Argus vs. DDoS
chris-argus at qwirx.com
Thu Feb 21 05:47:34 EST 2013
On Thu, 21 Feb 2013, Carter Bullard wrote:
>>> Residual memory is odd and maybe a bug. It maybe that your kernel
>>> doesn't report that the deallocated memory pages are inactive? You
>>> have memory, but the kernel does report it as available?
>> I don't have the problem at the moment, because I've restarted the
>> Argus process since the last DDoS, but as far as I recall it's
>> allocated as used and not available to the system. It isn't released
>> until the Argus process is restarted.
It's important to know that memory free()d by the application is not
necessarily returned to the OS. The application can only return whole
pages, or only from the top of the heap (lowest addresses) by moving the
heap boundary. The memory is certainly available for reuse, and may be
paged out into swap and never touched again, but it's very difficult for
the C runtime to guarantee that pages won't be touched again and tell the
OS that they can be discarded and released.
So in general, it's impossible for applications to reduce their virtual
memory usage without discarding almost all their state, which is
equivalent to a restart.
_____ __ _
\ __/ / ,__(_)_ | Chris Wilson <chris+sig at qwirx.com> Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\__/_/_/_//_/___/ | We are GNU : free your mind & your software |
More information about the argus