xref: /linux/fs/smb/client/Kconfig (revision 4b4c6fdb25de4edc0a34b1b93cccb439e00e1f35) 
138c8a9a5SSteve French# SPDX-License-Identifier: GPL-2.0-only
238c8a9a5SSteve Frenchconfig CIFS
338c8a9a5SSteve French	tristate "SMB3 and CIFS support (advanced network filesystem)"
438c8a9a5SSteve French	depends on INET
538c8a9a5SSteve French	select NLS
6de548452SDr. David Alan Gilbert	select NLS_UCS2_UTILS
738c8a9a5SSteve French	select CRYPTO
838c8a9a5SSteve French	select CRYPTO_MD5
938c8a9a5SSteve French	select CRYPTO_SHA256
1038c8a9a5SSteve French	select CRYPTO_SHA512
1138c8a9a5SSteve French	select CRYPTO_CMAC
1238c8a9a5SSteve French	select CRYPTO_HMAC
1338c8a9a5SSteve French	select CRYPTO_AEAD2
1438c8a9a5SSteve French	select CRYPTO_CCM
1538c8a9a5SSteve French	select CRYPTO_GCM
1638c8a9a5SSteve French	select CRYPTO_ECB
1738c8a9a5SSteve French	select CRYPTO_AES
188e979aabSEric Biggers	select CRYPTO_LIB_ARC4
19*4b4c6fdbSEric Biggers	select CRYPTO_LIB_SHA256
20af5fea51SEric Biggers	select CRYPTO_LIB_SHA512
2138c8a9a5SSteve French	select KEYS
2238c8a9a5SSteve French	select DNS_RESOLVER
2338c8a9a5SSteve French	select ASN1
2438c8a9a5SSteve French	select OID_REGISTRY
2538c8a9a5SSteve French	select NETFS_SUPPORT
2638c8a9a5SSteve French	help
2738c8a9a5SSteve French	  This is the client VFS module for the SMB3 family of network file
2838c8a9a5SSteve French	  protocols (including the most recent, most secure dialect SMB3.1.1).
2938c8a9a5SSteve French	  This module also includes support for earlier dialects such as
3038c8a9a5SSteve French	  SMB2.1, SMB2 and even the old Common Internet File System (CIFS)
3138c8a9a5SSteve French	  protocol.  CIFS was the successor to the original network filesystem
3238c8a9a5SSteve French	  protocol, Server Message Block (SMB ie SMB1), the native file sharing
3338c8a9a5SSteve French	  mechanism for most early PC operating systems.
3438c8a9a5SSteve French
3538c8a9a5SSteve French	  The SMB3.1.1 protocol is supported by most modern operating systems
3638c8a9a5SSteve French	  and NAS appliances (e.g. Samba, Windows 11, Windows Server 2022,
3738c8a9a5SSteve French	  MacOS) and even in the cloud (e.g. Microsoft Azure) and also by the
3838c8a9a5SSteve French	  Linux kernel server, ksmbd.  Support for the older CIFS protocol was
3938c8a9a5SSteve French	  included in Windows NT4, 2000 and XP (and later). Use of dialects
4038c8a9a5SSteve French	  older than SMB2.1 is often discouraged on public networks.
4138c8a9a5SSteve French	  This module also provides limited support for OS/2 and Windows ME
4238c8a9a5SSteve French	  and similar very old servers.
4338c8a9a5SSteve French
4438c8a9a5SSteve French	  This module provides an advanced network file system client for
4538c8a9a5SSteve French	  mounting to SMB3 (and CIFS) compliant servers.  It includes support
4638c8a9a5SSteve French	  for DFS (hierarchical name space), secure per-user session
4738c8a9a5SSteve French	  establishment via Kerberos or NTLMv2, RDMA (smbdirect), advanced
4838c8a9a5SSteve French	  security features, per-share encryption, packet-signing, snapshots,
4938c8a9a5SSteve French	  directory leases, safe distributed caching (leases), multichannel,
5038c8a9a5SSteve French	  Unicode and other internationalization improvements.
