feat: local ratelimit support XRateLimitHeaders (#6059)

zirain · web-flow · commit eb7266c042f4 · 2025-05-21T10:46:38.000+08:00
local ratelimit support XRateLimitHeaders

Signed-off-by: zirain &lt;zirain2009@gmail.com&gt;
diff --git a/internal/xds/translator/api_key_auth.go b/internal/xds/translator/api_key_auth.go
@@ -89,7 +89,7 @@ func (*apiKeyAuth) patchResources(*types.ResourceVersionTable, []*ir.HTTPRoute)
 
 // patchRoute patches the provided route with the apiKeyAuth config if applicable.
 // Note: this method overwrites the HCM level filter config with the per route filter config.
-func (*apiKeyAuth) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error {
+func (*apiKeyAuth) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute, _ *ir.HTTPListener) error {
 	if route == nil {
 		return errors.New("xds route is nil")
 	}
diff --git a/internal/xds/translator/authorization.go b/internal/xds/translator/authorization.go
@@ -107,7 +107,7 @@ func listenerContainsRBAC(irListener *ir.HTTPListener) bool {
 }
 
 // patchRoute patches the provided route with the RBAC config if applicable.
-func (*rbac) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error {
+func (*rbac) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute, _ *ir.HTTPListener) error {
 	if route == nil {
 		return errors.New("xds route is nil")
 	}
diff --git a/internal/xds/translator/basicauth.go b/internal/xds/translator/basicauth.go
@@ -115,7 +115,7 @@ func (*basicAuth) patchResources(*types.ResourceVersionTable, []*ir.HTTPRoute) e
 
 // patchRoute patches the provided route with the basicAuth config if applicable.
 // Note: this method overwrites the HCM level filter config with the per route filter config.
-func (*basicAuth) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error {
+func (*basicAuth) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute, _ *ir.HTTPListener) error {
 	if route == nil {
 		return errors.New("xds route is nil")
 	}
diff --git a/internal/xds/translator/compressor.go b/internal/xds/translator/compressor.go
@@ -143,7 +143,7 @@ func (*compressor) patchResources(*types.ResourceVersionTable, []*ir.HTTPRoute)
 
 // patchRoute patches the provided route with the compressor config if applicable.
 // Note: this method overwrites the HCM level filter config with the per route filter config.
-func (*compressor) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error {
+func (*compressor) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute, _ *ir.HTTPListener) error {
 	if route == nil {
 		return errors.New("xds route is nil")
 	}
diff --git a/internal/xds/translator/cors.go b/internal/xds/translator/cors.go
@@ -105,7 +105,7 @@ func listenerContainsCORS(irListener *ir.HTTPListener) bool {
 }
 
 // patchRoute patches the provided route with the CORS config if applicable.
-func (*cors) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error {
+func (*cors) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute, _ *ir.HTTPListener) error {
 	if route == nil {
 		return errors.New("xds route is nil")
 	}
diff --git a/internal/xds/translator/credentialInjector.go b/internal/xds/translator/credentialInjector.go
@@ -141,7 +141,7 @@ func buildCredentialSecret(credentialInjection *ir.CredentialInjection) *tlsv3.S
 
 // patchRoute patches the provided route with the credential injector filter if applicable.
 // Note: this method enables the corresponding credential injector filter for the provided route.
-func (*credentialInjector) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error {
+func (*credentialInjector) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute, _ *ir.HTTPListener) error {
 	if route == nil {
 		return errors.New("xds route is nil")
 	}
diff --git a/internal/xds/translator/custom_response.go b/internal/xds/translator/custom_response.go
@@ -426,7 +426,7 @@ func (c *customResponse) patchResources(tCtx *types.ResourceVersionTable,
 
 // patchRoute patches the provided route with the customResponse config if applicable.
 // Note: this method enables the corresponding customResponse filter for the provided route.
-func (c *customResponse) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error {
+func (c *customResponse) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute, _ *ir.HTTPListener) error {
 	if route == nil {
 		return errors.New("xds route is nil")
 	}
diff --git a/internal/xds/translator/extauth.go b/internal/xds/translator/extauth.go
@@ -244,7 +244,7 @@ func (*extAuth) patchResources(tCtx *types.ResourceVersionTable,
 
