KSMBD


KSMBD is an open-source in-kernel CIFS/SMB server created by Namjae Jeon for the Linux kernel. Initially the goal is to provide improved file I/O performance, but the bigger goal is to have some new features which are much easier to develop and maintain inside the kernel and expose the layers fully. Directions can be attributed to sections where Samba is moving to a few modules inside the kernel to have features like Remote direct memory access to work with actual performance gain.

Features

Implemented

  • SMB1, SMB2/3 protocols for basic file sharing
  • Compound requests
  • oplock/lease
  • Large MTU
  • NTLM/NTLMv2
  • Auto negotiation
  • HMAC-SHA256 Signing
  • Secure negotiate
  • Signing Update
  • Pre-authentication integrity
  • SMB encryption
  • SMB direct
  • WinACL
  • Kerberos
  • Directory lease
  • Multi-channel
  • Durable handle and v2

Planned

  • Persistent handles
  • Cluster Support
  • SCSI over SMB3

Architecture

The subset of performance related operations belong in kernelspace and the other subset which belong to operations which are not really related with performance in userspace. So, DCE/RPC management that has historically resulted into number of buffer overflow issues and dangerous security bugs and winreg and user account management are implemented in user space as. File operations that are related with performance are in kernel space. This also allows for easier integration with the VFS interface for all file operations.

(kernel daemon)

When the server daemon is started, it starts up a forker thread at initialization time and opens a dedicated port 445 for listening to SMB requests. Whenever new clients make requests, the forker thread will accept the client connection and fork a new thread for a dedicated communication channel between the client and the server. It allows for parallel processing of SMB requests from clients as well as allowing for new clients to make new connections. Each instance is named to indicate connected clients. Depending on the SMB request types, each new thread can decide to pass through the commands to the user space. Currently DCE/RPC commands are identified to be handled through the user space.
To further utilize the linux kernel, it has been chosen to process the commands as default work items to be executed in the handlers of the default threads. It allows for multiplexing of the handlers as the kernel take care of initiating extra worker threads if the load is increased and vice versa, if the load is decreased it destroys the extra worker threads. So, after connection is established with the client, a dedicated task takes complete ownership of the receiving and parsing of SMB commands. Each of the multiple clients' commands received is worked in parallel. After receiving each command a separated kernel work item is prepared for each command which is further queued to be handled by default threads inside the kernel. So, each SMB work item is queued to the. This allows the benefit of load sharing to be managed optimally by the default kernel and optimizes client performance by handling client commands in parallel.

(user space daemon)

is userspace process to, transfer user account and password that are registered using . Further it allows sharing information parameters that parsed from smb.conf to smb export layer in kernel. For the execution part it has a daemon which is continuously running and connected to the kernel interface using netlink socket, it waits for the requests. It handles RPC calls that are most important for file server from NetShareEnum and NetServerGetInfo and various DFS related calls which a server must implement. Complete DCE/RPC response is prepared from the user space and passed over to the associated kernel thread for the client.