Skip to content

GitLab

Switch branch/tag
Find file Normal viewHistoryPermalink
libxt_TRACE.man 819 Bytes
Newer Older
Arturo Borrero Gonzalez's avatar
Imported Upstream version 1.4.21  
Arturo Borrero Gonzalez committed
1 
This target marks packets so that the kernel will log every rule which match
Arturo Borrero Gonzalez's avatar
New upstream version 1.8.3    
Arturo Borrero Gonzalez committed
2
3
4
5 
the packets as those traverse the tables, chains, rules. It can only be used in
the
.BR raw
table.
Arturo Borrero Gonzalez's avatar
Imported Upstream version 1.4.21  
Arturo Borrero Gonzalez committed
6 
.PP
Arturo Borrero Gonzalez's avatar
New upstream version 1.8.3    
Arturo Borrero Gonzalez committed
7
8 
With iptables-legacy, a logging backend, such as ip(6)t_LOG or nfnetlink_log,
must be loaded for this to be visible.
Arturo Borrero Gonzalez's avatar
Imported Upstream version 1.4.21  
Arturo Borrero Gonzalez committed
9
10
11
12 
The packets are logged with the string prefix:
"TRACE: tablename:chainname:type:rulenum " where type can be "rule" for 
plain rule, "return" for implicit rule at the end of a user defined chain 
and "policy" for the policy of the built in chains.
Arturo Borrero Gonzalez's avatar
New upstream version 1.8.3    
Arturo Borrero Gonzalez committed
13
14
15
16
17
18
19
20 
.PP
With iptables-nft, the target is translated into nftables'
.B "meta nftrace"
expression. Hence the kernel sends trace events via netlink to userspace where
they may be displayed using
.B "xtables-monitor --trace"
command. For details, refer to
.BR xtables-monitor (8).