[#XX] Update SDK

Need fix TrueCloudLab/frostfs-sdk-go#282

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>

CHANGELOG.md

@@ -7,6 +7,7 @@ This document outlines major changes between releases.
 ### Added
 - Support percent-encoding for GET queries (#134)
 - Add `trace_id` to logs (#148)
+- Add `cors` config params (#158)
 
 ### Changed
 - Update go version to 1.22 (#132)

cmd/http-gw/app.go

@@ -6,7 +6,6 @@ import (
 	"crypto/x509"
 	"errors"
 	"fmt"
-	"io"
 	"net/http"
 	"os"
 	"os/signal"
@@ -22,6 +21,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/handler"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/handler/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
+	internalnet "git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/net"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/service/frostfs"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/templates"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/metrics"
@@ -88,16 +88,32 @@ type (
 	// appSettings stores reloading parameters, so it has to provide getters and setters which use RWMutex.
 	appSettings struct {
 		reconnectInterval time.Duration
+		dialerSource      *internalnet.DialerSource
 
-		mu                  sync.RWMutex
-		defaultTimestamp    bool
-		zipCompression      bool
-		clientCut           bool
-		returnIndexPage     bool
-		indexPageTemplate   string
-		bufferMaxSizeForPut uint64
-		namespaceHeader     string
-		defaultNamespaces   []string
+		mu                   sync.RWMutex
+		defaultTimestamp     bool
+		zipCompression       bool
+		clientCut            bool
+		returnIndexPage      bool
+		indexPageTemplate    string
+		bufferMaxSizeForPut  uint64
+		namespaceHeader      string
+		defaultNamespaces    []string
+		corsAllowOrigin      string
+		corsAllowMethods     []string
+		corsAllowHeaders     []string
+		corsExposeHeaders    []string
+		corsAllowCredentials bool
+		corsMaxAge           int
+	}
+
+	CORS struct {
+		AllowOrigin      string
+		AllowMethods     []string
+		AllowHeaders     []string
+		ExposeHeaders    []string
+		AllowCredentials bool
+		MaxAge           int
 	}
 )
 
@@ -134,6 +150,8 @@ func newApp(ctx context.Context, opt ...Option) App {
 		opt[i](a)
 	}
 
+	a.initAppSettings()
+
 	// -- setup FastHTTP server --
 	a.webServer.Name = "frost-http-gw"
 	a.webServer.ReadBufferSize = a.cfg.GetInt(cfgWebReadBufferSize)
@@ -147,7 +165,7 @@ func newApp(ctx context.Context, opt ...Option) App {
 	a.webServer.DisablePreParseMultipartForm = true
 	a.webServer.StreamRequestBody = a.cfg.GetBool(cfgWebStreamRequestBody)
 	// -- -- -- -- -- -- -- -- -- -- -- -- -- --
-	a.pool, a.treePool, a.key = getPools(ctx, a.log, a.cfg)
+	a.pool, a.treePool, a.key = getPools(ctx, a.log, a.cfg, a.settings.dialerSource)
 
 	var owner user.ID
 	user.IDFromKey(&owner, a.key.PrivateKey.PublicKey)
@@ -155,27 +173,63 @@ func newApp(ctx context.Context, opt ...Option) App {
 
 	a.setRuntimeParameters()
 
-	a.initAppSettings()
 	a.initResolver()
 	a.initMetrics()
 	a.initTracing(ctx)
-	a.loadIndexPageTemplate()
 
 	return a
 }
 
+func (a *app) initAppSettings() {
+	a.settings = &appSettings{
+		reconnectInterval: fetchReconnectInterval(a.cfg),
+		dialerSource:      getDialerSource(a.log, a.cfg),
+	}
+	a.settings.update(a.cfg, a.log)
+}
+
+func (s *appSettings) update(v *viper.Viper, l *zap.Logger) {
+	defaultTimestamp := v.GetBool(cfgUploaderHeaderEnableDefaultTimestamp)
+	zipCompression := v.GetBool(cfgZipCompression)
+	returnIndexPage := v.GetBool(cfgIndexPageEnabled)
+	clientCut := v.GetBool(cfgClientCut)
+	bufferMaxSizeForPut := v.GetUint64(cfgBufferMaxSizeForPut)
+	namespaceHeader := v.GetString(cfgResolveNamespaceHeader)
+	defaultNamespaces := fetchDefaultNamespaces(v)
+	indexPage, indexEnabled := fetchIndexPageTemplate(v, l)
+	corsAllowOrigin := v.GetString(cfgCORSAllowOrigin)
+	corsAllowMethods := v.GetStringSlice(cfgCORSAllowMethods)
+	corsAllowHeaders := v.GetStringSlice(cfgCORSAllowHeaders)
+	corsExposeHeaders := v.GetStringSlice(cfgCORSExposeHeaders)
+	corsAllowCredentials := v.GetBool(cfgCORSAllowCredentials)
+	corsMaxAge := fetchCORSMaxAge(v)
+
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	s.defaultTimestamp = defaultTimestamp
+	s.zipCompression = zipCompression
+	s.returnIndexPage = returnIndexPage
+	s.clientCut = clientCut
+	s.bufferMaxSizeForPut = bufferMaxSizeForPut
+	s.namespaceHeader = namespaceHeader
+	s.defaultNamespaces = defaultNamespaces
+	s.returnIndexPage = indexEnabled
+	s.indexPageTemplate = indexPage
+	s.corsAllowOrigin = corsAllowOrigin
+	s.corsAllowMethods = corsAllowMethods
+	s.corsAllowHeaders = corsAllowHeaders
+	s.corsExposeHeaders = corsExposeHeaders
+	s.corsAllowCredentials = corsAllowCredentials
+	s.corsMaxAge = corsMaxAge
+}
+
 func (s *appSettings) DefaultTimestamp() bool {
 	s.mu.RLock()
 	defer s.mu.RUnlock()
 	return s.defaultTimestamp
 }
 
