diff mbox

[RFC,V2,1/3] filter-rewriter: introduce filter-rewriter initialization

Message ID 1467440540-6630-2-git-send-email-zhangchen.fnst@cn.fujitsu.com (mailing list archive)
State New, archived
Headers show

Commit Message

Zhang Chen July 2, 2016, 6:22 a.m. UTC
Filter-rewriter is a part of COLO project.
It will rewrite some of secondary packet to make
secondary guest's connection established successfully.

usage:

colo secondary:
-object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0
-object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1
-object filter-rewriter,id=rew0,netdev=hn0,queue=all

Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
---
 net/Makefile.objs     |   1 +
 net/filter-rewriter.c | 112 ++++++++++++++++++++++++++++++++++++++++++++++++++
 qemu-options.hx       |  10 +++++
 vl.c                  |   3 +-
 4 files changed, 125 insertions(+), 1 deletion(-)
 create mode 100644 net/filter-rewriter.c

Comments

Jason Wang July 4, 2016, 2:49 a.m. UTC | #1
On 2016年07月02日 14:22, Zhang Chen wrote:
> Filter-rewriter is a part of COLO project.
> It will rewrite some of secondary packet to make
> secondary guest's connection established successfully.

Probably need to be more verbose here. E.g we only care about tcp and 
only rewrite ack now.

