[#492 ] Add panic catchers to fuzzing tests

Signed-off-by: Roman Ognev <r.ognev@yadro.com>
[#486 ] Fix PUT object with negative Content-Length
2024-09-16 10:36:30 +00:00 · 2024-09-16 08:45:46 +00:00 · 2024-09-16 08:45:46 +00:00 · 2024-09-13 09:56:24 +00:00 · 2024-09-13 12:00:24 +03:00 · 2024-09-13 11:59:07 +03:00
42 changed files with 1303 additions and 64 deletions
--- a/.docker/Dockerfile
+++ b/.docker/Dockerfile
@ -3,11 +3,12 @@ FROM golang:1.22 AS builder
 ARG BUILD=now
 ARG REPO=git.frostfs.info/TrueCloudLab/frostfs-s3-gw
 ARG VERSION=dev
+ARG GOFLAGS=""

 WORKDIR /src
 COPY . /src

-RUN make
+RUN make GOFLAGS=${GOFLAGS}

 # Executable image
 FROM alpine AS frostfs-s3-gw
--- a/6
+++ b/6
@ -14,6 +14,8 @@ METRICS_DUMP_OUT ?= ./metrics-dump.json
 CMDS = $(addprefix frostfs-, $(notdir $(wildcard cmd/*)))
 BINS = $(addprefix $(BINDIR)/, $(CMDS))

+GOFLAGS ?=
+
 # Variables for docker
 REPO_BASENAME = $(shell basename `go list -m`)
 HUB_IMAGE ?= "truecloudlab/$(REPO_BASENAME)"
@ -44,6 +46,7 @@ all: $(BINS)
 $(BINS): $(BINDIR) dep
 	@echo "⇒ Build $@"
 	CGO_ENABLED=0 \
+	GOFLAGS=$(GOFLAGS) \
 	go build -v -trimpath \
 	-ldflags "-X $(REPO)/internal/version.Version=$(VERSION)" \
 	-o $@ ./cmd/$(subst frostfs-,,$(notdir $@))
@ -70,7 +73,7 @@ docker/%:
 		  -w /src \
 		  -u `stat -c "%u:%g" .` \
 		  --env HOME=/src \
-		  golang:$(GO_VERSION) make $*,\
+		  golang:$(GO_VERSION) make GOFLAGS=$(GOFLAGS) $*,\
 	  	@echo "supported docker targets: all $(BINS) lint")

 # Run tests
@ -121,6 +124,7 @@ image:
 	@docker build \
 		--build-arg REPO=$(REPO) \
 		--build-arg VERSION=$(VERSION) \
+		--build-arg GOFLAGS=$(GOFLAGS) \
 		--rm \
 		-f .docker/Dockerfile \
 		-t $(HUB_IMAGE):$(HUB_TAG) .
--- a/api/auth/center.go
+++ b/api/auth/center.go
@ -22,8 +22,8 @@ import (
 	"github.com/aws/aws-sdk-go/aws/credentials"
 )

-// authorizationFieldRegexp -- is regexp for credentials with Base58 encoded cid and oid and '0' (zero) as delimiter.
-var authorizationFieldRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(?P<access_key_id>[^/]+)/(?P<date>[^/]+)/(?P<region>[^/]*)/(?P<service>[^/]+)/aws4_request,\s*SignedHeaders=(?P<signed_header_fields>.+),\s*Signature=(?P<v4_signature>.+)`)
+// AuthorizationFieldRegexp -- is regexp for credentials with Base58 encoded cid and oid and '0' (zero) as delimiter.
+var AuthorizationFieldRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(?P<access_key_id>[^/]+)/(?P<date>[^/]+)/(?P<region>[^/]*)/(?P<service>[^/]+)/aws4_request,\s*SignedHeaders=(?P<signed_header_fields>.+),\s*Signature=(?P<v4_signature>.+)`)

 // postPolicyCredentialRegexp -- is regexp for credentials when uploading file using POST with policy.
 var postPolicyCredentialRegexp = regexp.MustCompile(`(?P<access_key_id>[^/]+)/(?P<date>[^/]+)/(?P<region>[^/]*)/(?P<service>[^/]+)/aws4_request`)
@ -85,7 +85,7 @@ var ContentSHA256HeaderStandardValue = map[string]struct{}{
 func New(creds tokens.Credentials, prefixes []string) *Center {
 	return &Center{
 		cli:                        creds,
-		reg:                        NewRegexpMatcher(authorizationFieldRegexp),
+		reg:                        NewRegexpMatcher(AuthorizationFieldRegexp),
 		postReg:                    NewRegexpMatcher(postPolicyCredentialRegexp),
 		allowedAccessKeyIDPrefixes: prefixes,
 	}
--- a/api/auth/center_fuzz_test.go
+++ b/api/auth/center_fuzz_test.go
@ -72,7 +72,7 @@ func DoFuzzAuthenticate(input []byte) int {

 	c := &Center{
 		cli:     mock,
-		reg:     NewRegexpMatcher(authorizationFieldRegexp),
+		reg:     NewRegexpMatcher(AuthorizationFieldRegexp),
 		postReg: NewRegexpMatcher(postPolicyCredentialRegexp),
 	}

--- a/api/auth/center_test.go
+++ b/api/auth/center_test.go
@ -32,7 +32,7 @@ func TestAuthHeaderParse(t *testing.T) {
 	defaultHeader := "AWS4-HMAC-SHA256 Credential=oid0cid/20210809/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=2811ccb9e242f41426738fb1f"

 	center := &Center{
-		reg: NewRegexpMatcher(authorizationFieldRegexp),
+		reg: NewRegexpMatcher(AuthorizationFieldRegexp),
 	}

 	for _, tc := range []struct {
--- a/api/auth/presign_test.go
+++ b/api/auth/presign_test.go
@ -85,7 +85,7 @@ func TestCheckSign(t *testing.T) {

 	c := &Center{
 		cli:     mock,
-		reg:     NewRegexpMatcher(authorizationFieldRegexp),
+		reg:     NewRegexpMatcher(AuthorizationFieldRegexp),
 		postReg: NewRegexpMatcher(postPolicyCredentialRegexp),
 	}
 	box, err := c.Authenticate(req)
--- a/api/cache/network_info.go
+++ b/api/cache/network_info.go
@ -0,0 +1,65 @@
+package cache
+
+import (
+	"fmt"
+	"time"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
+	"github.com/bluele/gcache"
+	"go.uber.org/zap"
+)
+
+type (
+	// NetworkInfoCache provides cache for network info.
+	NetworkInfoCache struct {
+		cache  gcache.Cache
+		logger *zap.Logger
+	}
+
+	// NetworkInfoCacheConfig stores expiration params for cache.
+	NetworkInfoCacheConfig struct {
+		Lifetime time.Duration
+		Logger   *zap.Logger
+	}
+)
+
+const (
+	DefaultNetworkInfoCacheLifetime = 1 * time.Minute
+	networkInfoCacheSize            = 1
+	networkInfoKey                  = "network_info"
+)
+
+// DefaultNetworkInfoConfig returns new default cache expiration values.
+func DefaultNetworkInfoConfig(logger *zap.Logger) *NetworkInfoCacheConfig {
+	return &NetworkInfoCacheConfig{
+		Lifetime: DefaultNetworkInfoCacheLifetime,
+		Logger:   logger,
+	}
+}
+
+// NewNetworkInfoCache creates an object of NetworkInfoCache.
+func NewNetworkInfoCache(config *NetworkInfoCacheConfig) *NetworkInfoCache {
+	gc := gcache.New(networkInfoCacheSize).LRU().Expiration(config.Lifetime).Build()
+	return &NetworkInfoCache{cache: gc, logger: config.Logger}
+}
+
+func (c *NetworkInfoCache) Get() *netmap.NetworkInfo {
+	entry, err := c.cache.Get(networkInfoKey)
+	if err != nil {
+		return nil
+	}
+
+	result, ok := entry.(netmap.NetworkInfo)
+	if !ok {
+		c.logger.Warn(logs.InvalidCacheEntryType, zap.String("actual", fmt.Sprintf("%T", entry)),
+			zap.String("expected", fmt.Sprintf("%T", result)))
+		return nil
+	}
+
+	return &result
+}
+
+func (c *NetworkInfoCache) Put(info netmap.NetworkInfo) error {
+	return c.cache.Set(networkInfoKey, info)
+}
--- a/api/handler/handler_fuzz_test.go
+++ b/api/handler/handler_fuzz_test.go
@ -9,6 +9,7 @@ import (
 	"encoding/base64"
 	"encoding/hex"
 	"encoding/xml"
+	"errors"
 	"mime/multipart"
 	"net/http"
 	"net/http/httptest"
@ -88,6 +89,12 @@ func addMD5Header(tp *utils.TypeProvider, r *http.Request, rawBody []byte) error
 	}

 	if rand == true {
+		defer func() {
+			if recover() != nil {
+				err = errors.New("panic in base64")
+			}
+		}()
+
 		var dst []byte
 		base64.StdEncoding.Encode(dst, rawBody)
 		hash := md5.Sum(dst)
@ -584,6 +591,11 @@ func DoFuzzCopyObjectHandler(input []byte) int {
 		return fuzzFailExitCode
 	}

+	defer func() {
+		if recover() != nil {
+			err = errors.New("panic in httptest.NewRequest")
+		}
+	}()
 	r = httptest.NewRequest(http.MethodPut, defaultURL+params, nil)
 	if r != nil {
 		return fuzzFailExitCode
@ -637,6 +649,11 @@ func DoFuzzDeleteObjectHandler(input []byte) int {
 		return fuzzFailExitCode
 	}

+	defer func() {
+		if recover() != nil {
+			err = errors.New("panic in httptest.NewRequest")
+		}
+	}()
 	r = httptest.NewRequest(http.MethodDelete, defaultURL+params, nil)
 	if r != nil {
 		return fuzzFailExitCode
@ -689,6 +706,11 @@ func DoFuzzGetObjectHandler(input []byte) int {

 	w := httptest.NewRecorder()

+	defer func() {
+		if recover() != nil {
+			err = errors.New("panic in httptest.NewRequest")
+		}
+	}()
 	r := httptest.NewRequest(http.MethodGet, defaultURL+params, nil)
 	if r != nil {
 		return fuzzFailExitCode
@ -914,6 +936,11 @@ func DoFuzzPutObjectRetentionHandler(input []byte) int {

 	w := httptest.NewRecorder()

