Enable `CONFIG_INET_DIAG_DESTROY` kernel config in the Docker Desktop's linuxkit kernel

[PhilipSchmid]

Note: I also created an "upstream" issue (https://github.com/linuxkit/linuxkit/issues/4166), but as I learned here, Docker Desktop doesn't us the upstream linuxkit kernel configs anymore. Hence, I'm opening this separate feature request here.

Description

The Docker Desktop linuxkit does not enable the CONFIG_INET_DIAG_DESTROY kernel config by default:

root@node:/# uname -r
6.10.14-linuxkit
root@node:/# cat /proc/config.gz | gunzip | grep CONFIG_INET_DIAG_DESTROY | grep DIAG
# CONFIG_INET_DIAG_DESTROY is not set

However, other CONFIG_INET_* related flags are already set:

root@node:/# cat /proc/config.gz | gunzip | grep CONFIG_INET | grep DIAG
CONFIG_INET_DIAG=y
CONFIG_INET_TCP_DIAG=y
CONFIG_INET_UDP_DIAG=y
# CONFIG_INET_RAW_DIAG is not set
# CONFIG_INET_DIAG_DESTROY is not set
CONFIG_INET_SCTP_DIAG=y

Would it be an option to enable it for all 2 supported architectures? Upstream, this would be here for x86_64 and here for aarch64.

I checked that on Docker Desktop 4.44.3 (202357):

$ docker info
Client:
 Version:    28.3.2
 Context:    desktop-linux
...
 Kernel Version: 6.10.14-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: aarch64
...

Motivation

When trying to run Cilium on KIND clusters that run on the linuxkit kernel which doesn't have the CONFIG_INET_DIAG_DESTROY=y kernel config set, Cilium isn't able to terminate stale UDP sockets when running in it's optimized Kube-Proxy Replacement mode with eBPF Host Routing enabled. See the documented Limitations.

More context about the current implementation that relies on CONFIG_INET_DIAG_DESTROY=y: https://github.com/cilium/cilium/pull/33459

FYI, the same ask has already be requested for other platforms, like azurelinux, as well: https://github.com/microsoft/azurelinux/issues/14108