18c2ecf20Sopenharmony_ci# SPDX-License-Identifier: GPL-2.0-only 28c2ecf20Sopenharmony_ciconfig CIFS 38c2ecf20Sopenharmony_ci tristate "SMB3 and CIFS support (advanced network filesystem)" 48c2ecf20Sopenharmony_ci depends on INET 58c2ecf20Sopenharmony_ci select NLS 68c2ecf20Sopenharmony_ci select CRYPTO 78c2ecf20Sopenharmony_ci select CRYPTO_MD4 88c2ecf20Sopenharmony_ci select CRYPTO_MD5 98c2ecf20Sopenharmony_ci select CRYPTO_SHA256 108c2ecf20Sopenharmony_ci select CRYPTO_SHA512 118c2ecf20Sopenharmony_ci select CRYPTO_CMAC 128c2ecf20Sopenharmony_ci select CRYPTO_HMAC 138c2ecf20Sopenharmony_ci select CRYPTO_LIB_ARC4 148c2ecf20Sopenharmony_ci select CRYPTO_AEAD2 158c2ecf20Sopenharmony_ci select CRYPTO_CCM 168c2ecf20Sopenharmony_ci select CRYPTO_GCM 178c2ecf20Sopenharmony_ci select CRYPTO_ECB 188c2ecf20Sopenharmony_ci select CRYPTO_AES 198c2ecf20Sopenharmony_ci select CRYPTO_LIB_DES 208c2ecf20Sopenharmony_ci select KEYS 218c2ecf20Sopenharmony_ci help 228c2ecf20Sopenharmony_ci This is the client VFS module for the SMB3 family of NAS protocols, 238c2ecf20Sopenharmony_ci (including support for the most recent, most secure dialect SMB3.1.1) 248c2ecf20Sopenharmony_ci as well as for earlier dialects such as SMB2.1, SMB2 and the older 258c2ecf20Sopenharmony_ci Common Internet File System (CIFS) protocol. CIFS was the successor 268c2ecf20Sopenharmony_ci to the original dialect, the Server Message Block (SMB) protocol, the 278c2ecf20Sopenharmony_ci native file sharing mechanism for most early PC operating systems. 288c2ecf20Sopenharmony_ci 298c2ecf20Sopenharmony_ci The SMB3 protocol is supported by most modern operating systems 308c2ecf20Sopenharmony_ci and NAS appliances (e.g. Samba, Windows 10, Windows Server 2016, 318c2ecf20Sopenharmony_ci MacOS) and even in the cloud (e.g. Microsoft Azure). 328c2ecf20Sopenharmony_ci The older CIFS protocol was included in Windows NT4, 2000 and XP (and 338c2ecf20Sopenharmony_ci later) as well by Samba (which provides excellent CIFS and SMB3 348c2ecf20Sopenharmony_ci server support for Linux and many other operating systems). Use of 358c2ecf20Sopenharmony_ci dialects older than SMB2.1 is often discouraged on public networks. 368c2ecf20Sopenharmony_ci This module also provides limited support for OS/2 and Windows ME 378c2ecf20Sopenharmony_ci and similar very old servers. 388c2ecf20Sopenharmony_ci 398c2ecf20Sopenharmony_ci This module provides an advanced network file system client 408c2ecf20Sopenharmony_ci for mounting to SMB3 (and CIFS) compliant servers. It includes 418c2ecf20Sopenharmony_ci support for DFS (hierarchical name space), secure per-user 428c2ecf20Sopenharmony_ci session establishment via Kerberos or NTLM or NTLMv2, RDMA 438c2ecf20Sopenharmony_ci (smbdirect), advanced security features, per-share encryption, 448c2ecf20Sopenharmony_ci directory leases, safe distributed caching (oplock), optional packet 458c2ecf20Sopenharmony_ci signing, Unicode and other internationalization improvements. 468c2ecf20Sopenharmony_ci 478c2ecf20Sopenharmony_ci In general, the default dialects, SMB3 and later, enable better 488c2ecf20Sopenharmony_ci performance, security and features, than would be possible with CIFS. 498c2ecf20Sopenharmony_ci Note that when mounting to Samba, due to the CIFS POSIX extensions, 508c2ecf20Sopenharmony_ci CIFS mounts can provide slightly better POSIX compatibility 518c2ecf20Sopenharmony_ci than SMB3 mounts. SMB2/SMB3 mount options are also 528c2ecf20Sopenharmony_ci slightly simpler (compared to CIFS) due to protocol improvements. 