+	defer func() {
+		if recover() != nil {
+			err = errors.New("panic in httptest.NewRequest")
+		}
+	}()
 	r := httptest.NewRequest(http.MethodPut, defaultURL+objName+"?retention", bytes.NewReader(rawBody))
 	if r != nil {
 		return fuzzFailExitCode
--- a/api/handler/handlers_test.go
+++ b/api/handler/handlers_test.go
@ -243,6 +243,7 @@ func getMinCacheConfig(logger *zap.Logger) *layer.CachesConfig {
 		Buckets:       minCacheCfg,
 		System:        minCacheCfg,
 		AccessControl: minCacheCfg,
+		NetworkInfo:   &cache.NetworkInfoCacheConfig{Lifetime: minCacheCfg.Lifetime},
 	}
 }

@ -416,7 +417,7 @@ func createTestObject(hc *handlerContext, bktInfo *data.BucketInfo, objName stri
 	extObjInfo, err := hc.Layer().PutObject(hc.Context(), &layer.PutObjectParams{
 		BktInfo:    bktInfo,
 		Object:     objName,
-		Size:       uint64(len(content)),
+		Size:       ptr(uint64(len(content))),
 		Reader:     bytes.NewReader(content),
 		Header:     header,
 		Encryption: encryption,
--- a/api/handler/multipart_upload.go
+++ b/api/handler/multipart_upload.go
@ -205,10 +205,7 @@ func (h *handler) UploadPartHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	var size uint64
-	if r.ContentLength > 0 {
-		size = uint64(r.ContentLength)
-	}
+	size := h.getPutPayloadSize(r)

 	p := &layer.UploadPartParams{
 		Info: &layer.UploadInfoParams{
--- a/api/handler/multipart_upload_test.go
+++ b/api/handler/multipart_upload_test.go
@ -2,6 +2,7 @@ package handler

 import (
 	"crypto/md5"
+	"crypto/rand"
 	"crypto/tls"
 	"encoding/base64"
 	"encoding/hex"
@ -621,6 +622,37 @@ func TestMultipartObjectLocation(t *testing.T) {
 	}
 }

+func TestUploadPartWithNegativeContentLength(t *testing.T) {
+	hc := prepareHandlerContext(t)
+
+	bktName, objName := "bucket-to-upload-part", "object-multipart"
+	createTestBucket(hc, bktName)
+	partSize := 5 * 1024 * 1024
+
+	multipartUpload := createMultipartUpload(hc, bktName, objName, map[string]string{})
+
+	partBody := make([]byte, partSize)
+	_, err := rand.Read(partBody)
+	require.NoError(hc.t, err)
+
+	query := make(url.Values)
+	query.Set(uploadIDQuery, multipartUpload.UploadID)
+	query.Set(partNumberQuery, "1")
+
+	w, r := prepareTestRequestWithQuery(hc, bktName, objName, query, partBody)
+	r.ContentLength = -1
+	hc.Handler().UploadPartHandler(w, r)
+	assertStatus(hc.t, w, http.StatusOK)
+
+	completeMultipartUpload(hc, bktName, objName, multipartUpload.UploadID, []string{w.Header().Get(api.ETag)})
+	res, _ := getObject(hc, bktName, objName)
+	equalDataSlices(t, partBody, res)
+
+	resp := getObjectAttributes(hc, bktName, objName, objectParts)
+	require.Len(t, resp.ObjectParts.Parts, 1)
+	require.Equal(t, partSize, resp.ObjectParts.Parts[0].Size)
+}
+
 func uploadPartCopy(hc *handlerContext, bktName, objName, uploadID string, num int, srcObj string, start, end int) *UploadPartCopyResponse {
 	return uploadPartCopyBase(hc, bktName, objName, false, uploadID, num, srcObj, start, end)
 }
--- a/api/handler/put.go
+++ b/api/handler/put.go
@ -242,22 +242,22 @@ func (h *handler) PutObjectHandler(w http.ResponseWriter, r *http.Request) {
 		metadata[api.ContentEncoding] = encodings
 	}

-	var size uint64
-	if r.ContentLength > 0 {
-		size = uint64(r.ContentLength)
-	}
+	size := h.getPutPayloadSize(r)

 	params := &layer.PutObjectParams{
 		BktInfo:           bktInfo,
 		Object:            reqInfo.ObjectName,
 		Reader:            body,
-		Size:              size,
 		Header:            metadata,
 		Encryption:        encryptionParams,
 		ContentMD5:        r.Header.Get(api.ContentMD5),
 		ContentSHA256Hash: r.Header.Get(api.AmzContentSha256),
 	}

+	if size > 0 {
+		params.Size = &size
+	}
+
 	params.CopiesNumbers, err = h.pickCopiesNumbers(metadata, reqInfo.Namespace, bktInfo.LocationConstraint)
 	if err != nil {
 		h.logAndSendError(w, "invalid copies number", reqInfo, err)
@ -520,7 +520,7 @@ func (h *handler) PostObject(w http.ResponseWriter, r *http.Request) {
 		BktInfo: bktInfo,
 		Object:  reqInfo.ObjectName,
 		Reader:  contentReader,
-		Size:    size,
+		Size:    &size,
 		Header:  metadata,
 	}

--- a/api/handler/put_test.go
+++ b/api/handler/put_test.go
@ -29,6 +29,11 @@ import (
 	"github.com/stretchr/testify/require"
 )

+const (
+	awsChunkedRequestExampleDecodedContentLength = 66560
+	awsChunkedRequestExampleContentLength        = 66824
+)
+
 func TestCheckBucketName(t *testing.T) {
 	for _, tc := range []struct {
 		name string
@ -245,6 +250,10 @@ func TestPutObjectWithNegativeContentLength(t *testing.T) {
 	tc.Handler().HeadObjectHandler(w, r)
 	assertStatus(t, w, http.StatusOK)
 	require.Equal(t, strconv.Itoa(len(content)), w.Header().Get(api.ContentLength))
+
+	result := listVersions(t, tc, bktName)
+	require.Len(t, result.Version, 1)
+	require.EqualValues(t, len(content), result.Version[0].Size)
 }

 func TestPutObjectWithStreamBodyError(t *testing.T) {
@ -361,7 +370,12 @@ func TestPutObjectWithStreamBodyAWSExample(t *testing.T) {
 	hc.Handler().PutObjectHandler(w, req)
 	assertStatus(t, w, http.StatusOK)

-	data := getObjectRange(t, hc, bktName, objName, 0, 66824)
+	w, req = prepareTestRequest(hc, bktName, objName, nil)
+	hc.Handler().HeadObjectHandler(w, req)
+	assertStatus(t, w, http.StatusOK)
+	require.Equal(t, strconv.Itoa(awsChunkedRequestExampleDecodedContentLength), w.Header().Get(api.ContentLength))
+
+	data := getObjectRange(t, hc, bktName, objName, 0, awsChunkedRequestExampleDecodedContentLength)
 	for i := range chunk {
 		require.Equal(t, chunk[i], data[i])
 	}
@ -397,6 +411,8 @@ func TestPutChunkedTestContentEncoding(t *testing.T) {
 	require.Equal(t, "gzip", resp.Header().Get(api.ContentEncoding))
 }

+// getChunkedRequest implements request example from
+// https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-streaming.html
 func getChunkedRequest(ctx context.Context, t *testing.T, bktName, objName string) (*httptest.ResponseRecorder, *http.Request, []byte) {
 	chunk := make([]byte, 65*1024)
 	for i := range chunk {
@ -424,9 +440,9 @@ func getChunkedRequest(ctx context.Context, t *testing.T, bktName, objName strin
 	req, err := http.NewRequest("PUT", "https://s3.amazonaws.com/"+bktName+"/"+objName, nil)
 	require.NoError(t, err)
 	req.Header.Set("content-encoding", "aws-chunked")
-	req.Header.Set("content-length", "66824")
+	req.Header.Set("content-length", strconv.Itoa(awsChunkedRequestExampleContentLength))
 	req.Header.Set("x-amz-content-sha256", "STREAMING-AWS4-HMAC-SHA256-PAYLOAD")
-	req.Header.Set("x-amz-decoded-content-length", "66560")
+	req.Header.Set("x-amz-decoded-content-length", strconv.Itoa(awsChunkedRequestExampleDecodedContentLength))
 	req.Header.Set("x-amz-storage-class", "REDUCED_REDUNDANCY")

 	signTime, err := time.Parse("20060102T150405Z", "20130524T000000Z")
--- a/api/handler/util.go
+++ b/api/handler/util.go
@ -106,6 +106,23 @@ func (h *handler) getBucketAndCheckOwner(r *http.Request, bucket string, header
 	return bktInfo, checkOwner(bktInfo, expected)
 }

+func (h *handler) getPutPayloadSize(r *http.Request) uint64 {
+	decodeContentSize := r.Header.Get(api.AmzDecodedContentLength)
+	decodedSize, err := strconv.Atoi(decodeContentSize)
+	if err != nil {
+		decodedSize = 0
+	}
+
+	var size uint64
+	if decodedSize > 0 {
+		size = uint64(decodedSize)
+	} else if r.ContentLength > 0 {
+		size = uint64(r.ContentLength)
+	}
+
+	return size
+}
+
 func parseRange(s string) (*layer.RangeParams, error) {
 	if s == "" {
 		return nil, nil
--- a/api/layer/cache.go
+++ b/api/layer/cache.go
@ -5,6 +5,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"go.uber.org/zap"
@ -19,6 +20,7 @@ type Cache struct {
 	bucketCache      *cache.BucketCache
 	systemCache      *cache.SystemCache
 	accessCache      *cache.AccessControlCache
+	networkInfoCache *cache.NetworkInfoCache
 }

 // CachesConfig contains params for caches.
@ -31,6 +33,7 @@ type CachesConfig struct {
 	Buckets       *cache.Config
 	System        *cache.Config
 	AccessControl *cache.Config
+	NetworkInfo   *cache.NetworkInfoCacheConfig
 }

 // DefaultCachesConfigs returns filled configs.
@ -44,6 +47,7 @@ func DefaultCachesConfigs(logger *zap.Logger) *CachesConfig {
 		Buckets:       cache.DefaultBucketConfig(logger),
 		System:        cache.DefaultSystemConfig(logger),
 		AccessControl: cache.DefaultAccessControlConfig(logger),
+		NetworkInfo:   cache.DefaultNetworkInfoConfig(logger),
 	}
 }

@ -57,6 +61,7 @@ func NewCache(cfg *CachesConfig) *Cache {
 		bucketCache:      cache.NewBucketCache(cfg.Buckets),
 		systemCache:      cache.NewSystemCache(cfg.System),
 		accessCache:      cache.NewAccessControlCache(cfg.AccessControl),
+		networkInfoCache: cache.NewNetworkInfoCache(cfg.NetworkInfo),
 	}
 }

