24 files changed, 572 insertions, 350 deletions
diff --git a/.travis.yml b/.travis.yml
index 712f2475..946345c4 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,5 +1,5 @@
 sudo: required
-dist: trusty
+dist: xenial
 language: c
 env:
@@ -39,7 +39,6 @@ before_install:
  - "sudo killall -9 ntpd ||:"
  # Trusty has no swap, lets create some
  - sudo fallocate -l 20M /swapfile; sudo chmod 600 /swapfile; sudo mkswap /swapfile; sudo swapon /swapfile
-  - sudo add-apt-repository -y ppa:waja/trusty-backports
  - sudo apt-get update -qq
  - sudo apt-get purge -qq gawk
@@ -52,7 +51,7 @@ install:
  - sudo apt-get install -qq --no-install-recommends autoconf automake
  - sudo apt-get install -qq --no-install-recommends faketime
  - sudo apt-get install -qq --no-install-recommends libmonitoring-plugin-perl
-  - sudo apt-get install -qq --no-install-recommends squid3
+  - sudo apt-get install -qq --no-install-recommends squid
  # Trusty related dependencies (not yet provided)
  - test "$(dpkg -l | grep -E "mysql-(client|server)-[0-9].[0-9]" | grep -c ^ii)" -gt 0 || sudo apt-get install -qq --no-install-recommends mariadb-client mariadb-server
  # enable ssl apache
@@ -60,8 +59,9 @@ install:
  - sudo a2ensite default-ssl
  - sudo make-ssl-cert generate-default-snakeoil --force-overwrite
  - sudo service apache2 reload
-  - sudo cp tools/squid.conf /etc/squid3/squid.conf
+  - sudo cp tools/squid.conf /etc/squid/squid.conf
-  - sudo service squid3 reload
+  - sudo service squid reload
+  - sudo service mysql restart
 before_script:
  # ensure we have a test database in place for tests
@@ -73,8 +73,8 @@ before_script:
  - make
  - export NPTEST_ACCEPTDEFAULT=1
  - export NPTEST_CACHE="$(pwd)/plugins/t/NPTest.cache.travis"
-  - ssh-keygen -t dsa -N "" -f ~/.ssh/id_dsa
+  - ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
-  - cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
+  - cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
  - ssh-keyscan localhost >> ~/.ssh/known_hosts
  - touch ~/.ssh/config
  - sudo rm -f /usr/share/mibs/ietf/SNMPv2-PDU /usr/share/mibs/ietf/IPSEC-SPD-MIB /usr/share/mibs/ietf/IPATM-IPMC-MIB /usr/share/mibs/iana/IANA-IPPM-METRICS-REGISTRY-MIB
diff --git a/NEWS b/NEWS
index 2db2a2cb..0848705c 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,8 @@ This file documents the major additions and syntax changes between releases.
        check_dns: allow 'expected address' (-a) to be specified in CIDR notation
          (IPv4 only).
        check_dns: allow for IPv6 RDNS
+        check_dns: allow unsorted addresses
+        check_dns: allow forcing complete match of all addresses
        check_apt: add --only-critical switch
        check_apt: add -l/--list option to print packages
diff --git a/THANKS.in b/THANKS.in
index ebc81556..9bb43828 100644
--- a/THANKS.in
+++ b/THANKS.in
@@ -356,3 +356,4 @@ Sven Geggus
 Thomas Kurschel
 Yannick Charton
 Nicolai Søborg
+Rolf Eike Beer
diff --git a/lib/utils_base.c b/lib/utils_base.c
index 19a531f5..fd7058da 100644
--- a/lib/utils_base.c
+++ b/lib/utils_base.c
@@ -37,6 +37,9 @@
 monitoring_plugin *this_monitoring_plugin=NULL;
+unsigned int timeout_state = STATE_CRITICAL;
+unsigned int timeout_interval = DEFAULT_SOCKET_TIMEOUT;
 int _np_state_read_file(FILE *);
 void np_init( char *plugin_name, int argc, char **argv ) {
@@ -359,6 +362,22 @@ char *np_extract_value(const char *varlist, const char *name, char sep) {
        return value;
 }
+const char *
+state_text (int result)
+{
+        switch (result) {
+        case STATE_OK:
+                return "OK";
+        case STATE_WARNING:
+                return "WARNING";
+        case STATE_CRITICAL:
+                return "CRITICAL";
+        case STATE_DEPENDENT:
+                return "DEPENDENT";
+        default:
+                return "UNKNOWN";
+        }
+}
 /*
 * Read a string representing a state (ok, warning... or numeric: 0, 1) and
diff --git a/lib/utils_base.h b/lib/utils_base.h
index 42ae0c09..d7e7dffa 100644
--- a/lib/utils_base.h
+++ b/lib/utils_base.h
@@ -61,6 +61,10 @@ void print_thresholds(const char *, thresholds *);
 int check_range(double, range *);
 int get_status(double, thresholds *);
+/* Handle timeouts */
+extern unsigned int timeout_state;
+extern unsigned int timeout_interval;
 /* All possible characters in a threshold range */
 #define NP_THRESHOLDS_CHARS "-0123456789.:@~"
@@ -107,5 +111,6 @@ void np_state_write_string(time_t, char *);
 void np_init(char *, int argc, char **argv);
 void np_set_args(int argc, char **argv);
 void np_cleanup();
+const char *state_text (int);
 #endif /* _UTILS_BASE_ */
diff --git a/lib/utils_cmd.c b/lib/utils_cmd.c
index 7eb9a3a0..795840d3 100644
--- a/lib/utils_cmd.c
+++ b/lib/utils_cmd.c
@@ -40,6 +40,7 @@
 /** includes **/
 #include "common.h"
+#include "utils.h"
 #include "utils_cmd.h"
 #include "utils_base.h"
 #include <fcntl.h>
@@ -65,31 +66,6 @@ extern char **environ;
 # define SIG_ERR ((Sigfunc *)-1)
 #endif
-/* This variable must be global, since there's no way the caller
- * can forcibly slay a dead or ungainly running program otherwise.
- * Multithreading apps and plugins can initialize it (via CMD_INIT)
- * in an async safe manner PRIOR to calling cmd_run() or cmd_run_array()
- * for the first time.
- *
- * The check for initialized values is atomic and can
- * occur in any number of threads simultaneously. */
-static pid_t *_cmd_pids = NULL;
-/* Try sysconf(_SC_OPEN_MAX) first, as it can be higher than OPEN_MAX.
- * If that fails and the macro isn't defined, we fall back to an educated
- * guess. There's no guarantee that our guess is adequate and the program
- * will die with SIGSEGV if it isn't and the upper boundary is breached. */
-#define DEFAULT_MAXFD  256   /* fallback value if no max open files value is set */
-#define MAXFD_LIMIT   8192   /* upper limit of open files */
-#ifdef _SC_OPEN_MAX
-static long maxfd = 0;
-#elif defined(OPEN_MAX)
-# define maxfd OPEN_MAX
-#else   /* sysconf macro unavailable, so guess (may be wildly inaccurate) */
-# define maxfd DEFAULT_MAXFD
-#endif
 /** prototypes **/
 static int _cmd_open (char *const *, int *, int *)
        __attribute__ ((__nonnull__ (1, 2, 3)));
@@ -406,3 +382,19 @@ cmd_file_read ( char *filename, output *out, int flags)
        return 0;
 }
+void
+timeout_alarm_handler (int signo)
+{
+        size_t i;
+        if (signo == SIGALRM) {
+                printf (_("%s - Plugin timed out after %d seconds\n"),
+                                                state_text(timeout_state), timeout_interval);
+                if(_cmd_pids) for(i = 0; i < maxfd; i++) {
+                        if(_cmd_pids[i] != 0) kill(_cmd_pids[i], SIGKILL);
+                }
+                exit (timeout_state);
+        }
+}
diff --git a/lib/utils_cmd.h b/lib/utils_cmd.h
index ebaf15be..6f3aeb81 100644
--- a/lib/utils_cmd.h
+++ b/lib/utils_cmd.h
@@ -32,4 +32,17 @@ void cmd_init (void);
 #define CMD_NO_ARRAYS 0x01   /* don't populate arrays at all */
 #define CMD_NO_ASSOC 0x02    /* output.line won't point to buf */
+/* This variable must be global, since there's no way the caller
+ * can forcibly slay a dead or ungainly running program otherwise.
+ * Multithreading apps and plugins can initialize it (via CMD_INIT)
+ * in an async safe manner PRIOR to calling cmd_run() or cmd_run_array()
+ * for the first time.
