292 Bytes: Is that for just 'IP' CONNTRACKS, or is that for 'IP/TCP' and
'IP/UDP' tracking? I see them storing a lot more information for any
tracking of Layer 7 protocols, etc..

Example:=20
FTP uses a structure called ip_ct_ftp_expect which is created for every
FTP session created. It stores 10 bytes. This might not be that large
compared to the rest of the conntrack, but I can see that more complex
protocols could add quite a bit more.