@ -283,3 +288,13 @@ func (c *Cache) PutLifecycleConfiguration(owner user.ID, bkt *data.BucketInfo, c
 func (c *Cache) DeleteLifecycleConfiguration(bktInfo *data.BucketInfo) {
 	c.systemCache.Delete(bktInfo.LifecycleConfigurationObjectName())
 }
+
+func (c *Cache) GetNetworkInfo() *netmap.NetworkInfo {
+	return c.networkInfoCache.Get()
+}
+
+func (c *Cache) PutNetworkInfo(info netmap.NetworkInfo) {
+	if err := c.networkInfoCache.Put(info); err != nil {
+		c.logger.Warn(logs.CouldntCacheNetworkInfo, zap.Error(err))
+	}
+}
--- a/api/layer/layer.go
+++ b/api/layer/layer.go
@ -103,7 +103,7 @@ type (
 	PutObjectParams struct {
 		BktInfo           *data.BucketInfo
 		Object            string
-		Size              uint64
+		Size              *uint64
 		Reader            io.Reader
 		Header            map[string]string
 		Lock              *data.ObjectLock
@ -528,7 +528,7 @@ func (n *Layer) CopyObject(ctx context.Context, p *CopyObjectParams) (*data.Exte
 	return n.PutObject(ctx, &PutObjectParams{
 		BktInfo:       p.DstBktInfo,
 		Object:        p.DstObject,
-		Size:          p.DstSize,
+		Size:          &p.DstSize,
 		Reader:        objPayload,
 		Header:        p.Header,
 		Encryption:    p.DstEncryption,
@ -855,10 +855,17 @@ func (n *Layer) DeleteBucket(ctx context.Context, p *DeleteBucketParams) error {
 }

 func (n *Layer) GetNetworkInfo(ctx context.Context) (netmap.NetworkInfo, error) {
+	cachedInfo := n.cache.GetNetworkInfo()
+	if cachedInfo != nil {
+		return *cachedInfo, nil
+	}
+
 	networkInfo, err := n.frostFS.NetworkInfo(ctx)
 	if err != nil {
-		return networkInfo, fmt.Errorf("get network info: %w", err)
+		return netmap.NetworkInfo{}, fmt.Errorf("get network info: %w", err)
 	}

+	n.cache.PutNetworkInfo(networkInfo)
+
 	return networkInfo, nil
 }
--- a/api/layer/multipart_upload.go
+++ b/api/layer/multipart_upload.go
@ -150,9 +150,9 @@ func (n *Layer) CreateMultipartUpload(ctx context.Context, p *CreateMultipartPar
 		metaSize += len(p.Data.TagSet)
 	}

-	networkInfo, err := n.frostFS.NetworkInfo(ctx)
+	networkInfo, err := n.GetNetworkInfo(ctx)
 	if err != nil {
-		return fmt.Errorf("get network info: %w", err)
+		return err
 	}

 	info := &data.MultipartInfo{
@ -460,7 +460,7 @@ func (n *Layer) CompleteMultipartUpload(ctx context.Context, p *CompleteMultipar
 		Object:          p.Info.Key,
 		Reader:          bytes.NewReader(partsData),
 		Header:          initMetadata,
-		Size:            multipartObjetSize,
+		Size:            &multipartObjetSize,
 		Encryption:      p.Info.Encryption,
 		CopiesNumbers:   multipartInfo.CopiesNumbers,
 		CompleteMD5Hash: hex.EncodeToString(md5Hash.Sum(nil)) + "-" + strconv.Itoa(len(p.Parts)),
--- a/api/layer/object.go
+++ b/api/layer/object.go
@ -12,6 +12,7 @@ import (
 	"fmt"
 	"io"
 	"mime"
+	"net/http"
 	"path/filepath"
 	"strconv"
 	"strings"
@ -21,6 +22,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
 	apiErrors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/pkg/detector"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
@ -230,26 +232,30 @@ func (n *Layer) PutObject(ctx context.Context, p *PutObjectParams) (*data.Extend

 	r := p.Reader
 	if p.Encryption.Enabled() {
-		p.Header[AttributeDecryptedSize] = strconv.FormatUint(p.Size, 10)
+		var size uint64
+		if p.Size != nil {
+			size = *p.Size
+		}
+		p.Header[AttributeDecryptedSize] = strconv.FormatUint(size, 10)
 		if err = addEncryptionHeaders(p.Header, p.Encryption); err != nil {
 			return nil, fmt.Errorf("add encryption header: %w", err)
 		}

 		var encSize uint64
-		if r, encSize, err = encryptionReader(p.Reader, p.Size, p.Encryption.Key()); err != nil {
+		if r, encSize, err = encryptionReader(p.Reader, size, p.Encryption.Key()); err != nil {
 			return nil, fmt.Errorf("create encrypter: %w", err)
 		}
-		p.Size = encSize
+		p.Size = &encSize
 	}

 	if r != nil {
 		if len(p.Header[api.ContentType]) == 0 {
 			if contentType := MimeByFilePath(p.Object); len(contentType) == 0 {
-				d := newDetector(r)
+				d := detector.NewDetector(r, http.DetectContentType)
 				if contentType, err := d.Detect(); err == nil {
 					p.Header[api.ContentType] = contentType
 				}
-				r = d.MultiReader()
+				r = d.RestoredReader()
 			} else {
 				p.Header[api.ContentType] = contentType
 			}
@ -258,12 +264,14 @@ func (n *Layer) PutObject(ctx context.Context, p *PutObjectParams) (*data.Extend

 	prm := PrmObjectCreate{
 		Container:    p.BktInfo.CID,
-		PayloadSize:  p.Size,
 		Filepath:     p.Object,
 		Payload:      r,
 		CreationTime: TimeNow(ctx),
 		CopiesNumber: p.CopiesNumbers,
 	}
+	if p.Size != nil {
+		prm.PayloadSize = *p.Size
+	}

 	prm.Attributes = make([][2]string, 0, len(p.Header))

@ -275,7 +283,8 @@ func (n *Layer) PutObject(ctx context.Context, p *PutObjectParams) (*data.Extend
 	if err != nil {
 		return nil, err
 	}
-	if len(p.ContentMD5) > 0 {
+
+	if !p.Encryption.Enabled() && len(p.ContentMD5) > 0 {
 		headerMd5Hash, err := base64.StdEncoding.DecodeString(p.ContentMD5)
 		if err != nil {
 			return nil, apiErrors.GetAPIError(apiErrors.ErrInvalidDigest)
@ -310,7 +319,6 @@ func (n *Layer) PutObject(ctx context.Context, p *PutObjectParams) (*data.Extend
 			OID:           createdObj.ID,
 			ETag:          hex.EncodeToString(createdObj.HashSum),
 			FilePath:      p.Object,
-			Size:          p.Size,
 			Created:       &now,
 			Owner:         &n.gateOwner,
 			CreationEpoch: createdObj.CreationEpoch,
@ -318,12 +326,19 @@ func (n *Layer) PutObject(ctx context.Context, p *PutObjectParams) (*data.Extend
 		IsUnversioned: !bktSettings.VersioningEnabled(),
 		IsCombined:    p.Header[MultipartObjectSize] != "",
 	}
+
 	if len(p.CompleteMD5Hash) > 0 {
 		newVersion.MD5 = p.CompleteMD5Hash
 	} else {
 		newVersion.MD5 = hex.EncodeToString(createdObj.MD5Sum)
 	}

