getting rid of getAddress() and getNetmask methods, using getAddressPtr() and getNetmaskPtr(). Tested and debugged GUI and compiler for iptables

2026-03-20 18:27:16 +01:00 · 2008-05-19 02:58:20 +00:00 · 2008-05-19 02:58:20 +00:00 · 568c0ca1b6
commit 568c0ca1b6
parent 7da0a53389
49 changed files with 361 additions and 315 deletions
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,3 +1,10 @@
+2008-05-18  Vadim Kurland  <vadim@vk.crocodile.org>
+
+	* OSConfigurator_linux24.cpp: compiler for iptables converted to
+	use exclusively methods getAddressPtr and getNetmaskPtr. Checking
+	for when Address object has no IP address where
+	appropriate (getAddressPtr() returns NULL in this case).
+
 2008-05-10  vadim  <vadim@vk.crocodile.org>

 	* pf.cpp: (from 2.1) fixed bug #1961202: "Pf Timeouts overriden by
--- a/src/cisco_lib/Helper.cpp
+++ b/src/cisco_lib/Helper.cpp
@ -100,7 +100,7 @@ void Helper::expand_group_recursive(FWObject *o,list<FWObject*> &ol)

 string  Helper::findInterfaceByAddress(libfwbuilder::Address *obj)
 {
-    return findInterfaceByAddress(obj->getAddress());
+    return findInterfaceByAddress( *(obj->getAddressPtr()) );
 }

 string  Helper::findInterfaceByAddress(const libfwbuilder::InetAddr &addr)
@ -116,7 +116,7 @@ string  Helper::findInterfaceByAddress(const libfwbuilder::InetAddr &addr)

 string  Helper::findInterfaceByNetzone(Address *obj)
 {
-    return findInterfaceByNetzone(obj->getAddress());
+    return findInterfaceByNetzone(*(obj->getAddressPtr()));
 }

 string  Helper::findInterfaceByNetzone(const InetAddr &addr) throw(string)
@ -240,7 +240,7 @@ list<string>  Helper::findInterfaceByNetzoneOrAll(RuleElement *re)

 string triplet::hash()
 {
-    return src->getAddress().toString() + "." +
-        dst->getAddress().toString() + "." +
+    return src->getAddressPtr()->toString() + "." +
+        dst->getAddressPtr()->toString() + "." +
        srv->getId();
 }
--- a/src/fwblookup/fwblookup.cpp
+++ b/src/fwblookup/fwblookup.cpp
@ -291,7 +291,8 @@ int main(int argc, char * const *argv)
            if ( print_addr ) 
            {
                if (Address::cast(obj)!=NULL)
-                    cout << Address::cast(obj)->getAddress().toString() << endl;
+                    cout << Address::cast(obj)->getAddressPtr()->toString()
+                         << endl;
                else {
                    SNPRINTF(errstr,sizeof(errstr),
                             _("Can not print address for %s (ID='%s'): objects of this type do not have address"),
--- a/src/gui/DiscoveryDruid.cpp
+++ b/src/gui/DiscoveryDruid.cpp
@ -1486,8 +1486,8 @@ void DiscoveryDruid::loadDataFromCrawler()
        ObjectDescriptor od;
        
        od.sysname = m->toString();
-        od.addr = m->getAddress();
-        od.netmask = m->getNetmask();
+        od.addr = *(m->getAddressPtr());
+        od.netmask = *(m->getNetmaskPtr());
        od.type = Network::TYPENAME;
        od.isSelected = false;
        
--- a/src/gui/FWObjectPropertiesFactory.cpp
+++ b/src/gui/FWObjectPropertiesFactory.cpp
@ -91,9 +91,9 @@ QString FWObjectPropertiesFactory::getObjectProperties(FWObject *obj)
    {
        if (IPv4::isA(obj))
        {
-            str <<  IPv4::cast(obj)->getAddress().toString().c_str();
+            str <<  IPv4::cast(obj)->getAddressPtr()->toString().c_str();
            str << "/";
-            str << IPv4::cast(obj)->getNetmask().toString().c_str();
+            str << IPv4::cast(obj)->getNetmaskPtr()->toString().c_str();

        } else if (physAddress::isA(obj))
        {
@ -135,7 +135,7 @@ QString FWObjectPropertiesFactory::getObjectProperties(FWObject *obj)

        } else if (Host::isA(obj))
        {
-            str <<  Address::cast(obj)->getAddress().toString().c_str();
+            str <<  Address::cast(obj)->getAddressPtr()->toString().c_str();

            FWObject *co=obj->getFirstByType("Interface");
            if (co!=NULL) 
@ -148,9 +148,9 @@ QString FWObjectPropertiesFactory::getObjectProperties(FWObject *obj)
        } else if (Network::isA(obj))
        {
            Network *n=Network::cast(obj);
-            str << n->getAddress().toString().c_str();
+            str << n->getAddressPtr()->toString().c_str();
            str << "/";
-            str << n->getNetmask().toString().c_str();
+            str << n->getNetmaskPtr()->toString().c_str();

        } else if (Group::cast(obj)!=NULL)   // just any group
        {
@ -271,9 +271,9 @@ QString FWObjectPropertiesFactory::getObjectPropertiesDetailed(FWObject *obj,
        if (IPv4::isA(obj))
        {
            if (showPath && !tooltip) str += "<b>Path: </b>" + path + "<br>\n";
-            str +=  IPv4::cast(obj)->getAddress().toString().c_str();
+            str +=  IPv4::cast(obj)->getAddressPtr()->toString().c_str();
            str += "/";
-            str += IPv4::cast(obj)->getNetmask().toString().c_str();
+            str += IPv4::cast(obj)->getNetmaskPtr()->toString().c_str();

        } else if (physAddress::isA(obj))
        {
@ -320,9 +320,9 @@ QString FWObjectPropertiesFactory::getObjectPropertiesDetailed(FWObject *obj,
        {
            if (showPath && !tooltip) str += "<b>Path: </b>" + path + "<br>\n";
            Network *n=Network::cast(obj);
-            str += n->getAddress().toString().c_str();
+            str += n->getAddressPtr()->toString().c_str();
            str += "/";
-            str += n->getNetmask().toString().c_str();
+            str += n->getNetmaskPtr()->toString().c_str();

        } else if (Group::cast(obj)!=NULL)   // just any group
        {
--- a/src/gui/FindObjectWidget.cpp
+++ b/src/gui/FindObjectWidget.cpp
@ -186,7 +186,7 @@ bool FindObjectWidget::matchAttr(libfwbuilder::FWObject *obj)
        Address *a = Address::cast(obj);
        if (a!=NULL)
        {
-            QString addr = a->getAddress().toString().c_str();
+            QString addr = a->getAddressPtr()->toString().c_str();

            if (m_widget->useRegexp->isChecked()) res= ( addr.indexOf( QRegExp(s) )!=-1 );
            else                        res= ( addr == s );
--- a/src/gui/IPv4Dialog.cpp
+++ b/src/gui/IPv4Dialog.cpp
@ -107,13 +107,13 @@ void IPv4Dialog::loadFWObject(FWObject *o)
 * still can show netmask */
    try
    {
-        m_dialog->address->setText( s->getAddress().toString().c_str() );
+        m_dialog->address->setText( s->getAddressPtr()->toString().c_str() );
    } catch (FWException &ex) {}

    try
    {
        if ( Interface::isA( obj->getParent() ) )
-            m_dialog->netmask->setText( s->getNetmask().toString().c_str() );
+            m_dialog->netmask->setText( s->getNetmaskPtr()->toString().c_str() );
    } catch (FWException &ex) {}

    //apply->setEnabled( false );
--- a/src/gui/IPv6Dialog.cpp
+++ b/src/gui/IPv6Dialog.cpp
@ -109,13 +109,13 @@ void IPv6Dialog::loadFWObject(FWObject *o)
    try
    {
        m_dialog->address->setText( Inet6Addr().toString().c_str() );
-        m_dialog->address->setText( s->getAddress(true).toString().c_str() );
+        m_dialog->address->setText( s->getAddressPtr(true)->toString().c_str());
    } catch (FWException &ex) {}

    try
    {
        if ( Interface::isA( obj->getParent() ) )
-            m_dialog->netmask->setText( s->getNetmask().toString().c_str() );
+            m_dialog->netmask->setText( s->getNetmaskPtr()->toString().c_str());
    } catch (FWException &ex) {}

    //apply->setEnabled( false );
--- a/src/gui/InterfaceData.cpp
+++ b/src/gui/InterfaceData.cpp
@ -35,6 +35,34 @@
 using namespace libfwbuilder;
 using namespace std;

+InterfaceData::InterfaceData(const libfwbuilder::Interface &iface) 
+{
+    id = iface.getId();
+    name = iface.getName();
+
+    IPv4 *addr = IPv4::cast(iface.getFirstByType(IPv4::TYPENAME));
+    if (addr)
+    {
+        address = addr->getAddressPtr()->toString();
+        netmask = addr->getNetmaskPtr()->toString();
+    }
+    else
+    {
+        address = "";
+        netmask = "";
+    }
+
+    securityLevel = iface.getSecurityLevel();
+    isDyn = iface.isDyn();
+    isUnnumbered = iface.isUnnumbered();
+    isBridgePort = iface.isBridgePort();
+    libfwbuilder::physAddress *pa = iface.getPhysicalAddress();
+    if (pa!=NULL)
+        physicalAddress = pa->getPhysAddress();
+    label = iface.getLabel();
+    networkZone = iface.getStr("network_zone");
+}
+
 void InterfaceData::guessLabel(const string &platform)
 {
 /*
--- a/src/gui/InterfaceData.h
+++ b/src/gui/InterfaceData.h
@ -55,22 +55,7 @@ struct InterfaceData
        securityLevel = 0;
    }

-    InterfaceData(const libfwbuilder::Interface &iface) 
-    {
-        id = iface.getId();
-        name = iface.getName();
-        address = iface.getAddress().toString();
-        netmask = iface.getNetmask().toString();
-        securityLevel = iface.getSecurityLevel();
-        isDyn = iface.isDyn();
-        isUnnumbered = iface.isUnnumbered();
-        isBridgePort = iface.isBridgePort();
-        libfwbuilder::physAddress *pa = iface.getPhysicalAddress();
-        if (pa!=NULL)
-            physicalAddress = pa->getPhysAddress();
-        label = iface.getLabel();
-        networkZone = iface.getStr("network_zone");
-    }
+    InterfaceData(const libfwbuilder::Interface &iface);

