PacketTimeLimitMSPerFrame

PacketTimeLimitMSPerFrame

#Overview

name: PacketTimeLimitMSPerFrame

The value of this variable can be defined or overridden in .ini config files. 2 .ini config files referencing this setting variable.

It is referenced in 6 C++ source files.

#Summary

#Usage in the C++ source code

The purpose of PacketTimeLimitMSPerFrame is to set a limit on the time spent processing packets in each frame as part of Unreal Engine 5’s DDoS (Distributed Denial of Service) detection and prevention system. This variable is specifically used to limit the processing time for all packets, including both non-NetConnection and NetConnection packets.

This setting variable is primarily used in the networking subsystem of Unreal Engine 5, specifically within the DDoS detection module. It’s part of the Net.Core module, which handles core networking functionality.

The value of this variable is typically set through the game’s configuration file (GEngineIni). It’s loaded in the FDDoSDetection::InitConfig() function, which reads the value from the configuration file and stores it in the FDDoSState structure.

PacketTimeLimitMSPerFrame interacts with several other variables in the DDoS detection system, such as PacketLimitPerFrame and NetConnPacketTimeLimitMSPerFrame. These variables work together to define the limits and thresholds for detecting potential DDoS attacks.

Developers must be aware that this variable directly impacts the game’s network performance and security. Setting it too low might cause legitimate packets to be dropped, while setting it too high could leave the game vulnerable to DDoS attacks.

Best practices when using this variable include:

  1. Carefully tuning the value based on your game’s specific networking requirements and expected player load.
  2. Testing thoroughly with various network conditions to ensure it doesn’t negatively impact normal gameplay.
  3. Monitoring this value in conjunction with other DDoS detection variables to maintain a balance between security and performance.
  4. Considering the target platform’s processing capabilities when setting this value, as it may need to be adjusted for different hardware.
  5. Regularly reviewing and updating this value as part of your game’s overall security strategy.

Remember that this variable is part of a larger DDoS protection system, and should be configured in coordination with other related settings for optimal effectiveness.

#Setting Variables

#References In INI files

Location: <Workspace>/Engine/Config/BaseEngine.ini:1679, section: [DDoSDetection.DDoS]

Location: <Workspace>/Engine/Config/BaseEngine.ini:1687, section: [DDoSDetection.ExpensiveDDoS]

#References in C++ code

#Callsites

This variable is referenced in the following C++ source code:

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Private/Net/Core/Misc/DDoSDetection.cpp:138

Scope (from outer to inner):

file
function     void FDDoSDetection::InitConfig

Source code excerpt:

				GConfig->GetInt(*CurSection, TEXT("EscalateQuotaBadPacketsPerSec"), CurState.EscalateQuotaBadPacketsPerSec, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("PacketLimitPerFrame"), CurState.PacketLimitPerFrame, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("PacketTimeLimitMSPerFrame"), CurState.PacketTimeLimitMSPerFrame, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("NetConnPacketTimeLimitMSPerFrame"), CurState.NetConnPacketTimeLimitMSPerFrame, GEngineIni);
				GConfig->GetInt(*CurSection, TEXT("CooloffTime"), CurState.CooloffTime, GEngineIni);

				if (GConfig->GetInt(*CurSection, TEXT("EscalateTimeQuotaMSPerFrame"), EscalateTime32, GEngineIni))
				{
					CurState.EscalateTimeQuotaMSPerFrame = IntCastChecked<int16>(EscalateTime32);

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Private/Net/Core/Misc/DDoSDetection.cpp:375

Scope (from outer to inner):

file
function     bool FDDoSDetection::CheckNonConnQuotasAndLimits

Source code excerpt:

	// NOTE: PacketLimitPerFrame == 0 is a valid value, and blocks all non-NetConnection packets
	bReturnVal = PacketLimitPerFrame == 0 || (PacketLimitPerFrame > 0 && (NonConnPacketCounter - StartFramePacketCount) >= PacketLimitPerFrame);
	bReturnVal = bReturnVal || (PacketTimeLimitMSPerFrame > 0 && TimePassedMS > PacketTimeLimitMSPerFrame);

	return bReturnVal;
}

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:83

Scope: file

Source code excerpt:


	/** The limit for time spent processing non-NetConnection packets, each frame (counts all packets time, non-NetConn and NetConn) */
	int32 PacketTimeLimitMSPerFrame;

	/** The limit for time spent processing NetConnection packets, each frame (counts all packets time, non-NetConn and NetConn) */
	int32 NetConnPacketTimeLimitMSPerFrame;

	/** The amount of time, in seconds, before the current DDoS severity category cools off and de-escalates */
	int32 CooloffTime;

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:99

Scope (from outer to inner):

file
function     FDDoSState

Source code excerpt:

		, EscalateTimeQuotaMSPerFrame(-1)
		, PacketLimitPerFrame(-1)
		, PacketTimeLimitMSPerFrame(-1)
		, NetConnPacketTimeLimitMSPerFrame(-1)
		, CooloffTime(-1)
	{
	}

	/**

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:145

Scope (from outer to inner):

file
function     void ApplyState

Source code excerpt:

		Target.EscalateTimeQuotaMSPerFrame			= EscalateTimeQuotaMSPerFrame;
		Target.PacketLimitPerFrame					= PacketLimitPerFrame;
		Target.PacketTimeLimitMSPerFrame			= PacketTimeLimitMSPerFrame;
		Target.NetConnPacketTimeLimitMSPerFrame		= NetConnPacketTimeLimitMSPerFrame;
		Target.CooloffTime							= CooloffTime;
	}

	/**
	 * Applies only the per-frame adjusted state (based on expected vs actual framerate), to active DDoS protection.

#Loc: <Workspace>/Engine/Source/Runtime/Net/Core/Public/Net/Core/Misc/DDoSDetection.h:159

Scope (from outer to inner):

file
function     void ApplyAdjustedState

Source code excerpt:

		//Target.EscalateTimeQuotaMSPerFrame		= (EscalateTimeQuotaMSPerFrame == -1 ? -1 : EscalateTimeQuotaMSPerFrame * FrameAdjustment);
		Target.PacketLimitPerFrame				= (PacketLimitPerFrame == -1 ? -1 : (int32)((float)PacketLimitPerFrame * FrameAdjustment));
		Target.PacketTimeLimitMSPerFrame		= (PacketTimeLimitMSPerFrame == -1 ? -1 : (int32)((float)PacketTimeLimitMSPerFrame * FrameAdjustment));
		Target.NetConnPacketTimeLimitMSPerFrame	= (NetConnPacketTimeLimitMSPerFrame == -1 ? -1 : (int32)((float)NetConnPacketTimeLimitMSPerFrame * FrameAdjustment));
	}
};


/**