-func (s *appSettings) setDefaultTimestamp(val bool) {
-	s.mu.Lock()
-	s.defaultTimestamp = val
-	s.mu.Unlock()
-}
-
 func (s *appSettings) ZipCompression() bool {
 	s.mu.RLock()
 	defer s.mu.RUnlock()
@@ -197,42 +251,27 @@ func (s *appSettings) IndexPageTemplate() string {
 	return s.indexPageTemplate
 }
 
-func (s *appSettings) setZipCompression(val bool) {
-	s.mu.Lock()
-	s.zipCompression = val
-	s.mu.Unlock()
-}
+func (s *appSettings) CORS() CORS {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
 
-func (s *appSettings) setReturnIndexPage(val bool) {
-	s.mu.Lock()
-	s.returnIndexPage = val
-	s.mu.Unlock()
-}
+	allowMethods := make([]string, len(s.corsAllowMethods))
+	copy(allowMethods, s.corsAllowMethods)
 
-func (s *appSettings) setIndexTemplate(val string) {
-	s.mu.Lock()
-	s.indexPageTemplate = val
-	s.mu.Unlock()
-}
+	allowHeaders := make([]string, len(s.corsAllowHeaders))
+	copy(allowHeaders, s.corsAllowHeaders)
 
-func (a *app) loadIndexPageTemplate() {
-	if !a.settings.IndexPageEnabled() {
-		return
+	exposeHeaders := make([]string, len(s.corsExposeHeaders))
+	copy(exposeHeaders, s.corsExposeHeaders)
+
+	return CORS{
+		AllowOrigin:      s.corsAllowOrigin,
+		AllowMethods:     allowMethods,
+		AllowHeaders:     allowHeaders,
+		ExposeHeaders:    exposeHeaders,
+		AllowCredentials: s.corsAllowCredentials,
+		MaxAge:           s.corsMaxAge,
 	}
-	reader, err := os.Open(a.cfg.GetString(cfgIndexPageTemplatePath))
-	if err != nil {
-		a.settings.setIndexTemplate("")
-		a.log.Warn(logs.FailedToReadIndexPageTemplate, zap.Error(err))
-		return
-	}
-	tmpl, err := io.ReadAll(reader)
-	if err != nil {
-		a.settings.setIndexTemplate("")
-		a.log.Warn(logs.FailedToReadIndexPageTemplate, zap.Error(err))
-		return
-	}
-	a.settings.setIndexTemplate(string(tmpl))
-	a.log.Info(logs.SetCustomIndexPageTemplate)
 }
 
 func (s *appSettings) ClientCut() bool {
@@ -241,29 +280,27 @@ func (s *appSettings) ClientCut() bool {
 	return s.clientCut
 }
 
-func (s *appSettings) setClientCut(val bool) {
-	s.mu.Lock()
-	s.clientCut = val
-	s.mu.Unlock()
-}
-
 func (s *appSettings) BufferMaxSizeForPut() uint64 {
 	s.mu.RLock()
 	defer s.mu.RUnlock()
 	return s.bufferMaxSizeForPut
 }
 
-func (s *appSettings) setBufferMaxSizeForPut(val uint64) {
-	s.mu.Lock()
-	s.bufferMaxSizeForPut = val
-	s.mu.Unlock()
+func (s *appSettings) NamespaceHeader() string {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	return s.namespaceHeader
 }
 
-func (a *app) initAppSettings() {
-	a.settings = &appSettings{
-		reconnectInterval: fetchReconnectInterval(a.cfg),
+func (s *appSettings) FormContainerZone(ns string) (zone string, isDefault bool) {
+	s.mu.RLock()
+	namespaces := s.defaultNamespaces
+	s.mu.RUnlock()
+	if slices.Contains(namespaces, ns) {
+		return v2container.SysAttributeZoneDefault, true
 	}
-	a.updateSettings()
+
+	return ns + ".ns", false
 }
 
 func (a *app) initResolver() {
@@ -526,6 +563,10 @@ func (a *app) configReload(ctx context.Context) {
 		a.logLevel.SetLevel(lvl)
 	}
 
+	if err := a.settings.dialerSource.Update(fetchMultinetConfig(a.cfg, a.log)); err != nil {
+		a.log.Warn(logs.MultinetConfigWontBeUpdated, zap.Error(err))
+	}
+
 	if err := a.resolver.UpdateResolvers(a.getResolverConfig()); err != nil {
 		a.log.Warn(logs.FailedToUpdateResolvers, zap.Error(err))
 	}
@@ -539,26 +580,15 @@ func (a *app) configReload(ctx context.Context) {
 	a.stopServices()
 	a.startServices()
 
-	a.updateSettings()
+	a.settings.update(a.cfg, a.log)
 
 	a.metrics.SetEnabled(a.cfg.GetBool(cfgPrometheusEnabled))
 	a.initTracing(ctx)
-	a.loadIndexPageTemplate()
 	a.setHealthStatus()
 
 	a.log.Info(logs.SIGHUPConfigReloadCompleted)
 }
 
-func (a *app) updateSettings() {
-	a.settings.setDefaultTimestamp(a.cfg.GetBool(cfgUploaderHeaderEnableDefaultTimestamp))
-	a.settings.setZipCompression(a.cfg.GetBool(cfgZipCompression))
-	a.settings.setReturnIndexPage(a.cfg.GetBool(cfgIndexPageEnabled))
-	a.settings.setClientCut(a.cfg.GetBool(cfgClientCut))
-	a.settings.setBufferMaxSizeForPut(a.cfg.GetUint64(cfgBufferMaxSizeForPut))
-	a.settings.setNamespaceHeader(a.cfg.GetString(cfgResolveNamespaceHeader))
-	a.settings.setDefaultNamespaces(a.cfg.GetStringSlice(cfgResolveDefaultNamespaces))
-}
-
 func (a *app) startServices() {
 	pprofConfig := metrics.Config{Enabled: a.cfg.GetBool(cfgPprofEnabled), Address: a.cfg.GetString(cfgPprofAddress)}
 	pprofService := metrics.NewPprofService(a.log, pprofConfig)
@@ -579,7 +609,6 @@ func (a *app) stopServices() {
 		svc.ShutDown(ctx)
 	}
 }
-
 func (a *app) configureRouter(handler *handler.Handler) {
 	r := router.New()
 	r.RedirectTrailingSlash = true
@@ -590,20 +619,96 @@ func (a *app) configureRouter(handler *handler.Handler) {
 		response.Error(r, "Method Not Allowed", fasthttp.StatusMethodNotAllowed)
 	}
 
