2019-01-17 18:54:05 -05:00
|
|
|
// Copyright 1998-2019 Epic Games, Inc. All Rights Reserved.
|
Copying //UE4/Dev-Networking to //UE4/Dev-Main (Source: //UE4/Dev-Networking [at] 4351996)
#lockdown Nick.Penwarden
#rb none
============================
MAJOR FEATURES & CHANGES
============================
Change 4094368 by Ryan.Gerleve
Restore bunch bitfield optimization from CL 3683745.
Change 4094946 by Ryan.Gerleve
Fix initialization order & some whitespace
Change 4095976 by John.Barrett
Speculative fix for unreproducible compile issue.
Change 4134299 by John.Barrett
Added Hot Reload support for NetcodeUnitTest - almost, but not fully, complete - important for working with Fortnite unit tests, as their execution time can harm productivity.
Added ability for unit tests to partially rewind/restart execution, at specific stages, to save time.
Change 4134300 by John.Barrett
Added NetcodeUnitTest hook, for replacing the raw data for specific RPC parameters, on the fly.
Change 4134304 by John.Barrett
Updated NetcodeUnitTest modules to support Hot Reload.
Change 4157433 by John.Barrett
Updated DDoS detection, based on review.
Change 4205014 by Jake.Leonard
Updating the check to make sure that uninitialized components are blocked from doing low level sends before they are entering initialization or are already initialized.
#Jira UE-61557
Change 4205071 by Jake.Leonard
Fixing up the spammy logs due to kick attempts on fail auth.
Also making the reauth message more clear.
#Jira UE-61696
Change 4224001 by Jake.Leonard
Merging IPv6 and IPv4 code together. Exposing a getaddrinfo method.
#Jira UENET-885, UENET-886
Change 4224014 by Jake.Leonard
New IP Addr changes for Oculus
#Jira: UENET-885
Change 4224020 by Jake.Leonard
New IP Addr changes for iOS
#Jira: UENET-885
Change 4224328 by Jake.Leonard
Fixing Unix SocketSubsystem compilation issues.
#jira: none
Change 4224340 by Jake.Leonard
More Unix compilation fixes
#jira: none
Change 4225020 by Jake.Leonard
Fixes for compilation and static analysis
#Jira: none
Change 4226080 by Jake.Leonard
Minor Address Fixes
#Jira: none
Change 4228299 by Jake.Leonard
Fix the deprecation warnings by removing the macro from the Sockets and IPAddress classes. While these classes are deprecated, can't mark them as such due to how they are generated and used.
On some platforms that are more picky about these deprecations, they return incorrect warnings that otherwise do not show up on other platforms.
In addition, expose and add a function for getaddrinfo for IPv6
#Jira UE-62057, UENET-886
Change 4232410 by Jake.Leonard
Allow build ids of 0 to not be filtered out incorrectly on Steam.
#Jira UE-62144
Change 4232500 by Jake.Leonard
Specify what socket subsystem we want as some platforms override the default and cause resolution issues.
#Jira UE-62156
Change 4235955 by Brian.Bekich
Fix for shared rpc serialization with outparm properties
#jira UE-61946
Change 4235956 by Brian.Bekich
Add missing set of bClose to FInBunch copy constructor
#jira UE-62079
Change 4248157 by Jake.Leonard
Fix IpConnection resolve nuking previous data set, which would wipe away port information. Now we cache off that port data before the clone.
#Jira UE-62321, UE-62260
Change 4257214 by Jake.Leonard
Fix v4 mapped addresses comparison such that we up the address to a common address family and then do the comparison. This uses ntop to determine the address differences.
This fixes hybrid stack issues.
#Jira UE-62266
Change 4259371 by Jake.Leonard
Log print for the comparision as a quick test to make sure that the ntops are actually comparing correctly.
Will remove after test
#Jira: UE-62266
Change 4265668 by Ryan.Gerleve
Fix replication for actor components created in blueprints - these components now properly return false from UActorComponent::IsNameStableForNetworking() by default.
#jira UE-62605
#AUTOMERGE using branch //UE4/Dev-Networking_to_//UE4/Release-4.20 (reversed) of change#4265561 by Ryan.Gerleve on 2018/08/07 13:13:29.
Change 4266436 by Brian.Bekich
PR #4875: Remove extra Printf parameter
#jira UE-61759
Change 4266444 by Brian.Bekich
PR #4883: Fix compilation of unit test minimal client in shipping
#jira UE-61857
Change 4266607 by Brian.Bekich
Handle potential crash in TickWorldTravel
#jira UE-60547
Change 4267341 by Jake.Leonard
* Exposing wrapper for getaddrinfo.
* Adding more fields and new type for gai flags.
* Renamed to GetAddressInfo due to Windows macros.
* Added scope mutators to FInternetAddr
* Properly inject the scope ids on all results when using GetLocalAdapterAddresses
* Fix the endianness for the raw ip mutators
* Fix mapping on address conversion
* New return types for GetAddressInformation
#Jira UENET-886, UE-62159, UE-62269, UE-62266, UE-62319
Change 4267457 by Jake.Leonard
Fix Unix compilation.
#Jira: none
Change 4267808 by Jake.Leonard
Making platforms that don't have FQDN support fall back to canonicalname
#Jira: none
Change 4270603 by Jake.Leonard
* Adding more logging to the Unix adapter queries.
* Fix the adapter query returning success on failure.
#Jira UE-62159
Change 4273549 by Jake.Leonard
Fix the memory leak caused by freeing the wrong sublist.
#Jira UE-62762
Change 4273571 by Jake.Leonard
Adding a new compare function for FInternetAddrs. This CompareEndpoints function can handle protocol differences instead of straight checking the structure data.
#Jira UE-62266
Change 4275449 by Ryan.Gerleve
PR #4965: Remove code that doesn't do anything (Contributed by erikdubbelboer)
Change 4276721 by Ryan.Gerleve
Fix crash if a socket error occurred when the PendingNetGame sent its initial join packet.
#jira UE-62672
#AUTOMERGE using branch //UE4/Dev-Networking_to_//UE4/Release-4.20 (reversed) of change#4276707 by Ryan.Gerleve on 2018/08/10 15:54:30.
Change 4277306 by Ryan.Gerleve
Suppress static analysis warning.
#jira UE-62672
#AUTOMERGE using branch //UE4/Dev-Networking_to_//UE4/Release-4.20 (reversed) of change#4277216 by Ryan.Gerleve on 2018/08/10 17:23:19.
Change 4277471 by Brian.Bekich
Fix for level script actor gc references with replicated blueprint variables/functions
#jira UE-60086
#jira UE-60147
Change 4277689 by Jake.Leonard
Adding more logging to GAI so that we can determine order of addresses.
#Jira: none
Change 4278398 by Brian.Bekich
SA fix
#jira none
Change 4279489 by Jon.Nabozny
PR #4977: Fixed not being able to connect to a LwsWebSocket after shutting it down (Contributed by rlabrecque)
#jira UE-62817
Change 4284633 by Ryan.Gerleve
Fix remote client character animation stuttering while stationary on listen servers by setting the default value of AGameNetworkManager::ClientNetSendMoveDeltaTimeStationary to 0.0166, the same value as ClientNetSendMoveDeltaTime, to match behavior of 4.19. Games may override this value to something lower as an optimization.
