chimeraproject
chimera libevpl
Status & conformance · §

Project Maturity

The NFSv3, NFSv4 (4.0 / 4.1 / 4.2), and SMB2/3 servers implement the full data-path and metadata operation set and pass real-Linux-client conformance suites. The data path — read, write, metadata, locking — is mature and well exercised. Reboot-recovery state persistence, Kerberos for NFS, and several advanced protocol features are either present-but-incomplete or absent. Those gaps are listed below.

§ 01 At a glance

Four protocol servers over one pluggable async VFS. Because they share the VFS, all of them work across every backend — in-memory, Linux passthrough, and persistent.

NFSv3 Mature

All 21 procedures, full MOUNT v3, and a real NLM byte-range lock manager routed through the unified VFS lease layer. TCP and RPC-over-RDMA.

NFSv4 · 4.1 · 4.2 Mature core

Single COMPOUND handler across all three minor versions. Sessions, state, ACLs, xattrs, delegations, and pNFS (flex-files). Reboot-recovery persistence is framework-only.

SMB2 · SMB3 Broad coverage

All 19 commands, dialects through 3.1.1, signing, encryption, leases, durable handles, change-notify, ACLs, Kerberos. Several advanced features ship disabled by default.

S3 Object path only

Object data path works — GET/PUT/HEAD/DELETE, ranged reads, full multipart, SigV4/V2. Bucket management, versioning, ACLs, SSE, and conditional requests are absent.

§ 02 Backends

Every protocol sits on the same VFS, so it runs identically across all backends. A handful of features are backend-specific and noted in the per-protocol detail.

memfs in-memory linux passthrough io_uring cairn persistent diskfs persistent
§ 03 Feature detail, protocol by protocol

Each protocol below splits into what's done, what's partial (works with caveats), and what's missing. This is a summary — for the line-by-line detail and known bugs, the GitHub issue tracker is the source of truth.

NFSv3 + MOUNT v3 + NLM v4 locking
Mature

Done

  • All 21 procedures implemented, no stubs
  • MOUNT v3 — MNT, DUMP, UMNT, EXPORT, in-memory mount table
  • NLM v4 advisory byte-range locking through the unified VFS lease layer, with cross-protocol conflict detection
  • Write stability & COMMIT with per-instance write verifier
  • Weak cache consistency (wcc) pre/post attrs
  • TCP and RPC-over-RDMA transports
  • Built-in portmap / rpcbind

~Partial

  • Blocking locks: cross-protocol conflicts ride the wait path; same-protocol contention returns DENIED (no async GRANTED queue)
  • Lock state is in-memory only — does not survive a server restart
  • SHARE / UNSHARE (DOS share modes) accepted but not enforced
  • EXPORT access control: advertised to all clients, no per-client restriction

Missing

  • NSM / statd — no crash-recovery lock-reclaim notification
  • RPCSEC_GSS / Kerberos — non-AUTH_SYS flavors fall back to anonymous
  • UDP transport (TCP / RDMA only)
  • Duplicate Request Cache (v3 path)
NFSv4 · 4.1 · 4.2 single COMPOUND handler, minorversion 0–2
Mature core

Done

  • 4.0 base — every RFC 7530 operation has a real handler on the async VFS
  • 4.1 sessions & state — EXCHANGE_ID, CREATE_SESSION, SEQUENCE, RECLAIM_COMPLETE, layout ops
  • 4.2 — ALLOCATE, DEALLOCATE, SEEK, intra-server COPY, RFC 8276 xattrs
  • Delegations — read/write, callback channel, recall timeout (config-gated, default off)
  • pNFS — MDS + DS, flex-files primary; block & SCSI layout types
  • Full NFSv4 ACL model end-to-end
  • v4.0 duplicate-request cache keyed by XID

~Partial

  • Reboot recovery: grace/recovery framework exists but persist hooks are stubs — clients and state are not remembered across a restart
  • SET_SSV accepts but returns an empty digest (SSV-secured RPC not wired)
  • SECINFO_NO_NAME returns a single hardcoded flavor
  • Exclusive-CREATE verifier not persisted

Missing

  • RPCSEC_GSS / Kerberos — SECINFO advertises a krb5 OID but the RPC layer only does AUTH_SYS/AUTH_NONE
  • 4.2: READ_PLUS, CLONE, WRITE_SAME, IO_ADVISE, inter-server COPY
  • BIND_CONN_TO_SESSION, GET_DIR_DELEGATION
  • OPENATTR / named-attribute directories (user xattrs served via 4.2 ops instead)
  • CLAIM_DELEGATE_PREV (delegation reclaim after client reboot)
SMB2 · SMB3 dialects 2.1 – 3.1.1 · all 19 commands
Broad coverage

Done

  • All 19 SMB2 commands with real handlers
  • Dialects 2.1 / 3.0 / 3.0.2 / 3.1.1, with 3.1.1 negotiate contexts (preauth integrity, signing, encryption)
  • Auth: NTLM/NTLMSSP, Kerberos (GSSAPI/krb5 + SPNEGO), guest, winbind/AD
  • Signing: HMAC-SHA256, AES-CMAC, AES-GMAC
  • Encryption: AES-128/256 CCM & GCM
  • Oplocks & leases (R/RW/RWH) on VFS caching leases
  • Multichannel and SMB Direct / RDMA transport
  • Durable & persistent handles; named streams; change-notify (inotify-backed)
  • Security descriptors / ACLs with NT↔VFS mapping; rich FSCTL set

~Partial

  • SMB Direct / RDMA: SMB 3.0 framing only — the 3.1.1 transform (encrypted) variant is not yet wired
  • Durable handles: in-memory registry; cross-restart depends on record/recover, not a full store
  • Credits granted simplistically (no real windowing)
  • Byte-range locks work, but multi-lock requests (LockCount > 1) rejected
  • SACL emitted empty (DACL/owner/group are real)

