bDDoSDetection

bDDoSDetection

#Overview

name: bDDoSDetection

The value of this variable can be defined or overridden in .ini config files. 1 .ini config file referencing this setting variable.

It is referenced in 8 C++ source files.

#Summary

#Usage in the C++ source code

The purpose of bDDoSDetection is to enable or disable the Distributed Denial of Service (DDoS) detection system in Unreal Engine 5. This variable is part of the network security features of the engine, specifically designed to protect against potential DDoS attacks.

Based on the callsites, this setting variable is primarily used in the Net Core module of Unreal Engine 5, specifically within the DDoS detection system. It’s referenced in the FDDoSDetection class, which is likely part of the networking subsystem.

The value of this variable is set in the InitConfig() function, where it’s loaded from the engine configuration file (GEngineIni) using the GConfig system:

GConfig->GetBool(DDoSSection, TEXT("bDDoSDetection"), bDDoSDetection, GEngineIni);

This variable interacts with several other variables and functions within the DDoS detection system, such as bDDoSAnalytics, DDoSLogSpamLimit, and various packet counters and timing variables.

Developers must be aware that when this variable is set to false, the DDoS detection system is effectively disabled. This could potentially leave the application vulnerable to DDoS attacks. Additionally, if DDoS detection is enabled but no DetectionSeverity states are specified in the configuration, the system will automatically disable itself.

Best practices when using this variable include:

  1. Ensure it’s properly configured in the engine configuration file (GEngineIni).
  2. Always have proper DetectionSeverity states specified when enabling DDoS detection.
  3. Consider the performance implications of enabling DDoS detection, especially in performance-critical scenarios.
  4. Use in conjunction with bDDoSAnalytics for more comprehensive protection and analysis.
  5. Regularly review and adjust DDoS detection settings based on the specific needs and threats faced by your application.

#Setting Variables

#References In INI files

Location: <Workspace>/Engine/Config/BaseEngine.ini:1647, section: [DDoSDetection]

#References in C++ code

#Callsites

This variable is referenced in the following C++ source code:

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Private/Net/Core/Misc/DDoSDetection.cpp:63

Scope (from outer to inner):

file
function     FDDoSDetection::FDDoSDetection

Source code excerpt:


FDDoSDetection::FDDoSDetection()
	: bDDoSDetection(false)
	, bDDoSAnalytics(false)
	, bHitFrameNonConnLimit(false)
	, bHitFrameNetConnLimit(false)
	, DetectionSeverity()
	, ActiveState(0)
	, WorstActiveState(0)

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Private/Net/Core/Misc/DDoSDetection.cpp:102

Scope (from outer to inner):

file
function     void FDDoSDetection::InitConfig

Source code excerpt:

	int32 HitchFrameTolerance32 = -1;

	GConfig->GetBool(DDoSSection, TEXT("bDDoSDetection"), bDDoSDetection, GEngineIni);
	GConfig->GetBool(DDoSSection, TEXT("bDDoSAnalytics"), bDDoSAnalytics, GEngineIni);
	GConfig->GetInt(DDoSSection, TEXT("DDoSLogSpamLimit"), DDoSLogSpamLimit, GEngineIni);
	GConfig->GetInt(DDoSSection, TEXT("HitchTimeQuotaMS"), HitchTimeQuotaMS, GEngineIni);
	GConfig->GetInt(DDoSSection, TEXT("HitchFrameTolerance"), HitchFrameTolerance32, GEngineIni);

	HitchFrameTolerance = IntCastChecked<int8>(HitchFrameTolerance32);

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Private/Net/Core/Misc/DDoSDetection.cpp:113

Scope (from outer to inner):

file
function     void FDDoSDetection::InitConfig

Source code excerpt:

	DetectionSeverity.Empty();

	UE_LOG(LogNetCore, Log, TEXT("DDoS detection status: detection enabled: %d analytics enabled: %d"), bDDoSDetection, bDDoSAnalytics);

	if (bDDoSDetection)
	{
		TArray<FString> SeverityCatagories;
		int32 HighestCooloffTime = 0;

		GConfig->GetArray(DDoSSection, TEXT("DetectionSeverity"), SeverityCatagories, GEngineIni);

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Private/Net/Core/Misc/DDoSDetection.cpp:165

Scope (from outer to inner):

file
function     void FDDoSDetection::InitConfig

Source code excerpt:

			UE_LOG(LogNetCore, Warning, TEXT("DDoS detection enabled, but no DetectionSeverity states specified! Disabling."));

			bDDoSDetection = false;
		}
	}
}

void FDDoSDetection::SetMaxTickRate(int32 MaxTickRate)
{

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Private/Net/Core/Misc/DDoSDetection.cpp:261

Scope (from outer to inner):

file
function     void FDDoSDetection::PreFrameReceive

Source code excerpt:

void FDDoSDetection::PreFrameReceive(float DeltaTime)
{
	if (bDDoSDetection)
	{
		StartFrameRecvTimestamp = FPlatformTime::Seconds();
		bMetEscalationConditionsThisFrame = false;

		if (HitchTimeQuotaMS > 0 && EndFrameRecvTimestamp != 0.0)
		{

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Private/Net/Core/Misc/DDoSDetection.cpp:336

Scope (from outer to inner):

file
function     void FDDoSDetection::PostFrameReceive

Source code excerpt:

void FDDoSDetection::PostFrameReceive()
{
	if (bDDoSDetection)
	{
		// Some packet counters require an end-frame check for DDoS detection
		CheckNonConnQuotasAndLimits();


		EndFrameRecvTimestamp = FPlatformTime::Seconds();

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:244

Scope (from outer to inner):

file
class        class FDDoSDetection : protected FDDoSPacketCounters, protected FDDoSState
function     bool CheckLogRestrictions

Source code excerpt:

	bool CheckLogRestrictions()
	{
		return bDDoSLogRestrictions || (bDDoSDetection && ++LogHitCounter > DDoSLogSpamLimit);
	}


	// Brief accessors

	bool IsDDoSDetectionEnabled() const		{ return bDDoSDetection; }
	bool IsDDoSAnalyticsEnabled() const		{ return bDDoSAnalytics; }
	bool ShouldBlockNonConnPackets() const	{ return bHitFrameNonConnLimit; }
	bool ShouldBlockNetConnPackets() const	{ return bHitFrameNetConnLimit; }

	void IncNonConnPacketCounter()			{ ++NonConnPacketCounter; }
	int32 GetNonConnPacketCounter() const	{ return NonConnPacketCounter; }

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:291

Scope (from outer to inner):

file
class        class FDDoSDetection : protected FDDoSPacketCounters, protected FDDoSState

Source code excerpt:

protected:
	/** Whether or not DDoS detection is presently enabled */
	bool bDDoSDetection;

	/** Whether or not analytics for DDoS detection is enabled */
	bool bDDoSAnalytics;

	/** Whether or not the current frame has reached non-NetConnection packet limits, and should block non-NetConnection packets */
	bool bHitFrameNonConnLimit;