#jira UE-62225
#AUTOMERGE using branch //UE4/Dev-Networking_to_//UE4/Release-4.20 (reversed) of change#4284616 by Ryan.Gerleve on 2018/08/14 15:07:17.
Change 4285060 by Jake.Leonard
Adding CreateSocket that takes protocol types to the base classes along with some other helpers.
#Jira UENET-890
Change 4288280 by Jake.Leonard
Fix Unix compiler errors
#Jira: none
Change 4297412 by Jon.Nabozny
Fix pawn relevancy position stuck at possession point.
#jira UE-22390
Change 4302736 by Jon.Nabozny
Prevent Streaming Level Visibility changes from closing channels for static actors on the server. This should prevent them from being destroyed on the client.
[at]Brian.Bekich [at]Ryan.Gerleve
#jira UE-50443 UE-43042
Change 4307673 by Jake.Leonard
Add support for the various types of friends lists that Unreal supports on Steam. Fixing up detection of user statuses.
#Jira UE-63007
Change 4309291 by Jake.Leonard
PR #4976: Remove redundant logic in OSSSteam (Contributed by rlabrecque)
#github https://github.com/EpicGames/UnrealEngine/pull/4976
#Jira: UE-62816
Change 4313601 by Jake.Leonard
* Make the new IPv6 changes act the same way that it does on current 4.20. This allows for a much smoother adoption
* Add new functions to specify the type of special address the user wants.
* Fix the iOS broadcast addressing to determine IPv6 interface scope.
* Additional logging for iOS to determine how it's picking up interfaces
* Lock hybrid platforms to IPv4 for this version until full compatibility is reached that we can deprecate unsupported flows.
#Jira UE-62159, UE-62321, UE-62681
Change 4320118 by Peter.Engstrom
All tests run in NetBitsTest will now pass. Tests that will fail if run have been ifdefed out.
Change 4320147 by Brian.Bekich
Fix FQuat::NetSerialize modifying the original value
#jira UE-60215
Change 4320956 by Brian.Bekich
Fix actor channel for the world settings of streaming levels not being marked broken on the client when seamless traveling
#jira UE-60655
Change 4324361 by Brian.Bekich
Fix a split screen RPC crashin rep graph
#jira none
Change 4324365 by Brian.Bekich
Fix crash when trying to add a split player with an invalid net index
#jira UE-29969
Change 4337829 by Brian.Bekich
Convert some replay checks/ensures to log warnings
Serialize all static guids into replay checkpoints, unless deleted
#jira UE-61539
Change 4341983 by Peter.Engstrom
Implemented NetSerialize for FTimespan. This allows such variables to be replicated.
#jira UE-57403
Change 4342261 by Jake.Leonard
Adding subsystem pointers to the ipaddress to make sure that it can resolve the functions it needs.
#Jira UENET-893
Change 4342348 by Ryan.Gerleve
PR #5023: Fix documentation comment to reflect reality. (Contributed by grafikrobot)
Change 4346475 by Brian.Bekich
Add missing null check in OnLevelRemovedFromWorld
#jira UE-63759
Change 4347867 by Ryan.Gerleve
Submitting on behalf of Jake.Leonard:
Remove GAI queries on determining the local host address for OSX and Linux. Adding more logging in the getifaddrs queries.
#Jira UE-62269
Change 4348512 by Ryan.Gerleve
Don't check the bForceUDP flag in SocketSubsystemBSD - this preserves the behavior from 4.20. FTcpSocketBuilder was passing in true for bForceUDP in its CreateSocket call.
#jira UE-63782
Change 4349781 by Jake.Leonard
Fix GAI flags to make sure they are valid for the platforms that don't allow certain flags to be explicitly specified.
#Jira UE-63744
Change 4351067 by Bart.Hawthorne
Fix issue with FUrl improperly parsing Ipv4 addresses that are really IPv4 - it tries to use ::ffff which is incorrect (from JakeL)
#jira UE-63822
#ROBOMERGE-OWNER: jason.bestimt
#ROBOMERGE-SOURCE: CL 4352452 in //UE4/Main/...
#ROBOMERGE-BOT: DEVVR (Main -> Dev-VR)
[CL 4352459 by bart hawthorne in Dev-VR branch]
2018-09-07 18:18:42 -04:00
|
|
|
|
|
|
|
|
// Includes
|
|
|
|
|
|
|
|
|
|
#include "DDoSDetection.h"
|
|
|
|
|
#include "PacketHandler.h"
|
|
|
|
|
#include "Misc/ConfigCacheIni.h"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* DDoS Detection
|
|
|
|
|
*
|
|
|
|
|
* DDoS (Distributed Denial of Service) attacks typically hinder game servers by flooding them with so many packets,
|
|
|
|
|
* that they are unable to process all of the packets without locking up and/or drowning out other players packets,
|
|
|
|
|
* causing players to time out or to suffer severe packet loss which hinders gameplay.
|
|
|
|
|
*
|
|
|
|
|
* Typically these attacks use spoofed UDP packets, where the source IP is unverifiable,
|
|
|
|
|
* and so IP banning is usually not an effective or advisable means of blocking such attacks.
|
|
|
|
|
*
|
|
|
|
|
* This DDoS detection focuses specifically on this situation, detecting/mitigating DDoS attacks based on spoofed UDP packets,
|
|
|
|
|
* which do not originate from an existing NetConnection. Flooding attacks coming from an existing NetConnection are a separate issue,
|
|
|
|
|
* as (due to the stateless handshake required before creating a NetConnection) the IP will be verified,
|
|
|
|
|
* and so such attacks should be dealt with through IP banning - this and other types of DoS attacks are not dealt with by this code.
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* Implementation:
|
|
|
|
|
*
|
|
|
|
|
* DDoS attacks are detected by setting configurable thresholds for the number of packets per second,
|
|
|
|
|
* and milliseconds per frame spent processing packets, beyond which the DDoS detection will escalate to a higher severity state.
|
|
|
|
|
*
|
|
|
|
|
* Each severity state has a different set of thresholds before it will escalate to the next state,
|
|
|
|
|
* and can also place a limit on the number of packets processed per second, and/or milliseconds spent processing.
|
|
|
|
|
*
|
|
|
|
|
* The stronger the DDoS attack, the higher the severity state will escalate (based on the thresholds),
|
|
|
|
|
* and the stronger the limitations places on incoming packets will be, in order to try and maintain good server performance.
