conntrack: Add _IsFirst field

[ronensc]

This PR adds the _IsFirst field to connection records (newConnection, updateConnection and endConnection).
It's not added to flowLog records.
The field is set to true only on the first record of the connection.
It is useful in cases where newConnection records are not outputted (to reduce the number output records)
and there is a need to count the total number of connections: simply counting _IsFirst=true

This solves #298

[KalmanMeth]

I don't understand how this helps. By counting the number of _IsFirst=true we get the total number of newConnections from the beginning of measurement. So this is essentially equivalent to counting the times we get newConnection (if we get each one). Can't we continue to count newConnection, and allow to have a newConnection reported on the first output record (even if we also have endConnection and/or updateConnection reported on the same record)?

[ronensc]

@KalmanMeth When the outputRecordTypes is configured with [newConnection, updateConnection, endConnection], i.e. to output newConnection records, then the _IsFirst flag will be set to true only on them. So counting _IsFirst="true" is equivalent to counting _RecordType="newConnection" as you mentioned.
But, when the outputRecordTypes is configured with [updateConnection, endConnection], i.e. to not output newConnection records, then, counting _IsFirst="true" is my suggest way to count the number of connections. Counting _RecordType="newConnection" will return zero.

[KalmanMeth]

Perhaps this should be 19 or less. 20 seems too borderline and it might just get an additional update report.

[ronensc]

Thanks for taking a close look at the tests!
Since the update report was at time 11s, the next update should be at time 21s. So 21s is the borderline. That's why I check a second before (at 20s) that there are no updates and a second after (at 22s) that there is an update.

[jotak]

lgtm!