2008-12-25 vadim <vadim@vk.crocodile.org>

* All policy compilers: using FWObjectDatabase::createClass methods to create rules and other objects in compilers wherever the type is known at the (code) compile time. This makes code cleaner and speeds it up a little because of eliminated cast() and string comparison. * changes in libfbuilder: eliminated excessive use of dynamic_cast and long chains of "if" comparing object type names in FWObjectDatabase in methods that create new objects of given type.
2026-03-19 09:47:20 +01:00 · 2008-12-25 20:38:53 +00:00 · 2008-12-25 20:38:53 +00:00 · 5ef36c5a52
commit 5ef36c5a52
parent d720f16c7e
25 changed files with 220 additions and 275 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-#define BUILD_NUM 707
+#define BUILD_NUM 708
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,3 +1,15 @@
+2008-12-25  vadim  <vadim@vk.crocodile.org>
+
+	* All policy compilers: using FWObjectDatabase::createClass
+	methods to create rules and other objects in compilers wherever
+	the type is known at the (code) compile time. This makes code
+	cleaner and speeds it up a little because of eliminated cast() and
+	string comparison.
+
+	* changes in libfbuilder: eliminated excessive use of dynamic_cast
+	and long chains of "if" comparing object type names in
+	FWObjectDatabase in methods that create new objects of given type.
+
 2008-12-23  vadim  <vadim@vk.crocodile.org>

 	* PolicyCompiler_PrintRule.cpp (PrintRule::_printSrcAddr):
--- a/src/cisco_lib/PolicyCompiler_cisco.cpp
+++ b/src/cisco_lib/PolicyCompiler_cisco.cpp
@ -107,22 +107,20 @@ void PolicyCompiler_cisco::addDefaultPolicyRule()
         !getCachedFwOpt()->getStr("mgmt_addr").empty() )
    {
        PolicyRule *r;
-        TCPService *ssh = TCPService::cast(
-            dbcopy->create(TCPService::TYPENAME) );
+        TCPService *ssh = dbcopy->createTCPService();
        ssh->setDstRangeStart(22);
        ssh->setDstRangeEnd(22);
        dbcopy->add(ssh,false);
        cacheObj(ssh); // to keep cache consistent

-        Network *mgmt_workstation = Network::cast(
-            dbcopy->create(Network::TYPENAME));
+        Network *mgmt_workstation = dbcopy->createNetwork();
        mgmt_workstation->setAddressNetmask(
            getCachedFwOpt()->getStr("mgmt_addr"));

        dbcopy->add(mgmt_workstation, false);
        cacheObj(mgmt_workstation); // to keep cache consistent

-        r= PolicyRule::cast(dbcopy->create(PolicyRule::TYPENAME) );
+        r= dbcopy->createPolicyRule();
        temp_ruleset->add(r);
        r->setAction(PolicyRule::Accept);
        r->setLogging(false);
@ -155,7 +153,7 @@ void PolicyCompiler_cisco::addDefaultPolicyRule()
    // 'deny any any' rule for such interfaces and screws things big
    // time.
 #if 0
-    PolicyRule *r= PolicyRule::cast(dbcopy->create(PolicyRule::TYPENAME) );
+    PolicyRule *r= dbcopy->createPolicyRule();

    temp_ruleset->add(r);
    r->setAction(PolicyRule::Deny);
@ -188,8 +186,7 @@ bool PolicyCompiler_cisco::splitIfSrcAny::processNext()
    )
    {
         
-        PolicyRule *r= PolicyRule::cast(
-            compiler->dbcopy->create(PolicyRule::TYPENAME) );
+        PolicyRule *r= compiler->dbcopy->createPolicyRule();
        compiler->temp_ruleset->add(r);
        r->duplicate(rule);
        r->setDirection( PolicyRule::Outbound );
@ -244,8 +241,7 @@ bool PolicyCompiler_cisco::splitIfDstAny::processNext()
         )
    )
    {
-	PolicyRule *r= PolicyRule::cast(
-	    compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	PolicyRule *r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	r->setDirection( PolicyRule::Inbound );
@ -294,8 +290,7 @@ bool PolicyCompiler_cisco::NegationPhase1::processNext()
    
    if (src->getNeg()) {

-	PolicyRule *r= PolicyRule::cast(
-	    getCompiler()->dbcopy->create(PolicyRule::TYPENAME) );
+	PolicyRule *r= getCompiler()->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	r->setStr("action","CONTINUE");
@ -304,8 +299,7 @@ bool PolicyCompiler_cisco::NegationPhase1::processNext()
 	nsrc->setNeg(false);
 	vr->push_back(r);

-	r= PolicyRule::cast(
-	    getCompiler()->dbcopy->create(PolicyRule::TYPENAME) );
+	r= getCompiler()->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);

@ -316,10 +310,9 @@ bool PolicyCompiler_cisco::NegationPhase1::processNext()
 	vr->push_back(r);
    }

-    if (dst->getNeg()) {
-
-	PolicyRule *r= PolicyRule::cast(
-	    getCompiler()->dbcopy->create(PolicyRule::TYPENAME) );
+    if (dst->getNeg())
+    {
+	PolicyRule *r= getCompiler()->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	r->setStr("action","CONTINUE");
@ -328,8 +321,7 @@ bool PolicyCompiler_cisco::NegationPhase1::processNext()
 	ndst->setNeg(false);
 	vr->push_back(r);

-	r= PolicyRule::cast(
-	    getCompiler()->dbcopy->create(PolicyRule::TYPENAME) );
+	r= getCompiler()->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);

@ -340,10 +332,9 @@ bool PolicyCompiler_cisco::NegationPhase1::processNext()
 	vr->push_back(r);
    }

-    if (srv->getNeg()) {
-
-	PolicyRule *r= PolicyRule::cast(
-	    getCompiler()->dbcopy->create(PolicyRule::TYPENAME) );
+    if (srv->getNeg())
+    {
+	PolicyRule *r= getCompiler()->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	r->setStr("action","CONTINUE");
@ -352,8 +343,7 @@ bool PolicyCompiler_cisco::NegationPhase1::processNext()
 	nsrv->setNeg(false);
 	vr->push_back(r);

-	r= PolicyRule::cast(
-	    getCompiler()->dbcopy->create(PolicyRule::TYPENAME) );
+	r= getCompiler()->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);

@ -364,9 +354,9 @@ bool PolicyCompiler_cisco::NegationPhase1::processNext()
 	vr->push_back(r);
    }

-    if (vr->empty()) {
-	PolicyRule *r= PolicyRule::cast(
-	    getCompiler()->dbcopy->create(PolicyRule::TYPENAME) );
+    if (vr->empty())
+    {
+	PolicyRule *r= getCompiler()->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);

 	if (compiler->debug>=5) {
@ -421,7 +411,7 @@ bool PolicyCompiler_cisco::splitIfRuleElementMatchesFW::processNext()
 	    cl.push_back(o);   // can not remove right now because remove invalidates iterator
            nre--;

-	    PolicyRule  *new_rule= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	    PolicyRule  *new_rule= compiler->dbcopy->createPolicyRule();
 	    compiler->temp_ruleset->add(new_rule);
 	    new_rule->duplicate(rule);
            RuleElement *new_re=RuleElement::cast(new_rule->getFirstByType(re_type));
@ -546,7 +536,7 @@ bool PolicyCompiler_cisco::tcpServiceToFW::processNext()
        if (!cl.empty()) 
        {

-            PolicyRule  *r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            PolicyRule  *r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            RuleElementDst *ndst=r->getDst();
@ -667,8 +657,7 @@ void PolicyCompiler_cisco::splitByNetworkZonesForRE::AddToInterface(
    new_rule = rules[interface_id];
    if (new_rule==NULL) 
    {
-        new_rule = PolicyRule::cast(compiler->dbcopy->create(
-                                        PolicyRule::TYPENAME) );
+        new_rule = compiler->dbcopy->createPolicyRule();
        compiler->temp_ruleset->add(new_rule);
        new_rule->duplicate(rule);
        rules[interface_id]=new_rule;
--- a/src/cisco_lib/PolicyCompiler_cisco_acls.cpp
+++ b/src/cisco_lib/PolicyCompiler_cisco_acls.cpp
@ -87,8 +87,7 @@ bool PolicyCompiler_cisco::setInterfaceAndDirectionBySrc::processNext()
            assert(ifs);
            if (ifs->isUnprotected()) continue;   // skip!

-            PolicyRule *new_rule = PolicyRule::cast(
-                compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            PolicyRule *new_rule = compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(new_rule);
            new_rule->duplicate(rule);
            new_rule->setInterfaceId(intf_id);
@ -139,8 +138,7 @@ bool PolicyCompiler_cisco::setInterfaceAndDirectionByDst::processNext()
            assert(ifs);
            if (ifs->isUnprotected()) continue;   // skip!

