2 tristate "SMB3 and CIFS support (advanced network filesystem)"
19 This is the client VFS module for the SMB3 family of NAS protocols,
20 (including support for the most recent, most secure dialect SMB3.1.1)
21 as well as for earlier dialects such as SMB2.1, SMB2 and the older
22 Common Internet File System (CIFS) protocol. CIFS was the successor
23 to the original dialect, the Server Message Block (SMB) protocol, the
24 native file sharing mechanism for most early PC operating systems.
26 The SMB3 protocol is supported by most modern operating systems
27 and NAS appliances (e.g. Samba, Windows 10, Windows Server 2016,
28 MacOS) and even in the cloud (e.g. Microsoft Azure).
29 The older CIFS protocol was included in Windows NT4, 2000 and XP (and
30 later) as well by Samba (which provides excellent CIFS and SMB3
31 server support for Linux and many other operating systems). Use of
32 dialects older than SMB2.1 is often discouraged on public networks.
33 This module also provides limited support for OS/2 and Windows ME
34 and similar very old servers.
36 This module provides an advanced network file system client
37 for mounting to SMB3 (and CIFS) compliant servers. It includes
38 support for DFS (hierarchical name space), secure per-user
39 session establishment via Kerberos or NTLM or NTLMv2, RDMA
40 (smbdirect), advanced security features, per-share encryption,
41 directory leases, safe distributed caching (oplock), optional packet
42 signing, Unicode and other internationalization improvements.
44 In general, the default dialects, SMB3 and later, enable better
45 performance, security and features, than would be possible with CIFS.
46 Note that when mounting to Samba, due to the CIFS POSIX extensions,
47 CIFS mounts can provide slightly better POSIX compatibility
48 than SMB3 mounts. SMB2/SMB3 mount options are also
49 slightly simpler (compared to CIFS) due to protocol improvements.
51 If you need to mount to Samba, Azure, Macs or Windows from this machine, say Y.
54 bool "Extended statistics"
57 Enabling this option will allow more detailed statistics on SMB
58 request timing to be displayed in /proc/fs/cifs/DebugData and also
59 allow optional logging of slow responses to dmesg (depending on the
60 value of /proc/fs/cifs/cifsFYI, see fs/cifs/README for more details).
61 These additional statistics may have a minor effect on performance
62 and memory utilization.
64 Unless you are a developer or are doing network performance analysis
67 config CIFS_ALLOW_INSECURE_LEGACY
68 bool "Support legacy servers which use less secure dialects"
72 Modern dialects, SMB2.1 and later (including SMB3 and 3.1.1), have
73 additional security features, including protection against
74 man-in-the-middle attacks and stronger crypto hashes, so the use
75 of legacy dialects (SMB1/CIFS and SMB2.0) is discouraged.
77 Disabling this option prevents users from using vers=1.0 or vers=2.0
78 on mounts with cifs.ko
82 config CIFS_WEAK_PW_HASH
83 bool "Support legacy servers which use weaker LANMAN security"
84 depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY
86 Modern CIFS servers including Samba and most Windows versions
87 (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos)
88 security mechanisms. These hash the password more securely
89 than the mechanisms used in the older LANMAN version of the
90 SMB protocol but LANMAN based authentication is needed to
91 establish sessions with some old SMB servers.
93 Enabling this option allows the cifs module to mount to older
94 LANMAN based servers such as OS/2 and Windows 95, but such
95 mounts may be less secure than mounts using NTLM or more recent
96 security mechanisms if you are on a public network. Unless you
97 have a need to access old SMB servers (and are on a private
98 network) you probably want to say N. Even if this support
99 is enabled in the kernel build, LANMAN authentication will not be
100 used automatically. At runtime LANMAN mounts are disabled but
101 can be set to required (or optional) either in
102 /proc/fs/cifs (see fs/cifs/README for more detail) or via an
103 option on the mount command. This support is disabled by
104 default in order to reduce the possibility of a downgrade
110 bool "Kerberos/SPNEGO advanced session setup"
111 depends on CIFS && KEYS
114 Enables an upcall mechanism for CIFS which accesses userspace helper
115 utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets
116 which are needed to mount to certain secure servers (for which more
117 secure Kerberos authentication is required). If unsure, say Y.