 /**
 *  this method is a collection of heuristics that allow us to assign
--- a/src/gui/NetworkDialog.cpp
+++ b/src/gui/NetworkDialog.cpp
@ -72,8 +72,8 @@ void NetworkDialog::loadFWObject(FWObject *o)
    fillLibraries(m_dialog->libs,obj);

    m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) );
-    m_dialog->address->setText( s->getAddress().toString().c_str() );
-    m_dialog->netmask->setText( s->getNetmask().toString().c_str() );
+    m_dialog->address->setText( s->getAddressPtr()->toString().c_str() );
+    m_dialog->netmask->setText( s->getNetmaskPtr()->toString().c_str() );
    m_dialog->comment->setText( QString::fromUtf8(s->getComment().c_str()) );

    //apply->setEnabled( false );
--- a/src/gui/NetworkDialogIPv6.cpp
+++ b/src/gui/NetworkDialogIPv6.cpp
@ -73,8 +73,8 @@ void NetworkDialogIPv6::loadFWObject(FWObject *o)
    fillLibraries(m_dialog->libs,obj);

    m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) );
-    m_dialog->address->setText( s->getAddress().toString().c_str() );
-    m_dialog->netmask->setText( s->getNetmask().toString().c_str() );
+    m_dialog->address->setText( s->getAddressPtr()->toString().c_str() );
+    m_dialog->netmask->setText( s->getNetmaskPtr()->toString().c_str() );
    m_dialog->comment->setText( QString::fromUtf8(s->getComment().c_str()) );

    //apply->setEnabled( false );
--- a/src/gui/findDialog.cpp
+++ b/src/gui/findDialog.cpp
@ -159,7 +159,7 @@ bool findDialog::matchAttr(libfwbuilder::FWObject *obj)
        Address *a = Address::cast(obj);
        if (a!=NULL)
        {
-            QString addr = a->getAddress().toString().c_str();
+            QString addr = a->getAddressPtr()->toString().c_str();
            if (m_dialog->useRegexp->isChecked()) res= ( addr.indexOf( QRegExp(s) )!=-1 );
            else                        res= ( addr == s );
        }
--- a/src/gui/iosaclAdvancedDialog.cpp
+++ b/src/gui/iosaclAdvancedDialog.cpp
@ -335,7 +335,7 @@ void iosaclAdvancedDialog::accept()
 //    pis->setCommand( installScript->text() );
 //    pis->setArguments( installScriptArgs->text() );

-    mgmt->setAddress( (Firewall::cast(obj))->getAddress() );
+    mgmt->setAddress( *((Firewall::cast(obj))->getAddressPtr()) );


    PolicyInstallScript *pis   = mgmt->getPolicyInstallScript();
--- a/src/gui/iptAdvancedDialog.cpp
+++ b/src/gui/iptAdvancedDialog.cpp
@ -217,7 +217,7 @@ void iptAdvancedDialog::accept()
 /*********************  data for fwbd and install script **************/
    PolicyInstallScript *pis   = mgmt->getPolicyInstallScript();

-    mgmt->setAddress( (Firewall::cast(obj))->getAddress() );
+    mgmt->setAddress( *((Firewall::cast(obj))->getAddressPtr()) );

    pis->setCommand( m_dialog->installScript->text().toLatin1().constData() );
    pis->setArguments( m_dialog->installScriptArgs->text().toLatin1().constData() );
--- a/src/gui/newFirewallDialog.cpp
+++ b/src/gui/newFirewallDialog.cpp
@ -562,8 +562,8 @@ void newFirewallDialog::fillInterfaceData(Interface *intf, QTextBrowser *qte)
            if (intf->isBridgePort()) s +=  tr("Bridge port");
            else
                s += QString("%1/%2")
-                    .arg(intf->getAddress().toString().c_str())
-                    .arg( intf->getNetmask().toString().c_str());
+                    .arg(intf->getAddressPtr()->toString().c_str())
+                    .arg(intf->getNetmaskPtr()->toString().c_str());
    s += "</td>";
    s += "</tr>";
    s += "</table>";
--- a/src/gui/newHostDialog.cpp
+++ b/src/gui/newHostDialog.cpp
@ -472,8 +472,8 @@ void newHostDialog::fillInterfaceData(Interface *intf, QTextBrowser *qte)
        if (intf->isUnnumbered()) s +=  tr("Unnumbered interface");
        else
            s += QString("%1/%2")
-                .arg(intf->getAddress().toString().c_str())
-                .arg( intf->getNetmask().toString().c_str());
+                .arg(intf->getAddressPtr()->toString().c_str())
+                .arg(intf->getNetmaskPtr()->toString().c_str());
    s += "</td>";
    s += "</tr>";
    s += "</table>";
--- a/src/gui/pixAdvancedDialog.cpp
+++ b/src/gui/pixAdvancedDialog.cpp
@ -756,7 +756,7 @@ void pixAdvancedDialog::accept()
 //    pis->setCommand( installScript->text() );
 //    pis->setArguments( installScriptArgs->text() );

-    mgmt->setAddress( (Firewall::cast(obj))->getAddress() );
+    mgmt->setAddress( *((Firewall::cast(obj))->getAddressPtr()) );


    if (syslogDeviceIdSupported)
--- a/src/iosacl/OSConfigurator_ios.cpp
+++ b/src/iosacl/OSConfigurator_ios.cpp
@ -148,9 +148,9 @@ string OSConfigurator_ios::_printIPAddress()
            if ((n = setAddrCmd.find("%in"))!=string::npos)
                setAddrCmd.replace(n,3,iface->getName());
            if ((n = setAddrCmd.find("%a"))!=string::npos)
-                setAddrCmd.replace(n,2,iface->getAddress().toString());
+                setAddrCmd.replace(n,2,iface->getAddressPtr()->toString());
            if ((n = setAddrCmd.find("%n"))!=string::npos)
-                setAddrCmd.replace(n,2,iface->getNetmask().toString());
+                setAddrCmd.replace(n,2,iface->getNetmaskPtr()->toString());

            res << setAddrCmd;
        }        
--- a/src/iosacl/PolicyCompiler_iosacl_writers.cpp
+++ b/src/iosacl/PolicyCompiler_iosacl_writers.cpp
@ -371,8 +371,8 @@ string PolicyCompiler_iosacl::PrintRule::_printAddr(libfwbuilder::Address  *o)
 {
    ostringstream  str;

-    InetAddr srcaddr=o->getAddress();
-    InetAddr srcmask=o->getNetmask();
+    const InetAddr *srcaddr = o->getAddressPtr();
+    InetAddr srcmask = *(o->getNetmaskPtr());

    if (Interface::cast(o)!=NULL)
    {
@ -382,23 +382,23 @@ string PolicyCompiler_iosacl::PrintRule::_printAddr(libfwbuilder::Address  *o)
 	    return string("interface ") + interface_->getLabel() + " ";
 	}

-	srcmask=InetAddr(InetAddr::getAllOnes());
+	srcmask = InetAddr(InetAddr::getAllOnes());
    }

    if (IPv4::cast(o)!=NULL) 
-	srcmask=InetAddr(InetAddr::getAllOnes());
+	srcmask = InetAddr(InetAddr::getAllOnes());


-    if (srcaddr.isAny() && srcmask.isAny())
+    if (srcaddr->isAny() && srcmask.isAny())
    {
 	str << "any ";
    } else {
 	if (srcmask.isHostMask())
        {
-	    str << "host " << srcaddr.toString() << " ";
+	    str << "host " << srcaddr->toString() << " ";
 	} else
        {
-	    str << srcaddr.toString() << " ";
+	    str << srcaddr->toString() << " ";

            // cisco uses "wildcards" instead of netmasks

--- a/src/ipf/ipf.cpp
+++ b/src/ipf/ipf.cpp
@ -103,7 +103,7 @@ FWObjectDatabase       *objdb = NULL;
 class UpgradePredicate: public XMLTools::UpgradePredicate
 {
    public:
-    virtual bool operator()(const string &msg) const 
+    virtual bool operator()(const string&) const 
    { 
 	cout << _("Data file has been created in the old version of Firewall Builder. Use fwbuilder GUI to convert it.") << endl;
 	return false;
@ -319,7 +319,7 @@ int main(int argc, char * const *argv)
                for (list<FWObject*>::iterator j=la.begin(); j!=la.end(); ++j) 
                {
                    IPv4 *ipv4 = IPv4::cast(*j);
-                    if ( ipv4->getAddress() == InetAddr::getAny())
+                    if ( ipv4->getAddressPtr()->isAny())
                    {
                        char errstr[256];
                        sprintf(errstr,
--- a/src/ipfw/ipfw.cpp
+++ b/src/ipfw/ipfw.cpp
@ -103,7 +103,7 @@ FWObjectDatabase       *objdb = NULL;
 class UpgradePredicate: public XMLTools::UpgradePredicate
 {
    public:
-    virtual bool operator()(const string &msg) const 
+    virtual bool operator()(const string&) const 
    { 
 	cout << _("Data file has been created in the old version of Firewall Builder. Use fwbuilder GUI to convert it.") << endl;
 	return false;
@ -286,7 +286,7 @@ int main(int argc, char * const *argv)
                for (list<FWObject*>::iterator j=la.begin(); j!=la.end(); ++j) 
                {
                    IPv4 *ipv4 = IPv4::cast(*j);
-                    if ( ipv4->getAddress() == InetAddr::getAny())
+                    if ( ipv4->getAddressPtr()->isAny())
                    {
                        char errstr[256];
                        sprintf(errstr,
--- a/src/ipt/NATCompiler_PrintRule.cpp
+++ b/src/ipt/NATCompiler_PrintRule.cpp
@ -427,7 +427,8 @@ string NATCompiler_ipt::PrintRule::_printDstService(RuleElementOSrv  *rel)
    return ostr.str();
 }

-string NATCompiler_ipt::PrintRule::_printAddr(Address  *o,bool print_mask,bool print_range)
+string NATCompiler_ipt::PrintRule::_printAddr(Address  *o,
+                                              bool print_mask, bool print_range)
 {
    NATCompiler_ipt *ipt_comp=dynamic_cast<NATCompiler_ipt*>(compiler);
    std::ostringstream  ostr;
@ -460,35 +461,38 @@ string NATCompiler_ipt::PrintRule::_printAddr(Address  *o,bool print_mask,bool p
 	ostr << a1.toString() << "-" << a2.toString();
    } else
    {
-        const InetAddr& addr = o->getAddress();
-        const InetAddr& mask = o->getNetmask();
-
        Interface *iface = Interface::cast(o);
-        if (iface!=NULL)
+        if (iface!=NULL && iface->isDyn() && iface->getBool("use_var_address"))
        {
-            if (iface->isDyn() && iface->getBool("use_var_address"))
-            {
-                ostr << "$" << ipt_comp->getInterfaceVarName(iface) << " ";
-                return ostr.str();
-            }
-            ostr << addr.toString();
+            ostr << "$" << ipt_comp->getInterfaceVarName(iface) << " ";
            return ostr.str();
        }