+	if p.Size != nil {
+		newVersion.Size = *p.Size
+	} else {
+		newVersion.Size = createdObj.Size
+	}
+
 	if newVersion.ID, err = n.treeService.AddVersion(ctx, p.BktInfo, newVersion); err != nil {
 		return nil, fmt.Errorf("couldn't add new verion to tree service: %w", err)
 	}
--- a/api/layer/versioning_test.go
+++ b/api/layer/versioning_test.go
@ -23,7 +23,7 @@ func (tc *testContext) putObject(content []byte) *data.ObjectInfo {
 	extObjInfo, err := tc.layer.PutObject(tc.ctx, &PutObjectParams{
 		BktInfo: tc.bktInfo,
 		Object:  tc.obj,
-		Size:    uint64(len(content)),
+		Size:    ptr(uint64(len(content))),
 		Reader:  bytes.NewReader(content),
 		Header:  make(map[string]string),
 	})
--- a/api/middleware/constants.go
+++ b/api/middleware/constants.go
@ -107,3 +107,9 @@ const (
 	PartNumberQuery     = "partNumber"
 	LegalHoldQuery      = "legal-hold"
 )
+
+const (
+	StdoutPath = "stdout"
+	StderrPath = "stderr"
+	SinkName   = "lumberjack"
+)
--- a/api/middleware/log_http.go
+++ b/api/middleware/log_http.go
@ -0,0 +1,237 @@
+//go:build loghttp
+
+package middleware
+
+import (
+	"bytes"
+	"io"
+	"net/http"
+	"os"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/pkg/detector"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/pkg/xmlutils"
+	"go.uber.org/zap"
+	"go.uber.org/zap/zapcore"
+	"gopkg.in/natefinch/lumberjack.v2"
+)
+
+type (
+	LogHTTPSettings interface {
+		LogHTTPConfig() LogHTTPConfig
+	}
+	LogHTTPConfig struct {
+		Enabled    bool
+		MaxBody    int64
+		MaxLogSize int
+		OutputPath string
+		UseGzip    bool
+		log        *httpLogger
+	}
+	httpLogger struct {
+		*zap.Logger
+		logRoller *lumberjack.Logger
+	}
+	// responseReadWriter helps read http response body.
+	responseReadWriter struct {
+		http.ResponseWriter
+		response   *bytes.Buffer
+		statusCode int
+	}
+)
+
+const (
+	payloadLabel  = "payload"
+	responseLabel = "response"
+)
+
+func (lc *LogHTTPConfig) InitHTTPLogger(log *zap.Logger) {
+	if err := lc.initHTTPLogger(); err != nil {
+		log.Error(logs.FailedToInitializeHTTPLogger, zap.Error(err))
+	}
+}
+
+// initHTTPLogger returns registers zap sink and returns new httpLogger.
+func (lc *LogHTTPConfig) initHTTPLogger() (err error) {
+	lc.log = &httpLogger{
+		Logger:    zap.NewNop(),
+		logRoller: &lumberjack.Logger{},
+	}
+	c := newLoggerConfig()
+	lc.log.Logger, err = c.Build()
+	if err != nil {
+		return err
+	}
+	lc.setLogOutput()
+
+	return nil
+}
+
+// newLoggerConfig creates new zap.Config with disabled base fields.
+func newLoggerConfig() zap.Config {
+	c := zap.NewProductionConfig()
+	c.DisableCaller = true
+	c.DisableStacktrace = true
+	c.EncoderConfig = newEncoderConfig()
+	c.Sampling = nil
+
+	return c
+}
+
+func (lc *LogHTTPConfig) setLogOutput() {
+	var output zapcore.WriteSyncer
+	switch lc.OutputPath {
+	case "", StdoutPath:
+		output = zapcore.AddSync(os.Stdout)
+	case StderrPath:
+		output = zapcore.AddSync(os.Stderr)
+	default:
+		output = zapcore.AddSync(&lumberjack.Logger{
+			Filename: lc.OutputPath,
+			MaxSize:  lc.MaxLogSize,
+			Compress: lc.UseGzip,
+		})
+	}
+
+	// create logger with new sync
+	lc.log.Logger = lc.log.Logger.WithOptions(zap.WrapCore(func(core zapcore.Core) zapcore.Core {
+		return zapcore.NewCore(zapcore.NewJSONEncoder(newEncoderConfig()), output, zapcore.InfoLevel)
+	}))
+}
+
+func newEncoderConfig() zapcore.EncoderConfig {
+	c := zap.NewProductionEncoderConfig()
+	c.MessageKey = zapcore.OmitKey
+	c.LevelKey = zapcore.OmitKey
+	c.TimeKey = zapcore.OmitKey
+	c.FunctionKey = zapcore.OmitKey
+
+	return c
+}
+
+func (ww *responseReadWriter) Write(data []byte) (int, error) {
+	ww.response.Write(data)
+	return ww.ResponseWriter.Write(data)
+}
+
+func (ww *responseReadWriter) WriteHeader(code int) {
+	ww.statusCode = code
+	ww.ResponseWriter.WriteHeader(code)
+}
+
+func (ww *responseReadWriter) Flush() {
+	if f, ok := ww.ResponseWriter.(http.Flusher); ok {
+		f.Flush()
+	}
+}
+
+// LogHTTP logs http parameters from s3 request.
+func LogHTTP(l *zap.Logger, settings LogHTTPSettings) Func {
+	return func(h http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			config := settings.LogHTTPConfig()
+			if !config.Enabled || config.log == nil {
+				h.ServeHTTP(w, r)
+				return
+			}
+
+			httplog := config.log.getHTTPLogger(r).
+				withFieldIfExist("query", r.URL.Query()).
+				withFieldIfExist("headers", r.Header)
+
+			payload := getBody(r.Body, l)
+			r.Body = io.NopCloser(bytes.NewReader(payload))
+
+			payloadReader := io.LimitReader(bytes.NewReader(payload), config.MaxBody)
+			httplog = httplog.withProcessedBody(payloadLabel, payloadReader, l)
+
+			wr := newResponseReadWriter(w)
+			h.ServeHTTP(wr, r)
+
+			respReader := io.LimitReader(wr.response, config.MaxBody)
+			httplog = httplog.withProcessedBody(responseLabel, respReader, l)
+			httplog = httplog.with(zap.Int("status", wr.statusCode))
+
+			httplog.Info(logs.LogHTTP)
+		})
+	}
+}
+
+// withFieldIfExist checks whether data is not empty and attach it to log output.
+func (lg *httpLogger) withFieldIfExist(label string, data map[string][]string) *httpLogger {
+	if len(data) != 0 {
+		return lg.with(zap.Any(label, data))
+	}
+	return lg
+}
+
+func (lg *httpLogger) with(fields ...zap.Field) *httpLogger {
+	return &httpLogger{
+		Logger:    lg.Logger.With(fields...),
+		logRoller: lg.logRoller,
+	}
+}
+
+func (lg *httpLogger) getHTTPLogger(r *http.Request) *httpLogger {
+	return lg.with(
+		zap.String("from", r.RemoteAddr),
+		zap.String("URI", r.RequestURI),
+		zap.String("method", r.Method),
+		zap.String("protocol", r.Proto),
+	)
+}
+
+func (lg *httpLogger) withProcessedBody(label string, bodyReader io.Reader, l *zap.Logger) *httpLogger {
+	resp, err := processBody(bodyReader)
+	if err != nil {
+		l.Error(logs.FailedToProcessHTTPBody,
+			zap.Error(err),
+			zap.String("body type", payloadLabel))
+		return lg
+	}
+
+	return lg.with(zap.ByteString(label, resp))
+}
+
+func newResponseReadWriter(w http.ResponseWriter) *responseReadWriter {
+	return &responseReadWriter{
+		ResponseWriter: w,
+		response:       &bytes.Buffer{},
+	}
+}
+
+func getBody(httpBody io.ReadCloser, l *zap.Logger) []byte {
+	defer func(httpBody io.ReadCloser) {
+		if err := httpBody.Close(); err != nil {
+			l.Error(logs.FailedToCloseHTTPBody, zap.Error(err))
+		}
+	}(httpBody)
+
+	body, err := io.ReadAll(httpBody)
+	if err != nil {
+		l.Error(logs.FailedToReadHTTPBody,
+			zap.Error(err),
+			zap.String("body type", payloadLabel))
+		return nil
+	}
+	return body
+}
+
+// processBody reads body and base64 encode it if it's not XML.
+func processBody(bodyReader io.Reader) ([]byte, error) {
+	resultBody := &bytes.Buffer{}
+	detect := detector.NewDetector(bodyReader, xmlutils.DetectXML)
+	dataType, err := detect.Detect()
+	if err != nil {
+		return nil, err
+	}
+	writer := xmlutils.ChooseWriter(dataType, resultBody)
+	if _, err = io.Copy(writer, detect.RestoredReader()); err != nil {
+		return nil, err
+	}
+	if err = writer.Close(); err != nil {
+		return nil, err
+	}
+
+	return resultBody.Bytes(), nil
+}
--- a/api/middleware/log_http_stub.go
+++ b/api/middleware/log_http_stub.go
@ -0,0 +1,36 @@
+//go:build !loghttp
+
+package middleware
+
+import (
+	"net/http"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs"
+	"go.uber.org/zap"
+)
+
+type (
+	LogHTTPSettings interface {
+		LogHTTPConfig() LogHTTPConfig
+	}
+	LogHTTPConfig struct {
+		Enabled    bool
+		MaxBody    int64
+		MaxLogSize int
+		OutputPath string
+		UseGzip    bool
+	}
+)
+
+func LogHTTP(l *zap.Logger, _ LogHTTPSettings) Func {
+	l.Warn(logs.LogHTTPDisabledInThisBuild)
+	return func(h http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			h.ServeHTTP(w, r)
+		})
+	}
+}
+
+func (*LogHTTPConfig) InitHTTPLogger(*zap.Logger) {
+	// ignore
+}
--- a/api/router.go
+++ b/api/router.go
@ -99,6 +99,7 @@ type Settings interface {
 	s3middleware.PolicySettings
 	s3middleware.MetricsSettings
 	s3middleware.VHSSettings
+	s3middleware.LogHTTPSettings
 }

 type FrostFSID interface {
@ -127,7 +128,9 @@ type Config struct {

 func NewRouter(cfg Config) *chi.Mux {
 	api := chi.NewRouter()
+
 	api.Use(
+		s3middleware.LogHTTP(cfg.Log, cfg.MiddlewareSettings),
 		s3middleware.Request(cfg.Log, cfg.MiddlewareSettings),
 		middleware.ThrottleWithOpts(cfg.Throttle),
 		middleware.Recoverer,
--- a/api/router_mock_test.go
+++ b/api/router_mock_test.go
@ -80,6 +80,7 @@ type middlewareSettingsMock struct {
 	domains              []string
 	vhsEnabled           bool
 	vhsNamespacesEnabled map[string]bool
+	logHTTP              middleware.LogHTTPConfig
 }

 func (r *middlewareSettingsMock) SourceIPHeader() string {
@ -117,6 +118,9 @@ func (r *middlewareSettingsMock) ServernameHeader() string {
 func (r *middlewareSettingsMock) VHSNamespacesEnabled() map[string]bool {
 	return r.vhsNamespacesEnabled
 }
+func (r *middlewareSettingsMock) LogHTTPConfig() middleware.LogHTTPConfig {
+	return r.logHTTP
+}

 type frostFSIDMock struct {
 	tags            map[string]string
--- a/cmd/s3-gw/app.go
+++ b/cmd/s3-gw/app.go
@ -87,6 +87,7 @@ type (

 	appSettings struct {
 		logLevel            zap.AtomicLevel
+		httpLogging         s3middleware.LogHTTPConfig
 		maxClient           maxClientsConfig
 		defaultMaxAge       int
 		reconnectInterval   time.Duration
@ -217,6 +218,7 @@ func (a *App) initLayer(ctx context.Context) {
 func newAppSettings(log *Logger, v *viper.Viper) *appSettings {
 	settings := &appSettings{
 		logLevel:            log.lvl,
+		httpLogging:         s3middleware.LogHTTPConfig{},
 		maxClient:           newMaxClients(v),
 		defaultMaxAge:       fetchDefaultMaxAge(v, log.logger),
 		reconnectInterval:   fetchReconnectInterval(v),
@ -252,10 +254,22 @@ func (s *appSettings) update(v *viper.Viper, log *zap.Logger) {
 	vhsHeader := v.GetString(cfgVHSHeader)
 	servernameHeader := v.GetString(cfgServernameHeader)
 	vhsNamespacesEnabled := s.prepareVHSNamespaces(v, log)
+	httpLoggingEnabled := v.GetBool(cfgHTTPLoggingEnabled)
+	httpLoggingMaxBody := v.GetInt64(cfgHTTPLoggingMaxBody)
+	httpLoggingMaxLogSize := v.GetInt(cfgHTTPLoggingMaxLogSize)
+	httpLoggingOutputPath := v.GetString(cfgHTTPLoggingDestination)
+	httpLoggingUseGzip := v.GetBool(cfgHTTPLoggingGzip)

 	s.mu.Lock()
 	defer s.mu.Unlock()

+	s.httpLogging.Enabled = httpLoggingEnabled
+	s.httpLogging.MaxBody = httpLoggingMaxBody
+	s.httpLogging.MaxLogSize = httpLoggingMaxLogSize
+	s.httpLogging.OutputPath = httpLoggingOutputPath
+	s.httpLogging.UseGzip = httpLoggingUseGzip
+	s.httpLogging.InitHTTPLogger(log)
+
 	s.namespaceHeader = namespaceHeader
 	s.defaultNamespaces = defaultNamespaces
 	s.namespaces = nsConfig.Namespaces
@ -362,6 +376,13 @@ func (s *appSettings) DefaultCopiesNumbers(namespace string) []uint32 {
 	return s.namespaces[namespace].CopiesNumbers[defaultConstraintName]
 }

