Back to top
Home / Knox SDK / Knox SDK knowledge base articles /

Slow Firewall SDK performance when applying many URLs

Environment

  • Knox SDK
  • Android 8

Overview

Some customers are reporting that when using the Firewall SDK to write 300 URLs and IPs, it takes 25 seconds. The expected duration is within 5 seconds. The URLs and IP are added to the allowlist by calling the Firewall() method:

removeDomainFilterRules CLEAR_ALL
addDomainFilterRules(all 300 URLs)
clearRules FIREWALL_ALL_RULES.
addRules(all IPs)
enableFirewall(true);

Cause

This issue occurs because the Firewall SDK is currently implemented in fork mode. For example, when executing addDomainFilterRules(), each URL creates an iptable command. Each command is then executed in the Knox framework through shell command. If there are 300 URLs, the iptable command executes 300 times, resulting in slow performance.

Resolution

Use iptables-restore instead of iptable commands, which significantly improves performance.

Back to KBAs

On this page

Is this page helpful?