bSendEscalateAnalytics

bSendEscalateAnalytics

#Overview

name: bSendEscalateAnalytics

The value of this variable can be defined or overridden in .ini config files. 9 .ini config files referencing this setting variable.

It is referenced in 8 C++ source files.

#Summary

#Usage in the C++ source code

The purpose of bSendEscalateAnalytics is to control whether analytics data should be sent when the system escalates to a specific state in response to potential Denial of Service (DoS) or Remote Procedure Call (RPC) DoS attacks.

This setting variable is primarily used in Unreal Engine’s networking subsystem, specifically in the DoS and RPC DoS detection modules. It’s referenced in the Engine and Net/Core modules.

The value of this variable is typically set in configuration files (like GEngineIni) and can be loaded using GConfig->GetBool(). It’s also part of the FRPCDoSStateConfig and FDDoSState structures, which suggests it can be configured on a per-state basis for different severity levels of DoS detection.

This variable interacts closely with other DoS detection settings, such as various quota and limit variables (e.g., EscalateQuotaRPCsPerFrame, PacketLimitPerFrame). It’s also used in conjunction with bDDoSAnalytics and bRPCDoSAnalytics flags to determine when to send analytics data.

Developers must be aware that this variable affects the amount of data sent for analytics purposes. Enabling it may increase network traffic and data collection but provides more information for debugging and monitoring potential DoS attacks.

Best practices when using this variable include:

  1. Carefully consider the privacy implications of sending analytics data.
  2. Use it in conjunction with other DoS detection settings for a comprehensive security approach.
  3. Ensure that analytics systems are in place to handle and analyze the data if this setting is enabled.
  4. Configure it differently for various environments (e.g., development, staging, production) as needed.
  5. Regularly review and update the settings based on observed attack patterns and performance impacts.

#Setting Variables

#References In INI files

Location: <Workspace>/Engine/Config/BaseEngine.ini:1660, section: [DDoSDetection.Burst]

Location: <Workspace>/Engine/Config/BaseEngine.ini:1667, section: [DDoSDetection.PersistentBurst]

Location: <Workspace>/Engine/Config/BaseEngine.ini:1676, section: [DDoSDetection.DDoS]

Location: <Workspace>/Engine/Config/BaseEngine.ini:1684, section: [DDoSDetection.ExpensiveDDoS]

Location: <Workspace>/Engine/Config/BaseEngine.ini:1692, section: [DDoSDetection.DebilitatingDDoS]

Location: <Workspace>/Engine/Config/BaseEngine.ini:1752, section: [RPCDoSDetection.PersistentBurst]

Location: <Workspace>/Engine/Config/BaseEngine.ini:1765, section: [RPCDoSDetection.DoS]

Location: <Workspace>/Engine/Config/BaseEngine.ini:1781, section: [RPCDoSDetection.ExpensiveDoS]

Location: <Workspace>/Engine/Config/BaseEngine.ini:1796, section: [RPCDoSDetection.Kick]

#References in C++ code

#Callsites

This variable is referenced in the following C++ source code:

#Loc: <Workspace>/Engine/Source/Runtime/Engine/Private/Net/RPCDoSDetection.cpp:310

Scope (from outer to inner):

file
function     void FRPCDoSStateConfig::ApplyState

Source code excerpt:

{
	Target.bLogEscalate						= bLogEscalate;
	Target.bSendEscalateAnalytics			= bSendEscalateAnalytics;
	Target.bKickPlayer						= bKickPlayer;
	Target.bTrackRecentRPCs					= bTrackRecentRPCs;
	Target.EscalateQuotaRPCsPerFrame		= EscalateQuotaRPCsPerFrame;
	Target.EscalateTimeQuotaMSPerFrame		= EscalateTimeQuotaMSPerFrame;
	Target.EscalateQuotaRPCsPerPeriod		= EscalateQuotaRPCsPerPeriod;
	Target.EscalateTimeQuotaMSPerPeriod		= EscalateTimeQuotaMSPerPeriod;

#Loc: <Workspace>/Engine/Source/Runtime/Engine/Private/Net/RPCDoSDetection.cpp:653

Scope (from outer to inner):

file
function     void FRPCDoSDetection::UpdateSeverity_Private

Source code excerpt:

