net.AllowEncryption

net.AllowEncryption

#Overview

name: net.AllowEncryption

This variable is created as a Console Variable (cvar).

It is referenced in 10 C++ source files.

#Summary

#Usage in the C++ source code

The purpose of net.AllowEncryption is to control the use of encryption in network communication within the Unreal Engine. It is primarily used for the networking system, specifically for managing packet encryption.

This setting variable is relied upon by several Unreal Engine subsystems and modules, including:

  1. The core Engine module
  2. The PacketHandler module
  3. The OnlineSubsystemUtils plugin

The value of this variable is set as a console variable (CVar) with a default value of 1. It can be changed at runtime through the console or configuration files.

The associated variable CVarNetAllowEncryption interacts directly with net.AllowEncryption, sharing the same value and purpose.

Developers must be aware of the following when using this variable:

  1. It has three possible values: 0 (Disabled), 1 (Allowed, default), and 2 (Required).
  2. When set to 0, encryption is disabled, and the engine will not attempt to load encryption components or use encryption tokens.
  3. When set to 1 or 2, the engine will attempt to load an encryption PacketHandler component and use encryption tokens.
  4. A value of 2 makes encryption required, which is enforced on the server side.
  5. The behavior can be different in development builds and PIE (Play In Editor) sessions.

Best practices when using this variable include:

  1. Ensure that encryption is enabled (1 or 2) for production builds to enhance security.
  2. Be cautious when changing this value at runtime, as it may affect ongoing network connections.
  3. Consider the performance impact of encryption, especially on lower-end devices or high-traffic servers.
  4. Use the associated CVarNetAllowEncryption for consistency when accessing this setting in C++ code.
  5. Be aware of the interaction between this setting and other network-related configurations, such as EncryptionToken URL options.

The associated variable CVarNetAllowEncryption serves the same purpose as net.AllowEncryption. It is used throughout the codebase to access the encryption setting value. Developers should use this variable when they need to check or modify the encryption setting in C++ code. The same considerations and best practices apply to CVarNetAllowEncryption as they do to net.AllowEncryption.

#References in C++ code

#Callsites

This variable is referenced in the following C++ source code:

#Loc: <Workspace>/Engine/Source/Runtime/Engine/Private/NetDriver.cpp:395

Scope: file

Source code excerpt:


TAutoConsoleVariable<int32> CVarNetAllowEncryption(
	TEXT("net.AllowEncryption"),
	1,
	TEXT("If true, the engine will attempt to load an encryption PacketHandler component and fill in the EncryptionToken parameter ")
	TEXT("of the NMT_Hello message based on the ?EncryptionToken= URL option and call callbacks if it's non-empty. ")
	TEXT("Additionally, a value of '2' will make the EncryptionToken required - which is enforced serverside. ")
	TEXT("(0 = Disabled, 1 = Allowed (default), 2 = Required)"));

#Loc: <Workspace>/Engine/Source/Runtime/Engine/Classes/Engine/NetworkDelegates.h:150

Scope: file

Source code excerpt:

enum class EEncryptionFailureAction : uint8
{
	/** Default handling of encryption failures - net.AllowEncryption determines whether to reject or accept, with exceptions for PIE etc. */
	Default,
	/** Reject the connection */
	RejectConnection,
	/** Allow the connection */
	AllowConnection
};

#Loc: <Workspace>/Engine/Source/Runtime/PacketHandlers/PacketHandler/Private/PacketHandler.cpp:207

Scope (from outer to inner):

file
function     void PacketHandler::Initialize

Source code excerpt:

	if (GConfig->GetString(TEXT("PacketHandlerComponents"), TEXT("EncryptionComponent"), EncryptionComponentName, GEngineIni) && !EncryptionComponentName.IsEmpty())
	{
		static IConsoleVariable* const AllowEncryptionCVar = IConsoleManager::Get().FindConsoleVariable(TEXT("net.AllowEncryption"));
		if (AllowEncryptionCVar == nullptr || AllowEncryptionCVar->GetInt() != 0)
		{
			EncryptionComponent = StaticCastSharedPtr<FEncryptionComponent>(AddHandler(EncryptionComponentName, true));
		}
		else
		{

#Associated Variable and Callsites

This variable is associated with another variable named CVarNetAllowEncryption. They share the same value. See the following C++ source code.

