EscalateQuotaPacketsPerSec

EscalateQuotaPacketsPerSec

#Overview

name: EscalateQuotaPacketsPerSec

The value of this variable can be defined or overridden in .ini config files. 2 .ini config files referencing this setting variable.

It is referenced in 5 C++ source files.

#Summary

#Usage in the C++ source code

The purpose of EscalateQuotaPacketsPerSec is to set a threshold for the number of packets per second that triggers the next stage of DDoS (Distributed Denial of Service) detection in Unreal Engine 5’s networking system.

This setting variable is primarily used by the DDoS detection subsystem within Unreal Engine’s networking module. It’s part of the Net/Core component, which handles core networking functionality.

The value of this variable is set through the engine’s configuration system. It’s read from the GEngineIni file in the InitConfig() function of the FDDoSDetection class.

EscalateQuotaPacketsPerSec interacts with other DDoS detection variables such as EscalateQuotaDisconnPacketsPerSec and EscalateQuotaBadPacketsPerSec. Together, these variables form a set of thresholds for different types of network activity that might indicate a DDoS attack.

Developers must be aware that this variable is crucial for balancing server security and performance. Setting it too low might result in false positives, while setting it too high could leave the server vulnerable to actual DDoS attacks.

Best practices when using this variable include:

  1. Carefully tuning its value based on your game’s expected network traffic.
  2. Testing thoroughly with various network conditions to ensure it doesn’t interfere with normal gameplay.
  3. Monitoring its effectiveness in real-world scenarios and adjusting as necessary.
  4. Using it in conjunction with other DDoS prevention measures for a comprehensive security approach.
  5. Regularly reviewing and updating this value as your game’s network usage patterns may change over time.

#Setting Variables

#References In INI files

Location: <Workspace>/Engine/Config/BaseEngine.ini:1661, section: [DDoSDetection.Burst]

Location: <Workspace>/Engine/Config/BaseEngine.ini:1668, section: [DDoSDetection.PersistentBurst]

#References in C++ code

#Callsites

This variable is referenced in the following C++ source code:

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Private/Net/Core/Misc/DDoSDetection.cpp:134

Scope (from outer to inner):

file
function     void FDDoSDetection::InitConfig

Source code excerpt:


				GConfig->GetBool(*CurSection, TEXT("bSendEscalateAnalytics"), CurState.bSendEscalateAnalytics, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("EscalateQuotaPacketsPerSec"), CurState.EscalateQuotaPacketsPerSec, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("EscalateQuotaDisconnPacketsPerSec"), CurState.EscalateQuotaDisconnPacketsPerSec, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("EscalateQuotaBadPacketsPerSec"), CurState.EscalateQuotaBadPacketsPerSec, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("PacketLimitPerFrame"), CurState.PacketLimitPerFrame, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("PacketTimeLimitMSPerFrame"), CurState.PacketTimeLimitMSPerFrame, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("NetConnPacketTimeLimitMSPerFrame"), CurState.NetConnPacketTimeLimitMSPerFrame, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("CooloffTime"), CurState.CooloffTime, GEngineIni);

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:68

Scope: file

Source code excerpt:


	/** The number of packets/sec before the next stage of DDoS detection is triggered */
	int32 EscalateQuotaPacketsPerSec;

	/** The number of recently disconnected NetConnection packets/sec, before the next stage of DDoS detection is triggered. */
	int32 EscalateQuotaDisconnPacketsPerSec;

	/** The number of bad (failed to process correctly) packets/sec, before the next stage of DDoS detection is triggered */
	int32 EscalateQuotaBadPacketsPerSec;

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:94

Scope (from outer to inner):

file
function     FDDoSState

Source code excerpt:

	FDDoSState()
		: bSendEscalateAnalytics(true)
		, EscalateQuotaPacketsPerSec(-1)
		, EscalateQuotaDisconnPacketsPerSec(-1)
		, EscalateQuotaBadPacketsPerSec(-1)
		, EscalateTimeQuotaMSPerFrame(-1)
		, PacketLimitPerFrame(-1)
		, PacketTimeLimitMSPerFrame(-1)
		, NetConnPacketTimeLimitMSPerFrame(-1)

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:114

Scope (from outer to inner):

file
function     bool HasHitQuota

Source code excerpt:

	bool HasHitQuota(FDDoSPacketCounters& InCounter, int32 TimePassedMS) const
	{
		const bool bAtQuota = EscalateQuotaPacketsPerSec > 0 && InCounter.NonConnPacketCounter >= EscalateQuotaPacketsPerSec;
		const bool bAtDisconnQuota = EscalateQuotaDisconnPacketsPerSec > 0 && InCounter.DisconnPacketCounter >= EscalateQuotaDisconnPacketsPerSec;
		const bool bAtBadQuota = EscalateQuotaBadPacketsPerSec > 0 && InCounter.BadPacketCounter >= EscalateQuotaBadPacketsPerSec;
		const bool bAtTimeQuota = EscalateTimeQuotaMSPerFrame > 0 && TimePassedMS > EscalateTimeQuotaMSPerFrame;

		return bAtQuota || bAtDisconnQuota || bAtBadQuota || bAtTimeQuota;
	}

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:140

Scope (from outer to inner):

file
function     void ApplyState

Source code excerpt:

	{
		Target.bSendEscalateAnalytics				= bSendEscalateAnalytics;
		Target.EscalateQuotaPacketsPerSec			= EscalateQuotaPacketsPerSec;
		Target.EscalateQuotaDisconnPacketsPerSec	= EscalateQuotaDisconnPacketsPerSec;
		Target.EscalateQuotaBadPacketsPerSec		= EscalateQuotaBadPacketsPerSec;
		Target.EscalateTimeQuotaMSPerFrame			= EscalateTimeQuotaMSPerFrame;
		Target.PacketLimitPerFrame					= PacketLimitPerFrame;
		Target.PacketTimeLimitMSPerFrame			= PacketTimeLimitMSPerFrame;
		Target.NetConnPacketTimeLimitMSPerFrame		= NetConnPacketTimeLimitMSPerFrame;