I have tested this on kernel 4.4.0 (in Xenial) and I don't think the fix that went into 3.19 fixed the entire issue.
My understanding is that since nmap uses a relatively long pcap_select() timeout, and the packet buffers in the kernel aren't filling up fast enough, the packet loss can still be seen.
I see that you have worked around this in nmap by disabling TPACKET_v3:
Would you consider trying this same workaround in nmap, since it seems more general than forcing TPACKET_V3 to be disabled? (That is, only users who compile nmap from source and use "./configure --with-libpcap=included" can currently use the workaround.)
I have tested this on kernel 4.4.0 (in Xenial) and I don't think the fix that went into 3.19 fixed the entire issue.
My understanding is that since nmap uses a relatively long pcap_select() timeout, and the packet buffers in the kernel aren't filling up fast enough, the packet loss can still be seen.
I see that you have worked around this in nmap by disabling TPACKET_v3:
https:/ /github. com/nmap/ nmap/commit/ 83b9c4c939094e6 73705b7c2705337 08853891f0
I noticed that another project (which I found linked to the libpcap bug) worked around this issue by using libpcap's immediate_mode:
https:/ /github. com/teclo/ flow-disruptor/ commit/ 3376d049fc5280a edccc42fc6e090c 32c0c4a128
Would you consider trying this same workaround in nmap, since it seems more general than forcing TPACKET_V3 to be disabled? (That is, only users who compile nmap from source and use "./configure --with- libpcap= included" can currently use the workaround.)