+ *
+ * The check for initialized values is atomic and can
+ * occur in any number of threads simultaneously. */
+static pid_t *_cmd_pids = NULL;
+RETSIGTYPE timeout_alarm_handler (int);
 #endif /* _UTILS_CMD_ */
diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c
index 4098874c..e45fdf60 100644
--- a/plugins-root/check_icmp.c
+++ b/plugins-root/check_icmp.c
@@ -67,7 +67,9 @@ const char *email = "devel@monitoring-plugins.org";
 #include <netinet/in_systm.h>
 #include <netinet/in.h>
 #include <netinet/ip.h>
+#include <netinet/ip6.h>
 #include <netinet/ip_icmp.h>
+#include <netinet/icmp6.h>
 #include <arpa/inet.h>
 #include <signal.h>
 #include <float.h>
@@ -113,8 +115,8 @@ typedef struct rta_host {
        unsigned short id;           /* id in **table, and icmp pkts */
        char *name;                  /* arg used for adding this host */
        char *msg;                   /* icmp error message, if any */
-        struct sockaddr_in saddr_in; /* the address of this host */
+        struct sockaddr_storage saddr_in;     /* the address of this host */
-        struct in_addr error_addr;   /* stores address of error replies */
+        struct sockaddr_storage error_addr;   /* stores address of error replies */
        unsigned long long time_waited; /* total time waited, in usecs */
        unsigned int icmp_sent, icmp_recv, icmp_lost; /* counters */
        unsigned char icmp_type, icmp_code; /* type and code from errors */
@@ -140,6 +142,18 @@ typedef struct icmp_ping_data {
        unsigned short ping_id;
 } icmp_ping_data;
+typedef union ip_hdr {
+        struct ip ip;
+        struct ip6_hdr ip6;
+} ip_hdr;
+typedef union icmp_packet {
+        void *buf;
+        struct icmp *icp;
+        struct icmp6_hdr *icp6;
+        u_short *cksum_in;
+} icmp_packet;
 /* the different modes of this program are as follows:
 * MODE_RTA: send all packets no matter what (mimic check_icmp and check_ping)
 * MODE_HOSTCHECK: Return immediately upon any sign of life
@@ -190,8 +204,9 @@ static int get_threshold(char *str, threshold *th);
 static void run_checks(void);
 static void set_source_ip(char *);
 static int add_target(char *);
-static int add_target_ip(char *, struct in_addr *);
+static int add_target_ip(char *, struct sockaddr_storage *);
-static int handle_random_icmp(unsigned char *, struct sockaddr_in *);
+static int handle_random_icmp(unsigned char *, struct sockaddr_storage *);
+static void parse_address(struct sockaddr_storage *, char *, int);
 static unsigned short icmp_checksum(unsigned short *, int);
 static void finish(int);
 static void crash(const char *, ...);
@@ -300,7 +315,7 @@ get_icmp_error_msg(unsigned char icmp_type, unsigned char icmp_code)
 }
 static int
-handle_random_icmp(unsigned char *packet, struct sockaddr_in *addr)
+handle_random_icmp(unsigned char *packet, struct sockaddr_storage *addr)
 {
        struct icmp p, sent_icmp;
        struct rta_host *host = NULL;
@@ -342,9 +357,11 @@ handle_random_icmp(unsigned char *packet, struct sockaddr_in *addr)
        /* it is indeed a response for us */
        host = table[ntohs(sent_icmp.icmp_seq)/packets];
        if(debug) {
+                char address[INET6_ADDRSTRLEN];
+                parse_address(addr, address, sizeof(address));
                printf("Received \"%s\" from %s for ICMP ECHO sent to %s.\n",
-                           get_icmp_error_msg(p.icmp_type, p.icmp_code),
+                        get_icmp_error_msg(p.icmp_type, p.icmp_code),
-                           inet_ntoa(addr->sin_addr), host->name);
+                        address, host->name);
        }
        icmp_lost++;
@@ -364,11 +381,23 @@ handle_random_icmp(unsigned char *packet, struct sockaddr_in *addr)
        }
        host->icmp_type = p.icmp_type;
        host->icmp_code = p.icmp_code;
-        host->error_addr.s_addr = addr->sin_addr.s_addr;
+        host->error_addr = *addr;
        return 0;
 }
+void parse_address(struct sockaddr_storage *addr, char *address, int size)
+{
+        switch (address_family) {
+        case AF_INET:
+                inet_ntop(address_family, &((struct sockaddr_in *)addr)->sin_addr, address, size);
+        break;
+        case AF_INET6:
+                inet_ntop(address_family, &((struct sockaddr_in6 *)addr)->sin6_addr, address, size);
+        break;
+        }
+}
 int
 main(int argc, char **argv)
 {
@@ -381,6 +410,7 @@ main(int argc, char **argv)
 #ifdef SO_TIMESTAMP
        int on = 1;
 #endif
+        char * opts_str = "vhVw:c:n:p:t:H:s:i:b:I:l:m:64";
        setlocale (LC_ALL, "");
        bindtextdomain (PACKAGE, LOCALEDIR);
@@ -390,33 +420,8 @@ main(int argc, char **argv)
         * that before pointer magic (esp. on network data) */
        icmp_sockerrno = udp_sockerrno = tcp_sockerrno = sockets = 0;
-        if((icmp_sock = socket(PF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1)
+        address_family = -1;
-                sockets |= HAVE_ICMP;
+        int icmp_proto = IPPROTO_ICMP;
-        else icmp_sockerrno = errno;
-        /* if((udp_sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)) != -1) */
-        /*      sockets |= HAVE_UDP; */
-        /* else udp_sockerrno = errno; */
-        /* if((tcp_sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) != -1) */
-        /*      sockets |= HAVE_TCP; */
-        /* else tcp_sockerrno = errno; */
-        /* now drop privileges (no effect if not setsuid or geteuid() == 0) */
-        setuid(getuid());
-#ifdef SO_TIMESTAMP
-        if(setsockopt(icmp_sock, SOL_SOCKET, SO_TIMESTAMP, &on, sizeof(on)))
-          if(debug) printf("Warning: no SO_TIMESTAMP support\n");
-#endif // SO_TIMESTAMP
-        /* POSIXLY_CORRECT might break things, so unset it (the portable way) */
-        environ = NULL;
-        /* use the pid to mark packets as ours */
-        /* Some systems have 32-bit pid_t so mask off only 16 bits */
-        pid = getpid() & 0xffff;
-        /* printf("pid = %u\n", pid); */
        /* get calling name the old-fashioned way for portability instead
         * of relying on the glibc-ism __progname */
@@ -456,20 +461,35 @@ main(int argc, char **argv)
                packets = 5;
        }
-        /* Parse extra opts if any */
+        /* Parse protocol arguments first */
-        argv=np_extra_opts(&argc, argv, progname);
+        for(i = 1; i < argc; i++) {
+                while((arg = getopt(argc, argv, opts_str)) != EOF) {
-        /* support "--help" and "--version" */
+                        unsigned short size;
-        if(argc == 2) {
+                        switch(arg) {
-                if(!strcmp(argv[1], "--help"))
+                        case '4':
-                        strcpy(argv[1], "-h");
+                                if (address_family != -1)
-                if(!strcmp(argv[1], "--version"))
+                                        crash("Multiple protocol versions not supported");
-                        strcpy(argv[1], "-V");
+                                address_family = AF_INET;
+                                break;
+                        case '6':
+#ifdef USE_IPV6
+                                if (address_family != -1)
+                                        crash("Multiple protocol versions not supported");
+                                address_family = AF_INET6;
+#else
+                                usage (_("IPv6 support not available\n"));
+#endif
+                                break;
+                        }
+                }
        }
+        /* Reset argument scanning */
+        optind = 1;
        /* parse the arguments */
        for(i = 1; i < argc; i++) {
-                while((arg = getopt(argc, argv, "vhVw:c:n:p:t:H:s:i:b:I:l:m:")) != EOF) {
+                while((arg = getopt(argc, argv, opts_str)) != EOF) {
                        unsigned short size;
                        switch(arg) {
                        case 'v':
@@ -530,10 +550,30 @@ main(int argc, char **argv)
                        case 'h': /* help */
                                print_help ();
                                exit (STATE_UNKNOWN);
+                                break;
                        }
                }
        }
+        /* POSIXLY_CORRECT might break things, so unset it (the portable way) */
+        environ = NULL;
+        /* use the pid to mark packets as ours */
+        /* Some systems have 32-bit pid_t so mask off only 16 bits */
+        pid = getpid() & 0xffff;
+        /* printf("pid = %u\n", pid); */
+        /* Parse extra opts if any */
+        argv=np_extra_opts(&argc, argv, progname);
+        /* support "--help" and "--version" */
+        if(argc == 2) {
+                if(!strcmp(argv[1], "--help"))
+                        strcpy(argv[1], "-h");
+                if(!strcmp(argv[1], "--version"))
+                        strcpy(argv[1], "-V");
+        }
        argv = &argv[optind];
        while(*argv) {
                add_target(*argv);
@@ -545,6 +585,30 @@ main(int argc, char **argv)
                exit(3);
        }
+        // add_target might change address_family
+        switch ( address_family ){
+                case AF_INET:   icmp_proto = IPPROTO_ICMP;
+                                break;
+                case AF_INET6:  icmp_proto = IPPROTO_ICMPV6;
+                                break;
+                default:        crash("Address family not supported");
+        }
+        if((icmp_sock = socket(address_family, SOCK_RAW, icmp_proto)) != -1)
+                sockets |= HAVE_ICMP;
+        else icmp_sockerrno = errno;
+#ifdef SO_TIMESTAMP
+        if(setsockopt(icmp_sock, SOL_SOCKET, SO_TIMESTAMP, &on, sizeof(on)))
+          if(debug) printf("Warning: no SO_TIMESTAMP support\n");
+#endif // SO_TIMESTAMP
+        /* now drop privileges (no effect if not setsuid or geteuid() == 0) */
+        if (setuid(getuid()) == -1) {
+                printf("ERROR: Failed to drop privileges\n");
+                return 1;
+        }
        if(!sockets) {
                if(icmp_sock == -1) {
                        errno = icmp_sockerrno;
@@ -633,7 +697,7 @@ main(int argc, char **argv)
        }
        host = list;
-        table = malloc(sizeof(struct rta_host **) * targets);
+        table = (struct rta_host**)malloc(sizeof(struct rta_host **) * targets);
        i = 0;
        while(host) {
                host->id = i*packets;
@@ -697,9 +761,15 @@ run_checks()
        }
 }
 /* response structure:
+ * IPv4:
 * ip header   : 20 bytes
 * icmp header : 28 bytes
+ * IPv6:
