GH-1119: add base/protcols/conn/removal-hooks.zeek

This adds two new functions: `Conn::register_removal_hook()` and
`Conn::unregister_removal_hook()` for registering a hook function to be
called back during `connection_state_remove`.  The benefit of using hook
callback approach is better scalability: the overhead of unrelated
protocols having to dispatch no-op `connection_state_remove` handlers is
avoided.

scripts/base/protocols/krb/main.zeek

@@ -1,9 +1,10 @@
 ##! Implements base functionality for KRB analysis. Generates the kerberos.log
 ##! file.
 
-module KRB;
-
 @load ./consts
+@load base/protocols/conn/removal-hooks
+
+module KRB;
 
 export {
 	redef enum Log::ID += { LOG };
@@ -63,6 +64,9 @@ export {
 	## Event that can be handled to access the KRB record as it is sent on
 	## to the logging framework.
 	global log_krb: event(rec: Info);
+
+	## Kerberos finalization hook.  Remaining Kerberos info may get logged when it's called.
+	global finalize_krb: Conn::RemovalHook;
 }
 
 redef record connection += {
@@ -87,6 +91,7 @@ function set_session(c: connection): bool
 		c$krb = Info($ts  = network_time(),
 		             $uid = c$uid,
 		             $id  = c$id);
+		Conn::register_removal_hook(c, finalize_krb);
 		}
 	
 	return c$krb$logged;
@@ -228,7 +233,7 @@ event krb_tgs_response(c: connection, msg: KDC_Response) &priority=-5
 	do_log(c);
 	}
 
-event connection_state_remove(c: connection) &priority=-5
+hook finalize_krb(c: connection)
 	{
 	do_log(c);
 	}