pfctl: print ethernet rules when called with '-n'

Just as pfctl already does for other rules we print the ethernet rules
we would have loaded if '-n' is specified.

Sponsored by:	Rubicon Communications, LLC ("Netgate")

sbin/pfctl/parse.y

@@ -5749,9 +5749,11 @@ expand_eth_rule(struct pfctl_eth_rule *r,
 		bcopy(src->mac, r->src.addr, ETHER_ADDR_LEN);
 		bcopy(src->mask, r->src.mask, ETHER_ADDR_LEN);
 		r->src.neg = src->neg;
+		r->src.isset = src->isset;
 		bcopy(dst->mac, r->dst.addr, ETHER_ADDR_LEN);
 		bcopy(dst->mask, r->dst.mask, ETHER_ADDR_LEN);
 		r->dst.neg = dst->neg;
+		r->dst.isset = dst->isset;
 		r->nr = pf->eastack[pf->asd]->match++;
 
 		pfctl_append_eth_rule(pf, r, anchor_call);
@@ -6926,6 +6928,7 @@ node_mac_from_string(const char *str)
 	}
 
 	memset(m->mask, 0xff, ETHER_ADDR_LEN);
+	m->isset = true;
 	m->next = NULL;
 	m->tail = m;
 

sbin/pfctl/pfctl.c

@@ -1698,7 +1698,8 @@ pfctl_load_eth_ruleset(struct pfctl *pf, char *path,
 			if ((error = pfctl_load_eth_ruleset(pf, path,
 			    &r->anchor->ruleset, depth + 1)))
 				return (error);
-		}
+		} else if (pf->opts & PF_OPT_VERBOSE)
+			printf("\n");
 		free(r);
 	}
 	if (brace && pf->opts & PF_OPT_VERBOSE) {
@@ -1743,6 +1744,12 @@ pfctl_load_eth_rule(struct pfctl *pf, char *path, struct pfctl_eth_rule *r,
 		    pf->eth_ticket))
 			err(1, "DIOCADDETHRULENV");
 
+	if (pf->opts & PF_OPT_VERBOSE) {
+		INDENT(depth, !(pf->opts & PF_OPT_VERBOSE2));
+		print_eth_rule(r, r->anchor ? r->anchor->name : "",
+		    pf->opts & (PF_OPT_VERBOSE2 | PF_OPT_DEBUG));
+	}
+
 	path[len] = '\0';
 
 	return (0);

sbin/pfctl/pfctl_parser.h

@@ -140,6 +140,7 @@ struct node_mac {
 	u_int8_t	 mac[ETHER_ADDR_LEN];
 	u_int8_t	 mask[ETHER_ADDR_LEN];
 	bool		 neg;
+	bool		 isset;
 	struct node_mac	*next;
 	struct node_mac	*tail;
 };