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* Limitations:
|
|
|
|
|
*
|
|
|
|
|
* Heavy DDoS:
|
|
|
|
|
* While the code can withstand a heavy, locally hosted, multithreaded DDoS,
|
|
|
|
|
* past a certain point network hardware and bandwidth capacity will become a limit, and even with strong enough hardware,
|
|
|
|
|
* the OS kernel calls for receiving packets, will become a limit (for Linux, recvmmsg may be used to alleviate this later).
|
|
|
|
|
*
|
|
|
|
|
* So this code just deals with as much of the DDoS as it can, at an application level - if you're getting hit with a bad enough DDoS,
|
|
|
|
|
* then you're going to have to look at measures at the network infrastructure level - for example,
|
|
|
|
|
* IP filtering at the edge of your network, communicating with the game server to only allow packets from existing NetConnection IP's.
|
|
|
|
|
*
|
|
|
|
|
* Tuning thresholds per-Game:
|
|
|
|
|
* You will need to manually tune the packet thresholds specifically for your game, even for each different gametype within your game,
|
|
|
|
|
* and maybe even community server admins will need to retune, if hosting a server with mods etc..
|
|
|
|
|
*
|
|
|
|
|
* Blocking new connections:
|
|
|
|
|
* If a DDoS is expensive enough, that you choose to drop non-NetConnection packets after a threshold (a wise move, for performance...),
|
|
|
|
|
* then new players will be blocked from entering the server.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
// @todo #JohnB: The code deliberately counts the time spent processing NetConnection RPC's, not just merely receiving packets.
|
|
|
|
|
// Make sure this doesn't introduce problems or false positives (or at least, that they're tolerable, if it does).
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* FDDoSDetection
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
FDDoSDetection::FDDoSDetection()
|
|
|
|
|
: bDDoSDetection(false)
|
|
|
|
|
, bDDoSAnalytics(false)
|
|
|
|
|
, bHitFrameNonConnLimit(false)
|
|
|
|
|
, bHitFrameNetConnLimit(false)
|
|
|
|
|
, DetectionSeverity()
|
|
|
|
|
, ActiveState(0)
|
|
|
|
|
, WorstActiveState(0)
|
|
|
|
|
, LastMetEscalationConditions(0.0)
|
|
|
|
|
, bMetEscalationConditionsThisFrame(false)
|
|
|
|
|
, bDDoSLogRestrictions(false)
|
|
|
|
|
, DDoSLogSpamLimit(0)
|
|
|
|
|
, LogHitCounter(0)
|
|
|
|
|
, HitchTimeQuotaMS(-1)
|
|
|
|
|
, HitchFrameTolerance(-1)
|
|
|
|
|
, HitchFrameCount(0)
|
|
|
|
|
, LastPerSecQuotaBegin(0.0)
|
|
|
|
|
, CounterPerSecHistory()
|
|
|
|
|
, LastCounterPerSecHistoryIdx(0)
|
|
|
|
|
, StartFrameRecvTimestamp(0.0)
|
|
|
|
|
, EndFrameRecvTimestamp(0.0)
|
|
|
|
|
, StartFramePacketCount(0)
|
|
|
|
|
, ExpectedFrameTime(0.0)
|
|
|
|
|
, FrameAdjustment(0.f)
|
|
|
|
|
, NotifySeverityEscalation()
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void FDDoSDetection::Init(int32 MaxTickRate)
|
|
|
|
|
{
|
|
|
|
|
ExpectedFrameTime = 1.0 / (MaxTickRate > 0.0 ? MaxTickRate : 30.0);
|
|
|
|
|
|
|
|
|
|
InitConfig();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void FDDoSDetection::InitConfig()
|
|
|
|
|
{
|
|
|
|
|
const TCHAR* DDoSSection = TEXT("DDoSDetection");
|
|
|
|
|
int32 HitchFrameTolerance32 = -1;
|
|
|
|
|
|
|
|
|
|
GConfig->GetBool(DDoSSection, TEXT("bDDoSDetection"), bDDoSDetection, GEngineIni);
|
|
|
|
|
GConfig->GetBool(DDoSSection, TEXT("bDDoSAnalytics"), bDDoSAnalytics, GEngineIni);
|
|
|
|
|
GConfig->GetInt(DDoSSection, TEXT("DDoSLogSpamLimit"), DDoSLogSpamLimit, GEngineIni);
|
|
|
|
|
GConfig->GetInt(DDoSSection, TEXT("HitchTimeQuotaMS"), HitchTimeQuotaMS, GEngineIni);
|
|
|
|
|
GConfig->GetInt(DDoSSection, TEXT("HitchFrameTolerance"), HitchFrameTolerance32, GEngineIni);
|
|
|
|
|
|
|
|
|
|
HitchFrameTolerance = HitchFrameTolerance32;
|
|
|
|
|
DDoSLogSpamLimit = DDoSLogSpamLimit > 0 ? DDoSLogSpamLimit : 64;
|
|
|
|
|
|
|
|
|
|
DetectionSeverity.Empty();
|
|
|
|
|
|
2018-09-26 10:08:47 -04:00
|
|
|
UE_LOG(PacketHandlerLog, Log, TEXT("DDoS detection status: detection enabled: %d analytics enabled: %d"), bDDoSDetection, bDDoSAnalytics);
|
|
|
|
|
|
Copying //UE4/Dev-Networking to //UE4/Dev-Main (Source: //UE4/Dev-Networking [at] 4351996)
#lockdown Nick.Penwarden
#rb none
============================
MAJOR FEATURES & CHANGES
============================
Change 4094368 by Ryan.Gerleve
Restore bunch bitfield optimization from CL 3683745.
Change 4094946 by Ryan.Gerleve
Fix initialization order & some whitespace
Change 4095976 by John.Barrett
Speculative fix for unreproducible compile issue.
Change 4134299 by John.Barrett
Added Hot Reload support for NetcodeUnitTest - almost, but not fully, complete - important for working with Fortnite unit tests, as their execution time can harm productivity.
Added ability for unit tests to partially rewind/restart execution, at specific stages, to save time.
Change 4134300 by John.Barrett
Added NetcodeUnitTest hook, for replacing the raw data for specific RPC parameters, on the fly.
Change 4134304 by John.Barrett
Updated NetcodeUnitTest modules to support Hot Reload.
Change 4157433 by John.Barrett
Updated DDoS detection, based on review.
Change 4205014 by Jake.Leonard
Updating the check to make sure that uninitialized components are blocked from doing low level sends before they are entering initialization or are already initialized.
#Jira UE-61557
Change 4205071 by Jake.Leonard
Fixing up the spammy logs due to kick attempts on fail auth.
Also making the reauth message more clear.
#Jira UE-61696
Change 4224001 by Jake.Leonard
Merging IPv6 and IPv4 code together. Exposing a getaddrinfo method.
#Jira UENET-885, UENET-886
Change 4224014 by Jake.Leonard
New IP Addr changes for Oculus
#Jira: UENET-885
Change 4224020 by Jake.Leonard
New IP Addr changes for iOS
#Jira: UENET-885
Change 4224328 by Jake.Leonard
Fixing Unix SocketSubsystem compilation issues.