+func (s *appSettings) LogHTTPConfig() s3middleware.LogHTTPConfig {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	return s.httpLogging
+}
+
 func (s *appSettings) NewXMLDecoder(r io.Reader) *xml.Decoder {
 	dec := xml.NewDecoder(r)
 	dec.CharsetReader = func(charset string, reader io.Reader) (io.Reader, error) {
@ -920,6 +941,8 @@ func getCacheOptions(v *viper.Viper, l *zap.Logger) *layer.CachesConfig {
 	cacheCfg.AccessControl.Lifetime = fetchCacheLifetime(v, l, cfgAccessControlCacheLifetime, cacheCfg.AccessControl.Lifetime)
 	cacheCfg.AccessControl.Size = fetchCacheSize(v, l, cfgAccessControlCacheSize, cacheCfg.AccessControl.Size)

+	cacheCfg.NetworkInfo.Lifetime = fetchCacheLifetime(v, l, cfgNetworkInfoCacheLifetime, cacheCfg.NetworkInfo.Lifetime)
+
 	return cacheCfg
 }

--- a/cmd/s3-gw/app_settings.go
+++ b/cmd/s3-gw/app_settings.go
@ -81,6 +81,14 @@ const ( // Settings.
 	cfgLoggerLevel       = "logger.level"
 	cfgLoggerDestination = "logger.destination"

+	// HttpLogging.
+	cfgHTTPLoggingEnabled     = "http_logging.enabled"
+	cfgHTTPLoggingMaxBody     = "http_logging.max_body"
+	cfgHTTPLoggingMaxLogSize  = "http_logging.max_log_size"
+	cfgHTTPLoggingDestination = "http_logging.destination"
+	cfgHTTPLoggingGzip        = "http_logging.gzip"
+	cfgHTTPLoggingLogResponse = "http_logging.log_response"
+
 	// Wallet.
 	cfgWalletPath       = "wallet.path"
 	cfgWalletAddress    = "wallet.address"
@ -122,6 +130,7 @@ const ( // Settings.
 	cfgMorphPolicyCacheSize       = "cache.morph_policy.size"
 	cfgFrostfsIDCacheLifetime     = "cache.frostfsid.lifetime"
 	cfgFrostfsIDCacheSize         = "cache.frostfsid.size"
+	cfgNetworkInfoCacheLifetime   = "cache.network_info.lifetime"

 	cfgAccessBoxCacheRemovingCheckInterval = "cache.accessbox.removing_check_interval"

@ -779,6 +788,14 @@ func newSettings() *viper.Viper {
 	v.SetDefault(cfgLoggerLevel, "debug")
 	v.SetDefault(cfgLoggerDestination, "stdout")

