mirror of https://github.com/Qortal/Brooklyn
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
231 lines
9.1 KiB
231 lines
9.1 KiB
# SPDX-License-Identifier: GPL-2.0-only |
|
config CIFS |
|
tristate "SMB3 and CIFS support (advanced network filesystem)" |
|
depends on INET |
|
select NLS |
|
select CRYPTO |
|
select CRYPTO_MD4 |
|
select CRYPTO_MD5 |
|
select CRYPTO_SHA256 |
|
select CRYPTO_SHA512 |
|
select CRYPTO_CMAC |
|
select CRYPTO_HMAC |
|
select CRYPTO_LIB_ARC4 |
|
select CRYPTO_AEAD2 |
|
select CRYPTO_CCM |
|
select CRYPTO_GCM |
|
select CRYPTO_ECB |
|
select CRYPTO_AES |
|
select CRYPTO_LIB_DES |
|
select KEYS |
|
select DNS_RESOLVER |
|
help |
|
This is the client VFS module for the SMB3 family of NAS protocols, |
|
(including support for the most recent, most secure dialect SMB3.1.1) |
|
as well as for earlier dialects such as SMB2.1, SMB2 and the older |
|
Common Internet File System (CIFS) protocol. CIFS was the successor |
|
to the original dialect, the Server Message Block (SMB) protocol, the |
|
native file sharing mechanism for most early PC operating systems. |
|
|
|
The SMB3 protocol is supported by most modern operating systems |
|
and NAS appliances (e.g. Samba, Windows 10, Windows Server 2016, |
|
MacOS) and even in the cloud (e.g. Microsoft Azure). |
|
The older CIFS protocol was included in Windows NT4, 2000 and XP (and |
|
later) as well by Samba (which provides excellent CIFS and SMB3 |
|
server support for Linux and many other operating systems). Use of |
|
dialects older than SMB2.1 is often discouraged on public networks. |
|
This module also provides limited support for OS/2 and Windows ME |
|
and similar very old servers. |
|
|
|
This module provides an advanced network file system client |
|
for mounting to SMB3 (and CIFS) compliant servers. It includes |
|
support for DFS (hierarchical name space), secure per-user |
|
session establishment via Kerberos or NTLM or NTLMv2, RDMA |
|
(smbdirect), advanced security features, per-share encryption, |
|
directory leases, safe distributed caching (oplock), optional packet |
|
signing, Unicode and other internationalization improvements. |
|
|
|
In general, the default dialects, SMB3 and later, enable better |
|
performance, security and features, than would be possible with CIFS. |
|
Note that when mounting to Samba, due to the CIFS POSIX extensions, |
|
CIFS mounts can provide slightly better POSIX compatibility |
|
than SMB3 mounts. SMB2/SMB3 mount options are also |
|
slightly simpler (compared to CIFS) due to protocol improvements. |
|
|
|
If you need to mount to Samba, Azure, Macs or Windows from this machine, say Y. |
|
|
|
config CIFS_STATS2 |
|
bool "Extended statistics" |
|
depends on CIFS |
|
help |
|
Enabling this option will allow more detailed statistics on SMB |
|
request timing to be displayed in /proc/fs/cifs/DebugData and also |
|
allow optional logging of slow responses to dmesg (depending on the |
|
value of /proc/fs/cifs/cifsFYI). See Documentation/admin-guide/cifs/usage.rst |
|
for more details. These additional statistics may have a minor effect |
|
on performance and memory utilization. |
|
|
|
Unless you are a developer or are doing network performance analysis |
|
or tuning, say N. |
|
|
|
config CIFS_ALLOW_INSECURE_LEGACY |
|
bool "Support legacy servers which use less secure dialects" |
|
depends on CIFS |
|
default y |
|
help |
|
Modern dialects, SMB2.1 and later (including SMB3 and 3.1.1), have |
|
additional security features, including protection against |
|
man-in-the-middle attacks and stronger crypto hashes, so the use |
|
of legacy dialects (SMB1/CIFS and SMB2.0) is discouraged. |
|
|
|
Disabling this option prevents users from using vers=1.0 or vers=2.0 |
|
on mounts with cifs.ko |
|
|
|
If unsure, say Y. |
|
|
|
config CIFS_WEAK_PW_HASH |
|
bool "Support legacy servers which use weaker LANMAN security" |
|
depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY |
|
help |
|
Modern CIFS servers including Samba and most Windows versions |
|
(since 1997) support stronger NTLM (and even NTLMv2 and Kerberos) |
|
security mechanisms. These hash the password more securely |
|
than the mechanisms used in the older LANMAN version of the |
|
SMB protocol but LANMAN based authentication is needed to |
|
establish sessions with some old SMB servers. |
|
|
|
Enabling this option allows the cifs module to mount to older |
|
LANMAN based servers such as OS/2 and Windows 95, but such |
|
mounts may be less secure than mounts using NTLM or more recent |
|
security mechanisms if you are on a public network. Unless you |
|
have a need to access old SMB servers (and are on a private |
|
network) you probably want to say N. Even if this support |
|
is enabled in the kernel build, LANMAN authentication will not be |
|
used automatically. At runtime LANMAN mounts are disabled but |
|
can be set to required (or optional) either in |
|