-            PolicyRule *new_rule = PolicyRule::cast(
-                compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            PolicyRule *new_rule = compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(new_rule);
            new_rule->duplicate(rule);
            new_rule->setInterfaceId(intf_id);
@ -176,8 +174,7 @@ bool PolicyCompiler_cisco::setInterfaceAndDirectionIfInterfaceSet::processNext()

        if (rule->getDirection()==PolicyRule::Both)
        {
-            new_rule =
-                PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME));
+            new_rule =compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(new_rule);
            new_rule->duplicate(rule);
            new_rule->setInterfaceId( rule_iface_id );
@ -185,8 +182,7 @@ bool PolicyCompiler_cisco::setInterfaceAndDirectionIfInterfaceSet::processNext()
            new_rule->setBool("interface_and_direction_set",true);
            tmp_queue.push_back(new_rule);

-            new_rule =
-                PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME));
+            new_rule =compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(new_rule);
            new_rule->duplicate(rule);
            new_rule->setInterfaceId( rule_iface_id );
@ -195,8 +191,7 @@ bool PolicyCompiler_cisco::setInterfaceAndDirectionIfInterfaceSet::processNext()
            tmp_queue.push_back(new_rule);
        } else
        {
-            new_rule =
-                PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME));
+            new_rule =compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(new_rule);
            new_rule->duplicate(rule);
            new_rule->setInterfaceId( rule_iface_id );
--- a/src/iosacl/iosacl.cpp
+++ b/src/iosacl/iosacl.cpp
@ -223,7 +223,7 @@ int main(int argc, char * const * argv)
    try
    {
        new Resources(respath+FS_SEPARATOR+"resources.xml");
-
+ 
 /* create database */
        objdb = new FWObjectDatabase();

--- a/src/ipt/MangleTableCompiler_ipt.cpp
+++ b/src/ipt/MangleTableCompiler_ipt.cpp
@ -92,8 +92,7 @@ bool MangleTableCompiler_ipt::keepMangleTableRules::processNext()
                rule->getDirection()==PolicyRule::Both ||
                rule->getDirection()==PolicyRule::Inbound)
            {
-                r= PolicyRule::cast(
-                    compiler->dbcopy->create(PolicyRule::TYPENAME));
+                r= compiler->dbcopy->createPolicyRule();
                compiler->temp_ruleset->add(r);
                r->duplicate(rule);
                r->setStr("ipt_chain","PREROUTING");
@ -104,8 +103,7 @@ bool MangleTableCompiler_ipt::keepMangleTableRules::processNext()
                rule->getDirection()==PolicyRule::Both ||
                rule->getDirection()==PolicyRule::Outbound)
            {
-                r= PolicyRule::cast(
-                    compiler->dbcopy->create(PolicyRule::TYPENAME));
+                r= compiler->dbcopy->createPolicyRule();
                compiler->temp_ruleset->add(r);
                r->duplicate(rule);
                r->setStr("ipt_chain","POSTROUTING");
--- a/src/ipt/NATCompiler_ipt.cpp
+++ b/src/ipt/NATCompiler_ipt.cpp
@ -299,8 +299,7 @@ bool NATCompiler_ipt::ConvertLoadBalancingRules::processNext()
            a1 = *j;
        }

-        AddressRange *ar = AddressRange::cast(
-            compiler->dbcopy->create(AddressRange::TYPENAME) );
+        AddressRange *ar = compiler->dbcopy->createAddressRange();
        ar->setRangeStart( *(al.front()) );
        ar->setRangeEnd( *(al.back()) );
        ar->setName(string("%")+al.front()->toString()
@ -340,7 +339,7 @@ bool NATCompiler_ipt::splitSDNATRule::processNext()

 /* first rule translates destination and may translate service (depends
 * on the original rule) */
-        NATRule *r = NATRule::cast( compiler->dbcopy->create(NATRule::TYPENAME) );
+        NATRule *r = compiler->dbcopy->createNATRule();
        r->duplicate(rule);
        compiler->temp_ruleset->add(r);
        r->setRuleType(NATRule::Unknown);
@ -354,7 +353,7 @@ bool NATCompiler_ipt::splitSDNATRule::processNext()
 /* the second rule translates source and uses translated object in
 * ODst. Since the service could have been translated by the first
 * rule, we use TSrv in OSrv */
-        r = NATRule::cast( compiler->dbcopy->create(NATRule::TYPENAME) );
+        r = compiler->dbcopy->createNATRule();
        r->duplicate(rule);
        compiler->temp_ruleset->add(r);
        r->setRuleType(NATRule::Unknown);
@ -546,8 +545,7 @@ bool NATCompiler_ipt::convertToAtomicportForOSrv::processNext()

        for (FWObject::iterator i1=osrv->begin(); i1!=osrv->end(); ++i1) 
        {
-            NATRule *r = NATRule::cast(
-                compiler->dbcopy->create(NATRule::TYPENAME) );
+            NATRule *r = compiler->dbcopy->createNATRule();
            r->duplicate(rule);
            compiler->temp_ruleset->add(r);

@ -617,7 +615,7 @@ bool NATCompiler_ipt::splitOnODst::processNext()
 	    Address *a=Address::cast( o );
 	    assert(a);

-	    NATRule *r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+	    NATRule *r= compiler->dbcopy->createNATRule();
 	    compiler->temp_ruleset->add(r);
 	    r->duplicate(rule);
 	    RuleElementODst *nodst=r->getODst();
@ -648,7 +646,7 @@ bool NATCompiler_ipt::splitOnOSrv::processNext()
 	    Service *s=Service::cast( o );
 	    assert(s);

-	    NATRule *r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+	    NATRule *r= compiler->dbcopy->createNATRule();
 	    compiler->temp_ruleset->add(r);
 	    r->duplicate(rule);
 	    RuleElementOSrv *nosrv=r->getOSrv();
@ -746,7 +744,7 @@ bool NATCompiler_ipt::splitRuleIfRuleElementIsDynamicInterface::processNext()
 	    cl.push_back(o);   // can not remove right now because remove invalidates iterator
            nre--;

-	    NATRule  *new_rule= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+	    NATRule  *new_rule= compiler->dbcopy->createNATRule();
 	    compiler->temp_ruleset->add(new_rule);
 	    new_rule->duplicate(rule);
            RuleElement *new_re=RuleElement::cast(new_rule->getFirstByType(re_type));
@ -1029,7 +1027,7 @@ bool NATCompiler_ipt::splitMultiSrcAndDst::processNext()
 // get old chain name create new chain name
        string new_chain=NATCompiler_ipt::getNewTmpChainName(rule);
 // create new rule
-        NATRule *r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+        NATRule *r= compiler->dbcopy->createNATRule();
        compiler->temp_ruleset->add(r);
        r->duplicate(rule); 
 // move existing rule onto new chain
@ -1183,8 +1181,7 @@ bool NATCompiler_ipt::splitServices::processNext()
    for (map<int, list<Service*> >::iterator i=services.begin(); i!=services.end(); i++) {
 	list<Service*> &sl=(*i).second;

-	NATRule *r= NATRule::cast(
-	    compiler->dbcopy->create(NATRule::TYPENAME) );
+	NATRule *r= compiler->dbcopy->createNATRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	RuleElementOSrv *nsrv=r->getOSrv();
@ -1229,8 +1226,7 @@ bool NATCompiler_ipt::separatePortRanges::processNext()
            compiler->normalizePortRange(drs,dre);

            if (srs!=sre || drs!=dre) {
-                NATRule *r= NATRule::cast(
-                    compiler->dbcopy->create(NATRule::TYPENAME) );
+                NATRule *r= compiler->dbcopy->createNATRule();
                compiler->temp_ruleset->add(r);
                r->duplicate(rule);
                RuleElementOSrv *nsrv=r->getOSrv();
@ -1282,8 +1278,7 @@ bool NATCompiler_ipt::separateSourcePorts::processNext()
            {
                if (rule_4_src_ports==NULL)
                {
-                    rule_4_src_ports= NATRule::cast(
-                        compiler->dbcopy->create(NATRule::TYPENAME) );
+                    rule_4_src_ports= compiler->dbcopy->createNATRule();
                    compiler->temp_ruleset->add(rule_4_src_ports);
                    rule_4_src_ports->duplicate(rule);
                    nsrv=rule_4_src_ports->getOSrv();
@ -1340,8 +1335,7 @@ bool NATCompiler_ipt::separateSourceAndDestinationPorts::processNext()
            {
                if (nrule==NULL)
                {
-                    nrule= NATRule::cast(
-                        compiler->dbcopy->create(NATRule::TYPENAME) );
+                    nrule= compiler->dbcopy->createNATRule();
                    compiler->temp_ruleset->add(nrule);
                    nrule->duplicate(rule);
                    nsrv=nrule->getOSrv();
@ -1399,8 +1393,7 @@ bool NATCompiler_ipt::prepareForMultiport::processNext()

 		if (n==0) 
                {
-		    r= NATRule::cast(
-			compiler->dbcopy->create(NATRule::TYPENAME) );
+		    r= compiler->dbcopy->createNATRule();
 		    compiler->temp_ruleset->add(r);
 		    r->duplicate(rule);
 		    nsrv=r->getOSrv();
@ -1445,7 +1438,7 @@ bool NATCompiler_ipt::splitMultipleICMP::processNext()
            Service *s=Service::cast( o );
            assert(s);

-            r= NATRule::cast( compiler->dbcopy->create(NATRule::TYPENAME) );
+            r= compiler->dbcopy->createNATRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            nsrv=r->getOSrv();
@ -1511,7 +1504,7 @@ bool NATCompiler_ipt::doOSrcNegation::processNext()
 * TMP_CHAIN   A   any  any   RETURN     RETURN
 * TMP_CHAIN  any  any   C   SNAT/DNAT  ---------
 */
-	r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+	r= compiler->dbcopy->createNATRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	nsrc=r->getOSrc();  nsrc->clearChildren();  nsrc->setAnyElement();
@ -1523,7 +1516,7 @@ bool NATCompiler_ipt::doOSrcNegation::processNext()
 	tmp_queue.push_back(r);