-	r.POST("/upload/{cid}", a.tracer(a.logger(a.canonicalizer(a.tokenizer(a.reqNamespace(handler.Upload))))))
+	r.POST("/upload/{cid}", a.addMiddlewares(handler.Upload))
+	r.OPTIONS("/upload/{cid}", a.addPreflight())
 	a.log.Info(logs.AddedPathUploadCid)
-	r.GET("/get/{cid}/{oid:*}", a.tracer(a.logger(a.canonicalizer(a.tokenizer(a.reqNamespace(handler.DownloadByAddressOrBucketName))))))
-	r.HEAD("/get/{cid}/{oid:*}", a.tracer(a.logger(a.canonicalizer(a.tokenizer(a.reqNamespace(handler.HeadByAddressOrBucketName))))))
+	r.GET("/get/{cid}/{oid:*}", a.addMiddlewares(handler.DownloadByAddressOrBucketName))
+	r.HEAD("/get/{cid}/{oid:*}", a.addMiddlewares(handler.HeadByAddressOrBucketName))
+	r.OPTIONS("/get/{cid}/{oid:*}", a.addPreflight())
 	a.log.Info(logs.AddedPathGetCidOid)
-	r.GET("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.tracer(a.logger(a.canonicalizer(a.tokenizer(a.reqNamespace(handler.DownloadByAttribute))))))
-	r.HEAD("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.tracer(a.logger(a.canonicalizer(a.tokenizer(a.reqNamespace(handler.HeadByAttribute))))))
+	r.GET("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.addMiddlewares(handler.DownloadByAttribute))
+	r.HEAD("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.addMiddlewares(handler.HeadByAttribute))
+	r.OPTIONS("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.addPreflight())
 	a.log.Info(logs.AddedPathGetByAttributeCidAttrKeyAttrVal)
-	r.GET("/zip/{cid}/{prefix:*}", a.tracer(a.logger(a.canonicalizer(a.tokenizer(a.reqNamespace(handler.DownloadZipped))))))
+	r.GET("/zip/{cid}/{prefix:*}", a.addMiddlewares(handler.DownloadZipped))
+	r.OPTIONS("/zip/{cid}/{prefix:*}", a.addPreflight())
 	a.log.Info(logs.AddedPathZipCidPrefix)
 
 	a.webServer.Handler = r.Handler
 }
 
+func (a *app) addMiddlewares(h fasthttp.RequestHandler) fasthttp.RequestHandler {
+	list := []func(fasthttp.RequestHandler) fasthttp.RequestHandler{
+		a.tracer,
+		a.logger,
+		a.canonicalizer,
+		a.tokenizer,
+		a.reqNamespace,
+		a.cors,
+	}
+
+	for i := len(list) - 1; i >= 0; i-- {
+		h = list[i](h)
+	}
+
+	return h
+}
+
+func (a *app) addPreflight() fasthttp.RequestHandler {
+	list := []func(fasthttp.RequestHandler) fasthttp.RequestHandler{
+		a.tracer,
+		a.logger,
+		a.reqNamespace,
+	}
+
+	h := a.preflightHandler
+	for i := len(list) - 1; i >= 0; i-- {
+		h = list[i](h)
+	}
+
+	return h
+}
+
+func (a *app) preflightHandler(c *fasthttp.RequestCtx) {
+	cors := a.settings.CORS()
+	setCORSHeaders(c, cors)
+}
+
+func (a *app) cors(h fasthttp.RequestHandler) fasthttp.RequestHandler {
+	return func(c *fasthttp.RequestCtx) {
+		h(c)
+		code := c.Response.StatusCode()
+		if code >= fasthttp.StatusOK && code < fasthttp.StatusMultipleChoices {
+			cors := a.settings.CORS()
+			setCORSHeaders(c, cors)
+		}
+	}
+}
+
+func setCORSHeaders(c *fasthttp.RequestCtx, cors CORS) {
+	c.Response.Header.Set(fasthttp.HeaderAccessControlMaxAge, strconv.Itoa(cors.MaxAge))
+
+	if len(cors.AllowOrigin) != 0 {
+		c.Response.Header.Set(fasthttp.HeaderAccessControlAllowOrigin, cors.AllowOrigin)
+	}
+
+	if len(cors.AllowMethods) != 0 {
+		c.Response.Header.Set(fasthttp.HeaderAccessControlAllowMethods, strings.Join(cors.AllowMethods, ","))
+	}
+
+	if len(cors.AllowHeaders) != 0 {
+		c.Response.Header.Set(fasthttp.HeaderAccessControlAllowHeaders, strings.Join(cors.AllowHeaders, ","))
+	}
+
+	if len(cors.ExposeHeaders) != 0 {
+		c.Response.Header.Set(fasthttp.HeaderAccessControlExposeHeaders, strings.Join(cors.ExposeHeaders, ","))
+	}
+
+	if cors.AllowCredentials {
+		c.Response.Header.Set(fasthttp.HeaderAccessControlAllowCredentials, "true")
+	}
+}
+
 func (a *app) logger(h fasthttp.RequestHandler) fasthttp.RequestHandler {
 	return func(req *fasthttp.RequestCtx) {
 		requiredFields := []zap.Field{zap.Uint64("id", req.ID())}
@@ -847,39 +952,6 @@ func (a *app) setRuntimeParameters() {
 	}
 }
 