538c2ecf20Sopenharmony_ci 548c2ecf20Sopenharmony_ci If you need to mount to Samba, Azure, Macs or Windows from this machine, say Y. 558c2ecf20Sopenharmony_ci 568c2ecf20Sopenharmony_ciconfig CIFS_STATS2 578c2ecf20Sopenharmony_ci bool "Extended statistics" 588c2ecf20Sopenharmony_ci depends on CIFS 598c2ecf20Sopenharmony_ci help 608c2ecf20Sopenharmony_ci Enabling this option will allow more detailed statistics on SMB 618c2ecf20Sopenharmony_ci request timing to be displayed in /proc/fs/cifs/DebugData and also 628c2ecf20Sopenharmony_ci allow optional logging of slow responses to dmesg (depending on the 638c2ecf20Sopenharmony_ci value of /proc/fs/cifs/cifsFYI, see fs/cifs/README for more details). 648c2ecf20Sopenharmony_ci These additional statistics may have a minor effect on performance 658c2ecf20Sopenharmony_ci and memory utilization. 668c2ecf20Sopenharmony_ci 678c2ecf20Sopenharmony_ci Unless you are a developer or are doing network performance analysis 688c2ecf20Sopenharmony_ci or tuning, say N. 698c2ecf20Sopenharmony_ci 708c2ecf20Sopenharmony_ciconfig CIFS_ALLOW_INSECURE_LEGACY 718c2ecf20Sopenharmony_ci bool "Support legacy servers which use less secure dialects" 728c2ecf20Sopenharmony_ci depends on CIFS 738c2ecf20Sopenharmony_ci default y 748c2ecf20Sopenharmony_ci help 758c2ecf20Sopenharmony_ci Modern dialects, SMB2.1 and later (including SMB3 and 3.1.1), have 768c2ecf20Sopenharmony_ci additional security features, including protection against 778c2ecf20Sopenharmony_ci man-in-the-middle attacks and stronger crypto hashes, so the use 788c2ecf20Sopenharmony_ci of legacy dialects (SMB1/CIFS and SMB2.0) is discouraged. 798c2ecf20Sopenharmony_ci 808c2ecf20Sopenharmony_ci Disabling this option prevents users from using vers=1.0 or vers=2.0 818c2ecf20Sopenharmony_ci on mounts with cifs.ko 828c2ecf20Sopenharmony_ci 838c2ecf20Sopenharmony_ci If unsure, say Y. 848c2ecf20Sopenharmony_ci 858c2ecf20Sopenharmony_ciconfig CIFS_WEAK_PW_HASH 868c2ecf20Sopenharmony_ci bool "Support legacy servers which use weaker LANMAN security" 878c2ecf20Sopenharmony_ci depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY 888c2ecf20Sopenharmony_ci help 898c2ecf20Sopenharmony_ci Modern CIFS servers including Samba and most Windows versions 908c2ecf20Sopenharmony_ci (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos) 918c2ecf20Sopenharmony_ci security mechanisms. These hash the password more securely 928c2ecf20Sopenharmony_ci than the mechanisms used in the older LANMAN version of the 938c2ecf20Sopenharmony_ci SMB protocol but LANMAN based authentication is needed to 948c2ecf20Sopenharmony_ci establish sessions with some old SMB servers. 958c2ecf20Sopenharmony_ci 968c2ecf20Sopenharmony_ci Enabling this option allows the cifs module to mount to older 978c2ecf20Sopenharmony_ci LANMAN based servers such as OS/2 and Windows 95, but such 988c2ecf20Sopenharmony_ci mounts may be less secure than mounts using NTLM or more recent 998c2ecf20Sopenharmony_ci security mechanisms if you are on a public network. Unless you 1008c2ecf20Sopenharmony_ci have a need to access old SMB servers (and are on a private 1018c2ecf20Sopenharmony_ci network) you probably want to say N. Even if this support 1028c2ecf20Sopenharmony_ci is enabled in the kernel build, LANMAN authentication will not be 1038c2ecf20Sopenharmony_ci used automatically. At runtime LANMAN mounts are disabled but 1048c2ecf20Sopenharmony_ci can be set to required (or optional) either in 1058c2ecf20Sopenharmony_ci /proc/fs/cifs (see fs/cifs/README for more detail) or via an 1068c2ecf20Sopenharmony_ci option on the mount command. This support is disabled by 1078c2ecf20Sopenharmony_ci default in order to reduce the possibility of a downgrade 1088c2ecf20Sopenharmony_ci attack. 