 /* TMP_CHAIN   A  any  any  RETURN  */
-	r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+	r= compiler->dbcopy->createNATRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	ndst=r->getODst();   ndst->clearChildren();   ndst->setAnyElement();
@ -1541,7 +1534,7 @@ bool NATCompiler_ipt::doOSrcNegation::processNext()
 	tmp_queue.push_back(r);

 /* TMP_CHAIN   any any C  ACTION  */
-	r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+	r= compiler->dbcopy->createNATRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	nsrc=r->getOSrc();  nsrc->clearChildren();  nsrc->setAnyElement();
@ -1589,7 +1582,7 @@ bool NATCompiler_ipt::doODstNegation::processNext()
 * TMP_CHAIN  any   B   any   RETURN     RETURN
 * TMP_CHAIN  any  any   C    SNAT/DNAT  ---------
 */
-	r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+	r= compiler->dbcopy->createNATRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	ndst=r->getODst();   ndst->clearChildren();   ndst->setAnyElement();
@ -1601,7 +1594,7 @@ bool NATCompiler_ipt::doODstNegation::processNext()
 	tmp_queue.push_back(r);

 /* TMP_CHAIN   any  B  any  RETURN  */
-	r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+	r= compiler->dbcopy->createNATRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	nsrc=r->getOSrc();   nsrc->clearChildren();   nsrc->setAnyElement();
@ -1619,7 +1612,7 @@ bool NATCompiler_ipt::doODstNegation::processNext()
 	tmp_queue.push_back(r);

 /* TMP_CHAIN   any  any  C  ACTION  */
-	r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+	r= compiler->dbcopy->createNATRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	nsrc=r->getOSrc();  nsrc->clearChildren();  nsrc->setAnyElement();
@ -1666,7 +1659,7 @@ bool NATCompiler_ipt::doOSrvNegation::processNext()
 * TMP_CHAIN  any  any   C    RETURN     RETURN
 * TMP_CHAIN  any  any  any   SNAT/DNAT  ---------
 */
-	r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+	r= compiler->dbcopy->createNATRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	nsrv=r->getOSrv();  nsrv->clearChildren();  nsrv->setAnyElement();
@ -1678,7 +1671,7 @@ bool NATCompiler_ipt::doOSrvNegation::processNext()
 	tmp_queue.push_back(r);

 /* TMP_CHAIN   any  any  C  RETURN  */
-	r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+	r= compiler->dbcopy->createNATRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	nsrc=r->getOSrc();  nsrc->clearChildren();  nsrc->setAnyElement();
@ -1695,7 +1688,7 @@ bool NATCompiler_ipt::doOSrvNegation::processNext()
 	tmp_queue.push_back(r);

 /* TMP_CHAIN   any  any  any  ACTION  */
-	r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+	r= compiler->dbcopy->createNATRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	nsrc=r->getOSrc();  nsrc->clearChildren();  nsrc->setAnyElement();
@ -1730,7 +1723,7 @@ bool NATCompiler_ipt::splitNONATRule::processNext()
 * both these chains because there may be other rules in POSTROUTING
 * chain that may accidentally match the packet and translate it.
 */
-        NATRule *r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+        NATRule *r= compiler->dbcopy->createNATRule();
        compiler->temp_ruleset->add(r);
        r->duplicate(rule);
        r->setStr("ipt_chain","POSTROUTING");  
@ -1818,8 +1811,7 @@ bool NATCompiler_ipt::splitIfOSrcAny::processNext()
        // split if osrc is any OR if it has a single object with negation
        if (osrc->isAny() || osrcrel->getBool("single_object_negation"))
        {
-            NATRule *r = NATRule::cast(
-                compiler->dbcopy->create(NATRule::TYPENAME) );
+            NATRule *r = compiler->dbcopy->createNATRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            RuleElementOSrc *nosrcrel = r->getOSrc();
@ -2000,8 +1992,7 @@ bool NATCompiler_ipt::AssignInterface::processNext()
        int n=0;
        for (list<string>::iterator i=regular_interfaces.begin(); i!=regular_interfaces.end(); i++)
        {
-            NATRule *r = NATRule::cast(
-                compiler->dbcopy->create(NATRule::TYPENAME) );
+            NATRule *r = compiler->dbcopy->createNATRule();
            r->duplicate(rule);
            compiler->temp_ruleset->add(r);

@ -2147,7 +2138,7 @@ bool NATCompiler_ipt::processMultiAddressObjectsInRE::processNext()
        for (list<MultiAddressRunTime*>::iterator i=cl.begin(); i!=cl.end(); i++)
        {
            MultiAddressRunTime *atrt = *i;
-            r = NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+            r = compiler->dbcopy->createNATRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            nre=RuleElement::cast( r->getFirstByType(re_type) );
--- a/src/ipt/PolicyCompiler_ipt.cpp
+++ b/src/ipt/PolicyCompiler_ipt.cpp
@ -443,13 +443,13 @@ int PolicyCompiler_ipt::prolog()
    Address     *bcast255;
    TCPService  *tcpsyn;

-    anytcp=Service::cast(dbcopy->create(TCPService::TYPENAME) );
+    anytcp=dbcopy->createTCPService();
    anytcp->setId(FWObjectDatabase::registerStringId(ANY_TCP_OBJ_ID));
    anytcp->setName("AnyTCP");
    dbcopy->add(anytcp);
    cacheObj(anytcp); // to keep cache consistent

-    tcpsyn=TCPService::cast(dbcopy->create(TCPService::TYPENAME) );
+    tcpsyn=dbcopy->createTCPService();
    tcpsyn->setId(FWObjectDatabase::registerStringId(TCP_SYN_OBJ_ID));
    tcpsyn->setName("tcpSYN");
    tcpsyn->setTCPFlag(TCPService::SYN,true);
@ -457,25 +457,25 @@ int PolicyCompiler_ipt::prolog()
    dbcopy->add(tcpsyn);
    cacheObj(tcpsyn); // to keep cache consistent

-    anyudp=Service::cast(dbcopy->create(UDPService::TYPENAME) );
+    anyudp=dbcopy->createUDPService();
    anyudp->setId(FWObjectDatabase::registerStringId(ANY_UDP_OBJ_ID));
    anyudp->setName("AnyUDP");
    dbcopy->add(anyudp);
    cacheObj(anyudp); // to keep cache consistent

-    anyicmp=Service::cast(dbcopy->create(ICMPService::TYPENAME) );
+    anyicmp=dbcopy->createICMPService();
    anyicmp->setId(FWObjectDatabase::registerStringId(ANY_ICMP_OBJ_ID));
    anyicmp->setName("AnyICMP");
    dbcopy->add(anyicmp);
    cacheObj(anyicmp); // to keep cache consistent

-    anyip=Service::cast(dbcopy->create(IPService::TYPENAME) );
+    anyip=dbcopy->createIPService();
    anyip->setId(FWObjectDatabase::registerStringId(ANY_IP_OBJ_ID));
    anyip->setName("AnyIP");
    dbcopy->add(anyip);
    cacheObj(anyip); // to keep cache consistent

-    bcast255=Address::cast(dbcopy->create(IPv4::TYPENAME) );
+    bcast255=dbcopy->createIPv4();
    bcast255->setId(FWObjectDatabase::registerStringId(BCAST_255_OBJ_ID));
    bcast255->setName("Broadcast_addr");
    bcast255->setAddress(InetAddr::getAllOnes());
@ -569,7 +569,7 @@ bool  PolicyCompiler_ipt::splitNonTerminatingTargets::processNext()
            !nitfre->isAny())
        {
            new_chain = ipt_comp->getNewTmpChainName(rule);
-            r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            r->setStr("subrule_suffix","ntt");
@ -577,7 +577,7 @@ bool  PolicyCompiler_ipt::splitNonTerminatingTargets::processNext()
            tmp_queue.push_back(r);
        }

-        r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+        r= compiler->dbcopy->createPolicyRule();
        compiler->temp_ruleset->add(r);
        r->duplicate(rule);
        nsrc = r->getSrc();   nsrc->reset();
@ -598,7 +598,7 @@ bool  PolicyCompiler_ipt::splitNonTerminatingTargets::processNext()
        ipt_comp->insertUpstreamChain(this_chain, new_chain);
        tmp_queue.push_back(r);

-        r2= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+        r2= compiler->dbcopy->createPolicyRule();
        compiler->temp_ruleset->add(r2);
        r2->duplicate(r);
        r2->setAction(PolicyRule::Accept);
@ -651,8 +651,7 @@ bool  PolicyCompiler_ipt::InterfacePolicyRulesWithOptimization::processNext()
                    compiler->warning("Object '" + o1->getName() + "', which is not an interface, is a member of the group '" + o->getName() + "' used in 'Interface' element of a rule.   Rule: " + rule->getLabel());
                    continue;
                }
-                r= PolicyRule::cast(compiler->dbcopy->create(
-                                        PolicyRule::TYPENAME) );
+                r= compiler->dbcopy->createPolicyRule();
                compiler->temp_ruleset->add(r);
                r->duplicate(rule);
                r->setStr("subrule_suffix","i1");
@ -662,7 +661,7 @@ bool  PolicyCompiler_ipt::InterfacePolicyRulesWithOptimization::processNext()
            }
        } else
        {
-            r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            r->setStr("subrule_suffix","i1");
@ -699,14 +698,13 @@ bool PolicyCompiler_ipt::Route::processNext()

        if (ruleopt->getBool("ipt_tee"))
        {
-            PolicyRule *r= PolicyRule::cast(
-                compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            PolicyRule *r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            ipt_comp->setChain(rule, "PREROUTING");
            tmp_queue.push_back(r);

