pfctl: Don't print (ether) to / from if they're not set

If we're not filtering on a specific MAC address don't print it at all,
rather than showing an all-zero address.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31749

lib/libpfctl/libpfctl.c

@@ -549,6 +549,7 @@ pf_nvrule_to_rule(const nvlist_t *nvl, struct pfctl_rule *rule)
 static void
 pfctl_nveth_addr_to_eth_addr(const nvlist_t *nvl, struct pfctl_eth_addr *addr)
 {
+	static const u_int8_t EMPTY_MAC[ETHER_ADDR_LEN] = { 0 };
 	size_t len;
 	const void *data;
 
@@ -557,6 +558,9 @@ pfctl_nveth_addr_to_eth_addr(const nvlist_t *nvl, struct pfctl_eth_addr *addr)
 	memcpy(addr->addr, data, sizeof(addr->addr));
 
 	addr->neg = nvlist_get_bool(nvl, "neg");
+
+	/* To make checks for 'is this address set?' easier. */
+	addr->isset = memcmp(addr->addr, EMPTY_MAC, ETHER_ADDR_LEN) != 0;
 }
 
 static nvlist_t *

lib/libpfctl/libpfctl.h

@@ -73,6 +73,7 @@ struct pfctl_eth_rules_info {
 struct pfctl_eth_addr {
 	uint8_t	addr[ETHER_ADDR_LEN];
 	bool	neg;
+	bool	isset;
 };
 
 struct pfctl_eth_rule {

sbin/pfctl/pfctl_parser.c

@@ -694,6 +694,16 @@ print_src_node(struct pf_src_node *sn, int opts)
 static void
 print_eth_addr(const struct pfctl_eth_addr *a)
 {
+	int i;
+	for (i = 0; i < ETHER_ADDR_LEN; i++) {
+		if (a->addr[i] != 0)
+			break;
+	}
+
+	/* Unset, so don't print anything. */
+	if (i == ETHER_ADDR_LEN)
+		return;
+
 	printf("%s%02x:%02x:%02x:%02x:%02x:%02x", a->neg ? "! " : "",
 	    a->addr[0], a->addr[1], a->addr[2], a->addr[3], a->addr[4],
 	    a->addr[5]);
@@ -724,10 +734,14 @@ print_eth_rule(struct pfctl_eth_rule *r, int rule_numbers)
 	if (r->proto)
 		printf(" proto 0x%04x", r->proto);
 
-	printf(" from ");
-	print_eth_addr(&r->src);
-	printf(" to ");
-	print_eth_addr(&r->dst);
+	if (r->src.isset) {
+		printf(" from ");
+		print_eth_addr(&r->src);
+	}
+	if (r->dst.isset) {
+		printf(" to ");
+		print_eth_addr(&r->dst);
+	}
 
 	if (r->qname[0])
 		printf(" queue %s", r->qname);