OSCL-LXR

0001 # SPDX-License-Identifier: GPL-2.0-only
0002 config CIFS
0003         tristate "SMB3 and CIFS support (advanced network filesystem)"
0004         depends on INET
0005         select NLS
0006         select CRYPTO
0007         select CRYPTO_MD5
0008         select CRYPTO_SHA256
0009         select CRYPTO_SHA512
0010         select CRYPTO_CMAC
0011         select CRYPTO_HMAC
0012         select CRYPTO_AEAD2
0013         select CRYPTO_CCM
0014         select CRYPTO_GCM
0015         select CRYPTO_ECB
0016         select CRYPTO_AES
0017         select KEYS
0018         select DNS_RESOLVER
0019         select ASN1
0020         select OID_REGISTRY
0021         help
0022           This is the client VFS module for the SMB3 family of NAS protocols,
0023           (including support for the most recent, most secure dialect SMB3.1.1)
0024           as well as for earlier dialects such as SMB2.1, SMB2 and the older
0025           Common Internet File System (CIFS) protocol.  CIFS was the successor
0026           to the original dialect, the Server Message Block (SMB) protocol, the
0027           native file sharing mechanism for most early PC operating systems.
0028
0029           The SMB3 protocol is supported by most modern operating systems
0030           and NAS appliances (e.g. Samba, Windows 10, Windows Server 2016,
0031           MacOS) and even in the cloud (e.g. Microsoft Azure).
0032           The older CIFS protocol was included in Windows NT4, 2000 and XP (and
0033           later) as well by Samba (which provides excellent CIFS and SMB3
0034           server support for Linux and many other operating systems). Use of
0035           dialects older than SMB2.1 is often discouraged on public networks.
0036           This module also provides limited support for OS/2 and Windows ME
0037           and similar very old servers.
0038
0039           This module provides an advanced network file system client
0040           for mounting to SMB3 (and CIFS) compliant servers.  It includes
0041           support for DFS (hierarchical name space), secure per-user
0042           session establishment via Kerberos or NTLM or NTLMv2, RDMA
0043           (smbdirect), advanced security features, per-share encryption,
0044           directory leases, safe distributed caching (oplock), optional packet
0045           signing, Unicode and other internationalization improvements.
0046
0047           In general, the default dialects, SMB3 and later, enable better
0048           performance, security and features, than would be possible with CIFS.
0049           Note that when mounting to Samba, due to the CIFS POSIX extensions,
0050           CIFS mounts can provide slightly better POSIX compatibility
0051           than SMB3 mounts. SMB2/SMB3 mount options are also
0052           slightly simpler (compared to CIFS) due to protocol improvements.
0053
0054           If you need to mount to Samba, Azure, Macs or Windows from this machine, say Y.
0055
0056 config CIFS_STATS2
0057         bool "Extended statistics"
0058         depends on CIFS
0059         default y
0060         help
0061           Enabling this option will allow more detailed statistics on SMB
0062           request timing to be displayed in /proc/fs/cifs/DebugData and also
0063           allow optional logging of slow responses to dmesg (depending on the
0064           value of /proc/fs/cifs/cifsFYI). See Documentation/admin-guide/cifs/usage.rst
0065           for more details. These additional statistics may have a minor effect
0066           on performance and memory utilization.
0067
0068           If unsure, say Y.
0069
0070 config CIFS_ALLOW_INSECURE_LEGACY
0071         bool "Support legacy servers which use less secure dialects"
0072         depends on CIFS
0073         default y
0074         help
0075           Modern dialects, SMB2.1 and later (including SMB3 and 3.1.1), have
0076           additional security features, including protection against
0077           man-in-the-middle attacks and stronger crypto hashes, so the use
0078           of legacy dialects (SMB1/CIFS and SMB2.0) is discouraged.
0079
0080           Disabling this option prevents users from using vers=1.0 or vers=2.0
0081           on mounts with cifs.ko
0082
0083           If unsure, say Y.
0084
0085 config CIFS_UPCALL
0086         bool "Kerberos/SPNEGO advanced session setup"
0087         depends on CIFS
0088         help
0089           Enables an upcall mechanism for CIFS which accesses userspace helper
0090           utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets
0091           which are needed to mount to certain secure servers (for which more
0092           secure Kerberos authentication is required). If unsure, say Y.
0093
0094 config CIFS_XATTR
0095         bool "CIFS extended attributes"
0096         depends on CIFS
0097         help
0098           Extended attributes are name:value pairs associated with inodes by
0099           the kernel or by users (see the attr(5) manual page for details).
