net.AllowEncryption
net.AllowEncryption
#Overview
name: net.AllowEncryption
This variable is created as a Console Variable (cvar).
- type:
Var - help:
If true, the engine will attempt to load an encryption PacketHandler component and fill in the EncryptionToken parameter of the NMT_Hello message based on the ?EncryptionToken= URL option and call callbacks if it\'s non-empty. Additionally, a value of \'2\' will make the EncryptionToken required - which is enforced serverside. (0 = Disabled, 1 = Allowed (default), 2 = Required)
It is referenced in 10 C++ source files.
#Summary
#Usage in the C++ source code
The purpose of net.AllowEncryption is to control the use of encryption in network communication within the Unreal Engine. It is primarily used for the networking system, specifically for managing packet encryption.
This setting variable is relied upon by several Unreal Engine subsystems and modules, including:
- The core Engine module
- The PacketHandler module
- The OnlineSubsystemUtils plugin
The value of this variable is set as a console variable (CVar) with a default value of 1. It can be changed at runtime through the console or configuration files.
The associated variable CVarNetAllowEncryption interacts directly with net.AllowEncryption, sharing the same value and purpose.
Developers must be aware of the following when using this variable:
- It has three possible values: 0 (Disabled), 1 (Allowed, default), and 2 (Required).
- When set to 0, encryption is disabled, and the engine will not attempt to load encryption components or use encryption tokens.
- When set to 1 or 2, the engine will attempt to load an encryption PacketHandler component and use encryption tokens.
- A value of 2 makes encryption required, which is enforced on the server side.
- The behavior can be different in development builds and PIE (Play In Editor) sessions.
Best practices when using this variable include:
- Ensure that encryption is enabled (1 or 2) for production builds to enhance security.
- Be cautious when changing this value at runtime, as it may affect ongoing network connections.
- Consider the performance impact of encryption, especially on lower-end devices or high-traffic servers.
- Use the associated CVarNetAllowEncryption for consistency when accessing this setting in C++ code.
- Be aware of the interaction between this setting and other network-related configurations, such as EncryptionToken URL options.
The associated variable CVarNetAllowEncryption serves the same purpose as net.AllowEncryption. It is used throughout the codebase to access the encryption setting value. Developers should use this variable when they need to check or modify the encryption setting in C++ code. The same considerations and best practices apply to CVarNetAllowEncryption as they do to net.AllowEncryption.
#References in C++ code
#Callsites
This variable is referenced in the following C++ source code:
#Loc: <Workspace>/Engine/Source/Runtime/Engine/Private/NetDriver.cpp:395
Scope: file
Source code excerpt:
TAutoConsoleVariable<int32> CVarNetAllowEncryption(
TEXT("net.AllowEncryption"),
1,
TEXT("If true, the engine will attempt to load an encryption PacketHandler component and fill in the EncryptionToken parameter ")
TEXT("of the NMT_Hello message based on the ?EncryptionToken= URL option and call callbacks if it's non-empty. ")
TEXT("Additionally, a value of '2' will make the EncryptionToken required - which is enforced serverside. ")
TEXT("(0 = Disabled, 1 = Allowed (default), 2 = Required)"));
#Loc: <Workspace>/Engine/Source/Runtime/Engine/Classes/Engine/NetworkDelegates.h:150
Scope: file
Source code excerpt:
enum class EEncryptionFailureAction : uint8
{
/** Default handling of encryption failures - net.AllowEncryption determines whether to reject or accept, with exceptions for PIE etc. */
Default,
/** Reject the connection */
RejectConnection,
/** Allow the connection */
AllowConnection
};
#Loc: <Workspace>/Engine/Source/Runtime/PacketHandlers/PacketHandler/Private/PacketHandler.cpp:207
Scope (from outer to inner):
file
function void PacketHandler::Initialize
Source code excerpt:
if (GConfig->GetString(TEXT("PacketHandlerComponents"), TEXT("EncryptionComponent"), EncryptionComponentName, GEngineIni) && !EncryptionComponentName.IsEmpty())
{
static IConsoleVariable* const AllowEncryptionCVar = IConsoleManager::Get().FindConsoleVariable(TEXT("net.AllowEncryption"));
if (AllowEncryptionCVar == nullptr || AllowEncryptionCVar->GetInt() != 0)
{
EncryptionComponent = StaticCastSharedPtr<FEncryptionComponent>(AddHandler(EncryptionComponentName, true));
}
else
{
#Associated Variable and Callsites
This variable is associated with another variable named CVarNetAllowEncryption. They share the same value. See the following C++ source code.