-	if (addr == InetAddr::getAny() && mask == InetAddr::getAny())
+        const InetAddr* addr = o->getAddressPtr();
+        const InetAddr* mask = o->getNetmaskPtr();
+        if (addr && mask)
        {
-	    ostr << "0/0";
-	} else
-        {	
-	    ostr << addr.toString();
-
-            if (print_mask &&
-                Address::cast(o)->dimension()!=1 &&
-                !mask.isHostMask())
+            if (iface!=NULL)
            {
-                ostr << "/" << mask.getLength();
+                ostr << addr->toString();
+                return ostr.str();
            }
-	}
+
+            if (addr->isAny() && mask->isAny())
+            {
+                ostr << "0/0";
+            } else
+            {	
+                ostr << addr->toString();
+
+                if (print_mask &&
+                    Address::cast(o)->dimension()!=1 &&
+                    !mask->isHostMask())
+                {
+                    ostr << "/" << mask->getLength();
+                }
+            }
+        }
    }
    return ostr.str();
 }
@ -571,17 +575,12 @@ bool NATCompiler_ipt::PrintRule::processNext()
 	    cmdout << " -m mac --mac-source "
                             << physaddress;
        }
-/*
- * fool-proof: this is last resort check for situation when user created IPv4 object
- * for the interface but left it with empty address ( 0.0.0.0 ). 
- */
-        if ( ! physaddress.empty() && osrc->getAddress()==InetAddr())
+
+        const InetAddr *osrc_addr = osrc->getAddressPtr();
+        if (osrc_addr==NULL || !osrc_addr->isAny())
        {
-            ;
-        } else
-        {
-            cmdout << " -s ";
-            cmdout << _printAddr(osrc);
+            string osrc_out = _printAddr(osrc);
+            if (!osrc_out.empty()) cmdout << " -s " << osrc_out;
        }

 //	cmdout << " -s ";
--- a/src/ipt/NATCompiler_ipt.cpp
+++ b/src/ipt/NATCompiler_ipt.cpp
@ -197,8 +197,8 @@ void NATCompiler_ipt::_expandInterface(Interface *iface,
            dbcopy->addToIndex(ca);
            cacheObj(ca);
            ca->setName( "CA("+iface->getName()+")" );
-            ca->setAddress( ipv4->getAddress() );
-            ca->setNetmask( ipv4->getNetmask() );
+            ca->setAddress( *(ipv4->getAddressPtr()) );
+            ca->setNetmask( *(ipv4->getNetmaskPtr()) );
            ca->setPhysAddress( pa->getPhysAddress() );
            nol.push_back(ca);
        } else
@ -454,7 +454,7 @@ bool NATCompiler_ipt::VerifyRules::processNext()
        Network *a1=Network::cast(compiler->getFirstOSrc(rule));
        Network *a2=Network::cast(compiler->getFirstTSrc(rule));
        if ( a1==NULL || a2==NULL ||
-             a1->getNetmask().getLength()!=a2->getNetmask().getLength() )
+             a1->getNetmaskPtr()->getLength() != a2->getNetmaskPtr()->getLength() )
            throw FWException(_("Original and translated source should both be networks of the same size . Rule ")+rule->getLabel());
    }

@ -463,7 +463,7 @@ bool NATCompiler_ipt::VerifyRules::processNext()
        Network *a1=Network::cast(compiler->getFirstODst(rule));
        Network *a2=Network::cast(compiler->getFirstTDst(rule));
        if ( a1==NULL || a2==NULL ||
-             a1->getNetmask().getLength()!=a2->getNetmask().getLength() )
+             a1->getNetmaskPtr()->getLength() != a2->getNetmaskPtr()->getLength() )
            throw FWException(_("Original and translated destination should both be networks of the same size . Rule ")+rule->getLabel());
    }

--- a/src/ipt/OSConfigurator_linux24.cpp
+++ b/src/ipt/OSConfigurator_linux24.cpp
@ -202,23 +202,23 @@ void OSConfigurator_linux24::addVirtualAddressForNAT(const Network *nw)
    {
        if (virtual_addresses.empty() || 
            find(virtual_addresses.begin(),virtual_addresses.end(),
-                 nw->getAddress())==virtual_addresses.end()) 
+                 *(nw->getAddressPtr())) == virtual_addresses.end())
        {
            Interface *iface=findInterfaceFor( nw, fw );
            if (iface!=NULL)
            {
-                const InetAddr& a = nw->getAddress();
+                const InetAddr *a = nw->getAddressPtr();
                string str, subnet, first, last;

-                first  = (a + 1).toString();
-                last   = (nw->getBroadcastAddress() -1).toString();
+                first  = (*a + 1).toString();
+                last   = (*(nw->getBroadcastAddressPtr()) -1).toString();

                ostr                                       << endl;

                ostr << "a=\"" << first << "\""            << endl;
                ostr << "while test \"$a\" != \"" << last << "\"; do" << endl;

-                ostr << "  add_addr ${a} " << nw->getNetmask().getLength()
+                ostr << "  add_addr ${a} " << nw->getNetmaskPtr()->getLength()
                     << " " << iface->getName() << endl;

                ostr                                       << endl;
@ -234,10 +234,11 @@ void OSConfigurator_linux24::addVirtualAddressForNAT(const Network *nw)
                ostr << "  a=$a4\".\"$a3\".\"$a2\".\"$a1"  << endl;

                ostr << "done" << endl << endl;
-                virtual_addresses.push_back(nw->getAddress());
+                virtual_addresses.push_back( *(nw->getAddressPtr()) );
                registerVirtualAddressForNat();
            } else
-                warning(_("Can not add virtual address ") + nw->getAddress().toString() +
+                warning(_("Can not add virtual address ") +
+                        nw->getAddressPtr()->toString() +
                        _(" (object ") + nw->getName() + ")" );
        }
        commands_to_add_virtual_addresses.push_back(ostr.str());
@ -253,7 +254,7 @@ void OSConfigurator_linux24::addVirtualAddressForNAT(const Address *addr)
    {
        if (virtual_addresses.empty() || 
            find(virtual_addresses.begin(),virtual_addresses.end(),
-                 addr->getAddress())==virtual_addresses.end()) 
+                 *(addr->getAddressPtr())) == virtual_addresses.end()) 
        {
            FWObject *vaddr = findAddressFor(addr, fw );
            if (vaddr!=NULL)
@ -265,15 +266,15 @@ void OSConfigurator_linux24::addVirtualAddressForNAT(const Address *addr)
                    vaddr)->getAddressObjectInetAddrMask();
                assert(vaddr_addr!=NULL);

-                ostr << "add_addr " << addr->getAddress().toString() << " "
-                       << vaddr_addr->getNetmask().getLength() <<  " "
+                ostr << "add_addr " << addr->getAddressPtr()->toString() << " "
+                       << vaddr_addr->getNetmaskPtr()->getLength() <<  " "
                       << iface->getName() << endl;
        
-                virtual_addresses.push_back(addr->getAddress());
+                virtual_addresses.push_back(*(addr->getAddressPtr()));
                registerVirtualAddressForNat();
            } else
                warning(_("Can not add virtual address ") + 
-                        addr->getAddress().toString() +
+                        addr->getAddressPtr()->toString() +
                        _(" (object ") + addr->getName() + ")" );
        }
        commands_to_add_virtual_addresses.push_back(ostr.str());
@ -364,12 +365,13 @@ void OSConfigurator_linux24::configureInterfaces()
            {
                const InetAddrMask *iaddr = Address::cast(*j)->getAddressObjectInetAddrMask();

-                output << "add_addr " << iaddr->getAddress().toString() << " "
-                       << iaddr->getNetmask().getLength() << " "
+                output << "add_addr " << iaddr->getAddressPtr()->toString()
+                       << " "
+                       << iaddr->getNetmaskPtr()->getLength() << " "
                       << iface->getName() << endl;
 // add to the table of virtual addresses so we won't generate code to
 // configure the same address if it is needed for NAT
-                virtual_addresses.push_back(iaddr->getAddress());
+                virtual_addresses.push_back(*(iaddr->getAddressPtr()));
            }
            output << "$IP link set " << iface->getName() << " up" << endl;
        }
--- a/src/ipt/PolicyCompiler_PrintRule.cpp
+++ b/src/ipt/PolicyCompiler_PrintRule.cpp
@ -911,21 +911,21 @@ string PolicyCompiler_ipt::PrintRule::_printAddr(Address  *o)
        return ostr.str();
    }

-    const InetAddr& addr = o->getAddress();
-    const InetAddr& mask = o->getNetmask();
+    const InetAddr *addr = o->getAddressPtr();
+    const InetAddr *mask = o->getNetmaskPtr();

-    if (addr.isAny() && mask.isAny())
+    if (addr->isAny() && mask->isAny())
    {
        ostr << "0/0 ";
    } else 
    {
-        ostr << addr.toString();
+        ostr << addr->toString();

        if (Interface::cast(o)==NULL &&
            Address::cast(o)->dimension() > 1 &&
-            !mask.isHostMask())
+            !mask->isHostMask())
        {
-            ostr << "/" << mask.getLength();
+            ostr << "/" << mask->getLength();
        }
        ostr << " ";
    }
@ -1155,7 +1155,7 @@ string PolicyCompiler_ipt::PrintRule::PolicyRuleToString(PolicyRule *rule)
 * combinedAddress::hasInetAddress returns true;
 *
 */
-            if (src->hasInetAddress() && !src->getAddress().isAny())
+            if (src->hasInetAddress() && !src->getAddressPtr()->isAny())
            {
                command_line << " -s " << _printSingleObjectNegation(srcrel);
                command_line << _printAddr(src);
--- a/src/ipt/PolicyCompiler_ipt.cpp
+++ b/src/ipt/PolicyCompiler_ipt.cpp
@ -236,8 +236,8 @@ void PolicyCompiler_ipt::_expandInterface(Interface *iface,
                dbcopy->add(ca);
                cacheObj(ca);
                ca->setName( "CA("+iface->getName()+")" );
-                ca->setAddress( ipv4->getAddress() );
-                ca->setNetmask( ipv4->getNetmask() );
+                ca->setAddress( *(ipv4->getAddressPtr()) );
+                ca->setNetmask( *(ipv4->getNetmaskPtr()) );
                ca->setPhysAddress( pa->getPhysAddress() );

                ol.push_back(ca);
@ -1709,9 +1709,9 @@ bool PolicyCompiler_ipt::bridgingFw::checkForMatchingBroadcastAndMulticast(
    Address *addr)
 {

-    const InetAddr& obj1_addr = addr->getAddress();
-    if (!obj1_addr.isAny() &&
-        (obj1_addr.isBroadcast() || obj1_addr.isMulticast())
+    const InetAddr *obj1_addr = addr->getAddressPtr();
+    if (!obj1_addr->isAny() &&
+        (obj1_addr->isBroadcast() || obj1_addr->isMulticast())
    ) return true;

