Extend high CPS flow table management from DPU to host CPU

What is claimed is: 1 . A data processing unit (DPU) comprising: a plurality of cores; and a datapath to communicate with a policy agent of a host via a data plane development kit (DPDK) interface running on the host, wherein the datapath is configured to: transmit packets to the host, wherein the DPDK interface is configured to: evaluate the packets at the host; select, with the policy agent executing on the host, a data processing library based on packet evaluation results; and transmit a control packet that includes the selected data processing library from the policy agent of the host to the DPU; and receive the transmitted control packet from the host, wherein the plurality of cores is configured to execute a software proxy to program datapath tables based on the selected data processing library and wherein write access to the datapath tables is restricted to the plurality of cores. 2 . The DPU of claim 1 , wherein the transmitted packets are flow-miss packets evaluated for forwarding rule matches and security policy. 3 . The DPU of claim 1 , wherein the packet evaluation results are encoded in a custom packet metadata of the DPDK interface. 4 . The DPU of claim 1 , wherein the packet evaluation results are provided as an application programming interface (API) input to the DPDK interface. 5 . The DPU of claim 1 , wherein the transmitted control packet is built by the selected data processing library by encoding a flow entry key and data fields into a hardware-encoded data structure. 6 . The DPU of claim 5 , wherein the hardware-encoded data structure specifies programming protocol-independent packet processor (P4) table identifiers, P4 table operations, P4 table keys, and P4 table data. 7 . The DPU of claim 1 , wherein the selected data processing library encapsulates the transmitted control packet in a packet header. 8 . The DPU of claim 1 , wherein, after the transmitted control packet is transmitted to the DPU, the plurality of cores is configured to adjust flow-entry programming rates of the datapath tables based on the selected data processing library. 9 . The DPU of claim 1 , wherein the datapath tables support flow entry processing at a connections per second (CPS) above a predetermined threshold to support increased CPS flow table transactions. 10 . A system comprising: a host including a policy agent executing on the host and a data plane development kit (DPDK) interface; and a data processing unit (DPU) to transmit packets to the host, wherein the DPDK interface of the host performs operations including: evaluating the transmitted packets at the host; generating packet evaluation results; selecting, with the policy agent executing on the host, a data processing library based on the packet evaluation results; and transmitting a control packet containing the selected data processing library from the policy agent of the host to the DPU, wherein the DPU is further configured to receive the transmitted control packet and execute a software proxy on a plurality of cores to program datapath tables based on the selected data processing library and wherein write access to the datapath tables is restricted to the plurality of cores. 11 . The system of claim 10 , wherein the transmitted packets are flow-miss packets evaluated for forwarding rule matches and security policy. 12 . The system of claim 10 , wherein the packet evaluation results are encoded in a custom packet metadata of the DPDK interface. 13 . The system of claim 10 , wherein the packet evaluation results are provided as an application programming interface (API) input to the DPDK interface. 14 . The system of claim 10 , wherein the transmitted control packet is built by the selected data processing library by encoding a flow entry key and data fields into a hardware-encoded data structure. 15 . The system of claim 14 , wherein the hardware-encoded data structure specifies programming protocol-independent packet processor (P4) table identifiers, P4 table operations, P4 table keys, and P4 table data. 16 . The system of claim 10 , wherein, after the transmitted control packet is transmitted to the DPU, DPU P4 engines of the DPU spray the transmitted packets to a plurality of cores of the DPU. 17 . The system of claim 10 , wherein the datapath tables support flow entry processing at a connections per second (CPS) above a predetermined threshold to support increased CPS flow table transactions. 18 . A non-transitory computer-readable storage medium storing instructions, which when executed on one or more processing devices, uses a data plane development kit (DPDK) interface running on a host to perform operations including: receiving packets from a data processing unit (DPU); evaluating the received packets at the host; generating packet evaluation results; selecting, with a policy agent executing on the host, a data processing library based on the generated packet evaluation results; and transmitting, to the DPU, a control packet comprising the selected data processing library from the policy agent of the host. 19 . The non-transitory computer-readable storage medium of claim 18 , wherein the selected data processing library is used to build a control packet to program datapath tables and wherein the control packet is built by encoding a flow entry key and data fields into a hardware-encoded data structure. 20 . The non-transitory computer-readable storage medium of claim 19 , wherein the hardware-encoded data structure specifies programming protocol-independent packet processor (P4) table identifiers, P4 table operations, P4 table keys, and P4 table data.