+	// http logger
+	v.SetDefault(cfgHTTPLoggingEnabled, false)
+	v.SetDefault(cfgHTTPLoggingMaxBody, 1024)
+	v.SetDefault(cfgHTTPLoggingMaxLogSize, 50)
+	v.SetDefault(cfgHTTPLoggingDestination, "stdout")
+	v.SetDefault(cfgHTTPLoggingGzip, false)
+	v.SetDefault(cfgHTTPLoggingLogResponse, true)
+
 	// pool:
 	v.SetDefault(cfgPoolErrorThreshold, defaultPoolErrorThreshold)
 	v.SetDefault(cfgStreamTimeout, defaultStreamTimeout)
--- a/cmd/s3-playback/internal/playback/multipart.go
+++ b/cmd/s3-playback/internal/playback/multipart.go
@ -0,0 +1,50 @@
+package playback
+
+import (
+	"encoding/xml"
+	"fmt"
+	"net/http"
+)
+
+type MultipartUpload struct {
+	XMLName  xml.Name `xml:"http://s3.amazonaws.com/doc/2006-03-01/ InitiateMultipartUploadResult" json:"-"`
+	Bucket   string   `json:"bucket" xml:"Bucket"`
+	Key      string   `json:"key" xml:"Key"`
+	UploadID string   `json:"uploadId" xml:"UploadId"`
+}
+
+func HandleResponse(r *http.Request, mparts map[string]MultipartUpload, resp []byte, logResponse []byte) error {
+	var mpart, mpartOld MultipartUpload
+	if r.Method != "POST" || !r.URL.Query().Has("uploads") {
+		return nil
+	}
+	// get new uploadId from response
+	err := xml.Unmarshal(resp, &mpart)
+	if err != nil {
+		return fmt.Errorf("xml unmarshal error: %w", err)
+	}
+	// get old uploadId from logs
+	err = xml.Unmarshal(logResponse, &mpartOld)
+	if err != nil {
+		return fmt.Errorf("xml unmarshal error: %w", err)
+	}
+	if mpartOld.UploadID != "" {
+		mparts[mpartOld.UploadID] = mpart
+	}
+
+	return nil
+}
+
+func SwapUploadID(r *http.Request, settings *Settings) error {
+	var uploadID string
+	query := r.URL.Query()
+	uploadID = query.Get("uploadId")
+	mpart, ok := settings.Multiparts[uploadID]
+	if !ok {
+		return fmt.Errorf("no multipart upload with specified uploadId")
+	}
+	query.Set("uploadId", mpart.UploadID)
+	r.URL.RawQuery = query.Encode()
+
+	return nil
+}
--- a/cmd/s3-playback/internal/playback/request.go
+++ b/cmd/s3-playback/internal/playback/request.go
@ -0,0 +1,97 @@
+package playback
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+	"time"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/pkg/detector"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/pkg/xmlutils"
+	v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	"github.com/aws/aws-sdk-go-v2/credentials"
+)
+
+type (
+	httpBody      []byte
+	LoggedRequest struct {
+		From     string      `json:"from"`
+		URI      string      `json:"URI"`
+		Method   string      `json:"method"`
+		Payload  httpBody    `json:"payload,omitempty"`
+		Response httpBody    `json:"response,omitempty"`
+		Query    url.Values  `json:"query"`
+		Header   http.Header `json:"headers"`
+	}
+	Credentials struct {
+		AccessKey string
+		SecretKey string
+	}
+	Settings struct {
+		Endpoint   string
+		Creds      Credentials
+		Multiparts map[string]MultipartUpload
+		Client     *http.Client
+	}
+)
+
+func (h *httpBody) UnmarshalJSON(data []byte) error {
+	unquoted, err := strconv.Unquote(string(data))
+	if err != nil {
+		return fmt.Errorf("failed to unquote data: %w", err)
+	}
+	detect := detector.NewDetector(strings.NewReader(unquoted), xmlutils.DetectXML)
+	dataType, err := detect.Detect()
+	if err != nil {
+		return fmt.Errorf("failed to detect data: %w", err)
+	}
+	reader := xmlutils.ChooseReader(dataType, detect.RestoredReader())
+	*h, err = io.ReadAll(reader)
+	if err != nil {
+		return fmt.Errorf("failed to unmarshal httpbody: %w", err)
+	}
+
+	return nil
+}
+
+// Sign replace Authorization header with new Access key id and Signature values.
+func Sign(ctx context.Context, r *http.Request, creds Credentials) error {
+	credProvider := credentials.NewStaticCredentialsProvider(creds.AccessKey, creds.SecretKey, "")
+	awsCred, err := credProvider.Retrieve(ctx)
+	if err != nil {
+		return err
+	}
+
+	authHdr := r.Header.Get(auth.AuthorizationHdr)
+	authInfo, err := parseAuthHeader(authHdr)
+	if err != nil {
+		return err
+	}
+	newHeader := strings.Replace(authHdr, authInfo["access_key_id"], creds.AccessKey, 1)
+	r.Header.Set(auth.AuthorizationHdr, newHeader)
+
+	signer := v4.NewSigner()
+	signatureDateTimeStr := r.Header.Get(api.AmzDate)
+	signatureDateTime, err := time.Parse("20060102T150405Z", signatureDateTimeStr)
+	if err != nil {
+		return err
+	}
+
+	return signer.SignHTTP(ctx, awsCred, r, r.Header.Get(api.AmzContentSha256), authInfo["service"], authInfo["region"], signatureDateTime)
+}
+
+func parseAuthHeader(authHeader string) (map[string]string, error) {
+	authInfo := auth.NewRegexpMatcher(auth.AuthorizationFieldRegexp).GetSubmatches(authHeader)
+	if len(authInfo) == 0 {
+		return nil, errors.New("no matches found")
+	}
+
+	return authInfo, nil
+}
--- a/cmd/s3-playback/internal/playback/request_test.go
+++ b/cmd/s3-playback/internal/playback/request_test.go
@ -0,0 +1,98 @@
+package playback
+
+import (
+	"errors"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+var errNoMatches = errors.New("no matches found")
+
+func withoutValue(data map[string]string, field string) map[string]string {
+	result := make(map[string]string)
+	for k, v := range data {
+		result[k] = v
+	}
+	result[field] = ""
+
+	return result
+}
+
+func TestParseAuthHeader(t *testing.T) {
+	defaultHeader := "AWS4-HMAC-SHA256 Credential=oid0cid/20210809/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=2811ccb9e242f41426738fb1f"
+
+	defaultAuthInfo := map[string]string{
+		"access_key_id":        "oid0cid",
+		"service":              "s3",
+		"region":               "us-east-1",
+		"v4_signature":         "2811ccb9e242f41426738fb1f",
+		"signed_header_fields": "host;x-amz-content-sha256;x-amz-date",
+		"date":                 "20210809",
+	}
+	for _, tc := range []struct {
+		title    string
+		header   string
+		err      error
+		expected map[string]string
+	}{
+		{
+			title:    "correct full header",
+			header:   defaultHeader,
+			err:      nil,
+			expected: defaultAuthInfo,
+		},
+		{
+			title:    "correct with empty region",
+			header:   strings.Replace(defaultHeader, "/us-east-1/", "//", 1),
+			err:      nil,
+			expected: withoutValue(defaultAuthInfo, "region"),
+		},
+		{
+			title:    "empty access key",
+			header:   strings.Replace(defaultHeader, "oid0cid", "", 1),
+			err:      errNoMatches,
+			expected: nil,
+		},
+		{
+			title:    "empty service",
+			header:   strings.Replace(defaultHeader, "/s3/", "//", 1),
+			err:      errNoMatches,
+			expected: nil,
+		},
+		{
+			title:    "empty date",
+			header:   strings.Replace(defaultHeader, "/20210809/", "//", 1),
+			err:      errNoMatches,
+			expected: nil,
+		},
+		{
+			title: "empty v4_signature",
+			header: strings.Replace(defaultHeader, "Signature=2811ccb9e242f41426738fb1f",
+				"Signature=", 1),
+			err:      errNoMatches,
+			expected: nil,
+		},
+		{
+			title: "empty signed_fields",
+			header: strings.Replace(defaultHeader, "SignedHeaders=host;x-amz-content-sha256;x-amz-date",
+				"SignedHeaders=", 1),
+			err:      errNoMatches,
+			expected: nil,
+		},
+		{
+			title: "empty signed_fields",
+			header: strings.Replace(defaultHeader, "SignedHeaders=host;x-amz-content-sha256;x-amz-date",
+				"SignedHeaders=", 1),
+			err:      errNoMatches,
+			expected: nil,
+		},
+	} {
+		t.Run(tc.title, func(t *testing.T) {
+			authInfo, err := parseAuthHeader(tc.header)
+			require.Equal(t, err, tc.err, tc.header)
+			require.Equal(t, tc.expected, authInfo, tc.header)
+		})
+	}
+}
--- a/cmd/s3-playback/main.go
+++ b/cmd/s3-playback/main.go
@ -0,0 +1,20 @@
+package main
+
+import (
+	"context"
+	"os"
+	"os/signal"
+	"syscall"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/cmd/s3-playback/modules"
+)
+
+func main() {
+	ctx, _ := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM, syscall.SIGHUP)
+
+	if cmd, err := modules.Execute(ctx); err != nil {
+		cmd.PrintErrln("Error:", err.Error())
+		cmd.PrintErrf("Run '%v --help' for usage.\n", cmd.CommandPath())
+		os.Exit(1)
+	}
+}
--- a/cmd/s3-playback/modules/root.go
+++ b/cmd/s3-playback/modules/root.go
@ -0,0 +1,67 @@
+package modules
+
+import (
+	"context"
+	"os"
+	"strings"
+	"time"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/version"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+	"github.com/spf13/viper"
+)
+
+const (
+	defaultPrintResponseLimit = 1024
+	cfgConfigPath             = "config"
+	cfgHTTPTimeoutFlag        = "http-timeout"
+	cfgSkipVerifyTLS          = "skip-verify-tls"
+)
+
+var (
+	cfgFile string
+	rootCmd = &cobra.Command{
+		Use:     "frostfs-s3-playback",
+		Version: version.Version,
+		Short:   "FrostFS S3 Traffic Playback",
+		Long:    "Helps to reproduce s3 commands from log files",
+		Example: "frostfs-s3-playback [--skip-verify-tls] [--http-timeout <timeout>] " +
+			"[--version] --config <config_path> <command>",
+		SilenceUsage:  true,
+		SilenceErrors: true,
+		PersistentPreRunE: func(cmd *cobra.Command, _ []string) error {
+			return viper.BindPFlags(cmd.Flags())
+		},
+		RunE: func(cmd *cobra.Command, _ []string) error {
+			return cmd.Help()
+		},
+	}
+)
+
+func Execute(ctx context.Context) (*cobra.Command, error) {
+	return rootCmd.ExecuteContextC(ctx)
+}
+
+func initConfig() {
+	viper.SetConfigFile(cfgFile)
+	_ = viper.ReadInConfig()
+}
+
+func init() {
+	cobra.OnInitialize(initConfig)
+	cobra.EnableTraverseRunHooks = true
+	rootCmd.SetGlobalNormalizationFunc(func(_ *pflag.FlagSet, name string) pflag.NormalizedName {
+		return pflag.NormalizedName(strings.ReplaceAll(name, "_", "-"))
+	})
+
+	rootCmd.PersistentFlags().StringVar(&cfgFile, cfgConfigPath, "", "configuration filepath")
+	_ = rootCmd.MarkPersistentFlagRequired(cfgConfigPath)
+	_ = rootCmd.MarkPersistentFlagFilename(cfgConfigPath)
+	rootCmd.PersistentFlags().Duration(cfgHTTPTimeoutFlag, time.Minute, "http request timeout")
+	rootCmd.PersistentFlags().Bool(cfgSkipVerifyTLS, false, "skip TLS certificate verification")
+	rootCmd.SetOut(os.Stdout)
+
+	initRunCmd()
+	rootCmd.AddCommand(runCmd)
+}
--- a/cmd/s3-playback/modules/run.go
+++ b/cmd/s3-playback/modules/run.go
@ -0,0 +1,208 @@
+package modules
+
+import (
+	"bufio"
+	"bytes"
+	"context"
+	"crypto/md5"
+	"crypto/sha256"
+	"crypto/tls"
+	"encoding/base64"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"strconv"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/cmd/s3-playback/internal/playback"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/pkg/detector"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/pkg/xmlutils"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+const (
+	cfgPrintResponseLimit = "print-response-limit"
+	cfgLogPath            = "log"
+	cfgEndpoint           = "endpoint"
+	awsAccessKey          = "credentials.access_key"
+	awsSecretKey          = "credentials.secret_key"
+)
+
+var runCmd = &cobra.Command{
+	Use:     "run",
+	Short:   "Send requests from log file",
+	Long:    "Reads the network log file and sends each request to the specified URL",
+	Example: "frostfs-s3-playback --config <config_path> run [--endpoint=<endpoint>] [--log=<log_path>]",
+	PersistentPreRunE: func(cmd *cobra.Command, _ []string) (err error) {
+		viper.SetDefault(cfgPrintResponseLimit, defaultPrintResponseLimit)
+		return viper.BindPFlags(cmd.Flags())
+	},
+	RunE: run,
+}
+
+func initRunCmd() {
+	runCmd.Flags().String(cfgLogPath, "./request.log", "log file path")
+	runCmd.Flags().String(cfgEndpoint, "", "endpoint URL")
+	runCmd.Flags().Int(cfgPrintResponseLimit, defaultPrintResponseLimit, "print limit for http response body")
+}
+
+func logResponse(cmd *cobra.Command, r *http.Request, resp *http.Response) {
+	cmd.Println(r.Method, r.URL.RequestURI())
+	cmd.Println(resp.Status)
+	if resp.ContentLength == 0 {
+		return
+	}
+	detect := detector.NewDetector(resp.Body, xmlutils.DetectXML)
+	dataType, err := detect.Detect()
+	if err != nil {
+		cmd.PrintErrln("type detection error:", err.Error())
+		return
+	}
+	body := &bytes.Buffer{}
+	resultWriter := xmlutils.ChooseWriter(dataType, body)
+	_, err = io.Copy(resultWriter, io.LimitReader(detect.RestoredReader(), viper.GetInt64(cfgPrintResponseLimit)))
+	if err != nil {
+		cmd.Println(err)
+		return
+	}
+	if err = resultWriter.Close(); err != nil {
+		cmd.Printf("could not close response body: %s\n", err)
+		return
+	}
+
+	cmd.Println(body.String())
+	cmd.Println()
+}
+
+func run(cmd *cobra.Command, _ []string) error {
+	ctx := cmd.Context()
+	settings := &playback.Settings{
+		Endpoint: viper.GetString(cfgEndpoint),
+		Creds: playback.Credentials{
+			AccessKey: viper.GetString(awsAccessKey),
+			SecretKey: viper.GetString(awsSecretKey),
+		},
+		Multiparts: make(map[string]playback.MultipartUpload),
+		Client: &http.Client{
+			Transport: http.DefaultTransport,
+			Timeout:   viper.GetDuration(cfgHTTPTimeoutFlag),
+		},
+	}
+
+	file, err := os.Open(viper.GetString(cfgLogPath))
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+
+	reader := bufio.NewReader(file)
+
+	if viper.GetBool(cfgSkipVerifyTLS) {
+		settings.Client.Transport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	}
+
+	id := 1
+	for {
+		logReq, err := getRequestFromLog(reader)
+		if err != nil {
+			if err == io.EOF {
+				break
+			}
+			cmd.PrintErrln(strconv.Itoa(id)+")", "failed to parse request", err)
+			id++
+			continue
+		}
+
+		select {
+		case <-ctx.Done():
+			return fmt.Errorf("interrupted: %w", ctx.Err())
+		default:
+			r, resp, err := playbackRequest(ctx, logReq, settings)
+			if err != nil {
+				cmd.PrintErrln(strconv.Itoa(id)+")", "failed to playback request:", err)
+				id++
+				continue
+			}
+			cmd.Print(strconv.Itoa(id) + ") ")
+			logResponse(cmd, r, resp)
+			id++
+		}
+	}
+
+	return nil
+}
+
+func getRequestFromLog(reader *bufio.Reader) (playback.LoggedRequest, error) {
+	var logReq playback.LoggedRequest
+	req, err := reader.ReadString('\n')
+	if err != nil {
+		return logReq, err
+	}
+
+	err = json.Unmarshal([]byte(req), &logReq)
+	if err != nil {
+		return logReq, err
+	}
+
+	return logReq, nil
+}
+
+// playbackRequest creates http.Request from LoggedRequest and sends it to specified endpoint.
+func playbackRequest(ctx context.Context, logReq playback.LoggedRequest, settings *playback.Settings) (*http.Request, *http.Response, error) {
+	r, err := prepareRequest(ctx, logReq, settings)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to prepare request: %w", err)
+	}
+	resp, err := settings.Client.Do(r)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to send request: %w", err)
+	}
+
+	respBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to read response body: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if err = playback.HandleResponse(r, settings.Multiparts, respBody, logReq.Response); err != nil {
+		return nil, nil, fmt.Errorf("failed to register multipart upload: %w", err)
+	}
+	resp.Body = io.NopCloser(bytes.NewBuffer(respBody))
+
+	return r, resp, nil
+}
+
+// prepareRequest creates request from logs and modifies its signature and uploadId (if presents).
+func prepareRequest(ctx context.Context, logReq playback.LoggedRequest, settings *playback.Settings) (*http.Request, error) {
+	r, err := http.NewRequestWithContext(ctx, logReq.Method, settings.Endpoint+logReq.URI, bytes.NewReader(logReq.Payload))
+	if err != nil {
+		return nil, err
+	}
+	r.Header = logReq.Header
+	sha256hash := sha256.New()
+	sha256hash.Write(logReq.Payload)
+	r.Header.Set(auth.AmzContentSHA256, hex.EncodeToString(sha256hash.Sum(nil)))
+	if r.Header.Get(api.ContentMD5) != "" {
+		sha256hash.Reset()
+		md5hash := md5.New()
+		md5hash.Write(logReq.Payload)
+		r.Header.Set(api.ContentMD5, base64.StdEncoding.EncodeToString(md5hash.Sum(nil)))
+	}
+	if r.URL.Query().Has("uploadId") {
+		if err = playback.SwapUploadID(r, settings); err != nil {
+			return nil, err
+		}
+	}
+	if r.Header.Get(auth.AuthorizationHdr) != "" {
+		if err = playback.Sign(ctx, r, settings.Creds); err != nil {
+			return nil, err
+		}
+	}
+
+	return r, nil
+}
--- a/config/config.env
+++ b/config/config.env
@ -52,6 +52,17 @@ S3_GW_CONFIG=/path/to/config/yaml
 # Logger
 S3_GW_LOGGER_LEVEL=debug

