Only exploit ipf state keeping for CFW logging.

@@ -6,11 +6,11 @@
  * @(#)ip_fil.h 1.35 6/5/96
  * $Id: ip_fil.h,v 2.170.2.22 2005/07/16 05:55:35 darrenr Exp $
  *
  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
  *
- * Copyright (c) 2014, Joyent, Inc.  All rights reserved.
+ * Copyright 2019, Joyent, Inc.
  */
 
 #ifndef __IP_FIL_H__
 #define __IP_FIL_H__
 

@@ -1557,10 +1557,18 @@
 extern  int     ipflog __P((fr_info_t *, u_int));
 extern  int     ipllog __P((int, fr_info_t *, void **, size_t *, int *, int,
                             ipf_stack_t *));
 extern  void    fr_logunload __P((ipf_stack_t *));
 
+/* SmartOS single-FD global-zone state accumulator (see cfw.c) */
+extern boolean_t ipf_cfwlog_enabled;
+struct ipstate; /* Ugggh. */
+extern void ipf_log_cfwlog __P((struct ipstate *, uint_t, ipf_stack_t *));
+extern void ipf_block_cfwlog __P((frentry_t *, fr_info_t *, ipf_stack_t *));
+#define IFS_CFWLOG(ifs) ((ifs)->ifs_gz_controlled && ipf_cfwlog_enabled)
+
+
 extern  frentry_t       *fr_acctpkt __P((fr_info_t *, u_32_t *));
 extern  int             fr_copytolog __P((int, char *, int));
 extern  u_short         fr_cksum __P((mb_t *, ip_t *, int, void *));
 extern  void            fr_deinitialise __P((ipf_stack_t *));
 extern  frentry_t       *fr_dolog __P((fr_info_t *, u_32_t *));