Hello,
Thanks for sharing this. This is a really great addition to the openresty/lua ecosystem. You may want to have a look at some of the available WAF modules that will provide some expanded functionality outside the scope of libinjection. Also an interesting article from cloudflare on using agentzh's systemtap tools to profile WAF performance at scale
https://blog.cloudflare.com/cloudflares-new-waf-compiling-to-lua/. You may want to explore using the no-pool-patch (provided with the openresty bundle) to use valgrind to check for any leakage (it doesn't appear likely in your lib).
Admittedly my FFI skills are not great either so take this with a grain of salt.
1) I'm never quite sure on the best design practices here. Since it seems libinjection maintains state in a single struct, it's allocation/deallocation lifecycle will be closer aligned with the lifecycle of the server itself, so I think it's ok. In other types of projects where there is per request or per call allocation, I think closer integration with GC is desirable to avoid leaks. Suffice to say this line is just noise, it does not seem to apply to your module.
Other similar modules you may draw inspiration from:
If you manage to separate your code from shipping a compiled shared object (that is likely platform dependent), I would be interested in evaluating your module. Until then, I will not load stange compiled code :)
-Brandon