/proc/fs/cifs (see Documentation/admin-guide/cifs/usage.rst for |
|
more detail) or via an option on the mount command. This support |
|
is disabled by default in order to reduce the possibility of a |
|
downgrade attack. |
|
|
|
If unsure, say N. |
|
|
|
config CIFS_UPCALL |
|
bool "Kerberos/SPNEGO advanced session setup" |
|
depends on CIFS |
|
help |
|
Enables an upcall mechanism for CIFS which accesses userspace helper |
|
utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets |
|
which are needed to mount to certain secure servers (for which more |
|
secure Kerberos authentication is required). If unsure, say Y. |
|
|
|
config CIFS_XATTR |
|
bool "CIFS extended attributes" |
|
depends on CIFS |
|
help |
|
Extended attributes are name:value pairs associated with inodes by |
|
the kernel or by users (see the attr(5) manual page for details). |
|
CIFS maps the name of extended attributes beginning with the user |
|
namespace prefix to SMB/CIFS EAs. EAs are stored on Windows |
|
servers without the user namespace prefix, but their names are |
|
seen by Linux cifs clients prefaced by the user namespace prefix. |
|
The system namespace (used by some filesystems to store ACLs) is |
|
not supported at this time. |
|
|
|
If unsure, say Y. |
|
|
|
config CIFS_POSIX |
|
bool "CIFS POSIX Extensions" |
|
depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY && CIFS_XATTR |
|
help |
|
Enabling this option will cause the cifs client to attempt to |
|
negotiate a newer dialect with servers, such as Samba 3.0.5 |
|
or later, that optionally can handle more POSIX like (rather |
|
than Windows like) file behavior. It also enables |
|
support for POSIX ACLs (getfacl and setfacl) to servers |
|
(such as Samba 3.10 and later) which can negotiate |
|
CIFS POSIX ACL support. If unsure, say N. |
|
|
|
config CIFS_DEBUG |
|
bool "Enable CIFS debugging routines" |
|
default y |
|
depends on CIFS |
|
help |
|
Enabling this option adds helpful debugging messages to |
|
the cifs code which increases the size of the cifs module. |
|
If unsure, say Y. |
|
|
|
config CIFS_DEBUG2 |
|
bool "Enable additional CIFS debugging routines" |
|
depends on CIFS_DEBUG |
|
help |
|
Enabling this option adds a few more debugging routines |
|
to the cifs code which slightly increases the size of |
|
the cifs module and can cause additional logging of debug |
|
messages in some error paths, slowing performance. This |
|
option can be turned off unless you are debugging |
|
cifs problems. If unsure, say N. |
|
|
|
config CIFS_DEBUG_DUMP_KEYS |
|
bool "Dump encryption keys for offline decryption (Unsafe)" |
|
depends on CIFS_DEBUG |
|
help |
|
Enabling this will dump the encryption and decryption keys |
|
used to communicate on an encrypted share connection on the |
|
console. This allows Wireshark to decrypt and dissect |
|
encrypted network captures. Enable this carefully. |
|
If unsure, say N. |
|
|
|
config CIFS_DFS_UPCALL |
|
bool "DFS feature support" |
|
depends on CIFS |
|
help |
|
Distributed File System (DFS) support is used to access shares |
|
transparently in an enterprise name space, even if the share |
|
moves to a different server. This feature also enables |
|
an upcall mechanism for CIFS which contacts userspace helper |
|
utilities to provide server name resolution (host names to |
|
IP addresses) which is needed in order to reconnect to |
|
servers if their addresses change or for implicit mounts of |
|
DFS junction points. If unsure, say Y. |
|
|
|
config CIFS_SWN_UPCALL |
|
bool "SWN feature support" |
|
depends on CIFS |
|
help |
|
The Service Witness Protocol (SWN) is used to get notifications |
|
from a highly available server of resource state changes. This |
|
feature enables an upcall mechanism for CIFS which contacts a |
|
userspace daemon to establish the DCE/RPC connection to retrieve |
|
the cluster available interfaces and resource change notifications. |
|
If unsure, say Y. |
|
|
|
config CIFS_NFSD_EXPORT |
|
bool "Allow nfsd to export CIFS file system" |
|
depends on CIFS && BROKEN |
|
help |
|
Allows NFS server to export a CIFS mounted share (nfsd over cifs) |
|
|
|
config CIFS_SMB_DIRECT |
|
bool "SMB Direct support" |
|
depends on CIFS=m && INFINIBAND && INFINIBAND_ADDR_TRANS || CIFS=y && INFINIBAND=y && INFINIBAND_ADDR_TRANS=y |
|
help |
|
Enables SMB Direct support for SMB 3.0, 3.02 and 3.1.1. |
|
SMB Direct allows transferring SMB packets over RDMA. If unsure, |
|
say Y. |
|
|
|
config CIFS_FSCACHE |
|
bool "Provide CIFS client caching support" |
|
depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y |
|
help |
|
Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data |
|
to be cached locally on disk through the general filesystem cache |
|
manager. If unsure, say N. |
|
|
|
config CIFS_ROOT |
|
bool "SMB root file system (Experimental)" |
|
depends on CIFS=y && IP_PNP |
|
help |
|
Enables root file system support over SMB protocol. |
|
|
|
Most people say N here.
|
|
|