120 bool "CIFS extended attributes"
123 Extended attributes are name:value pairs associated with inodes by
124 the kernel or by users (see the attr(5) manual page for details).
125 CIFS maps the name of extended attributes beginning with the user
126 namespace prefix to SMB/CIFS EAs. EAs are stored on Windows
127 servers without the user namespace prefix, but their names are
128 seen by Linux cifs clients prefaced by the user namespace prefix.
129 The system namespace (used by some filesystems to store ACLs) is
130 not supported at this time.
135 bool "CIFS POSIX Extensions"
136 depends on CIFS_XATTR
138 Enabling this option will cause the cifs client to attempt to
139 negotiate a newer dialect with servers, such as Samba 3.0.5
140 or later, that optionally can handle more POSIX like (rather
141 than Windows like) file behavior. It also enables
142 support for POSIX ACLs (getfacl and setfacl) to servers
143 (such as Samba 3.10 and later) which can negotiate
144 CIFS POSIX ACL support. If unsure, say N.
147 bool "Provide CIFS ACL support"
148 depends on CIFS_XATTR && KEYS
150 Allows fetching CIFS/NTFS ACL from the server. The DACL blob
151 is handed over to the application/caller. See the man
152 page for getcifsacl for more information. If unsure, say Y.
155 bool "Enable CIFS debugging routines"
159 Enabling this option adds helpful debugging messages to
160 the cifs code which increases the size of the cifs module.
163 bool "Enable additional CIFS debugging routines"
164 depends on CIFS_DEBUG
166 Enabling this option adds a few more debugging routines
167 to the cifs code which slightly increases the size of
168 the cifs module and can cause additional logging of debug
169 messages in some error paths, slowing performance. This
170 option can be turned off unless you are debugging
171 cifs problems. If unsure, say N.
173 config CIFS_DEBUG_DUMP_KEYS
174 bool "Dump encryption keys for offline decryption (Unsafe)"
175 depends on CIFS_DEBUG
177 Enabling this will dump the encryption and decryption keys
178 used to communicate on an encrypted share connection on the
179 console. This allows Wireshark to decrypt and dissect
180 encrypted network captures. Enable this carefully.
183 config CIFS_DFS_UPCALL
184 bool "DFS feature support"
185 depends on CIFS && KEYS
188 Distributed File System (DFS) support is used to access shares
189 transparently in an enterprise name space, even if the share
190 moves to a different server. This feature also enables
191 an upcall mechanism for CIFS which contacts userspace helper
192 utilities to provide server name resolution (host names to
193 IP addresses) which is needed for implicit mounts of DFS junction
194 points. If unsure, say Y.
196 config CIFS_NFSD_EXPORT
197 bool "Allow nfsd to export CIFS file system"
198 depends on CIFS && BROKEN
200 Allows NFS server to export a CIFS mounted share (nfsd over cifs)
202 config CIFS_SMB_DIRECT
203 bool "SMB Direct support (Experimental)"
204 depends on CIFS=m && INFINIBAND && INFINIBAND_ADDR_TRANS || CIFS=y && INFINIBAND=y && INFINIBAND_ADDR_TRANS=y
206 Enables SMB Direct experimental support for SMB 3.0, 3.02 and 3.1.1.
207 SMB Direct allows transferring SMB packets over RDMA. If unsure,
211 bool "Provide CIFS client caching support"
212 depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y
214 Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data
215 to be cached locally on disk through the general filesystem cache
216 manager. If unsure, say N.
projects / linux-2.6-microblaze.git / blob