    FWObjectTypedChildIterator j= compiler->fw->findByType(Interface::TYPENAME);
@ -1736,7 +1736,7 @@ bool PolicyCompiler_ipt::bridgingFw::checkForMatchingBroadcastAndMulticast(
 * interface, and the netmask is 255.255.255.255, then we get positive
 * match because this routine interprets this address as a broadcast.
 */
-                if (ipv4->getNetmask().isHostMask())
+                if (ipv4->getNetmaskPtr()->isHostMask())
                    continue;
 /*
 * commented out to fix bug #637694 - "bridge enbaled / management"
@ -1746,8 +1746,10 @@ bool PolicyCompiler_ipt::bridgingFw::checkForMatchingBroadcastAndMulticast(
   if ( ipv4->getAddress()==obj1_addr ) return true;

 */
-                if (ipv4->getNetworkAddress() == obj1_addr)  return true; 
-                if (ipv4->getBroadcastAddress() == obj1_addr)  return true;
+                if (*(ipv4->getNetworkAddressPtr()) == *(obj1_addr))
+                    return true; 
+                if (*(ipv4->getBroadcastAddressPtr()) == *(obj1_addr))
+                    return true;
           }
        }
    }
--- a/src/ipt/RoutingCompiler_ipt_writers.cpp
+++ b/src/ipt/RoutingCompiler_ipt_writers.cpp
@ -78,13 +78,12 @@ string RoutingCompiler_ipt::PrintRule::_printAddr(Address  *o)
        return ostr.str();
    }

-    InetAddr addr;
-    InetAddr mask;
-    try {
-        addr=o->getAddress();
-        mask = o->getNetmask();
-    }
-    catch (FWException ex)  
+    const InetAddr *addr;
+    const InetAddr *mask;
+    addr = o->getAddressPtr();
+    mask = o->getNetmaskPtr();
+
+    if (addr==NULL)
    {
        FWObject *obj=o;
 /*
@ -98,23 +97,22 @@ string RoutingCompiler_ipt::PrintRule::_printAddr(Address  *o)
               !Firewall::isA(obj)  && 
               !Network::isA(obj))  obj=obj->getParent();

-        compiler->error(_("Problem with address or netmask in the object or one of its interfaces: '")+obj->getName()+"'");
-        throw;
+        compiler->abort(_("Problem with address or netmask in the object or one of its interfaces: '")+obj->getName()+"'");
    }


-    if (addr.isAny() && mask.isAny()) 
+    if (addr->isAny() && mask->isAny()) 
    {
        ostr << "default ";
    } else 
    {
-        ostr << addr.toString();
+        ostr << addr->toString();

        if (Interface::cast(o)==NULL &&
            Address::cast(o)->dimension() > 1 &&
-            !mask.isHostMask())
+            !mask->isHostMask())
        {
-            ostr << "/" << mask.getLength();
+            ostr << "/" << mask->getLength();
        }
        ostr << " ";
    }
--- a/src/ipt/ipt.cpp
+++ b/src/ipt/ipt.cpp
@ -362,14 +362,14 @@ _("Dynamic interface %s should not have an IP address object attached to it. Thi
                {
                    const InetAddrMask *ipv4 = IPv4::cast(*j)->getAddressObjectInetAddrMask();

-                    if ( ipv4->getAddress().isAny())
+                    if ( ipv4->getAddressPtr()->isAny())
                    {
                        char errstr[256];
                        sprintf(errstr,
                                "Interface %s (id=%s) has IP address %s.\n",
                                iface->getName().c_str(),
                                iface->getId().c_str(),
-                                ipv4->getAddress().toString().c_str());
+                                ipv4->getAddressPtr()->toString().c_str());
                        throw FWException(errstr);
                    }
                }
--- a/src/pf/pf.cpp
+++ b/src/pf/pf.cpp
@ -108,7 +108,7 @@ FWObjectDatabase       *objdb = NULL;
 class UpgradePredicate: public XMLTools::UpgradePredicate
 {
    public:
-    virtual bool operator()(const string &msg) const 
+    virtual bool operator()(const string&) const 
    { 
 	cout << _("Data file has been created in the old version of Firewall Builder. Use fwbuilder GUI to convert it.") << endl;
 	return false;
@ -350,7 +350,7 @@ int main(int argc, char * const *argv)
                for (list<FWObject*>::iterator j=la.begin(); j!=la.end(); ++j) 
                {
                    IPv4 *ipv4 = IPv4::cast(*j);
-                    if ( ipv4->getAddress() == InetAddr::getAny())
+                    if (ipv4->getAddressPtr()->isAny())
                    {
                        char errstr[256];
                        sprintf(errstr,
--- a/src/pflib/NATCompiler_ipf.cpp
+++ b/src/pflib/NATCompiler_ipf.cpp
@ -107,7 +107,7 @@ bool NATCompiler_ipf::VerifyRules::processNext()
        Network *a1=Network::cast(compiler->getFirstOSrc(rule));
        Network *a2=Network::cast(compiler->getFirstTSrc(rule));
        if ( a1==NULL || a2==NULL ||
-             a1->getNetmask().getLength()!=a2->getNetmask().getLength() )
+             a1->getNetmaskPtr()->getLength()!=a2->getNetmaskPtr()->getLength() )
            throw FWException(_("Original and translated source should both be networks of the same size . Rule ")+rule->getLabel());
    }

@ -115,7 +115,7 @@ bool NATCompiler_ipf::VerifyRules::processNext()
        Network *a1=Network::cast(compiler->getFirstODst(rule));
        Network *a2=Network::cast(compiler->getFirstTDst(rule));
        if ( a1==NULL || a2==NULL ||
-             a1->getNetmask().getLength()!=a2->getNetmask().getLength() )
+             a1->getNetmaskPtr()->getLength()!=a2->getNetmaskPtr()->getLength() )
            throw FWException(_("Original and translated destination should both be networks of the same size . Rule ")+rule->getLabel());
    }

--- a/src/pflib/NATCompiler_ipf_writers.cpp
+++ b/src/pflib/NATCompiler_ipf_writers.cpp
@ -90,8 +90,8 @@ void NATCompiler_ipf::PrintRule::_printAddr_L(Address  *o, bool print_netmask)
        assert(atrt==NULL);
    }

-    InetAddr addr=o->getAddress();
-    InetAddr   mask=o->getNetmask();
+    const InetAddr *addr = o->getAddressPtr();
+    InetAddr mask = *(o->getNetmaskPtr());

    if (Interface::cast(o)!=NULL && Interface::cast(o)->isDyn()) 
    {
@ -109,13 +109,13 @@ void NATCompiler_ipf::PrintRule::_printAddr_L(Address  *o, bool print_netmask)
    if (o->dimension()==1)
 	mask = InetAddr(InetAddr::getAllOnes());

-    if (addr.isAny() && mask.isAny())
+    if (addr->isAny() && mask.isAny())
    {
        compiler->output << "any ";
    } else
    {

-      compiler->output << addr.toString();
+      compiler->output << addr->toString();

      if (print_netmask)
         compiler->output << "/" << mask.getLength();
@ -125,8 +125,8 @@ void NATCompiler_ipf::PrintRule::_printAddr_L(Address  *o, bool print_netmask)

 void NATCompiler_ipf::PrintRule::_printAddr_R(Address  *o, bool print_netmask)
 {
-    InetAddr addr = o->getAddress();
-    InetAddr mask = o->getNetmask();
+    const InetAddr *addr = o->getAddressPtr();
+    InetAddr mask = *(o->getNetmaskPtr)();

    if (Interface::cast(o) != NULL)
 	mask = InetAddr(InetAddr::getAllOnes());
@ -134,12 +134,12 @@ void NATCompiler_ipf::PrintRule::_printAddr_R(Address  *o, bool print_netmask)
    if (o->dimension()==1)
 	mask = InetAddr(InetAddr::getAllOnes());

-    if (addr.isAny() && print_netmask &&  mask.isHostMask())
+    if (addr->isAny() && print_netmask &&  mask.isHostMask())
    {
        compiler->output  << "0/32 ";
    } else
    {
-        compiler->output << addr.toString();
+        compiler->output << addr->toString();
        if (print_netmask)
            compiler->output << "/" << mask.getLength();
        compiler->output  << " ";
@ -158,10 +158,10 @@ void NATCompiler_ipf::PrintRule::_printAddr_R_LB(RuleElementTDst *tdst)

        Address *a=Address::cast(obj);

-        InetAddr addr=a->getAddress();
+        const InetAddr *addr = a->getAddressPtr();
        
        if (!first) compiler->output << ",";
-        compiler->output << addr.toString();
+        compiler->output << addr->toString();
        first=false;
    }
    compiler->output << " ";
--- a/src/pflib/NATCompiler_pf.cpp
+++ b/src/pflib/NATCompiler_pf.cpp
@ -315,7 +315,7 @@ bool NATCompiler_pf::VerifyRules::processNext()
        Network *a1=Network::cast(compiler->getFirstOSrc(rule));
        Network *a2=Network::cast(compiler->getFirstTSrc(rule));
        if ( a1==NULL || a2==NULL ||
-             a1->getNetmask().getLength()!=a2->getNetmask().getLength() )
+             a1->getNetmaskPtr()->getLength()!=a2->getNetmaskPtr()->getLength() )
            throw FWException(_("Original and translated source should both be networks of the same size . Rule ")+rule->getLabel());
    }

@ -324,7 +324,7 @@ bool NATCompiler_pf::VerifyRules::processNext()
        Network *a1=Network::cast(compiler->getFirstODst(rule));
        Network *a2=Network::cast(compiler->getFirstTDst(rule));
        if ( a1==NULL || a2==NULL ||
-             a1->getNetmask().getLength()!=a2->getNetmask().getLength() )
+             a1->getNetmaskPtr()->getLength()!=a2->getNetmaskPtr()->getLength() )
            throw FWException(_("Original and translated destination should both be networks of the same size . Rule ")+rule->getLabel());
    }

@ -397,7 +397,8 @@ bool NATCompiler_pf::addVirtualAddress::processNext()
 	    Interface *iface=dynamic_cast<Interface*>(*i);
 	    assert(iface);

-	    if ( a->getAddress() == iface->getAddress() ) return true;
+	    if ( *(a->getAddressPtr()) == *(iface->getAddressPtr()) )
+                return true;
 	}
 	compiler->osconfigurator->addVirtualAddressForNAT( a );
    }
--- a/src/pflib/NATCompiler_pf_writers.cpp
+++ b/src/pflib/NATCompiler_pf_writers.cpp
@ -291,7 +291,7 @@ void NATCompiler_pf::PrintRule::_printREAddr(RuleElement *rel)
 }