#Loc: <Workspace>/Engine/Plugins/Online/OnlineSubsystemUtils/Source/OnlineSubsystemUtils/Private/OnlineBeaconClient.cpp:255
Scope (from outer to inner):
file
function void AOnlineBeaconClient::SetEncryptionData
Source code excerpt:
void AOnlineBeaconClient::SetEncryptionData(const FEncryptionData& InEncryptionData)
{
if (CVarNetAllowEncryption.GetValueOnGameThread() != 0)
{
EncryptionData = InEncryptionData;
}
}
void AOnlineBeaconClient::SendInitialJoin()
#Loc: <Workspace>/Engine/Plugins/Online/OnlineSubsystemUtils/Source/OnlineSubsystemUtils/Private/OnlineBeaconClient.cpp:270
Scope (from outer to inner):
file
function void AOnlineBeaconClient::SendInitialJoin
Source code excerpt:
check(IsLittleEndian == !!IsLittleEndian); // should only be one or zero
const int32 AllowEncryption = CVarNetAllowEncryption.GetValueOnGameThread();
uint32 LocalNetworkVersion = FNetworkVersion::GetLocalNetworkVersion();
if (AllowEncryption == 0)
{
EncryptionData.Identifier.Empty();
}
#Loc: <Workspace>/Engine/Source/Runtime/Engine/Classes/Engine/NetDriver.h:376
Scope: file
Source code excerpt:
using FConnectionMap = TMap<TSharedRef<const FInternetAddr>, TObjectPtr<UNetConnection>, FDefaultSetAllocator, FInternetAddrConstKeyMapFuncs<TObjectPtr<UNetConnection>>>;
extern ENGINE_API TAutoConsoleVariable<int32> CVarNetAllowEncryption;
extern ENGINE_API int32 GNumSaturatedConnections;
extern ENGINE_API int32 GNumSharedSerializationHit;
extern ENGINE_API int32 GNumSharedSerializationMiss;
extern ENGINE_API int32 GNumReplicateActorCalls;
extern ENGINE_API bool GReplicateActorTimingEnabled;
extern ENGINE_API bool GReceiveRPCTimingEnabled;
#Loc: <Workspace>/Engine/Source/Runtime/Engine/Private/NetDriver.cpp:394
Scope: file
Source code excerpt:
TEXT( "If 1, NetUpdateFrequency will be calculated based on how often actors actually send something when replicating" ) );
TAutoConsoleVariable<int32> CVarNetAllowEncryption(
TEXT("net.AllowEncryption"),
1,
TEXT("If true, the engine will attempt to load an encryption PacketHandler component and fill in the EncryptionToken parameter ")
TEXT("of the NMT_Hello message based on the ?EncryptionToken= URL option and call callbacks if it's non-empty. ")
TEXT("Additionally, a value of '2' will make the EncryptionToken required - which is enforced serverside. ")
TEXT("(0 = Disabled, 1 = Allowed (default), 2 = Required)"));
#Loc: <Workspace>/Engine/Source/Runtime/Engine/Private/NetDriver.cpp:7814
Scope (from outer to inner):
file
function bool UNetDriver::IsEncryptionRequired
Source code excerpt:
const FWorldContext* const WorldContext = (NetDriverName == NAME_PendingNetDriver ? GEngine->GetWorldContextFromPendingNetGameNetDriver(this) :
GEngine->GetWorldContextFromWorld(World));
const int32 AllowEncryption = CVarNetAllowEncryption.GetValueOnGameThread();
const bool bDevDisableEncryptionCheck = !IsServer() && !(UE_BUILD_SHIPPING || UE_BUILD_TEST); // Clientside only
const bool bPIEDisableEncryptionCheck = WorldContext != nullptr && WorldContext->WorldType == EWorldType::PIE;
const bool bNetDriverDefNameRequiresEncryption = GRequiredEncryptionNetDriverDefNames.Contains(NetDriverDefinition);
return DoesSupportEncryption() && bNetDriverDefNameRequiresEncryption && AllowEncryption == 2 && !bDevDisableEncryptionCheck &&
!bPIEDisableEncryptionCheck;
#Loc: <Workspace>/Engine/Source/Runtime/Engine/Private/PendingNetGame.cpp:117
Scope (from outer to inner):
file
function void UPendingNetGame::SendInitialJoin
Source code excerpt:
check(IsLittleEndian == !!IsLittleEndian); // should only be one or zero
const int32 AllowEncryption = CVarNetAllowEncryption.GetValueOnGameThread();
FString EncryptionToken;
if (AllowEncryption != 0)
{
EncryptionToken = URL.GetOption(TEXT("EncryptionToken="), TEXT(""));
}
#Loc: <Workspace>/Engine/Source/Runtime/Engine/Private/PendingNetGame.cpp:456
Scope (from outer to inner):
file
function void UPendingNetGame::SetEncryptionKey
Source code excerpt:
void UPendingNetGame::SetEncryptionKey(const FEncryptionKeyResponse& Response)
{
if (CVarNetAllowEncryption.GetValueOnGameThread() == 0)
{
UE_LOG(LogNet, Log, TEXT("UPendingNetGame::SetEncryptionKey: net.AllowEncryption is false."));
return;
}
if (NetDriver)