Add PUSH_UPDATE part

Fixes OVPN3-1230

Signed-off-by: Lev Stipakov <[email protected]>

Author: lstipakov

openvpn-wire-protocol.xml

@@ -1458,12 +1458,13 @@ struct key_exchange {
             <li>bit 4: The client is capable of accepting additional arguments
             to the <xref target="authpending">AUTH_PENDING</xref> message.</li>
             <li>bit 5: The client supports doing feature negotiation in P2P mode.</li>
-            <li>bit 6: The client is capable of parsing and receiving the <xref target="dnsproto">dns</xref> messages pushed option</li>
+            <li>bit 6: The client is capable of parsing and receiving the <xref target="dnsproto">dns</xref> messages pushed option. DEPRECATED. Do not use.</li>
             <li>bit 7: The client is capable of sending exit notification via control channel using <xref target="exitcc">EXIT</xref> message. The client is accpting the protocol-flags pushed option for the EKM capability</li>
             <li>bit 8: The client is capable of accepting <xref target="authfailed">AUTH_FAILED,TEMP</xref> messages.</li>
             <li>bit 9: The client is capable of dynamic tls-crypt</li>
-            <li>bit 10: The client is capaple of AEAD tag at the end of a data channel packet and capable of using 64bit packet counters for AEAD ciphers.</li>
-
+            <li>bit 10: The client is capable of AEAD tag at the end of a data channel packet and capable of using 64bit packet counters for AEAD ciphers.</li>
+            <li>bit 11: The client is capable of parsing and receiving the <xref target="dnsproto">dns</xref> messages pushed option.</li>
+            <li>bit 12: The client is capable of receiving <xref target="pushupdate">PUSH_UPDATE</xref> message.</li>
           </ul>
         </t>
         <t>
@@ -1814,6 +1815,32 @@ datakeys = TLS_PRF(key_seed, key_seed)
         without waiting for the <tt>PUSH_REQUEST</tt> from the client.
         </t>
       </section>
+      <section anchor="pushupdate" title="PUSH_UPDATE">
+      <t>
+        Format: <sourcecode>PUSH_UPDATE [comma separated options]</sourcecode>
+      </t>
+      <t>
+        This message includes dynamic configuration options that can be pushed from the server to the client without reconnecting.
+        These options augment existing options. Options with the same name are replaced. To remove an option, it should be prefixed
+        with <tt>-</tt>. For example, the following code replaces all routes (if there were any) with the provided one and removes the <tt>dns</tt> option:
+        <sourcecode>
+          PUSH_UPDATE,route 10.10.10.0 255.255.255.0,-dns
+        </sourcecode>
+        The client SHOULD support updating all pushed options; otherwise, it SHOULD reconnect. This also applies to removal.
+        <t>
+        Options prefixed with <tt>?</tt> are considered optional. The client MAY support them. If the client cannot support some optional options,
+        they can be ignored, and the client does not have to reconnect. This also applies to removal. Example syntax:
+        <sourcecode>
+          PUSH_UPDATE,-?block-ipv6
+        </sourcecode>
+        Here client should remove <tt>block-ipv6</tt> option. However, if client does not support updating it, it does not need to reconnect.
+        </t>
+      </t>
+      <t>
+        This message is only sent if the client has set the IV_PROTO_PUSH_UPDATE bit in the IV_PROTO
+        <xref target="peerinfo">peerinfo</xref> client variable.
+      </t>
+    </section>
       <section anchor="authpending" title="AUTH_PENDING">
         <t>
           Format: