ipn: use NodeCapMap in CheckFunnel

These were missed when adding NodeCapMap and resulted in tsnet binaries not being able to turn on funnel. Fixes #9566 Signed-off-by: Maisem Ali <maisem@tailscale.com>
2025-08-14 06:57:31 +00:00 · 2023-09-27 23:01:09 -07:00
parent 5c2b2fa1f8
commit 354455e8be
5 changed files with 53 additions and 24 deletions
--- a/cmd/derper/depaware.txt
+++ b/cmd/derper/depaware.txt
@@ -270,7 +270,7 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa
        runtime/metrics                                              from github.com/prometheus/client_golang/prometheus+
        runtime/pprof                                                from net/http/pprof
        runtime/trace                                                from net/http/pprof
-        slices                                                       from tailscale.com/ipn+
+        slices                                                       from tailscale.com/ipn/ipnstate+
        sort                                                         from compress/flate+
        strconv                                                      from compress/flate+
        strings                                                      from bufio+
--- a/cmd/tailscale/cli/funnel.go
+++ b/cmd/tailscale/cli/funnel.go
@@ -164,12 +164,12 @@ func (e *serveEnv) verifyFunnelEnabled(ctx context.Context, st *ipnstate.Status,
 		// the feature flag on.
 		// TODO(sonia,tailscale/corp#10577): Remove this fallback once the
 		// control flag is turned on for all domains.
-		if err := ipn.CheckFunnelAccess(port, st.Self.Capabilities); err != nil {
+		if err := ipn.CheckFunnelAccess(port, st.Self); err != nil {
 			return err
 		}
 	default:
 		// Done with enablement, make sure the requested port is allowed.
-		if err := ipn.CheckFunnelPort(port, st.Self.Capabilities); err != nil {
+		if err := ipn.CheckFunnelPort(port, st.Self); err != nil {
 			return err
 		}
 	}