-func (s *appSettings) NamespaceHeader() string {
-	s.mu.RLock()
-	defer s.mu.RUnlock()
-	return s.namespaceHeader
-}
-
-func (s *appSettings) setNamespaceHeader(nsHeader string) {
-	s.mu.Lock()
-	s.namespaceHeader = nsHeader
-	s.mu.Unlock()
-}
-
-func (s *appSettings) FormContainerZone(ns string) (zone string, isDefault bool) {
-	s.mu.RLock()
-	namespaces := s.defaultNamespaces
-	s.mu.RUnlock()
-	if slices.Contains(namespaces, ns) {
-		return v2container.SysAttributeZoneDefault, true
-	}
-
-	return ns + ".ns", false
-}
-
-func (s *appSettings) setDefaultNamespaces(namespaces []string) {
-	for i := range namespaces { // to be set namespaces in env variable as `HTTP_GW_RESOLVE_BUCKET_DEFAULT_NAMESPACES="" "root"`
-		namespaces[i] = strings.Trim(namespaces[i], "\"")
-	}
-
-	s.mu.Lock()
-	s.defaultNamespaces = namespaces
-	s.mu.Unlock()
-}
-
 func (a *app) scheduleReconnect(ctx context.Context, srv *fasthttp.Server) {
 	go func() {
 		t := time.NewTicker(a.settings.reconnectInterval)

cmd/http-gw/integration_test.go

@@ -102,7 +102,7 @@ func runServer(pathToWallet string) (App, context.CancelFunc) {
 	v.Set(cfgWalletPath, pathToWallet)
 	v.Set(cfgWalletPassphrase, "")
 
-	l, lvl := newStdoutLogger(zapcore.DebugLevel)
+	l, lvl := newStdoutLogger(v, zapcore.DebugLevel)
 	application := newApp(cancelCtx, WithConfig(v), WithLogger(l, lvl))
 	go application.Serve()
 
@@ -525,7 +525,7 @@ func putObject(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID
 	id, err := clientPool.PutObject(ctx, prm)
 	require.NoError(t, err)
 
-	return id
+	return id.ObjectID
 }
 
 func makeBearerToken(t *testing.T, key *keys.PrivateKey, ownerID user.ID, version string) string {

cmd/http-gw/settings.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/hex"
 	"fmt"
+	"io"
 	"math"
 	"os"
 	"path"
@@ -15,6 +16,7 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/cache"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
+	internalnet "git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/net"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/resolver"
 	grpctracing "git.frostfs.info/TrueCloudLab/frostfs-observability/tracing/grpc"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
@@ -55,6 +57,10 @@ const (
 
 	defaultReconnectInterval = time.Minute
 
+	defaultCORSMaxAge = 600 // seconds
+
+	defaultMultinetFallbackDelay = 300 * time.Millisecond
+
 	cfgServer      = "server"
 	cfgTLSEnabled  = "tls.enabled"
 	cfgTLSCertFile = "tls.cert_file"
@@ -140,6 +146,21 @@ const (
 	cfgResolveNamespaceHeader   = "resolve_bucket.namespace_header"
 	cfgResolveDefaultNamespaces = "resolve_bucket.default_namespaces"
 
+	// CORS.
+	cfgCORSAllowOrigin      = "cors.allow_origin"
+	cfgCORSAllowMethods     = "cors.allow_methods"
+	cfgCORSAllowHeaders     = "cors.allow_headers"
+	cfgCORSExposeHeaders    = "cors.expose_headers"
+	cfgCORSAllowCredentials = "cors.allow_credentials"
+	cfgCORSMaxAge           = "cors.max_age"
+
+	// Multinet.
+	cfgMultinetEnabled       = "multinet.enabled"
+	cfgMultinetBalancer      = "multinet.balancer"
+	cfgMultinetRestrict      = "multinet.restrict"
+	cfgMultinetFallbackDelay = "multinet.fallback_delay"
+	cfgMultinetSubnets       = "multinet.subnets"
+
 	// Command line args.
 	cmdHelp          = "help"
 	cmdVersion       = "version"
@@ -234,6 +255,9 @@ func settings() *viper.Viper {
 	v.SetDefault(cfgResolveNamespaceHeader, defaultNamespaceHeader)
 	v.SetDefault(cfgResolveDefaultNamespaces, []string{"", "root"})
 
+	// multinet
+	v.SetDefault(cfgMultinetFallbackDelay, defaultMultinetFallbackDelay)
+
 	// Binding flags
 	if err := v.BindPFlag(cfgPprofEnabled, flags.Lookup(cmdPprof)); err != nil {
 		panic(err)
@@ -505,6 +529,46 @@ func fetchReconnectInterval(cfg *viper.Viper) time.Duration {
 	return reconnect
 }
 
+func fetchIndexPageTemplate(v *viper.Viper, l *zap.Logger) (string, bool) {
+	if !v.GetBool(cfgIndexPageEnabled) {
+		return "", false
+	}
+
+	reader, err := os.Open(v.GetString(cfgIndexPageTemplatePath))
+	if err != nil {
+		l.Warn(logs.FailedToReadIndexPageTemplate, zap.Error(err))
+		return "", true
+	}
+
+	tmpl, err := io.ReadAll(reader)
+	if err != nil {
+		l.Warn(logs.FailedToReadIndexPageTemplate, zap.Error(err))
+		return "", true
+	}
+
+	l.Info(logs.SetCustomIndexPageTemplate)
+	return string(tmpl), true
+}
+
+func fetchDefaultNamespaces(v *viper.Viper) []string {
+	namespaces := v.GetStringSlice(cfgResolveDefaultNamespaces)
+
+	for i := range namespaces { // to be set namespaces in env variable as `HTTP_GW_RESOLVE_BUCKET_DEFAULT_NAMESPACES="" "root"`
+		namespaces[i] = strings.Trim(namespaces[i], "\"")
+	}
+
+	return namespaces
+}
+
+func fetchCORSMaxAge(v *viper.Viper) int {
+	maxAge := v.GetInt(cfgCORSMaxAge)
+	if maxAge <= 0 {
+		maxAge = defaultCORSMaxAge
+	}
+
+	return maxAge
+}
+
 func fetchServers(v *viper.Viper, log *zap.Logger) []ServerInfo {
 	var servers []ServerInfo
 	seen := make(map[string]struct{})
@@ -533,7 +597,7 @@ func fetchServers(v *viper.Viper, log *zap.Logger) []ServerInfo {
 	return servers
 }
 
