add fwmark (#92)

Author: Ansen

defs/options.go

@@ -42,4 +42,5 @@ const (
 	OptionTelemetryPath   = "telemetry-path"
 	OptionTelemetryShare  = "telemetry-share"
 	OptionTelemetryExtra  = "telemetry-extra"
+	OptionFwmark          = "fwmark"
 )

main.go

@@ -171,7 +171,7 @@ func main() {
 			&cli.StringFlag{
 				Name: defs.OptionCACert,
 				Usage: "Use the specified CA certificate PEM bundle file instead\n" +
-				    "\tof the system certificate trust store",
+					"\tof the system certificate trust store",
 			},
 			&cli.BoolFlag{
 				Name:  defs.OptionSkipCertVerify,
@@ -218,6 +218,11 @@ func main() {
 				Usage: "Send a custom message along with the telemetry results.\n" +
 					"\tImplies --" + defs.OptionShare,
 			},
+			&cli.IntFlag{
+				Name:  defs.OptionFwmark,
+				Usage: "firewall mark to set on socket.",
+				Value: 0,
+			},
 		},
 	}
 

speedtest/speedtest.go

@@ -161,25 +161,25 @@ func SpeedTest(c *cli.Context) error {
 		network = "ip"
 	}
 
-    transport := http.DefaultTransport.(*http.Transport).Clone()
-
-    if caCertFileName := c.String(defs.OptionCACert); caCertFileName != "" {
-        caCert, err := ioutil.ReadFile(caCertFileName)
-        if err != nil {
-            log.Fatal(err)
-        }
-        caCertPool := x509.NewCertPool()
-        caCertPool.AppendCertsFromPEM(caCert)
-
-        transport.TLSClientConfig = &tls.Config{
-            InsecureSkipVerify: c.Bool(defs.OptionSkipCertVerify),
-            RootCAs: caCertPool,
-        }
-    } else {
-        transport.TLSClientConfig = &tls.Config{
-            InsecureSkipVerify: c.Bool(defs.OptionSkipCertVerify),
-        }
-    }
+	transport := http.DefaultTransport.(*http.Transport).Clone()
+
+	if caCertFileName := c.String(defs.OptionCACert); caCertFileName != "" {
+		caCert, err := ioutil.ReadFile(caCertFileName)
+		if err != nil {
+			log.Fatal(err)
+		}
+		caCertPool := x509.NewCertPool()
+		caCertPool.AppendCertsFromPEM(caCert)
+
+		transport.TLSClientConfig = &tls.Config{
+			InsecureSkipVerify: c.Bool(defs.OptionSkipCertVerify),
+			RootCAs:            caCertPool,
+		}
+	} else {
+		transport.TLSClientConfig = &tls.Config{
+			InsecureSkipVerify: c.Bool(defs.OptionSkipCertVerify),
+		}
+	}
 
 	dialer := &net.Dialer{
 		Timeout:   30 * time.Second,
@@ -195,9 +195,13 @@ func SpeedTest(c *cli.Context) error {
 	}
 
 	// bind to interface if given
-	if iface := c.String(defs.OptionInterface); iface != "" {
+	// bind to interface if given
+	iface := c.String(defs.OptionInterface)
+	fwmark := c.Int(defs.OptionFwmark)
+
+	if iface != "" || fwmark > 0 {
 		var err error
-		dialer, err = newDialerInterfaceBound(iface)
+		dialer, err = newDialerInterfaceOrFwmarkBound(iface, fwmark)
 		if err != nil {
 			return err
 		}

speedtest/util_linux.go

@@ -8,14 +8,20 @@ import (
 	"golang.org/x/sys/unix"
 )
 
-func newDialerInterfaceBound(iface string) (dialer *net.Dialer, err error) {
+func newDialerInterfaceOrFwmarkBound(iface string, fwmark int) (dialer *net.Dialer, err error) {
 	// In linux there is the socket option SO_BINDTODEVICE.
 	// Therefore we can really bind the socket to the device instead of binding to the address that
 	// would be affected by the default routes.
 	control := func(network, address string, c syscall.RawConn) error {
 		var errSock error
 		err := c.Control((func(fd uintptr) {
-			errSock = unix.BindToDevice(int(fd), iface)
+			if iface != "" {
+				errSock = unix.BindToDevice(int(fd), iface)
+			}
+
+			if fwmark > 0 {
+				errSock = syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_MARK, fwmark)
+			}
 		}))
 		if err != nil {
 			return err