5138c8a9a5SSteve French
5238c8a9a5SSteve French	  In general, the default dialects, SMB3 and later, enable better
5338c8a9a5SSteve French	  performance, security and features, than would be possible with CIFS.
5438c8a9a5SSteve French
5538c8a9a5SSteve French	  If you need to mount to Samba, Azure, ksmbd, Macs or Windows from this
5638c8a9a5SSteve French	  machine, say Y.
5738c8a9a5SSteve French
5838c8a9a5SSteve Frenchconfig CIFS_STATS2
5938c8a9a5SSteve French	bool "Extended statistics"
6038c8a9a5SSteve French	depends on CIFS
6138c8a9a5SSteve French	default y
6238c8a9a5SSteve French	help
6338c8a9a5SSteve French	  Enabling this option will allow more detailed statistics on SMB
6438c8a9a5SSteve French	  request timing to be displayed in /proc/fs/cifs/DebugData and also
6538c8a9a5SSteve French	  allow optional logging of slow responses to dmesg (depending on the
6638c8a9a5SSteve French	  value of /proc/fs/cifs/cifsFYI). See Documentation/admin-guide/cifs/usage.rst
6738c8a9a5SSteve French	  for more details. These additional statistics may have a minor effect
6838c8a9a5SSteve French	  on performance and memory utilization.
6938c8a9a5SSteve French
7038c8a9a5SSteve French	  If unsure, say Y.
7138c8a9a5SSteve French
7238c8a9a5SSteve Frenchconfig CIFS_ALLOW_INSECURE_LEGACY
7338c8a9a5SSteve French	bool "Support legacy servers which use less secure dialects"
7438c8a9a5SSteve French	depends on CIFS
7538c8a9a5SSteve French	default y
7638c8a9a5SSteve French	help
7738c8a9a5SSteve French	  Modern dialects, SMB2.1 and later (including SMB3 and 3.1.1), have
7838c8a9a5SSteve French	  additional security features, including protection against
7938c8a9a5SSteve French	  man-in-the-middle attacks and stronger crypto hashes, so the use
8038c8a9a5SSteve French	  of legacy dialects (SMB1/CIFS and SMB2.0) is discouraged.
8138c8a9a5SSteve French
8238c8a9a5SSteve French	  Disabling this option prevents users from using vers=1.0 or vers=2.0
8338c8a9a5SSteve French	  on mounts with cifs.ko
8438c8a9a5SSteve French
8538c8a9a5SSteve French	  If unsure, say Y.
8638c8a9a5SSteve French
8738c8a9a5SSteve Frenchconfig CIFS_UPCALL
8838c8a9a5SSteve French	bool "Kerberos/SPNEGO advanced session setup"
8938c8a9a5SSteve French	depends on CIFS
9038c8a9a5SSteve French	help
9138c8a9a5SSteve French	  Enables an upcall mechanism for CIFS which accesses userspace helper
9238c8a9a5SSteve French	  utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets
9338c8a9a5SSteve French	  which are needed to mount to certain secure servers (for which more
9438c8a9a5SSteve French	  secure Kerberos authentication is required). If unsure, say Y.
9538c8a9a5SSteve French
9638c8a9a5SSteve Frenchconfig CIFS_XATTR
9738c8a9a5SSteve French	bool "CIFS extended attributes"
9838c8a9a5SSteve French	depends on CIFS
9938c8a9a5SSteve French	help
10038c8a9a5SSteve French	  Extended attributes are name:value pairs associated with inodes by
10138c8a9a5SSteve French	  the kernel or by users (see the attr(5) manual page for details).
10238c8a9a5SSteve French	  CIFS maps the name of extended attributes beginning with the user
10338c8a9a5SSteve French	  namespace prefix to SMB/CIFS EAs.  EAs are stored on Windows
10438c8a9a5SSteve French	  servers without the user namespace prefix, but their names are
10538c8a9a5SSteve French	  seen by Linux cifs clients prefaced by the user namespace prefix.
10638c8a9a5SSteve French	  The system namespace (used by some filesystems to store ACLs) is
10738c8a9a5SSteve French	  not supported at this time.
