GH-646: add new "successful_connection_remove" event

And switch Zeek's base scripts over to using it in place of
"connection_state_remove".  The difference between the two is
that "connection_state_remove" is raised for all events while
"successful_connection_remove" excludes TCP connections that were never
established (just SYN packets).  There can be performance benefits
to this change for some use-cases.

There's also a new event called ``connection_successful`` and a new
``connection`` record field named "successful" to help indicate this new
property of connections.

src/Conn.h

@@ -114,6 +114,9 @@ public:
 
 	TransportProto ConnTransport() const { return proto; }
 
+	bool IsSuccessful() const	{ return is_successful; };
+	void SetSuccessful()	{ is_successful = true; }
+
 	// True if we should record subsequent packets (either headers or
 	// in their entirety, depending on record_contents).  We still
 	// record subsequent SYN/FIN/RST, regardless of how this is set.
@@ -162,6 +165,11 @@ public:
 	void Match(Rule::PatternType type, const u_char* data, int len,
 			bool is_orig, bool bol, bool eol, bool clear_state);
 
+	/**
+	 * Generates connection removal event(s).
+	 */
+	void RemovalEvent();
+
 	// If a handler exists for 'f', an event will be generated.  If 'name' is
 	// given that event's first argument will be it, and it's second will be
 	// the connection value.  If 'name' is null, then the event's first
@@ -339,6 +347,7 @@ protected:
 	unsigned int record_packets:1, record_contents:1;
 	unsigned int record_current_packet:1, record_current_content:1;
 	unsigned int saw_first_orig_packet:1, saw_first_resp_packet:1;
+	unsigned int is_successful:1;
 
 	// Count number of connections.
 	static uint64_t total_connections;