>
> usage:
>
> colo secondary:
> -object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0
> -object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1
> -object filter-rewriter,id=rew0,netdev=hn0,queue=all
>
> Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
> Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
> ---
>   net/Makefile.objs     |   1 +
>   net/filter-rewriter.c | 112 ++++++++++++++++++++++++++++++++++++++++++++++++++
>   qemu-options.hx       |  10 +++++
>   vl.c                  |   3 +-
>   4 files changed, 125 insertions(+), 1 deletion(-)
>   create mode 100644 net/filter-rewriter.c
>
> diff --git a/net/Makefile.objs b/net/Makefile.objs
> index 119589f..645bd10 100644
> --- a/net/Makefile.objs
> +++ b/net/Makefile.objs
> @@ -18,3 +18,4 @@ common-obj-y += filter-buffer.o
>   common-obj-y += filter-mirror.o
>   common-obj-y += colo-compare.o
>   common-obj-y += colo-base.o
> +common-obj-y += filter-rewriter.o
> diff --git a/net/filter-rewriter.c b/net/filter-rewriter.c
> new file mode 100644
> index 0000000..08b015d
> --- /dev/null
> +++ b/net/filter-rewriter.c
> @@ -0,0 +1,112 @@
> +/*
> + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
> + * Copyright (c) 2016 FUJITSU LIMITED
> + * Copyright (c) 2016 Intel Corporation
> + *
> + * Author: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or
> + * later.  See the COPYING file in the top-level directory.
> + */
> +
> +#include "qemu/osdep.h"
> +#include "net/colo-base.h"
> +#include "net/filter.h"
> +#include "net/net.h"
> +#include "qemu-common.h"
> +#include "qapi/error.h"
> +#include "qapi/qmp/qerror.h"
> +#include "qapi-visit.h"
> +#include "qom/object.h"
> +#include "qemu/main-loop.h"
> +#include "qemu/iov.h"
> +#include "net/checksum.h"
> +
> +#define FILTER_COLO_REWRITER(obj) \
> +    OBJECT_CHECK(RewriterState, (obj), TYPE_FILTER_REWRITER)
> +
> +#define TYPE_FILTER_REWRITER "filter-rewriter"
> +
> +enum {
> +    PRIMARY = 0,
> +    SECONDARY,
> +};
> +
> +typedef struct RewriterState {
> +    NetFilterState parent_obj;
> +    /* connection list: the connections belonged to this NIC could be found
> +     * in this list.
> +     * element type: Connection
> +     */
> +    GQueue conn_list;
> +    NetQueue *incoming_queue;
> +    /* to protect conn_list */
> +    QemuMutex conn_list_lock;
> +    /* hashtable to save connection */
> +    GHashTable *connection_track_table;
> +    /* to save unprocessed_connections */
> +    GQueue unprocessed_connections;
> +    /* current hash size */
> +    uint32_t hashtable_size;
> +} RewriterState;
> +
> +static ssize_t colo_rewriter_receive_iov(NetFilterState *nf,
> +                                         NetClientState *sender,
> +                                         unsigned flags,
> +                                         const struct iovec *iov,
> +                                         int iovcnt,
> +                                         NetPacketSent *sent_cb)
> +{
> +    /*
> +     * if we get tcp packet
> +     * we will rewrite it to make secondary guest's
> +     * connection established successfully
> +     */
> +    return 0;
> +}
> +
> +static void colo_rewriter_cleanup(NetFilterState *nf)
> +{
> +    RewriterState *s = FILTER_COLO_REWRITER(nf);
> +
> +    qemu_mutex_destroy(&s->conn_list_lock);
> +    g_queue_free(&s->conn_list);
> +}
> +
> +static void colo_rewriter_setup(NetFilterState *nf, Error **errp)
> +{
> +    RewriterState *s = FILTER_COLO_REWRITER(nf);
> +
> +    g_queue_init(&s->conn_list);
> +    qemu_mutex_init(&s->conn_list_lock);
> +    s->hashtable_size = 0;
> +
> +    s->connection_track_table = g_hash_table_new_full(connection_key_hash,
> +                                                      connection_key_equal,
> +                                                      g_free,
> +                                                      connection_destroy);
> +    s->incoming_queue = qemu_new_net_queue(qemu_netfilter_pass_to_next, nf);
> +}
> +
> +static void colo_rewriter_class_init(ObjectClass *oc, void *data)
> +{
> +    NetFilterClass *nfc = NETFILTER_CLASS(oc);
> +
> +    nfc->setup = colo_rewriter_setup;
> +    nfc->cleanup = colo_rewriter_cleanup;
> +    nfc->receive_iov = colo_rewriter_receive_iov;
> +}
> +
> +static const TypeInfo colo_rewriter_info = {
> +    .name = TYPE_FILTER_REWRITER,
> +    .parent = TYPE_NETFILTER,
> +    .class_init = colo_rewriter_class_init,
> +    .instance_size = sizeof(RewriterState),
> +};
> +
> +static void register_types(void)
> +{
> +    type_register_static(&colo_rewriter_info);
> +}
> +
> +type_init(register_types);
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 14bade5..d7ab165 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -3859,6 +3859,16 @@ Create a filter-redirector we need to differ outdev id from indev id, id can not
>   be the same. we can just use indev or outdev, but at least one of indev or outdev
>   need to be specified.
>   
> +@item -object filter-rewriter,id=@var{id},netdev=@var{netdevid},rewriter-mode=@var{mode}[,queue=@var{all|rx|tx}]
> +
> +Filter-rewriter is a part of COLO project.It will rewrite some of secondary packet.

Need to be more verbose here.

> +
> +usage:
> +colo secondary:
> +-object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0
> +-object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1
> +-object filter-rewriter,id=rew0,netdev=hn0,queue=all
> +
>   @item -object filter-dump,id=@var{id},netdev=@var{dev},file=@var{filename}][,maxlen=@var{len}]
>   
>   Dump the network traffic on netdev @var{dev} to the file specified by
> diff --git a/vl.c b/vl.c
> index c6b9a6f..b47be6a 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -2866,7 +2866,8 @@ static bool object_create_initial(const char *type)
>           g_str_equal(type, "filter-dump") ||
>           g_str_equal(type, "filter-mirror") ||
>           g_str_equal(type, "filter-redirector") ||
> -        g_str_equal(type, "colo-compare")) {
> +        g_str_equal(type, "colo-compare") ||
> +        g_str_equal(type, "filter-rewriter")) {

So this makes the patch can't be applied cleanly on master.

And I think we don't want to manually compare 100 kinds of filters in 
the future. How about doing something better, e.g:

- introduce something like filter_register_type()
- recored the name of the type in a list
- iterate it here

?