-void NATCompiler_pf::PrintRule::_printAddrList(FWObject  *grp,bool negflag)
+void NATCompiler_pf::PrintRule::_printAddrList(FWObject  *grp,bool )
 {
    compiler->output << "{ ";
    for (FWObject::iterator i=grp->begin(); i!=grp->end(); i++)
@ -325,8 +325,8 @@ void NATCompiler_pf::PrintRule::_printAddr(FWObject *o)
    }

    Address *a = Address::cast(o);
-    InetAddr addr=a->getAddress();
-    InetAddr  mask=a->getNetmask();
+    const InetAddr *addr = a->getAddressPtr();
+    InetAddr mask = *(a->getNetmaskPtr());

    if (Interface::cast(o)!=NULL)
    {
@ -345,12 +345,12 @@ void NATCompiler_pf::PrintRule::_printAddr(FWObject *o)
        mask = InetAddr(InetAddr::getAllOnes());
    }

-    if (addr.isAny() && mask.isAny())
+    if (addr->isAny() && mask.isAny())
    {
        compiler->output << "any ";
    } else
    {
-        compiler->output << addr.toString();
+        compiler->output << addr->toString();
        if (!mask.isHostMask())
        {
            compiler->output << "/" << mask.getLength();
--- a/src/pflib/OSConfigurator_freebsd.cpp
+++ b/src/pflib/OSConfigurator_freebsd.cpp
@ -78,14 +78,15 @@ void OSConfigurator_freebsd::processFirewallOptions()
    }
 }

-void OSConfigurator_freebsd::addVirtualAddressForNAT(const Network *addr)
+void OSConfigurator_freebsd::addVirtualAddressForNAT(const Network*)
 {
 }

 void OSConfigurator_freebsd::addVirtualAddressForNAT(const Address *addr)
 {
    if (virtual_addresses.empty() || 
-	find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end()) 
+	find(virtual_addresses.begin(),virtual_addresses.end(),
+             *(addr->getAddressPtr())) == virtual_addresses.end()) 
    {
        FWObject *iaddr = findAddressFor(addr, fw );
        if (iaddr!=NULL)
@ -95,13 +96,14 @@ void OSConfigurator_freebsd::addVirtualAddressForNAT(const Address *addr)
            Interface *iface = Interface::cast(iaddr->getParent());
            assert(iface!=NULL);

-            output << "add_addr " << addr->getAddress().toString() << " "
-                   << iaddr_addr->getNetmask().toString() <<  " "
+            output << "add_addr " << addr->getAddressPtr()->toString() << " "
+                   << iaddr_addr->getNetmaskPtr()->toString() <<  " "
                   << iface->getName() << endl;
        
-            virtual_addresses.push_back(addr->getAddress());
+            virtual_addresses.push_back(*(addr->getAddressPtr()));
        } else
-            warning(_("Can not add virtual address ") + addr->getAddress().toString() );
+            warning(_("Can not add virtual address ") +
+                    addr->getAddressPtr()->toString() );
    }
 }

@ -242,10 +244,11 @@ void  OSConfigurator_freebsd::configureInterfaces()
            for ( ; j!=j.end(); ++j ) 
            {
                Address *iaddr = Address::cast(*j);
-                output << "add_addr " << iaddr->getAddress().toString() << " "
-                       << iaddr->getNetmask().toString() << " "
+                output << "add_addr "
+                       << iaddr->getAddressPtr()->toString() << " "
+                       << iaddr->getNetmaskPtr()->toString() << " "
                       << iface->getName() << endl;
-                virtual_addresses.push_back(iaddr->getAddress());
+                virtual_addresses.push_back(*(iaddr->getAddressPtr()));
            }
        }
        output << endl;
--- a/src/pflib/OSConfigurator_macosx.cpp
+++ b/src/pflib/OSConfigurator_macosx.cpp
@ -72,14 +72,15 @@ void OSConfigurator_macosx::processFirewallOptions()
    }
 }

-void OSConfigurator_macosx::addVirtualAddressForNAT(const Network *addr)
+void OSConfigurator_macosx::addVirtualAddressForNAT(const Network*)
 {
 }

 void OSConfigurator_macosx::addVirtualAddressForNAT(const Address *addr)
 {
    if (virtual_addresses.empty() || 
-	find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end()) 
+	find(virtual_addresses.begin(),virtual_addresses.end(),
+             *(addr->getAddressPtr())) == virtual_addresses.end()) 
    {
        FWObject *iaddr = findAddressFor(addr, fw );
        if (iaddr!=NULL)
@ -89,13 +90,14 @@ void OSConfigurator_macosx::addVirtualAddressForNAT(const Address *addr)
            Interface *iface = Interface::cast(iaddr->getParent());
            assert(iface!=NULL);

-            output << "add_addr " << addr->getAddress().toString() << " "
-                   << iaddr_addr->getNetmask().toString() <<  " "
+            output << "add_addr " << addr->getAddressPtr()->toString() << " "
+                   << iaddr_addr->getNetmaskPtr()->toString() <<  " "
                   << iface->getName() << endl;
        
-            virtual_addresses.push_back(addr->getAddress());
+            virtual_addresses.push_back(*(addr->getAddressPtr()));
        } else
-            warning(_("Can not add virtual address ") + addr->getAddress().toString() );
+            warning(_("Can not add virtual address ") +
+                    addr->getAddressPtr()->toString() );
    }
 }

@ -177,11 +179,12 @@ void  OSConfigurator_macosx::configureInterfaces()
            for ( ; j!=j.end(); ++j ) 
            {
                Address *iaddr = Address::cast(*j);
-                output << "add_addr " << iaddr->getAddress().toString() << " "
-                       << iaddr->getNetmask().toString() << " "
+                output << "add_addr "
+                       << iaddr->getAddressPtr()->toString() << " "
+                       << iaddr->getNetmaskPtr()->toString() << " "
                       << iface->getName() << endl;
        
-                virtual_addresses.push_back(iaddr->getAddress());
+                virtual_addresses.push_back(*(iaddr->getAddressPtr()));
            }
        }
        output << endl;
--- a/src/pflib/OSConfigurator_openbsd.cpp
+++ b/src/pflib/OSConfigurator_openbsd.cpp
@ -80,7 +80,7 @@ void OSConfigurator_openbsd::processFirewallOptions()
    }
 }

-void OSConfigurator_openbsd::addVirtualAddressForNAT(const Network *nw)
+void OSConfigurator_openbsd::addVirtualAddressForNAT(const Network*)
 {
 }

@ -89,7 +89,7 @@ void OSConfigurator_openbsd::addVirtualAddressForNAT(const Address *addr)
    if (virtual_addresses.empty() || 
 	find(virtual_addresses.begin(),
             virtual_addresses.end(),
-             addr->getAddress()) == virtual_addresses.end())
+             *(addr->getAddressPtr())) == virtual_addresses.end())
    {
        FWObject *iaddr = findAddressFor(addr, fw );
        if (iaddr!=NULL)
@ -99,20 +99,21 @@ void OSConfigurator_openbsd::addVirtualAddressForNAT(const Address *addr)
            Interface *iface = Interface::cast(iaddr->getParent());
            assert(iface!=NULL);

-            output << "add_addr " << addr->getAddress().toString() << " "
-                   << iaddr_addr->getNetmask().toString() <<  " "
+            output << "add_addr " << addr->getAddressPtr()->toString() << " "
+                   << iaddr_addr->getNetmaskPtr()->toString() <<  " "
                   << iface->getName() << endl;
        
-            virtual_addresses.push_back(addr->getAddress());
+            virtual_addresses.push_back(*(addr->getAddressPtr()));
        } else
            warning(_("Can not add virtual address ") +
-                    addr->getAddress().toString() );
+                    addr->getAddressPtr()->toString() );
    }
 }

 #if 0
    if (virtual_addresses.empty() || 
-	find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end()) {
+	find(virtual_addresses.begin(),virtual_addresses.end(),
+             *(addr->getAddressPtr())) == virtual_addresses.end()) {

        FWObjectTypedChildIterator i=fw->findByType(Interface::TYPENAME);
        for ( ; i!=i.end(); ++i ) {
@ -123,17 +124,19 @@ void OSConfigurator_openbsd::addVirtualAddressForNAT(const Address *addr)
 	    for ( ; j!=j.end(); ++j )
            {
                Address *iaddr = Address::cast(*j);
-                if ( ipv4->belongs( addr->getAddress() ) )
+                if ( ipv4->belongs( *(addr->getAddressPtr()) ) )
                {
                    output << "ifconfig " 
                           << iface->getName() << " "
-                           << addr->getAddress().toString() << " alias" << endl;
-                    virtual_addresses.push_back( addr->getAddress() );
+                           << addr->getAddressPtr()->toString()
+                           << " alias" << endl;
+                    virtual_addresses.push_back( *(addr->getAddressPtr()) );
                    return;
                }
            }
 	}
-	warning(_("Can not add virtual address ") + addr->getAddress().toString() );
+	warning(_("Can not add virtual address ") +
+                addr->getAddressPtr()->toString() );
    }
 }
 #endif
@ -217,11 +220,12 @@ void  OSConfigurator_openbsd::configureInterfaces()
            for ( ; j!=j.end(); ++j ) 
            {
                Address *iaddr = Address::cast(*j);
-                output << "add_addr " << iaddr->getAddress().toString() << " "
-                       << iaddr->getNetmask().toString() << " "
+                output << "add_addr "
+                       << iaddr->getAddressPtr()->toString() << " "
+                       << iaddr->getNetmaskPtr()->toString() << " "
                       << iface->getName() << endl;
        
-                virtual_addresses.push_back(iaddr->getAddress());
+                virtual_addresses.push_back(*(iaddr->getAddressPtr()));
            }
        }
        output << endl;
--- a/src/pflib/OSConfigurator_solaris.cpp
+++ b/src/pflib/OSConfigurator_solaris.cpp
@ -89,14 +89,15 @@ void OSConfigurator_solaris::processFirewallOptions()

 }

-void OSConfigurator_solaris::addVirtualAddressForNAT(const Network *nw)
+void OSConfigurator_solaris::addVirtualAddressForNAT(const Network*)
 {
 }

 void OSConfigurator_solaris::addVirtualAddressForNAT(const Address *addr)
 {
    if (virtual_addresses.empty() || 
-	find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end()) 
+	find(virtual_addresses.begin(),virtual_addresses.end(),
+             *(addr->getAddressPtr())) == virtual_addresses.end()) 
    {
        FWObject *iaddr = findAddressFor(addr, fw );
        if (iaddr!=NULL)
@ -106,13 +107,14 @@ void OSConfigurator_solaris::addVirtualAddressForNAT(const Address *addr)
            Interface *iface=Interface::cast(iaddr->getParent());
            assert(iface!=NULL);

