Moved load_duration_parm and set_duration_parm out of proto.hpp

and into a new file openvpn/time/durhelper.hpp.

Added skew_duration() to durhelper.hpp to randomly skew
duration values.

Added Duration::operator+(const int delta) method to
allow modification of raw duration value by an int.

openvpn/client/cliproto.hpp

@@ -56,6 +56,7 @@
 #include <openvpn/client/clihalt.hpp>
 #include <openvpn/time/asiotimer.hpp>
 #include <openvpn/time/coarsetime.hpp>
+#include <openvpn/time/durhelper.hpp>
 #include <openvpn/error/excode.hpp>
 
 #include <openvpn/ssl/proto.hpp>
@@ -686,7 +687,7 @@ namespace openvpn {
       void extract_inactive(const OptionList& opt)
       {
 	try {
-	  const Option *o = Base::Config::load_duration_parm(inactive_duration, "inactive", opt, 1, false);
+	  const Option *o = load_duration_parm(inactive_duration, "inactive", opt, 1, false);
 	  if (o)
 	    {
 	      if (o->size() >= 3)

openvpn/ssl/proto.hpp

@@ -48,6 +48,7 @@
 #include <openvpn/buffer/buffer.hpp>
 #include <openvpn/buffer/safestr.hpp>
 #include <openvpn/time/time.hpp>
+#include <openvpn/time/durhelper.hpp>
 #include <openvpn/frame/frame.hpp>
 #include <openvpn/random/randapi.hpp>
 #include <openvpn/crypto/cryptoalgs.hpp>
@@ -697,38 +698,6 @@ namespace openvpn {
 	return ret;
       }
 
-      static void set_duration_parm(Time::Duration& dur,
-				    const char *name,
-				    const std::string& valstr,
-				    const unsigned int min_value,
-				    const bool x2)
-      {
-	const unsigned int maxdur = 60*60*24*7; // maximum duration -- 7 days
-	unsigned int value = 0;
-	const bool status = parse_number<unsigned int>(valstr, value);
-	if (!status)
-	  OPENVPN_THROW(proto_option_error, name << ": error parsing number of seconds");
-	if (x2)
-	  value *= 2;
-	if (value == 0 || value > maxdur)
-	  value = maxdur;
-	if (value < min_value)
-	  value = min_value;
-	dur = Time::Duration::seconds(value);
-      }
-
-      static const Option* load_duration_parm(Time::Duration& dur,
-					      const char *name,
-					      const OptionList& opt,
-					      const unsigned int min_value,
-					      const bool x2)
-      {
-	const Option *o = opt.get_ptr(name);
-	if (o)
-	  set_duration_parm(dur, name, o->get(1, 16), min_value, x2);
-	return o;
-      }
-
       // Used to generate link_mtu option sent to peer.
       // Not const because dc.context() caches the DC context.
       unsigned int link_mtu_adjust()

openvpn/time/durhelper.hpp

@@ -0,0 +1,77 @@
+//    OpenVPN -- An application to securely tunnel IP networks
+//               over a single port, with support for SSL/TLS-based
+//               session authentication and key exchange,
+//               packet encryption, packet authentication, and
+//               packet compression.
+//
+//    Copyright (C) 2012-2015 OpenVPN Technologies, Inc.
+//
+//    This program is free software: you can redistribute it and/or modify
+//    it under the terms of the GNU Affero General Public License Version 3
+//    as published by the Free Software Foundation.
+//
+//    This program is distributed in the hope that it will be useful,
+//    but WITHOUT ANY WARRANTY; without even the implied warranty of
+//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//    GNU Affero General Public License for more details.
+//
+//    You should have received a copy of the GNU Affero General Public License
+//    along with this program in the COPYING file.
+//    If not, see <http://www.gnu.org/licenses/>.
+
+#ifndef OPENVPN_TIME_DURHELPER_H
+#define OPENVPN_TIME_DURHELPER_H
+
+#include <openvpn/common/options.hpp>
+#include <openvpn/time/time.hpp>
+#include <openvpn/random/boostrand.hpp>
+
+namespace openvpn {
+  inline void set_duration_parm(Time::Duration& dur,
+				const char *name,
+				const std::string& valstr,
+				const unsigned int min_value,
+				const bool x2)
+  {
+    const unsigned int maxdur = 60*60*24*7; // maximum duration -- 7 days
+    unsigned int value = 0;
+    const bool status = parse_number<unsigned int>(valstr, value);
+    if (!status)
+      OPENVPN_THROW(option_error, name << ": error parsing number of seconds");
+    if (x2)
+      value *= 2;
+    if (value == 0 || value > maxdur)
+      value = maxdur;
+    if (value < min_value)
+      value = min_value;
+    dur = Time::Duration::seconds(value);
+  }
+
+  inline const Option* load_duration_parm(Time::Duration& dur,
+					  const char *name,
+					  const OptionList& opt,
+					  const unsigned int min_value,
+					  const bool x2)
+  {
+    const Option *o = opt.get_ptr(name);
+    if (o)
+      set_duration_parm(dur, name, o->get(1, 16), min_value, x2);
+    return o;
+  }
+
+  inline Time::Duration skew_duration(const Time::Duration& dur,
+				      const Time::Duration& min,
+				      const unsigned int flux_order,
+				      RandomIntBase& rand)
+  {
+    const unsigned int range = 1 << flux_order;
+    const int delta = int(rand.rand() & (range-1)) - int(range>>1);
+    const Time::Duration ret = dur + delta;
+    if (ret >= min)
+      return ret;
+    else
+      return min;
+  }
+}
+
+#endif

openvpn/time/time.hpp

@@ -89,6 +89,22 @@ namespace openvpn {
 	  return Duration(duration_ + d.duration_);
       }
 
+      Duration operator+(const int delta) const
+      {
+	T duration = duration_;
+	if (delta >= 0)
+	  duration += delta;
+	else
+	  {
+	    const unsigned int ndelta = -delta;
+	    if (duration_ >= ndelta)
+	      duration -= ndelta;
+	    else
+	      duration = 0;
+	  }
+	return Duration(duration);
+      }
+
       Duration& operator+=(const Duration& d)
       {
 	if (is_infinite() || d.is_infinite())