+ * ip header   : 40 bytes
+ * icmp header : 28 bytes
+ * both:
 * icmp echo reply : the rest
 */
 static int
@@ -707,16 +777,27 @@ wait_for_reply(int sock, u_int t)
 {
        int n, hlen;
        static unsigned char buf[4096];
-        struct sockaddr_in resp_addr;
+        struct sockaddr_storage resp_addr;
-        struct ip *ip;
+        union ip_hdr *ip;
-        struct icmp icp;
+        union icmp_packet packet;
        struct rta_host *host;
        struct icmp_ping_data data;
        struct timeval wait_start, now;
        u_int tdiff, i, per_pkt_wait;
+        if (!(packet.buf = malloc(icmp_pkt_size))) {
+                crash("send_icmp_ping(): failed to malloc %d bytes for send buffer",
+                        icmp_pkt_size);
+                return -1;      /* might be reached if we're in debug mode */
+        }
+        memset(packet.buf, 0, icmp_pkt_size);
        /* if we can't listen or don't have anything to listen to, just return */
-        if(!t || !icmp_pkts_en_route) return 0;
+        if(!t || !icmp_pkts_en_route) {
+                free(packet.buf);
+                return 0;
+        }
        gettimeofday(&wait_start, &tz);
@@ -735,7 +816,7 @@ wait_for_reply(int sock, u_int t)
                /* reap responses until we hit a timeout */
                n = recvfrom_wto(sock, buf, sizeof(buf),
-                                                 (struct sockaddr *)&resp_addr, &t, &now);
+                                         (struct sockaddr *)&resp_addr, &t, &now);
                if(!n) {
                        if(debug > 1) {
                                printf("recvfrom_wto() timed out during a %u usecs wait\n",
@@ -745,12 +826,23 @@ wait_for_reply(int sock, u_int t)
                }
                if(n < 0) {
                        if(debug) printf("recvfrom_wto() returned errors\n");
+                        free(packet.buf);
                        return n;
                }
-                ip = (struct ip *)buf;
+                // FIXME: with ipv6 we don't have an ip header here
-                if(debug > 1) printf("received %u bytes from %s\n",
+                if (address_family != AF_INET6) {
-                                                 ntohs(ip->ip_len), inet_ntoa(resp_addr.sin_addr));
+                        ip = (union ip_hdr *)buf;
+                        if(debug > 1) {
+                                char address[INET6_ADDRSTRLEN];
+                                parse_address(&resp_addr, address, sizeof(address));
+                                printf("received %u bytes from %s\n",
+                                        address_family == AF_INET6 ? ntohs(ip->ip6.ip6_plen)
+                                                                   : ntohs(ip->ip.ip_len),
+                                        address);
+                        }
+                }
 /* obsolete. alpha on tru64 provides the necessary defines, but isn't broken */
 /* #if defined( __alpha__ ) && __STDC__ && !defined( __GLIBC__ ) */
@@ -759,12 +851,14 @@ wait_for_reply(int sock, u_int t)
                 * off the bottom 4 bits */
 /*              hlen = (ip->ip_vhl & 0x0f) << 2; */
 /* #else */
-                hlen = ip->ip_hl << 2;
+                hlen = (address_family == AF_INET6) ? 0 : ip->ip.ip_hl << 2;
 /* #endif */
                if(n < (hlen + ICMP_MINLEN)) {
+                        char address[INET6_ADDRSTRLEN];
+                        parse_address(&resp_addr, address, sizeof(address));
                        crash("received packet too short for ICMP (%d bytes, expected %d) from %s\n",
-                                  n, hlen + icmp_pkt_size, inet_ntoa(resp_addr.sin_addr));
+                                  n, hlen + icmp_pkt_size, address);
                }
                /* else if(debug) { */
                /*      printf("ip header size: %u, packet size: %u (expected %u, %u)\n", */
@@ -773,23 +867,39 @@ wait_for_reply(int sock, u_int t)
                /* } */
                /* check the response */
-                memcpy(&icp, buf + hlen, sizeof(icp));
-                if(ntohs(icp.icmp_id) != pid || icp.icmp_type != ICMP_ECHOREPLY ||
+                memcpy(packet.buf, buf + hlen, icmp_pkt_size);
-                   ntohs(icp.icmp_seq) >= targets*packets) {
+/*                      address_family == AF_INET6 ? sizeof(struct icmp6_hdr)
+                                                   : sizeof(struct icmp));*/
+                if(   (address_family == PF_INET &&
+                        (ntohs(packet.icp->icmp_id) != pid || packet.icp->icmp_type != ICMP_ECHOREPLY
+                         || ntohs(packet.icp->icmp_seq) >= targets * packets))
+                   || (address_family == PF_INET6 &&
+                        (ntohs(packet.icp6->icmp6_id) != pid || packet.icp6->icmp6_type != ICMP6_ECHO_REPLY
+                        || ntohs(packet.icp6->icmp6_seq) >= targets * packets))) {
                        if(debug > 2) printf("not a proper ICMP_ECHOREPLY\n");
                        handle_random_icmp(buf + hlen, &resp_addr);
                        continue;
                }
                /* this is indeed a valid response */
-                memcpy(&data, icp.icmp_data, sizeof(data));
+                if (address_family == PF_INET) {
-                if (debug > 2)
+                        memcpy(&data, packet.icp->icmp_data, sizeof(data));
-                        printf("ICMP echo-reply of len %lu, id %u, seq %u, cksum 0x%X\n",
+                        if (debug > 2)
-                               (unsigned long)sizeof(data), ntohs(icp.icmp_id),
+                                printf("ICMP echo-reply of len %lu, id %u, seq %u, cksum 0x%X\n",
-                               ntohs(icp.icmp_seq), icp.icmp_cksum);
+                                        (unsigned long)sizeof(data), ntohs(packet.icp->icmp_id),
+                                        ntohs(packet.icp->icmp_seq), packet.icp->icmp_cksum);
+                        host = table[ntohs(packet.icp->icmp_seq)/packets];
+                } else {
+                        memcpy(&data, &packet.icp6->icmp6_dataun.icmp6_un_data8[4], sizeof(data));
+                        if (debug > 2)
+                                printf("ICMP echo-reply of len %lu, id %u, seq %u, cksum 0x%X\n",
+                                        (unsigned long)sizeof(data), ntohs(packet.icp6->icmp6_id),
+                                        ntohs(packet.icp6->icmp6_seq), packet.icp6->icmp6_cksum);
+                        host = table[ntohs(packet.icp6->icmp6_seq)/packets];
+                }
-                host = table[ntohs(icp.icmp_seq)/packets];
                tdiff = get_timevaldiff(&data.stime, &now);
                host->time_waited += tdiff;
@@ -801,22 +911,25 @@ wait_for_reply(int sock, u_int t)
                        host->rtmin = tdiff;
                if(debug) {
+                        char address[INET6_ADDRSTRLEN];
+                        parse_address(&resp_addr, address, sizeof(address));
                        printf("%0.3f ms rtt from %s, outgoing ttl: %u, incoming ttl: %u, max: %0.3f, min: %0.3f\n",
-                                   (float)tdiff / 1000, inet_ntoa(resp_addr.sin_addr),
+                                (float)tdiff / 1000, address,
-                                   ttl, ip->ip_ttl, (float)host->rtmax / 1000, (float)host->rtmin / 1000);
+                                ttl, ip->ip.ip_ttl, (float)host->rtmax / 1000, (float)host->rtmin / 1000);
                }
                /* if we're in hostcheck mode, exit with limited printouts */
                if(mode == MODE_HOSTCHECK) {
                        printf("OK - %s responds to ICMP. Packet %u, rta %0.3fms|"
-                                   "pkt=%u;;0;%u rta=%0.3f;%0.3f;%0.3f;;\n",
+                                "pkt=%u;;0;%u rta=%0.3f;%0.3f;%0.3f;;\n",
-                                   host->name, icmp_recv, (float)tdiff / 1000,
+                                host->name, icmp_recv, (float)tdiff / 1000,
-                                   icmp_recv, packets, (float)tdiff / 1000,
+                                icmp_recv, packets, (float)tdiff / 1000,
-                                   (float)warn.rta / 1000, (float)crit.rta / 1000);
+                                (float)warn.rta / 1000, (float)crit.rta / 1000);
                        exit(STATE_OK);
                }
        }
+        free(packet.buf);
        return 0;
 }
@@ -824,62 +937,81 @@ wait_for_reply(int sock, u_int t)
 static int
 send_icmp_ping(int sock, struct rta_host *host)
 {
-        static union {
-                void *buf; /* re-use so we prevent leaks */
-                struct icmp *icp;
-                u_short *cksum_in;
-        } packet = { NULL };
        long int len;
        struct icmp_ping_data data;
        struct msghdr hdr;
        struct iovec iov;
        struct timeval tv;
-        struct sockaddr *addr;
+        void *buf = NULL;
        if(sock == -1) {
                errno = 0;
                crash("Attempt to send on bogus socket");
                return -1;
        }
-        addr = (struct sockaddr *)&host->saddr_in;
-        if(!packet.buf) {
+        if(!buf) {
-                if (!(packet.buf = malloc(icmp_pkt_size))) {
+                if (!(buf = malloc(icmp_pkt_size))) {
                        crash("send_icmp_ping(): failed to malloc %d bytes for send buffer",
                                  icmp_pkt_size);
                        return -1;      /* might be reached if we're in debug mode */
                }
        }
-        memset(packet.buf, 0, icmp_pkt_size);
+        memset(buf, 0, icmp_pkt_size);
-        if((gettimeofday(&tv, &tz)) == -1) return -1;
+        if((gettimeofday(&tv, &tz)) == -1) {
+                free(buf);
+                return -1;
+        }
        data.ping_id = 10; /* host->icmp.icmp_sent; */
        memcpy(&data.stime, &tv, sizeof(tv));
-        memcpy(&packet.icp->icmp_data, &data, sizeof(data));
-        packet.icp->icmp_type = ICMP_ECHO;
+        if (address_family == AF_INET) {
-        packet.icp->icmp_code = 0;
+                struct icmp *icp = (struct icmp*)buf;
-        packet.icp->icmp_cksum = 0;
-        packet.icp->icmp_id = htons(pid);
+                memcpy(&icp->icmp_data, &data, sizeof(data));
-        packet.icp->icmp_seq = htons(host->id++);
-        packet.icp->icmp_cksum = icmp_checksum(packet.cksum_in, icmp_pkt_size);
+                icp->icmp_type = ICMP_ECHO;