#jira: none
Change 4224340 by Jake.Leonard
More Unix compilation fixes
#jira: none
Change 4225020 by Jake.Leonard
Fixes for compilation and static analysis
#Jira: none
Change 4226080 by Jake.Leonard
Minor Address Fixes
#Jira: none
Change 4228299 by Jake.Leonard
Fix the deprecation warnings by removing the macro from the Sockets and IPAddress classes. While these classes are deprecated, can't mark them as such due to how they are generated and used.
On some platforms that are more picky about these deprecations, they return incorrect warnings that otherwise do not show up on other platforms.
In addition, expose and add a function for getaddrinfo for IPv6
#Jira UE-62057, UENET-886
Change 4232410 by Jake.Leonard
Allow build ids of 0 to not be filtered out incorrectly on Steam.
#Jira UE-62144
Change 4232500 by Jake.Leonard
Specify what socket subsystem we want as some platforms override the default and cause resolution issues.
#Jira UE-62156
Change 4235955 by Brian.Bekich
Fix for shared rpc serialization with outparm properties
#jira UE-61946
Change 4235956 by Brian.Bekich
Add missing set of bClose to FInBunch copy constructor
#jira UE-62079
Change 4248157 by Jake.Leonard
Fix IpConnection resolve nuking previous data set, which would wipe away port information. Now we cache off that port data before the clone.
#Jira UE-62321, UE-62260
Change 4257214 by Jake.Leonard
Fix v4 mapped addresses comparison such that we up the address to a common address family and then do the comparison. This uses ntop to determine the address differences.
This fixes hybrid stack issues.
#Jira UE-62266
Change 4259371 by Jake.Leonard
Log print for the comparision as a quick test to make sure that the ntops are actually comparing correctly.
Will remove after test
#Jira: UE-62266
Change 4265668 by Ryan.Gerleve
Fix replication for actor components created in blueprints - these components now properly return false from UActorComponent::IsNameStableForNetworking() by default.
#jira UE-62605
#AUTOMERGE using branch //UE4/Dev-Networking_to_//UE4/Release-4.20 (reversed) of change#4265561 by Ryan.Gerleve on 2018/08/07 13:13:29.
Change 4266436 by Brian.Bekich
PR #4875: Remove extra Printf parameter
#jira UE-61759
Change 4266444 by Brian.Bekich
PR #4883: Fix compilation of unit test minimal client in shipping
#jira UE-61857
Change 4266607 by Brian.Bekich
Handle potential crash in TickWorldTravel
#jira UE-60547
Change 4267341 by Jake.Leonard
* Exposing wrapper for getaddrinfo.
* Adding more fields and new type for gai flags.
* Renamed to GetAddressInfo due to Windows macros.
* Added scope mutators to FInternetAddr
* Properly inject the scope ids on all results when using GetLocalAdapterAddresses
* Fix the endianness for the raw ip mutators
* Fix mapping on address conversion
* New return types for GetAddressInformation
#Jira UENET-886, UE-62159, UE-62269, UE-62266, UE-62319
Change 4267457 by Jake.Leonard
Fix Unix compilation.
#Jira: none
Change 4267808 by Jake.Leonard
Making platforms that don't have FQDN support fall back to canonicalname
#Jira: none
Change 4270603 by Jake.Leonard
* Adding more logging to the Unix adapter queries.
* Fix the adapter query returning success on failure.
#Jira UE-62159
Change 4273549 by Jake.Leonard
Fix the memory leak caused by freeing the wrong sublist.
#Jira UE-62762
Change 4273571 by Jake.Leonard
Adding a new compare function for FInternetAddrs. This CompareEndpoints function can handle protocol differences instead of straight checking the structure data.
#Jira UE-62266
Change 4275449 by Ryan.Gerleve
PR #4965: Remove code that doesn't do anything (Contributed by erikdubbelboer)
Change 4276721 by Ryan.Gerleve
Fix crash if a socket error occurred when the PendingNetGame sent its initial join packet.
#jira UE-62672
#AUTOMERGE using branch //UE4/Dev-Networking_to_//UE4/Release-4.20 (reversed) of change#4276707 by Ryan.Gerleve on 2018/08/10 15:54:30.
Change 4277306 by Ryan.Gerleve
Suppress static analysis warning.
#jira UE-62672
#AUTOMERGE using branch //UE4/Dev-Networking_to_//UE4/Release-4.20 (reversed) of change#4277216 by Ryan.Gerleve on 2018/08/10 17:23:19.
Change 4277471 by Brian.Bekich
Fix for level script actor gc references with replicated blueprint variables/functions
#jira UE-60086
#jira UE-60147
Change 4277689 by Jake.Leonard
Adding more logging to GAI so that we can determine order of addresses.
#Jira: none
Change 4278398 by Brian.Bekich
SA fix
#jira none
Change 4279489 by Jon.Nabozny
PR #4977: Fixed not being able to connect to a LwsWebSocket after shutting it down (Contributed by rlabrecque)
#jira UE-62817
Change 4284633 by Ryan.Gerleve
Fix remote client character animation stuttering while stationary on listen servers by setting the default value of AGameNetworkManager::ClientNetSendMoveDeltaTimeStationary to 0.0166, the same value as ClientNetSendMoveDeltaTime, to match behavior of 4.19. Games may override this value to something lower as an optimization.
#jira UE-62225
#AUTOMERGE using branch //UE4/Dev-Networking_to_//UE4/Release-4.20 (reversed) of change#4284616 by Ryan.Gerleve on 2018/08/14 15:07:17.
Change 4285060 by Jake.Leonard
Adding CreateSocket that takes protocol types to the base classes along with some other helpers.
#Jira UENET-890
Change 4288280 by Jake.Leonard
Fix Unix compiler errors
#Jira: none
Change 4297412 by Jon.Nabozny
Fix pawn relevancy position stuck at possession point.
#jira UE-22390
Change 4302736 by Jon.Nabozny
Prevent Streaming Level Visibility changes from closing channels for static actors on the server. This should prevent them from being destroyed on the client.
[at]Brian.Bekich [at]Ryan.Gerleve
#jira UE-50443 UE-43042
Change 4307673 by Jake.Leonard
Add support for the various types of friends lists that Unreal supports on Steam. Fixing up detection of user statuses.
#Jira UE-63007
Change 4309291 by Jake.Leonard
PR #4976: Remove redundant logic in OSSSteam (Contributed by rlabrecque)
#github https://github.com/EpicGames/UnrealEngine/pull/4976
#Jira: UE-62816
Change 4313601 by Jake.Leonard
* Make the new IPv6 changes act the same way that it does on current 4.20. This allows for a much smoother adoption
* Add new functions to specify the type of special address the user wants.
* Fix the iOS broadcast addressing to determine IPv6 interface scope.
* Additional logging for iOS to determine how it's picking up interfaces
* Lock hybrid platforms to IPv4 for this version until full compatibility is reached that we can deprecate unsupported flows.
#Jira UE-62159, UE-62321, UE-62681
Change 4320118 by Peter.Engstrom
All tests run in NetBitsTest will now pass. Tests that will fail if run have been ifdefed out.
