action packet match counting (sample bit) and terminal bit, and traffic marking. The redirect
community is not supported.
-Note that correctly sorting rules is *not* implemented as it requires implementing the flowspec
-wire serialization format and it may better be done inside bird/birdc. Thus, be vary careful using
-the terminal bit in the traffict action community.
+Note that correctly sorting rules is *not* fully implemented as it requires implementing the
+flowspec wire serialization format and it may better be done inside bird/birdc. Thus, be vary
+careful using the terminal bit in the traffict action community.
In addition to the communities specified in RFC 8955, two additional communities are supported which
provide rate-limiting on a per-source basis. When the upper two bytes in an extended community are
0x8306 (rate in bytes) or 0x830c (rate in packets), we rate limit the same as 0x8006 or 0x800c
except that the rate limit is applied per source address. The encoding mirrors the non-per-source
encoding in that the last 4 octets are the floating-point rate limit. Instead of a 2 octet
-AS/ignored value, the third octet is reserved and the fourth octet is a prefix length mask, which
-is applied to the source IP before rate-limiting.
+AS/ignored value, the third octet is the maximum number of source IPs tracked (plus one, times 4096)
+and the fourth octet is a prefix length mask, which is applied to the source IP before rate-limiting.
+
+See `collision_prob.py` for collision probabilities in the hash table to estimate the size you
+should use.
`install.sh` provides a simple example script which will compile and install a generated XDP program
from the rules in bird's `flowspec4` and `flowspec6` routing tables. It will drop any packets which
projects / flowspec-xdp / blobdiff