-func getPools(ctx context.Context, logger *zap.Logger, cfg *viper.Viper) (*pool.Pool, *treepool.Pool, *keys.PrivateKey) {
+func getPools(ctx context.Context, logger *zap.Logger, cfg *viper.Viper, dialSource *internalnet.DialerSource) (*pool.Pool, *treepool.Pool, *keys.PrivateKey) {
 	key, err := getFrostFSKey(cfg, logger)
 	if err != nil {
 		logger.Fatal(logs.CouldNotLoadFrostFSPrivateKey, zap.Error(err))
@@ -589,18 +653,13 @@ func getPools(ctx context.Context, logger *zap.Logger, cfg *viper.Viper) (*pool.
 
 	prmTree.SetMaxRequestAttempts(cfg.GetInt(cfgTreePoolMaxAttempts))
 
-	var apiGRPCDialOpts []grpc.DialOption
-	var treeGRPCDialOpts []grpc.DialOption
-	if cfg.GetBool(cfgTracingEnabled) {
-		interceptors := []grpc.DialOption{
-			grpc.WithUnaryInterceptor(grpctracing.NewUnaryClientInteceptor()),
-			grpc.WithStreamInterceptor(grpctracing.NewStreamClientInterceptor()),
-		}
-		treeGRPCDialOpts = append(treeGRPCDialOpts, interceptors...)
-		apiGRPCDialOpts = append(apiGRPCDialOpts, interceptors...)
+	interceptors := []grpc.DialOption{
+		grpc.WithUnaryInterceptor(grpctracing.NewUnaryClientInteceptor()),
+		grpc.WithStreamInterceptor(grpctracing.NewStreamClientInterceptor()),
+		grpc.WithContextDialer(dialSource.GrpcContextDialer()),
 	}
-	prm.SetGRPCDialOptions(apiGRPCDialOpts...)
-	prmTree.SetGRPCDialOptions(treeGRPCDialOpts...)
+	prm.SetGRPCDialOptions(interceptors...)
+	prmTree.SetGRPCDialOptions(interceptors...)
 
 	p, err := pool.NewPool(prm)
 	if err != nil {
@@ -700,3 +759,34 @@ func fetchCacheSize(v *viper.Viper, l *zap.Logger, cfgEntry string, defaultValue
 
 	return defaultValue
 }
+
+func getDialerSource(logger *zap.Logger, cfg *viper.Viper) *internalnet.DialerSource {
+	source, err := internalnet.NewDialerSource(fetchMultinetConfig(cfg, logger))
+	if err != nil {
+		logger.Fatal(logs.FailedToLoadMultinetConfig, zap.Error(err))
+	}
+	return source
+}
+
+func fetchMultinetConfig(v *viper.Viper, l *zap.Logger) (cfg internalnet.Config) {
+	cfg.Enabled = v.GetBool(cfgMultinetEnabled)
+	cfg.Balancer = v.GetString(cfgMultinetBalancer)
+	cfg.Restrict = v.GetBool(cfgMultinetRestrict)
+	cfg.FallbackDelay = v.GetDuration(cfgMultinetFallbackDelay)
+	cfg.Subnets = make([]internalnet.Subnet, 0, 5)
+	cfg.EventHandler = internalnet.NewLogEventHandler(l)
+
+	for i := 0; ; i++ {
+		key := cfgMultinetSubnets + "." + strconv.Itoa(i) + "."
+		subnet := internalnet.Subnet{}
+
+		subnet.Prefix = v.GetString(key + "mask")
+		if subnet.Prefix == "" {
+			break
+		}
+		subnet.SourceIPs = v.GetStringSlice(key + "source_ips")
+		cfg.Subnets = append(cfg.Subnets, subnet)
+	}
+
+	return
+}

config/config.env

@@ -126,3 +126,23 @@ HTTP_GW_RESOLVE_BUCKET_DEFAULT_NAMESPACES="" "root"
 # Max attempt to make successful tree request.
 # default value is 0 that means the number of attempts equals to number of nodes in pool.
 HTTP_GW_FROSTFS_TREE_POOL_MAX_ATTEMPTS=0
+
+HTTP_GW_CORS_ALLOW_ORIGIN="*"
+HTTP_GW_CORS_ALLOW_METHODS="GET" "POST"
+HTTP_GW_CORS_ALLOW_HEADERS="*"
+HTTP_GW_CORS_EXPOSE_HEADERS="*"
+HTTP_GW_CORS_ALLOW_CREDENTIALS=false
+HTTP_GW_CORS_MAX_AGE=600
+
+# Multinet properties
+# Enable multinet support
+HTTP_GW_MULTINET_ENABLED=false
+# Strategy to pick source IP address
+HTTP_GW_MULTINET_BALANCER=roundrobin
+# Restrict requests with unknown destination subnet
+HTTP_GW_MULTINET_RESTRICT=false
+# Delay between ipv6 to ipv4 fallback switch
+HTTP_GW_MULTINET_FALLBACK_DELAY=300ms
+# List of subnets and IP addresses to use as source for those subnets
+HTTP_GW_MULTINET_SUBNETS_1_MASK=1.2.3.4/24
+HTTP_GW_MULTINET_SUBNETS_1_SOURCE_IPS=1.2.3.4 1.2.3.5

config/config.yaml

@@ -138,3 +138,28 @@ cache:
 resolve_bucket:
   namespace_header: X-Frostfs-Namespace
   default_namespaces: [ "", "root" ]
+
+cors:
+  allow_origin: ""
+  allow_methods: []
+  allow_headers: []
+  expose_headers: []
+  allow_credentials: false
+  max_age: 600
+
+# Multinet properties
+multinet:
+  # Enable multinet support
+  enabled: false
+  # Strategy to pick source IP address
+  balancer: roundrobin
+  # Restrict requests with unknown destination subnet
+  restrict: false
+  # Delay between ipv6 to ipv4 fallback switch
+  fallback_delay: 300ms
+  # List of subnets and IP addresses to use as source for those subnets
+  subnets:
+    - mask: 1.2.3.4/24
+      source_ips:
+        - 1.2.3.4
+        - 1.2.3.5

docs/gate-configuration.md

@@ -58,6 +58,7 @@ $ cat http.log
 | `cache`          | [Cache configuration](#cache-section)                          |
 | `resolve_bucket` | [Bucket name resolving configuration](#resolve_bucket-section) |
 | `index_page`     | [Index page configuration](#index_page-section)                |
+| `multinet`       | [Multinet configuration](#multinet-section)                    |
 