Change 4320147 by Brian.Bekich
Fix FQuat::NetSerialize modifying the original value
#jira UE-60215
Change 4320956 by Brian.Bekich
Fix actor channel for the world settings of streaming levels not being marked broken on the client when seamless traveling
#jira UE-60655
Change 4324361 by Brian.Bekich
Fix a split screen RPC crashin rep graph
#jira none
Change 4324365 by Brian.Bekich
Fix crash when trying to add a split player with an invalid net index
#jira UE-29969
Change 4337829 by Brian.Bekich
Convert some replay checks/ensures to log warnings
Serialize all static guids into replay checkpoints, unless deleted
#jira UE-61539
Change 4341983 by Peter.Engstrom
Implemented NetSerialize for FTimespan. This allows such variables to be replicated.
#jira UE-57403
Change 4342261 by Jake.Leonard
Adding subsystem pointers to the ipaddress to make sure that it can resolve the functions it needs.
#Jira UENET-893
Change 4342348 by Ryan.Gerleve
PR #5023: Fix documentation comment to reflect reality. (Contributed by grafikrobot)
Change 4346475 by Brian.Bekich
Add missing null check in OnLevelRemovedFromWorld
#jira UE-63759
Change 4347867 by Ryan.Gerleve
Submitting on behalf of Jake.Leonard:
Remove GAI queries on determining the local host address for OSX and Linux. Adding more logging in the getifaddrs queries.
#Jira UE-62269
Change 4348512 by Ryan.Gerleve
Don't check the bForceUDP flag in SocketSubsystemBSD - this preserves the behavior from 4.20. FTcpSocketBuilder was passing in true for bForceUDP in its CreateSocket call.
#jira UE-63782
Change 4349781 by Jake.Leonard
Fix GAI flags to make sure they are valid for the platforms that don't allow certain flags to be explicitly specified.
#Jira UE-63744
Change 4351067 by Bart.Hawthorne
Fix issue with FUrl improperly parsing Ipv4 addresses that are really IPv4 - it tries to use ::ffff which is incorrect (from JakeL)
#jira UE-63822
#ROBOMERGE-OWNER: jason.bestimt
#ROBOMERGE-SOURCE: CL 4352452 in //UE4/Main/...
#ROBOMERGE-BOT: DEVVR (Main -> Dev-VR)
[CL 4352459 by bart hawthorne in Dev-VR branch]
2018-09-07 18:18:42 -04:00
|
|
|
if (bDDoSDetection)
|
|
|
|
|
{
|
|
|
|
|
TArray<FString> SeverityCatagories;
|
|
|
|
|
int32 HighestCooloffTime = 0;
|
|
|
|
|
|
|
|
|
|
GConfig->GetArray(DDoSSection, TEXT("DetectionSeverity"), SeverityCatagories, GEngineIni);
|
|
|
|
|
|
|
|
|
|
for (const FString& CurCategory : SeverityCatagories)
|
|
|
|
|
{
|
|
|
|
|
FString CurSection = FString(DDoSSection) + TEXT(".") + CurCategory;
|
|
|
|
|
|
|
|
|
|
if (GConfig->DoesSectionExist(*CurSection, GEngineIni))
|
|
|
|
|
{
|
|
|
|
|
FDDoSStateConfig& CurState = DetectionSeverity.AddDefaulted_GetRef();
|
|
|
|
|
int32 EscalateTime32 = 0;
|
|
|
|
|
|
|
|
|
|
CurState.SeverityCategory = CurCategory;
|
|
|
|
|
|
|
|
|
|
GConfig->GetInt(*CurSection, TEXT("EscalateQuotaPacketsPerSec"), CurState.EscalateQuotaPacketsPerSec, GEngineIni);
|
2018-11-28 15:05:11 -05:00
|
|
|
GConfig->GetInt(*CurSection, TEXT("EscalateQuotaDisconnPacketsPerSec"), CurState.EscalateQuotaDisconnPacketsPerSec, GEngineIni);
|
Copying //UE4/Dev-Networking to //UE4/Dev-Main (Source: //UE4/Dev-Networking [at] 4351996)
#lockdown Nick.Penwarden
#rb none
============================
MAJOR FEATURES & CHANGES
============================
Change 4094368 by Ryan.Gerleve
Restore bunch bitfield optimization from CL 3683745.
Change 4094946 by Ryan.Gerleve
Fix initialization order & some whitespace
Change 4095976 by John.Barrett
Speculative fix for unreproducible compile issue.
Change 4134299 by John.Barrett
Added Hot Reload support for NetcodeUnitTest - almost, but not fully, complete - important for working with Fortnite unit tests, as their execution time can harm productivity.
Added ability for unit tests to partially rewind/restart execution, at specific stages, to save time.
Change 4134300 by John.Barrett
Added NetcodeUnitTest hook, for replacing the raw data for specific RPC parameters, on the fly.
Change 4134304 by John.Barrett
Updated NetcodeUnitTest modules to support Hot Reload.
Change 4157433 by John.Barrett
Updated DDoS detection, based on review.
Change 4205014 by Jake.Leonard
Updating the check to make sure that uninitialized components are blocked from doing low level sends before they are entering initialization or are already initialized.
#Jira UE-61557
Change 4205071 by Jake.Leonard
Fixing up the spammy logs due to kick attempts on fail auth.
Also making the reauth message more clear.
#Jira UE-61696
Change 4224001 by Jake.Leonard
Merging IPv6 and IPv4 code together. Exposing a getaddrinfo method.
#Jira UENET-885, UENET-886
Change 4224014 by Jake.Leonard
New IP Addr changes for Oculus
#Jira: UENET-885
Change 4224020 by Jake.Leonard
New IP Addr changes for iOS
#Jira: UENET-885
Change 4224328 by Jake.Leonard
Fixing Unix SocketSubsystem compilation issues.
#jira: none
Change 4224340 by Jake.Leonard
More Unix compilation fixes
#jira: none
Change 4225020 by Jake.Leonard
Fixes for compilation and static analysis
#Jira: none
Change 4226080 by Jake.Leonard
Minor Address Fixes
#Jira: none
Change 4228299 by Jake.Leonard
Fix the deprecation warnings by removing the macro from the Sockets and IPAddress classes. While these classes are deprecated, can't mark them as such due to how they are generated and used.
On some platforms that are more picky about these deprecations, they return incorrect warnings that otherwise do not show up on other platforms.
In addition, expose and add a function for getaddrinfo for IPv6
#Jira UE-62057, UENET-886
Change 4232410 by Jake.Leonard
Allow build ids of 0 to not be filtered out incorrectly on Steam.
#Jira UE-62144
Change 4232500 by Jake.Leonard
Specify what socket subsystem we want as some platforms override the default and cause resolution issues.
#Jira UE-62156
Change 4235955 by Brian.Bekich
Fix for shared rpc serialization with outparm properties
#jira UE-61946
Change 4235956 by Brian.Bekich
Add missing set of bClose to FInBunch copy constructor
#jira UE-62079
Change 4248157 by Jake.Leonard
Fix IpConnection resolve nuking previous data set, which would wipe away port information. Now we cache off that port data before the clone.
