DDoSLogSpamLimit

DDoSLogSpamLimit

#Overview

name: DDoSLogSpamLimit

The value of this variable can be defined or overridden in .ini config files. 1 .ini config file referencing this setting variable.

It is referenced in 5 C++ source files.

#Summary

#Usage in the C++ source code

The purpose of DDoSLogSpamLimit is to control the number of log messages related to Distributed Denial of Service (DDoS) detection in Unreal Engine 5. It serves as a threshold to prevent excessive logging during potential DDoS attacks, which could otherwise overwhelm the system with log entries.

This setting variable is primarily used by the DDoS detection subsystem within Unreal Engine’s networking module. Based on the callsites, it’s part of the Net/Core module, specifically within the DDoS detection feature.

The value of DDoSLogSpamLimit is set in the InitConfig function of the FDDoSDetection class. It’s read from the engine configuration file (GEngineIni) using the GConfig system. If the value is not set or is less than or equal to zero, it defaults to 64.

DDoSLogSpamLimit interacts with the LogHitCounter variable, which keeps track of the number of log messages generated in the current frame. When LogHitCounter exceeds DDoSLogSpamLimit, further logging is restricted for that frame.

Developers must be aware that this variable affects the visibility of DDoS-related log messages. Setting it too low might hide important information about potential attacks, while setting it too high could lead to excessive logging and potential performance impacts.

Best practices when using this variable include:

1. Carefully considering the appropriate limit based on the expected network traffic and potential attack patterns.
2. Monitoring and adjusting the value based on real-world usage and any false positives or negatives in DDoS detection.
3. Ensuring that other logging and monitoring systems are in place to complement this limit, especially if it’s set to a low value.
4. Regularly reviewing logs to ensure that important DDoS-related information is not being suppressed due to this limit.

#Setting Variables

#References In INI files

Location: <Workspace>/Engine/Config/BaseEngine.ini:1649, section: [DDoSDetection]

• INI Section: DDoSDetection
• Raw value: 64
• Is Array: False

#References in C++ code

#Callsites

This variable is referenced in the following C++ source code:

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Private/Net/Core/Misc/DDoSDetection.cpp:73

Scope (from outer to inner):

file
function     FDDoSDetection::FDDoSDetection

Source code excerpt:

	, bMetEscalationConditionsThisFrame(false)
	, bDDoSLogRestrictions(false)
	, DDoSLogSpamLimit(0)
	, LogHitCounter(0)
	, HitchTimeQuotaMS(-1)
	, HitchFrameTolerance(-1)
	, HitchFrameCount(0)
	, LastPerSecQuotaBegin(0.0)
	, CounterPerSecHistory()

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Private/Net/Core/Misc/DDoSDetection.cpp:104

Scope (from outer to inner):

file
function     void FDDoSDetection::InitConfig

Source code excerpt:

	GConfig->GetBool(DDoSSection, TEXT("bDDoSDetection"), bDDoSDetection, GEngineIni);
	GConfig->GetBool(DDoSSection, TEXT("bDDoSAnalytics"), bDDoSAnalytics, GEngineIni);
	GConfig->GetInt(DDoSSection, TEXT("DDoSLogSpamLimit"), DDoSLogSpamLimit, GEngineIni);
	GConfig->GetInt(DDoSSection, TEXT("HitchTimeQuotaMS"), HitchTimeQuotaMS, GEngineIni);
	GConfig->GetInt(DDoSSection, TEXT("HitchFrameTolerance"), HitchFrameTolerance32, GEngineIni);

	HitchFrameTolerance = IntCastChecked<int8>(HitchFrameTolerance32);
	DDoSLogSpamLimit = DDoSLogSpamLimit > 0 ? DDoSLogSpamLimit : 64;

	DetectionSeverity.Empty();

	UE_LOG(LogNetCore, Log, TEXT("DDoS detection status: detection enabled: %d analytics enabled: %d"), bDDoSDetection, bDDoSAnalytics);

	if (bDDoSDetection)

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Private/Net/Core/Misc/DDoSDetection.cpp:322

Scope (from outer to inner):

file
function     void FDDoSDetection::PreFrameReceive

Source code excerpt:

		StartFramePacketCount = NonConnPacketCounter;

		if (LogHitCounter >= DDoSLogSpamLimit)
		{
			UE_LOG(LogNetCore, Warning, TEXT("Previous frame hit DDoS LogHitCounter limit - hit count: %i (Max: %i)"), LogHitCounter,
					DDoSLogSpamLimit);
		}

		LogHitCounter = 0;
		bHitFrameNonConnLimit = false;
		bHitFrameNetConnLimit = false;
	}

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:244

Scope (from outer to inner):

file
class        class FDDoSDetection : protected FDDoSPacketCounters, protected FDDoSState
function     bool CheckLogRestrictions

Source code excerpt:

	bool CheckLogRestrictions()
	{
		return bDDoSLogRestrictions || (bDDoSDetection && ++LogHitCounter > DDoSLogSpamLimit);
	}


	// Brief accessors

	bool IsDDoSDetectionEnabled() const		{ return bDDoSDetection; }

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:323

Scope (from outer to inner):

file
class        class FDDoSDetection : protected FDDoSPacketCounters, protected FDDoSState

Source code excerpt:

	/** The maximum number of non-NetConnection triggered log messages per frame, before further logs are dropped this frame */
	int32 DDoSLogSpamLimit;

	/** Counter for log restriction hits, in the current frame */
	int32 LogHitCounter;


	/** The amount of time since the previous frame, for detecting frame hitches, to prevent DDoS detection false positives */