#Loc: <Workspace>/Engine/Plugins/Online/OnlineSubsystemUtils/Source/OnlineSubsystemUtils/Private/OnlineBeaconClient.cpp:255

Scope (from outer to inner):

file
function     void AOnlineBeaconClient::SetEncryptionData

Source code excerpt:

void AOnlineBeaconClient::SetEncryptionData(const FEncryptionData& InEncryptionData)
{
	if (CVarNetAllowEncryption.GetValueOnGameThread() != 0)
	{
		EncryptionData = InEncryptionData;
	}
}

void AOnlineBeaconClient::SendInitialJoin()

#Loc: <Workspace>/Engine/Plugins/Online/OnlineSubsystemUtils/Source/OnlineSubsystemUtils/Private/OnlineBeaconClient.cpp:270

Scope (from outer to inner):

file
function     void AOnlineBeaconClient::SendInitialJoin

Source code excerpt:

		check(IsLittleEndian == !!IsLittleEndian); // should only be one or zero

		const int32 AllowEncryption = CVarNetAllowEncryption.GetValueOnGameThread();
		uint32 LocalNetworkVersion = FNetworkVersion::GetLocalNetworkVersion();

		if (AllowEncryption == 0)
		{
			EncryptionData.Identifier.Empty();
		}

#Loc: <Workspace>/Engine/Source/Runtime/Engine/Classes/Engine/NetDriver.h:376

Scope: file

Source code excerpt:

using FConnectionMap = TMap<TSharedRef<const FInternetAddr>, TObjectPtr<UNetConnection>, FDefaultSetAllocator, FInternetAddrConstKeyMapFuncs<TObjectPtr<UNetConnection>>>;

extern ENGINE_API TAutoConsoleVariable<int32> CVarNetAllowEncryption;
extern ENGINE_API int32 GNumSaturatedConnections;
extern ENGINE_API int32 GNumSharedSerializationHit;
extern ENGINE_API int32 GNumSharedSerializationMiss;
extern ENGINE_API int32 GNumReplicateActorCalls;
extern ENGINE_API bool GReplicateActorTimingEnabled;
extern ENGINE_API bool GReceiveRPCTimingEnabled;

#Loc: <Workspace>/Engine/Source/Runtime/Engine/Private/NetDriver.cpp:394

Scope: file

Source code excerpt:

	TEXT( "If 1, NetUpdateFrequency will be calculated based on how often actors actually send something when replicating" ) );

TAutoConsoleVariable<int32> CVarNetAllowEncryption(
	TEXT("net.AllowEncryption"),
	1,
	TEXT("If true, the engine will attempt to load an encryption PacketHandler component and fill in the EncryptionToken parameter ")
	TEXT("of the NMT_Hello message based on the ?EncryptionToken= URL option and call callbacks if it's non-empty. ")
	TEXT("Additionally, a value of '2' will make the EncryptionToken required - which is enforced serverside. ")
	TEXT("(0 = Disabled, 1 = Allowed (default), 2 = Required)"));

#Loc: <Workspace>/Engine/Source/Runtime/Engine/Private/NetDriver.cpp:7814

Scope (from outer to inner):

file
function     bool UNetDriver::IsEncryptionRequired

Source code excerpt:

	const FWorldContext* const WorldContext = (NetDriverName == NAME_PendingNetDriver ? GEngine->GetWorldContextFromPendingNetGameNetDriver(this) :
												GEngine->GetWorldContextFromWorld(World));
	const int32 AllowEncryption = CVarNetAllowEncryption.GetValueOnGameThread();
	const bool bDevDisableEncryptionCheck = !IsServer() && !(UE_BUILD_SHIPPING || UE_BUILD_TEST); // Clientside only
	const bool bPIEDisableEncryptionCheck = WorldContext != nullptr && WorldContext->WorldType == EWorldType::PIE;
	const bool bNetDriverDefNameRequiresEncryption = GRequiredEncryptionNetDriverDefNames.Contains(NetDriverDefinition);

	return DoesSupportEncryption() && bNetDriverDefNameRequiresEncryption && AllowEncryption == 2 && !bDevDisableEncryptionCheck &&
			!bPIEDisableEncryptionCheck;

#Loc: <Workspace>/Engine/Source/Runtime/Engine/Private/PendingNetGame.cpp:117

Scope (from outer to inner):

file
function     void UPendingNetGame::SendInitialJoin

Source code excerpt:

			check(IsLittleEndian == !!IsLittleEndian); // should only be one or zero

			const int32 AllowEncryption = CVarNetAllowEncryption.GetValueOnGameThread();
			FString EncryptionToken;

			if (AllowEncryption != 0)
			{
				EncryptionToken = URL.GetOption(TEXT("EncryptionToken="), TEXT(""));
			}

#Loc: <Workspace>/Engine/Source/Runtime/Engine/Private/PendingNetGame.cpp:456

Scope (from outer to inner):

file
function     void UPendingNetGame::SetEncryptionKey

Source code excerpt:

void UPendingNetGame::SetEncryptionKey(const FEncryptionKeyResponse& Response)
{
	if (CVarNetAllowEncryption.GetValueOnGameThread() == 0)
	{
		UE_LOG(LogNet, Log, TEXT("UPendingNetGame::SetEncryptionKey: net.AllowEncryption is false."));
		return;
	}

	if (NetDriver)