 
 # General section
@@ -271,7 +272,7 @@ tracing:
 
 | Parameter    | Type     | SIGHUP reload | Default value | Description                                                                                                                     |
 |--------------|----------|---------------|---------------|---------------------------------------------------------------------------------------------------------------------------------|
-| `enabled`    | `bool`   | no            | `false`       | Flag to enable the tracing.                                                                                                     |
+| `enabled`    | `bool`   | yes           | `false`       | Flag to enable the tracing.                                                                                                     |
 | `exporter`   | `string` | yes           |               | Trace collector type (`stdout` or `otlp_grpc` are supported).                                                                   |
 | `endpoint`   | `string` | yes           |               | Address of collector endpoint for OTLP exporters.                                                                               |
 | `trusted_ca` | `string` | yes           |               | Path to certificate of a certification authority in pem format, that issued the TLS certificate of the telemetry remote server. |
@@ -363,3 +364,66 @@ index_page:
 |-----------------|----------|---------------|---------------|---------------------------------------------------------------------------------|
 | `enabled`       | `bool`   | yes           | `false`       | Flag to enable index_page return if no object with specified S3-name was found. |
 | `template_path` | `string` | yes           | `""`          | Path to .gotmpl file with html template for index_page.                         |
+
+# `cors` section
+
+Parameters for CORS (used in OPTIONS requests and responses in all handlers).
+If values are not set, headers will not be included to response.
+
+```yaml
+cors:
+  allow_origin: "*"
+  allow_methods: ["GET", "HEAD"]
+  allow_headers: ["Authorization"]
+  expose_headers: ["*"]
+  allow_credentials: false
+  max_age: 600
+```
+
+| Parameter           | Type       | SIGHUP reload | Default value | Description                                            |
+|---------------------|------------|---------------|---------------|--------------------------------------------------------|
+| `allow_origin`      | `string`   | yes           |               | Values for `Access-Control-Allow-Origin` headers.      |
+| `allow_methods`     | `[]string` | yes           |               | Values for `Access-Control-Allow-Methods` headers.     |
+| `allow_headers`     | `[]string` | yes           |               | Values for `Access-Control-Allow-Headers` headers.     |
+| `expose_headers`    | `[]string` | yes           |               | Values for `Access-Control-Expose-Headers` headers.    |
+| `allow_credentials` | `bool`     | yes           | `false`       | Values for `Access-Control-Allow-Credentials` headers. |
+| `max_age`           | `int`      | yes           | `600`         | Values for `Access-Control-Max-Age ` headers.          |
+
+# `multinet` section
+
+Configuration of multinet support.
+
+```yaml
+multinet:
+   enabled: false
+   balancer: roundrobin
+   restrict: false
+   fallback_delay: 300ms
+   subnets:
+      - mask: 1.2.3.4/24
+        source_ips:
+           - 1.2.3.4
+           - 1.2.3.5
+```
+
+| Parameter        | Type                           | SIGHUP reload | Default value | Description                                                                                |
+|------------------|--------------------------------|---------------|---------------|--------------------------------------------------------------------------------------------|
+| `enabled`        | `bool`                         | yes           | `false`       | Enables multinet setting to manage source ip of outcoming requests.                        |
+| `balancer`       | `string`                       | yes           | `""`          | Strategy to pick source IP. By default picks first address. Supports `roundrobin` setting. |
+| `restrict`       | `bool`                         | yes           | `false`       | Restricts requests to an undefined subnets.                                                |
+| `fallback_delay` | `duration`                     | yes           | `300ms`       | Delay between IPv6 and IPv4 fallback stack switch.                                         |
+| `subnets`        | [[]Subnet](#subnet-subsection) | yes           |               | Set of subnets to apply multinet dial settings.                                            |
+
+#### `subnet` subsection
+
+```yaml
+- mask: 1.2.3.4/24
+  source_ips:
+    - 1.2.3.4
+    - 1.2.3.5
+```
+
+| Parameter    | Type       | SIGHUP reload | Default value | Description                                                          |
+|--------------|------------|---------------|---------------|----------------------------------------------------------------------|
+| `mask`       | `string`   | yes           |               | Destination subnet.                                                  |
+| `source_ips` | `[]string` | yes           |               | Array of source IP addresses to use when dialing destination subnet. |

go.mod

@@ -3,9 +3,10 @@ module git.frostfs.info/TrueCloudLab/frostfs-http-gw
 go 1.22
 
 require (
-	git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240916093537-13fa0da3741e
+	git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20241011114054-f0fc40e116d1
 	git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20240909114314-666d326cc573
-	git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240918095938-e580ee991d98
+	git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20241022124111-5361f0ecebd3
+	git.frostfs.info/TrueCloudLab/multinet v0.0.0-20241015075604-6cb0d80e0972
 	git.frostfs.info/TrueCloudLab/zapjournald v0.0.0-20240124114243-cb2e66427d02
 	github.com/bluele/gcache v0.0.2
 	github.com/docker/go-units v0.4.0
@@ -23,8 +24,9 @@ require (
 	go.opentelemetry.io/otel v1.28.0
 	go.opentelemetry.io/otel/trace v1.28.0
 	go.uber.org/zap v1.27.0
-	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225
+	golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842
 	golang.org/x/net v0.26.0
+	golang.org/x/sys v0.22.0
 	google.golang.org/grpc v1.66.2
 )
 