>           return false;
>       }
>
Zhang Chen July 4, 2016, 7:42 a.m. UTC | #2
On 07/04/2016 10:49 AM, Jason Wang wrote:
>
>
> On 2016年07月02日 14:22, Zhang Chen wrote:
>> Filter-rewriter is a part of COLO project.
>> It will rewrite some of secondary packet to make
>> secondary guest's connection established successfully.
>
> Probably need to be more verbose here. E.g we only care about tcp and 
> only rewrite ack now.
>

ok~ I will add more comments in next version.

>>
>> usage:
>>
>> colo secondary:
>> -object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0
>> -object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1
>> -object filter-rewriter,id=rew0,netdev=hn0,queue=all
>>
>> Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
>> Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
>> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
>> ---
>>   net/Makefile.objs     |   1 +
>>   net/filter-rewriter.c | 112 
>> ++++++++++++++++++++++++++++++++++++++++++++++++++
>>   qemu-options.hx       |  10 +++++
>>   vl.c                  |   3 +-
>>   4 files changed, 125 insertions(+), 1 deletion(-)
>>   create mode 100644 net/filter-rewriter.c
>>
>> diff --git a/net/Makefile.objs b/net/Makefile.objs
>> index 119589f..645bd10 100644
>> --- a/net/Makefile.objs
>> +++ b/net/Makefile.objs
>> @@ -18,3 +18,4 @@ common-obj-y += filter-buffer.o
>>   common-obj-y += filter-mirror.o
>>   common-obj-y += colo-compare.o
>>   common-obj-y += colo-base.o
>> +common-obj-y += filter-rewriter.o
>> diff --git a/net/filter-rewriter.c b/net/filter-rewriter.c
>> new file mode 100644
>> index 0000000..08b015d
>> --- /dev/null
>> +++ b/net/filter-rewriter.c
>> @@ -0,0 +1,112 @@
>> +/*
>> + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
>> + * Copyright (c) 2016 FUJITSU LIMITED
>> + * Copyright (c) 2016 Intel Corporation
>> + *
>> + * Author: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
>> + *
>> + * This work is licensed under the terms of the GNU GPL, version 2 or
>> + * later.  See the COPYING file in the top-level directory.
>> + */
>> +
>> +#include "qemu/osdep.h"
>> +#include "net/colo-base.h"
>> +#include "net/filter.h"
>> +#include "net/net.h"
>> +#include "qemu-common.h"
>> +#include "qapi/error.h"
>> +#include "qapi/qmp/qerror.h"
>> +#include "qapi-visit.h"
>> +#include "qom/object.h"
>> +#include "qemu/main-loop.h"
>> +#include "qemu/iov.h"
>> +#include "net/checksum.h"
>> +
>> +#define FILTER_COLO_REWRITER(obj) \
>> +    OBJECT_CHECK(RewriterState, (obj), TYPE_FILTER_REWRITER)
>> +
>> +#define TYPE_FILTER_REWRITER "filter-rewriter"
>> +
>> +enum {
>> +    PRIMARY = 0,
>> +    SECONDARY,
>> +};
>> +
>> +typedef struct RewriterState {
>> +    NetFilterState parent_obj;
>> +    /* connection list: the connections belonged to this NIC could 
>> be found
>> +     * in this list.
>> +     * element type: Connection
>> +     */
>> +    GQueue conn_list;
>> +    NetQueue *incoming_queue;
