EscalateTimeQuotaMSPerFrame

EscalateTimeQuotaMSPerFrame

#Overview

name: EscalateTimeQuotaMSPerFrame

The value of this variable can be defined or overridden in .ini config files. 4 .ini config files referencing this setting variable.

It is referenced in 11 C++ source files.

#Summary

#Usage in the C++ source code

The purpose of EscalateTimeQuotaMSPerFrame is to set a time threshold for executing Remote Procedure Calls (RPCs) per frame, which triggers the next stage of Denial of Service (DoS) detection when exceeded. This variable is part of Unreal Engine’s network security system, specifically for detecting and preventing RPC-based DoS attacks.

This setting variable is primarily used by the networking subsystem of Unreal Engine, particularly in the DoS detection module. It is referenced in the Engine and Net modules, specifically in the RPCDoSDetection and DDoSDetection components.

The value of this variable is typically set in the engine configuration files (e.g., GEngineIni) and can be loaded using GConfig->GetInt() function. It is also defined as a UPROPERTY with the ‘config’ specifier, allowing it to be easily configured in project settings.

EscalateTimeQuotaMSPerFrame interacts with several other variables related to DoS detection, such as EscalateTimeQuotaSecsPerFrame (which is a converted version of EscalateTimeQuotaMSPerFrame from milliseconds to seconds) and EscalateTimeQuotaMSPerPeriod.

Developers must be aware that this variable is crucial for balancing network security and performance. Setting it too low might cause false positives in DoS detection, while setting it too high might leave the system vulnerable to actual DoS attacks.

Best practices when using this variable include:

  1. Carefully tuning the value based on your game’s specific networking requirements and expected RPC usage.
  2. Testing thoroughly with various network conditions to ensure it doesn’t negatively impact legitimate gameplay.
  3. Using it in conjunction with other DoS detection mechanisms for a more robust security system.
  4. Regularly reviewing and adjusting the value as your game’s networking needs evolve.
  5. Considering different values for different game modes or player counts if necessary.

Remember that this variable is part of a larger DoS detection system, and its effectiveness depends on how well it’s configured in relation to other security measures.

#Setting Variables

#References In INI files

Location: <Workspace>/Engine/Config/BaseEngine.ini:1671, section: [DDoSDetection.PersistentBurst]

Location: <Workspace>/Engine/Config/BaseEngine.ini:1677, section: [DDoSDetection.DDoS]

Location: <Workspace>/Engine/Config/BaseEngine.ini:1685, section: [DDoSDetection.ExpensiveDDoS]

Location: <Workspace>/Engine/Config/BaseEngine.ini:1731, section: [RPCDoSDetection.Normal]

#References in C++ code

#Callsites

This variable is referenced in the following C++ source code:

#Loc: <Workspace>/Engine/Source/Runtime/Engine/Private/Net/RPCDoSDetection.cpp:128

Scope (from outer to inner):

file
function     void FRPCDoSState::ApplyImpliedValues

Source code excerpt:


	bTrackRecentRPCs = bTrackRecentRPCs || (RPCRepeatLimitPerPeriod != -1 && RPCRepeatLimitTimePeriod != -1);
	EscalateTimeQuotaSecsPerFrame = (EscalateTimeQuotaMSPerFrame != -1 ? (EscalateTimeQuotaMSPerFrame / 1000.0) : 0.0);
	EscalateTimeQuotaSecsPerPeriod = (EscalateTimeQuotaMSPerPeriod != -1 ? (EscalateTimeQuotaMSPerPeriod / 1000.0) : 0.0);
	RPCRepeatLimitSecsPerPeriod = (RPCRepeatLimitMSPerPeriod != -1 ? (RPCRepeatLimitMSPerPeriod / 1000.0) : 0.0);
	EscalationTimeToleranceSeconds = (EscalationTimeToleranceMS != -1 ? (EscalationTimeToleranceMS / 1000.0) : 0.0);
}

bool FRPCDoSState::HasHitQuota_Count(const FRPCDoSCounters(&PerPeriodHistory)[16], FRPCDoSCounters& InFrameCounter) const

#Loc: <Workspace>/Engine/Source/Runtime/Engine/Private/Net/RPCDoSDetection.cpp:160