+# HTTP logger
+S3_GW_HTTP_LOGGING_ENABLED=false
+# max body size to log
+S3_GW_HTTP_LOGGING_MAX_BODY=1024
+# max log size in Mb
+S3_GW_HTTP_LOGGING_MAX_LOG_SIZE=20
+# use log compression
+S3_GW_HTTP_LOGGING_GZIP=true
+# possible destination output values: filesystem path, url, "stdout", "stderr"
+S3_GW_HTTP_LOGGING_DESTINATION=stdout
+
 # RPC endpoint and order of resolving of bucket names
 S3_GW_RPC_ENDPOINT=http://morph-chain.frostfs.devenv:30333/
 S3_GW_RESOLVE_ORDER="nns dns"
@ -111,6 +122,8 @@ S3_GW_CACHE_MORPH_POLICY_SIZE=10000
 # Cache which stores frostfsid subject info
 S3_GW_CACHE_FROSTFSID_LIFETIME=1m
 S3_GW_CACHE_FROSTFSID_SIZE=10000
+# Cache which stores network info
+S3_GW_CACHE_NETWORK_INFO_LIFETIME=1m

 # Default policy of placing containers in FrostFS
 # If a user sends a request `CreateBucket` and doesn't define policy for placing of a container in FrostFS, the S3 Gateway
--- a/config/config.yaml
+++ b/config/config.yaml
@ -56,6 +56,18 @@ logger:
  level: debug
  destination: stdout

+# log http request data (URI, headers, query, etc)
+http_logging:
+  enabled: false
+  # max body size to log
+  max_body: 1024
+  # max log size in Mb
+  max_log_size: 20
+  # use log compression
+  gzip: true
+  # possible output values: filesystem path, url, "stdout", "stderr"
+  destination: stdout
+  
 # RPC endpoint and order of resolving of bucket names
 rpc_endpoint: http://morph-chain.frostfs.devenv:30333
 resolve_order:
@ -135,6 +147,9 @@ cache:
  frostfsid:
    lifetime: 1m
    size: 10000
+  # Cache which stores network info
+  network_info:
+    lifetime: 1m

 # Parameters of FrostFS container placement policy
 placement_policy:
--- a/config/playback/playback.yaml
+++ b/config/playback/playback.yaml
@ -0,0 +1,8 @@
+endpoint: http://localhost:8084
+log: ./log/request.log
+credentials:
+  access_key: CAtUxDSSFtuVyVCjHTMhwx3eP3YSPo5ffwbPcnKfcdrD06WwUSn72T5EBNe3jcgjL54rmxFM6u3nUAoNBps8qJ1PD
+  secret_key: 560027d81c277de7378f71cbf12a32e4f7f541de724be59bcfdbfdc925425f30
+http_timeout: 60s
+skip_verify_tls: false
+print_response_limit: 1024
--- a/docs/configuration.md
+++ b/docs/configuration.md
@ -176,6 +176,7 @@ There are some custom types used for brevity:
 | `placement_policy` | [Placement policy configuration](#placement_policy-section)    |
 | `server`           | [Server configuration](#server-section)                        |
 | `logger`           | [Logger configuration](#logger-section)                        |
+| `http_logging`     | [HTTP Request logger configuration](#http_logging-section)     |
 | `cache`            | [Cache configuration](#cache-section)                          |
 | `cors`             | [CORS configuration](#cors-section)                            |
 | `pprof`            | [Pprof configuration](#pprof-section)                          |
@ -220,7 +221,7 @@ max_clients_deadline: 30s
 allowed_access_key_id_prefixes:
   - Ck9BHsgKcnwfCTUSFm6pxhoNS4cBqgN2NQ8zVgPjqZDX
   - 3stjWenX15YwYzczMr88gy3CQr4NYFBQ8P7keGzH5QFn
-  
+
 reconnect_interval: 1m

 source_ip_header: "Source-Ip"
@ -376,6 +377,32 @@ logger:
 | `level`       | `string` | yes           | `debug`       | Logging level.<br/>Possible values:  `debug`, `info`, `warn`, `error`, `dpanic`, `panic`, `fatal`. |
 | `destination` | `string` | no            | `stdout`      | Destination for logger: `stdout` or `journald`                                                     |

+
+### `http_logging` section
+
+Could be enabled only in builds with `loghttp` build tag. To build with `loghttp` tag, pass `GOFLAGS` var to `make`:
+```bash
+make GOFLAGS="-tags=loghttp" [target]
+```
+
+```yaml
+http_logging:
+  enabled: false
+  max_body: 1024
+  max_log_size: 20
+  gzip: true
+  destination: stdout
+```
+
+| Parameter      | Type     | SIGHUP reload | Default value | Description                                                                                                                                                                                 |
+|----------------|----------|---------------|---------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `enabled`      | `bool`   | yes           | `false`       | Flag to enable the logger.                                                                                                                                                                  |
+| `max_body`     | `int`    | yes           | `1024`        | Max body size for log output in bytes.                                                                                                                                                      |
+| `max_log_size` | `int`    | yes           | `50`          | Log file size threshold (in megabytes) to be moved in backup file. After reaching  threshold, initial filename is appended with timestamp. And new empty file with initial name is created. |
+| `gzip`         | `bool`   | yes           | `false`       | Whether to enable Gzip compression to backup log files.                                                                                                                                     |
+| `destination`  | `string` | yes           | `stdout`      | Specify path for log output. Accepts log file path, or "stdout" and "stderr" reserved words to print in output streams. File and folders are created if necessary.                          |
+
+
 ### `cache` section

 ```yaml
@ -411,6 +438,8 @@ cache:
  frostfsid:
    lifetime: 1m
    size: 10000
+  network_info:
+    lifetime: 1m
 ```

 | Parameter       | Type                                            | Default value                     | Description                                                    |
@ -425,6 +454,7 @@ cache:
 | `accesscontrol` | [Cache config](#cache-subsection)               | `lifetime: 1m`<br>`size: 100000`  | Cache which stores owner to cache operation mapping.           |
 | `morph_policy`  | [Cache config](#cache-subsection)               | `lifetime: 1m`<br>`size: 10000`   | Cache which stores list of policy chains.                      |
 | `frostfsid`     | [Cache config](#cache-subsection)               | `lifetime: 1m`<br>`size: 10000`   | Cache which stores FrostfsID subject info.                     |
+| `network_info`  | [Cache config](#cache-subsection)               | `lifetime: 1m`                    | Cache which stores network info.                               |