1098c2ecf20Sopenharmony_ci 1108c2ecf20Sopenharmony_ci If unsure, say N. 1118c2ecf20Sopenharmony_ci 1128c2ecf20Sopenharmony_ciconfig CIFS_UPCALL 1138c2ecf20Sopenharmony_ci bool "Kerberos/SPNEGO advanced session setup" 1148c2ecf20Sopenharmony_ci depends on CIFS 1158c2ecf20Sopenharmony_ci select DNS_RESOLVER 1168c2ecf20Sopenharmony_ci help 1178c2ecf20Sopenharmony_ci Enables an upcall mechanism for CIFS which accesses userspace helper 1188c2ecf20Sopenharmony_ci utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets 1198c2ecf20Sopenharmony_ci which are needed to mount to certain secure servers (for which more 1208c2ecf20Sopenharmony_ci secure Kerberos authentication is required). If unsure, say Y. 1218c2ecf20Sopenharmony_ci 1228c2ecf20Sopenharmony_ciconfig CIFS_XATTR 1238c2ecf20Sopenharmony_ci bool "CIFS extended attributes" 1248c2ecf20Sopenharmony_ci depends on CIFS 1258c2ecf20Sopenharmony_ci help 1268c2ecf20Sopenharmony_ci Extended attributes are name:value pairs associated with inodes by 1278c2ecf20Sopenharmony_ci the kernel or by users (see the attr(5) manual page for details). 1288c2ecf20Sopenharmony_ci CIFS maps the name of extended attributes beginning with the user 1298c2ecf20Sopenharmony_ci namespace prefix to SMB/CIFS EAs. EAs are stored on Windows 1308c2ecf20Sopenharmony_ci servers without the user namespace prefix, but their names are 1318c2ecf20Sopenharmony_ci seen by Linux cifs clients prefaced by the user namespace prefix. 1328c2ecf20Sopenharmony_ci The system namespace (used by some filesystems to store ACLs) is 1338c2ecf20Sopenharmony_ci not supported at this time. 1348c2ecf20Sopenharmony_ci 1358c2ecf20Sopenharmony_ci If unsure, say Y. 1368c2ecf20Sopenharmony_ci 1378c2ecf20Sopenharmony_ciconfig CIFS_POSIX 1388c2ecf20Sopenharmony_ci bool "CIFS POSIX Extensions" 1398c2ecf20Sopenharmony_ci depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY && CIFS_XATTR 1408c2ecf20Sopenharmony_ci help 1418c2ecf20Sopenharmony_ci Enabling this option will cause the cifs client to attempt to 1428c2ecf20Sopenharmony_ci negotiate a newer dialect with servers, such as Samba 3.0.5 1438c2ecf20Sopenharmony_ci or later, that optionally can handle more POSIX like (rather 1448c2ecf20Sopenharmony_ci than Windows like) file behavior. It also enables 1458c2ecf20Sopenharmony_ci support for POSIX ACLs (getfacl and setfacl) to servers 1468c2ecf20Sopenharmony_ci (such as Samba 3.10 and later) which can negotiate 1478c2ecf20Sopenharmony_ci CIFS POSIX ACL support. If unsure, say N. 1488c2ecf20Sopenharmony_ci 1498c2ecf20Sopenharmony_ciconfig CIFS_DEBUG 1508c2ecf20Sopenharmony_ci bool "Enable CIFS debugging routines" 1518c2ecf20Sopenharmony_ci default y 1528c2ecf20Sopenharmony_ci depends on CIFS 1538c2ecf20Sopenharmony_ci help 1548c2ecf20Sopenharmony_ci Enabling this option adds helpful debugging messages to 1558c2ecf20Sopenharmony_ci the cifs code which increases the size of the cifs module. 