all: start groundwork for using capver for localapi & peerapi

Updates #7015

Change-Id: I3d4c11b42a727a62eaac3262a879f29bb4ce82dd
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

ipn/ipnlocal/local.go

@@ -4348,20 +4348,32 @@ func exitNodeCanProxyDNS(nm *netmap.NetworkMap, exitNodeID tailcfg.StableNodeID)
 		return "", false
 	}
 	for _, p := range nm.Peers {
-		if p.StableID != exitNodeID {
-			continue
-		}
-		services := p.Hostinfo.Services()
-		for i, n := 0, services.Len(); i < n; i++ {
-			s := services.At(i)
-			if s.Proto == tailcfg.PeerAPIDNS && s.Port >= 1 {
-				return peerAPIBase(nm, p) + "/dns-query", true
-			}
+		if p.StableID == exitNodeID && peerCanProxyDNS(p) {
+			return peerAPIBase(nm, p) + "/dns-query", true
 		}
 	}
 	return "", false
 }
 
+func peerCanProxyDNS(p *tailcfg.Node) bool {
+	if p.Cap >= 26 {
+		// Actually added at 25
+		// (https://github.com/tailscale/tailscale/blob/3ae6f898cfdb58fd0e30937147dd6ce28c6808dd/tailcfg/tailcfg.go#L51)
+		// so anything >= 26 can do it.
+		return true
+	}
+	// If p.Cap is not populated (e.g. older control server), then do the old
+	// thing of searching through services.
+	services := p.Hostinfo.Services()
+	for i, n := 0, services.Len(); i < n; i++ {
+		s := services.At(i)
+		if s.Proto == tailcfg.PeerAPIDNS && s.Port >= 1 {
+			return true
+		}
+	}
+	return false
+}
+
 func (b *LocalBackend) DebugRebind() error {
 	mc, err := b.magicConn()
 	if err != nil {

ipn/localapi/localapi.go

@@ -155,6 +155,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	w.Header().Set("Tailscale-Version", version.Long)
+	w.Header().Set("Tailscale-Cap", strconv.Itoa(int(tailcfg.CurrentCapabilityVersion)))
 	w.Header().Set("Content-Security-Policy", `default-src 'none'; frame-ancestors 'none'; script-src 'none'; script-src-elem 'none'; script-src-attr 'none'`)
 	w.Header().Set("X-Frame-Options", "DENY")
 	w.Header().Set("X-Content-Type-Options", "nosniff")