Comment 9 for bug 1758037

Starting with F27, the Fedora-only patch that disabled TPACKET_V3 support was removed with the comment:

   Drop TPACKET_V3 patch as it should be fixed in kernel by now

This is apparently not the case since, on a host with F27 packages, including libpcap-1.8.1-6 and kernel 4.15.3-300, the previously-functional libvirt code that uses libpcap to watch for DHCP traffic now fails when pcap_setfilter() returns EBADF.

Here is the excerpt of libvirt code (from the file src/nwfilter/nwfilter_dhcpsnoop.c):

    [...]
    handle = pcap_create(ifname, pcap_errbuf);

    if (handle == NULL) {
        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
                       _("pcap_create failed"));
        goto cleanup_nohandle;
    }

    if (pcap_set_snaplen(handle, PCAP_PBUFSIZE) < 0 ||
        pcap_set_buffer_size(handle, PCAP_BUFFERSIZE) < 0 ||
        pcap_activate(handle) < 0) {
        virReportError(VIR_ERR_INTERNAL_ERROR,
                       _("setup of pcap handle failed: %s"),
                       pcap_geterr(handle));
        goto cleanup;
    }

    if (pcap_compile(handle, &fp, ext_filter, 1, PCAP_NETMASK_UNKNOWN) != 0) {
        virReportError(VIR_ERR_INTERNAL_ERROR,
                       _("pcap_compile: %s"), pcap_geterr(handle));
        goto cleanup;
    }

    if (pcap_setfilter(handle, &fp) != 0) { <=== FAILURE HERE
        virReportError(VIR_ERR_INTERNAL_ERROR,
                       _("pcap_setfilter: %s"), pcap_geterr(handle));
        goto cleanup_freecode;
    }
    [...]

If I add the patch titled "pcap-linux: don't use TPACKETV3 for memory mmapped
 capture" back to the F27 build of libpcap (built locally with fedpkg) and install the resulting rpm, the same code magically begins to work.

I haven't checked rawhide, but I assume the behavior is the same.

I think Fedora needs to re-disable TPACKET_V3