#Jira UE-62321, UE-62260
Change 4257214 by Jake.Leonard
Fix v4 mapped addresses comparison such that we up the address to a common address family and then do the comparison. This uses ntop to determine the address differences.
This fixes hybrid stack issues.
#Jira UE-62266
Change 4259371 by Jake.Leonard
Log print for the comparision as a quick test to make sure that the ntops are actually comparing correctly.
Will remove after test
#Jira: UE-62266
Change 4265668 by Ryan.Gerleve
Fix replication for actor components created in blueprints - these components now properly return false from UActorComponent::IsNameStableForNetworking() by default.
#jira UE-62605
#AUTOMERGE using branch //UE4/Dev-Networking_to_//UE4/Release-4.20 (reversed) of change#4265561 by Ryan.Gerleve on 2018/08/07 13:13:29.
Change 4266436 by Brian.Bekich
PR #4875: Remove extra Printf parameter
#jira UE-61759
Change 4266444 by Brian.Bekich
PR #4883: Fix compilation of unit test minimal client in shipping
#jira UE-61857
Change 4266607 by Brian.Bekich
Handle potential crash in TickWorldTravel
#jira UE-60547
Change 4267341 by Jake.Leonard
* Exposing wrapper for getaddrinfo.
* Adding more fields and new type for gai flags.
* Renamed to GetAddressInfo due to Windows macros.
* Added scope mutators to FInternetAddr
* Properly inject the scope ids on all results when using GetLocalAdapterAddresses
* Fix the endianness for the raw ip mutators
* Fix mapping on address conversion
* New return types for GetAddressInformation
#Jira UENET-886, UE-62159, UE-62269, UE-62266, UE-62319
Change 4267457 by Jake.Leonard
Fix Unix compilation.
#Jira: none
Change 4267808 by Jake.Leonard
Making platforms that don't have FQDN support fall back to canonicalname
#Jira: none
Change 4270603 by Jake.Leonard
* Adding more logging to the Unix adapter queries.
* Fix the adapter query returning success on failure.
#Jira UE-62159
Change 4273549 by Jake.Leonard
Fix the memory leak caused by freeing the wrong sublist.
#Jira UE-62762
Change 4273571 by Jake.Leonard
Adding a new compare function for FInternetAddrs. This CompareEndpoints function can handle protocol differences instead of straight checking the structure data.
#Jira UE-62266
Change 4275449 by Ryan.Gerleve
PR #4965: Remove code that doesn't do anything (Contributed by erikdubbelboer)
Change 4276721 by Ryan.Gerleve
Fix crash if a socket error occurred when the PendingNetGame sent its initial join packet.
#jira UE-62672
#AUTOMERGE using branch //UE4/Dev-Networking_to_//UE4/Release-4.20 (reversed) of change#4276707 by Ryan.Gerleve on 2018/08/10 15:54:30.
Change 4277306 by Ryan.Gerleve
Suppress static analysis warning.
#jira UE-62672
#AUTOMERGE using branch //UE4/Dev-Networking_to_//UE4/Release-4.20 (reversed) of change#4277216 by Ryan.Gerleve on 2018/08/10 17:23:19.
Change 4277471 by Brian.Bekich
Fix for level script actor gc references with replicated blueprint variables/functions
#jira UE-60086
#jira UE-60147
Change 4277689 by Jake.Leonard
Adding more logging to GAI so that we can determine order of addresses.
#Jira: none
Change 4278398 by Brian.Bekich
SA fix
#jira none
Change 4279489 by Jon.Nabozny
PR #4977: Fixed not being able to connect to a LwsWebSocket after shutting it down (Contributed by rlabrecque)
#jira UE-62817
Change 4284633 by Ryan.Gerleve
Fix remote client character animation stuttering while stationary on listen servers by setting the default value of AGameNetworkManager::ClientNetSendMoveDeltaTimeStationary to 0.0166, the same value as ClientNetSendMoveDeltaTime, to match behavior of 4.19. Games may override this value to something lower as an optimization.
#jira UE-62225
#AUTOMERGE using branch //UE4/Dev-Networking_to_//UE4/Release-4.20 (reversed) of change#4284616 by Ryan.Gerleve on 2018/08/14 15:07:17.
Change 4285060 by Jake.Leonard
Adding CreateSocket that takes protocol types to the base classes along with some other helpers.
#Jira UENET-890
Change 4288280 by Jake.Leonard
Fix Unix compiler errors
#Jira: none
Change 4297412 by Jon.Nabozny
Fix pawn relevancy position stuck at possession point.
#jira UE-22390
Change 4302736 by Jon.Nabozny
Prevent Streaming Level Visibility changes from closing channels for static actors on the server. This should prevent them from being destroyed on the client.
[at]Brian.Bekich [at]Ryan.Gerleve
#jira UE-50443 UE-43042
Change 4307673 by Jake.Leonard
Add support for the various types of friends lists that Unreal supports on Steam. Fixing up detection of user statuses.
#Jira UE-63007
Change 4309291 by Jake.Leonard
PR #4976: Remove redundant logic in OSSSteam (Contributed by rlabrecque)
#github https://github.com/EpicGames/UnrealEngine/pull/4976
#Jira: UE-62816
Change 4313601 by Jake.Leonard
* Make the new IPv6 changes act the same way that it does on current 4.20. This allows for a much smoother adoption
* Add new functions to specify the type of special address the user wants.
* Fix the iOS broadcast addressing to determine IPv6 interface scope.
* Additional logging for iOS to determine how it's picking up interfaces
* Lock hybrid platforms to IPv4 for this version until full compatibility is reached that we can deprecate unsupported flows.
#Jira UE-62159, UE-62321, UE-62681
Change 4320118 by Peter.Engstrom
All tests run in NetBitsTest will now pass. Tests that will fail if run have been ifdefed out.
Change 4320147 by Brian.Bekich
Fix FQuat::NetSerialize modifying the original value
#jira UE-60215
Change 4320956 by Brian.Bekich
Fix actor channel for the world settings of streaming levels not being marked broken on the client when seamless traveling
#jira UE-60655
Change 4324361 by Brian.Bekich
Fix a split screen RPC crashin rep graph
#jira none
Change 4324365 by Brian.Bekich
Fix crash when trying to add a split player with an invalid net index
#jira UE-29969
Change 4337829 by Brian.Bekich
Convert some replay checks/ensures to log warnings
Serialize all static guids into replay checkpoints, unless deleted
#jira UE-61539
Change 4341983 by Peter.Engstrom
Implemented NetSerialize for FTimespan. This allows such variables to be replicated.
#jira UE-57403
Change 4342261 by Jake.Leonard
Adding subsystem pointers to the ipaddress to make sure that it can resolve the functions it needs.
#Jira UENET-893
Change 4342348 by Ryan.Gerleve
PR #5023: Fix documentation comment to reflect reality. (Contributed by grafikrobot)
Change 4346475 by Brian.Bekich
Add missing null check in OnLevelRemovedFromWorld
#jira UE-63759
Change 4347867 by Ryan.Gerleve
Submitting on behalf of Jake.Leonard:
Remove GAI queries on determining the local host address for OSX and Linux. Adding more logging in the getifaddrs queries.