 // patchRoute patches the provided route with the extAuth config if applicable.
 // Note: this method enables the corresponding extAuth filter for the provided route.
-func (*extAuth) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error {
+func (*extAuth) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute, _ *ir.HTTPListener) error {
 	if route == nil {
 		return errors.New("xds route is nil")
 	}
diff --git a/internal/xds/translator/extproc.go b/internal/xds/translator/extproc.go
@@ -212,7 +212,7 @@ func (*extProc) patchResources(tCtx *types.ResourceVersionTable,
 
 // patchRoute patches the provided route with the extProc config if applicable.
 // Note: this method enables the corresponding extProc filter for the provided route.
-func (*extProc) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error {
+func (*extProc) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute, _ *ir.HTTPListener) error {
 	if route == nil {
 		return errors.New("xds route is nil")
 	}
diff --git a/internal/xds/translator/fault.go b/internal/xds/translator/fault.go
@@ -106,7 +106,7 @@ func (*fault) patchResources(*types.ResourceVersionTable, []*ir.HTTPRoute) error
 
 // patchRoute patches the provided route with the fault config if applicable.
 // Note: this method enables the corresponding fault filter for the provided route.
-func (*fault) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error {
+func (*fault) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute, _ *ir.HTTPListener) error {
 	if route == nil {
 		return errors.New("xds route is nil")
 	}
diff --git a/internal/xds/translator/healthcheck.go b/internal/xds/translator/healthcheck.go
@@ -98,6 +98,6 @@ func (*healthCheck) patchResources(*types.ResourceVersionTable, []*ir.HTTPRoute)
 	return nil
 }
 
-func (*healthCheck) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error {
+func (*healthCheck) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute, _ *ir.HTTPListener) error {
 	return nil
 }
diff --git a/internal/xds/translator/httpfilters.go b/internal/xds/translator/httpfilters.go
@@ -56,7 +56,7 @@ type httpFilter interface {
 	patchHCM(mgr *hcmv3.HttpConnectionManager, irListener *ir.HTTPListener) error
 
 	// patchRoute patches the provide Route with a filter's Route level configuration.
-	patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error
+	patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute, httpListener *ir.HTTPListener) error
 
 	// patchResources adds all the other needed resources referenced by this
 	// filter to the resource version table.
@@ -296,12 +296,9 @@ func (t *Translator) patchHCMWithFilters(
 
 // patchRouteWithPerRouteConfig appends per-route filter configuration to the
 // provided route.
-func patchRouteWithPerRouteConfig(
-	route *routev3.Route,
-	irRoute *ir.HTTPRoute,
-) error {
+func patchRouteWithPerRouteConfig(route *routev3.Route, irRoute *ir.HTTPRoute, httpListener *ir.HTTPListener) error {
 	for _, filter := range httpFilters {
-		if err := filter.patchRoute(route, irRoute); err != nil {
+		if err := filter.patchRoute(route, irRoute, httpListener); err != nil {
 			return err
 		}
 	}
diff --git a/internal/xds/translator/jwt.go b/internal/xds/translator/jwt.go
@@ -255,7 +255,7 @@ func buildXdsUpstreamTLSSocket(sni string) (*corev3.TransportSocket, error) {
 
 // patchRoute patches the provided route with a JWT PerRouteConfig, if the route
 // doesn't contain it.
-func (*jwt) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error {
+func (*jwt) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute, _ *ir.HTTPListener) error {
 	if route == nil {
 		return errors.New("xds route is nil")
 	}
diff --git a/internal/xds/translator/local_ratelimit.go b/internal/xds/translator/local_ratelimit.go
@@ -117,7 +117,7 @@ func (*localRateLimit) patchResources(*types.ResourceVersionTable,
 	return nil
 }
 
-func (*localRateLimit) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error {
+func (*localRateLimit) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute, httpListener *ir.HTTPListener) error {
 	routeAction := route.GetRoute()
 
