mirrord stealing to different app

[aviramha]

Some of our users want to use mirrord over kubectl proxy which runs on a bastion host they SSH and port-forward to.
They're running
ssh -L 8080:localhost:8080
then inside the ssh
kubectl proxy

then on their local machine

kubectl config set-cluster testt --server=http://localhost:8080 --insecure-skip-tls-verify=true
kubectl config set-context testt --cluster=testt
kubectl config use-context testt

then they mirrord exec a Java Bootspring app that listens on 8080, requests gets stolen but when it's stolen it is sent to... the kubectl proxy (ssh forward) instead of the app :|
happens on macOS

ssh version:
OpenSSH_9.7p1, LibreSSL 3.3.6

lsof output (lsof -nP -iTCP:8080 -sTCP:LISTEN):

ssh     36023 user    7u  IPv6 0x.ccc      0t0  TCP [::1]:8080 (LISTEN)

ssh     36023 user    8u  IPv4  0xbb...      0t0  TCP [127.0.0.1:8080](http://127.0.0.1:8080/) (LISTEN)

nc      36503 user    5u  IPv4 0xaaa..      0t0  TCP *:8080 (LISTEN)

[linear]

MBE-457 mirrord stealing to different app

[aviramha]

Managed to reproduce on macOS:

1. Open IPython (or your favorite python interpreter)

s1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s1.bind(("127.0.0.1", 8080))
s.listen()
s2 = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
s2.bind(("::1", 8080))
s2.listen()

2. In another terminal, run

mirrord exec -t deployment/ip-visit-counter -- nc -l 8080

curl http://127.0.0.1:8080 - you'd get the python (it'd be stuck unless you accept)
curl the remote 8080 (can port map if your target listens on something else) -> goes to python

[aviramha]

I think solution is to avoid using REUSEADDR in mirrord sockets.