10838c8a9a5SSteve French
10938c8a9a5SSteve French	  If unsure, say Y.
11038c8a9a5SSteve French
11138c8a9a5SSteve Frenchconfig CIFS_POSIX
11238c8a9a5SSteve French	bool "CIFS POSIX Extensions"
11338c8a9a5SSteve French	depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY && CIFS_XATTR
11438c8a9a5SSteve French	help
11538c8a9a5SSteve French	  Enabling this option will cause the cifs client to attempt to
11638c8a9a5SSteve French	  negotiate a feature of the older cifs dialect with servers, such as
11738c8a9a5SSteve French	  Samba 3.0.5 or later, that optionally can handle more POSIX like
11838c8a9a5SSteve French	  (rather than Windows like) file behavior.  It also enables support
11938c8a9a5SSteve French	  for POSIX ACLs (getfacl and setfacl) to servers (such as Samba 3.10
12038c8a9a5SSteve French	  and later) which can negotiate CIFS POSIX ACL support.  This config
12138c8a9a5SSteve French	  option is not needed when mounting with SMB3.1.1. If unsure, say N.
12238c8a9a5SSteve French
12338c8a9a5SSteve Frenchconfig CIFS_DEBUG
12438c8a9a5SSteve French	bool "Enable CIFS debugging routines"
12538c8a9a5SSteve French	default y
12638c8a9a5SSteve French	depends on CIFS
12738c8a9a5SSteve French	help
12838c8a9a5SSteve French	  Enabling this option adds helpful debugging messages to
12938c8a9a5SSteve French	  the cifs code which increases the size of the cifs module.
13038c8a9a5SSteve French	  If unsure, say Y.
13138c8a9a5SSteve French
13238c8a9a5SSteve Frenchconfig CIFS_DEBUG2
13338c8a9a5SSteve French	bool "Enable additional CIFS debugging routines"
13438c8a9a5SSteve French	depends on CIFS_DEBUG
13538c8a9a5SSteve French	help
13638c8a9a5SSteve French	  Enabling this option adds a few more debugging routines
13738c8a9a5SSteve French	  to the cifs code which slightly increases the size of
13838c8a9a5SSteve French	  the cifs module and can cause additional logging of debug
13938c8a9a5SSteve French	  messages in some error paths, slowing performance. This
14038c8a9a5SSteve French	  option can be turned off unless you are debugging
14138c8a9a5SSteve French	  cifs problems.  If unsure, say N.
14238c8a9a5SSteve French
14338c8a9a5SSteve Frenchconfig CIFS_DEBUG_DUMP_KEYS
14438c8a9a5SSteve French	bool "Dump encryption keys for offline decryption (Unsafe)"
14538c8a9a5SSteve French	depends on CIFS_DEBUG
14638c8a9a5SSteve French	help
14738c8a9a5SSteve French	  Enabling this will dump the encryption and decryption keys
14838c8a9a5SSteve French	  used to communicate on an encrypted share connection on the
14938c8a9a5SSteve French	  console. This allows Wireshark to decrypt and dissect
15038c8a9a5SSteve French	  encrypted network captures. Enable this carefully.
15138c8a9a5SSteve French	  If unsure, say N.
15238c8a9a5SSteve French
15338c8a9a5SSteve Frenchconfig CIFS_DFS_UPCALL
15438c8a9a5SSteve French	bool "DFS feature support"
15538c8a9a5SSteve French	depends on CIFS
15638c8a9a5SSteve French	help
15738c8a9a5SSteve French	  Distributed File System (DFS) support is used to access shares
15838c8a9a5SSteve French	  transparently in an enterprise name space, even if the share
15938c8a9a5SSteve French	  moves to a different server.  This feature also enables
16038c8a9a5SSteve French	  an upcall mechanism for CIFS which contacts userspace helper
16138c8a9a5SSteve French	  utilities to provide server name resolution (host names to
16238c8a9a5SSteve French	  IP addresses) which is needed in order to reconnect to
16338c8a9a5SSteve French	  servers if their addresses change or for implicit mounts of
16438c8a9a5SSteve French	  DFS junction points. If unsure, say Y.