-            r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            ipt_comp->setChain(rule, "POSTROUTING");
@ -819,7 +817,7 @@ bool PolicyCompiler_ipt::Logging2::processNext()
 */
        if (need_new_chain) 
        {
-            r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            ruleopt =r->getOptionsObject();
@ -841,7 +839,7 @@ bool PolicyCompiler_ipt::Logging2::processNext()
 * %I in log prefix
 *
 */
-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        ruleopt =r->getOptionsObject();
@ -866,7 +864,7 @@ bool PolicyCompiler_ipt::Logging2::processNext()
        ruleopt->setInt("hashlimit_value",-1);
 	tmp_queue.push_back(r);

-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        ruleopt =r->getOptionsObject();
@ -1037,7 +1035,7 @@ bool PolicyCompiler_ipt::SrcNegation::processNext()
        rule->setBool("upstream_rule_neg",true);

 /*     any  B C D  TMP_CHAIN  */
-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        r->setStr("subrule_suffix","1");
@ -1053,7 +1051,7 @@ bool PolicyCompiler_ipt::SrcNegation::processNext()
 	tmp_queue.push_back(r);

 /* TMP_CHAIN   A  any any any  RETURN  */
-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        r->setStr("subrule_suffix","2");
@ -1083,7 +1081,7 @@ bool PolicyCompiler_ipt::SrcNegation::processNext()
 	tmp_queue.push_back(r);

 /* TMP_CHAIN   any any any any  ACTION  */
-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        r->setStr("subrule_suffix","3");
@ -1160,7 +1158,7 @@ bool PolicyCompiler_ipt::DstNegation::processNext()
        rule->setBool("upstream_rule_neg",true);

 /*     A any C D  TMP_CHAIN  */
-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        r->setStr("subrule_suffix","1");
@ -1176,7 +1174,7 @@ bool PolicyCompiler_ipt::DstNegation::processNext()
 	tmp_queue.push_back(r);

 /* TMP_CHAIN   any B any any RETURN  */
-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        r->setStr("subrule_suffix","2");
@ -1207,7 +1205,7 @@ bool PolicyCompiler_ipt::DstNegation::processNext()
 	tmp_queue.push_back(r);

 /* TMP_CHAIN   any  any any any  ACTION  */
-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        r->setStr("subrule_suffix","3");
@ -1285,7 +1283,7 @@ bool PolicyCompiler_ipt::SrvNegation::processNext()


 /*     A B any D TMP_CHAIN  */
-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        r->setStr("subrule_suffix","1");
@ -1300,7 +1298,7 @@ bool PolicyCompiler_ipt::SrvNegation::processNext()
 	tmp_queue.push_back(r);

 /* TMP_CHAIN   any  any  C any RETURN  */
-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        r->setStr("subrule_suffix","2");
@ -1331,7 +1329,7 @@ bool PolicyCompiler_ipt::SrvNegation::processNext()
 	tmp_queue.push_back(r);

 /* TMP_CHAIN   any  any any any ACTION  */
-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        r->setStr("subrule_suffix","3");
@ -1396,7 +1394,7 @@ bool PolicyCompiler_ipt::TimeNegation::processNext()
        rule->setBool("upstream_rule_neg",true);

 /*     A B C any  TMP_CHAIN  */
-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        r->setStr("subrule_suffix","1");
@ -1412,7 +1410,7 @@ bool PolicyCompiler_ipt::TimeNegation::processNext()
 	tmp_queue.push_back(r);

 /* TMP_CHAIN   any  any any  D  RETURN  */
-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        r->setStr("subrule_suffix","2");
@ -1443,7 +1441,7 @@ bool PolicyCompiler_ipt::TimeNegation::processNext()
 	tmp_queue.push_back(r);

 /* TMP_CHAIN   any  any any any  ACTION  */
-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        r->setStr("subrule_suffix","3");
@ -1682,7 +1680,7 @@ bool PolicyCompiler_ipt::splitIfTagAndConnmark::processNext()
        string this_chain  = rule->getStr("ipt_chain");
 	string new_chain=ipt_comp->getNewChainName(rule,rule_iface);

-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	r->setStr("ipt_target",new_chain);
@ -1695,7 +1693,7 @@ bool PolicyCompiler_ipt::splitIfTagAndConnmark::processNext()

 	tmp_queue.push_back(r);

-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	r->setStr("ipt_chain",new_chain);
@ -1719,7 +1717,7 @@ bool PolicyCompiler_ipt::splitIfTagAndConnmark::processNext()

 	tmp_queue.push_back(r);

-	r1= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r1= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r1);
 	r1->duplicate(r);
 	r1->setStr("ipt_target","CONNMARK");
@ -1734,8 +1732,7 @@ bool PolicyCompiler_ipt::splitIfTagAndConnmark::processNext()

        if (make_terminating)
        {
-            r1 = PolicyRule::cast(
-                compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            r1 = compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r1);
            r1->duplicate(r);
            r1->setStr("ipt_target","ACCEPT");
@ -1767,8 +1764,7 @@ bool PolicyCompiler_ipt::splitIfIfaceAndDirectionBoth::processNext()
        // direction 'inbound' does not make sense for it.
        if (rule->getStr("ipt_chain") != "POSTROUTING")
        {
-            r = PolicyRule::cast(
-                compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            r = compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            r->setDirection( PolicyRule::Inbound );
@ -1779,7 +1775,7 @@ bool PolicyCompiler_ipt::splitIfIfaceAndDirectionBoth::processNext()
        // direction 'Outbound' does not make sense for it.
        if (rule->getStr("ipt_chain") != "PREROUTING")
        {
-            r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME));
+            r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            r->setDirection( PolicyRule::Outbound );
@ -1889,8 +1885,7 @@ bool PolicyCompiler_ipt::bridgingFw::processNext()
            ) ipt_comp->setChain(rule, "FORWARD");
            else
            {
-                PolicyRule *r= PolicyRule::cast(
-                    compiler->dbcopy->create(PolicyRule::TYPENAME) );
+                PolicyRule *r= compiler->dbcopy->createPolicyRule();
                compiler->temp_ruleset->add(r);
                r->duplicate(rule);
                ipt_comp->setChain(r, "FORWARD");
@ -1953,8 +1948,7 @@ bool PolicyCompiler_ipt::splitIfSrcNegAndFw::processNext()

        if (fwLikes.size() != 0)
        {
-            PolicyRule *r= PolicyRule::cast(
-                compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            PolicyRule *r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            ipt_comp->setChain(r,"OUTPUT");
@ -2032,8 +2026,7 @@ bool PolicyCompiler_ipt::splitIfDstNegAndFw::processNext()

        if (fwLikes.size() != 0)
        {
-            PolicyRule *r= PolicyRule::cast(
-                compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            PolicyRule *r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            ipt_comp->setChain(r,"INPUT");
@ -2103,8 +2096,7 @@ bool PolicyCompiler_ipt::splitIfSrcAny::processNext()
         ) 
    )
    {
-        PolicyRule *r= PolicyRule::cast(
-            compiler->dbcopy->create(PolicyRule::TYPENAME) );
+        PolicyRule *r= compiler->dbcopy->createPolicyRule();
        compiler->temp_ruleset->add(r);
        r->duplicate(rule);
        ipt_comp->setChain(r,"OUTPUT");
@ -2118,7 +2110,7 @@ bool PolicyCompiler_ipt::splitIfSrcAny::processNext()
        if (ipt_comp->my_table=="mangle" &&
            rule->getAction()==PolicyRule::Classify)
        {
-            r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME));
+            r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            ipt_comp->setChain(r,"POSTROUTING");
@ -2171,8 +2163,7 @@ bool PolicyCompiler_ipt::splitIfDstAny::processNext()
         ) 
    )
    {
-	PolicyRule *r= PolicyRule::cast(
-	    compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	PolicyRule *r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	ipt_comp->setChain(r,"INPUT");
@ -2185,7 +2176,7 @@ bool PolicyCompiler_ipt::splitIfDstAny::processNext()
        // such as CLASSIFY
        if (ipt_comp->my_table=="mangle" && rule->getAction()==PolicyRule::Classify)
        {
-            r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            ipt_comp->setChain(r,"PREROUTING");
@ -2218,8 +2209,7 @@ bool PolicyCompiler_ipt::splitIfSrcAnyForShadowing::processNext()
         rule->getDirection()!=PolicyRule::Inbound && 
         srcrel->isAny() )
    {
-        PolicyRule *r= PolicyRule::cast(
-            compiler->dbcopy->create(PolicyRule::TYPENAME) );
+        PolicyRule *r= compiler->dbcopy->createPolicyRule();
        compiler->temp_ruleset->add(r);
        r->duplicate(rule);
        ipt_comp->setChain(r,"OUTPUT");
@ -2252,8 +2242,7 @@ bool PolicyCompiler_ipt::splitIfDstAnyForShadowing::processNext()
         rule->getDirection()!=PolicyRule::Outbound && 
         dstrel->isAny() )
    {
-        PolicyRule *r= PolicyRule::cast(
-            compiler->dbcopy->create(PolicyRule::TYPENAME) );
+        PolicyRule *r= compiler->dbcopy->createPolicyRule();
        compiler->temp_ruleset->add(r);
        r->duplicate(rule);
        ipt_comp->setChain(r,"INPUT");
@ -2316,8 +2305,7 @@ bool PolicyCompiler_ipt::splitIfSrcFWNetwork::processNext()

        if ( ! obj_subst.empty() )
        {
-            PolicyRule *r= PolicyRule::cast(
-                compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            PolicyRule *r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            ipt_comp->setChain(r,"OUTPUT");
@ -2390,8 +2378,7 @@ bool PolicyCompiler_ipt::splitIfDstFWNetwork::processNext()

        if ( ! obj_subst.empty() )
        {
-            PolicyRule *r= PolicyRule::cast(
-                compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            PolicyRule *r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            ipt_comp->setChain(r,"INPUT");
@ -2480,13 +2467,13 @@ bool PolicyCompiler_ipt::specialCaseWithFW1::processNext()
    {
 	PolicyRule *r;

