2 files changed, 34 insertions, 9 deletions

diff --git a/conn.go b/conn.go
index fb30ec2..6bb262c 100644
--- a/conn.go
+++ b/conn.go
@@ -64,6 +64,32 @@ func unsafeCloseBind(device *Device) error {
 	return err
 }
 
+func (device *Device) BindSetMark(mark uint32) error {
+
+	device.net.mutex.Lock()
+	defer device.net.mutex.Unlock()
+
+	device.peers.mutex.Lock()
+	defer device.peers.mutex.Unlock()
+
+	// check if modified
+
+	if device.net.fwmark == mark {
+		return nil
+	}
+
+	// update fwmark on existing bind
+
+	device.net.fwmark = mark
+	if device.isUp.Get() && device.net.bind != nil {
+		if err := device.net.bind.SetMark(mark); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (device *Device) BindUpdate() error {
 
 	device.net.mutex.Lock()
@@ -89,14 +115,17 @@ func (device *Device) BindUpdate() error {
 		netc.bind, netc.port, err = CreateBind(netc.port)
 		if err != nil {
 			netc.bind = nil
+			netc.port = 0
 			return err
 		}
 
-		// set mark
+		// set fwmark
 
-		err = netc.bind.SetMark(netc.fwmark)
-		if err != nil {
-			return err
+		if netc.fwmark != 0 {
+			err = netc.bind.SetMark(netc.fwmark)
+			if err != nil {
+				return err
+			}
 		}
 
 		// clear cached source addresses
diff --git a/uapi.go b/uapi.go
index caaa498..01cdab6 100644
--- a/uapi.go
+++ b/uapi.go
@@ -191,11 +191,7 @@ func ipcSetOperation(device *Device, socket *bufio.ReadWriter) *IPCError {
 
 				logDebug.Println("UAPI: Updating fwmark")
 
-				device.net.mutex.Lock()
-				device.net.fwmark = uint32(fwmark)
-				device.net.mutex.Unlock()
-
-				if err := device.BindUpdate(); err != nil {
+				if err := device.BindSetMark(uint32(fwmark)); err != nil {
 					logError.Println("Failed to update fwmark:", err)
 					return &IPCError{Code: ipcErrorPortInUse}
 				}