16538c8a9a5SSteve French
16638c8a9a5SSteve Frenchconfig CIFS_SWN_UPCALL
16738c8a9a5SSteve French	bool "SWN feature support"
16838c8a9a5SSteve French	depends on CIFS
16938c8a9a5SSteve French	help
17038c8a9a5SSteve French	  The Service Witness Protocol (SWN) is used to get notifications
17138c8a9a5SSteve French	  from a highly available server of resource state changes. This
17238c8a9a5SSteve French	  feature enables an upcall mechanism for CIFS which contacts a
17338c8a9a5SSteve French	  userspace daemon to establish the DCE/RPC connection to retrieve
17438c8a9a5SSteve French	  the cluster available interfaces and resource change notifications.
17538c8a9a5SSteve French	  If unsure, say Y.
17638c8a9a5SSteve French
17738c8a9a5SSteve Frenchconfig CIFS_NFSD_EXPORT
17838c8a9a5SSteve French	bool "Allow nfsd to export CIFS file system"
17938c8a9a5SSteve French	depends on CIFS && BROKEN
18038c8a9a5SSteve French	help
18138c8a9a5SSteve French	  Allows NFS server to export a CIFS mounted share (nfsd over cifs)
18238c8a9a5SSteve French
18338c8a9a5SSteve Frenchif CIFS
18438c8a9a5SSteve French
18538c8a9a5SSteve Frenchconfig CIFS_SMB_DIRECT
18638c8a9a5SSteve French	bool "SMB Direct support"
18738c8a9a5SSteve French	depends on CIFS=m && INFINIBAND && INFINIBAND_ADDR_TRANS || CIFS=y && INFINIBAND=y && INFINIBAND_ADDR_TRANS=y
18838c8a9a5SSteve French	help
18938c8a9a5SSteve French	  Enables SMB Direct support for SMB 3.0, 3.02 and 3.1.1.
19038c8a9a5SSteve French	  SMB Direct allows transferring SMB packets over RDMA. If unsure,
19138c8a9a5SSteve French	  say Y.
19238c8a9a5SSteve French
19338c8a9a5SSteve Frenchconfig CIFS_FSCACHE
19438c8a9a5SSteve French	bool "Provide CIFS client caching support"
19538c8a9a5SSteve French	depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y
19638c8a9a5SSteve French	help
19738c8a9a5SSteve French	  Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data
19838c8a9a5SSteve French	  to be cached locally on disk through the general filesystem cache
19938c8a9a5SSteve French	  manager. If unsure, say N.
20038c8a9a5SSteve French
20138c8a9a5SSteve Frenchconfig CIFS_ROOT
20238c8a9a5SSteve French	bool "SMB root file system (Experimental)"
20338c8a9a5SSteve French	depends on CIFS=y && IP_PNP
20438c8a9a5SSteve French	help
20538c8a9a5SSteve French	  Enables root file system support over SMB protocol.
20638c8a9a5SSteve French
20738c8a9a5SSteve French	  Most people say N here.
20838c8a9a5SSteve French
209d14bbfffSSteve Frenchconfig CIFS_COMPRESSION
210d14bbfffSSteve French	bool "SMB message compression (Experimental)"
211d14bbfffSSteve French	depends on CIFS
212d14bbfffSSteve French	default n
213d14bbfffSSteve French	help
214d14bbfffSSteve French	  Enables over-the-wire message compression for SMB 3.1.1
215d14bbfffSSteve French	  mounts when negotiated with the server.
216d14bbfffSSteve French
217d14bbfffSSteve French	  Only write requests with data size >= PAGE_SIZE will be
218d14bbfffSSteve French	  compressed to avoid wasting resources.
219d14bbfffSSteve French
220d14bbfffSSteve French	  Say Y here if you want SMB traffic to be compressed.
221d14bbfffSSteve French	  If unsure, say N.
222d14bbfffSSteve French
22338c8a9a5SSteve Frenchendif
224