-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	r->setDirection( PolicyRule::Inbound );
 	tmp_queue.push_back(r);

-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	r->setDirection( PolicyRule::Outbound );
@ -2738,7 +2725,7 @@ bool PolicyCompiler_ipt::decideOnChainIfSrcFW::processNext()
    {
 	PolicyRule *r;

-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        ipt_comp->setChain(r,"FORWARD");
@ -2816,7 +2803,7 @@ bool PolicyCompiler_ipt::decideOnChainIfDstFW::processNext()
    {
 	PolicyRule *r;

-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        ipt_comp->setChain(r,"FORWARD");
@ -3204,8 +3191,7 @@ bool PolicyCompiler_ipt::separateUserServices::processNext()

 	if (UserService::isA(s))
        {
-            PolicyRule *r= PolicyRule::cast(
-                compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            PolicyRule *r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            RuleElementSrv *nsrv=r->getSrv();
@ -3267,8 +3253,7 @@ bool PolicyCompiler_ipt::separatePortRanges::processNext()

            if (srs!=sre || drs!=dre) 
            {
-                PolicyRule *r= PolicyRule::cast(
-                    compiler->dbcopy->create(PolicyRule::TYPENAME) );
+                PolicyRule *r= compiler->dbcopy->createPolicyRule();
                compiler->temp_ruleset->add(r);
                r->duplicate(rule);
                RuleElementSrv *nsrv=r->getSrv();
@ -3315,8 +3300,7 @@ bool PolicyCompiler_ipt::separateSrcPort::processNext()
            compiler->normalizePortRange(srs,sre);

            if (srs!=0 || sre!=0) {
-                PolicyRule *r= PolicyRule::cast(
-                    compiler->dbcopy->create(PolicyRule::TYPENAME) );
+                PolicyRule *r= compiler->dbcopy->createPolicyRule();
                compiler->temp_ruleset->add(r);
                r->duplicate(rule);
                RuleElementSrv *nsrv=r->getSrv();
@ -3377,7 +3361,7 @@ bool PolicyCompiler_ipt::splitRuleIfSrvAnyActionReject::processNext()
        PolicyRule *r;
        RuleElementSrv *nsrv;

-        r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+        r= compiler->dbcopy->createPolicyRule();
        compiler->temp_ruleset->add(r);
        r->duplicate(rule);
        nsrv=r->getSrv();
@ -3453,7 +3437,7 @@ bool PolicyCompiler_ipt::splitServicesIfRejectWithTCPReset::processNext()
        PolicyRule *r;
        RuleElementSrv *nsrv;

-        r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+        r= compiler->dbcopy->createPolicyRule();
        compiler->temp_ruleset->add(r);
        r->duplicate(rule);
        nsrv=r->getSrv();
@ -3466,7 +3450,7 @@ bool PolicyCompiler_ipt::splitServicesIfRejectWithTCPReset::processNext()
        r->setStr("subrule_suffix","1");
        tmp_queue.push_back(r);

-        r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+        r= compiler->dbcopy->createPolicyRule();
        compiler->temp_ruleset->add(r);
        r->duplicate(rule);
        nsrv=r->getSrv();
@ -3516,8 +3500,7 @@ bool PolicyCompiler_ipt::prepareForMultiport::processNext()
 	    Service *s=Service::cast( o );
 	    assert(s);

-	    PolicyRule *r= PolicyRule::cast(
-		compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	    PolicyRule *r= compiler->dbcopy->createPolicyRule();
 	    compiler->temp_ruleset->add(r);
 	    r->duplicate(rule);
 	    RuleElementSrv *nsrv=r->getSrv();
@ -3549,8 +3532,7 @@ bool PolicyCompiler_ipt::prepareForMultiport::processNext()

 		if (n==0)
                {
-		    r= PolicyRule::cast(
-			compiler->dbcopy->create(PolicyRule::TYPENAME) );
+		    r= compiler->dbcopy->createPolicyRule();
 		    compiler->temp_ruleset->add(r);
 		    r->duplicate(rule);
 		    nsrv=r->getSrv();
@ -3603,8 +3585,7 @@ bool PolicyCompiler_ipt::specialCasesWithCustomServices::processNext()
            if (code.find("ESTABLISHED")!=string::npos ||
                code.find("RELATED")!=string::npos) 
            {
-                PolicyRule *r= PolicyRule::cast(
-                    compiler->dbcopy->create(PolicyRule::TYPENAME) );
+                PolicyRule *r= compiler->dbcopy->createPolicyRule();
                compiler->temp_ruleset->add(r);
                r->duplicate(rule);
                RuleElementSrv *nsrv=r->getSrv();
@ -3649,7 +3630,7 @@ bool PolicyCompiler_ipt::convertAnyToNotFWForShadowing::processNext()
 //            srcrel->addRef(compiler->fw);
 //            srcrel->setNeg(true);

-            r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME));
+            r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            r->setAction( PolicyRule::Return );
@ -3664,7 +3645,7 @@ bool PolicyCompiler_ipt::convertAnyToNotFWForShadowing::processNext()
 //            dstrel->addRef(compiler->fw);
 //            dstrel->setNeg(true);

-            r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME));
+            r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            r->setAction( PolicyRule::Return );
@ -3728,7 +3709,7 @@ bool PolicyCompiler_ipt::processMultiAddressObjectsInRE::processNext()
        for (list<MultiAddressRunTime*>::iterator i=cl.begin(); i!=cl.end(); i++) 
        {
            MultiAddressRunTime *atrt = *i;
-            r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            nre=RuleElement::cast( r->getFirstByType(re_type) );
@ -3783,7 +3764,7 @@ bool PolicyCompiler_ipt::accounting::processNext()
 * add copy of original rule, but turn off logging and set target
 * chain to new_chain.
 */
-            r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            nsrc=r->getSrc();  nsrc->reset();
--- a/src/ipt/PolicyCompiler_ipt_optimizer.cpp
+++ b/src/ipt/PolicyCompiler_ipt_optimizer.cpp
@ -71,7 +71,7 @@ void PolicyCompiler_ipt::optimize1::optimizeForRuleElement(
    string this_chain = rule->getStr("ipt_chain");
    string new_chain  = ipt_comp->getNewTmpChainName(rule);

-    r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+    r= compiler->dbcopy->createPolicyRule();
    compiler->temp_ruleset->add(r);
    r->duplicate(rule);

--- a/src/ipt/combinedAddress.cpp
+++ b/src/ipt/combinedAddress.cpp
@ -39,7 +39,7 @@ using namespace std;

 const char *combinedAddress::TYPENAME={"combinedAddress"};

-combinedAddress::combinedAddress(const FWObject *root,bool prepopulate) : IPv4(root,prepopulate) {}
+combinedAddress::combinedAddress(const FWObjectDatabase *root,bool prepopulate) : IPv4(root,prepopulate) {}
 combinedAddress::~combinedAddress() {}

 std::string combinedAddress::getPhysAddress() const
--- a/src/ipt/combinedAddress.h
+++ b/src/ipt/combinedAddress.h
@ -45,7 +45,7 @@ class combinedAddress : public IPv4
    DECLARE_FWOBJECT_SUBTYPE(combinedAddress);

    combinedAddress() {}
-    combinedAddress(const FWObject *root,bool prepopulate);
+    combinedAddress(const FWObjectDatabase *root,bool prepopulate);
    virtual ~combinedAddress();

    virtual FWObject& shallowDuplicate(const FWObject *obj,
--- a/src/pflib/NATCompiler_ipf.cpp
+++ b/src/pflib/NATCompiler_ipf.cpp
@ -163,8 +163,7 @@ bool NATCompiler_ipf::ExpandPortRange::processNext()

        for (int p=rs; p<=re; ++p)
        {
-            NATRule *r = NATRule::cast(
-                compiler->dbcopy->create(NATRule::TYPENAME) );
+            NATRule *r = compiler->dbcopy->createNATRule();
            r->duplicate(rule);

            FWObject *newSrv = compiler->dbcopy->create(newSrvType);
@ -252,8 +251,7 @@ bool NATCompiler_ipf::AssignInterface::processNext()
                 iface->isBridgePort() || 
                 iface->isLoopback()) continue;