+                icp->icmp_code = 0;
-        if (debug > 2)
+                icp->icmp_cksum = 0;
-                printf("Sending ICMP echo-request of len %lu, id %u, seq %u, cksum 0x%X to host %s\n",
+                icp->icmp_id = htons(pid);
-                       (unsigned long)sizeof(data), ntohs(packet.icp->icmp_id),
+                icp->icmp_seq = htons(host->id++);
-                       ntohs(packet.icp->icmp_seq), packet.icp->icmp_cksum,
+                icp->icmp_cksum = icmp_checksum((unsigned short*)buf, icmp_pkt_size);
-                       host->name);
+                if (debug > 2)
+                        printf("Sending ICMP echo-request of len %lu, id %u, seq %u, cksum 0x%X to host %s\n",
+                                (unsigned long)sizeof(data), ntohs(icp->icmp_id), ntohs(icp->icmp_seq), icp->icmp_cksum, host->name);
+        }
+        else {
+                struct icmp6_hdr *icp6 = (struct icmp6_hdr*)buf;
+                memcpy(&icp6->icmp6_dataun.icmp6_un_data8[4], &data, sizeof(data));
+                icp6->icmp6_type = ICMP6_ECHO_REQUEST;
+                icp6->icmp6_code = 0;
+                icp6->icmp6_cksum = 0;
+                icp6->icmp6_id = htons(pid);
+                icp6->icmp6_seq = htons(host->id++);
+                // let checksum be calculated automatically
+                if (debug > 2) {
+                        printf("Sending ICMP echo-request of len %lu, id %u, seq %u, cksum 0x%X to host %s\n",
+                                (unsigned long)sizeof(data), ntohs(icp6->icmp6_id),
+                                ntohs(icp6->icmp6_seq), icp6->icmp6_cksum, host->name);
+                }
+        }
        memset(&iov, 0, sizeof(iov));
-        iov.iov_base = packet.buf;
+        iov.iov_base = buf;
        iov.iov_len = icmp_pkt_size;
        memset(&hdr, 0, sizeof(hdr));
-        hdr.msg_name = addr;
+        hdr.msg_name = (struct sockaddr *)&host->saddr_in;
-        hdr.msg_namelen = sizeof(struct sockaddr);
+        hdr.msg_namelen = sizeof(struct sockaddr_storage);
        hdr.msg_iov = &iov;
        hdr.msg_iovlen = 1;
+        errno = 0;
 /* MSG_CONFIRM is a linux thing and only available on linux kernels >= 2.3.15, see send(2) */
 #ifdef MSG_CONFIRM
        len = sendmsg(sock, &hdr, MSG_CONFIRM);
@@ -887,9 +1019,15 @@ send_icmp_ping(int sock, struct rta_host *host)
        len = sendmsg(sock, &hdr, 0);
 #endif
+        free(buf);
        if(len < 0 || (unsigned int)len != icmp_pkt_size) {
-                if(debug) printf("Failed to send ping to %s\n",
+                if(debug) {
-                                                 inet_ntoa(host->saddr_in.sin_addr));
+                        char address[INET6_ADDRSTRLEN];
+                        parse_address((struct sockaddr_storage *)&host->saddr_in, address, sizeof(address));
+                        printf("Failed to send ping to %s: %s\n", address, strerror(errno));
+                }
+                errno = 0;
                return -1;
        }
@@ -934,7 +1072,7 @@ recvfrom_wto(int sock, void *buf, unsigned int len, struct sockaddr *saddr,
        if(!n) return 0;                                /* timeout */
-        slen = sizeof(struct sockaddr);
+        slen = sizeof(struct sockaddr_storage);
        memset(&iov, 0, sizeof(iov));
        iov.iov_base = buf;
@@ -958,6 +1096,7 @@ recvfrom_wto(int sock, void *buf, unsigned int len, struct sockaddr *saddr,
                        break ;
                }
        }
        if (!chdr)
 #endif // SO_TIMESTAMP
                gettimeofday(tv, &tz);
@@ -991,6 +1130,7 @@ finish(int sig)
        /* iterate thrice to calculate values, give output, and print perfparse */
        host = list;
        while(host) {
                if(!host->icmp_recv) {
                        /* rta 0 is ofcourse not entirely correct, but will still show up
@@ -1039,10 +1179,12 @@ finish(int sig)
                if(!host->icmp_recv) {
                        status = STATE_CRITICAL;
                        if(host->flags & FLAG_LOST_CAUSE) {
+                                char address[INET6_ADDRSTRLEN];
+                                parse_address(&host->error_addr, address, sizeof(address));
                                printf("%s: %s @ %s. rta nan, lost %d%%",
                                           host->name,
                                           get_icmp_error_msg(host->icmp_type, host->icmp_code),
-                                           inet_ntoa(host->error_addr),
+                                           address,
                                           100);
                        }
                        else { /* not marked as lost cause, so we have no flags for it */
@@ -1104,7 +1246,6 @@ get_timevaldiff(struct timeval *early, struct timeval *later)
        {
                return 0;
        }
        ret = (later->tv_sec - early->tv_sec) * 1000000;
        ret += later->tv_usec - early->tv_usec;
@@ -1112,18 +1253,35 @@ get_timevaldiff(struct timeval *early, struct timeval *later)
 }
 static int
-add_target_ip(char *arg, struct in_addr *in)
+add_target_ip(char *arg, struct sockaddr_storage *in)
 {
        struct rta_host *host;
+        struct sockaddr_in *sin, *host_sin;
+        struct sockaddr_in6 *sin6, *host_sin6;
+        if (address_family == AF_INET)
+                sin = (struct sockaddr_in *)in;
+        else
+                sin6 = (struct sockaddr_in6 *)in;
-        /* disregard obviously stupid addresses */
-        if(in->s_addr == INADDR_NONE || in->s_addr == INADDR_ANY)
+        /* disregard obviously stupid addresses
+         * (I didn't find an ipv6 equivalent to INADDR_NONE) */
+        if (((address_family == AF_INET && (sin->sin_addr.s_addr == INADDR_NONE
+                                        || sin->sin_addr.s_addr == INADDR_ANY)))
+                || (address_family == AF_INET6 && (sin6->sin6_addr.s6_addr == in6addr_any.s6_addr))) {
                return -1;
+        }
        /* no point in adding two identical IP's, so don't. ;) */
        host = list;
        while(host) {
-                if(host->saddr_in.sin_addr.s_addr == in->s_addr) {
+                host_sin = (struct sockaddr_in *)&host->saddr_in;
+                host_sin6 = (struct sockaddr_in6 *)&host->saddr_in;
+                if(   (address_family == AF_INET && host_sin->sin_addr.s_addr == sin->sin_addr.s_addr)
+                   || (address_family == AF_INET6 && host_sin6->sin6_addr.s6_addr == sin6->sin6_addr.s6_addr)) {
                        if(debug) printf("Identical IP already exists. Not adding %s\n", arg);
                        return -1;
                }
@@ -1131,19 +1289,29 @@ add_target_ip(char *arg, struct in_addr *in)
        }
        /* add the fresh ip */
-        host = malloc(sizeof(struct rta_host));
+        host = (struct rta_host*)malloc(sizeof(struct rta_host));
        if(!host) {
+                char straddr[INET6_ADDRSTRLEN];
+                parse_address((struct sockaddr_storage*)&in, straddr, sizeof(straddr));
                crash("add_target_ip(%s, %s): malloc(%d) failed",
-                          arg, inet_ntoa(*in), sizeof(struct rta_host));
+                        arg, straddr, sizeof(struct rta_host));
        }
        memset(host, 0, sizeof(struct rta_host));
        /* set the values. use calling name for output */
        host->name = strdup(arg);
-        /* fill out the sockaddr_in struct */
+        /* fill out the sockaddr_storage struct */
-        host->saddr_in.sin_family = AF_INET;
+        if(address_family == AF_INET) {
-        host->saddr_in.sin_addr.s_addr = in->s_addr;
+                host_sin = (struct sockaddr_in *)&host->saddr_in;
+                host_sin->sin_family = AF_INET;
+                host_sin->sin_addr.s_addr = sin->sin_addr.s_addr;
+        }
+        else {
+                host_sin6 = (struct sockaddr_in6 *)&host->saddr_in;
+                host_sin6->sin6_family = AF_INET6;
+                memcpy(host_sin6->sin6_addr.s6_addr, sin6->sin6_addr.s6_addr, sizeof host_sin6->sin6_addr.s6_addr);
+        }
        host->rtmin = DBL_MAX;
@@ -1160,31 +1328,67 @@ add_target_ip(char *arg, struct in_addr *in)
 static int
 add_target(char *arg)
 {
-        int i;
+        int error, result;
-        struct hostent *he;
+        struct sockaddr_storage ip;
-        struct in_addr *in, ip;
+        struct addrinfo hints, *res, *p;
+        struct sockaddr_in *sin;
+        struct sockaddr_in6 *sin6;
+        switch (address_family) {
+        case -1:
+                /* -4 and -6 are not specified on cmdline */
+                address_family = AF_INET;
+                sin = (struct sockaddr_in *)&ip;
+                result = inet_pton(address_family, arg, &sin->sin_addr);
+#ifdef USE_IPV6
+                if( result != 1 ){
+                        address_family = AF_INET6;
+                        sin6 = (struct sockaddr_in6 *)&ip;
+                        result = inet_pton(address_family, arg, &sin6->sin6_addr);
+                }
+#endif
+                /* If we don't find any valid addresses, we still don't know the address_family */
+                if ( result != 1) {
+                        address_family = -1;
+                }
+                break;
+        case AF_INET:
+                sin = (struct sockaddr_in *)&ip;
+                result = inet_pton(address_family, arg, &sin->sin_addr);
+                break;
+        case AF_INET6:
+                sin6 = (struct sockaddr_in6 *)&ip;
+                result = inet_pton(address_family, arg, &sin6->sin6_addr);
+                break;
+        default: crash("Address family not supported");
+        }
        /* don't resolve if we don't have to */
-        if((ip.s_addr = inet_addr(arg)) != INADDR_NONE) {
+        if(result == 1) {
                /* don't add all ip's if we were given a specific one */
                return add_target_ip(arg, &ip);
-                /* he = gethostbyaddr((char *)in, sizeof(struct in_addr), AF_INET); */
-                /* if(!he) return add_target_ip(arg, in); */
        }
        else {
                errno = 0;
-                he = gethostbyname(arg);
+                memset(&hints, 0, sizeof(hints));
-                if(!he) {
+                if (address_family == -1) {
+                        hints.ai_family = AF_UNSPEC;
+                } else {
+                        hints.ai_family = address_family == AF_INET ? PF_INET : PF_INET6;
+                }
+                hints.ai_socktype = SOCK_RAW;