-            output << "add_addr " << addr->getAddress().toString() << " "
-                   << iaddr_addr->getNetmask().toString() <<  " "
+            output << "add_addr " << addr->getAddressPtr()->toString() << " "
+                   << iaddr_addr->getNetmaskPtr()->toString() <<  " "
                   << iface->getName() << endl;
        
-            virtual_addresses.push_back(addr->getAddress());
+            virtual_addresses.push_back(*(addr->getAddressPtr()));
        } else
-            warning(_("Can not add virtual address ") + addr->getAddress().toString() );
+            warning(_("Can not add virtual address ") +
+                    addr->getAddressPtr()->toString() );
    }
 }

@ -193,11 +195,12 @@ void  OSConfigurator_solaris::configureInterfaces()
            for ( ; j!=j.end(); ++j ) 
            {
                Address *iaddr = Address::cast(*j);
-                output << "add_addr " << iaddr->getAddress().toString() << " "
-                       << iaddr->getNetmask().toString() << " "
+                output << "add_addr "
+                       << iaddr->getAddressPtr()->toString() << " "
+                       << iaddr->getNetmaskPtr()->toString() << " "
                       << iface->getName() << endl;
        
-                virtual_addresses.push_back(iaddr->getAddress());
+                virtual_addresses.push_back(*(iaddr->getAddressPtr()));
            }
        }
        output << endl;
--- a/src/pflib/PolicyCompiler_ipf_optimizer.cpp
+++ b/src/pflib/PolicyCompiler_ipf_optimizer.cpp
@ -53,7 +53,6 @@ void PolicyCompiler_ipf::optimize1::optimizeForRuleElement(PolicyRule         *r
                                                           const std::string  &re_type)
 {
    RuleElement    *re=RuleElement::cast(rule->getFirstByType(re_type));
-    int nre=re->size();

    PolicyRule     *r;

--- a/src/pflib/PolicyCompiler_ipf_writers.cpp
+++ b/src/pflib/PolicyCompiler_ipf_writers.cpp
@ -267,8 +267,8 @@ void PolicyCompiler_ipf::PrintRule::_printAddr(Address  *o,bool neg)
        assert(atrt==NULL);
    }

-    InetAddr addr=o->getAddress();
-    InetAddr  mask=o->getNetmask();
+    const InetAddr *addr = o->getAddressPtr();
+    InetAddr mask = *(o->getNetmaskPtr());

    if (options->getBool("dynAddr") &&
        Interface::cast(o)!=NULL && Interface::cast(o)->isDyn()) 
@ -287,12 +287,12 @@ void PolicyCompiler_ipf::PrintRule::_printAddr(Address  *o,bool neg)
 	mask = InetAddr(InetAddr::getAllOnes());
    }

-    if (addr.isAny() && mask.isAny())
+    if (addr->isAny() && mask.isAny())
    {
 	compiler->output << "any ";
    } else {	
 	if (neg) compiler->output << "! ";
-	compiler->output << addr.toString();
+	compiler->output << addr->toString();
 	if (!mask.isHostMask())
        {
 	    compiler->output << "/" << mask.getLength();
--- a/src/pflib/PolicyCompiler_ipfw_writers.cpp
+++ b/src/pflib/PolicyCompiler_ipfw_writers.cpp
@ -110,7 +110,7 @@ void PolicyCompiler_ipfw::PrintRule::_printProtocol(Service *srv)



-string PolicyCompiler_ipfw::PrintRule::_printPort(int rs,int re,bool neg)
+string PolicyCompiler_ipfw::PrintRule::_printPort(int rs,int re,bool )
 {
    ostringstream  str;

@ -290,8 +290,8 @@ void PolicyCompiler_ipfw::PrintRule::_printAddr(Address  *o,bool neg)
        assert(atrt==NULL);
    }

-    InetAddr addr=o->getAddress();
-    InetAddr   mask=o->getNetmask();
+    const InetAddr *addr = o->getAddressPtr();
+    InetAddr mask = *(o->getNetmaskPtr());

    if (Interface::cast(o)!=NULL)
        mask = InetAddr(InetAddr::getAllOnes());
@ -299,13 +299,13 @@ void PolicyCompiler_ipfw::PrintRule::_printAddr(Address  *o,bool neg)
    if (o->dimension()==1)
        mask = InetAddr(InetAddr::getAllOnes());

-    if (addr.isAny() && mask.isAny()) 
+    if (addr->isAny() && mask.isAny()) 
    {
 	compiler->output << "any ";
    } else 
    {
 	if (neg) compiler->output << "not ";
-	compiler->output << addr.toString();
+	compiler->output << addr->toString();
 	if (!mask.isHostMask())
        {
 	    compiler->output << "/" << mask.getLength();
--- a/src/pflib/PolicyCompiler_pf_writers.cpp
+++ b/src/pflib/PolicyCompiler_pf_writers.cpp
@ -180,7 +180,7 @@ void PolicyCompiler_pf::PrintRule::_printRouteOptions(PolicyRule *rule)
                        compiler->output << roif << " ";
                        compiler->output << roaddr << " ";
                        compiler->output << ") ";
-                        int sp = roaddr.find('/');
+                        std::string::size_type sp = roaddr.find('/');
                        if (sp!=std::string::npos) 
                        {
                            // roaddr is addr/netmask
@ -578,7 +578,7 @@ string PolicyCompiler_pf::PrintRule::_printTCPFlags(libfwbuilder::TCPService *sr
    return str;
 }

-void PolicyCompiler_pf::PrintRule::_printAddr(Address  *o,bool neg)
+void PolicyCompiler_pf::PrintRule::_printAddr(Address  *o,bool )
 {
    MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o);
    if (atrt!=NULL)
@ -596,8 +596,8 @@ void PolicyCompiler_pf::PrintRule::_printAddr(Address  *o,bool neg)
        assert(atrt==NULL);
    }

-    InetAddr addr=o->getAddress();
-    InetAddr   mask=o->getNetmask();
+    const InetAddr *addr = o->getAddressPtr();
+    InetAddr mask = *(o->getNetmaskPtr());

    if (Interface::cast(o)!=NULL)
    {
@ -616,13 +616,13 @@ void PolicyCompiler_pf::PrintRule::_printAddr(Address  *o,bool neg)
 	mask = InetAddr(InetAddr::getAllOnes());
    }

-    if (addr.isAny() && mask.isAny()) 
+    if (addr->isAny() && mask.isAny()) 
    {
 	compiler->output << "any ";
    } else 
    {
 //	if (neg) compiler->output << "! ";
-	compiler->output << addr.toString();
+	compiler->output << addr->toString();
 	if (!mask.isHostMask())
        {
 	    compiler->output << "/" << mask.getLength();
--- a/src/pflib/TableFactory.cpp
+++ b/src/pflib/TableFactory.cpp
@ -212,15 +212,15 @@ string TableFactory::PrintTables()
                    if (A==NULL)
                        throw(FWException("table object must be an address: '"+o->getTypeName()+"'"));

-                    InetAddr addr=A->getAddress();
-                    InetAddr   mask=A->getNetmask();
+                    const InetAddr *addr = A->getAddressPtr();
+                    InetAddr mask = *(A->getNetmaskPtr());

                    if (A->dimension()==1)
                    {
                        mask = InetAddr(InetAddr::getAllOnes());
                    }

-                    output << addr.toString();
+                    output << addr->toString();
                    if (!mask.isHostMask())
                    {
                        output << "/" << mask.getLength();
--- a/src/pix/NATCompiler_pix.cpp
+++ b/src/pix/NATCompiler_pix.cpp
@ -127,11 +127,11 @@ string NATCompiler_pix::debugPrintRule(Rule *r)
            os << " rule=" << natcmd->rule_label;
            os << " nat_acl_name="   <<  natcmd->nat_acl_name;
            os << " (" << nat_acl_names[natcmd->nat_acl_name] << ")";
-            os << " o_src="          <<  natcmd->o_src->getAddress().toString();
-            os << " o_dst="          <<  natcmd->o_dst->getAddress().toString();
+            os << " o_src="          <<  natcmd->o_src->getAddressPtr()->toString();
+            os << " o_dst="          <<  natcmd->o_dst->getAddressPtr()->toString();
            os << " o_srv="          <<  natcmd->o_srv->getName();
            os << " o_iface="        <<  natcmd->o_iface->getLabel();
-            os << " t_addr="         <<  natcmd->t_addr->getAddress().toString();
+            os << " t_addr="         <<  natcmd->t_addr->getAddressPtr()->toString();
            os << " t_iface="        <<  natcmd->t_iface->getLabel();
            os << " ignore_global="  <<  string((natcmd->ignore_global)?"1":"0");
            os << " ignore_nat="     <<  string((natcmd->ignore_nat)?"1":"0");
@ -150,9 +150,9 @@ string NATCompiler_pix::debugPrintRule(Rule *r)
            os << " StaticCmd:";
            os << " acl=" << scmd->acl_name;
            os << " (" << nat_acl_names[scmd->acl_name] << ")";
-            os << " iaddr=" << scmd->iaddr->getAddress().toString();
-            os << " oaddr=" << scmd->oaddr->getAddress().toString();
-            os << " osrc=" << scmd->osrc->getAddress().toString();
+            os << " iaddr=" << scmd->iaddr->getAddressPtr()->toString();
+            os << " oaddr=" << scmd->oaddr->getAddressPtr()->toString();
+            os << " osrc=" << scmd->osrc->getAddressPtr()->toString();
            os << " osrv=" << scmd->osrv->getName();
            os << " tsrv=" << scmd->tsrv->getName();
        }
@ -203,9 +203,9 @@ list<triplet> NATCompiler_pix::findDNATForAddress(Address *src,
            Address  *tdst=getFirstTDst(rule);  assert(tdst);
            Service  *tsrv=getFirstTSrv(rule);  assert(tsrv);

-            if (src->getAddress()==osrc->getAddress() &&
+            if (*(src->getAddressPtr()) == *(osrc->getAddressPtr()) &&
                (osrv->isAny() || srv->getId()==tsrv->getId()) &&
-                dst->getAddress()==tdst->getAddress())
+                *(dst->getAddressPtr()) == *(tdst->getAddressPtr()))
            {
                if (osrv->isAny())
                {
@ -302,7 +302,7 @@ bool NATCompiler_pix::VerifyRules::processNext()
        Network *a1=Network::cast(compiler->getFirstOSrc(rule));
        Network *a2=Network::cast(compiler->getFirstTSrc(rule));
        if ( a1==NULL || a2==NULL ||
-             a1->getNetmask().getLength()!=a2->getNetmask().getLength() )
+             a1->getNetmaskPtr()->getLength()!=a2->getNetmaskPtr()->getLength() )
            compiler->abort("Original and translated source should both be networks of the same size . Rule "+rule->getLabel());
    }