1568c2ecf20Sopenharmony_ci If unsure, say Y. 1578c2ecf20Sopenharmony_ci 1588c2ecf20Sopenharmony_ciconfig CIFS_DEBUG2 1598c2ecf20Sopenharmony_ci bool "Enable additional CIFS debugging routines" 1608c2ecf20Sopenharmony_ci depends on CIFS_DEBUG 1618c2ecf20Sopenharmony_ci help 1628c2ecf20Sopenharmony_ci Enabling this option adds a few more debugging routines 1638c2ecf20Sopenharmony_ci to the cifs code which slightly increases the size of 1648c2ecf20Sopenharmony_ci the cifs module and can cause additional logging of debug 1658c2ecf20Sopenharmony_ci messages in some error paths, slowing performance. This 1668c2ecf20Sopenharmony_ci option can be turned off unless you are debugging 1678c2ecf20Sopenharmony_ci cifs problems. If unsure, say N. 1688c2ecf20Sopenharmony_ci 1698c2ecf20Sopenharmony_ciconfig CIFS_DEBUG_DUMP_KEYS 1708c2ecf20Sopenharmony_ci bool "Dump encryption keys for offline decryption (Unsafe)" 1718c2ecf20Sopenharmony_ci depends on CIFS_DEBUG 1728c2ecf20Sopenharmony_ci help 1738c2ecf20Sopenharmony_ci Enabling this will dump the encryption and decryption keys 1748c2ecf20Sopenharmony_ci used to communicate on an encrypted share connection on the 1758c2ecf20Sopenharmony_ci console. This allows Wireshark to decrypt and dissect 1768c2ecf20Sopenharmony_ci encrypted network captures. Enable this carefully. 1778c2ecf20Sopenharmony_ci If unsure, say N. 1788c2ecf20Sopenharmony_ci 1798c2ecf20Sopenharmony_ciconfig CIFS_DFS_UPCALL 1808c2ecf20Sopenharmony_ci bool "DFS feature support" 1818c2ecf20Sopenharmony_ci depends on CIFS 1828c2ecf20Sopenharmony_ci select DNS_RESOLVER 1838c2ecf20Sopenharmony_ci help 1848c2ecf20Sopenharmony_ci Distributed File System (DFS) support is used to access shares 1858c2ecf20Sopenharmony_ci transparently in an enterprise name space, even if the share 1868c2ecf20Sopenharmony_ci moves to a different server. This feature also enables 1878c2ecf20Sopenharmony_ci an upcall mechanism for CIFS which contacts userspace helper 1888c2ecf20Sopenharmony_ci utilities to provide server name resolution (host names to 1898c2ecf20Sopenharmony_ci IP addresses) which is needed in order to reconnect to 1908c2ecf20Sopenharmony_ci servers if their addresses change or for implicit mounts of 1918c2ecf20Sopenharmony_ci DFS junction points. If unsure, say Y. 1928c2ecf20Sopenharmony_ci 1938c2ecf20Sopenharmony_ciconfig CIFS_NFSD_EXPORT 1948c2ecf20Sopenharmony_ci bool "Allow nfsd to export CIFS file system" 1958c2ecf20Sopenharmony_ci depends on CIFS && BROKEN 1968c2ecf20Sopenharmony_ci help 1978c2ecf20Sopenharmony_ci Allows NFS server to export a CIFS mounted share (nfsd over cifs) 1988c2ecf20Sopenharmony_ci 1998c2ecf20Sopenharmony_ciconfig CIFS_SMB_DIRECT 2008c2ecf20Sopenharmony_ci bool "SMB Direct support" 2018c2ecf20Sopenharmony_ci depends on CIFS=m && INFINIBAND && INFINIBAND_ADDR_TRANS || CIFS=y && INFINIBAND=y && INFINIBAND_ADDR_TRANS=y 2028c2ecf20Sopenharmony_ci help 2038c2ecf20Sopenharmony_ci Enables SMB Direct support for SMB 3.0, 3.02 and 3.1.1. 2048c2ecf20Sopenharmony_ci SMB Direct allows transferring SMB packets over RDMA. If unsure, 2058c2ecf20Sopenharmony_ci say Y. 2068c2ecf20Sopenharmony_ci 2078c2ecf20Sopenharmony_ciconfig CIFS_FSCACHE 2088c2ecf20Sopenharmony_ci bool "Provide CIFS client caching support" 2098c2ecf20Sopenharmony_ci depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y 2108c2ecf20Sopenharmony_ci help 2118c2ecf20Sopenharmony_ci Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data 2128c2ecf20Sopenharmony_ci to be cached locally on disk through the general filesystem cache 2138c2ecf20Sopenharmony_ci manager. If unsure, say N. 2148c2ecf20Sopenharmony_ci 2158c2ecf20Sopenharmony_ciconfig CIFS_ROOT 2168c2ecf20Sopenharmony_ci bool "SMB root file system (Experimental)" 2178c2ecf20Sopenharmony_ci depends on CIFS=y && IP_PNP 2188c2ecf20Sopenharmony_ci help 2198c2ecf20Sopenharmony_ci Enables root file system support over SMB protocol. 2208c2ecf20Sopenharmony_ci 2218c2ecf20Sopenharmony_ci Most people say N here. 222