Missing

  • DFS, Witness protocol
  • Extended Attributes (accept-and-ignore)
  • SMB3 compression (context parsed, never applied)
S3 HTTP-to-VFS bridge · object data path
Object path only

Done

  • Object ops: Put, Get (ranged), Head, Delete, batch DeleteObjects, server-side CopyObject
  • Multipart: full set — create, upload, complete, abort, list
  • Auth: AWS Signature V4 and V2
  • Streaming (aws-chunked) uploads
  • Listing with prefix; keep-alive; structured XML errors

~Partial

  • ETag is not content-MD5 (it's a hash of size/mtime/handle) — clients validating ETag==MD5 will mismatch
  • ListObjects incomplete: no pagination / continuation token, no delimiter / CommonPrefixes
  • Multipart & CopyObject disabled on diskfs (backend bug); other backends fine
  • Single root credential — key is authenticated but not mapped to a VFS identity (no per-user authz)
  • No presigned URLs / anonymous access

Missing

  • All bucket-level APIs — buckets exist only as static config
  • Bucket policy / ACL / versioning / lifecycle / CORS / tagging
  • Object ACL, tagging, object lock / retention
  • Server-side encryption (SSE / SSE-KMS / SSE-C)
  • User metadata (x-amz-meta-*); conditional requests
§ 04 Authentication, in one place
security: read this if you’re evaluating

Strong authentication (Kerberos / GSSAPI) is implemented and working for SMB, but not for NFS — the NFS RPC layer processes AUTH_SYS / AUTH_NONE only, and the krb5 advertisement in SECINFO is not yet implemented.

On the S3 side the access key is authenticated but not mapped to a VFS identity, so there is no per-user authorization yet — all operations run as root.

§ 05 How it's tested

Chimera registers ~11,370 tests via CTest, run in CI on a multi-image, dual-arch (amd64 / arm64), Release + Debug matrix. We use real-Linux-client conformance suites, not just our own unit tests.

~11,370
tests registered & gated in CI
67.9%
of the full external SMB2/3 conformance surface (smbtorture) passes
real clients
Linux NFS & SMB clients in KVM, plus in-process binding
// how to read these numbers

CI gates on every test it runs, so the honest claim is "everything we wire up passes." But two different things are being measured. smbtorture, WPTS, and KVM pNFS register their entire external conformance surface and then explicitly disable what doesn't pass — so their percentages are a true fraction of a real-world surface. Every other suite registers only the cases it expects to pass, so a 100% there means "100% of what we chose to wire up," not 100% of the protocol. Both are marked below.

Suite
What it validates
Tests
Pass
smbtorture
Samba SMB2/3 protocol conformance — the full external surface, with non-passing subtests explicitly disabled per backend.
828
67.9%
KVM pNFS
flex / block / SCSI layout over a real Linux client. The 12.5% gap is all SCSI-layout — a QEMU SCSI-reservation harness limit, not a server defect.
192
87.5%
pynfs
NFSv4.0 / 4.1 / 4.2 protocol conformance, across every backend and minor version.
6,689
100% *
posix-cthon
Connectathon NFS correctness, in-process client across all backends and NFS versions.
794
100% *
posix stress / fsx
fsx, fsstress, dirstress, nametest, fstest, rewinddir — in-process.
1,390
100% *
KVM xfstests
fsstress / fsx / etc. over a real Linux client, NFS 3 / 4.x.
576
100% *
KVM cthon
Connectathon over a real Linux client.
288
100% *
KVM SMB
SMB cthon / xfstests over a real Linux client.
216
100% *
WPTS
Microsoft MS-SMB2 server conformance (.NET) — the full suite across all 5 capability modes (base, persistent, compression, multichannel, encryption), with feature-N/A and non-passing cases disabled. Daemon stays crash-free in every mode.
267
57.3%
S3 (boto3)
S3 functional behavior — put / get / head / delete / list / copy / multipart / streaming, V4 and V2.
52
100% *
unit + submodule
VFS, client, server internals, plus libevpl / xdrzcc / prometheus-c dependency suites.
~278
100%

* 100% by construction — only expected-pass cases are registered, so this reflects coverage of what's wired up, not the full protocol surface. A pynfs/s3-tests number comparable to the smbtorture figure would require running the complete upstream suites without curated registration, which CI does not currently encode.

§ 06 smbtorture, by backend

Because smbtorture measures against the full SMB2/3 surface, it's the clearest read on real conformance. memfs leads with the complete feature set (including named streams); the passthrough backends trail because they can't persist btime / DOS attributes and don't support alternate data streams, so those subtests stay disabled.

Backend
Enabled
Disabled
Pass %
memfs
109
29
79.0%
diskfs (io_uring / aio)
101
37
73.2%
cairn
99
39
71.7%
linux / io_uring (passthrough)
76
62
55.1%
Overall
562
266
67.9%

A real-Windows-client SMB suite exists on a feature branch but is not yet wired into mainline CI. KVM suites require nested virtualization and run only on KVM-capable runners.

// the short version

The data-path and metadata operations across NFSv3, NFSv4, and SMB2/3 are mature and pass real-client conformance suites. The most significant gaps to know about before leaning on Chimera in production: no Kerberos for NFS; NFSv4 reboot-recovery state isn't persisted across a server restart; and the S3 server is object-data-path only — no bucket management, versioning, ACLs, SSE, or conditional requests. Several advanced SMB features (encryption, persistent handles, Kerberos) ship disabled by default.

This page is a summary. For line-by-line operation support, current bugs, and the roadmap, see the issue tracker on GitHub or ask in Discord.