0100           CIFS maps the name of extended attributes beginning with the user
0101           namespace prefix to SMB/CIFS EAs.  EAs are stored on Windows
0102           servers without the user namespace prefix, but their names are
0103           seen by Linux cifs clients prefaced by the user namespace prefix.
0104           The system namespace (used by some filesystems to store ACLs) is
0105           not supported at this time.
0106
0107           If unsure, say Y.
0108
0109 config CIFS_POSIX
0110         bool "CIFS POSIX Extensions"
0111         depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY && CIFS_XATTR
0112         help
0113           Enabling this option will cause the cifs client to attempt to
0114           negotiate a newer dialect with servers, such as Samba 3.0.5
0115           or later, that optionally can handle more POSIX like (rather
0116           than Windows like) file behavior.  It also enables
0117           support for POSIX ACLs (getfacl and setfacl) to servers
0118           (such as Samba 3.10 and later) which can negotiate
0119           CIFS POSIX ACL support.  If unsure, say N.
0120
0121 config CIFS_DEBUG
0122         bool "Enable CIFS debugging routines"
0123         default y
0124         depends on CIFS
0125         help
0126           Enabling this option adds helpful debugging messages to
0127           the cifs code which increases the size of the cifs module.
0128           If unsure, say Y.
0129
0130 config CIFS_DEBUG2
0131         bool "Enable additional CIFS debugging routines"
0132         depends on CIFS_DEBUG
0133         help
0134           Enabling this option adds a few more debugging routines
0135           to the cifs code which slightly increases the size of
0136           the cifs module and can cause additional logging of debug
0137           messages in some error paths, slowing performance. This
0138           option can be turned off unless you are debugging
0139           cifs problems.  If unsure, say N.
0140
0141 config CIFS_DEBUG_DUMP_KEYS
0142         bool "Dump encryption keys for offline decryption (Unsafe)"
0143         depends on CIFS_DEBUG
0144         help
0145           Enabling this will dump the encryption and decryption keys
0146           used to communicate on an encrypted share connection on the
0147           console. This allows Wireshark to decrypt and dissect
0148           encrypted network captures. Enable this carefully.
0149           If unsure, say N.
0150
0151 config CIFS_DFS_UPCALL
0152         bool "DFS feature support"
0153         depends on CIFS
0154         help
0155           Distributed File System (DFS) support is used to access shares
0156           transparently in an enterprise name space, even if the share
0157           moves to a different server.  This feature also enables
0158           an upcall mechanism for CIFS which contacts userspace helper
0159           utilities to provide server name resolution (host names to
0160           IP addresses) which is needed in order to reconnect to
0161           servers if their addresses change or for implicit mounts of
0162           DFS junction points. If unsure, say Y.
0163
0164 config CIFS_SWN_UPCALL
0165         bool "SWN feature support"
0166         depends on CIFS
0167         help
0168           The Service Witness Protocol (SWN) is used to get notifications
0169           from a highly available server of resource state changes. This
0170           feature enables an upcall mechanism for CIFS which contacts a
0171           userspace daemon to establish the DCE/RPC connection to retrieve
0172           the cluster available interfaces and resource change notifications.
0173           If unsure, say Y.
0174
0175 config CIFS_NFSD_EXPORT
0176         bool "Allow nfsd to export CIFS file system"
0177         depends on CIFS && BROKEN
0178         help
0179           Allows NFS server to export a CIFS mounted share (nfsd over cifs)
0180
0181 config CIFS_SMB_DIRECT
0182         bool "SMB Direct support"
0183         depends on CIFS=m && INFINIBAND && INFINIBAND_ADDR_TRANS || CIFS=y && INFINIBAND=y && INFINIBAND_ADDR_TRANS=y
0184         help
0185           Enables SMB Direct support for SMB 3.0, 3.02 and 3.1.1.
0186           SMB Direct allows transferring SMB packets over RDMA. If unsure,
0187           say Y.
0188
0189 config CIFS_FSCACHE
0190         bool "Provide CIFS client caching support"
0191         depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y
0192         help
0193           Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data
0194           to be cached locally on disk through the general filesystem cache
0195           manager. If unsure, say N.
0196
0197 config CIFS_ROOT
0198         bool "SMB root file system (Experimental)"
0199         depends on CIFS=y && IP_PNP
0200         help
0201           Enables root file system support over SMB protocol.
0202
0203           Most people say N here.