configs: add CONFIG_NETKIT=y

[sholdee]

NetKit is the Linux BPF-programmable network device, introduced in kernel 6.7 and used by Cilium CNI for high-performance container networking.

More details:

• https://lwn.net/Articles/949960/
• https://isovalent.com/blog/post/cilium-netkit-a-new-container-networking-paradigm-for-the-ai-era/

It would be great to have this enabled with kernel 6.12. I have compiled with the flag and tested this on my RPi 5 Kubernetes cluster and everything looks good:

ethan@k3s-master-0:~ $ uname -a
Linux k3s-master-0 6.12.11-v8-16k+ #1 SMP PREEMPT Thu Jan 30 15:58:02 CST 2025 aarch64 GNU/Linux

ethan@k3s-master-0:~ $ sudo modprobe configs

ethan@k3s-master-0:~ $ zgrep CONFIG_NETKIT /proc/config.gz
CONFIG_NETKIT=y

ethan@k3s-master-0:~ $ modinfo netkit
name:           netkit
filename:       (builtin)
alias:          rtnl-link-netkit
license:        GPL
file:           drivers/net/netkit
author:         Nikolay Aleksandrov <razor@blackwall.org>
author:         Daniel Borkmann <daniel@iogearbox.net>
description:    BPF-programmable network device

ethan@k3s-master-0:~ $ sudo kubectl exec -it cilium-5zntq -n kube-system -- cilium status | grep "Mode:"
Defaulted container "cilium-agent" out of: cilium-agent, config (init), mount-cgroup (init), apply-sysctl-overwrites (init), mount-bpf-fs (init), clean-cilium-state (init), install-cni-binaries (init)
Attach Mode:             TCX
Device Mode:             netkit

Cilium status:

    /¯¯\
 /¯¯\__/¯¯\    Cilium:             OK
 \__/¯¯\__/    Operator:           OK
 /¯¯\__/¯¯\    Envoy DaemonSet:    OK
 \__/¯¯\__/    Hubble Relay:       OK
    \__/       ClusterMesh:        disabled

DaemonSet              cilium             Desired: 5, Ready: 5/5, Available: 5/5
DaemonSet              cilium-envoy       Desired: 5, Ready: 5/5, Available: 5/5
Deployment             hubble-ui          Desired: 1, Ready: 1/1, Available: 1/1
Deployment             hubble-relay       Desired: 1, Ready: 1/1, Available: 1/1
Deployment             cilium-operator    Desired: 3, Ready: 3/3, Available: 3/3
Containers:            hubble-ui          Running: 1
                       hubble-relay       Running: 1
                       cilium-operator    Running: 3
                       cilium             Running: 5
                       cilium-envoy       Running: 5
Cluster Pods:          118/118 managed by Cilium
Helm chart version:    
Image versions         hubble-ui          quay.io/cilium/hubble-ui:v0.13.1@sha256:e2e9313eb7caf64b0061d9da0efbdad59c6c461f6ca1752768942bfeda0796c6: 1
                       hubble-ui          quay.io/cilium/hubble-ui-backend:v0.13.1@sha256:0e0eed917653441fded4e7cdb096b7be6a3bddded5a2dd10812a27b1fc6ed95b: 1
                       hubble-relay       quay.io/cilium/hubble-relay:v1.16.6@sha256:ca8dcaa5a81a37743b1397ba2221d16d5d63e4a47607584f1bf50a3b0882bf3b: 1
                       cilium-operator    quay.io/cilium/operator-generic:v1.16.6@sha256:13d32071d5a52c069fb7c35959a56009c6914439adc73e99e098917646d154fc: 3
                       cilium             quay.io/cilium/cilium:v1.16.6@sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da: 5
                       cilium-envoy       quay.io/cilium/cilium-envoy:v1.30.9-1737073743-40a016d11c0d863b772961ed0168eea6fe6b10a5@sha256:a69dfe0e54b24b0ff747385c8feeae0612cfbcae97bfcc8ee42a773bb3f69c88: 5

[pelwell]

Although this option is a built-in, it barely changes the kernel size at all:

armhf:
  Before:
  -rwxrwxr-x 1 phil phil 22110584 Jan 31 15:54 vmlinux
  -rwxrwxr-x 1 phil phil 16212924 Jan 31 15:54 arch/arm/boot/Image

  After:
  -rwxrwxr-x 1 phil phil 22113068 Jan 31 15:50 vmlinux
  -rwxrwxr-x 1 phil phil 16213096 Jan 31 15:50 arch/arm/boot/Image

arm64:
  Before:
  -rwxrwxr-x 1 phil phil 33935616 Jan 31 15:43 vmlinux
  -rw-rw-r-- 1 phil phil 26817024 Jan 31 15:43 arch/arm64/boot/Image

  After:
  -rwxrwxr-x 1 phil phil 33937632 Jan 31 15:39 vmlinux
  -rw-rw-r-- 1 phil phil 26817024 Jan 31 15:39 arch/arm64/boot/Image

We're also concerned about the effect on performance, particularly for fundamental subsystems like networking, but from what I can see it only affects bpf support (which is already opt-in for users), and mainly by adding new cases to switch statements, which should have a negligible impact for non-users.

I'm inclined to accept this. Thoughts, @popcornmix?

[popcornmix]

Okay.