PacketLimitPerFrame

PacketLimitPerFrame

#Overview

name: PacketLimitPerFrame

The value of this variable can be defined or overridden in .ini config files. 3 .ini config files referencing this setting variable.

It is referenced in 6 C++ source files.

#Summary

#Usage in the C++ source code

The purpose of PacketLimitPerFrame is to set a limit on the number of non-NetConnection packets that can be processed in a single frame as part of Unreal Engine 5’s DDoS (Distributed Denial of Service) detection system.

This setting variable is primarily used by the networking subsystem of Unreal Engine, specifically within the DDoS detection module. It is part of the Net/Core module, which handles core networking functionality.

The value of this variable is set through the game’s configuration file (GEngineIni). It is read in the InitConfig function of the FDDoSDetection class.

PacketLimitPerFrame interacts with other DDoS detection variables such as PacketTimeLimitMSPerFrame and NetConnPacketTimeLimitMSPerFrame. Together, these variables control the rate at which packets are processed to prevent potential DDoS attacks.

Developers must be aware that setting PacketLimitPerFrame to 0 will block all non-NetConnection packets. This could potentially disrupt normal network operations if not used carefully.

Best practices when using this variable include:

  1. Carefully tuning the value based on your game’s specific networking needs and performance characteristics.
  2. Testing thoroughly to ensure that legitimate traffic is not being blocked.
  3. Using it in conjunction with other DDoS detection variables for a comprehensive protection strategy.
  4. Monitoring its effects in various network conditions to ensure it’s not overly restrictive during normal gameplay.
  5. Considering adjusting it dynamically based on the current game state or server load.

#Setting Variables

#References In INI files

Location: <Workspace>/Engine/Config/BaseEngine.ini:1678, section: [DDoSDetection.DDoS]

Location: <Workspace>/Engine/Config/BaseEngine.ini:1686, section: [DDoSDetection.ExpensiveDDoS]

Location: <Workspace>/Engine/Config/BaseEngine.ini:1693, section: [DDoSDetection.DebilitatingDDoS]

#References in C++ code

#Callsites

This variable is referenced in the following C++ source code:

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Private/Net/Core/Misc/DDoSDetection.cpp:137

Scope (from outer to inner):

file
function     void FDDoSDetection::InitConfig

Source code excerpt:

				GConfig->GetInt(*CurSection, TEXT("EscalateQuotaDisconnPacketsPerSec"), CurState.EscalateQuotaDisconnPacketsPerSec, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("EscalateQuotaBadPacketsPerSec"), CurState.EscalateQuotaBadPacketsPerSec, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("PacketLimitPerFrame"), CurState.PacketLimitPerFrame, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("PacketTimeLimitMSPerFrame"), CurState.PacketTimeLimitMSPerFrame, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("NetConnPacketTimeLimitMSPerFrame"), CurState.NetConnPacketTimeLimitMSPerFrame, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("CooloffTime"), CurState.CooloffTime, GEngineIni);

				if (GConfig->GetInt(*CurSection, TEXT("EscalateTimeQuotaMSPerFrame"), EscalateTime32, GEngineIni))
				{

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Private/Net/Core/Misc/DDoSDetection.cpp:373

Scope (from outer to inner):

file
function     bool FDDoSDetection::CheckNonConnQuotasAndLimits

Source code excerpt:



	// NOTE: PacketLimitPerFrame == 0 is a valid value, and blocks all non-NetConnection packets
	bReturnVal = PacketLimitPerFrame == 0 || (PacketLimitPerFrame > 0 && (NonConnPacketCounter - StartFramePacketCount) >= PacketLimitPerFrame);
	bReturnVal = bReturnVal || (PacketTimeLimitMSPerFrame > 0 && TimePassedMS > PacketTimeLimitMSPerFrame);

	return bReturnVal;
}

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:80

Scope: file

Source code excerpt:


	/** The limit for the number of non-NetConnection packets to process, each frame */
	int32 PacketLimitPerFrame;

	/** The limit for time spent processing non-NetConnection packets, each frame (counts all packets time, non-NetConn and NetConn) */
	int32 PacketTimeLimitMSPerFrame;

	/** The limit for time spent processing NetConnection packets, each frame (counts all packets time, non-NetConn and NetConn) */
	int32 NetConnPacketTimeLimitMSPerFrame;

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:98

Scope (from outer to inner):

file
function     FDDoSState

Source code excerpt:

		, EscalateQuotaBadPacketsPerSec(-1)
		, EscalateTimeQuotaMSPerFrame(-1)
		, PacketLimitPerFrame(-1)
		, PacketTimeLimitMSPerFrame(-1)
		, NetConnPacketTimeLimitMSPerFrame(-1)
		, CooloffTime(-1)
	{
	}

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:144

Scope (from outer to inner):

file
function     void ApplyState

Source code excerpt:

		Target.EscalateQuotaBadPacketsPerSec		= EscalateQuotaBadPacketsPerSec;
		Target.EscalateTimeQuotaMSPerFrame			= EscalateTimeQuotaMSPerFrame;
		Target.PacketLimitPerFrame					= PacketLimitPerFrame;
		Target.PacketTimeLimitMSPerFrame			= PacketTimeLimitMSPerFrame;
		Target.NetConnPacketTimeLimitMSPerFrame		= NetConnPacketTimeLimitMSPerFrame;
		Target.CooloffTime							= CooloffTime;
	}

	/**

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:158

Scope (from outer to inner):

file
function     void ApplyAdjustedState

Source code excerpt:

		// Exclude escalation triggers from this
		//Target.EscalateTimeQuotaMSPerFrame		= (EscalateTimeQuotaMSPerFrame == -1 ? -1 : EscalateTimeQuotaMSPerFrame * FrameAdjustment);
		Target.PacketLimitPerFrame				= (PacketLimitPerFrame == -1 ? -1 : (int32)((float)PacketLimitPerFrame * FrameAdjustment));
		Target.PacketTimeLimitMSPerFrame		= (PacketTimeLimitMSPerFrame == -1 ? -1 : (int32)((float)PacketTimeLimitMSPerFrame * FrameAdjustment));
		Target.NetConnPacketTimeLimitMSPerFrame	= (NetConnPacketTimeLimitMSPerFrame == -1 ? -1 : (int32)((float)NetConnPacketTimeLimitMSPerFrame * FrameAdjustment));
	}
};