@ -311,7 +311,7 @@ bool NATCompiler_pix::VerifyRules::processNext()
        Network *a1=Network::cast(compiler->getFirstODst(rule));
        Network *a2=Network::cast(compiler->getFirstTDst(rule));
        if ( a1==NULL || a2==NULL ||
-             a1->getNetmask().getLength()!=a2->getNetmask().getLength() )
+             a1->getNetmaskPtr()->getLength()!=a2->getNetmaskPtr()->getLength() )
            compiler->abort("Original and translated destination should both be networks of the same size . Rule "+rule->getLabel());
    }

@ -421,8 +421,10 @@ bool NATCompiler_pix::verifyRuleElements::processNext()

 	if (Network::isA(odst) && Network::isA(tdst))
        {
-            InetAddr n1=(Interface::cast(odst))?InetAddr(InetAddr::getAllOnes()):odst->getNetmask();
-            InetAddr n2=(Interface::cast(tdst))?InetAddr(InetAddr::getAllOnes()):tdst->getNetmask();
+            InetAddr n1 = (Interface::cast(odst)) ? 
+                InetAddr(InetAddr::getAllOnes()) : (*(odst->getNetmaskPtr()));
+            InetAddr n2 = (Interface::cast(tdst)) ? 
+                InetAddr(InetAddr::getAllOnes()) : (*(tdst->getNetmaskPtr()));

            if ( !(n1==n2) )
                compiler->abort(
@ -650,7 +652,7 @@ void NATCompiler_pix::UseFirewallInterfaces::scanInterfaces(RuleElement *rel)
    {
        Interface *interface_=Interface::cast(*i);

-        if (interface_->getAddress()==obj->getAddress()) 
+        if ((*interface_->getAddressPtr()) == *(obj->getAddressPtr())) 
        {
            rel->removeRef(obj);
            rel->addRef(interface_);
@ -883,13 +885,13 @@ bool NATCompiler_pix::mergeNATCmd::processNext()
 */
                if (natcmd==nc) break;

-                InetAddr  a1=natcmd->t_addr->getAddress();
-                InetAddr  a2=nc->t_addr->getAddress();
+                const InetAddr *a1 = natcmd->t_addr->getAddressPtr();
+                const InetAddr *a2 = nc->t_addr->getAddressPtr();

-                Interface *int1=natcmd->t_iface;
-                Interface *int2=nc->t_iface;
+                Interface *int1 = natcmd->t_iface;
+                Interface *int2 = nc->t_iface;

-                if ( a1 == a2 && int1->getId()==int2->getId() ) 
+                if ( *a1 == *a2 && int1->getId() == int2->getId() ) 
                {
                    natcmd->ignore_global=true;
                    natcmd->nat_id=nc->nat_id;
@ -1112,10 +1114,10 @@ bool  NATCompiler_pix::SuppressDuplicateNONATStatics::processNext()
 	Address  *odst=compiler->getFirstODst(rule);  assert(odst);

        nonat_static_parameters  sp;
-        sp.iface1= helper.findInterfaceByNetzone(osrc );
-        sp.iface2= helper.findInterfaceByNetzone(odst );
-        sp.addr=odst->getAddress();
-        sp.mask=odst->getNetmask();
+        sp.iface1 = helper.findInterfaceByNetzone(osrc );
+        sp.iface2 = helper.findInterfaceByNetzone(odst );
+        sp.addr = *(odst->getAddressPtr());
+        sp.mask = *(odst->getNetmaskPtr());

        for (deque<nonat_static_parameters>::iterator i=all_nonat_statics.begin(); 
             i!=all_nonat_statics.end();  ++i )
@ -1135,17 +1137,17 @@ bool  NATCompiler_pix::SuppressDuplicateNONATStatics::processNext()
 NATCompiler_pix::DetectOverlap::~DetectOverlap() {};

 bool NATCompiler_pix::DetectOverlap::checkOverlapping(
-    const libfwbuilder::Address   &addr1,
+    const libfwbuilder::Address  &addr1,
    const libfwbuilder::InetAddr &addr2)
 {
    if (AddressRange::isA(&addr1))
    {
-        const InetAddr a1=AddressRange::constcast(&addr1)->getRangeStart();
-        const InetAddr a2=AddressRange::constcast(&addr1)->getRangeEnd();
+        const InetAddr a1 = AddressRange::constcast(&addr1)->getRangeStart();
+        const InetAddr a2 = AddressRange::constcast(&addr1)->getRangeEnd();
        return (addr2==a1 || addr2==a2 || (addr2>a1 && addr2<a2));
    } else
    {
-        return addr1.getAddress() == addr2 || addr1.belongs(addr2);
+        return *(addr1.getAddressPtr()) == addr2 || addr1.belongs(addr2);
    }
 }

@ -1158,7 +1160,8 @@ string NATCompiler_pix::DetectOverlap::printGlobalPoolAddress(const Address &poo
        return a1.toString()+"-"+a2.toString();
    } else
    {
-        return pool.getAddress().toString()+"/"+pool.getNetmask().toString();
+        return pool.getAddressPtr()->toString() + "/" +
+            pool.getNetmaskPtr()->toString();
    }
 }

@ -1177,16 +1180,17 @@ bool  NATCompiler_pix::DetectGlobalPoolProblems::processNext()
        if (natcmd->type!= INTERFACE) 
        {
            if (checkOverlapping(*(natcmd->t_addr),
-                                 natcmd->t_iface->getAddress()))
+                                 *(natcmd->t_iface->getAddressPtr())))
                compiler->abort("Global pool "
                                +printGlobalPoolAddress(*(natcmd->t_addr)) 
                                +" overlaps with interface address. Rule "
                                +rule->getLabel());

            if (checkOverlapping(*(natcmd->t_addr),
-                                 natcmd->t_iface->getBroadcastAddress()) ||
+                                 *(natcmd->t_iface->getBroadcastAddressPtr()))
+                ||
                checkOverlapping(*(natcmd->t_addr),
-                                 natcmd->t_iface->getAddress()) )
+                                 *(natcmd->t_iface->getAddressPtr())) )
                compiler->warning("Global pool "
                                  +printGlobalPoolAddress(*(natcmd->t_addr)) 
                                  +" overlaps with broadcast address. Rule "
@ -1264,16 +1268,16 @@ bool  NATCompiler_pix::DetectOverlappingGlobalPoolsAndStaticRules::processNext()

            if (iface!=NULL && iface->getId()==outa->getId()) return true;

-            addr.setAddress(natcmd->t_addr->getAddress());
-            addr.setNetmask(natcmd->t_addr->getNetmask());
+            addr.setAddress(*(natcmd->t_addr->getAddressPtr()));
+            addr.setNetmask(*(natcmd->t_addr->getNetmaskPtr()));

            if (natcmd->type== INTERFACE) 
            {
                addr.setNetmask(InetAddr(InetAddr::getAllOnes()));
            }

-            if ( checkOverlapping(  addr, outa->getAddress()) ||
-                 checkOverlapping( *outa, addr.getAddress()) )
+            if ( checkOverlapping(  addr, *(outa->getAddressPtr())) ||
+                 checkOverlapping( *outa, *(addr.getAddressPtr())) )
                compiler->abort("Global pool "
                                +printGlobalPoolAddress(addr)
                                +" from rule "
@ -1325,15 +1329,15 @@ bool  NATCompiler_pix::DetectDuplicateNAT::processNext()
                compiler->abort("Duplicate NAT detected: rules "
                                +rule->getLabel()
                                +" and "+nc->rule_label
-                                +" : "+natcmd->o_src->getAddress().toString()
-                                +"/"+natcmd->o_src->getNetmask().toString()
+                                +" : "+natcmd->o_src->getAddressPtr()->toString()
+                                +"/"+natcmd->o_src->getNetmaskPtr()->toString()
                                + " "
                                + natcmd->o_srv->getProtocolName()
                                + natcmd->o_srv->getStr("src_range_start")+":"
                                + natcmd->o_srv->getStr("src_range_end")+":"
                                + " "
-                                +"->"+natcmd->o_dst->getAddress().toString()
-                                +"/"+natcmd->o_dst->getNetmask().toString()
+                                +"->"+natcmd->o_dst->getAddressPtr()->toString()
+                                +"/"+natcmd->o_dst->getNetmaskPtr()->toString()
                                + " "
                                + natcmd->o_srv->getStr("dst_range_start")+"/"
                                + natcmd->o_srv->getStr("dst_range_end"));
@ -1373,8 +1377,8 @@ bool  NATCompiler_pix::DetectOverlappingStatics::processNext()
                        "outside address: "+
                        "interface "+Interface::cast(scmd->oaddr)->getLabel()+
                        " inside address: "+
-                        scmd->iaddr->getAddress().toString()+"/"+
-                        scmd->iaddr->getNetmask().toString());
+                        scmd->iaddr->getAddressPtr()->toString()+"/"+
+                        scmd->iaddr->getNetmaskPtr()->toString());
            } else
            {
                if ( *(sc->osrv) == *(scmd->osrv) && 
@ -1397,11 +1401,11 @@ bool  NATCompiler_pix::DetectOverlappingStatics::processNext()
                            "Static NAT rules overlap or are redundant: rules "+
                            sc->rule+" and "+scmd->rule+" : "+
                            "outside address: "+
-                            scmd->oaddr->getAddress().toString()+"/"+
-                            scmd->oaddr->getNetmask().toString()+
+                            scmd->oaddr->getAddressPtr()->toString()+"/"+
+                            scmd->oaddr->getNetmaskPtr()->toString()+
                            " inside address: "+
-                            scmd->iaddr->getAddress().toString()+"/"+
-                            scmd->iaddr->getNetmask().toString());
+                            scmd->iaddr->getAddressPtr()->toString()+"/"+
+                            scmd->iaddr->getNetmaskPtr()->toString());
                }
            }
        }
--- a/src/pix/NATCompiler_pix_writers.cpp
+++ b/src/pix/NATCompiler_pix_writers.cpp
@ -51,7 +51,6 @@ using namespace std;

 bool NATCompiler_pix::PrintClearCommands::processNext()
 {
-    NATCompiler_pix *pix_comp=dynamic_cast<NATCompiler_pix*>(compiler);
    string version = compiler->fw->getStr("version");
    string platform = compiler->fw->getStr("platform");

