What is the difference between nf_conntrack_max and nf_conntrack_expect_max?

Reference: conntrack man page

The connection tracking system maintains two different tables, one for tracking connections that are active the other for tracking connections that are /expected/ to be active. An example of an expected connection would be an FTP connection, which uses both a control connection and a data connection. When the control connection is opened, the data connection is expected to be opened.

In a single table solution, a denial-of-service could be triggered by filling the table with expectations, starving out legitimate, active connections. The separate table helps to prevent that.

In the two system setup, nf_conntrack_expect_max is the max number of entries for the expectations table, and its function is identical to that of nf_conntrack_max for the conntrack table.

Related videos on Youtube

49 : 43

Opening My RTFKT MNLTH Box! - NIKE x RTFKT NFT Drop

The NFT Show | Philip Kalinko

110

07 : 15

NFTs vs Copyright: Is That NFT Really Yours?

MarketSquare

11

08 : 20

NFT vs Crypto | Difference Between NFT And Crypto | NFT Explained | Crypto Explained | Simplilearn

Simplilearn

10

04 : 12

INTRODUCING A NEW TYPE OF NFT

English

2

01 : 20

DevOps & SysAdmins: What is the difference between nf_conntrack_max and nf_conntrack_expect_max?

Roel Van de Paar

2

Author by

KelchM

Updated on September 18, 2022