+                if((error = getaddrinfo(arg, NULL, &hints, &res)) != 0) {
                        errno = 0;
-                        crash("Failed to resolve %s", arg);
+                        crash("Failed to resolve %s: %s", arg, gai_strerror(error));
                        return -1;
                }
+                address_family = res->ai_family;
        }
        /* possibly add all the IP's as targets */
-        for(i = 0; he->h_addr_list[i]; i++) {
+        for(p = res; p != NULL; p = p->ai_next) {
-                in = (struct in_addr *)he->h_addr_list[i];
+                memcpy(&ip, p->ai_addr, p->ai_addrlen);
-                add_target_ip(arg, in);
+                add_target_ip(arg, &ip);
                /* this is silly, but it works */
                if(mode == MODE_HOSTCHECK || mode == MODE_ALL) {
@@ -1193,6 +1397,7 @@ add_target(char *arg)
                }
                break;
        }
+        freeaddrinfo(res);
        return 0;
 }
@@ -1203,7 +1408,7 @@ set_source_ip(char *arg)
        struct sockaddr_in src;
        memset(&src, 0, sizeof(src));
-        src.sin_family = AF_INET;
+        src.sin_family = address_family;
        if((src.sin_addr.s_addr = inet_addr(arg)) == INADDR_NONE)
                src.sin_addr.s_addr = get_ip_address(arg);
        if(bind(icmp_sock, (struct sockaddr *)&src, sizeof(src)) == -1)
@@ -1311,12 +1516,12 @@ get_threshold(char *str, threshold *th)
 unsigned short
 icmp_checksum(unsigned short *p, int n)
 {
-        register unsigned short cksum;
+        unsigned short cksum;
-        register long sum = 0;
+        long sum = 0;
-        while(n > 1) {
+        while(n > 2) {
                sum += *p++;
-                n -= 2;
+                n -= sizeof(unsigned short);
        }
        /* mop up the occasional odd byte */
@@ -1347,6 +1552,8 @@ print_help(void)
  printf (" %s\n", "-H");
  printf ("    %s\n", _("specify a target"));
+  printf (" %s\n", "[-4|-6]");
+  printf ("    %s\n", _("Use IPv4 (default) or IPv6 to communicate with the targets"));
  printf (" %s\n", "-w");
  printf ("    %s", _("warning threshold (currently "));
  printf ("%0.3fms,%u%%)\n", (float)warn.rta / 1000, warn.pl);
diff --git a/plugins/check_dbi.c b/plugins/check_dbi.c
index 826eb8d9..ced13d05 100644
--- a/plugins/check_dbi.c
+++ b/plugins/check_dbi.c
@@ -35,6 +35,7 @@ const char *email = "devel@monitoring-plugins.org";
 #include "common.h"
 #include "utils.h"
+#include "utils_cmd.h"
 #include "netutils.h"
diff --git a/plugins/check_dns.c b/plugins/check_dns.c
index f2061636..d4d0b885 100644
--- a/plugins/check_dns.c
+++ b/plugins/check_dns.c
@@ -56,6 +56,7 @@ char **expected_address = NULL;
 int expected_address_cnt = 0;
 int expect_authority = FALSE;
+int all_match = FALSE;
 thresholds *time_thresholds = NULL;
 static int
@@ -168,8 +169,8 @@ main (int argc, char **argv)
      temp_buffer++;
      /* Strip leading spaces */
-      for (; *temp_buffer != '\0' && *temp_buffer == ' '; temp_buffer++)
+      while (*temp_buffer == ' ')
-        /* NOOP */;
+        temp_buffer++;
      strip(temp_buffer);
      if (temp_buffer==NULL || strlen(temp_buffer)==0) {
@@ -228,16 +229,27 @@ main (int argc, char **argv)
  if (result == STATE_OK && expected_address_cnt > 0) {
    result = STATE_CRITICAL;
    temp_buffer = "";
+    unsigned long expect_match = (1 << expected_address_cnt) - 1;
+    unsigned long addr_match = (1 << n_addresses) - 1;
    for (i=0; i<expected_address_cnt; i++) {
+      int j;
      /* check if we get a match on 'raw' ip or cidr */
-      if ( strcmp(address, expected_address[i]) == 0
+      for (j=0; j<n_addresses; j++) {
-           || ip_match_cidr(address, expected_address[i]) )
+        if ( strcmp(addresses[j], expected_address[i]) == 0
-        result = STATE_OK;
+             || ip_match_cidr(addresses[j], expected_address[i]) ) {
+          result = STATE_OK;
+          addr_match &= ~(1 << j);
+          expect_match &= ~(1 << i);
+        }
+      }
      /* prepare an error string */
      xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]);
    }
+    /* check if expected_address must cover all in addresses and none may be missing */
+    if (all_match && (expect_match != 0 || addr_match != 0))
+      result = STATE_CRITICAL;
    if (result == STATE_CRITICAL) {
      /* Strip off last semicolon... */
      temp_buffer[strlen(temp_buffer)-2] = '\0';
@@ -401,6 +413,7 @@ process_arguments (int argc, char **argv)
    {"reverse-server", required_argument, 0, 'r'},
    {"expected-address", required_argument, 0, 'a'},
    {"expect-authority", no_argument, 0, 'A'},
+    {"all", no_argument, 0, 'L'},
    {"warning", required_argument, 0, 'w'},
    {"critical", required_argument, 0, 'c'},
    {0, 0, 0, 0}
@@ -414,7 +427,7 @@ process_arguments (int argc, char **argv)
      strcpy (argv[c], "-t");
  while (1) {
-    c = getopt_long (argc, argv, "hVvAt:H:s:r:a:w:c:", long_opts, &opt_index);
+    c = getopt_long (argc, argv, "hVvALt:H:s:r:a:w:c:", long_opts, &opt_index);
    if (c == -1 || c == EOF)
      break;
@@ -462,6 +475,9 @@ process_arguments (int argc, char **argv)
    case 'A': /* expect authority */
      expect_authority = TRUE;
      break;
+    case 'L': /* all must match */
+      all_match = TRUE;
+      break;
    case 'w':
      warning = optarg;
      break;
@@ -530,14 +546,16 @@ print_help (void)
  printf (" -a, --expected-address=IP-ADDRESS|CIDR|HOST\n");
  printf ("    %s\n", _("Optional IP-ADDRESS/CIDR you expect the DNS server to return. HOST must end"));
  printf ("    %s\n", _("with a dot (.). This option can be repeated multiple times (Returns OK if any"));
-  printf ("    %s\n", _("value match). If multiple addresses are returned at once, you have to match"));
+  printf ("    %s\n", _("value matches)."));
-  printf ("    %s\n", _("the whole string of addresses separated with commas (sorted alphabetically)."));
  printf (" -A, --expect-authority\n");
  printf ("    %s\n", _("Optionally expect the DNS server to be authoritative for the lookup"));
  printf (" -w, --warning=seconds\n");
  printf ("    %s\n", _("Return warning if elapsed time exceeds value. Default off"));
  printf (" -c, --critical=seconds\n");
  printf ("    %s\n", _("Return critical if elapsed time exceeds value. Default off"));
+  printf (" -L, --all\n");
+  printf ("    %s\n", _("Return critical if the list of expected addresses does not match all addresses"));
+  printf ("    %s\n", _("returned. Default off"));
  printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
@@ -549,5 +567,5 @@ void
 print_usage (void)
 {
  printf ("%s\n", _("Usage:"));
-  printf ("%s -H host [-s server] [-a expected-address] [-A] [-t timeout] [-w warn] [-c crit]\n", progname);
+  printf ("%s -H host [-s server] [-a expected-address] [-A] [-t timeout] [-w warn] [-c crit] [-L]\n", progname);
 }
diff --git a/plugins/check_hpjd.c b/plugins/check_hpjd.c
index f159f5a2..65465567 100644
--- a/plugins/check_hpjd.c
+++ b/plugins/check_hpjd.c
@@ -67,6 +67,7 @@ void print_usage (void);
 char *community = NULL;
 char *address = NULL;
 char *port = NULL;
+int  check_paper_out = 1;
 int
 main (int argc, char **argv)
@@ -240,7 +241,8 @@ main (int argc, char **argv)
                        strcpy (errmsg, _("Paper Jam"));
                }
                else if (paper_out) {
-                        result = STATE_WARNING;
+                        if (check_paper_out)
+                                result = STATE_WARNING;
                        strcpy (errmsg, _("Out of Paper"));
                }
                else if (line_status == OFFLINE) {
@@ -325,7 +327,7 @@ process_arguments (int argc, char **argv)
        while (1) {
-                c = getopt_long (argc, argv, "+hVH:C:p:", longopts, &option);
+                c = getopt_long (argc, argv, "+hVH:C:p:D", longopts, &option);
                if (c == -1 || c == EOF || c == 1)
                        break;
@@ -347,6 +349,8 @@ process_arguments (int argc, char **argv)
                                usage2 (_("Port must be a positive short integer"), optarg);
                        else
                                port = atoi(optarg);
+                case 'D':                                                                       /* disable paper out check*/
+                        check_paper_out = 0;
                        break;
                case 'V':                                                                       /* version */
                        print_revision (progname, NP_VERSION);
@@ -420,6 +424,8 @@ print_help (void)
        printf ("    %s", _("Specify the port to check "));
        printf (_("(default=%s)"), DEFAULT_PORT);
        printf ("\n");
+        printf (" %s\n", "-D");
+        printf ("    %s", _("Disable paper check "));
        printf (UT_SUPPORT);
 }
@@ -430,5 +436,5 @@ void
 print_usage (void)
 {
  printf ("%s\n", _("Usage:"));
-        printf ("%s -H host [-C community] [-p port]\n", progname);
+        printf ("%s -H host [-C community] [-p port] [-D]\n", progname);
 }
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 856e1e90..de59a068 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -1155,6 +1155,8 @@ check_http (void)
      xasprintf (&msg,
                _("Invalid HTTP response received from host on port %d: %s\n"),
                server_port, status_line);
+    if (show_body)
+        xasprintf (&msg, _("%s\n%s"), msg, page);
    die (STATE_CRITICAL, "HTTP CRITICAL - %s", msg);
  }
diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c
index 5cd47093..11ce6916 100644
--- a/plugins/check_pgsql.c
+++ b/plugins/check_pgsql.c
@@ -34,6 +34,7 @@ const char *email = "devel@monitoring-plugins.org";
 #include "common.h"
 #include "utils.h"
+#include "utils_cmd.h"
 #include "netutils.h"
 #include <libpq-fe.h>
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index 0fcf4c68..d37c57c8 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -293,6 +293,7 @@ main (int argc, char **argv)
                    printf("%s", buffer);
                }
+                n = 0;
                while (n < ncommands) {
                        xasprintf (&cmd_str, "%s%s", commands[n], "\r\n");
                        my_send(cmd_str, strlen(cmd_str));
diff --git a/plugins/common.h b/plugins/common.h
index 6bf4fca4..0f08e2f6 100644
--- a/plugins/common.h
+++ b/plugins/common.h
@@ -225,4 +225,18 @@ enum {
 # define __attribute__(x) /* do nothing */
 #endif
+/* Try sysconf(_SC_OPEN_MAX) first, as it can be higher than OPEN_MAX.
