dpif-linux: Prevent a single port from monopolizing upcalls.
Currently it is possible for a client on a single port to generate
a huge number of packets that miss in the kernel flow table and
monopolize the userspace/kernel communication path. This
effectively DoS's the machine because no new flow setups can take
place. This adds some additional fairness by separating each upcall
type for each object in the datapath onto a separate socket, each
with its own queue. Userspace then reads round-robin from each
socket so other flow setups can still succeed.
Since the number of objects can potentially be large, we don't always
have a unique socket for each. Instead, we create 16 sockets and
spread the load around them in a round robin fashion. It's theoretically
possible to do better than this with some kind of active load balancing
scheme but this seems like a good place to start.
Feature #6485
projects / openvswitch / commit