Hi!

Well it seems like a different problem from what I first thought. I have a few idea, maybe some of them helps:
1. If you able to modify the source code of user space receiver program, maybe try to avoid the user space receive right after the connection. This is ugly, but I think that would solve the problem: TCP backlog will store your packets until the sockmap code will redirect them to the right socket.
2. You can use BPF sock_ops for placing the new sockets to the sockmap before they receive the first packet. The problem with that you will need to put your application into a cgroup v2 to catch TCP state events. Also, on Ubuntu, you should disable net_cls,net_prio, because that would overwrite the cgroup BPF program of the sockets (see: https://stackoverflow.com/questions/55646983/why-does-my-bpf-prog-type-cgroup-skb-program-not-work-in-a-container)
3. I encountered very similar problem in my sockmap accelerated shadowsocks fork (https://github.com/SPYFF/shadowsocks-libev-nocrypto/tree/ebpf attaching sockmap right after the connection established but before the first packet) and as far as I remember I still able to count all the packets in the BPF program. So in my case the issue was different. All of your curl request successfully establish his TCP connection? If there are some connection reset failure, maybe you could increase net.somaxconn and the backlog size of the listener socket.

I hope some of them might be help.

Good luck,
Ferenc