#Jira UE-62269
Change 4348512 by Ryan.Gerleve
Don't check the bForceUDP flag in SocketSubsystemBSD - this preserves the behavior from 4.20. FTcpSocketBuilder was passing in true for bForceUDP in its CreateSocket call.
#jira UE-63782
Change 4349781 by Jake.Leonard
Fix GAI flags to make sure they are valid for the platforms that don't allow certain flags to be explicitly specified.
#Jira UE-63744
Change 4351067 by Bart.Hawthorne
Fix issue with FUrl improperly parsing Ipv4 addresses that are really IPv4 - it tries to use ::ffff which is incorrect (from JakeL)
#jira UE-63822
#ROBOMERGE-OWNER: jason.bestimt
#ROBOMERGE-SOURCE: CL 4352452 in //UE4/Main/...
#ROBOMERGE-BOT: DEVVR (Main -> Dev-VR)
[CL 4352459 by bart hawthorne in Dev-VR branch]
2018-09-07 18:18:42 -04:00
|
|
|
GConfig->GetInt(*CurSection, TEXT("EscalateQuotaBadPacketsPerSec"), CurState.EscalateQuotaBadPacketsPerSec, GEngineIni);
|
|
|
|
|
GConfig->GetInt(*CurSection, TEXT("PacketLimitPerFrame"), CurState.PacketLimitPerFrame, GEngineIni);
|
|
|
|
|
GConfig->GetInt(*CurSection, TEXT("PacketTimeLimitMSPerFrame"), CurState.PacketTimeLimitMSPerFrame, GEngineIni);
|
|
|
|
|
GConfig->GetInt(*CurSection, TEXT("NetConnPacketTimeLimitMSPerFrame"), CurState.NetConnPacketTimeLimitMSPerFrame, GEngineIni);
|
|
|
|
|
GConfig->GetInt(*CurSection, TEXT("CooloffTime"), CurState.CooloffTime, GEngineIni);
|
|
|
|
|
|
|
|
|
|
if (GConfig->GetInt(*CurSection, TEXT("EscalateTimeQuotaMSPerFrame"), EscalateTime32, GEngineIni))
|
|
|
|
|
{
|
|
|
|
|
CurState.EscalateTimeQuotaMSPerFrame = EscalateTime32;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
HighestCooloffTime = FMath::Max(HighestCooloffTime, CurState.CooloffTime);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
UE_LOG(PacketHandlerLog, Warning, TEXT("DDoS detection could not find ini section: %s"), *CurSection);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (DetectionSeverity.Num() > 0)
|
|
|
|
|
{
|
|
|
|
|
DetectionSeverity[ActiveState].ApplyState(*this);
|
|
|
|
|
|
|
|
|
|
CounterPerSecHistory.SetNum(HighestCooloffTime);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
UE_LOG(PacketHandlerLog, Warning, TEXT("DDoS detection enabled, but no DetectionSeverity states specified! Disabling."));
|
|
|
|
|
|
|
|
|
|
bDDoSDetection = false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void FDDoSDetection::UpdateSeverity(bool bEscalate)
|
|
|
|
|
{
|
|
|
|
|
int32 NewState = FMath::Clamp(ActiveState + (bEscalate ? 1 : -1), 0, DetectionSeverity.Num());
|
|
|
|
|
|
|
|
|
|
if (NewState != ActiveState)
|
|
|
|
|
{
|
|
|
|
|
double CurTime = FPlatformTime::Seconds();
|
|
|
|
|
|
|
|
|
|
if (bEscalate)
|
|
|
|
|
{
|
|
|
|
|
LastMetEscalationConditions = CurTime;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
// De-escalate to the lowest state which hasn't cooled off, and estimate the timestamp for when the cooloff was last reset
|
|
|
|
|
// (due to estimating, there is slight inaccuracy in the cooloff time)
|
|
|
|
|
bool bCooloffReached = true;
|
|
|
|
|
|
|
|
|
|
while (bCooloffReached && NewState > 0)
|
|
|
|
|
{
|
|
|
|
|
FDDoSStateConfig& PrevState = DetectionSeverity[NewState-1];
|
|
|
|
|
int32 CurStateCooloffTime = DetectionSeverity[NewState].CooloffTime;
|
|
|
|
|
|
|
|
|
|
check(CounterPerSecHistory.Num() >= CurStateCooloffTime);
|
|
|
|
|
|
|
|
|
|
for (int32 SecondsDelta=0; SecondsDelta<CurStateCooloffTime; SecondsDelta++)
|
|
|
|
|
{
|
|
|
|
|
int32 CurIdx = LastCounterPerSecHistoryIdx - SecondsDelta;
|
|
|
|
|
|
|
|
|
|
CurIdx = (CurIdx < 0 ? CounterPerSecHistory.Num() + CurIdx : CurIdx);
|
|
|
|
|
|
|
|
|
|
check(CurIdx >= 0 && CurIdx < CounterPerSecHistory.Num());
|
|
|
|
|
|
|
|
|
|
FDDoSPacketCounters& CurPerSecHistory = CounterPerSecHistory[CurIdx];
|
|
|
|
|
|
|
|
|
|
if (PrevState.HasHitQuota(CurPerSecHistory, CurPerSecHistory.WorstFrameReceiveTimeMS))
|
|
|
|
|
{
|
|
|
|
|
// The state we're transitioning down into, would have last had its cooloff reset around this time
|
|
|
|
|
LastMetEscalationConditions = CurTime - (double)SecondsDelta;
|
|
|
|
|
|
|
|
|
|
bCooloffReached = false;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (bCooloffReached)
|
|
|
|
|
{
|
|
|
|
|
NewState--;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
FDDoSStateConfig& OldState = DetectionSeverity[ActiveState];
|
|
|
|
|
FDDoSStateConfig& CurState = DetectionSeverity[NewState];
|
|
|
|
|
|
|
|
|
|
// If we're at anything other than the base state, then disable all unnecessary logs
|
|
|
|
|
bDDoSLogRestrictions = NewState > 0;
|
|
|
|
|
ActiveState = NewState;
|
|
|
|
|
bMetEscalationConditionsThisFrame = false;
|
|
|
|
|
|
|
|
|
|
CurState.ApplyState(*this);
|
|
|
|
|
|
|
|
|
|
if (FrameAdjustment > 0.f)
|
|
|
|
|
{
|
|
|
|
|
CurState.ApplyAdjustedState(*this, FrameAdjustment);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
UE_LOG(PacketHandlerLog, Warning, TEXT("Updated DDoS detection severity from '%s' to '%s'"),
|
|
|
|
|
*OldState.SeverityCategory, *CurState.SeverityCategory);
|
|
|
|
|
|
|
|
|
|
if (bEscalate && ActiveState > WorstActiveState)
|
|
|
|
|
{
|
|
|
|
|
if (bDDoSAnalytics)
|
|
|
|
|
{
|
|
|
|
|
