Open Stack

The proposed patch contains many feature changes and some security fixes. Before reading this bug, I thought this patch is a new feature proposal and this is the reason the patch has not been well reviewed after I-3 branch cut.
I would suggest to split security fix from feature changes first. If all changes are required, the reason needs to be explained.
SecurityImpact tag in the commit message will be appreciated too.

After looking around the review, I could not understand how the issued
report here will be fixed in the patch. I hope the commit message
contains enough information how the patch fixes the issue.

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1244025

Title:
  Remote security group criteria don't work in Midonet plugin

Status in OpenStack Neutron (virtual network service):
  In Progress
Status in neutron havana series:
  New
Status in OpenStack Security Advisories:
  Confirmed

Bug description:
  When creating a security rule that specifies a remote security group
  (rather than a CIDR range), the Midonet plugin does not enforce this
  criterion. With an egress rule, for example, one of the criteria for a
  particular rule may be that only traffic to security group A will be
  allowed out. This criterion is ignored, and traffic will be allowed
  out regardless of the destination security group, provided that it
  conforms to the rule's other criteria.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1244025/+subscriptions