+ * If that fails and the macro isn't defined, we fall back to an educated
+ * guess. There's no guarantee that our guess is adequate and the program
+ * will die with SIGSEGV if it isn't and the upper boundary is breached. */
+#define DEFAULT_MAXFD  256   /* fallback value if no max open files value is set */
+#define MAXFD_LIMIT   8192   /* upper limit of open files */
+#ifdef _SC_OPEN_MAX
+static long maxfd = 0;
+#elif defined(OPEN_MAX)
+# define maxfd OPEN_MAX
+#else   /* sysconf macro unavailable, so guess (may be wildly inaccurate) */
+# define maxfd DEFAULT_MAXFD
+#endif
 #endif /* _COMMON_H_ */
diff --git a/plugins/popen.c b/plugins/popen.c
index 592263fd..116d168d 100644
--- a/plugins/popen.c
+++ b/plugins/popen.c
@@ -78,7 +78,6 @@ RETSIGTYPE popen_timeout_alarm_handler (int);
 #define min(a,b)        ((a) < (b) ? (a) : (b))
 #define max(a,b)        ((a) > (b) ? (a) : (b))
-int open_max (void);                                            /* {Prog openmax} */
 static void err_sys (const char *, ...) __attribute__((noreturn,format(printf, 1, 2)));
 char *rtrim (char *, const char *);
@@ -86,7 +85,6 @@ char *pname = NULL;							/* caller can set this from argv[0] */
 /*int *childerr = NULL;*//* ptr to array allocated at run-time */
 /*extern pid_t *childpid = NULL; *//* ptr to array allocated at run-time */
-static int maxfd;                                                               /* from our open_max(), {Prog openmax} */
 #ifdef REDHAT_SPOPEN_ERROR
 static volatile int childtermd = 0;
@@ -187,13 +185,11 @@ spopen (const char *cmdstring)
        argv[i] = NULL;
        if (childpid == NULL) {                         /* first time through */
-                maxfd = open_max ();                            /* allocate zeroed out array for child pids */
                if ((childpid = calloc ((size_t)maxfd, sizeof (pid_t))) == NULL)
                        return (NULL);
        }
        if (child_stderr_array == NULL) {       /* first time through */
-                maxfd = open_max ();                            /* allocate zeroed out array for child pids */
                if ((child_stderr_array = calloc ((size_t)maxfd, sizeof (int))) == NULL)
                        return (NULL);
        }
@@ -273,15 +269,6 @@ spclose (FILE * fp)
        return (1);
 }
-#ifdef  OPEN_MAX
-static int openmax = OPEN_MAX;
-#else
-static int openmax = 0;
-#endif
-#define OPEN_MAX_GUESS  256                     /* if OPEN_MAX is indeterminate */
-                                /* no guarantee this is adequate */
 #ifdef REDHAT_SPOPEN_ERROR
 RETSIGTYPE
 popen_sigchld_handler (int signo)
@@ -311,22 +298,6 @@ popen_timeout_alarm_handler (int signo)
 }
-int
-open_max (void)
-{
-        if (openmax == 0) {                                             /* first time through */
-                errno = 0;
-                if ((openmax = sysconf (_SC_OPEN_MAX)) < 0) {
-                        if (errno == 0)
-                                openmax = OPEN_MAX_GUESS;       /* it's indeterminate */
-                        else
-                                err_sys (_("sysconf error for _SC_OPEN_MAX"));
-                }
-        }
-        return (openmax);
-}
 /* Fatal error related to a system call.
 * Print a message and die. */
diff --git a/plugins/runcmd.c b/plugins/runcmd.c
index 1a7c904f..c3828678 100644
--- a/plugins/runcmd.c
+++ b/plugins/runcmd.c
@@ -67,19 +67,6 @@
 * occur in any number of threads simultaneously. */
 static pid_t *np_pids = NULL;
-/* Try sysconf(_SC_OPEN_MAX) first, as it can be higher than OPEN_MAX.
- * If that fails and the macro isn't defined, we fall back to an educated
- * guess. There's no guarantee that our guess is adequate and the program
- * will die with SIGSEGV if it isn't and the upper boundary is breached. */
-#ifdef _SC_OPEN_MAX
-static long maxfd = 0;
-#elif defined(OPEN_MAX)
-# define maxfd OPEN_MAX
-#else /* sysconf macro unavailable, so guess (may be wildly inaccurate) */
-# define maxfd 256
-#endif
 /** prototypes **/
 static int np_runcmd_open(const char *, int *, int *)
        __attribute__((__nonnull__(1, 2, 3)));
diff --git a/plugins/t/NPTest.cache.travis b/plugins/t/NPTest.cache.travis
index 6ee45053..9b9f8059 100644
--- a/plugins/t/NPTest.cache.travis
+++ b/plugins/t/NPTest.cache.travis
@@ -50,5 +50,5 @@
  'NP_SNMP_USER' => '',
  'NP_SSH_CONFIGFILE' => '~/.ssh/config',
  'NP_SSH_HOST' => 'localhost',
-  'NP_SSH_IDENTITY' => '~/.ssh/id_dsa'
+  'NP_SSH_IDENTITY' => '~/.ssh/id_rsa'
 }
diff --git a/plugins/tests/certs/server-cert.pem b/plugins/tests/certs/server-cert.pem
index 549e4f7e..b84b91d2 100644
--- a/plugins/tests/certs/server-cert.pem
+++ b/plugins/tests/certs/server-cert.pem
@@ -1,21 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIDYzCCAsygAwIBAgIJAL8LkpNwzYdxMA0GCSqGSIb3DQEBBAUAMH8xCzAJBgNV
+MIIEBjCCAu6gAwIBAgIJANbQ5QQrKhUGMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD
-BAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIxFzAV
+VQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEPMA0GA1UEBwwGTXVuaWNoMRswGQYD
-BgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwGCSqG
+VQQKDBJNb25pdG9yaW5nIFBsdWdpbnMxGzAZBgNVBAMMEk1vbml0b3JpbmcgUGx1
-SIb3DQEJARYPdG9udm9vbkBtYWMuY29tMB4XDTA5MDMwNTIxNDEyOFoXDTE5MDMw
+Z2luczErMCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9y
-MzIxNDEyOFowfzELMAkGA1UEBhMCVUsxEzARBgNVBAgTCkRlcmJ5c2hpcmUxDzAN
+ZzAeFw0xOTAyMTkxNTMxNDRaFw0yOTAyMTYxNTMxNDRaMIGXMQswCQYDVQQGEwJE
-BgNVBAcTBkJlbHBlcjEXMBUGA1UEChMOTmFnaW9zIFBsdWdpbnMxETAPBgNVBAMT
+RTEQMA4GA1UECAwHQmF2YXJpYTEPMA0GA1UEBwwGTXVuaWNoMRswGQYDVQQKDBJN
-CFRvbiBWb29uMR4wHAYJKoZIhvcNAQkBFg90b252b29uQG1hYy5jb20wgZ8wDQYJ
+b25pdG9yaW5nIFBsdWdpbnMxGzAZBgNVBAMMEk1vbml0b3JpbmcgUGx1Z2luczEr
-KoZIhvcNAQEBBQADgY0AMIGJAoGBAKcWMBtNtfY8vZXk0SN6/EYTVN/LOvaOSegy
+MCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9yZzCCASIw
-oVdLoGwuwjagk+XmCzvCqHZRp8lnCLay7AO8AQI7TSN02ihCcSrgGA9OT+HciIJ1
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgV2yp8pQvJuN+aJGdAe6Hd0tja
-l5/kEYUAuA1PR6YKK/T713zUAlMzy2tsugx5+xSsSEwsXkmne52jJiG/wuE5CLT0
+uteCPcNIcM92WLOF69TLTSYon1XDon4tHTh4Z5d4lD8bfsGzFVBmDSgWidhAUf+v
-9pF8HQqHAgMBAAGjgeYwgeMwHQYDVR0OBBYEFGioSPQ/rdE19+zaeY2YvHTXlUDI
+EqEXwbp293ej/Frc0pXCvmrz6kI1tWrLtQhL/VdbxFYxhV7JjKb+PY3SxGFpSLPe
-MIGzBgNVHSMEgaswgaiAFGioSPQ/rdE19+zaeY2YvHTXlUDIoYGEpIGBMH8xCzAJ
+PQ/5SwVndv7rZIwcjseL22K5Uy2TIrkgzzm2pRs/IvoxRybYr/+LGoHyrtJC6AO8
-BgNVBAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIx
+ylp8A/etL0gwtUvRnrnZeTQ2pA1uZ5QN3anTL8JP/ZRZYNegIkaawqMtTKbhM6pi
-FzAVBgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwG
+u3/4a3Uppvt0y7vmGfQlYejxCpICnMrvHMpw8L58zv/98AbCGjDU3UwCt6MCAwEA
-CSqGSIb3DQEJARYPdG9udm9vbkBtYWMuY29tggkAvwuSk3DNh3EwDAYDVR0TBAUw
+AaNTMFEwHQYDVR0OBBYEFG/UH6nGYPlVcM75UXzXBF5GZyrcMB8GA1UdIwQYMBaA