NotifySeverityEscalation.ExecuteIfBound(CurState.SeverityCategory);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
WorstActiveState = ActiveState;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void FDDoSDetection::PreFrameReceive(float DeltaTime)
|
|
|
|
|
{
|
|
|
|
|
if (bDDoSDetection)
|
|
|
|
|
{
|
|
|
|
|
StartFrameRecvTimestamp = FPlatformTime::Seconds();
|
|
|
|
|
bMetEscalationConditionsThisFrame = false;
|
|
|
|
|
|
|
|
|
|
if (HitchTimeQuotaMS > 0 && EndFrameRecvTimestamp != 0.0)
|
|
|
|
|
{
|
|
|
|
|
double HitchTimeMS = (StartFrameRecvTimestamp - EndFrameRecvTimestamp) * 1000.0;
|
|
|
|
|
|
|
|
|
|
if ((((int32)HitchTimeMS) - HitchTimeQuotaMS) > 0)
|
|
|
|
|
{
|
|
|
|
|
HitchFrameCount++;
|
|
|
|
|
|
|
|
|
|
UE_LOG(PacketHandlerLog, Verbose, TEXT("Detected '%i' successive hitches outside NetDriver Tick. Last Hitch: %fms (Max: %ims)"),
|
|
|
|
|
HitchFrameCount, HitchTimeMS, HitchTimeQuotaMS);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
HitchFrameCount = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// At the start of every frame, adjust the DDoS detection based upon DeltaTime - unless there is excessive hitching
|
|
|
|
|
FrameAdjustment = (HitchFrameCount > 0 && HitchFrameCount > HitchFrameTolerance) ? 1.f : (double)DeltaTime / ExpectedFrameTime;
|
|
|
|
|
|
|
|
|
|
if (ActiveState > 0 && CooloffTime > 0 && (float)(StartFrameRecvTimestamp - LastMetEscalationConditions) > (float)CooloffTime)
|
|
|
|
|
{
|
|
|
|
|
UpdateSeverity(false);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
DetectionSeverity[ActiveState].ApplyAdjustedState(*this, FMath::Max(0.25f, FrameAdjustment));
|
|
|
|
|
|
|
|
|
|
if (((StartFrameRecvTimestamp - LastPerSecQuotaBegin) - 1.0) > 0.0)
|
|
|
|
|
{
|
|
|
|
|
UE_CLOG(DroppedPacketCounter > 0, PacketHandlerLog, Warning,
|
|
|
|
|
TEXT("DDoS Detection dropped '%i' packets during last second (bHitFrameNonConnLimit: %i, bHitFrameNetConnLimit: %i, ")
|
|
|
|
|
TEXT("DetectionSeverity: %s)."),
|
|
|
|
|
DroppedPacketCounter, (int32)bHitFrameNonConnLimit, (int32)bHitFrameNetConnLimit,
|
|
|
|
|
*DetectionSeverity[ActiveState].SeverityCategory);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Record the last quota
|
|
|
|
|
check(CounterPerSecHistory.Num() > 0);
|
|
|
|
|
|
|
|
|
|
LastCounterPerSecHistoryIdx++;
|
|
|
|
|
LastCounterPerSecHistoryIdx = (LastCounterPerSecHistoryIdx >= CounterPerSecHistory.Num()) ? 0 : LastCounterPerSecHistoryIdx;
|
|
|
|
|
|
|
|
|
|
CounterPerSecHistory[LastCounterPerSecHistoryIdx] = *this;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
LastPerSecQuotaBegin = StartFrameRecvTimestamp;
|
|
|
|
|
NonConnPacketCounter = 0;
|
|
|
|
|
NetConnPacketCounter = 0;
|
|
|
|
|
BadPacketCounter = 0;
|
|
|
|
|
ErrorPacketCounter = 0;
|
|
|
|
|
DroppedPacketCounter = 0;
|
|
|
|
|
WorstFrameReceiveTimeMS = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
StartFramePacketCount = NonConnPacketCounter;
|
|
|
|
|
|
|
|
|
|
if (LogHitCounter >= DDoSLogSpamLimit)
|
|
|
|
|
{
|
|
|
|
|
UE_LOG(PacketHandlerLog, Warning, TEXT("Previous frame hit DDoS LogHitCounter limit - hit count: %i (Max: %i)"), LogHitCounter,
|
|
|
|
|
DDoSLogSpamLimit);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
LogHitCounter = 0;
|
|
|
|
|
bHitFrameNonConnLimit = false;
|
|
|
|
|
bHitFrameNetConnLimit = false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void FDDoSDetection::PostFrameReceive()
|
|
|
|
|
{
|
|
|
|
|
if (bDDoSDetection)
|
|
|
|
|
{
|
|
|
|
|
// Some packet counters require an end-frame check for DDoS detection
|
|
|
|
|
CheckNonConnQuotasAndLimits();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
EndFrameRecvTimestamp = FPlatformTime::Seconds();
|
|
|
|
|
|
|
|
|
|
int32 FrameReceiveTimeMS = (int32)((EndFrameRecvTimestamp - StartFrameRecvTimestamp) * 1000.0);
|
|
|
|
|
|
|
|
|
|
WorstFrameReceiveTimeMS = FMath::Max(FrameReceiveTimeMS, WorstFrameReceiveTimeMS);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool FDDoSDetection::CheckNonConnQuotasAndLimits()
|
|
|
|
|
{
|
|
|
|
|
bool bReturnVal = false;
|
|
|
|
|
double CurTime = FPlatformTime::Seconds();
|
|
|
|
|
int32 TimePassedMS = (int32)((CurTime - StartFrameRecvTimestamp) * 1000.0);
|
|
|
|
|
|
|
|
|
|
if (HasHitQuota(*this, TimePassedMS))
|
|
|
|
|
{
|
|
|
|
|
UpdateSeverity(true);
|
|
|
|
|
}
|
|
|
|
|
// Check if we're still at the conditions which led to the current escalated state
|
|
|
|
|
else if (!bMetEscalationConditionsThisFrame && ActiveState > 0)
|
|
|
|
|
{
|
|
|
|
|
const int32 PrevState = ActiveState - 1;
|
|
|
|
|
|
|
|
|
|
if (DetectionSeverity[PrevState].HasHitQuota(*this, TimePassedMS))
|
|
|
|
|
{
|
|
|
|
|
LastMetEscalationConditions = CurTime;
|
|
|
|
|
bMetEscalationConditionsThisFrame = true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// NOTE: PacketLimitPerFrame == 0 is a valid value, and blocks all non-NetConnection packets
|
|
|
|
|
bReturnVal = PacketLimitPerFrame == 0 || (PacketLimitPerFrame > 0 && (NonConnPacketCounter - StartFramePacketCount) >= PacketLimitPerFrame);
|
|
|
|
|
bReturnVal = bReturnVal || (PacketTimeLimitMSPerFrame > 0 && TimePassedMS > PacketTimeLimitMSPerFrame);
|
|
|
|
|
|
|
|
|
|
return bReturnVal;
|
|
|
|
|
}
|
