KRT: Forbid path merging on BSD

We support ECMP routes only on Linux. Exported routes are checked in
krt_capable(), but a route generated during path merging avoids this
check.

sysdep/linux/krt-sys.h

@@ -32,6 +32,8 @@ static inline struct ifa * kif_get_primary_ip(struct iface *i) { return NULL; }
 
 /* Kernel routes */
 
+#define KRT_ALLOW_MERGE_PATHS	1
+
 #define EA_KRT_PREFSRC		EA_CODE(EAP_KRT, 0x10)
 #define EA_KRT_REALM		EA_CODE(EAP_KRT, 0x11)
 

sysdep/unix/krt.Y

@@ -19,6 +19,8 @@ CF_DECLS
 
 CF_KEYWORDS(KERNEL, PERSIST, SCAN, TIME, LEARN, DEVICE, ROUTES, GRACEFUL, RESTART, KRT_SOURCE, KRT_METRIC, MERGE, PATHS)
 
+%type <i> kern_mp_limit
+
 CF_GRAMMAR
 
 /* Kernel syncer protocol */
@@ -32,6 +34,11 @@ CF_ADDTO(kern_proto, kern_proto_start proto_name '{')
 CF_ADDTO(kern_proto, kern_proto proto_item ';')
 CF_ADDTO(kern_proto, kern_proto kern_item ';')
 
+kern_mp_limit:
+   /* empty */ { $$ = KRT_DEFAULT_ECMP_LIMIT; }
+ | LIMIT expr  { $$ = $2; if (($2 <= 0) || ($2 > 255)) cf_error("Merge paths limit must be in range 1-255"); }
+ ;
+
 kern_item:
    PERSIST bool { THIS_KRT->persist = $2; }
  | SCAN TIME expr {
@@ -42,13 +49,18 @@ kern_item:
       THIS_KRT->learn = $2;
 #ifndef KRT_ALLOW_LEARN
       if ($2)
-	cf_error("Learning of kernel routes not supported in this configuration");
+	cf_error("Learning of kernel routes not supported on this platform");
 #endif
    }
  | DEVICE ROUTES bool { THIS_KRT->devroutes = $3; }
  | GRACEFUL RESTART bool { THIS_KRT->graceful_restart = $3; }
- | MERGE PATHS bool { THIS_KRT->merge_paths = $3 ? KRT_DEFAULT_ECMP_LIMIT : 0; }
+ | MERGE PATHS bool kern_mp_limit {
- | MERGE PATHS bool LIMIT expr { THIS_KRT->merge_paths = $3 ? $5 : 0; if (($5 <= 0) || ($5 > 255)) cf_error("Merge paths limit must be in range 1-255"); }
+      THIS_KRT->merge_paths = $3 ? $4 : 0;
+#ifndef KRT_ALLOW_LEARN
+      if ($3)
+	cf_error("Path merging not supported on this platform");
+#endif
+   }
  ;
 
 /* Kernel interface protocol */