@@ -39,7 +41,7 @@ require (
 	github.com/Microsoft/hcsshim v0.9.2 // indirect
 	github.com/VictoriaMetrics/easyproto v0.1.4 // indirect
 	github.com/andybalholm/brotli v1.0.4 // indirect
-	github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
+	github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
@@ -106,7 +108,6 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/crypto v0.24.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.22.0 // indirect
 	golang.org/x/term v0.21.0 // indirect
 	golang.org/x/text v0.16.0 // indirect
 	golang.org/x/time v0.3.0 // indirect

go.sum

@@ -37,18 +37,20 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240916093537-13fa0da3741e h1:740ABnOBYx4o6jxULHdSSnVW2fYIO35ohg+Uz59sxd0=
-git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240916093537-13fa0da3741e/go.mod h1:F5GS7hRb62PUy5sTYDC4ajVdeffoAfjHSSHTKUJEaYU=
+git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20241011114054-f0fc40e116d1 h1:ivcdxQeQDnx4srF2ezoaeVlF0FAycSAztwfIUJnUI4s=
+git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20241011114054-f0fc40e116d1/go.mod h1:F5GS7hRb62PUy5sTYDC4ajVdeffoAfjHSSHTKUJEaYU=
 git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e h1:kcBqZBiFIUBATUqEuvVigtkJJWQ2Gug/eYXn967o3M4=
 git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e/go.mod h1:F/fe1OoIDKr5Bz99q4sriuHDuf3aZefZy9ZsCqEtgxc=
 git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0 h1:FxqFDhQYYgpe41qsIHVOcdzSVCB8JNSfPG7Uk4r2oSk=
 git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0/go.mod h1:RUIKZATQLJ+TaYQa60X2fTDwfuhMfm8Ar60bQ5fr+vU=
 git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20240909114314-666d326cc573 h1:6qCcm1oqFbmf9C5AauXzrL5OPGnTbI9HoB/jAtD9274=
 git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20240909114314-666d326cc573/go.mod h1:kbwB4v2o6RyOfCo9kEFeUDZIX3LKhmS0yXPrtvzkQ1g=
-git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240918095938-e580ee991d98 h1:ijUci3thz0EwWkuRJDocW5D1RkVAJlt9xNG4CYepC90=
-git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240918095938-e580ee991d98/go.mod h1:GeNpo12HcEW4J412sH5yf8xFYapxlrt5fcYzRwg0Ino=
+git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20241022124111-5361f0ecebd3 h1:f7jan6eBDN88DKnKj8GKyWpfjBbSzjDALcDejYKRgCs=
+git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20241022124111-5361f0ecebd3/go.mod h1:3txOjFJ8M/JFs01h7xOrnQHVn6hZgDNA16ivyUlu1iU=
 git.frostfs.info/TrueCloudLab/hrw v1.2.1 h1:ccBRK21rFvY5R1WotI6LNoPlizk7qSvdfD8lNIRudVc=
 git.frostfs.info/TrueCloudLab/hrw v1.2.1/go.mod h1:C1Ygde2n843yTZEQ0FP69jYiuaYV0kriLvP4zm8JuvM=
+git.frostfs.info/TrueCloudLab/multinet v0.0.0-20241015075604-6cb0d80e0972 h1:/960fWeyn2AFHwQUwDsWB3sbP6lTEnFnMzLMM6tx6N8=
+git.frostfs.info/TrueCloudLab/multinet v0.0.0-20241015075604-6cb0d80e0972/go.mod h1:2hM42MBrlhvN6XToaW6OWNk5ZLcu1FhaukGgxtfpDDI=
 git.frostfs.info/TrueCloudLab/rfc6979 v0.4.0 h1:M2KR3iBj7WpY3hP10IevfIB9MURr4O9mwVfJ+SjT3HA=
 git.frostfs.info/TrueCloudLab/rfc6979 v0.4.0/go.mod h1:okpbKfVYf/BpejtfFTfhZqFP+sZ8rsHrP8Rr/jYPNRc=
 git.frostfs.info/TrueCloudLab/tzhash v1.8.0 h1:UFMnUIk0Zh17m8rjGHJMqku2hCgaXDqjqZzS4gsb4UA=
@@ -112,8 +114,8 @@ github.com/andybalholm/brotli v1.0.2/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu
 github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY=
 github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
-github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI=
-github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g=
+github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ=
+github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
@@ -926,8 +928,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ=
-golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc=
+golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM=
+golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=

internal/logs/logs.go

@@ -79,4 +79,8 @@ const (
 	ServerReconnectedSuccessfully                                         = "server reconnected successfully"
 	ServerReconnectFailed                                                 = "failed to reconnect server"
 	WarnDuplicateAddress                                                  = "duplicate address"
+	MultinetDialSuccess                                                   = "multinet dial successful"
+	MultinetDialFail                                                      = "multinet dial failed"
+	FailedToLoadMultinetConfig                                            = "failed to load multinet config"
+	MultinetConfigWontBeUpdated                                           = "multinet config won't be updated"
 )

internal/net/config.go

@@ -0,0 +1,68 @@
+package net
+
+import (
+	"errors"
+	"fmt"
+	"net/netip"
+	"slices"
+	"time"
+
+	"git.frostfs.info/TrueCloudLab/multinet"
+)
+
+var errEmptySourceIPList = errors.New("empty source IP list")
+
+type Subnet struct {
+	Prefix    string
+	SourceIPs []string
+}
+
+type Config struct {
+	Enabled       bool
+	Subnets       []Subnet
+	Balancer      string
+	Restrict      bool
+	FallbackDelay time.Duration
+	EventHandler  multinet.EventHandler
+}
+
+func (c Config) toMultinetConfig() (multinet.Config, error) {
+	var subnets []multinet.Subnet
+	for _, s := range c.Subnets {
+		var ms multinet.Subnet
+		p, err := netip.ParsePrefix(s.Prefix)
+		if err != nil {
+			return multinet.Config{}, fmt.Errorf("parse IP prefix '%s': %w", s.Prefix, err)
+		}
+		ms.Prefix = p
+		for _, ip := range s.SourceIPs {
+			addr, err := netip.ParseAddr(ip)
+			if err != nil {
+				return multinet.Config{}, fmt.Errorf("parse IP address '%s': %w", ip, err)
+			}
+			ms.SourceIPs = append(ms.SourceIPs, addr)
+		}
+		if len(ms.SourceIPs) == 0 {
+			return multinet.Config{}, errEmptySourceIPList
+		}
+		subnets = append(subnets, ms)
+	}
+	return multinet.Config{
+		Subnets:       subnets,
+		Balancer:      multinet.BalancerType(c.Balancer),
+		Restrict:      c.Restrict,
+		FallbackDelay: c.FallbackDelay,
+		Dialer:        newDefaultDialer(),
+		EventHandler:  c.EventHandler,
+	}, nil
+}
+
+func (c Config) equals(other Config) bool {
+	return c.Enabled == other.Enabled &&
+		slices.EqualFunc(c.Subnets, other.Subnets, func(lhs, rhs Subnet) bool {
+			return lhs.Prefix == rhs.Prefix && slices.Equal(lhs.SourceIPs, rhs.SourceIPs)
+		}) &&
+		c.Balancer == other.Balancer &&
+		c.Restrict == other.Restrict &&
+		c.FallbackDelay == other.FallbackDelay
+}

