X-Git-Url: http://git.bitcoin.ninja/index.cgi?p=flowspec-xdp;a=blobdiff_plain;f=README.md;h=9ed1c187174ece2125df9b5d5cf5c742b261988d;hp=adcc99ab63cf0b295b3f2aa49909a65357a334d6;hb=HEAD;hpb=3e6fa8a135ffc2892b0a880b0961b663c3cd812b

diff --git a/README.md b/README.md
index adcc99a..9ed1c18 100644
--- a/README.md
+++ b/README.md
@@ -6,9 +6,20 @@ to an XDP program. It currently supports the entire flowspec match grammar, rate
 action packet match counting (sample bit) and terminal bit, and traffic marking. The redirect
 community is not supported.
 
-Note that correctly sorting rules is *not* implemented as it requires implementing the flowspec
-wire serialization format and it may better be done inside bird/birdc. Thus, be vary careful using
-the terminal bit in the traffict action community.
+Note that correctly sorting rules is *not* fully implemented as it requires implementing the
+flowspec wire serialization format and it may better be done inside bird/birdc. Thus, be vary
+careful using the terminal bit in the traffict action community.
+
+In addition to the communities specified in RFC 8955, two additional communities are supported which
+provide rate-limiting on a per-source basis. When the upper two bytes in an extended community are
+0x8306 (rate in bytes) or 0x830c (rate in packets), we rate limit the same as 0x8006 or 0x800c
+except that the rate limit is applied per source address. The encoding mirrors the non-per-source
+encoding in that the last 4 octets are the floating-point rate limit. Instead of a 2 octet
+AS/ignored value, the third octet is the maximum number of source IPs tracked (plus one, times 4096)
+and the fourth octet is a prefix length mask, which is applied to the source IP before rate-limiting.
+
+See `collision_prob.py` for collision probabilities in the hash table to estimate the size you
+should use.
 
 `install.sh` provides a simple example script which will compile and install a generated XDP program
 from the rules in bird's `flowspec4` and `flowspec6` routing tables. It will drop any packets which