Application Security Testing: An Integral Part of DevOps
Environment: VC6 , NT4 SP4+, W2K
Pfwredun.exe ( Hot redundancy agent ) is the program which shows the possibility of catching IP address of master PC ( say 'A' ) , which shuts down or fails , by slave PC ( say 'B' ) and from that moment client apps on others PCs see this 'B' PC as their server and not A.
This program uses IPHLPAPI.LIB and IPHLPAPI.H ( which calls iptypes.h and ipexport.h ) from Platform SDK . So you need to install Platform SDK first , before compiling and linking pfwredun.exe.
IPHLPAPI.LIB work in Windows NT 4.0 + SP 4+ , W2K and Win98 . I checked the work of the program in NT 4.0 SP 4 ,5 and W2K. I didn't check it in Win98.
This program ( pfwredun.exe - MFC dialog box application ) has to be started First time with parameter INIT h.e. in editfield of Run dialog from Start menu you have to write pfwredun INIT. After creation of pfwredun.ini file you have to fill in some data. In section [Adapters] you'll see that every line includes MAC Address and description of each adapter in square brackets. The number of lines will be by number of net adapters in the PC.
In each line you have to write after equal sign all IP's of servers which should be attached to this adapter in case of failure. So , if IP's of N servers will be written for each adapter , in the case of failure on all these servers all IP's will be attached to this adapter. IPs have to be written in standard form XXX.XXX.XXX.XXX,YYY.YYY.YYY.YYY.... In the section [Settings] you can change Network mask and time settings as you need. In time key ( by default 30 ) you define the time between calls to check/attach function if working thread created successfully( the time between finishing previous calls and start of current one ) . In the case of unsuccessful thread creation I used the timer for polling calls.
Second time pfwredun.exe has to be started without parameters . You can see existing of hot redundancy agent ( pfwredun.exe ) by icon on TaskBar tray consisting of two connected boxes ( computers ) . When IP of any server not attached yet the icon has blue color and changes color to green if agent attach first IP to one of it's adapters. Which IP is attached possible to see by "*" near IP address if press Right Button staying on Agent Icon and choosing Settings from menu. BTW I couldn't change the icon by NIM_MODIFY , so I used NIM_DELETE and NIM_ADD pair. To close the program it's possible only when not one IP is attached , so for freeing of IP need to choose which adapter ( from 1 ) and which IP ( from 1 ) you need to leave in Settings dialog box .After pressing first time IP freed from adapter. Now you can start the server and press another time to start the polling of this master. If You want to close the agent and some IPs attached , you simple need to choose each adapter,IP pair and press twice . After all IP releases the color of icon will be blue and possible to call Close the agent.
In closing the application there exists another problem, when I press Close in menu , the thread maybe in the Sleep state. So I divided Sleep time-out by 3 to minimize response time.
For clarification of data structure , I describe here some of class members ( CPfwredundlg ):
|array of net adapter's indexes ( each net adapter have unique index ), if n net adapters exist in PC|
|array of pointers. Every element of m_aptr is pointer on array of IP's for each adapter ( from n ) for check for attachment . Because first adapter may have 2 IP's for attachment , next 5 IP's and so on.|
|array of pointers . Every element of m_adaptercontext is pointer on array of Contexts for every adapter( Context is the value , which describe the context of attachment return by AddIPAddress for next use in DeleteIPAddress ) . It's parallel to m_aptr.|
|two-dimension array . Every element in this array is pair of pointer to array of m_aptr and DWORD ( 0/1 ) , which describe is attachment condition. If 1 ( TRUE ) attachment was done and no need to check this IP.|
Additional features of this program is attaching the IP , which has opportunity of Internet ( by firewall ) by intranet computer will allow to use it like internet computer , but only the original network mask has to be changed to allow routing for added IP.
DownloadsDownload project - 50 Kb
Download zipped exe - 13 Kb