1*a71a9546SAutomerger Merge WorkerThis target marks packets so that the kernel will log every rule which match 2*a71a9546SAutomerger Merge Workerthe packets as those traverse the tables, chains, rules. It can only be used in 3*a71a9546SAutomerger Merge Workerthe 4*a71a9546SAutomerger Merge Worker.BR raw 5*a71a9546SAutomerger Merge Workertable. 6*a71a9546SAutomerger Merge Worker.PP 7*a71a9546SAutomerger Merge WorkerWith iptables-legacy, a logging backend, such as ip(6)t_LOG or nfnetlink_log, 8*a71a9546SAutomerger Merge Workermust be loaded for this to be visible. 9*a71a9546SAutomerger Merge WorkerThe packets are logged with the string prefix: 10*a71a9546SAutomerger Merge Worker"TRACE: tablename:chainname:type:rulenum " where type can be "rule" for 11*a71a9546SAutomerger Merge Workerplain rule, "return" for implicit rule at the end of a user defined chain 12*a71a9546SAutomerger Merge Workerand "policy" for the policy of the built in chains. 13*a71a9546SAutomerger Merge Worker.PP 14*a71a9546SAutomerger Merge WorkerWith iptables-nft, the target is translated into nftables' 15*a71a9546SAutomerger Merge Worker.B "meta nftrace" 16*a71a9546SAutomerger Merge Workerexpression. Hence the kernel sends trace events via netlink to userspace where 17*a71a9546SAutomerger Merge Workerthey may be displayed using 18*a71a9546SAutomerger Merge Worker.B "xtables-monitor --trace" 19*a71a9546SAutomerger Merge Workercommand. For details, refer to 20*a71a9546SAutomerger Merge Worker.BR xtables-monitor (8). 21