Comment 5 for bug 1284741

Thank you for comment.

Does ns-agent means quantum-ns-metadata-proxy?

I took your review as follows.
Is there anything wrong ?

- arbitary instance -> proxy A (VM in a neutron-namespace)
REMOTE_ADDR: arbitary instance

- proxy A -> namespace-metadata-proxy
REMOTE_ADDR: proxy A(changed)
X-FORWARDED-FOR: REMOTE_ADDR

- namespace-metadata-proxy -> metadata-agent
X-FORWARDED-FOR : proxy A

- metadata-agent -> nova-metadata-api
X-FORWARDED-FOR: proxy A

And return proxy A's metadata to arbitrary instance inappropriately.
Additionally, My patch increases security concern in the case of proxy C used
and proxy C connects to metadata-agent directly without metadata-proxy
because metadata-agent trust X-FORWARDED-FOR and pass it on as-is to nova-metadata-api.