-AwEB/zANBgkqhkiG9w0BAQQFAAOBgQCdqasaIO6JiV5ONFG6Tr1++85UfEdZKMUX
+FG/UH6nGYPlVcM75UXzXBF5GZyrcMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
-N2NHiNNUunolIZEYR+dW99ezKmHlDiQ/tMgoLVYpl2Ubho2pAkLGQR+W0ZASgWQ1
+AQELBQADggEBAGwitJPOnlIKLndNf+iCLMIs0dxsl8kAaejFcjoT0n4ja7Y6Zrqz
-NjfV27Rv0y6lYQMTA0lVAU93L1x9reo3FMedmL5+H+lIEpLCxEPtAJNISrJOneZB
+VSIidzz9vQWvy24xKJpAOdj/iLRHCUOG+Pf5fA6+/FiuqXr6gE2/lm0eC58BNONr
-W5jDadwkoQ==
+E5OzjQ/VoQ8RX4hDntgu6FYbaVa/vhwn16igt9qmdNGGZXf2/+DM3JADwyaA4EK8
+vm7KdofX9zkxXecHPNvf3jiVLPiDDt6tkGpHPEsyP/yc+RUdltUeZvHfliV0cCuC
+jJX+Fm9ysjSpHIFFr+jUMuMHibWoOD8iy3eYxfCDoWsH488pCbj8MNuAq6vd6DBk
+bOZxDz43vjWuYMkwXJTxJQh7Pne6kK0vE1g=
 -----END CERTIFICATE-----
diff --git a/plugins/tests/certs/server-key.pem b/plugins/tests/certs/server-key.pem
index eacaeaa3..11947555 100644
--- a/plugins/tests/certs/server-key.pem
+++ b/plugins/tests/certs/server-key.pem
@@ -1,15 +1,28 @@
-----BEGIN RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
-MIICWwIBAAKBgQCnFjAbTbX2PL2V5NEjevxGE1Tfyzr2jknoMqFXS6BsLsI2oJPl
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCoFdsqfKULybjf
-5gs7wqh2UafJZwi2suwDvAECO00jdNooQnEq4BgPTk/h3IiCdZef5BGFALgNT0em
+miRnQHuh3dLY2rrXgj3DSHDPdlizhevUy00mKJ9Vw6J+LR04eGeXeJQ/G37BsxVQ
-Civ0+9d81AJTM8trbLoMefsUrEhMLF5Jp3udoyYhv8LhOQi09PaRfB0KhwIDAQAB
+Zg0oFonYQFH/rxKhF8G6dvd3o/xa3NKVwr5q8+pCNbVqy7UIS/1XW8RWMYVeyYym
-AoGAfpxclcP8N3vteXErXURrd7pcXT0GECDgNjhvc9PV20RPXM+vYs1AA+fMeeQE
+/j2N0sRhaUiz3j0P+UsFZ3b+62SMHI7Hi9tiuVMtkyK5IM85tqUbPyL6MUcm2K//
-TaRqwO6x016aMRO4rz5ztYArecTBznkds1k59pkN/Ne/nsueU4tvGK8MNyS2o986
+ixqB8q7SQugDvMpafAP3rS9IMLVL0Z652Xk0NqQNbmeUDd2p0y/CT/2UWWDXoCJG
-Voohqkaq4Lcy1bcHJb9su1ELjegEr1R76Mz452Hsy+uTbAECQQDcg/tZWKVeh5CQ
+msKjLUym4TOqYrt/+Gt1Kab7dMu75hn0JWHo8QqSApzK7xzKcPC+fM7//fAGwhow
-dOEB3YWHwfn0NDgfPm/X2i2kAZ7n7URaUy/ffdlfsrr1mBtHCfedLoOxmmlNfEpM
+1N1MArejAgMBAAECggEANuvdTwanTzC8jaNqHaq+OuemS2E9B8nwsGxtH/zFgvNR
-hXAAurSHAkEAwfk7fEb0iN0Sj9gTozO7c6Ky10KwePZyjVzqSQIiJq3NX8BEaIeb
+WZiMPtmrJnTkFWJcV+VPw/iMSAqN4nDHmBugVOb4Z4asxGTKK4T9shXJSnh0rqPU
-51TXxE5VxaLjjMLRkA0hWTYXClgERFZ6AQJAN7ChPqwzf08PRFwwIw911JY5cOHr
+00ZsvbmxY6z0+E5TesCJqQ+9GYTY1V357V7JchvaOxIRxWPqg9urHbru8OCtW/I5
-NoDHMCUql5vNLNdwBruxgGjBB/kUXEfgw60RusFvgt/zLh1wiii844JDawJAGQBF
+Fh5HPUZlgCvlMpjlhyjydIf/oXyVA3RNsXlwe8+2cKuGIrjEzm2j9o3VF0sctTX0
-sYP3urg7zzx7c3qUe5gJ0wLuefjR1PSX4ecbfb7DDMdcSdjIuG1QDiZGmd2f1KG7
+ItP8A9qDmDQN7GIWX0MW6gncojpS1omC2wcFsdjj/xfPyiDal1X4aq/2YqG8351c
-nwSCOtxk5dloW2KGAQJAQh/iBn0QhfKLFAP5eZBVk8E8XlZuw+S2DLy5SnBlIiYJ
+YlM/+6Va0u9WWE/i64gASTAVqpMV4Yg8y0gGycuA0QKBgQDbgI2QeLd3FvMcURiU
-GB5I2OClgtudXMv1labFrcST8O9eFrtsrhU1iUGUOw==
+l3w9qJgw/Jp3jaNC/9LkVGGz4f4lKKB67lPZvI4noMK8GqO/LcXgqP/RY1oJojoA
-----END RSA PRIVATE KEY-----
+/6JKVvzYGASZ7VgMoG9bk1AneP1PGdibuTUEwimGlcObxnDFIC/yjwPFu3jIdqdS
+zZi1RZzyqAogN5y3SBEypSmn9wKBgQDECKsqqlcizmCl8v5aVk875AzGN+DOHZqx
+bkmztlnLO/2e2Fmk3G5Vvnui0FYisf8Eq19tUTQCF6lSfJlGQeFAT119wkFZhLu+
+FfLGqoEMH0ijJg/8PpdpFRK3I94YcISoTNN6yxMvE6xdDGfKCt5a+IX5bwQi9Zdc
+B242gEc6tQKBgA6tM8n7KFlAIZU9HuWgk2AUC8kKutFPmSD7tgAqXDYI4FNfugs+
+MEEYyHCB4UNujJBV4Ss6YZCAkh6eyD4U2aca1eElCfm40vBVMdzvpqZdAqLtWXxg
+D9l3mgszrFaYGCY2Fr6jLV9lP5g3xsxUjudf9jSLY9HvpfzjRrMaNATVAoGBALTl
+/vYfPMucwKlC5B7++J0e4/7iv6vUu9SyHocdZh1anb9AjPDKjXLIlZT4RhQ8R0XK
+0wOw5JpttU2uN08TKkbLNk3/vYhbKVjPLjrQSseh8sjDLgsqw1QwIxYnniLVakVY
+p+rvjSNrNyqicQCMKQavwgocvSd5lJRTMwxOMezlAoGBAKWj71BX+0CK00/2S6lC
+TcNcuUPG0d8y1czZ4q6tUlG4htwq1FMOpaghATXjkdsOGTLS+H1aA0Kt7Ai9zDhc
+/bzOJEJ+jvBXV4Gcs7jl1r/HTKv0tT9ZSI5Vzkida0rfqxDGzcMVlLuCdH0cb8Iu
+N0wdmCAqlQwHR13+F1zrAD7V
+-----END PRIVATE KEY-----
diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t
index d6d31de1..006f1339 100755
--- a/plugins/tests/check_http.t
+++ b/plugins/tests/check_http.t
@@ -4,13 +4,13 @@
 #
 # To create the https server certificate:
 # openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes
-# Country Name (2 letter code) [AU]:UK
+# Country Name (2 letter code) [AU]:DE
-# State or Province Name (full name) [Some-State]:Derbyshire
+# State or Province Name (full name) [Some-State]:Bavaria
-# Locality Name (eg, city) []:Belper
+# Locality Name (eg, city) []:Munich
 # Organization Name (eg, company) [Internet Widgits Pty Ltd]:Monitoring Plugins
 # Organizational Unit Name (eg, section) []:
-# Common Name (eg, YOUR name) []:Ton Voon
+# Common Name (e.g. server FQDN or YOUR name) []:Monitoring Plugins
-# Email Address []:tonvoon@mac.com
+# Email Address []:devel@monitoring-plugins.org
 use strict;
 use Test::More;
@@ -194,16 +194,16 @@ SKIP: {
        $result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
        is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
-        is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar  3 21:41:28 2019 +0000.', "output ok" );
+        is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on Fri Feb 16 15:31:44 2029 +0000.", "output ok" );
        $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
        is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
-        like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar  3 21:41:28 2019 \+0000\)./', "output ok" );
+        like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
        # Expired cert tests
        $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" );
        is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" );
-        like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar  3 21:41:28 2019 \+0000\)./', "output ok" );
+        like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
        $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
        is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
diff --git a/plugins/tests/check_snmp.t b/plugins/tests/check_snmp.t
index 73a68b20..85d6bf55 100755
--- a/plugins/tests/check_snmp.t
+++ b/plugins/tests/check_snmp.t
@@ -7,6 +7,7 @@ use strict;
 use Test::More;
 use NPTest;
 use FindBin qw($Bin);
+use POSIX qw/strftime/;
 my $tests = 67;
 # Check that all dependent modules are available
@@ -37,6 +38,7 @@ if ($@) {
 my $port_snmp = 16100 + int(rand(100));
+my $faketime = -x '/usr/bin/faketime' ? 1 : 0;
 # Start up server
 my @pids;
@@ -118,77 +120,81 @@ like($res->output, '/'.quotemeta('SNMP OK - And now have fun with with this: \"C
 "And now have fun with with this: \"C:\\\\\"
 because we\'re not done yet!"').'/m', "Attempt to confuse parser No.3");
-system("rm -f ".$ENV{'MP_STATE_PATH'}."/check_snmp/*");
+system("rm -f ".$ENV{'MP_STATE_PATH'}."/*/check_snmp/*");
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
-is($res->return_code, 0, "Returns OK");
-is($res->output, "No previous data to calculate rate - assume okay");
-# Need to sleep, otherwise duration=0
+# run rate checks with faketime. rate checks depend on the exact amount of time spend between the
-sleep 1;
+# plugin runs which may fail on busy machines.