Scope (from outer to inner):

file
function     bool FRPCDoSState::HasHitQuota_Time

Source code excerpt:

bool FRPCDoSState::HasHitQuota_Time(const FRPCDoSCounters(&PerPeriodHistory)[16], FRPCDoSCounters& InFrameCounter) const
{
	bool bReturnVal = EscalateTimeQuotaMSPerFrame > 0 && InFrameCounter.AccumRPCTime >= EscalateTimeQuotaSecsPerFrame;

#if RPC_QUOTA_DEBUG
	bool bDebugReturnVal = EscalateTimeQuotaMSPerFrame > 0 && InFrameCounter.DebugAccumRPCTime >= EscalateTimeQuotaSecsPerFrame;

	UE_CLOG(bReturnVal, LogNet, Log,
			TEXT("HasHitQuota_Time: Hit Frame Quota: AccumRPCTime: %f, DebugAccumRPCTime: %f, Limit: %f (%i ms)"),
			InFrameCounter.AccumRPCTime, InFrameCounter.DebugAccumRPCTime, EscalateTimeQuotaSecsPerFrame,
			EscalateTimeQuotaMSPerFrame);

	UE_CLOG(bReturnVal ^ bDebugReturnVal, LogNet, Warning,
			TEXT("HasHitQuota_Time: Approximate vs Debug Quota mismatch: AccumRPCTime: %f, DebugAccumRPCTime: %f, Limit: %f (%i ms)"),
			InFrameCounter.AccumRPCTime, InFrameCounter.DebugAccumRPCTime, EscalateTimeQuotaSecsPerFrame,
			EscalateTimeQuotaMSPerFrame);
#endif

	if (EscalateTimeQuotaMSPerPeriod > 0 && !bReturnVal)
	{
		const FRPCDoSCounters& PeriodCounter = PerPeriodHistory[EscalateQuotaTimePeriod - 1];

#Loc: <Workspace>/Engine/Source/Runtime/Engine/Private/Net/RPCDoSDetection.cpp:314

Scope (from outer to inner):

file
function     void FRPCDoSStateConfig::ApplyState

Source code excerpt:

	Target.bTrackRecentRPCs					= bTrackRecentRPCs;
	Target.EscalateQuotaRPCsPerFrame		= EscalateQuotaRPCsPerFrame;
	Target.EscalateTimeQuotaMSPerFrame		= EscalateTimeQuotaMSPerFrame;
	Target.EscalateQuotaRPCsPerPeriod		= EscalateQuotaRPCsPerPeriod;
	Target.EscalateTimeQuotaMSPerPeriod		= EscalateTimeQuotaMSPerPeriod;
	Target.EscalateQuotaTimePeriod			= EscalateQuotaTimePeriod;
	Target.RPCRepeatLimitPerPeriod			= RPCRepeatLimitPerPeriod;
	Target.RPCRepeatLimitMSPerPeriod		= RPCRepeatLimitMSPerPeriod;
	Target.RPCRepeatLimitTimePeriod			= RPCRepeatLimitTimePeriod;

#Loc: <Workspace>/Engine/Source/Runtime/Engine/Public/Net/RPCDoSDetection.h:196

Scope: file

Source code excerpt:

	/** The amount of time spent executing RPC's per frame, before the next stage of DoS detection is triggered */
	UPROPERTY(config)
	int16 EscalateTimeQuotaMSPerFrame	= -1;

	/** The number of RPC's per EscalateQuotaPeriod before the next stage of DoS detection is triggered */
	UPROPERTY(config)
	int16 EscalateQuotaRPCsPerPeriod	= -1;

	/** The amount of time spent executing RPC's per EscalateQuotaPeriod, before the next stage of DoS detection is triggered */

#Loc: <Workspace>/Engine/Source/Runtime/Engine/Public/Net/RPCDoSDetection.h:248

Scope: file

Source code excerpt:

	/** Cached/converted values */

	/** EscalateTimeQuotaMSPerFrame converted to seconds */
	double EscalateTimeQuotaSecsPerFrame	= 0.0;

	/** EscalateTimeQuotaMSPerPeriod converted to seconds */
	double EscalateTimeQuotaSecsPerPeriod	= 0.0;

