X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=README.md;h=64371974b316aaabca515327f2b28a610c92f576;hb=0ac7dea853a16579072fe9d85cfc791226167491;hp=adcc99ab63cf0b295b3f2aa49909a65357a334d6;hpb=3e6fa8a135ffc2892b0a880b0961b663c3cd812b;p=flowspec-xdp

diff --git a/README.md b/README.md
index adcc99a..6437197 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,14 @@ Note that correctly sorting rules is *not* implemented as it requires implementi
 wire serialization format and it may better be done inside bird/birdc. Thus, be vary careful using
 the terminal bit in the traffict action community.
 
+In addition to the communities specified in RFC 8955, two additional communities are supported which
+provide rate-limiting on a per-source basis. When the upper two bytes in an extended community are
+0x8306 (rate in bytes) or 0x830c (rate in packets), we rate limit the same as 0x8006 or 0x800c
+except that the rate limit is applied per source address. The encoding mirrors the non-per-source
+encoding in that the last 4 octets are the floating-point rate limit. Instead of a 2 octet
+AS/ignored value, the third octet is the maximum number of source IPs tracked (plus one, times 4096)
+and the fourth octet is a prefix length mask, which is applied to the source IP before rate-limiting.
+
 `install.sh` provides a simple example script which will compile and install a generated XDP program
 from the rules in bird's `flowspec4` and `flowspec6` routing tables. It will drop any packets which
 match any flowspec filter.