2.1 What’s New or Changed in CIFS (OES 2023)

In addition to the bug fixes, CIFS provides the following enhancements and changes in OES 2023.

SMB Encryption Enhancement

CIFS supports AES-256-GCM and AES-256-CCM cryptographic suites for SMB 3.1.1 encryption. The server negotiates these advanced cipher methods when connecting to the client. AES-128-GCM and AES-128-CCM cryptographic suites are still supported for SMB 3.1.1.

Pre-authentication Integrity

CIFS supports pre-authentication integrity which is a mandatory feature in SMB 3.1.1 dialect. It protects against any tampering with Negotiate and Session Setup messages by leveraging cryptographic hashing.

SMB Multichannel Operations

CIFS supports SMB Multichannel. This is an SMB 3.0 feature. It increases network performance and the file server’s availability. SMB multichannel enables file servers to use multiple connections from a client which improves network performance, especially for large file copies, and facilitates network fault tolerance.

SMB Compression

CIFS supports SMB compression which allows compression of files as they are transferred over the network.

novcifs Command Changes

  • Selecting Ciphers: SMB 3.1.1 supports AES-128-GCM, AES-256-CCM, and AES-256-GCM ciphers. If the data encryption is enabled, then you can set one of the above ciphers for encryption.

    --preferred-cipher={AES-128-GCM|AES-128-CCM|AES-256-GCM|AES-256-CCM}

  • File Compression: You can enable or disable the compression of files as they transfer over the network.

    novcifs [--compression=yes|no]

  • Monitoring CIFS Health Status: Displays the health status of CIFS service. If the status is unhealthy, then the cause for the status is also displayed with the status.

    novcifs --get-health-status

  • SMB Multichannel Operations Following are the supported operations:

    Enabling and Disabling SMB Multichannel: Enables or disabled SMB multichannel operations.

    novcifs --multi-channel={yes|no}

    Adding a multi-channel interface name: Allows you to add a name for the multi-channel interface.

    novcifs --multi-channel-interface --add --interface-name=<NETWORK-INTERFACE-NAME>

    Removing a multi-channel interface name: Allows you to remove a name for the multi-channel interface.

    novcifs --multi-channel-interface --remove --interface-name=<NETWORK-INTERFACE-NAME>

    Displays the list of all the multi-channel interfaces: Displays the list of multi channel interface.

    novcifs --multi-channel-interface --list