 	// Return early if no rate limit config exists.
@@ -168,7 +168,8 @@ func (*localRateLimit) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) e
 				Denominator: typev3.FractionalPercent_HUNDRED,
 			},
 		},
-		Descriptors: descriptors,
+		EnableXRatelimitHeaders: rlv3.XRateLimitHeadersRFCVersion_DRAFT_VERSION_03,
+		Descriptors:             descriptors,
 		// By setting AlwaysConsumeDefaultTokenBucket to false, the descriptors
 		// won't consume the default token bucket. This means that a request only
 		// counts towards the default token bucket if it does not match any of the
@@ -177,6 +178,9 @@ func (*localRateLimit) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) e
 			Value: false,
 		},
 	}
+	if httpListener.Headers != nil && httpListener.Headers.DisableRateLimitHeaders {
+		localRl.EnableXRatelimitHeaders = rlv3.XRateLimitHeadersRFCVersion_OFF
+	}
 
 	localRlAny, err := anypb.New(localRl)
 	if err != nil {
diff --git a/internal/xds/translator/lua.go b/internal/xds/translator/lua.go
@@ -107,7 +107,7 @@ func (*lua) patchResources(_ *types.ResourceVersionTable, _ []*ir.HTTPRoute) err
 }
 
 // patchRoute patches the provided route so Lua filters are enabled if applicable.
-func (*lua) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error {
+func (*lua) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute, _ *ir.HTTPListener) error {
 	if route == nil {
 		return errors.New("xds route is nil")
 	}
diff --git a/internal/xds/translator/oidc.go b/internal/xds/translator/oidc.go
@@ -476,7 +476,7 @@ func oauth2HMACSecretName(oidc *ir.OIDC) string {
 
 // patchRoute patches the provided route with the oauth2 config if applicable.
 // Note: this method enables the corresponding oauth2 filter for the provided route.
-func (*oidc) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error {
+func (*oidc) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute, _ *ir.HTTPListener) error {
 	if route == nil {
 		return errors.New("xds route is nil")
 	}
diff --git a/internal/xds/translator/request_buffer.go b/internal/xds/translator/request_buffer.go
@@ -101,7 +101,7 @@ func (r *requestBuffer) patchResources(tCtx *types.ResourceVersionTable, routes
 }
 
 // patchRoute will add a BufferPerRoute filter for a particular route
-func (r *requestBuffer) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error {
+func (r *requestBuffer) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute, _ *ir.HTTPListener) error {
 	if !routeContainsRequestBuffer(irRoute) {
 		return nil
 	}
diff --git a/internal/xds/translator/route.go b/internal/xds/translator/route.go
@@ -40,7 +40,7 @@ var defaultUpgradeConfig = []*routev3.RouteAction_UpgradeConfig{
 	},
 }
 
-func buildXdsRoute(httpRoute *ir.HTTPRoute) (*routev3.Route, error) {
+func buildXdsRoute(httpRoute *ir.HTTPRoute, httpListener *ir.HTTPListener) (*routev3.Route, error) {
 	router := &routev3.Route{
 		Name:     httpRoute.Name,
 		Match:    buildXdsRouteMatch(httpRoute.PathMatch, httpRoute.HeaderMatches, httpRoute.QueryParamMatches),
@@ -124,7 +124,7 @@ func buildXdsRoute(httpRoute *ir.HTTPRoute) (*routev3.Route, error) {
 	}
 
 	// Add per route filter configs to the route, if needed.
-	if err := patchRouteWithPerRouteConfig(router, httpRoute); err != nil {
+	if err := patchRouteWithPerRouteConfig(router, httpRoute, httpListener); err != nil {
 		return nil, err
 	}
 
diff --git a/internal/xds/translator/session_persistence.go b/internal/xds/translator/session_persistence.go
@@ -149,7 +149,7 @@ func getLongestNonRegexPrefix(path string) string {
 }
 
