In distributed systems, silent packet loss is the silent killer. Traditional tools like netstat only give us counters, but with eBPF, we can hook into tcp_retransmit_skb to get the exact stack trace.
The Hook Logic
We use a kprobe to intercept the kernel function responsible for retransmitting a socket buffer.
$$P(loss) = \frac{Retransmissions}{Total Packets}$$
Sample Go Code (Cilium/ebpf)
// Loading the BPF program
spec, err := ebpf.LoadCollectionSpec("retransmit.o")
if err != nil {
log.Fatalf("failed to load BPF: %v", err)
}