@ -83,8 +82,8 @@ bool NATCompiler_pix::PrintClearCommands::processNext()

 string NATCompiler_pix::PrintRule::_printAddress(Address *a,bool print_netmask)
 {
-    string addr=a->getAddress().toString();
-    string mask=a->getNetmask().toString();
+    string addr = a->getAddressPtr()->toString();
+    string mask = a->getNetmaskPtr()->toString();
    if (addr=="0.0.0.0" && mask=="0.0.0.0") return "any";
 //    if (addr=="0.0.0.0") addr="0";
 //    if (mask=="0.0.0.0") mask="0";
@ -174,9 +173,9 @@ void NATCompiler_pix::PrintRule::_printNONAT(NATRule *rule)
        Interface *osrc_iface=compiler->getCachedFwInterface( helper.findInterfaceByNetzone(osrc ) );
        Interface *odst_iface=compiler->getCachedFwInterface( helper.findInterfaceByNetzone(odst ) );

-        string addr=odst->getAddress().toString();
+        string addr=odst->getAddressPtr()->toString();
 	string mask;
-	if (Network::isA(odst)) mask=odst->getNetmask().toString();
+	if (Network::isA(odst)) mask=odst->getNetmaskPtr()->toString();
 	else mask="255.255.255.255";

        compiler->output << "static (" 
@ -354,14 +353,14 @@ bool NATCompiler_pix::PrintRule::processNext()
                break;
            case SINGLE_ADDRESS:
                compiler->output << " " 
-                                 << natcmd->t_addr->getAddress().toString()
+                                 << natcmd->t_addr->getAddressPtr()->toString()
                                 << endl;
                break;
            case NETWORK_ADDRESS:
                compiler->output << " " 
-                                 << natcmd->t_addr->getAddress().toString() 
+                                 << natcmd->t_addr->getAddressPtr()->toString() 
                                 << " netmask "
-                                 << natcmd->t_addr->getNetmask().toString()
+                                 << natcmd->t_addr->getNetmaskPtr()->toString()
                                 << endl;
                break;
            case ADDRESS_RANGE:
@ -372,7 +371,7 @@ bool NATCompiler_pix::PrintRule::processNext()
                                 << "-"
                                 << ar->getRangeEnd().toString()
                                 << " netmask "
-                                 << natcmd->t_iface->getNetmask().toString()
+                                 << natcmd->t_iface->getNetmaskPtr()->toString()
                                 << endl;
            }
            break;
@ -389,13 +388,16 @@ bool NATCompiler_pix::PrintRule::processNext()
                libfwbuilder::XMLTools::version_compare(compiler->fw->getStr("version"),"6.3")<0)
            {
 /* old, < 6.3 */
-                compiler->output << "nat (" << natcmd->o_iface->getLabel() << ") "
-                                 << natcmd->nat_id
-                                 << " "
-                                 << natcmd->o_src->getAddress().toString()  << " "
-                                 << natcmd->o_src->getNetmask().toString();
-                if (natcmd->outside)  compiler->output << " outside";
-                else                  compiler->output << " " << _printConnOptions(rule);
+                compiler->output
+                    << "nat (" << natcmd->o_iface->getLabel() << ") "
+                    << natcmd->nat_id
+                    << " "
+                    << natcmd->o_src->getAddressPtr()->toString()  << " "
+                    << natcmd->o_src->getNetmaskPtr()->toString();
+                if (natcmd->outside)
+                    compiler->output << " outside";
+                else
+                    compiler->output << " " << _printConnOptions(rule);
                compiler->output << endl;
            } else
            {
@ -447,11 +449,11 @@ bool NATCompiler_pix::PrintRule::processNext()

    case NATRule::DNAT:
    {
-        StaticCmd *scmd=pix_comp->static_commands[ rule->getInt("sc_cmd") ];
+        StaticCmd *scmd = pix_comp->static_commands[ rule->getInt("sc_cmd") ];

-        InetAddr outa=scmd->oaddr->getAddress();
-        InetAddr outm=scmd->oaddr->getNetmask();
-        InetAddr insa=scmd->iaddr->getAddress();
+        const InetAddr *outa = scmd->oaddr->getAddressPtr();
+        const InetAddr *outm = scmd->oaddr->getNetmaskPtr();
+        const InetAddr *insa = scmd->iaddr->getAddressPtr();
 /*
 * we verify that odst and tdst have the same size in verifyRuleElements,
 * so we can rely on that now.
@ -477,17 +479,17 @@ bool NATCompiler_pix::PrintRule::processNext()
                compiler->output << "interface ";
                if (use_ports)	_printPort(scmd->osrv);

-                compiler->output << insa.toString() << " ";
+                compiler->output << insa->toString() << " ";
                if (use_ports)	_printPort(scmd->tsrv);
            } else
            {
-                compiler->output << outa.toString() << " ";
+                compiler->output << outa->toString() << " ";
                if (use_ports)	_printPort(scmd->osrv);

-                compiler->output << insa.toString() << " ";
+                compiler->output << insa->toString() << " ";
                if (use_ports)	_printPort(scmd->tsrv);

-                compiler->output << " netmask " << outm.toString();
+                compiler->output << " netmask " << outm->toString();
            }
            compiler->output << " " << _printConnOptions(rule) << endl;
        } else
@ -540,8 +542,10 @@ bool NATCompiler_pix::PrintRule::processNext()
                if (TCPService::cast(scmd->osrv)) { use_ports=true; compiler->output << "tcp "; }
                if (UDPService::cast(scmd->osrv)) { use_ports=true; compiler->output << "udp "; }

-                if (Interface::cast(scmd->oaddr)!=NULL) compiler->output << "interface ";
-                else                                    compiler->output << outa.toString() << " ";
+                if (Interface::cast(scmd->oaddr)!=NULL)
+                    compiler->output << "interface ";
+                else
+                    compiler->output << outa->toString() << " ";
                if (use_ports) _printPort(scmd->osrv);
                compiler->output << " ";

--- a/src/pix/OSConfigurator_pix_os.cpp
+++ b/src/pix/OSConfigurator_pix_os.cpp
@ -157,9 +157,9 @@ string OSConfigurator_pix_os::_printIPAddress()
            if ((n = setAddrCmd.find("%in"))!=string::npos)
                setAddrCmd.replace(n,3,iface->getName());
            if ((n = setAddrCmd.find("%a"))!=string::npos)
-                setAddrCmd.replace(n,2,iface->getAddress().toString());
+                setAddrCmd.replace(n,2,iface->getAddressPtr()->toString());
            if ((n = setAddrCmd.find("%n"))!=string::npos)
-                setAddrCmd.replace(n,2,iface->getNetmask().toString());
+                setAddrCmd.replace(n,2,iface->getNetmaskPtr()->toString());

            res << setAddrCmd;
        }        
--- a/src/pix/PolicyCompiler_pix_writers.cpp
+++ b/src/pix/PolicyCompiler_pix_writers.cpp
@ -161,15 +161,16 @@ bool PolicyCompiler_pix::PrintObjectGroupsAndClearCommands::processNext()
            {
                Address *a=Address::cast(obj);
                assert(a!=NULL);
-                InetAddr addr=a->getAddress();
+                const InetAddr *addr = a->getAddressPtr();
                pix_comp->output << " network-object ";
-                if (Network::cast(obj)!=NULL) {
-                    InetAddr   mask=a->getNetmask();
-                    pix_comp->output << addr.toString() << " ";
-                    pix_comp->output << mask.toString() << " ";
+                if (Network::cast(obj)!=NULL)
+                {
+                    const InetAddr *mask = a->getNetmaskPtr();
+                    pix_comp->output << addr->toString() << " ";
+                    pix_comp->output << mask->toString() << " ";
                } else {
                    pix_comp->output << " host ";
-                    pix_comp->output << addr.toString() << " ";
+                    pix_comp->output << addr->toString() << " ";
                }
                pix_comp->output << endl;
                break;
@ -352,8 +353,8 @@ string PolicyCompiler_pix::PrintRule::_printAddr(libfwbuilder::Address  *o)
 {
    ostringstream  str;

-    InetAddr srcaddr=o->getAddress();
-    InetAddr   srcmask=o->getNetmask();
+    const InetAddr *srcaddr = o->getAddressPtr();
+    InetAddr srcmask = *(o->getNetmaskPtr());

    if (Interface::cast(o)!=NULL)
    {
@ -363,23 +364,23 @@ string PolicyCompiler_pix::PrintRule::_printAddr(libfwbuilder::Address  *o)
 	    return string("interface ") + interface_->getLabel() + " ";
 	}

-	srcmask=InetAddr(InetAddr::getAllOnes());
+	srcmask = InetAddr(InetAddr::getAllOnes());
    }

    if (IPv4::cast(o)!=NULL) 
-	srcmask=InetAddr(InetAddr::getAllOnes());
+	srcmask = InetAddr(InetAddr::getAllOnes());


-    if (srcaddr.isAny() && srcmask.isAny())
+    if (srcaddr->isAny() && srcmask.isAny())
    {
 	str << "any ";
    } else {
 	if (srcmask.isHostMask())
        {
-	    str << "host " << srcaddr.toString() << " ";
+	    str << "host " << srcaddr->toString() << " ";
 	} else
        {
-	    str << srcaddr.toString() << " ";
+	    str << srcaddr->toString() << " ";
 	    str << srcmask.toString() << " ";
 	}
    }
@ -500,15 +501,15 @@ string PolicyCompiler_pix::PrintRule::_printSingleSSHTelnetCommand(int port,
    if (port==23) 
    {
        res += "telnet ";
-        res += a->getAddress().toString() + " " 
-            + a->getNetmask().toString() + " "
+        res += a->getAddressPtr()->toString() + " " 
+            + a->getNetmaskPtr()->toString() + " "
            + interfaceLabel     + "\n";
    }
    if (port==22) 
    {
        res += "ssh    ";
-        res += a->getAddress().toString() + " " 
-            + a->getNetmask().toString() + " "
+        res += a->getAddressPtr()->toString() + " " 
+            + a->getNetmaskPtr()->toString() + " "
            + interfaceLabel     + "\n";
    }
    return res;
--- a/src/pix/globalNATPool.cpp
+++ b/src/pix/globalNATPool.cpp
@ -57,7 +57,7 @@ ostream& fwcompiler::operator<<(ostream &s,const globalNATPool &pool)
        s << " interface" << endl;
        break;
    case globalNATPool::SINGLE_ADDRESS:
-        s << " " << pool.addr->getAddress().toString() << endl;
+        s << " " << pool.addr->getAddressPtr()->toString() << endl;
        break;
    case globalNATPool::ADDRESS_RANGE:
        AddressRange *ar=AddressRange::cast(pool.addr);
--- a/test/ipt/run.all
+++ b/test/ipt/run.all
@ -8,6 +8,8 @@ while (<>) {
  while ( $str=~ /<Firewall / ) {
    $str=~ /<Firewall [^>]+name="([^"]*).*$"/;
    $fw=$1;
+    printf "\n";
+    printf "echo '***** $fw'\n";
    printf "fwb_ipt -v -f $XMLFILE $fw\n";
    $str=~ s/^.*<Firewall [^>]+name="$fw"[^>]+>//;
  }