diff --git a/os/linux/internals/cgroups/cgroups-systemd.txt b/os/linux/internals/cgroups/cgroups-systemd.txt
new file mode 100644
index 000000000..9fd4eb7b8
--- /dev/null
+++ b/os/linux/internals/cgroups/cgroups-systemd.txt
@@ -0,0 +1,10 @@
+https://systemd.io/CONTROL_GROUP_INTERFACE/
+https://systemd.io/CONTAINER_INTERFACE/
+https://systemd.io/WRITING_VM_AND_CONTAINER_MANAGERS/
+
+?
+https://www.freedesktop.org/software/systemd/man/latest/systemd-cgls.html#
+    Recursively show control group contents
+https://www.freedesktop.org/software/systemd/man/latest/machinectl.html#
+https://www.freedesktop.org/software/systemd/man/latest/systemd-machined.service.html#
+https://www.freedesktop.org/software/systemd/man/latest/org.freedesktop.machine1
diff --git a/os/linux/internals/cgroups/net_cls.txt b/os/linux/internals/cgroups/net_cls.txt
index c425b024e..b2e05a2f0 100644
--- a/os/linux/internals/cgroups/net_cls.txt
+++ b/os/linux/internals/cgroups/net_cls.txt
@@ -1,8 +1,18 @@
 https://kernel.org/doc/html/latest/admin-guide/cgroup-v1/net_cls.html
+https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html
+
+https://systemd.io/CGROUP_DELEGATION/
+This means systemd currently does not and will never manage the following controllers on cgroup v1: 
+    freezer, cpuset, net_cls, perf_event, net_prio, hugetlb. 
+Why not? Depending on the case, either their API semantics or implementations aren’t really usable, 
+or it’s very clear they have no future on cgroup v2, and we won’t add new code for stuff that clearly has no future.
 
 sudo mount | grep cgroup
 cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot)
 
+grep cgroup2 /proc/self/mountinfo
+42 40 0:28 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:7 - cgroup2 cgroup2 rw,nsdelegate,memory_recursiveprot
+
 sudo lsmod | grep net_cls
 sudo mkdir /sys/fs/cgroup/net_cls/firefox
 sudo sh -c "echo 0x100001 > /sys/fs/cgroup/net_cls/firefox/net_cls.classid"
@@ -17,3 +27,76 @@ for the cgroup2
 
     $ sudo cat /sys/fs/cgroup/cgroup.controllers
     cpuset cpu io memory hugetlb pids rdma misc dmem
+
+
+https://github.com/libcgroup/libcgroup
+https://github.com/libcgroup/libcgroup/blob/main/README
+https://github.com/libcgroup/libcgroup/issues/432
+https://github.com/libcgroup/libcgroup/issues/432#issuecomment-2200828308
+    # export CGROUP_LOGLEVEL=debug
+    # cgexec ...
+
+? misc
+https://docs.kernel.org/admin-guide/cgroup-v2.html#misc
+https://manpages.ubuntu.com/manpages/questing/en/man7/cgroups.7.html
+       There is no direct equivalent of the net_cls and net_prio controllers from cgroups version 1.  
+       Instead, support has been added to iptables(8) to allow eBPF filters that hook on cgroup v2 path‐names to make decisions about network traffic on a per-cgroup basis.
+
+! need
+The kernel source file 
+    Documentation/admin-guide/cgroup-v2.rst.
+
+https://gist.github.com/kriswebdev/a8d291936fe4299fb17d3744497b1170
+    iptables_arg="--path $cgroup_name"
+    ...
+    sudo iptables -t mangle -C OUTPUT -m cgroup $iptables_arg -j MARK --set-mark
+
+
+# Создаем cgroup
+mkdir -p /sys/fs/cgroup/my_cgroup
+# Добавляем текущий процесс (или другой с PID x) в cgroup
+echo $$ > /sys/fs/cgroup/my_cgroup/cgroup.procs
+
+sudo nft add table inet filter
+sudo nft add chain inet filter input { type filter hook input priority 0 \; }
+
+???
+sudo nft add rule  inet filter output cgroup v2path "/my_cgroup" meta mark set 0x1
+sudo nft add rule  inet filter input cgroupv2 path /sys/fs/cgroup/my_cgroup mark set 0x1
+
+sudo nft list ruleset
+sudo tcpdump -nnvvv -i eth0 ip
+
+https://git.netfilter.org/nftables/tree/py/src/nftables.py
+https://blog.fraggod.net/2021/08/31/easy-control-over-applications-network-access-using-nftables-and-systemd-cgroup-v2-tree.html
+
+!!!
+https://unix.stackexchange.com/questions/752635/can-nftables-perform-postrouting-matching-on-crgroupv2
+    !!! need to read
+https://github.com/mk-fg/systemd-cgroup-nftables-policy-manager
+    https://github.com/systemd/systemd/issues/7327
+
+https://github.com/cedrickchee/awesome-wireguard
+https://github.com/cedrickchee/awesome-wireguard#mesh-network
+https://github.com/slackhq/nebula
+    https://noiseprotocol.org/
+    https://nebula.defined.net/docs/
+    https://medium.com/several-people-are-coding/introducing-nebula-the-open-source-global-overlay-network-from-slack-884110a5579
+https://github.com/tonarino/innernet
+    https://blog.tonari.no/introducing-innernet
+    https://patchwork.ozlabs.org/project/netfilter-devel/patch/1479114761-19534-1-git-send-email-pablo@netfilter.org/#1511797
+https://tailscale.com/
+    https://github.com/juanfont/headscale
+        https://headscale.net/stable/
+    https://www.youtube.com/@Tailscale/videos 
+misc
+    https://github.com/linuxserver/docker-wireguard
+    https://github.com/netbirdio/netbird
+    https://github.com/gravitl/netmaker
+    https://github.com/svenstaro/wiresmith
+
+
+tools
+    https://github.com/wagoodman/dive
+    https://github.com/bitwister/twine
+        netwoking using labels