-            NATRule *r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) 
-);
+            NATRule *r= compiler->dbcopy->createNATRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            r->setInterfaceId( iface->getId() );
@ -290,8 +288,7 @@ bool NATCompiler_ipf::AssignInterface::processNext()
                iface->isUnnumbered() ||
                iface->isBridgePort()) continue;

-            NATRule *r = NATRule::cast(
-                compiler->dbcopy->create(NATRule::TYPENAME) );
+            NATRule *r = compiler->dbcopy->createNATRule();
            r->duplicate(rule);
            compiler->temp_ruleset->add(r);

@ -333,7 +330,7 @@ bool NATCompiler_ipf::prepareForLB::processNext()
                cl.push_back(o);
                if (cl.size()==2)
                {
-                    NATRule *r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+                    NATRule *r= compiler->dbcopy->createNATRule();
                    compiler->temp_ruleset->add(r);
                    r->duplicate(rule);
                    RuleElementTDst *notdst=r->getTDst();
@ -347,7 +344,7 @@ bool NATCompiler_ipf::prepareForLB::processNext()

            if (cl.size()!=0)
            {
-                NATRule *r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+                NATRule *r= compiler->dbcopy->createNATRule();
                compiler->temp_ruleset->add(r);
                r->duplicate(rule);
                RuleElementTDst *notdst=r->getTDst();
@ -489,8 +486,7 @@ bool NATCompiler_ipf::expandAnyService::processNext()

    if (rule->getRuleType()==NATRule::SNAT && srv->isAny())
    {
-	NATRule *r= NATRule::cast(
-	    compiler->dbcopy->create(NATRule::TYPENAME) );
+	NATRule *r= compiler->dbcopy->createNATRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        r->setBool("needs_portmap",true);
--- a/src/pflib/NATCompiler_pf.cpp
+++ b/src/pflib/NATCompiler_pf.cpp
@ -93,7 +93,7 @@ int NATCompiler_pf::prolog()
 * NAT rules
 */
    //FWObject    *grp;
-    loopback_address = dbcopy->create(IPv4::TYPENAME);
+    loopback_address = dbcopy->createIPv4();
    loopback_address->setName("__loopback_address__");
    loopback_address->setId(FWObjectDatabase::generateUniqueId()); // "__loopback_address_id__");

@ -197,7 +197,7 @@ bool NATCompiler_pf::splitSDNATRule::processNext()

 /* first rule translates destination and may translate service (depends
 * on the original rule) */
-        NATRule *r = NATRule::cast( compiler->dbcopy->create(NATRule::TYPENAME) );
+        NATRule *r =  compiler->dbcopy->createNATRule();
        r->duplicate(rule);
        compiler->temp_ruleset->add(r);
        r->setRuleType(NATRule::Unknown);
@ -211,7 +211,7 @@ bool NATCompiler_pf::splitSDNATRule::processNext()
 /* the second rule translates source and uses translated object in
 * ODst. Since the service could have been translated by the first
 * rule, we use TSrv in OSrv */
-        r = NATRule::cast( compiler->dbcopy->create(NATRule::TYPENAME) );
+        r = compiler->dbcopy->createNATRule();
        r->duplicate(rule);
        compiler->temp_ruleset->add(r);
        r->setRuleType(NATRule::Unknown);
@ -350,7 +350,7 @@ bool NATCompiler_pf::splitOnOSrv::processNext()
 	    Service *s=Service::cast( o );
 	    assert(s);

-	    NATRule *r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+	    NATRule *r= compiler->dbcopy->createNATRule();
 	    compiler->temp_ruleset->add(r);
 	    r->duplicate(rule);
 	    RuleElementOSrv *nosrv=r->getOSrv();
@ -439,8 +439,7 @@ bool NATCompiler_pf::splitForTSrc::processNext()
            list<FWObject*> &objSubset = (*i).second;

            RuleElementTSrc  *ntsrc = NULL;
-            NATRule *r = NATRule::cast(
-                compiler->dbcopy->create(NATRule::TYPENAME) );
+            NATRule *r = compiler->dbcopy->createNATRule();
            r->duplicate(rule);
            compiler->temp_ruleset->add(r);
                
@ -827,7 +826,7 @@ bool NATCompiler_pf::processMultiAddressObjectsInRE::processNext()

        for (FWObject::iterator i=cl.begin(); i!=cl.end(); i++)
        {
-            NATRule *r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+            NATRule *r= compiler->dbcopy->createNATRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            nre=RuleElement::cast( r->getFirstByType(re_type) );
@ -1004,7 +1003,7 @@ void NATCompiler_pf::compile()
        add( new AssignInterface( "assign rules to interfaces" ) );
        add( new convertInterfaceIdToStr("prepare interface assignments") );

-        add( new createTables(      "create tables"    ) );
+        add( new createTables("create tables"));
 //        add( new PrintTables(       "print tables"     ) );

        add( new PrintRule("generate pf code") );
--- a/src/pflib/NATCompiler_pf_negation.cpp
+++ b/src/pflib/NATCompiler_pf_negation.cpp
@ -66,13 +66,13 @@ bool NATCompiler_pf::doOSrcNegation::processNext()

 	osrcrel->setNeg(false);

-	r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+	r= compiler->dbcopy->createNATRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	r->setRuleType(NATRule::Continue);
 	tmp_queue.push_back(r);

-	r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+	r= compiler->dbcopy->createNATRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	RuleElementOSrc *nsrc=r->getOSrc();  nsrc->clearChildren();  nsrc->setAnyElement();
@ -103,13 +103,13 @@ bool NATCompiler_pf::doODstNegation::processNext()

 	odstrel->setNeg(false);

-	r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+	r= compiler->dbcopy->createNATRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	r->setRuleType(NATRule::Continue);
 	tmp_queue.push_back(r);

-	r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+	r= compiler->dbcopy->createNATRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	RuleElementODst *ndst=r->getODst();  ndst->clearChildren();  ndst->setAnyElement();
@ -143,13 +143,13 @@ bool NATCompiler_pf::doOSrvNegation::processNext()

 	osrvrel->setNeg(false);

-	r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+	r= compiler->dbcopy->createNATRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	r->setRuleType(NATRule::Continue);
 	tmp_queue.push_back(r);

-	r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) );
+	r= compiler->dbcopy->createNATRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	RuleElementOSrv *nsrv=r->getOSrv();  nsrv->clearChildren();  nsrv->setAnyElement();
--- a/src/pflib/PolicyCompiler_ipf.cpp
+++ b/src/pflib/PolicyCompiler_ipf.cpp
@ -52,17 +52,17 @@ int PolicyCompiler_ipf::prolog()
 {
    int n= PolicyCompiler_pf::prolog();

-    anytcp=TCPService::cast(dbcopy->create(TCPService::TYPENAME) );
+    anytcp = dbcopy->createTCPService();
    anytcp->setId(FWObjectDatabase::generateUniqueId()); //ANY_TCP_OBJ_ID);
    dbcopy->add(anytcp,false);
    cacheObj(anytcp); // to keep cache consistent

-    anyudp=UDPService::cast(dbcopy->create(UDPService::TYPENAME) );
+    anyudp=dbcopy->createUDPService();
    anyudp->setId(FWObjectDatabase::generateUniqueId()); //ANY_UDP_OBJ_ID);
    dbcopy->add(anyudp,false);
    cacheObj(anyudp); // to keep cache consistent

-    anyicmp=ICMPService::cast(dbcopy->create(ICMPService::TYPENAME) );
+    anyicmp=dbcopy->createICMPService();
    anyicmp->setId(FWObjectDatabase::generateUniqueId()); //ANY_ICMP_OBJ_ID);
    dbcopy->add(anyicmp,false);
    cacheObj(anyicmp); // to keep cache consistent
@ -80,8 +80,7 @@ bool PolicyCompiler_ipf::expandAnyService::processNext()

    if (srv->isAny() && ! ruleopt->getBool("stateless") && rule->getAction()==PolicyRule::Accept) {

-	PolicyRule *r= PolicyRule::cast(
-	    compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	PolicyRule *r = compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	RuleElementSrv *nsrv=r->getSrv();
@ -89,8 +88,7 @@ bool PolicyCompiler_ipf::expandAnyService::processNext()
 	nsrv->addRef(pcomp->anyicmp); //compiler->dbcopy->findInIndex(ANY_ICMP_OBJ_ID));
 	tmp_queue.push_back(r);

-	r= PolicyRule::cast(
-	    compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r = compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	nsrv=r->getSrv();
@ -98,8 +96,7 @@ bool PolicyCompiler_ipf::expandAnyService::processNext()
 	nsrv->addRef(pcomp->anytcp); //compiler->dbcopy->findInIndex(ANY_TCP_OBJ_ID));
 	tmp_queue.push_back(r);

-	r= PolicyRule::cast(
-	    compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r = compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	nsrv=r->getSrv();
@ -107,8 +104,7 @@ bool PolicyCompiler_ipf::expandAnyService::processNext()
 	nsrv->addRef(pcomp->anyudp); //compiler->dbcopy->findInIndex(ANY_UDP_OBJ_ID));
 	tmp_queue.push_back(r);

-	r= PolicyRule::cast(
-	    compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r = compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	FWOptions *ruleopt =r->getOptionsObject();
@ -132,7 +128,7 @@ bool PolicyCompiler_ipf::doSrcNegation::processNext()
 	PolicyRule     *r;
        FWOptions *ruleopt;