>> +    /* to protect conn_list */
>> +    QemuMutex conn_list_lock;
>> +    /* hashtable to save connection */
>> +    GHashTable *connection_track_table;
>> +    /* to save unprocessed_connections */
>> +    GQueue unprocessed_connections;
>> +    /* current hash size */
>> +    uint32_t hashtable_size;
>> +} RewriterState;
>> +
>> +static ssize_t colo_rewriter_receive_iov(NetFilterState *nf,
>> +                                         NetClientState *sender,
>> +                                         unsigned flags,
>> +                                         const struct iovec *iov,
>> +                                         int iovcnt,
>> +                                         NetPacketSent *sent_cb)
>> +{
>> +    /*
>> +     * if we get tcp packet
>> +     * we will rewrite it to make secondary guest's
>> +     * connection established successfully
>> +     */
>> +    return 0;
>> +}
>> +
>> +static void colo_rewriter_cleanup(NetFilterState *nf)
>> +{
>> +    RewriterState *s = FILTER_COLO_REWRITER(nf);
>> +
>> +    qemu_mutex_destroy(&s->conn_list_lock);
>> +    g_queue_free(&s->conn_list);
>> +}
>> +
>> +static void colo_rewriter_setup(NetFilterState *nf, Error **errp)
>> +{
>> +    RewriterState *s = FILTER_COLO_REWRITER(nf);
>> +
>> +    g_queue_init(&s->conn_list);
>> +    qemu_mutex_init(&s->conn_list_lock);
>> +    s->hashtable_size = 0;
>> +
>> +    s->connection_track_table = 
>> g_hash_table_new_full(connection_key_hash,
>> + connection_key_equal,
>> +                                                      g_free,
>> + connection_destroy);
>> +    s->incoming_queue = 
>> qemu_new_net_queue(qemu_netfilter_pass_to_next, nf);
>> +}
>> +
>> +static void colo_rewriter_class_init(ObjectClass *oc, void *data)
>> +{
>> +    NetFilterClass *nfc = NETFILTER_CLASS(oc);
>> +
>> +    nfc->setup = colo_rewriter_setup;
>> +    nfc->cleanup = colo_rewriter_cleanup;
>> +    nfc->receive_iov = colo_rewriter_receive_iov;
>> +}
>> +
>> +static const TypeInfo colo_rewriter_info = {
>> +    .name = TYPE_FILTER_REWRITER,
>> +    .parent = TYPE_NETFILTER,
>> +    .class_init = colo_rewriter_class_init,
>> +    .instance_size = sizeof(RewriterState),
>> +};
>> +
>> +static void register_types(void)
>> +{
>> +    type_register_static(&colo_rewriter_info);
>> +}
>> +
>> +type_init(register_types);
>> diff --git a/qemu-options.hx b/qemu-options.hx
>> index 14bade5..d7ab165 100644
>> --- a/qemu-options.hx
>> +++ b/qemu-options.hx
>> @@ -3859,6 +3859,16 @@ Create a filter-redirector we need to differ 
>> outdev id from indev id, id can not
>>   be the same. we can just use indev or outdev, but at least one of 
>> indev or outdev
>>   need to be specified.
>>   +@item -object 
>> filter-rewriter,id=@var{id},netdev=@var{netdevid},rewriter-mode=@var{mode}[,queue=@var{all|rx|tx}]
>> +
>> +Filter-rewriter is a part of COLO project.It will rewrite some of 
>> secondary packet.
>
> Need to be more verbose here.

