements. 50 51 If you need to mount to Samba, Azure, Macs or Windows from this machine, say Y. 52 53config CIFS_STATS2 54 bool "Extended statistics" 55 depends on CIFS 56 help 57 Enabling this option will allow more detailed statistics on SMB 58 request timing to be displayed in /proc/fs/cifs/DebugData and also 59 allow optional logging of slow responses to dmesg (depending on the 60 value of /proc/fs/cifs/cifsFYI, see fs/cifs/README for more details). 61 These additional statistics may have a minor effect on performance 62 and memory utilization. 63 64 Unless you are a developer or are doing network performance analysis 65 or tuning, say N. 66 67config CIFS_ALLOW_INSECURE_LEGACY 68 bool "Support legacy servers which use less secure dialects" 69 depends on CIFS 70 default y 71 help 72 Modern dialects, SMB2.1 and later (including SMB3 and 3.1.1), have 73 additional security features, including protection against 74 man-in-the-middle attacks and stronger crypto hashes, so the use 75 of legacy dialects (SMB1/CIFS and SMB2.0) is discouraged. 76 77 Disabling this option prevents users from using vers=1.0 or vers=2.0 78 on mounts with cifs.ko 79 80 If unsure, say Y. 81 82config CIFS_WEAK_PW_HASH 83 bool "Support legacy servers which use weaker LANMAN security" 84 depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY 85 help 86 Modern CIFS servers including Samba and most Windows versions 87 (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos) 88 security mechanisms. These hash the password more securely 89 than the mechanisms used in the older LANMAN version of the 90 SMB protocol but LANMAN based authentication is needed to 91 establish sessions with some old SMB servers. 92 93 Enabling this option allows the cifs module to mount to older 94 LANMAN based servers such as OS/2 and Windows 95, but such 95 mounts may be less secure than mounts using NTLM or more recent 96 security mechanisms if you are on a public network. Unless you 97 have a need to access old SMB servers (and are on a private 98 network) you probably want to say N. Even if this support 99 is enabled in the kernel build, LANMAN authentication will not be 100 used automatically. At runtime LANMAN mounts are disabled but 101 can be set to required (or optional) either in 102 /proc/fs/cifs (see fs/cifs/README for more detail) or via an 103 option on the mount command. This support is disabled by 104 default in order to reduce the possibility of a downgrade 105 attack. 106 107 If unsure, say N. 108 109config CIFS_UPCALL 110 bool "Kerberos/SPNEGO advanced session setup" 111 depends on CIFS && KEYS 112 select DNS_RESOLVER 113 help 114 Enables an upcall mechanism for CIFS which accesses userspace helper 115 utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets 116 which are needed to mount to certain secure servers (for which more 117 secure Kerberos authentication is required). If unsure, say Y. 118 119config CIFS_XATTR 120 bool "CIFS extended attributes" 121 depends on CIFS 122 help 123 Extended attributes are name:value pairs associated with inodes by 124 the kernel or by users (see the attr(5) manual page for details). 125 CIFS maps the name of extended attributes beginning with the user 126 namespace prefix to SMB/CIFS EAs. EAs are stored on Windows 127 servers without the user namespace prefix, but their names are 128 seen by Linux cifs clients prefaced by the user namespace prefix. 129 The system namespace (used by some filesystems to store ACLs) is 130 not supported at this time. 131 132 If unsure, say Y. 133 134config CIFS_POSIX 135 bool "CIFS POSIX Extensions" 136 depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY && CIFS_XATTR 137 help 138 Enabling this option will cause the cifs client to attempt to 139 negotiate a newer dialect with servers, such as Samba 3.0.5 140 or later, that optionally can handle more POSIX like (rather 141 than Windows like) file behavior. It also enables 142 support for POSIX ACLs (getfacl and setfacl) to servers 143 (such as Samba 3.10 and later) which can negotiate 144 CIFS POSIX ACL support. If unsure, say N. 145 146config CIFS_ACL 147 bool "Provide CIFS ACL support" 148 depends on CIFS_XATTR && KEYS 149 help 150 Allows fetching CIFS/NTFS ACL from the server. The DACL blob 151 is handed over to the application/caller. See the man 152 page for getcifsacl for more information. If unsure, say Y. 153 154config CIFS_DEBUG 155 bool "Enable CIFS debugging routines" 156 default y 157 depends on CIFS 158 help 159 Enabling this option adds helpful debugging messages to 160 the cifs code which increases the size of the cifs module. 161 If unsure, say Y. 162 163config CIFS_DEBUG2 164 bool "Enable additional CIFS debugging routines" 165 depends on CIFS_DEBUG 166 help 167 Enabling this option adds a few more debugging routines 168 to the cifs code which slightly increases the size of 169 the cifs module and can cause additional logging of debug 170 messages in some error paths, slowing performance. This 171 option can be turned off unless you are debugging 172 cifs problems. If unsure, say N. 173 174config CIFS_DEBUG_DUMP_KEYS 175 bool "Dump encryption keys for offline decryption (Unsafe)" 176 depends on CIFS_DEBUG 177 help 178 Enabling this will dump the encryption and decryption keys 179 used to communicate on an encrypted share connection on the 180 console. This allows Wireshark to decrypt and dissect 181 encrypted network captures. Enable this carefully. 182 If unsure, say N. 183 184config CIFS_DFS_UPCALL 185 bool "DFS feature support" 186 depends on CIFS && KEYS 187 select DNS_RESOLVER 188 help 189 Distributed File System (DFS) support is used to access shares 190 transparently in an enterprise name space, even if the share 191 moves to a different server. This feature also enables 192 an upcall mechanism for CIFS which contacts userspace helper 193 utilities to provide server name resolution (host names to 194 IP addresses) which is needed in order to reconnect to 195 servers if their addresses change or for implicit mounts of 196 DFS junction points. If unsure, say Y. 197 198config CIFS_NFSD_EXPORT 199 bool "Allow nfsd to export CIFS file system" 200 depends on CIFS && BROKEN 201 help 202 Allows NFS server to export a CIFS mounted share (nfsd over cifs) 203 204config CIFS_SMB_DIRECT 205 bool "SMB Direct support (Experimental)" 206 depends on CIFS=m && INFINIBAND && INFINIBAND_ADDR_TRANS || CIFS=y && INFINIBAND=y && INFINIBAND_ADDR_TRANS=y 207 help 208 Enables SMB Direct experimental support for SMB 3.0, 3.02 and 3.1.1. 209 SMB Direct allows transferring SMB packets over RDMA. If unsure, 210 say N. 211 212config CIFS_FSCACHE 213 bool "Provide CIFS client caching support" 214 depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y 215 help 216 Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data 217 to be cached locally on disk through the general filesystem cache 218 manager. If unsure, say N.