 // patchRoute patches the provide Route with a filter's Route level configuration.
-func (s *sessionPersistence) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error {
+func (s *sessionPersistence) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute, _ *ir.HTTPListener) error {
 	if route == nil {
 		return errors.New("xds route is nil")
 	}
diff --git a/internal/xds/translator/testdata/out/xds-ir/local-ratelimit-distinct.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/local-ratelimit-distinct.routes.yaml
@@ -28,6 +28,7 @@
               fillInterval: 0s
               maxTokens: 5
               tokensPerFill: 5
+          enableXRatelimitHeaders: DRAFT_VERSION_03
           filterEnabled:
             defaultValue:
               numerator: 100
@@ -110,6 +111,7 @@
               fillInterval: 60s
               maxTokens: 10
               tokensPerFill: 10
+          enableXRatelimitHeaders: DRAFT_VERSION_03
           filterEnabled:
             defaultValue:
               numerator: 100
diff --git a/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.routes.yaml
@@ -44,6 +44,7 @@
               fillInterval: 3600s
               maxTokens: 10
               tokensPerFill: 10
+          enableXRatelimitHeaders: DRAFT_VERSION_03
           filterEnabled:
             defaultValue:
               numerator: 100
@@ -124,6 +125,7 @@
               fillInterval: 60s
               maxTokens: 10
               tokensPerFill: 10
+          enableXRatelimitHeaders: DRAFT_VERSION_03
           filterEnabled:
             defaultValue:
               numerator: 100
@@ -146,6 +148,7 @@
         envoy.filters.http.local_ratelimit:
           '@type': type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit
           alwaysConsumeDefaultTokenBucket: false
+          enableXRatelimitHeaders: DRAFT_VERSION_03
           filterEnabled:
             defaultValue:
               numerator: 100
diff --git a/internal/xds/translator/translator.go b/internal/xds/translator/translator.go
@@ -481,7 +481,7 @@ func (t *Translator) addRouteToRouteConfig(
 
 		var xdsRoute *routev3.Route
 		// 1:1 between IR HTTPRoute and xDS config.route.v3.Route
-		xdsRoute, err = buildXdsRoute(httpRoute)
+		xdsRoute, err = buildXdsRoute(httpRoute, httpListener)
 		if err != nil {
 			// skip this route if failed to build xds route
 			errs = errors.Join(errs, err)
diff --git a/internal/xds/translator/wasm.go b/internal/xds/translator/wasm.go
@@ -179,7 +179,7 @@ func (*wasm) patchResources(_ *types.ResourceVersionTable, _ []*ir.HTTPRoute) er
 
 // patchRoute patches the provided route with the wasm config if applicable.
 // Note: this method enables the corresponding wasm filter for the provided route.
-func (*wasm) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error {
+func (*wasm) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute, _ *ir.HTTPListener) error {
 	if route == nil {
 		return errors.New("xds route is nil")
 	}
diff --git a/release-notes/current.yaml b/release-notes/current.yaml
@@ -11,6 +11,7 @@ new features: |
   Added support for percentage-based request mirroring
   Add an option to OIDC authentication to bypass it and defer to JWT when the request contains an "Authorization: Bearer ..." header.
   Added support for configuring Subject Alternative Names (SANs) for upstream TLS validation via `BackendTLSPolicy.validation.subjectAltNames`.
+  Added support for local rate limit header.
 
 bug fixes: |
 
diff --git a/test/e2e/testdata/local-ratelimit.yaml b/test/e2e/testdata/local-ratelimit.yaml
@@ -1,4 +1,17 @@
 apiVersion: gateway.envoyproxy.io/v1alpha1
+kind: ClientTrafficPolicy
+metadata:
+  name: disable-ratelimit-header
+  namespace: gateway-conformance-infra
+spec:
+  headers:
+    disableRateLimitHeaders: true
+  targetRefs:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: all-namespaces  # use different gatway
+---
+apiVersion: gateway.envoyproxy.io/v1alpha1
 kind: BackendTrafficPolicy
 metadata:
   name: ratelimit-specific-user
@@ -49,6 +62,7 @@ metadata:
 spec:
   parentRefs:
     - name: same-namespace
+    - name: all-namespaces
   rules:
     - backendRefs:
         - name: infra-backend-v1
@@ -66,6 +80,7 @@ metadata:
 spec:
   parentRefs:
     - name: same-namespace
+    - name: all-namespaces
   rules:
     - backendRefs:
         - name: infra-backend-v1
@@ -83,6 +98,7 @@ metadata:
 spec:
   parentRefs:
     - name: same-namespace
+    - name: all-namespaces
   rules:
     - backendRefs:
         - name: infra-backend-v1
@@ -125,6 +141,7 @@ metadata:
 spec:
   parentRefs:
     - name: same-namespace
+    - name: all-namespaces
   rules:
     - backendRefs:
         - name: infra-backend-v1
diff --git a/test/e2e/tests/local_ratelimit.go b/test/e2e/tests/local_ratelimit.go
diff --git a/test/e2e/tests/local_ratelimit_distinct_cidr.go b/test/e2e/tests/local_ratelimit_distinct_cidr.go
diff --git a/test/e2e/tests/local_ratelimit_distinct_header.go b/test/e2e/tests/local_ratelimit_distinct_header.go
diff --git a/test/e2e/utils/http.go b/test/e2e/utils/http.go
diff --git a/tools/make/golang.mk b/tools/make/golang.mk