-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	r->setAction(PolicyRule::Continue);
@ -145,7 +141,7 @@ bool PolicyCompiler_ipf::doSrcNegation::processNext()
        ruleopt->setBool("stateless", true);
 	tmp_queue.push_back(r);

-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        nsrc=r->getSrc();
@ -173,7 +169,7 @@ bool PolicyCompiler_ipf::doDstNegation::processNext()
 	PolicyRule     *r;
        FWOptions *ruleopt;

-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	r->setAction(PolicyRule::Continue);
@ -186,7 +182,7 @@ bool PolicyCompiler_ipf::doDstNegation::processNext()
        ruleopt->setBool("stateless", true);
 	tmp_queue.push_back(r);

-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        ndst=r->getDst();
--- a/src/pflib/PolicyCompiler_ipf_optimizer.cpp
+++ b/src/pflib/PolicyCompiler_ipf_optimizer.cpp
@ -56,7 +56,7 @@ void PolicyCompiler_ipf::optimize1::optimizeForRuleElement(PolicyRule *rule,

    PolicyRule     *r;

-    r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+    r= compiler->dbcopy->createPolicyRule();
    compiler->temp_ruleset->add(r);
    r->duplicate(rule);

@ -85,7 +85,7 @@ void PolicyCompiler_ipf::optimize1::optimizeForRuleElement(PolicyRule *rule,
    r->setStr("skip_to",skip_target);
    tmp_queue.push_back(r);

-    r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+    r= compiler->dbcopy->createPolicyRule();
    compiler->temp_ruleset->add(r);
    r->duplicate(rule);

--- a/src/pflib/PolicyCompiler_ipfw.cpp
+++ b/src/pflib/PolicyCompiler_ipfw.cpp
@ -52,17 +52,17 @@ int PolicyCompiler_ipfw::prolog()
 {
    int n= PolicyCompiler_pf::prolog();

-    anytcp=TCPService::cast(dbcopy->create(TCPService::TYPENAME) );
+    anytcp=dbcopy->createTCPService();
    anytcp->setId(FWObjectDatabase::generateUniqueId()); // ANY_TCP_OBJ_ID);
    dbcopy->add(anytcp,false);
    cacheObj(anytcp); // to keep cache consistent

-    anyudp=UDPService::cast(dbcopy->create(UDPService::TYPENAME) );
+    anyudp=dbcopy->createUDPService();
    anyudp->setId(FWObjectDatabase::generateUniqueId()); //ANY_UDP_OBJ_ID);
    dbcopy->add(anyudp,false);
    cacheObj(anyudp); // to keep cache consistent

-    anyicmp=ICMPService::cast(dbcopy->create(ICMPService::TYPENAME) );
+    anyicmp=dbcopy->createICMPService();
    anyicmp->setId(FWObjectDatabase::generateUniqueId()); //ANY_ICMP_OBJ_ID);
    dbcopy->add(anyicmp,false);
    cacheObj(anyicmp); // to keep cache consistent
@ -100,8 +100,7 @@ bool PolicyCompiler_ipfw::expandAnyService::processNext()

    if (srv->isAny() && ! ruleopt->getBool("stateless") && rule->getAction()==PolicyRule::Accept) 
    {
-	PolicyRule *r= PolicyRule::cast(
-	    compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	PolicyRule *r = compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	RuleElementSrv *nsrv=r->getSrv();
@ -109,8 +108,7 @@ bool PolicyCompiler_ipfw::expandAnyService::processNext()
 	nsrv->addRef(pcomp->anyicmp); //compiler->dbcopy->findInIndex(ANY_ICMP_OBJ_ID));
 	tmp_queue.push_back(r);

-	r= PolicyRule::cast(
-	    compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r = compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	nsrv=r->getSrv();
@ -118,8 +116,7 @@ bool PolicyCompiler_ipfw::expandAnyService::processNext()
 	nsrv->addRef(pcomp->anytcp); //compiler->dbcopy->findInIndex(ANY_TCP_OBJ_ID));
 	tmp_queue.push_back(r);

-	r= PolicyRule::cast(
-	    compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r = compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	nsrv=r->getSrv();
@ -127,8 +124,7 @@ bool PolicyCompiler_ipfw::expandAnyService::processNext()
 	nsrv->addRef(pcomp->anyudp); //compiler->dbcopy->findInIndex(ANY_UDP_OBJ_ID));
 	tmp_queue.push_back(r);

-	r= PolicyRule::cast(
-	    compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r = compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	FWOptions *ruleopt =r->getOptionsObject();
@ -164,7 +160,7 @@ bool PolicyCompiler_ipfw::doSrcNegation::processNext()
 	PolicyRule     *r;
        FWOptions *ruleopt;

-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	r->setAction(PolicyRule::Continue);
@ -177,7 +173,7 @@ bool PolicyCompiler_ipfw::doSrcNegation::processNext()
        ruleopt->setBool("stateless", true);
 	tmp_queue.push_back(r);

-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        nsrc=r->getSrc();
@ -205,7 +201,7 @@ bool PolicyCompiler_ipfw::doDstNegation::processNext()
 	PolicyRule     *r;
        FWOptions *ruleopt;

-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	r->setAction(PolicyRule::Continue);
@ -218,7 +214,7 @@ bool PolicyCompiler_ipfw::doDstNegation::processNext()
        ruleopt->setBool("stateless", true);
 	tmp_queue.push_back(r);

-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        ndst=r->getDst();
@ -286,8 +282,7 @@ bool PolicyCompiler_ipfw::separatePortRanges::processNext()
                 */
                if (sawServiceWithPortRange)
                {
-                    PolicyRule *r= PolicyRule::cast(
-                        compiler->dbcopy->create(PolicyRule::TYPENAME) );
+                    PolicyRule *r = compiler->dbcopy->createPolicyRule();
                    compiler->temp_ruleset->add(r);
                    r->duplicate(rule);
                    RuleElementSrv *nsrv=r->getSrv();
--- a/src/pflib/PolicyCompiler_pf.cpp
+++ b/src/pflib/PolicyCompiler_pf.cpp
@ -216,7 +216,7 @@ bool PolicyCompiler_pf::processMultiAddressObjectsInRE::processNext()

        for (FWObject::iterator i=maddr_runtime.begin(); i!=maddr_runtime.end(); i++)
        {
-            PolicyRule *r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            PolicyRule *r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            nre=RuleElement::cast( r->getFirstByType(re_type) );
@ -266,7 +266,7 @@ bool PolicyCompiler_pf::splitIfFirewallInSrc::processNext()

 	    RuleElementSrc *nsrc;

-	    r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	    r= compiler->dbcopy->createPolicyRule();
 	    compiler->temp_ruleset->add(r);
 	    r->duplicate(rule);
 	    nsrc=r->getSrc();
@ -311,7 +311,7 @@ bool PolicyCompiler_pf::splitIfFirewallInDst::processNext()

 	    RuleElementDst *ndst;

-	    r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	    r= compiler->dbcopy->createPolicyRule();
 	    compiler->temp_ruleset->add(r);
 	    r->duplicate(rule);
 	    ndst=r->getDst();
@ -382,8 +382,7 @@ void PolicyCompiler_pf::addDefaultPolicyRule()
             !getCachedFwOpt()->getStr("mgmt_addr").empty() )
        {
            PolicyRule *r;
-            TCPService *ssh =
-                TCPService::cast(dbcopy->create(TCPService::TYPENAME) );
+            TCPService *ssh = dbcopy->createTCPService();
            ssh->setDstRangeStart(22);
            ssh->setDstRangeEnd(22);

@ -422,8 +421,7 @@ void PolicyCompiler_pf::addDefaultPolicyRule()
                abort( errstr );
            }

-            Network *mgmt_workstation =
-                Network::cast(dbcopy->create(Network::TYPENAME));
+            Network *mgmt_workstation = dbcopy->createNetwork();
            mgmt_workstation->setName("mgmt_addr");
            mgmt_workstation->setAddress( addr );
            mgmt_workstation->setNetmask( netmask );
@ -433,7 +431,7 @@ void PolicyCompiler_pf::addDefaultPolicyRule()
            cacheObj(mgmt_workstation); // to keep cache consistent


-            r= PolicyRule::cast(dbcopy->create(PolicyRule::TYPENAME) );
+            r= dbcopy->createPolicyRule();
            temp_ruleset->add(r);
            r->setAction(PolicyRule::Accept);
            r->setLogging(false);
@ -460,7 +458,7 @@ void PolicyCompiler_pf::addDefaultPolicyRule()
            combined_ruleset->push_front(r);
        }

-        PolicyRule *r = PolicyRule::cast(dbcopy->create(PolicyRule::TYPENAME) );
+        PolicyRule *r = dbcopy->createPolicyRule();
        FWOptions *ruleopt;
        temp_ruleset->add(r);
        r->setAction(PolicyRule::Deny);
@ -505,15 +503,13 @@ bool PolicyCompiler_pf::SplitDirection::processNext()
    PolicyRule *rule=getNext(); if (rule==NULL) return false;

    if (rule->getDirection()==PolicyRule::Both) {
-	PolicyRule *r= PolicyRule::cast(
-	    compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	PolicyRule *r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	r->setDirection(PolicyRule::Inbound);
 	tmp_queue.push_back(r);

