2.2. Flows API

The Flows API exposes functions to query and manage active ntopng flows.

Functions

function getFlowsInfo(string host_ip = nil, table pag_options = nil)

Get active flows information.

Parameters:

  • host_ip – filter by host/host@vlan.

  • pag_options – options for the paginator.

Returns:

table (num_flows, flows) on success (see Flow::lua), nil otherwise.

function getFlowsStatus()

Get active flows status statistics.

Returns:

a table (status -> num_flows) for every status (RST, SYN, Established, FIN) on success, nil otherwise.

function getGroupedFlows(string group_col, table pag_options = nil)

Group active flows by a specified criteria.

Parameters:

  • group_col – the grouping column

  • pag_options – options for the paginator.

Returns:

table with grouped flows information on success, nil otherwise.

function getFlowsStats()

Get active flows nDPI bytes count.

Returns:

table (num_flows, protos, breeds) which map (protocol_name->bytes_count) on success, nil otherwise.

function getnDPIFlowsCount()

Get the number of active flows by nDPI protocol.

Returns:

a table (protocol_name -> num_flows) on success, nil otherwise.

function getFlowKey(string cli_ip, int cli_port, string srv_ip, int srv_port, int l4_proto)

Computes the unique flow identifier.

Parameters:

  • cli_ip – host/host@vlan.

  • cli_port – the client port.

  • srv_ip – host/host@vlan.

  • srv_port – the server port.

  • l4_proto – l4 protocol id

Returns:

the numeric flow key on success, nil otherwise.

function findFlowByTuple(string cli_ip, string srv_ip, int vlan, int cli_port, int srv_port, int l4_proto)

Get flow information by specifying the 5-tuple.

Parameters:

  • cli_ip – host.

  • srv_ip – host.

  • vlan – the VLAN.

  • cli_port – the client port.

  • srv_port – the server port.

  • l4_proto – l4 protocol id

Returns:

a table with the flow information (see Flow::lua) on success, nil otherwise.

function findFlowByKeyAndHashId(int key, int hashid)

Returns a single active flow information.

Parameters:

  • key – the flow key.

  • hashid – the flow hash ID.

Returns:

the flow information on success, nil otherwise.

function dropFlowTraffic(int key, int hashid)

Drops an active flow traffic.

Note

this is only effective when using nEdge.

Parameters:

  • key – the flow key.

  • hashid – the flow hash ID.

Returns:

true on success, false otherwise