Original file line number	Diff line number	Diff line change
`@@ -89,7 +89,7 @@ func (apiKeyAuth) patchResources(types.ResourceVersionTable, []*ir.HTTPRoute)`
`89`	`89`
`90`	`90`	`// patchRoute patches the provided route with the apiKeyAuth config if applicable.`
`91`	`91`	`// Note: this method overwrites the HCM level filter config with the per route filter config.`
`92`		`-func (apiKeyAuth) patchRoute(route routev3.Route, irRoute *ir.HTTPRoute) error {`
	`92`	`+func (apiKeyAuth) patchRoute(route routev3.Route, irRoute ir.HTTPRoute, _ ir.HTTPListener) error {`
`93`	`93`	`if route == nil {`
`94`	`94`	`return errors.New("xds route is nil")`
`95`	`95`	`}`
Original file line number	Diff line number	Diff line change
`@@ -107,7 +107,7 @@ func listenerContainsRBAC(irListener *ir.HTTPListener) bool {`
`107`	`107`	`}`
`108`	`108`
`109`	`109`	`// patchRoute patches the provided route with the RBAC config if applicable.`
`110`		`-func (rbac) patchRoute(route routev3.Route, irRoute *ir.HTTPRoute) error {`
	`110`	`+func (rbac) patchRoute(route routev3.Route, irRoute ir.HTTPRoute, _ ir.HTTPListener) error {`
`111`	`111`	`if route == nil {`
`112`	`112`	`return errors.New("xds route is nil")`
`113`	`113`	`}`
Original file line number	Diff line number	Diff line change
`@@ -115,7 +115,7 @@ func (basicAuth) patchResources(types.ResourceVersionTable, []*ir.HTTPRoute) e`
`115`	`115`
`116`	`116`	`// patchRoute patches the provided route with the basicAuth config if applicable.`
`117`	`117`	`// Note: this method overwrites the HCM level filter config with the per route filter config.`
`118`		`-func (basicAuth) patchRoute(route routev3.Route, irRoute *ir.HTTPRoute) error {`
	`118`	`+func (basicAuth) patchRoute(route routev3.Route, irRoute ir.HTTPRoute, _ ir.HTTPListener) error {`
`119`	`119`	`if route == nil {`
`120`	`120`	`return errors.New("xds route is nil")`
`121`	`121`	`}`
Original file line number	Diff line number	Diff line change
`@@ -143,7 +143,7 @@ func (compressor) patchResources(types.ResourceVersionTable, []*ir.HTTPRoute)`
`143`	`143`
`144`	`144`	`// patchRoute patches the provided route with the compressor config if applicable.`
`145`	`145`	`// Note: this method overwrites the HCM level filter config with the per route filter config.`
`146`		`-func (compressor) patchRoute(route routev3.Route, irRoute *ir.HTTPRoute) error {`
	`146`	`+func (compressor) patchRoute(route routev3.Route, irRoute ir.HTTPRoute, _ ir.HTTPListener) error {`
`147`	`147`	`if route == nil {`
`148`	`148`	`return errors.New("xds route is nil")`
`149`	`149`	`}`
Original file line number	Diff line number	Diff line change
`@@ -105,7 +105,7 @@ func listenerContainsCORS(irListener *ir.HTTPListener) bool {`
`105`	`105`	`}`
`106`	`106`
`107`	`107`	`// patchRoute patches the provided route with the CORS config if applicable.`
`108`		`-func (cors) patchRoute(route routev3.Route, irRoute *ir.HTTPRoute) error {`
	`108`	`+func (cors) patchRoute(route routev3.Route, irRoute ir.HTTPRoute, _ ir.HTTPListener) error {`
`109`	`109`	`if route == nil {`
`110`	`110`	`return errors.New("xds route is nil")`
`111`	`111`	`}`
Original file line number	Diff line number	Diff line change