OK~

>
>> +
>> +usage:
>> +colo secondary:
>> +-object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0
>> +-object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1
>> +-object filter-rewriter,id=rew0,netdev=hn0,queue=all
>> +
>>   @item -object 
>> filter-dump,id=@var{id},netdev=@var{dev},file=@var{filename}][,maxlen=@var{len}]
>>     Dump the network traffic on netdev @var{dev} to the file 
>> specified by
>> diff --git a/vl.c b/vl.c
>> index c6b9a6f..b47be6a 100644
>> --- a/vl.c
>> +++ b/vl.c
>> @@ -2866,7 +2866,8 @@ static bool object_create_initial(const char 
>> *type)
>>           g_str_equal(type, "filter-dump") ||
>>           g_str_equal(type, "filter-mirror") ||
>>           g_str_equal(type, "filter-redirector") ||
>> -        g_str_equal(type, "colo-compare")) {
>> +        g_str_equal(type, "colo-compare") ||
>> +        g_str_equal(type, "filter-rewriter")) {
>
> So this makes the patch can't be applied cleanly on master.

Yes,filter-rewriter based on colo-base in colo-compare...
So, should we make colo-base be a independent patch set?
Now, colo-base used by colo-compare and filter-rewriter.

>
> And I think we don't want to manually compare 100 kinds of filters in 
> the future. How about doing something better, e.g:
>
> - introduce something like filter_register_type()
> - recored the name of the type in a list
> - iterate it here
>
> ?
>

Maybe we need do this after colo-compare and filter-rewriter be merged.
and make filter-dump and other filter all in this type.

Thanks
Zhang Chen

>>           return false;
>>       }
>
>
>
> .
>
Jason Wang July 4, 2016, 8:28 a.m. UTC | #3
On 2016年07月04日 15:42, Zhang Chen wrote:
>>>   @item -object 
>>> filter-dump,id=@var{id},netdev=@var{dev},file=@var{filename}][,maxlen=@var{len}] 
>>>
>>>     Dump the network traffic on netdev @var{dev} to the file 
>>> specified by
>>> diff --git a/vl.c b/vl.c
>>> index c6b9a6f..b47be6a 100644
>>> --- a/vl.c
>>> +++ b/vl.c
>>> @@ -2866,7 +2866,8 @@ static bool object_create_initial(const char 
>>> *type)
>>>           g_str_equal(type, "filter-dump") ||
>>>           g_str_equal(type, "filter-mirror") ||
>>>           g_str_equal(type, "filter-redirector") ||
>>> -        g_str_equal(type, "colo-compare")) {
>>> +        g_str_equal(type, "colo-compare") ||
>>> +        g_str_equal(type, "filter-rewriter")) {
>>
>> So this makes the patch can't be applied cleanly on master.
>
> Yes,filter-rewriter based on colo-base in colo-compare...
> So, should we make colo-base be a independent patch set?
> Now, colo-base used by colo-compare and filter-rewriter.
>

At least the codes in this series is pretty independent, so there's no 
need I think.

>>
>> And I think we don't want to manually compare 100 kinds of filters in 
>> the future. How about doing something better, e.g:
>>
>> - introduce something like filter_register_type()
>> - recored the name of the type in a list
>> - iterate it here
>>
>> ?
>>
>
> Maybe we need do this after colo-compare and filter-rewriter be merged.
> and make filter-dump and other filter all in this type.
>
> Thanks
> Zhang Chen

Yes.

