Description of problem:

Malformed Forwarded header for IPV6 sources while using proxy protocol

Version-Release number of selected component (if applicable):

4.18

How reproducible:

Always

Additional Info:

Applications receive malformed `Forwarded` headers for requests from IPv6-enabled clients which get forwarded to the single stack IPv4 cluster's ingress controller by a dual-stack LoadBalancer which sends the real client IP via PROXY protocol.

The application receives the following `Forwarded` header from an IPv6 client:    

[HTTP_FORWARDED] => for=2a02:xxx:xx:12:1072:xxx:1c24:xxx;host=acp3.example.com;proto=https

However, as per the RFC  requires that the `Forwarded` header contains IPv6 addresses quoted and enclosed in brackets, cf.

https://datatracker.ietf.org/doc/html/rfc7239#section-7.4

The problem seems to be in the haproxy template here:

Correct logic (enabled when the ingress router runs in dual stack mode):

https://github.com/openshift/router/blob/2bc8169c87ccd69cceeeab7552bedb6f16a34c84/images/router/haproxy/conf/haproxy-config.template#L661-L665

Incorrect logic (enabled when the ingress router runs in single stack IPv4 mode regardless of PROXY protocol settings):

https://github.com/openshift/router/blob/2bc8169c87ccd69cceeeab7552bedb6f16a34c84/images/router/haproxy/conf/haproxy-config.template#L668-L670