`@@ -141,7 +141,7 @@ func buildCredentialSecret(credentialInjection ir.CredentialInjection) tlsv3.S`
`141`	`141`
`142`	`142`	`// patchRoute patches the provided route with the credential injector filter if applicable.`
`143`	`143`	`// Note: this method enables the corresponding credential injector filter for the provided route.`
`144`		`-func (credentialInjector) patchRoute(route routev3.Route, irRoute *ir.HTTPRoute) error {`
	`144`	`+func (credentialInjector) patchRoute(route routev3.Route, irRoute ir.HTTPRoute, _ ir.HTTPListener) error {`
`145`	`145`	`if route == nil {`
`146`	`146`	`return errors.New("xds route is nil")`
`147`	`147`	`}`
Original file line number	Diff line number	Diff line change
`@@ -426,7 +426,7 @@ func (c customResponse) patchResources(tCtx types.ResourceVersionTable,`
`426`	`426`
`427`	`427`	`// patchRoute patches the provided route with the customResponse config if applicable.`
`428`	`428`	`// Note: this method enables the corresponding customResponse filter for the provided route.`
`429`		`-func (c customResponse) patchRoute(route routev3.Route, irRoute *ir.HTTPRoute) error {`
	`429`	`+func (c customResponse) patchRoute(route routev3.Route, irRoute ir.HTTPRoute, _ ir.HTTPListener) error {`
`430`	`430`	`if route == nil {`
`431`	`431`	`return errors.New("xds route is nil")`
`432`	`432`	`}`
Original file line number	Diff line number	Diff line change
`@@ -244,7 +244,7 @@ func (extAuth) patchResources(tCtx types.ResourceVersionTable,`
`244`	`244`
`245`	`245`	`// patchRoute patches the provided route with the extAuth config if applicable.`
`246`	`246`	`// Note: this method enables the corresponding extAuth filter for the provided route.`
`247`		`-func (extAuth) patchRoute(route routev3.Route, irRoute *ir.HTTPRoute) error {`
	`247`	`+func (extAuth) patchRoute(route routev3.Route, irRoute ir.HTTPRoute, _ ir.HTTPListener) error {`
`248`	`248`	`if route == nil {`
`249`	`249`	`return errors.New("xds route is nil")`
`250`	`250`	`}`
Original file line number	Diff line number	Diff line change
`@@ -212,7 +212,7 @@ func (extProc) patchResources(tCtx types.ResourceVersionTable,`
`212`	`212`
`213`	`213`	`// patchRoute patches the provided route with the extProc config if applicable.`
`214`	`214`	`// Note: this method enables the corresponding extProc filter for the provided route.`
`215`		`-func (extProc) patchRoute(route routev3.Route, irRoute *ir.HTTPRoute) error {`
	`215`	`+func (extProc) patchRoute(route routev3.Route, irRoute ir.HTTPRoute, _ ir.HTTPListener) error {`
`216`	`216`	`if route == nil {`
`217`	`217`	`return errors.New("xds route is nil")`
`218`	`218`	`}`
Original file line number	Diff line number	Diff line change
`@@ -106,7 +106,7 @@ func (fault) patchResources(types.ResourceVersionTable, []*ir.HTTPRoute) error`
`106`	`106`
`107`	`107`	`// patchRoute patches the provided route with the fault config if applicable.`
`108`	`108`	`// Note: this method enables the corresponding fault filter for the provided route.`
`109`		`-func (fault) patchRoute(route routev3.Route, irRoute *ir.HTTPRoute) error {`
	`109`	`+func (fault) patchRoute(route routev3.Route, irRoute ir.HTTPRoute, _ ir.HTTPListener) error {`
`110`	`110`	`if route == nil {`
`111`	`111`	`return errors.New("xds route is nil")`
`112`	`112`	`}`