>
>>>           return false;
>>>       }
>>
>>
>>
>> .
diff mbox

Patch

diff --git a/net/Makefile.objs b/net/Makefile.objs
index 119589f..645bd10 100644
--- a/net/Makefile.objs
+++ b/net/Makefile.objs
@@ -18,3 +18,4 @@  common-obj-y += filter-buffer.o
 common-obj-y += filter-mirror.o
 common-obj-y += colo-compare.o
 common-obj-y += colo-base.o
+common-obj-y += filter-rewriter.o
diff --git a/net/filter-rewriter.c b/net/filter-rewriter.c
new file mode 100644
index 0000000..08b015d
--- /dev/null
+++ b/net/filter-rewriter.c
@@ -0,0 +1,112 @@ 
+/*
+ * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
+ * Copyright (c) 2016 FUJITSU LIMITED
+ * Copyright (c) 2016 Intel Corporation
+ *
+ * Author: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later.  See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "net/colo-base.h"
+#include "net/filter.h"
+#include "net/net.h"
+#include "qemu-common.h"
+#include "qapi/error.h"
+#include "qapi/qmp/qerror.h"
+#include "qapi-visit.h"
+#include "qom/object.h"
+#include "qemu/main-loop.h"
+#include "qemu/iov.h"
+#include "net/checksum.h"
+
+#define FILTER_COLO_REWRITER(obj) \
+    OBJECT_CHECK(RewriterState, (obj), TYPE_FILTER_REWRITER)
+
+#define TYPE_FILTER_REWRITER "filter-rewriter"
+
+enum {
+    PRIMARY = 0,
+    SECONDARY,
+};
+
+typedef struct RewriterState {
+    NetFilterState parent_obj;
+    /* connection list: the connections belonged to this NIC could be found
+     * in this list.
+     * element type: Connection
+     */
+    GQueue conn_list;
+    NetQueue *incoming_queue;
+    /* to protect conn_list */
+    QemuMutex conn_list_lock;
+    /* hashtable to save connection */
+    GHashTable *connection_track_table;
+    /* to save unprocessed_connections */
+    GQueue unprocessed_connections;
+    /* current hash size */
+    uint32_t hashtable_size;
+} RewriterState;
+
+static ssize_t colo_rewriter_receive_iov(NetFilterState *nf,
+                                         NetClientState *sender,
+                                         unsigned flags,
+                                         const struct iovec *iov,
+                                         int iovcnt,
+                                         NetPacketSent *sent_cb)
+{
+    /*
+     * if we get tcp packet
+     * we will rewrite it to make secondary guest's
+     * connection established successfully
+     */
+    return 0;
+}
+
+static void colo_rewriter_cleanup(NetFilterState *nf)
+{
+    RewriterState *s = FILTER_COLO_REWRITER(nf);
+
+    qemu_mutex_destroy(&s->conn_list_lock);
+    g_queue_free(&s->conn_list);
+}
+
+static void colo_rewriter_setup(NetFilterState *nf, Error **errp)
+{
+    RewriterState *s = FILTER_COLO_REWRITER(nf);
+
+    g_queue_init(&s->conn_list);
+    qemu_mutex_init(&s->conn_list_lock);
+    s->hashtable_size = 0;
+
+    s->connection_track_table = g_hash_table_new_full(connection_key_hash,
+                                                      connection_key_equal,
+                                                      g_free,
+                                                      connection_destroy);
+    s->incoming_queue = qemu_new_net_queue(qemu_netfilter_pass_to_next, nf);
+}
+
+static void colo_rewriter_class_init(ObjectClass *oc, void *data)
+{
+    NetFilterClass *nfc = NETFILTER_CLASS(oc);
+
+    nfc->setup = colo_rewriter_setup;
+    nfc->cleanup = colo_rewriter_cleanup;
+    nfc->receive_iov = colo_rewriter_receive_iov;
+}
+
+static const TypeInfo colo_rewriter_info = {
+    .name = TYPE_FILTER_REWRITER,
+    .parent = TYPE_NETFILTER,
+    .class_init = colo_rewriter_class_init,
+    .instance_size = sizeof(RewriterState),
+};
+
+static void register_types(void)
+{
+    type_register_static(&colo_rewriter_info);
+}
+
+type_init(register_types);
diff --git a/qemu-options.hx b/qemu-options.hx
index 14bade5..d7ab165 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -3859,6 +3859,16 @@  Create a filter-redirector we need to differ outdev id from indev id, id can not
 be the same. we can just use indev or outdev, but at least one of indev or outdev
 need to be specified.
 
+@item -object filter-rewriter,id=@var{id},netdev=@var{netdevid},rewriter-mode=@var{mode}[,queue=@var{all|rx|tx}]
+
+Filter-rewriter is a part of COLO project.It will rewrite some of secondary packet.
+
+usage:
+colo secondary:
+-object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0
+-object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1
+-object filter-rewriter,id=rew0,netdev=hn0,queue=all
+
 @item -object filter-dump,id=@var{id},netdev=@var{dev},file=@var{filename}][,maxlen=@var{len}]
 
 Dump the network traffic on netdev @var{dev} to the file specified by
diff --git a/vl.c b/vl.c
index c6b9a6f..b47be6a 100644
--- a/vl.c
+++ b/vl.c
@@ -2866,7 +2866,8 @@  static bool object_create_initial(const char *type)
         g_str_equal(type, "filter-dump") ||
         g_str_equal(type, "filter-mirror") ||
         g_str_equal(type, "filter-redirector") ||
-        g_str_equal(type, "colo-compare")) {
+        g_str_equal(type, "colo-compare") ||
+        g_str_equal(type, "filter-rewriter")) {
         return false;
     }