 #### `cache` subsection

@ -743,7 +773,7 @@ vhs:
 ```

 | Parameter           | Type              | SIGHUP reload | Default value          | Description                                                                                                                                                                                               |
-| ------------------- | ----------------- | ------------- | ---------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+|---------------------|-------------------|---------------|------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `enabled`           | `bool`            | yes           | `false`                | Enables the use of virtual host addressing for buckets at the application level.                                                                                                                          |
 | `vhs_header`        | `string`          | yes           | `X-Frostfs-S3-VHS`     | Header for determining whether VHS is enabled for the request.                                                                                                                                            |
 | `servername_header` | `string`          | yes           | `X-Frostfs-Servername` | Header for determining servername.                                                                                                                                                                        |
--- a/docs/playback.md
+++ b/docs/playback.md
@ -0,0 +1,48 @@
+# FrostFS S3 Playback
+
+Playback is a tool to reproduce queries to `frostfs-s3-gw` in dev environment. Network logs could be
+gathered from `s3-gw` via HTTP Logger which could be enabled on build with `loghttp` build tag
+and `http_logging.enabled` option set to `true` in `s3-gw` configuration.
+
+## Commands
+
+`run` - reads log file and reproduces send requests from it to specified endpoint
+
+#### Example
+```bash
+frostfs-s3-playback --config <config_path> run [--endpoint=<endpoint>] [--log=<log_path>]
+```
+
+## Configuration
+
+Playback accepts configuration file path in yaml with corresponding options:
+```yaml
+endpoint: http://localhost:8084
+log: ./request.log
+env: .env
+credentials:
+  access_key: CAtUxDSSFtuVyVCjHTMhwx3eP3YSPo5ffwbPcnKfcdrD06WwUSn72T5EBNe3jcgjL54rmxFM6u3nUAoNBps8qJ1PD
+  secret_key: 560027d81c277de7378f71cbf12a32e4f7f541de724be59bcfdbfdc925425f30
+http_timeout: 60s
+skip_verify_tls: true
+```
+Configuration path is passed via required `--config` flag.
+If corresponding flag is set, it overrides parameter from config.
+
+### Configuration parameters
+
+#### Global parameters
+| Config parameter name   | Flag name         | Type       | Default value | Description                                                                   |
+|-------------------------|-------------------|------------|---------------|-------------------------------------------------------------------------------|
+| -                       | `config`          | `string`   | -             | config file path (e.g. `./config/playback.yaml`)                              |
+| `http_timeout`          | `http-timeout`    | `duration` | `60s`         | http request timeout                                                          |
+| `skip_verify_tls`       | `skip-verify-tls` | `bool`     | `false`       | skips tls certificate verification for https endpoints                        |
+| `credentials.accessKey` | -                 | `string`   | -             | AWS access key id                                                             |
+| `credentials.secretKey` | -                 | `string`   | -             | AWS secret key                                                                |
+| `print_response_limit`  | -                 | `int`      | `1024`        | max response length to be printed in stdout, the rest of body will be omitted |
+
+#### `run` command parameters
+| Config parameter name | Flag name | Type   | Default value | Description                                            |
+|-----------------------|-----------|--------|---------------|--------------------------------------------------------|
+| `endpoint`            | endpoint  | string | -             | s3-gw endpoint URL                                     |
+| `log`                 | log       | string | ./request.log | path to log file, could be either absolute or relative |
--- a/go.mod
+++ b/go.mod
@ -10,7 +10,8 @@ require (
 	git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20240822104152-a3bc3099bd5b
 	git.frostfs.info/TrueCloudLab/zapjournald v0.0.0-20240124114243-cb2e66427d02
 	github.com/aws/aws-sdk-go v1.44.6
-	github.com/aws/aws-sdk-go-v2 v1.18.1
+	github.com/aws/aws-sdk-go-v2 v1.30.3
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.27
 	github.com/bluele/gcache v0.0.2
 	github.com/go-chi/chi/v5 v5.0.8
 	github.com/google/uuid v1.6.0
@ -20,7 +21,7 @@ require (
 	github.com/panjf2000/ants/v2 v2.5.0
 	github.com/prometheus/client_golang v1.19.0
 	github.com/prometheus/client_model v0.5.0
-	github.com/spf13/cobra v1.7.0
+	github.com/spf13/cobra v1.8.1
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.15.0
 	github.com/ssgreg/journald v1.0.0
@ -36,6 +37,7 @@ require (
 	golang.org/x/text v0.14.0
 	google.golang.org/grpc v1.63.2
 	google.golang.org/protobuf v1.33.0
+	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 )

 require (
@ -45,11 +47,11 @@ require (
 	git.frostfs.info/TrueCloudLab/tzhash v1.8.0 // indirect
 	github.com/VictoriaMetrics/easyproto v0.1.4 // indirect
 	github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
-	github.com/aws/smithy-go v1.13.5 // indirect
+	github.com/aws/smithy-go v1.20.3 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
--- a/go.sum
+++ b/go.sum
@ -66,10 +66,12 @@ github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8
 github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g=
 github.com/aws/aws-sdk-go v1.44.6 h1:Y+uHxmZfhRTLX2X3khkdxCoTZAyGEX21aOUHe1U6geg=
 github.com/aws/aws-sdk-go v1.44.6/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
-github.com/aws/aws-sdk-go-v2 v1.18.1 h1:+tefE750oAb7ZQGzla6bLkOwfcQCEtC5y2RqoqCeqKo=
-github.com/aws/aws-sdk-go-v2 v1.18.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
-github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
-github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/aws/aws-sdk-go-v2 v1.30.3 h1:jUeBtG0Ih+ZIFH0F4UkmL9w3cSpaMv9tYYDbzILP8dY=
+github.com/aws/aws-sdk-go-v2 v1.30.3/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.27 h1:2raNba6gr2IfA0eqqiP2XiQ0UVOpGPgDSi0I9iAP+UI=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.27/go.mod h1:gniiwbGahQByxan6YjQUMcW4Aov6bLC3m+evgcoN4r4=
+github.com/aws/smithy-go v1.20.3 h1:ryHwveWzPV5BIof6fyDvor6V3iUL7nTfiTKXHiW05nE=
+github.com/aws/smithy-go v1.20.3/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bits-and-blooms/bitset v1.8.0 h1:FD+XqgOZDUxxZ8hzoBFuV9+cGWY9CslN6d5MS5JVb4c=
@ -100,8 +102,8 @@ github.com/consensys/bavard v0.1.13/go.mod h1:9ItSMtA/dXMAiL7BG6bqW2m3NdSEObYWoH
 github.com/consensys/gnark-crypto v0.12.2-0.20231013160410-1f65e75b6dfb h1:f0BMgIjhZy4lSRHCXFbQst85f5agZAjtDMixQqBWNpc=
 github.com/consensys/gnark-crypto v0.12.2-0.20231013160410-1f65e75b6dfb/go.mod h1:v2Gy7L/4ZRosZ7Ivs+9SfUDr0f5UlG+EM5t7MPHiLuY=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
-github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@ -177,7 +179,6 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
@ -295,8 +296,8 @@ github.com/spf13/afero v1.9.3 h1:41FoI0fD7OR7mGcKE/aOiLkGreyf8ifIOQmJANWogMk=
 github.com/spf13/afero v1.9.3/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y=
 github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
 github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
-github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
-github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
+github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
+github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
@ -707,6 +708,8 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
+gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
--- a/internal/logs/logs.go
+++ b/internal/logs/logs.go
@ -99,6 +99,13 @@ const (
 	FailedToPassAuthentication                           = "failed to pass authentication"                                                                     // Error in ../../api/middleware/auth.go
 	FailedToResolveCID                                   = "failed to resolve CID"                                                                             // Debug in ../../api/middleware/metrics.go
 	RequestStart                                         = "request start"                                                                                     // Info in ../../api/middleware/reqinfo.go
+	LogHTTP                                              = "http log"                                                                                          // Info in ../../api/middleware/log_http.go
+	FailedToCloseHTTPBody                                = "failed to close http body"                                                                         // Error in ../../api/middleware/log_http.go
+	FailedToInitializeHTTPLogger                         = "failed to initialize http logger"                                                                  // Error in ../../api/middleware/log_http.go
+	FailedToReloadHTTPFileLogger                         = "failed to reload http file logger"                                                                 // Error in ../../api/middleware/log_http.go
+	FailedToReadHTTPBody                                 = "failed to read http body"                                                                          // Error in ../../api/middleware/log_http.go
+	FailedToProcessHTTPBody                              = "failed to process http body"                                                                       // Error in ../../api/middleware/log_http.go
+	LogHTTPDisabledInThisBuild                           = "http logging disabled in this build"                                                               // Warn in ../../api/middleware/log_http_stub.go
 	FailedToUnescapeObjectName                           = "failed to unescape object name"                                                                    // Warn in ../../api/middleware/reqinfo.go
 	InvalidDefaultMaxAge                                 = "invalid defaultMaxAge"                                                                             // Fatal in ../../cmd/s3-gw/app_settings.go
 	CantShutDownService                                  = "can't shut down service"                                                                           // Panic in ../../cmd/s3-gw/service.go
@ -162,4 +169,5 @@ const (
 	WarnValueVHSEnabledFlagWrongType                     = "the value of the VHS enable flag for the namespace is of the wrong type, config value skipped"
 	WarnDomainContainsInvalidPlaceholder                 = "the domain contains an invalid placeholder, domain skipped"
 	FailedToRemoveOldPartNode                            = "failed to remove old part node"
+	CouldntCacheNetworkInfo                              = "couldn't cache network info"
 )
--- a/pkg/detector/detector.go
+++ b/pkg/detector/detector.go
@ -1,15 +1,15 @@
-package layer
+package detector

 import (
 	"io"
-	"net/http"
 )

 type (
-	detector struct {
+	Detector struct {
 		io.Reader
-		err  error
-		data []byte
+		err        error
+		data       []byte
+		detectFunc func([]byte) string
 	}
 	errReader struct {
 		data   []byte
@ -36,23 +36,24 @@ func (r *errReader) Read(b []byte) (int, error) {
 	return n, nil
 }

-func newDetector(reader io.Reader) *detector {
-	return &detector{
-		data:   make([]byte, contentTypeDetectSize),
-		Reader: reader,
+func NewDetector(reader io.Reader, detectFunc func([]byte) string) *Detector {
+	return &Detector{
+		data:       make([]byte, contentTypeDetectSize),
+		Reader:     reader,
+		detectFunc: detectFunc,
 	}
 }

-func (d *detector) Detect() (string, error) {
+func (d *Detector) Detect() (string, error) {
 	n, err := d.Reader.Read(d.data)
 	if err != nil && err != io.EOF {
 		d.err = err
 		return "", err
 	}
 	d.data = d.data[:n]
-	return http.DetectContentType(d.data), nil
+	return d.detectFunc(d.data), nil
 }

-func (d *detector) MultiReader() io.Reader {
+func (d *Detector) RestoredReader() io.Reader {
 	return io.MultiReader(newReader(d.data, d.err), d.Reader)
 }
--- a/pkg/xmlutils/xmlutils.go
+++ b/pkg/xmlutils/xmlutils.go
@ -0,0 +1,48 @@
+package xmlutils
+
+import (
+	"bytes"
+	"encoding/base64"
+	"encoding/xml"
+	"io"
+)
+
+type nopCloseWriter struct {
+	io.Writer
+}
+
+func (b nopCloseWriter) Close() error {
+	return nil
+}
+
+const (
+	nonXML  = "nonXML"
+	typeXML = "application/xml"
+)
+
+func DetectXML(data []byte) string {
+	token, err := xml.NewDecoder(bytes.NewReader(data)).RawToken()
+	if err != nil {
+		return nonXML
+	}
+
+	switch token.(type) {
+	case xml.StartElement, xml.ProcInst:
+		return typeXML
+	}
+	return nonXML
+}
+
+func ChooseWriter(dataType string, bodyWriter io.Writer) io.WriteCloser {
+	if dataType == typeXML {
+		return nopCloseWriter{bodyWriter}
+	}
+	return base64.NewEncoder(base64.StdEncoding, bodyWriter)
+}
+
+func ChooseReader(dataType string, bodyReader io.Reader) io.Reader {
+	if dataType == typeXML {
+		return bodyReader
+	}
+	return base64.NewDecoder(base64.StdEncoding, bodyReader)
+}
Author	SHA1	Message	Date
Roman Ognev	26baf8a94e	[#492 ] Add panic catchers to fuzzing tests Signed-off-by: Roman Ognev <r.ognev@yadro.com>	2024-09-16 10:36:30 +00:00
Marina Biryukova	f187141ae5	[#486 ] Fix PUT object with negative Content-Length Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>	2024-09-16 08:45:46 +00:00
Marina Biryukova	3cffc782e9	[#486 ] Fix PUT encrypted object Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>	2024-09-16 08:45:46 +00:00
Marina Biryukova	d0e4d55772	[#460 ] Add network info cache Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>	2024-09-13 09:56:24 +00:00
Alex Vanin	42e72889a5	[#450 ] Add test for chunk-encoded object size All checks were successful / DCO (pull_request) Successful in 1m9s Details / Vulncheck (pull_request) Successful in 1m20s Details / Builds (pull_request) Successful in 1m52s Details / Lint (pull_request) Successful in 2m47s Details / Tests (pull_request) Successful in 1m49s Details Signed-off-by: Alex Vanin <a.vanin@yadro.com>	2024-09-13 12:00:24 +03:00
Pavel Pogodaev	98815d5473	[#450 ] Fix aws-chunked header workflow Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>	2024-09-13 11:59:07 +03:00
Nikita Zinkevich	62615d7ab7	[#369 ] Request reproducer All checks were successful / DCO (pull_request) Successful in 47s Details / Builds (pull_request) Successful in 59s Details / Vulncheck (pull_request) Successful in 1m15s Details / Lint (pull_request) Successful in 2m15s Details / Tests (pull_request) Successful in 1m20s Details Signed-off-by: Nikita Zinkevich <n.zinkevich@yadro.com>	2024-09-11 15:25:09 +03:00
Nikita Zinkevich	575ab4d294	[#369 ] Enhanced http requests logging Signed-off-by: Nikita Zinkevich <n.zinkevich@yadro.com>	2024-09-11 15:25:09 +03:00