					WorstAnalyticsState = ActiveState;

					if (bRPCDoSAnalytics && bSendEscalateAnalytics && RPCDoSAnalyticsData.IsValid() &&
						RPCDoSAnalyticsData->WorstAnalyticsState < WorstAnalyticsState)
					{
						const FString& PlayerIP = GetPlayerAddress();
						const FString& PlayerUID = GetPlayerUID();

						// Estimate the worst per second RPC execution time/count, that may have triggered this escalation, for ranking

#Loc: <Workspace>/Engine/Source/Runtime/Engine/Public/Net/RPCDoSDetection.h:177

Scope: file

Source code excerpt:

	/** Whether or not to send analytics when escalating to this state */
	UPROPERTY(config)
	bool bSendEscalateAnalytics		= false;

	/** Whether or not to kick the player when they escalate to this state */
	UPROPERTY(config)
	bool bKickPlayer				= false;

	/** Whether or not to keep a temporary record of recent RPC's, for potential logging/analytics */

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Private/Net/Core/Misc/DDoSDetection.cpp:133

Scope (from outer to inner):

file
function     void FDDoSDetection::InitConfig

Source code excerpt:

				CurState.SeverityCategory = CurCategory;

				GConfig->GetBool(*CurSection, TEXT("bSendEscalateAnalytics"), CurState.bSendEscalateAnalytics, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("EscalateQuotaPacketsPerSec"), CurState.EscalateQuotaPacketsPerSec, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("EscalateQuotaDisconnPacketsPerSec"), CurState.EscalateQuotaDisconnPacketsPerSec, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("EscalateQuotaBadPacketsPerSec"), CurState.EscalateQuotaBadPacketsPerSec, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("PacketLimitPerFrame"), CurState.PacketLimitPerFrame, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("PacketTimeLimitMSPerFrame"), CurState.PacketTimeLimitMSPerFrame, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("NetConnPacketTimeLimitMSPerFrame"), CurState.NetConnPacketTimeLimitMSPerFrame, GEngineIni);

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Private/Net/Core/Misc/DDoSDetection.cpp:249

Scope (from outer to inner):

file
function     void FDDoSDetection::UpdateSeverity

Source code excerpt:

		if (bEscalate && ActiveState > WorstActiveState)
		{
			if (bDDoSAnalytics && CurState.bSendEscalateAnalytics)
			{
				NotifySeverityEscalation.ExecuteIfBound(CurState.SeverityCategory);
			}

			WorstActiveState = ActiveState;
		}

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:65

Scope: file

Source code excerpt:

{
	/** Whether or not to send analytics when escalating to this state */
	bool bSendEscalateAnalytics;

	/** The number of packets/sec before the next stage of DDoS detection is triggered */
	int32 EscalateQuotaPacketsPerSec;

	/** The number of recently disconnected NetConnection packets/sec, before the next stage of DDoS detection is triggered. */
	int32 EscalateQuotaDisconnPacketsPerSec;

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:93

Scope (from outer to inner):

file
function     FDDoSState

Source code excerpt:


	FDDoSState()
		: bSendEscalateAnalytics(true)
		, EscalateQuotaPacketsPerSec(-1)
		, EscalateQuotaDisconnPacketsPerSec(-1)
		, EscalateQuotaBadPacketsPerSec(-1)
		, EscalateTimeQuotaMSPerFrame(-1)
		, PacketLimitPerFrame(-1)
		, PacketTimeLimitMSPerFrame(-1)

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:139

Scope (from outer to inner):

file
function     void ApplyState

Source code excerpt:

	void ApplyState(FDDoSState& Target)
	{
		Target.bSendEscalateAnalytics				= bSendEscalateAnalytics;
		Target.EscalateQuotaPacketsPerSec			= EscalateQuotaPacketsPerSec;
		Target.EscalateQuotaDisconnPacketsPerSec	= EscalateQuotaDisconnPacketsPerSec;
		Target.EscalateQuotaBadPacketsPerSec		= EscalateQuotaBadPacketsPerSec;
		Target.EscalateTimeQuotaMSPerFrame			= EscalateTimeQuotaMSPerFrame;
		Target.PacketLimitPerFrame					= PacketLimitPerFrame;
		Target.PacketTimeLimitMSPerFrame			= PacketTimeLimitMSPerFrame;