Original author(s) | Namjae Jeon |
---|---|
Developer(s) | Namjae Jeon, Sergey Senozhatsky, Hyunchul Lee |
Repository | github |
Written in | C |
Operating system | Linux |
Type | Network Filesystem |
License | GPLv2 |
CIFSD is an open-source in-kernel CIFS/SMB server created by Namjae Jeon for the Linux kernel. Initially the goal is to provide improved file I/O performance, but the bigger goal is to have some new features which are much easier to develop and maintain inside the kernel and expose the layers fully. Directions can be attributed to sections where Samba is moving to a few modules inside the kernel to have features like Remote direct memory access (RDMA) to work with actual performance gain.
Features
Implemented
- SMB1(CIFS), SMB2/3 protocols for basic file sharing
- Compound requests
- oplock/lease
- Large MTU(Multi-credit)
- NTLM/NTLMv2
- Auto negotiation
- HMAC-SHA256 Signing
- Secure negotiate
- Signing Update
- Pre-authentication integrity(SMB 3.1.1, Windows 10)
- SMB encryption (CCM, GCM)
- SMB direct(RDMA)
- WinACL (Security descriptor)
- Kerberos
- Directory lease
- Multi-channel
Planned
- Durable handle and v2
- Persistent handles
- Cluster Support
- SCSI over SMB3
Architecture
The subset of performance related operations belong in kernelspace and the other subset which belong to operations which are not really related with performance in userspace. So, DCE/RPC management that has historically resulted into number of buffer overflow issues and dangerous security bugs and winreg and user account management are implemented in user space as ksmbd.mountd. File operations that are related with performance (open/read/write/close etc.) are in kernel space (ksmbd). This also allows for easier integration with the VFS interface for all file operations.
ksmbd (kernel daemon)
When the server daemon is started, it starts up a forker thread (ksmbd/0) at initialization time and opens a dedicated port 445 for listening to SMB requests. Whenever new clients make requests, the forker thread will accept the client connection and fork a new thread for a dedicated communication channel between the client and the server. It allows for parallel processing of SMB requests (commands) from clients as well as allowing for new clients to make new connections. Each instance is named ksmbd/1~n to indicate connected clients. Depending on the SMB request types, each new thread can decide to pass through the commands to the user space (ksmbd.mountd). Currently DCE/RPC commands are identified to be handled through the user space.
To further utilize the linux kernel, it has been chosen to process the commands as default workitems to be executed in the handlers of the default kworker threads. It allows for multiplexing of the handlers as the kernel take care of initiating extra worker threads if the load is increased and vice versa, if the load is decreased it destroys the extra worker threads. So, after connection is established with the client, a dedicated ksmbd task takes complete ownership of the receiving and parsing of SMB commands. Each of the multiple clients' commands received is worked in parallel. After receiving each command a separated kernel workitem is prepared for each command which is further queued to be handled by default kworker'threads inside the kernel. So, each SMB workitem is queued to the kworkers. This allows the benefit of load sharing to be managed optimally by the default kernel and optimizes client performance by handling client commands in parallel.
ksmbd.mountd (user space daemon)
ksmbd.mountd is userspace process to, transfer user account and password that are registered using ksmbd.adduser (part of utils for user space). Further it allows sharing information parameters that parsed from smb.conf to smb export layer in kernel. For the execution part it has a daemon which is continuously running and connected to the kernel interface using netlink socket, it waits for the requests (dcerpc and winreg). It handles RPC calls (at a minimum few dozen) that are most important for file server from NetShareEnum and NetServerGetInfo and various DFS related calls which a server must implement. Complete DCE/RPC response is prepared from the user space and passed over to the associated kernel thread for the client.