+# using faketime removes this race condition and also saves all the sleeps in between.
+SKIP: {
+    skip "No faketime binary found", 28 if !$faketime;
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
+    my $ts = time();
-is($res->return_code, 1, "WARNING - due to going above rate calculation" );
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
-is($res->output, "SNMP RATE WARNING - *666* | iso.3.6.1.4.1.8072.3.2.67.10=666;600 ");
+    is($res->return_code, 0, "Returns OK");
+    is($res->output, "No previous data to calculate rate - assume okay");
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
+    # test rate 1 second later
-is($res->return_code, 3, "UNKNOWN - basically the divide by zero error" );
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
-is($res->output, "Time duration between plugin calls is invalid");
+    is($res->return_code, 1, "WARNING - due to going above rate calculation" );
+    is($res->output, "SNMP RATE WARNING - *666* | iso.3.6.1.4.1.8072.3.2.67.10=666;600 ");
+    # test rate with same time
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
+    is($res->return_code, 3, "UNKNOWN - basically the divide by zero error" );
+    is($res->output, "Time duration between plugin calls is invalid");
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" );
-is($res->return_code, 0, "OK for first call" );
-is($res->output, "No previous data to calculate rate - assume okay" );
-# Need to sleep, otherwise duration=0
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" );
-sleep 1;
+    is($res->return_code, 0, "OK for first call" );
+    is($res->output, "No previous data to calculate rate - assume okay" );
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" );
+    # test rate 1 second later
-is($res->return_code, 0, "OK as no thresholds" );
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" );
-is($res->output, "SNMP RATE OK - inoctets 666 | inoctets=666 ", "Check label");
+    is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP RATE OK - inoctets 666 | inoctets=666 ", "Check label");
-sleep 2;
+    # test rate 3 seconds later
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+3))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" );
+    is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP RATE OK - inoctets 333 | inoctets=333 ", "Check rate decreases due to longer interval");
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" );
-is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP RATE OK - inoctets 333 | inoctets=333 ", "Check rate decreases due to longer interval");
+    # label performance data check
+    $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l test" );
+    is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP OK - test 67996 | test=67996c ", "Check label");
-# label performance data check
+    $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l \"test'test\"" );
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l test" );
+    is($res->return_code, 0, "OK as no thresholds" );
-is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP OK - test'test 68662 | \"test'test\"=68662c ", "Check label");
-is($res->output, "SNMP OK - test 67996 | test=67996c ", "Check label");
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l \"test'test\"" );
+    $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l 'test\"test'" );
-is($res->return_code, 0, "OK as no thresholds" );
+    is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP OK - test'test 68662 | \"test'test\"=68662c ", "Check label");
+    is($res->output, "SNMP OK - test\"test 69328 | 'test\"test'=69328c ", "Check label");
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l 'test\"test'" );
+    $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l test -O" );
-is($res->return_code, 0, "OK as no thresholds" );
+    is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP OK - test\"test 69328 | 'test\"test'=69328c ", "Check label");
+    is($res->output, "SNMP OK - test 69994 | iso.3.6.1.4.1.8072.3.2.67.10=69994c ", "Check label");
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l test -O" );
+    $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10" );
-is($res->return_code, 0, "OK as no thresholds" );
+    is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP OK - test 69994 | iso.3.6.1.4.1.8072.3.2.67.10=69994c ", "Check label");
+    is($res->output, "SNMP OK - 70660 | iso.3.6.1.4.1.8072.3.2.67.10=70660c ", "Check label");
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10" );
+    $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l 'test test'" );
-is($res->return_code, 0, "OK as no thresholds" );
+    is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP OK - 70660 | iso.3.6.1.4.1.8072.3.2.67.10=70660c ", "Check label");
+    is($res->output, "SNMP OK - test test 71326 | 'test test'=71326c ", "Check label");
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l 'test test'" );
-is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP OK - test test 71326 | 'test test'=71326c ", "Check label");
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets_per_minute --rate-multiplier=60" );
+    is($res->return_code, 0, "OK for first call" );
+    is($res->output, "No previous data to calculate rate - assume okay" );
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets_per_minute --rate-multiplier=60" );
+    # test 1 second later
-is($res->return_code, 0, "OK for first call" );
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets_per_minute --rate-multiplier=60" );
-is($res->output, "No previous data to calculate rate - assume okay" );
+    is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP RATE OK - inoctets_per_minute 39960 | inoctets_per_minute=39960 ", "Checking multiplier");
-# Need to sleep, otherwise duration=0
+};
-sleep 1;
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets_per_minute --rate-multiplier=60" );
-is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP RATE OK - inoctets_per_minute 39960 | inoctets_per_minute=39960 ", "Checking multiplier");
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.11 -s '\"stringtests\"'" );
diff --git a/plugins/utils.c b/plugins/utils.c
index 231af92b..ee620133 100644
--- a/plugins/utils.c
+++ b/plugins/utils.c
@@ -36,9 +36,6 @@ extern const char *progname;
 #define STRLEN 64
 #define TXTBLK 128
-unsigned int timeout_state = STATE_CRITICAL;
-unsigned int timeout_interval = DEFAULT_SOCKET_TIMEOUT;
 time_t start_time, end_time;
 /* **************************************************************************
@@ -148,33 +145,6 @@ print_revision (const char *command_name, const char *revision)
                 command_name, revision, PACKAGE, VERSION);
 }
-const char *
-state_text (int result)
-{
-        switch (result) {
-        case STATE_OK:
-                return "OK";
-        case STATE_WARNING:
-                return "WARNING";
-        case STATE_CRITICAL:
-                return "CRITICAL";
-        case STATE_DEPENDENT:
-                return "DEPENDENT";
-        default:
-                return "UNKNOWN";
-        }
-}
-void
-timeout_alarm_handler (int signo)
-{
-        if (signo == SIGALRM) {
-                printf (_("%s - Plugin timed out after %d seconds\n"),
-                                                state_text(timeout_state), timeout_interval);
-                exit (timeout_state);
-        }
-}
 int
 is_numeric (char *number)
 {
@@ -708,4 +678,3 @@ char *sperfdata_int (const char *label,
        return data;
 }
diff --git a/plugins/utils.h b/plugins/utils.h
index a436e1ca..6aa316fe 100644
--- a/plugins/utils.h
+++ b/plugins/utils.h
@@ -29,13 +29,6 @@ suite of plugins. */
 void support (void);
 void print_revision (const char *, const char *);
-/* Handle timeouts */
-extern unsigned int timeout_state;
-extern unsigned int timeout_interval;
-RETSIGTYPE timeout_alarm_handler (int);
 extern time_t start_time, end_time;
 /* Test input types */
@@ -89,8 +82,6 @@ void usage4(const char *) __attribute__((noreturn));
 void usage5(void) __attribute__((noreturn));
 void usage_va(const char *fmt, ...) __attribute__((noreturn));
-const char *state_text (int);
 #define max(a,b) (((a)>(b))?(a):(b))
 #define min(a,b) (((a)<(b))?(a):(b))