action packet match counting (sample bit) and terminal bit, and traffic marking. The redirect
community is not supported.
-Note that correctly sorting rules is *not* implemented as it requires implementing the flowspec
-wire serialization format and it may better be done inside bird/birdc. Thus, be vary careful using
-the terminal bit in the traffict action community.
+Note that correctly sorting rules is *not* fully implemented as it requires implementing the
+flowspec wire serialization format and it may better be done inside bird/birdc. Thus, be vary
+careful using the terminal bit in the traffict action community.
+
+In addition to the communities specified in RFC 8955, two additional communities are supported which
+provide rate-limiting on a per-source basis. When the upper two bytes in an extended community are
+0x8306 (rate in bytes) or 0x830c (rate in packets), we rate limit the same as 0x8006 or 0x800c
+except that the rate limit is applied per source address. The encoding mirrors the non-per-source
+encoding in that the last 4 octets are the floating-point rate limit. Instead of a 2 octet
+AS/ignored value, the third octet is the maximum number of source IPs tracked (plus one, times 4096)
+and the fourth octet is a prefix length mask, which is applied to the source IP before rate-limiting.
+
+See `collision_prob.py` for collision probabilities in the hash table to estimate the size you
+should use.
`install.sh` provides a simple example script which will compile and install a generated XDP program
from the rules in bird's `flowspec4` and `flowspec6` routing tables. It will drop any packets which
projects / flowspec-xdp / blobdiff