Cifsd Architecture
   HOME

TheInfoList



Click Here for Items Related To - Cifsd Architecture
OR:
Cifsd Architecture on:   [Wikipedia]   [Google]   [Amazon]

KSMBD is an
open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...
in-kernel
CIFS Server Message Block (SMB) is a communication protocol used to share files, printers, serial ports, and miscellaneous communications between nodes on a network. On Microsoft Windows, the SMB implementation consists of two vaguely named Windows ...
/ SMB server created by Namjae Jeon for the
Linux kernel The Linux kernel is a Free and open-source software, free and open source Unix-like kernel (operating system), kernel that is used in many computer systems worldwide. The kernel was created by Linus Torvalds in 1991 and was soon adopted as the k ...
. Initially the goal is to provide improved file I/O performance, but the bigger goal is to have some new features which are much easier to develop and maintain inside the kernel and expose the layers fully. Directions can be attributed to sections where
Samba Samba () is a broad term for many of the rhythms that compose the better known Brazilian music genres that originated in the Afro-Brazilians, Afro Brazilian communities of Bahia in the late 19th century and early 20th century, It is a name or ...
is moving to a few modules inside the kernel to have features like
Remote direct memory access In computing, remote direct memory access (RDMA) is a direct memory access from the memory of one computer into that of another without involving either one's operating system. This permits high-throughput, low- latency networking, which is especia ...
(RDMA) to work with actual performance gain.


Features


Implemented

* SMB1(CIFS), SMB2/3 protocols for basic file sharing * Compound requests * oplock/lease * Large MTU(Multi-credit) *
NTLM In a Windows network, NT (New Technology) LAN Manager (NTLM) is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users. NTLM is the successor to the authentication protocol in Microsoft ...
/ NTLMv2 * Auto negotiation *
HMAC-SHA256 In cryptography, an HMAC (sometimes expanded as either keyed-hash message authentication code or hash-based message authentication code) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secr ...
Signing * Secure negotiate * Signing Update * Pre-authentication integrity(SMB 3.1.1, Windows 10) * SMB encryption (CCM, GCM) * SMB direct(RDMA) * WinACL (Security descriptor) * Kerberos * Directory lease * Multi-channel * Durable handle and v2


Planned

* Persistent handles * Cluster Support * SCSI over SMB3


Architecture

The subset of performance related operations belong in kernelspace and the other subset which belong to operations which are not really related with performance in userspace. So,
DCE/RPC DCE/RPC, short for "Distributed Computing Environment / Remote Procedure Calls", is the remote procedure call system developed for the Distributed Computing Environment (DCE). This system allows programmers to write distributed software as if it ...
management that has historically resulted into number of buffer overflow issues and dangerous security bugs and winreg and user account management are implemented in user space as . File operations that are related with performance (open/read/write/close etc.) are in kernel space (). This also allows for easier integration with the VFS interface for all file operations.


(kernel daemon)

When the server daemon is started, it starts up a forker thread (/0) at initialization time and opens a dedicated port 445 for listening to SMB requests. Whenever new clients make requests, the forker thread will accept the client connection and fork a new thread for a dedicated communication channel between the client and the server. It allows for parallel processing of SMB requests (commands) from clients as well as allowing for new clients to make new connections. Each instance is named to indicate connected clients. Depending on the SMB request types, each new thread can decide to pass through the commands to the user space (). Currently DCE/RPC commands are identified to be handled through the user space. To further utilize the linux kernel, it has been chosen to process the commands as default work items to be executed in the handlers of the default threads. It allows for multiplexing of the handlers as the kernel take care of initiating extra worker threads if the load is increased and vice versa, if the load is decreased it destroys the extra worker threads. So, after connection is established with the client, a dedicated task takes complete ownership of the receiving and parsing of SMB commands. Each of the multiple clients' commands received is worked in parallel. After receiving each command a separated kernel work item is prepared for each command which is further queued to be handled by default threads inside the kernel. So, each SMB work item is queued to the . This allows the benefit of load sharing to be managed optimally by the default kernel and optimizes client performance by handling client commands in parallel.


{{proper name, ksmbd.mountd (user space daemon)

{{proper name, ksmbd.mountd is userspace process to, transfer user account and password that are registered using {{proper name, ksmbd.adduser (part of utils for user space). Further it allows sharing information parameters that parsed from smb.conf to smb export layer in kernel. For the execution part it has a daemon which is continuously running and connected to the kernel interface using netlink socket, it waits for the requests (dcerpc and winreg). It handles RPC calls (at a minimum few dozen) that are most important for file server from NetShareEnum and NetServerGetInfo and various DFS related calls which a server must implement. Complete DCE/RPC response is prepared from the user space and passed over to the associated kernel thread for the client.


See also

*
Comparison of operating system kernels A kernel is a component of a computer operating system. It serves as an intermediary connecting software to hardware, enabling them to work together seamlessly.A comparison of system kernels can provide insight into the design and architectural ...
*
Server Message Block Server Message Block (SMB) is a communication protocol used to share files, printers, serial ports, and miscellaneous communications between nodes on a network. On Microsoft Windows, the SMB implementation consists of two vaguely named Windows ...
* List of products that support SMB


References

* https://github.com/cifsd-team/ksmbd/blob/master/README.md * User Manual : https://github.com/namjaejeon/Documents/blob/master/CIFSD_User_Guide_v1.0.pdf


External links

* {{GitHub, cifsd-team/ksmbd * {{GitHub, cifsd-team/ksmbd-tools
INTRODUCE IN-KERNELSMB3 SERVER CALLED CIFSD, SambaXP 2019
(2019-06-05)
INTRODUCE IN-KERNELSMB3 SERVER CALLED CIFSD, Storage Developer Conference 2019
(2019-09-23) File systems supported by the Linux kernel Network file systems