EscalateQuotaBadPacketsPerSec

EscalateQuotaBadPacketsPerSec

#Overview

name: EscalateQuotaBadPacketsPerSec

The value of this variable can be defined or overridden in .ini config files. 2 .ini config files referencing this setting variable.

It is referenced in 5 C++ source files.

#Summary

#Usage in the C++ source code

The purpose of EscalateQuotaBadPacketsPerSec is to set a threshold for the number of bad (failed to process correctly) packets per second before triggering the next stage of DDoS (Distributed Denial of Service) detection in Unreal Engine 5.

This setting variable is primarily used by the networking subsystem of Unreal Engine, specifically within the DDoS detection module. It’s part of the Net/Core module, which handles core networking functionality.

The value of this variable is set through the engine configuration file (GEngineIni). It’s loaded in the InitConfig() function of the FDDoSDetection class.

EscalateQuotaBadPacketsPerSec interacts with other DDoS detection variables such as EscalateQuotaPacketsPerSec, EscalateQuotaDisconnPacketsPerSec, and EscalateTimeQuotaMSPerFrame. Together, these variables define different thresholds for detecting potential DDoS attacks.

Developers must be aware that this variable is crucial for balancing server security and performance. Setting it too low might result in false positives, while setting it too high might leave the server vulnerable to actual DDoS attacks.

Best practices when using this variable include:

  1. Carefully tuning its value based on your game’s specific network traffic patterns.
  2. Monitoring its effectiveness in real-world scenarios and adjusting as necessary.
  3. Using it in conjunction with other DDoS detection mechanisms for a more robust defense.
  4. Regularly reviewing and updating this value as your game’s network usage evolves.
  5. Considering different values for different game modes or server types if network usage varies significantly between them.

#Setting Variables

#References In INI files

Location: <Workspace>/Engine/Config/BaseEngine.ini:1663, section: [DDoSDetection.Burst]

Location: <Workspace>/Engine/Config/BaseEngine.ini:1670, section: [DDoSDetection.PersistentBurst]

#References in C++ code

#Callsites

This variable is referenced in the following C++ source code:

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Private/Net/Core/Misc/DDoSDetection.cpp:136

Scope (from outer to inner):

file
function     void FDDoSDetection::InitConfig

Source code excerpt:

				GConfig->GetInt(*CurSection, TEXT("EscalateQuotaPacketsPerSec"), CurState.EscalateQuotaPacketsPerSec, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("EscalateQuotaDisconnPacketsPerSec"), CurState.EscalateQuotaDisconnPacketsPerSec, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("EscalateQuotaBadPacketsPerSec"), CurState.EscalateQuotaBadPacketsPerSec, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("PacketLimitPerFrame"), CurState.PacketLimitPerFrame, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("PacketTimeLimitMSPerFrame"), CurState.PacketTimeLimitMSPerFrame, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("NetConnPacketTimeLimitMSPerFrame"), CurState.NetConnPacketTimeLimitMSPerFrame, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("CooloffTime"), CurState.CooloffTime, GEngineIni);

				if (GConfig->GetInt(*CurSection, TEXT("EscalateTimeQuotaMSPerFrame"), EscalateTime32, GEngineIni))

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:74

Scope: file

Source code excerpt:


	/** The number of bad (failed to process correctly) packets/sec, before the next stage of DDoS detection is triggered */
	int32 EscalateQuotaBadPacketsPerSec;

	/** The amount of time spent processing packets, before the next stage of DDoS detection is triggered */
	int16 EscalateTimeQuotaMSPerFrame;

	/** The limit for the number of non-NetConnection packets to process, each frame */
	int32 PacketLimitPerFrame;

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:96

Scope (from outer to inner):

file
function     FDDoSState

Source code excerpt:

		, EscalateQuotaPacketsPerSec(-1)
		, EscalateQuotaDisconnPacketsPerSec(-1)
		, EscalateQuotaBadPacketsPerSec(-1)
		, EscalateTimeQuotaMSPerFrame(-1)
		, PacketLimitPerFrame(-1)
		, PacketTimeLimitMSPerFrame(-1)
		, NetConnPacketTimeLimitMSPerFrame(-1)
		, CooloffTime(-1)
	{

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:116

Scope (from outer to inner):

file
function     bool HasHitQuota

Source code excerpt:

		const bool bAtQuota = EscalateQuotaPacketsPerSec > 0 && InCounter.NonConnPacketCounter >= EscalateQuotaPacketsPerSec;
		const bool bAtDisconnQuota = EscalateQuotaDisconnPacketsPerSec > 0 && InCounter.DisconnPacketCounter >= EscalateQuotaDisconnPacketsPerSec;
		const bool bAtBadQuota = EscalateQuotaBadPacketsPerSec > 0 && InCounter.BadPacketCounter >= EscalateQuotaBadPacketsPerSec;
		const bool bAtTimeQuota = EscalateTimeQuotaMSPerFrame > 0 && TimePassedMS > EscalateTimeQuotaMSPerFrame;

		return bAtQuota || bAtDisconnQuota || bAtBadQuota || bAtTimeQuota;
	}
};

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:142

Scope (from outer to inner):

file
function     void ApplyState

Source code excerpt:

		Target.EscalateQuotaPacketsPerSec			= EscalateQuotaPacketsPerSec;
		Target.EscalateQuotaDisconnPacketsPerSec	= EscalateQuotaDisconnPacketsPerSec;
		Target.EscalateQuotaBadPacketsPerSec		= EscalateQuotaBadPacketsPerSec;
		Target.EscalateTimeQuotaMSPerFrame			= EscalateTimeQuotaMSPerFrame;
		Target.PacketLimitPerFrame					= PacketLimitPerFrame;
		Target.PacketTimeLimitMSPerFrame			= PacketTimeLimitMSPerFrame;
		Target.NetConnPacketTimeLimitMSPerFrame		= NetConnPacketTimeLimitMSPerFrame;
		Target.CooloffTime							= CooloffTime;
	}