Blame extensions/libxt_TRACE.man
|
Packit |
7b22a4 |
This target marks packets so that the kernel will log every rule which match
|
|
Packit |
7b22a4 |
the packets as those traverse the tables, chains, rules. It can only be used in
|
|
Packit |
7b22a4 |
the
|
|
Packit |
7b22a4 |
.BR raw
|
|
Packit |
7b22a4 |
table.
|
|
Packit |
7b22a4 |
.PP
|
|
Packit |
7b22a4 |
With iptables-legacy, a logging backend, such as ip(6)t_LOG or nfnetlink_log,
|
|
Packit |
7b22a4 |
must be loaded for this to be visible.
|
|
Packit |
7b22a4 |
The packets are logged with the string prefix:
|
|
Packit |
7b22a4 |
"TRACE: tablename:chainname:type:rulenum " where type can be "rule" for
|
|
Packit |
7b22a4 |
plain rule, "return" for implicit rule at the end of a user defined chain
|
|
Packit |
7b22a4 |
and "policy" for the policy of the built in chains.
|
|
Packit |
7b22a4 |
.PP
|
|
Packit |
7b22a4 |
With iptables-nft, the target is translated into nftables'
|
|
Packit |
7b22a4 |
.B "meta nftrace"
|
|
Packit |
7b22a4 |
expression. Hence the kernel sends trace events via netlink to userspace where
|
|
Packit |
7b22a4 |
they may be displayed using
|
|
Packit |
7b22a4 |
.B "xtables-monitor --trace"
|
|
Packit |
7b22a4 |
command. For details, refer to
|
|
Packit |
7b22a4 |
.BR xtables-monitor (8).
|