-	r= PolicyRule::cast(
-	    compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	r->setDirection(PolicyRule::Outbound);
@ -543,8 +539,7 @@ bool PolicyCompiler_pf::ProcessScrubOption::processNext()
 	    return true;
 	}

-	PolicyRule *r= PolicyRule::cast(
-	    compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	PolicyRule *r = compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	r->setAction(PolicyRule::Scrub);
@ -564,8 +559,7 @@ bool PolicyCompiler_pf::ProcessScrubOption::processNext()
    if ( (srv->getBool("short_fragm") || srv->getBool("fragm")) &&
 	 ( rule->getAction()==PolicyRule::Deny || rule->getAction()==PolicyRule::Reject) ) {

-	PolicyRule *r= PolicyRule::cast(
-	    compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	PolicyRule *r = compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
 	r->setAction(PolicyRule::Scrub);
@ -604,18 +598,20 @@ bool PolicyCompiler_pf::doSrcNegation::processNext()
        RuleElementSrc *nsrc;
 	PolicyRule     *r;

-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
-	if (rule->getAction()==PolicyRule::Accept)  r->setAction(PolicyRule::Deny);
-	else	                                    r->setAction(PolicyRule::Accept);
+	if (rule->getAction()==PolicyRule::Accept)
+            r->setAction(PolicyRule::Deny);
+	else
+            r->setAction(PolicyRule::Accept);
        nsrc=r->getSrc();
        nsrc->setNeg(false);
 	r->setBool("quick",true);
        r->setLogging(false);
 	tmp_queue.push_back(r);

-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        nsrc=r->getSrc();
@ -641,18 +637,20 @@ bool PolicyCompiler_pf::doDstNegation::processNext()
        RuleElementDst *ndst;
 	PolicyRule     *r;

-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
-	if (rule->getAction()==PolicyRule::Accept)  r->setAction(PolicyRule::Deny);
-	else	                                    r->setAction(PolicyRule::Accept);
+	if (rule->getAction()==PolicyRule::Accept)
+            r->setAction(PolicyRule::Deny);
+	else
+            r->setAction(PolicyRule::Accept);
        ndst=r->getDst();
        ndst->setNeg(false);
 	r->setBool("quick",true);
        r->setLogging(false);
 	tmp_queue.push_back(r);

-	r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+	r= compiler->dbcopy->createPolicyRule();
 	compiler->temp_ruleset->add(r);
 	r->duplicate(rule);
        ndst=r->getDst();
@ -812,19 +810,21 @@ bool PolicyCompiler_pf::splitIfInterfaceInRE::processNext()
    {
        RuleElement *nre;

-        PolicyRule *r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+        PolicyRule *r= compiler->dbcopy->createPolicyRule();
        compiler->temp_ruleset->add(r);
        r->duplicate(rule);
        nre=RuleElement::cast( r->getFirstByType(re_type) );
        nre->clearChildren();
-        for (FWObject::iterator i=cl.begin(); i!=cl.end(); i++) nre->addRef( *i );
+        for (FWObject::iterator i=cl.begin(); i!=cl.end(); i++)
+            nre->addRef( *i );
        tmp_queue.push_back(r);

-        r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+        r= compiler->dbcopy->createPolicyRule();
        compiler->temp_ruleset->add(r);
        r->duplicate(rule);
        nre=RuleElement::cast( r->getFirstByType(re_type) );
-        for (FWObject::iterator i=cl.begin(); i!=cl.end(); i++) nre->removeRef( *i );
+        for (FWObject::iterator i=cl.begin(); i!=cl.end(); i++)
+            nre->removeRef( *i );
        tmp_queue.push_back(r);

        return true;
@ -901,8 +901,7 @@ bool PolicyCompiler_pf::separateServiceObject::processNext()

 	if (condition(s))
        {
-            PolicyRule *r= PolicyRule::cast(
-                compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            PolicyRule *r = compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            RuleElementSrv *nsrv=r->getSrv();
--- a/src/pflib/TableFactory.cpp
+++ b/src/pflib/TableFactory.cpp
@ -123,7 +123,7 @@ void TableFactory::createTablesForRE(RuleElement *re,Rule *rule)
        tblgrp = tables[tblID];
    } else
    {
-        tblgrp=ObjectGroup::cast(dbroot->create(ObjectGroup::TYPENAME));
+        tblgrp = dbroot->createObjectGroup();
 // TODO: can two rules yeild the same name for the group using this method?
        std::ostringstream tblname;
        if (!ruleSetName.empty()) tblname << ruleSetName << ":";
--- a/src/pix/PolicyCompiler_pix.cpp
+++ b/src/pix/PolicyCompiler_pix.cpp
@ -294,7 +294,7 @@ bool PolicyCompiler_pix::SplitSRCForICMPCmd::processNext()
            Address *a=Address::cast(obj);
            assert(a!=NULL);

-            PolicyRule *new_rule= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            PolicyRule *new_rule= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(new_rule);
            new_rule->duplicate(rule);
            RuleElementSrc *new_re=new_rule->getSrc();
@ -382,8 +382,7 @@ bool PolicyCompiler_pix::replaceNATtedObjects::processNext()
                    if (t->dst->getId()==rule_iface->getId() ||
                        p->getId()==rule_iface->getId())
                    {
-                        PolicyRule  *r = PolicyRule::cast(
-                            compiler->dbcopy->create(PolicyRule::TYPENAME) );
+                        PolicyRule  *r = compiler->dbcopy->createPolicyRule();
                        compiler->temp_ruleset->add(r);
                        r->duplicate(rule);

@ -442,7 +441,7 @@ bool PolicyCompiler_pix::splitIfTelnetSSHICMPtoFw::processNext()
            FWObject *obj = o;
            if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer();

-            PolicyRule  *r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            PolicyRule  *r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);

@ -488,8 +487,7 @@ bool PolicyCompiler_pix::AvoidObjectGroup::processNext()
 */
        for (FWObject::iterator i1=srv->begin(); i1!=srv->end(); ++i1)
        {
-            PolicyRule *r = PolicyRule::cast(
-                compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            PolicyRule *r = compiler->dbcopy->createPolicyRule();
            r->duplicate(rule);
            compiler->temp_ruleset->add(r);

--- a/src/pix/PolicyCompiler_pix_v6_acls.cpp
+++ b/src/pix/PolicyCompiler_pix_v6_acls.cpp
@ -110,15 +110,13 @@ bool PolicyCompiler_pix::SplitDirection_v6::processNext()
    {
        if (rule_iface!=NULL)
        {
-            PolicyRule *r= PolicyRule::cast(
-                compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            PolicyRule *r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            r->setDirection(PolicyRule::Inbound);
            tmp_queue.push_back(r);

-            r= PolicyRule::cast(
-                compiler->dbcopy->create(PolicyRule::TYPENAME) );
+            r= compiler->dbcopy->createPolicyRule();
            compiler->temp_ruleset->add(r);
            r->duplicate(rule);
            r->setDirection(PolicyRule::Outbound);
@ -214,8 +212,7 @@ bool PolicyCompiler_pix::EmulateOutboundACL_v6::processNext()
                    {
                        if ( (*i)->getId()==iface2_id ) continue;

-                        PolicyRule *r= PolicyRule::cast(
-                            compiler->dbcopy->create(PolicyRule::TYPENAME) );
+                        PolicyRule *r= compiler->dbcopy->createPolicyRule();
                        compiler->temp_ruleset->add(r);

                        r->duplicate(rule);
@ -306,8 +303,7 @@ bool PolicyCompiler_pix::assignRuleToInterface_v6::processNext()
                list<FWObject*> l2=compiler->fw->getByType(Interface::TYPENAME);
                for (list<FWObject*>::iterator i=l2.begin(); i!=l2.end(); ++i) 
                {
-                    PolicyRule *r= PolicyRule::cast(
-                        compiler->dbcopy->create(PolicyRule::TYPENAME) );
+                    PolicyRule *r= compiler->dbcopy->createPolicyRule();
                    compiler->temp_ruleset->add(r);

                    r->duplicate(rule);
--- a/src/pix/pix.cpp
+++ b/src/pix/pix.cpp
@ -435,7 +435,7 @@ int main(int argc, char * const * argv)
            list<FWObject*> ol;
            helper.expand_group_recursive_no_cache(netzone,ol);

-            FWObject *nz=objdb->create(ObjectGroup::TYPENAME);
+            FWObject *nz = objdb->createObjectGroup();
            assert(nz!=NULL);
            nz->setName("netzone_"+iface->getLabel());
            objdb->add(nz);
--- a/test/iosacl/objects-for-regression-tests.fwb
+++ b/test/iosacl/objects-for-regression-tests.fwb
--- a/test/pix/objects-for-regression-tests.fwb
+++ b/test/pix/objects-for-regression-tests.fwb
--- a/test/pix/run.all
+++ b/test/pix/run.all
@ -9,7 +9,7 @@ while (<>) {
    $str=~ /<Firewall [^>]+name="([^"]*).*$"/;
    $fw=$1;
    printf "echo ====================== $fw =========================================\n";
-    printf "fwb_pix -v  -f $XMLFILE $fw || exit 1\n";
+    printf "fwb_pix -v  -f $XMLFILE $fw \n";
    $str=~ s/^.*<Firewall [^>]+name="$fw"[^>]+>//;
  }
 }