Slow Firewall SDK performance when applying many URLs
- Knox SDK
- Android 8
Some customers are reporting that when using the Firewall SDK to write 300 URLs and IPs, it takes 25 seconds. The expected duration is within 5 seconds. The URLs and IP are added to the allowlist by calling the
removeDomainFilterRules CLEAR_ALL addDomainFilterRules(all 300 URLs) clearRules FIREWALL_ALL_RULES. addRules(all IPs) enableFirewall(true);
This issue occurs because the Firewall SDK is currently implemented in fork mode. For example, when executing addDomainFilterRules(), each URL creates an iptable command. Each command is then executed in the Knox framework through shell command. If there are 300 URLs, the iptable command executes 300 times, resulting in slow performance.
iptables-restore instead of iptable commands, which significantly improves performance.
Is this page helpful?
Thank you for your feedback!