	/** RPCRepeatLimitMSPerPeriod converted to seconds */

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Private/Net/Core/Misc/DDoSDetection.cpp:142

Scope (from outer to inner):

file
function     void FDDoSDetection::InitConfig

Source code excerpt:

				GConfig->GetInt(*CurSection, TEXT("CooloffTime"), CurState.CooloffTime, GEngineIni);

				if (GConfig->GetInt(*CurSection, TEXT("EscalateTimeQuotaMSPerFrame"), EscalateTime32, GEngineIni))
				{
					CurState.EscalateTimeQuotaMSPerFrame = IntCastChecked<int16>(EscalateTime32);
				}

				HighestCooloffTime = FMath::Max(HighestCooloffTime, CurState.CooloffTime);
			}
			else
			{

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:77

Scope: file

Source code excerpt:


	/** The amount of time spent processing packets, before the next stage of DDoS detection is triggered */
	int16 EscalateTimeQuotaMSPerFrame;

	/** The limit for the number of non-NetConnection packets to process, each frame */
	int32 PacketLimitPerFrame;

	/** The limit for time spent processing non-NetConnection packets, each frame (counts all packets time, non-NetConn and NetConn) */
	int32 PacketTimeLimitMSPerFrame;

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:97

Scope (from outer to inner):

file
function     FDDoSState

Source code excerpt:

		, EscalateQuotaDisconnPacketsPerSec(-1)
		, EscalateQuotaBadPacketsPerSec(-1)
		, EscalateTimeQuotaMSPerFrame(-1)
		, PacketLimitPerFrame(-1)
		, PacketTimeLimitMSPerFrame(-1)
		, NetConnPacketTimeLimitMSPerFrame(-1)
		, CooloffTime(-1)
	{
	}

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:117

Scope (from outer to inner):

file
function     bool HasHitQuota

Source code excerpt:

		const bool bAtDisconnQuota = EscalateQuotaDisconnPacketsPerSec > 0 && InCounter.DisconnPacketCounter >= EscalateQuotaDisconnPacketsPerSec;
		const bool bAtBadQuota = EscalateQuotaBadPacketsPerSec > 0 && InCounter.BadPacketCounter >= EscalateQuotaBadPacketsPerSec;
		const bool bAtTimeQuota = EscalateTimeQuotaMSPerFrame > 0 && TimePassedMS > EscalateTimeQuotaMSPerFrame;

		return bAtQuota || bAtDisconnQuota || bAtBadQuota || bAtTimeQuota;
	}
};

/**

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:143

Scope (from outer to inner):

file
function     void ApplyState

Source code excerpt:

		Target.EscalateQuotaDisconnPacketsPerSec	= EscalateQuotaDisconnPacketsPerSec;
		Target.EscalateQuotaBadPacketsPerSec		= EscalateQuotaBadPacketsPerSec;
		Target.EscalateTimeQuotaMSPerFrame			= EscalateTimeQuotaMSPerFrame;
		Target.PacketLimitPerFrame					= PacketLimitPerFrame;
		Target.PacketTimeLimitMSPerFrame			= PacketTimeLimitMSPerFrame;
		Target.NetConnPacketTimeLimitMSPerFrame		= NetConnPacketTimeLimitMSPerFrame;
		Target.CooloffTime							= CooloffTime;
	}

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:157

Scope (from outer to inner):

file
function     void ApplyAdjustedState

Source code excerpt:

	{
		// Exclude escalation triggers from this
		//Target.EscalateTimeQuotaMSPerFrame		= (EscalateTimeQuotaMSPerFrame == -1 ? -1 : EscalateTimeQuotaMSPerFrame * FrameAdjustment);
		Target.PacketLimitPerFrame				= (PacketLimitPerFrame == -1 ? -1 : (int32)((float)PacketLimitPerFrame * FrameAdjustment));
		Target.PacketTimeLimitMSPerFrame		= (PacketTimeLimitMSPerFrame == -1 ? -1 : (int32)((float)PacketTimeLimitMSPerFrame * FrameAdjustment));
		Target.NetConnPacketTimeLimitMSPerFrame	= (NetConnPacketTimeLimitMSPerFrame == -1 ? -1 : (int32)((float)NetConnPacketTimeLimitMSPerFrame * FrameAdjustment));
	}
};