internal/net/dial_target.go

@@ -0,0 +1,54 @@
+// NOTE: code is taken from https://github.com/grpc/grpc-go/blob/v1.68.x/internal/transport/http_util.go
+
+/*
+ *
+ * Copyright 2014 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package net
+
+import (
+	"net/url"
+	"strings"
+)
+
+// parseDialTarget returns the network and address to pass to dialer.
+func parseDialTarget(target string) (string, string) {
+	net := "tcp"
+	m1 := strings.Index(target, ":")
+	m2 := strings.Index(target, ":/")
+	// handle unix:addr which will fail with url.Parse
+	if m1 >= 0 && m2 < 0 {
+		if n := target[0:m1]; n == "unix" {
+			return n, target[m1+1:]
+		}
+	}
+	if m2 >= 0 {
+		t, err := url.Parse(target)
+		if err != nil {
+			return net, target
+		}
+		scheme := t.Scheme
+		addr := t.Path
+		if scheme == "unix" {
+			if addr == "" {
+				addr = t.Host
+			}
+			return scheme, addr
+		}
+	}
+	return net, target
+}

internal/net/dialer.go

@@ -0,0 +1,36 @@
+package net
+
+import (
+	"net"
+	"syscall"
+	"time"
+
+	"golang.org/x/sys/unix"
+)
+
+func newDefaultDialer() net.Dialer {
+	// From `grpc.WithContextDialer` comment:
+	//
+	// Note: All supported releases of Go (as of December 2023) override the OS
+	// defaults for TCP keepalive time and interval to 15s. To enable TCP keepalive
+	// with OS defaults for keepalive time and interval, use a net.Dialer that sets
+	// the KeepAlive field to a negative value, and sets the SO_KEEPALIVE socket
+	// option to true from the Control field. For a concrete example of how to do
+	// this, see internal.NetDialerWithTCPKeepalive().
+	//
+	// https://github.com/grpc/grpc-go/blob/830135e6c5a351abf75f0c9cfdf978e5df8daeba/dialoptions.go#L432
+	//
+	// From `internal.NetDialerWithTCPKeepalive` comment:
+	//
+	// TODO: Once https://github.com/golang/go/issues/62254 lands, and the
+	// appropriate Go version becomes less than our least supported Go version, we
+	// should look into using the new API to make things more straightforward.
+	return net.Dialer{
+		KeepAlive: time.Duration(-1),
+		Control: func(_, _ string, c syscall.RawConn) error {
+			return c.Control(func(fd uintptr) {
+				_ = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, unix.SO_KEEPALIVE, 1)
+			})
+		},
+	}
+}

internal/net/dialer_source.go

@@ -0,0 +1,69 @@
+package net
+
+import (
+	"context"
+	"net"
+	"sync"
+
+	"git.frostfs.info/TrueCloudLab/multinet"
+)
+
+type DialerSource struct {
+	guard sync.RWMutex
+
+	c Config
+
+	md multinet.Dialer
+}
+
+func NewDialerSource(c Config) (*DialerSource, error) {
+	result := &DialerSource{}
+	if err := result.build(c); err != nil {
+		return nil, err
+	}
+	return result, nil
+}
+
+func (s *DialerSource) build(c Config) error {
+	if c.Enabled {
+		mc, err := c.toMultinetConfig()
+		if err != nil {
+			return err
+		}
+		md, err := multinet.NewDialer(mc)
+		if err != nil {
+			return err
+		}
+		s.md = md
+		s.c = c
+		return nil
+	}
+	s.md = nil
+	s.c = c
+	return nil
+}
+
+// GrpcContextDialer returns grpc.WithContextDialer func.
+// Returns nil if multinet disabled.
+func (s *DialerSource) GrpcContextDialer() func(context.Context, string) (net.Conn, error) {
+	s.guard.RLock()
+	defer s.guard.RUnlock()
+
+	if s.c.Enabled {
+		return func(ctx context.Context, address string) (net.Conn, error) {
+			network, address := parseDialTarget(address)
+			return s.md.DialContext(ctx, network, address)
+		}
+	}
+	return nil
+}
+
+func (s *DialerSource) Update(c Config) error {
+	s.guard.Lock()
+	defer s.guard.Unlock()
+
+	if s.c.equals(c) {
+		return nil
+	}
+	return s.build(c)
+}

internal/net/event_handler.go

@@ -0,0 +1,28 @@
+package net
+
+import (
+	"net"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
+	"go.uber.org/zap"
+)
+
+type LogEventHandler struct {
+	logger *zap.Logger
+}
+
+func (l LogEventHandler) DialPerformed(sourceIP net.Addr, _, address string, err error) {
+	sourceIPString := "undefined"
+	if sourceIP != nil {
+		sourceIPString = sourceIP.Network() + "://" + sourceIP.String()
+	}
+	if err == nil {
+		l.logger.Debug(logs.MultinetDialSuccess, zap.String("source", sourceIPString), zap.String("destination", address))
+	} else {
+		l.logger.Debug(logs.MultinetDialFail, zap.String("source", sourceIPString), zap.String("destination", address), zap.Error(err))
+	}
+}
+
+func NewLogEventHandler(logger *zap.Logger) LogEventHandler {
+	return LogEventHandler{logger: logger}
+}