Exclude fronting header when dialing preresolved domains

psiphon/dialParameters.go

@@ -1733,13 +1733,12 @@ func MakeDialParameters(
 		// For tactics requests, AddPsiphonFrontingHeader is set when set for
 		// the related tunnel protocol. E.g., FRONTED-OSSH-MEEK for
 		// FRONTED-MEEK-TACTICS. AddPsiphonFrontingHeader is not replayed.
-		addPsiphonFrontingHeader := false
-		if dialParams.FrontingProviderID != "" {
-			addPsiphonFrontingHeader = common.Contains(
-				p.LabeledTunnelProtocols(
-					parameters.AddFrontingProviderPsiphonFrontingHeader, dialParams.FrontingProviderID),
-				dialParams.TunnelProtocol)
-		}
+		addFrontingHeader := addPsiphonFrontingHeader(
+			p,
+			dialParams.FrontingProviderID,
+			dialParams.TunnelProtocol,
+			dialParams.MeekDialAddress,
+			dialParams.ResolveParameters)
 
 		dialParams.meekConfig = &MeekConfig{
 			DiagnosticID:                  serverEntry.GetDiagnosticID(),
@@ -1760,7 +1759,7 @@ func MakeDialParameters(
 			RandomizedTLSProfileSeed:      dialParams.RandomizedTLSProfileSeed,
 			UseObfuscatedSessionTickets:   dialParams.TunnelProtocol == protocol.TUNNEL_PROTOCOL_UNFRONTED_MEEK_SESSION_TICKET,
 			SNIServerName:                 dialParams.MeekSNIServerName,
-			AddPsiphonFrontingHeader:      addPsiphonFrontingHeader,
+			AddPsiphonFrontingHeader:      addFrontingHeader,
 			VerifyServerName:              dialParams.MeekVerifyServerName,
 			VerifyPins:                    dialParams.MeekVerifyPins,
 			DisableSystemRootCAs:          config.DisableSystemRootCAs,
@@ -2516,3 +2515,29 @@ func selectConjureTransport(
 
 	return transports[choice]
 }
+
+func addPsiphonFrontingHeader(
+	p parameters.ParametersAccessor,
+	frontingProviderID string,
+	tunnelProtocol string,
+	dialAddress string,
+	resolveParams *resolver.ResolveParameters) bool {
+
+	if frontingProviderID == "" {
+		return false
+	}
+
+	if resolveParams != nil &&
+		resolveParams.PreresolvedIPAddress != "" {
+		meekDialDomain, _, _ := net.SplitHostPort(dialAddress)
+		if resolveParams.PreresolvedDomain == meekDialDomain {
+			return false
+		}
+	}
+
+	return common.Contains(
+		p.LabeledTunnelProtocols(
+			parameters.AddFrontingProviderPsiphonFrontingHeader,
+			frontingProviderID),
+		tunnelProtocol)
+}

psiphon/frontingDialParameters.go

@@ -379,14 +379,12 @@ func (f *FrontedMeekDialParameters) prepareDialConfigs(
 		meekMode = MeekModeWrappedPlaintextRoundTrip
 	}
 
-	addPsiphonFrontingHeader := false
-	if f.FrontingProviderID != "" {
-		addPsiphonFrontingHeader = common.Contains(
-			p.LabeledTunnelProtocols(
-				parameters.AddFrontingProviderPsiphonFrontingHeader,
-				f.FrontingProviderID),
-			equivilentTunnelProtocol)
-	}
+	addFrontingHeader := addPsiphonFrontingHeader(
+		p,
+		f.FrontingProviderID,
+		equivilentTunnelProtocol,
+		f.DialAddress,
+		f.ResolveParameters)
 
 	f.meekConfig = &MeekConfig{
 		DiagnosticID:             f.FrontingProviderID,
@@ -400,7 +398,7 @@ func (f *FrontedMeekDialParameters) prepareDialConfigs(
 		SNIServerName:            f.SNIServerName,
 		HostHeader:               f.HostHeader,
 		TransformedHostName:      f.TransformedHostName,
-		AddPsiphonFrontingHeader: addPsiphonFrontingHeader,
+		AddPsiphonFrontingHeader: addFrontingHeader,
 		VerifyServerName:         f.VerifyServerName,
 		VerifyPins:               f.VerifyPins,
 		ClientTunnelProtocol:     equivilentTunnelProtocol,