Argus vs. DDoS

Chris Wilson chris-argus at
Thu Feb 21 05:47:34 EST 2013

Hi all,

On Thu, 21 Feb 2013, Carter Bullard wrote:

>>> Residual memory is odd and maybe a bug.  It maybe that your kernel 
>>> doesn't report that the deallocated memory pages are inactive?  You 
>>> have memory, but the kernel does report it as available?
>> I don't have the problem at the moment, because I've restarted the 
>> Argus process since the last DDoS, but as far as I recall it's 
>> allocated as used and not available to the system. It isn't released 
>> until the Argus process is restarted.

It's important to know that memory free()d by the application is not 
necessarily returned to the OS. The application can only return whole 
pages, or only from the top of the heap (lowest addresses) by moving the 
heap boundary. The memory is certainly available for reuse, and may be 
paged out into swap and never touched again, but it's very difficult for 
the C runtime to guarantee that pages won't be touched again and tell the 
OS that they can be discarded and released.

So in general, it's impossible for applications to reduce their virtual 
memory usage without discarding almost all their state, which is 
equivalent to a restart.

Cheers, Chris.
_____ __     _
\  __/ / ,__(_)_  | Chris Wilson <chris+sig at> Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\__/_/_/_//_/___/ | We are GNU : free your mind & your software |

More information about the argus mailing list