From 094c7695e8e8261c256c862eaa6774742746f3b9 Mon Sep 17 00:00:00 2001
From: Vishvananda Ishaya <vishvananda@gmail.com>
Date: Thu, 1 Mar 2012 10:26:22 -0800
Subject: Ensures that we don't exceed iptables chain max

 * Fixes bug 944184

Change-Id: Ifb25f253ab32c9895aae276e946058eb62e14957
---
 nova/network/linux_net.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/nova/network/linux_net.py b/nova/network/linux_net.py
index 46d2aadd6..7d36694dc 100755
--- a/nova/network/linux_net.py
+++ b/nova/network/linux_net.py
@@ -90,7 +90,11 @@ FLAGS = flags.FLAGS
 FLAGS.register_opts(linux_net_opts)
 
 
-binary_name = os.path.basename(inspect.stack()[-1][1])
+# NOTE(vish): Iptables supports chain names of up to 28 characters,  and we
+#             add up to 12 characters to binary_name which is used as a prefix,
+#             so we limit it to 16 characters.
+#             (max_chain_name_length - len('-POSTROUTING') == 16)
+binary_name = os.path.basename(inspect.stack()[-1][1])[:16]
 
 
 class IptablesRule(object):
-- 
cgit